berbew | 391ea76992d59b0b366f6cb36a46aef9132cde2c201d37385a82dcbac68b4bac

Resubmissions

05-10-2024 03:26

241005-dze4lssfnp 7

04-10-2024 14:06

241004-rejg7ascqf 10

Analysis

max time kernel
113s
max time network
119s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-10-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x.exe
Size

11.6MB
MD5

b70e25d81a43083343ef6b7c0ef8f8f1
SHA1

fa752c62bbb7dd3b8074b6d479a03299f903768f
SHA256

391ea76992d59b0b366f6cb36a46aef9132cde2c201d37385a82dcbac68b4bac
SHA512

c7d6c03ad4ce4843336128ab034840e5a13c7dc0cfd8d8612af2118c89c3571471ed7834d8cd708f709253fbdb0c9c9a0f0659c4aa53ec1249ea91a1556d7c36
SSDEEP

196608:Vwnv86gV1rbQQOOl2szsHFUK2r7UyTAdQmR8dA6li8Qnf2ODjMnGydScSEPVrBO8:0WV9hZ2YsHFUK2JAdQJlqF3MnG3tOVr5

Malware Config

Extracted

Family

berbew

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Extracted

Family

urelas

218.54.31.226

218.54.31.165

218.54.31.166

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

Berbew
Berbew is a backdoor written in C++.
backdoor berbew
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Cobalt Strike reflective loader 3 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\jTVRyRJ.exe	cobalt_reflective_dll
C:\Users\Admin\Downloads\241004-qxtv7sxalk2024-10-04_b3fca47c6f9e364492a357cb60a70c2f_cobalt-strike_cobaltstrike_poet-rat.exe	cobalt_reflective_dll
C:\Users\Admin\Downloads\241004-qxe22s1dke2024-10-04_b250c15da31e4f81d625890d5baa5802_cobalt-strike_cobaltstrike_poet-rat_snatch.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Detect Blackmoon payload 18 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3020-328-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/4404-356-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/4244-341-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/984-262-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/108-277-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/2752-247-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/2952-417-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5740-759-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5704-756-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/908-698-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/1980-648-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5324-647-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/2840-583-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/464-570-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/4512-457-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/880-447-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/3608-413-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/1156-407-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon

Detect Neshta payload 1 IoCs

Processes:

resource yara_rule

C:\1bhbbh.exe family_neshta

resource	yara_rule
C:\1bhbbh.exe	family_neshta

Detects MyDoom family 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2620-514-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom

Detects Renamer worm. 2 IoCs

Renamer aka Grename is worm written in Delphi.

Processes:

resource	yara_rule
behavioral1/memory/5200-671-0x0000000000400000-0x00000000004DB000-memory.dmp	family_renamer
C:\Users\Admin\AppData\Roaming\Paint.exe	family_renamer

Gh0st RAT payload 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\dll.tmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz
MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta

Process spawned unexpected child process 3 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

description	pid	pid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	19996	15508
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	14936	15508
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	6712	15508

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Renamer, Grenam
Renamer aka Grenam is a worm written in Delphi.
worm renamer
Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot
Urelas
Urelas is a trojan targeting card games.
trojan urelas
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\241004-qxtv7sxalk2024-10-04_b3fca47c6f9e364492a357cb60a70c2f_cobalt-strike_cobaltstrike_poet-rat.exe	xmrig

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

Processes:

resource	yara_rule
C:\Windows\zhlcnenb\patnaln.exe	mimikatz

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

11060
7520
3396
15632 powershell.exe
14464
Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file
Modifies Windows Firewall 2 TTPs 1 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exe

pid process

13640 netsh.exe
Sets file to hidden 1 TTPs 1 IoCs
Modifies file attributes to stop it showing in Explorer etc.
evasion

Hidden Files and Directories
T1564.001

Processes:

pid process

1092
Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

pid	process
11060
7520
3396
15632	powershell.exe
14464

pid	process
13640	netsh.exe

pid	process
1092

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Recycled\CTFMON.EXE	aspack_v212_v242

Loads dropped DLL 38 IoCs

Processes:

x.exex.exe

pid	process
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
464	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe
3736	x.exe

Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

357 ip-api.com
323 ipinfo.io
325 api64.ipify.org
330 api64.ipify.org
334 ipinfo.io
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Power Settings 1 TTPs 4 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
persistence

Power Settings
T1653

Processes:

pid process

13584
16996
12860
6100

flow	ioc
357	ip-api.com
323	ipinfo.io
325	api64.ipify.org
330	api64.ipify.org
334	ipinfo.io

pid	process
13584
16996
12860
6100

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/memory/5632-886-0x0000000000400000-0x00000000004C2000-memory.dmp	autoit_exe
C:\Users\Admin\AppData\Local\Temp\1000332001\ddd2ea763e.exe	autoit_exe

Enumerates processes with tasklist 1 TTPs 2 IoCs
discovery

Process Discovery
T1057

Processes:

tasklist.exe

pid process

7148 tasklist.exe
8868

pid	process
7148	tasklist.exe
8868

UPX packed file 44 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3020-328-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/4404-356-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/4244-341-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/984-262-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/108-277-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2752-247-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2952-417-0x0000000000400000-0x0000000000429000-memory.dmp	upx
C:\Windows\svhost.exe	upx
C:\Windows\System\jTVRyRJ.exe	upx
C:\rffxrrl.exe	upx
C:\Users\Admin\Downloads\241004-q7eh9sxepl139e3b290647da54c526aebb23dbee2a_JaffaCakes118.exe_	upx
C:\Windows\System\sservice.exe	upx
C:\Users\Admin\Downloads\241004-q2xsnaxcnj1397a0ebd0e382dbbe670a0bb058898b_JaffaCakes118.exe	upx
behavioral1/memory/5968-1056-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral1/memory/5632-886-0x0000000000400000-0x00000000004C2000-memory.dmp	upx
behavioral1/memory/5740-759-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5704-756-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5968-796-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/5968-741-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/5968-740-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/5968-739-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/5968-738-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/3372-541-0x0000000002280000-0x000000000330E000-memory.dmp	upx
behavioral1/memory/908-698-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1980-648-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5324-647-0x0000000000400000-0x0000000000429000-memory.dmp	upx
C:\Windows\BJ.exe	upx
behavioral1/memory/2840-583-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/464-570-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3116-568-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2620-514-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/3116-513-0x0000000000400000-0x0000000000433000-memory.dmp	upx
behavioral1/memory/3116-503-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3116-538-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3116-501-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3116-500-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1056-467-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/memory/3328-466-0x0000000000400000-0x00000000004C2000-memory.dmp	upx
behavioral1/memory/3116-502-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/4512-457-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/880-447-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3608-413-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1156-407-0x0000000000400000-0x0000000000429000-memory.dmp	upx
C:\Users\Admin\Downloads\241004-qxtv7sxalk2024-10-04_b3fca47c6f9e364492a357cb60a70c2f_cobalt-strike_cobaltstrike_poet-rat.exe	upx

Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

pid process

19052
22904

pid	process
19052
22904

Program crash 33 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process
8464	3116	WerFault.exe
7772	9700	WerFault.exe	241004-q1wh7sxbrm1395f8b044ea3fe54765cdf4bf5d242a_JaffaCakes118.exe
13992	1980	WerFault.exe	241004-q3jbnaxcqka43486128347.exe
9416	8332	WerFault.exe
4596	11236	WerFault.exe	241004-q16zya1eqf139673355f819820b50a34fbe754f29d_JaffaCakes118.exe
10212	3916	WerFault.exe
9548	2136	WerFault.exe
8048	5968	WerFault.exe
15704	15312	WerFault.exe	241004-qz8r5sxbmr7f3c2473d1e6.exe
14728	14512	WerFault.exe	Pififb32.exe
15760	11160	WerFault.exe	241004-radq5ssaqffile.exe
8064	13604	WerFault.exe	Pmmlla32.exe
18072	8148	WerFault.exe	241004-qzakcaxbjl139449da8a5127d61a197e777ff719c9_JaffaCakes118.exe
11996	18872		241004-qxefhsxajjf2e7fcb20146.exe
14076	15336		241004-q2mmpa1fje13974a0f994a3a40a83d015a6c8b12da_JaffaCakes118.exe
15852	8720		241004-qxcxpa1dkaa43486128347.exe
12796	8548
15420	908		241004-qxbdvs1djg956d73b7f041.exe
8020	3336
15952	20348
10824	13696
20888	17660
20952	21228
12204	17268
16248	1004
21132	21448
8300	16608
22012	6256		SPOOLSV.EXE
21236	5612		SVCHOST.EXE
20500	4052
23900	17468
23884	12428		241004-q8lc7s1hrc13a032b0aecb51206c33f7dc2c53229b_JaffaCakes118.exe
23732	16332		3nttbn.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
discovery

Internet Connection Discovery
T1016.001

Processes:

pid process

7320
17948

pid	process
7320
17948

NSIS installer 1 IoCs

installer

Processes:

resource	yara_rule
C:\Windows\zhlcnenb\patnaln.exe	nsis_installer_2

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

15644 taskkill.exe
Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

REG.exe

pid process

16224 REG.exe
Runs net.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

pid process

7320
Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

pid process

19996
14936
6712

pid	process
15644	taskkill.exe

pid	process
16224	REG.exe

pid	process
7320

pid	process
19996
14936
6712

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

x.exex.exex.exe

description	pid	process	target process
PID 904 wrote to memory of 464	904	x.exe	x.exe
PID 904 wrote to memory of 464	904	x.exe	x.exe
PID 3868 wrote to memory of 3736	3868	x.exe	x.exe
PID 3868 wrote to memory of 3736	3868	x.exe	x.exe
PID 3736 wrote to memory of 1452	3736	x.exe	cmd.exe
PID 3736 wrote to memory of 1452	3736	x.exe	cmd.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

pid process

1092

pid	process
1092

C:\Users\Admin\AppData\Local\Temp\x.exe
"C:\Users\Admin\AppData\Local\Temp\x.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Users\Admin\AppData\Local\Temp\x.exe
  "C:\Users\Admin\AppData\Local\Temp\x.exe"
  2⤵
  - Loads dropped DLL
  PID:464

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\x.exe
"C:\Users\Admin\AppData\Local\Temp\x.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Users\Admin\AppData\Local\Temp\x.exe
  "C:\Users\Admin\AppData\Local\Temp\x.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1452
- - C:\Users\Admin\Downloads\241004-rcplesxgrmb652b464bc5ace41968050217d961e0cf3e779c7f3454a93f2ca489dc609d534N.exe
    C:\Users\Admin\Downloads\241004-rcplesxgrmb652b464bc5ace41968050217d961e0cf3e779c7f3454a93f2ca489dc609d534N.exe
    3⤵
    PID:5068
  - - C:\Windows\SysWOW64\Njmhhefi.exe
      C:\Windows\system32\Njmhhefi.exe
      4⤵
      PID:2016
    - - C:\Windows\SysWOW64\Neclenfo.exe
        
        C:\Windows\system32\Neclenfo.exe
        5⤵
        
        PID:3028
      - C:\Windows\SysWOW64\Oloahhki.exe
        
        C:\Windows\system32\Oloahhki.exe
        6⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\Ohfami32.exe
        
        C:\Windows\system32\Ohfami32.exe
        7⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\Oldjcg32.exe
        
        C:\Windows\system32\Oldjcg32.exe
        8⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Oodcdb32.exe
        
        C:\Windows\system32\Oodcdb32.exe
        9⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\Peahgl32.exe
        
        C:\Windows\system32\Peahgl32.exe
        10⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\Pahilmoc.exe
        
        C:\Windows\system32\Pahilmoc.exe
        11⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\Pkpmdbfd.exe
        
        C:\Windows\system32\Pkpmdbfd.exe
        12⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\Anmfbl32.exe
        
        C:\Windows\system32\Anmfbl32.exe
        13⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\Bkaobnio.exe
        
        C:\Windows\system32\Bkaobnio.exe
        14⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\Cdpjlb32.exe
        
        C:\Windows\system32\Cdpjlb32.exe
        15⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\Dhclmp32.exe
        
        C:\Windows\system32\Dhclmp32.exe
        16⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\Dmennnni.exe
        
        C:\Windows\system32\Dmennnni.exe
        17⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\Gblbca32.exe
        
        C:\Windows\system32\Gblbca32.exe
        18⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\Hfaajnfb.exe
        
        C:\Windows\system32\Hfaajnfb.exe
        19⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\Iidphgcn.exe
        
        C:\Windows\system32\Iidphgcn.exe
        20⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\Kpjgaoqm.exe
        
        C:\Windows\system32\Kpjgaoqm.exe
        21⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\Ngjkfd32.exe
        
        C:\Windows\system32\Ngjkfd32.exe
        22⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\Ocaebc32.exe
        
        C:\Windows\system32\Ocaebc32.exe
        23⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\Qdaniq32.exe
        
        C:\Windows\system32\Qdaniq32.exe
        24⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\Aajhndkb.exe
        
        C:\Windows\system32\Aajhndkb.exe
        25⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\Aopemh32.exe
        
        C:\Windows\system32\Aopemh32.exe
        26⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\Bkphhgfc.exe
        
        C:\Windows\system32\Bkphhgfc.exe
        27⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\Cponen32.exe
        
        C:\Windows\system32\Cponen32.exe
        28⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\Dpkmal32.exe
        
        C:\Windows\system32\Dpkmal32.exe
        29⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\Edplhjhi.exe
        
        C:\Windows\system32\Edplhjhi.exe
        30⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\Eqncnj32.exe
        
        C:\Windows\system32\Eqncnj32.exe
        31⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\Ibqnkh32.exe
        
        C:\Windows\system32\Ibqnkh32.exe
        32⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\Jhgiim32.exe
        
        C:\Windows\system32\Jhgiim32.exe
        33⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\Jhnojl32.exe
        
        C:\Windows\system32\Jhnojl32.exe
        34⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\Kofdhd32.exe
        
        C:\Windows\system32\Kofdhd32.exe
        35⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\Llcghg32.exe
        
        C:\Windows\system32\Llcghg32.exe
        36⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\Oqklkbbi.exe
        
        C:\Windows\system32\Oqklkbbi.exe
        37⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\Ppikbm32.exe
        
        C:\Windows\system32\Ppikbm32.exe
        38⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\Adepji32.exe
        
        C:\Windows\system32\Adepji32.exe
        39⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\Caqpkjcl.exe
        
        C:\Windows\system32\Caqpkjcl.exe
        40⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\Fnalmh32.exe
        
        C:\Windows\system32\Fnalmh32.exe
        41⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\Hjdedepg.exe
        
        C:\Windows\system32\Hjdedepg.exe
        42⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\Inkaqb32.exe
        
        C:\Windows\system32\Inkaqb32.exe
        43⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\Kehojiej.exe
        
        C:\Windows\system32\Kehojiej.exe
        44⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\Logicn32.exe
        
        C:\Windows\system32\Logicn32.exe
        45⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\Madbagif.exe
        
        C:\Windows\system32\Madbagif.exe
        46⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\Namegfql.exe
        
        C:\Windows\system32\Namegfql.exe
        47⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\Pfeijqqe.exe
        
        C:\Windows\system32\Pfeijqqe.exe
        48⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\Bcbeqaia.exe
        
        C:\Windows\system32\Bcbeqaia.exe
        49⤵
        
        PID:17392
        
        C:\Windows\SysWOW64\Egdqph32.exe
        
        C:\Windows\system32\Egdqph32.exe
        50⤵
        
        PID:17080
        
        C:\Windows\SysWOW64\Fgkfqgce.exe
        
        C:\Windows\system32\Fgkfqgce.exe
        51⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\Ggbmafnm.exe
        
        C:\Windows\system32\Ggbmafnm.exe
        52⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\Kebodc32.exe
        
        C:\Windows\system32\Kebodc32.exe
        53⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\Kdmeqo32.exe
        
        C:\Windows\system32\Kdmeqo32.exe
        54⤵
        
        PID:18088
        
        C:\Windows\SysWOW64\Nkpijfgf.exe
        
        C:\Windows\system32\Nkpijfgf.exe
        55⤵
        
        PID:3376
- - C:\Users\Admin\Downloads\241004-rah1vsxgjl51cba35110ad225bf442fceee80b429f162bb98ea83b57c23ce8983efbbba6f5N.exe
    C:\Users\Admin\Downloads\241004-rah1vsxgjl51cba35110ad225bf442fceee80b429f162bb98ea83b57c23ce8983efbbba6f5N.exe
    3⤵
    PID:2752
  - - \??\c:\7dpjj.exe
      c:\7dpjj.exe
      4⤵
      PID:984
    - - \??\c:\lxfxrrf.exe
        
        c:\lxfxrrf.exe
        5⤵
        
        PID:108
      - \??\c:\llrlrlf.exe
        
        c:\llrlrlf.exe
        6⤵
        
        PID:3020
        
        \??\c:\nhhbbb.exe
        
        c:\nhhbbb.exe
        7⤵
        
        PID:4244
        
        \??\c:\btnnhh.exe
        
        c:\btnnhh.exe
        8⤵
        
        PID:4404
        
        \??\c:\bntbtt.exe
        
        c:\bntbtt.exe
        9⤵
        
        PID:1156
        
        \??\c:\rffffrl.exe
        
        c:\rffffrl.exe
        10⤵
        
        PID:4512
        
        \??\c:\tbhnnn.exe
        
        c:\tbhnnn.exe
        11⤵
        
        PID:880
        
        \??\c:\xxxrrrr.exe
        
        c:\xxxrrrr.exe
        12⤵
        
        PID:2840
        
        \??\c:\rlfxxrr.exe
        
        c:\rlfxxrr.exe
        13⤵
        
        PID:4564
        
        \??\c:\tbhhbt.exe
        
        c:\tbhhbt.exe
        14⤵
        
        PID:2828
        
        \??\c:\1ppjv.exe
        
        c:\1ppjv.exe
        15⤵
        
        PID:1036
        
        \??\c:\ddvpj.exe
        
        c:\ddvpj.exe
        16⤵
        
        PID:6872
        
        \??\c:\tbttnh.exe
        
        c:\tbttnh.exe
        17⤵
        
        PID:7452
        
        \??\c:\thhhhh.exe
        
        c:\thhhhh.exe
        18⤵
        
        PID:1036
        
        \??\c:\7rxrffx.exe
        
        c:\7rxrffx.exe
        19⤵
        
        PID:8584
        
        \??\c:\xfrrlll.exe
        
        c:\xfrrlll.exe
        20⤵
        
        PID:5260
        
        \??\c:\vvvvv.exe
        
        c:\vvvvv.exe
        21⤵
        
        PID:6724
        
        \??\c:\pddvp.exe
        
        c:\pddvp.exe
        22⤵
        
        PID:9564
        
        \??\c:\rrxrrff.exe
        
        c:\rrxrrff.exe
        23⤵
        
        PID:10100
        
        \??\c:\rxxrllf.exe
        
        c:\rxxrllf.exe
        24⤵
        
        PID:9680
        
        \??\c:\thnhbh.exe
        
        c:\thnhbh.exe
        25⤵
        
        PID:9472
        
        \??\c:\pjpjd.exe
        
        c:\pjpjd.exe
        26⤵
        
        PID:8640
        
        \??\c:\llfrlfx.exe
        
        c:\llfrlfx.exe
        27⤵
        
        PID:6484
        
        \??\c:\nbnhhh.exe
        
        c:\nbnhhh.exe
        28⤵
        
        PID:9408
        
        \??\c:\pppdv.exe
        
        c:\pppdv.exe
        29⤵
        
        PID:10936
        
        \??\c:\httttt.exe
        
        c:\httttt.exe
        30⤵
        
        PID:10396
        
        \??\c:\9rlflfx.exe
        
        c:\9rlflfx.exe
        31⤵
        
        PID:9272
        
        \??\c:\rflrrrr.exe
        
        c:\rflrrrr.exe
        32⤵
        
        PID:11416
        
        \??\c:\7hbbbb.exe
        
        c:\7hbbbb.exe
        33⤵
        
        PID:12272
        
        \??\c:\frlfxff.exe
        
        c:\frlfxff.exe
        34⤵
        
        PID:12020
        
        \??\c:\9tthbh.exe
        
        c:\9tthbh.exe
        35⤵
        
        PID:1336
        
        \??\c:\tnnhbb.exe
        
        c:\tnnhbb.exe
        36⤵
        
        PID:13756
        
        \??\c:\3jjvj.exe
        
        c:\3jjvj.exe
        37⤵
        
        PID:6768
        
        \??\c:\9bbhhh.exe
        
        c:\9bbhhh.exe
        38⤵
        
        PID:13400
        
        \??\c:\htnhnn.exe
        
        c:\htnhnn.exe
        39⤵
        
        PID:14448
        
        \??\c:\ffxlffx.exe
        
        c:\ffxlffx.exe
        40⤵
        
        PID:13800
        
        \??\c:\vjjdd.exe
        
        c:\vjjdd.exe
        41⤵
        
        PID:15564
        
        \??\c:\9btnhb.exe
        
        c:\9btnhb.exe
        42⤵
        
        PID:10712
        
        \??\c:\7thhbh.exe
        
        c:\7thhbh.exe
        43⤵
        
        PID:16252
        
        \??\c:\1flfffr.exe
        
        c:\1flfffr.exe
        44⤵
        
        PID:15976
        
        \??\c:\dpppp.exe
        
        c:\dpppp.exe
        45⤵
        
        PID:15812
        
        \??\c:\fllxlxf.exe
        
        c:\fllxlxf.exe
        46⤵
        
        PID:13712
        
        \??\c:\pjddj.exe
        
        c:\pjddj.exe
        47⤵
        
        PID:15772
        
        \??\c:\dvjdd.exe
        
        c:\dvjdd.exe
        48⤵
        
        PID:16140
        
        \??\c:\3pvpp.exe
        
        c:\3pvpp.exe
        49⤵
        
        PID:17356
        
        \??\c:\xrxrlll.exe
        
        c:\xrxrlll.exe
        50⤵
        
        PID:17052
        
        \??\c:\llllfff.exe
        
        c:\llllfff.exe
        51⤵
        
        PID:9016
        
        \??\c:\9ppjd.exe
        
        c:\9ppjd.exe
        52⤵
        
        PID:19208
        
        \??\c:\fxrrlfx.exe
        
        c:\fxrrlfx.exe
        53⤵
        
        PID:17456
        
        \??\c:\ttttnn.exe
        
        c:\ttttnn.exe
        54⤵
        
        PID:6916
        
        \??\c:\lrrxrxl.exe
        
        c:\lrrxrxl.exe
        55⤵
        
        PID:10628
        
        \??\c:\rrxfflf.exe
        
        c:\rrxfflf.exe
        56⤵
        
        PID:14084
- - C:\Users\Admin\Downloads\241004-raf69ssarb3ba2a1a4b32d9fa79d8edb6883232cdc236b38e5875dc60f5b75611415ce3eefN.exe
    C:\Users\Admin\Downloads\241004-raf69ssarb3ba2a1a4b32d9fa79d8edb6883232cdc236b38e5875dc60f5b75611415ce3eefN.exe
    3⤵
    PID:3196
  - - C:\Windows\SysWOW64\Odhifjkg.exe
      C:\Windows\system32\Odhifjkg.exe
      4⤵
      PID:2072
    - - C:\Windows\SysWOW64\Oeheqm32.exe
        
        C:\Windows\system32\Oeheqm32.exe
        5⤵
        
        PID:2380
      - C:\Windows\SysWOW64\Oanfen32.exe
        
        C:\Windows\system32\Oanfen32.exe
        6⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\Oobfob32.exe
        
        C:\Windows\system32\Oobfob32.exe
        7⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\Olfghg32.exe
        
        C:\Windows\system32\Olfghg32.exe
        8⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\Omgcpokp.exe
        
        C:\Windows\system32\Omgcpokp.exe
        9⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\Plkpcfal.exe
        
        C:\Windows\system32\Plkpcfal.exe
        10⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Pmoiqneg.exe
        
        C:\Windows\system32\Pmoiqneg.exe
        11⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\Aoalgn32.exe
        
        C:\Windows\system32\Aoalgn32.exe
        12⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\Bnkbcj32.exe
        
        C:\Windows\system32\Bnkbcj32.exe
        13⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\Coadnlnb.exe
        
        C:\Windows\system32\Coadnlnb.exe
        14⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\Dkfadkgf.exe
        
        C:\Windows\system32\Dkfadkgf.exe
        15⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\Enkdaepb.exe
        
        C:\Windows\system32\Enkdaepb.exe
        16⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\Efjbcakl.exe
        
        C:\Windows\system32\Efjbcakl.exe
        17⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\Flkdfh32.exe
        
        C:\Windows\system32\Flkdfh32.exe
        18⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\Gmojkj32.exe
        
        C:\Windows\system32\Gmojkj32.exe
        19⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\Gpgind32.exe
        
        C:\Windows\system32\Gpgind32.exe
        20⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\Hlbcnd32.exe
        
        C:\Windows\system32\Hlbcnd32.exe
        21⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\Hpchib32.exe
        
        C:\Windows\system32\Hpchib32.exe
        22⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\Igfclkdj.exe
        
        C:\Windows\system32\Igfclkdj.exe
        23⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\Jjpode32.exe
        
        C:\Windows\system32\Jjpode32.exe
        24⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\Lqkqhm32.exe
        
        C:\Windows\system32\Lqkqhm32.exe
        25⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\Njhgbp32.exe
        
        C:\Windows\system32\Njhgbp32.exe
        26⤵
        
        PID:9464
- - C:\Users\Admin\Downloads\241004-rc1npaxhjq13a5f4fda0c1321e70e5da942de698ed_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-rc1npaxhjq13a5f4fda0c1321e70e5da942de698ed_JaffaCakes118.exe
    3⤵
    PID:4372
  - - C:\recycled\SVCHOST.EXE
      C:\recycled\SVCHOST.EXE :agent
      4⤵
      PID:336
    - - C:\recycled\SVCHOST.EXE
        
        C:\recycled\SVCHOST.EXE :agent
        5⤵
        
        PID:924
    - - F:\recycled\SVCHOST.EXE
        
        F:\recycled\SVCHOST.EXE :agent
        5⤵
        
        PID:5612
    - - C:\recycled\SPOOLSV.EXE
        
        C:\recycled\SPOOLSV.EXE :agent
        5⤵
        
        PID:6256
  - - F:\recycled\SVCHOST.EXE
      F:\recycled\SVCHOST.EXE :agent
      4⤵
      PID:8256
  - - C:\recycled\SPOOLSV.EXE
      C:\recycled\SPOOLSV.EXE :agent
      4⤵
      PID:9192
- - C:\Users\Admin\Downloads\241004-ratglaxgkl7a35b8b98011f6becaa6f9ce4cc3199df912984840b5a7293b51cbb172a7a9ccN.exe
    C:\Users\Admin\Downloads\241004-ratglaxgkl7a35b8b98011f6becaa6f9ce4cc3199df912984840b5a7293b51cbb172a7a9ccN.exe
    3⤵
    PID:3608
  - - \??\c:\nbthbt.exe
      c:\nbthbt.exe
      4⤵
      PID:2952
    - - \??\c:\fxfxrrl.exe
        
        c:\fxfxrrl.exe
        5⤵
        
        PID:464
      - \??\c:\pdpvv.exe
        
        c:\pdpvv.exe
        6⤵
        
        PID:1980
        
        \??\c:\5tttnh.exe
        
        c:\5tttnh.exe
        7⤵
        
        PID:5324
        
        \??\c:\7flxrxr.exe
        
        c:\7flxrxr.exe
        8⤵
        
        PID:5740
        
        \??\c:\9tnhbn.exe
        
        c:\9tnhbn.exe
        9⤵
        
        PID:6060
        
        \??\c:\tthbtt.exe
        
        c:\tthbtt.exe
        10⤵
        
        PID:6392
        
        \??\c:\jjjdd.exe
        
        c:\jjjdd.exe
        11⤵
        
        PID:3776
        
        \??\c:\dppjd.exe
        
        c:\dppjd.exe
        12⤵
        
        PID:8288
        
        \??\c:\xlllxfx.exe
        
        c:\xlllxfx.exe
        13⤵
        
        PID:7756
        
        \??\c:\jpvjd.exe
        
        c:\jpvjd.exe
        14⤵
        
        PID:9604
        
        \??\c:\rxrlxxl.exe
        
        c:\rxrlxxl.exe
        15⤵
        
        PID:4332
- - C:\Users\Admin\Downloads\241004-rcf92ssbqe13a4d8c3527a76685a9e5e109329d31d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-rcf92ssbqe13a4d8c3527a76685a9e5e109329d31d_JaffaCakes118.exe
    3⤵
    PID:4664
- - C:\Users\Admin\Downloads\241004-ractvaxfrq13a2ae26a6499e17162472c373ada71a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-ractvaxfrq13a2ae26a6499e17162472c373ada71a_JaffaCakes118.exe
    3⤵
    PID:3556
- - C:\Users\Admin\Downloads\241004-rbvfaaxgnma77aeaa6187f1c0f4bcb4e657dee6cad084d3c037d87ed6f1568dd93111424ecN.exe
    C:\Users\Admin\Downloads\241004-rbvfaaxgnma77aeaa6187f1c0f4bcb4e657dee6cad084d3c037d87ed6f1568dd93111424ecN.exe
    3⤵
    PID:3372
- - C:\Users\Admin\Downloads\241004-q78r4sxerr082a2e9838bb78443e265636ab73de72dbdd2aa4c45b90e90e771cceebcbd137N.exe
    C:\Users\Admin\Downloads\241004-q78r4sxerr082a2e9838bb78443e265636ab73de72dbdd2aa4c45b90e90e771cceebcbd137N.exe
    3⤵
    PID:1664
  - - C:\Windows\SysWOW64\Alpbecod.exe
      C:\Windows\system32\Alpbecod.exe
      4⤵
      PID:5144
    - - C:\Windows\SysWOW64\Bdbnjdfg.exe
        
        C:\Windows\system32\Bdbnjdfg.exe
        5⤵
        
        PID:5508
      - C:\Windows\SysWOW64\Cnahdi32.exe
        
        C:\Windows\system32\Cnahdi32.exe
        6⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\Cbfgkffn.exe
        
        C:\Windows\system32\Cbfgkffn.exe
        7⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\Efpomccg.exe
        
        C:\Windows\system32\Efpomccg.exe
        8⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\Fihnomjp.exe
        
        C:\Windows\system32\Fihnomjp.exe
        9⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\Fpgpgfmh.exe
        
        C:\Windows\system32\Fpgpgfmh.exe
        10⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\Gpnfge32.exe
        
        C:\Windows\system32\Gpnfge32.exe
        11⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\Gbeejp32.exe
        
        C:\Windows\system32\Gbeejp32.exe
        12⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\Hpnoncim.exe
        
        C:\Windows\system32\Hpnoncim.exe
        13⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\Ieidhh32.exe
        
        C:\Windows\system32\Ieidhh32.exe
        14⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\Jnlkedai.exe
        
        C:\Windows\system32\Jnlkedai.exe
        15⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\Lcimdh32.exe
        
        C:\Windows\system32\Lcimdh32.exe
        16⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\Nfjola32.exe
        
        C:\Windows\system32\Nfjola32.exe
        17⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\Ogcnmc32.exe
        
        C:\Windows\system32\Ogcnmc32.exe
        18⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\Pmpolgoi.exe
        
        C:\Windows\system32\Pmpolgoi.exe
        19⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\Aokkahlo.exe
        
        C:\Windows\system32\Aokkahlo.exe
        20⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\Bpfkpp32.exe
        
        C:\Windows\system32\Bpfkpp32.exe
        21⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\Cammjakm.exe
        
        C:\Windows\system32\Cammjakm.exe
        22⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\Ckgohf32.exe
        
        C:\Windows\system32\Ckgohf32.exe
        23⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\Dgeenfog.exe
        
        C:\Windows\system32\Dgeenfog.exe
        24⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\Enfckp32.exe
        
        C:\Windows\system32\Enfckp32.exe
        25⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\Inebjihf.exe
        
        C:\Windows\system32\Inebjihf.exe
        26⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\Iamamcop.exe
        
        C:\Windows\system32\Iamamcop.exe
        27⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\Klggli32.exe
        
        C:\Windows\system32\Klggli32.exe
        28⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\Nblolm32.exe
        
        C:\Windows\system32\Nblolm32.exe
        29⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\Nbbeml32.exe
        
        C:\Windows\system32\Nbbeml32.exe
        30⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\Oiccje32.exe
        
        C:\Windows\system32\Oiccje32.exe
        31⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\Pjlcjf32.exe
        
        C:\Windows\system32\Pjlcjf32.exe
        32⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\Pmphaaln.exe
        
        C:\Windows\system32\Pmphaaln.exe
        33⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\Afappe32.exe
        
        C:\Windows\system32\Afappe32.exe
        34⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\Bfolacnc.exe
        
        C:\Windows\system32\Bfolacnc.exe
        35⤵
        
        PID:13500
- - C:\Users\Admin\Downloads\241004-q5clwsxdnm139b5d1f423096dce277e5d21d7545b9_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q5clwsxdnm139b5d1f423096dce277e5d21d7545b9_JaffaCakes118.exe
    3⤵
    PID:1272
- - C:\Users\Admin\Downloads\241004-q5v38sxdrk139c1349d860cc6d9d30309ddf818b38_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q5v38sxdrk139c1349d860cc6d9d30309ddf818b38_JaffaCakes118.exe
    3⤵
    PID:3328
  - - C:\Windows\svhost.exe
      C:\Windows\svhost.exe
      4⤵
      PID:5632
- - C:\Users\Admin\Downloads\241004-q5plfsxdpr139bb66ce35ea352009f2c4ac4873420_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q5plfsxdpr139bb66ce35ea352009f2c4ac4873420_JaffaCakes118.exe
    3⤵
    PID:2368
- - C:\Users\Admin\Downloads\241004-q5p7zsxdqj139bc1bf9784dfa28a48327b48fe084d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q5p7zsxdqj139bc1bf9784dfa28a48327b48fe084d_JaffaCakes118.exe
    3⤵
    PID:1056
- - C:\Users\Admin\Downloads\241004-ranaksxgjp0b7527db8e630be9b1ef2a15273a00d7bbaf4d6cd5d248c0bfc80481ba2e979bN.exe
    C:\Users\Admin\Downloads\241004-ranaksxgjp0b7527db8e630be9b1ef2a15273a00d7bbaf4d6cd5d248c0bfc80481ba2e979bN.exe
    3⤵
    PID:908
  - - \??\c:\jvpdv.exe
      c:\jvpdv.exe
      4⤵
      PID:5704
    - - \??\c:\hbhhbh.exe
        
        c:\hbhhbh.exe
        5⤵
        
        PID:1944
      - \??\c:\htthbh.exe
        
        c:\htthbh.exe
        6⤵
        
        PID:6900
        
        \??\c:\lxffxxr.exe
        
        c:\lxffxxr.exe
        7⤵
        
        PID:6592
        
        \??\c:\lllxrll.exe
        
        c:\lllxrll.exe
        8⤵
        
        PID:8400
        
        \??\c:\xllffff.exe
        
        c:\xllffff.exe
        9⤵
        
        PID:9232
        
        \??\c:\fxlxfxf.exe
        
        c:\fxlxfxf.exe
        10⤵
        
        PID:7160
        
        \??\c:\lflfrrr.exe
        
        c:\lflfrrr.exe
        11⤵
        
        PID:6292
        
        \??\c:\dpvjj.exe
        
        c:\dpvjj.exe
        12⤵
        
        PID:9584
        
        \??\c:\httbth.exe
        
        c:\httbth.exe
        13⤵
        
        PID:9972
        
        \??\c:\djvdd.exe
        
        c:\djvdd.exe
        14⤵
        
        PID:8428
        
        \??\c:\lxlrfxx.exe
        
        c:\lxlrfxx.exe
        15⤵
        
        PID:8280
        
        \??\c:\rlrlflf.exe
        
        c:\rlrlflf.exe
        16⤵
        
        PID:10536
        
        \??\c:\nntttt.exe
        
        c:\nntttt.exe
        17⤵
        
        PID:11104
        
        \??\c:\ppdvv.exe
        
        c:\ppdvv.exe
        18⤵
        
        PID:2040
        
        \??\c:\5dpjj.exe
        
        c:\5dpjj.exe
        19⤵
        
        PID:10336
        
        \??\c:\hntnhb.exe
        
        c:\hntnhb.exe
        20⤵
        
        PID:10264
        
        \??\c:\jjpjv.exe
        
        c:\jjpjv.exe
        21⤵
        
        PID:12148
        
        \??\c:\pdpjd.exe
        
        c:\pdpjd.exe
        22⤵
        
        PID:11296
        
        \??\c:\1lrrrrl.exe
        
        c:\1lrrrrl.exe
        23⤵
        
        PID:13660
        
        \??\c:\jpvpj.exe
        
        c:\jpvpj.exe
        24⤵
        
        PID:11732
        
        \??\c:\frlfrlf.exe
        
        c:\frlfrlf.exe
        25⤵
        
        PID:14436
        
        \??\c:\5nhbnn.exe
        
        c:\5nhbnn.exe
        26⤵
        
        PID:8064
        
        \??\c:\jpvpp.exe
        
        c:\jpvpp.exe
        27⤵
        
        PID:14404
        
        \??\c:\btnnhh.exe
        
        c:\btnnhh.exe
        28⤵
        
        PID:8592
        
        \??\c:\ttttnn.exe
        
        c:\ttttnn.exe
        29⤵
        
        PID:15752
        
        \??\c:\1tttnn.exe
        
        c:\1tttnn.exe
        30⤵
        
        PID:10876
        
        \??\c:\djvpp.exe
        
        c:\djvpp.exe
        31⤵
        
        PID:11796
        
        \??\c:\7rxfxxr.exe
        
        c:\7rxfxxr.exe
        32⤵
        
        PID:7308
        
        \??\c:\rfrlxxl.exe
        
        c:\rfrlxxl.exe
        33⤵
        
        PID:15996
        
        \??\c:\5pjdd.exe
        
        c:\5pjdd.exe
        34⤵
        
        PID:15548
        
        \??\c:\1rrrlrl.exe
        
        c:\1rrrlrl.exe
        35⤵
        
        PID:16376
        
        \??\c:\pvdvj.exe
        
        c:\pvdvj.exe
        36⤵
        
        PID:14592
        
        \??\c:\3fxrfll.exe
        
        c:\3fxrfll.exe
        37⤵
        
        PID:2040
        
        \??\c:\bbbtnn.exe
        
        c:\bbbtnn.exe
        38⤵
        
        PID:4768
        
        \??\c:\thnnnb.exe
        
        c:\thnnnb.exe
        39⤵
        
        PID:18328
        
        \??\c:\vjjdj.exe
        
        c:\vjjdj.exe
        40⤵
        
        PID:18796
        
        \??\c:\1xlffll.exe
        
        c:\1xlffll.exe
        41⤵
        
        PID:19160
        
        \??\c:\1lxrlxl.exe
        
        c:\1lxrlxl.exe
        42⤵
        
        PID:18444
- - C:\Users\Admin\Downloads\241004-rbb9pssble70972644d1225fe6a276fab44f062c7d393f7d30e389f03d62d048f31ce7f87bN.exe
    C:\Users\Admin\Downloads\241004-rbb9pssble70972644d1225fe6a276fab44f062c7d393f7d30e389f03d62d048f31ce7f87bN.exe
    3⤵
    PID:2136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 232
      4⤵
      Program crash
      PID:9548
- - C:\Users\Admin\Downloads\241004-rcw1haxhjk33195980aa35c8fcbd8bf22e91efcac9593ce27163d1cf24f3ee55f8bd2f2b81N.exe
    C:\Users\Admin\Downloads\241004-rcw1haxhjk33195980aa35c8fcbd8bf22e91efcac9593ce27163d1cf24f3ee55f8bd2f2b81N.exe
    3⤵
    PID:4624
  - - C:\Windows\SysWOW64\Bkobmnka.exe
      C:\Windows\system32\Bkobmnka.exe
      4⤵
      PID:5680
    - - C:\Windows\SysWOW64\Cocacl32.exe
        
        C:\Windows\system32\Cocacl32.exe
        5⤵
        
        PID:2296
      - C:\Windows\SysWOW64\Dflfac32.exe
        
        C:\Windows\system32\Dflfac32.exe
        6⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\Fefedmil.exe
        
        C:\Windows\system32\Fefedmil.exe
        7⤵
        
        PID:340
        
        C:\Windows\SysWOW64\Glipgf32.exe
        
        C:\Windows\system32\Glipgf32.exe
        8⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\Hplbickp.exe
        
        C:\Windows\system32\Hplbickp.exe
        9⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\Hemdlj32.exe
        
        C:\Windows\system32\Hemdlj32.exe
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\Ipjoja32.exe
        
        C:\Windows\system32\Ipjoja32.exe
        11⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\Jngbjd32.exe
        
        C:\Windows\system32\Jngbjd32.exe
        12⤵
        
        PID:9656
- - C:\Users\Admin\Downloads\241004-rb2jlasbng51016c4a6d2cf077a93c85e1e335256685f183e7229c06e132e3ae11e8e5cb68N.exe
    C:\Users\Admin\Downloads\241004-rb2jlasbng51016c4a6d2cf077a93c85e1e335256685f183e7229c06e132e3ae11e8e5cb68N.exe
    3⤵
    PID:4652
  - - C:\Windows\SysWOW64\Anmfbl32.exe
      C:\Windows\system32\Anmfbl32.exe
      4⤵
      PID:1732
    - - C:\Windows\SysWOW64\Bkaobnio.exe
        
        C:\Windows\system32\Bkaobnio.exe
        5⤵
        
        PID:5884
      - C:\Windows\SysWOW64\Dijbno32.exe
        
        C:\Windows\system32\Dijbno32.exe
        6⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\Ebimgcfi.exe
        
        C:\Windows\system32\Ebimgcfi.exe
        7⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\Flpmagqi.exe
        
        C:\Windows\system32\Flpmagqi.exe
        8⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\Goglcahb.exe
        
        C:\Windows\system32\Goglcahb.exe
        9⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\Hiipmhmk.exe
        
        C:\Windows\system32\Hiipmhmk.exe
        10⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\Ibhkfm32.exe
        
        C:\Windows\system32\Ibhkfm32.exe
        11⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\Johnamkm.exe
        
        C:\Windows\system32\Johnamkm.exe
        12⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\Lokdnjkg.exe
        
        C:\Windows\system32\Lokdnjkg.exe
        13⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\Nnafno32.exe
        
        C:\Windows\system32\Nnafno32.exe
        14⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\Ppolhcnm.exe
        
        C:\Windows\system32\Ppolhcnm.exe
        15⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\Bacjdbch.exe
        
        C:\Windows\system32\Bacjdbch.exe
        16⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\Cponen32.exe
        
        C:\Windows\system32\Cponen32.exe
        17⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\Edgbii32.exe
        
        C:\Windows\system32\Edgbii32.exe
        18⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\Iacngdgj.exe
        
        C:\Windows\system32\Iacngdgj.exe
        19⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\Jhplpl32.exe
        
        C:\Windows\system32\Jhplpl32.exe
        20⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\Mapppn32.exe
        
        C:\Windows\system32\Mapppn32.exe
        21⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\Mljmhflh.exe
        
        C:\Windows\system32\Mljmhflh.exe
        22⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\Noppeaed.exe
        
        C:\Windows\system32\Noppeaed.exe
        23⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\Ojcpdg32.exe
        
        C:\Windows\system32\Ojcpdg32.exe
        24⤵
        
        PID:13880
        
        C:\Windows\SysWOW64\Pmmlla32.exe
        
        C:\Windows\system32\Pmmlla32.exe
        25⤵
        
        PID:13604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13604 -s 436
        26⤵
        Program crash
        
        PID:8064
- - C:\Users\Admin\Downloads\241004-q73k4a1hpg61afefdd2d05cdafbbc4577af981b8dc13566525729d1298150cac998f50cb56N.exe
    C:\Users\Admin\Downloads\241004-q73k4a1hpg61afefdd2d05cdafbbc4577af981b8dc13566525729d1298150cac998f50cb56N.exe
    3⤵
    PID:2176
- - C:\Users\Admin\Downloads\241004-q8eknaxfkj2dfe282c4d65ce4aff91882ecca32165f915f893955c52a4a4a5e83dacc1d31aN.exe
    C:\Users\Admin\Downloads\241004-q8eknaxfkj2dfe282c4d65ce4aff91882ecca32165f915f893955c52a4a4a5e83dacc1d31aN.exe
    3⤵
    PID:788
  - - C:\Windows\SysWOW64\Aahbbkaq.exe
      C:\Windows\system32\Aahbbkaq.exe
      4⤵
      PID:3828
    - - C:\Windows\SysWOW64\Blnoga32.exe
        
        C:\Windows\system32\Blnoga32.exe
        5⤵
        
        PID:5832
      - C:\Windows\SysWOW64\Clgbmp32.exe
        
        C:\Windows\system32\Clgbmp32.exe
        6⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\Dnpdegjp.exe
        
        C:\Windows\system32\Dnpdegjp.exe
        7⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\Deqcbpld.exe
        
        C:\Windows\system32\Deqcbpld.exe
        8⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\Efeihb32.exe
        
        C:\Windows\system32\Efeihb32.exe
        9⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\Fmmmfj32.exe
        
        C:\Windows\system32\Fmmmfj32.exe
        10⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\Gpelhd32.exe
        
        C:\Windows\system32\Gpelhd32.exe
        11⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\Hoobdp32.exe
        
        C:\Windows\system32\Hoobdp32.exe
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\Ilqoobdd.exe
        
        C:\Windows\system32\Ilqoobdd.exe
        13⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\Jllokajf.exe
        
        C:\Windows\system32\Jllokajf.exe
        14⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\Nmfcok32.exe
        
        C:\Windows\system32\Nmfcok32.exe
        15⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\Oakbehfe.exe
        
        C:\Windows\system32\Oakbehfe.exe
        16⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\Pccahbmn.exe
        
        C:\Windows\system32\Pccahbmn.exe
        17⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\Adhdjpjf.exe
        
        C:\Windows\system32\Adhdjpjf.exe
        18⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\Aaoaic32.exe
        
        C:\Windows\system32\Aaoaic32.exe
        19⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\Bhmbqm32.exe
        
        C:\Windows\system32\Bhmbqm32.exe
        20⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\Cdpcal32.exe
        
        C:\Windows\system32\Cdpcal32.exe
        21⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\Eqdpgk32.exe
        
        C:\Windows\system32\Eqdpgk32.exe
        22⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\Fajbjh32.exe
        
        C:\Windows\system32\Fajbjh32.exe
        23⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\Iacngdgj.exe
        
        C:\Windows\system32\Iacngdgj.exe
        24⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\Jafdcbge.exe
        
        C:\Windows\system32\Jafdcbge.exe
        25⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\Kcapicdj.exe
        
        C:\Windows\system32\Kcapicdj.exe
        26⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\Lpochfji.exe
        
        C:\Windows\system32\Lpochfji.exe
        27⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\Mfpell32.exe
        
        C:\Windows\system32\Mfpell32.exe
        28⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\Oonlfo32.exe
        
        C:\Windows\system32\Oonlfo32.exe
        29⤵
        
        PID:13748
        
        C:\Windows\SysWOW64\Pqbala32.exe
        
        C:\Windows\system32\Pqbala32.exe
        30⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\Pififb32.exe
        
        C:\Windows\system32\Pififb32.exe
        31⤵
        
        PID:14512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14512 -s 432
        32⤵
        Program crash
        
        PID:14728
- - C:\Users\Admin\Downloads\241004-q7tces1hne139ed511caee0af7c70e1224431ca678_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q7tces1hne139ed511caee0af7c70e1224431ca678_JaffaCakes118.exe
    3⤵
    PID:2336
- - C:\Users\Admin\Downloads\241004-q9lelasame32799e0b6bdf609a7a30213ea01a11644f49bb3500a84e876129fe4f6e0db91cN.exe
    C:\Users\Admin\Downloads\241004-q9lelasame32799e0b6bdf609a7a30213ea01a11644f49bb3500a84e876129fe4f6e0db91cN.exe
    3⤵
    PID:868
  - - C:\Windows\SysWOW64\Aknifq32.exe
      C:\Windows\system32\Aknifq32.exe
      4⤵
      PID:1416
    - - C:\Windows\SysWOW64\Bhbcfbjk.exe
        
        C:\Windows\system32\Bhbcfbjk.exe
        5⤵
        
        PID:5784
      - C:\Windows\SysWOW64\Ckjbhmad.exe
        
        C:\Windows\system32\Ckjbhmad.exe
        6⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\Dmadco32.exe
        
        C:\Windows\system32\Dmadco32.exe
        7⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\Ekaapi32.exe
        
        C:\Windows\system32\Ekaapi32.exe
        8⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\Fpkibf32.exe
        
        C:\Windows\system32\Fpkibf32.exe
        9⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\Goglcahb.exe
        
        C:\Windows\system32\Goglcahb.exe
        10⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\Hiipmhmk.exe
        
        C:\Windows\system32\Hiipmhmk.exe
        11⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\Igdgglfl.exe
        
        C:\Windows\system32\Igdgglfl.exe
        12⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\Jgpfbjlo.exe
        
        C:\Windows\system32\Jgpfbjlo.exe
        13⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\Lqhdbm32.exe
        
        C:\Windows\system32\Lqhdbm32.exe
        14⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\Njfkmphe.exe
        
        C:\Windows\system32\Njfkmphe.exe
        15⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\Oabhfg32.exe
        
        C:\Windows\system32\Oabhfg32.exe
        16⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\Qpeahb32.exe
        
        C:\Windows\system32\Qpeahb32.exe
        17⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\Bmhocd32.exe
        
        C:\Windows\system32\Bmhocd32.exe
        18⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\Ckbemgcp.exe
        
        C:\Windows\system32\Ckbemgcp.exe
        19⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\Cpfcfmlp.exe
        
        C:\Windows\system32\Cpfcfmlp.exe
        20⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\Dakikoom.exe
        
        C:\Windows\system32\Dakikoom.exe
        21⤵
        
        PID:5128
- - C:\Users\Admin\Downloads\241004-q76bzsxern139f8e7694d866e2628713695515c0b3_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q76bzsxern139f8e7694d866e2628713695515c0b3_JaffaCakes118.exe
    3⤵
    PID:3116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 248
      4⤵
      Program crash
      PID:8464
- - C:\Users\Admin\Downloads\241004-q4hfraxdlk139a3a937a6fba90303c2e68aaea32e1_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q4hfraxdlk139a3a937a6fba90303c2e68aaea32e1_JaffaCakes118.exe
    3⤵
    PID:2620
- - C:\Users\Admin\Downloads\241004-rbhfqaxgmk8098182b796aa2b3ab79d47e61ba944bd344f6d6d39010445ba4ca6c27ee2800N.exe
    C:\Users\Admin\Downloads\241004-rbhfqaxgmk8098182b796aa2b3ab79d47e61ba944bd344f6d6d39010445ba4ca6c27ee2800N.exe
    3⤵
    PID:4528
  - - C:\Windows\SysWOW64\Aknifq32.exe
      C:\Windows\system32\Aknifq32.exe
      4⤵
      PID:4484
    - - C:\Windows\SysWOW64\Bepmoh32.exe
        
        C:\Windows\system32\Bepmoh32.exe
        5⤵
        
        PID:5480
      - C:\Windows\SysWOW64\Cdbfab32.exe
        
        C:\Windows\system32\Cdbfab32.exe
        6⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\Emhkdmlg.exe
        
        C:\Windows\system32\Emhkdmlg.exe
        7⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\Eehicoel.exe
        
        C:\Windows\system32\Eehicoel.exe
        8⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\Fbjena32.exe
        
        C:\Windows\system32\Fbjena32.exe
        9⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\Gmimai32.exe
        
        C:\Windows\system32\Gmimai32.exe
        10⤵
        
        PID:8148
- - C:\Users\Admin\Downloads\241004-rb57sasbpab88e6886bd28f01505d4679a9722660d82e2a433431c1c79384323d481dd9a70N.exe
    C:\Users\Admin\Downloads\241004-rb57sasbpab88e6886bd28f01505d4679a9722660d82e2a433431c1c79384323d481dd9a70N.exe
    3⤵
    PID:4048
- - C:\Users\Admin\Downloads\241004-q4pvtsxdlr5029c6abd1715a044f29ef2c359867f9e99685aca9c891f5c98c1416dec4a762N.exe
    C:\Users\Admin\Downloads\241004-q4pvtsxdlr5029c6abd1715a044f29ef2c359867f9e99685aca9c891f5c98c1416dec4a762N.exe
    3⤵
    PID:3168
- - C:\Users\Admin\Downloads\241004-q5yt5axdrp5029c6abd1715a044f29ef2c359867f9e99685aca9c891f5c98c1416dec4a762N.exe
    C:\Users\Admin\Downloads\241004-q5yt5axdrp5029c6abd1715a044f29ef2c359867f9e99685aca9c891f5c98c1416dec4a762N.exe
    3⤵
    PID:2520
- - C:\Users\Admin\Downloads\241004-rbsaxssbmefile.exe
    C:\Users\Admin\Downloads\241004-rbsaxssbmefile.exe
    3⤵
    PID:2760
- - C:\Users\Admin\Downloads\241004-rcfcrasbqc13a4d389bc0805b4a56624cb62dd39b5_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-rcfcrasbqc13a4d389bc0805b4a56624cb62dd39b5_JaffaCakes118.exe
    3⤵
    PID:3964
  - - C:\Windows\system32\wermgr.exe
      C:\Windows\system32\wermgr.exe
      4⤵
      PID:6160
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe
      4⤵
      PID:6996
- - C:\Users\Admin\Downloads\241004-q573ssxejp53acaaead0a63de8d842379e862527e01ff300ae279bf54576ce6500fb574ee4N.exe
    C:\Users\Admin\Downloads\241004-q573ssxejp53acaaead0a63de8d842379e862527e01ff300ae279bf54576ce6500fb574ee4N.exe
    3⤵
    PID:4364
  - - C:\Windows\SysWOW64\Akepfpcl.exe
      C:\Windows\system32\Akepfpcl.exe
      4⤵
      PID:5244
    - - C:\Windows\SysWOW64\Cndeii32.exe
        
        C:\Windows\system32\Cndeii32.exe
        5⤵
        
        PID:6096
      - C:\Windows\SysWOW64\Chqogq32.exe
        
        C:\Windows\system32\Chqogq32.exe
        6⤵
        
        PID:5804
- - C:\Users\Admin\Downloads\241004-q7518a1hqc57e96f538817422fbceb841eb711c3ba8bf9ac4dcac495d4a436bf1799d4695eN.exe
    C:\Users\Admin\Downloads\241004-q7518a1hqc57e96f538817422fbceb841eb711c3ba8bf9ac4dcac495d4a436bf1799d4695eN.exe
    3⤵
    PID:5200
- - C:\Users\Admin\Downloads\241004-q457ta1gle05f926aa2a34167d07375b6acb205ef9cb89cb3640fb1b6475ab49d580c9abe5N.exe
    C:\Users\Admin\Downloads\241004-q457ta1gle05f926aa2a34167d07375b6acb205ef9cb89cb3640fb1b6475ab49d580c9abe5N.exe
    3⤵
    PID:5212
  - - C:\Windows\SysWOW64\Bohbhmfm.exe
      C:\Windows\system32\Bohbhmfm.exe
      4⤵
      PID:5624
    - - C:\Windows\SysWOW64\Chiigadc.exe
        
        C:\Windows\system32\Chiigadc.exe
        5⤵
        
        PID:884
      - C:\Windows\SysWOW64\Dokgdkeh.exe
        
        C:\Windows\system32\Dokgdkeh.exe
        6⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\Dbpjaeoc.exe
        
        C:\Windows\system32\Dbpjaeoc.exe
        7⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\Eiahnnph.exe
        
        C:\Windows\system32\Eiahnnph.exe
        8⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\Hehkajig.exe
        
        C:\Windows\system32\Hehkajig.exe
        9⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\Ioolkncg.exe
        
        C:\Windows\system32\Ioolkncg.exe
        10⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\Jokkgl32.exe
        
        C:\Windows\system32\Jokkgl32.exe
        11⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\Njjdho32.exe
        
        C:\Windows\system32\Njjdho32.exe
        12⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\Pmnbfhal.exe
        
        C:\Windows\system32\Pmnbfhal.exe
        13⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\Ahaceo32.exe
        
        C:\Windows\system32\Ahaceo32.exe
        14⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\Adkqoohc.exe
        
        C:\Windows\system32\Adkqoohc.exe
        15⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\Boenhgdd.exe
        
        C:\Windows\system32\Boenhgdd.exe
        16⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\Chiblk32.exe
        
        C:\Windows\system32\Chiblk32.exe
        17⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\Cacckp32.exe
        
        C:\Windows\system32\Cacckp32.exe
        18⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\Dhgonidg.exe
        
        C:\Windows\system32\Dhgonidg.exe
        19⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\Eqgmmk32.exe
        
        C:\Windows\system32\Eqgmmk32.exe
        20⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\Fnkfmm32.exe
        
        C:\Windows\system32\Fnkfmm32.exe
        21⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\Jpnakk32.exe
        
        C:\Windows\system32\Jpnakk32.exe
        22⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\Kedlip32.exe
        
        C:\Windows\system32\Kedlip32.exe
        23⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\Lljdai32.exe
        
        C:\Windows\system32\Lljdai32.exe
        24⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\Mhoahh32.exe
        
        C:\Windows\system32\Mhoahh32.exe
        25⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\Nqmojd32.exe
        
        C:\Windows\system32\Nqmojd32.exe
        26⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\Nqcejcha.exe
        
        C:\Windows\system32\Nqcejcha.exe
        27⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\Ofgdcipq.exe
        
        C:\Windows\system32\Ofgdcipq.exe
        28⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\Ppdbgncl.exe
        
        C:\Windows\system32\Ppdbgncl.exe
        29⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\Pfccogfc.exe
        
        C:\Windows\system32\Pfccogfc.exe
        30⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\Aimogakj.exe
        
        C:\Windows\system32\Aimogakj.exe
        31⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\Bdcmkgmm.exe
        
        C:\Windows\system32\Bdcmkgmm.exe
        32⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\Diqnjl32.exe
        
        C:\Windows\system32\Diqnjl32.exe
        33⤵
        
        PID:5576
- - C:\Users\Admin\Downloads\241004-q64rrsxenlniko.exe
    C:\Users\Admin\Downloads\241004-q64rrsxenlniko.exe
    3⤵
    PID:5532
- - C:\Users\Admin\Downloads\241004-rcdtxssbqb13a4c3a05c41a7b91c979185692223b5_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-rcdtxssbqb13a4c3a05c41a7b91c979185692223b5_JaffaCakes118.exe
    3⤵
    PID:5968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 340
      4⤵
      Program crash
      PID:8048
- - C:\Users\Admin\Downloads\241004-q5wprsxdrl139c1abfc4b94c4b107ad52766d69e61_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q5wprsxdrl139c1abfc4b94c4b107ad52766d69e61_JaffaCakes118.exe
    3⤵
    PID:6020
- - C:\Users\Admin\Downloads\241004-q8alpsxfjle1e61a2fe05f63696e82eccdd791d60629844f89d9512035c0202a9f71fc0b5cN.exe
    C:\Users\Admin\Downloads\241004-q8alpsxfjle1e61a2fe05f63696e82eccdd791d60629844f89d9512035c0202a9f71fc0b5cN.exe
    3⤵
    PID:5408
  - - \??\c:\llxrfxl.exe
      c:\llxrfxl.exe
      4⤵
      PID:6492
    - - \??\c:\djvvv.exe
        
        c:\djvvv.exe
        5⤵
        
        PID:7136
      - \??\c:\vppjd.exe
        
        c:\vppjd.exe
        6⤵
        
        PID:7956
        
        \??\c:\ffxfxxx.exe
        
        c:\ffxfxxx.exe
        7⤵
        
        PID:8528
        
        \??\c:\nnntnt.exe
        
        c:\nnntnt.exe
        8⤵
        
        PID:9580
        
        \??\c:\rxrrrlf.exe
        
        c:\rxrrrlf.exe
        9⤵
        
        PID:8956
        
        \??\c:\jdvvp.exe
        
        c:\jdvvp.exe
        10⤵
        
        PID:9644
        
        \??\c:\nnhtnt.exe
        
        c:\nnhtnt.exe
        11⤵
        
        PID:8472
        
        \??\c:\btbttn.exe
        
        c:\btbttn.exe
        12⤵
        
        PID:9424
        
        \??\c:\jvddv.exe
        
        c:\jvddv.exe
        13⤵
        
        PID:8740
        
        \??\c:\djjpj.exe
        
        c:\djjpj.exe
        14⤵
        
        PID:5220
        
        \??\c:\vvdpj.exe
        
        c:\vvdpj.exe
        15⤵
        
        PID:11248
        
        \??\c:\5bbtnn.exe
        
        c:\5bbtnn.exe
        16⤵
        
        PID:3532
        
        \??\c:\lfxrrrr.exe
        
        c:\lfxrrrr.exe
        17⤵
        
        PID:11332
        
        \??\c:\pvvdd.exe
        
        c:\pvvdd.exe
        18⤵
        
        PID:12032
        
        \??\c:\1nhbbn.exe
        
        c:\1nhbbn.exe
        19⤵
        
        PID:12912
        
        \??\c:\9nttnn.exe
        
        c:\9nttnn.exe
        20⤵
        
        PID:4916
        
        \??\c:\hthbtb.exe
        
        c:\hthbtb.exe
        21⤵
        
        PID:13156
        
        \??\c:\dvdvp.exe
        
        c:\dvdvp.exe
        22⤵
        
        PID:13804
        
        \??\c:\rfllfff.exe
        
        c:\rfllfff.exe
        23⤵
        
        PID:13020
        
        \??\c:\nnhhbb.exe
        
        c:\nnhhbb.exe
        24⤵
        
        PID:12648
        
        \??\c:\tbhnhh.exe
        
        c:\tbhnhh.exe
        25⤵
        
        PID:15300
        
        \??\c:\frrrllf.exe
        
        c:\frrrllf.exe
        26⤵
        
        PID:15224
        
        \??\c:\frrxrrr.exe
        
        c:\frrxrrr.exe
        27⤵
        
        PID:13600
        
        \??\c:\rfflrrx.exe
        
        c:\rfflrrx.exe
        28⤵
        
        PID:11440
        
        \??\c:\9vdvp.exe
        
        c:\9vdvp.exe
        29⤵
        
        PID:16148
        
        \??\c:\5flfxfx.exe
        
        c:\5flfxfx.exe
        30⤵
        
        PID:4176
        
        \??\c:\1lrfxxr.exe
        
        c:\1lrfxxr.exe
        31⤵
        
        PID:16324
        
        \??\c:\bhnbbh.exe
        
        c:\bhnbbh.exe
        32⤵
        
        PID:11336
        
        \??\c:\btthth.exe
        
        c:\btthth.exe
        33⤵
        
        PID:9648
        
        \??\c:\jpjpp.exe
        
        c:\jpjpp.exe
        34⤵
        
        PID:13788
        
        \??\c:\ddvdd.exe
        
        c:\ddvdd.exe
        35⤵
        
        PID:14240
        
        \??\c:\xxxxrxx.exe
        
        c:\xxxxrxx.exe
        36⤵
        
        PID:13972
        
        \??\c:\lfffxfx.exe
        
        c:\lfffxfx.exe
        37⤵
        
        PID:13768
        
        \??\c:\lrlrlff.exe
        
        c:\lrlrlff.exe
        38⤵
        
        PID:5648
        
        \??\c:\9hbttb.exe
        
        c:\9hbttb.exe
        39⤵
        
        PID:18112
        
        \??\c:\pvppd.exe
        
        c:\pvppd.exe
        40⤵
        
        PID:7324
        
        \??\c:\hbhbtb.exe
        
        c:\hbhbtb.exe
        41⤵
        
        PID:9984
        
        \??\c:\lrxxffl.exe
        
        c:\lrxxffl.exe
        42⤵
        
        PID:2912
        
        \??\c:\vjvvj.exe
        
        c:\vjvvj.exe
        43⤵
        
        PID:18740
        
        \??\c:\9hbntn.exe
        
        c:\9hbntn.exe
        44⤵
        
        PID:9844
        
        \??\c:\xxrrllf.exe
        
        c:\xxrrllf.exe
        45⤵
        
        PID:9744
- - C:\Users\Admin\Downloads\241004-rcyt4axhjn13a5dd75a2dd7a5c45800c964272c940_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-rcyt4axhjn13a5dd75a2dd7a5c45800c964272c940_JaffaCakes118.exe
    3⤵
    PID:3916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 504
      4⤵
      Program crash
      PID:10212
- - C:\Users\Admin\Downloads\241004-q783wa1hqf5e17e8af6162052361aaa226335477c9785162a66c4e54d2bf25fb08d430b64dN.exe
    C:\Users\Admin\Downloads\241004-q783wa1hqf5e17e8af6162052361aaa226335477c9785162a66c4e54d2bf25fb08d430b64dN.exe
    3⤵
    PID:10064
  - - C:\Windows\SysWOW64\Lncjlq32.exe
      C:\Windows\system32\Lncjlq32.exe
      4⤵
      PID:8536
    - - C:\Windows\SysWOW64\Njfkmphe.exe
        
        C:\Windows\system32\Njfkmphe.exe
        5⤵
        
        PID:7960
      - C:\Windows\SysWOW64\Offnhpfo.exe
        
        C:\Windows\system32\Offnhpfo.exe
        6⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\Palklf32.exe
        
        C:\Windows\system32\Palklf32.exe
        7⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\Bgnffj32.exe
        
        C:\Windows\system32\Bgnffj32.exe
        8⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\Cggimh32.exe
        
        C:\Windows\system32\Cggimh32.exe
        9⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\Cacckp32.exe
        
        C:\Windows\system32\Cacckp32.exe
        10⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\Ddkbmj32.exe
        
        C:\Windows\system32\Ddkbmj32.exe
        11⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\Foclgq32.exe
        
        C:\Windows\system32\Foclgq32.exe
        12⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\Geoapenf.exe
        
        C:\Windows\system32\Geoapenf.exe
        13⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\Hpmhdmea.exe
        
        C:\Windows\system32\Hpmhdmea.exe
        14⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\Ihpcinld.exe
        
        C:\Windows\system32\Ihpcinld.exe
        15⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\Lindkm32.exe
        
        C:\Windows\system32\Lindkm32.exe
        16⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\Mcdeeq32.exe
        
        C:\Windows\system32\Mcdeeq32.exe
        17⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\Nbebbk32.exe
        
        C:\Windows\system32\Nbebbk32.exe
        18⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\Oifppdpd.exe
        
        C:\Windows\system32\Oifppdpd.exe
        19⤵
        
        PID:13940
        
        C:\Windows\SysWOW64\Piapkbeg.exe
        
        C:\Windows\system32\Piapkbeg.exe
        20⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\Adjjeieh.exe
        
        C:\Windows\system32\Adjjeieh.exe
        21⤵
        
        PID:14352
- - C:\Users\Admin\Downloads\241004-q4nmrsxdlqniko.exe
    C:\Users\Admin\Downloads\241004-q4nmrsxdlqniko.exe
    3⤵
    PID:10072
- - C:\Users\Admin\Downloads\241004-q3wxra1fpf13999c9758863848c888adb980465737_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q3wxra1fpf13999c9758863848c888adb980465737_JaffaCakes118.exe
    3⤵
    PID:10080
- - C:\Users\Admin\Downloads\241004-rdd63sscleb88e6886bd28f01505d4679a9722660d82e2a433431c1c79384323d481dd9a70N.exe
    C:\Users\Admin\Downloads\241004-rdd63sscleb88e6886bd28f01505d4679a9722660d82e2a433431c1c79384323d481dd9a70N.exe
    3⤵
    PID:10088
- - C:\Users\Admin\Downloads\241004-rakvfssarf13a30821fc38dd08a56f13b0e1a5a797_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-rakvfssarf13a30821fc38dd08a56f13b0e1a5a797_JaffaCakes118.exe
    3⤵
    PID:10104
- - C:\Users\Admin\Downloads\241004-q7b35sxenr2146988cb33b78fbe10f0542315e94b0f442de07a3f8419e7eed03ce36cf46cbN.exe
    C:\Users\Admin\Downloads\241004-q7b35sxenr2146988cb33b78fbe10f0542315e94b0f442de07a3f8419e7eed03ce36cf46cbN.exe
    3⤵
    PID:10116
  - - \??\c:\rfrlxrl.exe
      c:\rfrlxrl.exe
      4⤵
      PID:6320
    - - \??\c:\frxrrxr.exe
        
        c:\frxrrxr.exe
        5⤵
        
        PID:9472
      - \??\c:\ppvvv.exe
        
        c:\ppvvv.exe
        6⤵
        
        PID:9992
        
        \??\c:\xxfrlxr.exe
        
        c:\xxfrlxr.exe
        7⤵
        
        PID:8836
        
        \??\c:\vppdv.exe
        
        c:\vppdv.exe
        8⤵
        
        PID:9596
        
        \??\c:\htttbb.exe
        
        c:\htttbb.exe
        9⤵
        
        PID:6992
        
        \??\c:\5bhhbb.exe
        
        c:\5bhhbb.exe
        10⤵
        
        PID:8580
        
        \??\c:\djppp.exe
        
        c:\djppp.exe
        11⤵
        
        PID:10116
        
        \??\c:\pvvdj.exe
        
        c:\pvvdj.exe
        12⤵
        
        PID:10952
        
        \??\c:\rxfxllf.exe
        
        c:\rxfxllf.exe
        13⤵
        
        PID:11044
        
        \??\c:\ttnnhh.exe
        
        c:\ttnnhh.exe
        14⤵
        
        PID:11800
        
        \??\c:\9vpdp.exe
        
        c:\9vpdp.exe
        15⤵
        
        PID:11812
        
        \??\c:\rflfxxr.exe
        
        c:\rflfxxr.exe
        16⤵
        
        PID:9968
        
        \??\c:\tbbbhh.exe
        
        c:\tbbbhh.exe
        17⤵
        
        PID:12812
        
        \??\c:\3pvpd.exe
        
        c:\3pvpd.exe
        18⤵
        
        PID:12124
        
        \??\c:\5lrxlfx.exe
        
        c:\5lrxlfx.exe
        19⤵
        
        PID:7220
        
        \??\c:\xflffff.exe
        
        c:\xflffff.exe
        20⤵
        
        PID:15024
        
        \??\c:\vdppp.exe
        
        c:\vdppp.exe
        21⤵
        
        PID:10892
        
        \??\c:\7llfxxr.exe
        
        c:\7llfxxr.exe
        22⤵
        
        PID:15476
        
        \??\c:\hnttnn.exe
        
        c:\hnttnn.exe
        23⤵
        
        PID:7356
        
        \??\c:\7nhhtt.exe
        
        c:\7nhhtt.exe
        24⤵
        
        PID:10388
        
        \??\c:\3nttbn.exe
        
        c:\3nttbn.exe
        25⤵
        
        PID:16332
        
        \??\c:\5tnhbh.exe
        
        c:\5tnhbh.exe
        26⤵
        
        PID:16144
        
        \??\c:\lllllll.exe
        
        c:\lllllll.exe
        27⤵
        
        PID:12008
        
        \??\c:\frfllff.exe
        
        c:\frfllff.exe
        28⤵
        
        PID:10712
        
        \??\c:\7btnbt.exe
        
        c:\7btnbt.exe
        29⤵
        
        PID:15792
        
        \??\c:\lfxlxff.exe
        
        c:\lfxlxff.exe
        30⤵
        
        PID:14408
        
        \??\c:\fxlllfl.exe
        
        c:\fxlllfl.exe
        31⤵
        
        PID:13252
        
        \??\c:\3pjpp.exe
        
        c:\3pjpp.exe
        32⤵
        
        PID:16524
        
        \??\c:\flllllx.exe
        
        c:\flllllx.exe
        33⤵
        
        PID:11672
        
        \??\c:\5dvvj.exe
        
        c:\5dvvj.exe
        34⤵
        
        PID:15876
        
        \??\c:\1fxrlll.exe
        
        c:\1fxrlll.exe
        35⤵
        
        PID:5836
        
        \??\c:\tnbtnh.exe
        
        c:\tnbtnh.exe
        36⤵
        
        PID:17604
        
        \??\c:\7jjdp.exe
        
        c:\7jjdp.exe
        37⤵
        
        PID:19156
        
        \??\c:\lxlllrl.exe
        
        c:\lxlllrl.exe
        38⤵
        
        PID:15472
        
        \??\c:\xxllrrr.exe
        
        c:\xxllrrr.exe
        39⤵
        
        PID:16156
        
        \??\c:\7xlrxfl.exe
        
        c:\7xlrxfl.exe
        40⤵
        
        PID:18268
        
        \??\c:\xxffxxr.exe
        
        c:\xxffxxr.exe
        41⤵
        
        PID:9776
- - C:\Users\Admin\Downloads\241004-q6ms9a1hja647a843c9218d45f0a193867ed2da7ef835a4560df622fb5335bb390559f8cccN.exe
    C:\Users\Admin\Downloads\241004-q6ms9a1hja647a843c9218d45f0a193867ed2da7ef835a4560df622fb5335bb390559f8cccN.exe
    3⤵
    PID:10128
  - - C:\Windows\SysWOW64\Ngjkfd32.exe
      C:\Windows\system32\Ngjkfd32.exe
      4⤵
      PID:6844
    - - C:\Windows\SysWOW64\Pfoann32.exe
        
        C:\Windows\system32\Pfoann32.exe
        5⤵
        
        PID:8676
      - C:\Windows\SysWOW64\Aajhndkb.exe
        
        C:\Windows\system32\Aajhndkb.exe
        6⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\Akdilipp.exe
        
        C:\Windows\system32\Akdilipp.exe
        7⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\Bhblllfo.exe
        
        C:\Windows\system32\Bhblllfo.exe
        8⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\Cnaaib32.exe
        
        C:\Windows\system32\Cnaaib32.exe
        9⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\Cglbhhga.exe
        
        C:\Windows\system32\Cglbhhga.exe
        10⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\Eqgmmk32.exe
        
        C:\Windows\system32\Eqgmmk32.exe
        11⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\Gngeik32.exe
        
        C:\Windows\system32\Gngeik32.exe
        12⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\Hpmhdmea.exe
        
        C:\Windows\system32\Hpmhdmea.exe
        13⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\Ilkoim32.exe
        
        C:\Windows\system32\Ilkoim32.exe
        14⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Lhqefjpo.exe
        
        C:\Windows\system32\Lhqefjpo.exe
        15⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\Nbnlaldg.exe
        
        C:\Windows\system32\Nbnlaldg.exe
        16⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\Ncbafoge.exe
        
        C:\Windows\system32\Ncbafoge.exe
        17⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\Oifppdpd.exe
        
        C:\Windows\system32\Oifppdpd.exe
        18⤵
        
        PID:13924
        
        C:\Windows\SysWOW64\Qclmck32.exe
        
        C:\Windows\system32\Qclmck32.exe
        19⤵
        
        PID:14648
        
        C:\Windows\SysWOW64\Amikgpcc.exe
        
        C:\Windows\system32\Amikgpcc.exe
        20⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\Cmpjoloh.exe
        
        C:\Windows\system32\Cmpjoloh.exe
        21⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\Dggkipii.exe
        
        C:\Windows\system32\Dggkipii.exe
        22⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\Fjjjgh32.exe
        
        C:\Windows\system32\Fjjjgh32.exe
        23⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\Gglfbkin.exe
        
        C:\Windows\system32\Gglfbkin.exe
        24⤵
        
        PID:15892
        
        C:\Windows\SysWOW64\Iencmm32.exe
        
        C:\Windows\system32\Iencmm32.exe
        25⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\Jhfbog32.exe
        
        C:\Windows\system32\Jhfbog32.exe
        26⤵
        
        PID:15104
        
        C:\Windows\SysWOW64\Khihld32.exe
        
        C:\Windows\system32\Khihld32.exe
        27⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\Mekdffee.exe
        
        C:\Windows\system32\Mekdffee.exe
        28⤵
        
        PID:16224
- - C:\Users\Admin\Downloads\241004-q6vtvsxeml139da890326017d4e43602cc58c64090_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q6vtvsxeml139da890326017d4e43602cc58c64090_JaffaCakes118.exe
    3⤵
    PID:10140
- - C:\Users\Admin\Downloads\241004-q99r7axfrl15828ecdc731d256e569d6251c813563aad3c344c72e655079ad873ba4a0551dN.exe
    C:\Users\Admin\Downloads\241004-q99r7axfrl15828ecdc731d256e569d6251c813563aad3c344c72e655079ad873ba4a0551dN.exe
    3⤵
    PID:10152
  - - C:\Windows\SysWOW64\Nncccnol.exe
      C:\Windows\system32\Nncccnol.exe
      4⤵
      PID:9544
    - - C:\Windows\SysWOW64\Ompfej32.exe
        
        C:\Windows\system32\Ompfej32.exe
        5⤵
        
        PID:9252
      - C:\Windows\SysWOW64\Pdmdnadc.exe
        
        C:\Windows\system32\Pdmdnadc.exe
        6⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\Aogbfi32.exe
        
        C:\Windows\system32\Aogbfi32.exe
        7⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\Bdagpnbk.exe
        
        C:\Windows\system32\Bdagpnbk.exe
        8⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\Cdkifmjq.exe
        
        C:\Windows\system32\Cdkifmjq.exe
        9⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\Caageq32.exe
        
        C:\Windows\system32\Caageq32.exe
        10⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\Dolmodpi.exe
        
        C:\Windows\system32\Dolmodpi.exe
        11⤵
        
        PID:8460
- - C:\Users\Admin\Downloads\241004-q8qmxssaja13a058d3f4957bd8e0cbb5f0cee2a19f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q8qmxssaja13a058d3f4957bd8e0cbb5f0cee2a19f_JaffaCakes118.exe
    3⤵
    PID:10164
- - C:\Users\Admin\Downloads\241004-q9p3saxfnr13a1bbd889568a82d0bfb40250cbf405_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q9p3saxfnr13a1bbd889568a82d0bfb40250cbf405_JaffaCakes118.exe
    3⤵
    PID:10176
- - C:\Users\Admin\Downloads\241004-rb4nysxgpn201f24e2ca5240f2833cf099137f0d899d83b48055ffa3c89a5c7cf86dcecabdN.exe
    C:\Users\Admin\Downloads\241004-rb4nysxgpn201f24e2ca5240f2833cf099137f0d899d83b48055ffa3c89a5c7cf86dcecabdN.exe
    3⤵
    PID:10188
  - - C:\Windows\SysWOW64\Nflkbanj.exe
      C:\Windows\system32\Nflkbanj.exe
      4⤵
      PID:6580
    - - C:\Windows\SysWOW64\Pnfiplog.exe
        
        C:\Windows\system32\Pnfiplog.exe
        5⤵
        
        PID:7208
- - C:\Users\Admin\Downloads\241004-q55yfa1gqb139c9029407b9b40b7c53d213d3a36fd_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q55yfa1gqb139c9029407b9b40b7c53d213d3a36fd_JaffaCakes118.exe
    3⤵
    PID:10200
- - C:\Users\Admin\Downloads\241004-q3jbnaxcqj956d73b7f041.exe
    C:\Users\Admin\Downloads\241004-q3jbnaxcqj956d73b7f041.exe
    3⤵
    PID:7032
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:8180
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:8436
- - C:\Users\Admin\Downloads\241004-q9g26ssalg94549f5c87b8ad3ff30787dd13fccf3bdc6cd5e8eaecd4eb2ef0f3f21d1e851dN.exe
    C:\Users\Admin\Downloads\241004-q9g26ssalg94549f5c87b8ad3ff30787dd13fccf3bdc6cd5e8eaecd4eb2ef0f3f21d1e851dN.exe
    3⤵
    PID:7636
  - - C:\Windows\SysWOW64\Npbceggm.exe
      C:\Windows\system32\Npbceggm.exe
      4⤵
      PID:7940
    - - C:\Windows\SysWOW64\Ojajin32.exe
        
        C:\Windows\system32\Ojajin32.exe
        5⤵
        
        PID:7988
      - C:\Windows\SysWOW64\Pjkmomfn.exe
        
        C:\Windows\system32\Pjkmomfn.exe
        6⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\Ahmjjoig.exe
        
        C:\Windows\system32\Ahmjjoig.exe
        7⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\Bgelgi32.exe
        
        C:\Windows\system32\Bgelgi32.exe
        8⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\Cammjakm.exe
        
        C:\Windows\system32\Cammjakm.exe
        9⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\Cocjiehd.exe
        
        C:\Windows\system32\Cocjiehd.exe
        10⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\Dhdbhifj.exe
        
        C:\Windows\system32\Dhdbhifj.exe
        11⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\Ehlhih32.exe
        
        C:\Windows\system32\Ehlhih32.exe
        12⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\Fbplml32.exe
        
        C:\Windows\system32\Fbplml32.exe
        13⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\Hpkknmgd.exe
        
        C:\Windows\system32\Hpkknmgd.exe
        14⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\Ilibdmgp.exe
        
        C:\Windows\system32\Ilibdmgp.exe
        15⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\Jblmgf32.exe
        
        C:\Windows\system32\Jblmgf32.exe
        16⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\Klpakj32.exe
        
        C:\Windows\system32\Klpakj32.exe
        17⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\Lhnhajba.exe
        
        C:\Windows\system32\Lhnhajba.exe
        18⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\Mhoahh32.exe
        
        C:\Windows\system32\Mhoahh32.exe
        19⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\Nqmojd32.exe
        
        C:\Windows\system32\Nqmojd32.exe
        20⤵
        
        PID:5724
- - C:\Users\Admin\Downloads\241004-q3mdba1fnf1398ebd14a7444f894f4a65832e95a30_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q3mdba1fnf1398ebd14a7444f894f4a65832e95a30_JaffaCakes118.exe
    3⤵
    PID:8332
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 532
      4⤵
      Program crash
      PID:9416
- - C:\Users\Admin\Downloads\241004-q6ms9a1grhx.exe
    C:\Users\Admin\Downloads\241004-q6ms9a1grhx.exe
    3⤵
    PID:8184
  - - C:\Users\Admin\Downloads\241004-q6ms9a1grhx.exe
      C:\Users\Admin\Downloads\241004-q6ms9a1grhx.exe
      4⤵
      PID:6552
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        5⤵
        
        PID:15748
    - - C:\Users\Admin\Downloads\241004-rdj3bsxhlp13a6f2c803d59a2a36d98a5e2e0deb81_JaffaCakes118.exe
        
        C:\Users\Admin\Downloads\241004-rdj3bsxhlp13a6f2c803d59a2a36d98a5e2e0deb81_JaffaCakes118.exe
        5⤵
        
        PID:17488
    - - C:\Users\Admin\Downloads\241004-rdvttsscnb61c9d6b52e034831203af78947b9eb2b05fa54cebda04f011c1806b592c6297eN.exe
        
        C:\Users\Admin\Downloads\241004-rdvttsscnb61c9d6b52e034831203af78947b9eb2b05fa54cebda04f011c1806b592c6297eN.exe
        5⤵
        
        PID:15248
      - C:\Windows\SysWOW64\Nnfkgp32.exe
        
        C:\Windows\system32\Nnfkgp32.exe
        6⤵
        
        PID:15372
- - C:\Users\Admin\Downloads\241004-q3vppa1fpd13997617c9f178e86f71605fa255a3dd_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q3vppa1fpd13997617c9f178e86f71605fa255a3dd_JaffaCakes118.exe
    3⤵
    PID:5604
- - C:\Users\Admin\Downloads\241004-q49j8sxdnlnoode.exe
    C:\Users\Admin\Downloads\241004-q49j8sxdnlnoode.exe
    3⤵
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\is-14BHO.tmp\241004-q49j8sxdnlnoode.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-14BHO.tmp\241004-q49j8sxdnlnoode.tmp" /SL5="$20506,4126447,54272,C:\Users\Admin\Downloads\241004-q49j8sxdnlnoode.exe"
      4⤵
      PID:9716
    - - C:\Users\Admin\AppData\Local\Gepard Fix MP3\gepardfixmp3_32.exe
        
        "C:\Users\Admin\AppData\Local\Gepard Fix MP3\gepardfixmp3_32.exe" -i
        5⤵
        
        PID:11396
- - C:\Users\Admin\Downloads\241004-q53s3sxejk139c5f570e5ef98cb017b4bb45127a79_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q53s3sxejk139c5f570e5ef98cb017b4bb45127a79_JaffaCakes118.exe
    3⤵
    PID:8908
- - C:\Users\Admin\Downloads\241004-q6wfdsxemmd78b1cf4698905b303244213baeeb74eb3b0b8dba578d7e9727c0d87d57228a1N.exe
    C:\Users\Admin\Downloads\241004-q6wfdsxemmd78b1cf4698905b303244213baeeb74eb3b0b8dba578d7e9727c0d87d57228a1N.exe
    3⤵
    PID:6708
  - - C:\Windows\SysWOW64\Bkgeainn.exe
      C:\Windows\system32\Bkgeainn.exe
      4⤵
      PID:3300
    - - C:\Windows\SysWOW64\Bmjkic32.exe
        
        C:\Windows\system32\Bmjkic32.exe
        5⤵
        
        PID:3356
      - C:\Windows\SysWOW64\Bajqda32.exe
        
        C:\Windows\system32\Bajqda32.exe
        6⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\Chkobkod.exe
        
        C:\Windows\system32\Chkobkod.exe
        7⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\Ebaplnie.exe
        
        C:\Windows\system32\Ebaplnie.exe
        8⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\Hiacacpg.exe
        
        C:\Windows\system32\Hiacacpg.exe
        9⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\Ilfennic.exe
        
        C:\Windows\system32\Ilfennic.exe
        10⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\Iondqhpl.exe
        
        C:\Windows\system32\Iondqhpl.exe
        11⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\Jikoopij.exe
        
        C:\Windows\system32\Jikoopij.exe
        12⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\Lhgkgijg.exe
        
        C:\Windows\system32\Lhgkgijg.exe
        13⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\Nfgklkoc.exe
        
        C:\Windows\system32\Nfgklkoc.exe
        14⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\Nfnamjhk.exe
        
        C:\Windows\system32\Nfnamjhk.exe
        15⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\Omalpc32.exe
        
        C:\Windows\system32\Omalpc32.exe
        16⤵
        
        PID:13972
        
        C:\Windows\SysWOW64\Paihlpfi.exe
        
        C:\Windows\system32\Paihlpfi.exe
        17⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\Qbonoghb.exe
        
        C:\Windows\system32\Qbonoghb.exe
        18⤵
        
        PID:14680
        
        C:\Windows\SysWOW64\Acccdj32.exe
        
        C:\Windows\system32\Acccdj32.exe
        19⤵
        
        PID:3772
- - C:\Users\Admin\Downloads\241004-q2ayws1erb13969c922c2fe9bc60b3496289976812_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q2ayws1erb13969c922c2fe9bc60b3496289976812_JaffaCakes118.exe
    3⤵
    PID:8212
- - C:\Users\Admin\Downloads\241004-q1qmys1epe9278d79e1f68010a0325cca9494f9c698188b03f3db397eba64f12fb45d4c361N.exe
    C:\Users\Admin\Downloads\241004-q1qmys1epe9278d79e1f68010a0325cca9494f9c698188b03f3db397eba64f12fb45d4c361N.exe
    3⤵
    PID:7144
- - C:\Users\Admin\Downloads\241004-q1sgjs1epf1395da228c12f45e8237f186b79f5553_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q1sgjs1epf1395da228c12f45e8237f186b79f5553_JaffaCakes118.exe
    3⤵
    PID:7348
- - C:\Users\Admin\Downloads\241004-q2z8sa1fkh1397be90245e4827118d51bb586d4e64_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q2z8sa1fkh1397be90245e4827118d51bb586d4e64_JaffaCakes118.exe
    3⤵
    PID:9604
- - C:\Users\Admin\Downloads\241004-q85f3sxfmj717b86323f43141cb4b6048dc1d193ef0aac0042be933f464e79ab7d666c2518N.exe
    C:\Users\Admin\Downloads\241004-q85f3sxfmj717b86323f43141cb4b6048dc1d193ef0aac0042be933f464e79ab7d666c2518N.exe
    3⤵
    PID:9636
  - - C:\Windows\SysWOW64\Fdnhih32.exe
      C:\Windows\system32\Fdnhih32.exe
      4⤵
      PID:11092
    - - C:\Windows\SysWOW64\Iijfhbhl.exe
        
        C:\Windows\system32\Iijfhbhl.exe
        5⤵
        
        PID:9096
      - C:\Windows\SysWOW64\Kbhmbdle.exe
        
        C:\Windows\system32\Kbhmbdle.exe
        6⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\Mbdiknlb.exe
        
        C:\Windows\system32\Mbdiknlb.exe
        7⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\Obqanjdb.exe
        
        C:\Windows\system32\Obqanjdb.exe
        8⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\Pblajhje.exe
        
        C:\Windows\system32\Pblajhje.exe
        9⤵
        
        PID:14460
        
        C:\Windows\SysWOW64\Qikbaaml.exe
        
        C:\Windows\system32\Qikbaaml.exe
        10⤵
        
        PID:15272
        
        C:\Windows\SysWOW64\Cildom32.exe
        
        C:\Windows\system32\Cildom32.exe
        11⤵
        
        PID:15268
        
        C:\Windows\SysWOW64\Dickplko.exe
        
        C:\Windows\system32\Dickplko.exe
        12⤵
        
        PID:14520
        
        C:\Windows\SysWOW64\Ekimjn32.exe
        
        C:\Windows\system32\Ekimjn32.exe
        13⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\Gkcigjel.exe
        
        C:\Windows\system32\Gkcigjel.exe
        14⤵
        
        PID:15720
        
        C:\Windows\SysWOW64\Iapjgo32.exe
        
        C:\Windows\system32\Iapjgo32.exe
        15⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\Jhkljfok.exe
        
        C:\Windows\system32\Jhkljfok.exe
        16⤵
        
        PID:15516
        
        C:\Windows\SysWOW64\Khkdad32.exe
        
        C:\Windows\system32\Khkdad32.exe
        17⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\Nhgmcp32.exe
        
        C:\Windows\system32\Nhgmcp32.exe
        18⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\Ohcmpn32.exe
        
        C:\Windows\system32\Ohcmpn32.exe
        19⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\Ooangh32.exe
        
        C:\Windows\system32\Ooangh32.exe
        20⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\Pbddobla.exe
        
        C:\Windows\system32\Pbddobla.exe
        21⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\Bpbpecen.exe
        
        C:\Windows\system32\Bpbpecen.exe
        22⤵
        
        PID:16916
        
        C:\Windows\SysWOW64\Cbhbbn32.exe
        
        C:\Windows\system32\Cbhbbn32.exe
        23⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\Cmbpjfij.exe
        
        C:\Windows\system32\Cmbpjfij.exe
        24⤵
        
        PID:16376
        
        C:\Windows\SysWOW64\Eepkkefp.exe
        
        C:\Windows\system32\Eepkkefp.exe
        25⤵
        
        PID:18204
        
        C:\Windows\SysWOW64\Fcbgfhii.exe
        
        C:\Windows\system32\Fcbgfhii.exe
        26⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\Gdfmkjlg.exe
        
        C:\Windows\system32\Gdfmkjlg.exe
        27⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\Imnjbhaa.exe
        
        C:\Windows\system32\Imnjbhaa.exe
        28⤵
        
        PID:19144
        
        C:\Windows\SysWOW64\Knifging.exe
        
        C:\Windows\system32\Knifging.exe
        29⤵
        
        PID:18920
        
        C:\Windows\SysWOW64\Kmbmdeoj.exe
        
        C:\Windows\system32\Kmbmdeoj.exe
        30⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\Lhogamih.exe
        
        C:\Windows\system32\Lhogamih.exe
        31⤵
        
        PID:8172
- - C:\Users\Admin\Downloads\241004-q31kyaxdjpa3966a678837a654d04f0b1c902de93da6ce06ce38720de475ac59239274a875N.exe
    C:\Users\Admin\Downloads\241004-q31kyaxdjpa3966a678837a654d04f0b1c902de93da6ce06ce38720de475ac59239274a875N.exe
    3⤵
    PID:2768
- - C:\Users\Admin\Downloads\241004-q27mvs1flgc1bbc886f9825d042e25f44f6f8fb1e9ebe667f2dc6e5e422a8fb7a5e899f024N.exe
    C:\Users\Admin\Downloads\241004-q27mvs1flgc1bbc886f9825d042e25f44f6f8fb1e9ebe667f2dc6e5e422a8fb7a5e899f024N.exe
    3⤵
    PID:9392
  - - C:\Windows\SysWOW64\Fgmdec32.exe
      C:\Windows\system32\Fgmdec32.exe
      4⤵
      PID:10368
    - - C:\Windows\SysWOW64\Ieojgc32.exe
        
        C:\Windows\system32\Ieojgc32.exe
        5⤵
        
        PID:3204
      - C:\Windows\SysWOW64\Klndfj32.exe
        
        C:\Windows\system32\Klndfj32.exe
        6⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\Mhldbh32.exe
        
        C:\Windows\system32\Mhldbh32.exe
        7⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\Mqjbddpl.exe
        
        C:\Windows\system32\Mqjbddpl.exe
        8⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\Oiagde32.exe
        
        C:\Windows\system32\Oiagde32.exe
        9⤵
        
        PID:13532
        
        C:\Windows\SysWOW64\Oqoefand.exe
        
        C:\Windows\system32\Oqoefand.exe
        10⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\Pakdbp32.exe
        
        C:\Windows\system32\Pakdbp32.exe
        11⤵
        
        PID:14356
        
        C:\Windows\SysWOW64\Afappe32.exe
        
        C:\Windows\system32\Afappe32.exe
        12⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\Bkkhbb32.exe
        
        C:\Windows\system32\Bkkhbb32.exe
        13⤵
        
        PID:14628
        
        C:\Windows\SysWOW64\Cmedjl32.exe
        
        C:\Windows\system32\Cmedjl32.exe
        14⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\Dpjfgf32.exe
        
        C:\Windows\system32\Dpjfgf32.exe
        15⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\Ejlnfjbd.exe
        
        C:\Windows\system32\Ejlnfjbd.exe
        16⤵
        
        PID:14888
        
        C:\Windows\SysWOW64\Gnaecedp.exe
        
        C:\Windows\system32\Gnaecedp.exe
        17⤵
        
        PID:15780
        
        C:\Windows\SysWOW64\Hnkhjdle.exe
        
        C:\Windows\system32\Hnkhjdle.exe
        18⤵
        
        PID:16288
        
        C:\Windows\SysWOW64\Ieeimlep.exe
        
        C:\Windows\system32\Ieeimlep.exe
        19⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\Kehojiej.exe
        
        C:\Windows\system32\Kehojiej.exe
        20⤵
        
        PID:14760
        
        C:\Windows\SysWOW64\Mkepineo.exe
        
        C:\Windows\system32\Mkepineo.exe
        21⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\Mepnaf32.exe
        
        C:\Windows\system32\Mepnaf32.exe
        22⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\Ncjdki32.exe
        
        C:\Windows\system32\Ncjdki32.exe
        23⤵
        
        PID:15768
        
        C:\Windows\SysWOW64\Pfeijqqe.exe
        
        C:\Windows\system32\Pfeijqqe.exe
        24⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\Afceko32.exe
        
        C:\Windows\system32\Afceko32.exe
        25⤵
        
        PID:16476
        
        C:\Windows\SysWOW64\Blknpdho.exe
        
        C:\Windows\system32\Blknpdho.exe
        26⤵
        
        PID:17244
        
        C:\Windows\SysWOW64\Cbmlmmjd.exe
        
        C:\Windows\system32\Cbmlmmjd.exe
        27⤵
        
        PID:14492
        
        C:\Windows\SysWOW64\Egmjpi32.exe
        
        C:\Windows\system32\Egmjpi32.exe
        28⤵
        
        PID:18156
- - C:\Users\Admin\Downloads\241004-q7eh9sxepl139e3b290647da54c526aebb23dbee2a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q7eh9sxepl139e3b290647da54c526aebb23dbee2a_JaffaCakes118.exe
    3⤵
    PID:6416
- - C:\Users\Admin\Downloads\241004-q3jbnaxcqka43486128347.exe
    C:\Users\Admin\Downloads\241004-q3jbnaxcqka43486128347.exe
    3⤵
    PID:1980
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:9312
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 268
      4⤵
      Program crash
      PID:13992
- - C:\Users\Admin\Downloads\241004-rceffsxgqmdce0eae15485546e307d571517c490a12de176455b9a395fe9973581581b1058N.exe
    C:\Users\Admin\Downloads\241004-rceffsxgqmdce0eae15485546e307d571517c490a12de176455b9a395fe9973581581b1058N.exe
    3⤵
    PID:8668
- - C:\Users\Admin\Downloads\241004-q34ycs1fqff2e7fcb20146.exe
    C:\Users\Admin\Downloads\241004-q34ycs1fqff2e7fcb20146.exe
    3⤵
    PID:7364
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:4032
- - C:\Users\Admin\Downloads\241004-q3blta1fmd13986895d0e4721a7800536db404f75e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q3blta1fmd13986895d0e4721a7800536db404f75e_JaffaCakes118.exe
    3⤵
    PID:9596
- - C:\Users\Admin\Downloads\241004-q3yrca1fqa2024-10-04_f3f68e11e7a6f8b2320bd3bc9e92a5a3_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    C:\Users\Admin\Downloads\241004-q3yrca1fqa2024-10-04_f3f68e11e7a6f8b2320bd3bc9e92a5a3_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    3⤵
    PID:8480
- - C:\Users\Admin\Downloads\241004-q2wkla1fkb13979679d89a954441eba77d70318f8e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q2wkla1fkb13979679d89a954441eba77d70318f8e_JaffaCakes118.exe
    3⤵
    PID:7360
  - - C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      4⤵
      PID:4560
- - C:\Users\Admin\Downloads\241004-q1wh7sxbrm1395f8b044ea3fe54765cdf4bf5d242a_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q1wh7sxbrm1395f8b044ea3fe54765cdf4bf5d242a_JaffaCakes118.exe
    3⤵
    PID:9700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 496
      4⤵
      Program crash
      PID:7772
- - C:\Users\Admin\Downloads\241004-q3fkrsxcpq1398913534535bb79a1e064dbd03a666_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q3fkrsxcpq1398913534535bb79a1e064dbd03a666_JaffaCakes118.exe
    3⤵
    PID:5152
- - C:\Users\Admin\Downloads\241004-q9s5fasanea3948cf8dae7e04fffe3f3cc87958124813406cc64cf11c1a2144f064a6e9846N.exe
    C:\Users\Admin\Downloads\241004-q9s5fasanea3948cf8dae7e04fffe3f3cc87958124813406cc64cf11c1a2144f064a6e9846N.exe
    3⤵
    PID:6096
  - - C:\Windows\SysWOW64\Enhpao32.exe
      C:\Windows\system32\Enhpao32.exe
      4⤵
      PID:10444
- - C:\Users\Admin\Downloads\241004-q1cfbs1enbde2763fa8f6475880b5493aa5a45861423a07ebd87ccf10694553be0e02a673eN.exe
    C:\Users\Admin\Downloads\241004-q1cfbs1enbde2763fa8f6475880b5493aa5a45861423a07ebd87ccf10694553be0e02a673eN.exe
    3⤵
    PID:8624
  - - \??\c:\1jppj.exe
      c:\1jppj.exe
      4⤵
      PID:11116
    - - \??\c:\rffxrrl.exe
        
        c:\rffxrrl.exe
        5⤵
        
        PID:11168
      - \??\c:\thnnnt.exe
        
        c:\thnnnt.exe
        6⤵
        
        PID:12204
        
        \??\c:\nnttbb.exe
        
        c:\nnttbb.exe
        7⤵
        
        PID:12860
        
        \??\c:\djpjd.exe
        
        c:\djpjd.exe
        8⤵
        
        PID:10640
        
        \??\c:\nttthh.exe
        
        c:\nttthh.exe
        9⤵
        
        PID:14736
        
        \??\c:\rrlffxr.exe
        
        c:\rrlffxr.exe
        10⤵
        
        PID:15208
        
        \??\c:\nnhbtt.exe
        
        c:\nnhbtt.exe
        11⤵
        
        PID:4244
        
        \??\c:\7bnnhh.exe
        
        c:\7bnnhh.exe
        12⤵
        
        PID:15816
        
        \??\c:\bhbtnn.exe
        
        c:\bhbtnn.exe
        13⤵
        
        PID:16296
        
        \??\c:\jvjvj.exe
        
        c:\jvjvj.exe
        14⤵
        
        PID:2396
        
        \??\c:\tbhbtn.exe
        
        c:\tbhbtn.exe
        15⤵
        
        PID:15648
        
        \??\c:\jjppp.exe
        
        c:\jjppp.exe
        16⤵
        
        PID:15888
        
        \??\c:\3ppjj.exe
        
        c:\3ppjj.exe
        17⤵
        
        PID:15788
        
        \??\c:\5ttnnn.exe
        
        c:\5ttnnn.exe
        18⤵
        
        PID:11600
        
        \??\c:\vvvpd.exe
        
        c:\vvvpd.exe
        19⤵
        
        PID:14588
        
        \??\c:\5lfxrll.exe
        
        c:\5lfxrll.exe
        20⤵
        
        PID:16260
        
        \??\c:\jpdjp.exe
        
        c:\jpdjp.exe
        21⤵
        
        PID:15420
        
        \??\c:\5hnnhn.exe
        
        c:\5hnnhn.exe
        22⤵
        
        PID:16436
        
        \??\c:\tnbbbh.exe
        
        c:\tnbbbh.exe
        23⤵
        
        PID:17092
        
        \??\c:\5bbnnn.exe
        
        c:\5bbnnn.exe
        24⤵
        
        PID:14476
        
        \??\c:\ttttnh.exe
        
        c:\ttttnh.exe
        25⤵
        
        PID:16468
        
        \??\c:\vjppp.exe
        
        c:\vjppp.exe
        26⤵
        
        PID:19024
        
        \??\c:\frxxxll.exe
        
        c:\frxxxll.exe
        27⤵
        
        PID:8784
        
        \??\c:\pjvvj.exe
        
        c:\pjvvj.exe
        28⤵
        
        PID:18548
        
        \??\c:\fffxrrr.exe
        
        c:\fffxrrr.exe
        29⤵
        
        PID:18976
        
        \??\c:\vpjvj.exe
        
        c:\vpjvj.exe
        30⤵
        
        PID:18348
- - C:\Users\Admin\Downloads\241004-q3d2yaxcpp112ffec168f27e35ee2b55fc1dc2b50ae8e422249cbce9d4eac97c693e9de9c4N.exe
    C:\Users\Admin\Downloads\241004-q3d2yaxcpp112ffec168f27e35ee2b55fc1dc2b50ae8e422249cbce9d4eac97c693e9de9c4N.exe
    3⤵
    PID:9356
  - - C:\Windows\SysWOW64\Fkmjaa32.exe
      C:\Windows\system32\Fkmjaa32.exe
      4⤵
      PID:8268
    - - C:\Windows\SysWOW64\Hnibokbd.exe
        
        C:\Windows\system32\Hnibokbd.exe
        5⤵
        
        PID:10424
      - C:\Windows\SysWOW64\Hemmac32.exe
        
        C:\Windows\system32\Hemmac32.exe
        6⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\Iolhkh32.exe
        
        C:\Windows\system32\Iolhkh32.exe
        7⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\Kcoccc32.exe
        
        C:\Windows\system32\Kcoccc32.exe
        8⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\Loofnccf.exe
        
        C:\Windows\system32\Loofnccf.exe
        9⤵
        
        PID:3080
- - C:\Users\Admin\Downloads\241004-q9e8kssald3497d8d8fded711486313e7d8dd8962cd8c1f4c6973b3bcc9efa75bcaef3c4b4N.exe
    C:\Users\Admin\Downloads\241004-q9e8kssald3497d8d8fded711486313e7d8dd8962cd8c1f4c6973b3bcc9efa75bcaef3c4b4N.exe
    3⤵
    PID:8316
  - - C:\Windows\SysWOW64\Fkhpfbce.exe
      C:\Windows\system32\Fkhpfbce.exe
      4⤵
      PID:2372
    - - C:\Windows\SysWOW64\Jlbejloe.exe
        
        C:\Windows\system32\Jlbejloe.exe
        5⤵
        
        PID:11272
      - C:\Windows\SysWOW64\Jpegkj32.exe
        
        C:\Windows\system32\Jpegkj32.exe
        6⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\Nblolm32.exe
        
        C:\Windows\system32\Nblolm32.exe
        7⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\Nbbeml32.exe
        
        C:\Windows\system32\Nbbeml32.exe
        8⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\Oiccje32.exe
        
        C:\Windows\system32\Oiccje32.exe
        9⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\Pfagighf.exe
        
        C:\Windows\system32\Pfagighf.exe
        10⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\Pmphaaln.exe
        
        C:\Windows\system32\Pmphaaln.exe
        11⤵
        
        PID:14000
        
        C:\Windows\SysWOW64\Abfdpfaj.exe
        
        C:\Windows\system32\Abfdpfaj.exe
        12⤵
        
        PID:14416
        
        C:\Windows\SysWOW64\Bkmeha32.exe
        
        C:\Windows\system32\Bkmeha32.exe
        13⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\Ckidcpjl.exe
        
        C:\Windows\system32\Ckidcpjl.exe
        14⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\Epffbd32.exe
        
        C:\Windows\system32\Epffbd32.exe
        15⤵
        
        PID:14456
        
        C:\Windows\SysWOW64\Gjficg32.exe
        
        C:\Windows\system32\Gjficg32.exe
        16⤵
        
        PID:15728
        
        C:\Windows\SysWOW64\Icogcjde.exe
        
        C:\Windows\system32\Icogcjde.exe
        17⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\Jjihfbno.exe
        
        C:\Windows\system32\Jjihfbno.exe
        18⤵
        
        PID:14148
        
        C:\Windows\SysWOW64\Lacijjgi.exe
        
        C:\Windows\system32\Lacijjgi.exe
        19⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\Mlbpma32.exe
        
        C:\Windows\system32\Mlbpma32.exe
        20⤵
        
        PID:15712
        
        C:\Windows\SysWOW64\Moefdljc.exe
        
        C:\Windows\system32\Moefdljc.exe
        21⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\Ndlacapp.exe
        
        C:\Windows\system32\Ndlacapp.exe
        22⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\Pofhbgmn.exe
        
        C:\Windows\system32\Pofhbgmn.exe
        23⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\Piceflpi.exe
        
        C:\Windows\system32\Piceflpi.exe
        24⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\Bcbeqaia.exe
        
        C:\Windows\system32\Bcbeqaia.exe
        25⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\Edoncm32.exe
        
        C:\Windows\system32\Edoncm32.exe
        26⤵
        
        PID:18028
        
        C:\Windows\SysWOW64\Fneoma32.exe
        
        C:\Windows\system32\Fneoma32.exe
        27⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\Hnhdjn32.exe
        
        C:\Windows\system32\Hnhdjn32.exe
        28⤵
        
        PID:19132
        
        C:\Windows\SysWOW64\Jmpgghoo.exe
        
        C:\Windows\system32\Jmpgghoo.exe
        29⤵
        
        PID:18652
        
        C:\Windows\SysWOW64\Knkcmild.exe
        
        C:\Windows\system32\Knkcmild.exe
        30⤵
        
        PID:16520
        
        C:\Windows\SysWOW64\Nejgbn32.exe
        
        C:\Windows\system32\Nejgbn32.exe
        31⤵
        
        PID:1228
- - C:\Users\Admin\Downloads\241004-q6atpa1gqe8636b62acbf2de6f1559c2afb2ee63416a5a75b5a49f839944b541de45efb2d6N.exe
    C:\Users\Admin\Downloads\241004-q6atpa1gqe8636b62acbf2de6f1559c2afb2ee63416a5a75b5a49f839944b541de45efb2d6N.exe
    3⤵
    PID:2212
- - C:\Users\Admin\Downloads\241004-q1ynkaxbrn2024-10-04_f7abce7e19b841350e4fc57f8bc85e9d_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\241004-q1ynkaxbrn2024-10-04_f7abce7e19b841350e4fc57f8bc85e9d_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:7008
  - - C:\Windows\System\jTVRyRJ.exe
      C:\Windows\System\jTVRyRJ.exe
      4⤵
      PID:8584
  - - C:\Windows\System\udwKfKB.exe
      C:\Windows\System\udwKfKB.exe
      4⤵
      PID:6740
  - - C:\Windows\System\bnzBrzV.exe
      C:\Windows\System\bnzBrzV.exe
      4⤵
      PID:10076
  - - C:\Windows\System\iOJYHaF.exe
      C:\Windows\System\iOJYHaF.exe
      4⤵
      PID:10700
  - - C:\Windows\System\YIXSdEY.exe
      C:\Windows\System\YIXSdEY.exe
      4⤵
      PID:7080
  - - C:\Windows\System\RfHvZUE.exe
      C:\Windows\System\RfHvZUE.exe
      4⤵
      PID:8724
  - - C:\Windows\System\EwnEkMu.exe
      C:\Windows\System\EwnEkMu.exe
      4⤵
      PID:8508
  - - C:\Windows\System\BFfbwFH.exe
      C:\Windows\System\BFfbwFH.exe
      4⤵
      PID:10544
  - - C:\Windows\System\fhKmQUW.exe
      C:\Windows\System\fhKmQUW.exe
      4⤵
      PID:11128
  - - C:\Windows\System\SvnKkwY.exe
      C:\Windows\System\SvnKkwY.exe
      4⤵
      PID:10472
  - - C:\Windows\System\KVwhDKi.exe
      C:\Windows\System\KVwhDKi.exe
      4⤵
      PID:11252
  - - C:\Windows\System\jivFnSR.exe
      C:\Windows\System\jivFnSR.exe
      4⤵
      PID:9620
  - - C:\Windows\System\EJVHLde.exe
      C:\Windows\System\EJVHLde.exe
      4⤵
      PID:8740
  - - C:\Windows\System\NQbiXjZ.exe
      C:\Windows\System\NQbiXjZ.exe
      4⤵
      PID:6416
  - - C:\Windows\System\FVtspIc.exe
      C:\Windows\System\FVtspIc.exe
      4⤵
      PID:11868
  - - C:\Windows\System\wmqNKVJ.exe
      C:\Windows\System\wmqNKVJ.exe
      4⤵
      PID:11920
  - - C:\Windows\System\GuScJmU.exe
      C:\Windows\System\GuScJmU.exe
      4⤵
      PID:11968
  - - C:\Windows\System\LUUOODX.exe
      C:\Windows\System\LUUOODX.exe
      4⤵
      PID:12024
  - - C:\Windows\System\hQjzUDJ.exe
      C:\Windows\System\hQjzUDJ.exe
      4⤵
      PID:12056
  - - C:\Windows\System\gQjnxdt.exe
      C:\Windows\System\gQjnxdt.exe
      4⤵
      PID:12108
  - - C:\Windows\System\ZfsnlKB.exe
      C:\Windows\System\ZfsnlKB.exe
      4⤵
      PID:12180
- - C:\Users\Admin\Downloads\241004-q1lc8sxbpp2024-10-04_f3f68e11e7a6f8b2320bd3bc9e92a5a3_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    C:\Users\Admin\Downloads\241004-q1lc8sxbpp2024-10-04_f3f68e11e7a6f8b2320bd3bc9e92a5a3_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    3⤵
    PID:7928
- - C:\Users\Admin\Downloads\241004-q1fsraxbpjinjector nova.exe
    "C:\Users\Admin\Downloads\241004-q1fsraxbpjinjector nova.exe"
    3⤵
    PID:9492
  - - C:\Users\Admin\Downloads\241004-q1fsraxbpjinjector nova.exe
      "C:\Users\Admin\Downloads\241004-q1fsraxbpjinjector nova.exe"
      4⤵
      PID:10860
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\241004-q1fsraxbpjinjector nova.exe'"
        5⤵
        
        PID:13864
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
        5⤵
        
        PID:13824
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:15632
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'"
        5⤵
        
        PID:13164
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "start bound.exe"
        5⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\bound.exe
        
        bound.exe
        6⤵
        
        PID:7256
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:14528
      - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        6⤵
        Enumerates processes with tasklist
        
        PID:7148
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:13480
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:18008
- - C:\Users\Admin\Downloads\241004-qzv62sxblpnoode.exe
    C:\Users\Admin\Downloads\241004-qzv62sxblpnoode.exe
    3⤵
    PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\is-D3I58.tmp\241004-qzv62sxblpnoode.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-D3I58.tmp\241004-qzv62sxblpnoode.tmp" /SL5="$205A6,4126447,54272,C:\Users\Admin\Downloads\241004-qzv62sxblpnoode.exe"
      4⤵
      PID:10500
- - C:\Users\Admin\Downloads\241004-q2myfsxclpea97b04bcc43e31041abc7085707e8ad3acb53ae8d590cfb660feb90a15599feN.exe
    C:\Users\Admin\Downloads\241004-q2myfsxclpea97b04bcc43e31041abc7085707e8ad3acb53ae8d590cfb660feb90a15599feN.exe
    3⤵
    PID:10784
  - - C:\Windows\SysWOW64\Iogopi32.exe
      C:\Windows\system32\Iogopi32.exe
      4⤵
      PID:4028
    - - C:\Windows\SysWOW64\Jaonbc32.exe
        
        C:\Windows\system32\Jaonbc32.exe
        5⤵
        
        PID:11448
      - C:\Windows\SysWOW64\Lpepbgbd.exe
        
        C:\Windows\system32\Lpepbgbd.exe
        6⤵
        
        PID:11588
- - C:\Users\Admin\Downloads\241004-q16zya1eqf139673355f819820b50a34fbe754f29d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q16zya1eqf139673355f819820b50a34fbe754f29d_JaffaCakes118.exe
    3⤵
    PID:11236
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 752
      4⤵
      Program crash
      PID:4596
- - C:\Users\Admin\Downloads\241004-q2b6ys1erc1396b354a76f6b53e90cd40d6e6cf38f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q2b6ys1erc1396b354a76f6b53e90cd40d6e6cf38f_JaffaCakes118.exe
    3⤵
    PID:4940
- - C:\Users\Admin\Downloads\241004-q185asxcjqa251413953357b9c92904f985f9a2b2ab7e0d2bb0cfbac551a720eb2f67d6042.exe
    C:\Users\Admin\Downloads\241004-q185asxcjqa251413953357b9c92904f985f9a2b2ab7e0d2bb0cfbac551a720eb2f67d6042.exe
    3⤵
    PID:7936
  - - C:\Windows\SysWOW64\Jhifomdj.exe
      C:\Windows\system32\Jhifomdj.exe
      4⤵
      PID:11496
    - - C:\Windows\SysWOW64\Kidben32.exe
        
        C:\Windows\system32\Kidben32.exe
        5⤵
        
        PID:10936
      - C:\Windows\SysWOW64\Lafmjp32.exe
        
        C:\Windows\system32\Lafmjp32.exe
        6⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\Mpeiie32.exe
        
        C:\Windows\system32\Mpeiie32.exe
        7⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\Nckkfp32.exe
        
        C:\Windows\system32\Nckkfp32.exe
        8⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\Ojcpdg32.exe
        
        C:\Windows\system32\Ojcpdg32.exe
        9⤵
        
        PID:13892
        
        C:\Windows\SysWOW64\Qamago32.exe
        
        C:\Windows\system32\Qamago32.exe
        10⤵
        
        PID:14552
        
        C:\Windows\SysWOW64\Afcmfe32.exe
        
        C:\Windows\system32\Afcmfe32.exe
        11⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\Dgpeha32.exe
        
        C:\Windows\system32\Dgpeha32.exe
        12⤵
        
        PID:13968
        
        C:\Windows\SysWOW64\Djegekil.exe
        
        C:\Windows\system32\Djegekil.exe
        13⤵
        
        PID:14784
        
        C:\Windows\SysWOW64\Ecgodpgb.exe
        
        C:\Windows\system32\Ecgodpgb.exe
        14⤵
        
        PID:15220
        
        C:\Windows\SysWOW64\Haidfpki.exe
        
        C:\Windows\system32\Haidfpki.exe
        15⤵
        
        PID:16336
        
        C:\Windows\SysWOW64\Jehfcl32.exe
        
        C:\Windows\system32\Jehfcl32.exe
        16⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\Lefkkg32.exe
        
        C:\Windows\system32\Lefkkg32.exe
        17⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\Nfiagd32.exe
        
        C:\Windows\system32\Nfiagd32.exe
        18⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\Nkjckkcg.exe
        
        C:\Windows\system32\Nkjckkcg.exe
        19⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\Pofhbgmn.exe
        
        C:\Windows\system32\Pofhbgmn.exe
        20⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\Abpcja32.exe
        
        C:\Windows\system32\Abpcja32.exe
        21⤵
        
        PID:15684
        
        C:\Windows\SysWOW64\Blgddd32.exe
        
        C:\Windows\system32\Blgddd32.exe
        22⤵
        
        PID:16876
        
        C:\Windows\SysWOW64\Cifdjg32.exe
        
        C:\Windows\system32\Cifdjg32.exe
        23⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\Eebgqe32.exe
        
        C:\Windows\system32\Eebgqe32.exe
        24⤵
        
        PID:18336
        
        C:\Windows\SysWOW64\Gfgjbb32.exe
        
        C:\Windows\system32\Gfgjbb32.exe
        25⤵
        
        PID:17044
        
        C:\Windows\SysWOW64\Kfdklllb.exe
        
        C:\Windows\system32\Kfdklllb.exe
        26⤵
        
        PID:19400
        
        C:\Windows\SysWOW64\Ldoafodd.exe
        
        C:\Windows\system32\Ldoafodd.exe
        27⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\Nkpijfgf.exe
        
        C:\Windows\system32\Nkpijfgf.exe
        28⤵
        
        PID:14224
- - C:\Users\Admin\Downloads\241004-q2xsnaxcnj1397a0ebd0e382dbbe670a0bb058898b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q2xsnaxcnj1397a0ebd0e382dbbe670a0bb058898b_JaffaCakes118.exe
    3⤵
    PID:11460
- - C:\Users\Admin\Downloads\241004-q7kqaaxepr139e60fe7461c379c107276d75fe0435_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q7kqaaxepr139e60fe7461c379c107276d75fe0435_JaffaCakes118.exe
    3⤵
    PID:10904
- - C:\Users\Admin\Downloads\241004-q6knws1grd139d2bc7e599c3f4dfdb7b1e42e63f96_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q6knws1grd139d2bc7e599c3f4dfdb7b1e42e63f96_JaffaCakes118.exe
    3⤵
    PID:12556
- - C:\Users\Admin\Downloads\241004-q4g5zs1frh66a7062d36b0c92630eb56ee96c87d7d81e37004f1c534637570253396a6fe4dN.exe
    C:\Users\Admin\Downloads\241004-q4g5zs1frh66a7062d36b0c92630eb56ee96c87d7d81e37004f1c534637570253396a6fe4dN.exe
    3⤵
    PID:13520
  - - C:\Windows\SysWOW64\Omdieb32.exe
      C:\Windows\system32\Omdieb32.exe
      4⤵
      PID:12780
    - - C:\Windows\SysWOW64\Pbekii32.exe
        
        C:\Windows\system32\Pbekii32.exe
        5⤵
        
        PID:10668
      - C:\Windows\SysWOW64\Pidlqb32.exe
        
        C:\Windows\system32\Pidlqb32.exe
        6⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\Abfdpfaj.exe
        
        C:\Windows\system32\Abfdpfaj.exe
        7⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\Bbfmgd32.exe
        
        C:\Windows\system32\Bbfmgd32.exe
        8⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\Dnljkk32.exe
        
        C:\Windows\system32\Dnljkk32.exe
        9⤵
        
        PID:14288
        
        C:\Windows\SysWOW64\Ggccllai.exe
        
        C:\Windows\system32\Ggccllai.exe
        10⤵
        
        PID:15488
        
        C:\Windows\SysWOW64\Hgeihiac.exe
        
        C:\Windows\system32\Hgeihiac.exe
        11⤵
        
        PID:14448
        
        C:\Windows\SysWOW64\Jblflp32.exe
        
        C:\Windows\system32\Jblflp32.exe
        12⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\Kkgdhp32.exe
        
        C:\Windows\system32\Kkgdhp32.exe
        13⤵
        
        PID:14368
        
        C:\Windows\SysWOW64\Maoifh32.exe
        
        C:\Windows\system32\Maoifh32.exe
        14⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\Nfiagd32.exe
        
        C:\Windows\system32\Nfiagd32.exe
        15⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\Pkklbh32.exe
        
        C:\Windows\system32\Pkklbh32.exe
        16⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\Pmoagk32.exe
        
        C:\Windows\system32\Pmoagk32.exe
        17⤵
        
        PID:14184
        
        C:\Windows\SysWOW64\Qpbgnecp.exe
        
        C:\Windows\system32\Qpbgnecp.exe
        18⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\Blnjecfl.exe
        
        C:\Windows\system32\Blnjecfl.exe
        19⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\Ecanojgl.exe
        
        C:\Windows\system32\Ecanojgl.exe
        20⤵
        
        PID:18080
        
        C:\Windows\SysWOW64\Flaiho32.exe
        
        C:\Windows\system32\Flaiho32.exe
        21⤵
        
        PID:15988
        
        C:\Windows\SysWOW64\Fpckjlje.exe
        
        C:\Windows\system32\Fpckjlje.exe
        22⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\Gglpgd32.exe
        
        C:\Windows\system32\Gglpgd32.exe
        23⤵
        
        PID:19000
        
        C:\Windows\SysWOW64\Iebfmfdg.exe
        
        C:\Windows\system32\Iebfmfdg.exe
        24⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\Jclljaei.exe
        
        C:\Windows\system32\Jclljaei.exe
        25⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\Lokldg32.exe
        
        C:\Windows\system32\Lokldg32.exe
        26⤵
        
        PID:668
- - C:\Users\Admin\Downloads\241004-q7tyys1hnf139ed6c317a9bc274096dbd45d243d33_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q7tyys1hnf139ed6c317a9bc274096dbd45d243d33_JaffaCakes118.exe
    3⤵
    PID:9168
- - C:\Users\Admin\Downloads\241004-q2exvaxckp1396db13296d605c7fde74041dc501b6_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q2exvaxckp1396db13296d605c7fde74041dc501b6_JaffaCakes118.exe
    3⤵
    PID:14576
- - C:\Users\Admin\Downloads\241004-qz8r5sxbmr7f3c2473d1e6.exe
    C:\Users\Admin\Downloads\241004-qz8r5sxbmr7f3c2473d1e6.exe
    3⤵
    PID:15312
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:13472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 15312 -s 280
      4⤵
      Program crash
      PID:15704
- - C:\Users\Admin\Downloads\241004-q2stps1fka7f3c2473d1e6.exe
    C:\Users\Admin\Downloads\241004-q2stps1fka7f3c2473d1e6.exe
    3⤵
    PID:15320
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:14968
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:15144
- - C:\Users\Admin\Downloads\241004-q8rvzssajc13a05cc3bcc17da5f27771bf4db9c241_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q8rvzssajc13a05cc3bcc17da5f27771bf4db9c241_JaffaCakes118.exe
    3⤵
    PID:15328
- - C:\Users\Admin\Downloads\241004-q2mmpa1fje13974a0f994a3a40a83d015a6c8b12da_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q2mmpa1fje13974a0f994a3a40a83d015a6c8b12da_JaffaCakes118.exe
    3⤵
    PID:15336
- - C:\Users\Admin\Downloads\241004-qz5eqa1eme2024-10-04_ed546107be5dc80340f00f8b88ef599e_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\241004-qz5eqa1eme2024-10-04_ed546107be5dc80340f00f8b88ef599e_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:15348
- - C:\Users\Admin\Downloads\241004-q1xq9s1eqc0671c4881e0cc9641f64b6b231256806bcc7b87d720ee4cb6fe472308affc20dN.exe
    C:\Users\Admin\Downloads\241004-q1xq9s1eqc0671c4881e0cc9641f64b6b231256806bcc7b87d720ee4cb6fe472308affc20dN.exe
    3⤵
    PID:15356
- - C:\Users\Admin\Downloads\241004-q6knws1gre5e17e8af6162052361aaa226335477c9785162a66c4e54d2bf25fb08d430b64dN.exe
    C:\Users\Admin\Downloads\241004-q6knws1gre5e17e8af6162052361aaa226335477c9785162a66c4e54d2bf25fb08d430b64dN.exe
    3⤵
    PID:13156
  - - C:\Windows\SysWOW64\Aaiqcnhg.exe
      C:\Windows\system32\Aaiqcnhg.exe
      4⤵
      PID:11752
    - - C:\Windows\SysWOW64\Dnljkk32.exe
        
        C:\Windows\system32\Dnljkk32.exe
        5⤵
        
        PID:7512
      - C:\Windows\SysWOW64\Gkoplk32.exe
        
        C:\Windows\system32\Gkoplk32.exe
        6⤵
        
        PID:15524
        
        C:\Windows\SysWOW64\Hnbnjc32.exe
        
        C:\Windows\system32\Hnbnjc32.exe
        7⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\Jlfhke32.exe
        
        C:\Windows\system32\Jlfhke32.exe
        8⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\Jjnaaa32.exe
        
        C:\Windows\system32\Jjnaaa32.exe
        9⤵
        
        PID:16236
        
        C:\Windows\SysWOW64\Lkiamp32.exe
        
        C:\Windows\system32\Lkiamp32.exe
        10⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\Lahbei32.exe
        
        C:\Windows\system32\Lahbei32.exe
        11⤵
        
        PID:15656
        
        C:\Windows\SysWOW64\Nfiagd32.exe
        
        C:\Windows\system32\Nfiagd32.exe
        12⤵
        
        PID:15928
        
        C:\Windows\SysWOW64\Okfbgiij.exe
        
        C:\Windows\system32\Okfbgiij.exe
        13⤵
        
        PID:15368
        
        C:\Windows\SysWOW64\Aeopfl32.exe
        
        C:\Windows\system32\Aeopfl32.exe
        14⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\Blgddd32.exe
        
        C:\Windows\system32\Blgddd32.exe
        15⤵
        
        PID:16888
        
        C:\Windows\SysWOW64\Ddekmo32.exe
        
        C:\Windows\system32\Ddekmo32.exe
        16⤵
        
        PID:15832
        
        C:\Windows\SysWOW64\Eepkkefp.exe
        
        C:\Windows\system32\Eepkkefp.exe
        17⤵
        
        PID:18184
        
        C:\Windows\SysWOW64\Gqkajk32.exe
        
        C:\Windows\system32\Gqkajk32.exe
        18⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\Jjakkmpk.exe
        
        C:\Windows\system32\Jjakkmpk.exe
        19⤵
        
        PID:13924
        
        C:\Windows\SysWOW64\Lkppchfi.exe
        
        C:\Windows\system32\Lkppchfi.exe
        20⤵
        
        PID:18312
        
        C:\Windows\SysWOW64\Ngemjg32.exe
        
        C:\Windows\system32\Ngemjg32.exe
        21⤵
        
        PID:18864
- - C:\Users\Admin\Downloads\241004-q6ms9a1hjb139d3e4f2b2a9fb420536f6bb74a67aa_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q6ms9a1hjb139d3e4f2b2a9fb420536f6bb74a67aa_JaffaCakes118.exe
    3⤵
    PID:12680
- - C:\Users\Admin\Downloads\241004-radq5ssaqffile.exe
    C:\Users\Admin\Downloads\241004-radq5ssaqffile.exe
    3⤵
    PID:11160
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:10392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 268
      4⤵
      Program crash
      PID:15760
- - C:\Users\Admin\Downloads\241004-q8pqma1hrh7a35b8b98011f6becaa6f9ce4cc3199df912984840b5a7293b51cbb172a7a9ccN.exe
    C:\Users\Admin\Downloads\241004-q8pqma1hrh7a35b8b98011f6becaa6f9ce4cc3199df912984840b5a7293b51cbb172a7a9ccN.exe
    3⤵
    PID:11484
  - - \??\c:\5xxrllf.exe
      c:\5xxrllf.exe
      4⤵
      PID:15056
    - - \??\c:\3pvdv.exe
        
        c:\3pvdv.exe
        5⤵
        
        PID:13664
      - \??\c:\7rrrllf.exe
        
        c:\7rrrllf.exe
        6⤵
        
        PID:15420
        
        \??\c:\fffllfl.exe
        
        c:\fffllfl.exe
        7⤵
        
        PID:15600
        
        \??\c:\pjjpp.exe
        
        c:\pjjpp.exe
        8⤵
        
        PID:8000
        
        \??\c:\dpjpj.exe
        
        c:\dpjpj.exe
        9⤵
        
        PID:6032
        
        \??\c:\vpvpv.exe
        
        c:\vpvpv.exe
        10⤵
        
        PID:7316
        
        \??\c:\9xffxff.exe
        
        c:\9xffxff.exe
        11⤵
        
        PID:9724
        
        \??\c:\frfxlll.exe
        
        c:\frfxlll.exe
        12⤵
        
        PID:8512
        
        \??\c:\7jvvv.exe
        
        c:\7jvvv.exe
        13⤵
        
        PID:16732
        
        \??\c:\tbhbtn.exe
        
        c:\tbhbtn.exe
        14⤵
        
        PID:4980
        
        \??\c:\3xffrxf.exe
        
        c:\3xffrxf.exe
        15⤵
        
        PID:17956
        
        \??\c:\xrrlfxr.exe
        
        c:\xrrlfxr.exe
        16⤵
        
        PID:19272
        
        \??\c:\5jdvp.exe
        
        c:\5jdvp.exe
        17⤵
        
        PID:6496
        
        \??\c:\pjpjd.exe
        
        c:\pjpjd.exe
        18⤵
        
        PID:5460
        
        \??\c:\1rxxfxx.exe
        
        c:\1rxxfxx.exe
        19⤵
        
        PID:8364
- - C:\Users\Admin\Downloads\241004-q5bdts1gme139b2e63524767eefe57d68ee6e51a20_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q5bdts1gme139b2e63524767eefe57d68ee6e51a20_JaffaCakes118.exe
    3⤵
    PID:13716
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall set opmode disable
      4⤵
      Modifies Windows Firewall
      PID:13640
- - C:\Users\Admin\Downloads\241004-q44c8a1glc956d73b7f041.exe
    C:\Users\Admin\Downloads\241004-q44c8a1glc956d73b7f041.exe
    3⤵
    PID:1568
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:12372
- - C:\Users\Admin\Downloads\241004-qzhkysxbkka43486128347.exe
    C:\Users\Admin\Downloads\241004-qzhkysxbkka43486128347.exe
    3⤵
    PID:13712
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:9556
- - C:\Users\Admin\Downloads\241004-qzybea1elf3539a3e304ea925ef1a1562591cdc1618c1c6e1e4250de9af116331ccf0b91d1N.exe
    C:\Users\Admin\Downloads\241004-qzybea1elf3539a3e304ea925ef1a1562591cdc1618c1c6e1e4250de9af116331ccf0b91d1N.exe
    3⤵
    PID:11352
  - - C:\Windows\SysWOW64\Binhnomg.exe
      C:\Windows\system32\Binhnomg.exe
      4⤵
      PID:6684
    - - C:\Windows\SysWOW64\Dgbanq32.exe
        
        C:\Windows\system32\Dgbanq32.exe
        5⤵
        
        PID:14088
      - C:\Windows\SysWOW64\Eqmlccdi.exe
        
        C:\Windows\system32\Eqmlccdi.exe
        6⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\Gddgpqbe.exe
        
        C:\Windows\system32\Gddgpqbe.exe
        7⤵
        
        PID:15428
- - C:\Users\Admin\Downloads\241004-q6jrlaxellipchecker.exe
    C:\Users\Admin\Downloads\241004-q6jrlaxellipchecker.exe
    3⤵
    PID:12228
  - - C:\Users\Admin\Downloads\241004-q6jrlaxellipchecker.exe
      C:\Users\Admin\Downloads\241004-q6jrlaxellipchecker.exe
      4⤵
      PID:14668
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\241004-q6jrlaxellipchecker.exe'"
        5⤵
        
        PID:14156
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
        5⤵
        
        PID:10796
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('error', 0, 'avvio', 32+16);close()""
        5⤵
        
        PID:9200
      - C:\Windows\system32\mshta.exe
        
        mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('error', 0, 'avvio', 32+16);close()"
        6⤵
        
        PID:1036
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:6724
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:16612
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:18236
- - C:\Users\Admin\Downloads\241004-qz2zla1ema1394d7cba5b4b5e678819e4ee0e2b930_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qz2zla1ema1394d7cba5b4b5e678819e4ee0e2b930_JaffaCakes118.exe
    3⤵
    PID:10952
- - C:\Users\Admin\Downloads\241004-q74s6a1hqbfile.exe
    C:\Users\Admin\Downloads\241004-q74s6a1hqbfile.exe
    3⤵
    PID:11520
- - C:\Users\Admin\Downloads\241004-q8krns1hrb13a02b9c0818f04d877040a9e363e179_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q8krns1hrb13a02b9c0818f04d877040a9e363e179_JaffaCakes118.exe
    3⤵
    PID:11412
- - C:\Users\Admin\Downloads\241004-q2khbs1fjcd1bc91bd44a0.exe
    C:\Users\Admin\Downloads\241004-q2khbs1fjcd1bc91bd44a0.exe
    3⤵
    PID:13816
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:16200
- - C:\Users\Admin\Downloads\241004-q2d1jsxckm2024-10-04_fedc76d2684ea374b328b3448490df18_icedid.exe
    C:\Users\Admin\Downloads\241004-q2d1jsxckm2024-10-04_fedc76d2684ea374b328b3448490df18_icedid.exe
    3⤵
    PID:13016
- - C:\Users\Admin\Downloads\241004-qz1frsxbmj8b65dd48eec5bc3e1327554759293e18f9da350a895564e872188bb2cdffb821N.exe
    C:\Users\Admin\Downloads\241004-qz1frsxbmj8b65dd48eec5bc3e1327554759293e18f9da350a895564e872188bb2cdffb821N.exe
    3⤵
    PID:11544
  - - C:\Windows\SysWOW64\Cmedjl32.exe
      C:\Windows\system32\Cmedjl32.exe
      4⤵
      PID:11392
    - - C:\Windows\SysWOW64\Gnaecedp.exe
        
        C:\Windows\system32\Gnaecedp.exe
        5⤵
        
        PID:15796
      - C:\Windows\SysWOW64\Igjbci32.exe
        
        C:\Windows\system32\Igjbci32.exe
        6⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\Jnedgq32.exe
        
        C:\Windows\system32\Jnedgq32.exe
        7⤵
        
        PID:14664
        
        C:\Windows\SysWOW64\Keceoj32.exe
        
        C:\Windows\system32\Keceoj32.exe
        8⤵
        
        PID:15652
        
        C:\Windows\SysWOW64\Moalil32.exe
        
        C:\Windows\system32\Moalil32.exe
        9⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\Pbimjb32.exe
        
        C:\Windows\system32\Pbimjb32.exe
        10⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\Abgjkpll.exe
        
        C:\Windows\system32\Abgjkpll.exe
        11⤵
        
        PID:16440
        
        C:\Windows\SysWOW64\Bimach32.exe
        
        C:\Windows\system32\Bimach32.exe
        12⤵
        
        PID:17064
        
        C:\Windows\SysWOW64\Enllgbcl.exe
        
        C:\Windows\system32\Enllgbcl.exe
        13⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\Fpandm32.exe
        
        C:\Windows\system32\Fpandm32.exe
        14⤵
        
        PID:14604
        
        C:\Windows\SysWOW64\Imfdaigj.exe
        
        C:\Windows\system32\Imfdaigj.exe
        15⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\Kjmjgk32.exe
        
        C:\Windows\system32\Kjmjgk32.exe
        16⤵
        
        PID:15748
        
        C:\Windows\SysWOW64\Ngemjg32.exe
        
        C:\Windows\system32\Ngemjg32.exe
        17⤵
        
        PID:18148
- - C:\Users\Admin\Downloads\241004-q8lc7s1hrc13a032b0aecb51206c33f7dc2c53229b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q8lc7s1hrc13a032b0aecb51206c33f7dc2c53229b_JaffaCakes118.exe
    3⤵
    PID:12428
- - C:\Users\Admin\Downloads\241004-q1cq4a1enc1395288e2d20542d5d84adff2c50b8a3_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-q1cq4a1enc1395288e2d20542d5d84adff2c50b8a3_JaffaCakes118.exe
    3⤵
    PID:12540
- - C:\Users\Admin\Downloads\241004-qz3acs1emb44d166a80210d0207316e7ff93f8560dc2ae07983903fd7e72faefde6515ff8eN.exe
    C:\Users\Admin\Downloads\241004-qz3acs1emb44d166a80210d0207316e7ff93f8560dc2ae07983903fd7e72faefde6515ff8eN.exe
    3⤵
    PID:13060
  - - C:\Windows\SysWOW64\Cmedjl32.exe
      C:\Windows\system32\Cmedjl32.exe
      4⤵
      PID:15232
    - - C:\Windows\SysWOW64\Gjaphgpl.exe
        
        C:\Windows\system32\Gjaphgpl.exe
        5⤵
        
        PID:15988
      - C:\Windows\SysWOW64\Hkaeih32.exe
        
        C:\Windows\system32\Hkaeih32.exe
        6⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\Jdmcdhhe.exe
        
        C:\Windows\system32\Jdmcdhhe.exe
        7⤵
        
        PID:14536
        
        C:\Windows\SysWOW64\Jhoeef32.exe
        
        C:\Windows\system32\Jhoeef32.exe
        8⤵
        
        PID:15548
        
        C:\Windows\SysWOW64\Lkiamp32.exe
        
        C:\Windows\system32\Lkiamp32.exe
        9⤵
        
        PID:15208
- - C:\Users\Admin\Downloads\241004-qzpz2axbkq1394c22b0da66a5c58a0bbc0dbe19b8d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qzpz2axbkq1394c22b0da66a5c58a0bbc0dbe19b8d_JaffaCakes118.exe
    3⤵
    PID:12160
  - - C:\Windows\SysWOW64\fservice.exe
      C:\Windows\system32\fservice.exe
      4⤵
      PID:14864
    - - C:\Windows\services.exe
        
        C:\Windows\services.exe -XP
        5⤵
        
        PID:12800
      - C:\Windows\SysWOW64\NET.exe
        
        NET STOP SharedAccess
        6⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 STOP SharedAccess
        7⤵
        
        PID:4760
      - C:\Windows\SysWOW64\NET.exe
        
        NET STOP srservice
        6⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 STOP srservice
        7⤵
        
        PID:16364
      - C:\Windows\SysWOW64\NET.exe
        
        NET STOP navapsvc
        6⤵
        
        PID:15212
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 STOP navapsvc
        7⤵
        
        PID:6276
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\Downloads\241004-qzpz2axbkq1394c22b0da66a5c58a0bbc0dbe19b8d_JaffaCakes118.exe.bat
      4⤵
      PID:16176
- - C:\Users\Admin\Downloads\241004-qzsqxsxblkrandom.exe
    C:\Users\Admin\Downloads\241004-qzsqxsxblkrandom.exe
    3⤵
    PID:5360
- - C:\Users\Admin\Downloads\241004-qzj4sa1ekac78e660b7dc98cb94f49e6d6d9c143b189f67dea616da690287f69b08f490431N.exe
    C:\Users\Admin\Downloads\241004-qzj4sa1ekac78e660b7dc98cb94f49e6d6d9c143b189f67dea616da690287f69b08f490431N.exe
    3⤵
    PID:15396
  - - C:\Windows\SysWOW64\Gkhbbi32.exe
      C:\Windows\system32\Gkhbbi32.exe
      4⤵
      PID:15920
    - - C:\Windows\SysWOW64\Icachjbb.exe
        
        C:\Windows\system32\Icachjbb.exe
        5⤵
        
        PID:7496
      - C:\Windows\SysWOW64\Jjdokb32.exe
        
        C:\Windows\system32\Jjdokb32.exe
        6⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\Jjkdlall.exe
        
        C:\Windows\system32\Jjkdlall.exe
        7⤵
        
        PID:15504
        
        C:\Windows\SysWOW64\Kbgfhnhi.exe
        
        C:\Windows\system32\Kbgfhnhi.exe
        8⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\Klgqabib.exe
        
        C:\Windows\system32\Klgqabib.exe
        9⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\Maaekg32.exe
        
        C:\Windows\system32\Maaekg32.exe
        10⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\Mdghhb32.exe
        
        C:\Windows\system32\Mdghhb32.exe
        11⤵
        
        PID:13592
        
        C:\Windows\SysWOW64\Pcbdcf32.exe
        
        C:\Windows\system32\Pcbdcf32.exe
        12⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\Abpcja32.exe
        
        C:\Windows\system32\Abpcja32.exe
        13⤵
        
        PID:14624
        
        C:\Windows\SysWOW64\Bipnihgi.exe
        
        C:\Windows\system32\Bipnihgi.exe
        14⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\Fneoma32.exe
        
        C:\Windows\system32\Fneoma32.exe
        15⤵
        
        PID:17580
        
        C:\Windows\SysWOW64\Gloejmld.exe
        
        C:\Windows\system32\Gloejmld.exe
        16⤵
        
        PID:14600
        
        C:\Windows\SysWOW64\Jffokn32.exe
        
        C:\Windows\system32\Jffokn32.exe
        17⤵
        
        PID:16004
        
        C:\Windows\SysWOW64\Kceoppmo.exe
        
        C:\Windows\system32\Kceoppmo.exe
        18⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\Laglkb32.exe
        
        C:\Windows\system32\Laglkb32.exe
        19⤵
        
        PID:17104
        
        C:\Windows\SysWOW64\Mkdiog32.exe
        
        C:\Windows\system32\Mkdiog32.exe
        20⤵
        
        PID:16564
        
        C:\Windows\SysWOW64\Ndmgnkja.exe
        
        C:\Windows\system32\Ndmgnkja.exe
        21⤵
        
        PID:6408
- - C:\Users\Admin\Downloads\241004-qzejas1eje13947bbce3ddefc0a0c3417f94d0bab1_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qzejas1eje13947bbce3ddefc0a0c3417f94d0bab1_JaffaCakes118.exe
    3⤵
    PID:6324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ZhuDongFangyu.exe
      4⤵
      Kills process with taskkill
      PID:15644
- - C:\Users\Admin\Downloads\241004-qyqj6sxaqk13935ad1f509a2d4aa4cff2f0a904dd0_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qyqj6sxaqk13935ad1f509a2d4aa4cff2f0a904dd0_JaffaCakes118.exe
    3⤵
    PID:11400
- - C:\Users\Admin\Downloads\241004-qzakcaxbjl139449da8a5127d61a197e777ff719c9_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qzakcaxbjl139449da8a5127d61a197e777ff719c9_JaffaCakes118.exe
    3⤵
    PID:8148
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 572
      4⤵
      Program crash
      PID:18072
- - C:\Users\Admin\Downloads\241004-qyr31a1dqd2024-10-04_c84f7389b8a4380b34d12e65640c37b7_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\241004-qyr31a1dqd2024-10-04_c84f7389b8a4380b34d12e65640c37b7_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:10756
- - C:\Users\Admin\Downloads\241004-qzd8ja1ejd2024-10-04_e0df6791d162a03af22f674505dbeeab_cobalt-strike_cobaltstrike_poet-rat.exe
    C:\Users\Admin\Downloads\241004-qzd8ja1ejd2024-10-04_e0df6791d162a03af22f674505dbeeab_cobalt-strike_cobaltstrike_poet-rat.exe
    3⤵
    PID:14444
- - C:\Users\Admin\Downloads\241004-qyq6ps1dqc7b4b3d0842af5134c5f5395635700e5e2a70ebf9f4ae3287a67650c79986e553N.exe
    C:\Users\Admin\Downloads\241004-qyq6ps1dqc7b4b3d0842af5134c5f5395635700e5e2a70ebf9f4ae3287a67650c79986e553N.exe
    3⤵
    PID:9224
  - - C:\Windows\SysWOW64\Ookhfigk.exe
      C:\Windows\system32\Ookhfigk.exe
      4⤵
      PID:7244
    - - C:\Windows\SysWOW64\Pmmeak32.exe
        
        C:\Windows\system32\Pmmeak32.exe
        5⤵
        
        PID:15408
      - C:\Windows\SysWOW64\Cehlcikj.exe
        
        C:\Windows\system32\Cehlcikj.exe
        6⤵
        
        PID:15736
        
        C:\Windows\SysWOW64\Flfbcndo.exe
        
        C:\Windows\system32\Flfbcndo.exe
        7⤵
        
        PID:17360
- - C:\Users\Admin\Downloads\241004-qy4f2a1dreNewLoaderCracks_1.32.exe
    C:\Users\Admin\Downloads\241004-qy4f2a1dreNewLoaderCracks_1.32.exe
    3⤵
    PID:16136
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\comcontainer\Kr8tZ.vbe"
      4⤵
      PID:17956
- - C:\Users\Admin\Downloads\241004-qylwzsxapq139300c07c679d816d3a53d907432c76_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qylwzsxapq139300c07c679d816d3a53d907432c76_JaffaCakes118.exe
    3⤵
    PID:11168
  - - C:\Windows\SysWOW64\REG.exe
      REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
      4⤵
      Modifies registry key
      PID:16224
- - C:\Users\Admin\Downloads\241004-qy7hpa1eja1394160f44ce4bf165999ef87885d7dc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qy7hpa1eja1394160f44ce4bf165999ef87885d7dc_JaffaCakes118.exe
    3⤵
    PID:14396
- - C:\Users\Admin\Downloads\241004-qyccjsxank13929af9676649dcd392b0bf1c611e7f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qyccjsxank13929af9676649dcd392b0bf1c611e7f_JaffaCakes118.exe
    3⤵
    PID:14192
- - C:\Users\Admin\Downloads\241004-qyrggaxaql139361125a33c37baa2f4aab56bb9898_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qyrggaxaql139361125a33c37baa2f4aab56bb9898_JaffaCakes118.exe
    3⤵
    PID:16156
  - - C:\Program Files\Media Access\MediaAccess.exe
      "C:\Program Files\Media Access\MediaAccess.exe" /RegServer
      4⤵
      PID:15324
- - C:\Users\Admin\Downloads\241004-qydwdaxanm1392a4a24175e219261a1ee231a5212b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qydwdaxanm1392a4a24175e219261a1ee231a5212b_JaffaCakes118.exe
    3⤵
    PID:7284
  - - \??\c:\users\admin\downloads\241004-qydwdaxanm1392a4a24175e219261a1ee231a5212b_jaffacakes118.exe
      c:\users\admin\downloads\241004-qydwdaxanm1392a4a24175e219261a1ee231a5212b_jaffacakes118.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Roaming\icsys.icn.exe
      C:\Users\Admin\AppData\Roaming\icsys.icn.exe
      4⤵
      PID:8948
- - C:\Users\Admin\Downloads\241004-qxplgs1dmarandom.exe
    C:\Users\Admin\Downloads\241004-qxplgs1dmarandom.exe
    3⤵
    PID:13652
- - C:\Users\Admin\Downloads\241004-qygl9sxapj91e58a71f5f73d36ee618b2bd4b7071799873d0401e734a067efd412e9790778N.exe
    C:\Users\Admin\Downloads\241004-qygl9sxapj91e58a71f5f73d36ee618b2bd4b7071799873d0401e734a067efd412e9790778N.exe
    3⤵
    PID:16684
- - C:\Users\Admin\Downloads\241004-qxkyas1dlcnum.exe
    C:\Users\Admin\Downloads\241004-qxkyas1dlcnum.exe
    3⤵
    PID:10424
- - C:\Users\Admin\Downloads\241004-qx5byaxaml13925e8c86066fc5314428e75bc3514d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qx5byaxaml13925e8c86066fc5314428e75bc3514d_JaffaCakes118.exe
    3⤵
    PID:15880
  - - C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      4⤵
      PID:4708
- - C:\Users\Admin\Downloads\241004-qx1zhs1dnb13922d9bb5cc9356a8b3729f496a9896_JaffaCakes118.exe
    C:\Users\Admin\Downloads\241004-qx1zhs1dnb13922d9bb5cc9356a8b3729f496a9896_JaffaCakes118.exe
    3⤵
    PID:6604
- - C:\Users\Admin\Downloads\241004-qxh4psxajpnoode.exe
    C:\Users\Admin\Downloads\241004-qxh4psxajpnoode.exe
    3⤵
    PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\is-TDA58.tmp\241004-qxh4psxajpnoode.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TDA58.tmp\241004-qxh4psxajpnoode.tmp" /SL5="$20868,4126447,54272,C:\Users\Admin\Downloads\241004-qxh4psxajpnoode.exe"
      4⤵
      PID:19032
- - C:\Users\Admin\Downloads\241004-qxefhsxajjf2e7fcb20146.exe
    C:\Users\Admin\Downloads\241004-qxefhsxajjf2e7fcb20146.exe
    3⤵
    PID:18872
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:5628
- - C:\Users\Admin\Downloads\241004-qxcxpa1dkaa43486128347.exe
    C:\Users\Admin\Downloads\241004-qxcxpa1dkaa43486128347.exe
    3⤵
    PID:8720
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:13384
- - C:\Users\Admin\Downloads\241004-qxbdvs1djg956d73b7f041.exe
    C:\Users\Admin\Downloads\241004-qxbdvs1djg956d73b7f041.exe
    3⤵
    PID:908
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:16008
- - C:\Users\Admin\Downloads\241004-qxfzcaxajlniko.exe
    C:\Users\Admin\Downloads\241004-qxfzcaxajlniko.exe
    3⤵
    PID:13872
- - C:\Users\Admin\Downloads\241004-qx7gasxamn99791b9deba3efa5be24b66e9416e71d80701345367a65b41d3e319b05df828aN.exe
    C:\Users\Admin\Downloads\241004-qx7gasxamn99791b9deba3efa5be24b66e9416e71d80701345367a65b41d3e319b05df828aN.exe
    3⤵
    PID:9892
  - - \??\c:\bntttb.exe
      c:\bntttb.exe
      4⤵
      PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2136 -ip 2136
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3116 -ip 3116
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3916 -ip 3916
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5968 -ip 5968
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 8332 -ip 8332
1⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 10140 -ip 10140
1⤵
PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4332 -ip 4332
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 10200 -ip 10200
1⤵
PID:6436

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7032 -ip 7032
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 10072 -ip 10072
1⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 10176 -ip 10176
1⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5200 -ip 5200
1⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 8460 -ip 8460
1⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5128 -ip 5128
1⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 9700 -ip 9700
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7364 -ip 7364
1⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1980 -ip 1980
1⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 11236 -ip 11236
1⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 13604 -ip 13604
1⤵
PID:13320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 14512 -ip 14512
1⤵
PID:15072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 15312 -ip 15312
1⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 11160 -ip 11160
1⤵
PID:14752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 13712 -ip 13712
1⤵
PID:15368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1568 -ip 1568
1⤵
PID:15844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 15320 -ip 15320
1⤵
PID:15664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 15428 -ip 15428
1⤵
PID:15636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5576 -ip 5576
1⤵
PID:15852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 13816 -ip 13816
1⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 8148 -ip 8148
1⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 15336 -ip 15336
1⤵
PID:12476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Power Settings

T1653

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Network Share Discovery

T1135

Process Discovery

T1057

Remote System Discovery

T1018

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\1bhbbh.exe

Filesize
111KB

MD5
a0e970430a5b8445f0f831dfa33c880b

SHA1
a027bde65fc608ac3d47c2d2a3aa3f5b8edc7877

SHA256
c30ae9068902465df4fa82c2c6311ea93ae10300d223299c9f9c85cf73ed580c

SHA512
145b4bbc442421c80409c59e44684c019fe6efd23e42eeda3351417163472266ab40881d0e590b025c599705029e7b38e7df2b9686a02ea470a70762a21ea041

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
a96b439629d12b58386b44d0429c5080

SHA1
3d075fdb21374a0590b81bfae9ea2b4a0ec5babf

SHA256
9ddf8e826cbe0c09bb28b7ac78f434148025efea993e2e755fb26170684644e2

SHA512
5b02e8661a73a18e5f385a47c31f892aa3c986165dab82f443852c2fe036b4e8f90762728b722d8fdaa61d3564c39c4576c9d01ebdda1fff423df6864b7dbc78

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
b5213f59589bcf94174c7a927b5d4ab6

SHA1
cd073561994ca1d1a9690c0d174772840ca91fab

SHA256
3ab600409cb82c9407cb6ae6272aa96ac8614072f48e8dac4f7b1de5e4eb4ab3

SHA512
4c2eee9ff608a31243b50aad8fe449ada0072912737d8c150f4b12d738b709b2c5d18a462fcce23ef961f418d556cbbbb0daf4dceea5ab4e6065107df314309f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
80c9c9642362703f475fefeddaee9bb4

SHA1
e2f631dfd4f26a4082b68e7f09e99cf033b63503

SHA256
7e170d221ef8e812d5e2f83998b6d59fdc484b0d7749c11854c0772734d302c6

SHA512
366bcf7aecee4e27c0c9b084b324c30bd9bcdf3e011772c6c975a66d185117281118b05f27b285819a3a24c22032fa721aff63e9c0d029c6fe1cc93fcc829e3e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
97559b2c0438be8bf50ce50173f6ebfc

SHA1
64d1f8a95adfb60c39e1b91007510b508c0d8f8d

SHA256
28e35b9e1f43ad1d77bff4c2e334f8d54da7a65a22f761a6164563b85fce2364

SHA512
97ae2bff644fb74bf665c7418204f892d15fa42885051324d23d57cefef604aca65c7339249f15a8b7e8112f2575a58615a8f5f3773f87f08429e55c62c926b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
7bd9aa360f59c1ef87ec146387f10a73

SHA1
ff912349d75811ec59b1ab22a31c5d6fd07ebbbc

SHA256
4df501b7c1437149fc018b325c9ac3d1db5e82d0915835badef8102922119402

SHA512
d52cbf9758889bbfb4991309c9f8087681b1c482f83db390d0e313b9524042d4612662657b595c46edd7777d9345bcfe0653054744d4fa8d817a364f3ceac4a6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
91dca6e66f51e787e693e290effc83d7

SHA1
b43b88965dc8d0edfe1466c51221fef7ccb05cec

SHA256
08ae54ae53fa7b17b8b85c32c2f771aca705c788e1b44183e9805664245ce603

SHA512
aaf8ac273072885b31736a9e427930439de13aef97e9dec1c6a87c89fa4e5b6af5f1227314a823aaca53d03a2da456a85f69a75b3cebca8ec4eef78f05859511

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
3dd5c9a4f46d072d3db2b78b4904e4e6

SHA1
821923d711ddc1324bead2e16b076f031044bb63

SHA256
573907310915e6a67a060b358970e1f0d9ea42c12c37c657238822ce60fe45d2

SHA512
67c3de00380e563666fab8240afafe0788287664c08b0e659093b6b6b07d96b373efd3129c139b066c446c294a7b61d8fc6e53823df7150dafaec370073fc6bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
dfad184ad16aa291d1ef980297f721f1

SHA1
58ba1941348f87d3fef0b477ba6a7211b113eb26

SHA256
da12a946396eb897f92a80160a56482aa9731ee0ddea15d687e94ce06dcf8d5e

SHA512
9cd4d3b246cb6f1e7ac4138ef3fe4c5bcd1c6e2ee44bd89154779fc19ff98942eea0b45d0378a38418617327691f2c75dbe643b2e3d4217bcb9c5171b0e83a96

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
4814cd52cadae103ceaf5f7ce825dafb

SHA1
f4552a112ac30d3d88cc39e21d343fd7a65674b1

SHA256
99f1f402b026feb4d2a877682c12f050c70f3c23e59d973011d4f314068e5d57

SHA512
0f2ef6ad07c1bbccc8cf063c32bb06a02ddbdf68596dcebfe55b07756ba6eeffd62d50d191e3be7d9a67478f5d24f269a13a756a7ff000a664aa0b2ea43bb4f7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
4b867c4f507a85c51fbdd11afb301105

SHA1
7dd34f3206d4433858d85e8054bf266982540190

SHA256
e60880d1656e872a8e202d5fa344b92f5b87d3487dee62db65e85c94067df577

SHA512
c42c75d776ea7011db9c9722afe1c07314c5b8155dc80143094f9a97eb6e7e5205e1200f4fe303f69e9317932bf403ffb43dcde959c67aa33a51363fc09ea0b6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
3b1e51b771ae86d80f2ad7b20f170f6b

SHA1
1f71a29eab249d8a7ba11a5b2a9d37e35a62f841

SHA256
0dcc0376f1161183ddf67b5143f60a4c9857e06f6e6c73979864628095f6ef98

SHA512
cccd4b79570c963dc9a2f32714c5cbd62903010411ad6fff2997f375f17e22df781ad1b46728a58047cc632638236deaa11c7d2b112e44d0fac69c98ae611858

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
b4313afe4dae1f81eecc3f944b15ca2e

SHA1
41c06c95efd5a595d2524d79f771faf9642cf246

SHA256
18dc1c242bd5effe905214e1ede288d88ceff9e122e5b1b0cc4d704e76aa02f9

SHA512
ce9dbe56213d51dde6fbd57ce25129eacb00d80449531cc2a43c112331cbbf6dcacebb3c68d6d736a8c83de3ff331ab9b09fe62a194103a9f918d921cbc00f79

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
eae03d0bc77c045497f32bc7fa45a086

SHA1
cd85d7ec24e26981c60facf6f92165592c7b3b4e

SHA256
eee72638ac15f83dffcc2c7f4b4960d6c22b45d5c7e4c8c03bd2ba0fea05cced

SHA512
f620751996000e55bd319fe65842c6d182aee9681c216c5e0f7c21bf1d9b646db99e7c5276a6b5e0582fe711c9fce318c2cea0b2ea4068798907d941acc59d24

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
88125196e8885cfdd874320702a7f61c

SHA1
080bfb8e497cc7f6fca51b719463b4664097f110

SHA256
73eb70757cdd533920a915a20519ad08a047f05f78553acd055ed9eb6ddcc6ee

SHA512
37153ed8ffaae9b3c5e7191c76a9bd186b152a35f99bfe7dae68de4a537b9db4ec8ba0c138863b2cf2760d2e110935ed595208ede78ae8876da689416aa70c1e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
890656e9f359b477513bd5ba555e5e49

SHA1
e7ad61154c47934ce06d00771c4f185d25ea85c7

SHA256
842df68961ee4cad6a6671d3fb404024f1f687e3ad14242f3b9ee8a702d3ed46

SHA512
fcaf19732e6da3204d23ba70fe9a7baca2c207a0f276082858a73b7fedd1163d4a3ba85bf5419a67baba84b0c394ff4b0e0c90ec067649ff07eab22d212fc787

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
9c8e9985799f7cb525da3bfb3f66190a

SHA1
420a13e689c86e9d000c2cb8ebfdbda37facbb6d

SHA256
7ad009ff34057d5a36a2316c0f91c6e91e85521b4419cec87f8e67b7edd83214

SHA512
1106e1975b3e06d19467fe56f2c2650a5f76af33e6ebc569d71e91fcfdb54aef52b81905239d23b9250b79334e4f3169244f8a3e3cd00075c209b2e922cb2757

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
c5e8c3cc7de400501a2cdb89b2a2cb54

SHA1
9b6a567043776e5a57a18c070fb8bb0a623471a3

SHA256
d70f2ec2873361204fb5c1b0a9559f64b4af5adbba9796a840632c0e04d5c5bb

SHA512
bbb3aff5e203105ad8284a06a1544ef86a8e135c82315e0bc246043047858527a07c158a1fb4254d9737eb726e4345932e4d9140ab567b9753d99b3a1baeb82b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
94c3a6308f7ea350e605b14f1916e3e6

SHA1
70267a409640ab61192c761fd4bcbd77d693e865

SHA256
df2037a16f9fb10c5094691a389177c31b29efc0be9993783eaaad4df7bebde3

SHA512
a0805b70a2deb7c0b896b0fd8823f45ea64a218d817094dc77b2bc31b054071aa9ba9ff03cab65053c2f04fbea1c059a1c57698920b3af6240144692e4c1b742

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
8b71423504f8fedd979142caaba7662d

SHA1
94232c1ac32c5c47bff1f7ad93999001b3d0cade

SHA256
614da0e5d3aa40f1c04d5bd2c53d8489c472e69022fdddd5ed5a0485187600ef

SHA512
eaa1ce536e1aab0a63cd3481261a5ff837be3ffab652179d1d077686f56e71e6a3985558f92c77582ea532f713475a8c78115bdce73af6f4c147e63d6a831813

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
711674523376b42a1d6b2de73e02487c

SHA1
c84f5a675d8be87e097465a9c262ed7d09a65fce

SHA256
b561169f1cd0497d3a391dae7e84cb1bd9e21938596d1f0f7c109400f3813d81

SHA512
9d90b32ed04701dbfa8e81e8050bf1b55d295a96951d70cdc9e5f66aa54e9c747cac5595d27bf1a4d851b0367f3865373285ddeb4e3e08373498aa45c5a1c392

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
e822ca0182116b0bec3c34aed5c57f16

SHA1
f31f1306fbba324632f383e7e9c610b118642889

SHA256
92a8e2eea1e5a4faf91111010bb73fcb6b40f8d0522a3cf38e105001a0d3e856

SHA512
f9532b0b5fb4e94cd9003b62cb3693c82f72a6e2d48efa34f033e3f548fc6e3af1ba76f76f230191be1804ff8b79094be733e052d04804c074d15730b668642f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
1127dfe82701e7482d1f5a8f06ce8eaa

SHA1
8424d890b7092eb946d01db621de7c8f3a721313

SHA256
6130cda8241c39415ac3786bfa29ff54e009b3c024300f0a47576813ec8f702b

SHA512
709a76888183589c9ce8d0dc3fb8352e5a85e17710bce2d0901abc5008cffb15707aa5c360974db6a1f5f1e80b6af9d131802df4e24a7eeb9aee447d2baa3898

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
c33c8c0b7c5d422b5b5ba22434e7cacf

SHA1
8045a90dce64deda6e2862cc12d90954dc6d9634

SHA256
dd490237c1adabb1673a189ee13e209977259bb4d29e828b84028e47029f72e8

SHA512
4dd8fffb2779dcd53710bdd54404319218023771b895c66234a159a94d3f5cab497f0cbc55386ad81c9dfe3417422f1d0b101e708fb59330f616cb650b19aed7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
9b5f9f3c2678a754f8762f3d0b6bfce6

SHA1
3c3fe6150829d59ec4d7f75e23ea018b02d0fceb

SHA256
a8e646febcf12c24708468d4be583a82318227917f72ddcd167eb2c7d006b303

SHA512
405afccbcf6f1e53b79f66a56233039300fbc33cfc30ac417f5200fb5b0bb339de98200498751167e15a35c165714421724beea52e78a4e8fe4e3d2d89b0d7e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
fa0681737bb268313ac91f7d73239f96

SHA1
64d1402fd5db3ab90578e912838b5bbce73cb2c2

SHA256
579f2659ab7bd9b2d89a275e2fb5ff5b497a6f8b9c44ac796abe6124e469959b

SHA512
a384efeb7ccc91ae51184540c6a8141fe2ae8ab080f9db3a5f08da86f63f433b92c51ef19b2e0c0b32a41bcbb9c1c6af52320c6abac4cf80d9080525783a6376

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.EnCiPhErEd

Filesize
1KB

MD5
d8caa17667bc52a4d4a4bb2c9a1add81

SHA1
08683ee07f54f47315980114e7abc380e26cb0f8

SHA256
e663198dce21e939153522eb191e903a2c16bdb6739c8c73d33f7f114bf334bd

SHA512
ddf97c3279e541e0abcf5a19acd65c52cc5eb84fa4bf88691a17f16f40b4080882bcc02b410ec417ba3f6b008b487a3d0e4dd9b9f032a0063552d6530a26e774

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
36c992ff8a7fa5873109a8b71df0f330

SHA1
3d08d3e86f4eccfbaa216c5ddf4e70b271dc3e64

SHA256
44a21bc8f3d452829f7823b3671ee1c6597b903a314fac7c5907e70b64482aa0

SHA512
e75d8465257ebb07fa215d0d43a32c50cef4d363fd08524b29efcb0c0eaf54aabfc0ed43d31bbebfbf2bf71af0a052ba7265a4c2609bf5a72395c9bd2dfe17f6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
865d051af82c562d45d83c135a315d14

SHA1
35cb8bf24e771b852d3003a986d74c03264de19e

SHA256
4311f4d52c4fcf2bab04bacf1002757c37c3dd7c8433724a1ac117531d35486b

SHA512
2af08ea95c06d3fb5b97dec77ce7ea0604ce816a55b2636b461d036bed5120e4d31ae42e754502112e12b82e9d82512910231966fec55137354607c177ce72fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
c818995886be9b2977f82f075ed5e85b

SHA1
0adda288eeb2d2cdf47e0380ddc67ae3595fb84e

SHA256
cf460ee65de8c5aa1f9fcad943f450f38c51b1a000036ccc9908d9ef23dc5b1c

SHA512
cb6dd7a427c3ed5906f7e514b35748c26433efa462ee9eb5996fc7d5279e5579dbaacb879b16905785c988e6003b10423c40c7a81fcb8840396d1c6b7f3a8173

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
a9890e75bd2e264a549bc663b00cdc57

SHA1
6ac63953a570d58f6ce7563ec63b641ed8064514

SHA256
aa658253cf6a1792de0a00f34bba59b4b86dd98a70c86ff47977b1ccf1ddacf3

SHA512
d8c52858c6ecf5b4e563ba011ea23491e7b6a48cb6b5c5e02651e6d39de716719e84b4b089f61da785e478476cb06c58448ab49dee01ba22a753226e5272b053

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
cc113fbb6f47cc3a657d4fec4c048d15

SHA1
b2ba8d2422723ffca54403fc27bc9b334a926889

SHA256
a20e4637f85d29c0b10cb248441fa77ab7518846de20c56a03c97dc75be70f1b

SHA512
0c9dac8ebcd7d09222afaee85ad9b4f2db8ab350db0d9a47788f6fd02ee906cb9a4f4e576a5d9b432c778b500db5083fcf92000d8145a7e7ab36c9b178b9299b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
0b0d7b9a1f93a21fcc545488c6c6ed1b

SHA1
f26655500e0bd3917d2d1abc6dd27843518d1404

SHA256
46376c266befd4e82978a9c1875db29df2475c8d4b6de8826b28b87a191337b4

SHA512
1f5a9307bd1dc198b787080d1976395acd4ea9bf4b0db039de85a7b728edf2136356f1a870a86b869a8db31a966990b46168a8fd66f81fb5729349d45097ac2d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
1682cb32dc27d160fb755550182ac26e

SHA1
0cb3f47ce91c91c7eccba75ae211d8f47b60df86

SHA256
a3f4b8ed19d78d4a40875671dc530195b46f518de8e232ed80501d9c8868e4c9

SHA512
f6aa05ad9f71ae3681168c1a69edd51a62bc2f875dc9bf7c6ff535ffe24b66eecf4045386bf34aecd70087941cf6afc5b2e26dd52e51d79d5794e5372921bf73

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
ae8dd23117c6975c96b361a189d7de45

SHA1
59271e5374207497f67bd6bbc2dc31e89d9bec2f

SHA256
444ff2d5136de2e75e7ecc09bca97ada435e6480180bfe9a028a2385133cc654

SHA512
ead57a2f04f3ad146ab15e8014406c7b929e982081a152749965a878bd0a851428b5df4e9eb5e32c18b85fe6e87c6ca9c36b9f7e5c375e683f0028ff617f6e9e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
caa39280597e303de2ea0b6351197c77

SHA1
bca08e4673cd72d14aa13b389794e7b9b6832831

SHA256
7a605974e2cc8fc8f27d6d8e8390c933418e5f2285c55052d03635a8b196b405

SHA512
2021831add8e7b445949a8f6d028b716018ddafc47bfe1406fd58722d7d977b5e7f3bb2322540593a7a2f3b055848b564dac6a043c22c3491c70a46e31acfc86

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
936f70543e77df68ccab9099184d9c0e

SHA1
8fb0a71e7696d09bcb116a63cc08d20f670d1090

SHA256
c2fa9bff054e42cfd8ae43191ff84145d8789829e89cf8533d6b6a94c33d91b6

SHA512
abc9ee24b3824e3afdf947876b8c02795574d176be24112fa8ec5403f9eb8da89c086091730e599b5714017073c464be700a076f76cbae1d0f7f034c903b2744

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
904e60e6712cf70258611b65a4ac82fc

SHA1
a56538a7a1e4e5356ca16bdd86906ea25ee29bb2

SHA256
96fef2947ded6b1f61421cc5de8815a93be76fdfccd2176764aac890da85f4ec

SHA512
3eda4e8ea0d9c13ac9f97a1d728696a749d8ffed1aea166eeef0e8d5d31492e75663cda55e30e921cd34ef3062fc744e4ffd7d8881115b9cf9dbeb618b8f410c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
7976ef4b6867a5014e424731aca5db8e

SHA1
7d1d90f6b0e3c60b22f0662b841384a7bc813f68

SHA256
2e6b608ed863e02dc1794a1b61139b8f8d7770337ff10488eed63498bcb0ddbb

SHA512
0c7acf92a2ceac53c76e74d51a44c0f9c1db372e00ce1ac4e1ca16172f0924e9857f88c39b9e02fbc3ef5e56823a8a0a600866ef0db0d303ba67c476ae35654e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
11639cb44d37a791b985a390761a43bc

SHA1
18d6c0cb23ac5a2560ca7d7ded7bd4a996fdef5c

SHA256
045d7eb61fcd86d8dc1b82a396404ca48fd87f3311e400b5c554e2dd8e8d9ca9

SHA512
bddf04ed8175c4e17cf6e53afe6e2742013e688a6b83df11305c4f2903cef1ba08a413645671f9a06b3f1726f3718c2be13dc02a8af9ad3d03b3f9971ca05bc7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
2889130c58423c49d240bb09cbbfa647

SHA1
e1711a395151493449e2e3b8a2be275b784df23a

SHA256
cab15ba6f6987b3fc2a5978870af7890e7f3cd65985cb145086f09d3d0c2ac8b

SHA512
039d9441532b0ebe32668d890d95b03ced00b6fbc09a630ce419851a94beb4dfe8efdb51f4fc2d00779b4ac44d01cbdb67d34026f018a82e79bfbae9cde875b5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
16416df3c163c9f9c18c8bdc2a0d3ea0

SHA1
c50d9bee357d0f20bfda54f7f2e6ffd18b4c6863

SHA256
563fcb14123364238a3526c6b72d43e36b8c5883ed1ff0643cbfa2ae8f359a58

SHA512
5053e3249ccb71b2597185f3d22e7dbbedc25bf407a3181edc4e772fe90efdf84a26a426226c54f024894a6427912ba72bf0b05e00a04b7f5e3ab05c735301f3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
bb313f486dd79b9a019343f336c78b5e

SHA1
a62d01003c66eb34676fb1ceb46fdaa4d026f0e2

SHA256
56b6b4e8d3f68cb3a11f54f59ee634e92ba06b7dd03d2925ee81ff9f755a2865

SHA512
76828891326b6c563d2fe84617bd4a1eff6e05d0abbb4b8b26ff3cec8c4dabd8f3abf317517d12de20b149b8bc30993c409d78ffcef434c0dfa116340dc76283

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
45628e761cdc05fc9eb8cd724190ac12

SHA1
c55bfc48cabb0b4a4a04a50dff4e7885173e6c48

SHA256
61047a71bceecb901e98815e65fa38b12054dad2733171a2afa91e4e6685a345

SHA512
e3641a4b7d9e6b46a60bec8baf15f37f951cf193a9d7660dbc3ff55243ee2ff1a8f3525cb07f007bbac4778024536c9d3865659fe7f59c3a89680d2e68748bda

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
65d43938225245fea7454193852e7ea6

SHA1
7938db60b21eebd6056681a7c9fb416a20da4309

SHA256
380b0e70e106053cacb91eafa3fab2ac3d0df29a7da7f26d7c76078914a5cc6f

SHA512
2633b5aa2cf4c3e03e3409ad20738ea7c50bc01c9099b389d6aa43a6ff1cbc4102d3de97ac792b15872ed679805ef881362ae4b2430ffb0a4af682d6c4c5548b

Download Submit
C:\Program Files\server.exe

Filesize
368KB

MD5
656eca624b9ac572cf704e0dafb89c80

SHA1
d76625d09bd9a6105f0bdc8ec901cab1cdc7a176

SHA256
e903e1ea255b3fe3953ea01d8d46cbb257d2937fff01cc32bd2b396bfa218fe3

SHA512
041a5eb9e76572e7abea00c637b2a4e4b595779321a415ffeeb28767d1361637735dc90502baf95a0865cf56a808d032830c30a7cf0d94d5674aa5cf401e5433

Download Submit
C:\ProgramData\DAFHIDGIJKJK\CGCFBF

Filesize
114KB

MD5
6205160b38ce34c90456d967715ca941

SHA1
fce483a831467c4f8b8cf9558ff753d1f1d4d340

SHA256
5df07863dae25402f552f8cb599367a9e5d0f7e913648c07c163c1a4ff656407

SHA512
9249ccfe3272002224f348bbffac93b59d1f207237a12e07e694ab38d3ecd198ea470596cb0114e6b29aedd7d90879c1ebddfe6c370be8eff401948c8345b7fb

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\Recycled\CTFMON.EXE

Filesize
42KB

MD5
d5603540e9ac4d89d313829dba239487

SHA1
50ef21a9b48d4be3cd78177e6006e7f4806bab9e

SHA256
13d845f36d00d1d71a9a7b8fcd918a772635cc6e2d2cb575185329c68400eb66

SHA512
886ea2b59ea4947f1fe52708c127eaf74f8335453aa9d5aca99dbe906f54d62283088044f3da7bcd2374a5a538b50c63e02943c63f37b12f722a997040980926

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-0678R.tmp

Filesize
689KB

MD5
3a8a13f0215cda541ec58f7c80ed4782

SHA1
085c3d5f62227319446dd61082919f6be1efd162

SHA256
a397c9c2b5cac7d08a2ca720fed9f99ece72078114ffc86df5dbc2b53d5fa1ad

SHA512
4731d7abb8de1b77cb8d3f63e95067ccd7fafed1feb508032cb41ee9db3175c69e5d244eee8370de018140d7b1c863a4e7afbbe58183294a0e7cd98f2a8a0ead

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-06V8Q.tmp

Filesize
497KB

MD5
02e6c6ab886700e6f184eee43157c066

SHA1
e796b7f7762be9b90948eb80d0138c4598700ed9

SHA256
ea53a198aa646bed0b39b40b415602f8c6dc324c23e1b9fbdcf7b416c2c2947d

SHA512
e72bc0a2e9c20265f1471c30a055617ca34da304d7932e846d5d6999a8ebcc0c3691fc022733eaeb74a25c3a6d3f347d3335b902f170220cfe1de0340942b596

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-07996.tmp

Filesize
329KB

MD5
51d62c9c7d56f2ef2f0f628b8fc249ad

SHA1
33602785de6d273f0ce7ca65fe8375e91ef1c0bc

SHA256
fc3c82fab6c91084c6b79c9a92c08dd6fa0659473756962efd6d8f8418b0dd50

SHA512
03fb13ae5d73b4baba540e3358335296fb28aa14318c27554b19bb1e90fad05ea2dd66b3db216ea7eed2a733fe745e66db2e638f5ed3b0206f5be377f931df5b

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-093DI.tmp

Filesize
229KB

MD5
e1d0acd1243f9e59491dc115f4e379a4

SHA1
5e9010cfa8d75defbdc3fb760eb4229acf66633b

SHA256
fd574da66b7ccae6f4df31d5e2a2c7f9c5dae6ae9a8e5e7d2ca2056ab29a8c4f

SHA512
392aa2cf6fbc6daa6a374fd1f34e114c21234061855413d375383a97951ec5dddf91fd1c431950045105746898e77c5c5b4d217df0031521c69403ea6ade5c27

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-2UT79.tmp

Filesize
388KB

MD5
e0747d2e573e0a05a7421c5d9b9d63cc

SHA1
c45fc383f9400f8bbe0ca8e6a7693aa0831c1da7

SHA256
25252b18ce0d80b360a6de95c8b31e32efd8034199f65bf01e3612bd94abc63e

SHA512
201ee6b2fd8dcd2cc873726d56fd84132a4d8a7434b581abd35096a5de377009ec8bc9fea2cc223317bbd0d971fb1e61610509e90b76544bdff069e0d6929aed

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-31CO9.tmp

Filesize
96KB

MD5
70ca53e8b46464ccf956d157501d367a

SHA1
ae0356fae59d9c2042270e157ea0d311a831c86a

SHA256
4a7ad2198baacc14ea2ffd803f560f20aad59c3688a1f8af2c8375a0d6cc9cfe

SHA512
cb1d52778fe95d7593d1fdbe8a1125cd19134973b65e45f1e7d21a6149a058ba2236f4ba90c1ce01b1b0afad4084468d1f399e98c1f0d6f234cba023fcc7b4ae

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-6135J.tmp

Filesize
118KB

MD5
6ce25fb0302f133cc244889c360a6541

SHA1
352892dd270135af5a79322c3b08f46298b6e79c

SHA256
e06c828e14262ebbe147fc172332d0054502b295b0236d88ab0db43326a589f3

SHA512
3605075a7c077718a02e278d686daef2e8d17b160a5feda8d2b6e22aabffe0105cc72279add9784ac15139171c7d57dba2e084a0ba22a6118fdbf75699e53f63

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-6B3TS.tmp

Filesize
170KB

MD5
65d8cb2733295758e5328e5a3e1aff15

SHA1
f2378928bb9ccfba566ec574e501f6a82a833143

SHA256
e9652ab77a0956c5195970af39778cfc645fc5af22b95eed6d197dc998268642

SHA512
bf6aa62ea82dfdbe4bc42e4d83469d3a98bffe89dbab492f8c60552fcb70bba62b8bf7d4bdab4045d9bc1383a423caa711e818f2d8816a80b056bc65a52bc171

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-6JJLU.tmp

Filesize
242KB

MD5
39a15291b9a87aee42fbc46ec1fe35d6

SHA1
aadf88bbb156ad3cb1a2122a3d6dc017a7d577c1

SHA256
7d4546773cfcc26fec8149f6a6603976834dc06024eeac749e46b1a08c1d2cf4

SHA512
ff468fd93efdb22a20590999bc9dd68b7307bd406eb3746c74a3a472033ea665e6e3f778325849df9b0913ffc7e4700e2beed4666da6e713d984e92f9db5f679

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-71AJ3.tmp

Filesize
89KB

MD5
cc7dad980dd04e0387795741d809cbf7

SHA1
a49178a17b1c72ad71558606647f5011e0aa444b

SHA256
0bae9700e29e4e7c532996adf6cd9ade818f8287c455e16cf2998bb0d02c054b

SHA512
e4441d222d7859169269ca37e491c37daa6b3cdd5f4a05a0a246f21fa886f5476092e64dff88890396ef846b9e8d2880e33f1f594cd61f09023b3ef4cd573ea3

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-7T2QJ.tmp

Filesize
63KB

MD5
7af455adea234dea33b2a65b715bf683

SHA1
f9311cb03dcf50657d160d89c66998b9bb1f40ba

SHA256
6850e211d09e850ee2510f6eab48d16e0458bce35916b6d2d4eb925670465778

SHA512
b8ac3e2766bb02ec37a61218faf60d1c533c0552b272af6b41713c17ab69c3731fa28f3b5d73766c5c59794d5a38cc46836fd93255df38f7a3abd219d51bb41a

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-9A2KP.tmp

Filesize
167KB

MD5
236a679ab1b16e66625afba86a4669eb

SHA1
73ae354886ab2609ffa83429e74d8d9f34bd45f2

SHA256
b1ec758b6edd3e5b771938f1febac23026e6da2c888321032d404805e2b05500

SHA512
c19fa027e2616ac6b4c18e04959dfe081ef92f49a11260ba69afe10313862e8feff207b9373a491649928b1257cf9b905f24f073d11d71dcd29b0f9adac80248

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-DUTFB.tmp

Filesize
794KB

MD5
5b1eb4b36f189362def93bf3e37354cc

SHA1
8c0a4992a6180d0256abf669dfdee228f03300ba

SHA256
d2d7d9821263f8c126c6d8758fff0c88f2f86e7e69bfcc28e7efabc1332eefd7

SHA512
bf57664a96dc16dad0bb22f6be6b7dae0bb2ba2c6932c8f64aec953e77dc5cda48e3e05fb98efe766969832dbc6d7357f8b8d144bd438e366ce746b3b31e2c96

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-EJE47.tmp

Filesize
438KB

MD5
908111f583b7019d2ed3492435e5092d

SHA1
8177c5e3b4d5cc1c65108e095d07e0389164da76

SHA256
e8e2467121978653f9b6c69d7637d8be1d0ac6a4028b672a9b937021ad47603c

SHA512
fd35bacad03cfa8cd1c0fff2dac117b07f516e1e37c10352ed67e645f96e31ac499350a2f21702eb51be83c05cf147d0876dac34376eede676f3c7d4e4a329cb

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-ETBMD.tmp

Filesize
262KB

MD5
c4c23388109d8a9cc2b87d984a1f09b8

SHA1
74c9d9f5588afe721d2a231f27b5415b4def8ba6

SHA256
11074a6fb8f9f137401025544121f4c3fb69ac46cc412469ca377d681d454db3

SHA512
060f175a87fbdf3824beed321d59a4e14be131c80b7c41aff260291e69a054f0671cc67e2dda3be8a4d953c489bc8cde561332aa0f3d82ef68d97afcf115f6a3

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-GCFEV.tmp

Filesize
161KB

MD5
e2f18b37bc3d02cde2e5c15d93e38418

SHA1
1a6c58f4a50269d3db8c86d94b508a1919841279

SHA256
7e555192331655b04d18f40e8f19805670d56fc645b9c269b9f10bf45a320c97

SHA512
61ab4f3475b66b04399111b106c3f0a744dc226a59eb03c134ae9216a9ea0c7f9b3b211148b669c32bafb05851cc6c18bd69ea431dbc2fe25fe470cb4786fd17

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-H5C58.tmp

Filesize
431KB

MD5
6cd78c8add1cfc7cbb85e2b971fcc764

SHA1
5ba22c943f0337d2a408b7e2569e7bf53ff51cc5

SHA256
c75587d54630b84dd1ca37514a77d9d03fce622aea89b6818ae8a4164f9f9c73

SHA512
eafdf6e38f63e6c29811d7d05821824bdaac45f8b681f5522610eebb87f44e9ca50ce690a6a3aa93306d6a96c751b2210f96c5586e00e323f26f0230c0b85301

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-KIIIH.tmp

Filesize
63KB

MD5
98a49cc8ae2d608c6e377e95833c569b

SHA1
ba001d8595ac846d9736a8a7d9161828615c135a

SHA256
213b6addab856feb85df1a22a75cdb9c010b2e3656322e1319d0def3e406531c

SHA512
c9d756bb127cac0a43d58f83d01bfe1af415864f70c373a933110028e8ab0e83612739f2336b28dc44faaba6371621770b5bcc108de7424e31378e2543c40efc

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-M5LNU.tmp

Filesize
284KB

MD5
2d8a0bc588118aa2a63eed7bf6dfc8c5

SHA1
7fb318dc21768cd62c0614d7ad773ccfb7d6c893

SHA256
707dee17e943d474fbe24ef5843a9a37e923e149716cad0e2693a0cc8466f76e

SHA512
a296a8629b1755d349c05687e1b9fae7ed5de14f2b05733a7179307706ea6e83f9f9a8729d2b028eddc7caf8c8c30d69ad4fea6ec19c66c945772e7a34f100de

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-MR60J.tmp

Filesize
99KB

MD5
e13fcd8fb16e483e4de47a036687d904

SHA1
a54f56ba6253d4decaae3de8e8ac7607fd5f0af4

SHA256
0ac1c17271d862899b89b52faa13fc4848db88864cae2bf4dc7fb81c5a9a49bf

SHA512
38596c730b090b19e34183182273146c3f164211644ebc0a698a83651b2753f7d9b1d6ee477d1798bd7219b5977804355e2f57b1c3013bf3d498bf96dec9d02e

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-N2G90.tmp

Filesize
177KB

MD5
0d0d311d1837705b1eafbc5a85a695bd

SHA1
aa7fa3eb181cc5e5b0aa240892156a1646b45184

SHA256
afb9779c4d24d0ce660272533b70d2b56704f8c39f63dab0592c203d8ae74673

SHA512
14bc65823b77e192aacf613b65309d5a555a865ac00d2ab422fd209bd4e6c106ecce12f868692c3eea6dccb3fe4ad6323984aef60f69da08888abcd98d76327d

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-O9LAL.tmp

Filesize
242KB

MD5
c4002f9e4234dfb5dbe64c8d2c9c2f09

SHA1
5c1dcce276fdf06e6aa1f6ad4d4b49743961d62d

SHA256
f5bc251e51206592b56c3bd1bc4c030e2a98240684263fa766403ea687b1f664

SHA512
4f7bc8a431c07181a3d779f229e721958043129bbaec65a538f2dd6a2cab8b4d6165b4149b1df56b31eb062614363a377e1982fd2f142e49da524c1c96fc862e

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-PBBPJ.tmp

Filesize
30KB

MD5
3c033f35fe26bc711c4d68eb7cf0066d

SHA1
83f1aed76e6f847f6831a1a1c00fedc50f909b81

SHA256
9ba147d15c8d72a99bc639ae173cff2d22574177242a7e6fe2e9bb09cc3d5982

SHA512
7811be5ccbc27234ce70ab4d6541556612c45fe81d5069ba64448e78953387b1c023aa2a04e5dbf8caace7291b8b020bee2f794fbc190837f213b8d6cb698860

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-Q3O9V.tmp

Filesize
137KB

MD5
a8f646eb087f06f5aebc2539eb14c14d

SHA1
4b1fbab6c3022c3790bc0bd0dd2d9f3ba8ff1759

SHA256
a446f09626ce7ce63781f5864fdd6064c25d9a867a0a1a07dcecb4d5044b1c2b

SHA512
93bb40c5fe93ef97fe3bc82a0a85690c7b434bd0327bb8440d51053005a5e5b855f9fcc1e9c676c43ff50881f860817ff0764c1ad379fc08c4920aa4a42c5dbc

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-QNETM.tmp

Filesize
25KB

MD5
e9c7068b3a10c09a283259aa1b5d86f2

SHA1
3ffe48b88f707aa0c947382fbf82bee6ef7abb78

SHA256
06294f19ca2f7460c546d4d0d7b290b238c4959223b63137bb6a1e2255eda74f

SHA512
ac4f521e0f32dbf104ef98441ea3403f0b7d1b9d364ba8a0c78daa056570649a2b45d3b41f0b16a1a73a09baf2870d23bd843e6f7e9149b697f7e6b7222e0b81

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\is-T0K2H.tmp

Filesize
252KB

MD5
b4fde05a19346072c713be2926af8961

SHA1
102562de2240042b654c464f1f22290676cb6e0f

SHA256
513cec3ccbe4e0b31542c870793ccbdc79725718915db0129aa39035202b7f97

SHA512
9f3aee3ebf04837ceef08938795de0a044ba6602aacb98da0e038a163119c695d9cc2ca413bd709196bfd3c800112ababc3af9e2e9a0c77d88bd4a1c88c2ed27

Download Submit
C:\Users\Admin\AppData\Local\Gepard Fix MP3\libglibmm-2.4-1.dll

Filesize
452KB

MD5
d9d9c79e35945fca3f9d9a49378226e7

SHA1
4544a47d5b9765e5717273aaff62724df643f8f6

SHA256
18cbd64e56ce58ce7d1f67653752f711b30ad8c4a2dc4b0de88273785c937246

SHA512
b0a9cefac7b4140cc07e880a336dcbab8b6805e267f4f8d9423111b95e4d13544d8952d75ab51ade9f6dace93a5425e6d41f42c2aa88d3a3c233e340ee785eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R7CDL9JE\a43486128347[1].exe

Filesize
545KB

MD5
0001bcc487e8d196667c89e195023e6a

SHA1
235dc1109c9c8ff3773f1a7f7e7b4c5b7cd2feaf

SHA256
d4a9514d163339d2243cc7ec075d04cceeae34ce6759f93242315c6263c52b2a

SHA512
805f63ecdac755c1fe27cd47abb61e69d7ffe19e710f319cd577b3fce0a3d0e3e60d4f6c06ad1498033aa72981736e6f0602ad32aa29dabc2ef12fe31f906d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000332001\ddd2ea763e.exe

Filesize
897KB

MD5
d9f8c3112fa16b9c170a349c0aa6285f

SHA1
793ad3149d3d4eafe1036b3b381596bcd8f4e54b

SHA256
5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b

SHA512
fc2803deed529e75cb7d97cc7abc1bee10ce2538aa9e7d7953d7a0a66b4721bae2ca5e1515e02da11fa236f1938cb14ff7adcc8beef97e5a8e4fe015098c221f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\241004-qwfl7a1cpc86366abfd98b4e30f03b07c6ea4897ad5688cdc355a4ecb705fbc83115ab3c59N.exe

Filesize
105KB

MD5
fbd4fd1db07fc68859e386716c4f0ba2

SHA1
37af667801d79719e5ca9e01cf7a44981b00a23f

SHA256
e0d2da0a4038a8347d2e28561ec8b51c7b4a9e81a0b8d61291ec7f1a9adefc74

SHA512
e50f7e788d75c807e00762c0e22cd1b7dbaf44c2b74a27c8e62954434d94209e4443b440edf02070ad7ce9f7d4ae4cb0457698345fffafe74b91904bdcf9b4e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\_cffi_backend.cp311-win_amd64.pyd

Filesize
174KB

MD5
739d352bd982ed3957d376a9237c9248

SHA1
961cf42f0c1bb9d29d2f1985f68250de9d83894d

SHA256
9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

SHA512
585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\_decimal.pyd

Filesize
245KB

MD5
d47e6acf09ead5774d5b471ab3ab96ff

SHA1
64ce9b5d5f07395935df95d4a0f06760319224a2

SHA256
d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e

SHA512
52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
e8b9d74bfd1f6d1cc1d99b24f44da796

SHA1
a312cfc6a7ed7bf1b786e5b3fd842a7eeb683452

SHA256
b1b3fd40ab437a43c8db4994ccffc7f88000cc8bb6e34a2bcbff8e2464930c59

SHA512
b74d9b12b69db81a96fc5a001fd88c1e62ee8299ba435e242c5cb2ce446740ed3d8a623e1924c2bc07bfd9aef7b2577c9ec8264e53e5be625f4379119bafcc27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
cfe0c1dfde224ea5fed9bd5ff778a6e0

SHA1
5150e7edd1293e29d2e4d6bb68067374b8a07ce6

SHA256
0d0f80cbf476af5b1c9fd3775e086ed0dfdb510cd0cc208ec1ccb04572396e3e

SHA512
b0e02e1f19cfa7de3693d4d63e404bdb9d15527ac85a6d492db1128bb695bffd11bec33d32f317a7615cb9a820cd14f9f8b182469d65af2430ffcdbad4bd7000

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
33bbece432f8da57f17bf2e396ebaa58

SHA1
890df2dddfdf3eeccc698312d32407f3e2ec7eb1

SHA256
7cf0944901f7f7e0d0b9ad62753fc2fe380461b1cce8cdc7e9c9867c980e3b0e

SHA512
619b684e83546d97fc1d1bc7181ad09c083e880629726ee3af138a9e4791a6dcf675a8df65dc20edbe6465b5f4eac92a64265df37e53a5f34f6be93a5c2a7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
eb0978a9213e7f6fdd63b2967f02d999

SHA1
9833f4134f7ac4766991c918aece900acfbf969f

SHA256
ab25a1fe836fc68bcb199f1fe565c27d26af0c390a38da158e0d8815efe1103e

SHA512
6f268148f959693ee213db7d3db136b8e3ad1f80267d8cbd7d5429c021adaccc9c14424c09d527e181b9c9b5ea41765aff568b9630e4eb83bfc532e56dfe5b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
efad0ee0136532e8e8402770a64c71f9

SHA1
cda3774fe9781400792d8605869f4e6b08153e55

SHA256
3d2c55902385381869db850b526261ddeb4628b83e690a32b67d2e0936b2c6ed

SHA512
69d25edf0f4c8ac5d77cb5815dfb53eac7f403dc8d11bfe336a545c19a19ffde1031fa59019507d119e4570da0d79b95351eac697f46024b4e558a0ff6349852

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
1c58526d681efe507deb8f1935c75487

SHA1
0e6d328faf3563f2aae029bc5f2272fb7a742672

SHA256
ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2

SHA512
8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
e89cdcd4d95cda04e4abba8193a5b492

SHA1
5c0aee81f32d7f9ec9f0650239ee58880c9b0337

SHA256
1a489e0606484bd71a0d9cb37a1dc6ca8437777b3d67bfc8c0075d0cc59e6238

SHA512
55d01e68c8c899e99a3c62c2c36d6bcb1a66ff6ecd2636d2d0157409a1f53a84ce5d6f0c703d5ed47f8e9e2d1c9d2d87cc52585ee624a23d92183062c999b97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
accc640d1b06fb8552fe02f823126ff5

SHA1
82ccc763d62660bfa8b8a09e566120d469f6ab67

SHA256
332ba469ae84aa72ec8cce2b33781db1ab81a42ece5863f7a3cb5a990059594f

SHA512
6382302fb7158fc9f2be790811e5c459c5c441f8caee63df1e09b203b8077a27e023c4c01957b252ac8ac288f8310bcee5b4dcc1f7fc691458b90cdfaa36dcbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
c6024cc04201312f7688a021d25b056d

SHA1
48a1d01ae8bc90f889fb5f09c0d2a0602ee4b0fd

SHA256
8751d30df554af08ef42d2faa0a71abcf8c7d17ce9e9ff2ea68a4662603ec500

SHA512
d86c773416b332945acbb95cbe90e16730ef8e16b7f3ccd459d7131485760c2f07e95951aeb47c1cf29de76affeb1c21bdf6d8260845e32205fe8411ed5efa47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
1f2a00e72bc8fa2bd887bdb651ed6de5

SHA1
04d92e41ce002251cc09c297cf2b38c4263709ea

SHA256
9c8a08a7d40b6f697a21054770f1afa9ffb197f90ef1eee77c67751df28b7142

SHA512
8cf72df019f9fc9cd22ff77c37a563652becee0708ff5c6f1da87317f41037909e64dcbdcc43e890c5777e6bcfa4035a27afc1aeeb0f5deba878e3e9aef7b02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
724223109e49cb01d61d63a8be926b8f

SHA1
072a4d01e01dbbab7281d9bd3add76f9a3c8b23b

SHA256
4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210

SHA512
19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
3c38aac78b7ce7f94f4916372800e242

SHA1
c793186bcf8fdb55a1b74568102b4e073f6971d6

SHA256
3f81a149ba3862776af307d5c7feef978f258196f0a1bf909da2d3f440ff954d

SHA512
c2746aa4342c6afffbd174819440e1bbf4371a7fed29738801c75b49e2f4f94fd6d013e002bad2aadafbc477171b8332c8c5579d624684ef1afbfde9384b8588

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
321a3ca50e80795018d55a19bf799197

SHA1
df2d3c95fb4cbb298d255d342f204121d9d7ef7f

SHA256
5476db3a4fecf532f96d48f9802c966fdef98ec8d89978a79540cb4db352c15f

SHA512
3ec20e1ac39a98cb5f726d8390c2ee3cd4cd0bf118fdda7271f7604a4946d78778713b675d19dd3e1ec1d6d4d097abe9cd6d0f76b3a7dff53ce8d6dbc146870a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
0462e22f779295446cd0b63e61142ca5

SHA1
616a325cd5b0971821571b880907ce1b181126ae

SHA256
0b6b598ec28a9e3d646f2bb37e1a57a3dda069a55fba86333727719585b1886e

SHA512
07b34dca6b3078f7d1e8ede5c639f697c71210dcf9f05212fd16eb181ab4ac62286bc4a7ce0d84832c17f5916d0224d1e8aab210ceeff811fc6724c8845a74fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
c3632083b312c184cbdd96551fed5519

SHA1
a93e8e0af42a144009727d2decb337f963a9312e

SHA256
be8d78978d81555554786e08ce474f6af1de96fcb7fa2f1ce4052bc80c6b2125

SHA512
8807c2444a044a3c02ef98cf56013285f07c4a1f7014200a21e20fcb995178ba835c30ac3889311e66bc61641d6226b1ff96331b019c83b6fcc7c87870cce8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
517eb9e2cb671ae49f99173d7f7ce43f

SHA1
4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab

SHA256
57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54

SHA512
492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
f3ff2d544f5cd9e66bfb8d170b661673

SHA1
9e18107cfcd89f1bbb7fdaf65234c1dc8e614add

SHA256
e1c5d8984a674925fa4afbfe58228be5323fe5123abcd17ec4160295875a625f

SHA512
184b09c77d079127580ef80eb34bded0f5e874cefbe1c5f851d86861e38967b995d859e8491fcc87508930dc06c6bbf02b649b3b489a1b138c51a7d4b4e7aaad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
a0c2dbe0f5e18d1add0d1ba22580893b

SHA1
29624df37151905467a223486500ed75617a1dfd

SHA256
3c29730df2b28985a30d9c82092a1faa0ceb7ffc1bd857d1ef6324cf5524802f

SHA512
3e627f111196009380d1687e024e6ffb1c0dcf4dcb27f8940f17fec7efdd8152ff365b43cb7fdb31de300955d6c15e40a2c8fb6650a91706d7ea1c5d89319b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
2666581584ba60d48716420a6080abda

SHA1
c103f0ea32ebbc50f4c494bce7595f2b721cb5ad

SHA256
27e9d3e7c8756e4512932d674a738bf4c2969f834d65b2b79c342a22f662f328

SHA512
befed15f11a0550d2859094cc15526b791dadea12c2e7ceb35916983fb7a100d89d638fb1704975464302fae1e1a37f36e01e4bef5bc4924ab8f3fd41e60bd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
225d9f80f669ce452ca35e47af94893f

SHA1
37bd0ffc8e820247bd4db1c36c3b9f9f686bbd50

SHA256
61c0ebe60ce6ebabcb927ddff837a9bf17e14cd4b4c762ab709e630576ec7232

SHA512
2f71a3471a9868f4d026c01e4258aff7192872590f5e5c66aabd3c088644d28629ba8835f3a4a23825631004b1afd440efe7161bb9fc7d7c69e0ee204813ca7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
1281e9d1750431d2fe3b480a8175d45c

SHA1
bc982d1c750b88dcb4410739e057a86ff02d07ef

SHA256
433bd8ddc4f79aee65ca94a54286d75e7d92b019853a883e51c2b938d2469baa

SHA512
a954e6ce76f1375a8beac51d751b575bbc0b0b8ba6aa793402b26404e45718165199c2c00ccbcba3783c16bdd96f0b2c17addcc619c39c8031becebef428ce77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
fd46c3f6361e79b8616f56b22d935a53

SHA1
107f488ad966633579d8ec5eb1919541f07532ce

SHA256
0dc92e8830bc84337dcae19ef03a84ef5279cf7d4fdc2442c1bc25320369f9df

SHA512
3360b2e2a25d545ccd969f305c4668c6cda443bbdbd8a8356ffe9fbc2f70d90cf4540f2f28c9ed3eea6c9074f94e69746e7705e6254827e6a4f158a75d81065b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
d12403ee11359259ba2b0706e5e5111c

SHA1
03cc7827a30fd1dee38665c0cc993b4b533ac138

SHA256
f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781

SHA512
9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
0f129611a4f1e7752f3671c9aa6ea736

SHA1
40c07a94045b17dae8a02c1d2b49301fad231152

SHA256
2e1f090aba941b9d2d503e4cd735c958df7bb68f1e9bdc3f47692e1571aaac2f

SHA512
6abc0f4878bb302713755a188f662c6fe162ea6267e5e1c497c9ba9fddbdaea4db050e322cb1c77d6638ecf1dad940b9ebc92c43acaa594040ee58d313cbcfae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
d4fba5a92d68916ec17104e09d1d9d12

SHA1
247dbc625b72ffb0bf546b17fb4de10cad38d495

SHA256
93619259328a264287aee7c5b88f7f0ee32425d7323ce5dc5a2ef4fe3bed90d5

SHA512
d5a535f881c09f37e0adf3b58d41e123f527d081a1ebecd9a927664582ae268341771728dc967c30908e502b49f6f853eeaebb56580b947a629edc6bce2340d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
edf71c5c232f5f6ef3849450f2100b54

SHA1
ed46da7d59811b566dd438fa1d09c20f5dc493ce

SHA256
b987ab40cdd950ebe7a9a9176b80b8fffc005ccd370bb1cbbcad078c1a506bdc

SHA512
481a3c8dc5bef793ee78ce85ec0f193e3e9f6cd57868b813965b312bd0fadeb5f4419707cd3004fbdb407652101d52e061ef84317e8bd458979443e9f8e4079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
f9235935dd3ba2aa66d3aa3412accfbf

SHA1
281e548b526411bcb3813eb98462f48ffaf4b3eb

SHA256
2f6bd6c235e044755d5707bd560a6afc0ba712437530f76d11079d67c0cf3200

SHA512
ad0c0a7891fb8328f6f0cf1ddc97523a317d727c15d15498afa53c07610210d2610db4bc9bd25958d47adc1af829ad4d7cf8aabcab3625c783177ccdb7714246

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
5107487b726bdcc7b9f7e4c2ff7f907c

SHA1
ebc46221d3c81a409fab9815c4215ad5da62449c

SHA256
94a86e28e829276974e01f8a15787fde6ed699c8b9dc26f16a51765c86c3eade

SHA512
a0009b80ad6a928580f2b476c1bdf4352b0611bb3a180418f2a42cfa7a03b9f0575ed75ec855d30b26e0cca96a6da8affb54862b6b9aff33710d2f3129283faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
d5d77669bd8d382ec474be0608afd03f

SHA1
1558f5a0f5facc79d3957ff1e72a608766e11a64

SHA256
8dd9218998b4c4c9e8d8b0f8b9611d49419b3c80daa2f437cbf15bcfd4c0b3b8

SHA512
8defa71772105fd9128a669f6ff19b6fe47745a0305beb9a8cadb672ed087077f7538cd56e39329f7daa37797a96469eae7cd5e4cca57c9a183b35bdc44182f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
650435e39d38160abc3973514d6c6640

SHA1
9a5591c29e4d91eaa0f12ad603af05bb49708a2d

SHA256
551a34c400522957063a2d71fa5aba1cd78cc4f61f0ace1cd42cc72118c500c0

SHA512
7b4a8f86d583562956593d27b7ecb695cb24ab7192a94361f994fadba7a488375217755e7ed5071de1d0960f60f255aa305e9dd477c38b7bb70ac545082c9d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
b8f0210c47847fc6ec9fbe2a1ad4debb

SHA1
e99d833ae730be1fedc826bf1569c26f30da0d17

SHA256
1c4a70a73096b64b536be8132ed402bcfb182c01b8a451bff452efe36ddf76e7

SHA512
992d790e18ac7ae33958f53d458d15bff522a3c11a6bd7ee2f784ac16399de8b9f0a7ee896d9f2c96d1e2c8829b2f35ff11fc5d8d1b14c77e22d859a1387797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-process-l1-1-0.dll

Filesize
21KB

MD5
272c0f80fd132e434cdcdd4e184bb1d8

SHA1
5bc8b7260e690b4d4039fe27b48b2cecec39652f

SHA256
bd943767f3e0568e19fb52522217c22b6627b66a3b71cd38dd6653b50662f39d

SHA512
94892a934a92ef1630fbfea956d1fe3a3bfe687dec31092828960968cb321c4ab3af3caf191d4e28c8ca6b8927fbc1ec5d17d5c8a962c848f4373602ec982cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
20c0afa78836b3f0b692c22f12bda70a

SHA1
60bb74615a71bd6b489c500e6e69722f357d283e

SHA256
962d725d089f140482ee9a8ff57f440a513387dd03fdc06b3a28562c8090c0bc

SHA512
65f0e60136ab358661e5156b8ecd135182c8aaefd3ec320abdf9cfc8aeab7b68581890e0bbc56bad858b83d47b7a0143fa791195101dc3e2d78956f591641d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
96498dc4c2c879055a7aff2a1cc2451e

SHA1
fecbc0f854b1adf49ef07beacad3cec9358b4fb2

SHA256
273817a137ee049cbd8e51dc0bb1c7987df7e3bf4968940ee35376f87ef2ef8d

SHA512
4e0b2ef0efe81a8289a447eb48898992692feee4739ceb9d87f5598e449e0059b4e6f4eb19794b9dcdce78c05c8871264797c14e4754fd73280f37ec3ea3c304

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
115e8275eb570b02e72c0c8a156970b3

SHA1
c305868a014d8d7bbef9abbb1c49a70e8511d5a6

SHA256
415025dce5a086dbffc4cf322e8ead55cb45f6d946801f6f5193df044db2f004

SHA512
b97ef7c5203a0105386e4949445350d8ff1c83bdeaee71ccf8dc22f7f6d4f113cb0a9be136717895c36ee8455778549f629bf8d8364109185c0bf28f3cb2b2ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
001e60f6bbf255a60a5ea542e6339706

SHA1
f9172ec37921432d5031758d0c644fe78cdb25fa

SHA256
82fba9bc21f77309a649edc8e6fc1900f37e3ffcb45cd61e65e23840c505b945

SHA512
b1a6dc5a34968fbdc8147d8403adf8b800a06771cc9f15613f5ce874c29259a156bab875aae4caaec2117817ce79682a268aa6e037546aeca664cd4eea60adbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
a0776b3a28f7246b4a24ff1b2867bdbf

SHA1
383c9a6afda7c1e855e25055aad00e92f9d6aaff

SHA256
2e554d9bf872a64d2cd0f0eb9d5a06dea78548bc0c7a6f76e0a0c8c069f3c0a9

SHA512
7c9f0f8e53b363ef5b2e56eec95e7b78ec50e9308f34974a287784a1c69c9106f49ea2d9ca037f0a7b3c57620fcbb1c7c372f207c68167df85797affc3d7f3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\python3.dll

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9042\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z0n0iow0.mak.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

Filesize
1.9MB

MD5
8dd8943882e620cf84a422cce07074fe

SHA1
6af3c1114e368f51bc136f074940b78fa7cbaf3c

SHA256
09494155d6bf6a2de0d2d54cf4706bbad142c402d8e3f8d4fd05cea93bf7d647

SHA512
017843f7ad19cc250b25126fe11ae4c047e03de4a813b2e0a9d35781d339a90d2a0dbbb35fe9cab4ae0df9806f3d8d5f8f2fb751dc27b6aa19ef22261339dbf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

Filesize
1.9MB

MD5
c64f5bac57cde187d77bffb5aa6097b4

SHA1
0385efa58df7315f49b834d72722206168da8f35

SHA256
12b7f2883090234a1d7570a907fb87e8cc8317e748b6086c6a6fcb7ae2113baf

SHA512
b5ce16ada5d05bd161a145b3afaed903362c3dbc1e9687a90e3b764f32a10a5b53ea80f3a3249133b1047cb9576537cd6eefee1f9ed1f6bb8e3898e7ee8c6ed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\avscan.exe

Filesize
193KB

MD5
a9fc791278bb1aea8738a82c390ca6e8

SHA1
b450abb341d71453cb6443779fecae2dfe310a7e

SHA256
df162dd5b6e8b71bfda056cd91a53607a92506d6043c63d2fee997ecc59bef55

SHA512
e73a1ffc2b8b390ebbad2018addc88e92de5f3e0c85ebc146c7bafbce964ec477743ffe5b0cd50101c6acf5091583b594c2bfff4824e8303d202fffc64c03bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\dll.tmp

Filesize
95KB

MD5
655a86eb3032eb7b1e83a65939017a8e

SHA1
894fb6e20767d38135f34c0f5984dba8824514b5

SHA256
decb585afcb290a0dc51e136c19a83eab841f98a0e4f808b856d60adfbbc9185

SHA512
930cd67d2208d549aef09e7b482cde01b7e7a5a5a1d343ff159178c532b5371bcf4656e6af7125170ae42e8e7f816a5b00bb1e806225f7c6aa33628d1f339934

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3KCR4.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3KCR4.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TDA58.tmp\241004-qxh4psxajpnoode.tmp

Filesize
692KB

MD5
16c9d19ab32c18671706cefee19b6949

SHA1
fca23338cb77068e1937df4e59d9c963c5548cf8

SHA256
c1769524411682d5a204c8a40f983123c67efeadb721160e42d7bbfe4531eb70

SHA512
32b4b0b2fb56a299046ec26fb41569491e8b0cd2f8bec9d57ec0d1ad1a7860eec72044dab2d5044cb452ed46e9f21513eab2171bafa9087af6d2de296455c64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\sfx.ini

Filesize
211B

MD5
4531a34d731ecaee0b044f479653c382

SHA1
83dcdad2a649f02ff98ac5d410034756f9a1daaa

SHA256
f39d84b827dce78abf78c72417b8b0b78d7ba95034aeceeb093e8281dfe1eba7

SHA512
81454ced7cff4905f02a9e70a483088ff903d0a95ac515cda6df744bc33c6137e347d92ba2986b4e0b3b4ef09566933011a4623aeb41aee4ee5d2b34830c91bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\winxdqnk.exe

Filesize
105KB

MD5
17ec7b9d7bb035dd99eb93e5e045b504

SHA1
7759b02644db66a30b82bd8aa7314451bae70ff9

SHA256
a965d594b1f7429c857b60fbe589fd21f7f983d368fb77e265758e775beb394b

SHA512
f97f317b817a52ecfdd442ca7789f0a3cc7df9f0dac432fc75fe28622e62fd35879803fe4f35a447bf1c3e37be457ecc838535fa21a64caa49a10d4c8ec2aaf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\~TMB30F.tmp

Filesize
1.6MB

MD5
1cf5669feb127f89f57e8e9d9ac11409

SHA1
d8aaccbbef08cde0161bfbc0f6b7b1e8a1c43d42

SHA256
35f8d721f246ae3e19d204f9bcab3237448ed906a25bba14e7016e5cdd2fc2ce

SHA512
7ebf6cc1a5a0d1ad89666af09bbdd947c02fcb933aeb72c8aff1a378582e38e5c816f806afe87038f10215c3c6c11e50f3226146ba3358e4d6005553cf373b08

Download Submit
C:\Users\Admin\AppData\Roaming\Paint.exe

Filesize
824KB

MD5
427face6223a7db04de81db3204863d0

SHA1
93002473dbb81ddf774e66df1e672676b0b9d8e9

SHA256
57e96f538817422fbceb841eb711c3ba8bf9ac4dcac495d4a436bf1799d4695e

SHA512
bef6a2d71509a7397a837188299692e6c5424b27706a198b3354c416dd3664c321ce5e9dafbb04bdbc59e226c8969ce5e392c66bc1ab727c3b02239d5e77e8bd

Download Submit
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe

Filesize
760KB

MD5
1394160f44ce4bf165999ef87885d7dc

SHA1
64ff4827167ea24f16aff4b5c9ad7a99f145bfd4

SHA256
85b202b9aca20bef3ee83313d436302046f81b03186aade841be5949bd71f4ff

SHA512
06c8efb150dfa684942a70143ac7c22d47eabf7ada7e50511a4ad0d5a9e8d9b5dacd433ef8452fd0253c373e06f0d5fa58eb16a31c16d61ef22400eb71e01ecf

Download Submit
C:\Users\Admin\Documents\iofolko5\8NSQ3icodcYnf5ZYkO7Hcuys.exe

Filesize
473KB

MD5
e485d6e885498765a035eabbbb3ab577

SHA1
99eafb809a1ba671795bb22a389be154d9f270de

SHA256
678c5f3c2187cad4c0dd036fe4e3d64bacfaf05e8eed36ecbfe9ad7cc386d67e

SHA512
70e9322d30f9f23d0f5a297de525c64f4b2e9425843aa472827c6c0d5aec8a814215c41d021858300a8b0045e5418d38d314b4cc49791ffd1ada340caa23140d

Download Submit
C:\Users\Admin\Documents\iofolko5\8jWD44gg5XyztbYvnTLFKK3c.exe

Filesize
551KB

MD5
afb6545269c4192d1833a1a43aa5c2e5

SHA1
56655c9b94be687c1ce439465cc413a795d4077c

SHA256
3bf88d712812d5e41781632fb64a962c2db90f567aabfcf6850a08b899cdf659

SHA512
284004e2458a182b5e22720c68138d350abbc82d6bef9ed5eff59127eba3a2bf3b5d5a4826d7dede170505e12424cc2e394994d70284cb264ba6b3ab963b6c54

Download Submit
C:\Users\Admin\Downloads\241004-q2xsnaxcnj1397a0ebd0e382dbbe670a0bb058898b_JaffaCakes118.exe

Filesize
21KB

MD5
1397a0ebd0e382dbbe670a0bb058898b

SHA1
a54c2ecd810c908c3078c859b3b99f06ea8ec670

SHA256
785f27af89eff5186ae6a0d0ccad0d7eace41451d7d6de2e040df3cb8e1e0b35

SHA512
fcf21810f8f52872742e71d77ea9a36bffa687201c99191934ec6291b0cc524609585fc8829b87367ca7aa07bd74eeb476c477da45fa1e45e12b21f11875d94d

Download Submit
C:\Users\Admin\Downloads\241004-q3873s1frbd008327587cb0d38e2c8c50084e6681f14083c8e40110059c14dcf54c86f8707.exe

Filesize
102KB

MD5
b11e94b7e6664725aa3f119a774c28cf

SHA1
ffe18441c9347fb72c72612a242bcb5b688479d6

SHA256
d008327587cb0d38e2c8c50084e6681f14083c8e40110059c14dcf54c86f8707

SHA512
f32b0a09442c593ba447d72be39ae1b933af18627b7ad5207f0267c9f62a672c29d2a18682bcaf2ea6f5f5827dad220d6fe643b71a0c283c00b794caf15170af

Download Submit
C:\Users\Admin\Downloads\241004-q783wa1hqf5e17e8af6162052361aaa226335477c9785162a66c4e54d2bf25fb08d430b64dN.exe

Filesize
93KB

MD5
b47ab6d9252691cb51b42f7585b81da0

SHA1
3c9329cfe9ada83b1d16819ebde456eefe838a1a

SHA256
5e17e8af6162052361aaa226335477c9785162a66c4e54d2bf25fb08d430b64d

SHA512
4525cba0881c593371f7903a23ab3d204d7687381875aef4ccdadbcc8671f23ca2fa3df72bd1bf83b5971abc5d2866588547ecfdd632dfcf7bf580a2f3d62439

Download Submit
C:\Users\Admin\Downloads\241004-q7eh9sxepl139e3b290647da54c526aebb23dbee2a_JaffaCakes118.exe_

Filesize
158KB

MD5
139e3b290647da54c526aebb23dbee2a

SHA1
b3a9a28812195c0c92533dc86bdd7379748cb786

SHA256
ce49e75d283dbd8c1eafddddb8ad2c3f2cca91d23b9bbe029b129e3865ba457e

SHA512
5612e030751cf15d09f217b13a39bdbae2e47a47a7a1eccaef087dd3861e91f67c36edfb43d434540e7ddde9ab02db4863d2d7fc422875e82c29deb1bc87b7da

Download Submit
C:\Users\Admin\Downloads\241004-qw257awhqp7f3c2473d1e6.exe

Filesize
550KB

MD5
33f127e35338687a1a64f67fa6ed3b9a

SHA1
672dc4d194a5ffe2fd5c23b411bca7b99647ebd2

SHA256
60bd16249ed2f24c98380920cb581f447a806541827d4eb2a5c1e889b9379c30

SHA512
c50878d3cb82e12384f1a1c214d9bec19dc7e0e54285336261837a4c92aa42fd9068ec27c6d0361e60935b097a59d3262c4295c6660eaabb57503e4a2f82b4c8

Download Submit
C:\Users\Admin\Downloads\241004-qxbdvs1djg956d73b7f041.exe

Filesize
473KB

MD5
6b1af3aedbe4cc21aaa3f265619c65f9

SHA1
a7523bfb277bda972206a584d5032de61f5b8c18

SHA256
0db238ecc6f027d553c26085977840865707bd24d2656656381d84c54e456206

SHA512
9ce963daccfa0bc93764fe799846a1df45cecf0cf6c5208decda59c78e15ee5053d436650c0f79de882a2d776c2655872742a86bd59c915132537a55a84566cf

Download Submit
C:\Users\Admin\Downloads\241004-qxcxpa1dkaa43486128347.exe

Filesize
518KB

MD5
6c7d97ae1b013c0b5aba8ca2186fda7e

SHA1
505ddef1e6bb7d132615a25c51d7094a7ef1807a

SHA256
c68856eee73796bc835c205be54888e3c99caf983dc5d35aedf2981fd41be527

SHA512
a8a886494e276dd07f2e497784b84552c03e8b1397dc30c8bfdf720e9c36bd422b9dab339527abff43c46b12e6561154942087a3a3736575c74315d6a5e64df9

Download Submit
C:\Users\Admin\Downloads\241004-qxe22s1dke2024-10-04_b250c15da31e4f81d625890d5baa5802_cobalt-strike_cobaltstrike_poet-rat_snatch.exe

Filesize
5.0MB

MD5
b250c15da31e4f81d625890d5baa5802

SHA1
a33f78eed39673c49ba17b3cb45aefe0b31701c8

SHA256
ea0a3fda76eb0fa907516da5e58170fe411c181a021b93886d36b0f4c27a4ce3

SHA512
60eeab14bdde5c55070a3b4732895174f4d8cbf252511f076b7b4afcaf9662113ac3f2e2d8ca3affef7e298fab2ac2ce80158ce6e9fb07cc45c5dc6e4b931a59

Download Submit
C:\Users\Admin\Downloads\241004-qxh4psxajpnoode.exe

Filesize
4.2MB

MD5
225c37388536e2baac97377392539c05

SHA1
106e85c309a70f31ac504215fe33e52c7115113e

SHA256
882a455f3229947a48a9ffc328c920705f548c41ee75dbfab2522bfbf0dd6f45

SHA512
37cbd732e584790e334cede0a5b23ba9cffaa5dcb0bce20d7beb3b5c6735d5c776206e1c986d74bd9845d1b1a7d588e0ae4ac3c7a61f24b768e034d53f00b93f

Download Submit
C:\Users\Admin\Downloads\241004-qxtv7sxalk2024-10-04_b3fca47c6f9e364492a357cb60a70c2f_cobalt-strike_cobaltstrike_poet-rat.exe

Filesize
6.0MB

MD5
b3fca47c6f9e364492a357cb60a70c2f

SHA1
c59555c36e39ed276dbbacc7e38c394c4b0f7dcc

SHA256
924f1239f659c38a15a20d03b616e5a1fcafa1256e453dc9587bbe1bed12816b

SHA512
9bd72b2cb8a1d8e894b6b23cb3800dfa8d72bbd01da026a70637a7da2c90eff451d3b58496e985a2f62bc8ccf8ababe77a12b50b2489412e563857b1874837e3

Download Submit
C:\Users\Admin\Downloads\241004-ranaksxgjp0b7527db8e630be9b1ef2a15273a00d7bbaf4d6cd5d248c0bfc80481ba2e979bN.exe

Filesize
593KB

MD5
34e9e5e4fb10d67c329e69421e53ea10

SHA1
20054480dda5704763b4a13ffd19e5a58f30d330

SHA256
0b7527db8e630be9b1ef2a15273a00d7bbaf4d6cd5d248c0bfc80481ba2e979b

SHA512
97e0f541bb4da270d5ebd6b42ceb517ae3a6f64a03d9e0de122b6a8de184183f3f826380bbc89f7f9a8c7e3c8ebd91264d77aa436e0410d61b57fdc62ce27d77

Download Submit
C:\Users\Admin\Downloads\241004-rb57sasbpab88e6886bd28f01505d4679a9722660d82e2a433431c1c79384323d481dd9a70N.exe

Filesize
331KB

MD5
8b7633948aaeeacb8ee0558b873a6300

SHA1
2c381158e5426fe49447e66841a21bd986981743

SHA256
b88e6886bd28f01505d4679a9722660d82e2a433431c1c79384323d481dd9a70

SHA512
49d44d7a64c90336a54975fa5f0be7f67bb616b6117f52957e3b1f35fe38cdbaa89cb4d1ad0a05ca59a5ec717140ee8fb6a5e9269adfdc8d29a106057d34037e

Download Submit
C:\Users\Admin\Downloads\241004-rbsaxssbmefile.exe

Filesize
1.7MB

MD5
12d739020631ac8c5112b76fa40587e3

SHA1
db06deebbff776081230e6c4ff030c59956bb8d1

SHA256
65872d1d1b8cbcf049dc49a328e9b6723eeb79fcb2e23e40d3159cf80756e33f

SHA512
86923fbd4ea58a5c80a3dc0325447a805dc2282f00c42b3726da8b22f1d36ce73e5f8d1a0a76b7c46a130eab2a7c7f78710c578ab50fbc201050bf6104123b9e

Download Submit
C:\Users\Admin\Downloads\241004-rdh52ascma13a6ea92bd6b38ab4e8727eb268b5d86_JaffaCakes118.exe

Filesize
72KB

MD5
13a6ea92bd6b38ab4e8727eb268b5d86

SHA1
1ead9c76efddf8247ec40b2af9d604e2edd01897

SHA256
98dcd25160b6d90f98e63824a46de0f767ca788684e0cbf720c01d09243808d2

SHA512
05d9453dec7140cc7b4eed17ca1bb2f1091fe82e316c391cdb452a7ae920c31cd1b3edb8773f282b9d73f67dab27cdfe49e60bcd95d9f3b3bc0dddf2c487d280

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
21KB

MD5
5373dd486fd9edee8e2bb7588ecce818

SHA1
60d98fba6010a3303d674ee19f0fcd9462ed8e2f

SHA256
13bcc1cbe242c4613b41ec62d24a299f96b95fd81e8d644c5cabaa316432fb2a

SHA512
59e0a2e60c09d14bebd232d09b042b41d4bd6b5c1319db6835c28ca68d757834a6fd4919c5b0af7381738886ff361fa374f6777eb1bdf706112ea0eb9bdfed31

Download Submit
C:\Users\Admin\Videos\Ngemjg32.exe

Filesize
1.8MB

MD5
45377b65cb6470d2cf93286ccf3ba330

SHA1
aadd93a87d7622bec39a7e0e42350897419c0ce1

SHA256
91e58a71f5f73d36ee618b2bd4b7071799873d0401e734a067efd412e9790778

SHA512
2672c850ebff9164cc77a32ada6965b253db5f9504d9dd5d3691abd0910d8f5cf21488e0f87d4a2c3dd4b24011c2c1f9a211b6a7f64cadd31a05ed873357aabf

Download Submit
C:\Users\Admin\giuiku.exe

Filesize
236KB

MD5
c1be3db3602e9178c3a84822e8c6d2b1

SHA1
eb290b1f70da909df171b9f0749e6bd229b1d5ea

SHA256
49bbe766a0673b5557449a24cf2e2b009cca9455410557ce0bdc76e5a07753d8

SHA512
59edef6f30291ce98e9f57b509b7e20e9ca6480eb5e2646481fa8a2c9623e738cc06810846a347a823f3cf90bc3294f41800a6fc22f81baaf683b16bb0250f6b

Download Submit
C:\Users\Admin\miapuip.exe

Filesize
168KB

MD5
597ef4677f9f2fb556fcebbf21656bd4

SHA1
e9929170715fde71ef925ef966bcc01211a4f90a

SHA256
a0b7953f9357373fadb0d0679e3c72e7ec12346fbd60387586a372dcecab7ebd

SHA512
b95abee8455123f3dcee9ac00e52f76e6769c933fdd6c839522a848abcf46194f6cd31f449c99647fbafc8bd9859fef4587766528220f475886c01bbcfd27cc5

Download Submit
C:\Users\Admin\miapuip.exe

Filesize
196KB

MD5
82bf5ef77f9ce365235f7408f4ec4f6e

SHA1
50cae8b92632285f8504c0c4251796d7557b564d

SHA256
65410ca848ecb870bc4f226910955d9e3bea31a52127e8ac5a378c925ff26186

SHA512
07767be1f0f0343ab361b0c53600c9097e3801288ef57a8b46581ccd0fbd5e0f5b3a088c5613560db682776c425f695aba4a3d92d648b696dc9955b2bdcbcefc

Download Submit
C:\Users\Admin\nauneeh.exe

Filesize
236KB

MD5
a1612976a3a93a4842fa573f6dfbdbfc

SHA1
d1f032d32221d2e3c757ecee8f6806c94f3a626a

SHA256
c3c7ee4b2a3f98a02033173c3945e0a934fa398b4cd1305672b4349a650c06d3

SHA512
0889c12c04d92b13822ed7a542620ee7c8c90d108205873062fdcca69ccb6bdbd5040785f20ad7100df954e03e92fe7e2460bb263d365c316cdba430c1ae4d0f

Download Submit
C:\Users\Admin\nauneeh.exe

Filesize
208KB

MD5
f17d948ea184e559f092265d650b8ae3

SHA1
81d1e74609c384d0134de8242b7c52c225e083d8

SHA256
753eb8f064678f5291f13175b7ef52b242aeef44bad29cf8ca8456ab44bf2855

SHA512
2ed8ef778879e9a03d7a0b317fc8fe54668209489396a5a0b8e75f822a0c8b1af03b38a2559b10949b2a3fe831933b2c8b760a05cd001b079a8ea0e6d21612e1

Download Submit
C:\Users\Admin\reiak.exe

Filesize
248KB

MD5
a48116a0d24062b83cefef92d99a8c22

SHA1
c5debc671e50c4650082e845ec5c1f3ce4a75506

SHA256
9aafcdbe2022ebf9da39514a95f4e37b7c2b4db3769bccc47dabfb20c10d2c96

SHA512
2dcba8d541ce93bb62565a772add0da54f56350adf9b358cca37734df87c657b5443c1f6704c7a504bb4b8358683654f39eb0715fc01f803b28a09757ffcf77f

Download Submit
C:\Users\Admin\reiak.exe

Filesize
220KB

MD5
9160d9c104710ce5964903284f43b072

SHA1
9e5fbb08030570e70b65ba896ae501f61ca022fc

SHA256
7f3edac59a001382fdc880ead55a6040b4837ca023c314de656c2f3593be2f2c

SHA512
428c864fa0f9bf86298a7a9bc723afe671a2e3653fc9f44702fbf5cb53c3e1ddac5ca4b8753ec8cbbcc6f97a87565ba153f628dd8f7cdcf9996c082ede62ebd0

Download Submit
C:\Users\Admin\tomov.exe

Filesize
256KB

MD5
e0be43a24cf1ff91c27f8f09fc77b2cf

SHA1
940affe46bdd77a7a47f1090b5a28bc4f40c3814

SHA256
482b85729df5f5aeb2a7690b59df731d28b566eafdc9bcfc46f040ccc41ede60

SHA512
048074f567b87cd08dc2c7c9282119b6743a8bc1f0c657d73d1d19569946659bf0dde5e3e5046cfb0ed6a174e088a713e84cb4c1dad82d5a886f6b9dc0c96acc

Download Submit
C:\Windows\BJ.exe

Filesize
680KB

MD5
a60476550d35cb1b14c793119b6195e5

SHA1
d20aeaad86dfa4c9468d9c87715801655fbd0b32

SHA256
953ad796c47b2b8112c4ed8ed53bad9ad9bb8c123477db105bbeaf16c0c66877

SHA512
1927d7c22539c31739c89489201953764ef061754c64e0225a5b153ffa85857dad89090151ff960f0319354654a8ebc14ceefb7d875c61a73096e223909292b4

Download Submit
C:\Windows\Driver.db

Filesize
82B

MD5
c2d2dc50dca8a2bfdc8e2d59dfa5796d

SHA1
7a6150fc53244e28d1bcea437c0c9d276c41ccad

SHA256
b2d38b3f122cfcf3cecabf0dfe2ab9c4182416d6961ae43f1eebee489cf3c960

SHA512
6cfdd08729de9ee9d1f5d8fcd859144d32ddc0a9e7074202a7d03d3795bdf0027a074a6aa54f451d4166024c134b27c55c7142170e64d979d86c13801f937ce4

Download Submit
C:\Windows\SysWOW64\Ahmjjoig.exe

Filesize
52KB

MD5
5b9fc1a0a9bd33ef9eb7655668503fe2

SHA1
6ac7ed317f7253b7ef9abdd47196e5e55e8305c7

SHA256
00b5c4dfc4b65989f910575fed689a27d6da213db8180074eb1238601f03bdea

SHA512
fae554b7a48bf281b50b9987cf305ae37e87c615815be4d578a06ede2379fe13535a22dcad73e38e04e6554023dfae96d7a9e303d96f8b64a833c02660319927

Download Submit
C:\Windows\SysWOW64\Benjkijd.exe

Filesize
236KB

MD5
afbddb61308c0fea1303183cb22e800d

SHA1
83322d781a243e5e5255a5dfafed46c4bc84d36b

SHA256
6f6b4d71b015c54f0bc10fd9e82884198f5f5c5aff1d4eaf4f9ecfd9321b9bda

SHA512
d81e27927fd5c4b4ae1a34b780a6f379da17e57032058b8b45d92919e54517dc0c79dfc3b0ce91bdbda3328fc57610b21676b5564e0df9f963ed03ce4bc3bd84

Download Submit
C:\Windows\SysWOW64\Bhgjcmfi.exe

Filesize
88KB

MD5
2d439c9ba6540df89b2cad9ca415dcfe

SHA1
2e66849ee7ec1b15758b8d4398803c21352bf9b8

SHA256
268838735890ac77bfc918c1b150c276938139318f0eec7a5d8476cf26ea04bb

SHA512
f3d860abf14dff3f1a67340778ca66bff9a2e7ed7db2899a8986994ba8f2b20c8229262559aa895ae966bdf2324277bab162a587d20a2709ad4f4f8a4d5904bb

Download Submit
C:\Windows\SysWOW64\Ciqmjkno.exe

Filesize
88KB

MD5
8e7d24fcd216c337dcc798701b0bc57a

SHA1
759d1e738a1c334c68818b5fba77feb8ed6294a8

SHA256
8b9227886ffeb40f313c3d620981d5bb644d32516bd35f15e49836bbf8b7b187

SHA512
6ecd7893f81863ebd3f74db368b5d2428ca29e9bcd87e2427cf8fd452f62080a3ccae8f4c815b666371c9da040f9e9ed9b2c60dc7163c7ff48097a46c147cf03

Download Submit
C:\Windows\SysWOW64\Cnndbecl.exe

Filesize
208KB

MD5
caca4ba3035855cf9364441561c700db

SHA1
fb446cb9be9297e2ecfd4673f7146d71ff7890b7

SHA256
782f10cb4ff8586081e531c9ae6d0786f307647be9557527a482da170c0a91bc

SHA512
9ffcf5bd980c8f34b4e232632565874a4fb151c2277786109aad170412e0819c90712795a680d83060e0f5d9756a730a8a9ee7e28ac5812562fbe97958539888

Download Submit
C:\Windows\SysWOW64\Dbpjaeoc.exe

Filesize
161KB

MD5
06f27b2d9c9d3f5651025c3ec04f7165

SHA1
ea1d510d5a7e39312d5764e7c5db08bc54a58461

SHA256
7911d992a5cd859be6d7209a8bb7b2190c730ec9f9fb6c706f3fd719e1b25dfe

SHA512
e1ba15f5ca6d439dceaa0a26eab0f0c40e570dea98a1377079508b31b286dd639d5b94d512e0b50bcfbe7b5b36838b1e504b0a49f8dfd2a2a103eefea59fb43e

Download Submit
C:\Windows\SysWOW64\Dlgddkpc.exe

Filesize
52KB

MD5
f3b51a4ff82e77d976e490c5c9007b8c

SHA1
28b3a9785d448766731b6940036596d5f3613a38

SHA256
5d49f443cfa44379d24a3d75abf989b5e98dabb09f017c35072eeb79e13a70bf

SHA512
0035a57a2c91f076f63a4b83b7ec733a828ca005343098888a9354d948c105e2305039ccdd51b299fd2dff1fed20fcba92a89c9c27d982cc4bb76462ed596aa0

Download Submit
C:\Windows\SysWOW64\Fkhpfbce.exe

Filesize
82KB

MD5
5a6030d7e4b3375cd7561e062de78125

SHA1
fc5c4aba45c86cadafa2c550cec03b6a7407bd0c

SHA256
00e2100d84a3c1676df59c3c39d22f53a3d265e15053cc9c334053509ffa5c28

SHA512
fe4ef45e0a308cee84e6722a80c4bd0b0ef4a9f8d80dc7f6ca813f2145e0bcde8365859431a5b77950a00cb0224f99b9d400206c32522a87740e1eac15f0bf71

Download Submit
C:\Windows\SysWOW64\Fpnkdfko.exe

Filesize
236KB

MD5
503f1cf1884cbeb23568038f0ebecca3

SHA1
0e83131b4841f523013bdb475aa38619f30ed56b

SHA256
a3f3e836204c5d05d7a9443cd16478b41969b8404e4269a622e739bc1b6d967b

SHA512
b45e77a386281f07c5c778112cabc946b62919b320749c29495e3926acd4183325a39c629e68ec75cb24ff5d60d4bef6d922a48b2cfa5fd88b7d6c7acac19fc0

Download Submit
C:\Windows\SysWOW64\Heeeiopa.dll

Filesize
7KB

MD5
ebec58c8682325b498867e26ab16e03c

SHA1
7d0ee572183903e5d02db50cb15eb3c5b6a36e28

SHA256
19d31745596bf59da22f61f4a1df72ea997383adb0e18813e7c39fdf8d4d081d

SHA512
273e128648b5b52ec4e0a3fe099f08eded2f33ea408e3a4dbf028203084622ff5092d8f520a8a7d6e206a51a7e1a0cdeeef4cef4e2d558699fcff845968e426f

Download Submit
C:\Windows\SysWOW64\Hhleefhe.exe

Filesize
88KB

MD5
9ba87bdbae9c9f5d98f1fb1c7ef02eaf

SHA1
017773479625a100087f1113e2c390cb335dbf54

SHA256
0dc94a336b3fb06f6cf4db537dd2fedd9c4dceb7a08c1ab6bbe15d51e889ef5f

SHA512
69aebf88eac831725adee47a6eb3cddb7c6ab6f31779b03fdbc88735c3213a364284b78458204ae55e8dabfdda3ca8e8cb78107ab0b4e08e10da3d6706c44dde

Download Submit
C:\Windows\SysWOW64\Hkggfe32.exe

Filesize
236KB

MD5
9a4559c0e06677a9d1d5853e8f847e4f

SHA1
69c3bb1e75d95f5f0bd8c7bde9a671cead119470

SHA256
64d1d00f0c43005373da8ac36cc4066549c1a80ae8f9884ee8fc1d6bb88b2e3c

SHA512
4385133562c4fc44990d7028b98ff74e4d71558effc79e64a440b2e628a02fbc919c8cb5c1a66fa45c6c107dd1dee7d99ec9709d1ae1b22cf38d25ccd7e9b513

Download Submit
C:\Windows\SysWOW64\Hkpmpo32.dll

Filesize
7KB

MD5
25df8419eef23d5304aa44375a0a639d

SHA1
a70e3a74348da056e702c16caffd60713ca013e7

SHA256
f09d324207543c164ffda499349b7c489b6e4b4d137aca6fbd34c0eaec4add89

SHA512
00880357123052d7c6030169a7875d790f006fad0d5de0173156327bf1cc7acedfd071748e936045029b70b18fd9dfcc0eb6ac34db999db6500f42600fe26309

Download Submit
C:\Windows\SysWOW64\Iacngdgj.exe

Filesize
407KB

MD5
6ab18c56f6bc2ab39286805fe4d73133

SHA1
35ac163cf4e69b5c0a8206d1b241b7339176aac4

SHA256
9e9d3e23ca22c97a053f09160924a9fbef38dbc0b818d32f2391cf961978604f

SHA512
34ff5de1a60f853a694bd4882b4f4e5fdd3bc807d21c527b528073ac8eac8e830074da2025b1747d3c252cca1794e87758055d7f7a83902769adf6395b415657

Download Submit
C:\Windows\SysWOW64\Ifipmo32.exe

Filesize
82KB

MD5
751ea8b1131b44b085050db77c6b2e68

SHA1
3987587fc7b06b5e0e6587490cd17b87616e598f

SHA256
1fdbd6fc280f53034ca8fc36d49a7022b8f0c526fd59e3d25e429fe77820ea01

SHA512
c96bd78b402accc76d697f3d52510880af4d681193b8076e1fe6526aaba6904012acf7f52b4f1945d3604bfc93b0b65e85cbac049cc06f87385525bf23182967

Download Submit
C:\Windows\SysWOW64\Jbccbi32.exe

Filesize
74KB

MD5
778a4e4ca37465f0cb3ca2fb24313e89

SHA1
8a2a52b80e1af80caf3b8c47fda5ac26a58b3990

SHA256
5982931aa61d35352bf06712278c68e77a8f97e42e0b3a7f0b5b3f039c667050

SHA512
ade3434258fa47cb8379a58c0f540baa4a473a884dc1a0fb60070f0ddf24b0c2c5df3aa2604efc0cd2d026b1cf2b8fdf871857cd16848aa44123efc884ea5300

Download Submit
C:\Windows\SysWOW64\Jmpgghoo.exe

Filesize
88KB

MD5
fd94de1d81c7ab80d4b030634b0995ab

SHA1
e3783137d4b4d90344a01c3cc6a18bd5c411a9bd

SHA256
f5ba824f3642f707705b5e95f1bfc6af4e4d306b032fc11544b81da674180d1f

SHA512
57aa0b22a4c40b7a0750fdcdccfc67534633b2d8e94cc35bacd5895c2c9042931926123a4dab3af13618c203c31bc1aec95b51c105148fd9216bc637e65b00e6

Download Submit
C:\Windows\SysWOW64\Kbigajfc.exe

Filesize
211KB

MD5
a6db4ea9e71f89304f2a04d1590445b5

SHA1
6845a70ae154c4d44a2ca0a3a15ab83082397321

SHA256
b775c5804be4d0e80455bcbfe5defae7013dbd1bed95d29f5e841a6fa62c22a7

SHA512
66f64dc23fb744229ebf78ecb48fe2dfbbf16327a2fe01a4989367330d8b45e8ab2f064d25fc47a2c6d22c60464004d31265874ff657e1f71cf321a6ac290f6c

Download Submit
C:\Windows\SysWOW64\Kmbkfp32.exe

Filesize
211KB

MD5
3f9db5af1b0bfaf825c2492e681dfa1c

SHA1
aea18cb6c365b166c1c00e449ba502d19e75dcfb

SHA256
4f23e6b8e1284ea75aa669c71fcae64ab6b1bd42512616bf2ce2a6e1544972b4

SHA512
57f7ffb7d66c194e65c069559ac0c9452b9ed44160d9da68fe1009980e65893aae6ec7ea3130faa2e728a88eb81b9cacb9d320a7ca4ebba5461104a30f3baec1

Download Submit
C:\Windows\SysWOW64\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Windows\SysWOW64\Mbmbiqqp.exe

Filesize
240KB

MD5
71ba11f5e031f75d77a1b18fdff48060

SHA1
d3db4b4368846d260148324fd514e2ded660492a

SHA256
8b760d32b218c6dbf16db41bba3fca17ba994e08024f85d3ebc9ca95bb2e4928

SHA512
5d97c22378b4d99bcee310e15bfc8980fbdab417c2578ac167e0312443f9b3efaf64a9ba4084674cf25712b021c521cdaa1ba0648d79059ac69125c4c448e579

Download Submit
C:\Windows\SysWOW64\Mgceqh32.exe

Filesize
82KB

MD5
ffd7776e9295614ab44f86d63438689c

SHA1
801bd4a88cfc253892fcfa49954dfbebd537ea12

SHA256
8f292bf43ec739aaa69d0c699b954ded2deeb84ea8622ea31e8276304a4c6858

SHA512
ffdfa5cd93b4e147e1f46374a1dc43c41c3383282350bbf1c64ad0914e17f38b55c20cc8109c6b916e0305a6689ee7035e192795507c40028e2a871ed2dbec41

Download Submit
C:\Windows\SysWOW64\Mhgkfkhl.exe

Filesize
211KB

MD5
6c7ee957ea0ed9b266549bd6f9ace11a

SHA1
456f4fbc0025f884b454ef1df1804fe11197cabd

SHA256
132c40f24e8fcf8a937e5ed79ae0fa7d1577fea0deb5268f22665d592997a452

SHA512
371d790dee7dc98c31983f9e8cf6564268862fdc7c9a34ec8a71605734489cfe959d987a6203306f44337831433c40e7769adb038a3d651e882fd9400c3ec457

Download Submit
C:\Windows\SysWOW64\Mhldbh32.exe

Filesize
245KB

MD5
422d5564d31970d499b124ecef8d26b0

SHA1
b519a1a9a0b2222e64399c1604252bedc6562c98

SHA256
e3ba594855603e600e3931ba8467e9da5cc0361496ba004b6b5729c720e839ea

SHA512
e22a4f92c0134628c6763f71a52ee7c1bc5e1e1f695f032dc1ff0f649034ac3f43db557228223f4c03eaf67f48f781bd5c2428932c33d7794520585755033921

Download Submit
C:\Windows\SysWOW64\Mnapnl32.exe

Filesize
55KB

MD5
26d5060697015fba570895da2625a906

SHA1
09988f29c95dca167ab0d9824d0827688264bfdd

SHA256
58b434ab7a5a72c8cdd72914a4c9270104226d7be6eada94cfddfa0b82da189e

SHA512
c8d60d498270939d441a4e93b26a4283bf010a605849fcc09bab2ba7f4d0b78799ac038a810bb2edf07b7bd168a8eb9b103777625df8a5093b4ac8f63ad884c5

Download Submit
C:\Windows\SysWOW64\Ofalfi32.exe

Filesize
236KB

MD5
b450339c0613cb29198f952082bf9e8a

SHA1
bc95228d0ed4c204b56f24732076a4303fb1ceaa

SHA256
1c9df2b2ebb0ec287a57e888205872c6107e347c6a45090131b327d82cb6c67f

SHA512
78f9453e147638e6456ae302b71af8031fbe0e803117d441d5c1f8c8b50ae5158886ae2779f82445fb7d5045c379c6c391f5ccee868b90e19627e3ec75a96c67

Download Submit
C:\Windows\SysWOW64\Omnqhbap.exe

Filesize
90KB

MD5
968531ac3d565730af44e9275927f6d8

SHA1
4c46a60b1624509a816818e7c83d993a54f1f907

SHA256
8c44270f32e51d2866ade0f7096ed3af31fc14df730627b1c43e91d56b1d361b

SHA512
358e757afc285b22a7da95ef82ffbcd6a9420ffee65e732823d6c579fcc083297edcd3329a1a9446acc8c654d69dda69c545ecedc76d5f022550ee406cbf081d

Download Submit
C:\Windows\SysWOW64\Ompfej32.exe

Filesize
211KB

MD5
7690b2ed3ea6209b4bebb49f27b3df0f

SHA1
bed2f643f1f3fe436a4678e0fd35faff0cc22ccd

SHA256
48663bf4ef443e6ccb61debe09de0ec97deaafe2af06e01cdbb12ed3f666aef5

SHA512
55c214e9a74000715a7e66efcb531f5520f2449a2b741ac9dc1af064b2a1025348cf49c52a6c7e219d4f4d402f0ca9ff8390ec193862a19959d8c0cb1c157ba1

Download Submit
C:\Windows\System\explorer.exe

Filesize
184KB

MD5
08d96d7e8d585795ed084a8a4077c332

SHA1
ec042534157439b5e52aa3db1cca4a3245f772e2

SHA256
ef7f24d38822bf3a84134da37e5351893223bb50a319ac23e889188afad52372

SHA512
dabbd801eaf70147b72f3b6819cbce206e8d0eb5d3df4097f87118d01633f0f5439ed9ff992041aa08fc44740b72e2ac92b5f4855fa5b7537b13ee1a005a9de3

Download Submit
C:\Windows\System\jTVRyRJ.exe

Filesize
5.2MB

MD5
67740c681e7843bde7e5b904aa63ce32

SHA1
bf8726b5696c42d2fa288648ba2eea0ee9053a55

SHA256
673e21b0969b77e53b676451999f98844cab7eb3b24ee4ee05eb7e345207dbe8

SHA512
c62d9f2aafad9f497a94deb2b0a3cb4d245542a528790a3ddc808e1c4834268bdb34e9d37e4fccbe4f122dbe572dd03515467e1f3c6b60cfe49ca6c74af1cd6a

Download Submit
C:\Windows\System\sservice.exe

Filesize
349KB

MD5
1394c22b0da66a5c58a0bbc0dbe19b8d

SHA1
38085d0a46ed30e83b0fd7f8244028d29fa36998

SHA256
cf7bb6d7c148f181bc55a5dcbb9805c1b91cc85448a180545a515d5067f22f67

SHA512
d83d3100032d427f29ea438063c2e2b6decb1581e315dc2351599845df5cd0f9ca0c48d142f7f86b9ec5973d167858939d8aeded7f4820053c0f2f45f9a453b4

Download Submit
C:\Windows\svhost.exe

Filesize
298KB

MD5
54be64a66791c710ffb2ffeb31bab488

SHA1
0f49537489c9923ffe78ebb8d983fefaeaa9eeb8

SHA256
e3e2a6c3713f5702781221064bedc8eb59a9ca53d36ef2d9cba7f0f880737823

SHA512
6aaa3339659725640e1136ac8b36a9a567289dba7e2d550d5aa73eb07dc2cb8a675265ccdfc3f27cf761dd560501fa0d4a238751e9a5e00325f5762615d43a14

Download Submit
C:\Windows\zhlcnenb\patnaln.exe

Filesize
9.1MB

MD5
049d45920c96c757addc4815d11212be

SHA1
1b200a75c50541b0819e5ce84e2efe405f2b086e

SHA256
0db5462123b2ca4f18fd62dd3901889c27305b641760a427a74fc2458561046a

SHA512
51202ee475d5456fba929a6eca89b705f0941b86becc2e4d4d4a706783d127322d9177db527577f70a3a7be3a168fd62631e3beb68671175342da7bb12e6e2f2

Download Submit
C:\frxrrxr.exe

Filesize
53KB

MD5
8a7d51b7612286c41ae52e6a945d9236

SHA1
0af7bd297fdd2659385873c1dd8f765c857f49e2

SHA256
712b61f63d767cb0704d455654416a9250d4880d6640766576156b201b92da71

SHA512
14af7e9a9342e09f644a68f17a5bb824c98d1e44971b160701bc022f5ca95efee7531626f599daf5367f4046a858fc85c2c22e97246fc74fe012b24f986db08d

Download Submit
C:\rffxrrl.exe

Filesize
285KB

MD5
30f620fb529b0aa5c934b47414a8830e

SHA1
93fa48348befe143d2d9f8f0d8316c392b711146

SHA256
a9a26c03594a8e07b37ecac5dde20896c73504fc3122405971aba1a9c4c841ce

SHA512
fa8d42fce83b96d01a9720e63930d95943173bda2c5aca5d8d1604be8f2fcdb828e1b65966e5f24590f51defb9503ca6ea04eff459286555d51f02aaf1605065

Download Submit
C:\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1287768749-810021449-2672985988-1000\desktop.ini.exe

Filesize
4.0MB

MD5
d03f51f0df963347f7f0c2b2a35b0f12

SHA1
6a4aa020b1a13097f0e87d8e347b2db7f62725b5

SHA256
cc78fb2a906111288860f1e5622635b3e8e6a1a0419cfb2bf7a0d550a1444bd5

SHA512
e3ebba228dcc8777cdda52018f5a7cb13034fa7f12f658079f54374efb050940d487a884dfa887462370d3af57f29a03a542d2935e72e3209f0c470897a530d4

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
memory/108-277-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/336-408-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/464-131-0x00000000655C0000-0x0000000065669000-memory.dmp

Filesize
676KB

Download
memory/464-570-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/788-511-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/868-512-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/880-447-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/884-860-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/908-698-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/908-577-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/924-455-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/924-626-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/984-262-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1040-419-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1056-467-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/1156-407-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1164-339-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1416-614-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1576-409-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1664-465-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1732-615-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1756-322-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1768-379-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1780-887-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1980-648-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2016-259-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2072-307-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2136-468-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2176-946-0x0000000000890000-0x0000000000911000-memory.dmp

Filesize
516KB

Download
memory/2184-338-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2296-861-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2380-321-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2432-862-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2520-476-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2584-340-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2620-514-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2704-355-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2752-232-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2752-247-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2760-610-0x0000000000360000-0x00000000009ED000-memory.dmp

Filesize
6.6MB

Download
memory/2840-583-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2856-863-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2952-417-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2968-616-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3020-328-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3028-279-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3116-503-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3116-568-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3116-513-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3116-538-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3116-501-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3116-500-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3116-502-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3184-418-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3196-280-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3328-466-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/3372-541-0x0000000002280000-0x000000000330E000-memory.dmp

Filesize
16.6MB

Download
memory/3372-464-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3608-382-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3608-413-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3768-308-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3828-613-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3964-685-0x0000000002990000-0x00000000029CB000-memory.dmp

Filesize
236KB

Download
memory/3964-680-0x0000000002950000-0x000000000298F000-memory.dmp

Filesize
252KB

Download
memory/4048-516-0x0000000000370000-0x00000000003F1000-memory.dmp

Filesize
516KB

Download
memory/4204-888-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4244-341-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4352-892-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4364-1053-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/4372-236-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4404-356-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4484-617-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4512-457-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4528-515-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4624-469-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4652-510-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4748-378-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-612-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5068-225-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5072-611-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5144-618-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5200-671-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/5212-672-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/5244-673-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/5244-1028-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/5276-681-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5300-891-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5324-647-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5472-890-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/5480-686-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5488-893-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5508-1054-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5532-848-0x0000000000850000-0x0000000000D29000-memory.dmp

Filesize
4.8MB

Download
memory/5596-945-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5612-850-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/5624-851-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/5632-886-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/5680-852-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5704-756-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5740-759-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5784-853-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5804-869-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/5832-854-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5868-855-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5884-856-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5968-740-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/5968-796-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/5968-741-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/5968-739-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/5968-738-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/5968-1056-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6008-857-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6068-858-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6076-1057-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6084-1059-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6096-859-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/6096-925-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/6148-894-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6232-895-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6256-896-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/6312-897-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/6348-898-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6360-1055-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6424-899-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/6460-938-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/6524-939-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6564-940-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6636-941-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/6716-1058-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6912-889-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/6924-942-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6936-943-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6976-944-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download