Malware Analysis Report

2025-04-19 16:27

Sample ID 240522-yn4caaec91
Target 2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike
SHA256 5a419d0e0bc167cf8578164c181b249301c7c89a8226f4072aeceb964166f5a3
Tags
miner upx 0 xmrig cobaltstrike backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5a419d0e0bc167cf8578164c181b249301c7c89a8226f4072aeceb964166f5a3

Threat Level: Known bad

The file 2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike was found to be: Known bad.

Malicious Activity Summary

miner upx 0 xmrig cobaltstrike backdoor trojan

Detects Reflective DLL injection artifacts

Cobaltstrike family

Cobaltstrike

xmrig

Cobalt Strike reflective loader

Xmrig family

XMRig Miner payload

UPX dump on OEP (original entry point)

XMRig Miner payload

Detects Reflective DLL injection artifacts

UPX dump on OEP (original entry point)

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-22 19:56

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike family

cobaltstrike

Detects Reflective DLL injection artifacts

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 19:56

Reported

2024-05-22 19:59

Platform

win7-20240221-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe"

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

xmrig

miner xmrig

Detects Reflective DLL injection artifacts

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\eyDujKb.exe N/A
N/A N/A C:\Windows\System\ofElQZv.exe N/A
N/A N/A C:\Windows\System\rlKtixD.exe N/A
N/A N/A C:\Windows\System\HjThEHO.exe N/A
N/A N/A C:\Windows\System\ovktJeK.exe N/A
N/A N/A C:\Windows\System\ZZKwTpM.exe N/A
N/A N/A C:\Windows\System\uFhRYVI.exe N/A
N/A N/A C:\Windows\System\sSZkOGM.exe N/A
N/A N/A C:\Windows\System\ApKwXos.exe N/A
N/A N/A C:\Windows\System\VoJBbBn.exe N/A
N/A N/A C:\Windows\System\FEvVDOD.exe N/A
N/A N/A C:\Windows\System\ihyatts.exe N/A
N/A N/A C:\Windows\System\mdWYXDl.exe N/A
N/A N/A C:\Windows\System\QgHuHMt.exe N/A
N/A N/A C:\Windows\System\HLFvnJQ.exe N/A
N/A N/A C:\Windows\System\PBGQhUv.exe N/A
N/A N/A C:\Windows\System\irHQqgh.exe N/A
N/A N/A C:\Windows\System\nOgRUbL.exe N/A
N/A N/A C:\Windows\System\LSUsrBo.exe N/A
N/A N/A C:\Windows\System\wDQHnGM.exe N/A
N/A N/A C:\Windows\System\ErwWOVd.exe N/A
N/A N/A C:\Windows\System\CXQPtsj.exe N/A
N/A N/A C:\Windows\System\wziewmW.exe N/A
N/A N/A C:\Windows\System\XibowXz.exe N/A
N/A N/A C:\Windows\System\kyKWiBz.exe N/A
N/A N/A C:\Windows\System\RULXsMs.exe N/A
N/A N/A C:\Windows\System\RxIgCbf.exe N/A
N/A N/A C:\Windows\System\LhNmemh.exe N/A
N/A N/A C:\Windows\System\VDxYAnz.exe N/A
N/A N/A C:\Windows\System\okOYHPl.exe N/A
N/A N/A C:\Windows\System\IrqFwbY.exe N/A
N/A N/A C:\Windows\System\EXsDYKe.exe N/A
N/A N/A C:\Windows\System\omMQQMV.exe N/A
N/A N/A C:\Windows\System\MbNtOWB.exe N/A
N/A N/A C:\Windows\System\TTSunet.exe N/A
N/A N/A C:\Windows\System\XRwYfzB.exe N/A
N/A N/A C:\Windows\System\zRbonGs.exe N/A
N/A N/A C:\Windows\System\spFKwGA.exe N/A
N/A N/A C:\Windows\System\EyFaDjN.exe N/A
N/A N/A C:\Windows\System\wPMlVHa.exe N/A
N/A N/A C:\Windows\System\IOJJJop.exe N/A
N/A N/A C:\Windows\System\PpjpXPa.exe N/A
N/A N/A C:\Windows\System\lqSkPyW.exe N/A
N/A N/A C:\Windows\System\WltYkiW.exe N/A
N/A N/A C:\Windows\System\DAXptaV.exe N/A
N/A N/A C:\Windows\System\MoMggaN.exe N/A
N/A N/A C:\Windows\System\xmwUEJn.exe N/A
N/A N/A C:\Windows\System\VqqQIrD.exe N/A
N/A N/A C:\Windows\System\wXvywwH.exe N/A
N/A N/A C:\Windows\System\qwmERqz.exe N/A
N/A N/A C:\Windows\System\uARGqoa.exe N/A
N/A N/A C:\Windows\System\BXagVrD.exe N/A
N/A N/A C:\Windows\System\bgWMMOE.exe N/A
N/A N/A C:\Windows\System\qfHCagA.exe N/A
N/A N/A C:\Windows\System\RlYgQFf.exe N/A
N/A N/A C:\Windows\System\tnSLFUo.exe N/A
N/A N/A C:\Windows\System\xyxWtiM.exe N/A
N/A N/A C:\Windows\System\oUEMSKM.exe N/A
N/A N/A C:\Windows\System\WitkOvB.exe N/A
N/A N/A C:\Windows\System\UIDBjEl.exe N/A
N/A N/A C:\Windows\System\uLzectO.exe N/A
N/A N/A C:\Windows\System\ijSiokX.exe N/A
N/A N/A C:\Windows\System\jGfJstb.exe N/A
N/A N/A C:\Windows\System\WMZdkIw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\sjhBWLx.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\BcVRDPe.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rGIyFZy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\nOgRUbL.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\slDWCHE.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\OdgKFZq.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\lhpLqhZ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\wMcJYFY.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\CFbVZlC.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\nuHWeRI.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\jJwUoWy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\Sjpgiqx.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\KCEDCqb.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\uSQiNVe.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\gOFCEoX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ZNsfKQU.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\RULXsMs.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\fVoyEHW.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\oyIsnwg.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ejXIEyP.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vFMLQIM.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ZoeMOGF.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\peTrtex.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\MseLSwl.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\CTYhBLw.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\BYNVXhu.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\YKOrlvd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\bRkoajv.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\EKXAyhl.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\mBEnMbu.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\roVTRox.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\mgDlRbi.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vaQMPVc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\UJwoSrF.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\HMLOsFI.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\wXvywwH.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\xOPAapL.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ArvcYud.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\zNcbUXy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\UYguClc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TWhckUh.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\uoQiqZM.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ICPLjOk.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\nDODRXW.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\yuXABju.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\aeRqbcd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\AQGIfZY.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\icACRxV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ERdNAYk.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\aMDTTEy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\FCVaQdE.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rNUXCxV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vXGQmWS.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\lxsvEiM.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\hmJDCbW.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\CsWHPcn.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\FyhMQbp.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\QpJRRXj.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\EPXhlNz.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\QHgGHqU.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\IKaJRzX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\YromzCJ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\cUOzyxl.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\NMjKyMG.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1284 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\eyDujKb.exe
PID 1284 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\eyDujKb.exe
PID 1284 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\eyDujKb.exe
PID 1284 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\rlKtixD.exe
PID 1284 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\rlKtixD.exe
PID 1284 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\rlKtixD.exe
PID 1284 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ofElQZv.exe
PID 1284 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ofElQZv.exe
PID 1284 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ofElQZv.exe
PID 1284 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\HjThEHO.exe
PID 1284 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\HjThEHO.exe
PID 1284 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\HjThEHO.exe
PID 1284 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ovktJeK.exe
PID 1284 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ovktJeK.exe
PID 1284 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ovktJeK.exe
PID 1284 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\PBGQhUv.exe
PID 1284 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\PBGQhUv.exe
PID 1284 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\PBGQhUv.exe
PID 1284 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ZZKwTpM.exe
PID 1284 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ZZKwTpM.exe
PID 1284 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ZZKwTpM.exe
PID 1284 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\irHQqgh.exe
PID 1284 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\irHQqgh.exe
PID 1284 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\irHQqgh.exe
PID 1284 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\uFhRYVI.exe
PID 1284 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\uFhRYVI.exe
PID 1284 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\uFhRYVI.exe
PID 1284 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\nOgRUbL.exe
PID 1284 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\nOgRUbL.exe
PID 1284 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\nOgRUbL.exe
PID 1284 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\sSZkOGM.exe
PID 1284 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\sSZkOGM.exe
PID 1284 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\sSZkOGM.exe
PID 1284 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\LSUsrBo.exe
PID 1284 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\LSUsrBo.exe
PID 1284 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\LSUsrBo.exe
PID 1284 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ApKwXos.exe
PID 1284 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ApKwXos.exe
PID 1284 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ApKwXos.exe
PID 1284 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\wDQHnGM.exe
PID 1284 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\wDQHnGM.exe
PID 1284 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\wDQHnGM.exe
PID 1284 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\VoJBbBn.exe
PID 1284 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\VoJBbBn.exe
PID 1284 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\VoJBbBn.exe
PID 1284 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ErwWOVd.exe
PID 1284 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ErwWOVd.exe
PID 1284 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ErwWOVd.exe
PID 1284 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\FEvVDOD.exe
PID 1284 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\FEvVDOD.exe
PID 1284 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\FEvVDOD.exe
PID 1284 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\CXQPtsj.exe
PID 1284 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\CXQPtsj.exe
PID 1284 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\CXQPtsj.exe
PID 1284 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ihyatts.exe
PID 1284 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ihyatts.exe
PID 1284 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\ihyatts.exe
PID 1284 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\wziewmW.exe
PID 1284 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\wziewmW.exe
PID 1284 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\wziewmW.exe
PID 1284 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\mdWYXDl.exe
PID 1284 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\mdWYXDl.exe
PID 1284 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\mdWYXDl.exe
PID 1284 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe C:\Windows\System\XibowXz.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe"

C:\Windows\System\eyDujKb.exe

C:\Windows\System\eyDujKb.exe

C:\Windows\System\rlKtixD.exe

C:\Windows\System\rlKtixD.exe

C:\Windows\System\ofElQZv.exe

C:\Windows\System\ofElQZv.exe

C:\Windows\System\HjThEHO.exe

C:\Windows\System\HjThEHO.exe

C:\Windows\System\ovktJeK.exe

C:\Windows\System\ovktJeK.exe

C:\Windows\System\PBGQhUv.exe

C:\Windows\System\PBGQhUv.exe

C:\Windows\System\ZZKwTpM.exe

C:\Windows\System\ZZKwTpM.exe

C:\Windows\System\irHQqgh.exe

C:\Windows\System\irHQqgh.exe

C:\Windows\System\uFhRYVI.exe

C:\Windows\System\uFhRYVI.exe

C:\Windows\System\nOgRUbL.exe

C:\Windows\System\nOgRUbL.exe

C:\Windows\System\sSZkOGM.exe

C:\Windows\System\sSZkOGM.exe

C:\Windows\System\LSUsrBo.exe

C:\Windows\System\LSUsrBo.exe

C:\Windows\System\ApKwXos.exe

C:\Windows\System\ApKwXos.exe

C:\Windows\System\wDQHnGM.exe

C:\Windows\System\wDQHnGM.exe

C:\Windows\System\VoJBbBn.exe

C:\Windows\System\VoJBbBn.exe

C:\Windows\System\ErwWOVd.exe

C:\Windows\System\ErwWOVd.exe

C:\Windows\System\FEvVDOD.exe

C:\Windows\System\FEvVDOD.exe

C:\Windows\System\CXQPtsj.exe

C:\Windows\System\CXQPtsj.exe

C:\Windows\System\ihyatts.exe

C:\Windows\System\ihyatts.exe

C:\Windows\System\wziewmW.exe

C:\Windows\System\wziewmW.exe

C:\Windows\System\mdWYXDl.exe

C:\Windows\System\mdWYXDl.exe

C:\Windows\System\XibowXz.exe

C:\Windows\System\XibowXz.exe

C:\Windows\System\QgHuHMt.exe

C:\Windows\System\QgHuHMt.exe

C:\Windows\System\kyKWiBz.exe

C:\Windows\System\kyKWiBz.exe

C:\Windows\System\HLFvnJQ.exe

C:\Windows\System\HLFvnJQ.exe

C:\Windows\System\RULXsMs.exe

C:\Windows\System\RULXsMs.exe

C:\Windows\System\RxIgCbf.exe

C:\Windows\System\RxIgCbf.exe

C:\Windows\System\LhNmemh.exe

C:\Windows\System\LhNmemh.exe

C:\Windows\System\VDxYAnz.exe

C:\Windows\System\VDxYAnz.exe

C:\Windows\System\okOYHPl.exe

C:\Windows\System\okOYHPl.exe

C:\Windows\System\IrqFwbY.exe

C:\Windows\System\IrqFwbY.exe

C:\Windows\System\EXsDYKe.exe

C:\Windows\System\EXsDYKe.exe

C:\Windows\System\omMQQMV.exe

C:\Windows\System\omMQQMV.exe

C:\Windows\System\MbNtOWB.exe

C:\Windows\System\MbNtOWB.exe

C:\Windows\System\TTSunet.exe

C:\Windows\System\TTSunet.exe

C:\Windows\System\XRwYfzB.exe

C:\Windows\System\XRwYfzB.exe

C:\Windows\System\zRbonGs.exe

C:\Windows\System\zRbonGs.exe

C:\Windows\System\wPMlVHa.exe

C:\Windows\System\wPMlVHa.exe

C:\Windows\System\spFKwGA.exe

C:\Windows\System\spFKwGA.exe

C:\Windows\System\IOJJJop.exe

C:\Windows\System\IOJJJop.exe

C:\Windows\System\EyFaDjN.exe

C:\Windows\System\EyFaDjN.exe

C:\Windows\System\PpjpXPa.exe

C:\Windows\System\PpjpXPa.exe

C:\Windows\System\lqSkPyW.exe

C:\Windows\System\lqSkPyW.exe

C:\Windows\System\WltYkiW.exe

C:\Windows\System\WltYkiW.exe

C:\Windows\System\DAXptaV.exe

C:\Windows\System\DAXptaV.exe

C:\Windows\System\MoMggaN.exe

C:\Windows\System\MoMggaN.exe

C:\Windows\System\xmwUEJn.exe

C:\Windows\System\xmwUEJn.exe

C:\Windows\System\wXvywwH.exe

C:\Windows\System\wXvywwH.exe

C:\Windows\System\VqqQIrD.exe

C:\Windows\System\VqqQIrD.exe

C:\Windows\System\uARGqoa.exe

C:\Windows\System\uARGqoa.exe

C:\Windows\System\qwmERqz.exe

C:\Windows\System\qwmERqz.exe

C:\Windows\System\bgWMMOE.exe

C:\Windows\System\bgWMMOE.exe

C:\Windows\System\BXagVrD.exe

C:\Windows\System\BXagVrD.exe

C:\Windows\System\qfHCagA.exe

C:\Windows\System\qfHCagA.exe

C:\Windows\System\RlYgQFf.exe

C:\Windows\System\RlYgQFf.exe

C:\Windows\System\tnSLFUo.exe

C:\Windows\System\tnSLFUo.exe

C:\Windows\System\xyxWtiM.exe

C:\Windows\System\xyxWtiM.exe

C:\Windows\System\WitkOvB.exe

C:\Windows\System\WitkOvB.exe

C:\Windows\System\oUEMSKM.exe

C:\Windows\System\oUEMSKM.exe

C:\Windows\System\jGfJstb.exe

C:\Windows\System\jGfJstb.exe

C:\Windows\System\UIDBjEl.exe

C:\Windows\System\UIDBjEl.exe

C:\Windows\System\WMZdkIw.exe

C:\Windows\System\WMZdkIw.exe

C:\Windows\System\uLzectO.exe

C:\Windows\System\uLzectO.exe

C:\Windows\System\DnoFiZg.exe

C:\Windows\System\DnoFiZg.exe

C:\Windows\System\ijSiokX.exe

C:\Windows\System\ijSiokX.exe

C:\Windows\System\snVyARF.exe

C:\Windows\System\snVyARF.exe

C:\Windows\System\CdfZEeA.exe

C:\Windows\System\CdfZEeA.exe

C:\Windows\System\ksHMyVv.exe

C:\Windows\System\ksHMyVv.exe

C:\Windows\System\qDVziGT.exe

C:\Windows\System\qDVziGT.exe

C:\Windows\System\SuzJkiE.exe

C:\Windows\System\SuzJkiE.exe

C:\Windows\System\uxfQIkq.exe

C:\Windows\System\uxfQIkq.exe

C:\Windows\System\GQRhvUh.exe

C:\Windows\System\GQRhvUh.exe

C:\Windows\System\kUGEzUa.exe

C:\Windows\System\kUGEzUa.exe

C:\Windows\System\PqhTRir.exe

C:\Windows\System\PqhTRir.exe

C:\Windows\System\orZXBHh.exe

C:\Windows\System\orZXBHh.exe

C:\Windows\System\BPvULDH.exe

C:\Windows\System\BPvULDH.exe

C:\Windows\System\mcHHJqt.exe

C:\Windows\System\mcHHJqt.exe

C:\Windows\System\WCzeipL.exe

C:\Windows\System\WCzeipL.exe

C:\Windows\System\MoWCDvq.exe

C:\Windows\System\MoWCDvq.exe

C:\Windows\System\syTwMmY.exe

C:\Windows\System\syTwMmY.exe

C:\Windows\System\YrANmWo.exe

C:\Windows\System\YrANmWo.exe

C:\Windows\System\XTMdCAl.exe

C:\Windows\System\XTMdCAl.exe

C:\Windows\System\gjzZuHO.exe

C:\Windows\System\gjzZuHO.exe

C:\Windows\System\VQjQZlK.exe

C:\Windows\System\VQjQZlK.exe

C:\Windows\System\ELqFeFQ.exe

C:\Windows\System\ELqFeFQ.exe

C:\Windows\System\bGHancC.exe

C:\Windows\System\bGHancC.exe

C:\Windows\System\grPUtNN.exe

C:\Windows\System\grPUtNN.exe

C:\Windows\System\daRRpoK.exe

C:\Windows\System\daRRpoK.exe

C:\Windows\System\ERdNAYk.exe

C:\Windows\System\ERdNAYk.exe

C:\Windows\System\SvBANjg.exe

C:\Windows\System\SvBANjg.exe

C:\Windows\System\jSFWlIR.exe

C:\Windows\System\jSFWlIR.exe

C:\Windows\System\YsTILHd.exe

C:\Windows\System\YsTILHd.exe

C:\Windows\System\EEfZOZD.exe

C:\Windows\System\EEfZOZD.exe

C:\Windows\System\FRVJAVm.exe

C:\Windows\System\FRVJAVm.exe

C:\Windows\System\VcCwRon.exe

C:\Windows\System\VcCwRon.exe

C:\Windows\System\rEOesqf.exe

C:\Windows\System\rEOesqf.exe

C:\Windows\System\iYxsstt.exe

C:\Windows\System\iYxsstt.exe

C:\Windows\System\MIQPYuQ.exe

C:\Windows\System\MIQPYuQ.exe

C:\Windows\System\BETIPrS.exe

C:\Windows\System\BETIPrS.exe

C:\Windows\System\LkUrtkp.exe

C:\Windows\System\LkUrtkp.exe

C:\Windows\System\rKpRWMD.exe

C:\Windows\System\rKpRWMD.exe

C:\Windows\System\NXAdGHP.exe

C:\Windows\System\NXAdGHP.exe

C:\Windows\System\ddWVhxY.exe

C:\Windows\System\ddWVhxY.exe

C:\Windows\System\DSrjVwZ.exe

C:\Windows\System\DSrjVwZ.exe

C:\Windows\System\aEODMAN.exe

C:\Windows\System\aEODMAN.exe

C:\Windows\System\XZpaaQk.exe

C:\Windows\System\XZpaaQk.exe

C:\Windows\System\qRfWwhG.exe

C:\Windows\System\qRfWwhG.exe

C:\Windows\System\wINXlES.exe

C:\Windows\System\wINXlES.exe

C:\Windows\System\ZNgCwMD.exe

C:\Windows\System\ZNgCwMD.exe

C:\Windows\System\iyJxFCd.exe

C:\Windows\System\iyJxFCd.exe

C:\Windows\System\bosqzmd.exe

C:\Windows\System\bosqzmd.exe

C:\Windows\System\gzDPjDA.exe

C:\Windows\System\gzDPjDA.exe

C:\Windows\System\qqpJVlf.exe

C:\Windows\System\qqpJVlf.exe

C:\Windows\System\TixWOLY.exe

C:\Windows\System\TixWOLY.exe

C:\Windows\System\WemtbAB.exe

C:\Windows\System\WemtbAB.exe

C:\Windows\System\HXKfcnL.exe

C:\Windows\System\HXKfcnL.exe

C:\Windows\System\IhQBmah.exe

C:\Windows\System\IhQBmah.exe

C:\Windows\System\QVSwtfq.exe

C:\Windows\System\QVSwtfq.exe

C:\Windows\System\ZDNZCfA.exe

C:\Windows\System\ZDNZCfA.exe

C:\Windows\System\BOJHMyz.exe

C:\Windows\System\BOJHMyz.exe

C:\Windows\System\SjKeneC.exe

C:\Windows\System\SjKeneC.exe

C:\Windows\System\YhVkBPA.exe

C:\Windows\System\YhVkBPA.exe

C:\Windows\System\mqPVDVZ.exe

C:\Windows\System\mqPVDVZ.exe

C:\Windows\System\cJGJXzN.exe

C:\Windows\System\cJGJXzN.exe

C:\Windows\System\mMovZSK.exe

C:\Windows\System\mMovZSK.exe

C:\Windows\System\MuREjnK.exe

C:\Windows\System\MuREjnK.exe

C:\Windows\System\KKOZYQp.exe

C:\Windows\System\KKOZYQp.exe

C:\Windows\System\nQDPTPU.exe

C:\Windows\System\nQDPTPU.exe

C:\Windows\System\PzJuMPC.exe

C:\Windows\System\PzJuMPC.exe

C:\Windows\System\wSnlyZl.exe

C:\Windows\System\wSnlyZl.exe

C:\Windows\System\ztMbFvG.exe

C:\Windows\System\ztMbFvG.exe

C:\Windows\System\eRFPvVT.exe

C:\Windows\System\eRFPvVT.exe

C:\Windows\System\GBESnCs.exe

C:\Windows\System\GBESnCs.exe

C:\Windows\System\pwqqUuZ.exe

C:\Windows\System\pwqqUuZ.exe

C:\Windows\System\HhBlWLs.exe

C:\Windows\System\HhBlWLs.exe

C:\Windows\System\gnTckjy.exe

C:\Windows\System\gnTckjy.exe

C:\Windows\System\pOhHFJM.exe

C:\Windows\System\pOhHFJM.exe

C:\Windows\System\sDWEqYk.exe

C:\Windows\System\sDWEqYk.exe

C:\Windows\System\DyghwEc.exe

C:\Windows\System\DyghwEc.exe

C:\Windows\System\ruvoJyV.exe

C:\Windows\System\ruvoJyV.exe

C:\Windows\System\DQEZkBT.exe

C:\Windows\System\DQEZkBT.exe

C:\Windows\System\wMcJYFY.exe

C:\Windows\System\wMcJYFY.exe

C:\Windows\System\gntopTP.exe

C:\Windows\System\gntopTP.exe

C:\Windows\System\tLYtpfA.exe

C:\Windows\System\tLYtpfA.exe

C:\Windows\System\jZpvSck.exe

C:\Windows\System\jZpvSck.exe

C:\Windows\System\XxneXvT.exe

C:\Windows\System\XxneXvT.exe

C:\Windows\System\PkXYMlp.exe

C:\Windows\System\PkXYMlp.exe

C:\Windows\System\XAhDUpW.exe

C:\Windows\System\XAhDUpW.exe

C:\Windows\System\keOOBjQ.exe

C:\Windows\System\keOOBjQ.exe

C:\Windows\System\IuwkkNP.exe

C:\Windows\System\IuwkkNP.exe

C:\Windows\System\wtlXxIU.exe

C:\Windows\System\wtlXxIU.exe

C:\Windows\System\sXMiljT.exe

C:\Windows\System\sXMiljT.exe

C:\Windows\System\MmvasFL.exe

C:\Windows\System\MmvasFL.exe

C:\Windows\System\dEbgmVJ.exe

C:\Windows\System\dEbgmVJ.exe

C:\Windows\System\vMOSYcI.exe

C:\Windows\System\vMOSYcI.exe

C:\Windows\System\NrbrLeV.exe

C:\Windows\System\NrbrLeV.exe

C:\Windows\System\CvQIkes.exe

C:\Windows\System\CvQIkes.exe

C:\Windows\System\KyRWPtC.exe

C:\Windows\System\KyRWPtC.exe

C:\Windows\System\TVfPjWi.exe

C:\Windows\System\TVfPjWi.exe

C:\Windows\System\hKDfvta.exe

C:\Windows\System\hKDfvta.exe

C:\Windows\System\NmjVLrr.exe

C:\Windows\System\NmjVLrr.exe

C:\Windows\System\nyZDOmg.exe

C:\Windows\System\nyZDOmg.exe

C:\Windows\System\dTEQsYt.exe

C:\Windows\System\dTEQsYt.exe

C:\Windows\System\GGIrEXl.exe

C:\Windows\System\GGIrEXl.exe

C:\Windows\System\oUyQtVf.exe

C:\Windows\System\oUyQtVf.exe

C:\Windows\System\dWiSCOf.exe

C:\Windows\System\dWiSCOf.exe

C:\Windows\System\qJAYdGL.exe

C:\Windows\System\qJAYdGL.exe

C:\Windows\System\Uodsqzv.exe

C:\Windows\System\Uodsqzv.exe

C:\Windows\System\PaBdDGj.exe

C:\Windows\System\PaBdDGj.exe

C:\Windows\System\uzLKOwP.exe

C:\Windows\System\uzLKOwP.exe

C:\Windows\System\mpATarw.exe

C:\Windows\System\mpATarw.exe

C:\Windows\System\OESBgEm.exe

C:\Windows\System\OESBgEm.exe

C:\Windows\System\hYTpbHF.exe

C:\Windows\System\hYTpbHF.exe

C:\Windows\System\scmHHXx.exe

C:\Windows\System\scmHHXx.exe

C:\Windows\System\hdlUNsW.exe

C:\Windows\System\hdlUNsW.exe

C:\Windows\System\rtijGCr.exe

C:\Windows\System\rtijGCr.exe

C:\Windows\System\fSVfESO.exe

C:\Windows\System\fSVfESO.exe

C:\Windows\System\WDzcjeb.exe

C:\Windows\System\WDzcjeb.exe

C:\Windows\System\RZKVxpp.exe

C:\Windows\System\RZKVxpp.exe

C:\Windows\System\vxDmqmW.exe

C:\Windows\System\vxDmqmW.exe

C:\Windows\System\VVgJXKf.exe

C:\Windows\System\VVgJXKf.exe

C:\Windows\System\fiiKJwz.exe

C:\Windows\System\fiiKJwz.exe

C:\Windows\System\lqPiDbN.exe

C:\Windows\System\lqPiDbN.exe

C:\Windows\System\WufKANg.exe

C:\Windows\System\WufKANg.exe

C:\Windows\System\TUgKLLC.exe

C:\Windows\System\TUgKLLC.exe

C:\Windows\System\IPlvofz.exe

C:\Windows\System\IPlvofz.exe

C:\Windows\System\zFxJMjq.exe

C:\Windows\System\zFxJMjq.exe

C:\Windows\System\NHOyXKW.exe

C:\Windows\System\NHOyXKW.exe

C:\Windows\System\zZhgXXL.exe

C:\Windows\System\zZhgXXL.exe

C:\Windows\System\VnRnXoQ.exe

C:\Windows\System\VnRnXoQ.exe

C:\Windows\System\ilpBqlK.exe

C:\Windows\System\ilpBqlK.exe

C:\Windows\System\lrKsYYZ.exe

C:\Windows\System\lrKsYYZ.exe

C:\Windows\System\ojSjGos.exe

C:\Windows\System\ojSjGos.exe

C:\Windows\System\hzsLUJx.exe

C:\Windows\System\hzsLUJx.exe

C:\Windows\System\CichlHd.exe

C:\Windows\System\CichlHd.exe

C:\Windows\System\EBkAVSz.exe

C:\Windows\System\EBkAVSz.exe

C:\Windows\System\IYjJchj.exe

C:\Windows\System\IYjJchj.exe

C:\Windows\System\nBejvvN.exe

C:\Windows\System\nBejvvN.exe

C:\Windows\System\UYguClc.exe

C:\Windows\System\UYguClc.exe

C:\Windows\System\JAMKIDs.exe

C:\Windows\System\JAMKIDs.exe

C:\Windows\System\nDgYJwk.exe

C:\Windows\System\nDgYJwk.exe

C:\Windows\System\cSlLIam.exe

C:\Windows\System\cSlLIam.exe

C:\Windows\System\zfadYoQ.exe

C:\Windows\System\zfadYoQ.exe

C:\Windows\System\VWZKZji.exe

C:\Windows\System\VWZKZji.exe

C:\Windows\System\eWLGbSt.exe

C:\Windows\System\eWLGbSt.exe

C:\Windows\System\HOqhwje.exe

C:\Windows\System\HOqhwje.exe

C:\Windows\System\ICVPtkL.exe

C:\Windows\System\ICVPtkL.exe

C:\Windows\System\ZZZUTId.exe

C:\Windows\System\ZZZUTId.exe

C:\Windows\System\uvwxwHH.exe

C:\Windows\System\uvwxwHH.exe

C:\Windows\System\OEVFoRj.exe

C:\Windows\System\OEVFoRj.exe

C:\Windows\System\tBLcZCt.exe

C:\Windows\System\tBLcZCt.exe

C:\Windows\System\hAofafo.exe

C:\Windows\System\hAofafo.exe

C:\Windows\System\yyUZIwG.exe

C:\Windows\System\yyUZIwG.exe

C:\Windows\System\xJazXpM.exe

C:\Windows\System\xJazXpM.exe

C:\Windows\System\UIPnDtW.exe

C:\Windows\System\UIPnDtW.exe

C:\Windows\System\kqeCFpM.exe

C:\Windows\System\kqeCFpM.exe

C:\Windows\System\taKVNLt.exe

C:\Windows\System\taKVNLt.exe

C:\Windows\System\GyBSMPH.exe

C:\Windows\System\GyBSMPH.exe

C:\Windows\System\dMihMAs.exe

C:\Windows\System\dMihMAs.exe

C:\Windows\System\KxIqFiI.exe

C:\Windows\System\KxIqFiI.exe

C:\Windows\System\drYGSny.exe

C:\Windows\System\drYGSny.exe

C:\Windows\System\MXqUNDp.exe

C:\Windows\System\MXqUNDp.exe

C:\Windows\System\ZKBncOP.exe

C:\Windows\System\ZKBncOP.exe

C:\Windows\System\cZwjDsR.exe

C:\Windows\System\cZwjDsR.exe

C:\Windows\System\QoKuIWp.exe

C:\Windows\System\QoKuIWp.exe

C:\Windows\System\DpqvwZx.exe

C:\Windows\System\DpqvwZx.exe

C:\Windows\System\nfkSJoo.exe

C:\Windows\System\nfkSJoo.exe

C:\Windows\System\GgCoSHA.exe

C:\Windows\System\GgCoSHA.exe

C:\Windows\System\XYaekCZ.exe

C:\Windows\System\XYaekCZ.exe

C:\Windows\System\idIcIej.exe

C:\Windows\System\idIcIej.exe

C:\Windows\System\zPwfego.exe

C:\Windows\System\zPwfego.exe

C:\Windows\System\DQGAbah.exe

C:\Windows\System\DQGAbah.exe

C:\Windows\System\VTdHMpF.exe

C:\Windows\System\VTdHMpF.exe

C:\Windows\System\CTYhBLw.exe

C:\Windows\System\CTYhBLw.exe

C:\Windows\System\biDrfNu.exe

C:\Windows\System\biDrfNu.exe

C:\Windows\System\MvYppKF.exe

C:\Windows\System\MvYppKF.exe

C:\Windows\System\DBGrZQQ.exe

C:\Windows\System\DBGrZQQ.exe

C:\Windows\System\TKURYiD.exe

C:\Windows\System\TKURYiD.exe

C:\Windows\System\jNwXswm.exe

C:\Windows\System\jNwXswm.exe

C:\Windows\System\kYRGONG.exe

C:\Windows\System\kYRGONG.exe

C:\Windows\System\MCzRCoR.exe

C:\Windows\System\MCzRCoR.exe

C:\Windows\System\XZtZwEP.exe

C:\Windows\System\XZtZwEP.exe

C:\Windows\System\GlxXOrS.exe

C:\Windows\System\GlxXOrS.exe

C:\Windows\System\SrFVPjo.exe

C:\Windows\System\SrFVPjo.exe

C:\Windows\System\kioXcFP.exe

C:\Windows\System\kioXcFP.exe

C:\Windows\System\eXSJbif.exe

C:\Windows\System\eXSJbif.exe

C:\Windows\System\BbtAGRQ.exe

C:\Windows\System\BbtAGRQ.exe

C:\Windows\System\uApnMei.exe

C:\Windows\System\uApnMei.exe

C:\Windows\System\HcTTmSy.exe

C:\Windows\System\HcTTmSy.exe

C:\Windows\System\mOTMgDY.exe

C:\Windows\System\mOTMgDY.exe

C:\Windows\System\rCPnOBl.exe

C:\Windows\System\rCPnOBl.exe

C:\Windows\System\iNIXSvv.exe

C:\Windows\System\iNIXSvv.exe

C:\Windows\System\RYJkxDO.exe

C:\Windows\System\RYJkxDO.exe

C:\Windows\System\rfbEleU.exe

C:\Windows\System\rfbEleU.exe

C:\Windows\System\Scypqov.exe

C:\Windows\System\Scypqov.exe

C:\Windows\System\dkwzqkW.exe

C:\Windows\System\dkwzqkW.exe

C:\Windows\System\RLnFGey.exe

C:\Windows\System\RLnFGey.exe

C:\Windows\System\pRUnOMv.exe

C:\Windows\System\pRUnOMv.exe

C:\Windows\System\ItwkqDy.exe

C:\Windows\System\ItwkqDy.exe

C:\Windows\System\OlVFGBd.exe

C:\Windows\System\OlVFGBd.exe

C:\Windows\System\lldGVEX.exe

C:\Windows\System\lldGVEX.exe

C:\Windows\System\WiHaYuA.exe

C:\Windows\System\WiHaYuA.exe

C:\Windows\System\WnccVIQ.exe

C:\Windows\System\WnccVIQ.exe

C:\Windows\System\DbBjRZn.exe

C:\Windows\System\DbBjRZn.exe

C:\Windows\System\RxVETRP.exe

C:\Windows\System\RxVETRP.exe

C:\Windows\System\BKEFhMt.exe

C:\Windows\System\BKEFhMt.exe

C:\Windows\System\uizsroV.exe

C:\Windows\System\uizsroV.exe

C:\Windows\System\fBjbPJe.exe

C:\Windows\System\fBjbPJe.exe

C:\Windows\System\vZdNyQd.exe

C:\Windows\System\vZdNyQd.exe

C:\Windows\System\xMReqXa.exe

C:\Windows\System\xMReqXa.exe

C:\Windows\System\kEOuQjD.exe

C:\Windows\System\kEOuQjD.exe

C:\Windows\System\rBdKAJf.exe

C:\Windows\System\rBdKAJf.exe

C:\Windows\System\tAsXlkV.exe

C:\Windows\System\tAsXlkV.exe

C:\Windows\System\yJWnRbQ.exe

C:\Windows\System\yJWnRbQ.exe

C:\Windows\System\MJpAXbb.exe

C:\Windows\System\MJpAXbb.exe

C:\Windows\System\PoJjdGd.exe

C:\Windows\System\PoJjdGd.exe

C:\Windows\System\qBCrwgg.exe

C:\Windows\System\qBCrwgg.exe

C:\Windows\System\WDSKRiY.exe

C:\Windows\System\WDSKRiY.exe

C:\Windows\System\VhGfPrL.exe

C:\Windows\System\VhGfPrL.exe

C:\Windows\System\rTzohqC.exe

C:\Windows\System\rTzohqC.exe

C:\Windows\System\irpcRCa.exe

C:\Windows\System\irpcRCa.exe

C:\Windows\System\pmBGxEK.exe

C:\Windows\System\pmBGxEK.exe

C:\Windows\System\luNvrwW.exe

C:\Windows\System\luNvrwW.exe

C:\Windows\System\DjGGoUi.exe

C:\Windows\System\DjGGoUi.exe

C:\Windows\System\XZfjgPO.exe

C:\Windows\System\XZfjgPO.exe

C:\Windows\System\WfYPsCO.exe

C:\Windows\System\WfYPsCO.exe

C:\Windows\System\PaZXHnH.exe

C:\Windows\System\PaZXHnH.exe

C:\Windows\System\JrAuSSV.exe

C:\Windows\System\JrAuSSV.exe

C:\Windows\System\LqeAnbK.exe

C:\Windows\System\LqeAnbK.exe

C:\Windows\System\eOqgaJj.exe

C:\Windows\System\eOqgaJj.exe

C:\Windows\System\jVHjKsB.exe

C:\Windows\System\jVHjKsB.exe

C:\Windows\System\mGJNaEe.exe

C:\Windows\System\mGJNaEe.exe

C:\Windows\System\RCCanjT.exe

C:\Windows\System\RCCanjT.exe

C:\Windows\System\HgsvEkZ.exe

C:\Windows\System\HgsvEkZ.exe

C:\Windows\System\kiVkOwB.exe

C:\Windows\System\kiVkOwB.exe

C:\Windows\System\ApdGchd.exe

C:\Windows\System\ApdGchd.exe

C:\Windows\System\HcGHLSC.exe

C:\Windows\System\HcGHLSC.exe

C:\Windows\System\VIczULB.exe

C:\Windows\System\VIczULB.exe

C:\Windows\System\vtyFhTa.exe

C:\Windows\System\vtyFhTa.exe

C:\Windows\System\uqXlkRi.exe

C:\Windows\System\uqXlkRi.exe

C:\Windows\System\zfgzlmV.exe

C:\Windows\System\zfgzlmV.exe

C:\Windows\System\yfEYPHx.exe

C:\Windows\System\yfEYPHx.exe

C:\Windows\System\FKrbiiJ.exe

C:\Windows\System\FKrbiiJ.exe

C:\Windows\System\TAmrWTr.exe

C:\Windows\System\TAmrWTr.exe

C:\Windows\System\xdpYtHG.exe

C:\Windows\System\xdpYtHG.exe

C:\Windows\System\qsRRNWV.exe

C:\Windows\System\qsRRNWV.exe

C:\Windows\System\cbvosDg.exe

C:\Windows\System\cbvosDg.exe

C:\Windows\System\yIMKxxJ.exe

C:\Windows\System\yIMKxxJ.exe

C:\Windows\System\FRsYKvg.exe

C:\Windows\System\FRsYKvg.exe

C:\Windows\System\drcFUej.exe

C:\Windows\System\drcFUej.exe

C:\Windows\System\SlJHvoT.exe

C:\Windows\System\SlJHvoT.exe

C:\Windows\System\YQhnIcJ.exe

C:\Windows\System\YQhnIcJ.exe

C:\Windows\System\UJwoSrF.exe

C:\Windows\System\UJwoSrF.exe

C:\Windows\System\CuJYfii.exe

C:\Windows\System\CuJYfii.exe

C:\Windows\System\IhfgAul.exe

C:\Windows\System\IhfgAul.exe

C:\Windows\System\LbaWvmi.exe

C:\Windows\System\LbaWvmi.exe

C:\Windows\System\atbCDrG.exe

C:\Windows\System\atbCDrG.exe

C:\Windows\System\NDuBWOU.exe

C:\Windows\System\NDuBWOU.exe

C:\Windows\System\uWMaUAf.exe

C:\Windows\System\uWMaUAf.exe

C:\Windows\System\wKWZcct.exe

C:\Windows\System\wKWZcct.exe

C:\Windows\System\GGSHIOu.exe

C:\Windows\System\GGSHIOu.exe

C:\Windows\System\fVoyEHW.exe

C:\Windows\System\fVoyEHW.exe

C:\Windows\System\zSjLTDT.exe

C:\Windows\System\zSjLTDT.exe

C:\Windows\System\QwqCNVz.exe

C:\Windows\System\QwqCNVz.exe

C:\Windows\System\UECyeGB.exe

C:\Windows\System\UECyeGB.exe

C:\Windows\System\lWOcrCa.exe

C:\Windows\System\lWOcrCa.exe

C:\Windows\System\rFGHNsO.exe

C:\Windows\System\rFGHNsO.exe

C:\Windows\System\bLEnKQg.exe

C:\Windows\System\bLEnKQg.exe

C:\Windows\System\DyqCfPW.exe

C:\Windows\System\DyqCfPW.exe

C:\Windows\System\BwtSSRh.exe

C:\Windows\System\BwtSSRh.exe

C:\Windows\System\jaISznI.exe

C:\Windows\System\jaISznI.exe

C:\Windows\System\ZLnmURN.exe

C:\Windows\System\ZLnmURN.exe

C:\Windows\System\KebjNFa.exe

C:\Windows\System\KebjNFa.exe

C:\Windows\System\sNdLalN.exe

C:\Windows\System\sNdLalN.exe

C:\Windows\System\YmYaJgm.exe

C:\Windows\System\YmYaJgm.exe

C:\Windows\System\LSgKqNK.exe

C:\Windows\System\LSgKqNK.exe

C:\Windows\System\odVTkCq.exe

C:\Windows\System\odVTkCq.exe

C:\Windows\System\szOAexS.exe

C:\Windows\System\szOAexS.exe

C:\Windows\System\KmGqRQG.exe

C:\Windows\System\KmGqRQG.exe

C:\Windows\System\BzeHGna.exe

C:\Windows\System\BzeHGna.exe

C:\Windows\System\QNiPjNv.exe

C:\Windows\System\QNiPjNv.exe

C:\Windows\System\bayGotf.exe

C:\Windows\System\bayGotf.exe

C:\Windows\System\tfDvFjU.exe

C:\Windows\System\tfDvFjU.exe

C:\Windows\System\EmzeVge.exe

C:\Windows\System\EmzeVge.exe

C:\Windows\System\aSqbWUy.exe

C:\Windows\System\aSqbWUy.exe

C:\Windows\System\iXouGJf.exe

C:\Windows\System\iXouGJf.exe

C:\Windows\System\baznzXU.exe

C:\Windows\System\baznzXU.exe

C:\Windows\System\tJduiPf.exe

C:\Windows\System\tJduiPf.exe

C:\Windows\System\qEpbuju.exe

C:\Windows\System\qEpbuju.exe

C:\Windows\System\jjseyvg.exe

C:\Windows\System\jjseyvg.exe

C:\Windows\System\BGpgFKP.exe

C:\Windows\System\BGpgFKP.exe

C:\Windows\System\JaiTuYT.exe

C:\Windows\System\JaiTuYT.exe

C:\Windows\System\mXPmYaK.exe

C:\Windows\System\mXPmYaK.exe

C:\Windows\System\bVNRkrm.exe

C:\Windows\System\bVNRkrm.exe

C:\Windows\System\CsWHPcn.exe

C:\Windows\System\CsWHPcn.exe

C:\Windows\System\eTBTQAM.exe

C:\Windows\System\eTBTQAM.exe

C:\Windows\System\BlctSPz.exe

C:\Windows\System\BlctSPz.exe

C:\Windows\System\AuZOeLv.exe

C:\Windows\System\AuZOeLv.exe

C:\Windows\System\eYXhPdG.exe

C:\Windows\System\eYXhPdG.exe

C:\Windows\System\sEUvdrW.exe

C:\Windows\System\sEUvdrW.exe

C:\Windows\System\UxpesRW.exe

C:\Windows\System\UxpesRW.exe

C:\Windows\System\SOvjYaI.exe

C:\Windows\System\SOvjYaI.exe

C:\Windows\System\tesSrkX.exe

C:\Windows\System\tesSrkX.exe

C:\Windows\System\dAXyeqb.exe

C:\Windows\System\dAXyeqb.exe

C:\Windows\System\xbdysXG.exe

C:\Windows\System\xbdysXG.exe

C:\Windows\System\hQYbEZK.exe

C:\Windows\System\hQYbEZK.exe

C:\Windows\System\DSQDFFg.exe

C:\Windows\System\DSQDFFg.exe

C:\Windows\System\AbTXOlZ.exe

C:\Windows\System\AbTXOlZ.exe

C:\Windows\System\KYJczBn.exe

C:\Windows\System\KYJczBn.exe

C:\Windows\System\kKtvTcL.exe

C:\Windows\System\kKtvTcL.exe

C:\Windows\System\djsjqAX.exe

C:\Windows\System\djsjqAX.exe

C:\Windows\System\rNUXCxV.exe

C:\Windows\System\rNUXCxV.exe

C:\Windows\System\UaiMThO.exe

C:\Windows\System\UaiMThO.exe

C:\Windows\System\EnfFWIJ.exe

C:\Windows\System\EnfFWIJ.exe

C:\Windows\System\OyPubRJ.exe

C:\Windows\System\OyPubRJ.exe

C:\Windows\System\YpJhANB.exe

C:\Windows\System\YpJhANB.exe

C:\Windows\System\FgxWVRj.exe

C:\Windows\System\FgxWVRj.exe

C:\Windows\System\Vsibfpp.exe

C:\Windows\System\Vsibfpp.exe

C:\Windows\System\vhncVHC.exe

C:\Windows\System\vhncVHC.exe

C:\Windows\System\ZoeMOGF.exe

C:\Windows\System\ZoeMOGF.exe

C:\Windows\System\VPNyJTf.exe

C:\Windows\System\VPNyJTf.exe

C:\Windows\System\efuuAoK.exe

C:\Windows\System\efuuAoK.exe

C:\Windows\System\qknnAaO.exe

C:\Windows\System\qknnAaO.exe

C:\Windows\System\MqyJqgB.exe

C:\Windows\System\MqyJqgB.exe

C:\Windows\System\Dxeywgm.exe

C:\Windows\System\Dxeywgm.exe

C:\Windows\System\vXGQmWS.exe

C:\Windows\System\vXGQmWS.exe

C:\Windows\System\EkggIet.exe

C:\Windows\System\EkggIet.exe

C:\Windows\System\yTwcywM.exe

C:\Windows\System\yTwcywM.exe

C:\Windows\System\QgSQkAr.exe

C:\Windows\System\QgSQkAr.exe

C:\Windows\System\EitMIVI.exe

C:\Windows\System\EitMIVI.exe

C:\Windows\System\grMmQTg.exe

C:\Windows\System\grMmQTg.exe

C:\Windows\System\esadYyt.exe

C:\Windows\System\esadYyt.exe

C:\Windows\System\cuBAuqQ.exe

C:\Windows\System\cuBAuqQ.exe

C:\Windows\System\zfexche.exe

C:\Windows\System\zfexche.exe

C:\Windows\System\OfviDin.exe

C:\Windows\System\OfviDin.exe

C:\Windows\System\YVQRXvw.exe

C:\Windows\System\YVQRXvw.exe

C:\Windows\System\npojMyB.exe

C:\Windows\System\npojMyB.exe

C:\Windows\System\zNqBcwv.exe

C:\Windows\System\zNqBcwv.exe

C:\Windows\System\EAjjLqQ.exe

C:\Windows\System\EAjjLqQ.exe

C:\Windows\System\ZqqucFK.exe

C:\Windows\System\ZqqucFK.exe

C:\Windows\System\vmEroeS.exe

C:\Windows\System\vmEroeS.exe

C:\Windows\System\pnyQXzF.exe

C:\Windows\System\pnyQXzF.exe

C:\Windows\System\yALLrgN.exe

C:\Windows\System\yALLrgN.exe

C:\Windows\System\TepdaWV.exe

C:\Windows\System\TepdaWV.exe

C:\Windows\System\EmiuCRY.exe

C:\Windows\System\EmiuCRY.exe

C:\Windows\System\kUYzCiR.exe

C:\Windows\System\kUYzCiR.exe

C:\Windows\System\GTxtRlz.exe

C:\Windows\System\GTxtRlz.exe

C:\Windows\System\zyuBxIf.exe

C:\Windows\System\zyuBxIf.exe

C:\Windows\System\ACJfaTG.exe

C:\Windows\System\ACJfaTG.exe

C:\Windows\System\yyXMgSM.exe

C:\Windows\System\yyXMgSM.exe

C:\Windows\System\QHgGHqU.exe

C:\Windows\System\QHgGHqU.exe

C:\Windows\System\iqBgDAr.exe

C:\Windows\System\iqBgDAr.exe

C:\Windows\System\ABfdwrL.exe

C:\Windows\System\ABfdwrL.exe

C:\Windows\System\JbYuhVA.exe

C:\Windows\System\JbYuhVA.exe

C:\Windows\System\QSDOUnx.exe

C:\Windows\System\QSDOUnx.exe

C:\Windows\System\ryozWeB.exe

C:\Windows\System\ryozWeB.exe

C:\Windows\System\NLyNMHh.exe

C:\Windows\System\NLyNMHh.exe

C:\Windows\System\miPkTiP.exe

C:\Windows\System\miPkTiP.exe

C:\Windows\System\iNDGIvS.exe

C:\Windows\System\iNDGIvS.exe

C:\Windows\System\uEmpYFk.exe

C:\Windows\System\uEmpYFk.exe

C:\Windows\System\bmSbCLc.exe

C:\Windows\System\bmSbCLc.exe

C:\Windows\System\SszWawU.exe

C:\Windows\System\SszWawU.exe

C:\Windows\System\rGuOPkJ.exe

C:\Windows\System\rGuOPkJ.exe

C:\Windows\System\CYSqWBQ.exe

C:\Windows\System\CYSqWBQ.exe

C:\Windows\System\DlYXIiq.exe

C:\Windows\System\DlYXIiq.exe

C:\Windows\System\NPRBfwU.exe

C:\Windows\System\NPRBfwU.exe

C:\Windows\System\tlFmQVh.exe

C:\Windows\System\tlFmQVh.exe

C:\Windows\System\PWJzWQv.exe

C:\Windows\System\PWJzWQv.exe

C:\Windows\System\tMGcPzt.exe

C:\Windows\System\tMGcPzt.exe

C:\Windows\System\EtOzkJe.exe

C:\Windows\System\EtOzkJe.exe

C:\Windows\System\xlqQriZ.exe

C:\Windows\System\xlqQriZ.exe

C:\Windows\System\fHOOqXc.exe

C:\Windows\System\fHOOqXc.exe

C:\Windows\System\DTycrXP.exe

C:\Windows\System\DTycrXP.exe

C:\Windows\System\jEkPcFr.exe

C:\Windows\System\jEkPcFr.exe

C:\Windows\System\sdQhEYM.exe

C:\Windows\System\sdQhEYM.exe

C:\Windows\System\DqtYUyM.exe

C:\Windows\System\DqtYUyM.exe

C:\Windows\System\hJPOxfJ.exe

C:\Windows\System\hJPOxfJ.exe

C:\Windows\System\brwqvrn.exe

C:\Windows\System\brwqvrn.exe

C:\Windows\System\rXNdcIq.exe

C:\Windows\System\rXNdcIq.exe

C:\Windows\System\ioIiIKr.exe

C:\Windows\System\ioIiIKr.exe

C:\Windows\System\SbYYGZs.exe

C:\Windows\System\SbYYGZs.exe

C:\Windows\System\VQCIezB.exe

C:\Windows\System\VQCIezB.exe

C:\Windows\System\ZfyyHMB.exe

C:\Windows\System\ZfyyHMB.exe

C:\Windows\System\eFqoTID.exe

C:\Windows\System\eFqoTID.exe

C:\Windows\System\VvKCLnZ.exe

C:\Windows\System\VvKCLnZ.exe

C:\Windows\System\cbXVBrU.exe

C:\Windows\System\cbXVBrU.exe

C:\Windows\System\apfNDRc.exe

C:\Windows\System\apfNDRc.exe

C:\Windows\System\HPNpIED.exe

C:\Windows\System\HPNpIED.exe

C:\Windows\System\trDlDDM.exe

C:\Windows\System\trDlDDM.exe

C:\Windows\System\VWgEZkH.exe

C:\Windows\System\VWgEZkH.exe

C:\Windows\System\ogBcxlp.exe

C:\Windows\System\ogBcxlp.exe

C:\Windows\System\MKErSYs.exe

C:\Windows\System\MKErSYs.exe

C:\Windows\System\rlZtpOO.exe

C:\Windows\System\rlZtpOO.exe

C:\Windows\System\kaJczIY.exe

C:\Windows\System\kaJczIY.exe

C:\Windows\System\uVQqVqF.exe

C:\Windows\System\uVQqVqF.exe

C:\Windows\System\XQUaxbA.exe

C:\Windows\System\XQUaxbA.exe

C:\Windows\System\vmBXqnA.exe

C:\Windows\System\vmBXqnA.exe

C:\Windows\System\bVSLeWR.exe

C:\Windows\System\bVSLeWR.exe

C:\Windows\System\bTyRnRz.exe

C:\Windows\System\bTyRnRz.exe

C:\Windows\System\GnOAnSZ.exe

C:\Windows\System\GnOAnSZ.exe

C:\Windows\System\fxLiIWs.exe

C:\Windows\System\fxLiIWs.exe

C:\Windows\System\GOJvMkN.exe

C:\Windows\System\GOJvMkN.exe

C:\Windows\System\ttkIQOh.exe

C:\Windows\System\ttkIQOh.exe

C:\Windows\System\ZiXnGEk.exe

C:\Windows\System\ZiXnGEk.exe

C:\Windows\System\GXrjjwu.exe

C:\Windows\System\GXrjjwu.exe

C:\Windows\System\ThUqRQG.exe

C:\Windows\System\ThUqRQG.exe

C:\Windows\System\cpneGYG.exe

C:\Windows\System\cpneGYG.exe

C:\Windows\System\qJFawyA.exe

C:\Windows\System\qJFawyA.exe

C:\Windows\System\DhhkGUS.exe

C:\Windows\System\DhhkGUS.exe

C:\Windows\System\hJHUKcS.exe

C:\Windows\System\hJHUKcS.exe

C:\Windows\System\aMDTTEy.exe

C:\Windows\System\aMDTTEy.exe

C:\Windows\System\xDFgJNl.exe

C:\Windows\System\xDFgJNl.exe

C:\Windows\System\lZoIwTI.exe

C:\Windows\System\lZoIwTI.exe

C:\Windows\System\bvIwmar.exe

C:\Windows\System\bvIwmar.exe

C:\Windows\System\aqkAvtd.exe

C:\Windows\System\aqkAvtd.exe

C:\Windows\System\IKaJRzX.exe

C:\Windows\System\IKaJRzX.exe

C:\Windows\System\sAgNjGO.exe

C:\Windows\System\sAgNjGO.exe

C:\Windows\System\fKaLDhH.exe

C:\Windows\System\fKaLDhH.exe

C:\Windows\System\qhBQNdr.exe

C:\Windows\System\qhBQNdr.exe

C:\Windows\System\mYdqmbB.exe

C:\Windows\System\mYdqmbB.exe

C:\Windows\System\xUBZRNj.exe

C:\Windows\System\xUBZRNj.exe

C:\Windows\System\TcpaNMt.exe

C:\Windows\System\TcpaNMt.exe

C:\Windows\System\BkHjxJC.exe

C:\Windows\System\BkHjxJC.exe

C:\Windows\System\rwQxWkg.exe

C:\Windows\System\rwQxWkg.exe

C:\Windows\System\PZXrqCu.exe

C:\Windows\System\PZXrqCu.exe

C:\Windows\System\nZCCoqk.exe

C:\Windows\System\nZCCoqk.exe

C:\Windows\System\dkKMNBP.exe

C:\Windows\System\dkKMNBP.exe

C:\Windows\System\JeoIcOz.exe

C:\Windows\System\JeoIcOz.exe

C:\Windows\System\tlocZgw.exe

C:\Windows\System\tlocZgw.exe

C:\Windows\System\yhvuzyt.exe

C:\Windows\System\yhvuzyt.exe

C:\Windows\System\bxRwOuk.exe

C:\Windows\System\bxRwOuk.exe

C:\Windows\System\ywHJXou.exe

C:\Windows\System\ywHJXou.exe

C:\Windows\System\sjhBWLx.exe

C:\Windows\System\sjhBWLx.exe

C:\Windows\System\DRRkRKZ.exe

C:\Windows\System\DRRkRKZ.exe

C:\Windows\System\MshWTNu.exe

C:\Windows\System\MshWTNu.exe

C:\Windows\System\sgxbmwM.exe

C:\Windows\System\sgxbmwM.exe

C:\Windows\System\VFHhRwi.exe

C:\Windows\System\VFHhRwi.exe

C:\Windows\System\FdufGWs.exe

C:\Windows\System\FdufGWs.exe

C:\Windows\System\VQryDYt.exe

C:\Windows\System\VQryDYt.exe

C:\Windows\System\fKgfZlG.exe

C:\Windows\System\fKgfZlG.exe

C:\Windows\System\RJYDmtl.exe

C:\Windows\System\RJYDmtl.exe

C:\Windows\System\LyxUWEP.exe

C:\Windows\System\LyxUWEP.exe

C:\Windows\System\EHgmzcq.exe

C:\Windows\System\EHgmzcq.exe

C:\Windows\System\bAOudGF.exe

C:\Windows\System\bAOudGF.exe

C:\Windows\System\HCYrJWc.exe

C:\Windows\System\HCYrJWc.exe

C:\Windows\System\sahcuBK.exe

C:\Windows\System\sahcuBK.exe

C:\Windows\System\szcTxdY.exe

C:\Windows\System\szcTxdY.exe

C:\Windows\System\oyIsnwg.exe

C:\Windows\System\oyIsnwg.exe

C:\Windows\System\YEPYqiQ.exe

C:\Windows\System\YEPYqiQ.exe

C:\Windows\System\TWhckUh.exe

C:\Windows\System\TWhckUh.exe

C:\Windows\System\futAXuS.exe

C:\Windows\System\futAXuS.exe

C:\Windows\System\ougmOPJ.exe

C:\Windows\System\ougmOPJ.exe

C:\Windows\System\WpFhvQS.exe

C:\Windows\System\WpFhvQS.exe

C:\Windows\System\dXhPjtV.exe

C:\Windows\System\dXhPjtV.exe

C:\Windows\System\ReRqzoa.exe

C:\Windows\System\ReRqzoa.exe

C:\Windows\System\WkFSTBT.exe

C:\Windows\System\WkFSTBT.exe

C:\Windows\System\Exjdbnr.exe

C:\Windows\System\Exjdbnr.exe

C:\Windows\System\nNnlNmP.exe

C:\Windows\System\nNnlNmP.exe

C:\Windows\System\UqsWAYZ.exe

C:\Windows\System\UqsWAYZ.exe

C:\Windows\System\iNZRCdH.exe

C:\Windows\System\iNZRCdH.exe

C:\Windows\System\duSONuY.exe

C:\Windows\System\duSONuY.exe

C:\Windows\System\mvNAoqA.exe

C:\Windows\System\mvNAoqA.exe

C:\Windows\System\GEzSrLJ.exe

C:\Windows\System\GEzSrLJ.exe

C:\Windows\System\tFxEKLC.exe

C:\Windows\System\tFxEKLC.exe

C:\Windows\System\kLecbis.exe

C:\Windows\System\kLecbis.exe

C:\Windows\System\JmAKmvq.exe

C:\Windows\System\JmAKmvq.exe

C:\Windows\System\BCxijzV.exe

C:\Windows\System\BCxijzV.exe

C:\Windows\System\EdcMATb.exe

C:\Windows\System\EdcMATb.exe

C:\Windows\System\enLUILU.exe

C:\Windows\System\enLUILU.exe

C:\Windows\System\sAiimQn.exe

C:\Windows\System\sAiimQn.exe

C:\Windows\System\wXhJQXE.exe

C:\Windows\System\wXhJQXE.exe

C:\Windows\System\AnWRsEa.exe

C:\Windows\System\AnWRsEa.exe

C:\Windows\System\jOTsKQd.exe

C:\Windows\System\jOTsKQd.exe

C:\Windows\System\frqeMDa.exe

C:\Windows\System\frqeMDa.exe

C:\Windows\System\HMLOsFI.exe

C:\Windows\System\HMLOsFI.exe

C:\Windows\System\QnWtSxk.exe

C:\Windows\System\QnWtSxk.exe

C:\Windows\System\KMEKAaq.exe

C:\Windows\System\KMEKAaq.exe

C:\Windows\System\bxtHMOD.exe

C:\Windows\System\bxtHMOD.exe

C:\Windows\System\TWYATTW.exe

C:\Windows\System\TWYATTW.exe

C:\Windows\System\yjUshXF.exe

C:\Windows\System\yjUshXF.exe

C:\Windows\System\SYLRBFG.exe

C:\Windows\System\SYLRBFG.exe

C:\Windows\System\mpNQLDu.exe

C:\Windows\System\mpNQLDu.exe

C:\Windows\System\FAFXJpE.exe

C:\Windows\System\FAFXJpE.exe

C:\Windows\System\oMlPPYm.exe

C:\Windows\System\oMlPPYm.exe

C:\Windows\System\AkyBNMB.exe

C:\Windows\System\AkyBNMB.exe

C:\Windows\System\CMhOkVb.exe

C:\Windows\System\CMhOkVb.exe

C:\Windows\System\usjKGYA.exe

C:\Windows\System\usjKGYA.exe

C:\Windows\System\nNvUXoW.exe

C:\Windows\System\nNvUXoW.exe

C:\Windows\System\JxrmRBp.exe

C:\Windows\System\JxrmRBp.exe

C:\Windows\System\UyaXJiD.exe

C:\Windows\System\UyaXJiD.exe

C:\Windows\System\DdPDlvt.exe

C:\Windows\System\DdPDlvt.exe

C:\Windows\System\fiEZlPc.exe

C:\Windows\System\fiEZlPc.exe

C:\Windows\System\jBqlBvu.exe

C:\Windows\System\jBqlBvu.exe

C:\Windows\System\hdPOXAf.exe

C:\Windows\System\hdPOXAf.exe

C:\Windows\System\DDcxRqg.exe

C:\Windows\System\DDcxRqg.exe

C:\Windows\System\hJDfbix.exe

C:\Windows\System\hJDfbix.exe

C:\Windows\System\pEQgaPm.exe

C:\Windows\System\pEQgaPm.exe

C:\Windows\System\uxdxoBP.exe

C:\Windows\System\uxdxoBP.exe

C:\Windows\System\KfBIhxe.exe

C:\Windows\System\KfBIhxe.exe

C:\Windows\System\QnPyext.exe

C:\Windows\System\QnPyext.exe

C:\Windows\System\GLWWpGY.exe

C:\Windows\System\GLWWpGY.exe

C:\Windows\System\ZvnBHDy.exe

C:\Windows\System\ZvnBHDy.exe

C:\Windows\System\VBtqxbM.exe

C:\Windows\System\VBtqxbM.exe

C:\Windows\System\ImfeAeb.exe

C:\Windows\System\ImfeAeb.exe

C:\Windows\System\vOnvIaj.exe

C:\Windows\System\vOnvIaj.exe

C:\Windows\System\qarWrKD.exe

C:\Windows\System\qarWrKD.exe

C:\Windows\System\wTNTNZC.exe

C:\Windows\System\wTNTNZC.exe

C:\Windows\System\BnzoNGZ.exe

C:\Windows\System\BnzoNGZ.exe

C:\Windows\System\dVJPatf.exe

C:\Windows\System\dVJPatf.exe

C:\Windows\System\FVQXWvV.exe

C:\Windows\System\FVQXWvV.exe

C:\Windows\System\KQZmMVg.exe

C:\Windows\System\KQZmMVg.exe

C:\Windows\System\JCnNAlQ.exe

C:\Windows\System\JCnNAlQ.exe

C:\Windows\System\SLickhU.exe

C:\Windows\System\SLickhU.exe

C:\Windows\System\hBQjRCN.exe

C:\Windows\System\hBQjRCN.exe

C:\Windows\System\vXDbqxu.exe

C:\Windows\System\vXDbqxu.exe

C:\Windows\System\HHeTkRE.exe

C:\Windows\System\HHeTkRE.exe

C:\Windows\System\QDBhier.exe

C:\Windows\System\QDBhier.exe

C:\Windows\System\HBhxiHk.exe

C:\Windows\System\HBhxiHk.exe

C:\Windows\System\lxsvEiM.exe

C:\Windows\System\lxsvEiM.exe

C:\Windows\System\dOrGqIJ.exe

C:\Windows\System\dOrGqIJ.exe

C:\Windows\System\vWZzRol.exe

C:\Windows\System\vWZzRol.exe

C:\Windows\System\vomeEYO.exe

C:\Windows\System\vomeEYO.exe

C:\Windows\System\yvuPNPg.exe

C:\Windows\System\yvuPNPg.exe

C:\Windows\System\XztTQmw.exe

C:\Windows\System\XztTQmw.exe

C:\Windows\System\POkepzn.exe

C:\Windows\System\POkepzn.exe

C:\Windows\System\qALPWVt.exe

C:\Windows\System\qALPWVt.exe

C:\Windows\System\bagXDtk.exe

C:\Windows\System\bagXDtk.exe

C:\Windows\System\IqFBndK.exe

C:\Windows\System\IqFBndK.exe

C:\Windows\System\wuYYXGi.exe

C:\Windows\System\wuYYXGi.exe

C:\Windows\System\JZBaPrN.exe

C:\Windows\System\JZBaPrN.exe

C:\Windows\System\aDAgMHE.exe

C:\Windows\System\aDAgMHE.exe

C:\Windows\System\gBTfzVG.exe

C:\Windows\System\gBTfzVG.exe

C:\Windows\System\piFugsW.exe

C:\Windows\System\piFugsW.exe

C:\Windows\System\PdWlsdR.exe

C:\Windows\System\PdWlsdR.exe

C:\Windows\System\XuDBKWL.exe

C:\Windows\System\XuDBKWL.exe

C:\Windows\System\zNgECcf.exe

C:\Windows\System\zNgECcf.exe

C:\Windows\System\eFQbKiB.exe

C:\Windows\System\eFQbKiB.exe

C:\Windows\System\AfPcABe.exe

C:\Windows\System\AfPcABe.exe

C:\Windows\System\QQgJnol.exe

C:\Windows\System\QQgJnol.exe

C:\Windows\System\SQPAuZc.exe

C:\Windows\System\SQPAuZc.exe

C:\Windows\System\fSCkHmP.exe

C:\Windows\System\fSCkHmP.exe

C:\Windows\System\NlRZuVc.exe

C:\Windows\System\NlRZuVc.exe

C:\Windows\System\GAiPvBq.exe

C:\Windows\System\GAiPvBq.exe

C:\Windows\System\XfMPEhv.exe

C:\Windows\System\XfMPEhv.exe

C:\Windows\System\bmmrYwn.exe

C:\Windows\System\bmmrYwn.exe

C:\Windows\System\skZmJGr.exe

C:\Windows\System\skZmJGr.exe

C:\Windows\System\fnOXeGA.exe

C:\Windows\System\fnOXeGA.exe

C:\Windows\System\MFBGrAo.exe

C:\Windows\System\MFBGrAo.exe

C:\Windows\System\YromzCJ.exe

C:\Windows\System\YromzCJ.exe

C:\Windows\System\kNBhKaX.exe

C:\Windows\System\kNBhKaX.exe

C:\Windows\System\AiahYqm.exe

C:\Windows\System\AiahYqm.exe

C:\Windows\System\UQDhxWQ.exe

C:\Windows\System\UQDhxWQ.exe

C:\Windows\System\JPBTBUh.exe

C:\Windows\System\JPBTBUh.exe

C:\Windows\System\SHTBjIB.exe

C:\Windows\System\SHTBjIB.exe

C:\Windows\System\BRNDXDG.exe

C:\Windows\System\BRNDXDG.exe

C:\Windows\System\XwPcDoF.exe

C:\Windows\System\XwPcDoF.exe

C:\Windows\System\pMlQapO.exe

C:\Windows\System\pMlQapO.exe

C:\Windows\System\DSDJfaa.exe

C:\Windows\System\DSDJfaa.exe

C:\Windows\System\mOPIjdR.exe

C:\Windows\System\mOPIjdR.exe

C:\Windows\System\rGIyFZy.exe

C:\Windows\System\rGIyFZy.exe

C:\Windows\System\fOBleHM.exe

C:\Windows\System\fOBleHM.exe

C:\Windows\System\VoezuSI.exe

C:\Windows\System\VoezuSI.exe

C:\Windows\System\VaSjFbM.exe

C:\Windows\System\VaSjFbM.exe

C:\Windows\System\hwQxuZj.exe

C:\Windows\System\hwQxuZj.exe

C:\Windows\System\EYbAHGR.exe

C:\Windows\System\EYbAHGR.exe

C:\Windows\System\LjAZlXN.exe

C:\Windows\System\LjAZlXN.exe

C:\Windows\System\ejXIEyP.exe

C:\Windows\System\ejXIEyP.exe

C:\Windows\System\geYhdIg.exe

C:\Windows\System\geYhdIg.exe

C:\Windows\System\ixeJuux.exe

C:\Windows\System\ixeJuux.exe

C:\Windows\System\msTRSLm.exe

C:\Windows\System\msTRSLm.exe

C:\Windows\System\NrWkptg.exe

C:\Windows\System\NrWkptg.exe

C:\Windows\System\iirBuuJ.exe

C:\Windows\System\iirBuuJ.exe

C:\Windows\System\yrXUpWG.exe

C:\Windows\System\yrXUpWG.exe

C:\Windows\System\sxdAGgw.exe

C:\Windows\System\sxdAGgw.exe

C:\Windows\System\GeJcSsG.exe

C:\Windows\System\GeJcSsG.exe

C:\Windows\System\fmTekET.exe

C:\Windows\System\fmTekET.exe

C:\Windows\System\pkwQjzN.exe

C:\Windows\System\pkwQjzN.exe

C:\Windows\System\TfRrwHs.exe

C:\Windows\System\TfRrwHs.exe

C:\Windows\System\szbbrFm.exe

C:\Windows\System\szbbrFm.exe

C:\Windows\System\UtyCHEl.exe

C:\Windows\System\UtyCHEl.exe

C:\Windows\System\pMxXjLP.exe

C:\Windows\System\pMxXjLP.exe

C:\Windows\System\UGgBVkw.exe

C:\Windows\System\UGgBVkw.exe

C:\Windows\System\PtbrOUP.exe

C:\Windows\System\PtbrOUP.exe

C:\Windows\System\obGLUpa.exe

C:\Windows\System\obGLUpa.exe

C:\Windows\System\RZpArxn.exe

C:\Windows\System\RZpArxn.exe

C:\Windows\System\GvWoKJI.exe

C:\Windows\System\GvWoKJI.exe

C:\Windows\System\QsBRsUC.exe

C:\Windows\System\QsBRsUC.exe

C:\Windows\System\CzkIpKm.exe

C:\Windows\System\CzkIpKm.exe

C:\Windows\System\OBYucVK.exe

C:\Windows\System\OBYucVK.exe

C:\Windows\System\oWMpIFj.exe

C:\Windows\System\oWMpIFj.exe

C:\Windows\System\TyAFcfg.exe

C:\Windows\System\TyAFcfg.exe

C:\Windows\System\nDuviCd.exe

C:\Windows\System\nDuviCd.exe

C:\Windows\System\GDOXrlp.exe

C:\Windows\System\GDOXrlp.exe

C:\Windows\System\ItKqaQo.exe

C:\Windows\System\ItKqaQo.exe

C:\Windows\System\PXMHsDW.exe

C:\Windows\System\PXMHsDW.exe

C:\Windows\System\zGatJIL.exe

C:\Windows\System\zGatJIL.exe

C:\Windows\System\pdIMhfb.exe

C:\Windows\System\pdIMhfb.exe

C:\Windows\System\cUOzyxl.exe

C:\Windows\System\cUOzyxl.exe

C:\Windows\System\HbsEJBc.exe

C:\Windows\System\HbsEJBc.exe

C:\Windows\System\xOPAapL.exe

C:\Windows\System\xOPAapL.exe

C:\Windows\System\nRFgOxe.exe

C:\Windows\System\nRFgOxe.exe

C:\Windows\System\usiTOoI.exe

C:\Windows\System\usiTOoI.exe

C:\Windows\System\tTjhPoh.exe

C:\Windows\System\tTjhPoh.exe

C:\Windows\System\NaDTDkt.exe

C:\Windows\System\NaDTDkt.exe

C:\Windows\System\BgofXfr.exe

C:\Windows\System\BgofXfr.exe

C:\Windows\System\pOMywEW.exe

C:\Windows\System\pOMywEW.exe

C:\Windows\System\fzQsTey.exe

C:\Windows\System\fzQsTey.exe

C:\Windows\System\FCVaQdE.exe

C:\Windows\System\FCVaQdE.exe

C:\Windows\System\ttULnuh.exe

C:\Windows\System\ttULnuh.exe

C:\Windows\System\qiWEdXg.exe

C:\Windows\System\qiWEdXg.exe

C:\Windows\System\adkjeNj.exe

C:\Windows\System\adkjeNj.exe

C:\Windows\System\GMHtboL.exe

C:\Windows\System\GMHtboL.exe

C:\Windows\System\EKXAyhl.exe

C:\Windows\System\EKXAyhl.exe

C:\Windows\System\bQviJDQ.exe

C:\Windows\System\bQviJDQ.exe

C:\Windows\System\FqcuJki.exe

C:\Windows\System\FqcuJki.exe

C:\Windows\System\hcheCVl.exe

C:\Windows\System\hcheCVl.exe

C:\Windows\System\HyEQNPT.exe

C:\Windows\System\HyEQNPT.exe

C:\Windows\System\cANDcfm.exe

C:\Windows\System\cANDcfm.exe

C:\Windows\System\TypXwlR.exe

C:\Windows\System\TypXwlR.exe

C:\Windows\System\eTmaoYf.exe

C:\Windows\System\eTmaoYf.exe

C:\Windows\System\YLFCybm.exe

C:\Windows\System\YLFCybm.exe

C:\Windows\System\yxyybTL.exe

C:\Windows\System\yxyybTL.exe

C:\Windows\System\iTYWVdg.exe

C:\Windows\System\iTYWVdg.exe

C:\Windows\System\SfxmCqf.exe

C:\Windows\System\SfxmCqf.exe

C:\Windows\System\oyqRuaT.exe

C:\Windows\System\oyqRuaT.exe

C:\Windows\System\VnpOCIV.exe

C:\Windows\System\VnpOCIV.exe

C:\Windows\System\YwJegnm.exe

C:\Windows\System\YwJegnm.exe

C:\Windows\System\VzoyvVa.exe

C:\Windows\System\VzoyvVa.exe

C:\Windows\System\mBEnMbu.exe

C:\Windows\System\mBEnMbu.exe

C:\Windows\System\HQjobSZ.exe

C:\Windows\System\HQjobSZ.exe

C:\Windows\System\uTwsWUc.exe

C:\Windows\System\uTwsWUc.exe

C:\Windows\System\VpKRUIs.exe

C:\Windows\System\VpKRUIs.exe

C:\Windows\System\MecyQLJ.exe

C:\Windows\System\MecyQLJ.exe

C:\Windows\System\dKEsnEQ.exe

C:\Windows\System\dKEsnEQ.exe

C:\Windows\System\WSxeviC.exe

C:\Windows\System\WSxeviC.exe

C:\Windows\System\MQGlLNT.exe

C:\Windows\System\MQGlLNT.exe

C:\Windows\System\QJixbsH.exe

C:\Windows\System\QJixbsH.exe

C:\Windows\System\NsmTqBp.exe

C:\Windows\System\NsmTqBp.exe

C:\Windows\System\cvUhYDp.exe

C:\Windows\System\cvUhYDp.exe

C:\Windows\System\BhAEFwd.exe

C:\Windows\System\BhAEFwd.exe

C:\Windows\System\eGiiCZE.exe

C:\Windows\System\eGiiCZE.exe

C:\Windows\System\ytywlwS.exe

C:\Windows\System\ytywlwS.exe

C:\Windows\System\JrLUNPB.exe

C:\Windows\System\JrLUNPB.exe

C:\Windows\System\TdCzZin.exe

C:\Windows\System\TdCzZin.exe

C:\Windows\System\XRuJyAK.exe

C:\Windows\System\XRuJyAK.exe

C:\Windows\System\avOMkNe.exe

C:\Windows\System\avOMkNe.exe

C:\Windows\System\fYMFrVL.exe

C:\Windows\System\fYMFrVL.exe

C:\Windows\System\OhickLf.exe

C:\Windows\System\OhickLf.exe

C:\Windows\System\sBBjRRD.exe

C:\Windows\System\sBBjRRD.exe

C:\Windows\System\yZfOivt.exe

C:\Windows\System\yZfOivt.exe

C:\Windows\System\mIlTmyv.exe

C:\Windows\System\mIlTmyv.exe

C:\Windows\System\LZCnvWB.exe

C:\Windows\System\LZCnvWB.exe

C:\Windows\System\MbQMFlb.exe

C:\Windows\System\MbQMFlb.exe

C:\Windows\System\pmsBKXu.exe

C:\Windows\System\pmsBKXu.exe

C:\Windows\System\kEjDowF.exe

C:\Windows\System\kEjDowF.exe

C:\Windows\System\GHpxDXn.exe

C:\Windows\System\GHpxDXn.exe

C:\Windows\System\qyWEucl.exe

C:\Windows\System\qyWEucl.exe

C:\Windows\System\EUBfaLG.exe

C:\Windows\System\EUBfaLG.exe

C:\Windows\System\EfhbJqc.exe

C:\Windows\System\EfhbJqc.exe

C:\Windows\System\LKvFwiN.exe

C:\Windows\System\LKvFwiN.exe

C:\Windows\System\hUnzIfT.exe

C:\Windows\System\hUnzIfT.exe

C:\Windows\System\fIpIAsO.exe

C:\Windows\System\fIpIAsO.exe

C:\Windows\System\OSFGYgd.exe

C:\Windows\System\OSFGYgd.exe

C:\Windows\System\wHQEALm.exe

C:\Windows\System\wHQEALm.exe

C:\Windows\System\qKcpubs.exe

C:\Windows\System\qKcpubs.exe

C:\Windows\System\QsFDaEa.exe

C:\Windows\System\QsFDaEa.exe

C:\Windows\System\mDKFWqA.exe

C:\Windows\System\mDKFWqA.exe

C:\Windows\System\rWqoIfT.exe

C:\Windows\System\rWqoIfT.exe

C:\Windows\System\muoiBSK.exe

C:\Windows\System\muoiBSK.exe

C:\Windows\System\TFytSvN.exe

C:\Windows\System\TFytSvN.exe

C:\Windows\System\yFhcEXn.exe

C:\Windows\System\yFhcEXn.exe

C:\Windows\System\HCqzXCU.exe

C:\Windows\System\HCqzXCU.exe

C:\Windows\System\pOBbBoo.exe

C:\Windows\System\pOBbBoo.exe

C:\Windows\System\dYofEKQ.exe

C:\Windows\System\dYofEKQ.exe

C:\Windows\System\BXjoEmu.exe

C:\Windows\System\BXjoEmu.exe

C:\Windows\System\zxVisYL.exe

C:\Windows\System\zxVisYL.exe

C:\Windows\System\sdPWwlQ.exe

C:\Windows\System\sdPWwlQ.exe

C:\Windows\System\NoFqYcS.exe

C:\Windows\System\NoFqYcS.exe

C:\Windows\System\tnMtzJu.exe

C:\Windows\System\tnMtzJu.exe

C:\Windows\System\JjIXleZ.exe

C:\Windows\System\JjIXleZ.exe

C:\Windows\System\gUBOOlt.exe

C:\Windows\System\gUBOOlt.exe

C:\Windows\System\xwVqTkD.exe

C:\Windows\System\xwVqTkD.exe

C:\Windows\System\lClbaws.exe

C:\Windows\System\lClbaws.exe

C:\Windows\System\OzLSGsv.exe

C:\Windows\System\OzLSGsv.exe

C:\Windows\System\PuGKIAt.exe

C:\Windows\System\PuGKIAt.exe

C:\Windows\System\whASQnc.exe

C:\Windows\System\whASQnc.exe

C:\Windows\System\BOxHkkf.exe

C:\Windows\System\BOxHkkf.exe

C:\Windows\System\VncLwpG.exe

C:\Windows\System\VncLwpG.exe

C:\Windows\System\vwOYJoI.exe

C:\Windows\System\vwOYJoI.exe

C:\Windows\System\QiktAIp.exe

C:\Windows\System\QiktAIp.exe

C:\Windows\System\zNoWEEb.exe

C:\Windows\System\zNoWEEb.exe

C:\Windows\System\jnTyrJH.exe

C:\Windows\System\jnTyrJH.exe

C:\Windows\System\gOaaiCV.exe

C:\Windows\System\gOaaiCV.exe

C:\Windows\System\lnWSVGL.exe

C:\Windows\System\lnWSVGL.exe

C:\Windows\System\rgDfxzW.exe

C:\Windows\System\rgDfxzW.exe

C:\Windows\System\yIpipyK.exe

C:\Windows\System\yIpipyK.exe

C:\Windows\System\QtlVTeG.exe

C:\Windows\System\QtlVTeG.exe

C:\Windows\System\BAJEDkO.exe

C:\Windows\System\BAJEDkO.exe

C:\Windows\System\UhtFrUT.exe

C:\Windows\System\UhtFrUT.exe

C:\Windows\System\pHFPzkG.exe

C:\Windows\System\pHFPzkG.exe

C:\Windows\System\pOuOSUg.exe

C:\Windows\System\pOuOSUg.exe

C:\Windows\System\oAxeTGL.exe

C:\Windows\System\oAxeTGL.exe

C:\Windows\System\sdqsvqA.exe

C:\Windows\System\sdqsvqA.exe

C:\Windows\System\EgreRez.exe

C:\Windows\System\EgreRez.exe

C:\Windows\System\CiOSFvo.exe

C:\Windows\System\CiOSFvo.exe

C:\Windows\System\IjBpJwA.exe

C:\Windows\System\IjBpJwA.exe

C:\Windows\System\ubxhCzC.exe

C:\Windows\System\ubxhCzC.exe

C:\Windows\System\FyhMQbp.exe

C:\Windows\System\FyhMQbp.exe

C:\Windows\System\NelzXMt.exe

C:\Windows\System\NelzXMt.exe

C:\Windows\System\jDENnlR.exe

C:\Windows\System\jDENnlR.exe

C:\Windows\System\psJedeU.exe

C:\Windows\System\psJedeU.exe

C:\Windows\System\VFjiOHa.exe

C:\Windows\System\VFjiOHa.exe

C:\Windows\System\SHwxzJQ.exe

C:\Windows\System\SHwxzJQ.exe

C:\Windows\System\KDhOofx.exe

C:\Windows\System\KDhOofx.exe

C:\Windows\System\kUSuBWs.exe

C:\Windows\System\kUSuBWs.exe

C:\Windows\System\ulnJVSR.exe

C:\Windows\System\ulnJVSR.exe

C:\Windows\System\nCCdcCT.exe

C:\Windows\System\nCCdcCT.exe

C:\Windows\System\QDkkECu.exe

C:\Windows\System\QDkkECu.exe

C:\Windows\System\wcVTFdz.exe

C:\Windows\System\wcVTFdz.exe

C:\Windows\System\lHgjnvw.exe

C:\Windows\System\lHgjnvw.exe

C:\Windows\System\MytBOHq.exe

C:\Windows\System\MytBOHq.exe

C:\Windows\System\nCNUlMw.exe

C:\Windows\System\nCNUlMw.exe

C:\Windows\System\peTrtex.exe

C:\Windows\System\peTrtex.exe

C:\Windows\System\eSAEaXQ.exe

C:\Windows\System\eSAEaXQ.exe

C:\Windows\System\ZPQPilC.exe

C:\Windows\System\ZPQPilC.exe

C:\Windows\System\waHnKvY.exe

C:\Windows\System\waHnKvY.exe

C:\Windows\System\KCEDCqb.exe

C:\Windows\System\KCEDCqb.exe

C:\Windows\System\ropRMwE.exe

C:\Windows\System\ropRMwE.exe

C:\Windows\System\XWfHCpT.exe

C:\Windows\System\XWfHCpT.exe

C:\Windows\System\CYZDUnP.exe

C:\Windows\System\CYZDUnP.exe

C:\Windows\System\bFaqPtu.exe

C:\Windows\System\bFaqPtu.exe

C:\Windows\System\zgEPpqj.exe

C:\Windows\System\zgEPpqj.exe

C:\Windows\System\ULRWWPo.exe

C:\Windows\System\ULRWWPo.exe

C:\Windows\System\jGQLImx.exe

C:\Windows\System\jGQLImx.exe

C:\Windows\System\roVTRox.exe

C:\Windows\System\roVTRox.exe

C:\Windows\System\mVtfsJm.exe

C:\Windows\System\mVtfsJm.exe

C:\Windows\System\IZloopY.exe

C:\Windows\System\IZloopY.exe

C:\Windows\System\cBLfMif.exe

C:\Windows\System\cBLfMif.exe

C:\Windows\System\wEQqMMf.exe

C:\Windows\System\wEQqMMf.exe

C:\Windows\System\pXJxZXt.exe

C:\Windows\System\pXJxZXt.exe

C:\Windows\System\UwkJIEt.exe

C:\Windows\System\UwkJIEt.exe

C:\Windows\System\BLSlLAt.exe

C:\Windows\System\BLSlLAt.exe

C:\Windows\System\euZMtWQ.exe

C:\Windows\System\euZMtWQ.exe

C:\Windows\System\qBzFuJo.exe

C:\Windows\System\qBzFuJo.exe

C:\Windows\System\OWtoOOp.exe

C:\Windows\System\OWtoOOp.exe

C:\Windows\System\HnupYXD.exe

C:\Windows\System\HnupYXD.exe

C:\Windows\System\vJbFPFO.exe

C:\Windows\System\vJbFPFO.exe

C:\Windows\System\EVgmAAo.exe

C:\Windows\System\EVgmAAo.exe

C:\Windows\System\JQMqYWH.exe

C:\Windows\System\JQMqYWH.exe

C:\Windows\System\YnBswon.exe

C:\Windows\System\YnBswon.exe

C:\Windows\System\eOkKKaM.exe

C:\Windows\System\eOkKKaM.exe

C:\Windows\System\ZDBIsdt.exe

C:\Windows\System\ZDBIsdt.exe

C:\Windows\System\QnNuxrJ.exe

C:\Windows\System\QnNuxrJ.exe

C:\Windows\System\IEZZoKL.exe

C:\Windows\System\IEZZoKL.exe

C:\Windows\System\KXpzPzE.exe

C:\Windows\System\KXpzPzE.exe

C:\Windows\System\qJmEoUV.exe

C:\Windows\System\qJmEoUV.exe

C:\Windows\System\KXuOPDM.exe

C:\Windows\System\KXuOPDM.exe

C:\Windows\System\NInHzhx.exe

C:\Windows\System\NInHzhx.exe

C:\Windows\System\HMCVcgh.exe

C:\Windows\System\HMCVcgh.exe

C:\Windows\System\rjNnlRc.exe

C:\Windows\System\rjNnlRc.exe

C:\Windows\System\ShNLVqE.exe

C:\Windows\System\ShNLVqE.exe

C:\Windows\System\hykJgtK.exe

C:\Windows\System\hykJgtK.exe

C:\Windows\System\NLWphhy.exe

C:\Windows\System\NLWphhy.exe

C:\Windows\System\AvegUie.exe

C:\Windows\System\AvegUie.exe

C:\Windows\System\vnUlYOY.exe

C:\Windows\System\vnUlYOY.exe

C:\Windows\System\BhgfvGa.exe

C:\Windows\System\BhgfvGa.exe

C:\Windows\System\fJIudxV.exe

C:\Windows\System\fJIudxV.exe

C:\Windows\System\GDyqjuT.exe

C:\Windows\System\GDyqjuT.exe

C:\Windows\System\fMKFQgY.exe

C:\Windows\System\fMKFQgY.exe

C:\Windows\System\HklDOFY.exe

C:\Windows\System\HklDOFY.exe

C:\Windows\System\TmwKuYX.exe

C:\Windows\System\TmwKuYX.exe

C:\Windows\System\oBcXTYN.exe

C:\Windows\System\oBcXTYN.exe

C:\Windows\System\XCFqqhe.exe

C:\Windows\System\XCFqqhe.exe

C:\Windows\System\uoQiqZM.exe

C:\Windows\System\uoQiqZM.exe

C:\Windows\System\ChkGrbO.exe

C:\Windows\System\ChkGrbO.exe

C:\Windows\System\MutdNZB.exe

C:\Windows\System\MutdNZB.exe

C:\Windows\System\RSeSyYP.exe

C:\Windows\System\RSeSyYP.exe

C:\Windows\System\qAoVUBU.exe

C:\Windows\System\qAoVUBU.exe

C:\Windows\System\eLQOXko.exe

C:\Windows\System\eLQOXko.exe

C:\Windows\System\AafVbRb.exe

C:\Windows\System\AafVbRb.exe

C:\Windows\System\mUIslVv.exe

C:\Windows\System\mUIslVv.exe

C:\Windows\System\MqKCjAf.exe

C:\Windows\System\MqKCjAf.exe

C:\Windows\System\CFbVZlC.exe

C:\Windows\System\CFbVZlC.exe

C:\Windows\System\kqdXkAl.exe

C:\Windows\System\kqdXkAl.exe

C:\Windows\System\EEEvfRE.exe

C:\Windows\System\EEEvfRE.exe

C:\Windows\System\DMOruuk.exe

C:\Windows\System\DMOruuk.exe

C:\Windows\System\miSwKvI.exe

C:\Windows\System\miSwKvI.exe

C:\Windows\System\PNgppkk.exe

C:\Windows\System\PNgppkk.exe

C:\Windows\System\ppCXCco.exe

C:\Windows\System\ppCXCco.exe

C:\Windows\System\QxBREaH.exe

C:\Windows\System\QxBREaH.exe

C:\Windows\System\NIaKNTX.exe

C:\Windows\System\NIaKNTX.exe

C:\Windows\System\SMYLrKC.exe

C:\Windows\System\SMYLrKC.exe

C:\Windows\System\qXhpDWY.exe

C:\Windows\System\qXhpDWY.exe

C:\Windows\System\EzzMJbb.exe

C:\Windows\System\EzzMJbb.exe

C:\Windows\System\xjMwGCr.exe

C:\Windows\System\xjMwGCr.exe

C:\Windows\System\RwRdWMH.exe

C:\Windows\System\RwRdWMH.exe

C:\Windows\System\yUPelFC.exe

C:\Windows\System\yUPelFC.exe

C:\Windows\System\eREbrIj.exe

C:\Windows\System\eREbrIj.exe

C:\Windows\System\zEoAJwt.exe

C:\Windows\System\zEoAJwt.exe

C:\Windows\System\oLJRHNF.exe

C:\Windows\System\oLJRHNF.exe

C:\Windows\System\tiRhIaF.exe

C:\Windows\System\tiRhIaF.exe

C:\Windows\System\fiDHbkJ.exe

C:\Windows\System\fiDHbkJ.exe

C:\Windows\System\bBpwmIU.exe

C:\Windows\System\bBpwmIU.exe

C:\Windows\System\Gjpktmz.exe

C:\Windows\System\Gjpktmz.exe

C:\Windows\System\EijYnHq.exe

C:\Windows\System\EijYnHq.exe

C:\Windows\System\HaSzTYm.exe

C:\Windows\System\HaSzTYm.exe

C:\Windows\System\taIUHaP.exe

C:\Windows\System\taIUHaP.exe

C:\Windows\System\vzccNOW.exe

C:\Windows\System\vzccNOW.exe

C:\Windows\System\bHNQSDC.exe

C:\Windows\System\bHNQSDC.exe

C:\Windows\System\CebWDLp.exe

C:\Windows\System\CebWDLp.exe

C:\Windows\System\utyHVzs.exe

C:\Windows\System\utyHVzs.exe

C:\Windows\System\tdgLKXu.exe

C:\Windows\System\tdgLKXu.exe

C:\Windows\System\ICPLjOk.exe

C:\Windows\System\ICPLjOk.exe

C:\Windows\System\mXhlUvO.exe

C:\Windows\System\mXhlUvO.exe

C:\Windows\System\wQbItJe.exe

C:\Windows\System\wQbItJe.exe

C:\Windows\System\gOGxPLP.exe

C:\Windows\System\gOGxPLP.exe

C:\Windows\System\XkvSOpI.exe

C:\Windows\System\XkvSOpI.exe

C:\Windows\System\saOBKhV.exe

C:\Windows\System\saOBKhV.exe

C:\Windows\System\RrjQvnf.exe

C:\Windows\System\RrjQvnf.exe

C:\Windows\System\pkDRhXv.exe

C:\Windows\System\pkDRhXv.exe

C:\Windows\System\caWbOBa.exe

C:\Windows\System\caWbOBa.exe

C:\Windows\System\IWwOmfR.exe

C:\Windows\System\IWwOmfR.exe

C:\Windows\System\FkMSnmF.exe

C:\Windows\System\FkMSnmF.exe

C:\Windows\System\slOVWOd.exe

C:\Windows\System\slOVWOd.exe

C:\Windows\System\vLFITxb.exe

C:\Windows\System\vLFITxb.exe

C:\Windows\System\JDwSUIa.exe

C:\Windows\System\JDwSUIa.exe

C:\Windows\System\WSgVJuV.exe

C:\Windows\System\WSgVJuV.exe

C:\Windows\System\dWbDuUT.exe

C:\Windows\System\dWbDuUT.exe

C:\Windows\System\lMKQExe.exe

C:\Windows\System\lMKQExe.exe

C:\Windows\System\NcSzECy.exe

C:\Windows\System\NcSzECy.exe

C:\Windows\System\DeJfMvQ.exe

C:\Windows\System\DeJfMvQ.exe

C:\Windows\System\oVHJDDT.exe

C:\Windows\System\oVHJDDT.exe

C:\Windows\System\fLtXbZy.exe

C:\Windows\System\fLtXbZy.exe

C:\Windows\System\ORWOePE.exe

C:\Windows\System\ORWOePE.exe

C:\Windows\System\ktcZrLg.exe

C:\Windows\System\ktcZrLg.exe

C:\Windows\System\OGNcdlW.exe

C:\Windows\System\OGNcdlW.exe

C:\Windows\System\BemervT.exe

C:\Windows\System\BemervT.exe

C:\Windows\System\vKkgBIF.exe

C:\Windows\System\vKkgBIF.exe

C:\Windows\System\ElXwBPe.exe

C:\Windows\System\ElXwBPe.exe

C:\Windows\System\YyRUwsv.exe

C:\Windows\System\YyRUwsv.exe

C:\Windows\System\vrPdELi.exe

C:\Windows\System\vrPdELi.exe

C:\Windows\System\iBIueYK.exe

C:\Windows\System\iBIueYK.exe

C:\Windows\System\JCYyCjC.exe

C:\Windows\System\JCYyCjC.exe

C:\Windows\System\zkPUlwp.exe

C:\Windows\System\zkPUlwp.exe

C:\Windows\System\NlYHtBO.exe

C:\Windows\System\NlYHtBO.exe

C:\Windows\System\rPoWNmR.exe

C:\Windows\System\rPoWNmR.exe

C:\Windows\System\CzjOuFu.exe

C:\Windows\System\CzjOuFu.exe

C:\Windows\System\cKPbcfw.exe

C:\Windows\System\cKPbcfw.exe

C:\Windows\System\OoiBfnf.exe

C:\Windows\System\OoiBfnf.exe

C:\Windows\System\XahxSez.exe

C:\Windows\System\XahxSez.exe

C:\Windows\System\XkammCr.exe

C:\Windows\System\XkammCr.exe

C:\Windows\System\WxraodS.exe

C:\Windows\System\WxraodS.exe

C:\Windows\System\dHCwHdp.exe

C:\Windows\System\dHCwHdp.exe

C:\Windows\System\FqJNThz.exe

C:\Windows\System\FqJNThz.exe

C:\Windows\System\WEwIloQ.exe

C:\Windows\System\WEwIloQ.exe

C:\Windows\System\FUzhABT.exe

C:\Windows\System\FUzhABT.exe

C:\Windows\System\ndFZXvh.exe

C:\Windows\System\ndFZXvh.exe

C:\Windows\System\iyBKIAS.exe

C:\Windows\System\iyBKIAS.exe

C:\Windows\System\SVPbItk.exe

C:\Windows\System\SVPbItk.exe

C:\Windows\System\pRpWDqx.exe

C:\Windows\System\pRpWDqx.exe

C:\Windows\System\wUyQVtm.exe

C:\Windows\System\wUyQVtm.exe

C:\Windows\System\SpzqOdO.exe

C:\Windows\System\SpzqOdO.exe

C:\Windows\System\gSGsuwi.exe

C:\Windows\System\gSGsuwi.exe

C:\Windows\System\GpyjkPm.exe

C:\Windows\System\GpyjkPm.exe

C:\Windows\System\PEPMzvA.exe

C:\Windows\System\PEPMzvA.exe

C:\Windows\System\prNUDPa.exe

C:\Windows\System\prNUDPa.exe

C:\Windows\System\KisKLWr.exe

C:\Windows\System\KisKLWr.exe

C:\Windows\System\QZQgeFT.exe

C:\Windows\System\QZQgeFT.exe

C:\Windows\System\UjeUrRL.exe

C:\Windows\System\UjeUrRL.exe

C:\Windows\System\bERvqzH.exe

C:\Windows\System\bERvqzH.exe

C:\Windows\System\bsCAVyH.exe

C:\Windows\System\bsCAVyH.exe

C:\Windows\System\xZuMecA.exe

C:\Windows\System\xZuMecA.exe

C:\Windows\System\WhrGPIn.exe

C:\Windows\System\WhrGPIn.exe

C:\Windows\System\oFSuMlT.exe

C:\Windows\System\oFSuMlT.exe

C:\Windows\System\cTqdmTw.exe

C:\Windows\System\cTqdmTw.exe

C:\Windows\System\ArvcYud.exe

C:\Windows\System\ArvcYud.exe

C:\Windows\System\HnHMrjk.exe

C:\Windows\System\HnHMrjk.exe

C:\Windows\System\SJIBtzP.exe

C:\Windows\System\SJIBtzP.exe

C:\Windows\System\pbdxYSg.exe

C:\Windows\System\pbdxYSg.exe

C:\Windows\System\IxoPIbM.exe

C:\Windows\System\IxoPIbM.exe

C:\Windows\System\RGEdOGc.exe

C:\Windows\System\RGEdOGc.exe

C:\Windows\System\skJSumC.exe

C:\Windows\System\skJSumC.exe

C:\Windows\System\kEGmSlJ.exe

C:\Windows\System\kEGmSlJ.exe

C:\Windows\System\RdAYSeD.exe

C:\Windows\System\RdAYSeD.exe

C:\Windows\System\qKUQzNL.exe

C:\Windows\System\qKUQzNL.exe

C:\Windows\System\YWkDsiS.exe

C:\Windows\System\YWkDsiS.exe

C:\Windows\System\JLlFOvP.exe

C:\Windows\System\JLlFOvP.exe

C:\Windows\System\VCcceQG.exe

C:\Windows\System\VCcceQG.exe

C:\Windows\System\pSLrKMX.exe

C:\Windows\System\pSLrKMX.exe

C:\Windows\System\aAiYZEU.exe

C:\Windows\System\aAiYZEU.exe

C:\Windows\System\ATfKPWz.exe

C:\Windows\System\ATfKPWz.exe

C:\Windows\System\AKvxfGR.exe

C:\Windows\System\AKvxfGR.exe

C:\Windows\System\bUGPKGQ.exe

C:\Windows\System\bUGPKGQ.exe

C:\Windows\System\OpPlEpj.exe

C:\Windows\System\OpPlEpj.exe

C:\Windows\System\mNsKndn.exe

C:\Windows\System\mNsKndn.exe

C:\Windows\System\PHQSSOe.exe

C:\Windows\System\PHQSSOe.exe

C:\Windows\System\BIDznhp.exe

C:\Windows\System\BIDznhp.exe

C:\Windows\System\ZFstUTH.exe

C:\Windows\System\ZFstUTH.exe

C:\Windows\System\mXpEqDv.exe

C:\Windows\System\mXpEqDv.exe

C:\Windows\System\pMdIsqd.exe

C:\Windows\System\pMdIsqd.exe

C:\Windows\System\guAqDgK.exe

C:\Windows\System\guAqDgK.exe

C:\Windows\System\aPqeNzX.exe

C:\Windows\System\aPqeNzX.exe

C:\Windows\System\RZBdHTi.exe

C:\Windows\System\RZBdHTi.exe

C:\Windows\System\HRxwUpo.exe

C:\Windows\System\HRxwUpo.exe

C:\Windows\System\PePLLue.exe

C:\Windows\System\PePLLue.exe

C:\Windows\System\aCyDqcQ.exe

C:\Windows\System\aCyDqcQ.exe

C:\Windows\System\vFMLQIM.exe

C:\Windows\System\vFMLQIM.exe

C:\Windows\System\ZFNewHB.exe

C:\Windows\System\ZFNewHB.exe

C:\Windows\System\oilbakn.exe

C:\Windows\System\oilbakn.exe

C:\Windows\System\pNZpQTp.exe

C:\Windows\System\pNZpQTp.exe

C:\Windows\System\UszuLpM.exe

C:\Windows\System\UszuLpM.exe

C:\Windows\System\ngqrqTn.exe

C:\Windows\System\ngqrqTn.exe

C:\Windows\System\DpfpfAT.exe

C:\Windows\System\DpfpfAT.exe

C:\Windows\System\bDAxfky.exe

C:\Windows\System\bDAxfky.exe

C:\Windows\System\AbMwcDV.exe

C:\Windows\System\AbMwcDV.exe

C:\Windows\System\gzCwHhM.exe

C:\Windows\System\gzCwHhM.exe

C:\Windows\System\GQSyvQu.exe

C:\Windows\System\GQSyvQu.exe

C:\Windows\System\tZpoZjQ.exe

C:\Windows\System\tZpoZjQ.exe

C:\Windows\System\hRhEQxC.exe

C:\Windows\System\hRhEQxC.exe

C:\Windows\System\hoEkKLq.exe

C:\Windows\System\hoEkKLq.exe

C:\Windows\System\rlNTUso.exe

C:\Windows\System\rlNTUso.exe

C:\Windows\System\sMVARTk.exe

C:\Windows\System\sMVARTk.exe

C:\Windows\System\UPueLlo.exe

C:\Windows\System\UPueLlo.exe

C:\Windows\System\bowNAcY.exe

C:\Windows\System\bowNAcY.exe

C:\Windows\System\yYmuADa.exe

C:\Windows\System\yYmuADa.exe

C:\Windows\System\FCiXcPh.exe

C:\Windows\System\FCiXcPh.exe

C:\Windows\System\giTWPsD.exe

C:\Windows\System\giTWPsD.exe

C:\Windows\System\djlqzLO.exe

C:\Windows\System\djlqzLO.exe

C:\Windows\System\crZyWzT.exe

C:\Windows\System\crZyWzT.exe

C:\Windows\System\xzcyGQK.exe

C:\Windows\System\xzcyGQK.exe

C:\Windows\System\uSQiNVe.exe

C:\Windows\System\uSQiNVe.exe

C:\Windows\System\pkeEYzU.exe

C:\Windows\System\pkeEYzU.exe

C:\Windows\System\dJHhasq.exe

C:\Windows\System\dJHhasq.exe

C:\Windows\System\FbDZyOe.exe

C:\Windows\System\FbDZyOe.exe

C:\Windows\System\uwsKDes.exe

C:\Windows\System\uwsKDes.exe

C:\Windows\System\qHFEFjI.exe

C:\Windows\System\qHFEFjI.exe

C:\Windows\System\bMNUsVe.exe

C:\Windows\System\bMNUsVe.exe

C:\Windows\System\uMyIrRw.exe

C:\Windows\System\uMyIrRw.exe

C:\Windows\System\fmnoZJT.exe

C:\Windows\System\fmnoZJT.exe

C:\Windows\System\IudnPoR.exe

C:\Windows\System\IudnPoR.exe

C:\Windows\System\rwxqVuQ.exe

C:\Windows\System\rwxqVuQ.exe

C:\Windows\System\EIXreaJ.exe

C:\Windows\System\EIXreaJ.exe

C:\Windows\System\lVqYLwx.exe

C:\Windows\System\lVqYLwx.exe

C:\Windows\System\zIgCeYc.exe

C:\Windows\System\zIgCeYc.exe

C:\Windows\System\EKpeefl.exe

C:\Windows\System\EKpeefl.exe

C:\Windows\System\QZFEAse.exe

C:\Windows\System\QZFEAse.exe

C:\Windows\System\AEaYTtz.exe

C:\Windows\System\AEaYTtz.exe

C:\Windows\System\bngGboI.exe

C:\Windows\System\bngGboI.exe

C:\Windows\System\NlbmmqL.exe

C:\Windows\System\NlbmmqL.exe

C:\Windows\System\TvvkCQb.exe

C:\Windows\System\TvvkCQb.exe

C:\Windows\System\HHSndkt.exe

C:\Windows\System\HHSndkt.exe

C:\Windows\System\TAgjsMl.exe

C:\Windows\System\TAgjsMl.exe

C:\Windows\System\lzMxZiQ.exe

C:\Windows\System\lzMxZiQ.exe

C:\Windows\System\GgwWRCK.exe

C:\Windows\System\GgwWRCK.exe

C:\Windows\System\GdsnoXB.exe

C:\Windows\System\GdsnoXB.exe

C:\Windows\System\uDSeczx.exe

C:\Windows\System\uDSeczx.exe

C:\Windows\System\NIKbuAO.exe

C:\Windows\System\NIKbuAO.exe

C:\Windows\System\icACRxV.exe

C:\Windows\System\icACRxV.exe

C:\Windows\System\KlvMquz.exe

C:\Windows\System\KlvMquz.exe

C:\Windows\System\xZvbyiQ.exe

C:\Windows\System\xZvbyiQ.exe

C:\Windows\System\BCoeyNu.exe

C:\Windows\System\BCoeyNu.exe

C:\Windows\System\MxXFHRV.exe

C:\Windows\System\MxXFHRV.exe

C:\Windows\System\PtbUcZB.exe

C:\Windows\System\PtbUcZB.exe

Network

N/A

Files

memory/1284-0-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/1284-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\eyDujKb.exe

MD5 2ddf895a7053f842051552e3cbd5901e
SHA1 5db0a3a2cccd536e2edfa8c2c2f84e8ce83aef42
SHA256 dd4b95080f55621bcc8b46aad450d63a4b4d211e5223f51f724695216770935d
SHA512 703d8fc685933c04f50dc6ee6d41a9692c710334c45b8fbea07a44e8ef799bd51af1f3bd7c887d95ed6a6ce83722d9b8ebb459740d8999053ebf8d512eaeb829

C:\Windows\system\rlKtixD.exe

MD5 1f2b04ad324b459a8a2af83d8e79414d
SHA1 139f577148e1062e853a87eb344c239cbeb2144b
SHA256 6395cf0355c1dbd81b9b0297ce62ee2126b64db73455a5cba8796c11811e0d59
SHA512 7bd81256cbf9021eb8f74a4ef5cf7dcc50959b3c1bb2e3358e2138c940d073e7b11c7b9480c86b00609d7910c07ec1305d48697ade21a72d30f08d3621ab7d85

C:\Windows\system\ofElQZv.exe

MD5 c0831142fab2c997c29f054969e34c48
SHA1 d3412669587c4db6a9fb3dbf735cd23410e17f1d
SHA256 3fb9036fec65424984753cc69c724752cb9c81b08ad90a8b425fe209c21686a9
SHA512 d8fba04c58592c31892fd77a6921fd29ec23775bbcab1803f1ece85c6322cf76bfcb317c4c64795bd04fe9f5e03fbcb5c537003feb26f883397a2ec19a4c0f38

memory/1284-6-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/1284-13-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/1284-24-0x000000013F650000-0x000000013F9A4000-memory.dmp

C:\Windows\system\QgHuHMt.exe

MD5 a933c5721f36bb3a4208b0ca002ff991
SHA1 254302527e2e3607d1858f8cff8a54409ca51ea2
SHA256 15a315bd2372b2fc46b92569b55682dca1d2e0d9c2abd83a45544da1f55b0f82
SHA512 1b98d8bd8e009c52f8888e7599663f8bd2a9e4c45938a91c0a0629ff6b71e122c747cbe13111f55e99c0b53e60329a8437387c2c6a7f66141ead6c9ed1c51ca3

C:\Windows\system\okOYHPl.exe

MD5 6e583088add10894d44a97b494c3198a
SHA1 fe0a92eed66280658316c95db5bb6c734daf154c
SHA256 9f4499863498fd654339b7cb16c60f10580ebe5bac3703d0b364d7faf09de4b2
SHA512 59420f22220950640dfb2b790dab6ccb251aa7821c97229d3edc7ec88db81986ba63f4220b6652a5c72667100634c263af0fcd036974e0a7be6fbf07135d310b

C:\Windows\system\EXsDYKe.exe

MD5 09beb6e2f609b1aa063f7de0b540fc73
SHA1 6a7eae05eedacb9aeaf0e5c4b3fbc92d402b5b9d
SHA256 06a068e670bf282d081ca9540589279d2be293bee002e0f62e1d31f5388934ef
SHA512 f05abc992c912cd2c9693a1fa97a84835aae61612dcc20ae64f3f40a278e2d9ee84b794dbda91af88b0078bc10179adcdaef6b7e4b49ccc436e3dcd0bf285502

memory/1284-1499-0x00000000023A0000-0x00000000026F4000-memory.dmp

memory/2580-1495-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/1284-945-0x00000000023A0000-0x00000000026F4000-memory.dmp

C:\Windows\system\IrqFwbY.exe

MD5 67a5a8e4ca323db138690f00c5cfbdd8
SHA1 b74c796e25436691630ac9c8771e337003f9dfef
SHA256 7be967087fd7dab74bdeaa518102314a14f6127c9483df1fb279ad0fbbfc73ad
SHA512 3649f42c62e7c81b7854b6f7adce7e2896d541a55740b22b5e2895f14e19402551bc80fea7b29656b67e9d4183265c12137a9e6dc378771e01ec592c14b1a5c8

C:\Windows\system\LhNmemh.exe

MD5 73347760269fc607ea13eb25fb515889
SHA1 480a7840820e3b7edb4dce4d3fdc7171235bd342
SHA256 3f11ac03c81ff674b7b2983f88e2b06cf16c3ff4ea2a8e297b6b6214825593a9
SHA512 fe459c82b3345ecd04d1d1845c03a44ac96bd6b09bb76a408977f1e9143f4579a3e3d0c0541f19136fd867eac85931838cce596b2c3c7c30e52673ba62f91703

C:\Windows\system\VDxYAnz.exe

MD5 76e39ba053348c65494eea1dacfafa4d
SHA1 bd1cc950380f3516f49f50e1c83dd9b861693fa2
SHA256 166b7d4fcf6516dde02add43b38114eed5cc1102b07db736ad6a65b6e8fd2317
SHA512 fee677bd29a93bb6e5d0fa5ff00f9d8f0b6ec54e53eb1895e20822d65526e2cfa6382e589c92e5cd7115340a1e1cc7754f1500fbc1ba2b212a451eb8ab38bc95

C:\Windows\system\RULXsMs.exe

MD5 bec07a911a9c7ecbdcab573fcc149cf0
SHA1 e0b11bcf046d5e8efd488bb6828147498e192403
SHA256 25e509b2e4e45d8f40f61afc00a26e12ba44db6b387d04694a84004792afd516
SHA512 06b343578cae8ba3f1ffcac38ef22423d6042d29974726b5d578c9d1282040b9b385fd775d86b7aec0cfb3b2ed20ad5008418cca322d64a118f1b73819409a98

C:\Windows\system\RxIgCbf.exe

MD5 12aba071e5456efd6be4c7ae6a01be81
SHA1 238459c3d51c0f5d7aa6891e3e163a7abaea474c
SHA256 c544b4e7f68a915e3bd65f453e1da2a2a74fe4edf12341d2435de09b287ee9fe
SHA512 74005a9ba92952dd53e21047bfb81c26030aff4955ce3a5ba1bf70ab18511f1b69fe66f02cfca5dc379988c76a1ce1f915daaf379d98099234569ff9b2fc0765

C:\Windows\system\kyKWiBz.exe

MD5 310dd46c083eaf04a7c714d27ad281f8
SHA1 5ad532be8eda70d9aafd84822abde7c4dbf8c671
SHA256 93ec8ee10e32b5d43ce08187a153bdf3e2b8a798a57577fe0c4ef8d2a2f40c64
SHA512 d9e04b00ac4739ffe27a9ddfc319b2984ca40fcdbd4451ea87a71ca74f486e4d41a9505bc3e1b939c63d5f41f0910bd14dfe7ab2830670bc491d17e0428dc35e

C:\Windows\system\XibowXz.exe

MD5 ce423bf3cbfecddb9040f2949ab77a47
SHA1 4af2b46ce36aed7313f900314651bfd2bf101341
SHA256 fd9158c76dbdbad890f6b86412e3fbedce6be018c7bec11e2b69530623d7eb76
SHA512 e3977c52432dd348b40cec368db8d27d91d0b4232cc931d224d2abab91a8a9fdc635c621756ac41a353b3038a4b95e3484fb603ac2a893a927b799abf8e19d94

memory/2268-111-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/1284-101-0x000000013F4C0000-0x000000013F814000-memory.dmp

\Windows\system\wziewmW.exe

MD5 fda22477db56390808faa15638103c75
SHA1 1298255c907fc5ec183a753265a6687adbca4673
SHA256 4c78d06a2a98c3392c39556acc1e3a0be354329de31d27b654b640fdb3766a64
SHA512 2d05d7cd6fafbfbc8066c2ddff4e5c983b896b61254161044dd413acc1b3a17a7f1d4a74fece128de0176980c7f1c43ae30d3efaf3be17664949ceb12302be2b

memory/2516-93-0x000000013F910000-0x000000013FC64000-memory.dmp

\Windows\system\CXQPtsj.exe

MD5 3d5fd68cfbf8752bc4a953dffa3c3d7e
SHA1 10777576991093ce5c649dbc5f7e5b7bd304ff7e
SHA256 85e8d943f37e613c2ce51ff6fd5eb01ac9455403fbfecf2c58620da988a08c5e
SHA512 65728cbfa423dbf76c5114fd311d86263271995dbf4a864b28635e95760cf7890584c76ee2ae700ef39e67234c36dbf8ceaccd5f25feff14842e2337661bff33

memory/2476-84-0x000000013FBE0000-0x000000013FF34000-memory.dmp

\Windows\system\ErwWOVd.exe

MD5 4c9ac4ec91be606dfb541746cc90af18
SHA1 4a5e2466be3e20aff176622fb19fd3b978656634
SHA256 fb485dd26106a03043766b832803b5b0958e017b28cbf9639a6470676fd045ef
SHA512 80879529a7daee30c5e9c675d14e2abdb36a11b9e7ab33efb46b4c704db6a80feafb086effb05b2bc4c6740478ea53fc6f95bc040ccb10adeea3bad11d2e0306

memory/1284-76-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2388-75-0x000000013F0F0000-0x000000013F444000-memory.dmp

C:\Windows\system\ApKwXos.exe

MD5 a959aee165b1c06b32fd3ed6e2c4b136
SHA1 0a562272b7cc9c8cd32ec632fab0b746c903dc2d
SHA256 061fd5290741b5246cffaca8da72dd741ef167242c83c8e360bde78129d19de6
SHA512 2d9d9c27792bf8a779a77f12e107f707fb4665709414aa5f93c3652d7554e918dad869bc03dc2a0e75902e5ba6f288b9c9f238182f71855caead46c0bb0e9671

\Windows\system\wDQHnGM.exe

MD5 7b1ff59461dd514de2536a5f7870b03f
SHA1 33d86c06d601b2b1e2bb349ec1e915bf1e80f08b
SHA256 e259377ecd230ba6d52f2d05440397a7542e65a06dd360d228a858c0b7295232
SHA512 f78f6db2b2eb8301cade4dc9ae0f4b06cea091f5cc93bdb4a0d0fe75d1d9eeb001f60aa468081d5f4d1eefbb150950693cab40ef70f8c542c21e414fe5fa014f

\Windows\system\LSUsrBo.exe

MD5 2e8abdec6c7f979378131b02724a36c5
SHA1 87212d839433bd884b028339023c2d6d3fd41993
SHA256 9fc1cf1b416740732a855b07661ec7284cddd3928d396f9b019215c37c869a84
SHA512 4a11e2d6a5012bb86b5f07c326dc54bfe72368f63f34bbf7e115d2022f217043c1677816329e70c797bfcf7418990fddd351c5cda9de26a539d814068ac63e58

memory/1284-57-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/2728-55-0x000000013F910000-0x000000013FC64000-memory.dmp

\Windows\system\nOgRUbL.exe

MD5 d84924971dd626c8aa9d2d35d92e25b1
SHA1 419c563fd72bd8c7bc0be8a80eb181ee7cff7b2c
SHA256 af1fd1f783ed912cb49094ff2a397a49c0687d7fcfc4c27aad74e8969ea7b28b
SHA512 ebc09512524126018f48b75993a49efad313625718aba67acf85c6155ffea0ba2a21badc0cf3dedf340ab6a1c23c20f0447a5c063a9ccbf3a8db878553a74b27

memory/1284-46-0x000000013F810000-0x000000013FB64000-memory.dmp

C:\Windows\system\ZZKwTpM.exe

MD5 e6aefa617b62762ed5d6f6a63f89393d
SHA1 c24e852867284fc4d1754eeec18084fd3298b5d7
SHA256 77a3d90877e5e1488821279c0a7e212ffe22f95e52742bf64f1cc18bb1dfa84c
SHA512 fafbcf086bddd3a9d1221541066470bb1e8ecc4b25035eb0dbcaa69ed78a966ab4ea4e498996df74b0a4f40ffe2b879e0dde9e4e7760da7f1fe6663336e17258

memory/2432-42-0x000000013FC30000-0x000000013FF84000-memory.dmp

\Windows\system\irHQqgh.exe

MD5 b28f25f58079c21558ae5e92d9728760
SHA1 ef1a0ecbcd8b2e14506ebd21670ac30ee110de70
SHA256 362cfcb8c1428ba7bbcc37af00175723b9c6fe8bfc2b5c267f284531e3cd1da7
SHA512 7bcb0380cab0efdc828d36af3b3796a0df02b99a5c6b5dae07ea3626d73b5662a2709fd0c611ace1e613e33d5c2f337ef66c390fc4e4c546e1b93397c6dbdae6

\Windows\system\PBGQhUv.exe

MD5 c43171e266b6af94345b4db1b1c36852
SHA1 bd6317d57999bcd0b3e6d7111ef08b0a8575c635
SHA256 8eaa952dd252004023447e3e2a199cef5838a2fbe2e122b1aab0ad44d40a5b84
SHA512 73649cbe5c31ffd79ec26376ada99e1c71e67f46e7ea836e63d5f1f1b46c00fe599618e2e813f48cc3651e4f9ccac5801e47711e24a69d523819559879ea0059

C:\Windows\system\HLFvnJQ.exe

MD5 70392611232e2e4eb6a55b00fc2d32e0
SHA1 9ef5b0195de1feb5d203e6754bb4956b1bf2edc3
SHA256 f567ab36e8cdc499a7dfd11347b0cb38dd9edc7ff356e439cc35c7e98b14d567
SHA512 7427e587822a199b477b41bb9c5336e04af9c1ed07fe1e95930ecd34e82938fa09a1ab6fa62374f7a40981ebdcec89c268ba380445e08fda9181cb9ed9ac2619

memory/1284-122-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/1284-116-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/1284-107-0x000000013F1B0000-0x000000013F504000-memory.dmp

C:\Windows\system\mdWYXDl.exe

MD5 1ca15a1ed7d0206cd2810e9bbd955365
SHA1 dc9173d96869c437c1e34ba54c7f97366f6af83d
SHA256 6646a674a1f332768cac98da5bf205b1464b2126e9d4a469564fb0e91507b226
SHA512 e059f649a4fdfcc3b7dbfdf41c7b3f7177f026d3ef04fbbd02c18587f97fba40654f72580dd6dbbe4d808c4aeb955fe673f397684101b48a8ad9b4818c1e542e

memory/1616-105-0x000000013F4C0000-0x000000013F814000-memory.dmp

C:\Windows\system\ihyatts.exe

MD5 f090018ba8045257d624357b7f834e37
SHA1 aa0a7cddfa3445404f7a99b2bb9501940030368a
SHA256 fc47238170b8f15f84f487880596d9acf15fddddccda611a3226bb9803e7aa0c
SHA512 5ddf24659b52724dcc940764a8abbe265a2d6260fb584d3fbf9661ac2faa510b145e8219fdfb46cbddc5f1ca6d9a9fe152448f03093d9f76bacda8b0efd44213

memory/1284-89-0x00000000023A0000-0x00000000026F4000-memory.dmp

C:\Windows\system\FEvVDOD.exe

MD5 0bd7650fcc310ccce4405f2068d4bc57
SHA1 1e8f8c1cffae7625e62c3d0d60ee72346079acd5
SHA256 45eefae3bcc395ba3d156710a70f63f96bedcac6e36e4c86cd66129627cef287
SHA512 aae4c4fe52e098fbd15c76fb1c41ed4378593ae52f11de14ae145a0cba0a640d04ded7afa62caa79fee75b143f93a380d228f03177b902e148a87ac219ea18f6

C:\Windows\system\VoJBbBn.exe

MD5 8893cfa672e0444e38f33a7585b05e0e
SHA1 d0588117e8ed19811d4a281d703768039816a1be
SHA256 53713b93fdd9ca5118ab5e0f395fcf69b50a7eb2ad953f58275a80b585d164f0
SHA512 37db516c5f57048cdf1377fd1dc3ec0d19ee08e08a7d8f797e825939f1e0136ebb47c2aacbaa202f967655fcac91442eabc67a3127fba5232e0cd981f44da589

memory/1284-70-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/1284-63-0x00000000023A0000-0x00000000026F4000-memory.dmp

memory/2468-62-0x000000013FB10000-0x000000013FE64000-memory.dmp

C:\Windows\system\sSZkOGM.exe

MD5 09bd6a937902570dac10d30f2b112af5
SHA1 722d5ad963f62900b3a753f0e8373f1396c03d32
SHA256 a15cd23352cf2b8da7fcffe1fff76f5716dc707a54d0c0f06b636350a42c78cf
SHA512 88494e34bdb49b59b4f61a29142642dae2dda6e5eb63cdeadcdd2c1a40ea8c829c9935eb9ab2b960ad3744f315f3598fe33097ec28b5d25d8c7539dc9250a6a5

memory/1284-52-0x000000013F910000-0x000000013FC64000-memory.dmp

C:\Windows\system\uFhRYVI.exe

MD5 5cab131d6ae28dd8076bbece8710e57a
SHA1 3ef14cd5b925bb22c3043e267310d013240747ed
SHA256 cbdac87a3445b88d78ab63b678328720526f977dd2d4ec92da42b3646d71f61e
SHA512 a0c20d8b611af96fa6b6407f9369720dd843cd2e464c55bc223fee12098872870958ce6178258f0292fc34f135cbdd2efdc300b60ac1ae2d886cf2b9b834129a

memory/1284-50-0x000000013F0C0000-0x000000013F414000-memory.dmp

C:\Windows\system\ovktJeK.exe

MD5 e469f503b518d5c3b47567bef1a9203c
SHA1 6479a4b584465cd06f20bcf7ef03f7269afaf400
SHA256 4e778104fb37b626b6594073a829c7b72c18ed09e45fd4e20f4e4f4a90e16592
SHA512 e39eb68f6ff0c39ad4685dc6c94b7247ac11b7d723c131bd9d5ab13c706e81f56c97e811b77d72dbefa0ed0c563bcf29f0c23f9fbf181b9544a712346672d923

C:\Windows\system\HjThEHO.exe

MD5 0048615d5642150c60cfd3260ba1bdeb
SHA1 8369342a454287a94860cb9b678292afe693c78f
SHA256 f5a5bc6e38fe79cb77c51d202d428abc71ec3e0b82976d6102f7e367f7d072f6
SHA512 a8005d6d084647efbe43b8f6c0a90999b259addbf2ade06ebf1d69a9b870168557db42cf955ef4aade1746514c80ff44933792e79b58a0c4ceff0e432902870b

memory/1284-27-0x00000000023A0000-0x00000000026F4000-memory.dmp

memory/2552-26-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2648-25-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2516-12-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2468-1507-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/2728-1506-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2648-1698-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2552-1708-0x000000013F0C0000-0x000000013F414000-memory.dmp

memory/2516-1707-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2432-1701-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2580-1709-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/1616-2018-0x000000013F4C0000-0x000000013F814000-memory.dmp

memory/2728-2026-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2268-2031-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2468-2062-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/2388-2104-0x000000013F0F0000-0x000000013F444000-memory.dmp

memory/2476-2122-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 19:56

Reported

2024-05-22 19:59

Platform

win10v2004-20240426-en

Max time kernel

133s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe"

Signatures

xmrig

miner xmrig

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_7517d14dcfee7b6d893fd113d71e83e5_cobalt-strike_cobaltstrike.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.56:443 www.bing.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
NL 23.62.61.56:443 www.bing.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/3356-0-0x00007FF763D10000-0x00007FF764064000-memory.dmp