berbew | 0e4c7ea1381577829677372822f13f5332f04047156d2e719e499c1546d0781e

Analysis

max time kernel
46s
max time network
54s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-09-2024 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

magic.exe
Size

11.2MB
MD5

2b6fa0f9cbe3f952fdb8177496461b53
SHA1

64e03359c3dc40288fb3755dc3eb28f6c4e5090e
SHA256

0e4c7ea1381577829677372822f13f5332f04047156d2e719e499c1546d0781e
SHA512

e235cbab4dca4b9b11c6596670c8972c562129dfe44c4000cf3a3707d2f1dd7af6cccfe04527249de74cadb7483cc6d464d5b812fab9924dd4f0d59dcf1a52a8
SSDEEP

196608:Vf3v86gVYibQQOOl2szsHFUK2r7UyTAdQmR8dA6lS8Qnf2ODjMnGydS8M9UprBOb:pWVHhZ2YsHFUK2JAdQJlaF3MnG38M9E

Score

10^/10

berbew blackmoon gandcrab modiloader sality backdoor banker discovery ransomware trojan upx

Malware Config

Extracted

Family

gandcrab

http://gdcbghvjyqy7jclk.onion.top/

Extracted

Family

berbew

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

Berbew
Berbew is a backdoor written in C++.
backdoor berbew
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 3 IoCs

resource	yara_rule
behavioral1/memory/1716-417-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/2616-433-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon
behavioral1/memory/5204-662-0x0000000000400000-0x0000000000429000-memory.dmp	family_blackmoon

GandCrab payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000100000002aa05-109.dat	family_gandcrab

Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
ransomware backdoor gandcrab
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

Detected Nirsoft tools 2 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
behavioral1/memory/4532-343-0x0000000000400000-0x0000000000417000-memory.dmp	Nirsoft
behavioral1/memory/4532-202-0x0000000000400000-0x0000000000417000-memory.dmp	Nirsoft

ModiLoader Second Stage 2 IoCs

resource	yara_rule
behavioral1/memory/1060-363-0x0000000000400000-0x000000000044F000-memory.dmp	modiloader_stage2
behavioral1/memory/1060-347-0x0000000000400000-0x000000000044F000-memory.dmp	modiloader_stage2

Executes dropped EXE 3 IoCs

pid	Process
2784	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
788	240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe
424	240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe

Loads dropped DLL 21 IoCs

pid	Process
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
1056	magic.exe
2784	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1060-363-0x0000000000400000-0x000000000044F000-memory.dmp	upx
behavioral1/memory/1060-347-0x0000000000400000-0x000000000044F000-memory.dmp	upx
behavioral1/memory/1060-345-0x0000000000400000-0x000000000044F000-memory.dmp	upx
behavioral1/memory/1060-344-0x0000000000400000-0x000000000044F000-memory.dmp	upx
behavioral1/memory/4532-343-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/4532-202-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/4044-201-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/3032-384-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1716-417-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2616-433-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/5204-662-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/4044-562-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2124-585-0x0000000002280000-0x000000000330E000-memory.dmp	upx
behavioral1/memory/2124-485-0x0000000002280000-0x000000000330E000-memory.dmp	upx
behavioral1/files/0x000200000002ab18-1512.dat	upx
behavioral1/files/0x000100000002abdb-2648.dat	upx
behavioral1/files/0x000100000002aafe-844.dat	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
3	discord.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000100000002aad5-1245.dat	autoit_exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rrjbypgj.tmp	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\rrjbypgj.nls	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rrjbypgj.tmp	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
12572	5352	WerFault.exe	158
20644	12340	WerFault.exe	396
19028	5916	WerFault.exe	172
19828	8308	WerFault.exe	247
11592	8484	WerFault.exe	269

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
8292	240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299}	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299}\InProcServer32	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299}\InProcServer32\ = "C:\\Windows\\SysWow64\\rrjbypgj.dll"	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2784	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
2784	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1220	MiniSearchHost.exe
2784	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
2784	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
2784	240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 1056	1392	magic.exe	80
PID 1392 wrote to memory of 1056	1392	magic.exe	80
PID 1056 wrote to memory of 3716	1056	magic.exe	82
PID 1056 wrote to memory of 3716	1056	magic.exe	82
PID 1056 wrote to memory of 2784	1056	magic.exe	83
PID 1056 wrote to memory of 2784	1056	magic.exe	83
PID 1056 wrote to memory of 2784	1056	magic.exe	83
PID 1056 wrote to memory of 788	1056	magic.exe	84
PID 1056 wrote to memory of 424	1056	magic.exe	85
PID 1056 wrote to memory of 788	1056	magic.exe	84
PID 1056 wrote to memory of 788	1056	magic.exe	84
PID 1056 wrote to memory of 424	1056	magic.exe	85
PID 1056 wrote to memory of 424	1056	magic.exe	85

C:\Users\Admin\AppData\Local\Temp\magic.exe
"C:\Users\Admin\AppData\Local\Temp\magic.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Users\Admin\AppData\Local\Temp\magic.exe
  "C:\Users\Admin\AppData\Local\Temp\magic.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3716
- - C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2784
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\4755.tmp.bat
      4⤵
      PID:6288
- - C:\Users\Admin\Downloads\240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe
    3⤵
    - Executes dropped EXE
    PID:788
  - - C:\Windows\SysWOW64\nslookup.exe
      nslookup nomoreransom.bit dns1.soprodns.ru
      4⤵
      PID:19004
- - C:\Users\Admin\Downloads\240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe
    C:\Users\Admin\Downloads\240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe
    3⤵
    - Executes dropped EXE
    PID:424
  - - C:\Windows\SysWOW64\Epikpo32.exe
      C:\Windows\system32\Epikpo32.exe
      4⤵
      PID:2368
    - - C:\Windows\SysWOW64\Eiaoid32.exe
        
        C:\Windows\system32\Eiaoid32.exe
        5⤵
        
        PID:1892
      - C:\Windows\SysWOW64\Epndknin.exe
        
        C:\Windows\system32\Epndknin.exe
        6⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\Eifhdd32.exe
        
        C:\Windows\system32\Eifhdd32.exe
        7⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\Eclmamod.exe
        
        C:\Windows\system32\Eclmamod.exe
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\Emdajb32.exe
        
        C:\Windows\system32\Emdajb32.exe
        9⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\Fbcfhibj.exe
        
        C:\Windows\system32\Fbcfhibj.exe
        10⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\Fibhpbea.exe
        
        C:\Windows\system32\Fibhpbea.exe
        11⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\Gfmojenc.exe
        
        C:\Windows\system32\Gfmojenc.exe
        12⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\Gphphj32.exe
        
        C:\Windows\system32\Gphphj32.exe
        13⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\Hienlpel.exe
        
        C:\Windows\system32\Hienlpel.exe
        14⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\Inlihl32.exe
        
        C:\Windows\system32\Inlihl32.exe
        15⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\Icnklbmj.exe
        
        C:\Windows\system32\Icnklbmj.exe
        16⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\Lklbdm32.exe
        
        C:\Windows\system32\Lklbdm32.exe
        17⤵
        
        PID:2132
- - C:\Users\Admin\Downloads\240919-pqyedayclh_eb575f4502d47d85e7ba7a5655d83bbd_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pqyedayclh_eb575f4502d47d85e7ba7a5655d83bbd_JaffaCakes118.exe
    3⤵
    PID:3712
- - C:\Users\Admin\Downloads\240919-pm286ayeqp_eb54f091b05a95511601e2f9f9771bae_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pm286ayeqp_eb54f091b05a95511601e2f9f9771bae_JaffaCakes118.exe
    3⤵
    PID:1472
  - - C:\Windows\SysWOW64\mspeupx.exe
      C:\Windows\system32\mspeupx.exe
      4⤵
      PID:4044
  - - C:\Windows\SysWOW64\netpass.exe
      C:\Windows\system32\netpass.exe
      4⤵
      PID:4532
- - C:\Users\Admin\Downloads\240919-pqrxlaycla_d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625acN.exe
    C:\Users\Admin\Downloads\240919-pqrxlaycla_d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625acN.exe
    3⤵
    PID:4524
  - - C:\Windows\SysWOW64\Eblpgjha.exe
      C:\Windows\system32\Eblpgjha.exe
      4⤵
      PID:1764
    - - C:\Windows\SysWOW64\Embddb32.exe
        
        C:\Windows\system32\Embddb32.exe
        5⤵
        
        PID:3648
      - C:\Windows\SysWOW64\Ejfeng32.exe
        
        C:\Windows\system32\Ejfeng32.exe
        6⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\Fllkqn32.exe
        
        C:\Windows\system32\Fllkqn32.exe
        7⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\Fdglmkeg.exe
        
        C:\Windows\system32\Fdglmkeg.exe
        8⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\Glldgljg.exe
        
        C:\Windows\system32\Glldgljg.exe
        9⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\Jjjpnlbd.exe
        
        C:\Windows\system32\Jjjpnlbd.exe
        10⤵
        
        PID:5676
- - C:\Users\Admin\Downloads\240919-pgpe4sycnr_eb512b5a4afe18facfab7be5b8c7a3b1_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pgpe4sycnr_eb512b5a4afe18facfab7be5b8c7a3b1_JaffaCakes118.exe
    3⤵
    PID:3236
- - C:\Users\Admin\Downloads\240919-pckw5axema_7422dbd012ff2868f74029b5b1c4063e18697c440f779c3e7242477fda41089bN.exe
    C:\Users\Admin\Downloads\240919-pckw5axema_7422dbd012ff2868f74029b5b1c4063e18697c440f779c3e7242477fda41089bN.exe
    3⤵
    PID:2692
  - - C:\Windows\SysWOW64\Fdqfll32.exe
      C:\Windows\system32\Fdqfll32.exe
      4⤵
      PID:3100
    - - C:\Windows\SysWOW64\Flngfn32.exe
        
        C:\Windows\system32\Flngfn32.exe
        5⤵
        
        PID:3696
      - C:\Windows\SysWOW64\Gfmojenc.exe
        
        C:\Windows\system32\Gfmojenc.exe
        6⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\Hlcjhkdp.exe
        
        C:\Windows\system32\Hlcjhkdp.exe
        7⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\Jdodkebj.exe
        
        C:\Windows\system32\Jdodkebj.exe
        8⤵
        
        PID:6124
- - C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
    3⤵
    PID:2020
  - - C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe
      "C:\Users\Admin\Downloads\240919-pn2zsaybmb_eb55a8a4624c28cf4a2f2a7d762fdd8e_JaffaCakes118.exe"
      4⤵
      PID:1060
- - C:\Users\Admin\Downloads\240919-pk5lhaydrp_2d6293784902f18955d10dea1de8888e15757543346334397e15c2b9d5b98adbN.exe
    C:\Users\Admin\Downloads\240919-pk5lhaydrp_2d6293784902f18955d10dea1de8888e15757543346334397e15c2b9d5b98adbN.exe
    3⤵
    PID:1216
  - - C:\Windows\SysWOW64\Fbfcmhpg.exe
      C:\Windows\system32\Fbfcmhpg.exe
      4⤵
      PID:4708
    - - C:\Windows\SysWOW64\Gbmingjo.exe
        
        C:\Windows\system32\Gbmingjo.exe
        5⤵
        
        PID:3660
      - C:\Windows\SysWOW64\Gdaociml.exe
        
        C:\Windows\system32\Gdaociml.exe
        6⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\Hdjbiheb.exe
        
        C:\Windows\system32\Hdjbiheb.exe
        7⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\Jdaaaeqg.exe
        
        C:\Windows\system32\Jdaaaeqg.exe
        8⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\Dmohno32.exe
        
        C:\Windows\system32\Dmohno32.exe
        9⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\Hmbphg32.exe
        
        C:\Windows\system32\Hmbphg32.exe
        10⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\Mjcngpjh.exe
        
        C:\Windows\system32\Mjcngpjh.exe
        11⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\Cgifbhid.exe
        
        C:\Windows\system32\Cgifbhid.exe
        12⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\Ehbnigjj.exe
        
        C:\Windows\system32\Ehbnigjj.exe
        13⤵
        
        PID:13608
        
        C:\Windows\SysWOW64\Amnebo32.exe
        
        C:\Windows\system32\Amnebo32.exe
        14⤵
        
        PID:18376
- - C:\Users\Admin\Downloads\240919-pllvsayajc_eaf872573f789a71ee88fb2c0d125675779acaafea9e764e0af4b262b869d209N.exe
    C:\Users\Admin\Downloads\240919-pllvsayajc_eaf872573f789a71ee88fb2c0d125675779acaafea9e764e0af4b262b869d209N.exe
    3⤵
    PID:1656
  - - C:\Windows\SysWOW64\Ffaong32.exe
      C:\Windows\system32\Ffaong32.exe
      4⤵
      PID:3744
    - - C:\Windows\SysWOW64\Gjfnedho.exe
        
        C:\Windows\system32\Gjfnedho.exe
        5⤵
        
        PID:3964
      - C:\Windows\SysWOW64\Hlcjhkdp.exe
        
        C:\Windows\system32\Hlcjhkdp.exe
        6⤵
        
        PID:924
        
        C:\Windows\SysWOW64\Iljpij32.exe
        
        C:\Windows\system32\Iljpij32.exe
        7⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\Jknfcofa.exe
        
        C:\Windows\system32\Jknfcofa.exe
        8⤵
        
        PID:5868
- - C:\Users\Admin\Downloads\240919-pja1haydlq_ed009b0a52915c37539da85f6b5700745d374502163662ccd02e6baa4fefda3fN.exe
    C:\Users\Admin\Downloads\240919-pja1haydlq_ed009b0a52915c37539da85f6b5700745d374502163662ccd02e6baa4fefda3fN.exe
    3⤵
    PID:748
- - C:\Users\Admin\Downloads\240919-pgkrxsycnl_385012a7809b8d9f2036d1bf378d59240ca1408584bc21b77edad1858f1cf1ecN.exe
    C:\Users\Admin\Downloads\240919-pgkrxsycnl_385012a7809b8d9f2036d1bf378d59240ca1408584bc21b77edad1858f1cf1ecN.exe
    3⤵
    PID:2392
  - - C:\Windows\SysWOW64\Gdlfhj32.exe
      C:\Windows\system32\Gdlfhj32.exe
      4⤵
      PID:4956
    - - C:\Windows\SysWOW64\Ggahedjn.exe
        
        C:\Windows\system32\Ggahedjn.exe
        5⤵
        
        PID:3200
      - C:\Windows\SysWOW64\Hlcjhkdp.exe
        
        C:\Windows\system32\Hlcjhkdp.exe
        6⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\Inlihl32.exe
        
        C:\Windows\system32\Inlihl32.exe
        7⤵
        
        PID:5552
- - C:\Users\Admin\Downloads\240919-petl2sxfkh_9b14fe8f92b42bd889c6594b002440f096281ab29ccbcdb9e2c426adf38667f6N.exe
    C:\Users\Admin\Downloads\240919-petl2sxfkh_9b14fe8f92b42bd889c6594b002440f096281ab29ccbcdb9e2c426adf38667f6N.exe
    3⤵
    PID:392
  - - C:\Windows\SysWOW64\Hlcjhkdp.exe
      C:\Windows\system32\Hlcjhkdp.exe
      4⤵
      PID:892
    - - C:\Windows\SysWOW64\Icdheded.exe
        
        C:\Windows\system32\Icdheded.exe
        5⤵
        
        PID:5152
      - C:\Windows\SysWOW64\Jncoikmp.exe
        
        C:\Windows\system32\Jncoikmp.exe
        6⤵
        
        PID:5600
- - C:\Users\Admin\Downloads\240919-pepm4aybqm_1452d3b9cd9c6a82a76158252ba0f9660b33f610cbe0b1207f13728f4e79f3deN.exe
    C:\Users\Admin\Downloads\240919-pepm4aybqm_1452d3b9cd9c6a82a76158252ba0f9660b33f610cbe0b1207f13728f4e79f3deN.exe
    3⤵
    PID:2124
- - C:\Users\Admin\Downloads\240919-pnffsaybja_FaturaHatırlatma.exe
    C:\Users\Admin\Downloads\240919-pnffsaybja_FaturaHatırlatma.exe
    3⤵
    PID:2324
- - C:\Users\Admin\Downloads\240919-plsnbsyelk_7b0e47726c40512f6700fd5bd3ecc1762eb5c2d6716122a77ee1e1727d259d14N.exe
    C:\Users\Admin\Downloads\240919-plsnbsyelk_7b0e47726c40512f6700fd5bd3ecc1762eb5c2d6716122a77ee1e1727d259d14N.exe
    3⤵
    PID:2616
  - - \??\c:\3dvpd.exe
      c:\3dvpd.exe
      4⤵
      PID:2488
    - - \??\c:\bnttnt.exe
        
        c:\bnttnt.exe
        5⤵
        
        PID:5812
- - C:\Users\Admin\Downloads\240919-pm1ekayeqm_33938e4c3424368eb167a60a68a0e5d9d7255dfadc531d6262426a22b3985dcaN.exe
    C:\Users\Admin\Downloads\240919-pm1ekayeqm_33938e4c3424368eb167a60a68a0e5d9d7255dfadc531d6262426a22b3985dcaN.exe
    3⤵
    PID:2956
  - - C:\Windows\SysWOW64\Hiiggoaf.exe
      C:\Windows\system32\Hiiggoaf.exe
      4⤵
      PID:5180
    - - C:\Windows\SysWOW64\Jpaleglc.exe
        
        C:\Windows\system32\Jpaleglc.exe
        5⤵
        
        PID:6032
- - C:\Users\Admin\Downloads\240919-pqv91sycle_538bb6188211c79735590592ee686a00e5d7e16e072673111ceb32c4d9511128.exe
    C:\Users\Admin\Downloads\240919-pqv91sycle_538bb6188211c79735590592ee686a00e5d7e16e072673111ceb32c4d9511128.exe
    3⤵
    PID:4420
- - C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe
    "C:\Users\Admin\Downloads\240919-pncpwsyard_Doc _180924.exe"
    3⤵
    PID:4456
- - C:\Users\Admin\Downloads\240919-pdt67axere_c16a305ad9261cea7f2ee4cd602bcfff416ffbe632927c87c746755e81d8fdaaN.exe
    C:\Users\Admin\Downloads\240919-pdt67axere_c16a305ad9261cea7f2ee4cd602bcfff416ffbe632927c87c746755e81d8fdaaN.exe
    3⤵
    PID:4460
  - - C:\Windows\SysWOW64\Jgpmmp32.exe
      C:\Windows\system32\Jgpmmp32.exe
      4⤵
      PID:5760
- - C:\Users\Admin\Downloads\240919-pl9lvayamc_17ce00e7482d1aee9f406d4d2823ed31e14161f4b01edf09515abf2899f7a633N.exe
    C:\Users\Admin\Downloads\240919-pl9lvayamc_17ce00e7482d1aee9f406d4d2823ed31e14161f4b01edf09515abf2899f7a633N.exe
    3⤵
    PID:1716
  - - \??\c:\pdppp.exe
      c:\pdppp.exe
      4⤵
      PID:5204
    - - \??\c:\tbbhbb.exe
        
        c:\tbbhbb.exe
        5⤵
        
        PID:4596
      - \??\c:\lxfllrx.exe
        
        c:\lxfllrx.exe
        6⤵
        
        PID:6308
        
        \??\c:\ffffrlf.exe
        
        c:\ffffrlf.exe
        7⤵
        
        PID:10088
        
        \??\c:\dpppd.exe
        
        c:\dpppd.exe
        8⤵
        
        PID:10280
        
        \??\c:\xlxrlfl.exe
        
        c:\xlxrlfl.exe
        9⤵
        
        PID:11668
        
        \??\c:\3hbbbb.exe
        
        c:\3hbbbb.exe
        10⤵
        
        PID:3880
- - C:\Users\Admin\Downloads\240919-plsnbsyelj_eb5436b384a6040996c87e9b73348efc_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-plsnbsyelj_eb5436b384a6040996c87e9b73348efc_JaffaCakes118.exe
    3⤵
    PID:5004
- - C:\Users\Admin\Downloads\240919-prnxbsygpl_8ecf30082527af945cc7df7dd2567a0838e611177a6f94bfa9ceb768e1b3cd15N.exe
    C:\Users\Admin\Downloads\240919-prnxbsygpl_8ecf30082527af945cc7df7dd2567a0838e611177a6f94bfa9ceb768e1b3cd15N.exe
    3⤵
    PID:1516
- - C:\Users\Admin\Downloads\240919-pld5yayejp_af6c81b229f14cbdeb496be7330f4268400172fd21afdc3a201f1dabaaa42e6bN.exe
    C:\Users\Admin\Downloads\240919-pld5yayejp_af6c81b229f14cbdeb496be7330f4268400172fd21afdc3a201f1dabaaa42e6bN.exe
    3⤵
    PID:3032
  - - C:\backup.exe
      \backup.exe \
      4⤵
      PID:6272
    - - C:\PerfLogs\backup.exe
        
        C:\PerfLogs\backup.exe C:\PerfLogs\
        5⤵
        
        PID:11844
- - C:\Users\Admin\Downloads\240919-ph86xaydln_3c6ceafaa6fcc8a58aa971065e2fda4954521abb67d1174740b5445f9c29e96aN.exe
    C:\Users\Admin\Downloads\240919-ph86xaydln_3c6ceafaa6fcc8a58aa971065e2fda4954521abb67d1174740b5445f9c29e96aN.exe
    3⤵
    PID:948
  - - C:\Windows\SysWOW64\Innfnl32.exe
      C:\Windows\system32\Innfnl32.exe
      4⤵
      PID:5408
    - - C:\Windows\SysWOW64\Jdfjld32.exe
        
        C:\Windows\system32\Jdfjld32.exe
        5⤵
        
        PID:5972
- - C:\Users\Admin\Downloads\240919-pnyx5ayfmn_Pedido_52038923_CotizacionS_max2024.bat.exe
    C:\Users\Admin\Downloads\240919-pnyx5ayfmn_Pedido_52038923_CotizacionS_max2024.bat.exe
    3⤵
    PID:3300
- - C:\Users\Admin\Downloads\240919-pdd5zaxepg_2d4129a9fa0f9bce65c7345ff282d6510b576fa84bec2e8768cba47f251980dbN.exe
    C:\Users\Admin\Downloads\240919-pdd5zaxepg_2d4129a9fa0f9bce65c7345ff282d6510b576fa84bec2e8768cba47f251980dbN.exe
    3⤵
    PID:5024
  - - C:\Windows\SysWOW64\Inqbclob.exe
      C:\Windows\system32\Inqbclob.exe
      4⤵
      PID:5480
    - - C:\Windows\SysWOW64\Mebcop32.exe
        
        C:\Windows\system32\Mebcop32.exe
        5⤵
        
        PID:6656
      - C:\Windows\SysWOW64\Dfglfdkb.exe
        
        C:\Windows\system32\Dfglfdkb.exe
        6⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\Glkmmefl.exe
        
        C:\Windows\system32\Glkmmefl.exe
        7⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\Jilfifme.exe
        
        C:\Windows\system32\Jilfifme.exe
        8⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\Pjmjdm32.exe
        
        C:\Windows\system32\Pjmjdm32.exe
        9⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\Bddcenpi.exe
        
        C:\Windows\system32\Bddcenpi.exe
        10⤵
        
        PID:10344
- - C:\Users\Admin\Downloads\240919-phy1yaydkq_3b187a1ef8611e8a7da72a604d2b539615de0525547948c57398b9b2532b0d2fN.exe
    C:\Users\Admin\Downloads\240919-phy1yaydkq_3b187a1ef8611e8a7da72a604d2b539615de0525547948c57398b9b2532b0d2fN.exe
    3⤵
    PID:1944
  - - C:\Windows\SysWOW64\Idkkpf32.exe
      C:\Windows\system32\Idkkpf32.exe
      4⤵
      PID:5564
    - - C:\Windows\SysWOW64\Jgeghp32.exe
        
        C:\Windows\system32\Jgeghp32.exe
        5⤵
        
        PID:6012
      - C:\Windows\SysWOW64\Lgqfdnah.exe
        
        C:\Windows\system32\Lgqfdnah.exe
        6⤵
        
        PID:648
- - C:\Users\Admin\Downloads\240919-ppfsyaybnf_l6E.exe
    C:\Users\Admin\Downloads\240919-ppfsyaybnf_l6E.exe
    3⤵
    PID:2544
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:11484
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:11496
- - C:\Users\Admin\Downloads\240919-pjlr1aydmq_acc757f9e622414863768fa14bc6cc0d149308440e5deaf176149385f6edc5e6N.exe
    C:\Users\Admin\Downloads\240919-pjlr1aydmq_acc757f9e622414863768fa14bc6cc0d149308440e5deaf176149385f6edc5e6N.exe
    3⤵
    PID:5328
- - C:\Users\Admin\Downloads\240919-pllj1syekn_SPW AW25 - PO.010.exe
    "C:\Users\Admin\Downloads\240919-pllj1syekn_SPW AW25 - PO.010.exe"
    3⤵
    PID:5336
- - C:\Users\Admin\Downloads\240919-pnty6syfml_f0f3f05907a7ca516d5959b0a14741883f1da51764a8c09c8f30ab9fb69f35edN.exe
    C:\Users\Admin\Downloads\240919-pnty6syfml_f0f3f05907a7ca516d5959b0a14741883f1da51764a8c09c8f30ab9fb69f35edN.exe
    3⤵
    PID:5344
  - - C:\Windows\System\gNavjCm.exe
      C:\Windows\System\gNavjCm.exe
      4⤵
      PID:6784
  - - C:\Windows\System\jJqonnR.exe
      C:\Windows\System\jJqonnR.exe
      4⤵
      PID:6800
  - - C:\Windows\System\lfaQjGn.exe
      C:\Windows\System\lfaQjGn.exe
      4⤵
      PID:6824
  - - C:\Windows\System\sTUETCT.exe
      C:\Windows\System\sTUETCT.exe
      4⤵
      PID:6844
  - - C:\Windows\System\oqOEoln.exe
      C:\Windows\System\oqOEoln.exe
      4⤵
      PID:6864
  - - C:\Windows\System\nLJcWBS.exe
      C:\Windows\System\nLJcWBS.exe
      4⤵
      PID:1200
  - - C:\Windows\System\LNzzgEY.exe
      C:\Windows\System\LNzzgEY.exe
      4⤵
      PID:8524
  - - C:\Windows\System\WARtVsb.exe
      C:\Windows\System\WARtVsb.exe
      4⤵
      PID:8712
  - - C:\Windows\System\sYJUyli.exe
      C:\Windows\System\sYJUyli.exe
      4⤵
      PID:10384
  - - C:\Windows\System\lKVuQMm.exe
      C:\Windows\System\lKVuQMm.exe
      4⤵
      PID:10404
  - - C:\Windows\System\IvdBGEw.exe
      C:\Windows\System\IvdBGEw.exe
      4⤵
      PID:10428
  - - C:\Windows\System\EKrgzAD.exe
      C:\Windows\System\EKrgzAD.exe
      4⤵
      PID:10460
  - - C:\Windows\System\UXAOKro.exe
      C:\Windows\System\UXAOKro.exe
      4⤵
      PID:10624
  - - C:\Windows\System\WCKomvg.exe
      C:\Windows\System\WCKomvg.exe
      4⤵
      PID:11864
  - - C:\Windows\System\hGtygpt.exe
      C:\Windows\System\hGtygpt.exe
      4⤵
      PID:10212
  - - C:\Windows\System\HfnBuwJ.exe
      C:\Windows\System\HfnBuwJ.exe
      4⤵
      PID:6196
  - - C:\Windows\System\efqfkBc.exe
      C:\Windows\System\efqfkBc.exe
      4⤵
      PID:7428
  - - C:\Windows\System\WVRBXny.exe
      C:\Windows\System\WVRBXny.exe
      4⤵
      PID:12156
  - - C:\Windows\System\MBHhQCv.exe
      C:\Windows\System\MBHhQCv.exe
      4⤵
      PID:13528
  - - C:\Windows\System\kMNLKrL.exe
      C:\Windows\System\kMNLKrL.exe
      4⤵
      PID:13924
  - - C:\Windows\System\GOOqxDa.exe
      C:\Windows\System\GOOqxDa.exe
      4⤵
      PID:14024
  - - C:\Windows\System\wtKrLzu.exe
      C:\Windows\System\wtKrLzu.exe
      4⤵
      PID:14056
  - - C:\Windows\System\aRHxGji.exe
      C:\Windows\System\aRHxGji.exe
      4⤵
      PID:8964
  - - C:\Windows\System\zyqhZOB.exe
      C:\Windows\System\zyqhZOB.exe
      4⤵
      PID:11164
  - - C:\Windows\System\LdlCOUY.exe
      C:\Windows\System\LdlCOUY.exe
      4⤵
      PID:13776
  - - C:\Windows\System\kXVzqOa.exe
      C:\Windows\System\kXVzqOa.exe
      4⤵
      PID:13820
  - - C:\Windows\System\SSqLahL.exe
      C:\Windows\System\SSqLahL.exe
      4⤵
      PID:13872
  - - C:\Windows\System\WPyZFHV.exe
      C:\Windows\System\WPyZFHV.exe
      4⤵
      PID:14060
  - - C:\Windows\System\EGTbkvi.exe
      C:\Windows\System\EGTbkvi.exe
      4⤵
      PID:14116
  - - C:\Windows\System\FdwJkfC.exe
      C:\Windows\System\FdwJkfC.exe
      4⤵
      PID:9592
  - - C:\Windows\System\qgUnfoQ.exe
      C:\Windows\System\qgUnfoQ.exe
      4⤵
      PID:12264
  - - C:\Windows\System\bGGoOGd.exe
      C:\Windows\System\bGGoOGd.exe
      4⤵
      PID:14768
  - - C:\Windows\System\VwJwAVd.exe
      C:\Windows\System\VwJwAVd.exe
      4⤵
      PID:15008
  - - C:\Windows\System\iZaTlDz.exe
      C:\Windows\System\iZaTlDz.exe
      4⤵
      PID:15084
  - - C:\Windows\System\gbxxkUO.exe
      C:\Windows\System\gbxxkUO.exe
      4⤵
      PID:15240
  - - C:\Windows\System\EFwMWwy.exe
      C:\Windows\System\EFwMWwy.exe
      4⤵
      PID:12968
  - - C:\Windows\System\PabaBOm.exe
      C:\Windows\System\PabaBOm.exe
      4⤵
      PID:13296
  - - C:\Windows\System\xkIxBGZ.exe
      C:\Windows\System\xkIxBGZ.exe
      4⤵
      PID:14392
  - - C:\Windows\System\TWevNvT.exe
      C:\Windows\System\TWevNvT.exe
      4⤵
      PID:10672
  - - C:\Windows\System\SOWOSve.exe
      C:\Windows\System\SOWOSve.exe
      4⤵
      PID:5172
  - - C:\Windows\System\RuneCoX.exe
      C:\Windows\System\RuneCoX.exe
      4⤵
      PID:13748
  - - C:\Windows\System\nDEfhmN.exe
      C:\Windows\System\nDEfhmN.exe
      4⤵
      PID:13780
  - - C:\Windows\System\BLYgiFT.exe
      C:\Windows\System\BLYgiFT.exe
      4⤵
      PID:13816
  - - C:\Windows\System\adHnxtY.exe
      C:\Windows\System\adHnxtY.exe
      4⤵
      PID:16388
  - - C:\Windows\System\LGRiQFs.exe
      C:\Windows\System\LGRiQFs.exe
      4⤵
      PID:16404
  - - C:\Windows\System\rmtLCOc.exe
      C:\Windows\System\rmtLCOc.exe
      4⤵
      PID:16420
  - - C:\Windows\System\kMZZhFF.exe
      C:\Windows\System\kMZZhFF.exe
      4⤵
      PID:16436
  - - C:\Windows\System\GjAqybf.exe
      C:\Windows\System\GjAqybf.exe
      4⤵
      PID:16452
  - - C:\Windows\System\zQUOOYo.exe
      C:\Windows\System\zQUOOYo.exe
      4⤵
      PID:16468
  - - C:\Windows\System\vJmfgUo.exe
      C:\Windows\System\vJmfgUo.exe
      4⤵
      PID:16484
  - - C:\Windows\System\BOUzyBn.exe
      C:\Windows\System\BOUzyBn.exe
      4⤵
      PID:16640
  - - C:\Windows\System\xzdJtbb.exe
      C:\Windows\System\xzdJtbb.exe
      4⤵
      PID:16848
  - - C:\Windows\System\EErVWdf.exe
      C:\Windows\System\EErVWdf.exe
      4⤵
      PID:16948
  - - C:\Windows\System\JrLyuFf.exe
      C:\Windows\System\JrLyuFf.exe
      4⤵
      PID:17092
  - - C:\Windows\System\eaEEtZR.exe
      C:\Windows\System\eaEEtZR.exe
      4⤵
      PID:17116
  - - C:\Windows\System\DMEaBoR.exe
      C:\Windows\System\DMEaBoR.exe
      4⤵
      PID:17136
  - - C:\Windows\System\RvUlzlt.exe
      C:\Windows\System\RvUlzlt.exe
      4⤵
      PID:17152
  - - C:\Windows\System\ywItJlv.exe
      C:\Windows\System\ywItJlv.exe
      4⤵
      PID:17200
  - - C:\Windows\System\TfqcPqJ.exe
      C:\Windows\System\TfqcPqJ.exe
      4⤵
      PID:17240
  - - C:\Windows\System\ADKHMmF.exe
      C:\Windows\System\ADKHMmF.exe
      4⤵
      PID:17256
  - - C:\Windows\System\jbLereU.exe
      C:\Windows\System\jbLereU.exe
      4⤵
      PID:17276
  - - C:\Windows\System\jMRYqVz.exe
      C:\Windows\System\jMRYqVz.exe
      4⤵
      PID:17292
  - - C:\Windows\System\RxERHKP.exe
      C:\Windows\System\RxERHKP.exe
      4⤵
      PID:17308
  - - C:\Windows\System\gzqFTMF.exe
      C:\Windows\System\gzqFTMF.exe
      4⤵
      PID:17324
  - - C:\Windows\System\thQAoyl.exe
      C:\Windows\System\thQAoyl.exe
      4⤵
      PID:17340
  - - C:\Windows\System\mSEGCEN.exe
      C:\Windows\System\mSEGCEN.exe
      4⤵
      PID:17360
  - - C:\Windows\System\vSSKTyi.exe
      C:\Windows\System\vSSKTyi.exe
      4⤵
      PID:17384
  - - C:\Windows\System\aRgDnNl.exe
      C:\Windows\System\aRgDnNl.exe
      4⤵
      PID:14004
  - - C:\Windows\System\LbRziCn.exe
      C:\Windows\System\LbRziCn.exe
      4⤵
      PID:14096
  - - C:\Windows\System\NklaFLX.exe
      C:\Windows\System\NklaFLX.exe
      4⤵
      PID:8356
  - - C:\Windows\System\jibmsjK.exe
      C:\Windows\System\jibmsjK.exe
      4⤵
      PID:1000
  - - C:\Windows\System\mGAmuvY.exe
      C:\Windows\System\mGAmuvY.exe
      4⤵
      PID:9864
  - - C:\Windows\System\weVKjOF.exe
      C:\Windows\System\weVKjOF.exe
      4⤵
      PID:13308
  - - C:\Windows\System\khoCdlx.exe
      C:\Windows\System\khoCdlx.exe
      4⤵
      PID:11648
  - - C:\Windows\System\ZWcTzHX.exe
      C:\Windows\System\ZWcTzHX.exe
      4⤵
      PID:14148
  - - C:\Windows\System\VrXdeBW.exe
      C:\Windows\System\VrXdeBW.exe
      4⤵
      PID:14176
  - - C:\Windows\System\HqeZxGo.exe
      C:\Windows\System\HqeZxGo.exe
      4⤵
      PID:14432
  - - C:\Windows\System\yPLIIwA.exe
      C:\Windows\System\yPLIIwA.exe
      4⤵
      PID:17416
  - - C:\Windows\System\ZYaKfmK.exe
      C:\Windows\System\ZYaKfmK.exe
      4⤵
      PID:17464
  - - C:\Windows\System\wFBmwxJ.exe
      C:\Windows\System\wFBmwxJ.exe
      4⤵
      PID:17480
  - - C:\Windows\System\sSCCDFK.exe
      C:\Windows\System\sSCCDFK.exe
      4⤵
      PID:17500
  - - C:\Windows\System\qlwscOC.exe
      C:\Windows\System\qlwscOC.exe
      4⤵
      PID:17524
  - - C:\Windows\System\jDNURNR.exe
      C:\Windows\System\jDNURNR.exe
      4⤵
      PID:17644
  - - C:\Windows\System\bpbYKVW.exe
      C:\Windows\System\bpbYKVW.exe
      4⤵
      PID:17912
  - - C:\Windows\System\HBcvqfR.exe
      C:\Windows\System\HBcvqfR.exe
      4⤵
      PID:17936
  - - C:\Windows\System\cUSlhGd.exe
      C:\Windows\System\cUSlhGd.exe
      4⤵
      PID:17964
  - - C:\Windows\System\OJPesCF.exe
      C:\Windows\System\OJPesCF.exe
      4⤵
      PID:17992
  - - C:\Windows\System\IgHXqHy.exe
      C:\Windows\System\IgHXqHy.exe
      4⤵
      PID:18036
  - - C:\Windows\System\uDEuush.exe
      C:\Windows\System\uDEuush.exe
      4⤵
      PID:18084
  - - C:\Windows\System\aGlrwTC.exe
      C:\Windows\System\aGlrwTC.exe
      4⤵
      PID:18112
  - - C:\Windows\System\RXDZjoO.exe
      C:\Windows\System\RXDZjoO.exe
      4⤵
      PID:18156
  - - C:\Windows\System\XWLjlNO.exe
      C:\Windows\System\XWLjlNO.exe
      4⤵
      PID:18200
  - - C:\Windows\System\HWNRFBw.exe
      C:\Windows\System\HWNRFBw.exe
      4⤵
      PID:18240
  - - C:\Windows\System\eSLfpuF.exe
      C:\Windows\System\eSLfpuF.exe
      4⤵
      PID:18276
  - - C:\Windows\System\oALVXde.exe
      C:\Windows\System\oALVXde.exe
      4⤵
      PID:18320
  - - C:\Windows\System\YTpcnHD.exe
      C:\Windows\System\YTpcnHD.exe
      4⤵
      PID:18364
  - - C:\Windows\System\Jcdkdjt.exe
      C:\Windows\System\Jcdkdjt.exe
      4⤵
      PID:18392
  - - C:\Windows\System\MTaoQrs.exe
      C:\Windows\System\MTaoQrs.exe
      4⤵
      PID:10456
  - - C:\Windows\System\jxoeErw.exe
      C:\Windows\System\jxoeErw.exe
      4⤵
      PID:14528
  - - C:\Windows\System\aJxkvKC.exe
      C:\Windows\System\aJxkvKC.exe
      4⤵
      PID:14668
  - - C:\Windows\System\ukGeOHu.exe
      C:\Windows\System\ukGeOHu.exe
      4⤵
      PID:14700
  - - C:\Windows\System\ucJVKvs.exe
      C:\Windows\System\ucJVKvs.exe
      4⤵
      PID:15712
  - - C:\Windows\System\bYbZDCk.exe
      C:\Windows\System\bYbZDCk.exe
      4⤵
      PID:14808
  - - C:\Windows\System\xTFdLmC.exe
      C:\Windows\System\xTFdLmC.exe
      4⤵
      PID:14840
  - - C:\Windows\System\wFGTuhs.exe
      C:\Windows\System\wFGTuhs.exe
      4⤵
      PID:14868
  - - C:\Windows\System\mudqZig.exe
      C:\Windows\System\mudqZig.exe
      4⤵
      PID:16288
  - - C:\Windows\System\wjUXnIG.exe
      C:\Windows\System\wjUXnIG.exe
      4⤵
      PID:16876
  - - C:\Windows\System\JRzzwqm.exe
      C:\Windows\System\JRzzwqm.exe
      4⤵
      PID:16904
  - - C:\Windows\System\vQGdIak.exe
      C:\Windows\System\vQGdIak.exe
      4⤵
      PID:16932
  - - C:\Windows\System\PEonDHU.exe
      C:\Windows\System\PEonDHU.exe
      4⤵
      PID:17028
  - - C:\Windows\System\fCFnigN.exe
      C:\Windows\System\fCFnigN.exe
      4⤵
      PID:14824
  - - C:\Windows\System\wLguvpw.exe
      C:\Windows\System\wLguvpw.exe
      4⤵
      PID:12188
  - - C:\Windows\System\suylkst.exe
      C:\Windows\System\suylkst.exe
      4⤵
      PID:13436
  - - C:\Windows\System\tHXYXko.exe
      C:\Windows\System\tHXYXko.exe
      4⤵
      PID:14928
  - - C:\Windows\System\LrmKNnR.exe
      C:\Windows\System\LrmKNnR.exe
      4⤵
      PID:5752
  - - C:\Windows\System\gPoSuta.exe
      C:\Windows\System\gPoSuta.exe
      4⤵
      PID:5564
  - - C:\Windows\System\KSfFSaS.exe
      C:\Windows\System\KSfFSaS.exe
      4⤵
      PID:12888
  - - C:\Windows\System\ZvScVOt.exe
      C:\Windows\System\ZvScVOt.exe
      4⤵
      PID:11124
  - - C:\Windows\System\jqEBuCy.exe
      C:\Windows\System\jqEBuCy.exe
      4⤵
      PID:14044
  - - C:\Windows\System\QOfGCih.exe
      C:\Windows\System\QOfGCih.exe
      4⤵
      PID:8972
  - - C:\Windows\System\zNkymLG.exe
      C:\Windows\System\zNkymLG.exe
      4⤵
      PID:11228
  - - C:\Windows\System\GzGOCmT.exe
      C:\Windows\System\GzGOCmT.exe
      4⤵
      PID:15056
  - - C:\Windows\System\Zcrzrts.exe
      C:\Windows\System\Zcrzrts.exe
      4⤵
      PID:12832
  - - C:\Windows\System\UMZQykN.exe
      C:\Windows\System\UMZQykN.exe
      4⤵
      PID:13756
  - - C:\Windows\System\ltsDqpJ.exe
      C:\Windows\System\ltsDqpJ.exe
      4⤵
      PID:13712
  - - C:\Windows\System\kRmhKcy.exe
      C:\Windows\System\kRmhKcy.exe
      4⤵
      PID:13868
  - - C:\Windows\System\juPKxLM.exe
      C:\Windows\System\juPKxLM.exe
      4⤵
      PID:16416
  - - C:\Windows\System\CDVyFDF.exe
      C:\Windows\System\CDVyFDF.exe
      4⤵
      PID:16448
  - - C:\Windows\System\QhcVhoW.exe
      C:\Windows\System\QhcVhoW.exe
      4⤵
      PID:16500
  - - C:\Windows\System\qVQZCHA.exe
      C:\Windows\System\qVQZCHA.exe
      4⤵
      PID:9320
  - - C:\Windows\System\xMaJnRY.exe
      C:\Windows\System\xMaJnRY.exe
      4⤵
      PID:11536
  - - C:\Windows\System\wMDIsAm.exe
      C:\Windows\System\wMDIsAm.exe
      4⤵
      PID:17124
  - - C:\Windows\System\smEYHcJ.exe
      C:\Windows\System\smEYHcJ.exe
      4⤵
      PID:17372
  - - C:\Windows\System\rzBbXnO.exe
      C:\Windows\System\rzBbXnO.exe
      4⤵
      PID:10968
  - - C:\Windows\System\doaVmaL.exe
      C:\Windows\System\doaVmaL.exe
      4⤵
      PID:8164
  - - C:\Windows\System\kfTRuIl.exe
      C:\Windows\System\kfTRuIl.exe
      4⤵
      PID:14164
  - - C:\Windows\System\BwiTaZQ.exe
      C:\Windows\System\BwiTaZQ.exe
      4⤵
      PID:17412
  - - C:\Windows\System\yTfqFab.exe
      C:\Windows\System\yTfqFab.exe
      4⤵
      PID:17456
  - - C:\Windows\System\tRRGCur.exe
      C:\Windows\System\tRRGCur.exe
      4⤵
      PID:5168
  - - C:\Windows\System\uZJMXuS.exe
      C:\Windows\System\uZJMXuS.exe
      4⤵
      PID:15864
  - - C:\Windows\System\jfuVSBG.exe
      C:\Windows\System\jfuVSBG.exe
      4⤵
      PID:1572
  - - C:\Windows\System\QzmhOBW.exe
      C:\Windows\System\QzmhOBW.exe
      4⤵
      PID:1436
  - - C:\Windows\System\qNubNLu.exe
      C:\Windows\System\qNubNLu.exe
      4⤵
      PID:17544
  - - C:\Windows\System\VCqwDJY.exe
      C:\Windows\System\VCqwDJY.exe
      4⤵
      PID:17588
  - - C:\Windows\System\bLGdNdT.exe
      C:\Windows\System\bLGdNdT.exe
      4⤵
      PID:17580
  - - C:\Windows\System\TBQtuIF.exe
      C:\Windows\System\TBQtuIF.exe
      4⤵
      PID:17632
  - - C:\Windows\System\IGXdZGO.exe
      C:\Windows\System\IGXdZGO.exe
      4⤵
      PID:17688
  - - C:\Windows\System\EPFCfsu.exe
      C:\Windows\System\EPFCfsu.exe
      4⤵
      PID:17732
  - - C:\Windows\System\soEVcLP.exe
      C:\Windows\System\soEVcLP.exe
      4⤵
      PID:17764
  - - C:\Windows\System\IlmxiSF.exe
      C:\Windows\System\IlmxiSF.exe
      4⤵
      PID:17796
  - - C:\Windows\System\dYFalsm.exe
      C:\Windows\System\dYFalsm.exe
      4⤵
      PID:17828
  - - C:\Windows\System\dHXplIF.exe
      C:\Windows\System\dHXplIF.exe
      4⤵
      PID:17852
  - - C:\Windows\System\ZAjMNEq.exe
      C:\Windows\System\ZAjMNEq.exe
      4⤵
      PID:5148
  - - C:\Windows\System\vTNPANK.exe
      C:\Windows\System\vTNPANK.exe
      4⤵
      PID:13048
  - - C:\Windows\System\XtFzYSH.exe
      C:\Windows\System\XtFzYSH.exe
      4⤵
      PID:14296
  - - C:\Windows\System\NmQAnTq.exe
      C:\Windows\System\NmQAnTq.exe
      4⤵
      PID:18080
  - - C:\Windows\System\mZeNhgf.exe
      C:\Windows\System\mZeNhgf.exe
      4⤵
      PID:18124
  - - C:\Windows\System\PjUVfoK.exe
      C:\Windows\System\PjUVfoK.exe
      4⤵
      PID:13212
  - - C:\Windows\System\bUdNdvc.exe
      C:\Windows\System\bUdNdvc.exe
      4⤵
      PID:11364
  - - C:\Windows\System\VlcHLdl.exe
      C:\Windows\System\VlcHLdl.exe
      4⤵
      PID:11408
  - - C:\Windows\System\pvohxbO.exe
      C:\Windows\System\pvohxbO.exe
      4⤵
      PID:10276
  - - C:\Windows\System\xJlbAPY.exe
      C:\Windows\System\xJlbAPY.exe
      4⤵
      PID:8532
  - - C:\Windows\System\IxtUVZw.exe
      C:\Windows\System\IxtUVZw.exe
      4⤵
      PID:16764
  - - C:\Windows\System\hIUaHNU.exe
      C:\Windows\System\hIUaHNU.exe
      4⤵
      PID:13948
  - - C:\Windows\System\TccZVwT.exe
      C:\Windows\System\TccZVwT.exe
      4⤵
      PID:15424
  - - C:\Windows\System\AsSZZne.exe
      C:\Windows\System\AsSZZne.exe
      4⤵
      PID:7656
  - - C:\Windows\System\CYBsZje.exe
      C:\Windows\System\CYBsZje.exe
      4⤵
      PID:14952
  - - C:\Windows\System\cZBqIPm.exe
      C:\Windows\System\cZBqIPm.exe
      4⤵
      PID:15012
  - - C:\Windows\System\iiKcExX.exe
      C:\Windows\System\iiKcExX.exe
      4⤵
      PID:2780
  - - C:\Windows\System\KDCiNHk.exe
      C:\Windows\System\KDCiNHk.exe
      4⤵
      PID:15116
  - - C:\Windows\System\tKYiAhJ.exe
      C:\Windows\System\tKYiAhJ.exe
      4⤵
      PID:16312
  - - C:\Windows\System\bLqLXEw.exe
      C:\Windows\System\bLqLXEw.exe
      4⤵
      PID:15328
  - - C:\Windows\System\yHzlcck.exe
      C:\Windows\System\yHzlcck.exe
      4⤵
      PID:15560
  - - C:\Windows\System\pdnqSwf.exe
      C:\Windows\System\pdnqSwf.exe
      4⤵
      PID:16096
  - - C:\Windows\System\rdHzStS.exe
      C:\Windows\System\rdHzStS.exe
      4⤵
      PID:11936
  - - C:\Windows\System\oTLJYaC.exe
      C:\Windows\System\oTLJYaC.exe
      4⤵
      PID:10924
  - - C:\Windows\System\goSOptK.exe
      C:\Windows\System\goSOptK.exe
      4⤵
      PID:10844
  - - C:\Windows\System\fCUyasK.exe
      C:\Windows\System\fCUyasK.exe
      4⤵
      PID:12680
  - - C:\Windows\System\BISqdmo.exe
      C:\Windows\System\BISqdmo.exe
      4⤵
      PID:10976
  - - C:\Windows\System\gDZPphC.exe
      C:\Windows\System\gDZPphC.exe
      4⤵
      PID:15304
  - - C:\Windows\System\YDOALTE.exe
      C:\Windows\System\YDOALTE.exe
      4⤵
      PID:15960
  - - C:\Windows\System\JlXHlbH.exe
      C:\Windows\System\JlXHlbH.exe
      4⤵
      PID:12568
  - - C:\Windows\System\cOPuSav.exe
      C:\Windows\System\cOPuSav.exe
      4⤵
      PID:13100
  - - C:\Windows\System\MjHtfvy.exe
      C:\Windows\System\MjHtfvy.exe
      4⤵
      PID:1544
  - - C:\Windows\System\WLgRvYB.exe
      C:\Windows\System\WLgRvYB.exe
      4⤵
      PID:3452
  - - C:\Windows\System\stKQBXs.exe
      C:\Windows\System\stKQBXs.exe
      4⤵
      PID:12248
  - - C:\Windows\System\HAdeAzT.exe
      C:\Windows\System\HAdeAzT.exe
      4⤵
      PID:16632
  - - C:\Windows\System\KlQHJZB.exe
      C:\Windows\System\KlQHJZB.exe
      4⤵
      PID:16668
  - - C:\Windows\System\EYBbvAr.exe
      C:\Windows\System\EYBbvAr.exe
      4⤵
      PID:16744
  - - C:\Windows\System\uSryJoX.exe
      C:\Windows\System\uSryJoX.exe
      4⤵
      PID:10764
  - - C:\Windows\System\YJTWZlE.exe
      C:\Windows\System\YJTWZlE.exe
      4⤵
      PID:16924
  - - C:\Windows\System\IRBmtFF.exe
      C:\Windows\System\IRBmtFF.exe
      4⤵
      PID:16980
  - - C:\Windows\System\OTTJANN.exe
      C:\Windows\System\OTTJANN.exe
      4⤵
      PID:15448
  - - C:\Windows\System\OhrjwWl.exe
      C:\Windows\System\OhrjwWl.exe
      4⤵
      PID:17904
  - - C:\Windows\System\hvzyBNp.exe
      C:\Windows\System\hvzyBNp.exe
      4⤵
      PID:18440
  - - C:\Windows\System\lUlbiTk.exe
      C:\Windows\System\lUlbiTk.exe
      4⤵
      PID:18468
  - - C:\Windows\System\gJAfiSQ.exe
      C:\Windows\System\gJAfiSQ.exe
      4⤵
      PID:18488
  - - C:\Windows\System\IGKZMkd.exe
      C:\Windows\System\IGKZMkd.exe
      4⤵
      PID:18512
  - - C:\Windows\System\nrWybDA.exe
      C:\Windows\System\nrWybDA.exe
      4⤵
      PID:18532
  - - C:\Windows\System\DrGaTcK.exe
      C:\Windows\System\DrGaTcK.exe
      4⤵
      PID:18560
  - - C:\Windows\System\njhSrOS.exe
      C:\Windows\System\njhSrOS.exe
      4⤵
      PID:18576
  - - C:\Windows\System\CFEiyCm.exe
      C:\Windows\System\CFEiyCm.exe
      4⤵
      PID:18600
  - - C:\Windows\System\kSrYwDX.exe
      C:\Windows\System\kSrYwDX.exe
      4⤵
      PID:18624
  - - C:\Windows\System\jvKuICN.exe
      C:\Windows\System\jvKuICN.exe
      4⤵
      PID:18648
  - - C:\Windows\System\RhCDzSW.exe
      C:\Windows\System\RhCDzSW.exe
      4⤵
      PID:18672
  - - C:\Windows\System\WdaVNMf.exe
      C:\Windows\System\WdaVNMf.exe
      4⤵
      PID:18700
  - - C:\Windows\System\nKpjqxk.exe
      C:\Windows\System\nKpjqxk.exe
      4⤵
      PID:18772
  - - C:\Windows\System\rFdiTGs.exe
      C:\Windows\System\rFdiTGs.exe
      4⤵
      PID:18832
  - - C:\Windows\System\BsIaCPS.exe
      C:\Windows\System\BsIaCPS.exe
      4⤵
      PID:18868
  - - C:\Windows\System\TMaUpBm.exe
      C:\Windows\System\TMaUpBm.exe
      4⤵
      PID:18896
  - - C:\Windows\System\tdfpYNO.exe
      C:\Windows\System\tdfpYNO.exe
      4⤵
      PID:18924
  - - C:\Windows\System\lpVJxQn.exe
      C:\Windows\System\lpVJxQn.exe
      4⤵
      PID:18952
  - - C:\Windows\System\ccffnYi.exe
      C:\Windows\System\ccffnYi.exe
      4⤵
      PID:18972
  - - C:\Windows\System\MsRhqRn.exe
      C:\Windows\System\MsRhqRn.exe
      4⤵
      PID:18992
  - - C:\Windows\System\lEGvcNx.exe
      C:\Windows\System\lEGvcNx.exe
      4⤵
      PID:19036
  - - C:\Windows\System\lVhZjbi.exe
      C:\Windows\System\lVhZjbi.exe
      4⤵
      PID:19056
  - - C:\Windows\System\BPfFYnV.exe
      C:\Windows\System\BPfFYnV.exe
      4⤵
      PID:19100
  - - C:\Windows\System\GPxMBdD.exe
      C:\Windows\System\GPxMBdD.exe
      4⤵
      PID:19140
  - - C:\Windows\System\VxJHSNF.exe
      C:\Windows\System\VxJHSNF.exe
      4⤵
      PID:19156
  - - C:\Windows\System\ajtfBtG.exe
      C:\Windows\System\ajtfBtG.exe
      4⤵
      PID:19176
  - - C:\Windows\System\NFZGQgM.exe
      C:\Windows\System\NFZGQgM.exe
      4⤵
      PID:19192
  - - C:\Windows\System\TjdSBct.exe
      C:\Windows\System\TjdSBct.exe
      4⤵
      PID:19208
  - - C:\Windows\System\qtsUXoo.exe
      C:\Windows\System\qtsUXoo.exe
      4⤵
      PID:19224
  - - C:\Windows\System\NxBmRbq.exe
      C:\Windows\System\NxBmRbq.exe
      4⤵
      PID:19252
  - - C:\Windows\System\WpsqYsM.exe
      C:\Windows\System\WpsqYsM.exe
      4⤵
      PID:19276
  - - C:\Windows\System\MMphyfD.exe
      C:\Windows\System\MMphyfD.exe
      4⤵
      PID:19312
  - - C:\Windows\System\iSekbxe.exe
      C:\Windows\System\iSekbxe.exe
      4⤵
      PID:19344
  - - C:\Windows\System\fJBrvPS.exe
      C:\Windows\System\fJBrvPS.exe
      4⤵
      PID:19364
  - - C:\Windows\System\VWtLTSY.exe
      C:\Windows\System\VWtLTSY.exe
      4⤵
      PID:19396
  - - C:\Windows\System\MMlULFJ.exe
      C:\Windows\System\MMlULFJ.exe
      4⤵
      PID:19440
  - - C:\Windows\System\uTFBxQh.exe
      C:\Windows\System\uTFBxQh.exe
      4⤵
      PID:16144
  - - C:\Windows\System\zxuMNbZ.exe
      C:\Windows\System\zxuMNbZ.exe
      4⤵
      PID:17908
  - - C:\Windows\System\dnYZHYZ.exe
      C:\Windows\System\dnYZHYZ.exe
      4⤵
      PID:13140
  - - C:\Windows\System\CavQQqL.exe
      C:\Windows\System\CavQQqL.exe
      4⤵
      PID:6904
  - - C:\Windows\System\oXcxjVI.exe
      C:\Windows\System\oXcxjVI.exe
      4⤵
      PID:2088
  - - C:\Windows\System\DIlpxYt.exe
      C:\Windows\System\DIlpxYt.exe
      4⤵
      PID:16248
  - - C:\Windows\System\gewPqew.exe
      C:\Windows\System\gewPqew.exe
      4⤵
      PID:14048
  - - C:\Windows\System\NNQtAit.exe
      C:\Windows\System\NNQtAit.exe
      4⤵
      PID:11348
  - - C:\Windows\System\pjkaIhh.exe
      C:\Windows\System\pjkaIhh.exe
      4⤵
      PID:12712
  - - C:\Windows\System\YwPCfHH.exe
      C:\Windows\System\YwPCfHH.exe
      4⤵
      PID:19488
  - - C:\Windows\System\hdlclgU.exe
      C:\Windows\System\hdlclgU.exe
      4⤵
      PID:19520
  - - C:\Windows\System\uUzRoZh.exe
      C:\Windows\System\uUzRoZh.exe
      4⤵
      PID:19572
  - - C:\Windows\System\LeqpfZG.exe
      C:\Windows\System\LeqpfZG.exe
      4⤵
      PID:19596
  - - C:\Windows\System\qmdchTb.exe
      C:\Windows\System\qmdchTb.exe
      4⤵
      PID:19648
  - - C:\Windows\System\ChlRRYA.exe
      C:\Windows\System\ChlRRYA.exe
      4⤵
      PID:19684
  - - C:\Windows\System\ksEfejV.exe
      C:\Windows\System\ksEfejV.exe
      4⤵
      PID:19708
  - - C:\Windows\System\nyyWVnF.exe
      C:\Windows\System\nyyWVnF.exe
      4⤵
      PID:19752
  - - C:\Windows\System\rJNulwP.exe
      C:\Windows\System\rJNulwP.exe
      4⤵
      PID:19784
  - - C:\Windows\System\PInwjKs.exe
      C:\Windows\System\PInwjKs.exe
      4⤵
      PID:19820
  - - C:\Windows\System\UmqfIOh.exe
      C:\Windows\System\UmqfIOh.exe
      4⤵
      PID:19844
  - - C:\Windows\System\BlrkekN.exe
      C:\Windows\System\BlrkekN.exe
      4⤵
      PID:19888
  - - C:\Windows\System\nxChvDT.exe
      C:\Windows\System\nxChvDT.exe
      4⤵
      PID:19928
  - - C:\Windows\System\bQDJTJH.exe
      C:\Windows\System\bQDJTJH.exe
      4⤵
      PID:19964
  - - C:\Windows\System\ARcFhQL.exe
      C:\Windows\System\ARcFhQL.exe
      4⤵
      PID:19996
  - - C:\Windows\System\zzVvFEs.exe
      C:\Windows\System\zzVvFEs.exe
      4⤵
      PID:20016
  - - C:\Windows\System\tFOgimb.exe
      C:\Windows\System\tFOgimb.exe
      4⤵
      PID:20040
  - - C:\Windows\System\dYHKIDR.exe
      C:\Windows\System\dYHKIDR.exe
      4⤵
      PID:20064
  - - C:\Windows\System\QoLIuGq.exe
      C:\Windows\System\QoLIuGq.exe
      4⤵
      PID:20084
  - - C:\Windows\System\xPMaJgE.exe
      C:\Windows\System\xPMaJgE.exe
      4⤵
      PID:20108
  - - C:\Windows\System\gTamHfe.exe
      C:\Windows\System\gTamHfe.exe
      4⤵
      PID:20132
  - - C:\Windows\System\ktEVnAu.exe
      C:\Windows\System\ktEVnAu.exe
      4⤵
      PID:20156
  - - C:\Windows\System\AiXZLBz.exe
      C:\Windows\System\AiXZLBz.exe
      4⤵
      PID:20180
  - - C:\Windows\System\KOvEzya.exe
      C:\Windows\System\KOvEzya.exe
      4⤵
      PID:20200
  - - C:\Windows\System\OIRJxqZ.exe
      C:\Windows\System\OIRJxqZ.exe
      4⤵
      PID:20232
  - - C:\Windows\System\sejNLEN.exe
      C:\Windows\System\sejNLEN.exe
      4⤵
      PID:20256
  - - C:\Windows\System\TiQzfzg.exe
      C:\Windows\System\TiQzfzg.exe
      4⤵
      PID:20276
  - - C:\Windows\System\jVpNTsd.exe
      C:\Windows\System\jVpNTsd.exe
      4⤵
      PID:20300
  - - C:\Windows\System\iQKwRXY.exe
      C:\Windows\System\iQKwRXY.exe
      4⤵
      PID:20324
  - - C:\Windows\System\PMqGSdm.exe
      C:\Windows\System\PMqGSdm.exe
      4⤵
      PID:20348
  - - C:\Windows\System\EJPXOKC.exe
      C:\Windows\System\EJPXOKC.exe
      4⤵
      PID:20372
  - - C:\Windows\System\FOCsutI.exe
      C:\Windows\System\FOCsutI.exe
      4⤵
      PID:20396
  - - C:\Windows\System\pMxiUHy.exe
      C:\Windows\System\pMxiUHy.exe
      4⤵
      PID:20416
  - - C:\Windows\System\dhUIeKn.exe
      C:\Windows\System\dhUIeKn.exe
      4⤵
      PID:20444
  - - C:\Windows\System\xGHmfes.exe
      C:\Windows\System\xGHmfes.exe
      4⤵
      PID:20472
  - - C:\Windows\System\YGTGZzp.exe
      C:\Windows\System\YGTGZzp.exe
      4⤵
      PID:8188
  - - C:\Windows\System\nGMUOcc.exe
      C:\Windows\System\nGMUOcc.exe
      4⤵
      PID:20500
  - - C:\Windows\System\UAHjhcf.exe
      C:\Windows\System\UAHjhcf.exe
      4⤵
      PID:20524
  - - C:\Windows\System\bLFOsLA.exe
      C:\Windows\System\bLFOsLA.exe
      4⤵
      PID:20548
  - - C:\Windows\System\aUqUYzt.exe
      C:\Windows\System\aUqUYzt.exe
      4⤵
      PID:20568
  - - C:\Windows\System\IvlEeuS.exe
      C:\Windows\System\IvlEeuS.exe
      4⤵
      PID:20584
  - - C:\Windows\System\behCasF.exe
      C:\Windows\System\behCasF.exe
      4⤵
      PID:20612
  - - C:\Windows\System\btgUabd.exe
      C:\Windows\System\btgUabd.exe
      4⤵
      PID:20628
  - - C:\Windows\System\zHtxoEe.exe
      C:\Windows\System\zHtxoEe.exe
      4⤵
      PID:20652
  - - C:\Windows\System\FbgmTnx.exe
      C:\Windows\System\FbgmTnx.exe
      4⤵
      PID:20668
  - - C:\Windows\System\nFOpMXw.exe
      C:\Windows\System\nFOpMXw.exe
      4⤵
      PID:20684
  - - C:\Windows\System\vxbEsLi.exe
      C:\Windows\System\vxbEsLi.exe
      4⤵
      PID:20700
  - - C:\Windows\System\VpeeNlg.exe
      C:\Windows\System\VpeeNlg.exe
      4⤵
      PID:20716
  - - C:\Windows\System\lvabpcS.exe
      C:\Windows\System\lvabpcS.exe
      4⤵
      PID:20732
  - - C:\Windows\System\MGWWzaa.exe
      C:\Windows\System\MGWWzaa.exe
      4⤵
      PID:20748
  - - C:\Windows\System\ZXHyzUv.exe
      C:\Windows\System\ZXHyzUv.exe
      4⤵
      PID:20764
  - - C:\Windows\System\wtbuqIb.exe
      C:\Windows\System\wtbuqIb.exe
      4⤵
      PID:20780
  - - C:\Windows\System\zmBYSmJ.exe
      C:\Windows\System\zmBYSmJ.exe
      4⤵
      PID:20796
  - - C:\Windows\System\yFGwfXL.exe
      C:\Windows\System\yFGwfXL.exe
      4⤵
      PID:20812
  - - C:\Windows\System\gxBkXza.exe
      C:\Windows\System\gxBkXza.exe
      4⤵
      PID:20828
  - - C:\Windows\System\MGcTpYe.exe
      C:\Windows\System\MGcTpYe.exe
      4⤵
      PID:20848
  - - C:\Windows\System\JHfMMbA.exe
      C:\Windows\System\JHfMMbA.exe
      4⤵
      PID:20864
  - - C:\Windows\System\SLZiFlg.exe
      C:\Windows\System\SLZiFlg.exe
      4⤵
      PID:20880
  - - C:\Windows\System\YwanfmS.exe
      C:\Windows\System\YwanfmS.exe
      4⤵
      PID:20896
  - - C:\Windows\System\PalXLfK.exe
      C:\Windows\System\PalXLfK.exe
      4⤵
      PID:20912
  - - C:\Windows\System\gFOvKuv.exe
      C:\Windows\System\gFOvKuv.exe
      4⤵
      PID:20928
  - - C:\Windows\System\BqDAaPT.exe
      C:\Windows\System\BqDAaPT.exe
      4⤵
      PID:20944
  - - C:\Windows\System\dTFePMq.exe
      C:\Windows\System\dTFePMq.exe
      4⤵
      PID:20964
  - - C:\Windows\System\gxpACzo.exe
      C:\Windows\System\gxpACzo.exe
      4⤵
      PID:20984
  - - C:\Windows\System\LmXmzqC.exe
      C:\Windows\System\LmXmzqC.exe
      4⤵
      PID:21000
  - - C:\Windows\System\TJPeFbG.exe
      C:\Windows\System\TJPeFbG.exe
      4⤵
      PID:21016
  - - C:\Windows\System\DSFUiHl.exe
      C:\Windows\System\DSFUiHl.exe
      4⤵
      PID:21032
  - - C:\Windows\System\xhLJOvO.exe
      C:\Windows\System\xhLJOvO.exe
      4⤵
      PID:21048
  - - C:\Windows\System\RVfVgKZ.exe
      C:\Windows\System\RVfVgKZ.exe
      4⤵
      PID:21064
  - - C:\Windows\System\jZxolvD.exe
      C:\Windows\System\jZxolvD.exe
      4⤵
      PID:21080
  - - C:\Windows\System\jASmRPN.exe
      C:\Windows\System\jASmRPN.exe
      4⤵
      PID:21096
  - - C:\Windows\System\bdLTgtz.exe
      C:\Windows\System\bdLTgtz.exe
      4⤵
      PID:21112
  - - C:\Windows\System\DEaOGMO.exe
      C:\Windows\System\DEaOGMO.exe
      4⤵
      PID:21128
  - - C:\Windows\System\ZcZPvlt.exe
      C:\Windows\System\ZcZPvlt.exe
      4⤵
      PID:21144
  - - C:\Windows\System\BewpXfP.exe
      C:\Windows\System\BewpXfP.exe
      4⤵
      PID:21160
  - - C:\Windows\System\XrhXpRJ.exe
      C:\Windows\System\XrhXpRJ.exe
      4⤵
      PID:21176
  - - C:\Windows\System\gsHAthR.exe
      C:\Windows\System\gsHAthR.exe
      4⤵
      PID:21192
  - - C:\Windows\System\tBpBker.exe
      C:\Windows\System\tBpBker.exe
      4⤵
      PID:21208
  - - C:\Windows\System\iVnTLPm.exe
      C:\Windows\System\iVnTLPm.exe
      4⤵
      PID:21224
  - - C:\Windows\System\AdiDdME.exe
      C:\Windows\System\AdiDdME.exe
      4⤵
      PID:21240
  - - C:\Windows\System\jJYjMbo.exe
      C:\Windows\System\jJYjMbo.exe
      4⤵
      PID:21256
  - - C:\Windows\System\SpjDuym.exe
      C:\Windows\System\SpjDuym.exe
      4⤵
      PID:21272
  - - C:\Windows\System\veDCbMI.exe
      C:\Windows\System\veDCbMI.exe
      4⤵
      PID:21288
  - - C:\Windows\System\UojbDvy.exe
      C:\Windows\System\UojbDvy.exe
      4⤵
      PID:21308
  - - C:\Windows\System\tCddQYR.exe
      C:\Windows\System\tCddQYR.exe
      4⤵
      PID:21324
  - - C:\Windows\System\rTRJpYv.exe
      C:\Windows\System\rTRJpYv.exe
      4⤵
      PID:21340
  - - C:\Windows\System\ksxPXwE.exe
      C:\Windows\System\ksxPXwE.exe
      4⤵
      PID:21356
  - - C:\Windows\System\iroKndJ.exe
      C:\Windows\System\iroKndJ.exe
      4⤵
      PID:21372
  - - C:\Windows\System\YulyAIu.exe
      C:\Windows\System\YulyAIu.exe
      4⤵
      PID:21388
  - - C:\Windows\System\iwXgbHQ.exe
      C:\Windows\System\iwXgbHQ.exe
      4⤵
      PID:21412
  - - C:\Windows\System\KKLrElL.exe
      C:\Windows\System\KKLrElL.exe
      4⤵
      PID:21436
  - - C:\Windows\System\eoUgAlK.exe
      C:\Windows\System\eoUgAlK.exe
      4⤵
      PID:21460
  - - C:\Windows\System\SwYKyts.exe
      C:\Windows\System\SwYKyts.exe
      4⤵
      PID:21484
  - - C:\Windows\System\cgCIyTw.exe
      C:\Windows\System\cgCIyTw.exe
      4⤵
      PID:14536
  - - C:\Windows\System\hJdvUMF.exe
      C:\Windows\System\hJdvUMF.exe
      4⤵
      PID:13320
  - - C:\Windows\System\NpZsNFw.exe
      C:\Windows\System\NpZsNFw.exe
      4⤵
      PID:12044
  - - C:\Windows\System\SVSRnKj.exe
      C:\Windows\System\SVSRnKj.exe
      4⤵
      PID:8556
  - - C:\Windows\System\nUnmuWP.exe
      C:\Windows\System\nUnmuWP.exe
      4⤵
      PID:10928
  - - C:\Windows\System\dfahNVW.exe
      C:\Windows\System\dfahNVW.exe
      4⤵
      PID:15880
  - - C:\Windows\System\sbEyDcj.exe
      C:\Windows\System\sbEyDcj.exe
      4⤵
      PID:5756
  - - C:\Windows\System\nzijHxC.exe
      C:\Windows\System\nzijHxC.exe
      4⤵
      PID:14772
  - - C:\Windows\System\vynFHvH.exe
      C:\Windows\System\vynFHvH.exe
      4⤵
      PID:13652
  - - C:\Windows\System\hUhKAEv.exe
      C:\Windows\System\hUhKAEv.exe
      4⤵
      PID:9540
  - - C:\Windows\System\JmslSWC.exe
      C:\Windows\System\JmslSWC.exe
      4⤵
      PID:17712
  - - C:\Windows\System\DGFkrTo.exe
      C:\Windows\System\DGFkrTo.exe
      4⤵
      PID:16300
  - - C:\Windows\System\mzOzsNq.exe
      C:\Windows\System\mzOzsNq.exe
      4⤵
      PID:9356
  - - C:\Windows\System\RbBJDGw.exe
      C:\Windows\System\RbBJDGw.exe
      4⤵
      PID:18120
  - - C:\Windows\System\lmLFlCS.exe
      C:\Windows\System\lmLFlCS.exe
      4⤵
      PID:12252
  - - C:\Windows\System\NmuhlOC.exe
      C:\Windows\System\NmuhlOC.exe
      4⤵
      PID:10488
  - - C:\Windows\System\xfWGCmT.exe
      C:\Windows\System\xfWGCmT.exe
      4⤵
      PID:12904
  - - C:\Windows\System\ejulsqO.exe
      C:\Windows\System\ejulsqO.exe
      4⤵
      PID:10752
  - - C:\Windows\System\bcmBCoh.exe
      C:\Windows\System\bcmBCoh.exe
      4⤵
      PID:9556
  - - C:\Windows\System\wacmrst.exe
      C:\Windows\System\wacmrst.exe
      4⤵
      PID:7056
  - - C:\Windows\System\AqbfOGR.exe
      C:\Windows\System\AqbfOGR.exe
      4⤵
      PID:18328
  - - C:\Windows\System\rJQwwaX.exe
      C:\Windows\System\rJQwwaX.exe
      4⤵
      PID:12528
  - - C:\Windows\System\lFCLmWi.exe
      C:\Windows\System\lFCLmWi.exe
      4⤵
      PID:9668
  - - C:\Windows\System\VOnBZdY.exe
      C:\Windows\System\VOnBZdY.exe
      4⤵
      PID:15092
  - - C:\Windows\System\nAnjYjB.exe
      C:\Windows\System\nAnjYjB.exe
      4⤵
      PID:15704
  - - C:\Windows\System\PbpUIse.exe
      C:\Windows\System\PbpUIse.exe
      4⤵
      PID:16364
  - - C:\Windows\System\YXiFdMP.exe
      C:\Windows\System\YXiFdMP.exe
      4⤵
      PID:11484
  - - C:\Windows\System\vuJChjx.exe
      C:\Windows\System\vuJChjx.exe
      4⤵
      PID:5412
  - - C:\Windows\System\RDcrHjQ.exe
      C:\Windows\System\RDcrHjQ.exe
      4⤵
      PID:14100
  - - C:\Windows\System\wSAxSDx.exe
      C:\Windows\System\wSAxSDx.exe
      4⤵
      PID:11440
  - - C:\Windows\System\RbOrFZi.exe
      C:\Windows\System\RbOrFZi.exe
      4⤵
      PID:7824
  - - C:\Windows\System\vYJhyMh.exe
      C:\Windows\System\vYJhyMh.exe
      4⤵
      PID:10568
  - - C:\Windows\System\aDBTnHk.exe
      C:\Windows\System\aDBTnHk.exe
      4⤵
      PID:16116
  - - C:\Windows\System\YKLtING.exe
      C:\Windows\System\YKLtING.exe
      4⤵
      PID:13480
  - - C:\Windows\System\heYDgGh.exe
      C:\Windows\System\heYDgGh.exe
      4⤵
      PID:12336
  - - C:\Windows\System\qZIbBdQ.exe
      C:\Windows\System\qZIbBdQ.exe
      4⤵
      PID:14552
  - - C:\Windows\System\LEkEJwy.exe
      C:\Windows\System\LEkEJwy.exe
      4⤵
      PID:15220
  - - C:\Windows\System\mGurYDS.exe
      C:\Windows\System\mGurYDS.exe
      4⤵
      PID:9888
  - - C:\Windows\System\mJEcvvp.exe
      C:\Windows\System\mJEcvvp.exe
      4⤵
      PID:13672
  - - C:\Windows\System\yLQCXKT.exe
      C:\Windows\System\yLQCXKT.exe
      4⤵
      PID:16460
  - - C:\Windows\System\QNShDaM.exe
      C:\Windows\System\QNShDaM.exe
      4⤵
      PID:17216
  - - C:\Windows\System\tKNaqpD.exe
      C:\Windows\System\tKNaqpD.exe
      4⤵
      PID:9140
  - - C:\Windows\System\tzmgHtm.exe
      C:\Windows\System\tzmgHtm.exe
      4⤵
      PID:21528
  - - C:\Windows\System\ZAlTjLg.exe
      C:\Windows\System\ZAlTjLg.exe
      4⤵
      PID:21576
  - - C:\Windows\System\JjZyTdx.exe
      C:\Windows\System\JjZyTdx.exe
      4⤵
      PID:21620
  - - C:\Windows\System\chckyIC.exe
      C:\Windows\System\chckyIC.exe
      4⤵
      PID:21644
  - - C:\Windows\System\sCRwXcg.exe
      C:\Windows\System\sCRwXcg.exe
      4⤵
      PID:21692
  - - C:\Windows\System\MXeLvFb.exe
      C:\Windows\System\MXeLvFb.exe
      4⤵
      PID:21744
  - - C:\Windows\System\brAoOSB.exe
      C:\Windows\System\brAoOSB.exe
      4⤵
      PID:21760
  - - C:\Windows\System\XDKurAf.exe
      C:\Windows\System\XDKurAf.exe
      4⤵
      PID:21776
  - - C:\Windows\System\CVmMcue.exe
      C:\Windows\System\CVmMcue.exe
      4⤵
      PID:21792
  - - C:\Windows\System\AeaypyM.exe
      C:\Windows\System\AeaypyM.exe
      4⤵
      PID:21808
  - - C:\Windows\System\lVxslmv.exe
      C:\Windows\System\lVxslmv.exe
      4⤵
      PID:21824
  - - C:\Windows\System\kUJkbPX.exe
      C:\Windows\System\kUJkbPX.exe
      4⤵
      PID:21840
  - - C:\Windows\System\vKhWmdz.exe
      C:\Windows\System\vKhWmdz.exe
      4⤵
      PID:21860
  - - C:\Windows\System\PznoJKp.exe
      C:\Windows\System\PznoJKp.exe
      4⤵
      PID:21876
  - - C:\Windows\System\yJbHBLe.exe
      C:\Windows\System\yJbHBLe.exe
      4⤵
      PID:21892
  - - C:\Windows\System\TCwbtSz.exe
      C:\Windows\System\TCwbtSz.exe
      4⤵
      PID:21908
  - - C:\Windows\System\csbYDyA.exe
      C:\Windows\System\csbYDyA.exe
      4⤵
      PID:21924
  - - C:\Windows\System\udBRGAj.exe
      C:\Windows\System\udBRGAj.exe
      4⤵
      PID:21944
  - - C:\Windows\System\JNCQLoY.exe
      C:\Windows\System\JNCQLoY.exe
      4⤵
      PID:21964
  - - C:\Windows\System\blUYotD.exe
      C:\Windows\System\blUYotD.exe
      4⤵
      PID:21980
  - - C:\Windows\System\MxkxrIa.exe
      C:\Windows\System\MxkxrIa.exe
      4⤵
      PID:21996
  - - C:\Windows\System\oLFkCkp.exe
      C:\Windows\System\oLFkCkp.exe
      4⤵
      PID:22016
  - - C:\Windows\System\MSIMMxR.exe
      C:\Windows\System\MSIMMxR.exe
      4⤵
      PID:22040
  - - C:\Windows\System\qqzRcUG.exe
      C:\Windows\System\qqzRcUG.exe
      4⤵
      PID:22068
  - - C:\Windows\System\fosFJfM.exe
      C:\Windows\System\fosFJfM.exe
      4⤵
      PID:22096
  - - C:\Windows\System\rLPlYQy.exe
      C:\Windows\System\rLPlYQy.exe
      4⤵
      PID:22116
  - - C:\Windows\System\ODlMdAh.exe
      C:\Windows\System\ODlMdAh.exe
      4⤵
      PID:22148
  - - C:\Windows\System\ecgEnFt.exe
      C:\Windows\System\ecgEnFt.exe
      4⤵
      PID:22188
  - - C:\Windows\System\TOKwWdH.exe
      C:\Windows\System\TOKwWdH.exe
      4⤵
      PID:22268
  - - C:\Windows\System\daWSMQt.exe
      C:\Windows\System\daWSMQt.exe
      4⤵
      PID:22292
  - - C:\Windows\System\GBcxARq.exe
      C:\Windows\System\GBcxARq.exe
      4⤵
      PID:22316
  - - C:\Windows\System\TqKDuAZ.exe
      C:\Windows\System\TqKDuAZ.exe
      4⤵
      PID:22348
  - - C:\Windows\System\uYpmRuD.exe
      C:\Windows\System\uYpmRuD.exe
      4⤵
      PID:22388
  - - C:\Windows\System\STBnuQt.exe
      C:\Windows\System\STBnuQt.exe
      4⤵
      PID:22412
  - - C:\Windows\System\ncFUlYf.exe
      C:\Windows\System\ncFUlYf.exe
      4⤵
      PID:22456
  - - C:\Windows\System\JYxqTJb.exe
      C:\Windows\System\JYxqTJb.exe
      4⤵
      PID:22480
  - - C:\Windows\System\KWoMnnE.exe
      C:\Windows\System\KWoMnnE.exe
      4⤵
      PID:22508
  - - C:\Windows\System\bsKEGvf.exe
      C:\Windows\System\bsKEGvf.exe
      4⤵
      PID:14200
  - - C:\Windows\System\TpAKtrQ.exe
      C:\Windows\System\TpAKtrQ.exe
      4⤵
      PID:9404
  - - C:\Windows\System\pfdrLvt.exe
      C:\Windows\System\pfdrLvt.exe
      4⤵
      PID:1052
  - - C:\Windows\System\mOVAsQH.exe
      C:\Windows\System\mOVAsQH.exe
      4⤵
      PID:13836
  - - C:\Windows\System\nSqrizC.exe
      C:\Windows\System\nSqrizC.exe
      4⤵
      PID:13092
  - - C:\Windows\System\xdmVgGd.exe
      C:\Windows\System\xdmVgGd.exe
      4⤵
      PID:6680
  - - C:\Windows\System\bajKAtY.exe
      C:\Windows\System\bajKAtY.exe
      4⤵
      PID:14740
  - - C:\Windows\System\iZlhQLU.exe
      C:\Windows\System\iZlhQLU.exe
      4⤵
      PID:5660
  - - C:\Windows\System\gBcGgWo.exe
      C:\Windows\System\gBcGgWo.exe
      4⤵
      PID:7228
  - - C:\Windows\System\gOCgDSh.exe
      C:\Windows\System\gOCgDSh.exe
      4⤵
      PID:18852
  - - C:\Windows\System\eqqVTkt.exe
      C:\Windows\System\eqqVTkt.exe
      4⤵
      PID:14468
  - - C:\Windows\System\pfPXtls.exe
      C:\Windows\System\pfPXtls.exe
      4⤵
      PID:18904
  - - C:\Windows\System\AJUOTJg.exe
      C:\Windows\System\AJUOTJg.exe
      4⤵
      PID:10196
  - - C:\Windows\System\RRyFAeB.exe
      C:\Windows\System\RRyFAeB.exe
      4⤵
      PID:18964
  - - C:\Windows\System\FOwkkRu.exe
      C:\Windows\System\FOwkkRu.exe
      4⤵
      PID:18988
  - - C:\Windows\System\jEoBBqp.exe
      C:\Windows\System\jEoBBqp.exe
      4⤵
      PID:19048
  - - C:\Windows\System\wHbnrsE.exe
      C:\Windows\System\wHbnrsE.exe
      4⤵
      PID:11628
  - - C:\Windows\System\uJRrCaU.exe
      C:\Windows\System\uJRrCaU.exe
      4⤵
      PID:19216
  - - C:\Windows\System\PaRDrFc.exe
      C:\Windows\System\PaRDrFc.exe
      4⤵
      PID:19288
  - - C:\Windows\System\fWVSFjq.exe
      C:\Windows\System\fWVSFjq.exe
      4⤵
      PID:19328
  - - C:\Windows\System\dJKTgDd.exe
      C:\Windows\System\dJKTgDd.exe
      4⤵
      PID:14212
  - - C:\Windows\System\tyjuMKd.exe
      C:\Windows\System\tyjuMKd.exe
      4⤵
      PID:916
  - - C:\Windows\System\uSRyVbz.exe
      C:\Windows\System\uSRyVbz.exe
      4⤵
      PID:4204
  - - C:\Windows\System\TWyxRPj.exe
      C:\Windows\System\TWyxRPj.exe
      4⤵
      PID:4884
  - - C:\Windows\System\woUXFba.exe
      C:\Windows\System\woUXFba.exe
      4⤵
      PID:19644
  - - C:\Windows\System\zgBohTL.exe
      C:\Windows\System\zgBohTL.exe
      4⤵
      PID:11948
- - C:\Users\Admin\Downloads\240919-ppcfhsyfpq_eb561c1ba16c6c3d687434761f42cb04_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-ppcfhsyfpq_eb561c1ba16c6c3d687434761f42cb04_JaffaCakes118.exe
    3⤵
    PID:5352
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 308
      4⤵
      Program crash
      PID:12572
- - C:\Users\Admin\Downloads\240919-pqd1qsygkm_PO-27893493.exe
    C:\Users\Admin\Downloads\240919-pqd1qsygkm_PO-27893493.exe
    3⤵
    PID:5876
- - C:\Users\Admin\Downloads\240919-pkwzcsydrj_996f9de8dfa6102ce8c454fae3055ed71f88c6b0e3fca5cf01917d7426d4a085.exe
    C:\Users\Admin\Downloads\240919-pkwzcsydrj_996f9de8dfa6102ce8c454fae3055ed71f88c6b0e3fca5cf01917d7426d4a085.exe
    3⤵
    PID:5884
- - C:\Users\Admin\Downloads\240919-pnb4csyaqe_AWB_Ref#339720937705pdf.exe
    C:\Users\Admin\Downloads\240919-pnb4csyaqe_AWB_Ref#339720937705pdf.exe
    3⤵
    PID:5892
- - C:\Users\Admin\Downloads\240919-pncpwsyfjk_documents-pdf.exe
    C:\Users\Admin\Downloads\240919-pncpwsyfjk_documents-pdf.exe
    3⤵
    PID:5916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 804
      4⤵
      Program crash
      PID:19028
- - C:\Users\Admin\Downloads\240919-pnb4csyaqh_Comprobante_98756.exe
    C:\Users\Admin\Downloads\240919-pnb4csyaqh_Comprobante_98756.exe
    3⤵
    PID:5924
- - C:\Users\Admin\Downloads\240919-pgv8naxgka_6df79ac78d6221a4436fdd943d0f0cd0dd72f46ded4a3762329ff85e89e5c79aN.exe
    C:\Users\Admin\Downloads\240919-pgv8naxgka_6df79ac78d6221a4436fdd943d0f0cd0dd72f46ded4a3762329ff85e89e5c79aN.exe
    3⤵
    PID:1440
  - - C:\Windows\SysWOW64\Lqndhcdc.exe
      C:\Windows\system32\Lqndhcdc.exe
      4⤵
      PID:5464
- - C:\Users\Admin\Downloads\240919-pfw4kaxfpg_HackTool.Win32.CobaltStrike.pz-1671e4cd8dab3d329995047cb173cc013b2ddea9f050d03136108f11a0dffacbN
    C:\Users\Admin\Downloads\240919-pfw4kaxfpg_HackTool.Win32.CobaltStrike.pz-1671e4cd8dab3d329995047cb173cc013b2ddea9f050d03136108f11a0dffacbN
    3⤵
    PID:568
- - C:\Users\Admin\Downloads\240919-pbh15sxdrg_eb4e2a8e3747a92bfa9eddbd82922e59_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pbh15sxdrg_eb4e2a8e3747a92bfa9eddbd82922e59_JaffaCakes118.exe
    3⤵
    PID:6140
- - C:\Users\Admin\Downloads\240919-phgfwsxgmb_62b90ce3f59add9857236552ab768bcf494caa244303d0c7d39950bbb1640f75N.exe
    C:\Users\Admin\Downloads\240919-phgfwsxgmb_62b90ce3f59add9857236552ab768bcf494caa244303d0c7d39950bbb1640f75N.exe
    3⤵
    PID:6224
- - C:\Users\Admin\Downloads\240919-pgekxaxfrg_5fac61e9b3d3c27a6e8df0df86f0ea92082c0e10b0f48227165d94800f642d9aN.exe
    C:\Users\Admin\Downloads\240919-pgekxaxfrg_5fac61e9b3d3c27a6e8df0df86f0ea92082c0e10b0f48227165d94800f642d9aN.exe
    3⤵
    PID:6232
  - - C:\Windows\SysWOW64\Dnmhpg32.exe
      C:\Windows\system32\Dnmhpg32.exe
      4⤵
      PID:6628
    - - C:\Windows\SysWOW64\Klcekpdo.exe
        
        C:\Windows\system32\Klcekpdo.exe
        5⤵
        
        PID:1716
      - C:\Windows\SysWOW64\Pdmdnadc.exe
        
        C:\Windows\system32\Pdmdnadc.exe
        6⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\Hnnljj32.exe
        
        C:\Windows\system32\Hnnljj32.exe
        7⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\Aplaoj32.exe
        
        C:\Windows\system32\Aplaoj32.exe
        8⤵
        
        PID:18420
        
        C:\Windows\SysWOW64\Ndidna32.exe
        
        C:\Windows\system32\Ndidna32.exe
        9⤵
        
        PID:13860
- - C:\Users\Admin\Downloads\240919-pmtl1syapd_eb54d97463126d2c847af3d180f96770_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pmtl1syapd_eb54d97463126d2c847af3d180f96770_JaffaCakes118.exe
    3⤵
    PID:6240
- - C:\Users\Admin\Downloads\240919-pbj87syanl_eb4e2dcf30c0f0e869bb6827227df703_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pbj87syanl_eb4e2dcf30c0f0e869bb6827227df703_JaffaCakes118.exe
    3⤵
    PID:6248
- - C:\Users\Admin\Downloads\240919-phbkmsycrp_eb51b37bc20a3f98e353157b71276994_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-phbkmsycrp_eb51b37bc20a3f98e353157b71276994_JaffaCakes118.exe
    3⤵
    PID:6256
- - C:\Users\Admin\Downloads\240919-pjxt9sydnp_5da41272d55eff3d99d9ab4586f6572a02e0e5ef35c0bbf3bef2dfa06949121bN.exe
    C:\Users\Admin\Downloads\240919-pjxt9sydnp_5da41272d55eff3d99d9ab4586f6572a02e0e5ef35c0bbf3bef2dfa06949121bN.exe
    3⤵
    PID:8228
  - - C:\Windows\SysWOW64\Ddnfmqng.exe
      C:\Windows\system32\Ddnfmqng.exe
      4⤵
      PID:9840
    - - C:\Windows\SysWOW64\Kcmmhj32.exe
        
        C:\Windows\system32\Kcmmhj32.exe
        5⤵
        
        PID:9780
      - C:\Windows\SysWOW64\Mjaabq32.exe
        
        C:\Windows\system32\Mjaabq32.exe
        6⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\Eojiqb32.exe
        
        C:\Windows\system32\Eojiqb32.exe
        7⤵
        
        PID:13508
        
        C:\Windows\SysWOW64\Adepji32.exe
        
        C:\Windows\system32\Adepji32.exe
        8⤵
        
        PID:18136
        
        C:\Windows\SysWOW64\Nkcmjlio.exe
        
        C:\Windows\system32\Nkcmjlio.exe
        9⤵
        
        PID:21568
- - C:\Users\Admin\Downloads\240919-pmesvsyenm_dc40a707157545b53ee8663d4ef33d6e59095b8904bf94b0250485b0b1b6d074N.exe
    C:\Users\Admin\Downloads\240919-pmesvsyenm_dc40a707157545b53ee8663d4ef33d6e59095b8904bf94b0250485b0b1b6d074N.exe
    3⤵
    PID:8236
  - - C:\Windows\SysWOW64\Dmennnni.exe
      C:\Windows\system32\Dmennnni.exe
      4⤵
      PID:9868
    - - C:\Windows\SysWOW64\Kgiiiidd.exe
        
        C:\Windows\system32\Kgiiiidd.exe
        5⤵
        
        PID:9800
      - C:\Windows\SysWOW64\Mfhbga32.exe
        
        C:\Windows\system32\Mfhbga32.exe
        6⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\Cdkifmjq.exe
        
        C:\Windows\system32\Cdkifmjq.exe
        7⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\Halhfe32.exe
        
        C:\Windows\system32\Halhfe32.exe
        8⤵
        
        PID:2556
- - C:\Users\Admin\Downloads\240919-pf37wayclr_4369ff548f4abf63072ce48f85c5f7af422d0d9cfa6c64801c2b53fc1deeacb7N.exe
    C:\Users\Admin\Downloads\240919-pf37wayclr_4369ff548f4abf63072ce48f85c5f7af422d0d9cfa6c64801c2b53fc1deeacb7N.exe
    3⤵
    PID:8244
  - - C:\Windows\SysWOW64\Hffken32.exe
      C:\Windows\system32\Hffken32.exe
      4⤵
      PID:9044
    - - C:\Windows\SysWOW64\Koodbl32.exe
        
        C:\Windows\system32\Koodbl32.exe
        5⤵
        
        PID:9616
      - C:\Windows\SysWOW64\Ebfign32.exe
        
        C:\Windows\system32\Ebfign32.exe
        6⤵
        
        PID:13448
- - C:\Users\Admin\Downloads\240919-pjswbaydnk_61cee45a58d56be4750ee0ef1a81c0a31abd658cd41d6be52510a440f7dcfdfbN.exe
    C:\Users\Admin\Downloads\240919-pjswbaydnk_61cee45a58d56be4750ee0ef1a81c0a31abd658cd41d6be52510a440f7dcfdfbN.exe
    3⤵
    PID:8252
  - - C:\Windows\SysWOW64\Klahfp32.exe
      C:\Windows\system32\Klahfp32.exe
      4⤵
      PID:9568
    - - C:\Windows\SysWOW64\Mqimikfj.exe
        
        C:\Windows\system32\Mqimikfj.exe
        5⤵
        
        PID:9628
- - C:\Users\Admin\Downloads\240919-pergpaybqq_10683d758f2eda6028c3f22095acca15d9fd27229d1a910975de790678f383eaN.exe
    C:\Users\Admin\Downloads\240919-pergpaybqq_10683d758f2eda6028c3f22095acca15d9fd27229d1a910975de790678f383eaN.exe
    3⤵
    PID:8260
  - - C:\Windows\SysWOW64\Gpelhd32.exe
      C:\Windows\system32\Gpelhd32.exe
      4⤵
      PID:7744
    - - C:\Windows\SysWOW64\Ieidhh32.exe
        
        C:\Windows\system32\Ieidhh32.exe
        5⤵
        
        PID:10660
      - C:\Windows\SysWOW64\Phonha32.exe
        
        C:\Windows\system32\Phonha32.exe
        6⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\Gaqhjggp.exe
        
        C:\Windows\system32\Gaqhjggp.exe
        7⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\Jhhodg32.exe
        
        C:\Windows\system32\Jhhodg32.exe
        8⤵
        
        PID:14776
        
        C:\Windows\SysWOW64\Ofgmib32.exe
        
        C:\Windows\system32\Ofgmib32.exe
        9⤵
        
        PID:19168
- - C:\Users\Admin\Downloads\240919-pczqaaybkm_0719614d5072945ef60f65d77a7d6b3f1959d8bf9004edecb0f95e0ef368a59eN.exe
    C:\Users\Admin\Downloads\240919-pczqaaybkm_0719614d5072945ef60f65d77a7d6b3f1959d8bf9004edecb0f95e0ef368a59eN.exe
    3⤵
    PID:8268
  - - C:\Windows\SysWOW64\Geohklaa.exe
      C:\Windows\system32\Geohklaa.exe
      4⤵
      PID:6164
    - - C:\Windows\SysWOW64\Jleijb32.exe
        
        C:\Windows\system32\Jleijb32.exe
        5⤵
        
        PID:10600
      - C:\Windows\SysWOW64\Dkqaoe32.exe
        
        C:\Windows\system32\Dkqaoe32.exe
        6⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12340 -s 440
        7⤵
        Program crash
        
        PID:20644
- - C:\Users\Admin\Downloads\240919-phrlvsxgnf_eb5216dcc8e84937ead46858a881df03_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-phrlvsxgnf_eb5216dcc8e84937ead46858a881df03_JaffaCakes118.exe
    3⤵
    PID:8284
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\Option.bat
      4⤵
      PID:10740
  - - C:\Windows\SysWOW64\net.exe
      net.exe start schedule /y
      4⤵
      PID:11860
  - - C:\Windows\SysWOW64\At.exe
      At.exe 12:39:25 PM C:\Windows\Help\HelpCat.exe
      4⤵
      PID:3052
  - - C:\Windows\SysWOW64\net.exe
      net.exe stop sharedaccess /y
      4⤵
      PID:18292
  - - C:\Windows\SysWOW64\net.exe
      net.exe stop wuauserv /y
      4⤵
      PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\net.exe
      net.exe stop srservice /y
      4⤵
      PID:22380
- - C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe
    "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:8292
  - - C:\Users\Admin\AppData\Local\lustring\reindulgence.exe
      "C:\Users\Admin\Downloads\240919-pncpwsyarc_DHL SHIPPING DOCS MAWB 607-33268616 HAWB FRA-27756732 ADSB PO 202422070.exe"
      4⤵
      PID:10076
- - C:\Users\Admin\Downloads\240919-pnc1nayare_DRAWING SINCOAUTOMATION 6994745PURCHASE ORDER SINCOAUTOMATION PO 322357781 Ref 6421SINCOAUTOMATION4533DWG.exe
    "C:\Users\Admin\Downloads\240919-pnc1nayare_DRAWING SINCOAUTOMATION 6994745PURCHASE ORDER SINCOAUTOMATION PO 322357781 Ref 6421SINCOAUTOMATION4533DWG.exe"
    3⤵
    PID:8300
- - C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe
    "C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe"
    3⤵
    PID:8308
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnzjnayblf_Recibo de pago.880743.exe"
      4⤵
      PID:10668
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 828
      4⤵
      Program crash
      PID:19828
- - C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe
    "C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe"
    3⤵
    PID:8316
  - - C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe"
      4⤵
      PID:14596
- - C:\Users\Admin\Downloads\240919-pbwl8syapm_RFQ_0001.exe
    C:\Users\Admin\Downloads\240919-pbwl8syapm_RFQ_0001.exe
    3⤵
    PID:8324
- - C:\Users\Admin\Downloads\240919-pnz57ayfnp_Wspguvcwm.exe
    C:\Users\Admin\Downloads\240919-pnz57ayfnp_Wspguvcwm.exe
    3⤵
    PID:8332
- - C:\Users\Admin\Downloads\240919-pf3lcaxfqc_eb50cd921d5d7f17159c9272ad768c80_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pf3lcaxfqc_eb50cd921d5d7f17159c9272ad768c80_JaffaCakes118.exe
    3⤵
    PID:8340
- - C:\Users\Admin\Downloads\240919-pbg4vayanj_Backdoor.Win32.Padodor.SK.MTB-e6489f38db3db1c2ed45cb7748997c14db2c3b57906754adb4baeda74e80dbd3N
    C:\Users\Admin\Downloads\240919-pbg4vayanj_Backdoor.Win32.Padodor.SK.MTB-e6489f38db3db1c2ed45cb7748997c14db2c3b57906754adb4baeda74e80dbd3N
    3⤵
    PID:8348
  - - C:\Windows\SysWOW64\Fiaael32.exe
      C:\Windows\system32\Fiaael32.exe
      4⤵
      PID:8896
    - - C:\Windows\SysWOW64\Nqmfdj32.exe
        
        C:\Windows\system32\Nqmfdj32.exe
        5⤵
        
        PID:2852
      - C:\Windows\SysWOW64\Coqncejg.exe
        
        C:\Windows\system32\Coqncejg.exe
        6⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\Fkofga32.exe
        
        C:\Windows\system32\Fkofga32.exe
        7⤵
        
        PID:14404
        
        C:\Windows\SysWOW64\Ipkdek32.exe
        
        C:\Windows\system32\Ipkdek32.exe
        8⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\Amnebo32.exe
        
        C:\Windows\system32\Amnebo32.exe
        9⤵
        
        PID:18344
        
        C:\Windows\SysWOW64\Nheqnpjk.exe
        
        C:\Windows\system32\Nheqnpjk.exe
        10⤵
        
        PID:17396
- - C:\Users\Admin\Downloads\240919-pej3lsybpq_4817fdc4dbcbaafbd1e1c5af769f56e25afdfb2510c5cdc27c54de8eb118ebfeN.exe
    C:\Users\Admin\Downloads\240919-pej3lsybpq_4817fdc4dbcbaafbd1e1c5af769f56e25afdfb2510c5cdc27c54de8eb118ebfeN.exe
    3⤵
    PID:8356
  - - C:\Windows\SysWOW64\Fmmmfj32.exe
      C:\Windows\system32\Fmmmfj32.exe
      4⤵
      PID:8920
- - C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe
    "C:\Users\Admin\Downloads\240919-pnymcsyfmm_Payment Voucher.exe"
    3⤵
    PID:8364
- - C:\Users\Admin\Downloads\240919-pqj7rayglk_00745050f2d676d1815c0a4375c84f58dc9a1bce1a34888d26824023057c6b32N.exe
    C:\Users\Admin\Downloads\240919-pqj7rayglk_00745050f2d676d1815c0a4375c84f58dc9a1bce1a34888d26824023057c6b32N.exe
    3⤵
    PID:8372
  - - C:\Windows\SysWOW64\Flpmagqi.exe
      C:\Windows\system32\Flpmagqi.exe
      4⤵
      PID:5864
    - - C:\Windows\SysWOW64\Nopfpgip.exe
        
        C:\Windows\system32\Nopfpgip.exe
        5⤵
        
        PID:8072
      - C:\Windows\SysWOW64\Qpeahb32.exe
        
        C:\Windows\system32\Qpeahb32.exe
        6⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\Fgoakc32.exe
        
        C:\Windows\system32\Fgoakc32.exe
        7⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\Nakhaf32.exe
        
        C:\Windows\system32\Nakhaf32.exe
        8⤵
        
        PID:6620
- - C:\Users\Admin\Downloads\240919-pcmqqaybjl_eb146a14d6e64fee540f7be43ef1c1de689e0be31f1fabc42a1bc4ef9aa4fe69N.exe
    C:\Users\Admin\Downloads\240919-pcmqqaybjl_eb146a14d6e64fee540f7be43ef1c1de689e0be31f1fabc42a1bc4ef9aa4fe69N.exe
    3⤵
    PID:8380
- - C:\Users\Admin\Downloads\240919-pbezgsyamq_b10116d2d5ee86a0e142e92a788acf1db3d7bb7b2d11be5f135ff43f2c0330b3N.exe
    C:\Users\Admin\Downloads\240919-pbezgsyamq_b10116d2d5ee86a0e142e92a788acf1db3d7bb7b2d11be5f135ff43f2c0330b3N.exe
    3⤵
    PID:8388
  - - C:\Windows\SysWOW64\Gfeaopqo.exe
      C:\Windows\system32\Gfeaopqo.exe
      4⤵
      PID:5204
    - - C:\Windows\SysWOW64\Iomoenej.exe
        
        C:\Windows\system32\Iomoenej.exe
        5⤵
        
        PID:10360
      - C:\Windows\SysWOW64\Lcimdh32.exe
        
        C:\Windows\system32\Lcimdh32.exe
        6⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\Dhphmj32.exe
        
        C:\Windows\system32\Dhphmj32.exe
        7⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\Pmbegqjk.exe
        
        C:\Windows\system32\Pmbegqjk.exe
        8⤵
        
        PID:17176
        
        C:\Windows\SysWOW64\Jnbgaa32.exe
        
        C:\Windows\system32\Jnbgaa32.exe
        9⤵
        
        PID:19472
- - C:\Users\Admin\Downloads\240919-pmlw6syepm_eb54a679cf165a645a9a977aa64ac623_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pmlw6syepm_eb54a679cf165a645a9a977aa64ac623_JaffaCakes118.exe
    3⤵
    PID:8396
- - C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
    C:\Users\Admin\Downloads\240919-pqp31ayckf_Document.exe
    3⤵
    PID:8404
- - C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe
    C:\Users\Admin\Downloads\240919-pnqazsyfln_PO-A1702108.exe
    3⤵
    PID:8412
- - C:\Users\Admin\Downloads\240919-ppg11aybng_9a53b0e3d431bf768d3c557a0768c0b9ffe338074a9a5dd485020f396efc7d34N.exe
    C:\Users\Admin\Downloads\240919-ppg11aybng_9a53b0e3d431bf768d3c557a0768c0b9ffe338074a9a5dd485020f396efc7d34N.exe
    3⤵
    PID:8420
  - - C:\Windows\SysWOW64\Eifaim32.exe
      C:\Windows\system32\Eifaim32.exe
      4⤵
      PID:10220
    - - C:\Windows\SysWOW64\Gnepna32.exe
        
        C:\Windows\system32\Gnepna32.exe
        5⤵
        
        PID:9636
      - C:\Windows\SysWOW64\Jpaekqhh.exe
        
        C:\Windows\system32\Jpaekqhh.exe
        6⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\Ohlqcagj.exe
        
        C:\Windows\system32\Ohlqcagj.exe
        7⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\Dhbebj32.exe
        
        C:\Windows\system32\Dhbebj32.exe
        8⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\Ganldgib.exe
        
        C:\Windows\system32\Ganldgib.exe
        9⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\Qpbnhl32.exe
        
        C:\Windows\system32\Qpbnhl32.exe
        10⤵
        
        PID:13928
        
        C:\Windows\SysWOW64\Ocfdgg32.exe
        
        C:\Windows\system32\Ocfdgg32.exe
        11⤵
        
        PID:9928
- - C:\Users\Admin\Downloads\240919-pcvrbsybjr_aa804b599daa4450470fe955d723b18622a54cf57f4dc1ba9362c34e9ba619e7N.exe
    C:\Users\Admin\Downloads\240919-pcvrbsybjr_aa804b599daa4450470fe955d723b18622a54cf57f4dc1ba9362c34e9ba619e7N.exe
    3⤵
    PID:8428
  - - C:\Windows\SysWOW64\Gihgfk32.exe
      C:\Windows\system32\Gihgfk32.exe
      4⤵
      PID:7088
    - - C:\Windows\SysWOW64\Dhbebj32.exe
        
        C:\Windows\system32\Dhbebj32.exe
        5⤵
        
        PID:6580
      - C:\Windows\SysWOW64\Qamago32.exe
        
        C:\Windows\system32\Qamago32.exe
        6⤵
        
        PID:17224
        
        C:\Windows\SysWOW64\Ookhfigk.exe
        
        C:\Windows\system32\Ookhfigk.exe
        7⤵
        
        PID:18636
- - C:\Users\Admin\Downloads\240919-pdpayaxeqf_2b05c4a36ab6245b80384d16424f6b51eef7998253a860004efabee8303997c4N.exe
    C:\Users\Admin\Downloads\240919-pdpayaxeqf_2b05c4a36ab6245b80384d16424f6b51eef7998253a860004efabee8303997c4N.exe
    3⤵
    PID:8436
  - - C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      4⤵
      PID:10280
- - C:\Users\Admin\Downloads\240919-pq548aycmf_99e5569ce51f1aab5f0e2cab952af538682566edefeeeab470fbca4205a5a75bN.exe
    C:\Users\Admin\Downloads\240919-pq548aycmf_99e5569ce51f1aab5f0e2cab952af538682566edefeeeab470fbca4205a5a75bN.exe
    3⤵
    PID:8444
- - C:\Users\Admin\Downloads\240919-pg9faaxgle_94e188775252441f9cd9aa64ee365e69708e3ff8a6b2c2b4917aea1d5e3bb217N.exe
    C:\Users\Admin\Downloads\240919-pg9faaxgle_94e188775252441f9cd9aa64ee365e69708e3ff8a6b2c2b4917aea1d5e3bb217N.exe
    3⤵
    PID:8452
  - - C:\Windows\SysWOW64\Efgemb32.exe
      C:\Windows\system32\Efgemb32.exe
      4⤵
      PID:10180
    - - C:\Windows\SysWOW64\Glgcbf32.exe
        
        C:\Windows\system32\Glgcbf32.exe
        5⤵
        
        PID:7352
      - C:\Windows\SysWOW64\Lmaamn32.exe
        
        C:\Windows\system32\Lmaamn32.exe
        6⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\Ompfej32.exe
        
        C:\Windows\system32\Ompfej32.exe
        7⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\Afockelf.exe
        
        C:\Windows\system32\Afockelf.exe
        8⤵
        
        PID:17440
        
        C:\Windows\SysWOW64\Nefdbekh.exe
        
        C:\Windows\system32\Nefdbekh.exe
        9⤵
        
        PID:16960
- - C:\Users\Admin\Downloads\240919-pj6r6sxhkh_eb52f8e49064b4bfab78739df8625898_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pj6r6sxhkh_eb52f8e49064b4bfab78739df8625898_JaffaCakes118.exe
    3⤵
    PID:8460
- - C:\Users\Admin\Downloads\240919-pnb4csyaqf_Company Details.exe
    "C:\Users\Admin\Downloads\240919-pnb4csyaqf_Company Details.exe"
    3⤵
    PID:8468
- - C:\Users\Admin\Downloads\240919-pgx29aycqk_0b1adb319785d69e05d9d883b77c473fb55e94536dbd6e7e8ad70a908ed1afdbN.exe
    C:\Users\Admin\Downloads\240919-pgx29aycqk_0b1adb319785d69e05d9d883b77c473fb55e94536dbd6e7e8ad70a908ed1afdbN.exe
    3⤵
    PID:8476
- - C:\Users\Admin\Downloads\240919-pc1mksybkn_eb4f0290effd09c73b2647ed1c7af57c_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pc1mksybkn_eb4f0290effd09c73b2647ed1c7af57c_JaffaCakes118.exe
    3⤵
    PID:8484
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 532
      4⤵
      Program crash
      PID:11592
- - C:\Users\Admin\Downloads\240919-pe675sxflg_c77d8e9147d652532279ee2915dec5584392bdfc796fbf829b5e89f3beb9bb02N.exe
    C:\Users\Admin\Downloads\240919-pe675sxflg_c77d8e9147d652532279ee2915dec5584392bdfc796fbf829b5e89f3beb9bb02N.exe
    3⤵
    PID:9196
- - C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe
    "C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe"
    3⤵
    PID:3828
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\Downloads\240919-pnrttaybkd_Ordine Request 09-24.exe"
      4⤵
      PID:14784
- - C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe
    "C:\Users\Admin\Downloads\240919-pnhk5syfkm_LEVER STYLE SEP BUY ORDER & C248SH12.exe"
    3⤵
    PID:10248
- - C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
    C:\Users\Admin\Downloads\240919-pncd5ayfjj_comprobante_swift0000099.exe
    3⤵
    PID:11812
- - C:\Users\Admin\Downloads\240919-pkf8xaxhme_file.exe
    C:\Users\Admin\Downloads\240919-pkf8xaxhme_file.exe
    3⤵
    PID:9184
- - C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe
    "C:\Users\Admin\Downloads\240919-pnhk5sybjc_Invoice & C form TT 175102.exe"
    3⤵
    PID:8752
- - C:\Users\Admin\Downloads\240919-pmlw6syepl_c5eea937f59051d2f1d5dec0ff7f961161c053489721ec9738869933f9d26609N.exe
    C:\Users\Admin\Downloads\240919-pmlw6syepl_c5eea937f59051d2f1d5dec0ff7f961161c053489721ec9738869933f9d26609N.exe
    3⤵
    PID:15296
- - C:\Users\Admin\Downloads\240919-pc2vmsxend_294eeb16f885c7c0110527d1d536139b23754e957d83cf671794027c44a1a904N.exe
    C:\Users\Admin\Downloads\240919-pc2vmsxend_294eeb16f885c7c0110527d1d536139b23754e957d83cf671794027c44a1a904N.exe
    3⤵
    PID:14856
  - - C:\Windows\SysWOW64\Mdghhb32.exe
      C:\Windows\system32\Mdghhb32.exe
      4⤵
      PID:14308
- - C:\Users\Admin\Downloads\240919-pnrttaybkc_OC_0069960.pdf.exe
    C:\Users\Admin\Downloads\240919-pnrttaybkc_OC_0069960.pdf.exe
    3⤵
    PID:21396

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Windows\SysWOW64\Ncofplba.exe
C:\Windows\system32\Ncofplba.exe
1⤵
PID:6428
- C:\Windows\SysWOW64\Eppjfgcp.exe
  C:\Windows\system32\Eppjfgcp.exe
  2⤵
  PID:2328
- - C:\Windows\SysWOW64\Gbchdp32.exe
    C:\Windows\system32\Gbchdp32.exe
    3⤵
    PID:7536
  - - C:\Windows\SysWOW64\Ieidhh32.exe
      C:\Windows\system32\Ieidhh32.exe
      4⤵
      PID:10644
    - - C:\Windows\SysWOW64\Bacjdbch.exe
        
        C:\Windows\system32\Bacjdbch.exe
        5⤵
        
        PID:7324
      - C:\Windows\SysWOW64\Gbnhoj32.exe
        
        C:\Windows\system32\Gbnhoj32.exe
        6⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\Cdhffg32.exe
        
        C:\Windows\system32\Cdhffg32.exe
        7⤵
        
        PID:19880

C:\Windows\SysWOW64\Nlfnaicd.exe
C:\Windows\system32\Nlfnaicd.exe
1⤵
PID:6504
- C:\Windows\SysWOW64\Ddgplado.exe
  C:\Windows\system32\Ddgplado.exe
  2⤵
  PID:9276
- - C:\Windows\SysWOW64\Knqepc32.exe
    C:\Windows\system32\Knqepc32.exe
    3⤵
    PID:9728
  - - C:\Windows\SysWOW64\Conanfli.exe
      C:\Windows\system32\Conanfli.exe
      4⤵
      PID:9324

\??\c:\ntnbnh.exe
c:\ntnbnh.exe
1⤵
PID:6556
- \??\c:\lxrlffr.exe
  c:\lxrlffr.exe
  2⤵
  PID:10072
- - \??\c:\vjddj.exe
    c:\vjddj.exe
    3⤵
    PID:10312
  - - \??\c:\9fllffr.exe
      c:\9fllffr.exe
      4⤵
      PID:11688
    - - \??\c:\bhbthb.exe
        
        c:\bhbthb.exe
        5⤵
        
        PID:11180
      - \??\c:\3ddpp.exe
        
        c:\3ddpp.exe
        6⤵
        
        PID:8540
        
        \??\c:\dddvj.exe
        
        c:\dddvj.exe
        7⤵
        
        PID:15996
        
        \??\c:\tbnntt.exe
        
        c:\tbnntt.exe
        8⤵
        
        PID:13732

C:\Windows\SysWOW64\Nmigoagp.exe
C:\Windows\system32\Nmigoagp.exe
1⤵
PID:6596
- C:\Windows\SysWOW64\Epmmqheb.exe
  C:\Windows\system32\Epmmqheb.exe
  2⤵
  PID:10120
- - C:\Windows\SysWOW64\Jinboekc.exe
    C:\Windows\system32\Jinboekc.exe
    3⤵
    PID:11136
  - - C:\Windows\SysWOW64\Enkmfolf.exe
      C:\Windows\system32\Enkmfolf.exe
      4⤵
      PID:13416
    - - C:\Windows\SysWOW64\Abhqefpg.exe
        
        C:\Windows\system32\Abhqefpg.exe
        5⤵
        
        PID:18208
      - C:\Windows\SysWOW64\Namegfql.exe
        
        C:\Windows\system32\Namegfql.exe
        6⤵
        
        PID:21668

C:\Windows\SysWOW64\Nmlddqem.exe
C:\Windows\system32\Nmlddqem.exe
1⤵
PID:6696
- C:\Windows\SysWOW64\Dfdpad32.exe
  C:\Windows\system32\Dfdpad32.exe
  2⤵
  PID:9240
- - C:\Windows\SysWOW64\Kjeiodek.exe
    C:\Windows\system32\Kjeiodek.exe
    3⤵
    PID:9696
  - - C:\Windows\SysWOW64\Panhbfep.exe
      C:\Windows\system32\Panhbfep.exe
      4⤵
      PID:5460

C:\Windows\SysWOW64\Nlmdbh32.exe
C:\Windows\system32\Nlmdbh32.exe
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5352 -ip 5352
1⤵
PID:5644

C:\Windows\SysWOW64\Plmmif32.exe
C:\Windows\system32\Plmmif32.exe
1⤵
PID:6424
- C:\Windows\SysWOW64\Fefedmil.exe
  C:\Windows\system32\Fefedmil.exe
  2⤵
  PID:8832
- - C:\Windows\SysWOW64\Kncaec32.exe
    C:\Windows\system32\Kncaec32.exe
    3⤵
    PID:11268
  - - C:\Windows\SysWOW64\Qmeigg32.exe
      C:\Windows\system32\Qmeigg32.exe
      4⤵
      PID:8400

C:\Windows\SysWOW64\Qaalblgi.exe
C:\Windows\system32\Qaalblgi.exe
1⤵
PID:5696
- C:\Windows\SysWOW64\Clchbqoo.exe
  C:\Windows\system32\Clchbqoo.exe
  2⤵
  PID:8668
- - C:\Windows\SysWOW64\Dkceokii.exe
    C:\Windows\system32\Dkceokii.exe
    3⤵
    PID:9532
  - - C:\Windows\SysWOW64\Kflide32.exe
      C:\Windows\system32\Kflide32.exe
      4⤵
      PID:9856
    - - C:\Windows\SysWOW64\Monjjgkb.exe
        
        C:\Windows\system32\Monjjgkb.exe
        5⤵
        
        PID:11012
      - C:\Windows\SysWOW64\Ebifmm32.exe
        
        C:\Windows\system32\Ebifmm32.exe
        6⤵
        
        PID:13568
        
        C:\Windows\SysWOW64\Amkhmoap.exe
        
        C:\Windows\system32\Amkhmoap.exe
        7⤵
        
        PID:18020
        
        C:\Windows\SysWOW64\Jdalog32.exe
        
        C:\Windows\system32\Jdalog32.exe
        8⤵
        
        PID:19612
        
        C:\Windows\SysWOW64\Omaeem32.exe
        
        C:\Windows\system32\Omaeem32.exe
        9⤵
        
        PID:19424

C:\Windows\SysWOW64\Cdlqqcnl.exe
C:\Windows\system32\Cdlqqcnl.exe
1⤵
PID:8600
- C:\Windows\SysWOW64\Fefedmil.exe
  C:\Windows\system32\Fefedmil.exe
  2⤵
  PID:8848
- - C:\Windows\SysWOW64\Klfaapbl.exe
    C:\Windows\system32\Klfaapbl.exe
    3⤵
    PID:11296
  - - C:\Windows\SysWOW64\Ncqlkemc.exe
      C:\Windows\system32\Ncqlkemc.exe
      4⤵
      PID:8760
    - - C:\Windows\SysWOW64\Akdilipp.exe
        
        C:\Windows\system32\Akdilipp.exe
        5⤵
        
        PID:8808
      - C:\Windows\SysWOW64\Iondqhpl.exe
        
        C:\Windows\system32\Iondqhpl.exe
        6⤵
        
        PID:14348

C:\Windows\SysWOW64\Chglab32.exe
C:\Windows\system32\Chglab32.exe
1⤵
PID:8632
- C:\Windows\SysWOW64\Dheibpje.exe
  C:\Windows\system32\Dheibpje.exe
  2⤵
  PID:7936
- - C:\Windows\SysWOW64\Kjblje32.exe
    C:\Windows\system32\Kjblje32.exe
    3⤵
    PID:9492
  - - C:\Windows\SysWOW64\Pjdpelnc.exe
      C:\Windows\system32\Pjdpelnc.exe
      4⤵
      PID:10412
    - - C:\Windows\SysWOW64\Eohmkb32.exe
        
        C:\Windows\system32\Eohmkb32.exe
        5⤵
        
        PID:13392
      - C:\Windows\SysWOW64\Aagdnn32.exe
        
        C:\Windows\system32\Aagdnn32.exe
        6⤵
        
        PID:18064
        
        C:\Windows\SysWOW64\Nlqloo32.exe
        
        C:\Windows\system32\Nlqloo32.exe
        7⤵
        
        PID:21520

C:\Windows\SysWOW64\Dfdpad32.exe
C:\Windows\system32\Dfdpad32.exe
1⤵
PID:9228
- C:\Windows\SysWOW64\Hoaojp32.exe
  C:\Windows\system32\Hoaojp32.exe
  2⤵
  PID:5300
- - C:\Windows\SysWOW64\Kjeiodek.exe
    C:\Windows\system32\Kjeiodek.exe
    3⤵
    PID:9680
  - - C:\Windows\SysWOW64\Ebfign32.exe
      C:\Windows\system32\Ebfign32.exe
      4⤵
      PID:13460

C:\Windows\SysWOW64\Dhclmp32.exe
C:\Windows\system32\Dhclmp32.exe
1⤵
PID:9304
- C:\Windows\SysWOW64\Mnmmboed.exe
  C:\Windows\system32\Mnmmboed.exe
  2⤵
  PID:10856

\??\c:\rxrlrrx.exe
c:\rxrlrrx.exe
1⤵
PID:9440
- \??\c:\thhbbb.exe
  c:\thhbbb.exe
  2⤵
  PID:7824
- - \??\c:\frfxrrr.exe
    c:\frfxrrr.exe
    3⤵
    PID:10632
  - - \??\c:\pppjd.exe
      c:\pppjd.exe
      4⤵
      PID:12556
    - - \??\c:\nnnbtb.exe
        
        c:\nnnbtb.exe
        5⤵
        
        PID:11628
      - \??\c:\xflllll.exe
        
        c:\xflllll.exe
        6⤵
        
        PID:2136
        
        \??\c:\7ntnnt.exe
        
        c:\7ntnnt.exe
        7⤵
        
        PID:19956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5916 -ip 5916
1⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 8484 -ip 8484
1⤵
PID:8204

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Users\Admin\Downloads\240919-pnyx5ayblc_PO23100080 & Order Specs.exe"
1⤵
PID:8208

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5976

C:\Users\Admin\AppData\Local\totted\sacculation.exe
C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
1⤵
PID:13624
- C:\Windows\SysWOW64\svchost.exe
  C:\Users\Admin\Downloads\240919-pnffsayfjn_FDS00000900000.exe
  2⤵
  PID:19768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5916 -ip 5916
1⤵
PID:14376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 8308 -ip 8308
1⤵
PID:9560

C:\Windows\SysWOW64\Ajohfcpj.exe
C:\Windows\system32\Ajohfcpj.exe
1⤵
PID:18284
- C:\Windows\SysWOW64\Nfiagd32.exe
  C:\Windows\system32\Nfiagd32.exe
  2⤵
  PID:21716

C:\Windows\SysWOW64\Jehfcl32.exe
C:\Windows\system32\Jehfcl32.exe
1⤵
PID:19108
- C:\Windows\SysWOW64\Ocdgahag.exe
  C:\Windows\system32\Ocdgahag.exe
  2⤵
  PID:22448

C:\Windows\SysWOW64\Jdmcdhhe.exe
C:\Windows\system32\Jdmcdhhe.exe
1⤵
PID:11724
- C:\Windows\SysWOW64\Obkahddl.exe
  C:\Windows\system32\Obkahddl.exe
  2⤵
  PID:10876

C:\Windows\SysWOW64\Jjgkab32.exe
C:\Windows\system32\Jjgkab32.exe
1⤵
PID:6200

C:\Windows\SysWOW64\Jbncbpqd.exe
C:\Windows\system32\Jbncbpqd.exe
1⤵
PID:19500

C:\Windows\SysWOW64\Jhmhpfmi.exe
C:\Windows\system32\Jhmhpfmi.exe
1⤵
PID:19604

C:\Windows\SysWOW64\Jjkdlall.exe
C:\Windows\system32\Jjkdlall.exe
1⤵
PID:19664
- C:\Windows\SysWOW64\Okceaikl.exe
  C:\Windows\system32\Okceaikl.exe
  2⤵
  PID:11304

C:\Windows\SysWOW64\Jaemilci.exe
C:\Windows\system32\Jaemilci.exe
1⤵
PID:19740
- C:\Windows\SysWOW64\Obnnnc32.exe
  C:\Windows\system32\Obnnnc32.exe
  2⤵
  PID:19628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 14348 -ip 14348
1⤵
PID:19904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5916 -ip 5916
1⤵
PID:11596

C:\Windows\SysWOW64\Nooikj32.exe
C:\Windows\system32\Nooikj32.exe
1⤵
PID:21608

\??\c:\bbhbtt.exe
c:\bbhbtt.exe
1⤵
PID:11376

C:\Windows\SysWOW64\Ookhfigk.exe
C:\Windows\system32\Ookhfigk.exe
1⤵
PID:2008

C:\Windows\SysWOW64\Fpandm32.exe
C:\Windows\system32\Fpandm32.exe
1⤵
PID:21204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\3dvpd.exe

Filesize
73KB

MD5
877d93fc2645c318f3c607949f1bcf3c

SHA1
86bb2a6db7395a4ca8f9b122592d700e0d1c0358

SHA256
b2f43fb32e9f90766fe87ef897b69173a4c907d08a29fe63b0b83c432e76c7f9

SHA512
bf192a6256186b7d21fd018e054cc7385da849e2c377aac3682589cdad8c15f0321ae779eafd92133c6b2d318f9e4d329bd66efbf3f6379bf59b4c97fe9c3e86

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
30f9f69bd4cb3ca8ed4af465e6bf3b72

SHA1
1f7bf3625d683c1af38485d1eb39152949648749

SHA256
fbb114871abc3901711a5f204cb370f1cc1602ad89fa0c8155288ec72e4eaf36

SHA512
ae96746716d0b47912c191ca52db48ee40aca9591444c1f0ffbc913346be1fff1e9f71c6e66cb4c175fd308e04a504367dd56bf84920f94c65142cd8508258c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\4acacee3-cefe-4dab-b6f1-01f9a63ec79a\e.dll

Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\_cffi_backend.cp311-win_amd64.pyd

Filesize
174KB

MD5
739d352bd982ed3957d376a9237c9248

SHA1
961cf42f0c1bb9d29d2f1985f68250de9d83894d

SHA256
9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

SHA512
585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\_decimal.pyd

Filesize
245KB

MD5
d47e6acf09ead5774d5b471ab3ab96ff

SHA1
64ce9b5d5f07395935df95d4a0f06760319224a2

SHA256
d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e

SHA512
52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\certifi\cacert.pem

Filesize
292KB

MD5
50ea156b773e8803f6c1fe712f746cba

SHA1
2c68212e96605210eddf740291862bdf59398aef

SHA256
94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47

SHA512
01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
723ec2e1404ae1047c3ef860b9840c29

SHA1
8fc869b92863fb6d2758019dd01edbef2a9a100a

SHA256
790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94

SHA512
2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
116KB

MD5
9ea8098d31adb0f9d928759bdca39819

SHA1
e309c85c1c8e6ce049eea1f39bee654b9f98d7c5

SHA256
3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753

SHA512
86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13922\zstandard\backend_c.cp311-win_amd64.pyd

Filesize
512KB

MD5
dc08f04c9e03452764b4e228fc38c60b

SHA1
317bcc3f9c81e2fc81c86d5a24c59269a77e3824

SHA256
b990efbda8a50c49cd7fde5894f3c8f3715cb850f8cc4c10bc03fd92e310260f

SHA512
fbc24dd36af658cece54be14c1118af5fda4e7c5b99d22f99690a1fd625cc0e8aa41fd9accd1c74bb4b03d494b6c3571b24f2ee423aaae9a5ad50adc583c52f7

Download Submit
C:\Users\Admin\Downloads\240919-pgpe4sycnr_eb512b5a4afe18facfab7be5b8c7a3b1_JaffaCakes118.exe

Filesize
128KB

MD5
eb512b5a4afe18facfab7be5b8c7a3b1

SHA1
7006c37e09fbf519543186bcd84a1d04fe8a7b95

SHA256
e2ec615a3e387cbe28f1820c40dd5c7cdb018d20f54715edf780fbe6793f6980

SHA512
9228821e69344a0f2407c6774d947b3b8718d6fbe24a6087d6589b43d2b80245bd94569c44546b220259025f097dfdcd382fc09037607675b83c87719a49720a

Download Submit
C:\Users\Admin\Downloads\240919-pm286ayeqp_eb54f091b05a95511601e2f9f9771bae_JaffaCakes118.exe

Filesize
76KB

MD5
eb54f091b05a95511601e2f9f9771bae

SHA1
86d73a0e44c60283b2a791caadcfea091f104ddf

SHA256
aeb6e9ad0fde49c4217d2869443a0cf64079b8fa23073e69209329fbe6f749bd

SHA512
baa09e5a9a491092bc12ed7f13decadf0c9becff21e46a31d5c06b71342a1cc388d6cc3c8c24b54bd099d7abc0b84319e1155a081f415992ad31a1feed1683a3

Download Submit
C:\Users\Admin\Downloads\240919-pnnr6ayfll_eb55576359ed78cc832b3dfa4d68658d_JaffaCakes118.exe

Filesize
73KB

MD5
eb55576359ed78cc832b3dfa4d68658d

SHA1
effa6605f9793bdd2095835e270834cf86c7df7c

SHA256
573a82e5f2c1e70078ea1cbd5061ca8a18f5a9567aeb7eaf666f2a40d9bba7af

SHA512
ce27635c7691a06040ba38504770950caf96b49e4c57f78f0e1b0f77f1d6ba32cf5138f99978ac57c90988f3eb56e89246f859aeb338614e7459cc364a8a729d

Download Submit
C:\Users\Admin\Downloads\240919-pnyx5ayblb_PI 347_DUHS_MRI.pdf.exe

Filesize
1.1MB

MD5
a49be3b0ef3f7e35bfe33d328267e29d

SHA1
a63ae2c4a8e49a762439613492515592a28ecc0f

SHA256
18c262c08dce6a59267af49ac575ddd996ebd7b1d8bcfb31cff9f9f9814cfd91

SHA512
9ba71fc6120dad3714c6db25c8efccd129059c4ee70cf89e8664ec13c92dfeb259bd8d591ac75618d221f29cd25ab8cb669a01be65a78df6d7f4f8761194b2d6

Download Submit
C:\Users\Admin\Downloads\240919-pq2f2aycmd_28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8N.exe

Filesize
93KB

MD5
4d96adeb75d145ec50bdbdb68d7562c0

SHA1
0442f7330d6418239dca8d792f9aeb6ae4eab95c

SHA256
28acc1defcefaa2348bbce545fe4fe6187c7a79c0f6b2da2b51886d7faa6dda8

SHA512
8da974312f373132ab5ecd1ecb83d34c996715f85b657df5e2814fffaeb9fbe1e70a521d2fa492121176b45fd59c689eb8229e3e89d8452fed5a1de203ed2e53

Download Submit
C:\Users\Admin\Downloads\240919-pq548aycmf_99e5569ce51f1aab5f0e2cab952af538682566edefeeeab470fbca4205a5a75bN.exe

Filesize
1.9MB

MD5
166b408e19ac75cd474ec1ba7a1b66f0

SHA1
26812a3a3dc7aceb250dc339acbd335992813c8e

SHA256
99e5569ce51f1aab5f0e2cab952af538682566edefeeeab470fbca4205a5a75b

SHA512
b4e80a7158f53186f9a20b4a2e6e5708a258050af78cf442e5e20e3324b3f9eb476d1250b9ac5551004b06432d6b1786606c379d6c44afa521b3b49f340d581b

Download Submit
C:\Users\Admin\Downloads\240919-pqrxlaycla_d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625acN.exe

Filesize
112KB

MD5
e3bb2c18a582872ec241edef78b5c9b0

SHA1
74edf5476502378fab4d1755411d72e02b86db0f

SHA256
d6b6dc204419c89b0330d1cdd43fe5a1efdda8d2df83fb94a051ec47c38625ac

SHA512
28aa41a7b4e032765dd9f7a45f48d0e8dd897ad3d1a61fb0774edd816d68eb7b384cd5be208cd029f77f930c3ad03c0842788dc1972e5b09f5e0d19668a31ed3

Download Submit
C:\Users\Admin\Downloads\240919-pqwwjsyclf_eb5750de6eccda96659216821bc7b7cc_JaffaCakes118.exe

Filesize
14KB

MD5
eb5750de6eccda96659216821bc7b7cc

SHA1
51ba8c45eb579db9f3a7e210e4a3babad24e9838

SHA256
e015c74bdf8e5a2b2feebdc4274c07ae6e7a4e55405c3642c37914495153ee0f

SHA512
2f67276c951fca7190e295b138367303f2c4c0c766c59c4472e0ca99720c0dd5c60f9abcb1c701fde69486859e628bbbeb18edbd6838b59dd26fcec519d08f51

Download Submit
C:\Users\Admin\Downloads\240919-pqyedayclh_eb575f4502d47d85e7ba7a5655d83bbd_JaffaCakes118.exe

Filesize
408KB

MD5
eb575f4502d47d85e7ba7a5655d83bbd

SHA1
61190629a70ca90ae31b2691f17f640fc84d891e

SHA256
2b44cba8f72f0539ac1b96b10decf933339427b7ab2959f4b2f1f7211a3d5bb3

SHA512
c400d24acae083d73f56695154f9b90b22fc71f438f1bf8b67953d9c9c0a7e5cbc5ba2835d657ecc62b87502568a69c1df5f72a0ed2321e4d82fcc6580507065

Download Submit
C:\Users\Admin\Downloads\temp.zip

Filesize
68KB

MD5
a6a3168c555fb84d4267ca50a17c6d94

SHA1
b019e70d60cbae635445afa2f65b292b60772395

SHA256
a36dc0eee4b7e6bd3713f561dcd8583bda0e00e7bdd259620eafd944ddd3eb1c

SHA512
9261dc9e068cc2c79379c7d77949d30ee0e64aee2d7eed9a3263a178766a0bcf4b03f9b3038c488b5976680568358b82515c3803a9a7eaf350f1bc20e7ddba03

Download Submit
C:\Windows\SysWOW64\Bgmakofh.dll

Filesize
7KB

MD5
02f336cd7c46c7fa94742c2ebcc53197

SHA1
abeb48b61b5c591540a093f348bb9009f38c444a

SHA256
c233c68ccc99de294a564ce5732b41490e77cbea211ba9bb73bf9b325ff69c80

SHA512
1fc68f885f3866aa94acc21b9a661a5c6da93cf0eb0e2d0c021e646ee149c594b4c4803b21b3938b435f9d9b5b9e8c1007cdd0e4e2f2c12fc73400143f5e49d6

Download Submit
C:\Windows\SysWOW64\Coqncejg.exe

Filesize
80KB

MD5
3012cb11d303335fffac291f9a6faaed

SHA1
77896c6bf56543be5baae2d859eab0598dade2b4

SHA256
9cfeaa1687694382d006487855c5fd6b03af5eae2dcefcfe97845e4d89a2c2fc

SHA512
7ac28fce87d99107a0edbf0e2067af2d5667c7d8324fb2ce42d8664c09c7a761c61ab9fd6ce03d2a8be545fd956bde7e6c3f0a979bad2ba337a35783d473ec33

Download Submit
C:\Windows\SysWOW64\Eblpgjha.exe

Filesize
112KB

MD5
e64d6ae877b146761c6780adcc6dfa03

SHA1
565885490b15e604de1a051f374d9a2e4cbcba21

SHA256
302f21aaeda8375b4c02830b62d655571130db67f058724da05e9ee872469ef3

SHA512
8a43005f4810dae594810700e6b6c2a0c227ce441c76b85a1ea5e5ec89320c6d0d9495a4e3fab6e50a85ca806f8bb61296bd62ae165c0e0e1a1f898143fb850f

Download Submit
C:\Windows\SysWOW64\Eiaoid32.exe

Filesize
93KB

MD5
f304d7080492aee34c93d3726fa30461

SHA1
5b334eefdd9f5e33ac9613f83ec58123fc820f6c

SHA256
bbd18119390712ee2b2eb8817b6f226fe7d4c23b868b963a357f2fd1700f3cd2

SHA512
d08f861833e25da0f0061a590b17daf023602faf5676fd8780cd3a1b322f0f48b87d9d9b06014fc1443eec6e445c26545c27907c13e3524417b849844796e3c2

Download Submit
C:\Windows\SysWOW64\Epikpo32.exe

Filesize
93KB

MD5
341dbb5fbf85773358e85ec36c96b1d2

SHA1
3f6befbeddeaca591c0ab40d4700cf21f41e294d

SHA256
bc9b86bd05f2a6598b7a5e1ffb787ca107384eaed32561e8f09233219eed414d

SHA512
7904337f7c888357e39ee3b4b0a48e5cc15aeb9f9716ae9404e0503eba267d40868e71cac60e049e4b4b62c09a41750bab4098b957536ecab374fe9b5e541f21

Download Submit
C:\Windows\SysWOW64\Epndknin.exe

Filesize
93KB

MD5
ec125d1a582bcfdf6b11b1d2bbc2702a

SHA1
221e7ead81ff145b7e64d03510bf66d7ecf7eff2

SHA256
a49c8ac7ca91188db440f0bf651ca8b32080ffc7e658019712d09c039a190cfb

SHA512
b5d206308989f7936d4fa361f348b19d62994e790d72c934242d54232306c9a9e1a4a6ecf47a9080649a4c830e0184e6af464e8823fff2b14b6a62f0ef2d5317

Download Submit
C:\Windows\SysWOW64\Gfmojenc.exe

Filesize
96KB

MD5
68c028842e2cb1f79936ecafbac2d000

SHA1
d77587b75465afd9ba808eceab7b5857f110a54b

SHA256
18aabab5b5d1dadffbf7d3ea373c8929fc33b43f2fecdc17e543e6f79e67e247

SHA512
beeb98eed3ef03ee3347fcd97b6790765eb560054554215752b232de39c6e7b3e7e0859fb3725d35f92d9eb21caab060bfea49288618b1c71ca7c161bade9c30

Download Submit
C:\Windows\SysWOW64\Ikfhji32.dll

Filesize
7KB

MD5
f7b673b6b5b9ca8440b595803e9d7782

SHA1
7a699eef508215d3ba76425b0fc02bd9f92330d6

SHA256
eb8fc9a5afee76677a04b2aaa14fefdf136d6c826f41e87c076c639d2b648654

SHA512
cabd47e5a10ffef2d6b49d637bc243ec944e70e3a178e1a2bf1592593e649db4162cf14db3e114cef658adf153c4f698b3f1bf3c2112fbaf94d9ae885de0dabc

Download Submit
C:\Windows\SysWOW64\Qmeigg32.exe

Filesize
832KB

MD5
cc59b8f01102af2058059ccee24e8507

SHA1
14ae2dd92dda6c1f384dc8d33e7ce97b4fc01b0a

SHA256
a10b4a8d04f05446e4f7b4dc0a2bdcfb4484e8244a7934ff6145377dd20c8eba

SHA512
7ba86b302df01b0ca22562f0c83b7bfd63a475868beefd55f7fbe79445f73eca3ae4bd1bf09c9bbc89b4f4a47d8f87a6ce1e745209b4ac3d30c1789f0576e407

Download Submit
C:\Windows\SysWOW64\rrjbypgj.nls

Filesize
428B

MD5
534cda6b48a4f4eeba156fae0d91da91

SHA1
ee02d7d2b5f6d35d717c818ca9751af162d39795

SHA256
66180bbde64bd522c568ee505c86f8757942a6d7cbe969b7240660c1ff31bba9

SHA512
e4be76b12a415264990f8e9767356b66676f4d2ddd478c6765d0a614032e9a57547f040c6d86cdbcf5b2bca32857850843d7550611cf1e6ea8a2179ae6996c7a

Download Submit
C:\Windows\SysWOW64\rrjbypgj.tmp

Filesize
2.4MB

MD5
e5bc98efe545e91339adeb10cf0eba3c

SHA1
6fdd7469db162e5407478de806557df4069814de

SHA256
0f0df7134229967184daab80262ab16762242935931b906999a37692a1e0c9ff

SHA512
491cabcc5f646100a970a2799546085a8f87f37b2900468ba7cce41d1d1573cd8aafd8fb992cb99b2a9aea20eef4ff88a4a9bad6a7a6c4ba1a3f4fa9aa3318cd

Download Submit
C:\Windows\apppatch\svchost.exe

Filesize
686KB

MD5
f88317b890d7c620899c499ebdac3b33

SHA1
da642c6ed267a28fd852868a3167c0b934ccb55a

SHA256
b19ae9dd78f1c5353d3d519164ece144fc111301e71d72223fc5aaeaf3d71937

SHA512
9b866d769b186ca2779e584e28c843147585f3bd78b2d7cd6c4d2b9b1334e80414de395a8db57f3c3da08ff0c988d14399ccd014747c013497f4b0008c7c7380

Download Submit
C:\backup.exe

Filesize
227KB

MD5
5ecc4c95155b8143743b9b0d1390b0d9

SHA1
687bd28b00b42a62d651b33dca254d2b116be535

SHA256
6e481e53c325f92425161956673a0a78e5a3c19a16a97b1d373141031b0f92ed

SHA512
9642b802d3cc6b1c599e8b5b52ba9633618c99185d299e26abcd2c422f7258ecc63436dc96d91d9c6f23dba7fb78e8ad008e496b9d8973f0685f1b814ac7ff63

Download Submit
C:\ntldr~8

Filesize
1.1MB

MD5
eb5216dcc8e84937ead46858a881df03

SHA1
cacabf69c11b5d716654349fd3b368e780c0a6df

SHA256
e71f4574fdab90b01db5afed81a45a3c5a1f45e2961b996482414edbbe97fb6b

SHA512
bab84ac304ae8c482968388daf2db98f0428f9945a143358bd626d9e590322946cea37c194d1caf36a33046add88ff1225f0eb71c264b119569c7a876d2cac63

Download Submit
memory/392-318-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/424-245-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/424-805-0x00000000009A0000-0x00000000009A2000-memory.dmp

Filesize
8KB

Download
memory/424-111-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/648-853-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/788-804-0x00000000011D0000-0x00000000011D2000-memory.dmp

Filesize
8KB

Download
memory/892-391-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/924-390-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/948-981-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/948-422-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1020-386-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1060-345-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1060-347-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1060-344-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1060-363-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1096-393-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1212-200-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1212-770-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/1212-815-0x00000000008A0000-0x00000000008A2000-memory.dmp

Filesize
8KB

Download
memory/1216-250-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1472-808-0x0000000002060000-0x0000000002062000-memory.dmp

Filesize
8KB

Download
memory/1564-268-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1656-251-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1716-417-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1716-371-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1764-170-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1764-812-0x00000000008B0000-0x00000000008B2000-memory.dmp

Filesize
8KB

Download
memory/1892-807-0x0000000000760000-0x0000000000762000-memory.dmp

Filesize
8KB

Download
memory/1892-146-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1916-361-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1944-491-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2020-429-0x0000000010000000-0x000000001006C000-memory.dmp

Filesize
432KB

Download
memory/2124-585-0x0000000002280000-0x000000000330E000-memory.dmp

Filesize
16.6MB

Download
memory/2124-485-0x0000000002280000-0x000000000330E000-memory.dmp

Filesize
16.6MB

Download
memory/2124-420-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2324-395-0x0000000000500000-0x0000000000534000-memory.dmp

Filesize
208KB

Download
memory/2324-403-0x0000000002610000-0x0000000002618000-memory.dmp

Filesize
32KB

Download
memory/2368-121-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2368-253-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2392-292-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2544-1508-0x0000000000AD0000-0x0000000000B2A000-memory.dmp

Filesize
360KB

Download
memory/2616-365-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2616-433-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2692-203-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2816-1576-0x0000000005710000-0x000000000573C000-memory.dmp

Filesize
176KB

Download
memory/2956-382-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3032-384-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3092-1291-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3092-291-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3100-252-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3200-362-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3236-810-0x0000000002A70000-0x0000000002A72000-memory.dmp

Filesize
8KB

Download
memory/3524-249-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3580-342-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3648-188-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3648-814-0x00000000005A0000-0x00000000005A2000-memory.dmp

Filesize
8KB

Download
memory/3648-1177-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3648-768-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/3660-321-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3696-276-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3712-171-0x0000000000DD0000-0x0000000000E3C000-memory.dmp

Filesize
432KB

Download
memory/3712-207-0x0000000005EA0000-0x0000000006446000-memory.dmp

Filesize
5.6MB

Download
memory/3712-900-0x0000000005E80000-0x0000000005E8A000-memory.dmp

Filesize
40KB

Download
memory/3712-327-0x00000000057A0000-0x00000000057AA000-memory.dmp

Filesize
40KB

Download
memory/3712-246-0x00000000057C0000-0x0000000005852000-memory.dmp

Filesize
584KB

Download
memory/3744-275-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3820-490-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3896-813-0x0000000000A30000-0x0000000000A32000-memory.dmp

Filesize
8KB

Download
memory/3896-187-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3964-319-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4044-562-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/4044-201-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/4440-322-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4456-533-0x0000000000EE0000-0x0000000000FAE000-memory.dmp

Filesize
824KB

Download
memory/4460-383-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4524-151-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4532-817-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/4532-343-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4532-202-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4560-488-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4648-421-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4708-270-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4720-392-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4804-248-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4880-269-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4940-419-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4940-290-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4956-320-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5028-169-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5028-811-0x0000000000580000-0x0000000000582000-memory.dmp

Filesize
8KB

Download
memory/5152-493-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5180-489-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5204-662-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5292-492-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5408-1259-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5424-1254-0x0000000005D20000-0x0000000005EB2000-memory.dmp

Filesize
1.6MB

Download
memory/5424-904-0x0000000000FB0000-0x0000000001170000-memory.dmp

Filesize
1.8MB

Download
memory/5464-1396-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/5676-589-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5892-977-0x0000000000A20000-0x0000000000AB8000-memory.dmp

Filesize
608KB

Download
memory/6216-1104-0x000001FDD53A0000-0x000001FDD5486000-memory.dmp

Filesize
920KB

Download
memory/6216-857-0x000001FDBAC60000-0x000001FDBAD58000-memory.dmp

Filesize
992KB

Download
memory/8324-1412-0x0000000000CD0000-0x0000000000D7C000-memory.dmp

Filesize
688KB

Download
memory/8332-1551-0x000001744B980000-0x000001744BA72000-memory.dmp

Filesize
968KB

Download