xmrig | 75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
Size

1.4MB
MD5

33143f5fb33e9aeb79d9b53b760da4d6
SHA1

3e3426a3702b20b179fa16dd052f39b22560c179
SHA256

75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c
SHA512

d61a979ffa260324c728fcb76133a7b58aba09003c9e6a3accd6633feadb19b60401e8ece52093dae705749b64c3542573399898e692fdddd1f2ffe56931d283
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlia+zzDwD/YCgU+Lqq6a9bIA2SoJhl9gotfP26:knw9oUUEEDlnDwq6fXs+6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/files/0x000c000000012328-2.dat	UPX
behavioral1/memory/2956-8-0x000000013FCD0000-0x00000001400C1000-memory.dmp	UPX
behavioral1/memory/2112-5-0x000000013F330000-0x000000013F721000-memory.dmp	UPX
behavioral1/files/0x000b000000013413-13.dat	UPX
behavioral1/memory/2836-15-0x000000013FD80000-0x0000000140171000-memory.dmp	UPX
behavioral1/files/0x0033000000013a3a-19.dat	UPX
behavioral1/memory/2556-21-0x000000013FB00000-0x000000013FEF1000-memory.dmp	UPX
behavioral1/files/0x000700000001415f-25.dat	UPX
behavioral1/files/0x0007000000014175-29.dat	UPX
behavioral1/memory/2648-33-0x000000013F260000-0x000000013F651000-memory.dmp	UPX
behavioral1/files/0x0007000000014186-40.dat	UPX
behavioral1/memory/3028-41-0x000000013F090000-0x000000013F481000-memory.dmp	UPX
behavioral1/memory/2636-39-0x000000013FE40000-0x0000000140231000-memory.dmp	UPX
behavioral1/files/0x0009000000014228-43.dat	UPX
behavioral1/memory/2732-48-0x000000013F2D0000-0x000000013F6C1000-memory.dmp	UPX
behavioral1/files/0x0009000000014228-46.dat	UPX
behavioral1/files/0x0007000000014186-36.dat	UPX
behavioral1/files/0x0007000000014712-52.dat	UPX
behavioral1/memory/2972-61-0x000000013FFA0000-0x0000000140391000-memory.dmp	UPX
behavioral1/files/0x0032000000013a46-58.dat	UPX
behavioral1/files/0x0032000000013a46-56.dat	UPX
behavioral1/files/0x000600000001471a-65.dat	UPX
behavioral1/files/0x0006000000014826-71.dat	UPX
behavioral1/files/0x000600000001487f-77.dat	UPX
behavioral1/memory/2560-79-0x000000013F800000-0x000000013FBF1000-memory.dmp	UPX
behavioral1/memory/868-88-0x000000013F130000-0x000000013F521000-memory.dmp	UPX
behavioral1/files/0x0006000000014a9a-87.dat	UPX
behavioral1/memory/1948-104-0x000000013F740000-0x000000013FB31000-memory.dmp	UPX
behavioral1/memory/1220-105-0x000000013FA40000-0x000000013FE31000-memory.dmp	UPX
behavioral1/files/0x0006000000014bbc-108.dat	UPX
behavioral1/memory/2556-112-0x000000013FB00000-0x000000013FEF1000-memory.dmp	UPX
behavioral1/files/0x0006000000014bbc-111.dat	UPX
behavioral1/memory/1672-119-0x000000013FE90000-0x0000000140281000-memory.dmp	UPX
behavioral1/memory/1924-132-0x000000013F750000-0x000000013FB41000-memory.dmp	UPX
behavioral1/files/0x000600000001564f-136.dat	UPX
behavioral1/files/0x000600000001564f-134.dat	UPX
behavioral1/files/0x0006000000015653-140.dat	UPX
behavioral1/files/0x0006000000015653-144.dat	UPX
behavioral1/memory/1680-143-0x000000013FD40000-0x0000000140131000-memory.dmp	UPX
behavioral1/memory/1208-133-0x000000013FCE0000-0x00000001400D1000-memory.dmp	UPX
behavioral1/memory/3036-151-0x000000013FB70000-0x000000013FF61000-memory.dmp	UPX
behavioral1/files/0x0006000000015677-154.dat	UPX
behavioral1/files/0x0006000000015677-152.dat	UPX
behavioral1/memory/352-157-0x000000013F4D0000-0x000000013F8C1000-memory.dmp	UPX
behavioral1/memory/2060-158-0x000000013F8E0000-0x000000013FCD1000-memory.dmp	UPX
behavioral1/files/0x0006000000015cd9-183.dat	UPX
behavioral1/files/0x0006000000015ccd-196.dat	UPX
behavioral1/files/0x0006000000015cff-204.dat	UPX
behavioral1/memory/1812-220-0x000000013F8F0000-0x000000013FCE1000-memory.dmp	UPX
behavioral1/memory/956-227-0x000000013F590000-0x000000013F981000-memory.dmp	UPX
behavioral1/memory/900-228-0x000000013F6C0000-0x000000013FAB1000-memory.dmp	UPX
behavioral1/memory/3016-225-0x000000013F3F0000-0x000000013F7E1000-memory.dmp	UPX
behavioral1/memory/1564-257-0x000000013F080000-0x000000013F471000-memory.dmp	UPX
behavioral1/memory/2152-258-0x000000013F2F0000-0x000000013F6E1000-memory.dmp	UPX
behavioral1/memory/3032-256-0x000000013F5D0000-0x000000013F9C1000-memory.dmp	UPX
behavioral1/memory/2412-251-0x000000013FB50000-0x000000013FF41000-memory.dmp	UPX
behavioral1/files/0x0006000000015cff-201.dat	UPX
behavioral1/files/0x0006000000015ce3-198.dat	UPX
behavioral1/files/0x0006000000015cae-194.dat	UPX
behavioral1/files/0x0006000000015cd9-192.dat	UPX
behavioral1/files/0x0006000000015ce3-186.dat	UPX
behavioral1/files/0x0006000000015cb6-179.dat	UPX
behavioral1/files/0x0006000000015c9e-178.dat	UPX
behavioral1/files/0x0006000000015ccd-177.dat	UPX

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral1/memory/2956-8-0x000000013FCD0000-0x00000001400C1000-memory.dmp	xmrig
behavioral1/memory/2556-21-0x000000013FB00000-0x000000013FEF1000-memory.dmp	xmrig
behavioral1/memory/2648-33-0x000000013F260000-0x000000013F651000-memory.dmp	xmrig
behavioral1/memory/2636-39-0x000000013FE40000-0x0000000140231000-memory.dmp	xmrig
behavioral1/memory/2732-48-0x000000013F2D0000-0x000000013F6C1000-memory.dmp	xmrig
behavioral1/memory/2112-55-0x000000013FFA0000-0x0000000140391000-memory.dmp	xmrig
behavioral1/memory/2972-61-0x000000013FFA0000-0x0000000140391000-memory.dmp	xmrig
behavioral1/memory/2560-79-0x000000013F800000-0x000000013FBF1000-memory.dmp	xmrig
behavioral1/memory/868-88-0x000000013F130000-0x000000013F521000-memory.dmp	xmrig
behavioral1/memory/1948-104-0x000000013F740000-0x000000013FB31000-memory.dmp	xmrig
behavioral1/memory/1220-105-0x000000013FA40000-0x000000013FE31000-memory.dmp	xmrig
behavioral1/memory/2556-112-0x000000013FB00000-0x000000013FEF1000-memory.dmp	xmrig
behavioral1/memory/2112-102-0x000000013FE80000-0x0000000140271000-memory.dmp	xmrig
behavioral1/memory/1672-119-0x000000013FE90000-0x0000000140281000-memory.dmp	xmrig
behavioral1/memory/2112-120-0x000000013FE90000-0x0000000140281000-memory.dmp	xmrig
behavioral1/memory/1924-132-0x000000013F750000-0x000000013FB41000-memory.dmp	xmrig
behavioral1/memory/1680-143-0x000000013FD40000-0x0000000140131000-memory.dmp	xmrig
behavioral1/memory/1208-133-0x000000013FCE0000-0x00000001400D1000-memory.dmp	xmrig
behavioral1/memory/3036-151-0x000000013FB70000-0x000000013FF61000-memory.dmp	xmrig
behavioral1/memory/352-157-0x000000013F4D0000-0x000000013F8C1000-memory.dmp	xmrig
behavioral1/memory/2060-158-0x000000013F8E0000-0x000000013FCD1000-memory.dmp	xmrig
behavioral1/memory/2052-191-0x000000013F550000-0x000000013F941000-memory.dmp	xmrig
behavioral1/memory/1812-220-0x000000013F8F0000-0x000000013FCE1000-memory.dmp	xmrig
behavioral1/memory/768-221-0x000000013FDD0000-0x00000001401C1000-memory.dmp	xmrig
behavioral1/memory/956-227-0x000000013F590000-0x000000013F981000-memory.dmp	xmrig
behavioral1/memory/900-228-0x000000013F6C0000-0x000000013FAB1000-memory.dmp	xmrig
behavioral1/memory/1168-226-0x000000013F920000-0x000000013FD11000-memory.dmp	xmrig
behavioral1/memory/3016-225-0x000000013F3F0000-0x000000013F7E1000-memory.dmp	xmrig
behavioral1/memory/2112-222-0x0000000001D80000-0x0000000002171000-memory.dmp	xmrig
behavioral1/memory/1184-234-0x000000013FED0000-0x00000001402C1000-memory.dmp	xmrig
behavioral1/memory/1564-257-0x000000013F080000-0x000000013F471000-memory.dmp	xmrig
behavioral1/memory/2152-258-0x000000013F2F0000-0x000000013F6E1000-memory.dmp	xmrig
behavioral1/memory/3032-256-0x000000013F5D0000-0x000000013F9C1000-memory.dmp	xmrig
behavioral1/memory/2412-251-0x000000013FB50000-0x000000013FF41000-memory.dmp	xmrig
behavioral1/memory/2112-237-0x0000000001D80000-0x0000000002171000-memory.dmp	xmrig
behavioral1/memory/2700-200-0x000000013F310000-0x000000013F701000-memory.dmp	xmrig
behavioral1/memory/2836-91-0x000000013FD80000-0x0000000140171000-memory.dmp	xmrig
behavioral1/memory/2516-90-0x000000013FFF0000-0x00000001403E1000-memory.dmp	xmrig
behavioral1/memory/2372-82-0x000000013FC00000-0x000000013FFF1000-memory.dmp	xmrig
behavioral1/memory/2476-80-0x000000013FE80000-0x0000000140271000-memory.dmp	xmrig
behavioral1/memory/2956-62-0x000000013FCD0000-0x00000001400C1000-memory.dmp	xmrig
behavioral1/memory/2112-54-0x000000013F330000-0x000000013F721000-memory.dmp	xmrig

Executes dropped EXE 6 IoCs

pid	Process
2956	yvEMFjy.exe
2836	kmmCczZ.exe
2556	jSTthCd.exe
2648	ZFWVzrB.exe
2636	smocBpe.exe
3028	aSDGekS.exe

Loads dropped DLL 6 IoCs

pid	Process
2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000012328-2.dat	upx
behavioral1/memory/2956-8-0x000000013FCD0000-0x00000001400C1000-memory.dmp	upx
behavioral1/memory/2112-5-0x000000013F330000-0x000000013F721000-memory.dmp	upx
behavioral1/files/0x000b000000013413-13.dat	upx
behavioral1/memory/2836-15-0x000000013FD80000-0x0000000140171000-memory.dmp	upx
behavioral1/files/0x0033000000013a3a-19.dat	upx
behavioral1/memory/2556-21-0x000000013FB00000-0x000000013FEF1000-memory.dmp	upx
behavioral1/files/0x000700000001415f-25.dat	upx
behavioral1/files/0x0007000000014175-29.dat	upx
behavioral1/memory/2648-33-0x000000013F260000-0x000000013F651000-memory.dmp	upx
behavioral1/files/0x0007000000014186-40.dat	upx
behavioral1/memory/3028-41-0x000000013F090000-0x000000013F481000-memory.dmp	upx
behavioral1/memory/2636-39-0x000000013FE40000-0x0000000140231000-memory.dmp	upx
behavioral1/files/0x0009000000014228-43.dat	upx
behavioral1/memory/2732-48-0x000000013F2D0000-0x000000013F6C1000-memory.dmp	upx
behavioral1/files/0x0009000000014228-46.dat	upx
behavioral1/files/0x0007000000014186-36.dat	upx
behavioral1/files/0x0007000000014712-52.dat	upx
behavioral1/memory/2972-61-0x000000013FFA0000-0x0000000140391000-memory.dmp	upx
behavioral1/files/0x0032000000013a46-58.dat	upx
behavioral1/files/0x0032000000013a46-56.dat	upx
behavioral1/files/0x000600000001471a-65.dat	upx
behavioral1/files/0x0006000000014826-71.dat	upx
behavioral1/files/0x000600000001487f-77.dat	upx
behavioral1/memory/2560-79-0x000000013F800000-0x000000013FBF1000-memory.dmp	upx
behavioral1/memory/868-88-0x000000013F130000-0x000000013F521000-memory.dmp	upx
behavioral1/files/0x0006000000014a9a-87.dat	upx
behavioral1/memory/1948-104-0x000000013F740000-0x000000013FB31000-memory.dmp	upx
behavioral1/memory/1220-105-0x000000013FA40000-0x000000013FE31000-memory.dmp	upx
behavioral1/files/0x0006000000014bbc-108.dat	upx
behavioral1/memory/2556-112-0x000000013FB00000-0x000000013FEF1000-memory.dmp	upx
behavioral1/files/0x0006000000014bbc-111.dat	upx
behavioral1/memory/1672-119-0x000000013FE90000-0x0000000140281000-memory.dmp	upx
behavioral1/memory/1924-132-0x000000013F750000-0x000000013FB41000-memory.dmp	upx
behavioral1/files/0x000600000001564f-136.dat	upx
behavioral1/files/0x000600000001564f-134.dat	upx
behavioral1/files/0x0006000000015653-140.dat	upx
behavioral1/files/0x0006000000015653-144.dat	upx
behavioral1/memory/1680-143-0x000000013FD40000-0x0000000140131000-memory.dmp	upx
behavioral1/memory/1208-133-0x000000013FCE0000-0x00000001400D1000-memory.dmp	upx
behavioral1/memory/3036-151-0x000000013FB70000-0x000000013FF61000-memory.dmp	upx
behavioral1/files/0x0006000000015677-154.dat	upx
behavioral1/files/0x0006000000015677-152.dat	upx
behavioral1/memory/352-157-0x000000013F4D0000-0x000000013F8C1000-memory.dmp	upx
behavioral1/memory/2060-158-0x000000013F8E0000-0x000000013FCD1000-memory.dmp	upx
behavioral1/files/0x0006000000015cd9-183.dat	upx
behavioral1/memory/2052-191-0x000000013F550000-0x000000013F941000-memory.dmp	upx
behavioral1/files/0x0006000000015ccd-196.dat	upx
behavioral1/files/0x0006000000015cff-204.dat	upx
behavioral1/memory/1812-220-0x000000013F8F0000-0x000000013FCE1000-memory.dmp	upx
behavioral1/memory/768-221-0x000000013FDD0000-0x00000001401C1000-memory.dmp	upx
behavioral1/memory/1488-224-0x000000013F300000-0x000000013F6F1000-memory.dmp	upx
behavioral1/memory/956-227-0x000000013F590000-0x000000013F981000-memory.dmp	upx
behavioral1/memory/900-228-0x000000013F6C0000-0x000000013FAB1000-memory.dmp	upx
behavioral1/memory/1168-226-0x000000013F920000-0x000000013FD11000-memory.dmp	upx
behavioral1/memory/3016-225-0x000000013F3F0000-0x000000013F7E1000-memory.dmp	upx
behavioral1/memory/1184-234-0x000000013FED0000-0x00000001402C1000-memory.dmp	upx
behavioral1/memory/1564-257-0x000000013F080000-0x000000013F471000-memory.dmp	upx
behavioral1/memory/2152-258-0x000000013F2F0000-0x000000013F6E1000-memory.dmp	upx
behavioral1/memory/3032-256-0x000000013F5D0000-0x000000013F9C1000-memory.dmp	upx
behavioral1/memory/2412-251-0x000000013FB50000-0x000000013FF41000-memory.dmp	upx
behavioral1/files/0x0006000000015cff-201.dat	upx
behavioral1/memory/2700-200-0x000000013F310000-0x000000013F701000-memory.dmp	upx
behavioral1/files/0x0006000000015ce3-198.dat	upx

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\System32\yvEMFjy.exe	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
File created	C:\Windows\System32\kmmCczZ.exe	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
File created	C:\Windows\System32\jSTthCd.exe	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
File created	C:\Windows\System32\ZFWVzrB.exe	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
File created	C:\Windows\System32\smocBpe.exe	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
File created	C:\Windows\System32\aSDGekS.exe	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
File created	C:\Windows\System32\KFByDga.exe	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2956	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	29
PID 2112 wrote to memory of 2956	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	29
PID 2112 wrote to memory of 2956	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	29
PID 2112 wrote to memory of 2836	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	30
PID 2112 wrote to memory of 2836	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	30
PID 2112 wrote to memory of 2836	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	30
PID 2112 wrote to memory of 2556	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	31
PID 2112 wrote to memory of 2556	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	31
PID 2112 wrote to memory of 2556	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	31
PID 2112 wrote to memory of 2648	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	32
PID 2112 wrote to memory of 2648	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	32
PID 2112 wrote to memory of 2648	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	32
PID 2112 wrote to memory of 2636	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	33
PID 2112 wrote to memory of 2636	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	33
PID 2112 wrote to memory of 2636	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	33
PID 2112 wrote to memory of 3028	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	34
PID 2112 wrote to memory of 3028	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	34
PID 2112 wrote to memory of 3028	2112	75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe	34

C:\Users\Admin\AppData\Local\Temp\75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe
"C:\Users\Admin\AppData\Local\Temp\75e7906645d60fd19bf4f06251b4e7d1789da440b145383752944fb78927db2c.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\System32\yvEMFjy.exe
  C:\Windows\System32\yvEMFjy.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System32\kmmCczZ.exe
  C:\Windows\System32\kmmCczZ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System32\jSTthCd.exe
  C:\Windows\System32\jSTthCd.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System32\ZFWVzrB.exe
  C:\Windows\System32\ZFWVzrB.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System32\smocBpe.exe
  C:\Windows\System32\smocBpe.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System32\aSDGekS.exe
  C:\Windows\System32\aSDGekS.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System32\KFByDga.exe
  C:\Windows\System32\KFByDga.exe
  2⤵
  PID:2732
- C:\Windows\System32\sBznxtX.exe
  C:\Windows\System32\sBznxtX.exe
  2⤵
  PID:2972
- C:\Windows\System32\TNpqlcp.exe
  C:\Windows\System32\TNpqlcp.exe
  2⤵
  PID:2560
- C:\Windows\System32\Uvdpiqq.exe
  C:\Windows\System32\Uvdpiqq.exe
  2⤵
  PID:2476
- C:\Windows\System32\jVdmIYJ.exe
  C:\Windows\System32\jVdmIYJ.exe
  2⤵
  PID:2372
- C:\Windows\System32\DeaYmrJ.exe
  C:\Windows\System32\DeaYmrJ.exe
  2⤵
  PID:868
- C:\Windows\System32\VHBMeqs.exe
  C:\Windows\System32\VHBMeqs.exe
  2⤵
  PID:2516
- C:\Windows\System32\NKyMgpW.exe
  C:\Windows\System32\NKyMgpW.exe
  2⤵
  PID:1948
- C:\Windows\System32\fRLFhrd.exe
  C:\Windows\System32\fRLFhrd.exe
  2⤵
  PID:1220
- C:\Windows\System32\CEIYWHY.exe
  C:\Windows\System32\CEIYWHY.exe
  2⤵
  PID:1672
- C:\Windows\System32\MzPrmxU.exe
  C:\Windows\System32\MzPrmxU.exe
  2⤵
  PID:1924
- C:\Windows\System32\AaXPeti.exe
  C:\Windows\System32\AaXPeti.exe
  2⤵
  PID:1208
- C:\Windows\System32\fFasbss.exe
  C:\Windows\System32\fFasbss.exe
  2⤵
  PID:1680
- C:\Windows\System32\WFQjOwf.exe
  C:\Windows\System32\WFQjOwf.exe
  2⤵
  PID:3036
- C:\Windows\System32\kyRPaix.exe
  C:\Windows\System32\kyRPaix.exe
  2⤵
  PID:352
- C:\Windows\System32\CcsbhZH.exe
  C:\Windows\System32\CcsbhZH.exe
  2⤵
  PID:2060
- C:\Windows\System32\pRmqerL.exe
  C:\Windows\System32\pRmqerL.exe
  2⤵
  PID:2052
- C:\Windows\System32\xRkGRzO.exe
  C:\Windows\System32\xRkGRzO.exe
  2⤵
  PID:328
- C:\Windows\System32\ANiEqXp.exe
  C:\Windows\System32\ANiEqXp.exe
  2⤵
  PID:2700
- C:\Windows\System32\AsjEcGY.exe
  C:\Windows\System32\AsjEcGY.exe
  2⤵
  PID:1812
- C:\Windows\System32\HbKhVtE.exe
  C:\Windows\System32\HbKhVtE.exe
  2⤵
  PID:3016
- C:\Windows\System32\WyDbhPV.exe
  C:\Windows\System32\WyDbhPV.exe
  2⤵
  PID:768
- C:\Windows\System32\qRpCLpw.exe
  C:\Windows\System32\qRpCLpw.exe
  2⤵
  PID:1168
- C:\Windows\System32\ORwHUkX.exe
  C:\Windows\System32\ORwHUkX.exe
  2⤵
  PID:1488
- C:\Windows\System32\THCpoIG.exe
  C:\Windows\System32\THCpoIG.exe
  2⤵
  PID:956
- C:\Windows\System32\oIkYlcS.exe
  C:\Windows\System32\oIkYlcS.exe
  2⤵
  PID:900
- C:\Windows\System32\KNaWXMx.exe
  C:\Windows\System32\KNaWXMx.exe
  2⤵
  PID:1184
- C:\Windows\System32\TmWHegX.exe
  C:\Windows\System32\TmWHegX.exe
  2⤵
  PID:2412
- C:\Windows\System32\IsrzqHt.exe
  C:\Windows\System32\IsrzqHt.exe
  2⤵
  PID:2152
- C:\Windows\System32\TlxxGYd.exe
  C:\Windows\System32\TlxxGYd.exe
  2⤵
  PID:3032
- C:\Windows\System32\zIqIjvq.exe
  C:\Windows\System32\zIqIjvq.exe
  2⤵
  PID:1596
- C:\Windows\System32\tunwVeg.exe
  C:\Windows\System32\tunwVeg.exe
  2⤵
  PID:1564
- C:\Windows\System32\MLFzXrE.exe
  C:\Windows\System32\MLFzXrE.exe
  2⤵
  PID:2012
- C:\Windows\System32\eylPNeo.exe
  C:\Windows\System32\eylPNeo.exe
  2⤵
  PID:1692
- C:\Windows\System32\eFkhFxw.exe
  C:\Windows\System32\eFkhFxw.exe
  2⤵
  PID:2744
- C:\Windows\System32\ujIBIup.exe
  C:\Windows\System32\ujIBIup.exe
  2⤵
  PID:1524
- C:\Windows\System32\PwCKOjN.exe
  C:\Windows\System32\PwCKOjN.exe
  2⤵
  PID:1624
- C:\Windows\System32\UimxYyr.exe
  C:\Windows\System32\UimxYyr.exe
  2⤵
  PID:1728
- C:\Windows\System32\yUsPXSD.exe
  C:\Windows\System32\yUsPXSD.exe
  2⤵
  PID:1516
- C:\Windows\System32\iHrhVBD.exe
  C:\Windows\System32\iHrhVBD.exe
  2⤵
  PID:1732
- C:\Windows\System32\KQsQFso.exe
  C:\Windows\System32\KQsQFso.exe
  2⤵
  PID:1332
- C:\Windows\System32\JIdUwTf.exe
  C:\Windows\System32\JIdUwTf.exe
  2⤵
  PID:1608
- C:\Windows\System32\GrYfGeQ.exe
  C:\Windows\System32\GrYfGeQ.exe
  2⤵
  PID:2540
- C:\Windows\System32\dWDzlAK.exe
  C:\Windows\System32\dWDzlAK.exe
  2⤵
  PID:2964
- C:\Windows\System32\eIbtCZP.exe
  C:\Windows\System32\eIbtCZP.exe
  2⤵
  PID:2664
- C:\Windows\System32\LfsCHtg.exe
  C:\Windows\System32\LfsCHtg.exe
  2⤵
  PID:1412
- C:\Windows\System32\UWnrooK.exe
  C:\Windows\System32\UWnrooK.exe
  2⤵
  PID:2604
- C:\Windows\System32\aijzpPV.exe
  C:\Windows\System32\aijzpPV.exe
  2⤵
  PID:2512
- C:\Windows\System32\STTgPnF.exe
  C:\Windows\System32\STTgPnF.exe
  2⤵
  PID:2932
- C:\Windows\System32\dGzQiSx.exe
  C:\Windows\System32\dGzQiSx.exe
  2⤵
  PID:2460
- C:\Windows\System32\swrqfVO.exe
  C:\Windows\System32\swrqfVO.exe
  2⤵
  PID:2192
- C:\Windows\System32\awtzhhX.exe
  C:\Windows\System32\awtzhhX.exe
  2⤵
  PID:2312
- C:\Windows\System32\TTCsqyZ.exe
  C:\Windows\System32\TTCsqyZ.exe
  2⤵
  PID:1544
- C:\Windows\System32\lQhKzSa.exe
  C:\Windows\System32\lQhKzSa.exe
  2⤵
  PID:2520
- C:\Windows\System32\ISQrZbE.exe
  C:\Windows\System32\ISQrZbE.exe
  2⤵
  PID:2220
- C:\Windows\System32\JCGcnaZ.exe
  C:\Windows\System32\JCGcnaZ.exe
  2⤵
  PID:1092
- C:\Windows\System32\AMDyydh.exe
  C:\Windows\System32\AMDyydh.exe
  2⤵
  PID:2208
- C:\Windows\System32\QJhjXDb.exe
  C:\Windows\System32\QJhjXDb.exe
  2⤵
  PID:800
- C:\Windows\System32\APOGtaq.exe
  C:\Windows\System32\APOGtaq.exe
  2⤵
  PID:3004
- C:\Windows\System32\vvUCPCt.exe
  C:\Windows\System32\vvUCPCt.exe
  2⤵
  PID:2072
- C:\Windows\System32\lGYbmuC.exe
  C:\Windows\System32\lGYbmuC.exe
  2⤵
  PID:2424
- C:\Windows\System32\SQsPQpn.exe
  C:\Windows\System32\SQsPQpn.exe
  2⤵
  PID:1156
- C:\Windows\System32\lLNkpBt.exe
  C:\Windows\System32\lLNkpBt.exe
  2⤵
  PID:344
- C:\Windows\System32\QzagIoI.exe
  C:\Windows\System32\QzagIoI.exe
  2⤵
  PID:1500
- C:\Windows\System32\HBhwtQy.exe
  C:\Windows\System32\HBhwtQy.exe
  2⤵
  PID:2860
- C:\Windows\System32\CmzzpzY.exe
  C:\Windows\System32\CmzzpzY.exe
  2⤵
  PID:576
- C:\Windows\System32\wMcCjgx.exe
  C:\Windows\System32\wMcCjgx.exe
  2⤵
  PID:904
- C:\Windows\System32\JtyYBoO.exe
  C:\Windows\System32\JtyYBoO.exe
  2⤵
  PID:2216
- C:\Windows\System32\ScYnuhC.exe
  C:\Windows\System32\ScYnuhC.exe
  2⤵
  PID:1368
- C:\Windows\System32\auOKFAK.exe
  C:\Windows\System32\auOKFAK.exe
  2⤵
  PID:908
- C:\Windows\System32\CSkXfrS.exe
  C:\Windows\System32\CSkXfrS.exe
  2⤵
  PID:2580
- C:\Windows\System32\NxZDzHe.exe
  C:\Windows\System32\NxZDzHe.exe
  2⤵
  PID:1060
- C:\Windows\System32\tanvjDy.exe
  C:\Windows\System32\tanvjDy.exe
  2⤵
  PID:2008
- C:\Windows\System32\hatuhpH.exe
  C:\Windows\System32\hatuhpH.exe
  2⤵
  PID:500
- C:\Windows\System32\YIhSPWw.exe
  C:\Windows\System32\YIhSPWw.exe
  2⤵
  PID:1992
- C:\Windows\System32\EAIbgir.exe
  C:\Windows\System32\EAIbgir.exe
  2⤵
  PID:1980
- C:\Windows\System32\zVwGVct.exe
  C:\Windows\System32\zVwGVct.exe
  2⤵
  PID:2492
- C:\Windows\System32\fPBNmhZ.exe
  C:\Windows\System32\fPBNmhZ.exe
  2⤵
  PID:2116
- C:\Windows\System32\QUgRFgZ.exe
  C:\Windows\System32\QUgRFgZ.exe
  2⤵
  PID:2088
- C:\Windows\System32\yujzEbM.exe
  C:\Windows\System32\yujzEbM.exe
  2⤵
  PID:2404
- C:\Windows\System32\xHAsyCX.exe
  C:\Windows\System32\xHAsyCX.exe
  2⤵
  PID:1312
- C:\Windows\System32\wwsxAHp.exe
  C:\Windows\System32\wwsxAHp.exe
  2⤵
  PID:1944
- C:\Windows\System32\BejjmSp.exe
  C:\Windows\System32\BejjmSp.exe
  2⤵
  PID:2912
- C:\Windows\System32\blsfYfW.exe
  C:\Windows\System32\blsfYfW.exe
  2⤵
  PID:1048
- C:\Windows\System32\swKyrOz.exe
  C:\Windows\System32\swKyrOz.exe
  2⤵
  PID:2840
- C:\Windows\System32\pwosabK.exe
  C:\Windows\System32\pwosabK.exe
  2⤵
  PID:2960
- C:\Windows\System32\saDUfIf.exe
  C:\Windows\System32\saDUfIf.exe
  2⤵
  PID:2572
- C:\Windows\System32\JFpSdob.exe
  C:\Windows\System32\JFpSdob.exe
  2⤵
  PID:2852
- C:\Windows\System32\HyDpvGC.exe
  C:\Windows\System32\HyDpvGC.exe
  2⤵
  PID:2616
- C:\Windows\System32\OqrbWnv.exe
  C:\Windows\System32\OqrbWnv.exe
  2⤵
  PID:2500
- C:\Windows\System32\XxKnWcJ.exe
  C:\Windows\System32\XxKnWcJ.exe
  2⤵
  PID:2332
- C:\Windows\System32\WkMHZZb.exe
  C:\Windows\System32\WkMHZZb.exe
  2⤵
  PID:2696
- C:\Windows\System32\elzkDSH.exe
  C:\Windows\System32\elzkDSH.exe
  2⤵
  PID:2564
- C:\Windows\System32\aUHWXPj.exe
  C:\Windows\System32\aUHWXPj.exe
  2⤵
  PID:1956
- C:\Windows\System32\NlhxWkQ.exe
  C:\Windows\System32\NlhxWkQ.exe
  2⤵
  PID:532
- C:\Windows\System32\RvERfoO.exe
  C:\Windows\System32\RvERfoO.exe
  2⤵
  PID:1968
- C:\Windows\System32\uivuqiS.exe
  C:\Windows\System32\uivuqiS.exe
  2⤵
  PID:1428
- C:\Windows\System32\wgKGlSH.exe
  C:\Windows\System32\wgKGlSH.exe
  2⤵
  PID:1132
- C:\Windows\System32\oXJRVBN.exe
  C:\Windows\System32\oXJRVBN.exe
  2⤵
  PID:2396
- C:\Windows\System32\gpPiuxo.exe
  C:\Windows\System32\gpPiuxo.exe
  2⤵
  PID:2944
- C:\Windows\System32\EjPFKYF.exe
  C:\Windows\System32\EjPFKYF.exe
  2⤵
  PID:2336
- C:\Windows\System32\YwMLNya.exe
  C:\Windows\System32\YwMLNya.exe
  2⤵
  PID:1988
- C:\Windows\System32\jFyNBdS.exe
  C:\Windows\System32\jFyNBdS.exe
  2⤵
  PID:2508
- C:\Windows\System32\qIIIyqB.exe
  C:\Windows\System32\qIIIyqB.exe
  2⤵
  PID:692
- C:\Windows\System32\vmzpntt.exe
  C:\Windows\System32\vmzpntt.exe
  2⤵
  PID:1104
- C:\Windows\System32\RucbJJF.exe
  C:\Windows\System32\RucbJJF.exe
  2⤵
  PID:1868
- C:\Windows\System32\BUhCKMz.exe
  C:\Windows\System32\BUhCKMz.exe
  2⤵
  PID:2544
- C:\Windows\System32\BdUefHc.exe
  C:\Windows\System32\BdUefHc.exe
  2⤵
  PID:1408
- C:\Windows\System32\rtVPQfs.exe
  C:\Windows\System32\rtVPQfs.exe
  2⤵
  PID:1952
- C:\Windows\System32\DxkIrsz.exe
  C:\Windows\System32\DxkIrsz.exe
  2⤵
  PID:888
- C:\Windows\System32\NDcuGil.exe
  C:\Windows\System32\NDcuGil.exe
  2⤵
  PID:2284
- C:\Windows\System32\xcVKHaC.exe
  C:\Windows\System32\xcVKHaC.exe
  2⤵
  PID:2224
- C:\Windows\System32\uEmOlBQ.exe
  C:\Windows\System32\uEmOlBQ.exe
  2⤵
  PID:2768
- C:\Windows\System32\EafDxtN.exe
  C:\Windows\System32\EafDxtN.exe
  2⤵
  PID:1996
- C:\Windows\System32\VYuBgXA.exe
  C:\Windows\System32\VYuBgXA.exe
  2⤵
  PID:1772
- C:\Windows\System32\mskjUzJ.exe
  C:\Windows\System32\mskjUzJ.exe
  2⤵
  PID:2888
- C:\Windows\System32\CoUjjvD.exe
  C:\Windows\System32\CoUjjvD.exe
  2⤵
  PID:3044
- C:\Windows\System32\UNUEZZd.exe
  C:\Windows\System32\UNUEZZd.exe
  2⤵
  PID:2004
- C:\Windows\System32\NANwCYB.exe
  C:\Windows\System32\NANwCYB.exe
  2⤵
  PID:2320
- C:\Windows\System32\cRYLBFD.exe
  C:\Windows\System32\cRYLBFD.exe
  2⤵
  PID:2324
- C:\Windows\System32\nrqSQvx.exe
  C:\Windows\System32\nrqSQvx.exe
  2⤵
  PID:772
- C:\Windows\System32\bHmIjmS.exe
  C:\Windows\System32\bHmIjmS.exe
  2⤵
  PID:2968
- C:\Windows\System32\zDOVsLT.exe
  C:\Windows\System32\zDOVsLT.exe
  2⤵
  PID:2452
- C:\Windows\System32\FyNyGZu.exe
  C:\Windows\System32\FyNyGZu.exe
  2⤵
  PID:2576
- C:\Windows\System32\WVUUMvV.exe
  C:\Windows\System32\WVUUMvV.exe
  2⤵
  PID:1288
- C:\Windows\System32\oEFvRCJ.exe
  C:\Windows\System32\oEFvRCJ.exe
  2⤵
  PID:2464
- C:\Windows\System32\cLqcfTi.exe
  C:\Windows\System32\cLqcfTi.exe
  2⤵
  PID:2820
- C:\Windows\System32\nYSLpwW.exe
  C:\Windows\System32\nYSLpwW.exe
  2⤵
  PID:2656
- C:\Windows\System32\xKLkqnq.exe
  C:\Windows\System32\xKLkqnq.exe
  2⤵
  PID:2908
- C:\Windows\System32\oVQuidA.exe
  C:\Windows\System32\oVQuidA.exe
  2⤵
  PID:2940
- C:\Windows\System32\KfSLcrl.exe
  C:\Windows\System32\KfSLcrl.exe
  2⤵
  PID:3024
- C:\Windows\System32\dmryCns.exe
  C:\Windows\System32\dmryCns.exe
  2⤵
  PID:2200
- C:\Windows\System32\lJHswzM.exe
  C:\Windows\System32\lJHswzM.exe
  2⤵
  PID:1932
- C:\Windows\System32\zGwFvIX.exe
  C:\Windows\System32\zGwFvIX.exe
  2⤵
  PID:1696
- C:\Windows\System32\DoXxpFv.exe
  C:\Windows\System32\DoXxpFv.exe
  2⤵
  PID:2028
- C:\Windows\System32\qETcJCb.exe
  C:\Windows\System32\qETcJCb.exe
  2⤵
  PID:984
- C:\Windows\System32\AgpPldY.exe
  C:\Windows\System32\AgpPldY.exe
  2⤵
  PID:3020
- C:\Windows\System32\efzrRvx.exe
  C:\Windows\System32\efzrRvx.exe
  2⤵
  PID:1256
- C:\Windows\System32\yReQXlP.exe
  C:\Windows\System32\yReQXlP.exe
  2⤵
  PID:2268
- C:\Windows\System32\HZcqyrP.exe
  C:\Windows\System32\HZcqyrP.exe
  2⤵
  PID:2044
- C:\Windows\System32\UvVsoZf.exe
  C:\Windows\System32\UvVsoZf.exe
  2⤵
  PID:1716
- C:\Windows\System32\leAFJuM.exe
  C:\Windows\System32\leAFJuM.exe
  2⤵
  PID:332
- C:\Windows\System32\ccrKpGz.exe
  C:\Windows\System32\ccrKpGz.exe
  2⤵
  PID:1976
- C:\Windows\System32\ngUNdsJ.exe
  C:\Windows\System32\ngUNdsJ.exe
  2⤵
  PID:1572
- C:\Windows\System32\CmEDxvP.exe
  C:\Windows\System32\CmEDxvP.exe
  2⤵
  PID:696
- C:\Windows\System32\TBcvIMS.exe
  C:\Windows\System32\TBcvIMS.exe
  2⤵
  PID:2752
- C:\Windows\System32\WovwJAY.exe
  C:\Windows\System32\WovwJAY.exe
  2⤵
  PID:820
- C:\Windows\System32\VkllluL.exe
  C:\Windows\System32\VkllluL.exe
  2⤵
  PID:112
- C:\Windows\System32\BttuKHF.exe
  C:\Windows\System32\BttuKHF.exe
  2⤵
  PID:2588
- C:\Windows\System32\BKILqVv.exe
  C:\Windows\System32\BKILqVv.exe
  2⤵
  PID:2472
- C:\Windows\System32\hVwNcHV.exe
  C:\Windows\System32\hVwNcHV.exe
  2⤵
  PID:2204
- C:\Windows\System32\dbtCkGH.exe
  C:\Windows\System32\dbtCkGH.exe
  2⤵
  PID:2948
- C:\Windows\System32\oVSbJSi.exe
  C:\Windows\System32\oVSbJSi.exe
  2⤵
  PID:2236
- C:\Windows\System32\rMfLlCt.exe
  C:\Windows\System32\rMfLlCt.exe
  2⤵
  PID:3064
- C:\Windows\System32\NdhVpjG.exe
  C:\Windows\System32\NdhVpjG.exe
  2⤵
  PID:1720
- C:\Windows\System32\INVrpHm.exe
  C:\Windows\System32\INVrpHm.exe
  2⤵
  PID:1392
- C:\Windows\System32\KlwFutP.exe
  C:\Windows\System32\KlwFutP.exe
  2⤵
  PID:1984
- C:\Windows\System32\roupnFN.exe
  C:\Windows\System32\roupnFN.exe
  2⤵
  PID:1304
- C:\Windows\System32\OwAzupE.exe
  C:\Windows\System32\OwAzupE.exe
  2⤵
  PID:2256
- C:\Windows\System32\SEczrIk.exe
  C:\Windows\System32\SEczrIk.exe
  2⤵
  PID:2300
- C:\Windows\System32\YBiORAI.exe
  C:\Windows\System32\YBiORAI.exe
  2⤵
  PID:2856
- C:\Windows\System32\KleuXbP.exe
  C:\Windows\System32\KleuXbP.exe
  2⤵
  PID:2916
- C:\Windows\System32\DpEzsPv.exe
  C:\Windows\System32\DpEzsPv.exe
  2⤵
  PID:2928
- C:\Windows\System32\aNeKVQd.exe
  C:\Windows\System32\aNeKVQd.exe
  2⤵
  PID:2876
- C:\Windows\System32\lkwbwSn.exe
  C:\Windows\System32\lkwbwSn.exe
  2⤵
  PID:1324
- C:\Windows\System32\xDLLAZV.exe
  C:\Windows\System32\xDLLAZV.exe
  2⤵
  PID:2824
- C:\Windows\System32\KcNTbRc.exe
  C:\Windows\System32\KcNTbRc.exe
  2⤵
  PID:2420
- C:\Windows\System32\IWbCxNL.exe
  C:\Windows\System32\IWbCxNL.exe
  2⤵
  PID:2080
- C:\Windows\System32\UEFrAwi.exe
  C:\Windows\System32\UEFrAwi.exe
  2⤵
  PID:1768
- C:\Windows\System32\YukioLa.exe
  C:\Windows\System32\YukioLa.exe
  2⤵
  PID:2024
- C:\Windows\System32\GtAaysH.exe
  C:\Windows\System32\GtAaysH.exe
  2⤵
  PID:2668
- C:\Windows\System32\foFVybQ.exe
  C:\Windows\System32\foFVybQ.exe
  2⤵
  PID:1664
- C:\Windows\System32\CcOQsuk.exe
  C:\Windows\System32\CcOQsuk.exe
  2⤵
  PID:1824
- C:\Windows\System32\jIOCNym.exe
  C:\Windows\System32\jIOCNym.exe
  2⤵
  PID:2408
- C:\Windows\System32\SjRpcMC.exe
  C:\Windows\System32\SjRpcMC.exe
  2⤵
  PID:1036
- C:\Windows\System32\AClLFcH.exe
  C:\Windows\System32\AClLFcH.exe
  2⤵
  PID:960
- C:\Windows\System32\cRPaZWq.exe
  C:\Windows\System32\cRPaZWq.exe
  2⤵
  PID:1856
- C:\Windows\System32\uxeZakn.exe
  C:\Windows\System32\uxeZakn.exe
  2⤵
  PID:2528
- C:\Windows\System32\skyPVEq.exe
  C:\Windows\System32\skyPVEq.exe
  2⤵
  PID:3080
- C:\Windows\System32\GDPPABs.exe
  C:\Windows\System32\GDPPABs.exe
  2⤵
  PID:3096
- C:\Windows\System32\tAplRsw.exe
  C:\Windows\System32\tAplRsw.exe
  2⤵
  PID:3112
- C:\Windows\System32\UaIUznw.exe
  C:\Windows\System32\UaIUznw.exe
  2⤵
  PID:3128
- C:\Windows\System32\udHlHGo.exe
  C:\Windows\System32\udHlHGo.exe
  2⤵
  PID:3148
- C:\Windows\System32\pkUgiXl.exe
  C:\Windows\System32\pkUgiXl.exe
  2⤵
  PID:3216
- C:\Windows\System32\GrgryVe.exe
  C:\Windows\System32\GrgryVe.exe
  2⤵
  PID:3236
- C:\Windows\System32\GckBDBn.exe
  C:\Windows\System32\GckBDBn.exe
  2⤵
  PID:3256
- C:\Windows\System32\AgQumLr.exe
  C:\Windows\System32\AgQumLr.exe
  2⤵
  PID:3280
- C:\Windows\System32\ekLeOBm.exe
  C:\Windows\System32\ekLeOBm.exe
  2⤵
  PID:3300
- C:\Windows\System32\bqdYDwm.exe
  C:\Windows\System32\bqdYDwm.exe
  2⤵
  PID:3320
- C:\Windows\System32\bkjgsxT.exe
  C:\Windows\System32\bkjgsxT.exe
  2⤵
  PID:3340
- C:\Windows\System32\jtrvOoa.exe
  C:\Windows\System32\jtrvOoa.exe
  2⤵
  PID:3364
- C:\Windows\System32\bVZxZRU.exe
  C:\Windows\System32\bVZxZRU.exe
  2⤵
  PID:3384
- C:\Windows\System32\YLvdzNS.exe
  C:\Windows\System32\YLvdzNS.exe
  2⤵
  PID:3408
- C:\Windows\System32\BgxBoYq.exe
  C:\Windows\System32\BgxBoYq.exe
  2⤵
  PID:3428
- C:\Windows\System32\aPmhkNl.exe
  C:\Windows\System32\aPmhkNl.exe
  2⤵
  PID:3448
- C:\Windows\System32\sxAsELY.exe
  C:\Windows\System32\sxAsELY.exe
  2⤵
  PID:3472
- C:\Windows\System32\byLsMGZ.exe
  C:\Windows\System32\byLsMGZ.exe
  2⤵
  PID:3492
- C:\Windows\System32\ydVfbHF.exe
  C:\Windows\System32\ydVfbHF.exe
  2⤵
  PID:3528
- C:\Windows\System32\oIjWuFD.exe
  C:\Windows\System32\oIjWuFD.exe
  2⤵
  PID:3544
- C:\Windows\System32\wfGslux.exe
  C:\Windows\System32\wfGslux.exe
  2⤵
  PID:3560
- C:\Windows\System32\ddijXYn.exe
  C:\Windows\System32\ddijXYn.exe
  2⤵
  PID:3656
- C:\Windows\System32\nHIIMvA.exe
  C:\Windows\System32\nHIIMvA.exe
  2⤵
  PID:4088
- C:\Windows\System32\bsQRbiV.exe
  C:\Windows\System32\bsQRbiV.exe
  2⤵
  PID:1100
- C:\Windows\System32\rgGowPT.exe
  C:\Windows\System32\rgGowPT.exe
  2⤵
  PID:1000
- C:\Windows\System32\dkOLDbS.exe
  C:\Windows\System32\dkOLDbS.exe
  2⤵
  PID:2120
- C:\Windows\System32\AGaHArv.exe
  C:\Windows\System32\AGaHArv.exe
  2⤵
  PID:3200
- C:\Windows\System32\ZBWIldo.exe
  C:\Windows\System32\ZBWIldo.exe
  2⤵
  PID:3652
- C:\Windows\System32\vFmgMjA.exe
  C:\Windows\System32\vFmgMjA.exe
  2⤵
  PID:3712
- C:\Windows\System32\owQJHJu.exe
  C:\Windows\System32\owQJHJu.exe
  2⤵
  PID:3780
- C:\Windows\System32\bplaqeY.exe
  C:\Windows\System32\bplaqeY.exe
  2⤵
  PID:4036
- C:\Windows\System32\tuMDZaf.exe
  C:\Windows\System32\tuMDZaf.exe
  2⤵
  PID:3972
- C:\Windows\System32\HQyIskD.exe
  C:\Windows\System32\HQyIskD.exe
  2⤵
  PID:4068
- C:\Windows\System32\RuNIsfn.exe
  C:\Windows\System32\RuNIsfn.exe
  2⤵
  PID:3844
- C:\Windows\System32\GHfSLMX.exe
  C:\Windows\System32\GHfSLMX.exe
  2⤵
  PID:3860
- C:\Windows\System32\pnhWOMa.exe
  C:\Windows\System32\pnhWOMa.exe
  2⤵
  PID:3904
- C:\Windows\System32\JhtOtGL.exe
  C:\Windows\System32\JhtOtGL.exe
  2⤵
  PID:4048
- C:\Windows\System32\wJFENsp.exe
  C:\Windows\System32\wJFENsp.exe
  2⤵
  PID:3828
- C:\Windows\System32\wmNuiCX.exe
  C:\Windows\System32\wmNuiCX.exe
  2⤵
  PID:3956
- C:\Windows\System32\gCWaMKs.exe
  C:\Windows\System32\gCWaMKs.exe
  2⤵
  PID:4052
- C:\Windows\System32\yczzoXK.exe
  C:\Windows\System32\yczzoXK.exe
  2⤵
  PID:3092
- C:\Windows\System32\dRsGcbg.exe
  C:\Windows\System32\dRsGcbg.exe
  2⤵
  PID:1788
- C:\Windows\System32\eLcQnsy.exe
  C:\Windows\System32\eLcQnsy.exe
  2⤵
  PID:3920
- C:\Windows\System32\USwGQTO.exe
  C:\Windows\System32\USwGQTO.exe
  2⤵
  PID:3308
- C:\Windows\System32\TOhRCpJ.exe
  C:\Windows\System32\TOhRCpJ.exe
  2⤵
  PID:3460
- C:\Windows\System32\AwwyBkr.exe
  C:\Windows\System32\AwwyBkr.exe
  2⤵
  PID:3244
- C:\Windows\System32\lNGIbZI.exe
  C:\Windows\System32\lNGIbZI.exe
  2⤵
  PID:3488
- C:\Windows\System32\ESGcYej.exe
  C:\Windows\System32\ESGcYej.exe
  2⤵
  PID:1828
- C:\Windows\System32\MAtybon.exe
  C:\Windows\System32\MAtybon.exe
  2⤵
  PID:4000
- C:\Windows\System32\BBlRmUx.exe
  C:\Windows\System32\BBlRmUx.exe
  2⤵
  PID:3556
- C:\Windows\System32\TCUPAhd.exe
  C:\Windows\System32\TCUPAhd.exe
  2⤵
  PID:3572
- C:\Windows\System32\iyeMmSH.exe
  C:\Windows\System32\iyeMmSH.exe
  2⤵
  PID:3416
- C:\Windows\System32\NpChpRx.exe
  C:\Windows\System32\NpChpRx.exe
  2⤵
  PID:3924
- C:\Windows\System32\ExnAYsB.exe
  C:\Windows\System32\ExnAYsB.exe
  2⤵
  PID:3744
- C:\Windows\System32\uzsTxzT.exe
  C:\Windows\System32\uzsTxzT.exe
  2⤵
  PID:3248
- C:\Windows\System32\IWMgzHf.exe
  C:\Windows\System32\IWMgzHf.exe
  2⤵
  PID:3444
- C:\Windows\System32\LhhZMBO.exe
  C:\Windows\System32\LhhZMBO.exe
  2⤵
  PID:3332
- C:\Windows\System32\nGDrGJp.exe
  C:\Windows\System32\nGDrGJp.exe
  2⤵
  PID:3620
- C:\Windows\System32\evfwhny.exe
  C:\Windows\System32\evfwhny.exe
  2⤵
  PID:3188
- C:\Windows\System32\TTrCjuV.exe
  C:\Windows\System32\TTrCjuV.exe
  2⤵
  PID:2344
- C:\Windows\System32\FHWhObs.exe
  C:\Windows\System32\FHWhObs.exe
  2⤵
  PID:3160
- C:\Windows\System32\aPuFPza.exe
  C:\Windows\System32\aPuFPza.exe
  2⤵
  PID:3104
- C:\Windows\System32\sZTvUhO.exe
  C:\Windows\System32\sZTvUhO.exe
  2⤵
  PID:2776
- C:\Windows\System32\SzlIKtm.exe
  C:\Windows\System32\SzlIKtm.exe
  2⤵
  PID:924
- C:\Windows\System32\pwPJswf.exe
  C:\Windows\System32\pwPJswf.exe
  2⤵
  PID:1876
- C:\Windows\System32\TPySHuZ.exe
  C:\Windows\System32\TPySHuZ.exe
  2⤵
  PID:2784
- C:\Windows\System32\YJtFMVc.exe
  C:\Windows\System32\YJtFMVc.exe
  2⤵
  PID:2780
- C:\Windows\System32\eWvfNzS.exe
  C:\Windows\System32\eWvfNzS.exe
  2⤵
  PID:1536
- C:\Windows\System32\ThoFchO.exe
  C:\Windows\System32\ThoFchO.exe
  2⤵
  PID:3764
- C:\Windows\System32\PJnrgAn.exe
  C:\Windows\System32\PJnrgAn.exe
  2⤵
  PID:3796
- C:\Windows\System32\YymlbMa.exe
  C:\Windows\System32\YymlbMa.exe
  2⤵
  PID:2684
- C:\Windows\System32\vtJWDtu.exe
  C:\Windows\System32\vtJWDtu.exe
  2⤵
  PID:2400
- C:\Windows\System32\ytSWSIS.exe
  C:\Windows\System32\ytSWSIS.exe
  2⤵
  PID:4140
- C:\Windows\System32\WfAofRf.exe
  C:\Windows\System32\WfAofRf.exe
  2⤵
  PID:4216
- C:\Windows\System32\whIbnaG.exe
  C:\Windows\System32\whIbnaG.exe
  2⤵
  PID:4280
- C:\Windows\System32\UDfOiQk.exe
  C:\Windows\System32\UDfOiQk.exe
  2⤵
  PID:4360
- C:\Windows\System32\mCTDuOy.exe
  C:\Windows\System32\mCTDuOy.exe
  2⤵
  PID:4412
- C:\Windows\System32\REGdnbr.exe
  C:\Windows\System32\REGdnbr.exe
  2⤵
  PID:4468
- C:\Windows\System32\SNfyAeQ.exe
  C:\Windows\System32\SNfyAeQ.exe
  2⤵
  PID:4540
- C:\Windows\System32\pzqMsbF.exe
  C:\Windows\System32\pzqMsbF.exe
  2⤵
  PID:4612
- C:\Windows\System32\KYAcbXs.exe
  C:\Windows\System32\KYAcbXs.exe
  2⤵
  PID:4672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\ANiEqXp.exe

Filesize
636KB

MD5
e2f467e48c725d6504d3da76bddd3524

SHA1
3f85ccd55a5477d177bb97ab765a820f7ae25b19

SHA256
bf9b0bc8a32e5d007dd5ef8cfcb623da5d888670fbb5ceba3676617034739424

SHA512
9847d16a632bda068e175110a1c57a7b3a1aa9141fd0e502c0e1138d0300437fe5d396c1448c97a1d19e377bd8ec66a291370f6eaf86ce2545d145ad468cab18

Download Submit
C:\Windows\System32\AaXPeti.exe

Filesize
1.2MB

MD5
b2be96868a27e6d6d6683558002c2146

SHA1
a8653a984f24216aebef268f5835a945ff584107

SHA256
3726bc7e52b0c43a3e078a899626ee3720094a0307264ce0a9e582fb764e629a

SHA512
e87b0727b390f04e4c61506dda36460ab31219c1ccf3ce513b1e7d871ecbb517dd65123c9ca3f85ef5decc14123e087253c1bb7eb875b84ff1dcfa630561dca0

Download Submit
C:\Windows\System32\AsjEcGY.exe

Filesize
349KB

MD5
d23c6d3fd8880fdfeef98f2ab13029b7

SHA1
579fcce039ec658168032f745ffd94cb6cf4bb49

SHA256
baddf769e94eddb3c818f1c2393d03e6fa866a98c43da7f7225f575d95afa198

SHA512
99dd037fb57dc18ff6ad690c7ab7329be381be518f181184ac7c9c265277adbf194f4dec5cb1e13946b840e2eed0d9ce2525813a3b47b9c54800793cb5af4605

Download Submit
C:\Windows\System32\CEIYWHY.exe

Filesize
551KB

MD5
4d76d19d23ef6b064389798b1ad09ed4

SHA1
1f73bede58058687a30b6ea26e8f1458a04fce61

SHA256
a5edab13710191a31deb7667c4f812dbebb7b0fe0904e21b61792c4014fca9e8

SHA512
e2b959f19d144918a503a46ca55c512cd35fc7309d34054e6ecf6683b6ddf8e86f3a1cc73135a90245cb2ecbd33bd625c0ca163b113ae9e917755603153f3ac5

Download Submit
C:\Windows\System32\CcsbhZH.exe

Filesize
1.1MB

MD5
a0790c64a4d29ea55e4ec1f916e72b74

SHA1
207a4e5ac10ced08ba363e295f6ed6952b114611

SHA256
829542160485245db2560620a46eba1f968f8d04957df0063b748095bd84ac13

SHA512
703a7c9a5241a0791261461fe1d61f0cc33e2a9884dfb1bae159081b158a95b9a7ca44cab60d62116e5100f4b923c0a47aa984a63dc387deb4d2185c34c3481f

Download Submit
C:\Windows\System32\DeaYmrJ.exe

Filesize
608KB

MD5
0c4571f5a037dba222ed819e23815950

SHA1
5b42db4a4b8094638eba6a54867f50eea25a0589

SHA256
d6fe6110789ec2ffd1e03db47f1ff6bb3c3c5999c14dbadc607a1e73c0f98cda

SHA512
9679615e2d54e6911059ba237742ed0cec575c6a5bba01a19989cde87b6768b0fcc396f8f535118d9d3d8eb08ac1ff8002fc98802e04ab2000a94c10c88a98a4

Download Submit
C:\Windows\System32\HbKhVtE.exe

Filesize
702KB

MD5
7670549bae664ebaceb7016b8895cf9b

SHA1
ea5141176821d0d568c65cf958643505f300a111

SHA256
a51d0ae3bd2ace677ee517c431e9f9d70d298506ee001b2d06b377ff90dfad3d

SHA512
e9326196ecc6ed7c4c3fe2a542a28e758ca2ecbed7fafaeca5b7a2b4d28a11b3b65f1ce5c27c994309924cf270319725d629a532b9f7236fe7e312a47b425ffb

Download Submit
C:\Windows\System32\KFByDga.exe

Filesize
512KB

MD5
94d972e85e76939db84aa88da05d5fd2

SHA1
312feb7c6e84d669fad1890da8c609a449cf27fe

SHA256
605e3bf2638fd4c2eb05cda3e17c8bccf2a73396b61ded28e928808ca8a772b6

SHA512
036e374ed1d6f98e78fed9417543808aa5ca69dd0da40098027707fd11d8383f717589a9b93bf26e8112285f64574138149adb8fd5e43dbf36711ea2090f51cc

Download Submit
C:\Windows\System32\MzPrmxU.exe

Filesize
978KB

MD5
55f3500ab59de7c123280a6e4ad12a80

SHA1
660cd87733f2d2237a2eaee74fc8d49c69ce9169

SHA256
176d532f9c427d55d28af6125a042d45eb96fbe84c342cc15f9550ed5a739f7f

SHA512
1b6512f36d4424484f28c43e486f593c5db6cffa8ebfcf0a931b427f8a4aa03278e2ea62eda6c9373a09be5085b266f38c0d9cf534e21594d825be146b92bcca

Download Submit
C:\Windows\System32\NKyMgpW.exe

Filesize
1.4MB

MD5
357f1dc994f4ee7b29835aa6519a2387

SHA1
730c5d1d9a1959a8ce6d9debaa989694545e486a

SHA256
45f4129de62903a3b5f82b7674dd328b2e77c8d709963e4bd0c3625064abd798

SHA512
b5f3267923dc14b28ff584fb95341cd8ecc3c5341db8cedaacbce447a6b93c4cc61ae88920b55c0c2e67fe995b2f5f555d8342cfb8af61f569125cf2f0c37c9c

Download Submit
C:\Windows\System32\ORwHUkX.exe

Filesize
1.2MB

MD5
58c07aeb501159bff62b3c25feca3d92

SHA1
6dc0ae547778acf3a134ab9e17937126a71ac09c

SHA256
52f31f351b725f325124fbb7412ba46c8d36dc459ba2460a36bc0054b54cc658

SHA512
6c63ca976abbe47227b417236e6a88b7b9a6aeff58f794dd07ac6c51fcce3356d5a2dec90ce7332ab66dc160bbcbe32830f2e5cc8d1969359e08a8f68b992c1b

Download Submit
C:\Windows\System32\THCpoIG.exe

Filesize
280KB

MD5
5820d876bc2bc21a35074b93f9193fed

SHA1
2f3cf4cd6afb1447f8900824ff78d19b83bbb1bc

SHA256
7f382b90af4ae3f3d7c22fba39ef1dfd6684b55ea9431761af4ea7cc642b4b04

SHA512
d5cb704db4417fcba82085bcb7bc4fe7d0df859ef3c609ae570ecb5e4302db59d645c62dead4af4962c994bba103a75a7e223c09148ae5e358d1151d4ec9ace8

Download Submit
C:\Windows\System32\TNpqlcp.exe

Filesize
124KB

MD5
0adffbc69565b86a2eeeb6a7fe4274ae

SHA1
e0e3fc8adebbb6ad55861bebec657c7f359c9c5c

SHA256
c6af5b7aa3f196c93c53274404ff91267fcab7380282f663d71b5cdad65f82d9

SHA512
321e1792c501239f0ef4782b88a867f2723925b06a7f984f2f6ceca26ef78bf8ef8e8b12cc617f09388d703a3d86b36fbec9697680917d16b146c4e16be9747f

Download Submit
C:\Windows\System32\Uvdpiqq.exe

Filesize
32KB

MD5
904046bd4af3735e9e9833ddd6acbaef

SHA1
59e2f71e401988dc80d120fcf09e980143a67107

SHA256
5a41e824083961f1eff101282eafcd57bf79956628982f3101773f5108ab96db

SHA512
36b68ec38791df6e11eee2834bf5c9797284eccd556a3aa831fc5e2cece740ede72d58e79101e45d657582c69cdc1a3c58bd6d4c2b6f2e7dd921247962f1eb3c

Download Submit
C:\Windows\System32\VHBMeqs.exe

Filesize
64KB

MD5
4fff8570bfe714b85dd8448e4f55621d

SHA1
9503024b80c66a99434491fe06c84943537a6a02

SHA256
8ca4b370724f5701924a44bfaa327ebacb0e041b80ff3c432470b62c1ff6ebbe

SHA512
b92889ea56d1eda7d2cfc7f8d2f37e5724316dfa653184fd9110df28cf0ea9ae8330f63e50225208217e92b13b5494dad0bcd0d86c8538f15c6d09a0717239db

Download Submit
C:\Windows\System32\WFQjOwf.exe

Filesize
456KB

MD5
6d15c479b023f246cb0e337b269df0a2

SHA1
42eefd46209d1089a9cc2de9bbd6226da0e8b1f5

SHA256
7ce5de91c4c7775fc6cda1c56ff6bab7d22ba9157415d14c43f2b4502ccd6bae

SHA512
06a340fac693b99d9ecc2582a9f39f11df7afa5dc03754754fef5e98b60aa5776b3277fef04d421364ebdb7ca1509ed89bd7eb7334b5e2a100b7033a082c0171

Download Submit
C:\Windows\System32\WyDbhPV.exe

Filesize
718KB

MD5
d7543804001cad8ee7ebf9d83a145421

SHA1
e1caa4bd56887f9e92352680d4d1ded20b301937

SHA256
3f9a782348e36a9cc45fd3f9cca67473d88157de702a2d07bec40bcf462f37fa

SHA512
444d16ff67d8a4cddd970a04c585a3d34fa9fa5212c29151dbe3db7b6c2376ee41f221b7d1b89f6a9b679f3ca87b990375f6dee8dca39353f5121d217269165a

Download Submit
C:\Windows\System32\ZFWVzrB.exe

Filesize
371KB

MD5
2592b206fd4d197e14393601fb32d751

SHA1
06c44ef0bd625ea58b27b90bf202c650939a5cd7

SHA256
538f4238e38dd564ee56358581b8caaf93e46bb7d2c436151b682002ad83f1c7

SHA512
ef8cb69ee6c49c88941625e89a9e7ed67493d5ab48b42ffc8f3db2b5bd7eb63fe3cba68307dc987f16f21acde0092674b15aa58a3d66a9ec9baaa5b0588fb096

Download Submit
C:\Windows\System32\aSDGekS.exe

Filesize
666KB

MD5
be8f4e2c5e33c06d66e2d39c65c64c8b

SHA1
f267d4e9480185cbec35df06cc976d255e043cf7

SHA256
d5ab0a441e4a44f165787e0adf69e9841d90eddfa48f6fe00406b044fb728d76

SHA512
9660ad0da97821538c44cbd532ba7cafbd013f737e06cafc4a5057cf44b250ee7b9aa62516cb205a953a1506264baa690c5e61c999223ee7513cb92812f5efe8

Download Submit
C:\Windows\System32\fFasbss.exe

Filesize
1.4MB

MD5
3a7a5386d32bb84b299f5e05f7215407

SHA1
55fc56931b14c978c5196d150b33e7513b9c8b64

SHA256
bfc95ba6d3fcbfbee17ee327c67c7c52e66edb98764f9d434192a4b3ec369aa5

SHA512
e59350b49aada5b1d4f9a07fd944a045a3986e64f36c42369de3cf6e7f32ed06e408a99912095fcb1da6ef8abe84154a3129bcf568c8a5ce69460d4318ed2f81

Download Submit
C:\Windows\System32\fRLFhrd.exe

Filesize
1.2MB

MD5
484ce0e6068218efb1476c973da36717

SHA1
184c612a03172d22f337efe1638d4bc91af3df76

SHA256
56ce73c5614f199754a651f7e4f2ec8136a4e7c1a7ab4f2754a6d37dccf18064

SHA512
43330dc970caa4c2b2d7f01a1d04d7880ab5b0d467370f8fd4eb36a436040e77ac26818d51f22e195f59009f5482a0af2b1696af0b9e147bf2f0ded075a8bd91

Download Submit
C:\Windows\System32\jSTthCd.exe

Filesize
1.4MB

MD5
23df22e35ce8de8907e1de8febba8cad

SHA1
8929356543046ccf6b9a77eda13ff7b3d6c73fb4

SHA256
cd9602ff94018d0a81e3250f86747bc465e9155fb40f69c9bb23644a712056fc

SHA512
6faf8d15adf4d53e24d2c2d0a798657793607b1bc7b83d4519a67a786984764ce9c65e831da738b7203665afbd5f52cf0a328ff8b2adf3c550a9c35cfbc675a9

Download Submit
C:\Windows\System32\jVdmIYJ.exe

Filesize
47KB

MD5
090fc057aecf9977c2ce9d8102e64696

SHA1
feecc07a9cff95f40ccfcd3be95a4dcce86de23b

SHA256
275272b15b91759215c566cfa86b7ab69e145bbf20ab7fccb07616c2174aa02d

SHA512
5bbfe8b378218368606dae6e242209ef82b9410bd57a212e3adc61e25dc27bd05d10a642eb6d5a4abeb18afcb0e8bc4e33ee4df873794b913a7b6185c5525ec4

Download Submit
C:\Windows\System32\kmmCczZ.exe

Filesize
1.4MB

MD5
3de46427e535267daa1b972cd503dc18

SHA1
f8a76b370e3719ed8f64dc3d13fb2e808a43affa

SHA256
2b817854a6ded0fa3e708175715b14cd4fdcf76861dba4661969f252ee58fe81

SHA512
c85ef9762ddb577ea4dd0c5ed25d887403db129a30635251b9b7193a8ca601b8a490c5e5d693e0ce26f0d6057bfa89b5bd3997543766b8c40d4d6ba7a2bbaed8

Download Submit
C:\Windows\System32\kyRPaix.exe

Filesize
140KB

MD5
1d4d3f224ad1089fc233cfe375b90105

SHA1
153f476e0121d43f4acb4e3f490f11ec07ead7e1

SHA256
a06164f868085a51278e35a728c061f3360dbed18ab54ddbc381b0376d0b54f9

SHA512
73f330bad85eceb393c4bf2ab6200a132b010f35d4b1ce6c41f6e243d11247cb8ecbd77499b93b286341ccd33c654937e1b6d7bc8308b468e5d3119c9628e1a3

Download Submit
C:\Windows\System32\oIkYlcS.exe

Filesize
141KB

MD5
f81cd694fb857483889c851a694250df

SHA1
4e6aec17b107be7b5adcd3bc2a58c465c00448fd

SHA256
6445312f0355a03a05dc0c441e4f55fa6cc4f4736dcb9a63e1e40b0d4ee32ddc

SHA512
994cb18e92920381e25644953288e6a9e16f527b1e43e1c386673915e2a7c002246d9a8b729f796d6fff513da2cf1cb494eaaeb6d7d26e13de1a32d261816455

Download Submit
C:\Windows\System32\pRmqerL.exe

Filesize
136KB

MD5
1184158e3b6314da524a67594d5cd530

SHA1
7beba6084dc55d15d77b9b3c6c5f3720d10c742f

SHA256
4297843ae3f18bc329aaa1f0e15eb8296a2e9c56eb422f138eb71511943abe6b

SHA512
982d06a54aad53fe19ae5c9df7345413cf20ca31f662bc4d87690b9088a6af090e4524070b44dfa613bd8ef0b7c4a9a31edc71b7571c888d63f113e8a3582ed9

Download Submit
C:\Windows\System32\qRpCLpw.exe

Filesize
37KB

MD5
c7be37aea132d0ea8f1c1e6387cc69c7

SHA1
d58560403793d2520863c7dec91677ca28855d63

SHA256
ad655597e56f4c4a3cb9c882b714ed4eba3e340f787f8d2716429380cbdf8b79

SHA512
ef2191b87271769798a5052d953d3537e23a6e98e5e24a8a9c733ee86581dd444fb9b2320cebc41a59aaf7141e17f12ca55254051ede9b96e27ef95c38c5f0f4

Download Submit
C:\Windows\System32\sBznxtX.exe

Filesize
124KB

MD5
ad33ecf511081acc4bc78b862517981e

SHA1
f33c9cb360a1de348a7205557d409d9d8ad09cea

SHA256
3c78afdd288c6b69491c406038dc6deca7cd159dc0e2322f0f6c2fad57c0ff4c

SHA512
fad7112861e428700cd3995ab94640529816ff5961b2dd002110a46c63eb14c7dfc854d684f22bf06e28d0b19c7549991354c866611349f30db1df6a625a2f74

Download Submit
C:\Windows\System32\smocBpe.exe

Filesize
1.4MB

MD5
20382a183efcd519c040290e924fa774

SHA1
f2e7a9c5615a64cd27671dc74f1d99984df7dfaa

SHA256
ad4dff34f509639801dae752d6af33897f77b2758a66590da198dde5d55d01a6

SHA512
8548fdac53047c7e503274e4e12837f45d985a1c6c7cc2a70cf42af17a0288ab969194f24dc714a2171f7b72a9338dce56b45d6c9aec4421927de01ac86e1048

Download Submit
C:\Windows\System32\xRkGRzO.exe

Filesize
1.1MB

MD5
d9a7fb2c25c1efd60e50e8b0af395b15

SHA1
d38c78fa7f44911e74a34ec5f620686bb4d26712

SHA256
298950652b7ccb45bcf57839a3bc8b39fbc664e20875046e954084d503ee3ba9

SHA512
413126f52dbc3a26c226a894f1497e9b11178e08c496b27a3009b2b19d6541e5feea43876b15d4f6ec531f4228e41df6b24a441fe8caaa9d36e59ec89364ad31

Download Submit
\Windows\System32\ANiEqXp.exe

Filesize
1022KB

MD5
7faf948641ce351838c40821a5385c66

SHA1
c7c9fd4c9978253447dba8923a5798cbd091ed71

SHA256
2681deb2cf4bae5da8aede3efca1fb81e78e92f001900b4510b571f907d16ae7

SHA512
64ab2eb189c562ba0c9b1d762580824b8b26c6822fa9afe0a742f0d0b33d048261fd3c9b56d54b6d822d2a1d005bd70c28bbe2e213d4e38f75707d282fdcfd9c

Download Submit
\Windows\System32\AaXPeti.exe

Filesize
1.4MB

MD5
5b8869bfdbfbd09aa51312870719ecc3

SHA1
e6bad54fbd1d4e946cd4f7a7bd6780cbcc63a1a7

SHA256
2e980b8dab8385446696425309c8e173cb07289e41be5097c54f4ec42517c1da

SHA512
8072aaf9436c853ccde6ba416d9c23756bbd08a31c832d6ee3801eb1be501791a67408a6413e866cf9db5e0642a56994c430bae4c6730f48fef8d3b45230007b

Download Submit
\Windows\System32\AsjEcGY.exe

Filesize
738KB

MD5
9e9a389aa540640fbcf19b312a955aa7

SHA1
ff456590c56a462fc03c3e36334c0e90747b86ee

SHA256
1037f0a15ae3f5ae538babb6aafd71f891af3e8a137904993b0bb58ee3a58596

SHA512
ad65440af26de2fad5edf85b208108d97a9e3e5f03a097047c22d974a7b09fb6c89b2817e5bbc333cd9d6e50187659d4fb2f2b852df8190e8170ab76a888505a

Download Submit
\Windows\System32\CEIYWHY.exe

Filesize
961KB

MD5
ffe9f2d66fe671c0a08fc52c68148e34

SHA1
01a2f953bab9e5fe9d2726b64c197feaafbcba0b

SHA256
0912d2ec617e9b513ad8d5366fceb826b29fccc372ade4e992543008180d7288

SHA512
3229e83bcf2e9d860fdfc50b153d18ca86ae25ca0efca056c103c0e132349c765c6751e3eb0f90bb04620cdce681d0cfa0c27916aecb05550ad41a713375ba6a

Download Submit
\Windows\System32\CcsbhZH.exe

Filesize
749KB

MD5
61133e77b910b0a05ecb014e39ad344b

SHA1
ef4ddd7a20524242a23dd40ec60f3af2512a5495

SHA256
1cdad93fd023e7eacf294539b6ecf88d9cc3d0554bc97bb49042a9743166785d

SHA512
34b01a5379e8469b655c6e9de1467ec3aa3946d98fb5bd50fddd39e9b8158f668c6ccfb21d7ac6ae3fded2975329a875f0a56b47851b90674f6e27b30131b5e8

Download Submit
\Windows\System32\DeaYmrJ.exe

Filesize
968KB

MD5
9c286d14862d7cfd9c654508befc9628

SHA1
e1a80bddb77f298e348775a93a17a83dac2af5f2

SHA256
c862d1ccf274b09b02545a7a933a860e53fbd72b7de3c4a1cb7b1739a4567c18

SHA512
22ca5b0a8df057a73cfc6eeaf42f7b0eea850d9d753e7563a192236a0a50405bb2b95703b692d433435581ca6760c3bfd4f417d2268bbf75a8e1e0187f9cc67b

Download Submit
\Windows\System32\HbKhVtE.exe

Filesize
622KB

MD5
2673f518d1b160693f6228438f2138ff

SHA1
f67a18bac701322151f71dbaf72cef9d44481027

SHA256
2009638aae3fa82af47067a6069a4c1410960647cc40bcdf26cb40045d8cb0f3

SHA512
09273f9e52d5c012b684bb12bfac1404064ea3af24df065f6276a9a1a5a0a713fc7107e1e627cfcf78fdfd8e62ec6a0c3e9085d6c47366cd300c1dd03a6728ef

Download Submit
\Windows\System32\KFByDga.exe

Filesize
266KB

MD5
94fe689ed32541fc9cb7a556e5e3802a

SHA1
eef6bd915b60b992f4ad20abbd7f49e2794fc630

SHA256
5d405ef4a2741a710b88330b7dc3ec8a2c29b71be075ad7ea05b550f11ab2bc9

SHA512
3e63c0fcd9633933eff7de903d11f9773bfc7194c0af8ba54655c723851cefbdda088fbf05b4d76556871dbca204812b6d5cf151895b80a67b7a7c7c34027aa4

Download Submit
\Windows\System32\MzPrmxU.exe

Filesize
967KB

MD5
3da1b59befec8939079966bfbf1b2d93

SHA1
2524edbb02c1626bd3aafd5f31e61edc3b722715

SHA256
e022e22d2c8bfe2e7da128201e055c4731237fb307477171ecb60fd885971d7f

SHA512
7d143f0cc8f026bc3101771dbae3bd89a5aac9223dc5586beb5625f742f2507f5f62531c11a394f756aedf80da77574c4c1fb35de871edf9ff447c73ae6fb97a

Download Submit
\Windows\System32\THCpoIG.exe

Filesize
512KB

MD5
49eff978ad04e08b5a2eec2750461a83

SHA1
bedd0f15c6e39a7509e12bb78d31abd0f248807e

SHA256
7cdf50ebb9b2441b67855485dfae57f665dd32a70dc49a3a0812edd121bc6d6b

SHA512
fb1a44fbd75fd098da66d93b7a2f0fd519813b814a4088daed76cc1e91fa480fb3bee0b7cfb462be1b8af1daad671301b58c4c216aaf4d25cafaa9d9806ff284

Download Submit
\Windows\System32\TNpqlcp.exe

Filesize
938KB

MD5
5945f96ab93a88250d99cc5c68e093a1

SHA1
86ebcc7b90e1e6075ad3ed3efbce6dce0a5b15de

SHA256
0dc313a745d8ae6cd465907890596b1cba55c4aa9dd2ff2b432d943a49364a1e

SHA512
dbb145f32cfc81ba58cd7d78703867018cecd249d6c0c6ec6e4932b1b8584429ce7ada8a52b2a46f9697318d1c747389209ca42cab8d01c74510ef762b3e453e

Download Submit
\Windows\System32\Uvdpiqq.exe

Filesize
1.4MB

MD5
0a3efa8c5d45581ae5bbbd1183689616

SHA1
6a1bb5f15ca65ce0f71a45be6e8bc5affa4a14a8

SHA256
adc0b2d80ee0b5959a97f323e528b49d6ffbb41c611606e7296eeee5a701a04d

SHA512
d50c65a95ac269adb5502dffb8ed77cc5ac13edceaa394378e97792657f801d9535b770f235dee58be1a994e64bc9432a594d9fb44ad5f086b95994100c76bc6

Download Submit
\Windows\System32\VHBMeqs.exe

Filesize
1.0MB

MD5
b695b9386f830966c6e0cddb092ef0d7

SHA1
d8c87d944bf1cc46c7d2bef7d9e4500c4659905f

SHA256
d3c38772392f0da96b3b084e6dcdb9dc705828b5497f2f91d2f45517e3e28adc

SHA512
30c977d944fdff4d708f31fd0455e0f38668b2d34a44597d790cdef26642596efb62125d8f5840da2c73fd9f3187eafa751c747c59f935f2c949288a67745c93

Download Submit
\Windows\System32\WFQjOwf.exe

Filesize
165KB

MD5
603aba5e909a2a7427af6920c7a702b5

SHA1
a5565f57a4a65f23ea45c36b977570a47f0bb15f

SHA256
9bf974885220fe4d20688a1e6c17dcd3878219dd5f3f1b08915fa44140057d32

SHA512
e39946a70912af8349e1c98dd29a1acee1be109e68a1a2d12e51028553551ff2fddaeac748713a77a689123766f5752daf620101f6a9907d48da3e2e35c7413c

Download Submit
\Windows\System32\ZFWVzrB.exe

Filesize
1.4MB

MD5
6ea476c7a833c74d777acce38d5f6c66

SHA1
c2230bf3599eb998b53fa9d83c075be9d09723bd

SHA256
045111f35dd6c253dc6113a5b4b015e7713c48c74c88856eb86c9ab4ffceb26b

SHA512
47c074a94b554a38e5ca3703e79308b0447bd9b78189d4e2479b6562e532e6cbb0d8b428d628e62a4c85079bb9bd8377d6211748bca77adc3006ea27154022e8

Download Submit
\Windows\System32\aSDGekS.exe

Filesize
386KB

MD5
8ff3611032d432ffba289200264fd717

SHA1
5b5c6cfc1ed6bc3abf6eff474133966eeb91ddb4

SHA256
25a066b35be2a5f74bbbd44bc0a39c0e054393ae5805ec19d370957557d48601

SHA512
02f5ec39b42619566626a11da5e1b41a58d5c527ab2542376e4ba3a9db1ab0181dd4eb0e0c0115b867724d631a514633aa8f6af2e7a7cf3fcdabe83c2b7ef2ba

Download Submit
\Windows\System32\fFasbss.exe

Filesize
918KB

MD5
26a16c1a28f12b2b7e1d0cadae58f2e6

SHA1
df717c2c654f0ed5b6cfc92c0ab6e8ce964279b7

SHA256
746df08f41fe622b4d473ef947da2c8e1c2125488cf3c2d3baa0cf04f7de5789

SHA512
03fcc5f2ce461d53e032329119b05c95c48cca9dd5929bb647afba2a9efd221b5fd10802db075aebf76556eddb01a0af677ed3e6a28c4ec1e7e6cf0b4b0b367e

Download Submit
\Windows\System32\fRLFhrd.exe

Filesize
1.4MB

MD5
9893bb3bf49eda3b32f45a101c3b6020

SHA1
6140bb5291a33e5e4a5fc8f78dc0af09ab5f65ed

SHA256
eb3b4ef898f79133daf7e242e20de304bc70b7f7135a9c36729c6c94abc619a9

SHA512
043abf2dd707e7813d6ac876066365941df34669d16ae61232276d82f9e766076fe0867fe01d91922009e5d92770008bfff00bd2021add6e2a73961eeb0a989f

Download Submit
\Windows\System32\jVdmIYJ.exe

Filesize
1.4MB

MD5
3d9efadbd26e76ecdd2bd0da97ed04c6

SHA1
e68e19d258e610ecaa7c97583cb1e5fe50aa8515

SHA256
21ccf1b6f8bcc007235f808375eaffcd1b154c984f493bd719da8158e7e864a0

SHA512
dc01543286ee7c6824fd66f24089824c861f92c32a5c30df19711d228fb240d2ce1becb3c293da408506b26501d0bf1798fd586e858293fe5a892022721dd2c6

Download Submit
\Windows\System32\kyRPaix.exe

Filesize
262KB

MD5
d7c0819b08005abce278d792543e366e

SHA1
97d0fcea8a7ea290db33c0af3e607e7283f36fdb

SHA256
e3d377008d6efa35e2fe407185fb79807fd649c5905cfedd321fd60c40c95570

SHA512
3ae6d52c29421fcf4f0cbb0787c1f7bb57cf3f407085e30ca8b110d85462a7748553628b201ead2fa20e9443f7326bb7b3e1c6e1ef8bf4d844ad5cedd95dcdd7

Download Submit
\Windows\System32\oIkYlcS.exe

Filesize
193KB

MD5
cce3d57069c6caf9f6a76c537340427d

SHA1
2e48153e24b43e4e8621c6afec5a91b3607214b2

SHA256
f5c05274a2ed374154e724d42cd62fc642517660b498568445c37e1faaa71967

SHA512
e261e0de7485c85a752bfb07c3667e03d5eac403de5192239dcf3e4b74ae3188739efb8ff173dfef81bd763bfeaf5528aa35114521f1851fcd9da66f08ee482d

Download Submit
\Windows\System32\pRmqerL.exe

Filesize
1KB

MD5
aad5b35822b2ba05b50a109b79f67fbb

SHA1
7eff2d95b84677584b53c1a286cd8edd0152c87d

SHA256
3d8179a779fd7cb7b3dfe5d7dca95680c9af576a77afeeb50c2087f33c168527

SHA512
866755bc85d81dc5641388a2bfd3ddd9983015187ed09fbb8318ef629879df12ca064b160a82f0084d6fff34a634c7fa54c11f29825a0dfb11c41c40886ff53e

Download Submit
\Windows\System32\qRpCLpw.exe

Filesize
768KB

MD5
a231f7986fbe57ef5b0dae5604675ed5

SHA1
d6f81ca020fcd315fd6b2f59802b8d02c101d020

SHA256
a6a2bb60663a461278c7f31ef5802e02f1195373bcb1b487dd0e919df5b023c1

SHA512
7702ae4c4ea31b7e466621f044d2c3b11f0e7f557489c4a11d95ae2031a2d6cc162f38fed269cc09594351708cbf0f5eb199450ce6c3694031a4c962ca9572f7

Download Submit
\Windows\System32\sBznxtX.exe

Filesize
1.4MB

MD5
449c1f907f3b28a0a0c2d4ca00e5d912

SHA1
3f8774a8eb75adfe9da511232164968c8a1b6ca3

SHA256
4ea753ad4028bbdc5b4382601ab324f5b895aa66f9ad290f076e368251ce59f9

SHA512
224d36c9212052533a78d914fd06681ed71bc6dd5eb2b32487f25cf3f26f79076b31ea6abe509f6535afd8719cffbd2057bcf30ce5a12b0abb4e062905f23e12

Download Submit
\Windows\System32\smocBpe.exe

Filesize
1.3MB

MD5
2f96d8e9633086b9a7967827a6832645

SHA1
22fe562fc3e7e12bfa3e6ed3394f0ab9b48d5fcb

SHA256
72bbc735a5b87673bc608b6182a7a057633350ff0680970757d168f120b2856e

SHA512
1242212ee25a03bf12c776a02fd5604a2a7eefa881336e01c8b6cedc61e336deaf16786d361b2e25a19473db0f8ba615662d501c499977c930fdd09048a6aaa2

Download Submit
\Windows\System32\xRkGRzO.exe

Filesize
517KB

MD5
ded6790e1f408a11e6b75338c62baa67

SHA1
d9497c2dfa79fa7d986a22df6dba35c720dcda85

SHA256
a65733b25ca7e494bcb6d61062e13080e50fcbca9e03d091381a015093745e6b

SHA512
70996757fbb5caa11a48cc437cef881a27bae85c379f086511a196b2c05ef7c67b68f602f537183dd0bf56a22cb0a455b52f66738a116e9aa054578dd5b60aac

Download Submit
\Windows\System32\yvEMFjy.exe

Filesize
1.4MB

MD5
74f65fcc0bebae8435213626ab0fa727

SHA1
7ff739c5e14c287a090b9e87202f358a259937a7

SHA256
ee8281a6b8d93cbe240ffcec9d80e8e7f486a5e2ee06d38f8f9a61e29c183b28

SHA512
a562cfadd198a5f65bcf7ee5049841d5e1f3de53c805c6d6a4777ddf173094722e436a59e7e1e1d586042229a92a144cfec476f7da90948e83b1ccb3b849c892

Download Submit
memory/352-157-0x000000013F4D0000-0x000000013F8C1000-memory.dmp

Filesize
3.9MB

Download
memory/768-221-0x000000013FDD0000-0x00000001401C1000-memory.dmp

Filesize
3.9MB

Download
memory/868-88-0x000000013F130000-0x000000013F521000-memory.dmp

Filesize
3.9MB

Download
memory/900-228-0x000000013F6C0000-0x000000013FAB1000-memory.dmp

Filesize
3.9MB

Download
memory/956-227-0x000000013F590000-0x000000013F981000-memory.dmp

Filesize
3.9MB

Download
memory/1168-226-0x000000013F920000-0x000000013FD11000-memory.dmp

Filesize
3.9MB

Download
memory/1184-234-0x000000013FED0000-0x00000001402C1000-memory.dmp

Filesize
3.9MB

Download
memory/1208-133-0x000000013FCE0000-0x00000001400D1000-memory.dmp

Filesize
3.9MB

Download
memory/1220-105-0x000000013FA40000-0x000000013FE31000-memory.dmp

Filesize
3.9MB

Download
memory/1488-224-0x000000013F300000-0x000000013F6F1000-memory.dmp

Filesize
3.9MB

Download
memory/1564-257-0x000000013F080000-0x000000013F471000-memory.dmp

Filesize
3.9MB

Download
memory/1672-119-0x000000013FE90000-0x0000000140281000-memory.dmp

Filesize
3.9MB

Download
memory/1680-143-0x000000013FD40000-0x0000000140131000-memory.dmp

Filesize
3.9MB

Download
memory/1812-220-0x000000013F8F0000-0x000000013FCE1000-memory.dmp

Filesize
3.9MB

Download
memory/1924-132-0x000000013F750000-0x000000013FB41000-memory.dmp

Filesize
3.9MB

Download
memory/1948-104-0x000000013F740000-0x000000013FB31000-memory.dmp

Filesize
3.9MB

Download
memory/2052-191-0x000000013F550000-0x000000013F941000-memory.dmp

Filesize
3.9MB

Download
memory/2060-158-0x000000013F8E0000-0x000000013FCD1000-memory.dmp

Filesize
3.9MB

Download
memory/2112-102-0x000000013FE80000-0x0000000140271000-memory.dmp

Filesize
3.9MB

Download
memory/2112-35-0x000000013FE40000-0x0000000140231000-memory.dmp

Filesize
3.9MB

Download
memory/2112-223-0x0000000001D80000-0x0000000002171000-memory.dmp

Filesize
3.9MB

Download
memory/2112-248-0x0000000001D80000-0x0000000002171000-memory.dmp

Filesize
3.9MB

Download
memory/2112-237-0x0000000001D80000-0x0000000002171000-memory.dmp

Filesize
3.9MB

Download
memory/2112-233-0x0000000001D80000-0x0000000002171000-memory.dmp

Filesize
3.9MB

Download
memory/2112-211-0x000000013F920000-0x000000013FD11000-memory.dmp

Filesize
3.9MB

Download
memory/2112-129-0x000000013F750000-0x000000013FB41000-memory.dmp

Filesize
3.9MB

Download
memory/2112-120-0x000000013FE90000-0x0000000140281000-memory.dmp

Filesize
3.9MB

Download
memory/2112-206-0x000000013FDD0000-0x00000001401C1000-memory.dmp

Filesize
3.9MB

Download
memory/2112-81-0x000000013FC00000-0x000000013FFF1000-memory.dmp

Filesize
3.9MB

Download
memory/2112-222-0x0000000001D80000-0x0000000002171000-memory.dmp

Filesize
3.9MB

Download
memory/2112-5-0x000000013F330000-0x000000013F721000-memory.dmp

Filesize
3.9MB

Download
memory/2112-138-0x000000013FCE0000-0x00000001400D1000-memory.dmp

Filesize
3.9MB

Download
memory/2112-67-0x000000013FCD0000-0x00000001400C1000-memory.dmp

Filesize
3.9MB

Download
memory/2112-103-0x000000013FFF0000-0x00000001403E1000-memory.dmp

Filesize
3.9MB

Download
memory/2112-106-0x000000013F740000-0x000000013FB31000-memory.dmp

Filesize
3.9MB

Download
memory/2112-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2112-107-0x000000013FA40000-0x000000013FE31000-memory.dmp

Filesize
3.9MB

Download
memory/2112-55-0x000000013FFA0000-0x0000000140391000-memory.dmp

Filesize
3.9MB

Download
memory/2112-83-0x0000000001D80000-0x0000000002171000-memory.dmp

Filesize
3.9MB

Download
memory/2112-22-0x000000013FB00000-0x000000013FEF1000-memory.dmp

Filesize
3.9MB

Download
memory/2112-28-0x0000000001D80000-0x0000000002171000-memory.dmp

Filesize
3.9MB

Download
memory/2112-54-0x000000013F330000-0x000000013F721000-memory.dmp

Filesize
3.9MB

Download
memory/2112-9-0x000000013FCD0000-0x00000001400C1000-memory.dmp

Filesize
3.9MB

Download
memory/2112-244-0x000000013FBE0000-0x000000013FFD1000-memory.dmp

Filesize
3.9MB

Download
memory/2152-258-0x000000013F2F0000-0x000000013F6E1000-memory.dmp

Filesize
3.9MB

Download
memory/2372-82-0x000000013FC00000-0x000000013FFF1000-memory.dmp

Filesize
3.9MB

Download
memory/2412-251-0x000000013FB50000-0x000000013FF41000-memory.dmp

Filesize
3.9MB

Download
memory/2476-80-0x000000013FE80000-0x0000000140271000-memory.dmp

Filesize
3.9MB

Download
memory/2516-90-0x000000013FFF0000-0x00000001403E1000-memory.dmp

Filesize
3.9MB

Download
memory/2556-112-0x000000013FB00000-0x000000013FEF1000-memory.dmp

Filesize
3.9MB

Download
memory/2556-21-0x000000013FB00000-0x000000013FEF1000-memory.dmp

Filesize
3.9MB

Download
memory/2560-79-0x000000013F800000-0x000000013FBF1000-memory.dmp

Filesize
3.9MB

Download
memory/2636-39-0x000000013FE40000-0x0000000140231000-memory.dmp

Filesize
3.9MB

Download
memory/2648-33-0x000000013F260000-0x000000013F651000-memory.dmp

Filesize
3.9MB

Download
memory/2700-200-0x000000013F310000-0x000000013F701000-memory.dmp

Filesize
3.9MB

Download
memory/2732-48-0x000000013F2D0000-0x000000013F6C1000-memory.dmp

Filesize
3.9MB

Download
memory/2836-91-0x000000013FD80000-0x0000000140171000-memory.dmp

Filesize
3.9MB

Download
memory/2836-15-0x000000013FD80000-0x0000000140171000-memory.dmp

Filesize
3.9MB

Download
memory/2956-8-0x000000013FCD0000-0x00000001400C1000-memory.dmp

Filesize
3.9MB

Download
memory/2956-62-0x000000013FCD0000-0x00000001400C1000-memory.dmp

Filesize
3.9MB

Download
memory/2972-61-0x000000013FFA0000-0x0000000140391000-memory.dmp

Filesize
3.9MB

Download
memory/3016-225-0x000000013F3F0000-0x000000013F7E1000-memory.dmp

Filesize
3.9MB

Download
memory/3028-41-0x000000013F090000-0x000000013F481000-memory.dmp

Filesize
3.9MB

Download
memory/3032-256-0x000000013F5D0000-0x000000013F9C1000-memory.dmp

Filesize
3.9MB

Download
memory/3036-151-0x000000013FB70000-0x000000013FF61000-memory.dmp

Filesize
3.9MB

Download