Malware Analysis Report

2024-11-16 11:37

Sample ID 240612-jktw4svdml
Target 9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118
SHA256 0b413c4e33b47134962315d37cc34b4a421f79a1133276d9e5e43f225870d1fb
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0b413c4e33b47134962315d37cc34b4a421f79a1133276d9e5e43f225870d1fb

Threat Level: Known bad

The file 9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 07:44

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 07:44

Reported

2024-06-12 07:46

Platform

win7-20240611-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\gikpWvW.exe N/A
N/A N/A C:\Windows\System\qrcdBzS.exe N/A
N/A N/A C:\Windows\System\oyYLHNk.exe N/A
N/A N/A C:\Windows\System\PXinVps.exe N/A
N/A N/A C:\Windows\System\kaeIOvs.exe N/A
N/A N/A C:\Windows\System\lCjKEoa.exe N/A
N/A N/A C:\Windows\System\qNhxcTR.exe N/A
N/A N/A C:\Windows\System\SstTXYz.exe N/A
N/A N/A C:\Windows\System\iTKLrCz.exe N/A
N/A N/A C:\Windows\System\hVGbmQL.exe N/A
N/A N/A C:\Windows\System\FZaFxDW.exe N/A
N/A N/A C:\Windows\System\pCOxRbD.exe N/A
N/A N/A C:\Windows\System\Zhhvmbw.exe N/A
N/A N/A C:\Windows\System\rQraxRz.exe N/A
N/A N/A C:\Windows\System\OzWtDsQ.exe N/A
N/A N/A C:\Windows\System\EpEIzjm.exe N/A
N/A N/A C:\Windows\System\IakpDNq.exe N/A
N/A N/A C:\Windows\System\savGMej.exe N/A
N/A N/A C:\Windows\System\VRLEkGY.exe N/A
N/A N/A C:\Windows\System\oqiNaSF.exe N/A
N/A N/A C:\Windows\System\bmUxOss.exe N/A
N/A N/A C:\Windows\System\cywjWzK.exe N/A
N/A N/A C:\Windows\System\bFeVhPB.exe N/A
N/A N/A C:\Windows\System\TXJdbGW.exe N/A
N/A N/A C:\Windows\System\oFlXVDc.exe N/A
N/A N/A C:\Windows\System\HUgYLEi.exe N/A
N/A N/A C:\Windows\System\UVgpGKW.exe N/A
N/A N/A C:\Windows\System\daHniXE.exe N/A
N/A N/A C:\Windows\System\ktdJWQi.exe N/A
N/A N/A C:\Windows\System\GeKwAiC.exe N/A
N/A N/A C:\Windows\System\oFTeNKZ.exe N/A
N/A N/A C:\Windows\System\AmPNBbC.exe N/A
N/A N/A C:\Windows\System\PyIRhXD.exe N/A
N/A N/A C:\Windows\System\RVyrmfD.exe N/A
N/A N/A C:\Windows\System\gjVemMi.exe N/A
N/A N/A C:\Windows\System\VwsTtVa.exe N/A
N/A N/A C:\Windows\System\HbcdkOX.exe N/A
N/A N/A C:\Windows\System\SpLvgdI.exe N/A
N/A N/A C:\Windows\System\uNLGsri.exe N/A
N/A N/A C:\Windows\System\BfJlkaj.exe N/A
N/A N/A C:\Windows\System\QjkgCIs.exe N/A
N/A N/A C:\Windows\System\EJNlkxa.exe N/A
N/A N/A C:\Windows\System\ttxvAQI.exe N/A
N/A N/A C:\Windows\System\lQdRdqA.exe N/A
N/A N/A C:\Windows\System\tSGlVXk.exe N/A
N/A N/A C:\Windows\System\sArDPzX.exe N/A
N/A N/A C:\Windows\System\PndyNYs.exe N/A
N/A N/A C:\Windows\System\oAkqQaH.exe N/A
N/A N/A C:\Windows\System\vPMppSc.exe N/A
N/A N/A C:\Windows\System\BUDywho.exe N/A
N/A N/A C:\Windows\System\AAHCuyP.exe N/A
N/A N/A C:\Windows\System\uxtWNrP.exe N/A
N/A N/A C:\Windows\System\OvJjFyh.exe N/A
N/A N/A C:\Windows\System\HTEoFwN.exe N/A
N/A N/A C:\Windows\System\QsDzttm.exe N/A
N/A N/A C:\Windows\System\tMXrMWQ.exe N/A
N/A N/A C:\Windows\System\IkndFTS.exe N/A
N/A N/A C:\Windows\System\moqEeFq.exe N/A
N/A N/A C:\Windows\System\mYaOtMt.exe N/A
N/A N/A C:\Windows\System\AANCGhQ.exe N/A
N/A N/A C:\Windows\System\SEsBcoS.exe N/A
N/A N/A C:\Windows\System\jUESfee.exe N/A
N/A N/A C:\Windows\System\HmqbJLf.exe N/A
N/A N/A C:\Windows\System\nhPQLFm.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\savGMej.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\bDipUVL.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\kzjxIWW.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\iIRpwJW.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\lULwPbd.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\bNmcbfi.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\xCjNhaA.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\tmXsDeC.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\AGvTJxJ.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\lzKfZFg.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\vKFiILC.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\WaLRoIc.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\PSwaqdQ.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\XiBpGgo.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\ZXLMybl.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\nDhAqfT.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\QBYHgrK.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\TaFqtWD.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\LUfbWrB.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\ZFqmVyy.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\oFwNcTW.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\wfyVVZi.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\meGZGVX.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\uSVdeuh.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\UqmfHfq.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\ZRKEPve.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\xRKvlqk.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\wLxXzUX.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\EehMGEW.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\aqHhbrO.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\uvIcjfx.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\NTeHYMp.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\rKrvWbZ.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\YJHrpEq.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\dsqdfsw.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\Dztkkpv.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\HUgYLEi.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\VSbGzHI.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\GwkQKcv.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\OKiWeQc.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\iuxIOdf.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\uOuwojt.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\IzQLIwo.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\zoZLDqq.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\lbLRZwa.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\USSsAyz.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\kyORPcN.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\XLBeowr.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\boEgtnb.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\PCxjNtm.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\RJDOXcm.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\SwVhgoQ.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\NGAPXVG.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\YKiCdeA.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\XhZOgeq.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\jgNieso.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\gbOzRVB.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\FqxyggN.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\bHGRYba.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\YfMKNrE.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\qcUvqRc.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\wjNCSYi.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\UWHYDzj.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\jDqfitU.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2232 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2232 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2232 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\gikpWvW.exe
PID 2232 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\gikpWvW.exe
PID 2232 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\gikpWvW.exe
PID 2232 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qrcdBzS.exe
PID 2232 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qrcdBzS.exe
PID 2232 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qrcdBzS.exe
PID 2232 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\oyYLHNk.exe
PID 2232 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\oyYLHNk.exe
PID 2232 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\oyYLHNk.exe
PID 2232 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\PXinVps.exe
PID 2232 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\PXinVps.exe
PID 2232 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\PXinVps.exe
PID 2232 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\kaeIOvs.exe
PID 2232 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\kaeIOvs.exe
PID 2232 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\kaeIOvs.exe
PID 2232 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\lCjKEoa.exe
PID 2232 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\lCjKEoa.exe
PID 2232 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\lCjKEoa.exe
PID 2232 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qNhxcTR.exe
PID 2232 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qNhxcTR.exe
PID 2232 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qNhxcTR.exe
PID 2232 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\SstTXYz.exe
PID 2232 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\SstTXYz.exe
PID 2232 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\SstTXYz.exe
PID 2232 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\iTKLrCz.exe
PID 2232 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\iTKLrCz.exe
PID 2232 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\iTKLrCz.exe
PID 2232 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\hVGbmQL.exe
PID 2232 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\hVGbmQL.exe
PID 2232 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\hVGbmQL.exe
PID 2232 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\FZaFxDW.exe
PID 2232 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\FZaFxDW.exe
PID 2232 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\FZaFxDW.exe
PID 2232 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\pCOxRbD.exe
PID 2232 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\pCOxRbD.exe
PID 2232 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\pCOxRbD.exe
PID 2232 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\Zhhvmbw.exe
PID 2232 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\Zhhvmbw.exe
PID 2232 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\Zhhvmbw.exe
PID 2232 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\rQraxRz.exe
PID 2232 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\rQraxRz.exe
PID 2232 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\rQraxRz.exe
PID 2232 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\OzWtDsQ.exe
PID 2232 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\OzWtDsQ.exe
PID 2232 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\OzWtDsQ.exe
PID 2232 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\EpEIzjm.exe
PID 2232 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\EpEIzjm.exe
PID 2232 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\EpEIzjm.exe
PID 2232 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\IakpDNq.exe
PID 2232 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\IakpDNq.exe
PID 2232 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\IakpDNq.exe
PID 2232 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\savGMej.exe
PID 2232 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\savGMej.exe
PID 2232 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\savGMej.exe
PID 2232 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\VRLEkGY.exe
PID 2232 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\VRLEkGY.exe
PID 2232 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\VRLEkGY.exe
PID 2232 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\oqiNaSF.exe
PID 2232 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\oqiNaSF.exe
PID 2232 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\oqiNaSF.exe
PID 2232 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\bmUxOss.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\gikpWvW.exe

C:\Windows\System\gikpWvW.exe

C:\Windows\System\qrcdBzS.exe

C:\Windows\System\qrcdBzS.exe

C:\Windows\System\oyYLHNk.exe

C:\Windows\System\oyYLHNk.exe

C:\Windows\System\PXinVps.exe

C:\Windows\System\PXinVps.exe

C:\Windows\System\kaeIOvs.exe

C:\Windows\System\kaeIOvs.exe

C:\Windows\System\lCjKEoa.exe

C:\Windows\System\lCjKEoa.exe

C:\Windows\System\qNhxcTR.exe

C:\Windows\System\qNhxcTR.exe

C:\Windows\System\SstTXYz.exe

C:\Windows\System\SstTXYz.exe

C:\Windows\System\iTKLrCz.exe

C:\Windows\System\iTKLrCz.exe

C:\Windows\System\hVGbmQL.exe

C:\Windows\System\hVGbmQL.exe

C:\Windows\System\FZaFxDW.exe

C:\Windows\System\FZaFxDW.exe

C:\Windows\System\pCOxRbD.exe

C:\Windows\System\pCOxRbD.exe

C:\Windows\System\Zhhvmbw.exe

C:\Windows\System\Zhhvmbw.exe

C:\Windows\System\rQraxRz.exe

C:\Windows\System\rQraxRz.exe

C:\Windows\System\OzWtDsQ.exe

C:\Windows\System\OzWtDsQ.exe

C:\Windows\System\EpEIzjm.exe

C:\Windows\System\EpEIzjm.exe

C:\Windows\System\IakpDNq.exe

C:\Windows\System\IakpDNq.exe

C:\Windows\System\savGMej.exe

C:\Windows\System\savGMej.exe

C:\Windows\System\VRLEkGY.exe

C:\Windows\System\VRLEkGY.exe

C:\Windows\System\oqiNaSF.exe

C:\Windows\System\oqiNaSF.exe

C:\Windows\System\bmUxOss.exe

C:\Windows\System\bmUxOss.exe

C:\Windows\System\cywjWzK.exe

C:\Windows\System\cywjWzK.exe

C:\Windows\System\bFeVhPB.exe

C:\Windows\System\bFeVhPB.exe

C:\Windows\System\oFlXVDc.exe

C:\Windows\System\oFlXVDc.exe

C:\Windows\System\TXJdbGW.exe

C:\Windows\System\TXJdbGW.exe

C:\Windows\System\UVgpGKW.exe

C:\Windows\System\UVgpGKW.exe

C:\Windows\System\HUgYLEi.exe

C:\Windows\System\HUgYLEi.exe

C:\Windows\System\daHniXE.exe

C:\Windows\System\daHniXE.exe

C:\Windows\System\ktdJWQi.exe

C:\Windows\System\ktdJWQi.exe

C:\Windows\System\GeKwAiC.exe

C:\Windows\System\GeKwAiC.exe

C:\Windows\System\oFTeNKZ.exe

C:\Windows\System\oFTeNKZ.exe

C:\Windows\System\PyIRhXD.exe

C:\Windows\System\PyIRhXD.exe

C:\Windows\System\AmPNBbC.exe

C:\Windows\System\AmPNBbC.exe

C:\Windows\System\RVyrmfD.exe

C:\Windows\System\RVyrmfD.exe

C:\Windows\System\gjVemMi.exe

C:\Windows\System\gjVemMi.exe

C:\Windows\System\VwsTtVa.exe

C:\Windows\System\VwsTtVa.exe

C:\Windows\System\HbcdkOX.exe

C:\Windows\System\HbcdkOX.exe

C:\Windows\System\SpLvgdI.exe

C:\Windows\System\SpLvgdI.exe

C:\Windows\System\uNLGsri.exe

C:\Windows\System\uNLGsri.exe

C:\Windows\System\BfJlkaj.exe

C:\Windows\System\BfJlkaj.exe

C:\Windows\System\QjkgCIs.exe

C:\Windows\System\QjkgCIs.exe

C:\Windows\System\EJNlkxa.exe

C:\Windows\System\EJNlkxa.exe

C:\Windows\System\ttxvAQI.exe

C:\Windows\System\ttxvAQI.exe

C:\Windows\System\lQdRdqA.exe

C:\Windows\System\lQdRdqA.exe

C:\Windows\System\tSGlVXk.exe

C:\Windows\System\tSGlVXk.exe

C:\Windows\System\sArDPzX.exe

C:\Windows\System\sArDPzX.exe

C:\Windows\System\PndyNYs.exe

C:\Windows\System\PndyNYs.exe

C:\Windows\System\oAkqQaH.exe

C:\Windows\System\oAkqQaH.exe

C:\Windows\System\vPMppSc.exe

C:\Windows\System\vPMppSc.exe

C:\Windows\System\BUDywho.exe

C:\Windows\System\BUDywho.exe

C:\Windows\System\AAHCuyP.exe

C:\Windows\System\AAHCuyP.exe

C:\Windows\System\uxtWNrP.exe

C:\Windows\System\uxtWNrP.exe

C:\Windows\System\OvJjFyh.exe

C:\Windows\System\OvJjFyh.exe

C:\Windows\System\HTEoFwN.exe

C:\Windows\System\HTEoFwN.exe

C:\Windows\System\QsDzttm.exe

C:\Windows\System\QsDzttm.exe

C:\Windows\System\tMXrMWQ.exe

C:\Windows\System\tMXrMWQ.exe

C:\Windows\System\IkndFTS.exe

C:\Windows\System\IkndFTS.exe

C:\Windows\System\moqEeFq.exe

C:\Windows\System\moqEeFq.exe

C:\Windows\System\mYaOtMt.exe

C:\Windows\System\mYaOtMt.exe

C:\Windows\System\AANCGhQ.exe

C:\Windows\System\AANCGhQ.exe

C:\Windows\System\SEsBcoS.exe

C:\Windows\System\SEsBcoS.exe

C:\Windows\System\jUESfee.exe

C:\Windows\System\jUESfee.exe

C:\Windows\System\HmqbJLf.exe

C:\Windows\System\HmqbJLf.exe

C:\Windows\System\nhPQLFm.exe

C:\Windows\System\nhPQLFm.exe

C:\Windows\System\OOAGtdH.exe

C:\Windows\System\OOAGtdH.exe

C:\Windows\System\iJwWJfe.exe

C:\Windows\System\iJwWJfe.exe

C:\Windows\System\DLrNbbd.exe

C:\Windows\System\DLrNbbd.exe

C:\Windows\System\lULwPbd.exe

C:\Windows\System\lULwPbd.exe

C:\Windows\System\eAmBQNH.exe

C:\Windows\System\eAmBQNH.exe

C:\Windows\System\oVbpKHK.exe

C:\Windows\System\oVbpKHK.exe

C:\Windows\System\fNxJENu.exe

C:\Windows\System\fNxJENu.exe

C:\Windows\System\MiEtwgX.exe

C:\Windows\System\MiEtwgX.exe

C:\Windows\System\ZZoUFuw.exe

C:\Windows\System\ZZoUFuw.exe

C:\Windows\System\KsapRQg.exe

C:\Windows\System\KsapRQg.exe

C:\Windows\System\rHhUspf.exe

C:\Windows\System\rHhUspf.exe

C:\Windows\System\mdKZyFC.exe

C:\Windows\System\mdKZyFC.exe

C:\Windows\System\GXVPiYF.exe

C:\Windows\System\GXVPiYF.exe

C:\Windows\System\nEUvJpF.exe

C:\Windows\System\nEUvJpF.exe

C:\Windows\System\DIGirxj.exe

C:\Windows\System\DIGirxj.exe

C:\Windows\System\DuixBmf.exe

C:\Windows\System\DuixBmf.exe

C:\Windows\System\gyahyiB.exe

C:\Windows\System\gyahyiB.exe

C:\Windows\System\CzJpoPx.exe

C:\Windows\System\CzJpoPx.exe

C:\Windows\System\wwmGxom.exe

C:\Windows\System\wwmGxom.exe

C:\Windows\System\PeOLVkX.exe

C:\Windows\System\PeOLVkX.exe

C:\Windows\System\njNnyCc.exe

C:\Windows\System\njNnyCc.exe

C:\Windows\System\tKyEoNv.exe

C:\Windows\System\tKyEoNv.exe

C:\Windows\System\fjpowpm.exe

C:\Windows\System\fjpowpm.exe

C:\Windows\System\dSSPpqm.exe

C:\Windows\System\dSSPpqm.exe

C:\Windows\System\mPtBEpj.exe

C:\Windows\System\mPtBEpj.exe

C:\Windows\System\WcoyVtz.exe

C:\Windows\System\WcoyVtz.exe

C:\Windows\System\dDHRThD.exe

C:\Windows\System\dDHRThD.exe

C:\Windows\System\OzxvsyG.exe

C:\Windows\System\OzxvsyG.exe

C:\Windows\System\kWXzuWS.exe

C:\Windows\System\kWXzuWS.exe

C:\Windows\System\lEWBQqP.exe

C:\Windows\System\lEWBQqP.exe

C:\Windows\System\vKFiILC.exe

C:\Windows\System\vKFiILC.exe

C:\Windows\System\glLmTSG.exe

C:\Windows\System\glLmTSG.exe

C:\Windows\System\pVIqQOF.exe

C:\Windows\System\pVIqQOF.exe

C:\Windows\System\APgiXrm.exe

C:\Windows\System\APgiXrm.exe

C:\Windows\System\PVxhqLO.exe

C:\Windows\System\PVxhqLO.exe

C:\Windows\System\ehegfXm.exe

C:\Windows\System\ehegfXm.exe

C:\Windows\System\fAIqEnY.exe

C:\Windows\System\fAIqEnY.exe

C:\Windows\System\fgwVXVh.exe

C:\Windows\System\fgwVXVh.exe

C:\Windows\System\QcDEhHb.exe

C:\Windows\System\QcDEhHb.exe

C:\Windows\System\TOGFdNy.exe

C:\Windows\System\TOGFdNy.exe

C:\Windows\System\FbtKGuJ.exe

C:\Windows\System\FbtKGuJ.exe

C:\Windows\System\TulzBsJ.exe

C:\Windows\System\TulzBsJ.exe

C:\Windows\System\RCpAiqK.exe

C:\Windows\System\RCpAiqK.exe

C:\Windows\System\INovRKc.exe

C:\Windows\System\INovRKc.exe

C:\Windows\System\pVgjWdI.exe

C:\Windows\System\pVgjWdI.exe

C:\Windows\System\JWTGlRx.exe

C:\Windows\System\JWTGlRx.exe

C:\Windows\System\rbyvcqd.exe

C:\Windows\System\rbyvcqd.exe

C:\Windows\System\RAiqeom.exe

C:\Windows\System\RAiqeom.exe

C:\Windows\System\ODGhzDh.exe

C:\Windows\System\ODGhzDh.exe

C:\Windows\System\jqUWEwW.exe

C:\Windows\System\jqUWEwW.exe

C:\Windows\System\MjDlcBE.exe

C:\Windows\System\MjDlcBE.exe

C:\Windows\System\jJPRcyP.exe

C:\Windows\System\jJPRcyP.exe

C:\Windows\System\YyeUDXe.exe

C:\Windows\System\YyeUDXe.exe

C:\Windows\System\zuftLnV.exe

C:\Windows\System\zuftLnV.exe

C:\Windows\System\BUZxuhL.exe

C:\Windows\System\BUZxuhL.exe

C:\Windows\System\mePcpGu.exe

C:\Windows\System\mePcpGu.exe

C:\Windows\System\oZebUdX.exe

C:\Windows\System\oZebUdX.exe

C:\Windows\System\aCWUcIt.exe

C:\Windows\System\aCWUcIt.exe

C:\Windows\System\CFJmEor.exe

C:\Windows\System\CFJmEor.exe

C:\Windows\System\ayLAZmD.exe

C:\Windows\System\ayLAZmD.exe

C:\Windows\System\SmFIQzN.exe

C:\Windows\System\SmFIQzN.exe

C:\Windows\System\zLfVRUA.exe

C:\Windows\System\zLfVRUA.exe

C:\Windows\System\NTsbosH.exe

C:\Windows\System\NTsbosH.exe

C:\Windows\System\ubLgjIK.exe

C:\Windows\System\ubLgjIK.exe

C:\Windows\System\dUGLhcE.exe

C:\Windows\System\dUGLhcE.exe

C:\Windows\System\xzeirBk.exe

C:\Windows\System\xzeirBk.exe

C:\Windows\System\AKNNscV.exe

C:\Windows\System\AKNNscV.exe

C:\Windows\System\YNCpldP.exe

C:\Windows\System\YNCpldP.exe

C:\Windows\System\cUWZexR.exe

C:\Windows\System\cUWZexR.exe

C:\Windows\System\wrynJES.exe

C:\Windows\System\wrynJES.exe

C:\Windows\System\GJUoTvx.exe

C:\Windows\System\GJUoTvx.exe

C:\Windows\System\RBrOHYF.exe

C:\Windows\System\RBrOHYF.exe

C:\Windows\System\PZcEyul.exe

C:\Windows\System\PZcEyul.exe

C:\Windows\System\vYDmRPI.exe

C:\Windows\System\vYDmRPI.exe

C:\Windows\System\lrdEhCO.exe

C:\Windows\System\lrdEhCO.exe

C:\Windows\System\xPZlMxV.exe

C:\Windows\System\xPZlMxV.exe

C:\Windows\System\eulysPB.exe

C:\Windows\System\eulysPB.exe

C:\Windows\System\lcIwkic.exe

C:\Windows\System\lcIwkic.exe

C:\Windows\System\KYIbanb.exe

C:\Windows\System\KYIbanb.exe

C:\Windows\System\eQlkaYP.exe

C:\Windows\System\eQlkaYP.exe

C:\Windows\System\auKdotN.exe

C:\Windows\System\auKdotN.exe

C:\Windows\System\YVBCpjW.exe

C:\Windows\System\YVBCpjW.exe

C:\Windows\System\XDcaDhS.exe

C:\Windows\System\XDcaDhS.exe

C:\Windows\System\XJemDMV.exe

C:\Windows\System\XJemDMV.exe

C:\Windows\System\TIaPHfj.exe

C:\Windows\System\TIaPHfj.exe

C:\Windows\System\YVTWBhJ.exe

C:\Windows\System\YVTWBhJ.exe

C:\Windows\System\WxfIPQb.exe

C:\Windows\System\WxfIPQb.exe

C:\Windows\System\ZxUZHnM.exe

C:\Windows\System\ZxUZHnM.exe

C:\Windows\System\XdPaFaP.exe

C:\Windows\System\XdPaFaP.exe

C:\Windows\System\vlolJiX.exe

C:\Windows\System\vlolJiX.exe

C:\Windows\System\OLiwYpi.exe

C:\Windows\System\OLiwYpi.exe

C:\Windows\System\UTCXFap.exe

C:\Windows\System\UTCXFap.exe

C:\Windows\System\PBmoffB.exe

C:\Windows\System\PBmoffB.exe

C:\Windows\System\eFAdbMV.exe

C:\Windows\System\eFAdbMV.exe

C:\Windows\System\ojpmWgd.exe

C:\Windows\System\ojpmWgd.exe

C:\Windows\System\VOzmGFX.exe

C:\Windows\System\VOzmGFX.exe

C:\Windows\System\rbYDrVV.exe

C:\Windows\System\rbYDrVV.exe

C:\Windows\System\nCwLdrD.exe

C:\Windows\System\nCwLdrD.exe

C:\Windows\System\MMKesiZ.exe

C:\Windows\System\MMKesiZ.exe

C:\Windows\System\UxntJmG.exe

C:\Windows\System\UxntJmG.exe

C:\Windows\System\euYxWnb.exe

C:\Windows\System\euYxWnb.exe

C:\Windows\System\niBPdCQ.exe

C:\Windows\System\niBPdCQ.exe

C:\Windows\System\cRtCOpK.exe

C:\Windows\System\cRtCOpK.exe

C:\Windows\System\UCorJSk.exe

C:\Windows\System\UCorJSk.exe

C:\Windows\System\bVIZRNH.exe

C:\Windows\System\bVIZRNH.exe

C:\Windows\System\WlbKEDz.exe

C:\Windows\System\WlbKEDz.exe

C:\Windows\System\JUhMmzz.exe

C:\Windows\System\JUhMmzz.exe

C:\Windows\System\bZKVEQL.exe

C:\Windows\System\bZKVEQL.exe

C:\Windows\System\hlfPYCI.exe

C:\Windows\System\hlfPYCI.exe

C:\Windows\System\rryUedt.exe

C:\Windows\System\rryUedt.exe

C:\Windows\System\oblswFY.exe

C:\Windows\System\oblswFY.exe

C:\Windows\System\ygxAptT.exe

C:\Windows\System\ygxAptT.exe

C:\Windows\System\iygVxSj.exe

C:\Windows\System\iygVxSj.exe

C:\Windows\System\kMhFiKy.exe

C:\Windows\System\kMhFiKy.exe

C:\Windows\System\CwdSLzM.exe

C:\Windows\System\CwdSLzM.exe

C:\Windows\System\qMHbaOj.exe

C:\Windows\System\qMHbaOj.exe

C:\Windows\System\NeQcLcX.exe

C:\Windows\System\NeQcLcX.exe

C:\Windows\System\VxhuIPZ.exe

C:\Windows\System\VxhuIPZ.exe

C:\Windows\System\EjKvjfd.exe

C:\Windows\System\EjKvjfd.exe

C:\Windows\System\itOEstn.exe

C:\Windows\System\itOEstn.exe

C:\Windows\System\iVAaDAg.exe

C:\Windows\System\iVAaDAg.exe

C:\Windows\System\ARaundS.exe

C:\Windows\System\ARaundS.exe

C:\Windows\System\NQVUMjv.exe

C:\Windows\System\NQVUMjv.exe

C:\Windows\System\pwEGcMy.exe

C:\Windows\System\pwEGcMy.exe

C:\Windows\System\JFeqGmb.exe

C:\Windows\System\JFeqGmb.exe

C:\Windows\System\VGdPekG.exe

C:\Windows\System\VGdPekG.exe

C:\Windows\System\JPWPuKP.exe

C:\Windows\System\JPWPuKP.exe

C:\Windows\System\hinrBGp.exe

C:\Windows\System\hinrBGp.exe

C:\Windows\System\iGzBboT.exe

C:\Windows\System\iGzBboT.exe

C:\Windows\System\zDrMebl.exe

C:\Windows\System\zDrMebl.exe

C:\Windows\System\OFNQnEn.exe

C:\Windows\System\OFNQnEn.exe

C:\Windows\System\yhATWVm.exe

C:\Windows\System\yhATWVm.exe

C:\Windows\System\xADPbAh.exe

C:\Windows\System\xADPbAh.exe

C:\Windows\System\WsEmrFr.exe

C:\Windows\System\WsEmrFr.exe

C:\Windows\System\WkeACvj.exe

C:\Windows\System\WkeACvj.exe

C:\Windows\System\aqHhbrO.exe

C:\Windows\System\aqHhbrO.exe

C:\Windows\System\dpOlTnj.exe

C:\Windows\System\dpOlTnj.exe

C:\Windows\System\klpQmJD.exe

C:\Windows\System\klpQmJD.exe

C:\Windows\System\iLmTsLM.exe

C:\Windows\System\iLmTsLM.exe

C:\Windows\System\SNqZhZl.exe

C:\Windows\System\SNqZhZl.exe

C:\Windows\System\mviDjis.exe

C:\Windows\System\mviDjis.exe

C:\Windows\System\IeKMLbz.exe

C:\Windows\System\IeKMLbz.exe

C:\Windows\System\WjBsFmD.exe

C:\Windows\System\WjBsFmD.exe

C:\Windows\System\dwMxchG.exe

C:\Windows\System\dwMxchG.exe

C:\Windows\System\dMgOmEJ.exe

C:\Windows\System\dMgOmEJ.exe

C:\Windows\System\NQJWAXm.exe

C:\Windows\System\NQJWAXm.exe

C:\Windows\System\JsQoUsB.exe

C:\Windows\System\JsQoUsB.exe

C:\Windows\System\QUjQWFU.exe

C:\Windows\System\QUjQWFU.exe

C:\Windows\System\KfQuevh.exe

C:\Windows\System\KfQuevh.exe

C:\Windows\System\dPmvuSY.exe

C:\Windows\System\dPmvuSY.exe

C:\Windows\System\JCDQacJ.exe

C:\Windows\System\JCDQacJ.exe

C:\Windows\System\dEOSbsP.exe

C:\Windows\System\dEOSbsP.exe

C:\Windows\System\BrBiuEM.exe

C:\Windows\System\BrBiuEM.exe

C:\Windows\System\TCZKzfd.exe

C:\Windows\System\TCZKzfd.exe

C:\Windows\System\Uoydvcv.exe

C:\Windows\System\Uoydvcv.exe

C:\Windows\System\sWmrSyE.exe

C:\Windows\System\sWmrSyE.exe

C:\Windows\System\Chpudwy.exe

C:\Windows\System\Chpudwy.exe

C:\Windows\System\YRlKKiM.exe

C:\Windows\System\YRlKKiM.exe

C:\Windows\System\nfYigzz.exe

C:\Windows\System\nfYigzz.exe

C:\Windows\System\OzUECTk.exe

C:\Windows\System\OzUECTk.exe

C:\Windows\System\HxbweuS.exe

C:\Windows\System\HxbweuS.exe

C:\Windows\System\Jnwapbr.exe

C:\Windows\System\Jnwapbr.exe

C:\Windows\System\ORgykjv.exe

C:\Windows\System\ORgykjv.exe

C:\Windows\System\MMWXqez.exe

C:\Windows\System\MMWXqez.exe

C:\Windows\System\lBhCxyU.exe

C:\Windows\System\lBhCxyU.exe

C:\Windows\System\MTQGGQv.exe

C:\Windows\System\MTQGGQv.exe

C:\Windows\System\JCOoXTh.exe

C:\Windows\System\JCOoXTh.exe

C:\Windows\System\FXyDeOU.exe

C:\Windows\System\FXyDeOU.exe

C:\Windows\System\uXKrARm.exe

C:\Windows\System\uXKrARm.exe

C:\Windows\System\lplgAFP.exe

C:\Windows\System\lplgAFP.exe

C:\Windows\System\MAmpTSe.exe

C:\Windows\System\MAmpTSe.exe

C:\Windows\System\BAyDLrQ.exe

C:\Windows\System\BAyDLrQ.exe

C:\Windows\System\xmPhAGK.exe

C:\Windows\System\xmPhAGK.exe

C:\Windows\System\rngjbZE.exe

C:\Windows\System\rngjbZE.exe

C:\Windows\System\QVgFChO.exe

C:\Windows\System\QVgFChO.exe

C:\Windows\System\rKZgmiD.exe

C:\Windows\System\rKZgmiD.exe

C:\Windows\System\EwEyyOS.exe

C:\Windows\System\EwEyyOS.exe

C:\Windows\System\WIYqerN.exe

C:\Windows\System\WIYqerN.exe

C:\Windows\System\tNaxMVa.exe

C:\Windows\System\tNaxMVa.exe

C:\Windows\System\uqqtAoJ.exe

C:\Windows\System\uqqtAoJ.exe

C:\Windows\System\WfWWwQm.exe

C:\Windows\System\WfWWwQm.exe

C:\Windows\System\sWesYpj.exe

C:\Windows\System\sWesYpj.exe

C:\Windows\System\lBqloZX.exe

C:\Windows\System\lBqloZX.exe

C:\Windows\System\aCvRAfq.exe

C:\Windows\System\aCvRAfq.exe

C:\Windows\System\NsNsaYl.exe

C:\Windows\System\NsNsaYl.exe

C:\Windows\System\DZzyEym.exe

C:\Windows\System\DZzyEym.exe

C:\Windows\System\ljBYSeO.exe

C:\Windows\System\ljBYSeO.exe

C:\Windows\System\WBfUDkN.exe

C:\Windows\System\WBfUDkN.exe

C:\Windows\System\UdTxRcU.exe

C:\Windows\System\UdTxRcU.exe

C:\Windows\System\kYdazRy.exe

C:\Windows\System\kYdazRy.exe

C:\Windows\System\fDifwFw.exe

C:\Windows\System\fDifwFw.exe

C:\Windows\System\jSgctDz.exe

C:\Windows\System\jSgctDz.exe

C:\Windows\System\VTHuaZa.exe

C:\Windows\System\VTHuaZa.exe

C:\Windows\System\BkGRLHI.exe

C:\Windows\System\BkGRLHI.exe

C:\Windows\System\vuoFPPY.exe

C:\Windows\System\vuoFPPY.exe

C:\Windows\System\cAdEHpa.exe

C:\Windows\System\cAdEHpa.exe

C:\Windows\System\iKAcZrc.exe

C:\Windows\System\iKAcZrc.exe

C:\Windows\System\qZskQEw.exe

C:\Windows\System\qZskQEw.exe

C:\Windows\System\syiItMP.exe

C:\Windows\System\syiItMP.exe

C:\Windows\System\TvcTNJq.exe

C:\Windows\System\TvcTNJq.exe

C:\Windows\System\eJwBISC.exe

C:\Windows\System\eJwBISC.exe

C:\Windows\System\koTJmOV.exe

C:\Windows\System\koTJmOV.exe

C:\Windows\System\LlvbEWN.exe

C:\Windows\System\LlvbEWN.exe

C:\Windows\System\ANquVry.exe

C:\Windows\System\ANquVry.exe

C:\Windows\System\eYsnUnl.exe

C:\Windows\System\eYsnUnl.exe

C:\Windows\System\EwLZeTs.exe

C:\Windows\System\EwLZeTs.exe

C:\Windows\System\AlhWYTR.exe

C:\Windows\System\AlhWYTR.exe

C:\Windows\System\vYMQMhn.exe

C:\Windows\System\vYMQMhn.exe

C:\Windows\System\immCDsy.exe

C:\Windows\System\immCDsy.exe

C:\Windows\System\iwNoUZw.exe

C:\Windows\System\iwNoUZw.exe

C:\Windows\System\kvgEdjP.exe

C:\Windows\System\kvgEdjP.exe

C:\Windows\System\USEfbPc.exe

C:\Windows\System\USEfbPc.exe

C:\Windows\System\NzjraOK.exe

C:\Windows\System\NzjraOK.exe

C:\Windows\System\rsEZnog.exe

C:\Windows\System\rsEZnog.exe

C:\Windows\System\HmaoJar.exe

C:\Windows\System\HmaoJar.exe

C:\Windows\System\ghJtQIy.exe

C:\Windows\System\ghJtQIy.exe

C:\Windows\System\FQdfjKO.exe

C:\Windows\System\FQdfjKO.exe

C:\Windows\System\rhelPgH.exe

C:\Windows\System\rhelPgH.exe

C:\Windows\System\USSsAyz.exe

C:\Windows\System\USSsAyz.exe

C:\Windows\System\WYxQTAA.exe

C:\Windows\System\WYxQTAA.exe

C:\Windows\System\RSlPejC.exe

C:\Windows\System\RSlPejC.exe

C:\Windows\System\ApBLJRT.exe

C:\Windows\System\ApBLJRT.exe

C:\Windows\System\geBOimD.exe

C:\Windows\System\geBOimD.exe

C:\Windows\System\WiJDgoz.exe

C:\Windows\System\WiJDgoz.exe

C:\Windows\System\EZwmUXf.exe

C:\Windows\System\EZwmUXf.exe

C:\Windows\System\zoBQfJy.exe

C:\Windows\System\zoBQfJy.exe

C:\Windows\System\vmCQpQz.exe

C:\Windows\System\vmCQpQz.exe

C:\Windows\System\uvIcjfx.exe

C:\Windows\System\uvIcjfx.exe

C:\Windows\System\wJbliIc.exe

C:\Windows\System\wJbliIc.exe

C:\Windows\System\aPFRsvf.exe

C:\Windows\System\aPFRsvf.exe

C:\Windows\System\sNZerHQ.exe

C:\Windows\System\sNZerHQ.exe

C:\Windows\System\VZphZyb.exe

C:\Windows\System\VZphZyb.exe

C:\Windows\System\ojjOGmp.exe

C:\Windows\System\ojjOGmp.exe

C:\Windows\System\vyDwvuS.exe

C:\Windows\System\vyDwvuS.exe

C:\Windows\System\DEodjJY.exe

C:\Windows\System\DEodjJY.exe

C:\Windows\System\ASdRhfl.exe

C:\Windows\System\ASdRhfl.exe

C:\Windows\System\Jcrpihf.exe

C:\Windows\System\Jcrpihf.exe

C:\Windows\System\YmkmQXd.exe

C:\Windows\System\YmkmQXd.exe

C:\Windows\System\UbJmxae.exe

C:\Windows\System\UbJmxae.exe

C:\Windows\System\vxlORBJ.exe

C:\Windows\System\vxlORBJ.exe

C:\Windows\System\UmLunLG.exe

C:\Windows\System\UmLunLG.exe

C:\Windows\System\bNmcbfi.exe

C:\Windows\System\bNmcbfi.exe

C:\Windows\System\qENybpL.exe

C:\Windows\System\qENybpL.exe

C:\Windows\System\MHsYOmn.exe

C:\Windows\System\MHsYOmn.exe

C:\Windows\System\DKtJQfw.exe

C:\Windows\System\DKtJQfw.exe

C:\Windows\System\pfdOdnI.exe

C:\Windows\System\pfdOdnI.exe

C:\Windows\System\rTsLsdm.exe

C:\Windows\System\rTsLsdm.exe

C:\Windows\System\dPctmRr.exe

C:\Windows\System\dPctmRr.exe

C:\Windows\System\pbQvFWE.exe

C:\Windows\System\pbQvFWE.exe

C:\Windows\System\ZeZgPBg.exe

C:\Windows\System\ZeZgPBg.exe

C:\Windows\System\vkOyugw.exe

C:\Windows\System\vkOyugw.exe

C:\Windows\System\wlkOCoJ.exe

C:\Windows\System\wlkOCoJ.exe

C:\Windows\System\ifOniBz.exe

C:\Windows\System\ifOniBz.exe

C:\Windows\System\ZlAtAft.exe

C:\Windows\System\ZlAtAft.exe

C:\Windows\System\qxFvNKi.exe

C:\Windows\System\qxFvNKi.exe

C:\Windows\System\hbCSqQX.exe

C:\Windows\System\hbCSqQX.exe

C:\Windows\System\dnVgssh.exe

C:\Windows\System\dnVgssh.exe

C:\Windows\System\DXZrmfK.exe

C:\Windows\System\DXZrmfK.exe

C:\Windows\System\gEtXpuo.exe

C:\Windows\System\gEtXpuo.exe

C:\Windows\System\liYiEvC.exe

C:\Windows\System\liYiEvC.exe

C:\Windows\System\HBWigNB.exe

C:\Windows\System\HBWigNB.exe

C:\Windows\System\PILDhQC.exe

C:\Windows\System\PILDhQC.exe

C:\Windows\System\AXNEXLb.exe

C:\Windows\System\AXNEXLb.exe

C:\Windows\System\buOSNSE.exe

C:\Windows\System\buOSNSE.exe

C:\Windows\System\YbIWAKC.exe

C:\Windows\System\YbIWAKC.exe

C:\Windows\System\kzqEHPV.exe

C:\Windows\System\kzqEHPV.exe

C:\Windows\System\jgNieso.exe

C:\Windows\System\jgNieso.exe

C:\Windows\System\gRMeKFg.exe

C:\Windows\System\gRMeKFg.exe

C:\Windows\System\dDWsHwl.exe

C:\Windows\System\dDWsHwl.exe

C:\Windows\System\jEiqJjY.exe

C:\Windows\System\jEiqJjY.exe

C:\Windows\System\krzTOtS.exe

C:\Windows\System\krzTOtS.exe

C:\Windows\System\JqZupgH.exe

C:\Windows\System\JqZupgH.exe

C:\Windows\System\RLOGoyE.exe

C:\Windows\System\RLOGoyE.exe

C:\Windows\System\TevUSXY.exe

C:\Windows\System\TevUSXY.exe

C:\Windows\System\BuFLxRT.exe

C:\Windows\System\BuFLxRT.exe

C:\Windows\System\hjihFiA.exe

C:\Windows\System\hjihFiA.exe

C:\Windows\System\kEGNYFh.exe

C:\Windows\System\kEGNYFh.exe

C:\Windows\System\CklPHfM.exe

C:\Windows\System\CklPHfM.exe

C:\Windows\System\Kpbgvwy.exe

C:\Windows\System\Kpbgvwy.exe

C:\Windows\System\zrJCbyq.exe

C:\Windows\System\zrJCbyq.exe

C:\Windows\System\OUDsTON.exe

C:\Windows\System\OUDsTON.exe

C:\Windows\System\jVwbAPW.exe

C:\Windows\System\jVwbAPW.exe

C:\Windows\System\VxPlqru.exe

C:\Windows\System\VxPlqru.exe

C:\Windows\System\piKsbDB.exe

C:\Windows\System\piKsbDB.exe

C:\Windows\System\PAxKkiB.exe

C:\Windows\System\PAxKkiB.exe

C:\Windows\System\ynTAjaL.exe

C:\Windows\System\ynTAjaL.exe

C:\Windows\System\OQBTDbu.exe

C:\Windows\System\OQBTDbu.exe

C:\Windows\System\WaLRoIc.exe

C:\Windows\System\WaLRoIc.exe

C:\Windows\System\flnbimJ.exe

C:\Windows\System\flnbimJ.exe

C:\Windows\System\xPGTaiw.exe

C:\Windows\System\xPGTaiw.exe

C:\Windows\System\nVhEAoK.exe

C:\Windows\System\nVhEAoK.exe

C:\Windows\System\hhNCDOf.exe

C:\Windows\System\hhNCDOf.exe

C:\Windows\System\CCJecVT.exe

C:\Windows\System\CCJecVT.exe

C:\Windows\System\mqqLtXz.exe

C:\Windows\System\mqqLtXz.exe

C:\Windows\System\tQcszoh.exe

C:\Windows\System\tQcszoh.exe

C:\Windows\System\xMJCBUx.exe

C:\Windows\System\xMJCBUx.exe

C:\Windows\System\TfylogM.exe

C:\Windows\System\TfylogM.exe

C:\Windows\System\BQDyeCn.exe

C:\Windows\System\BQDyeCn.exe

C:\Windows\System\BhqbPDw.exe

C:\Windows\System\BhqbPDw.exe

C:\Windows\System\NbDYTBH.exe

C:\Windows\System\NbDYTBH.exe

C:\Windows\System\wYvjiEC.exe

C:\Windows\System\wYvjiEC.exe

C:\Windows\System\nYTFMuu.exe

C:\Windows\System\nYTFMuu.exe

C:\Windows\System\nQtsrgi.exe

C:\Windows\System\nQtsrgi.exe

C:\Windows\System\zCSLxsT.exe

C:\Windows\System\zCSLxsT.exe

C:\Windows\System\pyILEFe.exe

C:\Windows\System\pyILEFe.exe

C:\Windows\System\HvipOqK.exe

C:\Windows\System\HvipOqK.exe

C:\Windows\System\IsMCnZj.exe

C:\Windows\System\IsMCnZj.exe

C:\Windows\System\UoczLmB.exe

C:\Windows\System\UoczLmB.exe

C:\Windows\System\jCJzAts.exe

C:\Windows\System\jCJzAts.exe

C:\Windows\System\vHjMxTH.exe

C:\Windows\System\vHjMxTH.exe

C:\Windows\System\jDpBYax.exe

C:\Windows\System\jDpBYax.exe

C:\Windows\System\QyWHOhL.exe

C:\Windows\System\QyWHOhL.exe

C:\Windows\System\cQimPQG.exe

C:\Windows\System\cQimPQG.exe

C:\Windows\System\nxndnsp.exe

C:\Windows\System\nxndnsp.exe

C:\Windows\System\ltTmjkk.exe

C:\Windows\System\ltTmjkk.exe

C:\Windows\System\oIFRImO.exe

C:\Windows\System\oIFRImO.exe

C:\Windows\System\IlUDddJ.exe

C:\Windows\System\IlUDddJ.exe

C:\Windows\System\TRCgMGm.exe

C:\Windows\System\TRCgMGm.exe

C:\Windows\System\TneoiDY.exe

C:\Windows\System\TneoiDY.exe

C:\Windows\System\zugXgXO.exe

C:\Windows\System\zugXgXO.exe

C:\Windows\System\DCydmvh.exe

C:\Windows\System\DCydmvh.exe

C:\Windows\System\QSBTKeD.exe

C:\Windows\System\QSBTKeD.exe

C:\Windows\System\hTakJfC.exe

C:\Windows\System\hTakJfC.exe

C:\Windows\System\PLycsSW.exe

C:\Windows\System\PLycsSW.exe

C:\Windows\System\zhJOFSR.exe

C:\Windows\System\zhJOFSR.exe

C:\Windows\System\qjtWaNZ.exe

C:\Windows\System\qjtWaNZ.exe

C:\Windows\System\KouBEej.exe

C:\Windows\System\KouBEej.exe

C:\Windows\System\DSgkeql.exe

C:\Windows\System\DSgkeql.exe

C:\Windows\System\EYqbsiK.exe

C:\Windows\System\EYqbsiK.exe

C:\Windows\System\cQRNFGs.exe

C:\Windows\System\cQRNFGs.exe

C:\Windows\System\owLrqWO.exe

C:\Windows\System\owLrqWO.exe

C:\Windows\System\CktbaFW.exe

C:\Windows\System\CktbaFW.exe

C:\Windows\System\YLhbDUY.exe

C:\Windows\System\YLhbDUY.exe

C:\Windows\System\ucUvbIy.exe

C:\Windows\System\ucUvbIy.exe

C:\Windows\System\VjAxEXB.exe

C:\Windows\System\VjAxEXB.exe

C:\Windows\System\LNWVoyt.exe

C:\Windows\System\LNWVoyt.exe

C:\Windows\System\RLQbcpW.exe

C:\Windows\System\RLQbcpW.exe

C:\Windows\System\zUcmuAI.exe

C:\Windows\System\zUcmuAI.exe

C:\Windows\System\fCCnuri.exe

C:\Windows\System\fCCnuri.exe

C:\Windows\System\PjkwiCd.exe

C:\Windows\System\PjkwiCd.exe

C:\Windows\System\OmyCYaa.exe

C:\Windows\System\OmyCYaa.exe

C:\Windows\System\YgQBOPt.exe

C:\Windows\System\YgQBOPt.exe

C:\Windows\System\HvPhAIO.exe

C:\Windows\System\HvPhAIO.exe

C:\Windows\System\WCJBXkq.exe

C:\Windows\System\WCJBXkq.exe

C:\Windows\System\pXABHjk.exe

C:\Windows\System\pXABHjk.exe

C:\Windows\System\XiDiIRF.exe

C:\Windows\System\XiDiIRF.exe

C:\Windows\System\ZhFdTPY.exe

C:\Windows\System\ZhFdTPY.exe

C:\Windows\System\SHtNbnu.exe

C:\Windows\System\SHtNbnu.exe

C:\Windows\System\VTvTHja.exe

C:\Windows\System\VTvTHja.exe

C:\Windows\System\ZBgZVPU.exe

C:\Windows\System\ZBgZVPU.exe

C:\Windows\System\aiEbgFX.exe

C:\Windows\System\aiEbgFX.exe

C:\Windows\System\NjdBWbY.exe

C:\Windows\System\NjdBWbY.exe

C:\Windows\System\kQWtbKj.exe

C:\Windows\System\kQWtbKj.exe

C:\Windows\System\GzQobLH.exe

C:\Windows\System\GzQobLH.exe

C:\Windows\System\EQFWobc.exe

C:\Windows\System\EQFWobc.exe

C:\Windows\System\KJsAvla.exe

C:\Windows\System\KJsAvla.exe

C:\Windows\System\gxMOMaw.exe

C:\Windows\System\gxMOMaw.exe

C:\Windows\System\goUCulo.exe

C:\Windows\System\goUCulo.exe

C:\Windows\System\jegSzyu.exe

C:\Windows\System\jegSzyu.exe

C:\Windows\System\NAFoTiB.exe

C:\Windows\System\NAFoTiB.exe

C:\Windows\System\zyMAWgl.exe

C:\Windows\System\zyMAWgl.exe

C:\Windows\System\OHWasxn.exe

C:\Windows\System\OHWasxn.exe

C:\Windows\System\TMVHCsg.exe

C:\Windows\System\TMVHCsg.exe

C:\Windows\System\nvjfxPV.exe

C:\Windows\System\nvjfxPV.exe

C:\Windows\System\HUhUTNM.exe

C:\Windows\System\HUhUTNM.exe

C:\Windows\System\clUJwmI.exe

C:\Windows\System\clUJwmI.exe

C:\Windows\System\DknVdrv.exe

C:\Windows\System\DknVdrv.exe

C:\Windows\System\GbYBfWm.exe

C:\Windows\System\GbYBfWm.exe

C:\Windows\System\oFUTVJq.exe

C:\Windows\System\oFUTVJq.exe

C:\Windows\System\bWqYCsN.exe

C:\Windows\System\bWqYCsN.exe

C:\Windows\System\tVvLdXR.exe

C:\Windows\System\tVvLdXR.exe

C:\Windows\System\NnLCAfo.exe

C:\Windows\System\NnLCAfo.exe

C:\Windows\System\Pytjbqn.exe

C:\Windows\System\Pytjbqn.exe

C:\Windows\System\kCfmcEC.exe

C:\Windows\System\kCfmcEC.exe

C:\Windows\System\tTkXrJp.exe

C:\Windows\System\tTkXrJp.exe

C:\Windows\System\aNtTzFS.exe

C:\Windows\System\aNtTzFS.exe

C:\Windows\System\gZnZoYG.exe

C:\Windows\System\gZnZoYG.exe

C:\Windows\System\McOjNKN.exe

C:\Windows\System\McOjNKN.exe

C:\Windows\System\LAVluwe.exe

C:\Windows\System\LAVluwe.exe

C:\Windows\System\ySgAJEc.exe

C:\Windows\System\ySgAJEc.exe

C:\Windows\System\ixstSgK.exe

C:\Windows\System\ixstSgK.exe

C:\Windows\System\bUuDAyO.exe

C:\Windows\System\bUuDAyO.exe

C:\Windows\System\GUSELyj.exe

C:\Windows\System\GUSELyj.exe

C:\Windows\System\EJTzsiv.exe

C:\Windows\System\EJTzsiv.exe

C:\Windows\System\WVOvvke.exe

C:\Windows\System\WVOvvke.exe

C:\Windows\System\ZmJqIAO.exe

C:\Windows\System\ZmJqIAO.exe

C:\Windows\System\ZUUfOob.exe

C:\Windows\System\ZUUfOob.exe

C:\Windows\System\jbWOQGU.exe

C:\Windows\System\jbWOQGU.exe

C:\Windows\System\HGglApE.exe

C:\Windows\System\HGglApE.exe

C:\Windows\System\XxdFnrI.exe

C:\Windows\System\XxdFnrI.exe

C:\Windows\System\BPKdOOM.exe

C:\Windows\System\BPKdOOM.exe

C:\Windows\System\rrGzohl.exe

C:\Windows\System\rrGzohl.exe

C:\Windows\System\hoLcjIy.exe

C:\Windows\System\hoLcjIy.exe

C:\Windows\System\jmqUuNp.exe

C:\Windows\System\jmqUuNp.exe

C:\Windows\System\XtqujnC.exe

C:\Windows\System\XtqujnC.exe

C:\Windows\System\tKVDBqY.exe

C:\Windows\System\tKVDBqY.exe

C:\Windows\System\jcFhpzx.exe

C:\Windows\System\jcFhpzx.exe

C:\Windows\System\YXVVkzk.exe

C:\Windows\System\YXVVkzk.exe

C:\Windows\System\YfMKNrE.exe

C:\Windows\System\YfMKNrE.exe

C:\Windows\System\AQwrJki.exe

C:\Windows\System\AQwrJki.exe

C:\Windows\System\zGCQhFV.exe

C:\Windows\System\zGCQhFV.exe

C:\Windows\System\LYbKvTG.exe

C:\Windows\System\LYbKvTG.exe

C:\Windows\System\AAgOVrL.exe

C:\Windows\System\AAgOVrL.exe

C:\Windows\System\rKATzzG.exe

C:\Windows\System\rKATzzG.exe

C:\Windows\System\LeaRpXD.exe

C:\Windows\System\LeaRpXD.exe

C:\Windows\System\zyCfWRa.exe

C:\Windows\System\zyCfWRa.exe

C:\Windows\System\toOhplS.exe

C:\Windows\System\toOhplS.exe

C:\Windows\System\JLKamSg.exe

C:\Windows\System\JLKamSg.exe

C:\Windows\System\uNQqiyo.exe

C:\Windows\System\uNQqiyo.exe

C:\Windows\System\SoSAwHO.exe

C:\Windows\System\SoSAwHO.exe

C:\Windows\System\dKfvUfM.exe

C:\Windows\System\dKfvUfM.exe

C:\Windows\System\tmQhawA.exe

C:\Windows\System\tmQhawA.exe

C:\Windows\System\OHwWokK.exe

C:\Windows\System\OHwWokK.exe

C:\Windows\System\CqTrXmN.exe

C:\Windows\System\CqTrXmN.exe

C:\Windows\System\nmdAMAs.exe

C:\Windows\System\nmdAMAs.exe

C:\Windows\System\EdAPVVX.exe

C:\Windows\System\EdAPVVX.exe

C:\Windows\System\uaejIPC.exe

C:\Windows\System\uaejIPC.exe

C:\Windows\System\PwLUKOW.exe

C:\Windows\System\PwLUKOW.exe

C:\Windows\System\AlFWSlY.exe

C:\Windows\System\AlFWSlY.exe

C:\Windows\System\RxmOrGK.exe

C:\Windows\System\RxmOrGK.exe

C:\Windows\System\qcUvqRc.exe

C:\Windows\System\qcUvqRc.exe

C:\Windows\System\XhOdOwd.exe

C:\Windows\System\XhOdOwd.exe

C:\Windows\System\fzgdatP.exe

C:\Windows\System\fzgdatP.exe

C:\Windows\System\AWqlOXU.exe

C:\Windows\System\AWqlOXU.exe

C:\Windows\System\hUwnEAe.exe

C:\Windows\System\hUwnEAe.exe

C:\Windows\System\rfbATzy.exe

C:\Windows\System\rfbATzy.exe

C:\Windows\System\ZEQJWhh.exe

C:\Windows\System\ZEQJWhh.exe

C:\Windows\System\DDyxers.exe

C:\Windows\System\DDyxers.exe

C:\Windows\System\JBPSpSY.exe

C:\Windows\System\JBPSpSY.exe

C:\Windows\System\iyYUUTK.exe

C:\Windows\System\iyYUUTK.exe

C:\Windows\System\BDQPKrY.exe

C:\Windows\System\BDQPKrY.exe

C:\Windows\System\dxSKHft.exe

C:\Windows\System\dxSKHft.exe

C:\Windows\System\JoagVJc.exe

C:\Windows\System\JoagVJc.exe

C:\Windows\System\bqbiYaC.exe

C:\Windows\System\bqbiYaC.exe

C:\Windows\System\mzQLpxC.exe

C:\Windows\System\mzQLpxC.exe

C:\Windows\System\IKoJtBM.exe

C:\Windows\System\IKoJtBM.exe

C:\Windows\System\TUuFPul.exe

C:\Windows\System\TUuFPul.exe

C:\Windows\System\ZoOgXSC.exe

C:\Windows\System\ZoOgXSC.exe

C:\Windows\System\AWmCSIa.exe

C:\Windows\System\AWmCSIa.exe

C:\Windows\System\lScJmPs.exe

C:\Windows\System\lScJmPs.exe

C:\Windows\System\dxiENJO.exe

C:\Windows\System\dxiENJO.exe

C:\Windows\System\FZSgBvP.exe

C:\Windows\System\FZSgBvP.exe

C:\Windows\System\NknSCPI.exe

C:\Windows\System\NknSCPI.exe

C:\Windows\System\CHVSeEW.exe

C:\Windows\System\CHVSeEW.exe

C:\Windows\System\LaktEPJ.exe

C:\Windows\System\LaktEPJ.exe

C:\Windows\System\NGcbPbc.exe

C:\Windows\System\NGcbPbc.exe

C:\Windows\System\WMFZrVj.exe

C:\Windows\System\WMFZrVj.exe

C:\Windows\System\JqSMKcD.exe

C:\Windows\System\JqSMKcD.exe

C:\Windows\System\vWctQpU.exe

C:\Windows\System\vWctQpU.exe

C:\Windows\System\aYKrDtE.exe

C:\Windows\System\aYKrDtE.exe

C:\Windows\System\wVKNBvG.exe

C:\Windows\System\wVKNBvG.exe

C:\Windows\System\YfKsjTe.exe

C:\Windows\System\YfKsjTe.exe

C:\Windows\System\yAMeNVN.exe

C:\Windows\System\yAMeNVN.exe

C:\Windows\System\xqkQfeM.exe

C:\Windows\System\xqkQfeM.exe

C:\Windows\System\RWVezAm.exe

C:\Windows\System\RWVezAm.exe

C:\Windows\System\SZCJtQP.exe

C:\Windows\System\SZCJtQP.exe

C:\Windows\System\YgjRLfj.exe

C:\Windows\System\YgjRLfj.exe

C:\Windows\System\ioWRYbl.exe

C:\Windows\System\ioWRYbl.exe

C:\Windows\System\zTCcayF.exe

C:\Windows\System\zTCcayF.exe

C:\Windows\System\WDjkwcQ.exe

C:\Windows\System\WDjkwcQ.exe

C:\Windows\System\VGFdUpV.exe

C:\Windows\System\VGFdUpV.exe

C:\Windows\System\LBFmGmH.exe

C:\Windows\System\LBFmGmH.exe

C:\Windows\System\pBWYDQL.exe

C:\Windows\System\pBWYDQL.exe

C:\Windows\System\RJDOXcm.exe

C:\Windows\System\RJDOXcm.exe

C:\Windows\System\qIyRJqV.exe

C:\Windows\System\qIyRJqV.exe

C:\Windows\System\bNGkOCi.exe

C:\Windows\System\bNGkOCi.exe

C:\Windows\System\QmHPdWH.exe

C:\Windows\System\QmHPdWH.exe

C:\Windows\System\NcPyTKF.exe

C:\Windows\System\NcPyTKF.exe

C:\Windows\System\FOHjMnW.exe

C:\Windows\System\FOHjMnW.exe

C:\Windows\System\bAWJRXk.exe

C:\Windows\System\bAWJRXk.exe

C:\Windows\System\BdzuWyX.exe

C:\Windows\System\BdzuWyX.exe

C:\Windows\System\fkfBNqR.exe

C:\Windows\System\fkfBNqR.exe

C:\Windows\System\tvDTlBE.exe

C:\Windows\System\tvDTlBE.exe

C:\Windows\System\pbCkuHF.exe

C:\Windows\System\pbCkuHF.exe

C:\Windows\System\kZGCwhL.exe

C:\Windows\System\kZGCwhL.exe

C:\Windows\System\JZwSpDm.exe

C:\Windows\System\JZwSpDm.exe

C:\Windows\System\PgTPnMQ.exe

C:\Windows\System\PgTPnMQ.exe

C:\Windows\System\phtsAer.exe

C:\Windows\System\phtsAer.exe

C:\Windows\System\iCxRkpu.exe

C:\Windows\System\iCxRkpu.exe

C:\Windows\System\jAcIVqY.exe

C:\Windows\System\jAcIVqY.exe

C:\Windows\System\GjeZhKS.exe

C:\Windows\System\GjeZhKS.exe

C:\Windows\System\LeeCKlf.exe

C:\Windows\System\LeeCKlf.exe

C:\Windows\System\fjRQuWi.exe

C:\Windows\System\fjRQuWi.exe

C:\Windows\System\ZkyQGYa.exe

C:\Windows\System\ZkyQGYa.exe

C:\Windows\System\blAzRMD.exe

C:\Windows\System\blAzRMD.exe

C:\Windows\System\gCyFuPw.exe

C:\Windows\System\gCyFuPw.exe

C:\Windows\System\gbOzRVB.exe

C:\Windows\System\gbOzRVB.exe

C:\Windows\System\TRMTzTK.exe

C:\Windows\System\TRMTzTK.exe

C:\Windows\System\dRriEqb.exe

C:\Windows\System\dRriEqb.exe

C:\Windows\System\gxgkgRH.exe

C:\Windows\System\gxgkgRH.exe

C:\Windows\System\GQglEIC.exe

C:\Windows\System\GQglEIC.exe

C:\Windows\System\NKvMHbL.exe

C:\Windows\System\NKvMHbL.exe

C:\Windows\System\vQtTxuE.exe

C:\Windows\System\vQtTxuE.exe

C:\Windows\System\adbvfhN.exe

C:\Windows\System\adbvfhN.exe

C:\Windows\System\AyPxHFW.exe

C:\Windows\System\AyPxHFW.exe

C:\Windows\System\IVBRYjq.exe

C:\Windows\System\IVBRYjq.exe

C:\Windows\System\TyMVQuG.exe

C:\Windows\System\TyMVQuG.exe

C:\Windows\System\CQotgCq.exe

C:\Windows\System\CQotgCq.exe

C:\Windows\System\uSVdeuh.exe

C:\Windows\System\uSVdeuh.exe

C:\Windows\System\xAQklME.exe

C:\Windows\System\xAQklME.exe

C:\Windows\System\KHvGxZV.exe

C:\Windows\System\KHvGxZV.exe

C:\Windows\System\ZFciuVe.exe

C:\Windows\System\ZFciuVe.exe

C:\Windows\System\tcHspwn.exe

C:\Windows\System\tcHspwn.exe

C:\Windows\System\fIbCrhU.exe

C:\Windows\System\fIbCrhU.exe

C:\Windows\System\govLufX.exe

C:\Windows\System\govLufX.exe

C:\Windows\System\ebOnKLE.exe

C:\Windows\System\ebOnKLE.exe

C:\Windows\System\uRDQIRw.exe

C:\Windows\System\uRDQIRw.exe

C:\Windows\System\XcFdnht.exe

C:\Windows\System\XcFdnht.exe

C:\Windows\System\wLxXzUX.exe

C:\Windows\System\wLxXzUX.exe

C:\Windows\System\lLyCWiy.exe

C:\Windows\System\lLyCWiy.exe

C:\Windows\System\szeazWv.exe

C:\Windows\System\szeazWv.exe

C:\Windows\System\GUSvqhG.exe

C:\Windows\System\GUSvqhG.exe

C:\Windows\System\GXBPoUO.exe

C:\Windows\System\GXBPoUO.exe

C:\Windows\System\mmTdgCs.exe

C:\Windows\System\mmTdgCs.exe

C:\Windows\System\UjaAGOg.exe

C:\Windows\System\UjaAGOg.exe

C:\Windows\System\jdDamqA.exe

C:\Windows\System\jdDamqA.exe

C:\Windows\System\RDtcLbV.exe

C:\Windows\System\RDtcLbV.exe

C:\Windows\System\FqdHvDY.exe

C:\Windows\System\FqdHvDY.exe

C:\Windows\System\HIiWTPF.exe

C:\Windows\System\HIiWTPF.exe

C:\Windows\System\McpdPdc.exe

C:\Windows\System\McpdPdc.exe

C:\Windows\System\lndGZUF.exe

C:\Windows\System\lndGZUF.exe

C:\Windows\System\odIdvsM.exe

C:\Windows\System\odIdvsM.exe

C:\Windows\System\KHvLvJf.exe

C:\Windows\System\KHvLvJf.exe

C:\Windows\System\EbsxbXn.exe

C:\Windows\System\EbsxbXn.exe

C:\Windows\System\zFKyVbg.exe

C:\Windows\System\zFKyVbg.exe

C:\Windows\System\cafgjDq.exe

C:\Windows\System\cafgjDq.exe

C:\Windows\System\bfzGjSo.exe

C:\Windows\System\bfzGjSo.exe

C:\Windows\System\xLWULkc.exe

C:\Windows\System\xLWULkc.exe

C:\Windows\System\flsaIMd.exe

C:\Windows\System\flsaIMd.exe

C:\Windows\System\GnSUeJN.exe

C:\Windows\System\GnSUeJN.exe

C:\Windows\System\BaOpLpS.exe

C:\Windows\System\BaOpLpS.exe

C:\Windows\System\MNIZLCX.exe

C:\Windows\System\MNIZLCX.exe

C:\Windows\System\eAZutSf.exe

C:\Windows\System\eAZutSf.exe

C:\Windows\System\eBRnLDP.exe

C:\Windows\System\eBRnLDP.exe

C:\Windows\System\vcLyvxl.exe

C:\Windows\System\vcLyvxl.exe

C:\Windows\System\cyJGfps.exe

C:\Windows\System\cyJGfps.exe

C:\Windows\System\VPwwwyl.exe

C:\Windows\System\VPwwwyl.exe

C:\Windows\System\bTTuqjg.exe

C:\Windows\System\bTTuqjg.exe

C:\Windows\System\TBKQEXg.exe

C:\Windows\System\TBKQEXg.exe

C:\Windows\System\zDULQyN.exe

C:\Windows\System\zDULQyN.exe

C:\Windows\System\sbCOUfZ.exe

C:\Windows\System\sbCOUfZ.exe

C:\Windows\System\dMuKtnJ.exe

C:\Windows\System\dMuKtnJ.exe

C:\Windows\System\jYPigmM.exe

C:\Windows\System\jYPigmM.exe

C:\Windows\System\yxUWErI.exe

C:\Windows\System\yxUWErI.exe

C:\Windows\System\jDkneJH.exe

C:\Windows\System\jDkneJH.exe

C:\Windows\System\LhuKgvz.exe

C:\Windows\System\LhuKgvz.exe

C:\Windows\System\mSDgnfI.exe

C:\Windows\System\mSDgnfI.exe

C:\Windows\System\TaFqtWD.exe

C:\Windows\System\TaFqtWD.exe

C:\Windows\System\UzlZaxU.exe

C:\Windows\System\UzlZaxU.exe

C:\Windows\System\zBlApIq.exe

C:\Windows\System\zBlApIq.exe

C:\Windows\System\fLOebaA.exe

C:\Windows\System\fLOebaA.exe

C:\Windows\System\aQiYuyy.exe

C:\Windows\System\aQiYuyy.exe

C:\Windows\System\DpRJxtW.exe

C:\Windows\System\DpRJxtW.exe

C:\Windows\System\IfmOyFX.exe

C:\Windows\System\IfmOyFX.exe

C:\Windows\System\bqFgDfx.exe

C:\Windows\System\bqFgDfx.exe

C:\Windows\System\gbILghY.exe

C:\Windows\System\gbILghY.exe

C:\Windows\System\YoQmXJF.exe

C:\Windows\System\YoQmXJF.exe

C:\Windows\System\wgwHtMl.exe

C:\Windows\System\wgwHtMl.exe

C:\Windows\System\NTeHYMp.exe

C:\Windows\System\NTeHYMp.exe

C:\Windows\System\CFluCnW.exe

C:\Windows\System\CFluCnW.exe

C:\Windows\System\jrnqQhI.exe

C:\Windows\System\jrnqQhI.exe

C:\Windows\System\FaeOpKo.exe

C:\Windows\System\FaeOpKo.exe

C:\Windows\System\jaSlZyP.exe

C:\Windows\System\jaSlZyP.exe

C:\Windows\System\TxTrtgR.exe

C:\Windows\System\TxTrtgR.exe

C:\Windows\System\JApEAgU.exe

C:\Windows\System\JApEAgU.exe

C:\Windows\System\CGdghpL.exe

C:\Windows\System\CGdghpL.exe

C:\Windows\System\nZeDcuJ.exe

C:\Windows\System\nZeDcuJ.exe

C:\Windows\System\ATgklOT.exe

C:\Windows\System\ATgklOT.exe

C:\Windows\System\NWEaHWg.exe

C:\Windows\System\NWEaHWg.exe

C:\Windows\System\iRLgAng.exe

C:\Windows\System\iRLgAng.exe

C:\Windows\System\THDtIrf.exe

C:\Windows\System\THDtIrf.exe

C:\Windows\System\Zvwsojw.exe

C:\Windows\System\Zvwsojw.exe

C:\Windows\System\gCGAxJo.exe

C:\Windows\System\gCGAxJo.exe

C:\Windows\System\mkqONRx.exe

C:\Windows\System\mkqONRx.exe

C:\Windows\System\XpabfIP.exe

C:\Windows\System\XpabfIP.exe

C:\Windows\System\SPTAPVj.exe

C:\Windows\System\SPTAPVj.exe

C:\Windows\System\KOMVdQU.exe

C:\Windows\System\KOMVdQU.exe

C:\Windows\System\yuKaHNk.exe

C:\Windows\System\yuKaHNk.exe

C:\Windows\System\PHZtsAN.exe

C:\Windows\System\PHZtsAN.exe

C:\Windows\System\kHIMpdf.exe

C:\Windows\System\kHIMpdf.exe

C:\Windows\System\UAuFDgQ.exe

C:\Windows\System\UAuFDgQ.exe

C:\Windows\System\aNlnecd.exe

C:\Windows\System\aNlnecd.exe

C:\Windows\System\foSfQeU.exe

C:\Windows\System\foSfQeU.exe

C:\Windows\System\rBWvamP.exe

C:\Windows\System\rBWvamP.exe

C:\Windows\System\XtGwkFY.exe

C:\Windows\System\XtGwkFY.exe

C:\Windows\System\PSaiEsx.exe

C:\Windows\System\PSaiEsx.exe

C:\Windows\System\IrwslHT.exe

C:\Windows\System\IrwslHT.exe

C:\Windows\System\wqjytMA.exe

C:\Windows\System\wqjytMA.exe

C:\Windows\System\UtIGcfd.exe

C:\Windows\System\UtIGcfd.exe

C:\Windows\System\yfjpPZm.exe

C:\Windows\System\yfjpPZm.exe

C:\Windows\System\zkLMMdN.exe

C:\Windows\System\zkLMMdN.exe

C:\Windows\System\VHmgVfN.exe

C:\Windows\System\VHmgVfN.exe

C:\Windows\System\qmRDbPS.exe

C:\Windows\System\qmRDbPS.exe

C:\Windows\System\ZiCXcyf.exe

C:\Windows\System\ZiCXcyf.exe

C:\Windows\System\IDKOHvY.exe

C:\Windows\System\IDKOHvY.exe

C:\Windows\System\FSVhPeT.exe

C:\Windows\System\FSVhPeT.exe

C:\Windows\System\GPsLDgb.exe

C:\Windows\System\GPsLDgb.exe

C:\Windows\System\lRjFesK.exe

C:\Windows\System\lRjFesK.exe

C:\Windows\System\yruDDpT.exe

C:\Windows\System\yruDDpT.exe

C:\Windows\System\SOUSeEv.exe

C:\Windows\System\SOUSeEv.exe

C:\Windows\System\mnoiibv.exe

C:\Windows\System\mnoiibv.exe

C:\Windows\System\xtciMio.exe

C:\Windows\System\xtciMio.exe

C:\Windows\System\JdigvsA.exe

C:\Windows\System\JdigvsA.exe

C:\Windows\System\uICcOjt.exe

C:\Windows\System\uICcOjt.exe

C:\Windows\System\wqKkuSd.exe

C:\Windows\System\wqKkuSd.exe

C:\Windows\System\bCJfNZJ.exe

C:\Windows\System\bCJfNZJ.exe

C:\Windows\System\hegHXIc.exe

C:\Windows\System\hegHXIc.exe

C:\Windows\System\gCRHser.exe

C:\Windows\System\gCRHser.exe

C:\Windows\System\Getlyyk.exe

C:\Windows\System\Getlyyk.exe

C:\Windows\System\DZeYIYe.exe

C:\Windows\System\DZeYIYe.exe

C:\Windows\System\RGxbiSg.exe

C:\Windows\System\RGxbiSg.exe

C:\Windows\System\CszEzCh.exe

C:\Windows\System\CszEzCh.exe

C:\Windows\System\xCjNhaA.exe

C:\Windows\System\xCjNhaA.exe

C:\Windows\System\LAuTUaa.exe

C:\Windows\System\LAuTUaa.exe

C:\Windows\System\chNpBUv.exe

C:\Windows\System\chNpBUv.exe

C:\Windows\System\gpRLrkY.exe

C:\Windows\System\gpRLrkY.exe

C:\Windows\System\WxhdpRs.exe

C:\Windows\System\WxhdpRs.exe

C:\Windows\System\cfIXmFZ.exe

C:\Windows\System\cfIXmFZ.exe

C:\Windows\System\HZSckAu.exe

C:\Windows\System\HZSckAu.exe

C:\Windows\System\VQWmEoM.exe

C:\Windows\System\VQWmEoM.exe

C:\Windows\System\StUvbzi.exe

C:\Windows\System\StUvbzi.exe

C:\Windows\System\zOIbwxZ.exe

C:\Windows\System\zOIbwxZ.exe

C:\Windows\System\IoKNMPI.exe

C:\Windows\System\IoKNMPI.exe

C:\Windows\System\krttfFc.exe

C:\Windows\System\krttfFc.exe

C:\Windows\System\VTOHbRH.exe

C:\Windows\System\VTOHbRH.exe

C:\Windows\System\ImxKwBt.exe

C:\Windows\System\ImxKwBt.exe

C:\Windows\System\uksHhCc.exe

C:\Windows\System\uksHhCc.exe

C:\Windows\System\LpNusVH.exe

C:\Windows\System\LpNusVH.exe

C:\Windows\System\bxQdBSe.exe

C:\Windows\System\bxQdBSe.exe

C:\Windows\System\kRAvHSN.exe

C:\Windows\System\kRAvHSN.exe

C:\Windows\System\ARsiBMQ.exe

C:\Windows\System\ARsiBMQ.exe

C:\Windows\System\dvZIROc.exe

C:\Windows\System\dvZIROc.exe

C:\Windows\System\AjXiDqO.exe

C:\Windows\System\AjXiDqO.exe

C:\Windows\System\OhBTRpm.exe

C:\Windows\System\OhBTRpm.exe

C:\Windows\System\XfbYRvM.exe

C:\Windows\System\XfbYRvM.exe

C:\Windows\System\WGynEGA.exe

C:\Windows\System\WGynEGA.exe

C:\Windows\System\QbICvRD.exe

C:\Windows\System\QbICvRD.exe

C:\Windows\System\IIASXSE.exe

C:\Windows\System\IIASXSE.exe

C:\Windows\System\oPQsiLB.exe

C:\Windows\System\oPQsiLB.exe

C:\Windows\System\SbEMWMn.exe

C:\Windows\System\SbEMWMn.exe

C:\Windows\System\MxSfMlg.exe

C:\Windows\System\MxSfMlg.exe

C:\Windows\System\OnMdjAZ.exe

C:\Windows\System\OnMdjAZ.exe

C:\Windows\System\tEelwFQ.exe

C:\Windows\System\tEelwFQ.exe

C:\Windows\System\WsLqvKH.exe

C:\Windows\System\WsLqvKH.exe

C:\Windows\System\WNEwowF.exe

C:\Windows\System\WNEwowF.exe

C:\Windows\System\aDAiBLH.exe

C:\Windows\System\aDAiBLH.exe

C:\Windows\System\NoJcoTn.exe

C:\Windows\System\NoJcoTn.exe

C:\Windows\System\RqrLgeN.exe

C:\Windows\System\RqrLgeN.exe

C:\Windows\System\PVCJqrP.exe

C:\Windows\System\PVCJqrP.exe

C:\Windows\System\YkEuXbt.exe

C:\Windows\System\YkEuXbt.exe

C:\Windows\System\XFpUlBO.exe

C:\Windows\System\XFpUlBO.exe

C:\Windows\System\WtxrDlx.exe

C:\Windows\System\WtxrDlx.exe

C:\Windows\System\VzGcwvo.exe

C:\Windows\System\VzGcwvo.exe

C:\Windows\System\uGiDncz.exe

C:\Windows\System\uGiDncz.exe

C:\Windows\System\IsROYiq.exe

C:\Windows\System\IsROYiq.exe

C:\Windows\System\NHaqspx.exe

C:\Windows\System\NHaqspx.exe

C:\Windows\System\yFhwCPU.exe

C:\Windows\System\yFhwCPU.exe

C:\Windows\System\TOLzYKA.exe

C:\Windows\System\TOLzYKA.exe

C:\Windows\System\gdOhskU.exe

C:\Windows\System\gdOhskU.exe

C:\Windows\System\YRDAKMP.exe

C:\Windows\System\YRDAKMP.exe

C:\Windows\System\DGeTiJq.exe

C:\Windows\System\DGeTiJq.exe

C:\Windows\System\fUXsQFW.exe

C:\Windows\System\fUXsQFW.exe

C:\Windows\System\bgXcvPW.exe

C:\Windows\System\bgXcvPW.exe

C:\Windows\System\nnXwCJr.exe

C:\Windows\System\nnXwCJr.exe

C:\Windows\System\JJCXIiJ.exe

C:\Windows\System\JJCXIiJ.exe

C:\Windows\System\TDSMfIY.exe

C:\Windows\System\TDSMfIY.exe

C:\Windows\System\gHDKTYW.exe

C:\Windows\System\gHDKTYW.exe

C:\Windows\System\DAPdMtJ.exe

C:\Windows\System\DAPdMtJ.exe

C:\Windows\System\snWrKnw.exe

C:\Windows\System\snWrKnw.exe

C:\Windows\System\SkDhhos.exe

C:\Windows\System\SkDhhos.exe

C:\Windows\System\BvAcqAH.exe

C:\Windows\System\BvAcqAH.exe

C:\Windows\System\BxjZxdI.exe

C:\Windows\System\BxjZxdI.exe

C:\Windows\System\jIQjRjB.exe

C:\Windows\System\jIQjRjB.exe

C:\Windows\System\mfIwdcT.exe

C:\Windows\System\mfIwdcT.exe

C:\Windows\System\DvvYbxn.exe

C:\Windows\System\DvvYbxn.exe

C:\Windows\System\HYnbhkP.exe

C:\Windows\System\HYnbhkP.exe

C:\Windows\System\lqxPtSC.exe

C:\Windows\System\lqxPtSC.exe

C:\Windows\System\VqOTfFG.exe

C:\Windows\System\VqOTfFG.exe

C:\Windows\System\GXfQXEb.exe

C:\Windows\System\GXfQXEb.exe

C:\Windows\System\iLYBNim.exe

C:\Windows\System\iLYBNim.exe

C:\Windows\System\eDwwBmg.exe

C:\Windows\System\eDwwBmg.exe

C:\Windows\System\AQXiAUf.exe

C:\Windows\System\AQXiAUf.exe

C:\Windows\System\vGArDRv.exe

C:\Windows\System\vGArDRv.exe

C:\Windows\System\HIsFksG.exe

C:\Windows\System\HIsFksG.exe

C:\Windows\System\OzxCMYd.exe

C:\Windows\System\OzxCMYd.exe

C:\Windows\System\MjfKOaG.exe

C:\Windows\System\MjfKOaG.exe

C:\Windows\System\YveTEsU.exe

C:\Windows\System\YveTEsU.exe

C:\Windows\System\tqaehjN.exe

C:\Windows\System\tqaehjN.exe

C:\Windows\System\omDBByr.exe

C:\Windows\System\omDBByr.exe

C:\Windows\System\uCcDkrB.exe

C:\Windows\System\uCcDkrB.exe

C:\Windows\System\dyXvzcn.exe

C:\Windows\System\dyXvzcn.exe

C:\Windows\System\AIpqnrV.exe

C:\Windows\System\AIpqnrV.exe

C:\Windows\System\FPXnHqG.exe

C:\Windows\System\FPXnHqG.exe

C:\Windows\System\twJtQVD.exe

C:\Windows\System\twJtQVD.exe

C:\Windows\System\lRoVDAn.exe

C:\Windows\System\lRoVDAn.exe

C:\Windows\System\CRSnKho.exe

C:\Windows\System\CRSnKho.exe

C:\Windows\System\MzgxXHZ.exe

C:\Windows\System\MzgxXHZ.exe

C:\Windows\System\xnjILfH.exe

C:\Windows\System\xnjILfH.exe

C:\Windows\System\bbEOIXE.exe

C:\Windows\System\bbEOIXE.exe

C:\Windows\System\XUKLcmN.exe

C:\Windows\System\XUKLcmN.exe

C:\Windows\System\gMTjUQQ.exe

C:\Windows\System\gMTjUQQ.exe

C:\Windows\System\sShqBgY.exe

C:\Windows\System\sShqBgY.exe

C:\Windows\System\XLVRxrr.exe

C:\Windows\System\XLVRxrr.exe

C:\Windows\System\JQGGeeW.exe

C:\Windows\System\JQGGeeW.exe

C:\Windows\System\HXzxIXc.exe

C:\Windows\System\HXzxIXc.exe

C:\Windows\System\FlcPdxu.exe

C:\Windows\System\FlcPdxu.exe

C:\Windows\System\IKyXRhW.exe

C:\Windows\System\IKyXRhW.exe

C:\Windows\System\uMoxBLA.exe

C:\Windows\System\uMoxBLA.exe

C:\Windows\System\kweuHoJ.exe

C:\Windows\System\kweuHoJ.exe

C:\Windows\System\asZGHGm.exe

C:\Windows\System\asZGHGm.exe

C:\Windows\System\ocKRPlo.exe

C:\Windows\System\ocKRPlo.exe

C:\Windows\System\HpppGhK.exe

C:\Windows\System\HpppGhK.exe

C:\Windows\System\UWYfnLn.exe

C:\Windows\System\UWYfnLn.exe

C:\Windows\System\GjAXjyP.exe

C:\Windows\System\GjAXjyP.exe

C:\Windows\System\hEMSOJA.exe

C:\Windows\System\hEMSOJA.exe

C:\Windows\System\FmuNxgL.exe

C:\Windows\System\FmuNxgL.exe

C:\Windows\System\ORpJKeL.exe

C:\Windows\System\ORpJKeL.exe

C:\Windows\System\UlsxrMc.exe

C:\Windows\System\UlsxrMc.exe

C:\Windows\System\TESwQrk.exe

C:\Windows\System\TESwQrk.exe

C:\Windows\System\ZwLPFuT.exe

C:\Windows\System\ZwLPFuT.exe

C:\Windows\System\QwPKUVu.exe

C:\Windows\System\QwPKUVu.exe

C:\Windows\System\FnVOdmr.exe

C:\Windows\System\FnVOdmr.exe

C:\Windows\System\PUbzzoO.exe

C:\Windows\System\PUbzzoO.exe

C:\Windows\System\UodIRvz.exe

C:\Windows\System\UodIRvz.exe

C:\Windows\System\efqVAWI.exe

C:\Windows\System\efqVAWI.exe

C:\Windows\System\KeWrlsf.exe

C:\Windows\System\KeWrlsf.exe

C:\Windows\System\mhrJqhi.exe

C:\Windows\System\mhrJqhi.exe

C:\Windows\System\TRfDxWf.exe

C:\Windows\System\TRfDxWf.exe

C:\Windows\System\enbRuys.exe

C:\Windows\System\enbRuys.exe

C:\Windows\System\sXcsIJK.exe

C:\Windows\System\sXcsIJK.exe

C:\Windows\System\FWwelnI.exe

C:\Windows\System\FWwelnI.exe

C:\Windows\System\KIGfCMe.exe

C:\Windows\System\KIGfCMe.exe

C:\Windows\System\EZntHfJ.exe

C:\Windows\System\EZntHfJ.exe

C:\Windows\System\fEYTpZp.exe

C:\Windows\System\fEYTpZp.exe

C:\Windows\System\iXHplZU.exe

C:\Windows\System\iXHplZU.exe

C:\Windows\System\iJhahXM.exe

C:\Windows\System\iJhahXM.exe

C:\Windows\System\hmumQCD.exe

C:\Windows\System\hmumQCD.exe

C:\Windows\System\tqdOUUC.exe

C:\Windows\System\tqdOUUC.exe

C:\Windows\System\dKLuJOw.exe

C:\Windows\System\dKLuJOw.exe

C:\Windows\System\SsKNLCe.exe

C:\Windows\System\SsKNLCe.exe

C:\Windows\System\AHYPPZQ.exe

C:\Windows\System\AHYPPZQ.exe

C:\Windows\System\xnFrquf.exe

C:\Windows\System\xnFrquf.exe

C:\Windows\System\uHYTkcU.exe

C:\Windows\System\uHYTkcU.exe

C:\Windows\System\XiEogGe.exe

C:\Windows\System\XiEogGe.exe

C:\Windows\System\hBSUdog.exe

C:\Windows\System\hBSUdog.exe

C:\Windows\System\zamanhm.exe

C:\Windows\System\zamanhm.exe

C:\Windows\System\PTjMHlR.exe

C:\Windows\System\PTjMHlR.exe

C:\Windows\System\rPolXRc.exe

C:\Windows\System\rPolXRc.exe

C:\Windows\System\jWSPPUi.exe

C:\Windows\System\jWSPPUi.exe

C:\Windows\System\eXMmnJo.exe

C:\Windows\System\eXMmnJo.exe

C:\Windows\System\eCQxveE.exe

C:\Windows\System\eCQxveE.exe

C:\Windows\System\HSHBAPk.exe

C:\Windows\System\HSHBAPk.exe

C:\Windows\System\UQvWPsn.exe

C:\Windows\System\UQvWPsn.exe

C:\Windows\System\YcEPKQs.exe

C:\Windows\System\YcEPKQs.exe

C:\Windows\System\UKqNbqp.exe

C:\Windows\System\UKqNbqp.exe

C:\Windows\System\IKDVmjU.exe

C:\Windows\System\IKDVmjU.exe

C:\Windows\System\LXDEcic.exe

C:\Windows\System\LXDEcic.exe

C:\Windows\System\nmBsSci.exe

C:\Windows\System\nmBsSci.exe

C:\Windows\System\xXbEcRX.exe

C:\Windows\System\xXbEcRX.exe

C:\Windows\System\ivBotXn.exe

C:\Windows\System\ivBotXn.exe

C:\Windows\System\dqNheOQ.exe

C:\Windows\System\dqNheOQ.exe

C:\Windows\System\oxBDKvK.exe

C:\Windows\System\oxBDKvK.exe

C:\Windows\System\nBCBZJK.exe

C:\Windows\System\nBCBZJK.exe

C:\Windows\System\fFguDAi.exe

C:\Windows\System\fFguDAi.exe

C:\Windows\System\XmOyyyp.exe

C:\Windows\System\XmOyyyp.exe

C:\Windows\System\ScZWKLN.exe

C:\Windows\System\ScZWKLN.exe

C:\Windows\System\rrFbPNl.exe

C:\Windows\System\rrFbPNl.exe

C:\Windows\System\wahKIEf.exe

C:\Windows\System\wahKIEf.exe

C:\Windows\System\wYmcbDM.exe

C:\Windows\System\wYmcbDM.exe

C:\Windows\System\cUMCdKp.exe

C:\Windows\System\cUMCdKp.exe

C:\Windows\System\RVgqYFL.exe

C:\Windows\System\RVgqYFL.exe

C:\Windows\System\njdMXCt.exe

C:\Windows\System\njdMXCt.exe

C:\Windows\System\WQZhwvn.exe

C:\Windows\System\WQZhwvn.exe

C:\Windows\System\lJBGKTh.exe

C:\Windows\System\lJBGKTh.exe

C:\Windows\System\tOxCWlF.exe

C:\Windows\System\tOxCWlF.exe

C:\Windows\System\EcXpnbN.exe

C:\Windows\System\EcXpnbN.exe

C:\Windows\System\zVBwJcH.exe

C:\Windows\System\zVBwJcH.exe

C:\Windows\System\DwrbVDU.exe

C:\Windows\System\DwrbVDU.exe

C:\Windows\System\WXWltcw.exe

C:\Windows\System\WXWltcw.exe

C:\Windows\System\CvhWCgZ.exe

C:\Windows\System\CvhWCgZ.exe

C:\Windows\System\ShELGzs.exe

C:\Windows\System\ShELGzs.exe

C:\Windows\System\bGFjztS.exe

C:\Windows\System\bGFjztS.exe

C:\Windows\System\IqRPbWn.exe

C:\Windows\System\IqRPbWn.exe

C:\Windows\System\sHBlfGc.exe

C:\Windows\System\sHBlfGc.exe

C:\Windows\System\QaQHyvU.exe

C:\Windows\System\QaQHyvU.exe

C:\Windows\System\PyXbQEE.exe

C:\Windows\System\PyXbQEE.exe

C:\Windows\System\uQRqvzv.exe

C:\Windows\System\uQRqvzv.exe

C:\Windows\System\yuALvbA.exe

C:\Windows\System\yuALvbA.exe

C:\Windows\System\GdqVbZE.exe

C:\Windows\System\GdqVbZE.exe

C:\Windows\System\rHIFOJE.exe

C:\Windows\System\rHIFOJE.exe

C:\Windows\System\WtJyRwm.exe

C:\Windows\System\WtJyRwm.exe

C:\Windows\System\vIAlsKI.exe

C:\Windows\System\vIAlsKI.exe

C:\Windows\System\RwGnbDE.exe

C:\Windows\System\RwGnbDE.exe

C:\Windows\System\tkDqCNT.exe

C:\Windows\System\tkDqCNT.exe

C:\Windows\System\bDipUVL.exe

C:\Windows\System\bDipUVL.exe

C:\Windows\System\CyAkPHI.exe

C:\Windows\System\CyAkPHI.exe

C:\Windows\System\zgMxeTQ.exe

C:\Windows\System\zgMxeTQ.exe

C:\Windows\System\yfLdQKW.exe

C:\Windows\System\yfLdQKW.exe

C:\Windows\System\dqonPHo.exe

C:\Windows\System\dqonPHo.exe

C:\Windows\System\rKQNBAT.exe

C:\Windows\System\rKQNBAT.exe

C:\Windows\System\tmXsDeC.exe

C:\Windows\System\tmXsDeC.exe

C:\Windows\System\shsSouJ.exe

C:\Windows\System\shsSouJ.exe

C:\Windows\System\LhfLxbU.exe

C:\Windows\System\LhfLxbU.exe

C:\Windows\System\mGMUYZR.exe

C:\Windows\System\mGMUYZR.exe

C:\Windows\System\IibyiEr.exe

C:\Windows\System\IibyiEr.exe

C:\Windows\System\CHqiYTg.exe

C:\Windows\System\CHqiYTg.exe

C:\Windows\System\MHDWxOF.exe

C:\Windows\System\MHDWxOF.exe

C:\Windows\System\kXJluKo.exe

C:\Windows\System\kXJluKo.exe

C:\Windows\System\USqEczd.exe

C:\Windows\System\USqEczd.exe

C:\Windows\System\uRXFwGx.exe

C:\Windows\System\uRXFwGx.exe

C:\Windows\System\mRarlkv.exe

C:\Windows\System\mRarlkv.exe

C:\Windows\System\RCTAWrr.exe

C:\Windows\System\RCTAWrr.exe

C:\Windows\System\DGDbHYf.exe

C:\Windows\System\DGDbHYf.exe

C:\Windows\System\HaXDxRq.exe

C:\Windows\System\HaXDxRq.exe

C:\Windows\System\ycxsKhZ.exe

C:\Windows\System\ycxsKhZ.exe

C:\Windows\System\zTFuann.exe

C:\Windows\System\zTFuann.exe

C:\Windows\System\nytAhHg.exe

C:\Windows\System\nytAhHg.exe

C:\Windows\System\WLxFqcF.exe

C:\Windows\System\WLxFqcF.exe

C:\Windows\System\LLbJAam.exe

C:\Windows\System\LLbJAam.exe

C:\Windows\System\wTAZgAQ.exe

C:\Windows\System\wTAZgAQ.exe

C:\Windows\System\QHEXFdq.exe

C:\Windows\System\QHEXFdq.exe

C:\Windows\System\eqszrdF.exe

C:\Windows\System\eqszrdF.exe

C:\Windows\System\qBpLZrr.exe

C:\Windows\System\qBpLZrr.exe

C:\Windows\System\qLYDaFw.exe

C:\Windows\System\qLYDaFw.exe

C:\Windows\System\dJsBtdY.exe

C:\Windows\System\dJsBtdY.exe

C:\Windows\System\rgZtwDg.exe

C:\Windows\System\rgZtwDg.exe

C:\Windows\System\Sscqvfj.exe

C:\Windows\System\Sscqvfj.exe

C:\Windows\System\cRmFWKI.exe

C:\Windows\System\cRmFWKI.exe

C:\Windows\System\mSyrKfM.exe

C:\Windows\System\mSyrKfM.exe

C:\Windows\System\KNgKkHS.exe

C:\Windows\System\KNgKkHS.exe

C:\Windows\System\NpPsBPJ.exe

C:\Windows\System\NpPsBPJ.exe

C:\Windows\System\fuIkYIP.exe

C:\Windows\System\fuIkYIP.exe

C:\Windows\System\zcsyOLx.exe

C:\Windows\System\zcsyOLx.exe

C:\Windows\System\eoRHaKq.exe

C:\Windows\System\eoRHaKq.exe

C:\Windows\System\HBWMJXq.exe

C:\Windows\System\HBWMJXq.exe

C:\Windows\System\qdsScuu.exe

C:\Windows\System\qdsScuu.exe

C:\Windows\System\zZBmiZs.exe

C:\Windows\System\zZBmiZs.exe

C:\Windows\System\ElbZYhE.exe

C:\Windows\System\ElbZYhE.exe

C:\Windows\System\nrMjlRi.exe

C:\Windows\System\nrMjlRi.exe

C:\Windows\System\BpmEpoX.exe

C:\Windows\System\BpmEpoX.exe

C:\Windows\System\ALROmeE.exe

C:\Windows\System\ALROmeE.exe

C:\Windows\System\LyENtcs.exe

C:\Windows\System\LyENtcs.exe

C:\Windows\System\zIabeHf.exe

C:\Windows\System\zIabeHf.exe

C:\Windows\System\lHvwXwQ.exe

C:\Windows\System\lHvwXwQ.exe

C:\Windows\System\SagXDIT.exe

C:\Windows\System\SagXDIT.exe

C:\Windows\System\UfstaTE.exe

C:\Windows\System\UfstaTE.exe

C:\Windows\System\bcPpWdu.exe

C:\Windows\System\bcPpWdu.exe

C:\Windows\System\qPHFrZA.exe

C:\Windows\System\qPHFrZA.exe

C:\Windows\System\hnstUro.exe

C:\Windows\System\hnstUro.exe

C:\Windows\System\gJWOhKB.exe

C:\Windows\System\gJWOhKB.exe

C:\Windows\System\AinzpVP.exe

C:\Windows\System\AinzpVP.exe

C:\Windows\System\aDfXFsC.exe

C:\Windows\System\aDfXFsC.exe

C:\Windows\System\JpHfPgD.exe

C:\Windows\System\JpHfPgD.exe

C:\Windows\System\hEwYPOi.exe

C:\Windows\System\hEwYPOi.exe

C:\Windows\System\ghHfIJW.exe

C:\Windows\System\ghHfIJW.exe

C:\Windows\System\vkZhCpx.exe

C:\Windows\System\vkZhCpx.exe

C:\Windows\System\tAVcYFw.exe

C:\Windows\System\tAVcYFw.exe

C:\Windows\System\CuLPSJi.exe

C:\Windows\System\CuLPSJi.exe

C:\Windows\System\YgRFBLW.exe

C:\Windows\System\YgRFBLW.exe

C:\Windows\System\wMVeYJu.exe

C:\Windows\System\wMVeYJu.exe

C:\Windows\System\iIzfyav.exe

C:\Windows\System\iIzfyav.exe

C:\Windows\System\qGEnLtP.exe

C:\Windows\System\qGEnLtP.exe

C:\Windows\System\GgPglyC.exe

C:\Windows\System\GgPglyC.exe

C:\Windows\System\oMsyAQM.exe

C:\Windows\System\oMsyAQM.exe

C:\Windows\System\PyOryzC.exe

C:\Windows\System\PyOryzC.exe

C:\Windows\System\WmzROLO.exe

C:\Windows\System\WmzROLO.exe

C:\Windows\System\IKHqjbq.exe

C:\Windows\System\IKHqjbq.exe

C:\Windows\System\MgMntGt.exe

C:\Windows\System\MgMntGt.exe

C:\Windows\System\vlLizZK.exe

C:\Windows\System\vlLizZK.exe

C:\Windows\System\hKqSZGq.exe

C:\Windows\System\hKqSZGq.exe

C:\Windows\System\jedRiRn.exe

C:\Windows\System\jedRiRn.exe

C:\Windows\System\tYSZddp.exe

C:\Windows\System\tYSZddp.exe

C:\Windows\System\WlNYKfW.exe

C:\Windows\System\WlNYKfW.exe

C:\Windows\System\sJLiKvK.exe

C:\Windows\System\sJLiKvK.exe

C:\Windows\System\VxisYCr.exe

C:\Windows\System\VxisYCr.exe

C:\Windows\System\BPoENbC.exe

C:\Windows\System\BPoENbC.exe

C:\Windows\System\XEWkxOq.exe

C:\Windows\System\XEWkxOq.exe

C:\Windows\System\gNqPtGd.exe

C:\Windows\System\gNqPtGd.exe

C:\Windows\System\TdYGVqD.exe

C:\Windows\System\TdYGVqD.exe

C:\Windows\System\QusudmX.exe

C:\Windows\System\QusudmX.exe

C:\Windows\System\DCSOGrO.exe

C:\Windows\System\DCSOGrO.exe

C:\Windows\System\nfqZAPE.exe

C:\Windows\System\nfqZAPE.exe

C:\Windows\System\NhfcPOp.exe

C:\Windows\System\NhfcPOp.exe

C:\Windows\System\jAIlaNA.exe

C:\Windows\System\jAIlaNA.exe

C:\Windows\System\JJhwFIK.exe

C:\Windows\System\JJhwFIK.exe

C:\Windows\System\HyWKnPN.exe

C:\Windows\System\HyWKnPN.exe

C:\Windows\System\sZeTams.exe

C:\Windows\System\sZeTams.exe

C:\Windows\System\aLvQkZo.exe

C:\Windows\System\aLvQkZo.exe

C:\Windows\System\ubFBUWw.exe

C:\Windows\System\ubFBUWw.exe

C:\Windows\System\lldMCep.exe

C:\Windows\System\lldMCep.exe

C:\Windows\System\RjvabUH.exe

C:\Windows\System\RjvabUH.exe

C:\Windows\System\LIWNRyi.exe

C:\Windows\System\LIWNRyi.exe

C:\Windows\System\ZPuCPXx.exe

C:\Windows\System\ZPuCPXx.exe

C:\Windows\System\fZJykEo.exe

C:\Windows\System\fZJykEo.exe

C:\Windows\System\oHASzPl.exe

C:\Windows\System\oHASzPl.exe

C:\Windows\System\RGoshQB.exe

C:\Windows\System\RGoshQB.exe

C:\Windows\System\MEBhUZL.exe

C:\Windows\System\MEBhUZL.exe

C:\Windows\System\IOinRxH.exe

C:\Windows\System\IOinRxH.exe

C:\Windows\System\YuBMbxM.exe

C:\Windows\System\YuBMbxM.exe

C:\Windows\System\bHFRVPV.exe

C:\Windows\System\bHFRVPV.exe

C:\Windows\System\cXBmKFI.exe

C:\Windows\System\cXBmKFI.exe

C:\Windows\System\qndhJwM.exe

C:\Windows\System\qndhJwM.exe

C:\Windows\System\jcNxTWQ.exe

C:\Windows\System\jcNxTWQ.exe

C:\Windows\System\truYlkU.exe

C:\Windows\System\truYlkU.exe

C:\Windows\System\WVnEiZi.exe

C:\Windows\System\WVnEiZi.exe

C:\Windows\System\IIZxCDq.exe

C:\Windows\System\IIZxCDq.exe

C:\Windows\System\cTyjsZM.exe

C:\Windows\System\cTyjsZM.exe

C:\Windows\System\FCQRAqA.exe

C:\Windows\System\FCQRAqA.exe

C:\Windows\System\lQxqmIu.exe

C:\Windows\System\lQxqmIu.exe

C:\Windows\System\nTSLsrL.exe

C:\Windows\System\nTSLsrL.exe

C:\Windows\System\GYcQYCq.exe

C:\Windows\System\GYcQYCq.exe

C:\Windows\System\okaItUS.exe

C:\Windows\System\okaItUS.exe

C:\Windows\System\UziapAI.exe

C:\Windows\System\UziapAI.exe

C:\Windows\System\tKBbbLP.exe

C:\Windows\System\tKBbbLP.exe

C:\Windows\System\KwSrtye.exe

C:\Windows\System\KwSrtye.exe

C:\Windows\System\TTwzvTx.exe

C:\Windows\System\TTwzvTx.exe

C:\Windows\System\ExtnehE.exe

C:\Windows\System\ExtnehE.exe

C:\Windows\System\ZbXnvcU.exe

C:\Windows\System\ZbXnvcU.exe

C:\Windows\System\rjSBSjA.exe

C:\Windows\System\rjSBSjA.exe

C:\Windows\System\jhyvZHs.exe

C:\Windows\System\jhyvZHs.exe

C:\Windows\System\TkJCIkR.exe

C:\Windows\System\TkJCIkR.exe

C:\Windows\System\KhXtwLI.exe

C:\Windows\System\KhXtwLI.exe

C:\Windows\System\ZSIIgvb.exe

C:\Windows\System\ZSIIgvb.exe

C:\Windows\System\kBcXoTN.exe

C:\Windows\System\kBcXoTN.exe

C:\Windows\System\wlhrNsc.exe

C:\Windows\System\wlhrNsc.exe

C:\Windows\System\UoZSOdd.exe

C:\Windows\System\UoZSOdd.exe

C:\Windows\System\QOSSyGM.exe

C:\Windows\System\QOSSyGM.exe

C:\Windows\System\cPoBQzM.exe

C:\Windows\System\cPoBQzM.exe

C:\Windows\System\idYSEZS.exe

C:\Windows\System\idYSEZS.exe

C:\Windows\System\kEiiCol.exe

C:\Windows\System\kEiiCol.exe

C:\Windows\System\pYQjaus.exe

C:\Windows\System\pYQjaus.exe

C:\Windows\System\jhnGGHq.exe

C:\Windows\System\jhnGGHq.exe

C:\Windows\System\hqopqCD.exe

C:\Windows\System\hqopqCD.exe

C:\Windows\System\pAoebdk.exe

C:\Windows\System\pAoebdk.exe

C:\Windows\System\QglZOxq.exe

C:\Windows\System\QglZOxq.exe

C:\Windows\System\lWUGJzJ.exe

C:\Windows\System\lWUGJzJ.exe

C:\Windows\System\ZsvcxBU.exe

C:\Windows\System\ZsvcxBU.exe

C:\Windows\System\yzZJaiB.exe

C:\Windows\System\yzZJaiB.exe

C:\Windows\System\ouGXJLK.exe

C:\Windows\System\ouGXJLK.exe

C:\Windows\System\CMgwvrW.exe

C:\Windows\System\CMgwvrW.exe

C:\Windows\System\WShchUr.exe

C:\Windows\System\WShchUr.exe

C:\Windows\System\IaTzyso.exe

C:\Windows\System\IaTzyso.exe

C:\Windows\System\eFOVIrt.exe

C:\Windows\System\eFOVIrt.exe

C:\Windows\System\cpnAdkX.exe

C:\Windows\System\cpnAdkX.exe

C:\Windows\System\MGZjbhQ.exe

C:\Windows\System\MGZjbhQ.exe

C:\Windows\System\chgfPNO.exe

C:\Windows\System\chgfPNO.exe

C:\Windows\System\TwQprlL.exe

C:\Windows\System\TwQprlL.exe

C:\Windows\System\WELdsEx.exe

C:\Windows\System\WELdsEx.exe

C:\Windows\System\RAnPupc.exe

C:\Windows\System\RAnPupc.exe

C:\Windows\System\SeWVHyC.exe

C:\Windows\System\SeWVHyC.exe

C:\Windows\System\wpNyuza.exe

C:\Windows\System\wpNyuza.exe

C:\Windows\System\BJPbwBi.exe

C:\Windows\System\BJPbwBi.exe

C:\Windows\System\IblpGoJ.exe

C:\Windows\System\IblpGoJ.exe

C:\Windows\System\jSxKfUo.exe

C:\Windows\System\jSxKfUo.exe

C:\Windows\System\XwHgFgS.exe

C:\Windows\System\XwHgFgS.exe

C:\Windows\System\vaEpHPd.exe

C:\Windows\System\vaEpHPd.exe

C:\Windows\System\LUfbWrB.exe

C:\Windows\System\LUfbWrB.exe

C:\Windows\System\yVNSRiH.exe

C:\Windows\System\yVNSRiH.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2232-0-0x000000013F710000-0x000000013FB02000-memory.dmp

memory/2232-1-0x0000000000180000-0x0000000000190000-memory.dmp

memory/2232-7-0x000000013FC80000-0x0000000140072000-memory.dmp

C:\Windows\system\gikpWvW.exe

MD5 c99150a9d5388f79e4897003a7034aae
SHA1 6422840dee3bd32045210d61d428c017df5f5e58
SHA256 a243b38fc7985f2c407d9fbfdb83076a750a64c6929b975a7639b006fbc41a45
SHA512 dd59cbb3d5e1d9a5180f083ea3ad0dc4832855c993e336f1f6203809ce5e43429636558ab98ce3008b8106a50f1530eebcf92371449e2e5a97dffc795df81ee5

memory/2232-25-0x0000000002C60000-0x0000000003052000-memory.dmp

memory/2200-17-0x00000000027E0000-0x0000000002860000-memory.dmp

C:\Windows\system\kaeIOvs.exe

MD5 91d41196c35459b5c7ce87bc20d5e505
SHA1 adf928593d569c878e75c0a0fc71d6c333a2ebf5
SHA256 c8eaa50e648338674cbcc8bb2d6f2d6cd30208467d7f7c0a581a46aaafa45e32
SHA512 a623f7ba718e2ab53004bc1d1e743e1d1231f78bf2b96df9538d6633ec7149c6a1c1f3c69e84bdf0e4a73ad7561faaa9424bddb6911e965f7681388cca0f1579

C:\Windows\system\lCjKEoa.exe

MD5 017dc7f22d4431bc4a439e08eac759f5
SHA1 cebb9fb218a31aaf7d63d81ea00ec3fe5b4db04c
SHA256 1770e4ea7b7bdd7daea751d7002981a988aad0463e7183bf814acef67bb7fe97
SHA512 8e16458fb69e7c4a4d5bc07729ce792af5329cd994b7ca1e67b88a1e74ebcdeaea4e0801a4eed653201febf6121298766e50b6333762d3f2785f382bc979b754

C:\Windows\system\qNhxcTR.exe

MD5 aa17480c2de6701279c8a5abab7e9d41
SHA1 e7328274c2ecae634be5812236ec7f2d98fb81c9
SHA256 5d40bcc93ec9b3668a5adf02609bc3b7a31920163c6bc0c83f35e3ba8f8cca50
SHA512 3b14fb9f4d9c222bdb62247b2394b5d7d3ffdfb2adff8382b40aa7c359677a6f2fe4fc8b09426251361e8d64af56cc6b46945f06c6e8b01cc038298caf1cca66

C:\Windows\system\SstTXYz.exe

MD5 0a4e2fa54ae9a1c76fdcf3cbf3cec5e0
SHA1 e7b34123c87ff45582d47935fcbab0e3968ba523
SHA256 5849d1ca06df8aa59c69be2493c1aad80ec366861f780d09a31278d7a6c17803
SHA512 8ced20e2316a55d2b100688f0ed1a78fb73ef8a50e840c3677efea473d7cd6d46b407abf08c068f8944565f89ae0bb9f5a4961a115b4499bfd5fee8c7c328918

\Windows\system\FZaFxDW.exe

MD5 5a37ec6d1b11e2c08118ae0c26f837f1
SHA1 78649fde159dacf0f6391366aaf690c9f91e719c
SHA256 d550655bddfd05f92114ad162b8fb5888a247912163f3daf2551e943d9706d5d
SHA512 2b78b3dd1bf524267fd3be708c7b3ffa2d0be9cd9500d91dc74b57f969a4fa4fa75c0c382242cf136666567a0ce4484272c099fed3e90e3d22ea7829da01f118

C:\Windows\system\hVGbmQL.exe

MD5 a58d9666f5e10b59f2db8474c20378c8
SHA1 29260f42236e620dd93683a67f3a46865c21a2b3
SHA256 adb529829a559b1819148d9f76ce7fb49031b937aea15d77d573d55c82e43555
SHA512 90e4418512592e12505cd08446f329db471925b90688671201faa9c02de17352d4e665bf60ce0c979d07d87ddf60cf7f01bd6870ea099db78f7d4fa74034c0d8

C:\Windows\system\pCOxRbD.exe

MD5 8b93f73c4b77c20c50f01bebd978b6e7
SHA1 f4648406153c9be7e0268a75ad77fa21b22d7aa7
SHA256 c7d12267b3da5c0f04386c790e0e925788f9b01ab5b9783ae265ecc4d77f8429
SHA512 983e3731936ed7cfb76a2be929af467a875b10d06d8ba38c835972ff4bb34dc4530ef4d23062a30c2e6bddc69c72d05149953b36bc739fa779e9bc530d18f97b

C:\Windows\system\rQraxRz.exe

MD5 d4247a3d99131820e773a7b967344ac6
SHA1 d22c429d0cc8b0431f9b92efb9a9d69882443bc7
SHA256 c3e61fe588ff6d399266b6efa9cf0f43d83badd7518feccb32570b785885faaf
SHA512 ae6f49ade2fdcd48e7e433cf0de1a22eb1b948c16b628f7cdabb7f59b2e056e8d164267c8285ba2854e720254875e51ea69f4c126a7a0454b1e7fb0afd8d81ac

C:\Windows\system\EpEIzjm.exe

MD5 29d2bc64ea7b2842347a000652feebec
SHA1 18d79c2b197f1674ee595ebff51377ab31efaac4
SHA256 72307cf0d82ea0247f7fc8c9a060785bf408e4bdf637b4348b6d088495001006
SHA512 10078fd05d9121ebcb9587d14bbc45ef971e1263138ff8c1da07a1fe3dd7ac184d373f9826a0e5b8bfbf42933f25099c0353eceedf886360d47b1d55494516d2

C:\Windows\system\IakpDNq.exe

MD5 a90327460b3f6ccceca5296e0fd7bfa4
SHA1 9b290675f4f0c0c9b5527e954d58c8d6d40b5034
SHA256 b59b699a0b1fc5cfddfeb3ea0c1e41f058b85e70726d9f3545d051ea37d94597
SHA512 c78985c9abe746a2cbd4b9dc6367f6170383f6914a7c167f17fe9bb96fc63fd872ccd5b3e2d7220ba4e40a957bd5338a1aef00d0a9576fd8cabe8f952a3ad3bb

C:\Windows\system\savGMej.exe

MD5 7c13bf1a7076ebe89d76e0ae543ef15b
SHA1 3715abb92ea3a0d5461d783718409636c4c6a96e
SHA256 349eb9b04c3bdda2d50c65deaf17e9cdc516883501fe1ec638c770e8c162c9ae
SHA512 793b4dc3c78137d88c9708c0e5118e51c608fe1ac871765040043b18a301cee03924565f20d31c45e16b0e1a5274f3a935ade40be96060441a8100710e8f683c

\Windows\system\oqiNaSF.exe

MD5 e2e8e2fb5aa4516b4d8eb7bd9b0a1036
SHA1 4e675ccdfe1dc71e069c20db154cbc2d6d667826
SHA256 1f0ac8c49189a7bfc27a84ba63ec3bc9bf4179133e308f05f03b8c4e8bc1ff20
SHA512 4330ac4108e702417a0dfb360003aa038b38aec5c4309af60aa6b4b2c3df43ca1d6080f3fb63bfd653e906170e54c9987a78fcb96d88f5e5e722ff360d9b0157

\Windows\system\TXJdbGW.exe

MD5 2b249523428bf9148c5eb24196a40fe8
SHA1 9feed1837c6245e816197f8d97c065223286fc57
SHA256 d13b61412d785ac68a7cfe76890f570164525528802cf766d66a46184fb6a6c8
SHA512 574c1a7169c84fbdd86422c95663e9f02937e42160cd8b9e0b9249207b0ba998dc53f0122b4ff9449c55a0e3c095d323cab3698314e02e607b7aeaced0ebad5e

memory/2200-132-0x0000000002410000-0x0000000002418000-memory.dmp

\Windows\system\oFlXVDc.exe

MD5 a706bc01708e3ed8d54401289e732d83
SHA1 1bf3d17e69222088400209eb896376f2288b6ab0
SHA256 f97fe8226c5c62066a720ec8afeeea594b5a5bf043061c09ccfe1c8290d0e7d7
SHA512 3cb53d9c99ffa11d46030b9eca1b32be80837c1b1d510ac431e497f1c00cc4df7d32f142928a74de5ab422613a17d939a8e4cbb6c3c7e0ba85fb11d97fd05379

C:\Windows\system\daHniXE.exe

MD5 99c420d6ad65d69be058dc921d0ad7fe
SHA1 cc588a06e2f5e58116724acc77e7f2e7d488f08f
SHA256 57d1c88e4438898bfc033accb985756407629a5ea14d1ebfd2091ff9d338f493
SHA512 f407e18389cf0f3fb643d65dc1530a7cccc0839e61534a43a177df87d0971964266cbcb2cb01afc24e2e96bedf512b79002b812149611082059f30390ccfa7dc

C:\Windows\system\ktdJWQi.exe

MD5 b27bd29bcbdbea242aaf6a351fe13fd3
SHA1 79fbd7830a8c9d521714797079fd3755dc17ecd5
SHA256 03a149a6a7103293663df567f7f240cd3972bc3d47b992f979bf0d97b046f82c
SHA512 7dbcaa9dde8711753288c3230c10cedc880b5e315e4efba5ce5f85d0b03745a44364ee47542de5d6b05fda161aeb79f193dd93cae18422fa6ed05fdf5ef1114b

memory/2232-172-0x000000013FD70000-0x0000000140162000-memory.dmp

memory/2232-194-0x0000000003180000-0x0000000003572000-memory.dmp

memory/2200-310-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

memory/2732-293-0x000000013F660000-0x000000013FA52000-memory.dmp

memory/2328-291-0x000000013FC80000-0x0000000140072000-memory.dmp

memory/2868-327-0x000000013FAC0000-0x000000013FEB2000-memory.dmp

memory/2584-326-0x000000013F8C0000-0x000000013FCB2000-memory.dmp

memory/948-325-0x000000013F1A0000-0x000000013F592000-memory.dmp

memory/2232-290-0x000000013F710000-0x000000013FB02000-memory.dmp

\Windows\system\PyIRhXD.exe

MD5 53c6356274e66c60c9c57bc7fbf9aaaa
SHA1 5b004c31bd5a2aed6e88fb1bf97246cb4bd3bbc7
SHA256 1e47305336f001439e3bdcf745d6181fc87bbada693ffbd974ec302f47866d50
SHA512 3a694f58e54f47c98df1fee7d7a4e0986b8a7080f6e89dbe5ad7506a7e9a83fa111c20c1792b98e4fa2b6c67bccd331a31880c090832db0d7d2a0f3a6eb5fb30

memory/2372-179-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2232-178-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/2496-177-0x000000013F510000-0x000000013F902000-memory.dmp

memory/2232-176-0x0000000003180000-0x0000000003572000-memory.dmp

memory/2756-198-0x000000013FCE0000-0x00000001400D2000-memory.dmp

memory/2520-175-0x000000013F120000-0x000000013F512000-memory.dmp

memory/1012-197-0x000000013F350000-0x000000013F742000-memory.dmp

memory/2232-196-0x0000000003180000-0x0000000003572000-memory.dmp

memory/572-195-0x000000013F3B0000-0x000000013F7A2000-memory.dmp

memory/2232-174-0x000000013F120000-0x000000013F512000-memory.dmp

memory/1208-173-0x000000013FD70000-0x0000000140162000-memory.dmp

memory/2084-171-0x000000013FEA0000-0x0000000140292000-memory.dmp

memory/2232-170-0x000000013FEA0000-0x0000000140292000-memory.dmp

memory/1268-192-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

\Windows\system\AmPNBbC.exe

MD5 5ae0f70848728fffa8e333a4088bcc5d
SHA1 bbd3adf43ae0476cc93d3e13c447164a156449eb
SHA256 78c50300d0a5361cfe206366682c1c1e68ad778909f336dfa260cc5fd2f0f00f
SHA512 9072ffeae9e9538a5037287465d2eac699608f91bc8adb27bb80cb69fdff3bf9771c911efaa26550c745178e4afa9e46d3c66519a1b7ecf5e877e8eab4de2a06

C:\Windows\system\oFTeNKZ.exe

MD5 5adf103bfc3e51b9e90f8cce8b6a876d
SHA1 a013d184ee5abc3709e0feba6e82539626972ff9
SHA256 5d9b160c7ccb6c2aa03bd1aa13b88bc72430633685b3966820a68fc432ef8919
SHA512 296f0ca5a7379aefea111253d626c2f83d280e69e836268711c4b50e7c9e828e92c6d22deb025e7f9dc65e03b9c09cb3a3e4bad02c285360fb97ed76f50a2218

memory/2232-169-0x000000013FCE0000-0x00000001400D2000-memory.dmp

memory/2232-183-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

memory/2644-168-0x000000013F680000-0x000000013FA72000-memory.dmp

memory/2200-167-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

C:\Windows\system\GeKwAiC.exe

MD5 c78de98bf5d8248d0d603d83bc3fcd9c
SHA1 1a9d45a10e68e6a59f37e5d41d1098d003e5a3a6
SHA256 d39dd98760b3b47e23a1af6bb89c3bf44efb4131a3707a02b12f55d17e8b3534
SHA512 01f2aabe0900051cc54ef0256fa949fd7f56ef2f31fe477c6eead43cdeb7c804b992978ce4a5a3f6082799e7a1f716780aac42a7ff4991abb360bfbc356b5787

memory/2200-166-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

\Windows\system\UVgpGKW.exe

MD5 12f7a3bd639d21e8f0a47740c84ea25c
SHA1 cccb86afbd1bd891f8df7b5447c029a1a8b2014f
SHA256 71d704e767ee0d17110e2cf8b1d610cd79231bdb2dd1146cd6facf453e43f42c
SHA512 5aa56a4272dd0e968583879e6e515a61bfcbcf1ab0b5328b6514f51d14543ceedd3aa39c26d2c7a1d06789c30a10ca9f0959e8fd5b49e5fb9e4eb912dce42b26

C:\Windows\system\HUgYLEi.exe

MD5 2688b300972bc8bc2ccb1f54d69f1aa5
SHA1 d484780721679354679e424343c003061430a7e3
SHA256 b32ddf7e27496b431043a946bcaa3af6994b4c69c50c9b6cfe813471e0af9095
SHA512 0cfe1abad8a73f1dad26a5e8b77631024b43ad14fd472882d9ebdd2175711b029c817dba4297e086d43f757a52851ff1d7324a3bfd162160df509e0e77c055a1

C:\Windows\system\cywjWzK.exe

MD5 cc3443838f336635a998bd0675feebd2
SHA1 ff472a48b5257ced054fdeccc9d18def21edd208
SHA256 b64f25d756d4cde981755fbdb14685201dcfa0006ad8306e841f34768abba1a7
SHA512 b664d816e49dca3c83adb0adb95fa36557dbdc6aba0699630f272cdfa8b64330f41ac76b176476d11a12cd7b40c90b4f49da26ed951b28988bc6a2d69506ce97

memory/2200-129-0x000000001B1A0000-0x000000001B482000-memory.dmp

C:\Windows\system\bFeVhPB.exe

MD5 5f966b5f3077034765f52fb8c4a238be
SHA1 031ed2255c9f89872f262100a4d4f65012b42e33
SHA256 5d15805d3a42b62552bfbef68b99494f5f60000454e943c568cd1a174bdec269
SHA512 1ac451206cfbef3b4a043cea7d8edf5fcdd27d22bde97e7f6a5839e8691c118c7e314d09627c4c59a41848f4b9d2e75d5a7b8f94db45c1d94a476edbbe91daaa

C:\Windows\system\bmUxOss.exe

MD5 c0a344d0a32486f226de204aa4b87354
SHA1 7988ce17972a7c3c220af62d7980cf02cef6a1d9
SHA256 8ab0622866e3d850392aa451977401394ba238a4d9bf9f8bbe5d541d1088be52
SHA512 a7e6b989458110172375006a601c62a493a49c651ba2d0ecd19ad29330a516221c2e02044248d3f132fcfab1768654c288a6f823877423cac7eb3b63d149188d

C:\Windows\system\VRLEkGY.exe

MD5 8d0cf47f15d67d4335a38fd01fb5e1fa
SHA1 e7d9b07c912172783ec70a80842fa8f6792b8b9e
SHA256 2168c3094f35decfe631e7f626f45d6bf12fef00e7cc29804403a3c7f8b0f21f
SHA512 fff4dd5c101e36f54d1e6a38c0e53ba2fbbc3393216d8341ef00545d39c59bb4c8877c1b5d3370771ddfdc6526ad510f65c2827f1fed3ba36c9ad0e6c99ca389

C:\Windows\system\OzWtDsQ.exe

MD5 2fd34d8aa60352601513512943d7fa77
SHA1 e34c59ea3605d178cbaa7614d64811aa0578b748
SHA256 122ecc207e17e7e05be53b4d945e17d04e3c14264807e8f85d42c70ddf30fac1
SHA512 64d659de8ef4fbb248cd770a6be07e924586497812e774fd6324acde329afef9260145350b1642f07584e413b55a9fbe3306d775f156d16601b2ac1c3653ecbd

C:\Windows\system\Zhhvmbw.exe

MD5 6612b4d58d30ebdb5eaba911188ae3e0
SHA1 31d5dc7f361569e53047c8f464ecf5a8f6b7feec
SHA256 64ea2a19f7813ecd377be0efc4c3a999dfa1669bf9e71fa5860d4a8a5305bf8e
SHA512 5d4310e530f3f86811419f9d418f13390a557afb967ddaa483472aec1adc605cc1d39b8cd29b91666e5a2a12b45f50726600932a1ab27592bce7f578f95f4a68

C:\Windows\system\iTKLrCz.exe

MD5 0802ae6bcb823f2c2f6a4337543bfe4e
SHA1 f274c9ca834e6eb8669f3172133674b6a0b4f4b0
SHA256 7109b60dcc9f609230fbdecf85075e1dc7ecad43dd7d77f0012dcd54a9fc8694
SHA512 c30abe02bbd96faea2d1b3b415f326ce6f12e96af98b8c84899aea1ba381f379c171a9836e2c3660398dbfb90c0e7d53cd966f5ee31398bc0de54566a049119b

C:\Windows\system\PXinVps.exe

MD5 96ed01672b5fe09f73827d41e67b3fed
SHA1 a47822efd36327ba5f559ee37de76182ca0a4035
SHA256 dcfe9a32514d1138b8de8b4b0f0f8670698643aabf86ec517b774b0bee78cc9a
SHA512 e23c2ca93a4a64a0755754e8163250f0496ca843f91bdf8ae328f2b1c2a5198ba49f1c843641f075755fc933e37d27a33321416e351307992abfd1e7226ed555

memory/2732-31-0x000000013F660000-0x000000013FA52000-memory.dmp

memory/2328-16-0x000000013FC80000-0x0000000140072000-memory.dmp

C:\Windows\system\oyYLHNk.exe

MD5 b5fd360bf7b7a242bc1648712e2a803d
SHA1 2dfd8cd7db2ce6dd8e46d684a8a06d9e11045d55
SHA256 223df323e49e11b1726d2431151abcbc24cfe09e9dc23d96f7c3b4cd39a17191
SHA512 e0766c5b6ca64e9c093f117971f2f401af6d0e5960659647253ff9563616aa5d9c74107e2f4d2639e901bf5aa1afb090faf2229eb2a102ac6d462628e545e2ea

C:\Windows\system\qrcdBzS.exe

MD5 b9c1a8bbc9d04df490aae0442f06898a
SHA1 3fe0c8a2d436925d56a9b7050575392ae2e27026
SHA256 8ac4d939c505ea9ca13065aa0bf06a505449428da7410e21155e0ecafca17010
SHA512 43cf15e1176e1f5c6a413d0054975247c0f1bd70799af9af67fdb8bd43021174c32f494d7b5ca80a86524f70fd4c29714086133437a2a96ec2f9cb46ae9d7e4d

memory/2200-22-0x000007FEF566E000-0x000007FEF566F000-memory.dmp

memory/2232-21-0x0000000002C60000-0x0000000003052000-memory.dmp

memory/2372-2088-0x000000013FEF0000-0x00000001402E2000-memory.dmp

memory/572-2125-0x000000013F3B0000-0x000000013F7A2000-memory.dmp

memory/1208-2258-0x000000013FD70000-0x0000000140162000-memory.dmp

memory/2520-2264-0x000000013F120000-0x000000013F512000-memory.dmp

memory/2328-2268-0x000000013FC80000-0x0000000140072000-memory.dmp

memory/2732-2266-0x000000013F660000-0x000000013FA52000-memory.dmp

memory/2084-2265-0x000000013FEA0000-0x0000000140292000-memory.dmp

memory/2644-2262-0x000000013F680000-0x000000013FA72000-memory.dmp

memory/2496-2269-0x000000013F510000-0x000000013F902000-memory.dmp

memory/1012-2271-0x000000013F350000-0x000000013F742000-memory.dmp

memory/2756-2270-0x000000013FCE0000-0x00000001400D2000-memory.dmp

memory/1268-2299-0x000000013F2E0000-0x000000013F6D2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 07:44

Reported

2024-06-12 07:46

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\EmNpYKm.exe N/A
N/A N/A C:\Windows\System\ILHcvff.exe N/A
N/A N/A C:\Windows\System\qKPlxMF.exe N/A
N/A N/A C:\Windows\System\UuTyIRY.exe N/A
N/A N/A C:\Windows\System\rbIoKkZ.exe N/A
N/A N/A C:\Windows\System\mqgYqtE.exe N/A
N/A N/A C:\Windows\System\IJuikIb.exe N/A
N/A N/A C:\Windows\System\AJAOglz.exe N/A
N/A N/A C:\Windows\System\blvzDtY.exe N/A
N/A N/A C:\Windows\System\YUiEZXy.exe N/A
N/A N/A C:\Windows\System\HILmqUC.exe N/A
N/A N/A C:\Windows\System\jOzRmWY.exe N/A
N/A N/A C:\Windows\System\djbUcan.exe N/A
N/A N/A C:\Windows\System\zMkPfdo.exe N/A
N/A N/A C:\Windows\System\ZpwXDNV.exe N/A
N/A N/A C:\Windows\System\GhbTDSW.exe N/A
N/A N/A C:\Windows\System\GYYUqsb.exe N/A
N/A N/A C:\Windows\System\cZVFyyf.exe N/A
N/A N/A C:\Windows\System\QEfEEdG.exe N/A
N/A N/A C:\Windows\System\wLvcHrc.exe N/A
N/A N/A C:\Windows\System\oozjuef.exe N/A
N/A N/A C:\Windows\System\CPtyEie.exe N/A
N/A N/A C:\Windows\System\GbqisJK.exe N/A
N/A N/A C:\Windows\System\jfutevS.exe N/A
N/A N/A C:\Windows\System\pAxuHoX.exe N/A
N/A N/A C:\Windows\System\JHuaPpZ.exe N/A
N/A N/A C:\Windows\System\WZuVtyt.exe N/A
N/A N/A C:\Windows\System\EiQfSPv.exe N/A
N/A N/A C:\Windows\System\zXtpGmX.exe N/A
N/A N/A C:\Windows\System\qDVvlVN.exe N/A
N/A N/A C:\Windows\System\VrvKXvH.exe N/A
N/A N/A C:\Windows\System\OVUiqRz.exe N/A
N/A N/A C:\Windows\System\crmpdtz.exe N/A
N/A N/A C:\Windows\System\ETiDMVe.exe N/A
N/A N/A C:\Windows\System\KkZggYJ.exe N/A
N/A N/A C:\Windows\System\yPQbuQj.exe N/A
N/A N/A C:\Windows\System\YjOhkmc.exe N/A
N/A N/A C:\Windows\System\UvDadhS.exe N/A
N/A N/A C:\Windows\System\mwvqKMs.exe N/A
N/A N/A C:\Windows\System\NjctIkW.exe N/A
N/A N/A C:\Windows\System\kTAnomN.exe N/A
N/A N/A C:\Windows\System\QNwYGlC.exe N/A
N/A N/A C:\Windows\System\WkulPUo.exe N/A
N/A N/A C:\Windows\System\BftMnmw.exe N/A
N/A N/A C:\Windows\System\HcUhbfL.exe N/A
N/A N/A C:\Windows\System\PbrDlwZ.exe N/A
N/A N/A C:\Windows\System\NXriTZs.exe N/A
N/A N/A C:\Windows\System\aqhmHxQ.exe N/A
N/A N/A C:\Windows\System\GhlvNYX.exe N/A
N/A N/A C:\Windows\System\RRThJlt.exe N/A
N/A N/A C:\Windows\System\KMVKxzy.exe N/A
N/A N/A C:\Windows\System\DFymYbE.exe N/A
N/A N/A C:\Windows\System\pxQEJZo.exe N/A
N/A N/A C:\Windows\System\YTVVYij.exe N/A
N/A N/A C:\Windows\System\AAYdEkX.exe N/A
N/A N/A C:\Windows\System\CSGWdKo.exe N/A
N/A N/A C:\Windows\System\VvIrAKV.exe N/A
N/A N/A C:\Windows\System\RZygdEa.exe N/A
N/A N/A C:\Windows\System\RhOObfA.exe N/A
N/A N/A C:\Windows\System\MQdmznZ.exe N/A
N/A N/A C:\Windows\System\adRMXUp.exe N/A
N/A N/A C:\Windows\System\OlFptje.exe N/A
N/A N/A C:\Windows\System\GRvNoTC.exe N/A
N/A N/A C:\Windows\System\AvhkAuz.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\PeWQDCI.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\yKMFHVL.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\muJIwhN.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\XndkDzU.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\AyURzrt.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\gYAzQXb.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\MoUUnhm.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\qJGaLfk.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\GxpgmXL.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\GHelLuq.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\ofFEpjR.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\jipVnmT.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\zMkPfdo.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\DOUdqVV.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\gencKcF.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\wWcauXE.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\MlRPbgn.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\fISdwpm.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\fLEvDRz.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\CKjZYSO.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\trmpkPX.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\rdXjJcb.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\BsafsnE.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\iwhRUsQ.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\NkGRzjM.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\sfxpFeC.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\daVXseC.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\XoCOdnt.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\aTBEWkI.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\EDlrHQE.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\yKocaJf.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\qevEhdt.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\VQYIZcH.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\OePlcZd.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\OSuJPFh.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\gusxeGY.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\trSAQHZ.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\vTARrLK.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\seOAWsL.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\bhVtxCO.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\gMPsSfk.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\GuFDwUa.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\IitjZRc.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\jQbZYrK.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\CrhCnmS.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\YWtBPyo.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\iigKnpI.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\FysOJrT.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\wDaFtqt.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\SCDLWmp.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\CrIvjQK.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\oKdgIvG.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\qUPrrqR.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\TgexhAI.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\TVAJdgD.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\pgvtiLP.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\kiMoYKt.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\RSoymtP.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\hBxVMLb.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\DCqzexy.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\IvEhjDi.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\cVGglAJ.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\BpyKuIz.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
File created C:\Windows\System\vlkGmtx.exe C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1736 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1736 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\EmNpYKm.exe
PID 1736 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\EmNpYKm.exe
PID 1736 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\ILHcvff.exe
PID 1736 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\ILHcvff.exe
PID 1736 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qKPlxMF.exe
PID 1736 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qKPlxMF.exe
PID 1736 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\UuTyIRY.exe
PID 1736 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\UuTyIRY.exe
PID 1736 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\rbIoKkZ.exe
PID 1736 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\rbIoKkZ.exe
PID 1736 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\mqgYqtE.exe
PID 1736 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\mqgYqtE.exe
PID 1736 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\IJuikIb.exe
PID 1736 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\IJuikIb.exe
PID 1736 wrote to memory of 4988 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\AJAOglz.exe
PID 1736 wrote to memory of 4988 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\AJAOglz.exe
PID 1736 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\blvzDtY.exe
PID 1736 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\blvzDtY.exe
PID 1736 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\YUiEZXy.exe
PID 1736 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\YUiEZXy.exe
PID 1736 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\HILmqUC.exe
PID 1736 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\HILmqUC.exe
PID 1736 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\jOzRmWY.exe
PID 1736 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\jOzRmWY.exe
PID 1736 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\djbUcan.exe
PID 1736 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\djbUcan.exe
PID 1736 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\zMkPfdo.exe
PID 1736 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\zMkPfdo.exe
PID 1736 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\ZpwXDNV.exe
PID 1736 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\ZpwXDNV.exe
PID 1736 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\GhbTDSW.exe
PID 1736 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\GhbTDSW.exe
PID 1736 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\GYYUqsb.exe
PID 1736 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\GYYUqsb.exe
PID 1736 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\cZVFyyf.exe
PID 1736 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\cZVFyyf.exe
PID 1736 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\QEfEEdG.exe
PID 1736 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\QEfEEdG.exe
PID 1736 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\wLvcHrc.exe
PID 1736 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\wLvcHrc.exe
PID 1736 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\oozjuef.exe
PID 1736 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\oozjuef.exe
PID 1736 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\CPtyEie.exe
PID 1736 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\CPtyEie.exe
PID 1736 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\GbqisJK.exe
PID 1736 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\GbqisJK.exe
PID 1736 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\jfutevS.exe
PID 1736 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\jfutevS.exe
PID 1736 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\pAxuHoX.exe
PID 1736 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\pAxuHoX.exe
PID 1736 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\JHuaPpZ.exe
PID 1736 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\JHuaPpZ.exe
PID 1736 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\WZuVtyt.exe
PID 1736 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\WZuVtyt.exe
PID 1736 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\EiQfSPv.exe
PID 1736 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\EiQfSPv.exe
PID 1736 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\zXtpGmX.exe
PID 1736 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\zXtpGmX.exe
PID 1736 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qDVvlVN.exe
PID 1736 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\qDVvlVN.exe
PID 1736 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\VrvKXvH.exe
PID 1736 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe C:\Windows\System\VrvKXvH.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9fef9ea1cf78209bbe7e850f56b2c0ae_JaffaCakes118.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\EmNpYKm.exe

C:\Windows\System\EmNpYKm.exe

C:\Windows\System\ILHcvff.exe

C:\Windows\System\ILHcvff.exe

C:\Windows\System\qKPlxMF.exe

C:\Windows\System\qKPlxMF.exe

C:\Windows\System\UuTyIRY.exe

C:\Windows\System\UuTyIRY.exe

C:\Windows\System\rbIoKkZ.exe

C:\Windows\System\rbIoKkZ.exe

C:\Windows\System\mqgYqtE.exe

C:\Windows\System\mqgYqtE.exe

C:\Windows\System\IJuikIb.exe

C:\Windows\System\IJuikIb.exe

C:\Windows\System\AJAOglz.exe

C:\Windows\System\AJAOglz.exe

C:\Windows\System\blvzDtY.exe

C:\Windows\System\blvzDtY.exe

C:\Windows\System\YUiEZXy.exe

C:\Windows\System\YUiEZXy.exe

C:\Windows\System\HILmqUC.exe

C:\Windows\System\HILmqUC.exe

C:\Windows\System\jOzRmWY.exe

C:\Windows\System\jOzRmWY.exe

C:\Windows\System\djbUcan.exe

C:\Windows\System\djbUcan.exe

C:\Windows\System\zMkPfdo.exe

C:\Windows\System\zMkPfdo.exe

C:\Windows\System\ZpwXDNV.exe

C:\Windows\System\ZpwXDNV.exe

C:\Windows\System\GhbTDSW.exe

C:\Windows\System\GhbTDSW.exe

C:\Windows\System\GYYUqsb.exe

C:\Windows\System\GYYUqsb.exe

C:\Windows\System\cZVFyyf.exe

C:\Windows\System\cZVFyyf.exe

C:\Windows\System\QEfEEdG.exe

C:\Windows\System\QEfEEdG.exe

C:\Windows\System\wLvcHrc.exe

C:\Windows\System\wLvcHrc.exe

C:\Windows\System\oozjuef.exe

C:\Windows\System\oozjuef.exe

C:\Windows\System\CPtyEie.exe

C:\Windows\System\CPtyEie.exe

C:\Windows\System\GbqisJK.exe

C:\Windows\System\GbqisJK.exe

C:\Windows\System\jfutevS.exe

C:\Windows\System\jfutevS.exe

C:\Windows\System\pAxuHoX.exe

C:\Windows\System\pAxuHoX.exe

C:\Windows\System\JHuaPpZ.exe

C:\Windows\System\JHuaPpZ.exe

C:\Windows\System\WZuVtyt.exe

C:\Windows\System\WZuVtyt.exe

C:\Windows\System\EiQfSPv.exe

C:\Windows\System\EiQfSPv.exe

C:\Windows\System\zXtpGmX.exe

C:\Windows\System\zXtpGmX.exe

C:\Windows\System\qDVvlVN.exe

C:\Windows\System\qDVvlVN.exe

C:\Windows\System\VrvKXvH.exe

C:\Windows\System\VrvKXvH.exe

C:\Windows\System\OVUiqRz.exe

C:\Windows\System\OVUiqRz.exe

C:\Windows\System\crmpdtz.exe

C:\Windows\System\crmpdtz.exe

C:\Windows\System\ETiDMVe.exe

C:\Windows\System\ETiDMVe.exe

C:\Windows\System\KkZggYJ.exe

C:\Windows\System\KkZggYJ.exe

C:\Windows\System\yPQbuQj.exe

C:\Windows\System\yPQbuQj.exe

C:\Windows\System\YjOhkmc.exe

C:\Windows\System\YjOhkmc.exe

C:\Windows\System\UvDadhS.exe

C:\Windows\System\UvDadhS.exe

C:\Windows\System\mwvqKMs.exe

C:\Windows\System\mwvqKMs.exe

C:\Windows\System\NjctIkW.exe

C:\Windows\System\NjctIkW.exe

C:\Windows\System\kTAnomN.exe

C:\Windows\System\kTAnomN.exe

C:\Windows\System\QNwYGlC.exe

C:\Windows\System\QNwYGlC.exe

C:\Windows\System\WkulPUo.exe

C:\Windows\System\WkulPUo.exe

C:\Windows\System\BftMnmw.exe

C:\Windows\System\BftMnmw.exe

C:\Windows\System\HcUhbfL.exe

C:\Windows\System\HcUhbfL.exe

C:\Windows\System\PbrDlwZ.exe

C:\Windows\System\PbrDlwZ.exe

C:\Windows\System\NXriTZs.exe

C:\Windows\System\NXriTZs.exe

C:\Windows\System\aqhmHxQ.exe

C:\Windows\System\aqhmHxQ.exe

C:\Windows\System\GhlvNYX.exe

C:\Windows\System\GhlvNYX.exe

C:\Windows\System\RRThJlt.exe

C:\Windows\System\RRThJlt.exe

C:\Windows\System\KMVKxzy.exe

C:\Windows\System\KMVKxzy.exe

C:\Windows\System\DFymYbE.exe

C:\Windows\System\DFymYbE.exe

C:\Windows\System\pxQEJZo.exe

C:\Windows\System\pxQEJZo.exe

C:\Windows\System\YTVVYij.exe

C:\Windows\System\YTVVYij.exe

C:\Windows\System\AAYdEkX.exe

C:\Windows\System\AAYdEkX.exe

C:\Windows\System\CSGWdKo.exe

C:\Windows\System\CSGWdKo.exe

C:\Windows\System\VvIrAKV.exe

C:\Windows\System\VvIrAKV.exe

C:\Windows\System\RZygdEa.exe

C:\Windows\System\RZygdEa.exe

C:\Windows\System\RhOObfA.exe

C:\Windows\System\RhOObfA.exe

C:\Windows\System\MQdmznZ.exe

C:\Windows\System\MQdmznZ.exe

C:\Windows\System\adRMXUp.exe

C:\Windows\System\adRMXUp.exe

C:\Windows\System\OlFptje.exe

C:\Windows\System\OlFptje.exe

C:\Windows\System\GRvNoTC.exe

C:\Windows\System\GRvNoTC.exe

C:\Windows\System\AvhkAuz.exe

C:\Windows\System\AvhkAuz.exe

C:\Windows\System\ltoJnGY.exe

C:\Windows\System\ltoJnGY.exe

C:\Windows\System\IIpqTlf.exe

C:\Windows\System\IIpqTlf.exe

C:\Windows\System\BlnQUDU.exe

C:\Windows\System\BlnQUDU.exe

C:\Windows\System\dlTgJAb.exe

C:\Windows\System\dlTgJAb.exe

C:\Windows\System\rrXDKcJ.exe

C:\Windows\System\rrXDKcJ.exe

C:\Windows\System\EolWQOY.exe

C:\Windows\System\EolWQOY.exe

C:\Windows\System\fDlezdN.exe

C:\Windows\System\fDlezdN.exe

C:\Windows\System\wpjXsCO.exe

C:\Windows\System\wpjXsCO.exe

C:\Windows\System\DEvoaCG.exe

C:\Windows\System\DEvoaCG.exe

C:\Windows\System\ApQBOSR.exe

C:\Windows\System\ApQBOSR.exe

C:\Windows\System\XVzDpYs.exe

C:\Windows\System\XVzDpYs.exe

C:\Windows\System\CdnyOrv.exe

C:\Windows\System\CdnyOrv.exe

C:\Windows\System\EmQDvvt.exe

C:\Windows\System\EmQDvvt.exe

C:\Windows\System\oJhxntX.exe

C:\Windows\System\oJhxntX.exe

C:\Windows\System\AwGrgkJ.exe

C:\Windows\System\AwGrgkJ.exe

C:\Windows\System\IBoTyfq.exe

C:\Windows\System\IBoTyfq.exe

C:\Windows\System\RlKNyTe.exe

C:\Windows\System\RlKNyTe.exe

C:\Windows\System\FkTIhQa.exe

C:\Windows\System\FkTIhQa.exe

C:\Windows\System\efGPbxv.exe

C:\Windows\System\efGPbxv.exe

C:\Windows\System\pFrxvbu.exe

C:\Windows\System\pFrxvbu.exe

C:\Windows\System\fYFbnwB.exe

C:\Windows\System\fYFbnwB.exe

C:\Windows\System\GrJpOxj.exe

C:\Windows\System\GrJpOxj.exe

C:\Windows\System\oTZRZKZ.exe

C:\Windows\System\oTZRZKZ.exe

C:\Windows\System\kaVUhIA.exe

C:\Windows\System\kaVUhIA.exe

C:\Windows\System\wdgSsIb.exe

C:\Windows\System\wdgSsIb.exe

C:\Windows\System\nzJNMvI.exe

C:\Windows\System\nzJNMvI.exe

C:\Windows\System\PkbkIKf.exe

C:\Windows\System\PkbkIKf.exe

C:\Windows\System\KcjbEGg.exe

C:\Windows\System\KcjbEGg.exe

C:\Windows\System\iiPuMiE.exe

C:\Windows\System\iiPuMiE.exe

C:\Windows\System\aPGTzpe.exe

C:\Windows\System\aPGTzpe.exe

C:\Windows\System\jIsnpgc.exe

C:\Windows\System\jIsnpgc.exe

C:\Windows\System\QiwnKIR.exe

C:\Windows\System\QiwnKIR.exe

C:\Windows\System\joguglp.exe

C:\Windows\System\joguglp.exe

C:\Windows\System\juPBwHi.exe

C:\Windows\System\juPBwHi.exe

C:\Windows\System\BiwZeDp.exe

C:\Windows\System\BiwZeDp.exe

C:\Windows\System\NzziSBu.exe

C:\Windows\System\NzziSBu.exe

C:\Windows\System\cfawxIr.exe

C:\Windows\System\cfawxIr.exe

C:\Windows\System\VrHZyxe.exe

C:\Windows\System\VrHZyxe.exe

C:\Windows\System\lGLZrWA.exe

C:\Windows\System\lGLZrWA.exe

C:\Windows\System\lHHMcxS.exe

C:\Windows\System\lHHMcxS.exe

C:\Windows\System\kWNXJkk.exe

C:\Windows\System\kWNXJkk.exe

C:\Windows\System\NuYQNKI.exe

C:\Windows\System\NuYQNKI.exe

C:\Windows\System\OSrhMyl.exe

C:\Windows\System\OSrhMyl.exe

C:\Windows\System\ofdHobQ.exe

C:\Windows\System\ofdHobQ.exe

C:\Windows\System\YiJxeIh.exe

C:\Windows\System\YiJxeIh.exe

C:\Windows\System\TENEPxS.exe

C:\Windows\System\TENEPxS.exe

C:\Windows\System\vscGDrg.exe

C:\Windows\System\vscGDrg.exe

C:\Windows\System\pCvagMb.exe

C:\Windows\System\pCvagMb.exe

C:\Windows\System\sAulgyK.exe

C:\Windows\System\sAulgyK.exe

C:\Windows\System\tvRZUSM.exe

C:\Windows\System\tvRZUSM.exe

C:\Windows\System\cKTLpjM.exe

C:\Windows\System\cKTLpjM.exe

C:\Windows\System\itYnLJy.exe

C:\Windows\System\itYnLJy.exe

C:\Windows\System\hSoHplZ.exe

C:\Windows\System\hSoHplZ.exe

C:\Windows\System\XRLgmoA.exe

C:\Windows\System\XRLgmoA.exe

C:\Windows\System\Gtvaias.exe

C:\Windows\System\Gtvaias.exe

C:\Windows\System\WvpmkDb.exe

C:\Windows\System\WvpmkDb.exe

C:\Windows\System\kIcdCHz.exe

C:\Windows\System\kIcdCHz.exe

C:\Windows\System\IGnTogE.exe

C:\Windows\System\IGnTogE.exe

C:\Windows\System\vSFkURu.exe

C:\Windows\System\vSFkURu.exe

C:\Windows\System\HPRcGsX.exe

C:\Windows\System\HPRcGsX.exe

C:\Windows\System\keLelMb.exe

C:\Windows\System\keLelMb.exe

C:\Windows\System\NpikUDp.exe

C:\Windows\System\NpikUDp.exe

C:\Windows\System\BoSSxfy.exe

C:\Windows\System\BoSSxfy.exe

C:\Windows\System\aJaRSLk.exe

C:\Windows\System\aJaRSLk.exe

C:\Windows\System\TrROYtN.exe

C:\Windows\System\TrROYtN.exe

C:\Windows\System\mytxesg.exe

C:\Windows\System\mytxesg.exe

C:\Windows\System\nZqmLFh.exe

C:\Windows\System\nZqmLFh.exe

C:\Windows\System\qjgXwsV.exe

C:\Windows\System\qjgXwsV.exe

C:\Windows\System\hoUcNQq.exe

C:\Windows\System\hoUcNQq.exe

C:\Windows\System\bWjIvRL.exe

C:\Windows\System\bWjIvRL.exe

C:\Windows\System\qMuvgYh.exe

C:\Windows\System\qMuvgYh.exe

C:\Windows\System\vXJfAIW.exe

C:\Windows\System\vXJfAIW.exe

C:\Windows\System\TyYjQwr.exe

C:\Windows\System\TyYjQwr.exe

C:\Windows\System\zDoEHUu.exe

C:\Windows\System\zDoEHUu.exe

C:\Windows\System\wHVWMto.exe

C:\Windows\System\wHVWMto.exe

C:\Windows\System\ylwfJBd.exe

C:\Windows\System\ylwfJBd.exe

C:\Windows\System\woxYrPM.exe

C:\Windows\System\woxYrPM.exe

C:\Windows\System\wFnMKXJ.exe

C:\Windows\System\wFnMKXJ.exe

C:\Windows\System\krqLblc.exe

C:\Windows\System\krqLblc.exe

C:\Windows\System\ouXmpcn.exe

C:\Windows\System\ouXmpcn.exe

C:\Windows\System\pRlwsIf.exe

C:\Windows\System\pRlwsIf.exe

C:\Windows\System\oJRdHBy.exe

C:\Windows\System\oJRdHBy.exe

C:\Windows\System\jwDVfYZ.exe

C:\Windows\System\jwDVfYZ.exe

C:\Windows\System\GLcTwTD.exe

C:\Windows\System\GLcTwTD.exe

C:\Windows\System\InrBNWU.exe

C:\Windows\System\InrBNWU.exe

C:\Windows\System\bCtZmbL.exe

C:\Windows\System\bCtZmbL.exe

C:\Windows\System\uYsAogg.exe

C:\Windows\System\uYsAogg.exe

C:\Windows\System\zaAZoIc.exe

C:\Windows\System\zaAZoIc.exe

C:\Windows\System\bfVjHqa.exe

C:\Windows\System\bfVjHqa.exe

C:\Windows\System\nJAoFel.exe

C:\Windows\System\nJAoFel.exe

C:\Windows\System\aujycjL.exe

C:\Windows\System\aujycjL.exe

C:\Windows\System\VXQaUMg.exe

C:\Windows\System\VXQaUMg.exe

C:\Windows\System\bxgtSWG.exe

C:\Windows\System\bxgtSWG.exe

C:\Windows\System\RGXgfmW.exe

C:\Windows\System\RGXgfmW.exe

C:\Windows\System\ZlNhUHY.exe

C:\Windows\System\ZlNhUHY.exe

C:\Windows\System\LFXCDbE.exe

C:\Windows\System\LFXCDbE.exe

C:\Windows\System\nsjjYqh.exe

C:\Windows\System\nsjjYqh.exe

C:\Windows\System\FzvmHRM.exe

C:\Windows\System\FzvmHRM.exe

C:\Windows\System\imTgNxr.exe

C:\Windows\System\imTgNxr.exe

C:\Windows\System\AbShVkU.exe

C:\Windows\System\AbShVkU.exe

C:\Windows\System\nJlVDyO.exe

C:\Windows\System\nJlVDyO.exe

C:\Windows\System\WWUcRyk.exe

C:\Windows\System\WWUcRyk.exe

C:\Windows\System\gLgQxxi.exe

C:\Windows\System\gLgQxxi.exe

C:\Windows\System\CjYVwaC.exe

C:\Windows\System\CjYVwaC.exe

C:\Windows\System\UQSUjjL.exe

C:\Windows\System\UQSUjjL.exe

C:\Windows\System\BqyHYSb.exe

C:\Windows\System\BqyHYSb.exe

C:\Windows\System\hobHmQf.exe

C:\Windows\System\hobHmQf.exe

C:\Windows\System\TeHfYSk.exe

C:\Windows\System\TeHfYSk.exe

C:\Windows\System\bbAQhck.exe

C:\Windows\System\bbAQhck.exe

C:\Windows\System\zogZKYC.exe

C:\Windows\System\zogZKYC.exe

C:\Windows\System\VtOCpya.exe

C:\Windows\System\VtOCpya.exe

C:\Windows\System\eMAMgfC.exe

C:\Windows\System\eMAMgfC.exe

C:\Windows\System\NufUVmr.exe

C:\Windows\System\NufUVmr.exe

C:\Windows\System\XDqUvvh.exe

C:\Windows\System\XDqUvvh.exe

C:\Windows\System\PuFedOC.exe

C:\Windows\System\PuFedOC.exe

C:\Windows\System\lhoNfBe.exe

C:\Windows\System\lhoNfBe.exe

C:\Windows\System\MGjMMJr.exe

C:\Windows\System\MGjMMJr.exe

C:\Windows\System\yuOoNEr.exe

C:\Windows\System\yuOoNEr.exe

C:\Windows\System\UhoAmEc.exe

C:\Windows\System\UhoAmEc.exe

C:\Windows\System\cendTbz.exe

C:\Windows\System\cendTbz.exe

C:\Windows\System\bdOMauY.exe

C:\Windows\System\bdOMauY.exe

C:\Windows\System\dUvMrwj.exe

C:\Windows\System\dUvMrwj.exe

C:\Windows\System\LgDBmXk.exe

C:\Windows\System\LgDBmXk.exe

C:\Windows\System\NFmeLyR.exe

C:\Windows\System\NFmeLyR.exe

C:\Windows\System\oEMTjLp.exe

C:\Windows\System\oEMTjLp.exe

C:\Windows\System\dMsnlFT.exe

C:\Windows\System\dMsnlFT.exe

C:\Windows\System\hviscVZ.exe

C:\Windows\System\hviscVZ.exe

C:\Windows\System\jtXjFMC.exe

C:\Windows\System\jtXjFMC.exe

C:\Windows\System\IaaoMVZ.exe

C:\Windows\System\IaaoMVZ.exe

C:\Windows\System\TuNUihC.exe

C:\Windows\System\TuNUihC.exe

C:\Windows\System\EnYzVQv.exe

C:\Windows\System\EnYzVQv.exe

C:\Windows\System\DNuHFKe.exe

C:\Windows\System\DNuHFKe.exe

C:\Windows\System\xuNxdsA.exe

C:\Windows\System\xuNxdsA.exe

C:\Windows\System\VDGPVly.exe

C:\Windows\System\VDGPVly.exe

C:\Windows\System\lhHNkQZ.exe

C:\Windows\System\lhHNkQZ.exe

C:\Windows\System\XPmtZkD.exe

C:\Windows\System\XPmtZkD.exe

C:\Windows\System\swnSTos.exe

C:\Windows\System\swnSTos.exe

C:\Windows\System\nPEjwTT.exe

C:\Windows\System\nPEjwTT.exe

C:\Windows\System\wmHsMFQ.exe

C:\Windows\System\wmHsMFQ.exe

C:\Windows\System\ZsniRAy.exe

C:\Windows\System\ZsniRAy.exe

C:\Windows\System\avkhujz.exe

C:\Windows\System\avkhujz.exe

C:\Windows\System\phTsfvz.exe

C:\Windows\System\phTsfvz.exe

C:\Windows\System\UWyARTm.exe

C:\Windows\System\UWyARTm.exe

C:\Windows\System\yZCoIZt.exe

C:\Windows\System\yZCoIZt.exe

C:\Windows\System\QFJmgDw.exe

C:\Windows\System\QFJmgDw.exe

C:\Windows\System\RYhJKiI.exe

C:\Windows\System\RYhJKiI.exe

C:\Windows\System\RbgZLsg.exe

C:\Windows\System\RbgZLsg.exe

C:\Windows\System\HlPywWL.exe

C:\Windows\System\HlPywWL.exe

C:\Windows\System\YXbmLvI.exe

C:\Windows\System\YXbmLvI.exe

C:\Windows\System\QtDqhJG.exe

C:\Windows\System\QtDqhJG.exe

C:\Windows\System\BwpEpTS.exe

C:\Windows\System\BwpEpTS.exe

C:\Windows\System\hweNnfo.exe

C:\Windows\System\hweNnfo.exe

C:\Windows\System\LXTYASE.exe

C:\Windows\System\LXTYASE.exe

C:\Windows\System\JcJkicH.exe

C:\Windows\System\JcJkicH.exe

C:\Windows\System\PlzKLbg.exe

C:\Windows\System\PlzKLbg.exe

C:\Windows\System\rFaDOOK.exe

C:\Windows\System\rFaDOOK.exe

C:\Windows\System\qjlrxlp.exe

C:\Windows\System\qjlrxlp.exe

C:\Windows\System\VpiyyRm.exe

C:\Windows\System\VpiyyRm.exe

C:\Windows\System\rWwjacP.exe

C:\Windows\System\rWwjacP.exe

C:\Windows\System\RNewsRA.exe

C:\Windows\System\RNewsRA.exe

C:\Windows\System\ScztPdl.exe

C:\Windows\System\ScztPdl.exe

C:\Windows\System\hmTyTrG.exe

C:\Windows\System\hmTyTrG.exe

C:\Windows\System\ZboyMMh.exe

C:\Windows\System\ZboyMMh.exe

C:\Windows\System\PrvJdhd.exe

C:\Windows\System\PrvJdhd.exe

C:\Windows\System\YUcYETr.exe

C:\Windows\System\YUcYETr.exe

C:\Windows\System\WZWjFRe.exe

C:\Windows\System\WZWjFRe.exe

C:\Windows\System\vLHclGX.exe

C:\Windows\System\vLHclGX.exe

C:\Windows\System\eKNQtvc.exe

C:\Windows\System\eKNQtvc.exe

C:\Windows\System\lGWBskJ.exe

C:\Windows\System\lGWBskJ.exe

C:\Windows\System\najQfCm.exe

C:\Windows\System\najQfCm.exe

C:\Windows\System\JFSErCi.exe

C:\Windows\System\JFSErCi.exe

C:\Windows\System\PdCDaGu.exe

C:\Windows\System\PdCDaGu.exe

C:\Windows\System\hJDKRMp.exe

C:\Windows\System\hJDKRMp.exe

C:\Windows\System\QIQzwMR.exe

C:\Windows\System\QIQzwMR.exe

C:\Windows\System\TOZEOvk.exe

C:\Windows\System\TOZEOvk.exe

C:\Windows\System\eooVmdy.exe

C:\Windows\System\eooVmdy.exe

C:\Windows\System\aklfAPg.exe

C:\Windows\System\aklfAPg.exe

C:\Windows\System\zkShqMb.exe

C:\Windows\System\zkShqMb.exe

C:\Windows\System\dHVzEpy.exe

C:\Windows\System\dHVzEpy.exe

C:\Windows\System\EYVcKmS.exe

C:\Windows\System\EYVcKmS.exe

C:\Windows\System\cqFZYol.exe

C:\Windows\System\cqFZYol.exe

C:\Windows\System\srPtKua.exe

C:\Windows\System\srPtKua.exe

C:\Windows\System\DUNKIdY.exe

C:\Windows\System\DUNKIdY.exe

C:\Windows\System\dnkmKys.exe

C:\Windows\System\dnkmKys.exe

C:\Windows\System\maYjcyT.exe

C:\Windows\System\maYjcyT.exe

C:\Windows\System\gwuESkH.exe

C:\Windows\System\gwuESkH.exe

C:\Windows\System\tgUdbJD.exe

C:\Windows\System\tgUdbJD.exe

C:\Windows\System\oLIJmeV.exe

C:\Windows\System\oLIJmeV.exe

C:\Windows\System\KJriaud.exe

C:\Windows\System\KJriaud.exe

C:\Windows\System\grzoIlT.exe

C:\Windows\System\grzoIlT.exe

C:\Windows\System\VhfqZgE.exe

C:\Windows\System\VhfqZgE.exe

C:\Windows\System\ayXhogw.exe

C:\Windows\System\ayXhogw.exe

C:\Windows\System\JwFytTF.exe

C:\Windows\System\JwFytTF.exe

C:\Windows\System\SToZmvB.exe

C:\Windows\System\SToZmvB.exe

C:\Windows\System\CjFSsZh.exe

C:\Windows\System\CjFSsZh.exe

C:\Windows\System\dGxTQKL.exe

C:\Windows\System\dGxTQKL.exe

C:\Windows\System\rCRwpHP.exe

C:\Windows\System\rCRwpHP.exe

C:\Windows\System\EIzvpzv.exe

C:\Windows\System\EIzvpzv.exe

C:\Windows\System\pCKnhmM.exe

C:\Windows\System\pCKnhmM.exe

C:\Windows\System\SwSiRtl.exe

C:\Windows\System\SwSiRtl.exe

C:\Windows\System\MWehdmL.exe

C:\Windows\System\MWehdmL.exe

C:\Windows\System\OgvPpIV.exe

C:\Windows\System\OgvPpIV.exe

C:\Windows\System\JoIkrQO.exe

C:\Windows\System\JoIkrQO.exe

C:\Windows\System\FaCNMRq.exe

C:\Windows\System\FaCNMRq.exe

C:\Windows\System\vYTYuTU.exe

C:\Windows\System\vYTYuTU.exe

C:\Windows\System\JVDoCjY.exe

C:\Windows\System\JVDoCjY.exe

C:\Windows\System\QAUaMPf.exe

C:\Windows\System\QAUaMPf.exe

C:\Windows\System\qJwYbRk.exe

C:\Windows\System\qJwYbRk.exe

C:\Windows\System\stuWuXd.exe

C:\Windows\System\stuWuXd.exe

C:\Windows\System\AsNEhKO.exe

C:\Windows\System\AsNEhKO.exe

C:\Windows\System\CvogWig.exe

C:\Windows\System\CvogWig.exe

C:\Windows\System\IGOlyuz.exe

C:\Windows\System\IGOlyuz.exe

C:\Windows\System\SQrNhUm.exe

C:\Windows\System\SQrNhUm.exe

C:\Windows\System\wwWPhao.exe

C:\Windows\System\wwWPhao.exe

C:\Windows\System\ffvYIdL.exe

C:\Windows\System\ffvYIdL.exe

C:\Windows\System\ATzQTvZ.exe

C:\Windows\System\ATzQTvZ.exe

C:\Windows\System\qUeyvvx.exe

C:\Windows\System\qUeyvvx.exe

C:\Windows\System\BJOEjJF.exe

C:\Windows\System\BJOEjJF.exe

C:\Windows\System\jiVlTuG.exe

C:\Windows\System\jiVlTuG.exe

C:\Windows\System\KClUbrc.exe

C:\Windows\System\KClUbrc.exe

C:\Windows\System\fyQYjMN.exe

C:\Windows\System\fyQYjMN.exe

C:\Windows\System\kAlQOZk.exe

C:\Windows\System\kAlQOZk.exe

C:\Windows\System\RKwKWOA.exe

C:\Windows\System\RKwKWOA.exe

C:\Windows\System\ZfzpuLK.exe

C:\Windows\System\ZfzpuLK.exe

C:\Windows\System\ukswXmA.exe

C:\Windows\System\ukswXmA.exe

C:\Windows\System\KSllzke.exe

C:\Windows\System\KSllzke.exe

C:\Windows\System\ulxWvRo.exe

C:\Windows\System\ulxWvRo.exe

C:\Windows\System\jSkNjMZ.exe

C:\Windows\System\jSkNjMZ.exe

C:\Windows\System\LNpiqgg.exe

C:\Windows\System\LNpiqgg.exe

C:\Windows\System\jAhkQir.exe

C:\Windows\System\jAhkQir.exe

C:\Windows\System\mIShEVQ.exe

C:\Windows\System\mIShEVQ.exe

C:\Windows\System\YBNPVnC.exe

C:\Windows\System\YBNPVnC.exe

C:\Windows\System\hHKvGTi.exe

C:\Windows\System\hHKvGTi.exe

C:\Windows\System\mpooWtk.exe

C:\Windows\System\mpooWtk.exe

C:\Windows\System\gvUjhQT.exe

C:\Windows\System\gvUjhQT.exe

C:\Windows\System\TgexhAI.exe

C:\Windows\System\TgexhAI.exe

C:\Windows\System\xYCOxca.exe

C:\Windows\System\xYCOxca.exe

C:\Windows\System\sgRSYWr.exe

C:\Windows\System\sgRSYWr.exe

C:\Windows\System\hShCwSV.exe

C:\Windows\System\hShCwSV.exe

C:\Windows\System\HZAMHPA.exe

C:\Windows\System\HZAMHPA.exe

C:\Windows\System\sKlDtuP.exe

C:\Windows\System\sKlDtuP.exe

C:\Windows\System\urNltEK.exe

C:\Windows\System\urNltEK.exe

C:\Windows\System\FuknkYe.exe

C:\Windows\System\FuknkYe.exe

C:\Windows\System\MbXwPVJ.exe

C:\Windows\System\MbXwPVJ.exe

C:\Windows\System\HxuAMLt.exe

C:\Windows\System\HxuAMLt.exe

C:\Windows\System\LEoyhpQ.exe

C:\Windows\System\LEoyhpQ.exe

C:\Windows\System\VwwIsjO.exe

C:\Windows\System\VwwIsjO.exe

C:\Windows\System\PFZKyVG.exe

C:\Windows\System\PFZKyVG.exe

C:\Windows\System\uezLUAW.exe

C:\Windows\System\uezLUAW.exe

C:\Windows\System\tqAfWzl.exe

C:\Windows\System\tqAfWzl.exe

C:\Windows\System\hlsPpas.exe

C:\Windows\System\hlsPpas.exe

C:\Windows\System\GsrIErt.exe

C:\Windows\System\GsrIErt.exe

C:\Windows\System\yjGEBla.exe

C:\Windows\System\yjGEBla.exe

C:\Windows\System\QlIMeqT.exe

C:\Windows\System\QlIMeqT.exe

C:\Windows\System\JvmFgph.exe

C:\Windows\System\JvmFgph.exe

C:\Windows\System\iomFgcE.exe

C:\Windows\System\iomFgcE.exe

C:\Windows\System\zdlRtSP.exe

C:\Windows\System\zdlRtSP.exe

C:\Windows\System\CLChqkl.exe

C:\Windows\System\CLChqkl.exe

C:\Windows\System\ShRUzXN.exe

C:\Windows\System\ShRUzXN.exe

C:\Windows\System\WTNPWvf.exe

C:\Windows\System\WTNPWvf.exe

C:\Windows\System\jccxxyH.exe

C:\Windows\System\jccxxyH.exe

C:\Windows\System\jBZQvrw.exe

C:\Windows\System\jBZQvrw.exe

C:\Windows\System\caeuRtW.exe

C:\Windows\System\caeuRtW.exe

C:\Windows\System\zXFKxNk.exe

C:\Windows\System\zXFKxNk.exe

C:\Windows\System\gfjKpZS.exe

C:\Windows\System\gfjKpZS.exe

C:\Windows\System\TzJniGV.exe

C:\Windows\System\TzJniGV.exe

C:\Windows\System\hXQjnoF.exe

C:\Windows\System\hXQjnoF.exe

C:\Windows\System\cpfcpop.exe

C:\Windows\System\cpfcpop.exe

C:\Windows\System\KCodFHH.exe

C:\Windows\System\KCodFHH.exe

C:\Windows\System\akpNHGz.exe

C:\Windows\System\akpNHGz.exe

C:\Windows\System\wuyweMA.exe

C:\Windows\System\wuyweMA.exe

C:\Windows\System\BINDuIc.exe

C:\Windows\System\BINDuIc.exe

C:\Windows\System\nBkyqwQ.exe

C:\Windows\System\nBkyqwQ.exe

C:\Windows\System\RdPaxux.exe

C:\Windows\System\RdPaxux.exe

C:\Windows\System\RVHdyRt.exe

C:\Windows\System\RVHdyRt.exe

C:\Windows\System\ybnlmUB.exe

C:\Windows\System\ybnlmUB.exe

C:\Windows\System\RQGXLpM.exe

C:\Windows\System\RQGXLpM.exe

C:\Windows\System\xPqELst.exe

C:\Windows\System\xPqELst.exe

C:\Windows\System\puyONfv.exe

C:\Windows\System\puyONfv.exe

C:\Windows\System\BFzJKSU.exe

C:\Windows\System\BFzJKSU.exe

C:\Windows\System\hciUUtq.exe

C:\Windows\System\hciUUtq.exe

C:\Windows\System\cnCONyl.exe

C:\Windows\System\cnCONyl.exe

C:\Windows\System\gUDTzhN.exe

C:\Windows\System\gUDTzhN.exe

C:\Windows\System\ZzEmxRh.exe

C:\Windows\System\ZzEmxRh.exe

C:\Windows\System\GnyHuWD.exe

C:\Windows\System\GnyHuWD.exe

C:\Windows\System\wySbszt.exe

C:\Windows\System\wySbszt.exe

C:\Windows\System\fyptByq.exe

C:\Windows\System\fyptByq.exe

C:\Windows\System\bWQVfdg.exe

C:\Windows\System\bWQVfdg.exe

C:\Windows\System\ZLnXqIS.exe

C:\Windows\System\ZLnXqIS.exe

C:\Windows\System\ugmOwhD.exe

C:\Windows\System\ugmOwhD.exe

C:\Windows\System\epZqyTN.exe

C:\Windows\System\epZqyTN.exe

C:\Windows\System\KxDKscU.exe

C:\Windows\System\KxDKscU.exe

C:\Windows\System\pUqzAUf.exe

C:\Windows\System\pUqzAUf.exe

C:\Windows\System\gPNwJVM.exe

C:\Windows\System\gPNwJVM.exe

C:\Windows\System\iUSapFo.exe

C:\Windows\System\iUSapFo.exe

C:\Windows\System\kjjkibW.exe

C:\Windows\System\kjjkibW.exe

C:\Windows\System\qEfdXzu.exe

C:\Windows\System\qEfdXzu.exe

C:\Windows\System\EJfvOVu.exe

C:\Windows\System\EJfvOVu.exe

C:\Windows\System\FXaaPVs.exe

C:\Windows\System\FXaaPVs.exe

C:\Windows\System\CSofXUJ.exe

C:\Windows\System\CSofXUJ.exe

C:\Windows\System\OxvFELN.exe

C:\Windows\System\OxvFELN.exe

C:\Windows\System\dbrNuZo.exe

C:\Windows\System\dbrNuZo.exe

C:\Windows\System\XWHcFik.exe

C:\Windows\System\XWHcFik.exe

C:\Windows\System\TUayExT.exe

C:\Windows\System\TUayExT.exe

C:\Windows\System\GDGDFiy.exe

C:\Windows\System\GDGDFiy.exe

C:\Windows\System\yvjggsu.exe

C:\Windows\System\yvjggsu.exe

C:\Windows\System\PznOIyc.exe

C:\Windows\System\PznOIyc.exe

C:\Windows\System\baqYOCX.exe

C:\Windows\System\baqYOCX.exe

C:\Windows\System\sdqhYBm.exe

C:\Windows\System\sdqhYBm.exe

C:\Windows\System\SMmgvGR.exe

C:\Windows\System\SMmgvGR.exe

C:\Windows\System\IrDgWKA.exe

C:\Windows\System\IrDgWKA.exe

C:\Windows\System\vFhlNQB.exe

C:\Windows\System\vFhlNQB.exe

C:\Windows\System\hykYvXA.exe

C:\Windows\System\hykYvXA.exe

C:\Windows\System\ZRiIViP.exe

C:\Windows\System\ZRiIViP.exe

C:\Windows\System\MhXwbTN.exe

C:\Windows\System\MhXwbTN.exe

C:\Windows\System\RNIYLyL.exe

C:\Windows\System\RNIYLyL.exe

C:\Windows\System\MewxTrM.exe

C:\Windows\System\MewxTrM.exe

C:\Windows\System\sLNKBJK.exe

C:\Windows\System\sLNKBJK.exe

C:\Windows\System\mhlphgm.exe

C:\Windows\System\mhlphgm.exe

C:\Windows\System\JFJErXx.exe

C:\Windows\System\JFJErXx.exe

C:\Windows\System\hWShfvd.exe

C:\Windows\System\hWShfvd.exe

C:\Windows\System\VUbvbRL.exe

C:\Windows\System\VUbvbRL.exe

C:\Windows\System\JIIweAO.exe

C:\Windows\System\JIIweAO.exe

C:\Windows\System\MoeNdGd.exe

C:\Windows\System\MoeNdGd.exe

C:\Windows\System\dICRdEo.exe

C:\Windows\System\dICRdEo.exe

C:\Windows\System\OZXVLQj.exe

C:\Windows\System\OZXVLQj.exe

C:\Windows\System\USnKPmQ.exe

C:\Windows\System\USnKPmQ.exe

C:\Windows\System\yDAgWhd.exe

C:\Windows\System\yDAgWhd.exe

C:\Windows\System\JAJeeyI.exe

C:\Windows\System\JAJeeyI.exe

C:\Windows\System\ucSNQGe.exe

C:\Windows\System\ucSNQGe.exe

C:\Windows\System\jHLArmR.exe

C:\Windows\System\jHLArmR.exe

C:\Windows\System\krhIAgA.exe

C:\Windows\System\krhIAgA.exe

C:\Windows\System\fulqBCy.exe

C:\Windows\System\fulqBCy.exe

C:\Windows\System\DjnWuai.exe

C:\Windows\System\DjnWuai.exe

C:\Windows\System\NUyPSjj.exe

C:\Windows\System\NUyPSjj.exe

C:\Windows\System\ZTNIlcx.exe

C:\Windows\System\ZTNIlcx.exe

C:\Windows\System\TQXzlkK.exe

C:\Windows\System\TQXzlkK.exe

C:\Windows\System\QoZqcma.exe

C:\Windows\System\QoZqcma.exe

C:\Windows\System\mEZxTHf.exe

C:\Windows\System\mEZxTHf.exe

C:\Windows\System\bMYBIvj.exe

C:\Windows\System\bMYBIvj.exe

C:\Windows\System\PZMAxto.exe

C:\Windows\System\PZMAxto.exe

C:\Windows\System\fNLfAge.exe

C:\Windows\System\fNLfAge.exe

C:\Windows\System\IpTnQYW.exe

C:\Windows\System\IpTnQYW.exe

C:\Windows\System\ZPGNuUw.exe

C:\Windows\System\ZPGNuUw.exe

C:\Windows\System\FwTvnSt.exe

C:\Windows\System\FwTvnSt.exe

C:\Windows\System\YohqKrW.exe

C:\Windows\System\YohqKrW.exe

C:\Windows\System\ocAraox.exe

C:\Windows\System\ocAraox.exe

C:\Windows\System\wMioSxK.exe

C:\Windows\System\wMioSxK.exe

C:\Windows\System\IVAhxwt.exe

C:\Windows\System\IVAhxwt.exe

C:\Windows\System\soITdfW.exe

C:\Windows\System\soITdfW.exe

C:\Windows\System\RZjtRTy.exe

C:\Windows\System\RZjtRTy.exe

C:\Windows\System\PkgXsCc.exe

C:\Windows\System\PkgXsCc.exe

C:\Windows\System\dCGbPLn.exe

C:\Windows\System\dCGbPLn.exe

C:\Windows\System\UgXqQed.exe

C:\Windows\System\UgXqQed.exe

C:\Windows\System\jXwrNgu.exe

C:\Windows\System\jXwrNgu.exe

C:\Windows\System\WkfoCuS.exe

C:\Windows\System\WkfoCuS.exe

C:\Windows\System\cUFPWtP.exe

C:\Windows\System\cUFPWtP.exe

C:\Windows\System\NZHKAlr.exe

C:\Windows\System\NZHKAlr.exe

C:\Windows\System\OgMQkDT.exe

C:\Windows\System\OgMQkDT.exe

C:\Windows\System\yetnieH.exe

C:\Windows\System\yetnieH.exe

C:\Windows\System\uJNtGca.exe

C:\Windows\System\uJNtGca.exe

C:\Windows\System\sqeQpvp.exe

C:\Windows\System\sqeQpvp.exe

C:\Windows\System\csanpJb.exe

C:\Windows\System\csanpJb.exe

C:\Windows\System\WvmtEJJ.exe

C:\Windows\System\WvmtEJJ.exe

C:\Windows\System\qMDrwqJ.exe

C:\Windows\System\qMDrwqJ.exe

C:\Windows\System\mqyJGWB.exe

C:\Windows\System\mqyJGWB.exe

C:\Windows\System\NhRPQcH.exe

C:\Windows\System\NhRPQcH.exe

C:\Windows\System\oxgfZOf.exe

C:\Windows\System\oxgfZOf.exe

C:\Windows\System\UswUqRM.exe

C:\Windows\System\UswUqRM.exe

C:\Windows\System\MpliEzT.exe

C:\Windows\System\MpliEzT.exe

C:\Windows\System\zBdTdML.exe

C:\Windows\System\zBdTdML.exe

C:\Windows\System\PhWdHgo.exe

C:\Windows\System\PhWdHgo.exe

C:\Windows\System\DTWhgcB.exe

C:\Windows\System\DTWhgcB.exe

C:\Windows\System\WwinHIx.exe

C:\Windows\System\WwinHIx.exe

C:\Windows\System\ilsQfgw.exe

C:\Windows\System\ilsQfgw.exe

C:\Windows\System\GTHiVyN.exe

C:\Windows\System\GTHiVyN.exe

C:\Windows\System\pKyZrdh.exe

C:\Windows\System\pKyZrdh.exe

C:\Windows\System\eeuQBJn.exe

C:\Windows\System\eeuQBJn.exe

C:\Windows\System\AVVYpYM.exe

C:\Windows\System\AVVYpYM.exe

C:\Windows\System\smltVmh.exe

C:\Windows\System\smltVmh.exe

C:\Windows\System\dDRYyJH.exe

C:\Windows\System\dDRYyJH.exe

C:\Windows\System\AZHHzNt.exe

C:\Windows\System\AZHHzNt.exe

C:\Windows\System\iGedRQC.exe

C:\Windows\System\iGedRQC.exe

C:\Windows\System\fzSNaOD.exe

C:\Windows\System\fzSNaOD.exe

C:\Windows\System\TnoFTFG.exe

C:\Windows\System\TnoFTFG.exe

C:\Windows\System\eavUntN.exe

C:\Windows\System\eavUntN.exe

C:\Windows\System\hYPjuRs.exe

C:\Windows\System\hYPjuRs.exe

C:\Windows\System\hsFPHrP.exe

C:\Windows\System\hsFPHrP.exe

C:\Windows\System\epfQZmb.exe

C:\Windows\System\epfQZmb.exe

C:\Windows\System\iBnLRjq.exe

C:\Windows\System\iBnLRjq.exe

C:\Windows\System\fBtWrhs.exe

C:\Windows\System\fBtWrhs.exe

C:\Windows\System\LhhpbUW.exe

C:\Windows\System\LhhpbUW.exe

C:\Windows\System\FEYEeZM.exe

C:\Windows\System\FEYEeZM.exe

C:\Windows\System\XnylOvM.exe

C:\Windows\System\XnylOvM.exe

C:\Windows\System\PhJwbJC.exe

C:\Windows\System\PhJwbJC.exe

C:\Windows\System\gYUZhOp.exe

C:\Windows\System\gYUZhOp.exe

C:\Windows\System\eTtUhYu.exe

C:\Windows\System\eTtUhYu.exe

C:\Windows\System\sajEbkY.exe

C:\Windows\System\sajEbkY.exe

C:\Windows\System\ZhDagwW.exe

C:\Windows\System\ZhDagwW.exe

C:\Windows\System\gpogtXv.exe

C:\Windows\System\gpogtXv.exe

C:\Windows\System\LnzENxw.exe

C:\Windows\System\LnzENxw.exe

C:\Windows\System\OdmgjRQ.exe

C:\Windows\System\OdmgjRQ.exe

C:\Windows\System\FyiULZr.exe

C:\Windows\System\FyiULZr.exe

C:\Windows\System\hwTvYsn.exe

C:\Windows\System\hwTvYsn.exe

C:\Windows\System\XbdkDJB.exe

C:\Windows\System\XbdkDJB.exe

C:\Windows\System\QPVGTtJ.exe

C:\Windows\System\QPVGTtJ.exe

C:\Windows\System\fbYSGOc.exe

C:\Windows\System\fbYSGOc.exe

C:\Windows\System\HIsAezY.exe

C:\Windows\System\HIsAezY.exe

C:\Windows\System\pXZjVQc.exe

C:\Windows\System\pXZjVQc.exe

C:\Windows\System\blnGUMw.exe

C:\Windows\System\blnGUMw.exe

C:\Windows\System\BBMyuqr.exe

C:\Windows\System\BBMyuqr.exe

C:\Windows\System\bxUzFCJ.exe

C:\Windows\System\bxUzFCJ.exe

C:\Windows\System\fRoNkph.exe

C:\Windows\System\fRoNkph.exe

C:\Windows\System\wpvbQgq.exe

C:\Windows\System\wpvbQgq.exe

C:\Windows\System\oEWGIad.exe

C:\Windows\System\oEWGIad.exe

C:\Windows\System\BnTXqjg.exe

C:\Windows\System\BnTXqjg.exe

C:\Windows\System\xlHjetg.exe

C:\Windows\System\xlHjetg.exe

C:\Windows\System\UhvIQmQ.exe

C:\Windows\System\UhvIQmQ.exe

C:\Windows\System\zjasEkN.exe

C:\Windows\System\zjasEkN.exe

C:\Windows\System\iKQCvFA.exe

C:\Windows\System\iKQCvFA.exe

C:\Windows\System\OqIxcQY.exe

C:\Windows\System\OqIxcQY.exe

C:\Windows\System\HOlcyvR.exe

C:\Windows\System\HOlcyvR.exe

C:\Windows\System\tTGrRXN.exe

C:\Windows\System\tTGrRXN.exe

C:\Windows\System\yjKqLSB.exe

C:\Windows\System\yjKqLSB.exe

C:\Windows\System\TlhMLAc.exe

C:\Windows\System\TlhMLAc.exe

C:\Windows\System\mpAEVyt.exe

C:\Windows\System\mpAEVyt.exe

C:\Windows\System\lDKqfqq.exe

C:\Windows\System\lDKqfqq.exe

C:\Windows\System\ydZEusM.exe

C:\Windows\System\ydZEusM.exe

C:\Windows\System\MgSnglS.exe

C:\Windows\System\MgSnglS.exe

C:\Windows\System\vsyRkNM.exe

C:\Windows\System\vsyRkNM.exe

C:\Windows\System\UIFPZDC.exe

C:\Windows\System\UIFPZDC.exe

C:\Windows\System\ILJGfjQ.exe

C:\Windows\System\ILJGfjQ.exe

C:\Windows\System\KYjqyMt.exe

C:\Windows\System\KYjqyMt.exe

C:\Windows\System\RhFabvx.exe

C:\Windows\System\RhFabvx.exe

C:\Windows\System\RVpgFpr.exe

C:\Windows\System\RVpgFpr.exe

C:\Windows\System\vDDeqvE.exe

C:\Windows\System\vDDeqvE.exe

C:\Windows\System\ICIQQJs.exe

C:\Windows\System\ICIQQJs.exe

C:\Windows\System\JQPukFc.exe

C:\Windows\System\JQPukFc.exe

C:\Windows\System\NvKxdTk.exe

C:\Windows\System\NvKxdTk.exe

C:\Windows\System\fyxmBxu.exe

C:\Windows\System\fyxmBxu.exe

C:\Windows\System\RBhrubV.exe

C:\Windows\System\RBhrubV.exe

C:\Windows\System\qNmHcLn.exe

C:\Windows\System\qNmHcLn.exe

C:\Windows\System\HgzWjcg.exe

C:\Windows\System\HgzWjcg.exe

C:\Windows\System\DqomhJi.exe

C:\Windows\System\DqomhJi.exe

C:\Windows\System\DCteZGj.exe

C:\Windows\System\DCteZGj.exe

C:\Windows\System\oirqHjG.exe

C:\Windows\System\oirqHjG.exe

C:\Windows\System\rHwmqOk.exe

C:\Windows\System\rHwmqOk.exe

C:\Windows\System\ejztWFn.exe

C:\Windows\System\ejztWFn.exe

C:\Windows\System\pHjWdWF.exe

C:\Windows\System\pHjWdWF.exe

C:\Windows\System\VeysEht.exe

C:\Windows\System\VeysEht.exe

C:\Windows\System\kHRBNxI.exe

C:\Windows\System\kHRBNxI.exe

C:\Windows\System\nAxpWdQ.exe

C:\Windows\System\nAxpWdQ.exe

C:\Windows\System\YzwpFYP.exe

C:\Windows\System\YzwpFYP.exe

C:\Windows\System\pAkZqHw.exe

C:\Windows\System\pAkZqHw.exe

C:\Windows\System\DIAbVNU.exe

C:\Windows\System\DIAbVNU.exe

C:\Windows\System\LQuZALN.exe

C:\Windows\System\LQuZALN.exe

C:\Windows\System\OQESRBU.exe

C:\Windows\System\OQESRBU.exe

C:\Windows\System\qXGgLbT.exe

C:\Windows\System\qXGgLbT.exe

C:\Windows\System\aRCTXns.exe

C:\Windows\System\aRCTXns.exe

C:\Windows\System\sZQeVqO.exe

C:\Windows\System\sZQeVqO.exe

C:\Windows\System\DSUGFHE.exe

C:\Windows\System\DSUGFHE.exe

C:\Windows\System\VIkDqsd.exe

C:\Windows\System\VIkDqsd.exe

C:\Windows\System\WiNWsOX.exe

C:\Windows\System\WiNWsOX.exe

C:\Windows\System\JQCHQSb.exe

C:\Windows\System\JQCHQSb.exe

C:\Windows\System\Xtlaons.exe

C:\Windows\System\Xtlaons.exe

C:\Windows\System\ygiCnkP.exe

C:\Windows\System\ygiCnkP.exe

C:\Windows\System\vMfarSb.exe

C:\Windows\System\vMfarSb.exe

C:\Windows\System\zsLYGyr.exe

C:\Windows\System\zsLYGyr.exe

C:\Windows\System\JfxqxMv.exe

C:\Windows\System\JfxqxMv.exe

C:\Windows\System\NsgNUkg.exe

C:\Windows\System\NsgNUkg.exe

C:\Windows\System\NRetJiB.exe

C:\Windows\System\NRetJiB.exe

C:\Windows\System\XimNeQS.exe

C:\Windows\System\XimNeQS.exe

C:\Windows\System\YmIPZXC.exe

C:\Windows\System\YmIPZXC.exe

C:\Windows\System\bFAMOoQ.exe

C:\Windows\System\bFAMOoQ.exe

C:\Windows\System\ZQHPjYV.exe

C:\Windows\System\ZQHPjYV.exe

C:\Windows\System\CZHihdz.exe

C:\Windows\System\CZHihdz.exe

C:\Windows\System\FaYEjXS.exe

C:\Windows\System\FaYEjXS.exe

C:\Windows\System\sjrQBjZ.exe

C:\Windows\System\sjrQBjZ.exe

C:\Windows\System\KTHDIrI.exe

C:\Windows\System\KTHDIrI.exe

C:\Windows\System\dzZDPoq.exe

C:\Windows\System\dzZDPoq.exe

C:\Windows\System\VvpYPMn.exe

C:\Windows\System\VvpYPMn.exe

C:\Windows\System\SwJJFmM.exe

C:\Windows\System\SwJJFmM.exe

C:\Windows\System\VcrfMoZ.exe

C:\Windows\System\VcrfMoZ.exe

C:\Windows\System\OYqNOGE.exe

C:\Windows\System\OYqNOGE.exe

C:\Windows\System\lBmObsi.exe

C:\Windows\System\lBmObsi.exe

C:\Windows\System\kkJPNif.exe

C:\Windows\System\kkJPNif.exe

C:\Windows\System\tmeuQEu.exe

C:\Windows\System\tmeuQEu.exe

C:\Windows\System\MJjiEYc.exe

C:\Windows\System\MJjiEYc.exe

C:\Windows\System\gtSROhS.exe

C:\Windows\System\gtSROhS.exe

C:\Windows\System\eWVjxkb.exe

C:\Windows\System\eWVjxkb.exe

C:\Windows\System\BDBYhpD.exe

C:\Windows\System\BDBYhpD.exe

C:\Windows\System\fCmsuom.exe

C:\Windows\System\fCmsuom.exe

C:\Windows\System\NatGIDo.exe

C:\Windows\System\NatGIDo.exe

C:\Windows\System\QOwuRpv.exe

C:\Windows\System\QOwuRpv.exe

C:\Windows\System\urlEogj.exe

C:\Windows\System\urlEogj.exe

C:\Windows\System\WHIQBTC.exe

C:\Windows\System\WHIQBTC.exe

C:\Windows\System\IEDATeJ.exe

C:\Windows\System\IEDATeJ.exe

C:\Windows\System\IqJAXdB.exe

C:\Windows\System\IqJAXdB.exe

C:\Windows\System\xfNSxWk.exe

C:\Windows\System\xfNSxWk.exe

C:\Windows\System\LgasIdI.exe

C:\Windows\System\LgasIdI.exe

C:\Windows\System\bnWhtvY.exe

C:\Windows\System\bnWhtvY.exe

C:\Windows\System\crtawuO.exe

C:\Windows\System\crtawuO.exe

C:\Windows\System\wdJqqfb.exe

C:\Windows\System\wdJqqfb.exe

C:\Windows\System\mPmNxOh.exe

C:\Windows\System\mPmNxOh.exe

C:\Windows\System\kgpSqcd.exe

C:\Windows\System\kgpSqcd.exe

C:\Windows\System\TNtAgxx.exe

C:\Windows\System\TNtAgxx.exe

C:\Windows\System\MArLdAx.exe

C:\Windows\System\MArLdAx.exe

C:\Windows\System\Gmwojwy.exe

C:\Windows\System\Gmwojwy.exe

C:\Windows\System\AeJWYDp.exe

C:\Windows\System\AeJWYDp.exe

C:\Windows\System\UPYVtnu.exe

C:\Windows\System\UPYVtnu.exe

C:\Windows\System\XATIymL.exe

C:\Windows\System\XATIymL.exe

C:\Windows\System\LIqMafD.exe

C:\Windows\System\LIqMafD.exe

C:\Windows\System\HYLXtsI.exe

C:\Windows\System\HYLXtsI.exe

C:\Windows\System\ToZCAFN.exe

C:\Windows\System\ToZCAFN.exe

C:\Windows\System\VndRkJM.exe

C:\Windows\System\VndRkJM.exe

C:\Windows\System\NAdIcpQ.exe

C:\Windows\System\NAdIcpQ.exe

C:\Windows\System\tYnFadD.exe

C:\Windows\System\tYnFadD.exe

C:\Windows\System\MYSwciN.exe

C:\Windows\System\MYSwciN.exe

C:\Windows\System\PvVwFXi.exe

C:\Windows\System\PvVwFXi.exe

C:\Windows\System\UeJXhGt.exe

C:\Windows\System\UeJXhGt.exe

C:\Windows\System\XMNxpjU.exe

C:\Windows\System\XMNxpjU.exe

C:\Windows\System\LEUuJLv.exe

C:\Windows\System\LEUuJLv.exe

C:\Windows\System\CiWljVP.exe

C:\Windows\System\CiWljVP.exe

C:\Windows\System\tiRYmjh.exe

C:\Windows\System\tiRYmjh.exe

C:\Windows\System\iHqyNZK.exe

C:\Windows\System\iHqyNZK.exe

C:\Windows\System\aaOqopV.exe

C:\Windows\System\aaOqopV.exe

C:\Windows\System\gSoLfyF.exe

C:\Windows\System\gSoLfyF.exe

C:\Windows\System\XmtsJlG.exe

C:\Windows\System\XmtsJlG.exe

C:\Windows\System\UcIyzVe.exe

C:\Windows\System\UcIyzVe.exe

C:\Windows\System\YyxvJvB.exe

C:\Windows\System\YyxvJvB.exe

C:\Windows\System\thIvZZx.exe

C:\Windows\System\thIvZZx.exe

C:\Windows\System\LHgglfg.exe

C:\Windows\System\LHgglfg.exe

C:\Windows\System\ZlUZYpN.exe

C:\Windows\System\ZlUZYpN.exe

C:\Windows\System\soBzMHf.exe

C:\Windows\System\soBzMHf.exe

C:\Windows\System\xKIeROZ.exe

C:\Windows\System\xKIeROZ.exe

C:\Windows\System\ysnhXsT.exe

C:\Windows\System\ysnhXsT.exe

C:\Windows\System\ZkzTOjg.exe

C:\Windows\System\ZkzTOjg.exe

C:\Windows\System\QHtjLZW.exe

C:\Windows\System\QHtjLZW.exe

C:\Windows\System\VrGfuCr.exe

C:\Windows\System\VrGfuCr.exe

C:\Windows\System\HvGQGQt.exe

C:\Windows\System\HvGQGQt.exe

C:\Windows\System\egokZrN.exe

C:\Windows\System\egokZrN.exe

C:\Windows\System\pDnrvEY.exe

C:\Windows\System\pDnrvEY.exe

C:\Windows\System\wNhPsDs.exe

C:\Windows\System\wNhPsDs.exe

C:\Windows\System\gZOeDMB.exe

C:\Windows\System\gZOeDMB.exe

C:\Windows\System\zYYoBJL.exe

C:\Windows\System\zYYoBJL.exe

C:\Windows\System\Kzuiuul.exe

C:\Windows\System\Kzuiuul.exe

C:\Windows\System\XmygUDi.exe

C:\Windows\System\XmygUDi.exe

C:\Windows\System\lbHDsMW.exe

C:\Windows\System\lbHDsMW.exe

C:\Windows\System\dNIaSfZ.exe

C:\Windows\System\dNIaSfZ.exe

C:\Windows\System\ruNaEEY.exe

C:\Windows\System\ruNaEEY.exe

C:\Windows\System\nCqXQnU.exe

C:\Windows\System\nCqXQnU.exe

C:\Windows\System\ruvWySf.exe

C:\Windows\System\ruvWySf.exe

C:\Windows\System\ixeFaZS.exe

C:\Windows\System\ixeFaZS.exe

C:\Windows\System\SfSwmqJ.exe

C:\Windows\System\SfSwmqJ.exe

C:\Windows\System\URnnQOX.exe

C:\Windows\System\URnnQOX.exe

C:\Windows\System\WDsHdGA.exe

C:\Windows\System\WDsHdGA.exe

C:\Windows\System\VlvSJxd.exe

C:\Windows\System\VlvSJxd.exe

C:\Windows\System\KObOFBt.exe

C:\Windows\System\KObOFBt.exe

C:\Windows\System\TnZbxHi.exe

C:\Windows\System\TnZbxHi.exe

C:\Windows\System\qUlfoNb.exe

C:\Windows\System\qUlfoNb.exe

C:\Windows\System\lcfvqMT.exe

C:\Windows\System\lcfvqMT.exe

C:\Windows\System\TqEcFVD.exe

C:\Windows\System\TqEcFVD.exe

C:\Windows\System\cEPWKmY.exe

C:\Windows\System\cEPWKmY.exe

C:\Windows\System\VzQFdfr.exe

C:\Windows\System\VzQFdfr.exe

C:\Windows\System\BeBaAXT.exe

C:\Windows\System\BeBaAXT.exe

C:\Windows\System\FCfOZFJ.exe

C:\Windows\System\FCfOZFJ.exe

C:\Windows\System\UEHsbRU.exe

C:\Windows\System\UEHsbRU.exe

C:\Windows\System\aAOPXWU.exe

C:\Windows\System\aAOPXWU.exe

C:\Windows\System\VVHucgO.exe

C:\Windows\System\VVHucgO.exe

C:\Windows\System\devZplm.exe

C:\Windows\System\devZplm.exe

C:\Windows\System\MWZXufM.exe

C:\Windows\System\MWZXufM.exe

C:\Windows\System\FNWmdtX.exe

C:\Windows\System\FNWmdtX.exe

C:\Windows\System\BKoXFLg.exe

C:\Windows\System\BKoXFLg.exe

C:\Windows\System\jMOlvll.exe

C:\Windows\System\jMOlvll.exe

C:\Windows\System\ySGJyUK.exe

C:\Windows\System\ySGJyUK.exe

C:\Windows\System\VpoBMIV.exe

C:\Windows\System\VpoBMIV.exe

C:\Windows\System\VoEQKQS.exe

C:\Windows\System\VoEQKQS.exe

C:\Windows\System\ZnhZJkn.exe

C:\Windows\System\ZnhZJkn.exe

C:\Windows\System\pYhsLih.exe

C:\Windows\System\pYhsLih.exe

C:\Windows\System\EbdVGVN.exe

C:\Windows\System\EbdVGVN.exe

C:\Windows\System\xBjeCGU.exe

C:\Windows\System\xBjeCGU.exe

C:\Windows\System\yDCXsqo.exe

C:\Windows\System\yDCXsqo.exe

C:\Windows\System\AAuZcFb.exe

C:\Windows\System\AAuZcFb.exe

C:\Windows\System\TobqtbO.exe

C:\Windows\System\TobqtbO.exe

C:\Windows\System\kIxaRxo.exe

C:\Windows\System\kIxaRxo.exe

C:\Windows\System\ppPmkfi.exe

C:\Windows\System\ppPmkfi.exe

C:\Windows\System\QbbhTPm.exe

C:\Windows\System\QbbhTPm.exe

C:\Windows\System\wZOQrmy.exe

C:\Windows\System\wZOQrmy.exe

C:\Windows\System\WgXFvut.exe

C:\Windows\System\WgXFvut.exe

C:\Windows\System\kHVkhsh.exe

C:\Windows\System\kHVkhsh.exe

C:\Windows\System\VLrGOWu.exe

C:\Windows\System\VLrGOWu.exe

C:\Windows\System\tuTDTQB.exe

C:\Windows\System\tuTDTQB.exe

C:\Windows\System\WPYzsTO.exe

C:\Windows\System\WPYzsTO.exe

C:\Windows\System\YjDNJsQ.exe

C:\Windows\System\YjDNJsQ.exe

C:\Windows\System\VoBwUzu.exe

C:\Windows\System\VoBwUzu.exe

C:\Windows\System\EnSaDCP.exe

C:\Windows\System\EnSaDCP.exe

C:\Windows\System\ohVZCNh.exe

C:\Windows\System\ohVZCNh.exe

C:\Windows\System\rFqCBIr.exe

C:\Windows\System\rFqCBIr.exe

C:\Windows\System\cUjmUMv.exe

C:\Windows\System\cUjmUMv.exe

C:\Windows\System\FvpZjAN.exe

C:\Windows\System\FvpZjAN.exe

C:\Windows\System\IzXcJiW.exe

C:\Windows\System\IzXcJiW.exe

C:\Windows\System\HYozEYt.exe

C:\Windows\System\HYozEYt.exe

C:\Windows\System\dedEaqW.exe

C:\Windows\System\dedEaqW.exe

C:\Windows\System\pmvhYzP.exe

C:\Windows\System\pmvhYzP.exe

C:\Windows\System\KlCHHMQ.exe

C:\Windows\System\KlCHHMQ.exe

C:\Windows\System\cBeYHnV.exe

C:\Windows\System\cBeYHnV.exe

C:\Windows\System\uJwApyN.exe

C:\Windows\System\uJwApyN.exe

C:\Windows\System\QSszgxo.exe

C:\Windows\System\QSszgxo.exe

C:\Windows\System\fRSaNot.exe

C:\Windows\System\fRSaNot.exe

C:\Windows\System\dkzdJdU.exe

C:\Windows\System\dkzdJdU.exe

C:\Windows\System\GssTtNz.exe

C:\Windows\System\GssTtNz.exe

C:\Windows\System\iEmYbXi.exe

C:\Windows\System\iEmYbXi.exe

C:\Windows\System\iNFsAKr.exe

C:\Windows\System\iNFsAKr.exe

C:\Windows\System\PbjXGgM.exe

C:\Windows\System\PbjXGgM.exe

C:\Windows\System\maGeJHR.exe

C:\Windows\System\maGeJHR.exe

C:\Windows\System\wOUUBTd.exe

C:\Windows\System\wOUUBTd.exe

C:\Windows\System\qHbWbJr.exe

C:\Windows\System\qHbWbJr.exe

C:\Windows\System\gHkPhNY.exe

C:\Windows\System\gHkPhNY.exe

C:\Windows\System\QUvFWgQ.exe

C:\Windows\System\QUvFWgQ.exe

C:\Windows\System\WhgZcvV.exe

C:\Windows\System\WhgZcvV.exe

C:\Windows\System\LvNXSKv.exe

C:\Windows\System\LvNXSKv.exe

C:\Windows\System\tPBZUlG.exe

C:\Windows\System\tPBZUlG.exe

C:\Windows\System\pfOHzKG.exe

C:\Windows\System\pfOHzKG.exe

C:\Windows\System\qwdQlXT.exe

C:\Windows\System\qwdQlXT.exe

C:\Windows\System\nVWAcpT.exe

C:\Windows\System\nVWAcpT.exe

C:\Windows\System\aFFTJpU.exe

C:\Windows\System\aFFTJpU.exe

C:\Windows\System\TFpAOnJ.exe

C:\Windows\System\TFpAOnJ.exe

C:\Windows\System\ioMbQDp.exe

C:\Windows\System\ioMbQDp.exe

C:\Windows\System\CmvcFmw.exe

C:\Windows\System\CmvcFmw.exe

C:\Windows\System\cnlVGpn.exe

C:\Windows\System\cnlVGpn.exe

C:\Windows\System\LWHnzIJ.exe

C:\Windows\System\LWHnzIJ.exe

C:\Windows\System\mgmadIP.exe

C:\Windows\System\mgmadIP.exe

C:\Windows\System\AEtxagl.exe

C:\Windows\System\AEtxagl.exe

C:\Windows\System\WWlgMcT.exe

C:\Windows\System\WWlgMcT.exe

C:\Windows\System\ZPifcJs.exe

C:\Windows\System\ZPifcJs.exe

C:\Windows\System\McCXbMa.exe

C:\Windows\System\McCXbMa.exe

C:\Windows\System\veIGswL.exe

C:\Windows\System\veIGswL.exe

C:\Windows\System\LlyNUWu.exe

C:\Windows\System\LlyNUWu.exe

C:\Windows\System\hRBbMKU.exe

C:\Windows\System\hRBbMKU.exe

C:\Windows\System\UEGHvAB.exe

C:\Windows\System\UEGHvAB.exe

C:\Windows\System\akWibvN.exe

C:\Windows\System\akWibvN.exe

C:\Windows\System\TDzcVmR.exe

C:\Windows\System\TDzcVmR.exe

C:\Windows\System\VywyRoV.exe

C:\Windows\System\VywyRoV.exe

C:\Windows\System\crWPSnI.exe

C:\Windows\System\crWPSnI.exe

C:\Windows\System\bNblfDW.exe

C:\Windows\System\bNblfDW.exe

C:\Windows\System\JssdLUW.exe

C:\Windows\System\JssdLUW.exe

C:\Windows\System\CwceFkL.exe

C:\Windows\System\CwceFkL.exe

C:\Windows\System\hEGmJjT.exe

C:\Windows\System\hEGmJjT.exe

C:\Windows\System\DDtjKeu.exe

C:\Windows\System\DDtjKeu.exe

C:\Windows\System\kEfErjv.exe

C:\Windows\System\kEfErjv.exe

C:\Windows\System\WuBjoEm.exe

C:\Windows\System\WuBjoEm.exe

C:\Windows\System\dDQRHcb.exe

C:\Windows\System\dDQRHcb.exe

C:\Windows\System\TTZQljV.exe

C:\Windows\System\TTZQljV.exe

C:\Windows\System\KmwPXHz.exe

C:\Windows\System\KmwPXHz.exe

C:\Windows\System\VNhAaaH.exe

C:\Windows\System\VNhAaaH.exe

C:\Windows\System\LXSrdFo.exe

C:\Windows\System\LXSrdFo.exe

C:\Windows\System\hYcfiTt.exe

C:\Windows\System\hYcfiTt.exe

C:\Windows\System\zPOtxTw.exe

C:\Windows\System\zPOtxTw.exe

C:\Windows\System\XjkOHSt.exe

C:\Windows\System\XjkOHSt.exe

C:\Windows\System\pqEvvkE.exe

C:\Windows\System\pqEvvkE.exe

C:\Windows\System\OrNjFpJ.exe

C:\Windows\System\OrNjFpJ.exe

C:\Windows\System\apHkFMA.exe

C:\Windows\System\apHkFMA.exe

C:\Windows\System\XgiFrit.exe

C:\Windows\System\XgiFrit.exe

C:\Windows\System\DCtoBbT.exe

C:\Windows\System\DCtoBbT.exe

C:\Windows\System\hjBfqCt.exe

C:\Windows\System\hjBfqCt.exe

C:\Windows\System\MDAjred.exe

C:\Windows\System\MDAjred.exe

C:\Windows\System\GTSHLMp.exe

C:\Windows\System\GTSHLMp.exe

C:\Windows\System\Uolltnq.exe

C:\Windows\System\Uolltnq.exe

C:\Windows\System\UGMcpXP.exe

C:\Windows\System\UGMcpXP.exe

C:\Windows\System\YpysOrR.exe

C:\Windows\System\YpysOrR.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 556 -p 14108 -ip 14108

C:\Windows\System\SDJuUCo.exe

C:\Windows\System\SDJuUCo.exe

C:\Windows\System\UOEBbRu.exe

C:\Windows\System\UOEBbRu.exe

C:\Windows\System\ejifwyN.exe

C:\Windows\System\ejifwyN.exe

C:\Windows\System\KxGqVLg.exe

C:\Windows\System\KxGqVLg.exe

C:\Windows\System\VOIEnTW.exe

C:\Windows\System\VOIEnTW.exe

C:\Windows\System\XeUJVWM.exe

C:\Windows\System\XeUJVWM.exe

C:\Windows\System\jGBCoUb.exe

C:\Windows\System\jGBCoUb.exe

C:\Windows\System\HdZwYdQ.exe

C:\Windows\System\HdZwYdQ.exe

C:\Windows\System\kxNZpGT.exe

C:\Windows\System\kxNZpGT.exe

C:\Windows\System\YxLmRQP.exe

C:\Windows\System\YxLmRQP.exe

C:\Windows\System\qWoJHOl.exe

C:\Windows\System\qWoJHOl.exe

C:\Windows\System\taeAWvi.exe

C:\Windows\System\taeAWvi.exe

C:\Windows\System\PUXPnZf.exe

C:\Windows\System\PUXPnZf.exe

C:\Windows\System\YBegWQk.exe

C:\Windows\System\YBegWQk.exe

C:\Windows\System\WctEeYF.exe

C:\Windows\System\WctEeYF.exe

C:\Windows\System\UAnvkki.exe

C:\Windows\System\UAnvkki.exe

C:\Windows\System\UIXnynS.exe

C:\Windows\System\UIXnynS.exe

C:\Windows\System\NZdVXOq.exe

C:\Windows\System\NZdVXOq.exe

C:\Windows\System\AMjEjRv.exe

C:\Windows\System\AMjEjRv.exe

C:\Windows\System\BaEFUAZ.exe

C:\Windows\System\BaEFUAZ.exe

C:\Windows\System\xAazNCD.exe

C:\Windows\System\xAazNCD.exe

C:\Windows\System\ddFxLOQ.exe

C:\Windows\System\ddFxLOQ.exe

C:\Windows\System\gBssHHS.exe

C:\Windows\System\gBssHHS.exe

C:\Windows\System\JVKfSXo.exe

C:\Windows\System\JVKfSXo.exe

C:\Windows\System\joGUnSI.exe

C:\Windows\System\joGUnSI.exe

C:\Windows\System\LrCyiwg.exe

C:\Windows\System\LrCyiwg.exe

C:\Windows\System\fEgeawx.exe

C:\Windows\System\fEgeawx.exe

C:\Windows\System\zBTHltc.exe

C:\Windows\System\zBTHltc.exe

C:\Windows\System\GYkhXte.exe

C:\Windows\System\GYkhXte.exe

C:\Windows\System\SJjicmB.exe

C:\Windows\System\SJjicmB.exe

C:\Windows\System\bwenBYw.exe

C:\Windows\System\bwenBYw.exe

C:\Windows\System\dcLyYVg.exe

C:\Windows\System\dcLyYVg.exe

C:\Windows\System\zhrgLOE.exe

C:\Windows\System\zhrgLOE.exe

C:\Windows\System\XnFpmVo.exe

C:\Windows\System\XnFpmVo.exe

C:\Windows\System\tIutbsn.exe

C:\Windows\System\tIutbsn.exe

C:\Windows\System\mMavMMq.exe

C:\Windows\System\mMavMMq.exe

C:\Windows\System\nrXYsRf.exe

C:\Windows\System\nrXYsRf.exe

C:\Windows\System\pkyHZfH.exe

C:\Windows\System\pkyHZfH.exe

C:\Windows\System\aAQLDxP.exe

C:\Windows\System\aAQLDxP.exe

C:\Windows\System\RexVQas.exe

C:\Windows\System\RexVQas.exe

C:\Windows\System\fwXGhil.exe

C:\Windows\System\fwXGhil.exe

C:\Windows\System\VEpthKe.exe

C:\Windows\System\VEpthKe.exe

C:\Windows\System\qRFNxpb.exe

C:\Windows\System\qRFNxpb.exe

C:\Windows\System\yIEKxDt.exe

C:\Windows\System\yIEKxDt.exe

C:\Windows\System\qeUDRmn.exe

C:\Windows\System\qeUDRmn.exe

C:\Windows\System\wxcWCwd.exe

C:\Windows\System\wxcWCwd.exe

C:\Windows\System\kRLbQgw.exe

C:\Windows\System\kRLbQgw.exe

C:\Windows\System\YREoAFr.exe

C:\Windows\System\YREoAFr.exe

C:\Windows\System\XzkrGQc.exe

C:\Windows\System\XzkrGQc.exe

C:\Windows\System\atxvIkg.exe

C:\Windows\System\atxvIkg.exe

C:\Windows\System\VBwUStZ.exe

C:\Windows\System\VBwUStZ.exe

C:\Windows\System\MSmKaOS.exe

C:\Windows\System\MSmKaOS.exe

C:\Windows\System\dVfrySk.exe

C:\Windows\System\dVfrySk.exe

C:\Windows\System\Agbwrpo.exe

C:\Windows\System\Agbwrpo.exe

C:\Windows\System\DzViKtx.exe

C:\Windows\System\DzViKtx.exe

C:\Windows\System\ocfEXXZ.exe

C:\Windows\System\ocfEXXZ.exe

C:\Windows\System\KuJgmZl.exe

C:\Windows\System\KuJgmZl.exe

C:\Windows\System\ofjZKZq.exe

C:\Windows\System\ofjZKZq.exe

C:\Windows\System\KXkwGGk.exe

C:\Windows\System\KXkwGGk.exe

C:\Windows\System\FsTRngI.exe

C:\Windows\System\FsTRngI.exe

C:\Windows\System\oUUgNuY.exe

C:\Windows\System\oUUgNuY.exe

C:\Windows\System\uoqmUbp.exe

C:\Windows\System\uoqmUbp.exe

C:\Windows\System\vPAAAPD.exe

C:\Windows\System\vPAAAPD.exe

C:\Windows\System\xTdqsgZ.exe

C:\Windows\System\xTdqsgZ.exe

C:\Windows\System\TDsRSQQ.exe

C:\Windows\System\TDsRSQQ.exe

C:\Windows\System\qLgpGTN.exe

C:\Windows\System\qLgpGTN.exe

C:\Windows\System\jLAQdtK.exe

C:\Windows\System\jLAQdtK.exe

C:\Windows\System\seJEjdi.exe

C:\Windows\System\seJEjdi.exe

C:\Windows\System\sMZiDCs.exe

C:\Windows\System\sMZiDCs.exe

C:\Windows\System\MLOBMfi.exe

C:\Windows\System\MLOBMfi.exe

C:\Windows\System\TnjdLxK.exe

C:\Windows\System\TnjdLxK.exe

C:\Windows\System\LctNcmx.exe

C:\Windows\System\LctNcmx.exe

C:\Windows\System\dhywUvT.exe

C:\Windows\System\dhywUvT.exe

C:\Windows\System\ZuvkNff.exe

C:\Windows\System\ZuvkNff.exe

C:\Windows\System\rFQxLZt.exe

C:\Windows\System\rFQxLZt.exe

C:\Windows\System\tZKMlAr.exe

C:\Windows\System\tZKMlAr.exe

C:\Windows\System\mvSWvXx.exe

C:\Windows\System\mvSWvXx.exe

C:\Windows\System\beOWWFx.exe

C:\Windows\System\beOWWFx.exe

C:\Windows\System\ziDUnYz.exe

C:\Windows\System\ziDUnYz.exe

C:\Windows\System\UDnDboa.exe

C:\Windows\System\UDnDboa.exe

C:\Windows\System\QtKDJUU.exe

C:\Windows\System\QtKDJUU.exe

C:\Windows\System\HKUExMt.exe

C:\Windows\System\HKUExMt.exe

C:\Windows\System\ymClzab.exe

C:\Windows\System\ymClzab.exe

C:\Windows\System\ydnOeaP.exe

C:\Windows\System\ydnOeaP.exe

C:\Windows\System\OcIliqd.exe

C:\Windows\System\OcIliqd.exe

C:\Windows\System\WJTdsNt.exe

C:\Windows\System\WJTdsNt.exe

C:\Windows\System\LkXvROE.exe

C:\Windows\System\LkXvROE.exe

C:\Windows\System\ITEXWgv.exe

C:\Windows\System\ITEXWgv.exe

C:\Windows\System\vUhZMVK.exe

C:\Windows\System\vUhZMVK.exe

C:\Windows\System\uJrhoXe.exe

C:\Windows\System\uJrhoXe.exe

C:\Windows\System\pWEtnlV.exe

C:\Windows\System\pWEtnlV.exe

C:\Windows\System\xNxZNvA.exe

C:\Windows\System\xNxZNvA.exe

C:\Windows\System\Lrymtwt.exe

C:\Windows\System\Lrymtwt.exe

C:\Windows\System\BMckrjn.exe

C:\Windows\System\BMckrjn.exe

C:\Windows\System\TgDzeNl.exe

C:\Windows\System\TgDzeNl.exe

C:\Windows\System\dFKLvvp.exe

C:\Windows\System\dFKLvvp.exe

C:\Windows\System\xfypVQo.exe

C:\Windows\System\xfypVQo.exe

C:\Windows\System\lEPgekx.exe

C:\Windows\System\lEPgekx.exe

C:\Windows\System\kRCZOUK.exe

C:\Windows\System\kRCZOUK.exe

C:\Windows\System\CFLhwWc.exe

C:\Windows\System\CFLhwWc.exe

C:\Windows\System\mCbQVMC.exe

C:\Windows\System\mCbQVMC.exe

C:\Windows\System\DLuNwqz.exe

C:\Windows\System\DLuNwqz.exe

C:\Windows\System\HqqMzGr.exe

C:\Windows\System\HqqMzGr.exe

C:\Windows\System\EnDSRsr.exe

C:\Windows\System\EnDSRsr.exe

C:\Windows\System\rQWINrD.exe

C:\Windows\System\rQWINrD.exe

C:\Windows\System\HtjxIVl.exe

C:\Windows\System\HtjxIVl.exe

C:\Windows\System\mMtOAUW.exe

C:\Windows\System\mMtOAUW.exe

C:\Windows\System\DgXtpJg.exe

C:\Windows\System\DgXtpJg.exe

C:\Windows\System\bWvWhTL.exe

C:\Windows\System\bWvWhTL.exe

C:\Windows\System\RnNSgQI.exe

C:\Windows\System\RnNSgQI.exe

C:\Windows\System\RouGXpQ.exe

C:\Windows\System\RouGXpQ.exe

C:\Windows\System\FUUOwff.exe

C:\Windows\System\FUUOwff.exe

C:\Windows\System\YijnZxB.exe

C:\Windows\System\YijnZxB.exe

C:\Windows\System\BNIaomM.exe

C:\Windows\System\BNIaomM.exe

C:\Windows\System\bulqQho.exe

C:\Windows\System\bulqQho.exe

C:\Windows\System\IqpgMHA.exe

C:\Windows\System\IqpgMHA.exe

C:\Windows\System\jGNNARm.exe

C:\Windows\System\jGNNARm.exe

C:\Windows\System\ljLXQgc.exe

C:\Windows\System\ljLXQgc.exe

C:\Windows\System\xVujlhJ.exe

C:\Windows\System\xVujlhJ.exe

C:\Windows\System\ahijlPX.exe

C:\Windows\System\ahijlPX.exe

C:\Windows\System\wOTycMn.exe

C:\Windows\System\wOTycMn.exe

C:\Windows\System\UWiFIon.exe

C:\Windows\System\UWiFIon.exe

C:\Windows\System\ZMUYUuu.exe

C:\Windows\System\ZMUYUuu.exe

C:\Windows\System\sDkBght.exe

C:\Windows\System\sDkBght.exe

C:\Windows\System\URcDDOK.exe

C:\Windows\System\URcDDOK.exe

C:\Windows\System\PqXclnR.exe

C:\Windows\System\PqXclnR.exe

C:\Windows\System\WFihhZG.exe

C:\Windows\System\WFihhZG.exe

C:\Windows\System\oeTyGzK.exe

C:\Windows\System\oeTyGzK.exe

C:\Windows\System\DhOxcKB.exe

C:\Windows\System\DhOxcKB.exe

C:\Windows\System\abANHLJ.exe

C:\Windows\System\abANHLJ.exe

C:\Windows\System\qqZAFjY.exe

C:\Windows\System\qqZAFjY.exe

C:\Windows\System\kTJpnQF.exe

C:\Windows\System\kTJpnQF.exe

C:\Windows\System\nQuCTkj.exe

C:\Windows\System\nQuCTkj.exe

C:\Windows\System\IAfYKjR.exe

C:\Windows\System\IAfYKjR.exe

C:\Windows\System\zbILTev.exe

C:\Windows\System\zbILTev.exe

C:\Windows\System\SSNcIOu.exe

C:\Windows\System\SSNcIOu.exe

C:\Windows\System\ZjyObOh.exe

C:\Windows\System\ZjyObOh.exe

C:\Windows\System\bGLeybP.exe

C:\Windows\System\bGLeybP.exe

C:\Windows\System\VdXBrEH.exe

C:\Windows\System\VdXBrEH.exe

C:\Windows\System\kwCKOYX.exe

C:\Windows\System\kwCKOYX.exe

C:\Windows\System\bYGjQby.exe

C:\Windows\System\bYGjQby.exe

C:\Windows\System\QggzEev.exe

C:\Windows\System\QggzEev.exe

C:\Windows\System\qdKNoDJ.exe

C:\Windows\System\qdKNoDJ.exe

C:\Windows\System\DFGQqzy.exe

C:\Windows\System\DFGQqzy.exe

C:\Windows\System\cWdlujh.exe

C:\Windows\System\cWdlujh.exe

C:\Windows\System\zMWjmeJ.exe

C:\Windows\System\zMWjmeJ.exe

C:\Windows\System\cmuRdqs.exe

C:\Windows\System\cmuRdqs.exe

C:\Windows\System\QVxOIqW.exe

C:\Windows\System\QVxOIqW.exe

C:\Windows\System\HrLlLRP.exe

C:\Windows\System\HrLlLRP.exe

C:\Windows\System\LTKWiNw.exe

C:\Windows\System\LTKWiNw.exe

C:\Windows\System\pCngoEh.exe

C:\Windows\System\pCngoEh.exe

C:\Windows\System\APcLMYd.exe

C:\Windows\System\APcLMYd.exe

C:\Windows\System\DEOCuWE.exe

C:\Windows\System\DEOCuWE.exe

C:\Windows\System\MGvOwzV.exe

C:\Windows\System\MGvOwzV.exe

C:\Windows\System\MglzxDb.exe

C:\Windows\System\MglzxDb.exe

C:\Windows\System\mjYvEfy.exe

C:\Windows\System\mjYvEfy.exe

C:\Windows\System\ucbDQbM.exe

C:\Windows\System\ucbDQbM.exe

C:\Windows\System\TKBFUrW.exe

C:\Windows\System\TKBFUrW.exe

C:\Windows\System\DFgVbfO.exe

C:\Windows\System\DFgVbfO.exe

C:\Windows\System\onroDpt.exe

C:\Windows\System\onroDpt.exe

C:\Windows\System\ZRFhrGI.exe

C:\Windows\System\ZRFhrGI.exe

C:\Windows\System\sVmwzYT.exe

C:\Windows\System\sVmwzYT.exe

C:\Windows\System\XEMpvXJ.exe

C:\Windows\System\XEMpvXJ.exe

C:\Windows\System\xSZzJVM.exe

C:\Windows\System\xSZzJVM.exe

C:\Windows\System\JOqJtge.exe

C:\Windows\System\JOqJtge.exe

C:\Windows\System\ZSoAELE.exe

C:\Windows\System\ZSoAELE.exe

C:\Windows\System\uRAQJpm.exe

C:\Windows\System\uRAQJpm.exe

C:\Windows\System\AdppYLW.exe

C:\Windows\System\AdppYLW.exe

C:\Windows\System\GxJjudS.exe

C:\Windows\System\GxJjudS.exe

C:\Windows\System\JuMFLud.exe

C:\Windows\System\JuMFLud.exe

C:\Windows\System\POjSNHK.exe

C:\Windows\System\POjSNHK.exe

C:\Windows\System\AKlFavv.exe

C:\Windows\System\AKlFavv.exe

C:\Windows\System\zvZnvRW.exe

C:\Windows\System\zvZnvRW.exe

C:\Windows\System\RflooKY.exe

C:\Windows\System\RflooKY.exe

C:\Windows\System\dytaBfP.exe

C:\Windows\System\dytaBfP.exe

C:\Windows\System\zShylxP.exe

C:\Windows\System\zShylxP.exe

C:\Windows\System\DHQXFCa.exe

C:\Windows\System\DHQXFCa.exe

C:\Windows\System\nikRugy.exe

C:\Windows\System\nikRugy.exe

C:\Windows\System\BHmdXiC.exe

C:\Windows\System\BHmdXiC.exe

C:\Windows\System\rpjBbrL.exe

C:\Windows\System\rpjBbrL.exe

C:\Windows\System\FGAYfWs.exe

C:\Windows\System\FGAYfWs.exe

C:\Windows\System\MxXrIQX.exe

C:\Windows\System\MxXrIQX.exe

C:\Windows\System\BdrGpHd.exe

C:\Windows\System\BdrGpHd.exe

C:\Windows\System\qQqKBqp.exe

C:\Windows\System\qQqKBqp.exe

C:\Windows\System\lNYZxKL.exe

C:\Windows\System\lNYZxKL.exe

C:\Windows\System\bPQQmja.exe

C:\Windows\System\bPQQmja.exe

C:\Windows\System\XUeiDqS.exe

C:\Windows\System\XUeiDqS.exe

C:\Windows\System\qNzrTTj.exe

C:\Windows\System\qNzrTTj.exe

C:\Windows\System\yPembrg.exe

C:\Windows\System\yPembrg.exe

C:\Windows\System\aojIlBP.exe

C:\Windows\System\aojIlBP.exe

C:\Windows\System\LsZWDEX.exe

C:\Windows\System\LsZWDEX.exe

C:\Windows\System\sGERZpp.exe

C:\Windows\System\sGERZpp.exe

C:\Windows\System\HXxBTWN.exe

C:\Windows\System\HXxBTWN.exe

C:\Windows\System\MMbuoOy.exe

C:\Windows\System\MMbuoOy.exe

C:\Windows\System\NkHKHhf.exe

C:\Windows\System\NkHKHhf.exe

C:\Windows\System\YXCKOTt.exe

C:\Windows\System\YXCKOTt.exe

C:\Windows\System\JwjzMPI.exe

C:\Windows\System\JwjzMPI.exe

C:\Windows\System\cBshdLn.exe

C:\Windows\System\cBshdLn.exe

C:\Windows\System\LqSsHBo.exe

C:\Windows\System\LqSsHBo.exe

C:\Windows\System\ZKwFBAu.exe

C:\Windows\System\ZKwFBAu.exe

C:\Windows\System\BMuwMYH.exe

C:\Windows\System\BMuwMYH.exe

C:\Windows\System\gYBwFww.exe

C:\Windows\System\gYBwFww.exe

C:\Windows\System\HRPjyDq.exe

C:\Windows\System\HRPjyDq.exe

C:\Windows\System\fwCAIYz.exe

C:\Windows\System\fwCAIYz.exe

C:\Windows\System\ZJAaGkh.exe

C:\Windows\System\ZJAaGkh.exe

C:\Windows\System\kwpJqTl.exe

C:\Windows\System\kwpJqTl.exe

C:\Windows\System\MiRILwg.exe

C:\Windows\System\MiRILwg.exe

C:\Windows\System\iquLmjQ.exe

C:\Windows\System\iquLmjQ.exe

C:\Windows\System\IqJGFdC.exe

C:\Windows\System\IqJGFdC.exe

C:\Windows\System\nvDhsnP.exe

C:\Windows\System\nvDhsnP.exe

C:\Windows\System\EECkcVx.exe

C:\Windows\System\EECkcVx.exe

C:\Windows\System\PICrOZj.exe

C:\Windows\System\PICrOZj.exe

C:\Windows\System\dKBwHVJ.exe

C:\Windows\System\dKBwHVJ.exe

C:\Windows\System\KvYkBLB.exe

C:\Windows\System\KvYkBLB.exe

C:\Windows\System\Xnjomtt.exe

C:\Windows\System\Xnjomtt.exe

C:\Windows\System\gIgDsjK.exe

C:\Windows\System\gIgDsjK.exe

C:\Windows\System\VrDNwJY.exe

C:\Windows\System\VrDNwJY.exe

C:\Windows\System\dAdDISW.exe

C:\Windows\System\dAdDISW.exe

C:\Windows\System\GJfhOsi.exe

C:\Windows\System\GJfhOsi.exe

C:\Windows\System\mFyLBlM.exe

C:\Windows\System\mFyLBlM.exe

C:\Windows\System\ydTIADw.exe

C:\Windows\System\ydTIADw.exe

C:\Windows\System\zNcrjSr.exe

C:\Windows\System\zNcrjSr.exe

C:\Windows\System\BPJpxUB.exe

C:\Windows\System\BPJpxUB.exe

C:\Windows\System\XMlTEaq.exe

C:\Windows\System\XMlTEaq.exe

C:\Windows\System\reQeuHo.exe

C:\Windows\System\reQeuHo.exe

C:\Windows\System\zKpPZsL.exe

C:\Windows\System\zKpPZsL.exe

C:\Windows\System\rxPxeuP.exe

C:\Windows\System\rxPxeuP.exe

C:\Windows\System\yAtotEg.exe

C:\Windows\System\yAtotEg.exe

C:\Windows\System\vOqLwJb.exe

C:\Windows\System\vOqLwJb.exe

C:\Windows\System\RTZMLiP.exe

C:\Windows\System\RTZMLiP.exe

C:\Windows\System\QyoJLDd.exe

C:\Windows\System\QyoJLDd.exe

C:\Windows\System\mBYQbUj.exe

C:\Windows\System\mBYQbUj.exe

C:\Windows\System\aEdPLfj.exe

C:\Windows\System\aEdPLfj.exe

C:\Windows\System\gDhbLhu.exe

C:\Windows\System\gDhbLhu.exe

C:\Windows\System\LNJvVlM.exe

C:\Windows\System\LNJvVlM.exe

C:\Windows\System\UgKBgiw.exe

C:\Windows\System\UgKBgiw.exe

C:\Windows\System\kGvbyrL.exe

C:\Windows\System\kGvbyrL.exe

C:\Windows\System\emtYiZL.exe

C:\Windows\System\emtYiZL.exe

C:\Windows\System\kRrhssW.exe

C:\Windows\System\kRrhssW.exe

C:\Windows\System\bJvHxxD.exe

C:\Windows\System\bJvHxxD.exe

C:\Windows\System\xdNmLCa.exe

C:\Windows\System\xdNmLCa.exe

C:\Windows\System\pLRUeLn.exe

C:\Windows\System\pLRUeLn.exe

C:\Windows\System\pnlwqkW.exe

C:\Windows\System\pnlwqkW.exe

C:\Windows\System\yRjYQIl.exe

C:\Windows\System\yRjYQIl.exe

C:\Windows\System\GsSTVwU.exe

C:\Windows\System\GsSTVwU.exe

C:\Windows\System\xbWoNah.exe

C:\Windows\System\xbWoNah.exe

C:\Windows\System\ucGhmLB.exe

C:\Windows\System\ucGhmLB.exe

C:\Windows\System\QFXoVhX.exe

C:\Windows\System\QFXoVhX.exe

C:\Windows\System\CrOAsiz.exe

C:\Windows\System\CrOAsiz.exe

C:\Windows\System\QoMvOMG.exe

C:\Windows\System\QoMvOMG.exe

C:\Windows\System\dDKiCdv.exe

C:\Windows\System\dDKiCdv.exe

C:\Windows\System\GlKQcJx.exe

C:\Windows\System\GlKQcJx.exe

C:\Windows\System\bdRHpsY.exe

C:\Windows\System\bdRHpsY.exe

C:\Windows\System\DncWDOt.exe

C:\Windows\System\DncWDOt.exe

C:\Windows\System\XakpYyN.exe

C:\Windows\System\XakpYyN.exe

C:\Windows\System\xQBKBGo.exe

C:\Windows\System\xQBKBGo.exe

C:\Windows\System\DPcRohL.exe

C:\Windows\System\DPcRohL.exe

C:\Windows\System\xgkxrsd.exe

C:\Windows\System\xgkxrsd.exe

C:\Windows\System\yMJahVD.exe

C:\Windows\System\yMJahVD.exe

C:\Windows\System\ZlZsByc.exe

C:\Windows\System\ZlZsByc.exe

C:\Windows\System\ebkAkPS.exe

C:\Windows\System\ebkAkPS.exe

C:\Windows\System\HJaUJoA.exe

C:\Windows\System\HJaUJoA.exe

C:\Windows\System\nopRNOA.exe

C:\Windows\System\nopRNOA.exe

C:\Windows\System\KXAofdX.exe

C:\Windows\System\KXAofdX.exe

C:\Windows\System\bNyPtjj.exe

C:\Windows\System\bNyPtjj.exe

C:\Windows\System\bHDOGqx.exe

C:\Windows\System\bHDOGqx.exe

C:\Windows\System\NDuDRui.exe

C:\Windows\System\NDuDRui.exe

C:\Windows\System\zsrTsfW.exe

C:\Windows\System\zsrTsfW.exe

C:\Windows\System\DbXNDcQ.exe

C:\Windows\System\DbXNDcQ.exe

C:\Windows\System\rrJjOHG.exe

C:\Windows\System\rrJjOHG.exe

C:\Windows\System\wYfijgJ.exe

C:\Windows\System\wYfijgJ.exe

C:\Windows\System\DBgtthr.exe

C:\Windows\System\DBgtthr.exe

C:\Windows\System\raGYQbw.exe

C:\Windows\System\raGYQbw.exe

C:\Windows\System\pBSzmqF.exe

C:\Windows\System\pBSzmqF.exe

C:\Windows\System\mHTdAcM.exe

C:\Windows\System\mHTdAcM.exe

C:\Windows\System\ZgLwgUz.exe

C:\Windows\System\ZgLwgUz.exe

C:\Windows\System\gHyYkjA.exe

C:\Windows\System\gHyYkjA.exe

C:\Windows\System\zBMYHMy.exe

C:\Windows\System\zBMYHMy.exe

C:\Windows\System\VhiFOxk.exe

C:\Windows\System\VhiFOxk.exe

C:\Windows\System\zZTeRku.exe

C:\Windows\System\zZTeRku.exe

C:\Windows\System\FtTBcPY.exe

C:\Windows\System\FtTBcPY.exe

C:\Windows\System\tuYZfOx.exe

C:\Windows\System\tuYZfOx.exe

C:\Windows\System\AUVTnOG.exe

C:\Windows\System\AUVTnOG.exe

C:\Windows\System\EZBajxP.exe

C:\Windows\System\EZBajxP.exe

C:\Windows\System\uXDMxDP.exe

C:\Windows\System\uXDMxDP.exe

C:\Windows\System\tUWxHgV.exe

C:\Windows\System\tUWxHgV.exe

C:\Windows\System\LXDManF.exe

C:\Windows\System\LXDManF.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1736-0-0x00007FF71F980000-0x00007FF71FD72000-memory.dmp

memory/1736-1-0x00000221020B0000-0x00000221020C0000-memory.dmp

C:\Windows\System\mqgYqtE.exe

MD5 f8964611867d9f7d857708247ba4001a
SHA1 119ddc8c227cf2b1154f89e3d5679e2e28940209
SHA256 60552c47d9a5f2dad71e390b0d1c50e8fd5e199d5b629c2c5ad3cf21dbbbef39
SHA512 08523e896c085e3d6260b445ce59474c982b07cde7b4e0406d55f7095997f263e3894cdd27494106aee6da3972d2d234673a1267ed0d78208af231c0bf361f30

C:\Windows\System\YUiEZXy.exe

MD5 33f28a8b231feab39b2448d4c87f597f
SHA1 831aaafc8a12b33983ec3846eec47342a1936a8e
SHA256 d2b44bed633bfc7d550cb1073dabe4cc9fd3eef818fffdacdda6d54fd2ddaae6
SHA512 7f040613ae00296a859d8eebf41405b266ec69f6e07b4e7473f56f57314bb404562645dc46d33ce8419ceec1efcd9ba776f7707f993912e6ebba4e18a3f5de77

C:\Windows\System\zMkPfdo.exe

MD5 95e80f64897acba02827c9882accd06e
SHA1 7533be2433a592851fe00244477e42960ed744e2
SHA256 33b4854b02f7a62eaa9758efd27a680b3e608a4d83c3db4e928e1a66903485c5
SHA512 ebee46ae3d02b7eca19a071d38413dcfc0ae30987bada9a779969f57fc057fa505624ca7163ec2a775149fdc1fd2bef0e5e67957238641aa9772fc5bdaa5d2b0

C:\Windows\System\wLvcHrc.exe

MD5 3cf51a426ee2705fccb368040103fe1f
SHA1 81d25ab981c091deaa3ccff6468afc3a796711c4
SHA256 0897945285ef00c44dfd5649c5060f8f261e83b0c0191138f417c59e9ecb7d4f
SHA512 2b5acdac3985995e65083b7befa4686aea27cecc0ed224e4a287c142bd8d220ab1efcec6b5bd62540a6de05d9ed2acde8a0f0f69491b8eefdae49f6b8f331320

C:\Windows\System\CPtyEie.exe

MD5 507d1128155ed51abc4f91d89e8bcff2
SHA1 4828adc6c9df069fe04fc145d6f4efc16e85cab4
SHA256 70c53e0248655fb3cfa8946558b8fe949b27dff28ce7931df5a0b650f0fd6f19
SHA512 e86cf2e31360681c38fc1f6e83fe981af90dbec87c05b94e0c8a053f0c7ea6fe083274aab06f9bc2f3f64fdd10781db25a1052223ee5b657c94c3653069953ea

C:\Windows\System\JHuaPpZ.exe

MD5 abb6c4ca7c23999cdbd1108d60ab2ace
SHA1 74a51ac296d7c63fc6f34758304c9a04d9095344
SHA256 dc74ac1d77cccdcc592677f64f3b6b2c36bd727664dfd2e3625da37b6da64f52
SHA512 23b0f982a5d658e4200dbebeab40f0ba5dd816bd8624b2be653355a20ca16c1cbdd707307654fbc172cbc711ef692523b7a391658467a11352a79e2220280ce4

memory/4988-213-0x00007FF7E9C50000-0x00007FF7EA042000-memory.dmp

memory/1060-212-0x00007FF6634C0000-0x00007FF6638B2000-memory.dmp

memory/3980-278-0x00007FF7E1F60000-0x00007FF7E2352000-memory.dmp

memory/384-282-0x00007FF769FB0000-0x00007FF76A3A2000-memory.dmp

memory/3452-288-0x00007FF77E810000-0x00007FF77EC02000-memory.dmp

memory/532-293-0x00007FF66F490000-0x00007FF66F882000-memory.dmp

memory/1712-294-0x00007FF67D170000-0x00007FF67D562000-memory.dmp

memory/3124-292-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp

memory/2120-291-0x00007FF6695C0000-0x00007FF6699B2000-memory.dmp

memory/2180-290-0x00007FF6BF650000-0x00007FF6BFA42000-memory.dmp

memory/2324-289-0x00007FF6E02B0000-0x00007FF6E06A2000-memory.dmp

memory/4008-287-0x00007FF798070000-0x00007FF798462000-memory.dmp

memory/3164-286-0x00007FF71BFB0000-0x00007FF71C3A2000-memory.dmp

memory/4764-285-0x00007FF6A3DC0000-0x00007FF6A41B2000-memory.dmp

memory/628-284-0x00007FF6B3010000-0x00007FF6B3402000-memory.dmp

memory/4580-283-0x00007FF6865B0000-0x00007FF6869A2000-memory.dmp

memory/2168-281-0x00007FF608C70000-0x00007FF609062000-memory.dmp

memory/456-280-0x00007FF726B00000-0x00007FF726EF2000-memory.dmp

memory/3984-279-0x00007FF7CBCD0000-0x00007FF7CC0C2000-memory.dmp

memory/1208-275-0x00007FF7379D0000-0x00007FF737DC2000-memory.dmp

memory/3016-201-0x00007FF73ED80000-0x00007FF73F172000-memory.dmp

C:\Windows\System\yPQbuQj.exe

MD5 63020d8e7540d9812a72c77553697a9f
SHA1 a9f4daac3c5b807754e37da1bcd2a60fdb9476de
SHA256 32f11c44a315a55100ac3e6f814ffae9e80c5fe0596460d3d3cb5fc5c7c88eb0
SHA512 bd630dcc40aa1382fbab353482ddf1d1af6e2e08156badce3154bbc0949914d05017b2d7d1ddc54891f116b4a6556147b497bfba58b720e3297b6ae62a3ba1ed

C:\Windows\System\crmpdtz.exe

MD5 2196ce7f8856ccb43aed4571d826dfac
SHA1 fe0f8e356b538e378aad5cc45737680bf28aa3d4
SHA256 5989a84fc431210413805d652869a3c9580532001a1ea24944bd40779d75e791
SHA512 d62da721eb01533db7e65346870c4a92cc8f26af6f2cb0db067679542972d6e574eb1ae963a501b08c83627b735ad379d5fa001bf90d9a45a59859b4450183e1

C:\Windows\System\pAxuHoX.exe

MD5 3076319f4109993436b27cc28c75a33a
SHA1 8ccd7242ed759f46dfa71043d489a9f1aac9a154
SHA256 b1265998cfb6bb45a6f9f6b63d5e52247a380665a7288818946602aec5edb390
SHA512 4aeaede069b19db0bd5da54308b82ef2d15578c23b936a5fd8c00acd042ad7893dfea8fb4105d1c6c2d37e25db56ac4d313f44a3db7880e5a062956cd1d45784

C:\Windows\System\KkZggYJ.exe

MD5 95d1155306115c57d9252ead84d49b50
SHA1 6d2419576bf0e90c858931560a033ddc467b7707
SHA256 6844141edf571fa3b0dbc1ade1a6cc6fe3ebce406f7e86d825895ef4b977c25d
SHA512 5a3cee98f201974712ceb66332513973e1ac054acdd2bada21bc892fa629029b04bca4ac3ecf6fb81859805531fede11c725faf7343c1f73e352815c36880f9a

C:\Windows\System\OVUiqRz.exe

MD5 ad6f63092da951a3a696810b5b2b1889
SHA1 3fb4d611e133456f7474a4f14a0ad64c828b1a39
SHA256 6c43247d4441f05c7bfbb39453b17c0813d5c3130588651e4b170b8ec9b71915
SHA512 5ce14cdeba44b6ac53bd5eb7e832d83b048eb121615dd06ad6f2fab1f0adee58f538d2b344c34120898190c65003bb25cc0ea1f9599a0d1ca962e13d2747a2ff

C:\Windows\System\GbqisJK.exe

MD5 8c3b83f2ee9158c9488f9793559696a5
SHA1 4779340678759fa8e6e5f8afe112e9ac3b21efe8
SHA256 cd538317bacd54d540784badddbbb6c988eb95ba5dfc3ea38139ac86e8b2d2d7
SHA512 9beb10b869fda9f518868339be63a42bf752a10f62bed80f19fe44ea14b428c398709608f0a4aa3bd056d8aa490c546b3244ab1b934e49b57262e2a776cff0b5

C:\Windows\System\ETiDMVe.exe

MD5 f32f61db62202f66f60568c6d1210e96
SHA1 42a3e4d1d3e3abc7b9f460efce983f8527a6302f
SHA256 c63fcac596f0462d68cf90a3bafc5a8dbbfbd57da96017160697c94cf8d1f3ae
SHA512 b9e36fb2c550a7a6ad130041adc1fefb597adb854a932f5b04b7016327f39132950800e7f9c5f52da58fce766ecae3542e40fa39ca795f755d53585f5e105509

memory/624-178-0x00007FF603160000-0x00007FF603552000-memory.dmp

memory/3124-175-0x000002255D3F0000-0x000002255D412000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bb1lxj4e.u2u.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\ZpwXDNV.exe

MD5 69ccafdcc19373b6174a4fe8330c4a5c
SHA1 529e9498f7437a4ece6de233caf59c5a70cca091
SHA256 dbfdad71d4914ce9678bbba09444a8196ad93ad2251ab62f7227713927fc3fa9
SHA512 fc5af37bdb4180d6cd506c97736ba64408d44b77764e53875abaa9c22f3bf84748d95c1156c510a2d184cb6cb7d2212682e2c5192426d736556075ccc41a3077

C:\Windows\System\oozjuef.exe

MD5 89acf2cce7447e5077b5cc9d63a8f105
SHA1 66841b21276ff18ce70e66547cfa649679db8959
SHA256 9d591f742039dc8eedf25a5fa0e7bc11e23230f4418727fa23e5910b555489f8
SHA512 36bc8a54e287efd648d2643c1b9d77ed8ace6cd8d37701c21a7ea69e2f43095326bbca4907d06ca0dbdee6a0b37807de129a06663c7732021d0618a640d706b8

C:\Windows\System\QEfEEdG.exe

MD5 296974bbd5615bc61b4533d2205532f8
SHA1 659a8b42f837e4a3765feff19b9b2b73ad45ede8
SHA256 61e58786beda66a988d814ff90060f448ee1088c180c25413216ea023d37227e
SHA512 8d63c37feeade4f093174f1097532d96394cd157fe8d3231f9c809234af5dcf73635a9bfe81ec855d7deeda5dd01c9f32652c9e6ca58a81029c83176897e19bb

C:\Windows\System\jfutevS.exe

MD5 5c99593144a7b75b5070f73da5c50e28
SHA1 45db6a57fb8a8518bcd7879be65670ba7510121d
SHA256 bde838630f4b05f70bbc4b8cba15403a441959959b0bf7d5e076eba1f6910ecd
SHA512 19512cf14127f969f40b3ccc7da05e3cbca7bcd7a62113f3ecc05abc190453248107971ea896162c5100cea845a07cd3167be6fa6ece419a833fe6cf84fd7663

C:\Windows\System\VrvKXvH.exe

MD5 001777adfcc75edfc454099fb7bb4695
SHA1 44637a14edda4fafb658e88694c446eabc8928fb
SHA256 8d3fb5f915edbbb3887acbbae26a23fbe83fc5f0cb97b0f85464a1cbffb1d004
SHA512 a2104fd1495fd7d1dcd8843857e13c64c392ae801935aa41dce24467e0ff091c6f0bc829183b1d4a811540533a61d0d9aca34c59a8a137b260728b33e2703927

C:\Windows\System\GYYUqsb.exe

MD5 e8835c6472de50dad06538bd1a021aa7
SHA1 b8e04819837dc5b5213c3cc218b64884dfa4c4c9
SHA256 95ec978779ae3445c9145d1bd275b7fd838719c1622a4f1e80b5fd00f041ec61
SHA512 ac2103cd016990bc9361c64da4176fff4b554b9b1e3159eba1e6a45f02ccc451f30a9cb22982510f05f48d5cbc5a41ae809d5c9008bbfc74f4930b2d639b599e

memory/3600-135-0x00007FF7F4390000-0x00007FF7F4782000-memory.dmp

C:\Windows\System\qDVvlVN.exe

MD5 f952bf2a21a575b40807acdfdccd1572
SHA1 8b21a60e04daa7b25fa8fb2f08bf0b9855ccf25c
SHA256 c3aeb9c972a686b6268de1c0ef8ca74ddb54d99c3c8c574a714bdc2091a886c2
SHA512 1d4ef7bf7633f39d1ea0f08bed458d9bbe6ddf8cefb4c10146b1bc137610005cdab83a146602f53479955c607b826d1aaaa260f5242534bbc6f44f1779485632

C:\Windows\System\zXtpGmX.exe

MD5 e1a9893ae750d02f9b5f76cce3fb0a07
SHA1 c91a48314b710c5cda859a2fdf6f8b42d4f0a7e9
SHA256 b3692d8196a0552e68824a00c5fbd89c7acfc02c62503983987fd8b9a6c7a8ce
SHA512 1a901dce9a02c0f1aa68d2531eef16e942c7e59c26b5522f98349a5e69a19f134da6272170d3eafa05a89ae12fbeb17a1af490bb06596c21b22f14dc0c8589bb

C:\Windows\System\cZVFyyf.exe

MD5 4cc70601c55b309901776972a11fe2f2
SHA1 33aaa8407bfb036adc5b6495b215509151916997
SHA256 bc241ab7a5c8f3bb96bacc9e86ab7a757aeb57466fabd4962db1df97dd06bb8c
SHA512 d1999f56b633d64d2bf52007941146b01c9f37c645643afed5046c5738c6d1aec2fcd041524da0f2d18a9b8f563fc503128c5a02b91500f8fbffc068530ce90d

C:\Windows\System\jOzRmWY.exe

MD5 49afd1b7051090da95973287a072d15c
SHA1 7b655cc3ed7a713789f37b0f27f7ca1aa5262099
SHA256 38879591a3511d4f3af538a611c22baef4615d0b4f5e651e88c20cd8a848e067
SHA512 95f5ed983b1803db9bc79972d63f5d9a2ddaed1b60f536b236b7211f658f6172ac43aca7e187fbad83fb89d0be5943f254fcbff012fa265da54d34d657495bdc

memory/3388-113-0x00007FF7E5210000-0x00007FF7E5602000-memory.dmp

memory/3124-109-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp

C:\Windows\System\GhbTDSW.exe

MD5 d8bb174053bcc2642eb8a4819a610b71
SHA1 866c417e4f64ec6d5daa600f54e129052d4257e8
SHA256 5b2dc1cc65e2d733dd261049d8ef6fb829249674ef3d3cf5de3639be40684370
SHA512 5a31879ebc126dd99707d77f327e6c21dbc4c893fe61569a626f55abccadb6214f657cf90e6a51413536cfeae12d9a2d64acad431651a9a9a4999feb408aeb05

C:\Windows\System\HILmqUC.exe

MD5 1bd86299b075d6881a3ee7a25e35cd3e
SHA1 7dd37558cb83c59883496e1523ffa4d956effa09
SHA256 391c8c587c73c5823b862c9d6f84c0af9014504c9671fc723727a4e5278c05bb
SHA512 d25901b3ec59effbe03cb20251e69393ebbdc9a5cf2e629e3a2153da59f377f6048f81d50b7bb9e9b69978ea4d663a64b4929c0986bffd0a22469428ad4a9e8b

C:\Windows\System\EiQfSPv.exe

MD5 8dc0c9672abea9f6cc471fd55e582ff1
SHA1 61f6b7ece84b5d831af1c016c0b2bb6c657b96e9
SHA256 d1bec67f04bb8bc7a3b6746a7ab44ded9abc985fffd30241cddaca656ba216df
SHA512 db1dc6a937b09244e9a0b464fe38937e25b24d8d8141091bdb0966c244a660ae2f87b41fcbf4b1e2174f5c5b83a78f5b179febfa61a945203ca5328e75a72f6e

C:\Windows\System\WZuVtyt.exe

MD5 744de7c77e70ad2c1f54565edab45adc
SHA1 dcec308b73c779192e96c36421782c5a436c2f8c
SHA256 0efe29a8eef3d1efaebc2fcd91616cbd27ec434c0e09e954d4fb027f2e7e6c3b
SHA512 85a10adbbd14e817f6625df91cde21095d7d14e513369bedc71dce39a54bc3bf8428686c779b8c04ef7ed8a7deef5065da0caa4d6946725b6cf0cf3b151e41b5

C:\Windows\System\blvzDtY.exe

MD5 22af7bdfabc6997af7f6950cb6c2988a
SHA1 bc0dc09c619f087ac48b69522d1d80c34707ea55
SHA256 dabc95d42a28f80ba83d09b98155002ebabe99801fcc34658bb1ab5afcb766b2
SHA512 d558d4813877929e81035ca0f54c5f9af27e0c3aae020f5bbe790e58bcf6b7b95b2af5eef9077f6a42ab67f66bc9052dff8fa3c7bb15961fec0ffc05cda24b58

C:\Windows\System\rbIoKkZ.exe

MD5 164fee9755bb97aaccb4904221b7bba7
SHA1 7a557e00904d30cbbb252c951c4210fda2b06f26
SHA256 e52c29acb18faf77229e78d46e4bbed9782bfdca08e7893470397db32affd906
SHA512 e4c6db887704934694221af7e5dc571f4042c018538ff435f788cff5613844c4f7919afa6c305d4e470909bf726f7705f71c72bf3fb96dd27a09ea31e02a09ac

C:\Windows\System\djbUcan.exe

MD5 39fa60625f74b4c5e94375fef1860a17
SHA1 3806122cea2e629a94ecd6ca22a1ceb129f1863c
SHA256 44f6ddac7664979e57a7fd7a2bdf8ff6f48ce56d261811fac4c3c8744da8a537
SHA512 708869647dc9a97c5458f7beaa801ba1411ac661461e9e8a2cd2c83f3d3c3db41651ffd45896582d0794a27b49ea56e5cfda9c8222eef3e657a2382dd116ea12

C:\Windows\System\AJAOglz.exe

MD5 3e258421c9ff8dee55ed305b74051e30
SHA1 cea7c8d3d56cf06198aee9b2d89feab6f9582913
SHA256 7a9be17394a8533934b97b2080002dfff21ceba47bf51383019d67d78ab14760
SHA512 0061efd8e0e34f4e58ae6313414db282f36fb7b12286d907deef27c6a83fe9a140418c10bbfac45e0255adc1424a743c09ca9154c652945135a8ad33dd46fea3

C:\Windows\System\IJuikIb.exe

MD5 3b7306e41a863abd147ab955429a5c51
SHA1 99bbbe3968ee5fc620a1221073f70b7790646e1e
SHA256 7df7729fcea76ebdb13e9e88d8a18a1a1665a53a221aeaf42535389fc0432d53
SHA512 3c9c820c557aa33adac2ff1dda183e60fb4dd85190ff1a274cc6c0ba7d796528bdc56f6320e71bb0ca80101e6cc8d77db668ce504e4984f41e6a23f3c192cf4f

C:\Windows\System\UuTyIRY.exe

MD5 e44247e9b6ee4138a7cec2cc58a585d0
SHA1 76768ec3748e7f6b12767ea42258ba0941a76adf
SHA256 9f3122b7270e9d6b305bca3d579b941b275465eed5da7da967fa37aa1eba8a22
SHA512 7f3dcb14bfe1951f0630eda118c786f1784a9233768c2e0e38551885b993db6412c8b6612380b060e633ec5a6818cb10c98ec920d46f5c47156475c9883857d9

C:\Windows\System\qKPlxMF.exe

MD5 5551abce24ba865ac6b2368b76fe35e6
SHA1 ba86ceae5c91b5c9406f149738c10f4865bc0aea
SHA256 6c1f6a411b4ed599826f78777e41af2cbdf01a8671e3bf57145423e80ef573b6
SHA512 477a134b73727c53f1f52987d4842faebc674e0700c056d4d2ac1d32e5636e1ff641d94cf6c26d676a3cc543f02bb0549252a36b7d0606b24566b5ce197964af

C:\Windows\System\ILHcvff.exe

MD5 710f4f877c493214b7f7a2e6b96529f9
SHA1 6702e065be3672e9a60a0db7f287e722452af3c1
SHA256 9d82a4f8c2c8ce7e206651abc2cbcc97d98cb9af61c1dea1cd2ee68a2f26c152
SHA512 4b24c4b7db117e90ac618de6657b53505e70bb6366fe3522b6ffb8637deec55b13ab3993b2507f567ea7f992c92a5f455122eeef9818c7983b5958c77061794c

memory/3124-22-0x00007FFA45923000-0x00007FFA45925000-memory.dmp

memory/936-21-0x00007FF799530000-0x00007FF799922000-memory.dmp

C:\Windows\System\EmNpYKm.exe

MD5 525ba23f33ac2178da1d055c5f58ad28
SHA1 6a1557c188514b7bf7c554308614c24eb330373b
SHA256 823a8574e4272b0e665d12bfc60c193c03392d2a7a31bb23f6a9aabe80a3bcfa
SHA512 91108e496fcc9fbd0fc03b134524cf5070baa78c6d99fb419fa8f99b4d48bb8ce67fee3ecac151659a34a1d76769e4d2e734bafa9a1c1b78728049b6857f2051

C:\Windows\System\SuRIvHp.exe

MD5 d6349613f683bded6d69a7d02ace4275
SHA1 1627fabfdfae3cac338500241f4e9e969ee50ac5
SHA256 4a54b14258d08729a6205b09d8643680d1fcbeb6eaed5e636cae813e537ac662
SHA512 d83aa606a1ca4c9ad32d8a91f5b2cf833fc395e62b938477a618ca3509fa52443c5e33121c0988fd90e65d2855a59276136a584d3f8258054273372e5fbf3292

memory/3388-5013-0x00007FF7E5210000-0x00007FF7E5602000-memory.dmp

memory/624-5046-0x00007FF603160000-0x00007FF603552000-memory.dmp

memory/3980-5048-0x00007FF7E1F60000-0x00007FF7E2352000-memory.dmp

memory/3016-5047-0x00007FF73ED80000-0x00007FF73F172000-memory.dmp

memory/2168-5045-0x00007FF608C70000-0x00007FF609062000-memory.dmp

memory/1060-5044-0x00007FF6634C0000-0x00007FF6638B2000-memory.dmp

memory/4988-5098-0x00007FF7E9C50000-0x00007FF7EA042000-memory.dmp

memory/2180-5277-0x00007FF6BF650000-0x00007FF6BFA42000-memory.dmp

memory/1712-5271-0x00007FF67D170000-0x00007FF67D562000-memory.dmp

memory/4580-5201-0x00007FF6865B0000-0x00007FF6869A2000-memory.dmp

memory/4008-5195-0x00007FF798070000-0x00007FF798462000-memory.dmp

memory/384-5249-0x00007FF769FB0000-0x00007FF76A3A2000-memory.dmp

memory/628-5209-0x00007FF6B3010000-0x00007FF6B3402000-memory.dmp

memory/2324-5200-0x00007FF6E02B0000-0x00007FF6E06A2000-memory.dmp

memory/3452-5198-0x00007FF77E810000-0x00007FF77EC02000-memory.dmp

memory/3984-5166-0x00007FF7CBCD0000-0x00007FF7CC0C2000-memory.dmp

memory/3164-5147-0x00007FF71BFB0000-0x00007FF71C3A2000-memory.dmp

memory/1208-5052-0x00007FF7379D0000-0x00007FF737DC2000-memory.dmp

C:\Windows\System\mjDxecA.exe

MD5 9fa2f2bc2c83847fc483e3e7b126834c
SHA1 8b6462d325e2f1ce3be472e3b52dd110ec77edc6
SHA256 2cfeba3b82f25cdebb02f8d4e5a1f9c8b06dd44b398a3a1e6c4b2e3889cd64d2
SHA512 cdf8d08cfa397a3c63f4ef05a58f2b05a8fdc5e71478c30ce0b29540695413920edc291f08e9c0e713496591adc5707c1c01f6e7f0baaad502181c860050f52f