cobaltstrike | 2bcd7ef8cde74baf6de03a20c97e38e8968e5930538adc3620866dd51d0cf893

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

78549bbe587ae2ec486ed30069a3b372
SHA1

12a9c63920f11bd76790de833ba08c7f9bae26ee
SHA256

2bcd7ef8cde74baf6de03a20c97e38e8968e5930538adc3620866dd51d0cf893
SHA512

a70e52f2cf18cc4c2efb5385b23680d3e5a17d1585c1c4c5c9c9557661031d7211f2006e8d18412a8b18c63e9dbb747f6f14d570808cdfad4d9b66b26cd15eca
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b57-5.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bf9-8.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfa-21.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bc7-19.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c02-41.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1a-53.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1b-66.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c14-60.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c01-45.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c00-40.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfb-36.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1c-71.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1d-83.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bf6-81.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1e-89.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023c34-97.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c3b-111.dat	cobalt_reflective_dll
behavioral2/files/0x0016000000023c35-114.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c3f-120.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c4c-130.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c4d-136.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c4e-143.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c4f-146.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c51-171.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c52-169.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c53-175.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c55-184.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c54-189.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c50-155.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5e-196.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5f-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c60-207.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1660-0-0x00007FF629CD0000-0x00007FF62A024000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b57-5.dat	xmrig
behavioral2/files/0x0008000000023bf9-8.dat	xmrig
behavioral2/files/0x0008000000023bfa-21.dat	xmrig
behavioral2/files/0x0009000000023bc7-19.dat	xmrig
behavioral2/memory/2512-16-0x00007FF651E30000-0x00007FF652184000-memory.dmp	xmrig
behavioral2/memory/2768-31-0x00007FF778CB0000-0x00007FF779004000-memory.dmp	xmrig
behavioral2/memory/4964-42-0x00007FF6D2A70000-0x00007FF6D2DC4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c02-41.dat	xmrig
behavioral2/files/0x0008000000023c1a-53.dat	xmrig
behavioral2/memory/380-67-0x00007FF746290000-0x00007FF7465E4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c1b-66.dat	xmrig
behavioral2/memory/4664-65-0x00007FF6D1070000-0x00007FF6D13C4000-memory.dmp	xmrig
behavioral2/memory/4312-64-0x00007FF75F690000-0x00007FF75F9E4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c14-60.dat	xmrig
behavioral2/memory/4888-59-0x00007FF7C3B10000-0x00007FF7C3E64000-memory.dmp	xmrig
behavioral2/memory/4456-54-0x00007FF6170B0000-0x00007FF617404000-memory.dmp	xmrig
behavioral2/memory/4272-48-0x00007FF7C8F20000-0x00007FF7C9274000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c01-45.dat	xmrig
behavioral2/files/0x0008000000023c00-40.dat	xmrig
behavioral2/files/0x0008000000023bfb-36.dat	xmrig
behavioral2/memory/872-15-0x00007FF663390000-0x00007FF6636E4000-memory.dmp	xmrig
behavioral2/memory/2160-9-0x00007FF633120000-0x00007FF633474000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c1c-71.dat	xmrig
behavioral2/memory/4976-74-0x00007FF76FB00000-0x00007FF76FE54000-memory.dmp	xmrig
behavioral2/memory/952-85-0x00007FF6AA4F0000-0x00007FF6AA844000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c1d-83.dat	xmrig
behavioral2/files/0x0009000000023bf6-81.dat	xmrig
behavioral2/memory/2064-80-0x00007FF7C3B30000-0x00007FF7C3E84000-memory.dmp	xmrig
behavioral2/memory/1660-86-0x00007FF629CD0000-0x00007FF62A024000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c1e-89.dat	xmrig
behavioral2/memory/872-94-0x00007FF663390000-0x00007FF6636E4000-memory.dmp	xmrig
behavioral2/memory/2160-91-0x00007FF633120000-0x00007FF633474000-memory.dmp	xmrig
behavioral2/files/0x000b000000023c34-97.dat	xmrig
behavioral2/memory/3552-96-0x00007FF65C7A0000-0x00007FF65CAF4000-memory.dmp	xmrig
behavioral2/memory/3116-99-0x00007FF67E0D0000-0x00007FF67E424000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c3b-111.dat	xmrig
behavioral2/memory/1452-116-0x00007FF6C4EF0000-0x00007FF6C5244000-memory.dmp	xmrig
behavioral2/files/0x0016000000023c35-114.dat	xmrig
behavioral2/memory/4456-113-0x00007FF6170B0000-0x00007FF617404000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c3f-120.dat	xmrig
behavioral2/memory/4724-125-0x00007FF6699B0000-0x00007FF669D04000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c4c-130.dat	xmrig
behavioral2/memory/1328-127-0x00007FF705E30000-0x00007FF706184000-memory.dmp	xmrig
behavioral2/memory/380-126-0x00007FF746290000-0x00007FF7465E4000-memory.dmp	xmrig
behavioral2/memory/2124-112-0x00007FF6C5A80000-0x00007FF6C5DD4000-memory.dmp	xmrig
behavioral2/memory/4272-109-0x00007FF7C8F20000-0x00007FF7C9274000-memory.dmp	xmrig
behavioral2/memory/4964-107-0x00007FF6D2A70000-0x00007FF6D2DC4000-memory.dmp	xmrig
behavioral2/memory/2768-106-0x00007FF778CB0000-0x00007FF779004000-memory.dmp	xmrig
behavioral2/memory/2512-105-0x00007FF651E30000-0x00007FF652184000-memory.dmp	xmrig
behavioral2/memory/4976-133-0x00007FF76FB00000-0x00007FF76FE54000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c4d-136.dat	xmrig
behavioral2/memory/2064-138-0x00007FF7C3B30000-0x00007FF7C3E84000-memory.dmp	xmrig
behavioral2/memory/944-142-0x00007FF667BD0000-0x00007FF667F24000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c4e-143.dat	xmrig
behavioral2/files/0x0008000000023c4f-146.dat	xmrig
behavioral2/memory/2192-147-0x00007FF7DB970000-0x00007FF7DBCC4000-memory.dmp	xmrig
behavioral2/memory/952-139-0x00007FF6AA4F0000-0x00007FF6AA844000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c51-171.dat	xmrig
behavioral2/files/0x0008000000023c52-169.dat	xmrig
behavioral2/files/0x0008000000023c53-175.dat	xmrig
behavioral2/memory/2124-178-0x00007FF6C5A80000-0x00007FF6C5DD4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c55-184.dat	xmrig
behavioral2/memory/2860-188-0x00007FF75BED0000-0x00007FF75C224000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2160	YciWoTE.exe
872	eWskhxb.exe
2512	cjntbbb.exe
2768	SfJZyri.exe
4888	ZFuUina.exe
4964	diXsUxQ.exe
4312	tatysAV.exe
4272	HfPEEvo.exe
4664	BYFgcbW.exe
4456	CvUbkqU.exe
380	HzzKFRu.exe
4976	LtSCSzh.exe
2064	wrnOrzA.exe
952	bZueEKa.exe
3552	QGAXTKP.exe
3116	NlIrVxA.exe
2124	fdCJdnh.exe
1452	lXNLmSB.exe
4724	LPfEkWy.exe
1328	VOzPDkm.exe
944	svZBccZ.exe
2192	MHdkfUa.exe
3820	lnRUaRk.exe
2960	TApPQoZ.exe
3088	JzZdBXF.exe
316	hwPusoL.exe
2852	OoTPGPl.exe
3264	aPUhHJN.exe
2860	yFnQsyW.exe
1764	cHLWuNc.exe
3880	NfztvDw.exe
1416	pnJnpwd.exe
5056	IqSibhA.exe
4684	VHgiGJZ.exe
2276	Rigvelu.exe
3580	hSKKfcU.exe
1064	NiuGadS.exe
1472	olrCENt.exe
1664	yIEVkLn.exe
864	OCNcWkj.exe
1760	oRqdYbX.exe
2764	zdxxtQS.exe
2592	EPaFxSo.exe
4116	LeDhTKY.exe
60	BnYIpRo.exe
1924	Snhojsy.exe
4512	rKpAAaQ.exe
2212	ZDXlERz.exe
3052	oFhKLPM.exe
832	ridyxhn.exe
2324	kSxcxpW.exe
3592	qMJjIip.exe
2832	JGtfzBW.exe
1920	XLokGzj.exe
4868	XkhhgYf.exe
4748	tWygONn.exe
4060	aAaSJQq.exe
1776	prQXmYq.exe
4112	HFpdjGg.exe
1860	TUmYwVU.exe
1792	RscbXEa.exe
1324	vbLTPmz.exe
4912	kdwkWhc.exe
4380	yGeinIh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1660-0-0x00007FF629CD0000-0x00007FF62A024000-memory.dmp	upx
behavioral2/files/0x000c000000023b57-5.dat	upx
behavioral2/files/0x0008000000023bf9-8.dat	upx
behavioral2/files/0x0008000000023bfa-21.dat	upx
behavioral2/files/0x0009000000023bc7-19.dat	upx
behavioral2/memory/2512-16-0x00007FF651E30000-0x00007FF652184000-memory.dmp	upx
behavioral2/memory/2768-31-0x00007FF778CB0000-0x00007FF779004000-memory.dmp	upx
behavioral2/memory/4964-42-0x00007FF6D2A70000-0x00007FF6D2DC4000-memory.dmp	upx
behavioral2/files/0x0008000000023c02-41.dat	upx
behavioral2/files/0x0008000000023c1a-53.dat	upx
behavioral2/memory/380-67-0x00007FF746290000-0x00007FF7465E4000-memory.dmp	upx
behavioral2/files/0x0008000000023c1b-66.dat	upx
behavioral2/memory/4664-65-0x00007FF6D1070000-0x00007FF6D13C4000-memory.dmp	upx
behavioral2/memory/4312-64-0x00007FF75F690000-0x00007FF75F9E4000-memory.dmp	upx
behavioral2/files/0x0008000000023c14-60.dat	upx
behavioral2/memory/4888-59-0x00007FF7C3B10000-0x00007FF7C3E64000-memory.dmp	upx
behavioral2/memory/4456-54-0x00007FF6170B0000-0x00007FF617404000-memory.dmp	upx
behavioral2/memory/4272-48-0x00007FF7C8F20000-0x00007FF7C9274000-memory.dmp	upx
behavioral2/files/0x0008000000023c01-45.dat	upx
behavioral2/files/0x0008000000023c00-40.dat	upx
behavioral2/files/0x0008000000023bfb-36.dat	upx
behavioral2/memory/872-15-0x00007FF663390000-0x00007FF6636E4000-memory.dmp	upx
behavioral2/memory/2160-9-0x00007FF633120000-0x00007FF633474000-memory.dmp	upx
behavioral2/files/0x0008000000023c1c-71.dat	upx
behavioral2/memory/4976-74-0x00007FF76FB00000-0x00007FF76FE54000-memory.dmp	upx
behavioral2/memory/952-85-0x00007FF6AA4F0000-0x00007FF6AA844000-memory.dmp	upx
behavioral2/files/0x0008000000023c1d-83.dat	upx
behavioral2/files/0x0009000000023bf6-81.dat	upx
behavioral2/memory/2064-80-0x00007FF7C3B30000-0x00007FF7C3E84000-memory.dmp	upx
behavioral2/memory/1660-86-0x00007FF629CD0000-0x00007FF62A024000-memory.dmp	upx
behavioral2/files/0x0008000000023c1e-89.dat	upx
behavioral2/memory/872-94-0x00007FF663390000-0x00007FF6636E4000-memory.dmp	upx
behavioral2/memory/2160-91-0x00007FF633120000-0x00007FF633474000-memory.dmp	upx
behavioral2/files/0x000b000000023c34-97.dat	upx
behavioral2/memory/3552-96-0x00007FF65C7A0000-0x00007FF65CAF4000-memory.dmp	upx
behavioral2/memory/3116-99-0x00007FF67E0D0000-0x00007FF67E424000-memory.dmp	upx
behavioral2/files/0x0008000000023c3b-111.dat	upx
behavioral2/memory/1452-116-0x00007FF6C4EF0000-0x00007FF6C5244000-memory.dmp	upx
behavioral2/files/0x0016000000023c35-114.dat	upx
behavioral2/memory/4456-113-0x00007FF6170B0000-0x00007FF617404000-memory.dmp	upx
behavioral2/files/0x0008000000023c3f-120.dat	upx
behavioral2/memory/4724-125-0x00007FF6699B0000-0x00007FF669D04000-memory.dmp	upx
behavioral2/files/0x0008000000023c4c-130.dat	upx
behavioral2/memory/1328-127-0x00007FF705E30000-0x00007FF706184000-memory.dmp	upx
behavioral2/memory/380-126-0x00007FF746290000-0x00007FF7465E4000-memory.dmp	upx
behavioral2/memory/2124-112-0x00007FF6C5A80000-0x00007FF6C5DD4000-memory.dmp	upx
behavioral2/memory/4272-109-0x00007FF7C8F20000-0x00007FF7C9274000-memory.dmp	upx
behavioral2/memory/4964-107-0x00007FF6D2A70000-0x00007FF6D2DC4000-memory.dmp	upx
behavioral2/memory/2768-106-0x00007FF778CB0000-0x00007FF779004000-memory.dmp	upx
behavioral2/memory/2512-105-0x00007FF651E30000-0x00007FF652184000-memory.dmp	upx
behavioral2/memory/4976-133-0x00007FF76FB00000-0x00007FF76FE54000-memory.dmp	upx
behavioral2/files/0x0008000000023c4d-136.dat	upx
behavioral2/memory/2064-138-0x00007FF7C3B30000-0x00007FF7C3E84000-memory.dmp	upx
behavioral2/memory/944-142-0x00007FF667BD0000-0x00007FF667F24000-memory.dmp	upx
behavioral2/files/0x0008000000023c4e-143.dat	upx
behavioral2/files/0x0008000000023c4f-146.dat	upx
behavioral2/memory/2192-147-0x00007FF7DB970000-0x00007FF7DBCC4000-memory.dmp	upx
behavioral2/memory/952-139-0x00007FF6AA4F0000-0x00007FF6AA844000-memory.dmp	upx
behavioral2/files/0x0008000000023c51-171.dat	upx
behavioral2/files/0x0008000000023c52-169.dat	upx
behavioral2/files/0x0008000000023c53-175.dat	upx
behavioral2/memory/2124-178-0x00007FF6C5A80000-0x00007FF6C5DD4000-memory.dmp	upx
behavioral2/files/0x0008000000023c55-184.dat	upx
behavioral2/memory/2860-188-0x00007FF75BED0000-0x00007FF75C224000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TSIoNms.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFpdjGg.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtpdUCY.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsgaAAz.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjHpQHT.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfNvaRK.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTWfJnp.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSObZAS.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HygeiCz.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTwonpD.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PflTVWl.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzdLUtk.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kttHlFQ.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irgGutC.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWnxSqk.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbtRkAo.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rctawlI.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuVWlXZ.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voUPPHR.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQgpSry.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhrCHBL.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTmiNYl.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfJZyri.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdqkByx.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQlDPOd.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAJTovN.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZSnqVh.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYFgcbW.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STJJNNv.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NggyFIP.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNjmaYD.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNvIWrA.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neGNoVk.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVoInhT.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SawzStq.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVFVttm.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSDTUrM.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLENRIU.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLdwxwB.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikWMLgn.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAoLyEs.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueSAebN.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSdXDIe.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJOipcD.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzzKNec.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxoxwXG.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMjkXeY.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHLWuNc.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbDjyQK.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlldKGa.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPCAyke.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdeNXVR.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNEKNlZ.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWtOGZQ.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXjgVoK.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdxxtQS.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHjtwAU.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhgZOCy.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MAQWUMj.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLVgNQN.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jViTyqN.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRrIfrC.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPSwzDL.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwaZrtw.exe	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2160	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 1660 wrote to memory of 2160	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 1660 wrote to memory of 872	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1660 wrote to memory of 872	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1660 wrote to memory of 2512	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1660 wrote to memory of 2512	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1660 wrote to memory of 2768	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1660 wrote to memory of 2768	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1660 wrote to memory of 4888	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1660 wrote to memory of 4888	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1660 wrote to memory of 4964	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1660 wrote to memory of 4964	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1660 wrote to memory of 4312	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1660 wrote to memory of 4312	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1660 wrote to memory of 4272	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1660 wrote to memory of 4272	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1660 wrote to memory of 4664	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1660 wrote to memory of 4664	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1660 wrote to memory of 4456	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1660 wrote to memory of 4456	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1660 wrote to memory of 380	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1660 wrote to memory of 380	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1660 wrote to memory of 4976	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1660 wrote to memory of 4976	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1660 wrote to memory of 2064	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1660 wrote to memory of 2064	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1660 wrote to memory of 952	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1660 wrote to memory of 952	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1660 wrote to memory of 3552	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1660 wrote to memory of 3552	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1660 wrote to memory of 3116	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1660 wrote to memory of 3116	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1660 wrote to memory of 2124	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1660 wrote to memory of 2124	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1660 wrote to memory of 1452	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1660 wrote to memory of 1452	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1660 wrote to memory of 4724	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1660 wrote to memory of 4724	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1660 wrote to memory of 1328	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1660 wrote to memory of 1328	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1660 wrote to memory of 944	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1660 wrote to memory of 944	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1660 wrote to memory of 2192	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1660 wrote to memory of 2192	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1660 wrote to memory of 3820	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1660 wrote to memory of 3820	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1660 wrote to memory of 2960	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1660 wrote to memory of 2960	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1660 wrote to memory of 3088	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1660 wrote to memory of 3088	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1660 wrote to memory of 316	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1660 wrote to memory of 316	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1660 wrote to memory of 2852	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1660 wrote to memory of 2852	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1660 wrote to memory of 3264	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1660 wrote to memory of 3264	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1660 wrote to memory of 2860	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1660 wrote to memory of 2860	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1660 wrote to memory of 1764	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1660 wrote to memory of 1764	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1660 wrote to memory of 3880	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1660 wrote to memory of 3880	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1660 wrote to memory of 1416	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1660 wrote to memory of 1416	1660	2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_78549bbe587ae2ec486ed30069a3b372_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\System\YciWoTE.exe
  C:\Windows\System\YciWoTE.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\eWskhxb.exe
  C:\Windows\System\eWskhxb.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\cjntbbb.exe
  C:\Windows\System\cjntbbb.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\SfJZyri.exe
  C:\Windows\System\SfJZyri.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\ZFuUina.exe
  C:\Windows\System\ZFuUina.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\diXsUxQ.exe
  C:\Windows\System\diXsUxQ.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\tatysAV.exe
  C:\Windows\System\tatysAV.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\HfPEEvo.exe
  C:\Windows\System\HfPEEvo.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\BYFgcbW.exe
  C:\Windows\System\BYFgcbW.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\CvUbkqU.exe
  C:\Windows\System\CvUbkqU.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\HzzKFRu.exe
  C:\Windows\System\HzzKFRu.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\LtSCSzh.exe
  C:\Windows\System\LtSCSzh.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\wrnOrzA.exe
  C:\Windows\System\wrnOrzA.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\bZueEKa.exe
  C:\Windows\System\bZueEKa.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\QGAXTKP.exe
  C:\Windows\System\QGAXTKP.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\NlIrVxA.exe
  C:\Windows\System\NlIrVxA.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\fdCJdnh.exe
  C:\Windows\System\fdCJdnh.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\lXNLmSB.exe
  C:\Windows\System\lXNLmSB.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\LPfEkWy.exe
  C:\Windows\System\LPfEkWy.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\VOzPDkm.exe
  C:\Windows\System\VOzPDkm.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\svZBccZ.exe
  C:\Windows\System\svZBccZ.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\MHdkfUa.exe
  C:\Windows\System\MHdkfUa.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\lnRUaRk.exe
  C:\Windows\System\lnRUaRk.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\TApPQoZ.exe
  C:\Windows\System\TApPQoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\JzZdBXF.exe
  C:\Windows\System\JzZdBXF.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\hwPusoL.exe
  C:\Windows\System\hwPusoL.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\OoTPGPl.exe
  C:\Windows\System\OoTPGPl.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\aPUhHJN.exe
  C:\Windows\System\aPUhHJN.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\yFnQsyW.exe
  C:\Windows\System\yFnQsyW.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\cHLWuNc.exe
  C:\Windows\System\cHLWuNc.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\NfztvDw.exe
  C:\Windows\System\NfztvDw.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\pnJnpwd.exe
  C:\Windows\System\pnJnpwd.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\IqSibhA.exe
  C:\Windows\System\IqSibhA.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\VHgiGJZ.exe
  C:\Windows\System\VHgiGJZ.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\Rigvelu.exe
  C:\Windows\System\Rigvelu.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\hSKKfcU.exe
  C:\Windows\System\hSKKfcU.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\NiuGadS.exe
  C:\Windows\System\NiuGadS.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\olrCENt.exe
  C:\Windows\System\olrCENt.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\yIEVkLn.exe
  C:\Windows\System\yIEVkLn.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\OCNcWkj.exe
  C:\Windows\System\OCNcWkj.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\oRqdYbX.exe
  C:\Windows\System\oRqdYbX.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\zdxxtQS.exe
  C:\Windows\System\zdxxtQS.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\EPaFxSo.exe
  C:\Windows\System\EPaFxSo.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\LeDhTKY.exe
  C:\Windows\System\LeDhTKY.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\BnYIpRo.exe
  C:\Windows\System\BnYIpRo.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\Snhojsy.exe
  C:\Windows\System\Snhojsy.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\rKpAAaQ.exe
  C:\Windows\System\rKpAAaQ.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\ZDXlERz.exe
  C:\Windows\System\ZDXlERz.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\oFhKLPM.exe
  C:\Windows\System\oFhKLPM.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\ridyxhn.exe
  C:\Windows\System\ridyxhn.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\kSxcxpW.exe
  C:\Windows\System\kSxcxpW.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\qMJjIip.exe
  C:\Windows\System\qMJjIip.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\JGtfzBW.exe
  C:\Windows\System\JGtfzBW.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\XLokGzj.exe
  C:\Windows\System\XLokGzj.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\XkhhgYf.exe
  C:\Windows\System\XkhhgYf.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\tWygONn.exe
  C:\Windows\System\tWygONn.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\aAaSJQq.exe
  C:\Windows\System\aAaSJQq.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\prQXmYq.exe
  C:\Windows\System\prQXmYq.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\HFpdjGg.exe
  C:\Windows\System\HFpdjGg.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\TUmYwVU.exe
  C:\Windows\System\TUmYwVU.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\RscbXEa.exe
  C:\Windows\System\RscbXEa.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\vbLTPmz.exe
  C:\Windows\System\vbLTPmz.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\kdwkWhc.exe
  C:\Windows\System\kdwkWhc.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\yGeinIh.exe
  C:\Windows\System\yGeinIh.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\vrWKZlY.exe
  C:\Windows\System\vrWKZlY.exe
  2⤵
  PID:2520
- C:\Windows\System\rxpLcBF.exe
  C:\Windows\System\rxpLcBF.exe
  2⤵
  PID:4968
- C:\Windows\System\mUywVpS.exe
  C:\Windows\System\mUywVpS.exe
  2⤵
  PID:3292
- C:\Windows\System\oZucLoi.exe
  C:\Windows\System\oZucLoi.exe
  2⤵
  PID:3308
- C:\Windows\System\kUMiNTC.exe
  C:\Windows\System\kUMiNTC.exe
  2⤵
  PID:2828
- C:\Windows\System\ikWMLgn.exe
  C:\Windows\System\ikWMLgn.exe
  2⤵
  PID:4548
- C:\Windows\System\qqFHLIs.exe
  C:\Windows\System\qqFHLIs.exe
  2⤵
  PID:1008
- C:\Windows\System\rCgdxsR.exe
  C:\Windows\System\rCgdxsR.exe
  2⤵
  PID:2876
- C:\Windows\System\GQAvZHd.exe
  C:\Windows\System\GQAvZHd.exe
  2⤵
  PID:2808
- C:\Windows\System\rbDjyQK.exe
  C:\Windows\System\rbDjyQK.exe
  2⤵
  PID:3496
- C:\Windows\System\QVAmbuG.exe
  C:\Windows\System\QVAmbuG.exe
  2⤵
  PID:3112
- C:\Windows\System\wvYLLuq.exe
  C:\Windows\System\wvYLLuq.exe
  2⤵
  PID:2152
- C:\Windows\System\lCJASXJ.exe
  C:\Windows\System\lCJASXJ.exe
  2⤵
  PID:2488
- C:\Windows\System\JTwonpD.exe
  C:\Windows\System\JTwonpD.exe
  2⤵
  PID:1488
- C:\Windows\System\aJMIZOr.exe
  C:\Windows\System\aJMIZOr.exe
  2⤵
  PID:1988
- C:\Windows\System\uXwrwXk.exe
  C:\Windows\System\uXwrwXk.exe
  2⤵
  PID:3844
- C:\Windows\System\hOmGuQm.exe
  C:\Windows\System\hOmGuQm.exe
  2⤵
  PID:1080
- C:\Windows\System\OJXhpUd.exe
  C:\Windows\System\OJXhpUd.exe
  2⤵
  PID:4884
- C:\Windows\System\jCtNQsl.exe
  C:\Windows\System\jCtNQsl.exe
  2⤵
  PID:4592
- C:\Windows\System\sropfwu.exe
  C:\Windows\System\sropfwu.exe
  2⤵
  PID:4700
- C:\Windows\System\nYDuOYq.exe
  C:\Windows\System\nYDuOYq.exe
  2⤵
  PID:1028
- C:\Windows\System\MaOauuK.exe
  C:\Windows\System\MaOauuK.exe
  2⤵
  PID:1108
- C:\Windows\System\rqOomeV.exe
  C:\Windows\System\rqOomeV.exe
  2⤵
  PID:4980
- C:\Windows\System\bXDrtrz.exe
  C:\Windows\System\bXDrtrz.exe
  2⤵
  PID:4812
- C:\Windows\System\wBufLHa.exe
  C:\Windows\System\wBufLHa.exe
  2⤵
  PID:984
- C:\Windows\System\HlZnLNx.exe
  C:\Windows\System\HlZnLNx.exe
  2⤵
  PID:4464
- C:\Windows\System\AHhjuvA.exe
  C:\Windows\System\AHhjuvA.exe
  2⤵
  PID:2848
- C:\Windows\System\szYMRZh.exe
  C:\Windows\System\szYMRZh.exe
  2⤵
  PID:2204
- C:\Windows\System\WTXvbhd.exe
  C:\Windows\System\WTXvbhd.exe
  2⤵
  PID:3488
- C:\Windows\System\zmvbnwE.exe
  C:\Windows\System\zmvbnwE.exe
  2⤵
  PID:3572
- C:\Windows\System\PflTVWl.exe
  C:\Windows\System\PflTVWl.exe
  2⤵
  PID:3704
- C:\Windows\System\NPuOAbC.exe
  C:\Windows\System\NPuOAbC.exe
  2⤵
  PID:2780
- C:\Windows\System\tBuHKwA.exe
  C:\Windows\System\tBuHKwA.exe
  2⤵
  PID:3660
- C:\Windows\System\DnCygSG.exe
  C:\Windows\System\DnCygSG.exe
  2⤵
  PID:1872
- C:\Windows\System\qoMbsKT.exe
  C:\Windows\System\qoMbsKT.exe
  2⤵
  PID:3300
- C:\Windows\System\UZrVjPp.exe
  C:\Windows\System\UZrVjPp.exe
  2⤵
  PID:1312
- C:\Windows\System\VMaUzAr.exe
  C:\Windows\System\VMaUzAr.exe
  2⤵
  PID:1444
- C:\Windows\System\mXmjGQt.exe
  C:\Windows\System\mXmjGQt.exe
  2⤵
  PID:3012
- C:\Windows\System\jPJxQyF.exe
  C:\Windows\System\jPJxQyF.exe
  2⤵
  PID:3672
- C:\Windows\System\ZyOmuoa.exe
  C:\Windows\System\ZyOmuoa.exe
  2⤵
  PID:4440
- C:\Windows\System\tTXCGuJ.exe
  C:\Windows\System\tTXCGuJ.exe
  2⤵
  PID:2344
- C:\Windows\System\gxToYvg.exe
  C:\Windows\System\gxToYvg.exe
  2⤵
  PID:852
- C:\Windows\System\xtpdUCY.exe
  C:\Windows\System\xtpdUCY.exe
  2⤵
  PID:2156
- C:\Windows\System\YfckEco.exe
  C:\Windows\System\YfckEco.exe
  2⤵
  PID:740
- C:\Windows\System\cPSwzDL.exe
  C:\Windows\System\cPSwzDL.exe
  2⤵
  PID:4468
- C:\Windows\System\MHYFnOK.exe
  C:\Windows\System\MHYFnOK.exe
  2⤵
  PID:5108
- C:\Windows\System\aWijUih.exe
  C:\Windows\System\aWijUih.exe
  2⤵
  PID:1188
- C:\Windows\System\uXKkJTu.exe
  C:\Windows\System\uXKkJTu.exe
  2⤵
  PID:2492
- C:\Windows\System\QBGNWKC.exe
  C:\Windows\System\QBGNWKC.exe
  2⤵
  PID:1972
- C:\Windows\System\qRzefZK.exe
  C:\Windows\System\qRzefZK.exe
  2⤵
  PID:4352
- C:\Windows\System\jGkvtyH.exe
  C:\Windows\System\jGkvtyH.exe
  2⤵
  PID:5144
- C:\Windows\System\yBlduqx.exe
  C:\Windows\System\yBlduqx.exe
  2⤵
  PID:5172
- C:\Windows\System\sKPgbxE.exe
  C:\Windows\System\sKPgbxE.exe
  2⤵
  PID:5200
- C:\Windows\System\duNGXqI.exe
  C:\Windows\System\duNGXqI.exe
  2⤵
  PID:5228
- C:\Windows\System\oppMATP.exe
  C:\Windows\System\oppMATP.exe
  2⤵
  PID:5256
- C:\Windows\System\YGxqrrc.exe
  C:\Windows\System\YGxqrrc.exe
  2⤵
  PID:5284
- C:\Windows\System\zQRCEDa.exe
  C:\Windows\System\zQRCEDa.exe
  2⤵
  PID:5308
- C:\Windows\System\AMRQPqX.exe
  C:\Windows\System\AMRQPqX.exe
  2⤵
  PID:5332
- C:\Windows\System\VrjxBVH.exe
  C:\Windows\System\VrjxBVH.exe
  2⤵
  PID:5364
- C:\Windows\System\tzQRmUW.exe
  C:\Windows\System\tzQRmUW.exe
  2⤵
  PID:5400
- C:\Windows\System\kPkrBhP.exe
  C:\Windows\System\kPkrBhP.exe
  2⤵
  PID:5428
- C:\Windows\System\pchiQcJ.exe
  C:\Windows\System\pchiQcJ.exe
  2⤵
  PID:5460
- C:\Windows\System\TpiLGVj.exe
  C:\Windows\System\TpiLGVj.exe
  2⤵
  PID:5488
- C:\Windows\System\uKBvzDG.exe
  C:\Windows\System\uKBvzDG.exe
  2⤵
  PID:5516
- C:\Windows\System\Zrlgqyh.exe
  C:\Windows\System\Zrlgqyh.exe
  2⤵
  PID:5544
- C:\Windows\System\rOTEdNb.exe
  C:\Windows\System\rOTEdNb.exe
  2⤵
  PID:5572
- C:\Windows\System\xzTemIl.exe
  C:\Windows\System\xzTemIl.exe
  2⤵
  PID:5600
- C:\Windows\System\sAoLyEs.exe
  C:\Windows\System\sAoLyEs.exe
  2⤵
  PID:5628
- C:\Windows\System\gdgwrKj.exe
  C:\Windows\System\gdgwrKj.exe
  2⤵
  PID:5656
- C:\Windows\System\ZKeuzID.exe
  C:\Windows\System\ZKeuzID.exe
  2⤵
  PID:5684
- C:\Windows\System\qIEaOuF.exe
  C:\Windows\System\qIEaOuF.exe
  2⤵
  PID:5712
- C:\Windows\System\wnvkwKx.exe
  C:\Windows\System\wnvkwKx.exe
  2⤵
  PID:5740
- C:\Windows\System\akWPDEW.exe
  C:\Windows\System\akWPDEW.exe
  2⤵
  PID:5768
- C:\Windows\System\ZmFCKDk.exe
  C:\Windows\System\ZmFCKDk.exe
  2⤵
  PID:5796
- C:\Windows\System\hKlpgXC.exe
  C:\Windows\System\hKlpgXC.exe
  2⤵
  PID:5828
- C:\Windows\System\VWqYYvl.exe
  C:\Windows\System\VWqYYvl.exe
  2⤵
  PID:5856
- C:\Windows\System\yHcazky.exe
  C:\Windows\System\yHcazky.exe
  2⤵
  PID:5884
- C:\Windows\System\GYFbTyy.exe
  C:\Windows\System\GYFbTyy.exe
  2⤵
  PID:5904
- C:\Windows\System\GoFbffZ.exe
  C:\Windows\System\GoFbffZ.exe
  2⤵
  PID:5940
- C:\Windows\System\DHyJmBn.exe
  C:\Windows\System\DHyJmBn.exe
  2⤵
  PID:5968
- C:\Windows\System\bHjtwAU.exe
  C:\Windows\System\bHjtwAU.exe
  2⤵
  PID:5996
- C:\Windows\System\DaCjbmJ.exe
  C:\Windows\System\DaCjbmJ.exe
  2⤵
  PID:6024
- C:\Windows\System\pfmJorP.exe
  C:\Windows\System\pfmJorP.exe
  2⤵
  PID:6052
- C:\Windows\System\WVoInhT.exe
  C:\Windows\System\WVoInhT.exe
  2⤵
  PID:6080
- C:\Windows\System\OsbeAhf.exe
  C:\Windows\System\OsbeAhf.exe
  2⤵
  PID:6124
- C:\Windows\System\jpGxKOE.exe
  C:\Windows\System\jpGxKOE.exe
  2⤵
  PID:5132
- C:\Windows\System\kpsEGwM.exe
  C:\Windows\System\kpsEGwM.exe
  2⤵
  PID:5208
- C:\Windows\System\crrLdnp.exe
  C:\Windows\System\crrLdnp.exe
  2⤵
  PID:5264
- C:\Windows\System\pznRnpZ.exe
  C:\Windows\System\pznRnpZ.exe
  2⤵
  PID:5324
- C:\Windows\System\qMhCpzB.exe
  C:\Windows\System\qMhCpzB.exe
  2⤵
  PID:5388
- C:\Windows\System\WzWLxej.exe
  C:\Windows\System\WzWLxej.exe
  2⤵
  PID:5448
- C:\Windows\System\ZPwQLiC.exe
  C:\Windows\System\ZPwQLiC.exe
  2⤵
  PID:5524
- C:\Windows\System\swkItkk.exe
  C:\Windows\System\swkItkk.exe
  2⤵
  PID:5580
- C:\Windows\System\URekXpB.exe
  C:\Windows\System\URekXpB.exe
  2⤵
  PID:5644
- C:\Windows\System\TorrrDo.exe
  C:\Windows\System\TorrrDo.exe
  2⤵
  PID:4936
- C:\Windows\System\ZOoblma.exe
  C:\Windows\System\ZOoblma.exe
  2⤵
  PID:5776
- C:\Windows\System\wlldKGa.exe
  C:\Windows\System\wlldKGa.exe
  2⤵
  PID:5816
- C:\Windows\System\eZElpQi.exe
  C:\Windows\System\eZElpQi.exe
  2⤵
  PID:5892
- C:\Windows\System\ToqrcqQ.exe
  C:\Windows\System\ToqrcqQ.exe
  2⤵
  PID:5984
- C:\Windows\System\KsgaAAz.exe
  C:\Windows\System\KsgaAAz.exe
  2⤵
  PID:6032
- C:\Windows\System\xkxCCon.exe
  C:\Windows\System\xkxCCon.exe
  2⤵
  PID:6104
- C:\Windows\System\nRZCwqy.exe
  C:\Windows\System\nRZCwqy.exe
  2⤵
  PID:5180
- C:\Windows\System\WnmSXXU.exe
  C:\Windows\System\WnmSXXU.exe
  2⤵
  PID:5340
- C:\Windows\System\UYenMXU.exe
  C:\Windows\System\UYenMXU.exe
  2⤵
  PID:5476
- C:\Windows\System\AxjJtDI.exe
  C:\Windows\System\AxjJtDI.exe
  2⤵
  PID:5608
- C:\Windows\System\SawzStq.exe
  C:\Windows\System\SawzStq.exe
  2⤵
  PID:5764
- C:\Windows\System\DcxPjDs.exe
  C:\Windows\System\DcxPjDs.exe
  2⤵
  PID:5920
- C:\Windows\System\LrrgxoC.exe
  C:\Windows\System\LrrgxoC.exe
  2⤵
  PID:6012
- C:\Windows\System\bBnzTWZ.exe
  C:\Windows\System\bBnzTWZ.exe
  2⤵
  PID:5160
- C:\Windows\System\sOvDPBw.exe
  C:\Windows\System\sOvDPBw.exe
  2⤵
  PID:5496
- C:\Windows\System\ApOuEFA.exe
  C:\Windows\System\ApOuEFA.exe
  2⤵
  PID:5844
- C:\Windows\System\UGvuMRi.exe
  C:\Windows\System\UGvuMRi.exe
  2⤵
  PID:6096
- C:\Windows\System\ueSAebN.exe
  C:\Windows\System\ueSAebN.exe
  2⤵
  PID:5956
- C:\Windows\System\JbEoRNY.exe
  C:\Windows\System\JbEoRNY.exe
  2⤵
  PID:5736
- C:\Windows\System\DYZYEbT.exe
  C:\Windows\System\DYZYEbT.exe
  2⤵
  PID:6168
- C:\Windows\System\STJJNNv.exe
  C:\Windows\System\STJJNNv.exe
  2⤵
  PID:6192
- C:\Windows\System\rlVIROh.exe
  C:\Windows\System\rlVIROh.exe
  2⤵
  PID:6224
- C:\Windows\System\tGpqBjm.exe
  C:\Windows\System\tGpqBjm.exe
  2⤵
  PID:6244
- C:\Windows\System\wOwHhVd.exe
  C:\Windows\System\wOwHhVd.exe
  2⤵
  PID:6272
- C:\Windows\System\frquiJU.exe
  C:\Windows\System\frquiJU.exe
  2⤵
  PID:6300
- C:\Windows\System\jIrTAhQ.exe
  C:\Windows\System\jIrTAhQ.exe
  2⤵
  PID:6328
- C:\Windows\System\PagvSvk.exe
  C:\Windows\System\PagvSvk.exe
  2⤵
  PID:6352
- C:\Windows\System\kvWVFZt.exe
  C:\Windows\System\kvWVFZt.exe
  2⤵
  PID:6404
- C:\Windows\System\FVRssMu.exe
  C:\Windows\System\FVRssMu.exe
  2⤵
  PID:6432
- C:\Windows\System\AtWyvev.exe
  C:\Windows\System\AtWyvev.exe
  2⤵
  PID:6464
- C:\Windows\System\lFSixgV.exe
  C:\Windows\System\lFSixgV.exe
  2⤵
  PID:6504
- C:\Windows\System\xeHwPLz.exe
  C:\Windows\System\xeHwPLz.exe
  2⤵
  PID:6568
- C:\Windows\System\PHuYyui.exe
  C:\Windows\System\PHuYyui.exe
  2⤵
  PID:6628
- C:\Windows\System\RzdLUtk.exe
  C:\Windows\System\RzdLUtk.exe
  2⤵
  PID:6652
- C:\Windows\System\tOKZFZx.exe
  C:\Windows\System\tOKZFZx.exe
  2⤵
  PID:6684
- C:\Windows\System\NUFbhSD.exe
  C:\Windows\System\NUFbhSD.exe
  2⤵
  PID:6752
- C:\Windows\System\LXxExCn.exe
  C:\Windows\System\LXxExCn.exe
  2⤵
  PID:6832
- C:\Windows\System\soVprxb.exe
  C:\Windows\System\soVprxb.exe
  2⤵
  PID:6872
- C:\Windows\System\LAIhPSt.exe
  C:\Windows\System\LAIhPSt.exe
  2⤵
  PID:6896
- C:\Windows\System\oFjRfCP.exe
  C:\Windows\System\oFjRfCP.exe
  2⤵
  PID:6920
- C:\Windows\System\libHaMZ.exe
  C:\Windows\System\libHaMZ.exe
  2⤵
  PID:6960
- C:\Windows\System\NMlQShg.exe
  C:\Windows\System\NMlQShg.exe
  2⤵
  PID:6988
- C:\Windows\System\zfcUpOy.exe
  C:\Windows\System\zfcUpOy.exe
  2⤵
  PID:7016
- C:\Windows\System\XsZfAEZ.exe
  C:\Windows\System\XsZfAEZ.exe
  2⤵
  PID:7040
- C:\Windows\System\IocfJid.exe
  C:\Windows\System\IocfJid.exe
  2⤵
  PID:7080
- C:\Windows\System\oWSvDpe.exe
  C:\Windows\System\oWSvDpe.exe
  2⤵
  PID:7104
- C:\Windows\System\FpCsDln.exe
  C:\Windows\System\FpCsDln.exe
  2⤵
  PID:7136
- C:\Windows\System\VMlLCHR.exe
  C:\Windows\System\VMlLCHR.exe
  2⤵
  PID:7164
- C:\Windows\System\JhtLLbO.exe
  C:\Windows\System\JhtLLbO.exe
  2⤵
  PID:6208
- C:\Windows\System\PjreWOo.exe
  C:\Windows\System\PjreWOo.exe
  2⤵
  PID:6260
- C:\Windows\System\UFvfcQZ.exe
  C:\Windows\System\UFvfcQZ.exe
  2⤵
  PID:6308
- C:\Windows\System\uagUJdK.exe
  C:\Windows\System\uagUJdK.exe
  2⤵
  PID:6280
- C:\Windows\System\mTootNt.exe
  C:\Windows\System\mTootNt.exe
  2⤵
  PID:6476
- C:\Windows\System\hBxyIpM.exe
  C:\Windows\System\hBxyIpM.exe
  2⤵
  PID:1844
- C:\Windows\System\EgpmSYD.exe
  C:\Windows\System\EgpmSYD.exe
  2⤵
  PID:6824
- C:\Windows\System\rctawlI.exe
  C:\Windows\System\rctawlI.exe
  2⤵
  PID:6940
- C:\Windows\System\mCVpzHT.exe
  C:\Windows\System\mCVpzHT.exe
  2⤵
  PID:6980
- C:\Windows\System\oxfJrKm.exe
  C:\Windows\System\oxfJrKm.exe
  2⤵
  PID:7024
- C:\Windows\System\plipikq.exe
  C:\Windows\System\plipikq.exe
  2⤵
  PID:7160
- C:\Windows\System\meUuGyZ.exe
  C:\Windows\System\meUuGyZ.exe
  2⤵
  PID:6236
- C:\Windows\System\dYgRRuY.exe
  C:\Windows\System\dYgRRuY.exe
  2⤵
  PID:6344
- C:\Windows\System\umWdCyS.exe
  C:\Windows\System\umWdCyS.exe
  2⤵
  PID:824
- C:\Windows\System\kttHlFQ.exe
  C:\Windows\System\kttHlFQ.exe
  2⤵
  PID:2760
- C:\Windows\System\dIkpeSV.exe
  C:\Windows\System\dIkpeSV.exe
  2⤵
  PID:7124
- C:\Windows\System\yuPfhKi.exe
  C:\Windows\System\yuPfhKi.exe
  2⤵
  PID:6472
- C:\Windows\System\BhgZOCy.exe
  C:\Windows\System\BhgZOCy.exe
  2⤵
  PID:7008
- C:\Windows\System\uZxngOV.exe
  C:\Windows\System\uZxngOV.exe
  2⤵
  PID:4896
- C:\Windows\System\pvlCmnM.exe
  C:\Windows\System\pvlCmnM.exe
  2⤵
  PID:7176
- C:\Windows\System\CfJPZbL.exe
  C:\Windows\System\CfJPZbL.exe
  2⤵
  PID:7204
- C:\Windows\System\OSNSrfi.exe
  C:\Windows\System\OSNSrfi.exe
  2⤵
  PID:7228
- C:\Windows\System\WIEFitN.exe
  C:\Windows\System\WIEFitN.exe
  2⤵
  PID:7248
- C:\Windows\System\syjIsXx.exe
  C:\Windows\System\syjIsXx.exe
  2⤵
  PID:7284
- C:\Windows\System\sMfjefB.exe
  C:\Windows\System\sMfjefB.exe
  2⤵
  PID:7316
- C:\Windows\System\uDTlceF.exe
  C:\Windows\System\uDTlceF.exe
  2⤵
  PID:7332
- C:\Windows\System\ceONCQb.exe
  C:\Windows\System\ceONCQb.exe
  2⤵
  PID:7348
- C:\Windows\System\RZYRUoP.exe
  C:\Windows\System\RZYRUoP.exe
  2⤵
  PID:7376
- C:\Windows\System\SEHxPSN.exe
  C:\Windows\System\SEHxPSN.exe
  2⤵
  PID:7412
- C:\Windows\System\vpdivhj.exe
  C:\Windows\System\vpdivhj.exe
  2⤵
  PID:7444
- C:\Windows\System\TmiKfDj.exe
  C:\Windows\System\TmiKfDj.exe
  2⤵
  PID:7472
- C:\Windows\System\YoiSydU.exe
  C:\Windows\System\YoiSydU.exe
  2⤵
  PID:7504
- C:\Windows\System\GoZriTF.exe
  C:\Windows\System\GoZriTF.exe
  2⤵
  PID:7536
- C:\Windows\System\QnapDWe.exe
  C:\Windows\System\QnapDWe.exe
  2⤵
  PID:7564
- C:\Windows\System\xnmWoNZ.exe
  C:\Windows\System\xnmWoNZ.exe
  2⤵
  PID:7592
- C:\Windows\System\vUAAZnD.exe
  C:\Windows\System\vUAAZnD.exe
  2⤵
  PID:7624
- C:\Windows\System\oVFVttm.exe
  C:\Windows\System\oVFVttm.exe
  2⤵
  PID:7652
- C:\Windows\System\rJafXie.exe
  C:\Windows\System\rJafXie.exe
  2⤵
  PID:7680
- C:\Windows\System\cdonoCX.exe
  C:\Windows\System\cdonoCX.exe
  2⤵
  PID:7708
- C:\Windows\System\KrjfvxU.exe
  C:\Windows\System\KrjfvxU.exe
  2⤵
  PID:7736
- C:\Windows\System\vjFeken.exe
  C:\Windows\System\vjFeken.exe
  2⤵
  PID:7764
- C:\Windows\System\OsdxMFj.exe
  C:\Windows\System\OsdxMFj.exe
  2⤵
  PID:7800
- C:\Windows\System\uOUmQFc.exe
  C:\Windows\System\uOUmQFc.exe
  2⤵
  PID:7820
- C:\Windows\System\TxLboGH.exe
  C:\Windows\System\TxLboGH.exe
  2⤵
  PID:7848
- C:\Windows\System\UoLjnPU.exe
  C:\Windows\System\UoLjnPU.exe
  2⤵
  PID:7876
- C:\Windows\System\IsRkiGv.exe
  C:\Windows\System\IsRkiGv.exe
  2⤵
  PID:7904
- C:\Windows\System\JznnSbf.exe
  C:\Windows\System\JznnSbf.exe
  2⤵
  PID:7932
- C:\Windows\System\xWgasrs.exe
  C:\Windows\System\xWgasrs.exe
  2⤵
  PID:7960
- C:\Windows\System\ETYcLha.exe
  C:\Windows\System\ETYcLha.exe
  2⤵
  PID:7988
- C:\Windows\System\UzPrzRo.exe
  C:\Windows\System\UzPrzRo.exe
  2⤵
  PID:8016
- C:\Windows\System\LDswDJz.exe
  C:\Windows\System\LDswDJz.exe
  2⤵
  PID:8044
- C:\Windows\System\NYGHnFF.exe
  C:\Windows\System\NYGHnFF.exe
  2⤵
  PID:8072
- C:\Windows\System\oOhyxfk.exe
  C:\Windows\System\oOhyxfk.exe
  2⤵
  PID:8104
- C:\Windows\System\eKAxKRi.exe
  C:\Windows\System\eKAxKRi.exe
  2⤵
  PID:8128
- C:\Windows\System\PbvyMDJ.exe
  C:\Windows\System\PbvyMDJ.exe
  2⤵
  PID:8156
- C:\Windows\System\lqmyXBu.exe
  C:\Windows\System\lqmyXBu.exe
  2⤵
  PID:8188
- C:\Windows\System\EbtEzqF.exe
  C:\Windows\System\EbtEzqF.exe
  2⤵
  PID:7220
- C:\Windows\System\vQDbuXg.exe
  C:\Windows\System\vQDbuXg.exe
  2⤵
  PID:7296
- C:\Windows\System\qKNtnIH.exe
  C:\Windows\System\qKNtnIH.exe
  2⤵
  PID:7340
- C:\Windows\System\mwaZrtw.exe
  C:\Windows\System\mwaZrtw.exe
  2⤵
  PID:7392
- C:\Windows\System\RzRbLvz.exe
  C:\Windows\System\RzRbLvz.exe
  2⤵
  PID:6672
- C:\Windows\System\ebcrWaW.exe
  C:\Windows\System\ebcrWaW.exe
  2⤵
  PID:6968
- C:\Windows\System\rPLJgup.exe
  C:\Windows\System\rPLJgup.exe
  2⤵
  PID:7500
- C:\Windows\System\rfFUSJe.exe
  C:\Windows\System\rfFUSJe.exe
  2⤵
  PID:7576
- C:\Windows\System\zReAORZ.exe
  C:\Windows\System\zReAORZ.exe
  2⤵
  PID:7612
- C:\Windows\System\VwPTxjW.exe
  C:\Windows\System\VwPTxjW.exe
  2⤵
  PID:7700
- C:\Windows\System\yaqmriA.exe
  C:\Windows\System\yaqmriA.exe
  2⤵
  PID:7776
- C:\Windows\System\NbXKmog.exe
  C:\Windows\System\NbXKmog.exe
  2⤵
  PID:7840
- C:\Windows\System\JhLtLKC.exe
  C:\Windows\System\JhLtLKC.exe
  2⤵
  PID:7900
- C:\Windows\System\xdMwOed.exe
  C:\Windows\System\xdMwOed.exe
  2⤵
  PID:7984
- C:\Windows\System\UYlbzol.exe
  C:\Windows\System\UYlbzol.exe
  2⤵
  PID:8036
- C:\Windows\System\NfRpGUu.exe
  C:\Windows\System\NfRpGUu.exe
  2⤵
  PID:8096
- C:\Windows\System\cuVWlXZ.exe
  C:\Windows\System\cuVWlXZ.exe
  2⤵
  PID:8168
- C:\Windows\System\mXTxrJs.exe
  C:\Windows\System\mXTxrJs.exe
  2⤵
  PID:7268
- C:\Windows\System\ddxndCa.exe
  C:\Windows\System\ddxndCa.exe
  2⤵
  PID:7400
- C:\Windows\System\JDfMOrz.exe
  C:\Windows\System\JDfMOrz.exe
  2⤵
  PID:6676
- C:\Windows\System\jxfbdvZ.exe
  C:\Windows\System\jxfbdvZ.exe
  2⤵
  PID:7604
- C:\Windows\System\IvTZtVj.exe
  C:\Windows\System\IvTZtVj.exe
  2⤵
  PID:7748
- C:\Windows\System\voUPPHR.exe
  C:\Windows\System\voUPPHR.exe
  2⤵
  PID:7896
- C:\Windows\System\vxtLWfw.exe
  C:\Windows\System\vxtLWfw.exe
  2⤵
  PID:8092
- C:\Windows\System\MNxHkJG.exe
  C:\Windows\System\MNxHkJG.exe
  2⤵
  PID:7556
- C:\Windows\System\RFvtTXL.exe
  C:\Windows\System\RFvtTXL.exe
  2⤵
  PID:8012
- C:\Windows\System\GwLgOgZ.exe
  C:\Windows\System\GwLgOgZ.exe
  2⤵
  PID:7496
- C:\Windows\System\sHWTjwk.exe
  C:\Windows\System\sHWTjwk.exe
  2⤵
  PID:7868
- C:\Windows\System\FOhaEYp.exe
  C:\Windows\System\FOhaEYp.exe
  2⤵
  PID:8212
- C:\Windows\System\rKPFzPW.exe
  C:\Windows\System\rKPFzPW.exe
  2⤵
  PID:8240
- C:\Windows\System\zmKaqTq.exe
  C:\Windows\System\zmKaqTq.exe
  2⤵
  PID:8268
- C:\Windows\System\YhYLNoD.exe
  C:\Windows\System\YhYLNoD.exe
  2⤵
  PID:8296
- C:\Windows\System\cyGChLn.exe
  C:\Windows\System\cyGChLn.exe
  2⤵
  PID:8324
- C:\Windows\System\Dinqwvg.exe
  C:\Windows\System\Dinqwvg.exe
  2⤵
  PID:8352
- C:\Windows\System\QYtRFnI.exe
  C:\Windows\System\QYtRFnI.exe
  2⤵
  PID:8384
- C:\Windows\System\AZzCkGa.exe
  C:\Windows\System\AZzCkGa.exe
  2⤵
  PID:8408
- C:\Windows\System\rdqkByx.exe
  C:\Windows\System\rdqkByx.exe
  2⤵
  PID:8436
- C:\Windows\System\srgzAQJ.exe
  C:\Windows\System\srgzAQJ.exe
  2⤵
  PID:8464
- C:\Windows\System\ANFmwcI.exe
  C:\Windows\System\ANFmwcI.exe
  2⤵
  PID:8492
- C:\Windows\System\TkasngG.exe
  C:\Windows\System\TkasngG.exe
  2⤵
  PID:8532
- C:\Windows\System\ZLsAmdj.exe
  C:\Windows\System\ZLsAmdj.exe
  2⤵
  PID:8548
- C:\Windows\System\fIuvccN.exe
  C:\Windows\System\fIuvccN.exe
  2⤵
  PID:8580
- C:\Windows\System\NtVTnNO.exe
  C:\Windows\System\NtVTnNO.exe
  2⤵
  PID:8608
- C:\Windows\System\gicAZYf.exe
  C:\Windows\System\gicAZYf.exe
  2⤵
  PID:8636
- C:\Windows\System\kTcjBcM.exe
  C:\Windows\System\kTcjBcM.exe
  2⤵
  PID:8664
- C:\Windows\System\cQgpSry.exe
  C:\Windows\System\cQgpSry.exe
  2⤵
  PID:8692
- C:\Windows\System\ZsXpsvN.exe
  C:\Windows\System\ZsXpsvN.exe
  2⤵
  PID:8720
- C:\Windows\System\ntxgVnR.exe
  C:\Windows\System\ntxgVnR.exe
  2⤵
  PID:8748
- C:\Windows\System\oFRRldX.exe
  C:\Windows\System\oFRRldX.exe
  2⤵
  PID:8776
- C:\Windows\System\EYjUduA.exe
  C:\Windows\System\EYjUduA.exe
  2⤵
  PID:8804
- C:\Windows\System\vtiPxvY.exe
  C:\Windows\System\vtiPxvY.exe
  2⤵
  PID:8832
- C:\Windows\System\MtVZdCZ.exe
  C:\Windows\System\MtVZdCZ.exe
  2⤵
  PID:8860
- C:\Windows\System\qXkUTvT.exe
  C:\Windows\System\qXkUTvT.exe
  2⤵
  PID:8888
- C:\Windows\System\puuKpbn.exe
  C:\Windows\System\puuKpbn.exe
  2⤵
  PID:8916
- C:\Windows\System\TRLqZIi.exe
  C:\Windows\System\TRLqZIi.exe
  2⤵
  PID:8948
- C:\Windows\System\zPZwaeM.exe
  C:\Windows\System\zPZwaeM.exe
  2⤵
  PID:8972
- C:\Windows\System\WxkbbVB.exe
  C:\Windows\System\WxkbbVB.exe
  2⤵
  PID:9000
- C:\Windows\System\CPCAyke.exe
  C:\Windows\System\CPCAyke.exe
  2⤵
  PID:9028
- C:\Windows\System\RPfTsFY.exe
  C:\Windows\System\RPfTsFY.exe
  2⤵
  PID:9056
- C:\Windows\System\mRDCgMH.exe
  C:\Windows\System\mRDCgMH.exe
  2⤵
  PID:9084
- C:\Windows\System\MRxVRtr.exe
  C:\Windows\System\MRxVRtr.exe
  2⤵
  PID:9112
- C:\Windows\System\rpVcIJt.exe
  C:\Windows\System\rpVcIJt.exe
  2⤵
  PID:9140
- C:\Windows\System\uZZPOqy.exe
  C:\Windows\System\uZZPOqy.exe
  2⤵
  PID:9168
- C:\Windows\System\lbwXxNL.exe
  C:\Windows\System\lbwXxNL.exe
  2⤵
  PID:9196
- C:\Windows\System\uyxteow.exe
  C:\Windows\System\uyxteow.exe
  2⤵
  PID:8208
- C:\Windows\System\PcVOCnZ.exe
  C:\Windows\System\PcVOCnZ.exe
  2⤵
  PID:8280
- C:\Windows\System\FbHJHPH.exe
  C:\Windows\System\FbHJHPH.exe
  2⤵
  PID:8344
- C:\Windows\System\hfZdUKv.exe
  C:\Windows\System\hfZdUKv.exe
  2⤵
  PID:8400
- C:\Windows\System\GqekOjz.exe
  C:\Windows\System\GqekOjz.exe
  2⤵
  PID:8460
- C:\Windows\System\NCNqHfJ.exe
  C:\Windows\System\NCNqHfJ.exe
  2⤵
  PID:8516
- C:\Windows\System\odDQlxh.exe
  C:\Windows\System\odDQlxh.exe
  2⤵
  PID:8600
- C:\Windows\System\PzpySFY.exe
  C:\Windows\System\PzpySFY.exe
  2⤵
  PID:8660
- C:\Windows\System\qEQUDAv.exe
  C:\Windows\System\qEQUDAv.exe
  2⤵
  PID:8716
- C:\Windows\System\mFGVgZl.exe
  C:\Windows\System\mFGVgZl.exe
  2⤵
  PID:8788
- C:\Windows\System\NJGJdoD.exe
  C:\Windows\System\NJGJdoD.exe
  2⤵
  PID:8872
- C:\Windows\System\oyUndHl.exe
  C:\Windows\System\oyUndHl.exe
  2⤵
  PID:8928
- C:\Windows\System\zXiLtmY.exe
  C:\Windows\System\zXiLtmY.exe
  2⤵
  PID:8992
- C:\Windows\System\CzpKnnl.exe
  C:\Windows\System\CzpKnnl.exe
  2⤵
  PID:9052
- C:\Windows\System\rjwahmf.exe
  C:\Windows\System\rjwahmf.exe
  2⤵
  PID:9124
- C:\Windows\System\BfhtYJO.exe
  C:\Windows\System\BfhtYJO.exe
  2⤵
  PID:9188
- C:\Windows\System\LxtLMru.exe
  C:\Windows\System\LxtLMru.exe
  2⤵
  PID:8260
- C:\Windows\System\XNCvhCQ.exe
  C:\Windows\System\XNCvhCQ.exe
  2⤵
  PID:8448
- C:\Windows\System\qeOdnkO.exe
  C:\Windows\System\qeOdnkO.exe
  2⤵
  PID:8528
- C:\Windows\System\iyguFvN.exe
  C:\Windows\System\iyguFvN.exe
  2⤵
  PID:8688
- C:\Windows\System\oyJClXr.exe
  C:\Windows\System\oyJClXr.exe
  2⤵
  PID:8844
- C:\Windows\System\rGIbzct.exe
  C:\Windows\System\rGIbzct.exe
  2⤵
  PID:8984
- C:\Windows\System\YEWwVWb.exe
  C:\Windows\System\YEWwVWb.exe
  2⤵
  PID:9152
- C:\Windows\System\HhVOeHQ.exe
  C:\Windows\System\HhVOeHQ.exe
  2⤵
  PID:8336
- C:\Windows\System\SWgChYh.exe
  C:\Windows\System\SWgChYh.exe
  2⤵
  PID:8656
- C:\Windows\System\sdpzQvy.exe
  C:\Windows\System\sdpzQvy.exe
  2⤵
  PID:9048
- C:\Windows\System\vsDhCjP.exe
  C:\Windows\System\vsDhCjP.exe
  2⤵
  PID:8592
- C:\Windows\System\zyJIXNv.exe
  C:\Windows\System\zyJIXNv.exe
  2⤵
  PID:8488
- C:\Windows\System\GtVRWEF.exe
  C:\Windows\System\GtVRWEF.exe
  2⤵
  PID:9232
- C:\Windows\System\pVCIOXJ.exe
  C:\Windows\System\pVCIOXJ.exe
  2⤵
  PID:9260
- C:\Windows\System\YockKLc.exe
  C:\Windows\System\YockKLc.exe
  2⤵
  PID:9288
- C:\Windows\System\XBITDcn.exe
  C:\Windows\System\XBITDcn.exe
  2⤵
  PID:9316
- C:\Windows\System\FjKhgIQ.exe
  C:\Windows\System\FjKhgIQ.exe
  2⤵
  PID:9344
- C:\Windows\System\acXwoPs.exe
  C:\Windows\System\acXwoPs.exe
  2⤵
  PID:9372
- C:\Windows\System\jUiNuCB.exe
  C:\Windows\System\jUiNuCB.exe
  2⤵
  PID:9420
- C:\Windows\System\AvBmeDU.exe
  C:\Windows\System\AvBmeDU.exe
  2⤵
  PID:9488
- C:\Windows\System\WCYLUFo.exe
  C:\Windows\System\WCYLUFo.exe
  2⤵
  PID:9532
- C:\Windows\System\tcyIdLO.exe
  C:\Windows\System\tcyIdLO.exe
  2⤵
  PID:9588
- C:\Windows\System\oJfreGX.exe
  C:\Windows\System\oJfreGX.exe
  2⤵
  PID:9628
- C:\Windows\System\EghyCxB.exe
  C:\Windows\System\EghyCxB.exe
  2⤵
  PID:9644
- C:\Windows\System\UsmDZwR.exe
  C:\Windows\System\UsmDZwR.exe
  2⤵
  PID:9696
- C:\Windows\System\aRlCBzJ.exe
  C:\Windows\System\aRlCBzJ.exe
  2⤵
  PID:9724
- C:\Windows\System\yJujQJf.exe
  C:\Windows\System\yJujQJf.exe
  2⤵
  PID:9752
- C:\Windows\System\xuqrjtm.exe
  C:\Windows\System\xuqrjtm.exe
  2⤵
  PID:9780
- C:\Windows\System\nxzmOBL.exe
  C:\Windows\System\nxzmOBL.exe
  2⤵
  PID:9808
- C:\Windows\System\lhQHlQK.exe
  C:\Windows\System\lhQHlQK.exe
  2⤵
  PID:9836
- C:\Windows\System\lYSEIiQ.exe
  C:\Windows\System\lYSEIiQ.exe
  2⤵
  PID:9864
- C:\Windows\System\fSDTUrM.exe
  C:\Windows\System\fSDTUrM.exe
  2⤵
  PID:9892
- C:\Windows\System\dszLkTq.exe
  C:\Windows\System\dszLkTq.exe
  2⤵
  PID:9920
- C:\Windows\System\sRJtCiT.exe
  C:\Windows\System\sRJtCiT.exe
  2⤵
  PID:9948
- C:\Windows\System\MZikIVH.exe
  C:\Windows\System\MZikIVH.exe
  2⤵
  PID:9976
- C:\Windows\System\YvRiJaf.exe
  C:\Windows\System\YvRiJaf.exe
  2⤵
  PID:10004
- C:\Windows\System\GSoqDOE.exe
  C:\Windows\System\GSoqDOE.exe
  2⤵
  PID:10032
- C:\Windows\System\nOJKqRm.exe
  C:\Windows\System\nOJKqRm.exe
  2⤵
  PID:10060
- C:\Windows\System\fjHpQHT.exe
  C:\Windows\System\fjHpQHT.exe
  2⤵
  PID:10088
- C:\Windows\System\AQpsJOR.exe
  C:\Windows\System\AQpsJOR.exe
  2⤵
  PID:10120
- C:\Windows\System\ApaKKsU.exe
  C:\Windows\System\ApaKKsU.exe
  2⤵
  PID:10144
- C:\Windows\System\irgGutC.exe
  C:\Windows\System\irgGutC.exe
  2⤵
  PID:10172
- C:\Windows\System\lkjNMZA.exe
  C:\Windows\System\lkjNMZA.exe
  2⤵
  PID:10200
- C:\Windows\System\IRnNbvc.exe
  C:\Windows\System\IRnNbvc.exe
  2⤵
  PID:10228
- C:\Windows\System\HUtpqhT.exe
  C:\Windows\System\HUtpqhT.exe
  2⤵
  PID:9252
- C:\Windows\System\WefGcBk.exe
  C:\Windows\System\WefGcBk.exe
  2⤵
  PID:9312
- C:\Windows\System\YwvVYDF.exe
  C:\Windows\System\YwvVYDF.exe
  2⤵
  PID:9368
- C:\Windows\System\PRqKDgO.exe
  C:\Windows\System\PRqKDgO.exe
  2⤵
  PID:9500
- C:\Windows\System\yoCVDqL.exe
  C:\Windows\System\yoCVDqL.exe
  2⤵
  PID:9600
- C:\Windows\System\mBCHOGI.exe
  C:\Windows\System\mBCHOGI.exe
  2⤵
  PID:9688
- C:\Windows\System\dWnxSqk.exe
  C:\Windows\System\dWnxSqk.exe
  2⤵
  PID:9748
- C:\Windows\System\BAhNcwe.exe
  C:\Windows\System\BAhNcwe.exe
  2⤵
  PID:9832
- C:\Windows\System\UNeuxIo.exe
  C:\Windows\System\UNeuxIo.exe
  2⤵
  PID:9912
- C:\Windows\System\BAbobks.exe
  C:\Windows\System\BAbobks.exe
  2⤵
  PID:9960
- C:\Windows\System\HfnQrSS.exe
  C:\Windows\System\HfnQrSS.exe
  2⤵
  PID:10028
- C:\Windows\System\qLYlHHp.exe
  C:\Windows\System\qLYlHHp.exe
  2⤵
  PID:10108
- C:\Windows\System\CEEHQul.exe
  C:\Windows\System\CEEHQul.exe
  2⤵
  PID:10168
- C:\Windows\System\KDtVYyj.exe
  C:\Windows\System\KDtVYyj.exe
  2⤵
  PID:8308
- C:\Windows\System\hOYbdqC.exe
  C:\Windows\System\hOYbdqC.exe
  2⤵
  PID:9356
- C:\Windows\System\cDLXTOe.exe
  C:\Windows\System\cDLXTOe.exe
  2⤵
  PID:9584
- C:\Windows\System\QGJvMkk.exe
  C:\Windows\System\QGJvMkk.exe
  2⤵
  PID:9744
- C:\Windows\System\ojYvvoI.exe
  C:\Windows\System\ojYvvoI.exe
  2⤵
  PID:9932
- C:\Windows\System\kTqNQfs.exe
  C:\Windows\System\kTqNQfs.exe
  2⤵
  PID:10056
- C:\Windows\System\QyZOrsj.exe
  C:\Windows\System\QyZOrsj.exe
  2⤵
  PID:10220
- C:\Windows\System\amErDnO.exe
  C:\Windows\System\amErDnO.exe
  2⤵
  PID:9580
- C:\Windows\System\SgSOKhp.exe
  C:\Windows\System\SgSOKhp.exe
  2⤵
  PID:9988
- C:\Windows\System\rqBdzuJ.exe
  C:\Windows\System\rqBdzuJ.exe
  2⤵
  PID:9464
- C:\Windows\System\rMTGqDS.exe
  C:\Windows\System\rMTGqDS.exe
  2⤵
  PID:9308
- C:\Windows\System\DTcrVFq.exe
  C:\Windows\System\DTcrVFq.exe
  2⤵
  PID:10256
- C:\Windows\System\nXIhrQi.exe
  C:\Windows\System\nXIhrQi.exe
  2⤵
  PID:10284
- C:\Windows\System\MAQWUMj.exe
  C:\Windows\System\MAQWUMj.exe
  2⤵
  PID:10312
- C:\Windows\System\pSdXDIe.exe
  C:\Windows\System\pSdXDIe.exe
  2⤵
  PID:10340
- C:\Windows\System\ZRkXREI.exe
  C:\Windows\System\ZRkXREI.exe
  2⤵
  PID:10368
- C:\Windows\System\qBTKidi.exe
  C:\Windows\System\qBTKidi.exe
  2⤵
  PID:10412
- C:\Windows\System\lDgEZVi.exe
  C:\Windows\System\lDgEZVi.exe
  2⤵
  PID:10440
- C:\Windows\System\rjxEiGe.exe
  C:\Windows\System\rjxEiGe.exe
  2⤵
  PID:10468
- C:\Windows\System\uYdSWpS.exe
  C:\Windows\System\uYdSWpS.exe
  2⤵
  PID:10496
- C:\Windows\System\UhHVUbr.exe
  C:\Windows\System\UhHVUbr.exe
  2⤵
  PID:10524
- C:\Windows\System\LvxDOtM.exe
  C:\Windows\System\LvxDOtM.exe
  2⤵
  PID:10552
- C:\Windows\System\tcnNBhR.exe
  C:\Windows\System\tcnNBhR.exe
  2⤵
  PID:10580
- C:\Windows\System\jVMqBwg.exe
  C:\Windows\System\jVMqBwg.exe
  2⤵
  PID:10608
- C:\Windows\System\sSObZAS.exe
  C:\Windows\System\sSObZAS.exe
  2⤵
  PID:10636
- C:\Windows\System\gPFliRh.exe
  C:\Windows\System\gPFliRh.exe
  2⤵
  PID:10664
- C:\Windows\System\wGwdLgz.exe
  C:\Windows\System\wGwdLgz.exe
  2⤵
  PID:10692
- C:\Windows\System\wXXMwxk.exe
  C:\Windows\System\wXXMwxk.exe
  2⤵
  PID:10720
- C:\Windows\System\vGlMgqz.exe
  C:\Windows\System\vGlMgqz.exe
  2⤵
  PID:10748
- C:\Windows\System\GtVqYen.exe
  C:\Windows\System\GtVqYen.exe
  2⤵
  PID:10776
- C:\Windows\System\NggyFIP.exe
  C:\Windows\System\NggyFIP.exe
  2⤵
  PID:10804
- C:\Windows\System\AwFuzmH.exe
  C:\Windows\System\AwFuzmH.exe
  2⤵
  PID:10832
- C:\Windows\System\bmgKINT.exe
  C:\Windows\System\bmgKINT.exe
  2⤵
  PID:10860
- C:\Windows\System\wfBbUeX.exe
  C:\Windows\System\wfBbUeX.exe
  2⤵
  PID:10892
- C:\Windows\System\HYysIbB.exe
  C:\Windows\System\HYysIbB.exe
  2⤵
  PID:10920
- C:\Windows\System\BwxaskL.exe
  C:\Windows\System\BwxaskL.exe
  2⤵
  PID:10948
- C:\Windows\System\rMtXyhx.exe
  C:\Windows\System\rMtXyhx.exe
  2⤵
  PID:10976
- C:\Windows\System\AEMlUEJ.exe
  C:\Windows\System\AEMlUEJ.exe
  2⤵
  PID:11004
- C:\Windows\System\dYgfrtQ.exe
  C:\Windows\System\dYgfrtQ.exe
  2⤵
  PID:11032
- C:\Windows\System\nXatdBU.exe
  C:\Windows\System\nXatdBU.exe
  2⤵
  PID:11060
- C:\Windows\System\aJOipcD.exe
  C:\Windows\System\aJOipcD.exe
  2⤵
  PID:11088
- C:\Windows\System\xUDcdfu.exe
  C:\Windows\System\xUDcdfu.exe
  2⤵
  PID:11132
- C:\Windows\System\WguyITk.exe
  C:\Windows\System\WguyITk.exe
  2⤵
  PID:11148
- C:\Windows\System\BtIJMXe.exe
  C:\Windows\System\BtIJMXe.exe
  2⤵
  PID:11176
- C:\Windows\System\VAtWqGo.exe
  C:\Windows\System\VAtWqGo.exe
  2⤵
  PID:11204
- C:\Windows\System\iFnCfHa.exe
  C:\Windows\System\iFnCfHa.exe
  2⤵
  PID:11232
- C:\Windows\System\QRplktv.exe
  C:\Windows\System\QRplktv.exe
  2⤵
  PID:10252
- C:\Windows\System\DjWnvwf.exe
  C:\Windows\System\DjWnvwf.exe
  2⤵
  PID:10308
- C:\Windows\System\MDueusn.exe
  C:\Windows\System\MDueusn.exe
  2⤵
  PID:10404
- C:\Windows\System\ZsFOyet.exe
  C:\Windows\System\ZsFOyet.exe
  2⤵
  PID:10480
- C:\Windows\System\qTkOImh.exe
  C:\Windows\System\qTkOImh.exe
  2⤵
  PID:10544
- C:\Windows\System\wswbcoF.exe
  C:\Windows\System\wswbcoF.exe
  2⤵
  PID:10628
- C:\Windows\System\RWLjDFH.exe
  C:\Windows\System\RWLjDFH.exe
  2⤵
  PID:10684
- C:\Windows\System\cbcBjGW.exe
  C:\Windows\System\cbcBjGW.exe
  2⤵
  PID:10744
- C:\Windows\System\wTomlgD.exe
  C:\Windows\System\wTomlgD.exe
  2⤵
  PID:10772
- C:\Windows\System\qLxsght.exe
  C:\Windows\System\qLxsght.exe
  2⤵
  PID:10828
- C:\Windows\System\rtbIgGx.exe
  C:\Windows\System\rtbIgGx.exe
  2⤵
  PID:10884
- C:\Windows\System\SbtonSU.exe
  C:\Windows\System\SbtonSU.exe
  2⤵
  PID:10968
- C:\Windows\System\lvbzOhQ.exe
  C:\Windows\System\lvbzOhQ.exe
  2⤵
  PID:11052
- C:\Windows\System\GEKNBoX.exe
  C:\Windows\System\GEKNBoX.exe
  2⤵
  PID:11084
- C:\Windows\System\hjniVND.exe
  C:\Windows\System\hjniVND.exe
  2⤵
  PID:11160
- C:\Windows\System\NpfdiqR.exe
  C:\Windows\System\NpfdiqR.exe
  2⤵
  PID:11224
- C:\Windows\System\IjqCcfX.exe
  C:\Windows\System\IjqCcfX.exe
  2⤵
  PID:10276
- C:\Windows\System\mvuFfFL.exe
  C:\Windows\System\mvuFfFL.exe
  2⤵
  PID:10464
- C:\Windows\System\kAMRNEF.exe
  C:\Windows\System\kAMRNEF.exe
  2⤵
  PID:10880
- C:\Windows\System\FtEDcNw.exe
  C:\Windows\System\FtEDcNw.exe
  2⤵
  PID:540
- C:\Windows\System\gKnCziL.exe
  C:\Windows\System\gKnCziL.exe
  2⤵
  PID:10852
- C:\Windows\System\HADrsYx.exe
  C:\Windows\System\HADrsYx.exe
  2⤵
  PID:6540
- C:\Windows\System\mtkfmps.exe
  C:\Windows\System\mtkfmps.exe
  2⤵
  PID:6528
- C:\Windows\System\cqImbpC.exe
  C:\Windows\System\cqImbpC.exe
  2⤵
  PID:4876
- C:\Windows\System\myNkbdi.exe
  C:\Windows\System\myNkbdi.exe
  2⤵
  PID:11128
- C:\Windows\System\npAtIET.exe
  C:\Windows\System\npAtIET.exe
  2⤵
  PID:11216
- C:\Windows\System\syQOJqV.exe
  C:\Windows\System\syQOJqV.exe
  2⤵
  PID:10536
- C:\Windows\System\JIZJewE.exe
  C:\Windows\System\JIZJewE.exe
  2⤵
  PID:10856
- C:\Windows\System\lPvRysv.exe
  C:\Windows\System\lPvRysv.exe
  2⤵
  PID:6492
- C:\Windows\System\VUWAeVI.exe
  C:\Windows\System\VUWAeVI.exe
  2⤵
  PID:11188
- C:\Windows\System\kyxPGfG.exe
  C:\Windows\System\kyxPGfG.exe
  2⤵
  PID:10816
- C:\Windows\System\SIJRYsc.exe
  C:\Windows\System\SIJRYsc.exe
  2⤵
  PID:11080
- C:\Windows\System\aLVgNQN.exe
  C:\Windows\System\aLVgNQN.exe
  2⤵
  PID:10460
- C:\Windows\System\gmuQsQC.exe
  C:\Windows\System\gmuQsQC.exe
  2⤵
  PID:11288
- C:\Windows\System\yxoulFY.exe
  C:\Windows\System\yxoulFY.exe
  2⤵
  PID:11312
- C:\Windows\System\TEvLfnU.exe
  C:\Windows\System\TEvLfnU.exe
  2⤵
  PID:11332
- C:\Windows\System\karDLUJ.exe
  C:\Windows\System\karDLUJ.exe
  2⤵
  PID:11348
- C:\Windows\System\pwMgSts.exe
  C:\Windows\System\pwMgSts.exe
  2⤵
  PID:11384
- C:\Windows\System\TgCOkjK.exe
  C:\Windows\System\TgCOkjK.exe
  2⤵
  PID:11452
- C:\Windows\System\EWqzftp.exe
  C:\Windows\System\EWqzftp.exe
  2⤵
  PID:11480
- C:\Windows\System\BEDvExY.exe
  C:\Windows\System\BEDvExY.exe
  2⤵
  PID:11504
- C:\Windows\System\xmMLRMN.exe
  C:\Windows\System\xmMLRMN.exe
  2⤵
  PID:11540
- C:\Windows\System\lhZXfsB.exe
  C:\Windows\System\lhZXfsB.exe
  2⤵
  PID:11580
- C:\Windows\System\tHynhUt.exe
  C:\Windows\System\tHynhUt.exe
  2⤵
  PID:11608
- C:\Windows\System\tQlDPOd.exe
  C:\Windows\System\tQlDPOd.exe
  2⤵
  PID:11640
- C:\Windows\System\dMNxYsN.exe
  C:\Windows\System\dMNxYsN.exe
  2⤵
  PID:11664
- C:\Windows\System\OjpvilL.exe
  C:\Windows\System\OjpvilL.exe
  2⤵
  PID:11704
- C:\Windows\System\DdeNXVR.exe
  C:\Windows\System\DdeNXVR.exe
  2⤵
  PID:11736
- C:\Windows\System\DszTRGV.exe
  C:\Windows\System\DszTRGV.exe
  2⤵
  PID:11764
- C:\Windows\System\tpFszRh.exe
  C:\Windows\System\tpFszRh.exe
  2⤵
  PID:11792
- C:\Windows\System\HguLbsK.exe
  C:\Windows\System\HguLbsK.exe
  2⤵
  PID:11820
- C:\Windows\System\bwltmGH.exe
  C:\Windows\System\bwltmGH.exe
  2⤵
  PID:11848
- C:\Windows\System\ypLNkEo.exe
  C:\Windows\System\ypLNkEo.exe
  2⤵
  PID:11876
- C:\Windows\System\tybnmBt.exe
  C:\Windows\System\tybnmBt.exe
  2⤵
  PID:11904
- C:\Windows\System\FhYbSuU.exe
  C:\Windows\System\FhYbSuU.exe
  2⤵
  PID:11932
- C:\Windows\System\tfKmSzk.exe
  C:\Windows\System\tfKmSzk.exe
  2⤵
  PID:11960
- C:\Windows\System\iWGEzhN.exe
  C:\Windows\System\iWGEzhN.exe
  2⤵
  PID:11988
- C:\Windows\System\JHzJWkS.exe
  C:\Windows\System\JHzJWkS.exe
  2⤵
  PID:12016
- C:\Windows\System\YmmxfRp.exe
  C:\Windows\System\YmmxfRp.exe
  2⤵
  PID:12044
- C:\Windows\System\jViTyqN.exe
  C:\Windows\System\jViTyqN.exe
  2⤵
  PID:12072
- C:\Windows\System\IOxddfR.exe
  C:\Windows\System\IOxddfR.exe
  2⤵
  PID:12104
- C:\Windows\System\aYgBJHK.exe
  C:\Windows\System\aYgBJHK.exe
  2⤵
  PID:12132
- C:\Windows\System\UUTQwzX.exe
  C:\Windows\System\UUTQwzX.exe
  2⤵
  PID:12160
- C:\Windows\System\cnGQnPa.exe
  C:\Windows\System\cnGQnPa.exe
  2⤵
  PID:12188
- C:\Windows\System\jOUEMyX.exe
  C:\Windows\System\jOUEMyX.exe
  2⤵
  PID:12216
- C:\Windows\System\nTXsXzd.exe
  C:\Windows\System\nTXsXzd.exe
  2⤵
  PID:12244
- C:\Windows\System\OvfeXFO.exe
  C:\Windows\System\OvfeXFO.exe
  2⤵
  PID:12272
- C:\Windows\System\pGxiziY.exe
  C:\Windows\System\pGxiziY.exe
  2⤵
  PID:2516
- C:\Windows\System\BbKnFiZ.exe
  C:\Windows\System\BbKnFiZ.exe
  2⤵
  PID:11320
- C:\Windows\System\ozThyAI.exe
  C:\Windows\System\ozThyAI.exe
  2⤵
  PID:11324
- C:\Windows\System\MsYHYhB.exe
  C:\Windows\System\MsYHYhB.exe
  2⤵
  PID:11360
- C:\Windows\System\ftphrLY.exe
  C:\Windows\System\ftphrLY.exe
  2⤵
  PID:11440
- C:\Windows\System\YAJTovN.exe
  C:\Windows\System\YAJTovN.exe
  2⤵
  PID:2164
- C:\Windows\System\yZVqnfX.exe
  C:\Windows\System\yZVqnfX.exe
  2⤵
  PID:11476
- C:\Windows\System\bCvPOJT.exe
  C:\Windows\System\bCvPOJT.exe
  2⤵
  PID:11560
- C:\Windows\System\snsuHZD.exe
  C:\Windows\System\snsuHZD.exe
  2⤵
  PID:11516
- C:\Windows\System\HUuFXrx.exe
  C:\Windows\System\HUuFXrx.exe
  2⤵
  PID:3760
- C:\Windows\System\qjiNWNz.exe
  C:\Windows\System\qjiNWNz.exe
  2⤵
  PID:11628
- C:\Windows\System\yFEuSnl.exe
  C:\Windows\System\yFEuSnl.exe
  2⤵
  PID:11656
- C:\Windows\System\RXmLRMS.exe
  C:\Windows\System\RXmLRMS.exe
  2⤵
  PID:11588
- C:\Windows\System\IfNvaRK.exe
  C:\Windows\System\IfNvaRK.exe
  2⤵
  PID:11776
- C:\Windows\System\vXCuUkI.exe
  C:\Windows\System\vXCuUkI.exe
  2⤵
  PID:11844
- C:\Windows\System\iRyvuFN.exe
  C:\Windows\System\iRyvuFN.exe
  2⤵
  PID:11916
- C:\Windows\System\BLFLaPy.exe
  C:\Windows\System\BLFLaPy.exe
  2⤵
  PID:11980
- C:\Windows\System\ZEhdyRD.exe
  C:\Windows\System\ZEhdyRD.exe
  2⤵
  PID:12028
- C:\Windows\System\MyRRleU.exe
  C:\Windows\System\MyRRleU.exe
  2⤵
  PID:12056
- C:\Windows\System\dhimXWP.exe
  C:\Windows\System\dhimXWP.exe
  2⤵
  PID:12100
- C:\Windows\System\DmCQGux.exe
  C:\Windows\System\DmCQGux.exe
  2⤵
  PID:12184
- C:\Windows\System\yiAYLIe.exe
  C:\Windows\System\yiAYLIe.exe
  2⤵
  PID:3084
- C:\Windows\System\XTiDnwX.exe
  C:\Windows\System\XTiDnwX.exe
  2⤵
  PID:12256
- C:\Windows\System\hdzrgFV.exe
  C:\Windows\System\hdzrgFV.exe
  2⤵
  PID:748
- C:\Windows\System\cMurYPm.exe
  C:\Windows\System\cMurYPm.exe
  2⤵
  PID:11368
- C:\Windows\System\jlBgpsQ.exe
  C:\Windows\System\jlBgpsQ.exe
  2⤵
  PID:11472
- C:\Windows\System\idnvIbm.exe
  C:\Windows\System\idnvIbm.exe
  2⤵
  PID:11272
- C:\Windows\System\xvgDoaq.exe
  C:\Windows\System\xvgDoaq.exe
  2⤵
  PID:4808
- C:\Windows\System\ccuhpWg.exe
  C:\Windows\System\ccuhpWg.exe
  2⤵
  PID:11680
- C:\Windows\System\yEkbrmK.exe
  C:\Windows\System\yEkbrmK.exe
  2⤵
  PID:11760
- C:\Windows\System\sFKJFHY.exe
  C:\Windows\System\sFKJFHY.exe
  2⤵
  PID:11944
- C:\Windows\System\AueHNUo.exe
  C:\Windows\System\AueHNUo.exe
  2⤵
  PID:3740
- C:\Windows\System\CvEFviW.exe
  C:\Windows\System\CvEFviW.exe
  2⤵
  PID:12152
- C:\Windows\System\djammJL.exe
  C:\Windows\System\djammJL.exe
  2⤵
  PID:12236
- C:\Windows\System\qPHbiHh.exe
  C:\Windows\System\qPHbiHh.exe
  2⤵
  PID:11408
- C:\Windows\System\vJGSrLn.exe
  C:\Windows\System\vJGSrLn.exe
  2⤵
  PID:4856
- C:\Windows\System\kdbYRXk.exe
  C:\Windows\System\kdbYRXk.exe
  2⤵
  PID:11732
- C:\Windows\System\ksKXrHB.exe
  C:\Windows\System\ksKXrHB.exe
  2⤵
  PID:4488
- C:\Windows\System\kBRCzZs.exe
  C:\Windows\System\kBRCzZs.exe
  2⤵
  PID:916
- C:\Windows\System\QArtNyC.exe
  C:\Windows\System\QArtNyC.exe
  2⤵
  PID:11592
- C:\Windows\System\viUkeIg.exe
  C:\Windows\System\viUkeIg.exe
  2⤵
  PID:12240
- C:\Windows\System\yYnlhwi.exe
  C:\Windows\System\yYnlhwi.exe
  2⤵
  PID:11496
- C:\Windows\System\AKqgRcN.exe
  C:\Windows\System\AKqgRcN.exe
  2⤵
  PID:12304
- C:\Windows\System\ZOHpaNv.exe
  C:\Windows\System\ZOHpaNv.exe
  2⤵
  PID:12336
- C:\Windows\System\DdLWPGw.exe
  C:\Windows\System\DdLWPGw.exe
  2⤵
  PID:12364
- C:\Windows\System\dkFJBhG.exe
  C:\Windows\System\dkFJBhG.exe
  2⤵
  PID:12392
- C:\Windows\System\CdToSky.exe
  C:\Windows\System\CdToSky.exe
  2⤵
  PID:12420
- C:\Windows\System\pVoRiOX.exe
  C:\Windows\System\pVoRiOX.exe
  2⤵
  PID:12448
- C:\Windows\System\WyjjrHL.exe
  C:\Windows\System\WyjjrHL.exe
  2⤵
  PID:12476
- C:\Windows\System\tzmBeBK.exe
  C:\Windows\System\tzmBeBK.exe
  2⤵
  PID:12504
- C:\Windows\System\QVRFFUR.exe
  C:\Windows\System\QVRFFUR.exe
  2⤵
  PID:12532
- C:\Windows\System\wZBBMXr.exe
  C:\Windows\System\wZBBMXr.exe
  2⤵
  PID:12560
- C:\Windows\System\FTAUMNN.exe
  C:\Windows\System\FTAUMNN.exe
  2⤵
  PID:12588
- C:\Windows\System\xjbRkXB.exe
  C:\Windows\System\xjbRkXB.exe
  2⤵
  PID:12616
- C:\Windows\System\MFiJxSk.exe
  C:\Windows\System\MFiJxSk.exe
  2⤵
  PID:12644
- C:\Windows\System\kfWUjTp.exe
  C:\Windows\System\kfWUjTp.exe
  2⤵
  PID:12672
- C:\Windows\System\CkyVhgT.exe
  C:\Windows\System\CkyVhgT.exe
  2⤵
  PID:12700
- C:\Windows\System\yvWPpkd.exe
  C:\Windows\System\yvWPpkd.exe
  2⤵
  PID:12728
- C:\Windows\System\eDYWLMY.exe
  C:\Windows\System\eDYWLMY.exe
  2⤵
  PID:12756
- C:\Windows\System\jPPWBlx.exe
  C:\Windows\System\jPPWBlx.exe
  2⤵
  PID:12784
- C:\Windows\System\JRBrcIs.exe
  C:\Windows\System\JRBrcIs.exe
  2⤵
  PID:12812
- C:\Windows\System\MXLHZFt.exe
  C:\Windows\System\MXLHZFt.exe
  2⤵
  PID:12840
- C:\Windows\System\MZtjGzL.exe
  C:\Windows\System\MZtjGzL.exe
  2⤵
  PID:12868
- C:\Windows\System\KMEERZy.exe
  C:\Windows\System\KMEERZy.exe
  2⤵
  PID:12896
- C:\Windows\System\iqDmnfw.exe
  C:\Windows\System\iqDmnfw.exe
  2⤵
  PID:12924
- C:\Windows\System\wZizABp.exe
  C:\Windows\System\wZizABp.exe
  2⤵
  PID:12952
- C:\Windows\System\DDKNtfF.exe
  C:\Windows\System\DDKNtfF.exe
  2⤵
  PID:12980
- C:\Windows\System\obfrMtW.exe
  C:\Windows\System\obfrMtW.exe
  2⤵
  PID:13008
- C:\Windows\System\kYBPfOw.exe
  C:\Windows\System\kYBPfOw.exe
  2⤵
  PID:13036
- C:\Windows\System\uSGVkol.exe
  C:\Windows\System\uSGVkol.exe
  2⤵
  PID:13072
- C:\Windows\System\nJHzMyN.exe
  C:\Windows\System\nJHzMyN.exe
  2⤵
  PID:13092
- C:\Windows\System\JjUfQmT.exe
  C:\Windows\System\JjUfQmT.exe
  2⤵
  PID:13120
- C:\Windows\System\uIBimYv.exe
  C:\Windows\System\uIBimYv.exe
  2⤵
  PID:13148
- C:\Windows\System\wHHqeUX.exe
  C:\Windows\System\wHHqeUX.exe
  2⤵
  PID:13176
- C:\Windows\System\RrlLrJp.exe
  C:\Windows\System\RrlLrJp.exe
  2⤵
  PID:13204
- C:\Windows\System\LNjmaYD.exe
  C:\Windows\System\LNjmaYD.exe
  2⤵
  PID:13232
- C:\Windows\System\MllWFnY.exe
  C:\Windows\System\MllWFnY.exe
  2⤵
  PID:13264
- C:\Windows\System\PzzKNec.exe
  C:\Windows\System\PzzKNec.exe
  2⤵
  PID:13292
- C:\Windows\System\Vqffcuh.exe
  C:\Windows\System\Vqffcuh.exe
  2⤵
  PID:12300
- C:\Windows\System\BrEawUX.exe
  C:\Windows\System\BrEawUX.exe
  2⤵
  PID:12376
- C:\Windows\System\HygeiCz.exe
  C:\Windows\System\HygeiCz.exe
  2⤵
  PID:12440
- C:\Windows\System\nzNiIBH.exe
  C:\Windows\System\nzNiIBH.exe
  2⤵
  PID:12500
- C:\Windows\System\lNvIWrA.exe
  C:\Windows\System\lNvIWrA.exe
  2⤵
  PID:12572
- C:\Windows\System\YMlFjbB.exe
  C:\Windows\System\YMlFjbB.exe
  2⤵
  PID:12636
- C:\Windows\System\YKMbKEv.exe
  C:\Windows\System\YKMbKEv.exe
  2⤵
  PID:12696
- C:\Windows\System\hKOAUOU.exe
  C:\Windows\System\hKOAUOU.exe
  2⤵
  PID:12768
- C:\Windows\System\daasytq.exe
  C:\Windows\System\daasytq.exe
  2⤵
  PID:12832
- C:\Windows\System\ccRBoSk.exe
  C:\Windows\System\ccRBoSk.exe
  2⤵
  PID:12892
- C:\Windows\System\neGNoVk.exe
  C:\Windows\System\neGNoVk.exe
  2⤵
  PID:12964
- C:\Windows\System\OshGSVU.exe
  C:\Windows\System\OshGSVU.exe
  2⤵
  PID:12332
- C:\Windows\System\WbVqGkv.exe
  C:\Windows\System\WbVqGkv.exe
  2⤵
  PID:13084
- C:\Windows\System\LvkGUam.exe
  C:\Windows\System\LvkGUam.exe
  2⤵
  PID:13144
- C:\Windows\System\fUfjGvA.exe
  C:\Windows\System\fUfjGvA.exe
  2⤵
  PID:13216
- C:\Windows\System\ItLbuyx.exe
  C:\Windows\System\ItLbuyx.exe
  2⤵
  PID:13284
- C:\Windows\System\ZKEEFfW.exe
  C:\Windows\System\ZKEEFfW.exe
  2⤵
  PID:12360
- C:\Windows\System\yGyBBgh.exe
  C:\Windows\System\yGyBBgh.exe
  2⤵
  PID:12528
- C:\Windows\System\usadypH.exe
  C:\Windows\System\usadypH.exe
  2⤵
  PID:12684
- C:\Windows\System\vKvDlzJ.exe
  C:\Windows\System\vKvDlzJ.exe
  2⤵
  PID:12824
- C:\Windows\System\qrBzfyf.exe
  C:\Windows\System\qrBzfyf.exe
  2⤵
  PID:12992
- C:\Windows\System\kcEtYHN.exe
  C:\Windows\System\kcEtYHN.exe
  2⤵
  PID:13132
- C:\Windows\System\DkQrjLN.exe
  C:\Windows\System\DkQrjLN.exe
  2⤵
  PID:13276
- C:\Windows\System\dgAcEbk.exe
  C:\Windows\System\dgAcEbk.exe
  2⤵
  PID:12600
- C:\Windows\System\MKQJkmY.exe
  C:\Windows\System\MKQJkmY.exe
  2⤵
  PID:12948
- C:\Windows\System\KqJXwyN.exe
  C:\Windows\System\KqJXwyN.exe
  2⤵
  PID:13244
- C:\Windows\System\ZerFezD.exe
  C:\Windows\System\ZerFezD.exe
  2⤵
  PID:12888
- C:\Windows\System\Bbnxqhn.exe
  C:\Windows\System\Bbnxqhn.exe
  2⤵
  PID:13196
- C:\Windows\System\OXXQXTy.exe
  C:\Windows\System\OXXQXTy.exe
  2⤵
  PID:13336
- C:\Windows\System\xbXmlVf.exe
  C:\Windows\System\xbXmlVf.exe
  2⤵
  PID:13364
- C:\Windows\System\aWvkrwR.exe
  C:\Windows\System\aWvkrwR.exe
  2⤵
  PID:13392
- C:\Windows\System\xMDkyTo.exe
  C:\Windows\System\xMDkyTo.exe
  2⤵
  PID:13420
- C:\Windows\System\sHHofbO.exe
  C:\Windows\System\sHHofbO.exe
  2⤵
  PID:13448
- C:\Windows\System\enSVqmW.exe
  C:\Windows\System\enSVqmW.exe
  2⤵
  PID:13476
- C:\Windows\System\JPDbHEy.exe
  C:\Windows\System\JPDbHEy.exe
  2⤵
  PID:13504
- C:\Windows\System\ZUOMXzQ.exe
  C:\Windows\System\ZUOMXzQ.exe
  2⤵
  PID:13532
- C:\Windows\System\avLlUyO.exe
  C:\Windows\System\avLlUyO.exe
  2⤵
  PID:13560
- C:\Windows\System\QGXfhVZ.exe
  C:\Windows\System\QGXfhVZ.exe
  2⤵
  PID:13588
- C:\Windows\System\DLVsaZb.exe
  C:\Windows\System\DLVsaZb.exe
  2⤵
  PID:13616
- C:\Windows\System\oNzNlsy.exe
  C:\Windows\System\oNzNlsy.exe
  2⤵
  PID:13644
- C:\Windows\System\UZSnqVh.exe
  C:\Windows\System\UZSnqVh.exe
  2⤵
  PID:13672
- C:\Windows\System\KguJfPS.exe
  C:\Windows\System\KguJfPS.exe
  2⤵
  PID:13700
- C:\Windows\System\algWDqR.exe
  C:\Windows\System\algWDqR.exe
  2⤵
  PID:13728
- C:\Windows\System\alBowNh.exe
  C:\Windows\System\alBowNh.exe
  2⤵
  PID:13756
- C:\Windows\System\tPbQOPf.exe
  C:\Windows\System\tPbQOPf.exe
  2⤵
  PID:13784
- C:\Windows\System\jbEvRum.exe
  C:\Windows\System\jbEvRum.exe
  2⤵
  PID:13812
- C:\Windows\System\wDbPJnk.exe
  C:\Windows\System\wDbPJnk.exe
  2⤵
  PID:13840
- C:\Windows\System\gsSvWag.exe
  C:\Windows\System\gsSvWag.exe
  2⤵
  PID:13868
- C:\Windows\System\VRJGnjx.exe
  C:\Windows\System\VRJGnjx.exe
  2⤵
  PID:13896
- C:\Windows\System\MpJGnWI.exe
  C:\Windows\System\MpJGnWI.exe
  2⤵
  PID:13924
- C:\Windows\System\wMCIlYb.exe
  C:\Windows\System\wMCIlYb.exe
  2⤵
  PID:13952
- C:\Windows\System\cNEKNlZ.exe
  C:\Windows\System\cNEKNlZ.exe
  2⤵
  PID:13980
- C:\Windows\System\kLENRIU.exe
  C:\Windows\System\kLENRIU.exe
  2⤵
  PID:14008
- C:\Windows\System\FtYBDus.exe
  C:\Windows\System\FtYBDus.exe
  2⤵
  PID:14036
- C:\Windows\System\BrSeffK.exe
  C:\Windows\System\BrSeffK.exe
  2⤵
  PID:14064
- C:\Windows\System\fkqpBPG.exe
  C:\Windows\System\fkqpBPG.exe
  2⤵
  PID:14092
- C:\Windows\System\JzrQVMO.exe
  C:\Windows\System\JzrQVMO.exe
  2⤵
  PID:14120
- C:\Windows\System\jLvsXtF.exe
  C:\Windows\System\jLvsXtF.exe
  2⤵
  PID:14148
- C:\Windows\System\sYfPHsO.exe
  C:\Windows\System\sYfPHsO.exe
  2⤵
  PID:14176
- C:\Windows\System\TAuCNmn.exe
  C:\Windows\System\TAuCNmn.exe
  2⤵
  PID:14204
- C:\Windows\System\qeEpxjx.exe
  C:\Windows\System\qeEpxjx.exe
  2⤵
  PID:14232
- C:\Windows\System\arQBAWo.exe
  C:\Windows\System\arQBAWo.exe
  2⤵
  PID:14264
- C:\Windows\System\uHjqFdQ.exe
  C:\Windows\System\uHjqFdQ.exe
  2⤵
  PID:14292
- C:\Windows\System\ETMRkYm.exe
  C:\Windows\System\ETMRkYm.exe
  2⤵
  PID:14332
- C:\Windows\System\HDhyrJK.exe
  C:\Windows\System\HDhyrJK.exe
  2⤵
  PID:13348
- C:\Windows\System\rsOaCJj.exe
  C:\Windows\System\rsOaCJj.exe
  2⤵
  PID:13412
- C:\Windows\System\ZIYhdho.exe
  C:\Windows\System\ZIYhdho.exe
  2⤵
  PID:13472
- C:\Windows\System\BNuzgMn.exe
  C:\Windows\System\BNuzgMn.exe
  2⤵
  PID:13544
- C:\Windows\System\wUcgfBu.exe
  C:\Windows\System\wUcgfBu.exe
  2⤵
  PID:13608
- C:\Windows\System\sUqqVFw.exe
  C:\Windows\System\sUqqVFw.exe
  2⤵
  PID:13668
- C:\Windows\System\fbRTXJZ.exe
  C:\Windows\System\fbRTXJZ.exe
  2⤵
  PID:13748
- C:\Windows\System\OWtOGZQ.exe
  C:\Windows\System\OWtOGZQ.exe
  2⤵
  PID:13824
- C:\Windows\System\bXfRXmd.exe
  C:\Windows\System\bXfRXmd.exe
  2⤵
  PID:13860
- C:\Windows\System\urPZQiQ.exe
  C:\Windows\System\urPZQiQ.exe
  2⤵
  PID:13916
- C:\Windows\System\vmKyzsm.exe
  C:\Windows\System\vmKyzsm.exe
  2⤵
  PID:13976
- C:\Windows\System\ueCjueU.exe
  C:\Windows\System\ueCjueU.exe
  2⤵
  PID:14088
- C:\Windows\System\YEeXBKR.exe
  C:\Windows\System\YEeXBKR.exe
  2⤵
  PID:14144
- C:\Windows\System\tseFjKl.exe
  C:\Windows\System\tseFjKl.exe
  2⤵
  PID:14200
- C:\Windows\System\yhrCHBL.exe
  C:\Windows\System\yhrCHBL.exe
  2⤵
  PID:14284
- C:\Windows\System\SLdwxwB.exe
  C:\Windows\System\SLdwxwB.exe
  2⤵
  PID:13388
- C:\Windows\System\aSXGETk.exe
  C:\Windows\System\aSXGETk.exe
  2⤵
  PID:13584
- C:\Windows\System\qnHQdrE.exe
  C:\Windows\System\qnHQdrE.exe
  2⤵
  PID:2432
- C:\Windows\System\OTKRIjQ.exe
  C:\Windows\System\OTKRIjQ.exe
  2⤵
  PID:13852
- C:\Windows\System\NvesWsO.exe
  C:\Windows\System\NvesWsO.exe
  2⤵
  PID:13808
- C:\Windows\System\VXjgVoK.exe
  C:\Windows\System\VXjgVoK.exe
  2⤵
  PID:14056
- C:\Windows\System\RNXHIgy.exe
  C:\Windows\System\RNXHIgy.exe
  2⤵
  PID:14132
- C:\Windows\System\ZjMaaCD.exe
  C:\Windows\System\ZjMaaCD.exe
  2⤵
  PID:13324
- C:\Windows\System\WMrJols.exe
  C:\Windows\System\WMrJols.exe
  2⤵
  PID:13572
- C:\Windows\System\URFzDSr.exe
  C:\Windows\System\URFzDSr.exe
  2⤵
  PID:3396
- C:\Windows\System\TxTLDkW.exe
  C:\Windows\System\TxTLDkW.exe
  2⤵
  PID:14004
- C:\Windows\System\EdRIVni.exe
  C:\Windows\System\EdRIVni.exe
  2⤵
  PID:14244
- C:\Windows\System\zThJKzE.exe
  C:\Windows\System\zThJKzE.exe
  2⤵
  PID:1848
- C:\Windows\System\zhsFdow.exe
  C:\Windows\System\zhsFdow.exe
  2⤵
  PID:13804
- C:\Windows\System\pSUunQG.exe
  C:\Windows\System\pSUunQG.exe
  2⤵
  PID:14344
- C:\Windows\System\bSomUJY.exe
  C:\Windows\System\bSomUJY.exe
  2⤵
  PID:14372
- C:\Windows\System\EgElQWD.exe
  C:\Windows\System\EgElQWD.exe
  2⤵
  PID:14400
- C:\Windows\System\yXpcUqT.exe
  C:\Windows\System\yXpcUqT.exe
  2⤵
  PID:14428
- C:\Windows\System\uofZzMa.exe
  C:\Windows\System\uofZzMa.exe
  2⤵
  PID:14456
- C:\Windows\System\lKcPFtp.exe
  C:\Windows\System\lKcPFtp.exe
  2⤵
  PID:14484
- C:\Windows\System\OnsbftB.exe
  C:\Windows\System\OnsbftB.exe
  2⤵
  PID:14512
- C:\Windows\System\uiMRAZJ.exe
  C:\Windows\System\uiMRAZJ.exe
  2⤵
  PID:14540
- C:\Windows\System\EKfgNSQ.exe
  C:\Windows\System\EKfgNSQ.exe
  2⤵
  PID:14568
- C:\Windows\System\wUCNlHe.exe
  C:\Windows\System\wUCNlHe.exe
  2⤵
  PID:14596
- C:\Windows\System\ccbZvvs.exe
  C:\Windows\System\ccbZvvs.exe
  2⤵
  PID:14624
- C:\Windows\System\gQwhjky.exe
  C:\Windows\System\gQwhjky.exe
  2⤵
  PID:14652
- C:\Windows\System\XxmjziZ.exe
  C:\Windows\System\XxmjziZ.exe
  2⤵
  PID:14696
- C:\Windows\System\iVszLxz.exe
  C:\Windows\System\iVszLxz.exe
  2⤵
  PID:14712
- C:\Windows\System\maJpliR.exe
  C:\Windows\System\maJpliR.exe
  2⤵
  PID:14740
- C:\Windows\System\efVwFFw.exe
  C:\Windows\System\efVwFFw.exe
  2⤵
  PID:14768
- C:\Windows\System\IibzHAz.exe
  C:\Windows\System\IibzHAz.exe
  2⤵
  PID:14796
- C:\Windows\System\dGFUrJR.exe
  C:\Windows\System\dGFUrJR.exe
  2⤵
  PID:14824
- C:\Windows\System\aVEdgpu.exe
  C:\Windows\System\aVEdgpu.exe
  2⤵
  PID:14852
- C:\Windows\System\uUfMfjm.exe
  C:\Windows\System\uUfMfjm.exe
  2⤵
  PID:14880
- C:\Windows\System\qVpayKA.exe
  C:\Windows\System\qVpayKA.exe
  2⤵
  PID:14908
- C:\Windows\System\WReiKsu.exe
  C:\Windows\System\WReiKsu.exe
  2⤵
  PID:14936
- C:\Windows\System\tAkgOtM.exe
  C:\Windows\System\tAkgOtM.exe
  2⤵
  PID:14964
- C:\Windows\System\cTWfJnp.exe
  C:\Windows\System\cTWfJnp.exe
  2⤵
  PID:14992
- C:\Windows\System\vxunkWw.exe
  C:\Windows\System\vxunkWw.exe
  2⤵
  PID:15020
- C:\Windows\System\nnpOVXR.exe
  C:\Windows\System\nnpOVXR.exe
  2⤵
  PID:15048
- C:\Windows\System\meClCkl.exe
  C:\Windows\System\meClCkl.exe
  2⤵
  PID:15076
- C:\Windows\System\wvgrwLX.exe
  C:\Windows\System\wvgrwLX.exe
  2⤵
  PID:15104
- C:\Windows\System\ycXjTuc.exe
  C:\Windows\System\ycXjTuc.exe
  2⤵
  PID:15132
- C:\Windows\System\HafeHnQ.exe
  C:\Windows\System\HafeHnQ.exe
  2⤵
  PID:15160
- C:\Windows\System\qzLGxsU.exe
  C:\Windows\System\qzLGxsU.exe
  2⤵
  PID:15188
- C:\Windows\System\COXJLPe.exe
  C:\Windows\System\COXJLPe.exe
  2⤵
  PID:15216
- C:\Windows\System\gTmiNYl.exe
  C:\Windows\System\gTmiNYl.exe
  2⤵
  PID:15244
- C:\Windows\System\HaJYPVi.exe
  C:\Windows\System\HaJYPVi.exe
  2⤵
  PID:15272
- C:\Windows\System\sAxewRX.exe
  C:\Windows\System\sAxewRX.exe
  2⤵
  PID:15300
- C:\Windows\System\equxtZq.exe
  C:\Windows\System\equxtZq.exe
  2⤵
  PID:15328
- C:\Windows\System\kuPPNcI.exe
  C:\Windows\System\kuPPNcI.exe
  2⤵
  PID:15356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BYFgcbW.exe

Filesize
6.0MB

MD5
c9a7ef32081c5af2e00690d27614792d

SHA1
a3e88216132606cda1565fbec2a8751ea6309270

SHA256
e69f43eb42b14e5220f29fe58226b326449fa7f18a9eae6823c64bbf72f48e49

SHA512
84ce86e696cccd99ad6587c4a29259c9f084b0428c05e927e982827aae1a46dd2be89d9bf207da641964d6eb5b2a0c6145109a551f4bfb3c41d6925cceb1187d

Download Submit
C:\Windows\System\CvUbkqU.exe

Filesize
6.0MB

MD5
54a9e08368dd20196e69538f3673ff12

SHA1
4240b823ea93a86877e3e550f093199b97b26f84

SHA256
a5eac045426cfbc9098f0ca6c0891e5fd65e5386a6728063d036421bdb8fe413

SHA512
e0612a89acaca0ae8fe1f285c13e5f3e191e04caf7667425262bf02717deb11e32255f5a268777d25ee1e203a712fbf0b2e69f869452e2442e2bb4fb6dedfabe

Download Submit
C:\Windows\System\HfPEEvo.exe

Filesize
6.0MB

MD5
0b6d414ac2943ff9a1d099cb4caa173a

SHA1
ce0d655f34bc29c65c0a67ad532fdbaafed4c037

SHA256
5a8a14963759529fec45c22ce04245c537e2b18a2d4afd77fb01f68df8b3f0ad

SHA512
51ec4c405ca4a7b4549bf1910e0b57d010cc82409e0ea19a09ec9d8d550c76bcb23586577e3a612b52e9289521e55db8a069c970a0637e1f62694de33badbc6c

Download Submit
C:\Windows\System\HzzKFRu.exe

Filesize
6.0MB

MD5
c3855e5ab4ffb856936a84c0ae5ee41d

SHA1
70fcf212591baab36d6b5224a7d64f7e3dc3f4d9

SHA256
7dfa25ccb15e1372a3abd271e429c34a403d3985b247cfea4b76d2f3a3fd9280

SHA512
0960b1cee66d94bed93584c5e1272cb1a031b6f7ecce4ac5000cf43a7db855eb1a9ae662add324e5101151dd3ab60c1d6c0a77a1685b0d9c2184c3ed30e3b579

Download Submit
C:\Windows\System\JzZdBXF.exe

Filesize
6.0MB

MD5
94b479831c9a393f64b1011651b5b4bb

SHA1
11760525575e362f255ef724ef51b2b8be429d98

SHA256
3f421d0bd9172293a27e911a0f545cb6b443eaa2d77559950f488ca91412f4aa

SHA512
d2e7b3cf926500863f8ee482676cbad64ac81841d08cbb1399b478b50b6ae46b10308e8e2ac6357d3a6c514d344950156a4bacce291f42271f6b3bbdfe4791a6

Download Submit
C:\Windows\System\LPfEkWy.exe

Filesize
6.0MB

MD5
03545af16c45a73ff590d910d14cfaae

SHA1
67d39f64d8bd86bf40cf95501eecdbca36240d74

SHA256
58bb430c9f7e9ae09b9312e57ea39c9c35bbafbfa8735db1e16aafa401cb2f9d

SHA512
f99f072a7cb58bd707ce95e51d844facbda62921f62addc446de9c472c40c962c3ea35a0ba2717ce58c4f800cffe249ddd9a4a5cc59b41e7777cdd2304eb8e9d

Download Submit
C:\Windows\System\LtSCSzh.exe

Filesize
6.0MB

MD5
c490f235e22477c2cd41572281c88c31

SHA1
687fb0ac8bca794b27275594e810edefca48bbf4

SHA256
145d73fbb82b34a59485b5071eb9d94ac9a3551afb19b271c2f5d40d47ba674f

SHA512
7cb401d4d8ff5919144901b108f98bb013d7a5a0b6d2de4ebea68a4e4f1ac2ab10758ca26ab9f208ea9d912e8b08365887c7226d762de7925a1e79009974a680

Download Submit
C:\Windows\System\MHdkfUa.exe

Filesize
6.0MB

MD5
5e74488c709eedfc1933d64dc05509a0

SHA1
291d721dbd1dcb8bdff80d9eaa26a31978624ae1

SHA256
b002a16f8b19a8f464ac214a6b1bc857de8e3e30ceb567b5f70790374bd91e1d

SHA512
4c240aa44de8680e8fa670c161150727db31af76ccee9ca103e6f1fb83ea11218070d127726b9d16656a3f28a3de62518ccc83e660514d61d567c64787bbdd16

Download Submit
C:\Windows\System\NfztvDw.exe

Filesize
6.0MB

MD5
ef62df0b1f0035730b4cebb9cf4b1add

SHA1
12fe3b0e1cdab77855d17aa38317e2310638bef1

SHA256
c63f3ed00efd0ddca0e632b72829ac85936b71280ea1b803c57ab37f5da04578

SHA512
59ccea4033efac4ce104002f7c5bd2ea468cfb0e0ba318bbf325d93531d91e5b87688674259b74ae8e5c0c22b922a0ba768e6030f7324a527d197bbbbf73d6bb

Download Submit
C:\Windows\System\NlIrVxA.exe

Filesize
6.0MB

MD5
f317c6e3ea1c19f3ca785631b87b7332

SHA1
5479248266385e91e8e65472be22b74cc1c0c5aa

SHA256
4c7c805fcc3a84cba37ce2349baa2eebfbacf0fde440b320014622ef02b385e5

SHA512
6115bd02cbeacbb12c6c2143b90e0ea042b9cd61a7e8f4e8c270b7c66545368fbb620076dd955ba389c86a37fc5668ea4b7128938b1c95f90202983c30fefa7f

Download Submit
C:\Windows\System\OoTPGPl.exe

Filesize
6.0MB

MD5
db4fb4273c5cdbf462689158ea4b7d0a

SHA1
e7456f4a87d13446943ef4e2437eee002e626ce3

SHA256
e6dde2bbc366e51c236933c280db0d8f8bac513965e67cc7aa55d9858f6a265b

SHA512
17421ccbfb5c81f89ae2176db980d987093d6bfbbbdce2ea53d96d9b1631f12a3c22fdbb2aebd3285c22e2b1defe273e1e37b5f2dc494f1db79698e0dcb5ab1e

Download Submit
C:\Windows\System\QGAXTKP.exe

Filesize
6.0MB

MD5
a8cd0034b9b8266a464575a1cbf41488

SHA1
525f563f8a4a5040ebc5a196b371857336246145

SHA256
f6b8c08bfebda6d1b72d58917ad0a3886dcf9d94c859491dd90a6e2c1a46f0e7

SHA512
adb23e322d6825d167bf55007c72447ef5bf95fd980cc20e66834fa349effdbdfd48c885e96915d8e841b04d92ee89243f0bd6c3403b0541aa780c1d70d134f3

Download Submit
C:\Windows\System\SfJZyri.exe

Filesize
6.0MB

MD5
573c657e5147c0f85432ec2ab4e9a7f7

SHA1
847617c6409f2d65bc6a219f89adc0632a865871

SHA256
7f321d14db4ce86073bd062c3d42d44a452ca7cca5a2d32c14f11c73a6585cae

SHA512
529c3b7c9512edb03b377ce8a16fa2471b086a942662eacd5ec8860f17a44f3e5ed9dee82f108a2d25d5b0b4ebf1a1b2dae6717c4d68fc71fe7be3d9d46d045f

Download Submit
C:\Windows\System\TApPQoZ.exe

Filesize
6.0MB

MD5
6749d361bfe1cd5ba19efa01d46ec869

SHA1
0dcb7b698dd3ad9b1e25bed0cab4606587fbbd9e

SHA256
832c3016ac590f77d956f70c0a0821c00d6b85da99d13dbbb53f4264ead8b89d

SHA512
8497a14c4487565162a4511af92b76e26d581f8ead8649c2583ddaab19b186ed1d827bf1695f0dd438ffb14f59474c2d8d4708d575f530052c9e0a01aaf645c5

Download Submit
C:\Windows\System\VOzPDkm.exe

Filesize
6.0MB

MD5
0b30d9cd9394b13623cc389974aeb9e5

SHA1
e19d5307aef65c08b010072a73380eee6b5050a3

SHA256
820aaa076ba7a27a841f6278acf339af3d5d69da08527f59e0c4d7e7db553257

SHA512
a8499ea2286584028197cba924eca7eeaf161736f6c3e10199a6db6988d94c1799bd4084e00a7780611b8394cbf296c52386a72ec8d711540a2de2a70718632f

Download Submit
C:\Windows\System\YciWoTE.exe

Filesize
6.0MB

MD5
9399a35b354e07ddf4aa26724612aadd

SHA1
b071efb3f913d86fedb0cb91f1a9a8ee1292f21b

SHA256
9dd21b24a6671c042fa48fd9a543d1a369089dad25d228b74b9aa66dffa8a54e

SHA512
c3c887bb3c99eb702c536256beb3cefaf3b0b2f98924300fc1f9238ae519f4f4815559b427ff1770979e24ccde512504367016f99e5e5df98b962554b40b986f

Download Submit
C:\Windows\System\ZFuUina.exe

Filesize
6.0MB

MD5
854530e8d52f8c9412431039b2173703

SHA1
1e90ebcd4858a6ae7fe7b89fda8fe6ebbbe45d27

SHA256
953217efb0ce4da9c613657664d642b683d03f956d95487f33d0e1094b871e01

SHA512
ead175a0039d0af80972cd2f3c1881222e5415533b8f5e76ba8c54369e3d301d7e453510e887da2b208c7492b6055506007af170d6045f0e67b9d89f0c32c48f

Download Submit
C:\Windows\System\aPUhHJN.exe

Filesize
6.0MB

MD5
b5b5aa0c91f2510f645f136a9596afea

SHA1
292fa833316a978fcf89dac980ccaab9115f843b

SHA256
1b636712c9cd4636db75717a5949afe849c978c3865aea01ae3204bd4c102cf7

SHA512
6a7b558dd2911d0e23e421904431282ec87cf4c70a90a7c5697a1f5223a40b81ade5f3bfb2980694557ba6951c65cd34da7033a8fd20ee6c75c90b47e7641be1

Download Submit
C:\Windows\System\bZueEKa.exe

Filesize
6.0MB

MD5
3f386001e7b474d5ffed73ab09b40297

SHA1
7e7aff012a2c5899ba9662f1833af07c899cad40

SHA256
cd6f95da6d90a34023cb6f45e263448cf8b9ae70fdc2acb1dd0ec35f2d0054e6

SHA512
82237cfb7cc3595183dea4649f2628ad011f8d9ec4e38f063c968395ad4d2bacfa4c462c581167207819053150f20c492c1152dc66069c8e746441261c19948c

Download Submit
C:\Windows\System\cHLWuNc.exe

Filesize
6.0MB

MD5
ed2e73e30721bc0c52fa0beaaf782e34

SHA1
1838a8abdfd0dfcb206cec0b6b86370866fe72e9

SHA256
227aaa451b818a6b09056811b6d7b7625858d0821e2bf18f59921ea7d270beb1

SHA512
b73cd71e49b7613b1081583d2e2795318446fef6a7d8f5e2f459ac4e0ab16e509ca78c1aeb6162748017bc2bef10e657e2276d8f2f335e1355a832e94d7f4e43

Download Submit
C:\Windows\System\cjntbbb.exe

Filesize
6.0MB

MD5
6fb65995b8993e183b78e76bc999ea97

SHA1
f983ec072a0c75bef349baf1de4919a56de9cfcf

SHA256
6d878003b52e90f5d9528e9d978185eb613ab3ec32d912a0ff4f6ffe36f40c9a

SHA512
4a2270a60d80b403de85502b004ddd08d6929b529fdbf8e99c8ec1568eeab48cd1a38e0eab8e7e1c3f73bed37ae21fc5350f0b290000432b617660d31cb240d4

Download Submit
C:\Windows\System\diXsUxQ.exe

Filesize
6.0MB

MD5
35cd678c3cca49936a587c10d2ab55e5

SHA1
90439cc1ab933e89f247b9e66e62f5962c1c469b

SHA256
9f546b8a50b7e79783a36bd4ffc3748502a075bcedd3ff050d3da500dde8c7e7

SHA512
d2976c4814d1f150852f2f956802149789750e9f8a16a04813f29064d434b7f6887d6ef1e70c7203bc92ae88760fc9b96c4556d75be87d11ac6298493fb64b57

Download Submit
C:\Windows\System\eWskhxb.exe

Filesize
6.0MB

MD5
6e825bd4b9fc937e80d87a68649c3e19

SHA1
8201db8c9cbba55c62976c937fc4e22987e8a7f7

SHA256
5b080dfa030d54044df8370d069d865a6a8f349b674ac0864cdba15bd5b16a12

SHA512
0c82b3a35f3bd0de6085517c93163086e4c0bc9e8e9ed50ecb2e8f16830b86f0b1569747593613795ecb89ffada70e54d3487cf8536e82c27291f58db5d28e4f

Download Submit
C:\Windows\System\fdCJdnh.exe

Filesize
6.0MB

MD5
29e7a3ad947c937484dee282902a0e0c

SHA1
5cceb2471e8d1ed71c7bdf4bcaac9d90db3d232b

SHA256
dbbc4b6edfcf82ac1a31cc719092dbe2ea7ab398e0725cd240aa687d58534fe2

SHA512
c66acb42d3ed434faae026551fbd482c6b6f05b2eb591a81ed7b489646b1b659ca0992731e1ad98b065ce3dd0c384e9905ccc1b20c5d3ce8eca8b1549e84ef2a

Download Submit
C:\Windows\System\hwPusoL.exe

Filesize
6.0MB

MD5
463fc393b0a3e2412a404f640cb5f141

SHA1
aa9164ff5eac3a2c0214d0f9a10d8d3e81bac165

SHA256
6f798ce4cd565961a5380f6c276007aabb00adcc4dd77cc87da34c14f4bf884f

SHA512
c706b868fca51c7581a608057456027ab42da67a6d4a9bc6f830ca62d4e04cc91bd01e00c2c0129f66fd416fafa6522b33ecd98390db4123706fe91f3e43e157

Download Submit
C:\Windows\System\lXNLmSB.exe

Filesize
6.0MB

MD5
27f0b44584860fe9ee394e302be5a00c

SHA1
415cd9d2dc8c33b4f491685473c3d772eba7178c

SHA256
f92173b2a48c910377526db4b327bcea8182f2812c2b5e38416e75b38294b969

SHA512
ec87011344e80cc4a9f5a289f2596d195319d33eaffafafeb8b1f98409b10aa13df9bae7a52f09f53b306927fce11cbb3e69271c3b5dc963292f0f1ea873d663

Download Submit
C:\Windows\System\lnRUaRk.exe

Filesize
6.0MB

MD5
a4e8d1b3a3aaaaa200248cbb5a8d3238

SHA1
9489d71e74a4379ae201816447db37ec5354d8ef

SHA256
ac731ea08f7a1fbe314920061b895e53152fab66fb806dbad9a6d55095a93c7b

SHA512
9fdb602bdc61274df8165f231566cf4ecd2983e5d2acc02db5be093a8c7059307f81449db238ce2f67f40d995928ed5fae6fa4fced2186c9bdaebdeaac6edc71

Download Submit
C:\Windows\System\pnJnpwd.exe

Filesize
6.0MB

MD5
b5b61eeeff588541ec2ed830ec59ed15

SHA1
fc3419a11f85c32d82a208057cdf9c28a6db788b

SHA256
9a45cf1d324b3c6b85895423a1ec28a58930523daf739543fec48e2b5b6ca375

SHA512
f4ba7394fbe6db3ccb3d41523f41b48952937f0dd28a32a131b50558b3142393f04d01b5cd88c678e8bc8928422aac421b8319d41e329cf395af3c5cace16397

Download Submit
C:\Windows\System\svZBccZ.exe

Filesize
6.0MB

MD5
9760babc46807cd9d7b305e4f32e4f7f

SHA1
9d1f8ac90ef81dd06d7950a0957e72329d177c41

SHA256
7a8006bcb54908b7f088e1618736782fa04603011c819126f458d8734d433dfe

SHA512
aec1714ffe5045eb028563fcb62d558a363f8ed721ce14ef69346c2f91439d1a641ea33ba910fe953911a5a62f57462d8958d69a921d63a5c1fc0eecb46b0e1a

Download Submit
C:\Windows\System\tatysAV.exe

Filesize
6.0MB

MD5
e8f3ea5598c43eb0b8b7d1e32995a617

SHA1
822b065b85eb53dec19a926cf3e9a63f198c254e

SHA256
6f2085e0439d99da2caa42bd85551a6a5982cb823aa8d018765690a26685b612

SHA512
29b3ac5117c4e070995cd7858bf80d1a1fb07024aed8f84c35fbb797a2575fc17ed9fac3bd370902753b175e9d44f8d1a75e960ee285fb60473dce1227724ca9

Download Submit
C:\Windows\System\wrnOrzA.exe

Filesize
6.0MB

MD5
fb1398fa3ec8e6b8c244d9ee8ab9300f

SHA1
9be7daf61251ecb0a655657f8e3cd3f846f77be1

SHA256
f583f732608c80c0ef2a6f7ce0b29103f73b04dbb4377c20e3d78c11606b4e34

SHA512
68c027ab07cba27731cc7536a6473fbb2da183f23e8d46d684a6e48e9656628e66feef4ed8ee3099ca38e2a4136b519f0bd7b1d541915f45014eeef685e67c5e

Download Submit
C:\Windows\System\yFnQsyW.exe

Filesize
6.0MB

MD5
171066a8355731c07ac73c88647fc3e7

SHA1
5fb6dc4a85ac5cde5452ab05dc10a5adadc6dd7f

SHA256
ee179fc774a40200e3a6b1f02100c453c1127b9e8512af505a95560ac3472d32

SHA512
666ceb65cbde4e38543dddabae456d0b82418bfd87e5e856270ddf424f392250c692fd06722058358fc67b498ca7dafa7c9097aecb9b1cfbff79b859d9630edd

Download Submit
memory/316-2366-0x00007FF6E9C80000-0x00007FF6E9FD4000-memory.dmp

Filesize
3.3MB

Download
memory/316-174-0x00007FF6E9C80000-0x00007FF6E9FD4000-memory.dmp

Filesize
3.3MB

Download
memory/380-1590-0x00007FF746290000-0x00007FF7465E4000-memory.dmp

Filesize
3.3MB

Download
memory/380-67-0x00007FF746290000-0x00007FF7465E4000-memory.dmp

Filesize
3.3MB

Download
memory/380-126-0x00007FF746290000-0x00007FF7465E4000-memory.dmp

Filesize
3.3MB

Download
memory/872-15-0x00007FF663390000-0x00007FF6636E4000-memory.dmp

Filesize
3.3MB

Download
memory/872-94-0x00007FF663390000-0x00007FF6636E4000-memory.dmp

Filesize
3.3MB

Download
memory/872-1551-0x00007FF663390000-0x00007FF6636E4000-memory.dmp

Filesize
3.3MB

Download
memory/944-142-0x00007FF667BD0000-0x00007FF667F24000-memory.dmp

Filesize
3.3MB

Download
memory/952-85-0x00007FF6AA4F0000-0x00007FF6AA844000-memory.dmp

Filesize
3.3MB

Download
memory/952-139-0x00007FF6AA4F0000-0x00007FF6AA844000-memory.dmp

Filesize
3.3MB

Download
memory/952-1593-0x00007FF6AA4F0000-0x00007FF6AA844000-memory.dmp

Filesize
3.3MB

Download
memory/1328-195-0x00007FF705E30000-0x00007FF706184000-memory.dmp

Filesize
3.3MB

Download
memory/1328-2134-0x00007FF705E30000-0x00007FF706184000-memory.dmp

Filesize
3.3MB

Download
memory/1328-127-0x00007FF705E30000-0x00007FF706184000-memory.dmp

Filesize
3.3MB

Download
memory/1452-185-0x00007FF6C4EF0000-0x00007FF6C5244000-memory.dmp

Filesize
3.3MB

Download
memory/1452-116-0x00007FF6C4EF0000-0x00007FF6C5244000-memory.dmp

Filesize
3.3MB

Download
memory/1452-2122-0x00007FF6C4EF0000-0x00007FF6C5244000-memory.dmp

Filesize
3.3MB

Download
memory/1660-1-0x0000022D44FC0000-0x0000022D44FD0000-memory.dmp

Filesize
64KB

Download
memory/1660-86-0x00007FF629CD0000-0x00007FF62A024000-memory.dmp

Filesize
3.3MB

Download
memory/1660-0-0x00007FF629CD0000-0x00007FF62A024000-memory.dmp

Filesize
3.3MB

Download
memory/2064-80-0x00007FF7C3B30000-0x00007FF7C3E84000-memory.dmp

Filesize
3.3MB

Download
memory/2064-138-0x00007FF7C3B30000-0x00007FF7C3E84000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1596-0x00007FF7C3B30000-0x00007FF7C3E84000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2125-0x00007FF6C5A80000-0x00007FF6C5DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-112-0x00007FF6C5A80000-0x00007FF6C5DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-178-0x00007FF6C5A80000-0x00007FF6C5DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-9-0x00007FF633120000-0x00007FF633474000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1541-0x00007FF633120000-0x00007FF633474000-memory.dmp

Filesize
3.3MB

Download
memory/2160-91-0x00007FF633120000-0x00007FF633474000-memory.dmp

Filesize
3.3MB

Download
memory/2192-147-0x00007FF7DB970000-0x00007FF7DBCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-347-0x00007FF7DB970000-0x00007FF7DBCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-105-0x00007FF651E30000-0x00007FF652184000-memory.dmp

Filesize
3.3MB

Download
memory/2512-16-0x00007FF651E30000-0x00007FF652184000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1555-0x00007FF651E30000-0x00007FF652184000-memory.dmp

Filesize
3.3MB

Download
memory/2768-106-0x00007FF778CB0000-0x00007FF779004000-memory.dmp

Filesize
3.3MB

Download
memory/2768-31-0x00007FF778CB0000-0x00007FF779004000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1554-0x00007FF778CB0000-0x00007FF779004000-memory.dmp

Filesize
3.3MB

Download
memory/2852-177-0x00007FF7FAF90000-0x00007FF7FB2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2368-0x00007FF7FAF90000-0x00007FF7FB2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-595-0x00007FF7FAF90000-0x00007FF7FB2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2369-0x00007FF75BED0000-0x00007FF75C224000-memory.dmp

Filesize
3.3MB

Download
memory/2860-663-0x00007FF75BED0000-0x00007FF75C224000-memory.dmp

Filesize
3.3MB

Download
memory/2860-188-0x00007FF75BED0000-0x00007FF75C224000-memory.dmp

Filesize
3.3MB

Download
memory/2960-476-0x00007FF779760000-0x00007FF779AB4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-162-0x00007FF779760000-0x00007FF779AB4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2365-0x00007FF779760000-0x00007FF779AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3088-167-0x00007FF68E110000-0x00007FF68E464000-memory.dmp

Filesize
3.3MB

Download
memory/3088-477-0x00007FF68E110000-0x00007FF68E464000-memory.dmp

Filesize
3.3MB

Download
memory/3088-2367-0x00007FF68E110000-0x00007FF68E464000-memory.dmp

Filesize
3.3MB

Download
memory/3116-99-0x00007FF67E0D0000-0x00007FF67E424000-memory.dmp

Filesize
3.3MB

Download
memory/3116-2119-0x00007FF67E0D0000-0x00007FF67E424000-memory.dmp

Filesize
3.3MB

Download
memory/3116-173-0x00007FF67E0D0000-0x00007FF67E424000-memory.dmp

Filesize
3.3MB

Download
memory/3264-2370-0x00007FF7FC480000-0x00007FF7FC7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3264-661-0x00007FF7FC480000-0x00007FF7FC7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3264-187-0x00007FF7FC480000-0x00007FF7FC7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3552-2115-0x00007FF65C7A0000-0x00007FF65CAF4000-memory.dmp

Filesize
3.3MB

Download
memory/3552-96-0x00007FF65C7A0000-0x00007FF65CAF4000-memory.dmp

Filesize
3.3MB

Download
memory/3820-349-0x00007FF758A40000-0x00007FF758D94000-memory.dmp

Filesize
3.3MB

Download
memory/3820-156-0x00007FF758A40000-0x00007FF758D94000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2364-0x00007FF758A40000-0x00007FF758D94000-memory.dmp

Filesize
3.3MB

Download
memory/4272-109-0x00007FF7C8F20000-0x00007FF7C9274000-memory.dmp

Filesize
3.3MB

Download
memory/4272-1578-0x00007FF7C8F20000-0x00007FF7C9274000-memory.dmp

Filesize
3.3MB

Download
memory/4272-48-0x00007FF7C8F20000-0x00007FF7C9274000-memory.dmp

Filesize
3.3MB

Download
memory/4312-1577-0x00007FF75F690000-0x00007FF75F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-64-0x00007FF75F690000-0x00007FF75F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4456-1588-0x00007FF6170B0000-0x00007FF617404000-memory.dmp

Filesize
3.3MB

Download
memory/4456-113-0x00007FF6170B0000-0x00007FF617404000-memory.dmp

Filesize
3.3MB

Download
memory/4456-54-0x00007FF6170B0000-0x00007FF617404000-memory.dmp

Filesize
3.3MB

Download
memory/4664-65-0x00007FF6D1070000-0x00007FF6D13C4000-memory.dmp

Filesize
3.3MB

Download
memory/4664-1584-0x00007FF6D1070000-0x00007FF6D13C4000-memory.dmp

Filesize
3.3MB

Download
memory/4724-2135-0x00007FF6699B0000-0x00007FF669D04000-memory.dmp

Filesize
3.3MB

Download
memory/4724-125-0x00007FF6699B0000-0x00007FF669D04000-memory.dmp

Filesize
3.3MB

Download
memory/4724-186-0x00007FF6699B0000-0x00007FF669D04000-memory.dmp

Filesize
3.3MB

Download
memory/4888-1558-0x00007FF7C3B10000-0x00007FF7C3E64000-memory.dmp

Filesize
3.3MB

Download
memory/4888-59-0x00007FF7C3B10000-0x00007FF7C3E64000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1573-0x00007FF6D2A70000-0x00007FF6D2DC4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-107-0x00007FF6D2A70000-0x00007FF6D2DC4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-42-0x00007FF6D2A70000-0x00007FF6D2DC4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-1594-0x00007FF76FB00000-0x00007FF76FE54000-memory.dmp

Filesize
3.3MB

Download
memory/4976-74-0x00007FF76FB00000-0x00007FF76FE54000-memory.dmp

Filesize
3.3MB

Download
memory/4976-133-0x00007FF76FB00000-0x00007FF76FE54000-memory.dmp

Filesize
3.3MB

Download