Malware Analysis Report

2025-04-19 16:10

Sample ID 240522-tvalbsha6v
Target 67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118
SHA256 3d9acf3a07b10fb62a5689eaf8ab3c6aadd7b4c0aafea38bf6df608b1729e418
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3d9acf3a07b10fb62a5689eaf8ab3c6aadd7b4c0aafea38bf6df608b1729e418

Threat Level: Known bad

The file 67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 16:22

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 16:22

Reported

2024-05-22 16:24

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zwPytMx.exe N/A
N/A N/A C:\Windows\System\sMsnqkd.exe N/A
N/A N/A C:\Windows\System\mfJUXib.exe N/A
N/A N/A C:\Windows\System\OeFtWZl.exe N/A
N/A N/A C:\Windows\System\DsaROsv.exe N/A
N/A N/A C:\Windows\System\pnTlamq.exe N/A
N/A N/A C:\Windows\System\NPZVPCX.exe N/A
N/A N/A C:\Windows\System\FfsWgNo.exe N/A
N/A N/A C:\Windows\System\txhnnlH.exe N/A
N/A N/A C:\Windows\System\NPqLfxO.exe N/A
N/A N/A C:\Windows\System\notDqHK.exe N/A
N/A N/A C:\Windows\System\kCdUxmm.exe N/A
N/A N/A C:\Windows\System\CULAjtH.exe N/A
N/A N/A C:\Windows\System\BxrrhFx.exe N/A
N/A N/A C:\Windows\System\AFMwDyg.exe N/A
N/A N/A C:\Windows\System\PVwmuGQ.exe N/A
N/A N/A C:\Windows\System\urYQWnj.exe N/A
N/A N/A C:\Windows\System\aAYXhtC.exe N/A
N/A N/A C:\Windows\System\nNcpLXe.exe N/A
N/A N/A C:\Windows\System\IoLmlMh.exe N/A
N/A N/A C:\Windows\System\NRfkBdC.exe N/A
N/A N/A C:\Windows\System\rRlCjmL.exe N/A
N/A N/A C:\Windows\System\dAkxggo.exe N/A
N/A N/A C:\Windows\System\pzAXMyU.exe N/A
N/A N/A C:\Windows\System\hiHNZuG.exe N/A
N/A N/A C:\Windows\System\FXIksyD.exe N/A
N/A N/A C:\Windows\System\sDcIKlh.exe N/A
N/A N/A C:\Windows\System\fMHwvMY.exe N/A
N/A N/A C:\Windows\System\aFhjTMH.exe N/A
N/A N/A C:\Windows\System\DXGSLgb.exe N/A
N/A N/A C:\Windows\System\NISHdnA.exe N/A
N/A N/A C:\Windows\System\uZayUNy.exe N/A
N/A N/A C:\Windows\System\EIDPLKy.exe N/A
N/A N/A C:\Windows\System\wBPyxsq.exe N/A
N/A N/A C:\Windows\System\vdmGMkS.exe N/A
N/A N/A C:\Windows\System\FzsLNuY.exe N/A
N/A N/A C:\Windows\System\VrhZxfz.exe N/A
N/A N/A C:\Windows\System\yknidFA.exe N/A
N/A N/A C:\Windows\System\PCdIsNG.exe N/A
N/A N/A C:\Windows\System\yBDpaQZ.exe N/A
N/A N/A C:\Windows\System\RBcIJjM.exe N/A
N/A N/A C:\Windows\System\otmmPuI.exe N/A
N/A N/A C:\Windows\System\ktJhHXw.exe N/A
N/A N/A C:\Windows\System\TLktbou.exe N/A
N/A N/A C:\Windows\System\UqwqJUx.exe N/A
N/A N/A C:\Windows\System\oGLLyrY.exe N/A
N/A N/A C:\Windows\System\kORSqXZ.exe N/A
N/A N/A C:\Windows\System\kBdZaou.exe N/A
N/A N/A C:\Windows\System\zANDZtA.exe N/A
N/A N/A C:\Windows\System\BOJNpuy.exe N/A
N/A N/A C:\Windows\System\oXFdPQV.exe N/A
N/A N/A C:\Windows\System\ySLTKOf.exe N/A
N/A N/A C:\Windows\System\GUynXLh.exe N/A
N/A N/A C:\Windows\System\RTmoURs.exe N/A
N/A N/A C:\Windows\System\bUnfsYh.exe N/A
N/A N/A C:\Windows\System\XKNijxW.exe N/A
N/A N/A C:\Windows\System\qWvzhrH.exe N/A
N/A N/A C:\Windows\System\IzppnHv.exe N/A
N/A N/A C:\Windows\System\kYPpECN.exe N/A
N/A N/A C:\Windows\System\YSzZOJk.exe N/A
N/A N/A C:\Windows\System\JXhVCfR.exe N/A
N/A N/A C:\Windows\System\dpNxYUE.exe N/A
N/A N/A C:\Windows\System\vrDWJsA.exe N/A
N/A N/A C:\Windows\System\uYDgvev.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\DZOcoYP.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\BmtsjnF.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\IoLmlMh.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\ERxXmog.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\JMKjJvW.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\hGIQoDL.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\OjXfJyW.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\VkasHYv.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\BANOpbG.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\rAfIksC.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\AVNalQJ.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\TYLGCkL.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\wAfkvoH.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\SbqKYjl.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\vyCoSzl.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\QEHQFWb.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\rXWQUtB.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\epWFqbm.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\kAWixjg.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\eZJXjXf.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\cngdRNq.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\JIjiSjH.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\gusAbhl.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\izqLCzS.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\hrMSmdm.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\PARihGm.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\vpwROXd.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\oKbqgsQ.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\VhlogXv.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\tyUIAxV.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\OBLWUff.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\qriUMvt.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\YeJjvgQ.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\aWJOksj.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\laagOaA.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\ivxCHpE.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\GmBEftn.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\SPFkUxc.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\mKpwraQ.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\RJoPLnb.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\yhijDqm.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\ujqkxyc.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\DveOssH.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\XWQWWBR.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\fFKJKZH.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\PHryyLP.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\pReJwyh.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\RnwoOFM.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\BHfmWIU.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\sDcIKlh.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\tXOFmZn.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\EbhsCPd.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\CqceYjO.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\LTQVGdv.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\maRaNNE.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\inXaANH.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\AmaETtw.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\SbbzFTA.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\BHLTbtf.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\LAeckBS.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\ZhxiqVw.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\KBQOixn.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\LFhOyTf.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\bUnfsYh.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2664 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2664 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2664 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\zwPytMx.exe
PID 2664 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\zwPytMx.exe
PID 2664 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\mfJUXib.exe
PID 2664 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\mfJUXib.exe
PID 2664 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\sMsnqkd.exe
PID 2664 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\sMsnqkd.exe
PID 2664 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\OeFtWZl.exe
PID 2664 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\OeFtWZl.exe
PID 2664 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\DsaROsv.exe
PID 2664 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\DsaROsv.exe
PID 2664 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\pnTlamq.exe
PID 2664 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\pnTlamq.exe
PID 2664 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NPZVPCX.exe
PID 2664 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NPZVPCX.exe
PID 2664 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\FfsWgNo.exe
PID 2664 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\FfsWgNo.exe
PID 2664 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\txhnnlH.exe
PID 2664 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\txhnnlH.exe
PID 2664 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\notDqHK.exe
PID 2664 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\notDqHK.exe
PID 2664 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NPqLfxO.exe
PID 2664 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NPqLfxO.exe
PID 2664 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\kCdUxmm.exe
PID 2664 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\kCdUxmm.exe
PID 2664 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\CULAjtH.exe
PID 2664 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\CULAjtH.exe
PID 2664 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\BxrrhFx.exe
PID 2664 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\BxrrhFx.exe
PID 2664 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\AFMwDyg.exe
PID 2664 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\AFMwDyg.exe
PID 2664 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\PVwmuGQ.exe
PID 2664 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\PVwmuGQ.exe
PID 2664 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\urYQWnj.exe
PID 2664 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\urYQWnj.exe
PID 2664 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\aAYXhtC.exe
PID 2664 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\aAYXhtC.exe
PID 2664 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\nNcpLXe.exe
PID 2664 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\nNcpLXe.exe
PID 2664 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\IoLmlMh.exe
PID 2664 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\IoLmlMh.exe
PID 2664 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NRfkBdC.exe
PID 2664 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NRfkBdC.exe
PID 2664 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\rRlCjmL.exe
PID 2664 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\rRlCjmL.exe
PID 2664 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\dAkxggo.exe
PID 2664 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\dAkxggo.exe
PID 2664 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\pzAXMyU.exe
PID 2664 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\pzAXMyU.exe
PID 2664 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\hiHNZuG.exe
PID 2664 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\hiHNZuG.exe
PID 2664 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\FXIksyD.exe
PID 2664 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\FXIksyD.exe
PID 2664 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\sDcIKlh.exe
PID 2664 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\sDcIKlh.exe
PID 2664 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\fMHwvMY.exe
PID 2664 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\fMHwvMY.exe
PID 2664 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\aFhjTMH.exe
PID 2664 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\aFhjTMH.exe
PID 2664 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\DXGSLgb.exe
PID 2664 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\DXGSLgb.exe
PID 2664 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NISHdnA.exe
PID 2664 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NISHdnA.exe

Processes

C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\zwPytMx.exe

C:\Windows\System\zwPytMx.exe

C:\Windows\System\mfJUXib.exe

C:\Windows\System\mfJUXib.exe

C:\Windows\System\sMsnqkd.exe

C:\Windows\System\sMsnqkd.exe

C:\Windows\System\OeFtWZl.exe

C:\Windows\System\OeFtWZl.exe

C:\Windows\System\DsaROsv.exe

C:\Windows\System\DsaROsv.exe

C:\Windows\System\pnTlamq.exe

C:\Windows\System\pnTlamq.exe

C:\Windows\System\NPZVPCX.exe

C:\Windows\System\NPZVPCX.exe

C:\Windows\System\FfsWgNo.exe

C:\Windows\System\FfsWgNo.exe

C:\Windows\System\txhnnlH.exe

C:\Windows\System\txhnnlH.exe

C:\Windows\System\notDqHK.exe

C:\Windows\System\notDqHK.exe

C:\Windows\System\NPqLfxO.exe

C:\Windows\System\NPqLfxO.exe

C:\Windows\System\kCdUxmm.exe

C:\Windows\System\kCdUxmm.exe

C:\Windows\System\CULAjtH.exe

C:\Windows\System\CULAjtH.exe

C:\Windows\System\BxrrhFx.exe

C:\Windows\System\BxrrhFx.exe

C:\Windows\System\AFMwDyg.exe

C:\Windows\System\AFMwDyg.exe

C:\Windows\System\PVwmuGQ.exe

C:\Windows\System\PVwmuGQ.exe

C:\Windows\System\urYQWnj.exe

C:\Windows\System\urYQWnj.exe

C:\Windows\System\aAYXhtC.exe

C:\Windows\System\aAYXhtC.exe

C:\Windows\System\nNcpLXe.exe

C:\Windows\System\nNcpLXe.exe

C:\Windows\System\IoLmlMh.exe

C:\Windows\System\IoLmlMh.exe

C:\Windows\System\NRfkBdC.exe

C:\Windows\System\NRfkBdC.exe

C:\Windows\System\rRlCjmL.exe

C:\Windows\System\rRlCjmL.exe

C:\Windows\System\dAkxggo.exe

C:\Windows\System\dAkxggo.exe

C:\Windows\System\pzAXMyU.exe

C:\Windows\System\pzAXMyU.exe

C:\Windows\System\hiHNZuG.exe

C:\Windows\System\hiHNZuG.exe

C:\Windows\System\FXIksyD.exe

C:\Windows\System\FXIksyD.exe

C:\Windows\System\sDcIKlh.exe

C:\Windows\System\sDcIKlh.exe

C:\Windows\System\fMHwvMY.exe

C:\Windows\System\fMHwvMY.exe

C:\Windows\System\aFhjTMH.exe

C:\Windows\System\aFhjTMH.exe

C:\Windows\System\DXGSLgb.exe

C:\Windows\System\DXGSLgb.exe

C:\Windows\System\NISHdnA.exe

C:\Windows\System\NISHdnA.exe

C:\Windows\System\uZayUNy.exe

C:\Windows\System\uZayUNy.exe

C:\Windows\System\EIDPLKy.exe

C:\Windows\System\EIDPLKy.exe

C:\Windows\System\wBPyxsq.exe

C:\Windows\System\wBPyxsq.exe

C:\Windows\System\vdmGMkS.exe

C:\Windows\System\vdmGMkS.exe

C:\Windows\System\FzsLNuY.exe

C:\Windows\System\FzsLNuY.exe

C:\Windows\System\VrhZxfz.exe

C:\Windows\System\VrhZxfz.exe

C:\Windows\System\yknidFA.exe

C:\Windows\System\yknidFA.exe

C:\Windows\System\PCdIsNG.exe

C:\Windows\System\PCdIsNG.exe

C:\Windows\System\yBDpaQZ.exe

C:\Windows\System\yBDpaQZ.exe

C:\Windows\System\RBcIJjM.exe

C:\Windows\System\RBcIJjM.exe

C:\Windows\System\otmmPuI.exe

C:\Windows\System\otmmPuI.exe

C:\Windows\System\ktJhHXw.exe

C:\Windows\System\ktJhHXw.exe

C:\Windows\System\TLktbou.exe

C:\Windows\System\TLktbou.exe

C:\Windows\System\UqwqJUx.exe

C:\Windows\System\UqwqJUx.exe

C:\Windows\System\oGLLyrY.exe

C:\Windows\System\oGLLyrY.exe

C:\Windows\System\kORSqXZ.exe

C:\Windows\System\kORSqXZ.exe

C:\Windows\System\kBdZaou.exe

C:\Windows\System\kBdZaou.exe

C:\Windows\System\zANDZtA.exe

C:\Windows\System\zANDZtA.exe

C:\Windows\System\BOJNpuy.exe

C:\Windows\System\BOJNpuy.exe

C:\Windows\System\oXFdPQV.exe

C:\Windows\System\oXFdPQV.exe

C:\Windows\System\ySLTKOf.exe

C:\Windows\System\ySLTKOf.exe

C:\Windows\System\GUynXLh.exe

C:\Windows\System\GUynXLh.exe

C:\Windows\System\RTmoURs.exe

C:\Windows\System\RTmoURs.exe

C:\Windows\System\bUnfsYh.exe

C:\Windows\System\bUnfsYh.exe

C:\Windows\System\XKNijxW.exe

C:\Windows\System\XKNijxW.exe

C:\Windows\System\qWvzhrH.exe

C:\Windows\System\qWvzhrH.exe

C:\Windows\System\IzppnHv.exe

C:\Windows\System\IzppnHv.exe

C:\Windows\System\kYPpECN.exe

C:\Windows\System\kYPpECN.exe

C:\Windows\System\YSzZOJk.exe

C:\Windows\System\YSzZOJk.exe

C:\Windows\System\JXhVCfR.exe

C:\Windows\System\JXhVCfR.exe

C:\Windows\System\dpNxYUE.exe

C:\Windows\System\dpNxYUE.exe

C:\Windows\System\vrDWJsA.exe

C:\Windows\System\vrDWJsA.exe

C:\Windows\System\uYDgvev.exe

C:\Windows\System\uYDgvev.exe

C:\Windows\System\TbKphJu.exe

C:\Windows\System\TbKphJu.exe

C:\Windows\System\FQEEYZA.exe

C:\Windows\System\FQEEYZA.exe

C:\Windows\System\dYOpOpb.exe

C:\Windows\System\dYOpOpb.exe

C:\Windows\System\sXBOqkM.exe

C:\Windows\System\sXBOqkM.exe

C:\Windows\System\VyCVTQq.exe

C:\Windows\System\VyCVTQq.exe

C:\Windows\System\nRRoots.exe

C:\Windows\System\nRRoots.exe

C:\Windows\System\oMnAUFA.exe

C:\Windows\System\oMnAUFA.exe

C:\Windows\System\szBmFNn.exe

C:\Windows\System\szBmFNn.exe

C:\Windows\System\ppOEfEl.exe

C:\Windows\System\ppOEfEl.exe

C:\Windows\System\magmZTi.exe

C:\Windows\System\magmZTi.exe

C:\Windows\System\pnyrSpQ.exe

C:\Windows\System\pnyrSpQ.exe

C:\Windows\System\ksMNTnn.exe

C:\Windows\System\ksMNTnn.exe

C:\Windows\System\OSclbMN.exe

C:\Windows\System\OSclbMN.exe

C:\Windows\System\DveOssH.exe

C:\Windows\System\DveOssH.exe

C:\Windows\System\xVajWcE.exe

C:\Windows\System\xVajWcE.exe

C:\Windows\System\iolGIcx.exe

C:\Windows\System\iolGIcx.exe

C:\Windows\System\NuuKaDx.exe

C:\Windows\System\NuuKaDx.exe

C:\Windows\System\lEGksxX.exe

C:\Windows\System\lEGksxX.exe

C:\Windows\System\vaTnurR.exe

C:\Windows\System\vaTnurR.exe

C:\Windows\System\JXAjIMu.exe

C:\Windows\System\JXAjIMu.exe

C:\Windows\System\jhBIOKc.exe

C:\Windows\System\jhBIOKc.exe

C:\Windows\System\FrCGqYN.exe

C:\Windows\System\FrCGqYN.exe

C:\Windows\System\ZdqwtXK.exe

C:\Windows\System\ZdqwtXK.exe

C:\Windows\System\MSsMWrn.exe

C:\Windows\System\MSsMWrn.exe

C:\Windows\System\iEANfFZ.exe

C:\Windows\System\iEANfFZ.exe

C:\Windows\System\VxEZRbk.exe

C:\Windows\System\VxEZRbk.exe

C:\Windows\System\lnlebsM.exe

C:\Windows\System\lnlebsM.exe

C:\Windows\System\BwqhHYK.exe

C:\Windows\System\BwqhHYK.exe

C:\Windows\System\KBmhrQZ.exe

C:\Windows\System\KBmhrQZ.exe

C:\Windows\System\SiNkjMC.exe

C:\Windows\System\SiNkjMC.exe

C:\Windows\System\fJXkVwD.exe

C:\Windows\System\fJXkVwD.exe

C:\Windows\System\EluKaPm.exe

C:\Windows\System\EluKaPm.exe

C:\Windows\System\tteFCXx.exe

C:\Windows\System\tteFCXx.exe

C:\Windows\System\JSjyzvl.exe

C:\Windows\System\JSjyzvl.exe

C:\Windows\System\zRlkclK.exe

C:\Windows\System\zRlkclK.exe

C:\Windows\System\tWgeDJg.exe

C:\Windows\System\tWgeDJg.exe

C:\Windows\System\YDZAotC.exe

C:\Windows\System\YDZAotC.exe

C:\Windows\System\uIdfTwM.exe

C:\Windows\System\uIdfTwM.exe

C:\Windows\System\GrpNVaH.exe

C:\Windows\System\GrpNVaH.exe

C:\Windows\System\DcZVfsC.exe

C:\Windows\System\DcZVfsC.exe

C:\Windows\System\ZKAuKjJ.exe

C:\Windows\System\ZKAuKjJ.exe

C:\Windows\System\YhlGwAE.exe

C:\Windows\System\YhlGwAE.exe

C:\Windows\System\dvVPciy.exe

C:\Windows\System\dvVPciy.exe

C:\Windows\System\nKezKOu.exe

C:\Windows\System\nKezKOu.exe

C:\Windows\System\vcOvkoB.exe

C:\Windows\System\vcOvkoB.exe

C:\Windows\System\uRJLuRh.exe

C:\Windows\System\uRJLuRh.exe

C:\Windows\System\XFEvgdr.exe

C:\Windows\System\XFEvgdr.exe

C:\Windows\System\ERxXmog.exe

C:\Windows\System\ERxXmog.exe

C:\Windows\System\QpgcAJC.exe

C:\Windows\System\QpgcAJC.exe

C:\Windows\System\CCcGYrJ.exe

C:\Windows\System\CCcGYrJ.exe

C:\Windows\System\zcmeeEL.exe

C:\Windows\System\zcmeeEL.exe

C:\Windows\System\kYsHLqZ.exe

C:\Windows\System\kYsHLqZ.exe

C:\Windows\System\wxEumCr.exe

C:\Windows\System\wxEumCr.exe

C:\Windows\System\ZvzcOTP.exe

C:\Windows\System\ZvzcOTP.exe

C:\Windows\System\GugzfQW.exe

C:\Windows\System\GugzfQW.exe

C:\Windows\System\RMvTdSj.exe

C:\Windows\System\RMvTdSj.exe

C:\Windows\System\jIrcEfV.exe

C:\Windows\System\jIrcEfV.exe

C:\Windows\System\xnADtLM.exe

C:\Windows\System\xnADtLM.exe

C:\Windows\System\eOnVLLQ.exe

C:\Windows\System\eOnVLLQ.exe

C:\Windows\System\dGhnLON.exe

C:\Windows\System\dGhnLON.exe

C:\Windows\System\cznjWge.exe

C:\Windows\System\cznjWge.exe

C:\Windows\System\IBOcENi.exe

C:\Windows\System\IBOcENi.exe

C:\Windows\System\OWNCodN.exe

C:\Windows\System\OWNCodN.exe

C:\Windows\System\xSyCPSg.exe

C:\Windows\System\xSyCPSg.exe

C:\Windows\System\KWtTCqf.exe

C:\Windows\System\KWtTCqf.exe

C:\Windows\System\MxNspde.exe

C:\Windows\System\MxNspde.exe

C:\Windows\System\oHjMOOF.exe

C:\Windows\System\oHjMOOF.exe

C:\Windows\System\SoZFEPa.exe

C:\Windows\System\SoZFEPa.exe

C:\Windows\System\VIBpwpx.exe

C:\Windows\System\VIBpwpx.exe

C:\Windows\System\RvPEFgp.exe

C:\Windows\System\RvPEFgp.exe

C:\Windows\System\yNtKCQY.exe

C:\Windows\System\yNtKCQY.exe

C:\Windows\System\oOpSGue.exe

C:\Windows\System\oOpSGue.exe

C:\Windows\System\wHQDxRO.exe

C:\Windows\System\wHQDxRO.exe

C:\Windows\System\bbhsXXD.exe

C:\Windows\System\bbhsXXD.exe

C:\Windows\System\DDpbtCD.exe

C:\Windows\System\DDpbtCD.exe

C:\Windows\System\kPAJzeP.exe

C:\Windows\System\kPAJzeP.exe

C:\Windows\System\LPYGNUE.exe

C:\Windows\System\LPYGNUE.exe

C:\Windows\System\AymKILL.exe

C:\Windows\System\AymKILL.exe

C:\Windows\System\aGljrRu.exe

C:\Windows\System\aGljrRu.exe

C:\Windows\System\qmxuNqX.exe

C:\Windows\System\qmxuNqX.exe

C:\Windows\System\MaJqTjM.exe

C:\Windows\System\MaJqTjM.exe

C:\Windows\System\FnjSGaN.exe

C:\Windows\System\FnjSGaN.exe

C:\Windows\System\YOywIXW.exe

C:\Windows\System\YOywIXW.exe

C:\Windows\System\ELNeIrh.exe

C:\Windows\System\ELNeIrh.exe

C:\Windows\System\GsnVnfi.exe

C:\Windows\System\GsnVnfi.exe

C:\Windows\System\WpcVfSi.exe

C:\Windows\System\WpcVfSi.exe

C:\Windows\System\wAkhJFu.exe

C:\Windows\System\wAkhJFu.exe

C:\Windows\System\oAIxoNO.exe

C:\Windows\System\oAIxoNO.exe

C:\Windows\System\eyqbDuO.exe

C:\Windows\System\eyqbDuO.exe

C:\Windows\System\jKWFlyG.exe

C:\Windows\System\jKWFlyG.exe

C:\Windows\System\kfloToU.exe

C:\Windows\System\kfloToU.exe

C:\Windows\System\GsifYPj.exe

C:\Windows\System\GsifYPj.exe

C:\Windows\System\chlTTSg.exe

C:\Windows\System\chlTTSg.exe

C:\Windows\System\AHBsUPP.exe

C:\Windows\System\AHBsUPP.exe

C:\Windows\System\QeZvWsJ.exe

C:\Windows\System\QeZvWsJ.exe

C:\Windows\System\cFUajyr.exe

C:\Windows\System\cFUajyr.exe

C:\Windows\System\ejeiSfj.exe

C:\Windows\System\ejeiSfj.exe

C:\Windows\System\XpVKwPd.exe

C:\Windows\System\XpVKwPd.exe

C:\Windows\System\dTofrrr.exe

C:\Windows\System\dTofrrr.exe

C:\Windows\System\pKZUYfH.exe

C:\Windows\System\pKZUYfH.exe

C:\Windows\System\YuninlS.exe

C:\Windows\System\YuninlS.exe

C:\Windows\System\KZUWiKG.exe

C:\Windows\System\KZUWiKG.exe

C:\Windows\System\oZSzkai.exe

C:\Windows\System\oZSzkai.exe

C:\Windows\System\qvKZvSb.exe

C:\Windows\System\qvKZvSb.exe

C:\Windows\System\Agcupzt.exe

C:\Windows\System\Agcupzt.exe

C:\Windows\System\OMGPELR.exe

C:\Windows\System\OMGPELR.exe

C:\Windows\System\HsHFMmh.exe

C:\Windows\System\HsHFMmh.exe

C:\Windows\System\LSgHnbR.exe

C:\Windows\System\LSgHnbR.exe

C:\Windows\System\PwgxfsS.exe

C:\Windows\System\PwgxfsS.exe

C:\Windows\System\fgTMDZl.exe

C:\Windows\System\fgTMDZl.exe

C:\Windows\System\GNXfcmu.exe

C:\Windows\System\GNXfcmu.exe

C:\Windows\System\hJoVJKO.exe

C:\Windows\System\hJoVJKO.exe

C:\Windows\System\pXHcogv.exe

C:\Windows\System\pXHcogv.exe

C:\Windows\System\JASjGEm.exe

C:\Windows\System\JASjGEm.exe

C:\Windows\System\LAeckBS.exe

C:\Windows\System\LAeckBS.exe

C:\Windows\System\uGaZSNu.exe

C:\Windows\System\uGaZSNu.exe

C:\Windows\System\gmJkhdi.exe

C:\Windows\System\gmJkhdi.exe

C:\Windows\System\AVNalQJ.exe

C:\Windows\System\AVNalQJ.exe

C:\Windows\System\dukZzYK.exe

C:\Windows\System\dukZzYK.exe

C:\Windows\System\gusAbhl.exe

C:\Windows\System\gusAbhl.exe

C:\Windows\System\UrTrcOB.exe

C:\Windows\System\UrTrcOB.exe

C:\Windows\System\AGOqncG.exe

C:\Windows\System\AGOqncG.exe

C:\Windows\System\WXitJpc.exe

C:\Windows\System\WXitJpc.exe

C:\Windows\System\SbbzFTA.exe

C:\Windows\System\SbbzFTA.exe

C:\Windows\System\kPsxmqj.exe

C:\Windows\System\kPsxmqj.exe

C:\Windows\System\qSYNfZO.exe

C:\Windows\System\qSYNfZO.exe

C:\Windows\System\IWnUMRM.exe

C:\Windows\System\IWnUMRM.exe

C:\Windows\System\RwIkjct.exe

C:\Windows\System\RwIkjct.exe

C:\Windows\System\wjtLdOJ.exe

C:\Windows\System\wjtLdOJ.exe

C:\Windows\System\aAdduSA.exe

C:\Windows\System\aAdduSA.exe

C:\Windows\System\puDOpls.exe

C:\Windows\System\puDOpls.exe

C:\Windows\System\PHCtDRe.exe

C:\Windows\System\PHCtDRe.exe

C:\Windows\System\ucyiFrd.exe

C:\Windows\System\ucyiFrd.exe

C:\Windows\System\WuGzeaF.exe

C:\Windows\System\WuGzeaF.exe

C:\Windows\System\cngdRNq.exe

C:\Windows\System\cngdRNq.exe

C:\Windows\System\qcsDHUO.exe

C:\Windows\System\qcsDHUO.exe

C:\Windows\System\UVbsVSt.exe

C:\Windows\System\UVbsVSt.exe

C:\Windows\System\BHWStwk.exe

C:\Windows\System\BHWStwk.exe

C:\Windows\System\GiDjbhy.exe

C:\Windows\System\GiDjbhy.exe

C:\Windows\System\AnZONgR.exe

C:\Windows\System\AnZONgR.exe

C:\Windows\System\GvGDARf.exe

C:\Windows\System\GvGDARf.exe

C:\Windows\System\tXOFmZn.exe

C:\Windows\System\tXOFmZn.exe

C:\Windows\System\rQkqmib.exe

C:\Windows\System\rQkqmib.exe

C:\Windows\System\krTqSyN.exe

C:\Windows\System\krTqSyN.exe

C:\Windows\System\vTtRzdP.exe

C:\Windows\System\vTtRzdP.exe

C:\Windows\System\HpbDfpP.exe

C:\Windows\System\HpbDfpP.exe

C:\Windows\System\HhLZiVb.exe

C:\Windows\System\HhLZiVb.exe

C:\Windows\System\QEHQFWb.exe

C:\Windows\System\QEHQFWb.exe

C:\Windows\System\vWLFotd.exe

C:\Windows\System\vWLFotd.exe

C:\Windows\System\LNKmBKV.exe

C:\Windows\System\LNKmBKV.exe

C:\Windows\System\rQgUmqq.exe

C:\Windows\System\rQgUmqq.exe

C:\Windows\System\TtinGUq.exe

C:\Windows\System\TtinGUq.exe

C:\Windows\System\HmVsYfK.exe

C:\Windows\System\HmVsYfK.exe

C:\Windows\System\vSjdRtY.exe

C:\Windows\System\vSjdRtY.exe

C:\Windows\System\hmnnvwk.exe

C:\Windows\System\hmnnvwk.exe

C:\Windows\System\yCbonVK.exe

C:\Windows\System\yCbonVK.exe

C:\Windows\System\TYLGCkL.exe

C:\Windows\System\TYLGCkL.exe

C:\Windows\System\yMlWcsr.exe

C:\Windows\System\yMlWcsr.exe

C:\Windows\System\ANDANry.exe

C:\Windows\System\ANDANry.exe

C:\Windows\System\ZYCiNix.exe

C:\Windows\System\ZYCiNix.exe

C:\Windows\System\euvVYbr.exe

C:\Windows\System\euvVYbr.exe

C:\Windows\System\goHfkVq.exe

C:\Windows\System\goHfkVq.exe

C:\Windows\System\EtExmKY.exe

C:\Windows\System\EtExmKY.exe

C:\Windows\System\ksWUiQJ.exe

C:\Windows\System\ksWUiQJ.exe

C:\Windows\System\nPDNONm.exe

C:\Windows\System\nPDNONm.exe

C:\Windows\System\RDfoKAn.exe

C:\Windows\System\RDfoKAn.exe

C:\Windows\System\uYfYhRk.exe

C:\Windows\System\uYfYhRk.exe

C:\Windows\System\axqCEwK.exe

C:\Windows\System\axqCEwK.exe

C:\Windows\System\jLloaNk.exe

C:\Windows\System\jLloaNk.exe

C:\Windows\System\tmNvQfz.exe

C:\Windows\System\tmNvQfz.exe

C:\Windows\System\zpQoAnZ.exe

C:\Windows\System\zpQoAnZ.exe

C:\Windows\System\vijhpeL.exe

C:\Windows\System\vijhpeL.exe

C:\Windows\System\IQjyVag.exe

C:\Windows\System\IQjyVag.exe

C:\Windows\System\sFxkRpQ.exe

C:\Windows\System\sFxkRpQ.exe

C:\Windows\System\INaMpiR.exe

C:\Windows\System\INaMpiR.exe

C:\Windows\System\YXyvwAE.exe

C:\Windows\System\YXyvwAE.exe

C:\Windows\System\NbuteSf.exe

C:\Windows\System\NbuteSf.exe

C:\Windows\System\GinZTre.exe

C:\Windows\System\GinZTre.exe

C:\Windows\System\VGYNmHB.exe

C:\Windows\System\VGYNmHB.exe

C:\Windows\System\bKgainx.exe

C:\Windows\System\bKgainx.exe

C:\Windows\System\OeAPrat.exe

C:\Windows\System\OeAPrat.exe

C:\Windows\System\zHnSSEO.exe

C:\Windows\System\zHnSSEO.exe

C:\Windows\System\MCmtdHp.exe

C:\Windows\System\MCmtdHp.exe

C:\Windows\System\JqHlkIv.exe

C:\Windows\System\JqHlkIv.exe

C:\Windows\System\AwYFWlN.exe

C:\Windows\System\AwYFWlN.exe

C:\Windows\System\xXakFOp.exe

C:\Windows\System\xXakFOp.exe

C:\Windows\System\cDbRDFR.exe

C:\Windows\System\cDbRDFR.exe

C:\Windows\System\PZfcVHf.exe

C:\Windows\System\PZfcVHf.exe

C:\Windows\System\OZfIREJ.exe

C:\Windows\System\OZfIREJ.exe

C:\Windows\System\cNnAPJJ.exe

C:\Windows\System\cNnAPJJ.exe

C:\Windows\System\bjWlqzu.exe

C:\Windows\System\bjWlqzu.exe

C:\Windows\System\gcpHVrj.exe

C:\Windows\System\gcpHVrj.exe

C:\Windows\System\fFKJKZH.exe

C:\Windows\System\fFKJKZH.exe

C:\Windows\System\pOnRzsX.exe

C:\Windows\System\pOnRzsX.exe

C:\Windows\System\zbVYEIT.exe

C:\Windows\System\zbVYEIT.exe

C:\Windows\System\Zvcosud.exe

C:\Windows\System\Zvcosud.exe

C:\Windows\System\JMKjJvW.exe

C:\Windows\System\JMKjJvW.exe

C:\Windows\System\zPWnOrn.exe

C:\Windows\System\zPWnOrn.exe

C:\Windows\System\BHLTbtf.exe

C:\Windows\System\BHLTbtf.exe

C:\Windows\System\BGdzvzX.exe

C:\Windows\System\BGdzvzX.exe

C:\Windows\System\fNazXbX.exe

C:\Windows\System\fNazXbX.exe

C:\Windows\System\djpFrHO.exe

C:\Windows\System\djpFrHO.exe

C:\Windows\System\HUTzEJK.exe

C:\Windows\System\HUTzEJK.exe

C:\Windows\System\zIvJcWC.exe

C:\Windows\System\zIvJcWC.exe

C:\Windows\System\aODpezv.exe

C:\Windows\System\aODpezv.exe

C:\Windows\System\iYjyVPl.exe

C:\Windows\System\iYjyVPl.exe

C:\Windows\System\vAUWeWT.exe

C:\Windows\System\vAUWeWT.exe

C:\Windows\System\cjxKDfc.exe

C:\Windows\System\cjxKDfc.exe

C:\Windows\System\RtJVYrQ.exe

C:\Windows\System\RtJVYrQ.exe

C:\Windows\System\uitQVUf.exe

C:\Windows\System\uitQVUf.exe

C:\Windows\System\kvaTMoA.exe

C:\Windows\System\kvaTMoA.exe

C:\Windows\System\XmOHBYE.exe

C:\Windows\System\XmOHBYE.exe

C:\Windows\System\pgtyEZp.exe

C:\Windows\System\pgtyEZp.exe

C:\Windows\System\capaFSL.exe

C:\Windows\System\capaFSL.exe

C:\Windows\System\ZVrVVyH.exe

C:\Windows\System\ZVrVVyH.exe

C:\Windows\System\aFTgDBv.exe

C:\Windows\System\aFTgDBv.exe

C:\Windows\System\unoazDh.exe

C:\Windows\System\unoazDh.exe

C:\Windows\System\tdfuUOn.exe

C:\Windows\System\tdfuUOn.exe

C:\Windows\System\XkLFfCZ.exe

C:\Windows\System\XkLFfCZ.exe

C:\Windows\System\PgdTcTb.exe

C:\Windows\System\PgdTcTb.exe

C:\Windows\System\EGsgFTQ.exe

C:\Windows\System\EGsgFTQ.exe

C:\Windows\System\HTmXVlW.exe

C:\Windows\System\HTmXVlW.exe

C:\Windows\System\QZOfSyZ.exe

C:\Windows\System\QZOfSyZ.exe

C:\Windows\System\xdxypzr.exe

C:\Windows\System\xdxypzr.exe

C:\Windows\System\iTkCfNF.exe

C:\Windows\System\iTkCfNF.exe

C:\Windows\System\xmibBUv.exe

C:\Windows\System\xmibBUv.exe

C:\Windows\System\tqokhjB.exe

C:\Windows\System\tqokhjB.exe

C:\Windows\System\XWQWWBR.exe

C:\Windows\System\XWQWWBR.exe

C:\Windows\System\eZKkIXn.exe

C:\Windows\System\eZKkIXn.exe

C:\Windows\System\EuDAxkH.exe

C:\Windows\System\EuDAxkH.exe

C:\Windows\System\vUVrPvc.exe

C:\Windows\System\vUVrPvc.exe

C:\Windows\System\ZOAqAkp.exe

C:\Windows\System\ZOAqAkp.exe

C:\Windows\System\qriUMvt.exe

C:\Windows\System\qriUMvt.exe

C:\Windows\System\mDIcTgp.exe

C:\Windows\System\mDIcTgp.exe

C:\Windows\System\dRTGrdV.exe

C:\Windows\System\dRTGrdV.exe

C:\Windows\System\uADeqCH.exe

C:\Windows\System\uADeqCH.exe

C:\Windows\System\fKqcrAW.exe

C:\Windows\System\fKqcrAW.exe

C:\Windows\System\cPQSWrV.exe

C:\Windows\System\cPQSWrV.exe

C:\Windows\System\XQDgwRG.exe

C:\Windows\System\XQDgwRG.exe

C:\Windows\System\xJbZrfr.exe

C:\Windows\System\xJbZrfr.exe

C:\Windows\System\VcDJyIS.exe

C:\Windows\System\VcDJyIS.exe

C:\Windows\System\YqDmwPQ.exe

C:\Windows\System\YqDmwPQ.exe

C:\Windows\System\lMdXIHx.exe

C:\Windows\System\lMdXIHx.exe

C:\Windows\System\sjjAIAP.exe

C:\Windows\System\sjjAIAP.exe

C:\Windows\System\hVyOmZh.exe

C:\Windows\System\hVyOmZh.exe

C:\Windows\System\ieyAdEF.exe

C:\Windows\System\ieyAdEF.exe

C:\Windows\System\iwQglQG.exe

C:\Windows\System\iwQglQG.exe

C:\Windows\System\vSlLtNa.exe

C:\Windows\System\vSlLtNa.exe

C:\Windows\System\XdCEKCT.exe

C:\Windows\System\XdCEKCT.exe

C:\Windows\System\bMBbqWs.exe

C:\Windows\System\bMBbqWs.exe

C:\Windows\System\PPHWIpu.exe

C:\Windows\System\PPHWIpu.exe

C:\Windows\System\DoSIfGU.exe

C:\Windows\System\DoSIfGU.exe

C:\Windows\System\KqNCYtn.exe

C:\Windows\System\KqNCYtn.exe

C:\Windows\System\BQydJbb.exe

C:\Windows\System\BQydJbb.exe

C:\Windows\System\hqlrBlf.exe

C:\Windows\System\hqlrBlf.exe

C:\Windows\System\wMElMGt.exe

C:\Windows\System\wMElMGt.exe

C:\Windows\System\kkQJAfb.exe

C:\Windows\System\kkQJAfb.exe

C:\Windows\System\FMchbIT.exe

C:\Windows\System\FMchbIT.exe

C:\Windows\System\bgBryFv.exe

C:\Windows\System\bgBryFv.exe

C:\Windows\System\JYOJnWP.exe

C:\Windows\System\JYOJnWP.exe

C:\Windows\System\CKJTVLb.exe

C:\Windows\System\CKJTVLb.exe

C:\Windows\System\YFeijvw.exe

C:\Windows\System\YFeijvw.exe

C:\Windows\System\rUAzKdz.exe

C:\Windows\System\rUAzKdz.exe

C:\Windows\System\GSUgbfk.exe

C:\Windows\System\GSUgbfk.exe

C:\Windows\System\laagOaA.exe

C:\Windows\System\laagOaA.exe

C:\Windows\System\vCmwgTo.exe

C:\Windows\System\vCmwgTo.exe

C:\Windows\System\tShwqZC.exe

C:\Windows\System\tShwqZC.exe

C:\Windows\System\CPhfpuC.exe

C:\Windows\System\CPhfpuC.exe

C:\Windows\System\swDqsCg.exe

C:\Windows\System\swDqsCg.exe

C:\Windows\System\mHhYeLp.exe

C:\Windows\System\mHhYeLp.exe

C:\Windows\System\nBptckB.exe

C:\Windows\System\nBptckB.exe

C:\Windows\System\uSISsNj.exe

C:\Windows\System\uSISsNj.exe

C:\Windows\System\aMNwaso.exe

C:\Windows\System\aMNwaso.exe

C:\Windows\System\jmpmapi.exe

C:\Windows\System\jmpmapi.exe

C:\Windows\System\SphpasO.exe

C:\Windows\System\SphpasO.exe

C:\Windows\System\iBNpCAP.exe

C:\Windows\System\iBNpCAP.exe

C:\Windows\System\RcqrgCW.exe

C:\Windows\System\RcqrgCW.exe

C:\Windows\System\hYYXbVM.exe

C:\Windows\System\hYYXbVM.exe

C:\Windows\System\LvIpVWU.exe

C:\Windows\System\LvIpVWU.exe

C:\Windows\System\oZiGLys.exe

C:\Windows\System\oZiGLys.exe

C:\Windows\System\aWUPrWK.exe

C:\Windows\System\aWUPrWK.exe

C:\Windows\System\EwhzTcj.exe

C:\Windows\System\EwhzTcj.exe

C:\Windows\System\rVDXyhv.exe

C:\Windows\System\rVDXyhv.exe

C:\Windows\System\XQDIeHE.exe

C:\Windows\System\XQDIeHE.exe

C:\Windows\System\OHXjMgg.exe

C:\Windows\System\OHXjMgg.exe

C:\Windows\System\BTcxPeX.exe

C:\Windows\System\BTcxPeX.exe

C:\Windows\System\cCyckfn.exe

C:\Windows\System\cCyckfn.exe

C:\Windows\System\tyUvGBh.exe

C:\Windows\System\tyUvGBh.exe

C:\Windows\System\iwWlAbj.exe

C:\Windows\System\iwWlAbj.exe

C:\Windows\System\lrRsocl.exe

C:\Windows\System\lrRsocl.exe

C:\Windows\System\oztKsIQ.exe

C:\Windows\System\oztKsIQ.exe

C:\Windows\System\qSuGfUU.exe

C:\Windows\System\qSuGfUU.exe

C:\Windows\System\EFkeGqB.exe

C:\Windows\System\EFkeGqB.exe

C:\Windows\System\CXsaxkR.exe

C:\Windows\System\CXsaxkR.exe

C:\Windows\System\AaUvfoL.exe

C:\Windows\System\AaUvfoL.exe

C:\Windows\System\YeJjvgQ.exe

C:\Windows\System\YeJjvgQ.exe

C:\Windows\System\wNkaIgN.exe

C:\Windows\System\wNkaIgN.exe

C:\Windows\System\ELgZiqj.exe

C:\Windows\System\ELgZiqj.exe

C:\Windows\System\UAxojBF.exe

C:\Windows\System\UAxojBF.exe

C:\Windows\System\FTLUPgm.exe

C:\Windows\System\FTLUPgm.exe

C:\Windows\System\cgbtRQV.exe

C:\Windows\System\cgbtRQV.exe

C:\Windows\System\QLICrth.exe

C:\Windows\System\QLICrth.exe

C:\Windows\System\ELHCBDJ.exe

C:\Windows\System\ELHCBDJ.exe

C:\Windows\System\nOyUlcr.exe

C:\Windows\System\nOyUlcr.exe

C:\Windows\System\BeYOXIL.exe

C:\Windows\System\BeYOXIL.exe

C:\Windows\System\EuNQFUu.exe

C:\Windows\System\EuNQFUu.exe

C:\Windows\System\CVlUtoJ.exe

C:\Windows\System\CVlUtoJ.exe

C:\Windows\System\wxnFEkr.exe

C:\Windows\System\wxnFEkr.exe

C:\Windows\System\WfXNnIi.exe

C:\Windows\System\WfXNnIi.exe

C:\Windows\System\Ejqxiyn.exe

C:\Windows\System\Ejqxiyn.exe

C:\Windows\System\EqHwyBB.exe

C:\Windows\System\EqHwyBB.exe

C:\Windows\System\XllRazy.exe

C:\Windows\System\XllRazy.exe

C:\Windows\System\WwomzHj.exe

C:\Windows\System\WwomzHj.exe

C:\Windows\System\DAPmfmM.exe

C:\Windows\System\DAPmfmM.exe

C:\Windows\System\jpeKVjY.exe

C:\Windows\System\jpeKVjY.exe

C:\Windows\System\mYLvuHP.exe

C:\Windows\System\mYLvuHP.exe

C:\Windows\System\rrGNOem.exe

C:\Windows\System\rrGNOem.exe

C:\Windows\System\ygnpkNE.exe

C:\Windows\System\ygnpkNE.exe

C:\Windows\System\zdRfyyq.exe

C:\Windows\System\zdRfyyq.exe

C:\Windows\System\VKNjOHM.exe

C:\Windows\System\VKNjOHM.exe

C:\Windows\System\uQqDnpV.exe

C:\Windows\System\uQqDnpV.exe

C:\Windows\System\MUUmeIX.exe

C:\Windows\System\MUUmeIX.exe

C:\Windows\System\pnYGFDw.exe

C:\Windows\System\pnYGFDw.exe

C:\Windows\System\GmBEftn.exe

C:\Windows\System\GmBEftn.exe

C:\Windows\System\cEWglNN.exe

C:\Windows\System\cEWglNN.exe

C:\Windows\System\QoLXqjI.exe

C:\Windows\System\QoLXqjI.exe

C:\Windows\System\AaRlOsd.exe

C:\Windows\System\AaRlOsd.exe

C:\Windows\System\EyLEiQd.exe

C:\Windows\System\EyLEiQd.exe

C:\Windows\System\rgajqUD.exe

C:\Windows\System\rgajqUD.exe

C:\Windows\System\ePWPlzD.exe

C:\Windows\System\ePWPlzD.exe

C:\Windows\System\ZyDoqHr.exe

C:\Windows\System\ZyDoqHr.exe

C:\Windows\System\RuTOgyM.exe

C:\Windows\System\RuTOgyM.exe

C:\Windows\System\QaVEVXt.exe

C:\Windows\System\QaVEVXt.exe

C:\Windows\System\yTPNFys.exe

C:\Windows\System\yTPNFys.exe

C:\Windows\System\LySOoSe.exe

C:\Windows\System\LySOoSe.exe

C:\Windows\System\dZXvEMX.exe

C:\Windows\System\dZXvEMX.exe

C:\Windows\System\QAOxmAq.exe

C:\Windows\System\QAOxmAq.exe

C:\Windows\System\OOVbqCD.exe

C:\Windows\System\OOVbqCD.exe

C:\Windows\System\eRayrtl.exe

C:\Windows\System\eRayrtl.exe

C:\Windows\System\QahUwct.exe

C:\Windows\System\QahUwct.exe

C:\Windows\System\vYGUgrX.exe

C:\Windows\System\vYGUgrX.exe

C:\Windows\System\NTUmGHb.exe

C:\Windows\System\NTUmGHb.exe

C:\Windows\System\RadirYX.exe

C:\Windows\System\RadirYX.exe

C:\Windows\System\HrQwkAG.exe

C:\Windows\System\HrQwkAG.exe

C:\Windows\System\ZZlupUS.exe

C:\Windows\System\ZZlupUS.exe

C:\Windows\System\AByYKXv.exe

C:\Windows\System\AByYKXv.exe

C:\Windows\System\MRJKpRN.exe

C:\Windows\System\MRJKpRN.exe

C:\Windows\System\axODCrL.exe

C:\Windows\System\axODCrL.exe

C:\Windows\System\GrpBOGa.exe

C:\Windows\System\GrpBOGa.exe

C:\Windows\System\ZkudDVL.exe

C:\Windows\System\ZkudDVL.exe

C:\Windows\System\IkKEgQs.exe

C:\Windows\System\IkKEgQs.exe

C:\Windows\System\wPhfmwN.exe

C:\Windows\System\wPhfmwN.exe

C:\Windows\System\NPIjiEr.exe

C:\Windows\System\NPIjiEr.exe

C:\Windows\System\SPFkUxc.exe

C:\Windows\System\SPFkUxc.exe

C:\Windows\System\VqCteOD.exe

C:\Windows\System\VqCteOD.exe

C:\Windows\System\EbhsCPd.exe

C:\Windows\System\EbhsCPd.exe

C:\Windows\System\HIxVDOj.exe

C:\Windows\System\HIxVDOj.exe

C:\Windows\System\kQxeaPu.exe

C:\Windows\System\kQxeaPu.exe

C:\Windows\System\RILyAol.exe

C:\Windows\System\RILyAol.exe

C:\Windows\System\mKpwraQ.exe

C:\Windows\System\mKpwraQ.exe

C:\Windows\System\yjnTpYI.exe

C:\Windows\System\yjnTpYI.exe

C:\Windows\System\MWkSROP.exe

C:\Windows\System\MWkSROP.exe

C:\Windows\System\hSabtBL.exe

C:\Windows\System\hSabtBL.exe

C:\Windows\System\jIUtTNE.exe

C:\Windows\System\jIUtTNE.exe

C:\Windows\System\zZmLatF.exe

C:\Windows\System\zZmLatF.exe

C:\Windows\System\gXVgXOb.exe

C:\Windows\System\gXVgXOb.exe

C:\Windows\System\ivxCHpE.exe

C:\Windows\System\ivxCHpE.exe

C:\Windows\System\DWTqvCI.exe

C:\Windows\System\DWTqvCI.exe

C:\Windows\System\cBlaaUu.exe

C:\Windows\System\cBlaaUu.exe

C:\Windows\System\GhJhOXV.exe

C:\Windows\System\GhJhOXV.exe

C:\Windows\System\FlnCmRG.exe

C:\Windows\System\FlnCmRG.exe

C:\Windows\System\gkbPZUz.exe

C:\Windows\System\gkbPZUz.exe

C:\Windows\System\QwukVcr.exe

C:\Windows\System\QwukVcr.exe

C:\Windows\System\CpezTMY.exe

C:\Windows\System\CpezTMY.exe

C:\Windows\System\mSKDVVI.exe

C:\Windows\System\mSKDVVI.exe

C:\Windows\System\JTdeWii.exe

C:\Windows\System\JTdeWii.exe

C:\Windows\System\JIjiSjH.exe

C:\Windows\System\JIjiSjH.exe

C:\Windows\System\YXXloAU.exe

C:\Windows\System\YXXloAU.exe

C:\Windows\System\prvvhJG.exe

C:\Windows\System\prvvhJG.exe

C:\Windows\System\qCgXDRS.exe

C:\Windows\System\qCgXDRS.exe

C:\Windows\System\CXBkggO.exe

C:\Windows\System\CXBkggO.exe

C:\Windows\System\nufKlSj.exe

C:\Windows\System\nufKlSj.exe

C:\Windows\System\kSWydbM.exe

C:\Windows\System\kSWydbM.exe

C:\Windows\System\tQaWsRv.exe

C:\Windows\System\tQaWsRv.exe

C:\Windows\System\PZwgJRz.exe

C:\Windows\System\PZwgJRz.exe

C:\Windows\System\sAijCeI.exe

C:\Windows\System\sAijCeI.exe

C:\Windows\System\QyehGWR.exe

C:\Windows\System\QyehGWR.exe

C:\Windows\System\CqceYjO.exe

C:\Windows\System\CqceYjO.exe

C:\Windows\System\wBWqEnc.exe

C:\Windows\System\wBWqEnc.exe

C:\Windows\System\AUdWKRm.exe

C:\Windows\System\AUdWKRm.exe

C:\Windows\System\oNCNcli.exe

C:\Windows\System\oNCNcli.exe

C:\Windows\System\NJbVBmQ.exe

C:\Windows\System\NJbVBmQ.exe

C:\Windows\System\lXTJVeV.exe

C:\Windows\System\lXTJVeV.exe

C:\Windows\System\jYdGypT.exe

C:\Windows\System\jYdGypT.exe

C:\Windows\System\fODpLWV.exe

C:\Windows\System\fODpLWV.exe

C:\Windows\System\rXWQUtB.exe

C:\Windows\System\rXWQUtB.exe

C:\Windows\System\xaqqKcv.exe

C:\Windows\System\xaqqKcv.exe

C:\Windows\System\uASYRpq.exe

C:\Windows\System\uASYRpq.exe

C:\Windows\System\GZotNLK.exe

C:\Windows\System\GZotNLK.exe

C:\Windows\System\tyUrYoA.exe

C:\Windows\System\tyUrYoA.exe

C:\Windows\System\hGIQoDL.exe

C:\Windows\System\hGIQoDL.exe

C:\Windows\System\icWpvNY.exe

C:\Windows\System\icWpvNY.exe

C:\Windows\System\YBlwcEN.exe

C:\Windows\System\YBlwcEN.exe

C:\Windows\System\SbqKYjl.exe

C:\Windows\System\SbqKYjl.exe

C:\Windows\System\qKplvac.exe

C:\Windows\System\qKplvac.exe

C:\Windows\System\ZQVgXFF.exe

C:\Windows\System\ZQVgXFF.exe

C:\Windows\System\zuqmDug.exe

C:\Windows\System\zuqmDug.exe

C:\Windows\System\LhgdAUF.exe

C:\Windows\System\LhgdAUF.exe

C:\Windows\System\gByDBiB.exe

C:\Windows\System\gByDBiB.exe

C:\Windows\System\ueuBtHA.exe

C:\Windows\System\ueuBtHA.exe

C:\Windows\System\LIZlzrM.exe

C:\Windows\System\LIZlzrM.exe

C:\Windows\System\RnNVYxw.exe

C:\Windows\System\RnNVYxw.exe

C:\Windows\System\AGiQAgo.exe

C:\Windows\System\AGiQAgo.exe

C:\Windows\System\myFgtTx.exe

C:\Windows\System\myFgtTx.exe

C:\Windows\System\PHryyLP.exe

C:\Windows\System\PHryyLP.exe

C:\Windows\System\seAMthV.exe

C:\Windows\System\seAMthV.exe

C:\Windows\System\EzHKXIp.exe

C:\Windows\System\EzHKXIp.exe

C:\Windows\System\pndVHbL.exe

C:\Windows\System\pndVHbL.exe

C:\Windows\System\zItAreu.exe

C:\Windows\System\zItAreu.exe

C:\Windows\System\GsFwSpV.exe

C:\Windows\System\GsFwSpV.exe

C:\Windows\System\oDMZYMW.exe

C:\Windows\System\oDMZYMW.exe

C:\Windows\System\KnrENpt.exe

C:\Windows\System\KnrENpt.exe

C:\Windows\System\BESIPEd.exe

C:\Windows\System\BESIPEd.exe

C:\Windows\System\pYHdVRN.exe

C:\Windows\System\pYHdVRN.exe

C:\Windows\System\cDCVFbt.exe

C:\Windows\System\cDCVFbt.exe

C:\Windows\System\OZuvfeD.exe

C:\Windows\System\OZuvfeD.exe

C:\Windows\System\bjRWUCx.exe

C:\Windows\System\bjRWUCx.exe

C:\Windows\System\JBqAYBs.exe

C:\Windows\System\JBqAYBs.exe

C:\Windows\System\vpwROXd.exe

C:\Windows\System\vpwROXd.exe

C:\Windows\System\DoukQCc.exe

C:\Windows\System\DoukQCc.exe

C:\Windows\System\zRTkTdN.exe

C:\Windows\System\zRTkTdN.exe

C:\Windows\System\QFEtZgB.exe

C:\Windows\System\QFEtZgB.exe

C:\Windows\System\TpfMHzN.exe

C:\Windows\System\TpfMHzN.exe

C:\Windows\System\pDsLOik.exe

C:\Windows\System\pDsLOik.exe

C:\Windows\System\ZsMQbck.exe

C:\Windows\System\ZsMQbck.exe

C:\Windows\System\oIUMUeU.exe

C:\Windows\System\oIUMUeU.exe

C:\Windows\System\YYzDmCh.exe

C:\Windows\System\YYzDmCh.exe

C:\Windows\System\YYDULBj.exe

C:\Windows\System\YYDULBj.exe

C:\Windows\System\bHuHxlB.exe

C:\Windows\System\bHuHxlB.exe

C:\Windows\System\hEzMuKH.exe

C:\Windows\System\hEzMuKH.exe

C:\Windows\System\gFCguSh.exe

C:\Windows\System\gFCguSh.exe

C:\Windows\System\PtyAknG.exe

C:\Windows\System\PtyAknG.exe

C:\Windows\System\RcfUiBh.exe

C:\Windows\System\RcfUiBh.exe

C:\Windows\System\FwuFlBa.exe

C:\Windows\System\FwuFlBa.exe

C:\Windows\System\rKDbWPm.exe

C:\Windows\System\rKDbWPm.exe

C:\Windows\System\npAWDWp.exe

C:\Windows\System\npAWDWp.exe

C:\Windows\System\xbTLumt.exe

C:\Windows\System\xbTLumt.exe

C:\Windows\System\SRZlCUw.exe

C:\Windows\System\SRZlCUw.exe

C:\Windows\System\YowCoEn.exe

C:\Windows\System\YowCoEn.exe

C:\Windows\System\VLjQxwB.exe

C:\Windows\System\VLjQxwB.exe

C:\Windows\System\RwDwcSX.exe

C:\Windows\System\RwDwcSX.exe

C:\Windows\System\deUJAIn.exe

C:\Windows\System\deUJAIn.exe

C:\Windows\System\RJoPLnb.exe

C:\Windows\System\RJoPLnb.exe

C:\Windows\System\jBnzUnn.exe

C:\Windows\System\jBnzUnn.exe

C:\Windows\System\MtMzQqe.exe

C:\Windows\System\MtMzQqe.exe

C:\Windows\System\aTzewqT.exe

C:\Windows\System\aTzewqT.exe

C:\Windows\System\arVslHh.exe

C:\Windows\System\arVslHh.exe

C:\Windows\System\NwbJGxb.exe

C:\Windows\System\NwbJGxb.exe

C:\Windows\System\eQpCPif.exe

C:\Windows\System\eQpCPif.exe

C:\Windows\System\ZlWQSDx.exe

C:\Windows\System\ZlWQSDx.exe

C:\Windows\System\sGRwHri.exe

C:\Windows\System\sGRwHri.exe

C:\Windows\System\duZqbHq.exe

C:\Windows\System\duZqbHq.exe

C:\Windows\System\tpSXAng.exe

C:\Windows\System\tpSXAng.exe

C:\Windows\System\YzzAjSt.exe

C:\Windows\System\YzzAjSt.exe

C:\Windows\System\pZzxHOL.exe

C:\Windows\System\pZzxHOL.exe

C:\Windows\System\gOrbadF.exe

C:\Windows\System\gOrbadF.exe

C:\Windows\System\zcDyAvp.exe

C:\Windows\System\zcDyAvp.exe

C:\Windows\System\vinKSdY.exe

C:\Windows\System\vinKSdY.exe

C:\Windows\System\LciKimz.exe

C:\Windows\System\LciKimz.exe

C:\Windows\System\odqQtpe.exe

C:\Windows\System\odqQtpe.exe

C:\Windows\System\swpEAet.exe

C:\Windows\System\swpEAet.exe

C:\Windows\System\yeIXzdU.exe

C:\Windows\System\yeIXzdU.exe

C:\Windows\System\azkKmme.exe

C:\Windows\System\azkKmme.exe

C:\Windows\System\KGkKHJh.exe

C:\Windows\System\KGkKHJh.exe

C:\Windows\System\wHhzBpr.exe

C:\Windows\System\wHhzBpr.exe

C:\Windows\System\gelEnvc.exe

C:\Windows\System\gelEnvc.exe

C:\Windows\System\rJljusa.exe

C:\Windows\System\rJljusa.exe

C:\Windows\System\KOpJUFq.exe

C:\Windows\System\KOpJUFq.exe

C:\Windows\System\GvRRlqB.exe

C:\Windows\System\GvRRlqB.exe

C:\Windows\System\uYfoBHd.exe

C:\Windows\System\uYfoBHd.exe

C:\Windows\System\WUDMMjb.exe

C:\Windows\System\WUDMMjb.exe

C:\Windows\System\BZjKmOX.exe

C:\Windows\System\BZjKmOX.exe

C:\Windows\System\yGzfcXP.exe

C:\Windows\System\yGzfcXP.exe

C:\Windows\System\sPhDteE.exe

C:\Windows\System\sPhDteE.exe

C:\Windows\System\ioeMlqu.exe

C:\Windows\System\ioeMlqu.exe

C:\Windows\System\ryREiGj.exe

C:\Windows\System\ryREiGj.exe

C:\Windows\System\FkTfwWw.exe

C:\Windows\System\FkTfwWw.exe

C:\Windows\System\ZeYOgde.exe

C:\Windows\System\ZeYOgde.exe

C:\Windows\System\BIOmZBh.exe

C:\Windows\System\BIOmZBh.exe

C:\Windows\System\tinkhoX.exe

C:\Windows\System\tinkhoX.exe

C:\Windows\System\EzXtOhv.exe

C:\Windows\System\EzXtOhv.exe

C:\Windows\System\LTQVGdv.exe

C:\Windows\System\LTQVGdv.exe

C:\Windows\System\ZRhPDvG.exe

C:\Windows\System\ZRhPDvG.exe

C:\Windows\System\izwmzKw.exe

C:\Windows\System\izwmzKw.exe

C:\Windows\System\XrOQRFM.exe

C:\Windows\System\XrOQRFM.exe

C:\Windows\System\PrmYSwO.exe

C:\Windows\System\PrmYSwO.exe

C:\Windows\System\tqiYlhd.exe

C:\Windows\System\tqiYlhd.exe

C:\Windows\System\mdixZHk.exe

C:\Windows\System\mdixZHk.exe

C:\Windows\System\njjevQy.exe

C:\Windows\System\njjevQy.exe

C:\Windows\System\IuqfRcN.exe

C:\Windows\System\IuqfRcN.exe

C:\Windows\System\ajQaqog.exe

C:\Windows\System\ajQaqog.exe

C:\Windows\System\pANfgdp.exe

C:\Windows\System\pANfgdp.exe

C:\Windows\System\UtSujzw.exe

C:\Windows\System\UtSujzw.exe

C:\Windows\System\oPuLpPK.exe

C:\Windows\System\oPuLpPK.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\FkgVTXy.exe

C:\Windows\System\FkgVTXy.exe

C:\Windows\System\hsZwnTU.exe

C:\Windows\System\hsZwnTU.exe

C:\Windows\System\kkaZVyJ.exe

C:\Windows\System\kkaZVyJ.exe

C:\Windows\System\vGpMNwX.exe

C:\Windows\System\vGpMNwX.exe

C:\Windows\System\zOScHxP.exe

C:\Windows\System\zOScHxP.exe

C:\Windows\System\kpeJsqG.exe

C:\Windows\System\kpeJsqG.exe

C:\Windows\System\MBMyHwi.exe

C:\Windows\System\MBMyHwi.exe

C:\Windows\System\CAhxfei.exe

C:\Windows\System\CAhxfei.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\wMVtLrq.exe

C:\Windows\System\wMVtLrq.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\System\vvKhvgl.exe

C:\Windows\System\vvKhvgl.exe

C:\Windows\System\WaMtfsr.exe

C:\Windows\System\WaMtfsr.exe

C:\Windows\System\RkVFbyg.exe

C:\Windows\System\RkVFbyg.exe

C:\Windows\System\RBJWHOs.exe

C:\Windows\System\RBJWHOs.exe

C:\Windows\System\OjXfJyW.exe

C:\Windows\System\OjXfJyW.exe

C:\Windows\System\vcTaXHT.exe

C:\Windows\System\vcTaXHT.exe

C:\Windows\System\ccsTVDh.exe

C:\Windows\System\ccsTVDh.exe

C:\Windows\System\ZbeRBDj.exe

C:\Windows\System\ZbeRBDj.exe

C:\Windows\System\FSVntVg.exe

C:\Windows\System\FSVntVg.exe

C:\Windows\System\yjNGfAm.exe

C:\Windows\System\yjNGfAm.exe

C:\Windows\System\wbNGeQs.exe

C:\Windows\System\wbNGeQs.exe

C:\Windows\System\NnmKnpH.exe

C:\Windows\System\NnmKnpH.exe

C:\Windows\System\SWoQbYL.exe

C:\Windows\System\SWoQbYL.exe

C:\Windows\System\yrXLxKU.exe

C:\Windows\System\yrXLxKU.exe

C:\Windows\System\XCKNqiv.exe

C:\Windows\System\XCKNqiv.exe

C:\Windows\System\dPvpbLK.exe

C:\Windows\System\dPvpbLK.exe

C:\Windows\System\yhijDqm.exe

C:\Windows\System\yhijDqm.exe

C:\Windows\System\qrAfXwo.exe

C:\Windows\System\qrAfXwo.exe

C:\Windows\System\HzvJVbf.exe

C:\Windows\System\HzvJVbf.exe

C:\Windows\System\EBSnuqi.exe

C:\Windows\System\EBSnuqi.exe

C:\Windows\System\uFojhEy.exe

C:\Windows\System\uFojhEy.exe

C:\Windows\System\GrCatxg.exe

C:\Windows\System\GrCatxg.exe

C:\Windows\System\AKNqnmd.exe

C:\Windows\System\AKNqnmd.exe

C:\Windows\System\czmPVzf.exe

C:\Windows\System\czmPVzf.exe

C:\Windows\System\BMhAExQ.exe

C:\Windows\System\BMhAExQ.exe

C:\Windows\System\QqmlGIy.exe

C:\Windows\System\QqmlGIy.exe

C:\Windows\System\bYYgEMW.exe

C:\Windows\System\bYYgEMW.exe

C:\Windows\System\sPdhKGt.exe

C:\Windows\System\sPdhKGt.exe

C:\Windows\System\RizkaAc.exe

C:\Windows\System\RizkaAc.exe

C:\Windows\System\yNqsphI.exe

C:\Windows\System\yNqsphI.exe

C:\Windows\System\bUlByGR.exe

C:\Windows\System\bUlByGR.exe

C:\Windows\System\tRpOxjx.exe

C:\Windows\System\tRpOxjx.exe

C:\Windows\System\LmaypKq.exe

C:\Windows\System\LmaypKq.exe

C:\Windows\System\YLiKDVX.exe

C:\Windows\System\YLiKDVX.exe

C:\Windows\System\VjCaJqv.exe

C:\Windows\System\VjCaJqv.exe

C:\Windows\System\SvrZKpB.exe

C:\Windows\System\SvrZKpB.exe

C:\Windows\System\iCXBkcm.exe

C:\Windows\System\iCXBkcm.exe

C:\Windows\System\oBUcyhN.exe

C:\Windows\System\oBUcyhN.exe

C:\Windows\System\JAZfALq.exe

C:\Windows\System\JAZfALq.exe

C:\Windows\System\iWJIikd.exe

C:\Windows\System\iWJIikd.exe

C:\Windows\System\zMpgFce.exe

C:\Windows\System\zMpgFce.exe

C:\Windows\System\ckovDAI.exe

C:\Windows\System\ckovDAI.exe

C:\Windows\System\iFhpAMw.exe

C:\Windows\System\iFhpAMw.exe

C:\Windows\System\NvYDFJJ.exe

C:\Windows\System\NvYDFJJ.exe

C:\Windows\System\uoSMgdQ.exe

C:\Windows\System\uoSMgdQ.exe

C:\Windows\System\JZEAOvx.exe

C:\Windows\System\JZEAOvx.exe

C:\Windows\System\UGqYUTy.exe

C:\Windows\System\UGqYUTy.exe

C:\Windows\System\RGMbqqU.exe

C:\Windows\System\RGMbqqU.exe

C:\Windows\System\pObPsta.exe

C:\Windows\System\pObPsta.exe

C:\Windows\System\zHRuMsD.exe

C:\Windows\System\zHRuMsD.exe

C:\Windows\System\sMZcCQu.exe

C:\Windows\System\sMZcCQu.exe

C:\Windows\System\ghnviWu.exe

C:\Windows\System\ghnviWu.exe

C:\Windows\System\onlgyyC.exe

C:\Windows\System\onlgyyC.exe

C:\Windows\System\ajZVOqQ.exe

C:\Windows\System\ajZVOqQ.exe

C:\Windows\System\ZHzjtfD.exe

C:\Windows\System\ZHzjtfD.exe

C:\Windows\System\uZNEAoA.exe

C:\Windows\System\uZNEAoA.exe

C:\Windows\System\BJxuDPF.exe

C:\Windows\System\BJxuDPF.exe

C:\Windows\System\hrMSmdm.exe

C:\Windows\System\hrMSmdm.exe

C:\Windows\System\OBLWUff.exe

C:\Windows\System\OBLWUff.exe

C:\Windows\System\ONNgPMX.exe

C:\Windows\System\ONNgPMX.exe

C:\Windows\System\fWUXPRc.exe

C:\Windows\System\fWUXPRc.exe

C:\Windows\System\rWfJSBo.exe

C:\Windows\System\rWfJSBo.exe

C:\Windows\System\Ngfnjqx.exe

C:\Windows\System\Ngfnjqx.exe

C:\Windows\System\VRKInMJ.exe

C:\Windows\System\VRKInMJ.exe

C:\Windows\System\ujqkxyc.exe

C:\Windows\System\ujqkxyc.exe

C:\Windows\System\LJMePnc.exe

C:\Windows\System\LJMePnc.exe

C:\Windows\System\prpkjNe.exe

C:\Windows\System\prpkjNe.exe

C:\Windows\System\ruoLoot.exe

C:\Windows\System\ruoLoot.exe

C:\Windows\System\ECFYDQy.exe

C:\Windows\System\ECFYDQy.exe

C:\Windows\System\oMxXDBO.exe

C:\Windows\System\oMxXDBO.exe

C:\Windows\System\YvupheB.exe

C:\Windows\System\YvupheB.exe

C:\Windows\System\SVfCzZE.exe

C:\Windows\System\SVfCzZE.exe

C:\Windows\System\njQhqnd.exe

C:\Windows\System\njQhqnd.exe

C:\Windows\System\WkXrNaI.exe

C:\Windows\System\WkXrNaI.exe

C:\Windows\System\nJMILid.exe

C:\Windows\System\nJMILid.exe

C:\Windows\System\akMvCjK.exe

C:\Windows\System\akMvCjK.exe

C:\Windows\System\uqJEgZw.exe

C:\Windows\System\uqJEgZw.exe

C:\Windows\System\jwwJZZq.exe

C:\Windows\System\jwwJZZq.exe

C:\Windows\System\QSGiQvh.exe

C:\Windows\System\QSGiQvh.exe

C:\Windows\System\KBQOixn.exe

C:\Windows\System\KBQOixn.exe

C:\Windows\System\sWBJpsO.exe

C:\Windows\System\sWBJpsO.exe

C:\Windows\System\ntJXjns.exe

C:\Windows\System\ntJXjns.exe

C:\Windows\System\NCmQSqq.exe

C:\Windows\System\NCmQSqq.exe

C:\Windows\System\isqszJO.exe

C:\Windows\System\isqszJO.exe

C:\Windows\System\ycvnrUR.exe

C:\Windows\System\ycvnrUR.exe

C:\Windows\System\JPifaXV.exe

C:\Windows\System\JPifaXV.exe

C:\Windows\System\conjSls.exe

C:\Windows\System\conjSls.exe

C:\Windows\System\AlWNAeO.exe

C:\Windows\System\AlWNAeO.exe

C:\Windows\System\ZgKZaAZ.exe

C:\Windows\System\ZgKZaAZ.exe

C:\Windows\System\wOHIdpe.exe

C:\Windows\System\wOHIdpe.exe

C:\Windows\System\BHfmWIU.exe

C:\Windows\System\BHfmWIU.exe

C:\Windows\System\viloFeY.exe

C:\Windows\System\viloFeY.exe

C:\Windows\System\BKQvaBp.exe

C:\Windows\System\BKQvaBp.exe

C:\Windows\System\UFZxRYX.exe

C:\Windows\System\UFZxRYX.exe

C:\Windows\System\NlLSAUT.exe

C:\Windows\System\NlLSAUT.exe

C:\Windows\System\CsLAfDU.exe

C:\Windows\System\CsLAfDU.exe

C:\Windows\System\pJGarQF.exe

C:\Windows\System\pJGarQF.exe

C:\Windows\System\Lbsfbrg.exe

C:\Windows\System\Lbsfbrg.exe

C:\Windows\System\zttKhEF.exe

C:\Windows\System\zttKhEF.exe

C:\Windows\System\DZOcoYP.exe

C:\Windows\System\DZOcoYP.exe

C:\Windows\System\VkasHYv.exe

C:\Windows\System\VkasHYv.exe

C:\Windows\System\cXlHGXt.exe

C:\Windows\System\cXlHGXt.exe

C:\Windows\System\XoWproS.exe

C:\Windows\System\XoWproS.exe

C:\Windows\System\jHGTJpU.exe

C:\Windows\System\jHGTJpU.exe

C:\Windows\System\SeFScsu.exe

C:\Windows\System\SeFScsu.exe

C:\Windows\System\kAWixjg.exe

C:\Windows\System\kAWixjg.exe

C:\Windows\System\uMiqeQG.exe

C:\Windows\System\uMiqeQG.exe

C:\Windows\System\pFAdSGG.exe

C:\Windows\System\pFAdSGG.exe

C:\Windows\System\XiZlXtN.exe

C:\Windows\System\XiZlXtN.exe

C:\Windows\System\iLzCRcV.exe

C:\Windows\System\iLzCRcV.exe

C:\Windows\System\dqbvLIu.exe

C:\Windows\System\dqbvLIu.exe

C:\Windows\System\TdDgwKX.exe

C:\Windows\System\TdDgwKX.exe

C:\Windows\System\aBdarQP.exe

C:\Windows\System\aBdarQP.exe

C:\Windows\System\SngqWWX.exe

C:\Windows\System\SngqWWX.exe

C:\Windows\System\xuTMnrh.exe

C:\Windows\System\xuTMnrh.exe

C:\Windows\System\WwEaYfg.exe

C:\Windows\System\WwEaYfg.exe

C:\Windows\System\EqJHpTf.exe

C:\Windows\System\EqJHpTf.exe

C:\Windows\System\tWNDrAh.exe

C:\Windows\System\tWNDrAh.exe

C:\Windows\System\XvsEqhx.exe

C:\Windows\System\XvsEqhx.exe

C:\Windows\System\ZncOnfL.exe

C:\Windows\System\ZncOnfL.exe

C:\Windows\System\JCDKHDl.exe

C:\Windows\System\JCDKHDl.exe

C:\Windows\System\EWhshrD.exe

C:\Windows\System\EWhshrD.exe

C:\Windows\System\hZwTMkM.exe

C:\Windows\System\hZwTMkM.exe

C:\Windows\System\zBLzhfe.exe

C:\Windows\System\zBLzhfe.exe

C:\Windows\System\tUsmJVc.exe

C:\Windows\System\tUsmJVc.exe

C:\Windows\System\SLnawOJ.exe

C:\Windows\System\SLnawOJ.exe

C:\Windows\System\vIROBll.exe

C:\Windows\System\vIROBll.exe

C:\Windows\System\biEaziH.exe

C:\Windows\System\biEaziH.exe

C:\Windows\System\QJllfLB.exe

C:\Windows\System\QJllfLB.exe

C:\Windows\System\QnmYqsg.exe

C:\Windows\System\QnmYqsg.exe

C:\Windows\System\XHMewDE.exe

C:\Windows\System\XHMewDE.exe

C:\Windows\System\AjQkHUo.exe

C:\Windows\System\AjQkHUo.exe

C:\Windows\System\LLYFINd.exe

C:\Windows\System\LLYFINd.exe

C:\Windows\System\vNpjbOW.exe

C:\Windows\System\vNpjbOW.exe

C:\Windows\System\woZXrOB.exe

C:\Windows\System\woZXrOB.exe

C:\Windows\System\ZhLPiKn.exe

C:\Windows\System\ZhLPiKn.exe

C:\Windows\System\cltWfxE.exe

C:\Windows\System\cltWfxE.exe

C:\Windows\System\yMmUARN.exe

C:\Windows\System\yMmUARN.exe

C:\Windows\System\EsSgzfK.exe

C:\Windows\System\EsSgzfK.exe

C:\Windows\System\QUCKGGT.exe

C:\Windows\System\QUCKGGT.exe

C:\Windows\System\NuHBbnJ.exe

C:\Windows\System\NuHBbnJ.exe

C:\Windows\System\dmROSgB.exe

C:\Windows\System\dmROSgB.exe

C:\Windows\System\hNkzQOO.exe

C:\Windows\System\hNkzQOO.exe

C:\Windows\System\aZZOKrR.exe

C:\Windows\System\aZZOKrR.exe

C:\Windows\System\AMHlgPM.exe

C:\Windows\System\AMHlgPM.exe

C:\Windows\System\QTPzgpn.exe

C:\Windows\System\QTPzgpn.exe

C:\Windows\System\FvclDNG.exe

C:\Windows\System\FvclDNG.exe

C:\Windows\System\FagpBni.exe

C:\Windows\System\FagpBni.exe

C:\Windows\System\yHHVbKY.exe

C:\Windows\System\yHHVbKY.exe

C:\Windows\System\GkBejRC.exe

C:\Windows\System\GkBejRC.exe

C:\Windows\System\IOuUCeO.exe

C:\Windows\System\IOuUCeO.exe

C:\Windows\System\VtKlApO.exe

C:\Windows\System\VtKlApO.exe

C:\Windows\System\uGJlbOA.exe

C:\Windows\System\uGJlbOA.exe

C:\Windows\System\DFNgOcl.exe

C:\Windows\System\DFNgOcl.exe

C:\Windows\System\KUxWtvI.exe

C:\Windows\System\KUxWtvI.exe

C:\Windows\System\HIlUGMS.exe

C:\Windows\System\HIlUGMS.exe

C:\Windows\System\wtfDvoR.exe

C:\Windows\System\wtfDvoR.exe

C:\Windows\System\MHHwSnW.exe

C:\Windows\System\MHHwSnW.exe

C:\Windows\System\PaSorYQ.exe

C:\Windows\System\PaSorYQ.exe

C:\Windows\System\tBbBBjN.exe

C:\Windows\System\tBbBBjN.exe

C:\Windows\System\iKUogNC.exe

C:\Windows\System\iKUogNC.exe

C:\Windows\System\DzAtBXU.exe

C:\Windows\System\DzAtBXU.exe

C:\Windows\System\NIwIWNY.exe

C:\Windows\System\NIwIWNY.exe

C:\Windows\System\ZOzgkpw.exe

C:\Windows\System\ZOzgkpw.exe

C:\Windows\System\YdhktdE.exe

C:\Windows\System\YdhktdE.exe

C:\Windows\System\mHRIOvK.exe

C:\Windows\System\mHRIOvK.exe

C:\Windows\System\hArXgwx.exe

C:\Windows\System\hArXgwx.exe

C:\Windows\System\FyWlnjH.exe

C:\Windows\System\FyWlnjH.exe

C:\Windows\System\jpgWscH.exe

C:\Windows\System\jpgWscH.exe

C:\Windows\System\BANOpbG.exe

C:\Windows\System\BANOpbG.exe

C:\Windows\System\skdRNfS.exe

C:\Windows\System\skdRNfS.exe

C:\Windows\System\gUdDWsn.exe

C:\Windows\System\gUdDWsn.exe

C:\Windows\System\VTieVKC.exe

C:\Windows\System\VTieVKC.exe

C:\Windows\System\aWJOksj.exe

C:\Windows\System\aWJOksj.exe

C:\Windows\System\uRRjAPd.exe

C:\Windows\System\uRRjAPd.exe

C:\Windows\System\zldjmdY.exe

C:\Windows\System\zldjmdY.exe

C:\Windows\System\pmXYJeZ.exe

C:\Windows\System\pmXYJeZ.exe

C:\Windows\System\RDMDPLt.exe

C:\Windows\System\RDMDPLt.exe

C:\Windows\System\FuYDNBi.exe

C:\Windows\System\FuYDNBi.exe

C:\Windows\System\tmGeYxR.exe

C:\Windows\System\tmGeYxR.exe

C:\Windows\System\IIOqDGI.exe

C:\Windows\System\IIOqDGI.exe

C:\Windows\System\BegkoqT.exe

C:\Windows\System\BegkoqT.exe

C:\Windows\System\uuGNiIT.exe

C:\Windows\System\uuGNiIT.exe

C:\Windows\System\eCfAjpw.exe

C:\Windows\System\eCfAjpw.exe

C:\Windows\System\EZwtObi.exe

C:\Windows\System\EZwtObi.exe

C:\Windows\System\QRINnTb.exe

C:\Windows\System\QRINnTb.exe

C:\Windows\System\LizzJNC.exe

C:\Windows\System\LizzJNC.exe

C:\Windows\System\pWCDpss.exe

C:\Windows\System\pWCDpss.exe

C:\Windows\System\LFhOyTf.exe

C:\Windows\System\LFhOyTf.exe

C:\Windows\System\XiTIfCH.exe

C:\Windows\System\XiTIfCH.exe

C:\Windows\System\ZhxiqVw.exe

C:\Windows\System\ZhxiqVw.exe

C:\Windows\System\zoyVvTi.exe

C:\Windows\System\zoyVvTi.exe

C:\Windows\System\rAfIksC.exe

C:\Windows\System\rAfIksC.exe

C:\Windows\System\KRUuvfk.exe

C:\Windows\System\KRUuvfk.exe

C:\Windows\System\fxGqoAA.exe

C:\Windows\System\fxGqoAA.exe

C:\Windows\System\CcRmkWr.exe

C:\Windows\System\CcRmkWr.exe

C:\Windows\System\eZJXjXf.exe

C:\Windows\System\eZJXjXf.exe

C:\Windows\System\gjNRIHP.exe

C:\Windows\System\gjNRIHP.exe

C:\Windows\System\tutWTgf.exe

C:\Windows\System\tutWTgf.exe

C:\Windows\System\eeHytjP.exe

C:\Windows\System\eeHytjP.exe

C:\Windows\System\ixqmhnL.exe

C:\Windows\System\ixqmhnL.exe

C:\Windows\System\PARihGm.exe

C:\Windows\System\PARihGm.exe

C:\Windows\System\zlHuonw.exe

C:\Windows\System\zlHuonw.exe

C:\Windows\System\qEqhtHj.exe

C:\Windows\System\qEqhtHj.exe

C:\Windows\System\JNWGbja.exe

C:\Windows\System\JNWGbja.exe

C:\Windows\System\dakdTaS.exe

C:\Windows\System\dakdTaS.exe

C:\Windows\System\KFTSrGz.exe

C:\Windows\System\KFTSrGz.exe

C:\Windows\System\HqskGcg.exe

C:\Windows\System\HqskGcg.exe

C:\Windows\System\HoIVDdr.exe

C:\Windows\System\HoIVDdr.exe

C:\Windows\System\Zphljkt.exe

C:\Windows\System\Zphljkt.exe

C:\Windows\System\wuhFEsU.exe

C:\Windows\System\wuhFEsU.exe

C:\Windows\System\XPKQyqo.exe

C:\Windows\System\XPKQyqo.exe

C:\Windows\System\edRTVua.exe

C:\Windows\System\edRTVua.exe

C:\Windows\System\CHwtdvh.exe

C:\Windows\System\CHwtdvh.exe

C:\Windows\System\ALyStIn.exe

C:\Windows\System\ALyStIn.exe

C:\Windows\System\tPQfofT.exe

C:\Windows\System\tPQfofT.exe

C:\Windows\System\mtgXBfg.exe

C:\Windows\System\mtgXBfg.exe

C:\Windows\System\zQYAxkH.exe

C:\Windows\System\zQYAxkH.exe

C:\Windows\System\EnCOftM.exe

C:\Windows\System\EnCOftM.exe

C:\Windows\System\vivAuLn.exe

C:\Windows\System\vivAuLn.exe

C:\Windows\System\EsKbmJk.exe

C:\Windows\System\EsKbmJk.exe

C:\Windows\System\qnEGIFn.exe

C:\Windows\System\qnEGIFn.exe

C:\Windows\System\ZOmaVZo.exe

C:\Windows\System\ZOmaVZo.exe

C:\Windows\System\aMWkDOS.exe

C:\Windows\System\aMWkDOS.exe

C:\Windows\System\EMSFmOM.exe

C:\Windows\System\EMSFmOM.exe

C:\Windows\System\GLtjxxz.exe

C:\Windows\System\GLtjxxz.exe

C:\Windows\System\cRuqOrx.exe

C:\Windows\System\cRuqOrx.exe

C:\Windows\System\SqIYbbp.exe

C:\Windows\System\SqIYbbp.exe

C:\Windows\System\vyKUpAT.exe

C:\Windows\System\vyKUpAT.exe

C:\Windows\System\qpsLPkE.exe

C:\Windows\System\qpsLPkE.exe

C:\Windows\System\jTtLTZD.exe

C:\Windows\System\jTtLTZD.exe

C:\Windows\System\VGFRGUr.exe

C:\Windows\System\VGFRGUr.exe

C:\Windows\System\fhPpzfd.exe

C:\Windows\System\fhPpzfd.exe

C:\Windows\System\xQGuwRw.exe

C:\Windows\System\xQGuwRw.exe

C:\Windows\System\cKcXIRD.exe

C:\Windows\System\cKcXIRD.exe

C:\Windows\System\IlDCYwn.exe

C:\Windows\System\IlDCYwn.exe

C:\Windows\System\jscTZhl.exe

C:\Windows\System\jscTZhl.exe

C:\Windows\System\zfiBTwC.exe

C:\Windows\System\zfiBTwC.exe

C:\Windows\System\TcIfDAT.exe

C:\Windows\System\TcIfDAT.exe

C:\Windows\System\mjOhkFa.exe

C:\Windows\System\mjOhkFa.exe

C:\Windows\System\qZnYIvN.exe

C:\Windows\System\qZnYIvN.exe

C:\Windows\System\piChNxL.exe

C:\Windows\System\piChNxL.exe

C:\Windows\System\XrpsGgA.exe

C:\Windows\System\XrpsGgA.exe

C:\Windows\System\gDJmRFx.exe

C:\Windows\System\gDJmRFx.exe

C:\Windows\System\cWcTiSz.exe

C:\Windows\System\cWcTiSz.exe

C:\Windows\System\MkaspTn.exe

C:\Windows\System\MkaspTn.exe

C:\Windows\System\USYrIGb.exe

C:\Windows\System\USYrIGb.exe

C:\Windows\System\BmtsjnF.exe

C:\Windows\System\BmtsjnF.exe

C:\Windows\System\JNJHebM.exe

C:\Windows\System\JNJHebM.exe

C:\Windows\System\wAfkvoH.exe

C:\Windows\System\wAfkvoH.exe

C:\Windows\System\XyuuBFt.exe

C:\Windows\System\XyuuBFt.exe

C:\Windows\System\HVjDcis.exe

C:\Windows\System\HVjDcis.exe

C:\Windows\System\JuvHYSO.exe

C:\Windows\System\JuvHYSO.exe

C:\Windows\System\ySRyHWG.exe

C:\Windows\System\ySRyHWG.exe

C:\Windows\System\DxxDZDF.exe

C:\Windows\System\DxxDZDF.exe

C:\Windows\System\ZrfYjsC.exe

C:\Windows\System\ZrfYjsC.exe

C:\Windows\System\txpeitR.exe

C:\Windows\System\txpeitR.exe

C:\Windows\System\zyMVmvf.exe

C:\Windows\System\zyMVmvf.exe

C:\Windows\System\GZHowVB.exe

C:\Windows\System\GZHowVB.exe

C:\Windows\System\PsgBcxZ.exe

C:\Windows\System\PsgBcxZ.exe

C:\Windows\System\eyuGYLc.exe

C:\Windows\System\eyuGYLc.exe

C:\Windows\System\rHoisDi.exe

C:\Windows\System\rHoisDi.exe

C:\Windows\System\BLmJJcs.exe

C:\Windows\System\BLmJJcs.exe

C:\Windows\System\ehRfAwM.exe

C:\Windows\System\ehRfAwM.exe

C:\Windows\System\uCOcbJE.exe

C:\Windows\System\uCOcbJE.exe

C:\Windows\System\nsmBRFB.exe

C:\Windows\System\nsmBRFB.exe

C:\Windows\System\cQIkRsb.exe

C:\Windows\System\cQIkRsb.exe

C:\Windows\System\gwCIuqT.exe

C:\Windows\System\gwCIuqT.exe

C:\Windows\System\FImUOtJ.exe

C:\Windows\System\FImUOtJ.exe

C:\Windows\System\kUqAJsX.exe

C:\Windows\System\kUqAJsX.exe

C:\Windows\System\TwDYzHa.exe

C:\Windows\System\TwDYzHa.exe

C:\Windows\System\ThTxaet.exe

C:\Windows\System\ThTxaet.exe

C:\Windows\System\PpImmiv.exe

C:\Windows\System\PpImmiv.exe

C:\Windows\System\rCxrVJj.exe

C:\Windows\System\rCxrVJj.exe

C:\Windows\System\BKtPeye.exe

C:\Windows\System\BKtPeye.exe

C:\Windows\System\GZCClyC.exe

C:\Windows\System\GZCClyC.exe

C:\Windows\System\ircGRXz.exe

C:\Windows\System\ircGRXz.exe

C:\Windows\System\XwOxiAh.exe

C:\Windows\System\XwOxiAh.exe

C:\Windows\System\FBwJqgz.exe

C:\Windows\System\FBwJqgz.exe

C:\Windows\System\Xiloohy.exe

C:\Windows\System\Xiloohy.exe

C:\Windows\System\AmaETtw.exe

C:\Windows\System\AmaETtw.exe

C:\Windows\System\CeYJeTc.exe

C:\Windows\System\CeYJeTc.exe

C:\Windows\System\FzODGkq.exe

C:\Windows\System\FzODGkq.exe

C:\Windows\System\vvqUHgQ.exe

C:\Windows\System\vvqUHgQ.exe

C:\Windows\System\YLCcrnq.exe

C:\Windows\System\YLCcrnq.exe

C:\Windows\System\KcATNLt.exe

C:\Windows\System\KcATNLt.exe

C:\Windows\System\zBTtBgr.exe

C:\Windows\System\zBTtBgr.exe

C:\Windows\System\hApapZt.exe

C:\Windows\System\hApapZt.exe

C:\Windows\System\xEHMweY.exe

C:\Windows\System\xEHMweY.exe

C:\Windows\System\tCPqbAe.exe

C:\Windows\System\tCPqbAe.exe

C:\Windows\System\dkOSfYG.exe

C:\Windows\System\dkOSfYG.exe

C:\Windows\System\wuPVTLw.exe

C:\Windows\System\wuPVTLw.exe

C:\Windows\System\GvMZzku.exe

C:\Windows\System\GvMZzku.exe

C:\Windows\System\YofWnwn.exe

C:\Windows\System\YofWnwn.exe

C:\Windows\System\KCxuNXE.exe

C:\Windows\System\KCxuNXE.exe

C:\Windows\System\szXQJZh.exe

C:\Windows\System\szXQJZh.exe

C:\Windows\System\sMZCTbc.exe

C:\Windows\System\sMZCTbc.exe

C:\Windows\System\qzXjphl.exe

C:\Windows\System\qzXjphl.exe

C:\Windows\System\vyCoSzl.exe

C:\Windows\System\vyCoSzl.exe

C:\Windows\System\MXPGoZK.exe

C:\Windows\System\MXPGoZK.exe

C:\Windows\System\xomFfKI.exe

C:\Windows\System\xomFfKI.exe

C:\Windows\System\buGOXkK.exe

C:\Windows\System\buGOXkK.exe

C:\Windows\System\AfdMNXg.exe

C:\Windows\System\AfdMNXg.exe

C:\Windows\System\SHThGvl.exe

C:\Windows\System\SHThGvl.exe

C:\Windows\System\WZPnndh.exe

C:\Windows\System\WZPnndh.exe

C:\Windows\System\UhEnqcM.exe

C:\Windows\System\UhEnqcM.exe

C:\Windows\System\PuRXDiH.exe

C:\Windows\System\PuRXDiH.exe

C:\Windows\System\CcNgeOI.exe

C:\Windows\System\CcNgeOI.exe

C:\Windows\System\cQfYsUN.exe

C:\Windows\System\cQfYsUN.exe

C:\Windows\System\wsjCzEf.exe

C:\Windows\System\wsjCzEf.exe

C:\Windows\System\jMMecln.exe

C:\Windows\System\jMMecln.exe

C:\Windows\System\asGuvUM.exe

C:\Windows\System\asGuvUM.exe

C:\Windows\System\AWYzCms.exe

C:\Windows\System\AWYzCms.exe

C:\Windows\System\LqILizO.exe

C:\Windows\System\LqILizO.exe

C:\Windows\System\MzgzupW.exe

C:\Windows\System\MzgzupW.exe

C:\Windows\System\FlcwEaE.exe

C:\Windows\System\FlcwEaE.exe

C:\Windows\System\HWasBfs.exe

C:\Windows\System\HWasBfs.exe

C:\Windows\System\bEXeaKe.exe

C:\Windows\System\bEXeaKe.exe

C:\Windows\System\dILUhHK.exe

C:\Windows\System\dILUhHK.exe

C:\Windows\System\dIDdHln.exe

C:\Windows\System\dIDdHln.exe

C:\Windows\System\dIdfEVl.exe

C:\Windows\System\dIdfEVl.exe

C:\Windows\System\tbgQflo.exe

C:\Windows\System\tbgQflo.exe

C:\Windows\System\GisSJSj.exe

C:\Windows\System\GisSJSj.exe

C:\Windows\System\tIPEtOm.exe

C:\Windows\System\tIPEtOm.exe

C:\Windows\System\lXsdzwV.exe

C:\Windows\System\lXsdzwV.exe

C:\Windows\System\khSuEvq.exe

C:\Windows\System\khSuEvq.exe

C:\Windows\System\mMsFKdZ.exe

C:\Windows\System\mMsFKdZ.exe

C:\Windows\System\XtXbTNG.exe

C:\Windows\System\XtXbTNG.exe

C:\Windows\System\VBmhFRR.exe

C:\Windows\System\VBmhFRR.exe

C:\Windows\System\UdPDYeK.exe

C:\Windows\System\UdPDYeK.exe

C:\Windows\System\icKidOc.exe

C:\Windows\System\icKidOc.exe

C:\Windows\System\AVCIxid.exe

C:\Windows\System\AVCIxid.exe

C:\Windows\System\PpiaXfz.exe

C:\Windows\System\PpiaXfz.exe

C:\Windows\System\ApYSzPz.exe

C:\Windows\System\ApYSzPz.exe

C:\Windows\System\UqnXqQD.exe

C:\Windows\System\UqnXqQD.exe

C:\Windows\System\ZVBAXZS.exe

C:\Windows\System\ZVBAXZS.exe

C:\Windows\System\CWvakod.exe

C:\Windows\System\CWvakod.exe

C:\Windows\System\QJbKqyY.exe

C:\Windows\System\QJbKqyY.exe

C:\Windows\System\JBnWHMD.exe

C:\Windows\System\JBnWHMD.exe

C:\Windows\System\FgSwjUh.exe

C:\Windows\System\FgSwjUh.exe

C:\Windows\System\eeLLuZH.exe

C:\Windows\System\eeLLuZH.exe

C:\Windows\System\xMzSjTE.exe

C:\Windows\System\xMzSjTE.exe

C:\Windows\System\IkcPEQv.exe

C:\Windows\System\IkcPEQv.exe

C:\Windows\System\hhSLofY.exe

C:\Windows\System\hhSLofY.exe

C:\Windows\System\ZjxRMtn.exe

C:\Windows\System\ZjxRMtn.exe

C:\Windows\System\AIdzXNw.exe

C:\Windows\System\AIdzXNw.exe

C:\Windows\System\vmGBLGV.exe

C:\Windows\System\vmGBLGV.exe

C:\Windows\System\nfTjBdQ.exe

C:\Windows\System\nfTjBdQ.exe

C:\Windows\System\JonneoN.exe

C:\Windows\System\JonneoN.exe

C:\Windows\System\vxOQjYa.exe

C:\Windows\System\vxOQjYa.exe

C:\Windows\System\NidqCIH.exe

C:\Windows\System\NidqCIH.exe

C:\Windows\System\qxqCcnk.exe

C:\Windows\System\qxqCcnk.exe

C:\Windows\System\JIGYEmN.exe

C:\Windows\System\JIGYEmN.exe

C:\Windows\System\TTWRjGn.exe

C:\Windows\System\TTWRjGn.exe

C:\Windows\System\cMLKxdg.exe

C:\Windows\System\cMLKxdg.exe

C:\Windows\System\RGvhdvb.exe

C:\Windows\System\RGvhdvb.exe

C:\Windows\System\htWhYhb.exe

C:\Windows\System\htWhYhb.exe

C:\Windows\System\hlgZjEj.exe

C:\Windows\System\hlgZjEj.exe

C:\Windows\System\LhvestR.exe

C:\Windows\System\LhvestR.exe

C:\Windows\System\lfNuWpy.exe

C:\Windows\System\lfNuWpy.exe

C:\Windows\System\ZwCHLyU.exe

C:\Windows\System\ZwCHLyU.exe

C:\Windows\System\habSCcc.exe

C:\Windows\System\habSCcc.exe

C:\Windows\System\DQKjaUX.exe

C:\Windows\System\DQKjaUX.exe

C:\Windows\System\wVgrXFT.exe

C:\Windows\System\wVgrXFT.exe

C:\Windows\System\vsDOrDT.exe

C:\Windows\System\vsDOrDT.exe

C:\Windows\System\pDSSbyQ.exe

C:\Windows\System\pDSSbyQ.exe

C:\Windows\System\STgdRJs.exe

C:\Windows\System\STgdRJs.exe

C:\Windows\System\ozOGgNW.exe

C:\Windows\System\ozOGgNW.exe

C:\Windows\System\jLnNbNV.exe

C:\Windows\System\jLnNbNV.exe

C:\Windows\System\DMBfzJa.exe

C:\Windows\System\DMBfzJa.exe

C:\Windows\System\qrOorlh.exe

C:\Windows\System\qrOorlh.exe

C:\Windows\System\BpPSSur.exe

C:\Windows\System\BpPSSur.exe

C:\Windows\System\XcwYVAa.exe

C:\Windows\System\XcwYVAa.exe

C:\Windows\System\IvclcvU.exe

C:\Windows\System\IvclcvU.exe

C:\Windows\System\QVXkZmb.exe

C:\Windows\System\QVXkZmb.exe

C:\Windows\System\ecDeAMU.exe

C:\Windows\System\ecDeAMU.exe

C:\Windows\System\LUcGOhp.exe

C:\Windows\System\LUcGOhp.exe

C:\Windows\System\NWoUvOs.exe

C:\Windows\System\NWoUvOs.exe

C:\Windows\System\hWsUzTx.exe

C:\Windows\System\hWsUzTx.exe

C:\Windows\System\dmemaji.exe

C:\Windows\System\dmemaji.exe

C:\Windows\System\oCnxawI.exe

C:\Windows\System\oCnxawI.exe

C:\Windows\System\FoWeLBJ.exe

C:\Windows\System\FoWeLBJ.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 145.136.73.23.in-addr.arpa udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp

Files

memory/2664-0-0x00007FF71CFC0000-0x00007FF71D3B2000-memory.dmp

memory/2664-1-0x000001C410930000-0x000001C410940000-memory.dmp

C:\Windows\System\zwPytMx.exe

MD5 460b0036699bb330c2fa6abfbada2fc9
SHA1 69af97818f75d3001348a01a8ba0bb7dd4c7a001
SHA256 29e2ef530c766949a40d740d77d56d660edfc33f76ef0cedc4dc256eda2f2cb9
SHA512 7ff4d8fc28314b07736d361607c2745ab883f3e040e56b2fe6b33a853ebfc5e980de9a6f6601c3735856b3cc31ba29789edefe6becab5424bb0236ee03f30142

C:\Windows\System\sMsnqkd.exe

MD5 ab5446f74e899cfae1fcdb9dd7b5b6ce
SHA1 198585344fd9e0ea045b54935d523b816f6ff8de
SHA256 899a3b0f00f3b400fa6282f13b9b5e9448ad79726802f1154e53a57e4b10f290
SHA512 6cc9e2c5ec48df353f5d8a8266ebc91a3ed47f34483e9f269db91e649c4127b293ca97970bd5d0c84862148c8bc126853db3f653447029d1d7bd35ee671bdb29

memory/400-12-0x00007FF765FA0000-0x00007FF766392000-memory.dmp

memory/2224-13-0x00007FFDE63E3000-0x00007FFDE63E5000-memory.dmp

C:\Windows\System\mfJUXib.exe

MD5 45f3e1269ae995b9c804c302cbd92628
SHA1 44760edd0f32ed6a65492fe09ab68c3e7c159d5c
SHA256 98761cd7d3e6518083ee3cb99c816efd3a9951dfb21b0da84e935a1987b29f97
SHA512 5c0064428db9c5f935f379d0be6d32811a0264b6b3a3d8b768a82de92d64e2590e4a1e701e972cf27a400a38e32c56a42deccca9d0861d690cb24e716248c769

C:\Windows\System\DsaROsv.exe

MD5 80039254f3a01f568863ff9a8b7dab6a
SHA1 7b319bbffc67f8546a40565d092ada1c2fa38a7f
SHA256 9469bb45b96e7f677a4b6365f3700e9464b58e026634a3c749e44821015dce92
SHA512 1c73909e86969ad5c3e1f4db10db34f63b2c70e62c8aebad77fef6330215519984883dee2ce0e4da55ed9041029d671db178b5412bfb96fe670517fe30bae620

memory/2224-30-0x00007FFDE63E0000-0x00007FFDE6EA1000-memory.dmp

C:\Windows\System\pnTlamq.exe

MD5 10aa26f9e559a84030857d91bdd6f0b8
SHA1 8f72f3a867167d42ed1755a1bd83e2a0acb2dffb
SHA256 26c3cba62ab7620eb0e87b769f5c800e56a9204392d7215087b1cf74b606527f
SHA512 5d50dd8e21d401ae016b407f4bc5b7c8bb50ea794decd0ca003a3ee954ebced361cd7c16efb979de3faa9b817d405a28c35901b943cf2ff4910cb1bacde75a67

C:\Windows\System\NPZVPCX.exe

MD5 4eaaa45c89cfe3b8af608c8ffbfff299
SHA1 f110db737df48cdb90f8c6045d72e5dd8f937ce1
SHA256 d02276396e1a26a9f671b4a5adb9bd9f18df92a4c83ae155d694993d5621fc89
SHA512 0c41338ea6d9199064402c41bba6d3c1f4b3c61fbaf7b7e66226fb668a2a0d6468495656ed736e9f5d36d6707364c7598257faaab69e3efa5a97c9127e10b3fc

C:\Windows\System\txhnnlH.exe

MD5 637a23ac3caf8b2b81ccfee12ff17cbe
SHA1 72b6c3064daa96539b72646b318c59653156cd63
SHA256 b2358c63a9b256b6b92d9dfa8db293a1b57c7f1c9dc1e8ed219f1397b87f10da
SHA512 6c39729cb6ee3e3cd92ac7cf43148884ca896e6dba248762444b519ab1e64d01ccf840e61f1df3397678b6d490b99a0a0f1b43e41b505eccf465cf9695bf9abd

C:\Windows\System\kCdUxmm.exe

MD5 a12e970f4484a8ef41094b8bad8b961b
SHA1 da92f5be2824f0b804eaae669aee5dcf0949c00f
SHA256 9fcb92e810aa2d80ea093a5c77977768d581bfce234c8014f950868a15f0a432
SHA512 23ac7f4dabc2d9b04373361c4c853d922b30f78e0490f0f88fc347d3244765ffa919d3ece89cbc06ee53c85ff018415210a3a4a39d6b89100d171054e06d13d7

C:\Windows\System\CULAjtH.exe

MD5 972a7316b51facfb592101bb22edc579
SHA1 67bfb7023d3f814ac3d0dd9c848112b97eca7bf3
SHA256 295c2ae1aaeb2ec31a907bde9850ca279c369022a90dac5d9f5a926e0d6a806d
SHA512 86a588bc746287fedeb6713ffb9026c49bf6aa56b1c0811ea1a6a95d64e961947528b9eb7f7693c16ff429f6d231448994626cc8595131ad66a75f80971e9e0b

C:\Windows\System\PVwmuGQ.exe

MD5 1e8382e63d24d6f188004cc1233545c5
SHA1 704f5d36efa2737ea4e82f4691e432cebbdc82ef
SHA256 251ab1cde26c2b97e057e5164fc1f337332f807837b5b5e2ff0bb5b157b37f11
SHA512 fb84ddfd3955c42a6f6e4a52200c501e7b23173740dd45dfce56245548afe21c5ad1aa13331c83fd564a1f7875802fb82bfefd08b03e7a9ea6388a7d83d8df61

C:\Windows\System\NRfkBdC.exe

MD5 2fbf4b7deeccaf13f7c323d6acb8a50a
SHA1 01be22404aaaa9b2e0ed8a202cd64ccef7aba4c6
SHA256 33783174b2281c955540211b9a8075775b03c4a2ca37cd3a8ded824f174289f6
SHA512 051f8b3feb8c281af6fbf8017aec37a2c63473d047becd09522b9ed2d5f12c919ba34a84f9f998fba2d98c181d80da74527532378d75637a3277ff4147469dbf

memory/4792-117-0x00007FF77AC90000-0x00007FF77B082000-memory.dmp

C:\Windows\System\aFhjTMH.exe

MD5 3d045cea38192c03b1f39d38cf97190d
SHA1 a5760860ad01af034e462b84042ed528942104e6
SHA256 c9fc42e5e98cf8d2751bae22d58ddb178acb18dcff38346b52514182be00e4f5
SHA512 140aad276ceff80f260875c6ce88654516bd9b5a5d8a457ba075e98c420017e0087c97ecc8f6c3df275a95642d1e10109a7c8ead115d1ebca31fbc3bc9bf3f1a

C:\Windows\System\EIDPLKy.exe

MD5 74481016e9d986adf04e7686f87cfd32
SHA1 2105a9e0da288768f78a1e32754131e46344f9c8
SHA256 c3f4fb6535ac68fe8cbab1a338b1c458ca7c92b0212979153dd698b16cf20dd1
SHA512 08fab0791b7ecc3db2965d8e6e70925aafc025a166e6b5affb069f364ec6daa6fedb5e70ffeac626f1feae72c2b0b8aa1d8fba2dd66bbbcc30a474607c1ed1de

C:\Windows\System\bUnfsYh.exe

MD5 d5047e0f6c431ee06fff47157733e1fd
SHA1 2923505ca87dd7e8a3be8730a89876bda879e9c0
SHA256 9f9cd4e813ae35053f232834cf40d0d1ce2a9125e3fd12f329068c79a0ac450a
SHA512 e368fd0101825d04548ed7129c50b78f92f3fa322008d6c822594b42e9deedcde6cb52d91589ef90fc16984842f6a3f7f4a322fe0ccce704b0db804ea9c0b646

C:\Windows\System\RTmoURs.exe

MD5 8d64543625e40894ce4e7204ebd6d898
SHA1 ee6be6b4cda03b6093153beea8f5739e72dd48bb
SHA256 289f9fbaf5eb9a7300bc2b795f60f20f44b0a335f7cafd8bbc036c5352c821b1
SHA512 b7d498579cbef9cb85d830c2cf84a6025dddaab54fcea9a50c0e39d27a6e23596605f1fc4b2e4d50e9be44b00aa42cb9fd5eeed945134f9291243e86c5909631

C:\Windows\System\GUynXLh.exe

MD5 5dd80ad9a1f238805ddb5e4056532493
SHA1 a25b07c7d95a9b24ed5ee0756c9bb23a956c3d80
SHA256 8d74f26329b85007e6e2da961f517ee4c59b59f8bb2e022c8442fae35a12955f
SHA512 7ba7cecb45e514008f54d564a556bd7024b5bcf1dd31e4550682af216c8d908d0968b41e2c5bb5ff7da6c09ef6a22a00ce6c6f7dcd88b4d41cf53520ad70cf06

C:\Windows\System\ySLTKOf.exe

MD5 5620804149abdad718a9aa852eeae094
SHA1 7b770333d128e9ecabdc51dbc7dcb20b0e9302d0
SHA256 8e3932fd53e61467a863c56292b1fdb7f411a88ade6278ed56713827ea9d0246
SHA512 a0d3f68b55e51ab3745ebc0203a040ceac3009bbfb6b40e38920252bd241855d8e4761b9bde66ef1cf47563361fd9500fa5ca8f2f94b621eda4de444f0195f90

C:\Windows\System\oXFdPQV.exe

MD5 cc028836a312fcb654a13f01e3620281
SHA1 5127cb21fc6bc95d77db64049330e7cac26a0e08
SHA256 e30179c23fa23027bab1c9a73fee3544ac3b4ce0f43acfdcdb8c11e84fc1008e
SHA512 e0e898bb7677d8f4211c880a754b06bc8ca17706bdad1117daf5b36687b0c0e343f807e55798e2bd047795cd2ca46bdf2652177ebb14fbbac32e79a470bb0ba0

C:\Windows\System\BOJNpuy.exe

MD5 b3a7ce2fe2fd1fef10885f70bcb29c47
SHA1 ac2e6811db4b5ef796071c60081e4e195878e90c
SHA256 7eefe1864373c844531335c123fa9a13f4546ff3812ae49a322ea7f7924aaabc
SHA512 3242430be0eb4da84fb96e0366ba73458fc16fc24048f8823e4d2b1de3d8a03cabbe095e5e33a43dfe3f9aebafc3c5b9d1c1a3c0f844c4d3685e29a1fad93200

C:\Windows\System\zANDZtA.exe

MD5 f57bf126ae1a887767a4eef99bc48e5e
SHA1 b3def91b3f7866903c684cd5458f9f103deab9ea
SHA256 2ea1a13596d218be8f3f5df88b7f9ce1e7d7f44b5bcef18d363e0a5fa6c2fdbb
SHA512 7ac0d0e80e2a948f0e7e629f1a153fb37a2fe32f774b078f49127173c97d371b10fad207f20a0599a14cd1f42f5b21371af3b4110737f3610eefea31caf321ee

C:\Windows\System\kBdZaou.exe

MD5 811e9ce647094dee87571e6bbdefe398
SHA1 48c766b03f3c7bb15aea1f30d1b11bb4baac68dc
SHA256 4ce64e8ec4a4e2452859468e750f3d0b59731c470143695265b29c0e6b40a0a2
SHA512 a997d28cca6446ec230d0445a5e36e1c2407fbde26feb9b115902939533a03b9cd0e70ee93c0e42e34f82e4c7e53dd5ef735a9d7299b5349c1f2c4c5ca567b9e

C:\Windows\System\kORSqXZ.exe

MD5 c8eab97bd2313639d9091a4eafd26ed1
SHA1 f1be58221dc3cf18ab3f7b10057d21a7d1bb988a
SHA256 340eb466643214b535ba82b7e69951c6fbdfd32e37fcc8d8d6042c557b268421
SHA512 05a21f4195c0cdd3be49c800a6bef937ab04933e60932d4ca78f4a898c82f0a4a8394189f71bcbe221acf8b2ab71a62e31108a8a8c8749929cfc68c27dd47a26

C:\Windows\System\oGLLyrY.exe

MD5 7a238c0f8d9923dd260dbc515d7d6627
SHA1 2b61f911ab2cb8feafe183bf72c80de2eead7501
SHA256 496c75ec8a7ab063925fcd9e890c19a9a34029c4b4ee97998956012a1e40d62d
SHA512 ab7709dec0692d630a0641c664ffc7a7f708045de90db4a50f13d9ac06322673d8583a3bb7f8aca89dca397fa4ea067c3d42070c9ee7f6b95642eaeb37c3cfcb

C:\Windows\System\UqwqJUx.exe

MD5 df2242e21748393564e0e2aed92d5219
SHA1 da1577192889d2cc4a7bc0eddaf057af90f0e546
SHA256 378945a6ac9bf4e70251e965e088f328cd8405d8df120c1459217d1c883a6331
SHA512 9a59b2a3eab247543ac54572ed244478fd473e5172e8fc235ff160f9780a742d48942c0c23837a3393a0be6d10cba5101e8b675cdd1990daf1476224e094e7cb

C:\Windows\System\TLktbou.exe

MD5 b93cd36312232e26a288c7d4c9d2c40b
SHA1 47064ff299b50fefe16a0689c7adc3120fab8931
SHA256 bcac436f3fd5c23e23d14a7e26be219e1c27032e5f4a8f5ea75180ebf38c182e
SHA512 dea814037bd865c1939fb5f06f15928e989a81e1fc4fd487923bd9b556327f68c47b410a7c0bd416f317526ade4f0f88663b14f10573253cacf38e7ec7631013

C:\Windows\System\ktJhHXw.exe

MD5 ce1c5f91249f3472e2b50a71a7468de5
SHA1 24dcb34c2c8214dc487dc4069825c3bbf6f9f874
SHA256 c8ff47bbc4e6c2253b2fae2575c4435100048f4ceee16e4defa954c60a976e81
SHA512 5fbab49c44dbf90f7c43611065318cd556d0d1cda358363ffe940d7bb80b791a50938eaa7a43756003ad4dafe9dd615c5b4ebe09f91bf86ccbe05c175e86ce19

C:\Windows\System\otmmPuI.exe

MD5 555342e3773d001fc84c6272861fb7fe
SHA1 ba9c2e5957206501ad61e591b1f68ac0a19c0675
SHA256 be08f70c3b70faea28b2c362e4f49c4a0a68707f242ba3aa20c53beefdcb0afd
SHA512 cac84debc79ba4a8dce3302dd0409c97c527d41582b2a4b66b59a541e603ceca785ead3a345e0718920e062668b29440960350a7220b26d756626df731ce489c

C:\Windows\System\RBcIJjM.exe

MD5 41ff427a45fc447bfdeb1a11a8555b90
SHA1 a82a5bf43d8f56777213be723e79998553115333
SHA256 75e49d4c8fcea17bfc187a24555bfcd56e9ebc265bdb825bb4d6ad5eb99bd756
SHA512 53201661c175fa297adf7eda85cd37f7d120af7bb3a89bf2b506756c9fe7dea312be03e940245bb2f3a7fa6d37403ca6f65bffac8b6479664481689efa54c6fd

C:\Windows\System\yBDpaQZ.exe

MD5 4c50bc7c90b403dc4799174a6336ab04
SHA1 a9c8b7bb03fda9746f712e4ecca9fb15ab4fdb81
SHA256 4942297c8b14dfd7fdff4e2e81c717b91c90e93e5d01ea8f9acec9c3efad7fea
SHA512 ae42b44ed67a79a32f13956c232631413721dfe1b0055c0cc2807c430fdf9468db47a4d08b55cf43b8a69b28a054b1fd0cb9de51d8d314ed457a1ff839912805

C:\Windows\System\PCdIsNG.exe

MD5 8d4bb600b4648f9e9b5886f3d639bcc8
SHA1 f79c65dffcc6b751bf6b095c0d63e824259ed7bd
SHA256 c1397def1bb30e60b4ba09349d7f31295c3105a4c19720eb0ff35306d8fc65d1
SHA512 694f81a883b4528157cf873addaf11845beb414a85cf3494896c81468dff9e2386ff220dcdb1f73f35bc1265cdc0404e7cb8287fe796ca24a9c539f569f8158a

C:\Windows\System\yknidFA.exe

MD5 ae39d8963dea64ac9e05d5955a91577d
SHA1 970753af96b1a31f2dab65f5536e2592a8902800
SHA256 152baa0ec1a0e4a07815e20839e6c8a8e76e414e9555053b8f6e7bd4039384d4
SHA512 531bef8b7a9ee9762a711490e905a60f2294a55f0d51719ffb2e13be1250d56c67989c59eb3565a72f29037e2ab421fd9d808c87eff2319906713fcdc8f19883

C:\Windows\System\VrhZxfz.exe

MD5 9fe05285317432f3ff029276379d6151
SHA1 beab5c41644b4280431133f09c197eb9a6196313
SHA256 5215590838b72a9146f788e5e3327487b7c070b0a96aefe315d68f9c800941dd
SHA512 2eee8b17394433fbd2f6822ac621f1ba47df68b028ef66be7b4eb2d22125134902b4ea4701dd3ec82d8bf992eb29f20d88c2a51cb5e353faf580e290665711b2

C:\Windows\System\FzsLNuY.exe

MD5 babc3b1e4acd2e168b53ddb707d934ab
SHA1 da412cc85ed5c17a658c5d921d037d860d6810fe
SHA256 3de89e81fbae26be172d67955a61c9921c2f3ec16381c28347731520228713a1
SHA512 8268571d9af897e0ca4a7cbfbd612696699fb71cb322f50597ee22504aa36bc4fadc398e0d64d2287d4c14c441ab654bd3df18687d1c889081b8050e44b63c2e

C:\Windows\System\vdmGMkS.exe

MD5 d78c356f9ac0393c67b62e2462e8be32
SHA1 0839dadb9576d281345c3d6f50f4be76037b5aee
SHA256 a7dabca576d7be6a49db96404fb097cb4eae3bf9d182e61c29fb011fa62d2216
SHA512 21453baf4cda99dace451cd3379995f03684c1346b18a1518e7d60a77ee17da8c554beeabe74a6c2170734b9c5150a444d4ee06346e2b217a819be8e466d09df

C:\Windows\System\wBPyxsq.exe

MD5 3b3db5f375ca4e7cf45323d9b179f7d1
SHA1 6053117162416028021e697cd1abbf706bdf3087
SHA256 2997190cda8a112fcf8664f2794b10410d4e67a10e7185680d43e37dc37fef38
SHA512 19a95267815e9e643f4fe12b7fdb24278246c6f77e1d1b15b306479ad0c82db91c43414fa2afe2a3ec41f78022d771917ef854810069ae2a9d2c37f4d0edf1ca

C:\Windows\System\uZayUNy.exe

MD5 06b9ef7debcfe0e157a98221ce164568
SHA1 8f8ec0fdbed76c014884e09b50db9902037a53df
SHA256 e12d0eec39029f9f99b608c3f2eca6153560cc997230a19bce4eafaea719b9d8
SHA512 83bce6d2adda7945970d243e4b7e57520a824966cca6e5efa38b5a7e6861be6a89f1fed890e80f5986b3815e4f933c93ba1a5dadd5ac5ad48a98672f1ef485ed

C:\Windows\System\NISHdnA.exe

MD5 0f1eb0fe8cda0805e12e5ee46a6f7398
SHA1 963eea0202a34c09afc64ad8c17c599073ed23e3
SHA256 8e63e04b81c0df2fa77b71e97fff8cd898cb841047b402e2c7886450f21bf757
SHA512 d8d5ebc099f96adbcd1b1d31cecf32c79e47c9fb3962393d55331350a5c845a78a4611dad699d92fb9c265d4a368d0756b99e393d83e151643536b3fcf1f77b3

memory/1712-149-0x00007FF78BCE0000-0x00007FF78C0D2000-memory.dmp

C:\Windows\System\DXGSLgb.exe

MD5 165ab11aa6a9dc70371488f498c9587a
SHA1 8da56e48336cd9873d6246a1c4a1d65924822e88
SHA256 e797768530cc382f59e35fd65961743fad4973c10f6121c3d90e67d279590928
SHA512 abf2477f9ce94815dbeab9249fce42044929e0622ce9b8e38633cacf51b32fad5d94758d2f555d025b8fb351cb1cdba5994654c705733bc6cc53f5c1d436172e

memory/4616-145-0x00007FF639A20000-0x00007FF639E12000-memory.dmp

memory/4772-141-0x00007FF6196E0000-0x00007FF619AD2000-memory.dmp

C:\Windows\System\fMHwvMY.exe

MD5 1e45abd5c80e51de5b2c90a8c3a11c0f
SHA1 2c2b0e6b8fe2626c252ad8a970dae8939e4f727e
SHA256 5efeb77d89bca1cf3852cffcdcf2017175a5122a4416e0bc32829b47567870d6
SHA512 8650b809968ec7e200c393c0fab537f8e792b79295ce2794256974332a5254bf898d921bf306b194fc63ee072b84b4c1d453384a338915a1e8091eefcc8cf808

memory/4036-137-0x00007FF65B6E0000-0x00007FF65BAD2000-memory.dmp

C:\Windows\System\sDcIKlh.exe

MD5 0b59a09638d0f907aafc50844f11d04f
SHA1 44cc44acf6aca04402b9e16fc35643ec81b37494
SHA256 42c3ddf278334651118760c4892d554b0c92833d94e323e30e4e903d30b6cad3
SHA512 25cb619d9bfd3a495a5ba2a7084dc4c5b1d6cb224a3c45a043fc52c77b9d7185f0a4911179ed69d64cbf1ff7efd9a1f8765ba77222b1401160dedd5c1eaced15

memory/440-133-0x00007FF77A2C0000-0x00007FF77A6B2000-memory.dmp

C:\Windows\System\FXIksyD.exe

MD5 cc429f255be7d19e6361ab5b547d8a27
SHA1 677ace9bd2cb335336774d6fdfef4379018b3ad3
SHA256 8cc2b422161e8a9a9581b6e136b21943243fc7e94d7bef91e7f43de0e866b6f7
SHA512 a957b94fe96704d79acf39b8cd38497afe04812e3a85bb9b0735d05f6522e8eb6b57afb227073baefbac4520f9656bec4ec3ca0dee9878023f890981a39db46d

memory/2760-129-0x00007FF6D8990000-0x00007FF6D8D82000-memory.dmp

C:\Windows\System\hiHNZuG.exe

MD5 92cb7a7e692ba4d0a4f5db7428fb87cc
SHA1 2f2bbc7e840146e63a92b3f2dcfb18839ad7cadf
SHA256 b1599e43b18d93563bd273429ef02c2fcba447997ebfd4495acfa6e6d4b64134
SHA512 7e08723d67b070c54993489dbf7af2bf8956a4c5cb46241da2f5fe7e76335d1636abeccd19ebfa365581d30fb8585ee34a7d4b1473203aaccb4ccc74873dcfc6

memory/1556-125-0x00007FF7BD2A0000-0x00007FF7BD692000-memory.dmp

C:\Windows\System\pzAXMyU.exe

MD5 4f3161dbc7e4d03677ac0f559d40c1e2
SHA1 febee0f6843bd5b5cc6f58ce8ac7b15bc892d8f0
SHA256 25e841299556c3f054643831638d27654a27c515ecfb872127e2d4cef56535a3
SHA512 67c0bf50bdeb9939560e62a280c221f4bd46c487636e59cc61e7f398448421c6c028d22fd4792a55134efce5c38c8ac7f49a277c176fe7cda4e0a566a33c3c67

memory/1592-121-0x00007FF7D3E50000-0x00007FF7D4242000-memory.dmp

C:\Windows\System\dAkxggo.exe

MD5 860da5246113429e3c9ca8b9f9ff534b
SHA1 dd70838c83fdc287c192197777ad5ca31491b721
SHA256 8055d157181ae247718aab4f56b545e518d81557349c5492818a489556b38be5
SHA512 141dd66cfb6efff3ee858aafcaa938087878f3b689520456548299fa8827121862e204e28b8ee5cb2b0d3b3335e4051d83cfb7c9a5eb3e4d383426c81b48c9a8

C:\Windows\System\rRlCjmL.exe

MD5 592d11f2363a861fd384d2448353be18
SHA1 bf6765d45e94049f5f226109508ec98ecb7d36f4
SHA256 8795e4ea90114ed67e283caa3fb79ce01f3ce2c9eb5602a14eb3650caece9cd9
SHA512 8fbded2bc039d7c88bb2dd2055710f00dfe1add7252f639dd14e48a47be8e36e9f4a7156c2e518116c004c7d25787ceeb3c2ef9f1b88086526d0a1fd2e9413bc

memory/4156-113-0x00007FF7C5250000-0x00007FF7C5642000-memory.dmp

memory/2792-109-0x00007FF7FBEB0000-0x00007FF7FC2A2000-memory.dmp

C:\Windows\System\IoLmlMh.exe

MD5 83797dcf2b6da9f490d450734fff2ce3
SHA1 69d06a0f71834527f8189481408b05b24e640bb0
SHA256 427157906db0be0da8e0a37e64f5ba098b0a6ac6d9b1d7d1e6f93e679fd206ce
SHA512 306b9434732c6bf266a5fffbe57ed982c55aa7865cbf2ed0ac9a1caa55eeb7793a63f3b090d63db5272722b50f5368780d498f9ac6a09af6f5d27a3404dd47b9

memory/752-105-0x00007FF656980000-0x00007FF656D72000-memory.dmp

C:\Windows\System\nNcpLXe.exe

MD5 03f349a92fab02c65cfaaedb471b67ef
SHA1 26c35fbe8e921e15cc24693fc237943bb2b3e8f1
SHA256 6e9f889191fba7b962701773c748d684e70897badce323bd5e00e6572f4f9083
SHA512 37009a1636e1e43790098c14f981fef5dccb6c5d0321a8568ceaac8927fee4caa8a5d2e0e823b8bdb241fb272bce78b9eb758ee55dd95b4038f60ea6c41356be

memory/380-101-0x00007FF6166B0000-0x00007FF616AA2000-memory.dmp

C:\Windows\System\aAYXhtC.exe

MD5 5ab5aeebdbe69e271d0d593ecaedaf10
SHA1 a06b1682ef8cc2fed20dc68a39152a4a4f04b01a
SHA256 cadb76b1470e562cf16d7a3e2712ca848d5a118b9509e3931c790de51caac0ea
SHA512 8f60c16aeb3265968ef90600025a7ecad337dec8926fe715081d590c1085ebeab8d4f3b4ce2de592b2294221784037b891ece587ba3885b8c150c41f48f95266

memory/2632-97-0x00007FF7FAC80000-0x00007FF7FB072000-memory.dmp

C:\Windows\System\urYQWnj.exe

MD5 39aa05d1e89214502a698b71f260d2c5
SHA1 ff3e36db7085f10a0fca84bdb04410a642a19bae
SHA256 75903e0000a403d9a974a8422566090bdcfed9e3ab277a8a64d48a3461f3055e
SHA512 faba46c27d23f0c1c00995215829fb26bb6932f27410e78a3883f28eaf2dfa4e837820af6e30befe1feccb30bed650dbfd347f1b72ff10ec4a5df1cde3358d6f

memory/2372-93-0x00007FF7DA950000-0x00007FF7DAD42000-memory.dmp

memory/3276-89-0x00007FF7148B0000-0x00007FF714CA2000-memory.dmp

C:\Windows\System\AFMwDyg.exe

MD5 e4d7163fa7944ac08d13edd9f2bd8917
SHA1 b726e9cf3abc6bd844d382cd45a88f7959c4a067
SHA256 a2b34f666204773084c48f1c9e48344fd013c68432129c1ed021a76a2d68c631
SHA512 aea8f52772e91b4315c5250a9080936f4341fa4307ee556bac1ea752f6a1a11dc2536f068df829fb5ec367a568216b7b7491fbe481ec5b7a0d36fb179da474b1

memory/2960-85-0x00007FF79AD10000-0x00007FF79B102000-memory.dmp

C:\Windows\System\BxrrhFx.exe

MD5 5485956a25dacf6335ed96459c54fefc
SHA1 10bd03b1ccd83e0512ebaccbcc3b57d7874c68a8
SHA256 f1ed90b7a6a8174cf4907113092c401b0b346819dcd372a83e43725e6c8a9f9b
SHA512 3db22c71f53a4c2acd7efb47787f0d9ed09a6032d01377ec0aec3c235fbbd5850722c4480a56ab7ace73465dcb081dcbfd307e99f1dbb06f00526d27cffdedb6

memory/2908-81-0x00007FF711ED0000-0x00007FF7122C2000-memory.dmp

memory/3288-77-0x00007FF7DD0F0000-0x00007FF7DD4E2000-memory.dmp

memory/3928-76-0x00007FF714050000-0x00007FF714442000-memory.dmp

memory/3780-72-0x00007FF7A2680000-0x00007FF7A2A72000-memory.dmp

memory/2460-69-0x00007FF60BDF0000-0x00007FF60C1E2000-memory.dmp

C:\Windows\System\notDqHK.exe

MD5 f547a24856b13344e8e31817964e2e66
SHA1 7cd09a5611c9b88e9ff12604c9d68d9f494f934e
SHA256 0ff7298dc0dbde6ee0c5ce4a345198b6c21f1d99c253b587c32548c759c760cc
SHA512 b06f1b11ba05556f9fa8a279574456e3c2f02ca4da8160326ecc5ac534f53307a4cef95ea0d99f71c9ba6a49832b69ed681f67c6cb6fce1d3bf5015286f73c4e

memory/1404-66-0x00007FF6CFE70000-0x00007FF6D0262000-memory.dmp

C:\Windows\System\NPqLfxO.exe

MD5 2ab53d8d7d9210271a1becca617351a7
SHA1 3d4d2d6bf8e9d7ecd2bf4202bd97d42fc13b9ee2
SHA256 5b65a5877cabf908c96d87be47426041b4269c120a3622fa900074ff7a1b9298
SHA512 eeb9c1c1a2d11e7e9609b2e80fcf7ff224368210284596537df064bd24dadfa9d4b59a987effb0f642bc624e9e721197b5750413809db82456c976e1ded25c23

C:\Windows\System\FfsWgNo.exe

MD5 ef3fecc1c20a71cebea6e57e59d1de3c
SHA1 11a74971677c3cfea016afb3c1669e23835a2944
SHA256 c92b9d31fe0b8671a8b48a5820582d39fcebe7fb2d420031205096e1dc35fba3
SHA512 c872b4f5428937df30958741f620485f44ba03304592175e892eee3f9497a973df171b5550d0afdeb40d9ad41b303ab1eb58e11fd695704caba7846b9d93a110

memory/2224-53-0x00007FFDE63E0000-0x00007FFDE6EA1000-memory.dmp

memory/2224-45-0x000001466A510000-0x000001466A532000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0igugxjr.fuj.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\OeFtWZl.exe

MD5 3dd13478b212b93d072fb974eabef1d7
SHA1 8d17a919c52701f891acf9a3fae318a272a9e9ad
SHA256 452d17890aed1f8eb4fab1014de7bb6e4f2ad13a500731ab79be44bac06ba036
SHA512 2f48f3f0879e2ef59720a0cec8d288135cee24e34128815732c55050ba3b991571461d03390543c9fd2ccf5fc9ff66ba82a7b017bfd75a26f76a745dde5c7c28

memory/2224-1790-0x000001466D650000-0x000001466DDF6000-memory.dmp

C:\Windows\System\MNNEhLo.exe

MD5 d6349613f683bded6d69a7d02ace4275
SHA1 1627fabfdfae3cac338500241f4e9e969ee50ac5
SHA256 4a54b14258d08729a6205b09d8643680d1fcbeb6eaed5e636cae813e537ac662
SHA512 d83aa606a1ca4c9ad32d8a91f5b2cf833fc395e62b938477a618ca3509fa52443c5e33121c0988fd90e65d2855a59276136a584d3f8258054273372e5fbf3292

memory/2224-2124-0x00007FFDE63E0000-0x00007FFDE6EA1000-memory.dmp

memory/1712-2931-0x00007FF78BCE0000-0x00007FF78C0D2000-memory.dmp

memory/4772-2925-0x00007FF6196E0000-0x00007FF619AD2000-memory.dmp

memory/440-2921-0x00007FF77A2C0000-0x00007FF77A6B2000-memory.dmp

memory/1556-2917-0x00007FF7BD2A0000-0x00007FF7BD692000-memory.dmp

memory/1592-2915-0x00007FF7D3E50000-0x00007FF7D4242000-memory.dmp

memory/4156-2911-0x00007FF7C5250000-0x00007FF7C5642000-memory.dmp

memory/2792-2909-0x00007FF7FBEB0000-0x00007FF7FC2A2000-memory.dmp

memory/2372-2903-0x00007FF7DA950000-0x00007FF7DAD42000-memory.dmp

memory/4616-2927-0x00007FF639A20000-0x00007FF639E12000-memory.dmp

memory/4036-2923-0x00007FF65B6E0000-0x00007FF65BAD2000-memory.dmp

memory/2760-2919-0x00007FF6D8990000-0x00007FF6D8D82000-memory.dmp

memory/4792-2913-0x00007FF77AC90000-0x00007FF77B082000-memory.dmp

memory/380-2907-0x00007FF6166B0000-0x00007FF616AA2000-memory.dmp

memory/752-2905-0x00007FF656980000-0x00007FF656D72000-memory.dmp

memory/2632-2901-0x00007FF7FAC80000-0x00007FF7FB072000-memory.dmp

memory/2664-2889-0x00007FF71CFC0000-0x00007FF71D3B2000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 16:22

Reported

2024-05-22 16:24

Platform

win7-20240419-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\HJMSfig.exe N/A
N/A N/A C:\Windows\System\MXRFhHu.exe N/A
N/A N/A C:\Windows\System\JkkZJhV.exe N/A
N/A N/A C:\Windows\System\vmvFUif.exe N/A
N/A N/A C:\Windows\System\ctnZPVm.exe N/A
N/A N/A C:\Windows\System\mBJbhRg.exe N/A
N/A N/A C:\Windows\System\TrsVPhG.exe N/A
N/A N/A C:\Windows\System\trIAXnM.exe N/A
N/A N/A C:\Windows\System\RaIEYUq.exe N/A
N/A N/A C:\Windows\System\LCpAAyL.exe N/A
N/A N/A C:\Windows\System\NtnNDbD.exe N/A
N/A N/A C:\Windows\System\ymaodKQ.exe N/A
N/A N/A C:\Windows\System\DBkGltk.exe N/A
N/A N/A C:\Windows\System\InDuAJN.exe N/A
N/A N/A C:\Windows\System\XdTEgcp.exe N/A
N/A N/A C:\Windows\System\vmadfnv.exe N/A
N/A N/A C:\Windows\System\iFaYpWI.exe N/A
N/A N/A C:\Windows\System\TesqqLt.exe N/A
N/A N/A C:\Windows\System\IQRkSZa.exe N/A
N/A N/A C:\Windows\System\GJDkymQ.exe N/A
N/A N/A C:\Windows\System\gzhcChf.exe N/A
N/A N/A C:\Windows\System\fmsLhRP.exe N/A
N/A N/A C:\Windows\System\lYgAUqJ.exe N/A
N/A N/A C:\Windows\System\kgLYYkA.exe N/A
N/A N/A C:\Windows\System\qgnKeUQ.exe N/A
N/A N/A C:\Windows\System\dougdHm.exe N/A
N/A N/A C:\Windows\System\vQJoQot.exe N/A
N/A N/A C:\Windows\System\pvQhEKB.exe N/A
N/A N/A C:\Windows\System\XWrvKTk.exe N/A
N/A N/A C:\Windows\System\HBPSLoL.exe N/A
N/A N/A C:\Windows\System\palexDG.exe N/A
N/A N/A C:\Windows\System\jtnDfAt.exe N/A
N/A N/A C:\Windows\System\uInMLEV.exe N/A
N/A N/A C:\Windows\System\eVUMWPv.exe N/A
N/A N/A C:\Windows\System\HPxYBsc.exe N/A
N/A N/A C:\Windows\System\btTPkDq.exe N/A
N/A N/A C:\Windows\System\istpcQM.exe N/A
N/A N/A C:\Windows\System\iiknUnK.exe N/A
N/A N/A C:\Windows\System\JkIyWqZ.exe N/A
N/A N/A C:\Windows\System\vWaotWU.exe N/A
N/A N/A C:\Windows\System\fUnwOAE.exe N/A
N/A N/A C:\Windows\System\rPgkREw.exe N/A
N/A N/A C:\Windows\System\ZIPnhDa.exe N/A
N/A N/A C:\Windows\System\klOQkar.exe N/A
N/A N/A C:\Windows\System\REYWjaL.exe N/A
N/A N/A C:\Windows\System\yJYekzs.exe N/A
N/A N/A C:\Windows\System\zldgYMg.exe N/A
N/A N/A C:\Windows\System\rBTaVem.exe N/A
N/A N/A C:\Windows\System\pUpnYLo.exe N/A
N/A N/A C:\Windows\System\PBTpZoe.exe N/A
N/A N/A C:\Windows\System\WHTaXMD.exe N/A
N/A N/A C:\Windows\System\RIwHHLo.exe N/A
N/A N/A C:\Windows\System\PHbFmil.exe N/A
N/A N/A C:\Windows\System\JlmfdUu.exe N/A
N/A N/A C:\Windows\System\scQMdmp.exe N/A
N/A N/A C:\Windows\System\okSEYcE.exe N/A
N/A N/A C:\Windows\System\GBRTblO.exe N/A
N/A N/A C:\Windows\System\UtQYgyi.exe N/A
N/A N/A C:\Windows\System\hKECqcy.exe N/A
N/A N/A C:\Windows\System\PfuBagh.exe N/A
N/A N/A C:\Windows\System\wxEaulb.exe N/A
N/A N/A C:\Windows\System\mBGbMMt.exe N/A
N/A N/A C:\Windows\System\wUNIQxB.exe N/A
N/A N/A C:\Windows\System\IAvckIB.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ZTDAkqg.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\XQKrAcf.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\hKECqcy.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\hwStZqx.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\GvZJAuw.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\aNYdSNa.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\oUUWjmz.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\iMvHifM.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\lNBMpts.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\ldlmJBY.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\FduoeGR.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\JtLXHfC.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\RMXnxvI.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\AqfTfxa.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\meRxsyy.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\gGQqkaI.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\dBmhqcV.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\HxiFAbq.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\rCRGnus.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\dAzuWtB.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\bgDNrGb.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\LGTmgTw.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\QrLzmTU.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\UlLvcxn.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\CUgWLMN.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\tahFOAZ.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\asNqZKK.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\uwvJePA.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\KBJNtJJ.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\DBrePLz.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\hWMhteo.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\qPgzLqg.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\dygyOyq.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\FrAYdCN.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\tOicINO.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\BnrkbxP.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\kzQBCBP.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\lvtuwzK.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\VghcAcR.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\TykuscB.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\vyfvSbe.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\hNzPMzv.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\RzrfnZC.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\oBKKosQ.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\DVLRmMq.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\XiACsUI.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\WumpXyN.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\DgnSFmU.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\FtDbfVC.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\gOsGuTT.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\kgaSatC.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\CFzwCFe.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\kczTkyQ.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\OptorQv.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\YTUflHw.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\qDWGFjf.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\LEjizxF.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\IlyqOLo.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\lHkObtT.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\XXUMpPm.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\lEqYpcr.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\AUihEoW.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\tWBeIfy.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
File created C:\Windows\System\GdsuMHl.exe C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3000 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3000 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3000 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3000 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\HJMSfig.exe
PID 3000 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\HJMSfig.exe
PID 3000 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\HJMSfig.exe
PID 3000 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\MXRFhHu.exe
PID 3000 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\MXRFhHu.exe
PID 3000 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\MXRFhHu.exe
PID 3000 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\JkkZJhV.exe
PID 3000 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\JkkZJhV.exe
PID 3000 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\JkkZJhV.exe
PID 3000 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\vmvFUif.exe
PID 3000 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\vmvFUif.exe
PID 3000 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\vmvFUif.exe
PID 3000 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\ctnZPVm.exe
PID 3000 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\ctnZPVm.exe
PID 3000 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\ctnZPVm.exe
PID 3000 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\mBJbhRg.exe
PID 3000 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\mBJbhRg.exe
PID 3000 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\mBJbhRg.exe
PID 3000 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\TrsVPhG.exe
PID 3000 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\TrsVPhG.exe
PID 3000 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\TrsVPhG.exe
PID 3000 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\LCpAAyL.exe
PID 3000 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\LCpAAyL.exe
PID 3000 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\LCpAAyL.exe
PID 3000 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\trIAXnM.exe
PID 3000 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\trIAXnM.exe
PID 3000 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\trIAXnM.exe
PID 3000 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NtnNDbD.exe
PID 3000 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NtnNDbD.exe
PID 3000 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\NtnNDbD.exe
PID 3000 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\RaIEYUq.exe
PID 3000 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\RaIEYUq.exe
PID 3000 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\RaIEYUq.exe
PID 3000 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\iFaYpWI.exe
PID 3000 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\iFaYpWI.exe
PID 3000 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\iFaYpWI.exe
PID 3000 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\ymaodKQ.exe
PID 3000 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\ymaodKQ.exe
PID 3000 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\ymaodKQ.exe
PID 3000 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\TesqqLt.exe
PID 3000 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\TesqqLt.exe
PID 3000 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\TesqqLt.exe
PID 3000 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\DBkGltk.exe
PID 3000 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\DBkGltk.exe
PID 3000 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\DBkGltk.exe
PID 3000 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\mBGbMMt.exe
PID 3000 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\mBGbMMt.exe
PID 3000 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\mBGbMMt.exe
PID 3000 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\InDuAJN.exe
PID 3000 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\InDuAJN.exe
PID 3000 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\InDuAJN.exe
PID 3000 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\wUNIQxB.exe
PID 3000 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\wUNIQxB.exe
PID 3000 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\wUNIQxB.exe
PID 3000 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\XdTEgcp.exe
PID 3000 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\XdTEgcp.exe
PID 3000 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\XdTEgcp.exe
PID 3000 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\IAvckIB.exe
PID 3000 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\IAvckIB.exe
PID 3000 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\IAvckIB.exe
PID 3000 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe C:\Windows\System\vmadfnv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\67dfbf9968ca7593abac4a3d3b09f455_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\HJMSfig.exe

C:\Windows\System\HJMSfig.exe

C:\Windows\System\MXRFhHu.exe

C:\Windows\System\MXRFhHu.exe

C:\Windows\System\JkkZJhV.exe

C:\Windows\System\JkkZJhV.exe

C:\Windows\System\vmvFUif.exe

C:\Windows\System\vmvFUif.exe

C:\Windows\System\ctnZPVm.exe

C:\Windows\System\ctnZPVm.exe

C:\Windows\System\mBJbhRg.exe

C:\Windows\System\mBJbhRg.exe

C:\Windows\System\TrsVPhG.exe

C:\Windows\System\TrsVPhG.exe

C:\Windows\System\LCpAAyL.exe

C:\Windows\System\LCpAAyL.exe

C:\Windows\System\trIAXnM.exe

C:\Windows\System\trIAXnM.exe

C:\Windows\System\NtnNDbD.exe

C:\Windows\System\NtnNDbD.exe

C:\Windows\System\RaIEYUq.exe

C:\Windows\System\RaIEYUq.exe

C:\Windows\System\iFaYpWI.exe

C:\Windows\System\iFaYpWI.exe

C:\Windows\System\ymaodKQ.exe

C:\Windows\System\ymaodKQ.exe

C:\Windows\System\TesqqLt.exe

C:\Windows\System\TesqqLt.exe

C:\Windows\System\DBkGltk.exe

C:\Windows\System\DBkGltk.exe

C:\Windows\System\mBGbMMt.exe

C:\Windows\System\mBGbMMt.exe

C:\Windows\System\InDuAJN.exe

C:\Windows\System\InDuAJN.exe

C:\Windows\System\wUNIQxB.exe

C:\Windows\System\wUNIQxB.exe

C:\Windows\System\XdTEgcp.exe

C:\Windows\System\XdTEgcp.exe

C:\Windows\System\IAvckIB.exe

C:\Windows\System\IAvckIB.exe

C:\Windows\System\vmadfnv.exe

C:\Windows\System\vmadfnv.exe

C:\Windows\System\QInVxMP.exe

C:\Windows\System\QInVxMP.exe

C:\Windows\System\IQRkSZa.exe

C:\Windows\System\IQRkSZa.exe

C:\Windows\System\ZqATetl.exe

C:\Windows\System\ZqATetl.exe

C:\Windows\System\GJDkymQ.exe

C:\Windows\System\GJDkymQ.exe

C:\Windows\System\QpNfeZq.exe

C:\Windows\System\QpNfeZq.exe

C:\Windows\System\gzhcChf.exe

C:\Windows\System\gzhcChf.exe

C:\Windows\System\LSYinYz.exe

C:\Windows\System\LSYinYz.exe

C:\Windows\System\fmsLhRP.exe

C:\Windows\System\fmsLhRP.exe

C:\Windows\System\eiJGSzi.exe

C:\Windows\System\eiJGSzi.exe

C:\Windows\System\lYgAUqJ.exe

C:\Windows\System\lYgAUqJ.exe

C:\Windows\System\ZJqpttx.exe

C:\Windows\System\ZJqpttx.exe

C:\Windows\System\kgLYYkA.exe

C:\Windows\System\kgLYYkA.exe

C:\Windows\System\GAWzBan.exe

C:\Windows\System\GAWzBan.exe

C:\Windows\System\qgnKeUQ.exe

C:\Windows\System\qgnKeUQ.exe

C:\Windows\System\bAXcydv.exe

C:\Windows\System\bAXcydv.exe

C:\Windows\System\dougdHm.exe

C:\Windows\System\dougdHm.exe

C:\Windows\System\RVZgTuj.exe

C:\Windows\System\RVZgTuj.exe

C:\Windows\System\vQJoQot.exe

C:\Windows\System\vQJoQot.exe

C:\Windows\System\zuJsaqB.exe

C:\Windows\System\zuJsaqB.exe

C:\Windows\System\pvQhEKB.exe

C:\Windows\System\pvQhEKB.exe

C:\Windows\System\sPtVoAR.exe

C:\Windows\System\sPtVoAR.exe

C:\Windows\System\XWrvKTk.exe

C:\Windows\System\XWrvKTk.exe

C:\Windows\System\dTHaNwn.exe

C:\Windows\System\dTHaNwn.exe

C:\Windows\System\HBPSLoL.exe

C:\Windows\System\HBPSLoL.exe

C:\Windows\System\QqRLIIZ.exe

C:\Windows\System\QqRLIIZ.exe

C:\Windows\System\palexDG.exe

C:\Windows\System\palexDG.exe

C:\Windows\System\lSLdINg.exe

C:\Windows\System\lSLdINg.exe

C:\Windows\System\jtnDfAt.exe

C:\Windows\System\jtnDfAt.exe

C:\Windows\System\kzxMiPi.exe

C:\Windows\System\kzxMiPi.exe

C:\Windows\System\uInMLEV.exe

C:\Windows\System\uInMLEV.exe

C:\Windows\System\jyKHNGZ.exe

C:\Windows\System\jyKHNGZ.exe

C:\Windows\System\eVUMWPv.exe

C:\Windows\System\eVUMWPv.exe

C:\Windows\System\mnVRJvO.exe

C:\Windows\System\mnVRJvO.exe

C:\Windows\System\HPxYBsc.exe

C:\Windows\System\HPxYBsc.exe

C:\Windows\System\zdnMJZb.exe

C:\Windows\System\zdnMJZb.exe

C:\Windows\System\btTPkDq.exe

C:\Windows\System\btTPkDq.exe

C:\Windows\System\vxgKmab.exe

C:\Windows\System\vxgKmab.exe

C:\Windows\System\istpcQM.exe

C:\Windows\System\istpcQM.exe

C:\Windows\System\wLdmbck.exe

C:\Windows\System\wLdmbck.exe

C:\Windows\System\iiknUnK.exe

C:\Windows\System\iiknUnK.exe

C:\Windows\System\WPNTfHJ.exe

C:\Windows\System\WPNTfHJ.exe

C:\Windows\System\JkIyWqZ.exe

C:\Windows\System\JkIyWqZ.exe

C:\Windows\System\KJdTOMo.exe

C:\Windows\System\KJdTOMo.exe

C:\Windows\System\vWaotWU.exe

C:\Windows\System\vWaotWU.exe

C:\Windows\System\tNzzhZy.exe

C:\Windows\System\tNzzhZy.exe

C:\Windows\System\fUnwOAE.exe

C:\Windows\System\fUnwOAE.exe

C:\Windows\System\BtkdZZO.exe

C:\Windows\System\BtkdZZO.exe

C:\Windows\System\rPgkREw.exe

C:\Windows\System\rPgkREw.exe

C:\Windows\System\WUmnqQi.exe

C:\Windows\System\WUmnqQi.exe

C:\Windows\System\ZIPnhDa.exe

C:\Windows\System\ZIPnhDa.exe

C:\Windows\System\GpGLpgS.exe

C:\Windows\System\GpGLpgS.exe

C:\Windows\System\klOQkar.exe

C:\Windows\System\klOQkar.exe

C:\Windows\System\xqrsVCG.exe

C:\Windows\System\xqrsVCG.exe

C:\Windows\System\REYWjaL.exe

C:\Windows\System\REYWjaL.exe

C:\Windows\System\HEnzZaR.exe

C:\Windows\System\HEnzZaR.exe

C:\Windows\System\yJYekzs.exe

C:\Windows\System\yJYekzs.exe

C:\Windows\System\UuMOxdN.exe

C:\Windows\System\UuMOxdN.exe

C:\Windows\System\zldgYMg.exe

C:\Windows\System\zldgYMg.exe

C:\Windows\System\ybHypoS.exe

C:\Windows\System\ybHypoS.exe

C:\Windows\System\rBTaVem.exe

C:\Windows\System\rBTaVem.exe

C:\Windows\System\XfvIpgv.exe

C:\Windows\System\XfvIpgv.exe

C:\Windows\System\pUpnYLo.exe

C:\Windows\System\pUpnYLo.exe

C:\Windows\System\oCYwuGH.exe

C:\Windows\System\oCYwuGH.exe

C:\Windows\System\PBTpZoe.exe

C:\Windows\System\PBTpZoe.exe

C:\Windows\System\MQmTckv.exe

C:\Windows\System\MQmTckv.exe

C:\Windows\System\WHTaXMD.exe

C:\Windows\System\WHTaXMD.exe

C:\Windows\System\DrZLoJs.exe

C:\Windows\System\DrZLoJs.exe

C:\Windows\System\RIwHHLo.exe

C:\Windows\System\RIwHHLo.exe

C:\Windows\System\bYieizt.exe

C:\Windows\System\bYieizt.exe

C:\Windows\System\PHbFmil.exe

C:\Windows\System\PHbFmil.exe

C:\Windows\System\RmALZSB.exe

C:\Windows\System\RmALZSB.exe

C:\Windows\System\JlmfdUu.exe

C:\Windows\System\JlmfdUu.exe

C:\Windows\System\JjZZAub.exe

C:\Windows\System\JjZZAub.exe

C:\Windows\System\scQMdmp.exe

C:\Windows\System\scQMdmp.exe

C:\Windows\System\KQaymao.exe

C:\Windows\System\KQaymao.exe

C:\Windows\System\okSEYcE.exe

C:\Windows\System\okSEYcE.exe

C:\Windows\System\mDvnYUn.exe

C:\Windows\System\mDvnYUn.exe

C:\Windows\System\GBRTblO.exe

C:\Windows\System\GBRTblO.exe

C:\Windows\System\CfiiWkl.exe

C:\Windows\System\CfiiWkl.exe

C:\Windows\System\UtQYgyi.exe

C:\Windows\System\UtQYgyi.exe

C:\Windows\System\agjSzlt.exe

C:\Windows\System\agjSzlt.exe

C:\Windows\System\hKECqcy.exe

C:\Windows\System\hKECqcy.exe

C:\Windows\System\VaFdKKo.exe

C:\Windows\System\VaFdKKo.exe

C:\Windows\System\PfuBagh.exe

C:\Windows\System\PfuBagh.exe

C:\Windows\System\ZeJdAGG.exe

C:\Windows\System\ZeJdAGG.exe

C:\Windows\System\wxEaulb.exe

C:\Windows\System\wxEaulb.exe

C:\Windows\System\mTsApiF.exe

C:\Windows\System\mTsApiF.exe

C:\Windows\System\mMsXBbv.exe

C:\Windows\System\mMsXBbv.exe

C:\Windows\System\dfVbDHt.exe

C:\Windows\System\dfVbDHt.exe

C:\Windows\System\WZRtGHd.exe

C:\Windows\System\WZRtGHd.exe

C:\Windows\System\dykmGQf.exe

C:\Windows\System\dykmGQf.exe

C:\Windows\System\MWNsuqx.exe

C:\Windows\System\MWNsuqx.exe

C:\Windows\System\aGKHukB.exe

C:\Windows\System\aGKHukB.exe

C:\Windows\System\nUMBigE.exe

C:\Windows\System\nUMBigE.exe

C:\Windows\System\BQNgloC.exe

C:\Windows\System\BQNgloC.exe

C:\Windows\System\OCCpBSp.exe

C:\Windows\System\OCCpBSp.exe

C:\Windows\System\SDesDHQ.exe

C:\Windows\System\SDesDHQ.exe

C:\Windows\System\FvHVbOz.exe

C:\Windows\System\FvHVbOz.exe

C:\Windows\System\zSkUKWa.exe

C:\Windows\System\zSkUKWa.exe

C:\Windows\System\OCNOxvv.exe

C:\Windows\System\OCNOxvv.exe

C:\Windows\System\XXGRUHw.exe

C:\Windows\System\XXGRUHw.exe

C:\Windows\System\LyUXiBU.exe

C:\Windows\System\LyUXiBU.exe

C:\Windows\System\GdxLqEg.exe

C:\Windows\System\GdxLqEg.exe

C:\Windows\System\faBeYkF.exe

C:\Windows\System\faBeYkF.exe

C:\Windows\System\hagyZkb.exe

C:\Windows\System\hagyZkb.exe

C:\Windows\System\qMhLtqZ.exe

C:\Windows\System\qMhLtqZ.exe

C:\Windows\System\TKaxsoI.exe

C:\Windows\System\TKaxsoI.exe

C:\Windows\System\ByLlRyf.exe

C:\Windows\System\ByLlRyf.exe

C:\Windows\System\swGRAou.exe

C:\Windows\System\swGRAou.exe

C:\Windows\System\eybUjmO.exe

C:\Windows\System\eybUjmO.exe

C:\Windows\System\uwhQIAQ.exe

C:\Windows\System\uwhQIAQ.exe

C:\Windows\System\jCjZLeZ.exe

C:\Windows\System\jCjZLeZ.exe

C:\Windows\System\MXyagTz.exe

C:\Windows\System\MXyagTz.exe

C:\Windows\System\KTVdDZQ.exe

C:\Windows\System\KTVdDZQ.exe

C:\Windows\System\DVKupuS.exe

C:\Windows\System\DVKupuS.exe

C:\Windows\System\exUcymE.exe

C:\Windows\System\exUcymE.exe

C:\Windows\System\LgQhPcy.exe

C:\Windows\System\LgQhPcy.exe

C:\Windows\System\nuTSUfd.exe

C:\Windows\System\nuTSUfd.exe

C:\Windows\System\TEUVVOA.exe

C:\Windows\System\TEUVVOA.exe

C:\Windows\System\TQQxeAn.exe

C:\Windows\System\TQQxeAn.exe

C:\Windows\System\WwwKlrL.exe

C:\Windows\System\WwwKlrL.exe

C:\Windows\System\mPXegfa.exe

C:\Windows\System\mPXegfa.exe

C:\Windows\System\reqMpOy.exe

C:\Windows\System\reqMpOy.exe

C:\Windows\System\xhmaacV.exe

C:\Windows\System\xhmaacV.exe

C:\Windows\System\wDXVJyW.exe

C:\Windows\System\wDXVJyW.exe

C:\Windows\System\cJYrjhE.exe

C:\Windows\System\cJYrjhE.exe

C:\Windows\System\zrNHodn.exe

C:\Windows\System\zrNHodn.exe

C:\Windows\System\UIKkSLO.exe

C:\Windows\System\UIKkSLO.exe

C:\Windows\System\GjQIJBA.exe

C:\Windows\System\GjQIJBA.exe

C:\Windows\System\YXdyxNT.exe

C:\Windows\System\YXdyxNT.exe

C:\Windows\System\JMVxRoi.exe

C:\Windows\System\JMVxRoi.exe

C:\Windows\System\gTpNARG.exe

C:\Windows\System\gTpNARG.exe

C:\Windows\System\kMdGBTI.exe

C:\Windows\System\kMdGBTI.exe

C:\Windows\System\oLOYmGe.exe

C:\Windows\System\oLOYmGe.exe

C:\Windows\System\mcsBJIO.exe

C:\Windows\System\mcsBJIO.exe

C:\Windows\System\xJeVUuw.exe

C:\Windows\System\xJeVUuw.exe

C:\Windows\System\yvUQTGS.exe

C:\Windows\System\yvUQTGS.exe

C:\Windows\System\ezjwnec.exe

C:\Windows\System\ezjwnec.exe

C:\Windows\System\ZzJRRFK.exe

C:\Windows\System\ZzJRRFK.exe

C:\Windows\System\crWcOpp.exe

C:\Windows\System\crWcOpp.exe

C:\Windows\System\juJlXJD.exe

C:\Windows\System\juJlXJD.exe

C:\Windows\System\sXluywc.exe

C:\Windows\System\sXluywc.exe

C:\Windows\System\dAAneQa.exe

C:\Windows\System\dAAneQa.exe

C:\Windows\System\tzIWjDi.exe

C:\Windows\System\tzIWjDi.exe

C:\Windows\System\WBGPbdN.exe

C:\Windows\System\WBGPbdN.exe

C:\Windows\System\JrzENdN.exe

C:\Windows\System\JrzENdN.exe

C:\Windows\System\QaojGgw.exe

C:\Windows\System\QaojGgw.exe

C:\Windows\System\htlshSP.exe

C:\Windows\System\htlshSP.exe

C:\Windows\System\brQTXns.exe

C:\Windows\System\brQTXns.exe

C:\Windows\System\yOouxdv.exe

C:\Windows\System\yOouxdv.exe

C:\Windows\System\aRxqaZF.exe

C:\Windows\System\aRxqaZF.exe

C:\Windows\System\ybTJfBe.exe

C:\Windows\System\ybTJfBe.exe

C:\Windows\System\uaqfQDo.exe

C:\Windows\System\uaqfQDo.exe

C:\Windows\System\CzsFcSK.exe

C:\Windows\System\CzsFcSK.exe

C:\Windows\System\azswEqF.exe

C:\Windows\System\azswEqF.exe

C:\Windows\System\fqSKiQP.exe

C:\Windows\System\fqSKiQP.exe

C:\Windows\System\lupXKCs.exe

C:\Windows\System\lupXKCs.exe

C:\Windows\System\hwCRZXs.exe

C:\Windows\System\hwCRZXs.exe

C:\Windows\System\dcIJWXV.exe

C:\Windows\System\dcIJWXV.exe

C:\Windows\System\UvmRQUr.exe

C:\Windows\System\UvmRQUr.exe

C:\Windows\System\eFabigh.exe

C:\Windows\System\eFabigh.exe

C:\Windows\System\PtJWRNH.exe

C:\Windows\System\PtJWRNH.exe

C:\Windows\System\tXixTup.exe

C:\Windows\System\tXixTup.exe

C:\Windows\System\suakjHL.exe

C:\Windows\System\suakjHL.exe

C:\Windows\System\gJmeVux.exe

C:\Windows\System\gJmeVux.exe

C:\Windows\System\kxtnPUb.exe

C:\Windows\System\kxtnPUb.exe

C:\Windows\System\ughsCRp.exe

C:\Windows\System\ughsCRp.exe

C:\Windows\System\xOAbejA.exe

C:\Windows\System\xOAbejA.exe

C:\Windows\System\KXgVBjQ.exe

C:\Windows\System\KXgVBjQ.exe

C:\Windows\System\CeDBmDy.exe

C:\Windows\System\CeDBmDy.exe

C:\Windows\System\SzGlVqR.exe

C:\Windows\System\SzGlVqR.exe

C:\Windows\System\WEZvJcM.exe

C:\Windows\System\WEZvJcM.exe

C:\Windows\System\jrkOqXG.exe

C:\Windows\System\jrkOqXG.exe

C:\Windows\System\vUalmXp.exe

C:\Windows\System\vUalmXp.exe

C:\Windows\System\PgdHbwo.exe

C:\Windows\System\PgdHbwo.exe

C:\Windows\System\XOQIjjP.exe

C:\Windows\System\XOQIjjP.exe

C:\Windows\System\WjbIrnK.exe

C:\Windows\System\WjbIrnK.exe

C:\Windows\System\yVYzzoE.exe

C:\Windows\System\yVYzzoE.exe

C:\Windows\System\pCTYUyK.exe

C:\Windows\System\pCTYUyK.exe

C:\Windows\System\nJjDJzq.exe

C:\Windows\System\nJjDJzq.exe

C:\Windows\System\lDYbfMJ.exe

C:\Windows\System\lDYbfMJ.exe

C:\Windows\System\FdbDhzO.exe

C:\Windows\System\FdbDhzO.exe

C:\Windows\System\OUJTDGp.exe

C:\Windows\System\OUJTDGp.exe

C:\Windows\System\OPpzEjr.exe

C:\Windows\System\OPpzEjr.exe

C:\Windows\System\qVxqqRy.exe

C:\Windows\System\qVxqqRy.exe

C:\Windows\System\HMhbYvT.exe

C:\Windows\System\HMhbYvT.exe

C:\Windows\System\dGznAPL.exe

C:\Windows\System\dGznAPL.exe

C:\Windows\System\qwiZxGL.exe

C:\Windows\System\qwiZxGL.exe

C:\Windows\System\lglQgKl.exe

C:\Windows\System\lglQgKl.exe

C:\Windows\System\NehGxJz.exe

C:\Windows\System\NehGxJz.exe

C:\Windows\System\NbmqsoV.exe

C:\Windows\System\NbmqsoV.exe

C:\Windows\System\uIiAnwa.exe

C:\Windows\System\uIiAnwa.exe

C:\Windows\System\nVPROeX.exe

C:\Windows\System\nVPROeX.exe

C:\Windows\System\FfPTIWZ.exe

C:\Windows\System\FfPTIWZ.exe

C:\Windows\System\FeHFhhN.exe

C:\Windows\System\FeHFhhN.exe

C:\Windows\System\WgjXfkq.exe

C:\Windows\System\WgjXfkq.exe

C:\Windows\System\xxeEXJT.exe

C:\Windows\System\xxeEXJT.exe

C:\Windows\System\CUkgAIz.exe

C:\Windows\System\CUkgAIz.exe

C:\Windows\System\KNdpSHx.exe

C:\Windows\System\KNdpSHx.exe

C:\Windows\System\dqgkabX.exe

C:\Windows\System\dqgkabX.exe

C:\Windows\System\fGkmjnU.exe

C:\Windows\System\fGkmjnU.exe

C:\Windows\System\kBfDuQp.exe

C:\Windows\System\kBfDuQp.exe

C:\Windows\System\srFxgml.exe

C:\Windows\System\srFxgml.exe

C:\Windows\System\TtRrVyx.exe

C:\Windows\System\TtRrVyx.exe

C:\Windows\System\FlaYdJv.exe

C:\Windows\System\FlaYdJv.exe

C:\Windows\System\DlbaBWz.exe

C:\Windows\System\DlbaBWz.exe

C:\Windows\System\DkbDgMB.exe

C:\Windows\System\DkbDgMB.exe

C:\Windows\System\iRTGCDi.exe

C:\Windows\System\iRTGCDi.exe

C:\Windows\System\NFhjZmz.exe

C:\Windows\System\NFhjZmz.exe

C:\Windows\System\JKixyee.exe

C:\Windows\System\JKixyee.exe

C:\Windows\System\AvgsVVA.exe

C:\Windows\System\AvgsVVA.exe

C:\Windows\System\lZXXIRP.exe

C:\Windows\System\lZXXIRP.exe

C:\Windows\System\hktCxyV.exe

C:\Windows\System\hktCxyV.exe

C:\Windows\System\NLpYIwG.exe

C:\Windows\System\NLpYIwG.exe

C:\Windows\System\xqWwMYk.exe

C:\Windows\System\xqWwMYk.exe

C:\Windows\System\XXAtEhW.exe

C:\Windows\System\XXAtEhW.exe

C:\Windows\System\xFbmpcZ.exe

C:\Windows\System\xFbmpcZ.exe

C:\Windows\System\dLMgcnV.exe

C:\Windows\System\dLMgcnV.exe

C:\Windows\System\FhSgQyA.exe

C:\Windows\System\FhSgQyA.exe

C:\Windows\System\acIzrnE.exe

C:\Windows\System\acIzrnE.exe

C:\Windows\System\hXXwVkj.exe

C:\Windows\System\hXXwVkj.exe

C:\Windows\System\kKCOmdD.exe

C:\Windows\System\kKCOmdD.exe

C:\Windows\System\NnrdImj.exe

C:\Windows\System\NnrdImj.exe

C:\Windows\System\ThsCSxZ.exe

C:\Windows\System\ThsCSxZ.exe

C:\Windows\System\xinBCGD.exe

C:\Windows\System\xinBCGD.exe

C:\Windows\System\jufiBQm.exe

C:\Windows\System\jufiBQm.exe

C:\Windows\System\vxjbKxQ.exe

C:\Windows\System\vxjbKxQ.exe

C:\Windows\System\ukcqrwY.exe

C:\Windows\System\ukcqrwY.exe

C:\Windows\System\ywZpYgr.exe

C:\Windows\System\ywZpYgr.exe

C:\Windows\System\yUQQLee.exe

C:\Windows\System\yUQQLee.exe

C:\Windows\System\mLmFkWh.exe

C:\Windows\System\mLmFkWh.exe

C:\Windows\System\JEqlotv.exe

C:\Windows\System\JEqlotv.exe

C:\Windows\System\bnMnSyi.exe

C:\Windows\System\bnMnSyi.exe

C:\Windows\System\JXBSTIu.exe

C:\Windows\System\JXBSTIu.exe

C:\Windows\System\OhjuFPi.exe

C:\Windows\System\OhjuFPi.exe

C:\Windows\System\PdjwzFO.exe

C:\Windows\System\PdjwzFO.exe

C:\Windows\System\ArEgcUG.exe

C:\Windows\System\ArEgcUG.exe

C:\Windows\System\kardwOH.exe

C:\Windows\System\kardwOH.exe

C:\Windows\System\WMOBvUq.exe

C:\Windows\System\WMOBvUq.exe

C:\Windows\System\JaQQDjS.exe

C:\Windows\System\JaQQDjS.exe

C:\Windows\System\GvkrnYH.exe

C:\Windows\System\GvkrnYH.exe

C:\Windows\System\mOwAozn.exe

C:\Windows\System\mOwAozn.exe

C:\Windows\System\jLDnTwG.exe

C:\Windows\System\jLDnTwG.exe

C:\Windows\System\HPRRqwz.exe

C:\Windows\System\HPRRqwz.exe

C:\Windows\System\keeTbCc.exe

C:\Windows\System\keeTbCc.exe

C:\Windows\System\psaCFBT.exe

C:\Windows\System\psaCFBT.exe

C:\Windows\System\hKLNZcF.exe

C:\Windows\System\hKLNZcF.exe

C:\Windows\System\xzJVEsT.exe

C:\Windows\System\xzJVEsT.exe

C:\Windows\System\NNyRsAh.exe

C:\Windows\System\NNyRsAh.exe

C:\Windows\System\UcTYGUd.exe

C:\Windows\System\UcTYGUd.exe

C:\Windows\System\sqaHGLs.exe

C:\Windows\System\sqaHGLs.exe

C:\Windows\System\CqaIpBa.exe

C:\Windows\System\CqaIpBa.exe

C:\Windows\System\gNekrUd.exe

C:\Windows\System\gNekrUd.exe

C:\Windows\System\qkpNKoj.exe

C:\Windows\System\qkpNKoj.exe

C:\Windows\System\OxPgcTO.exe

C:\Windows\System\OxPgcTO.exe

C:\Windows\System\tUZGaYG.exe

C:\Windows\System\tUZGaYG.exe

C:\Windows\System\wtilVkR.exe

C:\Windows\System\wtilVkR.exe

C:\Windows\System\hhhfAfQ.exe

C:\Windows\System\hhhfAfQ.exe

C:\Windows\System\Shvrsik.exe

C:\Windows\System\Shvrsik.exe

C:\Windows\System\brdhXDN.exe

C:\Windows\System\brdhXDN.exe

C:\Windows\System\cHGDMHn.exe

C:\Windows\System\cHGDMHn.exe

C:\Windows\System\hBtjiVt.exe

C:\Windows\System\hBtjiVt.exe

C:\Windows\System\lNlmcSC.exe

C:\Windows\System\lNlmcSC.exe

C:\Windows\System\LTZebuW.exe

C:\Windows\System\LTZebuW.exe

C:\Windows\System\fXEEZIb.exe

C:\Windows\System\fXEEZIb.exe

C:\Windows\System\dpPxaVH.exe

C:\Windows\System\dpPxaVH.exe

C:\Windows\System\UrgLOnM.exe

C:\Windows\System\UrgLOnM.exe

C:\Windows\System\ZZdSxVb.exe

C:\Windows\System\ZZdSxVb.exe

C:\Windows\System\kNdFqMX.exe

C:\Windows\System\kNdFqMX.exe

C:\Windows\System\rcDVjPK.exe

C:\Windows\System\rcDVjPK.exe

C:\Windows\System\UbXUTpa.exe

C:\Windows\System\UbXUTpa.exe

C:\Windows\System\VLPPLiG.exe

C:\Windows\System\VLPPLiG.exe

C:\Windows\System\TYsXovf.exe

C:\Windows\System\TYsXovf.exe

C:\Windows\System\ckVuzzi.exe

C:\Windows\System\ckVuzzi.exe

C:\Windows\System\GprOrxU.exe

C:\Windows\System\GprOrxU.exe

C:\Windows\System\ZdmOxId.exe

C:\Windows\System\ZdmOxId.exe

C:\Windows\System\RlULGsv.exe

C:\Windows\System\RlULGsv.exe

C:\Windows\System\VINIaiq.exe

C:\Windows\System\VINIaiq.exe

C:\Windows\System\jZDubrs.exe

C:\Windows\System\jZDubrs.exe

C:\Windows\System\tsXTkcm.exe

C:\Windows\System\tsXTkcm.exe

C:\Windows\System\gZvFEGc.exe

C:\Windows\System\gZvFEGc.exe

C:\Windows\System\MKIWQMX.exe

C:\Windows\System\MKIWQMX.exe

C:\Windows\System\hkutotr.exe

C:\Windows\System\hkutotr.exe

C:\Windows\System\shaARqa.exe

C:\Windows\System\shaARqa.exe

C:\Windows\System\TgOQCYK.exe

C:\Windows\System\TgOQCYK.exe

C:\Windows\System\YMlwLNP.exe

C:\Windows\System\YMlwLNP.exe

C:\Windows\System\rYOtLGC.exe

C:\Windows\System\rYOtLGC.exe

C:\Windows\System\WcEITVj.exe

C:\Windows\System\WcEITVj.exe

C:\Windows\System\vVwvXQc.exe

C:\Windows\System\vVwvXQc.exe

C:\Windows\System\vFlGWYP.exe

C:\Windows\System\vFlGWYP.exe

C:\Windows\System\LgSTJvz.exe

C:\Windows\System\LgSTJvz.exe

C:\Windows\System\qNtnjyc.exe

C:\Windows\System\qNtnjyc.exe

C:\Windows\System\CQZJbVc.exe

C:\Windows\System\CQZJbVc.exe

C:\Windows\System\ywdbGCy.exe

C:\Windows\System\ywdbGCy.exe

C:\Windows\System\pcSxasL.exe

C:\Windows\System\pcSxasL.exe

C:\Windows\System\NpNZgia.exe

C:\Windows\System\NpNZgia.exe

C:\Windows\System\yhQNEtz.exe

C:\Windows\System\yhQNEtz.exe

C:\Windows\System\TmTaKLc.exe

C:\Windows\System\TmTaKLc.exe

C:\Windows\System\TETsJKH.exe

C:\Windows\System\TETsJKH.exe

C:\Windows\System\vhVEFIP.exe

C:\Windows\System\vhVEFIP.exe

C:\Windows\System\FIyPcsq.exe

C:\Windows\System\FIyPcsq.exe

C:\Windows\System\KJnqWMm.exe

C:\Windows\System\KJnqWMm.exe

C:\Windows\System\EOQDtVK.exe

C:\Windows\System\EOQDtVK.exe

C:\Windows\System\xzBKqps.exe

C:\Windows\System\xzBKqps.exe

C:\Windows\System\KRRVZWu.exe

C:\Windows\System\KRRVZWu.exe

C:\Windows\System\UNDhePH.exe

C:\Windows\System\UNDhePH.exe

C:\Windows\System\TtgUYpa.exe

C:\Windows\System\TtgUYpa.exe

C:\Windows\System\jbUwnuq.exe

C:\Windows\System\jbUwnuq.exe

C:\Windows\System\hqyFCEw.exe

C:\Windows\System\hqyFCEw.exe

C:\Windows\System\yMuKEuF.exe

C:\Windows\System\yMuKEuF.exe

C:\Windows\System\LrEelGD.exe

C:\Windows\System\LrEelGD.exe

C:\Windows\System\SQLyrwT.exe

C:\Windows\System\SQLyrwT.exe

C:\Windows\System\DPvsPkh.exe

C:\Windows\System\DPvsPkh.exe

C:\Windows\System\oCVohhm.exe

C:\Windows\System\oCVohhm.exe

C:\Windows\System\obnpfRZ.exe

C:\Windows\System\obnpfRZ.exe

C:\Windows\System\iamWqpM.exe

C:\Windows\System\iamWqpM.exe

C:\Windows\System\gGQqkaI.exe

C:\Windows\System\gGQqkaI.exe

C:\Windows\System\deTvmpD.exe

C:\Windows\System\deTvmpD.exe

C:\Windows\System\CuUqKQM.exe

C:\Windows\System\CuUqKQM.exe

C:\Windows\System\uFKltfj.exe

C:\Windows\System\uFKltfj.exe

C:\Windows\System\rUGlwXc.exe

C:\Windows\System\rUGlwXc.exe

C:\Windows\System\tOvuWNf.exe

C:\Windows\System\tOvuWNf.exe

C:\Windows\System\UANGmso.exe

C:\Windows\System\UANGmso.exe

C:\Windows\System\vqqqLjl.exe

C:\Windows\System\vqqqLjl.exe

C:\Windows\System\kRjgpXX.exe

C:\Windows\System\kRjgpXX.exe

C:\Windows\System\RzzPPBm.exe

C:\Windows\System\RzzPPBm.exe

C:\Windows\System\gnBSPax.exe

C:\Windows\System\gnBSPax.exe

C:\Windows\System\GZDkbIN.exe

C:\Windows\System\GZDkbIN.exe

C:\Windows\System\jroSPGF.exe

C:\Windows\System\jroSPGF.exe

C:\Windows\System\lcLgPko.exe

C:\Windows\System\lcLgPko.exe

C:\Windows\System\SUkqDFD.exe

C:\Windows\System\SUkqDFD.exe

C:\Windows\System\PIJQXLP.exe

C:\Windows\System\PIJQXLP.exe

C:\Windows\System\EuKveZc.exe

C:\Windows\System\EuKveZc.exe

C:\Windows\System\AXlIomx.exe

C:\Windows\System\AXlIomx.exe

C:\Windows\System\MVmrjWN.exe

C:\Windows\System\MVmrjWN.exe

C:\Windows\System\RLeRTvq.exe

C:\Windows\System\RLeRTvq.exe

C:\Windows\System\AWUrfVB.exe

C:\Windows\System\AWUrfVB.exe

C:\Windows\System\aYwbWOL.exe

C:\Windows\System\aYwbWOL.exe

C:\Windows\System\gDbRMAY.exe

C:\Windows\System\gDbRMAY.exe

C:\Windows\System\knNkUUN.exe

C:\Windows\System\knNkUUN.exe

C:\Windows\System\LXNpuJA.exe

C:\Windows\System\LXNpuJA.exe

C:\Windows\System\nzaZaGB.exe

C:\Windows\System\nzaZaGB.exe

C:\Windows\System\YLdXfPT.exe

C:\Windows\System\YLdXfPT.exe

C:\Windows\System\UBsmHBq.exe

C:\Windows\System\UBsmHBq.exe

C:\Windows\System\KxQsIEu.exe

C:\Windows\System\KxQsIEu.exe

C:\Windows\System\CjgxGpW.exe

C:\Windows\System\CjgxGpW.exe

C:\Windows\System\aXAwOjG.exe

C:\Windows\System\aXAwOjG.exe

C:\Windows\System\JlAgpSP.exe

C:\Windows\System\JlAgpSP.exe

C:\Windows\System\hOwtfbm.exe

C:\Windows\System\hOwtfbm.exe

C:\Windows\System\JOaZDcb.exe

C:\Windows\System\JOaZDcb.exe

C:\Windows\System\NMxZoHQ.exe

C:\Windows\System\NMxZoHQ.exe

C:\Windows\System\oIisPLl.exe

C:\Windows\System\oIisPLl.exe

C:\Windows\System\gIaVBzD.exe

C:\Windows\System\gIaVBzD.exe

C:\Windows\System\eDspAwW.exe

C:\Windows\System\eDspAwW.exe

C:\Windows\System\fIsJzfu.exe

C:\Windows\System\fIsJzfu.exe

C:\Windows\System\iZXkssB.exe

C:\Windows\System\iZXkssB.exe

C:\Windows\System\yYcflgy.exe

C:\Windows\System\yYcflgy.exe

C:\Windows\System\HIdcNxC.exe

C:\Windows\System\HIdcNxC.exe

C:\Windows\System\LfPRqag.exe

C:\Windows\System\LfPRqag.exe

C:\Windows\System\qXDfIxR.exe

C:\Windows\System\qXDfIxR.exe

C:\Windows\System\VfoHPaJ.exe

C:\Windows\System\VfoHPaJ.exe

C:\Windows\System\lsRiKZg.exe

C:\Windows\System\lsRiKZg.exe

C:\Windows\System\ZzIxvEk.exe

C:\Windows\System\ZzIxvEk.exe

C:\Windows\System\VrTFRrX.exe

C:\Windows\System\VrTFRrX.exe

C:\Windows\System\kJitwmf.exe

C:\Windows\System\kJitwmf.exe

C:\Windows\System\KhQEOZl.exe

C:\Windows\System\KhQEOZl.exe

C:\Windows\System\CfpRDLY.exe

C:\Windows\System\CfpRDLY.exe

C:\Windows\System\VBxBwGS.exe

C:\Windows\System\VBxBwGS.exe

C:\Windows\System\VWTrTQM.exe

C:\Windows\System\VWTrTQM.exe

C:\Windows\System\SKGtmYG.exe

C:\Windows\System\SKGtmYG.exe

C:\Windows\System\oQAaRVv.exe

C:\Windows\System\oQAaRVv.exe

C:\Windows\System\NnvCSIo.exe

C:\Windows\System\NnvCSIo.exe

C:\Windows\System\aCUUDgc.exe

C:\Windows\System\aCUUDgc.exe

C:\Windows\System\YQRdDqb.exe

C:\Windows\System\YQRdDqb.exe

C:\Windows\System\fOmrSYC.exe

C:\Windows\System\fOmrSYC.exe

C:\Windows\System\PmcYGTH.exe

C:\Windows\System\PmcYGTH.exe

C:\Windows\System\VsEWLQT.exe

C:\Windows\System\VsEWLQT.exe

C:\Windows\System\cXvAens.exe

C:\Windows\System\cXvAens.exe

C:\Windows\System\tsWFrqe.exe

C:\Windows\System\tsWFrqe.exe

C:\Windows\System\ElWEYtP.exe

C:\Windows\System\ElWEYtP.exe

C:\Windows\System\Fplakeg.exe

C:\Windows\System\Fplakeg.exe

C:\Windows\System\thzOOBL.exe

C:\Windows\System\thzOOBL.exe

C:\Windows\System\xNxHFxR.exe

C:\Windows\System\xNxHFxR.exe

C:\Windows\System\bHuiigb.exe

C:\Windows\System\bHuiigb.exe

C:\Windows\System\StVcByq.exe

C:\Windows\System\StVcByq.exe

C:\Windows\System\jVqCFMr.exe

C:\Windows\System\jVqCFMr.exe

C:\Windows\System\owyCXeL.exe

C:\Windows\System\owyCXeL.exe

C:\Windows\System\KfobRMY.exe

C:\Windows\System\KfobRMY.exe

C:\Windows\System\NDruJRm.exe

C:\Windows\System\NDruJRm.exe

C:\Windows\System\WSnMDrY.exe

C:\Windows\System\WSnMDrY.exe

C:\Windows\System\BwqezfT.exe

C:\Windows\System\BwqezfT.exe

C:\Windows\System\WsIxzsg.exe

C:\Windows\System\WsIxzsg.exe

C:\Windows\System\xxsbXJR.exe

C:\Windows\System\xxsbXJR.exe

C:\Windows\System\IVrKejw.exe

C:\Windows\System\IVrKejw.exe

C:\Windows\System\IyTErDa.exe

C:\Windows\System\IyTErDa.exe

C:\Windows\System\rZmChTp.exe

C:\Windows\System\rZmChTp.exe

C:\Windows\System\lslzhog.exe

C:\Windows\System\lslzhog.exe

C:\Windows\System\OPuSUcg.exe

C:\Windows\System\OPuSUcg.exe

C:\Windows\System\fNRjEMb.exe

C:\Windows\System\fNRjEMb.exe

C:\Windows\System\uTOinXv.exe

C:\Windows\System\uTOinXv.exe

C:\Windows\System\tOnPcPd.exe

C:\Windows\System\tOnPcPd.exe

C:\Windows\System\vXYvyZf.exe

C:\Windows\System\vXYvyZf.exe

C:\Windows\System\POKmwth.exe

C:\Windows\System\POKmwth.exe

C:\Windows\System\OnAhzlH.exe

C:\Windows\System\OnAhzlH.exe

C:\Windows\System\ZOQxhce.exe

C:\Windows\System\ZOQxhce.exe

C:\Windows\System\pueoGJJ.exe

C:\Windows\System\pueoGJJ.exe

C:\Windows\System\gobDBQg.exe

C:\Windows\System\gobDBQg.exe

C:\Windows\System\cXffhRS.exe

C:\Windows\System\cXffhRS.exe

C:\Windows\System\XHBiJaF.exe

C:\Windows\System\XHBiJaF.exe

C:\Windows\System\iLEbpEc.exe

C:\Windows\System\iLEbpEc.exe

C:\Windows\System\zPNowfN.exe

C:\Windows\System\zPNowfN.exe

C:\Windows\System\NLaMiji.exe

C:\Windows\System\NLaMiji.exe

C:\Windows\System\hFHzLct.exe

C:\Windows\System\hFHzLct.exe

C:\Windows\System\sNhqSOn.exe

C:\Windows\System\sNhqSOn.exe

C:\Windows\System\yLcEFAk.exe

C:\Windows\System\yLcEFAk.exe

C:\Windows\System\WUyGLDw.exe

C:\Windows\System\WUyGLDw.exe

C:\Windows\System\AErDgLf.exe

C:\Windows\System\AErDgLf.exe

C:\Windows\System\UEKMLdQ.exe

C:\Windows\System\UEKMLdQ.exe

C:\Windows\System\REzhgxS.exe

C:\Windows\System\REzhgxS.exe

C:\Windows\System\ADplzTh.exe

C:\Windows\System\ADplzTh.exe

C:\Windows\System\nBkyfiA.exe

C:\Windows\System\nBkyfiA.exe

C:\Windows\System\gNKebyx.exe

C:\Windows\System\gNKebyx.exe

C:\Windows\System\IGTBvZW.exe

C:\Windows\System\IGTBvZW.exe

C:\Windows\System\NWnGrnw.exe

C:\Windows\System\NWnGrnw.exe

C:\Windows\System\PyEsTrW.exe

C:\Windows\System\PyEsTrW.exe

C:\Windows\System\NNzSzhT.exe

C:\Windows\System\NNzSzhT.exe

C:\Windows\System\svwHVtB.exe

C:\Windows\System\svwHVtB.exe

C:\Windows\System\zAlAubo.exe

C:\Windows\System\zAlAubo.exe

C:\Windows\System\czYnPbH.exe

C:\Windows\System\czYnPbH.exe

C:\Windows\System\HlLROsU.exe

C:\Windows\System\HlLROsU.exe

C:\Windows\System\nKWybeM.exe

C:\Windows\System\nKWybeM.exe

C:\Windows\System\aHHjthV.exe

C:\Windows\System\aHHjthV.exe

C:\Windows\System\jVMsXCP.exe

C:\Windows\System\jVMsXCP.exe

C:\Windows\System\mfuNGJW.exe

C:\Windows\System\mfuNGJW.exe

C:\Windows\System\CDWSdTT.exe

C:\Windows\System\CDWSdTT.exe

C:\Windows\System\LwmXCrL.exe

C:\Windows\System\LwmXCrL.exe

C:\Windows\System\NnMdEms.exe

C:\Windows\System\NnMdEms.exe

C:\Windows\System\rWmkcYA.exe

C:\Windows\System\rWmkcYA.exe

C:\Windows\System\zQHrcQE.exe

C:\Windows\System\zQHrcQE.exe

C:\Windows\System\eEmDIRL.exe

C:\Windows\System\eEmDIRL.exe

C:\Windows\System\SPRkJWL.exe

C:\Windows\System\SPRkJWL.exe

C:\Windows\System\mmlknSh.exe

C:\Windows\System\mmlknSh.exe

C:\Windows\System\EGnCyVH.exe

C:\Windows\System\EGnCyVH.exe

C:\Windows\System\CWeiTmR.exe

C:\Windows\System\CWeiTmR.exe

C:\Windows\System\jvrLcNv.exe

C:\Windows\System\jvrLcNv.exe

C:\Windows\System\GgJysUj.exe

C:\Windows\System\GgJysUj.exe

C:\Windows\System\AXzRNyQ.exe

C:\Windows\System\AXzRNyQ.exe

C:\Windows\System\aKvczEw.exe

C:\Windows\System\aKvczEw.exe

C:\Windows\System\IJsYHua.exe

C:\Windows\System\IJsYHua.exe

C:\Windows\System\onchcjp.exe

C:\Windows\System\onchcjp.exe

C:\Windows\System\wgMVgai.exe

C:\Windows\System\wgMVgai.exe

C:\Windows\System\NCSjIlR.exe

C:\Windows\System\NCSjIlR.exe

C:\Windows\System\DOAXjmO.exe

C:\Windows\System\DOAXjmO.exe

C:\Windows\System\RZiDLAC.exe

C:\Windows\System\RZiDLAC.exe

C:\Windows\System\awPddFC.exe

C:\Windows\System\awPddFC.exe

C:\Windows\System\DbLXhgv.exe

C:\Windows\System\DbLXhgv.exe

C:\Windows\System\eeAYcgH.exe

C:\Windows\System\eeAYcgH.exe

C:\Windows\System\StETijZ.exe

C:\Windows\System\StETijZ.exe

C:\Windows\System\UkYOmDJ.exe

C:\Windows\System\UkYOmDJ.exe

C:\Windows\System\KlWwgDi.exe

C:\Windows\System\KlWwgDi.exe

C:\Windows\System\ICuRsjx.exe

C:\Windows\System\ICuRsjx.exe

C:\Windows\System\VIUtkgf.exe

C:\Windows\System\VIUtkgf.exe

C:\Windows\System\dfhyXXy.exe

C:\Windows\System\dfhyXXy.exe

C:\Windows\System\HHlcRGj.exe

C:\Windows\System\HHlcRGj.exe

C:\Windows\System\EASmXmE.exe

C:\Windows\System\EASmXmE.exe

C:\Windows\System\XhPjPwJ.exe

C:\Windows\System\XhPjPwJ.exe

C:\Windows\System\UGLhXMp.exe

C:\Windows\System\UGLhXMp.exe

C:\Windows\System\jujHHPv.exe

C:\Windows\System\jujHHPv.exe

C:\Windows\System\MORfgmE.exe

C:\Windows\System\MORfgmE.exe

C:\Windows\System\RxgNRDx.exe

C:\Windows\System\RxgNRDx.exe

C:\Windows\System\onQHsCT.exe

C:\Windows\System\onQHsCT.exe

C:\Windows\System\ZRMpuMT.exe

C:\Windows\System\ZRMpuMT.exe

C:\Windows\System\IQPUvem.exe

C:\Windows\System\IQPUvem.exe

C:\Windows\System\CmBkYnU.exe

C:\Windows\System\CmBkYnU.exe

C:\Windows\System\mHjHNCI.exe

C:\Windows\System\mHjHNCI.exe

C:\Windows\System\QjRPLsy.exe

C:\Windows\System\QjRPLsy.exe

C:\Windows\System\tgRrPEl.exe

C:\Windows\System\tgRrPEl.exe

C:\Windows\System\XFSaAGD.exe

C:\Windows\System\XFSaAGD.exe

C:\Windows\System\mJcHUuS.exe

C:\Windows\System\mJcHUuS.exe

C:\Windows\System\VUEVVbe.exe

C:\Windows\System\VUEVVbe.exe

C:\Windows\System\QkJwBfG.exe

C:\Windows\System\QkJwBfG.exe

C:\Windows\System\dDlPPXH.exe

C:\Windows\System\dDlPPXH.exe

C:\Windows\System\wAoKQfN.exe

C:\Windows\System\wAoKQfN.exe

C:\Windows\System\esTNKmj.exe

C:\Windows\System\esTNKmj.exe

C:\Windows\System\yzTrTHO.exe

C:\Windows\System\yzTrTHO.exe

C:\Windows\System\bbmavPJ.exe

C:\Windows\System\bbmavPJ.exe

C:\Windows\System\IrUshRe.exe

C:\Windows\System\IrUshRe.exe

C:\Windows\System\IqBnJvb.exe

C:\Windows\System\IqBnJvb.exe

C:\Windows\System\wZoYBYV.exe

C:\Windows\System\wZoYBYV.exe

C:\Windows\System\VJBethL.exe

C:\Windows\System\VJBethL.exe

C:\Windows\System\kgaSatC.exe

C:\Windows\System\kgaSatC.exe

C:\Windows\System\YXkAkPH.exe

C:\Windows\System\YXkAkPH.exe

C:\Windows\System\xhQcRHg.exe

C:\Windows\System\xhQcRHg.exe

C:\Windows\System\NaZbdCr.exe

C:\Windows\System\NaZbdCr.exe

C:\Windows\System\jAELQRD.exe

C:\Windows\System\jAELQRD.exe

C:\Windows\System\puDVJLv.exe

C:\Windows\System\puDVJLv.exe

C:\Windows\System\MHqFkuQ.exe

C:\Windows\System\MHqFkuQ.exe

C:\Windows\System\eSZhkvV.exe

C:\Windows\System\eSZhkvV.exe

C:\Windows\System\VTaPPIk.exe

C:\Windows\System\VTaPPIk.exe

C:\Windows\System\XVZsHzQ.exe

C:\Windows\System\XVZsHzQ.exe

C:\Windows\System\hFnzwfP.exe

C:\Windows\System\hFnzwfP.exe

C:\Windows\System\TjpqJNu.exe

C:\Windows\System\TjpqJNu.exe

C:\Windows\System\GsNzXHE.exe

C:\Windows\System\GsNzXHE.exe

C:\Windows\System\meWUwRw.exe

C:\Windows\System\meWUwRw.exe

C:\Windows\System\xNmeHXS.exe

C:\Windows\System\xNmeHXS.exe

C:\Windows\System\EAPnhBs.exe

C:\Windows\System\EAPnhBs.exe

C:\Windows\System\XBzxVLY.exe

C:\Windows\System\XBzxVLY.exe

C:\Windows\System\jqGUjQV.exe

C:\Windows\System\jqGUjQV.exe

C:\Windows\System\rDMyXGL.exe

C:\Windows\System\rDMyXGL.exe

C:\Windows\System\YQJFqaP.exe

C:\Windows\System\YQJFqaP.exe

C:\Windows\System\FAUticl.exe

C:\Windows\System\FAUticl.exe

C:\Windows\System\qRKBLnM.exe

C:\Windows\System\qRKBLnM.exe

C:\Windows\System\BEIimKc.exe

C:\Windows\System\BEIimKc.exe

C:\Windows\System\BgfPNHZ.exe

C:\Windows\System\BgfPNHZ.exe

C:\Windows\System\xdstvAm.exe

C:\Windows\System\xdstvAm.exe

C:\Windows\System\CQUXxfM.exe

C:\Windows\System\CQUXxfM.exe

C:\Windows\System\uKAFtuO.exe

C:\Windows\System\uKAFtuO.exe

C:\Windows\System\EhyERLM.exe

C:\Windows\System\EhyERLM.exe

C:\Windows\System\KKXsTnj.exe

C:\Windows\System\KKXsTnj.exe

C:\Windows\System\lHkObtT.exe

C:\Windows\System\lHkObtT.exe

C:\Windows\System\rOolSsz.exe

C:\Windows\System\rOolSsz.exe

C:\Windows\System\vEAteLo.exe

C:\Windows\System\vEAteLo.exe

C:\Windows\System\JzbbQGo.exe

C:\Windows\System\JzbbQGo.exe

C:\Windows\System\tMaJJkw.exe

C:\Windows\System\tMaJJkw.exe

C:\Windows\System\PcisBrW.exe

C:\Windows\System\PcisBrW.exe

C:\Windows\System\dVNiafu.exe

C:\Windows\System\dVNiafu.exe

C:\Windows\System\rRclyur.exe

C:\Windows\System\rRclyur.exe

C:\Windows\System\PUqzLXY.exe

C:\Windows\System\PUqzLXY.exe

C:\Windows\System\HyShuyg.exe

C:\Windows\System\HyShuyg.exe

C:\Windows\System\vZHOtkJ.exe

C:\Windows\System\vZHOtkJ.exe

C:\Windows\System\aKupNLu.exe

C:\Windows\System\aKupNLu.exe

C:\Windows\System\TgGApVK.exe

C:\Windows\System\TgGApVK.exe

C:\Windows\System\hahmOuy.exe

C:\Windows\System\hahmOuy.exe

C:\Windows\System\idMDrHh.exe

C:\Windows\System\idMDrHh.exe

C:\Windows\System\udefHck.exe

C:\Windows\System\udefHck.exe

C:\Windows\System\IoQtbej.exe

C:\Windows\System\IoQtbej.exe

C:\Windows\System\zzAlGSK.exe

C:\Windows\System\zzAlGSK.exe

C:\Windows\System\hYpNZOC.exe

C:\Windows\System\hYpNZOC.exe

C:\Windows\System\DQkutzE.exe

C:\Windows\System\DQkutzE.exe

C:\Windows\System\HbzjGyB.exe

C:\Windows\System\HbzjGyB.exe

C:\Windows\System\zcJRlyZ.exe

C:\Windows\System\zcJRlyZ.exe

C:\Windows\System\wWhHBwT.exe

C:\Windows\System\wWhHBwT.exe

C:\Windows\System\dkIiHFi.exe

C:\Windows\System\dkIiHFi.exe

C:\Windows\System\RuNyGtB.exe

C:\Windows\System\RuNyGtB.exe

C:\Windows\System\CKawyUE.exe

C:\Windows\System\CKawyUE.exe

C:\Windows\System\VtTZhFs.exe

C:\Windows\System\VtTZhFs.exe

C:\Windows\System\AywRTbp.exe

C:\Windows\System\AywRTbp.exe

C:\Windows\System\TrWZbbj.exe

C:\Windows\System\TrWZbbj.exe

C:\Windows\System\mZcqCWI.exe

C:\Windows\System\mZcqCWI.exe

C:\Windows\System\fFrMjdR.exe

C:\Windows\System\fFrMjdR.exe

C:\Windows\System\DStTYJd.exe

C:\Windows\System\DStTYJd.exe

C:\Windows\System\hWNJaCT.exe

C:\Windows\System\hWNJaCT.exe

C:\Windows\System\caEhLWu.exe

C:\Windows\System\caEhLWu.exe

C:\Windows\System\YvABNOt.exe

C:\Windows\System\YvABNOt.exe

C:\Windows\System\GFWcpfA.exe

C:\Windows\System\GFWcpfA.exe

C:\Windows\System\chWvbAR.exe

C:\Windows\System\chWvbAR.exe

C:\Windows\System\nEXayBR.exe

C:\Windows\System\nEXayBR.exe

C:\Windows\System\oUUWjmz.exe

C:\Windows\System\oUUWjmz.exe

C:\Windows\System\NpqzGAM.exe

C:\Windows\System\NpqzGAM.exe

C:\Windows\System\tWBeIfy.exe

C:\Windows\System\tWBeIfy.exe

C:\Windows\System\xsHtdWE.exe

C:\Windows\System\xsHtdWE.exe

C:\Windows\System\ZvRUORm.exe

C:\Windows\System\ZvRUORm.exe

C:\Windows\System\WbQDJgE.exe

C:\Windows\System\WbQDJgE.exe

C:\Windows\System\zEkZZXA.exe

C:\Windows\System\zEkZZXA.exe

C:\Windows\System\qvvzsrs.exe

C:\Windows\System\qvvzsrs.exe

C:\Windows\System\NGCAUMQ.exe

C:\Windows\System\NGCAUMQ.exe

C:\Windows\System\kYDvwsm.exe

C:\Windows\System\kYDvwsm.exe

C:\Windows\System\LmxbsrY.exe

C:\Windows\System\LmxbsrY.exe

C:\Windows\System\Eagbzxf.exe

C:\Windows\System\Eagbzxf.exe

C:\Windows\System\kFWWtFZ.exe

C:\Windows\System\kFWWtFZ.exe

C:\Windows\System\YIJWqwe.exe

C:\Windows\System\YIJWqwe.exe

C:\Windows\System\bhDBtqb.exe

C:\Windows\System\bhDBtqb.exe

C:\Windows\System\vffDlaH.exe

C:\Windows\System\vffDlaH.exe

C:\Windows\System\vRPhHyU.exe

C:\Windows\System\vRPhHyU.exe

C:\Windows\System\yLCeIHQ.exe

C:\Windows\System\yLCeIHQ.exe

C:\Windows\System\zksGyMN.exe

C:\Windows\System\zksGyMN.exe

C:\Windows\System\dVMxKbw.exe

C:\Windows\System\dVMxKbw.exe

C:\Windows\System\NTihrYY.exe

C:\Windows\System\NTihrYY.exe

C:\Windows\System\sPXGamm.exe

C:\Windows\System\sPXGamm.exe

C:\Windows\System\fdrjmRt.exe

C:\Windows\System\fdrjmRt.exe

C:\Windows\System\CvewqdO.exe

C:\Windows\System\CvewqdO.exe

C:\Windows\System\BupimJq.exe

C:\Windows\System\BupimJq.exe

C:\Windows\System\ZzUrLhn.exe

C:\Windows\System\ZzUrLhn.exe

C:\Windows\System\IbDMUKK.exe

C:\Windows\System\IbDMUKK.exe

C:\Windows\System\fIFFVkd.exe

C:\Windows\System\fIFFVkd.exe

C:\Windows\System\EZhKYIC.exe

C:\Windows\System\EZhKYIC.exe

C:\Windows\System\PuUllfQ.exe

C:\Windows\System\PuUllfQ.exe

C:\Windows\System\DlnODVN.exe

C:\Windows\System\DlnODVN.exe

C:\Windows\System\oYTFqru.exe

C:\Windows\System\oYTFqru.exe

C:\Windows\System\fPMYMxx.exe

C:\Windows\System\fPMYMxx.exe

C:\Windows\System\fVYXCWr.exe

C:\Windows\System\fVYXCWr.exe

C:\Windows\System\Lalxonx.exe

C:\Windows\System\Lalxonx.exe

C:\Windows\System\FauPSaT.exe

C:\Windows\System\FauPSaT.exe

C:\Windows\System\BsbJYZn.exe

C:\Windows\System\BsbJYZn.exe

C:\Windows\System\BjfrXEz.exe

C:\Windows\System\BjfrXEz.exe

C:\Windows\System\rRVAPzi.exe

C:\Windows\System\rRVAPzi.exe

C:\Windows\System\aKermZY.exe

C:\Windows\System\aKermZY.exe

C:\Windows\System\gabPcal.exe

C:\Windows\System\gabPcal.exe

C:\Windows\System\YtMDkDL.exe

C:\Windows\System\YtMDkDL.exe

C:\Windows\System\coBzuKs.exe

C:\Windows\System\coBzuKs.exe

C:\Windows\System\apSLaSg.exe

C:\Windows\System\apSLaSg.exe

C:\Windows\System\AjiewCu.exe

C:\Windows\System\AjiewCu.exe

C:\Windows\System\caKcIHD.exe

C:\Windows\System\caKcIHD.exe

C:\Windows\System\IdamKMD.exe

C:\Windows\System\IdamKMD.exe

C:\Windows\System\WpbgqYt.exe

C:\Windows\System\WpbgqYt.exe

C:\Windows\System\mHaWyyE.exe

C:\Windows\System\mHaWyyE.exe

C:\Windows\System\wLrIUEI.exe

C:\Windows\System\wLrIUEI.exe

C:\Windows\System\vwvBLVo.exe

C:\Windows\System\vwvBLVo.exe

C:\Windows\System\UmcABVz.exe

C:\Windows\System\UmcABVz.exe

C:\Windows\System\EWuLDQg.exe

C:\Windows\System\EWuLDQg.exe

C:\Windows\System\NYOFVZV.exe

C:\Windows\System\NYOFVZV.exe

C:\Windows\System\UpUhFTZ.exe

C:\Windows\System\UpUhFTZ.exe

C:\Windows\System\bcLGprS.exe

C:\Windows\System\bcLGprS.exe

C:\Windows\System\lArXubZ.exe

C:\Windows\System\lArXubZ.exe

C:\Windows\System\WwGBwSy.exe

C:\Windows\System\WwGBwSy.exe

C:\Windows\System\rPTlLga.exe

C:\Windows\System\rPTlLga.exe

C:\Windows\System\bdhhXtS.exe

C:\Windows\System\bdhhXtS.exe

C:\Windows\System\WbqvZDu.exe

C:\Windows\System\WbqvZDu.exe

C:\Windows\System\YCMKIPh.exe

C:\Windows\System\YCMKIPh.exe

C:\Windows\System\wilysqB.exe

C:\Windows\System\wilysqB.exe

C:\Windows\System\CEbeGaK.exe

C:\Windows\System\CEbeGaK.exe

C:\Windows\System\kGuvMJa.exe

C:\Windows\System\kGuvMJa.exe

C:\Windows\System\kwnnBNq.exe

C:\Windows\System\kwnnBNq.exe

C:\Windows\System\xmpUuHp.exe

C:\Windows\System\xmpUuHp.exe

C:\Windows\System\gDtqIum.exe

C:\Windows\System\gDtqIum.exe

C:\Windows\System\bTZvWYR.exe

C:\Windows\System\bTZvWYR.exe

C:\Windows\System\HUInCaJ.exe

C:\Windows\System\HUInCaJ.exe

C:\Windows\System\WKsOUMN.exe

C:\Windows\System\WKsOUMN.exe

C:\Windows\System\sSKxOdc.exe

C:\Windows\System\sSKxOdc.exe

C:\Windows\System\rlyBvbv.exe

C:\Windows\System\rlyBvbv.exe

C:\Windows\System\RytfFJq.exe

C:\Windows\System\RytfFJq.exe

C:\Windows\System\VSNkfRl.exe

C:\Windows\System\VSNkfRl.exe

C:\Windows\System\WZxIYMR.exe

C:\Windows\System\WZxIYMR.exe

C:\Windows\System\ogYpaCM.exe

C:\Windows\System\ogYpaCM.exe

C:\Windows\System\aQccPLP.exe

C:\Windows\System\aQccPLP.exe

C:\Windows\System\OOsVnNX.exe

C:\Windows\System\OOsVnNX.exe

C:\Windows\System\toMBaAX.exe

C:\Windows\System\toMBaAX.exe

C:\Windows\System\UWranMU.exe

C:\Windows\System\UWranMU.exe

C:\Windows\System\iNcWXiZ.exe

C:\Windows\System\iNcWXiZ.exe

C:\Windows\System\tQomxwK.exe

C:\Windows\System\tQomxwK.exe

C:\Windows\System\AhbLDNL.exe

C:\Windows\System\AhbLDNL.exe

C:\Windows\System\cZFjKBp.exe

C:\Windows\System\cZFjKBp.exe

C:\Windows\System\kBgZMKp.exe

C:\Windows\System\kBgZMKp.exe

C:\Windows\System\ekRGYRA.exe

C:\Windows\System\ekRGYRA.exe

C:\Windows\System\UQOpGSy.exe

C:\Windows\System\UQOpGSy.exe

C:\Windows\System\zzKyreI.exe

C:\Windows\System\zzKyreI.exe

C:\Windows\System\LiFhAYh.exe

C:\Windows\System\LiFhAYh.exe

C:\Windows\System\FEQrvhS.exe

C:\Windows\System\FEQrvhS.exe

C:\Windows\System\WpxlFNh.exe

C:\Windows\System\WpxlFNh.exe

C:\Windows\System\TZZuHea.exe

C:\Windows\System\TZZuHea.exe

C:\Windows\System\COXtuPv.exe

C:\Windows\System\COXtuPv.exe

C:\Windows\System\wZbDmLU.exe

C:\Windows\System\wZbDmLU.exe

C:\Windows\System\GMvsalL.exe

C:\Windows\System\GMvsalL.exe

C:\Windows\System\OdEEJGd.exe

C:\Windows\System\OdEEJGd.exe

C:\Windows\System\zXsVobV.exe

C:\Windows\System\zXsVobV.exe

C:\Windows\System\ogvfESW.exe

C:\Windows\System\ogvfESW.exe

C:\Windows\System\CwBJwHY.exe

C:\Windows\System\CwBJwHY.exe

C:\Windows\System\nCfsIDn.exe

C:\Windows\System\nCfsIDn.exe

C:\Windows\System\xwCXIbb.exe

C:\Windows\System\xwCXIbb.exe

C:\Windows\System\BwUpPPR.exe

C:\Windows\System\BwUpPPR.exe

C:\Windows\System\pzeeGby.exe

C:\Windows\System\pzeeGby.exe

C:\Windows\System\HrjwhLx.exe

C:\Windows\System\HrjwhLx.exe

C:\Windows\System\JMWKOGk.exe

C:\Windows\System\JMWKOGk.exe

C:\Windows\System\cIZmhcU.exe

C:\Windows\System\cIZmhcU.exe

C:\Windows\System\HOjTgkA.exe

C:\Windows\System\HOjTgkA.exe

C:\Windows\System\ZquXzTg.exe

C:\Windows\System\ZquXzTg.exe

C:\Windows\System\mgPffmv.exe

C:\Windows\System\mgPffmv.exe

C:\Windows\System\RNMEnri.exe

C:\Windows\System\RNMEnri.exe

C:\Windows\System\murRrnR.exe

C:\Windows\System\murRrnR.exe

C:\Windows\System\lUeiluA.exe

C:\Windows\System\lUeiluA.exe

C:\Windows\System\pULOqDE.exe

C:\Windows\System\pULOqDE.exe

C:\Windows\System\dyQNfUH.exe

C:\Windows\System\dyQNfUH.exe

C:\Windows\System\ZNiwlfU.exe

C:\Windows\System\ZNiwlfU.exe

C:\Windows\System\jdJdfQG.exe

C:\Windows\System\jdJdfQG.exe

C:\Windows\System\AOJvXfM.exe

C:\Windows\System\AOJvXfM.exe

C:\Windows\System\ziKYwFZ.exe

C:\Windows\System\ziKYwFZ.exe

C:\Windows\System\djAUTQs.exe

C:\Windows\System\djAUTQs.exe

C:\Windows\System\LvtoUbK.exe

C:\Windows\System\LvtoUbK.exe

C:\Windows\System\vNjHtgp.exe

C:\Windows\System\vNjHtgp.exe

C:\Windows\System\qsvHGIK.exe

C:\Windows\System\qsvHGIK.exe

C:\Windows\System\eYGEnQX.exe

C:\Windows\System\eYGEnQX.exe

C:\Windows\System\DvpyWRd.exe

C:\Windows\System\DvpyWRd.exe

C:\Windows\System\wFRDKHv.exe

C:\Windows\System\wFRDKHv.exe

C:\Windows\System\OBjYNIy.exe

C:\Windows\System\OBjYNIy.exe

C:\Windows\System\zceDZBX.exe

C:\Windows\System\zceDZBX.exe

C:\Windows\System\BFuelDG.exe

C:\Windows\System\BFuelDG.exe

C:\Windows\System\FWVDFZz.exe

C:\Windows\System\FWVDFZz.exe

C:\Windows\System\TCLvkpA.exe

C:\Windows\System\TCLvkpA.exe

C:\Windows\System\nljBdXq.exe

C:\Windows\System\nljBdXq.exe

C:\Windows\System\NWxVnkj.exe

C:\Windows\System\NWxVnkj.exe

C:\Windows\System\qCiuDfm.exe

C:\Windows\System\qCiuDfm.exe

C:\Windows\System\oGHKciB.exe

C:\Windows\System\oGHKciB.exe

C:\Windows\System\sqCcUzE.exe

C:\Windows\System\sqCcUzE.exe

C:\Windows\System\fJrzZHB.exe

C:\Windows\System\fJrzZHB.exe

C:\Windows\System\eSTeUvB.exe

C:\Windows\System\eSTeUvB.exe

C:\Windows\System\hqseOAC.exe

C:\Windows\System\hqseOAC.exe

C:\Windows\System\grroaMC.exe

C:\Windows\System\grroaMC.exe

C:\Windows\System\TebfDjJ.exe

C:\Windows\System\TebfDjJ.exe

C:\Windows\System\VtmcbVZ.exe

C:\Windows\System\VtmcbVZ.exe

C:\Windows\System\YqIybQK.exe

C:\Windows\System\YqIybQK.exe

C:\Windows\System\zhotupj.exe

C:\Windows\System\zhotupj.exe

C:\Windows\System\ZpWdWqd.exe

C:\Windows\System\ZpWdWqd.exe

C:\Windows\System\FRWpEKV.exe

C:\Windows\System\FRWpEKV.exe

C:\Windows\System\cFVTGDb.exe

C:\Windows\System\cFVTGDb.exe

C:\Windows\System\mHnNusH.exe

C:\Windows\System\mHnNusH.exe

C:\Windows\System\StcBubX.exe

C:\Windows\System\StcBubX.exe

C:\Windows\System\RMzexEN.exe

C:\Windows\System\RMzexEN.exe

C:\Windows\System\lqMVwEJ.exe

C:\Windows\System\lqMVwEJ.exe

C:\Windows\System\yCpYaub.exe

C:\Windows\System\yCpYaub.exe

C:\Windows\System\mttEbiy.exe

C:\Windows\System\mttEbiy.exe

C:\Windows\System\goLzREp.exe

C:\Windows\System\goLzREp.exe

C:\Windows\System\rOXvmam.exe

C:\Windows\System\rOXvmam.exe

C:\Windows\System\YJCEebs.exe

C:\Windows\System\YJCEebs.exe

C:\Windows\System\acaSnYP.exe

C:\Windows\System\acaSnYP.exe

C:\Windows\System\CrpqGKP.exe

C:\Windows\System\CrpqGKP.exe

C:\Windows\System\LIAniBg.exe

C:\Windows\System\LIAniBg.exe

C:\Windows\System\dYdYhuB.exe

C:\Windows\System\dYdYhuB.exe

C:\Windows\System\JZThIdh.exe

C:\Windows\System\JZThIdh.exe

C:\Windows\System\CUgWLMN.exe

C:\Windows\System\CUgWLMN.exe

C:\Windows\System\fEaMbXP.exe

C:\Windows\System\fEaMbXP.exe

C:\Windows\System\aZNXPcz.exe

C:\Windows\System\aZNXPcz.exe

C:\Windows\System\oWjPSNF.exe

C:\Windows\System\oWjPSNF.exe

C:\Windows\System\augAXpQ.exe

C:\Windows\System\augAXpQ.exe

C:\Windows\System\HVAtkqe.exe

C:\Windows\System\HVAtkqe.exe

C:\Windows\System\xZQeBYZ.exe

C:\Windows\System\xZQeBYZ.exe

C:\Windows\System\jJlXELu.exe

C:\Windows\System\jJlXELu.exe

C:\Windows\System\JWNFquQ.exe

C:\Windows\System\JWNFquQ.exe

C:\Windows\System\elfDqFd.exe

C:\Windows\System\elfDqFd.exe

C:\Windows\System\UtFQmld.exe

C:\Windows\System\UtFQmld.exe

C:\Windows\System\FzLfLQc.exe

C:\Windows\System\FzLfLQc.exe

C:\Windows\System\WHeYEvC.exe

C:\Windows\System\WHeYEvC.exe

C:\Windows\System\oFvuavv.exe

C:\Windows\System\oFvuavv.exe

C:\Windows\System\snuQrGt.exe

C:\Windows\System\snuQrGt.exe

C:\Windows\System\FjfEgoR.exe

C:\Windows\System\FjfEgoR.exe

C:\Windows\System\SMnYxYH.exe

C:\Windows\System\SMnYxYH.exe

C:\Windows\System\tunjGea.exe

C:\Windows\System\tunjGea.exe

C:\Windows\System\EXIQKyg.exe

C:\Windows\System\EXIQKyg.exe

C:\Windows\System\EfUuskF.exe

C:\Windows\System\EfUuskF.exe

C:\Windows\System\XlLfviY.exe

C:\Windows\System\XlLfviY.exe

C:\Windows\System\Bhtrczc.exe

C:\Windows\System\Bhtrczc.exe

C:\Windows\System\gvAkTPz.exe

C:\Windows\System\gvAkTPz.exe

C:\Windows\System\CbtmuqO.exe

C:\Windows\System\CbtmuqO.exe

C:\Windows\System\oAUxsuh.exe

C:\Windows\System\oAUxsuh.exe

C:\Windows\System\WuhKYvu.exe

C:\Windows\System\WuhKYvu.exe

C:\Windows\System\ztuAVUX.exe

C:\Windows\System\ztuAVUX.exe

C:\Windows\System\foQMVnC.exe

C:\Windows\System\foQMVnC.exe

C:\Windows\System\BcDVAEM.exe

C:\Windows\System\BcDVAEM.exe

C:\Windows\System\sXiWErW.exe

C:\Windows\System\sXiWErW.exe

C:\Windows\System\khnmQXo.exe

C:\Windows\System\khnmQXo.exe

C:\Windows\System\boEiYPN.exe

C:\Windows\System\boEiYPN.exe

C:\Windows\System\RynrWji.exe

C:\Windows\System\RynrWji.exe

C:\Windows\System\KIftZRL.exe

C:\Windows\System\KIftZRL.exe

C:\Windows\System\URNdeJE.exe

C:\Windows\System\URNdeJE.exe

C:\Windows\System\BAdAdJe.exe

C:\Windows\System\BAdAdJe.exe

C:\Windows\System\SEPKCeL.exe

C:\Windows\System\SEPKCeL.exe

C:\Windows\System\tBDZigj.exe

C:\Windows\System\tBDZigj.exe

C:\Windows\System\YWdlcCZ.exe

C:\Windows\System\YWdlcCZ.exe

C:\Windows\System\zRfPmvn.exe

C:\Windows\System\zRfPmvn.exe

C:\Windows\System\NNCgYxh.exe

C:\Windows\System\NNCgYxh.exe

C:\Windows\System\pvNSTzi.exe

C:\Windows\System\pvNSTzi.exe

C:\Windows\System\McBlZEd.exe

C:\Windows\System\McBlZEd.exe

C:\Windows\System\VOChOgZ.exe

C:\Windows\System\VOChOgZ.exe

C:\Windows\System\VCieGyr.exe

C:\Windows\System\VCieGyr.exe

C:\Windows\System\adRVsoK.exe

C:\Windows\System\adRVsoK.exe

C:\Windows\System\zXxqZtT.exe

C:\Windows\System\zXxqZtT.exe

C:\Windows\System\ErGeAiN.exe

C:\Windows\System\ErGeAiN.exe

C:\Windows\System\TMshefO.exe

C:\Windows\System\TMshefO.exe

C:\Windows\System\tbVZmMI.exe

C:\Windows\System\tbVZmMI.exe

C:\Windows\System\oFzaNbu.exe

C:\Windows\System\oFzaNbu.exe

C:\Windows\System\TtjSQmI.exe

C:\Windows\System\TtjSQmI.exe

C:\Windows\System\TvkJtlx.exe

C:\Windows\System\TvkJtlx.exe

C:\Windows\System\LXKMtJd.exe

C:\Windows\System\LXKMtJd.exe

C:\Windows\System\OsFYAgr.exe

C:\Windows\System\OsFYAgr.exe

C:\Windows\System\uHyrpwN.exe

C:\Windows\System\uHyrpwN.exe

C:\Windows\System\wZMEshH.exe

C:\Windows\System\wZMEshH.exe

C:\Windows\System\tNhhMaO.exe

C:\Windows\System\tNhhMaO.exe

C:\Windows\System\BTXXJNs.exe

C:\Windows\System\BTXXJNs.exe

C:\Windows\System\vtzaQfz.exe

C:\Windows\System\vtzaQfz.exe

C:\Windows\System\AYwBAjj.exe

C:\Windows\System\AYwBAjj.exe

C:\Windows\System\PZNiPhf.exe

C:\Windows\System\PZNiPhf.exe

C:\Windows\System\dqpWHVu.exe

C:\Windows\System\dqpWHVu.exe

C:\Windows\System\uYpNnOk.exe

C:\Windows\System\uYpNnOk.exe

C:\Windows\System\jYMkXib.exe

C:\Windows\System\jYMkXib.exe

C:\Windows\System\SDTqVzU.exe

C:\Windows\System\SDTqVzU.exe

C:\Windows\System\htuEGKc.exe

C:\Windows\System\htuEGKc.exe

C:\Windows\System\EQrgtTe.exe

C:\Windows\System\EQrgtTe.exe

C:\Windows\System\Ulbjuap.exe

C:\Windows\System\Ulbjuap.exe

C:\Windows\System\HxgYGfd.exe

C:\Windows\System\HxgYGfd.exe

C:\Windows\System\ygLngrr.exe

C:\Windows\System\ygLngrr.exe

C:\Windows\System\wQakjGu.exe

C:\Windows\System\wQakjGu.exe

C:\Windows\System\ADTDmbx.exe

C:\Windows\System\ADTDmbx.exe

C:\Windows\System\NCfKfNm.exe

C:\Windows\System\NCfKfNm.exe

C:\Windows\System\AbnLKwG.exe

C:\Windows\System\AbnLKwG.exe

C:\Windows\System\Jrkqhuz.exe

C:\Windows\System\Jrkqhuz.exe

C:\Windows\System\zmrOxrW.exe

C:\Windows\System\zmrOxrW.exe

C:\Windows\System\rOeMNLr.exe

C:\Windows\System\rOeMNLr.exe

C:\Windows\System\KSuANnt.exe

C:\Windows\System\KSuANnt.exe

C:\Windows\System\aOHrCuq.exe

C:\Windows\System\aOHrCuq.exe

C:\Windows\System\VDvxtFf.exe

C:\Windows\System\VDvxtFf.exe

C:\Windows\System\GdsuMHl.exe

C:\Windows\System\GdsuMHl.exe

C:\Windows\System\QUmvoNp.exe

C:\Windows\System\QUmvoNp.exe

C:\Windows\System\tLLPmdD.exe

C:\Windows\System\tLLPmdD.exe

C:\Windows\System\oRgQjpx.exe

C:\Windows\System\oRgQjpx.exe

C:\Windows\System\nfQVqNU.exe

C:\Windows\System\nfQVqNU.exe

C:\Windows\System\sgNtjNp.exe

C:\Windows\System\sgNtjNp.exe

C:\Windows\System\TkLqODD.exe

C:\Windows\System\TkLqODD.exe

C:\Windows\System\MjiSjlN.exe

C:\Windows\System\MjiSjlN.exe

C:\Windows\System\YxaXyIa.exe

C:\Windows\System\YxaXyIa.exe

C:\Windows\System\EEXqgtY.exe

C:\Windows\System\EEXqgtY.exe

C:\Windows\System\PtPxlSl.exe

C:\Windows\System\PtPxlSl.exe

C:\Windows\System\nLctINW.exe

C:\Windows\System\nLctINW.exe

C:\Windows\System\ADhMnKc.exe

C:\Windows\System\ADhMnKc.exe

C:\Windows\System\PyyPZwu.exe

C:\Windows\System\PyyPZwu.exe

C:\Windows\System\rFQofOd.exe

C:\Windows\System\rFQofOd.exe

C:\Windows\System\NRFSxRr.exe

C:\Windows\System\NRFSxRr.exe

C:\Windows\System\fmqcFcS.exe

C:\Windows\System\fmqcFcS.exe

C:\Windows\System\ZNvcEwA.exe

C:\Windows\System\ZNvcEwA.exe

C:\Windows\System\IoNlEaI.exe

C:\Windows\System\IoNlEaI.exe

C:\Windows\System\iTREAdw.exe

C:\Windows\System\iTREAdw.exe

C:\Windows\System\BDTFULz.exe

C:\Windows\System\BDTFULz.exe

C:\Windows\System\ePOYEZR.exe

C:\Windows\System\ePOYEZR.exe

C:\Windows\System\NmowKdO.exe

C:\Windows\System\NmowKdO.exe

C:\Windows\System\UXEusIw.exe

C:\Windows\System\UXEusIw.exe

C:\Windows\System\LhgXTUz.exe

C:\Windows\System\LhgXTUz.exe

C:\Windows\System\bLLoxlO.exe

C:\Windows\System\bLLoxlO.exe

C:\Windows\System\WGtSWHy.exe

C:\Windows\System\WGtSWHy.exe

C:\Windows\System\KIgZgNd.exe

C:\Windows\System\KIgZgNd.exe

C:\Windows\System\eSmpmVB.exe

C:\Windows\System\eSmpmVB.exe

C:\Windows\System\oqQtPTb.exe

C:\Windows\System\oqQtPTb.exe

C:\Windows\System\cehEtwC.exe

C:\Windows\System\cehEtwC.exe

C:\Windows\System\MqSMIkG.exe

C:\Windows\System\MqSMIkG.exe

C:\Windows\System\edTmyrd.exe

C:\Windows\System\edTmyrd.exe

C:\Windows\System\MsAfaOO.exe

C:\Windows\System\MsAfaOO.exe

C:\Windows\System\HuCyuZr.exe

C:\Windows\System\HuCyuZr.exe

C:\Windows\System\aPDpIVu.exe

C:\Windows\System\aPDpIVu.exe

C:\Windows\System\oeNaDKa.exe

C:\Windows\System\oeNaDKa.exe

C:\Windows\System\HDAWOBc.exe

C:\Windows\System\HDAWOBc.exe

C:\Windows\System\PGhIbYX.exe

C:\Windows\System\PGhIbYX.exe

C:\Windows\System\TdpetCz.exe

C:\Windows\System\TdpetCz.exe

C:\Windows\System\FUcZmlW.exe

C:\Windows\System\FUcZmlW.exe

C:\Windows\System\dMImwsv.exe

C:\Windows\System\dMImwsv.exe

C:\Windows\System\EpYdDix.exe

C:\Windows\System\EpYdDix.exe

C:\Windows\System\aaqNWjD.exe

C:\Windows\System\aaqNWjD.exe

C:\Windows\System\NBeyhkJ.exe

C:\Windows\System\NBeyhkJ.exe

C:\Windows\System\ybbhYDD.exe

C:\Windows\System\ybbhYDD.exe

C:\Windows\System\YZIVNWo.exe

C:\Windows\System\YZIVNWo.exe

C:\Windows\System\caYwEQn.exe

C:\Windows\System\caYwEQn.exe

C:\Windows\System\LEjizxF.exe

C:\Windows\System\LEjizxF.exe

C:\Windows\System\oQGFnZz.exe

C:\Windows\System\oQGFnZz.exe

C:\Windows\System\zqrmsrk.exe

C:\Windows\System\zqrmsrk.exe

C:\Windows\System\cEREMKP.exe

C:\Windows\System\cEREMKP.exe

C:\Windows\System\vAzvREK.exe

C:\Windows\System\vAzvREK.exe

C:\Windows\System\gbpnFgq.exe

C:\Windows\System\gbpnFgq.exe

C:\Windows\System\HbhOJrH.exe

C:\Windows\System\HbhOJrH.exe

C:\Windows\System\SCdFTwJ.exe

C:\Windows\System\SCdFTwJ.exe

C:\Windows\System\FkFqDEz.exe

C:\Windows\System\FkFqDEz.exe

C:\Windows\System\TkRLDjg.exe

C:\Windows\System\TkRLDjg.exe

C:\Windows\System\gapejtz.exe

C:\Windows\System\gapejtz.exe

C:\Windows\System\cqiKwVS.exe

C:\Windows\System\cqiKwVS.exe

C:\Windows\System\xDFJmkY.exe

C:\Windows\System\xDFJmkY.exe

C:\Windows\System\SdNqjPG.exe

C:\Windows\System\SdNqjPG.exe

C:\Windows\System\wJltLGT.exe

C:\Windows\System\wJltLGT.exe

C:\Windows\System\coUhPGS.exe

C:\Windows\System\coUhPGS.exe

C:\Windows\System\UqvkZeI.exe

C:\Windows\System\UqvkZeI.exe

C:\Windows\System\iPomLlt.exe

C:\Windows\System\iPomLlt.exe

C:\Windows\System\tefUhCc.exe

C:\Windows\System\tefUhCc.exe

C:\Windows\System\BuWbuCZ.exe

C:\Windows\System\BuWbuCZ.exe

C:\Windows\System\bkKzERv.exe

C:\Windows\System\bkKzERv.exe

C:\Windows\System\qJhIiRM.exe

C:\Windows\System\qJhIiRM.exe

C:\Windows\System\ViXEuvH.exe

C:\Windows\System\ViXEuvH.exe

C:\Windows\System\LzHbYEK.exe

C:\Windows\System\LzHbYEK.exe

C:\Windows\System\eEFeTxa.exe

C:\Windows\System\eEFeTxa.exe

C:\Windows\System\oiwNsuk.exe

C:\Windows\System\oiwNsuk.exe

C:\Windows\System\FwSCmKK.exe

C:\Windows\System\FwSCmKK.exe

C:\Windows\System\KorKnww.exe

C:\Windows\System\KorKnww.exe

C:\Windows\System\AKoJIis.exe

C:\Windows\System\AKoJIis.exe

C:\Windows\System\LtPZmPL.exe

C:\Windows\System\LtPZmPL.exe

C:\Windows\System\nZnAUnN.exe

C:\Windows\System\nZnAUnN.exe

C:\Windows\System\jPsgMQy.exe

C:\Windows\System\jPsgMQy.exe

C:\Windows\System\IgrwHGV.exe

C:\Windows\System\IgrwHGV.exe

C:\Windows\System\dqxrkXG.exe

C:\Windows\System\dqxrkXG.exe

C:\Windows\System\zLSbdrz.exe

C:\Windows\System\zLSbdrz.exe

C:\Windows\System\UPiLCFR.exe

C:\Windows\System\UPiLCFR.exe

C:\Windows\System\hzKQQqJ.exe

C:\Windows\System\hzKQQqJ.exe

C:\Windows\System\wElEXNG.exe

C:\Windows\System\wElEXNG.exe

C:\Windows\System\QoosOdl.exe

C:\Windows\System\QoosOdl.exe

C:\Windows\System\KXjwyUJ.exe

C:\Windows\System\KXjwyUJ.exe

C:\Windows\System\ZUhqzwp.exe

C:\Windows\System\ZUhqzwp.exe

C:\Windows\System\mNFILqy.exe

C:\Windows\System\mNFILqy.exe

C:\Windows\System\eTEcsqm.exe

C:\Windows\System\eTEcsqm.exe

C:\Windows\System\dSdtZDT.exe

C:\Windows\System\dSdtZDT.exe

C:\Windows\System\qybgdON.exe

C:\Windows\System\qybgdON.exe

C:\Windows\System\qpeytAg.exe

C:\Windows\System\qpeytAg.exe

C:\Windows\System\YSaUihL.exe

C:\Windows\System\YSaUihL.exe

C:\Windows\System\ZDwyMyA.exe

C:\Windows\System\ZDwyMyA.exe

C:\Windows\System\FIgAlWD.exe

C:\Windows\System\FIgAlWD.exe

C:\Windows\System\EXYksSN.exe

C:\Windows\System\EXYksSN.exe

C:\Windows\System\qHVfqNE.exe

C:\Windows\System\qHVfqNE.exe

C:\Windows\System\CAMHXbe.exe

C:\Windows\System\CAMHXbe.exe

C:\Windows\System\QUwIifS.exe

C:\Windows\System\QUwIifS.exe

C:\Windows\System\hHMeOMR.exe

C:\Windows\System\hHMeOMR.exe

C:\Windows\System\BeyehTS.exe

C:\Windows\System\BeyehTS.exe

C:\Windows\System\CfPOyEp.exe

C:\Windows\System\CfPOyEp.exe

C:\Windows\System\uXuaOvq.exe

C:\Windows\System\uXuaOvq.exe

C:\Windows\System\YjtAxwQ.exe

C:\Windows\System\YjtAxwQ.exe

C:\Windows\System\MvJgmyS.exe

C:\Windows\System\MvJgmyS.exe

C:\Windows\System\yZSXzZT.exe

C:\Windows\System\yZSXzZT.exe

C:\Windows\System\GXntsxw.exe

C:\Windows\System\GXntsxw.exe

C:\Windows\System\JyHWYwF.exe

C:\Windows\System\JyHWYwF.exe

C:\Windows\System\biFwztA.exe

C:\Windows\System\biFwztA.exe

C:\Windows\System\dcIhCLx.exe

C:\Windows\System\dcIhCLx.exe

C:\Windows\System\tcFLjCz.exe

C:\Windows\System\tcFLjCz.exe

C:\Windows\System\hZeRpdl.exe

C:\Windows\System\hZeRpdl.exe

C:\Windows\System\xmsXFvt.exe

C:\Windows\System\xmsXFvt.exe

C:\Windows\System\owhiRUw.exe

C:\Windows\System\owhiRUw.exe

C:\Windows\System\GSLKZmR.exe

C:\Windows\System\GSLKZmR.exe

C:\Windows\System\rjGQVcZ.exe

C:\Windows\System\rjGQVcZ.exe

C:\Windows\System\mXuOGrw.exe

C:\Windows\System\mXuOGrw.exe

C:\Windows\System\nDUfCSv.exe

C:\Windows\System\nDUfCSv.exe

C:\Windows\System\XvlwKBU.exe

C:\Windows\System\XvlwKBU.exe

C:\Windows\System\JHnKVHI.exe

C:\Windows\System\JHnKVHI.exe

C:\Windows\System\JXaRHEi.exe

C:\Windows\System\JXaRHEi.exe

C:\Windows\System\LbUHDWG.exe

C:\Windows\System\LbUHDWG.exe

C:\Windows\System\yWouXek.exe

C:\Windows\System\yWouXek.exe

C:\Windows\System\aAxRQpW.exe

C:\Windows\System\aAxRQpW.exe

C:\Windows\System\gVQIPcE.exe

C:\Windows\System\gVQIPcE.exe

C:\Windows\System\ePECFtb.exe

C:\Windows\System\ePECFtb.exe

C:\Windows\System\jXUOZjM.exe

C:\Windows\System\jXUOZjM.exe

C:\Windows\System\zonUvGv.exe

C:\Windows\System\zonUvGv.exe

C:\Windows\System\cwOENEm.exe

C:\Windows\System\cwOENEm.exe

C:\Windows\System\ErmIwWh.exe

C:\Windows\System\ErmIwWh.exe

C:\Windows\System\XLJlnBU.exe

C:\Windows\System\XLJlnBU.exe

C:\Windows\System\MzGEpsr.exe

C:\Windows\System\MzGEpsr.exe

C:\Windows\System\LoWbUmg.exe

C:\Windows\System\LoWbUmg.exe

C:\Windows\System\FuxIeAV.exe

C:\Windows\System\FuxIeAV.exe

C:\Windows\System\NwRmTHa.exe

C:\Windows\System\NwRmTHa.exe

C:\Windows\System\PXlPFkS.exe

C:\Windows\System\PXlPFkS.exe

C:\Windows\System\DCtPcHh.exe

C:\Windows\System\DCtPcHh.exe

C:\Windows\System\CxbxiWv.exe

C:\Windows\System\CxbxiWv.exe

C:\Windows\System\nEfWWbL.exe

C:\Windows\System\nEfWWbL.exe

C:\Windows\System\gXGtmVd.exe

C:\Windows\System\gXGtmVd.exe

C:\Windows\System\NXHZdsV.exe

C:\Windows\System\NXHZdsV.exe

C:\Windows\System\BEefFfo.exe

C:\Windows\System\BEefFfo.exe

C:\Windows\System\uIROROB.exe

C:\Windows\System\uIROROB.exe

C:\Windows\System\oTgFAWb.exe

C:\Windows\System\oTgFAWb.exe

C:\Windows\System\lkiAypx.exe

C:\Windows\System\lkiAypx.exe

C:\Windows\System\PXdQPVf.exe

C:\Windows\System\PXdQPVf.exe

C:\Windows\System\bmKShem.exe

C:\Windows\System\bmKShem.exe

C:\Windows\System\kCTWBxD.exe

C:\Windows\System\kCTWBxD.exe

C:\Windows\System\QqusMkb.exe

C:\Windows\System\QqusMkb.exe

C:\Windows\System\SitiBwP.exe

C:\Windows\System\SitiBwP.exe

C:\Windows\System\RvlbaqG.exe

C:\Windows\System\RvlbaqG.exe

C:\Windows\System\sVHjdIf.exe

C:\Windows\System\sVHjdIf.exe

C:\Windows\System\BQPImdE.exe

C:\Windows\System\BQPImdE.exe

C:\Windows\System\AdXsqrZ.exe

C:\Windows\System\AdXsqrZ.exe

C:\Windows\System\MQpjlws.exe

C:\Windows\System\MQpjlws.exe

C:\Windows\System\xlegqgU.exe

C:\Windows\System\xlegqgU.exe

C:\Windows\System\uzJCRhM.exe

C:\Windows\System\uzJCRhM.exe

C:\Windows\System\UGjEttY.exe

C:\Windows\System\UGjEttY.exe

C:\Windows\System\ALGzrXE.exe

C:\Windows\System\ALGzrXE.exe

C:\Windows\System\DggEafy.exe

C:\Windows\System\DggEafy.exe

C:\Windows\System\luxvOVg.exe

C:\Windows\System\luxvOVg.exe

C:\Windows\System\cBLKkkC.exe

C:\Windows\System\cBLKkkC.exe

C:\Windows\System\MZvlGRk.exe

C:\Windows\System\MZvlGRk.exe

C:\Windows\System\UTvDOPe.exe

C:\Windows\System\UTvDOPe.exe

C:\Windows\System\saumddJ.exe

C:\Windows\System\saumddJ.exe

C:\Windows\System\srBXIOu.exe

C:\Windows\System\srBXIOu.exe

C:\Windows\System\EfKFBfm.exe

C:\Windows\System\EfKFBfm.exe

C:\Windows\System\zGyCWsL.exe

C:\Windows\System\zGyCWsL.exe

C:\Windows\System\YUGPLLA.exe

C:\Windows\System\YUGPLLA.exe

C:\Windows\System\roQPvaH.exe

C:\Windows\System\roQPvaH.exe

C:\Windows\System\DpZAxaN.exe

C:\Windows\System\DpZAxaN.exe

C:\Windows\System\oxBlwXq.exe

C:\Windows\System\oxBlwXq.exe

C:\Windows\System\EoVYPXs.exe

C:\Windows\System\EoVYPXs.exe

C:\Windows\System\ArNphjK.exe

C:\Windows\System\ArNphjK.exe

C:\Windows\System\IeZmHKM.exe

C:\Windows\System\IeZmHKM.exe

C:\Windows\System\SsXJAZY.exe

C:\Windows\System\SsXJAZY.exe

C:\Windows\System\KJEYTrk.exe

C:\Windows\System\KJEYTrk.exe

C:\Windows\System\OljpSku.exe

C:\Windows\System\OljpSku.exe

C:\Windows\System\QKncLon.exe

C:\Windows\System\QKncLon.exe

C:\Windows\System\YTUflHw.exe

C:\Windows\System\YTUflHw.exe

C:\Windows\System\vMhPtWQ.exe

C:\Windows\System\vMhPtWQ.exe

C:\Windows\System\orXAtBT.exe

C:\Windows\System\orXAtBT.exe

C:\Windows\System\RGwzZZm.exe

C:\Windows\System\RGwzZZm.exe

C:\Windows\System\WAhxETr.exe

C:\Windows\System\WAhxETr.exe

C:\Windows\System\maELEIz.exe

C:\Windows\System\maELEIz.exe

C:\Windows\System\PIPDpeD.exe

C:\Windows\System\PIPDpeD.exe

C:\Windows\System\vcQfqsG.exe

C:\Windows\System\vcQfqsG.exe

C:\Windows\System\IRQSRer.exe

C:\Windows\System\IRQSRer.exe

C:\Windows\System\QyWQOpp.exe

C:\Windows\System\QyWQOpp.exe

C:\Windows\System\vSEiVbS.exe

C:\Windows\System\vSEiVbS.exe

C:\Windows\System\wlQDJwA.exe

C:\Windows\System\wlQDJwA.exe

C:\Windows\System\PVhmVbf.exe

C:\Windows\System\PVhmVbf.exe

C:\Windows\System\SUiIejy.exe

C:\Windows\System\SUiIejy.exe

C:\Windows\System\kAYeFQO.exe

C:\Windows\System\kAYeFQO.exe

C:\Windows\System\mxgOMZT.exe

C:\Windows\System\mxgOMZT.exe

C:\Windows\System\gWSOKpe.exe

C:\Windows\System\gWSOKpe.exe

C:\Windows\System\HWWcmPd.exe

C:\Windows\System\HWWcmPd.exe

C:\Windows\System\SoXIxFT.exe

C:\Windows\System\SoXIxFT.exe

C:\Windows\System\uBUUOVq.exe

C:\Windows\System\uBUUOVq.exe

C:\Windows\System\ZzPhQjm.exe

C:\Windows\System\ZzPhQjm.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/3000-0-0x00000000001F0000-0x0000000000200000-memory.dmp

memory/3000-1-0x000000013FE90000-0x0000000140282000-memory.dmp

C:\Windows\system\HJMSfig.exe

MD5 b7b30148d815105df66b69da2e624283
SHA1 e32b0533b0308082add618b41b57582049b72b10
SHA256 fddc8c3bb82bf64341d3987d5098ff6f10bd0dca33ba3eca237acfdf9bffcbf6
SHA512 20b448d93aae4d990948fa7e4fc6778dd6b455a5b2df5216d2306a31a4c050dd5405f73c2b268f9fa1f245f544623b8129cc52749a09aedb43ea23faf2d82b0c

C:\Windows\system\vmvFUif.exe

MD5 231b0112656e49f97ab15c6b915c30c7
SHA1 a9e9b9a9c912762b8ca029665ef83121231c87e9
SHA256 8b4c9c60a202e54525d69485361a654fd9138a95a8bdfe6d7540f9a08051d280
SHA512 495c29261157b76f3fc34774e6a413648e81c2202273d173bc397a215aff2af8324b2516ff8aeea7fb0b04fa3a56af30d3b7537482a5e10479c0a70042463597

memory/3000-17-0x000000013FA10000-0x000000013FE02000-memory.dmp

\Windows\system\JkkZJhV.exe

MD5 ef7f4f3110505162cc746a6e5c724206
SHA1 b058e288a390341021ce5ef4127588efb0b8b345
SHA256 6f69e545b8a304d6bb6308823f012d097345bdd43bc8751015fa22d511db5117
SHA512 942210906ca560f9771207616639d02c4910744f2116e2e678e3cf61a82d2413fb74aa8cd607fa3d4bbb6815a898b42ce5cfb35051209b2bb22edd740f3215d8

memory/3000-24-0x000000013F200000-0x000000013F5F2000-memory.dmp

C:\Windows\system\ctnZPVm.exe

MD5 6d5491544509b4a46b24be2f3a58cb39
SHA1 e39100b4a64ed8ee0591092769d9d9b546fc6999
SHA256 2f20273baa81a91dc4d50cafa47971213d557ce335e89e8555962478afce87e5
SHA512 e2ab44424e8fa76c7b94aefd1ec6423fe541d88dce7ad1ab4c3006e60f47d5f3f76a9fd83db1f7cf0b52ef1f40bfb220bfda45f7f4e5d6b659f30ca2a8ab02e4

C:\Windows\system\trIAXnM.exe

MD5 f916d04f0b744e78821c0d61ffd06ab3
SHA1 8b175633b4e2ad5bd359a919cbdb30773783bf24
SHA256 8446760e3a47142305a787a36f5da4a9ab0035a89daa1fbffb3792de9b866523
SHA512 8c1c86cb8a0a656b585da60a45268b3890c65bebd00ac8ac017e304a0fd4255bc798fc33e6465fac115e744f69dd03b2999d6240c492e12732e1fc2b49efae7b

memory/2644-60-0x000000001B5B0000-0x000000001B892000-memory.dmp

memory/2644-72-0x0000000002240000-0x0000000002248000-memory.dmp

memory/2068-69-0x000000013FA50000-0x000000013FE42000-memory.dmp

C:\Windows\system\mBJbhRg.exe

MD5 90bfd11b369fd4b75fa44a1c03bdc5f7
SHA1 736dd15c10b501c3252fcb19aecd3e8bb845b524
SHA256 1c94c36b0f528d802027e4561280a632d6f7ed7557e898c7cc9523162a45bb18
SHA512 25595d1cc919f459a9673dee8798347ad6ae8ac04793a606701db00e12a78c8fa0d47b45ef0849aa25b0e5637a0b816d52ca8e52453cb27d0d3111f6ad1f6b86

C:\Windows\system\vmadfnv.exe

MD5 3771bf5ded1637ff47e49e5d6259069e
SHA1 13f15c28fc4c1b9ef68e069dbfabe504cb016148
SHA256 2a84ecac80ef4a06c2c4119545bf7e3ddd90ca8fbfb0587eac70ac2c00ea02ff
SHA512 17290d45c8e87cf376abf81095a849d7249aaf0c9e01a0a27c91466a152550ccff2067444854e5373cc91f87fb46ba27ba63b745251e0a381ed712584c38f543

C:\Windows\system\iFaYpWI.exe

MD5 03df4fadc7bf05304686598ec89c2446
SHA1 3d7c98845bed571db272dc787ec06418617b782f
SHA256 3761045c9484885ca04d11b856f8e8613f83eeb1dadc055db1fa0c0346b185fc
SHA512 e81d8db0d736bae5ac06e1cccca338f2059bd160f11fdc22a278d9f7015765ae46663e3de767352a0096cf2e6e4b3336cc896fadc0c2b8d4b27ea304ef54abd5

\Windows\system\IQRkSZa.exe

MD5 aeafc15e2b38d13b9320cbec2b36cf23
SHA1 c8ed498f0e2e04c9be7ee1c9253f4efbbf5fd997
SHA256 af5a7109f2f6f858546e9c2e3d6a1a02c74c389d1278bcae75b8a66603962e98
SHA512 0b94e833d5118114bb2e5ea3e23b63442a9edcd0f1c7828e6f60a52ce026896a9f0661bccc129881e39568a0a6ee01dd2283488ec97b744ca119df2501203f50

memory/3000-52-0x000000013F1F0000-0x000000013F5E2000-memory.dmp

\Windows\system\LCpAAyL.exe

MD5 b61d72e50fa2332afda606b16357a4e2
SHA1 5046994e65d1cd5bc275be0acd541869986e1946
SHA256 00bba9f12af56c959b6576fbb7041af904e5a0ba0054958e7829b87714e00606
SHA512 7b07ca9c5f0369006b326a079b6e1669e8e0e976cc4bc90060774c630e604f65a37e79be512f3fa4553b1672cd79d70baf8bb677ff704036ae2d95508bbd42d7

C:\Windows\system\XdTEgcp.exe

MD5 3fbfc03da1256af51f5ba1145dc01bc4
SHA1 86b209b9d791f93faa05d0ac2573a470c662d0cc
SHA256 dd2f85a2faae57d31ed11f95b6d6f7746a8dc28e2de77e27e4122e91b9fe6d3d
SHA512 4fefddb93bdc065401cdf18e61ba3f1509bd84cc6c1b57c9aea5e2dd6e90bcb2c22ca6123b0cde4987da8e3be77f93fdcc5bd1d52c6bee6bedcad564bdf348da

C:\Windows\system\InDuAJN.exe

MD5 1e9d3803e30e5b4bc708826e18f18f9a
SHA1 fa5d60ef49c46bac69c1df2e394ec407370357b6
SHA256 161b91254c056211d004bf244841658acb8d6fca50b6dcfcff74549b24351b71
SHA512 6373781330e90b99b8338a07ea1792cf6ff52daec9370c3bb321d2c7e9da4b98506a98a645c3a06e2324dd4b27cbd0ce30f1c13eb281e9ee8e97ff7d1e1e8710

C:\Windows\system\DBkGltk.exe

MD5 d2ec8ec74595145c1a48cf9fe1c80464
SHA1 d09a02d112e2211f092d0455b092b38e5dd43da0
SHA256 4ba7b74f29674e55194b143726e2d9f5db3fe93e25a61b0bf1a43ff326158217
SHA512 9a5e314de225537ab2e0ca64f9f87f2f1329e12e2b8c271f2d99b331e8abfe425e36bc21cad376cf48e98ce1c912f88468c64c0c2f21650b75f6f6bf5aa3fcc4

memory/3000-97-0x0000000003500000-0x00000000038F2000-memory.dmp

C:\Windows\system\ymaodKQ.exe

MD5 3df70708ce16382dd97e5d539db4592a
SHA1 11b1eace067b36185878b98f59fd1d98e7675e88
SHA256 91d509864c46033da323375960634a7f0567086e94c87f4edb8fe291a24798e5
SHA512 40e5393e0b4553f9910a7546c62a800e0d14e8e4bcb92ee47485176af8ebe390525c54964fc0cd193f4916b7e29389b7f8a9a651fb1b116d7af9b26d9882cf7a

\Windows\system\RaIEYUq.exe

MD5 7f52d087f75207690f062fc202d1d115
SHA1 5365c3ca5cf97fde7e459bc6becf329fa567a633
SHA256 663a949968d1466a6c8f8ce4ace8d8cd7c30b9cc6a8d583a027a7b7164b07db2
SHA512 8643f28ccce79490b431a538f75bb598d59d74bba3c0e37042bc5e86497fed80f62e90384a43f54b6d566ee5ddd73c024e5dc882f2a1997601d5e05427110542

memory/3000-59-0x000000013F970000-0x000000013FD62000-memory.dmp

C:\Windows\system\gzhcChf.exe

MD5 c0530a8551c4dfffb028738b7f72e3b1
SHA1 38bfd10fa8ecd1bb9401ac91138f74bc891c2948
SHA256 04115e492fd699d242f098b7496583b1fb72188c71b043c4f93f2ac58c4fc1d2
SHA512 193842fb94eae45b1171acc977131bb2cb5139c9fb39232e1babf00cac65a3ead0cbd764d0a54a71c0262412cd5283658b984e0e2838cf110cb5a4d0b414b013

C:\Windows\system\kgLYYkA.exe

MD5 8cda578cf18c43c60b9caf1abe26e829
SHA1 c547e63f127bc2259e227ec570302e8bc6ec353b
SHA256 bc33481d1b6590f95f506eb37c89c2d356f45b7aaa0175aa977766cfbc2e609c
SHA512 15ca7f8f00f6adeabf727ce52b72f1c506fa2dc475e25fdcd2c7c9c5c4004891945e5537e4fc6b9b91f6073db5b8dcaa4326bc6fa94bf50d017bc92fe362876b

C:\Windows\system\dougdHm.exe

MD5 b054b2172b575266a47312f9b6c27f38
SHA1 27faa60aeac2843206d212663c1e646bb37507b1
SHA256 57366db071cd192b05437fc04d5c9c0cc110d5b2a4b3c163cf96dcb2f2d97b58
SHA512 c18b5ecb65c6c20b7418bc6fba2c0fb029e7b168e68246ecca8a86c20930f8564892c46f4ca362d75dd198103a45cf7cf5b52ccca699c7976f0684426b849535

\Windows\system\TesqqLt.exe

MD5 555cde0f01ddaf496115833be446e410
SHA1 1851e0c49f331026ab3f239be06f2cfde1c60263
SHA256 1f2e293b0faa03c5175bb91953a5247135862d8f3cb7a5f00e228126f77f1198
SHA512 e48da06ea776934d744cd6ed3a8b81658a54397f6abdd4e0775bb826a452d52586ef1e8d38d90cbf1797b3043d59174b21728dcdd3aacf57691820472b7504fc

C:\Windows\system\qgnKeUQ.exe

MD5 e577876c97c36a7990bc868107f08bd4
SHA1 10221bc24018b044c21869a8bbe3d1f4f7cd32e1
SHA256 c6c19cda3c6196ecf8bfb0c5c56160fd801d47e82fc6fc63cffc1afe2eaf084d
SHA512 1d6e7fc19d8045319a46f565d55e8b45e22db6982cd95d2d3ab72c1f7027e86ce7bb439c8282a9a113b1a62abf07c65eda437ebf19c3ed689540ac9481037add

C:\Windows\system\lYgAUqJ.exe

MD5 793a9297c8b72341dbf19a2d9cef4a03
SHA1 b1898f30cbde756d4d52ed6c5eb4823106eafab4
SHA256 c27d122d907b0fb23646b93b4f4ecafcc884b4374c9c822b08ab3f56ffb8594f
SHA512 55950382f7c0a3f1371be244d0fd8189254eaf2403c6124b5b7044f8b89afe9181e95929f1f13a18ac29ac6a6bed98c2e166e3043c43f05923c98b6ab8dfd96e

C:\Windows\system\fmsLhRP.exe

MD5 a4e64e73f0adf29d7c40c1c3b2dea7c6
SHA1 c93c600955021448204a3c5728aa409057fdf4c3
SHA256 1f8dbbf7ccbe113518ea95b82cfde49638a63be5270367db2a8c8bef690fcac4
SHA512 9017a41a151e4a249d8f032c14e386a15307d29afa6a7f7a5734ecd922cd5a36b2775f07537e4f71d60878838d623208765b1f8e411b838b517d243eb322d6d4

C:\Windows\system\GJDkymQ.exe

MD5 43e4e29c2d484f41085c8943ea750c5f
SHA1 fbe2e67cbce5e84fec14746604d84d1d6db2d3f4
SHA256 852fdd3079b07d8c5823fb554860a7d44cc167e167db5715030f01e309074b05
SHA512 6561f9bd717ce02c085506e3be3a2d1234072c29cc464c7e3886a72d33258946b9d0c9684881f917df022d8766769fedc073a46e48cdcbf4bb4f3c3b4ccaa1a1

memory/2456-58-0x000000013F1F0000-0x000000013F5E2000-memory.dmp

C:\Windows\system\TrsVPhG.exe

MD5 cb07673b4c3b2a987651dfc74192b0c1
SHA1 ed7645099376d29307e97bc55ba78fde3d491c3c
SHA256 206131515ac23f0fd404f85a2e96eb5a6167f8c4713dcdca38242c709354b993
SHA512 abd89ce40c2c37fc45fa776487c500c1a151b77b7be4f09b4f4f3e09c01bf7a302ea504fd4eda9e1468c2648f580e42165b8746243ffd3236de09e1c252396f3

memory/2772-41-0x000000013FF40000-0x0000000140332000-memory.dmp

memory/3000-39-0x0000000002EF0000-0x00000000032E2000-memory.dmp

memory/2732-30-0x000000013FAE0000-0x000000013FED2000-memory.dmp

memory/2656-29-0x000000013F200000-0x000000013F5F2000-memory.dmp

memory/3000-28-0x000000013F060000-0x000000013F452000-memory.dmp

memory/2572-27-0x000000013F060000-0x000000013F452000-memory.dmp

memory/3000-25-0x0000000002EF0000-0x00000000032E2000-memory.dmp

memory/2556-22-0x000000013FA10000-0x000000013FE02000-memory.dmp

C:\Windows\system\MXRFhHu.exe

MD5 445077cf78da18af0b638e4128c10a4c
SHA1 8d2884c9a094ae4b3d043e00f7d4865e5c445919
SHA256 18e748c3ed2d497823775711010eded35f403210963c151299aeefafa38beb02
SHA512 44215daaf87fdbe0dea26391347201b72821d51c9a12597108518cee14ab37e78f554b74683d3bf10f373d77015ce55fff12252887c1b14a235f19147616fe22

memory/2904-85-0x000000013F970000-0x000000013FD62000-memory.dmp

C:\Windows\system\NtnNDbD.exe

MD5 87310026127b217d7fe6a212c1f1158d
SHA1 b4aa3b52d5239f6968bb83f8a50f67b71d044a46
SHA256 05d1c35f5bbf4c1e3990f2339beefde80f25525586d8308538db04374a992923
SHA512 8d8d86490845fee7887de85f771f51b6b82d129c0769ba3c64d18d798841cfa311d947abde720c2bd96ff652ae83524837ebf0438271ef4bdb0c62eb01494aba

memory/1512-86-0x000000013FC30000-0x0000000140022000-memory.dmp

\Windows\system\QpNfeZq.exe

MD5 6a69789b477b49773894fe5973e86266
SHA1 993de6ce9e2396419482eeffb29e9066dd080302
SHA256 ba1422bf0dca3f11a056867c54ad2c0b502dc220da5eaa53fa946cc71efe6bae
SHA512 35e4de77b72d71a385eae6e238438049a658c9ae27813d4f1802f96644e00d434be294e0ed24b1c4b7518f7936ae2b5b646824b4c4041af915be175ef9f4dddd

\Windows\system\LSYinYz.exe

MD5 017a69255eec4c1b684b76e72cd9d342
SHA1 850d581ed5c1e15746d197ac000a7ce36df8339f
SHA256 6c745430c57c07ba7ac2365b7f8bb8abb3b3c826c524baa09d853d52e0d6900c
SHA512 a15b2e18f9f6ef14cfb78ee8228532a8473701c2216d87b7f4a085ab97a95176301706fae45bf5476f249afa33647416f4772fd7472da4859cca05281e558f81

\Windows\system\ZqATetl.exe

MD5 8792eda3c6039e572a8b6c8e0fec2980
SHA1 415a2cc649883a15c77a1c6f664fac8059d55eaf
SHA256 28707afef0d915ced79c3b14d593d184ad0ec87e183e6ca3f4ce88777efe9f76
SHA512 866975cd594489ea81060008fc5f54f19a2a2a221a7ff29107972905f904a1e8836a234db713344887a41525b6ab324b9c4ca78c761d89d4f91d453798deda32

memory/1488-82-0x000000013F840000-0x000000013FC32000-memory.dmp

memory/3000-81-0x000000013F760000-0x000000013FB52000-memory.dmp

memory/3000-80-0x000000013F840000-0x000000013FC32000-memory.dmp

memory/3000-79-0x0000000003500000-0x00000000038F2000-memory.dmp

memory/3000-77-0x000000013FA50000-0x000000013FE42000-memory.dmp

\Windows\system\bAXcydv.exe

MD5 d03f9e3dd88b297812d9ab2df16e56d6
SHA1 58bd0d5ab6d829c5d061b85a8802cd7387a22a05
SHA256 730f19eca3efe2f8d257fc03adec6a64d78f41732f9a5e476896d42ffb0a00f0
SHA512 ac3b5279c86ac0694b0e434c15d329523d5956c4bb10df9a74c446296f280773c5d2b3160b4a00465a2d9088e2938660b8ecb51c461a033c2a98a929ee747fab

\Windows\system\GAWzBan.exe

MD5 d92ef2754bab72bcfb3b005d9a891c79
SHA1 877124405c245c3488496d921b142e1d79316431
SHA256 c3cf0dace69cf659576aa96566fbad6679c7df2d8c0d4aa362381751453dc240
SHA512 1f6c7cb594a7c2236384f41096682428868be5bfca434b9f6ffe46632d973ed96bd74b5a30c09c5dcdeb7ad6cc81793e8e83d636263201fc0a2d825a16a1abd6

memory/2512-67-0x000000013F150000-0x000000013F542000-memory.dmp

\Windows\system\QInVxMP.exe

MD5 56f68392e0b04c0164e26e67564e7414
SHA1 eb99b4d6487d8181b3221fc2ca4cc0b2a8fc627f
SHA256 4593e2db4676706b5ccc6c3efd611a8ac9222675713bb450a131b11c4efbe733
SHA512 a64e306a6a7ce6c6cd25407adfb9d1cd7db17e9f80aac3c22f6a83b52adda440f53547335e18b61c17ef9711ec753524ba21dd549388137541d15ffc1741d8b5

\Windows\system\IAvckIB.exe

MD5 b68fdbe03d76a201a0d9f87113bff515
SHA1 cb453cfd3b6b97207255b66fda474f52298f5320
SHA256 e22c80edfb407f6fd39d508da03895a497b9ada96fe97ea7db2c0dfbe9c389a9
SHA512 6586ab3309f1a79cc6cfb6f3f5b165071c27d85a871b64bd2f16c97803640721b175f03af848f98c83c49f867ec73985ddd47a275507a1c3b00522e1a03486cc

\Windows\system\wUNIQxB.exe

MD5 f7a0aea08f98b4393e844002b47a09ac
SHA1 10510367acab44f4bab6570dcd459cbd285271b5
SHA256 44eecd6437a0c0583f8ae1e139cc53ddad0950375cf870d75d7ba563f8d48d37
SHA512 f8b2292f6d88618e70322d99779cc1fd9e1ed5d2abb80b5ba0d4fbdfc7b3a02c89e7f916e055dfdfb6c3dacdce03de60e7eeb5159724b28dad8f31ad10a45982

\Windows\system\mBGbMMt.exe

MD5 ea2cb8a420ad4dafe208e67ecb3cd51c
SHA1 ccbc0870b625feeb6dfd2794188c9479d0b48e98
SHA256 6d4c763f9722ea4ff96ee4e9747e03574cd0869d2a597c03a57dde3f0f24cb5c
SHA512 3355f3306dfa3a9768e91e278a18c1b953d04794dfcc011931389f0cf7eae5c854e6af22c08d85653a0b0a665a4dbfaf9b99b153cbcb1f788f087ee59a496d91

\Windows\system\RVZgTuj.exe

MD5 170a70647cbd18c6daa228eb79b64f3a
SHA1 1d1e78d7d09c3c2c829ca4cb5c728b6c8c550a67
SHA256 6c5d92ae2fcf20c742c47fd4ddc26975b11354ac799571c031fd889fdd59d33a
SHA512 a29462a5e661c43d0e8abbcec02d32f42ac581d300ba3f9a0b914d0f0ecbe47e22e85d0aae65cffbeecf02d876b9e1aadf9147cdc1155bfc46b7af48bb75874b

\Windows\system\ZJqpttx.exe

MD5 8b2a085508d259b1f28c0d9a9731a950
SHA1 12a90dcdc34a22221d2e97b3066adfa52e06ab4e
SHA256 a3a2c5000c61d9906732376fe38de17e715ce6862e986ba76bd86e7037f6d739
SHA512 26d91adf7bfb96b9e03daf5e4e8af4febdde49f64061907468cc9466c1a86a1355f59c474caceae7b67805b8102a9d5ee0a821f43f0435ca71e1d0c2410f223e

\Windows\system\eiJGSzi.exe

MD5 bb1be441fda41010ddf537b1b0ed869f
SHA1 7cc472495b3d89dd4b31078b72561d51ffc29a8c
SHA256 8dfdab5329f637e721efd78be1b7db53b4e3d054361f0d935c76ab28ba6ff8d6
SHA512 18d8d603e6b7e42059acfb4c2cdc34f94ced1bc08df1a3880ab045227d590727d8c4072202512bdd2cf960e2175a2391486ec32b2c8890cfbe1bbab71c5d8554

memory/3000-527-0x000000013FE90000-0x0000000140282000-memory.dmp

memory/3000-948-0x0000000002EF0000-0x00000000032E2000-memory.dmp

C:\Windows\system\YtNXyvG.exe

MD5 d6349613f683bded6d69a7d02ace4275
SHA1 1627fabfdfae3cac338500241f4e9e969ee50ac5
SHA256 4a54b14258d08729a6205b09d8643680d1fcbeb6eaed5e636cae813e537ac662
SHA512 d83aa606a1ca4c9ad32d8a91f5b2cf833fc395e62b938477a618ca3509fa52443c5e33121c0988fd90e65d2855a59276136a584d3f8258054273372e5fbf3292

memory/2772-4955-0x000000013FF40000-0x0000000140332000-memory.dmp

memory/2572-4969-0x000000013F060000-0x000000013F452000-memory.dmp

memory/1512-5026-0x000000013FC30000-0x0000000140022000-memory.dmp

memory/2512-5016-0x000000013F150000-0x000000013F542000-memory.dmp

memory/2904-5054-0x000000013F970000-0x000000013FD62000-memory.dmp

memory/2456-4960-0x000000013F1F0000-0x000000013F5E2000-memory.dmp

memory/3000-13923-0x0000000003500000-0x00000000038F2000-memory.dmp