Malware Analysis Report

2024-11-16 12:07

Sample ID 240610-th5wpssekh
Target 9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118
SHA256 c80ec55de858feca9ac05feed4b639014d5d73baaa8fc3d33fcde8134fe67072
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c80ec55de858feca9ac05feed4b639014d5d73baaa8fc3d33fcde8134fe67072

Threat Level: Known bad

The file 9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 16:04

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 16:04

Reported

2024-06-10 16:07

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\MOkijRh.exe N/A
N/A N/A C:\Windows\System\MwcisGQ.exe N/A
N/A N/A C:\Windows\System\MyAHBKY.exe N/A
N/A N/A C:\Windows\System\BYsmNVq.exe N/A
N/A N/A C:\Windows\System\YebuTcC.exe N/A
N/A N/A C:\Windows\System\uoxAEas.exe N/A
N/A N/A C:\Windows\System\SIMPIKU.exe N/A
N/A N/A C:\Windows\System\TSuDctp.exe N/A
N/A N/A C:\Windows\System\wlBqmvq.exe N/A
N/A N/A C:\Windows\System\vJzfeqS.exe N/A
N/A N/A C:\Windows\System\roPtSfA.exe N/A
N/A N/A C:\Windows\System\BYjbCvf.exe N/A
N/A N/A C:\Windows\System\qWLldgg.exe N/A
N/A N/A C:\Windows\System\ZUBqeyF.exe N/A
N/A N/A C:\Windows\System\SOJQfgA.exe N/A
N/A N/A C:\Windows\System\rJeXhDy.exe N/A
N/A N/A C:\Windows\System\zpPODNb.exe N/A
N/A N/A C:\Windows\System\neCgNuC.exe N/A
N/A N/A C:\Windows\System\fwNUibj.exe N/A
N/A N/A C:\Windows\System\yjpmMYh.exe N/A
N/A N/A C:\Windows\System\drwkmRQ.exe N/A
N/A N/A C:\Windows\System\QqEURrd.exe N/A
N/A N/A C:\Windows\System\tjdgKmr.exe N/A
N/A N/A C:\Windows\System\VHaCbbJ.exe N/A
N/A N/A C:\Windows\System\oPqzZNq.exe N/A
N/A N/A C:\Windows\System\pDKaDsg.exe N/A
N/A N/A C:\Windows\System\qpHMcPc.exe N/A
N/A N/A C:\Windows\System\HSYcCJK.exe N/A
N/A N/A C:\Windows\System\OuipIOh.exe N/A
N/A N/A C:\Windows\System\KPwVhPj.exe N/A
N/A N/A C:\Windows\System\dyGfLLq.exe N/A
N/A N/A C:\Windows\System\YAFopVX.exe N/A
N/A N/A C:\Windows\System\kobszTj.exe N/A
N/A N/A C:\Windows\System\qupQgmJ.exe N/A
N/A N/A C:\Windows\System\hZqxFmk.exe N/A
N/A N/A C:\Windows\System\ULkxCep.exe N/A
N/A N/A C:\Windows\System\aRbqEuu.exe N/A
N/A N/A C:\Windows\System\nsZIBLS.exe N/A
N/A N/A C:\Windows\System\nvYwdBw.exe N/A
N/A N/A C:\Windows\System\qYeIVub.exe N/A
N/A N/A C:\Windows\System\TeXvTpK.exe N/A
N/A N/A C:\Windows\System\kwILHMB.exe N/A
N/A N/A C:\Windows\System\ODvIzQd.exe N/A
N/A N/A C:\Windows\System\DwMnagd.exe N/A
N/A N/A C:\Windows\System\SHKDIbE.exe N/A
N/A N/A C:\Windows\System\zHjIoRq.exe N/A
N/A N/A C:\Windows\System\kMSNfXe.exe N/A
N/A N/A C:\Windows\System\iWDaoSC.exe N/A
N/A N/A C:\Windows\System\EdTBBqg.exe N/A
N/A N/A C:\Windows\System\wQcmFir.exe N/A
N/A N/A C:\Windows\System\lDggMae.exe N/A
N/A N/A C:\Windows\System\PpmagCn.exe N/A
N/A N/A C:\Windows\System\XaqtBZL.exe N/A
N/A N/A C:\Windows\System\rbTkYYx.exe N/A
N/A N/A C:\Windows\System\GkiKvTK.exe N/A
N/A N/A C:\Windows\System\SqyrNkv.exe N/A
N/A N/A C:\Windows\System\hMAgnEq.exe N/A
N/A N/A C:\Windows\System\heEFYiQ.exe N/A
N/A N/A C:\Windows\System\HhjwcNZ.exe N/A
N/A N/A C:\Windows\System\SfiYecV.exe N/A
N/A N/A C:\Windows\System\cTpofoq.exe N/A
N/A N/A C:\Windows\System\hjSZbQc.exe N/A
N/A N/A C:\Windows\System\WDbBQEb.exe N/A
N/A N/A C:\Windows\System\muLPjew.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\AxsSXBb.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ZMwkRYm.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\yoUtWwL.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\PHDSZZr.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\zRcohMj.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\GXAIYbH.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\cjnlZhJ.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\mHNrHYb.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\csjuOhK.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\Mjrkdiu.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\XrCoTOP.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\eEhGewr.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\AHVzLhb.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\MtTUTmR.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\SatONJn.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\dFzvrYY.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\dLsAulF.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\eTdWSsF.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\WBKgxGt.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\UmDjFTS.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\rbdZBlX.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\QphnUrG.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\UMsHcxH.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\CbGfvVG.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ecSPMIh.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\HWvReBF.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\EZoOFIO.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\LLPYlNV.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\aJKejDd.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\lWIRlwV.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\QUrBuPW.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\OAdHgjn.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\UXShkkI.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\mFeagbA.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\lpGyMrs.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\zKSettS.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\sEyZsbp.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\QQsgZtG.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\zPbQYRw.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\aDgLftW.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\xnVGoip.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\xHAvUzD.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\qDGYkFr.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\NhsAiec.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\hAesEVe.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\NDkdCed.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\BovRFko.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\asgixjp.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\eEZqRsV.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ADOFFET.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\puFNejF.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ORCbGfA.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\SeZFdvy.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\cUyvNFk.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\nIHeLBM.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\KzZzgZd.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ubNrndx.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\tQOpaQe.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\pnVaDVl.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\jOXIyGY.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\RgUFRwk.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\FgDHNKy.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\vOzUJCd.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\wYXGaPe.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2248 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2248 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2248 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\MwcisGQ.exe
PID 2248 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\MwcisGQ.exe
PID 2248 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\MOkijRh.exe
PID 2248 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\MOkijRh.exe
PID 2248 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\MyAHBKY.exe
PID 2248 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\MyAHBKY.exe
PID 2248 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\BYsmNVq.exe
PID 2248 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\BYsmNVq.exe
PID 2248 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\YebuTcC.exe
PID 2248 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\YebuTcC.exe
PID 2248 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\uoxAEas.exe
PID 2248 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\uoxAEas.exe
PID 2248 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\SIMPIKU.exe
PID 2248 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\SIMPIKU.exe
PID 2248 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\TSuDctp.exe
PID 2248 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\TSuDctp.exe
PID 2248 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\wlBqmvq.exe
PID 2248 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\wlBqmvq.exe
PID 2248 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\vJzfeqS.exe
PID 2248 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\vJzfeqS.exe
PID 2248 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\roPtSfA.exe
PID 2248 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\roPtSfA.exe
PID 2248 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\BYjbCvf.exe
PID 2248 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\BYjbCvf.exe
PID 2248 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\qWLldgg.exe
PID 2248 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\qWLldgg.exe
PID 2248 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\ZUBqeyF.exe
PID 2248 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\ZUBqeyF.exe
PID 2248 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\SOJQfgA.exe
PID 2248 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\SOJQfgA.exe
PID 2248 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\rJeXhDy.exe
PID 2248 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\rJeXhDy.exe
PID 2248 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\zpPODNb.exe
PID 2248 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\zpPODNb.exe
PID 2248 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\neCgNuC.exe
PID 2248 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\neCgNuC.exe
PID 2248 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\fwNUibj.exe
PID 2248 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\fwNUibj.exe
PID 2248 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\yjpmMYh.exe
PID 2248 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\yjpmMYh.exe
PID 2248 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\drwkmRQ.exe
PID 2248 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\drwkmRQ.exe
PID 2248 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\QqEURrd.exe
PID 2248 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\QqEURrd.exe
PID 2248 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\tjdgKmr.exe
PID 2248 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\tjdgKmr.exe
PID 2248 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\VHaCbbJ.exe
PID 2248 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\VHaCbbJ.exe
PID 2248 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\oPqzZNq.exe
PID 2248 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\oPqzZNq.exe
PID 2248 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\pDKaDsg.exe
PID 2248 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\pDKaDsg.exe
PID 2248 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\qpHMcPc.exe
PID 2248 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\qpHMcPc.exe
PID 2248 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\HSYcCJK.exe
PID 2248 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\HSYcCJK.exe
PID 2248 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\OuipIOh.exe
PID 2248 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\OuipIOh.exe
PID 2248 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\KPwVhPj.exe
PID 2248 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\KPwVhPj.exe
PID 2248 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\dyGfLLq.exe
PID 2248 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\dyGfLLq.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\MwcisGQ.exe

C:\Windows\System\MwcisGQ.exe

C:\Windows\System\MOkijRh.exe

C:\Windows\System\MOkijRh.exe

C:\Windows\System\MyAHBKY.exe

C:\Windows\System\MyAHBKY.exe

C:\Windows\System\BYsmNVq.exe

C:\Windows\System\BYsmNVq.exe

C:\Windows\System\YebuTcC.exe

C:\Windows\System\YebuTcC.exe

C:\Windows\System\uoxAEas.exe

C:\Windows\System\uoxAEas.exe

C:\Windows\System\SIMPIKU.exe

C:\Windows\System\SIMPIKU.exe

C:\Windows\System\TSuDctp.exe

C:\Windows\System\TSuDctp.exe

C:\Windows\System\wlBqmvq.exe

C:\Windows\System\wlBqmvq.exe

C:\Windows\System\vJzfeqS.exe

C:\Windows\System\vJzfeqS.exe

C:\Windows\System\roPtSfA.exe

C:\Windows\System\roPtSfA.exe

C:\Windows\System\BYjbCvf.exe

C:\Windows\System\BYjbCvf.exe

C:\Windows\System\qWLldgg.exe

C:\Windows\System\qWLldgg.exe

C:\Windows\System\ZUBqeyF.exe

C:\Windows\System\ZUBqeyF.exe

C:\Windows\System\SOJQfgA.exe

C:\Windows\System\SOJQfgA.exe

C:\Windows\System\rJeXhDy.exe

C:\Windows\System\rJeXhDy.exe

C:\Windows\System\zpPODNb.exe

C:\Windows\System\zpPODNb.exe

C:\Windows\System\neCgNuC.exe

C:\Windows\System\neCgNuC.exe

C:\Windows\System\fwNUibj.exe

C:\Windows\System\fwNUibj.exe

C:\Windows\System\yjpmMYh.exe

C:\Windows\System\yjpmMYh.exe

C:\Windows\System\drwkmRQ.exe

C:\Windows\System\drwkmRQ.exe

C:\Windows\System\QqEURrd.exe

C:\Windows\System\QqEURrd.exe

C:\Windows\System\tjdgKmr.exe

C:\Windows\System\tjdgKmr.exe

C:\Windows\System\VHaCbbJ.exe

C:\Windows\System\VHaCbbJ.exe

C:\Windows\System\oPqzZNq.exe

C:\Windows\System\oPqzZNq.exe

C:\Windows\System\pDKaDsg.exe

C:\Windows\System\pDKaDsg.exe

C:\Windows\System\qpHMcPc.exe

C:\Windows\System\qpHMcPc.exe

C:\Windows\System\HSYcCJK.exe

C:\Windows\System\HSYcCJK.exe

C:\Windows\System\OuipIOh.exe

C:\Windows\System\OuipIOh.exe

C:\Windows\System\KPwVhPj.exe

C:\Windows\System\KPwVhPj.exe

C:\Windows\System\dyGfLLq.exe

C:\Windows\System\dyGfLLq.exe

C:\Windows\System\YAFopVX.exe

C:\Windows\System\YAFopVX.exe

C:\Windows\System\kobszTj.exe

C:\Windows\System\kobszTj.exe

C:\Windows\System\qupQgmJ.exe

C:\Windows\System\qupQgmJ.exe

C:\Windows\System\hZqxFmk.exe

C:\Windows\System\hZqxFmk.exe

C:\Windows\System\ULkxCep.exe

C:\Windows\System\ULkxCep.exe

C:\Windows\System\aRbqEuu.exe

C:\Windows\System\aRbqEuu.exe

C:\Windows\System\nsZIBLS.exe

C:\Windows\System\nsZIBLS.exe

C:\Windows\System\nvYwdBw.exe

C:\Windows\System\nvYwdBw.exe

C:\Windows\System\qYeIVub.exe

C:\Windows\System\qYeIVub.exe

C:\Windows\System\TeXvTpK.exe

C:\Windows\System\TeXvTpK.exe

C:\Windows\System\kwILHMB.exe

C:\Windows\System\kwILHMB.exe

C:\Windows\System\ODvIzQd.exe

C:\Windows\System\ODvIzQd.exe

C:\Windows\System\DwMnagd.exe

C:\Windows\System\DwMnagd.exe

C:\Windows\System\rbTkYYx.exe

C:\Windows\System\rbTkYYx.exe

C:\Windows\System\SHKDIbE.exe

C:\Windows\System\SHKDIbE.exe

C:\Windows\System\zHjIoRq.exe

C:\Windows\System\zHjIoRq.exe

C:\Windows\System\kMSNfXe.exe

C:\Windows\System\kMSNfXe.exe

C:\Windows\System\iWDaoSC.exe

C:\Windows\System\iWDaoSC.exe

C:\Windows\System\EdTBBqg.exe

C:\Windows\System\EdTBBqg.exe

C:\Windows\System\wQcmFir.exe

C:\Windows\System\wQcmFir.exe

C:\Windows\System\lDggMae.exe

C:\Windows\System\lDggMae.exe

C:\Windows\System\PpmagCn.exe

C:\Windows\System\PpmagCn.exe

C:\Windows\System\XaqtBZL.exe

C:\Windows\System\XaqtBZL.exe

C:\Windows\System\jrNPERq.exe

C:\Windows\System\jrNPERq.exe

C:\Windows\System\GkiKvTK.exe

C:\Windows\System\GkiKvTK.exe

C:\Windows\System\SqyrNkv.exe

C:\Windows\System\SqyrNkv.exe

C:\Windows\System\hMAgnEq.exe

C:\Windows\System\hMAgnEq.exe

C:\Windows\System\heEFYiQ.exe

C:\Windows\System\heEFYiQ.exe

C:\Windows\System\HhjwcNZ.exe

C:\Windows\System\HhjwcNZ.exe

C:\Windows\System\SfiYecV.exe

C:\Windows\System\SfiYecV.exe

C:\Windows\System\cTpofoq.exe

C:\Windows\System\cTpofoq.exe

C:\Windows\System\hjSZbQc.exe

C:\Windows\System\hjSZbQc.exe

C:\Windows\System\WDbBQEb.exe

C:\Windows\System\WDbBQEb.exe

C:\Windows\System\muLPjew.exe

C:\Windows\System\muLPjew.exe

C:\Windows\System\eqHoDaO.exe

C:\Windows\System\eqHoDaO.exe

C:\Windows\System\BANvUMG.exe

C:\Windows\System\BANvUMG.exe

C:\Windows\System\ZcMNJry.exe

C:\Windows\System\ZcMNJry.exe

C:\Windows\System\pKhQgDu.exe

C:\Windows\System\pKhQgDu.exe

C:\Windows\System\JeKFtyN.exe

C:\Windows\System\JeKFtyN.exe

C:\Windows\System\ZcgcMUg.exe

C:\Windows\System\ZcgcMUg.exe

C:\Windows\System\EUaeboR.exe

C:\Windows\System\EUaeboR.exe

C:\Windows\System\UpfoUYA.exe

C:\Windows\System\UpfoUYA.exe

C:\Windows\System\AtQvMfb.exe

C:\Windows\System\AtQvMfb.exe

C:\Windows\System\vCIatwD.exe

C:\Windows\System\vCIatwD.exe

C:\Windows\System\xdJqXFr.exe

C:\Windows\System\xdJqXFr.exe

C:\Windows\System\ftkySCl.exe

C:\Windows\System\ftkySCl.exe

C:\Windows\System\BWlmheD.exe

C:\Windows\System\BWlmheD.exe

C:\Windows\System\hZbcyVs.exe

C:\Windows\System\hZbcyVs.exe

C:\Windows\System\NJkYGQN.exe

C:\Windows\System\NJkYGQN.exe

C:\Windows\System\kHjQyWJ.exe

C:\Windows\System\kHjQyWJ.exe

C:\Windows\System\VLAeBLW.exe

C:\Windows\System\VLAeBLW.exe

C:\Windows\System\dKfaCLe.exe

C:\Windows\System\dKfaCLe.exe

C:\Windows\System\HEatOeH.exe

C:\Windows\System\HEatOeH.exe

C:\Windows\System\VcEleoW.exe

C:\Windows\System\VcEleoW.exe

C:\Windows\System\aWnBNZA.exe

C:\Windows\System\aWnBNZA.exe

C:\Windows\System\rncrpbv.exe

C:\Windows\System\rncrpbv.exe

C:\Windows\System\xudcVaQ.exe

C:\Windows\System\xudcVaQ.exe

C:\Windows\System\kbLjaso.exe

C:\Windows\System\kbLjaso.exe

C:\Windows\System\PqHryTF.exe

C:\Windows\System\PqHryTF.exe

C:\Windows\System\PeYiAlg.exe

C:\Windows\System\PeYiAlg.exe

C:\Windows\System\GokdLeG.exe

C:\Windows\System\GokdLeG.exe

C:\Windows\System\aLJrpkp.exe

C:\Windows\System\aLJrpkp.exe

C:\Windows\System\LhDLUSR.exe

C:\Windows\System\LhDLUSR.exe

C:\Windows\System\LYucSuc.exe

C:\Windows\System\LYucSuc.exe

C:\Windows\System\hNlAppk.exe

C:\Windows\System\hNlAppk.exe

C:\Windows\System\SHzmetq.exe

C:\Windows\System\SHzmetq.exe

C:\Windows\System\tzzMZmO.exe

C:\Windows\System\tzzMZmO.exe

C:\Windows\System\LEWTJWO.exe

C:\Windows\System\LEWTJWO.exe

C:\Windows\System\McupvVZ.exe

C:\Windows\System\McupvVZ.exe

C:\Windows\System\WwXoWig.exe

C:\Windows\System\WwXoWig.exe

C:\Windows\System\umwpnRe.exe

C:\Windows\System\umwpnRe.exe

C:\Windows\System\IGwAwTB.exe

C:\Windows\System\IGwAwTB.exe

C:\Windows\System\PPyomUW.exe

C:\Windows\System\PPyomUW.exe

C:\Windows\System\BgFvvkB.exe

C:\Windows\System\BgFvvkB.exe

C:\Windows\System\gLXLpml.exe

C:\Windows\System\gLXLpml.exe

C:\Windows\System\WxtOVWr.exe

C:\Windows\System\WxtOVWr.exe

C:\Windows\System\osmtFiW.exe

C:\Windows\System\osmtFiW.exe

C:\Windows\System\NADwTwS.exe

C:\Windows\System\NADwTwS.exe

C:\Windows\System\ULuOVmA.exe

C:\Windows\System\ULuOVmA.exe

C:\Windows\System\CyPhdjB.exe

C:\Windows\System\CyPhdjB.exe

C:\Windows\System\SUpjQBz.exe

C:\Windows\System\SUpjQBz.exe

C:\Windows\System\OQedUxA.exe

C:\Windows\System\OQedUxA.exe

C:\Windows\System\mcsBuyE.exe

C:\Windows\System\mcsBuyE.exe

C:\Windows\System\vPFPnBe.exe

C:\Windows\System\vPFPnBe.exe

C:\Windows\System\NuvAvgb.exe

C:\Windows\System\NuvAvgb.exe

C:\Windows\System\CBMbAGg.exe

C:\Windows\System\CBMbAGg.exe

C:\Windows\System\NjYQCgG.exe

C:\Windows\System\NjYQCgG.exe

C:\Windows\System\LCZdmaz.exe

C:\Windows\System\LCZdmaz.exe

C:\Windows\System\mFdqXVI.exe

C:\Windows\System\mFdqXVI.exe

C:\Windows\System\IJQWFHW.exe

C:\Windows\System\IJQWFHW.exe

C:\Windows\System\tjXsKrN.exe

C:\Windows\System\tjXsKrN.exe

C:\Windows\System\pnSETdm.exe

C:\Windows\System\pnSETdm.exe

C:\Windows\System\UVAIkFW.exe

C:\Windows\System\UVAIkFW.exe

C:\Windows\System\fmpgkNV.exe

C:\Windows\System\fmpgkNV.exe

C:\Windows\System\WcZJBrN.exe

C:\Windows\System\WcZJBrN.exe

C:\Windows\System\bikcbka.exe

C:\Windows\System\bikcbka.exe

C:\Windows\System\qzIyvBi.exe

C:\Windows\System\qzIyvBi.exe

C:\Windows\System\suiqMYW.exe

C:\Windows\System\suiqMYW.exe

C:\Windows\System\fwtCClg.exe

C:\Windows\System\fwtCClg.exe

C:\Windows\System\bpxDmDE.exe

C:\Windows\System\bpxDmDE.exe

C:\Windows\System\kOFWLIG.exe

C:\Windows\System\kOFWLIG.exe

C:\Windows\System\keuqqgf.exe

C:\Windows\System\keuqqgf.exe

C:\Windows\System\gkvDflh.exe

C:\Windows\System\gkvDflh.exe

C:\Windows\System\IstcNBD.exe

C:\Windows\System\IstcNBD.exe

C:\Windows\System\CFJIVpg.exe

C:\Windows\System\CFJIVpg.exe

C:\Windows\System\sbGMTrN.exe

C:\Windows\System\sbGMTrN.exe

C:\Windows\System\XMsbqeV.exe

C:\Windows\System\XMsbqeV.exe

C:\Windows\System\CbobHSj.exe

C:\Windows\System\CbobHSj.exe

C:\Windows\System\EwfDFSm.exe

C:\Windows\System\EwfDFSm.exe

C:\Windows\System\FrvoSVG.exe

C:\Windows\System\FrvoSVG.exe

C:\Windows\System\mhOMJlc.exe

C:\Windows\System\mhOMJlc.exe

C:\Windows\System\IhxNUNz.exe

C:\Windows\System\IhxNUNz.exe

C:\Windows\System\yspqeCl.exe

C:\Windows\System\yspqeCl.exe

C:\Windows\System\EqIdCLi.exe

C:\Windows\System\EqIdCLi.exe

C:\Windows\System\AgwcnOX.exe

C:\Windows\System\AgwcnOX.exe

C:\Windows\System\NKEkCIC.exe

C:\Windows\System\NKEkCIC.exe

C:\Windows\System\brvRtuH.exe

C:\Windows\System\brvRtuH.exe

C:\Windows\System\yoKCiQp.exe

C:\Windows\System\yoKCiQp.exe

C:\Windows\System\QkzZvSr.exe

C:\Windows\System\QkzZvSr.exe

C:\Windows\System\agMpjPB.exe

C:\Windows\System\agMpjPB.exe

C:\Windows\System\aZqPMfD.exe

C:\Windows\System\aZqPMfD.exe

C:\Windows\System\ARttiKE.exe

C:\Windows\System\ARttiKE.exe

C:\Windows\System\mgjkwGv.exe

C:\Windows\System\mgjkwGv.exe

C:\Windows\System\aVDNLJw.exe

C:\Windows\System\aVDNLJw.exe

C:\Windows\System\VWiVFlN.exe

C:\Windows\System\VWiVFlN.exe

C:\Windows\System\YnwNJPh.exe

C:\Windows\System\YnwNJPh.exe

C:\Windows\System\zszrobZ.exe

C:\Windows\System\zszrobZ.exe

C:\Windows\System\Rbvrzjy.exe

C:\Windows\System\Rbvrzjy.exe

C:\Windows\System\gdnxEuK.exe

C:\Windows\System\gdnxEuK.exe

C:\Windows\System\fnhngxQ.exe

C:\Windows\System\fnhngxQ.exe

C:\Windows\System\WvgExzg.exe

C:\Windows\System\WvgExzg.exe

C:\Windows\System\OTmWdLk.exe

C:\Windows\System\OTmWdLk.exe

C:\Windows\System\nGxHaDs.exe

C:\Windows\System\nGxHaDs.exe

C:\Windows\System\YzxijoG.exe

C:\Windows\System\YzxijoG.exe

C:\Windows\System\wNkRSWt.exe

C:\Windows\System\wNkRSWt.exe

C:\Windows\System\lddyczJ.exe

C:\Windows\System\lddyczJ.exe

C:\Windows\System\WWgVyvH.exe

C:\Windows\System\WWgVyvH.exe

C:\Windows\System\WwBexnv.exe

C:\Windows\System\WwBexnv.exe

C:\Windows\System\NqQfPCR.exe

C:\Windows\System\NqQfPCR.exe

C:\Windows\System\DtCLzNN.exe

C:\Windows\System\DtCLzNN.exe

C:\Windows\System\tZAZGqv.exe

C:\Windows\System\tZAZGqv.exe

C:\Windows\System\fsughCw.exe

C:\Windows\System\fsughCw.exe

C:\Windows\System\CJzDEJm.exe

C:\Windows\System\CJzDEJm.exe

C:\Windows\System\JfjEDVA.exe

C:\Windows\System\JfjEDVA.exe

C:\Windows\System\xyHdgbF.exe

C:\Windows\System\xyHdgbF.exe

C:\Windows\System\jYafwvs.exe

C:\Windows\System\jYafwvs.exe

C:\Windows\System\bucJaYN.exe

C:\Windows\System\bucJaYN.exe

C:\Windows\System\IdlLVwe.exe

C:\Windows\System\IdlLVwe.exe

C:\Windows\System\ttWucKb.exe

C:\Windows\System\ttWucKb.exe

C:\Windows\System\aVfUYGN.exe

C:\Windows\System\aVfUYGN.exe

C:\Windows\System\fKKFFXL.exe

C:\Windows\System\fKKFFXL.exe

C:\Windows\System\kZtiDZP.exe

C:\Windows\System\kZtiDZP.exe

C:\Windows\System\FhSTfNv.exe

C:\Windows\System\FhSTfNv.exe

C:\Windows\System\RZyIQAn.exe

C:\Windows\System\RZyIQAn.exe

C:\Windows\System\vcDlUEG.exe

C:\Windows\System\vcDlUEG.exe

C:\Windows\System\XWHOatR.exe

C:\Windows\System\XWHOatR.exe

C:\Windows\System\tLRjKIq.exe

C:\Windows\System\tLRjKIq.exe

C:\Windows\System\hvGAHnG.exe

C:\Windows\System\hvGAHnG.exe

C:\Windows\System\sepRVkf.exe

C:\Windows\System\sepRVkf.exe

C:\Windows\System\sWHMhfb.exe

C:\Windows\System\sWHMhfb.exe

C:\Windows\System\rqvmfiv.exe

C:\Windows\System\rqvmfiv.exe

C:\Windows\System\lHdImeT.exe

C:\Windows\System\lHdImeT.exe

C:\Windows\System\daRpwxe.exe

C:\Windows\System\daRpwxe.exe

C:\Windows\System\fZQbTjX.exe

C:\Windows\System\fZQbTjX.exe

C:\Windows\System\rwrNPzM.exe

C:\Windows\System\rwrNPzM.exe

C:\Windows\System\lYNnGmg.exe

C:\Windows\System\lYNnGmg.exe

C:\Windows\System\rIOnwQP.exe

C:\Windows\System\rIOnwQP.exe

C:\Windows\System\KKCxAqw.exe

C:\Windows\System\KKCxAqw.exe

C:\Windows\System\qtviTWZ.exe

C:\Windows\System\qtviTWZ.exe

C:\Windows\System\UlhiTRs.exe

C:\Windows\System\UlhiTRs.exe

C:\Windows\System\LqHLfho.exe

C:\Windows\System\LqHLfho.exe

C:\Windows\System\OrmBpBo.exe

C:\Windows\System\OrmBpBo.exe

C:\Windows\System\arCeRKc.exe

C:\Windows\System\arCeRKc.exe

C:\Windows\System\BVGDimk.exe

C:\Windows\System\BVGDimk.exe

C:\Windows\System\lFHgHjv.exe

C:\Windows\System\lFHgHjv.exe

C:\Windows\System\WWUBfQk.exe

C:\Windows\System\WWUBfQk.exe

C:\Windows\System\vSkUCRR.exe

C:\Windows\System\vSkUCRR.exe

C:\Windows\System\BiKUnaa.exe

C:\Windows\System\BiKUnaa.exe

C:\Windows\System\enbLOmQ.exe

C:\Windows\System\enbLOmQ.exe

C:\Windows\System\rqvGxOi.exe

C:\Windows\System\rqvGxOi.exe

C:\Windows\System\nnwofGW.exe

C:\Windows\System\nnwofGW.exe

C:\Windows\System\hTziGZk.exe

C:\Windows\System\hTziGZk.exe

C:\Windows\System\dHknHmw.exe

C:\Windows\System\dHknHmw.exe

C:\Windows\System\AKoFyOG.exe

C:\Windows\System\AKoFyOG.exe

C:\Windows\System\mmHdtpe.exe

C:\Windows\System\mmHdtpe.exe

C:\Windows\System\PjQKbHn.exe

C:\Windows\System\PjQKbHn.exe

C:\Windows\System\HhtVaLe.exe

C:\Windows\System\HhtVaLe.exe

C:\Windows\System\vkRvlFp.exe

C:\Windows\System\vkRvlFp.exe

C:\Windows\System\HabiZka.exe

C:\Windows\System\HabiZka.exe

C:\Windows\System\nKonlcO.exe

C:\Windows\System\nKonlcO.exe

C:\Windows\System\asjKeUg.exe

C:\Windows\System\asjKeUg.exe

C:\Windows\System\ykQhpsG.exe

C:\Windows\System\ykQhpsG.exe

C:\Windows\System\UIUWLFE.exe

C:\Windows\System\UIUWLFE.exe

C:\Windows\System\MlHRrog.exe

C:\Windows\System\MlHRrog.exe

C:\Windows\System\ZCokiNa.exe

C:\Windows\System\ZCokiNa.exe

C:\Windows\System\DYAgsBE.exe

C:\Windows\System\DYAgsBE.exe

C:\Windows\System\eFNnXNy.exe

C:\Windows\System\eFNnXNy.exe

C:\Windows\System\oZeXkey.exe

C:\Windows\System\oZeXkey.exe

C:\Windows\System\btJGsqr.exe

C:\Windows\System\btJGsqr.exe

C:\Windows\System\pVmPRXI.exe

C:\Windows\System\pVmPRXI.exe

C:\Windows\System\zbZBWjv.exe

C:\Windows\System\zbZBWjv.exe

C:\Windows\System\MBQzFNf.exe

C:\Windows\System\MBQzFNf.exe

C:\Windows\System\UkIjIuO.exe

C:\Windows\System\UkIjIuO.exe

C:\Windows\System\mpWNlwI.exe

C:\Windows\System\mpWNlwI.exe

C:\Windows\System\FvUjJqi.exe

C:\Windows\System\FvUjJqi.exe

C:\Windows\System\UnbsnRS.exe

C:\Windows\System\UnbsnRS.exe

C:\Windows\System\MQlSdyD.exe

C:\Windows\System\MQlSdyD.exe

C:\Windows\System\nBstrdY.exe

C:\Windows\System\nBstrdY.exe

C:\Windows\System\RMEfMTk.exe

C:\Windows\System\RMEfMTk.exe

C:\Windows\System\mlybfwD.exe

C:\Windows\System\mlybfwD.exe

C:\Windows\System\hXeOHmD.exe

C:\Windows\System\hXeOHmD.exe

C:\Windows\System\maMTyNW.exe

C:\Windows\System\maMTyNW.exe

C:\Windows\System\hmGBakl.exe

C:\Windows\System\hmGBakl.exe

C:\Windows\System\UPWZUEm.exe

C:\Windows\System\UPWZUEm.exe

C:\Windows\System\gdpEqRo.exe

C:\Windows\System\gdpEqRo.exe

C:\Windows\System\YqJphst.exe

C:\Windows\System\YqJphst.exe

C:\Windows\System\tohPfVX.exe

C:\Windows\System\tohPfVX.exe

C:\Windows\System\CzFDMBL.exe

C:\Windows\System\CzFDMBL.exe

C:\Windows\System\Dxzbmlr.exe

C:\Windows\System\Dxzbmlr.exe

C:\Windows\System\aoORwus.exe

C:\Windows\System\aoORwus.exe

C:\Windows\System\BNAoBSt.exe

C:\Windows\System\BNAoBSt.exe

C:\Windows\System\ZIuQMWX.exe

C:\Windows\System\ZIuQMWX.exe

C:\Windows\System\CNZuacr.exe

C:\Windows\System\CNZuacr.exe

C:\Windows\System\mjuOQCH.exe

C:\Windows\System\mjuOQCH.exe

C:\Windows\System\SJazFhz.exe

C:\Windows\System\SJazFhz.exe

C:\Windows\System\mByXazH.exe

C:\Windows\System\mByXazH.exe

C:\Windows\System\IDsDSVR.exe

C:\Windows\System\IDsDSVR.exe

C:\Windows\System\JoNoAEO.exe

C:\Windows\System\JoNoAEO.exe

C:\Windows\System\OcdKBqZ.exe

C:\Windows\System\OcdKBqZ.exe

C:\Windows\System\HlcprFF.exe

C:\Windows\System\HlcprFF.exe

C:\Windows\System\NFJGmVs.exe

C:\Windows\System\NFJGmVs.exe

C:\Windows\System\ExbkEVs.exe

C:\Windows\System\ExbkEVs.exe

C:\Windows\System\UkDFlZC.exe

C:\Windows\System\UkDFlZC.exe

C:\Windows\System\nAeuqXd.exe

C:\Windows\System\nAeuqXd.exe

C:\Windows\System\lMsDAWv.exe

C:\Windows\System\lMsDAWv.exe

C:\Windows\System\gqvbKiV.exe

C:\Windows\System\gqvbKiV.exe

C:\Windows\System\BYBMaBw.exe

C:\Windows\System\BYBMaBw.exe

C:\Windows\System\SNGluTK.exe

C:\Windows\System\SNGluTK.exe

C:\Windows\System\RatmuwR.exe

C:\Windows\System\RatmuwR.exe

C:\Windows\System\sAULEuM.exe

C:\Windows\System\sAULEuM.exe

C:\Windows\System\fXaaWRG.exe

C:\Windows\System\fXaaWRG.exe

C:\Windows\System\AbNprFc.exe

C:\Windows\System\AbNprFc.exe

C:\Windows\System\lKttMbi.exe

C:\Windows\System\lKttMbi.exe

C:\Windows\System\aFBBsJe.exe

C:\Windows\System\aFBBsJe.exe

C:\Windows\System\HMztagb.exe

C:\Windows\System\HMztagb.exe

C:\Windows\System\GNrXVLI.exe

C:\Windows\System\GNrXVLI.exe

C:\Windows\System\eXRTpWj.exe

C:\Windows\System\eXRTpWj.exe

C:\Windows\System\SBdfHcu.exe

C:\Windows\System\SBdfHcu.exe

C:\Windows\System\inmkHAf.exe

C:\Windows\System\inmkHAf.exe

C:\Windows\System\WDnsOrU.exe

C:\Windows\System\WDnsOrU.exe

C:\Windows\System\NdxOQtp.exe

C:\Windows\System\NdxOQtp.exe

C:\Windows\System\hKOefje.exe

C:\Windows\System\hKOefje.exe

C:\Windows\System\SHCWzGy.exe

C:\Windows\System\SHCWzGy.exe

C:\Windows\System\nRoupqA.exe

C:\Windows\System\nRoupqA.exe

C:\Windows\System\OScuWcO.exe

C:\Windows\System\OScuWcO.exe

C:\Windows\System\nplQaYB.exe

C:\Windows\System\nplQaYB.exe

C:\Windows\System\aSAjegv.exe

C:\Windows\System\aSAjegv.exe

C:\Windows\System\NkyuMfj.exe

C:\Windows\System\NkyuMfj.exe

C:\Windows\System\GJyVqNW.exe

C:\Windows\System\GJyVqNW.exe

C:\Windows\System\exFyvRH.exe

C:\Windows\System\exFyvRH.exe

C:\Windows\System\sZxyBhK.exe

C:\Windows\System\sZxyBhK.exe

C:\Windows\System\ZiqKEee.exe

C:\Windows\System\ZiqKEee.exe

C:\Windows\System\FviyuNb.exe

C:\Windows\System\FviyuNb.exe

C:\Windows\System\QPQhguF.exe

C:\Windows\System\QPQhguF.exe

C:\Windows\System\JEdalcp.exe

C:\Windows\System\JEdalcp.exe

C:\Windows\System\sjhOKbC.exe

C:\Windows\System\sjhOKbC.exe

C:\Windows\System\dNyAJPD.exe

C:\Windows\System\dNyAJPD.exe

C:\Windows\System\nXITilw.exe

C:\Windows\System\nXITilw.exe

C:\Windows\System\FaXYdIT.exe

C:\Windows\System\FaXYdIT.exe

C:\Windows\System\GlvcMNF.exe

C:\Windows\System\GlvcMNF.exe

C:\Windows\System\JTvfnLa.exe

C:\Windows\System\JTvfnLa.exe

C:\Windows\System\BUuoVlI.exe

C:\Windows\System\BUuoVlI.exe

C:\Windows\System\IxTBsQL.exe

C:\Windows\System\IxTBsQL.exe

C:\Windows\System\auDdntd.exe

C:\Windows\System\auDdntd.exe

C:\Windows\System\dPPimSN.exe

C:\Windows\System\dPPimSN.exe

C:\Windows\System\emygzvX.exe

C:\Windows\System\emygzvX.exe

C:\Windows\System\oziLyUl.exe

C:\Windows\System\oziLyUl.exe

C:\Windows\System\cBnGHTc.exe

C:\Windows\System\cBnGHTc.exe

C:\Windows\System\ROwJoWn.exe

C:\Windows\System\ROwJoWn.exe

C:\Windows\System\PYOmYyy.exe

C:\Windows\System\PYOmYyy.exe

C:\Windows\System\LvQgSvs.exe

C:\Windows\System\LvQgSvs.exe

C:\Windows\System\rdhlZBW.exe

C:\Windows\System\rdhlZBW.exe

C:\Windows\System\sBVAwUB.exe

C:\Windows\System\sBVAwUB.exe

C:\Windows\System\fKAgGIM.exe

C:\Windows\System\fKAgGIM.exe

C:\Windows\System\dpCPxXq.exe

C:\Windows\System\dpCPxXq.exe

C:\Windows\System\OcBgCSV.exe

C:\Windows\System\OcBgCSV.exe

C:\Windows\System\DBPywkm.exe

C:\Windows\System\DBPywkm.exe

C:\Windows\System\WNOnZfh.exe

C:\Windows\System\WNOnZfh.exe

C:\Windows\System\bmOsUtd.exe

C:\Windows\System\bmOsUtd.exe

C:\Windows\System\yoXRLHB.exe

C:\Windows\System\yoXRLHB.exe

C:\Windows\System\BveeYXQ.exe

C:\Windows\System\BveeYXQ.exe

C:\Windows\System\xelApKT.exe

C:\Windows\System\xelApKT.exe

C:\Windows\System\YxHaEMQ.exe

C:\Windows\System\YxHaEMQ.exe

C:\Windows\System\PiAkfpP.exe

C:\Windows\System\PiAkfpP.exe

C:\Windows\System\TfYmpuX.exe

C:\Windows\System\TfYmpuX.exe

C:\Windows\System\qFqmOAD.exe

C:\Windows\System\qFqmOAD.exe

C:\Windows\System\viWIaRs.exe

C:\Windows\System\viWIaRs.exe

C:\Windows\System\xNCMGgq.exe

C:\Windows\System\xNCMGgq.exe

C:\Windows\System\pgkAloX.exe

C:\Windows\System\pgkAloX.exe

C:\Windows\System\zBWtrfD.exe

C:\Windows\System\zBWtrfD.exe

C:\Windows\System\XqdHlLv.exe

C:\Windows\System\XqdHlLv.exe

C:\Windows\System\lRGrelV.exe

C:\Windows\System\lRGrelV.exe

C:\Windows\System\MUvSbcu.exe

C:\Windows\System\MUvSbcu.exe

C:\Windows\System\SAUHWPP.exe

C:\Windows\System\SAUHWPP.exe

C:\Windows\System\gIGQZqz.exe

C:\Windows\System\gIGQZqz.exe

C:\Windows\System\syUsYXp.exe

C:\Windows\System\syUsYXp.exe

C:\Windows\System\FsJsGGN.exe

C:\Windows\System\FsJsGGN.exe

C:\Windows\System\rDSgnmY.exe

C:\Windows\System\rDSgnmY.exe

C:\Windows\System\KrBUWyz.exe

C:\Windows\System\KrBUWyz.exe

C:\Windows\System\NXiFRKM.exe

C:\Windows\System\NXiFRKM.exe

C:\Windows\System\DNzFMou.exe

C:\Windows\System\DNzFMou.exe

C:\Windows\System\rNujtVo.exe

C:\Windows\System\rNujtVo.exe

C:\Windows\System\tTDHkpz.exe

C:\Windows\System\tTDHkpz.exe

C:\Windows\System\xQLBOrg.exe

C:\Windows\System\xQLBOrg.exe

C:\Windows\System\pYJUOxp.exe

C:\Windows\System\pYJUOxp.exe

C:\Windows\System\BDFpxWQ.exe

C:\Windows\System\BDFpxWQ.exe

C:\Windows\System\jRJkPvR.exe

C:\Windows\System\jRJkPvR.exe

C:\Windows\System\uSmkcwq.exe

C:\Windows\System\uSmkcwq.exe

C:\Windows\System\FZdpoHm.exe

C:\Windows\System\FZdpoHm.exe

C:\Windows\System\YkIyPbO.exe

C:\Windows\System\YkIyPbO.exe

C:\Windows\System\dDiwgBf.exe

C:\Windows\System\dDiwgBf.exe

C:\Windows\System\hPVMSUd.exe

C:\Windows\System\hPVMSUd.exe

C:\Windows\System\QuHhmJp.exe

C:\Windows\System\QuHhmJp.exe

C:\Windows\System\KEsxqyA.exe

C:\Windows\System\KEsxqyA.exe

C:\Windows\System\qHSKpZU.exe

C:\Windows\System\qHSKpZU.exe

C:\Windows\System\cawMwyG.exe

C:\Windows\System\cawMwyG.exe

C:\Windows\System\HNkzLHO.exe

C:\Windows\System\HNkzLHO.exe

C:\Windows\System\UNbORpZ.exe

C:\Windows\System\UNbORpZ.exe

C:\Windows\System\dnLLwnr.exe

C:\Windows\System\dnLLwnr.exe

C:\Windows\System\BGKUZjg.exe

C:\Windows\System\BGKUZjg.exe

C:\Windows\System\wdHwlGG.exe

C:\Windows\System\wdHwlGG.exe

C:\Windows\System\hBVVbbM.exe

C:\Windows\System\hBVVbbM.exe

C:\Windows\System\NvImrqU.exe

C:\Windows\System\NvImrqU.exe

C:\Windows\System\aGahSCQ.exe

C:\Windows\System\aGahSCQ.exe

C:\Windows\System\yYSafrs.exe

C:\Windows\System\yYSafrs.exe

C:\Windows\System\vYxxIkS.exe

C:\Windows\System\vYxxIkS.exe

C:\Windows\System\PBQLfmT.exe

C:\Windows\System\PBQLfmT.exe

C:\Windows\System\ZVAKJMt.exe

C:\Windows\System\ZVAKJMt.exe

C:\Windows\System\CTjLejo.exe

C:\Windows\System\CTjLejo.exe

C:\Windows\System\gWVkoyp.exe

C:\Windows\System\gWVkoyp.exe

C:\Windows\System\PCMfDDR.exe

C:\Windows\System\PCMfDDR.exe

C:\Windows\System\NqLTmrr.exe

C:\Windows\System\NqLTmrr.exe

C:\Windows\System\VgMIwCM.exe

C:\Windows\System\VgMIwCM.exe

C:\Windows\System\WqwZdHd.exe

C:\Windows\System\WqwZdHd.exe

C:\Windows\System\mQtptyt.exe

C:\Windows\System\mQtptyt.exe

C:\Windows\System\wIZBMkP.exe

C:\Windows\System\wIZBMkP.exe

C:\Windows\System\HgONdEz.exe

C:\Windows\System\HgONdEz.exe

C:\Windows\System\amAzcEw.exe

C:\Windows\System\amAzcEw.exe

C:\Windows\System\VVWsYUq.exe

C:\Windows\System\VVWsYUq.exe

C:\Windows\System\yDiZboT.exe

C:\Windows\System\yDiZboT.exe

C:\Windows\System\sOhIBuA.exe

C:\Windows\System\sOhIBuA.exe

C:\Windows\System\vRbVIMF.exe

C:\Windows\System\vRbVIMF.exe

C:\Windows\System\prmhaqr.exe

C:\Windows\System\prmhaqr.exe

C:\Windows\System\uhgRHiC.exe

C:\Windows\System\uhgRHiC.exe

C:\Windows\System\UCqkmLl.exe

C:\Windows\System\UCqkmLl.exe

C:\Windows\System\KbYNyRP.exe

C:\Windows\System\KbYNyRP.exe

C:\Windows\System\ezTXtWG.exe

C:\Windows\System\ezTXtWG.exe

C:\Windows\System\FisKXSy.exe

C:\Windows\System\FisKXSy.exe

C:\Windows\System\YWxRPae.exe

C:\Windows\System\YWxRPae.exe

C:\Windows\System\LidVuZs.exe

C:\Windows\System\LidVuZs.exe

C:\Windows\System\HvQTjWi.exe

C:\Windows\System\HvQTjWi.exe

C:\Windows\System\LXwNHsx.exe

C:\Windows\System\LXwNHsx.exe

C:\Windows\System\KcKAxDb.exe

C:\Windows\System\KcKAxDb.exe

C:\Windows\System\EuQbgCS.exe

C:\Windows\System\EuQbgCS.exe

C:\Windows\System\QtqlGAp.exe

C:\Windows\System\QtqlGAp.exe

C:\Windows\System\dQACUlt.exe

C:\Windows\System\dQACUlt.exe

C:\Windows\System\nUSwiwV.exe

C:\Windows\System\nUSwiwV.exe

C:\Windows\System\PIppiwE.exe

C:\Windows\System\PIppiwE.exe

C:\Windows\System\CDFOoxe.exe

C:\Windows\System\CDFOoxe.exe

C:\Windows\System\bhHOGQl.exe

C:\Windows\System\bhHOGQl.exe

C:\Windows\System\cQcDXRA.exe

C:\Windows\System\cQcDXRA.exe

C:\Windows\System\tspedPG.exe

C:\Windows\System\tspedPG.exe

C:\Windows\System\smxlMby.exe

C:\Windows\System\smxlMby.exe

C:\Windows\System\xLXODfd.exe

C:\Windows\System\xLXODfd.exe

C:\Windows\System\sHZxICv.exe

C:\Windows\System\sHZxICv.exe

C:\Windows\System\IvAFRmB.exe

C:\Windows\System\IvAFRmB.exe

C:\Windows\System\tCXmNup.exe

C:\Windows\System\tCXmNup.exe

C:\Windows\System\XWAwQpj.exe

C:\Windows\System\XWAwQpj.exe

C:\Windows\System\TjHxrNy.exe

C:\Windows\System\TjHxrNy.exe

C:\Windows\System\ezTUTyT.exe

C:\Windows\System\ezTUTyT.exe

C:\Windows\System\ZFFcQzm.exe

C:\Windows\System\ZFFcQzm.exe

C:\Windows\System\ynWWHAZ.exe

C:\Windows\System\ynWWHAZ.exe

C:\Windows\System\rcsGvVp.exe

C:\Windows\System\rcsGvVp.exe

C:\Windows\System\csvlfBW.exe

C:\Windows\System\csvlfBW.exe

C:\Windows\System\LPjdiuX.exe

C:\Windows\System\LPjdiuX.exe

C:\Windows\System\JElpydx.exe

C:\Windows\System\JElpydx.exe

C:\Windows\System\jnbiZrS.exe

C:\Windows\System\jnbiZrS.exe

C:\Windows\System\oTGYErx.exe

C:\Windows\System\oTGYErx.exe

C:\Windows\System\UmURbzl.exe

C:\Windows\System\UmURbzl.exe

C:\Windows\System\khYeQMQ.exe

C:\Windows\System\khYeQMQ.exe

C:\Windows\System\gRHfBJX.exe

C:\Windows\System\gRHfBJX.exe

C:\Windows\System\vtCgnuA.exe

C:\Windows\System\vtCgnuA.exe

C:\Windows\System\qCMAPrx.exe

C:\Windows\System\qCMAPrx.exe

C:\Windows\System\pPUzdCI.exe

C:\Windows\System\pPUzdCI.exe

C:\Windows\System\AhvJNFY.exe

C:\Windows\System\AhvJNFY.exe

C:\Windows\System\VelznTp.exe

C:\Windows\System\VelznTp.exe

C:\Windows\System\gQIvDHO.exe

C:\Windows\System\gQIvDHO.exe

C:\Windows\System\LzzeSAc.exe

C:\Windows\System\LzzeSAc.exe

C:\Windows\System\SGdsAaJ.exe

C:\Windows\System\SGdsAaJ.exe

C:\Windows\System\gJgERaW.exe

C:\Windows\System\gJgERaW.exe

C:\Windows\System\JwZNyxT.exe

C:\Windows\System\JwZNyxT.exe

C:\Windows\System\gqKoIXU.exe

C:\Windows\System\gqKoIXU.exe

C:\Windows\System\VRtfRtE.exe

C:\Windows\System\VRtfRtE.exe

C:\Windows\System\HpYNkyn.exe

C:\Windows\System\HpYNkyn.exe

C:\Windows\System\uyFGuev.exe

C:\Windows\System\uyFGuev.exe

C:\Windows\System\IqZloUi.exe

C:\Windows\System\IqZloUi.exe

C:\Windows\System\eTxlVpE.exe

C:\Windows\System\eTxlVpE.exe

C:\Windows\System\hOaOgbY.exe

C:\Windows\System\hOaOgbY.exe

C:\Windows\System\bxgajmL.exe

C:\Windows\System\bxgajmL.exe

C:\Windows\System\gtKLteL.exe

C:\Windows\System\gtKLteL.exe

C:\Windows\System\AaRrSAm.exe

C:\Windows\System\AaRrSAm.exe

C:\Windows\System\KOcOaEV.exe

C:\Windows\System\KOcOaEV.exe

C:\Windows\System\ALqjUos.exe

C:\Windows\System\ALqjUos.exe

C:\Windows\System\WZipQGP.exe

C:\Windows\System\WZipQGP.exe

C:\Windows\System\IcvYDUU.exe

C:\Windows\System\IcvYDUU.exe

C:\Windows\System\fhgqgXt.exe

C:\Windows\System\fhgqgXt.exe

C:\Windows\System\NHkbQNt.exe

C:\Windows\System\NHkbQNt.exe

C:\Windows\System\uKmDjtN.exe

C:\Windows\System\uKmDjtN.exe

C:\Windows\System\VANvjvR.exe

C:\Windows\System\VANvjvR.exe

C:\Windows\System\YIVCaRl.exe

C:\Windows\System\YIVCaRl.exe

C:\Windows\System\PSzHzqz.exe

C:\Windows\System\PSzHzqz.exe

C:\Windows\System\oIyoykO.exe

C:\Windows\System\oIyoykO.exe

C:\Windows\System\lOGGykv.exe

C:\Windows\System\lOGGykv.exe

C:\Windows\System\PNoHLiA.exe

C:\Windows\System\PNoHLiA.exe

C:\Windows\System\KEEOvsx.exe

C:\Windows\System\KEEOvsx.exe

C:\Windows\System\JOyvWzy.exe

C:\Windows\System\JOyvWzy.exe

C:\Windows\System\hvXxNfQ.exe

C:\Windows\System\hvXxNfQ.exe

C:\Windows\System\jfNxsGl.exe

C:\Windows\System\jfNxsGl.exe

C:\Windows\System\NZTwNRh.exe

C:\Windows\System\NZTwNRh.exe

C:\Windows\System\XiMEjCx.exe

C:\Windows\System\XiMEjCx.exe

C:\Windows\System\VoKISmr.exe

C:\Windows\System\VoKISmr.exe

C:\Windows\System\QumVUzQ.exe

C:\Windows\System\QumVUzQ.exe

C:\Windows\System\XmrUzJc.exe

C:\Windows\System\XmrUzJc.exe

C:\Windows\System\lqEpaAL.exe

C:\Windows\System\lqEpaAL.exe

C:\Windows\System\TAmlcOE.exe

C:\Windows\System\TAmlcOE.exe

C:\Windows\System\JMjxzSs.exe

C:\Windows\System\JMjxzSs.exe

C:\Windows\System\PKZIkTn.exe

C:\Windows\System\PKZIkTn.exe

C:\Windows\System\aHmbKwP.exe

C:\Windows\System\aHmbKwP.exe

C:\Windows\System\oCoozKu.exe

C:\Windows\System\oCoozKu.exe

C:\Windows\System\JtflTGx.exe

C:\Windows\System\JtflTGx.exe

C:\Windows\System\rZyRxkj.exe

C:\Windows\System\rZyRxkj.exe

C:\Windows\System\FFtVkHE.exe

C:\Windows\System\FFtVkHE.exe

C:\Windows\System\KsojneL.exe

C:\Windows\System\KsojneL.exe

C:\Windows\System\pfHjEfG.exe

C:\Windows\System\pfHjEfG.exe

C:\Windows\System\uxdjjaS.exe

C:\Windows\System\uxdjjaS.exe

C:\Windows\System\XvKZZlw.exe

C:\Windows\System\XvKZZlw.exe

C:\Windows\System\RJvRInv.exe

C:\Windows\System\RJvRInv.exe

C:\Windows\System\YRiHYWF.exe

C:\Windows\System\YRiHYWF.exe

C:\Windows\System\ZqWafhQ.exe

C:\Windows\System\ZqWafhQ.exe

C:\Windows\System\JaNMTRk.exe

C:\Windows\System\JaNMTRk.exe

C:\Windows\System\wilTECT.exe

C:\Windows\System\wilTECT.exe

C:\Windows\System\DBeXCen.exe

C:\Windows\System\DBeXCen.exe

C:\Windows\System\VxyyiVh.exe

C:\Windows\System\VxyyiVh.exe

C:\Windows\System\aEEQvPd.exe

C:\Windows\System\aEEQvPd.exe

C:\Windows\System\tiSBlJn.exe

C:\Windows\System\tiSBlJn.exe

C:\Windows\System\hialwGN.exe

C:\Windows\System\hialwGN.exe

C:\Windows\System\OsDFpbl.exe

C:\Windows\System\OsDFpbl.exe

C:\Windows\System\ZgmkXZb.exe

C:\Windows\System\ZgmkXZb.exe

C:\Windows\System\hHhRtmc.exe

C:\Windows\System\hHhRtmc.exe

C:\Windows\System\OLvlvDq.exe

C:\Windows\System\OLvlvDq.exe

C:\Windows\System\rLKlMDA.exe

C:\Windows\System\rLKlMDA.exe

C:\Windows\System\mSfyPDl.exe

C:\Windows\System\mSfyPDl.exe

C:\Windows\System\yCBbnMo.exe

C:\Windows\System\yCBbnMo.exe

C:\Windows\System\xTgFIDe.exe

C:\Windows\System\xTgFIDe.exe

C:\Windows\System\QOoDIts.exe

C:\Windows\System\QOoDIts.exe

C:\Windows\System\uPpZFsO.exe

C:\Windows\System\uPpZFsO.exe

C:\Windows\System\WnmggwY.exe

C:\Windows\System\WnmggwY.exe

C:\Windows\System\UmhqMPC.exe

C:\Windows\System\UmhqMPC.exe

C:\Windows\System\YrweLLz.exe

C:\Windows\System\YrweLLz.exe

C:\Windows\System\IhqWnui.exe

C:\Windows\System\IhqWnui.exe

C:\Windows\System\hDTFcvv.exe

C:\Windows\System\hDTFcvv.exe

C:\Windows\System\kkithCI.exe

C:\Windows\System\kkithCI.exe

C:\Windows\System\pxunezN.exe

C:\Windows\System\pxunezN.exe

C:\Windows\System\nHgvXEm.exe

C:\Windows\System\nHgvXEm.exe

C:\Windows\System\GXTVnid.exe

C:\Windows\System\GXTVnid.exe

C:\Windows\System\YppFOCz.exe

C:\Windows\System\YppFOCz.exe

C:\Windows\System\vyDExud.exe

C:\Windows\System\vyDExud.exe

C:\Windows\System\FbpyIiO.exe

C:\Windows\System\FbpyIiO.exe

C:\Windows\System\wcOyKdH.exe

C:\Windows\System\wcOyKdH.exe

C:\Windows\System\aPShuii.exe

C:\Windows\System\aPShuii.exe

C:\Windows\System\zatYpAQ.exe

C:\Windows\System\zatYpAQ.exe

C:\Windows\System\JVJnuKo.exe

C:\Windows\System\JVJnuKo.exe

C:\Windows\System\PNnawQT.exe

C:\Windows\System\PNnawQT.exe

C:\Windows\System\FrtrZXD.exe

C:\Windows\System\FrtrZXD.exe

C:\Windows\System\wfjtPVe.exe

C:\Windows\System\wfjtPVe.exe

C:\Windows\System\tOyvxEm.exe

C:\Windows\System\tOyvxEm.exe

C:\Windows\System\OsXlymu.exe

C:\Windows\System\OsXlymu.exe

C:\Windows\System\Ywcbeuj.exe

C:\Windows\System\Ywcbeuj.exe

C:\Windows\System\ezbFTwU.exe

C:\Windows\System\ezbFTwU.exe

C:\Windows\System\PWEYfRL.exe

C:\Windows\System\PWEYfRL.exe

C:\Windows\System\ltiecly.exe

C:\Windows\System\ltiecly.exe

C:\Windows\System\HqFLQnZ.exe

C:\Windows\System\HqFLQnZ.exe

C:\Windows\System\OKJuRMU.exe

C:\Windows\System\OKJuRMU.exe

C:\Windows\System\fnbPlAy.exe

C:\Windows\System\fnbPlAy.exe

C:\Windows\System\vyaHwAk.exe

C:\Windows\System\vyaHwAk.exe

C:\Windows\System\JdggPaf.exe

C:\Windows\System\JdggPaf.exe

C:\Windows\System\poDiNJI.exe

C:\Windows\System\poDiNJI.exe

C:\Windows\System\LAZHIjU.exe

C:\Windows\System\LAZHIjU.exe

C:\Windows\System\pIqURbN.exe

C:\Windows\System\pIqURbN.exe

C:\Windows\System\DznQxBb.exe

C:\Windows\System\DznQxBb.exe

C:\Windows\System\RIeGGeX.exe

C:\Windows\System\RIeGGeX.exe

C:\Windows\System\ZqZxbbZ.exe

C:\Windows\System\ZqZxbbZ.exe

C:\Windows\System\vbUImmE.exe

C:\Windows\System\vbUImmE.exe

C:\Windows\System\dxmLagv.exe

C:\Windows\System\dxmLagv.exe

C:\Windows\System\aGcEVcu.exe

C:\Windows\System\aGcEVcu.exe

C:\Windows\System\GBnMpUc.exe

C:\Windows\System\GBnMpUc.exe

C:\Windows\System\nFjUwVh.exe

C:\Windows\System\nFjUwVh.exe

C:\Windows\System\uRiWNtq.exe

C:\Windows\System\uRiWNtq.exe

C:\Windows\System\WmqzTEE.exe

C:\Windows\System\WmqzTEE.exe

C:\Windows\System\iikgbzl.exe

C:\Windows\System\iikgbzl.exe

C:\Windows\System\HXaWabj.exe

C:\Windows\System\HXaWabj.exe

C:\Windows\System\TLeHHra.exe

C:\Windows\System\TLeHHra.exe

C:\Windows\System\qJIkddy.exe

C:\Windows\System\qJIkddy.exe

C:\Windows\System\gZeZywF.exe

C:\Windows\System\gZeZywF.exe

C:\Windows\System\jFioWKd.exe

C:\Windows\System\jFioWKd.exe

C:\Windows\System\wyReLCd.exe

C:\Windows\System\wyReLCd.exe

C:\Windows\System\mSpgnqM.exe

C:\Windows\System\mSpgnqM.exe

C:\Windows\System\qFKzuzM.exe

C:\Windows\System\qFKzuzM.exe

C:\Windows\System\BMCFihO.exe

C:\Windows\System\BMCFihO.exe

C:\Windows\System\DofoNSR.exe

C:\Windows\System\DofoNSR.exe

C:\Windows\System\ipxuXVo.exe

C:\Windows\System\ipxuXVo.exe

C:\Windows\System\wulMjiZ.exe

C:\Windows\System\wulMjiZ.exe

C:\Windows\System\NAWmsUw.exe

C:\Windows\System\NAWmsUw.exe

C:\Windows\System\NmjHPMd.exe

C:\Windows\System\NmjHPMd.exe

C:\Windows\System\WTcWTSw.exe

C:\Windows\System\WTcWTSw.exe

C:\Windows\System\rxqPvDy.exe

C:\Windows\System\rxqPvDy.exe

C:\Windows\System\eaWxIBu.exe

C:\Windows\System\eaWxIBu.exe

C:\Windows\System\ZXcRkHz.exe

C:\Windows\System\ZXcRkHz.exe

C:\Windows\System\tLqmWqa.exe

C:\Windows\System\tLqmWqa.exe

C:\Windows\System\AVwLEdy.exe

C:\Windows\System\AVwLEdy.exe

C:\Windows\System\oTxtGEd.exe

C:\Windows\System\oTxtGEd.exe

C:\Windows\System\CXZvHtp.exe

C:\Windows\System\CXZvHtp.exe

C:\Windows\System\SlngBAm.exe

C:\Windows\System\SlngBAm.exe

C:\Windows\System\qYqsspH.exe

C:\Windows\System\qYqsspH.exe

C:\Windows\System\tEcCZgV.exe

C:\Windows\System\tEcCZgV.exe

C:\Windows\System\CSdfHpQ.exe

C:\Windows\System\CSdfHpQ.exe

C:\Windows\System\OMvUHVo.exe

C:\Windows\System\OMvUHVo.exe

C:\Windows\System\OlKJzcz.exe

C:\Windows\System\OlKJzcz.exe

C:\Windows\System\dzzOrSJ.exe

C:\Windows\System\dzzOrSJ.exe

C:\Windows\System\zDmEnIx.exe

C:\Windows\System\zDmEnIx.exe

C:\Windows\System\hyYQgMt.exe

C:\Windows\System\hyYQgMt.exe

C:\Windows\System\xfifgiD.exe

C:\Windows\System\xfifgiD.exe

C:\Windows\System\YsqOfVk.exe

C:\Windows\System\YsqOfVk.exe

C:\Windows\System\GZcSOIL.exe

C:\Windows\System\GZcSOIL.exe

C:\Windows\System\aIkKWJk.exe

C:\Windows\System\aIkKWJk.exe

C:\Windows\System\MAFtyrE.exe

C:\Windows\System\MAFtyrE.exe

C:\Windows\System\uGHVkPZ.exe

C:\Windows\System\uGHVkPZ.exe

C:\Windows\System\HuQchVp.exe

C:\Windows\System\HuQchVp.exe

C:\Windows\System\NEsFJEM.exe

C:\Windows\System\NEsFJEM.exe

C:\Windows\System\cAmlgEP.exe

C:\Windows\System\cAmlgEP.exe

C:\Windows\System\cxJdGtg.exe

C:\Windows\System\cxJdGtg.exe

C:\Windows\System\EoBqIMp.exe

C:\Windows\System\EoBqIMp.exe

C:\Windows\System\bvoUAaH.exe

C:\Windows\System\bvoUAaH.exe

C:\Windows\System\adheprN.exe

C:\Windows\System\adheprN.exe

C:\Windows\System\kulHOTv.exe

C:\Windows\System\kulHOTv.exe

C:\Windows\System\FHrQxre.exe

C:\Windows\System\FHrQxre.exe

C:\Windows\System\BNBRgva.exe

C:\Windows\System\BNBRgva.exe

C:\Windows\System\ZZlfMCZ.exe

C:\Windows\System\ZZlfMCZ.exe

C:\Windows\System\yKmLfPc.exe

C:\Windows\System\yKmLfPc.exe

C:\Windows\System\jNJSPuD.exe

C:\Windows\System\jNJSPuD.exe

C:\Windows\System\NEIHFPD.exe

C:\Windows\System\NEIHFPD.exe

C:\Windows\System\EXgWLAW.exe

C:\Windows\System\EXgWLAW.exe

C:\Windows\System\gmMvVpY.exe

C:\Windows\System\gmMvVpY.exe

C:\Windows\System\meVnKbA.exe

C:\Windows\System\meVnKbA.exe

C:\Windows\System\qFLNohs.exe

C:\Windows\System\qFLNohs.exe

C:\Windows\System\EyrOmex.exe

C:\Windows\System\EyrOmex.exe

C:\Windows\System\OuCQolR.exe

C:\Windows\System\OuCQolR.exe

C:\Windows\System\hAGJFKX.exe

C:\Windows\System\hAGJFKX.exe

C:\Windows\System\kbgtFrz.exe

C:\Windows\System\kbgtFrz.exe

C:\Windows\System\kWCQCpq.exe

C:\Windows\System\kWCQCpq.exe

C:\Windows\System\wXPzyfo.exe

C:\Windows\System\wXPzyfo.exe

C:\Windows\System\FKwUBPD.exe

C:\Windows\System\FKwUBPD.exe

C:\Windows\System\WAVldlo.exe

C:\Windows\System\WAVldlo.exe

C:\Windows\System\TymAjcW.exe

C:\Windows\System\TymAjcW.exe

C:\Windows\System\tdRGjeR.exe

C:\Windows\System\tdRGjeR.exe

C:\Windows\System\VuqjedA.exe

C:\Windows\System\VuqjedA.exe

C:\Windows\System\oFkHqee.exe

C:\Windows\System\oFkHqee.exe

C:\Windows\System\vNJZaTo.exe

C:\Windows\System\vNJZaTo.exe

C:\Windows\System\SFnYqph.exe

C:\Windows\System\SFnYqph.exe

C:\Windows\System\PIsdXjQ.exe

C:\Windows\System\PIsdXjQ.exe

C:\Windows\System\acVxbSH.exe

C:\Windows\System\acVxbSH.exe

C:\Windows\System\JEjqsEJ.exe

C:\Windows\System\JEjqsEJ.exe

C:\Windows\System\weQtXKL.exe

C:\Windows\System\weQtXKL.exe

C:\Windows\System\YEXBBvQ.exe

C:\Windows\System\YEXBBvQ.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 12420 -s 28

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 10680 -s 240

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 452 -p 10100 -ip 10100

C:\Windows\System\vWNPQFS.exe

C:\Windows\System\vWNPQFS.exe

C:\Windows\System\AgbNDrk.exe

C:\Windows\System\AgbNDrk.exe

C:\Windows\System\OjjCCPK.exe

C:\Windows\System\OjjCCPK.exe

C:\Windows\System\BNtrMTd.exe

C:\Windows\System\BNtrMTd.exe

C:\Windows\System\fmukCeQ.exe

C:\Windows\System\fmukCeQ.exe

C:\Windows\System\qXseJiL.exe

C:\Windows\System\qXseJiL.exe

C:\Windows\System\kjoQafz.exe

C:\Windows\System\kjoQafz.exe

C:\Windows\System\prhHExp.exe

C:\Windows\System\prhHExp.exe

C:\Windows\System\SiriDKh.exe

C:\Windows\System\SiriDKh.exe

C:\Windows\System\mFtcoRv.exe

C:\Windows\System\mFtcoRv.exe

C:\Windows\System\XVttLPt.exe

C:\Windows\System\XVttLPt.exe

C:\Windows\System\OGJKFXH.exe

C:\Windows\System\OGJKFXH.exe

C:\Windows\System\FDMJqNG.exe

C:\Windows\System\FDMJqNG.exe

C:\Windows\System\xHBKRUw.exe

C:\Windows\System\xHBKRUw.exe

C:\Windows\System\JVoJfrg.exe

C:\Windows\System\JVoJfrg.exe

C:\Windows\System\MSDuALi.exe

C:\Windows\System\MSDuALi.exe

C:\Windows\System\bhMIeQM.exe

C:\Windows\System\bhMIeQM.exe

C:\Windows\System\fBaMBFs.exe

C:\Windows\System\fBaMBFs.exe

C:\Windows\System\YbPfgJj.exe

C:\Windows\System\YbPfgJj.exe

C:\Windows\System\CzWVWja.exe

C:\Windows\System\CzWVWja.exe

C:\Windows\System\GlamHiE.exe

C:\Windows\System\GlamHiE.exe

C:\Windows\System\BDCzYdH.exe

C:\Windows\System\BDCzYdH.exe

C:\Windows\System\oagoxtq.exe

C:\Windows\System\oagoxtq.exe

C:\Windows\System\FMcZsbn.exe

C:\Windows\System\FMcZsbn.exe

C:\Windows\System\vyLHGhQ.exe

C:\Windows\System\vyLHGhQ.exe

C:\Windows\System\GfEpEst.exe

C:\Windows\System\GfEpEst.exe

C:\Windows\System\ohNNqRQ.exe

C:\Windows\System\ohNNqRQ.exe

C:\Windows\System\BezYAwt.exe

C:\Windows\System\BezYAwt.exe

C:\Windows\System\xsSAOuv.exe

C:\Windows\System\xsSAOuv.exe

C:\Windows\System\TuNJbVw.exe

C:\Windows\System\TuNJbVw.exe

C:\Windows\System\ULstDbV.exe

C:\Windows\System\ULstDbV.exe

C:\Windows\System\FupdFqX.exe

C:\Windows\System\FupdFqX.exe

C:\Windows\System\YNorzsR.exe

C:\Windows\System\YNorzsR.exe

C:\Windows\System\zXhQOUX.exe

C:\Windows\System\zXhQOUX.exe

C:\Windows\System\gsbikeR.exe

C:\Windows\System\gsbikeR.exe

C:\Windows\System\SPRTYLz.exe

C:\Windows\System\SPRTYLz.exe

C:\Windows\System\WbygxoX.exe

C:\Windows\System\WbygxoX.exe

C:\Windows\System\pdedaSW.exe

C:\Windows\System\pdedaSW.exe

C:\Windows\System\NAbWUqC.exe

C:\Windows\System\NAbWUqC.exe

C:\Windows\System\CfWDnXl.exe

C:\Windows\System\CfWDnXl.exe

C:\Windows\System\VwtNyXD.exe

C:\Windows\System\VwtNyXD.exe

C:\Windows\System\RsGTyiq.exe

C:\Windows\System\RsGTyiq.exe

C:\Windows\System\BVhvVtw.exe

C:\Windows\System\BVhvVtw.exe

C:\Windows\System\HIqqmJZ.exe

C:\Windows\System\HIqqmJZ.exe

C:\Windows\System\VfNWdRh.exe

C:\Windows\System\VfNWdRh.exe

C:\Windows\System\dwcskXe.exe

C:\Windows\System\dwcskXe.exe

C:\Windows\System\gnLzGWz.exe

C:\Windows\System\gnLzGWz.exe

C:\Windows\System\IyxPWpH.exe

C:\Windows\System\IyxPWpH.exe

C:\Windows\System\EorODRt.exe

C:\Windows\System\EorODRt.exe

C:\Windows\System\lGAEoCa.exe

C:\Windows\System\lGAEoCa.exe

C:\Windows\System\aOtXEzg.exe

C:\Windows\System\aOtXEzg.exe

C:\Windows\System\XvzBjCF.exe

C:\Windows\System\XvzBjCF.exe

C:\Windows\System\aBvWJrz.exe

C:\Windows\System\aBvWJrz.exe

C:\Windows\System\vtFnIFW.exe

C:\Windows\System\vtFnIFW.exe

C:\Windows\System\oDECeHE.exe

C:\Windows\System\oDECeHE.exe

C:\Windows\System\meEMGRI.exe

C:\Windows\System\meEMGRI.exe

C:\Windows\System\sZmSABm.exe

C:\Windows\System\sZmSABm.exe

C:\Windows\System\KmklMkd.exe

C:\Windows\System\KmklMkd.exe

C:\Windows\System\tTcElkS.exe

C:\Windows\System\tTcElkS.exe

C:\Windows\System\zdJUlpe.exe

C:\Windows\System\zdJUlpe.exe

C:\Windows\System\tsTDGXr.exe

C:\Windows\System\tsTDGXr.exe

C:\Windows\System\BYvuCEB.exe

C:\Windows\System\BYvuCEB.exe

C:\Windows\System\RygTqId.exe

C:\Windows\System\RygTqId.exe

C:\Windows\System\HOhgFJx.exe

C:\Windows\System\HOhgFJx.exe

C:\Windows\System\dDwAQlb.exe

C:\Windows\System\dDwAQlb.exe

C:\Windows\System\kEyQPqU.exe

C:\Windows\System\kEyQPqU.exe

C:\Windows\System\YNGXjHF.exe

C:\Windows\System\YNGXjHF.exe

C:\Windows\System\klRakGf.exe

C:\Windows\System\klRakGf.exe

C:\Windows\System\FfdyXsq.exe

C:\Windows\System\FfdyXsq.exe

C:\Windows\System\mlXIjit.exe

C:\Windows\System\mlXIjit.exe

C:\Windows\System\KUkhMkd.exe

C:\Windows\System\KUkhMkd.exe

C:\Windows\System\rSogdxo.exe

C:\Windows\System\rSogdxo.exe

C:\Windows\System\ubhqRDV.exe

C:\Windows\System\ubhqRDV.exe

C:\Windows\System\bZOpxKR.exe

C:\Windows\System\bZOpxKR.exe

C:\Windows\System\WtslJrl.exe

C:\Windows\System\WtslJrl.exe

C:\Windows\System\oTPCFkr.exe

C:\Windows\System\oTPCFkr.exe

C:\Windows\System\RGcgxNf.exe

C:\Windows\System\RGcgxNf.exe

C:\Windows\System\KNorsRx.exe

C:\Windows\System\KNorsRx.exe

C:\Windows\System\nwVDOjw.exe

C:\Windows\System\nwVDOjw.exe

C:\Windows\System\NQfuKGn.exe

C:\Windows\System\NQfuKGn.exe

C:\Windows\System\OCSSDVX.exe

C:\Windows\System\OCSSDVX.exe

C:\Windows\System\bEadWti.exe

C:\Windows\System\bEadWti.exe

C:\Windows\System\lDzsFMH.exe

C:\Windows\System\lDzsFMH.exe

C:\Windows\System\MsJofUI.exe

C:\Windows\System\MsJofUI.exe

C:\Windows\System\CEUaiwq.exe

C:\Windows\System\CEUaiwq.exe

C:\Windows\System\CndJqzM.exe

C:\Windows\System\CndJqzM.exe

C:\Windows\System\yqzXJBV.exe

C:\Windows\System\yqzXJBV.exe

C:\Windows\System\KDPlYhY.exe

C:\Windows\System\KDPlYhY.exe

C:\Windows\System\lrSPBRW.exe

C:\Windows\System\lrSPBRW.exe

C:\Windows\System\rUZQxCM.exe

C:\Windows\System\rUZQxCM.exe

C:\Windows\System\weUMkYm.exe

C:\Windows\System\weUMkYm.exe

C:\Windows\System\QXUdOHx.exe

C:\Windows\System\QXUdOHx.exe

C:\Windows\System\yvMqDgj.exe

C:\Windows\System\yvMqDgj.exe

C:\Windows\System\tpOhZpn.exe

C:\Windows\System\tpOhZpn.exe

C:\Windows\System\ICEceuX.exe

C:\Windows\System\ICEceuX.exe

C:\Windows\System\hHuKHex.exe

C:\Windows\System\hHuKHex.exe

C:\Windows\System\FmZWWjo.exe

C:\Windows\System\FmZWWjo.exe

C:\Windows\System\OavnLyS.exe

C:\Windows\System\OavnLyS.exe

C:\Windows\System\PuxOHcF.exe

C:\Windows\System\PuxOHcF.exe

C:\Windows\System\tFEtkgG.exe

C:\Windows\System\tFEtkgG.exe

C:\Windows\System\OVYcrkN.exe

C:\Windows\System\OVYcrkN.exe

C:\Windows\System\TxIzsRW.exe

C:\Windows\System\TxIzsRW.exe

C:\Windows\System\kqpRxXT.exe

C:\Windows\System\kqpRxXT.exe

C:\Windows\System\wqSHEXi.exe

C:\Windows\System\wqSHEXi.exe

C:\Windows\System\sWOiYgZ.exe

C:\Windows\System\sWOiYgZ.exe

C:\Windows\System\GTLRLrf.exe

C:\Windows\System\GTLRLrf.exe

C:\Windows\System\gnnrmRE.exe

C:\Windows\System\gnnrmRE.exe

C:\Windows\System\XaFnnFs.exe

C:\Windows\System\XaFnnFs.exe

C:\Windows\System\OCJMiWi.exe

C:\Windows\System\OCJMiWi.exe

C:\Windows\System\nTZkNzj.exe

C:\Windows\System\nTZkNzj.exe

C:\Windows\System\VwyyLTV.exe

C:\Windows\System\VwyyLTV.exe

C:\Windows\System\MjIxAhR.exe

C:\Windows\System\MjIxAhR.exe

C:\Windows\System\yDBExcH.exe

C:\Windows\System\yDBExcH.exe

C:\Windows\System\chkvwuJ.exe

C:\Windows\System\chkvwuJ.exe

C:\Windows\System\ULjMvoF.exe

C:\Windows\System\ULjMvoF.exe

C:\Windows\System\MpCmUBE.exe

C:\Windows\System\MpCmUBE.exe

C:\Windows\System\dEQoNiK.exe

C:\Windows\System\dEQoNiK.exe

C:\Windows\System\zIyuhaf.exe

C:\Windows\System\zIyuhaf.exe

C:\Windows\System\HDAgqav.exe

C:\Windows\System\HDAgqav.exe

C:\Windows\System\VinvggQ.exe

C:\Windows\System\VinvggQ.exe

C:\Windows\System\BXSTDdO.exe

C:\Windows\System\BXSTDdO.exe

C:\Windows\System\RFeMDKb.exe

C:\Windows\System\RFeMDKb.exe

C:\Windows\System\WAMUydv.exe

C:\Windows\System\WAMUydv.exe

C:\Windows\System\VdKYnte.exe

C:\Windows\System\VdKYnte.exe

C:\Windows\System\EGfThKH.exe

C:\Windows\System\EGfThKH.exe

C:\Windows\System\fqlrzOW.exe

C:\Windows\System\fqlrzOW.exe

C:\Windows\System\MObUXKI.exe

C:\Windows\System\MObUXKI.exe

C:\Windows\System\xEHZDcH.exe

C:\Windows\System\xEHZDcH.exe

C:\Windows\System\wDYkACR.exe

C:\Windows\System\wDYkACR.exe

C:\Windows\System\YMSlTDl.exe

C:\Windows\System\YMSlTDl.exe

C:\Windows\System\JOrcGGN.exe

C:\Windows\System\JOrcGGN.exe

C:\Windows\System\JbBlUSW.exe

C:\Windows\System\JbBlUSW.exe

C:\Windows\System\XXizPdA.exe

C:\Windows\System\XXizPdA.exe

C:\Windows\System\JBzbYZY.exe

C:\Windows\System\JBzbYZY.exe

C:\Windows\System\RRXMill.exe

C:\Windows\System\RRXMill.exe

C:\Windows\System\IoKZQUF.exe

C:\Windows\System\IoKZQUF.exe

C:\Windows\System\TuaHijK.exe

C:\Windows\System\TuaHijK.exe

C:\Windows\System\QwMzita.exe

C:\Windows\System\QwMzita.exe

C:\Windows\System\aAFFWWz.exe

C:\Windows\System\aAFFWWz.exe

C:\Windows\System\eAeEzlr.exe

C:\Windows\System\eAeEzlr.exe

C:\Windows\System\nLPHVMl.exe

C:\Windows\System\nLPHVMl.exe

C:\Windows\System\YVqnHCt.exe

C:\Windows\System\YVqnHCt.exe

C:\Windows\System\uNLsDFr.exe

C:\Windows\System\uNLsDFr.exe

C:\Windows\System\AMNKWnY.exe

C:\Windows\System\AMNKWnY.exe

C:\Windows\System\nVqsGEz.exe

C:\Windows\System\nVqsGEz.exe

C:\Windows\System\RDRNelw.exe

C:\Windows\System\RDRNelw.exe

C:\Windows\System\SWOFkFA.exe

C:\Windows\System\SWOFkFA.exe

C:\Windows\System\jeLKkBy.exe

C:\Windows\System\jeLKkBy.exe

C:\Windows\System\STofSrM.exe

C:\Windows\System\STofSrM.exe

C:\Windows\System\zshfRmf.exe

C:\Windows\System\zshfRmf.exe

C:\Windows\System\pjQudbp.exe

C:\Windows\System\pjQudbp.exe

C:\Windows\System\HMDwMKd.exe

C:\Windows\System\HMDwMKd.exe

C:\Windows\System\fdVUOop.exe

C:\Windows\System\fdVUOop.exe

C:\Windows\System\ttTtUvJ.exe

C:\Windows\System\ttTtUvJ.exe

C:\Windows\System\MgZqARb.exe

C:\Windows\System\MgZqARb.exe

C:\Windows\System\QkOtBrP.exe

C:\Windows\System\QkOtBrP.exe

C:\Windows\System\QLiiWTK.exe

C:\Windows\System\QLiiWTK.exe

C:\Windows\System\vHetbbq.exe

C:\Windows\System\vHetbbq.exe

C:\Windows\System\EhKdlZG.exe

C:\Windows\System\EhKdlZG.exe

C:\Windows\System\obCHavL.exe

C:\Windows\System\obCHavL.exe

C:\Windows\System\gtayOiX.exe

C:\Windows\System\gtayOiX.exe

C:\Windows\System\rVUFnBt.exe

C:\Windows\System\rVUFnBt.exe

C:\Windows\System\GpHLoYf.exe

C:\Windows\System\GpHLoYf.exe

C:\Windows\System\JglizHN.exe

C:\Windows\System\JglizHN.exe

C:\Windows\System\LTQzJDN.exe

C:\Windows\System\LTQzJDN.exe

C:\Windows\System\YOZhTJs.exe

C:\Windows\System\YOZhTJs.exe

C:\Windows\System\MqGdWXr.exe

C:\Windows\System\MqGdWXr.exe

C:\Windows\System\zRxMBcf.exe

C:\Windows\System\zRxMBcf.exe

C:\Windows\System\SxokhvF.exe

C:\Windows\System\SxokhvF.exe

C:\Windows\System\TdyfgmE.exe

C:\Windows\System\TdyfgmE.exe

C:\Windows\System\FTSQcVZ.exe

C:\Windows\System\FTSQcVZ.exe

C:\Windows\System\ncYWYkk.exe

C:\Windows\System\ncYWYkk.exe

C:\Windows\System\xdqSdjI.exe

C:\Windows\System\xdqSdjI.exe

C:\Windows\System\kCDhHqt.exe

C:\Windows\System\kCDhHqt.exe

C:\Windows\System\BovRFko.exe

C:\Windows\System\BovRFko.exe

C:\Windows\System\UZoHhTz.exe

C:\Windows\System\UZoHhTz.exe

C:\Windows\System\yUoBDFd.exe

C:\Windows\System\yUoBDFd.exe

C:\Windows\System\OjTrjwp.exe

C:\Windows\System\OjTrjwp.exe

C:\Windows\System\yeZYRIX.exe

C:\Windows\System\yeZYRIX.exe

C:\Windows\System\DOgjBGu.exe

C:\Windows\System\DOgjBGu.exe

C:\Windows\System\NatwnAE.exe

C:\Windows\System\NatwnAE.exe

C:\Windows\System\NmdhjSQ.exe

C:\Windows\System\NmdhjSQ.exe

C:\Windows\System\MZbKGVD.exe

C:\Windows\System\MZbKGVD.exe

C:\Windows\System\wLemsxe.exe

C:\Windows\System\wLemsxe.exe

C:\Windows\System\irLpgGQ.exe

C:\Windows\System\irLpgGQ.exe

C:\Windows\System\FTrYiaL.exe

C:\Windows\System\FTrYiaL.exe

C:\Windows\System\qoLHFrx.exe

C:\Windows\System\qoLHFrx.exe

C:\Windows\System\lNyrAcn.exe

C:\Windows\System\lNyrAcn.exe

C:\Windows\System\DdPAsqs.exe

C:\Windows\System\DdPAsqs.exe

C:\Windows\System\yJkwRPk.exe

C:\Windows\System\yJkwRPk.exe

C:\Windows\System\llTbonn.exe

C:\Windows\System\llTbonn.exe

C:\Windows\System\qavpWxc.exe

C:\Windows\System\qavpWxc.exe

C:\Windows\System\FQsbOkz.exe

C:\Windows\System\FQsbOkz.exe

C:\Windows\System\CIlwPDV.exe

C:\Windows\System\CIlwPDV.exe

C:\Windows\System\XpHUjeK.exe

C:\Windows\System\XpHUjeK.exe

C:\Windows\System\CwkMGhP.exe

C:\Windows\System\CwkMGhP.exe

C:\Windows\System\trrDXtH.exe

C:\Windows\System\trrDXtH.exe

C:\Windows\System\AjAYYGR.exe

C:\Windows\System\AjAYYGR.exe

C:\Windows\System\lZrUhKH.exe

C:\Windows\System\lZrUhKH.exe

C:\Windows\System\jIdmddV.exe

C:\Windows\System\jIdmddV.exe

C:\Windows\System\wpLQXei.exe

C:\Windows\System\wpLQXei.exe

C:\Windows\System\fovJVTC.exe

C:\Windows\System\fovJVTC.exe

C:\Windows\System\XZLCnHY.exe

C:\Windows\System\XZLCnHY.exe

C:\Windows\System\MmNGezT.exe

C:\Windows\System\MmNGezT.exe

C:\Windows\System\FyqPZeu.exe

C:\Windows\System\FyqPZeu.exe

C:\Windows\System\bRQJzIG.exe

C:\Windows\System\bRQJzIG.exe

C:\Windows\System\rJQVPwx.exe

C:\Windows\System\rJQVPwx.exe

C:\Windows\System\hLaYEVC.exe

C:\Windows\System\hLaYEVC.exe

C:\Windows\System\IwyqYXg.exe

C:\Windows\System\IwyqYXg.exe

C:\Windows\System\MuafgUV.exe

C:\Windows\System\MuafgUV.exe

C:\Windows\System\TikYfjf.exe

C:\Windows\System\TikYfjf.exe

C:\Windows\System\mcWjwDU.exe

C:\Windows\System\mcWjwDU.exe

C:\Windows\System\QWmKOxm.exe

C:\Windows\System\QWmKOxm.exe

C:\Windows\System\ChKeZcJ.exe

C:\Windows\System\ChKeZcJ.exe

C:\Windows\System\PWLsQpU.exe

C:\Windows\System\PWLsQpU.exe

C:\Windows\System\iAIOrVX.exe

C:\Windows\System\iAIOrVX.exe

C:\Windows\System\UCZhIBQ.exe

C:\Windows\System\UCZhIBQ.exe

C:\Windows\System\dvuHJcz.exe

C:\Windows\System\dvuHJcz.exe

C:\Windows\System\ePLCuBf.exe

C:\Windows\System\ePLCuBf.exe

C:\Windows\System\uVJKBXH.exe

C:\Windows\System\uVJKBXH.exe

C:\Windows\System\cDFeMhz.exe

C:\Windows\System\cDFeMhz.exe

C:\Windows\System\yrMGOlE.exe

C:\Windows\System\yrMGOlE.exe

C:\Windows\System\flChzuc.exe

C:\Windows\System\flChzuc.exe

C:\Windows\System\lSfHANL.exe

C:\Windows\System\lSfHANL.exe

C:\Windows\System\NhhecPA.exe

C:\Windows\System\NhhecPA.exe

C:\Windows\System\ymtdLZT.exe

C:\Windows\System\ymtdLZT.exe

C:\Windows\System\QJXmQqb.exe

C:\Windows\System\QJXmQqb.exe

C:\Windows\System\AwPvrwe.exe

C:\Windows\System\AwPvrwe.exe

C:\Windows\System\EotYkZJ.exe

C:\Windows\System\EotYkZJ.exe

C:\Windows\System\GVqSiDT.exe

C:\Windows\System\GVqSiDT.exe

C:\Windows\System\rEPMTKB.exe

C:\Windows\System\rEPMTKB.exe

C:\Windows\System\hpnAcIP.exe

C:\Windows\System\hpnAcIP.exe

C:\Windows\System\GzjAkDA.exe

C:\Windows\System\GzjAkDA.exe

C:\Windows\System\ayPrQhg.exe

C:\Windows\System\ayPrQhg.exe

C:\Windows\System\BVzacHn.exe

C:\Windows\System\BVzacHn.exe

C:\Windows\System\ujdyFqN.exe

C:\Windows\System\ujdyFqN.exe

C:\Windows\System\YwOZdku.exe

C:\Windows\System\YwOZdku.exe

C:\Windows\System\ljMXTUW.exe

C:\Windows\System\ljMXTUW.exe

C:\Windows\System\dXaLwix.exe

C:\Windows\System\dXaLwix.exe

C:\Windows\System\PgZoDrf.exe

C:\Windows\System\PgZoDrf.exe

C:\Windows\System\eLPnQsK.exe

C:\Windows\System\eLPnQsK.exe

C:\Windows\System\IGASMQH.exe

C:\Windows\System\IGASMQH.exe

C:\Windows\System\jpfLrYZ.exe

C:\Windows\System\jpfLrYZ.exe

C:\Windows\System\DIwkOXV.exe

C:\Windows\System\DIwkOXV.exe

C:\Windows\System\ZQCYfhf.exe

C:\Windows\System\ZQCYfhf.exe

C:\Windows\System\WLobDMs.exe

C:\Windows\System\WLobDMs.exe

C:\Windows\System\KscTopA.exe

C:\Windows\System\KscTopA.exe

C:\Windows\System\fPwjIjP.exe

C:\Windows\System\fPwjIjP.exe

C:\Windows\System\CoTUPEU.exe

C:\Windows\System\CoTUPEU.exe

C:\Windows\System\LEdmklm.exe

C:\Windows\System\LEdmklm.exe

C:\Windows\System\CHJLoSR.exe

C:\Windows\System\CHJLoSR.exe

C:\Windows\System\afofoOF.exe

C:\Windows\System\afofoOF.exe

C:\Windows\System\XnRDpHy.exe

C:\Windows\System\XnRDpHy.exe

C:\Windows\System\vVIYWDN.exe

C:\Windows\System\vVIYWDN.exe

C:\Windows\System\gkeGIDs.exe

C:\Windows\System\gkeGIDs.exe

C:\Windows\System\tfDcbdp.exe

C:\Windows\System\tfDcbdp.exe

C:\Windows\System\nSQiWRr.exe

C:\Windows\System\nSQiWRr.exe

C:\Windows\System\kaghDRH.exe

C:\Windows\System\kaghDRH.exe

C:\Windows\System\rxsDZVL.exe

C:\Windows\System\rxsDZVL.exe

C:\Windows\System\UaANbXW.exe

C:\Windows\System\UaANbXW.exe

C:\Windows\System\XZudDOV.exe

C:\Windows\System\XZudDOV.exe

C:\Windows\System\FcEezcc.exe

C:\Windows\System\FcEezcc.exe

C:\Windows\System\TIlLwaG.exe

C:\Windows\System\TIlLwaG.exe

C:\Windows\System\MxpAPMW.exe

C:\Windows\System\MxpAPMW.exe

C:\Windows\System\EfYJglR.exe

C:\Windows\System\EfYJglR.exe

C:\Windows\System\bxzCPkd.exe

C:\Windows\System\bxzCPkd.exe

C:\Windows\System\YMebJRw.exe

C:\Windows\System\YMebJRw.exe

C:\Windows\System\IcaxNTY.exe

C:\Windows\System\IcaxNTY.exe

C:\Windows\System\RkKePFh.exe

C:\Windows\System\RkKePFh.exe

C:\Windows\System\ahItZaI.exe

C:\Windows\System\ahItZaI.exe

C:\Windows\System\NDnuCvq.exe

C:\Windows\System\NDnuCvq.exe

C:\Windows\System\onnECjH.exe

C:\Windows\System\onnECjH.exe

C:\Windows\System\UbNYOqJ.exe

C:\Windows\System\UbNYOqJ.exe

C:\Windows\System\IFRXagO.exe

C:\Windows\System\IFRXagO.exe

C:\Windows\System\XKEThGo.exe

C:\Windows\System\XKEThGo.exe

C:\Windows\System\wOTuwwr.exe

C:\Windows\System\wOTuwwr.exe

C:\Windows\System\yojibiz.exe

C:\Windows\System\yojibiz.exe

C:\Windows\System\VFESFQp.exe

C:\Windows\System\VFESFQp.exe

C:\Windows\System\qbENBeI.exe

C:\Windows\System\qbENBeI.exe

C:\Windows\System\qcxXnIm.exe

C:\Windows\System\qcxXnIm.exe

C:\Windows\System\HEfMiue.exe

C:\Windows\System\HEfMiue.exe

C:\Windows\System\rPHDySE.exe

C:\Windows\System\rPHDySE.exe

C:\Windows\System\sROoNtd.exe

C:\Windows\System\sROoNtd.exe

C:\Windows\System\HtzWJzA.exe

C:\Windows\System\HtzWJzA.exe

C:\Windows\System\xCfmFOH.exe

C:\Windows\System\xCfmFOH.exe

C:\Windows\System\UmkuVDR.exe

C:\Windows\System\UmkuVDR.exe

C:\Windows\System\pSIEdoa.exe

C:\Windows\System\pSIEdoa.exe

C:\Windows\System\wqAhily.exe

C:\Windows\System\wqAhily.exe

C:\Windows\System\xDpVRsd.exe

C:\Windows\System\xDpVRsd.exe

C:\Windows\System\lMNrYBf.exe

C:\Windows\System\lMNrYBf.exe

C:\Windows\System\QtNwjug.exe

C:\Windows\System\QtNwjug.exe

C:\Windows\System\zpxJjTx.exe

C:\Windows\System\zpxJjTx.exe

C:\Windows\System\gLkRrbD.exe

C:\Windows\System\gLkRrbD.exe

C:\Windows\System\xoYGilZ.exe

C:\Windows\System\xoYGilZ.exe

C:\Windows\System\lTTeDnJ.exe

C:\Windows\System\lTTeDnJ.exe

C:\Windows\System\uYGmanv.exe

C:\Windows\System\uYGmanv.exe

C:\Windows\System\AJeJLWi.exe

C:\Windows\System\AJeJLWi.exe

C:\Windows\System\JXjpHpr.exe

C:\Windows\System\JXjpHpr.exe

C:\Windows\System\XsWSrRS.exe

C:\Windows\System\XsWSrRS.exe

C:\Windows\System\ZwYcAab.exe

C:\Windows\System\ZwYcAab.exe

C:\Windows\System\ilSWCDr.exe

C:\Windows\System\ilSWCDr.exe

C:\Windows\System\xSFiyfq.exe

C:\Windows\System\xSFiyfq.exe

C:\Windows\System\QOXHoxa.exe

C:\Windows\System\QOXHoxa.exe

C:\Windows\System\fEULvsQ.exe

C:\Windows\System\fEULvsQ.exe

C:\Windows\System\wmLeBGE.exe

C:\Windows\System\wmLeBGE.exe

C:\Windows\System\mWPKbHe.exe

C:\Windows\System\mWPKbHe.exe

C:\Windows\System\EKbJSEO.exe

C:\Windows\System\EKbJSEO.exe

C:\Windows\System\UZXfglG.exe

C:\Windows\System\UZXfglG.exe

C:\Windows\System\AHhRvQY.exe

C:\Windows\System\AHhRvQY.exe

C:\Windows\System\pvAuFMl.exe

C:\Windows\System\pvAuFMl.exe

C:\Windows\System\ikXTuxW.exe

C:\Windows\System\ikXTuxW.exe

C:\Windows\System\qYrmjjY.exe

C:\Windows\System\qYrmjjY.exe

C:\Windows\System\nbFtXOh.exe

C:\Windows\System\nbFtXOh.exe

C:\Windows\System\qjZybFI.exe

C:\Windows\System\qjZybFI.exe

C:\Windows\System\MGUuKYO.exe

C:\Windows\System\MGUuKYO.exe

C:\Windows\System\zUutLch.exe

C:\Windows\System\zUutLch.exe

C:\Windows\System\jJBQyBP.exe

C:\Windows\System\jJBQyBP.exe

C:\Windows\System\cTADGvB.exe

C:\Windows\System\cTADGvB.exe

C:\Windows\System\nSFizfr.exe

C:\Windows\System\nSFizfr.exe

C:\Windows\System\exvuxBw.exe

C:\Windows\System\exvuxBw.exe

C:\Windows\System\rWYUSMo.exe

C:\Windows\System\rWYUSMo.exe

C:\Windows\System\scqNhyB.exe

C:\Windows\System\scqNhyB.exe

C:\Windows\System\QdphDgZ.exe

C:\Windows\System\QdphDgZ.exe

C:\Windows\System\kEvhhFH.exe

C:\Windows\System\kEvhhFH.exe

C:\Windows\System\plTaIma.exe

C:\Windows\System\plTaIma.exe

C:\Windows\System\DQqRFUb.exe

C:\Windows\System\DQqRFUb.exe

C:\Windows\System\RsVciXI.exe

C:\Windows\System\RsVciXI.exe

C:\Windows\System\gyisUsf.exe

C:\Windows\System\gyisUsf.exe

C:\Windows\System\Opdeurp.exe

C:\Windows\System\Opdeurp.exe

C:\Windows\System\yoVTYKb.exe

C:\Windows\System\yoVTYKb.exe

C:\Windows\System\AIHHpQO.exe

C:\Windows\System\AIHHpQO.exe

C:\Windows\System\JewiXLs.exe

C:\Windows\System\JewiXLs.exe

C:\Windows\System\iPAAuFu.exe

C:\Windows\System\iPAAuFu.exe

C:\Windows\System\inaQFVj.exe

C:\Windows\System\inaQFVj.exe

C:\Windows\System\iAEDuZO.exe

C:\Windows\System\iAEDuZO.exe

C:\Windows\System\ienFXrb.exe

C:\Windows\System\ienFXrb.exe

C:\Windows\System\mTRmjPG.exe

C:\Windows\System\mTRmjPG.exe

C:\Windows\System\agzXuvC.exe

C:\Windows\System\agzXuvC.exe

C:\Windows\System\rbIcWKT.exe

C:\Windows\System\rbIcWKT.exe

C:\Windows\System\vgCqZjp.exe

C:\Windows\System\vgCqZjp.exe

C:\Windows\System\TGBSjUu.exe

C:\Windows\System\TGBSjUu.exe

C:\Windows\System\aCPsDbI.exe

C:\Windows\System\aCPsDbI.exe

C:\Windows\System\WJEkchX.exe

C:\Windows\System\WJEkchX.exe

C:\Windows\System\MrprGpJ.exe

C:\Windows\System\MrprGpJ.exe

C:\Windows\System\bpvLlkx.exe

C:\Windows\System\bpvLlkx.exe

C:\Windows\System\maULrUd.exe

C:\Windows\System\maULrUd.exe

C:\Windows\System\hxIwqXP.exe

C:\Windows\System\hxIwqXP.exe

C:\Windows\System\uNtuaUH.exe

C:\Windows\System\uNtuaUH.exe

C:\Windows\System\pnEvOji.exe

C:\Windows\System\pnEvOji.exe

C:\Windows\System\LvSCtXQ.exe

C:\Windows\System\LvSCtXQ.exe

C:\Windows\System\HwsRBAx.exe

C:\Windows\System\HwsRBAx.exe

C:\Windows\System\BlLoNak.exe

C:\Windows\System\BlLoNak.exe

C:\Windows\System\RprCJvF.exe

C:\Windows\System\RprCJvF.exe

C:\Windows\System\RNujvsV.exe

C:\Windows\System\RNujvsV.exe

C:\Windows\System\oEycTAo.exe

C:\Windows\System\oEycTAo.exe

C:\Windows\System\ndryHJD.exe

C:\Windows\System\ndryHJD.exe

C:\Windows\System\YWoblGI.exe

C:\Windows\System\YWoblGI.exe

C:\Windows\System\ClbvDdN.exe

C:\Windows\System\ClbvDdN.exe

C:\Windows\System\XapOcpC.exe

C:\Windows\System\XapOcpC.exe

C:\Windows\System\cRmjnyl.exe

C:\Windows\System\cRmjnyl.exe

C:\Windows\System\AGmXcVA.exe

C:\Windows\System\AGmXcVA.exe

C:\Windows\System\PPyJCYu.exe

C:\Windows\System\PPyJCYu.exe

C:\Windows\System\IqNEquk.exe

C:\Windows\System\IqNEquk.exe

C:\Windows\System\iuBdatg.exe

C:\Windows\System\iuBdatg.exe

C:\Windows\System\gKMavId.exe

C:\Windows\System\gKMavId.exe

C:\Windows\System\wOPZtjs.exe

C:\Windows\System\wOPZtjs.exe

C:\Windows\System\oCFBjOJ.exe

C:\Windows\System\oCFBjOJ.exe

C:\Windows\System\njvSbpr.exe

C:\Windows\System\njvSbpr.exe

C:\Windows\System\lpmXNKA.exe

C:\Windows\System\lpmXNKA.exe

C:\Windows\System\aEczVlm.exe

C:\Windows\System\aEczVlm.exe

C:\Windows\System\zcDykpB.exe

C:\Windows\System\zcDykpB.exe

C:\Windows\System\tKZxIYA.exe

C:\Windows\System\tKZxIYA.exe

C:\Windows\System\qWQLabC.exe

C:\Windows\System\qWQLabC.exe

C:\Windows\System\goInFBI.exe

C:\Windows\System\goInFBI.exe

C:\Windows\System\JYdTBLh.exe

C:\Windows\System\JYdTBLh.exe

C:\Windows\System\WsLirnV.exe

C:\Windows\System\WsLirnV.exe

C:\Windows\System\NVcoluP.exe

C:\Windows\System\NVcoluP.exe

C:\Windows\System\IcckwLt.exe

C:\Windows\System\IcckwLt.exe

C:\Windows\System\XHXjlJr.exe

C:\Windows\System\XHXjlJr.exe

C:\Windows\System\kEgaDqL.exe

C:\Windows\System\kEgaDqL.exe

C:\Windows\System\MSXWiYm.exe

C:\Windows\System\MSXWiYm.exe

C:\Windows\System\YHOjImH.exe

C:\Windows\System\YHOjImH.exe

C:\Windows\System\ztycplP.exe

C:\Windows\System\ztycplP.exe

C:\Windows\System\QnJIIMd.exe

C:\Windows\System\QnJIIMd.exe

C:\Windows\System\lizHBCu.exe

C:\Windows\System\lizHBCu.exe

C:\Windows\System\KcfqzVp.exe

C:\Windows\System\KcfqzVp.exe

C:\Windows\System\aWVKXbd.exe

C:\Windows\System\aWVKXbd.exe

C:\Windows\System\xcpPTBf.exe

C:\Windows\System\xcpPTBf.exe

C:\Windows\System\kXTfZap.exe

C:\Windows\System\kXTfZap.exe

C:\Windows\System\IjbBRzh.exe

C:\Windows\System\IjbBRzh.exe

C:\Windows\System\VllPPJR.exe

C:\Windows\System\VllPPJR.exe

C:\Windows\System\JlfMUHB.exe

C:\Windows\System\JlfMUHB.exe

C:\Windows\System\QBWmwLY.exe

C:\Windows\System\QBWmwLY.exe

C:\Windows\System\TYSLYwA.exe

C:\Windows\System\TYSLYwA.exe

C:\Windows\System\tkYJUeR.exe

C:\Windows\System\tkYJUeR.exe

C:\Windows\System\WynYhNy.exe

C:\Windows\System\WynYhNy.exe

C:\Windows\System\GJYqeKW.exe

C:\Windows\System\GJYqeKW.exe

C:\Windows\System\GpQOhxl.exe

C:\Windows\System\GpQOhxl.exe

C:\Windows\System\cAwEfmg.exe

C:\Windows\System\cAwEfmg.exe

C:\Windows\System\XmJlohZ.exe

C:\Windows\System\XmJlohZ.exe

C:\Windows\System\fFwNlSu.exe

C:\Windows\System\fFwNlSu.exe

C:\Windows\System\vtXCQMl.exe

C:\Windows\System\vtXCQMl.exe

C:\Windows\System\mKrviwT.exe

C:\Windows\System\mKrviwT.exe

C:\Windows\System\DLlbfTt.exe

C:\Windows\System\DLlbfTt.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2248-0-0x00007FF737150000-0x00007FF737542000-memory.dmp

memory/2248-1-0x000002400BC90000-0x000002400BCA0000-memory.dmp

C:\Windows\System\MyAHBKY.exe

MD5 37a03269e4265b8be46de1103a1dda83
SHA1 33920c9da954ec2224d336d46646d1008bc3efac
SHA256 7a59172de94c74ca5b89a153adde3a21a2b24bdc85f6ed6438010ce4ccd8469c
SHA512 27a03d800b9d9e740d2e51aad85d7e49f09736a1aff7404d2d1a034a7656b16f97389d2f0887b69ae560b1bc10377928cca0a7198a28d288c5ae68be0da58df7

C:\Windows\System\MOkijRh.exe

MD5 021470fecb7cbd0df05ef75a40e4fdd9
SHA1 c4303856c73aa05e34d68fb6300c60ff2c464157
SHA256 83228af2b41f59b04fdbc3e5a40a32a16221c4143b08b54f78e36cf1e7fa7b2a
SHA512 80f3fa54af8e00b32e577a2baab543bc532d83e1eaddd9c40d97485201d230086151c3fd38d8e8e43f9f9a22179317bfe9dd4f8abc4ef5a8b187e3d068117c29

C:\Windows\System\SIMPIKU.exe

MD5 8fc1a9f48b0fb5d6fcdb44ddca4dbb64
SHA1 58508b3f776c196b4a84423e46a14edfbb67b06b
SHA256 3e1c21b38ddfa7b4bce5d3f9d514d536c55e1e27685eedcffcb51168bd118ee0
SHA512 02b6b38654aa7e25ae397900ea6668d01ced67c0073938b7ddf0f7fd7b1f6646050017fd60d52eb3e3dd6a1ada2efbcb5dbdf1362cce43864471660875c4b84c

C:\Windows\System\wlBqmvq.exe

MD5 a671bf86eae924b69df28698ccae4cad
SHA1 07366bdb6b686334f34cacd2dad52a0cc7e3549f
SHA256 dd98803f03edf68b311dadfbddf5288db90921bd81c903405224f600c1199170
SHA512 e8d7bc5495078bb6edf31c0f91a991d9622adb3a8af9e6dc2c0ff6f26ae2704eddf72e3b6e820f1ca883a1b1596de04158c23df38c359c9d380c739b1363a9da

C:\Windows\System\SOJQfgA.exe

MD5 df5b5e5c6a49b4e6094a095670faca66
SHA1 169f0717ec09802bc26d4cbfc9537113d675e76b
SHA256 3cd0f7378d51c2247ffbe2edf2fe83845972fad0276d43f1f9b5a067334ef597
SHA512 876f8e67df24d422b1cf0c46ab3d10ff06a9f50f905dfe1f6f38c7c3f6ffdd2786817a7fe41835c63dae10302f32fbd345feaa0ba0880ae870c8394617c7e8cb

C:\Windows\System\ZUBqeyF.exe

MD5 9a2acc75cfb941e31dfe970a0bc515c8
SHA1 1da833382f7b364332b352c3eedcfd2cd8f57451
SHA256 ae9a14840d6920b0c5e18e13e042148ec1c04d251f9732ffb76de3492d22e7fd
SHA512 9114ed80a5bf191ebb2715a8e168eec6ba0c520ed6d8051cca9aab6144179c08d9536f2ce3f17a91c3f78dc6fcf7fb44344a8bf01c8ca1b4e1f094a9b328e036

memory/2288-296-0x00000194C6930000-0x00000194C6952000-memory.dmp

memory/4492-350-0x00007FF66A840000-0x00007FF66AC32000-memory.dmp

memory/2888-353-0x00007FF7976A0000-0x00007FF797A92000-memory.dmp

memory/1820-406-0x00007FF73A050000-0x00007FF73A442000-memory.dmp

memory/2288-444-0x00007FF900090000-0x00007FF900359000-memory.dmp

memory/4984-471-0x00007FF666040000-0x00007FF666432000-memory.dmp

memory/2288-2118-0x00007FF900090000-0x00007FF900359000-memory.dmp

memory/4944-470-0x00007FF79B220000-0x00007FF79B612000-memory.dmp

memory/3340-469-0x00007FF7CEF00000-0x00007FF7CF2F2000-memory.dmp

memory/1420-468-0x00007FF791A50000-0x00007FF791E42000-memory.dmp

memory/3692-467-0x00007FF78BB70000-0x00007FF78BF62000-memory.dmp

memory/5032-441-0x00007FF691B90000-0x00007FF691F82000-memory.dmp

memory/4184-352-0x00007FF6822A0000-0x00007FF682692000-memory.dmp

memory/4364-341-0x00007FF7DD180000-0x00007FF7DD572000-memory.dmp

memory/1948-297-0x00007FF7DB470000-0x00007FF7DB862000-memory.dmp

memory/4992-286-0x00007FF64B290000-0x00007FF64B682000-memory.dmp

memory/1156-285-0x00007FF7BF0B0000-0x00007FF7BF4A2000-memory.dmp

memory/2132-265-0x00007FF755DF0000-0x00007FF7561E2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4pifsgy3.aie.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1428-250-0x00007FF7A2B80000-0x00007FF7A2F72000-memory.dmp

memory/3108-209-0x00007FF7F4F40000-0x00007FF7F5332000-memory.dmp

C:\Windows\System\nvYwdBw.exe

MD5 3814cbf93d44cce59bc13d7734d6cec5
SHA1 6830c7475ef8704c9b3a94b4724632592c7bb6a7
SHA256 a265fd8d8ba4bfa260703008cfb777e8801c2fc2fd83b0c95f89592df0e471e1
SHA512 6b8bff066d936b8dd768f0437d56102432f8dcf29ab5a256d64206af9119b6d432b64a91d0b74b71d05b671f6d19fea1d3570e9ea9acfec96e38b4e2fe629ade

C:\Windows\System\qYeIVub.exe

MD5 ce9b8f7bf3aa9b30f6b9f4e4f6d1fd37
SHA1 a6a9431bcf3a6025c6c0cbccf95a076eb88b340c
SHA256 62b265dc8292b55698e9eff2a646f6ecb22babffa993410a9890b31868df2d5c
SHA512 5f4460f3a318a8232f73c6620f841d45a1eb879997fe9e3b174e8dad3ecb06b80c093f2211d227fa84e5129ef4c1089ad61aeb3d0ceb209c13dc1327992fa107

C:\Windows\System\nsZIBLS.exe

MD5 de8e1e2360af4a63e93f14d84f2c2db3
SHA1 70b5535da9b671f8f844fa3910796ff070ae058f
SHA256 78c7e01091f068b931387588057241d878f07677496db3872cca665085c6fb28
SHA512 b16637f83c53a63a63510d04515f80672e2b976d258e7b0e9a7115b959565cc503a21dce99272ec294aef0cc58baa2289113f1305c9d0f4f4fa3984d5ee816b4

C:\Windows\System\QqEURrd.exe

MD5 3797bc0fff3b1c7b0691fdcdf9800902
SHA1 d374d31d7b2dd5e9a226971297a0eb7f521b02b1
SHA256 edca79a8a3ab382d70f40d0e69d2e7be47c42dc707f0147cbcf07d1849d578dc
SHA512 9a367801c1e5a98fe3bc102cd21de7be5b989b0d2b44a360754c8eb4dac98f2830cf268a4d3633c90e59d0e75be9a110fd0b71422334676e2094701666d27a7e

C:\Windows\System\aRbqEuu.exe

MD5 0a75f2e38b50ab7551278901392ed2d9
SHA1 35449f80f88b340fff1e0377537e8031b94da5f8
SHA256 42e89512080c009c81e5555e8f1b865924a03553051a05a7b3a69f7da26f98f5
SHA512 b803dcd31edb312398e94e38f981a3ce89a02e1b18cee3615e37f7403c68dabb8265bd6b27b136bdb1c3a372f31973f58c58b783ebf086abc512651972c3a4ac

C:\Windows\System\HSYcCJK.exe

MD5 186b33d1d7f1f0ffa15bc2a35d5a09fe
SHA1 37070ed59c7b6118c49498b3036c851a84938680
SHA256 0bd34eba7595860cb42b8c9f3404356263f1841746199e2a94ec874b1200bcf3
SHA512 e8d3988ba094ba4e33e9765199ab278d658fd81dd395f8447741f045b4c607c36b96634804a6c7b1bd6882a562b9add4b13a8a4d52148fd3b36f4d4fdc95273e

C:\Windows\System\drwkmRQ.exe

MD5 f1a98772e7b53f930c13bb93613c604b
SHA1 bd36efe54cb55b7587c3c527468c0282f5e8fd4b
SHA256 3134993250f54044e9adb056fa86cf963391c34b1cda6320ed5e4507bc920eee
SHA512 344e5f1cb74988d5bc8f6fefc047995af8928934b4bde900a4412487ed9af9490930aaaf29130b5d28b803131f28e290e2560a3c2e22665cbb3096341b8ee60b

C:\Windows\System\ULkxCep.exe

MD5 e4b7a7587af5450735f57b72125c087a
SHA1 30304d306524cbdbf2afc4ce339a108d18a1cc20
SHA256 77baaf6aa34a42568a1b10ca5f71eb3a51da07831566ccbc531279e4c199cc6e
SHA512 336b1f70c52bde10e469fd1fa1a4ac4287544cd7810b1a8bfb46e3cd2d6d14d7a4a5e1e8c33f1261af3c16f8a01e05b63573ab77316e4a9906ad13f32f89fefc

C:\Windows\System\hZqxFmk.exe

MD5 fa5be388346f14b85c190573f5bfa5fc
SHA1 8290b50020db1967c47c16da16bed12ad82923ce
SHA256 9b4258253e95942676582635560d9839b4b4d22b48a3078686b4bac1cb13dd69
SHA512 2acbc74ea1fc6c59ef9e660e45a99d4ee553764703ccfb2574a113428f61eaf58fe232916c7c30af2bb81f36359fee577d0fc95730692a68072e6e68f0bd4358

C:\Windows\System\fwNUibj.exe

MD5 f68f261b6317fb66ab7b8b82c3cd3c77
SHA1 529124896735f9a8aadd0edc880769f738d94439
SHA256 40e26a4f5ab260b207508485f632f3130a881f481780d0cf8cf5c5b9704a0bbc
SHA512 2e2e055cc589850a1672616c2c3daaffcc82fa66cdb15e3c15293a1d084ff87d85e5496fbac978f9eab141cc9f0df06533d9b8213a5db2fc2f4dc0039c64bd62

memory/900-167-0x00007FF7F4BC0000-0x00007FF7F4FB2000-memory.dmp

C:\Windows\System\qupQgmJ.exe

MD5 ca97833a400c67b28e78c76bc088416f
SHA1 fb9ad0a9bd870639b3d8db0a030b2301dbacce76
SHA256 8188bd9f4575f2449b8b27d39064dfb7c16f1d8c18a18cf0d6ecff80b0026512
SHA512 1b205ac6ee4411032fb475807fa0eaf5c653cdff4ab3f061d375e65e604b0c241f1282729a346cebfc94607eab585ab671dd2d2a9112ad7f9745f3c6bad45961

C:\Windows\System\kobszTj.exe

MD5 4653bbf8b6545f28f8d59ce84b7fb2cb
SHA1 96269da555fc0967d6ef394935d2d63c4ddfb5b2
SHA256 12924a3ebf8795039fba9839d15de74f754099a992ec081402d489e39b7c989d
SHA512 7433539a5817334e394eb83ee7d876103c23a18cd25883a52cbfd165182e6347c07dc34c6b4d34b12b85cb798308ab42af0215548c4828a91c610053d2fd2f70

C:\Windows\System\dyGfLLq.exe

MD5 6f14dea417743ac59cda32ff051fb55c
SHA1 6755e60fbea3d95013fa46a0c9414e383338297c
SHA256 a7bf2bbbc994aeed2a2ca0f171a22f0beb3d8e8b7c644f739e1837817592c62b
SHA512 c652edd030be0c1567527ae2d403c8da86ab140dd19e1492ef97c8446110c27e8322e90c066f4a816d9266fcd0694774bd196e07d5273fe7a94ba0453d2ff793

C:\Windows\System\rJeXhDy.exe

MD5 79d204d5448fb64fa25219e582778447
SHA1 8b4fa64d7884f556704599bbb787964bd819e81d
SHA256 688849cf56fb3c4d2eed18a853550fb5c573c13552374fe8429221f362a97d2b
SHA512 1cb7d39934b3fcdb01c84c44ad8c11e51f44e85f31544b4c8ed7c2e691b4b5d8380282c06ea4d4f4c8b5334e58ea428e20cdc7306b99476d3815c8472607c970

C:\Windows\System\KPwVhPj.exe

MD5 d19f59c9f56637114489239ad329a237
SHA1 039150af2ad151b21f368cc522c30e2afa29d22f
SHA256 6009d473bf5ea79e0c374dae73cf9c64132679f50b63d65818d6beda14b47b37
SHA512 f026315c9eae29da433874b43e9786a4bbb3262555463e51d8a1726003d872be9004c87b9e5e351d7bcb9f676adcf8a0bef085661d0ecb0aca9f308e757525dd

C:\Windows\System\OuipIOh.exe

MD5 aa8a73ece71faf354f81320f6737513c
SHA1 f81ffccb08edba9b02c88eeb2364ad67928bd42e
SHA256 a03350adba91830d1dd84451f269adb8dd69b0a7cedf4a28dc5668bed93057f3
SHA512 64046dfab5f95333974900f9aa6cfd551f1feb03c74729f02663279d60cc99147d6f8f1c4700fa66eb99f3ac73c66b1d5ad39fa052e790989ca1d20157af6e3e

C:\Windows\System\qpHMcPc.exe

MD5 b1a5ac9057313362646948a731113c31
SHA1 4ae1faedb54c79e26f98ccd2d2c24431ae09b6df
SHA256 d5be8c0f303b4be1c4ef6d2b5e606234e84610580aff4f675ca25ea2e40fb40d
SHA512 67f89a2184306bd7bde771ee8a1eb92d396b65a414a013f3e8fe7d287aeec50144be770004a9bacd07a2e5a768b2c5debed3118dd0555e4f2bb288e555c39a67

C:\Windows\System\yjpmMYh.exe

MD5 7d5828dd8b5381b1514ed57df5914ae1
SHA1 b880739ab2c9335173cf2db411e66579da570830
SHA256 255bb328cd3573ed57f11d096226d7c2dcbf10980266ec9253b85d7f0f07b8a5
SHA512 fe601a4ae4c94fe0b83875eb9ae8751f00c86398dd849792ea779090b1c9f934de24618e96489dabb1304a2875e20183ed6dfd95eea37d7585da8518d057e623

memory/2500-127-0x00007FF746D80000-0x00007FF747172000-memory.dmp

C:\Windows\System\qWLldgg.exe

MD5 187e7c28a5099bf27f0593c2b7a6cf81
SHA1 4512a7d24c3a9a6455fef51631f1d75a134e6ef0
SHA256 8c4fbb34732bc36a746c1dcab81d8a8cae48beeb58d9075015d8a6e249fc289c
SHA512 0141cc3cd17c7fdc29de3e84daf5d88a7fed0ee6ffebb5d99b0e8059c39969fbf3f48526f49e5329c7776587dde48f93167d8bce1690321ba8e799e82ad68377

memory/4004-123-0x00007FF7621B0000-0x00007FF7625A2000-memory.dmp

C:\Windows\System\oPqzZNq.exe

MD5 aa8f6ae26fd5e0826580a0c15a4f644e
SHA1 827170c924fb0657adbce30fc296081291d98dc9
SHA256 e70c1066d70f01a3f556df4207e079d361587882ffd911b95240623c6dd65279
SHA512 f5c4d371409662732b05a1e1dd7532e5499d09ce45c2d14700fc125c2933c5c9399be7099f241ead1cce9a5b0bbf7cf1c2355091dd192e2b8369a4eecccc8ae3

C:\Windows\System\VHaCbbJ.exe

MD5 6b0fdcb4f6f3be982a55f56c6a5086bb
SHA1 8458b440133a53273fa239d30fca958ed63ed22e
SHA256 72c5f94b1748910839bfb489e49682326a18addba8fd0db7d802a547d32cfc43
SHA512 444968a89056d934e2ea1afde72c22aea2ecec1b681bbabcead2c6b1177cea9f3da57b805e341b352f2b07a5e77860a39816a5c1ea2eac8f649baeacc598bf1b

C:\Windows\System\YAFopVX.exe

MD5 a4ecade6671ec2a3eb6443f4a95bc636
SHA1 27a85aaac7de0ecbadfff192ebe6e94734c6b6fd
SHA256 fe50b115dd631c44eca9d7c8018881446acfe955c4c58059583856cd016f3a5d
SHA512 7c2785c864aa76e76081dfe4afcf7b4218c533b33a1df9828d8b85d3a85523df92ca4b2be2805729b86cea6cddd038f8dcd4c424d82dc13474e78284c497ef9c

C:\Windows\System\zpPODNb.exe

MD5 b7488a135a3535fc8e77d4cc12026863
SHA1 bd5ac51ec873cb37e3c6263fceccd4ffca39ede8
SHA256 6f28a79d2e8b21e5a3231d9f12ca3811d4fe5baf7527763b1337e979c60d6c4b
SHA512 8a372ac611b958b6191e36950caf3c9684e0d4ef029aa842597758f37f9d93fe11c533b13b28514b98b0449c55ef67f95c97f4fd152efb34b0de3b6bf4b786e5

C:\Windows\System\tjdgKmr.exe

MD5 5ede7f9164279d4c1e6519eec6dcf6c9
SHA1 05fb7a450385166e3e9d6f80d1132569daf78502
SHA256 3d5eb9227b8de303ed1ff79a96c05f21bb57d14ebb4291b178fd0fd7b53bd016
SHA512 6b79d73cfaf3a6872668941aac3c3596b36ab751e959c7565af64a764495b703141998c8ef6dc709b7af4a1c7dd1893e1bd3d88b36eeb22d075ead31e1c17ab9

C:\Windows\System\roPtSfA.exe

MD5 92e1119cae0a4652b7625175d93e5000
SHA1 1c1016a707b59ed4cfb1f5b4a3b79717d82ea425
SHA256 1050117f2c45d61fe2982002a458351b60e203ca1ff7fdd48c22783e1d32f5c8
SHA512 baea61ab1dcd81a858bb4d43548a7350f3cc16b0ec8119ec0be89aaf03001470da86b20f2b87b90985ea89a0977f08d375d54c2e3adbe5ef0f30fae725821b95

C:\Windows\System\pDKaDsg.exe

MD5 fce3236e083283199096f8a0b32d8782
SHA1 36d7f8d745dfbbdf96cf49624d4b77f106f051a1
SHA256 818e67d2607001538545ecba8319a1875897e564066f526b3980db4e5757bc8d
SHA512 eb6fc92c68ddb1eab95250f8580d662f4e38c50a8a99ca369667facffaf1a438eebe86e11e9e6f285620c92e6785f590b9888406a79c81666e3d5f75aa7e8fa3

memory/4716-90-0x00007FF6B61E0000-0x00007FF6B65D2000-memory.dmp

C:\Windows\System\BYsmNVq.exe

MD5 6212798e03a276d3c0363d699e6eff09
SHA1 ba920a5336791023f8b173f578a6b2cec993f0ba
SHA256 77683699ab36e9d4d5948df73d6d6fe3174324d5cc76ea0d7f8c216033a20220
SHA512 2c50b36dbea13d2941e7a48a47c525b0e15f2d20ceed26a0fb965106efa683bcbd888379f339e1e690a057340665aba2ac1dd2268a4fe314ae38cadea386b70c

C:\Windows\System\vJzfeqS.exe

MD5 df939fd96ca57025dfb4b3a9ce22cdec
SHA1 7d84bf465d5c65e73bfaa4d71eeeb6a5115ca631
SHA256 e74dc12cb74511d07f5109e66cd611ba30fcbe86a524b5cbb40fb751b404f343
SHA512 4ecc1ef03abe40607e97210d12769c18cae7b1b57f33a780d35a05de74dcf9968d00c4c8b27f4a1c6392c5cbf25dcb8806e8bc80088f7c7d637e53e6756cd02b

C:\Windows\System\TSuDctp.exe

MD5 7380778729459d5e2905bdca5da7932a
SHA1 1d42a450624dcb3894722829aeb5673ff337cc11
SHA256 ff4495e61016dd409ec9abb52024301a0eb35f1fbfd76e6aec5d32ded509090c
SHA512 0fc061caf5d8bd40fb7ef06f59aeec022064d80646c42bf483fca1cd2fb7f6225c5fe7add422ceea7887aee24a4556b49dd3c671d1ed358c05a531bf3d12c9cb

C:\Windows\System\neCgNuC.exe

MD5 77e82cdb9f1142fa748feac0e0345e92
SHA1 f551fd8ea44bcace3e4af6a12ab3ae7ac0c77add
SHA256 41de621dd6daad49121aa1565133b51264300b33d98b05a3526b3a221cf1e1e9
SHA512 f1e036e5ff443da0dedb0e7231206672994066ecd5bc85f549149757e47a6369d4806060c8e458d602f52b72e0f9dd80853106197052a09a4dfc978e5de3267b

C:\Windows\System\BYjbCvf.exe

MD5 9e85a361441c756766f8149418277251
SHA1 6f28b1dcd5c7425acfd209ce5874188f4de17bd0
SHA256 1c82d81760f1740a36b63aaf7eb4fcf2aeaff54944a1b73e5ec184dc65026dd1
SHA512 f9613fd5fb62be869dd7a706f7904ae55b17fd772fbcbd3293c84b7c4eeced49a2ce893b6d863a9bda03c687d928e666f0ef91f8b64059ec668010356c60d715

memory/2288-57-0x00007FF900090000-0x00007FF900359000-memory.dmp

C:\Windows\System\uoxAEas.exe

MD5 e0aef0a364952902471edd701c5c09d4
SHA1 53afc2f709d015b2037df3dea77a41ddcc11a45a
SHA256 4fb0c9fa6285fc4d4719b99e2f66eb5f347100fa49707aeb3fd02fcd0e714a9d
SHA512 d5ee79489a9a36a73556e82d9fcf1e702c14119067b08a1c3225021e8f5d788d55a49dca7ac89c1c086148e13bf1dedea71112f93bd4f59d606df4407092db38

C:\Windows\System\YebuTcC.exe

MD5 94dee085506360b798bd8a3d72f704ed
SHA1 605a7ad36ac12fdee02757732db36d65ba1b30e9
SHA256 1772bf144eba852d4bb6880ca0063ac8a3050c63a6b2df5b0b8582cf9715b5d7
SHA512 42aef47f31a2395fa95cf46b89120f9fb6811470ebfc081834e9fe552859e92a833678758377710f4013e27ad301e2dd8acb776414e104c7b87f703a10bd37f4

memory/5036-64-0x00007FF683FB0000-0x00007FF6843A2000-memory.dmp

memory/384-29-0x00007FF71B9A0000-0x00007FF71BD92000-memory.dmp

memory/4852-36-0x00007FF628180000-0x00007FF628572000-memory.dmp

C:\Windows\System\MwcisGQ.exe

MD5 c1f410fe4a16aa0e31f00335445ce53f
SHA1 3ccc94d93406fae62d6eb590588d56cb7d89383f
SHA256 5014ec4029ada7e2641743369762f2757f761174f951afc9f3c6a080935d1bb6
SHA512 a17817f95a9e2b3527ecb516c3d5a45502cad76b70a1fad9c799b147b532e3c3185cee1ad5a14a7d2f43f32b9085b7a209a5b3607be519f6dd88acb3a44912dd

memory/2288-12-0x00007FF900090000-0x00007FF900359000-memory.dmp

C:\Windows\System\KQJRaxM.exe

MD5 9eed4b82804b22673b9dfb873b8ab9ce
SHA1 f21d2bfa2371f1463e1292b73e9e08fa34f0575c
SHA256 5d32e2c5476ec99d6a8b9b32ce8fc3dcfc70c43e01cda6d539f1537b352bc821
SHA512 dca73626047a6804b6db7d36b94c16cbc3aa085940e12b1d982bf2f2f9d835da5216fd8f6b7487a1c5fafdc4aff759eb74fe90083f9b59b79152dd8179f2bc5b

memory/5036-4643-0x00007FF683FB0000-0x00007FF6843A2000-memory.dmp

memory/4716-4646-0x00007FF6B61E0000-0x00007FF6B65D2000-memory.dmp

memory/4852-5057-0x00007FF628180000-0x00007FF628572000-memory.dmp

memory/4944-5139-0x00007FF79B220000-0x00007FF79B612000-memory.dmp

memory/4716-5156-0x00007FF6B61E0000-0x00007FF6B65D2000-memory.dmp

memory/4364-5264-0x00007FF7DD180000-0x00007FF7DD572000-memory.dmp

memory/2132-5147-0x00007FF755DF0000-0x00007FF7561E2000-memory.dmp

C:\Windows\System\PDaaPIk.exe

MD5 6222e4536e384c0a1512170dea9cd5d9
SHA1 677d846b63b411bee372285488700317e50ea9e3
SHA256 fd86f7ab7617456dd2fc6566ed65ed74bcb3d16b08e15b51d0cee9e1aadd4754
SHA512 90840531058e96d202122fa5e31bc507d46669c9ce853047afa57de66c023e079fd61e5de77df2e2b669a3aad2bee674f532ecf499d638b2fc95b1d1c26c1d5f

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 16:04

Reported

2024-06-10 16:07

Platform

win7-20240419-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\URaCWcH.exe N/A
N/A N/A C:\Windows\System\dGsTtqA.exe N/A
N/A N/A C:\Windows\System\dXzBNHI.exe N/A
N/A N/A C:\Windows\System\rfqpDfj.exe N/A
N/A N/A C:\Windows\System\pnnCUMt.exe N/A
N/A N/A C:\Windows\System\rCmqTNi.exe N/A
N/A N/A C:\Windows\System\ZsnIIpL.exe N/A
N/A N/A C:\Windows\System\pfcEWyw.exe N/A
N/A N/A C:\Windows\System\uAhmTCc.exe N/A
N/A N/A C:\Windows\System\uobZfxx.exe N/A
N/A N/A C:\Windows\System\VKhaNTw.exe N/A
N/A N/A C:\Windows\System\NltsirF.exe N/A
N/A N/A C:\Windows\System\OMFiDgv.exe N/A
N/A N/A C:\Windows\System\SMjlQbJ.exe N/A
N/A N/A C:\Windows\System\hpzixlE.exe N/A
N/A N/A C:\Windows\System\XAKTwed.exe N/A
N/A N/A C:\Windows\System\NqmWyMI.exe N/A
N/A N/A C:\Windows\System\etMfcKi.exe N/A
N/A N/A C:\Windows\System\TTtRWbx.exe N/A
N/A N/A C:\Windows\System\INNZuGy.exe N/A
N/A N/A C:\Windows\System\IEqBDtd.exe N/A
N/A N/A C:\Windows\System\UcrBPeZ.exe N/A
N/A N/A C:\Windows\System\iWoxsWh.exe N/A
N/A N/A C:\Windows\System\TKEUBUi.exe N/A
N/A N/A C:\Windows\System\zYLMPQz.exe N/A
N/A N/A C:\Windows\System\JgVWJMZ.exe N/A
N/A N/A C:\Windows\System\VOuprKL.exe N/A
N/A N/A C:\Windows\System\zkZnvXJ.exe N/A
N/A N/A C:\Windows\System\qBCpnxB.exe N/A
N/A N/A C:\Windows\System\GppMAJc.exe N/A
N/A N/A C:\Windows\System\femUasE.exe N/A
N/A N/A C:\Windows\System\ETKMoxW.exe N/A
N/A N/A C:\Windows\System\QyrRpGB.exe N/A
N/A N/A C:\Windows\System\ZPdhCSD.exe N/A
N/A N/A C:\Windows\System\uASVJOj.exe N/A
N/A N/A C:\Windows\System\nqIzfGC.exe N/A
N/A N/A C:\Windows\System\HuXHNll.exe N/A
N/A N/A C:\Windows\System\yvaVLNJ.exe N/A
N/A N/A C:\Windows\System\qZGvfah.exe N/A
N/A N/A C:\Windows\System\FqayBVa.exe N/A
N/A N/A C:\Windows\System\COXQJwX.exe N/A
N/A N/A C:\Windows\System\ANPVoUS.exe N/A
N/A N/A C:\Windows\System\eXpFuVs.exe N/A
N/A N/A C:\Windows\System\lazIwZq.exe N/A
N/A N/A C:\Windows\System\MldfOCW.exe N/A
N/A N/A C:\Windows\System\AtwRrUG.exe N/A
N/A N/A C:\Windows\System\qUGOfNM.exe N/A
N/A N/A C:\Windows\System\fzjxDoQ.exe N/A
N/A N/A C:\Windows\System\FcCzrtB.exe N/A
N/A N/A C:\Windows\System\zRlLdLD.exe N/A
N/A N/A C:\Windows\System\oJXngSL.exe N/A
N/A N/A C:\Windows\System\FEjUMxe.exe N/A
N/A N/A C:\Windows\System\lzILRrF.exe N/A
N/A N/A C:\Windows\System\ddAKNwQ.exe N/A
N/A N/A C:\Windows\System\mOHAtDQ.exe N/A
N/A N/A C:\Windows\System\OrfUISY.exe N/A
N/A N/A C:\Windows\System\ruhVyDh.exe N/A
N/A N/A C:\Windows\System\aDJoUvP.exe N/A
N/A N/A C:\Windows\System\dCrBvYW.exe N/A
N/A N/A C:\Windows\System\fTNIpgh.exe N/A
N/A N/A C:\Windows\System\rqlqwlO.exe N/A
N/A N/A C:\Windows\System\VtpLncv.exe N/A
N/A N/A C:\Windows\System\vdOBoVB.exe N/A
N/A N/A C:\Windows\System\GqbNwqN.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\KzNeeMr.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\AoIZhSc.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\wpdpGTo.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\cjINCxm.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\tiFXBva.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\QlfAgvG.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\LDqcDFh.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\LjhwZYC.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\qfPNomv.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\EFxDTEj.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\guNiTnA.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\XRxizLd.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\OUiQvgq.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\afwFjlS.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\QRSFEER.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ALaJvBF.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\cbNsnMh.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\jBYDqPJ.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\AkOeWrv.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\CGLtNev.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\zxiOgVq.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\lfkpqxx.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\tejXBzt.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\CgFHkUe.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\HDuUAQx.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\IgIjlUj.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\qfQUQRj.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\tAybXPk.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\fvtNSLJ.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\khQTYkA.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\yvsBMJB.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\rTutIYV.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\VBBWWfY.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\iLxduoz.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\vvDlMiH.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\VnhFxGJ.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\PJFVJMn.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\xNPgoZT.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\nWliLtP.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\kkpYLTw.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\KvWQSXo.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ypqPgdC.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\yDfIRzn.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\nfeDXOk.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\FphasMy.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\zqiwveN.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\cmxTaZk.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ISocDlE.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ovlcFAo.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\DUYxoCX.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\OnzQPyF.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\rwJMuRx.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ECkYjsL.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\cuGStMf.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\seUtwvw.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\GjykwYr.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\LlPUAZb.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\aAKrrxN.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\EprFPyV.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\ZlXLeCz.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\gTKwwRf.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\wXVjuHc.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\EgCqlkZ.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
File created C:\Windows\System\RsgfECH.exe C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2420 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2420 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2420 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2420 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\URaCWcH.exe
PID 2420 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\URaCWcH.exe
PID 2420 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\URaCWcH.exe
PID 2420 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\dGsTtqA.exe
PID 2420 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\dGsTtqA.exe
PID 2420 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\dGsTtqA.exe
PID 2420 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\dXzBNHI.exe
PID 2420 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\dXzBNHI.exe
PID 2420 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\dXzBNHI.exe
PID 2420 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\rfqpDfj.exe
PID 2420 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\rfqpDfj.exe
PID 2420 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\rfqpDfj.exe
PID 2420 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\pnnCUMt.exe
PID 2420 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\pnnCUMt.exe
PID 2420 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\pnnCUMt.exe
PID 2420 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\rCmqTNi.exe
PID 2420 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\rCmqTNi.exe
PID 2420 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\rCmqTNi.exe
PID 2420 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\ZsnIIpL.exe
PID 2420 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\ZsnIIpL.exe
PID 2420 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\ZsnIIpL.exe
PID 2420 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\hpzixlE.exe
PID 2420 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\hpzixlE.exe
PID 2420 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\hpzixlE.exe
PID 2420 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\pfcEWyw.exe
PID 2420 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\pfcEWyw.exe
PID 2420 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\pfcEWyw.exe
PID 2420 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\VOuprKL.exe
PID 2420 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\VOuprKL.exe
PID 2420 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\VOuprKL.exe
PID 2420 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\uAhmTCc.exe
PID 2420 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\uAhmTCc.exe
PID 2420 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\uAhmTCc.exe
PID 2420 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\zkZnvXJ.exe
PID 2420 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\zkZnvXJ.exe
PID 2420 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\zkZnvXJ.exe
PID 2420 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\uobZfxx.exe
PID 2420 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\uobZfxx.exe
PID 2420 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\uobZfxx.exe
PID 2420 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\qBCpnxB.exe
PID 2420 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\qBCpnxB.exe
PID 2420 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\qBCpnxB.exe
PID 2420 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\VKhaNTw.exe
PID 2420 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\VKhaNTw.exe
PID 2420 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\VKhaNTw.exe
PID 2420 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\GppMAJc.exe
PID 2420 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\GppMAJc.exe
PID 2420 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\GppMAJc.exe
PID 2420 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\NltsirF.exe
PID 2420 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\NltsirF.exe
PID 2420 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\NltsirF.exe
PID 2420 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\QyrRpGB.exe
PID 2420 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\QyrRpGB.exe
PID 2420 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\QyrRpGB.exe
PID 2420 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\OMFiDgv.exe
PID 2420 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\OMFiDgv.exe
PID 2420 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\OMFiDgv.exe
PID 2420 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\yvaVLNJ.exe
PID 2420 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\yvaVLNJ.exe
PID 2420 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\yvaVLNJ.exe
PID 2420 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe C:\Windows\System\SMjlQbJ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9b3f07e3f2fbbb72ead65bb9e549afc5_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\URaCWcH.exe

C:\Windows\System\URaCWcH.exe

C:\Windows\System\dGsTtqA.exe

C:\Windows\System\dGsTtqA.exe

C:\Windows\System\dXzBNHI.exe

C:\Windows\System\dXzBNHI.exe

C:\Windows\System\rfqpDfj.exe

C:\Windows\System\rfqpDfj.exe

C:\Windows\System\pnnCUMt.exe

C:\Windows\System\pnnCUMt.exe

C:\Windows\System\rCmqTNi.exe

C:\Windows\System\rCmqTNi.exe

C:\Windows\System\ZsnIIpL.exe

C:\Windows\System\ZsnIIpL.exe

C:\Windows\System\hpzixlE.exe

C:\Windows\System\hpzixlE.exe

C:\Windows\System\pfcEWyw.exe

C:\Windows\System\pfcEWyw.exe

C:\Windows\System\VOuprKL.exe

C:\Windows\System\VOuprKL.exe

C:\Windows\System\uAhmTCc.exe

C:\Windows\System\uAhmTCc.exe

C:\Windows\System\zkZnvXJ.exe

C:\Windows\System\zkZnvXJ.exe

C:\Windows\System\uobZfxx.exe

C:\Windows\System\uobZfxx.exe

C:\Windows\System\qBCpnxB.exe

C:\Windows\System\qBCpnxB.exe

C:\Windows\System\VKhaNTw.exe

C:\Windows\System\VKhaNTw.exe

C:\Windows\System\GppMAJc.exe

C:\Windows\System\GppMAJc.exe

C:\Windows\System\NltsirF.exe

C:\Windows\System\NltsirF.exe

C:\Windows\System\QyrRpGB.exe

C:\Windows\System\QyrRpGB.exe

C:\Windows\System\OMFiDgv.exe

C:\Windows\System\OMFiDgv.exe

C:\Windows\System\yvaVLNJ.exe

C:\Windows\System\yvaVLNJ.exe

C:\Windows\System\SMjlQbJ.exe

C:\Windows\System\SMjlQbJ.exe

C:\Windows\System\qZGvfah.exe

C:\Windows\System\qZGvfah.exe

C:\Windows\System\XAKTwed.exe

C:\Windows\System\XAKTwed.exe

C:\Windows\System\FqayBVa.exe

C:\Windows\System\FqayBVa.exe

C:\Windows\System\NqmWyMI.exe

C:\Windows\System\NqmWyMI.exe

C:\Windows\System\ANPVoUS.exe

C:\Windows\System\ANPVoUS.exe

C:\Windows\System\etMfcKi.exe

C:\Windows\System\etMfcKi.exe

C:\Windows\System\eXpFuVs.exe

C:\Windows\System\eXpFuVs.exe

C:\Windows\System\TTtRWbx.exe

C:\Windows\System\TTtRWbx.exe

C:\Windows\System\lazIwZq.exe

C:\Windows\System\lazIwZq.exe

C:\Windows\System\INNZuGy.exe

C:\Windows\System\INNZuGy.exe

C:\Windows\System\MldfOCW.exe

C:\Windows\System\MldfOCW.exe

C:\Windows\System\IEqBDtd.exe

C:\Windows\System\IEqBDtd.exe

C:\Windows\System\AtwRrUG.exe

C:\Windows\System\AtwRrUG.exe

C:\Windows\System\UcrBPeZ.exe

C:\Windows\System\UcrBPeZ.exe

C:\Windows\System\qUGOfNM.exe

C:\Windows\System\qUGOfNM.exe

C:\Windows\System\iWoxsWh.exe

C:\Windows\System\iWoxsWh.exe

C:\Windows\System\FcCzrtB.exe

C:\Windows\System\FcCzrtB.exe

C:\Windows\System\TKEUBUi.exe

C:\Windows\System\TKEUBUi.exe

C:\Windows\System\zRlLdLD.exe

C:\Windows\System\zRlLdLD.exe

C:\Windows\System\zYLMPQz.exe

C:\Windows\System\zYLMPQz.exe

C:\Windows\System\oJXngSL.exe

C:\Windows\System\oJXngSL.exe

C:\Windows\System\JgVWJMZ.exe

C:\Windows\System\JgVWJMZ.exe

C:\Windows\System\FEjUMxe.exe

C:\Windows\System\FEjUMxe.exe

C:\Windows\System\femUasE.exe

C:\Windows\System\femUasE.exe

C:\Windows\System\lzILRrF.exe

C:\Windows\System\lzILRrF.exe

C:\Windows\System\ETKMoxW.exe

C:\Windows\System\ETKMoxW.exe

C:\Windows\System\ddAKNwQ.exe

C:\Windows\System\ddAKNwQ.exe

C:\Windows\System\ZPdhCSD.exe

C:\Windows\System\ZPdhCSD.exe

C:\Windows\System\mOHAtDQ.exe

C:\Windows\System\mOHAtDQ.exe

C:\Windows\System\uASVJOj.exe

C:\Windows\System\uASVJOj.exe

C:\Windows\System\OrfUISY.exe

C:\Windows\System\OrfUISY.exe

C:\Windows\System\nqIzfGC.exe

C:\Windows\System\nqIzfGC.exe

C:\Windows\System\ruhVyDh.exe

C:\Windows\System\ruhVyDh.exe

C:\Windows\System\HuXHNll.exe

C:\Windows\System\HuXHNll.exe

C:\Windows\System\aDJoUvP.exe

C:\Windows\System\aDJoUvP.exe

C:\Windows\System\COXQJwX.exe

C:\Windows\System\COXQJwX.exe

C:\Windows\System\dCrBvYW.exe

C:\Windows\System\dCrBvYW.exe

C:\Windows\System\fzjxDoQ.exe

C:\Windows\System\fzjxDoQ.exe

C:\Windows\System\fTNIpgh.exe

C:\Windows\System\fTNIpgh.exe

C:\Windows\System\rqlqwlO.exe

C:\Windows\System\rqlqwlO.exe

C:\Windows\System\VtpLncv.exe

C:\Windows\System\VtpLncv.exe

C:\Windows\System\vdOBoVB.exe

C:\Windows\System\vdOBoVB.exe

C:\Windows\System\uwBwimT.exe

C:\Windows\System\uwBwimT.exe

C:\Windows\System\GqbNwqN.exe

C:\Windows\System\GqbNwqN.exe

C:\Windows\System\bnCiDaM.exe

C:\Windows\System\bnCiDaM.exe

C:\Windows\System\DxdtUYj.exe

C:\Windows\System\DxdtUYj.exe

C:\Windows\System\jzvTsns.exe

C:\Windows\System\jzvTsns.exe

C:\Windows\System\LbLfejA.exe

C:\Windows\System\LbLfejA.exe

C:\Windows\System\AievvMD.exe

C:\Windows\System\AievvMD.exe

C:\Windows\System\LYIQhZG.exe

C:\Windows\System\LYIQhZG.exe

C:\Windows\System\TKfCLPw.exe

C:\Windows\System\TKfCLPw.exe

C:\Windows\System\QlfAgvG.exe

C:\Windows\System\QlfAgvG.exe

C:\Windows\System\LJkuJPA.exe

C:\Windows\System\LJkuJPA.exe

C:\Windows\System\XbiGBhq.exe

C:\Windows\System\XbiGBhq.exe

C:\Windows\System\TxcjcAd.exe

C:\Windows\System\TxcjcAd.exe

C:\Windows\System\PkgsUqP.exe

C:\Windows\System\PkgsUqP.exe

C:\Windows\System\TcbnuOJ.exe

C:\Windows\System\TcbnuOJ.exe

C:\Windows\System\bhWhAxV.exe

C:\Windows\System\bhWhAxV.exe

C:\Windows\System\dxyJnki.exe

C:\Windows\System\dxyJnki.exe

C:\Windows\System\OWHYtxz.exe

C:\Windows\System\OWHYtxz.exe

C:\Windows\System\HvgCyuu.exe

C:\Windows\System\HvgCyuu.exe

C:\Windows\System\XEAigfB.exe

C:\Windows\System\XEAigfB.exe

C:\Windows\System\ecGGAYU.exe

C:\Windows\System\ecGGAYU.exe

C:\Windows\System\BvVKpSZ.exe

C:\Windows\System\BvVKpSZ.exe

C:\Windows\System\hEfOHli.exe

C:\Windows\System\hEfOHli.exe

C:\Windows\System\xQFVTQo.exe

C:\Windows\System\xQFVTQo.exe

C:\Windows\System\fLKbnsU.exe

C:\Windows\System\fLKbnsU.exe

C:\Windows\System\UgHUCyD.exe

C:\Windows\System\UgHUCyD.exe

C:\Windows\System\UJdwHqF.exe

C:\Windows\System\UJdwHqF.exe

C:\Windows\System\tpVJTjE.exe

C:\Windows\System\tpVJTjE.exe

C:\Windows\System\WmuIdXx.exe

C:\Windows\System\WmuIdXx.exe

C:\Windows\System\ZvBpbgC.exe

C:\Windows\System\ZvBpbgC.exe

C:\Windows\System\KqPAdAq.exe

C:\Windows\System\KqPAdAq.exe

C:\Windows\System\QrnNajO.exe

C:\Windows\System\QrnNajO.exe

C:\Windows\System\osRgJIt.exe

C:\Windows\System\osRgJIt.exe

C:\Windows\System\VzvlByw.exe

C:\Windows\System\VzvlByw.exe

C:\Windows\System\WsLByDP.exe

C:\Windows\System\WsLByDP.exe

C:\Windows\System\aoCCIWS.exe

C:\Windows\System\aoCCIWS.exe

C:\Windows\System\VlEsGwf.exe

C:\Windows\System\VlEsGwf.exe

C:\Windows\System\TvPEWnD.exe

C:\Windows\System\TvPEWnD.exe

C:\Windows\System\ZCCcLHL.exe

C:\Windows\System\ZCCcLHL.exe

C:\Windows\System\jhLqQVs.exe

C:\Windows\System\jhLqQVs.exe

C:\Windows\System\hNeoRlJ.exe

C:\Windows\System\hNeoRlJ.exe

C:\Windows\System\zusCThZ.exe

C:\Windows\System\zusCThZ.exe

C:\Windows\System\gJEiBsn.exe

C:\Windows\System\gJEiBsn.exe

C:\Windows\System\pHdYfZU.exe

C:\Windows\System\pHdYfZU.exe

C:\Windows\System\fBAukCh.exe

C:\Windows\System\fBAukCh.exe

C:\Windows\System\MkgPssE.exe

C:\Windows\System\MkgPssE.exe

C:\Windows\System\DaHffdE.exe

C:\Windows\System\DaHffdE.exe

C:\Windows\System\JbcnDNo.exe

C:\Windows\System\JbcnDNo.exe

C:\Windows\System\rBcqcdy.exe

C:\Windows\System\rBcqcdy.exe

C:\Windows\System\CGLtNev.exe

C:\Windows\System\CGLtNev.exe

C:\Windows\System\KhaCQrw.exe

C:\Windows\System\KhaCQrw.exe

C:\Windows\System\jGfusdP.exe

C:\Windows\System\jGfusdP.exe

C:\Windows\System\emPZWnE.exe

C:\Windows\System\emPZWnE.exe

C:\Windows\System\UFRXQee.exe

C:\Windows\System\UFRXQee.exe

C:\Windows\System\GrvgzVz.exe

C:\Windows\System\GrvgzVz.exe

C:\Windows\System\KCAHaXb.exe

C:\Windows\System\KCAHaXb.exe

C:\Windows\System\VLSrERz.exe

C:\Windows\System\VLSrERz.exe

C:\Windows\System\mEmAzOw.exe

C:\Windows\System\mEmAzOw.exe

C:\Windows\System\UTcHdnx.exe

C:\Windows\System\UTcHdnx.exe

C:\Windows\System\VXzGqbi.exe

C:\Windows\System\VXzGqbi.exe

C:\Windows\System\wsQoHmp.exe

C:\Windows\System\wsQoHmp.exe

C:\Windows\System\qULTmRo.exe

C:\Windows\System\qULTmRo.exe

C:\Windows\System\vArgOOO.exe

C:\Windows\System\vArgOOO.exe

C:\Windows\System\DQMthxm.exe

C:\Windows\System\DQMthxm.exe

C:\Windows\System\NyksYOL.exe

C:\Windows\System\NyksYOL.exe

C:\Windows\System\rOAAahW.exe

C:\Windows\System\rOAAahW.exe

C:\Windows\System\KweTMEw.exe

C:\Windows\System\KweTMEw.exe

C:\Windows\System\ZfqLHbF.exe

C:\Windows\System\ZfqLHbF.exe

C:\Windows\System\FVMhHto.exe

C:\Windows\System\FVMhHto.exe

C:\Windows\System\GYcZEVH.exe

C:\Windows\System\GYcZEVH.exe

C:\Windows\System\cMehHYy.exe

C:\Windows\System\cMehHYy.exe

C:\Windows\System\UrVvXLv.exe

C:\Windows\System\UrVvXLv.exe

C:\Windows\System\JUecEhV.exe

C:\Windows\System\JUecEhV.exe

C:\Windows\System\aSClTMv.exe

C:\Windows\System\aSClTMv.exe

C:\Windows\System\HZTQhaQ.exe

C:\Windows\System\HZTQhaQ.exe

C:\Windows\System\uSZLjvJ.exe

C:\Windows\System\uSZLjvJ.exe

C:\Windows\System\nmzQTCX.exe

C:\Windows\System\nmzQTCX.exe

C:\Windows\System\FsngjBx.exe

C:\Windows\System\FsngjBx.exe

C:\Windows\System\HeYMdQT.exe

C:\Windows\System\HeYMdQT.exe

C:\Windows\System\TirIIjn.exe

C:\Windows\System\TirIIjn.exe

C:\Windows\System\yliIyaF.exe

C:\Windows\System\yliIyaF.exe

C:\Windows\System\pylUBwr.exe

C:\Windows\System\pylUBwr.exe

C:\Windows\System\rwkgrlg.exe

C:\Windows\System\rwkgrlg.exe

C:\Windows\System\RNegkZs.exe

C:\Windows\System\RNegkZs.exe

C:\Windows\System\OYuuafV.exe

C:\Windows\System\OYuuafV.exe

C:\Windows\System\MwhROvN.exe

C:\Windows\System\MwhROvN.exe

C:\Windows\System\zeoLZBJ.exe

C:\Windows\System\zeoLZBJ.exe

C:\Windows\System\CDwGXWa.exe

C:\Windows\System\CDwGXWa.exe

C:\Windows\System\vlEPoyX.exe

C:\Windows\System\vlEPoyX.exe

C:\Windows\System\udAfgho.exe

C:\Windows\System\udAfgho.exe

C:\Windows\System\mihlMTx.exe

C:\Windows\System\mihlMTx.exe

C:\Windows\System\eBhwdbG.exe

C:\Windows\System\eBhwdbG.exe

C:\Windows\System\BGjqqms.exe

C:\Windows\System\BGjqqms.exe

C:\Windows\System\tXoXKsy.exe

C:\Windows\System\tXoXKsy.exe

C:\Windows\System\pYSHvTc.exe

C:\Windows\System\pYSHvTc.exe

C:\Windows\System\XwFsQeQ.exe

C:\Windows\System\XwFsQeQ.exe

C:\Windows\System\lXbomCV.exe

C:\Windows\System\lXbomCV.exe

C:\Windows\System\eoQgcHW.exe

C:\Windows\System\eoQgcHW.exe

C:\Windows\System\izMeZtx.exe

C:\Windows\System\izMeZtx.exe

C:\Windows\System\VerlcQW.exe

C:\Windows\System\VerlcQW.exe

C:\Windows\System\bEZSZoL.exe

C:\Windows\System\bEZSZoL.exe

C:\Windows\System\sETWfGW.exe

C:\Windows\System\sETWfGW.exe

C:\Windows\System\IxWBMhA.exe

C:\Windows\System\IxWBMhA.exe

C:\Windows\System\GvCDFCg.exe

C:\Windows\System\GvCDFCg.exe

C:\Windows\System\wBKfQKb.exe

C:\Windows\System\wBKfQKb.exe

C:\Windows\System\DRBcpPQ.exe

C:\Windows\System\DRBcpPQ.exe

C:\Windows\System\aVSbpVs.exe

C:\Windows\System\aVSbpVs.exe

C:\Windows\System\uOjscEb.exe

C:\Windows\System\uOjscEb.exe

C:\Windows\System\HYZItwj.exe

C:\Windows\System\HYZItwj.exe

C:\Windows\System\HXhBhLI.exe

C:\Windows\System\HXhBhLI.exe

C:\Windows\System\ZDfWRnp.exe

C:\Windows\System\ZDfWRnp.exe

C:\Windows\System\FZNewBP.exe

C:\Windows\System\FZNewBP.exe

C:\Windows\System\qpLEjIx.exe

C:\Windows\System\qpLEjIx.exe

C:\Windows\System\hqlNqfM.exe

C:\Windows\System\hqlNqfM.exe

C:\Windows\System\LwzxeWU.exe

C:\Windows\System\LwzxeWU.exe

C:\Windows\System\diKARSM.exe

C:\Windows\System\diKARSM.exe

C:\Windows\System\VPwdgdC.exe

C:\Windows\System\VPwdgdC.exe

C:\Windows\System\OeAAHxO.exe

C:\Windows\System\OeAAHxO.exe

C:\Windows\System\ImQFBnj.exe

C:\Windows\System\ImQFBnj.exe

C:\Windows\System\dYRmdWM.exe

C:\Windows\System\dYRmdWM.exe

C:\Windows\System\aLJPXaA.exe

C:\Windows\System\aLJPXaA.exe

C:\Windows\System\qcGAftE.exe

C:\Windows\System\qcGAftE.exe

C:\Windows\System\UgcaKWp.exe

C:\Windows\System\UgcaKWp.exe

C:\Windows\System\lvSIgYQ.exe

C:\Windows\System\lvSIgYQ.exe

C:\Windows\System\VQXUHyf.exe

C:\Windows\System\VQXUHyf.exe

C:\Windows\System\uvPdzZe.exe

C:\Windows\System\uvPdzZe.exe

C:\Windows\System\MiwZruo.exe

C:\Windows\System\MiwZruo.exe

C:\Windows\System\mmfsHRN.exe

C:\Windows\System\mmfsHRN.exe

C:\Windows\System\sutnREL.exe

C:\Windows\System\sutnREL.exe

C:\Windows\System\LcBrSsV.exe

C:\Windows\System\LcBrSsV.exe

C:\Windows\System\eaYasBk.exe

C:\Windows\System\eaYasBk.exe

C:\Windows\System\tzozQVc.exe

C:\Windows\System\tzozQVc.exe

C:\Windows\System\reainfV.exe

C:\Windows\System\reainfV.exe

C:\Windows\System\WKgNtda.exe

C:\Windows\System\WKgNtda.exe

C:\Windows\System\qpjxJdM.exe

C:\Windows\System\qpjxJdM.exe

C:\Windows\System\hsuSaQK.exe

C:\Windows\System\hsuSaQK.exe

C:\Windows\System\pSWEhAV.exe

C:\Windows\System\pSWEhAV.exe

C:\Windows\System\vZqtzyp.exe

C:\Windows\System\vZqtzyp.exe

C:\Windows\System\vdJUZxN.exe

C:\Windows\System\vdJUZxN.exe

C:\Windows\System\VdCVvTE.exe

C:\Windows\System\VdCVvTE.exe

C:\Windows\System\xQmkOkA.exe

C:\Windows\System\xQmkOkA.exe

C:\Windows\System\JhhqmLD.exe

C:\Windows\System\JhhqmLD.exe

C:\Windows\System\iLyZKaH.exe

C:\Windows\System\iLyZKaH.exe

C:\Windows\System\nSRmSdk.exe

C:\Windows\System\nSRmSdk.exe

C:\Windows\System\oZPRbiP.exe

C:\Windows\System\oZPRbiP.exe

C:\Windows\System\wUAcmDW.exe

C:\Windows\System\wUAcmDW.exe

C:\Windows\System\IWeYPHm.exe

C:\Windows\System\IWeYPHm.exe

C:\Windows\System\wnSnLCH.exe

C:\Windows\System\wnSnLCH.exe

C:\Windows\System\kKbOZXY.exe

C:\Windows\System\kKbOZXY.exe

C:\Windows\System\pwPdxcZ.exe

C:\Windows\System\pwPdxcZ.exe

C:\Windows\System\FPpZUyq.exe

C:\Windows\System\FPpZUyq.exe

C:\Windows\System\OZPDUtx.exe

C:\Windows\System\OZPDUtx.exe

C:\Windows\System\YYYwMCB.exe

C:\Windows\System\YYYwMCB.exe

C:\Windows\System\flWpiUb.exe

C:\Windows\System\flWpiUb.exe

C:\Windows\System\BEovpbZ.exe

C:\Windows\System\BEovpbZ.exe

C:\Windows\System\QSXpyZw.exe

C:\Windows\System\QSXpyZw.exe

C:\Windows\System\TmdkEVN.exe

C:\Windows\System\TmdkEVN.exe

C:\Windows\System\FcCaJba.exe

C:\Windows\System\FcCaJba.exe

C:\Windows\System\IeiauOJ.exe

C:\Windows\System\IeiauOJ.exe

C:\Windows\System\iXkcWQw.exe

C:\Windows\System\iXkcWQw.exe

C:\Windows\System\nbYlWJt.exe

C:\Windows\System\nbYlWJt.exe

C:\Windows\System\tjenpMn.exe

C:\Windows\System\tjenpMn.exe

C:\Windows\System\GzPebCf.exe

C:\Windows\System\GzPebCf.exe

C:\Windows\System\BPXJzNf.exe

C:\Windows\System\BPXJzNf.exe

C:\Windows\System\wyaXVQq.exe

C:\Windows\System\wyaXVQq.exe

C:\Windows\System\jiuQYMl.exe

C:\Windows\System\jiuQYMl.exe

C:\Windows\System\ewLBOUC.exe

C:\Windows\System\ewLBOUC.exe

C:\Windows\System\EHhwikK.exe

C:\Windows\System\EHhwikK.exe

C:\Windows\System\YZPruJe.exe

C:\Windows\System\YZPruJe.exe

C:\Windows\System\GIDinRK.exe

C:\Windows\System\GIDinRK.exe

C:\Windows\System\BavyhFl.exe

C:\Windows\System\BavyhFl.exe

C:\Windows\System\AKvGsGq.exe

C:\Windows\System\AKvGsGq.exe

C:\Windows\System\PCGGfjH.exe

C:\Windows\System\PCGGfjH.exe

C:\Windows\System\jurneQI.exe

C:\Windows\System\jurneQI.exe

C:\Windows\System\RXWUBuE.exe

C:\Windows\System\RXWUBuE.exe

C:\Windows\System\IyWMeil.exe

C:\Windows\System\IyWMeil.exe

C:\Windows\System\qWXHgRg.exe

C:\Windows\System\qWXHgRg.exe

C:\Windows\System\zmMhsRU.exe

C:\Windows\System\zmMhsRU.exe

C:\Windows\System\IMGtIfI.exe

C:\Windows\System\IMGtIfI.exe

C:\Windows\System\BdyUyih.exe

C:\Windows\System\BdyUyih.exe

C:\Windows\System\TOQFsjW.exe

C:\Windows\System\TOQFsjW.exe

C:\Windows\System\ZTNDujS.exe

C:\Windows\System\ZTNDujS.exe

C:\Windows\System\dEhnRSl.exe

C:\Windows\System\dEhnRSl.exe

C:\Windows\System\vZulFty.exe

C:\Windows\System\vZulFty.exe

C:\Windows\System\XDKxxCs.exe

C:\Windows\System\XDKxxCs.exe

C:\Windows\System\onRggFX.exe

C:\Windows\System\onRggFX.exe

C:\Windows\System\NWxfOvB.exe

C:\Windows\System\NWxfOvB.exe

C:\Windows\System\xFDQFTG.exe

C:\Windows\System\xFDQFTG.exe

C:\Windows\System\YzPQPhv.exe

C:\Windows\System\YzPQPhv.exe

C:\Windows\System\TnxtjTJ.exe

C:\Windows\System\TnxtjTJ.exe

C:\Windows\System\AfyhdRP.exe

C:\Windows\System\AfyhdRP.exe

C:\Windows\System\MfZDuLG.exe

C:\Windows\System\MfZDuLG.exe

C:\Windows\System\sOcepFy.exe

C:\Windows\System\sOcepFy.exe

C:\Windows\System\OZOKPfO.exe

C:\Windows\System\OZOKPfO.exe

C:\Windows\System\TgBawxA.exe

C:\Windows\System\TgBawxA.exe

C:\Windows\System\CnkktKv.exe

C:\Windows\System\CnkktKv.exe

C:\Windows\System\LtPPERl.exe

C:\Windows\System\LtPPERl.exe

C:\Windows\System\IAhfctB.exe

C:\Windows\System\IAhfctB.exe

C:\Windows\System\MlfJLCM.exe

C:\Windows\System\MlfJLCM.exe

C:\Windows\System\owTRSbs.exe

C:\Windows\System\owTRSbs.exe

C:\Windows\System\ChdtJPe.exe

C:\Windows\System\ChdtJPe.exe

C:\Windows\System\PCdFJAG.exe

C:\Windows\System\PCdFJAG.exe

C:\Windows\System\sHhSkSS.exe

C:\Windows\System\sHhSkSS.exe

C:\Windows\System\OOCdDjn.exe

C:\Windows\System\OOCdDjn.exe

C:\Windows\System\iaZPXPr.exe

C:\Windows\System\iaZPXPr.exe

C:\Windows\System\pzURUMq.exe

C:\Windows\System\pzURUMq.exe

C:\Windows\System\wOQFZiN.exe

C:\Windows\System\wOQFZiN.exe

C:\Windows\System\KcKMgtO.exe

C:\Windows\System\KcKMgtO.exe

C:\Windows\System\unDfYxW.exe

C:\Windows\System\unDfYxW.exe

C:\Windows\System\mgekIPm.exe

C:\Windows\System\mgekIPm.exe

C:\Windows\System\XoWNiUg.exe

C:\Windows\System\XoWNiUg.exe

C:\Windows\System\glYvqJV.exe

C:\Windows\System\glYvqJV.exe

C:\Windows\System\FXHSBcd.exe

C:\Windows\System\FXHSBcd.exe

C:\Windows\System\KKXXsSR.exe

C:\Windows\System\KKXXsSR.exe

C:\Windows\System\yyLeEop.exe

C:\Windows\System\yyLeEop.exe

C:\Windows\System\aVSwmRD.exe

C:\Windows\System\aVSwmRD.exe

C:\Windows\System\aXOvwhc.exe

C:\Windows\System\aXOvwhc.exe

C:\Windows\System\DHTymrA.exe

C:\Windows\System\DHTymrA.exe

C:\Windows\System\EGgXAmp.exe

C:\Windows\System\EGgXAmp.exe

C:\Windows\System\jjvIjCy.exe

C:\Windows\System\jjvIjCy.exe

C:\Windows\System\woSpHxZ.exe

C:\Windows\System\woSpHxZ.exe

C:\Windows\System\vWVrLQG.exe

C:\Windows\System\vWVrLQG.exe

C:\Windows\System\uWtcbrc.exe

C:\Windows\System\uWtcbrc.exe

C:\Windows\System\zxmjiwj.exe

C:\Windows\System\zxmjiwj.exe

C:\Windows\System\yfivCcQ.exe

C:\Windows\System\yfivCcQ.exe

C:\Windows\System\MirJemN.exe

C:\Windows\System\MirJemN.exe

C:\Windows\System\AktrfFy.exe

C:\Windows\System\AktrfFy.exe

C:\Windows\System\baUjFxY.exe

C:\Windows\System\baUjFxY.exe

C:\Windows\System\ofEvzVT.exe

C:\Windows\System\ofEvzVT.exe

C:\Windows\System\PVupHgw.exe

C:\Windows\System\PVupHgw.exe

C:\Windows\System\UZXVlfr.exe

C:\Windows\System\UZXVlfr.exe

C:\Windows\System\xeRlZzD.exe

C:\Windows\System\xeRlZzD.exe

C:\Windows\System\yfLxkqM.exe

C:\Windows\System\yfLxkqM.exe

C:\Windows\System\ccsIngl.exe

C:\Windows\System\ccsIngl.exe

C:\Windows\System\JvKivjJ.exe

C:\Windows\System\JvKivjJ.exe

C:\Windows\System\fXCVQqJ.exe

C:\Windows\System\fXCVQqJ.exe

C:\Windows\System\urYnPyM.exe

C:\Windows\System\urYnPyM.exe

C:\Windows\System\TSccxoV.exe

C:\Windows\System\TSccxoV.exe

C:\Windows\System\VlabWZh.exe

C:\Windows\System\VlabWZh.exe

C:\Windows\System\jOIepoR.exe

C:\Windows\System\jOIepoR.exe

C:\Windows\System\sXuUomD.exe

C:\Windows\System\sXuUomD.exe

C:\Windows\System\FAaMGbm.exe

C:\Windows\System\FAaMGbm.exe

C:\Windows\System\PFbUtaI.exe

C:\Windows\System\PFbUtaI.exe

C:\Windows\System\KmFNCJx.exe

C:\Windows\System\KmFNCJx.exe

C:\Windows\System\opNxBiZ.exe

C:\Windows\System\opNxBiZ.exe

C:\Windows\System\RRtIpHe.exe

C:\Windows\System\RRtIpHe.exe

C:\Windows\System\WFDEpqJ.exe

C:\Windows\System\WFDEpqJ.exe

C:\Windows\System\chkUKFP.exe

C:\Windows\System\chkUKFP.exe

C:\Windows\System\aJxoqcR.exe

C:\Windows\System\aJxoqcR.exe

C:\Windows\System\KNZcyxf.exe

C:\Windows\System\KNZcyxf.exe

C:\Windows\System\LFtihTl.exe

C:\Windows\System\LFtihTl.exe

C:\Windows\System\HyelxdQ.exe

C:\Windows\System\HyelxdQ.exe

C:\Windows\System\PUCvtKq.exe

C:\Windows\System\PUCvtKq.exe

C:\Windows\System\ZbtDLIH.exe

C:\Windows\System\ZbtDLIH.exe

C:\Windows\System\ASoqsCJ.exe

C:\Windows\System\ASoqsCJ.exe

C:\Windows\System\RKweiEe.exe

C:\Windows\System\RKweiEe.exe

C:\Windows\System\qXVARxi.exe

C:\Windows\System\qXVARxi.exe

C:\Windows\System\ItcMJcq.exe

C:\Windows\System\ItcMJcq.exe

C:\Windows\System\BrIMaIw.exe

C:\Windows\System\BrIMaIw.exe

C:\Windows\System\YIXzFRC.exe

C:\Windows\System\YIXzFRC.exe

C:\Windows\System\TnBLKML.exe

C:\Windows\System\TnBLKML.exe

C:\Windows\System\CXtazSg.exe

C:\Windows\System\CXtazSg.exe

C:\Windows\System\FrMZXUV.exe

C:\Windows\System\FrMZXUV.exe

C:\Windows\System\TyBMbuT.exe

C:\Windows\System\TyBMbuT.exe

C:\Windows\System\AJqoYbi.exe

C:\Windows\System\AJqoYbi.exe

C:\Windows\System\vOpcfAh.exe

C:\Windows\System\vOpcfAh.exe

C:\Windows\System\jMvJOZX.exe

C:\Windows\System\jMvJOZX.exe

C:\Windows\System\wvrHGsG.exe

C:\Windows\System\wvrHGsG.exe

C:\Windows\System\nSBGhXw.exe

C:\Windows\System\nSBGhXw.exe

C:\Windows\System\KlOGdYI.exe

C:\Windows\System\KlOGdYI.exe

C:\Windows\System\dcRtMBl.exe

C:\Windows\System\dcRtMBl.exe

C:\Windows\System\bBACcEz.exe

C:\Windows\System\bBACcEz.exe

C:\Windows\System\aQlnMDp.exe

C:\Windows\System\aQlnMDp.exe

C:\Windows\System\zMAbvcN.exe

C:\Windows\System\zMAbvcN.exe

C:\Windows\System\KLcpQzn.exe

C:\Windows\System\KLcpQzn.exe

C:\Windows\System\BsEmzrM.exe

C:\Windows\System\BsEmzrM.exe

C:\Windows\System\mrAVmNx.exe

C:\Windows\System\mrAVmNx.exe

C:\Windows\System\xsurdoZ.exe

C:\Windows\System\xsurdoZ.exe

C:\Windows\System\WIhThqC.exe

C:\Windows\System\WIhThqC.exe

C:\Windows\System\QhqwCNz.exe

C:\Windows\System\QhqwCNz.exe

C:\Windows\System\amjHLjn.exe

C:\Windows\System\amjHLjn.exe

C:\Windows\System\akhciEH.exe

C:\Windows\System\akhciEH.exe

C:\Windows\System\VtLBjrd.exe

C:\Windows\System\VtLBjrd.exe

C:\Windows\System\biBgPhI.exe

C:\Windows\System\biBgPhI.exe

C:\Windows\System\tpHuAWK.exe

C:\Windows\System\tpHuAWK.exe

C:\Windows\System\udaezYX.exe

C:\Windows\System\udaezYX.exe

C:\Windows\System\nwxSokM.exe

C:\Windows\System\nwxSokM.exe

C:\Windows\System\gKVJvgH.exe

C:\Windows\System\gKVJvgH.exe

C:\Windows\System\CYGAdNA.exe

C:\Windows\System\CYGAdNA.exe

C:\Windows\System\ObJzpNR.exe

C:\Windows\System\ObJzpNR.exe

C:\Windows\System\jxBlbGY.exe

C:\Windows\System\jxBlbGY.exe

C:\Windows\System\Vlsvvch.exe

C:\Windows\System\Vlsvvch.exe

C:\Windows\System\UKSwlbO.exe

C:\Windows\System\UKSwlbO.exe

C:\Windows\System\ogpzBDw.exe

C:\Windows\System\ogpzBDw.exe

C:\Windows\System\xEEJusG.exe

C:\Windows\System\xEEJusG.exe

C:\Windows\System\BUEtQPZ.exe

C:\Windows\System\BUEtQPZ.exe

C:\Windows\System\sMdtEGz.exe

C:\Windows\System\sMdtEGz.exe

C:\Windows\System\pomdkYf.exe

C:\Windows\System\pomdkYf.exe

C:\Windows\System\upgMxgX.exe

C:\Windows\System\upgMxgX.exe

C:\Windows\System\AAqFahI.exe

C:\Windows\System\AAqFahI.exe

C:\Windows\System\YuZoPiA.exe

C:\Windows\System\YuZoPiA.exe

C:\Windows\System\RbrSInl.exe

C:\Windows\System\RbrSInl.exe

C:\Windows\System\ALaJvBF.exe

C:\Windows\System\ALaJvBF.exe

C:\Windows\System\soVsNOf.exe

C:\Windows\System\soVsNOf.exe

C:\Windows\System\CKTnIsi.exe

C:\Windows\System\CKTnIsi.exe

C:\Windows\System\hUlbaWx.exe

C:\Windows\System\hUlbaWx.exe

C:\Windows\System\ffSoEhg.exe

C:\Windows\System\ffSoEhg.exe

C:\Windows\System\fHLpxmG.exe

C:\Windows\System\fHLpxmG.exe

C:\Windows\System\gKOAnSp.exe

C:\Windows\System\gKOAnSp.exe

C:\Windows\System\eTWzOlm.exe

C:\Windows\System\eTWzOlm.exe

C:\Windows\System\xwwgPuk.exe

C:\Windows\System\xwwgPuk.exe

C:\Windows\System\wMhSYCy.exe

C:\Windows\System\wMhSYCy.exe

C:\Windows\System\CnraKdp.exe

C:\Windows\System\CnraKdp.exe

C:\Windows\System\PtJzGVh.exe

C:\Windows\System\PtJzGVh.exe

C:\Windows\System\CEaHryl.exe

C:\Windows\System\CEaHryl.exe

C:\Windows\System\xxzQcSa.exe

C:\Windows\System\xxzQcSa.exe

C:\Windows\System\tcaGcvO.exe

C:\Windows\System\tcaGcvO.exe

C:\Windows\System\wkfjVHG.exe

C:\Windows\System\wkfjVHG.exe

C:\Windows\System\OMqZgPF.exe

C:\Windows\System\OMqZgPF.exe

C:\Windows\System\pgaQUnv.exe

C:\Windows\System\pgaQUnv.exe

C:\Windows\System\tgZnPoW.exe

C:\Windows\System\tgZnPoW.exe

C:\Windows\System\WHBSklD.exe

C:\Windows\System\WHBSklD.exe

C:\Windows\System\kjwrDpk.exe

C:\Windows\System\kjwrDpk.exe

C:\Windows\System\fVXMznx.exe

C:\Windows\System\fVXMznx.exe

C:\Windows\System\irHkZor.exe

C:\Windows\System\irHkZor.exe

C:\Windows\System\yXbfhTD.exe

C:\Windows\System\yXbfhTD.exe

C:\Windows\System\eEEdsHh.exe

C:\Windows\System\eEEdsHh.exe

C:\Windows\System\lTaWJNU.exe

C:\Windows\System\lTaWJNU.exe

C:\Windows\System\rFFoSTz.exe

C:\Windows\System\rFFoSTz.exe

C:\Windows\System\ZdRfrgi.exe

C:\Windows\System\ZdRfrgi.exe

C:\Windows\System\zPHxPjI.exe

C:\Windows\System\zPHxPjI.exe

C:\Windows\System\DMfHAtC.exe

C:\Windows\System\DMfHAtC.exe

C:\Windows\System\eMANsbn.exe

C:\Windows\System\eMANsbn.exe

C:\Windows\System\lcGdFhH.exe

C:\Windows\System\lcGdFhH.exe

C:\Windows\System\BlHFoWw.exe

C:\Windows\System\BlHFoWw.exe

C:\Windows\System\YoRbYRS.exe

C:\Windows\System\YoRbYRS.exe

C:\Windows\System\bXxgTbc.exe

C:\Windows\System\bXxgTbc.exe

C:\Windows\System\HSHVsRS.exe

C:\Windows\System\HSHVsRS.exe

C:\Windows\System\TrsBZtV.exe

C:\Windows\System\TrsBZtV.exe

C:\Windows\System\QHOCAXn.exe

C:\Windows\System\QHOCAXn.exe

C:\Windows\System\ihNQVnO.exe

C:\Windows\System\ihNQVnO.exe

C:\Windows\System\dnKcOUi.exe

C:\Windows\System\dnKcOUi.exe

C:\Windows\System\xhavDkC.exe

C:\Windows\System\xhavDkC.exe

C:\Windows\System\aqNYWaV.exe

C:\Windows\System\aqNYWaV.exe

C:\Windows\System\aHFlAXl.exe

C:\Windows\System\aHFlAXl.exe

C:\Windows\System\QcDdshp.exe

C:\Windows\System\QcDdshp.exe

C:\Windows\System\nlzUpHh.exe

C:\Windows\System\nlzUpHh.exe

C:\Windows\System\osxeiXe.exe

C:\Windows\System\osxeiXe.exe

C:\Windows\System\sEhDNfu.exe

C:\Windows\System\sEhDNfu.exe

C:\Windows\System\NopSrnf.exe

C:\Windows\System\NopSrnf.exe

C:\Windows\System\PphEPJv.exe

C:\Windows\System\PphEPJv.exe

C:\Windows\System\cVcrdVa.exe

C:\Windows\System\cVcrdVa.exe

C:\Windows\System\fyNCnBs.exe

C:\Windows\System\fyNCnBs.exe

C:\Windows\System\nOOBwsv.exe

C:\Windows\System\nOOBwsv.exe

C:\Windows\System\CPGxmbW.exe

C:\Windows\System\CPGxmbW.exe

C:\Windows\System\hkGwvNa.exe

C:\Windows\System\hkGwvNa.exe

C:\Windows\System\mgwPlFj.exe

C:\Windows\System\mgwPlFj.exe

C:\Windows\System\PsqqzVT.exe

C:\Windows\System\PsqqzVT.exe

C:\Windows\System\oHFYDJH.exe

C:\Windows\System\oHFYDJH.exe

C:\Windows\System\ZIQddft.exe

C:\Windows\System\ZIQddft.exe

C:\Windows\System\UHZiUJO.exe

C:\Windows\System\UHZiUJO.exe

C:\Windows\System\FKgOmQz.exe

C:\Windows\System\FKgOmQz.exe

C:\Windows\System\EYbwdbw.exe

C:\Windows\System\EYbwdbw.exe

C:\Windows\System\VGhMAbn.exe

C:\Windows\System\VGhMAbn.exe

C:\Windows\System\dwPxlCq.exe

C:\Windows\System\dwPxlCq.exe

C:\Windows\System\owsxaYq.exe

C:\Windows\System\owsxaYq.exe

C:\Windows\System\CqCummm.exe

C:\Windows\System\CqCummm.exe

C:\Windows\System\phnlypn.exe

C:\Windows\System\phnlypn.exe

C:\Windows\System\GoKDzaR.exe

C:\Windows\System\GoKDzaR.exe

C:\Windows\System\ZAHaHtH.exe

C:\Windows\System\ZAHaHtH.exe

C:\Windows\System\EprFPyV.exe

C:\Windows\System\EprFPyV.exe

C:\Windows\System\uRSBYuU.exe

C:\Windows\System\uRSBYuU.exe

C:\Windows\System\LZGviKg.exe

C:\Windows\System\LZGviKg.exe

C:\Windows\System\VOmzWvn.exe

C:\Windows\System\VOmzWvn.exe

C:\Windows\System\ciSoivU.exe

C:\Windows\System\ciSoivU.exe

C:\Windows\System\PIjgfjX.exe

C:\Windows\System\PIjgfjX.exe

C:\Windows\System\jhCctBu.exe

C:\Windows\System\jhCctBu.exe

C:\Windows\System\XoJNaPe.exe

C:\Windows\System\XoJNaPe.exe

C:\Windows\System\PMWxRjJ.exe

C:\Windows\System\PMWxRjJ.exe

C:\Windows\System\BkqxTtM.exe

C:\Windows\System\BkqxTtM.exe

C:\Windows\System\KXdNMwx.exe

C:\Windows\System\KXdNMwx.exe

C:\Windows\System\hZcUaNw.exe

C:\Windows\System\hZcUaNw.exe

C:\Windows\System\kYUFltH.exe

C:\Windows\System\kYUFltH.exe

C:\Windows\System\AdBSuez.exe

C:\Windows\System\AdBSuez.exe

C:\Windows\System\FmGMspz.exe

C:\Windows\System\FmGMspz.exe

C:\Windows\System\ecbXdDL.exe

C:\Windows\System\ecbXdDL.exe

C:\Windows\System\FzDAwsR.exe

C:\Windows\System\FzDAwsR.exe

C:\Windows\System\HvCmhvo.exe

C:\Windows\System\HvCmhvo.exe

C:\Windows\System\sntbulx.exe

C:\Windows\System\sntbulx.exe

C:\Windows\System\LXjhmeH.exe

C:\Windows\System\LXjhmeH.exe

C:\Windows\System\VQpcKOX.exe

C:\Windows\System\VQpcKOX.exe

C:\Windows\System\GXgHoGw.exe

C:\Windows\System\GXgHoGw.exe

C:\Windows\System\zGqKfZs.exe

C:\Windows\System\zGqKfZs.exe

C:\Windows\System\jnRCDMp.exe

C:\Windows\System\jnRCDMp.exe

C:\Windows\System\LKGUTcx.exe

C:\Windows\System\LKGUTcx.exe

C:\Windows\System\vvFsJIR.exe

C:\Windows\System\vvFsJIR.exe

C:\Windows\System\VKwYdok.exe

C:\Windows\System\VKwYdok.exe

C:\Windows\System\ELIShqO.exe

C:\Windows\System\ELIShqO.exe

C:\Windows\System\tMRUKTE.exe

C:\Windows\System\tMRUKTE.exe

C:\Windows\System\wHjEmGn.exe

C:\Windows\System\wHjEmGn.exe

C:\Windows\System\huLnaqb.exe

C:\Windows\System\huLnaqb.exe

C:\Windows\System\HGaIFjR.exe

C:\Windows\System\HGaIFjR.exe

C:\Windows\System\UUHIKNb.exe

C:\Windows\System\UUHIKNb.exe

C:\Windows\System\rzyHQaX.exe

C:\Windows\System\rzyHQaX.exe

C:\Windows\System\xGiPZiS.exe

C:\Windows\System\xGiPZiS.exe

C:\Windows\System\KGlTOai.exe

C:\Windows\System\KGlTOai.exe

C:\Windows\System\XoMfjIX.exe

C:\Windows\System\XoMfjIX.exe

C:\Windows\System\HmRgsDF.exe

C:\Windows\System\HmRgsDF.exe

C:\Windows\System\cYeIdyU.exe

C:\Windows\System\cYeIdyU.exe

C:\Windows\System\mGFBzTM.exe

C:\Windows\System\mGFBzTM.exe

C:\Windows\System\SVuxeRR.exe

C:\Windows\System\SVuxeRR.exe

C:\Windows\System\vwPKHgx.exe

C:\Windows\System\vwPKHgx.exe

C:\Windows\System\CyfrvZX.exe

C:\Windows\System\CyfrvZX.exe

C:\Windows\System\aPvoGkE.exe

C:\Windows\System\aPvoGkE.exe

C:\Windows\System\KppJrzE.exe

C:\Windows\System\KppJrzE.exe

C:\Windows\System\TDvVIuO.exe

C:\Windows\System\TDvVIuO.exe

C:\Windows\System\BotdQDx.exe

C:\Windows\System\BotdQDx.exe

C:\Windows\System\HNUyVMc.exe

C:\Windows\System\HNUyVMc.exe

C:\Windows\System\PyuPoKx.exe

C:\Windows\System\PyuPoKx.exe

C:\Windows\System\SAxPvhP.exe

C:\Windows\System\SAxPvhP.exe

C:\Windows\System\skazmES.exe

C:\Windows\System\skazmES.exe

C:\Windows\System\uIlMoJr.exe

C:\Windows\System\uIlMoJr.exe

C:\Windows\System\nvtjCGy.exe

C:\Windows\System\nvtjCGy.exe

C:\Windows\System\vDPFvzs.exe

C:\Windows\System\vDPFvzs.exe

C:\Windows\System\tiHJqXN.exe

C:\Windows\System\tiHJqXN.exe

C:\Windows\System\gPSeaFd.exe

C:\Windows\System\gPSeaFd.exe

C:\Windows\System\goEBtlV.exe

C:\Windows\System\goEBtlV.exe

C:\Windows\System\EZKktDr.exe

C:\Windows\System\EZKktDr.exe

C:\Windows\System\WFtloDb.exe

C:\Windows\System\WFtloDb.exe

C:\Windows\System\ZuvWusj.exe

C:\Windows\System\ZuvWusj.exe

C:\Windows\System\DleDKnG.exe

C:\Windows\System\DleDKnG.exe

C:\Windows\System\AhNFNEl.exe

C:\Windows\System\AhNFNEl.exe

C:\Windows\System\uQTZEGA.exe

C:\Windows\System\uQTZEGA.exe

C:\Windows\System\sSacRtA.exe

C:\Windows\System\sSacRtA.exe

C:\Windows\System\TPTMhSZ.exe

C:\Windows\System\TPTMhSZ.exe

C:\Windows\System\KrvAlAV.exe

C:\Windows\System\KrvAlAV.exe

C:\Windows\System\OjvZKbx.exe

C:\Windows\System\OjvZKbx.exe

C:\Windows\System\FevoWLn.exe

C:\Windows\System\FevoWLn.exe

C:\Windows\System\ZHQgKZT.exe

C:\Windows\System\ZHQgKZT.exe

C:\Windows\System\lYYJHoP.exe

C:\Windows\System\lYYJHoP.exe

C:\Windows\System\xtklAbT.exe

C:\Windows\System\xtklAbT.exe

C:\Windows\System\etxcfZo.exe

C:\Windows\System\etxcfZo.exe

C:\Windows\System\pcoMNKd.exe

C:\Windows\System\pcoMNKd.exe

C:\Windows\System\iooDcXb.exe

C:\Windows\System\iooDcXb.exe

C:\Windows\System\ysdzBTh.exe

C:\Windows\System\ysdzBTh.exe

C:\Windows\System\WzvKDND.exe

C:\Windows\System\WzvKDND.exe

C:\Windows\System\FUCAHgf.exe

C:\Windows\System\FUCAHgf.exe

C:\Windows\System\zwsAuds.exe

C:\Windows\System\zwsAuds.exe

C:\Windows\System\SpmyNhf.exe

C:\Windows\System\SpmyNhf.exe

C:\Windows\System\KwxkyVA.exe

C:\Windows\System\KwxkyVA.exe

C:\Windows\System\ykUuQby.exe

C:\Windows\System\ykUuQby.exe

C:\Windows\System\BVPWbGX.exe

C:\Windows\System\BVPWbGX.exe

C:\Windows\System\KALnfWt.exe

C:\Windows\System\KALnfWt.exe

C:\Windows\System\ZANBvbG.exe

C:\Windows\System\ZANBvbG.exe

C:\Windows\System\ryarOBX.exe

C:\Windows\System\ryarOBX.exe

C:\Windows\System\qVqJFza.exe

C:\Windows\System\qVqJFza.exe

C:\Windows\System\ZzBynOl.exe

C:\Windows\System\ZzBynOl.exe

C:\Windows\System\MzJQBJu.exe

C:\Windows\System\MzJQBJu.exe

C:\Windows\System\FJuMTTv.exe

C:\Windows\System\FJuMTTv.exe

C:\Windows\System\EBxrSRh.exe

C:\Windows\System\EBxrSRh.exe

C:\Windows\System\nSAeWRT.exe

C:\Windows\System\nSAeWRT.exe

C:\Windows\System\ZDgwjZM.exe

C:\Windows\System\ZDgwjZM.exe

C:\Windows\System\PSnvcYL.exe

C:\Windows\System\PSnvcYL.exe

C:\Windows\System\Undxxoj.exe

C:\Windows\System\Undxxoj.exe

C:\Windows\System\hiDYrDn.exe

C:\Windows\System\hiDYrDn.exe

C:\Windows\System\FKpWkle.exe

C:\Windows\System\FKpWkle.exe

C:\Windows\System\zxTsNwS.exe

C:\Windows\System\zxTsNwS.exe

C:\Windows\System\cotWnoC.exe

C:\Windows\System\cotWnoC.exe

C:\Windows\System\bZLxNdk.exe

C:\Windows\System\bZLxNdk.exe

C:\Windows\System\MeBnNkn.exe

C:\Windows\System\MeBnNkn.exe

C:\Windows\System\ICmbnID.exe

C:\Windows\System\ICmbnID.exe

C:\Windows\System\ehdfnKT.exe

C:\Windows\System\ehdfnKT.exe

C:\Windows\System\aFNZJIL.exe

C:\Windows\System\aFNZJIL.exe

C:\Windows\System\iLXZzNK.exe

C:\Windows\System\iLXZzNK.exe

C:\Windows\System\OKzPqOW.exe

C:\Windows\System\OKzPqOW.exe

C:\Windows\System\CAIbdPL.exe

C:\Windows\System\CAIbdPL.exe

C:\Windows\System\ASdnzwD.exe

C:\Windows\System\ASdnzwD.exe

C:\Windows\System\cgjLJAl.exe

C:\Windows\System\cgjLJAl.exe

C:\Windows\System\oYZygOA.exe

C:\Windows\System\oYZygOA.exe

C:\Windows\System\JLWjsEN.exe

C:\Windows\System\JLWjsEN.exe

C:\Windows\System\FrMOscJ.exe

C:\Windows\System\FrMOscJ.exe

C:\Windows\System\CKCXvxb.exe

C:\Windows\System\CKCXvxb.exe

C:\Windows\System\GRgWmvT.exe

C:\Windows\System\GRgWmvT.exe

C:\Windows\System\cNfoJLI.exe

C:\Windows\System\cNfoJLI.exe

C:\Windows\System\dLkOkHH.exe

C:\Windows\System\dLkOkHH.exe

C:\Windows\System\etWmMYi.exe

C:\Windows\System\etWmMYi.exe

C:\Windows\System\RLCiuQL.exe

C:\Windows\System\RLCiuQL.exe

C:\Windows\System\tdTYSgd.exe

C:\Windows\System\tdTYSgd.exe

C:\Windows\System\bOcOELM.exe

C:\Windows\System\bOcOELM.exe

C:\Windows\System\OTcaGCK.exe

C:\Windows\System\OTcaGCK.exe

C:\Windows\System\ssQoYaW.exe

C:\Windows\System\ssQoYaW.exe

C:\Windows\System\sQZRsmO.exe

C:\Windows\System\sQZRsmO.exe

C:\Windows\System\NkqpUZl.exe

C:\Windows\System\NkqpUZl.exe

C:\Windows\System\aMYBSmb.exe

C:\Windows\System\aMYBSmb.exe

C:\Windows\System\naiwYJI.exe

C:\Windows\System\naiwYJI.exe

C:\Windows\System\rDDOsQp.exe

C:\Windows\System\rDDOsQp.exe

C:\Windows\System\gsvIxlP.exe

C:\Windows\System\gsvIxlP.exe

C:\Windows\System\OGNWZuO.exe

C:\Windows\System\OGNWZuO.exe

C:\Windows\System\KLQNSwK.exe

C:\Windows\System\KLQNSwK.exe

C:\Windows\System\DKXYNZC.exe

C:\Windows\System\DKXYNZC.exe

C:\Windows\System\ncFrrVH.exe

C:\Windows\System\ncFrrVH.exe

C:\Windows\System\hifYIBc.exe

C:\Windows\System\hifYIBc.exe

C:\Windows\System\GOiMrXj.exe

C:\Windows\System\GOiMrXj.exe

C:\Windows\System\DSeSEvM.exe

C:\Windows\System\DSeSEvM.exe

C:\Windows\System\IRkvJgt.exe

C:\Windows\System\IRkvJgt.exe

C:\Windows\System\wFFuebp.exe

C:\Windows\System\wFFuebp.exe

C:\Windows\System\rJspBNq.exe

C:\Windows\System\rJspBNq.exe

C:\Windows\System\UMzTJoK.exe

C:\Windows\System\UMzTJoK.exe

C:\Windows\System\tkVEzGs.exe

C:\Windows\System\tkVEzGs.exe

C:\Windows\System\hRDejJa.exe

C:\Windows\System\hRDejJa.exe

C:\Windows\System\htkXTXS.exe

C:\Windows\System\htkXTXS.exe

C:\Windows\System\kObJrFQ.exe

C:\Windows\System\kObJrFQ.exe

C:\Windows\System\cYsyRXj.exe

C:\Windows\System\cYsyRXj.exe

C:\Windows\System\ZGfZRwo.exe

C:\Windows\System\ZGfZRwo.exe

C:\Windows\System\ZJDPrQu.exe

C:\Windows\System\ZJDPrQu.exe

C:\Windows\System\bAWnXAv.exe

C:\Windows\System\bAWnXAv.exe

C:\Windows\System\GRNOyYA.exe

C:\Windows\System\GRNOyYA.exe

C:\Windows\System\oJBHCUa.exe

C:\Windows\System\oJBHCUa.exe

C:\Windows\System\VnfFeOi.exe

C:\Windows\System\VnfFeOi.exe

C:\Windows\System\tenuTIK.exe

C:\Windows\System\tenuTIK.exe

C:\Windows\System\fJjIORW.exe

C:\Windows\System\fJjIORW.exe

C:\Windows\System\QKtygnd.exe

C:\Windows\System\QKtygnd.exe

C:\Windows\System\kuBChRU.exe

C:\Windows\System\kuBChRU.exe

C:\Windows\System\PFbLtmk.exe

C:\Windows\System\PFbLtmk.exe

C:\Windows\System\kQczoTs.exe

C:\Windows\System\kQczoTs.exe

C:\Windows\System\jovfVXn.exe

C:\Windows\System\jovfVXn.exe

C:\Windows\System\ZSqyEOA.exe

C:\Windows\System\ZSqyEOA.exe

C:\Windows\System\SrvBtqo.exe

C:\Windows\System\SrvBtqo.exe

C:\Windows\System\BGiabrm.exe

C:\Windows\System\BGiabrm.exe

C:\Windows\System\bfwDIEy.exe

C:\Windows\System\bfwDIEy.exe

C:\Windows\System\DyGVgxd.exe

C:\Windows\System\DyGVgxd.exe

C:\Windows\System\eJpLdEp.exe

C:\Windows\System\eJpLdEp.exe

C:\Windows\System\AnczTdo.exe

C:\Windows\System\AnczTdo.exe

C:\Windows\System\cqQFTcP.exe

C:\Windows\System\cqQFTcP.exe

C:\Windows\System\oiYudEh.exe

C:\Windows\System\oiYudEh.exe

C:\Windows\System\tztCjQE.exe

C:\Windows\System\tztCjQE.exe

C:\Windows\System\GjykwYr.exe

C:\Windows\System\GjykwYr.exe

C:\Windows\System\KCNJEwq.exe

C:\Windows\System\KCNJEwq.exe

C:\Windows\System\QrzjZii.exe

C:\Windows\System\QrzjZii.exe

C:\Windows\System\XUeedBu.exe

C:\Windows\System\XUeedBu.exe

C:\Windows\System\dRzfQLx.exe

C:\Windows\System\dRzfQLx.exe

C:\Windows\System\cklUKHi.exe

C:\Windows\System\cklUKHi.exe

C:\Windows\System\SVaeKNx.exe

C:\Windows\System\SVaeKNx.exe

C:\Windows\System\CCZENWm.exe

C:\Windows\System\CCZENWm.exe

C:\Windows\System\eHdZXYu.exe

C:\Windows\System\eHdZXYu.exe

C:\Windows\System\ZRsDSeM.exe

C:\Windows\System\ZRsDSeM.exe

C:\Windows\System\FZZzCgW.exe

C:\Windows\System\FZZzCgW.exe

C:\Windows\System\HbXmXEW.exe

C:\Windows\System\HbXmXEW.exe

C:\Windows\System\lxuBjrr.exe

C:\Windows\System\lxuBjrr.exe

C:\Windows\System\srevqOW.exe

C:\Windows\System\srevqOW.exe

C:\Windows\System\yJEoHPf.exe

C:\Windows\System\yJEoHPf.exe

C:\Windows\System\WJfKKGk.exe

C:\Windows\System\WJfKKGk.exe

C:\Windows\System\SOSUVWD.exe

C:\Windows\System\SOSUVWD.exe

C:\Windows\System\UJnOfsw.exe

C:\Windows\System\UJnOfsw.exe

C:\Windows\System\eMGBatU.exe

C:\Windows\System\eMGBatU.exe

C:\Windows\System\dsywrsu.exe

C:\Windows\System\dsywrsu.exe

C:\Windows\System\IaswZrV.exe

C:\Windows\System\IaswZrV.exe

C:\Windows\System\ZbUOiIE.exe

C:\Windows\System\ZbUOiIE.exe

C:\Windows\System\OuDUGsI.exe

C:\Windows\System\OuDUGsI.exe

C:\Windows\System\dUtOlFM.exe

C:\Windows\System\dUtOlFM.exe

C:\Windows\System\XNIBdCz.exe

C:\Windows\System\XNIBdCz.exe

C:\Windows\System\zpgHdja.exe

C:\Windows\System\zpgHdja.exe

C:\Windows\System\HzIsSFX.exe

C:\Windows\System\HzIsSFX.exe

C:\Windows\System\eiEFJVw.exe

C:\Windows\System\eiEFJVw.exe

C:\Windows\System\MzudeLo.exe

C:\Windows\System\MzudeLo.exe

C:\Windows\System\LHxMSzF.exe

C:\Windows\System\LHxMSzF.exe

C:\Windows\System\SgYjheC.exe

C:\Windows\System\SgYjheC.exe

C:\Windows\System\HLYbLqD.exe

C:\Windows\System\HLYbLqD.exe

C:\Windows\System\kRqiyjG.exe

C:\Windows\System\kRqiyjG.exe

C:\Windows\System\FkZvWyc.exe

C:\Windows\System\FkZvWyc.exe

C:\Windows\System\njWIcaq.exe

C:\Windows\System\njWIcaq.exe

C:\Windows\System\HRxRQjI.exe

C:\Windows\System\HRxRQjI.exe

C:\Windows\System\XTxKulx.exe

C:\Windows\System\XTxKulx.exe

C:\Windows\System\pNyQKKF.exe

C:\Windows\System\pNyQKKF.exe

C:\Windows\System\MqiZHmO.exe

C:\Windows\System\MqiZHmO.exe

C:\Windows\System\ZCKKIKC.exe

C:\Windows\System\ZCKKIKC.exe

C:\Windows\System\TkcjAow.exe

C:\Windows\System\TkcjAow.exe

C:\Windows\System\yPdBAvq.exe

C:\Windows\System\yPdBAvq.exe

C:\Windows\System\ZjAZhLL.exe

C:\Windows\System\ZjAZhLL.exe

C:\Windows\System\TQHKqcq.exe

C:\Windows\System\TQHKqcq.exe

C:\Windows\System\VcrkJiQ.exe

C:\Windows\System\VcrkJiQ.exe

C:\Windows\System\gXgOJPe.exe

C:\Windows\System\gXgOJPe.exe

C:\Windows\System\qqIfkve.exe

C:\Windows\System\qqIfkve.exe

C:\Windows\System\HdVeFKs.exe

C:\Windows\System\HdVeFKs.exe

C:\Windows\System\vcafVsH.exe

C:\Windows\System\vcafVsH.exe

C:\Windows\System\bHZDwtK.exe

C:\Windows\System\bHZDwtK.exe

C:\Windows\System\RDSVbee.exe

C:\Windows\System\RDSVbee.exe

C:\Windows\System\uFTFMpY.exe

C:\Windows\System\uFTFMpY.exe

C:\Windows\System\IBgZASY.exe

C:\Windows\System\IBgZASY.exe

C:\Windows\System\SFvQZAv.exe

C:\Windows\System\SFvQZAv.exe

C:\Windows\System\eZEcxFT.exe

C:\Windows\System\eZEcxFT.exe

C:\Windows\System\LlSMmdg.exe

C:\Windows\System\LlSMmdg.exe

C:\Windows\System\GDSqrmC.exe

C:\Windows\System\GDSqrmC.exe

C:\Windows\System\bwvcZAj.exe

C:\Windows\System\bwvcZAj.exe

C:\Windows\System\UMrwCis.exe

C:\Windows\System\UMrwCis.exe

C:\Windows\System\gPMmSnN.exe

C:\Windows\System\gPMmSnN.exe

C:\Windows\System\IoSgaSy.exe

C:\Windows\System\IoSgaSy.exe

C:\Windows\System\AMlxBis.exe

C:\Windows\System\AMlxBis.exe

C:\Windows\System\AhyRAxl.exe

C:\Windows\System\AhyRAxl.exe

C:\Windows\System\QrtsYEG.exe

C:\Windows\System\QrtsYEG.exe

C:\Windows\System\zKdlHmq.exe

C:\Windows\System\zKdlHmq.exe

C:\Windows\System\FQoETXQ.exe

C:\Windows\System\FQoETXQ.exe

C:\Windows\System\ipkNYAn.exe

C:\Windows\System\ipkNYAn.exe

C:\Windows\System\dOfWsqd.exe

C:\Windows\System\dOfWsqd.exe

C:\Windows\System\pfFKmzZ.exe

C:\Windows\System\pfFKmzZ.exe

C:\Windows\System\UycPCEf.exe

C:\Windows\System\UycPCEf.exe

C:\Windows\System\zsiulxw.exe

C:\Windows\System\zsiulxw.exe

C:\Windows\System\qQgwIJV.exe

C:\Windows\System\qQgwIJV.exe

C:\Windows\System\vbEhmeq.exe

C:\Windows\System\vbEhmeq.exe

C:\Windows\System\uDCLGYr.exe

C:\Windows\System\uDCLGYr.exe

C:\Windows\System\tpbSWuF.exe

C:\Windows\System\tpbSWuF.exe

C:\Windows\System\XNSaYYk.exe

C:\Windows\System\XNSaYYk.exe

C:\Windows\System\kFMHsQw.exe

C:\Windows\System\kFMHsQw.exe

C:\Windows\System\TNDBFOK.exe

C:\Windows\System\TNDBFOK.exe

C:\Windows\System\veRWxCA.exe

C:\Windows\System\veRWxCA.exe

C:\Windows\System\eMDZMRJ.exe

C:\Windows\System\eMDZMRJ.exe

C:\Windows\System\yDfIRzn.exe

C:\Windows\System\yDfIRzn.exe

C:\Windows\System\wpdpGTo.exe

C:\Windows\System\wpdpGTo.exe

C:\Windows\System\xhNrLzW.exe

C:\Windows\System\xhNrLzW.exe

C:\Windows\System\HAVttcC.exe

C:\Windows\System\HAVttcC.exe

C:\Windows\System\Bmfwjyo.exe

C:\Windows\System\Bmfwjyo.exe

C:\Windows\System\ITpgYbe.exe

C:\Windows\System\ITpgYbe.exe

C:\Windows\System\wQLkVTq.exe

C:\Windows\System\wQLkVTq.exe

C:\Windows\System\yXolKGM.exe

C:\Windows\System\yXolKGM.exe

C:\Windows\System\zCAQNuj.exe

C:\Windows\System\zCAQNuj.exe

C:\Windows\System\LznEOht.exe

C:\Windows\System\LznEOht.exe

C:\Windows\System\cLKgqsY.exe

C:\Windows\System\cLKgqsY.exe

C:\Windows\System\dOYdgHp.exe

C:\Windows\System\dOYdgHp.exe

C:\Windows\System\MFzidqv.exe

C:\Windows\System\MFzidqv.exe

C:\Windows\System\SApznmu.exe

C:\Windows\System\SApznmu.exe

C:\Windows\System\FgumJOP.exe

C:\Windows\System\FgumJOP.exe

C:\Windows\System\nrerGlR.exe

C:\Windows\System\nrerGlR.exe

C:\Windows\System\OeyjyRH.exe

C:\Windows\System\OeyjyRH.exe

C:\Windows\System\JquwPGd.exe

C:\Windows\System\JquwPGd.exe

C:\Windows\System\oefVqZf.exe

C:\Windows\System\oefVqZf.exe

C:\Windows\System\THlIrBL.exe

C:\Windows\System\THlIrBL.exe

C:\Windows\System\FspzbRE.exe

C:\Windows\System\FspzbRE.exe

C:\Windows\System\RojgoPk.exe

C:\Windows\System\RojgoPk.exe

C:\Windows\System\qxpvdPQ.exe

C:\Windows\System\qxpvdPQ.exe

C:\Windows\System\dZCTHoW.exe

C:\Windows\System\dZCTHoW.exe

C:\Windows\System\HgmvxUs.exe

C:\Windows\System\HgmvxUs.exe

C:\Windows\System\XSbZpPy.exe

C:\Windows\System\XSbZpPy.exe

C:\Windows\System\mGQMGhA.exe

C:\Windows\System\mGQMGhA.exe

C:\Windows\System\nxfvVfu.exe

C:\Windows\System\nxfvVfu.exe

C:\Windows\System\kOmmWRD.exe

C:\Windows\System\kOmmWRD.exe

C:\Windows\System\tioXSYa.exe

C:\Windows\System\tioXSYa.exe

C:\Windows\System\RkJtmpB.exe

C:\Windows\System\RkJtmpB.exe

C:\Windows\System\hUTSZxQ.exe

C:\Windows\System\hUTSZxQ.exe

C:\Windows\System\kHQresl.exe

C:\Windows\System\kHQresl.exe

C:\Windows\System\BLugtoG.exe

C:\Windows\System\BLugtoG.exe

C:\Windows\System\qQJWQpP.exe

C:\Windows\System\qQJWQpP.exe

C:\Windows\System\jCZhVag.exe

C:\Windows\System\jCZhVag.exe

C:\Windows\System\vtEBFZy.exe

C:\Windows\System\vtEBFZy.exe

C:\Windows\System\qbWfhjC.exe

C:\Windows\System\qbWfhjC.exe

C:\Windows\System\SfXaXJo.exe

C:\Windows\System\SfXaXJo.exe

C:\Windows\System\IOMUNxh.exe

C:\Windows\System\IOMUNxh.exe

C:\Windows\System\RhBgWDJ.exe

C:\Windows\System\RhBgWDJ.exe

C:\Windows\System\PruBDcX.exe

C:\Windows\System\PruBDcX.exe

C:\Windows\System\iLxduoz.exe

C:\Windows\System\iLxduoz.exe

C:\Windows\System\YCZiGxV.exe

C:\Windows\System\YCZiGxV.exe

C:\Windows\System\PQvqGve.exe

C:\Windows\System\PQvqGve.exe

C:\Windows\System\aVUWZXB.exe

C:\Windows\System\aVUWZXB.exe

C:\Windows\System\WvhwEjb.exe

C:\Windows\System\WvhwEjb.exe

C:\Windows\System\ZSFjqYH.exe

C:\Windows\System\ZSFjqYH.exe

C:\Windows\System\pKePcMR.exe

C:\Windows\System\pKePcMR.exe

C:\Windows\System\HtGDmDk.exe

C:\Windows\System\HtGDmDk.exe

C:\Windows\System\usXwJdT.exe

C:\Windows\System\usXwJdT.exe

C:\Windows\System\UYCgKRY.exe

C:\Windows\System\UYCgKRY.exe

C:\Windows\System\UsDFxfn.exe

C:\Windows\System\UsDFxfn.exe

C:\Windows\System\hATLaTU.exe

C:\Windows\System\hATLaTU.exe

C:\Windows\System\mzjuROK.exe

C:\Windows\System\mzjuROK.exe

C:\Windows\System\hBIlnFC.exe

C:\Windows\System\hBIlnFC.exe

C:\Windows\System\CwlrnrX.exe

C:\Windows\System\CwlrnrX.exe

C:\Windows\System\HUUzAiU.exe

C:\Windows\System\HUUzAiU.exe

C:\Windows\System\HmriEEs.exe

C:\Windows\System\HmriEEs.exe

C:\Windows\System\QUmQkGt.exe

C:\Windows\System\QUmQkGt.exe

C:\Windows\System\CMHVFJw.exe

C:\Windows\System\CMHVFJw.exe

C:\Windows\System\nQDtSVC.exe

C:\Windows\System\nQDtSVC.exe

C:\Windows\System\axurIqM.exe

C:\Windows\System\axurIqM.exe

C:\Windows\System\hNnjakI.exe

C:\Windows\System\hNnjakI.exe

C:\Windows\System\TNppgDG.exe

C:\Windows\System\TNppgDG.exe

C:\Windows\System\cFEoaSb.exe

C:\Windows\System\cFEoaSb.exe

C:\Windows\System\IfXuMkr.exe

C:\Windows\System\IfXuMkr.exe

C:\Windows\System\uBDwnHW.exe

C:\Windows\System\uBDwnHW.exe

C:\Windows\System\qpNWeKh.exe

C:\Windows\System\qpNWeKh.exe

C:\Windows\System\lfdLdSD.exe

C:\Windows\System\lfdLdSD.exe

C:\Windows\System\iZAYunK.exe

C:\Windows\System\iZAYunK.exe

C:\Windows\System\GlKcRIH.exe

C:\Windows\System\GlKcRIH.exe

C:\Windows\System\EAxVLxa.exe

C:\Windows\System\EAxVLxa.exe

C:\Windows\System\nXvRtIt.exe

C:\Windows\System\nXvRtIt.exe

C:\Windows\System\nECFwOZ.exe

C:\Windows\System\nECFwOZ.exe

C:\Windows\System\KPSJWYX.exe

C:\Windows\System\KPSJWYX.exe

C:\Windows\System\PuZjqJF.exe

C:\Windows\System\PuZjqJF.exe

C:\Windows\System\CbPrDtn.exe

C:\Windows\System\CbPrDtn.exe

C:\Windows\System\vzxIFqK.exe

C:\Windows\System\vzxIFqK.exe

C:\Windows\System\ilIjTGN.exe

C:\Windows\System\ilIjTGN.exe

C:\Windows\System\EQYeVOV.exe

C:\Windows\System\EQYeVOV.exe

C:\Windows\System\RGqBlPQ.exe

C:\Windows\System\RGqBlPQ.exe

C:\Windows\System\zlBXTYs.exe

C:\Windows\System\zlBXTYs.exe

C:\Windows\System\hdTBNJe.exe

C:\Windows\System\hdTBNJe.exe

C:\Windows\System\JrykQyh.exe

C:\Windows\System\JrykQyh.exe

C:\Windows\System\TNqBpWs.exe

C:\Windows\System\TNqBpWs.exe

C:\Windows\System\vGAoYIB.exe

C:\Windows\System\vGAoYIB.exe

C:\Windows\System\sLNrAaN.exe

C:\Windows\System\sLNrAaN.exe

C:\Windows\System\lNqjjWB.exe

C:\Windows\System\lNqjjWB.exe

C:\Windows\System\AMdVvAk.exe

C:\Windows\System\AMdVvAk.exe

C:\Windows\System\sFBNSGN.exe

C:\Windows\System\sFBNSGN.exe

C:\Windows\System\RiMJuZO.exe

C:\Windows\System\RiMJuZO.exe

C:\Windows\System\GGQYQUv.exe

C:\Windows\System\GGQYQUv.exe

C:\Windows\System\XBjmPUO.exe

C:\Windows\System\XBjmPUO.exe

C:\Windows\System\gNTGSTF.exe

C:\Windows\System\gNTGSTF.exe

C:\Windows\System\hwSaahS.exe

C:\Windows\System\hwSaahS.exe

C:\Windows\System\BPbZnQi.exe

C:\Windows\System\BPbZnQi.exe

C:\Windows\System\qOqpUIk.exe

C:\Windows\System\qOqpUIk.exe

C:\Windows\System\UOqUTzJ.exe

C:\Windows\System\UOqUTzJ.exe

C:\Windows\System\gvKmiCI.exe

C:\Windows\System\gvKmiCI.exe

C:\Windows\System\CbsSXBR.exe

C:\Windows\System\CbsSXBR.exe

C:\Windows\System\wmSkMMV.exe

C:\Windows\System\wmSkMMV.exe

C:\Windows\System\lfdjuhv.exe

C:\Windows\System\lfdjuhv.exe

C:\Windows\System\IlqTUFB.exe

C:\Windows\System\IlqTUFB.exe

C:\Windows\System\pTmnUTd.exe

C:\Windows\System\pTmnUTd.exe

C:\Windows\System\iZlKOts.exe

C:\Windows\System\iZlKOts.exe

C:\Windows\System\ODmEmqW.exe

C:\Windows\System\ODmEmqW.exe

C:\Windows\System\lhwLWRV.exe

C:\Windows\System\lhwLWRV.exe

C:\Windows\System\uFZSoVk.exe

C:\Windows\System\uFZSoVk.exe

C:\Windows\System\gkBdVrK.exe

C:\Windows\System\gkBdVrK.exe

C:\Windows\System\cXfGpGj.exe

C:\Windows\System\cXfGpGj.exe

C:\Windows\System\ZXxwRMi.exe

C:\Windows\System\ZXxwRMi.exe

C:\Windows\System\sedGskl.exe

C:\Windows\System\sedGskl.exe

C:\Windows\System\gAVKzYC.exe

C:\Windows\System\gAVKzYC.exe

C:\Windows\System\XXBtGtc.exe

C:\Windows\System\XXBtGtc.exe

C:\Windows\System\Yqbogrz.exe

C:\Windows\System\Yqbogrz.exe

C:\Windows\System\WjFTJJP.exe

C:\Windows\System\WjFTJJP.exe

C:\Windows\System\MzrxVqe.exe

C:\Windows\System\MzrxVqe.exe

C:\Windows\System\RssWyDC.exe

C:\Windows\System\RssWyDC.exe

C:\Windows\System\koTNgGF.exe

C:\Windows\System\koTNgGF.exe

C:\Windows\System\ihVPcDw.exe

C:\Windows\System\ihVPcDw.exe

C:\Windows\System\CfjqCdv.exe

C:\Windows\System\CfjqCdv.exe

C:\Windows\System\pUOIiof.exe

C:\Windows\System\pUOIiof.exe

C:\Windows\System\GvEXjHb.exe

C:\Windows\System\GvEXjHb.exe

C:\Windows\System\zaWjYTC.exe

C:\Windows\System\zaWjYTC.exe

C:\Windows\System\MQICqGu.exe

C:\Windows\System\MQICqGu.exe

C:\Windows\System\gLoMsnx.exe

C:\Windows\System\gLoMsnx.exe

C:\Windows\System\DVDJmoJ.exe

C:\Windows\System\DVDJmoJ.exe

C:\Windows\System\CHSsrmu.exe

C:\Windows\System\CHSsrmu.exe

C:\Windows\System\nfeDXOk.exe

C:\Windows\System\nfeDXOk.exe

C:\Windows\System\ZiLsjjN.exe

C:\Windows\System\ZiLsjjN.exe

C:\Windows\System\aTWIPQK.exe

C:\Windows\System\aTWIPQK.exe

C:\Windows\System\GjPdzqz.exe

C:\Windows\System\GjPdzqz.exe

C:\Windows\System\vwKJSHg.exe

C:\Windows\System\vwKJSHg.exe

C:\Windows\System\rdQfEHg.exe

C:\Windows\System\rdQfEHg.exe

C:\Windows\System\dWBTNPg.exe

C:\Windows\System\dWBTNPg.exe

C:\Windows\System\LWNPEWy.exe

C:\Windows\System\LWNPEWy.exe

C:\Windows\System\hfmtlTU.exe

C:\Windows\System\hfmtlTU.exe

C:\Windows\System\vKUZqDq.exe

C:\Windows\System\vKUZqDq.exe

C:\Windows\System\LYyYbIt.exe

C:\Windows\System\LYyYbIt.exe

C:\Windows\System\pRCwIpw.exe

C:\Windows\System\pRCwIpw.exe

C:\Windows\System\cVPNWGk.exe

C:\Windows\System\cVPNWGk.exe

C:\Windows\System\wlbWvfw.exe

C:\Windows\System\wlbWvfw.exe

C:\Windows\System\oRHXJvG.exe

C:\Windows\System\oRHXJvG.exe

C:\Windows\System\sGEbftC.exe

C:\Windows\System\sGEbftC.exe

C:\Windows\System\YcfyccZ.exe

C:\Windows\System\YcfyccZ.exe

C:\Windows\System\aAODPgt.exe

C:\Windows\System\aAODPgt.exe

C:\Windows\System\zMfASlx.exe

C:\Windows\System\zMfASlx.exe

C:\Windows\System\hOegnTZ.exe

C:\Windows\System\hOegnTZ.exe

C:\Windows\System\DaIcVAD.exe

C:\Windows\System\DaIcVAD.exe

C:\Windows\System\UjeeUpw.exe

C:\Windows\System\UjeeUpw.exe

C:\Windows\System\KHRmdBR.exe

C:\Windows\System\KHRmdBR.exe

C:\Windows\System\DTFWzfS.exe

C:\Windows\System\DTFWzfS.exe

C:\Windows\System\bZEAymU.exe

C:\Windows\System\bZEAymU.exe

C:\Windows\System\TtRAZui.exe

C:\Windows\System\TtRAZui.exe

C:\Windows\System\gfrtzlm.exe

C:\Windows\System\gfrtzlm.exe

C:\Windows\System\PZLizhi.exe

C:\Windows\System\PZLizhi.exe

C:\Windows\System\LBgCfTe.exe

C:\Windows\System\LBgCfTe.exe

C:\Windows\System\mkgHHKc.exe

C:\Windows\System\mkgHHKc.exe

C:\Windows\System\FgciNxe.exe

C:\Windows\System\FgciNxe.exe

C:\Windows\System\EAhBnak.exe

C:\Windows\System\EAhBnak.exe

C:\Windows\System\mPzRvsD.exe

C:\Windows\System\mPzRvsD.exe

C:\Windows\System\cxZVasP.exe

C:\Windows\System\cxZVasP.exe

C:\Windows\System\HNUxmNE.exe

C:\Windows\System\HNUxmNE.exe

C:\Windows\System\rAhKWiL.exe

C:\Windows\System\rAhKWiL.exe

C:\Windows\System\aFRuqRp.exe

C:\Windows\System\aFRuqRp.exe

C:\Windows\System\LKEgiOs.exe

C:\Windows\System\LKEgiOs.exe

C:\Windows\System\PnlSRiH.exe

C:\Windows\System\PnlSRiH.exe

C:\Windows\System\OKAUFdV.exe

C:\Windows\System\OKAUFdV.exe

C:\Windows\System\YZlySjg.exe

C:\Windows\System\YZlySjg.exe

C:\Windows\System\aDeYCmV.exe

C:\Windows\System\aDeYCmV.exe

C:\Windows\System\oBxHkoI.exe

C:\Windows\System\oBxHkoI.exe

C:\Windows\System\MearWfQ.exe

C:\Windows\System\MearWfQ.exe

C:\Windows\System\oHYOvWI.exe

C:\Windows\System\oHYOvWI.exe

C:\Windows\System\dumUfBJ.exe

C:\Windows\System\dumUfBJ.exe

C:\Windows\System\dztOqxL.exe

C:\Windows\System\dztOqxL.exe

C:\Windows\System\UaKoAqp.exe

C:\Windows\System\UaKoAqp.exe

C:\Windows\System\IiIwkiK.exe

C:\Windows\System\IiIwkiK.exe

C:\Windows\System\InYkyzB.exe

C:\Windows\System\InYkyzB.exe

C:\Windows\System\dJqNprG.exe

C:\Windows\System\dJqNprG.exe

C:\Windows\System\HcwtGyW.exe

C:\Windows\System\HcwtGyW.exe

C:\Windows\System\cWZdLjb.exe

C:\Windows\System\cWZdLjb.exe

C:\Windows\System\vfgAdxo.exe

C:\Windows\System\vfgAdxo.exe

C:\Windows\System\BFLkmTP.exe

C:\Windows\System\BFLkmTP.exe

C:\Windows\System\sbukAJd.exe

C:\Windows\System\sbukAJd.exe

C:\Windows\System\hJRNCtA.exe

C:\Windows\System\hJRNCtA.exe

C:\Windows\System\RSqszPX.exe

C:\Windows\System\RSqszPX.exe

C:\Windows\System\KfZbiOR.exe

C:\Windows\System\KfZbiOR.exe

C:\Windows\System\ECIATxm.exe

C:\Windows\System\ECIATxm.exe

C:\Windows\System\OIUFaya.exe

C:\Windows\System\OIUFaya.exe

C:\Windows\System\OgpVqod.exe

C:\Windows\System\OgpVqod.exe

C:\Windows\System\Egwinsh.exe

C:\Windows\System\Egwinsh.exe

C:\Windows\System\ZGxBMLW.exe

C:\Windows\System\ZGxBMLW.exe

C:\Windows\System\lDJxhaD.exe

C:\Windows\System\lDJxhaD.exe

C:\Windows\System\wBtLGZD.exe

C:\Windows\System\wBtLGZD.exe

C:\Windows\System\MxUtLMq.exe

C:\Windows\System\MxUtLMq.exe

C:\Windows\System\VrqnkvE.exe

C:\Windows\System\VrqnkvE.exe

C:\Windows\System\eyWcxGS.exe

C:\Windows\System\eyWcxGS.exe

C:\Windows\System\ynpeOME.exe

C:\Windows\System\ynpeOME.exe

C:\Windows\System\QJHaWGf.exe

C:\Windows\System\QJHaWGf.exe

C:\Windows\System\CuHOpGC.exe

C:\Windows\System\CuHOpGC.exe

C:\Windows\System\bUSdCXp.exe

C:\Windows\System\bUSdCXp.exe

C:\Windows\System\EVQOmHf.exe

C:\Windows\System\EVQOmHf.exe

C:\Windows\System\ynsQTyf.exe

C:\Windows\System\ynsQTyf.exe

C:\Windows\System\ivYAPWh.exe

C:\Windows\System\ivYAPWh.exe

C:\Windows\System\ytZQUSV.exe

C:\Windows\System\ytZQUSV.exe

C:\Windows\System\RBOzJgz.exe

C:\Windows\System\RBOzJgz.exe

C:\Windows\System\FphasMy.exe

C:\Windows\System\FphasMy.exe

C:\Windows\System\ZlHlgnE.exe

C:\Windows\System\ZlHlgnE.exe

C:\Windows\System\ltYCYxx.exe

C:\Windows\System\ltYCYxx.exe

C:\Windows\System\uIwYuEe.exe

C:\Windows\System\uIwYuEe.exe

C:\Windows\System\vvVEfyh.exe

C:\Windows\System\vvVEfyh.exe

C:\Windows\System\sfKwHha.exe

C:\Windows\System\sfKwHha.exe

C:\Windows\System\PYPYlEv.exe

C:\Windows\System\PYPYlEv.exe

C:\Windows\System\TxdCpPZ.exe

C:\Windows\System\TxdCpPZ.exe

C:\Windows\System\XGVyzAL.exe

C:\Windows\System\XGVyzAL.exe

C:\Windows\System\XVpOmqD.exe

C:\Windows\System\XVpOmqD.exe

C:\Windows\System\pwineYL.exe

C:\Windows\System\pwineYL.exe

C:\Windows\System\jeTIwQk.exe

C:\Windows\System\jeTIwQk.exe

C:\Windows\System\IGhOPAS.exe

C:\Windows\System\IGhOPAS.exe

C:\Windows\System\LmyzvlH.exe

C:\Windows\System\LmyzvlH.exe

C:\Windows\System\whuoqof.exe

C:\Windows\System\whuoqof.exe

C:\Windows\System\EmezRdN.exe

C:\Windows\System\EmezRdN.exe

C:\Windows\System\ECXxYhd.exe

C:\Windows\System\ECXxYhd.exe

C:\Windows\System\gRFjaiK.exe

C:\Windows\System\gRFjaiK.exe

C:\Windows\System\yvsBMJB.exe

C:\Windows\System\yvsBMJB.exe

C:\Windows\System\VxeWlvB.exe

C:\Windows\System\VxeWlvB.exe

C:\Windows\System\rwJJpyR.exe

C:\Windows\System\rwJJpyR.exe

C:\Windows\System\EECmWrX.exe

C:\Windows\System\EECmWrX.exe

C:\Windows\System\ypyiXYM.exe

C:\Windows\System\ypyiXYM.exe

C:\Windows\System\kHHBsvU.exe

C:\Windows\System\kHHBsvU.exe

C:\Windows\System\hAgwGnf.exe

C:\Windows\System\hAgwGnf.exe

C:\Windows\System\ENFiZyh.exe

C:\Windows\System\ENFiZyh.exe

C:\Windows\System\VgwRktK.exe

C:\Windows\System\VgwRktK.exe

C:\Windows\System\cUzSoBY.exe

C:\Windows\System\cUzSoBY.exe

C:\Windows\System\zhEsOph.exe

C:\Windows\System\zhEsOph.exe

C:\Windows\System\QFwzpWD.exe

C:\Windows\System\QFwzpWD.exe

C:\Windows\System\ljWghvZ.exe

C:\Windows\System\ljWghvZ.exe

C:\Windows\System\BwMJOoG.exe

C:\Windows\System\BwMJOoG.exe

C:\Windows\System\jmerPDy.exe

C:\Windows\System\jmerPDy.exe

C:\Windows\System\eUWbLIt.exe

C:\Windows\System\eUWbLIt.exe

C:\Windows\System\vmXyTEh.exe

C:\Windows\System\vmXyTEh.exe

C:\Windows\System\HEKMZse.exe

C:\Windows\System\HEKMZse.exe

C:\Windows\System\bFHkhmB.exe

C:\Windows\System\bFHkhmB.exe

C:\Windows\System\QdeXtti.exe

C:\Windows\System\QdeXtti.exe

C:\Windows\System\sGBmfSp.exe

C:\Windows\System\sGBmfSp.exe

C:\Windows\System\gtVLpgg.exe

C:\Windows\System\gtVLpgg.exe

C:\Windows\System\mRevVoq.exe

C:\Windows\System\mRevVoq.exe

C:\Windows\System\qayDqOS.exe

C:\Windows\System\qayDqOS.exe

C:\Windows\System\PKAcXlc.exe

C:\Windows\System\PKAcXlc.exe

C:\Windows\System\eNhpHgK.exe

C:\Windows\System\eNhpHgK.exe

C:\Windows\System\bPQmDBf.exe

C:\Windows\System\bPQmDBf.exe

C:\Windows\System\DpvJspo.exe

C:\Windows\System\DpvJspo.exe

C:\Windows\System\phCWgRj.exe

C:\Windows\System\phCWgRj.exe

C:\Windows\System\TPDVcWj.exe

C:\Windows\System\TPDVcWj.exe

C:\Windows\System\oloLsBi.exe

C:\Windows\System\oloLsBi.exe

C:\Windows\System\CNafFbF.exe

C:\Windows\System\CNafFbF.exe

C:\Windows\System\OqsDYQs.exe

C:\Windows\System\OqsDYQs.exe

C:\Windows\System\HpCPPpi.exe

C:\Windows\System\HpCPPpi.exe

C:\Windows\System\aMTRxPD.exe

C:\Windows\System\aMTRxPD.exe

C:\Windows\System\PeoQbkD.exe

C:\Windows\System\PeoQbkD.exe

C:\Windows\System\KAoAgZs.exe

C:\Windows\System\KAoAgZs.exe

C:\Windows\System\xwGBOCj.exe

C:\Windows\System\xwGBOCj.exe

C:\Windows\System\hnSUoms.exe

C:\Windows\System\hnSUoms.exe

C:\Windows\System\nNjARsu.exe

C:\Windows\System\nNjARsu.exe

C:\Windows\System\HcFAMAo.exe

C:\Windows\System\HcFAMAo.exe

C:\Windows\System\CAGYOth.exe

C:\Windows\System\CAGYOth.exe

C:\Windows\System\WlIuqbx.exe

C:\Windows\System\WlIuqbx.exe

C:\Windows\System\OMGAvfl.exe

C:\Windows\System\OMGAvfl.exe

C:\Windows\System\pNOFGEn.exe

C:\Windows\System\pNOFGEn.exe

C:\Windows\System\cEJRlGh.exe

C:\Windows\System\cEJRlGh.exe

C:\Windows\System\JLMMcKA.exe

C:\Windows\System\JLMMcKA.exe

C:\Windows\System\TRfNgEK.exe

C:\Windows\System\TRfNgEK.exe

C:\Windows\System\WRkquUC.exe

C:\Windows\System\WRkquUC.exe

C:\Windows\System\ExRbluD.exe

C:\Windows\System\ExRbluD.exe

C:\Windows\System\MLVtSvg.exe

C:\Windows\System\MLVtSvg.exe

C:\Windows\System\eazjoIe.exe

C:\Windows\System\eazjoIe.exe

C:\Windows\System\oCkebre.exe

C:\Windows\System\oCkebre.exe

C:\Windows\System\SXITXaA.exe

C:\Windows\System\SXITXaA.exe

C:\Windows\System\LMsRvok.exe

C:\Windows\System\LMsRvok.exe

C:\Windows\System\IUEMhcE.exe

C:\Windows\System\IUEMhcE.exe

C:\Windows\System\PmlZjKL.exe

C:\Windows\System\PmlZjKL.exe

C:\Windows\System\FrWutQF.exe

C:\Windows\System\FrWutQF.exe

C:\Windows\System\VQBiyBK.exe

C:\Windows\System\VQBiyBK.exe

C:\Windows\System\mvVHpba.exe

C:\Windows\System\mvVHpba.exe

C:\Windows\System\FPjDUMb.exe

C:\Windows\System\FPjDUMb.exe

C:\Windows\System\IPgXodc.exe

C:\Windows\System\IPgXodc.exe

C:\Windows\System\OOJjkfR.exe

C:\Windows\System\OOJjkfR.exe

C:\Windows\System\iDnislk.exe

C:\Windows\System\iDnislk.exe

C:\Windows\System\BthdhuV.exe

C:\Windows\System\BthdhuV.exe

C:\Windows\System\CxhOako.exe

C:\Windows\System\CxhOako.exe

C:\Windows\System\IHorDmh.exe

C:\Windows\System\IHorDmh.exe

C:\Windows\System\vKehjcJ.exe

C:\Windows\System\vKehjcJ.exe

C:\Windows\System\WqdfktU.exe

C:\Windows\System\WqdfktU.exe

C:\Windows\System\BkONWZB.exe

C:\Windows\System\BkONWZB.exe

C:\Windows\System\WPvWtmd.exe

C:\Windows\System\WPvWtmd.exe

C:\Windows\System\rVpqgGR.exe

C:\Windows\System\rVpqgGR.exe

C:\Windows\System\CWkRCEy.exe

C:\Windows\System\CWkRCEy.exe

C:\Windows\System\flWVJiQ.exe

C:\Windows\System\flWVJiQ.exe

C:\Windows\System\jOpubGZ.exe

C:\Windows\System\jOpubGZ.exe

C:\Windows\System\IzeqGWE.exe

C:\Windows\System\IzeqGWE.exe

C:\Windows\System\TXNIOSy.exe

C:\Windows\System\TXNIOSy.exe

C:\Windows\System\oAvqvJE.exe

C:\Windows\System\oAvqvJE.exe

C:\Windows\System\tDmfiqL.exe

C:\Windows\System\tDmfiqL.exe

C:\Windows\System\YOYjNXR.exe

C:\Windows\System\YOYjNXR.exe

C:\Windows\System\KihkfaJ.exe

C:\Windows\System\KihkfaJ.exe

C:\Windows\System\XVuqHbg.exe

C:\Windows\System\XVuqHbg.exe

C:\Windows\System\KFCIXYR.exe

C:\Windows\System\KFCIXYR.exe

C:\Windows\System\zUhsggB.exe

C:\Windows\System\zUhsggB.exe

C:\Windows\System\eLcJwpX.exe

C:\Windows\System\eLcJwpX.exe

C:\Windows\System\caGNRbK.exe

C:\Windows\System\caGNRbK.exe

C:\Windows\System\SAimVTI.exe

C:\Windows\System\SAimVTI.exe

C:\Windows\System\ZRvHoJP.exe

C:\Windows\System\ZRvHoJP.exe

C:\Windows\System\sBrGAex.exe

C:\Windows\System\sBrGAex.exe

C:\Windows\System\oUacCod.exe

C:\Windows\System\oUacCod.exe

C:\Windows\System\YRNiopp.exe

C:\Windows\System\YRNiopp.exe

C:\Windows\System\urmCCkI.exe

C:\Windows\System\urmCCkI.exe

C:\Windows\System\xmyYmSH.exe

C:\Windows\System\xmyYmSH.exe

C:\Windows\System\bpBtooP.exe

C:\Windows\System\bpBtooP.exe

C:\Windows\System\AhtvbXG.exe

C:\Windows\System\AhtvbXG.exe

C:\Windows\System\wtNTkRR.exe

C:\Windows\System\wtNTkRR.exe

C:\Windows\System\yETgQxT.exe

C:\Windows\System\yETgQxT.exe

C:\Windows\System\DtQaUAA.exe

C:\Windows\System\DtQaUAA.exe

C:\Windows\System\CkBCrQP.exe

C:\Windows\System\CkBCrQP.exe

C:\Windows\System\FQHJHDt.exe

C:\Windows\System\FQHJHDt.exe

C:\Windows\System\XfQfiKB.exe

C:\Windows\System\XfQfiKB.exe

C:\Windows\System\LPbDrwz.exe

C:\Windows\System\LPbDrwz.exe

C:\Windows\System\KXhKsOv.exe

C:\Windows\System\KXhKsOv.exe

C:\Windows\System\cCFaXJT.exe

C:\Windows\System\cCFaXJT.exe

C:\Windows\System\rzprvVF.exe

C:\Windows\System\rzprvVF.exe

C:\Windows\System\pbzARJi.exe

C:\Windows\System\pbzARJi.exe

C:\Windows\System\bBDNwGj.exe

C:\Windows\System\bBDNwGj.exe

C:\Windows\System\OrYrMlT.exe

C:\Windows\System\OrYrMlT.exe

C:\Windows\System\CZRYiFE.exe

C:\Windows\System\CZRYiFE.exe

C:\Windows\System\rhQeChA.exe

C:\Windows\System\rhQeChA.exe

C:\Windows\System\grGXBRB.exe

C:\Windows\System\grGXBRB.exe

C:\Windows\System\ytqGMDM.exe

C:\Windows\System\ytqGMDM.exe

C:\Windows\System\egOBAbq.exe

C:\Windows\System\egOBAbq.exe

C:\Windows\System\aXkQyrs.exe

C:\Windows\System\aXkQyrs.exe

C:\Windows\System\KQDNluI.exe

C:\Windows\System\KQDNluI.exe

C:\Windows\System\fNAiifQ.exe

C:\Windows\System\fNAiifQ.exe

C:\Windows\System\XpcqpoK.exe

C:\Windows\System\XpcqpoK.exe

C:\Windows\System\cDkPPSd.exe

C:\Windows\System\cDkPPSd.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2420-1-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2420-0-0x000000013F7C0000-0x000000013FBB2000-memory.dmp

C:\Windows\system\URaCWcH.exe

MD5 aef6754bc00c8cd0a76be78f0a178f49
SHA1 157b3418ae8c0b3e7555d8ef0c2086d69d04ea50
SHA256 4730cef3d642bb11b78e554c3bddc3cb15c210f3428758c34360cb4e8546cf61
SHA512 4e1695968225feeb08e297795d7cb251d22bedce5e215f8d89e32203f7c5d20e43b026dbf054b7aa21079818acc9c81bae393ff49fa4fc37dac9e01c9cc3a043

\Windows\system\dGsTtqA.exe

MD5 c197f6a8c8693fa7dd270aae15131e7b
SHA1 e64ec7021a8ded8be74d3ef79c98cf0a3bb4cc41
SHA256 81a77b01f3ef02ce98e80fca50bb801bc8a4c1f1d1b5fc84244ac7e18a52651e
SHA512 ce4e8abdca94ef4a0b1d4714cb1863d833b9a849b8da40c2560abe141c0f11ff38dac3cbf36ac645467cf2532fbaecfad22ebbeb2cc73289755d1a86d4bd1351

memory/1544-16-0x000000013F870000-0x000000013FC62000-memory.dmp

C:\Windows\system\dXzBNHI.exe

MD5 f6ca838c9a4dd03157cfa4ee225f452e
SHA1 5fb2fc0ebb3d9000dae2660287b8d96c7b0e260d
SHA256 b10f2e08d43cd01bbb12270ced9c1e4bead0062262b4d998197c1a7a7a29360f
SHA512 95aad37046b56ef5160714c8ec00dea72962a2c8d42a5be661c634c3dfadb3f1989683c9c7a73e6db3d924717747df3412f2d5b2b6dfc7668a53c30025aab631

memory/2280-23-0x000000013FFE0000-0x00000001403D2000-memory.dmp

memory/2420-22-0x000000013FFE0000-0x00000001403D2000-memory.dmp

\Windows\system\rfqpDfj.exe

MD5 8120a964e9412f1ff68c0a8d169529cd
SHA1 80c8e9427bfa2b04604fe33a05c355f1dca10da4
SHA256 8bd2d171ff406372cfaa7bc8bbfe850cd053c4be36be5e0b3c79bbbdfe68c816
SHA512 e344a991b6e1b3a36f5f3d32faa8b88437b9abe232deb77d09b6d4651e2db8cac6d45a3f09ecea473d5a7f932ccc2899f2508136611a6cc145d4b5743688262f

memory/2420-25-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

memory/2420-15-0x0000000002FB0000-0x00000000033A2000-memory.dmp

memory/1328-14-0x000000013F4C0000-0x000000013F8B2000-memory.dmp

memory/2420-12-0x00000000028F0000-0x0000000002CE2000-memory.dmp

memory/2664-47-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

\Windows\system\uobZfxx.exe

MD5 0e17ec741877951b1b1c77b1553a1268
SHA1 fadd7e1424f294c75ff8f60b54bd764de6b6b956
SHA256 5501b5e2de95c4c2a262660434f79e55249a8bb076fa0ed7d4cb7d7137839366
SHA512 9c3ffd850dd4735443ea6c8c6b6241eb88b70dff9480534642486ac5a2910b9fe2ff37d76552a91d7865f24e9f6e6b66b63504152d9414267e964341b4246cf9

\Windows\system\SMjlQbJ.exe

MD5 0d64da73c30a903703f3254800b287e5
SHA1 8adaa4178de83febc4f7830adc901b43ca17f918
SHA256 5c0b2ae08e5c66f2c234dcfbc23b7bbe7a64072248d036b7f738a49f6151468f
SHA512 9ca1bf46c491e1486a2f7cdf2970ab41fa2fd99cc8729157cace6aac66d7c7c2703ee768972eeb7e8903eb56bf0b1abf14f4657b4d804656ed1bd8d8b257f3aa

\Windows\system\OMFiDgv.exe

MD5 6f211f9a8fbfe729eb7e2664c7d0fadd
SHA1 9a391aeee003aa6068c8ffa03b3d620d8ccebfbd
SHA256 a1144c01b2cea55ee0d00e72ff874dfe2fd80583a0e6b1fa11aa29fef0f3edaa
SHA512 cc4446572aeec32b471739267d58276dc9ff521ba4ed7d7d1d006d61c0081cf70acf2fa10b80d78c2301394aa921bdace807bf9d790cc02762ff2381396779c4

memory/2132-89-0x0000000001FF0000-0x0000000001FF8000-memory.dmp

C:\Windows\system\XAKTwed.exe

MD5 2c6e2d8dec128af7a4222741bae7e06c
SHA1 540e9f9a0afcc9b97795e29dbf2b14c9ef08f7c7
SHA256 fae78b918e0e66816a9d897a7ebf0821733f98e414a10dca7fb0c8298b4e3c5e
SHA512 05e185515963db46c97ee1ddbc66323b7e30378d0557740baaece455ddc56c8b9a8554b1abeac25fb42fadfb336ad552b269cb970dd73c5a1735f03cce6a135d

C:\Windows\system\NqmWyMI.exe

MD5 398b3d0cf2cfcf67858f9930c1318398
SHA1 da2aedf8c673c4a83ebe3f06e2227b605e95497f
SHA256 be972812e978f01b89b2e796c4e2bdb7d860c6172777b26727247e76d939a836
SHA512 6402cb787b7c0c3d87d79b47a3334b100eb620a6517cad0621cc79a1aa99953062f29a8143f45f67a8d796d9bcdda93f8802c863f1788025a58fe520d616633c

\Windows\system\INNZuGy.exe

MD5 539e1e66b2fb90f053020e782ed186a4
SHA1 9b016446b9f2fa34cd14691fc56b7dafbdda6996
SHA256 bcdaa489e8dc62896ba9683357432fdfec77a6ca0bc332c1e1920a310cc28664
SHA512 3ac09fd4a3bb4a51f6cedcbf53f3542e68923fd610808b430e34855e478ed8096e63b370648d1c3e6384b2687cf3ddb3361e29d7c794dd750d605fef701eadc0

C:\Windows\system\IEqBDtd.exe

MD5 4e74c268dad565cd3a99c8cf976e6d26
SHA1 08c7ef3ef619d16888228eb8e4cb0dd8d220dbea
SHA256 04686133da2cac3d5be8c49389a428cb96cbdb0191e1b806b470628d111f0896
SHA512 8859558675cc0fd6c9f83d962ea6350d9d8c4c284265390581a63ac401e78af437c479a29a82715b53c44f81f9dd4384433bc3b0bd2e63abc1778aa292a8ae11

C:\Windows\system\TKEUBUi.exe

MD5 0506d5e4b7a0bdd458344fe467011163
SHA1 f76f66746fb584817c0e37402b209e4054ada9f5
SHA256 cb60a7760c65dd3d5b9119f01de6a24e69ddac40df2295b9efb3eb6f9c56a969
SHA512 bb7be49ed7991b3094b9ee4381f2faa82b4c5fdf8eff11f46c52e504c58212829e3259217cf995c79b84ca6db0fcdbde5afaeb9f5bab09b49e5f36b37db27912

memory/2420-60-0x00000000035F0000-0x00000000039E2000-memory.dmp

\Windows\system\qBCpnxB.exe

MD5 b1bc7e2b90ec8ca1f902fc81eec4d53c
SHA1 00ac55dbaa3c0bc97c5faf825659dfa4141f9540
SHA256 fc417ed25eb05f8b25f7cff0783e1ddd257e7e0a1abb82f1139616ec9d57a1aa
SHA512 a6b50ed521e0c281b9fa404e7444130587608d8470d5849e6bb8e1689e735d538607230e73256e108fb372cc2808a9906531e8fafb040d82520611954408b601

\Windows\system\GppMAJc.exe

MD5 921d08dfd2ce6efb9867c5ebf4894c7c
SHA1 e6cb30971a476c6b91142e7c1cd15385da95d067
SHA256 742423aab6d858b1998a539f5a3775dd0ee63297f3457c47b71d6a65e39ea24e
SHA512 5e686f9d908e3e0503bcfc493b00412122ac6855241b7fd702f89d04a9fb77b60a5b01c898621a23ead1d3800b20caeaf0b0480e9b755b7fdd18bbb494b61018

C:\Windows\system\hpzixlE.exe

MD5 8671d8106e7236383b4d83bb5ce52304
SHA1 33c2d3c3838e0ac08409094b6814214181611d2a
SHA256 80bcd6b860fd39d41ce3f3037a467f6a419211aff56512b2f6ec801dde33cf9c
SHA512 c16ee0cbe83359494210f4b6cf536ed74ca249739bf5021b02bbe2d3ffac09d6b77dc24660253e0c2a75e08ca872781dd67bfc8a0adda991615e0c4895d41fe0

\Windows\system\AtwRrUG.exe

MD5 760582b01dd2b7a9f2dd8678966573ca
SHA1 4eae8be6575f938758127b8b7878ea06b7b67180
SHA256 7dfa10bb8a601b04033e8142c9de388c5357824a5a46329f015048e83b94f1b0
SHA512 18e2042e3af03eecdb3f0f65eb8520c2a95a37dcc7da81d1adf95823b2eb8960ba505b865fb36fb771f42dbf87aa891931917d13856556c11f35d74108de96b0

\Windows\system\zRlLdLD.exe

MD5 91b4c98b6e1aea3866bfd64041d3fb3f
SHA1 436e1a8031b2299ad4a599f3b43eaa9092cd663a
SHA256 c073095cfa5dcb96c8cc58e222165dc65265d2e398dee0c37b8396728619fb39
SHA512 c5d0a0686fe653f00c46fa0c97a7c4dc92e1a40ef6b879e171889f64d2ec130523751d3e2d17f65cafbe3035ce7ecd6fc9309076b9b349bb2ec0d6f0c199f27b

\Windows\system\FcCzrtB.exe

MD5 6511af52b4f799bb54b2ffe847c03ebf
SHA1 21739f41a323bba6170b14edff177f45efdda918
SHA256 a5654f36cf6ffb27edad75415cdba8ccc405c6d1df2ce35760603c7e6add2c2e
SHA512 aad56921d8b7871e8a17801173501871b71ae6c33e0872c4fb857041fe1dab26dfe9ccfad0a18ec90e8ceca26c2ee7c810ae262923ee60f831297d8eefe92123

\Windows\system\qUGOfNM.exe

MD5 8fad0aa2f24b10297b776f17edf722f7
SHA1 9a0c550db50326a9184e662f7b39cea12a37a85a
SHA256 418734fc39b09fbad0e7df232ee0faadacec1a67650ae36c3b3862bbcdd3d882
SHA512 2fee1e3c7d3668ed6ff76525bf861f64e872a2f1e8b9b09a6cdd35b93b4f9cffe0b126999c23b464116fb8bf5b5a5e19517cc12878c5dd817bcac62f6711d48b

\Windows\system\MldfOCW.exe

MD5 822700ddd3be1866b04488e5d1882174
SHA1 aaa9ec9a4eeb4dcc1b8ab1358370451ad48a699c
SHA256 195657c73e6258ceb7bba8797a91ffa8f5db131f737f421cd318235c517f293b
SHA512 3acd09f0f18a0d8cbc2e5275a2a3fb69d5179f98fe47cf20dddc5faf957beb0b5715c211bda61f3387ed8369ca75718206fd16cefac1c559b3fedd4081f797bd

\Windows\system\lazIwZq.exe

MD5 042ec824417c3dc2a8f0000edd374cd5
SHA1 bbf896d568c907c8589c57361aec21d21226340e
SHA256 e017c8a6f9f9a5c796710bb38b4d646f2ed9a3dc64440139e7edbc456982aac5
SHA512 cc8d5b0a24e319788e3e7cec29967e87ac53379856939141a03b81dc965219f3ac33a44d8827ad1e85a30e442f48d530978a7c0d97a64f3c10183238d001bd78

\Windows\system\eXpFuVs.exe

MD5 243457f224be50454390b494cdb22c3c
SHA1 3442cd8d1e7b5e24a93a6601a7dacbd27d7a2f29
SHA256 2e13bf62e812c7d0d359080d16e17b09c4eb63db61f04b186cb61b3c64fd8a61
SHA512 e9574ca682eeebc6c72e4249cff435307ca136e7bbb4d512c1e878f4bd69ae3e39e1e213352810c1f169f90b0aeb0bd5f2f6fafe555768783dd04b7aafdee754

\Windows\system\ANPVoUS.exe

MD5 0f30548d3f70d13306ffa2ead4274336
SHA1 c9b3232e8f273b3d2305e5b31cdfbe0074adfa90
SHA256 f579365e021949917ba793cab33a7dc3e96817d9ff1631a2ef5d0c73b1e73ed3
SHA512 fe5331e8ceb0903df786c20f652c8ec6981384dd0ab02107739ef190949f87a564c20fb9a9a608247b53026776dbe690721575cf6a7bcadfdc3474069a1eebf7

\Windows\system\FqayBVa.exe

MD5 8e7d820e61768f8d9cdcef30c16a789d
SHA1 ed940b5a2c23b5bcc324e4ca908f837b7bbc21bf
SHA256 cd253a58667f697fa0e8a1949cb675429ba63996350e8a98e74163c4fedb1d58
SHA512 cd18d4d8a34b3b817266e2c89b6df991edad42a17fb114f62a2eb4669251368146e9f290ff45f443dba95fbab1611d958def8f1327ec9a1b1fe51ee5b3bd15a3

memory/2420-119-0x000000013FE00000-0x00000001401F2000-memory.dmp

memory/2612-118-0x000000013F610000-0x000000013FA02000-memory.dmp

memory/2420-117-0x00000000035F0000-0x00000000039E2000-memory.dmp

memory/2420-116-0x00000000035F0000-0x00000000039E2000-memory.dmp

memory/2420-115-0x00000000035F0000-0x00000000039E2000-memory.dmp

memory/2420-114-0x000000013FEB0000-0x00000001402A2000-memory.dmp

memory/2420-113-0x00000000035F0000-0x00000000039E2000-memory.dmp

memory/2368-112-0x000000013F970000-0x000000013FD62000-memory.dmp

C:\Windows\system\NltsirF.exe

MD5 e837384845b89e6f8b1478d5124f0050
SHA1 0ef0834ec7e25532381663bbe86b6b1dddb022b6
SHA256 e321020342f7b74d9e91789b97f27915fb63601f53e2dd5fd4f4c34f99e84b7c
SHA512 c94684553275340912a5ae452fa415af94337f38fb98d1aff7c72c4226d5f4a18f9c8b36faeeeed7cd20e7440d01deaf78e1174d234e18103a80df38e5f97fc7

C:\Windows\system\VKhaNTw.exe

MD5 cf20e0affffd7559da1688e29575ddef
SHA1 d889690122b439ca3e53de87ab4ace888225c5ed
SHA256 98ffdc0edd82b6d11faedac309493e4b70a74816d22c2dada56ee911105438a9
SHA512 03d41c1b9a9931003c9771b2455ba08df3589d0898b3cf9d65c1a65d264e46a10748f7cc2d102cfab8038dc05c816465fa8ae04fb26dba4cf0e0ca59f6202260

\Windows\system\qZGvfah.exe

MD5 9600c623198e1ea66e334ca837856fef
SHA1 9cbd92ecbc01174ab7e2a59b18b9cd679d9add6e
SHA256 ff2c19e0faf0dc7b62458309febbe30692f543a853332122835c854d091b03dc
SHA512 0f2c37f1e091d38e40a52339cd508cce33acc307d6fe982d796491890c0310aafc00187c8491143eba3d5257373b9e1f4b1a79791b24072a3de3eebf656bd68e

\Windows\system\yvaVLNJ.exe

MD5 9da19bec2572cba1cc0ca3522bf239b6
SHA1 dbfa1c426a8704e295b567625c8925e1d9a76f5e
SHA256 a52dc574f9a9892b1011759517ce0ba385b3e1c65d81b88f575e8b9a6243cf72
SHA512 cd51143821ba50de6a481c8510296a8d528332c514e627410ded6b87ee0f8ac58700e62b379795d3fc54848ba85b1b3229d6a6ac435b09ef1fc5ae16fb5527f8

\Windows\system\QyrRpGB.exe

MD5 370eb01c5d32e1408e64225378b578bf
SHA1 26f8a0ba9588ddd2cd9b780957eb7eb5a540d0cf
SHA256 ee6e3401f2ed9979d409c86ee0190bddad8f7b5710de59b6574d602dae889e85
SHA512 38217cb16d570d4471736dd0f0b6889c653670b3d7f6153645db6e82707f6c3bda9d87e916648227f89af389738d68ac0dbaf177a6bc801d096f748826ab9bdf

C:\Windows\system\uAhmTCc.exe

MD5 25fc88c2080c49dcccdeba1745977768
SHA1 994f8e98f281611b8a5a707d00f390cb595bc1ff
SHA256 a5bcdbf553e94fa0a93c2728ea9f07b2088815f31fb206bc637d9eff1b6039c0
SHA512 574bfc1e74959dc9d891e5d473a19504f4ecfcd455fa58b909b65081970491103d377c238c2823e101bdef52e7f27a0c02935b9a18471df5b722a980808c1b44

C:\Windows\system\pfcEWyw.exe

MD5 1f3799d2ccc1e4dfaa75a10a96accc20
SHA1 ea4743e916d13d2ea73f2bd5b1d55e6128fc8f52
SHA256 e25e48039a90c895d16d67d7247b2466e3e18020805115bb3af424cec0a7c949
SHA512 e7d918b128e3dfa31584e7be0702436aced5999112ea23a1da18f636ec403133086dd93eea32b792e5be34393fc61250e5638806df19c7761074fe3e0dfca001

memory/2584-68-0x000000013F8E0000-0x000000013FCD2000-memory.dmp

\Windows\system\zkZnvXJ.exe

MD5 6acebf641d9f3e06d28e42db983f6eaf
SHA1 33c76f127a67b9eadc82292e0affddaea37d56a8
SHA256 834e3e566fd2e1434d31e0598f5eed250618c3b1d8fa49d0670e64f17215f5fe
SHA512 9fb62b71b8e45a40de34f8e93bd2cde2b08c1ff59b641c8ab98cda4e203ae84352ee9e8811ac59f28418a64ac88c4bb3837cf5306bd3d81dd9d2909cebce36cc

\Windows\system\VOuprKL.exe

MD5 a9738198c5e4ff7cfc9689c1b41c5c83
SHA1 52b3e635be3b1d22c0c75f94cb86b7ae6798e3ff
SHA256 606a5c808681b3f1c75dcffc9d092c35e3d8d55a8b53395f8b60cd388d9686f7
SHA512 b6f42eea8cf7e733d7f97880f8b31d62c956c43c86ba388de49c9d35469d590c6ec0de24d13d4d8c7d7638793724ca0f069dd12cb8e98be3dfd8cbf32c78b3a8

memory/2752-55-0x000000013F0F0000-0x000000013F4E2000-memory.dmp

C:\Windows\system\rCmqTNi.exe

MD5 2ceb3a4748a714ab6021ab09daa98dc2
SHA1 7916c0c898436c10d1a402a594acb01155704f3c
SHA256 dce528806ff28bfed75ffb962a9a646c75275aaf11d3cd66ff2f5bec181e6198
SHA512 4489c18f92ca123432686ff2e6994984cd7b81f8806f984ff49257861036c2a2f48b5c51f698df4b209fe9b30a2e269d685445dc70eb72d489171475401bf610

C:\Windows\system\iWoxsWh.exe

MD5 a3826f443e14cdc8c4fa7e2efc3c8bb3
SHA1 57b21a14cd0d9ff123226a19d1e055536d4ff9a4
SHA256 651e0c95e9a08f350f263942e2b23e26d21bfe3ff31076c3772634dc21ded75d
SHA512 e67254d99f6faf72c3ced7b6b43d8f39462dbf8070323365767ee7911ccc81117a28f3f277ddb4be1e2ed0c0f0019f48364d447a18e571911158203e465bf51c

C:\Windows\system\UcrBPeZ.exe

MD5 2482fa1d259368c875779e7332fcb3ec
SHA1 6f52a0e5314e4df3be49a3965874b16c13b66687
SHA256 deedb2546e2e199009077d1153a12bb4f990db446c40548e7bfd5ecc09450f24
SHA512 061286ba902ce161e4b7037d77e4b3595958d559957f695517bf8427ed473b3beea1720b9c53a8726547448b9f16841617a797244a7a22672a96775f6918eb75

C:\Windows\system\TTtRWbx.exe

MD5 2c9c12ad09fe0fcd26f7344d92899e8f
SHA1 c36ea8149b90d4ffa2b59fa6af0c7318a4c30183
SHA256 8a77673709ee06f728905647332487452b0162cfb2e95d5054bf1a098f397d50
SHA512 82f74c54cf8fd2f10567445dddeef3878302b325a87446ed06ad9de6e0b79bd7bb3c1e6e96642048f41561044e750c31b46fb5ac264826c09533c507394f812e

C:\Windows\system\etMfcKi.exe

MD5 1a681dba87874fc3cd78a64319dff766
SHA1 3aacffd4e917877dbf1ef83122c8fa375f149a15
SHA256 a5b3c40d822e4ee7c2bb7f15a36ee5edb332fc23ab7affed78467873736eff87
SHA512 809895aa87eff7838218b2229da8a7bc009e46a2625e265263c74f001a758739dbb749470d95a5b1b30327e3f6242f063dd195eade9f46e8e6538ca0756fca37

memory/2132-82-0x000000001B760000-0x000000001BA42000-memory.dmp

memory/2420-75-0x000000013F350000-0x000000013F742000-memory.dmp

memory/2652-51-0x000000013F900000-0x000000013FCF2000-memory.dmp

memory/2420-50-0x00000000035F0000-0x00000000039E2000-memory.dmp

C:\Windows\system\ZsnIIpL.exe

MD5 b70084e1114dcb1a977600f08daca068
SHA1 c3657d10dbf4c124b38b1e3fdb8953862283ef73
SHA256 daba34893fde5c09d4bb53a70e46d39d2ec7e852948935cb2c976358c99d464e
SHA512 377a9b8cab57579aa726e86d4c376d76fa19d9c75c64e607299828e082dbc9fb122a8cbb582063122ff455cb6c89585f6ae95f3cbcb96062e40b0d58275480dc

C:\Windows\system\pnnCUMt.exe

MD5 1437e9acf42e719c1b628050ec2f4d14
SHA1 28db86a59340fb21fd43425ac4a99d131ecb5043
SHA256 fd0c43d00c2c4976bdc8c97f663522688b97faf7466dcd7fb38bba480cfbe630
SHA512 cebf6c2f85e6f7cc03180adcfde2076188b60dadb72f3f7655d043b79e191d92796ee2c39c9ef047c61a6379f2c814373e15ed15aaa042a42851fd1c3835f8a0

memory/2420-1242-0x000000013F7C0000-0x000000013FBB2000-memory.dmp

memory/2612-4605-0x000000013F610000-0x000000013FA02000-memory.dmp

memory/2280-5810-0x000000013FFE0000-0x00000001403D2000-memory.dmp

memory/1544-5809-0x000000013F870000-0x000000013FC62000-memory.dmp

memory/2584-5856-0x000000013F8E0000-0x000000013FCD2000-memory.dmp

memory/2368-5979-0x000000013F970000-0x000000013FD62000-memory.dmp

memory/2664-5996-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

memory/2752-5990-0x000000013F0F0000-0x000000013F4E2000-memory.dmp

memory/2420-11111-0x00000000035F0000-0x00000000039E2000-memory.dmp

memory/2420-11684-0x00000000035F0000-0x00000000039E2000-memory.dmp

memory/2420-13702-0x00000000035F0000-0x00000000039E2000-memory.dmp

memory/2420-14015-0x00000000035F0000-0x00000000039E2000-memory.dmp