Malware Analysis Report

2025-03-15 08:09

Sample ID 240530-lmb57adc4z
Target 2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike
SHA256 7974bd0ec2b7e1c50c2ff05ac5a54e5b93591b086548b800e24e41359c718e67
Tags
upx 0 miner cobaltstrike xmrig backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7974bd0ec2b7e1c50c2ff05ac5a54e5b93591b086548b800e24e41359c718e67

Threat Level: Known bad

The file 2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike was found to be: Known bad.

Malicious Activity Summary

upx 0 miner cobaltstrike xmrig backdoor trojan

UPX dump on OEP (original entry point)

Cobalt Strike reflective loader

Cobaltstrike

XMRig Miner payload

Cobaltstrike family

Xmrig family

xmrig

Detects Reflective DLL injection artifacts

UPX dump on OEP (original entry point)

XMRig Miner payload

Detects Reflective DLL injection artifacts

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 09:38

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike family

cobaltstrike

Detects Reflective DLL injection artifacts

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 09:38

Reported

2024-05-30 09:41

Platform

win7-20240221-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe"

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

xmrig

miner xmrig

Detects Reflective DLL injection artifacts

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wFeEqGO.exe N/A
N/A N/A C:\Windows\System\TpMRwiG.exe N/A
N/A N/A C:\Windows\System\IYvrJWW.exe N/A
N/A N/A C:\Windows\System\DPEBzEx.exe N/A
N/A N/A C:\Windows\System\xEXZCWP.exe N/A
N/A N/A C:\Windows\System\LYzerae.exe N/A
N/A N/A C:\Windows\System\xnaivXn.exe N/A
N/A N/A C:\Windows\System\fqDVGfq.exe N/A
N/A N/A C:\Windows\System\vJLOYOi.exe N/A
N/A N/A C:\Windows\System\EnJOyWS.exe N/A
N/A N/A C:\Windows\System\WEfsUAN.exe N/A
N/A N/A C:\Windows\System\EmviSzp.exe N/A
N/A N/A C:\Windows\System\IeAXgMi.exe N/A
N/A N/A C:\Windows\System\HnOgVBA.exe N/A
N/A N/A C:\Windows\System\bAglHbC.exe N/A
N/A N/A C:\Windows\System\PVAHoAz.exe N/A
N/A N/A C:\Windows\System\fVtzTEq.exe N/A
N/A N/A C:\Windows\System\AgKdQgk.exe N/A
N/A N/A C:\Windows\System\QulLdDT.exe N/A
N/A N/A C:\Windows\System\RBokjKE.exe N/A
N/A N/A C:\Windows\System\KPzCsiu.exe N/A
N/A N/A C:\Windows\System\YcRVFnC.exe N/A
N/A N/A C:\Windows\System\fSlAiSS.exe N/A
N/A N/A C:\Windows\System\Xsdflsv.exe N/A
N/A N/A C:\Windows\System\HVldFXq.exe N/A
N/A N/A C:\Windows\System\gIHHxMm.exe N/A
N/A N/A C:\Windows\System\cVIZbfK.exe N/A
N/A N/A C:\Windows\System\fezcAXI.exe N/A
N/A N/A C:\Windows\System\aQuHwpa.exe N/A
N/A N/A C:\Windows\System\IzQSzkQ.exe N/A
N/A N/A C:\Windows\System\ofwkWrS.exe N/A
N/A N/A C:\Windows\System\TriqDwl.exe N/A
N/A N/A C:\Windows\System\XzRWjpo.exe N/A
N/A N/A C:\Windows\System\hNGMYQq.exe N/A
N/A N/A C:\Windows\System\KIERYAj.exe N/A
N/A N/A C:\Windows\System\WHUzNMR.exe N/A
N/A N/A C:\Windows\System\zkUfnGp.exe N/A
N/A N/A C:\Windows\System\cPwEokE.exe N/A
N/A N/A C:\Windows\System\XghdHnY.exe N/A
N/A N/A C:\Windows\System\mbTTcmG.exe N/A
N/A N/A C:\Windows\System\mghdjES.exe N/A
N/A N/A C:\Windows\System\UaMysln.exe N/A
N/A N/A C:\Windows\System\KGLiQdL.exe N/A
N/A N/A C:\Windows\System\sNAwbpB.exe N/A
N/A N/A C:\Windows\System\jxnTVLb.exe N/A
N/A N/A C:\Windows\System\gtJIjAX.exe N/A
N/A N/A C:\Windows\System\ddPcDAD.exe N/A
N/A N/A C:\Windows\System\vMddLyf.exe N/A
N/A N/A C:\Windows\System\OcMYkGJ.exe N/A
N/A N/A C:\Windows\System\KCEMDnB.exe N/A
N/A N/A C:\Windows\System\yFLZqzr.exe N/A
N/A N/A C:\Windows\System\tPQquKa.exe N/A
N/A N/A C:\Windows\System\hBasQJC.exe N/A
N/A N/A C:\Windows\System\HvXqsft.exe N/A
N/A N/A C:\Windows\System\wBjctIL.exe N/A
N/A N/A C:\Windows\System\MFGgNyt.exe N/A
N/A N/A C:\Windows\System\gBoHNpE.exe N/A
N/A N/A C:\Windows\System\mGRXMLL.exe N/A
N/A N/A C:\Windows\System\ZVvfcZD.exe N/A
N/A N/A C:\Windows\System\RyaCrUH.exe N/A
N/A N/A C:\Windows\System\ANqqwlM.exe N/A
N/A N/A C:\Windows\System\xXbfEEc.exe N/A
N/A N/A C:\Windows\System\yISldDz.exe N/A
N/A N/A C:\Windows\System\GyHFwBm.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\MjyQWcZ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\qCLHhNq.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\QuTAnxK.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\JXdqbed.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\yZaRTkO.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\NjyDiTu.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\YbPWzns.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\RghzoMn.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\RfMrriD.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\YotdShD.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\tzdPdPC.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\OJpUuWe.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\zPEdlKs.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\tspdEww.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\AIWnhnL.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vxLyoXe.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\JnyLqGy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\psHxMQO.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\YECrOIP.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TlDvPvD.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\wrEbhSo.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kqhxSWc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ebXnFWB.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\CApkKhF.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\SlPBwnr.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\VbAZwFr.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\thYnduH.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\RveZqel.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\CifdrQQ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\eYncIwo.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\uXsxmCI.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\IbcXHlf.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\eiSxFEQ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vMddLyf.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\cLJZctL.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\iTamguS.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\jPNFqgr.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\lBpCaTI.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\qNZVnPU.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\wdlhkJd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\IROtHFn.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vGErhbo.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\KPzCsiu.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kEHiYQd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\KwWIeMg.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\DsAPZNR.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\zJMDgQI.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\wJpOJSS.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\aAdOHYZ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vVdkiPG.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\XyvGgoB.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\XcfByry.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\VkaTtUa.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kFTUrLu.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\KxpWEoK.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\qTMzRhI.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\QESaIcX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\VgbDvZJ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\EwgqMQB.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\cHHOwxV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\LyiHBcU.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ZMMuPNY.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\HgVxkQm.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\jBddWqW.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2412 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\wFeEqGO.exe
PID 2412 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\wFeEqGO.exe
PID 2412 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\wFeEqGO.exe
PID 2412 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\TpMRwiG.exe
PID 2412 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\TpMRwiG.exe
PID 2412 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\TpMRwiG.exe
PID 2412 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\IYvrJWW.exe
PID 2412 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\IYvrJWW.exe
PID 2412 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\IYvrJWW.exe
PID 2412 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\DPEBzEx.exe
PID 2412 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\DPEBzEx.exe
PID 2412 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\DPEBzEx.exe
PID 2412 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\xEXZCWP.exe
PID 2412 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\xEXZCWP.exe
PID 2412 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\xEXZCWP.exe
PID 2412 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\LYzerae.exe
PID 2412 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\LYzerae.exe
PID 2412 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\LYzerae.exe
PID 2412 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\fqDVGfq.exe
PID 2412 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\fqDVGfq.exe
PID 2412 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\fqDVGfq.exe
PID 2412 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\xnaivXn.exe
PID 2412 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\xnaivXn.exe
PID 2412 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\xnaivXn.exe
PID 2412 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\vJLOYOi.exe
PID 2412 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\vJLOYOi.exe
PID 2412 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\vJLOYOi.exe
PID 2412 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\EnJOyWS.exe
PID 2412 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\EnJOyWS.exe
PID 2412 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\EnJOyWS.exe
PID 2412 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\WEfsUAN.exe
PID 2412 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\WEfsUAN.exe
PID 2412 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\WEfsUAN.exe
PID 2412 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\EmviSzp.exe
PID 2412 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\EmviSzp.exe
PID 2412 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\EmviSzp.exe
PID 2412 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\IeAXgMi.exe
PID 2412 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\IeAXgMi.exe
PID 2412 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\IeAXgMi.exe
PID 2412 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\HnOgVBA.exe
PID 2412 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\HnOgVBA.exe
PID 2412 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\HnOgVBA.exe
PID 2412 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\bAglHbC.exe
PID 2412 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\bAglHbC.exe
PID 2412 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\bAglHbC.exe
PID 2412 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\PVAHoAz.exe
PID 2412 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\PVAHoAz.exe
PID 2412 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\PVAHoAz.exe
PID 2412 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\fVtzTEq.exe
PID 2412 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\fVtzTEq.exe
PID 2412 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\fVtzTEq.exe
PID 2412 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\AgKdQgk.exe
PID 2412 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\AgKdQgk.exe
PID 2412 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\AgKdQgk.exe
PID 2412 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\QulLdDT.exe
PID 2412 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\QulLdDT.exe
PID 2412 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\QulLdDT.exe
PID 2412 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\RBokjKE.exe
PID 2412 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\RBokjKE.exe
PID 2412 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\RBokjKE.exe
PID 2412 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\YcRVFnC.exe
PID 2412 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\YcRVFnC.exe
PID 2412 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\YcRVFnC.exe
PID 2412 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\KPzCsiu.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe"

C:\Windows\System\wFeEqGO.exe

C:\Windows\System\wFeEqGO.exe

C:\Windows\System\TpMRwiG.exe

C:\Windows\System\TpMRwiG.exe

C:\Windows\System\IYvrJWW.exe

C:\Windows\System\IYvrJWW.exe

C:\Windows\System\DPEBzEx.exe

C:\Windows\System\DPEBzEx.exe

C:\Windows\System\xEXZCWP.exe

C:\Windows\System\xEXZCWP.exe

C:\Windows\System\LYzerae.exe

C:\Windows\System\LYzerae.exe

C:\Windows\System\fqDVGfq.exe

C:\Windows\System\fqDVGfq.exe

C:\Windows\System\xnaivXn.exe

C:\Windows\System\xnaivXn.exe

C:\Windows\System\vJLOYOi.exe

C:\Windows\System\vJLOYOi.exe

C:\Windows\System\EnJOyWS.exe

C:\Windows\System\EnJOyWS.exe

C:\Windows\System\WEfsUAN.exe

C:\Windows\System\WEfsUAN.exe

C:\Windows\System\EmviSzp.exe

C:\Windows\System\EmviSzp.exe

C:\Windows\System\IeAXgMi.exe

C:\Windows\System\IeAXgMi.exe

C:\Windows\System\HnOgVBA.exe

C:\Windows\System\HnOgVBA.exe

C:\Windows\System\bAglHbC.exe

C:\Windows\System\bAglHbC.exe

C:\Windows\System\PVAHoAz.exe

C:\Windows\System\PVAHoAz.exe

C:\Windows\System\fVtzTEq.exe

C:\Windows\System\fVtzTEq.exe

C:\Windows\System\AgKdQgk.exe

C:\Windows\System\AgKdQgk.exe

C:\Windows\System\QulLdDT.exe

C:\Windows\System\QulLdDT.exe

C:\Windows\System\RBokjKE.exe

C:\Windows\System\RBokjKE.exe

C:\Windows\System\YcRVFnC.exe

C:\Windows\System\YcRVFnC.exe

C:\Windows\System\KPzCsiu.exe

C:\Windows\System\KPzCsiu.exe

C:\Windows\System\Xsdflsv.exe

C:\Windows\System\Xsdflsv.exe

C:\Windows\System\fSlAiSS.exe

C:\Windows\System\fSlAiSS.exe

C:\Windows\System\HVldFXq.exe

C:\Windows\System\HVldFXq.exe

C:\Windows\System\gIHHxMm.exe

C:\Windows\System\gIHHxMm.exe

C:\Windows\System\cVIZbfK.exe

C:\Windows\System\cVIZbfK.exe

C:\Windows\System\fezcAXI.exe

C:\Windows\System\fezcAXI.exe

C:\Windows\System\aQuHwpa.exe

C:\Windows\System\aQuHwpa.exe

C:\Windows\System\IzQSzkQ.exe

C:\Windows\System\IzQSzkQ.exe

C:\Windows\System\ofwkWrS.exe

C:\Windows\System\ofwkWrS.exe

C:\Windows\System\TriqDwl.exe

C:\Windows\System\TriqDwl.exe

C:\Windows\System\XzRWjpo.exe

C:\Windows\System\XzRWjpo.exe

C:\Windows\System\hNGMYQq.exe

C:\Windows\System\hNGMYQq.exe

C:\Windows\System\KIERYAj.exe

C:\Windows\System\KIERYAj.exe

C:\Windows\System\WHUzNMR.exe

C:\Windows\System\WHUzNMR.exe

C:\Windows\System\zkUfnGp.exe

C:\Windows\System\zkUfnGp.exe

C:\Windows\System\cPwEokE.exe

C:\Windows\System\cPwEokE.exe

C:\Windows\System\XghdHnY.exe

C:\Windows\System\XghdHnY.exe

C:\Windows\System\mbTTcmG.exe

C:\Windows\System\mbTTcmG.exe

C:\Windows\System\mghdjES.exe

C:\Windows\System\mghdjES.exe

C:\Windows\System\UaMysln.exe

C:\Windows\System\UaMysln.exe

C:\Windows\System\KGLiQdL.exe

C:\Windows\System\KGLiQdL.exe

C:\Windows\System\sNAwbpB.exe

C:\Windows\System\sNAwbpB.exe

C:\Windows\System\jxnTVLb.exe

C:\Windows\System\jxnTVLb.exe

C:\Windows\System\gtJIjAX.exe

C:\Windows\System\gtJIjAX.exe

C:\Windows\System\ddPcDAD.exe

C:\Windows\System\ddPcDAD.exe

C:\Windows\System\vMddLyf.exe

C:\Windows\System\vMddLyf.exe

C:\Windows\System\OcMYkGJ.exe

C:\Windows\System\OcMYkGJ.exe

C:\Windows\System\KCEMDnB.exe

C:\Windows\System\KCEMDnB.exe

C:\Windows\System\yFLZqzr.exe

C:\Windows\System\yFLZqzr.exe

C:\Windows\System\tPQquKa.exe

C:\Windows\System\tPQquKa.exe

C:\Windows\System\hBasQJC.exe

C:\Windows\System\hBasQJC.exe

C:\Windows\System\HvXqsft.exe

C:\Windows\System\HvXqsft.exe

C:\Windows\System\wBjctIL.exe

C:\Windows\System\wBjctIL.exe

C:\Windows\System\MFGgNyt.exe

C:\Windows\System\MFGgNyt.exe

C:\Windows\System\gBoHNpE.exe

C:\Windows\System\gBoHNpE.exe

C:\Windows\System\mGRXMLL.exe

C:\Windows\System\mGRXMLL.exe

C:\Windows\System\ZVvfcZD.exe

C:\Windows\System\ZVvfcZD.exe

C:\Windows\System\RyaCrUH.exe

C:\Windows\System\RyaCrUH.exe

C:\Windows\System\ANqqwlM.exe

C:\Windows\System\ANqqwlM.exe

C:\Windows\System\xXbfEEc.exe

C:\Windows\System\xXbfEEc.exe

C:\Windows\System\yISldDz.exe

C:\Windows\System\yISldDz.exe

C:\Windows\System\GyHFwBm.exe

C:\Windows\System\GyHFwBm.exe

C:\Windows\System\vzwPACw.exe

C:\Windows\System\vzwPACw.exe

C:\Windows\System\TipLXcF.exe

C:\Windows\System\TipLXcF.exe

C:\Windows\System\TmWBMpZ.exe

C:\Windows\System\TmWBMpZ.exe

C:\Windows\System\xtgTHPz.exe

C:\Windows\System\xtgTHPz.exe

C:\Windows\System\ISpUJYa.exe

C:\Windows\System\ISpUJYa.exe

C:\Windows\System\VwURfkY.exe

C:\Windows\System\VwURfkY.exe

C:\Windows\System\zyOWavD.exe

C:\Windows\System\zyOWavD.exe

C:\Windows\System\JgTNMNC.exe

C:\Windows\System\JgTNMNC.exe

C:\Windows\System\vWDczyX.exe

C:\Windows\System\vWDczyX.exe

C:\Windows\System\cIeHgWe.exe

C:\Windows\System\cIeHgWe.exe

C:\Windows\System\coAalQg.exe

C:\Windows\System\coAalQg.exe

C:\Windows\System\flgQHYe.exe

C:\Windows\System\flgQHYe.exe

C:\Windows\System\xBECZlQ.exe

C:\Windows\System\xBECZlQ.exe

C:\Windows\System\GxUsouE.exe

C:\Windows\System\GxUsouE.exe

C:\Windows\System\JtwmpJA.exe

C:\Windows\System\JtwmpJA.exe

C:\Windows\System\IWJNikA.exe

C:\Windows\System\IWJNikA.exe

C:\Windows\System\USXWizD.exe

C:\Windows\System\USXWizD.exe

C:\Windows\System\xIGbpZc.exe

C:\Windows\System\xIGbpZc.exe

C:\Windows\System\BFIsgYJ.exe

C:\Windows\System\BFIsgYJ.exe

C:\Windows\System\HoWkGiv.exe

C:\Windows\System\HoWkGiv.exe

C:\Windows\System\iUJbGDm.exe

C:\Windows\System\iUJbGDm.exe

C:\Windows\System\SfkQsTP.exe

C:\Windows\System\SfkQsTP.exe

C:\Windows\System\uIFtCjI.exe

C:\Windows\System\uIFtCjI.exe

C:\Windows\System\sHQTyIN.exe

C:\Windows\System\sHQTyIN.exe

C:\Windows\System\ZtOMwTb.exe

C:\Windows\System\ZtOMwTb.exe

C:\Windows\System\ulTtPNL.exe

C:\Windows\System\ulTtPNL.exe

C:\Windows\System\XgplUDW.exe

C:\Windows\System\XgplUDW.exe

C:\Windows\System\UoxsSEI.exe

C:\Windows\System\UoxsSEI.exe

C:\Windows\System\fKxiHZR.exe

C:\Windows\System\fKxiHZR.exe

C:\Windows\System\NUrzbdg.exe

C:\Windows\System\NUrzbdg.exe

C:\Windows\System\QyXxwFL.exe

C:\Windows\System\QyXxwFL.exe

C:\Windows\System\kqdjSTG.exe

C:\Windows\System\kqdjSTG.exe

C:\Windows\System\nwmPcpV.exe

C:\Windows\System\nwmPcpV.exe

C:\Windows\System\MeSpPOh.exe

C:\Windows\System\MeSpPOh.exe

C:\Windows\System\UGVdCJq.exe

C:\Windows\System\UGVdCJq.exe

C:\Windows\System\eVSDNYy.exe

C:\Windows\System\eVSDNYy.exe

C:\Windows\System\TlDvPvD.exe

C:\Windows\System\TlDvPvD.exe

C:\Windows\System\AbLdOCK.exe

C:\Windows\System\AbLdOCK.exe

C:\Windows\System\KdZhPBz.exe

C:\Windows\System\KdZhPBz.exe

C:\Windows\System\BtLpldp.exe

C:\Windows\System\BtLpldp.exe

C:\Windows\System\VKZbWjY.exe

C:\Windows\System\VKZbWjY.exe

C:\Windows\System\QdKDPsR.exe

C:\Windows\System\QdKDPsR.exe

C:\Windows\System\xAWxrQz.exe

C:\Windows\System\xAWxrQz.exe

C:\Windows\System\WFtOoUr.exe

C:\Windows\System\WFtOoUr.exe

C:\Windows\System\vUWcmlG.exe

C:\Windows\System\vUWcmlG.exe

C:\Windows\System\KcDAmbc.exe

C:\Windows\System\KcDAmbc.exe

C:\Windows\System\ElBunms.exe

C:\Windows\System\ElBunms.exe

C:\Windows\System\ebQoTli.exe

C:\Windows\System\ebQoTli.exe

C:\Windows\System\AIsRlpw.exe

C:\Windows\System\AIsRlpw.exe

C:\Windows\System\FSPMoVh.exe

C:\Windows\System\FSPMoVh.exe

C:\Windows\System\WElkheN.exe

C:\Windows\System\WElkheN.exe

C:\Windows\System\QhwIzSQ.exe

C:\Windows\System\QhwIzSQ.exe

C:\Windows\System\IrXvfVD.exe

C:\Windows\System\IrXvfVD.exe

C:\Windows\System\JqynPop.exe

C:\Windows\System\JqynPop.exe

C:\Windows\System\punVmOY.exe

C:\Windows\System\punVmOY.exe

C:\Windows\System\zaYWVwN.exe

C:\Windows\System\zaYWVwN.exe

C:\Windows\System\WaZyZbu.exe

C:\Windows\System\WaZyZbu.exe

C:\Windows\System\QmyhTfT.exe

C:\Windows\System\QmyhTfT.exe

C:\Windows\System\VLJcSgi.exe

C:\Windows\System\VLJcSgi.exe

C:\Windows\System\ihcZNEs.exe

C:\Windows\System\ihcZNEs.exe

C:\Windows\System\wHbcyqA.exe

C:\Windows\System\wHbcyqA.exe

C:\Windows\System\CiFEUnd.exe

C:\Windows\System\CiFEUnd.exe

C:\Windows\System\nPzjZxT.exe

C:\Windows\System\nPzjZxT.exe

C:\Windows\System\UnznZaN.exe

C:\Windows\System\UnznZaN.exe

C:\Windows\System\dbPWwKc.exe

C:\Windows\System\dbPWwKc.exe

C:\Windows\System\kLUCRcA.exe

C:\Windows\System\kLUCRcA.exe

C:\Windows\System\TJnZhPM.exe

C:\Windows\System\TJnZhPM.exe

C:\Windows\System\ruElpHr.exe

C:\Windows\System\ruElpHr.exe

C:\Windows\System\woCBvge.exe

C:\Windows\System\woCBvge.exe

C:\Windows\System\jkRfsml.exe

C:\Windows\System\jkRfsml.exe

C:\Windows\System\VNeamrj.exe

C:\Windows\System\VNeamrj.exe

C:\Windows\System\WiyGBZV.exe

C:\Windows\System\WiyGBZV.exe

C:\Windows\System\ponBSii.exe

C:\Windows\System\ponBSii.exe

C:\Windows\System\JNQJtdp.exe

C:\Windows\System\JNQJtdp.exe

C:\Windows\System\kYwydFe.exe

C:\Windows\System\kYwydFe.exe

C:\Windows\System\IVtOUtw.exe

C:\Windows\System\IVtOUtw.exe

C:\Windows\System\QESaIcX.exe

C:\Windows\System\QESaIcX.exe

C:\Windows\System\fiWYgjH.exe

C:\Windows\System\fiWYgjH.exe

C:\Windows\System\qUnPLcA.exe

C:\Windows\System\qUnPLcA.exe

C:\Windows\System\vzMsvOh.exe

C:\Windows\System\vzMsvOh.exe

C:\Windows\System\odOJdeR.exe

C:\Windows\System\odOJdeR.exe

C:\Windows\System\SsLHypo.exe

C:\Windows\System\SsLHypo.exe

C:\Windows\System\LsuGekf.exe

C:\Windows\System\LsuGekf.exe

C:\Windows\System\QiUECrM.exe

C:\Windows\System\QiUECrM.exe

C:\Windows\System\udHkCOO.exe

C:\Windows\System\udHkCOO.exe

C:\Windows\System\KJBqyJy.exe

C:\Windows\System\KJBqyJy.exe

C:\Windows\System\nzKWAwb.exe

C:\Windows\System\nzKWAwb.exe

C:\Windows\System\NPlROTR.exe

C:\Windows\System\NPlROTR.exe

C:\Windows\System\PXfntgm.exe

C:\Windows\System\PXfntgm.exe

C:\Windows\System\AnNErwx.exe

C:\Windows\System\AnNErwx.exe

C:\Windows\System\stEPopX.exe

C:\Windows\System\stEPopX.exe

C:\Windows\System\ZsbbUOj.exe

C:\Windows\System\ZsbbUOj.exe

C:\Windows\System\aAVDCkx.exe

C:\Windows\System\aAVDCkx.exe

C:\Windows\System\SEiUUfm.exe

C:\Windows\System\SEiUUfm.exe

C:\Windows\System\LYiVffR.exe

C:\Windows\System\LYiVffR.exe

C:\Windows\System\yyWyNgj.exe

C:\Windows\System\yyWyNgj.exe

C:\Windows\System\XUacSpw.exe

C:\Windows\System\XUacSpw.exe

C:\Windows\System\gbcTAUE.exe

C:\Windows\System\gbcTAUE.exe

C:\Windows\System\ONScboJ.exe

C:\Windows\System\ONScboJ.exe

C:\Windows\System\NVkSFMK.exe

C:\Windows\System\NVkSFMK.exe

C:\Windows\System\jRdhHzp.exe

C:\Windows\System\jRdhHzp.exe

C:\Windows\System\YKeVqkB.exe

C:\Windows\System\YKeVqkB.exe

C:\Windows\System\AOFoQPv.exe

C:\Windows\System\AOFoQPv.exe

C:\Windows\System\drhpRWU.exe

C:\Windows\System\drhpRWU.exe

C:\Windows\System\bWJQCho.exe

C:\Windows\System\bWJQCho.exe

C:\Windows\System\WxlmOGq.exe

C:\Windows\System\WxlmOGq.exe

C:\Windows\System\FGSOtlA.exe

C:\Windows\System\FGSOtlA.exe

C:\Windows\System\DbeMaAv.exe

C:\Windows\System\DbeMaAv.exe

C:\Windows\System\wrEbhSo.exe

C:\Windows\System\wrEbhSo.exe

C:\Windows\System\bmlUvLs.exe

C:\Windows\System\bmlUvLs.exe

C:\Windows\System\TXGRZNg.exe

C:\Windows\System\TXGRZNg.exe

C:\Windows\System\BbAQyDl.exe

C:\Windows\System\BbAQyDl.exe

C:\Windows\System\aSVuzom.exe

C:\Windows\System\aSVuzom.exe

C:\Windows\System\ZfwrEyZ.exe

C:\Windows\System\ZfwrEyZ.exe

C:\Windows\System\HoaRXaf.exe

C:\Windows\System\HoaRXaf.exe

C:\Windows\System\rWQlezk.exe

C:\Windows\System\rWQlezk.exe

C:\Windows\System\wCKsMjV.exe

C:\Windows\System\wCKsMjV.exe

C:\Windows\System\mMBXWun.exe

C:\Windows\System\mMBXWun.exe

C:\Windows\System\WysWFtM.exe

C:\Windows\System\WysWFtM.exe

C:\Windows\System\LvcbwhF.exe

C:\Windows\System\LvcbwhF.exe

C:\Windows\System\nGvRbqW.exe

C:\Windows\System\nGvRbqW.exe

C:\Windows\System\TOZeFOa.exe

C:\Windows\System\TOZeFOa.exe

C:\Windows\System\iWhmAiZ.exe

C:\Windows\System\iWhmAiZ.exe

C:\Windows\System\CCWMcUI.exe

C:\Windows\System\CCWMcUI.exe

C:\Windows\System\RazXlSg.exe

C:\Windows\System\RazXlSg.exe

C:\Windows\System\SwQZqjc.exe

C:\Windows\System\SwQZqjc.exe

C:\Windows\System\gkcynPZ.exe

C:\Windows\System\gkcynPZ.exe

C:\Windows\System\qtpbSrA.exe

C:\Windows\System\qtpbSrA.exe

C:\Windows\System\eDlxQHO.exe

C:\Windows\System\eDlxQHO.exe

C:\Windows\System\rBezluY.exe

C:\Windows\System\rBezluY.exe

C:\Windows\System\UoeiWEP.exe

C:\Windows\System\UoeiWEP.exe

C:\Windows\System\Tekmsfl.exe

C:\Windows\System\Tekmsfl.exe

C:\Windows\System\NEczUTS.exe

C:\Windows\System\NEczUTS.exe

C:\Windows\System\RaONqVP.exe

C:\Windows\System\RaONqVP.exe

C:\Windows\System\vXVlUME.exe

C:\Windows\System\vXVlUME.exe

C:\Windows\System\JsDVocg.exe

C:\Windows\System\JsDVocg.exe

C:\Windows\System\rasTzzU.exe

C:\Windows\System\rasTzzU.exe

C:\Windows\System\AwRZxit.exe

C:\Windows\System\AwRZxit.exe

C:\Windows\System\UJRgpap.exe

C:\Windows\System\UJRgpap.exe

C:\Windows\System\lJmImIV.exe

C:\Windows\System\lJmImIV.exe

C:\Windows\System\PVysbiV.exe

C:\Windows\System\PVysbiV.exe

C:\Windows\System\sRYbZJg.exe

C:\Windows\System\sRYbZJg.exe

C:\Windows\System\TiGvzjn.exe

C:\Windows\System\TiGvzjn.exe

C:\Windows\System\bhKhbLZ.exe

C:\Windows\System\bhKhbLZ.exe

C:\Windows\System\XbMYmim.exe

C:\Windows\System\XbMYmim.exe

C:\Windows\System\BmMsavI.exe

C:\Windows\System\BmMsavI.exe

C:\Windows\System\vdxBgOt.exe

C:\Windows\System\vdxBgOt.exe

C:\Windows\System\pyObbIz.exe

C:\Windows\System\pyObbIz.exe

C:\Windows\System\uWnWRni.exe

C:\Windows\System\uWnWRni.exe

C:\Windows\System\xmfcIbI.exe

C:\Windows\System\xmfcIbI.exe

C:\Windows\System\LQmODtI.exe

C:\Windows\System\LQmODtI.exe

C:\Windows\System\wFNIoCB.exe

C:\Windows\System\wFNIoCB.exe

C:\Windows\System\fEYRLVe.exe

C:\Windows\System\fEYRLVe.exe

C:\Windows\System\QWFZrWb.exe

C:\Windows\System\QWFZrWb.exe

C:\Windows\System\GCVKLSQ.exe

C:\Windows\System\GCVKLSQ.exe

C:\Windows\System\cLJZctL.exe

C:\Windows\System\cLJZctL.exe

C:\Windows\System\NYIhzWM.exe

C:\Windows\System\NYIhzWM.exe

C:\Windows\System\tfRMaJy.exe

C:\Windows\System\tfRMaJy.exe

C:\Windows\System\hVlFnBO.exe

C:\Windows\System\hVlFnBO.exe

C:\Windows\System\datOfbY.exe

C:\Windows\System\datOfbY.exe

C:\Windows\System\FnTMJSB.exe

C:\Windows\System\FnTMJSB.exe

C:\Windows\System\ZSxapgk.exe

C:\Windows\System\ZSxapgk.exe

C:\Windows\System\udsEXKR.exe

C:\Windows\System\udsEXKR.exe

C:\Windows\System\LReKfUH.exe

C:\Windows\System\LReKfUH.exe

C:\Windows\System\VDVsqRe.exe

C:\Windows\System\VDVsqRe.exe

C:\Windows\System\WHVQeAD.exe

C:\Windows\System\WHVQeAD.exe

C:\Windows\System\Rdwcqnh.exe

C:\Windows\System\Rdwcqnh.exe

C:\Windows\System\iFBmcCb.exe

C:\Windows\System\iFBmcCb.exe

C:\Windows\System\gkiBjdO.exe

C:\Windows\System\gkiBjdO.exe

C:\Windows\System\dezLwbc.exe

C:\Windows\System\dezLwbc.exe

C:\Windows\System\meFJOdR.exe

C:\Windows\System\meFJOdR.exe

C:\Windows\System\TjYNFox.exe

C:\Windows\System\TjYNFox.exe

C:\Windows\System\KwfUXhv.exe

C:\Windows\System\KwfUXhv.exe

C:\Windows\System\rrXPwru.exe

C:\Windows\System\rrXPwru.exe

C:\Windows\System\VgbDvZJ.exe

C:\Windows\System\VgbDvZJ.exe

C:\Windows\System\tLaSTPn.exe

C:\Windows\System\tLaSTPn.exe

C:\Windows\System\aAdOHYZ.exe

C:\Windows\System\aAdOHYZ.exe

C:\Windows\System\CYHbLWm.exe

C:\Windows\System\CYHbLWm.exe

C:\Windows\System\AtEfUOh.exe

C:\Windows\System\AtEfUOh.exe

C:\Windows\System\FuUiudy.exe

C:\Windows\System\FuUiudy.exe

C:\Windows\System\JiHvhMT.exe

C:\Windows\System\JiHvhMT.exe

C:\Windows\System\XYZuzEA.exe

C:\Windows\System\XYZuzEA.exe

C:\Windows\System\eRdSpBW.exe

C:\Windows\System\eRdSpBW.exe

C:\Windows\System\EdvMqlV.exe

C:\Windows\System\EdvMqlV.exe

C:\Windows\System\bEQHlVb.exe

C:\Windows\System\bEQHlVb.exe

C:\Windows\System\DPWUWbW.exe

C:\Windows\System\DPWUWbW.exe

C:\Windows\System\hlXyROE.exe

C:\Windows\System\hlXyROE.exe

C:\Windows\System\hvRCkkh.exe

C:\Windows\System\hvRCkkh.exe

C:\Windows\System\rupwGpj.exe

C:\Windows\System\rupwGpj.exe

C:\Windows\System\pQUVZcN.exe

C:\Windows\System\pQUVZcN.exe

C:\Windows\System\njGUpeN.exe

C:\Windows\System\njGUpeN.exe

C:\Windows\System\iYtYtSy.exe

C:\Windows\System\iYtYtSy.exe

C:\Windows\System\yBMLyUe.exe

C:\Windows\System\yBMLyUe.exe

C:\Windows\System\SYCpacb.exe

C:\Windows\System\SYCpacb.exe

C:\Windows\System\LcDNane.exe

C:\Windows\System\LcDNane.exe

C:\Windows\System\HBEchcm.exe

C:\Windows\System\HBEchcm.exe

C:\Windows\System\DIxTUoK.exe

C:\Windows\System\DIxTUoK.exe

C:\Windows\System\FjcamFE.exe

C:\Windows\System\FjcamFE.exe

C:\Windows\System\jvhkHuP.exe

C:\Windows\System\jvhkHuP.exe

C:\Windows\System\EHOdztX.exe

C:\Windows\System\EHOdztX.exe

C:\Windows\System\cOwAoNn.exe

C:\Windows\System\cOwAoNn.exe

C:\Windows\System\TjPepuV.exe

C:\Windows\System\TjPepuV.exe

C:\Windows\System\WflvPVI.exe

C:\Windows\System\WflvPVI.exe

C:\Windows\System\dvTpCat.exe

C:\Windows\System\dvTpCat.exe

C:\Windows\System\wFRrJLQ.exe

C:\Windows\System\wFRrJLQ.exe

C:\Windows\System\UvyTrYD.exe

C:\Windows\System\UvyTrYD.exe

C:\Windows\System\SGmHwDD.exe

C:\Windows\System\SGmHwDD.exe

C:\Windows\System\MACUqLS.exe

C:\Windows\System\MACUqLS.exe

C:\Windows\System\NALmIfN.exe

C:\Windows\System\NALmIfN.exe

C:\Windows\System\xnePIYh.exe

C:\Windows\System\xnePIYh.exe

C:\Windows\System\nCLbUWQ.exe

C:\Windows\System\nCLbUWQ.exe

C:\Windows\System\AmkGaWA.exe

C:\Windows\System\AmkGaWA.exe

C:\Windows\System\LxWxvIG.exe

C:\Windows\System\LxWxvIG.exe

C:\Windows\System\XBcRgGT.exe

C:\Windows\System\XBcRgGT.exe

C:\Windows\System\ngnOzLv.exe

C:\Windows\System\ngnOzLv.exe

C:\Windows\System\kHTQpLZ.exe

C:\Windows\System\kHTQpLZ.exe

C:\Windows\System\TQmnpnd.exe

C:\Windows\System\TQmnpnd.exe

C:\Windows\System\hhLcCSA.exe

C:\Windows\System\hhLcCSA.exe

C:\Windows\System\gEQjhGt.exe

C:\Windows\System\gEQjhGt.exe

C:\Windows\System\vZAvBgC.exe

C:\Windows\System\vZAvBgC.exe

C:\Windows\System\SMBdImA.exe

C:\Windows\System\SMBdImA.exe

C:\Windows\System\UFgwWIB.exe

C:\Windows\System\UFgwWIB.exe

C:\Windows\System\ecBtAcp.exe

C:\Windows\System\ecBtAcp.exe

C:\Windows\System\tnSkgBw.exe

C:\Windows\System\tnSkgBw.exe

C:\Windows\System\rsotaQB.exe

C:\Windows\System\rsotaQB.exe

C:\Windows\System\ndcUAqn.exe

C:\Windows\System\ndcUAqn.exe

C:\Windows\System\XBUWmqk.exe

C:\Windows\System\XBUWmqk.exe

C:\Windows\System\oOYUKen.exe

C:\Windows\System\oOYUKen.exe

C:\Windows\System\MlDhQCF.exe

C:\Windows\System\MlDhQCF.exe

C:\Windows\System\gThbYUT.exe

C:\Windows\System\gThbYUT.exe

C:\Windows\System\WaMnena.exe

C:\Windows\System\WaMnena.exe

C:\Windows\System\MYnCOZG.exe

C:\Windows\System\MYnCOZG.exe

C:\Windows\System\FSCKRNy.exe

C:\Windows\System\FSCKRNy.exe

C:\Windows\System\pffxgmq.exe

C:\Windows\System\pffxgmq.exe

C:\Windows\System\QqhlKvD.exe

C:\Windows\System\QqhlKvD.exe

C:\Windows\System\irJfZRN.exe

C:\Windows\System\irJfZRN.exe

C:\Windows\System\FBgqxje.exe

C:\Windows\System\FBgqxje.exe

C:\Windows\System\zmtyTdy.exe

C:\Windows\System\zmtyTdy.exe

C:\Windows\System\qkVRKxh.exe

C:\Windows\System\qkVRKxh.exe

C:\Windows\System\rAraYia.exe

C:\Windows\System\rAraYia.exe

C:\Windows\System\qoSWHNP.exe

C:\Windows\System\qoSWHNP.exe

C:\Windows\System\Vqchxoi.exe

C:\Windows\System\Vqchxoi.exe

C:\Windows\System\UeRrUAg.exe

C:\Windows\System\UeRrUAg.exe

C:\Windows\System\iVdbjsa.exe

C:\Windows\System\iVdbjsa.exe

C:\Windows\System\DazvUTd.exe

C:\Windows\System\DazvUTd.exe

C:\Windows\System\CWgxefW.exe

C:\Windows\System\CWgxefW.exe

C:\Windows\System\VOWyZNi.exe

C:\Windows\System\VOWyZNi.exe

C:\Windows\System\zHwobIa.exe

C:\Windows\System\zHwobIa.exe

C:\Windows\System\apOkAGf.exe

C:\Windows\System\apOkAGf.exe

C:\Windows\System\FARjXra.exe

C:\Windows\System\FARjXra.exe

C:\Windows\System\wxcQAlQ.exe

C:\Windows\System\wxcQAlQ.exe

C:\Windows\System\PybwKeN.exe

C:\Windows\System\PybwKeN.exe

C:\Windows\System\PStbqrr.exe

C:\Windows\System\PStbqrr.exe

C:\Windows\System\vinBlqJ.exe

C:\Windows\System\vinBlqJ.exe

C:\Windows\System\eibpFxP.exe

C:\Windows\System\eibpFxP.exe

C:\Windows\System\vnTbkrB.exe

C:\Windows\System\vnTbkrB.exe

C:\Windows\System\VhDpZWZ.exe

C:\Windows\System\VhDpZWZ.exe

C:\Windows\System\bvntVcX.exe

C:\Windows\System\bvntVcX.exe

C:\Windows\System\iQqmpQK.exe

C:\Windows\System\iQqmpQK.exe

C:\Windows\System\amAkueh.exe

C:\Windows\System\amAkueh.exe

C:\Windows\System\aQYlgEq.exe

C:\Windows\System\aQYlgEq.exe

C:\Windows\System\EihvmxX.exe

C:\Windows\System\EihvmxX.exe

C:\Windows\System\jyRLHQl.exe

C:\Windows\System\jyRLHQl.exe

C:\Windows\System\hOvTBCK.exe

C:\Windows\System\hOvTBCK.exe

C:\Windows\System\QcdYzsk.exe

C:\Windows\System\QcdYzsk.exe

C:\Windows\System\UugNLpB.exe

C:\Windows\System\UugNLpB.exe

C:\Windows\System\hdHoVfU.exe

C:\Windows\System\hdHoVfU.exe

C:\Windows\System\AUVWfiK.exe

C:\Windows\System\AUVWfiK.exe

C:\Windows\System\yndESCD.exe

C:\Windows\System\yndESCD.exe

C:\Windows\System\TjodHAA.exe

C:\Windows\System\TjodHAA.exe

C:\Windows\System\JdZLaXW.exe

C:\Windows\System\JdZLaXW.exe

C:\Windows\System\CDXcxZH.exe

C:\Windows\System\CDXcxZH.exe

C:\Windows\System\uvqQrEq.exe

C:\Windows\System\uvqQrEq.exe

C:\Windows\System\SiCgmkm.exe

C:\Windows\System\SiCgmkm.exe

C:\Windows\System\dDjGkeC.exe

C:\Windows\System\dDjGkeC.exe

C:\Windows\System\XjiBJdn.exe

C:\Windows\System\XjiBJdn.exe

C:\Windows\System\iTamguS.exe

C:\Windows\System\iTamguS.exe

C:\Windows\System\kXGShVx.exe

C:\Windows\System\kXGShVx.exe

C:\Windows\System\FWgqAFs.exe

C:\Windows\System\FWgqAFs.exe

C:\Windows\System\JFinWrW.exe

C:\Windows\System\JFinWrW.exe

C:\Windows\System\CyAkpZa.exe

C:\Windows\System\CyAkpZa.exe

C:\Windows\System\TUkZIli.exe

C:\Windows\System\TUkZIli.exe

C:\Windows\System\ceiVCZz.exe

C:\Windows\System\ceiVCZz.exe

C:\Windows\System\FFOZDzT.exe

C:\Windows\System\FFOZDzT.exe

C:\Windows\System\kwkLEFc.exe

C:\Windows\System\kwkLEFc.exe

C:\Windows\System\OFrAiox.exe

C:\Windows\System\OFrAiox.exe

C:\Windows\System\HlJcGcD.exe

C:\Windows\System\HlJcGcD.exe

C:\Windows\System\qslgImC.exe

C:\Windows\System\qslgImC.exe

C:\Windows\System\wsFMDGi.exe

C:\Windows\System\wsFMDGi.exe

C:\Windows\System\WMpKPsn.exe

C:\Windows\System\WMpKPsn.exe

C:\Windows\System\tROddlY.exe

C:\Windows\System\tROddlY.exe

C:\Windows\System\cTvDREA.exe

C:\Windows\System\cTvDREA.exe

C:\Windows\System\AEnjJdn.exe

C:\Windows\System\AEnjJdn.exe

C:\Windows\System\RWceXkB.exe

C:\Windows\System\RWceXkB.exe

C:\Windows\System\haopHzp.exe

C:\Windows\System\haopHzp.exe

C:\Windows\System\XEbyTbZ.exe

C:\Windows\System\XEbyTbZ.exe

C:\Windows\System\AaPSBJl.exe

C:\Windows\System\AaPSBJl.exe

C:\Windows\System\mZgtIgk.exe

C:\Windows\System\mZgtIgk.exe

C:\Windows\System\beAPVcs.exe

C:\Windows\System\beAPVcs.exe

C:\Windows\System\FtvfuXT.exe

C:\Windows\System\FtvfuXT.exe

C:\Windows\System\xbEqNol.exe

C:\Windows\System\xbEqNol.exe

C:\Windows\System\FrLEDyw.exe

C:\Windows\System\FrLEDyw.exe

C:\Windows\System\aKParGX.exe

C:\Windows\System\aKParGX.exe

C:\Windows\System\BZSzgDh.exe

C:\Windows\System\BZSzgDh.exe

C:\Windows\System\AGzWBHn.exe

C:\Windows\System\AGzWBHn.exe

C:\Windows\System\VZEkXlf.exe

C:\Windows\System\VZEkXlf.exe

C:\Windows\System\YIUNTsK.exe

C:\Windows\System\YIUNTsK.exe

C:\Windows\System\mqxcJTI.exe

C:\Windows\System\mqxcJTI.exe

C:\Windows\System\iLoBDNP.exe

C:\Windows\System\iLoBDNP.exe

C:\Windows\System\FIgQhzL.exe

C:\Windows\System\FIgQhzL.exe

C:\Windows\System\PWjezhp.exe

C:\Windows\System\PWjezhp.exe

C:\Windows\System\CiqpnBK.exe

C:\Windows\System\CiqpnBK.exe

C:\Windows\System\ZcgmZWp.exe

C:\Windows\System\ZcgmZWp.exe

C:\Windows\System\LqLZDCG.exe

C:\Windows\System\LqLZDCG.exe

C:\Windows\System\laGbrbP.exe

C:\Windows\System\laGbrbP.exe

C:\Windows\System\sjuykAP.exe

C:\Windows\System\sjuykAP.exe

C:\Windows\System\PbjbZjj.exe

C:\Windows\System\PbjbZjj.exe

C:\Windows\System\MgOEesy.exe

C:\Windows\System\MgOEesy.exe

C:\Windows\System\MmJfCBP.exe

C:\Windows\System\MmJfCBP.exe

C:\Windows\System\FTXUmXV.exe

C:\Windows\System\FTXUmXV.exe

C:\Windows\System\IAuyZVN.exe

C:\Windows\System\IAuyZVN.exe

C:\Windows\System\dXTzLav.exe

C:\Windows\System\dXTzLav.exe

C:\Windows\System\OpoQrFF.exe

C:\Windows\System\OpoQrFF.exe

C:\Windows\System\slwxooi.exe

C:\Windows\System\slwxooi.exe

C:\Windows\System\vVdkiPG.exe

C:\Windows\System\vVdkiPG.exe

C:\Windows\System\bYbcAJc.exe

C:\Windows\System\bYbcAJc.exe

C:\Windows\System\mbFWszp.exe

C:\Windows\System\mbFWszp.exe

C:\Windows\System\LyGLScS.exe

C:\Windows\System\LyGLScS.exe

C:\Windows\System\DiBtTrw.exe

C:\Windows\System\DiBtTrw.exe

C:\Windows\System\BynCwKp.exe

C:\Windows\System\BynCwKp.exe

C:\Windows\System\sgrbFzz.exe

C:\Windows\System\sgrbFzz.exe

C:\Windows\System\SHzzUmN.exe

C:\Windows\System\SHzzUmN.exe

C:\Windows\System\MxEriEu.exe

C:\Windows\System\MxEriEu.exe

C:\Windows\System\FWHYPsf.exe

C:\Windows\System\FWHYPsf.exe

C:\Windows\System\GqlCJBX.exe

C:\Windows\System\GqlCJBX.exe

C:\Windows\System\tTziCRI.exe

C:\Windows\System\tTziCRI.exe

C:\Windows\System\mxlNEGN.exe

C:\Windows\System\mxlNEGN.exe

C:\Windows\System\QFdenCH.exe

C:\Windows\System\QFdenCH.exe

C:\Windows\System\gJxezgB.exe

C:\Windows\System\gJxezgB.exe

C:\Windows\System\VwFvSFo.exe

C:\Windows\System\VwFvSFo.exe

C:\Windows\System\ePFpVUW.exe

C:\Windows\System\ePFpVUW.exe

C:\Windows\System\hgLzOFc.exe

C:\Windows\System\hgLzOFc.exe

C:\Windows\System\bMFVrhf.exe

C:\Windows\System\bMFVrhf.exe

C:\Windows\System\vUIzily.exe

C:\Windows\System\vUIzily.exe

C:\Windows\System\jDxtvUt.exe

C:\Windows\System\jDxtvUt.exe

C:\Windows\System\qRefWrR.exe

C:\Windows\System\qRefWrR.exe

C:\Windows\System\mBJZHaE.exe

C:\Windows\System\mBJZHaE.exe

C:\Windows\System\xIxXWLx.exe

C:\Windows\System\xIxXWLx.exe

C:\Windows\System\HlliXSY.exe

C:\Windows\System\HlliXSY.exe

C:\Windows\System\TfTrMkM.exe

C:\Windows\System\TfTrMkM.exe

C:\Windows\System\KNRTZQe.exe

C:\Windows\System\KNRTZQe.exe

C:\Windows\System\xCOukSv.exe

C:\Windows\System\xCOukSv.exe

C:\Windows\System\AaqQSVO.exe

C:\Windows\System\AaqQSVO.exe

C:\Windows\System\TYIrhcf.exe

C:\Windows\System\TYIrhcf.exe

C:\Windows\System\QDDGfHj.exe

C:\Windows\System\QDDGfHj.exe

C:\Windows\System\kqhxSWc.exe

C:\Windows\System\kqhxSWc.exe

C:\Windows\System\VwprFDd.exe

C:\Windows\System\VwprFDd.exe

C:\Windows\System\JPkVrlB.exe

C:\Windows\System\JPkVrlB.exe

C:\Windows\System\sZsMAcW.exe

C:\Windows\System\sZsMAcW.exe

C:\Windows\System\oYFBorx.exe

C:\Windows\System\oYFBorx.exe

C:\Windows\System\fEwWVbS.exe

C:\Windows\System\fEwWVbS.exe

C:\Windows\System\VbQrbce.exe

C:\Windows\System\VbQrbce.exe

C:\Windows\System\YTpiTwl.exe

C:\Windows\System\YTpiTwl.exe

C:\Windows\System\qRAQNSQ.exe

C:\Windows\System\qRAQNSQ.exe

C:\Windows\System\HlNABfE.exe

C:\Windows\System\HlNABfE.exe

C:\Windows\System\rYefshI.exe

C:\Windows\System\rYefshI.exe

C:\Windows\System\VXVTkcW.exe

C:\Windows\System\VXVTkcW.exe

C:\Windows\System\BIvmrjV.exe

C:\Windows\System\BIvmrjV.exe

C:\Windows\System\ObYpgNG.exe

C:\Windows\System\ObYpgNG.exe

C:\Windows\System\tspdEww.exe

C:\Windows\System\tspdEww.exe

C:\Windows\System\hrJlCAF.exe

C:\Windows\System\hrJlCAF.exe

C:\Windows\System\udxAsiI.exe

C:\Windows\System\udxAsiI.exe

C:\Windows\System\qFoBpqm.exe

C:\Windows\System\qFoBpqm.exe

C:\Windows\System\HjAqNXt.exe

C:\Windows\System\HjAqNXt.exe

C:\Windows\System\Zwwpunt.exe

C:\Windows\System\Zwwpunt.exe

C:\Windows\System\TljMyUS.exe

C:\Windows\System\TljMyUS.exe

C:\Windows\System\uTVPfou.exe

C:\Windows\System\uTVPfou.exe

C:\Windows\System\vxqcFfG.exe

C:\Windows\System\vxqcFfG.exe

C:\Windows\System\bLvkNYi.exe

C:\Windows\System\bLvkNYi.exe

C:\Windows\System\dgcvMOb.exe

C:\Windows\System\dgcvMOb.exe

C:\Windows\System\xEzdgyT.exe

C:\Windows\System\xEzdgyT.exe

C:\Windows\System\FkKnRGm.exe

C:\Windows\System\FkKnRGm.exe

C:\Windows\System\tCHnASi.exe

C:\Windows\System\tCHnASi.exe

C:\Windows\System\EHOCXeo.exe

C:\Windows\System\EHOCXeo.exe

C:\Windows\System\tORgGUg.exe

C:\Windows\System\tORgGUg.exe

C:\Windows\System\gIhaYDL.exe

C:\Windows\System\gIhaYDL.exe

C:\Windows\System\AbrPYEJ.exe

C:\Windows\System\AbrPYEJ.exe

C:\Windows\System\dYZhoLw.exe

C:\Windows\System\dYZhoLw.exe

C:\Windows\System\VbAZwFr.exe

C:\Windows\System\VbAZwFr.exe

C:\Windows\System\UVYgGzk.exe

C:\Windows\System\UVYgGzk.exe

C:\Windows\System\swhELPj.exe

C:\Windows\System\swhELPj.exe

C:\Windows\System\GnMoumR.exe

C:\Windows\System\GnMoumR.exe

C:\Windows\System\thWgcKC.exe

C:\Windows\System\thWgcKC.exe

C:\Windows\System\IjIMlSN.exe

C:\Windows\System\IjIMlSN.exe

C:\Windows\System\dAhDRCX.exe

C:\Windows\System\dAhDRCX.exe

C:\Windows\System\XtcPHLr.exe

C:\Windows\System\XtcPHLr.exe

C:\Windows\System\UzMoCgV.exe

C:\Windows\System\UzMoCgV.exe

C:\Windows\System\LshKlBI.exe

C:\Windows\System\LshKlBI.exe

C:\Windows\System\TzxdJbS.exe

C:\Windows\System\TzxdJbS.exe

C:\Windows\System\NrBybpu.exe

C:\Windows\System\NrBybpu.exe

C:\Windows\System\RpMaVQK.exe

C:\Windows\System\RpMaVQK.exe

C:\Windows\System\kgpeQPI.exe

C:\Windows\System\kgpeQPI.exe

C:\Windows\System\gQpAhgP.exe

C:\Windows\System\gQpAhgP.exe

C:\Windows\System\JzTJgts.exe

C:\Windows\System\JzTJgts.exe

C:\Windows\System\XeVJwcn.exe

C:\Windows\System\XeVJwcn.exe

C:\Windows\System\kftvhBm.exe

C:\Windows\System\kftvhBm.exe

C:\Windows\System\cLqQWwt.exe

C:\Windows\System\cLqQWwt.exe

C:\Windows\System\SoAUUOr.exe

C:\Windows\System\SoAUUOr.exe

C:\Windows\System\QDnuxEv.exe

C:\Windows\System\QDnuxEv.exe

C:\Windows\System\GOfzmUz.exe

C:\Windows\System\GOfzmUz.exe

C:\Windows\System\ctTXGVO.exe

C:\Windows\System\ctTXGVO.exe

C:\Windows\System\tCswuAK.exe

C:\Windows\System\tCswuAK.exe

C:\Windows\System\oHYfRmo.exe

C:\Windows\System\oHYfRmo.exe

C:\Windows\System\PlGanlV.exe

C:\Windows\System\PlGanlV.exe

C:\Windows\System\ZAJKihH.exe

C:\Windows\System\ZAJKihH.exe

C:\Windows\System\dFuRCMI.exe

C:\Windows\System\dFuRCMI.exe

C:\Windows\System\bfjzRFY.exe

C:\Windows\System\bfjzRFY.exe

C:\Windows\System\gZtBmOT.exe

C:\Windows\System\gZtBmOT.exe

C:\Windows\System\AtpgDjX.exe

C:\Windows\System\AtpgDjX.exe

C:\Windows\System\brondlC.exe

C:\Windows\System\brondlC.exe

C:\Windows\System\HoxlAgs.exe

C:\Windows\System\HoxlAgs.exe

C:\Windows\System\UDATlrD.exe

C:\Windows\System\UDATlrD.exe

C:\Windows\System\JrsObOZ.exe

C:\Windows\System\JrsObOZ.exe

C:\Windows\System\Jtupkho.exe

C:\Windows\System\Jtupkho.exe

C:\Windows\System\pBtGThE.exe

C:\Windows\System\pBtGThE.exe

C:\Windows\System\smTuNvA.exe

C:\Windows\System\smTuNvA.exe

C:\Windows\System\tZhvEqH.exe

C:\Windows\System\tZhvEqH.exe

C:\Windows\System\zdisQle.exe

C:\Windows\System\zdisQle.exe

C:\Windows\System\RghzoMn.exe

C:\Windows\System\RghzoMn.exe

C:\Windows\System\wrEASsO.exe

C:\Windows\System\wrEASsO.exe

C:\Windows\System\TivHDKI.exe

C:\Windows\System\TivHDKI.exe

C:\Windows\System\qKmueCQ.exe

C:\Windows\System\qKmueCQ.exe

C:\Windows\System\LDdUvUK.exe

C:\Windows\System\LDdUvUK.exe

C:\Windows\System\fYdgfzd.exe

C:\Windows\System\fYdgfzd.exe

C:\Windows\System\ESgOvOw.exe

C:\Windows\System\ESgOvOw.exe

C:\Windows\System\AIWnhnL.exe

C:\Windows\System\AIWnhnL.exe

C:\Windows\System\XzuqaxI.exe

C:\Windows\System\XzuqaxI.exe

C:\Windows\System\YWbAzcS.exe

C:\Windows\System\YWbAzcS.exe

C:\Windows\System\hNBfXtb.exe

C:\Windows\System\hNBfXtb.exe

C:\Windows\System\oxmkVPb.exe

C:\Windows\System\oxmkVPb.exe

C:\Windows\System\TQTzFOk.exe

C:\Windows\System\TQTzFOk.exe

C:\Windows\System\UQgMrCq.exe

C:\Windows\System\UQgMrCq.exe

C:\Windows\System\NBlqyna.exe

C:\Windows\System\NBlqyna.exe

C:\Windows\System\MzDEhJx.exe

C:\Windows\System\MzDEhJx.exe

C:\Windows\System\cOxNWbM.exe

C:\Windows\System\cOxNWbM.exe

C:\Windows\System\EaNCYdw.exe

C:\Windows\System\EaNCYdw.exe

C:\Windows\System\VcNMjTy.exe

C:\Windows\System\VcNMjTy.exe

C:\Windows\System\YYaqnXL.exe

C:\Windows\System\YYaqnXL.exe

C:\Windows\System\qOEwsYd.exe

C:\Windows\System\qOEwsYd.exe

C:\Windows\System\MpqfVjT.exe

C:\Windows\System\MpqfVjT.exe

C:\Windows\System\rBBxAxl.exe

C:\Windows\System\rBBxAxl.exe

C:\Windows\System\dlhMtee.exe

C:\Windows\System\dlhMtee.exe

C:\Windows\System\zFOstVj.exe

C:\Windows\System\zFOstVj.exe

C:\Windows\System\tICMSFh.exe

C:\Windows\System\tICMSFh.exe

C:\Windows\System\KuJJeLf.exe

C:\Windows\System\KuJJeLf.exe

C:\Windows\System\WEDnhmR.exe

C:\Windows\System\WEDnhmR.exe

C:\Windows\System\iovgOGm.exe

C:\Windows\System\iovgOGm.exe

C:\Windows\System\cdnMdoV.exe

C:\Windows\System\cdnMdoV.exe

C:\Windows\System\UMNFcES.exe

C:\Windows\System\UMNFcES.exe

C:\Windows\System\XlavrkO.exe

C:\Windows\System\XlavrkO.exe

C:\Windows\System\pWfmojV.exe

C:\Windows\System\pWfmojV.exe

C:\Windows\System\vsQDvev.exe

C:\Windows\System\vsQDvev.exe

C:\Windows\System\jdNruZL.exe

C:\Windows\System\jdNruZL.exe

C:\Windows\System\rhNfjDX.exe

C:\Windows\System\rhNfjDX.exe

C:\Windows\System\oogvrPB.exe

C:\Windows\System\oogvrPB.exe

C:\Windows\System\QZYTHnN.exe

C:\Windows\System\QZYTHnN.exe

C:\Windows\System\hcPIKLW.exe

C:\Windows\System\hcPIKLW.exe

C:\Windows\System\ZkOzfJu.exe

C:\Windows\System\ZkOzfJu.exe

C:\Windows\System\RfMrriD.exe

C:\Windows\System\RfMrriD.exe

C:\Windows\System\XdfjWXy.exe

C:\Windows\System\XdfjWXy.exe

C:\Windows\System\QesDHFI.exe

C:\Windows\System\QesDHFI.exe

C:\Windows\System\CxKXSWj.exe

C:\Windows\System\CxKXSWj.exe

C:\Windows\System\cJpuYxC.exe

C:\Windows\System\cJpuYxC.exe

C:\Windows\System\bLuoyTN.exe

C:\Windows\System\bLuoyTN.exe

C:\Windows\System\fVXmBAX.exe

C:\Windows\System\fVXmBAX.exe

C:\Windows\System\MOfgUCO.exe

C:\Windows\System\MOfgUCO.exe

C:\Windows\System\FxaJWBx.exe

C:\Windows\System\FxaJWBx.exe

C:\Windows\System\iVeMjbk.exe

C:\Windows\System\iVeMjbk.exe

C:\Windows\System\iOZwnbT.exe

C:\Windows\System\iOZwnbT.exe

C:\Windows\System\Jsclkkx.exe

C:\Windows\System\Jsclkkx.exe

C:\Windows\System\RTIxilM.exe

C:\Windows\System\RTIxilM.exe

C:\Windows\System\TDQZSnD.exe

C:\Windows\System\TDQZSnD.exe

C:\Windows\System\JHiBHeX.exe

C:\Windows\System\JHiBHeX.exe

C:\Windows\System\kgmAopG.exe

C:\Windows\System\kgmAopG.exe

C:\Windows\System\OAbxvzm.exe

C:\Windows\System\OAbxvzm.exe

C:\Windows\System\DewEPJE.exe

C:\Windows\System\DewEPJE.exe

C:\Windows\System\yrBPrZy.exe

C:\Windows\System\yrBPrZy.exe

C:\Windows\System\IfYaunA.exe

C:\Windows\System\IfYaunA.exe

C:\Windows\System\SBaNNfx.exe

C:\Windows\System\SBaNNfx.exe

C:\Windows\System\BGvXXNH.exe

C:\Windows\System\BGvXXNH.exe

C:\Windows\System\gTCihbs.exe

C:\Windows\System\gTCihbs.exe

C:\Windows\System\XiYrlcn.exe

C:\Windows\System\XiYrlcn.exe

C:\Windows\System\pXbsOJC.exe

C:\Windows\System\pXbsOJC.exe

C:\Windows\System\oEXGhQz.exe

C:\Windows\System\oEXGhQz.exe

C:\Windows\System\NsZYXZF.exe

C:\Windows\System\NsZYXZF.exe

C:\Windows\System\QuLIrDP.exe

C:\Windows\System\QuLIrDP.exe

C:\Windows\System\rVHqZXE.exe

C:\Windows\System\rVHqZXE.exe

C:\Windows\System\elSkKLi.exe

C:\Windows\System\elSkKLi.exe

C:\Windows\System\XxGQoSH.exe

C:\Windows\System\XxGQoSH.exe

C:\Windows\System\CofvqME.exe

C:\Windows\System\CofvqME.exe

C:\Windows\System\yyBhaTf.exe

C:\Windows\System\yyBhaTf.exe

C:\Windows\System\UHTyilx.exe

C:\Windows\System\UHTyilx.exe

C:\Windows\System\FxKaQbo.exe

C:\Windows\System\FxKaQbo.exe

C:\Windows\System\DuoeKDU.exe

C:\Windows\System\DuoeKDU.exe

C:\Windows\System\uzVbhdA.exe

C:\Windows\System\uzVbhdA.exe

C:\Windows\System\JIACINz.exe

C:\Windows\System\JIACINz.exe

C:\Windows\System\FYmynIK.exe

C:\Windows\System\FYmynIK.exe

C:\Windows\System\HwWlfpR.exe

C:\Windows\System\HwWlfpR.exe

C:\Windows\System\YluyTfU.exe

C:\Windows\System\YluyTfU.exe

C:\Windows\System\rQREshU.exe

C:\Windows\System\rQREshU.exe

C:\Windows\System\gBbUbhF.exe

C:\Windows\System\gBbUbhF.exe

C:\Windows\System\VNJXivH.exe

C:\Windows\System\VNJXivH.exe

C:\Windows\System\CifdrQQ.exe

C:\Windows\System\CifdrQQ.exe

C:\Windows\System\pWcaZyn.exe

C:\Windows\System\pWcaZyn.exe

C:\Windows\System\XcJEodp.exe

C:\Windows\System\XcJEodp.exe

C:\Windows\System\oUuDCul.exe

C:\Windows\System\oUuDCul.exe

C:\Windows\System\TQZUlbg.exe

C:\Windows\System\TQZUlbg.exe

C:\Windows\System\VuYAnUY.exe

C:\Windows\System\VuYAnUY.exe

C:\Windows\System\iYiDbAh.exe

C:\Windows\System\iYiDbAh.exe

C:\Windows\System\zGZvjgJ.exe

C:\Windows\System\zGZvjgJ.exe

C:\Windows\System\TlVnBvQ.exe

C:\Windows\System\TlVnBvQ.exe

C:\Windows\System\qDpCPdW.exe

C:\Windows\System\qDpCPdW.exe

C:\Windows\System\bcXVmka.exe

C:\Windows\System\bcXVmka.exe

C:\Windows\System\DQYWteM.exe

C:\Windows\System\DQYWteM.exe

C:\Windows\System\wCUJiJY.exe

C:\Windows\System\wCUJiJY.exe

C:\Windows\System\ezSwLEZ.exe

C:\Windows\System\ezSwLEZ.exe

C:\Windows\System\WDNhJkS.exe

C:\Windows\System\WDNhJkS.exe

C:\Windows\System\OWfemgB.exe

C:\Windows\System\OWfemgB.exe

C:\Windows\System\VaHznXL.exe

C:\Windows\System\VaHznXL.exe

C:\Windows\System\yBlCpBa.exe

C:\Windows\System\yBlCpBa.exe

C:\Windows\System\rQYqiZN.exe

C:\Windows\System\rQYqiZN.exe

C:\Windows\System\gMtQviJ.exe

C:\Windows\System\gMtQviJ.exe

C:\Windows\System\cIhXRoY.exe

C:\Windows\System\cIhXRoY.exe

C:\Windows\System\clRafgM.exe

C:\Windows\System\clRafgM.exe

C:\Windows\System\zLdVlZq.exe

C:\Windows\System\zLdVlZq.exe

C:\Windows\System\AeeQIQo.exe

C:\Windows\System\AeeQIQo.exe

C:\Windows\System\kSUWtaT.exe

C:\Windows\System\kSUWtaT.exe

C:\Windows\System\qKenggo.exe

C:\Windows\System\qKenggo.exe

C:\Windows\System\gqEDjIR.exe

C:\Windows\System\gqEDjIR.exe

C:\Windows\System\fJKFKob.exe

C:\Windows\System\fJKFKob.exe

C:\Windows\System\oolljux.exe

C:\Windows\System\oolljux.exe

C:\Windows\System\UHOqUdt.exe

C:\Windows\System\UHOqUdt.exe

C:\Windows\System\DGdGGth.exe

C:\Windows\System\DGdGGth.exe

C:\Windows\System\rAvAlwX.exe

C:\Windows\System\rAvAlwX.exe

C:\Windows\System\vqufAGu.exe

C:\Windows\System\vqufAGu.exe

C:\Windows\System\fhJGpDb.exe

C:\Windows\System\fhJGpDb.exe

C:\Windows\System\jyZTiHb.exe

C:\Windows\System\jyZTiHb.exe

C:\Windows\System\VXZRIGJ.exe

C:\Windows\System\VXZRIGJ.exe

C:\Windows\System\iGseUJp.exe

C:\Windows\System\iGseUJp.exe

C:\Windows\System\AfISzQS.exe

C:\Windows\System\AfISzQS.exe

C:\Windows\System\elREAAV.exe

C:\Windows\System\elREAAV.exe

C:\Windows\System\vJxlYGg.exe

C:\Windows\System\vJxlYGg.exe

C:\Windows\System\uozgpOs.exe

C:\Windows\System\uozgpOs.exe

C:\Windows\System\vTdVLpV.exe

C:\Windows\System\vTdVLpV.exe

C:\Windows\System\oCdyhTG.exe

C:\Windows\System\oCdyhTG.exe

C:\Windows\System\uPeLvIB.exe

C:\Windows\System\uPeLvIB.exe

C:\Windows\System\CrDWnEe.exe

C:\Windows\System\CrDWnEe.exe

C:\Windows\System\DJerqsF.exe

C:\Windows\System\DJerqsF.exe

C:\Windows\System\aFbvsEL.exe

C:\Windows\System\aFbvsEL.exe

C:\Windows\System\rKeYwDn.exe

C:\Windows\System\rKeYwDn.exe

C:\Windows\System\OGgEzrp.exe

C:\Windows\System\OGgEzrp.exe

C:\Windows\System\iiaWcLD.exe

C:\Windows\System\iiaWcLD.exe

C:\Windows\System\syZwgFq.exe

C:\Windows\System\syZwgFq.exe

C:\Windows\System\ucICtlO.exe

C:\Windows\System\ucICtlO.exe

C:\Windows\System\GJzJWwe.exe

C:\Windows\System\GJzJWwe.exe

C:\Windows\System\jbTLNcS.exe

C:\Windows\System\jbTLNcS.exe

C:\Windows\System\QnMYKvj.exe

C:\Windows\System\QnMYKvj.exe

C:\Windows\System\ngjWXjZ.exe

C:\Windows\System\ngjWXjZ.exe

C:\Windows\System\pVEzaMb.exe

C:\Windows\System\pVEzaMb.exe

C:\Windows\System\QEaKNCb.exe

C:\Windows\System\QEaKNCb.exe

C:\Windows\System\vXBISYV.exe

C:\Windows\System\vXBISYV.exe

C:\Windows\System\YotdShD.exe

C:\Windows\System\YotdShD.exe

C:\Windows\System\dMEVTys.exe

C:\Windows\System\dMEVTys.exe

C:\Windows\System\lUpmGqS.exe

C:\Windows\System\lUpmGqS.exe

C:\Windows\System\LAdYAIe.exe

C:\Windows\System\LAdYAIe.exe

C:\Windows\System\TciuwyW.exe

C:\Windows\System\TciuwyW.exe

C:\Windows\System\hPHhwxJ.exe

C:\Windows\System\hPHhwxJ.exe

C:\Windows\System\glsSrvH.exe

C:\Windows\System\glsSrvH.exe

C:\Windows\System\oXnZGYZ.exe

C:\Windows\System\oXnZGYZ.exe

C:\Windows\System\PCvKJfq.exe

C:\Windows\System\PCvKJfq.exe

C:\Windows\System\kEHiYQd.exe

C:\Windows\System\kEHiYQd.exe

C:\Windows\System\EqCrZfC.exe

C:\Windows\System\EqCrZfC.exe

C:\Windows\System\KEmUAZp.exe

C:\Windows\System\KEmUAZp.exe

C:\Windows\System\tNZdlRt.exe

C:\Windows\System\tNZdlRt.exe

C:\Windows\System\WhmyNhA.exe

C:\Windows\System\WhmyNhA.exe

C:\Windows\System\YNwltFC.exe

C:\Windows\System\YNwltFC.exe

C:\Windows\System\LmAqQDW.exe

C:\Windows\System\LmAqQDW.exe

C:\Windows\System\xeiJnUw.exe

C:\Windows\System\xeiJnUw.exe

C:\Windows\System\zPbublw.exe

C:\Windows\System\zPbublw.exe

C:\Windows\System\FVdhwPt.exe

C:\Windows\System\FVdhwPt.exe

C:\Windows\System\AjiPJUX.exe

C:\Windows\System\AjiPJUX.exe

C:\Windows\System\dtQqknm.exe

C:\Windows\System\dtQqknm.exe

C:\Windows\System\CCujkPG.exe

C:\Windows\System\CCujkPG.exe

C:\Windows\System\wTILrFz.exe

C:\Windows\System\wTILrFz.exe

C:\Windows\System\ScyNBeE.exe

C:\Windows\System\ScyNBeE.exe

C:\Windows\System\PLfVkUr.exe

C:\Windows\System\PLfVkUr.exe

C:\Windows\System\kKMstYt.exe

C:\Windows\System\kKMstYt.exe

C:\Windows\System\lwThZDo.exe

C:\Windows\System\lwThZDo.exe

C:\Windows\System\KyHXMLG.exe

C:\Windows\System\KyHXMLG.exe

C:\Windows\System\WQtDIZp.exe

C:\Windows\System\WQtDIZp.exe

C:\Windows\System\mdWOann.exe

C:\Windows\System\mdWOann.exe

C:\Windows\System\FAZXadC.exe

C:\Windows\System\FAZXadC.exe

C:\Windows\System\yvAVQcf.exe

C:\Windows\System\yvAVQcf.exe

C:\Windows\System\ASpRGqi.exe

C:\Windows\System\ASpRGqi.exe

C:\Windows\System\HsTPOCa.exe

C:\Windows\System\HsTPOCa.exe

C:\Windows\System\KwWIeMg.exe

C:\Windows\System\KwWIeMg.exe

C:\Windows\System\PlFkiEI.exe

C:\Windows\System\PlFkiEI.exe

C:\Windows\System\eBVLkOZ.exe

C:\Windows\System\eBVLkOZ.exe

C:\Windows\System\DnblbPO.exe

C:\Windows\System\DnblbPO.exe

C:\Windows\System\EPhBYdD.exe

C:\Windows\System\EPhBYdD.exe

C:\Windows\System\bmCykAP.exe

C:\Windows\System\bmCykAP.exe

C:\Windows\System\ZoIuOHJ.exe

C:\Windows\System\ZoIuOHJ.exe

C:\Windows\System\EECIteI.exe

C:\Windows\System\EECIteI.exe

C:\Windows\System\VjoLvEn.exe

C:\Windows\System\VjoLvEn.exe

C:\Windows\System\xbqlHIW.exe

C:\Windows\System\xbqlHIW.exe

C:\Windows\System\EkwetBg.exe

C:\Windows\System\EkwetBg.exe

C:\Windows\System\JlATuiR.exe

C:\Windows\System\JlATuiR.exe

C:\Windows\System\tYyBPQo.exe

C:\Windows\System\tYyBPQo.exe

C:\Windows\System\VaDcDZQ.exe

C:\Windows\System\VaDcDZQ.exe

C:\Windows\System\AihhZRq.exe

C:\Windows\System\AihhZRq.exe

C:\Windows\System\AgNOcah.exe

C:\Windows\System\AgNOcah.exe

C:\Windows\System\pDFLbty.exe

C:\Windows\System\pDFLbty.exe

C:\Windows\System\lNJHuEv.exe

C:\Windows\System\lNJHuEv.exe

C:\Windows\System\krgNbmf.exe

C:\Windows\System\krgNbmf.exe

C:\Windows\System\dSmCaUn.exe

C:\Windows\System\dSmCaUn.exe

C:\Windows\System\nUopelN.exe

C:\Windows\System\nUopelN.exe

C:\Windows\System\mXvSzfh.exe

C:\Windows\System\mXvSzfh.exe

C:\Windows\System\aekANff.exe

C:\Windows\System\aekANff.exe

C:\Windows\System\GacfEvE.exe

C:\Windows\System\GacfEvE.exe

C:\Windows\System\uVIsWWh.exe

C:\Windows\System\uVIsWWh.exe

C:\Windows\System\JgFKWDI.exe

C:\Windows\System\JgFKWDI.exe

C:\Windows\System\ZWEbGNC.exe

C:\Windows\System\ZWEbGNC.exe

C:\Windows\System\LyiHBcU.exe

C:\Windows\System\LyiHBcU.exe

C:\Windows\System\gmyzQps.exe

C:\Windows\System\gmyzQps.exe

C:\Windows\System\VDarRPJ.exe

C:\Windows\System\VDarRPJ.exe

C:\Windows\System\JHNFeXg.exe

C:\Windows\System\JHNFeXg.exe

C:\Windows\System\fcNeWnJ.exe

C:\Windows\System\fcNeWnJ.exe

C:\Windows\System\WiVklLW.exe

C:\Windows\System\WiVklLW.exe

C:\Windows\System\kOATDzB.exe

C:\Windows\System\kOATDzB.exe

C:\Windows\System\nrpbybC.exe

C:\Windows\System\nrpbybC.exe

C:\Windows\System\bPzUFjo.exe

C:\Windows\System\bPzUFjo.exe

C:\Windows\System\TwDoVyM.exe

C:\Windows\System\TwDoVyM.exe

C:\Windows\System\ybTrsKJ.exe

C:\Windows\System\ybTrsKJ.exe

C:\Windows\System\cjIdFQt.exe

C:\Windows\System\cjIdFQt.exe

C:\Windows\System\CQTRCkO.exe

C:\Windows\System\CQTRCkO.exe

C:\Windows\System\GxhRUzm.exe

C:\Windows\System\GxhRUzm.exe

C:\Windows\System\YOzQTng.exe

C:\Windows\System\YOzQTng.exe

C:\Windows\System\pMXNRtF.exe

C:\Windows\System\pMXNRtF.exe

C:\Windows\System\RrbwzbG.exe

C:\Windows\System\RrbwzbG.exe

C:\Windows\System\npKFWHD.exe

C:\Windows\System\npKFWHD.exe

C:\Windows\System\pIyQkIi.exe

C:\Windows\System\pIyQkIi.exe

C:\Windows\System\rfNkuza.exe

C:\Windows\System\rfNkuza.exe

C:\Windows\System\AkxxGID.exe

C:\Windows\System\AkxxGID.exe

C:\Windows\System\vpEuyme.exe

C:\Windows\System\vpEuyme.exe

C:\Windows\System\VCaUhAn.exe

C:\Windows\System\VCaUhAn.exe

C:\Windows\System\OkOURdY.exe

C:\Windows\System\OkOURdY.exe

C:\Windows\System\eZmGCkw.exe

C:\Windows\System\eZmGCkw.exe

C:\Windows\System\wdlhkJd.exe

C:\Windows\System\wdlhkJd.exe

C:\Windows\System\zuHVUNc.exe

C:\Windows\System\zuHVUNc.exe

C:\Windows\System\IVntPXj.exe

C:\Windows\System\IVntPXj.exe

C:\Windows\System\xYSLdal.exe

C:\Windows\System\xYSLdal.exe

C:\Windows\System\tqNQBma.exe

C:\Windows\System\tqNQBma.exe

C:\Windows\System\HxUEEZI.exe

C:\Windows\System\HxUEEZI.exe

C:\Windows\System\CGlnrkq.exe

C:\Windows\System\CGlnrkq.exe

C:\Windows\System\kbwBhSN.exe

C:\Windows\System\kbwBhSN.exe

C:\Windows\System\iEyqvkR.exe

C:\Windows\System\iEyqvkR.exe

C:\Windows\System\UujJMut.exe

C:\Windows\System\UujJMut.exe

C:\Windows\System\NWogGGo.exe

C:\Windows\System\NWogGGo.exe

C:\Windows\System\kcTqtFW.exe

C:\Windows\System\kcTqtFW.exe

C:\Windows\System\eEStqrJ.exe

C:\Windows\System\eEStqrJ.exe

C:\Windows\System\eOudXwO.exe

C:\Windows\System\eOudXwO.exe

C:\Windows\System\WadFXSC.exe

C:\Windows\System\WadFXSC.exe

C:\Windows\System\riBHDBU.exe

C:\Windows\System\riBHDBU.exe

C:\Windows\System\mDWqVSg.exe

C:\Windows\System\mDWqVSg.exe

C:\Windows\System\QTVDCmL.exe

C:\Windows\System\QTVDCmL.exe

C:\Windows\System\QATuEob.exe

C:\Windows\System\QATuEob.exe

C:\Windows\System\nGPUoxD.exe

C:\Windows\System\nGPUoxD.exe

C:\Windows\System\kVUrVcK.exe

C:\Windows\System\kVUrVcK.exe

C:\Windows\System\nXSFuAS.exe

C:\Windows\System\nXSFuAS.exe

C:\Windows\System\ewBFtKU.exe

C:\Windows\System\ewBFtKU.exe

C:\Windows\System\jQOBwTJ.exe

C:\Windows\System\jQOBwTJ.exe

C:\Windows\System\thYnduH.exe

C:\Windows\System\thYnduH.exe

C:\Windows\System\LeGfJuW.exe

C:\Windows\System\LeGfJuW.exe

C:\Windows\System\SIPMpPB.exe

C:\Windows\System\SIPMpPB.exe

C:\Windows\System\DSFAjml.exe

C:\Windows\System\DSFAjml.exe

C:\Windows\System\WdkgyCB.exe

C:\Windows\System\WdkgyCB.exe

C:\Windows\System\AvgeCRG.exe

C:\Windows\System\AvgeCRG.exe

C:\Windows\System\tsbwqHX.exe

C:\Windows\System\tsbwqHX.exe

C:\Windows\System\SsoQeFk.exe

C:\Windows\System\SsoQeFk.exe

C:\Windows\System\CyVGWFO.exe

C:\Windows\System\CyVGWFO.exe

C:\Windows\System\xUyupjI.exe

C:\Windows\System\xUyupjI.exe

C:\Windows\System\JnyLqGy.exe

C:\Windows\System\JnyLqGy.exe

C:\Windows\System\YOqTGhr.exe

C:\Windows\System\YOqTGhr.exe

C:\Windows\System\LbIoMSH.exe

C:\Windows\System\LbIoMSH.exe

C:\Windows\System\yADbnrT.exe

C:\Windows\System\yADbnrT.exe

C:\Windows\System\fYQCtaH.exe

C:\Windows\System\fYQCtaH.exe

C:\Windows\System\sNtyQIG.exe

C:\Windows\System\sNtyQIG.exe

C:\Windows\System\arsSWwx.exe

C:\Windows\System\arsSWwx.exe

C:\Windows\System\EDdsCNN.exe

C:\Windows\System\EDdsCNN.exe

C:\Windows\System\hEQkLQa.exe

C:\Windows\System\hEQkLQa.exe

C:\Windows\System\exUogLa.exe

C:\Windows\System\exUogLa.exe

C:\Windows\System\qPRhBQY.exe

C:\Windows\System\qPRhBQY.exe

C:\Windows\System\dLKKKPe.exe

C:\Windows\System\dLKKKPe.exe

C:\Windows\System\ICiRivm.exe

C:\Windows\System\ICiRivm.exe

C:\Windows\System\giSoEOF.exe

C:\Windows\System\giSoEOF.exe

C:\Windows\System\YjwoGtI.exe

C:\Windows\System\YjwoGtI.exe

C:\Windows\System\tANDNGu.exe

C:\Windows\System\tANDNGu.exe

C:\Windows\System\JXlHKOT.exe

C:\Windows\System\JXlHKOT.exe

C:\Windows\System\dlsOQXL.exe

C:\Windows\System\dlsOQXL.exe

C:\Windows\System\DTPANPI.exe

C:\Windows\System\DTPANPI.exe

C:\Windows\System\ScAcjKs.exe

C:\Windows\System\ScAcjKs.exe

C:\Windows\System\JUvKFgl.exe

C:\Windows\System\JUvKFgl.exe

C:\Windows\System\jUZuZVm.exe

C:\Windows\System\jUZuZVm.exe

C:\Windows\System\AxBArgA.exe

C:\Windows\System\AxBArgA.exe

C:\Windows\System\vGvhvJS.exe

C:\Windows\System\vGvhvJS.exe

C:\Windows\System\ESHuTrC.exe

C:\Windows\System\ESHuTrC.exe

C:\Windows\System\tikmJuL.exe

C:\Windows\System\tikmJuL.exe

C:\Windows\System\YAPSWme.exe

C:\Windows\System\YAPSWme.exe

C:\Windows\System\qLXVLhc.exe

C:\Windows\System\qLXVLhc.exe

C:\Windows\System\MPfURpC.exe

C:\Windows\System\MPfURpC.exe

C:\Windows\System\preCBGU.exe

C:\Windows\System\preCBGU.exe

C:\Windows\System\tcwZUTK.exe

C:\Windows\System\tcwZUTK.exe

C:\Windows\System\YXtIZrb.exe

C:\Windows\System\YXtIZrb.exe

C:\Windows\System\oRydiqh.exe

C:\Windows\System\oRydiqh.exe

C:\Windows\System\wblPdfi.exe

C:\Windows\System\wblPdfi.exe

C:\Windows\System\QTEOFOX.exe

C:\Windows\System\QTEOFOX.exe

C:\Windows\System\USOpVEs.exe

C:\Windows\System\USOpVEs.exe

C:\Windows\System\DlUEWWD.exe

C:\Windows\System\DlUEWWD.exe

C:\Windows\System\ckbwRkV.exe

C:\Windows\System\ckbwRkV.exe

C:\Windows\System\cwOCDVo.exe

C:\Windows\System\cwOCDVo.exe

C:\Windows\System\EUbTXTn.exe

C:\Windows\System\EUbTXTn.exe

C:\Windows\System\cxgMcKj.exe

C:\Windows\System\cxgMcKj.exe

C:\Windows\System\atQzbCX.exe

C:\Windows\System\atQzbCX.exe

C:\Windows\System\uzufiPQ.exe

C:\Windows\System\uzufiPQ.exe

C:\Windows\System\ASiaBgq.exe

C:\Windows\System\ASiaBgq.exe

C:\Windows\System\PkngGSs.exe

C:\Windows\System\PkngGSs.exe

C:\Windows\System\eYncIwo.exe

C:\Windows\System\eYncIwo.exe

C:\Windows\System\NiScGKF.exe

C:\Windows\System\NiScGKF.exe

C:\Windows\System\qgbqKUc.exe

C:\Windows\System\qgbqKUc.exe

C:\Windows\System\fLGOsPM.exe

C:\Windows\System\fLGOsPM.exe

C:\Windows\System\WBWubfS.exe

C:\Windows\System\WBWubfS.exe

C:\Windows\System\jKljEdz.exe

C:\Windows\System\jKljEdz.exe

C:\Windows\System\RJPlGtr.exe

C:\Windows\System\RJPlGtr.exe

C:\Windows\System\VccJgyo.exe

C:\Windows\System\VccJgyo.exe

C:\Windows\System\cbHrHAe.exe

C:\Windows\System\cbHrHAe.exe

C:\Windows\System\unZijOK.exe

C:\Windows\System\unZijOK.exe

C:\Windows\System\ezMtedg.exe

C:\Windows\System\ezMtedg.exe

C:\Windows\System\GolujVK.exe

C:\Windows\System\GolujVK.exe

C:\Windows\System\jgIDSph.exe

C:\Windows\System\jgIDSph.exe

C:\Windows\System\nBXgORa.exe

C:\Windows\System\nBXgORa.exe

C:\Windows\System\unmdaGq.exe

C:\Windows\System\unmdaGq.exe

C:\Windows\System\reFJAfK.exe

C:\Windows\System\reFJAfK.exe

C:\Windows\System\TNxJYfD.exe

C:\Windows\System\TNxJYfD.exe

C:\Windows\System\ZKnFFJU.exe

C:\Windows\System\ZKnFFJU.exe

C:\Windows\System\tXYDSWs.exe

C:\Windows\System\tXYDSWs.exe

C:\Windows\System\jiLEsez.exe

C:\Windows\System\jiLEsez.exe

C:\Windows\System\LseUKhv.exe

C:\Windows\System\LseUKhv.exe

C:\Windows\System\sqENvei.exe

C:\Windows\System\sqENvei.exe

C:\Windows\System\KyJIMYU.exe

C:\Windows\System\KyJIMYU.exe

C:\Windows\System\WkGmbZA.exe

C:\Windows\System\WkGmbZA.exe

C:\Windows\System\sXbcUqn.exe

C:\Windows\System\sXbcUqn.exe

C:\Windows\System\MewPogq.exe

C:\Windows\System\MewPogq.exe

C:\Windows\System\pMLbrhW.exe

C:\Windows\System\pMLbrhW.exe

C:\Windows\System\RInXiKv.exe

C:\Windows\System\RInXiKv.exe

C:\Windows\System\HeJfRWD.exe

C:\Windows\System\HeJfRWD.exe

C:\Windows\System\ZvxyOzt.exe

C:\Windows\System\ZvxyOzt.exe

C:\Windows\System\MydVzjh.exe

C:\Windows\System\MydVzjh.exe

C:\Windows\System\ZKpZOyO.exe

C:\Windows\System\ZKpZOyO.exe

C:\Windows\System\UEqfcpp.exe

C:\Windows\System\UEqfcpp.exe

C:\Windows\System\SQaxzeF.exe

C:\Windows\System\SQaxzeF.exe

C:\Windows\System\VixMBYu.exe

C:\Windows\System\VixMBYu.exe

C:\Windows\System\hxvhRJj.exe

C:\Windows\System\hxvhRJj.exe

C:\Windows\System\uroxIEs.exe

C:\Windows\System\uroxIEs.exe

C:\Windows\System\MviGqZo.exe

C:\Windows\System\MviGqZo.exe

C:\Windows\System\zLFYkVH.exe

C:\Windows\System\zLFYkVH.exe

C:\Windows\System\fENNQZF.exe

C:\Windows\System\fENNQZF.exe

C:\Windows\System\YEuohBd.exe

C:\Windows\System\YEuohBd.exe

C:\Windows\System\RZDMGXd.exe

C:\Windows\System\RZDMGXd.exe

C:\Windows\System\rlqnSny.exe

C:\Windows\System\rlqnSny.exe

C:\Windows\System\wbaEdcU.exe

C:\Windows\System\wbaEdcU.exe

C:\Windows\System\oIVEsST.exe

C:\Windows\System\oIVEsST.exe

C:\Windows\System\cFHWyak.exe

C:\Windows\System\cFHWyak.exe

C:\Windows\System\xDPZOPk.exe

C:\Windows\System\xDPZOPk.exe

C:\Windows\System\jwmxZos.exe

C:\Windows\System\jwmxZos.exe

C:\Windows\System\XDqIlIi.exe

C:\Windows\System\XDqIlIi.exe

C:\Windows\System\LvRiPLM.exe

C:\Windows\System\LvRiPLM.exe

C:\Windows\System\buGvCPe.exe

C:\Windows\System\buGvCPe.exe

C:\Windows\System\ckRtraF.exe

C:\Windows\System\ckRtraF.exe

C:\Windows\System\HviJvzI.exe

C:\Windows\System\HviJvzI.exe

C:\Windows\System\WmGQXCF.exe

C:\Windows\System\WmGQXCF.exe

C:\Windows\System\XxMSMvS.exe

C:\Windows\System\XxMSMvS.exe

C:\Windows\System\lAdoDTZ.exe

C:\Windows\System\lAdoDTZ.exe

C:\Windows\System\kHtLawH.exe

C:\Windows\System\kHtLawH.exe

C:\Windows\System\nxTfKpr.exe

C:\Windows\System\nxTfKpr.exe

C:\Windows\System\NIhmCWJ.exe

C:\Windows\System\NIhmCWJ.exe

C:\Windows\System\jOLWbmB.exe

C:\Windows\System\jOLWbmB.exe

C:\Windows\System\tzIpjWE.exe

C:\Windows\System\tzIpjWE.exe

C:\Windows\System\tEOnggC.exe

C:\Windows\System\tEOnggC.exe

C:\Windows\System\WszWMZB.exe

C:\Windows\System\WszWMZB.exe

C:\Windows\System\maMNPfe.exe

C:\Windows\System\maMNPfe.exe

C:\Windows\System\HVJcbbX.exe

C:\Windows\System\HVJcbbX.exe

C:\Windows\System\lzoUNAR.exe

C:\Windows\System\lzoUNAR.exe

C:\Windows\System\UWaytUo.exe

C:\Windows\System\UWaytUo.exe

C:\Windows\System\kUmKNZD.exe

C:\Windows\System\kUmKNZD.exe

C:\Windows\System\LxPyFnN.exe

C:\Windows\System\LxPyFnN.exe

C:\Windows\System\tKxTAuO.exe

C:\Windows\System\tKxTAuO.exe

C:\Windows\System\xagRIjr.exe

C:\Windows\System\xagRIjr.exe

C:\Windows\System\qgyeDkQ.exe

C:\Windows\System\qgyeDkQ.exe

C:\Windows\System\NAJwHxK.exe

C:\Windows\System\NAJwHxK.exe

C:\Windows\System\ZuQnINx.exe

C:\Windows\System\ZuQnINx.exe

C:\Windows\System\edoveLj.exe

C:\Windows\System\edoveLj.exe

C:\Windows\System\lbgQdkS.exe

C:\Windows\System\lbgQdkS.exe

C:\Windows\System\EeUcPCl.exe

C:\Windows\System\EeUcPCl.exe

C:\Windows\System\qMyrKbZ.exe

C:\Windows\System\qMyrKbZ.exe

C:\Windows\System\TGZDzIV.exe

C:\Windows\System\TGZDzIV.exe

C:\Windows\System\rBprNGT.exe

C:\Windows\System\rBprNGT.exe

C:\Windows\System\WFPZvpE.exe

C:\Windows\System\WFPZvpE.exe

C:\Windows\System\ChzlUry.exe

C:\Windows\System\ChzlUry.exe

C:\Windows\System\qugmCwz.exe

C:\Windows\System\qugmCwz.exe

C:\Windows\System\QEAqDqX.exe

C:\Windows\System\QEAqDqX.exe

C:\Windows\System\MKtnSkG.exe

C:\Windows\System\MKtnSkG.exe

C:\Windows\System\DEBcAuQ.exe

C:\Windows\System\DEBcAuQ.exe

C:\Windows\System\KTXYPSX.exe

C:\Windows\System\KTXYPSX.exe

C:\Windows\System\DrZslTV.exe

C:\Windows\System\DrZslTV.exe

C:\Windows\System\fwCrGva.exe

C:\Windows\System\fwCrGva.exe

C:\Windows\System\kdzdBQv.exe

C:\Windows\System\kdzdBQv.exe

C:\Windows\System\eKWTjgm.exe

C:\Windows\System\eKWTjgm.exe

C:\Windows\System\HDLixtm.exe

C:\Windows\System\HDLixtm.exe

C:\Windows\System\gIYhaLU.exe

C:\Windows\System\gIYhaLU.exe

C:\Windows\System\MZRKYKc.exe

C:\Windows\System\MZRKYKc.exe

C:\Windows\System\jwUndAO.exe

C:\Windows\System\jwUndAO.exe

C:\Windows\System\MHGXxvG.exe

C:\Windows\System\MHGXxvG.exe

C:\Windows\System\YAedtoS.exe

C:\Windows\System\YAedtoS.exe

C:\Windows\System\BoTrSxi.exe

C:\Windows\System\BoTrSxi.exe

C:\Windows\System\LEQzoSz.exe

C:\Windows\System\LEQzoSz.exe

C:\Windows\System\UGgqccF.exe

C:\Windows\System\UGgqccF.exe

C:\Windows\System\zdiVAAh.exe

C:\Windows\System\zdiVAAh.exe

C:\Windows\System\DCkAZyq.exe

C:\Windows\System\DCkAZyq.exe

C:\Windows\System\rSiwGFk.exe

C:\Windows\System\rSiwGFk.exe

C:\Windows\System\aFttagh.exe

C:\Windows\System\aFttagh.exe

C:\Windows\System\ImINWxZ.exe

C:\Windows\System\ImINWxZ.exe

C:\Windows\System\kWryoyu.exe

C:\Windows\System\kWryoyu.exe

C:\Windows\System\kVzmohW.exe

C:\Windows\System\kVzmohW.exe

C:\Windows\System\nwoyLBY.exe

C:\Windows\System\nwoyLBY.exe

C:\Windows\System\ILlQhtT.exe

C:\Windows\System\ILlQhtT.exe

C:\Windows\System\rNeZXbo.exe

C:\Windows\System\rNeZXbo.exe

C:\Windows\System\oagpiBW.exe

C:\Windows\System\oagpiBW.exe

C:\Windows\System\PBWEHue.exe

C:\Windows\System\PBWEHue.exe

C:\Windows\System\siKHCDS.exe

C:\Windows\System\siKHCDS.exe

C:\Windows\System\qXFtRve.exe

C:\Windows\System\qXFtRve.exe

C:\Windows\System\jBddWqW.exe

C:\Windows\System\jBddWqW.exe

C:\Windows\System\jZkcoyA.exe

C:\Windows\System\jZkcoyA.exe

C:\Windows\System\EvKFINZ.exe

C:\Windows\System\EvKFINZ.exe

C:\Windows\System\gfNSmjO.exe

C:\Windows\System\gfNSmjO.exe

C:\Windows\System\yzWSHQC.exe

C:\Windows\System\yzWSHQC.exe

C:\Windows\System\wJAdcWy.exe

C:\Windows\System\wJAdcWy.exe

C:\Windows\System\HhoJEsj.exe

C:\Windows\System\HhoJEsj.exe

C:\Windows\System\HaXmYEG.exe

C:\Windows\System\HaXmYEG.exe

C:\Windows\System\zkWPnMc.exe

C:\Windows\System\zkWPnMc.exe

C:\Windows\System\FWfdvEJ.exe

C:\Windows\System\FWfdvEJ.exe

C:\Windows\System\VxSWPRt.exe

C:\Windows\System\VxSWPRt.exe

C:\Windows\System\PQzjvtm.exe

C:\Windows\System\PQzjvtm.exe

C:\Windows\System\yawidmR.exe

C:\Windows\System\yawidmR.exe

C:\Windows\System\RdufHwZ.exe

C:\Windows\System\RdufHwZ.exe

C:\Windows\System\EtTZabP.exe

C:\Windows\System\EtTZabP.exe

C:\Windows\System\DYUGodC.exe

C:\Windows\System\DYUGodC.exe

C:\Windows\System\ZUDMUmh.exe

C:\Windows\System\ZUDMUmh.exe

C:\Windows\System\AktRTdk.exe

C:\Windows\System\AktRTdk.exe

C:\Windows\System\VGWjfqI.exe

C:\Windows\System\VGWjfqI.exe

C:\Windows\System\iomntEH.exe

C:\Windows\System\iomntEH.exe

C:\Windows\System\NGVEnVp.exe

C:\Windows\System\NGVEnVp.exe

C:\Windows\System\PGNKkRF.exe

C:\Windows\System\PGNKkRF.exe

C:\Windows\System\hHXBtwL.exe

C:\Windows\System\hHXBtwL.exe

C:\Windows\System\kWFNEOk.exe

C:\Windows\System\kWFNEOk.exe

C:\Windows\System\MjyQWcZ.exe

C:\Windows\System\MjyQWcZ.exe

C:\Windows\System\MJzBAHz.exe

C:\Windows\System\MJzBAHz.exe

C:\Windows\System\fyDrMGZ.exe

C:\Windows\System\fyDrMGZ.exe

C:\Windows\System\ZNOWJHG.exe

C:\Windows\System\ZNOWJHG.exe

C:\Windows\System\PUkNCuG.exe

C:\Windows\System\PUkNCuG.exe

C:\Windows\System\QETLRvT.exe

C:\Windows\System\QETLRvT.exe

C:\Windows\System\hvtJGoL.exe

C:\Windows\System\hvtJGoL.exe

C:\Windows\System\IGGTtbI.exe

C:\Windows\System\IGGTtbI.exe

C:\Windows\System\wlWGGUj.exe

C:\Windows\System\wlWGGUj.exe

C:\Windows\System\MdSnHvg.exe

C:\Windows\System\MdSnHvg.exe

C:\Windows\System\lkyzFON.exe

C:\Windows\System\lkyzFON.exe

C:\Windows\System\iRWgpIs.exe

C:\Windows\System\iRWgpIs.exe

C:\Windows\System\wyVIfMU.exe

C:\Windows\System\wyVIfMU.exe

C:\Windows\System\YgnEZsX.exe

C:\Windows\System\YgnEZsX.exe

C:\Windows\System\qnNpROU.exe

C:\Windows\System\qnNpROU.exe

C:\Windows\System\MobtEmQ.exe

C:\Windows\System\MobtEmQ.exe

C:\Windows\System\xUIdqZC.exe

C:\Windows\System\xUIdqZC.exe

C:\Windows\System\cwLsmdH.exe

C:\Windows\System\cwLsmdH.exe

C:\Windows\System\bOZwRPB.exe

C:\Windows\System\bOZwRPB.exe

C:\Windows\System\xKienZQ.exe

C:\Windows\System\xKienZQ.exe

C:\Windows\System\NxbtUuZ.exe

C:\Windows\System\NxbtUuZ.exe

C:\Windows\System\QomWCKm.exe

C:\Windows\System\QomWCKm.exe

C:\Windows\System\GTKXfwO.exe

C:\Windows\System\GTKXfwO.exe

C:\Windows\System\tWSwAbL.exe

C:\Windows\System\tWSwAbL.exe

C:\Windows\System\xugUOqv.exe

C:\Windows\System\xugUOqv.exe

C:\Windows\System\mZBrNAA.exe

C:\Windows\System\mZBrNAA.exe

C:\Windows\System\SoLXWqe.exe

C:\Windows\System\SoLXWqe.exe

C:\Windows\System\KgjphtK.exe

C:\Windows\System\KgjphtK.exe

C:\Windows\System\OHfzyOv.exe

C:\Windows\System\OHfzyOv.exe

C:\Windows\System\GDsUbfu.exe

C:\Windows\System\GDsUbfu.exe

C:\Windows\System\fLWKcxM.exe

C:\Windows\System\fLWKcxM.exe

C:\Windows\System\AwdliuX.exe

C:\Windows\System\AwdliuX.exe

C:\Windows\System\iaCoYZr.exe

C:\Windows\System\iaCoYZr.exe

C:\Windows\System\ZqjXPyz.exe

C:\Windows\System\ZqjXPyz.exe

C:\Windows\System\lDvBtaL.exe

C:\Windows\System\lDvBtaL.exe

C:\Windows\System\tMiwSVn.exe

C:\Windows\System\tMiwSVn.exe

C:\Windows\System\qblBTkS.exe

C:\Windows\System\qblBTkS.exe

C:\Windows\System\leBVxDo.exe

C:\Windows\System\leBVxDo.exe

C:\Windows\System\ZbORouQ.exe

C:\Windows\System\ZbORouQ.exe

C:\Windows\System\ugamagY.exe

C:\Windows\System\ugamagY.exe

C:\Windows\System\TJuUVbC.exe

C:\Windows\System\TJuUVbC.exe

C:\Windows\System\dJknDHU.exe

C:\Windows\System\dJknDHU.exe

C:\Windows\System\GcguFGq.exe

C:\Windows\System\GcguFGq.exe

C:\Windows\System\AHkzWEN.exe

C:\Windows\System\AHkzWEN.exe

C:\Windows\System\EwgqMQB.exe

C:\Windows\System\EwgqMQB.exe

C:\Windows\System\EtMnAwP.exe

C:\Windows\System\EtMnAwP.exe

C:\Windows\System\NCPjjBh.exe

C:\Windows\System\NCPjjBh.exe

C:\Windows\System\QkMflKl.exe

C:\Windows\System\QkMflKl.exe

C:\Windows\System\PMkiYpq.exe

C:\Windows\System\PMkiYpq.exe

C:\Windows\System\eBjzkZn.exe

C:\Windows\System\eBjzkZn.exe

C:\Windows\System\GETfTmu.exe

C:\Windows\System\GETfTmu.exe

C:\Windows\System\UyzbnnP.exe

C:\Windows\System\UyzbnnP.exe

C:\Windows\System\FeNqOMf.exe

C:\Windows\System\FeNqOMf.exe

C:\Windows\System\SNqDrnL.exe

C:\Windows\System\SNqDrnL.exe

C:\Windows\System\ZzplToS.exe

C:\Windows\System\ZzplToS.exe

C:\Windows\System\NyCtORT.exe

C:\Windows\System\NyCtORT.exe

C:\Windows\System\SzzcuIW.exe

C:\Windows\System\SzzcuIW.exe

C:\Windows\System\YntYmhD.exe

C:\Windows\System\YntYmhD.exe

C:\Windows\System\EfbWrgA.exe

C:\Windows\System\EfbWrgA.exe

C:\Windows\System\DhLGTfC.exe

C:\Windows\System\DhLGTfC.exe

C:\Windows\System\fROfzkF.exe

C:\Windows\System\fROfzkF.exe

C:\Windows\System\ikmTBJh.exe

C:\Windows\System\ikmTBJh.exe

C:\Windows\System\rNRaveb.exe

C:\Windows\System\rNRaveb.exe

C:\Windows\System\kOglTyL.exe

C:\Windows\System\kOglTyL.exe

C:\Windows\System\KmySADg.exe

C:\Windows\System\KmySADg.exe

C:\Windows\System\ehBiBjP.exe

C:\Windows\System\ehBiBjP.exe

C:\Windows\System\GKkvERx.exe

C:\Windows\System\GKkvERx.exe

C:\Windows\System\PdVdUjF.exe

C:\Windows\System\PdVdUjF.exe

C:\Windows\System\ftnyOOx.exe

C:\Windows\System\ftnyOOx.exe

C:\Windows\System\aUHMMGb.exe

C:\Windows\System\aUHMMGb.exe

C:\Windows\System\bskdfUN.exe

C:\Windows\System\bskdfUN.exe

C:\Windows\System\qvuDOuW.exe

C:\Windows\System\qvuDOuW.exe

C:\Windows\System\gxewkXP.exe

C:\Windows\System\gxewkXP.exe

C:\Windows\System\gYXkFoI.exe

C:\Windows\System\gYXkFoI.exe

C:\Windows\System\LssGXmt.exe

C:\Windows\System\LssGXmt.exe

C:\Windows\System\cJHDgGx.exe

C:\Windows\System\cJHDgGx.exe

C:\Windows\System\agzQYbw.exe

C:\Windows\System\agzQYbw.exe

C:\Windows\System\flvyYPU.exe

C:\Windows\System\flvyYPU.exe

C:\Windows\System\rpEqkpz.exe

C:\Windows\System\rpEqkpz.exe

C:\Windows\System\iVejPzN.exe

C:\Windows\System\iVejPzN.exe

C:\Windows\System\lzzIAFD.exe

C:\Windows\System\lzzIAFD.exe

C:\Windows\System\RcnOENu.exe

C:\Windows\System\RcnOENu.exe

C:\Windows\System\vFggQdu.exe

C:\Windows\System\vFggQdu.exe

C:\Windows\System\KCXKwKn.exe

C:\Windows\System\KCXKwKn.exe

C:\Windows\System\aECuMkH.exe

C:\Windows\System\aECuMkH.exe

Network

N/A

Files

memory/2412-0-0x000000013F780000-0x000000013FAD1000-memory.dmp

memory/2412-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\wFeEqGO.exe

MD5 1d9490d59efa90ed401369815a2daa21
SHA1 82a90532695a4ce06973d812bbd8910aa6995698
SHA256 6611cb20c9423920abb507245644d7067f36b1b4ddb6fa63de7548c7df7b5b65
SHA512 7a0026962487ff66f93f81178cad15f8a01e428d536e0e190f38b73494c8da88f26ab2311bd00f15e6c86371617927646e6d9c0d4211bebc77e948b9d19e0c2b

memory/2412-7-0x00000000023E0000-0x0000000002731000-memory.dmp

C:\Windows\system\TpMRwiG.exe

MD5 df098f4f25a7992db7b9159e0383bf10
SHA1 2f6d507af03709a9891a815b6778fecf3aa4d2a6
SHA256 b4a0f6c7005d92452304ae4f23bd305866c46fc3a1091821f5efe0a420ae91b5
SHA512 d72e431a85e61473bd58a05bc9718f46b7a5a1b3e428d439ffc2a6d4650bd4f7ff14a38864c5d0893cfd711d228f3d3ff5440903d801849962ed7e800e7061fc

C:\Windows\system\IYvrJWW.exe

MD5 e6de31fbeb303733ff9144f5d3e237a5
SHA1 2a677ebc4ce3a4961cb7ed664db0ee208620eef8
SHA256 44dd57cd49e870ab2593943be17d8bfa75fb4bfd245d209df28dfa026bbab102
SHA512 23a90a1290272e611a651c7739bb6b265aaaaf49cfd68ac3ee90e6e045cf07669a94a5dc3a645b7a5be14e4d38226d6a13b461d6afbaa7b9a1f085030d46cf50

memory/2412-21-0x00000000023E0000-0x0000000002731000-memory.dmp

memory/2600-23-0x000000013FEF0000-0x0000000140241000-memory.dmp

memory/2412-18-0x000000013FEF0000-0x0000000140241000-memory.dmp

memory/2748-17-0x000000013F430000-0x000000013F781000-memory.dmp

memory/1460-14-0x000000013F4A0000-0x000000013F7F1000-memory.dmp

\Windows\system\DPEBzEx.exe

MD5 2153b29265a3b7d04b593d097c4ac110
SHA1 2aa47aba113b436b82ffacc7e1a2c7972809f83a
SHA256 3507b5dd06523ada95ea795e3f5734fa0440bb6c62bf27c173e70129605669bd
SHA512 c0bba13533f97093581cde5bdbef71048b1db7ad301d01f27c6989b98517c71672d69a52d028759b96d0c24414f7f05f0e4bd9b9371f97b4238729d322593892

\Windows\system\xEXZCWP.exe

MD5 d7593a7a6aa3491306a512d27d1ba60b
SHA1 1d6c1cfea8dd85f64fe42bebf4a3274b7f8e9a43
SHA256 13417f9739f1004ced9898934423a47f50edb86c4a8f55c5c927a7e808d17fac
SHA512 e0cc9e22b3ead6241c3341ba9a5b9abe9e3a2d170fbbb3adc4f34f2fab8628d7705813b067907ab0d9ff417778b7014709b8862d3510af254ab6416908f8721c

C:\Windows\system\LYzerae.exe

MD5 c8362aa43ad4691a69ad049598048a06
SHA1 11fc98a75af6e173e14937b55c1123a26926781d
SHA256 be3ef0f63d32777f96c25d16755e01f5e8aa7cc4aa331a0d4b1206929e2b6016
SHA512 8fb47bb422822b3840449670cca5cd48dcfb234f9c3cb9060966635c6939fcf8513b8c670937a2f4da4bdd5556bd6f2886321cf9f69ee0236f06ba51401bfbed

memory/2564-43-0x000000013F0E0000-0x000000013F431000-memory.dmp

memory/2592-49-0x000000013FAE0000-0x000000013FE31000-memory.dmp

\Windows\system\vJLOYOi.exe

MD5 e941763bea784b339961e6f37907a630
SHA1 4c54d4822d3a9627318e84d67f8006232aceb195
SHA256 11bfecec43117de1c5d34bdf9901fd47c3bdf3f5589a4d36593684a7bf50b91c
SHA512 e5f076265bc9d5dcb926f0fd583fb87590d38638f09e893dfc8d2e3ee3f3c11a91c50e9c4aa66038d253c81423b7809cf69f1c1d02c08236374838575cd38206

\Windows\system\fqDVGfq.exe

MD5 8cdf050f1f8995b2e3a2765a1d1fb9e2
SHA1 efd5dddf1819db6521be77f5451f103dc1c0209c
SHA256 e83e56cca4e2fecd364919a46b5c9aceb277c164178b82f934fbf7e524a9bd64
SHA512 49dd7ba6d75ceeb750a9a18f7d7b468a1be3b28568ff4b61ab64dc65cc4e61cec4b83744b776f8c663c6f53450978ca22ae29d1514f1e115792d74a65f6a77c5

memory/2484-62-0x000000013F710000-0x000000013FA61000-memory.dmp

memory/2732-61-0x000000013FCE0000-0x0000000140031000-memory.dmp

memory/2724-58-0x000000013FFB0000-0x0000000140301000-memory.dmp

memory/2412-56-0x000000013FFB0000-0x0000000140301000-memory.dmp

memory/2412-55-0x000000013FCE0000-0x0000000140031000-memory.dmp

memory/2412-53-0x000000013F0E0000-0x000000013F431000-memory.dmp

memory/2412-52-0x00000000023E0000-0x0000000002731000-memory.dmp

C:\Windows\system\xnaivXn.exe

MD5 33d278a6b75af84d4d0b366bdd80fa95
SHA1 7c3dfa5177954f7467319bd22351fc90a8067659
SHA256 e513be9d3a098c59f2ae5f403c03eea1ad3e4c84394a249498c3450a9c7d2944
SHA512 3251d902126f6f578a39e3ef117b815785e951f0ed74a730f24d548c23b718c7aed20bf00df3c67554cd82fa3e3d4d985983056d48d2b17f6433336272d51be8

memory/2832-36-0x000000013FA50000-0x000000013FDA1000-memory.dmp

memory/2412-68-0x000000013F0E0000-0x000000013F431000-memory.dmp

C:\Windows\system\EnJOyWS.exe

MD5 bc91636f4e8d726dd7f3339383a1ed9f
SHA1 93f79e699e01924449f5c36c402a8a67d9439e56
SHA256 48a13e13f5442424d9cda0bf989e56da3a0f6acd572fd9bd0d30b5f884498cea
SHA512 386e499e96f7773f472be8099b4f4d2cbfe669138456f684adc00e19896ea9465c3b4419c8634bb8b16cf823a92b22e99046343346dfb85e4b760adefc608fd7

\Windows\system\WEfsUAN.exe

MD5 b894665e7c6439c03e0d2bb9fa680970
SHA1 ad0a6ad8d4ec07ce01e7c286ed27edba84862c24
SHA256 f0a1b778144646162817a8283d919dec204e88e0cc590f5c29fba5642035fc3f
SHA512 20f2517ca99db894ae5dd2c42e4b3b8ea82f088b9f65b53a17c9bf98c394d2bdde9d549f5e9a27826be1d63a22901dcc1641ba11e446c1332eaf3b09ac555e50

memory/2412-77-0x000000013FB20000-0x000000013FE71000-memory.dmp

memory/1460-76-0x000000013F4A0000-0x000000013F7F1000-memory.dmp

memory/2016-78-0x000000013FB20000-0x000000013FE71000-memory.dmp

memory/2412-75-0x000000013F780000-0x000000013FAD1000-memory.dmp

C:\Windows\system\EmviSzp.exe

MD5 7dae5ec1ae0ec43a10fe5cf214108c60
SHA1 49a9e57d4737b22728b19eb1cb30233f818b520a
SHA256 0cda88ec07a110e957d4c8628299a68c3224573f57be5d6538c591867d834a89
SHA512 0505f766b3550986d46589f2c63f9b56b7da1d3d6ecd80d5006aba57b361cd753fb5289e40f979a3921ecd9863c85030bd727eb952ae996b23fc0de5fa6ecc16

C:\Windows\system\HnOgVBA.exe

MD5 dd13ef99ccb705e8dd5473e9a1cd3779
SHA1 ad31da60218c89a9c281d1aeaf36c69a5dfb1407
SHA256 590b9cd2ff4089d1e98d5ef7a3bbefbcad56ffd5ca6a8afd3f100505f23e79b1
SHA512 5734076d8b6935e542e71cf05b35689784fa9ec5c7cc6ec2686fc35bdd4f848ca2ad481c70a9d7b201d429af2187de2a9336f2803bc9d9753214adb8eb2ff1af

C:\Windows\system\PVAHoAz.exe

MD5 7a6d9fad9588a05edded367897b87148
SHA1 36d349f0ff074cc8978bdb2a9eaf15cdc7b080f2
SHA256 29e7b3b4f4fb5fb79b53da23fdfbcd72d8795440f7545a9bdd1062a63e35e04d
SHA512 ff70868e4e757afc5066681f6aad5287fec3010441a9168fedab85f501b01321d54572bc04477d3687315ad6d8d515b3756c9ed8193b2390f03e69e0cd752538

\Windows\system\fVtzTEq.exe

MD5 5907f058c7dcd67e2632cb05c4ab375d
SHA1 0b0c966ac869c7742cafff5581a56fdca5c802a7
SHA256 f71975b6a2e6e7087ddd28b6313eb5013cd3b337462b7301125ca17036d977d0
SHA512 96330318d54cb6d8874af6861d2e5ba5a1f8f1eb1bb1701b2a25c421d4a5f1ec4dae033fa1b462e051133fc35f3e1f07250e6ff8353e9ebbfae7d4005516d8e0

C:\Windows\system\RBokjKE.exe

MD5 b688b311073aff2e66e16740c2019712
SHA1 2fbda56f9dc3fa708661bf0dd432f958ce863191
SHA256 bd9dff3d6d277332942ab82ca84bb77d28596c0508cccd5a83a1834617f8a638
SHA512 b3f2e3cfb96ba32bbd1972c4c155205d24cc47b154016c0eac320e18e53c1357ecda2e1b31216474e324c0d2aa74b84af2cc32055edfbacc6329d4369f3bc233

C:\Windows\system\KPzCsiu.exe

MD5 b213758e9535e5279d66d441aa571dfc
SHA1 bfe90b67ce51f90e088619eb149c5df6bb5c7dba
SHA256 bb6ea282f30a5d77d006ff6bda0d9b071e448ac95dcf6396a3f1d747ee02d5de
SHA512 79f66ce98fdb26ae350be27a42f71fa2a73f3c23d7c5669ab2cde718ce5c85fdd3ad86eb9f1c6e5deaa3dc208f0fdc19aadddaa726ab7f2363cbf350c7d07e92

C:\Windows\system\gIHHxMm.exe

MD5 3512dc06d7371390c6daff4012439c5e
SHA1 f7ea7171f770a1ec38dd4498d4da1706a24ad7cf
SHA256 d9b0e827c093cf2fef69613246e4f07926550ee7fe16b0cf965a7208974ece9a
SHA512 57676bf279626f1bcd98261045ea0f2de9fe7fed17f5f6a36870c74c9de37e4e3cffe4b8cb3f112a51ca3a88c024ce15f45ccc6a072923dfae7a427715e969f2

C:\Windows\system\ofwkWrS.exe

MD5 0a1e2674a6d726ff12f0e17f1d787525
SHA1 bf929580da88b9b179acf5d6acdf52e971f22475
SHA256 6b4d0bc7fdcec04bb5598ad2018254c6402bcae2646d083f1a8e54b2657e3f4b
SHA512 9c4aa31d2ee88cadc6e95b28462b76d3e20a488b7244f92688f7aced7d318b2c37675108e956c00d132e58306682e7ee8f56f113655e00e2cf0d7320e5f87124

memory/2748-379-0x000000013F430000-0x000000013F781000-memory.dmp

memory/2412-408-0x000000013F400000-0x000000013F751000-memory.dmp

memory/2780-367-0x000000013F730000-0x000000013FA81000-memory.dmp

memory/2412-376-0x00000000023E0000-0x0000000002731000-memory.dmp

memory/2896-375-0x000000013F890000-0x000000013FBE1000-memory.dmp

memory/2412-374-0x00000000023E0000-0x0000000002731000-memory.dmp

memory/2796-373-0x000000013F400000-0x000000013F751000-memory.dmp

memory/2412-365-0x00000000023E0000-0x0000000002731000-memory.dmp

memory/2600-962-0x000000013FEF0000-0x0000000140241000-memory.dmp

memory/2564-964-0x000000013F0E0000-0x000000013F431000-memory.dmp

memory/2412-963-0x00000000023E0000-0x0000000002731000-memory.dmp

memory/2412-1269-0x000000013FAE0000-0x000000013FE31000-memory.dmp

memory/2512-1955-0x000000013F0E0000-0x000000013F431000-memory.dmp

memory/2484-1662-0x000000013F710000-0x000000013FA61000-memory.dmp

memory/2412-2142-0x000000013FB20000-0x000000013FE71000-memory.dmp

memory/2412-2143-0x00000000023E0000-0x0000000002731000-memory.dmp

C:\Windows\system\TriqDwl.exe

MD5 bf012ee282db39d062e248b063eacb04
SHA1 9047581cfd43570635a2769c627ced21d959fc08
SHA256 62ace78e97c756130f1f77ebd53eb9351bf503dbccded269a9b446d33bf481bd
SHA512 81a6b34757e2d47c729f689b7e2c341dbf76bbee97f21d09cca265dfe2596cee490eda4af3ef76b16e4155942aa290f177f4ad47559d9a337740ec33f7a449c6

C:\Windows\system\IzQSzkQ.exe

MD5 6e9c1c772dcb84f726f920de08fb77a0
SHA1 85ba64b4ead4146575de36df5d327cdcda08b94d
SHA256 295ddc61c1167c241f2f33b8adb6d9a5febbcec0fb53a4178563fe5f94bb14d8
SHA512 4fd81e5ed4184b90ee17e12a6fdd69eeceb8854ea60ba333ff1271bb0dde42b8018e592ed6d99b0d2d2a083761f743c1c19b4464a858c1b7db242313d1ea9a60

C:\Windows\system\aQuHwpa.exe

MD5 9709f1da1971cfea60c0a7dbffe49aca
SHA1 5afc3dbf75f5c35fd32dbd63bede91e05b7e6281
SHA256 389ce447f0b803391a5b19bf7f39bc69074bef5a6b49293d198b2f5f566df59f
SHA512 53e853cb8928b73f3cfc69aa7743c038f38ac8320ffcc7d3de01526ba1b2f040a88402173defe88e608f107a86da6208dcd184f9f3a2a3d34db7b6102452b511

C:\Windows\system\fezcAXI.exe

MD5 06a2949d2cfc2630886fe64d46948a80
SHA1 7f83643cdabdcd4a0be4e631ce7c07e614d4ffae
SHA256 2eb3302fcaf4956d63c00aebfa3b4f442f4487c8aba30821ba1f6f032fc48da5
SHA512 a2fd3e5cace77bc12b65d640b0aed4ba3d830624474f6524bce68c68412be2f1527efba2a777d9bd35cad76ca5821c8b2e7ef9e928cbd9bb7fbfa0739ecece77

C:\Windows\system\cVIZbfK.exe

MD5 8d688bc2a0eb3c6131a041e723475812
SHA1 b0a157ef802800db723225daf735402b8b845dc3
SHA256 cb460a1ec72e3bc8744eeda8fd6189ea160235e0f7160637628ff7951dc90984
SHA512 607b05f2d52b810d8bfb170271ff87e7994ddda5f57d00910288076b099820dbcc396c2d922295cd263e9e4b3c59892ef1edac19cdaa0a5e257164f58468a20e

C:\Windows\system\HVldFXq.exe

MD5 d63279c9308796d3ebae4826f3ee0dd8
SHA1 85d3779d4b1a49604f258bc11a88f4077288497b
SHA256 757a11c4099d32d7c73c34651b282daa710f4dbecfe67238b2bb6f336b14755a
SHA512 ac54b8ca2f40ccd65968aaa5bd411193644fe235bf4e4306e04090ad7300ea81897bc842b60b6230b17893d08285aae48faca317d57c478a9c91485a51cc483f

C:\Windows\system\YcRVFnC.exe

MD5 136463b69c251c061769d483ce3bd96a
SHA1 0599e2d339ac08c7f0cb45e3560d39fa422501a4
SHA256 ee4eb372ead64b5f04632b9177caba3f34476443a84294cdd67b14145167223f
SHA512 604ff85d9277c629b23cf9ed409b814574522d70845cdeb73aa1be93540735eba1c4ed176d2bdfbe03e7110bd107c8bcd7af2c8543a6edbe3a3dd1f1c18f6851

\Windows\system\Xsdflsv.exe

MD5 26760b75c763b86e44e71a74167531ef
SHA1 a3334e247b74706a21c5919c4a98aaefcb57e4c6
SHA256 f0f82729c52d2e563fb42f320680f62c5180510bdc74e02a833ee6b8d5184db5
SHA512 beea8ddee5dfcb611bd20d13924a3620a9c79883cc9cd9dcba083028d97e21675a44a3a2e2439a2fe74b26d4fa44f9d468b949a5bdd2c485548f2ad5ab004361

C:\Windows\system\fSlAiSS.exe

MD5 f7eb5698f9ff623eaa1e1bec75ba7d84
SHA1 6dbd603003d381a830fa42c5297bf52502682d0c
SHA256 40d8fcfdf800253dfdb2aa6bff8ba8e8660a26d8ce277d88412f94440fb52d7e
SHA512 a9ba77d3afe9b6af22d7f06c978555260f46335b827d402cf97f84da0904da21679a16a22a8694f3055f94bd25849f8983c0c6a6a306067be5ca6073e835aa67

C:\Windows\system\QulLdDT.exe

MD5 3bd5b0eec9878ab1f70c7965b8a59f09
SHA1 588c7c22c0b5bde1eee07ba57ff9c6ee9a9998e4
SHA256 4fa5c523a2c91846168e4c25a503569ae48373943549e7244eb62101d7ca9c58
SHA512 502f851da81c170a05121856415117ee644d026dfddd9ddeab6e38fc74a9b5fc3bd2493d75328d017c830dfb9c40b9c84ef8b5dbb90b059c88e396d370402628

C:\Windows\system\AgKdQgk.exe

MD5 2ca7ead9511f465a8f6064da082ae10e
SHA1 fbc9f308521b74a4a58d258f69c823f29aea8b0b
SHA256 9b60347f752e14aa66c6be97081abc34f64dbe55e1062346b39ca32567ccb90f
SHA512 95ba6fd2c657c23b83625cf2dc6249e536e5930cf867dc0c35689df032b3696e591292774feb29f809935eacfb528689701c6f11d26ee51c7a10d3bc16d12b43

C:\Windows\system\bAglHbC.exe

MD5 5af62c524911f2f7804d50532997b08f
SHA1 35fe1ed2e5db4d11a1f7fa6447025375a781dbc0
SHA256 df076707c9ef1ee60d2e4e7f15af41dfa414be508fd3001323d0f4292abdd271
SHA512 eca6881e4cdd2ad819c6b240c88ac66317f2088eb8e3efb51227a464c947992593716230de7974a64ad2468d47bd55e83a92f50b108024386448d1deaa313dbb

C:\Windows\system\IeAXgMi.exe

MD5 d6c316baa6c6d77e9d9ba97c0446075c
SHA1 da8b8f4dd439caf1d700ac58d4931f187cdba1c5
SHA256 7e03225db0955460d8dbf731979e3bf2637b1540cc1a89a920d35150b6a8ee4e
SHA512 219bd8a85180911aa3158945f5ecc693bf107a16091789c8e3b2c41051a8642c1d36c63cbcdf0f63031fa19291e0573430f5898249479585fa207205f7479beb

memory/2748-3049-0x000000013F430000-0x000000013F781000-memory.dmp

memory/1460-3076-0x000000013F4A0000-0x000000013F7F1000-memory.dmp

memory/2592-3082-0x000000013FAE0000-0x000000013FE31000-memory.dmp

memory/2832-3073-0x000000013FA50000-0x000000013FDA1000-memory.dmp

memory/2724-3079-0x000000013FFB0000-0x0000000140301000-memory.dmp

memory/2484-3089-0x000000013F710000-0x000000013FA61000-memory.dmp

memory/2600-3097-0x000000013FEF0000-0x0000000140241000-memory.dmp

memory/2732-3105-0x000000013FCE0000-0x0000000140031000-memory.dmp

memory/2564-3111-0x000000013F0E0000-0x000000013F431000-memory.dmp

memory/2512-3116-0x000000013F0E0000-0x000000013F431000-memory.dmp

memory/2016-3134-0x000000013FB20000-0x000000013FE71000-memory.dmp

memory/2780-3139-0x000000013F730000-0x000000013FA81000-memory.dmp

memory/2896-3146-0x000000013F890000-0x000000013FBE1000-memory.dmp

memory/2796-3169-0x000000013F400000-0x000000013F751000-memory.dmp

memory/2412-5657-0x00000000023E0000-0x0000000002731000-memory.dmp

memory/2412-6327-0x00000000023E0000-0x0000000002731000-memory.dmp

memory/2412-7178-0x000000013F400000-0x000000013F751000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 09:38

Reported

2024-05-30 09:41

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe"

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

xmrig

miner xmrig

Detects Reflective DLL injection artifacts

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\CRSObIr.exe N/A
N/A N/A C:\Windows\System\AHzZAtk.exe N/A
N/A N/A C:\Windows\System\SIFBsrc.exe N/A
N/A N/A C:\Windows\System\LWTWoHc.exe N/A
N/A N/A C:\Windows\System\dOJPsdM.exe N/A
N/A N/A C:\Windows\System\PyIGTpC.exe N/A
N/A N/A C:\Windows\System\rExiqLB.exe N/A
N/A N/A C:\Windows\System\rWCstGe.exe N/A
N/A N/A C:\Windows\System\iJFaxsm.exe N/A
N/A N/A C:\Windows\System\bwkfRfY.exe N/A
N/A N/A C:\Windows\System\XkrhuiD.exe N/A
N/A N/A C:\Windows\System\EnmGmPO.exe N/A
N/A N/A C:\Windows\System\VvgvUXO.exe N/A
N/A N/A C:\Windows\System\MyhphLl.exe N/A
N/A N/A C:\Windows\System\ZFChGwO.exe N/A
N/A N/A C:\Windows\System\pYdXCLx.exe N/A
N/A N/A C:\Windows\System\NfEZTvB.exe N/A
N/A N/A C:\Windows\System\vZLloev.exe N/A
N/A N/A C:\Windows\System\mBdlSpB.exe N/A
N/A N/A C:\Windows\System\veEsUCO.exe N/A
N/A N/A C:\Windows\System\vPZHVBs.exe N/A
N/A N/A C:\Windows\System\qvdtVcX.exe N/A
N/A N/A C:\Windows\System\bWzIulV.exe N/A
N/A N/A C:\Windows\System\cNizLNm.exe N/A
N/A N/A C:\Windows\System\aryJUvM.exe N/A
N/A N/A C:\Windows\System\SjotwdN.exe N/A
N/A N/A C:\Windows\System\aMzYyrV.exe N/A
N/A N/A C:\Windows\System\SJbbFVZ.exe N/A
N/A N/A C:\Windows\System\eVFVXtz.exe N/A
N/A N/A C:\Windows\System\CQKnNRD.exe N/A
N/A N/A C:\Windows\System\cqfXInu.exe N/A
N/A N/A C:\Windows\System\yLiMyXN.exe N/A
N/A N/A C:\Windows\System\IKHWcTV.exe N/A
N/A N/A C:\Windows\System\LbyiXEA.exe N/A
N/A N/A C:\Windows\System\DiucSyD.exe N/A
N/A N/A C:\Windows\System\nKLbzJq.exe N/A
N/A N/A C:\Windows\System\htTmopW.exe N/A
N/A N/A C:\Windows\System\ANrlCit.exe N/A
N/A N/A C:\Windows\System\yOmlUzS.exe N/A
N/A N/A C:\Windows\System\cBqKXCM.exe N/A
N/A N/A C:\Windows\System\SuKrmJS.exe N/A
N/A N/A C:\Windows\System\bfhShUX.exe N/A
N/A N/A C:\Windows\System\qxnPBqm.exe N/A
N/A N/A C:\Windows\System\gCpdgQr.exe N/A
N/A N/A C:\Windows\System\KiVNKoj.exe N/A
N/A N/A C:\Windows\System\OBqGoUC.exe N/A
N/A N/A C:\Windows\System\UAnumxI.exe N/A
N/A N/A C:\Windows\System\HMafJzV.exe N/A
N/A N/A C:\Windows\System\AHDfWKT.exe N/A
N/A N/A C:\Windows\System\sELcTNb.exe N/A
N/A N/A C:\Windows\System\DzoiGYV.exe N/A
N/A N/A C:\Windows\System\qOCtXhm.exe N/A
N/A N/A C:\Windows\System\xIsZMtG.exe N/A
N/A N/A C:\Windows\System\INqrScf.exe N/A
N/A N/A C:\Windows\System\RiqZHXY.exe N/A
N/A N/A C:\Windows\System\xwcxBjc.exe N/A
N/A N/A C:\Windows\System\lbaYSCb.exe N/A
N/A N/A C:\Windows\System\DahVbGf.exe N/A
N/A N/A C:\Windows\System\DBGUfzn.exe N/A
N/A N/A C:\Windows\System\OrSBEKx.exe N/A
N/A N/A C:\Windows\System\KQmxsel.exe N/A
N/A N/A C:\Windows\System\SlVZbFB.exe N/A
N/A N/A C:\Windows\System\FFekzQh.exe N/A
N/A N/A C:\Windows\System\zTYrMxR.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\yWWnsKH.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\BfAMgLQ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\htTmopW.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\dYtSUJf.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\qxPvaty.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\GZWJhQc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\nCsimja.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kTTLTAU.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\xYBOWHE.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\sJMYrBr.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\RiqZHXY.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\PytAdzd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\WYopfZX.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\pCUniuM.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\xOtWSGY.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\Ilkhnit.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\vwlXIEP.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\YoMiFGp.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\qjjbgAk.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ytTpprT.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\sEWHlPt.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\OxdYjhl.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\YyZLGiK.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\qdmMPcJ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\fCDEqff.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ejzVneV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\cmhcaAq.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ZprKNHm.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\hQhtjtf.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\HdDRifg.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\XrpScLy.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\sByQoiH.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\ujkTqzb.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kdSoSoT.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\xmVEuri.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\WqFkhKF.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\gXdtAHD.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\jZxAFEi.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\YCiUrpf.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\SwsPBop.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\NTaRFsn.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\dGdoELp.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TUowRtl.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\FhxiPjq.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\MyhphLl.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\nHNcjrJ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\lYvfEZh.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\dRCkkFL.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\kXoawAm.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\RkvzsUU.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\KpbDIIk.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\NMhHHJe.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\Xcriwfo.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\cOMbIjQ.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\TirTpnj.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\EXDByDt.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\EJpipQL.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\fqKRVbP.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\FdFMJrM.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\enPwdvV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\HMafJzV.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\fmhcZrH.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\zDMaCrd.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A
File created C:\Windows\System\apxRbDa.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1616 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\CRSObIr.exe
PID 1616 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\CRSObIr.exe
PID 1616 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\AHzZAtk.exe
PID 1616 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\AHzZAtk.exe
PID 1616 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\SIFBsrc.exe
PID 1616 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\SIFBsrc.exe
PID 1616 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\LWTWoHc.exe
PID 1616 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\LWTWoHc.exe
PID 1616 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\dOJPsdM.exe
PID 1616 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\dOJPsdM.exe
PID 1616 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\PyIGTpC.exe
PID 1616 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\PyIGTpC.exe
PID 1616 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\rExiqLB.exe
PID 1616 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\rExiqLB.exe
PID 1616 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\iJFaxsm.exe
PID 1616 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\iJFaxsm.exe
PID 1616 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\rWCstGe.exe
PID 1616 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\rWCstGe.exe
PID 1616 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\bwkfRfY.exe
PID 1616 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\bwkfRfY.exe
PID 1616 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\XkrhuiD.exe
PID 1616 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\XkrhuiD.exe
PID 1616 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\EnmGmPO.exe
PID 1616 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\EnmGmPO.exe
PID 1616 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\VvgvUXO.exe
PID 1616 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\VvgvUXO.exe
PID 1616 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\MyhphLl.exe
PID 1616 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\MyhphLl.exe
PID 1616 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\ZFChGwO.exe
PID 1616 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\ZFChGwO.exe
PID 1616 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\pYdXCLx.exe
PID 1616 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\pYdXCLx.exe
PID 1616 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\NfEZTvB.exe
PID 1616 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\NfEZTvB.exe
PID 1616 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\vZLloev.exe
PID 1616 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\vZLloev.exe
PID 1616 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\mBdlSpB.exe
PID 1616 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\mBdlSpB.exe
PID 1616 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\veEsUCO.exe
PID 1616 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\veEsUCO.exe
PID 1616 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\vPZHVBs.exe
PID 1616 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\vPZHVBs.exe
PID 1616 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\qvdtVcX.exe
PID 1616 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\qvdtVcX.exe
PID 1616 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\bWzIulV.exe
PID 1616 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\bWzIulV.exe
PID 1616 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\cNizLNm.exe
PID 1616 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\cNizLNm.exe
PID 1616 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\aryJUvM.exe
PID 1616 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\aryJUvM.exe
PID 1616 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\SjotwdN.exe
PID 1616 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\SjotwdN.exe
PID 1616 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\aMzYyrV.exe
PID 1616 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\aMzYyrV.exe
PID 1616 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\SJbbFVZ.exe
PID 1616 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\SJbbFVZ.exe
PID 1616 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\eVFVXtz.exe
PID 1616 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\eVFVXtz.exe
PID 1616 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\CQKnNRD.exe
PID 1616 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\CQKnNRD.exe
PID 1616 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\cqfXInu.exe
PID 1616 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\cqfXInu.exe
PID 1616 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\yLiMyXN.exe
PID 1616 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe C:\Windows\System\yLiMyXN.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-30_ab6e33da8dc8f878233d5fe8557db8d0_cobalt-strike_cobaltstrike.exe"

C:\Windows\System\CRSObIr.exe

C:\Windows\System\CRSObIr.exe

C:\Windows\System\AHzZAtk.exe

C:\Windows\System\AHzZAtk.exe

C:\Windows\System\SIFBsrc.exe

C:\Windows\System\SIFBsrc.exe

C:\Windows\System\LWTWoHc.exe

C:\Windows\System\LWTWoHc.exe

C:\Windows\System\dOJPsdM.exe

C:\Windows\System\dOJPsdM.exe

C:\Windows\System\PyIGTpC.exe

C:\Windows\System\PyIGTpC.exe

C:\Windows\System\rExiqLB.exe

C:\Windows\System\rExiqLB.exe

C:\Windows\System\iJFaxsm.exe

C:\Windows\System\iJFaxsm.exe

C:\Windows\System\rWCstGe.exe

C:\Windows\System\rWCstGe.exe

C:\Windows\System\bwkfRfY.exe

C:\Windows\System\bwkfRfY.exe

C:\Windows\System\XkrhuiD.exe

C:\Windows\System\XkrhuiD.exe

C:\Windows\System\EnmGmPO.exe

C:\Windows\System\EnmGmPO.exe

C:\Windows\System\VvgvUXO.exe

C:\Windows\System\VvgvUXO.exe

C:\Windows\System\MyhphLl.exe

C:\Windows\System\MyhphLl.exe

C:\Windows\System\ZFChGwO.exe

C:\Windows\System\ZFChGwO.exe

C:\Windows\System\pYdXCLx.exe

C:\Windows\System\pYdXCLx.exe

C:\Windows\System\NfEZTvB.exe

C:\Windows\System\NfEZTvB.exe

C:\Windows\System\vZLloev.exe

C:\Windows\System\vZLloev.exe

C:\Windows\System\mBdlSpB.exe

C:\Windows\System\mBdlSpB.exe

C:\Windows\System\veEsUCO.exe

C:\Windows\System\veEsUCO.exe

C:\Windows\System\vPZHVBs.exe

C:\Windows\System\vPZHVBs.exe

C:\Windows\System\qvdtVcX.exe

C:\Windows\System\qvdtVcX.exe

C:\Windows\System\bWzIulV.exe

C:\Windows\System\bWzIulV.exe

C:\Windows\System\cNizLNm.exe

C:\Windows\System\cNizLNm.exe

C:\Windows\System\aryJUvM.exe

C:\Windows\System\aryJUvM.exe

C:\Windows\System\SjotwdN.exe

C:\Windows\System\SjotwdN.exe

C:\Windows\System\aMzYyrV.exe

C:\Windows\System\aMzYyrV.exe

C:\Windows\System\SJbbFVZ.exe

C:\Windows\System\SJbbFVZ.exe

C:\Windows\System\eVFVXtz.exe

C:\Windows\System\eVFVXtz.exe

C:\Windows\System\CQKnNRD.exe

C:\Windows\System\CQKnNRD.exe

C:\Windows\System\cqfXInu.exe

C:\Windows\System\cqfXInu.exe

C:\Windows\System\yLiMyXN.exe

C:\Windows\System\yLiMyXN.exe

C:\Windows\System\IKHWcTV.exe

C:\Windows\System\IKHWcTV.exe

C:\Windows\System\LbyiXEA.exe

C:\Windows\System\LbyiXEA.exe

C:\Windows\System\DiucSyD.exe

C:\Windows\System\DiucSyD.exe

C:\Windows\System\nKLbzJq.exe

C:\Windows\System\nKLbzJq.exe

C:\Windows\System\htTmopW.exe

C:\Windows\System\htTmopW.exe

C:\Windows\System\ANrlCit.exe

C:\Windows\System\ANrlCit.exe

C:\Windows\System\yOmlUzS.exe

C:\Windows\System\yOmlUzS.exe

C:\Windows\System\cBqKXCM.exe

C:\Windows\System\cBqKXCM.exe

C:\Windows\System\SuKrmJS.exe

C:\Windows\System\SuKrmJS.exe

C:\Windows\System\bfhShUX.exe

C:\Windows\System\bfhShUX.exe

C:\Windows\System\qxnPBqm.exe

C:\Windows\System\qxnPBqm.exe

C:\Windows\System\gCpdgQr.exe

C:\Windows\System\gCpdgQr.exe

C:\Windows\System\KiVNKoj.exe

C:\Windows\System\KiVNKoj.exe

C:\Windows\System\OBqGoUC.exe

C:\Windows\System\OBqGoUC.exe

C:\Windows\System\UAnumxI.exe

C:\Windows\System\UAnumxI.exe

C:\Windows\System\HMafJzV.exe

C:\Windows\System\HMafJzV.exe

C:\Windows\System\AHDfWKT.exe

C:\Windows\System\AHDfWKT.exe

C:\Windows\System\sELcTNb.exe

C:\Windows\System\sELcTNb.exe

C:\Windows\System\DzoiGYV.exe

C:\Windows\System\DzoiGYV.exe

C:\Windows\System\qOCtXhm.exe

C:\Windows\System\qOCtXhm.exe

C:\Windows\System\xIsZMtG.exe

C:\Windows\System\xIsZMtG.exe

C:\Windows\System\INqrScf.exe

C:\Windows\System\INqrScf.exe

C:\Windows\System\RiqZHXY.exe

C:\Windows\System\RiqZHXY.exe

C:\Windows\System\xwcxBjc.exe

C:\Windows\System\xwcxBjc.exe

C:\Windows\System\lbaYSCb.exe

C:\Windows\System\lbaYSCb.exe

C:\Windows\System\DahVbGf.exe

C:\Windows\System\DahVbGf.exe

C:\Windows\System\DBGUfzn.exe

C:\Windows\System\DBGUfzn.exe

C:\Windows\System\OrSBEKx.exe

C:\Windows\System\OrSBEKx.exe

C:\Windows\System\KQmxsel.exe

C:\Windows\System\KQmxsel.exe

C:\Windows\System\SlVZbFB.exe

C:\Windows\System\SlVZbFB.exe

C:\Windows\System\FFekzQh.exe

C:\Windows\System\FFekzQh.exe

C:\Windows\System\zTYrMxR.exe

C:\Windows\System\zTYrMxR.exe

C:\Windows\System\NXxUTnx.exe

C:\Windows\System\NXxUTnx.exe

C:\Windows\System\MbIEcUQ.exe

C:\Windows\System\MbIEcUQ.exe

C:\Windows\System\ekCDGhr.exe

C:\Windows\System\ekCDGhr.exe

C:\Windows\System\XyIPFne.exe

C:\Windows\System\XyIPFne.exe

C:\Windows\System\GYUFrsZ.exe

C:\Windows\System\GYUFrsZ.exe

C:\Windows\System\xftrfvk.exe

C:\Windows\System\xftrfvk.exe

C:\Windows\System\kKqTcmy.exe

C:\Windows\System\kKqTcmy.exe

C:\Windows\System\nHNcjrJ.exe

C:\Windows\System\nHNcjrJ.exe

C:\Windows\System\ijHieRe.exe

C:\Windows\System\ijHieRe.exe

C:\Windows\System\ejzVneV.exe

C:\Windows\System\ejzVneV.exe

C:\Windows\System\fhsYDFq.exe

C:\Windows\System\fhsYDFq.exe

C:\Windows\System\bHAyAtS.exe

C:\Windows\System\bHAyAtS.exe

C:\Windows\System\BpXUUei.exe

C:\Windows\System\BpXUUei.exe

C:\Windows\System\xlkOSDn.exe

C:\Windows\System\xlkOSDn.exe

C:\Windows\System\xRLcjBn.exe

C:\Windows\System\xRLcjBn.exe

C:\Windows\System\NBEbBpr.exe

C:\Windows\System\NBEbBpr.exe

C:\Windows\System\JJFrqYj.exe

C:\Windows\System\JJFrqYj.exe

C:\Windows\System\jqQwtUK.exe

C:\Windows\System\jqQwtUK.exe

C:\Windows\System\rwrpoHc.exe

C:\Windows\System\rwrpoHc.exe

C:\Windows\System\SQfbqCD.exe

C:\Windows\System\SQfbqCD.exe

C:\Windows\System\WZGstUy.exe

C:\Windows\System\WZGstUy.exe

C:\Windows\System\FYQGsjI.exe

C:\Windows\System\FYQGsjI.exe

C:\Windows\System\jziCVLz.exe

C:\Windows\System\jziCVLz.exe

C:\Windows\System\dYtSUJf.exe

C:\Windows\System\dYtSUJf.exe

C:\Windows\System\zaihqIY.exe

C:\Windows\System\zaihqIY.exe

C:\Windows\System\dEXkJju.exe

C:\Windows\System\dEXkJju.exe

C:\Windows\System\vXJAGhD.exe

C:\Windows\System\vXJAGhD.exe

C:\Windows\System\zLXIbht.exe

C:\Windows\System\zLXIbht.exe

C:\Windows\System\itwLQuu.exe

C:\Windows\System\itwLQuu.exe

C:\Windows\System\xNDFWoK.exe

C:\Windows\System\xNDFWoK.exe

C:\Windows\System\JPNzxaL.exe

C:\Windows\System\JPNzxaL.exe

C:\Windows\System\BHEEKmk.exe

C:\Windows\System\BHEEKmk.exe

C:\Windows\System\Xcriwfo.exe

C:\Windows\System\Xcriwfo.exe

C:\Windows\System\MDMlJKH.exe

C:\Windows\System\MDMlJKH.exe

C:\Windows\System\brweLSU.exe

C:\Windows\System\brweLSU.exe

C:\Windows\System\iyoGVmm.exe

C:\Windows\System\iyoGVmm.exe

C:\Windows\System\UKySeLw.exe

C:\Windows\System\UKySeLw.exe

C:\Windows\System\OhRVvtB.exe

C:\Windows\System\OhRVvtB.exe

C:\Windows\System\VGBKSZI.exe

C:\Windows\System\VGBKSZI.exe

C:\Windows\System\jHMPPiO.exe

C:\Windows\System\jHMPPiO.exe

C:\Windows\System\XtOeuyy.exe

C:\Windows\System\XtOeuyy.exe

C:\Windows\System\gRrNnTt.exe

C:\Windows\System\gRrNnTt.exe

C:\Windows\System\qxPvaty.exe

C:\Windows\System\qxPvaty.exe

C:\Windows\System\pcmVpkX.exe

C:\Windows\System\pcmVpkX.exe

C:\Windows\System\fsVaAtG.exe

C:\Windows\System\fsVaAtG.exe

C:\Windows\System\ZabHvIk.exe

C:\Windows\System\ZabHvIk.exe

C:\Windows\System\jzZYJfj.exe

C:\Windows\System\jzZYJfj.exe

C:\Windows\System\rDZELVv.exe

C:\Windows\System\rDZELVv.exe

C:\Windows\System\AmsvGIr.exe

C:\Windows\System\AmsvGIr.exe

C:\Windows\System\KmRTTpU.exe

C:\Windows\System\KmRTTpU.exe

C:\Windows\System\RIfWmIK.exe

C:\Windows\System\RIfWmIK.exe

C:\Windows\System\AMKiOtM.exe

C:\Windows\System\AMKiOtM.exe

C:\Windows\System\OxdYjhl.exe

C:\Windows\System\OxdYjhl.exe

C:\Windows\System\nSFHStq.exe

C:\Windows\System\nSFHStq.exe

C:\Windows\System\uQoLRcy.exe

C:\Windows\System\uQoLRcy.exe

C:\Windows\System\DwpvDpI.exe

C:\Windows\System\DwpvDpI.exe

C:\Windows\System\ksNMnuc.exe

C:\Windows\System\ksNMnuc.exe

C:\Windows\System\cGcqcgx.exe

C:\Windows\System\cGcqcgx.exe

C:\Windows\System\zfMhPxm.exe

C:\Windows\System\zfMhPxm.exe

C:\Windows\System\NDlCNpx.exe

C:\Windows\System\NDlCNpx.exe

C:\Windows\System\fIOfEEa.exe

C:\Windows\System\fIOfEEa.exe

C:\Windows\System\DIAAvnI.exe

C:\Windows\System\DIAAvnI.exe

C:\Windows\System\VFIepQA.exe

C:\Windows\System\VFIepQA.exe

C:\Windows\System\tPNArAg.exe

C:\Windows\System\tPNArAg.exe

C:\Windows\System\EJpipQL.exe

C:\Windows\System\EJpipQL.exe

C:\Windows\System\fwAlzsC.exe

C:\Windows\System\fwAlzsC.exe

C:\Windows\System\fmhcZrH.exe

C:\Windows\System\fmhcZrH.exe

C:\Windows\System\WxNVvxU.exe

C:\Windows\System\WxNVvxU.exe

C:\Windows\System\gHSdGOb.exe

C:\Windows\System\gHSdGOb.exe

C:\Windows\System\HjwVNXA.exe

C:\Windows\System\HjwVNXA.exe

C:\Windows\System\ONvMFLX.exe

C:\Windows\System\ONvMFLX.exe

C:\Windows\System\LdEkqxO.exe

C:\Windows\System\LdEkqxO.exe

C:\Windows\System\esKlepl.exe

C:\Windows\System\esKlepl.exe

C:\Windows\System\qQktJVQ.exe

C:\Windows\System\qQktJVQ.exe

C:\Windows\System\aoBhQgu.exe

C:\Windows\System\aoBhQgu.exe

C:\Windows\System\WvXanft.exe

C:\Windows\System\WvXanft.exe

C:\Windows\System\YsOgsMj.exe

C:\Windows\System\YsOgsMj.exe

C:\Windows\System\KQgoANI.exe

C:\Windows\System\KQgoANI.exe

C:\Windows\System\EsxkrAf.exe

C:\Windows\System\EsxkrAf.exe

C:\Windows\System\simCDSN.exe

C:\Windows\System\simCDSN.exe

C:\Windows\System\lYONHqQ.exe

C:\Windows\System\lYONHqQ.exe

C:\Windows\System\BkoCvNq.exe

C:\Windows\System\BkoCvNq.exe

C:\Windows\System\OqoULEM.exe

C:\Windows\System\OqoULEM.exe

C:\Windows\System\ELEXKbW.exe

C:\Windows\System\ELEXKbW.exe

C:\Windows\System\PtfBYzJ.exe

C:\Windows\System\PtfBYzJ.exe

C:\Windows\System\bSswlER.exe

C:\Windows\System\bSswlER.exe

C:\Windows\System\SzSAubB.exe

C:\Windows\System\SzSAubB.exe

C:\Windows\System\MogXAmu.exe

C:\Windows\System\MogXAmu.exe

C:\Windows\System\kAXFmjk.exe

C:\Windows\System\kAXFmjk.exe

C:\Windows\System\tHyiCRg.exe

C:\Windows\System\tHyiCRg.exe

C:\Windows\System\WQmPiXq.exe

C:\Windows\System\WQmPiXq.exe

C:\Windows\System\gpMtXKd.exe

C:\Windows\System\gpMtXKd.exe

C:\Windows\System\IWiArGV.exe

C:\Windows\System\IWiArGV.exe

C:\Windows\System\wphwNMk.exe

C:\Windows\System\wphwNMk.exe

C:\Windows\System\yPsvQuD.exe

C:\Windows\System\yPsvQuD.exe

C:\Windows\System\aVhrVpI.exe

C:\Windows\System\aVhrVpI.exe

C:\Windows\System\KVYCjpA.exe

C:\Windows\System\KVYCjpA.exe

C:\Windows\System\EhahyHD.exe

C:\Windows\System\EhahyHD.exe

C:\Windows\System\mpRlsBe.exe

C:\Windows\System\mpRlsBe.exe

C:\Windows\System\WdyOAZx.exe

C:\Windows\System\WdyOAZx.exe

C:\Windows\System\dArfxVG.exe

C:\Windows\System\dArfxVG.exe

C:\Windows\System\LVwtChP.exe

C:\Windows\System\LVwtChP.exe

C:\Windows\System\BaNQFtY.exe

C:\Windows\System\BaNQFtY.exe

C:\Windows\System\AiQvHvZ.exe

C:\Windows\System\AiQvHvZ.exe

C:\Windows\System\dIDttKx.exe

C:\Windows\System\dIDttKx.exe

C:\Windows\System\LARXFes.exe

C:\Windows\System\LARXFes.exe

C:\Windows\System\fqjBPjS.exe

C:\Windows\System\fqjBPjS.exe

C:\Windows\System\ymcVrKB.exe

C:\Windows\System\ymcVrKB.exe

C:\Windows\System\XlpqmZS.exe

C:\Windows\System\XlpqmZS.exe

C:\Windows\System\wqipFgt.exe

C:\Windows\System\wqipFgt.exe

C:\Windows\System\zDMaCrd.exe

C:\Windows\System\zDMaCrd.exe

C:\Windows\System\pHHZmuO.exe

C:\Windows\System\pHHZmuO.exe

C:\Windows\System\YUOQdvi.exe

C:\Windows\System\YUOQdvi.exe

C:\Windows\System\NZvwGYW.exe

C:\Windows\System\NZvwGYW.exe

C:\Windows\System\hGCIArN.exe

C:\Windows\System\hGCIArN.exe

C:\Windows\System\qvDMngF.exe

C:\Windows\System\qvDMngF.exe

C:\Windows\System\WzFGnIU.exe

C:\Windows\System\WzFGnIU.exe

C:\Windows\System\mnNPFew.exe

C:\Windows\System\mnNPFew.exe

C:\Windows\System\PGqeRrH.exe

C:\Windows\System\PGqeRrH.exe

C:\Windows\System\vRiTCDx.exe

C:\Windows\System\vRiTCDx.exe

C:\Windows\System\gcUsmsD.exe

C:\Windows\System\gcUsmsD.exe

C:\Windows\System\ssixhSj.exe

C:\Windows\System\ssixhSj.exe

C:\Windows\System\hvMFHnK.exe

C:\Windows\System\hvMFHnK.exe

C:\Windows\System\UftQcxx.exe

C:\Windows\System\UftQcxx.exe

C:\Windows\System\Oauvwuo.exe

C:\Windows\System\Oauvwuo.exe

C:\Windows\System\kWNrROK.exe

C:\Windows\System\kWNrROK.exe

C:\Windows\System\GhoIqht.exe

C:\Windows\System\GhoIqht.exe

C:\Windows\System\hkuMDis.exe

C:\Windows\System\hkuMDis.exe

C:\Windows\System\fqKRVbP.exe

C:\Windows\System\fqKRVbP.exe

C:\Windows\System\MPHNHbp.exe

C:\Windows\System\MPHNHbp.exe

C:\Windows\System\bpfPUUk.exe

C:\Windows\System\bpfPUUk.exe

C:\Windows\System\lYvfEZh.exe

C:\Windows\System\lYvfEZh.exe

C:\Windows\System\AIPYlYm.exe

C:\Windows\System\AIPYlYm.exe

C:\Windows\System\QzoolQs.exe

C:\Windows\System\QzoolQs.exe

C:\Windows\System\zfGCjqX.exe

C:\Windows\System\zfGCjqX.exe

C:\Windows\System\ByePcff.exe

C:\Windows\System\ByePcff.exe

C:\Windows\System\ZcSNTnQ.exe

C:\Windows\System\ZcSNTnQ.exe

C:\Windows\System\wadIHgL.exe

C:\Windows\System\wadIHgL.exe

C:\Windows\System\CoMRyHv.exe

C:\Windows\System\CoMRyHv.exe

C:\Windows\System\VvcKlIj.exe

C:\Windows\System\VvcKlIj.exe

C:\Windows\System\glTjYim.exe

C:\Windows\System\glTjYim.exe

C:\Windows\System\zyJeNpZ.exe

C:\Windows\System\zyJeNpZ.exe

C:\Windows\System\gLYFBgT.exe

C:\Windows\System\gLYFBgT.exe

C:\Windows\System\hOLwGMB.exe

C:\Windows\System\hOLwGMB.exe

C:\Windows\System\BWUYXmE.exe

C:\Windows\System\BWUYXmE.exe

C:\Windows\System\qwzzcOD.exe

C:\Windows\System\qwzzcOD.exe

C:\Windows\System\gAAaXRl.exe

C:\Windows\System\gAAaXRl.exe

C:\Windows\System\LcdzgWR.exe

C:\Windows\System\LcdzgWR.exe

C:\Windows\System\ijLEoay.exe

C:\Windows\System\ijLEoay.exe

C:\Windows\System\aTRfdXl.exe

C:\Windows\System\aTRfdXl.exe

C:\Windows\System\GbvLZIB.exe

C:\Windows\System\GbvLZIB.exe

C:\Windows\System\xKyHFuB.exe

C:\Windows\System\xKyHFuB.exe

C:\Windows\System\ujYyUYf.exe

C:\Windows\System\ujYyUYf.exe

C:\Windows\System\IMHHYWy.exe

C:\Windows\System\IMHHYWy.exe

C:\Windows\System\rTCkmAX.exe

C:\Windows\System\rTCkmAX.exe

C:\Windows\System\tHTXdho.exe

C:\Windows\System\tHTXdho.exe

C:\Windows\System\cgDbhmG.exe

C:\Windows\System\cgDbhmG.exe

C:\Windows\System\TCUUXXx.exe

C:\Windows\System\TCUUXXx.exe

C:\Windows\System\afRYCYK.exe

C:\Windows\System\afRYCYK.exe

C:\Windows\System\ttFcFzB.exe

C:\Windows\System\ttFcFzB.exe

C:\Windows\System\NKZrMsi.exe

C:\Windows\System\NKZrMsi.exe

C:\Windows\System\CBLFczI.exe

C:\Windows\System\CBLFczI.exe

C:\Windows\System\fphoWgy.exe

C:\Windows\System\fphoWgy.exe

C:\Windows\System\tQlXmdU.exe

C:\Windows\System\tQlXmdU.exe

C:\Windows\System\xAwsESC.exe

C:\Windows\System\xAwsESC.exe

C:\Windows\System\FBEmDzw.exe

C:\Windows\System\FBEmDzw.exe

C:\Windows\System\ZeLGjPg.exe

C:\Windows\System\ZeLGjPg.exe

C:\Windows\System\mYMxUWV.exe

C:\Windows\System\mYMxUWV.exe

C:\Windows\System\mKhZxbn.exe

C:\Windows\System\mKhZxbn.exe

C:\Windows\System\pppDLUB.exe

C:\Windows\System\pppDLUB.exe

C:\Windows\System\LtXSteE.exe

C:\Windows\System\LtXSteE.exe

C:\Windows\System\AXPeoZH.exe

C:\Windows\System\AXPeoZH.exe

C:\Windows\System\AmgsoZX.exe

C:\Windows\System\AmgsoZX.exe

C:\Windows\System\PytAdzd.exe

C:\Windows\System\PytAdzd.exe

C:\Windows\System\PujFRQe.exe

C:\Windows\System\PujFRQe.exe

C:\Windows\System\wOUcdju.exe

C:\Windows\System\wOUcdju.exe

C:\Windows\System\ACxJJwY.exe

C:\Windows\System\ACxJJwY.exe

C:\Windows\System\nCroeiK.exe

C:\Windows\System\nCroeiK.exe

C:\Windows\System\TFUJdyp.exe

C:\Windows\System\TFUJdyp.exe

C:\Windows\System\FQGfSfu.exe

C:\Windows\System\FQGfSfu.exe

C:\Windows\System\kcsCvaF.exe

C:\Windows\System\kcsCvaF.exe

C:\Windows\System\pIXAyKy.exe

C:\Windows\System\pIXAyKy.exe

C:\Windows\System\xUCZMbz.exe

C:\Windows\System\xUCZMbz.exe

C:\Windows\System\ivJqwZL.exe

C:\Windows\System\ivJqwZL.exe

C:\Windows\System\TgAOrbi.exe

C:\Windows\System\TgAOrbi.exe

C:\Windows\System\mbfbDfu.exe

C:\Windows\System\mbfbDfu.exe

C:\Windows\System\BxYksUf.exe

C:\Windows\System\BxYksUf.exe

C:\Windows\System\cTSqyiz.exe

C:\Windows\System\cTSqyiz.exe

C:\Windows\System\XNUdwIv.exe

C:\Windows\System\XNUdwIv.exe

C:\Windows\System\hczvhLi.exe

C:\Windows\System\hczvhLi.exe

C:\Windows\System\HRJwBvO.exe

C:\Windows\System\HRJwBvO.exe

C:\Windows\System\nGiOzcK.exe

C:\Windows\System\nGiOzcK.exe

C:\Windows\System\rjRZDrD.exe

C:\Windows\System\rjRZDrD.exe

C:\Windows\System\DflUmpN.exe

C:\Windows\System\DflUmpN.exe

C:\Windows\System\NKVtodW.exe

C:\Windows\System\NKVtodW.exe

C:\Windows\System\RvTaLSK.exe

C:\Windows\System\RvTaLSK.exe

C:\Windows\System\fbDiExW.exe

C:\Windows\System\fbDiExW.exe

C:\Windows\System\irInHHL.exe

C:\Windows\System\irInHHL.exe

C:\Windows\System\NoeYMLe.exe

C:\Windows\System\NoeYMLe.exe

C:\Windows\System\oUjlXBO.exe

C:\Windows\System\oUjlXBO.exe

C:\Windows\System\loWVfzp.exe

C:\Windows\System\loWVfzp.exe

C:\Windows\System\xOtWSGY.exe

C:\Windows\System\xOtWSGY.exe

C:\Windows\System\JObLnhe.exe

C:\Windows\System\JObLnhe.exe

C:\Windows\System\JSdYhiJ.exe

C:\Windows\System\JSdYhiJ.exe

C:\Windows\System\nAHkRsF.exe

C:\Windows\System\nAHkRsF.exe

C:\Windows\System\IvzFwqk.exe

C:\Windows\System\IvzFwqk.exe

C:\Windows\System\YyZLGiK.exe

C:\Windows\System\YyZLGiK.exe

C:\Windows\System\rfAQdRG.exe

C:\Windows\System\rfAQdRG.exe

C:\Windows\System\lDEgscc.exe

C:\Windows\System\lDEgscc.exe

C:\Windows\System\YOxSaWx.exe

C:\Windows\System\YOxSaWx.exe

C:\Windows\System\LRkaKGc.exe

C:\Windows\System\LRkaKGc.exe

C:\Windows\System\tScYETL.exe

C:\Windows\System\tScYETL.exe

C:\Windows\System\jOSpAUD.exe

C:\Windows\System\jOSpAUD.exe

C:\Windows\System\pbDCHPL.exe

C:\Windows\System\pbDCHPL.exe

C:\Windows\System\tyKbCjR.exe

C:\Windows\System\tyKbCjR.exe

C:\Windows\System\xdPphxe.exe

C:\Windows\System\xdPphxe.exe

C:\Windows\System\zknLwuC.exe

C:\Windows\System\zknLwuC.exe

C:\Windows\System\FSkqxsX.exe

C:\Windows\System\FSkqxsX.exe

C:\Windows\System\TvKgbNF.exe

C:\Windows\System\TvKgbNF.exe

C:\Windows\System\nAHFttm.exe

C:\Windows\System\nAHFttm.exe

C:\Windows\System\aYXFnJo.exe

C:\Windows\System\aYXFnJo.exe

C:\Windows\System\iBNcmmZ.exe

C:\Windows\System\iBNcmmZ.exe

C:\Windows\System\TPuaGLl.exe

C:\Windows\System\TPuaGLl.exe

C:\Windows\System\DjYANRn.exe

C:\Windows\System\DjYANRn.exe

C:\Windows\System\ojgdrOb.exe

C:\Windows\System\ojgdrOb.exe

C:\Windows\System\KOLiuYK.exe

C:\Windows\System\KOLiuYK.exe

C:\Windows\System\pTsJnbu.exe

C:\Windows\System\pTsJnbu.exe

C:\Windows\System\xmVEuri.exe

C:\Windows\System\xmVEuri.exe

C:\Windows\System\qSgXTcf.exe

C:\Windows\System\qSgXTcf.exe

C:\Windows\System\TpdLGPt.exe

C:\Windows\System\TpdLGPt.exe

C:\Windows\System\IhVpXWS.exe

C:\Windows\System\IhVpXWS.exe

C:\Windows\System\PrbmdiG.exe

C:\Windows\System\PrbmdiG.exe

C:\Windows\System\ETFaoJT.exe

C:\Windows\System\ETFaoJT.exe

C:\Windows\System\MQpOOaS.exe

C:\Windows\System\MQpOOaS.exe

C:\Windows\System\xCJmqTr.exe

C:\Windows\System\xCJmqTr.exe

C:\Windows\System\NYTDjKI.exe

C:\Windows\System\NYTDjKI.exe

C:\Windows\System\AOldSsN.exe

C:\Windows\System\AOldSsN.exe

C:\Windows\System\GySPCLo.exe

C:\Windows\System\GySPCLo.exe

C:\Windows\System\Pkcdfeq.exe

C:\Windows\System\Pkcdfeq.exe

C:\Windows\System\qlMFswo.exe

C:\Windows\System\qlMFswo.exe

C:\Windows\System\cPRHUCB.exe

C:\Windows\System\cPRHUCB.exe

C:\Windows\System\WBHextz.exe

C:\Windows\System\WBHextz.exe

C:\Windows\System\sGZNuZy.exe

C:\Windows\System\sGZNuZy.exe

C:\Windows\System\IyxCXBN.exe

C:\Windows\System\IyxCXBN.exe

C:\Windows\System\NWvVHMD.exe

C:\Windows\System\NWvVHMD.exe

C:\Windows\System\YkGeEPK.exe

C:\Windows\System\YkGeEPK.exe

C:\Windows\System\PdbFQAb.exe

C:\Windows\System\PdbFQAb.exe

C:\Windows\System\eEEbnSW.exe

C:\Windows\System\eEEbnSW.exe

C:\Windows\System\jsKTqEH.exe

C:\Windows\System\jsKTqEH.exe

C:\Windows\System\OhjwQgv.exe

C:\Windows\System\OhjwQgv.exe

C:\Windows\System\YYPxAhF.exe

C:\Windows\System\YYPxAhF.exe

C:\Windows\System\TaEsVqR.exe

C:\Windows\System\TaEsVqR.exe

C:\Windows\System\uaGvNhg.exe

C:\Windows\System\uaGvNhg.exe

C:\Windows\System\ahKXkxW.exe

C:\Windows\System\ahKXkxW.exe

C:\Windows\System\wNETdnS.exe

C:\Windows\System\wNETdnS.exe

C:\Windows\System\sCgobtV.exe

C:\Windows\System\sCgobtV.exe

C:\Windows\System\qzYFLlm.exe

C:\Windows\System\qzYFLlm.exe

C:\Windows\System\AhHpKrO.exe

C:\Windows\System\AhHpKrO.exe

C:\Windows\System\RYaxzJh.exe

C:\Windows\System\RYaxzJh.exe

C:\Windows\System\xVklsFV.exe

C:\Windows\System\xVklsFV.exe

C:\Windows\System\QLuTLOs.exe

C:\Windows\System\QLuTLOs.exe

C:\Windows\System\ESCycTV.exe

C:\Windows\System\ESCycTV.exe

C:\Windows\System\HlfYnNo.exe

C:\Windows\System\HlfYnNo.exe

C:\Windows\System\acEtuad.exe

C:\Windows\System\acEtuad.exe

C:\Windows\System\AEoKQIS.exe

C:\Windows\System\AEoKQIS.exe

C:\Windows\System\kXoawAm.exe

C:\Windows\System\kXoawAm.exe

C:\Windows\System\WqFkhKF.exe

C:\Windows\System\WqFkhKF.exe

C:\Windows\System\Ilkhnit.exe

C:\Windows\System\Ilkhnit.exe

C:\Windows\System\fEnMFFK.exe

C:\Windows\System\fEnMFFK.exe

C:\Windows\System\hpOhdBH.exe

C:\Windows\System\hpOhdBH.exe

C:\Windows\System\YQOBAVD.exe

C:\Windows\System\YQOBAVD.exe

C:\Windows\System\cNfDAdA.exe

C:\Windows\System\cNfDAdA.exe

C:\Windows\System\SZpsIXK.exe

C:\Windows\System\SZpsIXK.exe

C:\Windows\System\hCqoMis.exe

C:\Windows\System\hCqoMis.exe

C:\Windows\System\lXSGRqn.exe

C:\Windows\System\lXSGRqn.exe

C:\Windows\System\AboKDts.exe

C:\Windows\System\AboKDts.exe

C:\Windows\System\SrsVFOq.exe

C:\Windows\System\SrsVFOq.exe

C:\Windows\System\UbiefJd.exe

C:\Windows\System\UbiefJd.exe

C:\Windows\System\FdFMJrM.exe

C:\Windows\System\FdFMJrM.exe

C:\Windows\System\eiDCSMA.exe

C:\Windows\System\eiDCSMA.exe

C:\Windows\System\peQRWtj.exe

C:\Windows\System\peQRWtj.exe

C:\Windows\System\JmUMLIA.exe

C:\Windows\System\JmUMLIA.exe

C:\Windows\System\sBRPgaP.exe

C:\Windows\System\sBRPgaP.exe

C:\Windows\System\sFbUwTL.exe

C:\Windows\System\sFbUwTL.exe

C:\Windows\System\uWWqmEf.exe

C:\Windows\System\uWWqmEf.exe

C:\Windows\System\qdmMPcJ.exe

C:\Windows\System\qdmMPcJ.exe

C:\Windows\System\hyNwEcj.exe

C:\Windows\System\hyNwEcj.exe

C:\Windows\System\aOSClqn.exe

C:\Windows\System\aOSClqn.exe

C:\Windows\System\QbQTRIn.exe

C:\Windows\System\QbQTRIn.exe

C:\Windows\System\hterXIa.exe

C:\Windows\System\hterXIa.exe

C:\Windows\System\neOdgJY.exe

C:\Windows\System\neOdgJY.exe

C:\Windows\System\JoqGMbL.exe

C:\Windows\System\JoqGMbL.exe

C:\Windows\System\yhDhndJ.exe

C:\Windows\System\yhDhndJ.exe

C:\Windows\System\uAwZwww.exe

C:\Windows\System\uAwZwww.exe

C:\Windows\System\cANlRrY.exe

C:\Windows\System\cANlRrY.exe

C:\Windows\System\eTJhCBs.exe

C:\Windows\System\eTJhCBs.exe

C:\Windows\System\uxRzIpz.exe

C:\Windows\System\uxRzIpz.exe

C:\Windows\System\OkngUsc.exe

C:\Windows\System\OkngUsc.exe

C:\Windows\System\dRCkkFL.exe

C:\Windows\System\dRCkkFL.exe

C:\Windows\System\XFsiUpg.exe

C:\Windows\System\XFsiUpg.exe

C:\Windows\System\enPwdvV.exe

C:\Windows\System\enPwdvV.exe

C:\Windows\System\KhUXmJy.exe

C:\Windows\System\KhUXmJy.exe

C:\Windows\System\neWxeLp.exe

C:\Windows\System\neWxeLp.exe

C:\Windows\System\CnvVfoG.exe

C:\Windows\System\CnvVfoG.exe

C:\Windows\System\NsLiRSp.exe

C:\Windows\System\NsLiRSp.exe

C:\Windows\System\EFawhXo.exe

C:\Windows\System\EFawhXo.exe

C:\Windows\System\CxdAXbg.exe

C:\Windows\System\CxdAXbg.exe

C:\Windows\System\abJCLUo.exe

C:\Windows\System\abJCLUo.exe

C:\Windows\System\DxZOYKn.exe

C:\Windows\System\DxZOYKn.exe

C:\Windows\System\joJkZaV.exe

C:\Windows\System\joJkZaV.exe

C:\Windows\System\ZiNuyUh.exe

C:\Windows\System\ZiNuyUh.exe

C:\Windows\System\lheoKfn.exe

C:\Windows\System\lheoKfn.exe

C:\Windows\System\qrtmMKw.exe

C:\Windows\System\qrtmMKw.exe

C:\Windows\System\trWjWVV.exe

C:\Windows\System\trWjWVV.exe

C:\Windows\System\ABqpVtg.exe

C:\Windows\System\ABqpVtg.exe

C:\Windows\System\vlQMOHW.exe

C:\Windows\System\vlQMOHW.exe

C:\Windows\System\bEPTNOx.exe

C:\Windows\System\bEPTNOx.exe

C:\Windows\System\IXawElZ.exe

C:\Windows\System\IXawElZ.exe

C:\Windows\System\JAPcUhd.exe

C:\Windows\System\JAPcUhd.exe

C:\Windows\System\aEyLfDR.exe

C:\Windows\System\aEyLfDR.exe

C:\Windows\System\FLRRVUA.exe

C:\Windows\System\FLRRVUA.exe

C:\Windows\System\XVXlClY.exe

C:\Windows\System\XVXlClY.exe

C:\Windows\System\DhFEuBl.exe

C:\Windows\System\DhFEuBl.exe

C:\Windows\System\NbhpPZz.exe

C:\Windows\System\NbhpPZz.exe

C:\Windows\System\OZJSWHG.exe

C:\Windows\System\OZJSWHG.exe

C:\Windows\System\LtxPGZa.exe

C:\Windows\System\LtxPGZa.exe

C:\Windows\System\xiGUoRF.exe

C:\Windows\System\xiGUoRF.exe

C:\Windows\System\SxDwMDG.exe

C:\Windows\System\SxDwMDG.exe

C:\Windows\System\EnnMsjx.exe

C:\Windows\System\EnnMsjx.exe

C:\Windows\System\wuqNbdF.exe

C:\Windows\System\wuqNbdF.exe

C:\Windows\System\hrCozkG.exe

C:\Windows\System\hrCozkG.exe

C:\Windows\System\gQDgjvA.exe

C:\Windows\System\gQDgjvA.exe

C:\Windows\System\yqFLeCA.exe

C:\Windows\System\yqFLeCA.exe

C:\Windows\System\nSDFwOl.exe

C:\Windows\System\nSDFwOl.exe

C:\Windows\System\gSJjYjo.exe

C:\Windows\System\gSJjYjo.exe

C:\Windows\System\riKEjZL.exe

C:\Windows\System\riKEjZL.exe

C:\Windows\System\iOzFucI.exe

C:\Windows\System\iOzFucI.exe

C:\Windows\System\MHidiqU.exe

C:\Windows\System\MHidiqU.exe

C:\Windows\System\Uaobdus.exe

C:\Windows\System\Uaobdus.exe

C:\Windows\System\XkVwTZU.exe

C:\Windows\System\XkVwTZU.exe

C:\Windows\System\jZxAFEi.exe

C:\Windows\System\jZxAFEi.exe

C:\Windows\System\svLbZRm.exe

C:\Windows\System\svLbZRm.exe

C:\Windows\System\RMVVTua.exe

C:\Windows\System\RMVVTua.exe

C:\Windows\System\iVTJDrL.exe

C:\Windows\System\iVTJDrL.exe

C:\Windows\System\XfpovXv.exe

C:\Windows\System\XfpovXv.exe

C:\Windows\System\GEjRdxa.exe

C:\Windows\System\GEjRdxa.exe

C:\Windows\System\sByQoiH.exe

C:\Windows\System\sByQoiH.exe

C:\Windows\System\mxdYdjA.exe

C:\Windows\System\mxdYdjA.exe

C:\Windows\System\lFAdUHD.exe

C:\Windows\System\lFAdUHD.exe

C:\Windows\System\pTVWrDQ.exe

C:\Windows\System\pTVWrDQ.exe

C:\Windows\System\uNlXsrD.exe

C:\Windows\System\uNlXsrD.exe

C:\Windows\System\cOITRLz.exe

C:\Windows\System\cOITRLz.exe

C:\Windows\System\rXFegRz.exe

C:\Windows\System\rXFegRz.exe

C:\Windows\System\tBwKJfP.exe

C:\Windows\System\tBwKJfP.exe

C:\Windows\System\ujkTqzb.exe

C:\Windows\System\ujkTqzb.exe

C:\Windows\System\BCBMowT.exe

C:\Windows\System\BCBMowT.exe

C:\Windows\System\kihlOpk.exe

C:\Windows\System\kihlOpk.exe

C:\Windows\System\AijYDPH.exe

C:\Windows\System\AijYDPH.exe

C:\Windows\System\wbudRKh.exe

C:\Windows\System\wbudRKh.exe

C:\Windows\System\rBOgmAD.exe

C:\Windows\System\rBOgmAD.exe

C:\Windows\System\bSzxDbf.exe

C:\Windows\System\bSzxDbf.exe

C:\Windows\System\WOBwbVE.exe

C:\Windows\System\WOBwbVE.exe

C:\Windows\System\rhnpmGd.exe

C:\Windows\System\rhnpmGd.exe

C:\Windows\System\YCiUrpf.exe

C:\Windows\System\YCiUrpf.exe

C:\Windows\System\NyHyneV.exe

C:\Windows\System\NyHyneV.exe

C:\Windows\System\RkvzsUU.exe

C:\Windows\System\RkvzsUU.exe

C:\Windows\System\zwxyflU.exe

C:\Windows\System\zwxyflU.exe

C:\Windows\System\cmhcaAq.exe

C:\Windows\System\cmhcaAq.exe

C:\Windows\System\BFlhMYo.exe

C:\Windows\System\BFlhMYo.exe

C:\Windows\System\oXkApcH.exe

C:\Windows\System\oXkApcH.exe

C:\Windows\System\DmMURRj.exe

C:\Windows\System\DmMURRj.exe

C:\Windows\System\RbHjdYq.exe

C:\Windows\System\RbHjdYq.exe

C:\Windows\System\jPSeIjb.exe

C:\Windows\System\jPSeIjb.exe

C:\Windows\System\OMmTMyk.exe

C:\Windows\System\OMmTMyk.exe

C:\Windows\System\faEjPlP.exe

C:\Windows\System\faEjPlP.exe

C:\Windows\System\RZLOpIp.exe

C:\Windows\System\RZLOpIp.exe

C:\Windows\System\SGQJTbc.exe

C:\Windows\System\SGQJTbc.exe

C:\Windows\System\hQhtjtf.exe

C:\Windows\System\hQhtjtf.exe

C:\Windows\System\XTPIOlx.exe

C:\Windows\System\XTPIOlx.exe

C:\Windows\System\CDwIKVS.exe

C:\Windows\System\CDwIKVS.exe

C:\Windows\System\HdDRifg.exe

C:\Windows\System\HdDRifg.exe

C:\Windows\System\VnzWHvQ.exe

C:\Windows\System\VnzWHvQ.exe

C:\Windows\System\yKPhNts.exe

C:\Windows\System\yKPhNts.exe

C:\Windows\System\vIfuzne.exe

C:\Windows\System\vIfuzne.exe

C:\Windows\System\hamrGFF.exe

C:\Windows\System\hamrGFF.exe

C:\Windows\System\NKbjOXz.exe

C:\Windows\System\NKbjOXz.exe

C:\Windows\System\XnQSSxe.exe

C:\Windows\System\XnQSSxe.exe

C:\Windows\System\ZZQGorR.exe

C:\Windows\System\ZZQGorR.exe

C:\Windows\System\rxqXOHS.exe

C:\Windows\System\rxqXOHS.exe

C:\Windows\System\JbusLpf.exe

C:\Windows\System\JbusLpf.exe

C:\Windows\System\LaJcvyO.exe

C:\Windows\System\LaJcvyO.exe

C:\Windows\System\RwSlXnM.exe

C:\Windows\System\RwSlXnM.exe

C:\Windows\System\cWTeeIQ.exe

C:\Windows\System\cWTeeIQ.exe

C:\Windows\System\njYbKLJ.exe

C:\Windows\System\njYbKLJ.exe

C:\Windows\System\PeSahko.exe

C:\Windows\System\PeSahko.exe

C:\Windows\System\sKUjZuz.exe

C:\Windows\System\sKUjZuz.exe

C:\Windows\System\fCDEqff.exe

C:\Windows\System\fCDEqff.exe

C:\Windows\System\gjAatMa.exe

C:\Windows\System\gjAatMa.exe

C:\Windows\System\sQEnLVc.exe

C:\Windows\System\sQEnLVc.exe

C:\Windows\System\JQQsDFv.exe

C:\Windows\System\JQQsDFv.exe

C:\Windows\System\fOGWizF.exe

C:\Windows\System\fOGWizF.exe

C:\Windows\System\hNGAkhe.exe

C:\Windows\System\hNGAkhe.exe

C:\Windows\System\CoNPsuR.exe

C:\Windows\System\CoNPsuR.exe

C:\Windows\System\qknvaaY.exe

C:\Windows\System\qknvaaY.exe

C:\Windows\System\bBaJxhf.exe

C:\Windows\System\bBaJxhf.exe

C:\Windows\System\vaMAlOu.exe

C:\Windows\System\vaMAlOu.exe

C:\Windows\System\ZCTKOlb.exe

C:\Windows\System\ZCTKOlb.exe

C:\Windows\System\TthfQGT.exe

C:\Windows\System\TthfQGT.exe

C:\Windows\System\lQvnNOH.exe

C:\Windows\System\lQvnNOH.exe

C:\Windows\System\tPpYOZV.exe

C:\Windows\System\tPpYOZV.exe

C:\Windows\System\Gqbwtmp.exe

C:\Windows\System\Gqbwtmp.exe

C:\Windows\System\sJMYrBr.exe

C:\Windows\System\sJMYrBr.exe

C:\Windows\System\ZmajzWU.exe

C:\Windows\System\ZmajzWU.exe

C:\Windows\System\dGdoELp.exe

C:\Windows\System\dGdoELp.exe

C:\Windows\System\jomiWXv.exe

C:\Windows\System\jomiWXv.exe

C:\Windows\System\fxYfpYl.exe

C:\Windows\System\fxYfpYl.exe

C:\Windows\System\nCsimja.exe

C:\Windows\System\nCsimja.exe

C:\Windows\System\DfNoPHo.exe

C:\Windows\System\DfNoPHo.exe

C:\Windows\System\bWAgboD.exe

C:\Windows\System\bWAgboD.exe

C:\Windows\System\JDgHyLm.exe

C:\Windows\System\JDgHyLm.exe

C:\Windows\System\IwaMlZM.exe

C:\Windows\System\IwaMlZM.exe

C:\Windows\System\SwsPBop.exe

C:\Windows\System\SwsPBop.exe

C:\Windows\System\UBnGzud.exe

C:\Windows\System\UBnGzud.exe

C:\Windows\System\jJqMnSQ.exe

C:\Windows\System\jJqMnSQ.exe

C:\Windows\System\BGhjcmB.exe

C:\Windows\System\BGhjcmB.exe

C:\Windows\System\AlyDmSV.exe

C:\Windows\System\AlyDmSV.exe

C:\Windows\System\YivNMfr.exe

C:\Windows\System\YivNMfr.exe

C:\Windows\System\uSlkkqZ.exe

C:\Windows\System\uSlkkqZ.exe

C:\Windows\System\oGWOeMn.exe

C:\Windows\System\oGWOeMn.exe

C:\Windows\System\NyHMYlE.exe

C:\Windows\System\NyHMYlE.exe

C:\Windows\System\sZusLQm.exe

C:\Windows\System\sZusLQm.exe

C:\Windows\System\NTaRFsn.exe

C:\Windows\System\NTaRFsn.exe

C:\Windows\System\mZJZFUX.exe

C:\Windows\System\mZJZFUX.exe

C:\Windows\System\KOBKVVr.exe

C:\Windows\System\KOBKVVr.exe

C:\Windows\System\qwKoDWf.exe

C:\Windows\System\qwKoDWf.exe

C:\Windows\System\sQqIYme.exe

C:\Windows\System\sQqIYme.exe

C:\Windows\System\GZWJhQc.exe

C:\Windows\System\GZWJhQc.exe

C:\Windows\System\yXoyOke.exe

C:\Windows\System\yXoyOke.exe

C:\Windows\System\lzoFlnk.exe

C:\Windows\System\lzoFlnk.exe

C:\Windows\System\ASfcMkn.exe

C:\Windows\System\ASfcMkn.exe

C:\Windows\System\mwhIRQT.exe

C:\Windows\System\mwhIRQT.exe

C:\Windows\System\gWvetBH.exe

C:\Windows\System\gWvetBH.exe

C:\Windows\System\onfxzVK.exe

C:\Windows\System\onfxzVK.exe

C:\Windows\System\qBuIcRV.exe

C:\Windows\System\qBuIcRV.exe

C:\Windows\System\IaanjPM.exe

C:\Windows\System\IaanjPM.exe

C:\Windows\System\nseUjPp.exe

C:\Windows\System\nseUjPp.exe

C:\Windows\System\wRlrtul.exe

C:\Windows\System\wRlrtul.exe

C:\Windows\System\KpbDIIk.exe

C:\Windows\System\KpbDIIk.exe

C:\Windows\System\hedRcsF.exe

C:\Windows\System\hedRcsF.exe

C:\Windows\System\kdSoSoT.exe

C:\Windows\System\kdSoSoT.exe

C:\Windows\System\NiXyGMl.exe

C:\Windows\System\NiXyGMl.exe

C:\Windows\System\RmQkXjR.exe

C:\Windows\System\RmQkXjR.exe

C:\Windows\System\WeTUlnK.exe

C:\Windows\System\WeTUlnK.exe

C:\Windows\System\MBjJGXK.exe

C:\Windows\System\MBjJGXK.exe

C:\Windows\System\RuhRodN.exe

C:\Windows\System\RuhRodN.exe

C:\Windows\System\FEUJXcL.exe

C:\Windows\System\FEUJXcL.exe

C:\Windows\System\EIARCuW.exe

C:\Windows\System\EIARCuW.exe

C:\Windows\System\cFAbBni.exe

C:\Windows\System\cFAbBni.exe

C:\Windows\System\iKlPnhH.exe

C:\Windows\System\iKlPnhH.exe

C:\Windows\System\oIiXRGl.exe

C:\Windows\System\oIiXRGl.exe

C:\Windows\System\yLcUnPr.exe

C:\Windows\System\yLcUnPr.exe

C:\Windows\System\CvfnMQu.exe

C:\Windows\System\CvfnMQu.exe

C:\Windows\System\RxVTgGX.exe

C:\Windows\System\RxVTgGX.exe

C:\Windows\System\gLhLecZ.exe

C:\Windows\System\gLhLecZ.exe

C:\Windows\System\ouKUIXp.exe

C:\Windows\System\ouKUIXp.exe

C:\Windows\System\sKAWCUo.exe

C:\Windows\System\sKAWCUo.exe

C:\Windows\System\SSZKAFY.exe

C:\Windows\System\SSZKAFY.exe

C:\Windows\System\pFHrjxC.exe

C:\Windows\System\pFHrjxC.exe

C:\Windows\System\EbFZOSN.exe

C:\Windows\System\EbFZOSN.exe

C:\Windows\System\eVPRfoi.exe

C:\Windows\System\eVPRfoi.exe

C:\Windows\System\BYilsPk.exe

C:\Windows\System\BYilsPk.exe

C:\Windows\System\LvrEZYd.exe

C:\Windows\System\LvrEZYd.exe

C:\Windows\System\XQDbuOd.exe

C:\Windows\System\XQDbuOd.exe

C:\Windows\System\zEGmQAK.exe

C:\Windows\System\zEGmQAK.exe

C:\Windows\System\yFHnOZD.exe

C:\Windows\System\yFHnOZD.exe

C:\Windows\System\exNJgzK.exe

C:\Windows\System\exNJgzK.exe

C:\Windows\System\gtfcCUX.exe

C:\Windows\System\gtfcCUX.exe

C:\Windows\System\kMamkNW.exe

C:\Windows\System\kMamkNW.exe

C:\Windows\System\dqwrqZq.exe

C:\Windows\System\dqwrqZq.exe

C:\Windows\System\lFUtiov.exe

C:\Windows\System\lFUtiov.exe

C:\Windows\System\nRTGNCz.exe

C:\Windows\System\nRTGNCz.exe

C:\Windows\System\cjhsSpr.exe

C:\Windows\System\cjhsSpr.exe

C:\Windows\System\eCEfhps.exe

C:\Windows\System\eCEfhps.exe

C:\Windows\System\pMNjjfI.exe

C:\Windows\System\pMNjjfI.exe

C:\Windows\System\asWWlhV.exe

C:\Windows\System\asWWlhV.exe

C:\Windows\System\FaufROa.exe

C:\Windows\System\FaufROa.exe

C:\Windows\System\kTTLTAU.exe

C:\Windows\System\kTTLTAU.exe

C:\Windows\System\IiOwJYV.exe

C:\Windows\System\IiOwJYV.exe

C:\Windows\System\XrpScLy.exe

C:\Windows\System\XrpScLy.exe

C:\Windows\System\YTSMVbm.exe

C:\Windows\System\YTSMVbm.exe

C:\Windows\System\GtxXSXq.exe

C:\Windows\System\GtxXSXq.exe

C:\Windows\System\QRqUgiD.exe

C:\Windows\System\QRqUgiD.exe

C:\Windows\System\YoMiFGp.exe

C:\Windows\System\YoMiFGp.exe

C:\Windows\System\dcgeXMo.exe

C:\Windows\System\dcgeXMo.exe

C:\Windows\System\UKDqJyW.exe

C:\Windows\System\UKDqJyW.exe

C:\Windows\System\fpvRFTJ.exe

C:\Windows\System\fpvRFTJ.exe

C:\Windows\System\rBdtsQo.exe

C:\Windows\System\rBdtsQo.exe

C:\Windows\System\KvJXWud.exe

C:\Windows\System\KvJXWud.exe

C:\Windows\System\jDIWJnU.exe

C:\Windows\System\jDIWJnU.exe

C:\Windows\System\EzaSeeK.exe

C:\Windows\System\EzaSeeK.exe

C:\Windows\System\nyRmdBn.exe

C:\Windows\System\nyRmdBn.exe

C:\Windows\System\ZprKNHm.exe

C:\Windows\System\ZprKNHm.exe

C:\Windows\System\buFUyHr.exe

C:\Windows\System\buFUyHr.exe

C:\Windows\System\VlWgnoP.exe

C:\Windows\System\VlWgnoP.exe

C:\Windows\System\murJcIZ.exe

C:\Windows\System\murJcIZ.exe

C:\Windows\System\cJflDYl.exe

C:\Windows\System\cJflDYl.exe

C:\Windows\System\ThrpkMZ.exe

C:\Windows\System\ThrpkMZ.exe

C:\Windows\System\qGhNgzT.exe

C:\Windows\System\qGhNgzT.exe

C:\Windows\System\EeYfsjR.exe

C:\Windows\System\EeYfsjR.exe

C:\Windows\System\ZcVXawR.exe

C:\Windows\System\ZcVXawR.exe

C:\Windows\System\BjQBmce.exe

C:\Windows\System\BjQBmce.exe

C:\Windows\System\jcTfkkr.exe

C:\Windows\System\jcTfkkr.exe

C:\Windows\System\ltJDlQE.exe

C:\Windows\System\ltJDlQE.exe

C:\Windows\System\GykECUt.exe

C:\Windows\System\GykECUt.exe

C:\Windows\System\mPAtyfZ.exe

C:\Windows\System\mPAtyfZ.exe

C:\Windows\System\dzFqVEV.exe

C:\Windows\System\dzFqVEV.exe

C:\Windows\System\opznJTg.exe

C:\Windows\System\opznJTg.exe

C:\Windows\System\GTNguOJ.exe

C:\Windows\System\GTNguOJ.exe

C:\Windows\System\PmLnfSU.exe

C:\Windows\System\PmLnfSU.exe

C:\Windows\System\bLFoGfD.exe

C:\Windows\System\bLFoGfD.exe

C:\Windows\System\sCLYQOz.exe

C:\Windows\System\sCLYQOz.exe

C:\Windows\System\khAysQF.exe

C:\Windows\System\khAysQF.exe

C:\Windows\System\roDKpFz.exe

C:\Windows\System\roDKpFz.exe

C:\Windows\System\cSVzIdO.exe

C:\Windows\System\cSVzIdO.exe

C:\Windows\System\cOMbIjQ.exe

C:\Windows\System\cOMbIjQ.exe

C:\Windows\System\obfdhBd.exe

C:\Windows\System\obfdhBd.exe

C:\Windows\System\BKbnOoS.exe

C:\Windows\System\BKbnOoS.exe

C:\Windows\System\RsNUBfv.exe

C:\Windows\System\RsNUBfv.exe

C:\Windows\System\NeLrUtY.exe

C:\Windows\System\NeLrUtY.exe

C:\Windows\System\lYmiMbo.exe

C:\Windows\System\lYmiMbo.exe

C:\Windows\System\kbUgwgA.exe

C:\Windows\System\kbUgwgA.exe

C:\Windows\System\kITLKKI.exe

C:\Windows\System\kITLKKI.exe

C:\Windows\System\UagAias.exe

C:\Windows\System\UagAias.exe

C:\Windows\System\mIqErFE.exe

C:\Windows\System\mIqErFE.exe

C:\Windows\System\yWWnsKH.exe

C:\Windows\System\yWWnsKH.exe

C:\Windows\System\xTvwqJf.exe

C:\Windows\System\xTvwqJf.exe

C:\Windows\System\NonEchP.exe

C:\Windows\System\NonEchP.exe

C:\Windows\System\PujuKAL.exe

C:\Windows\System\PujuKAL.exe

C:\Windows\System\oxqcHYC.exe

C:\Windows\System\oxqcHYC.exe

C:\Windows\System\wZOqbQb.exe

C:\Windows\System\wZOqbQb.exe

C:\Windows\System\hReLpBW.exe

C:\Windows\System\hReLpBW.exe

C:\Windows\System\MSQmSxu.exe

C:\Windows\System\MSQmSxu.exe

C:\Windows\System\qjjbgAk.exe

C:\Windows\System\qjjbgAk.exe

C:\Windows\System\lWLmOIT.exe

C:\Windows\System\lWLmOIT.exe

C:\Windows\System\vswDfrw.exe

C:\Windows\System\vswDfrw.exe

C:\Windows\System\vwlXIEP.exe

C:\Windows\System\vwlXIEP.exe

C:\Windows\System\YkPKHmS.exe

C:\Windows\System\YkPKHmS.exe

C:\Windows\System\xlSnJlh.exe

C:\Windows\System\xlSnJlh.exe

C:\Windows\System\fmWmBkQ.exe

C:\Windows\System\fmWmBkQ.exe

C:\Windows\System\YMdDDmi.exe

C:\Windows\System\YMdDDmi.exe

C:\Windows\System\JELZpvm.exe

C:\Windows\System\JELZpvm.exe

C:\Windows\System\fZYueCg.exe

C:\Windows\System\fZYueCg.exe

C:\Windows\System\SmCKxyH.exe

C:\Windows\System\SmCKxyH.exe

C:\Windows\System\mVZAkDR.exe

C:\Windows\System\mVZAkDR.exe

C:\Windows\System\zqfIkjz.exe

C:\Windows\System\zqfIkjz.exe

C:\Windows\System\ytTpprT.exe

C:\Windows\System\ytTpprT.exe

C:\Windows\System\eEuowUd.exe

C:\Windows\System\eEuowUd.exe

C:\Windows\System\lGLIfYX.exe

C:\Windows\System\lGLIfYX.exe

C:\Windows\System\pjCpNlW.exe

C:\Windows\System\pjCpNlW.exe

C:\Windows\System\LpzYsuI.exe

C:\Windows\System\LpzYsuI.exe

C:\Windows\System\IFvqRDp.exe

C:\Windows\System\IFvqRDp.exe

C:\Windows\System\UOwzuuH.exe

C:\Windows\System\UOwzuuH.exe

C:\Windows\System\ipUDzsP.exe

C:\Windows\System\ipUDzsP.exe

C:\Windows\System\nrDVuEm.exe

C:\Windows\System\nrDVuEm.exe

C:\Windows\System\xMrmqBH.exe

C:\Windows\System\xMrmqBH.exe

C:\Windows\System\JUkHmti.exe

C:\Windows\System\JUkHmti.exe

C:\Windows\System\uqIrNpu.exe

C:\Windows\System\uqIrNpu.exe

C:\Windows\System\UFkveAg.exe

C:\Windows\System\UFkveAg.exe

C:\Windows\System\rkbFqNz.exe

C:\Windows\System\rkbFqNz.exe

C:\Windows\System\TirTpnj.exe

C:\Windows\System\TirTpnj.exe

C:\Windows\System\sEWHlPt.exe

C:\Windows\System\sEWHlPt.exe

C:\Windows\System\egxXiyU.exe

C:\Windows\System\egxXiyU.exe

C:\Windows\System\KjtlxDT.exe

C:\Windows\System\KjtlxDT.exe

C:\Windows\System\HnKmLeZ.exe

C:\Windows\System\HnKmLeZ.exe

C:\Windows\System\TUowRtl.exe

C:\Windows\System\TUowRtl.exe

C:\Windows\System\KkhlFgc.exe

C:\Windows\System\KkhlFgc.exe

C:\Windows\System\xjOCkmz.exe

C:\Windows\System\xjOCkmz.exe

C:\Windows\System\eQBiXpX.exe

C:\Windows\System\eQBiXpX.exe

C:\Windows\System\EKEOyKV.exe

C:\Windows\System\EKEOyKV.exe

C:\Windows\System\BfAMgLQ.exe

C:\Windows\System\BfAMgLQ.exe

C:\Windows\System\zKKkZKP.exe

C:\Windows\System\zKKkZKP.exe

C:\Windows\System\BMdCRWz.exe

C:\Windows\System\BMdCRWz.exe

C:\Windows\System\OZStZUW.exe

C:\Windows\System\OZStZUW.exe

C:\Windows\System\AahCNPw.exe

C:\Windows\System\AahCNPw.exe

C:\Windows\System\MMCAFEL.exe

C:\Windows\System\MMCAFEL.exe

C:\Windows\System\hzSDrco.exe

C:\Windows\System\hzSDrco.exe

C:\Windows\System\TAlYbRg.exe

C:\Windows\System\TAlYbRg.exe

C:\Windows\System\wPJcEoO.exe

C:\Windows\System\wPJcEoO.exe

C:\Windows\System\XGXghCn.exe

C:\Windows\System\XGXghCn.exe

C:\Windows\System\ayMUVYI.exe

C:\Windows\System\ayMUVYI.exe

C:\Windows\System\uamoDMb.exe

C:\Windows\System\uamoDMb.exe

C:\Windows\System\xjAsdCP.exe

C:\Windows\System\xjAsdCP.exe

C:\Windows\System\uRJDvcD.exe

C:\Windows\System\uRJDvcD.exe

C:\Windows\System\sbDtvdt.exe

C:\Windows\System\sbDtvdt.exe

C:\Windows\System\ExWQseZ.exe

C:\Windows\System\ExWQseZ.exe

C:\Windows\System\wMRkzsw.exe

C:\Windows\System\wMRkzsw.exe

C:\Windows\System\SrSZfms.exe

C:\Windows\System\SrSZfms.exe

C:\Windows\System\OiPbSzm.exe

C:\Windows\System\OiPbSzm.exe

C:\Windows\System\KTHriuC.exe

C:\Windows\System\KTHriuC.exe

C:\Windows\System\BsjqknH.exe

C:\Windows\System\BsjqknH.exe

C:\Windows\System\TbNdhBU.exe

C:\Windows\System\TbNdhBU.exe

C:\Windows\System\pGetZDe.exe

C:\Windows\System\pGetZDe.exe

C:\Windows\System\woZYxPC.exe

C:\Windows\System\woZYxPC.exe

C:\Windows\System\GskgMKI.exe

C:\Windows\System\GskgMKI.exe

C:\Windows\System\gXdtAHD.exe

C:\Windows\System\gXdtAHD.exe

C:\Windows\System\EXDByDt.exe

C:\Windows\System\EXDByDt.exe

C:\Windows\System\gdcBRxZ.exe

C:\Windows\System\gdcBRxZ.exe

C:\Windows\System\nNtGDfg.exe

C:\Windows\System\nNtGDfg.exe

C:\Windows\System\fithbik.exe

C:\Windows\System\fithbik.exe

C:\Windows\System\crnVSmN.exe

C:\Windows\System\crnVSmN.exe

C:\Windows\System\cgESZbO.exe

C:\Windows\System\cgESZbO.exe

C:\Windows\System\qhdAudS.exe

C:\Windows\System\qhdAudS.exe

C:\Windows\System\dBMBpzv.exe

C:\Windows\System\dBMBpzv.exe

C:\Windows\System\apxRbDa.exe

C:\Windows\System\apxRbDa.exe

C:\Windows\System\JdcQicT.exe

C:\Windows\System\JdcQicT.exe

C:\Windows\System\pGufnvw.exe

C:\Windows\System\pGufnvw.exe

C:\Windows\System\YuMPEan.exe

C:\Windows\System\YuMPEan.exe

C:\Windows\System\LKvffTZ.exe

C:\Windows\System\LKvffTZ.exe

C:\Windows\System\ppgninJ.exe

C:\Windows\System\ppgninJ.exe

C:\Windows\System\IQCKlND.exe

C:\Windows\System\IQCKlND.exe

C:\Windows\System\iJPkTJy.exe

C:\Windows\System\iJPkTJy.exe

C:\Windows\System\NfSvmil.exe

C:\Windows\System\NfSvmil.exe

C:\Windows\System\ujNBjhN.exe

C:\Windows\System\ujNBjhN.exe

C:\Windows\System\OGNBYEg.exe

C:\Windows\System\OGNBYEg.exe

C:\Windows\System\BQKoBfR.exe

C:\Windows\System\BQKoBfR.exe

C:\Windows\System\FLuVDGS.exe

C:\Windows\System\FLuVDGS.exe

C:\Windows\System\DQMbpIf.exe

C:\Windows\System\DQMbpIf.exe

C:\Windows\System\ueRokjw.exe

C:\Windows\System\ueRokjw.exe

C:\Windows\System\WYopfZX.exe

C:\Windows\System\WYopfZX.exe

C:\Windows\System\fmrbGgn.exe

C:\Windows\System\fmrbGgn.exe

C:\Windows\System\ovSyfaZ.exe

C:\Windows\System\ovSyfaZ.exe

C:\Windows\System\SorfRTf.exe

C:\Windows\System\SorfRTf.exe

C:\Windows\System\GNHvgoX.exe

C:\Windows\System\GNHvgoX.exe

C:\Windows\System\faHtSEw.exe

C:\Windows\System\faHtSEw.exe

C:\Windows\System\iiiZkyZ.exe

C:\Windows\System\iiiZkyZ.exe

C:\Windows\System\aAhmvKG.exe

C:\Windows\System\aAhmvKG.exe

C:\Windows\System\LgVvqtH.exe

C:\Windows\System\LgVvqtH.exe

C:\Windows\System\DriaJoj.exe

C:\Windows\System\DriaJoj.exe

C:\Windows\System\WTofgio.exe

C:\Windows\System\WTofgio.exe

C:\Windows\System\NMhHHJe.exe

C:\Windows\System\NMhHHJe.exe

C:\Windows\System\GHuOmRw.exe

C:\Windows\System\GHuOmRw.exe

C:\Windows\System\KOZHnEK.exe

C:\Windows\System\KOZHnEK.exe

C:\Windows\System\nwozxjX.exe

C:\Windows\System\nwozxjX.exe

C:\Windows\System\FhxiPjq.exe

C:\Windows\System\FhxiPjq.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 88.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/1616-0-0x00007FF7D82A0000-0x00007FF7D85F1000-memory.dmp

memory/1616-1-0x000001A267DF0000-0x000001A267E00000-memory.dmp

C:\Windows\System\CRSObIr.exe

MD5 7c3fc1a8ec2b9389e5d649183f76fcfc
SHA1 a8cad83099da2bf651da3bfe373e92b146390c1f
SHA256 bfaac408e284e306b354c64bcfb00da320a0276fa5fce30b9d63da9019928364
SHA512 70ea1f4f8d57307d90f2c5112a95325fa2d7e4f41d8b34146dd6460f301ae4a71c8b4d4d873eb6d06bdad0a5822a279fb6389fb2ed7e00616098075269d566f0

memory/4400-8-0x00007FF68BFF0000-0x00007FF68C341000-memory.dmp

C:\Windows\System\SIFBsrc.exe

MD5 f44100880b263ae449cc637b8cf1cc45
SHA1 a975f851b40a30ad583467f516e36441e125f305
SHA256 547643e9d28242949086319c4ac83eddce85f51824f385d95e564072838ece98
SHA512 48371d73bac42e253441bce1c20ca0bddc380e903d6ad2ca0f4edc7f8d8e1de7174210eec383ddc6d5ea94373f8e2567c7216342b7af2a1dafc20663c13154e8

C:\Windows\System\AHzZAtk.exe

MD5 7066de9c7679401ecc0b6b456b99aabe
SHA1 8cd11355a0ed9849ca3a420a1f43d9361e4743ee
SHA256 c56c07401945758dea42f2df76ec284d8972d5c79bbef6fc3aa4a8d56b0d1f14
SHA512 d77d18dbb29dea594d4903dcd6c38a503274f7e573e7f12b0aa4b09256cccecf47479ceb9b64d92fd5dd034830832d5005b374b960ae9bc10e0a6add525bb0dc

memory/1504-16-0x00007FF6DA200000-0x00007FF6DA551000-memory.dmp

C:\Windows\System\LWTWoHc.exe

MD5 98be301e3c7b248d0ddfdc1d86046ed8
SHA1 82a5b8cf5f5ccfa269bec4a4dcdcf9a19023a7ae
SHA256 13857e8b76b139434a3d5b16fb9f802d0e2c99813b555a8219d46cb06b6b564f
SHA512 4eccebac55936106aa6988f6f097430928839d778e1756ea6bd35ef11425bbeb5a9cec062c3afde78590cffd846930253c897f0f3ac02b9465e7ae9e8e8135f7

C:\Windows\System\PyIGTpC.exe

MD5 9e0626534b02d74213f2f2be43a4db6e
SHA1 fba4d26af3a6a046db8c0961c08c8576d99b262b
SHA256 460c4fd4febf1ed247dc382a653873f53eef60558021e5cf5bb346b38434c4d6
SHA512 539e280b44e5cf96aa13d39204a31c158b2d7fec8251b5dae9e15e5d4222c50842c4bc27df4071e22c9fcc388e8ec540ba4db733e85e0d553518697739dd96c7

memory/1900-43-0x00007FF6273D0000-0x00007FF627721000-memory.dmp

memory/2104-48-0x00007FF7E1BB0000-0x00007FF7E1F01000-memory.dmp

memory/4044-60-0x00007FF7CA4A0000-0x00007FF7CA7F1000-memory.dmp

C:\Windows\System\iJFaxsm.exe

MD5 7e5db0ac6cb73d6059634798c0bf5e5c
SHA1 0c0963c4a6f8311a95464839399b6e49250b84cb
SHA256 ebe083e953c7b300372831a21601a5934d8f931c80ef7dc3bf1a2a2267aaf58c
SHA512 5276daecd237377d9d7c4bd8ef25107dc779762cfd274f771edd3c697c6e875e59abff6c239f9167b72eebab892523bef13fce33846e6e6822e251c71bd076f1

C:\Windows\System\rWCstGe.exe

MD5 636f40789c019566b21033475af96e21
SHA1 cb8fbba0d3d4ca536f6b6b4c9bda92b78af4eabf
SHA256 05ba6f56833dead2a3493d9256a356703e7e79bba8e506ba419f78d05761143d
SHA512 e2dfcb682b8ffb074c37f0cc8bf1119551329bd0d7bc8cfb57e057e58203feb595201674f30ab26f22e1d43a88054f5a434e9c947ec70c839cd2f77da7bfd75a

C:\Windows\System\rExiqLB.exe

MD5 48a9699dbfb940f69636c8d35d91eb18
SHA1 8659d8d90a683c136270cb27a55418ef7fad1dca
SHA256 9a4642de2dd1b9ae218b2246786ba2af5ee1a928df7339edaad14457703eb248
SHA512 764f77956433490451cbf1a89a97da8d822545fe17106af172a2e1f508fd02101fa2b8602053cea592b1a4601da4cfceaf6329d2c27927d008bf7fffb2cefac7

memory/1384-51-0x00007FF7FA740000-0x00007FF7FAA91000-memory.dmp

C:\Windows\System\EnmGmPO.exe

MD5 22462bf2811615dc441c766f6602bb3c
SHA1 4db27fe2173d733fa3b4f0bce3d020615871ba1a
SHA256 b8f6a35839449f3dc489d7274728ac6f9260bda0f48c12c60744de1b9962ba32
SHA512 776d45022c9c4ac51350d5042b953e3b4f7124800b5e59110751da399d0f27a9126540fdc4cc3a120763c85ea7a3373e4a95a95181ae19e936e6d2938e8bcf85

C:\Windows\System\XkrhuiD.exe

MD5 5f90e608f35039a13601f34dd5c3a87e
SHA1 6d451b5c9aa5b0ef87d4ec627055e3c18168612c
SHA256 a7acdaa241abb919a54d1112d020286aacf802619255d5de896287555d1ef981
SHA512 2ab4268e222239222b20136818034945bbf75531c857b3ef7dafa5a04b79a783cf071a46bd158ea7bdea2fa7dd35221c06c494d939bdeae2ffd622a42c14b5f8

C:\Windows\System\bwkfRfY.exe

MD5 aceadec3173dc061a9b8d3075f7267a7
SHA1 a8dc51308450d894c0827562d7c1117e3311dd77
SHA256 88fed837093af361d32dd1c5c9ff6dc204859907ec856b812b4237ad048c2477
SHA512 d21fdde2bca72d81897f834995b620815649df54a106cbd30543162f71f09e0df9e034aa036c2ca46a622ca4fad741ff92c0aa93ce4a4ef7e3884d52becc566b

C:\Windows\System\dOJPsdM.exe

MD5 6697cdd32ae9b22cf8dd294e7eb1b25b
SHA1 6099c2e5a33bc902453a7229103fc18234bc8cc8
SHA256 30afefe665c0294532faa16a14332ce3e3f22a75dc4f191af588321f456ed781
SHA512 7b32f802236668d292565c3f6160c7a46580afeb2dfe6c114c112bd842964ac872843a5426519a44c6be61dcca36a24406ada5efb1dacd20df0069cc61ab568f

memory/3276-29-0x00007FF656C90000-0x00007FF656FE1000-memory.dmp

memory/4792-25-0x00007FF7272C0000-0x00007FF727611000-memory.dmp

memory/2496-24-0x00007FF70DBD0000-0x00007FF70DF21000-memory.dmp

memory/848-73-0x00007FF71D1B0000-0x00007FF71D501000-memory.dmp

C:\Windows\System\VvgvUXO.exe

MD5 cf9c57b3fd19e340a1272c57328f6313
SHA1 a168e7d0f71d19c60ce5ee1edb005d8356af6333
SHA256 fab8a0906a6543da5608c068b63e3eb73255d17dffa5934af176bcaa8d8653de
SHA512 5b77c8e3ba0f38ececfd4fa7a5a9ce59d25266935e9bf20fcf5b35a9ad4b49d4580b1f4d6d8329e1d889bafe0fc934f3e60a78c69d0deba2fe665c1f53b440b2

C:\Windows\System\MyhphLl.exe

MD5 01fe85cec3e1ad26038637a598759e7e
SHA1 b2e62d5669a8a33951df4e272812eb7cb425eb5b
SHA256 d934fd2a7d17ead86881e3fc3326bb1d8169463a5ee93139fbd24968806f1908
SHA512 f258aff3b30fe6fd18a50a201c7c9c447518832d402de6bcd8304f071dc70ae2a08322fa3b6a4e4014195b0b3047706d412762f27afde38bd8cd56c33be010e0

memory/1616-87-0x00007FF7D82A0000-0x00007FF7D85F1000-memory.dmp

C:\Windows\System\pYdXCLx.exe

MD5 fba2a81eb486fbc742c227bbab394365
SHA1 4e25b0e7d7ef54a7012f1616e69dbed815f619c7
SHA256 978be639bfe2f03d34cf4e696c452b85b9d066311f880b0d3691998a1fad4615
SHA512 f22b1a48ff42e9982788f93ea9c7b5f06c75b3e9c56744fa11390170059204278cba68a71d9d8e6aab453db0fc40ad4472074e36f856a0af14941446c65e045e

C:\Windows\System\NfEZTvB.exe

MD5 41b5ae6146571eb9218cb537711b5f09
SHA1 010f7577d27f377ac2d39ec6ed697b778005f960
SHA256 5bea210923ddabccb5afda926150f69638b11eecc1f655e9e845178bfbdeb111
SHA512 26d91048a87dfe4e2047e966439fe50860915125a08a20aa51d36ddaccb2263f4b30b4d55f01142fa3ad000875696622acd8e2e42ec04fa0ba5b17c64fc798a4

C:\Windows\System\mBdlSpB.exe

MD5 7bc5f7191a58a23df8bfdf9a07e47b1e
SHA1 f891da657f46995c80491570dea317a42839cbac
SHA256 fc87e58d89f05e2470d080cff50effbb83677107e0fcb8e10c850496eace0d5d
SHA512 2463db27704b9a67f84f6f05a933f1d5a64e4a103b541497d3f6843898d1075c004ba6d327d78cb296a06773c1839879c165d1d605772135438e49cf14f2d3ec

memory/2496-125-0x00007FF70DBD0000-0x00007FF70DF21000-memory.dmp

memory/3604-128-0x00007FF6AA9A0000-0x00007FF6AACF1000-memory.dmp

memory/3276-130-0x00007FF656C90000-0x00007FF656FE1000-memory.dmp

C:\Windows\System\veEsUCO.exe

MD5 ff0d072eeaca6399ea525655f4171931
SHA1 120753f29669de6788e1cd55877a09e1b0673690
SHA256 344b64ab3cc4fca45de406a676e26879fd942e01d824848856fddfac77b067c1
SHA512 dab007d07e5bedf6f93ebeb4fcc59cea4214ec183bcec9f4faf4c792da999004f3b4857ec02b50325d7d8c671d0ed1f2d34aac271f0dfcd340145acfac16dd04

C:\Windows\System\vPZHVBs.exe

MD5 628c406480900d76ae1dc1eb7dc20fa9
SHA1 3a2964c053b0fd95de48b09cd2fdf0c0229902a6
SHA256 bbeb670c71f921cb24aef0b96b85c500974fe3012f9bdf1aab2055e594e22939
SHA512 2a84dbadb1d1bff678b746bc5cd695e280ce874a18af7222e83c98026c1bdba2864a739dd60da10430d66e403b9d7f2cdc215be21e263ea03148ecee997ab767

memory/1456-129-0x00007FF647E40000-0x00007FF648191000-memory.dmp

memory/2292-127-0x00007FF6CD4A0000-0x00007FF6CD7F1000-memory.dmp

memory/4792-126-0x00007FF7272C0000-0x00007FF727611000-memory.dmp

C:\Windows\System\vZLloev.exe

MD5 1a8daec03f854664764f7399b4493356
SHA1 d3b6cc43224a4e2f19ef58694f0f0e1e6b459fd2
SHA256 20454fbe08df1c51a5cdd04977802fe323d87530343f48c232eb7c4be7268765
SHA512 58072ead2d9453a2ef6f2ae77c26b155b84816c5938b2e1482090a434d658afa72e3cc9dba4dfe2c7a2e3009a31c832ea9ad98bf1f279bd94d00a13771ffa6ef

memory/4708-122-0x00007FF74CF20000-0x00007FF74D271000-memory.dmp

memory/1252-120-0x00007FF602850000-0x00007FF602BA1000-memory.dmp

memory/1504-109-0x00007FF6DA200000-0x00007FF6DA551000-memory.dmp

memory/2548-103-0x00007FF716D10000-0x00007FF717061000-memory.dmp

C:\Windows\System\ZFChGwO.exe

MD5 02a8e3b1c28a111608385350280bfae1
SHA1 62d234ca8bea353a20803f7941582779d5d7101e
SHA256 6235fa03c23a6cffd8ece726ba88664a6ac513e1cfa47914427ee76b3adc523d
SHA512 ac0461d328cef1710978c5b925ba896ad6682c02cbb5372ea21bbb45b32933484c5dd57e67a704c6579395cdf611931f71a21d105f21fe3598fa25463f16a8b5

memory/4400-98-0x00007FF68BFF0000-0x00007FF68C341000-memory.dmp

memory/868-97-0x00007FF797730000-0x00007FF797A81000-memory.dmp

memory/3000-90-0x00007FF6A3060000-0x00007FF6A33B1000-memory.dmp

memory/3756-83-0x00007FF65E2A0000-0x00007FF65E5F1000-memory.dmp

memory/1688-79-0x00007FF791D90000-0x00007FF7920E1000-memory.dmp

memory/2260-72-0x00007FF6CCC40000-0x00007FF6CCF91000-memory.dmp

memory/5012-217-0x00007FF67EED0000-0x00007FF67F221000-memory.dmp

memory/2332-229-0x00007FF6B87D0000-0x00007FF6B8B21000-memory.dmp

memory/3292-214-0x00007FF7DFF50000-0x00007FF7E02A1000-memory.dmp

C:\Windows\System\CQKnNRD.exe

MD5 0a80f9a8c72b65b7674016c72b04600c
SHA1 9e4004557bfbfa3ad741b15c5d174ec2d034da04
SHA256 e494bea822eaa6cd56629f09910bbe512632649118947c27c7214dcc59835016
SHA512 9a3cc2298f6e201b7a5686a913ecd47f62b3444c0447d1c80276f56076d7e6435d261d0948b976a2d095e6793e805b524760d37c9884e7de2471e2d50bcef87a

C:\Windows\System\IKHWcTV.exe

MD5 303a329433bf2f112cd1a5ee6bca4954
SHA1 2c7444c7570bfcdea17a78e5c4f959c3b80fffb4
SHA256 80243fb1e011285760e25544f9013d63403abf17136247646a1c831a46f8cbe7
SHA512 42a0fce43596473e93025a8de3716070d425a99f74efbe7bfd12a5c5469516c53ded7d6c5c5d08c9551e2080c9acaa327b1a0b2c3d7b43317af29cc0ead74606

C:\Windows\System\cqfXInu.exe

MD5 eb9e165f2db9b3343cf9d5c7ed6f67e6
SHA1 1840472e39ad43279e48d4c15e0449c3cd66f6b0
SHA256 6d49179c875084ad4b6f07a5f7574712a64263692cc1d00dbbe3e0d955b6071c
SHA512 2bf967bc628c9960f914ea17fba849730f034e07b3e5bed5398890bcf5e37d6e4807ec259a9f43b03268706db2a0b22537fd31750b531bc2075d654d55ad12d1

C:\Windows\System\eVFVXtz.exe

MD5 6d224bc2f1af7f48c394ae35b3f9d843
SHA1 7c20d8e1e6882e3d0ee93f011d370499de56716b
SHA256 4f3cf9dbfe19c54c3bf140390c4e9780ca5e2782b585e1e1739bce4140b1020d
SHA512 f8dd56b70e3fa47662f55e080b52d931b4784e9b7e3d96daccdc2ab060166ce508bdf750ad330cade9dc711f78c4ba6186a26a076d77296d73152c4dee548dd6

memory/4072-203-0x00007FF72BF20000-0x00007FF72C271000-memory.dmp

C:\Windows\System\yLiMyXN.exe

MD5 937052091cd1b80ec4276d3907bcce58
SHA1 4b3a21635a2100624b702acf63c83afc353de3b3
SHA256 e0721d0a136c7205709b53053d029761d70b915c3e2a31c99b20de4d0261e636
SHA512 5dae5ca19f51f35fe811bd41746eba566440f2531785324d8ce68cb78e3955284743e9c5e2c12f8887239f4cbdff11d87acb9dd5039cc5f138517020e26ab3a2

C:\Windows\System\aryJUvM.exe

MD5 a12d88cd02c3e68601a14b63dc80d9d0
SHA1 b165d25ffddd969d12b093ff8a2787479c3e7854
SHA256 ce2d96ae8286245bb7b52a670cbf7d67b9a39d2c3513e39de36c85ab79b1d84f
SHA512 1d21d302a00a520e9f481be83aa2b0257e70e26f593c37901a1099166edb9a5c55b59e52d5e75815eb603f4cfcdffa0a77696045150b802a2cf18170e69ab744

memory/1032-191-0x00007FF7FB5A0000-0x00007FF7FB8F1000-memory.dmp

C:\Windows\System\SJbbFVZ.exe

MD5 ae9de999d76b38e82f30b31c702bad72
SHA1 deaaf5f1c1c92cae4a42ed8e0f0bae573f5af7a3
SHA256 c46292c4c8c5d1bacd4e92968e08d661a8b3e62459bbf9e4fa0916fb5cad5e28
SHA512 d9c319af370198fc547c5634b8bc9fc29b660b080044fa68fd33b30350f6297788ca1911769c3b69c04c68c9b50f77540c45f215afd73f6074453e4d495e4d76

C:\Windows\System\aMzYyrV.exe

MD5 fd4fbd022dc6bbe7e744b3366f1f6b90
SHA1 8effbebcb589248e887a8e7f717ec5dce0c2e789
SHA256 1a074187ad02801a4b5967c267efa3789422f32730c8cc22ac901604181dbc72
SHA512 5424282bb986efa23ca69c46117819eb0d6b7a05e4750be69ab1ff149d458b7ca6d5e2e077afca53024afd89ea2e4d593598c1e4c8c445a867b76707e28b8639

C:\Windows\System\SjotwdN.exe

MD5 a81fbf6d66c8a7e8ab93d44723a3e2d2
SHA1 b73b85b89e8aec65c0495f8d0435f15563695c45
SHA256 9dc1f1a54a9da4fbf663d1fb7a0db5e701db286c8d6b2c378560302dfc383b13
SHA512 bae60581fc13a96988f18dfed7b3622aa0cc8c663ff677912565e74dfbf48bc387f8b42a2b063274f8850ca650755373663cb078c41baf3fc7afe6f9a12908bd

C:\Windows\System\cNizLNm.exe

MD5 a7204fec5442ca2cef32262a0710b7ea
SHA1 c5429e39214ea03313f7c07fae097e31b63ab7a8
SHA256 1eaa88606b0196f0b12176ea5d570e27ff103c2ce59f4115a2cc076dcee5448c
SHA512 6b831dda44771684834c60e2e3f674938bac9ae5f1928d56e0cfb99f63bd25a4320ba2e34ae3f68e07fe4b4ee79e1376ef379990c739f6caa0d81153f441b91a

memory/1924-173-0x00007FF7E7A90000-0x00007FF7E7DE1000-memory.dmp

memory/1724-172-0x00007FF6FBBF0000-0x00007FF6FBF41000-memory.dmp

memory/4064-171-0x00007FF76BDF0000-0x00007FF76C141000-memory.dmp

C:\Windows\System\bWzIulV.exe

MD5 a86704d15b072ef4ada57a4728de74b4
SHA1 f2d8d3d0d7d23a75d4958c20d7cda573d8164a46
SHA256 3ca7b5c818a178d68448cd326c944e417d5ae001d96a0cb20eb434c413b8ad16
SHA512 0ac9e1a17238058be0c6e0131db4f8afa02c077db821e3866e9966267b5fc9b0c418f506f37346689d7ea4e88289a664905efb751a2d3b67e6c4d4658ccea5cf

memory/2104-158-0x00007FF7E1BB0000-0x00007FF7E1F01000-memory.dmp

C:\Windows\System\qvdtVcX.exe

MD5 360ae5e71e353c6593e90a72eb2a2294
SHA1 1bf917032ff36df7f0b04c338c922ce60d8c2c06
SHA256 e936691890f83c141cf2873f3c83aee1474400d5eeb4e00b0a3ca09a0aa794d4
SHA512 00bd15b24b648e01b3ca74e860f4bb5e7e983fa74008a8596c86a321afd757448ac7fd929aae0e9e1883b637d346c3bf926b0bf0116ce16e16b8c0cc13bcea5e

memory/4044-149-0x00007FF7CA4A0000-0x00007FF7CA7F1000-memory.dmp

memory/1384-148-0x00007FF7FA740000-0x00007FF7FAA91000-memory.dmp

memory/3000-824-0x00007FF6A3060000-0x00007FF6A33B1000-memory.dmp

memory/868-1177-0x00007FF797730000-0x00007FF797A81000-memory.dmp

memory/1252-1528-0x00007FF602850000-0x00007FF602BA1000-memory.dmp

memory/4400-1810-0x00007FF68BFF0000-0x00007FF68C341000-memory.dmp

memory/1504-1818-0x00007FF6DA200000-0x00007FF6DA551000-memory.dmp

memory/2496-1836-0x00007FF70DBD0000-0x00007FF70DF21000-memory.dmp

memory/4792-1831-0x00007FF7272C0000-0x00007FF727611000-memory.dmp

memory/3276-1846-0x00007FF656C90000-0x00007FF656FE1000-memory.dmp

memory/1384-1874-0x00007FF7FA740000-0x00007FF7FAA91000-memory.dmp

memory/1900-1856-0x00007FF6273D0000-0x00007FF627721000-memory.dmp

memory/4044-1878-0x00007FF7CA4A0000-0x00007FF7CA7F1000-memory.dmp

memory/2104-1872-0x00007FF7E1BB0000-0x00007FF7E1F01000-memory.dmp

memory/2260-1897-0x00007FF6CCC40000-0x00007FF6CCF91000-memory.dmp

memory/848-1894-0x00007FF71D1B0000-0x00007FF71D501000-memory.dmp

memory/1688-1905-0x00007FF791D90000-0x00007FF7920E1000-memory.dmp

memory/3756-2340-0x00007FF65E2A0000-0x00007FF65E5F1000-memory.dmp

memory/868-2359-0x00007FF797730000-0x00007FF797A81000-memory.dmp

memory/2548-2369-0x00007FF716D10000-0x00007FF717061000-memory.dmp

memory/2292-2381-0x00007FF6CD4A0000-0x00007FF6CD7F1000-memory.dmp

memory/1252-2384-0x00007FF602850000-0x00007FF602BA1000-memory.dmp

memory/4708-2376-0x00007FF74CF20000-0x00007FF74D271000-memory.dmp

memory/3604-2391-0x00007FF6AA9A0000-0x00007FF6AACF1000-memory.dmp

memory/1456-2393-0x00007FF647E40000-0x00007FF648191000-memory.dmp

memory/4064-2463-0x00007FF76BDF0000-0x00007FF76C141000-memory.dmp

memory/1032-2465-0x00007FF7FB5A0000-0x00007FF7FB8F1000-memory.dmp

memory/3292-2467-0x00007FF7DFF50000-0x00007FF7E02A1000-memory.dmp

memory/1924-2470-0x00007FF7E7A90000-0x00007FF7E7DE1000-memory.dmp

memory/4072-2471-0x00007FF72BF20000-0x00007FF72C271000-memory.dmp

memory/2332-2473-0x00007FF6B87D0000-0x00007FF6B8B21000-memory.dmp

memory/1724-2479-0x00007FF6FBBF0000-0x00007FF6FBF41000-memory.dmp

memory/5012-2481-0x00007FF67EED0000-0x00007FF67F221000-memory.dmp