Malware Analysis Report

2025-04-19 16:25

Sample ID 240522-x4ehesde6x
Target 2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike
SHA256 ba196731789fb54618e7f7e1a10938f8b0db88907409c404d4fec560d1984937
Tags
miner upx 0 xmrig cobaltstrike backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ba196731789fb54618e7f7e1a10938f8b0db88907409c404d4fec560d1984937

Threat Level: Known bad

The file 2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike was found to be: Known bad.

Malicious Activity Summary

miner upx 0 xmrig cobaltstrike backdoor trojan

XMRig Miner payload

Cobaltstrike family

Cobaltstrike

Cobalt Strike reflective loader

UPX dump on OEP (original entry point)

Xmrig family

xmrig

Detects Reflective DLL injection artifacts

Detects Reflective DLL injection artifacts

XMRig Miner payload

UPX dump on OEP (original entry point)

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-22 19:24

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike family

cobaltstrike

Detects Reflective DLL injection artifacts

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 19:24

Reported

2024-05-22 19:26

Platform

win7-20240221-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe"

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

xmrig

miner xmrig

Detects Reflective DLL injection artifacts

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\bNnNnqy.exe N/A
N/A N/A C:\Windows\System\pcRKxCx.exe N/A
N/A N/A C:\Windows\System\EdGrYEH.exe N/A
N/A N/A C:\Windows\System\cQzwueX.exe N/A
N/A N/A C:\Windows\System\rEvwqmI.exe N/A
N/A N/A C:\Windows\System\pVvtYMG.exe N/A
N/A N/A C:\Windows\System\hbGJUKt.exe N/A
N/A N/A C:\Windows\System\SZdRHlX.exe N/A
N/A N/A C:\Windows\System\JKSGNSK.exe N/A
N/A N/A C:\Windows\System\bkDMmXk.exe N/A
N/A N/A C:\Windows\System\buPnAVh.exe N/A
N/A N/A C:\Windows\System\GcYpbZM.exe N/A
N/A N/A C:\Windows\System\mNEFpUu.exe N/A
N/A N/A C:\Windows\System\sNKMNhr.exe N/A
N/A N/A C:\Windows\System\ztlqLMk.exe N/A
N/A N/A C:\Windows\System\xAAQAND.exe N/A
N/A N/A C:\Windows\System\CgrTMaP.exe N/A
N/A N/A C:\Windows\System\IytAFUE.exe N/A
N/A N/A C:\Windows\System\dhMskmg.exe N/A
N/A N/A C:\Windows\System\NOxmBJo.exe N/A
N/A N/A C:\Windows\System\JBPBGqF.exe N/A
N/A N/A C:\Windows\System\KLttbSt.exe N/A
N/A N/A C:\Windows\System\aclTUMM.exe N/A
N/A N/A C:\Windows\System\JOEXYGw.exe N/A
N/A N/A C:\Windows\System\mPVwxND.exe N/A
N/A N/A C:\Windows\System\RhPkPGl.exe N/A
N/A N/A C:\Windows\System\VJXiFyM.exe N/A
N/A N/A C:\Windows\System\jaxQklK.exe N/A
N/A N/A C:\Windows\System\yqtLCVA.exe N/A
N/A N/A C:\Windows\System\FcgAqWG.exe N/A
N/A N/A C:\Windows\System\iYAvtHv.exe N/A
N/A N/A C:\Windows\System\qlpjgYW.exe N/A
N/A N/A C:\Windows\System\pxLoizn.exe N/A
N/A N/A C:\Windows\System\ITYSVlL.exe N/A
N/A N/A C:\Windows\System\VVJinlE.exe N/A
N/A N/A C:\Windows\System\QsFaBGW.exe N/A
N/A N/A C:\Windows\System\bqdqkek.exe N/A
N/A N/A C:\Windows\System\YXDtCMD.exe N/A
N/A N/A C:\Windows\System\dbMdpIk.exe N/A
N/A N/A C:\Windows\System\ZDOGLzI.exe N/A
N/A N/A C:\Windows\System\PXFOaie.exe N/A
N/A N/A C:\Windows\System\apHvvBQ.exe N/A
N/A N/A C:\Windows\System\DApdBwx.exe N/A
N/A N/A C:\Windows\System\nzVKvQc.exe N/A
N/A N/A C:\Windows\System\yecZaHR.exe N/A
N/A N/A C:\Windows\System\rsYfqcz.exe N/A
N/A N/A C:\Windows\System\ZFYvWja.exe N/A
N/A N/A C:\Windows\System\dmTDuLz.exe N/A
N/A N/A C:\Windows\System\toLNJfu.exe N/A
N/A N/A C:\Windows\System\YzJepSe.exe N/A
N/A N/A C:\Windows\System\wuXlTSR.exe N/A
N/A N/A C:\Windows\System\PAeaUuP.exe N/A
N/A N/A C:\Windows\System\YBmkKNS.exe N/A
N/A N/A C:\Windows\System\eladJuz.exe N/A
N/A N/A C:\Windows\System\dghvgDX.exe N/A
N/A N/A C:\Windows\System\aXzJbup.exe N/A
N/A N/A C:\Windows\System\dviwAQz.exe N/A
N/A N/A C:\Windows\System\eGrtdBX.exe N/A
N/A N/A C:\Windows\System\PHiEiPr.exe N/A
N/A N/A C:\Windows\System\DIoXlJt.exe N/A
N/A N/A C:\Windows\System\OlXpqQs.exe N/A
N/A N/A C:\Windows\System\tTVAdKk.exe N/A
N/A N/A C:\Windows\System\dXwzqrT.exe N/A
N/A N/A C:\Windows\System\rQmZuxs.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\YprmAiH.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\bfuZTZg.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\KHayNvV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\dLRkocb.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TtaHaNM.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\SfuFJCo.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\iGKUHNC.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\OeUnYsA.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\WKCMtNR.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\LztsHJV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TFGNuwx.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\CfXNUrt.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\xQNHPdd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kKWwSWd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\SPvrUNr.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\xXTROYq.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\JuoYPhW.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\uditTfa.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\bSQWMBW.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\lbqxQBu.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TbHvxZW.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rgCxpsm.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\UTgRArw.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rpYgpSO.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\AxOVtHw.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\GlAqUNV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\jqjVIWX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rtXrDKC.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\wbMtdZE.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\yMHkYzX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\NCrORkM.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ARsYcNg.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\DHDmtoX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\fMzqeri.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\cfjDZce.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\bkQsZAy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\iPNpSII.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\avHGbSJ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\hUlphme.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\zeYZMCx.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\OCjbuvJ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\iYAvtHv.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\toLNJfu.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\QMgwfQk.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\Quppqds.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vCAjVXb.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\EoLsnxS.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TNfYqIG.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\SvbVLnP.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\zeWWITT.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\dbMdpIk.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\NkpFxAC.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vWWgmqD.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\JHZkQTM.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\lIvFAuv.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\SCAfPyU.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\tTpEMee.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rxOCgMy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\SsmgOlO.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\tKDGBkd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\GpLDind.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TfxVMTd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\sqyCHoK.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\wyTpqKb.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2000 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\bNnNnqy.exe
PID 2000 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\bNnNnqy.exe
PID 2000 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\bNnNnqy.exe
PID 2000 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\pcRKxCx.exe
PID 2000 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\pcRKxCx.exe
PID 2000 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\pcRKxCx.exe
PID 2000 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\EdGrYEH.exe
PID 2000 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\EdGrYEH.exe
PID 2000 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\EdGrYEH.exe
PID 2000 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\cQzwueX.exe
PID 2000 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\cQzwueX.exe
PID 2000 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\cQzwueX.exe
PID 2000 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\rEvwqmI.exe
PID 2000 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\rEvwqmI.exe
PID 2000 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\rEvwqmI.exe
PID 2000 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\JKSGNSK.exe
PID 2000 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\JKSGNSK.exe
PID 2000 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\JKSGNSK.exe
PID 2000 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\pVvtYMG.exe
PID 2000 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\pVvtYMG.exe
PID 2000 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\pVvtYMG.exe
PID 2000 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\bkDMmXk.exe
PID 2000 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\bkDMmXk.exe
PID 2000 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\bkDMmXk.exe
PID 2000 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\hbGJUKt.exe
PID 2000 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\hbGJUKt.exe
PID 2000 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\hbGJUKt.exe
PID 2000 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\GcYpbZM.exe
PID 2000 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\GcYpbZM.exe
PID 2000 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\GcYpbZM.exe
PID 2000 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\SZdRHlX.exe
PID 2000 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\SZdRHlX.exe
PID 2000 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\SZdRHlX.exe
PID 2000 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\mNEFpUu.exe
PID 2000 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\mNEFpUu.exe
PID 2000 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\mNEFpUu.exe
PID 2000 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\buPnAVh.exe
PID 2000 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\buPnAVh.exe
PID 2000 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\buPnAVh.exe
PID 2000 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\sNKMNhr.exe
PID 2000 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\sNKMNhr.exe
PID 2000 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\sNKMNhr.exe
PID 2000 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\ztlqLMk.exe
PID 2000 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\ztlqLMk.exe
PID 2000 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\ztlqLMk.exe
PID 2000 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\xAAQAND.exe
PID 2000 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\xAAQAND.exe
PID 2000 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\xAAQAND.exe
PID 2000 wrote to memory of 300 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\CgrTMaP.exe
PID 2000 wrote to memory of 300 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\CgrTMaP.exe
PID 2000 wrote to memory of 300 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\CgrTMaP.exe
PID 2000 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\IytAFUE.exe
PID 2000 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\IytAFUE.exe
PID 2000 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\IytAFUE.exe
PID 2000 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\dhMskmg.exe
PID 2000 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\dhMskmg.exe
PID 2000 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\dhMskmg.exe
PID 2000 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\NOxmBJo.exe
PID 2000 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\NOxmBJo.exe
PID 2000 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\NOxmBJo.exe
PID 2000 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\JBPBGqF.exe
PID 2000 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\JBPBGqF.exe
PID 2000 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\JBPBGqF.exe
PID 2000 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe C:\Windows\System\KLttbSt.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe"

C:\Windows\System\bNnNnqy.exe

C:\Windows\System\bNnNnqy.exe

C:\Windows\System\pcRKxCx.exe

C:\Windows\System\pcRKxCx.exe

C:\Windows\System\EdGrYEH.exe

C:\Windows\System\EdGrYEH.exe

C:\Windows\System\cQzwueX.exe

C:\Windows\System\cQzwueX.exe

C:\Windows\System\rEvwqmI.exe

C:\Windows\System\rEvwqmI.exe

C:\Windows\System\JKSGNSK.exe

C:\Windows\System\JKSGNSK.exe

C:\Windows\System\pVvtYMG.exe

C:\Windows\System\pVvtYMG.exe

C:\Windows\System\bkDMmXk.exe

C:\Windows\System\bkDMmXk.exe

C:\Windows\System\hbGJUKt.exe

C:\Windows\System\hbGJUKt.exe

C:\Windows\System\GcYpbZM.exe

C:\Windows\System\GcYpbZM.exe

C:\Windows\System\SZdRHlX.exe

C:\Windows\System\SZdRHlX.exe

C:\Windows\System\mNEFpUu.exe

C:\Windows\System\mNEFpUu.exe

C:\Windows\System\buPnAVh.exe

C:\Windows\System\buPnAVh.exe

C:\Windows\System\sNKMNhr.exe

C:\Windows\System\sNKMNhr.exe

C:\Windows\System\ztlqLMk.exe

C:\Windows\System\ztlqLMk.exe

C:\Windows\System\xAAQAND.exe

C:\Windows\System\xAAQAND.exe

C:\Windows\System\CgrTMaP.exe

C:\Windows\System\CgrTMaP.exe

C:\Windows\System\IytAFUE.exe

C:\Windows\System\IytAFUE.exe

C:\Windows\System\dhMskmg.exe

C:\Windows\System\dhMskmg.exe

C:\Windows\System\NOxmBJo.exe

C:\Windows\System\NOxmBJo.exe

C:\Windows\System\JBPBGqF.exe

C:\Windows\System\JBPBGqF.exe

C:\Windows\System\KLttbSt.exe

C:\Windows\System\KLttbSt.exe

C:\Windows\System\aclTUMM.exe

C:\Windows\System\aclTUMM.exe

C:\Windows\System\JOEXYGw.exe

C:\Windows\System\JOEXYGw.exe

C:\Windows\System\mPVwxND.exe

C:\Windows\System\mPVwxND.exe

C:\Windows\System\qlpjgYW.exe

C:\Windows\System\qlpjgYW.exe

C:\Windows\System\RhPkPGl.exe

C:\Windows\System\RhPkPGl.exe

C:\Windows\System\pxLoizn.exe

C:\Windows\System\pxLoizn.exe

C:\Windows\System\VJXiFyM.exe

C:\Windows\System\VJXiFyM.exe

C:\Windows\System\ITYSVlL.exe

C:\Windows\System\ITYSVlL.exe

C:\Windows\System\jaxQklK.exe

C:\Windows\System\jaxQklK.exe

C:\Windows\System\VVJinlE.exe

C:\Windows\System\VVJinlE.exe

C:\Windows\System\yqtLCVA.exe

C:\Windows\System\yqtLCVA.exe

C:\Windows\System\QsFaBGW.exe

C:\Windows\System\QsFaBGW.exe

C:\Windows\System\FcgAqWG.exe

C:\Windows\System\FcgAqWG.exe

C:\Windows\System\bqdqkek.exe

C:\Windows\System\bqdqkek.exe

C:\Windows\System\iYAvtHv.exe

C:\Windows\System\iYAvtHv.exe

C:\Windows\System\YXDtCMD.exe

C:\Windows\System\YXDtCMD.exe

C:\Windows\System\dbMdpIk.exe

C:\Windows\System\dbMdpIk.exe

C:\Windows\System\ZDOGLzI.exe

C:\Windows\System\ZDOGLzI.exe

C:\Windows\System\PXFOaie.exe

C:\Windows\System\PXFOaie.exe

C:\Windows\System\apHvvBQ.exe

C:\Windows\System\apHvvBQ.exe

C:\Windows\System\DApdBwx.exe

C:\Windows\System\DApdBwx.exe

C:\Windows\System\nzVKvQc.exe

C:\Windows\System\nzVKvQc.exe

C:\Windows\System\yecZaHR.exe

C:\Windows\System\yecZaHR.exe

C:\Windows\System\dmTDuLz.exe

C:\Windows\System\dmTDuLz.exe

C:\Windows\System\rsYfqcz.exe

C:\Windows\System\rsYfqcz.exe

C:\Windows\System\YzJepSe.exe

C:\Windows\System\YzJepSe.exe

C:\Windows\System\ZFYvWja.exe

C:\Windows\System\ZFYvWja.exe

C:\Windows\System\PAeaUuP.exe

C:\Windows\System\PAeaUuP.exe

C:\Windows\System\toLNJfu.exe

C:\Windows\System\toLNJfu.exe

C:\Windows\System\YBmkKNS.exe

C:\Windows\System\YBmkKNS.exe

C:\Windows\System\wuXlTSR.exe

C:\Windows\System\wuXlTSR.exe

C:\Windows\System\dghvgDX.exe

C:\Windows\System\dghvgDX.exe

C:\Windows\System\eladJuz.exe

C:\Windows\System\eladJuz.exe

C:\Windows\System\aXzJbup.exe

C:\Windows\System\aXzJbup.exe

C:\Windows\System\dviwAQz.exe

C:\Windows\System\dviwAQz.exe

C:\Windows\System\eGrtdBX.exe

C:\Windows\System\eGrtdBX.exe

C:\Windows\System\PHiEiPr.exe

C:\Windows\System\PHiEiPr.exe

C:\Windows\System\tTVAdKk.exe

C:\Windows\System\tTVAdKk.exe

C:\Windows\System\DIoXlJt.exe

C:\Windows\System\DIoXlJt.exe

C:\Windows\System\dXwzqrT.exe

C:\Windows\System\dXwzqrT.exe

C:\Windows\System\OlXpqQs.exe

C:\Windows\System\OlXpqQs.exe

C:\Windows\System\rQmZuxs.exe

C:\Windows\System\rQmZuxs.exe

C:\Windows\System\WlHPECo.exe

C:\Windows\System\WlHPECo.exe

C:\Windows\System\fyUosWD.exe

C:\Windows\System\fyUosWD.exe

C:\Windows\System\hekdmwC.exe

C:\Windows\System\hekdmwC.exe

C:\Windows\System\KFJjAVG.exe

C:\Windows\System\KFJjAVG.exe

C:\Windows\System\kKWwSWd.exe

C:\Windows\System\kKWwSWd.exe

C:\Windows\System\QlSjLFm.exe

C:\Windows\System\QlSjLFm.exe

C:\Windows\System\cavYhei.exe

C:\Windows\System\cavYhei.exe

C:\Windows\System\ZxwybrS.exe

C:\Windows\System\ZxwybrS.exe

C:\Windows\System\mGAKhxS.exe

C:\Windows\System\mGAKhxS.exe

C:\Windows\System\xSJJCcy.exe

C:\Windows\System\xSJJCcy.exe

C:\Windows\System\KElrAlz.exe

C:\Windows\System\KElrAlz.exe

C:\Windows\System\QlUQWZz.exe

C:\Windows\System\QlUQWZz.exe

C:\Windows\System\nsbTZoR.exe

C:\Windows\System\nsbTZoR.exe

C:\Windows\System\PSLuTLN.exe

C:\Windows\System\PSLuTLN.exe

C:\Windows\System\xSARyNh.exe

C:\Windows\System\xSARyNh.exe

C:\Windows\System\UtZdtqq.exe

C:\Windows\System\UtZdtqq.exe

C:\Windows\System\nbTNlsE.exe

C:\Windows\System\nbTNlsE.exe

C:\Windows\System\ffmObAc.exe

C:\Windows\System\ffmObAc.exe

C:\Windows\System\nbiwPMi.exe

C:\Windows\System\nbiwPMi.exe

C:\Windows\System\fXFjBdP.exe

C:\Windows\System\fXFjBdP.exe

C:\Windows\System\aCmtjBW.exe

C:\Windows\System\aCmtjBW.exe

C:\Windows\System\HdmFiUU.exe

C:\Windows\System\HdmFiUU.exe

C:\Windows\System\wJeqGrr.exe

C:\Windows\System\wJeqGrr.exe

C:\Windows\System\bSQWMBW.exe

C:\Windows\System\bSQWMBW.exe

C:\Windows\System\kFYSLtX.exe

C:\Windows\System\kFYSLtX.exe

C:\Windows\System\VviNOkT.exe

C:\Windows\System\VviNOkT.exe

C:\Windows\System\OsToMbb.exe

C:\Windows\System\OsToMbb.exe

C:\Windows\System\ORkMVsg.exe

C:\Windows\System\ORkMVsg.exe

C:\Windows\System\CrpWNAF.exe

C:\Windows\System\CrpWNAF.exe

C:\Windows\System\uDPFgDU.exe

C:\Windows\System\uDPFgDU.exe

C:\Windows\System\mixMMCJ.exe

C:\Windows\System\mixMMCJ.exe

C:\Windows\System\rIgGSab.exe

C:\Windows\System\rIgGSab.exe

C:\Windows\System\bRDDCJJ.exe

C:\Windows\System\bRDDCJJ.exe

C:\Windows\System\CaPKgsF.exe

C:\Windows\System\CaPKgsF.exe

C:\Windows\System\MaFhsYe.exe

C:\Windows\System\MaFhsYe.exe

C:\Windows\System\mmBrgSd.exe

C:\Windows\System\mmBrgSd.exe

C:\Windows\System\EhvsPqW.exe

C:\Windows\System\EhvsPqW.exe

C:\Windows\System\NSlzHTS.exe

C:\Windows\System\NSlzHTS.exe

C:\Windows\System\DCEQXKF.exe

C:\Windows\System\DCEQXKF.exe

C:\Windows\System\WoSrPgd.exe

C:\Windows\System\WoSrPgd.exe

C:\Windows\System\WbjLvYc.exe

C:\Windows\System\WbjLvYc.exe

C:\Windows\System\hZaMLHV.exe

C:\Windows\System\hZaMLHV.exe

C:\Windows\System\vZOMbkX.exe

C:\Windows\System\vZOMbkX.exe

C:\Windows\System\FQVVBPe.exe

C:\Windows\System\FQVVBPe.exe

C:\Windows\System\oZzMDfx.exe

C:\Windows\System\oZzMDfx.exe

C:\Windows\System\TkMhkrS.exe

C:\Windows\System\TkMhkrS.exe

C:\Windows\System\exKkQSW.exe

C:\Windows\System\exKkQSW.exe

C:\Windows\System\oeccAqP.exe

C:\Windows\System\oeccAqP.exe

C:\Windows\System\gDSYCWx.exe

C:\Windows\System\gDSYCWx.exe

C:\Windows\System\cxafWve.exe

C:\Windows\System\cxafWve.exe

C:\Windows\System\HPEBcSV.exe

C:\Windows\System\HPEBcSV.exe

C:\Windows\System\Tpxrllg.exe

C:\Windows\System\Tpxrllg.exe

C:\Windows\System\tccpqjw.exe

C:\Windows\System\tccpqjw.exe

C:\Windows\System\sObVdhU.exe

C:\Windows\System\sObVdhU.exe

C:\Windows\System\UoXkofz.exe

C:\Windows\System\UoXkofz.exe

C:\Windows\System\zjuWKaM.exe

C:\Windows\System\zjuWKaM.exe

C:\Windows\System\MGoKLuo.exe

C:\Windows\System\MGoKLuo.exe

C:\Windows\System\zeRAkgW.exe

C:\Windows\System\zeRAkgW.exe

C:\Windows\System\loDJInf.exe

C:\Windows\System\loDJInf.exe

C:\Windows\System\lIWgpBu.exe

C:\Windows\System\lIWgpBu.exe

C:\Windows\System\qTWytUm.exe

C:\Windows\System\qTWytUm.exe

C:\Windows\System\KxnKJvV.exe

C:\Windows\System\KxnKJvV.exe

C:\Windows\System\XBFtoxj.exe

C:\Windows\System\XBFtoxj.exe

C:\Windows\System\apqeqYp.exe

C:\Windows\System\apqeqYp.exe

C:\Windows\System\tjbajeE.exe

C:\Windows\System\tjbajeE.exe

C:\Windows\System\LgUXGFy.exe

C:\Windows\System\LgUXGFy.exe

C:\Windows\System\jcfRXrO.exe

C:\Windows\System\jcfRXrO.exe

C:\Windows\System\DUUmUtS.exe

C:\Windows\System\DUUmUtS.exe

C:\Windows\System\rxOCgMy.exe

C:\Windows\System\rxOCgMy.exe

C:\Windows\System\LQXvLck.exe

C:\Windows\System\LQXvLck.exe

C:\Windows\System\OijmTSs.exe

C:\Windows\System\OijmTSs.exe

C:\Windows\System\YDwuzxv.exe

C:\Windows\System\YDwuzxv.exe

C:\Windows\System\xCivuOw.exe

C:\Windows\System\xCivuOw.exe

C:\Windows\System\xUpzfZF.exe

C:\Windows\System\xUpzfZF.exe

C:\Windows\System\DHLbjEG.exe

C:\Windows\System\DHLbjEG.exe

C:\Windows\System\BsvfVGG.exe

C:\Windows\System\BsvfVGG.exe

C:\Windows\System\kgEICxW.exe

C:\Windows\System\kgEICxW.exe

C:\Windows\System\RBxEhql.exe

C:\Windows\System\RBxEhql.exe

C:\Windows\System\qeAUzzA.exe

C:\Windows\System\qeAUzzA.exe

C:\Windows\System\giRLSuZ.exe

C:\Windows\System\giRLSuZ.exe

C:\Windows\System\TgbjAgy.exe

C:\Windows\System\TgbjAgy.exe

C:\Windows\System\nIiRwzP.exe

C:\Windows\System\nIiRwzP.exe

C:\Windows\System\rqamNtV.exe

C:\Windows\System\rqamNtV.exe

C:\Windows\System\DDdgbek.exe

C:\Windows\System\DDdgbek.exe

C:\Windows\System\UGcSIGr.exe

C:\Windows\System\UGcSIGr.exe

C:\Windows\System\POyxWCI.exe

C:\Windows\System\POyxWCI.exe

C:\Windows\System\FtzROul.exe

C:\Windows\System\FtzROul.exe

C:\Windows\System\OOVeOHV.exe

C:\Windows\System\OOVeOHV.exe

C:\Windows\System\CdjIGJR.exe

C:\Windows\System\CdjIGJR.exe

C:\Windows\System\WiJZzKk.exe

C:\Windows\System\WiJZzKk.exe

C:\Windows\System\AsxaYTw.exe

C:\Windows\System\AsxaYTw.exe

C:\Windows\System\eTIwRBi.exe

C:\Windows\System\eTIwRBi.exe

C:\Windows\System\DiVkEVq.exe

C:\Windows\System\DiVkEVq.exe

C:\Windows\System\XSBEolX.exe

C:\Windows\System\XSBEolX.exe

C:\Windows\System\FBtysXC.exe

C:\Windows\System\FBtysXC.exe

C:\Windows\System\fsVcgMi.exe

C:\Windows\System\fsVcgMi.exe

C:\Windows\System\Lvmbees.exe

C:\Windows\System\Lvmbees.exe

C:\Windows\System\UQbwuUr.exe

C:\Windows\System\UQbwuUr.exe

C:\Windows\System\AkDEwQG.exe

C:\Windows\System\AkDEwQG.exe

C:\Windows\System\oYRsWil.exe

C:\Windows\System\oYRsWil.exe

C:\Windows\System\zyxSzcW.exe

C:\Windows\System\zyxSzcW.exe

C:\Windows\System\dTIdRPn.exe

C:\Windows\System\dTIdRPn.exe

C:\Windows\System\tPAyGvc.exe

C:\Windows\System\tPAyGvc.exe

C:\Windows\System\vKEOSjL.exe

C:\Windows\System\vKEOSjL.exe

C:\Windows\System\JZxfGDI.exe

C:\Windows\System\JZxfGDI.exe

C:\Windows\System\lCfvOAu.exe

C:\Windows\System\lCfvOAu.exe

C:\Windows\System\FHtZgOk.exe

C:\Windows\System\FHtZgOk.exe

C:\Windows\System\pAIQkLW.exe

C:\Windows\System\pAIQkLW.exe

C:\Windows\System\ERDkHOW.exe

C:\Windows\System\ERDkHOW.exe

C:\Windows\System\VtBzzIH.exe

C:\Windows\System\VtBzzIH.exe

C:\Windows\System\QMgwfQk.exe

C:\Windows\System\QMgwfQk.exe

C:\Windows\System\wJRHuuw.exe

C:\Windows\System\wJRHuuw.exe

C:\Windows\System\ecoorSW.exe

C:\Windows\System\ecoorSW.exe

C:\Windows\System\PHZhOPG.exe

C:\Windows\System\PHZhOPG.exe

C:\Windows\System\VifWlEH.exe

C:\Windows\System\VifWlEH.exe

C:\Windows\System\aQPqGmE.exe

C:\Windows\System\aQPqGmE.exe

C:\Windows\System\XQTrAIQ.exe

C:\Windows\System\XQTrAIQ.exe

C:\Windows\System\uWuzQnU.exe

C:\Windows\System\uWuzQnU.exe

C:\Windows\System\kpUiEFF.exe

C:\Windows\System\kpUiEFF.exe

C:\Windows\System\IYupAle.exe

C:\Windows\System\IYupAle.exe

C:\Windows\System\xkvMbOv.exe

C:\Windows\System\xkvMbOv.exe

C:\Windows\System\QvikvpJ.exe

C:\Windows\System\QvikvpJ.exe

C:\Windows\System\AmVzSei.exe

C:\Windows\System\AmVzSei.exe

C:\Windows\System\sYvkdVm.exe

C:\Windows\System\sYvkdVm.exe

C:\Windows\System\hCBDbbw.exe

C:\Windows\System\hCBDbbw.exe

C:\Windows\System\flZMxQK.exe

C:\Windows\System\flZMxQK.exe

C:\Windows\System\vfLyzqr.exe

C:\Windows\System\vfLyzqr.exe

C:\Windows\System\OvdkWSG.exe

C:\Windows\System\OvdkWSG.exe

C:\Windows\System\TBrzGvd.exe

C:\Windows\System\TBrzGvd.exe

C:\Windows\System\EvrgXqZ.exe

C:\Windows\System\EvrgXqZ.exe

C:\Windows\System\BuRSnku.exe

C:\Windows\System\BuRSnku.exe

C:\Windows\System\rmmUMxd.exe

C:\Windows\System\rmmUMxd.exe

C:\Windows\System\ucwNCBo.exe

C:\Windows\System\ucwNCBo.exe

C:\Windows\System\sNDKrcM.exe

C:\Windows\System\sNDKrcM.exe

C:\Windows\System\oxYTqig.exe

C:\Windows\System\oxYTqig.exe

C:\Windows\System\TRpgNSE.exe

C:\Windows\System\TRpgNSE.exe

C:\Windows\System\TeQnGHN.exe

C:\Windows\System\TeQnGHN.exe

C:\Windows\System\pvnjzCY.exe

C:\Windows\System\pvnjzCY.exe

C:\Windows\System\pQAFKaG.exe

C:\Windows\System\pQAFKaG.exe

C:\Windows\System\NNLCZlz.exe

C:\Windows\System\NNLCZlz.exe

C:\Windows\System\iIEjtNi.exe

C:\Windows\System\iIEjtNi.exe

C:\Windows\System\eHiVQVD.exe

C:\Windows\System\eHiVQVD.exe

C:\Windows\System\GlAqUNV.exe

C:\Windows\System\GlAqUNV.exe

C:\Windows\System\VEzfVNI.exe

C:\Windows\System\VEzfVNI.exe

C:\Windows\System\HoDdvwW.exe

C:\Windows\System\HoDdvwW.exe

C:\Windows\System\gCHecEj.exe

C:\Windows\System\gCHecEj.exe

C:\Windows\System\UZYCSYs.exe

C:\Windows\System\UZYCSYs.exe

C:\Windows\System\vNGkizM.exe

C:\Windows\System\vNGkizM.exe

C:\Windows\System\HcYdTRd.exe

C:\Windows\System\HcYdTRd.exe

C:\Windows\System\fWvNLpX.exe

C:\Windows\System\fWvNLpX.exe

C:\Windows\System\ZnJoDbo.exe

C:\Windows\System\ZnJoDbo.exe

C:\Windows\System\GgJUgfX.exe

C:\Windows\System\GgJUgfX.exe

C:\Windows\System\MISpSrO.exe

C:\Windows\System\MISpSrO.exe

C:\Windows\System\kFDObrN.exe

C:\Windows\System\kFDObrN.exe

C:\Windows\System\kAkhqRa.exe

C:\Windows\System\kAkhqRa.exe

C:\Windows\System\QMVLOIL.exe

C:\Windows\System\QMVLOIL.exe

C:\Windows\System\dRkzidT.exe

C:\Windows\System\dRkzidT.exe

C:\Windows\System\rYfSYpF.exe

C:\Windows\System\rYfSYpF.exe

C:\Windows\System\SSRsKoq.exe

C:\Windows\System\SSRsKoq.exe

C:\Windows\System\vQpzROl.exe

C:\Windows\System\vQpzROl.exe

C:\Windows\System\LooDIjx.exe

C:\Windows\System\LooDIjx.exe

C:\Windows\System\zDtXSfe.exe

C:\Windows\System\zDtXSfe.exe

C:\Windows\System\ueAEEzC.exe

C:\Windows\System\ueAEEzC.exe

C:\Windows\System\mxyQRyL.exe

C:\Windows\System\mxyQRyL.exe

C:\Windows\System\cIcvekB.exe

C:\Windows\System\cIcvekB.exe

C:\Windows\System\QPOSkTq.exe

C:\Windows\System\QPOSkTq.exe

C:\Windows\System\KnZjmOd.exe

C:\Windows\System\KnZjmOd.exe

C:\Windows\System\lIpHJJI.exe

C:\Windows\System\lIpHJJI.exe

C:\Windows\System\nebXiTh.exe

C:\Windows\System\nebXiTh.exe

C:\Windows\System\OIWHoHH.exe

C:\Windows\System\OIWHoHH.exe

C:\Windows\System\QJXYFDG.exe

C:\Windows\System\QJXYFDG.exe

C:\Windows\System\FGgaojN.exe

C:\Windows\System\FGgaojN.exe

C:\Windows\System\AqGieTS.exe

C:\Windows\System\AqGieTS.exe

C:\Windows\System\uYDsDxi.exe

C:\Windows\System\uYDsDxi.exe

C:\Windows\System\aCGtzrx.exe

C:\Windows\System\aCGtzrx.exe

C:\Windows\System\KWIAXAZ.exe

C:\Windows\System\KWIAXAZ.exe

C:\Windows\System\rIbTheG.exe

C:\Windows\System\rIbTheG.exe

C:\Windows\System\fxhBeCO.exe

C:\Windows\System\fxhBeCO.exe

C:\Windows\System\ptwYCci.exe

C:\Windows\System\ptwYCci.exe

C:\Windows\System\jOlcTMa.exe

C:\Windows\System\jOlcTMa.exe

C:\Windows\System\XjrDRTn.exe

C:\Windows\System\XjrDRTn.exe

C:\Windows\System\zhZALPR.exe

C:\Windows\System\zhZALPR.exe

C:\Windows\System\IJVdNEC.exe

C:\Windows\System\IJVdNEC.exe

C:\Windows\System\PRJONfY.exe

C:\Windows\System\PRJONfY.exe

C:\Windows\System\SVvZsVx.exe

C:\Windows\System\SVvZsVx.exe

C:\Windows\System\HJUateA.exe

C:\Windows\System\HJUateA.exe

C:\Windows\System\IRqDafC.exe

C:\Windows\System\IRqDafC.exe

C:\Windows\System\eKPPbZQ.exe

C:\Windows\System\eKPPbZQ.exe

C:\Windows\System\uVSZFcl.exe

C:\Windows\System\uVSZFcl.exe

C:\Windows\System\SUfeqGt.exe

C:\Windows\System\SUfeqGt.exe

C:\Windows\System\ScJaUQS.exe

C:\Windows\System\ScJaUQS.exe

C:\Windows\System\XFdVtHj.exe

C:\Windows\System\XFdVtHj.exe

C:\Windows\System\PtgtWdV.exe

C:\Windows\System\PtgtWdV.exe

C:\Windows\System\umUeEvE.exe

C:\Windows\System\umUeEvE.exe

C:\Windows\System\hFZxThW.exe

C:\Windows\System\hFZxThW.exe

C:\Windows\System\yilKiWm.exe

C:\Windows\System\yilKiWm.exe

C:\Windows\System\LYtbDdu.exe

C:\Windows\System\LYtbDdu.exe

C:\Windows\System\NwEKtIO.exe

C:\Windows\System\NwEKtIO.exe

C:\Windows\System\cKMhPnW.exe

C:\Windows\System\cKMhPnW.exe

C:\Windows\System\sfovQpi.exe

C:\Windows\System\sfovQpi.exe

C:\Windows\System\xwOPmVk.exe

C:\Windows\System\xwOPmVk.exe

C:\Windows\System\XHHYLMf.exe

C:\Windows\System\XHHYLMf.exe

C:\Windows\System\YkGhwKZ.exe

C:\Windows\System\YkGhwKZ.exe

C:\Windows\System\oJDEevD.exe

C:\Windows\System\oJDEevD.exe

C:\Windows\System\SJCwIcq.exe

C:\Windows\System\SJCwIcq.exe

C:\Windows\System\HYkexwk.exe

C:\Windows\System\HYkexwk.exe

C:\Windows\System\lDQgisc.exe

C:\Windows\System\lDQgisc.exe

C:\Windows\System\HSnpoTT.exe

C:\Windows\System\HSnpoTT.exe

C:\Windows\System\dHLuYlB.exe

C:\Windows\System\dHLuYlB.exe

C:\Windows\System\uhvhswH.exe

C:\Windows\System\uhvhswH.exe

C:\Windows\System\OesouCn.exe

C:\Windows\System\OesouCn.exe

C:\Windows\System\KGOQhJJ.exe

C:\Windows\System\KGOQhJJ.exe

C:\Windows\System\zeWWisb.exe

C:\Windows\System\zeWWisb.exe

C:\Windows\System\NYvMVsr.exe

C:\Windows\System\NYvMVsr.exe

C:\Windows\System\IEemkkS.exe

C:\Windows\System\IEemkkS.exe

C:\Windows\System\DVzMBOS.exe

C:\Windows\System\DVzMBOS.exe

C:\Windows\System\cqBmgRU.exe

C:\Windows\System\cqBmgRU.exe

C:\Windows\System\gNOxnei.exe

C:\Windows\System\gNOxnei.exe

C:\Windows\System\slqmkmU.exe

C:\Windows\System\slqmkmU.exe

C:\Windows\System\yjWDEqq.exe

C:\Windows\System\yjWDEqq.exe

C:\Windows\System\xZkgcDx.exe

C:\Windows\System\xZkgcDx.exe

C:\Windows\System\qNSAKpl.exe

C:\Windows\System\qNSAKpl.exe

C:\Windows\System\PnBCROs.exe

C:\Windows\System\PnBCROs.exe

C:\Windows\System\FQiQCGE.exe

C:\Windows\System\FQiQCGE.exe

C:\Windows\System\pzainlI.exe

C:\Windows\System\pzainlI.exe

C:\Windows\System\gjBYqdJ.exe

C:\Windows\System\gjBYqdJ.exe

C:\Windows\System\shjCrBq.exe

C:\Windows\System\shjCrBq.exe

C:\Windows\System\qpGAVDP.exe

C:\Windows\System\qpGAVDP.exe

C:\Windows\System\ZeKFxvN.exe

C:\Windows\System\ZeKFxvN.exe

C:\Windows\System\uGdgJEY.exe

C:\Windows\System\uGdgJEY.exe

C:\Windows\System\eqRwjpU.exe

C:\Windows\System\eqRwjpU.exe

C:\Windows\System\dDHkOyq.exe

C:\Windows\System\dDHkOyq.exe

C:\Windows\System\oRpPKnt.exe

C:\Windows\System\oRpPKnt.exe

C:\Windows\System\xOzRJhZ.exe

C:\Windows\System\xOzRJhZ.exe

C:\Windows\System\PAGcFXU.exe

C:\Windows\System\PAGcFXU.exe

C:\Windows\System\YEwQqgh.exe

C:\Windows\System\YEwQqgh.exe

C:\Windows\System\KHXCkLa.exe

C:\Windows\System\KHXCkLa.exe

C:\Windows\System\liAZAXL.exe

C:\Windows\System\liAZAXL.exe

C:\Windows\System\CHQgEur.exe

C:\Windows\System\CHQgEur.exe

C:\Windows\System\lOJKQJP.exe

C:\Windows\System\lOJKQJP.exe

C:\Windows\System\bmNuQbf.exe

C:\Windows\System\bmNuQbf.exe

C:\Windows\System\PgcXZTm.exe

C:\Windows\System\PgcXZTm.exe

C:\Windows\System\RGUxiTh.exe

C:\Windows\System\RGUxiTh.exe

C:\Windows\System\DiMCtmf.exe

C:\Windows\System\DiMCtmf.exe

C:\Windows\System\cEulqQP.exe

C:\Windows\System\cEulqQP.exe

C:\Windows\System\XTXBAad.exe

C:\Windows\System\XTXBAad.exe

C:\Windows\System\GjznwrV.exe

C:\Windows\System\GjznwrV.exe

C:\Windows\System\nwWBKnL.exe

C:\Windows\System\nwWBKnL.exe

C:\Windows\System\eIaqaqg.exe

C:\Windows\System\eIaqaqg.exe

C:\Windows\System\bXxtCoT.exe

C:\Windows\System\bXxtCoT.exe

C:\Windows\System\NkpFxAC.exe

C:\Windows\System\NkpFxAC.exe

C:\Windows\System\UzkuOrI.exe

C:\Windows\System\UzkuOrI.exe

C:\Windows\System\gGOhmkG.exe

C:\Windows\System\gGOhmkG.exe

C:\Windows\System\NKWEgYe.exe

C:\Windows\System\NKWEgYe.exe

C:\Windows\System\xjQaRvr.exe

C:\Windows\System\xjQaRvr.exe

C:\Windows\System\RwwuDaw.exe

C:\Windows\System\RwwuDaw.exe

C:\Windows\System\fcImELr.exe

C:\Windows\System\fcImELr.exe

C:\Windows\System\lePeXxr.exe

C:\Windows\System\lePeXxr.exe

C:\Windows\System\WozmhLe.exe

C:\Windows\System\WozmhLe.exe

C:\Windows\System\QZPUkTx.exe

C:\Windows\System\QZPUkTx.exe

C:\Windows\System\RlbNnHT.exe

C:\Windows\System\RlbNnHT.exe

C:\Windows\System\IyNEAxn.exe

C:\Windows\System\IyNEAxn.exe

C:\Windows\System\QKteNoG.exe

C:\Windows\System\QKteNoG.exe

C:\Windows\System\ajqYFnj.exe

C:\Windows\System\ajqYFnj.exe

C:\Windows\System\VpQDTAl.exe

C:\Windows\System\VpQDTAl.exe

C:\Windows\System\SkJbOar.exe

C:\Windows\System\SkJbOar.exe

C:\Windows\System\tqzaytV.exe

C:\Windows\System\tqzaytV.exe

C:\Windows\System\jPrOQLk.exe

C:\Windows\System\jPrOQLk.exe

C:\Windows\System\CXCSqlL.exe

C:\Windows\System\CXCSqlL.exe

C:\Windows\System\SbFfjFK.exe

C:\Windows\System\SbFfjFK.exe

C:\Windows\System\fPRaWIF.exe

C:\Windows\System\fPRaWIF.exe

C:\Windows\System\PNxIOfD.exe

C:\Windows\System\PNxIOfD.exe

C:\Windows\System\fQADuKR.exe

C:\Windows\System\fQADuKR.exe

C:\Windows\System\aYUCirn.exe

C:\Windows\System\aYUCirn.exe

C:\Windows\System\CCXbxOe.exe

C:\Windows\System\CCXbxOe.exe

C:\Windows\System\suLUKkp.exe

C:\Windows\System\suLUKkp.exe

C:\Windows\System\MxagcYo.exe

C:\Windows\System\MxagcYo.exe

C:\Windows\System\zJwHIxS.exe

C:\Windows\System\zJwHIxS.exe

C:\Windows\System\TsMMnJy.exe

C:\Windows\System\TsMMnJy.exe

C:\Windows\System\ZAXRtUc.exe

C:\Windows\System\ZAXRtUc.exe

C:\Windows\System\PusTGDp.exe

C:\Windows\System\PusTGDp.exe

C:\Windows\System\wyIxRsk.exe

C:\Windows\System\wyIxRsk.exe

C:\Windows\System\WKCMtNR.exe

C:\Windows\System\WKCMtNR.exe

C:\Windows\System\jqjVIWX.exe

C:\Windows\System\jqjVIWX.exe

C:\Windows\System\FWzngoq.exe

C:\Windows\System\FWzngoq.exe

C:\Windows\System\gXoyZBX.exe

C:\Windows\System\gXoyZBX.exe

C:\Windows\System\XZZIgZn.exe

C:\Windows\System\XZZIgZn.exe

C:\Windows\System\caSDttA.exe

C:\Windows\System\caSDttA.exe

C:\Windows\System\ONddbbF.exe

C:\Windows\System\ONddbbF.exe

C:\Windows\System\iwbfmxY.exe

C:\Windows\System\iwbfmxY.exe

C:\Windows\System\IBYVxVa.exe

C:\Windows\System\IBYVxVa.exe

C:\Windows\System\iLzXfRN.exe

C:\Windows\System\iLzXfRN.exe

C:\Windows\System\klJIqRx.exe

C:\Windows\System\klJIqRx.exe

C:\Windows\System\IocweRz.exe

C:\Windows\System\IocweRz.exe

C:\Windows\System\BXyVFNR.exe

C:\Windows\System\BXyVFNR.exe

C:\Windows\System\ljIYjxv.exe

C:\Windows\System\ljIYjxv.exe

C:\Windows\System\IXLDQoo.exe

C:\Windows\System\IXLDQoo.exe

C:\Windows\System\kpmFFmK.exe

C:\Windows\System\kpmFFmK.exe

C:\Windows\System\kckuPpi.exe

C:\Windows\System\kckuPpi.exe

C:\Windows\System\ycsGQWw.exe

C:\Windows\System\ycsGQWw.exe

C:\Windows\System\pNLjBqL.exe

C:\Windows\System\pNLjBqL.exe

C:\Windows\System\oTqpuiD.exe

C:\Windows\System\oTqpuiD.exe

C:\Windows\System\aqagqmX.exe

C:\Windows\System\aqagqmX.exe

C:\Windows\System\NAsGzgY.exe

C:\Windows\System\NAsGzgY.exe

C:\Windows\System\aighMNL.exe

C:\Windows\System\aighMNL.exe

C:\Windows\System\VUpyjbi.exe

C:\Windows\System\VUpyjbi.exe

C:\Windows\System\vntKRZN.exe

C:\Windows\System\vntKRZN.exe

C:\Windows\System\TxfzBFy.exe

C:\Windows\System\TxfzBFy.exe

C:\Windows\System\JZQgJUf.exe

C:\Windows\System\JZQgJUf.exe

C:\Windows\System\KPSFxzf.exe

C:\Windows\System\KPSFxzf.exe

C:\Windows\System\skZJzfq.exe

C:\Windows\System\skZJzfq.exe

C:\Windows\System\YSapxum.exe

C:\Windows\System\YSapxum.exe

C:\Windows\System\oaNOFLi.exe

C:\Windows\System\oaNOFLi.exe

C:\Windows\System\vSkvuyj.exe

C:\Windows\System\vSkvuyj.exe

C:\Windows\System\LAmAEPW.exe

C:\Windows\System\LAmAEPW.exe

C:\Windows\System\NLVZWQu.exe

C:\Windows\System\NLVZWQu.exe

C:\Windows\System\kHMuqmA.exe

C:\Windows\System\kHMuqmA.exe

C:\Windows\System\jWJlsPN.exe

C:\Windows\System\jWJlsPN.exe

C:\Windows\System\GhuNLiu.exe

C:\Windows\System\GhuNLiu.exe

C:\Windows\System\wgEicwm.exe

C:\Windows\System\wgEicwm.exe

C:\Windows\System\SNtmmdA.exe

C:\Windows\System\SNtmmdA.exe

C:\Windows\System\BblYWHi.exe

C:\Windows\System\BblYWHi.exe

C:\Windows\System\EoLsnxS.exe

C:\Windows\System\EoLsnxS.exe

C:\Windows\System\lbqxQBu.exe

C:\Windows\System\lbqxQBu.exe

C:\Windows\System\cSECOot.exe

C:\Windows\System\cSECOot.exe

C:\Windows\System\TPKTwjZ.exe

C:\Windows\System\TPKTwjZ.exe

C:\Windows\System\ChFygah.exe

C:\Windows\System\ChFygah.exe

C:\Windows\System\KHayNvV.exe

C:\Windows\System\KHayNvV.exe

C:\Windows\System\VIOLSTl.exe

C:\Windows\System\VIOLSTl.exe

C:\Windows\System\KReonuC.exe

C:\Windows\System\KReonuC.exe

C:\Windows\System\qgVpWXB.exe

C:\Windows\System\qgVpWXB.exe

C:\Windows\System\MQbzruU.exe

C:\Windows\System\MQbzruU.exe

C:\Windows\System\rVQWidX.exe

C:\Windows\System\rVQWidX.exe

C:\Windows\System\Vhbfyam.exe

C:\Windows\System\Vhbfyam.exe

C:\Windows\System\MtxzLgl.exe

C:\Windows\System\MtxzLgl.exe

C:\Windows\System\ThlFzJW.exe

C:\Windows\System\ThlFzJW.exe

C:\Windows\System\YUZAtEY.exe

C:\Windows\System\YUZAtEY.exe

C:\Windows\System\eQwoLon.exe

C:\Windows\System\eQwoLon.exe

C:\Windows\System\WHzvYlB.exe

C:\Windows\System\WHzvYlB.exe

C:\Windows\System\hwQDUjC.exe

C:\Windows\System\hwQDUjC.exe

C:\Windows\System\bkQsZAy.exe

C:\Windows\System\bkQsZAy.exe

C:\Windows\System\ndFZoNT.exe

C:\Windows\System\ndFZoNT.exe

C:\Windows\System\wqhxjbk.exe

C:\Windows\System\wqhxjbk.exe

C:\Windows\System\dLRkocb.exe

C:\Windows\System\dLRkocb.exe

C:\Windows\System\ixgfWLg.exe

C:\Windows\System\ixgfWLg.exe

C:\Windows\System\ZDgPnZd.exe

C:\Windows\System\ZDgPnZd.exe

C:\Windows\System\lNAURXP.exe

C:\Windows\System\lNAURXP.exe

C:\Windows\System\gOkkAiD.exe

C:\Windows\System\gOkkAiD.exe

C:\Windows\System\PzQfQMk.exe

C:\Windows\System\PzQfQMk.exe

C:\Windows\System\hhHPdCf.exe

C:\Windows\System\hhHPdCf.exe

C:\Windows\System\CrKtpJd.exe

C:\Windows\System\CrKtpJd.exe

C:\Windows\System\DjojEiD.exe

C:\Windows\System\DjojEiD.exe

C:\Windows\System\bmojQOY.exe

C:\Windows\System\bmojQOY.exe

C:\Windows\System\QNkMYkD.exe

C:\Windows\System\QNkMYkD.exe

C:\Windows\System\MCneXca.exe

C:\Windows\System\MCneXca.exe

C:\Windows\System\JMQehQZ.exe

C:\Windows\System\JMQehQZ.exe

C:\Windows\System\ncbafBp.exe

C:\Windows\System\ncbafBp.exe

C:\Windows\System\wgfFpfF.exe

C:\Windows\System\wgfFpfF.exe

C:\Windows\System\jDPNslV.exe

C:\Windows\System\jDPNslV.exe

C:\Windows\System\fHTRvPd.exe

C:\Windows\System\fHTRvPd.exe

C:\Windows\System\LUKuvlI.exe

C:\Windows\System\LUKuvlI.exe

C:\Windows\System\FcXHEZL.exe

C:\Windows\System\FcXHEZL.exe

C:\Windows\System\uILWhKk.exe

C:\Windows\System\uILWhKk.exe

C:\Windows\System\LaEjswd.exe

C:\Windows\System\LaEjswd.exe

C:\Windows\System\FrcVtLo.exe

C:\Windows\System\FrcVtLo.exe

C:\Windows\System\Dewddxw.exe

C:\Windows\System\Dewddxw.exe

C:\Windows\System\dsNjlLG.exe

C:\Windows\System\dsNjlLG.exe

C:\Windows\System\iKtoxGu.exe

C:\Windows\System\iKtoxGu.exe

C:\Windows\System\wVGHqnN.exe

C:\Windows\System\wVGHqnN.exe

C:\Windows\System\kQQzMlS.exe

C:\Windows\System\kQQzMlS.exe

C:\Windows\System\ugZKbSg.exe

C:\Windows\System\ugZKbSg.exe

C:\Windows\System\dfiIBRG.exe

C:\Windows\System\dfiIBRG.exe

C:\Windows\System\wvrgIbj.exe

C:\Windows\System\wvrgIbj.exe

C:\Windows\System\QeFikIb.exe

C:\Windows\System\QeFikIb.exe

C:\Windows\System\RcGmcbp.exe

C:\Windows\System\RcGmcbp.exe

C:\Windows\System\quDaIMt.exe

C:\Windows\System\quDaIMt.exe

C:\Windows\System\zWpahsS.exe

C:\Windows\System\zWpahsS.exe

C:\Windows\System\BipBZqy.exe

C:\Windows\System\BipBZqy.exe

C:\Windows\System\nMphhIO.exe

C:\Windows\System\nMphhIO.exe

C:\Windows\System\glCHPfC.exe

C:\Windows\System\glCHPfC.exe

C:\Windows\System\QkvdJba.exe

C:\Windows\System\QkvdJba.exe

C:\Windows\System\zBgCFPq.exe

C:\Windows\System\zBgCFPq.exe

C:\Windows\System\byAoDmD.exe

C:\Windows\System\byAoDmD.exe

C:\Windows\System\dojHNNL.exe

C:\Windows\System\dojHNNL.exe

C:\Windows\System\hFuzWFi.exe

C:\Windows\System\hFuzWFi.exe

C:\Windows\System\jkEPUXV.exe

C:\Windows\System\jkEPUXV.exe

C:\Windows\System\AVtwsVa.exe

C:\Windows\System\AVtwsVa.exe

C:\Windows\System\ubpCFUS.exe

C:\Windows\System\ubpCFUS.exe

C:\Windows\System\xQbclLP.exe

C:\Windows\System\xQbclLP.exe

C:\Windows\System\NDfpptC.exe

C:\Windows\System\NDfpptC.exe

C:\Windows\System\UGeCExl.exe

C:\Windows\System\UGeCExl.exe

C:\Windows\System\yjXWgTP.exe

C:\Windows\System\yjXWgTP.exe

C:\Windows\System\cSxupKi.exe

C:\Windows\System\cSxupKi.exe

C:\Windows\System\EyQKQYu.exe

C:\Windows\System\EyQKQYu.exe

C:\Windows\System\tyWVtHN.exe

C:\Windows\System\tyWVtHN.exe

C:\Windows\System\VkjsvvK.exe

C:\Windows\System\VkjsvvK.exe

C:\Windows\System\unpcSws.exe

C:\Windows\System\unpcSws.exe

C:\Windows\System\WKVHmrl.exe

C:\Windows\System\WKVHmrl.exe

C:\Windows\System\lDCYVpK.exe

C:\Windows\System\lDCYVpK.exe

C:\Windows\System\duwnnOO.exe

C:\Windows\System\duwnnOO.exe

C:\Windows\System\onpshCd.exe

C:\Windows\System\onpshCd.exe

C:\Windows\System\kMmDQDs.exe

C:\Windows\System\kMmDQDs.exe

C:\Windows\System\otuOmnZ.exe

C:\Windows\System\otuOmnZ.exe

C:\Windows\System\RVdCoHu.exe

C:\Windows\System\RVdCoHu.exe

C:\Windows\System\yYQdVKs.exe

C:\Windows\System\yYQdVKs.exe

C:\Windows\System\DbPLBLi.exe

C:\Windows\System\DbPLBLi.exe

C:\Windows\System\kzPChSs.exe

C:\Windows\System\kzPChSs.exe

C:\Windows\System\JHOQGXO.exe

C:\Windows\System\JHOQGXO.exe

C:\Windows\System\fzXfnDo.exe

C:\Windows\System\fzXfnDo.exe

C:\Windows\System\AFeegAH.exe

C:\Windows\System\AFeegAH.exe

C:\Windows\System\dvNSoIS.exe

C:\Windows\System\dvNSoIS.exe

C:\Windows\System\DyxGKbg.exe

C:\Windows\System\DyxGKbg.exe

C:\Windows\System\yFnxLCO.exe

C:\Windows\System\yFnxLCO.exe

C:\Windows\System\eduQeAF.exe

C:\Windows\System\eduQeAF.exe

C:\Windows\System\UfGSIli.exe

C:\Windows\System\UfGSIli.exe

C:\Windows\System\wyTpqKb.exe

C:\Windows\System\wyTpqKb.exe

C:\Windows\System\LBmlzeN.exe

C:\Windows\System\LBmlzeN.exe

C:\Windows\System\UOGqFtf.exe

C:\Windows\System\UOGqFtf.exe

C:\Windows\System\WbklzpS.exe

C:\Windows\System\WbklzpS.exe

C:\Windows\System\HjFtIjQ.exe

C:\Windows\System\HjFtIjQ.exe

C:\Windows\System\cJbxfMh.exe

C:\Windows\System\cJbxfMh.exe

C:\Windows\System\APulMis.exe

C:\Windows\System\APulMis.exe

C:\Windows\System\IazRdai.exe

C:\Windows\System\IazRdai.exe

C:\Windows\System\SsYkyHD.exe

C:\Windows\System\SsYkyHD.exe

C:\Windows\System\efcZjDS.exe

C:\Windows\System\efcZjDS.exe

C:\Windows\System\vUbWLrh.exe

C:\Windows\System\vUbWLrh.exe

C:\Windows\System\GZpHWly.exe

C:\Windows\System\GZpHWly.exe

C:\Windows\System\jfMQhPU.exe

C:\Windows\System\jfMQhPU.exe

C:\Windows\System\yWHWJDp.exe

C:\Windows\System\yWHWJDp.exe

C:\Windows\System\AoCVCJA.exe

C:\Windows\System\AoCVCJA.exe

C:\Windows\System\DpAuRoi.exe

C:\Windows\System\DpAuRoi.exe

C:\Windows\System\clUXXbb.exe

C:\Windows\System\clUXXbb.exe

C:\Windows\System\iXFBUKU.exe

C:\Windows\System\iXFBUKU.exe

C:\Windows\System\ZRtNIuD.exe

C:\Windows\System\ZRtNIuD.exe

C:\Windows\System\SPvrUNr.exe

C:\Windows\System\SPvrUNr.exe

C:\Windows\System\LztsHJV.exe

C:\Windows\System\LztsHJV.exe

C:\Windows\System\wdoSRdv.exe

C:\Windows\System\wdoSRdv.exe

C:\Windows\System\hnJWIGx.exe

C:\Windows\System\hnJWIGx.exe

C:\Windows\System\tOEDWcW.exe

C:\Windows\System\tOEDWcW.exe

C:\Windows\System\VeidyUD.exe

C:\Windows\System\VeidyUD.exe

C:\Windows\System\IxQafWE.exe

C:\Windows\System\IxQafWE.exe

C:\Windows\System\pqUKvUO.exe

C:\Windows\System\pqUKvUO.exe

C:\Windows\System\TNfYqIG.exe

C:\Windows\System\TNfYqIG.exe

C:\Windows\System\LSoYBCE.exe

C:\Windows\System\LSoYBCE.exe

C:\Windows\System\BeZqYeI.exe

C:\Windows\System\BeZqYeI.exe

C:\Windows\System\bGnvfTp.exe

C:\Windows\System\bGnvfTp.exe

C:\Windows\System\aFPvQKe.exe

C:\Windows\System\aFPvQKe.exe

C:\Windows\System\eFAqcIF.exe

C:\Windows\System\eFAqcIF.exe

C:\Windows\System\CfWbrdq.exe

C:\Windows\System\CfWbrdq.exe

C:\Windows\System\luCoFCw.exe

C:\Windows\System\luCoFCw.exe

C:\Windows\System\waNZsEz.exe

C:\Windows\System\waNZsEz.exe

C:\Windows\System\RCUWrPr.exe

C:\Windows\System\RCUWrPr.exe

C:\Windows\System\SPAwmON.exe

C:\Windows\System\SPAwmON.exe

C:\Windows\System\bJkrDAA.exe

C:\Windows\System\bJkrDAA.exe

C:\Windows\System\NCrORkM.exe

C:\Windows\System\NCrORkM.exe

C:\Windows\System\DcPQjdx.exe

C:\Windows\System\DcPQjdx.exe

C:\Windows\System\yfkQCvp.exe

C:\Windows\System\yfkQCvp.exe

C:\Windows\System\exleQKB.exe

C:\Windows\System\exleQKB.exe

C:\Windows\System\ZdpHcuu.exe

C:\Windows\System\ZdpHcuu.exe

C:\Windows\System\YvzdVoO.exe

C:\Windows\System\YvzdVoO.exe

C:\Windows\System\OXLDdBd.exe

C:\Windows\System\OXLDdBd.exe

C:\Windows\System\vZzmDOu.exe

C:\Windows\System\vZzmDOu.exe

C:\Windows\System\MrWYzjO.exe

C:\Windows\System\MrWYzjO.exe

C:\Windows\System\ofUoauS.exe

C:\Windows\System\ofUoauS.exe

C:\Windows\System\XweQemk.exe

C:\Windows\System\XweQemk.exe

C:\Windows\System\LZuwwmA.exe

C:\Windows\System\LZuwwmA.exe

C:\Windows\System\GYrSOvE.exe

C:\Windows\System\GYrSOvE.exe

C:\Windows\System\cZKEMHI.exe

C:\Windows\System\cZKEMHI.exe

C:\Windows\System\DpzMgnD.exe

C:\Windows\System\DpzMgnD.exe

C:\Windows\System\aYUFIlU.exe

C:\Windows\System\aYUFIlU.exe

C:\Windows\System\YrZLrKO.exe

C:\Windows\System\YrZLrKO.exe

C:\Windows\System\DTcGLgF.exe

C:\Windows\System\DTcGLgF.exe

C:\Windows\System\sXzKtbr.exe

C:\Windows\System\sXzKtbr.exe

C:\Windows\System\MYmMHaw.exe

C:\Windows\System\MYmMHaw.exe

C:\Windows\System\CzHKrgQ.exe

C:\Windows\System\CzHKrgQ.exe

C:\Windows\System\eASbYgv.exe

C:\Windows\System\eASbYgv.exe

C:\Windows\System\KEEhVTc.exe

C:\Windows\System\KEEhVTc.exe

C:\Windows\System\tQlwlGl.exe

C:\Windows\System\tQlwlGl.exe

C:\Windows\System\hlrWHew.exe

C:\Windows\System\hlrWHew.exe

C:\Windows\System\bpRRzsz.exe

C:\Windows\System\bpRRzsz.exe

C:\Windows\System\SnBTSSB.exe

C:\Windows\System\SnBTSSB.exe

C:\Windows\System\VRfdydO.exe

C:\Windows\System\VRfdydO.exe

C:\Windows\System\pYQdTdT.exe

C:\Windows\System\pYQdTdT.exe

C:\Windows\System\stGPpCQ.exe

C:\Windows\System\stGPpCQ.exe

C:\Windows\System\Kitpapt.exe

C:\Windows\System\Kitpapt.exe

C:\Windows\System\GAewVZm.exe

C:\Windows\System\GAewVZm.exe

C:\Windows\System\ljoJXsu.exe

C:\Windows\System\ljoJXsu.exe

C:\Windows\System\ulrFgOR.exe

C:\Windows\System\ulrFgOR.exe

C:\Windows\System\bJbnNWD.exe

C:\Windows\System\bJbnNWD.exe

C:\Windows\System\OVRapkH.exe

C:\Windows\System\OVRapkH.exe

C:\Windows\System\iPNpSII.exe

C:\Windows\System\iPNpSII.exe

C:\Windows\System\iXkkvrl.exe

C:\Windows\System\iXkkvrl.exe

C:\Windows\System\kitYEJG.exe

C:\Windows\System\kitYEJG.exe

C:\Windows\System\cwUwYFi.exe

C:\Windows\System\cwUwYFi.exe

C:\Windows\System\oUSoHWJ.exe

C:\Windows\System\oUSoHWJ.exe

C:\Windows\System\gUGgwax.exe

C:\Windows\System\gUGgwax.exe

C:\Windows\System\LcwvEtG.exe

C:\Windows\System\LcwvEtG.exe

C:\Windows\System\WaQJPOj.exe

C:\Windows\System\WaQJPOj.exe

C:\Windows\System\YprmAiH.exe

C:\Windows\System\YprmAiH.exe

C:\Windows\System\kigpWWC.exe

C:\Windows\System\kigpWWC.exe

C:\Windows\System\WogeWJr.exe

C:\Windows\System\WogeWJr.exe

C:\Windows\System\ubMZdkW.exe

C:\Windows\System\ubMZdkW.exe

C:\Windows\System\NLaDpSB.exe

C:\Windows\System\NLaDpSB.exe

C:\Windows\System\JWkqrTT.exe

C:\Windows\System\JWkqrTT.exe

C:\Windows\System\QrIhhhs.exe

C:\Windows\System\QrIhhhs.exe

C:\Windows\System\FeNMZVe.exe

C:\Windows\System\FeNMZVe.exe

C:\Windows\System\tnuIGjz.exe

C:\Windows\System\tnuIGjz.exe

C:\Windows\System\BltSwBx.exe

C:\Windows\System\BltSwBx.exe

C:\Windows\System\gxhcpsa.exe

C:\Windows\System\gxhcpsa.exe

C:\Windows\System\XaOblnu.exe

C:\Windows\System\XaOblnu.exe

C:\Windows\System\hXKZdnv.exe

C:\Windows\System\hXKZdnv.exe

C:\Windows\System\RqTKvOv.exe

C:\Windows\System\RqTKvOv.exe

C:\Windows\System\SxbSpKx.exe

C:\Windows\System\SxbSpKx.exe

C:\Windows\System\pNhaNvU.exe

C:\Windows\System\pNhaNvU.exe

C:\Windows\System\lFkBTFz.exe

C:\Windows\System\lFkBTFz.exe

C:\Windows\System\gfzuqbr.exe

C:\Windows\System\gfzuqbr.exe

C:\Windows\System\kqTRzew.exe

C:\Windows\System\kqTRzew.exe

C:\Windows\System\HZyoiQd.exe

C:\Windows\System\HZyoiQd.exe

C:\Windows\System\ldEWTYV.exe

C:\Windows\System\ldEWTYV.exe

C:\Windows\System\OKJbpJH.exe

C:\Windows\System\OKJbpJH.exe

C:\Windows\System\PiGGwgz.exe

C:\Windows\System\PiGGwgz.exe

C:\Windows\System\WsrXIiB.exe

C:\Windows\System\WsrXIiB.exe

C:\Windows\System\GVOumfe.exe

C:\Windows\System\GVOumfe.exe

C:\Windows\System\nAcZnCc.exe

C:\Windows\System\nAcZnCc.exe

C:\Windows\System\zvckoZm.exe

C:\Windows\System\zvckoZm.exe

C:\Windows\System\nPJyZRd.exe

C:\Windows\System\nPJyZRd.exe

C:\Windows\System\jNvNIRk.exe

C:\Windows\System\jNvNIRk.exe

C:\Windows\System\QwzdgpO.exe

C:\Windows\System\QwzdgpO.exe

C:\Windows\System\xMjPgVl.exe

C:\Windows\System\xMjPgVl.exe

C:\Windows\System\XTVHGft.exe

C:\Windows\System\XTVHGft.exe

C:\Windows\System\uHGbuGI.exe

C:\Windows\System\uHGbuGI.exe

C:\Windows\System\XvDqtoY.exe

C:\Windows\System\XvDqtoY.exe

C:\Windows\System\hKnFvut.exe

C:\Windows\System\hKnFvut.exe

C:\Windows\System\YHtSbIn.exe

C:\Windows\System\YHtSbIn.exe

C:\Windows\System\rtXrDKC.exe

C:\Windows\System\rtXrDKC.exe

C:\Windows\System\ygpmAkA.exe

C:\Windows\System\ygpmAkA.exe

C:\Windows\System\UyvKIUd.exe

C:\Windows\System\UyvKIUd.exe

C:\Windows\System\QjoiOTe.exe

C:\Windows\System\QjoiOTe.exe

C:\Windows\System\QDrvoKK.exe

C:\Windows\System\QDrvoKK.exe

C:\Windows\System\PBUEMWh.exe

C:\Windows\System\PBUEMWh.exe

C:\Windows\System\HnvaCne.exe

C:\Windows\System\HnvaCne.exe

C:\Windows\System\ARsYcNg.exe

C:\Windows\System\ARsYcNg.exe

C:\Windows\System\mCwijHc.exe

C:\Windows\System\mCwijHc.exe

C:\Windows\System\uRqifqD.exe

C:\Windows\System\uRqifqD.exe

C:\Windows\System\QAMUyrf.exe

C:\Windows\System\QAMUyrf.exe

C:\Windows\System\ojablki.exe

C:\Windows\System\ojablki.exe

C:\Windows\System\FnhPtEA.exe

C:\Windows\System\FnhPtEA.exe

C:\Windows\System\ouvxzDr.exe

C:\Windows\System\ouvxzDr.exe

C:\Windows\System\FrVjAVt.exe

C:\Windows\System\FrVjAVt.exe

C:\Windows\System\cMlTbdm.exe

C:\Windows\System\cMlTbdm.exe

C:\Windows\System\kHVYdmw.exe

C:\Windows\System\kHVYdmw.exe

C:\Windows\System\LvsrtYr.exe

C:\Windows\System\LvsrtYr.exe

C:\Windows\System\MSytjJd.exe

C:\Windows\System\MSytjJd.exe

C:\Windows\System\eOAEhjd.exe

C:\Windows\System\eOAEhjd.exe

C:\Windows\System\LJvyScj.exe

C:\Windows\System\LJvyScj.exe

C:\Windows\System\Ydxoefw.exe

C:\Windows\System\Ydxoefw.exe

C:\Windows\System\ciUfZHn.exe

C:\Windows\System\ciUfZHn.exe

C:\Windows\System\gLeXmXq.exe

C:\Windows\System\gLeXmXq.exe

C:\Windows\System\YCtOGRO.exe

C:\Windows\System\YCtOGRO.exe

C:\Windows\System\AcmLIsj.exe

C:\Windows\System\AcmLIsj.exe

C:\Windows\System\OLfQxtz.exe

C:\Windows\System\OLfQxtz.exe

C:\Windows\System\xIZDmQw.exe

C:\Windows\System\xIZDmQw.exe

C:\Windows\System\ellqAXv.exe

C:\Windows\System\ellqAXv.exe

C:\Windows\System\UXTAqXK.exe

C:\Windows\System\UXTAqXK.exe

C:\Windows\System\UcakeIj.exe

C:\Windows\System\UcakeIj.exe

C:\Windows\System\hGLgfPI.exe

C:\Windows\System\hGLgfPI.exe

C:\Windows\System\LOIDpAm.exe

C:\Windows\System\LOIDpAm.exe

C:\Windows\System\WIUdPce.exe

C:\Windows\System\WIUdPce.exe

C:\Windows\System\jrMcxxC.exe

C:\Windows\System\jrMcxxC.exe

C:\Windows\System\isYwlpa.exe

C:\Windows\System\isYwlpa.exe

C:\Windows\System\TVwuZwr.exe

C:\Windows\System\TVwuZwr.exe

C:\Windows\System\fXKPBmo.exe

C:\Windows\System\fXKPBmo.exe

C:\Windows\System\YBnsaRw.exe

C:\Windows\System\YBnsaRw.exe

C:\Windows\System\ZlxfZFm.exe

C:\Windows\System\ZlxfZFm.exe

C:\Windows\System\fIpDwBu.exe

C:\Windows\System\fIpDwBu.exe

C:\Windows\System\tlwscvZ.exe

C:\Windows\System\tlwscvZ.exe

C:\Windows\System\CcptcLm.exe

C:\Windows\System\CcptcLm.exe

C:\Windows\System\uoXCkfk.exe

C:\Windows\System\uoXCkfk.exe

C:\Windows\System\wbMtdZE.exe

C:\Windows\System\wbMtdZE.exe

C:\Windows\System\GDWGjsc.exe

C:\Windows\System\GDWGjsc.exe

C:\Windows\System\shQkPem.exe

C:\Windows\System\shQkPem.exe

C:\Windows\System\ehTxzwM.exe

C:\Windows\System\ehTxzwM.exe

C:\Windows\System\Quppqds.exe

C:\Windows\System\Quppqds.exe

C:\Windows\System\qhmYOgJ.exe

C:\Windows\System\qhmYOgJ.exe

C:\Windows\System\TMZYXhz.exe

C:\Windows\System\TMZYXhz.exe

C:\Windows\System\qjYWGYJ.exe

C:\Windows\System\qjYWGYJ.exe

C:\Windows\System\suNsHvK.exe

C:\Windows\System\suNsHvK.exe

C:\Windows\System\VbAdjsc.exe

C:\Windows\System\VbAdjsc.exe

C:\Windows\System\RzCmJPL.exe

C:\Windows\System\RzCmJPL.exe

C:\Windows\System\inzAIAG.exe

C:\Windows\System\inzAIAG.exe

C:\Windows\System\kSokhgg.exe

C:\Windows\System\kSokhgg.exe

C:\Windows\System\hPLdmmi.exe

C:\Windows\System\hPLdmmi.exe

C:\Windows\System\CyUGjic.exe

C:\Windows\System\CyUGjic.exe

C:\Windows\System\wqxkISt.exe

C:\Windows\System\wqxkISt.exe

C:\Windows\System\DHDmtoX.exe

C:\Windows\System\DHDmtoX.exe

C:\Windows\System\YnwoQOa.exe

C:\Windows\System\YnwoQOa.exe

C:\Windows\System\rAqTEEf.exe

C:\Windows\System\rAqTEEf.exe

C:\Windows\System\RpPPAzt.exe

C:\Windows\System\RpPPAzt.exe

C:\Windows\System\BWNfPWh.exe

C:\Windows\System\BWNfPWh.exe

C:\Windows\System\eOIjfbr.exe

C:\Windows\System\eOIjfbr.exe

C:\Windows\System\fEzIMaY.exe

C:\Windows\System\fEzIMaY.exe

C:\Windows\System\qyJzZqs.exe

C:\Windows\System\qyJzZqs.exe

C:\Windows\System\bnqNRyZ.exe

C:\Windows\System\bnqNRyZ.exe

C:\Windows\System\gEpNVJN.exe

C:\Windows\System\gEpNVJN.exe

C:\Windows\System\lLAsSFM.exe

C:\Windows\System\lLAsSFM.exe

C:\Windows\System\mmwERRI.exe

C:\Windows\System\mmwERRI.exe

C:\Windows\System\dCdmJVC.exe

C:\Windows\System\dCdmJVC.exe

C:\Windows\System\WpEgGBD.exe

C:\Windows\System\WpEgGBD.exe

C:\Windows\System\hnQxElS.exe

C:\Windows\System\hnQxElS.exe

C:\Windows\System\DTaeglW.exe

C:\Windows\System\DTaeglW.exe

C:\Windows\System\imZjLNs.exe

C:\Windows\System\imZjLNs.exe

C:\Windows\System\MiEWCvH.exe

C:\Windows\System\MiEWCvH.exe

C:\Windows\System\VFrjaAu.exe

C:\Windows\System\VFrjaAu.exe

C:\Windows\System\xLxCGlo.exe

C:\Windows\System\xLxCGlo.exe

C:\Windows\System\rhvfpFI.exe

C:\Windows\System\rhvfpFI.exe

C:\Windows\System\FGXCSdu.exe

C:\Windows\System\FGXCSdu.exe

C:\Windows\System\AFhznBG.exe

C:\Windows\System\AFhznBG.exe

C:\Windows\System\DwCcBNL.exe

C:\Windows\System\DwCcBNL.exe

C:\Windows\System\KgvMIUh.exe

C:\Windows\System\KgvMIUh.exe

C:\Windows\System\OKJsejR.exe

C:\Windows\System\OKJsejR.exe

C:\Windows\System\orWMGak.exe

C:\Windows\System\orWMGak.exe

C:\Windows\System\mJYNyww.exe

C:\Windows\System\mJYNyww.exe

C:\Windows\System\MLYohAp.exe

C:\Windows\System\MLYohAp.exe

C:\Windows\System\GgnnPkV.exe

C:\Windows\System\GgnnPkV.exe

C:\Windows\System\NBDRvOp.exe

C:\Windows\System\NBDRvOp.exe

C:\Windows\System\ILcyvpp.exe

C:\Windows\System\ILcyvpp.exe

C:\Windows\System\xpJMSmG.exe

C:\Windows\System\xpJMSmG.exe

C:\Windows\System\jjSsnpn.exe

C:\Windows\System\jjSsnpn.exe

C:\Windows\System\fMtvJpA.exe

C:\Windows\System\fMtvJpA.exe

C:\Windows\System\UTnXOXx.exe

C:\Windows\System\UTnXOXx.exe

C:\Windows\System\IAybana.exe

C:\Windows\System\IAybana.exe

C:\Windows\System\NiFxykl.exe

C:\Windows\System\NiFxykl.exe

C:\Windows\System\OakLKxa.exe

C:\Windows\System\OakLKxa.exe

C:\Windows\System\lKWFdYG.exe

C:\Windows\System\lKWFdYG.exe

C:\Windows\System\PYLtDsY.exe

C:\Windows\System\PYLtDsY.exe

C:\Windows\System\nwEwGXo.exe

C:\Windows\System\nwEwGXo.exe

C:\Windows\System\AtkOFlG.exe

C:\Windows\System\AtkOFlG.exe

C:\Windows\System\CbEKvfP.exe

C:\Windows\System\CbEKvfP.exe

C:\Windows\System\AHIIwrw.exe

C:\Windows\System\AHIIwrw.exe

C:\Windows\System\KfcXpWD.exe

C:\Windows\System\KfcXpWD.exe

C:\Windows\System\dvCAgpY.exe

C:\Windows\System\dvCAgpY.exe

C:\Windows\System\MoPAuqv.exe

C:\Windows\System\MoPAuqv.exe

C:\Windows\System\YiHUiTV.exe

C:\Windows\System\YiHUiTV.exe

C:\Windows\System\vmiaUhQ.exe

C:\Windows\System\vmiaUhQ.exe

C:\Windows\System\VybMFcA.exe

C:\Windows\System\VybMFcA.exe

C:\Windows\System\hPRScxF.exe

C:\Windows\System\hPRScxF.exe

C:\Windows\System\KKqHXKl.exe

C:\Windows\System\KKqHXKl.exe

C:\Windows\System\qEoaBSU.exe

C:\Windows\System\qEoaBSU.exe

C:\Windows\System\SQwmHoQ.exe

C:\Windows\System\SQwmHoQ.exe

C:\Windows\System\knXvDNp.exe

C:\Windows\System\knXvDNp.exe

C:\Windows\System\nTWDqev.exe

C:\Windows\System\nTWDqev.exe

C:\Windows\System\eSJZQcS.exe

C:\Windows\System\eSJZQcS.exe

C:\Windows\System\QxTyxAl.exe

C:\Windows\System\QxTyxAl.exe

C:\Windows\System\AaWXNUp.exe

C:\Windows\System\AaWXNUp.exe

C:\Windows\System\putEbYm.exe

C:\Windows\System\putEbYm.exe

C:\Windows\System\ndqOKeq.exe

C:\Windows\System\ndqOKeq.exe

C:\Windows\System\DDOZAbd.exe

C:\Windows\System\DDOZAbd.exe

C:\Windows\System\KNPumdW.exe

C:\Windows\System\KNPumdW.exe

C:\Windows\System\ZbWLLYD.exe

C:\Windows\System\ZbWLLYD.exe

C:\Windows\System\xfKJQpX.exe

C:\Windows\System\xfKJQpX.exe

C:\Windows\System\TbHvxZW.exe

C:\Windows\System\TbHvxZW.exe

C:\Windows\System\GBAsuPs.exe

C:\Windows\System\GBAsuPs.exe

C:\Windows\System\eBEnVMB.exe

C:\Windows\System\eBEnVMB.exe

C:\Windows\System\TwhiigX.exe

C:\Windows\System\TwhiigX.exe

C:\Windows\System\BAPrmcl.exe

C:\Windows\System\BAPrmcl.exe

C:\Windows\System\xXTROYq.exe

C:\Windows\System\xXTROYq.exe

C:\Windows\System\oVjqVSv.exe

C:\Windows\System\oVjqVSv.exe

C:\Windows\System\MenyfcP.exe

C:\Windows\System\MenyfcP.exe

C:\Windows\System\pLjRJVW.exe

C:\Windows\System\pLjRJVW.exe

C:\Windows\System\fgnLXJz.exe

C:\Windows\System\fgnLXJz.exe

C:\Windows\System\sNWBzgT.exe

C:\Windows\System\sNWBzgT.exe

C:\Windows\System\gqAVVof.exe

C:\Windows\System\gqAVVof.exe

C:\Windows\System\dcjeLzs.exe

C:\Windows\System\dcjeLzs.exe

C:\Windows\System\XThmyVJ.exe

C:\Windows\System\XThmyVJ.exe

C:\Windows\System\tFbUYBZ.exe

C:\Windows\System\tFbUYBZ.exe

C:\Windows\System\SsmgOlO.exe

C:\Windows\System\SsmgOlO.exe

C:\Windows\System\KUsAilG.exe

C:\Windows\System\KUsAilG.exe

C:\Windows\System\RYUFuWY.exe

C:\Windows\System\RYUFuWY.exe

C:\Windows\System\VeEqGgS.exe

C:\Windows\System\VeEqGgS.exe

C:\Windows\System\VNIsloY.exe

C:\Windows\System\VNIsloY.exe

C:\Windows\System\bXwsTht.exe

C:\Windows\System\bXwsTht.exe

C:\Windows\System\temWMBt.exe

C:\Windows\System\temWMBt.exe

C:\Windows\System\uLZASFU.exe

C:\Windows\System\uLZASFU.exe

C:\Windows\System\DiWokxI.exe

C:\Windows\System\DiWokxI.exe

C:\Windows\System\SMCDmZZ.exe

C:\Windows\System\SMCDmZZ.exe

C:\Windows\System\EGPkrrM.exe

C:\Windows\System\EGPkrrM.exe

C:\Windows\System\uqXtigq.exe

C:\Windows\System\uqXtigq.exe

C:\Windows\System\FCnpxXT.exe

C:\Windows\System\FCnpxXT.exe

C:\Windows\System\TFGNuwx.exe

C:\Windows\System\TFGNuwx.exe

C:\Windows\System\FqGLkRm.exe

C:\Windows\System\FqGLkRm.exe

C:\Windows\System\mWPgYTO.exe

C:\Windows\System\mWPgYTO.exe

C:\Windows\System\aqWzRge.exe

C:\Windows\System\aqWzRge.exe

C:\Windows\System\EhXcTpl.exe

C:\Windows\System\EhXcTpl.exe

C:\Windows\System\SvbVLnP.exe

C:\Windows\System\SvbVLnP.exe

C:\Windows\System\FZZnsTE.exe

C:\Windows\System\FZZnsTE.exe

C:\Windows\System\REhDwrR.exe

C:\Windows\System\REhDwrR.exe

C:\Windows\System\QTQRwtt.exe

C:\Windows\System\QTQRwtt.exe

C:\Windows\System\ARxMYhS.exe

C:\Windows\System\ARxMYhS.exe

C:\Windows\System\cYpWtrw.exe

C:\Windows\System\cYpWtrw.exe

C:\Windows\System\ujuMxob.exe

C:\Windows\System\ujuMxob.exe

C:\Windows\System\aZaZEnA.exe

C:\Windows\System\aZaZEnA.exe

C:\Windows\System\bXMdtdH.exe

C:\Windows\System\bXMdtdH.exe

C:\Windows\System\ZVXRVaQ.exe

C:\Windows\System\ZVXRVaQ.exe

C:\Windows\System\MvRhVgt.exe

C:\Windows\System\MvRhVgt.exe

C:\Windows\System\KcvKNnd.exe

C:\Windows\System\KcvKNnd.exe

C:\Windows\System\fFZQILX.exe

C:\Windows\System\fFZQILX.exe

C:\Windows\System\JuoYPhW.exe

C:\Windows\System\JuoYPhW.exe

C:\Windows\System\LjZhHXK.exe

C:\Windows\System\LjZhHXK.exe

C:\Windows\System\uHNbbgv.exe

C:\Windows\System\uHNbbgv.exe

C:\Windows\System\avHGbSJ.exe

C:\Windows\System\avHGbSJ.exe

C:\Windows\System\sMcSosU.exe

C:\Windows\System\sMcSosU.exe

C:\Windows\System\kPQyMSu.exe

C:\Windows\System\kPQyMSu.exe

C:\Windows\System\FMjbsSo.exe

C:\Windows\System\FMjbsSo.exe

C:\Windows\System\fEgBMJx.exe

C:\Windows\System\fEgBMJx.exe

C:\Windows\System\HMxLevI.exe

C:\Windows\System\HMxLevI.exe

C:\Windows\System\PPVoCzT.exe

C:\Windows\System\PPVoCzT.exe

C:\Windows\System\MKqQRMC.exe

C:\Windows\System\MKqQRMC.exe

C:\Windows\System\FUEBaRW.exe

C:\Windows\System\FUEBaRW.exe

C:\Windows\System\BdGzTcq.exe

C:\Windows\System\BdGzTcq.exe

C:\Windows\System\OFrcKUC.exe

C:\Windows\System\OFrcKUC.exe

C:\Windows\System\zvfftId.exe

C:\Windows\System\zvfftId.exe

C:\Windows\System\VAMWitL.exe

C:\Windows\System\VAMWitL.exe

C:\Windows\System\wMoWcPb.exe

C:\Windows\System\wMoWcPb.exe

C:\Windows\System\lNfShYh.exe

C:\Windows\System\lNfShYh.exe

C:\Windows\System\NqmBtIQ.exe

C:\Windows\System\NqmBtIQ.exe

C:\Windows\System\xhaIpcO.exe

C:\Windows\System\xhaIpcO.exe

C:\Windows\System\aTeSsKQ.exe

C:\Windows\System\aTeSsKQ.exe

C:\Windows\System\VfEjQwK.exe

C:\Windows\System\VfEjQwK.exe

C:\Windows\System\CfXNUrt.exe

C:\Windows\System\CfXNUrt.exe

C:\Windows\System\mIgpuUk.exe

C:\Windows\System\mIgpuUk.exe

C:\Windows\System\ZOiHQou.exe

C:\Windows\System\ZOiHQou.exe

C:\Windows\System\TKlenUn.exe

C:\Windows\System\TKlenUn.exe

C:\Windows\System\xQNHPdd.exe

C:\Windows\System\xQNHPdd.exe

C:\Windows\System\PqnmeOU.exe

C:\Windows\System\PqnmeOU.exe

C:\Windows\System\eGHwPXi.exe

C:\Windows\System\eGHwPXi.exe

C:\Windows\System\icXPuZr.exe

C:\Windows\System\icXPuZr.exe

C:\Windows\System\gtGSXOs.exe

C:\Windows\System\gtGSXOs.exe

C:\Windows\System\JkTonvN.exe

C:\Windows\System\JkTonvN.exe

C:\Windows\System\YNPnwPW.exe

C:\Windows\System\YNPnwPW.exe

C:\Windows\System\IQPsTfj.exe

C:\Windows\System\IQPsTfj.exe

C:\Windows\System\ZraTONj.exe

C:\Windows\System\ZraTONj.exe

C:\Windows\System\AUITPwy.exe

C:\Windows\System\AUITPwy.exe

C:\Windows\System\uelQsoa.exe

C:\Windows\System\uelQsoa.exe

C:\Windows\System\VpYHYlD.exe

C:\Windows\System\VpYHYlD.exe

C:\Windows\System\prnFlje.exe

C:\Windows\System\prnFlje.exe

C:\Windows\System\lRgRGIX.exe

C:\Windows\System\lRgRGIX.exe

C:\Windows\System\XzmVGKr.exe

C:\Windows\System\XzmVGKr.exe

C:\Windows\System\qEffiLG.exe

C:\Windows\System\qEffiLG.exe

C:\Windows\System\NDgMeWz.exe

C:\Windows\System\NDgMeWz.exe

C:\Windows\System\pxhdBmG.exe

C:\Windows\System\pxhdBmG.exe

C:\Windows\System\IHiaAcN.exe

C:\Windows\System\IHiaAcN.exe

C:\Windows\System\BjpgyRi.exe

C:\Windows\System\BjpgyRi.exe

C:\Windows\System\BolqKiQ.exe

C:\Windows\System\BolqKiQ.exe

C:\Windows\System\zeWWITT.exe

C:\Windows\System\zeWWITT.exe

C:\Windows\System\oLQFxLy.exe

C:\Windows\System\oLQFxLy.exe

C:\Windows\System\vDpqlTg.exe

C:\Windows\System\vDpqlTg.exe

C:\Windows\System\WWLmFDl.exe

C:\Windows\System\WWLmFDl.exe

C:\Windows\System\vWvzIEw.exe

C:\Windows\System\vWvzIEw.exe

C:\Windows\System\BwLucDH.exe

C:\Windows\System\BwLucDH.exe

C:\Windows\System\lXvORYw.exe

C:\Windows\System\lXvORYw.exe

C:\Windows\System\AfwTrzx.exe

C:\Windows\System\AfwTrzx.exe

C:\Windows\System\dULkFpK.exe

C:\Windows\System\dULkFpK.exe

C:\Windows\System\egpRhYR.exe

C:\Windows\System\egpRhYR.exe

C:\Windows\System\VVggJqo.exe

C:\Windows\System\VVggJqo.exe

C:\Windows\System\Fnfyavr.exe

C:\Windows\System\Fnfyavr.exe

C:\Windows\System\eZXYAwJ.exe

C:\Windows\System\eZXYAwJ.exe

C:\Windows\System\EtKacWJ.exe

C:\Windows\System\EtKacWJ.exe

C:\Windows\System\rbBrkEI.exe

C:\Windows\System\rbBrkEI.exe

C:\Windows\System\HjpkkCI.exe

C:\Windows\System\HjpkkCI.exe

C:\Windows\System\HWhUADP.exe

C:\Windows\System\HWhUADP.exe

C:\Windows\System\DffNmov.exe

C:\Windows\System\DffNmov.exe

C:\Windows\System\qjlTCOC.exe

C:\Windows\System\qjlTCOC.exe

C:\Windows\System\ZEISAMy.exe

C:\Windows\System\ZEISAMy.exe

C:\Windows\System\vmMGDoG.exe

C:\Windows\System\vmMGDoG.exe

C:\Windows\System\kBdkLWh.exe

C:\Windows\System\kBdkLWh.exe

C:\Windows\System\HITsztl.exe

C:\Windows\System\HITsztl.exe

C:\Windows\System\WdfXqie.exe

C:\Windows\System\WdfXqie.exe

C:\Windows\System\LaPBMrm.exe

C:\Windows\System\LaPBMrm.exe

C:\Windows\System\UnzxwLJ.exe

C:\Windows\System\UnzxwLJ.exe

C:\Windows\System\KGKTdYt.exe

C:\Windows\System\KGKTdYt.exe

C:\Windows\System\ZpjrIOn.exe

C:\Windows\System\ZpjrIOn.exe

C:\Windows\System\WAXyteJ.exe

C:\Windows\System\WAXyteJ.exe

C:\Windows\System\RisJrQQ.exe

C:\Windows\System\RisJrQQ.exe

C:\Windows\System\XNakFxT.exe

C:\Windows\System\XNakFxT.exe

C:\Windows\System\NthpEXm.exe

C:\Windows\System\NthpEXm.exe

C:\Windows\System\mUzfdVo.exe

C:\Windows\System\mUzfdVo.exe

C:\Windows\System\ACPWhsr.exe

C:\Windows\System\ACPWhsr.exe

C:\Windows\System\oldOenO.exe

C:\Windows\System\oldOenO.exe

C:\Windows\System\jqXsXuX.exe

C:\Windows\System\jqXsXuX.exe

C:\Windows\System\gngspRK.exe

C:\Windows\System\gngspRK.exe

C:\Windows\System\NsdhEYN.exe

C:\Windows\System\NsdhEYN.exe

C:\Windows\System\JihJlPq.exe

C:\Windows\System\JihJlPq.exe

C:\Windows\System\DYTucru.exe

C:\Windows\System\DYTucru.exe

C:\Windows\System\zlyKiLj.exe

C:\Windows\System\zlyKiLj.exe

C:\Windows\System\slPrmYh.exe

C:\Windows\System\slPrmYh.exe

C:\Windows\System\lGTSPAB.exe

C:\Windows\System\lGTSPAB.exe

C:\Windows\System\vCAjVXb.exe

C:\Windows\System\vCAjVXb.exe

C:\Windows\System\qyagCIn.exe

C:\Windows\System\qyagCIn.exe

C:\Windows\System\fmQjkjv.exe

C:\Windows\System\fmQjkjv.exe

C:\Windows\System\uKDTjJo.exe

C:\Windows\System\uKDTjJo.exe

C:\Windows\System\ngiOsJC.exe

C:\Windows\System\ngiOsJC.exe

C:\Windows\System\AlWwDAu.exe

C:\Windows\System\AlWwDAu.exe

C:\Windows\System\xWNPPcb.exe

C:\Windows\System\xWNPPcb.exe

C:\Windows\System\hUlphme.exe

C:\Windows\System\hUlphme.exe

C:\Windows\System\AHbEIsQ.exe

C:\Windows\System\AHbEIsQ.exe

C:\Windows\System\nbIkiSb.exe

C:\Windows\System\nbIkiSb.exe

C:\Windows\System\KcPJMVA.exe

C:\Windows\System\KcPJMVA.exe

C:\Windows\System\rGWfpOR.exe

C:\Windows\System\rGWfpOR.exe

C:\Windows\System\SCKeccN.exe

C:\Windows\System\SCKeccN.exe

C:\Windows\System\ZpxGMyh.exe

C:\Windows\System\ZpxGMyh.exe

C:\Windows\System\EMIsOFu.exe

C:\Windows\System\EMIsOFu.exe

C:\Windows\System\FNchGxW.exe

C:\Windows\System\FNchGxW.exe

C:\Windows\System\NxcSMFc.exe

C:\Windows\System\NxcSMFc.exe

C:\Windows\System\hikvtef.exe

C:\Windows\System\hikvtef.exe

C:\Windows\System\YQKOTRH.exe

C:\Windows\System\YQKOTRH.exe

C:\Windows\System\uuWdrRY.exe

C:\Windows\System\uuWdrRY.exe

C:\Windows\System\FqVRfwp.exe

C:\Windows\System\FqVRfwp.exe

C:\Windows\System\WbjmuEw.exe

C:\Windows\System\WbjmuEw.exe

C:\Windows\System\yxKsNyH.exe

C:\Windows\System\yxKsNyH.exe

C:\Windows\System\rrBwhrD.exe

C:\Windows\System\rrBwhrD.exe

C:\Windows\System\AJBOJFy.exe

C:\Windows\System\AJBOJFy.exe

C:\Windows\System\DLLZLmH.exe

C:\Windows\System\DLLZLmH.exe

C:\Windows\System\cGqwcIF.exe

C:\Windows\System\cGqwcIF.exe

C:\Windows\System\rjrPWUM.exe

C:\Windows\System\rjrPWUM.exe

C:\Windows\System\gqswHFU.exe

C:\Windows\System\gqswHFU.exe

C:\Windows\System\fMzqeri.exe

C:\Windows\System\fMzqeri.exe

C:\Windows\System\qBPdtki.exe

C:\Windows\System\qBPdtki.exe

C:\Windows\System\TtaHaNM.exe

C:\Windows\System\TtaHaNM.exe

C:\Windows\System\mNBRjvR.exe

C:\Windows\System\mNBRjvR.exe

C:\Windows\System\tKDGBkd.exe

C:\Windows\System\tKDGBkd.exe

C:\Windows\System\KEKCvmF.exe

C:\Windows\System\KEKCvmF.exe

C:\Windows\System\PXOQyLG.exe

C:\Windows\System\PXOQyLG.exe

C:\Windows\System\TSyujeS.exe

C:\Windows\System\TSyujeS.exe

C:\Windows\System\EfkLMdQ.exe

C:\Windows\System\EfkLMdQ.exe

C:\Windows\System\msgdNjE.exe

C:\Windows\System\msgdNjE.exe

C:\Windows\System\gOkNrVo.exe

C:\Windows\System\gOkNrVo.exe

C:\Windows\System\dHKMhxZ.exe

C:\Windows\System\dHKMhxZ.exe

C:\Windows\System\bwuCMvB.exe

C:\Windows\System\bwuCMvB.exe

C:\Windows\System\ItnBnxg.exe

C:\Windows\System\ItnBnxg.exe

C:\Windows\System\EJoEojk.exe

C:\Windows\System\EJoEojk.exe

C:\Windows\System\vWWgmqD.exe

C:\Windows\System\vWWgmqD.exe

C:\Windows\System\QAxDuEy.exe

C:\Windows\System\QAxDuEy.exe

C:\Windows\System\fqeFVxC.exe

C:\Windows\System\fqeFVxC.exe

C:\Windows\System\AgvNdQW.exe

C:\Windows\System\AgvNdQW.exe

C:\Windows\System\UwHcKbV.exe

C:\Windows\System\UwHcKbV.exe

C:\Windows\System\lXKvBsr.exe

C:\Windows\System\lXKvBsr.exe

C:\Windows\System\LuBYNSE.exe

C:\Windows\System\LuBYNSE.exe

C:\Windows\System\lGLSfND.exe

C:\Windows\System\lGLSfND.exe

C:\Windows\System\nySCEGe.exe

C:\Windows\System\nySCEGe.exe

C:\Windows\System\TdDqojt.exe

C:\Windows\System\TdDqojt.exe

C:\Windows\System\OcRLIoI.exe

C:\Windows\System\OcRLIoI.exe

C:\Windows\System\GpLDind.exe

C:\Windows\System\GpLDind.exe

C:\Windows\System\SayZFjS.exe

C:\Windows\System\SayZFjS.exe

C:\Windows\System\BXWvyjE.exe

C:\Windows\System\BXWvyjE.exe

C:\Windows\System\YPPjZTs.exe

C:\Windows\System\YPPjZTs.exe

C:\Windows\System\dusFlci.exe

C:\Windows\System\dusFlci.exe

C:\Windows\System\ywEwhnu.exe

C:\Windows\System\ywEwhnu.exe

C:\Windows\System\pTXJMlt.exe

C:\Windows\System\pTXJMlt.exe

C:\Windows\System\EceIvDQ.exe

C:\Windows\System\EceIvDQ.exe

C:\Windows\System\CvJtktF.exe

C:\Windows\System\CvJtktF.exe

C:\Windows\System\GsqoFTG.exe

C:\Windows\System\GsqoFTG.exe

C:\Windows\System\gACuHOI.exe

C:\Windows\System\gACuHOI.exe

C:\Windows\System\rUKJiHm.exe

C:\Windows\System\rUKJiHm.exe

C:\Windows\System\TtWsKTc.exe

C:\Windows\System\TtWsKTc.exe

C:\Windows\System\tdKRapv.exe

C:\Windows\System\tdKRapv.exe

C:\Windows\System\DXDFicW.exe

C:\Windows\System\DXDFicW.exe

C:\Windows\System\istZxcN.exe

C:\Windows\System\istZxcN.exe

C:\Windows\System\YpHdodQ.exe

C:\Windows\System\YpHdodQ.exe

C:\Windows\System\hEpWihp.exe

C:\Windows\System\hEpWihp.exe

C:\Windows\System\gQUqJFl.exe

C:\Windows\System\gQUqJFl.exe

C:\Windows\System\lhRTIqF.exe

C:\Windows\System\lhRTIqF.exe

C:\Windows\System\inhFuEQ.exe

C:\Windows\System\inhFuEQ.exe

C:\Windows\System\ugeaAjj.exe

C:\Windows\System\ugeaAjj.exe

C:\Windows\System\ztbEIOI.exe

C:\Windows\System\ztbEIOI.exe

C:\Windows\System\QpxAhrN.exe

C:\Windows\System\QpxAhrN.exe

C:\Windows\System\nUBDLpX.exe

C:\Windows\System\nUBDLpX.exe

C:\Windows\System\uleZxsm.exe

C:\Windows\System\uleZxsm.exe

C:\Windows\System\cSjUxap.exe

C:\Windows\System\cSjUxap.exe

C:\Windows\System\orZqcTi.exe

C:\Windows\System\orZqcTi.exe

C:\Windows\System\IJMcuQn.exe

C:\Windows\System\IJMcuQn.exe

C:\Windows\System\kWhRejv.exe

C:\Windows\System\kWhRejv.exe

C:\Windows\System\Oongonp.exe

C:\Windows\System\Oongonp.exe

C:\Windows\System\yMHkYzX.exe

C:\Windows\System\yMHkYzX.exe

C:\Windows\System\DiBuHEl.exe

C:\Windows\System\DiBuHEl.exe

C:\Windows\System\YvWMVcL.exe

C:\Windows\System\YvWMVcL.exe

C:\Windows\System\yrfuvwM.exe

C:\Windows\System\yrfuvwM.exe

C:\Windows\System\OHFnCel.exe

C:\Windows\System\OHFnCel.exe

C:\Windows\System\OLCqKDI.exe

C:\Windows\System\OLCqKDI.exe

C:\Windows\System\TfxVMTd.exe

C:\Windows\System\TfxVMTd.exe

C:\Windows\System\KUsqbEv.exe

C:\Windows\System\KUsqbEv.exe

C:\Windows\System\WWDnTqv.exe

C:\Windows\System\WWDnTqv.exe

C:\Windows\System\HMUyAoR.exe

C:\Windows\System\HMUyAoR.exe

C:\Windows\System\bfuZTZg.exe

C:\Windows\System\bfuZTZg.exe

C:\Windows\System\jenIXhr.exe

C:\Windows\System\jenIXhr.exe

C:\Windows\System\ciJCgbb.exe

C:\Windows\System\ciJCgbb.exe

C:\Windows\System\ZESWLNV.exe

C:\Windows\System\ZESWLNV.exe

C:\Windows\System\njkvQfF.exe

C:\Windows\System\njkvQfF.exe

C:\Windows\System\SCAfPyU.exe

C:\Windows\System\SCAfPyU.exe

C:\Windows\System\amnCnkJ.exe

C:\Windows\System\amnCnkJ.exe

C:\Windows\System\eXwDRwF.exe

C:\Windows\System\eXwDRwF.exe

C:\Windows\System\PqmfMys.exe

C:\Windows\System\PqmfMys.exe

C:\Windows\System\qltVGSL.exe

C:\Windows\System\qltVGSL.exe

C:\Windows\System\WnZSAJu.exe

C:\Windows\System\WnZSAJu.exe

C:\Windows\System\ROnlMvr.exe

C:\Windows\System\ROnlMvr.exe

C:\Windows\System\LJuEazV.exe

C:\Windows\System\LJuEazV.exe

C:\Windows\System\mywegwb.exe

C:\Windows\System\mywegwb.exe

C:\Windows\System\LZsyiyn.exe

C:\Windows\System\LZsyiyn.exe

C:\Windows\System\WRdHOmB.exe

C:\Windows\System\WRdHOmB.exe

C:\Windows\System\rMsWPvD.exe

C:\Windows\System\rMsWPvD.exe

C:\Windows\System\MYcoiXz.exe

C:\Windows\System\MYcoiXz.exe

C:\Windows\System\kMfFwov.exe

C:\Windows\System\kMfFwov.exe

C:\Windows\System\Pzneobs.exe

C:\Windows\System\Pzneobs.exe

C:\Windows\System\QikYRNA.exe

C:\Windows\System\QikYRNA.exe

C:\Windows\System\GbSDFYr.exe

C:\Windows\System\GbSDFYr.exe

C:\Windows\System\ETBvLbE.exe

C:\Windows\System\ETBvLbE.exe

C:\Windows\System\HSgOqsJ.exe

C:\Windows\System\HSgOqsJ.exe

C:\Windows\System\bPsPjKt.exe

C:\Windows\System\bPsPjKt.exe

C:\Windows\System\eWsaZZY.exe

C:\Windows\System\eWsaZZY.exe

C:\Windows\System\BRqGXfR.exe

C:\Windows\System\BRqGXfR.exe

C:\Windows\System\nPViYgy.exe

C:\Windows\System\nPViYgy.exe

C:\Windows\System\tLgMrAc.exe

C:\Windows\System\tLgMrAc.exe

C:\Windows\System\pOCWKBo.exe

C:\Windows\System\pOCWKBo.exe

C:\Windows\System\pgbDPtD.exe

C:\Windows\System\pgbDPtD.exe

C:\Windows\System\WMjAPTn.exe

C:\Windows\System\WMjAPTn.exe

C:\Windows\System\pvifhLV.exe

C:\Windows\System\pvifhLV.exe

C:\Windows\System\aJCwFln.exe

C:\Windows\System\aJCwFln.exe

C:\Windows\System\SBHTdJv.exe

C:\Windows\System\SBHTdJv.exe

C:\Windows\System\FdDXdcB.exe

C:\Windows\System\FdDXdcB.exe

C:\Windows\System\lOFgByx.exe

C:\Windows\System\lOFgByx.exe

C:\Windows\System\oOjNVre.exe

C:\Windows\System\oOjNVre.exe

C:\Windows\System\lWDNLeK.exe

C:\Windows\System\lWDNLeK.exe

C:\Windows\System\LiRdRJD.exe

C:\Windows\System\LiRdRJD.exe

C:\Windows\System\bFWSPZm.exe

C:\Windows\System\bFWSPZm.exe

C:\Windows\System\JgULytm.exe

C:\Windows\System\JgULytm.exe

C:\Windows\System\zxvgKEg.exe

C:\Windows\System\zxvgKEg.exe

C:\Windows\System\NBnFyqj.exe

C:\Windows\System\NBnFyqj.exe

C:\Windows\System\xwFaFOK.exe

C:\Windows\System\xwFaFOK.exe

C:\Windows\System\eCrgoVH.exe

C:\Windows\System\eCrgoVH.exe

C:\Windows\System\UbUGPUo.exe

C:\Windows\System\UbUGPUo.exe

C:\Windows\System\AmmxVxz.exe

C:\Windows\System\AmmxVxz.exe

C:\Windows\System\wxjfuJY.exe

C:\Windows\System\wxjfuJY.exe

C:\Windows\System\uditTfa.exe

C:\Windows\System\uditTfa.exe

C:\Windows\System\rgVWxBg.exe

C:\Windows\System\rgVWxBg.exe

C:\Windows\System\rpYgpSO.exe

C:\Windows\System\rpYgpSO.exe

C:\Windows\System\XJogVjQ.exe

C:\Windows\System\XJogVjQ.exe

C:\Windows\System\vKhfSVq.exe

C:\Windows\System\vKhfSVq.exe

C:\Windows\System\gbeyqrX.exe

C:\Windows\System\gbeyqrX.exe

C:\Windows\System\CzRMSpp.exe

C:\Windows\System\CzRMSpp.exe

C:\Windows\System\tTwHXbE.exe

C:\Windows\System\tTwHXbE.exe

C:\Windows\System\FdPTUyX.exe

C:\Windows\System\FdPTUyX.exe

C:\Windows\System\vOoIhYH.exe

C:\Windows\System\vOoIhYH.exe

C:\Windows\System\WwyeEkM.exe

C:\Windows\System\WwyeEkM.exe

C:\Windows\System\uTSeTeo.exe

C:\Windows\System\uTSeTeo.exe

C:\Windows\System\KVckeAs.exe

C:\Windows\System\KVckeAs.exe

C:\Windows\System\fEqnNnk.exe

C:\Windows\System\fEqnNnk.exe

C:\Windows\System\TCKZDcQ.exe

C:\Windows\System\TCKZDcQ.exe

C:\Windows\System\xaxqfVX.exe

C:\Windows\System\xaxqfVX.exe

C:\Windows\System\UdnCVWv.exe

C:\Windows\System\UdnCVWv.exe

C:\Windows\System\dyVGtwf.exe

C:\Windows\System\dyVGtwf.exe

Network

N/A

Files

memory/2000-0-0x0000000000080000-0x0000000000090000-memory.dmp

memory/2000-2-0x000000013FC00000-0x000000013FF54000-memory.dmp

C:\Windows\system\bNnNnqy.exe

MD5 69f87c5876d6f458b496f9ff117dd82f
SHA1 2d6d889646e7f8bb924527853b344c3d4b7aa0b3
SHA256 9e271dab1335a01f7de031788b2eafe392b14b02c8bc5eae7e108650f3ec3342
SHA512 5ad54d91b55ec973607dc65c93006e9b33ddfd2843f6067e66b16aa381c3b0c159199670fad46e99342fd4f00c420a8ad441e63868edaaa5407e6c47227c4559

memory/2876-20-0x000000013FD70000-0x00000001400C4000-memory.dmp

C:\Windows\system\SZdRHlX.exe

MD5 8749c2601427ce4945ede85b451bb4a3
SHA1 b95ba1e4702fa860b32731c1f1183619f6ed0de5
SHA256 012441dae3d3b222f893e34e9232d451aaf4e3e182545c84b84329f2301a7544
SHA512 c1482cf15d658ac06c5a4c7ae7ef001e6562b267663871744aa901caaeebc91965dd07b6dc3be506f423afc58b6e609ddee5dad06cfaa0ed05b6259cb1f15acc

memory/2000-79-0x0000000002470000-0x00000000027C4000-memory.dmp

memory/2000-90-0x0000000002470000-0x00000000027C4000-memory.dmp

memory/2532-93-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2000-95-0x000000013F620000-0x000000013F974000-memory.dmp

\Windows\system\sNKMNhr.exe

MD5 9324349aefb331be58698104e036fe7e
SHA1 f58208785c1cdd82c87c69c2601c411b8eeea0a6
SHA256 b9b213dd97545f3c50f21f98c38c1638b4997db5d3af9dfd59be2dfb7a9f5636
SHA512 12d2a7a2f35b4eba8b1a849282e8ec2321ecb07c924fda1321288b0cdd2fd28267030d31a227d869cd701b6b0eaa753740ac35e46acc874026217e9c555d0cc6

memory/2488-92-0x000000013F660000-0x000000013F9B4000-memory.dmp

C:\Windows\system\jaxQklK.exe

MD5 ee14fddde9a5ad1ceb614bbe926b495b
SHA1 82b9de8e43b49b24aa44fcf6feb7ff88fb613a2d
SHA256 bd3bcbb0d2354bb8b4886c98865694bd6fa617f54fe329db27c32399cd35c2d6
SHA512 0bc467d269095f577c07deeeec48102e5fd11648c31eb386dedb4f632de499b15f42a869bf797ffd72a1604744b759611aab812ec84035ee5aba5d391b77b421

\Windows\system\QsFaBGW.exe

MD5 bba170d63cd7122cd8f345bcd2445bb7
SHA1 37059b9e07ff986494801a231e89daa2ee1d0084
SHA256 e713c0724142f54caf704efe1312ecb849cde02f68a21e1024b081d584ed222b
SHA512 eec887db6a829b40b4477e7b0c4352a0f013d8ab927b5a3702c98656f7251e6a5a98cc6792d34943e6f12b7ef18947686726816f64bf4036d11cbb02c581220e

\Windows\system\VVJinlE.exe

MD5 8e5021d38bc4d100b3d507fdff62e4b8
SHA1 a966a7aa205a32b90e5a8f3b68a87f1f44220de5
SHA256 6c2d05a456afad7d00ec1521446b493e3f9924292d2fa87caa4b1124a14b6be0
SHA512 5bd548958bf59b60454f6fae69f7e2f3c722bae5927b9affb31f55376ea33580795aeec6e329049512976e926feba7300a639c2774d228ae098fd57f6de010f7

\Windows\system\ITYSVlL.exe

MD5 d9e26f536dde1e6119a55aa5cc05cadc
SHA1 122b8e85f62ab737a02960e748e58f8632479ade
SHA256 01e4c4efe7ca3adb5ced65a5ad0eaa4e42c9e1c8ba714e9b57caee43e5107488
SHA512 80ed6345b0329e0df8ddc5a421662130af45f3f62781f990718f74bea34008f276b28227440ecf32ca0eebd6284f8f2503f8ac2b213c358a58a53c8ac34f861c

\Windows\system\pxLoizn.exe

MD5 a2e6ff6f74502bebf222a16435846dd3
SHA1 8c7731d72f8148c3f4d72996f62b4a2f3b25e9c1
SHA256 d12806c1107367902dc9a504bc6618fc0591d1e0146fef5d687003922a01e104
SHA512 2da961f8fd942da8440945a362e485fceb557709f1874a154c820a2896c708413c00b5259e1c2ba0e8e42e91637158e019cd3c42e7c3a76d1ff7397647267ee4

\Windows\system\qlpjgYW.exe

MD5 0c76edaacc92e5747cf1f2bb0fde1538
SHA1 5645885fdffa619527b76cecbb0c3115a9bc3ed8
SHA256 2f10b40f77b1ad0cf65aaadbb5edeff6ba7c5cbaa238f58fef01be57df89ecc2
SHA512 59c8fe29d84f7bfc1b76cf7f11e345f156052965b98060165dbf25181f5b66a59ffd1a4c4166dba38ea71a7b7572e9e4fabf78280ae92601543f51a917720c60

\Windows\system\FcgAqWG.exe

MD5 3239390487b31d6d758cab0918706ae0
SHA1 de5de564402c8f2897782f6f7bc5dad94e972f11
SHA256 c344a464b20460e8fb2582d5f334765ea544b3f0b7cdb81ade05f16570cf4dd4
SHA512 2d72c36bd1d533f83b8f2ff5ab407f3019624fab0ef45acd9679f5d66a2ea94e5b45e76bd9f0ecb08be601da4cc39b11ec926248884b62e195906044147bef09

C:\Windows\system\yqtLCVA.exe

MD5 98e269e8eb8efc975287f23cfda81b0e
SHA1 d40160f6cf09226cd551df0cfd42a1f01a8a30da
SHA256 36503b131fa37eea16b3169b7805377ebaaed313f2ce86a9fc1be26d2e401fce
SHA512 42fca3ea1993cff9ec061a674f7eedd325b1a8e88c3c56a288f0a86ab721e4e15c644beb36f26d57a484baaf8aa605a0ddfa974b61aeb7e890895f3c068ae883

C:\Windows\system\JOEXYGw.exe

MD5 275cc5d7ae69d40a5d888dbb6a93074a
SHA1 4730036ed2550b6337dd6a250d905ebec7d1009a
SHA256 4f180fe77db34cc34f61d8a2f6c54e1baffbf408fe991a86d60b1a92988b11bf
SHA512 ac10572449b8c5860f60e2048f8296126aa1c03fc0057055fb7d9bdcca2fc96de7448063d05babf219670c2950ab415211b1224bd7f3257e01b9315cb607c09a

C:\Windows\system\KLttbSt.exe

MD5 480f2649869f53512977145c8617cd48
SHA1 fba9b3f37b32213932bcecb72592c2e64c9f2267
SHA256 964dde5af6ad61666f2ab56c77ec24f53378c92b66f6edceae38755cc7702c91
SHA512 7ad0874609e845d594ca150986f8605b8a09cf655c13e54fba1203e15ae34b84ed0103c0dae514dbc38f9b78f81bb751469badf0cc914ecca355954cfe72e2d6

C:\Windows\system\NOxmBJo.exe

MD5 d897fec022f17cc5a513d8ca03c14944
SHA1 26acbfe53bfe2e8cd32c856b1461b81eb58052b9
SHA256 eb075962678a316103324a304224a9ecc3b7051b27916e782559a4ee2df2ba1a
SHA512 77381cc22c96804f3c0f901986efaab11b56db03e2e0026fba29b198ce8b629406cab201f74a17033df3049879e34a39ebeb81aac4ac60cf74f49ac5712dd687

C:\Windows\system\IytAFUE.exe

MD5 46278d4011d66da3b81c560460682de7
SHA1 1ab1d8097c79828c03d2106699f5aa4a5bab42e3
SHA256 33b0a877e1b2f7b91ad85cb9906b47c43072e99f5cb34dfb8eecc2a0bc35f89a
SHA512 4411de6c8ada63fbd6d3b5876c87069f92afe187b4473c97ea0a0eda0fa5f48ce099433206aa481f0fede7abfe40d879050b0fde5e8fa4b4367200965ceba7b4

C:\Windows\system\VJXiFyM.exe

MD5 8141abba4f15a1cd6af9e039da1366a9
SHA1 2ec930ef9bd0d4e7a6bef2ee96b0d62605808df0
SHA256 8241fe114cb03ee2adf33c5cb01ad8c971c742692fd63238c934305459293a8a
SHA512 c30bf48d8b9a72367382d5e7aa33b8967ccc4ec514ed0ef4e8aa7638ff231d31544557663e2c5e3de345d2ec41fdb5af3d6fab6c5a4f371f0be75fb9c9b9e76a

C:\Windows\system\RhPkPGl.exe

MD5 50338f02c15ae6c92bc5238786bd822c
SHA1 a25b15266231857616a69c57519f1562cc60fbb6
SHA256 b8e9e4edc961a6d5f49252e3de0177724f0e747d9d9c960496092c7ff960e7f2
SHA512 a50b52074639122ecfd7f8e42e94e8d2c719c83c1e680be11013cd4a9119f0364ff098ba3e8476f971f4c24458fb3b5fe30b0ff3d34f27253bc889a1e44bcec7

C:\Windows\system\mPVwxND.exe

MD5 e0401d875cdf3040e920e9b246008d9a
SHA1 30bd13f9e6432ba774fb1deb54fd66d536513c01
SHA256 69a2d7a3d5ba0e61ef7ba6accd1e89a67c2c2f67fcee30dd5d2ab5acdf18b40e
SHA512 8a20c8026361021a368673d3be58b703b0f0d7c2c4c77df39a4003ced1d43c8c27e46c533ec5adf328f5dabf7c4daf74b285e14821b026f1164564fd323b9ab2

C:\Windows\system\aclTUMM.exe

MD5 4f8598ff1e2dc9a2ebcca141b84f908f
SHA1 ee858ff8d9dc240021dd7c0f140d2ca02585752d
SHA256 a10cbbdc3cf78a32667a78889c06f7e2c08dc9ba78edb5b3fc690762f759b809
SHA512 f138dfddc425a8593fd135f2f9655fdc822f444215b162d405d7ec79d58c7cb47838d84fbdab840a45a25612fc1aae4746fcf9e9e5e4b0331f10a1046dbb45d8

C:\Windows\system\JBPBGqF.exe

MD5 2241f3184fdc3ccc4d20a65f34f192b3
SHA1 158ac42e662bb5265dda908a0a021e0220f679fa
SHA256 c54601de8d0990f2351fa2e5f92292ce1c3ad83f89d7caaf73d02472d908d98d
SHA512 18bc919d0003ecacb658c94ddc5f8e8dd8b36c1f71d7d3f952ca8ffcbd2c33cee685d8095cd1e9e062558af53a065080bf1ebe4f114e7c8da04e85b41c9fc664

C:\Windows\system\dhMskmg.exe

MD5 966bd96dd7775cd828b2c2df4adea9e0
SHA1 704c9a3b6cae9f104f68ee561815437130bc844b
SHA256 6b3543ae5686c3d35700aaf3d71ddde63125f1d9c625087d9031a20156567bc7
SHA512 9e8193703dd34ab70380da75fc8ebda1917ae140020de17ae1a4008e48611f99f5ce4b07dd1327ec4a3d760d7f1422ae1c5b3cefbbe2f1e85e64ff268480981d

C:\Windows\system\CgrTMaP.exe

MD5 749a8f86c8583257c6ac04d521dc034c
SHA1 22618abf169960e695a3ed6ec8b6ee951a1e6dea
SHA256 f0c2ed6fa5eea5c7fc2d28a24a222328e590927f1033ad7b6bd302fdb199bfbf
SHA512 fc40d3877f88894257099df611a1de29f0cd2487e4b9b6fcbc5d017f25e74180e31f52bb9a4b437e298f0aaffbc5210398378646683a723489c4bfe4a700dc25

C:\Windows\system\xAAQAND.exe

MD5 0f77737c873e502abb4fe7f36e700069
SHA1 074a275dead6fe93f8f1bf36300770069e6fa97c
SHA256 c98490f79c6d739312e71451ab235c5d35f09836fe4ed1a0287e90c34b81eab6
SHA512 6505ef99b5dfb7c00ea5657a018270ab11098172859fad8615fc6ca560aea7784b94e910f770e328bc6ea2dd83b0136363be5df9b370e2fb569a032954cf4a10

memory/2000-106-0x0000000002470000-0x00000000027C4000-memory.dmp

C:\Windows\system\ztlqLMk.exe

MD5 cbf7b3df563d658cde3dbec8ac5e010f
SHA1 cc9290a281b94a0a90731082191dd3dd4546974d
SHA256 199b837858d799826294da6f77e7f26ef7f648020a0e0832a14cce3f7a39f914
SHA512 8153d595e145f25b6aeec2d5319317c0989e5cc77821840fe3d9eadd9a5f7e33499584301aca4aebe5cd21b03700cf15d1a23aceaf9f214a0b1ace5fa2ebc599

memory/2604-100-0x000000013F620000-0x000000013F974000-memory.dmp

memory/2000-91-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2000-89-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2000-88-0x0000000002470000-0x00000000027C4000-memory.dmp

memory/2000-87-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2000-86-0x000000013F290000-0x000000013F5E4000-memory.dmp

memory/2380-85-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2528-84-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2568-83-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2000-82-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/2276-81-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2552-80-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2000-77-0x0000000002470000-0x00000000027C4000-memory.dmp

C:\Windows\system\mNEFpUu.exe

MD5 7c89251a59ec9f85d7b06ca5fbd46d30
SHA1 ba121d89f1c082e5a005a5b99b48947c3355871e
SHA256 be9b6315f8a149c8456951a3859e5d86781fcc6ccf08fdcc551434b0dd5ba0bc
SHA512 62eb16c4fd502b134b8e3c8ae827ddb1d9c64b52c866d4cdbf096917397605c41401f0e700ed2bad0077f3b5c319aa38de6195d9c03cc444a1554b7be8cd4e30

C:\Windows\system\GcYpbZM.exe

MD5 39374acfc38a98871cd2d936c5a9eb23
SHA1 3704caf9027a0ee73757a028fede27cf7acc80ca
SHA256 5c067090176f8972e4c8a067a5bd5b9b77fe9533e08badfe9abec89eae4e1bae
SHA512 bb66a1024ce680ef62d45d923384310092eb65bcbb9f9ea2ba9d35122c5d29dcd0c5a91d614405d839aac21b6b23168fa78ccbfd66a75e5d027926945d2c4045

memory/2500-72-0x000000013F8D0000-0x000000013FC24000-memory.dmp

\Windows\system\JKSGNSK.exe

MD5 6a1e94b2ec6c5440618e48e1d29ca2d3
SHA1 91b3d775945881f57b01963706d6683278b79e32
SHA256 022a1254d39bb0fa313f168d16f56df5ab021cc364124736e40c10a18d27f354
SHA512 ed6b9635038141a9a7e786f420f294d14fc3c7d46a4db1c19f665d2816bc21171164ced95487b7f0f2775cfe47daf2cf1318ff3152f89f6a68070d1d7e722e9a

C:\Windows\system\buPnAVh.exe

MD5 22e3b849a14f247e3cefc7faa155c03b
SHA1 fdbf95ec1047aefa8b4dc78512df00b90548195a
SHA256 3a070d4f499bd1875ddde02899e2c5edd40a9ec8e8df4127bbc1a3db1cf9062c
SHA512 cc32878a76791aafa8fc1600f5ad91ecc6e0f372d631a4f8897ff6de35ab687ced4a5874eb6bc1823d5a9c3dbcdbae3e3be35f44fd5948f811a0edb615c5d8c7

memory/2632-70-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/2516-68-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2000-67-0x0000000002470000-0x00000000027C4000-memory.dmp

C:\Windows\system\bkDMmXk.exe

MD5 68c2b2e64a52c5740bd6fa1caafbc0cc
SHA1 c2481d1c3bc016786af188ae3a9f40e2337cd91e
SHA256 63e4f69a04a64d4ff8f74ecb21cc142bb2a3a88fd046a005c2fd5abcddb32931
SHA512 f1fb6c5a59b48ea9ffc3497d26f9e9aef0d12cb1285264c9320f395ccb851e5425fea6810c2dffc4982483b1ebc2d15112eef311531b0313881ed40e06a1f182

C:\Windows\system\hbGJUKt.exe

MD5 ed796e1e8f4cf6b381d479b0ef0d21a6
SHA1 97e6ca02d1e9645ef3aba2688ca46c0c825ac335
SHA256 d999d978ebe5893d7fa96b721e4cc8612425f7f709241df83990933786a1ac89
SHA512 5f31ecbb70589cb8d8c802ca15072d8605836e55a1401f23fe58542617e1d62192a04f25ef5ac88491882b09890ec304a74eec4f66fad754c7078b251526ee39

memory/2476-49-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/2000-53-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/2456-39-0x000000013F290000-0x000000013F5E4000-memory.dmp

C:\Windows\system\pVvtYMG.exe

MD5 bd85b8219ed70f199f75eab9a9ae07db
SHA1 3994d44a12b03099d9469c7929ec8a1ee1e3cde0
SHA256 4215456f2fd178b76d33e94f9b78b0c2447c39ca6fe8e96e58f6a73c1e49b76a
SHA512 c7a9bb88430cbee9ccf49db85a99afc185e88bf78769ab87684acaf16c51370f3c13f95054fabf0163f988aca8ff1e6cf552212e6e36d8dd565d4f61fb2365ef

C:\Windows\system\rEvwqmI.exe

MD5 ca660d6a394bfa35aa1a0197dff3743c
SHA1 3830ad60eebd76f76e3da9e15c50989a087648f9
SHA256 f1421bf08e545f52596e41f41953ec028c376f908da70df3787e98bbead36687
SHA512 a70b0b306f053f0078a0e2bcaa212ef906559d212e8fd85bf814f196e42d3692803618062c3143623574b6391e7d53f68605c01f28419a22a76aeca3f46c316d

C:\Windows\system\cQzwueX.exe

MD5 e70675f950763461ec04b933052badc0
SHA1 003511da641c31a67bb07f9af02067310a9de366
SHA256 9620885855b8003a0a5b509c3741c0ecd8476f192fe301ddab216ca2ff6c5ae2
SHA512 299a1b8b1e4b182add9426417f3592428a795f76ebf31c583d71f1dab62ec93d7560cf1699008131512f3502e2012a3cf6a956e3120a865357f866ce1ec3ad29

memory/2000-26-0x0000000002470000-0x00000000027C4000-memory.dmp

C:\Windows\system\EdGrYEH.exe

MD5 f1d6e6b4cca6dcd95aa9b248ff792124
SHA1 fae867b694a8a370d1d987420c01a51cb70c4c60
SHA256 36603ecba02319ea68c33cdfd86af6548cd568868262e6025eec4bf80dfe6c80
SHA512 bae8fbfcd48910c79c1521b494b6aef0920482900b71adf9be00abeddac5947ff830aaddaebfb35c5aaf01c90a40100e83bb9b75d8670cccc5204c05f8d9f9a7

C:\Windows\system\pcRKxCx.exe

MD5 76a4983b11ce35629d732dd7b0ee1b8d
SHA1 34c33944513df72d81d06ca6b420091ec5177e3e
SHA256 8b1af1b42ee2e7157dad10165c8bb0f82c8e057ba7463dcdc2d3db6573143512
SHA512 49a42f93e08e912bf822418890b743231c7852db8b948e7ee87a1f0147b1d4f4f492434f8d8c778288d194cd169dcd0e76cf8b6440db8ed3f0fcb26730641d66

memory/2000-14-0x0000000002470000-0x00000000027C4000-memory.dmp

memory/2000-3103-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/2000-3137-0x0000000002470000-0x00000000027C4000-memory.dmp

memory/2000-3107-0x0000000002470000-0x00000000027C4000-memory.dmp

memory/2000-3087-0x0000000002470000-0x00000000027C4000-memory.dmp

memory/2000-3081-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/2876-3968-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/2456-3967-0x000000013F290000-0x000000013F5E4000-memory.dmp

memory/2476-3966-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/2500-3972-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2632-3971-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/2488-3984-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/2552-3985-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2276-3986-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2568-3987-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2380-3988-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2516-3989-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2528-3990-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2532-3991-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2604-3992-0x000000013F620000-0x000000013F974000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 19:24

Reported

2024-05-22 19:26

Platform

win10v2004-20240508-en

Max time kernel

137s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe"

Signatures

xmrig

miner xmrig

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_255d38650bbd5574bfe00951818acee4_cobalt-strike_cobaltstrike.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/1284-0-0x00007FF7D27C0000-0x00007FF7D2B14000-memory.dmp