Malware Analysis Report

2025-04-19 18:28

Sample ID 240527-f5s9jaae83
Target 780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118
SHA256 edb207369402731cfce24eaa29e8cb74b0f39500ee9473fc278f93690161bca1
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

edb207369402731cfce24eaa29e8cb74b0f39500ee9473fc278f93690161bca1

Threat Level: Known bad

The file 780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 05:27

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 05:27

Reported

2024-05-27 05:30

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\navdTZG.exe N/A
N/A N/A C:\Windows\System\qAfGkin.exe N/A
N/A N/A C:\Windows\System\weRBmnk.exe N/A
N/A N/A C:\Windows\System\zGZXUWc.exe N/A
N/A N/A C:\Windows\System\UEQoenP.exe N/A
N/A N/A C:\Windows\System\oFjQmaR.exe N/A
N/A N/A C:\Windows\System\mqoTIMC.exe N/A
N/A N/A C:\Windows\System\AAKTMWS.exe N/A
N/A N/A C:\Windows\System\alSeaKz.exe N/A
N/A N/A C:\Windows\System\UMiYkgV.exe N/A
N/A N/A C:\Windows\System\qryUTxY.exe N/A
N/A N/A C:\Windows\System\MfBpwui.exe N/A
N/A N/A C:\Windows\System\PiTZeYf.exe N/A
N/A N/A C:\Windows\System\xUTDcfq.exe N/A
N/A N/A C:\Windows\System\hdIaGMB.exe N/A
N/A N/A C:\Windows\System\sCaUpyv.exe N/A
N/A N/A C:\Windows\System\EHonimw.exe N/A
N/A N/A C:\Windows\System\CrxYJQv.exe N/A
N/A N/A C:\Windows\System\aoPfJkg.exe N/A
N/A N/A C:\Windows\System\oLfRcOj.exe N/A
N/A N/A C:\Windows\System\VgsIhqm.exe N/A
N/A N/A C:\Windows\System\jIqbJER.exe N/A
N/A N/A C:\Windows\System\RUZIIog.exe N/A
N/A N/A C:\Windows\System\FhcCFMg.exe N/A
N/A N/A C:\Windows\System\eApdvlJ.exe N/A
N/A N/A C:\Windows\System\fAKAXLV.exe N/A
N/A N/A C:\Windows\System\tmaJcmt.exe N/A
N/A N/A C:\Windows\System\EeKjgRc.exe N/A
N/A N/A C:\Windows\System\LmYDQuW.exe N/A
N/A N/A C:\Windows\System\GKFIZOh.exe N/A
N/A N/A C:\Windows\System\tgSmlzc.exe N/A
N/A N/A C:\Windows\System\qxCYMrz.exe N/A
N/A N/A C:\Windows\System\gxxWGtM.exe N/A
N/A N/A C:\Windows\System\wGAGicS.exe N/A
N/A N/A C:\Windows\System\GWUbeXf.exe N/A
N/A N/A C:\Windows\System\SHjhKLA.exe N/A
N/A N/A C:\Windows\System\WjzajAD.exe N/A
N/A N/A C:\Windows\System\dnAanhi.exe N/A
N/A N/A C:\Windows\System\XdIsEap.exe N/A
N/A N/A C:\Windows\System\JVAdcIL.exe N/A
N/A N/A C:\Windows\System\PySaFWo.exe N/A
N/A N/A C:\Windows\System\BvezlaB.exe N/A
N/A N/A C:\Windows\System\TZTIQhu.exe N/A
N/A N/A C:\Windows\System\HEDdGvZ.exe N/A
N/A N/A C:\Windows\System\OFEAwTz.exe N/A
N/A N/A C:\Windows\System\SGmeyMo.exe N/A
N/A N/A C:\Windows\System\hjbqcPf.exe N/A
N/A N/A C:\Windows\System\rBSbHXZ.exe N/A
N/A N/A C:\Windows\System\HeTAtOq.exe N/A
N/A N/A C:\Windows\System\eMGqCRB.exe N/A
N/A N/A C:\Windows\System\pwbsJQo.exe N/A
N/A N/A C:\Windows\System\tBvDffs.exe N/A
N/A N/A C:\Windows\System\vJTgugF.exe N/A
N/A N/A C:\Windows\System\HisEVaB.exe N/A
N/A N/A C:\Windows\System\HTUASNh.exe N/A
N/A N/A C:\Windows\System\dVcMjUD.exe N/A
N/A N/A C:\Windows\System\yAVKBix.exe N/A
N/A N/A C:\Windows\System\jlMhMuT.exe N/A
N/A N/A C:\Windows\System\OpgjyoD.exe N/A
N/A N/A C:\Windows\System\asdCsvZ.exe N/A
N/A N/A C:\Windows\System\RlBaEnf.exe N/A
N/A N/A C:\Windows\System\DLzzqOh.exe N/A
N/A N/A C:\Windows\System\VdRazdw.exe N/A
N/A N/A C:\Windows\System\iOrGjgk.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\AjHLcCK.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\JoVnSgg.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\WAjxJlw.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\ZwDOIyK.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\QmtIsGq.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\kvzeDIV.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\VMFvJpr.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\FWqHsKj.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\ikkJfeM.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\yMIpYcj.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\OXpllSY.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\aaZGrqf.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\YDmSWrT.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\lNLIpbw.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\CMXbHrn.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\VsKJKGZ.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\EOtfjbo.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\sOGdjzX.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\bkREuOD.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\aseVrBA.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\caXaDIO.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\MQclXNb.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\xsJRobk.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\SkRKWGF.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\yfVCNtC.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\RXVoamB.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\OcscKbk.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\csXkrcb.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\VPSbtIB.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\toPeVWD.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\HSyoLqR.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\qVmJjXv.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\wOqregW.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\gGcnTDU.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\ZcqgCPb.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\iUlElGP.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\JYMxtgB.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\ItaLpHV.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\UMsZIaS.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\BYvquFu.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\APEUKVt.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\BigORoR.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\qFwOoPF.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\ADEIPSa.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\aQfrSst.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\NypuMaB.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\NcLdwCU.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\YbIiwGG.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\TmnAKOD.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\uPoLQPM.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\EWssosl.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\wbzRvXO.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\GRZpshZ.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\NLBSSzD.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\hLiEVRv.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\akYdxeL.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\EcjGkKy.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\xoeXVWn.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\EdjNGwB.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\OlAzHap.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\xknFhHD.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\vYWOjTt.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\ewGLWfL.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\mMBSWKt.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3812 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3812 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3812 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\navdTZG.exe
PID 3812 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\navdTZG.exe
PID 3812 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qAfGkin.exe
PID 3812 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qAfGkin.exe
PID 3812 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\weRBmnk.exe
PID 3812 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\weRBmnk.exe
PID 3812 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\zGZXUWc.exe
PID 3812 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\zGZXUWc.exe
PID 3812 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UEQoenP.exe
PID 3812 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UEQoenP.exe
PID 3812 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oFjQmaR.exe
PID 3812 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oFjQmaR.exe
PID 3812 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\mqoTIMC.exe
PID 3812 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\mqoTIMC.exe
PID 3812 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\AAKTMWS.exe
PID 3812 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\AAKTMWS.exe
PID 3812 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\alSeaKz.exe
PID 3812 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\alSeaKz.exe
PID 3812 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UMiYkgV.exe
PID 3812 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UMiYkgV.exe
PID 3812 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qryUTxY.exe
PID 3812 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qryUTxY.exe
PID 3812 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\MfBpwui.exe
PID 3812 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\MfBpwui.exe
PID 3812 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\PiTZeYf.exe
PID 3812 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\PiTZeYf.exe
PID 3812 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\xUTDcfq.exe
PID 3812 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\xUTDcfq.exe
PID 3812 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\hdIaGMB.exe
PID 3812 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\hdIaGMB.exe
PID 3812 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\sCaUpyv.exe
PID 3812 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\sCaUpyv.exe
PID 3812 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\EHonimw.exe
PID 3812 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\EHonimw.exe
PID 3812 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\CrxYJQv.exe
PID 3812 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\CrxYJQv.exe
PID 3812 wrote to memory of 5044 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\aoPfJkg.exe
PID 3812 wrote to memory of 5044 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\aoPfJkg.exe
PID 3812 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oLfRcOj.exe
PID 3812 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oLfRcOj.exe
PID 3812 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\VgsIhqm.exe
PID 3812 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\VgsIhqm.exe
PID 3812 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\jIqbJER.exe
PID 3812 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\jIqbJER.exe
PID 3812 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\RUZIIog.exe
PID 3812 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\RUZIIog.exe
PID 3812 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\FhcCFMg.exe
PID 3812 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\FhcCFMg.exe
PID 3812 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\eApdvlJ.exe
PID 3812 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\eApdvlJ.exe
PID 3812 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\fAKAXLV.exe
PID 3812 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\fAKAXLV.exe
PID 3812 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\GWUbeXf.exe
PID 3812 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\GWUbeXf.exe
PID 3812 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\tmaJcmt.exe
PID 3812 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\tmaJcmt.exe
PID 3812 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\EeKjgRc.exe
PID 3812 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\EeKjgRc.exe
PID 3812 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\WjzajAD.exe
PID 3812 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\WjzajAD.exe
PID 3812 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\LmYDQuW.exe
PID 3812 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\LmYDQuW.exe

Processes

C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\navdTZG.exe

C:\Windows\System\navdTZG.exe

C:\Windows\System\qAfGkin.exe

C:\Windows\System\qAfGkin.exe

C:\Windows\System\weRBmnk.exe

C:\Windows\System\weRBmnk.exe

C:\Windows\System\zGZXUWc.exe

C:\Windows\System\zGZXUWc.exe

C:\Windows\System\UEQoenP.exe

C:\Windows\System\UEQoenP.exe

C:\Windows\System\oFjQmaR.exe

C:\Windows\System\oFjQmaR.exe

C:\Windows\System\mqoTIMC.exe

C:\Windows\System\mqoTIMC.exe

C:\Windows\System\AAKTMWS.exe

C:\Windows\System\AAKTMWS.exe

C:\Windows\System\alSeaKz.exe

C:\Windows\System\alSeaKz.exe

C:\Windows\System\UMiYkgV.exe

C:\Windows\System\UMiYkgV.exe

C:\Windows\System\qryUTxY.exe

C:\Windows\System\qryUTxY.exe

C:\Windows\System\MfBpwui.exe

C:\Windows\System\MfBpwui.exe

C:\Windows\System\PiTZeYf.exe

C:\Windows\System\PiTZeYf.exe

C:\Windows\System\xUTDcfq.exe

C:\Windows\System\xUTDcfq.exe

C:\Windows\System\hdIaGMB.exe

C:\Windows\System\hdIaGMB.exe

C:\Windows\System\sCaUpyv.exe

C:\Windows\System\sCaUpyv.exe

C:\Windows\System\EHonimw.exe

C:\Windows\System\EHonimw.exe

C:\Windows\System\CrxYJQv.exe

C:\Windows\System\CrxYJQv.exe

C:\Windows\System\aoPfJkg.exe

C:\Windows\System\aoPfJkg.exe

C:\Windows\System\oLfRcOj.exe

C:\Windows\System\oLfRcOj.exe

C:\Windows\System\VgsIhqm.exe

C:\Windows\System\VgsIhqm.exe

C:\Windows\System\jIqbJER.exe

C:\Windows\System\jIqbJER.exe

C:\Windows\System\RUZIIog.exe

C:\Windows\System\RUZIIog.exe

C:\Windows\System\FhcCFMg.exe

C:\Windows\System\FhcCFMg.exe

C:\Windows\System\eApdvlJ.exe

C:\Windows\System\eApdvlJ.exe

C:\Windows\System\fAKAXLV.exe

C:\Windows\System\fAKAXLV.exe

C:\Windows\System\GWUbeXf.exe

C:\Windows\System\GWUbeXf.exe

C:\Windows\System\tmaJcmt.exe

C:\Windows\System\tmaJcmt.exe

C:\Windows\System\EeKjgRc.exe

C:\Windows\System\EeKjgRc.exe

C:\Windows\System\WjzajAD.exe

C:\Windows\System\WjzajAD.exe

C:\Windows\System\LmYDQuW.exe

C:\Windows\System\LmYDQuW.exe

C:\Windows\System\GKFIZOh.exe

C:\Windows\System\GKFIZOh.exe

C:\Windows\System\tgSmlzc.exe

C:\Windows\System\tgSmlzc.exe

C:\Windows\System\qxCYMrz.exe

C:\Windows\System\qxCYMrz.exe

C:\Windows\System\gxxWGtM.exe

C:\Windows\System\gxxWGtM.exe

C:\Windows\System\wGAGicS.exe

C:\Windows\System\wGAGicS.exe

C:\Windows\System\SHjhKLA.exe

C:\Windows\System\SHjhKLA.exe

C:\Windows\System\dnAanhi.exe

C:\Windows\System\dnAanhi.exe

C:\Windows\System\XdIsEap.exe

C:\Windows\System\XdIsEap.exe

C:\Windows\System\JVAdcIL.exe

C:\Windows\System\JVAdcIL.exe

C:\Windows\System\PySaFWo.exe

C:\Windows\System\PySaFWo.exe

C:\Windows\System\BvezlaB.exe

C:\Windows\System\BvezlaB.exe

C:\Windows\System\TZTIQhu.exe

C:\Windows\System\TZTIQhu.exe

C:\Windows\System\HEDdGvZ.exe

C:\Windows\System\HEDdGvZ.exe

C:\Windows\System\OFEAwTz.exe

C:\Windows\System\OFEAwTz.exe

C:\Windows\System\rBSbHXZ.exe

C:\Windows\System\rBSbHXZ.exe

C:\Windows\System\HeTAtOq.exe

C:\Windows\System\HeTAtOq.exe

C:\Windows\System\SGmeyMo.exe

C:\Windows\System\SGmeyMo.exe

C:\Windows\System\tBvDffs.exe

C:\Windows\System\tBvDffs.exe

C:\Windows\System\hjbqcPf.exe

C:\Windows\System\hjbqcPf.exe

C:\Windows\System\eMGqCRB.exe

C:\Windows\System\eMGqCRB.exe

C:\Windows\System\pwbsJQo.exe

C:\Windows\System\pwbsJQo.exe

C:\Windows\System\vJTgugF.exe

C:\Windows\System\vJTgugF.exe

C:\Windows\System\HisEVaB.exe

C:\Windows\System\HisEVaB.exe

C:\Windows\System\HTUASNh.exe

C:\Windows\System\HTUASNh.exe

C:\Windows\System\dVcMjUD.exe

C:\Windows\System\dVcMjUD.exe

C:\Windows\System\yAVKBix.exe

C:\Windows\System\yAVKBix.exe

C:\Windows\System\jlMhMuT.exe

C:\Windows\System\jlMhMuT.exe

C:\Windows\System\OpgjyoD.exe

C:\Windows\System\OpgjyoD.exe

C:\Windows\System\YupqKQD.exe

C:\Windows\System\YupqKQD.exe

C:\Windows\System\asdCsvZ.exe

C:\Windows\System\asdCsvZ.exe

C:\Windows\System\RlBaEnf.exe

C:\Windows\System\RlBaEnf.exe

C:\Windows\System\DLzzqOh.exe

C:\Windows\System\DLzzqOh.exe

C:\Windows\System\VdRazdw.exe

C:\Windows\System\VdRazdw.exe

C:\Windows\System\iOrGjgk.exe

C:\Windows\System\iOrGjgk.exe

C:\Windows\System\hOQXkSZ.exe

C:\Windows\System\hOQXkSZ.exe

C:\Windows\System\PYHZeYa.exe

C:\Windows\System\PYHZeYa.exe

C:\Windows\System\QzeAPeS.exe

C:\Windows\System\QzeAPeS.exe

C:\Windows\System\pMklJjT.exe

C:\Windows\System\pMklJjT.exe

C:\Windows\System\JRwIjzO.exe

C:\Windows\System\JRwIjzO.exe

C:\Windows\System\VcgLqHa.exe

C:\Windows\System\VcgLqHa.exe

C:\Windows\System\DANZoeW.exe

C:\Windows\System\DANZoeW.exe

C:\Windows\System\XlkRDNo.exe

C:\Windows\System\XlkRDNo.exe

C:\Windows\System\euYQabZ.exe

C:\Windows\System\euYQabZ.exe

C:\Windows\System\lUCqblT.exe

C:\Windows\System\lUCqblT.exe

C:\Windows\System\kARPGpt.exe

C:\Windows\System\kARPGpt.exe

C:\Windows\System\sInohVy.exe

C:\Windows\System\sInohVy.exe

C:\Windows\System\oAxUSTr.exe

C:\Windows\System\oAxUSTr.exe

C:\Windows\System\tuZKEhD.exe

C:\Windows\System\tuZKEhD.exe

C:\Windows\System\FnRezrB.exe

C:\Windows\System\FnRezrB.exe

C:\Windows\System\CZaslqt.exe

C:\Windows\System\CZaslqt.exe

C:\Windows\System\pZtfFug.exe

C:\Windows\System\pZtfFug.exe

C:\Windows\System\fcyEESg.exe

C:\Windows\System\fcyEESg.exe

C:\Windows\System\KgwsIgB.exe

C:\Windows\System\KgwsIgB.exe

C:\Windows\System\BzmnkAQ.exe

C:\Windows\System\BzmnkAQ.exe

C:\Windows\System\MWBHWiO.exe

C:\Windows\System\MWBHWiO.exe

C:\Windows\System\pZBpfvw.exe

C:\Windows\System\pZBpfvw.exe

C:\Windows\System\foSPpPQ.exe

C:\Windows\System\foSPpPQ.exe

C:\Windows\System\AjmYWdj.exe

C:\Windows\System\AjmYWdj.exe

C:\Windows\System\hjbvvyq.exe

C:\Windows\System\hjbvvyq.exe

C:\Windows\System\dMsdnHX.exe

C:\Windows\System\dMsdnHX.exe

C:\Windows\System\SzScgWA.exe

C:\Windows\System\SzScgWA.exe

C:\Windows\System\JQxcytS.exe

C:\Windows\System\JQxcytS.exe

C:\Windows\System\BSFEfNQ.exe

C:\Windows\System\BSFEfNQ.exe

C:\Windows\System\SpPPrmT.exe

C:\Windows\System\SpPPrmT.exe

C:\Windows\System\SSGofdd.exe

C:\Windows\System\SSGofdd.exe

C:\Windows\System\lphdydC.exe

C:\Windows\System\lphdydC.exe

C:\Windows\System\MZrfvaW.exe

C:\Windows\System\MZrfvaW.exe

C:\Windows\System\wpXBNNc.exe

C:\Windows\System\wpXBNNc.exe

C:\Windows\System\SpQhrfM.exe

C:\Windows\System\SpQhrfM.exe

C:\Windows\System\LHVHuYj.exe

C:\Windows\System\LHVHuYj.exe

C:\Windows\System\vQxsSQN.exe

C:\Windows\System\vQxsSQN.exe

C:\Windows\System\dzdIONX.exe

C:\Windows\System\dzdIONX.exe

C:\Windows\System\qPDCmIt.exe

C:\Windows\System\qPDCmIt.exe

C:\Windows\System\XmBwydw.exe

C:\Windows\System\XmBwydw.exe

C:\Windows\System\PtZrEHh.exe

C:\Windows\System\PtZrEHh.exe

C:\Windows\System\VGVMhOp.exe

C:\Windows\System\VGVMhOp.exe

C:\Windows\System\HdlotfX.exe

C:\Windows\System\HdlotfX.exe

C:\Windows\System\JyVFBsP.exe

C:\Windows\System\JyVFBsP.exe

C:\Windows\System\IoWYSgo.exe

C:\Windows\System\IoWYSgo.exe

C:\Windows\System\DIeGJRo.exe

C:\Windows\System\DIeGJRo.exe

C:\Windows\System\vYPxdOR.exe

C:\Windows\System\vYPxdOR.exe

C:\Windows\System\kHpygpF.exe

C:\Windows\System\kHpygpF.exe

C:\Windows\System\eoIgvdu.exe

C:\Windows\System\eoIgvdu.exe

C:\Windows\System\sGFhjOv.exe

C:\Windows\System\sGFhjOv.exe

C:\Windows\System\IvAJwpf.exe

C:\Windows\System\IvAJwpf.exe

C:\Windows\System\PgncVDv.exe

C:\Windows\System\PgncVDv.exe

C:\Windows\System\wxTXDaT.exe

C:\Windows\System\wxTXDaT.exe

C:\Windows\System\aMdFNun.exe

C:\Windows\System\aMdFNun.exe

C:\Windows\System\xLHTCHn.exe

C:\Windows\System\xLHTCHn.exe

C:\Windows\System\bKgeYOi.exe

C:\Windows\System\bKgeYOi.exe

C:\Windows\System\SEIBpuf.exe

C:\Windows\System\SEIBpuf.exe

C:\Windows\System\NbStVVu.exe

C:\Windows\System\NbStVVu.exe

C:\Windows\System\EySCGJp.exe

C:\Windows\System\EySCGJp.exe

C:\Windows\System\IRpuSaQ.exe

C:\Windows\System\IRpuSaQ.exe

C:\Windows\System\nnZELxz.exe

C:\Windows\System\nnZELxz.exe

C:\Windows\System\MblJLNu.exe

C:\Windows\System\MblJLNu.exe

C:\Windows\System\Ydsjhxk.exe

C:\Windows\System\Ydsjhxk.exe

C:\Windows\System\mVJLxMS.exe

C:\Windows\System\mVJLxMS.exe

C:\Windows\System\cgNJFRl.exe

C:\Windows\System\cgNJFRl.exe

C:\Windows\System\wmpzzgk.exe

C:\Windows\System\wmpzzgk.exe

C:\Windows\System\CkJCFzY.exe

C:\Windows\System\CkJCFzY.exe

C:\Windows\System\nZApOCh.exe

C:\Windows\System\nZApOCh.exe

C:\Windows\System\swbUbJN.exe

C:\Windows\System\swbUbJN.exe

C:\Windows\System\apvjEmi.exe

C:\Windows\System\apvjEmi.exe

C:\Windows\System\hkRxBKo.exe

C:\Windows\System\hkRxBKo.exe

C:\Windows\System\KQRcVFz.exe

C:\Windows\System\KQRcVFz.exe

C:\Windows\System\AoKhfxo.exe

C:\Windows\System\AoKhfxo.exe

C:\Windows\System\rjKaNAk.exe

C:\Windows\System\rjKaNAk.exe

C:\Windows\System\vNkuBux.exe

C:\Windows\System\vNkuBux.exe

C:\Windows\System\EbkBVin.exe

C:\Windows\System\EbkBVin.exe

C:\Windows\System\UDORZQN.exe

C:\Windows\System\UDORZQN.exe

C:\Windows\System\eaPGLmd.exe

C:\Windows\System\eaPGLmd.exe

C:\Windows\System\ZlUfvgV.exe

C:\Windows\System\ZlUfvgV.exe

C:\Windows\System\iJfNQqC.exe

C:\Windows\System\iJfNQqC.exe

C:\Windows\System\AoiMfQg.exe

C:\Windows\System\AoiMfQg.exe

C:\Windows\System\XJVSnfb.exe

C:\Windows\System\XJVSnfb.exe

C:\Windows\System\aAIPMAY.exe

C:\Windows\System\aAIPMAY.exe

C:\Windows\System\RLEcwEh.exe

C:\Windows\System\RLEcwEh.exe

C:\Windows\System\qjArqQU.exe

C:\Windows\System\qjArqQU.exe

C:\Windows\System\iZzSiEQ.exe

C:\Windows\System\iZzSiEQ.exe

C:\Windows\System\ixRRXBm.exe

C:\Windows\System\ixRRXBm.exe

C:\Windows\System\zJOJoal.exe

C:\Windows\System\zJOJoal.exe

C:\Windows\System\EbdINUy.exe

C:\Windows\System\EbdINUy.exe

C:\Windows\System\ErMFnyJ.exe

C:\Windows\System\ErMFnyJ.exe

C:\Windows\System\lvxsHQY.exe

C:\Windows\System\lvxsHQY.exe

C:\Windows\System\RHqnPcz.exe

C:\Windows\System\RHqnPcz.exe

C:\Windows\System\mDFyGIO.exe

C:\Windows\System\mDFyGIO.exe

C:\Windows\System\XCRnhsM.exe

C:\Windows\System\XCRnhsM.exe

C:\Windows\System\RjgyWbg.exe

C:\Windows\System\RjgyWbg.exe

C:\Windows\System\WhjpPXc.exe

C:\Windows\System\WhjpPXc.exe

C:\Windows\System\sLVFbhs.exe

C:\Windows\System\sLVFbhs.exe

C:\Windows\System\kbKqxBL.exe

C:\Windows\System\kbKqxBL.exe

C:\Windows\System\pTjpqje.exe

C:\Windows\System\pTjpqje.exe

C:\Windows\System\IMQXcJA.exe

C:\Windows\System\IMQXcJA.exe

C:\Windows\System\fZQDgtv.exe

C:\Windows\System\fZQDgtv.exe

C:\Windows\System\VgVYXxe.exe

C:\Windows\System\VgVYXxe.exe

C:\Windows\System\qHPFqPo.exe

C:\Windows\System\qHPFqPo.exe

C:\Windows\System\VdHYAyQ.exe

C:\Windows\System\VdHYAyQ.exe

C:\Windows\System\tUdKeiv.exe

C:\Windows\System\tUdKeiv.exe

C:\Windows\System\DdPhzSh.exe

C:\Windows\System\DdPhzSh.exe

C:\Windows\System\sNRePIB.exe

C:\Windows\System\sNRePIB.exe

C:\Windows\System\ncWVEkF.exe

C:\Windows\System\ncWVEkF.exe

C:\Windows\System\LbkJXRs.exe

C:\Windows\System\LbkJXRs.exe

C:\Windows\System\CuwINBH.exe

C:\Windows\System\CuwINBH.exe

C:\Windows\System\bapfVkV.exe

C:\Windows\System\bapfVkV.exe

C:\Windows\System\xVxSJAG.exe

C:\Windows\System\xVxSJAG.exe

C:\Windows\System\vxtwwDD.exe

C:\Windows\System\vxtwwDD.exe

C:\Windows\System\mKtOVXo.exe

C:\Windows\System\mKtOVXo.exe

C:\Windows\System\oxoOKji.exe

C:\Windows\System\oxoOKji.exe

C:\Windows\System\LxAOGJL.exe

C:\Windows\System\LxAOGJL.exe

C:\Windows\System\DcQduDZ.exe

C:\Windows\System\DcQduDZ.exe

C:\Windows\System\OrUrznd.exe

C:\Windows\System\OrUrznd.exe

C:\Windows\System\VemxXpD.exe

C:\Windows\System\VemxXpD.exe

C:\Windows\System\lgBOuQC.exe

C:\Windows\System\lgBOuQC.exe

C:\Windows\System\MsAgvWq.exe

C:\Windows\System\MsAgvWq.exe

C:\Windows\System\EXZaxln.exe

C:\Windows\System\EXZaxln.exe

C:\Windows\System\ZJmFFgX.exe

C:\Windows\System\ZJmFFgX.exe

C:\Windows\System\XTOsdtS.exe

C:\Windows\System\XTOsdtS.exe

C:\Windows\System\ekSmesP.exe

C:\Windows\System\ekSmesP.exe

C:\Windows\System\pGujTuU.exe

C:\Windows\System\pGujTuU.exe

C:\Windows\System\ELsaVFz.exe

C:\Windows\System\ELsaVFz.exe

C:\Windows\System\xiKBYKM.exe

C:\Windows\System\xiKBYKM.exe

C:\Windows\System\bovaAjo.exe

C:\Windows\System\bovaAjo.exe

C:\Windows\System\KCMOSsg.exe

C:\Windows\System\KCMOSsg.exe

C:\Windows\System\OkrHfZi.exe

C:\Windows\System\OkrHfZi.exe

C:\Windows\System\zCBGUwB.exe

C:\Windows\System\zCBGUwB.exe

C:\Windows\System\UHqtTNw.exe

C:\Windows\System\UHqtTNw.exe

C:\Windows\System\ZqQPxLP.exe

C:\Windows\System\ZqQPxLP.exe

C:\Windows\System\XGZQctd.exe

C:\Windows\System\XGZQctd.exe

C:\Windows\System\PHsHaLp.exe

C:\Windows\System\PHsHaLp.exe

C:\Windows\System\FcoppSJ.exe

C:\Windows\System\FcoppSJ.exe

C:\Windows\System\pOSssGI.exe

C:\Windows\System\pOSssGI.exe

C:\Windows\System\ytSkPct.exe

C:\Windows\System\ytSkPct.exe

C:\Windows\System\xnKHGpi.exe

C:\Windows\System\xnKHGpi.exe

C:\Windows\System\ClBCWTX.exe

C:\Windows\System\ClBCWTX.exe

C:\Windows\System\VFFqpQt.exe

C:\Windows\System\VFFqpQt.exe

C:\Windows\System\ZIRSoDo.exe

C:\Windows\System\ZIRSoDo.exe

C:\Windows\System\URfjusn.exe

C:\Windows\System\URfjusn.exe

C:\Windows\System\PMkQeJn.exe

C:\Windows\System\PMkQeJn.exe

C:\Windows\System\iDNCJbx.exe

C:\Windows\System\iDNCJbx.exe

C:\Windows\System\bEDuEUU.exe

C:\Windows\System\bEDuEUU.exe

C:\Windows\System\ZITXZgQ.exe

C:\Windows\System\ZITXZgQ.exe

C:\Windows\System\WUZIGUa.exe

C:\Windows\System\WUZIGUa.exe

C:\Windows\System\VYYcMqJ.exe

C:\Windows\System\VYYcMqJ.exe

C:\Windows\System\kHZmOvz.exe

C:\Windows\System\kHZmOvz.exe

C:\Windows\System\BCtZyxw.exe

C:\Windows\System\BCtZyxw.exe

C:\Windows\System\egAswZU.exe

C:\Windows\System\egAswZU.exe

C:\Windows\System\bsNXoUG.exe

C:\Windows\System\bsNXoUG.exe

C:\Windows\System\JVuXGrJ.exe

C:\Windows\System\JVuXGrJ.exe

C:\Windows\System\xUjNpGS.exe

C:\Windows\System\xUjNpGS.exe

C:\Windows\System\QcYosjF.exe

C:\Windows\System\QcYosjF.exe

C:\Windows\System\CPZrjHj.exe

C:\Windows\System\CPZrjHj.exe

C:\Windows\System\YRCPjUW.exe

C:\Windows\System\YRCPjUW.exe

C:\Windows\System\htvQbbj.exe

C:\Windows\System\htvQbbj.exe

C:\Windows\System\tlollHQ.exe

C:\Windows\System\tlollHQ.exe

C:\Windows\System\rRNBPYk.exe

C:\Windows\System\rRNBPYk.exe

C:\Windows\System\CNJQmnZ.exe

C:\Windows\System\CNJQmnZ.exe

C:\Windows\System\RzvWjoo.exe

C:\Windows\System\RzvWjoo.exe

C:\Windows\System\gBVVuXX.exe

C:\Windows\System\gBVVuXX.exe

C:\Windows\System\ergtEOV.exe

C:\Windows\System\ergtEOV.exe

C:\Windows\System\SHACoif.exe

C:\Windows\System\SHACoif.exe

C:\Windows\System\ofPLAsW.exe

C:\Windows\System\ofPLAsW.exe

C:\Windows\System\GUazRZw.exe

C:\Windows\System\GUazRZw.exe

C:\Windows\System\QZekYWJ.exe

C:\Windows\System\QZekYWJ.exe

C:\Windows\System\CdglYWH.exe

C:\Windows\System\CdglYWH.exe

C:\Windows\System\pCUvcQK.exe

C:\Windows\System\pCUvcQK.exe

C:\Windows\System\UdFbFQt.exe

C:\Windows\System\UdFbFQt.exe

C:\Windows\System\eHJqdqW.exe

C:\Windows\System\eHJqdqW.exe

C:\Windows\System\nyHXopU.exe

C:\Windows\System\nyHXopU.exe

C:\Windows\System\nrshRZM.exe

C:\Windows\System\nrshRZM.exe

C:\Windows\System\bkeqKDb.exe

C:\Windows\System\bkeqKDb.exe

C:\Windows\System\jelCWnH.exe

C:\Windows\System\jelCWnH.exe

C:\Windows\System\CqOrvOa.exe

C:\Windows\System\CqOrvOa.exe

C:\Windows\System\vziGZeR.exe

C:\Windows\System\vziGZeR.exe

C:\Windows\System\QOxgnOf.exe

C:\Windows\System\QOxgnOf.exe

C:\Windows\System\YmDAVpw.exe

C:\Windows\System\YmDAVpw.exe

C:\Windows\System\JDiVhGZ.exe

C:\Windows\System\JDiVhGZ.exe

C:\Windows\System\xxpaILc.exe

C:\Windows\System\xxpaILc.exe

C:\Windows\System\eyFcUMT.exe

C:\Windows\System\eyFcUMT.exe

C:\Windows\System\itExXpQ.exe

C:\Windows\System\itExXpQ.exe

C:\Windows\System\MXJhjzS.exe

C:\Windows\System\MXJhjzS.exe

C:\Windows\System\AiYpqDr.exe

C:\Windows\System\AiYpqDr.exe

C:\Windows\System\fUTolkg.exe

C:\Windows\System\fUTolkg.exe

C:\Windows\System\dJJBLbH.exe

C:\Windows\System\dJJBLbH.exe

C:\Windows\System\qqNrroM.exe

C:\Windows\System\qqNrroM.exe

C:\Windows\System\tzemyAH.exe

C:\Windows\System\tzemyAH.exe

C:\Windows\System\hpCRxIi.exe

C:\Windows\System\hpCRxIi.exe

C:\Windows\System\vnUYnOr.exe

C:\Windows\System\vnUYnOr.exe

C:\Windows\System\PnIUEpB.exe

C:\Windows\System\PnIUEpB.exe

C:\Windows\System\EpvWsBB.exe

C:\Windows\System\EpvWsBB.exe

C:\Windows\System\uobpTho.exe

C:\Windows\System\uobpTho.exe

C:\Windows\System\VlAsyYE.exe

C:\Windows\System\VlAsyYE.exe

C:\Windows\System\FteMVPR.exe

C:\Windows\System\FteMVPR.exe

C:\Windows\System\FQuaPVF.exe

C:\Windows\System\FQuaPVF.exe

C:\Windows\System\GxjDtPi.exe

C:\Windows\System\GxjDtPi.exe

C:\Windows\System\qmQVtTD.exe

C:\Windows\System\qmQVtTD.exe

C:\Windows\System\Ycyjsyr.exe

C:\Windows\System\Ycyjsyr.exe

C:\Windows\System\AFJxCcF.exe

C:\Windows\System\AFJxCcF.exe

C:\Windows\System\peDEEmm.exe

C:\Windows\System\peDEEmm.exe

C:\Windows\System\yrFXHIA.exe

C:\Windows\System\yrFXHIA.exe

C:\Windows\System\dEiurum.exe

C:\Windows\System\dEiurum.exe

C:\Windows\System\nbBssPC.exe

C:\Windows\System\nbBssPC.exe

C:\Windows\System\ZFeJMZQ.exe

C:\Windows\System\ZFeJMZQ.exe

C:\Windows\System\BbyxQuK.exe

C:\Windows\System\BbyxQuK.exe

C:\Windows\System\ubAaryY.exe

C:\Windows\System\ubAaryY.exe

C:\Windows\System\pefgIPC.exe

C:\Windows\System\pefgIPC.exe

C:\Windows\System\nPIJWNV.exe

C:\Windows\System\nPIJWNV.exe

C:\Windows\System\SqsdGpH.exe

C:\Windows\System\SqsdGpH.exe

C:\Windows\System\xGZJjIK.exe

C:\Windows\System\xGZJjIK.exe

C:\Windows\System\TfaJAEE.exe

C:\Windows\System\TfaJAEE.exe

C:\Windows\System\YCLZZpR.exe

C:\Windows\System\YCLZZpR.exe

C:\Windows\System\ZWmDiFt.exe

C:\Windows\System\ZWmDiFt.exe

C:\Windows\System\DPWjxHa.exe

C:\Windows\System\DPWjxHa.exe

C:\Windows\System\ddIpscQ.exe

C:\Windows\System\ddIpscQ.exe

C:\Windows\System\MweDfAs.exe

C:\Windows\System\MweDfAs.exe

C:\Windows\System\qDgjtPm.exe

C:\Windows\System\qDgjtPm.exe

C:\Windows\System\PFpxJAP.exe

C:\Windows\System\PFpxJAP.exe

C:\Windows\System\SPGULYa.exe

C:\Windows\System\SPGULYa.exe

C:\Windows\System\psjTUXf.exe

C:\Windows\System\psjTUXf.exe

C:\Windows\System\SddmGeI.exe

C:\Windows\System\SddmGeI.exe

C:\Windows\System\UNRDhFY.exe

C:\Windows\System\UNRDhFY.exe

C:\Windows\System\ZijCnjP.exe

C:\Windows\System\ZijCnjP.exe

C:\Windows\System\bUqoXjz.exe

C:\Windows\System\bUqoXjz.exe

C:\Windows\System\CzthNFE.exe

C:\Windows\System\CzthNFE.exe

C:\Windows\System\JIJRTLY.exe

C:\Windows\System\JIJRTLY.exe

C:\Windows\System\WYmyhOz.exe

C:\Windows\System\WYmyhOz.exe

C:\Windows\System\yCkCtnP.exe

C:\Windows\System\yCkCtnP.exe

C:\Windows\System\yWWCmxb.exe

C:\Windows\System\yWWCmxb.exe

C:\Windows\System\nzVnCBT.exe

C:\Windows\System\nzVnCBT.exe

C:\Windows\System\KGLzuiO.exe

C:\Windows\System\KGLzuiO.exe

C:\Windows\System\mpAkmIf.exe

C:\Windows\System\mpAkmIf.exe

C:\Windows\System\byAINEO.exe

C:\Windows\System\byAINEO.exe

C:\Windows\System\PXrVXpl.exe

C:\Windows\System\PXrVXpl.exe

C:\Windows\System\MvWFNOn.exe

C:\Windows\System\MvWFNOn.exe

C:\Windows\System\fsFrGPt.exe

C:\Windows\System\fsFrGPt.exe

C:\Windows\System\UUGzEKF.exe

C:\Windows\System\UUGzEKF.exe

C:\Windows\System\WqqZIfH.exe

C:\Windows\System\WqqZIfH.exe

C:\Windows\System\mNAcNzj.exe

C:\Windows\System\mNAcNzj.exe

C:\Windows\System\WzcWZRn.exe

C:\Windows\System\WzcWZRn.exe

C:\Windows\System\UQYGDFw.exe

C:\Windows\System\UQYGDFw.exe

C:\Windows\System\ApiLNjO.exe

C:\Windows\System\ApiLNjO.exe

C:\Windows\System\zJsmpsN.exe

C:\Windows\System\zJsmpsN.exe

C:\Windows\System\MsvfSis.exe

C:\Windows\System\MsvfSis.exe

C:\Windows\System\AfouSLj.exe

C:\Windows\System\AfouSLj.exe

C:\Windows\System\ldKRyUy.exe

C:\Windows\System\ldKRyUy.exe

C:\Windows\System\WypUIga.exe

C:\Windows\System\WypUIga.exe

C:\Windows\System\OQefPuK.exe

C:\Windows\System\OQefPuK.exe

C:\Windows\System\yOfYitu.exe

C:\Windows\System\yOfYitu.exe

C:\Windows\System\hmKfSaP.exe

C:\Windows\System\hmKfSaP.exe

C:\Windows\System\CzQMnkP.exe

C:\Windows\System\CzQMnkP.exe

C:\Windows\System\nfiejpC.exe

C:\Windows\System\nfiejpC.exe

C:\Windows\System\ExIwNgc.exe

C:\Windows\System\ExIwNgc.exe

C:\Windows\System\PJfGpFF.exe

C:\Windows\System\PJfGpFF.exe

C:\Windows\System\ciBsxFe.exe

C:\Windows\System\ciBsxFe.exe

C:\Windows\System\ydSiGXs.exe

C:\Windows\System\ydSiGXs.exe

C:\Windows\System\fcTRqni.exe

C:\Windows\System\fcTRqni.exe

C:\Windows\System\aJQyngb.exe

C:\Windows\System\aJQyngb.exe

C:\Windows\System\NZiGrsl.exe

C:\Windows\System\NZiGrsl.exe

C:\Windows\System\vrLDayo.exe

C:\Windows\System\vrLDayo.exe

C:\Windows\System\TIazIzx.exe

C:\Windows\System\TIazIzx.exe

C:\Windows\System\PSdqtOk.exe

C:\Windows\System\PSdqtOk.exe

C:\Windows\System\ADEIPSa.exe

C:\Windows\System\ADEIPSa.exe

C:\Windows\System\mmoJpzS.exe

C:\Windows\System\mmoJpzS.exe

C:\Windows\System\lgAHcZJ.exe

C:\Windows\System\lgAHcZJ.exe

C:\Windows\System\wVXlMsX.exe

C:\Windows\System\wVXlMsX.exe

C:\Windows\System\AdCiOCp.exe

C:\Windows\System\AdCiOCp.exe

C:\Windows\System\DbMdGgA.exe

C:\Windows\System\DbMdGgA.exe

C:\Windows\System\AbrxhNd.exe

C:\Windows\System\AbrxhNd.exe

C:\Windows\System\vlkBmlt.exe

C:\Windows\System\vlkBmlt.exe

C:\Windows\System\AtsblJv.exe

C:\Windows\System\AtsblJv.exe

C:\Windows\System\ShiJhPJ.exe

C:\Windows\System\ShiJhPJ.exe

C:\Windows\System\YUefoRV.exe

C:\Windows\System\YUefoRV.exe

C:\Windows\System\qmGmyvM.exe

C:\Windows\System\qmGmyvM.exe

C:\Windows\System\QKGphdE.exe

C:\Windows\System\QKGphdE.exe

C:\Windows\System\FpfxUUI.exe

C:\Windows\System\FpfxUUI.exe

C:\Windows\System\bwdJaRn.exe

C:\Windows\System\bwdJaRn.exe

C:\Windows\System\CYNXDNY.exe

C:\Windows\System\CYNXDNY.exe

C:\Windows\System\IczyiFd.exe

C:\Windows\System\IczyiFd.exe

C:\Windows\System\xruRZuk.exe

C:\Windows\System\xruRZuk.exe

C:\Windows\System\ICZAyIB.exe

C:\Windows\System\ICZAyIB.exe

C:\Windows\System\FihZVQe.exe

C:\Windows\System\FihZVQe.exe

C:\Windows\System\MRknHyG.exe

C:\Windows\System\MRknHyG.exe

C:\Windows\System\otPHuHo.exe

C:\Windows\System\otPHuHo.exe

C:\Windows\System\lllxboD.exe

C:\Windows\System\lllxboD.exe

C:\Windows\System\EZjjkdE.exe

C:\Windows\System\EZjjkdE.exe

C:\Windows\System\FrotNAw.exe

C:\Windows\System\FrotNAw.exe

C:\Windows\System\zGpbwvA.exe

C:\Windows\System\zGpbwvA.exe

C:\Windows\System\CRFyGsd.exe

C:\Windows\System\CRFyGsd.exe

C:\Windows\System\EHvfcwD.exe

C:\Windows\System\EHvfcwD.exe

C:\Windows\System\kIcuhDW.exe

C:\Windows\System\kIcuhDW.exe

C:\Windows\System\jkaLDQh.exe

C:\Windows\System\jkaLDQh.exe

C:\Windows\System\yIKlNDM.exe

C:\Windows\System\yIKlNDM.exe

C:\Windows\System\xpmqHij.exe

C:\Windows\System\xpmqHij.exe

C:\Windows\System\AzviSbs.exe

C:\Windows\System\AzviSbs.exe

C:\Windows\System\KRCCzZd.exe

C:\Windows\System\KRCCzZd.exe

C:\Windows\System\qdeHgLT.exe

C:\Windows\System\qdeHgLT.exe

C:\Windows\System\WAjxJlw.exe

C:\Windows\System\WAjxJlw.exe

C:\Windows\System\dKKkYge.exe

C:\Windows\System\dKKkYge.exe

C:\Windows\System\DQQysqD.exe

C:\Windows\System\DQQysqD.exe

C:\Windows\System\YLUTTgB.exe

C:\Windows\System\YLUTTgB.exe

C:\Windows\System\geaHpYc.exe

C:\Windows\System\geaHpYc.exe

C:\Windows\System\BZDkqiG.exe

C:\Windows\System\BZDkqiG.exe

C:\Windows\System\mHtxyGr.exe

C:\Windows\System\mHtxyGr.exe

C:\Windows\System\tlnQYuN.exe

C:\Windows\System\tlnQYuN.exe

C:\Windows\System\vHkjaCV.exe

C:\Windows\System\vHkjaCV.exe

C:\Windows\System\qApvORU.exe

C:\Windows\System\qApvORU.exe

C:\Windows\System\hktrdLG.exe

C:\Windows\System\hktrdLG.exe

C:\Windows\System\SuIhvtQ.exe

C:\Windows\System\SuIhvtQ.exe

C:\Windows\System\LNKwMCS.exe

C:\Windows\System\LNKwMCS.exe

C:\Windows\System\zbkIUJk.exe

C:\Windows\System\zbkIUJk.exe

C:\Windows\System\CKTFcUo.exe

C:\Windows\System\CKTFcUo.exe

C:\Windows\System\QTcWRFi.exe

C:\Windows\System\QTcWRFi.exe

C:\Windows\System\nHcIPHG.exe

C:\Windows\System\nHcIPHG.exe

C:\Windows\System\tPlWNgL.exe

C:\Windows\System\tPlWNgL.exe

C:\Windows\System\Ruuxnwp.exe

C:\Windows\System\Ruuxnwp.exe

C:\Windows\System\wNRrRxk.exe

C:\Windows\System\wNRrRxk.exe

C:\Windows\System\POFTqzu.exe

C:\Windows\System\POFTqzu.exe

C:\Windows\System\cXsDYdr.exe

C:\Windows\System\cXsDYdr.exe

C:\Windows\System\vVVXhuR.exe

C:\Windows\System\vVVXhuR.exe

C:\Windows\System\rukNLXd.exe

C:\Windows\System\rukNLXd.exe

C:\Windows\System\nievfEo.exe

C:\Windows\System\nievfEo.exe

C:\Windows\System\fZlJzdy.exe

C:\Windows\System\fZlJzdy.exe

C:\Windows\System\bWkJRtS.exe

C:\Windows\System\bWkJRtS.exe

C:\Windows\System\cGswNvp.exe

C:\Windows\System\cGswNvp.exe

C:\Windows\System\gcflCbP.exe

C:\Windows\System\gcflCbP.exe

C:\Windows\System\fXoVBXB.exe

C:\Windows\System\fXoVBXB.exe

C:\Windows\System\hWjbpEm.exe

C:\Windows\System\hWjbpEm.exe

C:\Windows\System\pNBIBHW.exe

C:\Windows\System\pNBIBHW.exe

C:\Windows\System\sIJWiQW.exe

C:\Windows\System\sIJWiQW.exe

C:\Windows\System\fuycXTw.exe

C:\Windows\System\fuycXTw.exe

C:\Windows\System\MTPePTa.exe

C:\Windows\System\MTPePTa.exe

C:\Windows\System\KZBozOu.exe

C:\Windows\System\KZBozOu.exe

C:\Windows\System\xlPRcZv.exe

C:\Windows\System\xlPRcZv.exe

C:\Windows\System\ailQsGq.exe

C:\Windows\System\ailQsGq.exe

C:\Windows\System\vzLKMal.exe

C:\Windows\System\vzLKMal.exe

C:\Windows\System\YYLhhCA.exe

C:\Windows\System\YYLhhCA.exe

C:\Windows\System\rYbpOGt.exe

C:\Windows\System\rYbpOGt.exe

C:\Windows\System\mlxGKXp.exe

C:\Windows\System\mlxGKXp.exe

C:\Windows\System\jlUadXq.exe

C:\Windows\System\jlUadXq.exe

C:\Windows\System\pIvBIAw.exe

C:\Windows\System\pIvBIAw.exe

C:\Windows\System\MkaugPv.exe

C:\Windows\System\MkaugPv.exe

C:\Windows\System\LMKeZAA.exe

C:\Windows\System\LMKeZAA.exe

C:\Windows\System\wJREGNV.exe

C:\Windows\System\wJREGNV.exe

C:\Windows\System\PMpIXCZ.exe

C:\Windows\System\PMpIXCZ.exe

C:\Windows\System\TXJcPHD.exe

C:\Windows\System\TXJcPHD.exe

C:\Windows\System\whATeOT.exe

C:\Windows\System\whATeOT.exe

C:\Windows\System\EbftEPY.exe

C:\Windows\System\EbftEPY.exe

C:\Windows\System\vLiSSYE.exe

C:\Windows\System\vLiSSYE.exe

C:\Windows\System\JQVjWBR.exe

C:\Windows\System\JQVjWBR.exe

C:\Windows\System\thlCNlo.exe

C:\Windows\System\thlCNlo.exe

C:\Windows\System\VoOyZcJ.exe

C:\Windows\System\VoOyZcJ.exe

C:\Windows\System\FqsfOJy.exe

C:\Windows\System\FqsfOJy.exe

C:\Windows\System\nCyjzQC.exe

C:\Windows\System\nCyjzQC.exe

C:\Windows\System\NkkldEF.exe

C:\Windows\System\NkkldEF.exe

C:\Windows\System\rgByzNm.exe

C:\Windows\System\rgByzNm.exe

C:\Windows\System\jzXPuQQ.exe

C:\Windows\System\jzXPuQQ.exe

C:\Windows\System\MCQRzXT.exe

C:\Windows\System\MCQRzXT.exe

C:\Windows\System\kqzWHod.exe

C:\Windows\System\kqzWHod.exe

C:\Windows\System\csXkrcb.exe

C:\Windows\System\csXkrcb.exe

C:\Windows\System\zDfdiLs.exe

C:\Windows\System\zDfdiLs.exe

C:\Windows\System\pPnrUfX.exe

C:\Windows\System\pPnrUfX.exe

C:\Windows\System\pNdULYG.exe

C:\Windows\System\pNdULYG.exe

C:\Windows\System\uebKnEi.exe

C:\Windows\System\uebKnEi.exe

C:\Windows\System\BDSlUFk.exe

C:\Windows\System\BDSlUFk.exe

C:\Windows\System\zMUUJnq.exe

C:\Windows\System\zMUUJnq.exe

C:\Windows\System\vuCDmtB.exe

C:\Windows\System\vuCDmtB.exe

C:\Windows\System\ASxoqfb.exe

C:\Windows\System\ASxoqfb.exe

C:\Windows\System\oNdWBHS.exe

C:\Windows\System\oNdWBHS.exe

C:\Windows\System\erVxppD.exe

C:\Windows\System\erVxppD.exe

C:\Windows\System\zqBznDj.exe

C:\Windows\System\zqBznDj.exe

C:\Windows\System\idIierQ.exe

C:\Windows\System\idIierQ.exe

C:\Windows\System\LvlzVGM.exe

C:\Windows\System\LvlzVGM.exe

C:\Windows\System\XJokJdn.exe

C:\Windows\System\XJokJdn.exe

C:\Windows\System\QGnrKUx.exe

C:\Windows\System\QGnrKUx.exe

C:\Windows\System\EIkguUP.exe

C:\Windows\System\EIkguUP.exe

C:\Windows\System\xizhbie.exe

C:\Windows\System\xizhbie.exe

C:\Windows\System\ByvYtLf.exe

C:\Windows\System\ByvYtLf.exe

C:\Windows\System\qJcsJCY.exe

C:\Windows\System\qJcsJCY.exe

C:\Windows\System\CuvPhjm.exe

C:\Windows\System\CuvPhjm.exe

C:\Windows\System\oRKPLVT.exe

C:\Windows\System\oRKPLVT.exe

C:\Windows\System\yaKtOqb.exe

C:\Windows\System\yaKtOqb.exe

C:\Windows\System\bhrhhPa.exe

C:\Windows\System\bhrhhPa.exe

C:\Windows\System\SflUMSf.exe

C:\Windows\System\SflUMSf.exe

C:\Windows\System\EyoeKUo.exe

C:\Windows\System\EyoeKUo.exe

C:\Windows\System\TUdykHQ.exe

C:\Windows\System\TUdykHQ.exe

C:\Windows\System\aYDJHvv.exe

C:\Windows\System\aYDJHvv.exe

C:\Windows\System\bSVyVrq.exe

C:\Windows\System\bSVyVrq.exe

C:\Windows\System\YajzjxI.exe

C:\Windows\System\YajzjxI.exe

C:\Windows\System\OQjMfaN.exe

C:\Windows\System\OQjMfaN.exe

C:\Windows\System\xEIJlHD.exe

C:\Windows\System\xEIJlHD.exe

C:\Windows\System\VYBwRLb.exe

C:\Windows\System\VYBwRLb.exe

C:\Windows\System\iUlElGP.exe

C:\Windows\System\iUlElGP.exe

C:\Windows\System\yDsiCoX.exe

C:\Windows\System\yDsiCoX.exe

C:\Windows\System\TqACMCA.exe

C:\Windows\System\TqACMCA.exe

C:\Windows\System\hzLeRsb.exe

C:\Windows\System\hzLeRsb.exe

C:\Windows\System\YrkFbXT.exe

C:\Windows\System\YrkFbXT.exe

C:\Windows\System\xGMtXyp.exe

C:\Windows\System\xGMtXyp.exe

C:\Windows\System\lPSQMmQ.exe

C:\Windows\System\lPSQMmQ.exe

C:\Windows\System\ZzHHGCq.exe

C:\Windows\System\ZzHHGCq.exe

C:\Windows\System\acDDBBP.exe

C:\Windows\System\acDDBBP.exe

C:\Windows\System\fqeWUhs.exe

C:\Windows\System\fqeWUhs.exe

C:\Windows\System\hiabiaf.exe

C:\Windows\System\hiabiaf.exe

C:\Windows\System\vfpiXgb.exe

C:\Windows\System\vfpiXgb.exe

C:\Windows\System\qVTfDiU.exe

C:\Windows\System\qVTfDiU.exe

C:\Windows\System\CPSrCqe.exe

C:\Windows\System\CPSrCqe.exe

C:\Windows\System\JZVExri.exe

C:\Windows\System\JZVExri.exe

C:\Windows\System\RTDzjhi.exe

C:\Windows\System\RTDzjhi.exe

C:\Windows\System\YWrhndG.exe

C:\Windows\System\YWrhndG.exe

C:\Windows\System\sCyZeow.exe

C:\Windows\System\sCyZeow.exe

C:\Windows\System\mZDbwuM.exe

C:\Windows\System\mZDbwuM.exe

C:\Windows\System\bZgWlhH.exe

C:\Windows\System\bZgWlhH.exe

C:\Windows\System\NacdKsU.exe

C:\Windows\System\NacdKsU.exe

C:\Windows\System\JGULoCj.exe

C:\Windows\System\JGULoCj.exe

C:\Windows\System\IAPhHpy.exe

C:\Windows\System\IAPhHpy.exe

C:\Windows\System\JQWVxXz.exe

C:\Windows\System\JQWVxXz.exe

C:\Windows\System\RblYJGn.exe

C:\Windows\System\RblYJGn.exe

C:\Windows\System\tbJsTqj.exe

C:\Windows\System\tbJsTqj.exe

C:\Windows\System\vKDtYGI.exe

C:\Windows\System\vKDtYGI.exe

C:\Windows\System\SoYwQIB.exe

C:\Windows\System\SoYwQIB.exe

C:\Windows\System\nXdnpYy.exe

C:\Windows\System\nXdnpYy.exe

C:\Windows\System\xiGMcGx.exe

C:\Windows\System\xiGMcGx.exe

C:\Windows\System\xhLVGrU.exe

C:\Windows\System\xhLVGrU.exe

C:\Windows\System\bKilnrD.exe

C:\Windows\System\bKilnrD.exe

C:\Windows\System\OwCsNFy.exe

C:\Windows\System\OwCsNFy.exe

C:\Windows\System\HUUTtIk.exe

C:\Windows\System\HUUTtIk.exe

C:\Windows\System\NXjQyMD.exe

C:\Windows\System\NXjQyMD.exe

C:\Windows\System\lpUZspJ.exe

C:\Windows\System\lpUZspJ.exe

C:\Windows\System\YJRRzpK.exe

C:\Windows\System\YJRRzpK.exe

C:\Windows\System\zqQCFGl.exe

C:\Windows\System\zqQCFGl.exe

C:\Windows\System\KBmHqfu.exe

C:\Windows\System\KBmHqfu.exe

C:\Windows\System\LccnjGw.exe

C:\Windows\System\LccnjGw.exe

C:\Windows\System\wkmwGuo.exe

C:\Windows\System\wkmwGuo.exe

C:\Windows\System\gwMBGCz.exe

C:\Windows\System\gwMBGCz.exe

C:\Windows\System\VPcwnDD.exe

C:\Windows\System\VPcwnDD.exe

C:\Windows\System\WLovJGQ.exe

C:\Windows\System\WLovJGQ.exe

C:\Windows\System\kwniyWX.exe

C:\Windows\System\kwniyWX.exe

C:\Windows\System\hwVFutI.exe

C:\Windows\System\hwVFutI.exe

C:\Windows\System\AhPoOWI.exe

C:\Windows\System\AhPoOWI.exe

C:\Windows\System\blmjLQK.exe

C:\Windows\System\blmjLQK.exe

C:\Windows\System\iBtYuHc.exe

C:\Windows\System\iBtYuHc.exe

C:\Windows\System\OJCWJmG.exe

C:\Windows\System\OJCWJmG.exe

C:\Windows\System\kyLOCRi.exe

C:\Windows\System\kyLOCRi.exe

C:\Windows\System\KckmclH.exe

C:\Windows\System\KckmclH.exe

C:\Windows\System\MWcpCsg.exe

C:\Windows\System\MWcpCsg.exe

C:\Windows\System\OmVbmSh.exe

C:\Windows\System\OmVbmSh.exe

C:\Windows\System\WwMxrNY.exe

C:\Windows\System\WwMxrNY.exe

C:\Windows\System\etNNuPJ.exe

C:\Windows\System\etNNuPJ.exe

C:\Windows\System\jumfCCs.exe

C:\Windows\System\jumfCCs.exe

C:\Windows\System\bjFTHeS.exe

C:\Windows\System\bjFTHeS.exe

C:\Windows\System\nOHtKmZ.exe

C:\Windows\System\nOHtKmZ.exe

C:\Windows\System\yXKMUwg.exe

C:\Windows\System\yXKMUwg.exe

C:\Windows\System\ETPMazV.exe

C:\Windows\System\ETPMazV.exe

C:\Windows\System\CYKrjxZ.exe

C:\Windows\System\CYKrjxZ.exe

C:\Windows\System\TVJeXac.exe

C:\Windows\System\TVJeXac.exe

C:\Windows\System\TuBCpPt.exe

C:\Windows\System\TuBCpPt.exe

C:\Windows\System\KfzFRud.exe

C:\Windows\System\KfzFRud.exe

C:\Windows\System\gcbrHXk.exe

C:\Windows\System\gcbrHXk.exe

C:\Windows\System\lqFQUht.exe

C:\Windows\System\lqFQUht.exe

C:\Windows\System\ClQYYZf.exe

C:\Windows\System\ClQYYZf.exe

C:\Windows\System\efbMovq.exe

C:\Windows\System\efbMovq.exe

C:\Windows\System\ShQZokY.exe

C:\Windows\System\ShQZokY.exe

C:\Windows\System\eqtBtmw.exe

C:\Windows\System\eqtBtmw.exe

C:\Windows\System\hHpYgbv.exe

C:\Windows\System\hHpYgbv.exe

C:\Windows\System\xbBJOYr.exe

C:\Windows\System\xbBJOYr.exe

C:\Windows\System\XyImLKm.exe

C:\Windows\System\XyImLKm.exe

C:\Windows\System\mHiHGCN.exe

C:\Windows\System\mHiHGCN.exe

C:\Windows\System\slvgqJm.exe

C:\Windows\System\slvgqJm.exe

C:\Windows\System\fLPwEsG.exe

C:\Windows\System\fLPwEsG.exe

C:\Windows\System\bukDvjN.exe

C:\Windows\System\bukDvjN.exe

C:\Windows\System\PLZYPhK.exe

C:\Windows\System\PLZYPhK.exe

C:\Windows\System\PDreAmM.exe

C:\Windows\System\PDreAmM.exe

C:\Windows\System\nSJGTpz.exe

C:\Windows\System\nSJGTpz.exe

C:\Windows\System\ieDoHxz.exe

C:\Windows\System\ieDoHxz.exe

C:\Windows\System\JEIPPou.exe

C:\Windows\System\JEIPPou.exe

C:\Windows\System\JZKcjmV.exe

C:\Windows\System\JZKcjmV.exe

C:\Windows\System\GOybYOr.exe

C:\Windows\System\GOybYOr.exe

C:\Windows\System\NbPiCVB.exe

C:\Windows\System\NbPiCVB.exe

C:\Windows\System\HEhSeBT.exe

C:\Windows\System\HEhSeBT.exe

C:\Windows\System\aMJwReq.exe

C:\Windows\System\aMJwReq.exe

C:\Windows\System\KypNkNq.exe

C:\Windows\System\KypNkNq.exe

C:\Windows\System\XxFstQq.exe

C:\Windows\System\XxFstQq.exe

C:\Windows\System\ScVxrZx.exe

C:\Windows\System\ScVxrZx.exe

C:\Windows\System\eCoHrmb.exe

C:\Windows\System\eCoHrmb.exe

C:\Windows\System\bRnNKru.exe

C:\Windows\System\bRnNKru.exe

C:\Windows\System\ElScgKX.exe

C:\Windows\System\ElScgKX.exe

C:\Windows\System\JRFNfeD.exe

C:\Windows\System\JRFNfeD.exe

C:\Windows\System\fbgvfMP.exe

C:\Windows\System\fbgvfMP.exe

C:\Windows\System\WMInLoB.exe

C:\Windows\System\WMInLoB.exe

C:\Windows\System\tNutbJj.exe

C:\Windows\System\tNutbJj.exe

C:\Windows\System\MrzEMCE.exe

C:\Windows\System\MrzEMCE.exe

C:\Windows\System\LuIeKRK.exe

C:\Windows\System\LuIeKRK.exe

C:\Windows\System\oPtTDdG.exe

C:\Windows\System\oPtTDdG.exe

C:\Windows\System\xPHMlzo.exe

C:\Windows\System\xPHMlzo.exe

C:\Windows\System\vgGOVEi.exe

C:\Windows\System\vgGOVEi.exe

C:\Windows\System\jdCziWO.exe

C:\Windows\System\jdCziWO.exe

C:\Windows\System\uXuWymq.exe

C:\Windows\System\uXuWymq.exe

C:\Windows\System\hnInLLU.exe

C:\Windows\System\hnInLLU.exe

C:\Windows\System\UdgjlTi.exe

C:\Windows\System\UdgjlTi.exe

C:\Windows\System\loMTcVQ.exe

C:\Windows\System\loMTcVQ.exe

C:\Windows\System\jfjxzew.exe

C:\Windows\System\jfjxzew.exe

C:\Windows\System\nqIhmxs.exe

C:\Windows\System\nqIhmxs.exe

C:\Windows\System\dbHoWID.exe

C:\Windows\System\dbHoWID.exe

C:\Windows\System\IHJkDTT.exe

C:\Windows\System\IHJkDTT.exe

C:\Windows\System\xLzpVJk.exe

C:\Windows\System\xLzpVJk.exe

C:\Windows\System\BJbqOfh.exe

C:\Windows\System\BJbqOfh.exe

C:\Windows\System\MsOCzLE.exe

C:\Windows\System\MsOCzLE.exe

C:\Windows\System\Qnxjzxs.exe

C:\Windows\System\Qnxjzxs.exe

C:\Windows\System\WXTrIRg.exe

C:\Windows\System\WXTrIRg.exe

C:\Windows\System\iFVMIzN.exe

C:\Windows\System\iFVMIzN.exe

C:\Windows\System\obNOvsT.exe

C:\Windows\System\obNOvsT.exe

C:\Windows\System\kfttfef.exe

C:\Windows\System\kfttfef.exe

C:\Windows\System\bXsrkTf.exe

C:\Windows\System\bXsrkTf.exe

C:\Windows\System\JuQKZzR.exe

C:\Windows\System\JuQKZzR.exe

C:\Windows\System\kxTmaYc.exe

C:\Windows\System\kxTmaYc.exe

C:\Windows\System\eqmcKoJ.exe

C:\Windows\System\eqmcKoJ.exe

C:\Windows\System\sDsUJPd.exe

C:\Windows\System\sDsUJPd.exe

C:\Windows\System\amvAbpq.exe

C:\Windows\System\amvAbpq.exe

C:\Windows\System\utAFmnd.exe

C:\Windows\System\utAFmnd.exe

C:\Windows\System\NtDKHgD.exe

C:\Windows\System\NtDKHgD.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\UUxHwEz.exe

C:\Windows\System\UUxHwEz.exe

C:\Windows\System\nmLYSbR.exe

C:\Windows\System\nmLYSbR.exe

C:\Windows\System\IYWyqke.exe

C:\Windows\System\IYWyqke.exe

C:\Windows\System\zIJLgwA.exe

C:\Windows\System\zIJLgwA.exe

C:\Windows\System\vfoooLJ.exe

C:\Windows\System\vfoooLJ.exe

C:\Windows\System\Qaebzsd.exe

C:\Windows\System\Qaebzsd.exe

C:\Windows\System\RjppdIP.exe

C:\Windows\System\RjppdIP.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System\YFewpBT.exe

C:\Windows\System\YFewpBT.exe

C:\Windows\System\NLBSSzD.exe

C:\Windows\System\NLBSSzD.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\System\KXTiTOw.exe

C:\Windows\System\KXTiTOw.exe

C:\Windows\System\QhmmrQO.exe

C:\Windows\System\QhmmrQO.exe

C:\Windows\System\btyPdBq.exe

C:\Windows\System\btyPdBq.exe

C:\Windows\System\WNCaCKF.exe

C:\Windows\System\WNCaCKF.exe

C:\Windows\System\PRuKbEJ.exe

C:\Windows\System\PRuKbEJ.exe

C:\Windows\System\smvnvzZ.exe

C:\Windows\System\smvnvzZ.exe

C:\Windows\System\KTVjjks.exe

C:\Windows\System\KTVjjks.exe

C:\Windows\System\BQHTMDN.exe

C:\Windows\System\BQHTMDN.exe

C:\Windows\System\RViLNYp.exe

C:\Windows\System\RViLNYp.exe

C:\Windows\System\EgjDPKB.exe

C:\Windows\System\EgjDPKB.exe

C:\Windows\System\hjvoPPf.exe

C:\Windows\System\hjvoPPf.exe

C:\Windows\System\CJGCEop.exe

C:\Windows\System\CJGCEop.exe

C:\Windows\System\PYrzJPa.exe

C:\Windows\System\PYrzJPa.exe

C:\Windows\System\KiUaSgH.exe

C:\Windows\System\KiUaSgH.exe

C:\Windows\System\KLfYVGp.exe

C:\Windows\System\KLfYVGp.exe

C:\Windows\System\FTEEbdf.exe

C:\Windows\System\FTEEbdf.exe

C:\Windows\System\dScELCE.exe

C:\Windows\System\dScELCE.exe

C:\Windows\System\ZNytzjR.exe

C:\Windows\System\ZNytzjR.exe

C:\Windows\System\uKjWHjT.exe

C:\Windows\System\uKjWHjT.exe

C:\Windows\System\lNqqYuD.exe

C:\Windows\System\lNqqYuD.exe

C:\Windows\System\MmEGqWR.exe

C:\Windows\System\MmEGqWR.exe

C:\Windows\System\eIuoEUy.exe

C:\Windows\System\eIuoEUy.exe

C:\Windows\System\iDCqiDf.exe

C:\Windows\System\iDCqiDf.exe

C:\Windows\System\GtBNsfu.exe

C:\Windows\System\GtBNsfu.exe

C:\Windows\System\oYXYjeo.exe

C:\Windows\System\oYXYjeo.exe

C:\Windows\System\YONqMYn.exe

C:\Windows\System\YONqMYn.exe

C:\Windows\System\bcinnOe.exe

C:\Windows\System\bcinnOe.exe

C:\Windows\System\buKheXO.exe

C:\Windows\System\buKheXO.exe

C:\Windows\System\UpyDqoX.exe

C:\Windows\System\UpyDqoX.exe

C:\Windows\System\uhHqwBL.exe

C:\Windows\System\uhHqwBL.exe

C:\Windows\System\AeRYRaG.exe

C:\Windows\System\AeRYRaG.exe

C:\Windows\System\bFggvFe.exe

C:\Windows\System\bFggvFe.exe

C:\Windows\System\CEWrxwY.exe

C:\Windows\System\CEWrxwY.exe

C:\Windows\System\jCpalbs.exe

C:\Windows\System\jCpalbs.exe

C:\Windows\System\pQYivbF.exe

C:\Windows\System\pQYivbF.exe

C:\Windows\System\WwCXiKM.exe

C:\Windows\System\WwCXiKM.exe

C:\Windows\System\zjbBiWh.exe

C:\Windows\System\zjbBiWh.exe

C:\Windows\System\ogTMlVr.exe

C:\Windows\System\ogTMlVr.exe

C:\Windows\System\BFMgyfa.exe

C:\Windows\System\BFMgyfa.exe

C:\Windows\System\jxDcYkD.exe

C:\Windows\System\jxDcYkD.exe

C:\Windows\System\WCmZXzH.exe

C:\Windows\System\WCmZXzH.exe

C:\Windows\System\DpQkruY.exe

C:\Windows\System\DpQkruY.exe

C:\Windows\System\DKRMXul.exe

C:\Windows\System\DKRMXul.exe

C:\Windows\System\WTwpgVN.exe

C:\Windows\System\WTwpgVN.exe

C:\Windows\System\vHvzRxA.exe

C:\Windows\System\vHvzRxA.exe

C:\Windows\System\JLJDafO.exe

C:\Windows\System\JLJDafO.exe

C:\Windows\System\cTNZldc.exe

C:\Windows\System\cTNZldc.exe

C:\Windows\System\gclHFik.exe

C:\Windows\System\gclHFik.exe

C:\Windows\System\SdROKIA.exe

C:\Windows\System\SdROKIA.exe

C:\Windows\System\uyWKXgc.exe

C:\Windows\System\uyWKXgc.exe

C:\Windows\System\uQytdFn.exe

C:\Windows\System\uQytdFn.exe

C:\Windows\System\tSZKLdk.exe

C:\Windows\System\tSZKLdk.exe

C:\Windows\System\QZjoYXq.exe

C:\Windows\System\QZjoYXq.exe

C:\Windows\System\UKGSljR.exe

C:\Windows\System\UKGSljR.exe

C:\Windows\System\MjoykLk.exe

C:\Windows\System\MjoykLk.exe

C:\Windows\System\dqdtChb.exe

C:\Windows\System\dqdtChb.exe

C:\Windows\System\GAKzVgQ.exe

C:\Windows\System\GAKzVgQ.exe

C:\Windows\System\JXvpckd.exe

C:\Windows\System\JXvpckd.exe

C:\Windows\System\ufUxQNU.exe

C:\Windows\System\ufUxQNU.exe

C:\Windows\System\YjabYvh.exe

C:\Windows\System\YjabYvh.exe

C:\Windows\System\hCyMnBE.exe

C:\Windows\System\hCyMnBE.exe

C:\Windows\System\WhAfHXz.exe

C:\Windows\System\WhAfHXz.exe

C:\Windows\System\huxDBqR.exe

C:\Windows\System\huxDBqR.exe

C:\Windows\System\suvyRGd.exe

C:\Windows\System\suvyRGd.exe

C:\Windows\System\PSZYwxL.exe

C:\Windows\System\PSZYwxL.exe

C:\Windows\System\SFNuRYt.exe

C:\Windows\System\SFNuRYt.exe

C:\Windows\System\qBUxitr.exe

C:\Windows\System\qBUxitr.exe

C:\Windows\System\tyvclXw.exe

C:\Windows\System\tyvclXw.exe

C:\Windows\System\clHxzHi.exe

C:\Windows\System\clHxzHi.exe

C:\Windows\System\CaAROtg.exe

C:\Windows\System\CaAROtg.exe

C:\Windows\System\YZhqBgf.exe

C:\Windows\System\YZhqBgf.exe

C:\Windows\System\LXpgStw.exe

C:\Windows\System\LXpgStw.exe

C:\Windows\System\IKCTafn.exe

C:\Windows\System\IKCTafn.exe

C:\Windows\System\oUPRlWZ.exe

C:\Windows\System\oUPRlWZ.exe

C:\Windows\System\SVqhyig.exe

C:\Windows\System\SVqhyig.exe

C:\Windows\System\FuWsJDB.exe

C:\Windows\System\FuWsJDB.exe

C:\Windows\System\uECDenR.exe

C:\Windows\System\uECDenR.exe

C:\Windows\System\oefjvwR.exe

C:\Windows\System\oefjvwR.exe

C:\Windows\System\CbgAHtk.exe

C:\Windows\System\CbgAHtk.exe

C:\Windows\System\hqmDYUM.exe

C:\Windows\System\hqmDYUM.exe

C:\Windows\System\fNwxqsr.exe

C:\Windows\System\fNwxqsr.exe

C:\Windows\System\PylYpTy.exe

C:\Windows\System\PylYpTy.exe

C:\Windows\System\enMmGVj.exe

C:\Windows\System\enMmGVj.exe

C:\Windows\System\lNLIpbw.exe

C:\Windows\System\lNLIpbw.exe

C:\Windows\System\sVBzSlU.exe

C:\Windows\System\sVBzSlU.exe

C:\Windows\System\XcAzJzv.exe

C:\Windows\System\XcAzJzv.exe

C:\Windows\System\bFszoan.exe

C:\Windows\System\bFszoan.exe

C:\Windows\System\ZHAIxYw.exe

C:\Windows\System\ZHAIxYw.exe

C:\Windows\System\hAypicX.exe

C:\Windows\System\hAypicX.exe

C:\Windows\System\REYzSya.exe

C:\Windows\System\REYzSya.exe

C:\Windows\System\aBtTpVD.exe

C:\Windows\System\aBtTpVD.exe

C:\Windows\System\mWbDFyr.exe

C:\Windows\System\mWbDFyr.exe

C:\Windows\System\RPQZRzw.exe

C:\Windows\System\RPQZRzw.exe

C:\Windows\System\fDpAHub.exe

C:\Windows\System\fDpAHub.exe

C:\Windows\System\UqPkVSw.exe

C:\Windows\System\UqPkVSw.exe

C:\Windows\System\PMwoIIm.exe

C:\Windows\System\PMwoIIm.exe

C:\Windows\System\bvUgevF.exe

C:\Windows\System\bvUgevF.exe

C:\Windows\System\QIPpeTm.exe

C:\Windows\System\QIPpeTm.exe

C:\Windows\System\dGZFztK.exe

C:\Windows\System\dGZFztK.exe

C:\Windows\System\RAqqwVf.exe

C:\Windows\System\RAqqwVf.exe

C:\Windows\System\icyVBAg.exe

C:\Windows\System\icyVBAg.exe

C:\Windows\System\ddAvlpg.exe

C:\Windows\System\ddAvlpg.exe

C:\Windows\System\pKGXQmK.exe

C:\Windows\System\pKGXQmK.exe

C:\Windows\System\xaceUZR.exe

C:\Windows\System\xaceUZR.exe

C:\Windows\System\tNBAvmo.exe

C:\Windows\System\tNBAvmo.exe

C:\Windows\System\scSrhXV.exe

C:\Windows\System\scSrhXV.exe

C:\Windows\System\jWZWxWc.exe

C:\Windows\System\jWZWxWc.exe

C:\Windows\System\TZszyhM.exe

C:\Windows\System\TZszyhM.exe

C:\Windows\System\KVjMSdD.exe

C:\Windows\System\KVjMSdD.exe

C:\Windows\System\JOrOPdU.exe

C:\Windows\System\JOrOPdU.exe

C:\Windows\System\zECsDGC.exe

C:\Windows\System\zECsDGC.exe

C:\Windows\System\OWfdWNc.exe

C:\Windows\System\OWfdWNc.exe

C:\Windows\System\ibGlkaa.exe

C:\Windows\System\ibGlkaa.exe

C:\Windows\System\PxQhWdI.exe

C:\Windows\System\PxQhWdI.exe

C:\Windows\System\sYZNVZk.exe

C:\Windows\System\sYZNVZk.exe

C:\Windows\System\AqVQAcJ.exe

C:\Windows\System\AqVQAcJ.exe

C:\Windows\System\haErXup.exe

C:\Windows\System\haErXup.exe

C:\Windows\System\tEItgEO.exe

C:\Windows\System\tEItgEO.exe

C:\Windows\System\UdhiYlb.exe

C:\Windows\System\UdhiYlb.exe

C:\Windows\System\YCjoyRM.exe

C:\Windows\System\YCjoyRM.exe

C:\Windows\System\gpTLfta.exe

C:\Windows\System\gpTLfta.exe

C:\Windows\System\DQqPlII.exe

C:\Windows\System\DQqPlII.exe

C:\Windows\System\yCzdnBx.exe

C:\Windows\System\yCzdnBx.exe

C:\Windows\System\ZDmjTvu.exe

C:\Windows\System\ZDmjTvu.exe

C:\Windows\System\NqyymvP.exe

C:\Windows\System\NqyymvP.exe

C:\Windows\System\PzBDwoV.exe

C:\Windows\System\PzBDwoV.exe

C:\Windows\System\xSvzeRj.exe

C:\Windows\System\xSvzeRj.exe

C:\Windows\System\JSUZgig.exe

C:\Windows\System\JSUZgig.exe

C:\Windows\System\cZXbylN.exe

C:\Windows\System\cZXbylN.exe

C:\Windows\System\BQNvMOV.exe

C:\Windows\System\BQNvMOV.exe

C:\Windows\System\QtkYYyE.exe

C:\Windows\System\QtkYYyE.exe

C:\Windows\System\ecdYzBG.exe

C:\Windows\System\ecdYzBG.exe

C:\Windows\System\DoPFTLL.exe

C:\Windows\System\DoPFTLL.exe

C:\Windows\System\TTVrSWL.exe

C:\Windows\System\TTVrSWL.exe

C:\Windows\System\VnJYtFb.exe

C:\Windows\System\VnJYtFb.exe

C:\Windows\System\UDeKbJG.exe

C:\Windows\System\UDeKbJG.exe

C:\Windows\System\uzzCqxj.exe

C:\Windows\System\uzzCqxj.exe

C:\Windows\System\gadKXDG.exe

C:\Windows\System\gadKXDG.exe

C:\Windows\System\egmFVPh.exe

C:\Windows\System\egmFVPh.exe

C:\Windows\System\mbHlYYV.exe

C:\Windows\System\mbHlYYV.exe

C:\Windows\System\ZxSBivd.exe

C:\Windows\System\ZxSBivd.exe

C:\Windows\System\SPYqaRq.exe

C:\Windows\System\SPYqaRq.exe

C:\Windows\System\YXsBVVj.exe

C:\Windows\System\YXsBVVj.exe

C:\Windows\System\nFhJrIj.exe

C:\Windows\System\nFhJrIj.exe

C:\Windows\System\vXaSmMf.exe

C:\Windows\System\vXaSmMf.exe

C:\Windows\System\dPdnHbV.exe

C:\Windows\System\dPdnHbV.exe

C:\Windows\System\VhySGBM.exe

C:\Windows\System\VhySGBM.exe

C:\Windows\System\frqvhNN.exe

C:\Windows\System\frqvhNN.exe

C:\Windows\System\CiLVima.exe

C:\Windows\System\CiLVima.exe

C:\Windows\System\ZeXAtRt.exe

C:\Windows\System\ZeXAtRt.exe

C:\Windows\System\IcAeGyV.exe

C:\Windows\System\IcAeGyV.exe

C:\Windows\System\umCwFLB.exe

C:\Windows\System\umCwFLB.exe

C:\Windows\System\ojVhjVd.exe

C:\Windows\System\ojVhjVd.exe

C:\Windows\System\iYOlTCn.exe

C:\Windows\System\iYOlTCn.exe

C:\Windows\System\uPlNhpJ.exe

C:\Windows\System\uPlNhpJ.exe

C:\Windows\System\HGTBGDd.exe

C:\Windows\System\HGTBGDd.exe

C:\Windows\System\VPJdtyH.exe

C:\Windows\System\VPJdtyH.exe

C:\Windows\System\PesAHlB.exe

C:\Windows\System\PesAHlB.exe

C:\Windows\System\jIMiaxi.exe

C:\Windows\System\jIMiaxi.exe

C:\Windows\System\VQeaZSL.exe

C:\Windows\System\VQeaZSL.exe

C:\Windows\System\YaHdhwZ.exe

C:\Windows\System\YaHdhwZ.exe

C:\Windows\System\YYJSXuh.exe

C:\Windows\System\YYJSXuh.exe

C:\Windows\System\MUXURxW.exe

C:\Windows\System\MUXURxW.exe

C:\Windows\System\VMyWRSl.exe

C:\Windows\System\VMyWRSl.exe

C:\Windows\System\zAQknHE.exe

C:\Windows\System\zAQknHE.exe

C:\Windows\System\ltTGSqM.exe

C:\Windows\System\ltTGSqM.exe

C:\Windows\System\oYXBqyk.exe

C:\Windows\System\oYXBqyk.exe

C:\Windows\System\tEhuxeL.exe

C:\Windows\System\tEhuxeL.exe

C:\Windows\System\ZUgHebU.exe

C:\Windows\System\ZUgHebU.exe

C:\Windows\System\Ppvevcq.exe

C:\Windows\System\Ppvevcq.exe

C:\Windows\System\YxyRtwi.exe

C:\Windows\System\YxyRtwi.exe

C:\Windows\System\hiqmOwt.exe

C:\Windows\System\hiqmOwt.exe

C:\Windows\System\odSUOtU.exe

C:\Windows\System\odSUOtU.exe

C:\Windows\System\AxTaVNo.exe

C:\Windows\System\AxTaVNo.exe

C:\Windows\System\sbSmpWy.exe

C:\Windows\System\sbSmpWy.exe

C:\Windows\System\ZKbPAjp.exe

C:\Windows\System\ZKbPAjp.exe

C:\Windows\System\mlwocrw.exe

C:\Windows\System\mlwocrw.exe

C:\Windows\System\zGuzOzV.exe

C:\Windows\System\zGuzOzV.exe

C:\Windows\System\usRlsMB.exe

C:\Windows\System\usRlsMB.exe

C:\Windows\System\sOWrvGS.exe

C:\Windows\System\sOWrvGS.exe

C:\Windows\System\LlINJEq.exe

C:\Windows\System\LlINJEq.exe

C:\Windows\System\DyQhxTq.exe

C:\Windows\System\DyQhxTq.exe

C:\Windows\System\GpCwMWn.exe

C:\Windows\System\GpCwMWn.exe

C:\Windows\System\gPtKNIl.exe

C:\Windows\System\gPtKNIl.exe

C:\Windows\System\KBRzqxn.exe

C:\Windows\System\KBRzqxn.exe

C:\Windows\System\qUIiqkB.exe

C:\Windows\System\qUIiqkB.exe

C:\Windows\System\hwzZhup.exe

C:\Windows\System\hwzZhup.exe

C:\Windows\System\KnmcVhx.exe

C:\Windows\System\KnmcVhx.exe

C:\Windows\System\bBPAGqe.exe

C:\Windows\System\bBPAGqe.exe

C:\Windows\System\tzvTvqz.exe

C:\Windows\System\tzvTvqz.exe

C:\Windows\System\yjnnPMW.exe

C:\Windows\System\yjnnPMW.exe

C:\Windows\System\cXkzgrE.exe

C:\Windows\System\cXkzgrE.exe

C:\Windows\System\tLCHazv.exe

C:\Windows\System\tLCHazv.exe

C:\Windows\System\lowUvnm.exe

C:\Windows\System\lowUvnm.exe

C:\Windows\System\OIQMNFX.exe

C:\Windows\System\OIQMNFX.exe

C:\Windows\System\kKportc.exe

C:\Windows\System\kKportc.exe

C:\Windows\System\dwbLIjC.exe

C:\Windows\System\dwbLIjC.exe

C:\Windows\System\gsgBNgg.exe

C:\Windows\System\gsgBNgg.exe

C:\Windows\System\ROoFxPH.exe

C:\Windows\System\ROoFxPH.exe

C:\Windows\System\fRSIfqd.exe

C:\Windows\System\fRSIfqd.exe

C:\Windows\System\rbFVQVH.exe

C:\Windows\System\rbFVQVH.exe

C:\Windows\System\GeSGloR.exe

C:\Windows\System\GeSGloR.exe

C:\Windows\System\bQEemuZ.exe

C:\Windows\System\bQEemuZ.exe

C:\Windows\System\gAROirw.exe

C:\Windows\System\gAROirw.exe

C:\Windows\System\GsBmTDH.exe

C:\Windows\System\GsBmTDH.exe

C:\Windows\System\cwbxHAa.exe

C:\Windows\System\cwbxHAa.exe

C:\Windows\System\MMjczlb.exe

C:\Windows\System\MMjczlb.exe

C:\Windows\System\AuPmfMb.exe

C:\Windows\System\AuPmfMb.exe

C:\Windows\System\OdwUTdu.exe

C:\Windows\System\OdwUTdu.exe

C:\Windows\System\lIcEMeB.exe

C:\Windows\System\lIcEMeB.exe

C:\Windows\System\dGNfnWk.exe

C:\Windows\System\dGNfnWk.exe

C:\Windows\System\QECmHpN.exe

C:\Windows\System\QECmHpN.exe

C:\Windows\System\RuVufyR.exe

C:\Windows\System\RuVufyR.exe

C:\Windows\System\XcXOXYP.exe

C:\Windows\System\XcXOXYP.exe

C:\Windows\System\zgycUlY.exe

C:\Windows\System\zgycUlY.exe

C:\Windows\System\WdLnMjU.exe

C:\Windows\System\WdLnMjU.exe

C:\Windows\System\YhmldfF.exe

C:\Windows\System\YhmldfF.exe

C:\Windows\System\AjYiIms.exe

C:\Windows\System\AjYiIms.exe

C:\Windows\System\Jmxwrfv.exe

C:\Windows\System\Jmxwrfv.exe

C:\Windows\System\TiYNkRm.exe

C:\Windows\System\TiYNkRm.exe

C:\Windows\System\GcYLRIA.exe

C:\Windows\System\GcYLRIA.exe

C:\Windows\System\LYFNMuS.exe

C:\Windows\System\LYFNMuS.exe

C:\Windows\System\HMozLjm.exe

C:\Windows\System\HMozLjm.exe

C:\Windows\System\ZqMHfsV.exe

C:\Windows\System\ZqMHfsV.exe

C:\Windows\System\VtSbNvY.exe

C:\Windows\System\VtSbNvY.exe

C:\Windows\System\utmJMVt.exe

C:\Windows\System\utmJMVt.exe

C:\Windows\System\pRHMVGZ.exe

C:\Windows\System\pRHMVGZ.exe

C:\Windows\System\gcYbAlS.exe

C:\Windows\System\gcYbAlS.exe

C:\Windows\System\WIFexZR.exe

C:\Windows\System\WIFexZR.exe

C:\Windows\System\WymeGSL.exe

C:\Windows\System\WymeGSL.exe

C:\Windows\System\UQrJpUD.exe

C:\Windows\System\UQrJpUD.exe

C:\Windows\System\bkREuOD.exe

C:\Windows\System\bkREuOD.exe

C:\Windows\System\ZCBuvyM.exe

C:\Windows\System\ZCBuvyM.exe

C:\Windows\System\pgwDlxR.exe

C:\Windows\System\pgwDlxR.exe

C:\Windows\System\poUgjfY.exe

C:\Windows\System\poUgjfY.exe

C:\Windows\System\zKcpsEK.exe

C:\Windows\System\zKcpsEK.exe

C:\Windows\System\YPBGLwx.exe

C:\Windows\System\YPBGLwx.exe

C:\Windows\System\UsUCxXE.exe

C:\Windows\System\UsUCxXE.exe

C:\Windows\System\TrZzbRf.exe

C:\Windows\System\TrZzbRf.exe

C:\Windows\System\DUTuZtY.exe

C:\Windows\System\DUTuZtY.exe

C:\Windows\System\WKThvZF.exe

C:\Windows\System\WKThvZF.exe

C:\Windows\System\YNbzFPb.exe

C:\Windows\System\YNbzFPb.exe

C:\Windows\System\EUTCswB.exe

C:\Windows\System\EUTCswB.exe

C:\Windows\System\gyIXsMq.exe

C:\Windows\System\gyIXsMq.exe

C:\Windows\System\jZXlzSD.exe

C:\Windows\System\jZXlzSD.exe

C:\Windows\System\wTUplgU.exe

C:\Windows\System\wTUplgU.exe

C:\Windows\System\ymnZwSk.exe

C:\Windows\System\ymnZwSk.exe

C:\Windows\System\PJemxvQ.exe

C:\Windows\System\PJemxvQ.exe

C:\Windows\System\vdwgPOv.exe

C:\Windows\System\vdwgPOv.exe

C:\Windows\System\oVqtTPw.exe

C:\Windows\System\oVqtTPw.exe

C:\Windows\System\xXEXVZw.exe

C:\Windows\System\xXEXVZw.exe

C:\Windows\System\TLkuAEL.exe

C:\Windows\System\TLkuAEL.exe

C:\Windows\System\chyYeAr.exe

C:\Windows\System\chyYeAr.exe

C:\Windows\System\rAKYMWD.exe

C:\Windows\System\rAKYMWD.exe

C:\Windows\System\GRHRgLu.exe

C:\Windows\System\GRHRgLu.exe

C:\Windows\System\VOrLDuo.exe

C:\Windows\System\VOrLDuo.exe

C:\Windows\System\WifnMrb.exe

C:\Windows\System\WifnMrb.exe

C:\Windows\System\QibDCIR.exe

C:\Windows\System\QibDCIR.exe

C:\Windows\System\sfaYYJK.exe

C:\Windows\System\sfaYYJK.exe

C:\Windows\System\mPdlcKw.exe

C:\Windows\System\mPdlcKw.exe

C:\Windows\System\BJyMULy.exe

C:\Windows\System\BJyMULy.exe

C:\Windows\System\YkELuAh.exe

C:\Windows\System\YkELuAh.exe

C:\Windows\System\KmyRlPs.exe

C:\Windows\System\KmyRlPs.exe

C:\Windows\System\kEGIwyx.exe

C:\Windows\System\kEGIwyx.exe

C:\Windows\System\hExPHRW.exe

C:\Windows\System\hExPHRW.exe

C:\Windows\System\iUqVFkV.exe

C:\Windows\System\iUqVFkV.exe

C:\Windows\System\VXrwiwU.exe

C:\Windows\System\VXrwiwU.exe

C:\Windows\System\zKHKFaM.exe

C:\Windows\System\zKHKFaM.exe

C:\Windows\System\jBXQlbd.exe

C:\Windows\System\jBXQlbd.exe

C:\Windows\System\nETxNWP.exe

C:\Windows\System\nETxNWP.exe

C:\Windows\System\ZAbzXaN.exe

C:\Windows\System\ZAbzXaN.exe

C:\Windows\System\QeLLCIy.exe

C:\Windows\System\QeLLCIy.exe

C:\Windows\System\ZpNoKJr.exe

C:\Windows\System\ZpNoKJr.exe

C:\Windows\System\emcJPYA.exe

C:\Windows\System\emcJPYA.exe

C:\Windows\System\VzSWFNg.exe

C:\Windows\System\VzSWFNg.exe

C:\Windows\System\rqrHkAV.exe

C:\Windows\System\rqrHkAV.exe

C:\Windows\System\gDxnsoo.exe

C:\Windows\System\gDxnsoo.exe

C:\Windows\System\ManXsEB.exe

C:\Windows\System\ManXsEB.exe

C:\Windows\System\lJZWeDk.exe

C:\Windows\System\lJZWeDk.exe

C:\Windows\System\WJcnjDk.exe

C:\Windows\System\WJcnjDk.exe

C:\Windows\System\TWTDvSP.exe

C:\Windows\System\TWTDvSP.exe

C:\Windows\System\fNZgYaa.exe

C:\Windows\System\fNZgYaa.exe

C:\Windows\System\LyClusp.exe

C:\Windows\System\LyClusp.exe

C:\Windows\System\zCIGJtt.exe

C:\Windows\System\zCIGJtt.exe

C:\Windows\System\gKtnyuU.exe

C:\Windows\System\gKtnyuU.exe

C:\Windows\System\pXAUNXq.exe

C:\Windows\System\pXAUNXq.exe

C:\Windows\System\uddcveb.exe

C:\Windows\System\uddcveb.exe

C:\Windows\System\ZLrrJHH.exe

C:\Windows\System\ZLrrJHH.exe

C:\Windows\System\bFCyyol.exe

C:\Windows\System\bFCyyol.exe

C:\Windows\System\ElUOGUn.exe

C:\Windows\System\ElUOGUn.exe

C:\Windows\System\HnISepv.exe

C:\Windows\System\HnISepv.exe

C:\Windows\System\bNwNkyO.exe

C:\Windows\System\bNwNkyO.exe

C:\Windows\System\zZqVKIY.exe

C:\Windows\System\zZqVKIY.exe

C:\Windows\System\BCbdZMN.exe

C:\Windows\System\BCbdZMN.exe

C:\Windows\System\riIudzm.exe

C:\Windows\System\riIudzm.exe

C:\Windows\System\LBIfHmD.exe

C:\Windows\System\LBIfHmD.exe

C:\Windows\System\MQPQGyx.exe

C:\Windows\System\MQPQGyx.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

memory/3812-0-0x00007FF789080000-0x00007FF789472000-memory.dmp

memory/3812-1-0x0000023D2D490000-0x0000023D2D4A0000-memory.dmp

C:\Windows\System\zGZXUWc.exe

MD5 775e0ab7e683cd2063acdbac79217931
SHA1 cf97b0e764f0da7caaf32df58eaface0d217b0e3
SHA256 13313755d4c9471045068d0d6c81e7231759447accee12e19e6b592e671d618a
SHA512 a12b069b82a72204a3b373ae2bc84b681cfdeec9cb40bfbc5944583ee35c9ac0b6f6afeffeef3157ecf520ceadee7be122f799a1a2cd63b5b708cb148b8bda28

C:\Windows\System\mqoTIMC.exe

MD5 347f2388961ad4464ff9345bacb546fe
SHA1 b36df26084aa92f338e04a05a392c0f615badd40
SHA256 b38d666b29e2f83b16afeeda4ffae8554d90f015798f12ad6ce6973c0f26a09f
SHA512 79bf3d33bfa8e567551bbae40258db285a281585f9993f0e68d804d564a97557372538698b3cdba2d620bd48c65ad2f32a1bfd6f82112b0e96d1c4700cbd1fc5

C:\Windows\System\EHonimw.exe

MD5 354c430bf5a6902cfcc7e965b440efa1
SHA1 ee3bcefdf90cd577dd14ae049cb8cc298a654c39
SHA256 74b8acf01e774328d942b720a10ee016779b4f871687258ad4c5c5ddd34028a3
SHA512 e2e9f7e24591b80b02ac737cf17477dca6b8e960865a1659367d58fcbba325cf0f96bcf0b96f194183199b0136924f9a16ccef8fe86e0e8077ba81eb6944ef48

C:\Windows\System\MfBpwui.exe

MD5 45ce05de9290b276cf60a6f34aaca582
SHA1 b7afecb3efc50217bb73eb2f457d8dfdad51de41
SHA256 69f71cdfe9ee5191e1678fcb221add26f6bd1db2c552e9a0a4f1b3cd0916d447
SHA512 099438b07e32b9dd1dcb59d9b6da13cc633c9ecd6750ef16261a8001dffb4ac59e4112b5cbb615949fd2b3d37b17b8aaf2a3e403634d24b5d5224b9325871932

C:\Windows\System\qryUTxY.exe

MD5 e666662cbafc3406eb6efee131f0c907
SHA1 7e8c1f52f0e4388bbc40055e34a20ecc400b1eb9
SHA256 e24c3afbfdf7b618a37b8fcc99c95c210fe5febdb92a8ddeabaa742d3eddef99
SHA512 e7ae026b35863e6c9f336be1103f327f2c2d59f46a26e139a6efac6edc441b4c000473511b8416c470e941deca225347227309fc56ce96481fae856d8b3455c1

C:\Windows\System\LmYDQuW.exe

MD5 496e73d66fa3a0a86300718d7b9a520f
SHA1 80fc13923d712fd347ef4558fbd263e337e0cc1c
SHA256 30517be9535812c44ab04252c90c338bfd1f44263fd0a90fa8e62eba6c9b0627
SHA512 ffaeed60394ddd262c8bdffec1331248b8fa8f29dd4045760d092f7693e297294d2efb9cf526f40b552ffa2504d18bf009a0f2ad8f853f4551468f6af188e1d2

C:\Windows\System\eApdvlJ.exe

MD5 9a9b613245bafb0f773342cd7a36564c
SHA1 3d6979f3fc09ef6decf98b4df689009400e6aecc
SHA256 8e41f710f579c51313d12ee673e6d359442a77baa998cb524874adefb9b2c146
SHA512 469b288db2b4b39bd7609c78cd3270f65c7c6e7c730c1b44503da4712c58a6288cbe6b4e0e017dc1aaea15ed0c9cd541eafc121a99f1c4d8cd24e5f6c91706d2

memory/3068-142-0x00007FF640E40000-0x00007FF641232000-memory.dmp

C:\Windows\System\EeKjgRc.exe

MD5 98be80a76cada4b1b30b02a68755d0e0
SHA1 5f959912a62430c7273455ed043e2d871d079512
SHA256 ddd856983aa3cb80a194063e1f6e13ae36f13071c1b0c3220b948b354f3078be
SHA512 162b84ea2b702f9e57753fcbed86126fbc7a82a43ef4acbb8c3204cf05ab89d72d57af6b969c9904345106490e087f96c25583b99a1c43ad9534bb788d317fce

C:\Windows\System\tmaJcmt.exe

MD5 2245fe40ec663472297a1b6627a85bd3
SHA1 94edf66f7b1463be7ad3fd2c9ea928c8525e2b79
SHA256 33be07a940d408eb528cd30023f95c29f409acc3089974900058038694d5b9b5
SHA512 965bec83ef4847670ee7e3942cf98c8d6b1188340eb24eaed63c3ca8f859aa4df2619cb04b5fd95fe78174fb5e6f72360958a368c57ea38d312c5c52ee691582

C:\Windows\System\jIqbJER.exe

MD5 99e2db594b12977a8a4b060fcc60a54b
SHA1 c2d95f75f4fb177474ed7e1ef4b62203eed0de42
SHA256 8b874fd30798755b438584c0008eb8d28dd20b94c269c6b43673519c0e9c8523
SHA512 38a42d780859eb432170536599817f151ab664da7a7a1730778a2ba1b7896587fc48f6cf32ae08c9a2f44e08e84c5a04bedafe8573bd937d4b0458a3e135aa3f

C:\Windows\System\oLfRcOj.exe

MD5 ef49a5e158b60bdf1446f15e149256a0
SHA1 277cedf1a35ad5297eac6886172a0fbe83a1ddc5
SHA256 48e32bce4aaaa69634e5b4f0f10184674fa761b201cbdaa48a4859c1dd493ff7
SHA512 827355aba96eaf375adccb72d00a30760fbab5f175344d956ee2bf98715ad0890ae14620fef1b387c3afb19bd7883a831936e895fc421d6e4bebd79245d19e4c

C:\Windows\System\PiTZeYf.exe

MD5 bcb6f2e8cc7de84936b138573385a30e
SHA1 38fd5358817d74db6a8588a3f13b9de7af6b7a64
SHA256 a77c240d967e8b90de6da204846e0219c146c1cf3a057b7d28721fea97b1a3ce
SHA512 eae4a0ac2659cc188254d89d8223b85ed4ee9f0252424a9af6f22371d10985bec9eda2dd6a1f2fb47ba718c665e5535c9b10281b8f3a658a8d76ddf9a622e901

C:\Windows\System\fAKAXLV.exe

MD5 bea9c80750176053d73a71dff2d5d013
SHA1 3c5b59ed5ae39c1ff64f0736f9970e333f28c416
SHA256 3c52aa43cabbb213881ab00a7b86757094263829c93f6fce9e6054658919f0a1
SHA512 00e4cee7cd0f3037fafbbfa8bcbfa2da10068c3617f0609b90e4c579f8004cacdb785443746b144ccaf3b9a6717bdb82c82f7f8ff345ae8c8f56314cf6e6d6be

C:\Windows\System\CrxYJQv.exe

MD5 af3b0170affb0af7711b53647eeb23d6
SHA1 a627a0570ee8441e7fda74744e5b68de5ff90f69
SHA256 96cc4f3247692a8835d3cc6b9f56f3635f75cff210a98cbd7da61359c823ab4d
SHA512 d99a8530c88ee2947923eba9ef83fa97938418c849f3af81dd2a9206324bd8f69d82fd7e98ef40745b150c73f6dd85025c73816a827ee99d1a6815e405f619f9

C:\Windows\System\sCaUpyv.exe

MD5 075c4a309516b28edc80a8bd34e98436
SHA1 86ea08207c62640a45c0512d0a4ff899a247b8ba
SHA256 b0b4ff84a6740120bfddb0c794211ed697154c85415b01ba0b48419e2d911149
SHA512 e80bbb1d58d47717e22c583a6004810e2b55250417c810dfa53da69900eebe3365493fb9eda8d64509b81c64f070170022a77bef548d0e86071cbb9eeef5fcf2

C:\Windows\System\hdIaGMB.exe

MD5 4cd05965ad66409a5e43ebfca855b68e
SHA1 20d85c2c5b4738b337b653dda2cb0390cccc4ebf
SHA256 fbb6ddbd7f7556dbde04525813b9eb0e0b75149a72fce2351cc6e47474480308
SHA512 4ac6988140769ae6d7af91befa9c7cdb6d80ae8ea1cf6e1f7bb8470f78aeb193a6aa7297e310a2b3b87ac7b8fb038af50e4ef0898085703ce0b02e832b8895a4

C:\Windows\System\dnAanhi.exe

MD5 1c3d7d2d6e4a0da963c0a5ceef3910ea
SHA1 f519fcaa88b7768046738b2b0bb8963ff8fea3a1
SHA256 c1ba9fd7c86d83dced20a621d0489beef2b6f28488d204c23f70508cbb09bc02
SHA512 28faed0ff405938244e17d8c113544079e29208b7993ece0d24bebdba3deca292a4ee20e21083378ecb9f969c1283a9a1a80038fd77476a1b85387ff675c566c

memory/1608-212-0x00007FF736410000-0x00007FF736802000-memory.dmp

memory/2428-266-0x00007FF6A19C0000-0x00007FF6A1DB2000-memory.dmp

memory/852-324-0x00007FF7C4AC0000-0x00007FF7C4EB2000-memory.dmp

memory/5024-326-0x00007FF6EAFB0000-0x00007FF6EB3A2000-memory.dmp

memory/908-339-0x00007FF7B9A40000-0x00007FF7B9E32000-memory.dmp

memory/4852-418-0x00007FF6F3FD0000-0x00007FF6F43C2000-memory.dmp

memory/5044-439-0x00007FF66C3D0000-0x00007FF66C7C2000-memory.dmp

memory/4080-444-0x00007FFFEFE50000-0x00007FFFF0911000-memory.dmp

memory/4588-446-0x00007FF779A10000-0x00007FF779E02000-memory.dmp

memory/4080-555-0x0000021556E00000-0x00000215575A6000-memory.dmp

memory/3808-445-0x00007FF7C9F00000-0x00007FF7CA2F2000-memory.dmp

memory/4824-443-0x00007FF622020000-0x00007FF622412000-memory.dmp

memory/4828-442-0x00007FF770780000-0x00007FF770B72000-memory.dmp

memory/5060-441-0x00007FF740F90000-0x00007FF741382000-memory.dmp

memory/5092-440-0x00007FF7D37C0000-0x00007FF7D3BB2000-memory.dmp

memory/5080-438-0x00007FF6B61E0000-0x00007FF6B65D2000-memory.dmp

memory/1416-417-0x00007FF631D30000-0x00007FF632122000-memory.dmp

memory/2240-392-0x00007FF7979D0000-0x00007FF797DC2000-memory.dmp

memory/3216-280-0x00007FF601820000-0x00007FF601C12000-memory.dmp

memory/436-256-0x00007FF7C9C50000-0x00007FF7CA042000-memory.dmp

memory/3284-248-0x00007FF64D150000-0x00007FF64D542000-memory.dmp

memory/2324-247-0x00007FF6B78C0000-0x00007FF6B7CB2000-memory.dmp

memory/4080-209-0x000002153DF50000-0x000002153DF72000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ych0sj21.ljk.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\RUZIIog.exe

MD5 3f0f7f5cb1fd3cf8ae1e2f02c660775b
SHA1 84b8aeb11ac9ff33daa011ee54f373ea826e0325
SHA256 3a46244f1983750bf542502a00f22354892630bfd58c1effefe379109eb53a1c
SHA512 28052c059b6b8698d0fbe46ace1c1eabcab4b83bc634278b0fe4a950e6064dec8ac1504940308aa4b6f14745de97a768bf545a35e6f1ccf636a5aeccb427d6dd

C:\Windows\System\WjzajAD.exe

MD5 d39d7a5ff08551d8c19e84c1f403a906
SHA1 f164861c670f138ec3d2412b2bed3cf81bc5e558
SHA256 e2ad1231df11c027a1da8fc33d7699d3d09f2c4408d5a665d55c43a4a1060ca6
SHA512 48d951e852fbbdf4f98958210b7bb35cadeaa37604670da8196452048337bf5697f2bf7a05e8371537ba3c4a2f08081d36863ff04bec73b9c958d00a786aa5a9

memory/1772-185-0x00007FF705120000-0x00007FF705512000-memory.dmp

C:\Windows\System\SHjhKLA.exe

MD5 ee9134125fbbf8078873b25e21b5b8cc
SHA1 7da98a1d3dde51d80ed80f019fb4123549e7a7aa
SHA256 13d946c1c8207ab55e42daee078c57f4c7b27319a784d3b5fab76a2ba0c8fac0
SHA512 07e684e57792a41df06a82f7fc8cd1938e911c9ea4a989a96da62396c0c958b9c6af43cbac71da8a0476ba74caa0c1daad65379d4537e752a53efc562854a425

C:\Windows\System\xUTDcfq.exe

MD5 ab19e08d5a7bcb4d788355e3993bd0e0
SHA1 3a276b84640bbb1f9816d2fe2bb90904c9497ab7
SHA256 f25a8d73f2db130a9337d307bd6c5cc1d50a9ab05687d60d45f80fd378a864fe
SHA512 c50e8a88c61287d378c70c491eefe8be7ea31c313e620ef9164bee2c8e4ebacba951fc11a6e682e6d2eb556376cc7a487688ecf946fdd18be334e3bc7d36d1c4

C:\Windows\System\FhcCFMg.exe

MD5 e86d04d9e8e5af0b85d7b9531ce44965
SHA1 7037ad4d8a3e911d48a57dd4b0abe234bffd9080
SHA256 8c3065b363661f43d63ff1425e2812c876a31ce71b7147ca480ba5e6bad0fc05
SHA512 868ffcaa0085cb4c693ef3d02de9015c5afca7ee28e8c545137ffc9813c489b6b9288b6771a1306a4afe4132f00a6f3ebb6085e8f50ee7ad3a2720c5586137c6

C:\Windows\System\GWUbeXf.exe

MD5 b97593a2800f92fe13b41b80a99bd8e5
SHA1 dc7c054e7bd6e4b0f3aab8789bc78a3e486f7192
SHA256 34070676f5b2b2e4ea286ac9c69020a5070d9c5a2b9af609644194cfec66381e
SHA512 6f1efd408877d6adeed3f3afedde762a2dd5e137ca6a140d4e3d4b5ad0140b7c0fbedabb92c35d7c91e81f93941652effd8ad277a0dcb765f848661636059f5d

C:\Windows\System\wGAGicS.exe

MD5 88e3480a8e6ea63bb6a549465f7d0686
SHA1 45ce33ef7ba87d5d5afa361603abb61c535f92ed
SHA256 aac173ede355630c9d45f79d4657d2bfdc0622c7a82e273c560d1d0ce14f387b
SHA512 70533ee74b12e9c2b4edad3111cb9f732f8f8ac19795a7a99dac89b4bf7599bdbf7cd109c38fc60d831a5aeffda996635c1f783b2658c6670868e6410b144d5d

C:\Windows\System\gxxWGtM.exe

MD5 3cbd29575b2062263ae21ff466a3b401
SHA1 3c10db25e9a521a68339d8ac047278941645efbe
SHA256 4861d3dc962a0bcaf73eae37df68db872c393434c9a8ded8a0f873b56dc11cc3
SHA512 343b7700fa6f323ac0bb12ab05457b77172f963c8ba181cbc2c20ba144a748b86097f2e0789a60f81c619c2e561c43de190a51ad0b20956f3d5e8d53a82210b3

C:\Windows\System\qxCYMrz.exe

MD5 14ec62c7147ab2391641018eef9981c4
SHA1 f2e1ee3bf3e539b2b037f5d9660e6233bd05b3b2
SHA256 3e851503f2d05e0d96e81ed9198471d6aa1b6bf611a1b90a176ffcecdf2adecb
SHA512 c2696efb8a440ef0cdf31e3d5585d8bb344b9d48deda63367fbc88f8ca76e005f8ddb938c3f6350433b8961fb7864fa27f0a230abde78ad14da35b1facb31d89

C:\Windows\System\aoPfJkg.exe

MD5 110772c00915fcb1b246966c7cc3e25e
SHA1 cd0bbd939628fc472d8dbf55afacb9b419ac2eb7
SHA256 2256d40a7985e7c101ab29896b6aeb2eca1eaa3600d2a81032b2ce51d95ce69b
SHA512 55327c4bbb19de8ceb6a5fe81ebf873c15236e4679c8a6739d3393a45121a9eddcfad1ac1144f0db5e85f07af7bf260c0cb084c73f6c33b3ae2a5713ba4d7851

C:\Windows\System\tgSmlzc.exe

MD5 e47ae553463e5a26215c15c39d4190cd
SHA1 a78b4ffa02bd670133b2a2be75172cdb523c5dfb
SHA256 00e38edd0184bd84bb856bafb926940bf34fa1628697be8259117bb126d4ef83
SHA512 d2d587b655dace8529064afcbcf9801afb0a3542f5289ba8360d6177b9ece44145468c0cdb7a72309798fd534019750c39f1c1e6329bb13bc9b8f32201a34316

C:\Windows\System\GKFIZOh.exe

MD5 bbb14550f5a453bde7522712e702660d
SHA1 5449641016c5cc9a4ee3ea58dafa50477651d857
SHA256 32758c6d7fd7c89a1cc312f7b27eb3631024322b68fd47b1ae128b5ea3de65c3
SHA512 b15312c6d4984771f9fd94c954807012608b839e698047ae7c49d5dec6200ce50614a55d90b6ef3314ab834c29a0aeea47f8822867687ed942c9f5b8da79b324

memory/4704-109-0x00007FF742FD0000-0x00007FF7433C2000-memory.dmp

C:\Windows\System\VgsIhqm.exe

MD5 7273b48ef9b314288036781fb6b691a6
SHA1 2b64ece5008d75053e553be63743cf35948785a3
SHA256 a88a1e374e888caccc0c74888aa8927ea676de3a086554febe11e79be6e96f4e
SHA512 41f1fae03527cea2b68dddf714a87637031afbab285012ac0dcf37fccff3695faad28b0c2fb760dd011ef186ebd9af274919228d8753549877e8698dd85bbd48

C:\Windows\System\UEQoenP.exe

MD5 8b9747453599f94eac86e891b6e83bf8
SHA1 5fb0cc1c6b6e852e13578b70cd0d2ad7c963379c
SHA256 30bf006ea672ce78ffbd414811ee54996e49dd61ea9ee0b99e7097f1b9df13ab
SHA512 ab21c859ac40a8228cbb226b621bbe03fe5f49c1d5cf2b9629d5f818659b4ab7eb63873bf21d385b8726aea71982332f6178cfe343b0f26690479d7308254f97

memory/4080-77-0x00007FFFEFE50000-0x00007FFFF0911000-memory.dmp

C:\Windows\System\AAKTMWS.exe

MD5 9ebb4a81eb5c5cbfd0d72f8df9a65c2a
SHA1 b6c7e31faf8f60c5d552ae8a0c041fdc2f87b807
SHA256 20597cfb7e0cef4f729445e4886371531d7cae19a01d46cbc33ab60b2c67d119
SHA512 309787aed8e6cbb5750dac25e98c6b11625b95d96016586d1c18a42aabd95c0bd607f878f62c568c621f1c13c37ef4269185240ef5c9fba04e88fe1f9f0140d1

C:\Windows\System\alSeaKz.exe

MD5 8a8b64730b63b6203a504dd60d29c10c
SHA1 4093090f742fddb196f474a222a771a4654ca9dc
SHA256 9f6494ea5a6f716bf8a11769a47f785c4dd83f8317d731cee8cebaf902c94ce5
SHA512 7df13762452a9dd23b0a0f74b8fc96cd444920826f435ab9004734dc7bff2715535a4a6c238f1772395a55433b9a7cc2a0b621815f036785b1c9743b054fc5fc

C:\Windows\System\oFjQmaR.exe

MD5 d10c42a251127818d089a8d5d0097e26
SHA1 a9bb8afe2784dd51bc267a437496ffc5a6359311
SHA256 e54f60d7a98e02e9a82209d63c43f87bbd7ef4c729221a047b9938b8b3a22af0
SHA512 189de6769aca605a19a541bafdc676765c4f01b372c81e44cf8898111715c2fe48def1ad6f8396b5fedddfa21632fd441d6806e9f8d1e2594a559d916ddc2b7b

C:\Windows\System\UMiYkgV.exe

MD5 b24ea3b8015a0b5e235ddae963231955
SHA1 d829764437ac03d504cc28528b963750186ceed9
SHA256 1934efe1a4b20612944f70623a514067cdcae0fff6b6d324c8a2fbf2354991c4
SHA512 89789f663f585b8213b02d6e9401c47e2f476489a2003da0047ed6bece328c1de66a305e47271c61af5030c4210a803c9a69c7d79dc662f9708a8a417728565a

C:\Windows\System\weRBmnk.exe

MD5 5ecdd3ff24c15dd1065d7ca2caa01405
SHA1 f38fc2bdc91800852b623d451ffb0a62748f5cda
SHA256 3dd2dec150ab437589ed0110d8f08c907f2d7cf9b17af364a579cf5d9faa4d37
SHA512 d584cb10701e2268cfd0e619c5cc8b4ed164364ead2a3bda85c180cc6212a095743d4cef2a10a432c8eeea304d98614c5dcb0d25e6b29960d84a5da416125469

C:\Windows\System\qAfGkin.exe

MD5 9173c49845b27b1c28ca2510c52841ba
SHA1 f01985abf21e9870812f819ce7196f8d842a7c7b
SHA256 2b4c001cabcdd69a4fc3d3abb418793bc15161f6e96fd02d2c82cf0108f6a2ea
SHA512 f1df320f1cdd58470e95272e6722070bdacf62c0740209063477f2267c03ac256bf8d13cd001784ecbcca28b3496e78e3df786f551753714b5d7d2bb689a5797

memory/2536-19-0x00007FF67D820000-0x00007FF67DC12000-memory.dmp

C:\Windows\System\navdTZG.exe

MD5 70de00807372780b87b6f26bf8794020
SHA1 1b620562b1f95197b027b169619da15fbc8bb6e3
SHA256 453206e43bdb46060d2a28b282533107d7874172006bb6eee3e404d7874614a4
SHA512 8fb8a42a268e3fff753075f9abeff97b3775a3b0fdbb6cda7c59aff100f5a1a7325b76c1974d11cc48887e491046dbcfb65d4007ed803e5df5d14fbec200b592

memory/4080-21-0x00007FFFEFE53000-0x00007FFFEFE55000-memory.dmp

C:\Windows\System\SlkpYnz.exe

MD5 3f9cfe8a165fbe5ed357bf4fb6550d1a
SHA1 d1f76cef8b11f404ce3021901f1968e523167625
SHA256 fe7331c05f745b95f5509c04136ec2be8073cae1c2054bbe90290f3a5e3a1c01
SHA512 7c297d93de1529b68ba232f55d08c5bdfcf13a5c3741f810e605eeec9da08911d3d07e6bd5c21436fbf2be3db2070f19515d3ae2f1e7604c2ff2f34139c616ce

memory/4704-4125-0x00007FF742FD0000-0x00007FF7433C2000-memory.dmp

memory/2428-4129-0x00007FF6A19C0000-0x00007FF6A1DB2000-memory.dmp

memory/1608-4137-0x00007FF736410000-0x00007FF736802000-memory.dmp

memory/2324-4140-0x00007FF6B78C0000-0x00007FF6B7CB2000-memory.dmp

memory/3068-4156-0x00007FF640E40000-0x00007FF641232000-memory.dmp

memory/852-4163-0x00007FF7C4AC0000-0x00007FF7C4EB2000-memory.dmp

memory/1416-4174-0x00007FF631D30000-0x00007FF632122000-memory.dmp

memory/5060-4166-0x00007FF740F90000-0x00007FF741382000-memory.dmp

memory/1772-4157-0x00007FF705120000-0x00007FF705512000-memory.dmp

memory/436-4149-0x00007FF7C9C50000-0x00007FF7CA042000-memory.dmp

memory/3284-4144-0x00007FF64D150000-0x00007FF64D542000-memory.dmp

memory/3808-4133-0x00007FF7C9F00000-0x00007FF7CA2F2000-memory.dmp

memory/4852-4206-0x00007FF6F3FD0000-0x00007FF6F43C2000-memory.dmp

memory/3216-4212-0x00007FF601820000-0x00007FF601C12000-memory.dmp

memory/4828-4194-0x00007FF770780000-0x00007FF770B72000-memory.dmp

memory/5024-4190-0x00007FF6EAFB0000-0x00007FF6EB3A2000-memory.dmp

memory/5092-4186-0x00007FF7D37C0000-0x00007FF7D3BB2000-memory.dmp

memory/2240-4197-0x00007FF7979D0000-0x00007FF797DC2000-memory.dmp

memory/5080-4181-0x00007FF6B61E0000-0x00007FF6B65D2000-memory.dmp

memory/3812-5281-0x00007FF789080000-0x00007FF789472000-memory.dmp

memory/4588-4246-0x00007FF779A10000-0x00007FF779E02000-memory.dmp

memory/4824-4244-0x00007FF622020000-0x00007FF622412000-memory.dmp

memory/908-4241-0x00007FF7B9A40000-0x00007FF7B9E32000-memory.dmp

memory/5044-4215-0x00007FF66C3D0000-0x00007FF66C7C2000-memory.dmp

memory/4080-5648-0x00007FFFEFE50000-0x00007FFFF0911000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 05:27

Reported

2024-05-27 05:30

Platform

win7-20240221-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\navdTZG.exe N/A
N/A N/A C:\Windows\System\weRBmnk.exe N/A
N/A N/A C:\Windows\System\qAfGkin.exe N/A
N/A N/A C:\Windows\System\zGZXUWc.exe N/A
N/A N/A C:\Windows\System\UEQoenP.exe N/A
N/A N/A C:\Windows\System\oFjQmaR.exe N/A
N/A N/A C:\Windows\System\mqoTIMC.exe N/A
N/A N/A C:\Windows\System\AAKTMWS.exe N/A
N/A N/A C:\Windows\System\alSeaKz.exe N/A
N/A N/A C:\Windows\System\UMiYkgV.exe N/A
N/A N/A C:\Windows\System\qryUTxY.exe N/A
N/A N/A C:\Windows\System\MfBpwui.exe N/A
N/A N/A C:\Windows\System\PiTZeYf.exe N/A
N/A N/A C:\Windows\System\xUTDcfq.exe N/A
N/A N/A C:\Windows\System\hdIaGMB.exe N/A
N/A N/A C:\Windows\System\sCaUpyv.exe N/A
N/A N/A C:\Windows\System\EHonimw.exe N/A
N/A N/A C:\Windows\System\CrxYJQv.exe N/A
N/A N/A C:\Windows\System\aoPfJkg.exe N/A
N/A N/A C:\Windows\System\oLfRcOj.exe N/A
N/A N/A C:\Windows\System\VgsIhqm.exe N/A
N/A N/A C:\Windows\System\jIqbJER.exe N/A
N/A N/A C:\Windows\System\RUZIIog.exe N/A
N/A N/A C:\Windows\System\FhcCFMg.exe N/A
N/A N/A C:\Windows\System\eApdvlJ.exe N/A
N/A N/A C:\Windows\System\GWUbeXf.exe N/A
N/A N/A C:\Windows\System\fAKAXLV.exe N/A
N/A N/A C:\Windows\System\EeKjgRc.exe N/A
N/A N/A C:\Windows\System\tmaJcmt.exe N/A
N/A N/A C:\Windows\System\WjzajAD.exe N/A
N/A N/A C:\Windows\System\LmYDQuW.exe N/A
N/A N/A C:\Windows\System\GKFIZOh.exe N/A
N/A N/A C:\Windows\System\tgSmlzc.exe N/A
N/A N/A C:\Windows\System\gxxWGtM.exe N/A
N/A N/A C:\Windows\System\SHjhKLA.exe N/A
N/A N/A C:\Windows\System\qxCYMrz.exe N/A
N/A N/A C:\Windows\System\wGAGicS.exe N/A
N/A N/A C:\Windows\System\dnAanhi.exe N/A
N/A N/A C:\Windows\System\XdIsEap.exe N/A
N/A N/A C:\Windows\System\PySaFWo.exe N/A
N/A N/A C:\Windows\System\JVAdcIL.exe N/A
N/A N/A C:\Windows\System\BvezlaB.exe N/A
N/A N/A C:\Windows\System\TZTIQhu.exe N/A
N/A N/A C:\Windows\System\HEDdGvZ.exe N/A
N/A N/A C:\Windows\System\OFEAwTz.exe N/A
N/A N/A C:\Windows\System\HeTAtOq.exe N/A
N/A N/A C:\Windows\System\rBSbHXZ.exe N/A
N/A N/A C:\Windows\System\tBvDffs.exe N/A
N/A N/A C:\Windows\System\eMGqCRB.exe N/A
N/A N/A C:\Windows\System\SGmeyMo.exe N/A
N/A N/A C:\Windows\System\hjbqcPf.exe N/A
N/A N/A C:\Windows\System\pwbsJQo.exe N/A
N/A N/A C:\Windows\System\vJTgugF.exe N/A
N/A N/A C:\Windows\System\HTUASNh.exe N/A
N/A N/A C:\Windows\System\HisEVaB.exe N/A
N/A N/A C:\Windows\System\yAVKBix.exe N/A
N/A N/A C:\Windows\System\OpgjyoD.exe N/A
N/A N/A C:\Windows\System\dVcMjUD.exe N/A
N/A N/A C:\Windows\System\jlMhMuT.exe N/A
N/A N/A C:\Windows\System\YupqKQD.exe N/A
N/A N/A C:\Windows\System\asdCsvZ.exe N/A
N/A N/A C:\Windows\System\RlBaEnf.exe N/A
N/A N/A C:\Windows\System\DLzzqOh.exe N/A
N/A N/A C:\Windows\System\VdRazdw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\MBMAGjB.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\lMskwdK.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\zCeApFE.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\XIRUmON.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\eSkmKTA.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\OyurcfJ.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\FJuUNur.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\dverNVj.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\WseJvvI.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\WnespNP.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\xtPIpEx.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\jdjwyJA.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\ttCokhl.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\zuTPJlf.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\KqjYVFB.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\QbFGwmI.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\acDDBBP.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\xSCMUXd.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\zOJQjbA.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\OUaKVgw.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\MTzkTrh.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\NzNsedD.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\bLIUzuF.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\cMxuAtR.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\KaOyiyl.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\uDWXExE.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\LgxYYgS.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\SoQRbTK.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\DnZQqHr.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\TrVntPK.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\geulmvH.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\sjbWCLE.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\erDssCd.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\MwxEhUY.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\iIlOtdN.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\gHQwJwz.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\FhWIyIk.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\VQfeypE.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\OcAfPua.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\KDLikvH.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\nWqQkjQ.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\fVxsVtp.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\PJSvVPU.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\zhGimZL.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\bMgOdpf.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\EuISrBr.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\gAqOSLT.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\GnRuwxm.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\XqmLHlE.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\csvAWKI.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\TvwzGgJ.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\EEdjQId.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\sNBmuqM.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\VpCiOJH.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\IpTNHNi.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\EBglVCG.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\zDfdiLs.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\aNFEtnF.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\XuBMUNT.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\slvgqJm.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\CvFMThg.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\PdlNuNR.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\qRkGqOu.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
File created C:\Windows\System\ErMFnyJ.exe C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2084 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2084 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2084 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2084 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\navdTZG.exe
PID 2084 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\navdTZG.exe
PID 2084 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\navdTZG.exe
PID 2084 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qAfGkin.exe
PID 2084 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qAfGkin.exe
PID 2084 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qAfGkin.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\weRBmnk.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\weRBmnk.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\weRBmnk.exe
PID 2084 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\zGZXUWc.exe
PID 2084 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\zGZXUWc.exe
PID 2084 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\zGZXUWc.exe
PID 2084 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UEQoenP.exe
PID 2084 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UEQoenP.exe
PID 2084 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UEQoenP.exe
PID 2084 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oFjQmaR.exe
PID 2084 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oFjQmaR.exe
PID 2084 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oFjQmaR.exe
PID 2084 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\mqoTIMC.exe
PID 2084 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\mqoTIMC.exe
PID 2084 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\mqoTIMC.exe
PID 2084 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\AAKTMWS.exe
PID 2084 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\AAKTMWS.exe
PID 2084 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\AAKTMWS.exe
PID 2084 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\alSeaKz.exe
PID 2084 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\alSeaKz.exe
PID 2084 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\alSeaKz.exe
PID 2084 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UMiYkgV.exe
PID 2084 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UMiYkgV.exe
PID 2084 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\UMiYkgV.exe
PID 2084 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qryUTxY.exe
PID 2084 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qryUTxY.exe
PID 2084 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\qryUTxY.exe
PID 2084 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\MfBpwui.exe
PID 2084 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\MfBpwui.exe
PID 2084 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\MfBpwui.exe
PID 2084 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\PiTZeYf.exe
PID 2084 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\PiTZeYf.exe
PID 2084 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\PiTZeYf.exe
PID 2084 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\xUTDcfq.exe
PID 2084 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\xUTDcfq.exe
PID 2084 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\xUTDcfq.exe
PID 2084 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\hdIaGMB.exe
PID 2084 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\hdIaGMB.exe
PID 2084 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\hdIaGMB.exe
PID 2084 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\sCaUpyv.exe
PID 2084 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\sCaUpyv.exe
PID 2084 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\sCaUpyv.exe
PID 2084 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\EHonimw.exe
PID 2084 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\EHonimw.exe
PID 2084 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\EHonimw.exe
PID 2084 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\CrxYJQv.exe
PID 2084 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\CrxYJQv.exe
PID 2084 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\CrxYJQv.exe
PID 2084 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\aoPfJkg.exe
PID 2084 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\aoPfJkg.exe
PID 2084 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\aoPfJkg.exe
PID 2084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oLfRcOj.exe
PID 2084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oLfRcOj.exe
PID 2084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\oLfRcOj.exe
PID 2084 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe C:\Windows\System\VgsIhqm.exe

Processes

C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\780d1fb67eb98771b44d64921df8c5f8_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\navdTZG.exe

C:\Windows\System\navdTZG.exe

C:\Windows\System\qAfGkin.exe

C:\Windows\System\qAfGkin.exe

C:\Windows\System\weRBmnk.exe

C:\Windows\System\weRBmnk.exe

C:\Windows\System\zGZXUWc.exe

C:\Windows\System\zGZXUWc.exe

C:\Windows\System\UEQoenP.exe

C:\Windows\System\UEQoenP.exe

C:\Windows\System\oFjQmaR.exe

C:\Windows\System\oFjQmaR.exe

C:\Windows\System\mqoTIMC.exe

C:\Windows\System\mqoTIMC.exe

C:\Windows\System\AAKTMWS.exe

C:\Windows\System\AAKTMWS.exe

C:\Windows\System\alSeaKz.exe

C:\Windows\System\alSeaKz.exe

C:\Windows\System\UMiYkgV.exe

C:\Windows\System\UMiYkgV.exe

C:\Windows\System\qryUTxY.exe

C:\Windows\System\qryUTxY.exe

C:\Windows\System\MfBpwui.exe

C:\Windows\System\MfBpwui.exe

C:\Windows\System\PiTZeYf.exe

C:\Windows\System\PiTZeYf.exe

C:\Windows\System\xUTDcfq.exe

C:\Windows\System\xUTDcfq.exe

C:\Windows\System\hdIaGMB.exe

C:\Windows\System\hdIaGMB.exe

C:\Windows\System\sCaUpyv.exe

C:\Windows\System\sCaUpyv.exe

C:\Windows\System\EHonimw.exe

C:\Windows\System\EHonimw.exe

C:\Windows\System\CrxYJQv.exe

C:\Windows\System\CrxYJQv.exe

C:\Windows\System\aoPfJkg.exe

C:\Windows\System\aoPfJkg.exe

C:\Windows\System\oLfRcOj.exe

C:\Windows\System\oLfRcOj.exe

C:\Windows\System\VgsIhqm.exe

C:\Windows\System\VgsIhqm.exe

C:\Windows\System\jIqbJER.exe

C:\Windows\System\jIqbJER.exe

C:\Windows\System\RUZIIog.exe

C:\Windows\System\RUZIIog.exe

C:\Windows\System\FhcCFMg.exe

C:\Windows\System\FhcCFMg.exe

C:\Windows\System\eApdvlJ.exe

C:\Windows\System\eApdvlJ.exe

C:\Windows\System\fAKAXLV.exe

C:\Windows\System\fAKAXLV.exe

C:\Windows\System\GWUbeXf.exe

C:\Windows\System\GWUbeXf.exe

C:\Windows\System\tmaJcmt.exe

C:\Windows\System\tmaJcmt.exe

C:\Windows\System\EeKjgRc.exe

C:\Windows\System\EeKjgRc.exe

C:\Windows\System\WjzajAD.exe

C:\Windows\System\WjzajAD.exe

C:\Windows\System\LmYDQuW.exe

C:\Windows\System\LmYDQuW.exe

C:\Windows\System\GKFIZOh.exe

C:\Windows\System\GKFIZOh.exe

C:\Windows\System\tgSmlzc.exe

C:\Windows\System\tgSmlzc.exe

C:\Windows\System\qxCYMrz.exe

C:\Windows\System\qxCYMrz.exe

C:\Windows\System\gxxWGtM.exe

C:\Windows\System\gxxWGtM.exe

C:\Windows\System\wGAGicS.exe

C:\Windows\System\wGAGicS.exe

C:\Windows\System\SHjhKLA.exe

C:\Windows\System\SHjhKLA.exe

C:\Windows\System\dnAanhi.exe

C:\Windows\System\dnAanhi.exe

C:\Windows\System\XdIsEap.exe

C:\Windows\System\XdIsEap.exe

C:\Windows\System\JVAdcIL.exe

C:\Windows\System\JVAdcIL.exe

C:\Windows\System\PySaFWo.exe

C:\Windows\System\PySaFWo.exe

C:\Windows\System\BvezlaB.exe

C:\Windows\System\BvezlaB.exe

C:\Windows\System\TZTIQhu.exe

C:\Windows\System\TZTIQhu.exe

C:\Windows\System\HEDdGvZ.exe

C:\Windows\System\HEDdGvZ.exe

C:\Windows\System\OFEAwTz.exe

C:\Windows\System\OFEAwTz.exe

C:\Windows\System\rBSbHXZ.exe

C:\Windows\System\rBSbHXZ.exe

C:\Windows\System\HeTAtOq.exe

C:\Windows\System\HeTAtOq.exe

C:\Windows\System\SGmeyMo.exe

C:\Windows\System\SGmeyMo.exe

C:\Windows\System\tBvDffs.exe

C:\Windows\System\tBvDffs.exe

C:\Windows\System\hjbqcPf.exe

C:\Windows\System\hjbqcPf.exe

C:\Windows\System\eMGqCRB.exe

C:\Windows\System\eMGqCRB.exe

C:\Windows\System\pwbsJQo.exe

C:\Windows\System\pwbsJQo.exe

C:\Windows\System\vJTgugF.exe

C:\Windows\System\vJTgugF.exe

C:\Windows\System\HisEVaB.exe

C:\Windows\System\HisEVaB.exe

C:\Windows\System\HTUASNh.exe

C:\Windows\System\HTUASNh.exe

C:\Windows\System\dVcMjUD.exe

C:\Windows\System\dVcMjUD.exe

C:\Windows\System\yAVKBix.exe

C:\Windows\System\yAVKBix.exe

C:\Windows\System\jlMhMuT.exe

C:\Windows\System\jlMhMuT.exe

C:\Windows\System\OpgjyoD.exe

C:\Windows\System\OpgjyoD.exe

C:\Windows\System\YupqKQD.exe

C:\Windows\System\YupqKQD.exe

C:\Windows\System\asdCsvZ.exe

C:\Windows\System\asdCsvZ.exe

C:\Windows\System\RlBaEnf.exe

C:\Windows\System\RlBaEnf.exe

C:\Windows\System\DLzzqOh.exe

C:\Windows\System\DLzzqOh.exe

C:\Windows\System\VdRazdw.exe

C:\Windows\System\VdRazdw.exe

C:\Windows\System\iOrGjgk.exe

C:\Windows\System\iOrGjgk.exe

C:\Windows\System\hOQXkSZ.exe

C:\Windows\System\hOQXkSZ.exe

C:\Windows\System\PYHZeYa.exe

C:\Windows\System\PYHZeYa.exe

C:\Windows\System\QzeAPeS.exe

C:\Windows\System\QzeAPeS.exe

C:\Windows\System\pMklJjT.exe

C:\Windows\System\pMklJjT.exe

C:\Windows\System\JRwIjzO.exe

C:\Windows\System\JRwIjzO.exe

C:\Windows\System\VcgLqHa.exe

C:\Windows\System\VcgLqHa.exe

C:\Windows\System\DANZoeW.exe

C:\Windows\System\DANZoeW.exe

C:\Windows\System\XlkRDNo.exe

C:\Windows\System\XlkRDNo.exe

C:\Windows\System\euYQabZ.exe

C:\Windows\System\euYQabZ.exe

C:\Windows\System\lUCqblT.exe

C:\Windows\System\lUCqblT.exe

C:\Windows\System\kARPGpt.exe

C:\Windows\System\kARPGpt.exe

C:\Windows\System\sInohVy.exe

C:\Windows\System\sInohVy.exe

C:\Windows\System\oAxUSTr.exe

C:\Windows\System\oAxUSTr.exe

C:\Windows\System\tuZKEhD.exe

C:\Windows\System\tuZKEhD.exe

C:\Windows\System\FnRezrB.exe

C:\Windows\System\FnRezrB.exe

C:\Windows\System\CZaslqt.exe

C:\Windows\System\CZaslqt.exe

C:\Windows\System\pZtfFug.exe

C:\Windows\System\pZtfFug.exe

C:\Windows\System\fcyEESg.exe

C:\Windows\System\fcyEESg.exe

C:\Windows\System\KgwsIgB.exe

C:\Windows\System\KgwsIgB.exe

C:\Windows\System\BzmnkAQ.exe

C:\Windows\System\BzmnkAQ.exe

C:\Windows\System\MWBHWiO.exe

C:\Windows\System\MWBHWiO.exe

C:\Windows\System\pZBpfvw.exe

C:\Windows\System\pZBpfvw.exe

C:\Windows\System\foSPpPQ.exe

C:\Windows\System\foSPpPQ.exe

C:\Windows\System\AjmYWdj.exe

C:\Windows\System\AjmYWdj.exe

C:\Windows\System\hjbvvyq.exe

C:\Windows\System\hjbvvyq.exe

C:\Windows\System\dMsdnHX.exe

C:\Windows\System\dMsdnHX.exe

C:\Windows\System\SzScgWA.exe

C:\Windows\System\SzScgWA.exe

C:\Windows\System\JQxcytS.exe

C:\Windows\System\JQxcytS.exe

C:\Windows\System\BSFEfNQ.exe

C:\Windows\System\BSFEfNQ.exe

C:\Windows\System\SpPPrmT.exe

C:\Windows\System\SpPPrmT.exe

C:\Windows\System\SSGofdd.exe

C:\Windows\System\SSGofdd.exe

C:\Windows\System\lphdydC.exe

C:\Windows\System\lphdydC.exe

C:\Windows\System\MZrfvaW.exe

C:\Windows\System\MZrfvaW.exe

C:\Windows\System\wpXBNNc.exe

C:\Windows\System\wpXBNNc.exe

C:\Windows\System\SpQhrfM.exe

C:\Windows\System\SpQhrfM.exe

C:\Windows\System\LHVHuYj.exe

C:\Windows\System\LHVHuYj.exe

C:\Windows\System\vQxsSQN.exe

C:\Windows\System\vQxsSQN.exe

C:\Windows\System\dzdIONX.exe

C:\Windows\System\dzdIONX.exe

C:\Windows\System\qPDCmIt.exe

C:\Windows\System\qPDCmIt.exe

C:\Windows\System\XmBwydw.exe

C:\Windows\System\XmBwydw.exe

C:\Windows\System\PtZrEHh.exe

C:\Windows\System\PtZrEHh.exe

C:\Windows\System\VGVMhOp.exe

C:\Windows\System\VGVMhOp.exe

C:\Windows\System\HdlotfX.exe

C:\Windows\System\HdlotfX.exe

C:\Windows\System\JyVFBsP.exe

C:\Windows\System\JyVFBsP.exe

C:\Windows\System\IoWYSgo.exe

C:\Windows\System\IoWYSgo.exe

C:\Windows\System\DIeGJRo.exe

C:\Windows\System\DIeGJRo.exe

C:\Windows\System\vYPxdOR.exe

C:\Windows\System\vYPxdOR.exe

C:\Windows\System\kHpygpF.exe

C:\Windows\System\kHpygpF.exe

C:\Windows\System\eoIgvdu.exe

C:\Windows\System\eoIgvdu.exe

C:\Windows\System\sGFhjOv.exe

C:\Windows\System\sGFhjOv.exe

C:\Windows\System\IvAJwpf.exe

C:\Windows\System\IvAJwpf.exe

C:\Windows\System\PgncVDv.exe

C:\Windows\System\PgncVDv.exe

C:\Windows\System\wxTXDaT.exe

C:\Windows\System\wxTXDaT.exe

C:\Windows\System\aMdFNun.exe

C:\Windows\System\aMdFNun.exe

C:\Windows\System\xLHTCHn.exe

C:\Windows\System\xLHTCHn.exe

C:\Windows\System\bKgeYOi.exe

C:\Windows\System\bKgeYOi.exe

C:\Windows\System\SEIBpuf.exe

C:\Windows\System\SEIBpuf.exe

C:\Windows\System\NbStVVu.exe

C:\Windows\System\NbStVVu.exe

C:\Windows\System\EySCGJp.exe

C:\Windows\System\EySCGJp.exe

C:\Windows\System\IRpuSaQ.exe

C:\Windows\System\IRpuSaQ.exe

C:\Windows\System\nnZELxz.exe

C:\Windows\System\nnZELxz.exe

C:\Windows\System\MblJLNu.exe

C:\Windows\System\MblJLNu.exe

C:\Windows\System\Ydsjhxk.exe

C:\Windows\System\Ydsjhxk.exe

C:\Windows\System\mVJLxMS.exe

C:\Windows\System\mVJLxMS.exe

C:\Windows\System\cgNJFRl.exe

C:\Windows\System\cgNJFRl.exe

C:\Windows\System\wmpzzgk.exe

C:\Windows\System\wmpzzgk.exe

C:\Windows\System\CkJCFzY.exe

C:\Windows\System\CkJCFzY.exe

C:\Windows\System\nZApOCh.exe

C:\Windows\System\nZApOCh.exe

C:\Windows\System\swbUbJN.exe

C:\Windows\System\swbUbJN.exe

C:\Windows\System\apvjEmi.exe

C:\Windows\System\apvjEmi.exe

C:\Windows\System\hkRxBKo.exe

C:\Windows\System\hkRxBKo.exe

C:\Windows\System\KQRcVFz.exe

C:\Windows\System\KQRcVFz.exe

C:\Windows\System\AoKhfxo.exe

C:\Windows\System\AoKhfxo.exe

C:\Windows\System\rjKaNAk.exe

C:\Windows\System\rjKaNAk.exe

C:\Windows\System\vNkuBux.exe

C:\Windows\System\vNkuBux.exe

C:\Windows\System\EbkBVin.exe

C:\Windows\System\EbkBVin.exe

C:\Windows\System\UDORZQN.exe

C:\Windows\System\UDORZQN.exe

C:\Windows\System\eaPGLmd.exe

C:\Windows\System\eaPGLmd.exe

C:\Windows\System\ZlUfvgV.exe

C:\Windows\System\ZlUfvgV.exe

C:\Windows\System\iJfNQqC.exe

C:\Windows\System\iJfNQqC.exe

C:\Windows\System\AoiMfQg.exe

C:\Windows\System\AoiMfQg.exe

C:\Windows\System\XJVSnfb.exe

C:\Windows\System\XJVSnfb.exe

C:\Windows\System\aAIPMAY.exe

C:\Windows\System\aAIPMAY.exe

C:\Windows\System\RLEcwEh.exe

C:\Windows\System\RLEcwEh.exe

C:\Windows\System\qjArqQU.exe

C:\Windows\System\qjArqQU.exe

C:\Windows\System\iZzSiEQ.exe

C:\Windows\System\iZzSiEQ.exe

C:\Windows\System\ixRRXBm.exe

C:\Windows\System\ixRRXBm.exe

C:\Windows\System\zJOJoal.exe

C:\Windows\System\zJOJoal.exe

C:\Windows\System\EbdINUy.exe

C:\Windows\System\EbdINUy.exe

C:\Windows\System\ErMFnyJ.exe

C:\Windows\System\ErMFnyJ.exe

C:\Windows\System\lvxsHQY.exe

C:\Windows\System\lvxsHQY.exe

C:\Windows\System\RHqnPcz.exe

C:\Windows\System\RHqnPcz.exe

C:\Windows\System\mDFyGIO.exe

C:\Windows\System\mDFyGIO.exe

C:\Windows\System\XCRnhsM.exe

C:\Windows\System\XCRnhsM.exe

C:\Windows\System\RjgyWbg.exe

C:\Windows\System\RjgyWbg.exe

C:\Windows\System\WhjpPXc.exe

C:\Windows\System\WhjpPXc.exe

C:\Windows\System\sLVFbhs.exe

C:\Windows\System\sLVFbhs.exe

C:\Windows\System\kbKqxBL.exe

C:\Windows\System\kbKqxBL.exe

C:\Windows\System\pTjpqje.exe

C:\Windows\System\pTjpqje.exe

C:\Windows\System\IMQXcJA.exe

C:\Windows\System\IMQXcJA.exe

C:\Windows\System\fZQDgtv.exe

C:\Windows\System\fZQDgtv.exe

C:\Windows\System\VgVYXxe.exe

C:\Windows\System\VgVYXxe.exe

C:\Windows\System\qHPFqPo.exe

C:\Windows\System\qHPFqPo.exe

C:\Windows\System\VdHYAyQ.exe

C:\Windows\System\VdHYAyQ.exe

C:\Windows\System\tUdKeiv.exe

C:\Windows\System\tUdKeiv.exe

C:\Windows\System\DdPhzSh.exe

C:\Windows\System\DdPhzSh.exe

C:\Windows\System\sNRePIB.exe

C:\Windows\System\sNRePIB.exe

C:\Windows\System\ncWVEkF.exe

C:\Windows\System\ncWVEkF.exe

C:\Windows\System\LbkJXRs.exe

C:\Windows\System\LbkJXRs.exe

C:\Windows\System\CuwINBH.exe

C:\Windows\System\CuwINBH.exe

C:\Windows\System\bapfVkV.exe

C:\Windows\System\bapfVkV.exe

C:\Windows\System\xVxSJAG.exe

C:\Windows\System\xVxSJAG.exe

C:\Windows\System\vxtwwDD.exe

C:\Windows\System\vxtwwDD.exe

C:\Windows\System\mKtOVXo.exe

C:\Windows\System\mKtOVXo.exe

C:\Windows\System\oxoOKji.exe

C:\Windows\System\oxoOKji.exe

C:\Windows\System\LxAOGJL.exe

C:\Windows\System\LxAOGJL.exe

C:\Windows\System\DcQduDZ.exe

C:\Windows\System\DcQduDZ.exe

C:\Windows\System\OrUrznd.exe

C:\Windows\System\OrUrznd.exe

C:\Windows\System\VemxXpD.exe

C:\Windows\System\VemxXpD.exe

C:\Windows\System\lgBOuQC.exe

C:\Windows\System\lgBOuQC.exe

C:\Windows\System\MsAgvWq.exe

C:\Windows\System\MsAgvWq.exe

C:\Windows\System\EXZaxln.exe

C:\Windows\System\EXZaxln.exe

C:\Windows\System\ZJmFFgX.exe

C:\Windows\System\ZJmFFgX.exe

C:\Windows\System\XTOsdtS.exe

C:\Windows\System\XTOsdtS.exe

C:\Windows\System\ekSmesP.exe

C:\Windows\System\ekSmesP.exe

C:\Windows\System\pGujTuU.exe

C:\Windows\System\pGujTuU.exe

C:\Windows\System\ELsaVFz.exe

C:\Windows\System\ELsaVFz.exe

C:\Windows\System\xiKBYKM.exe

C:\Windows\System\xiKBYKM.exe

C:\Windows\System\bovaAjo.exe

C:\Windows\System\bovaAjo.exe

C:\Windows\System\KCMOSsg.exe

C:\Windows\System\KCMOSsg.exe

C:\Windows\System\OkrHfZi.exe

C:\Windows\System\OkrHfZi.exe

C:\Windows\System\zCBGUwB.exe

C:\Windows\System\zCBGUwB.exe

C:\Windows\System\UHqtTNw.exe

C:\Windows\System\UHqtTNw.exe

C:\Windows\System\ZqQPxLP.exe

C:\Windows\System\ZqQPxLP.exe

C:\Windows\System\XGZQctd.exe

C:\Windows\System\XGZQctd.exe

C:\Windows\System\PHsHaLp.exe

C:\Windows\System\PHsHaLp.exe

C:\Windows\System\FcoppSJ.exe

C:\Windows\System\FcoppSJ.exe

C:\Windows\System\pOSssGI.exe

C:\Windows\System\pOSssGI.exe

C:\Windows\System\ytSkPct.exe

C:\Windows\System\ytSkPct.exe

C:\Windows\System\xnKHGpi.exe

C:\Windows\System\xnKHGpi.exe

C:\Windows\System\ClBCWTX.exe

C:\Windows\System\ClBCWTX.exe

C:\Windows\System\VFFqpQt.exe

C:\Windows\System\VFFqpQt.exe

C:\Windows\System\ZIRSoDo.exe

C:\Windows\System\ZIRSoDo.exe

C:\Windows\System\URfjusn.exe

C:\Windows\System\URfjusn.exe

C:\Windows\System\PMkQeJn.exe

C:\Windows\System\PMkQeJn.exe

C:\Windows\System\iDNCJbx.exe

C:\Windows\System\iDNCJbx.exe

C:\Windows\System\bEDuEUU.exe

C:\Windows\System\bEDuEUU.exe

C:\Windows\System\ZITXZgQ.exe

C:\Windows\System\ZITXZgQ.exe

C:\Windows\System\WUZIGUa.exe

C:\Windows\System\WUZIGUa.exe

C:\Windows\System\VYYcMqJ.exe

C:\Windows\System\VYYcMqJ.exe

C:\Windows\System\kHZmOvz.exe

C:\Windows\System\kHZmOvz.exe

C:\Windows\System\BCtZyxw.exe

C:\Windows\System\BCtZyxw.exe

C:\Windows\System\egAswZU.exe

C:\Windows\System\egAswZU.exe

C:\Windows\System\bsNXoUG.exe

C:\Windows\System\bsNXoUG.exe

C:\Windows\System\JVuXGrJ.exe

C:\Windows\System\JVuXGrJ.exe

C:\Windows\System\xUjNpGS.exe

C:\Windows\System\xUjNpGS.exe

C:\Windows\System\QcYosjF.exe

C:\Windows\System\QcYosjF.exe

C:\Windows\System\CPZrjHj.exe

C:\Windows\System\CPZrjHj.exe

C:\Windows\System\YRCPjUW.exe

C:\Windows\System\YRCPjUW.exe

C:\Windows\System\htvQbbj.exe

C:\Windows\System\htvQbbj.exe

C:\Windows\System\tlollHQ.exe

C:\Windows\System\tlollHQ.exe

C:\Windows\System\rRNBPYk.exe

C:\Windows\System\rRNBPYk.exe

C:\Windows\System\CNJQmnZ.exe

C:\Windows\System\CNJQmnZ.exe

C:\Windows\System\RzvWjoo.exe

C:\Windows\System\RzvWjoo.exe

C:\Windows\System\gBVVuXX.exe

C:\Windows\System\gBVVuXX.exe

C:\Windows\System\ergtEOV.exe

C:\Windows\System\ergtEOV.exe

C:\Windows\System\SHACoif.exe

C:\Windows\System\SHACoif.exe

C:\Windows\System\ofPLAsW.exe

C:\Windows\System\ofPLAsW.exe

C:\Windows\System\GUazRZw.exe

C:\Windows\System\GUazRZw.exe

C:\Windows\System\QZekYWJ.exe

C:\Windows\System\QZekYWJ.exe

C:\Windows\System\CdglYWH.exe

C:\Windows\System\CdglYWH.exe

C:\Windows\System\pCUvcQK.exe

C:\Windows\System\pCUvcQK.exe

C:\Windows\System\UdFbFQt.exe

C:\Windows\System\UdFbFQt.exe

C:\Windows\System\eHJqdqW.exe

C:\Windows\System\eHJqdqW.exe

C:\Windows\System\nyHXopU.exe

C:\Windows\System\nyHXopU.exe

C:\Windows\System\nrshRZM.exe

C:\Windows\System\nrshRZM.exe

C:\Windows\System\bkeqKDb.exe

C:\Windows\System\bkeqKDb.exe

C:\Windows\System\jelCWnH.exe

C:\Windows\System\jelCWnH.exe

C:\Windows\System\CqOrvOa.exe

C:\Windows\System\CqOrvOa.exe

C:\Windows\System\vziGZeR.exe

C:\Windows\System\vziGZeR.exe

C:\Windows\System\QOxgnOf.exe

C:\Windows\System\QOxgnOf.exe

C:\Windows\System\YmDAVpw.exe

C:\Windows\System\YmDAVpw.exe

C:\Windows\System\JDiVhGZ.exe

C:\Windows\System\JDiVhGZ.exe

C:\Windows\System\xxpaILc.exe

C:\Windows\System\xxpaILc.exe

C:\Windows\System\eyFcUMT.exe

C:\Windows\System\eyFcUMT.exe

C:\Windows\System\itExXpQ.exe

C:\Windows\System\itExXpQ.exe

C:\Windows\System\MXJhjzS.exe

C:\Windows\System\MXJhjzS.exe

C:\Windows\System\AiYpqDr.exe

C:\Windows\System\AiYpqDr.exe

C:\Windows\System\fUTolkg.exe

C:\Windows\System\fUTolkg.exe

C:\Windows\System\dJJBLbH.exe

C:\Windows\System\dJJBLbH.exe

C:\Windows\System\qqNrroM.exe

C:\Windows\System\qqNrroM.exe

C:\Windows\System\tzemyAH.exe

C:\Windows\System\tzemyAH.exe

C:\Windows\System\hpCRxIi.exe

C:\Windows\System\hpCRxIi.exe

C:\Windows\System\vnUYnOr.exe

C:\Windows\System\vnUYnOr.exe

C:\Windows\System\PnIUEpB.exe

C:\Windows\System\PnIUEpB.exe

C:\Windows\System\EpvWsBB.exe

C:\Windows\System\EpvWsBB.exe

C:\Windows\System\uobpTho.exe

C:\Windows\System\uobpTho.exe

C:\Windows\System\VlAsyYE.exe

C:\Windows\System\VlAsyYE.exe

C:\Windows\System\FteMVPR.exe

C:\Windows\System\FteMVPR.exe

C:\Windows\System\FQuaPVF.exe

C:\Windows\System\FQuaPVF.exe

C:\Windows\System\GxjDtPi.exe

C:\Windows\System\GxjDtPi.exe

C:\Windows\System\qmQVtTD.exe

C:\Windows\System\qmQVtTD.exe

C:\Windows\System\Ycyjsyr.exe

C:\Windows\System\Ycyjsyr.exe

C:\Windows\System\AFJxCcF.exe

C:\Windows\System\AFJxCcF.exe

C:\Windows\System\peDEEmm.exe

C:\Windows\System\peDEEmm.exe

C:\Windows\System\yrFXHIA.exe

C:\Windows\System\yrFXHIA.exe

C:\Windows\System\dEiurum.exe

C:\Windows\System\dEiurum.exe

C:\Windows\System\nbBssPC.exe

C:\Windows\System\nbBssPC.exe

C:\Windows\System\ZFeJMZQ.exe

C:\Windows\System\ZFeJMZQ.exe

C:\Windows\System\BbyxQuK.exe

C:\Windows\System\BbyxQuK.exe

C:\Windows\System\ubAaryY.exe

C:\Windows\System\ubAaryY.exe

C:\Windows\System\pefgIPC.exe

C:\Windows\System\pefgIPC.exe

C:\Windows\System\nPIJWNV.exe

C:\Windows\System\nPIJWNV.exe

C:\Windows\System\SqsdGpH.exe

C:\Windows\System\SqsdGpH.exe

C:\Windows\System\xGZJjIK.exe

C:\Windows\System\xGZJjIK.exe

C:\Windows\System\TfaJAEE.exe

C:\Windows\System\TfaJAEE.exe

C:\Windows\System\YCLZZpR.exe

C:\Windows\System\YCLZZpR.exe

C:\Windows\System\ZWmDiFt.exe

C:\Windows\System\ZWmDiFt.exe

C:\Windows\System\DPWjxHa.exe

C:\Windows\System\DPWjxHa.exe

C:\Windows\System\ddIpscQ.exe

C:\Windows\System\ddIpscQ.exe

C:\Windows\System\MweDfAs.exe

C:\Windows\System\MweDfAs.exe

C:\Windows\System\qDgjtPm.exe

C:\Windows\System\qDgjtPm.exe

C:\Windows\System\PFpxJAP.exe

C:\Windows\System\PFpxJAP.exe

C:\Windows\System\SPGULYa.exe

C:\Windows\System\SPGULYa.exe

C:\Windows\System\psjTUXf.exe

C:\Windows\System\psjTUXf.exe

C:\Windows\System\SddmGeI.exe

C:\Windows\System\SddmGeI.exe

C:\Windows\System\UNRDhFY.exe

C:\Windows\System\UNRDhFY.exe

C:\Windows\System\ZijCnjP.exe

C:\Windows\System\ZijCnjP.exe

C:\Windows\System\bUqoXjz.exe

C:\Windows\System\bUqoXjz.exe

C:\Windows\System\CzthNFE.exe

C:\Windows\System\CzthNFE.exe

C:\Windows\System\JIJRTLY.exe

C:\Windows\System\JIJRTLY.exe

C:\Windows\System\WYmyhOz.exe

C:\Windows\System\WYmyhOz.exe

C:\Windows\System\yCkCtnP.exe

C:\Windows\System\yCkCtnP.exe

C:\Windows\System\yWWCmxb.exe

C:\Windows\System\yWWCmxb.exe

C:\Windows\System\nzVnCBT.exe

C:\Windows\System\nzVnCBT.exe

C:\Windows\System\KGLzuiO.exe

C:\Windows\System\KGLzuiO.exe

C:\Windows\System\mpAkmIf.exe

C:\Windows\System\mpAkmIf.exe

C:\Windows\System\byAINEO.exe

C:\Windows\System\byAINEO.exe

C:\Windows\System\PXrVXpl.exe

C:\Windows\System\PXrVXpl.exe

C:\Windows\System\MvWFNOn.exe

C:\Windows\System\MvWFNOn.exe

C:\Windows\System\fsFrGPt.exe

C:\Windows\System\fsFrGPt.exe

C:\Windows\System\UUGzEKF.exe

C:\Windows\System\UUGzEKF.exe

C:\Windows\System\WqqZIfH.exe

C:\Windows\System\WqqZIfH.exe

C:\Windows\System\mNAcNzj.exe

C:\Windows\System\mNAcNzj.exe

C:\Windows\System\WzcWZRn.exe

C:\Windows\System\WzcWZRn.exe

C:\Windows\System\UQYGDFw.exe

C:\Windows\System\UQYGDFw.exe

C:\Windows\System\ApiLNjO.exe

C:\Windows\System\ApiLNjO.exe

C:\Windows\System\zJsmpsN.exe

C:\Windows\System\zJsmpsN.exe

C:\Windows\System\MsvfSis.exe

C:\Windows\System\MsvfSis.exe

C:\Windows\System\AfouSLj.exe

C:\Windows\System\AfouSLj.exe

C:\Windows\System\ldKRyUy.exe

C:\Windows\System\ldKRyUy.exe

C:\Windows\System\WypUIga.exe

C:\Windows\System\WypUIga.exe

C:\Windows\System\OQefPuK.exe

C:\Windows\System\OQefPuK.exe

C:\Windows\System\yOfYitu.exe

C:\Windows\System\yOfYitu.exe

C:\Windows\System\hmKfSaP.exe

C:\Windows\System\hmKfSaP.exe

C:\Windows\System\CzQMnkP.exe

C:\Windows\System\CzQMnkP.exe

C:\Windows\System\nfiejpC.exe

C:\Windows\System\nfiejpC.exe

C:\Windows\System\ExIwNgc.exe

C:\Windows\System\ExIwNgc.exe

C:\Windows\System\PJfGpFF.exe

C:\Windows\System\PJfGpFF.exe

C:\Windows\System\ciBsxFe.exe

C:\Windows\System\ciBsxFe.exe

C:\Windows\System\ydSiGXs.exe

C:\Windows\System\ydSiGXs.exe

C:\Windows\System\fcTRqni.exe

C:\Windows\System\fcTRqni.exe

C:\Windows\System\aJQyngb.exe

C:\Windows\System\aJQyngb.exe

C:\Windows\System\NZiGrsl.exe

C:\Windows\System\NZiGrsl.exe

C:\Windows\System\vrLDayo.exe

C:\Windows\System\vrLDayo.exe

C:\Windows\System\TIazIzx.exe

C:\Windows\System\TIazIzx.exe

C:\Windows\System\PSdqtOk.exe

C:\Windows\System\PSdqtOk.exe

C:\Windows\System\ADEIPSa.exe

C:\Windows\System\ADEIPSa.exe

C:\Windows\System\mmoJpzS.exe

C:\Windows\System\mmoJpzS.exe

C:\Windows\System\lgAHcZJ.exe

C:\Windows\System\lgAHcZJ.exe

C:\Windows\System\wVXlMsX.exe

C:\Windows\System\wVXlMsX.exe

C:\Windows\System\AdCiOCp.exe

C:\Windows\System\AdCiOCp.exe

C:\Windows\System\DbMdGgA.exe

C:\Windows\System\DbMdGgA.exe

C:\Windows\System\AbrxhNd.exe

C:\Windows\System\AbrxhNd.exe

C:\Windows\System\vlkBmlt.exe

C:\Windows\System\vlkBmlt.exe

C:\Windows\System\AtsblJv.exe

C:\Windows\System\AtsblJv.exe

C:\Windows\System\ShiJhPJ.exe

C:\Windows\System\ShiJhPJ.exe

C:\Windows\System\YUefoRV.exe

C:\Windows\System\YUefoRV.exe

C:\Windows\System\qmGmyvM.exe

C:\Windows\System\qmGmyvM.exe

C:\Windows\System\QKGphdE.exe

C:\Windows\System\QKGphdE.exe

C:\Windows\System\FpfxUUI.exe

C:\Windows\System\FpfxUUI.exe

C:\Windows\System\bwdJaRn.exe

C:\Windows\System\bwdJaRn.exe

C:\Windows\System\CYNXDNY.exe

C:\Windows\System\CYNXDNY.exe

C:\Windows\System\IczyiFd.exe

C:\Windows\System\IczyiFd.exe

C:\Windows\System\xruRZuk.exe

C:\Windows\System\xruRZuk.exe

C:\Windows\System\ICZAyIB.exe

C:\Windows\System\ICZAyIB.exe

C:\Windows\System\FihZVQe.exe

C:\Windows\System\FihZVQe.exe

C:\Windows\System\MRknHyG.exe

C:\Windows\System\MRknHyG.exe

C:\Windows\System\otPHuHo.exe

C:\Windows\System\otPHuHo.exe

C:\Windows\System\lllxboD.exe

C:\Windows\System\lllxboD.exe

C:\Windows\System\EZjjkdE.exe

C:\Windows\System\EZjjkdE.exe

C:\Windows\System\FrotNAw.exe

C:\Windows\System\FrotNAw.exe

C:\Windows\System\zGpbwvA.exe

C:\Windows\System\zGpbwvA.exe

C:\Windows\System\CRFyGsd.exe

C:\Windows\System\CRFyGsd.exe

C:\Windows\System\EHvfcwD.exe

C:\Windows\System\EHvfcwD.exe

C:\Windows\System\kIcuhDW.exe

C:\Windows\System\kIcuhDW.exe

C:\Windows\System\jkaLDQh.exe

C:\Windows\System\jkaLDQh.exe

C:\Windows\System\yIKlNDM.exe

C:\Windows\System\yIKlNDM.exe

C:\Windows\System\xpmqHij.exe

C:\Windows\System\xpmqHij.exe

C:\Windows\System\AzviSbs.exe

C:\Windows\System\AzviSbs.exe

C:\Windows\System\KRCCzZd.exe

C:\Windows\System\KRCCzZd.exe

C:\Windows\System\qdeHgLT.exe

C:\Windows\System\qdeHgLT.exe

C:\Windows\System\WAjxJlw.exe

C:\Windows\System\WAjxJlw.exe

C:\Windows\System\dKKkYge.exe

C:\Windows\System\dKKkYge.exe

C:\Windows\System\DQQysqD.exe

C:\Windows\System\DQQysqD.exe

C:\Windows\System\YLUTTgB.exe

C:\Windows\System\YLUTTgB.exe

C:\Windows\System\geaHpYc.exe

C:\Windows\System\geaHpYc.exe

C:\Windows\System\BZDkqiG.exe

C:\Windows\System\BZDkqiG.exe

C:\Windows\System\mHtxyGr.exe

C:\Windows\System\mHtxyGr.exe

C:\Windows\System\tlnQYuN.exe

C:\Windows\System\tlnQYuN.exe

C:\Windows\System\vHkjaCV.exe

C:\Windows\System\vHkjaCV.exe

C:\Windows\System\qApvORU.exe

C:\Windows\System\qApvORU.exe

C:\Windows\System\hktrdLG.exe

C:\Windows\System\hktrdLG.exe

C:\Windows\System\SuIhvtQ.exe

C:\Windows\System\SuIhvtQ.exe

C:\Windows\System\LNKwMCS.exe

C:\Windows\System\LNKwMCS.exe

C:\Windows\System\zbkIUJk.exe

C:\Windows\System\zbkIUJk.exe

C:\Windows\System\CKTFcUo.exe

C:\Windows\System\CKTFcUo.exe

C:\Windows\System\QTcWRFi.exe

C:\Windows\System\QTcWRFi.exe

C:\Windows\System\nHcIPHG.exe

C:\Windows\System\nHcIPHG.exe

C:\Windows\System\tPlWNgL.exe

C:\Windows\System\tPlWNgL.exe

C:\Windows\System\Ruuxnwp.exe

C:\Windows\System\Ruuxnwp.exe

C:\Windows\System\wNRrRxk.exe

C:\Windows\System\wNRrRxk.exe

C:\Windows\System\POFTqzu.exe

C:\Windows\System\POFTqzu.exe

C:\Windows\System\cXsDYdr.exe

C:\Windows\System\cXsDYdr.exe

C:\Windows\System\vVVXhuR.exe

C:\Windows\System\vVVXhuR.exe

C:\Windows\System\rukNLXd.exe

C:\Windows\System\rukNLXd.exe

C:\Windows\System\nievfEo.exe

C:\Windows\System\nievfEo.exe

C:\Windows\System\fZlJzdy.exe

C:\Windows\System\fZlJzdy.exe

C:\Windows\System\bWkJRtS.exe

C:\Windows\System\bWkJRtS.exe

C:\Windows\System\cGswNvp.exe

C:\Windows\System\cGswNvp.exe

C:\Windows\System\gcflCbP.exe

C:\Windows\System\gcflCbP.exe

C:\Windows\System\fXoVBXB.exe

C:\Windows\System\fXoVBXB.exe

C:\Windows\System\hWjbpEm.exe

C:\Windows\System\hWjbpEm.exe

C:\Windows\System\pNBIBHW.exe

C:\Windows\System\pNBIBHW.exe

C:\Windows\System\sIJWiQW.exe

C:\Windows\System\sIJWiQW.exe

C:\Windows\System\fuycXTw.exe

C:\Windows\System\fuycXTw.exe

C:\Windows\System\MTPePTa.exe

C:\Windows\System\MTPePTa.exe

C:\Windows\System\KZBozOu.exe

C:\Windows\System\KZBozOu.exe

C:\Windows\System\xlPRcZv.exe

C:\Windows\System\xlPRcZv.exe

C:\Windows\System\ailQsGq.exe

C:\Windows\System\ailQsGq.exe

C:\Windows\System\vzLKMal.exe

C:\Windows\System\vzLKMal.exe

C:\Windows\System\YYLhhCA.exe

C:\Windows\System\YYLhhCA.exe

C:\Windows\System\rYbpOGt.exe

C:\Windows\System\rYbpOGt.exe

C:\Windows\System\mlxGKXp.exe

C:\Windows\System\mlxGKXp.exe

C:\Windows\System\jlUadXq.exe

C:\Windows\System\jlUadXq.exe

C:\Windows\System\pIvBIAw.exe

C:\Windows\System\pIvBIAw.exe

C:\Windows\System\MkaugPv.exe

C:\Windows\System\MkaugPv.exe

C:\Windows\System\LMKeZAA.exe

C:\Windows\System\LMKeZAA.exe

C:\Windows\System\wJREGNV.exe

C:\Windows\System\wJREGNV.exe

C:\Windows\System\PMpIXCZ.exe

C:\Windows\System\PMpIXCZ.exe

C:\Windows\System\TXJcPHD.exe

C:\Windows\System\TXJcPHD.exe

C:\Windows\System\whATeOT.exe

C:\Windows\System\whATeOT.exe

C:\Windows\System\EbftEPY.exe

C:\Windows\System\EbftEPY.exe

C:\Windows\System\vLiSSYE.exe

C:\Windows\System\vLiSSYE.exe

C:\Windows\System\JQVjWBR.exe

C:\Windows\System\JQVjWBR.exe

C:\Windows\System\thlCNlo.exe

C:\Windows\System\thlCNlo.exe

C:\Windows\System\VoOyZcJ.exe

C:\Windows\System\VoOyZcJ.exe

C:\Windows\System\FqsfOJy.exe

C:\Windows\System\FqsfOJy.exe

C:\Windows\System\nCyjzQC.exe

C:\Windows\System\nCyjzQC.exe

C:\Windows\System\NkkldEF.exe

C:\Windows\System\NkkldEF.exe

C:\Windows\System\rgByzNm.exe

C:\Windows\System\rgByzNm.exe

C:\Windows\System\jzXPuQQ.exe

C:\Windows\System\jzXPuQQ.exe

C:\Windows\System\MCQRzXT.exe

C:\Windows\System\MCQRzXT.exe

C:\Windows\System\kqzWHod.exe

C:\Windows\System\kqzWHod.exe

C:\Windows\System\csXkrcb.exe

C:\Windows\System\csXkrcb.exe

C:\Windows\System\zDfdiLs.exe

C:\Windows\System\zDfdiLs.exe

C:\Windows\System\pPnrUfX.exe

C:\Windows\System\pPnrUfX.exe

C:\Windows\System\pNdULYG.exe

C:\Windows\System\pNdULYG.exe

C:\Windows\System\uebKnEi.exe

C:\Windows\System\uebKnEi.exe

C:\Windows\System\BDSlUFk.exe

C:\Windows\System\BDSlUFk.exe

C:\Windows\System\zMUUJnq.exe

C:\Windows\System\zMUUJnq.exe

C:\Windows\System\vuCDmtB.exe

C:\Windows\System\vuCDmtB.exe

C:\Windows\System\ASxoqfb.exe

C:\Windows\System\ASxoqfb.exe

C:\Windows\System\oNdWBHS.exe

C:\Windows\System\oNdWBHS.exe

C:\Windows\System\erVxppD.exe

C:\Windows\System\erVxppD.exe

C:\Windows\System\zqBznDj.exe

C:\Windows\System\zqBznDj.exe

C:\Windows\System\idIierQ.exe

C:\Windows\System\idIierQ.exe

C:\Windows\System\LvlzVGM.exe

C:\Windows\System\LvlzVGM.exe

C:\Windows\System\XJokJdn.exe

C:\Windows\System\XJokJdn.exe

C:\Windows\System\QGnrKUx.exe

C:\Windows\System\QGnrKUx.exe

C:\Windows\System\EIkguUP.exe

C:\Windows\System\EIkguUP.exe

C:\Windows\System\xizhbie.exe

C:\Windows\System\xizhbie.exe

C:\Windows\System\ByvYtLf.exe

C:\Windows\System\ByvYtLf.exe

C:\Windows\System\qJcsJCY.exe

C:\Windows\System\qJcsJCY.exe

C:\Windows\System\CuvPhjm.exe

C:\Windows\System\CuvPhjm.exe

C:\Windows\System\oRKPLVT.exe

C:\Windows\System\oRKPLVT.exe

C:\Windows\System\yaKtOqb.exe

C:\Windows\System\yaKtOqb.exe

C:\Windows\System\bhrhhPa.exe

C:\Windows\System\bhrhhPa.exe

C:\Windows\System\SflUMSf.exe

C:\Windows\System\SflUMSf.exe

C:\Windows\System\EyoeKUo.exe

C:\Windows\System\EyoeKUo.exe

C:\Windows\System\TUdykHQ.exe

C:\Windows\System\TUdykHQ.exe

C:\Windows\System\aYDJHvv.exe

C:\Windows\System\aYDJHvv.exe

C:\Windows\System\bSVyVrq.exe

C:\Windows\System\bSVyVrq.exe

C:\Windows\System\YajzjxI.exe

C:\Windows\System\YajzjxI.exe

C:\Windows\System\OQjMfaN.exe

C:\Windows\System\OQjMfaN.exe

C:\Windows\System\xEIJlHD.exe

C:\Windows\System\xEIJlHD.exe

C:\Windows\System\VYBwRLb.exe

C:\Windows\System\VYBwRLb.exe

C:\Windows\System\iUlElGP.exe

C:\Windows\System\iUlElGP.exe

C:\Windows\System\yDsiCoX.exe

C:\Windows\System\yDsiCoX.exe

C:\Windows\System\TqACMCA.exe

C:\Windows\System\TqACMCA.exe

C:\Windows\System\hzLeRsb.exe

C:\Windows\System\hzLeRsb.exe

C:\Windows\System\YrkFbXT.exe

C:\Windows\System\YrkFbXT.exe

C:\Windows\System\xGMtXyp.exe

C:\Windows\System\xGMtXyp.exe

C:\Windows\System\lPSQMmQ.exe

C:\Windows\System\lPSQMmQ.exe

C:\Windows\System\ZzHHGCq.exe

C:\Windows\System\ZzHHGCq.exe

C:\Windows\System\acDDBBP.exe

C:\Windows\System\acDDBBP.exe

C:\Windows\System\fqeWUhs.exe

C:\Windows\System\fqeWUhs.exe

C:\Windows\System\hiabiaf.exe

C:\Windows\System\hiabiaf.exe

C:\Windows\System\vfpiXgb.exe

C:\Windows\System\vfpiXgb.exe

C:\Windows\System\qVTfDiU.exe

C:\Windows\System\qVTfDiU.exe

C:\Windows\System\CPSrCqe.exe

C:\Windows\System\CPSrCqe.exe

C:\Windows\System\JZVExri.exe

C:\Windows\System\JZVExri.exe

C:\Windows\System\RTDzjhi.exe

C:\Windows\System\RTDzjhi.exe

C:\Windows\System\YWrhndG.exe

C:\Windows\System\YWrhndG.exe

C:\Windows\System\sCyZeow.exe

C:\Windows\System\sCyZeow.exe

C:\Windows\System\mZDbwuM.exe

C:\Windows\System\mZDbwuM.exe

C:\Windows\System\bZgWlhH.exe

C:\Windows\System\bZgWlhH.exe

C:\Windows\System\NacdKsU.exe

C:\Windows\System\NacdKsU.exe

C:\Windows\System\JGULoCj.exe

C:\Windows\System\JGULoCj.exe

C:\Windows\System\IAPhHpy.exe

C:\Windows\System\IAPhHpy.exe

C:\Windows\System\JQWVxXz.exe

C:\Windows\System\JQWVxXz.exe

C:\Windows\System\RblYJGn.exe

C:\Windows\System\RblYJGn.exe

C:\Windows\System\tbJsTqj.exe

C:\Windows\System\tbJsTqj.exe

C:\Windows\System\vKDtYGI.exe

C:\Windows\System\vKDtYGI.exe

C:\Windows\System\SoYwQIB.exe

C:\Windows\System\SoYwQIB.exe

C:\Windows\System\nXdnpYy.exe

C:\Windows\System\nXdnpYy.exe

C:\Windows\System\xiGMcGx.exe

C:\Windows\System\xiGMcGx.exe

C:\Windows\System\xhLVGrU.exe

C:\Windows\System\xhLVGrU.exe

C:\Windows\System\bKilnrD.exe

C:\Windows\System\bKilnrD.exe

C:\Windows\System\OwCsNFy.exe

C:\Windows\System\OwCsNFy.exe

C:\Windows\System\HUUTtIk.exe

C:\Windows\System\HUUTtIk.exe

C:\Windows\System\NXjQyMD.exe

C:\Windows\System\NXjQyMD.exe

C:\Windows\System\lpUZspJ.exe

C:\Windows\System\lpUZspJ.exe

C:\Windows\System\YJRRzpK.exe

C:\Windows\System\YJRRzpK.exe

C:\Windows\System\zqQCFGl.exe

C:\Windows\System\zqQCFGl.exe

C:\Windows\System\KBmHqfu.exe

C:\Windows\System\KBmHqfu.exe

C:\Windows\System\LccnjGw.exe

C:\Windows\System\LccnjGw.exe

C:\Windows\System\wkmwGuo.exe

C:\Windows\System\wkmwGuo.exe

C:\Windows\System\gwMBGCz.exe

C:\Windows\System\gwMBGCz.exe

C:\Windows\System\VPcwnDD.exe

C:\Windows\System\VPcwnDD.exe

C:\Windows\System\WLovJGQ.exe

C:\Windows\System\WLovJGQ.exe

C:\Windows\System\kwniyWX.exe

C:\Windows\System\kwniyWX.exe

C:\Windows\System\hwVFutI.exe

C:\Windows\System\hwVFutI.exe

C:\Windows\System\AhPoOWI.exe

C:\Windows\System\AhPoOWI.exe

C:\Windows\System\blmjLQK.exe

C:\Windows\System\blmjLQK.exe

C:\Windows\System\iBtYuHc.exe

C:\Windows\System\iBtYuHc.exe

C:\Windows\System\OJCWJmG.exe

C:\Windows\System\OJCWJmG.exe

C:\Windows\System\kyLOCRi.exe

C:\Windows\System\kyLOCRi.exe

C:\Windows\System\KckmclH.exe

C:\Windows\System\KckmclH.exe

C:\Windows\System\MWcpCsg.exe

C:\Windows\System\MWcpCsg.exe

C:\Windows\System\OmVbmSh.exe

C:\Windows\System\OmVbmSh.exe

C:\Windows\System\WwMxrNY.exe

C:\Windows\System\WwMxrNY.exe

C:\Windows\System\etNNuPJ.exe

C:\Windows\System\etNNuPJ.exe

C:\Windows\System\jumfCCs.exe

C:\Windows\System\jumfCCs.exe

C:\Windows\System\bjFTHeS.exe

C:\Windows\System\bjFTHeS.exe

C:\Windows\System\nOHtKmZ.exe

C:\Windows\System\nOHtKmZ.exe

C:\Windows\System\yXKMUwg.exe

C:\Windows\System\yXKMUwg.exe

C:\Windows\System\ETPMazV.exe

C:\Windows\System\ETPMazV.exe

C:\Windows\System\CYKrjxZ.exe

C:\Windows\System\CYKrjxZ.exe

C:\Windows\System\TVJeXac.exe

C:\Windows\System\TVJeXac.exe

C:\Windows\System\TuBCpPt.exe

C:\Windows\System\TuBCpPt.exe

C:\Windows\System\KfzFRud.exe

C:\Windows\System\KfzFRud.exe

C:\Windows\System\gcbrHXk.exe

C:\Windows\System\gcbrHXk.exe

C:\Windows\System\lqFQUht.exe

C:\Windows\System\lqFQUht.exe

C:\Windows\System\ClQYYZf.exe

C:\Windows\System\ClQYYZf.exe

C:\Windows\System\efbMovq.exe

C:\Windows\System\efbMovq.exe

C:\Windows\System\ShQZokY.exe

C:\Windows\System\ShQZokY.exe

C:\Windows\System\eqtBtmw.exe

C:\Windows\System\eqtBtmw.exe

C:\Windows\System\hHpYgbv.exe

C:\Windows\System\hHpYgbv.exe

C:\Windows\System\xbBJOYr.exe

C:\Windows\System\xbBJOYr.exe

C:\Windows\System\XyImLKm.exe

C:\Windows\System\XyImLKm.exe

C:\Windows\System\mHiHGCN.exe

C:\Windows\System\mHiHGCN.exe

C:\Windows\System\slvgqJm.exe

C:\Windows\System\slvgqJm.exe

C:\Windows\System\fLPwEsG.exe

C:\Windows\System\fLPwEsG.exe

C:\Windows\System\bukDvjN.exe

C:\Windows\System\bukDvjN.exe

C:\Windows\System\PLZYPhK.exe

C:\Windows\System\PLZYPhK.exe

C:\Windows\System\PDreAmM.exe

C:\Windows\System\PDreAmM.exe

C:\Windows\System\nSJGTpz.exe

C:\Windows\System\nSJGTpz.exe

C:\Windows\System\ieDoHxz.exe

C:\Windows\System\ieDoHxz.exe

C:\Windows\System\JEIPPou.exe

C:\Windows\System\JEIPPou.exe

C:\Windows\System\JZKcjmV.exe

C:\Windows\System\JZKcjmV.exe

C:\Windows\System\GOybYOr.exe

C:\Windows\System\GOybYOr.exe

C:\Windows\System\NbPiCVB.exe

C:\Windows\System\NbPiCVB.exe

C:\Windows\System\HEhSeBT.exe

C:\Windows\System\HEhSeBT.exe

C:\Windows\System\aMJwReq.exe

C:\Windows\System\aMJwReq.exe

C:\Windows\System\KypNkNq.exe

C:\Windows\System\KypNkNq.exe

C:\Windows\System\XxFstQq.exe

C:\Windows\System\XxFstQq.exe

C:\Windows\System\ScVxrZx.exe

C:\Windows\System\ScVxrZx.exe

C:\Windows\System\eCoHrmb.exe

C:\Windows\System\eCoHrmb.exe

C:\Windows\System\bRnNKru.exe

C:\Windows\System\bRnNKru.exe

C:\Windows\System\ElScgKX.exe

C:\Windows\System\ElScgKX.exe

C:\Windows\System\JRFNfeD.exe

C:\Windows\System\JRFNfeD.exe

C:\Windows\System\fbgvfMP.exe

C:\Windows\System\fbgvfMP.exe

C:\Windows\System\WMInLoB.exe

C:\Windows\System\WMInLoB.exe

C:\Windows\System\tNutbJj.exe

C:\Windows\System\tNutbJj.exe

C:\Windows\System\MrzEMCE.exe

C:\Windows\System\MrzEMCE.exe

C:\Windows\System\LuIeKRK.exe

C:\Windows\System\LuIeKRK.exe

C:\Windows\System\oPtTDdG.exe

C:\Windows\System\oPtTDdG.exe

C:\Windows\System\xPHMlzo.exe

C:\Windows\System\xPHMlzo.exe

C:\Windows\System\vgGOVEi.exe

C:\Windows\System\vgGOVEi.exe

C:\Windows\System\jdCziWO.exe

C:\Windows\System\jdCziWO.exe

C:\Windows\System\uXuWymq.exe

C:\Windows\System\uXuWymq.exe

C:\Windows\System\pPvooDj.exe

C:\Windows\System\pPvooDj.exe

C:\Windows\System\NTJNDkD.exe

C:\Windows\System\NTJNDkD.exe

C:\Windows\System\bacmdhu.exe

C:\Windows\System\bacmdhu.exe

C:\Windows\System\BDdwjFw.exe

C:\Windows\System\BDdwjFw.exe

C:\Windows\System\UiBJrWO.exe

C:\Windows\System\UiBJrWO.exe

C:\Windows\System\gWrELki.exe

C:\Windows\System\gWrELki.exe

C:\Windows\System\llAKvWW.exe

C:\Windows\System\llAKvWW.exe

C:\Windows\System\qXuLUOZ.exe

C:\Windows\System\qXuLUOZ.exe

C:\Windows\System\zWaiDZV.exe

C:\Windows\System\zWaiDZV.exe

C:\Windows\System\oznEKdE.exe

C:\Windows\System\oznEKdE.exe

C:\Windows\System\TiywhuZ.exe

C:\Windows\System\TiywhuZ.exe

C:\Windows\System\PBTeeKo.exe

C:\Windows\System\PBTeeKo.exe

C:\Windows\System\XwDBVzP.exe

C:\Windows\System\XwDBVzP.exe

C:\Windows\System\RhEcLlE.exe

C:\Windows\System\RhEcLlE.exe

C:\Windows\System\ZPvCQlI.exe

C:\Windows\System\ZPvCQlI.exe

C:\Windows\System\vaMkFug.exe

C:\Windows\System\vaMkFug.exe

C:\Windows\System\bQNmALD.exe

C:\Windows\System\bQNmALD.exe

C:\Windows\System\JnOVJdM.exe

C:\Windows\System\JnOVJdM.exe

C:\Windows\System\FOxJHoq.exe

C:\Windows\System\FOxJHoq.exe

C:\Windows\System\DZkvXgp.exe

C:\Windows\System\DZkvXgp.exe

C:\Windows\System\UvbmORp.exe

C:\Windows\System\UvbmORp.exe

C:\Windows\System\xcaOWUQ.exe

C:\Windows\System\xcaOWUQ.exe

C:\Windows\System\XPhYpMb.exe

C:\Windows\System\XPhYpMb.exe

C:\Windows\System\bJFetLo.exe

C:\Windows\System\bJFetLo.exe

C:\Windows\System\GKjyLSz.exe

C:\Windows\System\GKjyLSz.exe

C:\Windows\System\MkEekpj.exe

C:\Windows\System\MkEekpj.exe

C:\Windows\System\mcBYaRx.exe

C:\Windows\System\mcBYaRx.exe

C:\Windows\System\vQahoun.exe

C:\Windows\System\vQahoun.exe

C:\Windows\System\tTmJSLY.exe

C:\Windows\System\tTmJSLY.exe

C:\Windows\System\YeIhVUP.exe

C:\Windows\System\YeIhVUP.exe

C:\Windows\System\OKCSCup.exe

C:\Windows\System\OKCSCup.exe

C:\Windows\System\aoNPaNc.exe

C:\Windows\System\aoNPaNc.exe

C:\Windows\System\PPoPYae.exe

C:\Windows\System\PPoPYae.exe

C:\Windows\System\xbdMCjv.exe

C:\Windows\System\xbdMCjv.exe

C:\Windows\System\TxSojNc.exe

C:\Windows\System\TxSojNc.exe

C:\Windows\System\TTneTYy.exe

C:\Windows\System\TTneTYy.exe

C:\Windows\System\lfZLbVS.exe

C:\Windows\System\lfZLbVS.exe

C:\Windows\System\xiiKfyl.exe

C:\Windows\System\xiiKfyl.exe

C:\Windows\System\jPiZMsa.exe

C:\Windows\System\jPiZMsa.exe

C:\Windows\System\vFxzHHp.exe

C:\Windows\System\vFxzHHp.exe

C:\Windows\System\mfqZhps.exe

C:\Windows\System\mfqZhps.exe

C:\Windows\System\SaEbpOd.exe

C:\Windows\System\SaEbpOd.exe

C:\Windows\System\nyItTzd.exe

C:\Windows\System\nyItTzd.exe

C:\Windows\System\rvNPgco.exe

C:\Windows\System\rvNPgco.exe

C:\Windows\System\snQLDAn.exe

C:\Windows\System\snQLDAn.exe

C:\Windows\System\FRQVnvn.exe

C:\Windows\System\FRQVnvn.exe

C:\Windows\System\RGKXZvx.exe

C:\Windows\System\RGKXZvx.exe

C:\Windows\System\WBTSHNU.exe

C:\Windows\System\WBTSHNU.exe

C:\Windows\System\EwJiwqM.exe

C:\Windows\System\EwJiwqM.exe

C:\Windows\System\DUZRiiC.exe

C:\Windows\System\DUZRiiC.exe

C:\Windows\System\cRlREck.exe

C:\Windows\System\cRlREck.exe

C:\Windows\System\KwWVUiC.exe

C:\Windows\System\KwWVUiC.exe

C:\Windows\System\dABznbF.exe

C:\Windows\System\dABznbF.exe

C:\Windows\System\grywtIH.exe

C:\Windows\System\grywtIH.exe

C:\Windows\System\OoQNStX.exe

C:\Windows\System\OoQNStX.exe

C:\Windows\System\UUhOMzw.exe

C:\Windows\System\UUhOMzw.exe

C:\Windows\System\jrQSLBp.exe

C:\Windows\System\jrQSLBp.exe

C:\Windows\System\sbGMOJy.exe

C:\Windows\System\sbGMOJy.exe

C:\Windows\System\dXCJSQt.exe

C:\Windows\System\dXCJSQt.exe

C:\Windows\System\vexnBXN.exe

C:\Windows\System\vexnBXN.exe

C:\Windows\System\FiRmklk.exe

C:\Windows\System\FiRmklk.exe

C:\Windows\System\pEgzVAw.exe

C:\Windows\System\pEgzVAw.exe

C:\Windows\System\WyCuGDA.exe

C:\Windows\System\WyCuGDA.exe

C:\Windows\System\KcMgRft.exe

C:\Windows\System\KcMgRft.exe

C:\Windows\System\vSWAUzM.exe

C:\Windows\System\vSWAUzM.exe

C:\Windows\System\DfVmjJd.exe

C:\Windows\System\DfVmjJd.exe

C:\Windows\System\CGZnMek.exe

C:\Windows\System\CGZnMek.exe

C:\Windows\System\hnInLLU.exe

C:\Windows\System\hnInLLU.exe

C:\Windows\System\djsxjAt.exe

C:\Windows\System\djsxjAt.exe

C:\Windows\System\jchxRJG.exe

C:\Windows\System\jchxRJG.exe

C:\Windows\System\HgkpXpz.exe

C:\Windows\System\HgkpXpz.exe

C:\Windows\System\DUxKRGA.exe

C:\Windows\System\DUxKRGA.exe

C:\Windows\System\wLSwiGC.exe

C:\Windows\System\wLSwiGC.exe

C:\Windows\System\yvbeuir.exe

C:\Windows\System\yvbeuir.exe

C:\Windows\System\jyNvzGD.exe

C:\Windows\System\jyNvzGD.exe

C:\Windows\System\eFOBBDn.exe

C:\Windows\System\eFOBBDn.exe

C:\Windows\System\PyXrgJC.exe

C:\Windows\System\PyXrgJC.exe

C:\Windows\System\vregFxH.exe

C:\Windows\System\vregFxH.exe

C:\Windows\System\QHIIRkw.exe

C:\Windows\System\QHIIRkw.exe

C:\Windows\System\ZwDOIyK.exe

C:\Windows\System\ZwDOIyK.exe

C:\Windows\System\yFKHOAG.exe

C:\Windows\System\yFKHOAG.exe

C:\Windows\System\ZYrdnbP.exe

C:\Windows\System\ZYrdnbP.exe

C:\Windows\System\UdgjlTi.exe

C:\Windows\System\UdgjlTi.exe

C:\Windows\System\KkRAyQs.exe

C:\Windows\System\KkRAyQs.exe

C:\Windows\System\PMjeiXG.exe

C:\Windows\System\PMjeiXG.exe

C:\Windows\System\vwdwbeC.exe

C:\Windows\System\vwdwbeC.exe

C:\Windows\System\gPCuUeC.exe

C:\Windows\System\gPCuUeC.exe

C:\Windows\System\JdZPcZU.exe

C:\Windows\System\JdZPcZU.exe

C:\Windows\System\cNgMDbE.exe

C:\Windows\System\cNgMDbE.exe

C:\Windows\System\phjAAHB.exe

C:\Windows\System\phjAAHB.exe

C:\Windows\System\ikTGQTq.exe

C:\Windows\System\ikTGQTq.exe

C:\Windows\System\weTccYv.exe

C:\Windows\System\weTccYv.exe

C:\Windows\System\eNEZfoE.exe

C:\Windows\System\eNEZfoE.exe

C:\Windows\System\pPLjmyd.exe

C:\Windows\System\pPLjmyd.exe

C:\Windows\System\Rwxrbhg.exe

C:\Windows\System\Rwxrbhg.exe

C:\Windows\System\lJdRdSN.exe

C:\Windows\System\lJdRdSN.exe

C:\Windows\System\aowvrCJ.exe

C:\Windows\System\aowvrCJ.exe

C:\Windows\System\eCGpOuz.exe

C:\Windows\System\eCGpOuz.exe

C:\Windows\System\vKtjasN.exe

C:\Windows\System\vKtjasN.exe

C:\Windows\System\jXtLPUi.exe

C:\Windows\System\jXtLPUi.exe

C:\Windows\System\UoVjPcb.exe

C:\Windows\System\UoVjPcb.exe

C:\Windows\System\HXjPBXb.exe

C:\Windows\System\HXjPBXb.exe

C:\Windows\System\ZZzsMQp.exe

C:\Windows\System\ZZzsMQp.exe

C:\Windows\System\tkLAaVQ.exe

C:\Windows\System\tkLAaVQ.exe

C:\Windows\System\rpIwesQ.exe

C:\Windows\System\rpIwesQ.exe

C:\Windows\System\csvAWKI.exe

C:\Windows\System\csvAWKI.exe

C:\Windows\System\lVDfcyf.exe

C:\Windows\System\lVDfcyf.exe

C:\Windows\System\YuVUJhE.exe

C:\Windows\System\YuVUJhE.exe

C:\Windows\System\UWYfgxH.exe

C:\Windows\System\UWYfgxH.exe

C:\Windows\System\zvMvFEd.exe

C:\Windows\System\zvMvFEd.exe

C:\Windows\System\uMOHEJR.exe

C:\Windows\System\uMOHEJR.exe

C:\Windows\System\zHsbSeE.exe

C:\Windows\System\zHsbSeE.exe

C:\Windows\System\lknyhaV.exe

C:\Windows\System\lknyhaV.exe

C:\Windows\System\SIkRAEj.exe

C:\Windows\System\SIkRAEj.exe

C:\Windows\System\rNKJaJb.exe

C:\Windows\System\rNKJaJb.exe

C:\Windows\System\pvJIXHw.exe

C:\Windows\System\pvJIXHw.exe

C:\Windows\System\rxyeCJw.exe

C:\Windows\System\rxyeCJw.exe

C:\Windows\System\khFRBpz.exe

C:\Windows\System\khFRBpz.exe

C:\Windows\System\yrrIlck.exe

C:\Windows\System\yrrIlck.exe

C:\Windows\System\DCcxmIU.exe

C:\Windows\System\DCcxmIU.exe

C:\Windows\System\krHNQQa.exe

C:\Windows\System\krHNQQa.exe

C:\Windows\System\yefNbxQ.exe

C:\Windows\System\yefNbxQ.exe

C:\Windows\System\fhIjEPc.exe

C:\Windows\System\fhIjEPc.exe

C:\Windows\System\pPFlhxL.exe

C:\Windows\System\pPFlhxL.exe

C:\Windows\System\LhaErso.exe

C:\Windows\System\LhaErso.exe

C:\Windows\System\SCyGnHN.exe

C:\Windows\System\SCyGnHN.exe

C:\Windows\System\WBopZFj.exe

C:\Windows\System\WBopZFj.exe

C:\Windows\System\LRNORuF.exe

C:\Windows\System\LRNORuF.exe

C:\Windows\System\oqTXteh.exe

C:\Windows\System\oqTXteh.exe

C:\Windows\System\CuIveMi.exe

C:\Windows\System\CuIveMi.exe

C:\Windows\System\GcOuDPH.exe

C:\Windows\System\GcOuDPH.exe

C:\Windows\System\NQcBUAT.exe

C:\Windows\System\NQcBUAT.exe

C:\Windows\System\bHdSznk.exe

C:\Windows\System\bHdSznk.exe

C:\Windows\System\TjiYloZ.exe

C:\Windows\System\TjiYloZ.exe

C:\Windows\System\AmrAvVg.exe

C:\Windows\System\AmrAvVg.exe

C:\Windows\System\GhPZmAD.exe

C:\Windows\System\GhPZmAD.exe

C:\Windows\System\YSLsHfl.exe

C:\Windows\System\YSLsHfl.exe

C:\Windows\System\xCZANtP.exe

C:\Windows\System\xCZANtP.exe

C:\Windows\System\CDMxYdD.exe

C:\Windows\System\CDMxYdD.exe

C:\Windows\System\puyipIA.exe

C:\Windows\System\puyipIA.exe

C:\Windows\System\wjahDIO.exe

C:\Windows\System\wjahDIO.exe

C:\Windows\System\ByUOwoh.exe

C:\Windows\System\ByUOwoh.exe

C:\Windows\System\qevRaRM.exe

C:\Windows\System\qevRaRM.exe

C:\Windows\System\NhmPOkT.exe

C:\Windows\System\NhmPOkT.exe

C:\Windows\System\xIvCGgg.exe

C:\Windows\System\xIvCGgg.exe

C:\Windows\System\PDDBtNj.exe

C:\Windows\System\PDDBtNj.exe

C:\Windows\System\KKncIFI.exe

C:\Windows\System\KKncIFI.exe

C:\Windows\System\tcncfXZ.exe

C:\Windows\System\tcncfXZ.exe

C:\Windows\System\cFyFFWL.exe

C:\Windows\System\cFyFFWL.exe

C:\Windows\System\wivkmCa.exe

C:\Windows\System\wivkmCa.exe

C:\Windows\System\bWnNTKC.exe

C:\Windows\System\bWnNTKC.exe

C:\Windows\System\JljUDxo.exe

C:\Windows\System\JljUDxo.exe

C:\Windows\System\FJVoWzg.exe

C:\Windows\System\FJVoWzg.exe

C:\Windows\System\oaXTLxj.exe

C:\Windows\System\oaXTLxj.exe

C:\Windows\System\RpRfNZW.exe

C:\Windows\System\RpRfNZW.exe

C:\Windows\System\stYBPpq.exe

C:\Windows\System\stYBPpq.exe

C:\Windows\System\odPVvlh.exe

C:\Windows\System\odPVvlh.exe

C:\Windows\System\ytnrMvF.exe

C:\Windows\System\ytnrMvF.exe

C:\Windows\System\ulDdMar.exe

C:\Windows\System\ulDdMar.exe

C:\Windows\System\pevTQVP.exe

C:\Windows\System\pevTQVP.exe

C:\Windows\System\pTARfAT.exe

C:\Windows\System\pTARfAT.exe

C:\Windows\System\IhGnJhb.exe

C:\Windows\System\IhGnJhb.exe

C:\Windows\System\KEUfHCY.exe

C:\Windows\System\KEUfHCY.exe

C:\Windows\System\fJSaBHc.exe

C:\Windows\System\fJSaBHc.exe

C:\Windows\System\WMPwPQg.exe

C:\Windows\System\WMPwPQg.exe

C:\Windows\System\IwVdceQ.exe

C:\Windows\System\IwVdceQ.exe

C:\Windows\System\UnTDcRZ.exe

C:\Windows\System\UnTDcRZ.exe

C:\Windows\System\NiIBRpn.exe

C:\Windows\System\NiIBRpn.exe

C:\Windows\System\LNMdLyf.exe

C:\Windows\System\LNMdLyf.exe

C:\Windows\System\YsAMrXM.exe

C:\Windows\System\YsAMrXM.exe

C:\Windows\System\eAXIPds.exe

C:\Windows\System\eAXIPds.exe

C:\Windows\System\AZVAAVH.exe

C:\Windows\System\AZVAAVH.exe

C:\Windows\System\OIerRjH.exe

C:\Windows\System\OIerRjH.exe

C:\Windows\System\lytCVFq.exe

C:\Windows\System\lytCVFq.exe

C:\Windows\System\oxhKboF.exe

C:\Windows\System\oxhKboF.exe

C:\Windows\System\lwopIcI.exe

C:\Windows\System\lwopIcI.exe

C:\Windows\System\mdIRUlI.exe

C:\Windows\System\mdIRUlI.exe

C:\Windows\System\fbNBiuN.exe

C:\Windows\System\fbNBiuN.exe

C:\Windows\System\ZSkraZB.exe

C:\Windows\System\ZSkraZB.exe

C:\Windows\System\bUFAxgQ.exe

C:\Windows\System\bUFAxgQ.exe

C:\Windows\System\eJqaZkw.exe

C:\Windows\System\eJqaZkw.exe

C:\Windows\System\LVgkWpF.exe

C:\Windows\System\LVgkWpF.exe

C:\Windows\System\kGlSUQy.exe

C:\Windows\System\kGlSUQy.exe

C:\Windows\System\wMekKOY.exe

C:\Windows\System\wMekKOY.exe

C:\Windows\System\VzjFXWy.exe

C:\Windows\System\VzjFXWy.exe

C:\Windows\System\SgbhIqD.exe

C:\Windows\System\SgbhIqD.exe

C:\Windows\System\AdTiDEJ.exe

C:\Windows\System\AdTiDEJ.exe

C:\Windows\System\IZnhyCH.exe

C:\Windows\System\IZnhyCH.exe

C:\Windows\System\OwBDNIZ.exe

C:\Windows\System\OwBDNIZ.exe

C:\Windows\System\KcQvqJt.exe

C:\Windows\System\KcQvqJt.exe

C:\Windows\System\TUmhQsP.exe

C:\Windows\System\TUmhQsP.exe

C:\Windows\System\KoItcFF.exe

C:\Windows\System\KoItcFF.exe

C:\Windows\System\NsYggkg.exe

C:\Windows\System\NsYggkg.exe

C:\Windows\System\LIZwVYB.exe

C:\Windows\System\LIZwVYB.exe

C:\Windows\System\lCQUUuC.exe

C:\Windows\System\lCQUUuC.exe

C:\Windows\System\kycRrJU.exe

C:\Windows\System\kycRrJU.exe

C:\Windows\System\nCQSvAA.exe

C:\Windows\System\nCQSvAA.exe

C:\Windows\System\xnpOvbL.exe

C:\Windows\System\xnpOvbL.exe

C:\Windows\System\iYQEnOC.exe

C:\Windows\System\iYQEnOC.exe

C:\Windows\System\iUjsfKW.exe

C:\Windows\System\iUjsfKW.exe

C:\Windows\System\supmePP.exe

C:\Windows\System\supmePP.exe

C:\Windows\System\OvWbQYP.exe

C:\Windows\System\OvWbQYP.exe

C:\Windows\System\ZNYtpvN.exe

C:\Windows\System\ZNYtpvN.exe

C:\Windows\System\LIexnrs.exe

C:\Windows\System\LIexnrs.exe

C:\Windows\System\mXYQqFe.exe

C:\Windows\System\mXYQqFe.exe

C:\Windows\System\ziWPxGF.exe

C:\Windows\System\ziWPxGF.exe

C:\Windows\System\xNRvTGR.exe

C:\Windows\System\xNRvTGR.exe

C:\Windows\System\LWfpwuq.exe

C:\Windows\System\LWfpwuq.exe

C:\Windows\System\skhnrTB.exe

C:\Windows\System\skhnrTB.exe

C:\Windows\System\CqyNjUz.exe

C:\Windows\System\CqyNjUz.exe

C:\Windows\System\kzvXBnR.exe

C:\Windows\System\kzvXBnR.exe

C:\Windows\System\raFNhVh.exe

C:\Windows\System\raFNhVh.exe

C:\Windows\System\uFrhfdZ.exe

C:\Windows\System\uFrhfdZ.exe

C:\Windows\System\kknWiGK.exe

C:\Windows\System\kknWiGK.exe

C:\Windows\System\zEiHBCm.exe

C:\Windows\System\zEiHBCm.exe

C:\Windows\System\vtcditF.exe

C:\Windows\System\vtcditF.exe

C:\Windows\System\KmrOKTP.exe

C:\Windows\System\KmrOKTP.exe

C:\Windows\System\wGvZONT.exe

C:\Windows\System\wGvZONT.exe

C:\Windows\System\kHwtDmk.exe

C:\Windows\System\kHwtDmk.exe

C:\Windows\System\ANKFfOk.exe

C:\Windows\System\ANKFfOk.exe

C:\Windows\System\YNmBUIe.exe

C:\Windows\System\YNmBUIe.exe

C:\Windows\System\SIMRRyk.exe

C:\Windows\System\SIMRRyk.exe

C:\Windows\System\deIiIYP.exe

C:\Windows\System\deIiIYP.exe

C:\Windows\System\iVgWfJC.exe

C:\Windows\System\iVgWfJC.exe

C:\Windows\System\HDRsNmb.exe

C:\Windows\System\HDRsNmb.exe

C:\Windows\System\nCEwLGb.exe

C:\Windows\System\nCEwLGb.exe

C:\Windows\System\ZPFBBXi.exe

C:\Windows\System\ZPFBBXi.exe

C:\Windows\System\iPJrphQ.exe

C:\Windows\System\iPJrphQ.exe

C:\Windows\System\QGQBbxG.exe

C:\Windows\System\QGQBbxG.exe

C:\Windows\System\QPcuwUO.exe

C:\Windows\System\QPcuwUO.exe

C:\Windows\System\xsGmjyd.exe

C:\Windows\System\xsGmjyd.exe

C:\Windows\System\ancWQmn.exe

C:\Windows\System\ancWQmn.exe

C:\Windows\System\rpgszEF.exe

C:\Windows\System\rpgszEF.exe

C:\Windows\System\KQMtoZo.exe

C:\Windows\System\KQMtoZo.exe

C:\Windows\System\zsbjnHI.exe

C:\Windows\System\zsbjnHI.exe

C:\Windows\System\MqWGIYA.exe

C:\Windows\System\MqWGIYA.exe

C:\Windows\System\BmzbBqT.exe

C:\Windows\System\BmzbBqT.exe

C:\Windows\System\yDtgLwW.exe

C:\Windows\System\yDtgLwW.exe

C:\Windows\System\gFmmZUu.exe

C:\Windows\System\gFmmZUu.exe

C:\Windows\System\RYSaOLd.exe

C:\Windows\System\RYSaOLd.exe

C:\Windows\System\aQTxkMe.exe

C:\Windows\System\aQTxkMe.exe

C:\Windows\System\lmhVYGY.exe

C:\Windows\System\lmhVYGY.exe

C:\Windows\System\nJavLAt.exe

C:\Windows\System\nJavLAt.exe

C:\Windows\System\GqqjDoH.exe

C:\Windows\System\GqqjDoH.exe

C:\Windows\System\MBRenJc.exe

C:\Windows\System\MBRenJc.exe

C:\Windows\System\RiMZSxd.exe

C:\Windows\System\RiMZSxd.exe

C:\Windows\System\fPdACNx.exe

C:\Windows\System\fPdACNx.exe

C:\Windows\System\fcSsDJd.exe

C:\Windows\System\fcSsDJd.exe

C:\Windows\System\WlPwELk.exe

C:\Windows\System\WlPwELk.exe

C:\Windows\System\nWKeNFC.exe

C:\Windows\System\nWKeNFC.exe

C:\Windows\System\ROaQgBY.exe

C:\Windows\System\ROaQgBY.exe

C:\Windows\System\ePNURyS.exe

C:\Windows\System\ePNURyS.exe

C:\Windows\System\rtOBzBv.exe

C:\Windows\System\rtOBzBv.exe

C:\Windows\System\jwTunfT.exe

C:\Windows\System\jwTunfT.exe

C:\Windows\System\GGpZuhv.exe

C:\Windows\System\GGpZuhv.exe

C:\Windows\System\SjyTnWC.exe

C:\Windows\System\SjyTnWC.exe

C:\Windows\System\RytvhFK.exe

C:\Windows\System\RytvhFK.exe

C:\Windows\System\lIMKXWU.exe

C:\Windows\System\lIMKXWU.exe

C:\Windows\System\fCHLzRL.exe

C:\Windows\System\fCHLzRL.exe

C:\Windows\System\DZBXvks.exe

C:\Windows\System\DZBXvks.exe

C:\Windows\System\dFffmCQ.exe

C:\Windows\System\dFffmCQ.exe

C:\Windows\System\MQDOXBP.exe

C:\Windows\System\MQDOXBP.exe

C:\Windows\System\psIPWtt.exe

C:\Windows\System\psIPWtt.exe

C:\Windows\System\ELSPXRG.exe

C:\Windows\System\ELSPXRG.exe

C:\Windows\System\DXgnKiM.exe

C:\Windows\System\DXgnKiM.exe

C:\Windows\System\kNNBrVk.exe

C:\Windows\System\kNNBrVk.exe

C:\Windows\System\oEArdMu.exe

C:\Windows\System\oEArdMu.exe

C:\Windows\System\NvACCmW.exe

C:\Windows\System\NvACCmW.exe

C:\Windows\System\iysKXmH.exe

C:\Windows\System\iysKXmH.exe

C:\Windows\System\kDKuTjQ.exe

C:\Windows\System\kDKuTjQ.exe

C:\Windows\System\NStMXpa.exe

C:\Windows\System\NStMXpa.exe

C:\Windows\System\dhyqBeB.exe

C:\Windows\System\dhyqBeB.exe

C:\Windows\System\qRkDTpQ.exe

C:\Windows\System\qRkDTpQ.exe

C:\Windows\System\zvbpARg.exe

C:\Windows\System\zvbpARg.exe

C:\Windows\System\peYwDHd.exe

C:\Windows\System\peYwDHd.exe

C:\Windows\System\BAoFRLL.exe

C:\Windows\System\BAoFRLL.exe

C:\Windows\System\KNbwlug.exe

C:\Windows\System\KNbwlug.exe

C:\Windows\System\BrXqEJo.exe

C:\Windows\System\BrXqEJo.exe

C:\Windows\System\KNDOHwf.exe

C:\Windows\System\KNDOHwf.exe

C:\Windows\System\mrIfkPW.exe

C:\Windows\System\mrIfkPW.exe

C:\Windows\System\OEuejSA.exe

C:\Windows\System\OEuejSA.exe

C:\Windows\System\eBcItaX.exe

C:\Windows\System\eBcItaX.exe

C:\Windows\System\HqsuvHV.exe

C:\Windows\System\HqsuvHV.exe

C:\Windows\System\QHEfQxg.exe

C:\Windows\System\QHEfQxg.exe

C:\Windows\System\egHCQsQ.exe

C:\Windows\System\egHCQsQ.exe

C:\Windows\System\apFlGJh.exe

C:\Windows\System\apFlGJh.exe

C:\Windows\System\FhvUBPY.exe

C:\Windows\System\FhvUBPY.exe

C:\Windows\System\unbtquF.exe

C:\Windows\System\unbtquF.exe

C:\Windows\System\tRvytPG.exe

C:\Windows\System\tRvytPG.exe

C:\Windows\System\tDtxdQB.exe

C:\Windows\System\tDtxdQB.exe

C:\Windows\System\DLeucwq.exe

C:\Windows\System\DLeucwq.exe

C:\Windows\System\RXoSOuL.exe

C:\Windows\System\RXoSOuL.exe

C:\Windows\System\lAMVybx.exe

C:\Windows\System\lAMVybx.exe

C:\Windows\System\kfbxzOw.exe

C:\Windows\System\kfbxzOw.exe

C:\Windows\System\jonSSxy.exe

C:\Windows\System\jonSSxy.exe

C:\Windows\System\NXKIGIk.exe

C:\Windows\System\NXKIGIk.exe

C:\Windows\System\eLIywIN.exe

C:\Windows\System\eLIywIN.exe

C:\Windows\System\JinNFEF.exe

C:\Windows\System\JinNFEF.exe

C:\Windows\System\sGcQRgT.exe

C:\Windows\System\sGcQRgT.exe

C:\Windows\System\QfrqrOE.exe

C:\Windows\System\QfrqrOE.exe

C:\Windows\System\yGncxqQ.exe

C:\Windows\System\yGncxqQ.exe

C:\Windows\System\fhLcmzI.exe

C:\Windows\System\fhLcmzI.exe

C:\Windows\System\RIyCDBk.exe

C:\Windows\System\RIyCDBk.exe

C:\Windows\System\LzHgLsW.exe

C:\Windows\System\LzHgLsW.exe

C:\Windows\System\KvacetH.exe

C:\Windows\System\KvacetH.exe

C:\Windows\System\JzAWpnv.exe

C:\Windows\System\JzAWpnv.exe

C:\Windows\System\csNhnao.exe

C:\Windows\System\csNhnao.exe

C:\Windows\System\PlLHEaR.exe

C:\Windows\System\PlLHEaR.exe

C:\Windows\System\Kwmpxit.exe

C:\Windows\System\Kwmpxit.exe

C:\Windows\System\jUQgKbd.exe

C:\Windows\System\jUQgKbd.exe

C:\Windows\System\kswrwbk.exe

C:\Windows\System\kswrwbk.exe

C:\Windows\System\TwNfTaH.exe

C:\Windows\System\TwNfTaH.exe

C:\Windows\System\GggNHLR.exe

C:\Windows\System\GggNHLR.exe

C:\Windows\System\lWnzdYz.exe

C:\Windows\System\lWnzdYz.exe

C:\Windows\System\GYOjPMe.exe

C:\Windows\System\GYOjPMe.exe

C:\Windows\System\XPzdFJz.exe

C:\Windows\System\XPzdFJz.exe

C:\Windows\System\xtPIpEx.exe

C:\Windows\System\xtPIpEx.exe

C:\Windows\System\qNnPWnY.exe

C:\Windows\System\qNnPWnY.exe

C:\Windows\System\DPAIwuc.exe

C:\Windows\System\DPAIwuc.exe

C:\Windows\System\ZxemdPj.exe

C:\Windows\System\ZxemdPj.exe

C:\Windows\System\xKHcvKe.exe

C:\Windows\System\xKHcvKe.exe

C:\Windows\System\KkPjlcP.exe

C:\Windows\System\KkPjlcP.exe

C:\Windows\System\SfyFcbz.exe

C:\Windows\System\SfyFcbz.exe

C:\Windows\System\iJafNLG.exe

C:\Windows\System\iJafNLG.exe

C:\Windows\System\QyzYdkp.exe

C:\Windows\System\QyzYdkp.exe

C:\Windows\System\WGzLgzq.exe

C:\Windows\System\WGzLgzq.exe

C:\Windows\System\jwrrUEQ.exe

C:\Windows\System\jwrrUEQ.exe

C:\Windows\System\wwQbzav.exe

C:\Windows\System\wwQbzav.exe

C:\Windows\System\epzJUwj.exe

C:\Windows\System\epzJUwj.exe

C:\Windows\System\UlbMlHN.exe

C:\Windows\System\UlbMlHN.exe

C:\Windows\System\fQFHaBW.exe

C:\Windows\System\fQFHaBW.exe

C:\Windows\System\ujtJLcD.exe

C:\Windows\System\ujtJLcD.exe

C:\Windows\System\sQzZtNA.exe

C:\Windows\System\sQzZtNA.exe

C:\Windows\System\FhaSTwl.exe

C:\Windows\System\FhaSTwl.exe

C:\Windows\System\HPdWrxI.exe

C:\Windows\System\HPdWrxI.exe

C:\Windows\System\CsEsvTY.exe

C:\Windows\System\CsEsvTY.exe

C:\Windows\System\sXDwDCW.exe

C:\Windows\System\sXDwDCW.exe

C:\Windows\System\aobyxqi.exe

C:\Windows\System\aobyxqi.exe

C:\Windows\System\jOiQrrj.exe

C:\Windows\System\jOiQrrj.exe

C:\Windows\System\nIfGirt.exe

C:\Windows\System\nIfGirt.exe

C:\Windows\System\kzOsnUX.exe

C:\Windows\System\kzOsnUX.exe

C:\Windows\System\ZoocMrA.exe

C:\Windows\System\ZoocMrA.exe

C:\Windows\System\xdoAsnk.exe

C:\Windows\System\xdoAsnk.exe

C:\Windows\System\UYawOyY.exe

C:\Windows\System\UYawOyY.exe

C:\Windows\System\SINEWTU.exe

C:\Windows\System\SINEWTU.exe

C:\Windows\System\xmZmbUD.exe

C:\Windows\System\xmZmbUD.exe

C:\Windows\System\xuocUqQ.exe

C:\Windows\System\xuocUqQ.exe

C:\Windows\System\fRLOoAr.exe

C:\Windows\System\fRLOoAr.exe

C:\Windows\System\tqWbTlD.exe

C:\Windows\System\tqWbTlD.exe

C:\Windows\System\uyEMGga.exe

C:\Windows\System\uyEMGga.exe

C:\Windows\System\iMhaofl.exe

C:\Windows\System\iMhaofl.exe

C:\Windows\System\vlpgYNV.exe

C:\Windows\System\vlpgYNV.exe

C:\Windows\System\DzGiqjQ.exe

C:\Windows\System\DzGiqjQ.exe

C:\Windows\System\QWZTfvX.exe

C:\Windows\System\QWZTfvX.exe

C:\Windows\System\CQrNurx.exe

C:\Windows\System\CQrNurx.exe

C:\Windows\System\zYELUuR.exe

C:\Windows\System\zYELUuR.exe

C:\Windows\System\fmqmNyJ.exe

C:\Windows\System\fmqmNyJ.exe

C:\Windows\System\sjbWCLE.exe

C:\Windows\System\sjbWCLE.exe

C:\Windows\System\ALPWhVk.exe

C:\Windows\System\ALPWhVk.exe

C:\Windows\System\hGfJYPV.exe

C:\Windows\System\hGfJYPV.exe

C:\Windows\System\JuGuCAo.exe

C:\Windows\System\JuGuCAo.exe

C:\Windows\System\WkQmlkj.exe

C:\Windows\System\WkQmlkj.exe

C:\Windows\System\gRlslsI.exe

C:\Windows\System\gRlslsI.exe

C:\Windows\System\TKhtWMW.exe

C:\Windows\System\TKhtWMW.exe

C:\Windows\System\FGxBUrC.exe

C:\Windows\System\FGxBUrC.exe

C:\Windows\System\ofROPNl.exe

C:\Windows\System\ofROPNl.exe

C:\Windows\System\MfRShYr.exe

C:\Windows\System\MfRShYr.exe

C:\Windows\System\uZnOUNk.exe

C:\Windows\System\uZnOUNk.exe

C:\Windows\System\WQNAaOi.exe

C:\Windows\System\WQNAaOi.exe

C:\Windows\System\STxmWRo.exe

C:\Windows\System\STxmWRo.exe

C:\Windows\System\xlFFDzO.exe

C:\Windows\System\xlFFDzO.exe

C:\Windows\System\hhZumYa.exe

C:\Windows\System\hhZumYa.exe

C:\Windows\System\jmmlLxr.exe

C:\Windows\System\jmmlLxr.exe

C:\Windows\System\JzJWRtv.exe

C:\Windows\System\JzJWRtv.exe

C:\Windows\System\qMGWVGX.exe

C:\Windows\System\qMGWVGX.exe

C:\Windows\System\lPfTDHl.exe

C:\Windows\System\lPfTDHl.exe

C:\Windows\System\CwxpHzI.exe

C:\Windows\System\CwxpHzI.exe

C:\Windows\System\aWrHFFQ.exe

C:\Windows\System\aWrHFFQ.exe

C:\Windows\System\ezStvPv.exe

C:\Windows\System\ezStvPv.exe

C:\Windows\System\MdDfAjL.exe

C:\Windows\System\MdDfAjL.exe

C:\Windows\System\pJKzOLo.exe

C:\Windows\System\pJKzOLo.exe

C:\Windows\System\KLDLerb.exe

C:\Windows\System\KLDLerb.exe

C:\Windows\System\mvFEylG.exe

C:\Windows\System\mvFEylG.exe

C:\Windows\System\YyClPSV.exe

C:\Windows\System\YyClPSV.exe

C:\Windows\System\kXanDVl.exe

C:\Windows\System\kXanDVl.exe

C:\Windows\System\bMwRzvH.exe

C:\Windows\System\bMwRzvH.exe

C:\Windows\System\rAChyIZ.exe

C:\Windows\System\rAChyIZ.exe

C:\Windows\System\xPMSoBH.exe

C:\Windows\System\xPMSoBH.exe

C:\Windows\System\hjvdQsX.exe

C:\Windows\System\hjvdQsX.exe

C:\Windows\System\EGTPnrL.exe

C:\Windows\System\EGTPnrL.exe

C:\Windows\System\qbInzJs.exe

C:\Windows\System\qbInzJs.exe

C:\Windows\System\NJoHnUJ.exe

C:\Windows\System\NJoHnUJ.exe

C:\Windows\System\tECuzVR.exe

C:\Windows\System\tECuzVR.exe

C:\Windows\System\Ccnvbxf.exe

C:\Windows\System\Ccnvbxf.exe

C:\Windows\System\ddrlAxh.exe

C:\Windows\System\ddrlAxh.exe

C:\Windows\System\bMgOdpf.exe

C:\Windows\System\bMgOdpf.exe

C:\Windows\System\zBtwONO.exe

C:\Windows\System\zBtwONO.exe

C:\Windows\System\dUOppbd.exe

C:\Windows\System\dUOppbd.exe

C:\Windows\System\HnjgWCH.exe

C:\Windows\System\HnjgWCH.exe

C:\Windows\System\sCpmzJd.exe

C:\Windows\System\sCpmzJd.exe

C:\Windows\System\VSHcSSz.exe

C:\Windows\System\VSHcSSz.exe

C:\Windows\System\eImriZw.exe

C:\Windows\System\eImriZw.exe

C:\Windows\System\vokBgmM.exe

C:\Windows\System\vokBgmM.exe

C:\Windows\System\EBsKlTQ.exe

C:\Windows\System\EBsKlTQ.exe

C:\Windows\System\HIDABEn.exe

C:\Windows\System\HIDABEn.exe

C:\Windows\System\AOttpIT.exe

C:\Windows\System\AOttpIT.exe

C:\Windows\System\zRfrauC.exe

C:\Windows\System\zRfrauC.exe

C:\Windows\System\eNTyIGP.exe

C:\Windows\System\eNTyIGP.exe

C:\Windows\System\SYdgjAP.exe

C:\Windows\System\SYdgjAP.exe

C:\Windows\System\Gkkttnk.exe

C:\Windows\System\Gkkttnk.exe

C:\Windows\System\bMFdLlL.exe

C:\Windows\System\bMFdLlL.exe

C:\Windows\System\qtighNM.exe

C:\Windows\System\qtighNM.exe

C:\Windows\System\KPQriby.exe

C:\Windows\System\KPQriby.exe

C:\Windows\System\pJuovhI.exe

C:\Windows\System\pJuovhI.exe

C:\Windows\System\uVVQkoL.exe

C:\Windows\System\uVVQkoL.exe

C:\Windows\System\xhhqyEx.exe

C:\Windows\System\xhhqyEx.exe

C:\Windows\System\oKNVhyY.exe

C:\Windows\System\oKNVhyY.exe

C:\Windows\System\IZbgFvd.exe

C:\Windows\System\IZbgFvd.exe

C:\Windows\System\bXSxxyT.exe

C:\Windows\System\bXSxxyT.exe

C:\Windows\System\GeEblOl.exe

C:\Windows\System\GeEblOl.exe

C:\Windows\System\jqnHHDR.exe

C:\Windows\System\jqnHHDR.exe

C:\Windows\System\QhUdsHz.exe

C:\Windows\System\QhUdsHz.exe

C:\Windows\System\xailnia.exe

C:\Windows\System\xailnia.exe

C:\Windows\System\rIPLlrH.exe

C:\Windows\System\rIPLlrH.exe

C:\Windows\System\PWUnLzB.exe

C:\Windows\System\PWUnLzB.exe

C:\Windows\System\tVkTMit.exe

C:\Windows\System\tVkTMit.exe

C:\Windows\System\wkzJzTE.exe

C:\Windows\System\wkzJzTE.exe

C:\Windows\System\GyMpskr.exe

C:\Windows\System\GyMpskr.exe

C:\Windows\System\pVyijSM.exe

C:\Windows\System\pVyijSM.exe

C:\Windows\System\MPEeBaY.exe

C:\Windows\System\MPEeBaY.exe

C:\Windows\System\ZYCCHHy.exe

C:\Windows\System\ZYCCHHy.exe

C:\Windows\System\fPdABYv.exe

C:\Windows\System\fPdABYv.exe

C:\Windows\System\hKeXTOc.exe

C:\Windows\System\hKeXTOc.exe

C:\Windows\System\ZrtHatM.exe

C:\Windows\System\ZrtHatM.exe

C:\Windows\System\GrCHyIu.exe

C:\Windows\System\GrCHyIu.exe

C:\Windows\System\mvMzOax.exe

C:\Windows\System\mvMzOax.exe

C:\Windows\System\lfAJcxN.exe

C:\Windows\System\lfAJcxN.exe

C:\Windows\System\DYjRYpb.exe

C:\Windows\System\DYjRYpb.exe

C:\Windows\System\aLaMeTs.exe

C:\Windows\System\aLaMeTs.exe

C:\Windows\System\YRfWSSY.exe

C:\Windows\System\YRfWSSY.exe

C:\Windows\System\JpjuYVm.exe

C:\Windows\System\JpjuYVm.exe

C:\Windows\System\sUZsFaR.exe

C:\Windows\System\sUZsFaR.exe

C:\Windows\System\OfItlxH.exe

C:\Windows\System\OfItlxH.exe

C:\Windows\System\JLKYLIu.exe

C:\Windows\System\JLKYLIu.exe

C:\Windows\System\nzfRzEE.exe

C:\Windows\System\nzfRzEE.exe

C:\Windows\System\RmssIKB.exe

C:\Windows\System\RmssIKB.exe

C:\Windows\System\aqxRbpI.exe

C:\Windows\System\aqxRbpI.exe

C:\Windows\System\OmnsEqk.exe

C:\Windows\System\OmnsEqk.exe

C:\Windows\System\XtpgtIW.exe

C:\Windows\System\XtpgtIW.exe

C:\Windows\System\XKnGsAM.exe

C:\Windows\System\XKnGsAM.exe

C:\Windows\System\RjenqoW.exe

C:\Windows\System\RjenqoW.exe

C:\Windows\System\nmvqqyH.exe

C:\Windows\System\nmvqqyH.exe

C:\Windows\System\sPBGyRS.exe

C:\Windows\System\sPBGyRS.exe

C:\Windows\System\BuYFvyc.exe

C:\Windows\System\BuYFvyc.exe

C:\Windows\System\OVQqRac.exe

C:\Windows\System\OVQqRac.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2084-0-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

C:\Windows\system\navdTZG.exe

MD5 70de00807372780b87b6f26bf8794020
SHA1 1b620562b1f95197b027b169619da15fbc8bb6e3
SHA256 453206e43bdb46060d2a28b282533107d7874172006bb6eee3e404d7874614a4
SHA512 8fb8a42a268e3fff753075f9abeff97b3775a3b0fdbb6cda7c59aff100f5a1a7325b76c1974d11cc48887e491046dbcfb65d4007ed803e5df5d14fbec200b592

\Windows\system\zGZXUWc.exe

MD5 775e0ab7e683cd2063acdbac79217931
SHA1 cf97b0e764f0da7caaf32df58eaface0d217b0e3
SHA256 13313755d4c9471045068d0d6c81e7231759447accee12e19e6b592e671d618a
SHA512 a12b069b82a72204a3b373ae2bc84b681cfdeec9cb40bfbc5944583ee35c9ac0b6f6afeffeef3157ecf520ceadee7be122f799a1a2cd63b5b708cb148b8bda28

C:\Windows\system\weRBmnk.exe

MD5 5ecdd3ff24c15dd1065d7ca2caa01405
SHA1 f38fc2bdc91800852b623d451ffb0a62748f5cda
SHA256 3dd2dec150ab437589ed0110d8f08c907f2d7cf9b17af364a579cf5d9faa4d37
SHA512 d584cb10701e2268cfd0e619c5cc8b4ed164364ead2a3bda85c180cc6212a095743d4cef2a10a432c8eeea304d98614c5dcb0d25e6b29960d84a5da416125469

memory/2572-22-0x000000013FCB0000-0x00000001400A2000-memory.dmp

memory/1796-28-0x000000013F1E0000-0x000000013F5D2000-memory.dmp

C:\Windows\system\mqoTIMC.exe

MD5 347f2388961ad4464ff9345bacb546fe
SHA1 b36df26084aa92f338e04a05a392c0f615badd40
SHA256 b38d666b29e2f83b16afeeda4ffae8554d90f015798f12ad6ce6973c0f26a09f
SHA512 79bf3d33bfa8e567551bbae40258db285a281585f9993f0e68d804d564a97557372538698b3cdba2d620bd48c65ad2f32a1bfd6f82112b0e96d1c4700cbd1fc5

C:\Windows\system\alSeaKz.exe

MD5 8a8b64730b63b6203a504dd60d29c10c
SHA1 4093090f742fddb196f474a222a771a4654ca9dc
SHA256 9f6494ea5a6f716bf8a11769a47f785c4dd83f8317d731cee8cebaf902c94ce5
SHA512 7df13762452a9dd23b0a0f74b8fc96cd444920826f435ab9004734dc7bff2715535a4a6c238f1772395a55433b9a7cc2a0b621815f036785b1c9743b054fc5fc

C:\Windows\system\AAKTMWS.exe

MD5 9ebb4a81eb5c5cbfd0d72f8df9a65c2a
SHA1 b6c7e31faf8f60c5d552ae8a0c041fdc2f87b807
SHA256 20597cfb7e0cef4f729445e4886371531d7cae19a01d46cbc33ab60b2c67d119
SHA512 309787aed8e6cbb5750dac25e98c6b11625b95d96016586d1c18a42aabd95c0bd607f878f62c568c621f1c13c37ef4269185240ef5c9fba04e88fe1f9f0140d1

C:\Windows\system\MfBpwui.exe

MD5 45ce05de9290b276cf60a6f34aaca582
SHA1 b7afecb3efc50217bb73eb2f457d8dfdad51de41
SHA256 69f71cdfe9ee5191e1678fcb221add26f6bd1db2c552e9a0a4f1b3cd0916d447
SHA512 099438b07e32b9dd1dcb59d9b6da13cc633c9ecd6750ef16261a8001dffb4ac59e4112b5cbb615949fd2b3d37b17b8aaf2a3e403634d24b5d5224b9325871932

\Windows\system\PiTZeYf.exe

MD5 bcb6f2e8cc7de84936b138573385a30e
SHA1 38fd5358817d74db6a8588a3f13b9de7af6b7a64
SHA256 a77c240d967e8b90de6da204846e0219c146c1cf3a057b7d28721fea97b1a3ce
SHA512 eae4a0ac2659cc188254d89d8223b85ed4ee9f0252424a9af6f22371d10985bec9eda2dd6a1f2fb47ba718c665e5535c9b10281b8f3a658a8d76ddf9a622e901

C:\Windows\system\qryUTxY.exe

MD5 e666662cbafc3406eb6efee131f0c907
SHA1 7e8c1f52f0e4388bbc40055e34a20ecc400b1eb9
SHA256 e24c3afbfdf7b618a37b8fcc99c95c210fe5febdb92a8ddeabaa742d3eddef99
SHA512 e7ae026b35863e6c9f336be1103f327f2c2d59f46a26e139a6efac6edc441b4c000473511b8416c470e941deca225347227309fc56ce96481fae856d8b3455c1

\Windows\system\xUTDcfq.exe

MD5 ab19e08d5a7bcb4d788355e3993bd0e0
SHA1 3a276b84640bbb1f9816d2fe2bb90904c9497ab7
SHA256 f25a8d73f2db130a9337d307bd6c5cc1d50a9ab05687d60d45f80fd378a864fe
SHA512 c50e8a88c61287d378c70c491eefe8be7ea31c313e620ef9164bee2c8e4ebacba951fc11a6e682e6d2eb556376cc7a487688ecf946fdd18be334e3bc7d36d1c4

memory/2084-76-0x00000000025B0000-0x00000000029A2000-memory.dmp

\Windows\system\hdIaGMB.exe

MD5 4cd05965ad66409a5e43ebfca855b68e
SHA1 20d85c2c5b4738b337b653dda2cb0390cccc4ebf
SHA256 fbb6ddbd7f7556dbde04525813b9eb0e0b75149a72fce2351cc6e47474480308
SHA512 4ac6988140769ae6d7af91befa9c7cdb6d80ae8ea1cf6e1f7bb8470f78aeb193a6aa7297e310a2b3b87ac7b8fb038af50e4ef0898085703ce0b02e832b8895a4

memory/2084-103-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

C:\Windows\system\sCaUpyv.exe

MD5 075c4a309516b28edc80a8bd34e98436
SHA1 86ea08207c62640a45c0512d0a4ff899a247b8ba
SHA256 b0b4ff84a6740120bfddb0c794211ed697154c85415b01ba0b48419e2d911149
SHA512 e80bbb1d58d47717e22c583a6004810e2b55250417c810dfa53da69900eebe3365493fb9eda8d64509b81c64f070170022a77bef548d0e86071cbb9eeef5fcf2

C:\Windows\system\aoPfJkg.exe

MD5 110772c00915fcb1b246966c7cc3e25e
SHA1 cd0bbd939628fc472d8dbf55afacb9b419ac2eb7
SHA256 2256d40a7985e7c101ab29896b6aeb2eca1eaa3600d2a81032b2ce51d95ce69b
SHA512 55327c4bbb19de8ceb6a5fe81ebf873c15236e4679c8a6739d3393a45121a9eddcfad1ac1144f0db5e85f07af7bf260c0cb084c73f6c33b3ae2a5713ba4d7851

C:\Windows\system\VgsIhqm.exe

MD5 7273b48ef9b314288036781fb6b691a6
SHA1 2b64ece5008d75053e553be63743cf35948785a3
SHA256 a88a1e374e888caccc0c74888aa8927ea676de3a086554febe11e79be6e96f4e
SHA512 41f1fae03527cea2b68dddf714a87637031afbab285012ac0dcf37fccff3695faad28b0c2fb760dd011ef186ebd9af274919228d8753549877e8698dd85bbd48

memory/1880-157-0x00000000027F0000-0x00000000027F8000-memory.dmp

\Windows\system\LmYDQuW.exe

MD5 496e73d66fa3a0a86300718d7b9a520f
SHA1 80fc13923d712fd347ef4558fbd263e337e0cc1c
SHA256 30517be9535812c44ab04252c90c338bfd1f44263fd0a90fa8e62eba6c9b0627
SHA512 ffaeed60394ddd262c8bdffec1331248b8fa8f29dd4045760d092f7693e297294d2efb9cf526f40b552ffa2504d18bf009a0f2ad8f853f4551468f6af188e1d2

C:\Windows\system\fAKAXLV.exe

MD5 bea9c80750176053d73a71dff2d5d013
SHA1 3c5b59ed5ae39c1ff64f0736f9970e333f28c416
SHA256 3c52aa43cabbb213881ab00a7b86757094263829c93f6fce9e6054658919f0a1
SHA512 00e4cee7cd0f3037fafbbfa8bcbfa2da10068c3617f0609b90e4c579f8004cacdb785443746b144ccaf3b9a6717bdb82c82f7f8ff345ae8c8f56314cf6e6d6be

\Windows\system\tmaJcmt.exe

MD5 2245fe40ec663472297a1b6627a85bd3
SHA1 94edf66f7b1463be7ad3fd2c9ea928c8525e2b79
SHA256 33be07a940d408eb528cd30023f95c29f409acc3089974900058038694d5b9b5
SHA512 965bec83ef4847670ee7e3942cf98c8d6b1188340eb24eaed63c3ca8f859aa4df2619cb04b5fd95fe78174fb5e6f72360958a368c57ea38d312c5c52ee691582

C:\Windows\system\FhcCFMg.exe

MD5 e86d04d9e8e5af0b85d7b9531ce44965
SHA1 7037ad4d8a3e911d48a57dd4b0abe234bffd9080
SHA256 8c3065b363661f43d63ff1425e2812c876a31ce71b7147ca480ba5e6bad0fc05
SHA512 868ffcaa0085cb4c693ef3d02de9015c5afca7ee28e8c545137ffc9813c489b6b9288b6771a1306a4afe4132f00a6f3ebb6085e8f50ee7ad3a2720c5586137c6

C:\Windows\system\EeKjgRc.exe

MD5 98be80a76cada4b1b30b02a68755d0e0
SHA1 5f959912a62430c7273455ed043e2d871d079512
SHA256 ddd856983aa3cb80a194063e1f6e13ae36f13071c1b0c3220b948b354f3078be
SHA512 162b84ea2b702f9e57753fcbed86126fbc7a82a43ef4acbb8c3204cf05ab89d72d57af6b969c9904345106490e087f96c25583b99a1c43ad9534bb788d317fce

C:\Windows\system\GKFIZOh.exe

MD5 bbb14550f5a453bde7522712e702660d
SHA1 5449641016c5cc9a4ee3ea58dafa50477651d857
SHA256 32758c6d7fd7c89a1cc312f7b27eb3631024322b68fd47b1ae128b5ea3de65c3
SHA512 b15312c6d4984771f9fd94c954807012608b839e698047ae7c49d5dec6200ce50614a55d90b6ef3314ab834c29a0aeea47f8822867687ed942c9f5b8da79b324

C:\Windows\system\WjzajAD.exe

MD5 d39d7a5ff08551d8c19e84c1f403a906
SHA1 f164861c670f138ec3d2412b2bed3cf81bc5e558
SHA256 e2ad1231df11c027a1da8fc33d7699d3d09f2c4408d5a665d55c43a4a1060ca6
SHA512 48d951e852fbbdf4f98958210b7bb35cadeaa37604670da8196452048337bf5697f2bf7a05e8371537ba3c4a2f08081d36863ff04bec73b9c958d00a786aa5a9

C:\Windows\system\GWUbeXf.exe

MD5 b97593a2800f92fe13b41b80a99bd8e5
SHA1 dc7c054e7bd6e4b0f3aab8789bc78a3e486f7192
SHA256 34070676f5b2b2e4ea286ac9c69020a5070d9c5a2b9af609644194cfec66381e
SHA512 6f1efd408877d6adeed3f3afedde762a2dd5e137ca6a140d4e3d4b5ad0140b7c0fbedabb92c35d7c91e81f93941652effd8ad277a0dcb765f848661636059f5d

memory/1880-156-0x000000001B6A0000-0x000000001B982000-memory.dmp

C:\Windows\system\eApdvlJ.exe

MD5 9a9b613245bafb0f773342cd7a36564c
SHA1 3d6979f3fc09ef6decf98b4df689009400e6aecc
SHA256 8e41f710f579c51313d12ee673e6d359442a77baa998cb524874adefb9b2c146
SHA512 469b288db2b4b39bd7609c78cd3270f65c7c6e7c730c1b44503da4712c58a6288cbe6b4e0e017dc1aaea15ed0c9cd541eafc121a99f1c4d8cd24e5f6c91706d2

C:\Windows\system\RUZIIog.exe

MD5 3f0f7f5cb1fd3cf8ae1e2f02c660775b
SHA1 84b8aeb11ac9ff33daa011ee54f373ea826e0325
SHA256 3a46244f1983750bf542502a00f22354892630bfd58c1effefe379109eb53a1c
SHA512 28052c059b6b8698d0fbe46ace1c1eabcab4b83bc634278b0fe4a950e6064dec8ac1504940308aa4b6f14745de97a768bf545a35e6f1ccf636a5aeccb427d6dd

C:\Windows\system\jIqbJER.exe

MD5 99e2db594b12977a8a4b060fcc60a54b
SHA1 c2d95f75f4fb177474ed7e1ef4b62203eed0de42
SHA256 8b874fd30798755b438584c0008eb8d28dd20b94c269c6b43673519c0e9c8523
SHA512 38a42d780859eb432170536599817f151ab664da7a7a1730778a2ba1b7896587fc48f6cf32ae08c9a2f44e08e84c5a04bedafe8573bd937d4b0458a3e135aa3f

C:\Windows\system\oLfRcOj.exe

MD5 ef49a5e158b60bdf1446f15e149256a0
SHA1 277cedf1a35ad5297eac6886172a0fbe83a1ddc5
SHA256 48e32bce4aaaa69634e5b4f0f10184674fa761b201cbdaa48a4859c1dd493ff7
SHA512 827355aba96eaf375adccb72d00a30760fbab5f175344d956ee2bf98715ad0890ae14620fef1b387c3afb19bd7883a831936e895fc421d6e4bebd79245d19e4c

C:\Windows\system\CrxYJQv.exe

MD5 af3b0170affb0af7711b53647eeb23d6
SHA1 a627a0570ee8441e7fda74744e5b68de5ff90f69
SHA256 96cc4f3247692a8835d3cc6b9f56f3635f75cff210a98cbd7da61359c823ab4d
SHA512 d99a8530c88ee2947923eba9ef83fa97938418c849f3af81dd2a9206324bd8f69d82fd7e98ef40745b150c73f6dd85025c73816a827ee99d1a6815e405f619f9

memory/632-98-0x000000013F070000-0x000000013F462000-memory.dmp

memory/2084-97-0x000000013F070000-0x000000013F462000-memory.dmp

memory/776-96-0x000000013FC50000-0x0000000140042000-memory.dmp

C:\Windows\system\EHonimw.exe

MD5 354c430bf5a6902cfcc7e965b440efa1
SHA1 ee3bcefdf90cd577dd14ae049cb8cc298a654c39
SHA256 74b8acf01e774328d942b720a10ee016779b4f871687258ad4c5c5ddd34028a3
SHA512 e2e9f7e24591b80b02ac737cf17477dca6b8e960865a1659367d58fcbba325cf0f96bcf0b96f194183199b0136924f9a16ccef8fe86e0e8077ba81eb6944ef48

memory/2084-94-0x000000013FC50000-0x0000000140042000-memory.dmp

memory/2144-93-0x000000013FF00000-0x00000001402F2000-memory.dmp

memory/2084-92-0x000000013FF00000-0x00000001402F2000-memory.dmp

memory/2504-90-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2084-89-0x0000000002E60000-0x0000000003252000-memory.dmp

memory/2404-88-0x000000013F770000-0x000000013FB62000-memory.dmp

memory/2084-87-0x0000000002E60000-0x0000000003252000-memory.dmp

memory/2444-85-0x000000013FD00000-0x00000001400F2000-memory.dmp

memory/2084-84-0x000000013FD00000-0x00000001400F2000-memory.dmp

memory/2648-83-0x000000013F710000-0x000000013FB02000-memory.dmp

memory/2084-81-0x0000000002E60000-0x0000000003252000-memory.dmp

memory/2560-80-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

memory/2604-77-0x000000013FEF0000-0x00000001402E2000-memory.dmp

C:\Windows\system\UMiYkgV.exe

MD5 b24ea3b8015a0b5e235ddae963231955
SHA1 d829764437ac03d504cc28528b963750186ceed9
SHA256 1934efe1a4b20612944f70623a514067cdcae0fff6b6d324c8a2fbf2354991c4
SHA512 89789f663f585b8213b02d6e9401c47e2f476489a2003da0047ed6bece328c1de66a305e47271c61af5030c4210a803c9a69c7d79dc662f9708a8a417728565a

C:\Windows\system\oFjQmaR.exe

MD5 d10c42a251127818d089a8d5d0097e26
SHA1 a9bb8afe2784dd51bc267a437496ffc5a6359311
SHA256 e54f60d7a98e02e9a82209d63c43f87bbd7ef4c729221a047b9938b8b3a22af0
SHA512 189de6769aca605a19a541bafdc676765c4f01b372c81e44cf8898111715c2fe48def1ad6f8396b5fedddfa21632fd441d6806e9f8d1e2594a559d916ddc2b7b

memory/2532-27-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2084-25-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2084-24-0x000000013FEF0000-0x00000001402E2000-memory.dmp

C:\Windows\system\UEQoenP.exe

MD5 8b9747453599f94eac86e891b6e83bf8
SHA1 5fb0cc1c6b6e852e13578b70cd0d2ad7c963379c
SHA256 30bf006ea672ce78ffbd414811ee54996e49dd61ea9ee0b99e7097f1b9df13ab
SHA512 ab21c859ac40a8228cbb226b621bbe03fe5f49c1d5cf2b9629d5f818659b4ab7eb63873bf21d385b8726aea71982332f6178cfe343b0f26690479d7308254f97

memory/2084-20-0x000000013FCB0000-0x00000001400A2000-memory.dmp

C:\Windows\system\qAfGkin.exe

MD5 9173c49845b27b1c28ca2510c52841ba
SHA1 f01985abf21e9870812f819ce7196f8d842a7c7b
SHA256 2b4c001cabcdd69a4fc3d3abb418793bc15161f6e96fd02d2c82cf0108f6a2ea
SHA512 f1df320f1cdd58470e95272e6722070bdacf62c0740209063477f2267c03ac256bf8d13cd001784ecbcca28b3496e78e3df786f551753714b5d7d2bb689a5797

memory/2084-1-0x0000000000080000-0x0000000000090000-memory.dmp

memory/632-4594-0x000000013F070000-0x000000013F462000-memory.dmp

memory/2560-4699-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

memory/2648-4713-0x000000013F710000-0x000000013FB02000-memory.dmp

memory/2404-4722-0x000000013F770000-0x000000013FB62000-memory.dmp

memory/2504-4748-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2572-4755-0x000000013FCB0000-0x00000001400A2000-memory.dmp

memory/2444-4726-0x000000013FD00000-0x00000001400F2000-memory.dmp

memory/776-4969-0x000000013FC50000-0x0000000140042000-memory.dmp

memory/2604-5057-0x000000013FEF0000-0x00000001402E2000-memory.dmp

C:\Windows\system\UXIwbba.exe

MD5 ef758e56e906b9892f08e5e0fd0f13b2
SHA1 5d91983aa1bb61c5754ee9a01242f0bb098e7d43
SHA256 55949f339b372645d839eaa0847f4e244396f7e39c4586ddc776fb793deda110
SHA512 efd8bb7ef71cf583c97f5d0eac4e2fae239c80d85643b80c586971498ace127bb0c9565e46052e55211bb3dead5ae54145b84fc68e9ff4a6be2a5f6b0f086760

memory/2084-11806-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2084-13062-0x00000000025B0000-0x00000000029A2000-memory.dmp