Malware Analysis Report

2024-11-16 11:38

Sample ID 240612-jhcvtavckh
Target 9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118
SHA256 940c32cfcce62ea7ebd6efd6c7ee23fa8b56cdc9658dd280ad542d11d9c86d4a
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

940c32cfcce62ea7ebd6efd6c7ee23fa8b56cdc9658dd280ad542d11d9c86d4a

Threat Level: Known bad

The file 9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Loads dropped DLL

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 07:39

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 07:39

Reported

2024-06-12 07:42

Platform

win7-20240221-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kByradN.exe N/A
N/A N/A C:\Windows\System\oghrdbH.exe N/A
N/A N/A C:\Windows\System\BjQKUeN.exe N/A
N/A N/A C:\Windows\System\JFBsfem.exe N/A
N/A N/A C:\Windows\System\vdlFMlm.exe N/A
N/A N/A C:\Windows\System\QoHNdCG.exe N/A
N/A N/A C:\Windows\System\tnXpvEa.exe N/A
N/A N/A C:\Windows\System\ojNnhXo.exe N/A
N/A N/A C:\Windows\System\rubXhge.exe N/A
N/A N/A C:\Windows\System\ZTuIHIL.exe N/A
N/A N/A C:\Windows\System\jTsYhak.exe N/A
N/A N/A C:\Windows\System\mwrWZkA.exe N/A
N/A N/A C:\Windows\System\XrrbjhU.exe N/A
N/A N/A C:\Windows\System\bEoCcNX.exe N/A
N/A N/A C:\Windows\System\UCWUbyG.exe N/A
N/A N/A C:\Windows\System\lDDqzpC.exe N/A
N/A N/A C:\Windows\System\SxVwtud.exe N/A
N/A N/A C:\Windows\System\uziYBCt.exe N/A
N/A N/A C:\Windows\System\iHQBCpF.exe N/A
N/A N/A C:\Windows\System\lgUGuxH.exe N/A
N/A N/A C:\Windows\System\pMHLUcj.exe N/A
N/A N/A C:\Windows\System\THnDDVD.exe N/A
N/A N/A C:\Windows\System\XkMuOOH.exe N/A
N/A N/A C:\Windows\System\XftHMUz.exe N/A
N/A N/A C:\Windows\System\oTKlTmn.exe N/A
N/A N/A C:\Windows\System\yIykmkh.exe N/A
N/A N/A C:\Windows\System\XGrfSUo.exe N/A
N/A N/A C:\Windows\System\ixgbJKD.exe N/A
N/A N/A C:\Windows\System\PexMcye.exe N/A
N/A N/A C:\Windows\System\ZMGcdFX.exe N/A
N/A N/A C:\Windows\System\GRMmtaJ.exe N/A
N/A N/A C:\Windows\System\MUOChXn.exe N/A
N/A N/A C:\Windows\System\jzZxSdU.exe N/A
N/A N/A C:\Windows\System\dzChZup.exe N/A
N/A N/A C:\Windows\System\yciJiTD.exe N/A
N/A N/A C:\Windows\System\oGQpeID.exe N/A
N/A N/A C:\Windows\System\kjEJXJa.exe N/A
N/A N/A C:\Windows\System\AcQzmbS.exe N/A
N/A N/A C:\Windows\System\smjBRSz.exe N/A
N/A N/A C:\Windows\System\xhSVmyu.exe N/A
N/A N/A C:\Windows\System\RaksvYL.exe N/A
N/A N/A C:\Windows\System\VAsJStM.exe N/A
N/A N/A C:\Windows\System\cQsHpaK.exe N/A
N/A N/A C:\Windows\System\SCwfEph.exe N/A
N/A N/A C:\Windows\System\VHjppYU.exe N/A
N/A N/A C:\Windows\System\gSUPRXu.exe N/A
N/A N/A C:\Windows\System\UUFpyvL.exe N/A
N/A N/A C:\Windows\System\QmqRiRd.exe N/A
N/A N/A C:\Windows\System\aWBNlJZ.exe N/A
N/A N/A C:\Windows\System\HOUsvHz.exe N/A
N/A N/A C:\Windows\System\IGYPIDZ.exe N/A
N/A N/A C:\Windows\System\bUqPOEZ.exe N/A
N/A N/A C:\Windows\System\vtQUrZx.exe N/A
N/A N/A C:\Windows\System\SciyUvj.exe N/A
N/A N/A C:\Windows\System\nQXCHLt.exe N/A
N/A N/A C:\Windows\System\lahOPDM.exe N/A
N/A N/A C:\Windows\System\DKjAFIY.exe N/A
N/A N/A C:\Windows\System\kJDVoAv.exe N/A
N/A N/A C:\Windows\System\OiHtiyO.exe N/A
N/A N/A C:\Windows\System\RqmAnSP.exe N/A
N/A N/A C:\Windows\System\VkuJwOK.exe N/A
N/A N/A C:\Windows\System\WIFAAbu.exe N/A
N/A N/A C:\Windows\System\IOQKsWC.exe N/A
N/A N/A C:\Windows\System\giDuIYk.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\uCJaobc.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\KRuRqIS.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\FNiHVpI.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\tISVHlE.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\RvBmLcW.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ichyJYf.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\bxzOFGY.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\xwydIqv.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\IlQuvtx.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\tHALBXP.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\HZhIMpS.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\HtTDtId.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\OodsKyu.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\EALDnrE.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\NbXsDUs.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\GyGNmMB.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\cozVcYP.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\CQkQlCj.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\yXvmUQO.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\dplLlHs.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\OWbcwOU.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\nIqqLBQ.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\CzagByl.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\qWwLXrg.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\lCeJxRc.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ebJTTft.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\RmDzTDZ.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\zasAdWr.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\emiHtEu.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\OHOHmZT.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\AtvBKWG.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\KCcFaNH.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\GlituHm.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\FoVOQPZ.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\VuFWWOF.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\kjnYWJU.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\lXufDzA.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\yBmijOM.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\QRkVJSm.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\kuFvfEE.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\xhSVmyu.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\HBzSTzZ.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ocShwYa.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\MoXUfWe.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\AyfAYRj.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\fVKJycP.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\mozinhE.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\EnZbXFE.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\cBNbeyk.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ZxZyrIy.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\lsNeOuf.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\hJVLgzl.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\slojEeR.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\akciRSG.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\jcQFBqg.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\mdPMEtR.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\vlQkTSC.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\GxyJpLh.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\NdMDSpd.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\AqscHrY.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\NlNIoRd.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\FelTKAV.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\BWVXhjG.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\HSFEXrV.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 112 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 112 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 112 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 112 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\kByradN.exe
PID 112 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\kByradN.exe
PID 112 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\kByradN.exe
PID 112 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\oghrdbH.exe
PID 112 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\oghrdbH.exe
PID 112 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\oghrdbH.exe
PID 112 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\BjQKUeN.exe
PID 112 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\BjQKUeN.exe
PID 112 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\BjQKUeN.exe
PID 112 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\JFBsfem.exe
PID 112 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\JFBsfem.exe
PID 112 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\JFBsfem.exe
PID 112 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\vdlFMlm.exe
PID 112 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\vdlFMlm.exe
PID 112 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\vdlFMlm.exe
PID 112 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\QoHNdCG.exe
PID 112 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\QoHNdCG.exe
PID 112 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\QoHNdCG.exe
PID 112 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\tnXpvEa.exe
PID 112 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\tnXpvEa.exe
PID 112 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\tnXpvEa.exe
PID 112 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\ojNnhXo.exe
PID 112 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\ojNnhXo.exe
PID 112 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\ojNnhXo.exe
PID 112 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\rubXhge.exe
PID 112 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\rubXhge.exe
PID 112 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\rubXhge.exe
PID 112 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\ZTuIHIL.exe
PID 112 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\ZTuIHIL.exe
PID 112 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\ZTuIHIL.exe
PID 112 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\jTsYhak.exe
PID 112 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\jTsYhak.exe
PID 112 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\jTsYhak.exe
PID 112 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\mwrWZkA.exe
PID 112 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\mwrWZkA.exe
PID 112 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\mwrWZkA.exe
PID 112 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\XrrbjhU.exe
PID 112 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\XrrbjhU.exe
PID 112 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\XrrbjhU.exe
PID 112 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\bEoCcNX.exe
PID 112 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\bEoCcNX.exe
PID 112 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\bEoCcNX.exe
PID 112 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\UCWUbyG.exe
PID 112 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\UCWUbyG.exe
PID 112 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\UCWUbyG.exe
PID 112 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\lDDqzpC.exe
PID 112 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\lDDqzpC.exe
PID 112 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\lDDqzpC.exe
PID 112 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\SxVwtud.exe
PID 112 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\SxVwtud.exe
PID 112 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\SxVwtud.exe
PID 112 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\uziYBCt.exe
PID 112 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\uziYBCt.exe
PID 112 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\uziYBCt.exe
PID 112 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\iHQBCpF.exe
PID 112 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\iHQBCpF.exe
PID 112 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\iHQBCpF.exe
PID 112 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\lgUGuxH.exe
PID 112 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\lgUGuxH.exe
PID 112 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\lgUGuxH.exe
PID 112 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\pMHLUcj.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\kByradN.exe

C:\Windows\System\kByradN.exe

C:\Windows\System\oghrdbH.exe

C:\Windows\System\oghrdbH.exe

C:\Windows\System\BjQKUeN.exe

C:\Windows\System\BjQKUeN.exe

C:\Windows\System\JFBsfem.exe

C:\Windows\System\JFBsfem.exe

C:\Windows\System\vdlFMlm.exe

C:\Windows\System\vdlFMlm.exe

C:\Windows\System\QoHNdCG.exe

C:\Windows\System\QoHNdCG.exe

C:\Windows\System\tnXpvEa.exe

C:\Windows\System\tnXpvEa.exe

C:\Windows\System\ojNnhXo.exe

C:\Windows\System\ojNnhXo.exe

C:\Windows\System\rubXhge.exe

C:\Windows\System\rubXhge.exe

C:\Windows\System\ZTuIHIL.exe

C:\Windows\System\ZTuIHIL.exe

C:\Windows\System\jTsYhak.exe

C:\Windows\System\jTsYhak.exe

C:\Windows\System\mwrWZkA.exe

C:\Windows\System\mwrWZkA.exe

C:\Windows\System\XrrbjhU.exe

C:\Windows\System\XrrbjhU.exe

C:\Windows\System\bEoCcNX.exe

C:\Windows\System\bEoCcNX.exe

C:\Windows\System\UCWUbyG.exe

C:\Windows\System\UCWUbyG.exe

C:\Windows\System\lDDqzpC.exe

C:\Windows\System\lDDqzpC.exe

C:\Windows\System\SxVwtud.exe

C:\Windows\System\SxVwtud.exe

C:\Windows\System\uziYBCt.exe

C:\Windows\System\uziYBCt.exe

C:\Windows\System\iHQBCpF.exe

C:\Windows\System\iHQBCpF.exe

C:\Windows\System\lgUGuxH.exe

C:\Windows\System\lgUGuxH.exe

C:\Windows\System\pMHLUcj.exe

C:\Windows\System\pMHLUcj.exe

C:\Windows\System\XkMuOOH.exe

C:\Windows\System\XkMuOOH.exe

C:\Windows\System\THnDDVD.exe

C:\Windows\System\THnDDVD.exe

C:\Windows\System\yIykmkh.exe

C:\Windows\System\yIykmkh.exe

C:\Windows\System\XftHMUz.exe

C:\Windows\System\XftHMUz.exe

C:\Windows\System\XGrfSUo.exe

C:\Windows\System\XGrfSUo.exe

C:\Windows\System\oTKlTmn.exe

C:\Windows\System\oTKlTmn.exe

C:\Windows\System\ixgbJKD.exe

C:\Windows\System\ixgbJKD.exe

C:\Windows\System\PexMcye.exe

C:\Windows\System\PexMcye.exe

C:\Windows\System\ZMGcdFX.exe

C:\Windows\System\ZMGcdFX.exe

C:\Windows\System\GRMmtaJ.exe

C:\Windows\System\GRMmtaJ.exe

C:\Windows\System\MUOChXn.exe

C:\Windows\System\MUOChXn.exe

C:\Windows\System\jzZxSdU.exe

C:\Windows\System\jzZxSdU.exe

C:\Windows\System\dzChZup.exe

C:\Windows\System\dzChZup.exe

C:\Windows\System\yciJiTD.exe

C:\Windows\System\yciJiTD.exe

C:\Windows\System\oGQpeID.exe

C:\Windows\System\oGQpeID.exe

C:\Windows\System\kjEJXJa.exe

C:\Windows\System\kjEJXJa.exe

C:\Windows\System\AcQzmbS.exe

C:\Windows\System\AcQzmbS.exe

C:\Windows\System\smjBRSz.exe

C:\Windows\System\smjBRSz.exe

C:\Windows\System\xhSVmyu.exe

C:\Windows\System\xhSVmyu.exe

C:\Windows\System\RaksvYL.exe

C:\Windows\System\RaksvYL.exe

C:\Windows\System\VAsJStM.exe

C:\Windows\System\VAsJStM.exe

C:\Windows\System\cQsHpaK.exe

C:\Windows\System\cQsHpaK.exe

C:\Windows\System\SCwfEph.exe

C:\Windows\System\SCwfEph.exe

C:\Windows\System\VHjppYU.exe

C:\Windows\System\VHjppYU.exe

C:\Windows\System\gSUPRXu.exe

C:\Windows\System\gSUPRXu.exe

C:\Windows\System\UUFpyvL.exe

C:\Windows\System\UUFpyvL.exe

C:\Windows\System\QmqRiRd.exe

C:\Windows\System\QmqRiRd.exe

C:\Windows\System\aWBNlJZ.exe

C:\Windows\System\aWBNlJZ.exe

C:\Windows\System\HOUsvHz.exe

C:\Windows\System\HOUsvHz.exe

C:\Windows\System\IGYPIDZ.exe

C:\Windows\System\IGYPIDZ.exe

C:\Windows\System\bUqPOEZ.exe

C:\Windows\System\bUqPOEZ.exe

C:\Windows\System\vtQUrZx.exe

C:\Windows\System\vtQUrZx.exe

C:\Windows\System\lahOPDM.exe

C:\Windows\System\lahOPDM.exe

C:\Windows\System\SciyUvj.exe

C:\Windows\System\SciyUvj.exe

C:\Windows\System\DKjAFIY.exe

C:\Windows\System\DKjAFIY.exe

C:\Windows\System\nQXCHLt.exe

C:\Windows\System\nQXCHLt.exe

C:\Windows\System\kJDVoAv.exe

C:\Windows\System\kJDVoAv.exe

C:\Windows\System\OiHtiyO.exe

C:\Windows\System\OiHtiyO.exe

C:\Windows\System\VkuJwOK.exe

C:\Windows\System\VkuJwOK.exe

C:\Windows\System\RqmAnSP.exe

C:\Windows\System\RqmAnSP.exe

C:\Windows\System\WIFAAbu.exe

C:\Windows\System\WIFAAbu.exe

C:\Windows\System\IOQKsWC.exe

C:\Windows\System\IOQKsWC.exe

C:\Windows\System\giDuIYk.exe

C:\Windows\System\giDuIYk.exe

C:\Windows\System\abjqORR.exe

C:\Windows\System\abjqORR.exe

C:\Windows\System\noaQzRS.exe

C:\Windows\System\noaQzRS.exe

C:\Windows\System\UuzZvaQ.exe

C:\Windows\System\UuzZvaQ.exe

C:\Windows\System\cNyYlnN.exe

C:\Windows\System\cNyYlnN.exe

C:\Windows\System\itsELwI.exe

C:\Windows\System\itsELwI.exe

C:\Windows\System\xmTnQZF.exe

C:\Windows\System\xmTnQZF.exe

C:\Windows\System\HBzSTzZ.exe

C:\Windows\System\HBzSTzZ.exe

C:\Windows\System\lqWvWik.exe

C:\Windows\System\lqWvWik.exe

C:\Windows\System\dxARjOv.exe

C:\Windows\System\dxARjOv.exe

C:\Windows\System\DubYdqy.exe

C:\Windows\System\DubYdqy.exe

C:\Windows\System\hxludxS.exe

C:\Windows\System\hxludxS.exe

C:\Windows\System\ZtVJPaJ.exe

C:\Windows\System\ZtVJPaJ.exe

C:\Windows\System\EcagzOP.exe

C:\Windows\System\EcagzOP.exe

C:\Windows\System\DiwvIex.exe

C:\Windows\System\DiwvIex.exe

C:\Windows\System\cfAODqo.exe

C:\Windows\System\cfAODqo.exe

C:\Windows\System\cKQiUBT.exe

C:\Windows\System\cKQiUBT.exe

C:\Windows\System\NWlekfZ.exe

C:\Windows\System\NWlekfZ.exe

C:\Windows\System\oIeXJtv.exe

C:\Windows\System\oIeXJtv.exe

C:\Windows\System\huUAhSq.exe

C:\Windows\System\huUAhSq.exe

C:\Windows\System\jVbHJFI.exe

C:\Windows\System\jVbHJFI.exe

C:\Windows\System\FsgvpxX.exe

C:\Windows\System\FsgvpxX.exe

C:\Windows\System\FJrjfPR.exe

C:\Windows\System\FJrjfPR.exe

C:\Windows\System\rNjQGLf.exe

C:\Windows\System\rNjQGLf.exe

C:\Windows\System\uhDiOfa.exe

C:\Windows\System\uhDiOfa.exe

C:\Windows\System\DOleSNM.exe

C:\Windows\System\DOleSNM.exe

C:\Windows\System\EANyPHw.exe

C:\Windows\System\EANyPHw.exe

C:\Windows\System\JfzScuN.exe

C:\Windows\System\JfzScuN.exe

C:\Windows\System\lOHyhbw.exe

C:\Windows\System\lOHyhbw.exe

C:\Windows\System\DcADWXB.exe

C:\Windows\System\DcADWXB.exe

C:\Windows\System\jOtVoAy.exe

C:\Windows\System\jOtVoAy.exe

C:\Windows\System\XJxEIHO.exe

C:\Windows\System\XJxEIHO.exe

C:\Windows\System\ksFnDuy.exe

C:\Windows\System\ksFnDuy.exe

C:\Windows\System\GtGhoxZ.exe

C:\Windows\System\GtGhoxZ.exe

C:\Windows\System\btckWrl.exe

C:\Windows\System\btckWrl.exe

C:\Windows\System\DtSzxwg.exe

C:\Windows\System\DtSzxwg.exe

C:\Windows\System\QnpFKiv.exe

C:\Windows\System\QnpFKiv.exe

C:\Windows\System\QOdAPsM.exe

C:\Windows\System\QOdAPsM.exe

C:\Windows\System\KmEJPgS.exe

C:\Windows\System\KmEJPgS.exe

C:\Windows\System\meAQlIB.exe

C:\Windows\System\meAQlIB.exe

C:\Windows\System\NJQjzrI.exe

C:\Windows\System\NJQjzrI.exe

C:\Windows\System\mjGKVhi.exe

C:\Windows\System\mjGKVhi.exe

C:\Windows\System\nOEwCDb.exe

C:\Windows\System\nOEwCDb.exe

C:\Windows\System\bRbRnSn.exe

C:\Windows\System\bRbRnSn.exe

C:\Windows\System\hlcwCXZ.exe

C:\Windows\System\hlcwCXZ.exe

C:\Windows\System\tFYPELd.exe

C:\Windows\System\tFYPELd.exe

C:\Windows\System\vGOyprI.exe

C:\Windows\System\vGOyprI.exe

C:\Windows\System\ZKDswIe.exe

C:\Windows\System\ZKDswIe.exe

C:\Windows\System\fMipRNF.exe

C:\Windows\System\fMipRNF.exe

C:\Windows\System\rzUISnJ.exe

C:\Windows\System\rzUISnJ.exe

C:\Windows\System\MRVBjjI.exe

C:\Windows\System\MRVBjjI.exe

C:\Windows\System\xmRgeTA.exe

C:\Windows\System\xmRgeTA.exe

C:\Windows\System\iaYITpT.exe

C:\Windows\System\iaYITpT.exe

C:\Windows\System\cJIcWKq.exe

C:\Windows\System\cJIcWKq.exe

C:\Windows\System\orUQqBD.exe

C:\Windows\System\orUQqBD.exe

C:\Windows\System\ytrpHVm.exe

C:\Windows\System\ytrpHVm.exe

C:\Windows\System\dYNUsJW.exe

C:\Windows\System\dYNUsJW.exe

C:\Windows\System\jllopSd.exe

C:\Windows\System\jllopSd.exe

C:\Windows\System\lZIbzrv.exe

C:\Windows\System\lZIbzrv.exe

C:\Windows\System\nWDZoGQ.exe

C:\Windows\System\nWDZoGQ.exe

C:\Windows\System\CrrKdKy.exe

C:\Windows\System\CrrKdKy.exe

C:\Windows\System\vNKMZpQ.exe

C:\Windows\System\vNKMZpQ.exe

C:\Windows\System\rwqnrdL.exe

C:\Windows\System\rwqnrdL.exe

C:\Windows\System\reBoFNI.exe

C:\Windows\System\reBoFNI.exe

C:\Windows\System\oZprYbL.exe

C:\Windows\System\oZprYbL.exe

C:\Windows\System\zBDjjOv.exe

C:\Windows\System\zBDjjOv.exe

C:\Windows\System\AqscHrY.exe

C:\Windows\System\AqscHrY.exe

C:\Windows\System\QMLMkCv.exe

C:\Windows\System\QMLMkCv.exe

C:\Windows\System\ZyXMcOC.exe

C:\Windows\System\ZyXMcOC.exe

C:\Windows\System\KjEzFfm.exe

C:\Windows\System\KjEzFfm.exe

C:\Windows\System\AgPWvvO.exe

C:\Windows\System\AgPWvvO.exe

C:\Windows\System\wPLkkRq.exe

C:\Windows\System\wPLkkRq.exe

C:\Windows\System\TShKyVM.exe

C:\Windows\System\TShKyVM.exe

C:\Windows\System\BcsRuaF.exe

C:\Windows\System\BcsRuaF.exe

C:\Windows\System\RjGLJcB.exe

C:\Windows\System\RjGLJcB.exe

C:\Windows\System\oBzjIIr.exe

C:\Windows\System\oBzjIIr.exe

C:\Windows\System\nKgwhvU.exe

C:\Windows\System\nKgwhvU.exe

C:\Windows\System\WDIoSPq.exe

C:\Windows\System\WDIoSPq.exe

C:\Windows\System\IwrkEBd.exe

C:\Windows\System\IwrkEBd.exe

C:\Windows\System\WBqioIE.exe

C:\Windows\System\WBqioIE.exe

C:\Windows\System\YvrmMJr.exe

C:\Windows\System\YvrmMJr.exe

C:\Windows\System\IAoOvye.exe

C:\Windows\System\IAoOvye.exe

C:\Windows\System\KIsygfV.exe

C:\Windows\System\KIsygfV.exe

C:\Windows\System\JUunfge.exe

C:\Windows\System\JUunfge.exe

C:\Windows\System\gCMNcoK.exe

C:\Windows\System\gCMNcoK.exe

C:\Windows\System\lXrbNnE.exe

C:\Windows\System\lXrbNnE.exe

C:\Windows\System\iOuCYuB.exe

C:\Windows\System\iOuCYuB.exe

C:\Windows\System\nXaaCXE.exe

C:\Windows\System\nXaaCXE.exe

C:\Windows\System\GPJKJCV.exe

C:\Windows\System\GPJKJCV.exe

C:\Windows\System\uhxSIfr.exe

C:\Windows\System\uhxSIfr.exe

C:\Windows\System\hrwcHuz.exe

C:\Windows\System\hrwcHuz.exe

C:\Windows\System\PCSqOmr.exe

C:\Windows\System\PCSqOmr.exe

C:\Windows\System\WrOGjrX.exe

C:\Windows\System\WrOGjrX.exe

C:\Windows\System\LBhRLgA.exe

C:\Windows\System\LBhRLgA.exe

C:\Windows\System\zUoXXGm.exe

C:\Windows\System\zUoXXGm.exe

C:\Windows\System\HiqeznN.exe

C:\Windows\System\HiqeznN.exe

C:\Windows\System\xJeHZyV.exe

C:\Windows\System\xJeHZyV.exe

C:\Windows\System\UbZuEIk.exe

C:\Windows\System\UbZuEIk.exe

C:\Windows\System\KsfKGvp.exe

C:\Windows\System\KsfKGvp.exe

C:\Windows\System\pUzjlag.exe

C:\Windows\System\pUzjlag.exe

C:\Windows\System\KLSOfSc.exe

C:\Windows\System\KLSOfSc.exe

C:\Windows\System\obdaHzZ.exe

C:\Windows\System\obdaHzZ.exe

C:\Windows\System\jcQFBqg.exe

C:\Windows\System\jcQFBqg.exe

C:\Windows\System\OuadfhV.exe

C:\Windows\System\OuadfhV.exe

C:\Windows\System\tHLbaFV.exe

C:\Windows\System\tHLbaFV.exe

C:\Windows\System\OhcwYIY.exe

C:\Windows\System\OhcwYIY.exe

C:\Windows\System\NmynTdC.exe

C:\Windows\System\NmynTdC.exe

C:\Windows\System\OoElHhc.exe

C:\Windows\System\OoElHhc.exe

C:\Windows\System\OohKQvL.exe

C:\Windows\System\OohKQvL.exe

C:\Windows\System\FlClRai.exe

C:\Windows\System\FlClRai.exe

C:\Windows\System\YCrexdj.exe

C:\Windows\System\YCrexdj.exe

C:\Windows\System\lrNszTe.exe

C:\Windows\System\lrNszTe.exe

C:\Windows\System\LAfQeqB.exe

C:\Windows\System\LAfQeqB.exe

C:\Windows\System\TArYbXw.exe

C:\Windows\System\TArYbXw.exe

C:\Windows\System\YirFpkX.exe

C:\Windows\System\YirFpkX.exe

C:\Windows\System\HBohQPK.exe

C:\Windows\System\HBohQPK.exe

C:\Windows\System\RDRTExG.exe

C:\Windows\System\RDRTExG.exe

C:\Windows\System\ZaWIuIm.exe

C:\Windows\System\ZaWIuIm.exe

C:\Windows\System\HAbkSVE.exe

C:\Windows\System\HAbkSVE.exe

C:\Windows\System\thACsQq.exe

C:\Windows\System\thACsQq.exe

C:\Windows\System\YLgqOSk.exe

C:\Windows\System\YLgqOSk.exe

C:\Windows\System\hDbmzMy.exe

C:\Windows\System\hDbmzMy.exe

C:\Windows\System\mQiMoLi.exe

C:\Windows\System\mQiMoLi.exe

C:\Windows\System\JgIBoPC.exe

C:\Windows\System\JgIBoPC.exe

C:\Windows\System\qCnBrZI.exe

C:\Windows\System\qCnBrZI.exe

C:\Windows\System\VvwgRkJ.exe

C:\Windows\System\VvwgRkJ.exe

C:\Windows\System\XZLAjqv.exe

C:\Windows\System\XZLAjqv.exe

C:\Windows\System\YLJLqCw.exe

C:\Windows\System\YLJLqCw.exe

C:\Windows\System\dxJCqDS.exe

C:\Windows\System\dxJCqDS.exe

C:\Windows\System\yHWkNWT.exe

C:\Windows\System\yHWkNWT.exe

C:\Windows\System\ZnEoieq.exe

C:\Windows\System\ZnEoieq.exe

C:\Windows\System\IFVTseR.exe

C:\Windows\System\IFVTseR.exe

C:\Windows\System\UCHqIvB.exe

C:\Windows\System\UCHqIvB.exe

C:\Windows\System\mzTthyn.exe

C:\Windows\System\mzTthyn.exe

C:\Windows\System\OqnfXew.exe

C:\Windows\System\OqnfXew.exe

C:\Windows\System\HKKXNhR.exe

C:\Windows\System\HKKXNhR.exe

C:\Windows\System\aySklNQ.exe

C:\Windows\System\aySklNQ.exe

C:\Windows\System\owgypIR.exe

C:\Windows\System\owgypIR.exe

C:\Windows\System\wWORALb.exe

C:\Windows\System\wWORALb.exe

C:\Windows\System\ovvDGrf.exe

C:\Windows\System\ovvDGrf.exe

C:\Windows\System\MnKpYWY.exe

C:\Windows\System\MnKpYWY.exe

C:\Windows\System\lgjTLwp.exe

C:\Windows\System\lgjTLwp.exe

C:\Windows\System\huuzJvD.exe

C:\Windows\System\huuzJvD.exe

C:\Windows\System\jKHeBld.exe

C:\Windows\System\jKHeBld.exe

C:\Windows\System\MSDAqOb.exe

C:\Windows\System\MSDAqOb.exe

C:\Windows\System\xdmvzfR.exe

C:\Windows\System\xdmvzfR.exe

C:\Windows\System\eufbmSP.exe

C:\Windows\System\eufbmSP.exe

C:\Windows\System\xwydIqv.exe

C:\Windows\System\xwydIqv.exe

C:\Windows\System\ocShwYa.exe

C:\Windows\System\ocShwYa.exe

C:\Windows\System\HDEuzqg.exe

C:\Windows\System\HDEuzqg.exe

C:\Windows\System\mHwiKLP.exe

C:\Windows\System\mHwiKLP.exe

C:\Windows\System\pWhNDen.exe

C:\Windows\System\pWhNDen.exe

C:\Windows\System\XktKKSh.exe

C:\Windows\System\XktKKSh.exe

C:\Windows\System\wlZACQj.exe

C:\Windows\System\wlZACQj.exe

C:\Windows\System\nRBtGJj.exe

C:\Windows\System\nRBtGJj.exe

C:\Windows\System\GjuNIjJ.exe

C:\Windows\System\GjuNIjJ.exe

C:\Windows\System\xEovBIc.exe

C:\Windows\System\xEovBIc.exe

C:\Windows\System\jsItDtO.exe

C:\Windows\System\jsItDtO.exe

C:\Windows\System\KqTuPqF.exe

C:\Windows\System\KqTuPqF.exe

C:\Windows\System\izSKyRd.exe

C:\Windows\System\izSKyRd.exe

C:\Windows\System\CFlGhlM.exe

C:\Windows\System\CFlGhlM.exe

C:\Windows\System\VtdRcsN.exe

C:\Windows\System\VtdRcsN.exe

C:\Windows\System\lOzDUUh.exe

C:\Windows\System\lOzDUUh.exe

C:\Windows\System\shqDBcJ.exe

C:\Windows\System\shqDBcJ.exe

C:\Windows\System\DHeNBMY.exe

C:\Windows\System\DHeNBMY.exe

C:\Windows\System\wqOAUmb.exe

C:\Windows\System\wqOAUmb.exe

C:\Windows\System\aqcSbrn.exe

C:\Windows\System\aqcSbrn.exe

C:\Windows\System\Ebzegoi.exe

C:\Windows\System\Ebzegoi.exe

C:\Windows\System\ivgTsOv.exe

C:\Windows\System\ivgTsOv.exe

C:\Windows\System\YOaskZT.exe

C:\Windows\System\YOaskZT.exe

C:\Windows\System\ogNdUkQ.exe

C:\Windows\System\ogNdUkQ.exe

C:\Windows\System\eCvhGcM.exe

C:\Windows\System\eCvhGcM.exe

C:\Windows\System\aDNGvlG.exe

C:\Windows\System\aDNGvlG.exe

C:\Windows\System\CIGCqmi.exe

C:\Windows\System\CIGCqmi.exe

C:\Windows\System\HGjgyVf.exe

C:\Windows\System\HGjgyVf.exe

C:\Windows\System\jNqhvZc.exe

C:\Windows\System\jNqhvZc.exe

C:\Windows\System\TKPqtKY.exe

C:\Windows\System\TKPqtKY.exe

C:\Windows\System\xuVeCGr.exe

C:\Windows\System\xuVeCGr.exe

C:\Windows\System\ehTIeZX.exe

C:\Windows\System\ehTIeZX.exe

C:\Windows\System\mdQAIzU.exe

C:\Windows\System\mdQAIzU.exe

C:\Windows\System\pkqvKWH.exe

C:\Windows\System\pkqvKWH.exe

C:\Windows\System\yyluCPK.exe

C:\Windows\System\yyluCPK.exe

C:\Windows\System\jNyUeEX.exe

C:\Windows\System\jNyUeEX.exe

C:\Windows\System\OWBAJmA.exe

C:\Windows\System\OWBAJmA.exe

C:\Windows\System\TZcYXsp.exe

C:\Windows\System\TZcYXsp.exe

C:\Windows\System\yMImSAi.exe

C:\Windows\System\yMImSAi.exe

C:\Windows\System\RBuVcyd.exe

C:\Windows\System\RBuVcyd.exe

C:\Windows\System\YvsDCzU.exe

C:\Windows\System\YvsDCzU.exe

C:\Windows\System\tZzgBZQ.exe

C:\Windows\System\tZzgBZQ.exe

C:\Windows\System\wrPeMop.exe

C:\Windows\System\wrPeMop.exe

C:\Windows\System\VtoarNw.exe

C:\Windows\System\VtoarNw.exe

C:\Windows\System\ssRDIJt.exe

C:\Windows\System\ssRDIJt.exe

C:\Windows\System\HEjBcKY.exe

C:\Windows\System\HEjBcKY.exe

C:\Windows\System\gWhrfzY.exe

C:\Windows\System\gWhrfzY.exe

C:\Windows\System\CNmeQJf.exe

C:\Windows\System\CNmeQJf.exe

C:\Windows\System\RPZQzaz.exe

C:\Windows\System\RPZQzaz.exe

C:\Windows\System\jmzGEWR.exe

C:\Windows\System\jmzGEWR.exe

C:\Windows\System\KtCeQVc.exe

C:\Windows\System\KtCeQVc.exe

C:\Windows\System\fMuscgw.exe

C:\Windows\System\fMuscgw.exe

C:\Windows\System\FElzUjN.exe

C:\Windows\System\FElzUjN.exe

C:\Windows\System\qnINHAH.exe

C:\Windows\System\qnINHAH.exe

C:\Windows\System\icDYpIH.exe

C:\Windows\System\icDYpIH.exe

C:\Windows\System\XXEquxJ.exe

C:\Windows\System\XXEquxJ.exe

C:\Windows\System\QTBzfXo.exe

C:\Windows\System\QTBzfXo.exe

C:\Windows\System\AMojPMi.exe

C:\Windows\System\AMojPMi.exe

C:\Windows\System\EAQNqeT.exe

C:\Windows\System\EAQNqeT.exe

C:\Windows\System\AFoPKKn.exe

C:\Windows\System\AFoPKKn.exe

C:\Windows\System\iAsTXDY.exe

C:\Windows\System\iAsTXDY.exe

C:\Windows\System\lHNxPfi.exe

C:\Windows\System\lHNxPfi.exe

C:\Windows\System\tWQlznm.exe

C:\Windows\System\tWQlznm.exe

C:\Windows\System\VTwDCJM.exe

C:\Windows\System\VTwDCJM.exe

C:\Windows\System\qpDOwpL.exe

C:\Windows\System\qpDOwpL.exe

C:\Windows\System\yRblUbU.exe

C:\Windows\System\yRblUbU.exe

C:\Windows\System\sqeUwcw.exe

C:\Windows\System\sqeUwcw.exe

C:\Windows\System\sYLrZPD.exe

C:\Windows\System\sYLrZPD.exe

C:\Windows\System\FVsGYHU.exe

C:\Windows\System\FVsGYHU.exe

C:\Windows\System\RSiWCRI.exe

C:\Windows\System\RSiWCRI.exe

C:\Windows\System\gFZuBjN.exe

C:\Windows\System\gFZuBjN.exe

C:\Windows\System\CEfBfde.exe

C:\Windows\System\CEfBfde.exe

C:\Windows\System\JlILcrm.exe

C:\Windows\System\JlILcrm.exe

C:\Windows\System\XdJNLUD.exe

C:\Windows\System\XdJNLUD.exe

C:\Windows\System\VIcaZTY.exe

C:\Windows\System\VIcaZTY.exe

C:\Windows\System\AhJvfbd.exe

C:\Windows\System\AhJvfbd.exe

C:\Windows\System\vLOXipL.exe

C:\Windows\System\vLOXipL.exe

C:\Windows\System\wWWcjdC.exe

C:\Windows\System\wWWcjdC.exe

C:\Windows\System\cgwUQbX.exe

C:\Windows\System\cgwUQbX.exe

C:\Windows\System\pxqXhZo.exe

C:\Windows\System\pxqXhZo.exe

C:\Windows\System\PxjGjjh.exe

C:\Windows\System\PxjGjjh.exe

C:\Windows\System\joKpYoo.exe

C:\Windows\System\joKpYoo.exe

C:\Windows\System\hkEBxWP.exe

C:\Windows\System\hkEBxWP.exe

C:\Windows\System\AEflauI.exe

C:\Windows\System\AEflauI.exe

C:\Windows\System\mrPlvFB.exe

C:\Windows\System\mrPlvFB.exe

C:\Windows\System\YJLipEk.exe

C:\Windows\System\YJLipEk.exe

C:\Windows\System\ZgXEtsT.exe

C:\Windows\System\ZgXEtsT.exe

C:\Windows\System\sIyNvWe.exe

C:\Windows\System\sIyNvWe.exe

C:\Windows\System\SFIQMch.exe

C:\Windows\System\SFIQMch.exe

C:\Windows\System\JTEqXxb.exe

C:\Windows\System\JTEqXxb.exe

C:\Windows\System\jwYmRxK.exe

C:\Windows\System\jwYmRxK.exe

C:\Windows\System\ueIyEQO.exe

C:\Windows\System\ueIyEQO.exe

C:\Windows\System\MTvLjVo.exe

C:\Windows\System\MTvLjVo.exe

C:\Windows\System\cGLXYrE.exe

C:\Windows\System\cGLXYrE.exe

C:\Windows\System\Kbfwwap.exe

C:\Windows\System\Kbfwwap.exe

C:\Windows\System\oGZqqqe.exe

C:\Windows\System\oGZqqqe.exe

C:\Windows\System\Nkqfrjy.exe

C:\Windows\System\Nkqfrjy.exe

C:\Windows\System\BSLMNWN.exe

C:\Windows\System\BSLMNWN.exe

C:\Windows\System\BYeLQpG.exe

C:\Windows\System\BYeLQpG.exe

C:\Windows\System\PmUtfUH.exe

C:\Windows\System\PmUtfUH.exe

C:\Windows\System\equrWxD.exe

C:\Windows\System\equrWxD.exe

C:\Windows\System\zAHMOhe.exe

C:\Windows\System\zAHMOhe.exe

C:\Windows\System\WminFlj.exe

C:\Windows\System\WminFlj.exe

C:\Windows\System\Irblbyg.exe

C:\Windows\System\Irblbyg.exe

C:\Windows\System\EJhxALJ.exe

C:\Windows\System\EJhxALJ.exe

C:\Windows\System\bwftQAB.exe

C:\Windows\System\bwftQAB.exe

C:\Windows\System\gpkcSbp.exe

C:\Windows\System\gpkcSbp.exe

C:\Windows\System\ytoRwOH.exe

C:\Windows\System\ytoRwOH.exe

C:\Windows\System\KZBtKuM.exe

C:\Windows\System\KZBtKuM.exe

C:\Windows\System\lVKzoGy.exe

C:\Windows\System\lVKzoGy.exe

C:\Windows\System\dkwTSzv.exe

C:\Windows\System\dkwTSzv.exe

C:\Windows\System\tyVcUEs.exe

C:\Windows\System\tyVcUEs.exe

C:\Windows\System\CzagByl.exe

C:\Windows\System\CzagByl.exe

C:\Windows\System\YvnmhPb.exe

C:\Windows\System\YvnmhPb.exe

C:\Windows\System\wKADisR.exe

C:\Windows\System\wKADisR.exe

C:\Windows\System\WuxHxoG.exe

C:\Windows\System\WuxHxoG.exe

C:\Windows\System\uTrsWnH.exe

C:\Windows\System\uTrsWnH.exe

C:\Windows\System\aSzqXwN.exe

C:\Windows\System\aSzqXwN.exe

C:\Windows\System\GnaMSKH.exe

C:\Windows\System\GnaMSKH.exe

C:\Windows\System\bSsDqUP.exe

C:\Windows\System\bSsDqUP.exe

C:\Windows\System\UawVOWP.exe

C:\Windows\System\UawVOWP.exe

C:\Windows\System\SaKKTTe.exe

C:\Windows\System\SaKKTTe.exe

C:\Windows\System\UxmrdPI.exe

C:\Windows\System\UxmrdPI.exe

C:\Windows\System\efmokPw.exe

C:\Windows\System\efmokPw.exe

C:\Windows\System\VixCycs.exe

C:\Windows\System\VixCycs.exe

C:\Windows\System\GHxWnQF.exe

C:\Windows\System\GHxWnQF.exe

C:\Windows\System\XUeYAkI.exe

C:\Windows\System\XUeYAkI.exe

C:\Windows\System\GNbfNLQ.exe

C:\Windows\System\GNbfNLQ.exe

C:\Windows\System\fpCGiTS.exe

C:\Windows\System\fpCGiTS.exe

C:\Windows\System\SHzbhgr.exe

C:\Windows\System\SHzbhgr.exe

C:\Windows\System\zfmtnqA.exe

C:\Windows\System\zfmtnqA.exe

C:\Windows\System\ZJgJgsM.exe

C:\Windows\System\ZJgJgsM.exe

C:\Windows\System\PTtMVBG.exe

C:\Windows\System\PTtMVBG.exe

C:\Windows\System\vBgWFUx.exe

C:\Windows\System\vBgWFUx.exe

C:\Windows\System\FmcAHRM.exe

C:\Windows\System\FmcAHRM.exe

C:\Windows\System\JGYhiMf.exe

C:\Windows\System\JGYhiMf.exe

C:\Windows\System\Mefprej.exe

C:\Windows\System\Mefprej.exe

C:\Windows\System\SjtByQy.exe

C:\Windows\System\SjtByQy.exe

C:\Windows\System\IHPYhny.exe

C:\Windows\System\IHPYhny.exe

C:\Windows\System\ncyBjwj.exe

C:\Windows\System\ncyBjwj.exe

C:\Windows\System\mCoShVg.exe

C:\Windows\System\mCoShVg.exe

C:\Windows\System\ijXcRky.exe

C:\Windows\System\ijXcRky.exe

C:\Windows\System\WjKmUKj.exe

C:\Windows\System\WjKmUKj.exe

C:\Windows\System\aeZUwNg.exe

C:\Windows\System\aeZUwNg.exe

C:\Windows\System\FkGZnzf.exe

C:\Windows\System\FkGZnzf.exe

C:\Windows\System\TbJcYdk.exe

C:\Windows\System\TbJcYdk.exe

C:\Windows\System\UGCEdHW.exe

C:\Windows\System\UGCEdHW.exe

C:\Windows\System\igIBylu.exe

C:\Windows\System\igIBylu.exe

C:\Windows\System\DtYgglw.exe

C:\Windows\System\DtYgglw.exe

C:\Windows\System\gGEyaWR.exe

C:\Windows\System\gGEyaWR.exe

C:\Windows\System\kKVtotb.exe

C:\Windows\System\kKVtotb.exe

C:\Windows\System\nWuaYbw.exe

C:\Windows\System\nWuaYbw.exe

C:\Windows\System\eCskbsa.exe

C:\Windows\System\eCskbsa.exe

C:\Windows\System\NCjQuNu.exe

C:\Windows\System\NCjQuNu.exe

C:\Windows\System\rvcCWwG.exe

C:\Windows\System\rvcCWwG.exe

C:\Windows\System\IJLuoqV.exe

C:\Windows\System\IJLuoqV.exe

C:\Windows\System\CFqXlQm.exe

C:\Windows\System\CFqXlQm.exe

C:\Windows\System\uRpwoQs.exe

C:\Windows\System\uRpwoQs.exe

C:\Windows\System\PWlvgOo.exe

C:\Windows\System\PWlvgOo.exe

C:\Windows\System\dhaAkgM.exe

C:\Windows\System\dhaAkgM.exe

C:\Windows\System\TIsKoUJ.exe

C:\Windows\System\TIsKoUJ.exe

C:\Windows\System\foFsVXl.exe

C:\Windows\System\foFsVXl.exe

C:\Windows\System\tsVwNHt.exe

C:\Windows\System\tsVwNHt.exe

C:\Windows\System\lrGnRrp.exe

C:\Windows\System\lrGnRrp.exe

C:\Windows\System\cieYYXa.exe

C:\Windows\System\cieYYXa.exe

C:\Windows\System\EASFZFJ.exe

C:\Windows\System\EASFZFJ.exe

C:\Windows\System\fouDEam.exe

C:\Windows\System\fouDEam.exe

C:\Windows\System\YBXSsgB.exe

C:\Windows\System\YBXSsgB.exe

C:\Windows\System\TMafvxY.exe

C:\Windows\System\TMafvxY.exe

C:\Windows\System\YVXgCrs.exe

C:\Windows\System\YVXgCrs.exe

C:\Windows\System\OSclphD.exe

C:\Windows\System\OSclphD.exe

C:\Windows\System\zmgfpSF.exe

C:\Windows\System\zmgfpSF.exe

C:\Windows\System\MnzMmqA.exe

C:\Windows\System\MnzMmqA.exe

C:\Windows\System\kjnYWJU.exe

C:\Windows\System\kjnYWJU.exe

C:\Windows\System\YpyJLbg.exe

C:\Windows\System\YpyJLbg.exe

C:\Windows\System\kqFsVHe.exe

C:\Windows\System\kqFsVHe.exe

C:\Windows\System\TIqXqXq.exe

C:\Windows\System\TIqXqXq.exe

C:\Windows\System\OIDqeMR.exe

C:\Windows\System\OIDqeMR.exe

C:\Windows\System\XIwrjKR.exe

C:\Windows\System\XIwrjKR.exe

C:\Windows\System\BCJvWeK.exe

C:\Windows\System\BCJvWeK.exe

C:\Windows\System\LnVBlUk.exe

C:\Windows\System\LnVBlUk.exe

C:\Windows\System\Znhgfvo.exe

C:\Windows\System\Znhgfvo.exe

C:\Windows\System\QwpqRWo.exe

C:\Windows\System\QwpqRWo.exe

C:\Windows\System\OqRfruP.exe

C:\Windows\System\OqRfruP.exe

C:\Windows\System\eXLPAAT.exe

C:\Windows\System\eXLPAAT.exe

C:\Windows\System\sMynWJW.exe

C:\Windows\System\sMynWJW.exe

C:\Windows\System\eesDPbf.exe

C:\Windows\System\eesDPbf.exe

C:\Windows\System\xMFKtzy.exe

C:\Windows\System\xMFKtzy.exe

C:\Windows\System\EgqexNA.exe

C:\Windows\System\EgqexNA.exe

C:\Windows\System\serwmLc.exe

C:\Windows\System\serwmLc.exe

C:\Windows\System\fRXhfSF.exe

C:\Windows\System\fRXhfSF.exe

C:\Windows\System\BHKVaBO.exe

C:\Windows\System\BHKVaBO.exe

C:\Windows\System\dUkJSnT.exe

C:\Windows\System\dUkJSnT.exe

C:\Windows\System\yCvNBRP.exe

C:\Windows\System\yCvNBRP.exe

C:\Windows\System\kWWYcUf.exe

C:\Windows\System\kWWYcUf.exe

C:\Windows\System\WicmZSm.exe

C:\Windows\System\WicmZSm.exe

C:\Windows\System\GyGNmMB.exe

C:\Windows\System\GyGNmMB.exe

C:\Windows\System\tEiaufz.exe

C:\Windows\System\tEiaufz.exe

C:\Windows\System\xSlaiEy.exe

C:\Windows\System\xSlaiEy.exe

C:\Windows\System\ZlCpgYD.exe

C:\Windows\System\ZlCpgYD.exe

C:\Windows\System\TUQNyGI.exe

C:\Windows\System\TUQNyGI.exe

C:\Windows\System\FoFDqOX.exe

C:\Windows\System\FoFDqOX.exe

C:\Windows\System\vmxTimJ.exe

C:\Windows\System\vmxTimJ.exe

C:\Windows\System\FaZMUsw.exe

C:\Windows\System\FaZMUsw.exe

C:\Windows\System\mIHKEJB.exe

C:\Windows\System\mIHKEJB.exe

C:\Windows\System\vdRGzjo.exe

C:\Windows\System\vdRGzjo.exe

C:\Windows\System\HTMBnjt.exe

C:\Windows\System\HTMBnjt.exe

C:\Windows\System\XCppfjb.exe

C:\Windows\System\XCppfjb.exe

C:\Windows\System\Ktxrirb.exe

C:\Windows\System\Ktxrirb.exe

C:\Windows\System\tdirVYY.exe

C:\Windows\System\tdirVYY.exe

C:\Windows\System\TEUIFOS.exe

C:\Windows\System\TEUIFOS.exe

C:\Windows\System\MBLOWeY.exe

C:\Windows\System\MBLOWeY.exe

C:\Windows\System\eMqVenY.exe

C:\Windows\System\eMqVenY.exe

C:\Windows\System\rQFpzNt.exe

C:\Windows\System\rQFpzNt.exe

C:\Windows\System\lDVxkEY.exe

C:\Windows\System\lDVxkEY.exe

C:\Windows\System\daOTTng.exe

C:\Windows\System\daOTTng.exe

C:\Windows\System\CdznUAi.exe

C:\Windows\System\CdznUAi.exe

C:\Windows\System\sDQzPcF.exe

C:\Windows\System\sDQzPcF.exe

C:\Windows\System\OErbpjz.exe

C:\Windows\System\OErbpjz.exe

C:\Windows\System\qLXeuGY.exe

C:\Windows\System\qLXeuGY.exe

C:\Windows\System\opSSgBl.exe

C:\Windows\System\opSSgBl.exe

C:\Windows\System\UOatMBR.exe

C:\Windows\System\UOatMBR.exe

C:\Windows\System\aHCbRQS.exe

C:\Windows\System\aHCbRQS.exe

C:\Windows\System\JgTVgIV.exe

C:\Windows\System\JgTVgIV.exe

C:\Windows\System\jtoFEIG.exe

C:\Windows\System\jtoFEIG.exe

C:\Windows\System\jqVoMKc.exe

C:\Windows\System\jqVoMKc.exe

C:\Windows\System\yxWgzXR.exe

C:\Windows\System\yxWgzXR.exe

C:\Windows\System\uIWkHXn.exe

C:\Windows\System\uIWkHXn.exe

C:\Windows\System\xmYnlNS.exe

C:\Windows\System\xmYnlNS.exe

C:\Windows\System\JKnFKMB.exe

C:\Windows\System\JKnFKMB.exe

C:\Windows\System\nzCpIJo.exe

C:\Windows\System\nzCpIJo.exe

C:\Windows\System\NvzCaxZ.exe

C:\Windows\System\NvzCaxZ.exe

C:\Windows\System\prtKEYQ.exe

C:\Windows\System\prtKEYQ.exe

C:\Windows\System\VPToNnr.exe

C:\Windows\System\VPToNnr.exe

C:\Windows\System\wivaviV.exe

C:\Windows\System\wivaviV.exe

C:\Windows\System\fnLntLT.exe

C:\Windows\System\fnLntLT.exe

C:\Windows\System\sUdsLGB.exe

C:\Windows\System\sUdsLGB.exe

C:\Windows\System\WuFeSVi.exe

C:\Windows\System\WuFeSVi.exe

C:\Windows\System\TisxEeg.exe

C:\Windows\System\TisxEeg.exe

C:\Windows\System\DiKGXDP.exe

C:\Windows\System\DiKGXDP.exe

C:\Windows\System\CBlWUkL.exe

C:\Windows\System\CBlWUkL.exe

C:\Windows\System\QlrRtHV.exe

C:\Windows\System\QlrRtHV.exe

C:\Windows\System\sHugpWO.exe

C:\Windows\System\sHugpWO.exe

C:\Windows\System\fVLeWuL.exe

C:\Windows\System\fVLeWuL.exe

C:\Windows\System\wHMcGnu.exe

C:\Windows\System\wHMcGnu.exe

C:\Windows\System\yPLWhie.exe

C:\Windows\System\yPLWhie.exe

C:\Windows\System\FjgFGRx.exe

C:\Windows\System\FjgFGRx.exe

C:\Windows\System\QJUojSO.exe

C:\Windows\System\QJUojSO.exe

C:\Windows\System\SFXURoW.exe

C:\Windows\System\SFXURoW.exe

C:\Windows\System\paYjNzL.exe

C:\Windows\System\paYjNzL.exe

C:\Windows\System\JdBCCJv.exe

C:\Windows\System\JdBCCJv.exe

C:\Windows\System\heJvFQm.exe

C:\Windows\System\heJvFQm.exe

C:\Windows\System\nYRxuWy.exe

C:\Windows\System\nYRxuWy.exe

C:\Windows\System\bXEuIhm.exe

C:\Windows\System\bXEuIhm.exe

C:\Windows\System\MEVPzCB.exe

C:\Windows\System\MEVPzCB.exe

C:\Windows\System\YUEAWkR.exe

C:\Windows\System\YUEAWkR.exe

C:\Windows\System\LKYVIAa.exe

C:\Windows\System\LKYVIAa.exe

C:\Windows\System\aveUaDe.exe

C:\Windows\System\aveUaDe.exe

C:\Windows\System\iETEltn.exe

C:\Windows\System\iETEltn.exe

C:\Windows\System\TtGOsRk.exe

C:\Windows\System\TtGOsRk.exe

C:\Windows\System\NTIeSkv.exe

C:\Windows\System\NTIeSkv.exe

C:\Windows\System\JNMUXci.exe

C:\Windows\System\JNMUXci.exe

C:\Windows\System\uQlgLgI.exe

C:\Windows\System\uQlgLgI.exe

C:\Windows\System\bLJcYpD.exe

C:\Windows\System\bLJcYpD.exe

C:\Windows\System\FyYzHos.exe

C:\Windows\System\FyYzHos.exe

C:\Windows\System\MQmAkog.exe

C:\Windows\System\MQmAkog.exe

C:\Windows\System\tYCapSO.exe

C:\Windows\System\tYCapSO.exe

C:\Windows\System\izEkqjr.exe

C:\Windows\System\izEkqjr.exe

C:\Windows\System\FYVWjpy.exe

C:\Windows\System\FYVWjpy.exe

C:\Windows\System\mgTxqcf.exe

C:\Windows\System\mgTxqcf.exe

C:\Windows\System\ZdvWvcb.exe

C:\Windows\System\ZdvWvcb.exe

C:\Windows\System\QrSRxqi.exe

C:\Windows\System\QrSRxqi.exe

C:\Windows\System\yWkGzul.exe

C:\Windows\System\yWkGzul.exe

C:\Windows\System\MkSlyUT.exe

C:\Windows\System\MkSlyUT.exe

C:\Windows\System\tjKqOrc.exe

C:\Windows\System\tjKqOrc.exe

C:\Windows\System\ZmDIqmk.exe

C:\Windows\System\ZmDIqmk.exe

C:\Windows\System\BQSGCxE.exe

C:\Windows\System\BQSGCxE.exe

C:\Windows\System\HqpNiTP.exe

C:\Windows\System\HqpNiTP.exe

C:\Windows\System\HBHLvXN.exe

C:\Windows\System\HBHLvXN.exe

C:\Windows\System\vcnYRfv.exe

C:\Windows\System\vcnYRfv.exe

C:\Windows\System\hJFLmjX.exe

C:\Windows\System\hJFLmjX.exe

C:\Windows\System\PKewxoU.exe

C:\Windows\System\PKewxoU.exe

C:\Windows\System\xYCdtQm.exe

C:\Windows\System\xYCdtQm.exe

C:\Windows\System\ryXUgMw.exe

C:\Windows\System\ryXUgMw.exe

C:\Windows\System\rUINSWr.exe

C:\Windows\System\rUINSWr.exe

C:\Windows\System\NonjYID.exe

C:\Windows\System\NonjYID.exe

C:\Windows\System\KvteElM.exe

C:\Windows\System\KvteElM.exe

C:\Windows\System\aJCRjZJ.exe

C:\Windows\System\aJCRjZJ.exe

C:\Windows\System\yTvhgKG.exe

C:\Windows\System\yTvhgKG.exe

C:\Windows\System\jujbWYn.exe

C:\Windows\System\jujbWYn.exe

C:\Windows\System\RTvRSeu.exe

C:\Windows\System\RTvRSeu.exe

C:\Windows\System\uVJarNg.exe

C:\Windows\System\uVJarNg.exe

C:\Windows\System\vEDxofK.exe

C:\Windows\System\vEDxofK.exe

C:\Windows\System\cozVcYP.exe

C:\Windows\System\cozVcYP.exe

C:\Windows\System\kMQeqVS.exe

C:\Windows\System\kMQeqVS.exe

C:\Windows\System\mUthEOJ.exe

C:\Windows\System\mUthEOJ.exe

C:\Windows\System\KPLLIxS.exe

C:\Windows\System\KPLLIxS.exe

C:\Windows\System\KvdzOqm.exe

C:\Windows\System\KvdzOqm.exe

C:\Windows\System\xPKIGlV.exe

C:\Windows\System\xPKIGlV.exe

C:\Windows\System\ucuvpXz.exe

C:\Windows\System\ucuvpXz.exe

C:\Windows\System\MsNzLuq.exe

C:\Windows\System\MsNzLuq.exe

C:\Windows\System\PVTlrQm.exe

C:\Windows\System\PVTlrQm.exe

C:\Windows\System\PNIkINY.exe

C:\Windows\System\PNIkINY.exe

C:\Windows\System\Kpoghco.exe

C:\Windows\System\Kpoghco.exe

C:\Windows\System\aGoxXsl.exe

C:\Windows\System\aGoxXsl.exe

C:\Windows\System\MDWGvLU.exe

C:\Windows\System\MDWGvLU.exe

C:\Windows\System\HpUasxZ.exe

C:\Windows\System\HpUasxZ.exe

C:\Windows\System\zMUbWRe.exe

C:\Windows\System\zMUbWRe.exe

C:\Windows\System\CRgmSzP.exe

C:\Windows\System\CRgmSzP.exe

C:\Windows\System\qUtkcuS.exe

C:\Windows\System\qUtkcuS.exe

C:\Windows\System\DRNnfwd.exe

C:\Windows\System\DRNnfwd.exe

C:\Windows\System\mugoSSJ.exe

C:\Windows\System\mugoSSJ.exe

C:\Windows\System\sDorPhS.exe

C:\Windows\System\sDorPhS.exe

C:\Windows\System\CuzezZc.exe

C:\Windows\System\CuzezZc.exe

C:\Windows\System\OvSzWYd.exe

C:\Windows\System\OvSzWYd.exe

C:\Windows\System\vNdlirv.exe

C:\Windows\System\vNdlirv.exe

C:\Windows\System\SRpbNbg.exe

C:\Windows\System\SRpbNbg.exe

C:\Windows\System\OtNofld.exe

C:\Windows\System\OtNofld.exe

C:\Windows\System\zklspJZ.exe

C:\Windows\System\zklspJZ.exe

C:\Windows\System\QSsNMer.exe

C:\Windows\System\QSsNMer.exe

C:\Windows\System\sIjKTbK.exe

C:\Windows\System\sIjKTbK.exe

C:\Windows\System\qjvnJWw.exe

C:\Windows\System\qjvnJWw.exe

C:\Windows\System\PRUmmNJ.exe

C:\Windows\System\PRUmmNJ.exe

C:\Windows\System\mwLakKL.exe

C:\Windows\System\mwLakKL.exe

C:\Windows\System\NCMagws.exe

C:\Windows\System\NCMagws.exe

C:\Windows\System\spmrtTy.exe

C:\Windows\System\spmrtTy.exe

C:\Windows\System\vQOgvIx.exe

C:\Windows\System\vQOgvIx.exe

C:\Windows\System\gKZjGOX.exe

C:\Windows\System\gKZjGOX.exe

C:\Windows\System\WLBmMEN.exe

C:\Windows\System\WLBmMEN.exe

C:\Windows\System\MRpRduF.exe

C:\Windows\System\MRpRduF.exe

C:\Windows\System\xrbPsop.exe

C:\Windows\System\xrbPsop.exe

C:\Windows\System\uYqRJPE.exe

C:\Windows\System\uYqRJPE.exe

C:\Windows\System\uCjlMlf.exe

C:\Windows\System\uCjlMlf.exe

C:\Windows\System\ETMYpYH.exe

C:\Windows\System\ETMYpYH.exe

C:\Windows\System\zpsjzts.exe

C:\Windows\System\zpsjzts.exe

C:\Windows\System\dLdkKNx.exe

C:\Windows\System\dLdkKNx.exe

C:\Windows\System\cHWrwOc.exe

C:\Windows\System\cHWrwOc.exe

C:\Windows\System\AKPHhIr.exe

C:\Windows\System\AKPHhIr.exe

C:\Windows\System\diTZYrP.exe

C:\Windows\System\diTZYrP.exe

C:\Windows\System\ZLujPvS.exe

C:\Windows\System\ZLujPvS.exe

C:\Windows\System\JDXdCjU.exe

C:\Windows\System\JDXdCjU.exe

C:\Windows\System\PAQSYTO.exe

C:\Windows\System\PAQSYTO.exe

C:\Windows\System\tKqAFyt.exe

C:\Windows\System\tKqAFyt.exe

C:\Windows\System\GnSbtDF.exe

C:\Windows\System\GnSbtDF.exe

C:\Windows\System\eJPYUAz.exe

C:\Windows\System\eJPYUAz.exe

C:\Windows\System\XGqYncW.exe

C:\Windows\System\XGqYncW.exe

C:\Windows\System\GtBYVjb.exe

C:\Windows\System\GtBYVjb.exe

C:\Windows\System\OAWGvAS.exe

C:\Windows\System\OAWGvAS.exe

C:\Windows\System\DMrjjIE.exe

C:\Windows\System\DMrjjIE.exe

C:\Windows\System\ZyjiNlH.exe

C:\Windows\System\ZyjiNlH.exe

C:\Windows\System\PdtxmSO.exe

C:\Windows\System\PdtxmSO.exe

C:\Windows\System\wpSsEJa.exe

C:\Windows\System\wpSsEJa.exe

C:\Windows\System\cFHTRCO.exe

C:\Windows\System\cFHTRCO.exe

C:\Windows\System\ggaprDZ.exe

C:\Windows\System\ggaprDZ.exe

C:\Windows\System\DgoDpfU.exe

C:\Windows\System\DgoDpfU.exe

C:\Windows\System\YuoCbFa.exe

C:\Windows\System\YuoCbFa.exe

C:\Windows\System\xlsbqtd.exe

C:\Windows\System\xlsbqtd.exe

C:\Windows\System\SOOviOf.exe

C:\Windows\System\SOOviOf.exe

C:\Windows\System\iggSsdH.exe

C:\Windows\System\iggSsdH.exe

C:\Windows\System\oiZbHHR.exe

C:\Windows\System\oiZbHHR.exe

C:\Windows\System\eDZsiwC.exe

C:\Windows\System\eDZsiwC.exe

C:\Windows\System\cVoBjzI.exe

C:\Windows\System\cVoBjzI.exe

C:\Windows\System\xcprWnW.exe

C:\Windows\System\xcprWnW.exe

C:\Windows\System\DukhKoc.exe

C:\Windows\System\DukhKoc.exe

C:\Windows\System\ABLOFbW.exe

C:\Windows\System\ABLOFbW.exe

C:\Windows\System\eMAmIMH.exe

C:\Windows\System\eMAmIMH.exe

C:\Windows\System\YWSyHcs.exe

C:\Windows\System\YWSyHcs.exe

C:\Windows\System\mKwVwEU.exe

C:\Windows\System\mKwVwEU.exe

C:\Windows\System\ijGaaeO.exe

C:\Windows\System\ijGaaeO.exe

C:\Windows\System\sImTDLn.exe

C:\Windows\System\sImTDLn.exe

C:\Windows\System\IsZGYRR.exe

C:\Windows\System\IsZGYRR.exe

C:\Windows\System\rPBwENn.exe

C:\Windows\System\rPBwENn.exe

C:\Windows\System\IQKvRHJ.exe

C:\Windows\System\IQKvRHJ.exe

C:\Windows\System\toHMztc.exe

C:\Windows\System\toHMztc.exe

C:\Windows\System\KBTLxEZ.exe

C:\Windows\System\KBTLxEZ.exe

C:\Windows\System\qdCPEKb.exe

C:\Windows\System\qdCPEKb.exe

C:\Windows\System\QscuyxZ.exe

C:\Windows\System\QscuyxZ.exe

C:\Windows\System\BkgfUXU.exe

C:\Windows\System\BkgfUXU.exe

C:\Windows\System\mifcKKd.exe

C:\Windows\System\mifcKKd.exe

C:\Windows\System\ozoAHUO.exe

C:\Windows\System\ozoAHUO.exe

C:\Windows\System\ixYcboR.exe

C:\Windows\System\ixYcboR.exe

C:\Windows\System\GHFEHzi.exe

C:\Windows\System\GHFEHzi.exe

C:\Windows\System\WnCArIw.exe

C:\Windows\System\WnCArIw.exe

C:\Windows\System\oSlqMNJ.exe

C:\Windows\System\oSlqMNJ.exe

C:\Windows\System\rCGMTwP.exe

C:\Windows\System\rCGMTwP.exe

C:\Windows\System\TgxAfFC.exe

C:\Windows\System\TgxAfFC.exe

C:\Windows\System\WTEUYHI.exe

C:\Windows\System\WTEUYHI.exe

C:\Windows\System\AjsAQmY.exe

C:\Windows\System\AjsAQmY.exe

C:\Windows\System\SMCwRYt.exe

C:\Windows\System\SMCwRYt.exe

C:\Windows\System\JhUnrtt.exe

C:\Windows\System\JhUnrtt.exe

C:\Windows\System\IqYMJdG.exe

C:\Windows\System\IqYMJdG.exe

C:\Windows\System\fHHhLvH.exe

C:\Windows\System\fHHhLvH.exe

C:\Windows\System\BBkaSKP.exe

C:\Windows\System\BBkaSKP.exe

C:\Windows\System\gMdVckR.exe

C:\Windows\System\gMdVckR.exe

C:\Windows\System\QiIVXdx.exe

C:\Windows\System\QiIVXdx.exe

C:\Windows\System\IagkQma.exe

C:\Windows\System\IagkQma.exe

C:\Windows\System\nzgDkmE.exe

C:\Windows\System\nzgDkmE.exe

C:\Windows\System\IyaFURa.exe

C:\Windows\System\IyaFURa.exe

C:\Windows\System\uUmrlne.exe

C:\Windows\System\uUmrlne.exe

C:\Windows\System\PJmqVPb.exe

C:\Windows\System\PJmqVPb.exe

C:\Windows\System\tAwwRFp.exe

C:\Windows\System\tAwwRFp.exe

C:\Windows\System\IqmvKIS.exe

C:\Windows\System\IqmvKIS.exe

C:\Windows\System\EYRZicE.exe

C:\Windows\System\EYRZicE.exe

C:\Windows\System\EEFzMfZ.exe

C:\Windows\System\EEFzMfZ.exe

C:\Windows\System\awqkTlv.exe

C:\Windows\System\awqkTlv.exe

C:\Windows\System\FvMpkxu.exe

C:\Windows\System\FvMpkxu.exe

C:\Windows\System\spnlRpt.exe

C:\Windows\System\spnlRpt.exe

C:\Windows\System\BJjCwfA.exe

C:\Windows\System\BJjCwfA.exe

C:\Windows\System\WRxmjKI.exe

C:\Windows\System\WRxmjKI.exe

C:\Windows\System\DpIUvYA.exe

C:\Windows\System\DpIUvYA.exe

C:\Windows\System\ROYQqYu.exe

C:\Windows\System\ROYQqYu.exe

C:\Windows\System\QfpaKrW.exe

C:\Windows\System\QfpaKrW.exe

C:\Windows\System\rTwDKpy.exe

C:\Windows\System\rTwDKpy.exe

C:\Windows\System\LhbGTDZ.exe

C:\Windows\System\LhbGTDZ.exe

C:\Windows\System\cQPqXkD.exe

C:\Windows\System\cQPqXkD.exe

C:\Windows\System\aewGweK.exe

C:\Windows\System\aewGweK.exe

C:\Windows\System\RvGFHtd.exe

C:\Windows\System\RvGFHtd.exe

C:\Windows\System\lJIiSWj.exe

C:\Windows\System\lJIiSWj.exe

C:\Windows\System\fGgGWip.exe

C:\Windows\System\fGgGWip.exe

C:\Windows\System\NQXeITt.exe

C:\Windows\System\NQXeITt.exe

C:\Windows\System\APeHKfQ.exe

C:\Windows\System\APeHKfQ.exe

C:\Windows\System\DRedoLg.exe

C:\Windows\System\DRedoLg.exe

C:\Windows\System\UJimrao.exe

C:\Windows\System\UJimrao.exe

C:\Windows\System\ruGMikM.exe

C:\Windows\System\ruGMikM.exe

C:\Windows\System\xLjTkSE.exe

C:\Windows\System\xLjTkSE.exe

C:\Windows\System\zOmfZXu.exe

C:\Windows\System\zOmfZXu.exe

C:\Windows\System\XprgKul.exe

C:\Windows\System\XprgKul.exe

C:\Windows\System\yDOIYgr.exe

C:\Windows\System\yDOIYgr.exe

C:\Windows\System\qICTGjf.exe

C:\Windows\System\qICTGjf.exe

C:\Windows\System\gjRXqby.exe

C:\Windows\System\gjRXqby.exe

C:\Windows\System\NiZUAEL.exe

C:\Windows\System\NiZUAEL.exe

C:\Windows\System\WdSNblY.exe

C:\Windows\System\WdSNblY.exe

C:\Windows\System\IIAwWRX.exe

C:\Windows\System\IIAwWRX.exe

C:\Windows\System\MnfXyXe.exe

C:\Windows\System\MnfXyXe.exe

C:\Windows\System\JTOKAsu.exe

C:\Windows\System\JTOKAsu.exe

C:\Windows\System\QfODBwh.exe

C:\Windows\System\QfODBwh.exe

C:\Windows\System\YimPaAC.exe

C:\Windows\System\YimPaAC.exe

C:\Windows\System\GIEpres.exe

C:\Windows\System\GIEpres.exe

C:\Windows\System\BLfHXbR.exe

C:\Windows\System\BLfHXbR.exe

C:\Windows\System\dGlNESi.exe

C:\Windows\System\dGlNESi.exe

C:\Windows\System\vGLvtbI.exe

C:\Windows\System\vGLvtbI.exe

C:\Windows\System\HMCYAJM.exe

C:\Windows\System\HMCYAJM.exe

C:\Windows\System\ZpTfjTO.exe

C:\Windows\System\ZpTfjTO.exe

C:\Windows\System\bOuMEEO.exe

C:\Windows\System\bOuMEEO.exe

C:\Windows\System\GzbsAKq.exe

C:\Windows\System\GzbsAKq.exe

C:\Windows\System\qqJFbDI.exe

C:\Windows\System\qqJFbDI.exe

C:\Windows\System\ZEcrjcX.exe

C:\Windows\System\ZEcrjcX.exe

C:\Windows\System\wBkaXkb.exe

C:\Windows\System\wBkaXkb.exe

C:\Windows\System\ZBFnTMH.exe

C:\Windows\System\ZBFnTMH.exe

C:\Windows\System\RLhRjQv.exe

C:\Windows\System\RLhRjQv.exe

C:\Windows\System\sJwcqbC.exe

C:\Windows\System\sJwcqbC.exe

C:\Windows\System\ALYIFnm.exe

C:\Windows\System\ALYIFnm.exe

C:\Windows\System\sTlCxVi.exe

C:\Windows\System\sTlCxVi.exe

C:\Windows\System\xqZgiAF.exe

C:\Windows\System\xqZgiAF.exe

C:\Windows\System\TPwbyhz.exe

C:\Windows\System\TPwbyhz.exe

C:\Windows\System\iPnObkh.exe

C:\Windows\System\iPnObkh.exe

C:\Windows\System\brMXIbf.exe

C:\Windows\System\brMXIbf.exe

C:\Windows\System\ROTvSOl.exe

C:\Windows\System\ROTvSOl.exe

C:\Windows\System\BlcAgvq.exe

C:\Windows\System\BlcAgvq.exe

C:\Windows\System\xHyHIja.exe

C:\Windows\System\xHyHIja.exe

C:\Windows\System\hROAqGI.exe

C:\Windows\System\hROAqGI.exe

C:\Windows\System\cZCzFtd.exe

C:\Windows\System\cZCzFtd.exe

C:\Windows\System\WgTStAu.exe

C:\Windows\System\WgTStAu.exe

C:\Windows\System\iBMIjKQ.exe

C:\Windows\System\iBMIjKQ.exe

C:\Windows\System\sZKWDSY.exe

C:\Windows\System\sZKWDSY.exe

C:\Windows\System\dQiSyow.exe

C:\Windows\System\dQiSyow.exe

C:\Windows\System\qbyKgEL.exe

C:\Windows\System\qbyKgEL.exe

C:\Windows\System\Rufljhe.exe

C:\Windows\System\Rufljhe.exe

C:\Windows\System\srflIrJ.exe

C:\Windows\System\srflIrJ.exe

C:\Windows\System\mdPMEtR.exe

C:\Windows\System\mdPMEtR.exe

C:\Windows\System\sSuckcN.exe

C:\Windows\System\sSuckcN.exe

C:\Windows\System\xxxTtzV.exe

C:\Windows\System\xxxTtzV.exe

C:\Windows\System\QhCNLzW.exe

C:\Windows\System\QhCNLzW.exe

C:\Windows\System\hWTSmtO.exe

C:\Windows\System\hWTSmtO.exe

C:\Windows\System\fMCBjPK.exe

C:\Windows\System\fMCBjPK.exe

C:\Windows\System\BhorWnr.exe

C:\Windows\System\BhorWnr.exe

C:\Windows\System\UsijwiT.exe

C:\Windows\System\UsijwiT.exe

C:\Windows\System\cXfUKFg.exe

C:\Windows\System\cXfUKFg.exe

C:\Windows\System\miaPehY.exe

C:\Windows\System\miaPehY.exe

C:\Windows\System\RiIsHLl.exe

C:\Windows\System\RiIsHLl.exe

C:\Windows\System\kqoFBtd.exe

C:\Windows\System\kqoFBtd.exe

C:\Windows\System\PAqywdU.exe

C:\Windows\System\PAqywdU.exe

C:\Windows\System\DQoyaXX.exe

C:\Windows\System\DQoyaXX.exe

C:\Windows\System\BdFEdkn.exe

C:\Windows\System\BdFEdkn.exe

C:\Windows\System\wUaGBBn.exe

C:\Windows\System\wUaGBBn.exe

C:\Windows\System\mrthAVf.exe

C:\Windows\System\mrthAVf.exe

C:\Windows\System\iwZUmKI.exe

C:\Windows\System\iwZUmKI.exe

C:\Windows\System\WFsxDFr.exe

C:\Windows\System\WFsxDFr.exe

C:\Windows\System\CDoyClL.exe

C:\Windows\System\CDoyClL.exe

C:\Windows\System\qQEPvzY.exe

C:\Windows\System\qQEPvzY.exe

C:\Windows\System\fidmeIR.exe

C:\Windows\System\fidmeIR.exe

C:\Windows\System\NNcYCSQ.exe

C:\Windows\System\NNcYCSQ.exe

C:\Windows\System\QSPEygG.exe

C:\Windows\System\QSPEygG.exe

C:\Windows\System\IOmedjT.exe

C:\Windows\System\IOmedjT.exe

C:\Windows\System\XTWEYvh.exe

C:\Windows\System\XTWEYvh.exe

C:\Windows\System\fihQUec.exe

C:\Windows\System\fihQUec.exe

C:\Windows\System\RRKLKbz.exe

C:\Windows\System\RRKLKbz.exe

C:\Windows\System\tYuCPDw.exe

C:\Windows\System\tYuCPDw.exe

C:\Windows\System\zijzFke.exe

C:\Windows\System\zijzFke.exe

C:\Windows\System\pSGnoxs.exe

C:\Windows\System\pSGnoxs.exe

C:\Windows\System\PufClQW.exe

C:\Windows\System\PufClQW.exe

C:\Windows\System\KtRrbFJ.exe

C:\Windows\System\KtRrbFJ.exe

C:\Windows\System\djYDHmg.exe

C:\Windows\System\djYDHmg.exe

C:\Windows\System\ixSGPun.exe

C:\Windows\System\ixSGPun.exe

C:\Windows\System\hEytlba.exe

C:\Windows\System\hEytlba.exe

C:\Windows\System\faGJKzH.exe

C:\Windows\System\faGJKzH.exe

C:\Windows\System\vVPfZhV.exe

C:\Windows\System\vVPfZhV.exe

C:\Windows\System\thRmPZc.exe

C:\Windows\System\thRmPZc.exe

C:\Windows\System\srlMTbD.exe

C:\Windows\System\srlMTbD.exe

C:\Windows\System\IAJrYhw.exe

C:\Windows\System\IAJrYhw.exe

C:\Windows\System\hHZiNHB.exe

C:\Windows\System\hHZiNHB.exe

C:\Windows\System\uVUslDw.exe

C:\Windows\System\uVUslDw.exe

C:\Windows\System\FjAXLlQ.exe

C:\Windows\System\FjAXLlQ.exe

C:\Windows\System\fZrFmPd.exe

C:\Windows\System\fZrFmPd.exe

C:\Windows\System\MrLFJix.exe

C:\Windows\System\MrLFJix.exe

C:\Windows\System\LWxwbau.exe

C:\Windows\System\LWxwbau.exe

C:\Windows\System\mxeXrNy.exe

C:\Windows\System\mxeXrNy.exe

C:\Windows\System\MmKDaWS.exe

C:\Windows\System\MmKDaWS.exe

C:\Windows\System\CZeFmBr.exe

C:\Windows\System\CZeFmBr.exe

C:\Windows\System\dBtqZGg.exe

C:\Windows\System\dBtqZGg.exe

C:\Windows\System\jhPdjBl.exe

C:\Windows\System\jhPdjBl.exe

C:\Windows\System\jJWFDNY.exe

C:\Windows\System\jJWFDNY.exe

C:\Windows\System\xpIcpAa.exe

C:\Windows\System\xpIcpAa.exe

C:\Windows\System\ZJnAVmg.exe

C:\Windows\System\ZJnAVmg.exe

C:\Windows\System\zKeEPDD.exe

C:\Windows\System\zKeEPDD.exe

C:\Windows\System\RpnjGqD.exe

C:\Windows\System\RpnjGqD.exe

C:\Windows\System\aXgwNib.exe

C:\Windows\System\aXgwNib.exe

C:\Windows\System\eLEVnRC.exe

C:\Windows\System\eLEVnRC.exe

C:\Windows\System\KPXKWpU.exe

C:\Windows\System\KPXKWpU.exe

C:\Windows\System\WIMRhEC.exe

C:\Windows\System\WIMRhEC.exe

C:\Windows\System\CCCkTBb.exe

C:\Windows\System\CCCkTBb.exe

C:\Windows\System\YbhvSNM.exe

C:\Windows\System\YbhvSNM.exe

C:\Windows\System\WENerqU.exe

C:\Windows\System\WENerqU.exe

C:\Windows\System\NIaFZLd.exe

C:\Windows\System\NIaFZLd.exe

C:\Windows\System\gJKbNYw.exe

C:\Windows\System\gJKbNYw.exe

C:\Windows\System\OcZoZHH.exe

C:\Windows\System\OcZoZHH.exe

C:\Windows\System\mBPqLOD.exe

C:\Windows\System\mBPqLOD.exe

C:\Windows\System\iycYDBn.exe

C:\Windows\System\iycYDBn.exe

C:\Windows\System\IZzIFYH.exe

C:\Windows\System\IZzIFYH.exe

C:\Windows\System\MgeBXqi.exe

C:\Windows\System\MgeBXqi.exe

C:\Windows\System\dbCypMT.exe

C:\Windows\System\dbCypMT.exe

C:\Windows\System\LZKWdsx.exe

C:\Windows\System\LZKWdsx.exe

C:\Windows\System\ImYLAPg.exe

C:\Windows\System\ImYLAPg.exe

C:\Windows\System\RMRMoQg.exe

C:\Windows\System\RMRMoQg.exe

C:\Windows\System\tYzukMz.exe

C:\Windows\System\tYzukMz.exe

C:\Windows\System\iwLREwJ.exe

C:\Windows\System\iwLREwJ.exe

C:\Windows\System\cujjIuP.exe

C:\Windows\System\cujjIuP.exe

C:\Windows\System\fzzXTuF.exe

C:\Windows\System\fzzXTuF.exe

C:\Windows\System\MSIlXMR.exe

C:\Windows\System\MSIlXMR.exe

C:\Windows\System\gWriAGP.exe

C:\Windows\System\gWriAGP.exe

C:\Windows\System\yuRdjfo.exe

C:\Windows\System\yuRdjfo.exe

C:\Windows\System\eCthryF.exe

C:\Windows\System\eCthryF.exe

C:\Windows\System\qTlXyrL.exe

C:\Windows\System\qTlXyrL.exe

C:\Windows\System\KdBTvbN.exe

C:\Windows\System\KdBTvbN.exe

C:\Windows\System\zgTAbIv.exe

C:\Windows\System\zgTAbIv.exe

C:\Windows\System\dLpuBeO.exe

C:\Windows\System\dLpuBeO.exe

C:\Windows\System\OJKogcS.exe

C:\Windows\System\OJKogcS.exe

C:\Windows\System\fiyiweB.exe

C:\Windows\System\fiyiweB.exe

C:\Windows\System\OrFgDzf.exe

C:\Windows\System\OrFgDzf.exe

C:\Windows\System\tFaiEHn.exe

C:\Windows\System\tFaiEHn.exe

C:\Windows\System\EbbDfYM.exe

C:\Windows\System\EbbDfYM.exe

C:\Windows\System\PwDUYLS.exe

C:\Windows\System\PwDUYLS.exe

C:\Windows\System\NVPCrDP.exe

C:\Windows\System\NVPCrDP.exe

C:\Windows\System\QKlYrsm.exe

C:\Windows\System\QKlYrsm.exe

C:\Windows\System\wkaFwky.exe

C:\Windows\System\wkaFwky.exe

C:\Windows\System\BelikHQ.exe

C:\Windows\System\BelikHQ.exe

C:\Windows\System\RZHBGGz.exe

C:\Windows\System\RZHBGGz.exe

C:\Windows\System\zmBOouR.exe

C:\Windows\System\zmBOouR.exe

C:\Windows\System\GvtgxRZ.exe

C:\Windows\System\GvtgxRZ.exe

C:\Windows\System\nSIEWaS.exe

C:\Windows\System\nSIEWaS.exe

C:\Windows\System\fEjQYxJ.exe

C:\Windows\System\fEjQYxJ.exe

C:\Windows\System\FzHUyZM.exe

C:\Windows\System\FzHUyZM.exe

C:\Windows\System\BdISVZT.exe

C:\Windows\System\BdISVZT.exe

C:\Windows\System\ZqUWxlC.exe

C:\Windows\System\ZqUWxlC.exe

C:\Windows\System\SUzXDXY.exe

C:\Windows\System\SUzXDXY.exe

C:\Windows\System\UEzbuGF.exe

C:\Windows\System\UEzbuGF.exe

C:\Windows\System\QluVFNC.exe

C:\Windows\System\QluVFNC.exe

C:\Windows\System\GVaQQOu.exe

C:\Windows\System\GVaQQOu.exe

C:\Windows\System\vxXGJOl.exe

C:\Windows\System\vxXGJOl.exe

C:\Windows\System\lKEhRoE.exe

C:\Windows\System\lKEhRoE.exe

C:\Windows\System\EcMzEpX.exe

C:\Windows\System\EcMzEpX.exe

C:\Windows\System\NHWSOiJ.exe

C:\Windows\System\NHWSOiJ.exe

C:\Windows\System\ByeqoSj.exe

C:\Windows\System\ByeqoSj.exe

C:\Windows\System\FQEdPvO.exe

C:\Windows\System\FQEdPvO.exe

C:\Windows\System\mYSkDql.exe

C:\Windows\System\mYSkDql.exe

C:\Windows\System\RvPyOjn.exe

C:\Windows\System\RvPyOjn.exe

C:\Windows\System\ckXqSbe.exe

C:\Windows\System\ckXqSbe.exe

C:\Windows\System\fzguiLL.exe

C:\Windows\System\fzguiLL.exe

C:\Windows\System\iAjjbAC.exe

C:\Windows\System\iAjjbAC.exe

C:\Windows\System\CoHTzeS.exe

C:\Windows\System\CoHTzeS.exe

C:\Windows\System\DDQhHQv.exe

C:\Windows\System\DDQhHQv.exe

C:\Windows\System\CAKZWdP.exe

C:\Windows\System\CAKZWdP.exe

C:\Windows\System\nkYvSGS.exe

C:\Windows\System\nkYvSGS.exe

C:\Windows\System\EHwjrQY.exe

C:\Windows\System\EHwjrQY.exe

C:\Windows\System\BZSHTVB.exe

C:\Windows\System\BZSHTVB.exe

C:\Windows\System\XRzrVno.exe

C:\Windows\System\XRzrVno.exe

C:\Windows\System\lPlaEwi.exe

C:\Windows\System\lPlaEwi.exe

C:\Windows\System\XGcmeXi.exe

C:\Windows\System\XGcmeXi.exe

C:\Windows\System\ZWQhpfv.exe

C:\Windows\System\ZWQhpfv.exe

C:\Windows\System\Asjckgs.exe

C:\Windows\System\Asjckgs.exe

C:\Windows\System\VtwPEoE.exe

C:\Windows\System\VtwPEoE.exe

C:\Windows\System\NPLxXWk.exe

C:\Windows\System\NPLxXWk.exe

C:\Windows\System\jKBAUbz.exe

C:\Windows\System\jKBAUbz.exe

C:\Windows\System\uLIsQqe.exe

C:\Windows\System\uLIsQqe.exe

C:\Windows\System\DJcAkab.exe

C:\Windows\System\DJcAkab.exe

C:\Windows\System\FsVWRBU.exe

C:\Windows\System\FsVWRBU.exe

C:\Windows\System\XZbOxRE.exe

C:\Windows\System\XZbOxRE.exe

C:\Windows\System\NjcYHuL.exe

C:\Windows\System\NjcYHuL.exe

C:\Windows\System\KfkkgcC.exe

C:\Windows\System\KfkkgcC.exe

C:\Windows\System\BHpYbUm.exe

C:\Windows\System\BHpYbUm.exe

C:\Windows\System\BUaiuQM.exe

C:\Windows\System\BUaiuQM.exe

C:\Windows\System\oMsTybq.exe

C:\Windows\System\oMsTybq.exe

C:\Windows\System\BnbDPGH.exe

C:\Windows\System\BnbDPGH.exe

C:\Windows\System\NlNIoRd.exe

C:\Windows\System\NlNIoRd.exe

C:\Windows\System\BaAmOXk.exe

C:\Windows\System\BaAmOXk.exe

C:\Windows\System\rpDTNcz.exe

C:\Windows\System\rpDTNcz.exe

C:\Windows\System\oPhdymi.exe

C:\Windows\System\oPhdymi.exe

C:\Windows\System\jsPNWce.exe

C:\Windows\System\jsPNWce.exe

C:\Windows\System\dBwQBib.exe

C:\Windows\System\dBwQBib.exe

C:\Windows\System\ddpsMAu.exe

C:\Windows\System\ddpsMAu.exe

C:\Windows\System\SfemtlB.exe

C:\Windows\System\SfemtlB.exe

C:\Windows\System\RBKKgPt.exe

C:\Windows\System\RBKKgPt.exe

C:\Windows\System\hVJfIHB.exe

C:\Windows\System\hVJfIHB.exe

C:\Windows\System\TPMUehJ.exe

C:\Windows\System\TPMUehJ.exe

C:\Windows\System\CQkQlCj.exe

C:\Windows\System\CQkQlCj.exe

C:\Windows\System\BduBKvs.exe

C:\Windows\System\BduBKvs.exe

C:\Windows\System\hkLaJgy.exe

C:\Windows\System\hkLaJgy.exe

C:\Windows\System\tNpbLJk.exe

C:\Windows\System\tNpbLJk.exe

C:\Windows\System\BBXGthy.exe

C:\Windows\System\BBXGthy.exe

C:\Windows\System\iORmeeo.exe

C:\Windows\System\iORmeeo.exe

C:\Windows\System\mhsSrRa.exe

C:\Windows\System\mhsSrRa.exe

C:\Windows\System\JhFOIDF.exe

C:\Windows\System\JhFOIDF.exe

C:\Windows\System\VpssCyx.exe

C:\Windows\System\VpssCyx.exe

C:\Windows\System\MYoCuUN.exe

C:\Windows\System\MYoCuUN.exe

C:\Windows\System\xjyqDHA.exe

C:\Windows\System\xjyqDHA.exe

C:\Windows\System\RiwYFOh.exe

C:\Windows\System\RiwYFOh.exe

C:\Windows\System\AmQAWrb.exe

C:\Windows\System\AmQAWrb.exe

C:\Windows\System\cNHuzsZ.exe

C:\Windows\System\cNHuzsZ.exe

C:\Windows\System\vozQbLl.exe

C:\Windows\System\vozQbLl.exe

C:\Windows\System\KlmgZGG.exe

C:\Windows\System\KlmgZGG.exe

C:\Windows\System\Swvrere.exe

C:\Windows\System\Swvrere.exe

C:\Windows\System\mzjCZBy.exe

C:\Windows\System\mzjCZBy.exe

C:\Windows\System\VjdSuMT.exe

C:\Windows\System\VjdSuMT.exe

C:\Windows\System\pCwwscH.exe

C:\Windows\System\pCwwscH.exe

C:\Windows\System\jKEzAGO.exe

C:\Windows\System\jKEzAGO.exe

C:\Windows\System\JgizLHC.exe

C:\Windows\System\JgizLHC.exe

C:\Windows\System\WVzmdqr.exe

C:\Windows\System\WVzmdqr.exe

C:\Windows\System\mKprahw.exe

C:\Windows\System\mKprahw.exe

C:\Windows\System\UqctTVK.exe

C:\Windows\System\UqctTVK.exe

C:\Windows\System\cTSzcmW.exe

C:\Windows\System\cTSzcmW.exe

C:\Windows\System\hjeAgcB.exe

C:\Windows\System\hjeAgcB.exe

C:\Windows\System\UFdNXqM.exe

C:\Windows\System\UFdNXqM.exe

C:\Windows\System\VlWKFxF.exe

C:\Windows\System\VlWKFxF.exe

C:\Windows\System\FIPodwL.exe

C:\Windows\System\FIPodwL.exe

C:\Windows\System\BKRNHmf.exe

C:\Windows\System\BKRNHmf.exe

C:\Windows\System\SedzQsf.exe

C:\Windows\System\SedzQsf.exe

C:\Windows\System\aGdMuya.exe

C:\Windows\System\aGdMuya.exe

C:\Windows\System\jLpDHUV.exe

C:\Windows\System\jLpDHUV.exe

C:\Windows\System\mdaLInt.exe

C:\Windows\System\mdaLInt.exe

C:\Windows\System\gPUYRPa.exe

C:\Windows\System\gPUYRPa.exe

C:\Windows\System\cZKpJrv.exe

C:\Windows\System\cZKpJrv.exe

C:\Windows\System\jZKdkqF.exe

C:\Windows\System\jZKdkqF.exe

C:\Windows\System\CCDqLrp.exe

C:\Windows\System\CCDqLrp.exe

C:\Windows\System\aWiTFMB.exe

C:\Windows\System\aWiTFMB.exe

C:\Windows\System\YyEihvA.exe

C:\Windows\System\YyEihvA.exe

C:\Windows\System\sCLNamx.exe

C:\Windows\System\sCLNamx.exe

C:\Windows\System\FMKcXNw.exe

C:\Windows\System\FMKcXNw.exe

C:\Windows\System\aSVseVN.exe

C:\Windows\System\aSVseVN.exe

C:\Windows\System\qIYpiYr.exe

C:\Windows\System\qIYpiYr.exe

C:\Windows\System\lOICFNo.exe

C:\Windows\System\lOICFNo.exe

C:\Windows\System\nNzUEXI.exe

C:\Windows\System\nNzUEXI.exe

C:\Windows\System\mJxiKLm.exe

C:\Windows\System\mJxiKLm.exe

C:\Windows\System\hVmPkzj.exe

C:\Windows\System\hVmPkzj.exe

C:\Windows\System\JQkplvS.exe

C:\Windows\System\JQkplvS.exe

C:\Windows\System\IONdoTT.exe

C:\Windows\System\IONdoTT.exe

C:\Windows\System\MWScFKk.exe

C:\Windows\System\MWScFKk.exe

C:\Windows\System\Xiwwapk.exe

C:\Windows\System\Xiwwapk.exe

C:\Windows\System\osPDhqo.exe

C:\Windows\System\osPDhqo.exe

C:\Windows\System\CAkCVQn.exe

C:\Windows\System\CAkCVQn.exe

C:\Windows\System\kmGxaBB.exe

C:\Windows\System\kmGxaBB.exe

C:\Windows\System\hYeMuEt.exe

C:\Windows\System\hYeMuEt.exe

C:\Windows\System\slaDvhf.exe

C:\Windows\System\slaDvhf.exe

C:\Windows\System\erJNkKo.exe

C:\Windows\System\erJNkKo.exe

C:\Windows\System\XHenoJQ.exe

C:\Windows\System\XHenoJQ.exe

C:\Windows\System\RvwUJCw.exe

C:\Windows\System\RvwUJCw.exe

C:\Windows\System\ZVxgYib.exe

C:\Windows\System\ZVxgYib.exe

C:\Windows\System\JoPZQLv.exe

C:\Windows\System\JoPZQLv.exe

C:\Windows\System\OWEQPOk.exe

C:\Windows\System\OWEQPOk.exe

C:\Windows\System\DeQTXeP.exe

C:\Windows\System\DeQTXeP.exe

C:\Windows\System\ccOmUIl.exe

C:\Windows\System\ccOmUIl.exe

C:\Windows\System\ozfTUfS.exe

C:\Windows\System\ozfTUfS.exe

C:\Windows\System\NFsyPVF.exe

C:\Windows\System\NFsyPVF.exe

C:\Windows\System\fTBDEOh.exe

C:\Windows\System\fTBDEOh.exe

C:\Windows\System\yLFUVzq.exe

C:\Windows\System\yLFUVzq.exe

C:\Windows\System\IrmnTFQ.exe

C:\Windows\System\IrmnTFQ.exe

C:\Windows\System\jPLELUG.exe

C:\Windows\System\jPLELUG.exe

C:\Windows\System\uoCVMQs.exe

C:\Windows\System\uoCVMQs.exe

C:\Windows\System\BltAgzA.exe

C:\Windows\System\BltAgzA.exe

C:\Windows\System\HXAqqUD.exe

C:\Windows\System\HXAqqUD.exe

C:\Windows\System\iZqoOao.exe

C:\Windows\System\iZqoOao.exe

C:\Windows\System\HEPVNhn.exe

C:\Windows\System\HEPVNhn.exe

C:\Windows\System\GMhvSsW.exe

C:\Windows\System\GMhvSsW.exe

C:\Windows\System\hxAjpjX.exe

C:\Windows\System\hxAjpjX.exe

C:\Windows\System\xYMsKNa.exe

C:\Windows\System\xYMsKNa.exe

C:\Windows\System\ujorhqw.exe

C:\Windows\System\ujorhqw.exe

C:\Windows\System\ynVPcZK.exe

C:\Windows\System\ynVPcZK.exe

C:\Windows\System\mGoWfFf.exe

C:\Windows\System\mGoWfFf.exe

C:\Windows\System\cdzrkaY.exe

C:\Windows\System\cdzrkaY.exe

C:\Windows\System\DSaxOzB.exe

C:\Windows\System\DSaxOzB.exe

C:\Windows\System\HVJwsPw.exe

C:\Windows\System\HVJwsPw.exe

C:\Windows\System\vqShFzq.exe

C:\Windows\System\vqShFzq.exe

C:\Windows\System\wOPdAiq.exe

C:\Windows\System\wOPdAiq.exe

C:\Windows\System\ItOOUus.exe

C:\Windows\System\ItOOUus.exe

C:\Windows\System\XtvqFIM.exe

C:\Windows\System\XtvqFIM.exe

C:\Windows\System\dLtAjjV.exe

C:\Windows\System\dLtAjjV.exe

C:\Windows\System\bzBhyQm.exe

C:\Windows\System\bzBhyQm.exe

C:\Windows\System\KgPbKec.exe

C:\Windows\System\KgPbKec.exe

C:\Windows\System\CkKHAwp.exe

C:\Windows\System\CkKHAwp.exe

C:\Windows\System\zrkhWAu.exe

C:\Windows\System\zrkhWAu.exe

C:\Windows\System\krihsrP.exe

C:\Windows\System\krihsrP.exe

C:\Windows\System\UcFfmjj.exe

C:\Windows\System\UcFfmjj.exe

C:\Windows\System\OuwLVxO.exe

C:\Windows\System\OuwLVxO.exe

C:\Windows\System\OYFtRjO.exe

C:\Windows\System\OYFtRjO.exe

C:\Windows\System\zRZyiyd.exe

C:\Windows\System\zRZyiyd.exe

C:\Windows\System\QwNcsiM.exe

C:\Windows\System\QwNcsiM.exe

C:\Windows\System\GkDhfGm.exe

C:\Windows\System\GkDhfGm.exe

C:\Windows\System\YDgiJXH.exe

C:\Windows\System\YDgiJXH.exe

C:\Windows\System\YjKRhJt.exe

C:\Windows\System\YjKRhJt.exe

C:\Windows\System\VioKvMR.exe

C:\Windows\System\VioKvMR.exe

C:\Windows\System\HslEDHh.exe

C:\Windows\System\HslEDHh.exe

C:\Windows\System\GJemHNu.exe

C:\Windows\System\GJemHNu.exe

C:\Windows\System\dRqBsKA.exe

C:\Windows\System\dRqBsKA.exe

C:\Windows\System\WVJGmGe.exe

C:\Windows\System\WVJGmGe.exe

C:\Windows\System\VBWAiCh.exe

C:\Windows\System\VBWAiCh.exe

C:\Windows\System\DYFdaFf.exe

C:\Windows\System\DYFdaFf.exe

C:\Windows\System\cBfoDwQ.exe

C:\Windows\System\cBfoDwQ.exe

C:\Windows\System\OoTDlsl.exe

C:\Windows\System\OoTDlsl.exe

C:\Windows\System\FzCWxTi.exe

C:\Windows\System\FzCWxTi.exe

C:\Windows\System\mlDmUZz.exe

C:\Windows\System\mlDmUZz.exe

C:\Windows\System\eIuOtLQ.exe

C:\Windows\System\eIuOtLQ.exe

C:\Windows\System\BPGQckV.exe

C:\Windows\System\BPGQckV.exe

C:\Windows\System\aXpnLNm.exe

C:\Windows\System\aXpnLNm.exe

C:\Windows\System\PIdVZdm.exe

C:\Windows\System\PIdVZdm.exe

C:\Windows\System\mlrSePy.exe

C:\Windows\System\mlrSePy.exe

C:\Windows\System\VUdoDoL.exe

C:\Windows\System\VUdoDoL.exe

C:\Windows\System\uATobNL.exe

C:\Windows\System\uATobNL.exe

C:\Windows\System\dYJXDIz.exe

C:\Windows\System\dYJXDIz.exe

C:\Windows\System\UZekRbb.exe

C:\Windows\System\UZekRbb.exe

C:\Windows\System\aljeDPe.exe

C:\Windows\System\aljeDPe.exe

C:\Windows\System\MBIsxfi.exe

C:\Windows\System\MBIsxfi.exe

C:\Windows\System\SWzyWrs.exe

C:\Windows\System\SWzyWrs.exe

C:\Windows\System\msKQfoK.exe

C:\Windows\System\msKQfoK.exe

C:\Windows\System\iwcmqtZ.exe

C:\Windows\System\iwcmqtZ.exe

C:\Windows\System\kCvBcgm.exe

C:\Windows\System\kCvBcgm.exe

C:\Windows\System\BPKlzQE.exe

C:\Windows\System\BPKlzQE.exe

C:\Windows\System\QJnLwan.exe

C:\Windows\System\QJnLwan.exe

C:\Windows\System\dctXHLw.exe

C:\Windows\System\dctXHLw.exe

C:\Windows\System\hUcOPrK.exe

C:\Windows\System\hUcOPrK.exe

C:\Windows\System\yUmfBti.exe

C:\Windows\System\yUmfBti.exe

C:\Windows\System\yXvmUQO.exe

C:\Windows\System\yXvmUQO.exe

C:\Windows\System\HWrseUg.exe

C:\Windows\System\HWrseUg.exe

C:\Windows\System\rgHocyC.exe

C:\Windows\System\rgHocyC.exe

C:\Windows\System\THHGuPB.exe

C:\Windows\System\THHGuPB.exe

C:\Windows\System\LdTCGQh.exe

C:\Windows\System\LdTCGQh.exe

C:\Windows\System\akqAjje.exe

C:\Windows\System\akqAjje.exe

C:\Windows\System\uWjKFrh.exe

C:\Windows\System\uWjKFrh.exe

C:\Windows\System\UhHuKDA.exe

C:\Windows\System\UhHuKDA.exe

C:\Windows\System\FxDjPVm.exe

C:\Windows\System\FxDjPVm.exe

C:\Windows\System\ZOVIQVD.exe

C:\Windows\System\ZOVIQVD.exe

C:\Windows\System\nlZjRcO.exe

C:\Windows\System\nlZjRcO.exe

C:\Windows\System\FAurUgE.exe

C:\Windows\System\FAurUgE.exe

C:\Windows\System\yFhocGv.exe

C:\Windows\System\yFhocGv.exe

C:\Windows\System\wsZTHAk.exe

C:\Windows\System\wsZTHAk.exe

C:\Windows\System\giNLKOc.exe

C:\Windows\System\giNLKOc.exe

C:\Windows\System\UhWcTsp.exe

C:\Windows\System\UhWcTsp.exe

C:\Windows\System\OgTZxIv.exe

C:\Windows\System\OgTZxIv.exe

C:\Windows\System\rbYxhhF.exe

C:\Windows\System\rbYxhhF.exe

C:\Windows\System\LRdEkPO.exe

C:\Windows\System\LRdEkPO.exe

C:\Windows\System\sfHgrgD.exe

C:\Windows\System\sfHgrgD.exe

C:\Windows\System\xZIWVXq.exe

C:\Windows\System\xZIWVXq.exe

C:\Windows\System\aJBMBDq.exe

C:\Windows\System\aJBMBDq.exe

C:\Windows\System\yXlTEmR.exe

C:\Windows\System\yXlTEmR.exe

C:\Windows\System\WGQzAyR.exe

C:\Windows\System\WGQzAyR.exe

C:\Windows\System\ulQzbff.exe

C:\Windows\System\ulQzbff.exe

C:\Windows\System\AStjYnq.exe

C:\Windows\System\AStjYnq.exe

C:\Windows\System\iGIaXuD.exe

C:\Windows\System\iGIaXuD.exe

C:\Windows\System\RjQrzaM.exe

C:\Windows\System\RjQrzaM.exe

C:\Windows\System\FDdhHaG.exe

C:\Windows\System\FDdhHaG.exe

C:\Windows\System\haulplR.exe

C:\Windows\System\haulplR.exe

C:\Windows\System\gPcmKZx.exe

C:\Windows\System\gPcmKZx.exe

C:\Windows\System\vLjtxvd.exe

C:\Windows\System\vLjtxvd.exe

C:\Windows\System\smJLPCt.exe

C:\Windows\System\smJLPCt.exe

C:\Windows\System\MzMbiEI.exe

C:\Windows\System\MzMbiEI.exe

C:\Windows\System\UIQGbYV.exe

C:\Windows\System\UIQGbYV.exe

C:\Windows\System\JrORUuz.exe

C:\Windows\System\JrORUuz.exe

C:\Windows\System\nQPMUdi.exe

C:\Windows\System\nQPMUdi.exe

C:\Windows\System\GlvxCAV.exe

C:\Windows\System\GlvxCAV.exe

C:\Windows\System\vMgHMup.exe

C:\Windows\System\vMgHMup.exe

C:\Windows\System\cMJiGve.exe

C:\Windows\System\cMJiGve.exe

C:\Windows\System\yADNSyu.exe

C:\Windows\System\yADNSyu.exe

C:\Windows\System\ufYZSzW.exe

C:\Windows\System\ufYZSzW.exe

C:\Windows\System\SIIiQOm.exe

C:\Windows\System\SIIiQOm.exe

C:\Windows\System\GvhYIpl.exe

C:\Windows\System\GvhYIpl.exe

C:\Windows\System\DGPCVqJ.exe

C:\Windows\System\DGPCVqJ.exe

C:\Windows\System\AWLHEvm.exe

C:\Windows\System\AWLHEvm.exe

C:\Windows\System\KSiACeU.exe

C:\Windows\System\KSiACeU.exe

C:\Windows\System\FyAvNih.exe

C:\Windows\System\FyAvNih.exe

C:\Windows\System\AemqgpL.exe

C:\Windows\System\AemqgpL.exe

C:\Windows\System\jlNxNyq.exe

C:\Windows\System\jlNxNyq.exe

C:\Windows\System\YpOgJej.exe

C:\Windows\System\YpOgJej.exe

C:\Windows\System\fitHnkw.exe

C:\Windows\System\fitHnkw.exe

C:\Windows\System\fvhiaUU.exe

C:\Windows\System\fvhiaUU.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/112-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\kByradN.exe

MD5 85269192821d495e459b988bd6da8279
SHA1 5f898df1e8d861277f373f6db8f2d990e346e0e4
SHA256 c972bc9d39cc00da572e38ad1572037cafcb80592d871a717085dbd594be6fda
SHA512 ab660b9d047e0fb281fa0866561fccb6a74f7baa6f8c2b2b521c0f7faf06a0c24fe3321c580d851cbd5dfee488e744aac1ad2fd46bf87861c4b2c61b852e6c7c

memory/112-6-0x000000013FFB0000-0x00000001403A2000-memory.dmp

\Windows\system\oghrdbH.exe

MD5 7608de2cf1d45e3bafc3409c51a20410
SHA1 0614f862c2df35807d458779b1e5ceefe3ea0734
SHA256 8b2c056d5f212fb53fa4fc66300adbc0bd40a575a1b940c1ab36d4b91b3807c0
SHA512 75f8d927bb22bdb169e1954a10ee62c803e6d53bc78e9e1629bf53c8cdc880e024a5b2013c7317ac59b477282c3dd5e6233750dadf9661e70554865ad6f858fb

memory/2524-16-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

memory/112-15-0x0000000003080000-0x0000000003472000-memory.dmp

memory/112-14-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

C:\Windows\system\BjQKUeN.exe

MD5 81613b17dfa63bb02a919c26d3932693
SHA1 96e05a56c6e5c3c4f9e28d572b4a6e54006b595c
SHA256 59c76d5f64e543f18ce50cd1a0b499889ddb9cd7e07b80bce9b3068b9f9af0ba
SHA512 5cc36297a1f270178b33e99f9b53b07af03d004ef7f4ad36b9757013e4dfcc8eea795cf07020b523213c5946c6bd018fe310a17e6034c174b1b8484e3b08d8e2

memory/1844-21-0x000007FEF64FE000-0x000007FEF64FF000-memory.dmp

\Windows\system\vdlFMlm.exe

MD5 5ccca6cefdbffc9422ca74ee125f667b
SHA1 b1864ecbe4cbbc4430bb8a27bcb8880e650412d0
SHA256 2599ed8e903872110bd52c68e48b128d75e197cbb11a3b082043a7a258377292
SHA512 ced0f20aa1527fd21f6be981715215719a98d16a5a8e618dd78392eb1895b90c9c73d4d08843881a627bd55adb7abf5153ca12a4cd773fb8fac01869029d9ba3

C:\Windows\system\JFBsfem.exe

MD5 00af812cbad9ca20a8607cf9e9db6756
SHA1 ba619fe905af9c405a969e4ecdcfcafb998414ff
SHA256 3a2b4b253203fc172aa06b63853131e770ca3276ec47222ae0b635bc31b35cfc
SHA512 818011b94ecf3187fbf0c3935bf9c7c9ad5b509b8adbe08b96daf236dd8c01c21a1fd705b6f466be2620876acd8ddab922c9d7ec7c0be037f36a8b08617b38a3

C:\Windows\system\QoHNdCG.exe

MD5 a430d47bb2c44f69118e2b661771e02a
SHA1 35f02955156e7cebe643febe120c5ed9c5eeb309
SHA256 fe0504a579a5dac7a3e807a8f9da88f5e70f79001e279954f6ba7e58507fa407
SHA512 43c4fa5a60c01d03202794f97da89a447f37f527b90ce3d8966b933f56f168fc1cc97908740f6b8a58dfb8412a3b529d7a86546f6e9981b3a7ab9e8ddda77ed2

C:\Windows\system\ojNnhXo.exe

MD5 05a20c60a4145f85c5ffb09fc39b8bc1
SHA1 6a11a2dd1597a1431acf308eae48685c1377a9cd
SHA256 751552c0daac66ce6297f6edc6801c5c8bd657ce02cd972bd9c3635e796a4312
SHA512 861d95e7606b2d6cec4ffe893c4f1343d4f010215ba98d2b53643de66b042ac5d6d595e5a4c28019fb84abbd2e0eb792eaac902c8b5f0c39e8546bfb3f195db4

C:\Windows\system\XrrbjhU.exe

MD5 882667f67b62bdf1183aa4046681384e
SHA1 1072ed75f9be134e793b0d885b7f738c3d2e915d
SHA256 e1f2524607399da86698185982780a25d3b85156a1cc59941844386bcad49f0d
SHA512 1c3175889c97a71ca868b643ff09d55b86e3067c9a41643820cad1c30be64aac64cf162be0ba3f581bc5eb6713159ff97d8ba956b2db0531f9461c58dd94257c

\Windows\system\UCWUbyG.exe

MD5 f36269bba3fefa3c413827a30e4ebd1d
SHA1 373df89e218467149f6f3afc893ba0b3ef2fa1a6
SHA256 6daf0697909c8cd673e2535edb824198d738da0f03958f06fd305f7085b1870e
SHA512 640b14af365dcf25d87ddbc864efe776e88583da8b8aa29ef690c187242a1c9c0355df099bfd075cfac8b272709527937af8f20533af44b61dbf00091b2ffa92

\Windows\system\pMHLUcj.exe

MD5 25654c6c0a77991897877461f1a2d24a
SHA1 12cdb71fffa7f86e0a8c6d2cf20115c50e3bd129
SHA256 f3014edda80b842fedb3beeab5b113ad413b93babe4d25d484029c3dd40e3795
SHA512 f043f7fdd68f62a3a7c5797e58cf4c253d0177672631d2799904e17abdf0fed6f31455fff70982b3dd5bfba53023775fb0eb05b76945b78960eaae046446859f

C:\Windows\system\uziYBCt.exe

MD5 76d8f4c0e83d034be5da85be0f0d04f2
SHA1 be9babc77f5b6222ba91d5b9fab845c6b6c370fa
SHA256 f96f25ecba19bb37a7cbc7a2152197d4e93671999ef72e77b34e3f908b04c972
SHA512 4ae95b44b64b34368b2b124ffe9470d9299a795091983a26614faa5eafd9c496831f00ccb8d8eb1578bbf708f5caa32e91fe88137fa66378d4135be77dab1264

C:\Windows\system\yIykmkh.exe

MD5 7d70f0eca15d9c923fc8fbc682af0834
SHA1 25f520e13555dc0ee6d14f376dc7b7b26b44c1ca
SHA256 b08259301490d47c5a212d57066bfef6f9e4f37021f3a6cee60b69ade857e482
SHA512 e796146522954e7aad38acc6047abadbe25790f21eeb7a6dc1886ded1be4df523173fcb220a24d7db8965c0d827a0e2daf41e9efd97b983a31ca8a479be73b48

C:\Windows\system\XftHMUz.exe

MD5 f6f9086cb7fa87344dc2d9af1c1bd4f4
SHA1 70c4adc5d8a018bcb1051b87659f95db472a6dfc
SHA256 0cfc5d622e4f7739513afeaeddd53cdc70ae8b4c9938481c161c5ba92491e65c
SHA512 d95bb17e7973e978caaf9b13f9ce17921f2cb6b5e4271c30d3fb14f7387a8161c49764ec8412abb57b6c489c210fa88be1aab03247c53a1c9d28ef29b6a39fd3

C:\Windows\system\ixgbJKD.exe

MD5 bc201fa2674cf62837c9caa4ba669f51
SHA1 a2eebcb10da7ed597cdc1edfb8bb69250c90937a
SHA256 dbc192403b7f8c423079375dfeb8da8372b9eec1ff7373d126b51a1642bb84b5
SHA512 9571242923391910f60ba5cab043569a3ef6706f4365018dd35cca07a3cb50e5028a2691843127f5c61dd47c3dcd990464913c1071712fa34fcf15df98b2e35f

memory/1844-167-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

memory/240-176-0x000000013F5E0000-0x000000013F9D2000-memory.dmp

\Windows\system\MUOChXn.exe

MD5 f345b3b750dd27a40c0e234ec0164712
SHA1 3dd4ef055a548675ca2395bc7000d4da8ccdd2e3
SHA256 a3e483a5abfd4b2dffe3a5e2d432a77085d2a724cef6eb10713a1484a5c5ba5f
SHA512 cd8046ca2f6c4a00059e7ba437b8ec45e28e64f0bd9b702cc6c6813267782c20181cc0a97f193882ad7fff9478bb903849082ab0f321c025ecc76df32e7f9468

memory/112-189-0x000000013FB50000-0x000000013FF42000-memory.dmp

memory/2688-188-0x000000013F260000-0x000000013F652000-memory.dmp

memory/1844-187-0x0000000001EF0000-0x0000000001EF8000-memory.dmp

memory/112-186-0x000000013F260000-0x000000013F652000-memory.dmp

memory/1844-185-0x000000001B640000-0x000000001B922000-memory.dmp

memory/2972-184-0x000000013F560000-0x000000013F952000-memory.dmp

memory/112-183-0x000000013F560000-0x000000013F952000-memory.dmp

memory/2984-182-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/112-181-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2504-180-0x000000013FA00000-0x000000013FDF2000-memory.dmp

memory/112-179-0x000000013FA00000-0x000000013FDF2000-memory.dmp

memory/2396-178-0x000000013F2B0000-0x000000013F6A2000-memory.dmp

memory/112-177-0x000000013F2B0000-0x000000013F6A2000-memory.dmp

memory/112-175-0x000000013F5E0000-0x000000013F9D2000-memory.dmp

memory/2316-174-0x000000013F950000-0x000000013FD42000-memory.dmp

memory/112-173-0x000000013F950000-0x000000013FD42000-memory.dmp

C:\Windows\system\ZMGcdFX.exe

MD5 2dda8f3a1731864b112b48f9b5b106fa
SHA1 f8e73dc2507aa05837eff113efbff6b7afd6feb5
SHA256 6f8c25c90fa2e5f8396d64d5336b9d5126fd3bda3b48b7d7eb80e4f385611df6
SHA512 fbd03af30b81e49a4265a4f97b3704a9ba868a14f805777073a05a9e4896714d33fe953f8a1421007ce40d2d18d53a7b086111281dac454a8a906ddf8c1ea110

memory/2412-172-0x000000013F140000-0x000000013F532000-memory.dmp

memory/112-171-0x000000013F140000-0x000000013F532000-memory.dmp

memory/2644-170-0x000000013F7A0000-0x000000013FB92000-memory.dmp

memory/112-169-0x000000013F7A0000-0x000000013FB92000-memory.dmp

memory/3040-168-0x000000013FB50000-0x000000013FF42000-memory.dmp

C:\Windows\system\GRMmtaJ.exe

MD5 a6f79d0064f8f73e5a7d5c5b5d21f41b
SHA1 62e6d9f37c1b01f7328e0920e03d5d7e05a7ba95
SHA256 66e50e2d860c9f70f133f244544213e4e871c201349d546f04148a9f69557966
SHA512 e8338c40dd3422ac605a554be2233bac269c8d048880eea16583ff3dfec39704e0bc9c6a3ff859e3ea0dc836792ce0ee5fae402b1f4e92821383739b62a19e77

C:\Windows\system\PexMcye.exe

MD5 9737c9d2e367682a35b9679c4b79dfad
SHA1 79aba32a7a1d582f17985c77fcd9141635a340b6
SHA256 b3e63bbeb83c99b63f8e1653b4c33ce009248b885a1a8a0b0a46f7b0fb4adc79
SHA512 8c25995eed6f6de4999723fcf6446800edd9ab37e8c0ddf5f4006050e8000726945188fecb9def3873c5e6383008c3130e142217ba1b57a05ac37b7dad9a07ca

\Windows\system\XGrfSUo.exe

MD5 d3b5648060f6022a1eae6e191786e0ed
SHA1 a74ca424da2c525dc32213cd528027a4ae14c3f8
SHA256 f4b68f7d875e49374928b684800d34aac9b2f7418244d36e157d0ef0c820a0bd
SHA512 a6b3a51ba33254167c86f405cffc04b017e5c51a89b2b2fa290a2f6e107e67de824706cc485fc3d6c129f94b9fa7a325abe090020f85d674bf60fa4a34b11eab

C:\Windows\system\XkMuOOH.exe

MD5 1efe34602b8ae75a622cbd5595271f8c
SHA1 faf80d6f325c8c61dd987eedca1458267ba1ba2f
SHA256 8f18a0f893fbcfd613b399b4351429909ab66467992d46b314e900edf8068f2c
SHA512 20140657da7f04f34ed3ec1bc4db0beb5dabf75396a15cefd0a688fc45f38a615f8af6d939c3c06cb9f9298c1b72c8206369f85d55343b2bd08a4c5cefa22867

C:\Windows\system\lgUGuxH.exe

MD5 21ba5e88ce7413a618be8a55a91604f5
SHA1 3f39515cc3dedad7021d83bd355c81a7a6c9d6c4
SHA256 dffea189b46f66cf4d1d5ec039b6b7030cc0d9e130201c3c70250b5461d78a00
SHA512 e38df43a5f3a58e1a3695fbb9bbb9ae59d92d741ec1072121892372adafedd0056a6ce10ae243137de56c92a1897c1fba54eeb61d5a6d1d0ffaa831cf10e39f1

C:\Windows\system\oTKlTmn.exe

MD5 0d51881ead539165617970379c52b9d4
SHA1 86407abba74ef5fe3517230338fdd0ac2fbff980
SHA256 c79edfb04664c53a6da2519aefbcef62319f4bd30405bb93dcecadb507bf3da8
SHA512 55d0e2a92ebadbad08276162616be249e559bdea4f5bdeee2f654a3e4a5f6d70f3b9ffc793accfc535b984fe0c0ae3d5898c4da5b8fbaec52bb132524561285e

C:\Windows\system\THnDDVD.exe

MD5 785d4b8d4a58109719bff802850537ab
SHA1 0b9b88375d0c93a1f4e0d15e7bfa9755b61543d6
SHA256 3164fbac1b403929813481b49caea133f44c50a132befa1e6387bbae427ef0bd
SHA512 f3ab4848ec495f5668e8257dd2f6e3b90d6a3827f4942e067f3fbb4267a4d30acf0a470035e093d377046e2d2a099915fed70d4658a8756ae784ad1072db65b0

C:\Windows\system\iHQBCpF.exe

MD5 0139b362b4744a76be2d666232b05687
SHA1 6a0b64df5f66baa76bdd6b084a7593e7c31c4906
SHA256 0c1fb4d339a5cdb2f64ffc0d1a21f609ca698adb81a095f8d36babc63c6e4f0d
SHA512 bc7733876545007c3e9ec9ad2437340d622140f2b7c6a58a6ee6fd7a94261f989c42a8ee516f7f4a824d7c73a1318a0f80f0d8c75b97e1a7962880f0b455ee33

C:\Windows\system\lDDqzpC.exe

MD5 8b4e5a0f4b0852bcc514d8fc6211ac43
SHA1 4bebf52170283d5b6c91f3adaeddec88cafb389d
SHA256 29031f6640f56738a39484d05ad21f943456634ebfa613b7c2cc51bfd2e37720
SHA512 935c559beabc8a6dd1f80074f980837a1372fa8f016b44575c7171feacfb82399fada6bb87869481c3c09b1cb6eacc7fb1a3a2a2533becfd584c3abdac4c9e04

C:\Windows\system\bEoCcNX.exe

MD5 0f6e8f2fc38c52189b62e2dbca55d911
SHA1 19eb80df1e655a8f78c873ce425e8f33e0e0680b
SHA256 77d08e0e676775235f0ad1647a76838d72213655749cfca5a2f9cd6554c03d11
SHA512 2fd9ca08cada2650743b8e3a7fda4f45b8d009a9009f8f59b42c9dca337cd44a63910b5a476d517e08c9f9cfc58786f58aa164cae5694a9c5e1b0ebc855bc9e1

C:\Windows\system\SxVwtud.exe

MD5 482ba2d45fd108d693453b544a3b88c9
SHA1 eb28707ea2297d8369b5b0e9521effaf949279ac
SHA256 0bfdc2364df76f0165817896019bb20b635c74cbcbcd941bedc2a4adddb45370
SHA512 6fef6745bd839d59585f0dbcb46bd527840074b3846b16e0243805cf779fc7350c0229d78a81bac5823e97870872ef6cc8aff564abaa4993f4bedb4784daf7ce

C:\Windows\system\mwrWZkA.exe

MD5 4a76d5fa1a9a3964a62f01d1ad5f60ce
SHA1 b31da77e2da0f509faf8b366c70fc31f8de54335
SHA256 72eecc0841b208a4b3f3197309502c5f61e552689adbed230bbc54bed8d7344b
SHA512 08fd4b834283c473546939ea834194b37058fd25abdec2625328b2111ecfffadd121400150c877e27c88682492dd22e45058cecda68ba6a0abd337db22ea92bd

C:\Windows\system\ZTuIHIL.exe

MD5 c603ae26ae03108202b852c4f6b57595
SHA1 8d4db3975748aeee143cd7e2930faa5dfbc2c53c
SHA256 619ea5950852b14cf46fa9f22f45fb9bc432b791bce990826a4821ad8d0fb134
SHA512 710a227e6c6ab0d060493effc0aeecd492930939fdcd063cb2226012d7b0e07790067b538f05406b7157f759418e30cbaf8c09f57588d317a514444aa0f34e41

C:\Windows\system\jTsYhak.exe

MD5 3200c596ff5441b92569b9d1dad7ce5d
SHA1 95e058a1ceed17fbcb501ed51cfb9023002676be
SHA256 37ca7abc2a1e49488c61be273f920734ef546bf1d01b870271e59c6a6f937254
SHA512 30a0470d823d5b50235bdbdad3175c2d542b9e4d3dfd43810c2155ead10419a12ee935bb4b4bdac95a7d5db315e2e1f58609daca5120ead676c27a2826c7a297

C:\Windows\system\rubXhge.exe

MD5 00d37df844454103ab08cfe139fe9307
SHA1 2ca7ba951e23a29f625124fdc7f9d8f0b337a7c2
SHA256 b89c28d32a0eac85ad51a128c5a0b201683f83155e1417109c9525b5ddb2557c
SHA512 0e14aad03420b0324f7e3f5eaf693ef1f6ad5b5e77c37cb37d8cc1058be8acf4839032e4183d4372186e22f95437ada8e03bc6bc7cc719957ae603531d86c988

C:\Windows\system\tnXpvEa.exe

MD5 69f2c8f6a570b29c1b3fa29655cdcb28
SHA1 7a01eef1342671dfd782fb4fdcae92afdb47ab36
SHA256 635d494f98152ff1a62e925a732816642f623babac1b2cf7a006c2ff7da67385
SHA512 67b348ed4f68247fd9a86ab9065884e63041c04975f25900edac398b6b859ce15d72c7bc08625e05a92698140d18130d63d80cca37f21e875ae078f7a9055121

memory/2328-13-0x000000013FD00000-0x00000001400F2000-memory.dmp

memory/2328-1501-0x000000013FD00000-0x00000001400F2000-memory.dmp

memory/112-1499-0x000000013FFB0000-0x00000001403A2000-memory.dmp

memory/2644-3544-0x000000013F7A0000-0x000000013FB92000-memory.dmp

memory/2316-3571-0x000000013F950000-0x000000013FD42000-memory.dmp

C:\Windows\system\MpMLoMN.exe

MD5 ef758e56e906b9892f08e5e0fd0f13b2
SHA1 5d91983aa1bb61c5754ee9a01242f0bb098e7d43
SHA256 55949f339b372645d839eaa0847f4e244396f7e39c4586ddc776fb793deda110
SHA512 efd8bb7ef71cf583c97f5d0eac4e2fae239c80d85643b80c586971498ace127bb0c9565e46052e55211bb3dead5ae54145b84fc68e9ff4a6be2a5f6b0f086760

memory/2524-4431-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

memory/3040-4608-0x000000013FB50000-0x000000013FF42000-memory.dmp

memory/240-4611-0x000000013F5E0000-0x000000013F9D2000-memory.dmp

memory/2984-4620-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

memory/2688-4621-0x000000013F260000-0x000000013F652000-memory.dmp

memory/2504-4580-0x000000013FA00000-0x000000013FDF2000-memory.dmp

memory/2972-4581-0x000000013F560000-0x000000013F952000-memory.dmp

memory/112-8468-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 07:39

Reported

2024-06-12 07:42

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\UTLDKln.exe N/A
N/A N/A C:\Windows\System\owJcBUN.exe N/A
N/A N/A C:\Windows\System\SuZWplk.exe N/A
N/A N/A C:\Windows\System\mqNcrEA.exe N/A
N/A N/A C:\Windows\System\FcTpRgE.exe N/A
N/A N/A C:\Windows\System\NVspysa.exe N/A
N/A N/A C:\Windows\System\hbdxnCH.exe N/A
N/A N/A C:\Windows\System\UpDWsuD.exe N/A
N/A N/A C:\Windows\System\yOZwFjL.exe N/A
N/A N/A C:\Windows\System\QRMohUQ.exe N/A
N/A N/A C:\Windows\System\kvQlggg.exe N/A
N/A N/A C:\Windows\System\qgEOEYI.exe N/A
N/A N/A C:\Windows\System\XHLqnzu.exe N/A
N/A N/A C:\Windows\System\tqvMLIe.exe N/A
N/A N/A C:\Windows\System\NITAKPx.exe N/A
N/A N/A C:\Windows\System\HsqMOUn.exe N/A
N/A N/A C:\Windows\System\nLwCzmv.exe N/A
N/A N/A C:\Windows\System\WkoPDXi.exe N/A
N/A N/A C:\Windows\System\mPsaEMM.exe N/A
N/A N/A C:\Windows\System\XKIyuNr.exe N/A
N/A N/A C:\Windows\System\JKRkebg.exe N/A
N/A N/A C:\Windows\System\mZyBCnI.exe N/A
N/A N/A C:\Windows\System\awMnluW.exe N/A
N/A N/A C:\Windows\System\SfYRLAg.exe N/A
N/A N/A C:\Windows\System\hdBFFdQ.exe N/A
N/A N/A C:\Windows\System\BeiquIP.exe N/A
N/A N/A C:\Windows\System\ELIHloj.exe N/A
N/A N/A C:\Windows\System\fuxMReu.exe N/A
N/A N/A C:\Windows\System\FYjIGgF.exe N/A
N/A N/A C:\Windows\System\PyyJHkS.exe N/A
N/A N/A C:\Windows\System\Duzrbkr.exe N/A
N/A N/A C:\Windows\System\sqacqKp.exe N/A
N/A N/A C:\Windows\System\fSCftlY.exe N/A
N/A N/A C:\Windows\System\IBgfKmD.exe N/A
N/A N/A C:\Windows\System\QefKyyY.exe N/A
N/A N/A C:\Windows\System\cYeDDGI.exe N/A
N/A N/A C:\Windows\System\QHBJWMr.exe N/A
N/A N/A C:\Windows\System\pRXxWQa.exe N/A
N/A N/A C:\Windows\System\NkICEVg.exe N/A
N/A N/A C:\Windows\System\NRPyVau.exe N/A
N/A N/A C:\Windows\System\nCcnkba.exe N/A
N/A N/A C:\Windows\System\FuCRgJn.exe N/A
N/A N/A C:\Windows\System\nBpdlsH.exe N/A
N/A N/A C:\Windows\System\lqRPFqt.exe N/A
N/A N/A C:\Windows\System\TwSRriz.exe N/A
N/A N/A C:\Windows\System\WNSJaSx.exe N/A
N/A N/A C:\Windows\System\yqBGaLe.exe N/A
N/A N/A C:\Windows\System\aurBSYf.exe N/A
N/A N/A C:\Windows\System\poXxGxI.exe N/A
N/A N/A C:\Windows\System\EdrpIqp.exe N/A
N/A N/A C:\Windows\System\EBsnPMm.exe N/A
N/A N/A C:\Windows\System\ssgYmJM.exe N/A
N/A N/A C:\Windows\System\meEIVPq.exe N/A
N/A N/A C:\Windows\System\ouzJkvD.exe N/A
N/A N/A C:\Windows\System\OXOMSPt.exe N/A
N/A N/A C:\Windows\System\PYbzGEF.exe N/A
N/A N/A C:\Windows\System\TViNHnZ.exe N/A
N/A N/A C:\Windows\System\BOeWhVr.exe N/A
N/A N/A C:\Windows\System\ZCxtXmH.exe N/A
N/A N/A C:\Windows\System\hFBkPjB.exe N/A
N/A N/A C:\Windows\System\bcYHKtl.exe N/A
N/A N/A C:\Windows\System\kRMzuJr.exe N/A
N/A N/A C:\Windows\System\XcPzaUM.exe N/A
N/A N/A C:\Windows\System\rNLVeIH.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\zRlyOHC.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\OjwBHfw.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\PAhGqfs.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\dGwzOHT.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\mkinqcM.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ojzUEPE.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\wDnyWpd.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\vualAXr.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\Wlgndic.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\HsqMOUn.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\PyyJHkS.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\XEWrgKr.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\mNhbtpu.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\spVAPRq.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\OpnUDPJ.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\fmzJPjs.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\oRDkuKR.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\EBsnPMm.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\twYlLeI.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\lwYuIcl.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\xMKIDUv.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\FmXUCns.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\oiipZRm.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\cawbXVp.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\YlWJOAL.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\hdBFFdQ.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\kFERLGL.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\CztkZXo.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\WqqopBi.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ZqhSiYx.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\BytMdse.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\PrCXdCY.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\jIxmigc.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\mHwGBnd.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ISvirAW.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\fdDTASx.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\psFxmqI.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\TEdIIJv.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\rNLVeIH.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\CdZUNcq.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\xMfMZuv.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\MPtViJt.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\bprBAid.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\fSCftlY.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\GNzeLSS.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\YUXKwaG.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\qdJFXKb.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\WtmkYli.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\CsMLyTt.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\cYeDDGI.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\OXOMSPt.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\FdnlYqh.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\NmxmZoD.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\usiykSf.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\qrihrgd.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\iHkGVPt.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\SvARnji.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\BykHQXG.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ndLxKLn.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\XcPzaUM.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ojmeRLk.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\ipuNUFM.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\OkfUFrM.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
File created C:\Windows\System\KgFrCYK.exe C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3224 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3224 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3224 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\UTLDKln.exe
PID 3224 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\UTLDKln.exe
PID 3224 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\owJcBUN.exe
PID 3224 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\owJcBUN.exe
PID 3224 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\SuZWplk.exe
PID 3224 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\SuZWplk.exe
PID 3224 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\mqNcrEA.exe
PID 3224 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\mqNcrEA.exe
PID 3224 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\FcTpRgE.exe
PID 3224 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\FcTpRgE.exe
PID 3224 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\NVspysa.exe
PID 3224 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\NVspysa.exe
PID 3224 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\hbdxnCH.exe
PID 3224 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\hbdxnCH.exe
PID 3224 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\UpDWsuD.exe
PID 3224 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\UpDWsuD.exe
PID 3224 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\yOZwFjL.exe
PID 3224 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\yOZwFjL.exe
PID 3224 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\QRMohUQ.exe
PID 3224 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\QRMohUQ.exe
PID 3224 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\kvQlggg.exe
PID 3224 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\kvQlggg.exe
PID 3224 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\qgEOEYI.exe
PID 3224 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\qgEOEYI.exe
PID 3224 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\XHLqnzu.exe
PID 3224 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\XHLqnzu.exe
PID 3224 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\tqvMLIe.exe
PID 3224 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\tqvMLIe.exe
PID 3224 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\NITAKPx.exe
PID 3224 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\NITAKPx.exe
PID 3224 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\HsqMOUn.exe
PID 3224 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\HsqMOUn.exe
PID 3224 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\awMnluW.exe
PID 3224 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\awMnluW.exe
PID 3224 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\nLwCzmv.exe
PID 3224 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\nLwCzmv.exe
PID 3224 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\WkoPDXi.exe
PID 3224 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\WkoPDXi.exe
PID 3224 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\mPsaEMM.exe
PID 3224 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\mPsaEMM.exe
PID 3224 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\SfYRLAg.exe
PID 3224 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\SfYRLAg.exe
PID 3224 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\XKIyuNr.exe
PID 3224 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\XKIyuNr.exe
PID 3224 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\JKRkebg.exe
PID 3224 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\JKRkebg.exe
PID 3224 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\mZyBCnI.exe
PID 3224 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\mZyBCnI.exe
PID 3224 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\hdBFFdQ.exe
PID 3224 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\hdBFFdQ.exe
PID 3224 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\BeiquIP.exe
PID 3224 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\BeiquIP.exe
PID 3224 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\ELIHloj.exe
PID 3224 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\ELIHloj.exe
PID 3224 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\fuxMReu.exe
PID 3224 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\fuxMReu.exe
PID 3224 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\FYjIGgF.exe
PID 3224 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\FYjIGgF.exe
PID 3224 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\PyyJHkS.exe
PID 3224 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\PyyJHkS.exe
PID 3224 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\Duzrbkr.exe
PID 3224 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe C:\Windows\System\Duzrbkr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9fecbaee4eddd010779f5b8117c41d1f_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\UTLDKln.exe

C:\Windows\System\UTLDKln.exe

C:\Windows\System\owJcBUN.exe

C:\Windows\System\owJcBUN.exe

C:\Windows\System\SuZWplk.exe

C:\Windows\System\SuZWplk.exe

C:\Windows\System\mqNcrEA.exe

C:\Windows\System\mqNcrEA.exe

C:\Windows\System\FcTpRgE.exe

C:\Windows\System\FcTpRgE.exe

C:\Windows\System\NVspysa.exe

C:\Windows\System\NVspysa.exe

C:\Windows\System\hbdxnCH.exe

C:\Windows\System\hbdxnCH.exe

C:\Windows\System\UpDWsuD.exe

C:\Windows\System\UpDWsuD.exe

C:\Windows\System\yOZwFjL.exe

C:\Windows\System\yOZwFjL.exe

C:\Windows\System\QRMohUQ.exe

C:\Windows\System\QRMohUQ.exe

C:\Windows\System\kvQlggg.exe

C:\Windows\System\kvQlggg.exe

C:\Windows\System\qgEOEYI.exe

C:\Windows\System\qgEOEYI.exe

C:\Windows\System\XHLqnzu.exe

C:\Windows\System\XHLqnzu.exe

C:\Windows\System\tqvMLIe.exe

C:\Windows\System\tqvMLIe.exe

C:\Windows\System\NITAKPx.exe

C:\Windows\System\NITAKPx.exe

C:\Windows\System\HsqMOUn.exe

C:\Windows\System\HsqMOUn.exe

C:\Windows\System\awMnluW.exe

C:\Windows\System\awMnluW.exe

C:\Windows\System\nLwCzmv.exe

C:\Windows\System\nLwCzmv.exe

C:\Windows\System\WkoPDXi.exe

C:\Windows\System\WkoPDXi.exe

C:\Windows\System\mPsaEMM.exe

C:\Windows\System\mPsaEMM.exe

C:\Windows\System\SfYRLAg.exe

C:\Windows\System\SfYRLAg.exe

C:\Windows\System\XKIyuNr.exe

C:\Windows\System\XKIyuNr.exe

C:\Windows\System\JKRkebg.exe

C:\Windows\System\JKRkebg.exe

C:\Windows\System\mZyBCnI.exe

C:\Windows\System\mZyBCnI.exe

C:\Windows\System\hdBFFdQ.exe

C:\Windows\System\hdBFFdQ.exe

C:\Windows\System\BeiquIP.exe

C:\Windows\System\BeiquIP.exe

C:\Windows\System\ELIHloj.exe

C:\Windows\System\ELIHloj.exe

C:\Windows\System\fuxMReu.exe

C:\Windows\System\fuxMReu.exe

C:\Windows\System\FYjIGgF.exe

C:\Windows\System\FYjIGgF.exe

C:\Windows\System\PyyJHkS.exe

C:\Windows\System\PyyJHkS.exe

C:\Windows\System\Duzrbkr.exe

C:\Windows\System\Duzrbkr.exe

C:\Windows\System\sqacqKp.exe

C:\Windows\System\sqacqKp.exe

C:\Windows\System\fSCftlY.exe

C:\Windows\System\fSCftlY.exe

C:\Windows\System\IBgfKmD.exe

C:\Windows\System\IBgfKmD.exe

C:\Windows\System\QefKyyY.exe

C:\Windows\System\QefKyyY.exe

C:\Windows\System\poXxGxI.exe

C:\Windows\System\poXxGxI.exe

C:\Windows\System\cYeDDGI.exe

C:\Windows\System\cYeDDGI.exe

C:\Windows\System\QHBJWMr.exe

C:\Windows\System\QHBJWMr.exe

C:\Windows\System\pRXxWQa.exe

C:\Windows\System\pRXxWQa.exe

C:\Windows\System\meEIVPq.exe

C:\Windows\System\meEIVPq.exe

C:\Windows\System\NkICEVg.exe

C:\Windows\System\NkICEVg.exe

C:\Windows\System\NRPyVau.exe

C:\Windows\System\NRPyVau.exe

C:\Windows\System\nCcnkba.exe

C:\Windows\System\nCcnkba.exe

C:\Windows\System\FuCRgJn.exe

C:\Windows\System\FuCRgJn.exe

C:\Windows\System\nBpdlsH.exe

C:\Windows\System\nBpdlsH.exe

C:\Windows\System\lqRPFqt.exe

C:\Windows\System\lqRPFqt.exe

C:\Windows\System\TwSRriz.exe

C:\Windows\System\TwSRriz.exe

C:\Windows\System\WNSJaSx.exe

C:\Windows\System\WNSJaSx.exe

C:\Windows\System\yqBGaLe.exe

C:\Windows\System\yqBGaLe.exe

C:\Windows\System\aurBSYf.exe

C:\Windows\System\aurBSYf.exe

C:\Windows\System\EdrpIqp.exe

C:\Windows\System\EdrpIqp.exe

C:\Windows\System\EBsnPMm.exe

C:\Windows\System\EBsnPMm.exe

C:\Windows\System\ssgYmJM.exe

C:\Windows\System\ssgYmJM.exe

C:\Windows\System\ouzJkvD.exe

C:\Windows\System\ouzJkvD.exe

C:\Windows\System\OXOMSPt.exe

C:\Windows\System\OXOMSPt.exe

C:\Windows\System\PYbzGEF.exe

C:\Windows\System\PYbzGEF.exe

C:\Windows\System\TViNHnZ.exe

C:\Windows\System\TViNHnZ.exe

C:\Windows\System\BOeWhVr.exe

C:\Windows\System\BOeWhVr.exe

C:\Windows\System\ZCxtXmH.exe

C:\Windows\System\ZCxtXmH.exe

C:\Windows\System\hFBkPjB.exe

C:\Windows\System\hFBkPjB.exe

C:\Windows\System\bcYHKtl.exe

C:\Windows\System\bcYHKtl.exe

C:\Windows\System\kRMzuJr.exe

C:\Windows\System\kRMzuJr.exe

C:\Windows\System\XcPzaUM.exe

C:\Windows\System\XcPzaUM.exe

C:\Windows\System\rNLVeIH.exe

C:\Windows\System\rNLVeIH.exe

C:\Windows\System\fsKuqAa.exe

C:\Windows\System\fsKuqAa.exe

C:\Windows\System\KuUjqSO.exe

C:\Windows\System\KuUjqSO.exe

C:\Windows\System\QJSdCKC.exe

C:\Windows\System\QJSdCKC.exe

C:\Windows\System\JUgCTCS.exe

C:\Windows\System\JUgCTCS.exe

C:\Windows\System\rLkSPUE.exe

C:\Windows\System\rLkSPUE.exe

C:\Windows\System\XWexMhZ.exe

C:\Windows\System\XWexMhZ.exe

C:\Windows\System\sInktoh.exe

C:\Windows\System\sInktoh.exe

C:\Windows\System\QRwpCnZ.exe

C:\Windows\System\QRwpCnZ.exe

C:\Windows\System\uOsJScj.exe

C:\Windows\System\uOsJScj.exe

C:\Windows\System\gOETcXt.exe

C:\Windows\System\gOETcXt.exe

C:\Windows\System\eIlrFrr.exe

C:\Windows\System\eIlrFrr.exe

C:\Windows\System\gNUeEkt.exe

C:\Windows\System\gNUeEkt.exe

C:\Windows\System\jviuofO.exe

C:\Windows\System\jviuofO.exe

C:\Windows\System\MlQtqKl.exe

C:\Windows\System\MlQtqKl.exe

C:\Windows\System\gzvLIer.exe

C:\Windows\System\gzvLIer.exe

C:\Windows\System\orgxOcd.exe

C:\Windows\System\orgxOcd.exe

C:\Windows\System\OzgGmVu.exe

C:\Windows\System\OzgGmVu.exe

C:\Windows\System\XyJcWby.exe

C:\Windows\System\XyJcWby.exe

C:\Windows\System\tFVAhew.exe

C:\Windows\System\tFVAhew.exe

C:\Windows\System\pRWiVRy.exe

C:\Windows\System\pRWiVRy.exe

C:\Windows\System\tOFpLpK.exe

C:\Windows\System\tOFpLpK.exe

C:\Windows\System\rCYKyrL.exe

C:\Windows\System\rCYKyrL.exe

C:\Windows\System\gGVRHgk.exe

C:\Windows\System\gGVRHgk.exe

C:\Windows\System\VqhknnQ.exe

C:\Windows\System\VqhknnQ.exe

C:\Windows\System\kwmzGsi.exe

C:\Windows\System\kwmzGsi.exe

C:\Windows\System\kENopUn.exe

C:\Windows\System\kENopUn.exe

C:\Windows\System\BJURxPJ.exe

C:\Windows\System\BJURxPJ.exe

C:\Windows\System\EafxwEO.exe

C:\Windows\System\EafxwEO.exe

C:\Windows\System\EJIGyXc.exe

C:\Windows\System\EJIGyXc.exe

C:\Windows\System\tEVsNkA.exe

C:\Windows\System\tEVsNkA.exe

C:\Windows\System\wXDrrcq.exe

C:\Windows\System\wXDrrcq.exe

C:\Windows\System\PiBSYYo.exe

C:\Windows\System\PiBSYYo.exe

C:\Windows\System\HSecvnw.exe

C:\Windows\System\HSecvnw.exe

C:\Windows\System\VHEGXAq.exe

C:\Windows\System\VHEGXAq.exe

C:\Windows\System\ZRGhzFI.exe

C:\Windows\System\ZRGhzFI.exe

C:\Windows\System\yVeGhfk.exe

C:\Windows\System\yVeGhfk.exe

C:\Windows\System\WhCLXcR.exe

C:\Windows\System\WhCLXcR.exe

C:\Windows\System\AzAkTtL.exe

C:\Windows\System\AzAkTtL.exe

C:\Windows\System\sjPlEwT.exe

C:\Windows\System\sjPlEwT.exe

C:\Windows\System\dODbnQb.exe

C:\Windows\System\dODbnQb.exe

C:\Windows\System\FBZwiof.exe

C:\Windows\System\FBZwiof.exe

C:\Windows\System\lTrCmrf.exe

C:\Windows\System\lTrCmrf.exe

C:\Windows\System\xEJvSMh.exe

C:\Windows\System\xEJvSMh.exe

C:\Windows\System\rbAtJaw.exe

C:\Windows\System\rbAtJaw.exe

C:\Windows\System\CdZUNcq.exe

C:\Windows\System\CdZUNcq.exe

C:\Windows\System\cloQVKz.exe

C:\Windows\System\cloQVKz.exe

C:\Windows\System\cVdnwtG.exe

C:\Windows\System\cVdnwtG.exe

C:\Windows\System\gyITkJH.exe

C:\Windows\System\gyITkJH.exe

C:\Windows\System\JkOUeic.exe

C:\Windows\System\JkOUeic.exe

C:\Windows\System\RIFzqyR.exe

C:\Windows\System\RIFzqyR.exe

C:\Windows\System\dDSeWOd.exe

C:\Windows\System\dDSeWOd.exe

C:\Windows\System\JijKSkN.exe

C:\Windows\System\JijKSkN.exe

C:\Windows\System\ksElzVu.exe

C:\Windows\System\ksElzVu.exe

C:\Windows\System\KcTlMpJ.exe

C:\Windows\System\KcTlMpJ.exe

C:\Windows\System\scpqYah.exe

C:\Windows\System\scpqYah.exe

C:\Windows\System\UMbSfRo.exe

C:\Windows\System\UMbSfRo.exe

C:\Windows\System\SwJQBDb.exe

C:\Windows\System\SwJQBDb.exe

C:\Windows\System\dGwzOHT.exe

C:\Windows\System\dGwzOHT.exe

C:\Windows\System\bBodubR.exe

C:\Windows\System\bBodubR.exe

C:\Windows\System\yxCGbuE.exe

C:\Windows\System\yxCGbuE.exe

C:\Windows\System\pEaeNgW.exe

C:\Windows\System\pEaeNgW.exe

C:\Windows\System\tzGuBaQ.exe

C:\Windows\System\tzGuBaQ.exe

C:\Windows\System\mHwGBnd.exe

C:\Windows\System\mHwGBnd.exe

C:\Windows\System\niCBSlO.exe

C:\Windows\System\niCBSlO.exe

C:\Windows\System\JGKyGyv.exe

C:\Windows\System\JGKyGyv.exe

C:\Windows\System\pzVmmMs.exe

C:\Windows\System\pzVmmMs.exe

C:\Windows\System\TnTwmFk.exe

C:\Windows\System\TnTwmFk.exe

C:\Windows\System\cjAqVsf.exe

C:\Windows\System\cjAqVsf.exe

C:\Windows\System\SCogksp.exe

C:\Windows\System\SCogksp.exe

C:\Windows\System\RcGXkVm.exe

C:\Windows\System\RcGXkVm.exe

C:\Windows\System\YTOxYyF.exe

C:\Windows\System\YTOxYyF.exe

C:\Windows\System\xEkNomk.exe

C:\Windows\System\xEkNomk.exe

C:\Windows\System\evrLlkh.exe

C:\Windows\System\evrLlkh.exe

C:\Windows\System\pRDhSbL.exe

C:\Windows\System\pRDhSbL.exe

C:\Windows\System\NUkBFur.exe

C:\Windows\System\NUkBFur.exe

C:\Windows\System\WecXybx.exe

C:\Windows\System\WecXybx.exe

C:\Windows\System\NKoFsvX.exe

C:\Windows\System\NKoFsvX.exe

C:\Windows\System\SJWcHrn.exe

C:\Windows\System\SJWcHrn.exe

C:\Windows\System\HqKsTZr.exe

C:\Windows\System\HqKsTZr.exe

C:\Windows\System\XKxJRVv.exe

C:\Windows\System\XKxJRVv.exe

C:\Windows\System\mkinqcM.exe

C:\Windows\System\mkinqcM.exe

C:\Windows\System\lcYiRlC.exe

C:\Windows\System\lcYiRlC.exe

C:\Windows\System\teuoeGO.exe

C:\Windows\System\teuoeGO.exe

C:\Windows\System\spVAPRq.exe

C:\Windows\System\spVAPRq.exe

C:\Windows\System\KIpxuUA.exe

C:\Windows\System\KIpxuUA.exe

C:\Windows\System\HaQdRcK.exe

C:\Windows\System\HaQdRcK.exe

C:\Windows\System\iUFzaQQ.exe

C:\Windows\System\iUFzaQQ.exe

C:\Windows\System\IqqLEJZ.exe

C:\Windows\System\IqqLEJZ.exe

C:\Windows\System\rBrnEmY.exe

C:\Windows\System\rBrnEmY.exe

C:\Windows\System\hejabUw.exe

C:\Windows\System\hejabUw.exe

C:\Windows\System\PrCXdCY.exe

C:\Windows\System\PrCXdCY.exe

C:\Windows\System\JXKYNFM.exe

C:\Windows\System\JXKYNFM.exe

C:\Windows\System\UhnNRST.exe

C:\Windows\System\UhnNRST.exe

C:\Windows\System\CztkZXo.exe

C:\Windows\System\CztkZXo.exe

C:\Windows\System\lsUkRHk.exe

C:\Windows\System\lsUkRHk.exe

C:\Windows\System\vNuhJbr.exe

C:\Windows\System\vNuhJbr.exe

C:\Windows\System\XTyATwf.exe

C:\Windows\System\XTyATwf.exe

C:\Windows\System\DsLJDPG.exe

C:\Windows\System\DsLJDPG.exe

C:\Windows\System\TywxXQJ.exe

C:\Windows\System\TywxXQJ.exe

C:\Windows\System\aXWlSwi.exe

C:\Windows\System\aXWlSwi.exe

C:\Windows\System\zRlyOHC.exe

C:\Windows\System\zRlyOHC.exe

C:\Windows\System\EHrlGMS.exe

C:\Windows\System\EHrlGMS.exe

C:\Windows\System\fLUTZcb.exe

C:\Windows\System\fLUTZcb.exe

C:\Windows\System\lwEHxTg.exe

C:\Windows\System\lwEHxTg.exe

C:\Windows\System\BzTAqNp.exe

C:\Windows\System\BzTAqNp.exe

C:\Windows\System\vUdnSiB.exe

C:\Windows\System\vUdnSiB.exe

C:\Windows\System\ZqrXtyJ.exe

C:\Windows\System\ZqrXtyJ.exe

C:\Windows\System\liAjjrb.exe

C:\Windows\System\liAjjrb.exe

C:\Windows\System\ubUERJR.exe

C:\Windows\System\ubUERJR.exe

C:\Windows\System\eGosXNd.exe

C:\Windows\System\eGosXNd.exe

C:\Windows\System\tLGHyyr.exe

C:\Windows\System\tLGHyyr.exe

C:\Windows\System\YLgWpdK.exe

C:\Windows\System\YLgWpdK.exe

C:\Windows\System\ePLIxwA.exe

C:\Windows\System\ePLIxwA.exe

C:\Windows\System\NmxmZoD.exe

C:\Windows\System\NmxmZoD.exe

C:\Windows\System\QHsKnOu.exe

C:\Windows\System\QHsKnOu.exe

C:\Windows\System\xMKIDUv.exe

C:\Windows\System\xMKIDUv.exe

C:\Windows\System\OIYvcac.exe

C:\Windows\System\OIYvcac.exe

C:\Windows\System\HnAiJxK.exe

C:\Windows\System\HnAiJxK.exe

C:\Windows\System\OjwBHfw.exe

C:\Windows\System\OjwBHfw.exe

C:\Windows\System\qEyFfHb.exe

C:\Windows\System\qEyFfHb.exe

C:\Windows\System\UpNBkTY.exe

C:\Windows\System\UpNBkTY.exe

C:\Windows\System\iRljaaI.exe

C:\Windows\System\iRljaaI.exe

C:\Windows\System\ipuNUFM.exe

C:\Windows\System\ipuNUFM.exe

C:\Windows\System\mzTOFdm.exe

C:\Windows\System\mzTOFdm.exe

C:\Windows\System\EvXggxT.exe

C:\Windows\System\EvXggxT.exe

C:\Windows\System\jPEkyfk.exe

C:\Windows\System\jPEkyfk.exe

C:\Windows\System\lnNGiWY.exe

C:\Windows\System\lnNGiWY.exe

C:\Windows\System\cqWCZLd.exe

C:\Windows\System\cqWCZLd.exe

C:\Windows\System\yRTZJDX.exe

C:\Windows\System\yRTZJDX.exe

C:\Windows\System\GopZice.exe

C:\Windows\System\GopZice.exe

C:\Windows\System\gFaPzFP.exe

C:\Windows\System\gFaPzFP.exe

C:\Windows\System\ODpQFda.exe

C:\Windows\System\ODpQFda.exe

C:\Windows\System\XjimRGH.exe

C:\Windows\System\XjimRGH.exe

C:\Windows\System\XUFLGMu.exe

C:\Windows\System\XUFLGMu.exe

C:\Windows\System\PvZgGfp.exe

C:\Windows\System\PvZgGfp.exe

C:\Windows\System\cqPtKFX.exe

C:\Windows\System\cqPtKFX.exe

C:\Windows\System\tdPUVnP.exe

C:\Windows\System\tdPUVnP.exe

C:\Windows\System\coBHdYd.exe

C:\Windows\System\coBHdYd.exe

C:\Windows\System\ZOyHBPz.exe

C:\Windows\System\ZOyHBPz.exe

C:\Windows\System\TpymlWc.exe

C:\Windows\System\TpymlWc.exe

C:\Windows\System\FAQdvNB.exe

C:\Windows\System\FAQdvNB.exe

C:\Windows\System\wqUNBTY.exe

C:\Windows\System\wqUNBTY.exe

C:\Windows\System\CTPQcKm.exe

C:\Windows\System\CTPQcKm.exe

C:\Windows\System\jEtysfm.exe

C:\Windows\System\jEtysfm.exe

C:\Windows\System\GNzeLSS.exe

C:\Windows\System\GNzeLSS.exe

C:\Windows\System\NVSJccO.exe

C:\Windows\System\NVSJccO.exe

C:\Windows\System\mKwQgXp.exe

C:\Windows\System\mKwQgXp.exe

C:\Windows\System\uiRhPZd.exe

C:\Windows\System\uiRhPZd.exe

C:\Windows\System\ApIxRsu.exe

C:\Windows\System\ApIxRsu.exe

C:\Windows\System\ajlRloU.exe

C:\Windows\System\ajlRloU.exe

C:\Windows\System\MrfQLTN.exe

C:\Windows\System\MrfQLTN.exe

C:\Windows\System\GVuiQrn.exe

C:\Windows\System\GVuiQrn.exe

C:\Windows\System\CyNpwHY.exe

C:\Windows\System\CyNpwHY.exe

C:\Windows\System\zODtldB.exe

C:\Windows\System\zODtldB.exe

C:\Windows\System\XbrZxDn.exe

C:\Windows\System\XbrZxDn.exe

C:\Windows\System\ShtlrdB.exe

C:\Windows\System\ShtlrdB.exe

C:\Windows\System\GQZcPDr.exe

C:\Windows\System\GQZcPDr.exe

C:\Windows\System\nMVXrBA.exe

C:\Windows\System\nMVXrBA.exe

C:\Windows\System\OnWMkNw.exe

C:\Windows\System\OnWMkNw.exe

C:\Windows\System\RKeUCsj.exe

C:\Windows\System\RKeUCsj.exe

C:\Windows\System\zFjhgpA.exe

C:\Windows\System\zFjhgpA.exe

C:\Windows\System\nMxYjsX.exe

C:\Windows\System\nMxYjsX.exe

C:\Windows\System\fPEggMy.exe

C:\Windows\System\fPEggMy.exe

C:\Windows\System\TNLCNNv.exe

C:\Windows\System\TNLCNNv.exe

C:\Windows\System\EgjWtPA.exe

C:\Windows\System\EgjWtPA.exe

C:\Windows\System\TlYkibP.exe

C:\Windows\System\TlYkibP.exe

C:\Windows\System\ivJXrOm.exe

C:\Windows\System\ivJXrOm.exe

C:\Windows\System\rGAnCPW.exe

C:\Windows\System\rGAnCPW.exe

C:\Windows\System\ctBRTSS.exe

C:\Windows\System\ctBRTSS.exe

C:\Windows\System\bkCHOyX.exe

C:\Windows\System\bkCHOyX.exe

C:\Windows\System\CSpMqCy.exe

C:\Windows\System\CSpMqCy.exe

C:\Windows\System\OpnUDPJ.exe

C:\Windows\System\OpnUDPJ.exe

C:\Windows\System\htiUIfu.exe

C:\Windows\System\htiUIfu.exe

C:\Windows\System\osdSCnU.exe

C:\Windows\System\osdSCnU.exe

C:\Windows\System\tSiBePL.exe

C:\Windows\System\tSiBePL.exe

C:\Windows\System\FqbdGNZ.exe

C:\Windows\System\FqbdGNZ.exe

C:\Windows\System\gzBCURC.exe

C:\Windows\System\gzBCURC.exe

C:\Windows\System\bvJEbwN.exe

C:\Windows\System\bvJEbwN.exe

C:\Windows\System\QnAHQIH.exe

C:\Windows\System\QnAHQIH.exe

C:\Windows\System\JfOXSfj.exe

C:\Windows\System\JfOXSfj.exe

C:\Windows\System\xrCdBVr.exe

C:\Windows\System\xrCdBVr.exe

C:\Windows\System\oTNCcIl.exe

C:\Windows\System\oTNCcIl.exe

C:\Windows\System\MuXPNjx.exe

C:\Windows\System\MuXPNjx.exe

C:\Windows\System\DDXsnWH.exe

C:\Windows\System\DDXsnWH.exe

C:\Windows\System\LbtYllL.exe

C:\Windows\System\LbtYllL.exe

C:\Windows\System\FCFUqWS.exe

C:\Windows\System\FCFUqWS.exe

C:\Windows\System\nPOxuts.exe

C:\Windows\System\nPOxuts.exe

C:\Windows\System\zJdUYvL.exe

C:\Windows\System\zJdUYvL.exe

C:\Windows\System\AiuXaCK.exe

C:\Windows\System\AiuXaCK.exe

C:\Windows\System\YAqAdiz.exe

C:\Windows\System\YAqAdiz.exe

C:\Windows\System\bJzhIrl.exe

C:\Windows\System\bJzhIrl.exe

C:\Windows\System\zlmbQGa.exe

C:\Windows\System\zlmbQGa.exe

C:\Windows\System\URAaBnB.exe

C:\Windows\System\URAaBnB.exe

C:\Windows\System\pHMtRxV.exe

C:\Windows\System\pHMtRxV.exe

C:\Windows\System\nRfHOWe.exe

C:\Windows\System\nRfHOWe.exe

C:\Windows\System\gFawGcs.exe

C:\Windows\System\gFawGcs.exe

C:\Windows\System\KQrAltl.exe

C:\Windows\System\KQrAltl.exe

C:\Windows\System\YICldSJ.exe

C:\Windows\System\YICldSJ.exe

C:\Windows\System\tHIBsQO.exe

C:\Windows\System\tHIBsQO.exe

C:\Windows\System\RkAeTNv.exe

C:\Windows\System\RkAeTNv.exe

C:\Windows\System\cYUvvJK.exe

C:\Windows\System\cYUvvJK.exe

C:\Windows\System\JhZGaHf.exe

C:\Windows\System\JhZGaHf.exe

C:\Windows\System\zgntldE.exe

C:\Windows\System\zgntldE.exe

C:\Windows\System\lJIUVrl.exe

C:\Windows\System\lJIUVrl.exe

C:\Windows\System\KlDIrrP.exe

C:\Windows\System\KlDIrrP.exe

C:\Windows\System\icLURnv.exe

C:\Windows\System\icLURnv.exe

C:\Windows\System\kFERLGL.exe

C:\Windows\System\kFERLGL.exe

C:\Windows\System\FlHvLbC.exe

C:\Windows\System\FlHvLbC.exe

C:\Windows\System\VMaERSS.exe

C:\Windows\System\VMaERSS.exe

C:\Windows\System\yCiPLYH.exe

C:\Windows\System\yCiPLYH.exe

C:\Windows\System\ddShApd.exe

C:\Windows\System\ddShApd.exe

C:\Windows\System\InRvRrH.exe

C:\Windows\System\InRvRrH.exe

C:\Windows\System\sNKFLVV.exe

C:\Windows\System\sNKFLVV.exe

C:\Windows\System\FmXUCns.exe

C:\Windows\System\FmXUCns.exe

C:\Windows\System\poNfNtC.exe

C:\Windows\System\poNfNtC.exe

C:\Windows\System\pIVBgDV.exe

C:\Windows\System\pIVBgDV.exe

C:\Windows\System\bFMiGrK.exe

C:\Windows\System\bFMiGrK.exe

C:\Windows\System\jGWrDse.exe

C:\Windows\System\jGWrDse.exe

C:\Windows\System\FvuwVGz.exe

C:\Windows\System\FvuwVGz.exe

C:\Windows\System\OYlcDdB.exe

C:\Windows\System\OYlcDdB.exe

C:\Windows\System\GqeWhJL.exe

C:\Windows\System\GqeWhJL.exe

C:\Windows\System\wZiXXqS.exe

C:\Windows\System\wZiXXqS.exe

C:\Windows\System\WoMmKuv.exe

C:\Windows\System\WoMmKuv.exe

C:\Windows\System\RnNDvBM.exe

C:\Windows\System\RnNDvBM.exe

C:\Windows\System\mcBhfUX.exe

C:\Windows\System\mcBhfUX.exe

C:\Windows\System\QvtXKpk.exe

C:\Windows\System\QvtXKpk.exe

C:\Windows\System\UjDkfWI.exe

C:\Windows\System\UjDkfWI.exe

C:\Windows\System\qdptVMW.exe

C:\Windows\System\qdptVMW.exe

C:\Windows\System\ISvirAW.exe

C:\Windows\System\ISvirAW.exe

C:\Windows\System\OwspsRT.exe

C:\Windows\System\OwspsRT.exe

C:\Windows\System\YMPmSwz.exe

C:\Windows\System\YMPmSwz.exe

C:\Windows\System\Czegzcg.exe

C:\Windows\System\Czegzcg.exe

C:\Windows\System\PtAReRJ.exe

C:\Windows\System\PtAReRJ.exe

C:\Windows\System\YrawOrS.exe

C:\Windows\System\YrawOrS.exe

C:\Windows\System\ZOVMwar.exe

C:\Windows\System\ZOVMwar.exe

C:\Windows\System\fdDTASx.exe

C:\Windows\System\fdDTASx.exe

C:\Windows\System\JpCDneW.exe

C:\Windows\System\JpCDneW.exe

C:\Windows\System\muGHngH.exe

C:\Windows\System\muGHngH.exe

C:\Windows\System\pXcevXG.exe

C:\Windows\System\pXcevXG.exe

C:\Windows\System\INQsfzF.exe

C:\Windows\System\INQsfzF.exe

C:\Windows\System\JQkfKRg.exe

C:\Windows\System\JQkfKRg.exe

C:\Windows\System\HbKaeZp.exe

C:\Windows\System\HbKaeZp.exe

C:\Windows\System\mtaXdPF.exe

C:\Windows\System\mtaXdPF.exe

C:\Windows\System\BnKZHBe.exe

C:\Windows\System\BnKZHBe.exe

C:\Windows\System\eBTXBFC.exe

C:\Windows\System\eBTXBFC.exe

C:\Windows\System\FwPMkvW.exe

C:\Windows\System\FwPMkvW.exe

C:\Windows\System\NXDjIrl.exe

C:\Windows\System\NXDjIrl.exe

C:\Windows\System\VQrwTKg.exe

C:\Windows\System\VQrwTKg.exe

C:\Windows\System\sKyOPvR.exe

C:\Windows\System\sKyOPvR.exe

C:\Windows\System\OkfUFrM.exe

C:\Windows\System\OkfUFrM.exe

C:\Windows\System\twYlLeI.exe

C:\Windows\System\twYlLeI.exe

C:\Windows\System\vdXgRbK.exe

C:\Windows\System\vdXgRbK.exe

C:\Windows\System\TjsiApI.exe

C:\Windows\System\TjsiApI.exe

C:\Windows\System\MKypFVE.exe

C:\Windows\System\MKypFVE.exe

C:\Windows\System\dXuSAoK.exe

C:\Windows\System\dXuSAoK.exe

C:\Windows\System\zAocuqX.exe

C:\Windows\System\zAocuqX.exe

C:\Windows\System\RrmcXCK.exe

C:\Windows\System\RrmcXCK.exe

C:\Windows\System\tGWUQrw.exe

C:\Windows\System\tGWUQrw.exe

C:\Windows\System\zAwjOcD.exe

C:\Windows\System\zAwjOcD.exe

C:\Windows\System\iHkGVPt.exe

C:\Windows\System\iHkGVPt.exe

C:\Windows\System\OfXWmlj.exe

C:\Windows\System\OfXWmlj.exe

C:\Windows\System\wNXhZoK.exe

C:\Windows\System\wNXhZoK.exe

C:\Windows\System\nSdkpHj.exe

C:\Windows\System\nSdkpHj.exe

C:\Windows\System\HIUebTY.exe

C:\Windows\System\HIUebTY.exe

C:\Windows\System\DltoLPZ.exe

C:\Windows\System\DltoLPZ.exe

C:\Windows\System\nyclsOO.exe

C:\Windows\System\nyclsOO.exe

C:\Windows\System\bdOkcoK.exe

C:\Windows\System\bdOkcoK.exe

C:\Windows\System\tWGUkwd.exe

C:\Windows\System\tWGUkwd.exe

C:\Windows\System\NSdUWri.exe

C:\Windows\System\NSdUWri.exe

C:\Windows\System\DPCuXRN.exe

C:\Windows\System\DPCuXRN.exe

C:\Windows\System\KgmMnyf.exe

C:\Windows\System\KgmMnyf.exe

C:\Windows\System\RxokNza.exe

C:\Windows\System\RxokNza.exe

C:\Windows\System\IsZHNiU.exe

C:\Windows\System\IsZHNiU.exe

C:\Windows\System\EhhWtZR.exe

C:\Windows\System\EhhWtZR.exe

C:\Windows\System\aLdmBRh.exe

C:\Windows\System\aLdmBRh.exe

C:\Windows\System\dOCYIBn.exe

C:\Windows\System\dOCYIBn.exe

C:\Windows\System\upyVNjZ.exe

C:\Windows\System\upyVNjZ.exe

C:\Windows\System\waJhppv.exe

C:\Windows\System\waJhppv.exe

C:\Windows\System\qpTMlaJ.exe

C:\Windows\System\qpTMlaJ.exe

C:\Windows\System\uZqEMUY.exe

C:\Windows\System\uZqEMUY.exe

C:\Windows\System\xMfMZuv.exe

C:\Windows\System\xMfMZuv.exe

C:\Windows\System\lwYuIcl.exe

C:\Windows\System\lwYuIcl.exe

C:\Windows\System\QGgyAhE.exe

C:\Windows\System\QGgyAhE.exe

C:\Windows\System\lkaFNjw.exe

C:\Windows\System\lkaFNjw.exe

C:\Windows\System\bHZFLEl.exe

C:\Windows\System\bHZFLEl.exe

C:\Windows\System\sMkagry.exe

C:\Windows\System\sMkagry.exe

C:\Windows\System\eVPmYep.exe

C:\Windows\System\eVPmYep.exe

C:\Windows\System\yTHSfEp.exe

C:\Windows\System\yTHSfEp.exe

C:\Windows\System\VULLYHW.exe

C:\Windows\System\VULLYHW.exe

C:\Windows\System\jdXnpIK.exe

C:\Windows\System\jdXnpIK.exe

C:\Windows\System\waZgCEK.exe

C:\Windows\System\waZgCEK.exe

C:\Windows\System\GXHvunk.exe

C:\Windows\System\GXHvunk.exe

C:\Windows\System\tPWCFjN.exe

C:\Windows\System\tPWCFjN.exe

C:\Windows\System\YQydEmC.exe

C:\Windows\System\YQydEmC.exe

C:\Windows\System\ajCqzlm.exe

C:\Windows\System\ajCqzlm.exe

C:\Windows\System\YvXYHyf.exe

C:\Windows\System\YvXYHyf.exe

C:\Windows\System\FyzXCsb.exe

C:\Windows\System\FyzXCsb.exe

C:\Windows\System\geQVRBl.exe

C:\Windows\System\geQVRBl.exe

C:\Windows\System\CYwMZQx.exe

C:\Windows\System\CYwMZQx.exe

C:\Windows\System\ALQfnQE.exe

C:\Windows\System\ALQfnQE.exe

C:\Windows\System\eFBnOqM.exe

C:\Windows\System\eFBnOqM.exe

C:\Windows\System\veMdxcY.exe

C:\Windows\System\veMdxcY.exe

C:\Windows\System\VcOwfSn.exe

C:\Windows\System\VcOwfSn.exe

C:\Windows\System\VvtLPSt.exe

C:\Windows\System\VvtLPSt.exe

C:\Windows\System\mLcVFFc.exe

C:\Windows\System\mLcVFFc.exe

C:\Windows\System\JqThgKx.exe

C:\Windows\System\JqThgKx.exe

C:\Windows\System\eLvsZvs.exe

C:\Windows\System\eLvsZvs.exe

C:\Windows\System\lcgNVbM.exe

C:\Windows\System\lcgNVbM.exe

C:\Windows\System\oiipZRm.exe

C:\Windows\System\oiipZRm.exe

C:\Windows\System\yDBAaVy.exe

C:\Windows\System\yDBAaVy.exe

C:\Windows\System\mRcBUCz.exe

C:\Windows\System\mRcBUCz.exe

C:\Windows\System\EpSnqUh.exe

C:\Windows\System\EpSnqUh.exe

C:\Windows\System\SvARnji.exe

C:\Windows\System\SvARnji.exe

C:\Windows\System\psMRkdy.exe

C:\Windows\System\psMRkdy.exe

C:\Windows\System\dYSasLB.exe

C:\Windows\System\dYSasLB.exe

C:\Windows\System\WGauwDr.exe

C:\Windows\System\WGauwDr.exe

C:\Windows\System\TIdFGwc.exe

C:\Windows\System\TIdFGwc.exe

C:\Windows\System\MVRJXzk.exe

C:\Windows\System\MVRJXzk.exe

C:\Windows\System\THhZKQZ.exe

C:\Windows\System\THhZKQZ.exe

C:\Windows\System\FRRtQno.exe

C:\Windows\System\FRRtQno.exe

C:\Windows\System\hioWGMa.exe

C:\Windows\System\hioWGMa.exe

C:\Windows\System\jUewTSY.exe

C:\Windows\System\jUewTSY.exe

C:\Windows\System\lvPeBPH.exe

C:\Windows\System\lvPeBPH.exe

C:\Windows\System\TXGzltU.exe

C:\Windows\System\TXGzltU.exe

C:\Windows\System\cWtARSz.exe

C:\Windows\System\cWtARSz.exe

C:\Windows\System\FshMcwK.exe

C:\Windows\System\FshMcwK.exe

C:\Windows\System\RZOmjCG.exe

C:\Windows\System\RZOmjCG.exe

C:\Windows\System\zMqSUaK.exe

C:\Windows\System\zMqSUaK.exe

C:\Windows\System\pSjvUTa.exe

C:\Windows\System\pSjvUTa.exe

C:\Windows\System\nWuohKi.exe

C:\Windows\System\nWuohKi.exe

C:\Windows\System\JygKCMw.exe

C:\Windows\System\JygKCMw.exe

C:\Windows\System\CkiKTzn.exe

C:\Windows\System\CkiKTzn.exe

C:\Windows\System\txtsAQC.exe

C:\Windows\System\txtsAQC.exe

C:\Windows\System\soGlCjV.exe

C:\Windows\System\soGlCjV.exe

C:\Windows\System\XAseVIW.exe

C:\Windows\System\XAseVIW.exe

C:\Windows\System\HtzJfNu.exe

C:\Windows\System\HtzJfNu.exe

C:\Windows\System\WJshPRO.exe

C:\Windows\System\WJshPRO.exe

C:\Windows\System\FQzkiIH.exe

C:\Windows\System\FQzkiIH.exe

C:\Windows\System\QdMahty.exe

C:\Windows\System\QdMahty.exe

C:\Windows\System\zeMrBGe.exe

C:\Windows\System\zeMrBGe.exe

C:\Windows\System\drVdnnG.exe

C:\Windows\System\drVdnnG.exe

C:\Windows\System\iXUkmCJ.exe

C:\Windows\System\iXUkmCJ.exe

C:\Windows\System\fjuHOyz.exe

C:\Windows\System\fjuHOyz.exe

C:\Windows\System\sprALGA.exe

C:\Windows\System\sprALGA.exe

C:\Windows\System\OlbNpwv.exe

C:\Windows\System\OlbNpwv.exe

C:\Windows\System\IOApdQY.exe

C:\Windows\System\IOApdQY.exe

C:\Windows\System\VslduZh.exe

C:\Windows\System\VslduZh.exe

C:\Windows\System\RNMEEct.exe

C:\Windows\System\RNMEEct.exe

C:\Windows\System\anTclpK.exe

C:\Windows\System\anTclpK.exe

C:\Windows\System\AMKXCKF.exe

C:\Windows\System\AMKXCKF.exe

C:\Windows\System\FTTAZFh.exe

C:\Windows\System\FTTAZFh.exe

C:\Windows\System\NyrFnoL.exe

C:\Windows\System\NyrFnoL.exe

C:\Windows\System\nBKbKFq.exe

C:\Windows\System\nBKbKFq.exe

C:\Windows\System\UOsPMHk.exe

C:\Windows\System\UOsPMHk.exe

C:\Windows\System\kUprxAe.exe

C:\Windows\System\kUprxAe.exe

C:\Windows\System\ZNuueoh.exe

C:\Windows\System\ZNuueoh.exe

C:\Windows\System\cIzDvGJ.exe

C:\Windows\System\cIzDvGJ.exe

C:\Windows\System\uRgmtOz.exe

C:\Windows\System\uRgmtOz.exe

C:\Windows\System\MPtViJt.exe

C:\Windows\System\MPtViJt.exe

C:\Windows\System\evPFTBj.exe

C:\Windows\System\evPFTBj.exe

C:\Windows\System\LIPLZmv.exe

C:\Windows\System\LIPLZmv.exe

C:\Windows\System\UTtmEUm.exe

C:\Windows\System\UTtmEUm.exe

C:\Windows\System\UWFttWr.exe

C:\Windows\System\UWFttWr.exe

C:\Windows\System\IKuaECe.exe

C:\Windows\System\IKuaECe.exe

C:\Windows\System\dIevsYe.exe

C:\Windows\System\dIevsYe.exe

C:\Windows\System\ojmeRLk.exe

C:\Windows\System\ojmeRLk.exe

C:\Windows\System\gfIRnkb.exe

C:\Windows\System\gfIRnkb.exe

C:\Windows\System\DMnemnq.exe

C:\Windows\System\DMnemnq.exe

C:\Windows\System\imnexQi.exe

C:\Windows\System\imnexQi.exe

C:\Windows\System\QMFrNFd.exe

C:\Windows\System\QMFrNFd.exe

C:\Windows\System\rcXBVQz.exe

C:\Windows\System\rcXBVQz.exe

C:\Windows\System\Ajebkvk.exe

C:\Windows\System\Ajebkvk.exe

C:\Windows\System\IuFMwzT.exe

C:\Windows\System\IuFMwzT.exe

C:\Windows\System\KapaZKl.exe

C:\Windows\System\KapaZKl.exe

C:\Windows\System\mcOJLHo.exe

C:\Windows\System\mcOJLHo.exe

C:\Windows\System\ZRgaZiH.exe

C:\Windows\System\ZRgaZiH.exe

C:\Windows\System\jUizwrB.exe

C:\Windows\System\jUizwrB.exe

C:\Windows\System\tjkWLtm.exe

C:\Windows\System\tjkWLtm.exe

C:\Windows\System\XEWrgKr.exe

C:\Windows\System\XEWrgKr.exe

C:\Windows\System\NcavcGI.exe

C:\Windows\System\NcavcGI.exe

C:\Windows\System\sIoorRc.exe

C:\Windows\System\sIoorRc.exe

C:\Windows\System\AaGLeke.exe

C:\Windows\System\AaGLeke.exe

C:\Windows\System\YwVqBzy.exe

C:\Windows\System\YwVqBzy.exe

C:\Windows\System\JKAWGCq.exe

C:\Windows\System\JKAWGCq.exe

C:\Windows\System\KBcpnKw.exe

C:\Windows\System\KBcpnKw.exe

C:\Windows\System\GtEfebh.exe

C:\Windows\System\GtEfebh.exe

C:\Windows\System\lQwmAwJ.exe

C:\Windows\System\lQwmAwJ.exe

C:\Windows\System\gExhXvO.exe

C:\Windows\System\gExhXvO.exe

C:\Windows\System\QQdeJMj.exe

C:\Windows\System\QQdeJMj.exe

C:\Windows\System\ZEboQII.exe

C:\Windows\System\ZEboQII.exe

C:\Windows\System\ytTmWHb.exe

C:\Windows\System\ytTmWHb.exe

C:\Windows\System\RLfjviw.exe

C:\Windows\System\RLfjviw.exe

C:\Windows\System\zRRATPG.exe

C:\Windows\System\zRRATPG.exe

C:\Windows\System\wxGTtgz.exe

C:\Windows\System\wxGTtgz.exe

C:\Windows\System\klthJFu.exe

C:\Windows\System\klthJFu.exe

C:\Windows\System\ubJStmQ.exe

C:\Windows\System\ubJStmQ.exe

C:\Windows\System\TMgIKWe.exe

C:\Windows\System\TMgIKWe.exe

C:\Windows\System\NxnfLEM.exe

C:\Windows\System\NxnfLEM.exe

C:\Windows\System\MpXVNKr.exe

C:\Windows\System\MpXVNKr.exe

C:\Windows\System\SzlTtIk.exe

C:\Windows\System\SzlTtIk.exe

C:\Windows\System\lzVQzYa.exe

C:\Windows\System\lzVQzYa.exe

C:\Windows\System\KSfXsDG.exe

C:\Windows\System\KSfXsDG.exe

C:\Windows\System\ABZnwTI.exe

C:\Windows\System\ABZnwTI.exe

C:\Windows\System\vbGIXWQ.exe

C:\Windows\System\vbGIXWQ.exe

C:\Windows\System\GxalRvr.exe

C:\Windows\System\GxalRvr.exe

C:\Windows\System\IhXVQHh.exe

C:\Windows\System\IhXVQHh.exe

C:\Windows\System\fHiYBej.exe

C:\Windows\System\fHiYBej.exe

C:\Windows\System\AVxvGRg.exe

C:\Windows\System\AVxvGRg.exe

C:\Windows\System\DLYHsNK.exe

C:\Windows\System\DLYHsNK.exe

C:\Windows\System\lvXweGo.exe

C:\Windows\System\lvXweGo.exe

C:\Windows\System\PlkkJfX.exe

C:\Windows\System\PlkkJfX.exe

C:\Windows\System\ooWqppg.exe

C:\Windows\System\ooWqppg.exe

C:\Windows\System\GaffWqR.exe

C:\Windows\System\GaffWqR.exe

C:\Windows\System\sMNqXlv.exe

C:\Windows\System\sMNqXlv.exe

C:\Windows\System\cTfAXgQ.exe

C:\Windows\System\cTfAXgQ.exe

C:\Windows\System\tVaRGxe.exe

C:\Windows\System\tVaRGxe.exe

C:\Windows\System\pHxqeuu.exe

C:\Windows\System\pHxqeuu.exe

C:\Windows\System\mzUeaML.exe

C:\Windows\System\mzUeaML.exe

C:\Windows\System\ftQfEtV.exe

C:\Windows\System\ftQfEtV.exe

C:\Windows\System\EohUydY.exe

C:\Windows\System\EohUydY.exe

C:\Windows\System\YbLnMXl.exe

C:\Windows\System\YbLnMXl.exe

C:\Windows\System\EIGawpz.exe

C:\Windows\System\EIGawpz.exe

C:\Windows\System\hoRVrAS.exe

C:\Windows\System\hoRVrAS.exe

C:\Windows\System\jtBFzGz.exe

C:\Windows\System\jtBFzGz.exe

C:\Windows\System\lQchcAS.exe

C:\Windows\System\lQchcAS.exe

C:\Windows\System\KgFrCYK.exe

C:\Windows\System\KgFrCYK.exe

C:\Windows\System\YrJiNWu.exe

C:\Windows\System\YrJiNWu.exe

C:\Windows\System\QdwDqiW.exe

C:\Windows\System\QdwDqiW.exe

C:\Windows\System\yGyAmLY.exe

C:\Windows\System\yGyAmLY.exe

C:\Windows\System\gOFQrFK.exe

C:\Windows\System\gOFQrFK.exe

C:\Windows\System\bOITWCS.exe

C:\Windows\System\bOITWCS.exe

C:\Windows\System\jIxmigc.exe

C:\Windows\System\jIxmigc.exe

C:\Windows\System\SzYVHFX.exe

C:\Windows\System\SzYVHFX.exe

C:\Windows\System\JpnSClK.exe

C:\Windows\System\JpnSClK.exe

C:\Windows\System\usiykSf.exe

C:\Windows\System\usiykSf.exe

C:\Windows\System\KbgzifL.exe

C:\Windows\System\KbgzifL.exe

C:\Windows\System\qBRiEid.exe

C:\Windows\System\qBRiEid.exe

C:\Windows\System\ZvAWvOz.exe

C:\Windows\System\ZvAWvOz.exe

C:\Windows\System\ikcvyoc.exe

C:\Windows\System\ikcvyoc.exe

C:\Windows\System\YUXKwaG.exe

C:\Windows\System\YUXKwaG.exe

C:\Windows\System\nXRHwaK.exe

C:\Windows\System\nXRHwaK.exe

C:\Windows\System\iuavhhC.exe

C:\Windows\System\iuavhhC.exe

C:\Windows\System\KWobcXN.exe

C:\Windows\System\KWobcXN.exe

C:\Windows\System\MbSeKJL.exe

C:\Windows\System\MbSeKJL.exe

C:\Windows\System\jrZbofJ.exe

C:\Windows\System\jrZbofJ.exe

C:\Windows\System\nfjvMYP.exe

C:\Windows\System\nfjvMYP.exe

C:\Windows\System\xGlJihP.exe

C:\Windows\System\xGlJihP.exe

C:\Windows\System\KOSsPpV.exe

C:\Windows\System\KOSsPpV.exe

C:\Windows\System\WSzyqmN.exe

C:\Windows\System\WSzyqmN.exe

C:\Windows\System\EdBDUkW.exe

C:\Windows\System\EdBDUkW.exe

C:\Windows\System\ShEWWJz.exe

C:\Windows\System\ShEWWJz.exe

C:\Windows\System\QGdCzjG.exe

C:\Windows\System\QGdCzjG.exe

C:\Windows\System\JpttAff.exe

C:\Windows\System\JpttAff.exe

C:\Windows\System\sdWXFaS.exe

C:\Windows\System\sdWXFaS.exe

C:\Windows\System\XGuLcAo.exe

C:\Windows\System\XGuLcAo.exe

C:\Windows\System\EZXzfWi.exe

C:\Windows\System\EZXzfWi.exe

C:\Windows\System\xNkrsJI.exe

C:\Windows\System\xNkrsJI.exe

C:\Windows\System\PAhGqfs.exe

C:\Windows\System\PAhGqfs.exe

C:\Windows\System\APoUPIm.exe

C:\Windows\System\APoUPIm.exe

C:\Windows\System\mgGgEYU.exe

C:\Windows\System\mgGgEYU.exe

C:\Windows\System\PxpZMhz.exe

C:\Windows\System\PxpZMhz.exe

C:\Windows\System\RIseJki.exe

C:\Windows\System\RIseJki.exe

C:\Windows\System\ZrjvSHn.exe

C:\Windows\System\ZrjvSHn.exe

C:\Windows\System\SNqgyfO.exe

C:\Windows\System\SNqgyfO.exe

C:\Windows\System\aSqCkhQ.exe

C:\Windows\System\aSqCkhQ.exe

C:\Windows\System\eHmGFMO.exe

C:\Windows\System\eHmGFMO.exe

C:\Windows\System\ShhAgWq.exe

C:\Windows\System\ShhAgWq.exe

C:\Windows\System\YRVbwdk.exe

C:\Windows\System\YRVbwdk.exe

C:\Windows\System\ZyiWuNd.exe

C:\Windows\System\ZyiWuNd.exe

C:\Windows\System\pIjAkWM.exe

C:\Windows\System\pIjAkWM.exe

C:\Windows\System\bkXvKEG.exe

C:\Windows\System\bkXvKEG.exe

C:\Windows\System\WMqjEtR.exe

C:\Windows\System\WMqjEtR.exe

C:\Windows\System\oORIQir.exe

C:\Windows\System\oORIQir.exe

C:\Windows\System\szYzOVU.exe

C:\Windows\System\szYzOVU.exe

C:\Windows\System\ztiSbli.exe

C:\Windows\System\ztiSbli.exe

C:\Windows\System\GscKsVH.exe

C:\Windows\System\GscKsVH.exe

C:\Windows\System\YVqHOkE.exe

C:\Windows\System\YVqHOkE.exe

C:\Windows\System\bqcTpOP.exe

C:\Windows\System\bqcTpOP.exe

C:\Windows\System\HHYOWie.exe

C:\Windows\System\HHYOWie.exe

C:\Windows\System\PmjUhnR.exe

C:\Windows\System\PmjUhnR.exe

C:\Windows\System\DzRWDWI.exe

C:\Windows\System\DzRWDWI.exe

C:\Windows\System\ObDKUWD.exe

C:\Windows\System\ObDKUWD.exe

C:\Windows\System\ThJYyDm.exe

C:\Windows\System\ThJYyDm.exe

C:\Windows\System\mNhbtpu.exe

C:\Windows\System\mNhbtpu.exe

C:\Windows\System\WqqopBi.exe

C:\Windows\System\WqqopBi.exe

C:\Windows\System\prSbIQV.exe

C:\Windows\System\prSbIQV.exe

C:\Windows\System\uqSYVat.exe

C:\Windows\System\uqSYVat.exe

C:\Windows\System\JreqfTg.exe

C:\Windows\System\JreqfTg.exe

C:\Windows\System\ewiymoA.exe

C:\Windows\System\ewiymoA.exe

C:\Windows\System\acvEclA.exe

C:\Windows\System\acvEclA.exe

C:\Windows\System\pfnHlvq.exe

C:\Windows\System\pfnHlvq.exe

C:\Windows\System\vavDaBN.exe

C:\Windows\System\vavDaBN.exe

C:\Windows\System\ofqgSZp.exe

C:\Windows\System\ofqgSZp.exe

C:\Windows\System\INAWFxL.exe

C:\Windows\System\INAWFxL.exe

C:\Windows\System\vygmiLf.exe

C:\Windows\System\vygmiLf.exe

C:\Windows\System\ZlFozVK.exe

C:\Windows\System\ZlFozVK.exe

C:\Windows\System\FPkgdgj.exe

C:\Windows\System\FPkgdgj.exe

C:\Windows\System\SKPoiaK.exe

C:\Windows\System\SKPoiaK.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

memory/3224-0-0x00007FF715DA0000-0x00007FF716192000-memory.dmp

memory/3224-1-0x000001F574BD0000-0x000001F574BE0000-memory.dmp

C:\Windows\System\SuZWplk.exe

MD5 097b613a7beb6324d5a2d96f4cf0f4b4
SHA1 cde27ca32ee813fcc8f55346438e73b5252ba941
SHA256 eddf244b500aee1ac2115e771c3c414c1a55f569fa260970f7df465fc0f55ccb
SHA512 5c9e78d8d5054cd35f1df03f8ff3aa61a7060b18ed7aaad899beb29df29f399480b2254d44fa667dd85a5f8f303f803d1dcdd7bc8bdbb460c24faf4ef4117129

C:\Windows\System\owJcBUN.exe

MD5 70ba3d724901244ef626af3796791fb1
SHA1 33a5878676d734bc1ad46208fe668ace85d4269e
SHA256 984239238cf11cd522bc7a527763a3fc946f11d60cf48c1e32d5ddb8877ef3a5
SHA512 e443996577e873890603ba7292e6e5aaa5e2717a997ebeccde8b6abce574bb4956c7d7559d477d5d5a5b32fc403e318a5de42a57dd40021ae5a9698034094566

C:\Windows\System\kvQlggg.exe

MD5 fb8313e57c7f9fb9e892541a39f3f6c2
SHA1 5d08a59acc2444c8c83166a63f8e7997c5d73866
SHA256 d088e70f6e130bd5b7fd11c8787a867e7edd1069d5a480489189751ed332a318
SHA512 1b4cd841b618b184517ed89f3e858f3355234509a82e0fd56bb80e2a008f62c465e41c2e87717ec6b07c61f71705d8d52a42af7f9ad14abfea84550d7dbb8a9a

C:\Windows\System\XHLqnzu.exe

MD5 5e2f0bd9ffabf9e6ebe6e1de6070a877
SHA1 f98688f38933e85156c6157262701c7c71c6e6a8
SHA256 d56e161732332d1b81579c391148b5623a28499e01ee7b5c3d6f38295a8a0877
SHA512 7ebbdf4a55c8dc7665d6f96271b0e751716e3497211b7ac540ff0dd6bb236403b9b70d07242792c61d4cdaeed742dccbd500ca7f8126a9c06bb1c90847d4185a

C:\Windows\System\hdBFFdQ.exe

MD5 94521af11a52fffc1d8bcbfe44e71a89
SHA1 33fbb9edbad89ee256a168e019bda0bf5cf9268a
SHA256 1193177756b9f38a234aeaebb553a3a2afb81d5836f87c86adae1b24328cf9c9
SHA512 424cdb1a8c9799954ae9b95cf659e4ab0a6c825cce76896ca9c30e32df04a652cd89d9c66fea40a2e380c1698d5cf2519fded67d9580018e67f6810d7031cdc4

memory/4344-474-0x00007FF675C60000-0x00007FF676052000-memory.dmp

memory/1808-536-0x00007FF7AACF0000-0x00007FF7AB0E2000-memory.dmp

memory/1744-567-0x00007FF62C900000-0x00007FF62CCF2000-memory.dmp

memory/3372-533-0x00007FF604C30000-0x00007FF605022000-memory.dmp

memory/1044-629-0x00000222E4960000-0x00000222E5106000-memory.dmp

memory/5112-519-0x00007FF661A10000-0x00007FF661E02000-memory.dmp

memory/732-518-0x00007FF754EE0000-0x00007FF7552D2000-memory.dmp

memory/4728-505-0x00007FF7ECEB0000-0x00007FF7ED2A2000-memory.dmp

memory/5080-498-0x00007FF7CC240000-0x00007FF7CC632000-memory.dmp

memory/4576-494-0x00007FF6BDEE0000-0x00007FF6BE2D2000-memory.dmp

memory/1388-471-0x00007FF77C200000-0x00007FF77C5F2000-memory.dmp

memory/3396-429-0x00007FF6235C0000-0x00007FF6239B2000-memory.dmp

memory/3784-436-0x00007FF6AC690000-0x00007FF6ACA82000-memory.dmp

memory/1140-417-0x00007FF686580000-0x00007FF686972000-memory.dmp

memory/3980-361-0x00007FF664330000-0x00007FF664722000-memory.dmp

memory/3284-353-0x00007FF6FAA50000-0x00007FF6FAE42000-memory.dmp

memory/2436-308-0x00007FF61F2A0000-0x00007FF61F692000-memory.dmp

memory/1264-294-0x00007FF6B08D0000-0x00007FF6B0CC2000-memory.dmp

memory/4312-291-0x00007FF7EAF30000-0x00007FF7EB322000-memory.dmp

memory/3404-242-0x00007FF60DF70000-0x00007FF60E362000-memory.dmp

memory/1044-234-0x00000222E3D20000-0x00000222E3D42000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_geen5t4l.ezd.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4532-211-0x00007FF698390000-0x00007FF698782000-memory.dmp

C:\Windows\System\ELIHloj.exe

MD5 bc604c71cd5b9c8e7f987052a0f68f02
SHA1 81cd99e556adae1dcf731fcdf3937dad927326db
SHA256 1a048744870aa26db96372eaaf232c63d4a5376e567c72d8a3641fc67d4242cc
SHA512 80e5fa0c42c1534eaad56288ab2f5ba81b26556651dfef9c462fe2f3b0cacf7a114c9569abf5251da0a236fea96f179bc94ca1b93b65419d1715e0b0672a875a

C:\Windows\System\BeiquIP.exe

MD5 4f67aacf3869fbf4797a7e0fbd0654b5
SHA1 180d1766adc4699204b8fd5a8915a2ab2fe196e4
SHA256 eaae06f9cb100e19054b8d2b1c7021632e230c8b7f0eb8a96a7e13841860cc19
SHA512 b2bfc197603e03608a1acb146aecd9edcf3dc4c7b12deefe931425eb43ecb895165a5093c62a6d94db37998992ec1af449ecb75a1ab07a60adad7a7a54493fae

C:\Windows\System\QefKyyY.exe

MD5 4ee921dc326e8e766278fa41c96a622d
SHA1 630dedea294676bc6fcd14aa230e4261bc2dc960
SHA256 089bfeee28b1675234d5bd2799c7ae2ed0217de8b48e4e8f683316cb909c06fa
SHA512 4fa4871fedf1a10442999ba33af9888471194ffd93f70268821d76ddbaeda4fd4902a16b8cf4b8740f2f7b6df03b66b810b57259a9780e5d5237ca7e3b484759

C:\Windows\System\IBgfKmD.exe

MD5 86eb97a2464a25dcda01b4d7554ea342
SHA1 3db1e6b4ffb380d239aeda52f62e03a9e61879b3
SHA256 adb97462aeedce09152ba580b8e503ebd1a1cee342bca08906d1797204fe4a3d
SHA512 7d8c616a122d5dba2f735757d58465f566fc7a1e3fb144a74ccbe52828c6556959203219f455f2afc419ece64fa99f6de61541c2f269249e47074b08bfe49ff4

C:\Windows\System\SfYRLAg.exe

MD5 0c48b04417410cb66a3e77aaf2c3eea9
SHA1 2f4dc774445005c0120884fd3a5518e002af6a83
SHA256 eae827e530799c1cc29025ea199e3a06dfea74e1b33647a77962cb8a9dea1279
SHA512 4a6de10725e28b7d34bd30d87b4db0c60680c79d08461f76f534d0bd560ed8130ebc4c391256c06af881506eeb70752ff0efeded48ee0e8d4d6f49399bc0a77e

C:\Windows\System\fSCftlY.exe

MD5 ddbe9486e9d2566d195a801b0554e682
SHA1 b50c24cddfcb01b80eba9f2466fc2609d84008d4
SHA256 d13c79d302df5018cb51ad49fec34dca7200cfb8bc1b77668e8e5d078b17f58f
SHA512 a5e0f988cac340f51e39b8333f062b2b7f7281f4c8648a9a8c8dc83b1a142ec4b4b2909d4291cbe62d64fcc157250a450a9df4f6fb8d1043b4ee3926d4f83672

C:\Windows\System\sqacqKp.exe

MD5 9332064a18b5af3a5a971ca92d2b1f5d
SHA1 cace9459e935dadc5d38ec8c2d4a23ba3c7ca8c1
SHA256 5e3e89b3f281176dafbc4bdff49138cabc03b89762121d43061b7eeec173b1e7
SHA512 cf7791bee092802e6aa5597dd6509492148099fa2046655eedd0047178121c4b08216315f009f850dff62acb70d8c3c081f0f73cf755d754b0b8a06cbd9a245c

C:\Windows\System\mZyBCnI.exe

MD5 2f820fbd62765a8559d6f9d5520efc0a
SHA1 9d1ce8d1fb7f8e8608dafe49da3cfc546f4ad808
SHA256 c33017fc96ce2c39cc8e3033250711dedfc6bab3e265e814da48bcd9b94ac138
SHA512 5c4a58d46bea1afa594154a33bfacdabe3725af85bd092d07336b6ee901346a5d80daf167c4c3b187966b038023470fdf08822ec29ad944e53097be42a1787f6

C:\Windows\System\JKRkebg.exe

MD5 9af6facd4ab3f3d129491ddd27e19b8a
SHA1 d507340fa52d14f2d71372770461ca59821e20a5
SHA256 b3dab663842e3a48302c8302503cfdc63c6671dc745cd34829f3d7d5d5526c49
SHA512 c10304115f832764be70e9c54513628ca8fc8ae5f35d369999f7044c9d891abc9f2210c00fa0b23b3cbe28485cf63ee11e10abd2833e1cff377057481a11abfe

C:\Windows\System\Duzrbkr.exe

MD5 e2efc59d79b19e56236f411c7d63c079
SHA1 d7834900304da47ed38f577203df5529eb2d4469
SHA256 b1b7076fc3a91f2f4025dcaaeae5b1748bf606b43881d43fe9814d52ef966ae2
SHA512 b40b8148a5969a6d50b10986f1e1acebf96f6d6960b078e66a1ea43edb510920c19e5cb09913e17cda035e3f8f745cbe1d6390817e8aaf20f17c860bf5370440

C:\Windows\System\PyyJHkS.exe

MD5 9d40877d8e31b60cf8d8cb48755640d7
SHA1 184963325bf487664e382742c09043c63b61b348
SHA256 0cd6a565c59ef11088ed7c82ce33a57e84d310833e9bc5b2d554b1b6e04793b4
SHA512 44a6affd01552d520293ac4f046360995304eccddfab394201d42780e56e176fd82048c8ffd6bb5e82bbbd67531485a74ae625d289086bf73a2c5dc8e38596c4

C:\Windows\System\mPsaEMM.exe

MD5 ba3818e9c5dcc068dff5a3a5affe23b5
SHA1 87f64103654127ff5ef8bfaef45b3150e9ac2c90
SHA256 b6700ac34b4e2f010eaac3f21b1b85e9ed8b55357870b7e69924433a3861e83b
SHA512 39412abaacb986e3dac4ce7b62ba211ff56a9450ae76de4a2831f3691701497728a154399bffa7565c2321e0573cf7457576c781a325169a44ecd60f61dfef87

memory/1348-153-0x00007FF713D30000-0x00007FF714122000-memory.dmp

C:\Windows\System\FYjIGgF.exe

MD5 8193ade961177962f866be9951868125
SHA1 b802d1fe08281e6860a3aa146634a76ca9fdec49
SHA256 83a20deac056ef0bae60d8cffdf164a581ce566ec40e9c3c969abc41fc764c21
SHA512 c7563be8a5d9cb06229ee810bd1b2d195d1884d7cdbc9432e342f653ce267d22911b34663a0e4ee0ff9c9419b66add275584dec7d100b64e01adb752ca9ca638

C:\Windows\System\fuxMReu.exe

MD5 8f0dc56bcacf764d03298c338299ea42
SHA1 202f16a849d89899e473aba93fec7d5976cb690d
SHA256 9c1b5d485e06f58f8361e448e701d9d559288000fffcc67e716ce4018dd40ca5
SHA512 750c7b40f513f7cdc72b5e97fcf5b9e360354dd606b964e80b9ad9e71f9db20e0c7e2aa8331cf0be944641b795d60e956fdcf400648d06a26cf578b7193a1834

C:\Windows\System\awMnluW.exe

MD5 4dc95238ac719afa04801cc8e0ab45de
SHA1 c46305c6fa9f458e310c4958cb9ce3c92baac4bf
SHA256 6dac1f42b9fb96eed4722b71d60f797633920ed2329ebe6b8827e66194df03da
SHA512 88764db590927c0c4459e2c63c0f5834c25fad23651f5c5c81efd396ef0cbba9bb14aa409a4abb1bc2c0be79347c6f527fbe71d583ff553c614bcba2789ac4fd

C:\Windows\System\HsqMOUn.exe

MD5 ffd6755c102f0f459fe5aeeba3878861
SHA1 8d9a3bd25da036df6f8f9d2d8c99a7fa6c71652c
SHA256 75cfb365a57710894d67388788892bca5dc6d7ec72804f9de1c299438941e809
SHA512 0f061056e06d89882bcf3af349ec9bd26a1a6c3d1ee946322da56bfa8dc093d7edeed286dc6121277c00e99a791d5ba085bc1697f626dd5e25959e16f34937a2

C:\Windows\System\NITAKPx.exe

MD5 21aa0a55bcdc030531db11bc4ff079d6
SHA1 85dd53fd1f89903b5d8877b1cbec41a1d6f5db90
SHA256 e2921724527cb0fe301200957447998376e6c36e8f636410a66131e0157a422c
SHA512 ed495e0a9088c58421455a5c7442507498fcd612483bf112f641e5b72fb053109076ca6672a51ba528218638eecc915dcc541b699566a74e539e2baf42771472

C:\Windows\System\tqvMLIe.exe

MD5 c7547b77d79cd7a1eb688f976ac6349b
SHA1 c8475356764364e597452f65f194a5ccad206274
SHA256 d8296377a398b8f9951dc558b9703e6fd8dfef9345c58b2214b9fff425fc2a7a
SHA512 ade4e67f26a9140ed6da8021fd9612b90c6439983704c6431bf80b17a40f590981e7960734442af97a0055c55a2051baea57ba4d3d24e35da09b54f61118e5c8

C:\Windows\System\XKIyuNr.exe

MD5 7c00db3e0b46ea63902c423df75204d2
SHA1 85376655b0af416da4dce6548add89c049824c79
SHA256 73be5b44d5db526db8cb84b0aac3731f02e7ae37ff59b53b903ad067278ffd0c
SHA512 7c9a9db07117bf147d337f01b640add8e909d17b0c8b900f9090c2d0aaf97a6663cff3c15b44704037fb5669ef8bb42ab8a74f48b98c5abe87c2ba905781e71e

memory/1780-156-0x00007FF7CCF30000-0x00007FF7CD322000-memory.dmp

C:\Windows\System\WkoPDXi.exe

MD5 57337ea8909518311d4fcda3aaf866a5
SHA1 ab8bf18bbbe287e40e79107217d68c1134e16f17
SHA256 a9b5210dcc71a22dbaed396a461fd6265abeb20848a881893e20ad8304049a95
SHA512 77f476582cf27a9d766de6c527db240a2f54390952be73fd073ef7e014fa20dd775067adbb1ab0620993d491effe51c8b7aa4347a021be0697ca67c7198598f2

C:\Windows\System\qgEOEYI.exe

MD5 2d964bd9a7193ee61ca80069f155e12f
SHA1 0b1ee83dabbc5cb305aa3d327c63a7bd9ce87303
SHA256 dd2c352acd05b924cdeddfa10f3ae26ec4fd136d022b2ff72e9de165a95981a9
SHA512 20a490c2ba096c7cfd6277835d7a5d721d2a4de30c3997b8f0b6764c1fca01a58d6be29ef2c05b43b77625d7bf00416a53b54c7768051d1124dcf326bce911f5

memory/1044-111-0x00007FF9198A0000-0x00007FF91A361000-memory.dmp

C:\Windows\System\nLwCzmv.exe

MD5 7b429074b822d4e3d24f8aa04fd31727
SHA1 73c185f5af5691d5409fe3f85e91ae648f0d1a3e
SHA256 803cad0a9a8b27f91bb0b233ec010f3a0916a971c51b20308aaa641a824420c4
SHA512 4e7f3c0c2b49a66eb2e9ab6f4288d7414390fb6cf3eee19af1d4a0de4a636386375980ae3e3d1764d52cbfb349ebcb4e1fe28362d73dd9c075a8897a5bdb4e93

C:\Windows\System\QRMohUQ.exe

MD5 7b1f4f323d73c25786f2c33bfe4bc2d5
SHA1 dbd90bf5b3c7959f98bae1933f199d4f30846b77
SHA256 57361c9ce7252d97332f356d586ac8ebbf997d0a1606ccf003fcf67a94f7d71c
SHA512 d8a042fc779feb85583e51967fbc69de00cce6012d4ab2da22b057cf9f0b34affb8c89deaa0d46cc55e8461c5d3baa1a8e005635e6dc25f8239831b57fde0cfd

C:\Windows\System\yOZwFjL.exe

MD5 a1463877cf12abf5a3f9d43ead012042
SHA1 27aa787fc94ad5a74098e5fe4985ba2cca07213c
SHA256 b5123afcfbd06e955c5083994c346803b24b279e5056892936f1777c8e482572
SHA512 4cdbb8e06b0d4b247b799029f60f45dddf137c4ddaaee245ef9110228ea9e578efe0f1a83c44088625248c933d9e960bc2db5cd80bcdbb48efb8c8875fe8a2be

memory/3916-67-0x00007FF7674D0000-0x00007FF7678C2000-memory.dmp

C:\Windows\System\UpDWsuD.exe

MD5 fbbc20387217c3b0927ddf3ad79b267a
SHA1 07d9e82faaf68c40559193d4777bf9ff46f0bea1
SHA256 cc6a812251ea475b95ac2d1ab4b711e86ac1f9477a164a8064174077889a7e39
SHA512 cccc81ad2b58635918b7d7d5c8a6cf950809c9a6d61864fd483880346a0c22fbd77cb1cadd3f458058ba0ea8aa37d8c90a56f6ad07969826772f427dd7a138a9

C:\Windows\System\FcTpRgE.exe

MD5 b3edcd24b3a4bb597c87f0f174bb8606
SHA1 539d06a43e24c70c179a2d973203dfbff968461c
SHA256 0171a314dbf533c2f5c416f3267ea1d63dfb4d9dc58b6cc6982e54c045c31ba5
SHA512 997f545be8713e8f6ad32f1947b323a2466f8c45e1c5c051e0b826e03bd8790e730e169b7056742aba6820e793e78abbeaea15fddc679c5112a00ca3f50e9b2a

C:\Windows\System\hbdxnCH.exe

MD5 7766bdf47f3618ab4c65bf56a7b130ca
SHA1 73e8eec299760ae0b7ac5d9014a379361f912936
SHA256 665c8d2abd380190a0aecee33b60dcd45874b4bc1d758173fe047b3f201bce9c
SHA512 9d13c92c64c3f436b74966059e523b49b63c5bc5d0ef72367a6d8da9b1bb7e9043cceffa46402ea51f50cb11be5041562fb0d205f7624141117141520389b1d9

C:\Windows\System\NVspysa.exe

MD5 c4612ed6ee7bf357dbc947b7d20e574d
SHA1 1e79c2637da61cfa0b00e08321fba4f4eb37aec5
SHA256 a9a91a9f9265ff7dc69e02541abf1cf0d90982fc3e49aecd6f55b75c5caa370e
SHA512 994a211e47c9ed2899a8ef143c618005440d8d3cc04205808a677ee3a0d494b468e4b9ceccd4c3b96e329523052a129c6025e42ee1cea00f02d69b6f2c7a8984

memory/1044-46-0x00007FF9198A0000-0x00007FF91A361000-memory.dmp

C:\Windows\System\UTLDKln.exe

MD5 a33240157e8f4d71ed3f0eb5f47db7e0
SHA1 9d22b8f06123a6d0d7e76ce684062d1213ec1a39
SHA256 d09c30310d1da91dbaaf72154c3b1b39ba527194d7ee047d887dc88593288407
SHA512 e80375a7383fec54be748ed4c1dd58646ecfad52780b4fdda4640b7b7db6a47c769b3bca65819ccd7f85f1e7e56dc383c8dabbeabfe7eb413a3a42d647b78c16

C:\Windows\System\mqNcrEA.exe

MD5 52ade3371c371e9a07579dc1536885f3
SHA1 21324631dc545d862b690062634a45869b4a7318
SHA256 6e89cfaa0385aeaae1781ac6e2da215cf6d0b04f3c24eeeb1cda43f8c0de0543
SHA512 add92f3d5b4bf0adaa3b2e284b92b3b2f24e6602db85d651da9d013af01c7f9d0b2accaba76cae10f26be825effea25d18e755ca31953ad8ce7d5234a97b651e

memory/1044-12-0x00007FF9198A3000-0x00007FF9198A5000-memory.dmp

memory/1076-11-0x00007FF7748C0000-0x00007FF774CB2000-memory.dmp

memory/1076-2404-0x00007FF7748C0000-0x00007FF774CB2000-memory.dmp

memory/1044-2405-0x00007FF9198A0000-0x00007FF91A361000-memory.dmp

memory/732-2407-0x00007FF754EE0000-0x00007FF7552D2000-memory.dmp

memory/5112-2411-0x00007FF661A10000-0x00007FF661E02000-memory.dmp

memory/3916-2410-0x00007FF7674D0000-0x00007FF7678C2000-memory.dmp

memory/1076-2413-0x00007FF7748C0000-0x00007FF774CB2000-memory.dmp

memory/4312-2415-0x00007FF7EAF30000-0x00007FF7EB322000-memory.dmp

memory/1780-2417-0x00007FF7CCF30000-0x00007FF7CD322000-memory.dmp

memory/4532-2428-0x00007FF698390000-0x00007FF698782000-memory.dmp

memory/1264-2429-0x00007FF6B08D0000-0x00007FF6B0CC2000-memory.dmp

memory/3284-2431-0x00007FF6FAA50000-0x00007FF6FAE42000-memory.dmp

memory/3980-2433-0x00007FF664330000-0x00007FF664722000-memory.dmp

memory/3372-2437-0x00007FF604C30000-0x00007FF605022000-memory.dmp

memory/3396-2439-0x00007FF6235C0000-0x00007FF6239B2000-memory.dmp

memory/1140-2435-0x00007FF686580000-0x00007FF686972000-memory.dmp

memory/1348-2426-0x00007FF713D30000-0x00007FF714122000-memory.dmp

memory/3784-2424-0x00007FF6AC690000-0x00007FF6ACA82000-memory.dmp

memory/2436-2422-0x00007FF61F2A0000-0x00007FF61F692000-memory.dmp

memory/3404-2420-0x00007FF60DF70000-0x00007FF60E362000-memory.dmp

memory/1388-2463-0x00007FF77C200000-0x00007FF77C5F2000-memory.dmp

memory/5080-2457-0x00007FF7CC240000-0x00007FF7CC632000-memory.dmp

memory/4728-2465-0x00007FF7ECEB0000-0x00007FF7ED2A2000-memory.dmp

memory/4344-2461-0x00007FF675C60000-0x00007FF676052000-memory.dmp

memory/4576-2459-0x00007FF6BDEE0000-0x00007FF6BE2D2000-memory.dmp

memory/1744-2455-0x00007FF62C900000-0x00007FF62CCF2000-memory.dmp

memory/1808-2453-0x00007FF7AACF0000-0x00007FF7AB0E2000-memory.dmp

memory/1044-2539-0x00007FF9198A3000-0x00007FF9198A5000-memory.dmp