cobaltstrike | ceb94445b5c67a3580ad6ada7f4f3fd20e801a95c9074d9549d349c1c08ffe8d

Analysis

max time kernel
99s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0faf486157833cd19d32a7a166965ff2
SHA1

c12ba90e6cb760991637e3e959438be47c065829
SHA256

ceb94445b5c67a3580ad6ada7f4f3fd20e801a95c9074d9549d349c1c08ffe8d
SHA512

4fe827f3e6a9058cfda73bac3e09de0ce6c129315463b10bb33d12a50957bf59a440b4f36f18548e56851a9144a473ab9b2a864e25a88e9a6ade34c16cb4aba7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023c8f-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c94-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c93-12.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c90-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c96-27.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-48.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-81.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-92.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-122.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e748-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-107.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-130.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-143.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-154.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-164.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-181.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-193.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-203.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-207.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-173.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1168-0-0x00007FF6E4FB0000-0x00007FF6E5304000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c8f-5.dat	xmrig
behavioral2/memory/2300-8-0x00007FF7D9FE0000-0x00007FF7DA334000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c94-10.dat	xmrig
behavioral2/files/0x0007000000023c93-12.dat	xmrig
behavioral2/memory/4004-14-0x00007FF6BC880000-0x00007FF6BCBD4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c90-23.dat	xmrig
behavioral2/files/0x0007000000023c96-27.dat	xmrig
behavioral2/memory/4460-32-0x00007FF7B64E0000-0x00007FF7B6834000-memory.dmp	xmrig
behavioral2/memory/3692-31-0x00007FF7FE5D0000-0x00007FF7FE924000-memory.dmp	xmrig
behavioral2/memory/2732-22-0x00007FF61FF90000-0x00007FF6202E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c97-35.dat	xmrig
behavioral2/files/0x0007000000023c98-41.dat	xmrig
behavioral2/files/0x0007000000023c99-48.dat	xmrig
behavioral2/memory/3972-42-0x00007FF7C9100000-0x00007FF7C9454000-memory.dmp	xmrig
behavioral2/memory/4584-36-0x00007FF6E7610000-0x00007FF6E7964000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9a-53.dat	xmrig
behavioral2/memory/1168-60-0x00007FF6E4FB0000-0x00007FF6E5304000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9b-62.dat	xmrig
behavioral2/memory/2888-61-0x00007FF721F70000-0x00007FF7222C4000-memory.dmp	xmrig
behavioral2/memory/5068-59-0x00007FF7AA1C0000-0x00007FF7AA514000-memory.dmp	xmrig
behavioral2/memory/2552-58-0x00007FF7B14B0000-0x00007FF7B1804000-memory.dmp	xmrig
behavioral2/memory/4004-68-0x00007FF6BC880000-0x00007FF6BCBD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9d-73.dat	xmrig
behavioral2/memory/3692-75-0x00007FF7FE5D0000-0x00007FF7FE924000-memory.dmp	xmrig
behavioral2/memory/4672-76-0x00007FF64ABE0000-0x00007FF64AF34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9c-70.dat	xmrig
behavioral2/memory/4896-69-0x00007FF643ED0000-0x00007FF644224000-memory.dmp	xmrig
behavioral2/memory/2300-64-0x00007FF7D9FE0000-0x00007FF7DA334000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9e-81.dat	xmrig
behavioral2/memory/4040-84-0x00007FF754F40000-0x00007FF755294000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9f-87.dat	xmrig
behavioral2/files/0x0007000000023ca0-92.dat	xmrig
behavioral2/memory/4788-88-0x00007FF733A60000-0x00007FF733DB4000-memory.dmp	xmrig
behavioral2/memory/4584-96-0x00007FF6E7610000-0x00007FF6E7964000-memory.dmp	xmrig
behavioral2/memory/512-97-0x00007FF7D84D0000-0x00007FF7D8824000-memory.dmp	xmrig
behavioral2/memory/3784-105-0x00007FF7CFC00000-0x00007FF7CFF54000-memory.dmp	xmrig
behavioral2/memory/5068-106-0x00007FF7AA1C0000-0x00007FF7AA514000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca3-113.dat	xmrig
behavioral2/memory/264-114-0x00007FF7D02B0000-0x00007FF7D0604000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-122.dat	xmrig
behavioral2/memory/2444-119-0x00007FF7C2C10000-0x00007FF7C2F64000-memory.dmp	xmrig
behavioral2/files/0x000200000001e748-109.dat	xmrig
behavioral2/memory/528-108-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca1-107.dat	xmrig
behavioral2/memory/3972-101-0x00007FF7C9100000-0x00007FF7C9454000-memory.dmp	xmrig
behavioral2/memory/4896-124-0x00007FF643ED0000-0x00007FF644224000-memory.dmp	xmrig
behavioral2/memory/4672-128-0x00007FF64ABE0000-0x00007FF64AF34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca6-130.dat	xmrig
behavioral2/memory/1412-129-0x00007FF75C620000-0x00007FF75C974000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca7-135.dat	xmrig
behavioral2/memory/4548-137-0x00007FF6F8D00000-0x00007FF6F9054000-memory.dmp	xmrig
behavioral2/memory/4788-141-0x00007FF733A60000-0x00007FF733DB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca8-143.dat	xmrig
behavioral2/memory/2292-142-0x00007FF6A25D0000-0x00007FF6A2924000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca9-148.dat	xmrig
behavioral2/files/0x0007000000023caa-154.dat	xmrig
behavioral2/memory/4108-155-0x00007FF724D40000-0x00007FF725094000-memory.dmp	xmrig
behavioral2/memory/1456-151-0x00007FF727300000-0x00007FF727654000-memory.dmp	xmrig
behavioral2/memory/3784-150-0x00007FF7CFC00000-0x00007FF7CFF54000-memory.dmp	xmrig
behavioral2/memory/1224-163-0x00007FF785630000-0x00007FF785984000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cab-164.dat	xmrig
behavioral2/memory/264-162-0x00007FF7D02B0000-0x00007FF7D0604000-memory.dmp	xmrig
behavioral2/memory/528-160-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2300	kLVPrAB.exe
4004	WeDoQTP.exe
2732	ooppBfa.exe
3692	AsfJtro.exe
4460	CRXXvvu.exe
4584	fqkiofI.exe
3972	KVKYUrx.exe
2552	ZxxiNne.exe
2888	uhFLioQ.exe
5068	QgpmBGL.exe
4896	oKvBUnQ.exe
4672	wcBbxrD.exe
4040	sNQeEDe.exe
4788	ZSVKmMX.exe
512	djDFXhA.exe
3784	dopUCvc.exe
528	WoGJBLw.exe
264	jBGPsez.exe
2444	oxuqupj.exe
1412	spMsgQN.exe
4548	WzjlMYZ.exe
2292	SeaoqVf.exe
1456	ANXdFTI.exe
4108	SvFxopb.exe
1224	eVtHeZj.exe
1652	ANkQaKR.exe
436	ImfLKhx.exe
2120	WwHsQPz.exe
4920	PeWtXxL.exe
364	GIoAXeQ.exe
1096	GMauYic.exe
1132	KUNMRUw.exe
4048	EAHCKxu.exe
4444	IztGBFx.exe
972	lkRgLIa.exe
3580	HZlVpXI.exe
2784	fiLyuHm.exe
2108	olUQiMF.exe
1060	fRuWzcL.exe
100	xYRDyDL.exe
2160	clqdUdy.exe
960	FpEUluR.exe
3980	msMGuRB.exe
2728	ifCbyVw.exe
3380	uiNcDrX.exe
2840	qjZbRgn.exe
64	KcINmcd.exe
3572	eGLQYAC.exe
660	lJrOlOk.exe
4956	KUaTtMU.exe
3096	PzqUpRs.exe
2916	WkPHWeZ.exe
4968	BokMkPa.exe
4884	KCtZRkY.exe
4088	TBhirKf.exe
1064	CrQUEfc.exe
2512	XEKalGh.exe
2940	SBLCRUT.exe
4340	HovkPMi.exe
3452	nmwNrRM.exe
1496	ScnCGQE.exe
3232	waeAVYG.exe
680	yxqUQpz.exe
5012	hXTJHEA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1168-0-0x00007FF6E4FB0000-0x00007FF6E5304000-memory.dmp	upx
behavioral2/files/0x0008000000023c8f-5.dat	upx
behavioral2/memory/2300-8-0x00007FF7D9FE0000-0x00007FF7DA334000-memory.dmp	upx
behavioral2/files/0x0007000000023c94-10.dat	upx
behavioral2/files/0x0007000000023c93-12.dat	upx
behavioral2/memory/4004-14-0x00007FF6BC880000-0x00007FF6BCBD4000-memory.dmp	upx
behavioral2/files/0x0008000000023c90-23.dat	upx
behavioral2/files/0x0007000000023c96-27.dat	upx
behavioral2/memory/4460-32-0x00007FF7B64E0000-0x00007FF7B6834000-memory.dmp	upx
behavioral2/memory/3692-31-0x00007FF7FE5D0000-0x00007FF7FE924000-memory.dmp	upx
behavioral2/memory/2732-22-0x00007FF61FF90000-0x00007FF6202E4000-memory.dmp	upx
behavioral2/files/0x0007000000023c97-35.dat	upx
behavioral2/files/0x0007000000023c98-41.dat	upx
behavioral2/files/0x0007000000023c99-48.dat	upx
behavioral2/memory/3972-42-0x00007FF7C9100000-0x00007FF7C9454000-memory.dmp	upx
behavioral2/memory/4584-36-0x00007FF6E7610000-0x00007FF6E7964000-memory.dmp	upx
behavioral2/files/0x0007000000023c9a-53.dat	upx
behavioral2/memory/1168-60-0x00007FF6E4FB0000-0x00007FF6E5304000-memory.dmp	upx
behavioral2/files/0x0007000000023c9b-62.dat	upx
behavioral2/memory/2888-61-0x00007FF721F70000-0x00007FF7222C4000-memory.dmp	upx
behavioral2/memory/5068-59-0x00007FF7AA1C0000-0x00007FF7AA514000-memory.dmp	upx
behavioral2/memory/2552-58-0x00007FF7B14B0000-0x00007FF7B1804000-memory.dmp	upx
behavioral2/memory/4004-68-0x00007FF6BC880000-0x00007FF6BCBD4000-memory.dmp	upx
behavioral2/files/0x0007000000023c9d-73.dat	upx
behavioral2/memory/3692-75-0x00007FF7FE5D0000-0x00007FF7FE924000-memory.dmp	upx
behavioral2/memory/4672-76-0x00007FF64ABE0000-0x00007FF64AF34000-memory.dmp	upx
behavioral2/files/0x0007000000023c9c-70.dat	upx
behavioral2/memory/4896-69-0x00007FF643ED0000-0x00007FF644224000-memory.dmp	upx
behavioral2/memory/2300-64-0x00007FF7D9FE0000-0x00007FF7DA334000-memory.dmp	upx
behavioral2/files/0x0007000000023c9e-81.dat	upx
behavioral2/memory/4040-84-0x00007FF754F40000-0x00007FF755294000-memory.dmp	upx
behavioral2/files/0x0007000000023c9f-87.dat	upx
behavioral2/files/0x0007000000023ca0-92.dat	upx
behavioral2/memory/4788-88-0x00007FF733A60000-0x00007FF733DB4000-memory.dmp	upx
behavioral2/memory/4584-96-0x00007FF6E7610000-0x00007FF6E7964000-memory.dmp	upx
behavioral2/memory/512-97-0x00007FF7D84D0000-0x00007FF7D8824000-memory.dmp	upx
behavioral2/memory/3784-105-0x00007FF7CFC00000-0x00007FF7CFF54000-memory.dmp	upx
behavioral2/memory/5068-106-0x00007FF7AA1C0000-0x00007FF7AA514000-memory.dmp	upx
behavioral2/files/0x0007000000023ca3-113.dat	upx
behavioral2/memory/264-114-0x00007FF7D02B0000-0x00007FF7D0604000-memory.dmp	upx
behavioral2/files/0x0007000000023ca4-122.dat	upx
behavioral2/memory/2444-119-0x00007FF7C2C10000-0x00007FF7C2F64000-memory.dmp	upx
behavioral2/files/0x000200000001e748-109.dat	upx
behavioral2/memory/528-108-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca1-107.dat	upx
behavioral2/memory/3972-101-0x00007FF7C9100000-0x00007FF7C9454000-memory.dmp	upx
behavioral2/memory/4896-124-0x00007FF643ED0000-0x00007FF644224000-memory.dmp	upx
behavioral2/memory/4672-128-0x00007FF64ABE0000-0x00007FF64AF34000-memory.dmp	upx
behavioral2/files/0x0007000000023ca6-130.dat	upx
behavioral2/memory/1412-129-0x00007FF75C620000-0x00007FF75C974000-memory.dmp	upx
behavioral2/files/0x0007000000023ca7-135.dat	upx
behavioral2/memory/4548-137-0x00007FF6F8D00000-0x00007FF6F9054000-memory.dmp	upx
behavioral2/memory/4788-141-0x00007FF733A60000-0x00007FF733DB4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-143.dat	upx
behavioral2/memory/2292-142-0x00007FF6A25D0000-0x00007FF6A2924000-memory.dmp	upx
behavioral2/files/0x0007000000023ca9-148.dat	upx
behavioral2/files/0x0007000000023caa-154.dat	upx
behavioral2/memory/4108-155-0x00007FF724D40000-0x00007FF725094000-memory.dmp	upx
behavioral2/memory/1456-151-0x00007FF727300000-0x00007FF727654000-memory.dmp	upx
behavioral2/memory/3784-150-0x00007FF7CFC00000-0x00007FF7CFF54000-memory.dmp	upx
behavioral2/memory/1224-163-0x00007FF785630000-0x00007FF785984000-memory.dmp	upx
behavioral2/files/0x0007000000023cab-164.dat	upx
behavioral2/memory/264-162-0x00007FF7D02B0000-0x00007FF7D0604000-memory.dmp	upx
behavioral2/memory/528-160-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BUcnhdn.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjitJpu.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSNeceJ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujgrwuX.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPapVUz.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLrgmem.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYxyzra.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWKuxpL.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\depujXq.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etKfNsx.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXTJHEA.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afqkKIl.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIhaQod.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvWAoXZ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUcIaHV.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OREHtkm.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtQthNR.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJoHaxU.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQCcqwT.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AoEJNWU.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rctoLpx.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thTMvTJ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngJvvoO.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpYNBel.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSDoNbe.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Febhdle.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clqdUdy.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwrlMnr.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHvrJLO.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\saDxUbV.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dONeeeZ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojokJqt.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYGeubR.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhbeEcV.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQXdaJL.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olUQiMF.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkPHWeZ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elldbeU.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTwEFbK.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRXcWfg.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhRExip.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQurnxj.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDFtPFZ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhbEoBz.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqVSuQJ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSwWetL.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXdBnka.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYZwTEe.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtmTukZ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTCescN.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPWyHuD.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKAgqzo.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUaTtMU.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GESysmz.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEtzdBK.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IycDpiO.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkxWiSj.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLddhhP.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTqrKNs.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIYkrfj.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIoAXeQ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GniFrLr.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uaqkYvp.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOPUHbZ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 2300	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 1168 wrote to memory of 2300	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 1168 wrote to memory of 4004	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1168 wrote to memory of 4004	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1168 wrote to memory of 2732	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1168 wrote to memory of 2732	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1168 wrote to memory of 3692	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1168 wrote to memory of 3692	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1168 wrote to memory of 4460	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1168 wrote to memory of 4460	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1168 wrote to memory of 4584	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1168 wrote to memory of 4584	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1168 wrote to memory of 3972	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1168 wrote to memory of 3972	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1168 wrote to memory of 2552	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1168 wrote to memory of 2552	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1168 wrote to memory of 2888	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1168 wrote to memory of 2888	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1168 wrote to memory of 5068	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1168 wrote to memory of 5068	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1168 wrote to memory of 4896	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1168 wrote to memory of 4896	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1168 wrote to memory of 4672	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1168 wrote to memory of 4672	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1168 wrote to memory of 4040	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1168 wrote to memory of 4040	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1168 wrote to memory of 4788	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1168 wrote to memory of 4788	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1168 wrote to memory of 512	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1168 wrote to memory of 512	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1168 wrote to memory of 3784	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1168 wrote to memory of 3784	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1168 wrote to memory of 528	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1168 wrote to memory of 528	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1168 wrote to memory of 264	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1168 wrote to memory of 264	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1168 wrote to memory of 2444	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1168 wrote to memory of 2444	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1168 wrote to memory of 1412	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1168 wrote to memory of 1412	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1168 wrote to memory of 4548	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1168 wrote to memory of 4548	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1168 wrote to memory of 2292	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1168 wrote to memory of 2292	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1168 wrote to memory of 1456	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1168 wrote to memory of 1456	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1168 wrote to memory of 4108	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1168 wrote to memory of 4108	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1168 wrote to memory of 1224	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1168 wrote to memory of 1224	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1168 wrote to memory of 1652	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1168 wrote to memory of 1652	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1168 wrote to memory of 436	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1168 wrote to memory of 436	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1168 wrote to memory of 2120	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1168 wrote to memory of 2120	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1168 wrote to memory of 4920	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1168 wrote to memory of 4920	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1168 wrote to memory of 364	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1168 wrote to memory of 364	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1168 wrote to memory of 1096	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 1168 wrote to memory of 1096	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 1168 wrote to memory of 1132	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 1168 wrote to memory of 1132	1168	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	119

C:\Users\Admin\AppData\Local\Temp\2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\System\kLVPrAB.exe
  C:\Windows\System\kLVPrAB.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\WeDoQTP.exe
  C:\Windows\System\WeDoQTP.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\ooppBfa.exe
  C:\Windows\System\ooppBfa.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\AsfJtro.exe
  C:\Windows\System\AsfJtro.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\CRXXvvu.exe
  C:\Windows\System\CRXXvvu.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\fqkiofI.exe
  C:\Windows\System\fqkiofI.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\KVKYUrx.exe
  C:\Windows\System\KVKYUrx.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\ZxxiNne.exe
  C:\Windows\System\ZxxiNne.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\uhFLioQ.exe
  C:\Windows\System\uhFLioQ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\QgpmBGL.exe
  C:\Windows\System\QgpmBGL.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\oKvBUnQ.exe
  C:\Windows\System\oKvBUnQ.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\wcBbxrD.exe
  C:\Windows\System\wcBbxrD.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\sNQeEDe.exe
  C:\Windows\System\sNQeEDe.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\ZSVKmMX.exe
  C:\Windows\System\ZSVKmMX.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\djDFXhA.exe
  C:\Windows\System\djDFXhA.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\dopUCvc.exe
  C:\Windows\System\dopUCvc.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\WoGJBLw.exe
  C:\Windows\System\WoGJBLw.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\jBGPsez.exe
  C:\Windows\System\jBGPsez.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\oxuqupj.exe
  C:\Windows\System\oxuqupj.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\spMsgQN.exe
  C:\Windows\System\spMsgQN.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\WzjlMYZ.exe
  C:\Windows\System\WzjlMYZ.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\SeaoqVf.exe
  C:\Windows\System\SeaoqVf.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ANXdFTI.exe
  C:\Windows\System\ANXdFTI.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\SvFxopb.exe
  C:\Windows\System\SvFxopb.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\eVtHeZj.exe
  C:\Windows\System\eVtHeZj.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\ANkQaKR.exe
  C:\Windows\System\ANkQaKR.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ImfLKhx.exe
  C:\Windows\System\ImfLKhx.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\WwHsQPz.exe
  C:\Windows\System\WwHsQPz.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\PeWtXxL.exe
  C:\Windows\System\PeWtXxL.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\GIoAXeQ.exe
  C:\Windows\System\GIoAXeQ.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\GMauYic.exe
  C:\Windows\System\GMauYic.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\KUNMRUw.exe
  C:\Windows\System\KUNMRUw.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\EAHCKxu.exe
  C:\Windows\System\EAHCKxu.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\IztGBFx.exe
  C:\Windows\System\IztGBFx.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\lkRgLIa.exe
  C:\Windows\System\lkRgLIa.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\HZlVpXI.exe
  C:\Windows\System\HZlVpXI.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\fiLyuHm.exe
  C:\Windows\System\fiLyuHm.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\olUQiMF.exe
  C:\Windows\System\olUQiMF.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\fRuWzcL.exe
  C:\Windows\System\fRuWzcL.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\xYRDyDL.exe
  C:\Windows\System\xYRDyDL.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\clqdUdy.exe
  C:\Windows\System\clqdUdy.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\FpEUluR.exe
  C:\Windows\System\FpEUluR.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\msMGuRB.exe
  C:\Windows\System\msMGuRB.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\ifCbyVw.exe
  C:\Windows\System\ifCbyVw.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\uiNcDrX.exe
  C:\Windows\System\uiNcDrX.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\qjZbRgn.exe
  C:\Windows\System\qjZbRgn.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\KcINmcd.exe
  C:\Windows\System\KcINmcd.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\eGLQYAC.exe
  C:\Windows\System\eGLQYAC.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\lJrOlOk.exe
  C:\Windows\System\lJrOlOk.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\KUaTtMU.exe
  C:\Windows\System\KUaTtMU.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\PzqUpRs.exe
  C:\Windows\System\PzqUpRs.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\WkPHWeZ.exe
  C:\Windows\System\WkPHWeZ.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\BokMkPa.exe
  C:\Windows\System\BokMkPa.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\KCtZRkY.exe
  C:\Windows\System\KCtZRkY.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\TBhirKf.exe
  C:\Windows\System\TBhirKf.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\CrQUEfc.exe
  C:\Windows\System\CrQUEfc.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\XEKalGh.exe
  C:\Windows\System\XEKalGh.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\SBLCRUT.exe
  C:\Windows\System\SBLCRUT.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\HovkPMi.exe
  C:\Windows\System\HovkPMi.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\nmwNrRM.exe
  C:\Windows\System\nmwNrRM.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\ScnCGQE.exe
  C:\Windows\System\ScnCGQE.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\waeAVYG.exe
  C:\Windows\System\waeAVYG.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\yxqUQpz.exe
  C:\Windows\System\yxqUQpz.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\hXTJHEA.exe
  C:\Windows\System\hXTJHEA.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\nvYGXHf.exe
  C:\Windows\System\nvYGXHf.exe
  2⤵
  PID:3688
- C:\Windows\System\FgyIemG.exe
  C:\Windows\System\FgyIemG.exe
  2⤵
  PID:4488
- C:\Windows\System\tgYYhgj.exe
  C:\Windows\System\tgYYhgj.exe
  2⤵
  PID:3724
- C:\Windows\System\cAHHpOc.exe
  C:\Windows\System\cAHHpOc.exe
  2⤵
  PID:4652
- C:\Windows\System\Jtbfohi.exe
  C:\Windows\System\Jtbfohi.exe
  2⤵
  PID:4220
- C:\Windows\System\kivJPdO.exe
  C:\Windows\System\kivJPdO.exe
  2⤵
  PID:3568
- C:\Windows\System\qxNFXPD.exe
  C:\Windows\System\qxNFXPD.exe
  2⤵
  PID:2124
- C:\Windows\System\VQGXQLK.exe
  C:\Windows\System\VQGXQLK.exe
  2⤵
  PID:2452
- C:\Windows\System\tkPeRLZ.exe
  C:\Windows\System\tkPeRLZ.exe
  2⤵
  PID:1748
- C:\Windows\System\iTbkJvV.exe
  C:\Windows\System\iTbkJvV.exe
  2⤵
  PID:4656
- C:\Windows\System\FiPWOBi.exe
  C:\Windows\System\FiPWOBi.exe
  2⤵
  PID:2932
- C:\Windows\System\SrarxeI.exe
  C:\Windows\System\SrarxeI.exe
  2⤵
  PID:4736
- C:\Windows\System\uLjzeRZ.exe
  C:\Windows\System\uLjzeRZ.exe
  2⤵
  PID:4944
- C:\Windows\System\ODBoXZz.exe
  C:\Windows\System\ODBoXZz.exe
  2⤵
  PID:4392
- C:\Windows\System\bQCcqwT.exe
  C:\Windows\System\bQCcqwT.exe
  2⤵
  PID:1052
- C:\Windows\System\HpBdJxm.exe
  C:\Windows\System\HpBdJxm.exe
  2⤵
  PID:3456
- C:\Windows\System\IatrZLu.exe
  C:\Windows\System\IatrZLu.exe
  2⤵
  PID:1360
- C:\Windows\System\ugdQztH.exe
  C:\Windows\System\ugdQztH.exe
  2⤵
  PID:2980
- C:\Windows\System\DwrlMnr.exe
  C:\Windows\System\DwrlMnr.exe
  2⤵
  PID:4868
- C:\Windows\System\BmbPeWc.exe
  C:\Windows\System\BmbPeWc.exe
  2⤵
  PID:2544
- C:\Windows\System\oOPVgdF.exe
  C:\Windows\System\oOPVgdF.exe
  2⤵
  PID:5136
- C:\Windows\System\jwxWogS.exe
  C:\Windows\System\jwxWogS.exe
  2⤵
  PID:5160
- C:\Windows\System\MATuZpA.exe
  C:\Windows\System\MATuZpA.exe
  2⤵
  PID:5184
- C:\Windows\System\VDHPbks.exe
  C:\Windows\System\VDHPbks.exe
  2⤵
  PID:5220
- C:\Windows\System\xbkiCaR.exe
  C:\Windows\System\xbkiCaR.exe
  2⤵
  PID:5248
- C:\Windows\System\SBkkyXZ.exe
  C:\Windows\System\SBkkyXZ.exe
  2⤵
  PID:5276
- C:\Windows\System\icdDdjZ.exe
  C:\Windows\System\icdDdjZ.exe
  2⤵
  PID:5300
- C:\Windows\System\EiGcVIC.exe
  C:\Windows\System\EiGcVIC.exe
  2⤵
  PID:5328
- C:\Windows\System\JlmEZXE.exe
  C:\Windows\System\JlmEZXE.exe
  2⤵
  PID:5348
- C:\Windows\System\ntmhAyH.exe
  C:\Windows\System\ntmhAyH.exe
  2⤵
  PID:5376
- C:\Windows\System\AQurnxj.exe
  C:\Windows\System\AQurnxj.exe
  2⤵
  PID:5404
- C:\Windows\System\LhUFLhv.exe
  C:\Windows\System\LhUFLhv.exe
  2⤵
  PID:5440
- C:\Windows\System\gfsVAFj.exe
  C:\Windows\System\gfsVAFj.exe
  2⤵
  PID:5464
- C:\Windows\System\YhfiWGw.exe
  C:\Windows\System\YhfiWGw.exe
  2⤵
  PID:5504
- C:\Windows\System\AoEJNWU.exe
  C:\Windows\System\AoEJNWU.exe
  2⤵
  PID:5524
- C:\Windows\System\DBhuPqE.exe
  C:\Windows\System\DBhuPqE.exe
  2⤵
  PID:5564
- C:\Windows\System\BDFtPFZ.exe
  C:\Windows\System\BDFtPFZ.exe
  2⤵
  PID:5612
- C:\Windows\System\SwlPSbX.exe
  C:\Windows\System\SwlPSbX.exe
  2⤵
  PID:5636
- C:\Windows\System\WiGZxeG.exe
  C:\Windows\System\WiGZxeG.exe
  2⤵
  PID:5664
- C:\Windows\System\GniFrLr.exe
  C:\Windows\System\GniFrLr.exe
  2⤵
  PID:5692
- C:\Windows\System\ahNpCDZ.exe
  C:\Windows\System\ahNpCDZ.exe
  2⤵
  PID:5720
- C:\Windows\System\yOMJZWz.exe
  C:\Windows\System\yOMJZWz.exe
  2⤵
  PID:5756
- C:\Windows\System\iSVKZSm.exe
  C:\Windows\System\iSVKZSm.exe
  2⤵
  PID:5776
- C:\Windows\System\GLAktGL.exe
  C:\Windows\System\GLAktGL.exe
  2⤵
  PID:5804
- C:\Windows\System\FQhLIOQ.exe
  C:\Windows\System\FQhLIOQ.exe
  2⤵
  PID:5824
- C:\Windows\System\NmSbNMt.exe
  C:\Windows\System\NmSbNMt.exe
  2⤵
  PID:5864
- C:\Windows\System\sgCHTzz.exe
  C:\Windows\System\sgCHTzz.exe
  2⤵
  PID:5892
- C:\Windows\System\cBYnzmD.exe
  C:\Windows\System\cBYnzmD.exe
  2⤵
  PID:5920
- C:\Windows\System\HzVMinO.exe
  C:\Windows\System\HzVMinO.exe
  2⤵
  PID:5948
- C:\Windows\System\afqkKIl.exe
  C:\Windows\System\afqkKIl.exe
  2⤵
  PID:5980
- C:\Windows\System\fOfnVtd.exe
  C:\Windows\System\fOfnVtd.exe
  2⤵
  PID:6012
- C:\Windows\System\DkNCNQE.exe
  C:\Windows\System\DkNCNQE.exe
  2⤵
  PID:6036
- C:\Windows\System\uaqkYvp.exe
  C:\Windows\System\uaqkYvp.exe
  2⤵
  PID:6084
- C:\Windows\System\LHvrJLO.exe
  C:\Windows\System\LHvrJLO.exe
  2⤵
  PID:6100
- C:\Windows\System\dqRdeaU.exe
  C:\Windows\System\dqRdeaU.exe
  2⤵
  PID:6128
- C:\Windows\System\rnOLNft.exe
  C:\Windows\System\rnOLNft.exe
  2⤵
  PID:5132
- C:\Windows\System\BLeKYNl.exe
  C:\Windows\System\BLeKYNl.exe
  2⤵
  PID:5228
- C:\Windows\System\ksIRacX.exe
  C:\Windows\System\ksIRacX.exe
  2⤵
  PID:5312
- C:\Windows\System\wkzrrph.exe
  C:\Windows\System\wkzrrph.exe
  2⤵
  PID:5396
- C:\Windows\System\DNUrDwk.exe
  C:\Windows\System\DNUrDwk.exe
  2⤵
  PID:5432
- C:\Windows\System\ZgoJSLm.exe
  C:\Windows\System\ZgoJSLm.exe
  2⤵
  PID:5484
- C:\Windows\System\DEZflCu.exe
  C:\Windows\System\DEZflCu.exe
  2⤵
  PID:5572
- C:\Windows\System\QcRQdNO.exe
  C:\Windows\System\QcRQdNO.exe
  2⤵
  PID:5628
- C:\Windows\System\yCodxgW.exe
  C:\Windows\System\yCodxgW.exe
  2⤵
  PID:5744
- C:\Windows\System\elldbeU.exe
  C:\Windows\System\elldbeU.exe
  2⤵
  PID:5788
- C:\Windows\System\XzUAaYX.exe
  C:\Windows\System\XzUAaYX.exe
  2⤵
  PID:5856
- C:\Windows\System\WYPJxeB.exe
  C:\Windows\System\WYPJxeB.exe
  2⤵
  PID:5932
- C:\Windows\System\sSiEbNI.exe
  C:\Windows\System\sSiEbNI.exe
  2⤵
  PID:3304
- C:\Windows\System\DtyZlOH.exe
  C:\Windows\System\DtyZlOH.exe
  2⤵
  PID:6080
- C:\Windows\System\awHUosY.exe
  C:\Windows\System\awHUosY.exe
  2⤵
  PID:6020
- C:\Windows\System\TExdcAQ.exe
  C:\Windows\System\TExdcAQ.exe
  2⤵
  PID:5176
- C:\Windows\System\EHfZnwL.exe
  C:\Windows\System\EHfZnwL.exe
  2⤵
  PID:5424
- C:\Windows\System\thTMvTJ.exe
  C:\Windows\System\thTMvTJ.exe
  2⤵
  PID:5560
- C:\Windows\System\OphDBup.exe
  C:\Windows\System\OphDBup.exe
  2⤵
  PID:2136
- C:\Windows\System\VBaplEV.exe
  C:\Windows\System\VBaplEV.exe
  2⤵
  PID:5008
- C:\Windows\System\sMZnARk.exe
  C:\Windows\System\sMZnARk.exe
  2⤵
  PID:5768
- C:\Windows\System\fezytiW.exe
  C:\Windows\System\fezytiW.exe
  2⤵
  PID:1644
- C:\Windows\System\XTTgSHb.exe
  C:\Windows\System\XTTgSHb.exe
  2⤵
  PID:6008
- C:\Windows\System\iYHdcHZ.exe
  C:\Windows\System\iYHdcHZ.exe
  2⤵
  PID:6112
- C:\Windows\System\IycDpiO.exe
  C:\Windows\System\IycDpiO.exe
  2⤵
  PID:6096
- C:\Windows\System\TbuwcgU.exe
  C:\Windows\System\TbuwcgU.exe
  2⤵
  PID:5688
- C:\Windows\System\wwYubfB.exe
  C:\Windows\System\wwYubfB.exe
  2⤵
  PID:5208
- C:\Windows\System\NfFVHHF.exe
  C:\Windows\System\NfFVHHF.exe
  2⤵
  PID:6048
- C:\Windows\System\qJIMakG.exe
  C:\Windows\System\qJIMakG.exe
  2⤵
  PID:5648
- C:\Windows\System\QmmnQEv.exe
  C:\Windows\System\QmmnQEv.exe
  2⤵
  PID:6092
- C:\Windows\System\gRWYCEh.exe
  C:\Windows\System\gRWYCEh.exe
  2⤵
  PID:5456
- C:\Windows\System\xScHPES.exe
  C:\Windows\System\xScHPES.exe
  2⤵
  PID:6172
- C:\Windows\System\APUKixb.exe
  C:\Windows\System\APUKixb.exe
  2⤵
  PID:6200
- C:\Windows\System\FvqbAEE.exe
  C:\Windows\System\FvqbAEE.exe
  2⤵
  PID:6220
- C:\Windows\System\zmHqorM.exe
  C:\Windows\System\zmHqorM.exe
  2⤵
  PID:6252
- C:\Windows\System\PVioNvX.exe
  C:\Windows\System\PVioNvX.exe
  2⤵
  PID:6280
- C:\Windows\System\qrawhlk.exe
  C:\Windows\System\qrawhlk.exe
  2⤵
  PID:6308
- C:\Windows\System\NQHYcHu.exe
  C:\Windows\System\NQHYcHu.exe
  2⤵
  PID:6336
- C:\Windows\System\wMGtoac.exe
  C:\Windows\System\wMGtoac.exe
  2⤵
  PID:6364
- C:\Windows\System\WtPvVZm.exe
  C:\Windows\System\WtPvVZm.exe
  2⤵
  PID:6392
- C:\Windows\System\OKrXSUs.exe
  C:\Windows\System\OKrXSUs.exe
  2⤵
  PID:6420
- C:\Windows\System\vkUjcUk.exe
  C:\Windows\System\vkUjcUk.exe
  2⤵
  PID:6444
- C:\Windows\System\bIdTQca.exe
  C:\Windows\System\bIdTQca.exe
  2⤵
  PID:6476
- C:\Windows\System\GESysmz.exe
  C:\Windows\System\GESysmz.exe
  2⤵
  PID:6508
- C:\Windows\System\XCijTFg.exe
  C:\Windows\System\XCijTFg.exe
  2⤵
  PID:6528
- C:\Windows\System\ipuNNsR.exe
  C:\Windows\System\ipuNNsR.exe
  2⤵
  PID:6568
- C:\Windows\System\MpoCdtJ.exe
  C:\Windows\System\MpoCdtJ.exe
  2⤵
  PID:6592
- C:\Windows\System\NWbHJdw.exe
  C:\Windows\System\NWbHJdw.exe
  2⤵
  PID:6620
- C:\Windows\System\KyacRmF.exe
  C:\Windows\System\KyacRmF.exe
  2⤵
  PID:6644
- C:\Windows\System\ErpMfAj.exe
  C:\Windows\System\ErpMfAj.exe
  2⤵
  PID:6676
- C:\Windows\System\KaPGFtp.exe
  C:\Windows\System\KaPGFtp.exe
  2⤵
  PID:6704
- C:\Windows\System\SciHgUo.exe
  C:\Windows\System\SciHgUo.exe
  2⤵
  PID:6728
- C:\Windows\System\bJkWcbx.exe
  C:\Windows\System\bJkWcbx.exe
  2⤵
  PID:6764
- C:\Windows\System\vLIaVYK.exe
  C:\Windows\System\vLIaVYK.exe
  2⤵
  PID:6792
- C:\Windows\System\gXdBnka.exe
  C:\Windows\System\gXdBnka.exe
  2⤵
  PID:6816
- C:\Windows\System\oKWkqlV.exe
  C:\Windows\System\oKWkqlV.exe
  2⤵
  PID:6844
- C:\Windows\System\QsdMfZC.exe
  C:\Windows\System\QsdMfZC.exe
  2⤵
  PID:6876
- C:\Windows\System\KapoqPs.exe
  C:\Windows\System\KapoqPs.exe
  2⤵
  PID:6900
- C:\Windows\System\RzlvAaw.exe
  C:\Windows\System\RzlvAaw.exe
  2⤵
  PID:6928
- C:\Windows\System\HNlUOyg.exe
  C:\Windows\System\HNlUOyg.exe
  2⤵
  PID:6960
- C:\Windows\System\dyIHLjD.exe
  C:\Windows\System\dyIHLjD.exe
  2⤵
  PID:6988
- C:\Windows\System\eYjwJhB.exe
  C:\Windows\System\eYjwJhB.exe
  2⤵
  PID:7008
- C:\Windows\System\AOPUHbZ.exe
  C:\Windows\System\AOPUHbZ.exe
  2⤵
  PID:7044
- C:\Windows\System\BYPjfDB.exe
  C:\Windows\System\BYPjfDB.exe
  2⤵
  PID:7072
- C:\Windows\System\PbnmfNl.exe
  C:\Windows\System\PbnmfNl.exe
  2⤵
  PID:7096
- C:\Windows\System\zlExOhJ.exe
  C:\Windows\System\zlExOhJ.exe
  2⤵
  PID:7128
- C:\Windows\System\IjlVsvQ.exe
  C:\Windows\System\IjlVsvQ.exe
  2⤵
  PID:7156
- C:\Windows\System\VsSSLQS.exe
  C:\Windows\System\VsSSLQS.exe
  2⤵
  PID:6180
- C:\Windows\System\YPEwybh.exe
  C:\Windows\System\YPEwybh.exe
  2⤵
  PID:6236
- C:\Windows\System\mXYtTwd.exe
  C:\Windows\System\mXYtTwd.exe
  2⤵
  PID:6328
- C:\Windows\System\zVRlMsS.exe
  C:\Windows\System\zVRlMsS.exe
  2⤵
  PID:6376
- C:\Windows\System\rctoLpx.exe
  C:\Windows\System\rctoLpx.exe
  2⤵
  PID:6436
- C:\Windows\System\tFdFgKp.exe
  C:\Windows\System\tFdFgKp.exe
  2⤵
  PID:6504
- C:\Windows\System\vFfeQFd.exe
  C:\Windows\System\vFfeQFd.exe
  2⤵
  PID:6584
- C:\Windows\System\HlyChEB.exe
  C:\Windows\System\HlyChEB.exe
  2⤵
  PID:6632
- C:\Windows\System\cYVbnvV.exe
  C:\Windows\System\cYVbnvV.exe
  2⤵
  PID:772
- C:\Windows\System\hDRABho.exe
  C:\Windows\System\hDRABho.exe
  2⤵
  PID:6752
- C:\Windows\System\PYZwTEe.exe
  C:\Windows\System\PYZwTEe.exe
  2⤵
  PID:6832
- C:\Windows\System\pbZNdHd.exe
  C:\Windows\System\pbZNdHd.exe
  2⤵
  PID:6868
- C:\Windows\System\EwHBoAk.exe
  C:\Windows\System\EwHBoAk.exe
  2⤵
  PID:7020
- C:\Windows\System\GmncDcm.exe
  C:\Windows\System\GmncDcm.exe
  2⤵
  PID:7056
- C:\Windows\System\iIEEXad.exe
  C:\Windows\System\iIEEXad.exe
  2⤵
  PID:7120
- C:\Windows\System\ZMmXezn.exe
  C:\Windows\System\ZMmXezn.exe
  2⤵
  PID:4552
- C:\Windows\System\IZpwtCm.exe
  C:\Windows\System\IZpwtCm.exe
  2⤵
  PID:6668
- C:\Windows\System\vTxFZQI.exe
  C:\Windows\System\vTxFZQI.exe
  2⤵
  PID:2484
- C:\Windows\System\aIhaQod.exe
  C:\Windows\System\aIhaQod.exe
  2⤵
  PID:1956
- C:\Windows\System\xhbEoBz.exe
  C:\Windows\System\xhbEoBz.exe
  2⤵
  PID:7004
- C:\Windows\System\exeaBOj.exe
  C:\Windows\System\exeaBOj.exe
  2⤵
  PID:6320
- C:\Windows\System\YvzGFco.exe
  C:\Windows\System\YvzGFco.exe
  2⤵
  PID:4732
- C:\Windows\System\WZFFdwW.exe
  C:\Windows\System\WZFFdwW.exe
  2⤵
  PID:6484
- C:\Windows\System\HPPSXeh.exe
  C:\Windows\System\HPPSXeh.exe
  2⤵
  PID:6408
- C:\Windows\System\FuGaHFg.exe
  C:\Windows\System\FuGaHFg.exe
  2⤵
  PID:3392
- C:\Windows\System\oWCVBjx.exe
  C:\Windows\System\oWCVBjx.exe
  2⤵
  PID:4116
- C:\Windows\System\TaNHlBi.exe
  C:\Windows\System\TaNHlBi.exe
  2⤵
  PID:2256
- C:\Windows\System\NDAIWcr.exe
  C:\Windows\System\NDAIWcr.exe
  2⤵
  PID:7140
- C:\Windows\System\HOPCvLN.exe
  C:\Windows\System\HOPCvLN.exe
  2⤵
  PID:7200
- C:\Windows\System\hXRTiUr.exe
  C:\Windows\System\hXRTiUr.exe
  2⤵
  PID:7228
- C:\Windows\System\uuoHBxF.exe
  C:\Windows\System\uuoHBxF.exe
  2⤵
  PID:7256
- C:\Windows\System\rfyQSFQ.exe
  C:\Windows\System\rfyQSFQ.exe
  2⤵
  PID:7284
- C:\Windows\System\yzfCulq.exe
  C:\Windows\System\yzfCulq.exe
  2⤵
  PID:7304
- C:\Windows\System\RxPerKa.exe
  C:\Windows\System\RxPerKa.exe
  2⤵
  PID:7336
- C:\Windows\System\kwuVHlW.exe
  C:\Windows\System\kwuVHlW.exe
  2⤵
  PID:7372
- C:\Windows\System\imXxbmK.exe
  C:\Windows\System\imXxbmK.exe
  2⤵
  PID:7404
- C:\Windows\System\RtOXhBV.exe
  C:\Windows\System\RtOXhBV.exe
  2⤵
  PID:7428
- C:\Windows\System\hjKrttu.exe
  C:\Windows\System\hjKrttu.exe
  2⤵
  PID:7448
- C:\Windows\System\kzRYjnd.exe
  C:\Windows\System\kzRYjnd.exe
  2⤵
  PID:7480
- C:\Windows\System\FGrlOlh.exe
  C:\Windows\System\FGrlOlh.exe
  2⤵
  PID:7508
- C:\Windows\System\yAgwons.exe
  C:\Windows\System\yAgwons.exe
  2⤵
  PID:7536
- C:\Windows\System\BGsKtgr.exe
  C:\Windows\System\BGsKtgr.exe
  2⤵
  PID:7564
- C:\Windows\System\qvDePCq.exe
  C:\Windows\System\qvDePCq.exe
  2⤵
  PID:7592
- C:\Windows\System\ngJvvoO.exe
  C:\Windows\System\ngJvvoO.exe
  2⤵
  PID:7620
- C:\Windows\System\pTpURvf.exe
  C:\Windows\System\pTpURvf.exe
  2⤵
  PID:7648
- C:\Windows\System\dlyLfeh.exe
  C:\Windows\System\dlyLfeh.exe
  2⤵
  PID:7676
- C:\Windows\System\HzzzXeN.exe
  C:\Windows\System\HzzzXeN.exe
  2⤵
  PID:7704
- C:\Windows\System\UHGlGJi.exe
  C:\Windows\System\UHGlGJi.exe
  2⤵
  PID:7732
- C:\Windows\System\MWvhMxw.exe
  C:\Windows\System\MWvhMxw.exe
  2⤵
  PID:7760
- C:\Windows\System\kdtqgUz.exe
  C:\Windows\System\kdtqgUz.exe
  2⤵
  PID:7788
- C:\Windows\System\gJfOWoh.exe
  C:\Windows\System\gJfOWoh.exe
  2⤵
  PID:7816
- C:\Windows\System\AaKisUU.exe
  C:\Windows\System\AaKisUU.exe
  2⤵
  PID:7852
- C:\Windows\System\wTXIEUa.exe
  C:\Windows\System\wTXIEUa.exe
  2⤵
  PID:7872
- C:\Windows\System\XjaJIrv.exe
  C:\Windows\System\XjaJIrv.exe
  2⤵
  PID:7904
- C:\Windows\System\ekuoZfl.exe
  C:\Windows\System\ekuoZfl.exe
  2⤵
  PID:7932
- C:\Windows\System\qyzbWiM.exe
  C:\Windows\System\qyzbWiM.exe
  2⤵
  PID:7960
- C:\Windows\System\UcKSohk.exe
  C:\Windows\System\UcKSohk.exe
  2⤵
  PID:7988
- C:\Windows\System\nSZLANp.exe
  C:\Windows\System\nSZLANp.exe
  2⤵
  PID:8016
- C:\Windows\System\wJoiyBP.exe
  C:\Windows\System\wJoiyBP.exe
  2⤵
  PID:8060
- C:\Windows\System\SgIUNPX.exe
  C:\Windows\System\SgIUNPX.exe
  2⤵
  PID:8084
- C:\Windows\System\YhzwbsV.exe
  C:\Windows\System\YhzwbsV.exe
  2⤵
  PID:8104
- C:\Windows\System\OzcLVJu.exe
  C:\Windows\System\OzcLVJu.exe
  2⤵
  PID:8132
- C:\Windows\System\WIDzOMx.exe
  C:\Windows\System\WIDzOMx.exe
  2⤵
  PID:8160
- C:\Windows\System\rmuiuoL.exe
  C:\Windows\System\rmuiuoL.exe
  2⤵
  PID:8188
- C:\Windows\System\YYoLkWU.exe
  C:\Windows\System\YYoLkWU.exe
  2⤵
  PID:7236
- C:\Windows\System\dqbIbmM.exe
  C:\Windows\System\dqbIbmM.exe
  2⤵
  PID:7296
- C:\Windows\System\DHzDVDe.exe
  C:\Windows\System\DHzDVDe.exe
  2⤵
  PID:7364
- C:\Windows\System\HrUmeKB.exe
  C:\Windows\System\HrUmeKB.exe
  2⤵
  PID:7436
- C:\Windows\System\GnfXlVM.exe
  C:\Windows\System\GnfXlVM.exe
  2⤵
  PID:7468
- C:\Windows\System\esujoKW.exe
  C:\Windows\System\esujoKW.exe
  2⤵
  PID:7556
- C:\Windows\System\HXPfxNR.exe
  C:\Windows\System\HXPfxNR.exe
  2⤵
  PID:7616
- C:\Windows\System\uMTZqtN.exe
  C:\Windows\System\uMTZqtN.exe
  2⤵
  PID:7672
- C:\Windows\System\yoPCwOD.exe
  C:\Windows\System\yoPCwOD.exe
  2⤵
  PID:7728
- C:\Windows\System\GSzPRYn.exe
  C:\Windows\System\GSzPRYn.exe
  2⤵
  PID:7800
- C:\Windows\System\ucYcmVS.exe
  C:\Windows\System\ucYcmVS.exe
  2⤵
  PID:7840
- C:\Windows\System\cphGUqW.exe
  C:\Windows\System\cphGUqW.exe
  2⤵
  PID:7916
- C:\Windows\System\OmqLPRw.exe
  C:\Windows\System\OmqLPRw.exe
  2⤵
  PID:7980
- C:\Windows\System\iWrtwFW.exe
  C:\Windows\System\iWrtwFW.exe
  2⤵
  PID:8052
- C:\Windows\System\XdvEiSJ.exe
  C:\Windows\System\XdvEiSJ.exe
  2⤵
  PID:8116
- C:\Windows\System\ufKkPeG.exe
  C:\Windows\System\ufKkPeG.exe
  2⤵
  PID:8180
- C:\Windows\System\GpYNBel.exe
  C:\Windows\System\GpYNBel.exe
  2⤵
  PID:7292
- C:\Windows\System\OozLVjM.exe
  C:\Windows\System\OozLVjM.exe
  2⤵
  PID:7460
- C:\Windows\System\MrorUJB.exe
  C:\Windows\System\MrorUJB.exe
  2⤵
  PID:7604
- C:\Windows\System\nBlLdDa.exe
  C:\Windows\System\nBlLdDa.exe
  2⤵
  PID:7724
- C:\Windows\System\qceGUlo.exe
  C:\Windows\System\qceGUlo.exe
  2⤵
  PID:7868
- C:\Windows\System\GolKChH.exe
  C:\Windows\System\GolKChH.exe
  2⤵
  PID:8008
- C:\Windows\System\SmNMdQv.exe
  C:\Windows\System\SmNMdQv.exe
  2⤵
  PID:8156
- C:\Windows\System\WHNyvLe.exe
  C:\Windows\System\WHNyvLe.exe
  2⤵
  PID:7416
- C:\Windows\System\kZXMPqZ.exe
  C:\Windows\System\kZXMPqZ.exe
  2⤵
  PID:7784
- C:\Windows\System\LtahbFX.exe
  C:\Windows\System\LtahbFX.exe
  2⤵
  PID:8096
- C:\Windows\System\AeArnwP.exe
  C:\Windows\System\AeArnwP.exe
  2⤵
  PID:7700
- C:\Windows\System\wkwkMIZ.exe
  C:\Windows\System\wkwkMIZ.exe
  2⤵
  PID:8072
- C:\Windows\System\lAoAbmT.exe
  C:\Windows\System\lAoAbmT.exe
  2⤵
  PID:8212
- C:\Windows\System\pvakblV.exe
  C:\Windows\System\pvakblV.exe
  2⤵
  PID:8240
- C:\Windows\System\XbMvNzj.exe
  C:\Windows\System\XbMvNzj.exe
  2⤵
  PID:8268
- C:\Windows\System\pIdospV.exe
  C:\Windows\System\pIdospV.exe
  2⤵
  PID:8296
- C:\Windows\System\wZrJPib.exe
  C:\Windows\System\wZrJPib.exe
  2⤵
  PID:8324
- C:\Windows\System\QKnAovU.exe
  C:\Windows\System\QKnAovU.exe
  2⤵
  PID:8352
- C:\Windows\System\KYSbwlc.exe
  C:\Windows\System\KYSbwlc.exe
  2⤵
  PID:8384
- C:\Windows\System\NZOMUqT.exe
  C:\Windows\System\NZOMUqT.exe
  2⤵
  PID:8408
- C:\Windows\System\tXfRQdD.exe
  C:\Windows\System\tXfRQdD.exe
  2⤵
  PID:8436
- C:\Windows\System\BMIThRi.exe
  C:\Windows\System\BMIThRi.exe
  2⤵
  PID:8452
- C:\Windows\System\VccUNSV.exe
  C:\Windows\System\VccUNSV.exe
  2⤵
  PID:8492
- C:\Windows\System\ZBsdxgF.exe
  C:\Windows\System\ZBsdxgF.exe
  2⤵
  PID:8520
- C:\Windows\System\JwycwLO.exe
  C:\Windows\System\JwycwLO.exe
  2⤵
  PID:8536
- C:\Windows\System\WjtNzoe.exe
  C:\Windows\System\WjtNzoe.exe
  2⤵
  PID:8596
- C:\Windows\System\IZshCah.exe
  C:\Windows\System\IZshCah.exe
  2⤵
  PID:8640
- C:\Windows\System\PVwPXTn.exe
  C:\Windows\System\PVwPXTn.exe
  2⤵
  PID:8680
- C:\Windows\System\hixYmKl.exe
  C:\Windows\System\hixYmKl.exe
  2⤵
  PID:8708
- C:\Windows\System\jsBECRm.exe
  C:\Windows\System\jsBECRm.exe
  2⤵
  PID:8736
- C:\Windows\System\GSDoNbe.exe
  C:\Windows\System\GSDoNbe.exe
  2⤵
  PID:8764
- C:\Windows\System\tUYRQHc.exe
  C:\Windows\System\tUYRQHc.exe
  2⤵
  PID:8792
- C:\Windows\System\xEcgUod.exe
  C:\Windows\System\xEcgUod.exe
  2⤵
  PID:8820
- C:\Windows\System\SUUtQFk.exe
  C:\Windows\System\SUUtQFk.exe
  2⤵
  PID:8848
- C:\Windows\System\fEtzdBK.exe
  C:\Windows\System\fEtzdBK.exe
  2⤵
  PID:8876
- C:\Windows\System\JrQLoMt.exe
  C:\Windows\System\JrQLoMt.exe
  2⤵
  PID:8904
- C:\Windows\System\VJOTgHg.exe
  C:\Windows\System\VJOTgHg.exe
  2⤵
  PID:8932
- C:\Windows\System\AueEJft.exe
  C:\Windows\System\AueEJft.exe
  2⤵
  PID:8960
- C:\Windows\System\GjdXKYu.exe
  C:\Windows\System\GjdXKYu.exe
  2⤵
  PID:8988
- C:\Windows\System\mCSzJhq.exe
  C:\Windows\System\mCSzJhq.exe
  2⤵
  PID:9016
- C:\Windows\System\dgCwGTG.exe
  C:\Windows\System\dgCwGTG.exe
  2⤵
  PID:9044
- C:\Windows\System\PowfTkK.exe
  C:\Windows\System\PowfTkK.exe
  2⤵
  PID:9072
- C:\Windows\System\tXRxEfb.exe
  C:\Windows\System\tXRxEfb.exe
  2⤵
  PID:9100
- C:\Windows\System\pTjbkXV.exe
  C:\Windows\System\pTjbkXV.exe
  2⤵
  PID:9128
- C:\Windows\System\tQdASpJ.exe
  C:\Windows\System\tQdASpJ.exe
  2⤵
  PID:9156
- C:\Windows\System\XjAacHw.exe
  C:\Windows\System\XjAacHw.exe
  2⤵
  PID:9184
- C:\Windows\System\mWYspYo.exe
  C:\Windows\System\mWYspYo.exe
  2⤵
  PID:9212
- C:\Windows\System\QtnIlfX.exe
  C:\Windows\System\QtnIlfX.exe
  2⤵
  PID:8252
- C:\Windows\System\JgPcKBs.exe
  C:\Windows\System\JgPcKBs.exe
  2⤵
  PID:8316
- C:\Windows\System\nYjjjdY.exe
  C:\Windows\System\nYjjjdY.exe
  2⤵
  PID:8392
- C:\Windows\System\lvOmvEt.exe
  C:\Windows\System\lvOmvEt.exe
  2⤵
  PID:8428
- C:\Windows\System\YQPTjlI.exe
  C:\Windows\System\YQPTjlI.exe
  2⤵
  PID:8476
- C:\Windows\System\OAbBhdi.exe
  C:\Windows\System\OAbBhdi.exe
  2⤵
  PID:8584
- C:\Windows\System\OTCescN.exe
  C:\Windows\System\OTCescN.exe
  2⤵
  PID:8632
- C:\Windows\System\ZvIXQIp.exe
  C:\Windows\System\ZvIXQIp.exe
  2⤵
  PID:7324
- C:\Windows\System\obNhPZO.exe
  C:\Windows\System\obNhPZO.exe
  2⤵
  PID:6916
- C:\Windows\System\aYxyzra.exe
  C:\Windows\System\aYxyzra.exe
  2⤵
  PID:8728
- C:\Windows\System\hvCZrIt.exe
  C:\Windows\System\hvCZrIt.exe
  2⤵
  PID:8788
- C:\Windows\System\TUTttwY.exe
  C:\Windows\System\TUTttwY.exe
  2⤵
  PID:8860
- C:\Windows\System\kWKuxpL.exe
  C:\Windows\System\kWKuxpL.exe
  2⤵
  PID:8924
- C:\Windows\System\tfbNsKs.exe
  C:\Windows\System\tfbNsKs.exe
  2⤵
  PID:8984
- C:\Windows\System\otymVFI.exe
  C:\Windows\System\otymVFI.exe
  2⤵
  PID:9056
- C:\Windows\System\hdbrMKg.exe
  C:\Windows\System\hdbrMKg.exe
  2⤵
  PID:9120
- C:\Windows\System\rGDLJUr.exe
  C:\Windows\System\rGDLJUr.exe
  2⤵
  PID:9196
- C:\Windows\System\WtmTukZ.exe
  C:\Windows\System\WtmTukZ.exe
  2⤵
  PID:8280
- C:\Windows\System\KwboMLI.exe
  C:\Windows\System\KwboMLI.exe
  2⤵
  PID:8376
- C:\Windows\System\pGexoIn.exe
  C:\Windows\System\pGexoIn.exe
  2⤵
  PID:8504
- C:\Windows\System\iDkxQCl.exe
  C:\Windows\System\iDkxQCl.exe
  2⤵
  PID:2032
- C:\Windows\System\PewRmUZ.exe
  C:\Windows\System\PewRmUZ.exe
  2⤵
  PID:8720
- C:\Windows\System\nlQjgIo.exe
  C:\Windows\System\nlQjgIo.exe
  2⤵
  PID:8840
- C:\Windows\System\HpnrAlo.exe
  C:\Windows\System\HpnrAlo.exe
  2⤵
  PID:8956
- C:\Windows\System\jXcrxrN.exe
  C:\Windows\System\jXcrxrN.exe
  2⤵
  PID:9096
- C:\Windows\System\aELjrAk.exe
  C:\Windows\System\aELjrAk.exe
  2⤵
  PID:8236
- C:\Windows\System\mqnIbcI.exe
  C:\Windows\System\mqnIbcI.exe
  2⤵
  PID:8564
- C:\Windows\System\BqGEdSZ.exe
  C:\Windows\System\BqGEdSZ.exe
  2⤵
  PID:2408
- C:\Windows\System\byWHRYq.exe
  C:\Windows\System\byWHRYq.exe
  2⤵
  PID:9012
- C:\Windows\System\cIGWIFc.exe
  C:\Windows\System\cIGWIFc.exe
  2⤵
  PID:2800
- C:\Windows\System\nTyXxoI.exe
  C:\Windows\System\nTyXxoI.exe
  2⤵
  PID:8900
- C:\Windows\System\lOWuPhY.exe
  C:\Windows\System\lOWuPhY.exe
  2⤵
  PID:2628
- C:\Windows\System\aFThPvJ.exe
  C:\Windows\System\aFThPvJ.exe
  2⤵
  PID:8448
- C:\Windows\System\hXfRRAG.exe
  C:\Windows\System\hXfRRAG.exe
  2⤵
  PID:9252
- C:\Windows\System\FxIhTNF.exe
  C:\Windows\System\FxIhTNF.exe
  2⤵
  PID:9280
- C:\Windows\System\izdCYcv.exe
  C:\Windows\System\izdCYcv.exe
  2⤵
  PID:9300
- C:\Windows\System\UTPWjmk.exe
  C:\Windows\System\UTPWjmk.exe
  2⤵
  PID:9328
- C:\Windows\System\hXRTRpx.exe
  C:\Windows\System\hXRTRpx.exe
  2⤵
  PID:9356
- C:\Windows\System\JtytOiL.exe
  C:\Windows\System\JtytOiL.exe
  2⤵
  PID:9384
- C:\Windows\System\HooLlqh.exe
  C:\Windows\System\HooLlqh.exe
  2⤵
  PID:9412
- C:\Windows\System\AoNGgRw.exe
  C:\Windows\System\AoNGgRw.exe
  2⤵
  PID:9440
- C:\Windows\System\isbgpei.exe
  C:\Windows\System\isbgpei.exe
  2⤵
  PID:9468
- C:\Windows\System\tPSXXkc.exe
  C:\Windows\System\tPSXXkc.exe
  2⤵
  PID:9496
- C:\Windows\System\ZHQlKTy.exe
  C:\Windows\System\ZHQlKTy.exe
  2⤵
  PID:9524
- C:\Windows\System\HksTSCX.exe
  C:\Windows\System\HksTSCX.exe
  2⤵
  PID:9552
- C:\Windows\System\SsTXfhu.exe
  C:\Windows\System\SsTXfhu.exe
  2⤵
  PID:9580
- C:\Windows\System\rcdiWip.exe
  C:\Windows\System\rcdiWip.exe
  2⤵
  PID:9608
- C:\Windows\System\qmQFutH.exe
  C:\Windows\System\qmQFutH.exe
  2⤵
  PID:9636
- C:\Windows\System\oZuCukz.exe
  C:\Windows\System\oZuCukz.exe
  2⤵
  PID:9664
- C:\Windows\System\YWYdSyQ.exe
  C:\Windows\System\YWYdSyQ.exe
  2⤵
  PID:9692
- C:\Windows\System\McoQKPC.exe
  C:\Windows\System\McoQKPC.exe
  2⤵
  PID:9720
- C:\Windows\System\hPrKXJd.exe
  C:\Windows\System\hPrKXJd.exe
  2⤵
  PID:9748
- C:\Windows\System\vmkLTUZ.exe
  C:\Windows\System\vmkLTUZ.exe
  2⤵
  PID:9780
- C:\Windows\System\SKvazTE.exe
  C:\Windows\System\SKvazTE.exe
  2⤵
  PID:9808
- C:\Windows\System\IVmwfIR.exe
  C:\Windows\System\IVmwfIR.exe
  2⤵
  PID:9836
- C:\Windows\System\fNiqKMn.exe
  C:\Windows\System\fNiqKMn.exe
  2⤵
  PID:9864
- C:\Windows\System\Febhdle.exe
  C:\Windows\System\Febhdle.exe
  2⤵
  PID:9892
- C:\Windows\System\IbCkVDd.exe
  C:\Windows\System\IbCkVDd.exe
  2⤵
  PID:9932
- C:\Windows\System\ugstgOo.exe
  C:\Windows\System\ugstgOo.exe
  2⤵
  PID:9948
- C:\Windows\System\kBtRfwk.exe
  C:\Windows\System\kBtRfwk.exe
  2⤵
  PID:9976
- C:\Windows\System\oRzqLze.exe
  C:\Windows\System\oRzqLze.exe
  2⤵
  PID:10004
- C:\Windows\System\qlInLap.exe
  C:\Windows\System\qlInLap.exe
  2⤵
  PID:10032
- C:\Windows\System\eAshEwJ.exe
  C:\Windows\System\eAshEwJ.exe
  2⤵
  PID:10060
- C:\Windows\System\myXYPQb.exe
  C:\Windows\System\myXYPQb.exe
  2⤵
  PID:10088
- C:\Windows\System\dwHEEgp.exe
  C:\Windows\System\dwHEEgp.exe
  2⤵
  PID:10116
- C:\Windows\System\BIhDobJ.exe
  C:\Windows\System\BIhDobJ.exe
  2⤵
  PID:10144
- C:\Windows\System\NEhxiZX.exe
  C:\Windows\System\NEhxiZX.exe
  2⤵
  PID:10172
- C:\Windows\System\XqVSuQJ.exe
  C:\Windows\System\XqVSuQJ.exe
  2⤵
  PID:10208
- C:\Windows\System\yyJWynO.exe
  C:\Windows\System\yyJWynO.exe
  2⤵
  PID:10228
- C:\Windows\System\ujgrwuX.exe
  C:\Windows\System\ujgrwuX.exe
  2⤵
  PID:9260
- C:\Windows\System\huySdZZ.exe
  C:\Windows\System\huySdZZ.exe
  2⤵
  PID:9324
- C:\Windows\System\XWPaNUp.exe
  C:\Windows\System\XWPaNUp.exe
  2⤵
  PID:9380
- C:\Windows\System\QVpqdkZ.exe
  C:\Windows\System\QVpqdkZ.exe
  2⤵
  PID:9452
- C:\Windows\System\lZafavb.exe
  C:\Windows\System\lZafavb.exe
  2⤵
  PID:9516
- C:\Windows\System\YpnPNgY.exe
  C:\Windows\System\YpnPNgY.exe
  2⤵
  PID:9576
- C:\Windows\System\MchblxE.exe
  C:\Windows\System\MchblxE.exe
  2⤵
  PID:9632
- C:\Windows\System\oQVZtEP.exe
  C:\Windows\System\oQVZtEP.exe
  2⤵
  PID:9732
- C:\Windows\System\IapSQbr.exe
  C:\Windows\System\IapSQbr.exe
  2⤵
  PID:9800
- C:\Windows\System\WNRdzPM.exe
  C:\Windows\System\WNRdzPM.exe
  2⤵
  PID:9860
- C:\Windows\System\TOJFgOT.exe
  C:\Windows\System\TOJFgOT.exe
  2⤵
  PID:9916
- C:\Windows\System\FhbeEcV.exe
  C:\Windows\System\FhbeEcV.exe
  2⤵
  PID:9996
- C:\Windows\System\NqQOfsz.exe
  C:\Windows\System\NqQOfsz.exe
  2⤵
  PID:10056
- C:\Windows\System\TJkoduT.exe
  C:\Windows\System\TJkoduT.exe
  2⤵
  PID:10128
- C:\Windows\System\AMowuBr.exe
  C:\Windows\System\AMowuBr.exe
  2⤵
  PID:10192
- C:\Windows\System\KzVzFgn.exe
  C:\Windows\System\KzVzFgn.exe
  2⤵
  PID:9768
- C:\Windows\System\NtrTCHS.exe
  C:\Windows\System\NtrTCHS.exe
  2⤵
  PID:9376
- C:\Windows\System\iudmahT.exe
  C:\Windows\System\iudmahT.exe
  2⤵
  PID:9544
- C:\Windows\System\UyHQRWI.exe
  C:\Windows\System\UyHQRWI.exe
  2⤵
  PID:9716
- C:\Windows\System\XjRmLtN.exe
  C:\Windows\System\XjRmLtN.exe
  2⤵
  PID:9828
- C:\Windows\System\OArPkhQ.exe
  C:\Windows\System\OArPkhQ.exe
  2⤵
  PID:9928
- C:\Windows\System\WCnamzJ.exe
  C:\Windows\System\WCnamzJ.exe
  2⤵
  PID:10100
- C:\Windows\System\bKMTcpp.exe
  C:\Windows\System\bKMTcpp.exe
  2⤵
  PID:4180
- C:\Windows\System\ujFltUv.exe
  C:\Windows\System\ujFltUv.exe
  2⤵
  PID:9492
- C:\Windows\System\DmaeBoC.exe
  C:\Windows\System\DmaeBoC.exe
  2⤵
  PID:1908
- C:\Windows\System\MEuLbyp.exe
  C:\Windows\System\MEuLbyp.exe
  2⤵
  PID:10184
- C:\Windows\System\QvWAoXZ.exe
  C:\Windows\System\QvWAoXZ.exe
  2⤵
  PID:9792
- C:\Windows\System\depujXq.exe
  C:\Windows\System\depujXq.exe
  2⤵
  PID:10164
- C:\Windows\System\JCLuIFa.exe
  C:\Windows\System\JCLuIFa.exe
  2⤵
  PID:10268
- C:\Windows\System\VKiYluS.exe
  C:\Windows\System\VKiYluS.exe
  2⤵
  PID:10288
- C:\Windows\System\dXorCcs.exe
  C:\Windows\System\dXorCcs.exe
  2⤵
  PID:10316
- C:\Windows\System\czVjWvI.exe
  C:\Windows\System\czVjWvI.exe
  2⤵
  PID:10344
- C:\Windows\System\apVMNqG.exe
  C:\Windows\System\apVMNqG.exe
  2⤵
  PID:10372
- C:\Windows\System\fmEPbxi.exe
  C:\Windows\System\fmEPbxi.exe
  2⤵
  PID:10400
- C:\Windows\System\pNyGkyI.exe
  C:\Windows\System\pNyGkyI.exe
  2⤵
  PID:10428
- C:\Windows\System\GvusppT.exe
  C:\Windows\System\GvusppT.exe
  2⤵
  PID:10460
- C:\Windows\System\uNMOqOs.exe
  C:\Windows\System\uNMOqOs.exe
  2⤵
  PID:10496
- C:\Windows\System\EFmoJPT.exe
  C:\Windows\System\EFmoJPT.exe
  2⤵
  PID:10516
- C:\Windows\System\cxQdWbx.exe
  C:\Windows\System\cxQdWbx.exe
  2⤵
  PID:10544
- C:\Windows\System\TxNGzdn.exe
  C:\Windows\System\TxNGzdn.exe
  2⤵
  PID:10572
- C:\Windows\System\TcWCOkv.exe
  C:\Windows\System\TcWCOkv.exe
  2⤵
  PID:10600
- C:\Windows\System\FXztuFR.exe
  C:\Windows\System\FXztuFR.exe
  2⤵
  PID:10628
- C:\Windows\System\PpfcFDn.exe
  C:\Windows\System\PpfcFDn.exe
  2⤵
  PID:10656
- C:\Windows\System\OWIQxvB.exe
  C:\Windows\System\OWIQxvB.exe
  2⤵
  PID:10684
- C:\Windows\System\PQnHbRd.exe
  C:\Windows\System\PQnHbRd.exe
  2⤵
  PID:10712
- C:\Windows\System\rnipKAO.exe
  C:\Windows\System\rnipKAO.exe
  2⤵
  PID:10740
- C:\Windows\System\CCBKnfZ.exe
  C:\Windows\System\CCBKnfZ.exe
  2⤵
  PID:10768
- C:\Windows\System\hvOZUda.exe
  C:\Windows\System\hvOZUda.exe
  2⤵
  PID:10796
- C:\Windows\System\kFBHhqh.exe
  C:\Windows\System\kFBHhqh.exe
  2⤵
  PID:10828
- C:\Windows\System\nQBJVoW.exe
  C:\Windows\System\nQBJVoW.exe
  2⤵
  PID:10852
- C:\Windows\System\RFhnRlD.exe
  C:\Windows\System\RFhnRlD.exe
  2⤵
  PID:10880
- C:\Windows\System\KqFkxkb.exe
  C:\Windows\System\KqFkxkb.exe
  2⤵
  PID:10908
- C:\Windows\System\drelNoS.exe
  C:\Windows\System\drelNoS.exe
  2⤵
  PID:10936
- C:\Windows\System\rTuTARJ.exe
  C:\Windows\System\rTuTARJ.exe
  2⤵
  PID:10964
- C:\Windows\System\WkxWiSj.exe
  C:\Windows\System\WkxWiSj.exe
  2⤵
  PID:10992
- C:\Windows\System\cRhjkfD.exe
  C:\Windows\System\cRhjkfD.exe
  2⤵
  PID:11020
- C:\Windows\System\EhZJrrs.exe
  C:\Windows\System\EhZJrrs.exe
  2⤵
  PID:11048
- C:\Windows\System\tQEZgiD.exe
  C:\Windows\System\tQEZgiD.exe
  2⤵
  PID:11076
- C:\Windows\System\fQrorcN.exe
  C:\Windows\System\fQrorcN.exe
  2⤵
  PID:11100
- C:\Windows\System\rTqMEDF.exe
  C:\Windows\System\rTqMEDF.exe
  2⤵
  PID:11140
- C:\Windows\System\wUSzvPI.exe
  C:\Windows\System\wUSzvPI.exe
  2⤵
  PID:11172
- C:\Windows\System\xqIGrAW.exe
  C:\Windows\System\xqIGrAW.exe
  2⤵
  PID:11200
- C:\Windows\System\HSwWetL.exe
  C:\Windows\System\HSwWetL.exe
  2⤵
  PID:11228
- C:\Windows\System\MTcNTNY.exe
  C:\Windows\System\MTcNTNY.exe
  2⤵
  PID:11260
- C:\Windows\System\ndeXtud.exe
  C:\Windows\System\ndeXtud.exe
  2⤵
  PID:2200
- C:\Windows\System\eRtYzXT.exe
  C:\Windows\System\eRtYzXT.exe
  2⤵
  PID:10312
- C:\Windows\System\xqsIZwQ.exe
  C:\Windows\System\xqsIZwQ.exe
  2⤵
  PID:10384
- C:\Windows\System\fAapnAC.exe
  C:\Windows\System\fAapnAC.exe
  2⤵
  PID:10452
- C:\Windows\System\GhbFqMZ.exe
  C:\Windows\System\GhbFqMZ.exe
  2⤵
  PID:10512
- C:\Windows\System\TfBflLB.exe
  C:\Windows\System\TfBflLB.exe
  2⤵
  PID:10584
- C:\Windows\System\etKfNsx.exe
  C:\Windows\System\etKfNsx.exe
  2⤵
  PID:10648
- C:\Windows\System\VoBYsLT.exe
  C:\Windows\System\VoBYsLT.exe
  2⤵
  PID:10708
- C:\Windows\System\YytiygW.exe
  C:\Windows\System\YytiygW.exe
  2⤵
  PID:10784
- C:\Windows\System\WUcIaHV.exe
  C:\Windows\System\WUcIaHV.exe
  2⤵
  PID:10844
- C:\Windows\System\iqRKHux.exe
  C:\Windows\System\iqRKHux.exe
  2⤵
  PID:10904
- C:\Windows\System\vtmzzhZ.exe
  C:\Windows\System\vtmzzhZ.exe
  2⤵
  PID:10976
- C:\Windows\System\meNalbm.exe
  C:\Windows\System\meNalbm.exe
  2⤵
  PID:10448
- C:\Windows\System\YlmXhad.exe
  C:\Windows\System\YlmXhad.exe
  2⤵
  PID:11088
- C:\Windows\System\inZgPEw.exe
  C:\Windows\System\inZgPEw.exe
  2⤵
  PID:11156
- C:\Windows\System\zGfHWLx.exe
  C:\Windows\System\zGfHWLx.exe
  2⤵
  PID:11220
- C:\Windows\System\zTwEFbK.exe
  C:\Windows\System\zTwEFbK.exe
  2⤵
  PID:11252
- C:\Windows\System\ozrNZYD.exe
  C:\Windows\System\ozrNZYD.exe
  2⤵
  PID:10280
- C:\Windows\System\SZsBhCI.exe
  C:\Windows\System\SZsBhCI.exe
  2⤵
  PID:10412
- C:\Windows\System\qPapVUz.exe
  C:\Windows\System\qPapVUz.exe
  2⤵
  PID:10540
- C:\Windows\System\ZsXhiMm.exe
  C:\Windows\System\ZsXhiMm.exe
  2⤵
  PID:10760
- C:\Windows\System\bcnwXqy.exe
  C:\Windows\System\bcnwXqy.exe
  2⤵
  PID:10900
- C:\Windows\System\pOGWoLj.exe
  C:\Windows\System\pOGWoLj.exe
  2⤵
  PID:2308
- C:\Windows\System\yKCqDUs.exe
  C:\Windows\System\yKCqDUs.exe
  2⤵
  PID:3808
- C:\Windows\System\zGgicPb.exe
  C:\Windows\System\zGgicPb.exe
  2⤵
  PID:10276
- C:\Windows\System\IdWEdpk.exe
  C:\Windows\System\IdWEdpk.exe
  2⤵
  PID:10364
- C:\Windows\System\nOjZDtZ.exe
  C:\Windows\System\nOjZDtZ.exe
  2⤵
  PID:4100
- C:\Windows\System\XbzFrBw.exe
  C:\Windows\System\XbzFrBw.exe
  2⤵
  PID:10872
- C:\Windows\System\rMehPkw.exe
  C:\Windows\System\rMehPkw.exe
  2⤵
  PID:3892
- C:\Windows\System\TdSjqES.exe
  C:\Windows\System\TdSjqES.exe
  2⤵
  PID:10340
- C:\Windows\System\eniMkbz.exe
  C:\Windows\System\eniMkbz.exe
  2⤵
  PID:10820
- C:\Windows\System\hgBXnfE.exe
  C:\Windows\System\hgBXnfE.exe
  2⤵
  PID:10640
- C:\Windows\System\fyXgkmb.exe
  C:\Windows\System\fyXgkmb.exe
  2⤵
  PID:116
- C:\Windows\System\wkhXxjj.exe
  C:\Windows\System\wkhXxjj.exe
  2⤵
  PID:11304
- C:\Windows\System\wVyceWX.exe
  C:\Windows\System\wVyceWX.exe
  2⤵
  PID:11320
- C:\Windows\System\aOSeVaR.exe
  C:\Windows\System\aOSeVaR.exe
  2⤵
  PID:11348
- C:\Windows\System\JmxFQcD.exe
  C:\Windows\System\JmxFQcD.exe
  2⤵
  PID:11376
- C:\Windows\System\kRXcWfg.exe
  C:\Windows\System\kRXcWfg.exe
  2⤵
  PID:11404
- C:\Windows\System\CTsnTiZ.exe
  C:\Windows\System\CTsnTiZ.exe
  2⤵
  PID:11444
- C:\Windows\System\BZcfDFL.exe
  C:\Windows\System\BZcfDFL.exe
  2⤵
  PID:11464
- C:\Windows\System\qJjLoLo.exe
  C:\Windows\System\qJjLoLo.exe
  2⤵
  PID:11496
- C:\Windows\System\fPWyHuD.exe
  C:\Windows\System\fPWyHuD.exe
  2⤵
  PID:11524
- C:\Windows\System\wJQfcxs.exe
  C:\Windows\System\wJQfcxs.exe
  2⤵
  PID:11564
- C:\Windows\System\DMhsxok.exe
  C:\Windows\System\DMhsxok.exe
  2⤵
  PID:11580
- C:\Windows\System\TPCVmeX.exe
  C:\Windows\System\TPCVmeX.exe
  2⤵
  PID:11608
- C:\Windows\System\TfRCWWj.exe
  C:\Windows\System\TfRCWWj.exe
  2⤵
  PID:11636
- C:\Windows\System\JlCKvTX.exe
  C:\Windows\System\JlCKvTX.exe
  2⤵
  PID:11664
- C:\Windows\System\HnRvThp.exe
  C:\Windows\System\HnRvThp.exe
  2⤵
  PID:11692
- C:\Windows\System\yhRExip.exe
  C:\Windows\System\yhRExip.exe
  2⤵
  PID:11720
- C:\Windows\System\dMtLQrK.exe
  C:\Windows\System\dMtLQrK.exe
  2⤵
  PID:11748
- C:\Windows\System\rsFzCqr.exe
  C:\Windows\System\rsFzCqr.exe
  2⤵
  PID:11776
- C:\Windows\System\KmaxKpO.exe
  C:\Windows\System\KmaxKpO.exe
  2⤵
  PID:11804
- C:\Windows\System\KSeXlMl.exe
  C:\Windows\System\KSeXlMl.exe
  2⤵
  PID:11832
- C:\Windows\System\QkmMDkR.exe
  C:\Windows\System\QkmMDkR.exe
  2⤵
  PID:11860
- C:\Windows\System\rKAgqzo.exe
  C:\Windows\System\rKAgqzo.exe
  2⤵
  PID:11888
- C:\Windows\System\Vvhwsbv.exe
  C:\Windows\System\Vvhwsbv.exe
  2⤵
  PID:11916
- C:\Windows\System\yCbuJsq.exe
  C:\Windows\System\yCbuJsq.exe
  2⤵
  PID:11944
- C:\Windows\System\ylHrtzq.exe
  C:\Windows\System\ylHrtzq.exe
  2⤵
  PID:11972
- C:\Windows\System\woliyIw.exe
  C:\Windows\System\woliyIw.exe
  2⤵
  PID:12000
- C:\Windows\System\pHauRpP.exe
  C:\Windows\System\pHauRpP.exe
  2⤵
  PID:12028
- C:\Windows\System\JZLojRp.exe
  C:\Windows\System\JZLojRp.exe
  2⤵
  PID:12060
- C:\Windows\System\ECFLDgg.exe
  C:\Windows\System\ECFLDgg.exe
  2⤵
  PID:12080
- C:\Windows\System\Wfapexa.exe
  C:\Windows\System\Wfapexa.exe
  2⤵
  PID:12124
- C:\Windows\System\zWYWocy.exe
  C:\Windows\System\zWYWocy.exe
  2⤵
  PID:12152
- C:\Windows\System\toHqVau.exe
  C:\Windows\System\toHqVau.exe
  2⤵
  PID:12184
- C:\Windows\System\eRYqVUu.exe
  C:\Windows\System\eRYqVUu.exe
  2⤵
  PID:12212
- C:\Windows\System\tRLhYsr.exe
  C:\Windows\System\tRLhYsr.exe
  2⤵
  PID:12252
- C:\Windows\System\cwGgKyk.exe
  C:\Windows\System\cwGgKyk.exe
  2⤵
  PID:12268
- C:\Windows\System\GaHcSLB.exe
  C:\Windows\System\GaHcSLB.exe
  2⤵
  PID:11284
- C:\Windows\System\fCRjzPb.exe
  C:\Windows\System\fCRjzPb.exe
  2⤵
  PID:11344
- C:\Windows\System\IlIbuhk.exe
  C:\Windows\System\IlIbuhk.exe
  2⤵
  PID:11400
- C:\Windows\System\rrjpByq.exe
  C:\Windows\System\rrjpByq.exe
  2⤵
  PID:11460
- C:\Windows\System\xxPBbuB.exe
  C:\Windows\System\xxPBbuB.exe
  2⤵
  PID:11536
- C:\Windows\System\YkihRhg.exe
  C:\Windows\System\YkihRhg.exe
  2⤵
  PID:11600
- C:\Windows\System\NPrfAqX.exe
  C:\Windows\System\NPrfAqX.exe
  2⤵
  PID:11660
- C:\Windows\System\DMShfRX.exe
  C:\Windows\System\DMShfRX.exe
  2⤵
  PID:11732
- C:\Windows\System\uKOsEDj.exe
  C:\Windows\System\uKOsEDj.exe
  2⤵
  PID:11796
- C:\Windows\System\yWnqsWP.exe
  C:\Windows\System\yWnqsWP.exe
  2⤵
  PID:11852
- C:\Windows\System\CfCRuJn.exe
  C:\Windows\System\CfCRuJn.exe
  2⤵
  PID:11928
- C:\Windows\System\UWfmRdP.exe
  C:\Windows\System\UWfmRdP.exe
  2⤵
  PID:11992
- C:\Windows\System\mbjYnWO.exe
  C:\Windows\System\mbjYnWO.exe
  2⤵
  PID:12048
- C:\Windows\System\JlzOstZ.exe
  C:\Windows\System\JlzOstZ.exe
  2⤵
  PID:12092
- C:\Windows\System\wCnFXXk.exe
  C:\Windows\System\wCnFXXk.exe
  2⤵
  PID:12164
- C:\Windows\System\bTzeUaP.exe
  C:\Windows\System\bTzeUaP.exe
  2⤵
  PID:12196
- C:\Windows\System\PrqwhZC.exe
  C:\Windows\System\PrqwhZC.exe
  2⤵
  PID:12260
- C:\Windows\System\sLaYYJL.exe
  C:\Windows\System\sLaYYJL.exe
  2⤵
  PID:11316
- C:\Windows\System\lfXPUGe.exe
  C:\Windows\System\lfXPUGe.exe
  2⤵
  PID:11452
- C:\Windows\System\HnseFAU.exe
  C:\Windows\System\HnseFAU.exe
  2⤵
  PID:11592
- C:\Windows\System\gFPlmOD.exe
  C:\Windows\System\gFPlmOD.exe
  2⤵
  PID:11716
- C:\Windows\System\adJSoTR.exe
  C:\Windows\System\adJSoTR.exe
  2⤵
  PID:11880
- C:\Windows\System\vXuxmzx.exe
  C:\Windows\System\vXuxmzx.exe
  2⤵
  PID:11964
- C:\Windows\System\gdIuIeQ.exe
  C:\Windows\System\gdIuIeQ.exe
  2⤵
  PID:2100
- C:\Windows\System\DrtcXRj.exe
  C:\Windows\System\DrtcXRj.exe
  2⤵
  PID:12144
- C:\Windows\System\JCINhif.exe
  C:\Windows\System\JCINhif.exe
  2⤵
  PID:2572
- C:\Windows\System\qUMzmrT.exe
  C:\Windows\System\qUMzmrT.exe
  2⤵
  PID:11396
- C:\Windows\System\GACiCIf.exe
  C:\Windows\System\GACiCIf.exe
  2⤵
  PID:11688
- C:\Windows\System\hoKrBPM.exe
  C:\Windows\System\hoKrBPM.exe
  2⤵
  PID:11984
- C:\Windows\System\PNWAgnd.exe
  C:\Windows\System\PNWAgnd.exe
  2⤵
  PID:12180
- C:\Windows\System\cLrgmem.exe
  C:\Windows\System\cLrgmem.exe
  2⤵
  PID:11648
- C:\Windows\System\ZtaujRE.exe
  C:\Windows\System\ZtaujRE.exe
  2⤵
  PID:12140
- C:\Windows\System\ySFxfZA.exe
  C:\Windows\System\ySFxfZA.exe
  2⤵
  PID:3000
- C:\Windows\System\UASDCTm.exe
  C:\Windows\System\UASDCTm.exe
  2⤵
  PID:12304
- C:\Windows\System\DCbKIOi.exe
  C:\Windows\System\DCbKIOi.exe
  2⤵
  PID:12340
- C:\Windows\System\jadgaQK.exe
  C:\Windows\System\jadgaQK.exe
  2⤵
  PID:12376
- C:\Windows\System\FRSIsnx.exe
  C:\Windows\System\FRSIsnx.exe
  2⤵
  PID:12404
- C:\Windows\System\GnwTodX.exe
  C:\Windows\System\GnwTodX.exe
  2⤵
  PID:12432
- C:\Windows\System\eUmdcjA.exe
  C:\Windows\System\eUmdcjA.exe
  2⤵
  PID:12460
- C:\Windows\System\OhbkhrA.exe
  C:\Windows\System\OhbkhrA.exe
  2⤵
  PID:12492
- C:\Windows\System\XpNBlCD.exe
  C:\Windows\System\XpNBlCD.exe
  2⤵
  PID:12520
- C:\Windows\System\LaTOkoX.exe
  C:\Windows\System\LaTOkoX.exe
  2⤵
  PID:12548
- C:\Windows\System\PULcgej.exe
  C:\Windows\System\PULcgej.exe
  2⤵
  PID:12576
- C:\Windows\System\PcqEOqR.exe
  C:\Windows\System\PcqEOqR.exe
  2⤵
  PID:12604
- C:\Windows\System\qkbsoVw.exe
  C:\Windows\System\qkbsoVw.exe
  2⤵
  PID:12644
- C:\Windows\System\QLLaMTS.exe
  C:\Windows\System\QLLaMTS.exe
  2⤵
  PID:12668
- C:\Windows\System\SsePizX.exe
  C:\Windows\System\SsePizX.exe
  2⤵
  PID:12688
- C:\Windows\System\oirisES.exe
  C:\Windows\System\oirisES.exe
  2⤵
  PID:12716
- C:\Windows\System\dONeeeZ.exe
  C:\Windows\System\dONeeeZ.exe
  2⤵
  PID:12744
- C:\Windows\System\hWnYZzC.exe
  C:\Windows\System\hWnYZzC.exe
  2⤵
  PID:12776
- C:\Windows\System\iBTbzCu.exe
  C:\Windows\System\iBTbzCu.exe
  2⤵
  PID:12804
- C:\Windows\System\WrafOEn.exe
  C:\Windows\System\WrafOEn.exe
  2⤵
  PID:12832
- C:\Windows\System\FSzzaRd.exe
  C:\Windows\System\FSzzaRd.exe
  2⤵
  PID:12860
- C:\Windows\System\xWyBTCj.exe
  C:\Windows\System\xWyBTCj.exe
  2⤵
  PID:12888
- C:\Windows\System\ieVETgJ.exe
  C:\Windows\System\ieVETgJ.exe
  2⤵
  PID:12916
- C:\Windows\System\VGpJeot.exe
  C:\Windows\System\VGpJeot.exe
  2⤵
  PID:12944
- C:\Windows\System\NZQGLVz.exe
  C:\Windows\System\NZQGLVz.exe
  2⤵
  PID:12972
- C:\Windows\System\RFADiUK.exe
  C:\Windows\System\RFADiUK.exe
  2⤵
  PID:13000
- C:\Windows\System\zzYYDTT.exe
  C:\Windows\System\zzYYDTT.exe
  2⤵
  PID:13028
- C:\Windows\System\yfmLvPc.exe
  C:\Windows\System\yfmLvPc.exe
  2⤵
  PID:13056
- C:\Windows\System\HmxZcLS.exe
  C:\Windows\System\HmxZcLS.exe
  2⤵
  PID:13084
- C:\Windows\System\RpfmkvU.exe
  C:\Windows\System\RpfmkvU.exe
  2⤵
  PID:13128
- C:\Windows\System\ZKftyAx.exe
  C:\Windows\System\ZKftyAx.exe
  2⤵
  PID:13144
- C:\Windows\System\Ebxtefg.exe
  C:\Windows\System\Ebxtefg.exe
  2⤵
  PID:13172
- C:\Windows\System\wjfdzVT.exe
  C:\Windows\System\wjfdzVT.exe
  2⤵
  PID:13200
- C:\Windows\System\ULKmswM.exe
  C:\Windows\System\ULKmswM.exe
  2⤵
  PID:13228
- C:\Windows\System\UyRFcsI.exe
  C:\Windows\System\UyRFcsI.exe
  2⤵
  PID:13256
- C:\Windows\System\hTzipaB.exe
  C:\Windows\System\hTzipaB.exe
  2⤵
  PID:13284
- C:\Windows\System\ueHDPLb.exe
  C:\Windows\System\ueHDPLb.exe
  2⤵
  PID:11516
- C:\Windows\System\BsEboWV.exe
  C:\Windows\System\BsEboWV.exe
  2⤵
  PID:12348
- C:\Windows\System\OjuOYCB.exe
  C:\Windows\System\OjuOYCB.exe
  2⤵
  PID:12232
- C:\Windows\System\NkAYPrv.exe
  C:\Windows\System\NkAYPrv.exe
  2⤵
  PID:12452
- C:\Windows\System\dHzODuK.exe
  C:\Windows\System\dHzODuK.exe
  2⤵
  PID:12516
- C:\Windows\System\hadnBNt.exe
  C:\Windows\System\hadnBNt.exe
  2⤵
  PID:12588
- C:\Windows\System\lGTEJRw.exe
  C:\Windows\System\lGTEJRw.exe
  2⤵
  PID:12652
- C:\Windows\System\ltJVico.exe
  C:\Windows\System\ltJVico.exe
  2⤵
  PID:12712
- C:\Windows\System\ZRrAXKx.exe
  C:\Windows\System\ZRrAXKx.exe
  2⤵
  PID:12772
- C:\Windows\System\ADsUQgF.exe
  C:\Windows\System\ADsUQgF.exe
  2⤵
  PID:12828
- C:\Windows\System\HtDkRMD.exe
  C:\Windows\System\HtDkRMD.exe
  2⤵
  PID:12872
- C:\Windows\System\qgYsUuk.exe
  C:\Windows\System\qgYsUuk.exe
  2⤵
  PID:12928
- C:\Windows\System\zDFXEcX.exe
  C:\Windows\System\zDFXEcX.exe
  2⤵
  PID:12984
- C:\Windows\System\WhuMisz.exe
  C:\Windows\System\WhuMisz.exe
  2⤵
  PID:13052
- C:\Windows\System\fbwlFIX.exe
  C:\Windows\System\fbwlFIX.exe
  2⤵
  PID:13136
- C:\Windows\System\JytRsZY.exe
  C:\Windows\System\JytRsZY.exe
  2⤵
  PID:13184
- C:\Windows\System\ZhEbCSv.exe
  C:\Windows\System\ZhEbCSv.exe
  2⤵
  PID:13248
- C:\Windows\System\HSExoDz.exe
  C:\Windows\System\HSExoDz.exe
  2⤵
  PID:13308
- C:\Windows\System\niOAmxV.exe
  C:\Windows\System\niOAmxV.exe
  2⤵
  PID:12320
- C:\Windows\System\DKATiYW.exe
  C:\Windows\System\DKATiYW.exe
  2⤵
  PID:12544
- C:\Windows\System\TtkRzMQ.exe
  C:\Windows\System\TtkRzMQ.exe
  2⤵
  PID:1688
- C:\Windows\System\sOwLbwC.exe
  C:\Windows\System\sOwLbwC.exe
  2⤵
  PID:12796
- C:\Windows\System\loxrBGN.exe
  C:\Windows\System\loxrBGN.exe
  2⤵
  PID:12908
- C:\Windows\System\gLddhhP.exe
  C:\Windows\System\gLddhhP.exe
  2⤵
  PID:13048
- C:\Windows\System\wRzJlrA.exe
  C:\Windows\System\wRzJlrA.exe
  2⤵
  PID:3620
- C:\Windows\System\FPiOHhh.exe
  C:\Windows\System\FPiOHhh.exe
  2⤵
  PID:452
- C:\Windows\System\wDSMtmU.exe
  C:\Windows\System\wDSMtmU.exe
  2⤵
  PID:1548
- C:\Windows\System\eJZcVft.exe
  C:\Windows\System\eJZcVft.exe
  2⤵
  PID:1672
- C:\Windows\System\OrdSaEW.exe
  C:\Windows\System\OrdSaEW.exe
  2⤵
  PID:12628
- C:\Windows\System\lsGCRQf.exe
  C:\Windows\System\lsGCRQf.exe
  2⤵
  PID:12856
- C:\Windows\System\CMyOSwS.exe
  C:\Windows\System\CMyOSwS.exe
  2⤵
  PID:13020
- C:\Windows\System\RGkkrzx.exe
  C:\Windows\System\RGkkrzx.exe
  2⤵
  PID:4676
- C:\Windows\System\soSwTWV.exe
  C:\Windows\System\soSwTWV.exe
  2⤵
  PID:12484
- C:\Windows\System\NLBRODp.exe
  C:\Windows\System\NLBRODp.exe
  2⤵
  PID:12620
- C:\Windows\System\dhCOUyL.exe
  C:\Windows\System\dhCOUyL.exe
  2⤵
  PID:1732
- C:\Windows\System\QfzSiAe.exe
  C:\Windows\System\QfzSiAe.exe
  2⤵
  PID:12996
- C:\Windows\System\RgcaoYM.exe
  C:\Windows\System\RgcaoYM.exe
  2⤵
  PID:4632
- C:\Windows\System\cDRBAmf.exe
  C:\Windows\System\cDRBAmf.exe
  2⤵
  PID:4928
- C:\Windows\System\bInrxyc.exe
  C:\Windows\System\bInrxyc.exe
  2⤵
  PID:4136
- C:\Windows\System\jIkpGDI.exe
  C:\Windows\System\jIkpGDI.exe
  2⤵
  PID:4852
- C:\Windows\System\BGyraJI.exe
  C:\Windows\System\BGyraJI.exe
  2⤵
  PID:4032
- C:\Windows\System\fXOXgZJ.exe
  C:\Windows\System\fXOXgZJ.exe
  2⤵
  PID:1016
- C:\Windows\System\teuuMAy.exe
  C:\Windows\System\teuuMAy.exe
  2⤵
  PID:3636
- C:\Windows\System\xLTMOlc.exe
  C:\Windows\System\xLTMOlc.exe
  2⤵
  PID:13332
- C:\Windows\System\WKnLzrn.exe
  C:\Windows\System\WKnLzrn.exe
  2⤵
  PID:13360
- C:\Windows\System\zrmDdWy.exe
  C:\Windows\System\zrmDdWy.exe
  2⤵
  PID:13388
- C:\Windows\System\gPGMoPN.exe
  C:\Windows\System\gPGMoPN.exe
  2⤵
  PID:13416
- C:\Windows\System\YNpWDwb.exe
  C:\Windows\System\YNpWDwb.exe
  2⤵
  PID:13444
- C:\Windows\System\RXNiqzb.exe
  C:\Windows\System\RXNiqzb.exe
  2⤵
  PID:13472
- C:\Windows\System\rThlVzS.exe
  C:\Windows\System\rThlVzS.exe
  2⤵
  PID:13500
- C:\Windows\System\BneRLhn.exe
  C:\Windows\System\BneRLhn.exe
  2⤵
  PID:13528
- C:\Windows\System\HCvEQqS.exe
  C:\Windows\System\HCvEQqS.exe
  2⤵
  PID:13556
- C:\Windows\System\YqFNQzP.exe
  C:\Windows\System\YqFNQzP.exe
  2⤵
  PID:13584
- C:\Windows\System\eJQhTYs.exe
  C:\Windows\System\eJQhTYs.exe
  2⤵
  PID:13612
- C:\Windows\System\DzVgFze.exe
  C:\Windows\System\DzVgFze.exe
  2⤵
  PID:13632
- C:\Windows\System\WnOzYlF.exe
  C:\Windows\System\WnOzYlF.exe
  2⤵
  PID:13672
- C:\Windows\System\OREHtkm.exe
  C:\Windows\System\OREHtkm.exe
  2⤵
  PID:13700
- C:\Windows\System\KAlGEYW.exe
  C:\Windows\System\KAlGEYW.exe
  2⤵
  PID:13728
- C:\Windows\System\FJAFuIT.exe
  C:\Windows\System\FJAFuIT.exe
  2⤵
  PID:13756
- C:\Windows\System\zipTuSG.exe
  C:\Windows\System\zipTuSG.exe
  2⤵
  PID:13784
- C:\Windows\System\igvHBha.exe
  C:\Windows\System\igvHBha.exe
  2⤵
  PID:13812
- C:\Windows\System\tueckct.exe
  C:\Windows\System\tueckct.exe
  2⤵
  PID:13840
- C:\Windows\System\ualXSmn.exe
  C:\Windows\System\ualXSmn.exe
  2⤵
  PID:13868
- C:\Windows\System\gCchIhw.exe
  C:\Windows\System\gCchIhw.exe
  2⤵
  PID:13896
- C:\Windows\System\rtQthNR.exe
  C:\Windows\System\rtQthNR.exe
  2⤵
  PID:13928
- C:\Windows\System\lUhmBIX.exe
  C:\Windows\System\lUhmBIX.exe
  2⤵
  PID:13956
- C:\Windows\System\DpWVbSa.exe
  C:\Windows\System\DpWVbSa.exe
  2⤵
  PID:13984
- C:\Windows\System\THjowso.exe
  C:\Windows\System\THjowso.exe
  2⤵
  PID:14012
- C:\Windows\System\WQnZvze.exe
  C:\Windows\System\WQnZvze.exe
  2⤵
  PID:14040
- C:\Windows\System\UcJsZNX.exe
  C:\Windows\System\UcJsZNX.exe
  2⤵
  PID:14068
- C:\Windows\System\nxbrxSm.exe
  C:\Windows\System\nxbrxSm.exe
  2⤵
  PID:14096
- C:\Windows\System\vJYTabx.exe
  C:\Windows\System\vJYTabx.exe
  2⤵
  PID:14124
- C:\Windows\System\RtlemKQ.exe
  C:\Windows\System\RtlemKQ.exe
  2⤵
  PID:14152
- C:\Windows\System\aMEfpqW.exe
  C:\Windows\System\aMEfpqW.exe
  2⤵
  PID:14180
- C:\Windows\System\rbtjsxa.exe
  C:\Windows\System\rbtjsxa.exe
  2⤵
  PID:14208
- C:\Windows\System\BUcnhdn.exe
  C:\Windows\System\BUcnhdn.exe
  2⤵
  PID:14236
- C:\Windows\System\mbgMYBO.exe
  C:\Windows\System\mbgMYBO.exe
  2⤵
  PID:14264
- C:\Windows\System\tVLqYrC.exe
  C:\Windows\System\tVLqYrC.exe
  2⤵
  PID:14292
- C:\Windows\System\tgdUHcp.exe
  C:\Windows\System\tgdUHcp.exe
  2⤵
  PID:14320
- C:\Windows\System\HTqrKNs.exe
  C:\Windows\System\HTqrKNs.exe
  2⤵
  PID:12512
- C:\Windows\System\XYaottH.exe
  C:\Windows\System\XYaottH.exe
  2⤵
  PID:13380
- C:\Windows\System\OjitJpu.exe
  C:\Windows\System\OjitJpu.exe
  2⤵
  PID:13464
- C:\Windows\System\wkAWWrw.exe
  C:\Windows\System\wkAWWrw.exe
  2⤵
  PID:3388
- C:\Windows\System\FIhNUVt.exe
  C:\Windows\System\FIhNUVt.exe
  2⤵
  PID:3608
- C:\Windows\System\lwCnIer.exe
  C:\Windows\System\lwCnIer.exe
  2⤵
  PID:13576
- C:\Windows\System\LnJLTuO.exe
  C:\Windows\System\LnJLTuO.exe
  2⤵
  PID:13604
- C:\Windows\System\GkXgZHZ.exe
  C:\Windows\System\GkXgZHZ.exe
  2⤵
  PID:3300
- C:\Windows\System\OjKydFF.exe
  C:\Windows\System\OjKydFF.exe
  2⤵
  PID:2520
- C:\Windows\System\TLNusUQ.exe
  C:\Windows\System\TLNusUQ.exe
  2⤵
  PID:13712
- C:\Windows\System\NJDqLZj.exe
  C:\Windows\System\NJDqLZj.exe
  2⤵
  PID:13752
- C:\Windows\System\dpibeGe.exe
  C:\Windows\System\dpibeGe.exe
  2⤵
  PID:3360
- C:\Windows\System\iMkKXvz.exe
  C:\Windows\System\iMkKXvz.exe
  2⤵
  PID:4352
- C:\Windows\System\MsgoSQv.exe
  C:\Windows\System\MsgoSQv.exe
  2⤵
  PID:13880
- C:\Windows\System\jeMfWAr.exe
  C:\Windows\System\jeMfWAr.exe
  2⤵
  PID:13924
- C:\Windows\System\APcQtJL.exe
  C:\Windows\System\APcQtJL.exe
  2⤵
  PID:4428
- C:\Windows\System\hIYkrfj.exe
  C:\Windows\System\hIYkrfj.exe
  2⤵
  PID:14004
- C:\Windows\System\MEgPFmQ.exe
  C:\Windows\System\MEgPFmQ.exe
  2⤵
  PID:14052
- C:\Windows\System\uLntZWY.exe
  C:\Windows\System\uLntZWY.exe
  2⤵
  PID:14092
- C:\Windows\System\QMXKKgC.exe
  C:\Windows\System\QMXKKgC.exe
  2⤵
  PID:14136
- C:\Windows\System\tRLoPny.exe
  C:\Windows\System\tRLoPny.exe
  2⤵
  PID:14172
- C:\Windows\System\tbqUEvv.exe
  C:\Windows\System\tbqUEvv.exe
  2⤵
  PID:5296
- C:\Windows\System\RSubrEG.exe
  C:\Windows\System\RSubrEG.exe
  2⤵
  PID:14256
- C:\Windows\System\mnnMLJv.exe
  C:\Windows\System\mnnMLJv.exe
  2⤵
  PID:5392
- C:\Windows\System\HygUeYv.exe
  C:\Windows\System\HygUeYv.exe
  2⤵
  PID:13324
- C:\Windows\System\ihDBiFj.exe
  C:\Windows\System\ihDBiFj.exe
  2⤵
  PID:13408
- C:\Windows\System\ojokJqt.exe
  C:\Windows\System\ojokJqt.exe
  2⤵
  PID:13436
- C:\Windows\System\lHebRJd.exe
  C:\Windows\System\lHebRJd.exe
  2⤵
  PID:13512
- C:\Windows\System\NHDodsw.exe
  C:\Windows\System\NHDodsw.exe
  2⤵
  PID:5024
- C:\Windows\System\CuaElBL.exe
  C:\Windows\System\CuaElBL.exe
  2⤵
  PID:5680
- C:\Windows\System\qCqtnSR.exe
  C:\Windows\System\qCqtnSR.exe
  2⤵
  PID:3748
- C:\Windows\System\NaQlmiH.exe
  C:\Windows\System\NaQlmiH.exe
  2⤵
  PID:13748
- C:\Windows\System\OtlErJj.exe
  C:\Windows\System\OtlErJj.exe
  2⤵
  PID:13628
- C:\Windows\System\NTApAYU.exe
  C:\Windows\System\NTApAYU.exe
  2⤵
  PID:13892
- C:\Windows\System\oIrGIar.exe
  C:\Windows\System\oIrGIar.exe
  2⤵
  PID:13940
- C:\Windows\System\kJpJGZM.exe
  C:\Windows\System\kJpJGZM.exe
  2⤵
  PID:13996
- C:\Windows\System\luBlraw.exe
  C:\Windows\System\luBlraw.exe
  2⤵
  PID:14080
- C:\Windows\System\prppxPQ.exe
  C:\Windows\System\prppxPQ.exe
  2⤵
  PID:3736
- C:\Windows\System\LASbzEZ.exe
  C:\Windows\System\LASbzEZ.exe
  2⤵
  PID:5232
- C:\Windows\System\GwOinZm.exe
  C:\Windows\System\GwOinZm.exe
  2⤵
  PID:5324
- C:\Windows\System\rgsewAN.exe
  C:\Windows\System\rgsewAN.exe
  2⤵
  PID:14316
- C:\Windows\System\mnNwxJa.exe
  C:\Windows\System\mnNwxJa.exe
  2⤵
  PID:2080
- C:\Windows\System\agXcILH.exe
  C:\Windows\System\agXcILH.exe
  2⤵
  PID:5368
- C:\Windows\System\aagDpIB.exe
  C:\Windows\System\aagDpIB.exe
  2⤵
  PID:5452
- C:\Windows\System\sKPWryJ.exe
  C:\Windows\System\sKPWryJ.exe
  2⤵
  PID:3164
- C:\Windows\System\JdqhPSj.exe
  C:\Windows\System\JdqhPSj.exe
  2⤵
  PID:5732
- C:\Windows\System\TsKlCwR.exe
  C:\Windows\System\TsKlCwR.exe
  2⤵
  PID:3236
- C:\Windows\System\EniTlhm.exe
  C:\Windows\System\EniTlhm.exe
  2⤵
  PID:5852
- C:\Windows\System\DrjsRRu.exe
  C:\Windows\System\DrjsRRu.exe
  2⤵
  PID:5936
- C:\Windows\System\GXmhWSD.exe
  C:\Windows\System\GXmhWSD.exe
  2⤵
  PID:6056
- C:\Windows\System\wUSqWBD.exe
  C:\Windows\System\wUSqWBD.exe
  2⤵
  PID:6140
- C:\Windows\System\QFIHAXH.exe
  C:\Windows\System\QFIHAXH.exe
  2⤵
  PID:5268
- C:\Windows\System\fHVqeSK.exe
  C:\Windows\System\fHVqeSK.exe
  2⤵
  PID:5496
- C:\Windows\System\KhLWISM.exe
  C:\Windows\System\KhLWISM.exe
  2⤵
  PID:2148
- C:\Windows\System\gUKHbmM.exe
  C:\Windows\System\gUKHbmM.exe
  2⤵
  PID:5684
- C:\Windows\System\XJTIBiV.exe
  C:\Windows\System\XJTIBiV.exe
  2⤵
  PID:3488
- C:\Windows\System\OUhsVWh.exe
  C:\Windows\System\OUhsVWh.exe
  2⤵
  PID:5712
- C:\Windows\System\qohYDiX.exe
  C:\Windows\System\qohYDiX.exe
  2⤵
  PID:5212
- C:\Windows\System\uRyRbFb.exe
  C:\Windows\System\uRyRbFb.exe
  2⤵
  PID:3384
- C:\Windows\System\FbMGaZz.exe
  C:\Windows\System\FbMGaZz.exe
  2⤵
  PID:4812
- C:\Windows\System\LrjiOkl.exe
  C:\Windows\System\LrjiOkl.exe
  2⤵
  PID:5360
- C:\Windows\System\eBMaeiK.exe
  C:\Windows\System\eBMaeiK.exe
  2⤵
  PID:5288
- C:\Windows\System\txcfteg.exe
  C:\Windows\System\txcfteg.exe
  2⤵
  PID:6156
- C:\Windows\System\RuYvwxo.exe
  C:\Windows\System\RuYvwxo.exe
  2⤵
  PID:1584
- C:\Windows\System\OxRLpOK.exe
  C:\Windows\System\OxRLpOK.exe
  2⤵
  PID:13980
- C:\Windows\System\kdFcHnl.exe
  C:\Windows\System\kdFcHnl.exe
  2⤵
  PID:5816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ANXdFTI.exe

Filesize
6.0MB

MD5
2a316ccf30483984b267766b7a005070

SHA1
5b5ba43f4045acff929053e7b97964c48f2e097c

SHA256
5ef6282086de1781ff871cdfcd8cc62d920f776b321da4d93ca1e24b7e9652e2

SHA512
92a84112eb76b87903b44d8e6233e15b5e63b3dd77a326f121930e34d7f3588ed0a508e42fef98cb7464ea91e43e788c3f084f594def7b04548d8d51da839ce9

Download Submit
C:\Windows\System\ANkQaKR.exe

Filesize
6.0MB

MD5
93e2b4ff187e92aeb6baea644869bc41

SHA1
89ad1a0c4f48379eef4f4b56de7c57f3cd88e480

SHA256
0ec04356b8c39a9a6d7ffa67e1fb9b393d18cf217d10797ba9c0fce66b537992

SHA512
7d429cd415c3280982b8871e1035a8670a55ace2d60305a83afd55e243d62cbb90d0c1e3cd260b7fc05450749ef24789cff81cdc53bd97c495616d48dfdd3dad

Download Submit
C:\Windows\System\AsfJtro.exe

Filesize
6.0MB

MD5
5a07e85830a73e6511e2c47e9c0c52d8

SHA1
98e6e7c2d34d4bf77028f45872cc359f2816f34d

SHA256
0a38962049db6a2ccd08cf82cba74a95e694ce5638fa66f0fd1fd138ccd86ef3

SHA512
08d9e7ab44f9059a1754921e81705e12982e9f1b206259400a60c6cb100d5fba25289fa6a2913dc8f64eaed4ed308f3a6aeb6d1b9350fb2a1dbd31dccd96fcc1

Download Submit
C:\Windows\System\CRXXvvu.exe

Filesize
6.0MB

MD5
ed6032daa7d8f2fc14fc3a1b9a1b6cd2

SHA1
ede1558a864fa29f318529f9806d8a3ac4f60fd8

SHA256
09db8349dd814010d11744944a3848ebca5fdddb3ebdebf29f16e29a5fe5ca64

SHA512
3d12d08e7b79c1e8fe2267e312e06ab115d92840451a5e328d182162f97b6ad84e4e4ceebbd1bc64bc4b7335bc05d185482b237f9f8f959251d33daa21a0d6be

Download Submit
C:\Windows\System\GIoAXeQ.exe

Filesize
6.0MB

MD5
5c04f9a4605efa41aefb5a98ddd49639

SHA1
8f94bbb0e588e0d0a1d4416aec06f8e8e3bf596b

SHA256
841c227bec290319ad308515738710e41e6f2278e624c2b17e14f1bf9ebead65

SHA512
f3ab2e4cd5347c599c312b463ad236b5f36c1eeb7d954aba7f2fd8de214d2eb1c566309e0eecad299e3fb0b5e2240bd4ba24e0821447aeab6a20aed077dc5738

Download Submit
C:\Windows\System\GMauYic.exe

Filesize
6.0MB

MD5
f2b3037fee7c573226ff79cdda1f1a4d

SHA1
9afdc6d7c1f92bef04fa535acab71d28086451a1

SHA256
de2f2858010cf4ade68a337a4f00da01f18a3d63cd5ad1be201476cfbe95c71c

SHA512
b30f304a7e482709ec5b70f555d1d7d3ac5ac72228928321dd747a113bf401cfc2aaf14782349a97958614d68e85f7905e2986232b1274c6bf04c274bf819dc2

Download Submit
C:\Windows\System\ImfLKhx.exe

Filesize
6.0MB

MD5
97ecdc3679975ba28dae058d23aefe20

SHA1
7b19c4b43c60e81e70ae9044bdacb0192ed4d63b

SHA256
aedd6e18f40d5c3e19bd525e14b22e1b3551b6f562a5a5dd1ec0ed3130c2d4ba

SHA512
ce202d3d74ba6b4cd461f3a56caffceaba917ac6a7b7faec95d8ded2fceac34ba8de25256b7dccf9a1064206d15f0b32749c0f62247bfb9360dec25dd62af6dd

Download Submit
C:\Windows\System\KUNMRUw.exe

Filesize
6.0MB

MD5
bfb98be8f18d2226b51500114bc8d947

SHA1
fdbfdbe6d2d79f4fc843f7ae44247b293a4754a7

SHA256
373d305b71935276dce52c7b9506efaec937648b9761e0174ada79cd2e3e9528

SHA512
110ad9c9eba6451dfcfc1fa6f24d799d3d5188bf9e526d3f71e4c877c96b51890d0ef230be69ca0f55baa1dd53251fb32666eb53674189e9e39474d6418cebd2

Download Submit
C:\Windows\System\KVKYUrx.exe

Filesize
6.0MB

MD5
a96e9717f9883319c75dc48102aab80e

SHA1
7c999732ddd000b43e42d68bb33d581cba85ae9c

SHA256
b4c7162aebe68492b44fcaddaa03feddb52d2fc32cc36f87a36f429b1c2627df

SHA512
2100332c20642769c0bfe7b9ff7ebd1e5b7900fc6d9936dd14e58d2102f4ebbadff10ea527857822c0a68a8c4a01029bf6310c610bf15bef23721943a1ee9d87

Download Submit
C:\Windows\System\PeWtXxL.exe

Filesize
6.0MB

MD5
dec71345c8f56b3b8d2ca93b304a411a

SHA1
eca727be0295d30afb33b85479cd26179263e521

SHA256
38781a41b6eb8528a739e4aa12a206260ff69d02137a6d173cb7c6606263df9c

SHA512
2b2fadddb2a65ace130daa760a597cd346dd3c630af710741bad0b9ed47eda77249bf42e4831e1b354eda03c65180e2d67246bd6388b2444f839b0928e74835d

Download Submit
C:\Windows\System\QgpmBGL.exe

Filesize
6.0MB

MD5
fe19824744ace4bcfa7f1ca0fe86c0a7

SHA1
e6a440cd1fbb5242f6bc4e247d11164586c64d25

SHA256
5bcc2560bf3ae3857b081039cb437de35a94a77dee57418f6bd47e6c105abaab

SHA512
5e083c8e909318c61aa9129a50dfa1547856de9de3475f597d1953fa56e350b0614d4386153eaf082790019649574f9bbc978ae7d89e743813615e1627ab02ae

Download Submit
C:\Windows\System\SeaoqVf.exe

Filesize
6.0MB

MD5
a45585774c095b200dfa917f64402080

SHA1
8c286ac7de3c61b334612617646361a8ee963df6

SHA256
e136afdf263c0e3fb0425e756e92f51e355bcbb334fbc5e2b4a36a301ab4820b

SHA512
efb4c2caaca2a99c144700fba1b9dca25a5d66a52c041204cc52333b235eec39a3e987761d1656adf84a88ae301626256cb6d6d011987de5e33ea1c810f6d275

Download Submit
C:\Windows\System\SvFxopb.exe

Filesize
6.0MB

MD5
dd69b233ef0a82cd9b302e33a7a03678

SHA1
32d3948f85d2b2e9f1b39035fc3c26c3211a3d7a

SHA256
fa1d5265cae8484d9b8a30658150540c9224c7800845a412c308577d293c675e

SHA512
b12bf332f3969309da0a8459854ce83b4b75dc3095926fdb7ad8a660723909ddb3f167899a874811d70f9cb9d5355fb12833d834169af58dc366b6bb5115b189

Download Submit
C:\Windows\System\WeDoQTP.exe

Filesize
6.0MB

MD5
de6cb94500172612552c2da466c707b4

SHA1
7cc40d78370241cbb8f89306840db4c750471523

SHA256
afa3be979bf091e39b3c335ff8a1a25f4ac92c9c940e4e5e509dfd68167bc845

SHA512
a9385d4450f3cb3ae44fbe405cda3d626ce37e28be474db0507a3e2c0980a5a2516f23fe044cdcea0ee296e3f79e187b1192ccedfab1dfdd0c57cd68744b8d99

Download Submit
C:\Windows\System\WoGJBLw.exe

Filesize
6.0MB

MD5
79b055e87bb7a8528aa8882fd236a867

SHA1
6555a6b0c9b9c6772319e6c592b1e17069a49a12

SHA256
74d5e597d36097dbe47e2b916ef8e8cb60b1a137dc2620bd2d2bca85f834b593

SHA512
6423211cd14ca1e627a3a24702d688c2e6265ed5e6a79e30787d4ea97bb6baea5df39138157f32d417dcfe1edec0e91585fe2c3cf6c482e90490fed9bf1df27c

Download Submit
C:\Windows\System\WwHsQPz.exe

Filesize
6.0MB

MD5
6f02b9d1c241e66e7be6db82b6845d2b

SHA1
4d813cd864fab9a21ec3dccceac7fe4fe2087c71

SHA256
4de868b14d63916e8e57e71ea719f933edbe9124f6665e4a91b14ed7bf9c176b

SHA512
eed44d85a8bf2200ce4717f3bc03322e1267990564c836255d2528f817f52c37b6ed966ed18f1346011738ad27083c56c1aff4850c1acd9cd2c6c2f8bd845b84

Download Submit
C:\Windows\System\WzjlMYZ.exe

Filesize
6.0MB

MD5
8bb22f5ad5824b4e75fac24951cf0773

SHA1
965d62b61b3199d4ad3a5d015a9e6ab1112b8aa1

SHA256
c05e57d0e2bcf937601964f27e189aeabaac4e0f5bc363f174eb4317beff4e72

SHA512
04011fefb295ca573fdb74120c3090a3d48f438e58782ec9de8599e6764f22c433fb81803dc5fa747d708e1b9cbab5d5000be511d179f3560af9ca65ef908e39

Download Submit
C:\Windows\System\ZSVKmMX.exe

Filesize
6.0MB

MD5
3624fce4100f563a7a2338fd9dc6f0e6

SHA1
7fcbac96327c23a9b2c37afdc3303d49d8867c26

SHA256
0b3549f53dc8ceb632413770db311259a879c773114da55d0dd6785370190d00

SHA512
16ff4cff94d1858ffcdc7875f2db93efa0c86fcd9d5ec5e34a0b4ac7d63c3cfa9c10796693492e0cb48ded784cdc3c30855bfb1f44cdaa738cea4c5baf5e530c

Download Submit
C:\Windows\System\ZxxiNne.exe

Filesize
6.0MB

MD5
53771b66332618fc11363b06c61bca11

SHA1
1110ad3e668762c8d13dfe7bafec084b335210b6

SHA256
e72e6de49e66c427e94a04c8ca080027467b655ef5bfc04a24d4f9e5ecce105c

SHA512
4dab04521244f21f8cbad9aea4aa60677f957eec9a87aea43f18c2953a58407e9a8ed9c373790acba3293b501cbda22c14d1f5382f7ed78c14f26e9c9cbb9578

Download Submit
C:\Windows\System\djDFXhA.exe

Filesize
6.0MB

MD5
ddfd5d5c86028de3938d29c3f955cbb9

SHA1
4d4c6fda541a0c8e1684b4b48885d00c55a04dce

SHA256
3e1b47d402ed3fbff5ffd077b073857819b092e10a9f22aa3d9d3ef51f153cf5

SHA512
e677c915885fbd230a68f9dbbf2053d655db028b649bf0541a18c0f3988106da2a8353707d3454579b8da7232775362fb9233d7165e9226a1c96d8eeb66289ab

Download Submit
C:\Windows\System\dopUCvc.exe

Filesize
6.0MB

MD5
47570413b30792b2c6d66976ad715442

SHA1
051c5c84bcd97aa59cd977eb16c943abdc2a6eef

SHA256
ee399b37e86dafc1d12fb8cccdba24d4ce63e7f4e6167e923ef945fb0e1892ea

SHA512
982c16397cc30b2766b384d0db88a59df579d6397153ce0d3f8c485e38142b5889c6b307df579a81316c68a96c8cc00f2a06eaa74fdf0dcd6e4515eb05df3764

Download Submit
C:\Windows\System\eVtHeZj.exe

Filesize
6.0MB

MD5
279c33487b167d48324a13bbe5812ee1

SHA1
f3d183bd03f2887ddc46869adffd4cb0705d763b

SHA256
afdda3fe1a135f77a63ff74c08a4d964a1b316ca9fe0a51b13d8fc09e7e1c6fc

SHA512
4a49aa9cd4c39f4bbdeaabedb9bcbffd0894b9741cfa2555666bc4e5a40a56e3cd882c0d733123b6f72dc43a53424a975341b04cd9729a4046c7894c1d90d2c5

Download Submit
C:\Windows\System\fqkiofI.exe

Filesize
6.0MB

MD5
3516b6e245c2cae3b153cc7a14a04bc0

SHA1
9fa9aa1b67d5639a6b0040d47ab371d275566d09

SHA256
63ad221ca5601ce0c9968f6beb036536a56b240638de456820358da25b154cad

SHA512
dc2c8bf6516e04e69790e0c1b362f25de531acfcf56904d2e2ea0d612e157ffa1d9c2997a4b9e37b688a381ee3840a7ad258f1272509c8273bfac083f1beefc8

Download Submit
C:\Windows\System\jBGPsez.exe

Filesize
6.0MB

MD5
cd46795941001064dacc25c23ae3ec4d

SHA1
78a516b8a382481394aba419ea503a0ab31ca832

SHA256
33061b8a46b422a95ae590ee6ed11884a60ad76fa0dd1351201c93d73a83a047

SHA512
6e6e90c8e62eb787adeb206125afef6e0bd0eeb7b09a014aa4c0a202d88372841bad2fe5e30f93551813884e3ed16948c4bf59e84576f76245ab3fe1cb5aaba0

Download Submit
C:\Windows\System\kLVPrAB.exe

Filesize
6.0MB

MD5
e1571fa46b5fddcf83609e12025a37fb

SHA1
bdd9911bb5e7f51ba8c4f593e544b5bf2a2c74a4

SHA256
c19e71596cc5a67f3b1575c00816b6110e94bc71565c04a27ccd67ebbef2b27b

SHA512
2a034e9eb0032e96cf4511c878db9b1d6125ca648b95e368e03eda8c35c52c58e0961fd6990e2f346a2b8eec1b3966d5e50bc4d1271f72a46567f214b8a143c1

Download Submit
C:\Windows\System\oKvBUnQ.exe

Filesize
6.0MB

MD5
486d92043426d9b8ca363870bfef33d3

SHA1
8247754cf0d9aa7b606c354e2af10c4b7d74b4ba

SHA256
3eeccef41038ad68469f1b0c611025ca5556d08895ad347cf3d62db2078e4c4b

SHA512
32cb72db74d158776b470b124343bfeb9e33dbc039a8c7599b8bd56a1744f252d291ad40fa3543120639e4093b35c74fb85536aa131b71c64fb3d42255d50ee7

Download Submit
C:\Windows\System\ooppBfa.exe

Filesize
6.0MB

MD5
2f306b3bc84820b7b02936ae1c9d0f34

SHA1
0d44068d8c1e10628b36197546540c118a016e16

SHA256
946e3e174acfff1ca1f098beea37769027908d41cd39c3e5537f0f65baf628f4

SHA512
7dd122c9063b950be3d8233004a7da8f1ba00cdb236daf2a88a545073c233b5273f4ce0ca99210f11739ee5ef92a10dd2b4f6b721ff237cc3e64bdcfc043bd3f

Download Submit
C:\Windows\System\oxuqupj.exe

Filesize
6.0MB

MD5
25026a7188b7e8ea488ddf7c88b7508d

SHA1
96bfa322e796d50eb941ea23b7216ccf575ad827

SHA256
5c3dfc52fa0a73ef8179de27b445b6e1b8e07c92a18576ea848f5c6a49e8a3ec

SHA512
9db5a875048acd0f8a5a741ae35bc183dfd8d5c2c103dfe60a05eb053bcac3dcdd5106ea9576dc53dcb146bd1dbbf8730deab07c010b7c85580b5a6fe0cc056c

Download Submit
C:\Windows\System\sNQeEDe.exe

Filesize
6.0MB

MD5
3d5a8e3efb9fa18df06f2c97296b3f38

SHA1
ad3dd6c3311b12280152f0e683fc2e78e6ed7a0a

SHA256
81f46f3d23bf46bc196adc0c1458b74b7eee991113d515b1fa5a11d0d5708aff

SHA512
c7bcde6824696b8990267e298725e071191b84681d9d165ead34a5ccfa12fb1630436d195ccd6fdee9a75fb8e228babd3c383614a9e7884a446b3965d9e66bd1

Download Submit
C:\Windows\System\spMsgQN.exe

Filesize
6.0MB

MD5
d4c5dafdace69f9d7b3e05983e5670eb

SHA1
a5523325a4145809de1b6b8600087da018015403

SHA256
f2166cc46938176ca210427c53e8ae83ba3427d18a41bca1908b7fb3755068ba

SHA512
1afa6dd9896cad76c9d27e5e5aca3f482e90881aac62f1bb44944331b69cbf8884e3186fef74a067135092f3bef9b3a837bb534889eb7ed45b1321265b26deaf

Download Submit
C:\Windows\System\uhFLioQ.exe

Filesize
6.0MB

MD5
6441cee10dda5ed5952fd06b85773fa7

SHA1
d83b5f550cc497a811360ca9c62a7527fb3b5119

SHA256
4d1f1168cf3e194b25305bcba75c28f726f4054af4f5878c31dc14cde23ded93

SHA512
5621bf564bb9e9e7da80d4a7787773484bdcce616b3b7de4df1b7c75f53bfb353246d63e0f245cacc2aee6ca2dc1d7900289e9bfa156df7e0412c598abd4d02e

Download Submit
C:\Windows\System\wcBbxrD.exe

Filesize
6.0MB

MD5
57f9dd53bfc827aa6dcfadc8bf19d376

SHA1
b89c7d408da4d0e4a521cd23b33a1f1fe9f479ad

SHA256
eb162e091d0717b3448d284a9290792b6d5ae95020d0ce8f91dedf8178daee66

SHA512
d08f510deab3ca7e19a0baf254b0ba9c7da94921068a0df2f3e96c43cb2c4556f37860c605b3ebb3c50740a69204a75d7bddea2519d00d17f0cccdde3a920227

Download Submit
memory/264-162-0x00007FF7D02B0000-0x00007FF7D0604000-memory.dmp

Filesize
3.3MB

Download
memory/264-1971-0x00007FF7D02B0000-0x00007FF7D0604000-memory.dmp

Filesize
3.3MB

Download
memory/264-114-0x00007FF7D02B0000-0x00007FF7D0604000-memory.dmp

Filesize
3.3MB

Download
memory/436-176-0x00007FF726B60000-0x00007FF726EB4000-memory.dmp

Filesize
3.3MB

Download
memory/436-513-0x00007FF726B60000-0x00007FF726EB4000-memory.dmp

Filesize
3.3MB

Download
memory/436-2310-0x00007FF726B60000-0x00007FF726EB4000-memory.dmp

Filesize
3.3MB

Download
memory/512-97-0x00007FF7D84D0000-0x00007FF7D8824000-memory.dmp

Filesize
3.3MB

Download
memory/512-1918-0x00007FF7D84D0000-0x00007FF7D8824000-memory.dmp

Filesize
3.3MB

Download
memory/528-1957-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp

Filesize
3.3MB

Download
memory/528-160-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp

Filesize
3.3MB

Download
memory/528-108-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-60-0x00007FF6E4FB0000-0x00007FF6E5304000-memory.dmp

Filesize
3.3MB

Download
memory/1168-1-0x000002C73FE70000-0x000002C73FE80000-memory.dmp

Filesize
64KB

Download
memory/1168-0-0x00007FF6E4FB0000-0x00007FF6E5304000-memory.dmp

Filesize
3.3MB

Download
memory/1224-2256-0x00007FF785630000-0x00007FF785984000-memory.dmp

Filesize
3.3MB

Download
memory/1224-405-0x00007FF785630000-0x00007FF785984000-memory.dmp

Filesize
3.3MB

Download
memory/1224-163-0x00007FF785630000-0x00007FF785984000-memory.dmp

Filesize
3.3MB

Download
memory/1412-129-0x00007FF75C620000-0x00007FF75C974000-memory.dmp

Filesize
3.3MB

Download
memory/1412-182-0x00007FF75C620000-0x00007FF75C974000-memory.dmp

Filesize
3.3MB

Download
memory/1412-2042-0x00007FF75C620000-0x00007FF75C974000-memory.dmp

Filesize
3.3MB

Download
memory/1456-2178-0x00007FF727300000-0x00007FF727654000-memory.dmp

Filesize
3.3MB

Download
memory/1456-151-0x00007FF727300000-0x00007FF727654000-memory.dmp

Filesize
3.3MB

Download
memory/1652-172-0x00007FF690BE0000-0x00007FF690F34000-memory.dmp

Filesize
3.3MB

Download
memory/1652-456-0x00007FF690BE0000-0x00007FF690F34000-memory.dmp

Filesize
3.3MB

Download
memory/2120-515-0x00007FF7BEBA0000-0x00007FF7BEEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-188-0x00007FF7BEBA0000-0x00007FF7BEEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-142-0x00007FF6A25D0000-0x00007FF6A2924000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2139-0x00007FF6A25D0000-0x00007FF6A2924000-memory.dmp

Filesize
3.3MB

Download
memory/2292-223-0x00007FF6A25D0000-0x00007FF6A2924000-memory.dmp

Filesize
3.3MB

Download
memory/2300-64-0x00007FF7D9FE0000-0x00007FF7DA334000-memory.dmp

Filesize
3.3MB

Download
memory/2300-8-0x00007FF7D9FE0000-0x00007FF7DA334000-memory.dmp

Filesize
3.3MB

Download
memory/2300-1435-0x00007FF7D9FE0000-0x00007FF7DA334000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1974-0x00007FF7C2C10000-0x00007FF7C2F64000-memory.dmp

Filesize
3.3MB

Download
memory/2444-119-0x00007FF7C2C10000-0x00007FF7C2F64000-memory.dmp

Filesize
3.3MB

Download
memory/2444-169-0x00007FF7C2C10000-0x00007FF7C2F64000-memory.dmp

Filesize
3.3MB

Download
memory/2552-58-0x00007FF7B14B0000-0x00007FF7B1804000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1646-0x00007FF7B14B0000-0x00007FF7B1804000-memory.dmp

Filesize
3.3MB

Download
memory/2732-22-0x00007FF61FF90000-0x00007FF6202E4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1494-0x00007FF61FF90000-0x00007FF6202E4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-61-0x00007FF721F70000-0x00007FF7222C4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1696-0x00007FF721F70000-0x00007FF7222C4000-memory.dmp

Filesize
3.3MB

Download
memory/3692-1501-0x00007FF7FE5D0000-0x00007FF7FE924000-memory.dmp

Filesize
3.3MB

Download
memory/3692-31-0x00007FF7FE5D0000-0x00007FF7FE924000-memory.dmp

Filesize
3.3MB

Download
memory/3692-75-0x00007FF7FE5D0000-0x00007FF7FE924000-memory.dmp

Filesize
3.3MB

Download
memory/3784-105-0x00007FF7CFC00000-0x00007FF7CFF54000-memory.dmp

Filesize
3.3MB

Download
memory/3784-150-0x00007FF7CFC00000-0x00007FF7CFF54000-memory.dmp

Filesize
3.3MB

Download
memory/3784-1970-0x00007FF7CFC00000-0x00007FF7CFF54000-memory.dmp

Filesize
3.3MB

Download
memory/3972-42-0x00007FF7C9100000-0x00007FF7C9454000-memory.dmp

Filesize
3.3MB

Download
memory/3972-101-0x00007FF7C9100000-0x00007FF7C9454000-memory.dmp

Filesize
3.3MB

Download
memory/3972-1642-0x00007FF7C9100000-0x00007FF7C9454000-memory.dmp

Filesize
3.3MB

Download
memory/4004-68-0x00007FF6BC880000-0x00007FF6BCBD4000-memory.dmp

Filesize
3.3MB

Download
memory/4004-14-0x00007FF6BC880000-0x00007FF6BCBD4000-memory.dmp

Filesize
3.3MB

Download
memory/4004-1452-0x00007FF6BC880000-0x00007FF6BCBD4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-84-0x00007FF754F40000-0x00007FF755294000-memory.dmp

Filesize
3.3MB

Download
memory/4040-1817-0x00007FF754F40000-0x00007FF755294000-memory.dmp

Filesize
3.3MB

Download
memory/4108-2181-0x00007FF724D40000-0x00007FF725094000-memory.dmp

Filesize
3.3MB

Download
memory/4108-290-0x00007FF724D40000-0x00007FF725094000-memory.dmp

Filesize
3.3MB

Download
memory/4108-155-0x00007FF724D40000-0x00007FF725094000-memory.dmp

Filesize
3.3MB

Download
memory/4460-1503-0x00007FF7B64E0000-0x00007FF7B6834000-memory.dmp

Filesize
3.3MB

Download
memory/4460-32-0x00007FF7B64E0000-0x00007FF7B6834000-memory.dmp

Filesize
3.3MB

Download
memory/4548-137-0x00007FF6F8D00000-0x00007FF6F9054000-memory.dmp

Filesize
3.3MB

Download
memory/4548-213-0x00007FF6F8D00000-0x00007FF6F9054000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2133-0x00007FF6F8D00000-0x00007FF6F9054000-memory.dmp

Filesize
3.3MB

Download
memory/4584-96-0x00007FF6E7610000-0x00007FF6E7964000-memory.dmp

Filesize
3.3MB

Download
memory/4584-36-0x00007FF6E7610000-0x00007FF6E7964000-memory.dmp

Filesize
3.3MB

Download
memory/4584-1638-0x00007FF6E7610000-0x00007FF6E7964000-memory.dmp

Filesize
3.3MB

Download
memory/4672-76-0x00007FF64ABE0000-0x00007FF64AF34000-memory.dmp

Filesize
3.3MB

Download
memory/4672-1772-0x00007FF64ABE0000-0x00007FF64AF34000-memory.dmp

Filesize
3.3MB

Download
memory/4672-128-0x00007FF64ABE0000-0x00007FF64AF34000-memory.dmp

Filesize
3.3MB

Download
memory/4788-141-0x00007FF733A60000-0x00007FF733DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-1913-0x00007FF733A60000-0x00007FF733DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-88-0x00007FF733A60000-0x00007FF733DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-124-0x00007FF643ED0000-0x00007FF644224000-memory.dmp

Filesize
3.3MB

Download
memory/4896-1765-0x00007FF643ED0000-0x00007FF644224000-memory.dmp

Filesize
3.3MB

Download
memory/4896-69-0x00007FF643ED0000-0x00007FF644224000-memory.dmp

Filesize
3.3MB

Download
memory/4920-617-0x00007FF7C8720000-0x00007FF7C8A74000-memory.dmp

Filesize
3.3MB

Download
memory/4920-189-0x00007FF7C8720000-0x00007FF7C8A74000-memory.dmp

Filesize
3.3MB

Download
memory/5068-106-0x00007FF7AA1C0000-0x00007FF7AA514000-memory.dmp

Filesize
3.3MB

Download
memory/5068-59-0x00007FF7AA1C0000-0x00007FF7AA514000-memory.dmp

Filesize
3.3MB

Download
memory/5068-1702-0x00007FF7AA1C0000-0x00007FF7AA514000-memory.dmp

Filesize
3.3MB

Download