cobaltstrike | 85453dc454732b4f2931b87572ff5adcbb006934ca987b14f6fbdf8cb31ca3b8

Analysis

max time kernel
40s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
Size

6.0MB
MD5

a1939173ff94e26237d093dee0cb2f83
SHA1

4e86343276b2db939b22aeebc45544a204b5bdef
SHA256

85453dc454732b4f2931b87572ff5adcbb006934ca987b14f6fbdf8cb31ca3b8
SHA512

98c6eb843c425ffbcf22d5c0f2385eb7b6a8671137a3e718f6e83ad168107a2efd4206d990c8cadef455871fba967ad0dc3c1244138cf693d9e55e8d7437ea63
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUp:eOl56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 42 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\VcUJUFF.exe	cobalt_reflective_dll
C:\Windows\system\TCHRxEl.exe	cobalt_reflective_dll
C:\Windows\system\PvpBFko.exe	cobalt_reflective_dll
C:\Windows\system\aiQReBd.exe	cobalt_reflective_dll
\Windows\system\aiQReBd.exe	cobalt_reflective_dll
\Windows\system\MJkltfn.exe	cobalt_reflective_dll
C:\Windows\system\cPnsvHb.exe	cobalt_reflective_dll
C:\Windows\system\itRbtrS.exe	cobalt_reflective_dll
\Windows\system\qDPLvQu.exe	cobalt_reflective_dll
C:\Windows\system\ZoJYSsx.exe	cobalt_reflective_dll
C:\Windows\system\IsxLsmR.exe	cobalt_reflective_dll
C:\Windows\system\wWBEszJ.exe	cobalt_reflective_dll
C:\Windows\system\AIrlvKT.exe	cobalt_reflective_dll
C:\Windows\system\vcuINkH.exe	cobalt_reflective_dll
C:\Windows\system\fGbEFIw.exe	cobalt_reflective_dll
C:\Windows\system\YynSasc.exe	cobalt_reflective_dll
C:\Windows\system\dgrAzKx.exe	cobalt_reflective_dll
C:\Windows\system\jSrbWBu.exe	cobalt_reflective_dll
C:\Windows\system\ieOrfjY.exe	cobalt_reflective_dll
C:\Windows\system\AUOQVGf.exe	cobalt_reflective_dll
\Windows\system\tYLSRgg.exe	cobalt_reflective_dll
\Windows\system\BJVRaVP.exe	cobalt_reflective_dll
\Windows\system\uAeAbsu.exe	cobalt_reflective_dll
C:\Windows\system\ULYLTZp.exe	cobalt_reflective_dll
C:\Windows\system\pIoweZe.exe	cobalt_reflective_dll
\Windows\system\ahUsrPy.exe	cobalt_reflective_dll
\Windows\system\PzLAEZF.exe	cobalt_reflective_dll
\Windows\system\kVusOUP.exe	cobalt_reflective_dll
\Windows\system\obNQDyT.exe	cobalt_reflective_dll
\Windows\system\dcNhHVi.exe	cobalt_reflective_dll
\Windows\system\eFKODXj.exe	cobalt_reflective_dll
\Windows\system\sDVyCIM.exe	cobalt_reflective_dll
\Windows\system\FZdEjtp.exe	cobalt_reflective_dll
\Windows\system\KlPBOpV.exe	cobalt_reflective_dll
\Windows\system\sCDiGHn.exe	cobalt_reflective_dll
\Windows\system\rTZkGhm.exe	cobalt_reflective_dll
\Windows\system\OWAyTxB.exe	cobalt_reflective_dll
\Windows\system\SWZQbPi.exe	cobalt_reflective_dll
\Windows\system\hulfdpX.exe	cobalt_reflective_dll
\Windows\system\huFpuPh.exe	cobalt_reflective_dll
\Windows\system\vBSQdQw.exe	cobalt_reflective_dll
C:\Windows\system\kkEmkXU.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects Reflective DLL injection artifacts 42 IoCs

Processes:

resource	yara_rule
\Windows\system\VcUJUFF.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\TCHRxEl.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\PvpBFko.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\aiQReBd.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\aiQReBd.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\MJkltfn.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\cPnsvHb.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\itRbtrS.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\qDPLvQu.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\ZoJYSsx.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\IsxLsmR.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\wWBEszJ.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\AIrlvKT.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\vcuINkH.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\fGbEFIw.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\YynSasc.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\dgrAzKx.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\jSrbWBu.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\ieOrfjY.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\AUOQVGf.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\tYLSRgg.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\BJVRaVP.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\uAeAbsu.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\ULYLTZp.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\pIoweZe.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\ahUsrPy.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\PzLAEZF.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\kVusOUP.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\obNQDyT.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\dcNhHVi.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\eFKODXj.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\sDVyCIM.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\FZdEjtp.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\KlPBOpV.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\sCDiGHn.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\rTZkGhm.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\OWAyTxB.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\SWZQbPi.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\hulfdpX.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\huFpuPh.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\vBSQdQw.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\kkEmkXU.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader

UPX dump on OEP (original entry point) 56 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2340-0-0x000000013F330000-0x000000013F684000-memory.dmp	UPX
\Windows\system\VcUJUFF.exe	UPX
behavioral1/memory/2340-6-0x0000000002220000-0x0000000002574000-memory.dmp	UPX
behavioral1/memory/1732-14-0x000000013F590000-0x000000013F8E4000-memory.dmp	UPX
C:\Windows\system\TCHRxEl.exe	UPX
C:\Windows\system\PvpBFko.exe	UPX
behavioral1/memory/2148-21-0x000000013F440000-0x000000013F794000-memory.dmp	UPX
behavioral1/memory/2176-20-0x000000013FD70000-0x00000001400C4000-memory.dmp	UPX
C:\Windows\system\aiQReBd.exe	UPX
\Windows\system\aiQReBd.exe	UPX
behavioral1/memory/2872-30-0x000000013FC80000-0x000000013FFD4000-memory.dmp	UPX
\Windows\system\MJkltfn.exe	UPX
C:\Windows\system\cPnsvHb.exe	UPX
C:\Windows\system\itRbtrS.exe	UPX
\Windows\system\qDPLvQu.exe	UPX
behavioral1/memory/2524-197-0x000000013FCB0000-0x0000000140004000-memory.dmp	UPX
behavioral1/memory/2596-199-0x000000013F280000-0x000000013F5D4000-memory.dmp	UPX
behavioral1/memory/2672-196-0x000000013FC10000-0x000000013FF64000-memory.dmp	UPX
C:\Windows\system\ZoJYSsx.exe	UPX
C:\Windows\system\IsxLsmR.exe	UPX
C:\Windows\system\wWBEszJ.exe	UPX
C:\Windows\system\AIrlvKT.exe	UPX
C:\Windows\system\vcuINkH.exe	UPX
C:\Windows\system\fGbEFIw.exe	UPX
C:\Windows\system\YynSasc.exe	UPX
C:\Windows\system\uAeAbsu.exe	UPX
C:\Windows\system\dgrAzKx.exe	UPX
C:\Windows\system\jSrbWBu.exe	UPX
C:\Windows\system\ieOrfjY.exe	UPX
C:\Windows\system\AUOQVGf.exe	UPX
\Windows\system\wREQgJU.exe	UPX
\Windows\system\tYLSRgg.exe	UPX
\Windows\system\BJVRaVP.exe	UPX
\Windows\system\wWBEszJ.exe	UPX
\Windows\system\uAeAbsu.exe	UPX
\Windows\system\jSrbWBu.exe	UPX
C:\Windows\system\ULYLTZp.exe	UPX
C:\Windows\system\pIoweZe.exe	UPX
\Windows\system\ahUsrPy.exe	UPX
\Windows\system\PzLAEZF.exe	UPX
\Windows\system\kVusOUP.exe	UPX
\Windows\system\obNQDyT.exe	UPX
\Windows\system\dcNhHVi.exe	UPX
\Windows\system\eFKODXj.exe	UPX
\Windows\system\sDVyCIM.exe	UPX
\Windows\system\FZdEjtp.exe	UPX
\Windows\system\KlPBOpV.exe	UPX
\Windows\system\sCDiGHn.exe	UPX
\Windows\system\rTZkGhm.exe	UPX
\Windows\system\OWAyTxB.exe	UPX
\Windows\system\SWZQbPi.exe	UPX
\Windows\system\hulfdpX.exe	UPX
\Windows\system\huFpuPh.exe	UPX
\Windows\system\vBSQdQw.exe	UPX
behavioral1/memory/2860-37-0x000000013FD80000-0x00000001400D4000-memory.dmp	UPX
C:\Windows\system\kkEmkXU.exe	UPX

XMRig Miner payload 59 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2340-0-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
\Windows\system\VcUJUFF.exe	xmrig
behavioral1/memory/2340-6-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/memory/1732-14-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
C:\Windows\system\TCHRxEl.exe	xmrig
C:\Windows\system\PvpBFko.exe	xmrig
behavioral1/memory/2340-22-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2148-21-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2176-20-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
C:\Windows\system\aiQReBd.exe	xmrig
\Windows\system\aiQReBd.exe	xmrig
behavioral1/memory/2872-30-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
\Windows\system\MJkltfn.exe	xmrig
C:\Windows\system\cPnsvHb.exe	xmrig
C:\Windows\system\itRbtrS.exe	xmrig
\Windows\system\qDPLvQu.exe	xmrig
behavioral1/memory/2524-197-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2596-199-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2672-196-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
C:\Windows\system\ZoJYSsx.exe	xmrig
C:\Windows\system\IsxLsmR.exe	xmrig
behavioral1/memory/2340-555-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2340-557-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
C:\Windows\system\wWBEszJ.exe	xmrig
C:\Windows\system\AIrlvKT.exe	xmrig
C:\Windows\system\vcuINkH.exe	xmrig
C:\Windows\system\fGbEFIw.exe	xmrig
C:\Windows\system\YynSasc.exe	xmrig
C:\Windows\system\uAeAbsu.exe	xmrig
C:\Windows\system\dgrAzKx.exe	xmrig
C:\Windows\system\jSrbWBu.exe	xmrig
C:\Windows\system\ieOrfjY.exe	xmrig
C:\Windows\system\AUOQVGf.exe	xmrig
\Windows\system\wREQgJU.exe	xmrig
\Windows\system\tYLSRgg.exe	xmrig
\Windows\system\BJVRaVP.exe	xmrig
\Windows\system\wWBEszJ.exe	xmrig
\Windows\system\uAeAbsu.exe	xmrig
\Windows\system\jSrbWBu.exe	xmrig
C:\Windows\system\ULYLTZp.exe	xmrig
C:\Windows\system\pIoweZe.exe	xmrig
\Windows\system\ahUsrPy.exe	xmrig
\Windows\system\PzLAEZF.exe	xmrig
\Windows\system\kVusOUP.exe	xmrig
\Windows\system\obNQDyT.exe	xmrig
\Windows\system\dcNhHVi.exe	xmrig
\Windows\system\eFKODXj.exe	xmrig
\Windows\system\sDVyCIM.exe	xmrig
\Windows\system\FZdEjtp.exe	xmrig
\Windows\system\KlPBOpV.exe	xmrig
\Windows\system\sCDiGHn.exe	xmrig
\Windows\system\rTZkGhm.exe	xmrig
\Windows\system\OWAyTxB.exe	xmrig
\Windows\system\SWZQbPi.exe	xmrig
\Windows\system\hulfdpX.exe	xmrig
\Windows\system\huFpuPh.exe	xmrig
\Windows\system\vBSQdQw.exe	xmrig
behavioral1/memory/2860-37-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
C:\Windows\system\kkEmkXU.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

VcUJUFF.exeTCHRxEl.exePvpBFko.exeaiQReBd.exekkEmkXU.exepIoweZe.exeULYLTZp.execPnsvHb.exeMJkltfn.exeAUOQVGf.exeitRbtrS.exeieOrfjY.exejSrbWBu.exedgrAzKx.exeuAeAbsu.exeYynSasc.exefGbEFIw.exevcuINkH.exeAIrlvKT.exewWBEszJ.exeIsxLsmR.exeZoJYSsx.exeBJVRaVP.exevBSQdQw.exehuFpuPh.exehulfdpX.exeSWZQbPi.exeOWAyTxB.exerTZkGhm.exesCDiGHn.exeKlPBOpV.exeFZdEjtp.exesDVyCIM.exeeFKODXj.exedcNhHVi.exeobNQDyT.exekVusOUP.exePzLAEZF.exeahUsrPy.exetYLSRgg.exeqDPLvQu.exewREQgJU.exeUYdyYWo.exeEscSUrd.exebgLsMsW.exeycjbwTz.exeIokxnrT.exeNyDtlFm.exeXzBTqfL.exeWmfNqMd.exepIFMLvn.exebEopDXm.exetsrORbZ.exegAUWVdD.exeCliGYSG.exeDZHUzAW.exeakGUbqq.exejKQKNkr.exeMoLMffJ.exelvQgiqR.exeuenisuX.exeeHWJxcb.exeWSNCXka.exejaDSejQ.exe

pid	process
1732	VcUJUFF.exe
2176	TCHRxEl.exe
2148	PvpBFko.exe
2872	aiQReBd.exe
2860	kkEmkXU.exe
2672	pIoweZe.exe
2524	ULYLTZp.exe
2596	cPnsvHb.exe
2584	MJkltfn.exe
2436	AUOQVGf.exe
2956	itRbtrS.exe
1488	ieOrfjY.exe
2792	jSrbWBu.exe
2944	dgrAzKx.exe
2660	uAeAbsu.exe
1696	YynSasc.exe
760	fGbEFIw.exe
2400	vcuINkH.exe
2760	AIrlvKT.exe
360	wWBEszJ.exe
2464	IsxLsmR.exe
1940	ZoJYSsx.exe
2064	BJVRaVP.exe
3028	vBSQdQw.exe
2536	huFpuPh.exe
2380	hulfdpX.exe
3004	SWZQbPi.exe
2820	OWAyTxB.exe
2844	rTZkGhm.exe
2932	sCDiGHn.exe
1288	KlPBOpV.exe
2680	FZdEjtp.exe
1424	sDVyCIM.exe
2492	eFKODXj.exe
2764	dcNhHVi.exe
1964	obNQDyT.exe
2040	kVusOUP.exe
2600	PzLAEZF.exe
2272	ahUsrPy.exe
2300	tYLSRgg.exe
1992	qDPLvQu.exe
2884	wREQgJU.exe
1332	UYdyYWo.exe
1608	EscSUrd.exe
2224	bgLsMsW.exe
896	ycjbwTz.exe
2128	IokxnrT.exe
2228	NyDtlFm.exe
2152	XzBTqfL.exe
1500	WmfNqMd.exe
872	pIFMLvn.exe
2212	bEopDXm.exe
1704	tsrORbZ.exe
2848	gAUWVdD.exe
2568	CliGYSG.exe
2564	DZHUzAW.exe
1932	akGUbqq.exe
2836	jKQKNkr.exe
1124	MoLMffJ.exe
2540	lvQgiqR.exe
1316	uenisuX.exe
2984	eHWJxcb.exe
1312	WSNCXka.exe
2248	jaDSejQ.exe

Loads dropped DLL 64 IoCs

Processes:

2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe

pid	process
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2340-0-0x000000013F330000-0x000000013F684000-memory.dmp	upx
\Windows\system\VcUJUFF.exe	upx
behavioral1/memory/2340-6-0x0000000002220000-0x0000000002574000-memory.dmp	upx
behavioral1/memory/1732-14-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
C:\Windows\system\TCHRxEl.exe	upx
C:\Windows\system\PvpBFko.exe	upx
behavioral1/memory/2148-21-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2176-20-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
C:\Windows\system\aiQReBd.exe	upx
\Windows\system\aiQReBd.exe	upx
behavioral1/memory/2872-30-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
\Windows\system\MJkltfn.exe	upx
C:\Windows\system\cPnsvHb.exe	upx
C:\Windows\system\itRbtrS.exe	upx
\Windows\system\qDPLvQu.exe	upx
behavioral1/memory/2524-197-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2596-199-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2672-196-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
C:\Windows\system\ZoJYSsx.exe	upx
C:\Windows\system\IsxLsmR.exe	upx
C:\Windows\system\wWBEszJ.exe	upx
C:\Windows\system\AIrlvKT.exe	upx
C:\Windows\system\vcuINkH.exe	upx
C:\Windows\system\fGbEFIw.exe	upx
C:\Windows\system\YynSasc.exe	upx
C:\Windows\system\uAeAbsu.exe	upx
C:\Windows\system\dgrAzKx.exe	upx
C:\Windows\system\jSrbWBu.exe	upx
C:\Windows\system\ieOrfjY.exe	upx
C:\Windows\system\AUOQVGf.exe	upx
\Windows\system\wREQgJU.exe	upx
\Windows\system\tYLSRgg.exe	upx
\Windows\system\BJVRaVP.exe	upx
\Windows\system\wWBEszJ.exe	upx
\Windows\system\uAeAbsu.exe	upx
\Windows\system\jSrbWBu.exe	upx
C:\Windows\system\ULYLTZp.exe	upx
C:\Windows\system\pIoweZe.exe	upx
\Windows\system\ahUsrPy.exe	upx
\Windows\system\PzLAEZF.exe	upx
\Windows\system\kVusOUP.exe	upx
\Windows\system\obNQDyT.exe	upx
\Windows\system\dcNhHVi.exe	upx
\Windows\system\eFKODXj.exe	upx
\Windows\system\sDVyCIM.exe	upx
\Windows\system\FZdEjtp.exe	upx
\Windows\system\KlPBOpV.exe	upx
\Windows\system\sCDiGHn.exe	upx
\Windows\system\rTZkGhm.exe	upx
\Windows\system\OWAyTxB.exe	upx
\Windows\system\SWZQbPi.exe	upx
\Windows\system\hulfdpX.exe	upx
\Windows\system\huFpuPh.exe	upx
\Windows\system\vBSQdQw.exe	upx
behavioral1/memory/2860-37-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
C:\Windows\system\kkEmkXU.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe

description	ioc	process
File created	C:\Windows\System\gVrUMFa.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ZlZaMkl.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\mQwTrep.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\buFTPLs.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\hgPfsaM.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\CAQggEZ.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\sBnqvlQ.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\BJVRaVP.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\SwALzNi.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\wbjMcTg.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\YDieouC.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\FuRnQaj.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\vncxNOg.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\wWBEszJ.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\HVFEYXp.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\GBRjMIk.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\VTWepJF.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ejLhrgE.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\TXFKslS.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\DZHUzAW.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\akGUbqq.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\CUWBGrB.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\Hhgjydr.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\GhgQIcG.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ODIaZvo.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\oCNDuOI.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\yTQgATS.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\tDhISem.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\VmqdUFk.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\azhBZKc.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\gkLVOPk.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\NxYhmfi.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\CBAqigM.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\MjUIqdg.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\OLQAceN.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\IGXIKfe.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\GmEQbCr.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\JyLsVtn.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\mACLteL.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\zmHrwkT.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\MJkltfn.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\vprHtvt.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\oepiSOG.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\XtLDSrm.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\evrjcig.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\uenisuX.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EwCkQMQ.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\dHnsnsE.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\RelGxxi.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ABfVunP.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\MKdtwsx.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\xKOcXKx.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\UevlJEY.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\MOHXuPv.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\OGmfdIR.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\HeycaeV.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\scaocbb.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\BJkUBic.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\KYwiYkU.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\bCVlpAQ.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\VlOuQqp.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\QBejOUf.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\mbpnFLR.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\wrJAlTy.exe	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe

description	pid	process	target process
PID 2340 wrote to memory of 1732	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	VcUJUFF.exe
PID 2340 wrote to memory of 1732	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	VcUJUFF.exe
PID 2340 wrote to memory of 1732	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	VcUJUFF.exe
PID 2340 wrote to memory of 2176	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	TCHRxEl.exe
PID 2340 wrote to memory of 2176	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	TCHRxEl.exe
PID 2340 wrote to memory of 2176	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	TCHRxEl.exe
PID 2340 wrote to memory of 2148	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	PvpBFko.exe
PID 2340 wrote to memory of 2148	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	PvpBFko.exe
PID 2340 wrote to memory of 2148	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	PvpBFko.exe
PID 2340 wrote to memory of 2872	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	aiQReBd.exe
PID 2340 wrote to memory of 2872	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	aiQReBd.exe
PID 2340 wrote to memory of 2872	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	aiQReBd.exe
PID 2340 wrote to memory of 2860	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	kkEmkXU.exe
PID 2340 wrote to memory of 2860	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	kkEmkXU.exe
PID 2340 wrote to memory of 2860	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	kkEmkXU.exe
PID 2340 wrote to memory of 2672	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	pIoweZe.exe
PID 2340 wrote to memory of 2672	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	pIoweZe.exe
PID 2340 wrote to memory of 2672	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	pIoweZe.exe
PID 2340 wrote to memory of 2584	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	MJkltfn.exe
PID 2340 wrote to memory of 2584	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	MJkltfn.exe
PID 2340 wrote to memory of 2584	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	MJkltfn.exe
PID 2340 wrote to memory of 2524	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	ULYLTZp.exe
PID 2340 wrote to memory of 2524	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	ULYLTZp.exe
PID 2340 wrote to memory of 2524	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	ULYLTZp.exe
PID 2340 wrote to memory of 3028	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	vBSQdQw.exe
PID 2340 wrote to memory of 3028	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	vBSQdQw.exe
PID 2340 wrote to memory of 3028	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	vBSQdQw.exe
PID 2340 wrote to memory of 2596	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	cPnsvHb.exe
PID 2340 wrote to memory of 2596	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	cPnsvHb.exe
PID 2340 wrote to memory of 2596	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	cPnsvHb.exe
PID 2340 wrote to memory of 2536	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	huFpuPh.exe
PID 2340 wrote to memory of 2536	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	huFpuPh.exe
PID 2340 wrote to memory of 2536	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	huFpuPh.exe
PID 2340 wrote to memory of 2436	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	AUOQVGf.exe
PID 2340 wrote to memory of 2436	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	AUOQVGf.exe
PID 2340 wrote to memory of 2436	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	AUOQVGf.exe
PID 2340 wrote to memory of 2380	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	hulfdpX.exe
PID 2340 wrote to memory of 2380	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	hulfdpX.exe
PID 2340 wrote to memory of 2380	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	hulfdpX.exe
PID 2340 wrote to memory of 2956	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	itRbtrS.exe
PID 2340 wrote to memory of 2956	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	itRbtrS.exe
PID 2340 wrote to memory of 2956	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	itRbtrS.exe
PID 2340 wrote to memory of 3004	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	SWZQbPi.exe
PID 2340 wrote to memory of 3004	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	SWZQbPi.exe
PID 2340 wrote to memory of 3004	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	SWZQbPi.exe
PID 2340 wrote to memory of 1488	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	ieOrfjY.exe
PID 2340 wrote to memory of 1488	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	ieOrfjY.exe
PID 2340 wrote to memory of 1488	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	ieOrfjY.exe
PID 2340 wrote to memory of 2820	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	OWAyTxB.exe
PID 2340 wrote to memory of 2820	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	OWAyTxB.exe
PID 2340 wrote to memory of 2820	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	OWAyTxB.exe
PID 2340 wrote to memory of 2792	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	jSrbWBu.exe
PID 2340 wrote to memory of 2792	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	jSrbWBu.exe
PID 2340 wrote to memory of 2792	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	jSrbWBu.exe
PID 2340 wrote to memory of 2844	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	rTZkGhm.exe
PID 2340 wrote to memory of 2844	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	rTZkGhm.exe
PID 2340 wrote to memory of 2844	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	rTZkGhm.exe
PID 2340 wrote to memory of 2944	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	dgrAzKx.exe
PID 2340 wrote to memory of 2944	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	dgrAzKx.exe
PID 2340 wrote to memory of 2944	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	dgrAzKx.exe
PID 2340 wrote to memory of 2932	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	sCDiGHn.exe
PID 2340 wrote to memory of 2932	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	sCDiGHn.exe
PID 2340 wrote to memory of 2932	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	sCDiGHn.exe
PID 2340 wrote to memory of 2660	2340	2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe	uAeAbsu.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-24_a1939173ff94e26237d093dee0cb2f83_cobalt-strike_cobaltstrike.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2340

C:\Windows\System\VcUJUFF.exe
C:\Windows\System\VcUJUFF.exe
2⤵
- Executes dropped EXE
PID:1732

C:\Windows\System\TCHRxEl.exe
C:\Windows\System\TCHRxEl.exe
2⤵
- Executes dropped EXE
PID:2176

C:\Windows\System\PvpBFko.exe
C:\Windows\System\PvpBFko.exe
2⤵
- Executes dropped EXE
PID:2148

C:\Windows\System\aiQReBd.exe
C:\Windows\System\aiQReBd.exe
2⤵
- Executes dropped EXE
PID:2872

C:\Windows\System\kkEmkXU.exe
C:\Windows\System\kkEmkXU.exe
2⤵
- Executes dropped EXE
PID:2860

C:\Windows\System\pIoweZe.exe
C:\Windows\System\pIoweZe.exe
2⤵
- Executes dropped EXE
PID:2672

C:\Windows\System\MJkltfn.exe
C:\Windows\System\MJkltfn.exe
2⤵
- Executes dropped EXE
PID:2584

C:\Windows\System\ULYLTZp.exe
C:\Windows\System\ULYLTZp.exe
2⤵
- Executes dropped EXE
PID:2524

C:\Windows\System\vBSQdQw.exe
C:\Windows\System\vBSQdQw.exe
2⤵
- Executes dropped EXE
PID:3028

C:\Windows\System\cPnsvHb.exe
C:\Windows\System\cPnsvHb.exe
2⤵
- Executes dropped EXE
PID:2596

C:\Windows\System\huFpuPh.exe
C:\Windows\System\huFpuPh.exe
2⤵
- Executes dropped EXE
PID:2536

C:\Windows\System\AUOQVGf.exe
C:\Windows\System\AUOQVGf.exe
2⤵
- Executes dropped EXE
PID:2436

C:\Windows\System\hulfdpX.exe
C:\Windows\System\hulfdpX.exe
2⤵
- Executes dropped EXE
PID:2380

C:\Windows\System\itRbtrS.exe
C:\Windows\System\itRbtrS.exe
2⤵
- Executes dropped EXE
PID:2956

C:\Windows\System\SWZQbPi.exe
C:\Windows\System\SWZQbPi.exe
2⤵
- Executes dropped EXE
PID:3004

C:\Windows\System\ieOrfjY.exe
C:\Windows\System\ieOrfjY.exe
2⤵
- Executes dropped EXE
PID:1488

C:\Windows\System\OWAyTxB.exe
C:\Windows\System\OWAyTxB.exe
2⤵
- Executes dropped EXE
PID:2820

C:\Windows\System\jSrbWBu.exe
C:\Windows\System\jSrbWBu.exe
2⤵
- Executes dropped EXE
PID:2792

C:\Windows\System\rTZkGhm.exe
C:\Windows\System\rTZkGhm.exe
2⤵
- Executes dropped EXE
PID:2844

C:\Windows\System\dgrAzKx.exe
C:\Windows\System\dgrAzKx.exe
2⤵
- Executes dropped EXE
PID:2944

C:\Windows\System\sCDiGHn.exe
C:\Windows\System\sCDiGHn.exe
2⤵
- Executes dropped EXE
PID:2932

C:\Windows\System\uAeAbsu.exe
C:\Windows\System\uAeAbsu.exe
2⤵
- Executes dropped EXE
PID:2660

C:\Windows\System\KlPBOpV.exe
C:\Windows\System\KlPBOpV.exe
2⤵
- Executes dropped EXE
PID:1288

C:\Windows\System\YynSasc.exe
C:\Windows\System\YynSasc.exe
2⤵
- Executes dropped EXE
PID:1696

C:\Windows\System\FZdEjtp.exe
C:\Windows\System\FZdEjtp.exe
2⤵
- Executes dropped EXE
PID:2680

C:\Windows\System\fGbEFIw.exe
C:\Windows\System\fGbEFIw.exe
2⤵
- Executes dropped EXE
PID:760

C:\Windows\System\sDVyCIM.exe
C:\Windows\System\sDVyCIM.exe
2⤵
- Executes dropped EXE
PID:1424

C:\Windows\System\vcuINkH.exe
C:\Windows\System\vcuINkH.exe
2⤵
- Executes dropped EXE
PID:2400

C:\Windows\System\eFKODXj.exe
C:\Windows\System\eFKODXj.exe
2⤵
- Executes dropped EXE
PID:2492

C:\Windows\System\AIrlvKT.exe
C:\Windows\System\AIrlvKT.exe
2⤵
- Executes dropped EXE
PID:2760

C:\Windows\System\dcNhHVi.exe
C:\Windows\System\dcNhHVi.exe
2⤵
- Executes dropped EXE
PID:2764

C:\Windows\System\wWBEszJ.exe
C:\Windows\System\wWBEszJ.exe
2⤵
- Executes dropped EXE
PID:360

C:\Windows\System\obNQDyT.exe
C:\Windows\System\obNQDyT.exe
2⤵
- Executes dropped EXE
PID:1964

C:\Windows\System\IsxLsmR.exe
C:\Windows\System\IsxLsmR.exe
2⤵
- Executes dropped EXE
PID:2464

C:\Windows\System\kVusOUP.exe
C:\Windows\System\kVusOUP.exe
2⤵
- Executes dropped EXE
PID:2040

C:\Windows\System\ZoJYSsx.exe
C:\Windows\System\ZoJYSsx.exe
2⤵
- Executes dropped EXE
PID:1940

C:\Windows\System\ahUsrPy.exe
C:\Windows\System\ahUsrPy.exe
2⤵
- Executes dropped EXE
PID:2272

C:\Windows\System\BJVRaVP.exe
C:\Windows\System\BJVRaVP.exe
2⤵
- Executes dropped EXE
PID:2064

C:\Windows\System\PzLAEZF.exe
C:\Windows\System\PzLAEZF.exe
2⤵
- Executes dropped EXE
PID:2600

C:\Windows\System\tYLSRgg.exe
C:\Windows\System\tYLSRgg.exe
2⤵
- Executes dropped EXE
PID:2300

C:\Windows\System\qDPLvQu.exe
C:\Windows\System\qDPLvQu.exe
2⤵
- Executes dropped EXE
PID:1992

C:\Windows\System\wREQgJU.exe
C:\Windows\System\wREQgJU.exe
2⤵
- Executes dropped EXE
PID:2884

C:\Windows\System\dIyZObC.exe
C:\Windows\System\dIyZObC.exe
2⤵
PID:1768

C:\Windows\System\UYdyYWo.exe
C:\Windows\System\UYdyYWo.exe
2⤵
- Executes dropped EXE
PID:1332

C:\Windows\System\mjSxiZI.exe
C:\Windows\System\mjSxiZI.exe
2⤵
PID:1764

C:\Windows\System\EscSUrd.exe
C:\Windows\System\EscSUrd.exe
2⤵
- Executes dropped EXE
PID:1608

C:\Windows\System\gRvISoK.exe
C:\Windows\System\gRvISoK.exe
2⤵
PID:1248

C:\Windows\System\bgLsMsW.exe
C:\Windows\System\bgLsMsW.exe
2⤵
- Executes dropped EXE
PID:2224

C:\Windows\System\TXFKslS.exe
C:\Windows\System\TXFKslS.exe
2⤵
PID:332

C:\Windows\System\ycjbwTz.exe
C:\Windows\System\ycjbwTz.exe
2⤵
- Executes dropped EXE
PID:896

C:\Windows\System\MuIKbpO.exe
C:\Windows\System\MuIKbpO.exe
2⤵
PID:2264

C:\Windows\System\IokxnrT.exe
C:\Windows\System\IokxnrT.exe
2⤵
- Executes dropped EXE
PID:2128

C:\Windows\System\qvWCNCo.exe
C:\Windows\System\qvWCNCo.exe
2⤵
PID:2156

C:\Windows\System\NyDtlFm.exe
C:\Windows\System\NyDtlFm.exe
2⤵
- Executes dropped EXE
PID:2228

C:\Windows\System\dJEZFws.exe
C:\Windows\System\dJEZFws.exe
2⤵
PID:2284

C:\Windows\System\XzBTqfL.exe
C:\Windows\System\XzBTqfL.exe
2⤵
- Executes dropped EXE
PID:2152

C:\Windows\System\gHbmHRd.exe
C:\Windows\System\gHbmHRd.exe
2⤵
PID:2028

C:\Windows\System\WmfNqMd.exe
C:\Windows\System\WmfNqMd.exe
2⤵
- Executes dropped EXE
PID:1500

C:\Windows\System\KtZyYjp.exe
C:\Windows\System\KtZyYjp.exe
2⤵
PID:608

C:\Windows\System\pIFMLvn.exe
C:\Windows\System\pIFMLvn.exe
2⤵
- Executes dropped EXE
PID:872

C:\Windows\System\yOSxLOY.exe
C:\Windows\System\yOSxLOY.exe
2⤵
PID:2356

C:\Windows\System\bEopDXm.exe
C:\Windows\System\bEopDXm.exe
2⤵
- Executes dropped EXE
PID:2212

C:\Windows\System\xgySdig.exe
C:\Windows\System\xgySdig.exe
2⤵
PID:1948

C:\Windows\System\tsrORbZ.exe
C:\Windows\System\tsrORbZ.exe
2⤵
- Executes dropped EXE
PID:1704

C:\Windows\System\tOLObIv.exe
C:\Windows\System\tOLObIv.exe
2⤵
PID:1600

C:\Windows\System\gAUWVdD.exe
C:\Windows\System\gAUWVdD.exe
2⤵
- Executes dropped EXE
PID:2848

C:\Windows\System\EwHIVwj.exe
C:\Windows\System\EwHIVwj.exe
2⤵
PID:1628

C:\Windows\System\CliGYSG.exe
C:\Windows\System\CliGYSG.exe
2⤵
- Executes dropped EXE
PID:2568

C:\Windows\System\hEsyvbB.exe
C:\Windows\System\hEsyvbB.exe
2⤵
PID:2644

C:\Windows\System\DZHUzAW.exe
C:\Windows\System\DZHUzAW.exe
2⤵
- Executes dropped EXE
PID:2564

C:\Windows\System\SEKwHlk.exe
C:\Windows\System\SEKwHlk.exe
2⤵
PID:2516

C:\Windows\System\akGUbqq.exe
C:\Windows\System\akGUbqq.exe
2⤵
- Executes dropped EXE
PID:1932

C:\Windows\System\kletHMZ.exe
C:\Windows\System\kletHMZ.exe
2⤵
PID:3032

C:\Windows\System\jKQKNkr.exe
C:\Windows\System\jKQKNkr.exe
2⤵
- Executes dropped EXE
PID:2836

C:\Windows\System\ykghDrz.exe
C:\Windows\System\ykghDrz.exe
2⤵
PID:1784

C:\Windows\System\MoLMffJ.exe
C:\Windows\System\MoLMffJ.exe
2⤵
- Executes dropped EXE
PID:1124

C:\Windows\System\tOFyqFz.exe
C:\Windows\System\tOFyqFz.exe
2⤵
PID:2520

C:\Windows\System\lvQgiqR.exe
C:\Windows\System\lvQgiqR.exe
2⤵
- Executes dropped EXE
PID:2540

C:\Windows\System\sNvwChx.exe
C:\Windows\System\sNvwChx.exe
2⤵
PID:2488

C:\Windows\System\uenisuX.exe
C:\Windows\System\uenisuX.exe
2⤵
- Executes dropped EXE
PID:1316

C:\Windows\System\kqUKFDt.exe
C:\Windows\System\kqUKFDt.exe
2⤵
PID:2788

C:\Windows\System\eHWJxcb.exe
C:\Windows\System\eHWJxcb.exe
2⤵
- Executes dropped EXE
PID:2984

C:\Windows\System\xuDPwwh.exe
C:\Windows\System\xuDPwwh.exe
2⤵
PID:2312

C:\Windows\System\WSNCXka.exe
C:\Windows\System\WSNCXka.exe
2⤵
- Executes dropped EXE
PID:1312

C:\Windows\System\oTYPrwz.exe
C:\Windows\System\oTYPrwz.exe
2⤵
PID:1680

C:\Windows\System\jaDSejQ.exe
C:\Windows\System\jaDSejQ.exe
2⤵
- Executes dropped EXE
PID:2248

C:\Windows\System\TWHcUTJ.exe
C:\Windows\System\TWHcUTJ.exe
2⤵
PID:2120

C:\Windows\System\FWfpRHw.exe
C:\Windows\System\FWfpRHw.exe
2⤵
PID:1476

C:\Windows\System\OLQAceN.exe
C:\Windows\System\OLQAceN.exe
2⤵
PID:1644

C:\Windows\System\qFTIgdY.exe
C:\Windows\System\qFTIgdY.exe
2⤵
PID:1808

C:\Windows\System\IGXIKfe.exe
C:\Windows\System\IGXIKfe.exe
2⤵
PID:1528

C:\Windows\System\CaFojmZ.exe
C:\Windows\System\CaFojmZ.exe
2⤵
PID:2408

C:\Windows\System\pcxDMIl.exe
C:\Windows\System\pcxDMIl.exe
2⤵
PID:2420

C:\Windows\System\TYNeoOd.exe
C:\Windows\System\TYNeoOd.exe
2⤵
PID:2928

C:\Windows\System\GYgAUFf.exe
C:\Windows\System\GYgAUFf.exe
2⤵
PID:2396

C:\Windows\System\uYEUYrd.exe
C:\Windows\System\uYEUYrd.exe
2⤵
PID:1656

C:\Windows\System\upZSadz.exe
C:\Windows\System\upZSadz.exe
2⤵
PID:1412

C:\Windows\System\tGcVQRW.exe
C:\Windows\System\tGcVQRW.exe
2⤵
PID:2316

C:\Windows\System\dvKZbBN.exe
C:\Windows\System\dvKZbBN.exe
2⤵
PID:2880

C:\Windows\System\NWNJYJI.exe
C:\Windows\System\NWNJYJI.exe
2⤵
PID:3080

C:\Windows\System\mbpnFLR.exe
C:\Windows\System\mbpnFLR.exe
2⤵
PID:3096

C:\Windows\System\CFdsBNZ.exe
C:\Windows\System\CFdsBNZ.exe
2⤵
PID:3112

C:\Windows\System\ucgdsdr.exe
C:\Windows\System\ucgdsdr.exe
2⤵
PID:3128

C:\Windows\System\HFosBPo.exe
C:\Windows\System\HFosBPo.exe
2⤵
PID:3144

C:\Windows\System\ABfVunP.exe
C:\Windows\System\ABfVunP.exe
2⤵
PID:3160

C:\Windows\System\hTVpRWV.exe
C:\Windows\System\hTVpRWV.exe
2⤵
PID:3176

C:\Windows\System\LRBcZrq.exe
C:\Windows\System\LRBcZrq.exe
2⤵
PID:3192

C:\Windows\System\FuRnQaj.exe
C:\Windows\System\FuRnQaj.exe
2⤵
PID:3208

C:\Windows\System\azhBZKc.exe
C:\Windows\System\azhBZKc.exe
2⤵
PID:3224

C:\Windows\System\wsKdDVQ.exe
C:\Windows\System\wsKdDVQ.exe
2⤵
PID:3240

C:\Windows\System\QzOstSn.exe
C:\Windows\System\QzOstSn.exe
2⤵
PID:3256

C:\Windows\System\wHlFcHi.exe
C:\Windows\System\wHlFcHi.exe
2⤵
PID:3272

C:\Windows\System\MaiWaQk.exe
C:\Windows\System\MaiWaQk.exe
2⤵
PID:3288

C:\Windows\System\uuUivUT.exe
C:\Windows\System\uuUivUT.exe
2⤵
PID:3304

C:\Windows\System\KmlOJKc.exe
C:\Windows\System\KmlOJKc.exe
2⤵
PID:3320

C:\Windows\System\Hhgjydr.exe
C:\Windows\System\Hhgjydr.exe
2⤵
PID:3336

C:\Windows\System\AbcRhbA.exe
C:\Windows\System\AbcRhbA.exe
2⤵
PID:3352

C:\Windows\System\cTxMcsC.exe
C:\Windows\System\cTxMcsC.exe
2⤵
PID:3368

C:\Windows\System\TnIaFNk.exe
C:\Windows\System\TnIaFNk.exe
2⤵
PID:3384

C:\Windows\System\skrPukG.exe
C:\Windows\System\skrPukG.exe
2⤵
PID:3400

C:\Windows\System\djpUqsK.exe
C:\Windows\System\djpUqsK.exe
2⤵
PID:3416

C:\Windows\System\SwALzNi.exe
C:\Windows\System\SwALzNi.exe
2⤵
PID:3432

C:\Windows\System\dCsTwRx.exe
C:\Windows\System\dCsTwRx.exe
2⤵
PID:3448

C:\Windows\System\pocaDvt.exe
C:\Windows\System\pocaDvt.exe
2⤵
PID:3464

C:\Windows\System\NZzvNVm.exe
C:\Windows\System\NZzvNVm.exe
2⤵
PID:3480

C:\Windows\System\zadoGOF.exe
C:\Windows\System\zadoGOF.exe
2⤵
PID:3496

C:\Windows\System\gkLVOPk.exe
C:\Windows\System\gkLVOPk.exe
2⤵
PID:3512

C:\Windows\System\wJaUAju.exe
C:\Windows\System\wJaUAju.exe
2⤵
PID:3528

C:\Windows\System\aUwLCEF.exe
C:\Windows\System\aUwLCEF.exe
2⤵
PID:3544

C:\Windows\System\AfFQeGH.exe
C:\Windows\System\AfFQeGH.exe
2⤵
PID:3560

C:\Windows\System\gvtajTZ.exe
C:\Windows\System\gvtajTZ.exe
2⤵
PID:3576

C:\Windows\System\MOHXuPv.exe
C:\Windows\System\MOHXuPv.exe
2⤵
PID:3592

C:\Windows\System\DsNwvjZ.exe
C:\Windows\System\DsNwvjZ.exe
2⤵
PID:3608

C:\Windows\System\jRsDiEm.exe
C:\Windows\System\jRsDiEm.exe
2⤵
PID:3624

C:\Windows\System\OGmfdIR.exe
C:\Windows\System\OGmfdIR.exe
2⤵
PID:3640

C:\Windows\System\IzpWwzG.exe
C:\Windows\System\IzpWwzG.exe
2⤵
PID:3656

C:\Windows\System\fVVZElQ.exe
C:\Windows\System\fVVZElQ.exe
2⤵
PID:3672

C:\Windows\System\tilFwpi.exe
C:\Windows\System\tilFwpi.exe
2⤵
PID:3688

C:\Windows\System\GMHCYuo.exe
C:\Windows\System\GMHCYuo.exe
2⤵
PID:3704

C:\Windows\System\SXPYpBU.exe
C:\Windows\System\SXPYpBU.exe
2⤵
PID:3720

C:\Windows\System\RCaLSzK.exe
C:\Windows\System\RCaLSzK.exe
2⤵
PID:3736

C:\Windows\System\ixWeDHc.exe
C:\Windows\System\ixWeDHc.exe
2⤵
PID:3752

C:\Windows\System\wbjMcTg.exe
C:\Windows\System\wbjMcTg.exe
2⤵
PID:3768

C:\Windows\System\SHBTLJM.exe
C:\Windows\System\SHBTLJM.exe
2⤵
PID:3784

C:\Windows\System\XYvamCS.exe
C:\Windows\System\XYvamCS.exe
2⤵
PID:3800

C:\Windows\System\NtGZOqa.exe
C:\Windows\System\NtGZOqa.exe
2⤵
PID:3816

C:\Windows\System\mapUvDb.exe
C:\Windows\System\mapUvDb.exe
2⤵
PID:3832

C:\Windows\System\AiBAyqP.exe
C:\Windows\System\AiBAyqP.exe
2⤵
PID:3848

C:\Windows\System\bKSNSIU.exe
C:\Windows\System\bKSNSIU.exe
2⤵
PID:3864

C:\Windows\System\ljShNyz.exe
C:\Windows\System\ljShNyz.exe
2⤵
PID:3880

C:\Windows\System\aOfeOKa.exe
C:\Windows\System\aOfeOKa.exe
2⤵
PID:3896

C:\Windows\System\aIcZZpC.exe
C:\Windows\System\aIcZZpC.exe
2⤵
PID:3912

C:\Windows\System\UxtRNgL.exe
C:\Windows\System\UxtRNgL.exe
2⤵
PID:3928

C:\Windows\System\sVsWrka.exe
C:\Windows\System\sVsWrka.exe
2⤵
PID:3944

C:\Windows\System\sGaccNq.exe
C:\Windows\System\sGaccNq.exe
2⤵
PID:3960

C:\Windows\System\DjIAFkX.exe
C:\Windows\System\DjIAFkX.exe
2⤵
PID:3976

C:\Windows\System\cvIpbwn.exe
C:\Windows\System\cvIpbwn.exe
2⤵
PID:3992

C:\Windows\System\jDlclzY.exe
C:\Windows\System\jDlclzY.exe
2⤵
PID:4008

C:\Windows\System\rbyUtTl.exe
C:\Windows\System\rbyUtTl.exe
2⤵
PID:4024

C:\Windows\System\wHYttSU.exe
C:\Windows\System\wHYttSU.exe
2⤵
PID:4040

C:\Windows\System\evrjcig.exe
C:\Windows\System\evrjcig.exe
2⤵
PID:4056

C:\Windows\System\NxYhmfi.exe
C:\Windows\System\NxYhmfi.exe
2⤵
PID:4072

C:\Windows\System\tCmkqmq.exe
C:\Windows\System\tCmkqmq.exe
2⤵
PID:4088

C:\Windows\System\JXrKSLQ.exe
C:\Windows\System\JXrKSLQ.exe
2⤵
PID:4108

C:\Windows\System\tHqgcOS.exe
C:\Windows\System\tHqgcOS.exe
2⤵
PID:4124

C:\Windows\System\BJkUBic.exe
C:\Windows\System\BJkUBic.exe
2⤵
PID:4140

C:\Windows\System\ifUOznB.exe
C:\Windows\System\ifUOznB.exe
2⤵
PID:4156

C:\Windows\System\dQxwztL.exe
C:\Windows\System\dQxwztL.exe
2⤵
PID:4172

C:\Windows\System\wrJAlTy.exe
C:\Windows\System\wrJAlTy.exe
2⤵
PID:4188

C:\Windows\System\hVbrXKl.exe
C:\Windows\System\hVbrXKl.exe
2⤵
PID:4204

C:\Windows\System\tTdIBZo.exe
C:\Windows\System\tTdIBZo.exe
2⤵
PID:4220

C:\Windows\System\DjoVnGa.exe
C:\Windows\System\DjoVnGa.exe
2⤵
PID:4236

C:\Windows\System\ywtzJma.exe
C:\Windows\System\ywtzJma.exe
2⤵
PID:4252

C:\Windows\System\iKTtSkj.exe
C:\Windows\System\iKTtSkj.exe
2⤵
PID:4268

C:\Windows\System\GFPUbxt.exe
C:\Windows\System\GFPUbxt.exe
2⤵
PID:4284

C:\Windows\System\WvIVqtF.exe
C:\Windows\System\WvIVqtF.exe
2⤵
PID:4300

C:\Windows\System\KEqOHEK.exe
C:\Windows\System\KEqOHEK.exe
2⤵
PID:4316

C:\Windows\System\RMSvcYl.exe
C:\Windows\System\RMSvcYl.exe
2⤵
PID:4332

C:\Windows\System\bjBMlPK.exe
C:\Windows\System\bjBMlPK.exe
2⤵
PID:4348

C:\Windows\System\ZVlFdMb.exe
C:\Windows\System\ZVlFdMb.exe
2⤵
PID:4364

C:\Windows\System\xcmPKXD.exe
C:\Windows\System\xcmPKXD.exe
2⤵
PID:4380

C:\Windows\System\NwaOWhr.exe
C:\Windows\System\NwaOWhr.exe
2⤵
PID:4396

C:\Windows\System\vprHtvt.exe
C:\Windows\System\vprHtvt.exe
2⤵
PID:4412

C:\Windows\System\FarAPww.exe
C:\Windows\System\FarAPww.exe
2⤵
PID:4428

C:\Windows\System\Qmuflgo.exe
C:\Windows\System\Qmuflgo.exe
2⤵
PID:4444

C:\Windows\System\DXkINwe.exe
C:\Windows\System\DXkINwe.exe
2⤵
PID:4460

C:\Windows\System\HlHepXr.exe
C:\Windows\System\HlHepXr.exe
2⤵
PID:4476

C:\Windows\System\HaqQCMb.exe
C:\Windows\System\HaqQCMb.exe
2⤵
PID:4492

C:\Windows\System\AGxyBrT.exe
C:\Windows\System\AGxyBrT.exe
2⤵
PID:4508

C:\Windows\System\ESRAdlz.exe
C:\Windows\System\ESRAdlz.exe
2⤵
PID:4524

C:\Windows\System\kuOQrBg.exe
C:\Windows\System\kuOQrBg.exe
2⤵
PID:4540

C:\Windows\System\crdFgqv.exe
C:\Windows\System\crdFgqv.exe
2⤵
PID:4556

C:\Windows\System\kJrZBKY.exe
C:\Windows\System\kJrZBKY.exe
2⤵
PID:4572

C:\Windows\System\kOTVsxa.exe
C:\Windows\System\kOTVsxa.exe
2⤵
PID:4588

C:\Windows\System\sjgurFZ.exe
C:\Windows\System\sjgurFZ.exe
2⤵
PID:4604

C:\Windows\System\UfLEExO.exe
C:\Windows\System\UfLEExO.exe
2⤵
PID:4620

C:\Windows\System\AybwJdc.exe
C:\Windows\System\AybwJdc.exe
2⤵
PID:4636

C:\Windows\System\UhUGKqn.exe
C:\Windows\System\UhUGKqn.exe
2⤵
PID:4652

C:\Windows\System\THlySEU.exe
C:\Windows\System\THlySEU.exe
2⤵
PID:4668

C:\Windows\System\pSMbuWo.exe
C:\Windows\System\pSMbuWo.exe
2⤵
PID:4684

C:\Windows\System\HkGOtIi.exe
C:\Windows\System\HkGOtIi.exe
2⤵
PID:4700

C:\Windows\System\YjbOJtf.exe
C:\Windows\System\YjbOJtf.exe
2⤵
PID:4716

C:\Windows\System\KYwiYkU.exe
C:\Windows\System\KYwiYkU.exe
2⤵
PID:4732

C:\Windows\System\ZlVoPRU.exe
C:\Windows\System\ZlVoPRU.exe
2⤵
PID:4748

C:\Windows\System\xUUvCZL.exe
C:\Windows\System\xUUvCZL.exe
2⤵
PID:4764

C:\Windows\System\YdPXPFk.exe
C:\Windows\System\YdPXPFk.exe
2⤵
PID:4780

C:\Windows\System\xBepJWd.exe
C:\Windows\System\xBepJWd.exe
2⤵
PID:4796

C:\Windows\System\NdsiIfo.exe
C:\Windows\System\NdsiIfo.exe
2⤵
PID:4812

C:\Windows\System\kSFyUjb.exe
C:\Windows\System\kSFyUjb.exe
2⤵
PID:4828

C:\Windows\System\EwCkQMQ.exe
C:\Windows\System\EwCkQMQ.exe
2⤵
PID:4844

C:\Windows\System\nfpXYRU.exe
C:\Windows\System\nfpXYRU.exe
2⤵
PID:4860

C:\Windows\System\AhoecCq.exe
C:\Windows\System\AhoecCq.exe
2⤵
PID:4876

C:\Windows\System\SOUWGnx.exe
C:\Windows\System\SOUWGnx.exe
2⤵
PID:4900

C:\Windows\System\puwnXTC.exe
C:\Windows\System\puwnXTC.exe
2⤵
PID:4920

C:\Windows\System\OIgOHff.exe
C:\Windows\System\OIgOHff.exe
2⤵
PID:4936

C:\Windows\System\qiiETnr.exe
C:\Windows\System\qiiETnr.exe
2⤵
PID:4952

C:\Windows\System\culeSSx.exe
C:\Windows\System\culeSSx.exe
2⤵
PID:4968

C:\Windows\System\aWhuljb.exe
C:\Windows\System\aWhuljb.exe
2⤵
PID:4984

C:\Windows\System\YDieouC.exe
C:\Windows\System\YDieouC.exe
2⤵
PID:5000

C:\Windows\System\iHFQSkR.exe
C:\Windows\System\iHFQSkR.exe
2⤵
PID:5016

C:\Windows\System\vgMOnUn.exe
C:\Windows\System\vgMOnUn.exe
2⤵
PID:5032

C:\Windows\System\VBBtyhn.exe
C:\Windows\System\VBBtyhn.exe
2⤵
PID:5048

C:\Windows\System\fFuLeaf.exe
C:\Windows\System\fFuLeaf.exe
2⤵
PID:5064

C:\Windows\System\VQcYctC.exe
C:\Windows\System\VQcYctC.exe
2⤵
PID:5080

C:\Windows\System\DLQELcZ.exe
C:\Windows\System\DLQELcZ.exe
2⤵
PID:5096

C:\Windows\System\heoHRAg.exe
C:\Windows\System\heoHRAg.exe
2⤵
PID:5112

C:\Windows\System\BeQYWGR.exe
C:\Windows\System\BeQYWGR.exe
2⤵
PID:1384

C:\Windows\System\YznQzuk.exe
C:\Windows\System\YznQzuk.exe
2⤵
PID:2404

C:\Windows\System\frIoxUi.exe
C:\Windows\System\frIoxUi.exe
2⤵
PID:2896

C:\Windows\System\xAtrQso.exe
C:\Windows\System\xAtrQso.exe
2⤵
PID:1928

C:\Windows\System\ciXbzOr.exe
C:\Windows\System\ciXbzOr.exe
2⤵
PID:2232

C:\Windows\System\uwvamGZ.exe
C:\Windows\System\uwvamGZ.exe
2⤵
PID:3040

C:\Windows\System\VvZXDIp.exe
C:\Windows\System\VvZXDIp.exe
2⤵
PID:1296

C:\Windows\System\xhtbbmM.exe
C:\Windows\System\xhtbbmM.exe
2⤵
PID:2588

C:\Windows\System\HHeLMzJ.exe
C:\Windows\System\HHeLMzJ.exe
2⤵
PID:2072

C:\Windows\System\nPSvrgi.exe
C:\Windows\System\nPSvrgi.exe
2⤵
PID:1800

C:\Windows\System\aKRfvdi.exe
C:\Windows\System\aKRfvdi.exe
2⤵
PID:2756

C:\Windows\System\FcvlMxc.exe
C:\Windows\System\FcvlMxc.exe
2⤵
PID:1468

C:\Windows\System\iGDFYJf.exe
C:\Windows\System\iGDFYJf.exe
2⤵
PID:1472

C:\Windows\System\PbDfpSa.exe
C:\Windows\System\PbDfpSa.exe
2⤵
PID:1140

C:\Windows\System\dZZzQFO.exe
C:\Windows\System\dZZzQFO.exe
2⤵
PID:3088

C:\Windows\System\zQlbrbO.exe
C:\Windows\System\zQlbrbO.exe
2⤵
PID:3124

C:\Windows\System\wsLVnCG.exe
C:\Windows\System\wsLVnCG.exe
2⤵
PID:3216

C:\Windows\System\rECbzQw.exe
C:\Windows\System\rECbzQw.exe
2⤵
PID:3280

C:\Windows\System\hDxnlOV.exe
C:\Windows\System\hDxnlOV.exe
2⤵
PID:3344

C:\Windows\System\UvxsYuo.exe
C:\Windows\System\UvxsYuo.exe
2⤵
PID:3408

C:\Windows\System\sZYIMmj.exe
C:\Windows\System\sZYIMmj.exe
2⤵
PID:3472

C:\Windows\System\ZhvUijQ.exe
C:\Windows\System\ZhvUijQ.exe
2⤵
PID:3536

C:\Windows\System\lVJpvqa.exe
C:\Windows\System\lVJpvqa.exe
2⤵
PID:3600

C:\Windows\System\yLCrCGY.exe
C:\Windows\System\yLCrCGY.exe
2⤵
PID:3664

C:\Windows\System\AMKQTDb.exe
C:\Windows\System\AMKQTDb.exe
2⤵
PID:3728

C:\Windows\System\WQyyFCG.exe
C:\Windows\System\WQyyFCG.exe
2⤵
PID:3792

C:\Windows\System\WvzsWYi.exe
C:\Windows\System\WvzsWYi.exe
2⤵
PID:3856

C:\Windows\System\GmEQbCr.exe
C:\Windows\System\GmEQbCr.exe
2⤵
PID:3920

C:\Windows\System\jUnovYI.exe
C:\Windows\System\jUnovYI.exe
2⤵
PID:3984

C:\Windows\System\yeKgyoW.exe
C:\Windows\System\yeKgyoW.exe
2⤵
PID:4048

C:\Windows\System\AFCqvon.exe
C:\Windows\System\AFCqvon.exe
2⤵
PID:4116

C:\Windows\System\HnqMBwU.exe
C:\Windows\System\HnqMBwU.exe
2⤵
PID:4180

C:\Windows\System\IYQHUDb.exe
C:\Windows\System\IYQHUDb.exe
2⤵
PID:4244

C:\Windows\System\tXpxJNo.exe
C:\Windows\System\tXpxJNo.exe
2⤵
PID:4308

C:\Windows\System\kFNeNjJ.exe
C:\Windows\System\kFNeNjJ.exe
2⤵
PID:4372

C:\Windows\System\HDXqNcZ.exe
C:\Windows\System\HDXqNcZ.exe
2⤵
PID:4436

C:\Windows\System\eDXNopf.exe
C:\Windows\System\eDXNopf.exe
2⤵
PID:4500

C:\Windows\System\SKRDjNF.exe
C:\Windows\System\SKRDjNF.exe
2⤵
PID:4568

C:\Windows\System\hvSjBou.exe
C:\Windows\System\hvSjBou.exe
2⤵
PID:4632

C:\Windows\System\FyquAhX.exe
C:\Windows\System\FyquAhX.exe
2⤵
PID:4696

C:\Windows\System\JWkchaC.exe
C:\Windows\System\JWkchaC.exe
2⤵
PID:4760

C:\Windows\System\lDDUgtg.exe
C:\Windows\System\lDDUgtg.exe
2⤵
PID:4824

C:\Windows\System\UiDsBaP.exe
C:\Windows\System\UiDsBaP.exe
2⤵
PID:2532

C:\Windows\System\kkGdnsF.exe
C:\Windows\System\kkGdnsF.exe
2⤵
PID:4928

C:\Windows\System\fVzxPvR.exe
C:\Windows\System\fVzxPvR.exe
2⤵
PID:4992

C:\Windows\System\HFMvaIT.exe
C:\Windows\System\HFMvaIT.exe
2⤵
PID:5060

C:\Windows\System\qHVPhsE.exe
C:\Windows\System\qHVPhsE.exe
2⤵
PID:1668

C:\Windows\System\jojIvEE.exe
C:\Windows\System\jojIvEE.exe
2⤵
PID:868

C:\Windows\System\IFMEGuL.exe
C:\Windows\System\IFMEGuL.exe
2⤵
PID:2936

C:\Windows\System\CUWBGrB.exe
C:\Windows\System\CUWBGrB.exe
2⤵
PID:1088

C:\Windows\System\YPQRYWE.exe
C:\Windows\System\YPQRYWE.exe
2⤵
PID:3184

C:\Windows\System\GesCNFu.exe
C:\Windows\System\GesCNFu.exe
2⤵
PID:3440

C:\Windows\System\MKdtwsx.exe
C:\Windows\System\MKdtwsx.exe
2⤵
PID:3696

C:\Windows\System\iWUIPrP.exe
C:\Windows\System\iWUIPrP.exe
2⤵
PID:2780

C:\Windows\System\KqUCmuv.exe
C:\Windows\System\KqUCmuv.exe
2⤵
PID:2684

C:\Windows\System\gVrUMFa.exe
C:\Windows\System\gVrUMFa.exe
2⤵
PID:2424

C:\Windows\System\IdyjqCb.exe
C:\Windows\System\IdyjqCb.exe
2⤵
PID:5132

C:\Windows\System\uaRkLwp.exe
C:\Windows\System\uaRkLwp.exe
2⤵
PID:5148

C:\Windows\System\xOZNxKh.exe
C:\Windows\System\xOZNxKh.exe
2⤵
PID:5164

C:\Windows\System\cCSzekH.exe
C:\Windows\System\cCSzekH.exe
2⤵
PID:5180

C:\Windows\System\oepiSOG.exe
C:\Windows\System\oepiSOG.exe
2⤵
PID:5196

C:\Windows\System\lRUWlfy.exe
C:\Windows\System\lRUWlfy.exe
2⤵
PID:5212

C:\Windows\System\eHwOdSb.exe
C:\Windows\System\eHwOdSb.exe
2⤵
PID:5228

C:\Windows\System\EXFLGkZ.exe
C:\Windows\System\EXFLGkZ.exe
2⤵
PID:5244

C:\Windows\System\twZrgon.exe
C:\Windows\System\twZrgon.exe
2⤵
PID:5260

C:\Windows\System\QuLJJOm.exe
C:\Windows\System\QuLJJOm.exe
2⤵
PID:5276

C:\Windows\System\CwShblp.exe
C:\Windows\System\CwShblp.exe
2⤵
PID:5292

C:\Windows\System\buFTPLs.exe
C:\Windows\System\buFTPLs.exe
2⤵
PID:5308

C:\Windows\System\gIggxpa.exe
C:\Windows\System\gIggxpa.exe
2⤵
PID:5324

C:\Windows\System\DlRCXnp.exe
C:\Windows\System\DlRCXnp.exe
2⤵
PID:5340

C:\Windows\System\cfBVZWx.exe
C:\Windows\System\cfBVZWx.exe
2⤵
PID:5356

C:\Windows\System\pyoqJZV.exe
C:\Windows\System\pyoqJZV.exe
2⤵
PID:5372

C:\Windows\System\dHnsnsE.exe
C:\Windows\System\dHnsnsE.exe
2⤵
PID:5388

C:\Windows\System\QKHCtHa.exe
C:\Windows\System\QKHCtHa.exe
2⤵
PID:5404

C:\Windows\System\pltRaLK.exe
C:\Windows\System\pltRaLK.exe
2⤵
PID:5420

C:\Windows\System\qFeNCqg.exe
C:\Windows\System\qFeNCqg.exe
2⤵
PID:5436

C:\Windows\System\EieFJWH.exe
C:\Windows\System\EieFJWH.exe
2⤵
PID:5452

C:\Windows\System\XtLDSrm.exe
C:\Windows\System\XtLDSrm.exe
2⤵
PID:5468

C:\Windows\System\XCCzNzm.exe
C:\Windows\System\XCCzNzm.exe
2⤵
PID:5484

C:\Windows\System\GhgQIcG.exe
C:\Windows\System\GhgQIcG.exe
2⤵
PID:5500

C:\Windows\System\YHZbqZM.exe
C:\Windows\System\YHZbqZM.exe
2⤵
PID:5516

C:\Windows\System\kqdaFWh.exe
C:\Windows\System\kqdaFWh.exe
2⤵
PID:5532

C:\Windows\System\CvBVGMR.exe
C:\Windows\System\CvBVGMR.exe
2⤵
PID:5548

C:\Windows\System\gGinesj.exe
C:\Windows\System\gGinesj.exe
2⤵
PID:5564

C:\Windows\System\vxnNbGm.exe
C:\Windows\System\vxnNbGm.exe
2⤵
PID:5580

C:\Windows\System\hpDpKdD.exe
C:\Windows\System\hpDpKdD.exe
2⤵
PID:5596

C:\Windows\System\renIRkN.exe
C:\Windows\System\renIRkN.exe
2⤵
PID:5612

C:\Windows\System\CAQggEZ.exe
C:\Windows\System\CAQggEZ.exe
2⤵
PID:5628

C:\Windows\System\mFDrnrK.exe
C:\Windows\System\mFDrnrK.exe
2⤵
PID:5644

C:\Windows\System\bNtdISR.exe
C:\Windows\System\bNtdISR.exe
2⤵
PID:5660

C:\Windows\System\oCGEtgg.exe
C:\Windows\System\oCGEtgg.exe
2⤵
PID:5676

C:\Windows\System\GRtMRwT.exe
C:\Windows\System\GRtMRwT.exe
2⤵
PID:5692

C:\Windows\System\zFcTLdO.exe
C:\Windows\System\zFcTLdO.exe
2⤵
PID:5708

C:\Windows\System\JyLsVtn.exe
C:\Windows\System\JyLsVtn.exe
2⤵
PID:5724

C:\Windows\System\uQncsrk.exe
C:\Windows\System\uQncsrk.exe
2⤵
PID:5740

C:\Windows\System\KFuWWlA.exe
C:\Windows\System\KFuWWlA.exe
2⤵
PID:5756

C:\Windows\System\IeMDWDg.exe
C:\Windows\System\IeMDWDg.exe
2⤵
PID:5772

C:\Windows\System\oCNDuOI.exe
C:\Windows\System\oCNDuOI.exe
2⤵
PID:5788

C:\Windows\System\IJQnKkx.exe
C:\Windows\System\IJQnKkx.exe
2⤵
PID:5804

C:\Windows\System\kYQJTAb.exe
C:\Windows\System\kYQJTAb.exe
2⤵
PID:5820

C:\Windows\System\yTQgATS.exe
C:\Windows\System\yTQgATS.exe
2⤵
PID:5836

C:\Windows\System\vctcQXF.exe
C:\Windows\System\vctcQXF.exe
2⤵
PID:5852

C:\Windows\System\xYtPZZu.exe
C:\Windows\System\xYtPZZu.exe
2⤵
PID:5868

C:\Windows\System\HVFEYXp.exe
C:\Windows\System\HVFEYXp.exe
2⤵
PID:5884

C:\Windows\System\ZtewPWr.exe
C:\Windows\System\ZtewPWr.exe
2⤵
PID:5900

C:\Windows\System\cvWokXI.exe
C:\Windows\System\cvWokXI.exe
2⤵
PID:5916

C:\Windows\System\jCCXReS.exe
C:\Windows\System\jCCXReS.exe
2⤵
PID:5932

C:\Windows\System\ufoXTYG.exe
C:\Windows\System\ufoXTYG.exe
2⤵
PID:5968

C:\Windows\System\QUbRIRb.exe
C:\Windows\System\QUbRIRb.exe
2⤵
PID:5984

C:\Windows\System\CBAqigM.exe
C:\Windows\System\CBAqigM.exe
2⤵
PID:6000

C:\Windows\System\nnrUJTL.exe
C:\Windows\System\nnrUJTL.exe
2⤵
PID:6024

C:\Windows\System\VVsXtkH.exe
C:\Windows\System\VVsXtkH.exe
2⤵
PID:6040

C:\Windows\System\RhFUOGJ.exe
C:\Windows\System\RhFUOGJ.exe
2⤵
PID:6056

C:\Windows\System\BiSzQxA.exe
C:\Windows\System\BiSzQxA.exe
2⤵
PID:6072

C:\Windows\System\CdsyoDS.exe
C:\Windows\System\CdsyoDS.exe
2⤵
PID:6088

C:\Windows\System\CsPYfET.exe
C:\Windows\System\CsPYfET.exe
2⤵
PID:6104

C:\Windows\System\wowotLo.exe
C:\Windows\System\wowotLo.exe
2⤵
PID:6120

C:\Windows\System\hzfbUrF.exe
C:\Windows\System\hzfbUrF.exe
2⤵
PID:6136

C:\Windows\System\BhNHmQK.exe
C:\Windows\System\BhNHmQK.exe
2⤵
PID:1912

C:\Windows\System\ZRpctGg.exe
C:\Windows\System\ZRpctGg.exe
2⤵
PID:2828

C:\Windows\System\PMKJByo.exe
C:\Windows\System\PMKJByo.exe
2⤵
PID:6152

C:\Windows\System\LkbgIal.exe
C:\Windows\System\LkbgIal.exe
2⤵
PID:6168

C:\Windows\System\LVmClkL.exe
C:\Windows\System\LVmClkL.exe
2⤵
PID:6184

C:\Windows\System\NqLxhVH.exe
C:\Windows\System\NqLxhVH.exe
2⤵
PID:6200

C:\Windows\System\frbOefK.exe
C:\Windows\System\frbOefK.exe
2⤵
PID:6216

C:\Windows\System\RoZSXUt.exe
C:\Windows\System\RoZSXUt.exe
2⤵
PID:6232

C:\Windows\System\HeycaeV.exe
C:\Windows\System\HeycaeV.exe
2⤵
PID:6248

C:\Windows\System\fODJJnd.exe
C:\Windows\System\fODJJnd.exe
2⤵
PID:6264

C:\Windows\System\gXgkTOr.exe
C:\Windows\System\gXgkTOr.exe
2⤵
PID:6280

C:\Windows\System\RtZPRPX.exe
C:\Windows\System\RtZPRPX.exe
2⤵
PID:6296

C:\Windows\System\obtwPKz.exe
C:\Windows\System\obtwPKz.exe
2⤵
PID:6312

C:\Windows\System\ODIaZvo.exe
C:\Windows\System\ODIaZvo.exe
2⤵
PID:6328

C:\Windows\System\xZTBoSm.exe
C:\Windows\System\xZTBoSm.exe
2⤵
PID:6344

C:\Windows\System\nDoQmKQ.exe
C:\Windows\System\nDoQmKQ.exe
2⤵
PID:6360

C:\Windows\System\xKOcXKx.exe
C:\Windows\System\xKOcXKx.exe
2⤵
PID:6376

C:\Windows\System\cQULgHt.exe
C:\Windows\System\cQULgHt.exe
2⤵
PID:6392

C:\Windows\System\mtNjpAW.exe
C:\Windows\System\mtNjpAW.exe
2⤵
PID:6552

C:\Windows\System\scaocbb.exe
C:\Windows\System\scaocbb.exe
2⤵
PID:6600

C:\Windows\System\sBnqvlQ.exe
C:\Windows\System\sBnqvlQ.exe
2⤵
PID:6616

C:\Windows\System\IFvdoRy.exe
C:\Windows\System\IFvdoRy.exe
2⤵
PID:6632

C:\Windows\System\zZniacS.exe
C:\Windows\System\zZniacS.exe
2⤵
PID:6648

C:\Windows\System\rcvSRnt.exe
C:\Windows\System\rcvSRnt.exe
2⤵
PID:6664

C:\Windows\System\WtuMVLn.exe
C:\Windows\System\WtuMVLn.exe
2⤵
PID:6680

C:\Windows\System\MjUIqdg.exe
C:\Windows\System\MjUIqdg.exe
2⤵
PID:6696

C:\Windows\System\dXXHDbh.exe
C:\Windows\System\dXXHDbh.exe
2⤵
PID:6712

C:\Windows\System\KPKZHkX.exe
C:\Windows\System\KPKZHkX.exe
2⤵
PID:6728

C:\Windows\System\CHhxZpF.exe
C:\Windows\System\CHhxZpF.exe
2⤵
PID:6744

C:\Windows\System\anWWjEu.exe
C:\Windows\System\anWWjEu.exe
2⤵
PID:6760

C:\Windows\System\YzyGlLl.exe
C:\Windows\System\YzyGlLl.exe
2⤵
PID:6776

C:\Windows\System\gvkppih.exe
C:\Windows\System\gvkppih.exe
2⤵
PID:6792

C:\Windows\System\zDfHjII.exe
C:\Windows\System\zDfHjII.exe
2⤵
PID:6808

C:\Windows\System\VrbEDlY.exe
C:\Windows\System\VrbEDlY.exe
2⤵
PID:6824

C:\Windows\System\vncxNOg.exe
C:\Windows\System\vncxNOg.exe
2⤵
PID:6840

C:\Windows\System\KhLDCGa.exe
C:\Windows\System\KhLDCGa.exe
2⤵
PID:6856

C:\Windows\System\mNBKtDZ.exe
C:\Windows\System\mNBKtDZ.exe
2⤵
PID:6872

C:\Windows\System\MXNMjrP.exe
C:\Windows\System\MXNMjrP.exe
2⤵
PID:6888

C:\Windows\System\wwLPfaT.exe
C:\Windows\System\wwLPfaT.exe
2⤵
PID:6904

C:\Windows\System\LzkXKqX.exe
C:\Windows\System\LzkXKqX.exe
2⤵
PID:6920

C:\Windows\System\RHqVysw.exe
C:\Windows\System\RHqVysw.exe
2⤵
PID:6936

C:\Windows\System\RwSFmWf.exe
C:\Windows\System\RwSFmWf.exe
2⤵
PID:6952

C:\Windows\System\TtBNDbg.exe
C:\Windows\System\TtBNDbg.exe
2⤵
PID:6972

C:\Windows\System\ksRpPfY.exe
C:\Windows\System\ksRpPfY.exe
2⤵
PID:6988

C:\Windows\System\UevlJEY.exe
C:\Windows\System\UevlJEY.exe
2⤵
PID:7004

C:\Windows\System\SJEVhJu.exe
C:\Windows\System\SJEVhJu.exe
2⤵
PID:7020

C:\Windows\System\glXwluH.exe
C:\Windows\System\glXwluH.exe
2⤵
PID:7036

C:\Windows\System\PXTjkEb.exe
C:\Windows\System\PXTjkEb.exe
2⤵
PID:7052

C:\Windows\System\PUSIkKu.exe
C:\Windows\System\PUSIkKu.exe
2⤵
PID:7068

C:\Windows\System\oSJYOYy.exe
C:\Windows\System\oSJYOYy.exe
2⤵
PID:7084

C:\Windows\System\XNQawKS.exe
C:\Windows\System\XNQawKS.exe
2⤵
PID:7100

C:\Windows\System\wHVJJNy.exe
C:\Windows\System\wHVJJNy.exe
2⤵
PID:7116

C:\Windows\System\GXFNHZL.exe
C:\Windows\System\GXFNHZL.exe
2⤵
PID:7132

C:\Windows\System\dFgRvRE.exe
C:\Windows\System\dFgRvRE.exe
2⤵
PID:7148

C:\Windows\System\GPeqoTV.exe
C:\Windows\System\GPeqoTV.exe
2⤵
PID:7164

C:\Windows\System\EXpXnbY.exe
C:\Windows\System\EXpXnbY.exe
2⤵
PID:2924

C:\Windows\System\wWYgxbC.exe
C:\Windows\System\wWYgxbC.exe
2⤵
PID:1924

C:\Windows\System\OEfAkyZ.exe
C:\Windows\System\OEfAkyZ.exe
2⤵
PID:2528

C:\Windows\System\VlOuQqp.exe
C:\Windows\System\VlOuQqp.exe
2⤵
PID:2308

C:\Windows\System\KTVOGUs.exe
C:\Windows\System\KTVOGUs.exe
2⤵
PID:4808

C:\Windows\System\MRAVVUG.exe
C:\Windows\System\MRAVVUG.exe
2⤵
PID:4740

C:\Windows\System\GBRjMIk.exe
C:\Windows\System\GBRjMIk.exe
2⤵
PID:4580

C:\Windows\System\mACLteL.exe
C:\Windows\System\mACLteL.exe
2⤵
PID:4484

C:\Windows\System\IRTYfma.exe
C:\Windows\System\IRTYfma.exe
2⤵
PID:4420

C:\Windows\System\GHRkJSu.exe
C:\Windows\System\GHRkJSu.exe
2⤵
PID:4328

C:\Windows\System\qCYHPHt.exe
C:\Windows\System\qCYHPHt.exe
2⤵
PID:4232

C:\Windows\System\toAytEb.exe
C:\Windows\System\toAytEb.exe
2⤵
PID:4168

C:\Windows\System\TKIhkJZ.exe
C:\Windows\System\TKIhkJZ.exe
2⤵
PID:4104

C:\Windows\System\kBMFyNP.exe
C:\Windows\System\kBMFyNP.exe
2⤵
PID:4032

C:\Windows\System\UiiLxiQ.exe
C:\Windows\System\UiiLxiQ.exe
2⤵
PID:3908

C:\Windows\System\XWPixJK.exe
C:\Windows\System\XWPixJK.exe
2⤵
PID:3812

C:\Windows\System\NUbIfQO.exe
C:\Windows\System\NUbIfQO.exe
2⤵
PID:3744

C:\Windows\System\VnrNnER.exe
C:\Windows\System\VnrNnER.exe
2⤵
PID:3652

C:\Windows\System\NNppByb.exe
C:\Windows\System\NNppByb.exe
2⤵
PID:3588

C:\Windows\System\zmHrwkT.exe
C:\Windows\System\zmHrwkT.exe
2⤵
PID:3524

C:\Windows\System\tDhISem.exe
C:\Windows\System\tDhISem.exe
2⤵
PID:3460

C:\Windows\System\RelGxxi.exe
C:\Windows\System\RelGxxi.exe
2⤵
PID:3360

C:\Windows\System\vvdCzxy.exe
C:\Windows\System\vvdCzxy.exe
2⤵
PID:3264

C:\Windows\System\QBejOUf.exe
C:\Windows\System\QBejOUf.exe
2⤵
PID:3172

C:\Windows\System\juURStK.exe
C:\Windows\System\juURStK.exe
2⤵
PID:3108

C:\Windows\System\nsjnEGe.exe
C:\Windows\System\nsjnEGe.exe
2⤵
PID:2244

C:\Windows\System\OTcmJwn.exe
C:\Windows\System\OTcmJwn.exe
2⤵
PID:1624

C:\Windows\System\mffYkEH.exe
C:\Windows\System\mffYkEH.exe
2⤵
PID:2276

C:\Windows\System\wZHfqpt.exe
C:\Windows\System\wZHfqpt.exe
2⤵
PID:2816

C:\Windows\System\WXVZuGw.exe
C:\Windows\System\WXVZuGw.exe
2⤵
PID:1900

C:\Windows\System\llTdNFA.exe
C:\Windows\System\llTdNFA.exe
2⤵
PID:1860

C:\Windows\System\UXXSeTz.exe
C:\Windows\System\UXXSeTz.exe
2⤵
PID:3956

C:\Windows\System\HokaBJi.exe
C:\Windows\System\HokaBJi.exe
2⤵
PID:4216

C:\Windows\System\aAJBZbw.exe
C:\Windows\System\aAJBZbw.exe
2⤵
PID:4472

C:\Windows\System\xedKeSd.exe
C:\Windows\System\xedKeSd.exe
2⤵
PID:1856

C:\Windows\System\oMLilYp.exe
C:\Windows\System\oMLilYp.exe
2⤵
PID:5012

C:\Windows\System\mMfLkgt.exe
C:\Windows\System\mMfLkgt.exe
2⤵
PID:4944

C:\Windows\System\JJdfhlm.exe
C:\Windows\System\JJdfhlm.exe
2⤵
PID:2472

C:\Windows\System\mUZtUVt.exe
C:\Windows\System\mUZtUVt.exe
2⤵
PID:3120

C:\Windows\System\ehfMUpE.exe
C:\Windows\System\ehfMUpE.exe
2⤵
PID:3348

C:\Windows\System\rhuvMzV.exe
C:\Windows\System\rhuvMzV.exe
2⤵
PID:3632

C:\Windows\System\tPuWYtc.exe
C:\Windows\System\tPuWYtc.exe
2⤵
PID:4148

C:\Windows\System\smiRNsX.exe
C:\Windows\System\smiRNsX.exe
2⤵
PID:3888

C:\Windows\System\LOJcRwo.exe
C:\Windows\System\LOJcRwo.exe
2⤵
PID:4404

C:\Windows\System\KEnOQED.exe
C:\Windows\System\KEnOQED.exe
2⤵
PID:4692

C:\Windows\System\XWZenhs.exe
C:\Windows\System\XWZenhs.exe
2⤵
PID:4896

C:\Windows\System\AUHYcvp.exe
C:\Windows\System\AUHYcvp.exe
2⤵
PID:1980

C:\Windows\System\jfQCGtO.exe
C:\Windows\System\jfQCGtO.exe
2⤵
PID:3316

C:\Windows\System\xCqQRBW.exe
C:\Windows\System\xCqQRBW.exe
2⤵
PID:2000

C:\Windows\System\eMNPzSi.exe
C:\Windows\System\eMNPzSi.exe
2⤵
PID:5204

C:\Windows\System\oFKajSx.exe
C:\Windows\System\oFKajSx.exe
2⤵
PID:5268

C:\Windows\System\quiyBRL.exe
C:\Windows\System\quiyBRL.exe
2⤵
PID:5332

C:\Windows\System\SpHijKB.exe
C:\Windows\System\SpHijKB.exe
2⤵
PID:5396

C:\Windows\System\sozKSvt.exe
C:\Windows\System\sozKSvt.exe
2⤵
PID:5460

C:\Windows\System\uYKJPbK.exe
C:\Windows\System\uYKJPbK.exe
2⤵
PID:5524

C:\Windows\System\IjYDpnH.exe
C:\Windows\System\IjYDpnH.exe
2⤵
PID:5588

C:\Windows\System\bCVlpAQ.exe
C:\Windows\System\bCVlpAQ.exe
2⤵
PID:5652

C:\Windows\System\WASKTCg.exe
C:\Windows\System\WASKTCg.exe
2⤵
PID:5716

C:\Windows\System\APNWKBW.exe
C:\Windows\System\APNWKBW.exe
2⤵
PID:5780

C:\Windows\System\KXbeKJk.exe
C:\Windows\System\KXbeKJk.exe
2⤵
PID:5844

C:\Windows\System\VmqdUFk.exe
C:\Windows\System\VmqdUFk.exe
2⤵
PID:5908

C:\Windows\System\YBVRWnX.exe
C:\Windows\System\YBVRWnX.exe
2⤵
PID:5964

C:\Windows\System\yBDLOrC.exe
C:\Windows\System\yBDLOrC.exe
2⤵
PID:1012

C:\Windows\System\VtPDAbU.exe
C:\Windows\System\VtPDAbU.exe
2⤵
PID:6036

C:\Windows\System\RBCDWha.exe
C:\Windows\System\RBCDWha.exe
2⤵
PID:6100

C:\Windows\System\wEMptoh.exe
C:\Windows\System\wEMptoh.exe
2⤵
PID:2916

C:\Windows\System\kruHkAx.exe
C:\Windows\System\kruHkAx.exe
2⤵
PID:6196

C:\Windows\System\APTFrwx.exe
C:\Windows\System\APTFrwx.exe
2⤵
PID:6260

C:\Windows\System\FGnVnQF.exe
C:\Windows\System\FGnVnQF.exe
2⤵
PID:6324

C:\Windows\System\ZlZaMkl.exe
C:\Windows\System\ZlZaMkl.exe
2⤵
PID:6388

C:\Windows\System\BthepZd.exe
C:\Windows\System\BthepZd.exe
2⤵
PID:2772

C:\Windows\System\tDGjdzT.exe
C:\Windows\System\tDGjdzT.exe
2⤵
PID:844

C:\Windows\System\nsPHAka.exe
C:\Windows\System\nsPHAka.exe
2⤵
PID:3200

C:\Windows\System\EhDxsFz.exe
C:\Windows\System\EhDxsFz.exe
2⤵
PID:3364

C:\Windows\System\mQwTrep.exe
C:\Windows\System\mQwTrep.exe
2⤵
PID:3840

C:\Windows\System\kOFAEWh.exe
C:\Windows\System\kOFAEWh.exe
2⤵
PID:4004

C:\Windows\System\UeclElq.exe
C:\Windows\System\UeclElq.exe
2⤵
PID:4488

C:\Windows\System\VTWepJF.exe
C:\Windows\System\VTWepJF.exe
2⤵
PID:4648

C:\Windows\System\gIAZUhe.exe
C:\Windows\System\gIAZUhe.exe
2⤵
PID:4744

C:\Windows\System\NtGNtsn.exe
C:\Windows\System\NtGNtsn.exe
2⤵
PID:6240

C:\Windows\System\dBmYADj.exe
C:\Windows\System\dBmYADj.exe
2⤵
PID:5800

C:\Windows\System\hgPfsaM.exe
C:\Windows\System\hgPfsaM.exe
2⤵
PID:5668

C:\Windows\System\wCoAXPc.exe
C:\Windows\System\wCoAXPc.exe
2⤵
PID:5508

C:\Windows\System\ejLhrgE.exe
C:\Windows\System\ejLhrgE.exe
2⤵
PID:5412

C:\Windows\System\GjoyGtl.exe
C:\Windows\System\GjoyGtl.exe
2⤵
PID:5316

C:\Windows\System\PvNmwQd.exe
C:\Windows\System\PvNmwQd.exe
2⤵
PID:5604

C:\Windows\System\iONWtDM.exe
C:\Windows\System\iONWtDM.exe
2⤵
PID:5700

C:\Windows\System\YgbgYbg.exe
C:\Windows\System\YgbgYbg.exe
2⤵
PID:5352

C:\Windows\System\HHRjkvS.exe
C:\Windows\System\HHRjkvS.exe
2⤵
PID:5576

C:\Windows\System\DlKjpwY.exe
C:\Windows\System\DlKjpwY.exe
2⤵
PID:5512

C:\Windows\System\NrVjDYc.exe
C:\Windows\System\NrVjDYc.exe
2⤵
PID:5256

C:\Windows\System\uvTfZey.exe
C:\Windows\System\uvTfZey.exe
2⤵
PID:3568

C:\Windows\System\flcBMXX.exe
C:\Windows\System\flcBMXX.exe
2⤵
PID:4884

C:\Windows\System\YajJqdL.exe
C:\Windows\System\YajJqdL.exe
2⤵
PID:4856

C:\Windows\System\ivBNCmX.exe
C:\Windows\System\ivBNCmX.exe
2⤵
PID:4756

C:\Windows\System\WwNLOkw.exe
C:\Windows\System\WwNLOkw.exe
2⤵
PID:5192

C:\Windows\System\LKahDHy.exe
C:\Windows\System\LKahDHy.exe
2⤵
PID:3572

C:\Windows\System\xGKGlFK.exe
C:\Windows\System\xGKGlFK.exe
2⤵
PID:2512

C:\Windows\System\ymyaXJt.exe
C:\Windows\System\ymyaXJt.exe
2⤵
PID:4276

C:\Windows\System\kSLvyQQ.exe
C:\Windows\System\kSLvyQQ.exe
2⤵
PID:5108

C:\Windows\System\LzFChtg.exe
C:\Windows\System\LzFChtg.exe
2⤵
PID:6016

C:\Windows\System\IwzvWBG.exe
C:\Windows\System\IwzvWBG.exe
2⤵
PID:6080

C:\Windows\System\bsHsJyB.exe
C:\Windows\System\bsHsJyB.exe
2⤵
PID:1360

C:\Windows\System\iaXlhRV.exe
C:\Windows\System\iaXlhRV.exe
2⤵
PID:6176

C:\Windows\System\GpxDmmo.exe
C:\Windows\System\GpxDmmo.exe
2⤵
PID:6304

C:\Windows\System\stwKhrZ.exe
C:\Windows\System\stwKhrZ.exe
2⤵
PID:6368

C:\Windows\System\SqmdMDD.exe
C:\Windows\System\SqmdMDD.exe
2⤵
PID:6412

C:\Windows\System\HmkCOFH.exe
C:\Windows\System\HmkCOFH.exe
2⤵
PID:6428

C:\Windows\System\UKGseKw.exe
C:\Windows\System\UKGseKw.exe
2⤵
PID:5952

C:\Windows\System\MsiJrze.exe
C:\Windows\System\MsiJrze.exe
2⤵
PID:6452

C:\Windows\System\dEwQYUD.exe
C:\Windows\System\dEwQYUD.exe
2⤵
PID:6468

C:\Windows\System\MqReRxx.exe
C:\Windows\System\MqReRxx.exe
2⤵
PID:6484

C:\Windows\System\SFlDxQI.exe
C:\Windows\System\SFlDxQI.exe
2⤵
PID:6500

C:\Windows\System\dhZpDYQ.exe
C:\Windows\System\dhZpDYQ.exe
2⤵
PID:6516

C:\Windows\System\yiEmmJp.exe
C:\Windows\System\yiEmmJp.exe
2⤵
PID:6540

C:\Windows\System\kvQkUjw.exe
C:\Windows\System\kvQkUjw.exe
2⤵
PID:2196

C:\Windows\System\qJrYDay.exe
C:\Windows\System\qJrYDay.exe
2⤵
PID:2184

C:\Windows\System\fzbBQZl.exe
C:\Windows\System\fzbBQZl.exe
2⤵
PID:840

C:\Windows\System\gnYNdya.exe
C:\Windows\System\gnYNdya.exe
2⤵
PID:6612

C:\Windows\System\RMlbANV.exe
C:\Windows\System\RMlbANV.exe
2⤵
PID:6676

C:\Windows\System\DzTkwsA.exe
C:\Windows\System\DzTkwsA.exe
2⤵
PID:6740

C:\Windows\System\SPIveOm.exe
C:\Windows\System\SPIveOm.exe
2⤵
PID:6804

C:\Windows\System\EaGSnBR.exe
C:\Windows\System\EaGSnBR.exe
2⤵
PID:6868

C:\Windows\System\MhaYtTR.exe
C:\Windows\System\MhaYtTR.exe
2⤵
PID:6960

C:\Windows\System\YsxCoWj.exe
C:\Windows\System\YsxCoWj.exe
2⤵
PID:7032

C:\Windows\System\aUqCjkp.exe
C:\Windows\System\aUqCjkp.exe
2⤵
PID:6228

C:\Windows\System\ZtROEPt.exe
C:\Windows\System\ZtROEPt.exe
2⤵
PID:6588

C:\Windows\System\ymnUkNP.exe
C:\Windows\System\ymnUkNP.exe
2⤵
PID:7128

C:\Windows\System\XlQkXTw.exe
C:\Windows\System\XlQkXTw.exe
2⤵
PID:352

C:\Windows\System\xZrGhWp.exe
C:\Windows\System\xZrGhWp.exe
2⤵
PID:4772

C:\Windows\System\RUNwPZc.exe
C:\Windows\System\RUNwPZc.exe
2⤵
PID:4356

C:\Windows\System\XOJTkCq.exe
C:\Windows\System\XOJTkCq.exe
2⤵
PID:4064

C:\Windows\System\tOrsjun.exe
C:\Windows\System\tOrsjun.exe
2⤵
PID:3556

C:\Windows\System\CrDKcbP.exe
C:\Windows\System\CrDKcbP.exe
2⤵
PID:3232

C:\Windows\System\tRIdtUg.exe
C:\Windows\System\tRIdtUg.exe
2⤵
PID:1052

C:\Windows\System\VWRzsVo.exe
C:\Windows\System\VWRzsVo.exe
2⤵
PID:2328

C:\Windows\System\ecUsGNw.exe
C:\Windows\System\ecUsGNw.exe
2⤵
PID:6624

C:\Windows\System\YlEXbuQ.exe
C:\Windows\System\YlEXbuQ.exe
2⤵
PID:6688

C:\Windows\System\bfoitxL.exe
C:\Windows\System\bfoitxL.exe
2⤵
PID:6752

C:\Windows\System\CZANgSV.exe
C:\Windows\System\CZANgSV.exe
2⤵
PID:6816

C:\Windows\System\CKmWnvk.exe
C:\Windows\System\CKmWnvk.exe
2⤵
PID:6916

C:\Windows\System\WdZptkW.exe
C:\Windows\System\WdZptkW.exe
2⤵
PID:6984

C:\Windows\System\qWAseRg.exe
C:\Windows\System\qWAseRg.exe
2⤵
PID:7076

C:\Windows\System\NKgZbgM.exe
C:\Windows\System\NKgZbgM.exe
2⤵
PID:7140

C:\Windows\System\IHNuYVJ.exe
C:\Windows\System\IHNuYVJ.exe
2⤵
PID:2460

C:\Windows\System\HxJpctN.exe
C:\Windows\System\HxJpctN.exe
2⤵
PID:4452

C:\Windows\System\CYIZHIY.exe
C:\Windows\System\CYIZHIY.exe
2⤵
PID:4132

C:\Windows\System\EhrEzvR.exe
C:\Windows\System\EhrEzvR.exe
2⤵
PID:3620

C:\Windows\System\IHewFaA.exe
C:\Windows\System\IHewFaA.exe
2⤵
PID:3300

C:\Windows\System\wZOYRGC.exe
C:\Windows\System\wZOYRGC.exe
2⤵
PID:1812

C:\Windows\System\DYXKSTi.exe
C:\Windows\System\DYXKSTi.exe
2⤵
PID:2612

C:\Windows\System\uWOmlHO.exe
C:\Windows\System\uWOmlHO.exe
2⤵
PID:2336

C:\Windows\System\eMpUQkl.exe
C:\Windows\System\eMpUQkl.exe
2⤵
PID:4016

C:\Windows\System\oZACSXq.exe
C:\Windows\System\oZACSXq.exe
2⤵
PID:5028

C:\Windows\System\vIiqPvM.exe
C:\Windows\System\vIiqPvM.exe
2⤵
PID:5236

C:\Windows\System\GUCpvvU.exe
C:\Windows\System\GUCpvvU.exe
2⤵
PID:5496

C:\Windows\System\TVrcdTS.exe
C:\Windows\System\TVrcdTS.exe
2⤵
PID:5752

C:\Windows\System\tZzUckd.exe
C:\Windows\System\tZzUckd.exe
2⤵
PID:2964

C:\Windows\System\GQSJqge.exe
C:\Windows\System\GQSJqge.exe
2⤵
PID:3952

C:\Windows\System\GNfwGxV.exe
C:\Windows\System\GNfwGxV.exe
2⤵
PID:5040

C:\Windows\System\KsopicY.exe
C:\Windows\System\KsopicY.exe
2⤵
PID:3760

C:\Windows\System\pLmbsLw.exe
C:\Windows\System\pLmbsLw.exe
2⤵
PID:4820

C:\Windows\System\nvXkCDP.exe
C:\Windows\System\nvXkCDP.exe
2⤵
PID:380

C:\Windows\System\XmDijHh.exe
C:\Windows\System\XmDijHh.exe
2⤵
PID:6192

C:\Windows\System\iOfdavs.exe
C:\Windows\System\iOfdavs.exe
2⤵
PID:3428

C:\Windows\System\PodyafF.exe
C:\Windows\System\PodyafF.exe
2⤵
PID:4676

C:\Windows\System\GXXzpdK.exe
C:\Windows\System\GXXzpdK.exe
2⤵
PID:5736

C:\Windows\System\nKtHnJy.exe
C:\Windows\System\nKtHnJy.exe
2⤵
PID:5220

C:\Windows\System\gWMZRZu.exe
C:\Windows\System\gWMZRZu.exe
2⤵
PID:4728

C:\Windows\System\VPwxCWC.exe
C:\Windows\System\VPwxCWC.exe
2⤵
PID:1564

C:\Windows\System\UoXikFv.exe
C:\Windows\System\UoXikFv.exe
2⤵
PID:6116

C:\Windows\System\fHHWVFd.exe
C:\Windows\System\fHHWVFd.exe
2⤵
PID:5144

C:\Windows\System\rHMnHmS.exe
C:\Windows\System\rHMnHmS.exe
2⤵
PID:5428

C:\Windows\System\IDbJsoS.exe
C:\Windows\System\IDbJsoS.exe
2⤵
PID:5688

C:\Windows\System\IfwkJaN.exe
C:\Windows\System\IfwkJaN.exe
2⤵
PID:5996

C:\Windows\System\fzHCYCR.exe
C:\Windows\System\fzHCYCR.exe
2⤵
PID:2728

C:\Windows\System\fGZAzOA.exe
C:\Windows\System\fGZAzOA.exe
2⤵
PID:2544

C:\Windows\System\NIRPXoH.exe
C:\Windows\System\NIRPXoH.exe
2⤵
PID:3972

C:\Windows\System\rdqgqHE.exe
C:\Windows\System\rdqgqHE.exe
2⤵
PID:5832

C:\Windows\System\CGPYRoA.exe
C:\Windows\System\CGPYRoA.exe
2⤵
PID:5640

C:\Windows\System\khSuisE.exe
C:\Windows\System\khSuisE.exe
2⤵
PID:2888

C:\Windows\System\tcxuHuE.exe
C:\Windows\System\tcxuHuE.exe
2⤵
PID:5160

C:\Windows\System\bFrNKmf.exe
C:\Windows\System\bFrNKmf.exe
2⤵
PID:5176

C:\Windows\System\grgHzcP.exe
C:\Windows\System\grgHzcP.exe
2⤵
PID:6148

C:\Windows\System\apLmAOy.exe
C:\Windows\System\apLmAOy.exe
2⤵
PID:7184

C:\Windows\System\YwFoxjs.exe
C:\Windows\System\YwFoxjs.exe
2⤵
PID:7200

C:\Windows\System\cOUwWMq.exe
C:\Windows\System\cOUwWMq.exe
2⤵
PID:7216

C:\Windows\System\CRuNCws.exe
C:\Windows\System\CRuNCws.exe
2⤵
PID:7232

C:\Windows\System\VJYPnsu.exe
C:\Windows\System\VJYPnsu.exe
2⤵
PID:7248

C:\Windows\System\vVESylm.exe
C:\Windows\System\vVESylm.exe
2⤵
PID:7264

C:\Windows\System\BUhczsR.exe
C:\Windows\System\BUhczsR.exe
2⤵
PID:7280

C:\Windows\System\tWxNcnT.exe
C:\Windows\System\tWxNcnT.exe
2⤵
PID:7296

C:\Windows\System\LKaQBHn.exe
C:\Windows\System\LKaQBHn.exe
2⤵
PID:7312

C:\Windows\System\QWMnYpK.exe
C:\Windows\System\QWMnYpK.exe
2⤵
PID:7328

C:\Windows\System\FWNXeFq.exe
C:\Windows\System\FWNXeFq.exe
2⤵
PID:7344

C:\Windows\System\KCIPvCz.exe
C:\Windows\System\KCIPvCz.exe
2⤵
PID:7360

C:\Windows\System\jMerMox.exe
C:\Windows\System\jMerMox.exe
2⤵
PID:7376

C:\Windows\System\zhBjiBn.exe
C:\Windows\System\zhBjiBn.exe
2⤵
PID:7392

C:\Windows\System\qwNIpfT.exe
C:\Windows\System\qwNIpfT.exe
2⤵
PID:7408

C:\Windows\System\gXWuwAR.exe
C:\Windows\System\gXWuwAR.exe
2⤵
PID:7424

C:\Windows\System\wRBXytB.exe
C:\Windows\System\wRBXytB.exe
2⤵
PID:7440

C:\Windows\System\qdYMtXR.exe
C:\Windows\System\qdYMtXR.exe
2⤵
PID:7456

C:\Windows\System\WvxHcWb.exe
C:\Windows\System\WvxHcWb.exe
2⤵
PID:7472

C:\Windows\System\DwrYdas.exe
C:\Windows\System\DwrYdas.exe
2⤵
PID:7488

C:\Windows\System\KJzXWBu.exe
C:\Windows\System\KJzXWBu.exe
2⤵
PID:7504

C:\Windows\System\SNZnTiW.exe
C:\Windows\System\SNZnTiW.exe
2⤵
PID:7520

C:\Windows\System\arbusCv.exe
C:\Windows\System\arbusCv.exe
2⤵
PID:7536

C:\Windows\System\KzoVCOa.exe
C:\Windows\System\KzoVCOa.exe
2⤵
PID:7552

C:\Windows\System\vyVeUmD.exe
C:\Windows\System\vyVeUmD.exe
2⤵
PID:7568

C:\Windows\System\eIijsmO.exe
C:\Windows\System\eIijsmO.exe
2⤵
PID:7584

C:\Windows\System\XvEvMYa.exe
C:\Windows\System\XvEvMYa.exe
2⤵
PID:7600

C:\Windows\System\qFIBpaU.exe
C:\Windows\System\qFIBpaU.exe
2⤵
PID:7616

C:\Windows\System\IGvKZwV.exe
C:\Windows\System\IGvKZwV.exe
2⤵
PID:7632

C:\Windows\System\UgvIDie.exe
C:\Windows\System\UgvIDie.exe
2⤵
PID:7648

C:\Windows\System\tqYWDUx.exe
C:\Windows\System\tqYWDUx.exe
2⤵
PID:7664

C:\Windows\System\SMRseZM.exe
C:\Windows\System\SMRseZM.exe
2⤵
PID:7680

C:\Windows\System\xPXPBEq.exe
C:\Windows\System\xPXPBEq.exe
2⤵
PID:7696

C:\Windows\System\nBABCLJ.exe
C:\Windows\System\nBABCLJ.exe
2⤵
PID:7712

C:\Windows\System\pbsvhSy.exe
C:\Windows\System\pbsvhSy.exe
2⤵
PID:7728

C:\Windows\System\WSvIHMB.exe
C:\Windows\System\WSvIHMB.exe
2⤵
PID:7744

C:\Windows\System\swMbqnW.exe
C:\Windows\System\swMbqnW.exe
2⤵
PID:7768

C:\Windows\System\bSCpvSB.exe
C:\Windows\System\bSCpvSB.exe
2⤵
PID:7784

C:\Windows\System\HBGGGPq.exe
C:\Windows\System\HBGGGPq.exe
2⤵
PID:7800

C:\Windows\System\IACFFcL.exe
C:\Windows\System\IACFFcL.exe
2⤵
PID:7816

C:\Windows\System\kwDwwwZ.exe
C:\Windows\System\kwDwwwZ.exe
2⤵
PID:7832

C:\Windows\System\CrkcvDr.exe
C:\Windows\System\CrkcvDr.exe
2⤵
PID:7848

C:\Windows\System\TNOhLxY.exe
C:\Windows\System\TNOhLxY.exe
2⤵
PID:7864

C:\Windows\System\OyULfdM.exe
C:\Windows\System\OyULfdM.exe
2⤵
PID:7880

C:\Windows\System\vQDouGB.exe
C:\Windows\System\vQDouGB.exe
2⤵
PID:7896

C:\Windows\System\BuMyXJf.exe
C:\Windows\System\BuMyXJf.exe
2⤵
PID:7912

C:\Windows\System\mqmOVFf.exe
C:\Windows\System\mqmOVFf.exe
2⤵
PID:7928

C:\Windows\System\qxSFMLr.exe
C:\Windows\System\qxSFMLr.exe
2⤵
PID:7944

C:\Windows\System\GQAGhXm.exe
C:\Windows\System\GQAGhXm.exe
2⤵
PID:7960

C:\Windows\System\TVrkKKw.exe
C:\Windows\System\TVrkKKw.exe
2⤵
PID:7976

C:\Windows\System\aPQmGzQ.exe
C:\Windows\System\aPQmGzQ.exe
2⤵
PID:7992

C:\Windows\System\CJKcVBJ.exe
C:\Windows\System\CJKcVBJ.exe
2⤵
PID:8008

C:\Windows\System\IEoKcTB.exe
C:\Windows\System\IEoKcTB.exe
2⤵
PID:8024

C:\Windows\System\YbtbDQh.exe
C:\Windows\System\YbtbDQh.exe
2⤵
PID:8040

C:\Windows\System\QZahtyQ.exe
C:\Windows\System\QZahtyQ.exe
2⤵
PID:8056

C:\Windows\System\XfNOWop.exe
C:\Windows\System\XfNOWop.exe
2⤵
PID:8072

C:\Windows\System\XEVYLba.exe
C:\Windows\System\XEVYLba.exe
2⤵
PID:8088

C:\Windows\System\DLHWLpC.exe
C:\Windows\System\DLHWLpC.exe
2⤵
PID:8104

C:\Windows\System\VgcHZVO.exe
C:\Windows\System\VgcHZVO.exe
2⤵
PID:8120

C:\Windows\System\omGfEsy.exe
C:\Windows\System\omGfEsy.exe
2⤵
PID:8136

C:\Windows\System\zHwUpiO.exe
C:\Windows\System\zHwUpiO.exe
2⤵
PID:8152

C:\Windows\System\MZyZFrN.exe
C:\Windows\System\MZyZFrN.exe
2⤵
PID:8168

C:\Windows\System\waylrTd.exe
C:\Windows\System\waylrTd.exe
2⤵
PID:8184

C:\Windows\System\QOlyuLK.exe
C:\Windows\System\QOlyuLK.exe
2⤵
PID:7096

C:\Windows\System\xNTmOoq.exe
C:\Windows\System\xNTmOoq.exe
2⤵
PID:4068

C:\Windows\System\cZNKzef.exe
C:\Windows\System\cZNKzef.exe
2⤵
PID:6852

C:\Windows\System\YXjgfqd.exe
C:\Windows\System\YXjgfqd.exe
2⤵
PID:1672

C:\Windows\System\rRrzJwu.exe
C:\Windows\System\rRrzJwu.exe
2⤵
PID:2116

C:\Windows\System\YFkECsO.exe
C:\Windows\System\YFkECsO.exe
2⤵
PID:2260

C:\Windows\System\cSiIawa.exe
C:\Windows\System\cSiIawa.exe
2⤵
PID:832

C:\Windows\System\byoaVNW.exe
C:\Windows\System\byoaVNW.exe
2⤵
PID:5188

C:\Windows\System\uhiCDGX.exe
C:\Windows\System\uhiCDGX.exe
2⤵
PID:5948

C:\Windows\System\MoWqlnS.exe
C:\Windows\System\MoWqlnS.exe
2⤵
PID:6532

C:\Windows\System\ARYFzls.exe
C:\Windows\System\ARYFzls.exe
2⤵
PID:6708

C:\Windows\System\tleVsoO.exe
C:\Windows\System\tleVsoO.exe
2⤵
PID:6784

C:\Windows\System\pzghzGq.exe
C:\Windows\System\pzghzGq.exe
2⤵
PID:5924

C:\Windows\System\eRLaoAY.exe
C:\Windows\System\eRLaoAY.exe
2⤵
PID:6336

C:\Windows\System\PpMvqWu.exe
C:\Windows\System\PpMvqWu.exe
2⤵
PID:6444

C:\Windows\System\tZdstcf.exe
C:\Windows\System\tZdstcf.exe
2⤵
PID:6512

C:\Windows\System\wMPSatn.exe
C:\Windows\System\wMPSatn.exe
2⤵
PID:6592

C:\Windows\System\VorFjZE.exe
C:\Windows\System\VorFjZE.exe
2⤵
PID:6800

C:\Windows\System\dXmezyA.exe
C:\Windows\System\dXmezyA.exe
2⤵
PID:3776

C:\Windows\System\GInxxzG.exe
C:\Windows\System\GInxxzG.exe
2⤵
PID:3844

C:\Windows\System\oBvtwli.exe
C:\Windows\System\oBvtwli.exe
2⤵
PID:7292

C:\Windows\System\ErzARkt.exe
C:\Windows\System\ErzARkt.exe
2⤵
PID:7044

C:\Windows\System\uWZzXsQ.exe
C:\Windows\System\uWZzXsQ.exe
2⤵
PID:4292

C:\Windows\System\vDZZisG.exe
C:\Windows\System\vDZZisG.exe
2⤵
PID:3504

C:\Windows\System\lDnRYkF.exe
C:\Windows\System\lDnRYkF.exe
2⤵
PID:4712

C:\Windows\System\ZrFBTjT.exe
C:\Windows\System\ZrFBTjT.exe
2⤵
PID:3680

C:\Windows\System\KKtKQfr.exe
C:\Windows\System\KKtKQfr.exe
2⤵
PID:3020

C:\Windows\System\QIVoHDj.exe
C:\Windows\System\QIVoHDj.exe
2⤵
PID:5812

C:\Windows\System\HRuNBPm.exe
C:\Windows\System\HRuNBPm.exe
2⤵
PID:4520

C:\Windows\System\akScPON.exe
C:\Windows\System\akScPON.exe
2⤵
PID:2608

C:\Windows\System\oAlKsaR.exe
C:\Windows\System\oAlKsaR.exe
2⤵
PID:7208

C:\Windows\System\YSUnoZt.exe
C:\Windows\System\YSUnoZt.exe
2⤵
PID:7272

C:\Windows\System\jwdeXbr.exe
C:\Windows\System\jwdeXbr.exe
2⤵
PID:7368

C:\Windows\System\oPNbYHK.exe
C:\Windows\System\oPNbYHK.exe
2⤵
PID:7468

C:\Windows\System\czHNOQM.exe
C:\Windows\System\czHNOQM.exe
2⤵
PID:7532

C:\Windows\System\mejbwbX.exe
C:\Windows\System\mejbwbX.exe
2⤵
PID:7628

C:\Windows\System\lZICokA.exe
C:\Windows\System\lZICokA.exe
2⤵
PID:7692

C:\Windows\System\TxsyjBS.exe
C:\Windows\System\TxsyjBS.exe
2⤵
PID:6656

C:\Windows\System\LEvMkzp.exe
C:\Windows\System\LEvMkzp.exe
2⤵
PID:6980

C:\Windows\System\hVYSSnz.exe
C:\Windows\System\hVYSSnz.exe
2⤵
PID:3748

C:\Windows\System\TzlvQAW.exe
C:\Windows\System\TzlvQAW.exe
2⤵
PID:4212

C:\Windows\System\zQeZqMZ.exe
C:\Windows\System\zQeZqMZ.exe
2⤵
PID:3076

C:\Windows\System\FapJyQD.exe
C:\Windows\System\FapJyQD.exe
2⤵
PID:4280

C:\Windows\System\HRxzNWs.exe
C:\Windows\System\HRxzNWs.exe
2⤵
PID:4680

C:\Windows\System\IEKqYeP.exe
C:\Windows\System\IEKqYeP.exe
2⤵
PID:3312

C:\Windows\System\dJGIyau.exe
C:\Windows\System\dJGIyau.exe
2⤵
PID:6132

C:\Windows\System\HgXlRCn.exe
C:\Windows\System\HgXlRCn.exe
2⤵
PID:5540

C:\Windows\System\QrnFIzx.exe
C:\Windows\System\QrnFIzx.exe
2⤵
PID:692

C:\Windows\System\fYFLYGB.exe
C:\Windows\System\fYFLYGB.exe
2⤵
PID:7260

C:\Windows\System\LTcAbkM.exe
C:\Windows\System\LTcAbkM.exe
2⤵
PID:7352

C:\Windows\System\HphkRTP.exe
C:\Windows\System\HphkRTP.exe
2⤵
PID:7416

C:\Windows\System\zHCQKbt.exe
C:\Windows\System\zHCQKbt.exe
2⤵
PID:6464

C:\Windows\System\NpqAnnk.exe
C:\Windows\System\NpqAnnk.exe
2⤵
PID:6736

C:\Windows\System\bzfZVRw.exe
C:\Windows\System\bzfZVRw.exe
2⤵
PID:8208

C:\Windows\System\cQIIzyf.exe
C:\Windows\System\cQIIzyf.exe
2⤵
PID:8224

C:\Windows\System\evjqMmU.exe
C:\Windows\System\evjqMmU.exe
2⤵
PID:8644

C:\Windows\System\YnVDPbG.exe
C:\Windows\System\YnVDPbG.exe
2⤵
PID:8660

C:\Windows\System\AXplAvs.exe
C:\Windows\System\AXplAvs.exe
2⤵
PID:8676

C:\Windows\System\vRQUTEC.exe
C:\Windows\System\vRQUTEC.exe
2⤵
PID:8692

C:\Windows\System\mNHhoFq.exe
C:\Windows\System\mNHhoFq.exe
2⤵
PID:8708

C:\Windows\System\ViysRDv.exe
C:\Windows\System\ViysRDv.exe
2⤵
PID:8724

C:\Windows\System\fJwLoFW.exe
C:\Windows\System\fJwLoFW.exe
2⤵
PID:8740

C:\Windows\System\isxCsSh.exe
C:\Windows\System\isxCsSh.exe
2⤵
PID:8756

C:\Windows\System\iqjCbub.exe
C:\Windows\System\iqjCbub.exe
2⤵
PID:8772

C:\Windows\System\vppqRdR.exe
C:\Windows\System\vppqRdR.exe
2⤵
PID:8788

C:\Windows\System\LtboOVm.exe
C:\Windows\System\LtboOVm.exe
2⤵
PID:8804

C:\Windows\System\eybXMVv.exe
C:\Windows\System\eybXMVv.exe
2⤵
PID:8820

C:\Windows\System\LNevdrX.exe
C:\Windows\System\LNevdrX.exe
2⤵
PID:8836

C:\Windows\System\EDQURrP.exe
C:\Windows\System\EDQURrP.exe
2⤵
PID:8852

C:\Windows\System\cYwFAkC.exe
C:\Windows\System\cYwFAkC.exe
2⤵
PID:8868

C:\Windows\System\VxVFAHR.exe
C:\Windows\System\VxVFAHR.exe
2⤵
PID:8884

C:\Windows\System\msqBSwW.exe
C:\Windows\System\msqBSwW.exe
2⤵
PID:8900

C:\Windows\System\YbebhSI.exe
C:\Windows\System\YbebhSI.exe
2⤵
PID:8916

C:\Windows\System\oIVibij.exe
C:\Windows\System\oIVibij.exe
2⤵
PID:8932

C:\Windows\System\yseqZLu.exe
C:\Windows\System\yseqZLu.exe
2⤵
PID:8948

C:\Windows\System\FdPonSR.exe
C:\Windows\System\FdPonSR.exe
2⤵
PID:8964

C:\Windows\System\rlkppxL.exe
C:\Windows\System\rlkppxL.exe
2⤵
PID:8980

C:\Windows\System\TePNvET.exe
C:\Windows\System\TePNvET.exe
2⤵
PID:8996

C:\Windows\System\zygEMfj.exe
C:\Windows\System\zygEMfj.exe
2⤵
PID:9012

C:\Windows\System\KKYXMeL.exe
C:\Windows\System\KKYXMeL.exe
2⤵
PID:9028

C:\Windows\System\VohKhKK.exe
C:\Windows\System\VohKhKK.exe
2⤵
PID:9044

C:\Windows\System\HgqYCTy.exe
C:\Windows\System\HgqYCTy.exe
2⤵
PID:9060

C:\Windows\System\mVfLhuT.exe
C:\Windows\System\mVfLhuT.exe
2⤵
PID:9076

C:\Windows\System\dzpCwvc.exe
C:\Windows\System\dzpCwvc.exe
2⤵
PID:9092

C:\Windows\System\ZbbZpjy.exe
C:\Windows\System\ZbbZpjy.exe
2⤵
PID:9108

C:\Windows\System\YstxDFB.exe
C:\Windows\System\YstxDFB.exe
2⤵
PID:9124

C:\Windows\System\mjSgAEt.exe
C:\Windows\System\mjSgAEt.exe
2⤵
PID:9140

C:\Windows\System\eOFrYrO.exe
C:\Windows\System\eOFrYrO.exe
2⤵
PID:9156

C:\Windows\System\VWMqdQk.exe
C:\Windows\System\VWMqdQk.exe
2⤵
PID:9172

C:\Windows\System\LoGRnHx.exe
C:\Windows\System\LoGRnHx.exe
2⤵
PID:9188

C:\Windows\System\ZEfsrmq.exe
C:\Windows\System\ZEfsrmq.exe
2⤵
PID:9204

C:\Windows\System\JJrbAxv.exe
C:\Windows\System\JJrbAxv.exe
2⤵
PID:5124

C:\Windows\System\MmsbuIS.exe
C:\Windows\System\MmsbuIS.exe
2⤵
PID:3492

C:\Windows\System\eqUjSCH.exe
C:\Windows\System\eqUjSCH.exe
2⤵
PID:5880

C:\Windows\System\QFYqZqS.exe
C:\Windows\System\QFYqZqS.exe
2⤵
PID:7336

C:\Windows\System\ZaijMIq.exe
C:\Windows\System\ZaijMIq.exe
2⤵
PID:7624

C:\Windows\System\iotMbnH.exe
C:\Windows\System\iotMbnH.exe
2⤵
PID:7828

C:\Windows\System\eIwiEVh.exe
C:\Windows\System\eIwiEVh.exe
2⤵
PID:7888

C:\Windows\System\CxxdxGY.exe
C:\Windows\System\CxxdxGY.exe
2⤵
PID:7956

C:\Windows\System\zzSQpYi.exe
C:\Windows\System\zzSQpYi.exe
2⤵
PID:8048

C:\Windows\System\UutKMbq.exe
C:\Windows\System\UutKMbq.exe
2⤵
PID:8144

C:\Windows\System\QCTpDkX.exe
C:\Windows\System\QCTpDkX.exe
2⤵
PID:4612

C:\Windows\System\gfwmbIS.exe
C:\Windows\System\gfwmbIS.exe
2⤵
PID:6492

C:\Windows\System\NIJXdIY.exe
C:\Windows\System\NIJXdIY.exe
2⤵
PID:1496

C:\Windows\System\QdusPRS.exe
C:\Windows\System\QdusPRS.exe
2⤵
PID:6772

C:\Windows\System\MCjUbqj.exe
C:\Windows\System\MCjUbqj.exe
2⤵
PID:5876

C:\Windows\System\mgtfwGo.exe
C:\Windows\System\mgtfwGo.exe
2⤵
PID:5636

C:\Windows\System\zBlwdRe.exe
C:\Windows\System\zBlwdRe.exe
2⤵
PID:7436

C:\Windows\System\uOxHqPg.exe
C:\Windows\System\uOxHqPg.exe
2⤵
PID:4836

C:\Windows\System\FFLTFXr.exe
C:\Windows\System\FFLTFXr.exe
2⤵
PID:5560

C:\Windows\System\RInxttO.exe
C:\Windows\System\RInxttO.exe
2⤵
PID:7320

C:\Windows\System\gMLpTtI.exe
C:\Windows\System\gMLpTtI.exe
2⤵
PID:7756

C:\Windows\System\llPlkRg.exe
C:\Windows\System\llPlkRg.exe
2⤵
PID:8148

C:\Windows\System\YnlhrAK.exe
C:\Windows\System\YnlhrAK.exe
2⤵
PID:4196

C:\Windows\System\RIBgRSO.exe
C:\Windows\System\RIBgRSO.exe
2⤵
PID:628

C:\Windows\System\UgkMDag.exe
C:\Windows\System\UgkMDag.exe
2⤵
PID:5492

C:\Windows\System\UVvvjRq.exe
C:\Windows\System\UVvvjRq.exe
2⤵
PID:8300

C:\Windows\System\HuAIRsc.exe
C:\Windows\System\HuAIRsc.exe
2⤵
PID:6572

C:\Windows\System\TfDbhpn.exe
C:\Windows\System\TfDbhpn.exe
2⤵
PID:8412

C:\Windows\System\CsjGMIp.exe
C:\Windows\System\CsjGMIp.exe
2⤵
PID:7544

C:\Windows\System\Mpgztjc.exe
C:\Windows\System\Mpgztjc.exe
2⤵
PID:7608

C:\Windows\System\vnnpLSs.exe
C:\Windows\System\vnnpLSs.exe
2⤵
PID:7672

C:\Windows\System\wurSerr.exe
C:\Windows\System\wurSerr.exe
2⤵
PID:7736

C:\Windows\System\SLHBOZB.exe
C:\Windows\System\SLHBOZB.exe
2⤵
PID:268

C:\Windows\System\uwDGzGu.exe
C:\Windows\System\uwDGzGu.exe
2⤵
PID:8424

C:\Windows\System\hWbhaKt.exe
C:\Windows\System\hWbhaKt.exe
2⤵
PID:7908

C:\Windows\System\nMMpktX.exe
C:\Windows\System\nMMpktX.exe
2⤵
PID:8396

C:\Windows\System\eqOKfdW.exe
C:\Windows\System\eqOKfdW.exe
2⤵
PID:8444

C:\Windows\System\SmwbHvF.exe
C:\Windows\System\SmwbHvF.exe
2⤵
PID:6480

C:\Windows\System\BawIrgw.exe
C:\Windows\System\BawIrgw.exe
2⤵
PID:3068

C:\Windows\System\NdwhRKX.exe
C:\Windows\System\NdwhRKX.exe
2⤵
PID:1772

C:\Windows\System\OINjFTQ.exe
C:\Windows\System\OINjFTQ.exe
2⤵
PID:8236

C:\Windows\System\sGiXTqa.exe
C:\Windows\System\sGiXTqa.exe
2⤵
PID:8256

C:\Windows\System\pTyiGVX.exe
C:\Windows\System\pTyiGVX.exe
2⤵
PID:8280

C:\Windows\System\NIMDQZS.exe
C:\Windows\System\NIMDQZS.exe
2⤵
PID:8308

C:\Windows\System\fISgPEw.exe
C:\Windows\System\fISgPEw.exe
2⤵
PID:8288

C:\Windows\System\McYBcYK.exe
C:\Windows\System\McYBcYK.exe
2⤵
PID:8368

C:\Windows\System\QguYuoy.exe
C:\Windows\System\QguYuoy.exe
2⤵
PID:8400

C:\Windows\System\pGTsLxx.exe
C:\Windows\System\pGTsLxx.exe
2⤵
PID:8340

C:\Windows\System\RahKMjK.exe
C:\Windows\System\RahKMjK.exe
2⤵
PID:8464

C:\Windows\System\dMkQkXY.exe
C:\Windows\System\dMkQkXY.exe
2⤵
PID:8492

C:\Windows\System\CxGpzmv.exe
C:\Windows\System\CxGpzmv.exe
2⤵
PID:8516

C:\Windows\System\igYcfWb.exe
C:\Windows\System\igYcfWb.exe
2⤵
PID:8520

C:\Windows\System\Zqxavkc.exe
C:\Windows\System\Zqxavkc.exe
2⤵
PID:928

C:\Windows\System\kvLaXMZ.exe
C:\Windows\System\kvLaXMZ.exe
2⤵
PID:8568

C:\Windows\System\wcZOrRD.exe
C:\Windows\System\wcZOrRD.exe
2⤵
PID:1956

C:\Windows\System\kObVqTq.exe
C:\Windows\System\kObVqTq.exe
2⤵
PID:8588

C:\Windows\System\bKUKMml.exe
C:\Windows\System\bKUKMml.exe
2⤵
PID:7812

C:\Windows\System\WPUGcBB.exe
C:\Windows\System\WPUGcBB.exe
2⤵
PID:7876

C:\Windows\System\RMGehLB.exe
C:\Windows\System\RMGehLB.exe
2⤵
PID:7972

C:\Windows\System\JWYEHAd.exe
C:\Windows\System\JWYEHAd.exe
2⤵
PID:8036

C:\Windows\System\OEIWFjn.exe
C:\Windows\System\OEIWFjn.exe
2⤵
PID:8100

C:\Windows\System\vscKWpM.exe
C:\Windows\System\vscKWpM.exe
2⤵
PID:8164

C:\Windows\System\tzYcclb.exe
C:\Windows\System\tzYcclb.exe
2⤵
PID:1660

C:\Windows\System\VMEXeiZ.exe
C:\Windows\System\VMEXeiZ.exe
2⤵
PID:1060

C:\Windows\System\BTBMmet.exe
C:\Windows\System\BTBMmet.exe
2⤵
PID:3712

C:\Windows\System\JFXDVQN.exe
C:\Windows\System\JFXDVQN.exe
2⤵
PID:6424

C:\Windows\System\TiMZQoB.exe
C:\Windows\System\TiMZQoB.exe
2⤵
PID:2252

C:\Windows\System\TAYURYl.exe
C:\Windows\System\TAYURYl.exe
2⤵
PID:2388

C:\Windows\System\spngotL.exe
C:\Windows\System\spngotL.exe
2⤵
PID:7180

C:\Windows\System\znHaDYH.exe
C:\Windows\System\znHaDYH.exe
2⤵
PID:7528

C:\Windows\System\kWvMOiy.exe
C:\Windows\System\kWvMOiy.exe
2⤵
PID:3136

C:\Windows\System\ONFUclh.exe
C:\Windows\System\ONFUclh.exe
2⤵
PID:5128

C:\Windows\System\bBWoost.exe
C:\Windows\System\bBWoost.exe
2⤵
PID:5476

C:\Windows\System\KbrAFJP.exe
C:\Windows\System\KbrAFJP.exe
2⤵
PID:7388

C:\Windows\System\fWxIPcY.exe
C:\Windows\System\fWxIPcY.exe
2⤵
PID:8220

C:\Windows\System\YguhnHz.exe
C:\Windows\System\YguhnHz.exe
2⤵
PID:8628

C:\Windows\System\fWxIsPq.exe
C:\Windows\System\fWxIsPq.exe
2⤵
PID:8732

C:\Windows\System\TWaBFju.exe
C:\Windows\System\TWaBFju.exe
2⤵
PID:8800

C:\Windows\System\KdPFZAI.exe
C:\Windows\System\KdPFZAI.exe
2⤵
PID:8892

C:\Windows\System\cWvAiJJ.exe
C:\Windows\System\cWvAiJJ.exe
2⤵
PID:8960

C:\Windows\System\ujpCXwO.exe
C:\Windows\System\ujpCXwO.exe
2⤵
PID:9024

C:\Windows\System\XCYnPfb.exe
C:\Windows\System\XCYnPfb.exe
2⤵
PID:9088

C:\Windows\System\SkveEiW.exe
C:\Windows\System\SkveEiW.exe
2⤵
PID:4388

C:\Windows\System\qMTgvtT.exe
C:\Windows\System\qMTgvtT.exe
2⤵
PID:9224

C:\Windows\System\VjuYmEn.exe
C:\Windows\System\VjuYmEn.exe
2⤵
PID:9240

C:\Windows\System\pusrAaI.exe
C:\Windows\System\pusrAaI.exe
2⤵
PID:9256

C:\Windows\System\VUXfVnW.exe
C:\Windows\System\VUXfVnW.exe
2⤵
PID:9272

C:\Windows\System\wToUABi.exe
C:\Windows\System\wToUABi.exe
2⤵
PID:9288

C:\Windows\System\UGrqyNi.exe
C:\Windows\System\UGrqyNi.exe
2⤵
PID:9304

C:\Windows\System\CXkPQOC.exe
C:\Windows\System\CXkPQOC.exe
2⤵
PID:9320

C:\Windows\System\pgYDkth.exe
C:\Windows\System\pgYDkth.exe
2⤵
PID:9336

C:\Windows\System\eOzMRqu.exe
C:\Windows\System\eOzMRqu.exe
2⤵
PID:9352

C:\Windows\System\nTRvvHa.exe
C:\Windows\System\nTRvvHa.exe
2⤵
PID:9368

C:\Windows\System\NXhfmNS.exe
C:\Windows\System\NXhfmNS.exe
2⤵
PID:9384

C:\Windows\System\voBqrUu.exe
C:\Windows\System\voBqrUu.exe
2⤵
PID:9400

C:\Windows\System\rGBFgPI.exe
C:\Windows\System\rGBFgPI.exe
2⤵
PID:9416

C:\Windows\System\CiMcMAK.exe
C:\Windows\System\CiMcMAK.exe
2⤵
PID:9432

C:\Windows\System\eDMzevt.exe
C:\Windows\System\eDMzevt.exe
2⤵
PID:9448

C:\Windows\System\xCtwwoG.exe
C:\Windows\System\xCtwwoG.exe
2⤵
PID:9464

C:\Windows\System\AREHzzI.exe
C:\Windows\System\AREHzzI.exe
2⤵
PID:9480

C:\Windows\System\MMRbiKx.exe
C:\Windows\System\MMRbiKx.exe
2⤵
PID:9496

C:\Windows\System\kWWXpGx.exe
C:\Windows\System\kWWXpGx.exe
2⤵
PID:9512

C:\Windows\System\jtuqObJ.exe
C:\Windows\System\jtuqObJ.exe
2⤵
PID:9528

C:\Windows\System\SbInGME.exe
C:\Windows\System\SbInGME.exe
2⤵
PID:9548

C:\Windows\System\ABCaSek.exe
C:\Windows\System\ABCaSek.exe
2⤵
PID:9564

C:\Windows\System\siVYbDc.exe
C:\Windows\System\siVYbDc.exe
2⤵
PID:9580

C:\Windows\System\xQPHkQh.exe
C:\Windows\System\xQPHkQh.exe
2⤵
PID:9596

C:\Windows\System\tVgbBeV.exe
C:\Windows\System\tVgbBeV.exe
2⤵
PID:9612

C:\Windows\System\WEJfMlK.exe
C:\Windows\System\WEJfMlK.exe
2⤵
PID:9628

C:\Windows\System\hRdCyDJ.exe
C:\Windows\System\hRdCyDJ.exe
2⤵
PID:9644

C:\Windows\System\DxPkfhd.exe
C:\Windows\System\DxPkfhd.exe
2⤵
PID:9660

C:\Windows\System\bXLJppE.exe
C:\Windows\System\bXLJppE.exe
2⤵
PID:9676

C:\Windows\System\sgsFGcO.exe
C:\Windows\System\sgsFGcO.exe
2⤵
PID:9692

C:\Windows\System\WoSYFNH.exe
C:\Windows\System\WoSYFNH.exe
2⤵
PID:9708

C:\Windows\System\qYrsRBL.exe
C:\Windows\System\qYrsRBL.exe
2⤵
PID:9724

C:\Windows\System\FYhSDhS.exe
C:\Windows\System\FYhSDhS.exe
2⤵
PID:9740

C:\Windows\System\VOVilMp.exe
C:\Windows\System\VOVilMp.exe
2⤵
PID:9756

C:\Windows\System\FVHLMIY.exe
C:\Windows\System\FVHLMIY.exe
2⤵
PID:9772

C:\Windows\System\QmhtlKy.exe
C:\Windows\System\QmhtlKy.exe
2⤵
PID:9788

C:\Windows\System\MCxXfNi.exe
C:\Windows\System\MCxXfNi.exe
2⤵
PID:9804

C:\Windows\System\WDbDeck.exe
C:\Windows\System\WDbDeck.exe
2⤵
PID:9820

C:\Windows\System\ujaVEta.exe
C:\Windows\System\ujaVEta.exe
2⤵
PID:9836

C:\Windows\System\EsZnXKm.exe
C:\Windows\System\EsZnXKm.exe
2⤵
PID:9852

C:\Windows\System\cHuCUyn.exe
C:\Windows\System\cHuCUyn.exe
2⤵
PID:9868

C:\Windows\System\cNmVtUc.exe
C:\Windows\System\cNmVtUc.exe
2⤵
PID:9884

C:\Windows\System\TFnjTPV.exe
C:\Windows\System\TFnjTPV.exe
2⤵
PID:9900

C:\Windows\System\aLSYDDr.exe
C:\Windows\System\aLSYDDr.exe
2⤵
PID:9916

C:\Windows\System\KAzRNHQ.exe
C:\Windows\System\KAzRNHQ.exe
2⤵
PID:9932

C:\Windows\System\FjkIaeR.exe
C:\Windows\System\FjkIaeR.exe
2⤵
PID:9948

C:\Windows\System\xUCVybO.exe
C:\Windows\System\xUCVybO.exe
2⤵
PID:9964

C:\Windows\System\lmXUuec.exe
C:\Windows\System\lmXUuec.exe
2⤵
PID:9980

C:\Windows\System\yrUBGhY.exe
C:\Windows\System\yrUBGhY.exe
2⤵
PID:10000

C:\Windows\System\JTrszaY.exe
C:\Windows\System\JTrszaY.exe
2⤵
PID:10016

C:\Windows\System\htERruw.exe
C:\Windows\System\htERruw.exe
2⤵
PID:10032

C:\Windows\System\NtcDePu.exe
C:\Windows\System\NtcDePu.exe
2⤵
PID:10048

C:\Windows\System\DBoQfJa.exe
C:\Windows\System\DBoQfJa.exe
2⤵
PID:10064

C:\Windows\System\AUrCQXt.exe
C:\Windows\System\AUrCQXt.exe
2⤵
PID:10080

C:\Windows\System\kWGkfqe.exe
C:\Windows\System\kWGkfqe.exe
2⤵
PID:10096

C:\Windows\System\bRtjCha.exe
C:\Windows\System\bRtjCha.exe
2⤵
PID:10112

C:\Windows\System\ctESxCx.exe
C:\Windows\System\ctESxCx.exe
2⤵
PID:10128

C:\Windows\System\PbLNXLF.exe
C:\Windows\System\PbLNXLF.exe
2⤵
PID:10144

C:\Windows\System\nWcXGrL.exe
C:\Windows\System\nWcXGrL.exe
2⤵
PID:10160

C:\Windows\System\HllpoAE.exe
C:\Windows\System\HllpoAE.exe
2⤵
PID:10176

C:\Windows\System\wysuztC.exe
C:\Windows\System\wysuztC.exe
2⤵
PID:10192

C:\Windows\System\ZyyXyyq.exe
C:\Windows\System\ZyyXyyq.exe
2⤵
PID:10208

C:\Windows\System\ZrfExRl.exe
C:\Windows\System\ZrfExRl.exe
2⤵
PID:10224

C:\Windows\System\FKeSTJg.exe
C:\Windows\System\FKeSTJg.exe
2⤵
PID:8616

C:\Windows\System\DugRfTb.exe
C:\Windows\System\DugRfTb.exe
2⤵
PID:8832

C:\Windows\System\YCHkMxL.exe
C:\Windows\System\YCHkMxL.exe
2⤵
PID:9180

C:\Windows\System\XlvtYBc.exe
C:\Windows\System\XlvtYBc.exe
2⤵
PID:7860

C:\Windows\System\BORUIFI.exe
C:\Windows\System\BORUIFI.exe
2⤵
PID:7016

C:\Windows\System\hNSjWSj.exe
C:\Windows\System\hNSjWSj.exe
2⤵
PID:2044

C:\Windows\System\ctTjLXC.exe
C:\Windows\System\ctTjLXC.exe
2⤵
PID:6164

C:\Windows\System\wGqtnSp.exe
C:\Windows\System\wGqtnSp.exe
2⤵
PID:5416

C:\Windows\System\glLXoWW.exe
C:\Windows\System\glLXoWW.exe
2⤵
PID:7764

C:\Windows\System\hDEnrKY.exe
C:\Windows\System\hDEnrKY.exe
2⤵
PID:7644

C:\Windows\System\qWOkJvr.exe
C:\Windows\System\qWOkJvr.exe
2⤵
PID:8328

C:\Windows\System\fstQbTp.exe
C:\Windows\System\fstQbTp.exe
2⤵
PID:1796

C:\Windows\System\GWXShaP.exe
C:\Windows\System\GWXShaP.exe
2⤵
PID:8264

C:\Windows\System\TGiwzda.exe
C:\Windows\System\TGiwzda.exe
2⤵
PID:8380

C:\Windows\System\KGxkFZK.exe
C:\Windows\System\KGxkFZK.exe
2⤵
PID:8488

C:\Windows\System\yseOowe.exe
C:\Windows\System\yseOowe.exe
2⤵
PID:2372

C:\Windows\System\vtluCyf.exe
C:\Windows\System\vtluCyf.exe
2⤵
PID:7968

C:\Windows\System\pngGmEQ.exe
C:\Windows\System\pngGmEQ.exe
2⤵
PID:3392

C:\Windows\System\fRyEmsB.exe
C:\Windows\System\fRyEmsB.exe
2⤵
PID:2908

C:\Windows\System\vmaDqSX.exe
C:\Windows\System\vmaDqSX.exe
2⤵
PID:3936

C:\Windows\System\ohMuSxg.exe
C:\Windows\System\ohMuSxg.exe
2⤵
PID:8704

C:\Windows\System\IMqlrLy.exe
C:\Windows\System\IMqlrLy.exe
2⤵
PID:9152

C:\Windows\System\uSCvFly.exe
C:\Windows\System\uSCvFly.exe
2⤵
PID:9264

C:\Windows\System\QDcTYMM.exe
C:\Windows\System\QDcTYMM.exe
2⤵
PID:9392

C:\Windows\System\uNKthEf.exe
C:\Windows\System\uNKthEf.exe
2⤵
PID:8656

C:\Windows\System\ojlqwGX.exe
C:\Windows\System\ojlqwGX.exe
2⤵
PID:10256

C:\Windows\System\qSXOtHh.exe
C:\Windows\System\qSXOtHh.exe
2⤵
PID:10272

C:\Windows\System\kVRkznI.exe
C:\Windows\System\kVRkznI.exe
2⤵
PID:10288

C:\Windows\System\GgZjdJV.exe
C:\Windows\System\GgZjdJV.exe
2⤵
PID:10304

C:\Windows\System\ZjFziGc.exe
C:\Windows\System\ZjFziGc.exe
2⤵
PID:10320

C:\Windows\System\uEjvmUh.exe
C:\Windows\System\uEjvmUh.exe
2⤵
PID:10336

C:\Windows\System\LGoXMlQ.exe
C:\Windows\System\LGoXMlQ.exe
2⤵
PID:10352

C:\Windows\System\YqTYEZJ.exe
C:\Windows\System\YqTYEZJ.exe
2⤵
PID:10368

C:\Windows\System\UQSiyyz.exe
C:\Windows\System\UQSiyyz.exe
2⤵
PID:10384

C:\Windows\System\Tocmbqj.exe
C:\Windows\System\Tocmbqj.exe
2⤵
PID:10400

C:\Windows\System\DKyHeNN.exe
C:\Windows\System\DKyHeNN.exe
2⤵
PID:10416

C:\Windows\System\oderVdc.exe
C:\Windows\System\oderVdc.exe
2⤵
PID:10432

C:\Windows\System\SOqNvcD.exe
C:\Windows\System\SOqNvcD.exe
2⤵
PID:10448

C:\Windows\System\kRbKdhW.exe
C:\Windows\System\kRbKdhW.exe
2⤵
PID:10464

C:\Windows\System\ygUHpwq.exe
C:\Windows\System\ygUHpwq.exe
2⤵
PID:10480

C:\Windows\System\gCDxwug.exe
C:\Windows\System\gCDxwug.exe
2⤵
PID:10496

C:\Windows\System\mIYeeYM.exe
C:\Windows\System\mIYeeYM.exe
2⤵
PID:10512

C:\Windows\System\sKOQSPW.exe
C:\Windows\System\sKOQSPW.exe
2⤵
PID:10528

C:\Windows\System\MWATsGq.exe
C:\Windows\System\MWATsGq.exe
2⤵
PID:10544

C:\Windows\System\THlrEYR.exe
C:\Windows\System\THlrEYR.exe
2⤵
PID:10560

C:\Windows\System\hLtsvdU.exe
C:\Windows\System\hLtsvdU.exe
2⤵
PID:10576

C:\Windows\System\NMDFnRl.exe
C:\Windows\System\NMDFnRl.exe
2⤵
PID:10592

C:\Windows\System\RZTtcFG.exe
C:\Windows\System\RZTtcFG.exe
2⤵
PID:10608

C:\Windows\System\mMtrjJH.exe
C:\Windows\System\mMtrjJH.exe
2⤵
PID:10624

C:\Windows\System\dcIfwyp.exe
C:\Windows\System\dcIfwyp.exe
2⤵
PID:10640

C:\Windows\System\DcZduIf.exe
C:\Windows\System\DcZduIf.exe
2⤵
PID:10656

C:\Windows\System\hWzHuVS.exe
C:\Windows\System\hWzHuVS.exe
2⤵
PID:10672

C:\Windows\System\SBIUbvB.exe
C:\Windows\System\SBIUbvB.exe
2⤵
PID:10688

C:\Windows\System\DglYJPg.exe
C:\Windows\System\DglYJPg.exe
2⤵
PID:10704

C:\Windows\System\DIgRaNx.exe
C:\Windows\System\DIgRaNx.exe
2⤵
PID:10728

C:\Windows\System\uhSeDqU.exe
C:\Windows\System\uhSeDqU.exe
2⤵
PID:10744

C:\Windows\System\psvDNnx.exe
C:\Windows\System\psvDNnx.exe
2⤵
PID:10760

C:\Windows\System\jgDWFHH.exe
C:\Windows\System\jgDWFHH.exe
2⤵
PID:10776

C:\Windows\System\gbUyxXs.exe
C:\Windows\System\gbUyxXs.exe
2⤵
PID:10792

C:\Windows\System\sJhFIrw.exe
C:\Windows\System\sJhFIrw.exe
2⤵
PID:10808

C:\Windows\System\cqLmZIG.exe
C:\Windows\System\cqLmZIG.exe
2⤵
PID:10824

C:\Windows\System\qKYAcvV.exe
C:\Windows\System\qKYAcvV.exe
2⤵
PID:10840

C:\Windows\System\oqXSHPQ.exe
C:\Windows\System\oqXSHPQ.exe
2⤵
PID:10856

C:\Windows\System\ZdcgwDm.exe
C:\Windows\System\ZdcgwDm.exe
2⤵
PID:10872

C:\Windows\System\yDTaZWo.exe
C:\Windows\System\yDTaZWo.exe
2⤵
PID:10888

C:\Windows\System\MliNkMW.exe
C:\Windows\System\MliNkMW.exe
2⤵
PID:10904

C:\Windows\System\FMnwWTD.exe
C:\Windows\System\FMnwWTD.exe
2⤵
PID:10920

C:\Windows\System\aQpUjEI.exe
C:\Windows\System\aQpUjEI.exe
2⤵
PID:10936

C:\Windows\System\xmUfAOC.exe
C:\Windows\System\xmUfAOC.exe
2⤵
PID:10952

C:\Windows\System\wZyspUs.exe
C:\Windows\System\wZyspUs.exe
2⤵
PID:10968

C:\Windows\System\MtcldHe.exe
C:\Windows\System\MtcldHe.exe
2⤵
PID:10984

C:\Windows\System\aCtqzle.exe
C:\Windows\System\aCtqzle.exe
2⤵
PID:11000

C:\Windows\System\KlQyjYQ.exe
C:\Windows\System\KlQyjYQ.exe
2⤵
PID:11016

C:\Windows\System\fthcCVs.exe
C:\Windows\System\fthcCVs.exe
2⤵
PID:11036

C:\Windows\System\yURtHsK.exe
C:\Windows\System\yURtHsK.exe
2⤵
PID:11052

C:\Windows\System\jYDVrrs.exe
C:\Windows\System\jYDVrrs.exe
2⤵
PID:11068

C:\Windows\System\RKuMNuT.exe
C:\Windows\System\RKuMNuT.exe
2⤵
PID:11084

C:\Windows\System\JohPRcU.exe
C:\Windows\System\JohPRcU.exe
2⤵
PID:11100

C:\Windows\System\VTiKziJ.exe
C:\Windows\System\VTiKziJ.exe
2⤵
PID:11116

C:\Windows\System\yloIDzp.exe
C:\Windows\System\yloIDzp.exe
2⤵
PID:11132

C:\Windows\System\OPARLKV.exe
C:\Windows\System\OPARLKV.exe
2⤵
PID:11148

C:\Windows\System\iCdUEYO.exe
C:\Windows\System\iCdUEYO.exe
2⤵
PID:11164

C:\Windows\System\oiNZEvS.exe
C:\Windows\System\oiNZEvS.exe
2⤵
PID:11180

C:\Windows\System\rcAkTUl.exe
C:\Windows\System\rcAkTUl.exe
2⤵
PID:11196

C:\Windows\System\VuTtIri.exe
C:\Windows\System\VuTtIri.exe
2⤵
PID:11212

C:\Windows\System\UhSTbzc.exe
C:\Windows\System\UhSTbzc.exe
2⤵
PID:11228

C:\Windows\System\kpICCyS.exe
C:\Windows\System\kpICCyS.exe
2⤵
PID:11244

C:\Windows\System\oxgwbgX.exe
C:\Windows\System\oxgwbgX.exe
2⤵
PID:11260

C:\Windows\System\oNwmCkO.exe
C:\Windows\System\oNwmCkO.exe
2⤵
PID:7400

C:\Windows\System\UuWLElE.exe
C:\Windows\System\UuWLElE.exe
2⤵
PID:9020

C:\Windows\System\EEvtJrF.exe
C:\Windows\System\EEvtJrF.exe
2⤵
PID:9396

C:\Windows\System\sPHOcEf.exe
C:\Windows\System\sPHOcEf.exe
2⤵
PID:9488

C:\Windows\System\JMjTRpF.exe
C:\Windows\System\JMjTRpF.exe
2⤵
PID:9556

C:\Windows\System\SyCNLQR.exe
C:\Windows\System\SyCNLQR.exe
2⤵
PID:9624

C:\Windows\System\ZkDHYmu.exe
C:\Windows\System\ZkDHYmu.exe
2⤵
PID:9716

C:\Windows\System\EViAZEY.exe
C:\Windows\System\EViAZEY.exe
2⤵
PID:9784

C:\Windows\System\PbioaCa.exe
C:\Windows\System\PbioaCa.exe
2⤵
PID:9844

C:\Windows\System\TlEERzz.exe
C:\Windows\System\TlEERzz.exe
2⤵
PID:9908

C:\Windows\System\CBVetgO.exe
C:\Windows\System\CBVetgO.exe
2⤵
PID:9972

C:\Windows\System\nTrkfGG.exe
C:\Windows\System\nTrkfGG.exe
2⤵
PID:10040

C:\Windows\System\gBjTuIJ.exe
C:\Windows\System\gBjTuIJ.exe
2⤵
PID:10104

C:\Windows\System\egZzfFh.exe
C:\Windows\System\egZzfFh.exe
2⤵
PID:10168

C:\Windows\System\tAEMmui.exe
C:\Windows\System\tAEMmui.exe
2⤵
PID:10232

C:\Windows\System\hzvbBzJ.exe
C:\Windows\System\hzvbBzJ.exe
2⤵
PID:8016

C:\Windows\System\yccSVHO.exe
C:\Windows\System\yccSVHO.exe
2⤵
PID:4264

C:\Windows\System\QSMMClg.exe
C:\Windows\System\QSMMClg.exe
2⤵
PID:5088

C:\Windows\System\NVlXaGd.exe
C:\Windows\System\NVlXaGd.exe
2⤵
PID:7780

C:\Windows\System\bpMMgKA.exe
C:\Windows\System\bpMMgKA.exe
2⤵
PID:7256

C:\Windows\System\PdcYbUe.exe
C:\Windows\System\PdcYbUe.exe
2⤵
PID:9520

C:\Windows\System\etJLscF.exe
C:\Windows\System\etJLscF.exe
2⤵
PID:10300

C:\Windows\System\UdjMSMf.exe
C:\Windows\System\UdjMSMf.exe
2⤵
PID:10364

C:\Windows\System\tPPXgGR.exe
C:\Windows\System\tPPXgGR.exe
2⤵
PID:10488

C:\Windows\System\rShJsGD.exe
C:\Windows\System\rShJsGD.exe
2⤵
PID:10552

C:\Windows\System\nGOEtVo.exe
C:\Windows\System\nGOEtVo.exe
2⤵
PID:10620

C:\Windows\System\jUOqhsq.exe
C:\Windows\System\jUOqhsq.exe
2⤵
PID:8684

C:\Windows\System\aaViBtI.exe
C:\Windows\System\aaViBtI.exe
2⤵
PID:8748

C:\Windows\System\LCCQeli.exe
C:\Windows\System\LCCQeli.exe
2⤵
PID:8816

C:\Windows\System\rylNfqr.exe
C:\Windows\System\rylNfqr.exe
2⤵
PID:8880

C:\Windows\System\TZunhGP.exe
C:\Windows\System\TZunhGP.exe
2⤵
PID:8976

C:\Windows\System\ziyilxc.exe
C:\Windows\System\ziyilxc.exe
2⤵
PID:9040

C:\Windows\System\ItJucrg.exe
C:\Windows\System\ItJucrg.exe
2⤵
PID:9104

C:\Windows\System\mPeEaMf.exe
C:\Windows\System\mPeEaMf.exe
2⤵
PID:9168

C:\Windows\System\CavrPlc.exe
C:\Windows\System\CavrPlc.exe
2⤵
PID:1652

C:\Windows\System\oXguFEm.exe
C:\Windows\System\oXguFEm.exe
2⤵
PID:11280

C:\Windows\System\INFGYLL.exe
C:\Windows\System\INFGYLL.exe
2⤵
PID:11296

C:\Windows\System\pRGaZZw.exe
C:\Windows\System\pRGaZZw.exe
2⤵
PID:11312

C:\Windows\System\urlXBQQ.exe
C:\Windows\System\urlXBQQ.exe
2⤵
PID:11328

C:\Windows\System\qQYWhkW.exe
C:\Windows\System\qQYWhkW.exe
2⤵
PID:11344

C:\Windows\System\ooXOLgg.exe
C:\Windows\System\ooXOLgg.exe
2⤵
PID:11360

C:\Windows\System\MVVqOcH.exe
C:\Windows\System\MVVqOcH.exe
2⤵
PID:11376

C:\Windows\System\nBhgIdg.exe
C:\Windows\System\nBhgIdg.exe
2⤵
PID:11392

C:\Windows\System\fKafVki.exe
C:\Windows\System\fKafVki.exe
2⤵
PID:11408

C:\Windows\System\xnjELzS.exe
C:\Windows\System\xnjELzS.exe
2⤵
PID:11424

C:\Windows\System\ERRcCft.exe
C:\Windows\System\ERRcCft.exe
2⤵
PID:11440

C:\Windows\System\jHxSBrr.exe
C:\Windows\System\jHxSBrr.exe
2⤵
PID:11456

C:\Windows\System\HnYNpLa.exe
C:\Windows\System\HnYNpLa.exe
2⤵
PID:11472

C:\Windows\System\EIwWNgO.exe
C:\Windows\System\EIwWNgO.exe
2⤵
PID:11488

C:\Windows\System\JMefaQP.exe
C:\Windows\System\JMefaQP.exe
2⤵
PID:11504

C:\Windows\System\IFrfNyl.exe
C:\Windows\System\IFrfNyl.exe
2⤵
PID:11520

C:\Windows\System\VTRujkR.exe
C:\Windows\System\VTRujkR.exe
2⤵
PID:11536

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AIrlvKT.exe
Filesize
6.0MB

MD5
a8e636c7558494ecfafa47f891a055de

SHA1
27f13604aed8c479d5a157eb7f225160053a1422

SHA256
eb2709f3ca1893defcbac82f5407de6060bb6e77df954da30faa8bd2cb24563b

SHA512
6a97a6ffab57174eb90a68c3db06e78734b105e9d7ab9a9fb0bc4f7c51e7df3bc63fe170a7958f797652f3ed6c384a1282e277bd0d89954d8333f8f231a74912

Download Submit
C:\Windows\system\AUOQVGf.exe
Filesize
6.0MB

MD5
ee1bec4b9f5d6a4321b92ada5608f66e

SHA1
267352e55e43a52c3ea02c01c515ab002b0fd5e4

SHA256
2902b349d33467646acc3faad0521cf384de0fa3a858d94224d09bea94691e00

SHA512
9cdbd553f294f0f9e44b0819703f39304798d513454d459f668b6e0cf2d2da23651d4abc53bf55f238833197aad4b04c93f373d9b54a1e53c4111ac4cd989d48

Download Submit
C:\Windows\system\IsxLsmR.exe
Filesize
6.0MB

MD5
c3f79e5e0e64b288bac19ae70f8915c0

SHA1
41fa717146726608a27015d1b062f51ab1902575

SHA256
c24133c285ebaff99543c8275cfb8cc7f7aeac628ace5748bf85148b218d5fdc

SHA512
78361a75e1c21a9fc6df785ec0299db22762d7e5abb682f4e3406ad51006b6c9a34916449660271b229e76a26456178cae825d0de5edc641ce5e253d915e5229

Download Submit
C:\Windows\system\PvpBFko.exe
Filesize
6.0MB

MD5
c5ae42951c28c7874d0b155f37db8c82

SHA1
a458b53204566c4c7a3f2d78576061d22796b42a

SHA256
463bd821fe9cd1c699082c3be50ff000a59e0c054f6044f0f7626557a5514cd7

SHA512
a55630ca2c6098064ec09b8295627ae6a70c7100d728d1c405562011d880f81f384c924e3622de261f22645ee35f3a6ee67ef368cc50067abc18611c7b7b2bb2

Download Submit
C:\Windows\system\TCHRxEl.exe
Filesize
6.0MB

MD5
a73328d0727833a1618481d148476f35

SHA1
459afa164ccf226c858cda6c601464f8670f3e34

SHA256
c7b43d218bec2e17fbe0e25c8a91f1d4b5a68f6a4ced11082497b49e65dbf063

SHA512
50af6257e5396e418497fdc1db011c83c65f1e57e95b46be0213fbac193230052094a0a598086d1d6c7c2559713d44e6d360e3076947881b84317f6146e393a0

Download Submit
C:\Windows\system\ULYLTZp.exe
Filesize
6.0MB

MD5
1f202d6efab07a266afec89a101e4041

SHA1
fe0b8b0b72f19d2836e4806e805950952e6d4871

SHA256
55b5e5b89512d328974d97ed5548722c0c5394e3a4bba49328539e2c363b0f1e

SHA512
0574e2935f3fb412e8ce395b7d1eba7e8c270a403589c2670001d064cfa4ceefd45d1d1cb156a7e3fc6def86a5eb7afa255a8bf3e2be6cae264621d562553d43

Download Submit
C:\Windows\system\YynSasc.exe
Filesize
6.0MB

MD5
339a9c5cb297f3c40dbd282d4f5fecd8

SHA1
4ef066baddad486d9cdf2979649ec1647860319a

SHA256
14ef294662a1c984cdd1569eca4643c842563dc66e5c309e48fecc00ecfebe53

SHA512
00afc9bf5c0192cbcf28bd511d7e55d9ab858e762996771c2e76b295953cf59a4b9431435142bf9100ed3fbd3117eee4435956e520a56e880fb323e4c1492a2d

Download Submit
C:\Windows\system\ZoJYSsx.exe
Filesize
6.0MB

MD5
5836cab7256b369f2f44d13cfc692a6a

SHA1
7058e6261dbfeff446db088ee42befeb6a2e5db1

SHA256
07342a733c6072a1f2958ce920e8dab9236200eea9609994399228255e7176c0

SHA512
30e87dfa505b1f980f4766618208003f076440aee581630f0cddda6b2806667b62d851d9292863c6f3d8050706b71c5fd57b915a72fb887f33e4a7758d895ac9

Download Submit
C:\Windows\system\aiQReBd.exe
Filesize
6.0MB

MD5
c75e61ff808f332798fab95f1316336d

SHA1
8fd16afd0c803b7bb0fab023c6a22221bc836054

SHA256
751ce18b83e8444bec83440de697586054422f78c97f9095823f6a39e6f2d93c

SHA512
5adef59e2527378fa932564416e8a6481b631fd7903b0aab054deab5f0910b90c1ba932dba18eaeae6fccd4cc7e4ce0ba8d391db9d702f5fd5600180a81dab33

Download Submit
C:\Windows\system\cPnsvHb.exe
Filesize
6.0MB

MD5
60395bcc9de3f8e08d77a94ff3542cdb

SHA1
a98d66eff8a6be28806ace2f865ed642714e0dc2

SHA256
b777870902e15724d059e10d0b5e08626f4967b60e0bd68103fe9dc775becc53

SHA512
23e691db88fcc9c12461c4c00c56c0332b02ba5964af3d725c26e96cea4624f6b2d7b817b412af44a032daf07153f319198dd3ff9b51eaf010ea02595524744d

Download Submit
C:\Windows\system\dgrAzKx.exe
Filesize
6.0MB

MD5
2d8a00b8066ec5d4c5d2ea1f73937606

SHA1
104b3beb4c7a0eb1e2dda7452530dd32df042529

SHA256
aeb102eec050e0ce948ab12621f78295d776f76db3bd4375aa67e99196e068f1

SHA512
53b8ca1098929f6a69490f71d0b2d2a7aab850445c122a1b260fb7990d2466978dbf5fb2af66eea94661f344c7b2e402afc12efef529b1b4a8e83d4c0370890d

Download Submit
C:\Windows\system\fGbEFIw.exe
Filesize
6.0MB

MD5
71f83e5abd80fc9f39161e2cd22e1e51

SHA1
ec474de7c1d2e664cb814cb2e13fac0f716f8368

SHA256
33485a1e754588931af4e385c8f479f0f25eae63bb638a35cb8f71d5cf65d133

SHA512
641297fe5b0d41759aa4874dc60dedd484bfa04655aef432736ef75e736358e8f2fdd2af9d45e6f3427ec9481190097cea5605f348c2d39023318f74e58cd11a

Download Submit
C:\Windows\system\ieOrfjY.exe
Filesize
6.0MB

MD5
5d87b388cc14b99ac79c50a367e0ad6d

SHA1
614384d01d67f3e99f97162b8ba9e2949f7d74b5

SHA256
030aaf3e1f66031c8ac95fed6328734ea99daa0813146ca1039df5fb26489720

SHA512
44345d5ad6c688f65a6996a1d1ab6bf7796f31d195bc3a3b68184eba8c99ba8150160680b24209fc757e0b0238f75370cad01984ebd88cfc0532f6036216d474

Download Submit
C:\Windows\system\itRbtrS.exe
Filesize
6.0MB

MD5
5e51f99d8e9cfafd112cbf2dacc202ba

SHA1
6e54dc5ff9f19395d0ac14441ada3bde8d8c4fe7

SHA256
734aba2af4ef0039cc7ee807247176285522aa05e7c7ebcd8a58dbe718296c62

SHA512
ea21b0e425e8eb77ff13e84802ee2cc2561bc5654822a2f85d15bf81d8c1b7b70f88821a94172158043c022d1368b9b71588b2fe8caa6fbb49ab1d794e735648

Download Submit
C:\Windows\system\jSrbWBu.exe
Filesize
6.0MB

MD5
0b97a2d1dd9d8d8f6d09f6d5abb04fb2

SHA1
fb3225a05ac5a74863e920f0e9b8673292fe1cff

SHA256
189a4406682c46bf7f0dd61621b23dcabd9f3be6f2cb20f972c55e3d86e6a0f1

SHA512
f2da1de630ac64cf369c8f5337280f0e16b549cf8bb93e11eaee566017b57051d2eb8bdc4ae26e0bc87e3b71effdbf099482a2f96e4bf384e71ff4e813962646

Download Submit
C:\Windows\system\kkEmkXU.exe
Filesize
6.0MB

MD5
1db1d96a5c9e26289e431a1f39afceea

SHA1
787abd4db594788bfd060f485b4f284a87f0bd0d

SHA256
511c361a0dbca14a3f63d02527fc0e8cdf2aa962f20a25f6056df13425f21202

SHA512
f2dd7ef6efc158ac36664c00c8420a52b8f60f7a654952d6a489ee7acd3524464fde61833ff4b9c3818fd55bec36595a7077de931ce8e9fc910d9aa4369026d3

Download Submit
C:\Windows\system\pIoweZe.exe
Filesize
6.0MB

MD5
aa6056eda8aff0407621f6cd99c7708a

SHA1
d83b09baf4d654399f300184e9fe85a995c55724

SHA256
67fac026c8c3be698d7ddd60e21dc565b7895d90ca35ea4431ed90aa14106e98

SHA512
f3841c150555ba68b3b241cf287326b95e538863e41a16e5bae6ccff44b52f7ea3563265e33004ac4a217701d20ca6db09fa25df1824846d98a93dc086bb4e88

Download Submit
C:\Windows\system\uAeAbsu.exe
Filesize
4.5MB

MD5
b839893f9efcf0af421cb25de21cc707

SHA1
e2bf1c85e48fc6c7ee632f27e28ddc9cfd9ed53d

SHA256
d920d54982ededf037a1027fd96dcb24d59e08d182a7eb278e48cb45e917ba95

SHA512
3ef02cf27503205ab47182915756281ab2c64a6c8c012b65890cb329124ceeb7dd8039b81a544a49c941ec9091b486281c362332fd76ebbea9b56055238e414d

Download Submit
C:\Windows\system\vcuINkH.exe
Filesize
6.0MB

MD5
4dc625a18caea16d770887f42acf613f

SHA1
7089c1a381bd008ee23089a6d700e2c1c67b2dde

SHA256
f5e0939bf39e9587d343585faafcc39fe324e05b6e0134870c819e974c397644

SHA512
701eed2494d4372dcb3800224dda35c183bf578706ce7e67a0fcaf24322954a273404c59cdc971f74adf4c1821e514da9d482c3a226a0724bd6714f2b56554e2

Download Submit
C:\Windows\system\wWBEszJ.exe
Filesize
6.0MB

MD5
da2922ac77067de7403e7853ff3904ba

SHA1
e1a309968ca03e6082780c5825b406987bd553d1

SHA256
d31b7b792ca72e2acc4567bcce30d331d196d3ba6cc3039f69f267a3df959a6b

SHA512
ddccb67a0227230b4f98a91ab784b60f0533136d300916c156fb93a99a16f4fade3a723f53c6fd4e6afc0400707531bc666dd6316a1305383bf10b12ae455ebf

Download Submit
\Windows\system\BJVRaVP.exe
Filesize
6.0MB

MD5
2d18ad3aaf74d795ff8e1e76b70b9baf

SHA1
e640f80af26875f72e7d2cf7cba3098533c0c1b0

SHA256
480c8c3eecb0939df9f41305acc1c56ad64b6fb73a95c847328261310123b3fd

SHA512
4730da0e3d99bc8d2b2211f040bd354d7b44e678969f902a516eb8a8986c173d9062882bdaee1d4a29e21205b428c5ed9d29b97f4cfb499b4c875d41371239c3

Download Submit
\Windows\system\FZdEjtp.exe
Filesize
6.0MB

MD5
354d6ec4585c43dd997094011e64e49c

SHA1
3c72b287ed5456890c8ca93054847741b2473330

SHA256
9a76f7f3d1ce2828c17a13d92dbc98c2c1550ec46afb6ad3b083b5ded109cf02

SHA512
5b6150b37c987fcbb55226827303ac0509863e924b0401e70da93eeff72c9bdbf61a8da9c839fbb8c17280b2b7f97a928528c3afbbfb4df0e512e8b061cfbbb7

Download Submit
\Windows\system\KlPBOpV.exe
Filesize
6.0MB

MD5
6238897143be39a4ba05d2219d5c1878

SHA1
badc613f8670dd59d3ce67be74bbc68f3d80af71

SHA256
596cd78ddf6c481c68f28aea83066bbd673c9886aa74d552037c3d11297b160b

SHA512
a1345e828b2c18890fb434a1614c0b0ed5c11a51f39bb7b4b58c092b43d60ee57094ebc106c757f1ef711e3fcea3e5daf950f963414cddcaeb199455f2dcbe1a

Download Submit
\Windows\system\MJkltfn.exe
Filesize
6.0MB

MD5
b219f8314648aeac36a269e1594049d4

SHA1
3ba7e294612609f13ae1da4cc622228a3a6c8d9e

SHA256
35b8d013e38467c093a5ae489c4958122ba9711bdb9133ac086a049dff99640c

SHA512
4d0408b640d97006dec5c4cce5bc4375710085e005126862310d1dd31c7d5f19b3e8071dd5c35390dec5e44dd4f20e5d79514e62615f2ad1a331a4beb9b37da9

Download Submit
\Windows\system\OWAyTxB.exe
Filesize
6.0MB

MD5
9e6f5186055e5f125fbe5661ceafc483

SHA1
c6fc46673c0bdbcffe3bb374c12e4131a04f5f0e

SHA256
8dece4f05f4575097842ba218ceaac533bd614e43115ef6a5951e2038bd66b0d

SHA512
a2d3cf98f5be6e67c6632de3d089258c3309fd77b6ca97c0d15f407beaf51bd72ebd1eee3d99482200fb9d885ac5ad1d16aedd5844dc566fa5142840a7c5cf5c

Download Submit
\Windows\system\PzLAEZF.exe
Filesize
6.0MB

MD5
f273ba169479b5b3b52984ea559f8ff0

SHA1
29252cd8ba63c49ad8a8d1c71456151f66b46cc8

SHA256
06850f0960712a1fd28b361c0cbb791110071e4472ad84be8cbeb069c4ba7c2e

SHA512
0b32227e83ca07e8bd4c4a02584d73223fad056fa52daca1bde699b9c9cf33715ad76239cc3c348ced1facf3611e8dc2de4e6769e86f4d7ed8fbc9f66c81f940

Download Submit
\Windows\system\SWZQbPi.exe
Filesize
6.0MB

MD5
ce828527ee6f635396c40b1b0f25d554

SHA1
19ababe15f55473892b3f6d0c635e5b49fb2fd89

SHA256
5d20ebb835abe30de79810e75a904bc0e9955f23d8580c199c8f79745055e900

SHA512
e22b7724b3bbf1e96bed52a1354a6ea87165ecb05516ea1ce0b40e941139197abf367c16988d5a1cf67e182beeb2272774c1822f66826566ad5f6763d3f583bd

Download Submit
\Windows\system\VcUJUFF.exe
Filesize
6.0MB

MD5
3ab71c3fdc8d2090458dac5fd28855d6

SHA1
b7c7b2c667db279bab12bb9ba81db4545d7941ca

SHA256
1862e43bf82b465cfaa4deffd4c57fbd3afa7d9f395c3669531bd533fffc1385

SHA512
a174a0fb40da739c3d4ce997b06e86f3b8abb284b53d358ca1709835adccc6da25d6d71d2db60f522f8ea48117571727ebb54645bf0876033bee331c3054df33

Download Submit
\Windows\system\ahUsrPy.exe
Filesize
6.0MB

MD5
bdd3b43f0bb51162dbc90e52fd275574

SHA1
b7b7c85eca312e13bf8b2578a892d332f499f751

SHA256
0cb20dd6835cab246e65f6c8442816febb13deb29ccc7f2b95622c427529ac6e

SHA512
ac53b71abeb80fabafd21ad06b547dea0e39076888d13890df550a8bde0b5810b892316b195dd5fd31ef76eab64f5fade2e5ee1c81344679b09549d389ea6416

Download Submit
\Windows\system\aiQReBd.exe
Filesize
6.0MB

MD5
6aa5c394bf4fde896520e17af1671d9e

SHA1
7e4632688124e69eb979a73b088e9cb8ddec3e55

SHA256
36d12c41e86a3c24cf9bfaae00a2d8f78b1770f659a1d1761f9b5bd0290a30e5

SHA512
b0336c3fcc9a0d6e1293504b7e891c924e87aedbe7f548042cf0e37fab986c53b1fabe932d13938b3cfda268d2d6b490e0ff61e9678ddfd55a30af72fcae3b6e

Download Submit
\Windows\system\dcNhHVi.exe
Filesize
6.0MB

MD5
cbb10920e5332654450b2f862844b6f9

SHA1
13b9f7b220feed4122603801964c311b5d4caba4

SHA256
353d1eebcb65dcd76b100f072f570987abf88068a31b6ea3a8c1d2359b158e28

SHA512
93d98d9805add53cfcd41f5fbb345e68323ab7906a2e20081cb8aab5ca7f1c49ce9e0b482b1cb4c37a7cb3f9cf5517a4506afbf2b9fc5ff7b1fd02a1ac3052fa

Download Submit
\Windows\system\eFKODXj.exe
Filesize
6.0MB

MD5
a81ce7eafa698ab2b7ff119070e755b1

SHA1
265567d0a4d43770baccac109ba4416f4d1661bc

SHA256
a17c41caab5eda3d7f99c1b052350833afe7f023a3f74eaee494b1ccbb732ff6

SHA512
ce67bd2ef487368bd57f2d3bcedd1fd0b0e1292d584711e31ffa525355d52417f7c092b840a7a6ff4739a7321959311b82773422364b8330f9d4800a7463233d

Download Submit
\Windows\system\huFpuPh.exe
Filesize
6.0MB

MD5
f47212e680867c4616db8361c3730a45

SHA1
5921436833c0242ee55ab4380f4657aa0319a011

SHA256
651fc3fbb989ee40d8246f0a9805232ab557eaedc1827158b9b2a988d195e136

SHA512
0b6e9bb13adaab358915306c0121dad06609efbbd8928987d79115ad5fe0da117747c9b602404edc50fdd62f81c17718b65c0a2bbe5798e04d1ca01614416843

Download Submit
\Windows\system\hulfdpX.exe
Filesize
6.0MB

MD5
336c18aec66cad9ce6117ec0c6939d8f

SHA1
5d4d00886d1cb0c3ae254ef36a8dd2404df6a124

SHA256
62d046568fbb3d7ae964704a5944b5d6b9426b8e464ec4d1fa8b9b4ad46173cb

SHA512
61fef551424fb65be89f6adb1810baad9c9a6ff0d5fa513812b2aca7d4d2da3c1e4334263a942a003cdd00ef18d8aba39715a65a7ba1e8d76f488f669731ace9

Download Submit
\Windows\system\jSrbWBu.exe
Filesize
4.7MB

MD5
2474f39e9d7ec3cc474a93f6dac07f4b

SHA1
8b71cda7d20a641777377de0da913658cfa1cd70

SHA256
4845b7f8a77fd79ce1c3ec6697d502f2c59ebb459c81731733428f077be1d84a

SHA512
a7b9827d36068ce7835bfb0ce099b97db3ab7f3b5789ffdf97520d9f440de5964a78becca09f3c2030f48c89469ec2b16d0775b5c9766a207952fbcc7bf54425

Download Submit
\Windows\system\kVusOUP.exe
Filesize
6.0MB

MD5
12736304ed07db36ad2321c903d66180

SHA1
cccd9ce8b42e969235804d93e62953799d1fb791

SHA256
a82e090390fb3ec3fb9a2a32ce29f2da50245ad367c4778ca0918d3b85c24913

SHA512
45e6b19eecfb51afa70097a17cd7492c467bda6081e53eb2403f0075e78063b4e39d6e231849c43a4170347c223089ce6b2bc606c6570dd225ea7ee308dda17e

Download Submit
\Windows\system\obNQDyT.exe
Filesize
6.0MB

MD5
70aad79bd9af2fed872c494a9493ea44

SHA1
0b813ae63ac1803f3136e3b4f7b87ce1a1fdb983

SHA256
39eea07ddf2b11ad096e92ce8fc751734acea55ca7381f634ce74558bfb48a71

SHA512
9ef498c312e5f7919a88d0738a01a66e57dcee0b17af51d24f079307024d102fd35caaa29f9b6b8a024d2e4d63990cf8dc84b8000ebf17e8b95829bfd417c819

Download Submit
\Windows\system\qDPLvQu.exe
Filesize
6.0MB

MD5
8c14951c879a5d4398cbf5f5a0ae1b91

SHA1
c1b38eb742f20c5058b9037f5aaee8614c4bcc49

SHA256
8eac0ac5ac09aac80133b9497f037361c9f6a9ef15b193414e5d3ce9b2354650

SHA512
048e30db33bcc364816af61f74b53497910f55fa8eb6e4f45b23c362f32bbf47daeca5f8830bfdc99b3fa868769286d4ac95749e3781c002dbf39635a01fa496

Download Submit
\Windows\system\rTZkGhm.exe
Filesize
6.0MB

MD5
010490c0decc580d4abbc19a955b9fa4

SHA1
f49744aefded2a37f5ed6e7e4327566357223d89

SHA256
5ee88b5f831177c2708f7936f0625be5469e83edbf5dfbf1687826b10bba6f14

SHA512
7c6816bc8be74cbca62dce977cee0528615247c7d06bbf7e5372ae2fa7d7c274ac01171302006535ca4e60ebe5f78fdcfe1cf63145e360de34bb36675fdc3635

Download Submit
\Windows\system\sCDiGHn.exe
Filesize
6.0MB

MD5
3e1e677e1ec2388982eb2015261e608a

SHA1
2b39c67c90860000f5021085ba677c429ff0172c

SHA256
5d46c4d7c54e103e9730a275abcf9b3aa4161199a1b56a5fa60b022c2cff0a21

SHA512
6c30546673c31997a46c3a93f5ac45d9d58e27c4e89697bbdf2f09df059ea510f26b555a1dc888f528a44119f6cad058f9500d2d57ec911a47c41c9c204bff06

Download Submit
\Windows\system\sDVyCIM.exe
Filesize
6.0MB

MD5
5c32484eb12fc55eb9f762cf5417baea

SHA1
598c0c350f2da8fb5981db07b8e94a853071105b

SHA256
fc34c57509691e184c1ab12a295494b7166c7a39beb542a2083029dc105dc840

SHA512
8cc84a6ec9c5a49941ec4336dc716de4f60441e29c1e858d66114aa1d3f27b7b37b62c3c3df1d6fd14eef8a2f18d06b0e935be0996429596d25efed942d8a09b

Download Submit
\Windows\system\tYLSRgg.exe
Filesize
6.0MB

MD5
86890db0d6b8a3ed325e5ea39ff9ee86

SHA1
cb6a03a10486ba0497721c865a5cccb192d39953

SHA256
ab6a29db887a7f3b527638224cc2b6aeabccb0c2b1801bfd512612bd8b1dc071

SHA512
4c8f79a7d53c52b2173668c6341c35e8f98e9707c0d04e8ada701a63b8ce0f519d645394618ed1aa38bce2e884c2ec154b92ae39409781ee954224ef8cf9f887

Download Submit
\Windows\system\uAeAbsu.exe
Filesize
6.0MB

MD5
22d6e31217723189c8d9011ed7faeca8

SHA1
5715f1007378d17791b6c46a36b6925b75c183c7

SHA256
f9c6077507893665fa2dcb7dfec83405e204ecfd1cb2e0da453b66ac3c8d1cea

SHA512
730d1a9d84efd30babc414cb59edb1952ae4c61ad63b5a0e662985541618f1913a1f5773abdcd0af8ae73bef2d30ecf04ae81ca465aca92fb31783ec0c81c3dd

Download Submit
\Windows\system\vBSQdQw.exe
Filesize
6.0MB

MD5
b0867f8324149163876cd6aeaa9e0f24

SHA1
f52875adb4099b4c11eaf2049e6140dc7ed0e15b

SHA256
d658561a25842e63351c0e333119c030ad945f5f544a5f9d4ffaebe0393726a9

SHA512
496b39030ffb6b6628100b06f79dd7aad87e2f6e555917861c399c6f88819c7d8f11ab60d7a101738fb829a1b147b0686662eed9b2d3a2d24fb980f5a362762b

Download Submit
\Windows\system\wREQgJU.exe
Filesize
4.6MB

MD5
63d72d734c24bbbab850eea0229cb651

SHA1
c64c0f0cfe8c037e8eeff12c4f003e057a37bb9b

SHA256
648cb45c2bc6054eb3d1b8f9b48266e06a2d269d3c5371204b5e8824a4a7e62c

SHA512
1ab1b591ab899b922957334bcc60f348d3ff93b68c426bd8e7fba1695787594692d8935ad96514d18a4eccc0058b8ce830065d59b7b179be0de7a82cf4314938

Download Submit
\Windows\system\wWBEszJ.exe
Filesize
4.6MB

MD5
230baf16a1926fa2f25ac5952e248be1

SHA1
b4512c960cf908a4c5b1e004b40688083215daf9

SHA256
16c69bb5c8abff1197e15dace601839e00a9227fa3c0ac4ed098b8d572e1f74d

SHA512
9dbddf29568f1e146db6440b38058ea42dfe70f1a427db71c00159aa9bcfb14ea5950bae1bc28ea7c4da93f82d30c6335e4b8c5a654ca082398c4deae0453bdb

Download Submit
memory/1732-14-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-21-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2176-20-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-208-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2340-209-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2340-22-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-59-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-6-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2340-0-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2340-29-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2340-557-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-555-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2340-203-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2340-204-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2340-213-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2340-212-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2340-211-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2340-210-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2340-23-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2340-205-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2340-206-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2524-197-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2596-199-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-196-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2860-37-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-30-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads