cobaltstrike | 1f75429fe73b8c53cf018c247820041310b4164e636e7c40bfc2169d14ddfb5c

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
Size

6.0MB
MD5

02529d4ef2f405bf1b18b08db20959cb
SHA1

ca094ab8805d036e0994bd9fb96b29eb686532c2
SHA256

1f75429fe73b8c53cf018c247820041310b4164e636e7c40bfc2169d14ddfb5c
SHA512

abb765b56d71c65ad3b223902484450a17bf87365ff5420fa6021885fdfb16d4bbebb78b6216ba27a9cb98238fa156668eb05acb2cdfa417964d0842f10cf13f
SSDEEP

98304:DhwvFtXdfE0pZxb56utgpPFotBER/mQ32lUp:FCl56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\aCYBVeN.exe	cobalt_reflective_dll
\Windows\system\CYBHdPv.exe	cobalt_reflective_dll
C:\Windows\system\DCwizvM.exe	cobalt_reflective_dll
C:\Windows\system\DfbwzyL.exe	cobalt_reflective_dll
C:\Windows\system\EVSHVyS.exe	cobalt_reflective_dll
C:\Windows\system\DWDaszU.exe	cobalt_reflective_dll
C:\Windows\system\UJRgrbs.exe	cobalt_reflective_dll
C:\Windows\system\faWiVHK.exe	cobalt_reflective_dll
C:\Windows\system\uYdAQzM.exe	cobalt_reflective_dll
C:\Windows\system\XvuISTx.exe	cobalt_reflective_dll
\Windows\system\atKvgRh.exe	cobalt_reflective_dll
C:\Windows\system\xRUDuYk.exe	cobalt_reflective_dll
C:\Windows\system\zOGizjl.exe	cobalt_reflective_dll
C:\Windows\system\gBPplpE.exe	cobalt_reflective_dll
C:\Windows\system\uPtQlsR.exe	cobalt_reflective_dll
\Windows\system\LEJLSmY.exe	cobalt_reflective_dll
C:\Windows\system\gaVLiLM.exe	cobalt_reflective_dll
\Windows\system\dsCtEWt.exe	cobalt_reflective_dll
C:\Windows\system\nLBzLEI.exe	cobalt_reflective_dll
C:\Windows\system\BStmFwa.exe	cobalt_reflective_dll
C:\Windows\system\qlckUXb.exe	cobalt_reflective_dll
C:\Windows\system\XdUmQJn.exe	cobalt_reflective_dll
C:\Windows\system\rgdrlOc.exe	cobalt_reflective_dll
C:\Windows\system\iALpLxj.exe	cobalt_reflective_dll
C:\Windows\system\MEZMAul.exe	cobalt_reflective_dll
C:\Windows\system\aycXoZF.exe	cobalt_reflective_dll
C:\Windows\system\RwyNBuH.exe	cobalt_reflective_dll
C:\Windows\system\tvzFxQI.exe	cobalt_reflective_dll
C:\Windows\system\zTytTcX.exe	cobalt_reflective_dll
C:\Windows\system\vMYRuVX.exe	cobalt_reflective_dll
C:\Windows\system\kkndcwO.exe	cobalt_reflective_dll
C:\Windows\system\wUynFMH.exe	cobalt_reflective_dll
C:\Windows\system\mHdXZtF.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects Reflective DLL injection artifacts 33 IoCs

Processes:

resource	yara_rule
\Windows\system\aCYBVeN.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\CYBHdPv.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\DCwizvM.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\DfbwzyL.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\EVSHVyS.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\DWDaszU.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\UJRgrbs.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\faWiVHK.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\uYdAQzM.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\XvuISTx.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\atKvgRh.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\xRUDuYk.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\zOGizjl.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\gBPplpE.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\uPtQlsR.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\LEJLSmY.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\gaVLiLM.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\dsCtEWt.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\nLBzLEI.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\BStmFwa.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\qlckUXb.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\XdUmQJn.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\rgdrlOc.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\iALpLxj.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\MEZMAul.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\aycXoZF.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\RwyNBuH.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\tvzFxQI.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\zTytTcX.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\vMYRuVX.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\kkndcwO.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\wUynFMH.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\mHdXZtF.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader

UPX dump on OEP (original entry point) 64 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2920-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	UPX
\Windows\system\aCYBVeN.exe	UPX
behavioral1/memory/2304-8-0x000000013F460000-0x000000013F7B4000-memory.dmp	UPX
\Windows\system\CYBHdPv.exe	UPX
C:\Windows\system\DCwizvM.exe	UPX
behavioral1/memory/2148-19-0x000000013FEA0000-0x00000001401F4000-memory.dmp	UPX
C:\Windows\system\DfbwzyL.exe	UPX
C:\Windows\system\EVSHVyS.exe	UPX
C:\Windows\system\DWDaszU.exe	UPX
C:\Windows\system\UJRgrbs.exe	UPX
C:\Windows\system\faWiVHK.exe	UPX
C:\Windows\system\uYdAQzM.exe	UPX
C:\Windows\system\XvuISTx.exe	UPX
\Windows\system\atKvgRh.exe	UPX
C:\Windows\system\xRUDuYk.exe	UPX
C:\Windows\system\zOGizjl.exe	UPX
C:\Windows\system\gBPplpE.exe	UPX
C:\Windows\system\uPtQlsR.exe	UPX
behavioral1/memory/2632-476-0x000000013FB90000-0x000000013FEE4000-memory.dmp	UPX
behavioral1/memory/2472-521-0x000000013F8D0000-0x000000013FC24000-memory.dmp	UPX
behavioral1/memory/2628-488-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	UPX
behavioral1/memory/2568-496-0x000000013FD60000-0x00000001400B4000-memory.dmp	UPX
behavioral1/memory/2648-533-0x000000013F2E0000-0x000000013F634000-memory.dmp	UPX
behavioral1/memory/2968-531-0x000000013F180000-0x000000013F4D4000-memory.dmp	UPX
behavioral1/memory/2576-529-0x000000013FD60000-0x00000001400B4000-memory.dmp	UPX
behavioral1/memory/2740-467-0x000000013F620000-0x000000013F974000-memory.dmp	UPX
behavioral1/memory/2720-461-0x000000013F630000-0x000000013F984000-memory.dmp	UPX
behavioral1/memory/2560-455-0x000000013FAC0000-0x000000013FE14000-memory.dmp	UPX
behavioral1/memory/2716-448-0x000000013F570000-0x000000013F8C4000-memory.dmp	UPX
\Windows\system\LEJLSmY.exe	UPX
C:\Windows\system\gaVLiLM.exe	UPX
\Windows\system\dsCtEWt.exe	UPX
C:\Windows\system\nLBzLEI.exe	UPX
C:\Windows\system\BStmFwa.exe	UPX
C:\Windows\system\qlckUXb.exe	UPX
C:\Windows\system\XdUmQJn.exe	UPX
C:\Windows\system\rgdrlOc.exe	UPX
C:\Windows\system\iALpLxj.exe	UPX
C:\Windows\system\MEZMAul.exe	UPX
C:\Windows\system\aycXoZF.exe	UPX
C:\Windows\system\RwyNBuH.exe	UPX
C:\Windows\system\tvzFxQI.exe	UPX
C:\Windows\system\zTytTcX.exe	UPX
C:\Windows\system\vMYRuVX.exe	UPX
C:\Windows\system\kkndcwO.exe	UPX
C:\Windows\system\wUynFMH.exe	UPX
C:\Windows\system\mHdXZtF.exe	UPX
behavioral1/memory/2292-24-0x000000013F300000-0x000000013F654000-memory.dmp	UPX
behavioral1/memory/2920-1604-0x000000013FDF0000-0x0000000140144000-memory.dmp	UPX
behavioral1/memory/2304-2369-0x000000013F460000-0x000000013F7B4000-memory.dmp	UPX
behavioral1/memory/2148-2479-0x000000013FEA0000-0x00000001401F4000-memory.dmp	UPX
behavioral1/memory/2292-2480-0x000000013F300000-0x000000013F654000-memory.dmp	UPX
behavioral1/memory/2148-3983-0x000000013FEA0000-0x00000001401F4000-memory.dmp	UPX
behavioral1/memory/2648-3985-0x000000013F2E0000-0x000000013F634000-memory.dmp	UPX
behavioral1/memory/2292-3990-0x000000013F300000-0x000000013F654000-memory.dmp	UPX
behavioral1/memory/2560-3994-0x000000013FAC0000-0x000000013FE14000-memory.dmp	UPX
behavioral1/memory/2720-4031-0x000000013F630000-0x000000013F984000-memory.dmp	UPX
behavioral1/memory/2740-4043-0x000000013F620000-0x000000013F974000-memory.dmp	UPX
behavioral1/memory/2472-4042-0x000000013F8D0000-0x000000013FC24000-memory.dmp	UPX
behavioral1/memory/2632-4046-0x000000013FB90000-0x000000013FEE4000-memory.dmp	UPX
behavioral1/memory/2968-4044-0x000000013F180000-0x000000013F4D4000-memory.dmp	UPX
behavioral1/memory/2576-4048-0x000000013FD60000-0x00000001400B4000-memory.dmp	UPX
behavioral1/memory/2568-4047-0x000000013FD60000-0x00000001400B4000-memory.dmp	UPX
behavioral1/memory/2628-4041-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2920-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
\Windows\system\aCYBVeN.exe	xmrig
behavioral1/memory/2304-8-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
\Windows\system\CYBHdPv.exe	xmrig
C:\Windows\system\DCwizvM.exe	xmrig
behavioral1/memory/2148-19-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
C:\Windows\system\DfbwzyL.exe	xmrig
C:\Windows\system\EVSHVyS.exe	xmrig
C:\Windows\system\DWDaszU.exe	xmrig
C:\Windows\system\UJRgrbs.exe	xmrig
C:\Windows\system\faWiVHK.exe	xmrig
C:\Windows\system\uYdAQzM.exe	xmrig
C:\Windows\system\XvuISTx.exe	xmrig
\Windows\system\atKvgRh.exe	xmrig
C:\Windows\system\xRUDuYk.exe	xmrig
C:\Windows\system\zOGizjl.exe	xmrig
C:\Windows\system\gBPplpE.exe	xmrig
C:\Windows\system\uPtQlsR.exe	xmrig
behavioral1/memory/2920-432-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2632-476-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2472-521-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2628-488-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2568-496-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2648-533-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2968-531-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2576-529-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2740-467-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2720-461-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2560-455-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2716-448-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
\Windows\system\LEJLSmY.exe	xmrig
C:\Windows\system\gaVLiLM.exe	xmrig
\Windows\system\dsCtEWt.exe	xmrig
C:\Windows\system\nLBzLEI.exe	xmrig
C:\Windows\system\BStmFwa.exe	xmrig
C:\Windows\system\qlckUXb.exe	xmrig
C:\Windows\system\XdUmQJn.exe	xmrig
C:\Windows\system\rgdrlOc.exe	xmrig
C:\Windows\system\iALpLxj.exe	xmrig
C:\Windows\system\MEZMAul.exe	xmrig
C:\Windows\system\aycXoZF.exe	xmrig
C:\Windows\system\RwyNBuH.exe	xmrig
C:\Windows\system\tvzFxQI.exe	xmrig
C:\Windows\system\zTytTcX.exe	xmrig
C:\Windows\system\vMYRuVX.exe	xmrig
C:\Windows\system\kkndcwO.exe	xmrig
C:\Windows\system\wUynFMH.exe	xmrig
C:\Windows\system\mHdXZtF.exe	xmrig
behavioral1/memory/2292-24-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2920-1604-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2304-2369-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2148-2479-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2292-2480-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2148-3983-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2648-3985-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2292-3990-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2560-3994-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2720-4031-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2740-4043-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2472-4042-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2632-4046-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2968-4044-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2576-4048-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2568-4047-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

aCYBVeN.exeCYBHdPv.exeDCwizvM.exeDfbwzyL.exeEVSHVyS.exeDWDaszU.exeUJRgrbs.exemHdXZtF.exewUynFMH.exekkndcwO.exevMYRuVX.exefaWiVHK.exezTytTcX.exeuYdAQzM.exetvzFxQI.exeRwyNBuH.exeXvuISTx.exeaycXoZF.exeMEZMAul.exeiALpLxj.exergdrlOc.exeatKvgRh.exegBPplpE.exexRUDuYk.exeXdUmQJn.exezOGizjl.exeqlckUXb.exenLBzLEI.exeBStmFwa.exegaVLiLM.exeuPtQlsR.exedsCtEWt.exeLEJLSmY.exeyaxQMwm.exewrYCDRM.exeIfbHLAt.exefJraOgB.exeXYFYjpf.exeAFLVxIT.exeQsTUsDr.exeVSyEwxB.exeCKSbqoB.exeeQjzRxp.exebSyKCBL.exeeUIroBt.exeFASjgPu.exeDmVrvfD.exeJKTRXjL.exeezirZhC.exeRCuJfMh.exeREwxOXX.exeSTfHUyD.exeFsSXqAz.exejWziGWG.exemGUSfnR.exeecLYqkj.exeIKdJdFN.exeDPApkVH.exeLadpEnx.exeyopyfIv.exeetUJgWH.exePnlwpNx.exeQIfAOst.exelZXyjZG.exe

pid	process
2304	aCYBVeN.exe
2148	CYBHdPv.exe
2292	DCwizvM.exe
2648	DfbwzyL.exe
2716	EVSHVyS.exe
2560	DWDaszU.exe
2720	UJRgrbs.exe
2740	mHdXZtF.exe
2632	wUynFMH.exe
2628	kkndcwO.exe
2568	vMYRuVX.exe
2472	faWiVHK.exe
2576	zTytTcX.exe
2968	uYdAQzM.exe
1948	tvzFxQI.exe
2824	RwyNBuH.exe
2936	XvuISTx.exe
2552	aycXoZF.exe
1828	MEZMAul.exe
2240	iALpLxj.exe
1936	rgdrlOc.exe
1592	atKvgRh.exe
1156	gBPplpE.exe
2704	xRUDuYk.exe
2808	XdUmQJn.exe
1256	zOGizjl.exe
2800	qlckUXb.exe
768	nLBzLEI.exe
1760	BStmFwa.exe
2272	gaVLiLM.exe
992	uPtQlsR.exe
540	dsCtEWt.exe
1496	LEJLSmY.exe
1116	yaxQMwm.exe
820	wrYCDRM.exe
1792	IfbHLAt.exe
1688	fJraOgB.exe
412	XYFYjpf.exe
2424	AFLVxIT.exe
2288	QsTUsDr.exe
2276	VSyEwxB.exe
852	CKSbqoB.exe
1788	eQjzRxp.exe
948	bSyKCBL.exe
644	eUIroBt.exe
840	FASjgPu.exe
2432	DmVrvfD.exe
900	JKTRXjL.exe
572	ezirZhC.exe
2904	RCuJfMh.exe
2244	REwxOXX.exe
1232	STfHUyD.exe
612	FsSXqAz.exe
1764	jWziGWG.exe
1976	mGUSfnR.exe
2000	ecLYqkj.exe
1804	IKdJdFN.exe
1744	DPApkVH.exe
1580	LadpEnx.exe
1612	yopyfIv.exe
2536	etUJgWH.exe
2596	PnlwpNx.exe
2608	QIfAOst.exe
2708	lZXyjZG.exe

Loads dropped DLL 64 IoCs

Processes:

2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe

pid	process
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2920-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
\Windows\system\aCYBVeN.exe	upx
behavioral1/memory/2304-8-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
\Windows\system\CYBHdPv.exe	upx
C:\Windows\system\DCwizvM.exe	upx
behavioral1/memory/2148-19-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
C:\Windows\system\DfbwzyL.exe	upx
C:\Windows\system\EVSHVyS.exe	upx
C:\Windows\system\DWDaszU.exe	upx
C:\Windows\system\UJRgrbs.exe	upx
C:\Windows\system\faWiVHK.exe	upx
C:\Windows\system\uYdAQzM.exe	upx
C:\Windows\system\XvuISTx.exe	upx
\Windows\system\atKvgRh.exe	upx
C:\Windows\system\xRUDuYk.exe	upx
C:\Windows\system\zOGizjl.exe	upx
C:\Windows\system\gBPplpE.exe	upx
C:\Windows\system\uPtQlsR.exe	upx
behavioral1/memory/2632-476-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2472-521-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2628-488-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2568-496-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2648-533-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2968-531-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2576-529-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2740-467-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2720-461-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2560-455-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2716-448-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
\Windows\system\LEJLSmY.exe	upx
C:\Windows\system\gaVLiLM.exe	upx
\Windows\system\dsCtEWt.exe	upx
C:\Windows\system\nLBzLEI.exe	upx
C:\Windows\system\BStmFwa.exe	upx
C:\Windows\system\qlckUXb.exe	upx
C:\Windows\system\XdUmQJn.exe	upx
C:\Windows\system\rgdrlOc.exe	upx
C:\Windows\system\iALpLxj.exe	upx
C:\Windows\system\MEZMAul.exe	upx
C:\Windows\system\aycXoZF.exe	upx
C:\Windows\system\RwyNBuH.exe	upx
C:\Windows\system\tvzFxQI.exe	upx
C:\Windows\system\zTytTcX.exe	upx
C:\Windows\system\vMYRuVX.exe	upx
C:\Windows\system\kkndcwO.exe	upx
C:\Windows\system\wUynFMH.exe	upx
C:\Windows\system\mHdXZtF.exe	upx
behavioral1/memory/2292-24-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2920-1604-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2304-2369-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2148-2479-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2292-2480-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2148-3983-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2648-3985-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2292-3990-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2560-3994-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2720-4031-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2740-4043-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2472-4042-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2632-4046-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2968-4044-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2576-4048-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2568-4047-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2628-4041-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe

description	ioc	process
File created	C:\Windows\System\UYKjIZw.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\BgPUgAb.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\WspjdMW.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\dIzxTFf.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\FBFCeVm.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\mBhsSJS.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\xRUDuYk.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\gmKHKhr.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\UQgAUSN.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EjTEOcn.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\uqwQLXH.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\DeMDRsy.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\XQWJDnc.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\lIQbnqm.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\DymWhmO.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\MsJtcSL.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\VrgJwuK.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\fAClFlL.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EeSRZaX.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\skbLpWB.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\vWQjcRx.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\UBDBiws.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\qXUpsuQ.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\CmWDcnz.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\zwxGibR.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\urpYRxS.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\xKdtqNU.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ogTCMCA.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\cFRRBih.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\PJRztyi.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EXVJDnF.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\lZXyjZG.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\eUfXahT.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\LgHsRaN.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\bzntCZQ.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\uxROcpl.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\qOHhXyE.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\NNBYysa.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\JwiTGsh.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\IKdJdFN.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EcerPNe.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\NkUtVtN.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\PwwTBcH.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\FHhPUhf.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\YpWnnPK.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\gitEEFW.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\tbTOIlY.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\lpvPkKB.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\DkjvSFU.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\WntaKKq.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EGDtNHy.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\shNBnMi.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\kpZSQSt.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\fhymbmV.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\HZFEPZw.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\sIxvlqh.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\PjNUJER.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\fYwujaF.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\aQymqhz.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\aFUWiRl.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\vflSRBG.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ChhUXBu.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\vlXHBKQ.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\wxLetWC.exe	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe

description	pid	process	target process
PID 2920 wrote to memory of 2304	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	aCYBVeN.exe
PID 2920 wrote to memory of 2304	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	aCYBVeN.exe
PID 2920 wrote to memory of 2304	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	aCYBVeN.exe
PID 2920 wrote to memory of 2148	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	CYBHdPv.exe
PID 2920 wrote to memory of 2148	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	CYBHdPv.exe
PID 2920 wrote to memory of 2148	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	CYBHdPv.exe
PID 2920 wrote to memory of 2292	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	DCwizvM.exe
PID 2920 wrote to memory of 2292	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	DCwizvM.exe
PID 2920 wrote to memory of 2292	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	DCwizvM.exe
PID 2920 wrote to memory of 2648	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	DfbwzyL.exe
PID 2920 wrote to memory of 2648	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	DfbwzyL.exe
PID 2920 wrote to memory of 2648	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	DfbwzyL.exe
PID 2920 wrote to memory of 2716	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	EVSHVyS.exe
PID 2920 wrote to memory of 2716	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	EVSHVyS.exe
PID 2920 wrote to memory of 2716	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	EVSHVyS.exe
PID 2920 wrote to memory of 2560	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	DWDaszU.exe
PID 2920 wrote to memory of 2560	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	DWDaszU.exe
PID 2920 wrote to memory of 2560	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	DWDaszU.exe
PID 2920 wrote to memory of 2720	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	UJRgrbs.exe
PID 2920 wrote to memory of 2720	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	UJRgrbs.exe
PID 2920 wrote to memory of 2720	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	UJRgrbs.exe
PID 2920 wrote to memory of 2740	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	mHdXZtF.exe
PID 2920 wrote to memory of 2740	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	mHdXZtF.exe
PID 2920 wrote to memory of 2740	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	mHdXZtF.exe
PID 2920 wrote to memory of 2632	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	wUynFMH.exe
PID 2920 wrote to memory of 2632	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	wUynFMH.exe
PID 2920 wrote to memory of 2632	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	wUynFMH.exe
PID 2920 wrote to memory of 2628	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	kkndcwO.exe
PID 2920 wrote to memory of 2628	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	kkndcwO.exe
PID 2920 wrote to memory of 2628	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	kkndcwO.exe
PID 2920 wrote to memory of 2568	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	vMYRuVX.exe
PID 2920 wrote to memory of 2568	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	vMYRuVX.exe
PID 2920 wrote to memory of 2568	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	vMYRuVX.exe
PID 2920 wrote to memory of 2472	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	faWiVHK.exe
PID 2920 wrote to memory of 2472	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	faWiVHK.exe
PID 2920 wrote to memory of 2472	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	faWiVHK.exe
PID 2920 wrote to memory of 2576	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	zTytTcX.exe
PID 2920 wrote to memory of 2576	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	zTytTcX.exe
PID 2920 wrote to memory of 2576	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	zTytTcX.exe
PID 2920 wrote to memory of 2968	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	uYdAQzM.exe
PID 2920 wrote to memory of 2968	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	uYdAQzM.exe
PID 2920 wrote to memory of 2968	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	uYdAQzM.exe
PID 2920 wrote to memory of 1948	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	tvzFxQI.exe
PID 2920 wrote to memory of 1948	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	tvzFxQI.exe
PID 2920 wrote to memory of 1948	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	tvzFxQI.exe
PID 2920 wrote to memory of 2824	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	RwyNBuH.exe
PID 2920 wrote to memory of 2824	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	RwyNBuH.exe
PID 2920 wrote to memory of 2824	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	RwyNBuH.exe
PID 2920 wrote to memory of 2936	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	XvuISTx.exe
PID 2920 wrote to memory of 2936	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	XvuISTx.exe
PID 2920 wrote to memory of 2936	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	XvuISTx.exe
PID 2920 wrote to memory of 2552	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	aycXoZF.exe
PID 2920 wrote to memory of 2552	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	aycXoZF.exe
PID 2920 wrote to memory of 2552	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	aycXoZF.exe
PID 2920 wrote to memory of 1828	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	MEZMAul.exe
PID 2920 wrote to memory of 1828	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	MEZMAul.exe
PID 2920 wrote to memory of 1828	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	MEZMAul.exe
PID 2920 wrote to memory of 2240	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	iALpLxj.exe
PID 2920 wrote to memory of 2240	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	iALpLxj.exe
PID 2920 wrote to memory of 2240	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	iALpLxj.exe
PID 2920 wrote to memory of 1936	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	rgdrlOc.exe
PID 2920 wrote to memory of 1936	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	rgdrlOc.exe
PID 2920 wrote to memory of 1936	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	rgdrlOc.exe
PID 2920 wrote to memory of 1592	2920	2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe	atKvgRh.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-22_02529d4ef2f405bf1b18b08db20959cb_cobalt-strike_cobaltstrike.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2920

C:\Windows\System\aCYBVeN.exe
C:\Windows\System\aCYBVeN.exe
2⤵
- Executes dropped EXE
PID:2304

C:\Windows\System\CYBHdPv.exe
C:\Windows\System\CYBHdPv.exe
2⤵
- Executes dropped EXE
PID:2148

C:\Windows\System\DCwizvM.exe
C:\Windows\System\DCwizvM.exe
2⤵
- Executes dropped EXE
PID:2292

C:\Windows\System\DfbwzyL.exe
C:\Windows\System\DfbwzyL.exe
2⤵
- Executes dropped EXE
PID:2648

C:\Windows\System\EVSHVyS.exe
C:\Windows\System\EVSHVyS.exe
2⤵
- Executes dropped EXE
PID:2716

C:\Windows\System\DWDaszU.exe
C:\Windows\System\DWDaszU.exe
2⤵
- Executes dropped EXE
PID:2560

C:\Windows\System\UJRgrbs.exe
C:\Windows\System\UJRgrbs.exe
2⤵
- Executes dropped EXE
PID:2720

C:\Windows\System\mHdXZtF.exe
C:\Windows\System\mHdXZtF.exe
2⤵
- Executes dropped EXE
PID:2740

C:\Windows\System\wUynFMH.exe
C:\Windows\System\wUynFMH.exe
2⤵
- Executes dropped EXE
PID:2632

C:\Windows\System\kkndcwO.exe
C:\Windows\System\kkndcwO.exe
2⤵
- Executes dropped EXE
PID:2628

C:\Windows\System\vMYRuVX.exe
C:\Windows\System\vMYRuVX.exe
2⤵
- Executes dropped EXE
PID:2568

C:\Windows\System\faWiVHK.exe
C:\Windows\System\faWiVHK.exe
2⤵
- Executes dropped EXE
PID:2472

C:\Windows\System\zTytTcX.exe
C:\Windows\System\zTytTcX.exe
2⤵
- Executes dropped EXE
PID:2576

C:\Windows\System\uYdAQzM.exe
C:\Windows\System\uYdAQzM.exe
2⤵
- Executes dropped EXE
PID:2968

C:\Windows\System\tvzFxQI.exe
C:\Windows\System\tvzFxQI.exe
2⤵
- Executes dropped EXE
PID:1948

C:\Windows\System\RwyNBuH.exe
C:\Windows\System\RwyNBuH.exe
2⤵
- Executes dropped EXE
PID:2824

C:\Windows\System\XvuISTx.exe
C:\Windows\System\XvuISTx.exe
2⤵
- Executes dropped EXE
PID:2936

C:\Windows\System\aycXoZF.exe
C:\Windows\System\aycXoZF.exe
2⤵
- Executes dropped EXE
PID:2552

C:\Windows\System\MEZMAul.exe
C:\Windows\System\MEZMAul.exe
2⤵
- Executes dropped EXE
PID:1828

C:\Windows\System\iALpLxj.exe
C:\Windows\System\iALpLxj.exe
2⤵
- Executes dropped EXE
PID:2240

C:\Windows\System\rgdrlOc.exe
C:\Windows\System\rgdrlOc.exe
2⤵
- Executes dropped EXE
PID:1936

C:\Windows\System\atKvgRh.exe
C:\Windows\System\atKvgRh.exe
2⤵
- Executes dropped EXE
PID:1592

C:\Windows\System\gBPplpE.exe
C:\Windows\System\gBPplpE.exe
2⤵
- Executes dropped EXE
PID:1156

C:\Windows\System\xRUDuYk.exe
C:\Windows\System\xRUDuYk.exe
2⤵
- Executes dropped EXE
PID:2704

C:\Windows\System\XdUmQJn.exe
C:\Windows\System\XdUmQJn.exe
2⤵
- Executes dropped EXE
PID:2808

C:\Windows\System\zOGizjl.exe
C:\Windows\System\zOGizjl.exe
2⤵
- Executes dropped EXE
PID:1256

C:\Windows\System\nLBzLEI.exe
C:\Windows\System\nLBzLEI.exe
2⤵
- Executes dropped EXE
PID:768

C:\Windows\System\qlckUXb.exe
C:\Windows\System\qlckUXb.exe
2⤵
- Executes dropped EXE
PID:2800

C:\Windows\System\gaVLiLM.exe
C:\Windows\System\gaVLiLM.exe
2⤵
- Executes dropped EXE
PID:2272

C:\Windows\System\BStmFwa.exe
C:\Windows\System\BStmFwa.exe
2⤵
- Executes dropped EXE
PID:1760

C:\Windows\System\dsCtEWt.exe
C:\Windows\System\dsCtEWt.exe
2⤵
- Executes dropped EXE
PID:540

C:\Windows\System\uPtQlsR.exe
C:\Windows\System\uPtQlsR.exe
2⤵
- Executes dropped EXE
PID:992

C:\Windows\System\LEJLSmY.exe
C:\Windows\System\LEJLSmY.exe
2⤵
- Executes dropped EXE
PID:1496

C:\Windows\System\yaxQMwm.exe
C:\Windows\System\yaxQMwm.exe
2⤵
- Executes dropped EXE
PID:1116

C:\Windows\System\wrYCDRM.exe
C:\Windows\System\wrYCDRM.exe
2⤵
- Executes dropped EXE
PID:820

C:\Windows\System\IfbHLAt.exe
C:\Windows\System\IfbHLAt.exe
2⤵
- Executes dropped EXE
PID:1792

C:\Windows\System\fJraOgB.exe
C:\Windows\System\fJraOgB.exe
2⤵
- Executes dropped EXE
PID:1688

C:\Windows\System\XYFYjpf.exe
C:\Windows\System\XYFYjpf.exe
2⤵
- Executes dropped EXE
PID:412

C:\Windows\System\AFLVxIT.exe
C:\Windows\System\AFLVxIT.exe
2⤵
- Executes dropped EXE
PID:2424

C:\Windows\System\QsTUsDr.exe
C:\Windows\System\QsTUsDr.exe
2⤵
- Executes dropped EXE
PID:2288

C:\Windows\System\VSyEwxB.exe
C:\Windows\System\VSyEwxB.exe
2⤵
- Executes dropped EXE
PID:2276

C:\Windows\System\CKSbqoB.exe
C:\Windows\System\CKSbqoB.exe
2⤵
- Executes dropped EXE
PID:852

C:\Windows\System\eQjzRxp.exe
C:\Windows\System\eQjzRxp.exe
2⤵
- Executes dropped EXE
PID:1788

C:\Windows\System\bSyKCBL.exe
C:\Windows\System\bSyKCBL.exe
2⤵
- Executes dropped EXE
PID:948

C:\Windows\System\eUIroBt.exe
C:\Windows\System\eUIroBt.exe
2⤵
- Executes dropped EXE
PID:644

C:\Windows\System\FASjgPu.exe
C:\Windows\System\FASjgPu.exe
2⤵
- Executes dropped EXE
PID:840

C:\Windows\System\DmVrvfD.exe
C:\Windows\System\DmVrvfD.exe
2⤵
- Executes dropped EXE
PID:2432

C:\Windows\System\JKTRXjL.exe
C:\Windows\System\JKTRXjL.exe
2⤵
- Executes dropped EXE
PID:900

C:\Windows\System\ezirZhC.exe
C:\Windows\System\ezirZhC.exe
2⤵
- Executes dropped EXE
PID:572

C:\Windows\System\RCuJfMh.exe
C:\Windows\System\RCuJfMh.exe
2⤵
- Executes dropped EXE
PID:2904

C:\Windows\System\REwxOXX.exe
C:\Windows\System\REwxOXX.exe
2⤵
- Executes dropped EXE
PID:2244

C:\Windows\System\STfHUyD.exe
C:\Windows\System\STfHUyD.exe
2⤵
- Executes dropped EXE
PID:1232

C:\Windows\System\FsSXqAz.exe
C:\Windows\System\FsSXqAz.exe
2⤵
- Executes dropped EXE
PID:612

C:\Windows\System\jWziGWG.exe
C:\Windows\System\jWziGWG.exe
2⤵
- Executes dropped EXE
PID:1764

C:\Windows\System\mGUSfnR.exe
C:\Windows\System\mGUSfnR.exe
2⤵
- Executes dropped EXE
PID:1976

C:\Windows\System\ecLYqkj.exe
C:\Windows\System\ecLYqkj.exe
2⤵
- Executes dropped EXE
PID:2000

C:\Windows\System\IKdJdFN.exe
C:\Windows\System\IKdJdFN.exe
2⤵
- Executes dropped EXE
PID:1804

C:\Windows\System\DPApkVH.exe
C:\Windows\System\DPApkVH.exe
2⤵
- Executes dropped EXE
PID:1744

C:\Windows\System\LadpEnx.exe
C:\Windows\System\LadpEnx.exe
2⤵
- Executes dropped EXE
PID:1580

C:\Windows\System\yopyfIv.exe
C:\Windows\System\yopyfIv.exe
2⤵
- Executes dropped EXE
PID:1612

C:\Windows\System\etUJgWH.exe
C:\Windows\System\etUJgWH.exe
2⤵
- Executes dropped EXE
PID:2536

C:\Windows\System\PnlwpNx.exe
C:\Windows\System\PnlwpNx.exe
2⤵
- Executes dropped EXE
PID:2596

C:\Windows\System\QIfAOst.exe
C:\Windows\System\QIfAOst.exe
2⤵
- Executes dropped EXE
PID:2608

C:\Windows\System\lZXyjZG.exe
C:\Windows\System\lZXyjZG.exe
2⤵
- Executes dropped EXE
PID:2708

C:\Windows\System\RnMSiEL.exe
C:\Windows\System\RnMSiEL.exe
2⤵
PID:2676

C:\Windows\System\BxOvxrz.exe
C:\Windows\System\BxOvxrz.exe
2⤵
PID:2624

C:\Windows\System\ERFvOxD.exe
C:\Windows\System\ERFvOxD.exe
2⤵
PID:2516

C:\Windows\System\mEtmesq.exe
C:\Windows\System\mEtmesq.exe
2⤵
PID:2520

C:\Windows\System\FWlUorB.exe
C:\Windows\System\FWlUorB.exe
2⤵
PID:2428

C:\Windows\System\fzyCgAz.exe
C:\Windows\System\fzyCgAz.exe
2⤵
PID:2940

C:\Windows\System\cBMRall.exe
C:\Windows\System\cBMRall.exe
2⤵
PID:2180

C:\Windows\System\EcerPNe.exe
C:\Windows\System\EcerPNe.exe
2⤵
PID:2692

C:\Windows\System\gfVegAA.exe
C:\Windows\System\gfVegAA.exe
2⤵
PID:836

C:\Windows\System\lHiqjKT.exe
C:\Windows\System\lHiqjKT.exe
2⤵
PID:1700

C:\Windows\System\GmaxMqw.exe
C:\Windows\System\GmaxMqw.exe
2⤵
PID:2544

C:\Windows\System\PZqVuIX.exe
C:\Windows\System\PZqVuIX.exe
2⤵
PID:1444

C:\Windows\System\cidFIHi.exe
C:\Windows\System\cidFIHi.exe
2⤵
PID:2644

C:\Windows\System\yyGCFCk.exe
C:\Windows\System\yyGCFCk.exe
2⤵
PID:756

C:\Windows\System\jjTzfKw.exe
C:\Windows\System\jjTzfKw.exe
2⤵
PID:2236

C:\Windows\System\CmWDcnz.exe
C:\Windows\System\CmWDcnz.exe
2⤵
PID:788

C:\Windows\System\EaVZDft.exe
C:\Windows\System\EaVZDft.exe
2⤵
PID:1588

C:\Windows\System\tiBduAI.exe
C:\Windows\System\tiBduAI.exe
2⤵
PID:640

C:\Windows\System\wHhogAy.exe
C:\Windows\System\wHhogAy.exe
2⤵
PID:1832

C:\Windows\System\psifeXp.exe
C:\Windows\System\psifeXp.exe
2⤵
PID:308

C:\Windows\System\XSopKBR.exe
C:\Windows\System\XSopKBR.exe
2⤵
PID:2100

C:\Windows\System\sNIwhxp.exe
C:\Windows\System\sNIwhxp.exe
2⤵
PID:1784

C:\Windows\System\axCAqDr.exe
C:\Windows\System\axCAqDr.exe
2⤵
PID:620

C:\Windows\System\zYdljWl.exe
C:\Windows\System\zYdljWl.exe
2⤵
PID:1044

C:\Windows\System\ynnTsJe.exe
C:\Windows\System\ynnTsJe.exe
2⤵
PID:292

C:\Windows\System\phCDCRu.exe
C:\Windows\System\phCDCRu.exe
2⤵
PID:2040

C:\Windows\System\bQyBYpV.exe
C:\Windows\System\bQyBYpV.exe
2⤵
PID:708

C:\Windows\System\YMISPbF.exe
C:\Windows\System\YMISPbF.exe
2⤵
PID:2164

C:\Windows\System\anRFWFv.exe
C:\Windows\System\anRFWFv.exe
2⤵
PID:2760

C:\Windows\System\IzKWMiQ.exe
C:\Windows\System\IzKWMiQ.exe
2⤵
PID:1956

C:\Windows\System\ZOoksza.exe
C:\Windows\System\ZOoksza.exe
2⤵
PID:1608

C:\Windows\System\Sbxrevo.exe
C:\Windows\System\Sbxrevo.exe
2⤵
PID:2192

C:\Windows\System\UHxIBva.exe
C:\Windows\System\UHxIBva.exe
2⤵
PID:1296

C:\Windows\System\TGtufwO.exe
C:\Windows\System\TGtufwO.exe
2⤵
PID:2856

C:\Windows\System\AglwqfE.exe
C:\Windows\System\AglwqfE.exe
2⤵
PID:2864

C:\Windows\System\hxIOCNr.exe
C:\Windows\System\hxIOCNr.exe
2⤵
PID:2612

C:\Windows\System\tqjXHOD.exe
C:\Windows\System\tqjXHOD.exe
2⤵
PID:2076

C:\Windows\System\FLnIuVG.exe
C:\Windows\System\FLnIuVG.exe
2⤵
PID:1336

C:\Windows\System\ThuMVvV.exe
C:\Windows\System\ThuMVvV.exe
2⤵
PID:2168

C:\Windows\System\hknCKqh.exe
C:\Windows\System\hknCKqh.exe
2⤵
PID:2836

C:\Windows\System\xBXGDuz.exe
C:\Windows\System\xBXGDuz.exe
2⤵
PID:2504

C:\Windows\System\sayYSvk.exe
C:\Windows\System\sayYSvk.exe
2⤵
PID:892

C:\Windows\System\tbTOIlY.exe
C:\Windows\System\tbTOIlY.exe
2⤵
PID:1800

C:\Windows\System\mRHYpzN.exe
C:\Windows\System\mRHYpzN.exe
2⤵
PID:1648

C:\Windows\System\aGLMVMh.exe
C:\Windows\System\aGLMVMh.exe
2⤵
PID:2400

C:\Windows\System\RKYrquP.exe
C:\Windows\System\RKYrquP.exe
2⤵
PID:2108

C:\Windows\System\HEIaVho.exe
C:\Windows\System\HEIaVho.exe
2⤵
PID:2892

C:\Windows\System\rFJqwJS.exe
C:\Windows\System\rFJqwJS.exe
2⤵
PID:1244

C:\Windows\System\NkUtVtN.exe
C:\Windows\System\NkUtVtN.exe
2⤵
PID:2172

C:\Windows\System\rcToFPY.exe
C:\Windows\System\rcToFPY.exe
2⤵
PID:1360

C:\Windows\System\gxbnyBR.exe
C:\Windows\System\gxbnyBR.exe
2⤵
PID:1252

C:\Windows\System\XtwFdLI.exe
C:\Windows\System\XtwFdLI.exe
2⤵
PID:1664

C:\Windows\System\irmBacn.exe
C:\Windows\System\irmBacn.exe
2⤵
PID:1148

C:\Windows\System\IjTnFUR.exe
C:\Windows\System\IjTnFUR.exe
2⤵
PID:988

C:\Windows\System\lpvPkKB.exe
C:\Windows\System\lpvPkKB.exe
2⤵
PID:1520

C:\Windows\System\XWfPPeZ.exe
C:\Windows\System\XWfPPeZ.exe
2⤵
PID:2660

C:\Windows\System\PYpliVt.exe
C:\Windows\System\PYpliVt.exe
2⤵
PID:2996

C:\Windows\System\qqKQttP.exe
C:\Windows\System\qqKQttP.exe
2⤵
PID:2512

C:\Windows\System\ogTCMCA.exe
C:\Windows\System\ogTCMCA.exe
2⤵
PID:2256

C:\Windows\System\ReGWPhv.exe
C:\Windows\System\ReGWPhv.exe
2⤵
PID:1860

C:\Windows\System\jtYjIsi.exe
C:\Windows\System\jtYjIsi.exe
2⤵
PID:2556

C:\Windows\System\qoeftnR.exe
C:\Windows\System\qoeftnR.exe
2⤵
PID:584

C:\Windows\System\ygMcIYu.exe
C:\Windows\System\ygMcIYu.exe
2⤵
PID:1628

C:\Windows\System\elZDSGf.exe
C:\Windows\System\elZDSGf.exe
2⤵
PID:1396

C:\Windows\System\kwuSwzp.exe
C:\Windows\System\kwuSwzp.exe
2⤵
PID:1620

C:\Windows\System\CQtFonY.exe
C:\Windows\System\CQtFonY.exe
2⤵
PID:876

C:\Windows\System\fFgKhyn.exe
C:\Windows\System\fFgKhyn.exe
2⤵
PID:2468

C:\Windows\System\lsVdNnQ.exe
C:\Windows\System\lsVdNnQ.exe
2⤵
PID:1692

C:\Windows\System\cgnFwLJ.exe
C:\Windows\System\cgnFwLJ.exe
2⤵
PID:1400

C:\Windows\System\foCayLx.exe
C:\Windows\System\foCayLx.exe
2⤵
PID:1332

C:\Windows\System\rRxyqGc.exe
C:\Windows\System\rRxyqGc.exe
2⤵
PID:3088

C:\Windows\System\zntOtQx.exe
C:\Windows\System\zntOtQx.exe
2⤵
PID:3104

C:\Windows\System\QtCvcqk.exe
C:\Windows\System\QtCvcqk.exe
2⤵
PID:3124

C:\Windows\System\gMTPJkV.exe
C:\Windows\System\gMTPJkV.exe
2⤵
PID:3144

C:\Windows\System\HdDzekJ.exe
C:\Windows\System\HdDzekJ.exe
2⤵
PID:3160

C:\Windows\System\ydAhyna.exe
C:\Windows\System\ydAhyna.exe
2⤵
PID:3176

C:\Windows\System\gTIHROe.exe
C:\Windows\System\gTIHROe.exe
2⤵
PID:3192

C:\Windows\System\uIkNQqM.exe
C:\Windows\System\uIkNQqM.exe
2⤵
PID:3224

C:\Windows\System\dzoSsLo.exe
C:\Windows\System\dzoSsLo.exe
2⤵
PID:3244

C:\Windows\System\ZjVfPfM.exe
C:\Windows\System\ZjVfPfM.exe
2⤵
PID:3260

C:\Windows\System\FNhbpxf.exe
C:\Windows\System\FNhbpxf.exe
2⤵
PID:3276

C:\Windows\System\TrWtgWF.exe
C:\Windows\System\TrWtgWF.exe
2⤵
PID:3292

C:\Windows\System\ivnbtro.exe
C:\Windows\System\ivnbtro.exe
2⤵
PID:3312

C:\Windows\System\pcyFnqu.exe
C:\Windows\System\pcyFnqu.exe
2⤵
PID:3328

C:\Windows\System\BupiUrE.exe
C:\Windows\System\BupiUrE.exe
2⤵
PID:3344

C:\Windows\System\iUKxDzA.exe
C:\Windows\System\iUKxDzA.exe
2⤵
PID:3360

C:\Windows\System\RUyzsTQ.exe
C:\Windows\System\RUyzsTQ.exe
2⤵
PID:3384

C:\Windows\System\XJmeNQj.exe
C:\Windows\System\XJmeNQj.exe
2⤵
PID:3440

C:\Windows\System\NcbiKWr.exe
C:\Windows\System\NcbiKWr.exe
2⤵
PID:3516

C:\Windows\System\KFyWNKF.exe
C:\Windows\System\KFyWNKF.exe
2⤵
PID:3536

C:\Windows\System\yDpiOei.exe
C:\Windows\System\yDpiOei.exe
2⤵
PID:3564

C:\Windows\System\XKtQspO.exe
C:\Windows\System\XKtQspO.exe
2⤵
PID:3580

C:\Windows\System\yeBlSnu.exe
C:\Windows\System\yeBlSnu.exe
2⤵
PID:3596

C:\Windows\System\PorLJRl.exe
C:\Windows\System\PorLJRl.exe
2⤵
PID:3612

C:\Windows\System\FrAgNWj.exe
C:\Windows\System\FrAgNWj.exe
2⤵
PID:3636

C:\Windows\System\NszgTiP.exe
C:\Windows\System\NszgTiP.exe
2⤵
PID:3652

C:\Windows\System\BapNeZT.exe
C:\Windows\System\BapNeZT.exe
2⤵
PID:3680

C:\Windows\System\vHxibHo.exe
C:\Windows\System\vHxibHo.exe
2⤵
PID:3704

C:\Windows\System\mLgcREB.exe
C:\Windows\System\mLgcREB.exe
2⤵
PID:3720

C:\Windows\System\aXiRfvN.exe
C:\Windows\System\aXiRfvN.exe
2⤵
PID:3740

C:\Windows\System\RNDCBEZ.exe
C:\Windows\System\RNDCBEZ.exe
2⤵
PID:3764

C:\Windows\System\faWZHfM.exe
C:\Windows\System\faWZHfM.exe
2⤵
PID:3780

C:\Windows\System\bJjXOYS.exe
C:\Windows\System\bJjXOYS.exe
2⤵
PID:3796

C:\Windows\System\rZuWsVY.exe
C:\Windows\System\rZuWsVY.exe
2⤵
PID:3812

C:\Windows\System\ZbUIhoN.exe
C:\Windows\System\ZbUIhoN.exe
2⤵
PID:3836

C:\Windows\System\koBrvHd.exe
C:\Windows\System\koBrvHd.exe
2⤵
PID:3860

C:\Windows\System\DIikAnY.exe
C:\Windows\System\DIikAnY.exe
2⤵
PID:3876

C:\Windows\System\CwduizK.exe
C:\Windows\System\CwduizK.exe
2⤵
PID:3892

C:\Windows\System\IxpoXKh.exe
C:\Windows\System\IxpoXKh.exe
2⤵
PID:3908

C:\Windows\System\FYHwSjY.exe
C:\Windows\System\FYHwSjY.exe
2⤵
PID:3924

C:\Windows\System\LhgslAD.exe
C:\Windows\System\LhgslAD.exe
2⤵
PID:3948

C:\Windows\System\cWStZEy.exe
C:\Windows\System\cWStZEy.exe
2⤵
PID:3964

C:\Windows\System\xNSPTuP.exe
C:\Windows\System\xNSPTuP.exe
2⤵
PID:3980

C:\Windows\System\Mszdjht.exe
C:\Windows\System\Mszdjht.exe
2⤵
PID:3996

C:\Windows\System\dxRXHMX.exe
C:\Windows\System\dxRXHMX.exe
2⤵
PID:4012

C:\Windows\System\VWKfxhp.exe
C:\Windows\System\VWKfxhp.exe
2⤵
PID:4032

C:\Windows\System\pbSptUk.exe
C:\Windows\System\pbSptUk.exe
2⤵
PID:4064

C:\Windows\System\wnURPtM.exe
C:\Windows\System\wnURPtM.exe
2⤵
PID:4080

C:\Windows\System\XYrdoOI.exe
C:\Windows\System\XYrdoOI.exe
2⤵
PID:3048

C:\Windows\System\iyfyQsX.exe
C:\Windows\System\iyfyQsX.exe
2⤵
PID:2756

C:\Windows\System\KxiJZHE.exe
C:\Windows\System\KxiJZHE.exe
2⤵
PID:472

C:\Windows\System\UTLCJEo.exe
C:\Windows\System\UTLCJEo.exe
2⤵
PID:3080

C:\Windows\System\Iccfcps.exe
C:\Windows\System\Iccfcps.exe
2⤵
PID:3152

C:\Windows\System\bMDyGYG.exe
C:\Windows\System\bMDyGYG.exe
2⤵
PID:3272

C:\Windows\System\CvPRMFe.exe
C:\Windows\System\CvPRMFe.exe
2⤵
PID:3336

C:\Windows\System\tEMuDcw.exe
C:\Windows\System\tEMuDcw.exe
2⤵
PID:3132

C:\Windows\System\tkKsVVz.exe
C:\Windows\System\tkKsVVz.exe
2⤵
PID:1696

C:\Windows\System\mYdjNGl.exe
C:\Windows\System\mYdjNGl.exe
2⤵
PID:3172

C:\Windows\System\EYBQYNi.exe
C:\Windows\System\EYBQYNi.exe
2⤵
PID:3216

C:\Windows\System\lIQbnqm.exe
C:\Windows\System\lIQbnqm.exe
2⤵
PID:3284

C:\Windows\System\FjDQYjF.exe
C:\Windows\System\FjDQYjF.exe
2⤵
PID:3400

C:\Windows\System\QjtNZEB.exe
C:\Windows\System\QjtNZEB.exe
2⤵
PID:3456

C:\Windows\System\BApEvzr.exe
C:\Windows\System\BApEvzr.exe
2⤵
PID:3472

C:\Windows\System\LVIrvoW.exe
C:\Windows\System\LVIrvoW.exe
2⤵
PID:3488

C:\Windows\System\PlGApAH.exe
C:\Windows\System\PlGApAH.exe
2⤵
PID:2724

C:\Windows\System\ZngYbnM.exe
C:\Windows\System\ZngYbnM.exe
2⤵
PID:3024

C:\Windows\System\kzsfqpC.exe
C:\Windows\System\kzsfqpC.exe
2⤵
PID:1512

C:\Windows\System\JeMWopZ.exe
C:\Windows\System\JeMWopZ.exe
2⤵
PID:1220

C:\Windows\System\iXgokgY.exe
C:\Windows\System\iXgokgY.exe
2⤵
PID:2508

C:\Windows\System\ufTacbN.exe
C:\Windows\System\ufTacbN.exe
2⤵
PID:3508

C:\Windows\System\xhyJmVH.exe
C:\Windows\System\xhyJmVH.exe
2⤵
PID:3200

C:\Windows\System\KGrZtDS.exe
C:\Windows\System\KGrZtDS.exe
2⤵
PID:3524

C:\Windows\System\AGrdrEj.exe
C:\Windows\System\AGrdrEj.exe
2⤵
PID:2900

C:\Windows\System\GgHSiYP.exe
C:\Windows\System\GgHSiYP.exe
2⤵
PID:320

C:\Windows\System\bzntCZQ.exe
C:\Windows\System\bzntCZQ.exe
2⤵
PID:2500

C:\Windows\System\uNdsbkS.exe
C:\Windows\System\uNdsbkS.exe
2⤵
PID:3624

C:\Windows\System\uGtZJYf.exe
C:\Windows\System\uGtZJYf.exe
2⤵
PID:3572

C:\Windows\System\sIKMVkp.exe
C:\Windows\System\sIKMVkp.exe
2⤵
PID:2924

C:\Windows\System\qTeGhsg.exe
C:\Windows\System\qTeGhsg.exe
2⤵
PID:3604

C:\Windows\System\wSiEgeW.exe
C:\Windows\System\wSiEgeW.exe
2⤵
PID:3692

C:\Windows\System\vuzPcYd.exe
C:\Windows\System\vuzPcYd.exe
2⤵
PID:2584

C:\Windows\System\JwVOyJC.exe
C:\Windows\System\JwVOyJC.exe
2⤵
PID:3716

C:\Windows\System\EtoESYc.exe
C:\Windows\System\EtoESYc.exe
2⤵
PID:3760

C:\Windows\System\AuIrbQg.exe
C:\Windows\System\AuIrbQg.exe
2⤵
PID:1656

C:\Windows\System\OErxkDd.exe
C:\Windows\System\OErxkDd.exe
2⤵
PID:2780

C:\Windows\System\RssqLlS.exe
C:\Windows\System\RssqLlS.exe
2⤵
PID:3804

C:\Windows\System\gPczzcr.exe
C:\Windows\System\gPczzcr.exe
2⤵
PID:3904

C:\Windows\System\ekOUjKt.exe
C:\Windows\System\ekOUjKt.exe
2⤵
PID:3972

C:\Windows\System\uRVsQKi.exe
C:\Windows\System\uRVsQKi.exe
2⤵
PID:2652

C:\Windows\System\KANbIEI.exe
C:\Windows\System\KANbIEI.exe
2⤵
PID:4020

C:\Windows\System\DkjvSFU.exe
C:\Windows\System\DkjvSFU.exe
2⤵
PID:3916

C:\Windows\System\aOXQuqS.exe
C:\Windows\System\aOXQuqS.exe
2⤵
PID:4028

C:\Windows\System\DQWgdxX.exe
C:\Windows\System\DQWgdxX.exe
2⤵
PID:4052

C:\Windows\System\ThJhOeB.exe
C:\Windows\System\ThJhOeB.exe
2⤵
PID:4092

C:\Windows\System\nSxtLGp.exe
C:\Windows\System\nSxtLGp.exe
2⤵
PID:2196

C:\Windows\System\JwOOOyZ.exe
C:\Windows\System\JwOOOyZ.exe
2⤵
PID:3120

C:\Windows\System\rUBXSzX.exe
C:\Windows\System\rUBXSzX.exe
2⤵
PID:4076

C:\Windows\System\sYMBGsM.exe
C:\Windows\System\sYMBGsM.exe
2⤵
PID:1208

C:\Windows\System\FRLTIUR.exe
C:\Windows\System\FRLTIUR.exe
2⤵
PID:3320

C:\Windows\System\mvYWEiL.exe
C:\Windows\System\mvYWEiL.exe
2⤵
PID:3184

C:\Windows\System\UqosYyt.exe
C:\Windows\System\UqosYyt.exe
2⤵
PID:3188

C:\Windows\System\KfVJssO.exe
C:\Windows\System\KfVJssO.exe
2⤵
PID:3500

C:\Windows\System\penSkNj.exe
C:\Windows\System\penSkNj.exe
2⤵
PID:1192

C:\Windows\System\xZyOwON.exe
C:\Windows\System\xZyOwON.exe
2⤵
PID:3452

C:\Windows\System\keBcjMS.exe
C:\Windows\System\keBcjMS.exe
2⤵
PID:3112

C:\Windows\System\edZTeWn.exe
C:\Windows\System\edZTeWn.exe
2⤵
PID:3256

C:\Windows\System\oVCuDQM.exe
C:\Windows\System\oVCuDQM.exe
2⤵
PID:2340

C:\Windows\System\viqGGLf.exe
C:\Windows\System\viqGGLf.exe
2⤵
PID:1752

C:\Windows\System\wyvpfFm.exe
C:\Windows\System\wyvpfFm.exe
2⤵
PID:2736

C:\Windows\System\moanDlQ.exe
C:\Windows\System\moanDlQ.exe
2⤵
PID:1876

C:\Windows\System\nlgQNwH.exe
C:\Windows\System\nlgQNwH.exe
2⤵
PID:3204

C:\Windows\System\oojUDPS.exe
C:\Windows\System\oojUDPS.exe
2⤵
PID:3556

C:\Windows\System\GCAHdQC.exe
C:\Windows\System\GCAHdQC.exe
2⤵
PID:3628

C:\Windows\System\sMSyWtC.exe
C:\Windows\System\sMSyWtC.exe
2⤵
PID:3576

C:\Windows\System\JyPHSme.exe
C:\Windows\System\JyPHSme.exe
2⤵
PID:1768

C:\Windows\System\zqQnWQm.exe
C:\Windows\System\zqQnWQm.exe
2⤵
PID:2840

C:\Windows\System\xKHRMrx.exe
C:\Windows\System\xKHRMrx.exe
2⤵
PID:3736

C:\Windows\System\yaeEask.exe
C:\Windows\System\yaeEask.exe
2⤵
PID:3700

C:\Windows\System\vSOhxLo.exe
C:\Windows\System\vSOhxLo.exe
2⤵
PID:3844

C:\Windows\System\QgceviC.exe
C:\Windows\System\QgceviC.exe
2⤵
PID:3936

C:\Windows\System\DrJsLUS.exe
C:\Windows\System\DrJsLUS.exe
2⤵
PID:3956

C:\Windows\System\wMpCcuI.exe
C:\Windows\System\wMpCcuI.exe
2⤵
PID:3304

C:\Windows\System\jsmOPAJ.exe
C:\Windows\System\jsmOPAJ.exe
2⤵
PID:3988

C:\Windows\System\imODDtd.exe
C:\Windows\System\imODDtd.exe
2⤵
PID:4088

C:\Windows\System\hyZAPkE.exe
C:\Windows\System\hyZAPkE.exe
2⤵
PID:3992

C:\Windows\System\oTvmfOx.exe
C:\Windows\System\oTvmfOx.exe
2⤵
PID:3212

C:\Windows\System\IdZRred.exe
C:\Windows\System\IdZRred.exe
2⤵
PID:2496

C:\Windows\System\YhWNpKD.exe
C:\Windows\System\YhWNpKD.exe
2⤵
PID:3308

C:\Windows\System\zwxGibR.exe
C:\Windows\System\zwxGibR.exe
2⤵
PID:3392

C:\Windows\System\VtupGVF.exe
C:\Windows\System\VtupGVF.exe
2⤵
PID:3236

C:\Windows\System\dhXpvKY.exe
C:\Windows\System\dhXpvKY.exe
2⤵
PID:3496

C:\Windows\System\MeEHLGB.exe
C:\Windows\System\MeEHLGB.exe
2⤵
PID:3396

C:\Windows\System\XOAnadT.exe
C:\Windows\System\XOAnadT.exe
2⤵
PID:2728

C:\Windows\System\lqzvwxu.exe
C:\Windows\System\lqzvwxu.exe
2⤵
PID:828

C:\Windows\System\lFPUUrG.exe
C:\Windows\System\lFPUUrG.exe
2⤵
PID:3096

C:\Windows\System\yPMRUPE.exe
C:\Windows\System\yPMRUPE.exe
2⤵
PID:2816

C:\Windows\System\yNKhcQF.exe
C:\Windows\System\yNKhcQF.exe
2⤵
PID:3644

C:\Windows\System\WspjdMW.exe
C:\Windows\System\WspjdMW.exe
2⤵
PID:3820

C:\Windows\System\cFRRBih.exe
C:\Windows\System\cFRRBih.exe
2⤵
PID:2160

C:\Windows\System\sikOtmY.exe
C:\Windows\System\sikOtmY.exe
2⤵
PID:3824

C:\Windows\System\EeSRZaX.exe
C:\Windows\System\EeSRZaX.exe
2⤵
PID:3772

C:\Windows\System\jjYwaLc.exe
C:\Windows\System\jjYwaLc.exe
2⤵
PID:4004

C:\Windows\System\smbETWV.exe
C:\Windows\System\smbETWV.exe
2⤵
PID:3872

C:\Windows\System\TUHGvXb.exe
C:\Windows\System\TUHGvXb.exe
2⤵
PID:2452

C:\Windows\System\yIREzrV.exe
C:\Windows\System\yIREzrV.exe
2⤵
PID:3116

C:\Windows\System\KsLEbXh.exe
C:\Windows\System\KsLEbXh.exe
2⤵
PID:4024

C:\Windows\System\XCnYEtk.exe
C:\Windows\System\XCnYEtk.exe
2⤵
PID:1152

C:\Windows\System\JRSTqEh.exe
C:\Windows\System\JRSTqEh.exe
2⤵
PID:3468

C:\Windows\System\tmxrOPF.exe
C:\Windows\System\tmxrOPF.exe
2⤵
PID:3484

C:\Windows\System\wxLetWC.exe
C:\Windows\System\wxLetWC.exe
2⤵
PID:3168

C:\Windows\System\wplFbxN.exe
C:\Windows\System\wplFbxN.exe
2⤵
PID:3044

C:\Windows\System\VQeLMZF.exe
C:\Windows\System\VQeLMZF.exe
2⤵
PID:2460

C:\Windows\System\SKjtywx.exe
C:\Windows\System\SKjtywx.exe
2⤵
PID:4008

C:\Windows\System\FoLZJGS.exe
C:\Windows\System\FoLZJGS.exe
2⤵
PID:1404

C:\Windows\System\Qqahrfr.exe
C:\Windows\System\Qqahrfr.exe
2⤵
PID:488

C:\Windows\System\unYWGNO.exe
C:\Windows\System\unYWGNO.exe
2⤵
PID:3512

C:\Windows\System\KCMxEFG.exe
C:\Windows\System\KCMxEFG.exe
2⤵
PID:1308

C:\Windows\System\xCSygEF.exe
C:\Windows\System\xCSygEF.exe
2⤵
PID:1720

C:\Windows\System\XUPOkLv.exe
C:\Windows\System\XUPOkLv.exe
2⤵
PID:3076

C:\Windows\System\APXoUgN.exe
C:\Windows\System\APXoUgN.exe
2⤵
PID:3368

C:\Windows\System\KzhwQnS.exe
C:\Windows\System\KzhwQnS.exe
2⤵
PID:3592

C:\Windows\System\PJRztyi.exe
C:\Windows\System\PJRztyi.exe
2⤵
PID:2004

C:\Windows\System\GzyLOmg.exe
C:\Windows\System\GzyLOmg.exe
2⤵
PID:4060

C:\Windows\System\vflSRBG.exe
C:\Windows\System\vflSRBG.exe
2⤵
PID:2448

C:\Windows\System\aOKfowz.exe
C:\Windows\System\aOKfowz.exe
2⤵
PID:336

C:\Windows\System\NhiJBSt.exe
C:\Windows\System\NhiJBSt.exe
2⤵
PID:3040

C:\Windows\System\wdTruOu.exe
C:\Windows\System\wdTruOu.exe
2⤵
PID:2712

C:\Windows\System\ZywghGo.exe
C:\Windows\System\ZywghGo.exe
2⤵
PID:2604

C:\Windows\System\QLvUHvP.exe
C:\Windows\System\QLvUHvP.exe
2⤵
PID:2540

C:\Windows\System\GlIkvUh.exe
C:\Windows\System\GlIkvUh.exe
2⤵
PID:3828

C:\Windows\System\YtntxYY.exe
C:\Windows\System\YtntxYY.exe
2⤵
PID:1972

C:\Windows\System\bRENFty.exe
C:\Windows\System\bRENFty.exe
2⤵
PID:3960

C:\Windows\System\BVXfTKH.exe
C:\Windows\System\BVXfTKH.exe
2⤵
PID:1492

C:\Windows\System\YpWnnPK.exe
C:\Windows\System\YpWnnPK.exe
2⤵
PID:3464

C:\Windows\System\WZiChrq.exe
C:\Windows\System\WZiChrq.exe
2⤵
PID:2680

C:\Windows\System\RoGHleT.exe
C:\Windows\System\RoGHleT.exe
2⤵
PID:2212

C:\Windows\System\ZkDqhwk.exe
C:\Windows\System\ZkDqhwk.exe
2⤵
PID:4100

C:\Windows\System\nvwOHKv.exe
C:\Windows\System\nvwOHKv.exe
2⤵
PID:4116

C:\Windows\System\piCohTU.exe
C:\Windows\System\piCohTU.exe
2⤵
PID:4132

C:\Windows\System\hefbzqt.exe
C:\Windows\System\hefbzqt.exe
2⤵
PID:4160

C:\Windows\System\hdinIFs.exe
C:\Windows\System\hdinIFs.exe
2⤵
PID:4196

C:\Windows\System\UjexEXB.exe
C:\Windows\System\UjexEXB.exe
2⤵
PID:4212

C:\Windows\System\yLrTqnG.exe
C:\Windows\System\yLrTqnG.exe
2⤵
PID:4228

C:\Windows\System\TsYSRJH.exe
C:\Windows\System\TsYSRJH.exe
2⤵
PID:4252

C:\Windows\System\uxROcpl.exe
C:\Windows\System\uxROcpl.exe
2⤵
PID:4276

C:\Windows\System\wJzYLex.exe
C:\Windows\System\wJzYLex.exe
2⤵
PID:4292

C:\Windows\System\TgnMrwQ.exe
C:\Windows\System\TgnMrwQ.exe
2⤵
PID:4308

C:\Windows\System\NaztHbF.exe
C:\Windows\System\NaztHbF.exe
2⤵
PID:4328

C:\Windows\System\mjSDfUE.exe
C:\Windows\System\mjSDfUE.exe
2⤵
PID:4352

C:\Windows\System\vmaXIao.exe
C:\Windows\System\vmaXIao.exe
2⤵
PID:4368

C:\Windows\System\VwAaDpV.exe
C:\Windows\System\VwAaDpV.exe
2⤵
PID:4392

C:\Windows\System\MpSTWSX.exe
C:\Windows\System\MpSTWSX.exe
2⤵
PID:4412

C:\Windows\System\SXthtky.exe
C:\Windows\System\SXthtky.exe
2⤵
PID:4428

C:\Windows\System\XlCAoXX.exe
C:\Windows\System\XlCAoXX.exe
2⤵
PID:4444

C:\Windows\System\NLrGmMJ.exe
C:\Windows\System\NLrGmMJ.exe
2⤵
PID:4472

C:\Windows\System\ZTHXWDL.exe
C:\Windows\System\ZTHXWDL.exe
2⤵
PID:4492

C:\Windows\System\zWeOUgw.exe
C:\Windows\System\zWeOUgw.exe
2⤵
PID:4508

C:\Windows\System\VAgpWMb.exe
C:\Windows\System\VAgpWMb.exe
2⤵
PID:4528

C:\Windows\System\SqDuxoN.exe
C:\Windows\System\SqDuxoN.exe
2⤵
PID:4544

C:\Windows\System\ifRBeLl.exe
C:\Windows\System\ifRBeLl.exe
2⤵
PID:4568

C:\Windows\System\tcPRLRr.exe
C:\Windows\System\tcPRLRr.exe
2⤵
PID:4584

C:\Windows\System\DJNrEbv.exe
C:\Windows\System\DJNrEbv.exe
2⤵
PID:4604

C:\Windows\System\mLVMXhV.exe
C:\Windows\System\mLVMXhV.exe
2⤵
PID:4620

C:\Windows\System\MYOeIXM.exe
C:\Windows\System\MYOeIXM.exe
2⤵
PID:4644

C:\Windows\System\QbOfCDk.exe
C:\Windows\System\QbOfCDk.exe
2⤵
PID:4672

C:\Windows\System\DOMkdfO.exe
C:\Windows\System\DOMkdfO.exe
2⤵
PID:4688

C:\Windows\System\NKStRmj.exe
C:\Windows\System\NKStRmj.exe
2⤵
PID:4708

C:\Windows\System\BWBWENM.exe
C:\Windows\System\BWBWENM.exe
2⤵
PID:4728

C:\Windows\System\FeklfMQ.exe
C:\Windows\System\FeklfMQ.exe
2⤵
PID:4744

C:\Windows\System\IClcJDj.exe
C:\Windows\System\IClcJDj.exe
2⤵
PID:4760

C:\Windows\System\GWaMMSy.exe
C:\Windows\System\GWaMMSy.exe
2⤵
PID:4776

C:\Windows\System\gCXqpNT.exe
C:\Windows\System\gCXqpNT.exe
2⤵
PID:4812

C:\Windows\System\mKBEJfa.exe
C:\Windows\System\mKBEJfa.exe
2⤵
PID:4832

C:\Windows\System\LaACYRs.exe
C:\Windows\System\LaACYRs.exe
2⤵
PID:4848

C:\Windows\System\KtilMOX.exe
C:\Windows\System\KtilMOX.exe
2⤵
PID:4872

C:\Windows\System\dIzxTFf.exe
C:\Windows\System\dIzxTFf.exe
2⤵
PID:4888

C:\Windows\System\vSWfpvn.exe
C:\Windows\System\vSWfpvn.exe
2⤵
PID:4908

C:\Windows\System\WLvqbbh.exe
C:\Windows\System\WLvqbbh.exe
2⤵
PID:4928

C:\Windows\System\yHBITSt.exe
C:\Windows\System\yHBITSt.exe
2⤵
PID:4944

C:\Windows\System\oxNSdLX.exe
C:\Windows\System\oxNSdLX.exe
2⤵
PID:4960

C:\Windows\System\bqByXlD.exe
C:\Windows\System\bqByXlD.exe
2⤵
PID:4992

C:\Windows\System\iyPTbnT.exe
C:\Windows\System\iyPTbnT.exe
2⤵
PID:5012

C:\Windows\System\BAoBaEN.exe
C:\Windows\System\BAoBaEN.exe
2⤵
PID:5028

C:\Windows\System\KkmbvGs.exe
C:\Windows\System\KkmbvGs.exe
2⤵
PID:5044

C:\Windows\System\iKJylZV.exe
C:\Windows\System\iKJylZV.exe
2⤵
PID:5060

C:\Windows\System\MPKrDTQ.exe
C:\Windows\System\MPKrDTQ.exe
2⤵
PID:5076

C:\Windows\System\eUfXahT.exe
C:\Windows\System\eUfXahT.exe
2⤵
PID:5096

C:\Windows\System\FhyOuPj.exe
C:\Windows\System\FhyOuPj.exe
2⤵
PID:1660

C:\Windows\System\OzucRui.exe
C:\Windows\System\OzucRui.exe
2⤵
PID:4176

C:\Windows\System\lHPJMjU.exe
C:\Windows\System\lHPJMjU.exe
2⤵
PID:1624

C:\Windows\System\wBbvjMX.exe
C:\Windows\System\wBbvjMX.exe
2⤵
PID:4156

C:\Windows\System\JOSrosa.exe
C:\Windows\System\JOSrosa.exe
2⤵
PID:4112

C:\Windows\System\pUGVtDo.exe
C:\Windows\System\pUGVtDo.exe
2⤵
PID:4192

C:\Windows\System\JniYgpQ.exe
C:\Windows\System\JniYgpQ.exe
2⤵
PID:4224

C:\Windows\System\zIhhVKL.exe
C:\Windows\System\zIhhVKL.exe
2⤵
PID:4264

C:\Windows\System\yuhCPai.exe
C:\Windows\System\yuhCPai.exe
2⤵
PID:4284

C:\Windows\System\VBPXwPh.exe
C:\Windows\System\VBPXwPh.exe
2⤵
PID:4348

C:\Windows\System\FFEHNGk.exe
C:\Windows\System\FFEHNGk.exe
2⤵
PID:4324

C:\Windows\System\wmWyJxe.exe
C:\Windows\System\wmWyJxe.exe
2⤵
PID:4384

C:\Windows\System\xsznxbf.exe
C:\Windows\System\xsznxbf.exe
2⤵
PID:4424

C:\Windows\System\QuvGLlA.exe
C:\Windows\System\QuvGLlA.exe
2⤵
PID:4468

C:\Windows\System\RzJsdrB.exe
C:\Windows\System\RzJsdrB.exe
2⤵
PID:4540

C:\Windows\System\QXuPaWQ.exe
C:\Windows\System\QXuPaWQ.exe
2⤵
PID:4552

C:\Windows\System\ZDxFcdy.exe
C:\Windows\System\ZDxFcdy.exe
2⤵
PID:4516

C:\Windows\System\XOhvQHw.exe
C:\Windows\System\XOhvQHw.exe
2⤵
PID:4612

C:\Windows\System\LgHsRaN.exe
C:\Windows\System\LgHsRaN.exe
2⤵
PID:4632

C:\Windows\System\HiDtuEp.exe
C:\Windows\System\HiDtuEp.exe
2⤵
PID:4696

C:\Windows\System\abZshCf.exe
C:\Windows\System\abZshCf.exe
2⤵
PID:4736

C:\Windows\System\ZczkjjS.exe
C:\Windows\System\ZczkjjS.exe
2⤵
PID:4720

C:\Windows\System\ChhUXBu.exe
C:\Windows\System\ChhUXBu.exe
2⤵
PID:4796

C:\Windows\System\KAdMGqW.exe
C:\Windows\System\KAdMGqW.exe
2⤵
PID:4784

C:\Windows\System\DjDfmRn.exe
C:\Windows\System\DjDfmRn.exe
2⤵
PID:4820

C:\Windows\System\GmbpqMJ.exe
C:\Windows\System\GmbpqMJ.exe
2⤵
PID:4860

C:\Windows\System\rAOwGIT.exe
C:\Windows\System\rAOwGIT.exe
2⤵
PID:4840

C:\Windows\System\EBvATjq.exe
C:\Windows\System\EBvATjq.exe
2⤵
PID:4936

C:\Windows\System\RRzWwwx.exe
C:\Windows\System\RRzWwwx.exe
2⤵
PID:4916

C:\Windows\System\OdGxnTT.exe
C:\Windows\System\OdGxnTT.exe
2⤵
PID:4972

C:\Windows\System\XiCNDgW.exe
C:\Windows\System\XiCNDgW.exe
2⤵
PID:5020

C:\Windows\System\VYBpOEe.exe
C:\Windows\System\VYBpOEe.exe
2⤵
PID:4168

C:\Windows\System\NSCiZnO.exe
C:\Windows\System\NSCiZnO.exe
2⤵
PID:5104

C:\Windows\System\oUAOuQi.exe
C:\Windows\System\oUAOuQi.exe
2⤵
PID:4148

C:\Windows\System\hOTkKij.exe
C:\Windows\System\hOTkKij.exe
2⤵
PID:4188

C:\Windows\System\KBObjRu.exe
C:\Windows\System\KBObjRu.exe
2⤵
PID:4180

C:\Windows\System\OLYviKs.exe
C:\Windows\System\OLYviKs.exe
2⤵
PID:2884

C:\Windows\System\IqViQQL.exe
C:\Windows\System\IqViQQL.exe
2⤵
PID:4376

C:\Windows\System\TXdGIud.exe
C:\Windows\System\TXdGIud.exe
2⤵
PID:4452

C:\Windows\System\kANZSaD.exe
C:\Windows\System\kANZSaD.exe
2⤵
PID:4300

C:\Windows\System\KvGxPgN.exe
C:\Windows\System\KvGxPgN.exe
2⤵
PID:4420

C:\Windows\System\rqZlaUy.exe
C:\Windows\System\rqZlaUy.exe
2⤵
PID:4560

C:\Windows\System\jccUmpT.exe
C:\Windows\System\jccUmpT.exe
2⤵
PID:4656

C:\Windows\System\gIYBfnC.exe
C:\Windows\System\gIYBfnC.exe
2⤵
PID:4640

C:\Windows\System\MUkqTdL.exe
C:\Windows\System\MUkqTdL.exe
2⤵
PID:4684

C:\Windows\System\ocoDeqa.exe
C:\Windows\System\ocoDeqa.exe
2⤵
PID:4868

C:\Windows\System\hWSYXMR.exe
C:\Windows\System\hWSYXMR.exe
2⤵
PID:4856

C:\Windows\System\qOHhXyE.exe
C:\Windows\System\qOHhXyE.exe
2⤵
PID:4752

C:\Windows\System\lJDwINO.exe
C:\Windows\System\lJDwINO.exe
2⤵
PID:4968

C:\Windows\System\JsdsbCs.exe
C:\Windows\System\JsdsbCs.exe
2⤵
PID:5084

C:\Windows\System\WntaKKq.exe
C:\Windows\System\WntaKKq.exe
2⤵
PID:5004

C:\Windows\System\WDmvBmr.exe
C:\Windows\System\WDmvBmr.exe
2⤵
PID:5068

C:\Windows\System\InBNJHZ.exe
C:\Windows\System\InBNJHZ.exe
2⤵
PID:4144

C:\Windows\System\sGGJrYB.exe
C:\Windows\System\sGGJrYB.exe
2⤵
PID:4408

C:\Windows\System\hLiRoAt.exe
C:\Windows\System\hLiRoAt.exe
2⤵
PID:4204

C:\Windows\System\ktmvtrb.exe
C:\Windows\System\ktmvtrb.exe
2⤵
PID:4436

C:\Windows\System\lhpgVBB.exe
C:\Windows\System\lhpgVBB.exe
2⤵
PID:4484

C:\Windows\System\CnJJTVE.exe
C:\Windows\System\CnJJTVE.exe
2⤵
PID:4576

C:\Windows\System\wXaNdrh.exe
C:\Windows\System\wXaNdrh.exe
2⤵
PID:4628

C:\Windows\System\qeIHgIg.exe
C:\Windows\System\qeIHgIg.exe
2⤵
PID:4808

C:\Windows\System\BiJedre.exe
C:\Windows\System\BiJedre.exe
2⤵
PID:4652

C:\Windows\System\CdbUHRD.exe
C:\Windows\System\CdbUHRD.exe
2⤵
PID:4924

C:\Windows\System\rXtCOtg.exe
C:\Windows\System\rXtCOtg.exe
2⤵
PID:4772

C:\Windows\System\DBRQPCp.exe
C:\Windows\System\DBRQPCp.exe
2⤵
PID:5000

C:\Windows\System\BdOIHBw.exe
C:\Windows\System\BdOIHBw.exe
2⤵
PID:4336

C:\Windows\System\JWNUNPz.exe
C:\Windows\System\JWNUNPz.exe
2⤵
PID:4520

C:\Windows\System\ZsCipZd.exe
C:\Windows\System\ZsCipZd.exe
2⤵
PID:4792

C:\Windows\System\vfZJhhA.exe
C:\Windows\System\vfZJhhA.exe
2⤵
PID:4320

C:\Windows\System\GGFrYvE.exe
C:\Windows\System\GGFrYvE.exe
2⤵
PID:5056

C:\Windows\System\iMryJMc.exe
C:\Windows\System\iMryJMc.exe
2⤵
PID:4880

C:\Windows\System\uGcqWGx.exe
C:\Windows\System\uGcqWGx.exe
2⤵
PID:4380

C:\Windows\System\nndCwFW.exe
C:\Windows\System\nndCwFW.exe
2⤵
PID:4240

C:\Windows\System\joSveaf.exe
C:\Windows\System\joSveaf.exe
2⤵
PID:4828

C:\Windows\System\WDdZAof.exe
C:\Windows\System\WDdZAof.exe
2⤵
PID:4464

C:\Windows\System\jWvENrM.exe
C:\Windows\System\jWvENrM.exe
2⤵
PID:4904

C:\Windows\System\kZmhdwU.exe
C:\Windows\System\kZmhdwU.exe
2⤵
PID:2344

C:\Windows\System\CXEPzWS.exe
C:\Windows\System\CXEPzWS.exe
2⤵
PID:4716

C:\Windows\System\XDPausE.exe
C:\Windows\System\XDPausE.exe
2⤵
PID:4564

C:\Windows\System\syCcvbz.exe
C:\Windows\System\syCcvbz.exe
2⤵
PID:4988

C:\Windows\System\cmrqCiv.exe
C:\Windows\System\cmrqCiv.exe
2⤵
PID:5124

C:\Windows\System\znXGxTX.exe
C:\Windows\System\znXGxTX.exe
2⤵
PID:5140

C:\Windows\System\vIeyJUI.exe
C:\Windows\System\vIeyJUI.exe
2⤵
PID:5156

C:\Windows\System\mEBOkYY.exe
C:\Windows\System\mEBOkYY.exe
2⤵
PID:5172

C:\Windows\System\rOPxzcG.exe
C:\Windows\System\rOPxzcG.exe
2⤵
PID:5188

C:\Windows\System\WqUVbBa.exe
C:\Windows\System\WqUVbBa.exe
2⤵
PID:5204

C:\Windows\System\fmKaHff.exe
C:\Windows\System\fmKaHff.exe
2⤵
PID:5220

C:\Windows\System\mhWumIt.exe
C:\Windows\System\mhWumIt.exe
2⤵
PID:5236

C:\Windows\System\uXxrfGX.exe
C:\Windows\System\uXxrfGX.exe
2⤵
PID:5252

C:\Windows\System\CxKSGfV.exe
C:\Windows\System\CxKSGfV.exe
2⤵
PID:5268

C:\Windows\System\oiKZmfj.exe
C:\Windows\System\oiKZmfj.exe
2⤵
PID:5284

C:\Windows\System\LqDufHc.exe
C:\Windows\System\LqDufHc.exe
2⤵
PID:5300

C:\Windows\System\hLtmjyA.exe
C:\Windows\System\hLtmjyA.exe
2⤵
PID:5316

C:\Windows\System\mcVetPP.exe
C:\Windows\System\mcVetPP.exe
2⤵
PID:5336

C:\Windows\System\ygYJiTG.exe
C:\Windows\System\ygYJiTG.exe
2⤵
PID:5356

C:\Windows\System\pxNpqty.exe
C:\Windows\System\pxNpqty.exe
2⤵
PID:5376

C:\Windows\System\WMjEJGl.exe
C:\Windows\System\WMjEJGl.exe
2⤵
PID:5392

C:\Windows\System\PLfEEXh.exe
C:\Windows\System\PLfEEXh.exe
2⤵
PID:5408

C:\Windows\System\McNqRnR.exe
C:\Windows\System\McNqRnR.exe
2⤵
PID:5424

C:\Windows\System\lvyPcYy.exe
C:\Windows\System\lvyPcYy.exe
2⤵
PID:5440

C:\Windows\System\MWsrVSo.exe
C:\Windows\System\MWsrVSo.exe
2⤵
PID:5456

C:\Windows\System\nncBDig.exe
C:\Windows\System\nncBDig.exe
2⤵
PID:5472

C:\Windows\System\zMsMsUj.exe
C:\Windows\System\zMsMsUj.exe
2⤵
PID:5488

C:\Windows\System\JIXLbtQ.exe
C:\Windows\System\JIXLbtQ.exe
2⤵
PID:5504

C:\Windows\System\NJnCfsR.exe
C:\Windows\System\NJnCfsR.exe
2⤵
PID:5524

C:\Windows\System\SYazqdC.exe
C:\Windows\System\SYazqdC.exe
2⤵
PID:5540

C:\Windows\System\XTjBvIV.exe
C:\Windows\System\XTjBvIV.exe
2⤵
PID:5556

C:\Windows\System\yWtaWpr.exe
C:\Windows\System\yWtaWpr.exe
2⤵
PID:5572

C:\Windows\System\tYKvxHO.exe
C:\Windows\System\tYKvxHO.exe
2⤵
PID:5592

C:\Windows\System\rlAfBvu.exe
C:\Windows\System\rlAfBvu.exe
2⤵
PID:5612

C:\Windows\System\bFRCrtD.exe
C:\Windows\System\bFRCrtD.exe
2⤵
PID:5632

C:\Windows\System\HrKNEko.exe
C:\Windows\System\HrKNEko.exe
2⤵
PID:5648

C:\Windows\System\yuUSDLl.exe
C:\Windows\System\yuUSDLl.exe
2⤵
PID:5692

C:\Windows\System\ARmIEZi.exe
C:\Windows\System\ARmIEZi.exe
2⤵
PID:5728

C:\Windows\System\qjkCxhA.exe
C:\Windows\System\qjkCxhA.exe
2⤵
PID:5752

C:\Windows\System\xfkwWIH.exe
C:\Windows\System\xfkwWIH.exe
2⤵
PID:5768

C:\Windows\System\xKdtqNU.exe
C:\Windows\System\xKdtqNU.exe
2⤵
PID:5784

C:\Windows\System\waAVwLW.exe
C:\Windows\System\waAVwLW.exe
2⤵
PID:5800

C:\Windows\System\QirUPXl.exe
C:\Windows\System\QirUPXl.exe
2⤵
PID:5816

C:\Windows\System\CkNrmFi.exe
C:\Windows\System\CkNrmFi.exe
2⤵
PID:5832

C:\Windows\System\atFkRKo.exe
C:\Windows\System\atFkRKo.exe
2⤵
PID:5848

C:\Windows\System\HLnJxXk.exe
C:\Windows\System\HLnJxXk.exe
2⤵
PID:5864

C:\Windows\System\LzoqzAz.exe
C:\Windows\System\LzoqzAz.exe
2⤵
PID:5880

C:\Windows\System\urpYRxS.exe
C:\Windows\System\urpYRxS.exe
2⤵
PID:5896

C:\Windows\System\oZsAuMB.exe
C:\Windows\System\oZsAuMB.exe
2⤵
PID:5912

C:\Windows\System\wXSSlRM.exe
C:\Windows\System\wXSSlRM.exe
2⤵
PID:5928

C:\Windows\System\zyFivqw.exe
C:\Windows\System\zyFivqw.exe
2⤵
PID:5944

C:\Windows\System\tNUwJiI.exe
C:\Windows\System\tNUwJiI.exe
2⤵
PID:5960

C:\Windows\System\feoafwy.exe
C:\Windows\System\feoafwy.exe
2⤵
PID:5976

C:\Windows\System\MrVRwrS.exe
C:\Windows\System\MrVRwrS.exe
2⤵
PID:5992

C:\Windows\System\xfwPeEM.exe
C:\Windows\System\xfwPeEM.exe
2⤵
PID:6012

C:\Windows\System\dGmjZsa.exe
C:\Windows\System\dGmjZsa.exe
2⤵
PID:6028

C:\Windows\System\wKTGzSC.exe
C:\Windows\System\wKTGzSC.exe
2⤵
PID:6044

C:\Windows\System\amJHzgA.exe
C:\Windows\System\amJHzgA.exe
2⤵
PID:6060

C:\Windows\System\bPwMgLL.exe
C:\Windows\System\bPwMgLL.exe
2⤵
PID:6076

C:\Windows\System\wPwGHfC.exe
C:\Windows\System\wPwGHfC.exe
2⤵
PID:6092

C:\Windows\System\Xipbkyz.exe
C:\Windows\System\Xipbkyz.exe
2⤵
PID:6108

C:\Windows\System\fAxJljW.exe
C:\Windows\System\fAxJljW.exe
2⤵
PID:6124

C:\Windows\System\yrLLBUj.exe
C:\Windows\System\yrLLBUj.exe
2⤵
PID:6140

C:\Windows\System\xxbCbGY.exe
C:\Windows\System\xxbCbGY.exe
2⤵
PID:5152

C:\Windows\System\ilVipZX.exe
C:\Windows\System\ilVipZX.exe
2⤵
PID:5132

C:\Windows\System\naPQQek.exe
C:\Windows\System\naPQQek.exe
2⤵
PID:5216

C:\Windows\System\OMNTkhP.exe
C:\Windows\System\OMNTkhP.exe
2⤵
PID:5280

C:\Windows\System\yeJHUnj.exe
C:\Windows\System\yeJHUnj.exe
2⤵
PID:5228

C:\Windows\System\nuWFLUe.exe
C:\Windows\System\nuWFLUe.exe
2⤵
PID:5260

C:\Windows\System\DccBrIK.exe
C:\Windows\System\DccBrIK.exe
2⤵
PID:5328

C:\Windows\System\lUqThNm.exe
C:\Windows\System\lUqThNm.exe
2⤵
PID:5364

C:\Windows\System\KAtmIDb.exe
C:\Windows\System\KAtmIDb.exe
2⤵
PID:5368

C:\Windows\System\wQNTAbv.exe
C:\Windows\System\wQNTAbv.exe
2⤵
PID:5416

C:\Windows\System\ZBkUTJB.exe
C:\Windows\System\ZBkUTJB.exe
2⤵
PID:5464

C:\Windows\System\SzBBCIT.exe
C:\Windows\System\SzBBCIT.exe
2⤵
PID:5500

C:\Windows\System\JQawyfx.exe
C:\Windows\System\JQawyfx.exe
2⤵
PID:5564

C:\Windows\System\axCkibI.exe
C:\Windows\System\axCkibI.exe
2⤵
PID:5584

C:\Windows\System\cewRycd.exe
C:\Windows\System\cewRycd.exe
2⤵
PID:5588

C:\Windows\System\QEBguSy.exe
C:\Windows\System\QEBguSy.exe
2⤵
PID:5600

C:\Windows\System\qIBJmYd.exe
C:\Windows\System\qIBJmYd.exe
2⤵
PID:5644

C:\Windows\System\xDFmXPX.exe
C:\Windows\System\xDFmXPX.exe
2⤵
PID:5668

C:\Windows\System\TWYuIkQ.exe
C:\Windows\System\TWYuIkQ.exe
2⤵
PID:5688

C:\Windows\System\DdveLVQ.exe
C:\Windows\System\DdveLVQ.exe
2⤵
PID:5708

C:\Windows\System\mdAccmv.exe
C:\Windows\System\mdAccmv.exe
2⤵
PID:5736

C:\Windows\System\PFrwGlL.exe
C:\Windows\System\PFrwGlL.exe
2⤵
PID:5748

C:\Windows\System\iBTcTyi.exe
C:\Windows\System\iBTcTyi.exe
2⤵
PID:5812

C:\Windows\System\RKekHWF.exe
C:\Windows\System\RKekHWF.exe
2⤵
PID:5792

C:\Windows\System\JonusNg.exe
C:\Windows\System\JonusNg.exe
2⤵
PID:5876

C:\Windows\System\YQatLrv.exe
C:\Windows\System\YQatLrv.exe
2⤵
PID:5936

C:\Windows\System\sTFjroS.exe
C:\Windows\System\sTFjroS.exe
2⤵
PID:5924

C:\Windows\System\mJUnJmR.exe
C:\Windows\System\mJUnJmR.exe
2⤵
PID:5892

C:\Windows\System\BJRLrgA.exe
C:\Windows\System\BJRLrgA.exe
2⤵
PID:5956

C:\Windows\System\nCmTjIC.exe
C:\Windows\System\nCmTjIC.exe
2⤵
PID:6004

C:\Windows\System\YLKTFBt.exe
C:\Windows\System\YLKTFBt.exe
2⤵
PID:6068

C:\Windows\System\StonkYe.exe
C:\Windows\System\StonkYe.exe
2⤵
PID:6084

C:\Windows\System\aYkQvyn.exe
C:\Windows\System\aYkQvyn.exe
2⤵
PID:6100

C:\Windows\System\QdmrAvj.exe
C:\Windows\System\QdmrAvj.exe
2⤵
PID:5148

C:\Windows\System\CJGsASU.exe
C:\Windows\System\CJGsASU.exe
2⤵
PID:5184

C:\Windows\System\PhsZGfj.exe
C:\Windows\System\PhsZGfj.exe
2⤵
PID:4952

C:\Windows\System\EOViKTN.exe
C:\Windows\System\EOViKTN.exe
2⤵
PID:5200

C:\Windows\System\FFDweCG.exe
C:\Windows\System\FFDweCG.exe
2⤵
PID:5384

C:\Windows\System\xLAGPwg.exe
C:\Windows\System\xLAGPwg.exe
2⤵
PID:5296

C:\Windows\System\lgKicQY.exe
C:\Windows\System\lgKicQY.exe
2⤵
PID:5468

C:\Windows\System\cDsaYoL.exe
C:\Windows\System\cDsaYoL.exe
2⤵
PID:5780

C:\Windows\System\dWbUbtL.exe
C:\Windows\System\dWbUbtL.exe
2⤵
PID:5640

C:\Windows\System\nYEmZEO.exe
C:\Windows\System\nYEmZEO.exe
2⤵
PID:5664

C:\Windows\System\OVxLpHs.exe
C:\Windows\System\OVxLpHs.exe
2⤵
PID:5904

C:\Windows\System\yEiEHNV.exe
C:\Windows\System\yEiEHNV.exe
2⤵
PID:5764

C:\Windows\System\wqUMrqY.exe
C:\Windows\System\wqUMrqY.exe
2⤵
PID:5952

C:\Windows\System\UGFNGsU.exe
C:\Windows\System\UGFNGsU.exe
2⤵
PID:6036

C:\Windows\System\iXGOnHL.exe
C:\Windows\System\iXGOnHL.exe
2⤵
PID:5972

C:\Windows\System\gmKHKhr.exe
C:\Windows\System\gmKHKhr.exe
2⤵
PID:6136

C:\Windows\System\FdWTtMK.exe
C:\Windows\System\FdWTtMK.exe
2⤵
PID:5168

C:\Windows\System\vnDXroB.exe
C:\Windows\System\vnDXroB.exe
2⤵
PID:5404

C:\Windows\System\DsBSGZc.exe
C:\Windows\System\DsBSGZc.exe
2⤵
PID:5388

C:\Windows\System\YghsQOu.exe
C:\Windows\System\YghsQOu.exe
2⤵
PID:5432

C:\Windows\System\oGkAeZi.exe
C:\Windows\System\oGkAeZi.exe
2⤵
PID:5512

C:\Windows\System\JqLQWEi.exe
C:\Windows\System\JqLQWEi.exe
2⤵
PID:5724

C:\Windows\System\cNCoClX.exe
C:\Windows\System\cNCoClX.exe
2⤵
PID:5532

C:\Windows\System\mGfpWGG.exe
C:\Windows\System\mGfpWGG.exe
2⤵
PID:5796

C:\Windows\System\nMYFNqa.exe
C:\Windows\System\nMYFNqa.exe
2⤵
PID:5608

C:\Windows\System\jBTEoqs.exe
C:\Windows\System\jBTEoqs.exe
2⤵
PID:5552

C:\Windows\System\kXDHMwl.exe
C:\Windows\System\kXDHMwl.exe
2⤵
PID:5700

C:\Windows\System\tKvRZHx.exe
C:\Windows\System\tKvRZHx.exe
2⤵
PID:5496

C:\Windows\System\HcndvJc.exe
C:\Windows\System\HcndvJc.exe
2⤵
PID:5968

C:\Windows\System\ouojZTh.exe
C:\Windows\System\ouojZTh.exe
2⤵
PID:5888

C:\Windows\System\YUAfSEJ.exe
C:\Windows\System\YUAfSEJ.exe
2⤵
PID:6088

C:\Windows\System\vJUogSr.exe
C:\Windows\System\vJUogSr.exe
2⤵
PID:5352

C:\Windows\System\GwECFvj.exe
C:\Windows\System\GwECFvj.exe
2⤵
PID:5624

C:\Windows\System\EQLeCYt.exe
C:\Windows\System\EQLeCYt.exe
2⤵
PID:5684

C:\Windows\System\NdYssDY.exe
C:\Windows\System\NdYssDY.exe
2⤵
PID:5760

C:\Windows\System\iwwFquE.exe
C:\Windows\System\iwwFquE.exe
2⤵
PID:6160

C:\Windows\System\fFROrIs.exe
C:\Windows\System\fFROrIs.exe
2⤵
PID:6180

C:\Windows\System\OmMPwRy.exe
C:\Windows\System\OmMPwRy.exe
2⤵
PID:6220

C:\Windows\System\KiKfGKl.exe
C:\Windows\System\KiKfGKl.exe
2⤵
PID:6236

C:\Windows\System\doFSDnQ.exe
C:\Windows\System\doFSDnQ.exe
2⤵
PID:6252

C:\Windows\System\MsHwdua.exe
C:\Windows\System\MsHwdua.exe
2⤵
PID:6268

C:\Windows\System\RHhrSjO.exe
C:\Windows\System\RHhrSjO.exe
2⤵
PID:6284

C:\Windows\System\OYCZcgC.exe
C:\Windows\System\OYCZcgC.exe
2⤵
PID:6300

C:\Windows\System\pAVgaJO.exe
C:\Windows\System\pAVgaJO.exe
2⤵
PID:6316

C:\Windows\System\OfPBnOX.exe
C:\Windows\System\OfPBnOX.exe
2⤵
PID:6332

C:\Windows\System\YMmazRe.exe
C:\Windows\System\YMmazRe.exe
2⤵
PID:6364

C:\Windows\System\jwyJilG.exe
C:\Windows\System\jwyJilG.exe
2⤵
PID:6380

C:\Windows\System\DVANPjE.exe
C:\Windows\System\DVANPjE.exe
2⤵
PID:6400

C:\Windows\System\HkZRfJT.exe
C:\Windows\System\HkZRfJT.exe
2⤵
PID:6420

C:\Windows\System\IJILpaY.exe
C:\Windows\System\IJILpaY.exe
2⤵
PID:6460

C:\Windows\System\jfPAntS.exe
C:\Windows\System\jfPAntS.exe
2⤵
PID:6476

C:\Windows\System\ojpqbCt.exe
C:\Windows\System\ojpqbCt.exe
2⤵
PID:6492

C:\Windows\System\EprMtKZ.exe
C:\Windows\System\EprMtKZ.exe
2⤵
PID:6508

C:\Windows\System\gZzubNl.exe
C:\Windows\System\gZzubNl.exe
2⤵
PID:6524

C:\Windows\System\NNBYysa.exe
C:\Windows\System\NNBYysa.exe
2⤵
PID:6540

C:\Windows\System\SxYHfLG.exe
C:\Windows\System\SxYHfLG.exe
2⤵
PID:6556

C:\Windows\System\uAjiJLf.exe
C:\Windows\System\uAjiJLf.exe
2⤵
PID:6572

C:\Windows\System\cCraRbv.exe
C:\Windows\System\cCraRbv.exe
2⤵
PID:6588

C:\Windows\System\RjNRFCb.exe
C:\Windows\System\RjNRFCb.exe
2⤵
PID:6604

C:\Windows\System\fhymbmV.exe
C:\Windows\System\fhymbmV.exe
2⤵
PID:6624

C:\Windows\System\WCuONZv.exe
C:\Windows\System\WCuONZv.exe
2⤵
PID:6640

C:\Windows\System\FzAVQJJ.exe
C:\Windows\System\FzAVQJJ.exe
2⤵
PID:6660

C:\Windows\System\rpFIRsD.exe
C:\Windows\System\rpFIRsD.exe
2⤵
PID:6724

C:\Windows\System\OBPvGdp.exe
C:\Windows\System\OBPvGdp.exe
2⤵
PID:6740

C:\Windows\System\dwGbSaC.exe
C:\Windows\System\dwGbSaC.exe
2⤵
PID:6764

C:\Windows\System\BOouCPR.exe
C:\Windows\System\BOouCPR.exe
2⤵
PID:6780

C:\Windows\System\SybJXqK.exe
C:\Windows\System\SybJXqK.exe
2⤵
PID:6796

C:\Windows\System\TuvdsbW.exe
C:\Windows\System\TuvdsbW.exe
2⤵
PID:6812

C:\Windows\System\VAXrSeh.exe
C:\Windows\System\VAXrSeh.exe
2⤵
PID:6828

C:\Windows\System\BGKIurC.exe
C:\Windows\System\BGKIurC.exe
2⤵
PID:6848

C:\Windows\System\GSHBzWR.exe
C:\Windows\System\GSHBzWR.exe
2⤵
PID:6872

C:\Windows\System\gitEEFW.exe
C:\Windows\System\gitEEFW.exe
2⤵
PID:6892

C:\Windows\System\AdxfgUO.exe
C:\Windows\System\AdxfgUO.exe
2⤵
PID:6908

C:\Windows\System\rmRLxTh.exe
C:\Windows\System\rmRLxTh.exe
2⤵
PID:6924

C:\Windows\System\fURPhNn.exe
C:\Windows\System\fURPhNn.exe
2⤵
PID:6940

C:\Windows\System\TJTnZpc.exe
C:\Windows\System\TJTnZpc.exe
2⤵
PID:6956

C:\Windows\System\aioOvYz.exe
C:\Windows\System\aioOvYz.exe
2⤵
PID:6996

C:\Windows\System\bPGwGAN.exe
C:\Windows\System\bPGwGAN.exe
2⤵
PID:7012

C:\Windows\System\PqnJXBI.exe
C:\Windows\System\PqnJXBI.exe
2⤵
PID:7028

C:\Windows\System\OJUvbOq.exe
C:\Windows\System\OJUvbOq.exe
2⤵
PID:7044

C:\Windows\System\nIzVvrl.exe
C:\Windows\System\nIzVvrl.exe
2⤵
PID:7060

C:\Windows\System\SvawvSg.exe
C:\Windows\System\SvawvSg.exe
2⤵
PID:7076

C:\Windows\System\rpSuztP.exe
C:\Windows\System\rpSuztP.exe
2⤵
PID:7096

C:\Windows\System\yxKvnvF.exe
C:\Windows\System\yxKvnvF.exe
2⤵
PID:7116

C:\Windows\System\BOdyWWh.exe
C:\Windows\System\BOdyWWh.exe
2⤵
PID:7136

C:\Windows\System\YjMODFv.exe
C:\Windows\System\YjMODFv.exe
2⤵
PID:7164

C:\Windows\System\pZrknpz.exe
C:\Windows\System\pZrknpz.exe
2⤵
PID:6176

C:\Windows\System\qrSUGFB.exe
C:\Windows\System\qrSUGFB.exe
2⤵
PID:4388

C:\Windows\System\JKsDLii.exe
C:\Windows\System\JKsDLii.exe
2⤵
PID:6192

C:\Windows\System\AMOurrX.exe
C:\Windows\System\AMOurrX.exe
2⤵
PID:6200

C:\Windows\System\VCnabev.exe
C:\Windows\System\VCnabev.exe
2⤵
PID:6308

C:\Windows\System\MKKPbXV.exe
C:\Windows\System\MKKPbXV.exe
2⤵
PID:6328

C:\Windows\System\bmNMQFz.exe
C:\Windows\System\bmNMQFz.exe
2⤵
PID:6348

C:\Windows\System\fFiXEui.exe
C:\Windows\System\fFiXEui.exe
2⤵
PID:6376

C:\Windows\System\UnEhzHf.exe
C:\Windows\System\UnEhzHf.exe
2⤵
PID:6408

C:\Windows\System\JwiTGsh.exe
C:\Windows\System\JwiTGsh.exe
2⤵
PID:6432

C:\Windows\System\czFhScA.exe
C:\Windows\System\czFhScA.exe
2⤵
PID:6452

C:\Windows\System\FagoPEW.exe
C:\Windows\System\FagoPEW.exe
2⤵
PID:6472

C:\Windows\System\dtEKzzp.exe
C:\Windows\System\dtEKzzp.exe
2⤵
PID:6536

C:\Windows\System\MjxOFRD.exe
C:\Windows\System\MjxOFRD.exe
2⤵
PID:6488

C:\Windows\System\vXOrUdp.exe
C:\Windows\System\vXOrUdp.exe
2⤵
PID:6552

C:\Windows\System\yGeUSiT.exe
C:\Windows\System\yGeUSiT.exe
2⤵
PID:6684

C:\Windows\System\oxMSzGl.exe
C:\Windows\System\oxMSzGl.exe
2⤵
PID:6708

C:\Windows\System\onDDEGF.exe
C:\Windows\System\onDDEGF.exe
2⤵
PID:6612

C:\Windows\System\ilUQWpO.exe
C:\Windows\System\ilUQWpO.exe
2⤵
PID:6656

C:\Windows\System\xZbCPXn.exe
C:\Windows\System\xZbCPXn.exe
2⤵
PID:6732

C:\Windows\System\lBUKncI.exe
C:\Windows\System\lBUKncI.exe
2⤵
PID:6804

C:\Windows\System\QCQSCHY.exe
C:\Windows\System\QCQSCHY.exe
2⤵
PID:6964

C:\Windows\System\qBmjrji.exe
C:\Windows\System\qBmjrji.exe
2⤵
PID:6884

C:\Windows\System\ubmunCb.exe
C:\Windows\System\ubmunCb.exe
2⤵
PID:6976

C:\Windows\System\vpPKSbY.exe
C:\Windows\System\vpPKSbY.exe
2⤵
PID:6992

C:\Windows\System\bSltijL.exe
C:\Windows\System\bSltijL.exe
2⤵
PID:6840

C:\Windows\System\uXgaQCo.exe
C:\Windows\System\uXgaQCo.exe
2⤵
PID:7024

C:\Windows\System\NXpQoik.exe
C:\Windows\System\NXpQoik.exe
2⤵
PID:7088

C:\Windows\System\EcNKhOD.exe
C:\Windows\System\EcNKhOD.exe
2⤵
PID:2176

C:\Windows\System\tDhyHiV.exe
C:\Windows\System\tDhyHiV.exe
2⤵
PID:7008

C:\Windows\System\pYVmbFi.exe
C:\Windows\System\pYVmbFi.exe
2⤵
PID:6188

C:\Windows\System\ATeAOIc.exe
C:\Windows\System\ATeAOIc.exe
2⤵
PID:7156

C:\Windows\System\vlXHBKQ.exe
C:\Windows\System\vlXHBKQ.exe
2⤵
PID:7112

C:\Windows\System\OBPgrrK.exe
C:\Windows\System\OBPgrrK.exe
2⤵
PID:6196

C:\Windows\System\ueuJjPk.exe
C:\Windows\System\ueuJjPk.exe
2⤵
PID:6228

C:\Windows\System\NpeSKoX.exe
C:\Windows\System\NpeSKoX.exe
2⤵
PID:6392

C:\Windows\System\onHVXHA.exe
C:\Windows\System\onHVXHA.exe
2⤵
PID:6500

C:\Windows\System\fueXKkv.exe
C:\Windows\System\fueXKkv.exe
2⤵
PID:6248

C:\Windows\System\Uewpooe.exe
C:\Windows\System\Uewpooe.exe
2⤵
PID:6632

C:\Windows\System\vtRrwYj.exe
C:\Windows\System\vtRrwYj.exe
2⤵
PID:6700

C:\Windows\System\qjIsSDS.exe
C:\Windows\System\qjIsSDS.exe
2⤵
PID:6736

C:\Windows\System\jesiEWD.exe
C:\Windows\System\jesiEWD.exe
2⤵
PID:6760

C:\Windows\System\whNRYVJ.exe
C:\Windows\System\whNRYVJ.exe
2⤵
PID:6276

C:\Windows\System\EOwhBhR.exe
C:\Windows\System\EOwhBhR.exe
2⤵
PID:6824

C:\Windows\System\VyoZLbN.exe
C:\Windows\System\VyoZLbN.exe
2⤵
PID:6720

C:\Windows\System\cZkPjGN.exe
C:\Windows\System\cZkPjGN.exe
2⤵
PID:6860

C:\Windows\System\FDYaNUb.exe
C:\Windows\System\FDYaNUb.exe
2⤵
PID:6920

C:\Windows\System\qfGUqCO.exe
C:\Windows\System\qfGUqCO.exe
2⤵
PID:7124

C:\Windows\System\urLHiwg.exe
C:\Windows\System\urLHiwg.exe
2⤵
PID:5920

C:\Windows\System\faHjOQc.exe
C:\Windows\System\faHjOQc.exe
2⤵
PID:7072

C:\Windows\System\NJJwlHD.exe
C:\Windows\System\NJJwlHD.exe
2⤵
PID:6168

C:\Windows\System\zUcBDLP.exe
C:\Windows\System\zUcBDLP.exe
2⤵
PID:6264

C:\Windows\System\QPxAEZQ.exe
C:\Windows\System\QPxAEZQ.exe
2⤵
PID:6292

C:\Windows\System\PrTNDhZ.exe
C:\Windows\System\PrTNDhZ.exe
2⤵
PID:6416

C:\Windows\System\giWQKQJ.exe
C:\Windows\System\giWQKQJ.exe
2⤵
PID:6648

C:\Windows\System\gJipKZA.exe
C:\Windows\System\gJipKZA.exe
2⤵
PID:6716

C:\Windows\System\zmfvXzK.exe
C:\Windows\System\zmfvXzK.exe
2⤵
PID:6988

C:\Windows\System\gsLrJaI.exe
C:\Windows\System\gsLrJaI.exe
2⤵
PID:6532

C:\Windows\System\YkkqmeB.exe
C:\Windows\System\YkkqmeB.exe
2⤵
PID:6672

C:\Windows\System\tXGVJJn.exe
C:\Windows\System\tXGVJJn.exe
2⤵
PID:5988

C:\Windows\System\UmoaZMR.exe
C:\Windows\System\UmoaZMR.exe
2⤵
PID:7020

C:\Windows\System\JUqMCat.exe
C:\Windows\System\JUqMCat.exe
2⤵
PID:6916

C:\Windows\System\ulsKsWb.exe
C:\Windows\System\ulsKsWb.exe
2⤵
PID:7040

C:\Windows\System\thUnFGd.exe
C:\Windows\System\thUnFGd.exe
2⤵
PID:6984

C:\Windows\System\MKTXEJI.exe
C:\Windows\System\MKTXEJI.exe
2⤵
PID:6340

C:\Windows\System\WjJDLBj.exe
C:\Windows\System\WjJDLBj.exe
2⤵
PID:5136

C:\Windows\System\wHMYGhg.exe
C:\Windows\System\wHMYGhg.exe
2⤵
PID:7084

C:\Windows\System\lPVIkQN.exe
C:\Windows\System\lPVIkQN.exe
2⤵
PID:6820

C:\Windows\System\morOISf.exe
C:\Windows\System\morOISf.exe
2⤵
PID:6156

C:\Windows\System\mIzAxjm.exe
C:\Windows\System\mIzAxjm.exe
2⤵
PID:6676

C:\Windows\System\MstDnDa.exe
C:\Windows\System\MstDnDa.exe
2⤵
PID:7068

C:\Windows\System\FqbGLKw.exe
C:\Windows\System\FqbGLKw.exe
2⤵
PID:7148

C:\Windows\System\yzbaUiu.exe
C:\Windows\System\yzbaUiu.exe
2⤵
PID:6868

C:\Windows\System\PfZbXvC.exe
C:\Windows\System\PfZbXvC.exe
2⤵
PID:7188

C:\Windows\System\FBFCeVm.exe
C:\Windows\System\FBFCeVm.exe
2⤵
PID:7228

C:\Windows\System\eEmTpNh.exe
C:\Windows\System\eEmTpNh.exe
2⤵
PID:7244

C:\Windows\System\ctKNLNB.exe
C:\Windows\System\ctKNLNB.exe
2⤵
PID:7264

C:\Windows\System\kcedrMO.exe
C:\Windows\System\kcedrMO.exe
2⤵
PID:7280

C:\Windows\System\PyXQkUh.exe
C:\Windows\System\PyXQkUh.exe
2⤵
PID:7300

C:\Windows\System\ZUNHnTV.exe
C:\Windows\System\ZUNHnTV.exe
2⤵
PID:7320

C:\Windows\System\caWDcKe.exe
C:\Windows\System\caWDcKe.exe
2⤵
PID:7336

C:\Windows\System\kmBMcuF.exe
C:\Windows\System\kmBMcuF.exe
2⤵
PID:7356

C:\Windows\System\iMkeEAb.exe
C:\Windows\System\iMkeEAb.exe
2⤵
PID:7372

C:\Windows\System\dnajdYT.exe
C:\Windows\System\dnajdYT.exe
2⤵
PID:7388

C:\Windows\System\gqTnQnl.exe
C:\Windows\System\gqTnQnl.exe
2⤵
PID:7404

C:\Windows\System\sVFLawL.exe
C:\Windows\System\sVFLawL.exe
2⤵
PID:7424

C:\Windows\System\bbSZAdT.exe
C:\Windows\System\bbSZAdT.exe
2⤵
PID:7440

C:\Windows\System\CtKIvam.exe
C:\Windows\System\CtKIvam.exe
2⤵
PID:7460

C:\Windows\System\ugnYOVq.exe
C:\Windows\System\ugnYOVq.exe
2⤵
PID:7476

C:\Windows\System\XzqGnpJ.exe
C:\Windows\System\XzqGnpJ.exe
2⤵
PID:7492

C:\Windows\System\EULaJzf.exe
C:\Windows\System\EULaJzf.exe
2⤵
PID:7516

C:\Windows\System\mxIDtMm.exe
C:\Windows\System\mxIDtMm.exe
2⤵
PID:7536

C:\Windows\System\IwLtxtn.exe
C:\Windows\System\IwLtxtn.exe
2⤵
PID:7556

C:\Windows\System\vohxeSx.exe
C:\Windows\System\vohxeSx.exe
2⤵
PID:7572

C:\Windows\System\SjoTapp.exe
C:\Windows\System\SjoTapp.exe
2⤵
PID:7592

C:\Windows\System\GCUUuzQ.exe
C:\Windows\System\GCUUuzQ.exe
2⤵
PID:7608

C:\Windows\System\DcVpIAA.exe
C:\Windows\System\DcVpIAA.exe
2⤵
PID:7624

C:\Windows\System\HJbBmoS.exe
C:\Windows\System\HJbBmoS.exe
2⤵
PID:7644

C:\Windows\System\RpRLaOi.exe
C:\Windows\System\RpRLaOi.exe
2⤵
PID:7692

C:\Windows\System\WfzqcjX.exe
C:\Windows\System\WfzqcjX.exe
2⤵
PID:7720

C:\Windows\System\nAnVmmk.exe
C:\Windows\System\nAnVmmk.exe
2⤵
PID:7744

C:\Windows\System\FFZvvBz.exe
C:\Windows\System\FFZvvBz.exe
2⤵
PID:7780

C:\Windows\System\mNKoKRY.exe
C:\Windows\System\mNKoKRY.exe
2⤵
PID:7796

C:\Windows\System\wVGPjft.exe
C:\Windows\System\wVGPjft.exe
2⤵
PID:7812

C:\Windows\System\jqTvzay.exe
C:\Windows\System\jqTvzay.exe
2⤵
PID:7832

C:\Windows\System\bOiWUUo.exe
C:\Windows\System\bOiWUUo.exe
2⤵
PID:7848

C:\Windows\System\mDzlTIm.exe
C:\Windows\System\mDzlTIm.exe
2⤵
PID:7872

C:\Windows\System\HZFEPZw.exe
C:\Windows\System\HZFEPZw.exe
2⤵
PID:7892

C:\Windows\System\lFWmIdf.exe
C:\Windows\System\lFWmIdf.exe
2⤵
PID:7908

C:\Windows\System\MwcrVAF.exe
C:\Windows\System\MwcrVAF.exe
2⤵
PID:7952

C:\Windows\System\JNzKikt.exe
C:\Windows\System\JNzKikt.exe
2⤵
PID:7968

C:\Windows\System\uqSyKYa.exe
C:\Windows\System\uqSyKYa.exe
2⤵
PID:7996

C:\Windows\System\QMqABCI.exe
C:\Windows\System\QMqABCI.exe
2⤵
PID:8016

C:\Windows\System\nkmfyNq.exe
C:\Windows\System\nkmfyNq.exe
2⤵
PID:8052

C:\Windows\System\crxUGJc.exe
C:\Windows\System\crxUGJc.exe
2⤵
PID:8068

C:\Windows\System\PBkraNJ.exe
C:\Windows\System\PBkraNJ.exe
2⤵
PID:8084

C:\Windows\System\pVfpsah.exe
C:\Windows\System\pVfpsah.exe
2⤵
PID:8112

C:\Windows\System\dzqtJID.exe
C:\Windows\System\dzqtJID.exe
2⤵
PID:8128

C:\Windows\System\idIjStO.exe
C:\Windows\System\idIjStO.exe
2⤵
PID:8148

C:\Windows\System\jdigTNz.exe
C:\Windows\System\jdigTNz.exe
2⤵
PID:8164

C:\Windows\System\EkPvHdh.exe
C:\Windows\System\EkPvHdh.exe
2⤵
PID:8188

C:\Windows\System\TLLIROK.exe
C:\Windows\System\TLLIROK.exe
2⤵
PID:7204

C:\Windows\System\nNoJMwa.exe
C:\Windows\System\nNoJMwa.exe
2⤵
PID:6212

C:\Windows\System\wLPkVxt.exe
C:\Windows\System\wLPkVxt.exe
2⤵
PID:6444

C:\Windows\System\JXzLSDz.exe
C:\Windows\System\JXzLSDz.exe
2⤵
PID:7180

C:\Windows\System\HomUGKm.exe
C:\Windows\System\HomUGKm.exe
2⤵
PID:7224

C:\Windows\System\TkrmhHE.exe
C:\Windows\System\TkrmhHE.exe
2⤵
PID:7296

C:\Windows\System\EVUOfyX.exe
C:\Windows\System\EVUOfyX.exe
2⤵
PID:7128

C:\Windows\System\RJqclYy.exe
C:\Windows\System\RJqclYy.exe
2⤵
PID:7468

C:\Windows\System\rCKrLDk.exe
C:\Windows\System\rCKrLDk.exe
2⤵
PID:7544

C:\Windows\System\hZazkJD.exe
C:\Windows\System\hZazkJD.exe
2⤵
PID:7584

C:\Windows\System\OxKiAIu.exe
C:\Windows\System\OxKiAIu.exe
2⤵
PID:7272

C:\Windows\System\seZrLQH.exe
C:\Windows\System\seZrLQH.exe
2⤵
PID:7656

C:\Windows\System\VwcvrGk.exe
C:\Windows\System\VwcvrGk.exe
2⤵
PID:7564

C:\Windows\System\gFyfIKk.exe
C:\Windows\System\gFyfIKk.exe
2⤵
PID:7676

C:\Windows\System\cEzfndO.exe
C:\Windows\System\cEzfndO.exe
2⤵
PID:7412

C:\Windows\System\eZNmCRK.exe
C:\Windows\System\eZNmCRK.exe
2⤵
PID:7736

C:\Windows\System\mpuDeYD.exe
C:\Windows\System\mpuDeYD.exe
2⤵
PID:7348

C:\Windows\System\LkBeLxN.exe
C:\Windows\System\LkBeLxN.exe
2⤵
PID:7420

C:\Windows\System\UayXmIk.exe
C:\Windows\System\UayXmIk.exe
2⤵
PID:7488

C:\Windows\System\AMUEFcx.exe
C:\Windows\System\AMUEFcx.exe
2⤵
PID:7756

C:\Windows\System\DymWhmO.exe
C:\Windows\System\DymWhmO.exe
2⤵
PID:7820

C:\Windows\System\IYOCOsQ.exe
C:\Windows\System\IYOCOsQ.exe
2⤵
PID:7864

C:\Windows\System\NYSltnB.exe
C:\Windows\System\NYSltnB.exe
2⤵
PID:7776

C:\Windows\System\vJvPpJl.exe
C:\Windows\System\vJvPpJl.exe
2⤵
PID:7840

C:\Windows\System\vNROZrM.exe
C:\Windows\System\vNROZrM.exe
2⤵
PID:7960

C:\Windows\System\skbLpWB.exe
C:\Windows\System\skbLpWB.exe
2⤵
PID:8012

C:\Windows\System\NoSrqDh.exe
C:\Windows\System\NoSrqDh.exe
2⤵
PID:8024

C:\Windows\System\AKgQAjB.exe
C:\Windows\System\AKgQAjB.exe
2⤵
PID:8064

C:\Windows\System\zCqbWtP.exe
C:\Windows\System\zCqbWtP.exe
2⤵
PID:8100

C:\Windows\System\bIzwMRw.exe
C:\Windows\System\bIzwMRw.exe
2⤵
PID:8144

C:\Windows\System\MsJtcSL.exe
C:\Windows\System\MsJtcSL.exe
2⤵
PID:8184

C:\Windows\System\edSmKLW.exe
C:\Windows\System\edSmKLW.exe
2⤵
PID:6752

C:\Windows\System\rzlbylu.exe
C:\Windows\System\rzlbylu.exe
2⤵
PID:6344

C:\Windows\System\MPcpBbi.exe
C:\Windows\System\MPcpBbi.exe
2⤵
PID:7184

C:\Windows\System\kaPldzQ.exe
C:\Windows\System\kaPldzQ.exe
2⤵
PID:7260

C:\Windows\System\ppXprmm.exe
C:\Windows\System\ppXprmm.exe
2⤵
PID:7400

C:\Windows\System\AnYSptn.exe
C:\Windows\System\AnYSptn.exe
2⤵
PID:7332

C:\Windows\System\XSIKEfE.exe
C:\Windows\System\XSIKEfE.exe
2⤵
PID:7512

C:\Windows\System\WrReuVe.exe
C:\Windows\System\WrReuVe.exe
2⤵
PID:7312

C:\Windows\System\VMyyLFN.exe
C:\Windows\System\VMyyLFN.exe
2⤵
PID:7236

C:\Windows\System\bQQvDPB.exe
C:\Windows\System\bQQvDPB.exe
2⤵
PID:7728

C:\Windows\System\dibMUle.exe
C:\Windows\System\dibMUle.exe
2⤵
PID:7416

C:\Windows\System\UBwfgny.exe
C:\Windows\System\UBwfgny.exe
2⤵
PID:7452

C:\Windows\System\LgbGwKP.exe
C:\Windows\System\LgbGwKP.exe
2⤵
PID:8044

C:\Windows\System\RdoVvyA.exe
C:\Windows\System\RdoVvyA.exe
2⤵
PID:7824

C:\Windows\System\ZcNEyTi.exe
C:\Windows\System\ZcNEyTi.exe
2⤵
PID:7888

C:\Windows\System\nSRirCE.exe
C:\Windows\System\nSRirCE.exe
2⤵
PID:7904

C:\Windows\System\qHBoEgj.exe
C:\Windows\System\qHBoEgj.exe
2⤵
PID:7920

C:\Windows\System\nLdKucr.exe
C:\Windows\System\nLdKucr.exe
2⤵
PID:8036

C:\Windows\System\pLwdiqM.exe
C:\Windows\System\pLwdiqM.exe
2⤵
PID:8060

C:\Windows\System\HpqkrfS.exe
C:\Windows\System\HpqkrfS.exe
2⤵
PID:8156

C:\Windows\System\lQxgPZH.exe
C:\Windows\System\lQxgPZH.exe
2⤵
PID:8172

C:\Windows\System\RGsWLym.exe
C:\Windows\System\RGsWLym.exe
2⤵
PID:7472

C:\Windows\System\mqeyFZW.exe
C:\Windows\System\mqeyFZW.exe
2⤵
PID:7308

C:\Windows\System\oiZvuqs.exe
C:\Windows\System\oiZvuqs.exe
2⤵
PID:1576

C:\Windows\System\jMlXkLt.exe
C:\Windows\System\jMlXkLt.exe
2⤵
PID:7568

C:\Windows\System\KrvfckG.exe
C:\Windows\System\KrvfckG.exe
2⤵
PID:7716

C:\Windows\System\VKYKQXD.exe
C:\Windows\System\VKYKQXD.exe
2⤵
PID:7688

C:\Windows\System\vWQjcRx.exe
C:\Windows\System\vWQjcRx.exe
2⤵
PID:7844

C:\Windows\System\jzuvHlV.exe
C:\Windows\System\jzuvHlV.exe
2⤵
PID:7712

C:\Windows\System\tFEorDZ.exe
C:\Windows\System\tFEorDZ.exe
2⤵
PID:7808

C:\Windows\System\VUAydDi.exe
C:\Windows\System\VUAydDi.exe
2⤵
PID:8032

C:\Windows\System\cPkvDsU.exe
C:\Windows\System\cPkvDsU.exe
2⤵
PID:8096

C:\Windows\System\ETZxjXJ.exe
C:\Windows\System\ETZxjXJ.exe
2⤵
PID:7152

C:\Windows\System\Ftgensm.exe
C:\Windows\System\Ftgensm.exe
2⤵
PID:8140

C:\Windows\System\YUDHrSY.exe
C:\Windows\System\YUDHrSY.exe
2⤵
PID:8160

C:\Windows\System\gexvobe.exe
C:\Windows\System\gexvobe.exe
2⤵
PID:7196

C:\Windows\System\tLXNZBr.exe
C:\Windows\System\tLXNZBr.exe
2⤵
PID:7636

C:\Windows\System\rmcXBlo.exe
C:\Windows\System\rmcXBlo.exe
2⤵
PID:7500

C:\Windows\System\kzkOHpZ.exe
C:\Windows\System\kzkOHpZ.exe
2⤵
PID:7276

C:\Windows\System\RvKMMmA.exe
C:\Windows\System\RvKMMmA.exe
2⤵
PID:8124

C:\Windows\System\cCkUqTF.exe
C:\Windows\System\cCkUqTF.exe
2⤵
PID:7664

C:\Windows\System\guXvhbU.exe
C:\Windows\System\guXvhbU.exe
2⤵
PID:8040

C:\Windows\System\ZIMlnMn.exe
C:\Windows\System\ZIMlnMn.exe
2⤵
PID:7860

C:\Windows\System\LrgWtBm.exe
C:\Windows\System\LrgWtBm.exe
2⤵
PID:8048

C:\Windows\System\VABoQfx.exe
C:\Windows\System\VABoQfx.exe
2⤵
PID:7924

C:\Windows\System\aNopNdr.exe
C:\Windows\System\aNopNdr.exe
2⤵
PID:7364

C:\Windows\System\JewAnYm.exe
C:\Windows\System\JewAnYm.exe
2⤵
PID:7484

C:\Windows\System\WUmTGny.exe
C:\Windows\System\WUmTGny.exe
2⤵
PID:7328

C:\Windows\System\EJPsHLM.exe
C:\Windows\System\EJPsHLM.exe
2⤵
PID:8204

C:\Windows\System\AjrQnPi.exe
C:\Windows\System\AjrQnPi.exe
2⤵
PID:8224

C:\Windows\System\gsPxIhG.exe
C:\Windows\System\gsPxIhG.exe
2⤵
PID:8240

C:\Windows\System\lXWXJRS.exe
C:\Windows\System\lXWXJRS.exe
2⤵
PID:8256

C:\Windows\System\EjTEOcn.exe
C:\Windows\System\EjTEOcn.exe
2⤵
PID:8272

C:\Windows\System\HedvAYg.exe
C:\Windows\System\HedvAYg.exe
2⤵
PID:8304

C:\Windows\System\wdqpHSm.exe
C:\Windows\System\wdqpHSm.exe
2⤵
PID:8320

C:\Windows\System\wlOGzup.exe
C:\Windows\System\wlOGzup.exe
2⤵
PID:8340

C:\Windows\System\UBDBiws.exe
C:\Windows\System\UBDBiws.exe
2⤵
PID:8356

C:\Windows\System\zziRMKy.exe
C:\Windows\System\zziRMKy.exe
2⤵
PID:8376

C:\Windows\System\UDObnQF.exe
C:\Windows\System\UDObnQF.exe
2⤵
PID:8412

C:\Windows\System\uEHtlUH.exe
C:\Windows\System\uEHtlUH.exe
2⤵
PID:8428

C:\Windows\System\LKJThpB.exe
C:\Windows\System\LKJThpB.exe
2⤵
PID:8444

C:\Windows\System\cBBheup.exe
C:\Windows\System\cBBheup.exe
2⤵
PID:8460

C:\Windows\System\olaYZPg.exe
C:\Windows\System\olaYZPg.exe
2⤵
PID:8476

C:\Windows\System\QkjlBNk.exe
C:\Windows\System\QkjlBNk.exe
2⤵
PID:8492

C:\Windows\System\RLoaLMf.exe
C:\Windows\System\RLoaLMf.exe
2⤵
PID:8508

C:\Windows\System\wPxNgSW.exe
C:\Windows\System\wPxNgSW.exe
2⤵
PID:8532

C:\Windows\System\vHAaSTf.exe
C:\Windows\System\vHAaSTf.exe
2⤵
PID:8560

C:\Windows\System\NTEtikM.exe
C:\Windows\System\NTEtikM.exe
2⤵
PID:8588

C:\Windows\System\qJgJzEE.exe
C:\Windows\System\qJgJzEE.exe
2⤵
PID:8604

C:\Windows\System\vQCelgG.exe
C:\Windows\System\vQCelgG.exe
2⤵
PID:8620

C:\Windows\System\UppxLaq.exe
C:\Windows\System\UppxLaq.exe
2⤵
PID:8636

C:\Windows\System\lNtHGuN.exe
C:\Windows\System\lNtHGuN.exe
2⤵
PID:8656

C:\Windows\System\adFlSmy.exe
C:\Windows\System\adFlSmy.exe
2⤵
PID:8676

C:\Windows\System\gLjOqHa.exe
C:\Windows\System\gLjOqHa.exe
2⤵
PID:8696

C:\Windows\System\sAIDzgm.exe
C:\Windows\System\sAIDzgm.exe
2⤵
PID:8720

C:\Windows\System\ZnTtTVD.exe
C:\Windows\System\ZnTtTVD.exe
2⤵
PID:8736

C:\Windows\System\PjNUJER.exe
C:\Windows\System\PjNUJER.exe
2⤵
PID:8760

C:\Windows\System\kfdGLqp.exe
C:\Windows\System\kfdGLqp.exe
2⤵
PID:8776

C:\Windows\System\bzCJBPj.exe
C:\Windows\System\bzCJBPj.exe
2⤵
PID:8792

C:\Windows\System\zNcHuIR.exe
C:\Windows\System\zNcHuIR.exe
2⤵
PID:8816

C:\Windows\System\LGiTOax.exe
C:\Windows\System\LGiTOax.exe
2⤵
PID:8840

C:\Windows\System\EWVQCCK.exe
C:\Windows\System\EWVQCCK.exe
2⤵
PID:8864

C:\Windows\System\PwwTBcH.exe
C:\Windows\System\PwwTBcH.exe
2⤵
PID:8884

C:\Windows\System\uPNYVWo.exe
C:\Windows\System\uPNYVWo.exe
2⤵
PID:8904

C:\Windows\System\FvhqRaf.exe
C:\Windows\System\FvhqRaf.exe
2⤵
PID:8928

C:\Windows\System\pdKUugc.exe
C:\Windows\System\pdKUugc.exe
2⤵
PID:8948

C:\Windows\System\OUGraoG.exe
C:\Windows\System\OUGraoG.exe
2⤵
PID:8976

C:\Windows\System\Pgavakf.exe
C:\Windows\System\Pgavakf.exe
2⤵
PID:8992

C:\Windows\System\FBCBXcL.exe
C:\Windows\System\FBCBXcL.exe
2⤵
PID:9008

C:\Windows\System\CFUwpMy.exe
C:\Windows\System\CFUwpMy.exe
2⤵
PID:9032

C:\Windows\System\EHVrOgz.exe
C:\Windows\System\EHVrOgz.exe
2⤵
PID:9052

C:\Windows\System\ALCeEeR.exe
C:\Windows\System\ALCeEeR.exe
2⤵
PID:9072

C:\Windows\System\FtSifag.exe
C:\Windows\System\FtSifag.exe
2⤵
PID:9092

C:\Windows\System\flZSCKh.exe
C:\Windows\System\flZSCKh.exe
2⤵
PID:9116

C:\Windows\System\caRyBEW.exe
C:\Windows\System\caRyBEW.exe
2⤵
PID:9136

C:\Windows\System\syqTgzC.exe
C:\Windows\System\syqTgzC.exe
2⤵
PID:9156

C:\Windows\System\WgXjUkD.exe
C:\Windows\System\WgXjUkD.exe
2⤵
PID:9176

C:\Windows\System\UuzEYAi.exe
C:\Windows\System\UuzEYAi.exe
2⤵
PID:9196

C:\Windows\System\rZJMWoH.exe
C:\Windows\System\rZJMWoH.exe
2⤵
PID:8196

C:\Windows\System\HFwigny.exe
C:\Windows\System\HFwigny.exe
2⤵
PID:8264

C:\Windows\System\uqwQLXH.exe
C:\Windows\System\uqwQLXH.exe
2⤵
PID:7708

C:\Windows\System\pRJAdoU.exe
C:\Windows\System\pRJAdoU.exe
2⤵
PID:8212

C:\Windows\System\CVdUIKB.exe
C:\Windows\System\CVdUIKB.exe
2⤵
PID:8348

C:\Windows\System\NyYITNp.exe
C:\Windows\System\NyYITNp.exe
2⤵
PID:8384

C:\Windows\System\yVxmzSt.exe
C:\Windows\System\yVxmzSt.exe
2⤵
PID:8364

C:\Windows\System\lpCUhYv.exe
C:\Windows\System\lpCUhYv.exe
2⤵
PID:8404

C:\Windows\System\vGsGBqU.exe
C:\Windows\System\vGsGBqU.exe
2⤵
PID:8440

C:\Windows\System\xcQStIt.exe
C:\Windows\System\xcQStIt.exe
2⤵
PID:8540

C:\Windows\System\LpRZPcH.exe
C:\Windows\System\LpRZPcH.exe
2⤵
PID:8516

C:\Windows\System\yoDBIDD.exe
C:\Windows\System\yoDBIDD.exe
2⤵
PID:8108

C:\Windows\System\FWjtQem.exe
C:\Windows\System\FWjtQem.exe
2⤵
PID:8600

C:\Windows\System\yKslyZw.exe
C:\Windows\System\yKslyZw.exe
2⤵
PID:8668

C:\Windows\System\QWPlEtD.exe
C:\Windows\System\QWPlEtD.exe
2⤵
PID:8744

C:\Windows\System\zRKByjd.exe
C:\Windows\System\zRKByjd.exe
2⤵
PID:8824

C:\Windows\System\PylChlb.exe
C:\Windows\System\PylChlb.exe
2⤵
PID:8800

C:\Windows\System\TLQQSXr.exe
C:\Windows\System\TLQQSXr.exe
2⤵
PID:8584

C:\Windows\System\YOAJBbY.exe
C:\Windows\System\YOAJBbY.exe
2⤵
PID:8648

C:\Windows\System\SQHCKia.exe
C:\Windows\System\SQHCKia.exe
2⤵
PID:8872

C:\Windows\System\kmHIpCk.exe
C:\Windows\System\kmHIpCk.exe
2⤵
PID:8772

C:\Windows\System\tXaBByu.exe
C:\Windows\System\tXaBByu.exe
2⤵
PID:8912

C:\Windows\System\HfiqLLB.exe
C:\Windows\System\HfiqLLB.exe
2⤵
PID:8852

C:\Windows\System\bdQcebT.exe
C:\Windows\System\bdQcebT.exe
2⤵
PID:8936

C:\Windows\System\uiLVwRR.exe
C:\Windows\System\uiLVwRR.exe
2⤵
PID:8708

C:\Windows\System\yNefyWt.exe
C:\Windows\System\yNefyWt.exe
2⤵
PID:9000

C:\Windows\System\DBgmZUn.exe
C:\Windows\System\DBgmZUn.exe
2⤵
PID:9020

C:\Windows\System\ndgqCKX.exe
C:\Windows\System\ndgqCKX.exe
2⤵
PID:9068

C:\Windows\System\VRVYFeX.exe
C:\Windows\System\VRVYFeX.exe
2⤵
PID:9132

C:\Windows\System\DeMDRsy.exe
C:\Windows\System\DeMDRsy.exe
2⤵
PID:9152

C:\Windows\System\mOaYztJ.exe
C:\Windows\System\mOaYztJ.exe
2⤵
PID:9192

C:\Windows\System\lveInQW.exe
C:\Windows\System\lveInQW.exe
2⤵
PID:7604

C:\Windows\System\fYwujaF.exe
C:\Windows\System\fYwujaF.exe
2⤵
PID:8288

C:\Windows\System\rDKhOrs.exe
C:\Windows\System\rDKhOrs.exe
2⤵
PID:8280

C:\Windows\System\rgdSZcB.exe
C:\Windows\System\rgdSZcB.exe
2⤵
PID:8372

C:\Windows\System\EGDtNHy.exe
C:\Windows\System\EGDtNHy.exe
2⤵
PID:8392

C:\Windows\System\urgklvY.exe
C:\Windows\System\urgklvY.exe
2⤵
PID:8424

C:\Windows\System\RJMzuTo.exe
C:\Windows\System\RJMzuTo.exe
2⤵
PID:8484

C:\Windows\System\ookPZfh.exe
C:\Windows\System\ookPZfh.exe
2⤵
PID:8556

C:\Windows\System\lKOefKr.exe
C:\Windows\System\lKOefKr.exe
2⤵
PID:8616

C:\Windows\System\lRYpCOE.exe
C:\Windows\System\lRYpCOE.exe
2⤵
PID:8692

C:\Windows\System\iIHzDRg.exe
C:\Windows\System\iIHzDRg.exe
2⤵
PID:8808

C:\Windows\System\qGsWHYX.exe
C:\Windows\System\qGsWHYX.exe
2⤵
PID:8900

C:\Windows\System\EnaWjno.exe
C:\Windows\System\EnaWjno.exe
2⤵
PID:8956

C:\Windows\System\OZwSJFX.exe
C:\Windows\System\OZwSJFX.exe
2⤵
PID:9172

C:\Windows\System\uWiHmGz.exe
C:\Windows\System\uWiHmGz.exe
2⤵
PID:9028

C:\Windows\System\TaqCjIh.exe
C:\Windows\System\TaqCjIh.exe
2⤵
PID:9188

C:\Windows\System\NqmxMlZ.exe
C:\Windows\System\NqmxMlZ.exe
2⤵
PID:8420

C:\Windows\System\vjzfgZj.exe
C:\Windows\System\vjzfgZj.exe
2⤵
PID:9112

C:\Windows\System\qmClhvg.exe
C:\Windows\System\qmClhvg.exe
2⤵
PID:9212

C:\Windows\System\NKmlBZq.exe
C:\Windows\System\NKmlBZq.exe
2⤵
PID:8332

C:\Windows\System\CdAkVab.exe
C:\Windows\System\CdAkVab.exe
2⤵
PID:8488

C:\Windows\System\fxgpWhl.exe
C:\Windows\System\fxgpWhl.exe
2⤵
PID:8756

C:\Windows\System\FzrqqZH.exe
C:\Windows\System\FzrqqZH.exe
2⤵
PID:8836

C:\Windows\System\hnLVaIm.exe
C:\Windows\System\hnLVaIm.exe
2⤵
PID:8684

C:\Windows\System\qiHywlF.exe
C:\Windows\System\qiHywlF.exe
2⤵
PID:9044

C:\Windows\System\yVOWHeg.exe
C:\Windows\System\yVOWHeg.exe
2⤵
PID:8436

C:\Windows\System\grJnrBn.exe
C:\Windows\System\grJnrBn.exe
2⤵
PID:8312

C:\Windows\System\mObpKMW.exe
C:\Windows\System\mObpKMW.exe
2⤵
PID:8548

C:\Windows\System\fSGCoIH.exe
C:\Windows\System\fSGCoIH.exe
2⤵
PID:8712

C:\Windows\System\KkzCEmg.exe
C:\Windows\System\KkzCEmg.exe
2⤵
PID:9164

C:\Windows\System\BXuDVCJ.exe
C:\Windows\System\BXuDVCJ.exe
2⤵
PID:8788

C:\Windows\System\CGYbAAt.exe
C:\Windows\System\CGYbAAt.exe
2⤵
PID:8860

C:\Windows\System\SkaXvmh.exe
C:\Windows\System\SkaXvmh.exe
2⤵
PID:8368

C:\Windows\System\FAyTxeM.exe
C:\Windows\System\FAyTxeM.exe
2⤵
PID:8728

C:\Windows\System\THNHnse.exe
C:\Windows\System\THNHnse.exe
2⤵
PID:8472

C:\Windows\System\jWbPSAW.exe
C:\Windows\System\jWbPSAW.exe
2⤵
PID:9048

C:\Windows\System\dqqYQCI.exe
C:\Windows\System\dqqYQCI.exe
2⤵
PID:8896

C:\Windows\System\zLQavAr.exe
C:\Windows\System\zLQavAr.exe
2⤵
PID:9088

C:\Windows\System\yvZzFIj.exe
C:\Windows\System\yvZzFIj.exe
2⤵
PID:8968

C:\Windows\System\xVuzJYf.exe
C:\Windows\System\xVuzJYf.exe
2⤵
PID:8732

C:\Windows\System\ePWyPbO.exe
C:\Windows\System\ePWyPbO.exe
2⤵
PID:8292

C:\Windows\System\DtwBkcO.exe
C:\Windows\System\DtwBkcO.exe
2⤵
PID:9184

C:\Windows\System\uVsyvMg.exe
C:\Windows\System\uVsyvMg.exe
2⤵
PID:8964

C:\Windows\System\tuqQcXU.exe
C:\Windows\System\tuqQcXU.exe
2⤵
PID:8216

C:\Windows\System\AsdkORY.exe
C:\Windows\System\AsdkORY.exe
2⤵
PID:8400

C:\Windows\System\eSfGLfl.exe
C:\Windows\System\eSfGLfl.exe
2⤵
PID:8568

C:\Windows\System\chGziby.exe
C:\Windows\System\chGziby.exe
2⤵
PID:9232

C:\Windows\System\LdvVenH.exe
C:\Windows\System\LdvVenH.exe
2⤵
PID:9252

C:\Windows\System\CySzztm.exe
C:\Windows\System\CySzztm.exe
2⤵
PID:9272

C:\Windows\System\DiGSWUu.exe
C:\Windows\System\DiGSWUu.exe
2⤵
PID:9288

C:\Windows\System\YDTBGvr.exe
C:\Windows\System\YDTBGvr.exe
2⤵
PID:9308

C:\Windows\System\ocGeurx.exe
C:\Windows\System\ocGeurx.exe
2⤵
PID:9328

C:\Windows\System\ScBfVjS.exe
C:\Windows\System\ScBfVjS.exe
2⤵
PID:9348

C:\Windows\System\hjBdxng.exe
C:\Windows\System\hjBdxng.exe
2⤵
PID:9364

C:\Windows\System\YUQznll.exe
C:\Windows\System\YUQznll.exe
2⤵
PID:9380

C:\Windows\System\oisCIVe.exe
C:\Windows\System\oisCIVe.exe
2⤵
PID:9400

C:\Windows\System\nyjsSFn.exe
C:\Windows\System\nyjsSFn.exe
2⤵
PID:9416

C:\Windows\System\LEYiiyX.exe
C:\Windows\System\LEYiiyX.exe
2⤵
PID:9432

C:\Windows\System\WZJKCBV.exe
C:\Windows\System\WZJKCBV.exe
2⤵
PID:9452

C:\Windows\System\zMndHhh.exe
C:\Windows\System\zMndHhh.exe
2⤵
PID:9472

C:\Windows\System\RbCafSD.exe
C:\Windows\System\RbCafSD.exe
2⤵
PID:9496

C:\Windows\System\JdWRvfd.exe
C:\Windows\System\JdWRvfd.exe
2⤵
PID:9520

C:\Windows\System\TeoAaTC.exe
C:\Windows\System\TeoAaTC.exe
2⤵
PID:9540

C:\Windows\System\JkGCUec.exe
C:\Windows\System\JkGCUec.exe
2⤵
PID:9564

C:\Windows\System\hakHdJg.exe
C:\Windows\System\hakHdJg.exe
2⤵
PID:9580

C:\Windows\System\FoTcQmY.exe
C:\Windows\System\FoTcQmY.exe
2⤵
PID:9608

C:\Windows\System\ZspVkzf.exe
C:\Windows\System\ZspVkzf.exe
2⤵
PID:9624

C:\Windows\System\IbRjpBN.exe
C:\Windows\System\IbRjpBN.exe
2⤵
PID:9648

C:\Windows\System\IprisdH.exe
C:\Windows\System\IprisdH.exe
2⤵
PID:9668

C:\Windows\System\LMbAVOs.exe
C:\Windows\System\LMbAVOs.exe
2⤵
PID:9684

C:\Windows\System\IriZiId.exe
C:\Windows\System\IriZiId.exe
2⤵
PID:9700

C:\Windows\System\lRinlPF.exe
C:\Windows\System\lRinlPF.exe
2⤵
PID:9744

C:\Windows\System\aQymqhz.exe
C:\Windows\System\aQymqhz.exe
2⤵
PID:9760

C:\Windows\System\wCQutYf.exe
C:\Windows\System\wCQutYf.exe
2⤵
PID:9780

C:\Windows\System\EpEGGeg.exe
C:\Windows\System\EpEGGeg.exe
2⤵
PID:9796

C:\Windows\System\mtsYflv.exe
C:\Windows\System\mtsYflv.exe
2⤵
PID:9816

C:\Windows\System\HEewATg.exe
C:\Windows\System\HEewATg.exe
2⤵
PID:9832

C:\Windows\System\RbiITYu.exe
C:\Windows\System\RbiITYu.exe
2⤵
PID:9852

C:\Windows\System\IwrBiAx.exe
C:\Windows\System\IwrBiAx.exe
2⤵
PID:9872

C:\Windows\System\sIxvlqh.exe
C:\Windows\System\sIxvlqh.exe
2⤵
PID:9888

C:\Windows\System\plVEoqW.exe
C:\Windows\System\plVEoqW.exe
2⤵
PID:9904

C:\Windows\System\ZkqezGs.exe
C:\Windows\System\ZkqezGs.exe
2⤵
PID:9924

C:\Windows\System\iwvrcCU.exe
C:\Windows\System\iwvrcCU.exe
2⤵
PID:9944

C:\Windows\System\hYYIjKw.exe
C:\Windows\System\hYYIjKw.exe
2⤵
PID:9960

C:\Windows\System\WndnwrM.exe
C:\Windows\System\WndnwrM.exe
2⤵
PID:9984

C:\Windows\System\LtvXXbb.exe
C:\Windows\System\LtvXXbb.exe
2⤵
PID:10004

C:\Windows\System\qwUHKSs.exe
C:\Windows\System\qwUHKSs.exe
2⤵
PID:10044

C:\Windows\System\HjHImIq.exe
C:\Windows\System\HjHImIq.exe
2⤵
PID:10064

C:\Windows\System\ecmsMEy.exe
C:\Windows\System\ecmsMEy.exe
2⤵
PID:10080

C:\Windows\System\FhuNheK.exe
C:\Windows\System\FhuNheK.exe
2⤵
PID:10096

C:\Windows\System\NXFEXat.exe
C:\Windows\System\NXFEXat.exe
2⤵
PID:10116

C:\Windows\System\UvdZDrg.exe
C:\Windows\System\UvdZDrg.exe
2⤵
PID:10144

C:\Windows\System\pIxJfmp.exe
C:\Windows\System\pIxJfmp.exe
2⤵
PID:10160

C:\Windows\System\pWSvZxS.exe
C:\Windows\System\pWSvZxS.exe
2⤵
PID:10176

C:\Windows\System\hCeVaVV.exe
C:\Windows\System\hCeVaVV.exe
2⤵
PID:10192

C:\Windows\System\YXkhhZh.exe
C:\Windows\System\YXkhhZh.exe
2⤵
PID:10208

C:\Windows\System\dNzHflT.exe
C:\Windows\System\dNzHflT.exe
2⤵
PID:10224

C:\Windows\System\gEmBIfx.exe
C:\Windows\System\gEmBIfx.exe
2⤵
PID:8944

C:\Windows\System\HpiYYTM.exe
C:\Windows\System\HpiYYTM.exe
2⤵
PID:9280

C:\Windows\System\NBemrWU.exe
C:\Windows\System\NBemrWU.exe
2⤵
PID:9320

C:\Windows\System\jtZKEsS.exe
C:\Windows\System\jtZKEsS.exe
2⤵
PID:9392

C:\Windows\System\dYowcfF.exe
C:\Windows\System\dYowcfF.exe
2⤵
PID:9512

C:\Windows\System\WWFFTzD.exe
C:\Windows\System\WWFFTzD.exe
2⤵
PID:9552

C:\Windows\System\LiJDWCp.exe
C:\Windows\System\LiJDWCp.exe
2⤵
PID:9592

C:\Windows\System\rhbpgsY.exe
C:\Windows\System\rhbpgsY.exe
2⤵
PID:9600

C:\Windows\System\pdnbbCq.exe
C:\Windows\System\pdnbbCq.exe
2⤵
PID:9604

C:\Windows\System\wmZDyaq.exe
C:\Windows\System\wmZDyaq.exe
2⤵
PID:9640

C:\Windows\System\vLBHcPE.exe
C:\Windows\System\vLBHcPE.exe
2⤵
PID:9268

C:\Windows\System\DKbWdvj.exe
C:\Windows\System\DKbWdvj.exe
2⤵
PID:9712

C:\Windows\System\bWRtRtc.exe
C:\Windows\System\bWRtRtc.exe
2⤵
PID:9728

C:\Windows\System\sKSWWcZ.exe
C:\Windows\System\sKSWWcZ.exe
2⤵
PID:9532

C:\Windows\System\bydXMUA.exe
C:\Windows\System\bydXMUA.exe
2⤵
PID:9576

C:\Windows\System\sXzCihP.exe
C:\Windows\System\sXzCihP.exe
2⤵
PID:9660

C:\Windows\System\aAWcPbG.exe
C:\Windows\System\aAWcPbG.exe
2⤵
PID:9768

C:\Windows\System\WHiTzEu.exe
C:\Windows\System\WHiTzEu.exe
2⤵
PID:9772

C:\Windows\System\Yehoxkp.exe
C:\Windows\System\Yehoxkp.exe
2⤵
PID:9840

C:\Windows\System\dFFXgMv.exe
C:\Windows\System\dFFXgMv.exe
2⤵
PID:9880

C:\Windows\System\qXUpsuQ.exe
C:\Windows\System\qXUpsuQ.exe
2⤵
PID:9956

C:\Windows\System\tKOjmzd.exe
C:\Windows\System\tKOjmzd.exe
2⤵
PID:9976

C:\Windows\System\vXKECrZ.exe
C:\Windows\System\vXKECrZ.exe
2⤵
PID:9864

C:\Windows\System\jnYJQqX.exe
C:\Windows\System\jnYJQqX.exe
2⤵
PID:9900

C:\Windows\System\ZGrWYLJ.exe
C:\Windows\System\ZGrWYLJ.exe
2⤵
PID:10028

C:\Windows\System\XQWJDnc.exe
C:\Windows\System\XQWJDnc.exe
2⤵
PID:8752

C:\Windows\System\LCwVXba.exe
C:\Windows\System\LCwVXba.exe
2⤵
PID:10104

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BStmFwa.exe
Filesize
6.0MB

MD5
8f157017bb10efa0e6c3d751f53803bb

SHA1
53244d1b935ac541c84786ad118cf9bbc14fe343

SHA256
cee5c29db94fd408c7b8de61bda155c2be753531fa3a9fac36c293e03663a5d2

SHA512
8b117136be20bb7e43c45aaf3691dedfaec5dc95ba80a1093c1332c060b73ad814841eb03ef725653bb518aa795d576b48805a8d0e7f35a983bdec5210cb32ab

Download Submit
C:\Windows\system\DCwizvM.exe
Filesize
6.0MB

MD5
6a606095acbaec0699165e1543091c34

SHA1
45c8902639c9a3c871b40564223bbeeaa791c1c2

SHA256
993445c5560c2ea5a527e272c230fb7d51546c2d515ec5dbc8f4ad9f5c8d3b93

SHA512
6e45bd1167fb98702e81b2ba580d3ca58b34154b3f60bdd25e8350410e242efccbe7c19951ca135bb991a186bd8415741391ca75992e55b49e3d6ab6838b5cac

Download Submit
C:\Windows\system\DWDaszU.exe
Filesize
6.0MB

MD5
0d1656a63cee390414bdb05c2ce023f8

SHA1
5bc5c1c8d974e16f4b8e5757e2bdab9fcf06ba86

SHA256
5363f2cc38b589565e54449402f39459faa0de4778cfdfedac9db4d0450311a8

SHA512
1eb269e174e40cd692a51bcb27fe37df4e35f5dc7156603babe956e44565abac69ea412138db6434eaba6c036497a092e6dca393bece6f0f562b4247d10f77d0

Download Submit
C:\Windows\system\DfbwzyL.exe
Filesize
6.0MB

MD5
62e6d26f1d3ca70e5a719a0a71f6d320

SHA1
0251fe4e9f495e2a0b6238fbcfda39468b88c8af

SHA256
54a841db80bf6830fb6c4502a1a646b2fd445069ba6b9a551e11d328458c1035

SHA512
a9091f36dbc4a126651e5a1b78d04e792a79e691c6483b70e73c4b30784c8a120bbadada76dbc2bfc3cbcbfef4626825cc3c1b187da1a54a758b7fb705adbdcb

Download Submit
C:\Windows\system\EVSHVyS.exe
Filesize
6.0MB

MD5
1f85f4743dc3736ea6a144f1a57d54de

SHA1
f18c73e141969079d8f77f5f5e3d283ac04301ef

SHA256
88d0ad5a742b866dd24713667557f72f82d8e982c41b2e682071fb4e26a6311a

SHA512
19b91ed2f5ba94b33fd492d75b542eb8c91be3dd0bdd43b94ec78f479ac0030ef720a324705fa566fad02af31ba608965fd11eb1d14fbf807ab45914177d1e60

Download Submit
C:\Windows\system\MEZMAul.exe
Filesize
6.0MB

MD5
783b8b842e239988b4dc7f4b8a625be6

SHA1
9d07fb5848d40b9d9254b677a0aa8b5dc7907b06

SHA256
cf149ffc57002242207ab7f266ca635e34abd295590973df0fb6316937baf969

SHA512
6ccb5ce9a35195a79a54951633cf646a98e6a7ea115b83c1fb90b8608454b7795039069caba91c30dd013b34743171a531685349cfc4aa638af5c0e9b9434d40

Download Submit
C:\Windows\system\RwyNBuH.exe
Filesize
6.0MB

MD5
7fe784a6328e9d1c16aa3d331fc02784

SHA1
8468edc1b469223859223249cfade0bf8c3d0be8

SHA256
bade0dcb046877e621cde60873eb14958fc911c726534092fda416b66b420012

SHA512
b515567e1caed5c1eddcf5e8f77176fa9713aeb27dd6f7c26eecc2a9977e6a25d623d9cbbf254f4f315da0a8adaa1916f101115b6bcf38d06ee6ecca356515bd

Download Submit
C:\Windows\system\UJRgrbs.exe
Filesize
6.0MB

MD5
c0043f595c4c9161c0350553ff4ffab5

SHA1
f11f305dab159d716aa8e3e3e1202a63b7188eee

SHA256
5684a1eb7ab0b71c300f35cb976912e55a9a59b44a804cf68076f923fb40899a

SHA512
b7f205931dd1b9f5b6090065add37372254cc5e65221f5080c963a27bd72006cdb8bc41af5e9e444e8f4f632903bdee0e1c970e0b0c5d13da906111c79165ad2

Download Submit
C:\Windows\system\XdUmQJn.exe
Filesize
6.0MB

MD5
0819a11ff5f203807ad96a290a3a6358

SHA1
8871b5f75f9abbaca6ea32d487524ef9c7c25d56

SHA256
0bc433c092320879df34d942a4d668fa4203f488b2cc00fd5bbb31eb6fbec7d9

SHA512
9515b76131c8872b8bf444df08cc7afa8f5d48a74898eec620fc844b5b4f13244e4cc2ecdc237ba3cb02b8024496d873a4040ea5e00e599941dc9e940e2925ec

Download Submit
C:\Windows\system\XvuISTx.exe
Filesize
6.0MB

MD5
14635c8dec3901885489b6d58840ac7e

SHA1
4e34d388c280626c02a16638a7c834f2abb5bda7

SHA256
b8fe897a1824b6a4f5ed4d6b46266505239bd0a784be0d20228e4aa370913768

SHA512
e80b226e5a52919d35701322110e2911f6b9542d0c5e0f31b7ca39d75ee8da915ec9c842d2c2586df86e1d1130bb3472702c915d69d2ed99aaa2abea49b6dede

Download Submit
C:\Windows\system\aycXoZF.exe
Filesize
6.0MB

MD5
0cb7adc16139174c33384777b5513b8b

SHA1
a76f393c007b596f0c4fcb65b4a62605818c531f

SHA256
09fe12416e5eac0063988e4e610c56876048f2c6651249f1c196b51c95021b7e

SHA512
bc19c9c36043088ab3ba5ff8a0a11d8015cd21762125fc2bb9dafb236a0499bc53b12830a7bfd21b8b434e8a22c0df52263948e1d19ada3aa36d939bb7793f20

Download Submit
C:\Windows\system\faWiVHK.exe
Filesize
6.0MB

MD5
fffbe3dbe101fc546e663a348600a420

SHA1
1f216bc95838c3d6e43b4355450f8928152c37bf

SHA256
71cea36ea5e00cbf20ad35b49cc82f3e47e81499da1444a9ede70186e2bd5286

SHA512
ec9124c3b919c66c523ebe2f885bfd2a4eea7b7557ae45d98bb1452826c5cb3e82056c5bcb76d7953f9704d23087da8edcf1614a463d2f4f85e741fa12902b92

Download Submit
C:\Windows\system\gBPplpE.exe
Filesize
6.0MB

MD5
c9c3b2e0f0e1050b68f90b796b575842

SHA1
11d6445035cb999bd38c78bcf61fa6ac686c182d

SHA256
64255f80b951f55d11479c785cfba6c6257dd0b11389f8a640b2e17a6cf2b352

SHA512
eff089152baf2a0d6cc3a06cc01b3319ca8a5ac9b42d97882995f144e1a487bb5c4b4d1f5dd29e1bc24dae6408fa92c97b68874bcc5afeb0aede08a38220b556

Download Submit
C:\Windows\system\gaVLiLM.exe
Filesize
6.0MB

MD5
f2b9825caecdcc94cd347e59f587d0a8

SHA1
076f76b1b9830465b9971c9586c3ef8a84e1022d

SHA256
a6a233f10ca4979d90db215620a9d1e9043cda6bb003bdf44c48993b742a1f3b

SHA512
9198fca616c23e834ed5b26eebf16ed0e009df629f8f3893bec322e99bb5ba130a6631bc9d88ae6b515ba0b90a34c4cb9c64ca4dbca3ffe87b3b1c75515d3dcc

Download Submit
C:\Windows\system\iALpLxj.exe
Filesize
6.0MB

MD5
3ca437d39702734f9406ac24d94fcca0

SHA1
b964bb9fe7a5737e1edf102a42164b38faff4e74

SHA256
346de3d3a3189534d228a89df128047696786ed4626cdeebedd9d2822f645aeb

SHA512
e82fd1976ba6a4b19b75537becf68d563fc99a131decacd873613b8e493d5d8fbc71e462842eab805a54d77d7d8bfb6ca006b0adc477a54874bd0e0c4c8c185a

Download Submit
C:\Windows\system\kkndcwO.exe
Filesize
6.0MB

MD5
c4f5b527bec2af9f9d73480ab25357f7

SHA1
f721e646188f8f48eeb21d87907955d05e4990aa

SHA256
f072a922cc8b939ac38a8e5e49418b499902952b3c8a45d7688f088667ebbeeb

SHA512
768f6987a8e924f8e3563cf1afe42e7f07e2d9e756ebb1adbbfef1f1456cd40442807d0fe69451c7981f1890604a428272efff4389639aacab6b0d1a68a40f5d

Download Submit
C:\Windows\system\mHdXZtF.exe
Filesize
6.0MB

MD5
d685aa280f934d02b8d3c647eb071c84

SHA1
08081e21828b74a43b908a0b57818bcc2dcac53e

SHA256
11c2cd97a29513b3c44df9714573081dd9bd3d7a0a4b76ad60c860f3a7f7f138

SHA512
bae6fc668b75dfc2def8db96b43bb8cbea41e9042ac646e279711e56bd18f4a6709dc24b98096705e0aecfa30dde4ca241fd899b4621a5f9df340f5bffd7157e

Download Submit
C:\Windows\system\nLBzLEI.exe
Filesize
6.0MB

MD5
4827f29a3a7718e2050e16d5c154bad8

SHA1
8133d46ce3a9ce3f4159a1e8f521446f232c6aab

SHA256
af32dceb5ae3eeb3efab13ed6ac8f5f54921753cff96d0e0c5a4ef2ac443db3c

SHA512
610a73c79868b9264ce2f9226091278799ef6b4b634c50295d8739799a1a9081d2d53317bd6601e1489f7f5738b80468b6fa42fc625182f027114001c86ee61d

Download Submit
C:\Windows\system\qlckUXb.exe
Filesize
6.0MB

MD5
433c88040db9dbd1e9466c8e7b948545

SHA1
cdd454be49c579b1f1e0351767c0429b9ac26bdb

SHA256
fbd771716860b5a52c4af94cf892ea44884e4ccb0b0332460fe5479064e7d063

SHA512
a98ad46981dd88cde30b05c0abbbd4c2e7c673938c13c07e540e6e68d9d2e825eed600e8109465192e5edf4841779ae9c2fa610db9edd5232cde19797ff67e1b

Download Submit
C:\Windows\system\rgdrlOc.exe
Filesize
6.0MB

MD5
fba6b770b40a75591e57e2fd5e70cf24

SHA1
91eea04c179524ade5721901eb1881bc820efa7b

SHA256
9eae7c025cf405e4c1fc9e76893872f2675f96c144fb0a6e1cb305c85be9a7db

SHA512
da57b43dac1d3c8974ed7fee1af8d3c7b43202271fe94668f7829ace12d770aeb0100ac228f43cb81b11a225df265cbcdc7fb11e6333b59d6fc386e8d57c34d1

Download Submit
C:\Windows\system\tvzFxQI.exe
Filesize
6.0MB

MD5
0bb9949e660da3e3b29bf737143731ba

SHA1
0230ba2b87951522b5b1fd2dfd06842063f7c264

SHA256
ea599c7802e289c45396220466a64c9f71b3021641ffa4a6b14c521621dc51d7

SHA512
923e1dab88e7c13890bdb30b897a970a83ac38283a8a215e2eab3d10428b622c83a5788ee173aa9642fc509aaf8ff6f9f69571e21b83d85e725557413a26f7df

Download Submit
C:\Windows\system\uPtQlsR.exe
Filesize
6.0MB

MD5
f284fac4789fa9c70db44abfe0a5720d

SHA1
03d205641dbd986702086818cb76525e81abd91b

SHA256
2d5a7c44c23f62b482178c1918313ab2f4398249279365e1016a8fd8d63f543b

SHA512
2798f88772f2fc0f11037a5aed8a43706f829acd0d5ea8db37b92eb7e2f9c365b60949ac544128fce9ffdfced63cd463c72c3394cff72605bfd90bdf00adb4d0

Download Submit
C:\Windows\system\uYdAQzM.exe
Filesize
6.0MB

MD5
d8a524a85dc346aedadee4ce9593f049

SHA1
c026690ae5aaaa8be75478169bdd064445da85c7

SHA256
c17c8a9d4cacc81e3b433f04038b0eabb298c0e91de7d2223d73f6d6a38bef7c

SHA512
40063837cac653917f66461c7e592e5cdc9b1031071c9d5a747632ec01bc9016d7505aa5f505672abac13f045d3409bb435f9a29a5909fd43e6c2404f194a8ee

Download Submit
C:\Windows\system\vMYRuVX.exe
Filesize
6.0MB

MD5
335d0d61ba1cd5a1a248588c5cf2815f

SHA1
d99beb7f71dc30eb80b4df7166f57a369955c171

SHA256
9e881dfc8003abaf185c01c5a27f7e732e39a399d4aaac35faccfc9bb3f977a8

SHA512
421b4707ef48f85b40dc6ecd9f7647e2a732b45f38e5787a8881ea6af1140891fdee58e9bae214291e1b9b66436de2d76b985bef0aff4981b1fc3960ef811d86

Download Submit
C:\Windows\system\wUynFMH.exe
Filesize
6.0MB

MD5
549e0022ed71d8b3a389687f9a379668

SHA1
3d424da5d35d9adf7e627d4f37a1b97f5c251bf5

SHA256
9d76bfeb4fe26d45967cfa72524854f2d4c130eb0893a2096c77f38b1c38d7f7

SHA512
e1633ec559292325dcc17d79040eb3ca362c7bfee881bfe4d81894a4fff480f1b78c9ddfda88c46816c1f53caf251866e972caa196e774a2f5529a046ec1bde4

Download Submit
C:\Windows\system\xRUDuYk.exe
Filesize
6.0MB

MD5
39c21afda011d539a5c54e37ef520d11

SHA1
658d988e01cd56c275f4473f0d7f12a81b198521

SHA256
872b70b40a940b202067d8034fa7006f646d03fedaade168eda6a6f508305155

SHA512
a35237ba7e4b09a1da77dbf9814d5d291c2b79c71a63d0c08ecf854de4210bdf67c4718d0f0ec14ebbe73367ee75a5968131adb7fa9b9331b15bc19ef99d869c

Download Submit
C:\Windows\system\zOGizjl.exe
Filesize
6.0MB

MD5
444059c242a6e50661a874d2238bd773

SHA1
c662ffac88c1234dc11411cca55b18b7407800ad

SHA256
d1146aacbdca6edb948d470bdc67ea12d38c00c1d4a2b74d9d030dce58cf7cfa

SHA512
22d0d698105ee9b7ed440158ff9946dc4374773b0f899ca8faae397a05094f1140668145d353d2fb9659cf8a2306ab506d51e5abbb157d2d0c362059f0bf888d

Download Submit
C:\Windows\system\zTytTcX.exe
Filesize
6.0MB

MD5
7da027c007a24133fa298aa8c5d221e3

SHA1
9d6b35e233a4e95dab5602f99f0d24cb4b3bf85c

SHA256
087d536b10e30f08feface349ade5403b3595b5e1e5b0ab8eb44a650be212cf6

SHA512
4fa227eda4980108074b39559db3275ead5fba5ac081aff989309867b9c1993093423855a27a672ac75038aea9b13a3bc3b28ffe0637600522e5f083ee965733

Download Submit
\Windows\system\CYBHdPv.exe
Filesize
6.0MB

MD5
4bb86b008595021940f6bbb36591a546

SHA1
a0956d794e8c271852096c6508672cc9ff2e9f84

SHA256
5bf6fb6f5be137de00f76101be6c113c6c136f533eed9474077098046122038b

SHA512
566fd8ff8373650d9ef4ad61dd580325e14650be613bf33fce70842991448988787b7f6104359908a6e2ebca47170c80184a50b36c3144fc07dce31bbb6954b4

Download Submit
\Windows\system\LEJLSmY.exe
Filesize
6.0MB

MD5
bfd50ee7b5b7b2fd71c480181dbfe7b5

SHA1
8fc7cbd40d594f8b258eaa66311fe9d741bf5ade

SHA256
8a28f3b5cfcbb67a223a9f2b39ac45502a467d0e8f94c96d9b29018267ca46fc

SHA512
d6eba29a1316698975f6a01f8e6ca155045c3b54cdf8b03dda46c6999e934f4aca92ac296059a81ea76aef8ccf33990fd1d266ebcf47568840d22b1d35a22ee8

Download Submit
\Windows\system\aCYBVeN.exe
Filesize
6.0MB

MD5
48059b34d42f4152adf7e367e1dc4310

SHA1
b2f487f25227e73f2b24dd8d8dc055ec7d8ad5e6

SHA256
cf408cfe4f1f93eb7d0075a401160d502cafdf428f8ac1eecd8791a4bfae8835

SHA512
d802701eada27d859ef2f90146cf9dd7c84f40cdf0cc4e6e4a516bd120b9cf438b7f8a936aa2513849f021e64473d7111f618528454ede0cf7c535b942a2950e

Download Submit
\Windows\system\atKvgRh.exe
Filesize
6.0MB

MD5
983eabb2f3f7002799c98f81f8690012

SHA1
441ad17a5598bb07892994be66396f5c7cb35aee

SHA256
8c60fcfeb327a8ecae51be64b9035425e20e70359f75e2498de771608cabe075

SHA512
b01d0365cc921e3ad2ba48a42cb5362669c00d421b6c5d47dc723ce3e685cd2c8302b8de83d81becd5f2ba9e51e11406f9134db2bbdb9c38bc5076f5fd092370

Download Submit
\Windows\system\dsCtEWt.exe
Filesize
6.0MB

MD5
8e8ce55a11c6c1807072433e077ba681

SHA1
4cbe93942a17ef965d09912fdd771193847d3619

SHA256
3801870e97816bc3f9f1d5e0565d05bbcc1f474b88612df09e8c767bdcb1a06e

SHA512
b17b5e167e3abbca14dda9321e77182543cd6a357718247d488e25fe6751ecec6f16776e28a16c65e242897057154de9f77dc59e0f7ff720baafb71cee9c618e

Download Submit
memory/2148-2479-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-19-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-3983-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-3990-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2292-24-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2480-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2304-2369-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-8-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-4042-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2472-521-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2560-455-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3994-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2568-4047-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-496-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4048-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-529-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-488-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4041-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-476-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4046-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-533-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3985-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4050-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-448-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-461-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4031-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4043-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2740-467-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2796-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2780-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1604-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2920-436-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2370-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-532-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2920-527-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2776-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2811-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2806-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2801-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-440-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2792-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2790-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2786-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2920-530-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2774-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2787-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2784-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2920-471-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-495-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-520-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2920-0-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2920-483-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-457-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2920-464-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2920-451-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2920-432-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2920-12-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2968-4044-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-531-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads