Malware Analysis Report

2025-04-19 16:21

Sample ID 240522-ysejqaef59
Target 2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike
SHA256 3f8b6519d429fe7528f22920055a41b69b3abefce167d41afa07be7374762c4f
Tags
miner upx 0 xmrig cobaltstrike backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f8b6519d429fe7528f22920055a41b69b3abefce167d41afa07be7374762c4f

Threat Level: Known bad

The file 2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike was found to be: Known bad.

Malicious Activity Summary

miner upx 0 xmrig cobaltstrike backdoor trojan

Cobaltstrike

Xmrig family

Detects Reflective DLL injection artifacts

Cobaltstrike family

UPX dump on OEP (original entry point)

XMRig Miner payload

Cobalt Strike reflective loader

xmrig

Detects Reflective DLL injection artifacts

XMRig Miner payload

UPX dump on OEP (original entry point)

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-22 20:02

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike family

cobaltstrike

Detects Reflective DLL injection artifacts

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 20:02

Reported

2024-05-22 20:05

Platform

win7-20240419-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe"

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

xmrig

miner xmrig

Detects Reflective DLL injection artifacts

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\sOsGVRi.exe N/A
N/A N/A C:\Windows\System\GlGXeLi.exe N/A
N/A N/A C:\Windows\System\ewXloyW.exe N/A
N/A N/A C:\Windows\System\GVMNffg.exe N/A
N/A N/A C:\Windows\System\ZFuLrMm.exe N/A
N/A N/A C:\Windows\System\oIGBlxI.exe N/A
N/A N/A C:\Windows\System\OEhpFtQ.exe N/A
N/A N/A C:\Windows\System\ySICttD.exe N/A
N/A N/A C:\Windows\System\WUQCDSa.exe N/A
N/A N/A C:\Windows\System\IxVVdbi.exe N/A
N/A N/A C:\Windows\System\eTXuBoj.exe N/A
N/A N/A C:\Windows\System\mZuibtF.exe N/A
N/A N/A C:\Windows\System\LBRHxJE.exe N/A
N/A N/A C:\Windows\System\arlEVoq.exe N/A
N/A N/A C:\Windows\System\eDORBjK.exe N/A
N/A N/A C:\Windows\System\vRbfUJO.exe N/A
N/A N/A C:\Windows\System\RzzojxU.exe N/A
N/A N/A C:\Windows\System\kSYiWAL.exe N/A
N/A N/A C:\Windows\System\dGrsLSg.exe N/A
N/A N/A C:\Windows\System\pEKbMaG.exe N/A
N/A N/A C:\Windows\System\QmuuJkG.exe N/A
N/A N/A C:\Windows\System\zQPbYMq.exe N/A
N/A N/A C:\Windows\System\qRgzmcd.exe N/A
N/A N/A C:\Windows\System\hBOKnqN.exe N/A
N/A N/A C:\Windows\System\RhuLCSZ.exe N/A
N/A N/A C:\Windows\System\WiCkkrU.exe N/A
N/A N/A C:\Windows\System\GZvzIms.exe N/A
N/A N/A C:\Windows\System\VHrqJrk.exe N/A
N/A N/A C:\Windows\System\KeQMoLt.exe N/A
N/A N/A C:\Windows\System\ubbdMON.exe N/A
N/A N/A C:\Windows\System\ofADszl.exe N/A
N/A N/A C:\Windows\System\mUSMKoj.exe N/A
N/A N/A C:\Windows\System\JhOTAPY.exe N/A
N/A N/A C:\Windows\System\gVvpVDh.exe N/A
N/A N/A C:\Windows\System\qCPAQqe.exe N/A
N/A N/A C:\Windows\System\LDzmEDt.exe N/A
N/A N/A C:\Windows\System\DWOxIGk.exe N/A
N/A N/A C:\Windows\System\BfLpetp.exe N/A
N/A N/A C:\Windows\System\AuVgmJs.exe N/A
N/A N/A C:\Windows\System\ndxNHtA.exe N/A
N/A N/A C:\Windows\System\PEEEaws.exe N/A
N/A N/A C:\Windows\System\pJTReXO.exe N/A
N/A N/A C:\Windows\System\PrQpSqC.exe N/A
N/A N/A C:\Windows\System\xTgDBvE.exe N/A
N/A N/A C:\Windows\System\jPugjjt.exe N/A
N/A N/A C:\Windows\System\PeAykGY.exe N/A
N/A N/A C:\Windows\System\sfldATk.exe N/A
N/A N/A C:\Windows\System\drratsa.exe N/A
N/A N/A C:\Windows\System\nPbvIRZ.exe N/A
N/A N/A C:\Windows\System\PUaRpVW.exe N/A
N/A N/A C:\Windows\System\pQCtsOe.exe N/A
N/A N/A C:\Windows\System\JDSspqe.exe N/A
N/A N/A C:\Windows\System\LxeMGwd.exe N/A
N/A N/A C:\Windows\System\nTYCrjm.exe N/A
N/A N/A C:\Windows\System\EMvSwQq.exe N/A
N/A N/A C:\Windows\System\gHpFNYD.exe N/A
N/A N/A C:\Windows\System\JvDbxmm.exe N/A
N/A N/A C:\Windows\System\ezMSoUV.exe N/A
N/A N/A C:\Windows\System\yKIZdlp.exe N/A
N/A N/A C:\Windows\System\PAJFbze.exe N/A
N/A N/A C:\Windows\System\NnYptPD.exe N/A
N/A N/A C:\Windows\System\kKVTIXo.exe N/A
N/A N/A C:\Windows\System\lrvWSmJ.exe N/A
N/A N/A C:\Windows\System\lAVvXEq.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\GZvzIms.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rpFBPtp.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\IMHPZZm.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\nQanTxK.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\gifBpMX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TsAlCGp.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\hEZmaRF.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\jcEWgXE.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\OtEaFbd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vDnRuZu.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\iYegKdn.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\zeVTgos.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\LUwJNMK.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\LDzmEDt.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\wCKKeaA.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\oMUnmgJ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kpSoOFS.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\CaSpZqD.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\puwruaa.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\PDPJBye.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\tSjwSRN.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\HBGDxIQ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kMsxoDW.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\HoXIpIq.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\CcHhrND.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\uQnPsPe.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ZHewQSc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\PybYDIP.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\jLsezwH.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\FEjLIEr.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\aVQdCUK.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rUWTBuy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\CLUkROh.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\tWgroOB.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\YfeqLXg.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\FbtkpxV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\SyUjisF.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\foqYMeY.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\GAPiiQX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\scGepEx.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ssZCCDZ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\nylwQft.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\toFwFRS.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\AmRsbRy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\wUvxOWO.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\VcsADRw.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\PnOeysc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rPivCvX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\RdnkJBY.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\AmzYTLc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\sqTUqKs.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vqXmQcj.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\LokwDEl.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\lJjsDoO.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\HZqURvD.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\EEzwqbD.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\mPmMpJn.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\rlQZRlC.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kSCoxAS.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\tKanEjT.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\XhNQjCE.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\xkbhpef.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\NkXseMV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\giBqxCY.exe C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1320 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\GlGXeLi.exe
PID 1320 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\GlGXeLi.exe
PID 1320 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\GlGXeLi.exe
PID 1320 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\sOsGVRi.exe
PID 1320 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\sOsGVRi.exe
PID 1320 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\sOsGVRi.exe
PID 1320 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\ewXloyW.exe
PID 1320 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\ewXloyW.exe
PID 1320 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\ewXloyW.exe
PID 1320 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\GVMNffg.exe
PID 1320 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\GVMNffg.exe
PID 1320 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\GVMNffg.exe
PID 1320 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\ZFuLrMm.exe
PID 1320 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\ZFuLrMm.exe
PID 1320 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\ZFuLrMm.exe
PID 1320 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\oIGBlxI.exe
PID 1320 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\oIGBlxI.exe
PID 1320 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\oIGBlxI.exe
PID 1320 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\OEhpFtQ.exe
PID 1320 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\OEhpFtQ.exe
PID 1320 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\OEhpFtQ.exe
PID 1320 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\ySICttD.exe
PID 1320 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\ySICttD.exe
PID 1320 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\ySICttD.exe
PID 1320 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\WUQCDSa.exe
PID 1320 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\WUQCDSa.exe
PID 1320 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\WUQCDSa.exe
PID 1320 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\IxVVdbi.exe
PID 1320 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\IxVVdbi.exe
PID 1320 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\IxVVdbi.exe
PID 1320 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\eTXuBoj.exe
PID 1320 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\eTXuBoj.exe
PID 1320 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\eTXuBoj.exe
PID 1320 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\mZuibtF.exe
PID 1320 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\mZuibtF.exe
PID 1320 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\mZuibtF.exe
PID 1320 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\LBRHxJE.exe
PID 1320 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\LBRHxJE.exe
PID 1320 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\LBRHxJE.exe
PID 1320 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\arlEVoq.exe
PID 1320 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\arlEVoq.exe
PID 1320 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\arlEVoq.exe
PID 1320 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\eDORBjK.exe
PID 1320 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\eDORBjK.exe
PID 1320 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\eDORBjK.exe
PID 1320 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\vRbfUJO.exe
PID 1320 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\vRbfUJO.exe
PID 1320 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\vRbfUJO.exe
PID 1320 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\RzzojxU.exe
PID 1320 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\RzzojxU.exe
PID 1320 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\RzzojxU.exe
PID 1320 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\kSYiWAL.exe
PID 1320 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\kSYiWAL.exe
PID 1320 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\kSYiWAL.exe
PID 1320 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\dGrsLSg.exe
PID 1320 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\dGrsLSg.exe
PID 1320 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\dGrsLSg.exe
PID 1320 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\pEKbMaG.exe
PID 1320 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\pEKbMaG.exe
PID 1320 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\pEKbMaG.exe
PID 1320 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\QmuuJkG.exe
PID 1320 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\QmuuJkG.exe
PID 1320 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\QmuuJkG.exe
PID 1320 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe C:\Windows\System\zQPbYMq.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe"

C:\Windows\System\GlGXeLi.exe

C:\Windows\System\GlGXeLi.exe

C:\Windows\System\sOsGVRi.exe

C:\Windows\System\sOsGVRi.exe

C:\Windows\System\ewXloyW.exe

C:\Windows\System\ewXloyW.exe

C:\Windows\System\GVMNffg.exe

C:\Windows\System\GVMNffg.exe

C:\Windows\System\ZFuLrMm.exe

C:\Windows\System\ZFuLrMm.exe

C:\Windows\System\oIGBlxI.exe

C:\Windows\System\oIGBlxI.exe

C:\Windows\System\OEhpFtQ.exe

C:\Windows\System\OEhpFtQ.exe

C:\Windows\System\ySICttD.exe

C:\Windows\System\ySICttD.exe

C:\Windows\System\WUQCDSa.exe

C:\Windows\System\WUQCDSa.exe

C:\Windows\System\IxVVdbi.exe

C:\Windows\System\IxVVdbi.exe

C:\Windows\System\eTXuBoj.exe

C:\Windows\System\eTXuBoj.exe

C:\Windows\System\mZuibtF.exe

C:\Windows\System\mZuibtF.exe

C:\Windows\System\LBRHxJE.exe

C:\Windows\System\LBRHxJE.exe

C:\Windows\System\arlEVoq.exe

C:\Windows\System\arlEVoq.exe

C:\Windows\System\eDORBjK.exe

C:\Windows\System\eDORBjK.exe

C:\Windows\System\vRbfUJO.exe

C:\Windows\System\vRbfUJO.exe

C:\Windows\System\RzzojxU.exe

C:\Windows\System\RzzojxU.exe

C:\Windows\System\kSYiWAL.exe

C:\Windows\System\kSYiWAL.exe

C:\Windows\System\dGrsLSg.exe

C:\Windows\System\dGrsLSg.exe

C:\Windows\System\pEKbMaG.exe

C:\Windows\System\pEKbMaG.exe

C:\Windows\System\QmuuJkG.exe

C:\Windows\System\QmuuJkG.exe

C:\Windows\System\zQPbYMq.exe

C:\Windows\System\zQPbYMq.exe

C:\Windows\System\qRgzmcd.exe

C:\Windows\System\qRgzmcd.exe

C:\Windows\System\hBOKnqN.exe

C:\Windows\System\hBOKnqN.exe

C:\Windows\System\RhuLCSZ.exe

C:\Windows\System\RhuLCSZ.exe

C:\Windows\System\WiCkkrU.exe

C:\Windows\System\WiCkkrU.exe

C:\Windows\System\GZvzIms.exe

C:\Windows\System\GZvzIms.exe

C:\Windows\System\VHrqJrk.exe

C:\Windows\System\VHrqJrk.exe

C:\Windows\System\KeQMoLt.exe

C:\Windows\System\KeQMoLt.exe

C:\Windows\System\ubbdMON.exe

C:\Windows\System\ubbdMON.exe

C:\Windows\System\ofADszl.exe

C:\Windows\System\ofADszl.exe

C:\Windows\System\mUSMKoj.exe

C:\Windows\System\mUSMKoj.exe

C:\Windows\System\JhOTAPY.exe

C:\Windows\System\JhOTAPY.exe

C:\Windows\System\gVvpVDh.exe

C:\Windows\System\gVvpVDh.exe

C:\Windows\System\qCPAQqe.exe

C:\Windows\System\qCPAQqe.exe

C:\Windows\System\LDzmEDt.exe

C:\Windows\System\LDzmEDt.exe

C:\Windows\System\DWOxIGk.exe

C:\Windows\System\DWOxIGk.exe

C:\Windows\System\BfLpetp.exe

C:\Windows\System\BfLpetp.exe

C:\Windows\System\AuVgmJs.exe

C:\Windows\System\AuVgmJs.exe

C:\Windows\System\ndxNHtA.exe

C:\Windows\System\ndxNHtA.exe

C:\Windows\System\PEEEaws.exe

C:\Windows\System\PEEEaws.exe

C:\Windows\System\pJTReXO.exe

C:\Windows\System\pJTReXO.exe

C:\Windows\System\PrQpSqC.exe

C:\Windows\System\PrQpSqC.exe

C:\Windows\System\xTgDBvE.exe

C:\Windows\System\xTgDBvE.exe

C:\Windows\System\jPugjjt.exe

C:\Windows\System\jPugjjt.exe

C:\Windows\System\PeAykGY.exe

C:\Windows\System\PeAykGY.exe

C:\Windows\System\sfldATk.exe

C:\Windows\System\sfldATk.exe

C:\Windows\System\drratsa.exe

C:\Windows\System\drratsa.exe

C:\Windows\System\nPbvIRZ.exe

C:\Windows\System\nPbvIRZ.exe

C:\Windows\System\PUaRpVW.exe

C:\Windows\System\PUaRpVW.exe

C:\Windows\System\pQCtsOe.exe

C:\Windows\System\pQCtsOe.exe

C:\Windows\System\JDSspqe.exe

C:\Windows\System\JDSspqe.exe

C:\Windows\System\LxeMGwd.exe

C:\Windows\System\LxeMGwd.exe

C:\Windows\System\nTYCrjm.exe

C:\Windows\System\nTYCrjm.exe

C:\Windows\System\EMvSwQq.exe

C:\Windows\System\EMvSwQq.exe

C:\Windows\System\gHpFNYD.exe

C:\Windows\System\gHpFNYD.exe

C:\Windows\System\JvDbxmm.exe

C:\Windows\System\JvDbxmm.exe

C:\Windows\System\ezMSoUV.exe

C:\Windows\System\ezMSoUV.exe

C:\Windows\System\yKIZdlp.exe

C:\Windows\System\yKIZdlp.exe

C:\Windows\System\PAJFbze.exe

C:\Windows\System\PAJFbze.exe

C:\Windows\System\NnYptPD.exe

C:\Windows\System\NnYptPD.exe

C:\Windows\System\kKVTIXo.exe

C:\Windows\System\kKVTIXo.exe

C:\Windows\System\lrvWSmJ.exe

C:\Windows\System\lrvWSmJ.exe

C:\Windows\System\lAVvXEq.exe

C:\Windows\System\lAVvXEq.exe

C:\Windows\System\KKTxmnk.exe

C:\Windows\System\KKTxmnk.exe

C:\Windows\System\uXYtIEW.exe

C:\Windows\System\uXYtIEW.exe

C:\Windows\System\iXKhcAi.exe

C:\Windows\System\iXKhcAi.exe

C:\Windows\System\OVExUuo.exe

C:\Windows\System\OVExUuo.exe

C:\Windows\System\PKbxPoT.exe

C:\Windows\System\PKbxPoT.exe

C:\Windows\System\wPCQVFx.exe

C:\Windows\System\wPCQVFx.exe

C:\Windows\System\zDyWUYp.exe

C:\Windows\System\zDyWUYp.exe

C:\Windows\System\sBizrBe.exe

C:\Windows\System\sBizrBe.exe

C:\Windows\System\QGbiSWR.exe

C:\Windows\System\QGbiSWR.exe

C:\Windows\System\JJdkbRp.exe

C:\Windows\System\JJdkbRp.exe

C:\Windows\System\uJfRSdf.exe

C:\Windows\System\uJfRSdf.exe

C:\Windows\System\pmOTUPo.exe

C:\Windows\System\pmOTUPo.exe

C:\Windows\System\dQenojE.exe

C:\Windows\System\dQenojE.exe

C:\Windows\System\bWOoaDy.exe

C:\Windows\System\bWOoaDy.exe

C:\Windows\System\axrutkB.exe

C:\Windows\System\axrutkB.exe

C:\Windows\System\vhJYhKT.exe

C:\Windows\System\vhJYhKT.exe

C:\Windows\System\lKzKDJJ.exe

C:\Windows\System\lKzKDJJ.exe

C:\Windows\System\ybsItpT.exe

C:\Windows\System\ybsItpT.exe

C:\Windows\System\unKBmhR.exe

C:\Windows\System\unKBmhR.exe

C:\Windows\System\aFWeXDf.exe

C:\Windows\System\aFWeXDf.exe

C:\Windows\System\qhpxsSl.exe

C:\Windows\System\qhpxsSl.exe

C:\Windows\System\flJuAYK.exe

C:\Windows\System\flJuAYK.exe

C:\Windows\System\ertlaAt.exe

C:\Windows\System\ertlaAt.exe

C:\Windows\System\uEjpGgD.exe

C:\Windows\System\uEjpGgD.exe

C:\Windows\System\HZxAyrs.exe

C:\Windows\System\HZxAyrs.exe

C:\Windows\System\IjmCXpc.exe

C:\Windows\System\IjmCXpc.exe

C:\Windows\System\TsAlCGp.exe

C:\Windows\System\TsAlCGp.exe

C:\Windows\System\hDioITr.exe

C:\Windows\System\hDioITr.exe

C:\Windows\System\Yhlegcg.exe

C:\Windows\System\Yhlegcg.exe

C:\Windows\System\oFYHeWF.exe

C:\Windows\System\oFYHeWF.exe

C:\Windows\System\YHosrtf.exe

C:\Windows\System\YHosrtf.exe

C:\Windows\System\tzanren.exe

C:\Windows\System\tzanren.exe

C:\Windows\System\SDWLmWT.exe

C:\Windows\System\SDWLmWT.exe

C:\Windows\System\sAjPnuf.exe

C:\Windows\System\sAjPnuf.exe

C:\Windows\System\UveEMkc.exe

C:\Windows\System\UveEMkc.exe

C:\Windows\System\rJqUrZx.exe

C:\Windows\System\rJqUrZx.exe

C:\Windows\System\KzdZBUX.exe

C:\Windows\System\KzdZBUX.exe

C:\Windows\System\SUXDnoK.exe

C:\Windows\System\SUXDnoK.exe

C:\Windows\System\XJHSYJn.exe

C:\Windows\System\XJHSYJn.exe

C:\Windows\System\OuHNZcA.exe

C:\Windows\System\OuHNZcA.exe

C:\Windows\System\JxwIRVl.exe

C:\Windows\System\JxwIRVl.exe

C:\Windows\System\NuaVgDI.exe

C:\Windows\System\NuaVgDI.exe

C:\Windows\System\aWbREwV.exe

C:\Windows\System\aWbREwV.exe

C:\Windows\System\zYIgSyk.exe

C:\Windows\System\zYIgSyk.exe

C:\Windows\System\uRMLdBJ.exe

C:\Windows\System\uRMLdBJ.exe

C:\Windows\System\XUbKVFf.exe

C:\Windows\System\XUbKVFf.exe

C:\Windows\System\NeRUGGz.exe

C:\Windows\System\NeRUGGz.exe

C:\Windows\System\MwDRKyO.exe

C:\Windows\System\MwDRKyO.exe

C:\Windows\System\jbefiUK.exe

C:\Windows\System\jbefiUK.exe

C:\Windows\System\DjJHziA.exe

C:\Windows\System\DjJHziA.exe

C:\Windows\System\gfSJegJ.exe

C:\Windows\System\gfSJegJ.exe

C:\Windows\System\bVqIGKQ.exe

C:\Windows\System\bVqIGKQ.exe

C:\Windows\System\AGbVqoY.exe

C:\Windows\System\AGbVqoY.exe

C:\Windows\System\TiistyC.exe

C:\Windows\System\TiistyC.exe

C:\Windows\System\AlNIcNZ.exe

C:\Windows\System\AlNIcNZ.exe

C:\Windows\System\HMrnHOP.exe

C:\Windows\System\HMrnHOP.exe

C:\Windows\System\fuTMlbj.exe

C:\Windows\System\fuTMlbj.exe

C:\Windows\System\kOuhdvA.exe

C:\Windows\System\kOuhdvA.exe

C:\Windows\System\HaDAUzp.exe

C:\Windows\System\HaDAUzp.exe

C:\Windows\System\erCzljG.exe

C:\Windows\System\erCzljG.exe

C:\Windows\System\IhtjMMn.exe

C:\Windows\System\IhtjMMn.exe

C:\Windows\System\lnjMaEr.exe

C:\Windows\System\lnjMaEr.exe

C:\Windows\System\awLRoGM.exe

C:\Windows\System\awLRoGM.exe

C:\Windows\System\TwMDoUN.exe

C:\Windows\System\TwMDoUN.exe

C:\Windows\System\suKTBQf.exe

C:\Windows\System\suKTBQf.exe

C:\Windows\System\AFNrNSe.exe

C:\Windows\System\AFNrNSe.exe

C:\Windows\System\AKlkbmw.exe

C:\Windows\System\AKlkbmw.exe

C:\Windows\System\TxeRNzJ.exe

C:\Windows\System\TxeRNzJ.exe

C:\Windows\System\GjgJZoS.exe

C:\Windows\System\GjgJZoS.exe

C:\Windows\System\mZpcQiq.exe

C:\Windows\System\mZpcQiq.exe

C:\Windows\System\huZjDpS.exe

C:\Windows\System\huZjDpS.exe

C:\Windows\System\BIROjMH.exe

C:\Windows\System\BIROjMH.exe

C:\Windows\System\gGsaEjA.exe

C:\Windows\System\gGsaEjA.exe

C:\Windows\System\OfOEunT.exe

C:\Windows\System\OfOEunT.exe

C:\Windows\System\JsUmhlp.exe

C:\Windows\System\JsUmhlp.exe

C:\Windows\System\fOYsmLq.exe

C:\Windows\System\fOYsmLq.exe

C:\Windows\System\nAoUVsS.exe

C:\Windows\System\nAoUVsS.exe

C:\Windows\System\GseAPwz.exe

C:\Windows\System\GseAPwz.exe

C:\Windows\System\VuXPgSR.exe

C:\Windows\System\VuXPgSR.exe

C:\Windows\System\mWkgMBO.exe

C:\Windows\System\mWkgMBO.exe

C:\Windows\System\CzdxKzb.exe

C:\Windows\System\CzdxKzb.exe

C:\Windows\System\wxLIWuW.exe

C:\Windows\System\wxLIWuW.exe

C:\Windows\System\LtTQvzC.exe

C:\Windows\System\LtTQvzC.exe

C:\Windows\System\lspsKGR.exe

C:\Windows\System\lspsKGR.exe

C:\Windows\System\jiojtAO.exe

C:\Windows\System\jiojtAO.exe

C:\Windows\System\kBDifOn.exe

C:\Windows\System\kBDifOn.exe

C:\Windows\System\lgUIlmf.exe

C:\Windows\System\lgUIlmf.exe

C:\Windows\System\bAJPLiZ.exe

C:\Windows\System\bAJPLiZ.exe

C:\Windows\System\MQiVSuX.exe

C:\Windows\System\MQiVSuX.exe

C:\Windows\System\umkWIGe.exe

C:\Windows\System\umkWIGe.exe

C:\Windows\System\TEROLWs.exe

C:\Windows\System\TEROLWs.exe

C:\Windows\System\iuofOQm.exe

C:\Windows\System\iuofOQm.exe

C:\Windows\System\CmKPNgG.exe

C:\Windows\System\CmKPNgG.exe

C:\Windows\System\YtLsIUC.exe

C:\Windows\System\YtLsIUC.exe

C:\Windows\System\KevNPja.exe

C:\Windows\System\KevNPja.exe

C:\Windows\System\MDrUVvF.exe

C:\Windows\System\MDrUVvF.exe

C:\Windows\System\oBZrkdK.exe

C:\Windows\System\oBZrkdK.exe

C:\Windows\System\QgsEGkL.exe

C:\Windows\System\QgsEGkL.exe

C:\Windows\System\cRKeZJj.exe

C:\Windows\System\cRKeZJj.exe

C:\Windows\System\tukuOgf.exe

C:\Windows\System\tukuOgf.exe

C:\Windows\System\sqcKvFK.exe

C:\Windows\System\sqcKvFK.exe

C:\Windows\System\dnNMQwg.exe

C:\Windows\System\dnNMQwg.exe

C:\Windows\System\QzwnjOa.exe

C:\Windows\System\QzwnjOa.exe

C:\Windows\System\FwKbUzv.exe

C:\Windows\System\FwKbUzv.exe

C:\Windows\System\gFLMzKO.exe

C:\Windows\System\gFLMzKO.exe

C:\Windows\System\eMNWNZp.exe

C:\Windows\System\eMNWNZp.exe

C:\Windows\System\FpHfMav.exe

C:\Windows\System\FpHfMav.exe

C:\Windows\System\fDYqrmS.exe

C:\Windows\System\fDYqrmS.exe

C:\Windows\System\yfTwRGt.exe

C:\Windows\System\yfTwRGt.exe

C:\Windows\System\dmEGemy.exe

C:\Windows\System\dmEGemy.exe

C:\Windows\System\thhHDzb.exe

C:\Windows\System\thhHDzb.exe

C:\Windows\System\cpktWTx.exe

C:\Windows\System\cpktWTx.exe

C:\Windows\System\RqILoMl.exe

C:\Windows\System\RqILoMl.exe

C:\Windows\System\yAqWjWM.exe

C:\Windows\System\yAqWjWM.exe

C:\Windows\System\qAPPOij.exe

C:\Windows\System\qAPPOij.exe

C:\Windows\System\nuwsDnz.exe

C:\Windows\System\nuwsDnz.exe

C:\Windows\System\lvNsILF.exe

C:\Windows\System\lvNsILF.exe

C:\Windows\System\hPjdGnH.exe

C:\Windows\System\hPjdGnH.exe

C:\Windows\System\xayrbrY.exe

C:\Windows\System\xayrbrY.exe

C:\Windows\System\CfFoGTp.exe

C:\Windows\System\CfFoGTp.exe

C:\Windows\System\SVipEKl.exe

C:\Windows\System\SVipEKl.exe

C:\Windows\System\ppubOym.exe

C:\Windows\System\ppubOym.exe

C:\Windows\System\bLyepsD.exe

C:\Windows\System\bLyepsD.exe

C:\Windows\System\WKVSbRw.exe

C:\Windows\System\WKVSbRw.exe

C:\Windows\System\wkbiIkO.exe

C:\Windows\System\wkbiIkO.exe

C:\Windows\System\HTAJkea.exe

C:\Windows\System\HTAJkea.exe

C:\Windows\System\FIEwFke.exe

C:\Windows\System\FIEwFke.exe

C:\Windows\System\CpDlXeT.exe

C:\Windows\System\CpDlXeT.exe

C:\Windows\System\zssuluz.exe

C:\Windows\System\zssuluz.exe

C:\Windows\System\aTqXXbM.exe

C:\Windows\System\aTqXXbM.exe

C:\Windows\System\PbFhbup.exe

C:\Windows\System\PbFhbup.exe

C:\Windows\System\KoXCyAn.exe

C:\Windows\System\KoXCyAn.exe

C:\Windows\System\IiGMMHn.exe

C:\Windows\System\IiGMMHn.exe

C:\Windows\System\yXKDLpI.exe

C:\Windows\System\yXKDLpI.exe

C:\Windows\System\RvgphWw.exe

C:\Windows\System\RvgphWw.exe

C:\Windows\System\qZwfRpn.exe

C:\Windows\System\qZwfRpn.exe

C:\Windows\System\KVoSqOo.exe

C:\Windows\System\KVoSqOo.exe

C:\Windows\System\WWQnzvP.exe

C:\Windows\System\WWQnzvP.exe

C:\Windows\System\gBWRRkn.exe

C:\Windows\System\gBWRRkn.exe

C:\Windows\System\xgcOvAO.exe

C:\Windows\System\xgcOvAO.exe

C:\Windows\System\cWPAgZO.exe

C:\Windows\System\cWPAgZO.exe

C:\Windows\System\jVsooxE.exe

C:\Windows\System\jVsooxE.exe

C:\Windows\System\luGQDqN.exe

C:\Windows\System\luGQDqN.exe

C:\Windows\System\lgTGEXM.exe

C:\Windows\System\lgTGEXM.exe

C:\Windows\System\oAGHWWG.exe

C:\Windows\System\oAGHWWG.exe

C:\Windows\System\BQcnhmb.exe

C:\Windows\System\BQcnhmb.exe

C:\Windows\System\zkwKqht.exe

C:\Windows\System\zkwKqht.exe

C:\Windows\System\pTDWpxU.exe

C:\Windows\System\pTDWpxU.exe

C:\Windows\System\vRIHslO.exe

C:\Windows\System\vRIHslO.exe

C:\Windows\System\HkjRSNY.exe

C:\Windows\System\HkjRSNY.exe

C:\Windows\System\pxyqtxV.exe

C:\Windows\System\pxyqtxV.exe

C:\Windows\System\YZDTVKM.exe

C:\Windows\System\YZDTVKM.exe

C:\Windows\System\aGuzRdf.exe

C:\Windows\System\aGuzRdf.exe

C:\Windows\System\XadgfOM.exe

C:\Windows\System\XadgfOM.exe

C:\Windows\System\iqvNcNS.exe

C:\Windows\System\iqvNcNS.exe

C:\Windows\System\ejEZcGZ.exe

C:\Windows\System\ejEZcGZ.exe

C:\Windows\System\HzsVwor.exe

C:\Windows\System\HzsVwor.exe

C:\Windows\System\BtxRmGU.exe

C:\Windows\System\BtxRmGU.exe

C:\Windows\System\GzQaGTl.exe

C:\Windows\System\GzQaGTl.exe

C:\Windows\System\SZQboHa.exe

C:\Windows\System\SZQboHa.exe

C:\Windows\System\ERCIdmm.exe

C:\Windows\System\ERCIdmm.exe

C:\Windows\System\PeKDjMf.exe

C:\Windows\System\PeKDjMf.exe

C:\Windows\System\FdKWQtS.exe

C:\Windows\System\FdKWQtS.exe

C:\Windows\System\xKAQxXB.exe

C:\Windows\System\xKAQxXB.exe

C:\Windows\System\ZdhOrej.exe

C:\Windows\System\ZdhOrej.exe

C:\Windows\System\RKNqJxz.exe

C:\Windows\System\RKNqJxz.exe

C:\Windows\System\jHsEFIa.exe

C:\Windows\System\jHsEFIa.exe

C:\Windows\System\knuzAwY.exe

C:\Windows\System\knuzAwY.exe

C:\Windows\System\cIMIJlB.exe

C:\Windows\System\cIMIJlB.exe

C:\Windows\System\WHRieHV.exe

C:\Windows\System\WHRieHV.exe

C:\Windows\System\oyrwtvU.exe

C:\Windows\System\oyrwtvU.exe

C:\Windows\System\dmKIkrL.exe

C:\Windows\System\dmKIkrL.exe

C:\Windows\System\ZjSnOST.exe

C:\Windows\System\ZjSnOST.exe

C:\Windows\System\VuPWysm.exe

C:\Windows\System\VuPWysm.exe

C:\Windows\System\iGuyIlz.exe

C:\Windows\System\iGuyIlz.exe

C:\Windows\System\HIiMXbf.exe

C:\Windows\System\HIiMXbf.exe

C:\Windows\System\kAswVFQ.exe

C:\Windows\System\kAswVFQ.exe

C:\Windows\System\WZWPYKT.exe

C:\Windows\System\WZWPYKT.exe

C:\Windows\System\ZRRkDHH.exe

C:\Windows\System\ZRRkDHH.exe

C:\Windows\System\oGBJjpe.exe

C:\Windows\System\oGBJjpe.exe

C:\Windows\System\mybBYBo.exe

C:\Windows\System\mybBYBo.exe

C:\Windows\System\RAejbgF.exe

C:\Windows\System\RAejbgF.exe

C:\Windows\System\MpJVujg.exe

C:\Windows\System\MpJVujg.exe

C:\Windows\System\FmgvjTO.exe

C:\Windows\System\FmgvjTO.exe

C:\Windows\System\HPDCvub.exe

C:\Windows\System\HPDCvub.exe

C:\Windows\System\qGaOlHP.exe

C:\Windows\System\qGaOlHP.exe

C:\Windows\System\SZrOQUF.exe

C:\Windows\System\SZrOQUF.exe

C:\Windows\System\kzaEpzW.exe

C:\Windows\System\kzaEpzW.exe

C:\Windows\System\uoBoGHA.exe

C:\Windows\System\uoBoGHA.exe

C:\Windows\System\XTTLWJW.exe

C:\Windows\System\XTTLWJW.exe

C:\Windows\System\NANfWGG.exe

C:\Windows\System\NANfWGG.exe

C:\Windows\System\gvrOQAv.exe

C:\Windows\System\gvrOQAv.exe

C:\Windows\System\EmJUcKP.exe

C:\Windows\System\EmJUcKP.exe

C:\Windows\System\HLopvLU.exe

C:\Windows\System\HLopvLU.exe

C:\Windows\System\txFcQqZ.exe

C:\Windows\System\txFcQqZ.exe

C:\Windows\System\TSPOiKV.exe

C:\Windows\System\TSPOiKV.exe

C:\Windows\System\RylwldE.exe

C:\Windows\System\RylwldE.exe

C:\Windows\System\TTSXWEn.exe

C:\Windows\System\TTSXWEn.exe

C:\Windows\System\iIFiPtK.exe

C:\Windows\System\iIFiPtK.exe

C:\Windows\System\bvYTZWy.exe

C:\Windows\System\bvYTZWy.exe

C:\Windows\System\VoDuMJY.exe

C:\Windows\System\VoDuMJY.exe

C:\Windows\System\KxGIOiT.exe

C:\Windows\System\KxGIOiT.exe

C:\Windows\System\CSobbqH.exe

C:\Windows\System\CSobbqH.exe

C:\Windows\System\mTcrzdG.exe

C:\Windows\System\mTcrzdG.exe

C:\Windows\System\sYTKENe.exe

C:\Windows\System\sYTKENe.exe

C:\Windows\System\GdNhYbu.exe

C:\Windows\System\GdNhYbu.exe

C:\Windows\System\DxLuSWK.exe

C:\Windows\System\DxLuSWK.exe

C:\Windows\System\YjDleJB.exe

C:\Windows\System\YjDleJB.exe

C:\Windows\System\hIReFBV.exe

C:\Windows\System\hIReFBV.exe

C:\Windows\System\HktHBhk.exe

C:\Windows\System\HktHBhk.exe

C:\Windows\System\zAaFGlG.exe

C:\Windows\System\zAaFGlG.exe

C:\Windows\System\jIfYTmg.exe

C:\Windows\System\jIfYTmg.exe

C:\Windows\System\skpZEhl.exe

C:\Windows\System\skpZEhl.exe

C:\Windows\System\filBQoa.exe

C:\Windows\System\filBQoa.exe

C:\Windows\System\jsPFzpn.exe

C:\Windows\System\jsPFzpn.exe

C:\Windows\System\hffUNaz.exe

C:\Windows\System\hffUNaz.exe

C:\Windows\System\qvEwfyE.exe

C:\Windows\System\qvEwfyE.exe

C:\Windows\System\sfgZXZj.exe

C:\Windows\System\sfgZXZj.exe

C:\Windows\System\KRVGMXn.exe

C:\Windows\System\KRVGMXn.exe

C:\Windows\System\jcjoBpJ.exe

C:\Windows\System\jcjoBpJ.exe

C:\Windows\System\PqzeJSC.exe

C:\Windows\System\PqzeJSC.exe

C:\Windows\System\gMKGnqK.exe

C:\Windows\System\gMKGnqK.exe

C:\Windows\System\XwzvMYh.exe

C:\Windows\System\XwzvMYh.exe

C:\Windows\System\nHatqGF.exe

C:\Windows\System\nHatqGF.exe

C:\Windows\System\OkuMCQu.exe

C:\Windows\System\OkuMCQu.exe

C:\Windows\System\KkAIiso.exe

C:\Windows\System\KkAIiso.exe

C:\Windows\System\BlLscor.exe

C:\Windows\System\BlLscor.exe

C:\Windows\System\SKHLfUH.exe

C:\Windows\System\SKHLfUH.exe

C:\Windows\System\fWWTxRC.exe

C:\Windows\System\fWWTxRC.exe

C:\Windows\System\LglniPO.exe

C:\Windows\System\LglniPO.exe

C:\Windows\System\rUmibsn.exe

C:\Windows\System\rUmibsn.exe

C:\Windows\System\aUDqHck.exe

C:\Windows\System\aUDqHck.exe

C:\Windows\System\aOEArtr.exe

C:\Windows\System\aOEArtr.exe

C:\Windows\System\OwOgCIg.exe

C:\Windows\System\OwOgCIg.exe

C:\Windows\System\eQPKcmr.exe

C:\Windows\System\eQPKcmr.exe

C:\Windows\System\IzCFkGm.exe

C:\Windows\System\IzCFkGm.exe

C:\Windows\System\jsOcBlj.exe

C:\Windows\System\jsOcBlj.exe

C:\Windows\System\SaCLDvi.exe

C:\Windows\System\SaCLDvi.exe

C:\Windows\System\APryAdI.exe

C:\Windows\System\APryAdI.exe

C:\Windows\System\dncJGSr.exe

C:\Windows\System\dncJGSr.exe

C:\Windows\System\ZyWEBvP.exe

C:\Windows\System\ZyWEBvP.exe

C:\Windows\System\cAAXfhR.exe

C:\Windows\System\cAAXfhR.exe

C:\Windows\System\rkDGSLO.exe

C:\Windows\System\rkDGSLO.exe

C:\Windows\System\SdVlvAp.exe

C:\Windows\System\SdVlvAp.exe

C:\Windows\System\mKGUhfu.exe

C:\Windows\System\mKGUhfu.exe

C:\Windows\System\KgkkzGD.exe

C:\Windows\System\KgkkzGD.exe

C:\Windows\System\BQrkJrl.exe

C:\Windows\System\BQrkJrl.exe

C:\Windows\System\TrHQWPq.exe

C:\Windows\System\TrHQWPq.exe

C:\Windows\System\ekSsdYq.exe

C:\Windows\System\ekSsdYq.exe

C:\Windows\System\nTbsCwm.exe

C:\Windows\System\nTbsCwm.exe

C:\Windows\System\hQLUcEZ.exe

C:\Windows\System\hQLUcEZ.exe

C:\Windows\System\YHuvGvM.exe

C:\Windows\System\YHuvGvM.exe

C:\Windows\System\xZcbldk.exe

C:\Windows\System\xZcbldk.exe

C:\Windows\System\NBVsDVP.exe

C:\Windows\System\NBVsDVP.exe

C:\Windows\System\PesnSpu.exe

C:\Windows\System\PesnSpu.exe

C:\Windows\System\tSjwSRN.exe

C:\Windows\System\tSjwSRN.exe

C:\Windows\System\yHADiuo.exe

C:\Windows\System\yHADiuo.exe

C:\Windows\System\oUGZoXv.exe

C:\Windows\System\oUGZoXv.exe

C:\Windows\System\LcipAIc.exe

C:\Windows\System\LcipAIc.exe

C:\Windows\System\lXVLmWs.exe

C:\Windows\System\lXVLmWs.exe

C:\Windows\System\ibwPDyG.exe

C:\Windows\System\ibwPDyG.exe

C:\Windows\System\lnxHURi.exe

C:\Windows\System\lnxHURi.exe

C:\Windows\System\FvsINZh.exe

C:\Windows\System\FvsINZh.exe

C:\Windows\System\DihMqWb.exe

C:\Windows\System\DihMqWb.exe

C:\Windows\System\magWpey.exe

C:\Windows\System\magWpey.exe

C:\Windows\System\NCBvWFg.exe

C:\Windows\System\NCBvWFg.exe

C:\Windows\System\YpDWbHp.exe

C:\Windows\System\YpDWbHp.exe

C:\Windows\System\ckFNHQX.exe

C:\Windows\System\ckFNHQX.exe

C:\Windows\System\FAPDiQc.exe

C:\Windows\System\FAPDiQc.exe

C:\Windows\System\aNBRoLZ.exe

C:\Windows\System\aNBRoLZ.exe

C:\Windows\System\urWjwIH.exe

C:\Windows\System\urWjwIH.exe

C:\Windows\System\uUkTWyo.exe

C:\Windows\System\uUkTWyo.exe

C:\Windows\System\iCboPmB.exe

C:\Windows\System\iCboPmB.exe

C:\Windows\System\jVyCrkn.exe

C:\Windows\System\jVyCrkn.exe

C:\Windows\System\jaEPfcO.exe

C:\Windows\System\jaEPfcO.exe

C:\Windows\System\aZOnRQI.exe

C:\Windows\System\aZOnRQI.exe

C:\Windows\System\cIDCikb.exe

C:\Windows\System\cIDCikb.exe

C:\Windows\System\pkrJGFs.exe

C:\Windows\System\pkrJGFs.exe

C:\Windows\System\aiqXWWu.exe

C:\Windows\System\aiqXWWu.exe

C:\Windows\System\VuigelE.exe

C:\Windows\System\VuigelE.exe

C:\Windows\System\bUBhFAF.exe

C:\Windows\System\bUBhFAF.exe

C:\Windows\System\gRTbksK.exe

C:\Windows\System\gRTbksK.exe

C:\Windows\System\RAcFJEi.exe

C:\Windows\System\RAcFJEi.exe

C:\Windows\System\pwVbiZG.exe

C:\Windows\System\pwVbiZG.exe

C:\Windows\System\bCWcrUH.exe

C:\Windows\System\bCWcrUH.exe

C:\Windows\System\AWVYkLZ.exe

C:\Windows\System\AWVYkLZ.exe

C:\Windows\System\ewmJOGm.exe

C:\Windows\System\ewmJOGm.exe

C:\Windows\System\pvhQxhP.exe

C:\Windows\System\pvhQxhP.exe

C:\Windows\System\tjFtCHv.exe

C:\Windows\System\tjFtCHv.exe

C:\Windows\System\ZcPPKTV.exe

C:\Windows\System\ZcPPKTV.exe

C:\Windows\System\MjQkGyP.exe

C:\Windows\System\MjQkGyP.exe

C:\Windows\System\pcpJdry.exe

C:\Windows\System\pcpJdry.exe

C:\Windows\System\wvDbAcs.exe

C:\Windows\System\wvDbAcs.exe

C:\Windows\System\KOvRCSx.exe

C:\Windows\System\KOvRCSx.exe

C:\Windows\System\cPLQMYY.exe

C:\Windows\System\cPLQMYY.exe

C:\Windows\System\odoergX.exe

C:\Windows\System\odoergX.exe

C:\Windows\System\ufHpEer.exe

C:\Windows\System\ufHpEer.exe

C:\Windows\System\hxHQXMJ.exe

C:\Windows\System\hxHQXMJ.exe

C:\Windows\System\MnMbABF.exe

C:\Windows\System\MnMbABF.exe

C:\Windows\System\hEJvkll.exe

C:\Windows\System\hEJvkll.exe

C:\Windows\System\FayjiIL.exe

C:\Windows\System\FayjiIL.exe

C:\Windows\System\RxXLGrP.exe

C:\Windows\System\RxXLGrP.exe

C:\Windows\System\JzCdZBW.exe

C:\Windows\System\JzCdZBW.exe

C:\Windows\System\HkvQGIK.exe

C:\Windows\System\HkvQGIK.exe

C:\Windows\System\ICXlKDg.exe

C:\Windows\System\ICXlKDg.exe

C:\Windows\System\HYxckil.exe

C:\Windows\System\HYxckil.exe

C:\Windows\System\gsRHOmr.exe

C:\Windows\System\gsRHOmr.exe

C:\Windows\System\DUzuXdy.exe

C:\Windows\System\DUzuXdy.exe

C:\Windows\System\enCxvTT.exe

C:\Windows\System\enCxvTT.exe

C:\Windows\System\lXpCHyG.exe

C:\Windows\System\lXpCHyG.exe

C:\Windows\System\HuMHnlf.exe

C:\Windows\System\HuMHnlf.exe

C:\Windows\System\tFoXmVc.exe

C:\Windows\System\tFoXmVc.exe

C:\Windows\System\isZVjuJ.exe

C:\Windows\System\isZVjuJ.exe

C:\Windows\System\LeMztkQ.exe

C:\Windows\System\LeMztkQ.exe

C:\Windows\System\QppoCDD.exe

C:\Windows\System\QppoCDD.exe

C:\Windows\System\BPFOHIP.exe

C:\Windows\System\BPFOHIP.exe

C:\Windows\System\LLYZTWr.exe

C:\Windows\System\LLYZTWr.exe

C:\Windows\System\AzGCHzc.exe

C:\Windows\System\AzGCHzc.exe

C:\Windows\System\jINiaCP.exe

C:\Windows\System\jINiaCP.exe

C:\Windows\System\CeQpalr.exe

C:\Windows\System\CeQpalr.exe

C:\Windows\System\mkyqhUp.exe

C:\Windows\System\mkyqhUp.exe

C:\Windows\System\AmJTDtZ.exe

C:\Windows\System\AmJTDtZ.exe

C:\Windows\System\MxcURml.exe

C:\Windows\System\MxcURml.exe

C:\Windows\System\YLuvGnn.exe

C:\Windows\System\YLuvGnn.exe

C:\Windows\System\HJksLnI.exe

C:\Windows\System\HJksLnI.exe

C:\Windows\System\RtmzWnu.exe

C:\Windows\System\RtmzWnu.exe

C:\Windows\System\VaDGKip.exe

C:\Windows\System\VaDGKip.exe

C:\Windows\System\bKSIZJn.exe

C:\Windows\System\bKSIZJn.exe

C:\Windows\System\JWYLiHj.exe

C:\Windows\System\JWYLiHj.exe

C:\Windows\System\twYMEjV.exe

C:\Windows\System\twYMEjV.exe

C:\Windows\System\OwvMcgm.exe

C:\Windows\System\OwvMcgm.exe

C:\Windows\System\AsuPDIA.exe

C:\Windows\System\AsuPDIA.exe

C:\Windows\System\FgwtZCY.exe

C:\Windows\System\FgwtZCY.exe

C:\Windows\System\vHrKEkQ.exe

C:\Windows\System\vHrKEkQ.exe

C:\Windows\System\bhBFirB.exe

C:\Windows\System\bhBFirB.exe

C:\Windows\System\cdtbDJC.exe

C:\Windows\System\cdtbDJC.exe

C:\Windows\System\SAsTRgK.exe

C:\Windows\System\SAsTRgK.exe

C:\Windows\System\EIRmmhU.exe

C:\Windows\System\EIRmmhU.exe

C:\Windows\System\qUzHrTR.exe

C:\Windows\System\qUzHrTR.exe

C:\Windows\System\klwyObQ.exe

C:\Windows\System\klwyObQ.exe

C:\Windows\System\wKdENmX.exe

C:\Windows\System\wKdENmX.exe

C:\Windows\System\FoLRkEk.exe

C:\Windows\System\FoLRkEk.exe

C:\Windows\System\PEoeoYq.exe

C:\Windows\System\PEoeoYq.exe

C:\Windows\System\prnXmnf.exe

C:\Windows\System\prnXmnf.exe

C:\Windows\System\eEpnPeD.exe

C:\Windows\System\eEpnPeD.exe

C:\Windows\System\oNCUohr.exe

C:\Windows\System\oNCUohr.exe

C:\Windows\System\ThsOMow.exe

C:\Windows\System\ThsOMow.exe

C:\Windows\System\BnFePDA.exe

C:\Windows\System\BnFePDA.exe

C:\Windows\System\HfOpTML.exe

C:\Windows\System\HfOpTML.exe

C:\Windows\System\ajTGtNI.exe

C:\Windows\System\ajTGtNI.exe

C:\Windows\System\CIvSsRv.exe

C:\Windows\System\CIvSsRv.exe

C:\Windows\System\uvkGxSA.exe

C:\Windows\System\uvkGxSA.exe

C:\Windows\System\ihaOWgR.exe

C:\Windows\System\ihaOWgR.exe

C:\Windows\System\DcSgTBM.exe

C:\Windows\System\DcSgTBM.exe

C:\Windows\System\HaqqCMl.exe

C:\Windows\System\HaqqCMl.exe

C:\Windows\System\uaNoSGa.exe

C:\Windows\System\uaNoSGa.exe

C:\Windows\System\sKyNpyt.exe

C:\Windows\System\sKyNpyt.exe

C:\Windows\System\bqDHaTu.exe

C:\Windows\System\bqDHaTu.exe

C:\Windows\System\IpzOByS.exe

C:\Windows\System\IpzOByS.exe

C:\Windows\System\mYhRgrQ.exe

C:\Windows\System\mYhRgrQ.exe

C:\Windows\System\XQUFFgr.exe

C:\Windows\System\XQUFFgr.exe

C:\Windows\System\AIJvuok.exe

C:\Windows\System\AIJvuok.exe

C:\Windows\System\RPKOrXl.exe

C:\Windows\System\RPKOrXl.exe

C:\Windows\System\UwTtMig.exe

C:\Windows\System\UwTtMig.exe

C:\Windows\System\vpHAcJd.exe

C:\Windows\System\vpHAcJd.exe

C:\Windows\System\xnCAicd.exe

C:\Windows\System\xnCAicd.exe

C:\Windows\System\iafFkqE.exe

C:\Windows\System\iafFkqE.exe

C:\Windows\System\ZeyNEmL.exe

C:\Windows\System\ZeyNEmL.exe

C:\Windows\System\IpPuyHg.exe

C:\Windows\System\IpPuyHg.exe

C:\Windows\System\JhEwivQ.exe

C:\Windows\System\JhEwivQ.exe

C:\Windows\System\NZYOggv.exe

C:\Windows\System\NZYOggv.exe

C:\Windows\System\NBIiGGr.exe

C:\Windows\System\NBIiGGr.exe

C:\Windows\System\ldTJrfb.exe

C:\Windows\System\ldTJrfb.exe

C:\Windows\System\ZNskvHp.exe

C:\Windows\System\ZNskvHp.exe

C:\Windows\System\nPryJQl.exe

C:\Windows\System\nPryJQl.exe

C:\Windows\System\PcAYsHR.exe

C:\Windows\System\PcAYsHR.exe

C:\Windows\System\wfifdBy.exe

C:\Windows\System\wfifdBy.exe

C:\Windows\System\fGaNBbE.exe

C:\Windows\System\fGaNBbE.exe

C:\Windows\System\SSHDiUQ.exe

C:\Windows\System\SSHDiUQ.exe

C:\Windows\System\MJfdTaz.exe

C:\Windows\System\MJfdTaz.exe

C:\Windows\System\RXkZVPY.exe

C:\Windows\System\RXkZVPY.exe

C:\Windows\System\BYpvoJW.exe

C:\Windows\System\BYpvoJW.exe

C:\Windows\System\kESKRIF.exe

C:\Windows\System\kESKRIF.exe

C:\Windows\System\zTavTUD.exe

C:\Windows\System\zTavTUD.exe

C:\Windows\System\srbBLLb.exe

C:\Windows\System\srbBLLb.exe

C:\Windows\System\daxPvzy.exe

C:\Windows\System\daxPvzy.exe

C:\Windows\System\ViLhLrM.exe

C:\Windows\System\ViLhLrM.exe

C:\Windows\System\OqGMFcf.exe

C:\Windows\System\OqGMFcf.exe

C:\Windows\System\LdsXNao.exe

C:\Windows\System\LdsXNao.exe

C:\Windows\System\rbWTcCr.exe

C:\Windows\System\rbWTcCr.exe

C:\Windows\System\gQDIbMp.exe

C:\Windows\System\gQDIbMp.exe

C:\Windows\System\efoRVsK.exe

C:\Windows\System\efoRVsK.exe

C:\Windows\System\FmPkLme.exe

C:\Windows\System\FmPkLme.exe

C:\Windows\System\bTQkgEQ.exe

C:\Windows\System\bTQkgEQ.exe

C:\Windows\System\PhfcXLK.exe

C:\Windows\System\PhfcXLK.exe

C:\Windows\System\RvZhzmS.exe

C:\Windows\System\RvZhzmS.exe

C:\Windows\System\sCZNLvg.exe

C:\Windows\System\sCZNLvg.exe

C:\Windows\System\rgYmfeI.exe

C:\Windows\System\rgYmfeI.exe

C:\Windows\System\Olimjfc.exe

C:\Windows\System\Olimjfc.exe

C:\Windows\System\GAPiiQX.exe

C:\Windows\System\GAPiiQX.exe

C:\Windows\System\jhTmDPH.exe

C:\Windows\System\jhTmDPH.exe

C:\Windows\System\gPkVLxQ.exe

C:\Windows\System\gPkVLxQ.exe

C:\Windows\System\FYKhMhG.exe

C:\Windows\System\FYKhMhG.exe

C:\Windows\System\WMIsULR.exe

C:\Windows\System\WMIsULR.exe

C:\Windows\System\rQHgOTa.exe

C:\Windows\System\rQHgOTa.exe

C:\Windows\System\uYRtaHL.exe

C:\Windows\System\uYRtaHL.exe

C:\Windows\System\uIolakv.exe

C:\Windows\System\uIolakv.exe

C:\Windows\System\oMUnmgJ.exe

C:\Windows\System\oMUnmgJ.exe

C:\Windows\System\HavotSx.exe

C:\Windows\System\HavotSx.exe

C:\Windows\System\UNuTxWb.exe

C:\Windows\System\UNuTxWb.exe

C:\Windows\System\tTtiAjs.exe

C:\Windows\System\tTtiAjs.exe

C:\Windows\System\rZMBPZe.exe

C:\Windows\System\rZMBPZe.exe

C:\Windows\System\DZGwdYG.exe

C:\Windows\System\DZGwdYG.exe

C:\Windows\System\OEUvVYx.exe

C:\Windows\System\OEUvVYx.exe

C:\Windows\System\oKOEWtZ.exe

C:\Windows\System\oKOEWtZ.exe

C:\Windows\System\qBcKwLb.exe

C:\Windows\System\qBcKwLb.exe

C:\Windows\System\wOqPCxX.exe

C:\Windows\System\wOqPCxX.exe

C:\Windows\System\xeCrvzu.exe

C:\Windows\System\xeCrvzu.exe

C:\Windows\System\SqhyfcG.exe

C:\Windows\System\SqhyfcG.exe

C:\Windows\System\wzsPvaL.exe

C:\Windows\System\wzsPvaL.exe

C:\Windows\System\EKANsfl.exe

C:\Windows\System\EKANsfl.exe

C:\Windows\System\WFCBBQb.exe

C:\Windows\System\WFCBBQb.exe

C:\Windows\System\xqRQuMR.exe

C:\Windows\System\xqRQuMR.exe

C:\Windows\System\DUrCEpg.exe

C:\Windows\System\DUrCEpg.exe

C:\Windows\System\Cbcihwc.exe

C:\Windows\System\Cbcihwc.exe

C:\Windows\System\XznXCKb.exe

C:\Windows\System\XznXCKb.exe

C:\Windows\System\OhdPGgU.exe

C:\Windows\System\OhdPGgU.exe

C:\Windows\System\cncDngo.exe

C:\Windows\System\cncDngo.exe

C:\Windows\System\FqVocmt.exe

C:\Windows\System\FqVocmt.exe

C:\Windows\System\HoJNhXj.exe

C:\Windows\System\HoJNhXj.exe

C:\Windows\System\WYApkNT.exe

C:\Windows\System\WYApkNT.exe

C:\Windows\System\jRKZguD.exe

C:\Windows\System\jRKZguD.exe

C:\Windows\System\CgGXhxu.exe

C:\Windows\System\CgGXhxu.exe

C:\Windows\System\PDrSqLd.exe

C:\Windows\System\PDrSqLd.exe

C:\Windows\System\eHgbcRe.exe

C:\Windows\System\eHgbcRe.exe

C:\Windows\System\kiYPNVQ.exe

C:\Windows\System\kiYPNVQ.exe

C:\Windows\System\oIkuNWt.exe

C:\Windows\System\oIkuNWt.exe

C:\Windows\System\bOiqewu.exe

C:\Windows\System\bOiqewu.exe

C:\Windows\System\UrZNiYo.exe

C:\Windows\System\UrZNiYo.exe

C:\Windows\System\MEOLwDN.exe

C:\Windows\System\MEOLwDN.exe

C:\Windows\System\PRdgWWa.exe

C:\Windows\System\PRdgWWa.exe

C:\Windows\System\jfoZztr.exe

C:\Windows\System\jfoZztr.exe

C:\Windows\System\ctOPntM.exe

C:\Windows\System\ctOPntM.exe

C:\Windows\System\RHrMElA.exe

C:\Windows\System\RHrMElA.exe

C:\Windows\System\CTVneWB.exe

C:\Windows\System\CTVneWB.exe

C:\Windows\System\QAHJIhw.exe

C:\Windows\System\QAHJIhw.exe

C:\Windows\System\ToBVRKr.exe

C:\Windows\System\ToBVRKr.exe

C:\Windows\System\TesMaTp.exe

C:\Windows\System\TesMaTp.exe

C:\Windows\System\XtuYkfy.exe

C:\Windows\System\XtuYkfy.exe

C:\Windows\System\seVNewl.exe

C:\Windows\System\seVNewl.exe

C:\Windows\System\SFOBrXn.exe

C:\Windows\System\SFOBrXn.exe

C:\Windows\System\xVoFUvA.exe

C:\Windows\System\xVoFUvA.exe

C:\Windows\System\jBxQAhr.exe

C:\Windows\System\jBxQAhr.exe

C:\Windows\System\TwQvlSI.exe

C:\Windows\System\TwQvlSI.exe

C:\Windows\System\HVfeXrK.exe

C:\Windows\System\HVfeXrK.exe

C:\Windows\System\NRntTJn.exe

C:\Windows\System\NRntTJn.exe

C:\Windows\System\zNMoLuV.exe

C:\Windows\System\zNMoLuV.exe

C:\Windows\System\CMBNBbp.exe

C:\Windows\System\CMBNBbp.exe

C:\Windows\System\YzgeAiA.exe

C:\Windows\System\YzgeAiA.exe

C:\Windows\System\oqHvCEY.exe

C:\Windows\System\oqHvCEY.exe

C:\Windows\System\slXUljt.exe

C:\Windows\System\slXUljt.exe

C:\Windows\System\ABwDWht.exe

C:\Windows\System\ABwDWht.exe

C:\Windows\System\yxpolwX.exe

C:\Windows\System\yxpolwX.exe

C:\Windows\System\nLJKeee.exe

C:\Windows\System\nLJKeee.exe

C:\Windows\System\uyRRVrt.exe

C:\Windows\System\uyRRVrt.exe

C:\Windows\System\bILGqlv.exe

C:\Windows\System\bILGqlv.exe

C:\Windows\System\IkmFCqi.exe

C:\Windows\System\IkmFCqi.exe

C:\Windows\System\nqvzAoz.exe

C:\Windows\System\nqvzAoz.exe

C:\Windows\System\qcLjBPf.exe

C:\Windows\System\qcLjBPf.exe

C:\Windows\System\dLOFzvg.exe

C:\Windows\System\dLOFzvg.exe

C:\Windows\System\qcgYXos.exe

C:\Windows\System\qcgYXos.exe

C:\Windows\System\zHapNES.exe

C:\Windows\System\zHapNES.exe

C:\Windows\System\dwcmuwp.exe

C:\Windows\System\dwcmuwp.exe

C:\Windows\System\XrjkrVR.exe

C:\Windows\System\XrjkrVR.exe

C:\Windows\System\jniTKCP.exe

C:\Windows\System\jniTKCP.exe

C:\Windows\System\CfdcXZg.exe

C:\Windows\System\CfdcXZg.exe

C:\Windows\System\CYrNIzs.exe

C:\Windows\System\CYrNIzs.exe

C:\Windows\System\XXTFhkV.exe

C:\Windows\System\XXTFhkV.exe

C:\Windows\System\ArFSPrL.exe

C:\Windows\System\ArFSPrL.exe

C:\Windows\System\iUFPUPF.exe

C:\Windows\System\iUFPUPF.exe

C:\Windows\System\NaYQhMe.exe

C:\Windows\System\NaYQhMe.exe

C:\Windows\System\CRbdcLi.exe

C:\Windows\System\CRbdcLi.exe

C:\Windows\System\NPopqQS.exe

C:\Windows\System\NPopqQS.exe

C:\Windows\System\wTqGUwk.exe

C:\Windows\System\wTqGUwk.exe

C:\Windows\System\YDMnsTn.exe

C:\Windows\System\YDMnsTn.exe

C:\Windows\System\OgoTYTE.exe

C:\Windows\System\OgoTYTE.exe

C:\Windows\System\vDyyOkw.exe

C:\Windows\System\vDyyOkw.exe

C:\Windows\System\MJekguK.exe

C:\Windows\System\MJekguK.exe

C:\Windows\System\DqTDRoN.exe

C:\Windows\System\DqTDRoN.exe

C:\Windows\System\NIiusMw.exe

C:\Windows\System\NIiusMw.exe

C:\Windows\System\bbcCglS.exe

C:\Windows\System\bbcCglS.exe

C:\Windows\System\iRvZeGV.exe

C:\Windows\System\iRvZeGV.exe

C:\Windows\System\WTLKqKk.exe

C:\Windows\System\WTLKqKk.exe

C:\Windows\System\LQlWTqG.exe

C:\Windows\System\LQlWTqG.exe

C:\Windows\System\bhOMGEf.exe

C:\Windows\System\bhOMGEf.exe

C:\Windows\System\gynGpWC.exe

C:\Windows\System\gynGpWC.exe

C:\Windows\System\eWLAFUU.exe

C:\Windows\System\eWLAFUU.exe

C:\Windows\System\IObuviF.exe

C:\Windows\System\IObuviF.exe

C:\Windows\System\GfRSqWX.exe

C:\Windows\System\GfRSqWX.exe

C:\Windows\System\OOugQxz.exe

C:\Windows\System\OOugQxz.exe

C:\Windows\System\HYRGpgZ.exe

C:\Windows\System\HYRGpgZ.exe

C:\Windows\System\PmeYhXC.exe

C:\Windows\System\PmeYhXC.exe

C:\Windows\System\nDpQYxv.exe

C:\Windows\System\nDpQYxv.exe

C:\Windows\System\JVYtNzf.exe

C:\Windows\System\JVYtNzf.exe

C:\Windows\System\wHbmLgM.exe

C:\Windows\System\wHbmLgM.exe

C:\Windows\System\aBfzGXR.exe

C:\Windows\System\aBfzGXR.exe

C:\Windows\System\GlpuKhS.exe

C:\Windows\System\GlpuKhS.exe

C:\Windows\System\ngubbVR.exe

C:\Windows\System\ngubbVR.exe

C:\Windows\System\fRGTQFX.exe

C:\Windows\System\fRGTQFX.exe

C:\Windows\System\IXQnLOY.exe

C:\Windows\System\IXQnLOY.exe

C:\Windows\System\bbOFoOh.exe

C:\Windows\System\bbOFoOh.exe

C:\Windows\System\zxDbfUP.exe

C:\Windows\System\zxDbfUP.exe

C:\Windows\System\gzgjpYd.exe

C:\Windows\System\gzgjpYd.exe

C:\Windows\System\IrWCScy.exe

C:\Windows\System\IrWCScy.exe

C:\Windows\System\ukBnFSQ.exe

C:\Windows\System\ukBnFSQ.exe

C:\Windows\System\BytCuvB.exe

C:\Windows\System\BytCuvB.exe

C:\Windows\System\vDDzBHs.exe

C:\Windows\System\vDDzBHs.exe

C:\Windows\System\wghfqzq.exe

C:\Windows\System\wghfqzq.exe

C:\Windows\System\BZVEDfs.exe

C:\Windows\System\BZVEDfs.exe

C:\Windows\System\kBKbnSf.exe

C:\Windows\System\kBKbnSf.exe

C:\Windows\System\GAUZrHI.exe

C:\Windows\System\GAUZrHI.exe

C:\Windows\System\EBGFsrC.exe

C:\Windows\System\EBGFsrC.exe

C:\Windows\System\wmFmCsN.exe

C:\Windows\System\wmFmCsN.exe

C:\Windows\System\pYbRMjM.exe

C:\Windows\System\pYbRMjM.exe

C:\Windows\System\GBpleiG.exe

C:\Windows\System\GBpleiG.exe

C:\Windows\System\ChaIhha.exe

C:\Windows\System\ChaIhha.exe

C:\Windows\System\wYPedOX.exe

C:\Windows\System\wYPedOX.exe

C:\Windows\System\wkIQpAs.exe

C:\Windows\System\wkIQpAs.exe

C:\Windows\System\eVNEydj.exe

C:\Windows\System\eVNEydj.exe

C:\Windows\System\iuLpyIc.exe

C:\Windows\System\iuLpyIc.exe

C:\Windows\System\iaPreyR.exe

C:\Windows\System\iaPreyR.exe

C:\Windows\System\hUFiFnO.exe

C:\Windows\System\hUFiFnO.exe

C:\Windows\System\YFTExrz.exe

C:\Windows\System\YFTExrz.exe

C:\Windows\System\JhCBXJp.exe

C:\Windows\System\JhCBXJp.exe

C:\Windows\System\ofVrwOV.exe

C:\Windows\System\ofVrwOV.exe

C:\Windows\System\RmUKFcS.exe

C:\Windows\System\RmUKFcS.exe

C:\Windows\System\FtkAHuY.exe

C:\Windows\System\FtkAHuY.exe

C:\Windows\System\WhZffEm.exe

C:\Windows\System\WhZffEm.exe

C:\Windows\System\ArfvygF.exe

C:\Windows\System\ArfvygF.exe

C:\Windows\System\vLJnvdc.exe

C:\Windows\System\vLJnvdc.exe

C:\Windows\System\xwhxthQ.exe

C:\Windows\System\xwhxthQ.exe

C:\Windows\System\uqtXMyz.exe

C:\Windows\System\uqtXMyz.exe

C:\Windows\System\ZYhMflq.exe

C:\Windows\System\ZYhMflq.exe

C:\Windows\System\WEyDJCG.exe

C:\Windows\System\WEyDJCG.exe

C:\Windows\System\idFBcrS.exe

C:\Windows\System\idFBcrS.exe

C:\Windows\System\MVIdzyJ.exe

C:\Windows\System\MVIdzyJ.exe

C:\Windows\System\zRsajPE.exe

C:\Windows\System\zRsajPE.exe

C:\Windows\System\ZWKFgWh.exe

C:\Windows\System\ZWKFgWh.exe

C:\Windows\System\YVYHxrL.exe

C:\Windows\System\YVYHxrL.exe

C:\Windows\System\AGEyyHv.exe

C:\Windows\System\AGEyyHv.exe

C:\Windows\System\UbloCZg.exe

C:\Windows\System\UbloCZg.exe

C:\Windows\System\dzaRfek.exe

C:\Windows\System\dzaRfek.exe

C:\Windows\System\VzoUtiD.exe

C:\Windows\System\VzoUtiD.exe

C:\Windows\System\LWqesUD.exe

C:\Windows\System\LWqesUD.exe

C:\Windows\System\PPMrHcq.exe

C:\Windows\System\PPMrHcq.exe

C:\Windows\System\FWRwNCn.exe

C:\Windows\System\FWRwNCn.exe

C:\Windows\System\GOGhpti.exe

C:\Windows\System\GOGhpti.exe

C:\Windows\System\xHtTWjy.exe

C:\Windows\System\xHtTWjy.exe

C:\Windows\System\mlQolNb.exe

C:\Windows\System\mlQolNb.exe

C:\Windows\System\YbcaIsD.exe

C:\Windows\System\YbcaIsD.exe

C:\Windows\System\DfjVUnf.exe

C:\Windows\System\DfjVUnf.exe

C:\Windows\System\FeIgilw.exe

C:\Windows\System\FeIgilw.exe

C:\Windows\System\erWbpxP.exe

C:\Windows\System\erWbpxP.exe

C:\Windows\System\RdDdqGZ.exe

C:\Windows\System\RdDdqGZ.exe

C:\Windows\System\CCbUmZl.exe

C:\Windows\System\CCbUmZl.exe

C:\Windows\System\giNPTno.exe

C:\Windows\System\giNPTno.exe

C:\Windows\System\UJIbYjb.exe

C:\Windows\System\UJIbYjb.exe

C:\Windows\System\ZHewQSc.exe

C:\Windows\System\ZHewQSc.exe

C:\Windows\System\bbksEyq.exe

C:\Windows\System\bbksEyq.exe

C:\Windows\System\UgHDvPZ.exe

C:\Windows\System\UgHDvPZ.exe

C:\Windows\System\rRdSCpr.exe

C:\Windows\System\rRdSCpr.exe

C:\Windows\System\TwjPfSW.exe

C:\Windows\System\TwjPfSW.exe

C:\Windows\System\rMweLWh.exe

C:\Windows\System\rMweLWh.exe

C:\Windows\System\GFjFCgb.exe

C:\Windows\System\GFjFCgb.exe

C:\Windows\System\RheFqvx.exe

C:\Windows\System\RheFqvx.exe

C:\Windows\System\XSKUhhX.exe

C:\Windows\System\XSKUhhX.exe

C:\Windows\System\zAkqOKl.exe

C:\Windows\System\zAkqOKl.exe

C:\Windows\System\XyUlHXP.exe

C:\Windows\System\XyUlHXP.exe

C:\Windows\System\qZaCIRL.exe

C:\Windows\System\qZaCIRL.exe

C:\Windows\System\ALIjxYn.exe

C:\Windows\System\ALIjxYn.exe

C:\Windows\System\OtKcwLY.exe

C:\Windows\System\OtKcwLY.exe

C:\Windows\System\rYlzitR.exe

C:\Windows\System\rYlzitR.exe

C:\Windows\System\EsSmPxi.exe

C:\Windows\System\EsSmPxi.exe

C:\Windows\System\qieDUFl.exe

C:\Windows\System\qieDUFl.exe

C:\Windows\System\vRbWfBU.exe

C:\Windows\System\vRbWfBU.exe

C:\Windows\System\qUgyopB.exe

C:\Windows\System\qUgyopB.exe

C:\Windows\System\suvsCpJ.exe

C:\Windows\System\suvsCpJ.exe

C:\Windows\System\vZKUjAT.exe

C:\Windows\System\vZKUjAT.exe

C:\Windows\System\pOpMQRJ.exe

C:\Windows\System\pOpMQRJ.exe

C:\Windows\System\GcfJrGQ.exe

C:\Windows\System\GcfJrGQ.exe

C:\Windows\System\ceQoyRj.exe

C:\Windows\System\ceQoyRj.exe

C:\Windows\System\dyUJwgR.exe

C:\Windows\System\dyUJwgR.exe

C:\Windows\System\ojIXWDm.exe

C:\Windows\System\ojIXWDm.exe

C:\Windows\System\FlsXwNY.exe

C:\Windows\System\FlsXwNY.exe

C:\Windows\System\whlDwtG.exe

C:\Windows\System\whlDwtG.exe

C:\Windows\System\BAVFpat.exe

C:\Windows\System\BAVFpat.exe

C:\Windows\System\PrvaHJK.exe

C:\Windows\System\PrvaHJK.exe

C:\Windows\System\cqkuMfv.exe

C:\Windows\System\cqkuMfv.exe

C:\Windows\System\HBGDxIQ.exe

C:\Windows\System\HBGDxIQ.exe

C:\Windows\System\ELLkreo.exe

C:\Windows\System\ELLkreo.exe

C:\Windows\System\mNyePNp.exe

C:\Windows\System\mNyePNp.exe

C:\Windows\System\RhnElyR.exe

C:\Windows\System\RhnElyR.exe

C:\Windows\System\dwZIrUp.exe

C:\Windows\System\dwZIrUp.exe

C:\Windows\System\CrgCKzA.exe

C:\Windows\System\CrgCKzA.exe

C:\Windows\System\PRQqbnj.exe

C:\Windows\System\PRQqbnj.exe

C:\Windows\System\ffpyLsN.exe

C:\Windows\System\ffpyLsN.exe

C:\Windows\System\Igtacxu.exe

C:\Windows\System\Igtacxu.exe

C:\Windows\System\hWsOosd.exe

C:\Windows\System\hWsOosd.exe

C:\Windows\System\aTpKfcO.exe

C:\Windows\System\aTpKfcO.exe

C:\Windows\System\wqqubtP.exe

C:\Windows\System\wqqubtP.exe

C:\Windows\System\pUlgdhl.exe

C:\Windows\System\pUlgdhl.exe

C:\Windows\System\NolYkqI.exe

C:\Windows\System\NolYkqI.exe

C:\Windows\System\zERaZVX.exe

C:\Windows\System\zERaZVX.exe

C:\Windows\System\kjXwxbB.exe

C:\Windows\System\kjXwxbB.exe

C:\Windows\System\CKzSRXp.exe

C:\Windows\System\CKzSRXp.exe

C:\Windows\System\xSuRLxr.exe

C:\Windows\System\xSuRLxr.exe

C:\Windows\System\FgkNosl.exe

C:\Windows\System\FgkNosl.exe

C:\Windows\System\QdidRQO.exe

C:\Windows\System\QdidRQO.exe

C:\Windows\System\nncufvJ.exe

C:\Windows\System\nncufvJ.exe

C:\Windows\System\CjxCbgh.exe

C:\Windows\System\CjxCbgh.exe

C:\Windows\System\fRKvWHK.exe

C:\Windows\System\fRKvWHK.exe

C:\Windows\System\QKTowhS.exe

C:\Windows\System\QKTowhS.exe

C:\Windows\System\GFspzHQ.exe

C:\Windows\System\GFspzHQ.exe

C:\Windows\System\FmafVaL.exe

C:\Windows\System\FmafVaL.exe

C:\Windows\System\SvVzGlO.exe

C:\Windows\System\SvVzGlO.exe

C:\Windows\System\iIBczaZ.exe

C:\Windows\System\iIBczaZ.exe

C:\Windows\System\mFoOFkd.exe

C:\Windows\System\mFoOFkd.exe

C:\Windows\System\pTWrUIJ.exe

C:\Windows\System\pTWrUIJ.exe

C:\Windows\System\QACchRL.exe

C:\Windows\System\QACchRL.exe

C:\Windows\System\jIvNxUG.exe

C:\Windows\System\jIvNxUG.exe

C:\Windows\System\aTuOhuo.exe

C:\Windows\System\aTuOhuo.exe

C:\Windows\System\dzuWBoP.exe

C:\Windows\System\dzuWBoP.exe

C:\Windows\System\zXQScud.exe

C:\Windows\System\zXQScud.exe

C:\Windows\System\XYwyOuY.exe

C:\Windows\System\XYwyOuY.exe

C:\Windows\System\oDdBsTD.exe

C:\Windows\System\oDdBsTD.exe

C:\Windows\System\kvTWadU.exe

C:\Windows\System\kvTWadU.exe

C:\Windows\System\oozeMTZ.exe

C:\Windows\System\oozeMTZ.exe

C:\Windows\System\ReMwNLU.exe

C:\Windows\System\ReMwNLU.exe

C:\Windows\System\JvhxQOl.exe

C:\Windows\System\JvhxQOl.exe

C:\Windows\System\ywuPxMx.exe

C:\Windows\System\ywuPxMx.exe

C:\Windows\System\rvPNmNR.exe

C:\Windows\System\rvPNmNR.exe

C:\Windows\System\FWGZyFm.exe

C:\Windows\System\FWGZyFm.exe

C:\Windows\System\qryoRuF.exe

C:\Windows\System\qryoRuF.exe

C:\Windows\System\QHPMSDS.exe

C:\Windows\System\QHPMSDS.exe

C:\Windows\System\phJUQvz.exe

C:\Windows\System\phJUQvz.exe

C:\Windows\System\vufkqpI.exe

C:\Windows\System\vufkqpI.exe

C:\Windows\System\ZzlkCDh.exe

C:\Windows\System\ZzlkCDh.exe

C:\Windows\System\kzeNPsu.exe

C:\Windows\System\kzeNPsu.exe

C:\Windows\System\OxIfWYd.exe

C:\Windows\System\OxIfWYd.exe

C:\Windows\System\fPvyuiC.exe

C:\Windows\System\fPvyuiC.exe

C:\Windows\System\MjSFTRz.exe

C:\Windows\System\MjSFTRz.exe

C:\Windows\System\bZwGxSs.exe

C:\Windows\System\bZwGxSs.exe

C:\Windows\System\jcJpvaj.exe

C:\Windows\System\jcJpvaj.exe

C:\Windows\System\kqiDEEL.exe

C:\Windows\System\kqiDEEL.exe

C:\Windows\System\pbMyOKk.exe

C:\Windows\System\pbMyOKk.exe

C:\Windows\System\BBwoSXQ.exe

C:\Windows\System\BBwoSXQ.exe

C:\Windows\System\kxSvLjW.exe

C:\Windows\System\kxSvLjW.exe

C:\Windows\System\cFNermv.exe

C:\Windows\System\cFNermv.exe

C:\Windows\System\ROTtwHG.exe

C:\Windows\System\ROTtwHG.exe

C:\Windows\System\KIzZoPV.exe

C:\Windows\System\KIzZoPV.exe

C:\Windows\System\YiMbjrD.exe

C:\Windows\System\YiMbjrD.exe

C:\Windows\System\rGpWQfd.exe

C:\Windows\System\rGpWQfd.exe

C:\Windows\System\JGVCRMH.exe

C:\Windows\System\JGVCRMH.exe

C:\Windows\System\ChfFuYZ.exe

C:\Windows\System\ChfFuYZ.exe

C:\Windows\System\RAmUniO.exe

C:\Windows\System\RAmUniO.exe

C:\Windows\System\PWerBfg.exe

C:\Windows\System\PWerBfg.exe

C:\Windows\System\OnUcyEE.exe

C:\Windows\System\OnUcyEE.exe

C:\Windows\System\eGluFWA.exe

C:\Windows\System\eGluFWA.exe

C:\Windows\System\dEjBHjo.exe

C:\Windows\System\dEjBHjo.exe

C:\Windows\System\VgUIyQP.exe

C:\Windows\System\VgUIyQP.exe

C:\Windows\System\ZODIwGG.exe

C:\Windows\System\ZODIwGG.exe

C:\Windows\System\xAqSZlP.exe

C:\Windows\System\xAqSZlP.exe

C:\Windows\System\PkDjlGf.exe

C:\Windows\System\PkDjlGf.exe

C:\Windows\System\lNlOVvX.exe

C:\Windows\System\lNlOVvX.exe

C:\Windows\System\ihaJpCo.exe

C:\Windows\System\ihaJpCo.exe

C:\Windows\System\tKanEjT.exe

C:\Windows\System\tKanEjT.exe

C:\Windows\System\yVWCajF.exe

C:\Windows\System\yVWCajF.exe

C:\Windows\System\NydrupR.exe

C:\Windows\System\NydrupR.exe

C:\Windows\System\dHgtlSu.exe

C:\Windows\System\dHgtlSu.exe

C:\Windows\System\pOPaVzC.exe

C:\Windows\System\pOPaVzC.exe

C:\Windows\System\rMGebco.exe

C:\Windows\System\rMGebco.exe

C:\Windows\System\JFHykjK.exe

C:\Windows\System\JFHykjK.exe

C:\Windows\System\rtdgKET.exe

C:\Windows\System\rtdgKET.exe

C:\Windows\System\hiEZdKM.exe

C:\Windows\System\hiEZdKM.exe

C:\Windows\System\aueDEIl.exe

C:\Windows\System\aueDEIl.exe

C:\Windows\System\orEVNoL.exe

C:\Windows\System\orEVNoL.exe

C:\Windows\System\ADnBRWV.exe

C:\Windows\System\ADnBRWV.exe

C:\Windows\System\pJZXHvR.exe

C:\Windows\System\pJZXHvR.exe

C:\Windows\System\aOGEQTa.exe

C:\Windows\System\aOGEQTa.exe

C:\Windows\System\yKGrVXp.exe

C:\Windows\System\yKGrVXp.exe

C:\Windows\System\dgWIHaf.exe

C:\Windows\System\dgWIHaf.exe

C:\Windows\System\bMUspHR.exe

C:\Windows\System\bMUspHR.exe

C:\Windows\System\VoCGdAT.exe

C:\Windows\System\VoCGdAT.exe

C:\Windows\System\AmzYTLc.exe

C:\Windows\System\AmzYTLc.exe

C:\Windows\System\agKutPN.exe

C:\Windows\System\agKutPN.exe

C:\Windows\System\FDWWLFJ.exe

C:\Windows\System\FDWWLFJ.exe

C:\Windows\System\hiOckXw.exe

C:\Windows\System\hiOckXw.exe

C:\Windows\System\hWZmSNB.exe

C:\Windows\System\hWZmSNB.exe

C:\Windows\System\UyrCMcd.exe

C:\Windows\System\UyrCMcd.exe

C:\Windows\System\UmiyAgP.exe

C:\Windows\System\UmiyAgP.exe

C:\Windows\System\jBOsvvY.exe

C:\Windows\System\jBOsvvY.exe

C:\Windows\System\KqpWYLV.exe

C:\Windows\System\KqpWYLV.exe

C:\Windows\System\vjnyOZt.exe

C:\Windows\System\vjnyOZt.exe

C:\Windows\System\FTjlfLa.exe

C:\Windows\System\FTjlfLa.exe

C:\Windows\System\NmBBume.exe

C:\Windows\System\NmBBume.exe

C:\Windows\System\zrBMXCL.exe

C:\Windows\System\zrBMXCL.exe

C:\Windows\System\BKYEYPW.exe

C:\Windows\System\BKYEYPW.exe

C:\Windows\System\ByfSMWp.exe

C:\Windows\System\ByfSMWp.exe

C:\Windows\System\wWwFyGY.exe

C:\Windows\System\wWwFyGY.exe

C:\Windows\System\lcIAqlA.exe

C:\Windows\System\lcIAqlA.exe

C:\Windows\System\fgDrNrM.exe

C:\Windows\System\fgDrNrM.exe

C:\Windows\System\eeXWESu.exe

C:\Windows\System\eeXWESu.exe

C:\Windows\System\KFARgkX.exe

C:\Windows\System\KFARgkX.exe

C:\Windows\System\oYqQuTi.exe

C:\Windows\System\oYqQuTi.exe

C:\Windows\System\MuyniMY.exe

C:\Windows\System\MuyniMY.exe

C:\Windows\System\woAdCAt.exe

C:\Windows\System\woAdCAt.exe

C:\Windows\System\hjxUJjL.exe

C:\Windows\System\hjxUJjL.exe

C:\Windows\System\gHwEmcO.exe

C:\Windows\System\gHwEmcO.exe

C:\Windows\System\MTCMlIi.exe

C:\Windows\System\MTCMlIi.exe

C:\Windows\System\lGdxBGa.exe

C:\Windows\System\lGdxBGa.exe

C:\Windows\System\Nmmencq.exe

C:\Windows\System\Nmmencq.exe

C:\Windows\System\eSHrgrg.exe

C:\Windows\System\eSHrgrg.exe

C:\Windows\System\CvpWRsA.exe

C:\Windows\System\CvpWRsA.exe

C:\Windows\System\JXtsAIZ.exe

C:\Windows\System\JXtsAIZ.exe

C:\Windows\System\OOGjUcT.exe

C:\Windows\System\OOGjUcT.exe

C:\Windows\System\dNNbjgI.exe

C:\Windows\System\dNNbjgI.exe

C:\Windows\System\DDCyhNO.exe

C:\Windows\System\DDCyhNO.exe

C:\Windows\System\LkXcfgs.exe

C:\Windows\System\LkXcfgs.exe

C:\Windows\System\qDGHznX.exe

C:\Windows\System\qDGHznX.exe

C:\Windows\System\BsFpyIA.exe

C:\Windows\System\BsFpyIA.exe

C:\Windows\System\qSEWPPa.exe

C:\Windows\System\qSEWPPa.exe

C:\Windows\System\gDhaMiu.exe

C:\Windows\System\gDhaMiu.exe

C:\Windows\System\DXOXRDs.exe

C:\Windows\System\DXOXRDs.exe

C:\Windows\System\dMOqYkH.exe

C:\Windows\System\dMOqYkH.exe

C:\Windows\System\LosefTz.exe

C:\Windows\System\LosefTz.exe

C:\Windows\System\DAhYbWb.exe

C:\Windows\System\DAhYbWb.exe

C:\Windows\System\NZohTJQ.exe

C:\Windows\System\NZohTJQ.exe

C:\Windows\System\BgccMYS.exe

C:\Windows\System\BgccMYS.exe

C:\Windows\System\TWEYPGa.exe

C:\Windows\System\TWEYPGa.exe

C:\Windows\System\oGCDXZm.exe

C:\Windows\System\oGCDXZm.exe

C:\Windows\System\ECIlMnd.exe

C:\Windows\System\ECIlMnd.exe

C:\Windows\System\IelVcxt.exe

C:\Windows\System\IelVcxt.exe

C:\Windows\System\yJbrzOj.exe

C:\Windows\System\yJbrzOj.exe

C:\Windows\System\gzIFIxr.exe

C:\Windows\System\gzIFIxr.exe

C:\Windows\System\KEvTytM.exe

C:\Windows\System\KEvTytM.exe

C:\Windows\System\aPkVMRm.exe

C:\Windows\System\aPkVMRm.exe

C:\Windows\System\SEDbipP.exe

C:\Windows\System\SEDbipP.exe

C:\Windows\System\plZnClz.exe

C:\Windows\System\plZnClz.exe

C:\Windows\System\KgOtYsH.exe

C:\Windows\System\KgOtYsH.exe

C:\Windows\System\LwXHyYU.exe

C:\Windows\System\LwXHyYU.exe

C:\Windows\System\AxgpzWb.exe

C:\Windows\System\AxgpzWb.exe

C:\Windows\System\geAdbDq.exe

C:\Windows\System\geAdbDq.exe

C:\Windows\System\sIaKCur.exe

C:\Windows\System\sIaKCur.exe

C:\Windows\System\yiBvNqc.exe

C:\Windows\System\yiBvNqc.exe

C:\Windows\System\cTFzDPi.exe

C:\Windows\System\cTFzDPi.exe

C:\Windows\System\LsRRPPK.exe

C:\Windows\System\LsRRPPK.exe

C:\Windows\System\qhKSjHT.exe

C:\Windows\System\qhKSjHT.exe

C:\Windows\System\WfWzYiA.exe

C:\Windows\System\WfWzYiA.exe

C:\Windows\System\QrNBgsP.exe

C:\Windows\System\QrNBgsP.exe

C:\Windows\System\kpSoOFS.exe

C:\Windows\System\kpSoOFS.exe

C:\Windows\System\QEHrres.exe

C:\Windows\System\QEHrres.exe

C:\Windows\System\mJKMEXJ.exe

C:\Windows\System\mJKMEXJ.exe

C:\Windows\System\gzshllu.exe

C:\Windows\System\gzshllu.exe

C:\Windows\System\MLPajVj.exe

C:\Windows\System\MLPajVj.exe

C:\Windows\System\TTeZoaV.exe

C:\Windows\System\TTeZoaV.exe

C:\Windows\System\VSYwGEK.exe

C:\Windows\System\VSYwGEK.exe

C:\Windows\System\CaXeTRO.exe

C:\Windows\System\CaXeTRO.exe

C:\Windows\System\jrMwqdm.exe

C:\Windows\System\jrMwqdm.exe

C:\Windows\System\IsxAqDI.exe

C:\Windows\System\IsxAqDI.exe

C:\Windows\System\lVJxVbj.exe

C:\Windows\System\lVJxVbj.exe

C:\Windows\System\AmaOAWJ.exe

C:\Windows\System\AmaOAWJ.exe

C:\Windows\System\MUjvJLV.exe

C:\Windows\System\MUjvJLV.exe

C:\Windows\System\OoxxlNI.exe

C:\Windows\System\OoxxlNI.exe

C:\Windows\System\FYQZBTs.exe

C:\Windows\System\FYQZBTs.exe

C:\Windows\System\HJkSMUQ.exe

C:\Windows\System\HJkSMUQ.exe

C:\Windows\System\XCxAirM.exe

C:\Windows\System\XCxAirM.exe

C:\Windows\System\MISODqh.exe

C:\Windows\System\MISODqh.exe

C:\Windows\System\EimsTut.exe

C:\Windows\System\EimsTut.exe

C:\Windows\System\LheMrOk.exe

C:\Windows\System\LheMrOk.exe

C:\Windows\System\PybYDIP.exe

C:\Windows\System\PybYDIP.exe

C:\Windows\System\ygalsbC.exe

C:\Windows\System\ygalsbC.exe

C:\Windows\System\RTNOLMy.exe

C:\Windows\System\RTNOLMy.exe

C:\Windows\System\MqyrlSY.exe

C:\Windows\System\MqyrlSY.exe

C:\Windows\System\gLOUJQO.exe

C:\Windows\System\gLOUJQO.exe

C:\Windows\System\guNyCyn.exe

C:\Windows\System\guNyCyn.exe

C:\Windows\System\wkSrHac.exe

C:\Windows\System\wkSrHac.exe

C:\Windows\System\zZNUzNl.exe

C:\Windows\System\zZNUzNl.exe

C:\Windows\System\BYFwuDK.exe

C:\Windows\System\BYFwuDK.exe

C:\Windows\System\rQBIHYG.exe

C:\Windows\System\rQBIHYG.exe

C:\Windows\System\QUXbKyg.exe

C:\Windows\System\QUXbKyg.exe

C:\Windows\System\ouXtcXu.exe

C:\Windows\System\ouXtcXu.exe

C:\Windows\System\wAYhJIS.exe

C:\Windows\System\wAYhJIS.exe

C:\Windows\System\gQwdGuq.exe

C:\Windows\System\gQwdGuq.exe

C:\Windows\System\izplpvk.exe

C:\Windows\System\izplpvk.exe

C:\Windows\System\aDIypRO.exe

C:\Windows\System\aDIypRO.exe

C:\Windows\System\wkICqLb.exe

C:\Windows\System\wkICqLb.exe

C:\Windows\System\IMmfIpT.exe

C:\Windows\System\IMmfIpT.exe

C:\Windows\System\urixqmz.exe

C:\Windows\System\urixqmz.exe

C:\Windows\System\jBDVWqU.exe

C:\Windows\System\jBDVWqU.exe

C:\Windows\System\ysJFPFW.exe

C:\Windows\System\ysJFPFW.exe

C:\Windows\System\uJEvUhm.exe

C:\Windows\System\uJEvUhm.exe

C:\Windows\System\wxMAqIr.exe

C:\Windows\System\wxMAqIr.exe

C:\Windows\System\wVONuRH.exe

C:\Windows\System\wVONuRH.exe

C:\Windows\System\EKxmCAu.exe

C:\Windows\System\EKxmCAu.exe

C:\Windows\System\KRuFFvI.exe

C:\Windows\System\KRuFFvI.exe

C:\Windows\System\IwAsppK.exe

C:\Windows\System\IwAsppK.exe

C:\Windows\System\RhVmeQi.exe

C:\Windows\System\RhVmeQi.exe

C:\Windows\System\XKGbRZS.exe

C:\Windows\System\XKGbRZS.exe

C:\Windows\System\aSTdgrF.exe

C:\Windows\System\aSTdgrF.exe

C:\Windows\System\mlSyvmk.exe

C:\Windows\System\mlSyvmk.exe

C:\Windows\System\FEZxTFm.exe

C:\Windows\System\FEZxTFm.exe

C:\Windows\System\PHmKDej.exe

C:\Windows\System\PHmKDej.exe

C:\Windows\System\NbMqWED.exe

C:\Windows\System\NbMqWED.exe

C:\Windows\System\eoJondi.exe

C:\Windows\System\eoJondi.exe

C:\Windows\System\disqQQO.exe

C:\Windows\System\disqQQO.exe

C:\Windows\System\kMsxoDW.exe

C:\Windows\System\kMsxoDW.exe

C:\Windows\System\MaIDDOE.exe

C:\Windows\System\MaIDDOE.exe

C:\Windows\System\qTkuvFl.exe

C:\Windows\System\qTkuvFl.exe

C:\Windows\System\LEtFNzx.exe

C:\Windows\System\LEtFNzx.exe

C:\Windows\System\gXEPDUz.exe

C:\Windows\System\gXEPDUz.exe

C:\Windows\System\fbPYroY.exe

C:\Windows\System\fbPYroY.exe

C:\Windows\System\azMhxTQ.exe

C:\Windows\System\azMhxTQ.exe

C:\Windows\System\HqrpULR.exe

C:\Windows\System\HqrpULR.exe

C:\Windows\System\jYDcUJB.exe

C:\Windows\System\jYDcUJB.exe

C:\Windows\System\xRKBiJk.exe

C:\Windows\System\xRKBiJk.exe

C:\Windows\System\QghhYME.exe

C:\Windows\System\QghhYME.exe

C:\Windows\System\YETegpF.exe

C:\Windows\System\YETegpF.exe

C:\Windows\System\zEndJCb.exe

C:\Windows\System\zEndJCb.exe

C:\Windows\System\KeboGId.exe

C:\Windows\System\KeboGId.exe

C:\Windows\System\RktXrnQ.exe

C:\Windows\System\RktXrnQ.exe

C:\Windows\System\iFlDYvk.exe

C:\Windows\System\iFlDYvk.exe

C:\Windows\System\CMuGryo.exe

C:\Windows\System\CMuGryo.exe

C:\Windows\System\myQExuz.exe

C:\Windows\System\myQExuz.exe

C:\Windows\System\PMxFRiu.exe

C:\Windows\System\PMxFRiu.exe

C:\Windows\System\urxWKtk.exe

C:\Windows\System\urxWKtk.exe

C:\Windows\System\FpZFtkW.exe

C:\Windows\System\FpZFtkW.exe

C:\Windows\System\EolTGKC.exe

C:\Windows\System\EolTGKC.exe

C:\Windows\System\eEmCkuF.exe

C:\Windows\System\eEmCkuF.exe

C:\Windows\System\hBjcmCB.exe

C:\Windows\System\hBjcmCB.exe

C:\Windows\System\gffRxnR.exe

C:\Windows\System\gffRxnR.exe

C:\Windows\System\gKrXZkA.exe

C:\Windows\System\gKrXZkA.exe

C:\Windows\System\sJmmuhK.exe

C:\Windows\System\sJmmuhK.exe

C:\Windows\System\RamWCsO.exe

C:\Windows\System\RamWCsO.exe

C:\Windows\System\kvtrohx.exe

C:\Windows\System\kvtrohx.exe

C:\Windows\System\fJgQASb.exe

C:\Windows\System\fJgQASb.exe

C:\Windows\System\LzcrHya.exe

C:\Windows\System\LzcrHya.exe

C:\Windows\System\KAmlQeH.exe

C:\Windows\System\KAmlQeH.exe

C:\Windows\System\TxwhnZp.exe

C:\Windows\System\TxwhnZp.exe

C:\Windows\System\BhXeZhN.exe

C:\Windows\System\BhXeZhN.exe

C:\Windows\System\lvVZIwe.exe

C:\Windows\System\lvVZIwe.exe

C:\Windows\System\HJxdUYR.exe

C:\Windows\System\HJxdUYR.exe

C:\Windows\System\UNXntvE.exe

C:\Windows\System\UNXntvE.exe

C:\Windows\System\sGQDLLr.exe

C:\Windows\System\sGQDLLr.exe

C:\Windows\System\kFsUddA.exe

C:\Windows\System\kFsUddA.exe

C:\Windows\System\alCBfKT.exe

C:\Windows\System\alCBfKT.exe

C:\Windows\System\FOBcCvP.exe

C:\Windows\System\FOBcCvP.exe

C:\Windows\System\gFRMdeY.exe

C:\Windows\System\gFRMdeY.exe

C:\Windows\System\PYpqxxq.exe

C:\Windows\System\PYpqxxq.exe

C:\Windows\System\utFpMvZ.exe

C:\Windows\System\utFpMvZ.exe

C:\Windows\System\pVRdDmC.exe

C:\Windows\System\pVRdDmC.exe

C:\Windows\System\pmTJtDA.exe

C:\Windows\System\pmTJtDA.exe

C:\Windows\System\aVdTbNj.exe

C:\Windows\System\aVdTbNj.exe

C:\Windows\System\IxZvhjy.exe

C:\Windows\System\IxZvhjy.exe

C:\Windows\System\POhDZUI.exe

C:\Windows\System\POhDZUI.exe

C:\Windows\System\ATWRtih.exe

C:\Windows\System\ATWRtih.exe

C:\Windows\System\oCAXEzg.exe

C:\Windows\System\oCAXEzg.exe

C:\Windows\System\glpZSTf.exe

C:\Windows\System\glpZSTf.exe

C:\Windows\System\FVWOYMn.exe

C:\Windows\System\FVWOYMn.exe

C:\Windows\System\fJysSOu.exe

C:\Windows\System\fJysSOu.exe

C:\Windows\System\mZurKyD.exe

C:\Windows\System\mZurKyD.exe

C:\Windows\System\ZcuBIGN.exe

C:\Windows\System\ZcuBIGN.exe

C:\Windows\System\mxlybNp.exe

C:\Windows\System\mxlybNp.exe

C:\Windows\System\hPNyFyy.exe

C:\Windows\System\hPNyFyy.exe

C:\Windows\System\OVdlaKZ.exe

C:\Windows\System\OVdlaKZ.exe

C:\Windows\System\nyYJGYX.exe

C:\Windows\System\nyYJGYX.exe

C:\Windows\System\yDJtoTk.exe

C:\Windows\System\yDJtoTk.exe

C:\Windows\System\YzugVmu.exe

C:\Windows\System\YzugVmu.exe

C:\Windows\System\wjWGcDd.exe

C:\Windows\System\wjWGcDd.exe

C:\Windows\System\senGMOt.exe

C:\Windows\System\senGMOt.exe

C:\Windows\System\iTAzPBg.exe

C:\Windows\System\iTAzPBg.exe

C:\Windows\System\lWdtMce.exe

C:\Windows\System\lWdtMce.exe

C:\Windows\System\VBbjabt.exe

C:\Windows\System\VBbjabt.exe

C:\Windows\System\laxFcWe.exe

C:\Windows\System\laxFcWe.exe

C:\Windows\System\LOGxYLF.exe

C:\Windows\System\LOGxYLF.exe

C:\Windows\System\AOgtwNh.exe

C:\Windows\System\AOgtwNh.exe

C:\Windows\System\feQsiUc.exe

C:\Windows\System\feQsiUc.exe

C:\Windows\System\oxnxnrw.exe

C:\Windows\System\oxnxnrw.exe

C:\Windows\System\GrpqPvP.exe

C:\Windows\System\GrpqPvP.exe

C:\Windows\System\QJYUFJK.exe

C:\Windows\System\QJYUFJK.exe

C:\Windows\System\NxjEpYB.exe

C:\Windows\System\NxjEpYB.exe

C:\Windows\System\jzmuJLP.exe

C:\Windows\System\jzmuJLP.exe

C:\Windows\System\KrdhGVQ.exe

C:\Windows\System\KrdhGVQ.exe

C:\Windows\System\dnEhWCL.exe

C:\Windows\System\dnEhWCL.exe

C:\Windows\System\LSWChWv.exe

C:\Windows\System\LSWChWv.exe

C:\Windows\System\QDjPpuj.exe

C:\Windows\System\QDjPpuj.exe

C:\Windows\System\vuhFxOB.exe

C:\Windows\System\vuhFxOB.exe

C:\Windows\System\YWGAQSa.exe

C:\Windows\System\YWGAQSa.exe

C:\Windows\System\sgVmfZY.exe

C:\Windows\System\sgVmfZY.exe

C:\Windows\System\gVYpSPo.exe

C:\Windows\System\gVYpSPo.exe

C:\Windows\System\INRrlDv.exe

C:\Windows\System\INRrlDv.exe

C:\Windows\System\VwjzZSs.exe

C:\Windows\System\VwjzZSs.exe

C:\Windows\System\dLDzmCn.exe

C:\Windows\System\dLDzmCn.exe

C:\Windows\System\QPJfwtu.exe

C:\Windows\System\QPJfwtu.exe

C:\Windows\System\cdybrDh.exe

C:\Windows\System\cdybrDh.exe

C:\Windows\System\ZXSVSsD.exe

C:\Windows\System\ZXSVSsD.exe

C:\Windows\System\cdvfnTC.exe

C:\Windows\System\cdvfnTC.exe

C:\Windows\System\rErLSRr.exe

C:\Windows\System\rErLSRr.exe

C:\Windows\System\mwBORQY.exe

C:\Windows\System\mwBORQY.exe

C:\Windows\System\gsmmSEA.exe

C:\Windows\System\gsmmSEA.exe

C:\Windows\System\YlqNcFf.exe

C:\Windows\System\YlqNcFf.exe

C:\Windows\System\KGUwenX.exe

C:\Windows\System\KGUwenX.exe

C:\Windows\System\mJrcPIL.exe

C:\Windows\System\mJrcPIL.exe

C:\Windows\System\jjzCkln.exe

C:\Windows\System\jjzCkln.exe

C:\Windows\System\aQJgSuL.exe

C:\Windows\System\aQJgSuL.exe

C:\Windows\System\HppcuTD.exe

C:\Windows\System\HppcuTD.exe

C:\Windows\System\LFZnXIy.exe

C:\Windows\System\LFZnXIy.exe

C:\Windows\System\UKvplhn.exe

C:\Windows\System\UKvplhn.exe

C:\Windows\System\DSjFQhp.exe

C:\Windows\System\DSjFQhp.exe

C:\Windows\System\tCvVCrl.exe

C:\Windows\System\tCvVCrl.exe

C:\Windows\System\xwfNbhu.exe

C:\Windows\System\xwfNbhu.exe

C:\Windows\System\uJwWDjU.exe

C:\Windows\System\uJwWDjU.exe

C:\Windows\System\wVXiLvL.exe

C:\Windows\System\wVXiLvL.exe

C:\Windows\System\NsaRSvK.exe

C:\Windows\System\NsaRSvK.exe

C:\Windows\System\oAVqRFx.exe

C:\Windows\System\oAVqRFx.exe

C:\Windows\System\xdlVIgI.exe

C:\Windows\System\xdlVIgI.exe

C:\Windows\System\mXLmklk.exe

C:\Windows\System\mXLmklk.exe

C:\Windows\System\rNSiDoR.exe

C:\Windows\System\rNSiDoR.exe

C:\Windows\System\hdqUMpo.exe

C:\Windows\System\hdqUMpo.exe

C:\Windows\System\rNvOedw.exe

C:\Windows\System\rNvOedw.exe

C:\Windows\System\XtxnBhS.exe

C:\Windows\System\XtxnBhS.exe

C:\Windows\System\IuBilBF.exe

C:\Windows\System\IuBilBF.exe

C:\Windows\System\wCKKeaA.exe

C:\Windows\System\wCKKeaA.exe

C:\Windows\System\pBClKYH.exe

C:\Windows\System\pBClKYH.exe

C:\Windows\System\CaGOiNl.exe

C:\Windows\System\CaGOiNl.exe

C:\Windows\System\TCRMxCg.exe

C:\Windows\System\TCRMxCg.exe

C:\Windows\System\MikUcoS.exe

C:\Windows\System\MikUcoS.exe

C:\Windows\System\ZkqEnGD.exe

C:\Windows\System\ZkqEnGD.exe

C:\Windows\System\OeYjQOg.exe

C:\Windows\System\OeYjQOg.exe

C:\Windows\System\hYIPHun.exe

C:\Windows\System\hYIPHun.exe

C:\Windows\System\ETiEIKl.exe

C:\Windows\System\ETiEIKl.exe

C:\Windows\System\SAVhScA.exe

C:\Windows\System\SAVhScA.exe

C:\Windows\System\ftdgsfc.exe

C:\Windows\System\ftdgsfc.exe

C:\Windows\System\AFcndVh.exe

C:\Windows\System\AFcndVh.exe

C:\Windows\System\NHJDgXp.exe

C:\Windows\System\NHJDgXp.exe

C:\Windows\System\EWobNbw.exe

C:\Windows\System\EWobNbw.exe

C:\Windows\System\IMDGHAj.exe

C:\Windows\System\IMDGHAj.exe

C:\Windows\System\XOGLlIN.exe

C:\Windows\System\XOGLlIN.exe

C:\Windows\System\UUvfQbz.exe

C:\Windows\System\UUvfQbz.exe

C:\Windows\System\siCXnxY.exe

C:\Windows\System\siCXnxY.exe

C:\Windows\System\ycLjGHV.exe

C:\Windows\System\ycLjGHV.exe

C:\Windows\System\qKyRtLs.exe

C:\Windows\System\qKyRtLs.exe

C:\Windows\System\Uwcinlr.exe

C:\Windows\System\Uwcinlr.exe

C:\Windows\System\xosfnDP.exe

C:\Windows\System\xosfnDP.exe

C:\Windows\System\pzfZobl.exe

C:\Windows\System\pzfZobl.exe

C:\Windows\System\GeaLjdk.exe

C:\Windows\System\GeaLjdk.exe

C:\Windows\System\EKzybJh.exe

C:\Windows\System\EKzybJh.exe

C:\Windows\System\PYCEXal.exe

C:\Windows\System\PYCEXal.exe

C:\Windows\System\PflhirL.exe

C:\Windows\System\PflhirL.exe

C:\Windows\System\oAOYlpi.exe

C:\Windows\System\oAOYlpi.exe

Network

N/A

Files

memory/1320-0-0x000000013F0B0000-0x000000013F404000-memory.dmp

memory/1320-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\GlGXeLi.exe

MD5 21ac5bdceb8ef15958c625dfe1a68b42
SHA1 31473fe4139f7bdefca0e2c3011b937a731f2984
SHA256 c650f5185f9bc63d6488b9c10c876278422b048a04527c72987d39c27858081e
SHA512 73def7ec4f30cef216dbfbb2ca90ff6c108a0fec107817f944bf0395675effb7a126332f38e6d4fa1192d7cd3dd11b3104fae21b7d5590e72abf5ce99224dad1

memory/1320-6-0x000000013FBB0000-0x000000013FF04000-memory.dmp

C:\Windows\system\sOsGVRi.exe

MD5 808cb83bef4f2f9e76d47d7ecc5dc89a
SHA1 a3f85af77c5d91eef349b531fe197894fdcc8996
SHA256 73c1e6ffd04445a214308e6663c829f5a1956d0a8fd528ead978e623d307fa1d
SHA512 afbbef4b438e0a49e7568a8e8a674e202c33d6d2f2701d25c6ba63993413a641df8eaae9e6964864d2d453acfbc8887ddbaa9bf7949d516733b9a8c92df60dd5

memory/2824-15-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2412-16-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1320-10-0x000000013F7C0000-0x000000013FB14000-memory.dmp

C:\Windows\system\ewXloyW.exe

MD5 f9c2fa8b91c4f608a1e335d3a8dfa171
SHA1 364cbc330854bc68fe74de55a58dd3910caa002a
SHA256 1e92c12adb5051f25aabc3de62c8f29bf7ab3e1ecf99b758ebd9b5a64c8cd4fc
SHA512 770c91d294f351d69566ac724203af0fca826b586f8374a70dfb06f564205f3f8a01b9dce8e6f1f9aa0e8d5d4b96076930260ac6fa30c74f487fab4a8e37337a

memory/3056-23-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/1320-22-0x000000013F9F0000-0x000000013FD44000-memory.dmp

\Windows\system\GVMNffg.exe

MD5 407f143c447ca5b8566fd210f0de7211
SHA1 6d811497030c6304de17dff3e533a4c9c2fe0dbf
SHA256 d7b6dd39721076edc52a2e920572b0983f8dd88ca614380b10f6e589381a041a
SHA512 d829a51c33fe0bb259da8ba94d7656cf81abd34612b6898ea3a4ef78bc8003f825e4e643b073a25bba772a2943e66108ebaff3791330eecc52d156e0868c52d4

memory/1320-28-0x000000013FC50000-0x000000013FFA4000-memory.dmp

C:\Windows\system\oIGBlxI.exe

MD5 1b59398742cc9f031187667568a13eb9
SHA1 1c5ae48113935a4fe6a1b9f8642e54c7ae0b4afe
SHA256 19e7a2eebdc09cf937333099673cb6eaef05dda721fa3add6bbaede45acf6912
SHA512 3ca281d48c128a1acf05ac300492d2ac697dddc15305f0386239fddf55467a16313dfaaee5e28cf57cefe470a9c12ed46eda2a4d3a0dc01cedbba951f8d9c617

C:\Windows\system\ZFuLrMm.exe

MD5 b31aae05909261872996e00515b58006
SHA1 b4c5f5c98da4c2fca63984d2b42f3267653f7807
SHA256 872cf90713743a728f06eefb7bfdfb65ecdc47f468ae826016dcd2e85e8bcd33
SHA512 14c3f00cc232adf9aa60f27e37c062a27eca2ce7ab3384f215dffc979964cf6de0265c144473e7ad1fcd2f2f75826e6422dc71d86df8d54dce07f98d38bf1adf

memory/2620-42-0x000000013F1B0000-0x000000013F504000-memory.dmp

C:\Windows\system\ySICttD.exe

MD5 ea7a2f0ac721e2fee331b4e45843d549
SHA1 5d6b9bd0e4922c5ea4414d6fd33c49fae26e8663
SHA256 54a9256eb18af6f670612af3d719a6f67f5b5f8e65aade66975ed097da9b045e
SHA512 8d9adaf244208d0c6a839974cc3e11fce3c971cfc7154ecb7ab71abe0f41669aadf1a8c720a0a4ab123cfa4deff15acd65c5770d78d1435de977fcc2bcd0ea4d

memory/1320-57-0x000000013F0B0000-0x000000013F404000-memory.dmp

memory/2808-58-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2532-51-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/2580-70-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/344-83-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2604-90-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/1320-105-0x000000013FC00000-0x000000013FF54000-memory.dmp

C:\Windows\system\dGrsLSg.exe

MD5 66162dfec1680529b640f94d65d12975
SHA1 9bcc37f73a7560a60aa8f3e2393f1802a4108a81
SHA256 558865b46a00e0f47dec09f601c01a82e4904de0161c114f90b8700fca20d0ef
SHA512 748ca207e4682d95fb6f2dfdc355ed4b20ba7310cfa64294e393f17d69804c96a8f39fc57685b41bb5b70f4d5109b1d453f29d46dbe41d1d8a5447ac85793dc6

memory/344-1542-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/1320-1541-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/1320-1680-0x00000000023F0000-0x0000000002744000-memory.dmp

memory/2604-1683-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2388-1341-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2580-1156-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/1320-1155-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/2516-938-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/2620-339-0x000000013F1B0000-0x000000013F504000-memory.dmp

C:\Windows\system\mUSMKoj.exe

MD5 18826009cdba240737c5ce96fea55491
SHA1 d8df89ae18f072ef167363ab47d01e8ff652a0f3
SHA256 25953e29dad5199a9ff5a8d6ab324f7291a3c904d497895dad62d0a304cf5ea3
SHA512 06b4b98614378d01420ca0e6740562e7c051ac1dd883bbc4f98bb7e00b60c01a38ed673c9a11b573b11ff1455d167c017264e287a330a64caf2411af6ed9eb36

C:\Windows\system\ofADszl.exe

MD5 6fef23acd04833ce35bb80926f241581
SHA1 dc8d0dbd24cb53a3c1d608754ead6b0cf1076b04
SHA256 496c2ea52507331ae033f0fb5674bec71be4eb1deea6985366c2835056897e34
SHA512 27ce1d1b68de084d65627435ecc77eab15fd025c07aaf75779e81ab63701026ee15589e524bca6fe42d9ce983cba2d864e5277c446f9ea84f34a232ab62d7d80

C:\Windows\system\KeQMoLt.exe

MD5 0a4e06acfd84373cc4ae641d3eb578af
SHA1 d62ca02c206004a9d4586b1a74e616cb1fa47841
SHA256 58c120c0fbc8d89b5a7e802919c2d19084dd6a0734a0bd0c91346b349a6c5ec7
SHA512 0ae1afc7aa5b31e01edddd37851982eb63df2df742ef3606764437d26a7cbd2feb6e810313739516300fa044ae0bae3d9f0d048e6418f6cd55e207ab112599b1

C:\Windows\system\ubbdMON.exe

MD5 5dfb41395c38d8140ef12cc04c28ed24
SHA1 66df15809276bc8cb50b829aa0a1993d990b80b5
SHA256 ada5dd8f62b07fb15e0387ad1cef2e1a4d751f1a113d90a0842950a3ce903243
SHA512 207b32105318184444fd9331f9958b5459315b55a7fb97df99e0b0fa3cce4cbafbd02dd2cf7ef0c8d8469df38df03a8e320a88b5263964c26e2767000aa39b40

C:\Windows\system\GZvzIms.exe

MD5 8e18296c0e8d564bbb89016c4c5ede75
SHA1 298d4dd9b34fa8bfcd0f96a613cecd4e063203d2
SHA256 45d160ed36c324b34faeeecc3b6c6a545ec9df7f11a23cc25e3da2c61c887093
SHA512 aef672a1400b6bfd23ded6a963d8b5a2e3d58f2cda10dcbfa9ffd3fac951200901ab232217c8d86a0dc45fc2f9b853c0e8baf337effcf28a16bc4e762d1db14e

C:\Windows\system\VHrqJrk.exe

MD5 18130e4dfb7370252079277ba0f177a4
SHA1 da6692c35af5e82a38573422dcb9e85d755c8206
SHA256 a2d80674edfaed39fc628c7c60cd9bf75f4ed4209a5776ab3a2ad6ff27ba39b9
SHA512 0db314c43ab263ee18dd709424368cb2e1799e2177b5ed9ae401b8f3b4149e09bb4cc3d54e91f527f399fa19cbcb24160b6cd750d230352be5d38818a1be77c1

C:\Windows\system\RhuLCSZ.exe

MD5 90a037539148a6f8b391161e5814c8e4
SHA1 b345ef08be4b0f26c7b36ca3775a485095e45b64
SHA256 5c3c31e3ac45d25958212777d63e6cc11e8ea74460463904394985b3bc5c54ba
SHA512 fa8e00e5b8b6a3c962cdf845f0df030123f4f5c49bcba761befbc4682adafbcdf35b1a50e2c17bd60db51be222d31169e97b3931701252629ffb1670a058cdff

C:\Windows\system\WiCkkrU.exe

MD5 f157971fab9f3a33c99cb9603ed769a8
SHA1 b4ddcd91419b9177dc9beaa784236a5bd7584c70
SHA256 28f8f67063f3a99ccb2c1eb066a08896e2cf437376d22d76b09a6b35e046c208
SHA512 b260139ea074e4652571c6cf40f1bc8fd0826f09cd3fa3f967d155450d6d96a60337fc2a994e86418efc64954fb651c407720e0bf906fb513ab547db20cccc82

C:\Windows\system\qRgzmcd.exe

MD5 d23231166fec676691a0faa90678e475
SHA1 07847e0f333d55f7a680fc44d81a4c9dd0bc1c0b
SHA256 f07577e55fa77224c7df7f1ec3fcc56dfe1675cb40ddb027981bece573344e70
SHA512 07e171e0c0534c09bfd64b37031ef0f3f65158a1a971df0e0d5b91aa8b3c8c3acc68acad8957a445867d8e2156c15fc032fd59369a53b4dc8f81ade8d38de8d1

C:\Windows\system\hBOKnqN.exe

MD5 07bc01fd38202c4b0d9177d6f8285d95
SHA1 305d212e960ae50605bfa8c7e5a164c2943ccd37
SHA256 95ae78cc7e08b4be61eec616dbfcd526095c5bb507e2f088f9e4edfa05c1c8c4
SHA512 feac36af6872286239fb5caf073a4e26f416931f638cf01d4ed52a4bdd0d07cfdbbb0a3f1a0824715c5c2114f932f734120af04b416819c277049b70acde034e

C:\Windows\system\zQPbYMq.exe

MD5 26f11f804df7f34f98b239fbbbefbafa
SHA1 8a0da3ac4b46a6782e6bf7789f479f65c9440fe2
SHA256 0b9cc8a7acaca2d0331d3542b7b05f81d66e1458a6f92765548e0f65abc93943
SHA512 8fd1e397cf5298dfe107d49e8a4170ad9e2a58011bd20a4076d8daa2d3d86b686e54f39cd1dc64ab4cda9d80136a9c5e36f1f49e05a3f04d415b9213e21fd0d3

C:\Windows\system\QmuuJkG.exe

MD5 0072e901248558c679e4e2c1eca6fff4
SHA1 5cb9256c530728a806796c36fe8aba151a952b73
SHA256 4b89e25a04ea3c59dabc5ced480c95963a8f8e4bf3c73a5b0dcac67158cfb41a
SHA512 495f3a36a0324d0dd50cd8861fdfe577e1fc2e1a0ef0e43b8ebcd9c146e005b2ef58d19d83f6c2299c028b3c8812416204be2b1dedfa7f65ec4c3536687fe076

C:\Windows\system\pEKbMaG.exe

MD5 d0ecfb17021a13d2a7b479088581a016
SHA1 2df9b3d420a9aeacbb0e0e3e225960d7a4044f83
SHA256 cc6092f2af2af7a8840e2051357174fba3a65dd3fe909203f8eb5a5d4633b417
SHA512 17bd4bcf611184eec05434daac13f98fd70ca460c78501e69bb9e15af3ff3f04cf46758778b47412995a15bcca896ca15cab71e9ec5cf471704d047deab0454d

C:\Windows\system\RzzojxU.exe

MD5 25925d4c37a69ef3d21e4774a7a18455
SHA1 266ec1f547dc153d2e39d983c41ffb759ceec31c
SHA256 a8c4f8c3d2eb1eaaef2011baf7aef74a3f83856cd65f5a02b263e1fa12ef3014
SHA512 6be5d91d8f795c15a44708d38122bf19fc2d311731eeca57599850755c9071e4e60f7dab44dbf49d00fc068ccd8c83021106b647e38225c7e1afcea610ec9943

C:\Windows\system\kSYiWAL.exe

MD5 d141bf930c459678edbcbcd0abb18fd6
SHA1 000ff32d34e561279c9d7a43e446f5aa153cc085
SHA256 f944f642f7058f22ab1423a17392131f7be5b85e85c31a781573bec41f359aa7
SHA512 38a6139608c7725808b012deab55d5b32a63e890beb925f7987e0680f97ed62a5c243748034c15a6d6fc519072997d7f05d798befd514e49f3b4b5a509b82428

C:\Windows\system\vRbfUJO.exe

MD5 fa6a0b74e603065187fb9409341f65fa
SHA1 64d05ed9a00e7fe73e6ca047fac50434d09dd9fb
SHA256 54ead6e945f7cddcf78b1c8b73b6e151e71b2d470f1cb573d966c0279c76f054
SHA512 5ea5115df53e58f6e940fc6a19f91ebb241d364e6e898d3df4d6b12cacc6706577535262fdba6333373d31f7aadcd3a3128b210829c016e98033d15eab266647

memory/1320-104-0x000000013F890000-0x000000013FBE4000-memory.dmp

C:\Windows\system\eDORBjK.exe

MD5 7e85bbe03671f6b8d4412d9eeb31eb26
SHA1 d0678f5ad41f5616153620fd566d2dc83a00a3e9
SHA256 0472c2120668d7fe6a435a55150f4c362125a4f7e9fae6f297c1477a27045274
SHA512 f9f22203fe53ad5de793548b908ea6c0962458f688c8f08b33df1c2d5dbef38a4265d8a2bd25a504fd02a3e225ac646fb9c49c615d1dd9d2e1b980f481a4af90

memory/2860-98-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1320-97-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1320-89-0x00000000023F0000-0x0000000002744000-memory.dmp

C:\Windows\system\LBRHxJE.exe

MD5 856ce46aaba08531e2788dea8bd14427
SHA1 3c81c0b4514d13e6fa5a96cfb3dc4e32f9179b43
SHA256 85e466249c7e7022d2bc640bcfc35059395ac943f7e39683b535951ceba95285
SHA512 738c2109dea4fce568851d5e4af81e7d0b03d0cd76fb13bf9dd722ade847defb049bd3cee5a5aa07c8ee6c22bd1df302b8b57466b1000e50f185695f227b050d

memory/2704-96-0x000000013FC50000-0x000000013FFA4000-memory.dmp

C:\Windows\system\arlEVoq.exe

MD5 fe26d2c29e7e4078a4acad897876e314
SHA1 75585fa066635cc934a497efab9ef4a38d1cd450
SHA256 47d5f79f28cef171371651ce0d5e743564a4e630df3664afd5803c8a577e4c6c
SHA512 09775283f35c57649c639feb629f9c19da80b4dabc4e184621341d952162760107e8559e6d59f00e446686d86b794356eb4ca6bd788317358a8aa28ff2d74098

memory/1320-82-0x000000013F490000-0x000000013F7E4000-memory.dmp

C:\Windows\system\mZuibtF.exe

MD5 458e34f34c1120f3af58a6129ce8cf2c
SHA1 a6a5f6b9efb818ad2982d9858cc749021c701f99
SHA256 18f1bcc620d38be2d1ac8057ee75bfa13e608eaa89ade9bd7497213f35012546
SHA512 e245ddb043fc49ae07bc7dd2523de94ae36f3f122fd0e398c8f36a66c3af5b17443e917ba302dff49ff3aca6e89f8544a2d0d224f1de4c2e14cd5260c3a9ff9c

memory/2388-77-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/1320-76-0x000000013F930000-0x000000013FC84000-memory.dmp

C:\Windows\system\eTXuBoj.exe

MD5 8afdbb01dd9a57cf4bba61c7dc42beac
SHA1 6a92368ab5885b0db50f6c92033368c21efcd309
SHA256 060f0cbfaeea9e355f7c3c2421a497af9670cc5a3587854a4584d13bccfd1f60
SHA512 ba83f2021d419352cc8291236863dafbbf2f473200441e1e8ee5acde1c7cf7a3155382ef024f4858b5a123cca230820ad957f52bfa0bb5bd68b1cabf0b17cd7d

memory/1320-69-0x000000013F750000-0x000000013FAA4000-memory.dmp

C:\Windows\system\IxVVdbi.exe

MD5 1c5fdc96980d29f89b8655ac9fc0ff85
SHA1 24d7c8adcaab218072dc0e11ab0d949a02e92792
SHA256 2c249dbe0f520103e5353d6074756c43e8b6e872a4f3feab2cdf8638ac89b138
SHA512 f981296491ecea7d4a2683b53d230a42dfc648f02e8a2d41064af9f99063da9c8ae0c131be738d46297db743a396c2cc44e60bc45174f59759684e24a0ffcd98

memory/2516-63-0x000000013F830000-0x000000013FB84000-memory.dmp

C:\Windows\system\WUQCDSa.exe

MD5 cc812a7dcaa2c6259040a38c40963027
SHA1 e524a781d705c7ae45be56a9e306f80249b16a2a
SHA256 db6bf04c8ea5045b3a29b1bce15899658630e088d2165d663b2543af2f550433
SHA512 54ff72bb8aacf259c7f6e5480ee64cab43215d68502b32983e6d872c2437901446f2a6e9fd24bc291737d27766cb8a40d359168e508e2e9e4bf3179d293fe84c

memory/1320-50-0x00000000023F0000-0x0000000002744000-memory.dmp

C:\Windows\system\OEhpFtQ.exe

MD5 cbafa560fac557cd1207529059092968
SHA1 fc5488d510f8c53cbb8155367f738088c6278397
SHA256 fe8e2860e642c72e90fbe01921d32ebc767fcad9f0b41483cb23d893a2fc59f9
SHA512 ea9edc10fe0965acd185f09c65445550c2a9a7ad56db6dadda57cbbb96f087e52b034d275a3117f3bbf2cc92163faccba089c684a905b5cc8086a026e8fcf292

memory/1320-34-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/1320-41-0x00000000023F0000-0x0000000002744000-memory.dmp

memory/1160-40-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2704-30-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2860-2315-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1320-2313-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/1320-2502-0x000000013FC00000-0x000000013FF54000-memory.dmp

memory/2824-3517-0x000000013F7C0000-0x000000013FB14000-memory.dmp

memory/2412-3520-0x000000013FBB0000-0x000000013FF04000-memory.dmp

memory/3056-3568-0x000000013F9F0000-0x000000013FD44000-memory.dmp

memory/2704-3596-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2620-3601-0x000000013F1B0000-0x000000013F504000-memory.dmp

memory/1160-3608-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2808-3613-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2532-3612-0x000000013F170000-0x000000013F4C4000-memory.dmp

memory/2516-3617-0x000000013F830000-0x000000013FB84000-memory.dmp

memory/2580-3619-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/2388-3624-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/344-3627-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2604-3629-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2860-3633-0x000000013FBB0000-0x000000013FF04000-memory.dmp

C:\Windows\system\mmayGQK.exe

MD5 13ad4ed70ed46ab8a7338d0dc4fca2fc
SHA1 06ff47ce45d5f56e334b7029e34a4d2d22b789d6
SHA256 c73d9044ac6641a102b76738a243b9a9d5eec79580c045ba9e55fccc017083c7
SHA512 35f51905858c57b23c951dad7b753b389476b0a72ddb65e969ee6b8ecba38b5858f2d0002e33dbc95bdce19893fbf73625c2c2aac507efe576643602c8860683

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 20:02

Reported

2024-05-22 20:05

Platform

win10v2004-20240508-en

Max time kernel

139s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe"

Signatures

xmrig

miner xmrig

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-22_b39408e66fd0f6b38b4dbc931278b89f_cobalt-strike_cobaltstrike.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/2192-0-0x00007FF77A5A0000-0x00007FF77A8F4000-memory.dmp