Malware Analysis Report

2025-08-05 19:28

Sample ID 240518-j8lkmsbd75
Target b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe
SHA256 33c6544d2c58e1c16a4ab6bf1fc8dcf3857d707fa1ef1c0f491d329e8c63bc51
Tags
miner upx xmrig persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

33c6544d2c58e1c16a4ab6bf1fc8dcf3857d707fa1ef1c0f491d329e8c63bc51

Threat Level: Known bad

The file b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig persistence

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Modifies Installed Components in the registry

Loads dropped DLL

UPX packed file

Executes dropped EXE

Enumerates connected drives

Drops file in Windows directory

Unsigned PE

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 08:20

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 08:20

Reported

2024-05-18 08:22

Platform

win7-20231129-en

Max time kernel

118s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\bLcMOnQ.exe N/A
N/A N/A C:\Windows\System\iLuOKxY.exe N/A
N/A N/A C:\Windows\System\TURtuwq.exe N/A
N/A N/A C:\Windows\System\pKVoFRR.exe N/A
N/A N/A C:\Windows\System\JXklPQK.exe N/A
N/A N/A C:\Windows\System\CnJkdAt.exe N/A
N/A N/A C:\Windows\System\UUijhJC.exe N/A
N/A N/A C:\Windows\System\wBMRkkR.exe N/A
N/A N/A C:\Windows\System\BZurXfd.exe N/A
N/A N/A C:\Windows\System\fEgjrfb.exe N/A
N/A N/A C:\Windows\System\jBksSkb.exe N/A
N/A N/A C:\Windows\System\SetgJjl.exe N/A
N/A N/A C:\Windows\System\BEnezvy.exe N/A
N/A N/A C:\Windows\System\lotxbmo.exe N/A
N/A N/A C:\Windows\System\NEtuKHc.exe N/A
N/A N/A C:\Windows\System\jVMVZpn.exe N/A
N/A N/A C:\Windows\System\OajFial.exe N/A
N/A N/A C:\Windows\System\VXWjibt.exe N/A
N/A N/A C:\Windows\System\yXHvQpC.exe N/A
N/A N/A C:\Windows\System\hWMOlkS.exe N/A
N/A N/A C:\Windows\System\XeJocoB.exe N/A
N/A N/A C:\Windows\System\ATgguvy.exe N/A
N/A N/A C:\Windows\System\jsEbuis.exe N/A
N/A N/A C:\Windows\System\GbUAPpT.exe N/A
N/A N/A C:\Windows\System\knIJoRa.exe N/A
N/A N/A C:\Windows\System\wmeLczF.exe N/A
N/A N/A C:\Windows\System\zMtPrNA.exe N/A
N/A N/A C:\Windows\System\lOdOlXZ.exe N/A
N/A N/A C:\Windows\System\sMkcdvL.exe N/A
N/A N/A C:\Windows\System\ZBDSrIT.exe N/A
N/A N/A C:\Windows\System\eubNSzN.exe N/A
N/A N/A C:\Windows\System\dGePOkD.exe N/A
N/A N/A C:\Windows\System\lZfPnqb.exe N/A
N/A N/A C:\Windows\System\ucdQFYh.exe N/A
N/A N/A C:\Windows\System\cpbNqXM.exe N/A
N/A N/A C:\Windows\System\FytGZVm.exe N/A
N/A N/A C:\Windows\System\FgOakmu.exe N/A
N/A N/A C:\Windows\System\uDCvBtN.exe N/A
N/A N/A C:\Windows\System\uiGbScD.exe N/A
N/A N/A C:\Windows\System\RrwzKCW.exe N/A
N/A N/A C:\Windows\System\dtjbYcy.exe N/A
N/A N/A C:\Windows\System\rfeENWY.exe N/A
N/A N/A C:\Windows\System\vwXjLoK.exe N/A
N/A N/A C:\Windows\System\AHiabeI.exe N/A
N/A N/A C:\Windows\System\OuRmFcH.exe N/A
N/A N/A C:\Windows\System\KQJEVEa.exe N/A
N/A N/A C:\Windows\System\iaAiVCf.exe N/A
N/A N/A C:\Windows\System\bpucpvs.exe N/A
N/A N/A C:\Windows\System\OnXEiUm.exe N/A
N/A N/A C:\Windows\System\wlEENZN.exe N/A
N/A N/A C:\Windows\System\FwquWiU.exe N/A
N/A N/A C:\Windows\System\ElnOhSB.exe N/A
N/A N/A C:\Windows\System\xxaBtAb.exe N/A
N/A N/A C:\Windows\System\LlncmSK.exe N/A
N/A N/A C:\Windows\System\ldDKLjr.exe N/A
N/A N/A C:\Windows\System\ZeATNWR.exe N/A
N/A N/A C:\Windows\System\FygUHqS.exe N/A
N/A N/A C:\Windows\System\lXTpXEy.exe N/A
N/A N/A C:\Windows\System\OHDOHyi.exe N/A
N/A N/A C:\Windows\System\yzvpGfs.exe N/A
N/A N/A C:\Windows\System\xgGEdOr.exe N/A
N/A N/A C:\Windows\System\rScLwRQ.exe N/A
N/A N/A C:\Windows\System\YthMZCD.exe N/A
N/A N/A C:\Windows\System\rdBEEkV.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\lOPAzIS.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqBKlNo.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ziIochF.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\EQgxDkb.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOVCDHO.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\LgOGnjd.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\wEqEOFo.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\dEHZFdm.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\RlWTfwM.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\AXaVXfw.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\fPzxTdF.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\NtGXrKF.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\uqZUxiY.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\hZMXLBy.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ShRlGsq.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdlridO.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\KqehWEt.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\xCcTImZ.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDrTdRN.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\XjJwufT.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\dJdhKRf.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\IDvFmWd.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\cfuQJos.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\lyoECsV.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\xxTGgrP.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\hnFtcLb.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\jBeaAeB.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\AqWYtoP.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\xQkpgBV.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\KePmtLr.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\hhBAgdz.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmVOnAI.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNfPSCU.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ELJeobg.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\htaCkGY.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVCgQES.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\nOTsgNS.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJEUZpb.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\vYmKmvB.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\EATdhHD.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDbhqoR.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\oDaBuIM.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\RmjrcpI.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ybUdpXR.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\FwquWiU.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\yXAPGUm.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\MQpGnhX.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\oYhQZAZ.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\YOmTURC.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\osLenjM.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\jBksSkb.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\bWvXnXg.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZoUHzRy.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\QXvjSfC.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHDOHyi.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\XCRMseU.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\KeclnwB.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\hUjkPxq.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\OuwiiDW.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\XXKyuRr.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\XaKbDQF.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\rfeENWY.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\GivMEdw.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\moWsNhH.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2372 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\bLcMOnQ.exe
PID 2372 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\bLcMOnQ.exe
PID 2372 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\bLcMOnQ.exe
PID 2372 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\TURtuwq.exe
PID 2372 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\TURtuwq.exe
PID 2372 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\TURtuwq.exe
PID 2372 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\iLuOKxY.exe
PID 2372 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\iLuOKxY.exe
PID 2372 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\iLuOKxY.exe
PID 2372 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\pKVoFRR.exe
PID 2372 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\pKVoFRR.exe
PID 2372 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\pKVoFRR.exe
PID 2372 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\BZurXfd.exe
PID 2372 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\BZurXfd.exe
PID 2372 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\BZurXfd.exe
PID 2372 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\JXklPQK.exe
PID 2372 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\JXklPQK.exe
PID 2372 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\JXklPQK.exe
PID 2372 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\SetgJjl.exe
PID 2372 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\SetgJjl.exe
PID 2372 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\SetgJjl.exe
PID 2372 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\CnJkdAt.exe
PID 2372 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\CnJkdAt.exe
PID 2372 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\CnJkdAt.exe
PID 2372 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\BEnezvy.exe
PID 2372 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\BEnezvy.exe
PID 2372 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\BEnezvy.exe
PID 2372 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\UUijhJC.exe
PID 2372 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\UUijhJC.exe
PID 2372 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\UUijhJC.exe
PID 2372 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\lotxbmo.exe
PID 2372 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\lotxbmo.exe
PID 2372 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\lotxbmo.exe
PID 2372 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\wBMRkkR.exe
PID 2372 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\wBMRkkR.exe
PID 2372 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\wBMRkkR.exe
PID 2372 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\NEtuKHc.exe
PID 2372 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\NEtuKHc.exe
PID 2372 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\NEtuKHc.exe
PID 2372 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\fEgjrfb.exe
PID 2372 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\fEgjrfb.exe
PID 2372 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\fEgjrfb.exe
PID 2372 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\jVMVZpn.exe
PID 2372 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\jVMVZpn.exe
PID 2372 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\jVMVZpn.exe
PID 2372 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\jBksSkb.exe
PID 2372 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\jBksSkb.exe
PID 2372 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\jBksSkb.exe
PID 2372 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\VXWjibt.exe
PID 2372 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\VXWjibt.exe
PID 2372 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\VXWjibt.exe
PID 2372 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\OajFial.exe
PID 2372 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\OajFial.exe
PID 2372 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\OajFial.exe
PID 2372 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\yXHvQpC.exe
PID 2372 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\yXHvQpC.exe
PID 2372 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\yXHvQpC.exe
PID 2372 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\hWMOlkS.exe
PID 2372 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\hWMOlkS.exe
PID 2372 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\hWMOlkS.exe
PID 2372 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\XeJocoB.exe
PID 2372 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\XeJocoB.exe
PID 2372 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\XeJocoB.exe
PID 2372 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\ATgguvy.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe"

C:\Windows\System\bLcMOnQ.exe

C:\Windows\System\bLcMOnQ.exe

C:\Windows\System\TURtuwq.exe

C:\Windows\System\TURtuwq.exe

C:\Windows\System\iLuOKxY.exe

C:\Windows\System\iLuOKxY.exe

C:\Windows\System\pKVoFRR.exe

C:\Windows\System\pKVoFRR.exe

C:\Windows\System\BZurXfd.exe

C:\Windows\System\BZurXfd.exe

C:\Windows\System\JXklPQK.exe

C:\Windows\System\JXklPQK.exe

C:\Windows\System\SetgJjl.exe

C:\Windows\System\SetgJjl.exe

C:\Windows\System\CnJkdAt.exe

C:\Windows\System\CnJkdAt.exe

C:\Windows\System\BEnezvy.exe

C:\Windows\System\BEnezvy.exe

C:\Windows\System\UUijhJC.exe

C:\Windows\System\UUijhJC.exe

C:\Windows\System\lotxbmo.exe

C:\Windows\System\lotxbmo.exe

C:\Windows\System\wBMRkkR.exe

C:\Windows\System\wBMRkkR.exe

C:\Windows\System\NEtuKHc.exe

C:\Windows\System\NEtuKHc.exe

C:\Windows\System\fEgjrfb.exe

C:\Windows\System\fEgjrfb.exe

C:\Windows\System\jVMVZpn.exe

C:\Windows\System\jVMVZpn.exe

C:\Windows\System\jBksSkb.exe

C:\Windows\System\jBksSkb.exe

C:\Windows\System\VXWjibt.exe

C:\Windows\System\VXWjibt.exe

C:\Windows\System\OajFial.exe

C:\Windows\System\OajFial.exe

C:\Windows\System\yXHvQpC.exe

C:\Windows\System\yXHvQpC.exe

C:\Windows\System\hWMOlkS.exe

C:\Windows\System\hWMOlkS.exe

C:\Windows\System\XeJocoB.exe

C:\Windows\System\XeJocoB.exe

C:\Windows\System\ATgguvy.exe

C:\Windows\System\ATgguvy.exe

C:\Windows\System\jsEbuis.exe

C:\Windows\System\jsEbuis.exe

C:\Windows\System\GbUAPpT.exe

C:\Windows\System\GbUAPpT.exe

C:\Windows\System\knIJoRa.exe

C:\Windows\System\knIJoRa.exe

C:\Windows\System\wmeLczF.exe

C:\Windows\System\wmeLczF.exe

C:\Windows\System\zMtPrNA.exe

C:\Windows\System\zMtPrNA.exe

C:\Windows\System\lOdOlXZ.exe

C:\Windows\System\lOdOlXZ.exe

C:\Windows\System\sMkcdvL.exe

C:\Windows\System\sMkcdvL.exe

C:\Windows\System\ZBDSrIT.exe

C:\Windows\System\ZBDSrIT.exe

C:\Windows\System\eubNSzN.exe

C:\Windows\System\eubNSzN.exe

C:\Windows\System\dGePOkD.exe

C:\Windows\System\dGePOkD.exe

C:\Windows\System\lZfPnqb.exe

C:\Windows\System\lZfPnqb.exe

C:\Windows\System\ucdQFYh.exe

C:\Windows\System\ucdQFYh.exe

C:\Windows\System\cpbNqXM.exe

C:\Windows\System\cpbNqXM.exe

C:\Windows\System\FytGZVm.exe

C:\Windows\System\FytGZVm.exe

C:\Windows\System\FgOakmu.exe

C:\Windows\System\FgOakmu.exe

C:\Windows\System\uDCvBtN.exe

C:\Windows\System\uDCvBtN.exe

C:\Windows\System\uiGbScD.exe

C:\Windows\System\uiGbScD.exe

C:\Windows\System\RrwzKCW.exe

C:\Windows\System\RrwzKCW.exe

C:\Windows\System\dtjbYcy.exe

C:\Windows\System\dtjbYcy.exe

C:\Windows\System\rfeENWY.exe

C:\Windows\System\rfeENWY.exe

C:\Windows\System\vwXjLoK.exe

C:\Windows\System\vwXjLoK.exe

C:\Windows\System\AHiabeI.exe

C:\Windows\System\AHiabeI.exe

C:\Windows\System\OuRmFcH.exe

C:\Windows\System\OuRmFcH.exe

C:\Windows\System\KQJEVEa.exe

C:\Windows\System\KQJEVEa.exe

C:\Windows\System\iaAiVCf.exe

C:\Windows\System\iaAiVCf.exe

C:\Windows\System\bpucpvs.exe

C:\Windows\System\bpucpvs.exe

C:\Windows\System\OnXEiUm.exe

C:\Windows\System\OnXEiUm.exe

C:\Windows\System\wlEENZN.exe

C:\Windows\System\wlEENZN.exe

C:\Windows\System\FwquWiU.exe

C:\Windows\System\FwquWiU.exe

C:\Windows\System\ElnOhSB.exe

C:\Windows\System\ElnOhSB.exe

C:\Windows\System\xxaBtAb.exe

C:\Windows\System\xxaBtAb.exe

C:\Windows\System\LlncmSK.exe

C:\Windows\System\LlncmSK.exe

C:\Windows\System\ldDKLjr.exe

C:\Windows\System\ldDKLjr.exe

C:\Windows\System\ZeATNWR.exe

C:\Windows\System\ZeATNWR.exe

C:\Windows\System\FygUHqS.exe

C:\Windows\System\FygUHqS.exe

C:\Windows\System\lXTpXEy.exe

C:\Windows\System\lXTpXEy.exe

C:\Windows\System\OHDOHyi.exe

C:\Windows\System\OHDOHyi.exe

C:\Windows\System\yzvpGfs.exe

C:\Windows\System\yzvpGfs.exe

C:\Windows\System\xgGEdOr.exe

C:\Windows\System\xgGEdOr.exe

C:\Windows\System\rScLwRQ.exe

C:\Windows\System\rScLwRQ.exe

C:\Windows\System\YthMZCD.exe

C:\Windows\System\YthMZCD.exe

C:\Windows\System\rdBEEkV.exe

C:\Windows\System\rdBEEkV.exe

C:\Windows\System\pDvyfOG.exe

C:\Windows\System\pDvyfOG.exe

C:\Windows\System\AmxDubK.exe

C:\Windows\System\AmxDubK.exe

C:\Windows\System\FMsEADG.exe

C:\Windows\System\FMsEADG.exe

C:\Windows\System\mfeAomH.exe

C:\Windows\System\mfeAomH.exe

C:\Windows\System\zXRFBCS.exe

C:\Windows\System\zXRFBCS.exe

C:\Windows\System\dgohefw.exe

C:\Windows\System\dgohefw.exe

C:\Windows\System\ZXPICkf.exe

C:\Windows\System\ZXPICkf.exe

C:\Windows\System\OXhwoss.exe

C:\Windows\System\OXhwoss.exe

C:\Windows\System\krVYCwa.exe

C:\Windows\System\krVYCwa.exe

C:\Windows\System\LBUHQDo.exe

C:\Windows\System\LBUHQDo.exe

C:\Windows\System\utUexAD.exe

C:\Windows\System\utUexAD.exe

C:\Windows\System\QtDOtsh.exe

C:\Windows\System\QtDOtsh.exe

C:\Windows\System\vdhuKmx.exe

C:\Windows\System\vdhuKmx.exe

C:\Windows\System\nqqeqPi.exe

C:\Windows\System\nqqeqPi.exe

C:\Windows\System\ZqzCiCB.exe

C:\Windows\System\ZqzCiCB.exe

C:\Windows\System\XTBJWBx.exe

C:\Windows\System\XTBJWBx.exe

C:\Windows\System\pdDfvsI.exe

C:\Windows\System\pdDfvsI.exe

C:\Windows\System\DLMtYQB.exe

C:\Windows\System\DLMtYQB.exe

C:\Windows\System\sEbYEQa.exe

C:\Windows\System\sEbYEQa.exe

C:\Windows\System\BHZNiUD.exe

C:\Windows\System\BHZNiUD.exe

C:\Windows\System\wCgfMaw.exe

C:\Windows\System\wCgfMaw.exe

C:\Windows\System\OCqGZtZ.exe

C:\Windows\System\OCqGZtZ.exe

C:\Windows\System\hnFtcLb.exe

C:\Windows\System\hnFtcLb.exe

C:\Windows\System\DdZWtsR.exe

C:\Windows\System\DdZWtsR.exe

C:\Windows\System\KddFJGA.exe

C:\Windows\System\KddFJGA.exe

C:\Windows\System\MKuyXhk.exe

C:\Windows\System\MKuyXhk.exe

C:\Windows\System\qsirxHv.exe

C:\Windows\System\qsirxHv.exe

C:\Windows\System\NhvJjKA.exe

C:\Windows\System\NhvJjKA.exe

C:\Windows\System\HLNeRFf.exe

C:\Windows\System\HLNeRFf.exe

C:\Windows\System\oipbvjs.exe

C:\Windows\System\oipbvjs.exe

C:\Windows\System\acMYjqw.exe

C:\Windows\System\acMYjqw.exe

C:\Windows\System\cVScIgk.exe

C:\Windows\System\cVScIgk.exe

C:\Windows\System\VXomrIB.exe

C:\Windows\System\VXomrIB.exe

C:\Windows\System\imJEAcW.exe

C:\Windows\System\imJEAcW.exe

C:\Windows\System\aJEUZpb.exe

C:\Windows\System\aJEUZpb.exe

C:\Windows\System\rRIqHgM.exe

C:\Windows\System\rRIqHgM.exe

C:\Windows\System\bGiAggq.exe

C:\Windows\System\bGiAggq.exe

C:\Windows\System\NOMoSjv.exe

C:\Windows\System\NOMoSjv.exe

C:\Windows\System\ZvAhcWi.exe

C:\Windows\System\ZvAhcWi.exe

C:\Windows\System\pSsQSua.exe

C:\Windows\System\pSsQSua.exe

C:\Windows\System\ontPUGU.exe

C:\Windows\System\ontPUGU.exe

C:\Windows\System\fduwBeA.exe

C:\Windows\System\fduwBeA.exe

C:\Windows\System\UpAEPgU.exe

C:\Windows\System\UpAEPgU.exe

C:\Windows\System\gbVNNqm.exe

C:\Windows\System\gbVNNqm.exe

C:\Windows\System\LFsMGSB.exe

C:\Windows\System\LFsMGSB.exe

C:\Windows\System\GistFpX.exe

C:\Windows\System\GistFpX.exe

C:\Windows\System\OwqwoCs.exe

C:\Windows\System\OwqwoCs.exe

C:\Windows\System\YfYInLd.exe

C:\Windows\System\YfYInLd.exe

C:\Windows\System\EnmwagZ.exe

C:\Windows\System\EnmwagZ.exe

C:\Windows\System\gBYJbjC.exe

C:\Windows\System\gBYJbjC.exe

C:\Windows\System\BUCNmtU.exe

C:\Windows\System\BUCNmtU.exe

C:\Windows\System\SMuSKWX.exe

C:\Windows\System\SMuSKWX.exe

C:\Windows\System\LhTjHPB.exe

C:\Windows\System\LhTjHPB.exe

C:\Windows\System\fKdeQvh.exe

C:\Windows\System\fKdeQvh.exe

C:\Windows\System\nUBmeVk.exe

C:\Windows\System\nUBmeVk.exe

C:\Windows\System\dLByLUc.exe

C:\Windows\System\dLByLUc.exe

C:\Windows\System\TjSytbW.exe

C:\Windows\System\TjSytbW.exe

C:\Windows\System\qooDwDr.exe

C:\Windows\System\qooDwDr.exe

C:\Windows\System\enxNiKA.exe

C:\Windows\System\enxNiKA.exe

C:\Windows\System\eCJupjE.exe

C:\Windows\System\eCJupjE.exe

C:\Windows\System\PKRLEDQ.exe

C:\Windows\System\PKRLEDQ.exe

C:\Windows\System\CiqWFla.exe

C:\Windows\System\CiqWFla.exe

C:\Windows\System\SpJPNUo.exe

C:\Windows\System\SpJPNUo.exe

C:\Windows\System\IQeRRRU.exe

C:\Windows\System\IQeRRRU.exe

C:\Windows\System\fkGFiHw.exe

C:\Windows\System\fkGFiHw.exe

C:\Windows\System\frMpVGI.exe

C:\Windows\System\frMpVGI.exe

C:\Windows\System\mjMpvdm.exe

C:\Windows\System\mjMpvdm.exe

C:\Windows\System\mkHdFIJ.exe

C:\Windows\System\mkHdFIJ.exe

C:\Windows\System\baruwao.exe

C:\Windows\System\baruwao.exe

C:\Windows\System\RpWKaIq.exe

C:\Windows\System\RpWKaIq.exe

C:\Windows\System\ZPuZAjr.exe

C:\Windows\System\ZPuZAjr.exe

C:\Windows\System\pctjDgd.exe

C:\Windows\System\pctjDgd.exe

C:\Windows\System\DtbGrXi.exe

C:\Windows\System\DtbGrXi.exe

C:\Windows\System\MnlqCYk.exe

C:\Windows\System\MnlqCYk.exe

C:\Windows\System\BDytShX.exe

C:\Windows\System\BDytShX.exe

C:\Windows\System\NRDbvRZ.exe

C:\Windows\System\NRDbvRZ.exe

C:\Windows\System\jLbdbMX.exe

C:\Windows\System\jLbdbMX.exe

C:\Windows\System\nMFlQZF.exe

C:\Windows\System\nMFlQZF.exe

C:\Windows\System\nOTsgNS.exe

C:\Windows\System\nOTsgNS.exe

C:\Windows\System\tZwZunR.exe

C:\Windows\System\tZwZunR.exe

C:\Windows\System\WHZTLgn.exe

C:\Windows\System\WHZTLgn.exe

C:\Windows\System\vGLUGSX.exe

C:\Windows\System\vGLUGSX.exe

C:\Windows\System\YzDoQTL.exe

C:\Windows\System\YzDoQTL.exe

C:\Windows\System\ujfxCXs.exe

C:\Windows\System\ujfxCXs.exe

C:\Windows\System\fLGwFDp.exe

C:\Windows\System\fLGwFDp.exe

C:\Windows\System\UVKcRgL.exe

C:\Windows\System\UVKcRgL.exe

C:\Windows\System\DTEsoRB.exe

C:\Windows\System\DTEsoRB.exe

C:\Windows\System\XlVijrp.exe

C:\Windows\System\XlVijrp.exe

C:\Windows\System\EZjivxm.exe

C:\Windows\System\EZjivxm.exe

C:\Windows\System\rzxMmOr.exe

C:\Windows\System\rzxMmOr.exe

C:\Windows\System\iVmpLMs.exe

C:\Windows\System\iVmpLMs.exe

C:\Windows\System\cUmdzPh.exe

C:\Windows\System\cUmdzPh.exe

C:\Windows\System\IgQDkSZ.exe

C:\Windows\System\IgQDkSZ.exe

C:\Windows\System\DSUBWIo.exe

C:\Windows\System\DSUBWIo.exe

C:\Windows\System\vmjDXTl.exe

C:\Windows\System\vmjDXTl.exe

C:\Windows\System\yhRVSPV.exe

C:\Windows\System\yhRVSPV.exe

C:\Windows\System\BdaFpEC.exe

C:\Windows\System\BdaFpEC.exe

C:\Windows\System\oNTKsjZ.exe

C:\Windows\System\oNTKsjZ.exe

C:\Windows\System\avcCwjj.exe

C:\Windows\System\avcCwjj.exe

C:\Windows\System\WIwTHlC.exe

C:\Windows\System\WIwTHlC.exe

C:\Windows\System\sTacgdj.exe

C:\Windows\System\sTacgdj.exe

C:\Windows\System\fxMFBfI.exe

C:\Windows\System\fxMFBfI.exe

C:\Windows\System\tbssTdY.exe

C:\Windows\System\tbssTdY.exe

C:\Windows\System\nyncBhb.exe

C:\Windows\System\nyncBhb.exe

C:\Windows\System\rwYvSSB.exe

C:\Windows\System\rwYvSSB.exe

C:\Windows\System\BAUeORy.exe

C:\Windows\System\BAUeORy.exe

C:\Windows\System\wwUnnHn.exe

C:\Windows\System\wwUnnHn.exe

C:\Windows\System\tqapxpX.exe

C:\Windows\System\tqapxpX.exe

C:\Windows\System\XaOsiYD.exe

C:\Windows\System\XaOsiYD.exe

C:\Windows\System\yDEGXff.exe

C:\Windows\System\yDEGXff.exe

C:\Windows\System\CqsGyDh.exe

C:\Windows\System\CqsGyDh.exe

C:\Windows\System\HSFYlyD.exe

C:\Windows\System\HSFYlyD.exe

C:\Windows\System\uPrVdLi.exe

C:\Windows\System\uPrVdLi.exe

C:\Windows\System\XebWOdY.exe

C:\Windows\System\XebWOdY.exe

C:\Windows\System\AGJaSYJ.exe

C:\Windows\System\AGJaSYJ.exe

C:\Windows\System\pereUfP.exe

C:\Windows\System\pereUfP.exe

C:\Windows\System\UPCYxzo.exe

C:\Windows\System\UPCYxzo.exe

C:\Windows\System\EmXtARH.exe

C:\Windows\System\EmXtARH.exe

C:\Windows\System\SboHXrs.exe

C:\Windows\System\SboHXrs.exe

C:\Windows\System\wdNTGvc.exe

C:\Windows\System\wdNTGvc.exe

C:\Windows\System\ZcgtJyJ.exe

C:\Windows\System\ZcgtJyJ.exe

C:\Windows\System\efEYoql.exe

C:\Windows\System\efEYoql.exe

C:\Windows\System\nyXHihr.exe

C:\Windows\System\nyXHihr.exe

C:\Windows\System\tYJBatn.exe

C:\Windows\System\tYJBatn.exe

C:\Windows\System\GhQRjgu.exe

C:\Windows\System\GhQRjgu.exe

C:\Windows\System\BahaFbs.exe

C:\Windows\System\BahaFbs.exe

C:\Windows\System\AdCWgoa.exe

C:\Windows\System\AdCWgoa.exe

C:\Windows\System\jpTxxWo.exe

C:\Windows\System\jpTxxWo.exe

C:\Windows\System\VvfBPes.exe

C:\Windows\System\VvfBPes.exe

C:\Windows\System\otOFhFM.exe

C:\Windows\System\otOFhFM.exe

C:\Windows\System\eLYsqyO.exe

C:\Windows\System\eLYsqyO.exe

C:\Windows\System\qUWGJTO.exe

C:\Windows\System\qUWGJTO.exe

C:\Windows\System\IrgFyVP.exe

C:\Windows\System\IrgFyVP.exe

C:\Windows\System\eJwgUmG.exe

C:\Windows\System\eJwgUmG.exe

C:\Windows\System\cPueRXD.exe

C:\Windows\System\cPueRXD.exe

C:\Windows\System\OPcQHbK.exe

C:\Windows\System\OPcQHbK.exe

C:\Windows\System\GGDGKod.exe

C:\Windows\System\GGDGKod.exe

C:\Windows\System\zjFwhNY.exe

C:\Windows\System\zjFwhNY.exe

C:\Windows\System\qmgIgKU.exe

C:\Windows\System\qmgIgKU.exe

C:\Windows\System\RksyYQE.exe

C:\Windows\System\RksyYQE.exe

C:\Windows\System\SaNTfeK.exe

C:\Windows\System\SaNTfeK.exe

C:\Windows\System\nNaVjcq.exe

C:\Windows\System\nNaVjcq.exe

C:\Windows\System\ZpBXFBx.exe

C:\Windows\System\ZpBXFBx.exe

C:\Windows\System\quuobcd.exe

C:\Windows\System\quuobcd.exe

C:\Windows\System\uhooJpU.exe

C:\Windows\System\uhooJpU.exe

C:\Windows\System\BOGmhkl.exe

C:\Windows\System\BOGmhkl.exe

C:\Windows\System\ioVDQxQ.exe

C:\Windows\System\ioVDQxQ.exe

C:\Windows\System\qcKZEjM.exe

C:\Windows\System\qcKZEjM.exe

C:\Windows\System\BtvoFwf.exe

C:\Windows\System\BtvoFwf.exe

C:\Windows\System\PPbPIZw.exe

C:\Windows\System\PPbPIZw.exe

C:\Windows\System\yKPUygX.exe

C:\Windows\System\yKPUygX.exe

C:\Windows\System\wiFdyZu.exe

C:\Windows\System\wiFdyZu.exe

C:\Windows\System\mOaPgNO.exe

C:\Windows\System\mOaPgNO.exe

C:\Windows\System\AiasYbQ.exe

C:\Windows\System\AiasYbQ.exe

C:\Windows\System\AwxyUNy.exe

C:\Windows\System\AwxyUNy.exe

C:\Windows\System\YXeJelx.exe

C:\Windows\System\YXeJelx.exe

C:\Windows\System\zCWirGT.exe

C:\Windows\System\zCWirGT.exe

C:\Windows\System\bWvXnXg.exe

C:\Windows\System\bWvXnXg.exe

C:\Windows\System\fwuqsiC.exe

C:\Windows\System\fwuqsiC.exe

C:\Windows\System\OWPwgmk.exe

C:\Windows\System\OWPwgmk.exe

C:\Windows\System\arSNViK.exe

C:\Windows\System\arSNViK.exe

C:\Windows\System\IuwAHlV.exe

C:\Windows\System\IuwAHlV.exe

C:\Windows\System\BKcWPwQ.exe

C:\Windows\System\BKcWPwQ.exe

C:\Windows\System\IiRFGHv.exe

C:\Windows\System\IiRFGHv.exe

C:\Windows\System\PxxmRGF.exe

C:\Windows\System\PxxmRGF.exe

C:\Windows\System\pfaTTcs.exe

C:\Windows\System\pfaTTcs.exe

C:\Windows\System\MnFntyF.exe

C:\Windows\System\MnFntyF.exe

C:\Windows\System\Tfazgkq.exe

C:\Windows\System\Tfazgkq.exe

C:\Windows\System\eSABjQt.exe

C:\Windows\System\eSABjQt.exe

C:\Windows\System\BYqHXMC.exe

C:\Windows\System\BYqHXMC.exe

C:\Windows\System\OtTcveD.exe

C:\Windows\System\OtTcveD.exe

C:\Windows\System\WKfRycL.exe

C:\Windows\System\WKfRycL.exe

C:\Windows\System\Ewnquyz.exe

C:\Windows\System\Ewnquyz.exe

C:\Windows\System\mcNJQvO.exe

C:\Windows\System\mcNJQvO.exe

C:\Windows\System\vIwliKc.exe

C:\Windows\System\vIwliKc.exe

C:\Windows\System\FrhhbNn.exe

C:\Windows\System\FrhhbNn.exe

C:\Windows\System\oOpCqjH.exe

C:\Windows\System\oOpCqjH.exe

C:\Windows\System\EBOxArT.exe

C:\Windows\System\EBOxArT.exe

C:\Windows\System\BNfPSCU.exe

C:\Windows\System\BNfPSCU.exe

C:\Windows\System\XAAPJCS.exe

C:\Windows\System\XAAPJCS.exe

C:\Windows\System\GyIDwlc.exe

C:\Windows\System\GyIDwlc.exe

C:\Windows\System\ICKYiss.exe

C:\Windows\System\ICKYiss.exe

C:\Windows\System\syBxyYj.exe

C:\Windows\System\syBxyYj.exe

C:\Windows\System\kNUAkVe.exe

C:\Windows\System\kNUAkVe.exe

C:\Windows\System\DoMxyDn.exe

C:\Windows\System\DoMxyDn.exe

C:\Windows\System\sDrTdRN.exe

C:\Windows\System\sDrTdRN.exe

C:\Windows\System\rhsLCsP.exe

C:\Windows\System\rhsLCsP.exe

C:\Windows\System\FnCPOMV.exe

C:\Windows\System\FnCPOMV.exe

C:\Windows\System\QGulbMl.exe

C:\Windows\System\QGulbMl.exe

C:\Windows\System\oyazLXN.exe

C:\Windows\System\oyazLXN.exe

C:\Windows\System\vYQrgNO.exe

C:\Windows\System\vYQrgNO.exe

C:\Windows\System\cMrTxDa.exe

C:\Windows\System\cMrTxDa.exe

C:\Windows\System\LbtVjao.exe

C:\Windows\System\LbtVjao.exe

C:\Windows\System\wcLTYfw.exe

C:\Windows\System\wcLTYfw.exe

C:\Windows\System\LZzWyPY.exe

C:\Windows\System\LZzWyPY.exe

C:\Windows\System\PMOcyUr.exe

C:\Windows\System\PMOcyUr.exe

C:\Windows\System\kScntsQ.exe

C:\Windows\System\kScntsQ.exe

C:\Windows\System\GBMCNSG.exe

C:\Windows\System\GBMCNSG.exe

C:\Windows\System\IfscEdS.exe

C:\Windows\System\IfscEdS.exe

C:\Windows\System\FjxoSyJ.exe

C:\Windows\System\FjxoSyJ.exe

C:\Windows\System\NTwFwSD.exe

C:\Windows\System\NTwFwSD.exe

C:\Windows\System\ogQUsaK.exe

C:\Windows\System\ogQUsaK.exe

C:\Windows\System\FwkoaXL.exe

C:\Windows\System\FwkoaXL.exe

C:\Windows\System\qzSkvhu.exe

C:\Windows\System\qzSkvhu.exe

C:\Windows\System\GreHfrq.exe

C:\Windows\System\GreHfrq.exe

C:\Windows\System\PdHetlP.exe

C:\Windows\System\PdHetlP.exe

C:\Windows\System\MFbaoLI.exe

C:\Windows\System\MFbaoLI.exe

C:\Windows\System\EQgxDkb.exe

C:\Windows\System\EQgxDkb.exe

C:\Windows\System\ufsahAs.exe

C:\Windows\System\ufsahAs.exe

C:\Windows\System\UsPywZB.exe

C:\Windows\System\UsPywZB.exe

C:\Windows\System\OOTdMzb.exe

C:\Windows\System\OOTdMzb.exe

C:\Windows\System\TTmbwon.exe

C:\Windows\System\TTmbwon.exe

C:\Windows\System\kNHjyRV.exe

C:\Windows\System\kNHjyRV.exe

C:\Windows\System\xFBjRDd.exe

C:\Windows\System\xFBjRDd.exe

C:\Windows\System\xIkInqY.exe

C:\Windows\System\xIkInqY.exe

C:\Windows\System\vNzHgvU.exe

C:\Windows\System\vNzHgvU.exe

C:\Windows\System\gimhjCy.exe

C:\Windows\System\gimhjCy.exe

C:\Windows\System\HrvDLQm.exe

C:\Windows\System\HrvDLQm.exe

C:\Windows\System\xJbKWFg.exe

C:\Windows\System\xJbKWFg.exe

C:\Windows\System\YhIWuJR.exe

C:\Windows\System\YhIWuJR.exe

C:\Windows\System\ctwrOnz.exe

C:\Windows\System\ctwrOnz.exe

C:\Windows\System\OuwiiDW.exe

C:\Windows\System\OuwiiDW.exe

C:\Windows\System\zNPnjqC.exe

C:\Windows\System\zNPnjqC.exe

C:\Windows\System\YaNmnFU.exe

C:\Windows\System\YaNmnFU.exe

C:\Windows\System\ywiukRN.exe

C:\Windows\System\ywiukRN.exe

C:\Windows\System\bktQPXt.exe

C:\Windows\System\bktQPXt.exe

C:\Windows\System\puShCtC.exe

C:\Windows\System\puShCtC.exe

C:\Windows\System\HfUrOvO.exe

C:\Windows\System\HfUrOvO.exe

C:\Windows\System\gQiIiWw.exe

C:\Windows\System\gQiIiWw.exe

C:\Windows\System\gBoOuLr.exe

C:\Windows\System\gBoOuLr.exe

C:\Windows\System\wajEVJx.exe

C:\Windows\System\wajEVJx.exe

C:\Windows\System\NDHIkfd.exe

C:\Windows\System\NDHIkfd.exe

C:\Windows\System\RzSTNvp.exe

C:\Windows\System\RzSTNvp.exe

C:\Windows\System\sXCaMeq.exe

C:\Windows\System\sXCaMeq.exe

C:\Windows\System\SbxYbFI.exe

C:\Windows\System\SbxYbFI.exe

C:\Windows\System\KBOPvWj.exe

C:\Windows\System\KBOPvWj.exe

C:\Windows\System\zcUwWDg.exe

C:\Windows\System\zcUwWDg.exe

C:\Windows\System\iUvkixx.exe

C:\Windows\System\iUvkixx.exe

C:\Windows\System\zZxZgTr.exe

C:\Windows\System\zZxZgTr.exe

C:\Windows\System\IqYqezn.exe

C:\Windows\System\IqYqezn.exe

C:\Windows\System\XKMERgn.exe

C:\Windows\System\XKMERgn.exe

C:\Windows\System\jCDengD.exe

C:\Windows\System\jCDengD.exe

C:\Windows\System\UvxVfjP.exe

C:\Windows\System\UvxVfjP.exe

C:\Windows\System\CynUoqx.exe

C:\Windows\System\CynUoqx.exe

C:\Windows\System\rTWlbkm.exe

C:\Windows\System\rTWlbkm.exe

C:\Windows\System\hajoulE.exe

C:\Windows\System\hajoulE.exe

C:\Windows\System\nseHMGB.exe

C:\Windows\System\nseHMGB.exe

C:\Windows\System\TbuzLGV.exe

C:\Windows\System\TbuzLGV.exe

C:\Windows\System\VcgRyeo.exe

C:\Windows\System\VcgRyeo.exe

C:\Windows\System\wEqJqLd.exe

C:\Windows\System\wEqJqLd.exe

C:\Windows\System\wvYiCiR.exe

C:\Windows\System\wvYiCiR.exe

C:\Windows\System\dckLbhy.exe

C:\Windows\System\dckLbhy.exe

C:\Windows\System\AEAgyBh.exe

C:\Windows\System\AEAgyBh.exe

C:\Windows\System\INzsrAq.exe

C:\Windows\System\INzsrAq.exe

C:\Windows\System\JjjjeoB.exe

C:\Windows\System\JjjjeoB.exe

C:\Windows\System\vIKEdPU.exe

C:\Windows\System\vIKEdPU.exe

C:\Windows\System\aiJmQwL.exe

C:\Windows\System\aiJmQwL.exe

C:\Windows\System\BpndcBt.exe

C:\Windows\System\BpndcBt.exe

C:\Windows\System\fdxqBga.exe

C:\Windows\System\fdxqBga.exe

C:\Windows\System\rwjfOnK.exe

C:\Windows\System\rwjfOnK.exe

C:\Windows\System\SzTUHCx.exe

C:\Windows\System\SzTUHCx.exe

C:\Windows\System\HNFNPYI.exe

C:\Windows\System\HNFNPYI.exe

C:\Windows\System\YSvSFtE.exe

C:\Windows\System\YSvSFtE.exe

C:\Windows\System\SuaDWgd.exe

C:\Windows\System\SuaDWgd.exe

C:\Windows\System\YAOWLOH.exe

C:\Windows\System\YAOWLOH.exe

C:\Windows\System\oTuHDCJ.exe

C:\Windows\System\oTuHDCJ.exe

C:\Windows\System\SzAwonW.exe

C:\Windows\System\SzAwonW.exe

C:\Windows\System\POCUsTz.exe

C:\Windows\System\POCUsTz.exe

C:\Windows\System\gOuFkMI.exe

C:\Windows\System\gOuFkMI.exe

C:\Windows\System\YpqDQwP.exe

C:\Windows\System\YpqDQwP.exe

C:\Windows\System\msPSFaP.exe

C:\Windows\System\msPSFaP.exe

C:\Windows\System\FrkgjVi.exe

C:\Windows\System\FrkgjVi.exe

C:\Windows\System\XEKUDsE.exe

C:\Windows\System\XEKUDsE.exe

C:\Windows\System\aosJvad.exe

C:\Windows\System\aosJvad.exe

C:\Windows\System\EyMJtAP.exe

C:\Windows\System\EyMJtAP.exe

C:\Windows\System\cfbwqjp.exe

C:\Windows\System\cfbwqjp.exe

C:\Windows\System\KLmcvRF.exe

C:\Windows\System\KLmcvRF.exe

C:\Windows\System\ESUnZTg.exe

C:\Windows\System\ESUnZTg.exe

C:\Windows\System\fCKoFJD.exe

C:\Windows\System\fCKoFJD.exe

C:\Windows\System\ZylHXIX.exe

C:\Windows\System\ZylHXIX.exe

C:\Windows\System\GivMEdw.exe

C:\Windows\System\GivMEdw.exe

C:\Windows\System\gKbUPoh.exe

C:\Windows\System\gKbUPoh.exe

C:\Windows\System\AHFEtiw.exe

C:\Windows\System\AHFEtiw.exe

C:\Windows\System\MajAlXs.exe

C:\Windows\System\MajAlXs.exe

C:\Windows\System\XjJwufT.exe

C:\Windows\System\XjJwufT.exe

C:\Windows\System\dBGNXlo.exe

C:\Windows\System\dBGNXlo.exe

C:\Windows\System\culYxcQ.exe

C:\Windows\System\culYxcQ.exe

C:\Windows\System\sbpaJjh.exe

C:\Windows\System\sbpaJjh.exe

C:\Windows\System\ipUnMhI.exe

C:\Windows\System\ipUnMhI.exe

C:\Windows\System\bAUOvNP.exe

C:\Windows\System\bAUOvNP.exe

C:\Windows\System\opsvyJd.exe

C:\Windows\System\opsvyJd.exe

C:\Windows\System\JBfKxwR.exe

C:\Windows\System\JBfKxwR.exe

C:\Windows\System\vJrzmyo.exe

C:\Windows\System\vJrzmyo.exe

C:\Windows\System\bWPFUbC.exe

C:\Windows\System\bWPFUbC.exe

C:\Windows\System\glioDdl.exe

C:\Windows\System\glioDdl.exe

C:\Windows\System\dsUsgRx.exe

C:\Windows\System\dsUsgRx.exe

C:\Windows\System\xTtROHn.exe

C:\Windows\System\xTtROHn.exe

C:\Windows\System\AqWYtoP.exe

C:\Windows\System\AqWYtoP.exe

C:\Windows\System\BHivTfG.exe

C:\Windows\System\BHivTfG.exe

C:\Windows\System\DDCIhVl.exe

C:\Windows\System\DDCIhVl.exe

C:\Windows\System\lOPAzIS.exe

C:\Windows\System\lOPAzIS.exe

C:\Windows\System\TonrXZq.exe

C:\Windows\System\TonrXZq.exe

C:\Windows\System\kiXVgZI.exe

C:\Windows\System\kiXVgZI.exe

C:\Windows\System\mjWxUBQ.exe

C:\Windows\System\mjWxUBQ.exe

C:\Windows\System\xkwyOLu.exe

C:\Windows\System\xkwyOLu.exe

C:\Windows\System\sETSaZI.exe

C:\Windows\System\sETSaZI.exe

C:\Windows\System\mRJLndQ.exe

C:\Windows\System\mRJLndQ.exe

C:\Windows\System\YPTGGcb.exe

C:\Windows\System\YPTGGcb.exe

C:\Windows\System\BKOtZiY.exe

C:\Windows\System\BKOtZiY.exe

C:\Windows\System\qhNcAAP.exe

C:\Windows\System\qhNcAAP.exe

C:\Windows\System\KupyHqK.exe

C:\Windows\System\KupyHqK.exe

C:\Windows\System\vuIIVoF.exe

C:\Windows\System\vuIIVoF.exe

C:\Windows\System\sAeKxSM.exe

C:\Windows\System\sAeKxSM.exe

C:\Windows\System\esfGstL.exe

C:\Windows\System\esfGstL.exe

C:\Windows\System\cuLfKgj.exe

C:\Windows\System\cuLfKgj.exe

C:\Windows\System\BGPijDG.exe

C:\Windows\System\BGPijDG.exe

C:\Windows\System\mAQyuAi.exe

C:\Windows\System\mAQyuAi.exe

C:\Windows\System\vYmKmvB.exe

C:\Windows\System\vYmKmvB.exe

C:\Windows\System\wCARLFg.exe

C:\Windows\System\wCARLFg.exe

C:\Windows\System\EWfgaPc.exe

C:\Windows\System\EWfgaPc.exe

C:\Windows\System\otVYMUt.exe

C:\Windows\System\otVYMUt.exe

C:\Windows\System\xQqcMLw.exe

C:\Windows\System\xQqcMLw.exe

C:\Windows\System\pmWtIoW.exe

C:\Windows\System\pmWtIoW.exe

C:\Windows\System\ELJeobg.exe

C:\Windows\System\ELJeobg.exe

C:\Windows\System\uFyvaUQ.exe

C:\Windows\System\uFyvaUQ.exe

C:\Windows\System\MgDFIvy.exe

C:\Windows\System\MgDFIvy.exe

C:\Windows\System\sFaqEWx.exe

C:\Windows\System\sFaqEWx.exe

C:\Windows\System\VhSAWie.exe

C:\Windows\System\VhSAWie.exe

C:\Windows\System\jdJStXc.exe

C:\Windows\System\jdJStXc.exe

C:\Windows\System\tgDoOiV.exe

C:\Windows\System\tgDoOiV.exe

C:\Windows\System\tfbyafz.exe

C:\Windows\System\tfbyafz.exe

C:\Windows\System\cAuoErr.exe

C:\Windows\System\cAuoErr.exe

C:\Windows\System\pHxLIpa.exe

C:\Windows\System\pHxLIpa.exe

C:\Windows\System\URmpmMC.exe

C:\Windows\System\URmpmMC.exe

C:\Windows\System\BOjKUvw.exe

C:\Windows\System\BOjKUvw.exe

C:\Windows\System\UJcrIcq.exe

C:\Windows\System\UJcrIcq.exe

C:\Windows\System\nkcXrST.exe

C:\Windows\System\nkcXrST.exe

C:\Windows\System\GBMHyXf.exe

C:\Windows\System\GBMHyXf.exe

C:\Windows\System\tUsHVhE.exe

C:\Windows\System\tUsHVhE.exe

C:\Windows\System\kitzeUe.exe

C:\Windows\System\kitzeUe.exe

C:\Windows\System\lfAMnFe.exe

C:\Windows\System\lfAMnFe.exe

C:\Windows\System\XXgkWVz.exe

C:\Windows\System\XXgkWVz.exe

C:\Windows\System\aEZGOVm.exe

C:\Windows\System\aEZGOVm.exe

C:\Windows\System\tMWSaNk.exe

C:\Windows\System\tMWSaNk.exe

C:\Windows\System\NxWfTGq.exe

C:\Windows\System\NxWfTGq.exe

C:\Windows\System\PmWEqAN.exe

C:\Windows\System\PmWEqAN.exe

C:\Windows\System\tXZZbJJ.exe

C:\Windows\System\tXZZbJJ.exe

C:\Windows\System\wPiuCqu.exe

C:\Windows\System\wPiuCqu.exe

C:\Windows\System\oVZPKuN.exe

C:\Windows\System\oVZPKuN.exe

C:\Windows\System\RkphTxJ.exe

C:\Windows\System\RkphTxJ.exe

C:\Windows\System\crYZJjb.exe

C:\Windows\System\crYZJjb.exe

C:\Windows\System\OahZEck.exe

C:\Windows\System\OahZEck.exe

C:\Windows\System\PdnRDAR.exe

C:\Windows\System\PdnRDAR.exe

C:\Windows\System\qtXnHnX.exe

C:\Windows\System\qtXnHnX.exe

C:\Windows\System\ZUxzNBi.exe

C:\Windows\System\ZUxzNBi.exe

C:\Windows\System\UWAWKIT.exe

C:\Windows\System\UWAWKIT.exe

C:\Windows\System\EwjmLiR.exe

C:\Windows\System\EwjmLiR.exe

C:\Windows\System\RPoxQVD.exe

C:\Windows\System\RPoxQVD.exe

C:\Windows\System\MQfezTM.exe

C:\Windows\System\MQfezTM.exe

C:\Windows\System\PyjSoLD.exe

C:\Windows\System\PyjSoLD.exe

C:\Windows\System\cQEpZeJ.exe

C:\Windows\System\cQEpZeJ.exe

C:\Windows\System\boxpKyK.exe

C:\Windows\System\boxpKyK.exe

C:\Windows\System\pQOdzod.exe

C:\Windows\System\pQOdzod.exe

C:\Windows\System\hpzPlNr.exe

C:\Windows\System\hpzPlNr.exe

C:\Windows\System\NtWOscB.exe

C:\Windows\System\NtWOscB.exe

C:\Windows\System\AULryVz.exe

C:\Windows\System\AULryVz.exe

C:\Windows\System\peHOKRF.exe

C:\Windows\System\peHOKRF.exe

C:\Windows\System\SFPeLTH.exe

C:\Windows\System\SFPeLTH.exe

C:\Windows\System\cLRlFAN.exe

C:\Windows\System\cLRlFAN.exe

C:\Windows\System\TcbxBVm.exe

C:\Windows\System\TcbxBVm.exe

C:\Windows\System\xCcTImZ.exe

C:\Windows\System\xCcTImZ.exe

C:\Windows\System\zUHBFDD.exe

C:\Windows\System\zUHBFDD.exe

C:\Windows\System\yWOVILH.exe

C:\Windows\System\yWOVILH.exe

C:\Windows\System\LkUBtxd.exe

C:\Windows\System\LkUBtxd.exe

C:\Windows\System\dEMWlTr.exe

C:\Windows\System\dEMWlTr.exe

C:\Windows\System\aLgZEAF.exe

C:\Windows\System\aLgZEAF.exe

C:\Windows\System\SvVndff.exe

C:\Windows\System\SvVndff.exe

C:\Windows\System\mxQWNnp.exe

C:\Windows\System\mxQWNnp.exe

C:\Windows\System\uzBDaeT.exe

C:\Windows\System\uzBDaeT.exe

C:\Windows\System\JLQnJHa.exe

C:\Windows\System\JLQnJHa.exe

C:\Windows\System\TOXuZoJ.exe

C:\Windows\System\TOXuZoJ.exe

C:\Windows\System\jTdIKTD.exe

C:\Windows\System\jTdIKTD.exe

C:\Windows\System\CUlamjB.exe

C:\Windows\System\CUlamjB.exe

C:\Windows\System\faBeqvR.exe

C:\Windows\System\faBeqvR.exe

C:\Windows\System\TbyiahO.exe

C:\Windows\System\TbyiahO.exe

C:\Windows\System\WUAHcwX.exe

C:\Windows\System\WUAHcwX.exe

C:\Windows\System\hNTXsUD.exe

C:\Windows\System\hNTXsUD.exe

C:\Windows\System\FFYuDta.exe

C:\Windows\System\FFYuDta.exe

C:\Windows\System\FknRBRM.exe

C:\Windows\System\FknRBRM.exe

C:\Windows\System\IvqJrsb.exe

C:\Windows\System\IvqJrsb.exe

C:\Windows\System\ErPdxZV.exe

C:\Windows\System\ErPdxZV.exe

C:\Windows\System\DnOUecs.exe

C:\Windows\System\DnOUecs.exe

C:\Windows\System\nRaApCn.exe

C:\Windows\System\nRaApCn.exe

C:\Windows\System\JyAEStq.exe

C:\Windows\System\JyAEStq.exe

C:\Windows\System\LlFXVDJ.exe

C:\Windows\System\LlFXVDJ.exe

C:\Windows\System\lScVtIK.exe

C:\Windows\System\lScVtIK.exe

C:\Windows\System\MNjHlpe.exe

C:\Windows\System\MNjHlpe.exe

C:\Windows\System\FpHXuWw.exe

C:\Windows\System\FpHXuWw.exe

C:\Windows\System\vxtblqI.exe

C:\Windows\System\vxtblqI.exe

C:\Windows\System\QHPYhUz.exe

C:\Windows\System\QHPYhUz.exe

C:\Windows\System\AQUWFVR.exe

C:\Windows\System\AQUWFVR.exe

C:\Windows\System\BMHnxny.exe

C:\Windows\System\BMHnxny.exe

C:\Windows\System\rjHFOeX.exe

C:\Windows\System\rjHFOeX.exe

C:\Windows\System\lkpitmS.exe

C:\Windows\System\lkpitmS.exe

C:\Windows\System\bsVfQRU.exe

C:\Windows\System\bsVfQRU.exe

C:\Windows\System\SYCNlIx.exe

C:\Windows\System\SYCNlIx.exe

C:\Windows\System\leOHRTE.exe

C:\Windows\System\leOHRTE.exe

C:\Windows\System\rYmQFKp.exe

C:\Windows\System\rYmQFKp.exe

C:\Windows\System\LIpmFBP.exe

C:\Windows\System\LIpmFBP.exe

C:\Windows\System\gApDVbL.exe

C:\Windows\System\gApDVbL.exe

C:\Windows\System\kZNMVVn.exe

C:\Windows\System\kZNMVVn.exe

C:\Windows\System\EATdhHD.exe

C:\Windows\System\EATdhHD.exe

C:\Windows\System\jOosVZM.exe

C:\Windows\System\jOosVZM.exe

C:\Windows\System\NeOWYix.exe

C:\Windows\System\NeOWYix.exe

C:\Windows\System\FfkIyws.exe

C:\Windows\System\FfkIyws.exe

C:\Windows\System\nCDXuGr.exe

C:\Windows\System\nCDXuGr.exe

C:\Windows\System\oGrIIsG.exe

C:\Windows\System\oGrIIsG.exe

C:\Windows\System\qRBPDAX.exe

C:\Windows\System\qRBPDAX.exe

C:\Windows\System\oawiZpv.exe

C:\Windows\System\oawiZpv.exe

C:\Windows\System\XWyeJUU.exe

C:\Windows\System\XWyeJUU.exe

C:\Windows\System\gdKbUef.exe

C:\Windows\System\gdKbUef.exe

C:\Windows\System\AcKxSFg.exe

C:\Windows\System\AcKxSFg.exe

C:\Windows\System\MugQmrx.exe

C:\Windows\System\MugQmrx.exe

C:\Windows\System\QPeUwte.exe

C:\Windows\System\QPeUwte.exe

C:\Windows\System\cEVtdpm.exe

C:\Windows\System\cEVtdpm.exe

C:\Windows\System\sTjxADF.exe

C:\Windows\System\sTjxADF.exe

C:\Windows\System\zHypTWa.exe

C:\Windows\System\zHypTWa.exe

C:\Windows\System\GfZGnwg.exe

C:\Windows\System\GfZGnwg.exe

C:\Windows\System\zuQctUd.exe

C:\Windows\System\zuQctUd.exe

C:\Windows\System\oDpsvkX.exe

C:\Windows\System\oDpsvkX.exe

C:\Windows\System\tyzXWKN.exe

C:\Windows\System\tyzXWKN.exe

C:\Windows\System\UUvjVYW.exe

C:\Windows\System\UUvjVYW.exe

C:\Windows\System\ztvNrmK.exe

C:\Windows\System\ztvNrmK.exe

C:\Windows\System\YOmTURC.exe

C:\Windows\System\YOmTURC.exe

C:\Windows\System\fAzdsCA.exe

C:\Windows\System\fAzdsCA.exe

C:\Windows\System\asypSpv.exe

C:\Windows\System\asypSpv.exe

C:\Windows\System\lIVibxw.exe

C:\Windows\System\lIVibxw.exe

C:\Windows\System\ovbrbPW.exe

C:\Windows\System\ovbrbPW.exe

C:\Windows\System\oFJWJai.exe

C:\Windows\System\oFJWJai.exe

C:\Windows\System\zycbbZL.exe

C:\Windows\System\zycbbZL.exe

C:\Windows\System\FRWpHHW.exe

C:\Windows\System\FRWpHHW.exe

C:\Windows\System\FLYIqEp.exe

C:\Windows\System\FLYIqEp.exe

C:\Windows\System\CBmCPPX.exe

C:\Windows\System\CBmCPPX.exe

C:\Windows\System\xkdQNhA.exe

C:\Windows\System\xkdQNhA.exe

C:\Windows\System\FNGpRXQ.exe

C:\Windows\System\FNGpRXQ.exe

C:\Windows\System\yduLpZx.exe

C:\Windows\System\yduLpZx.exe

C:\Windows\System\dmgFfXe.exe

C:\Windows\System\dmgFfXe.exe

C:\Windows\System\Rzdfnej.exe

C:\Windows\System\Rzdfnej.exe

C:\Windows\System\ShRlGsq.exe

C:\Windows\System\ShRlGsq.exe

C:\Windows\System\GeCoIJU.exe

C:\Windows\System\GeCoIJU.exe

C:\Windows\System\HFmTcQh.exe

C:\Windows\System\HFmTcQh.exe

C:\Windows\System\CAEDlZn.exe

C:\Windows\System\CAEDlZn.exe

C:\Windows\System\ViYRwvZ.exe

C:\Windows\System\ViYRwvZ.exe

C:\Windows\System\htaCkGY.exe

C:\Windows\System\htaCkGY.exe

C:\Windows\System\IFZWBdp.exe

C:\Windows\System\IFZWBdp.exe

C:\Windows\System\KmUaqag.exe

C:\Windows\System\KmUaqag.exe

C:\Windows\System\WQjmXPJ.exe

C:\Windows\System\WQjmXPJ.exe

C:\Windows\System\TajbBQI.exe

C:\Windows\System\TajbBQI.exe

C:\Windows\System\WJKePWc.exe

C:\Windows\System\WJKePWc.exe

C:\Windows\System\uMrqIPE.exe

C:\Windows\System\uMrqIPE.exe

C:\Windows\System\NVkVSdT.exe

C:\Windows\System\NVkVSdT.exe

C:\Windows\System\awtScFG.exe

C:\Windows\System\awtScFG.exe

C:\Windows\System\KCsFRCc.exe

C:\Windows\System\KCsFRCc.exe

C:\Windows\System\PEBXNXl.exe

C:\Windows\System\PEBXNXl.exe

C:\Windows\System\NABGGjN.exe

C:\Windows\System\NABGGjN.exe

C:\Windows\System\BEqZIHa.exe

C:\Windows\System\BEqZIHa.exe

C:\Windows\System\cMdpfyO.exe

C:\Windows\System\cMdpfyO.exe

C:\Windows\System\azNxZiu.exe

C:\Windows\System\azNxZiu.exe

C:\Windows\System\jmqkOgz.exe

C:\Windows\System\jmqkOgz.exe

C:\Windows\System\ZoUHzRy.exe

C:\Windows\System\ZoUHzRy.exe

C:\Windows\System\sXreynZ.exe

C:\Windows\System\sXreynZ.exe

C:\Windows\System\XCRMseU.exe

C:\Windows\System\XCRMseU.exe

C:\Windows\System\uvGrYZT.exe

C:\Windows\System\uvGrYZT.exe

C:\Windows\System\DzOUZWR.exe

C:\Windows\System\DzOUZWR.exe

C:\Windows\System\xsISIgn.exe

C:\Windows\System\xsISIgn.exe

C:\Windows\System\dJdhKRf.exe

C:\Windows\System\dJdhKRf.exe

C:\Windows\System\pIuoxck.exe

C:\Windows\System\pIuoxck.exe

C:\Windows\System\skfjENc.exe

C:\Windows\System\skfjENc.exe

C:\Windows\System\OChqabA.exe

C:\Windows\System\OChqabA.exe

C:\Windows\System\hEZDhvr.exe

C:\Windows\System\hEZDhvr.exe

C:\Windows\System\hZMXLBy.exe

C:\Windows\System\hZMXLBy.exe

C:\Windows\System\pFaeoZk.exe

C:\Windows\System\pFaeoZk.exe

C:\Windows\System\hRjsoQK.exe

C:\Windows\System\hRjsoQK.exe

C:\Windows\System\qSAbivd.exe

C:\Windows\System\qSAbivd.exe

C:\Windows\System\FbRXNNH.exe

C:\Windows\System\FbRXNNH.exe

C:\Windows\System\IYkCeCD.exe

C:\Windows\System\IYkCeCD.exe

C:\Windows\System\gwDLKQa.exe

C:\Windows\System\gwDLKQa.exe

C:\Windows\System\edUrQSO.exe

C:\Windows\System\edUrQSO.exe

C:\Windows\System\vTvlIPh.exe

C:\Windows\System\vTvlIPh.exe

C:\Windows\System\fQEbVMa.exe

C:\Windows\System\fQEbVMa.exe

C:\Windows\System\UwUzMDX.exe

C:\Windows\System\UwUzMDX.exe

C:\Windows\System\zkQVsvE.exe

C:\Windows\System\zkQVsvE.exe

C:\Windows\System\HItnlgr.exe

C:\Windows\System\HItnlgr.exe

C:\Windows\System\ZabqaoB.exe

C:\Windows\System\ZabqaoB.exe

C:\Windows\System\KugdFlE.exe

C:\Windows\System\KugdFlE.exe

C:\Windows\System\oufhEpf.exe

C:\Windows\System\oufhEpf.exe

C:\Windows\System\azqpCuz.exe

C:\Windows\System\azqpCuz.exe

C:\Windows\System\AhDrsVT.exe

C:\Windows\System\AhDrsVT.exe

C:\Windows\System\arZjZWc.exe

C:\Windows\System\arZjZWc.exe

C:\Windows\System\xspBqPm.exe

C:\Windows\System\xspBqPm.exe

C:\Windows\System\SrvHvam.exe

C:\Windows\System\SrvHvam.exe

C:\Windows\System\pBhtIif.exe

C:\Windows\System\pBhtIif.exe

C:\Windows\System\jKrbnfN.exe

C:\Windows\System\jKrbnfN.exe

C:\Windows\System\CWeJSpf.exe

C:\Windows\System\CWeJSpf.exe

C:\Windows\System\XsfAwwA.exe

C:\Windows\System\XsfAwwA.exe

C:\Windows\System\JzvEoBe.exe

C:\Windows\System\JzvEoBe.exe

C:\Windows\System\spvDXol.exe

C:\Windows\System\spvDXol.exe

C:\Windows\System\moUCnwm.exe

C:\Windows\System\moUCnwm.exe

C:\Windows\System\SyPvhRl.exe

C:\Windows\System\SyPvhRl.exe

C:\Windows\System\CzsTdhl.exe

C:\Windows\System\CzsTdhl.exe

C:\Windows\System\AgoAidC.exe

C:\Windows\System\AgoAidC.exe

C:\Windows\System\EFsCUNi.exe

C:\Windows\System\EFsCUNi.exe

C:\Windows\System\BDcJscd.exe

C:\Windows\System\BDcJscd.exe

C:\Windows\System\UKyMlWm.exe

C:\Windows\System\UKyMlWm.exe

C:\Windows\System\XnxCnzh.exe

C:\Windows\System\XnxCnzh.exe

C:\Windows\System\zGWwlWG.exe

C:\Windows\System\zGWwlWG.exe

C:\Windows\System\YsEAYzD.exe

C:\Windows\System\YsEAYzD.exe

C:\Windows\System\nrwPjHj.exe

C:\Windows\System\nrwPjHj.exe

C:\Windows\System\oXZXqPH.exe

C:\Windows\System\oXZXqPH.exe

C:\Windows\System\oPRDKXs.exe

C:\Windows\System\oPRDKXs.exe

C:\Windows\System\GouxnVT.exe

C:\Windows\System\GouxnVT.exe

C:\Windows\System\HsaUxDP.exe

C:\Windows\System\HsaUxDP.exe

C:\Windows\System\UPOgihQ.exe

C:\Windows\System\UPOgihQ.exe

C:\Windows\System\glmIisG.exe

C:\Windows\System\glmIisG.exe

C:\Windows\System\QapyfJN.exe

C:\Windows\System\QapyfJN.exe

C:\Windows\System\DTMCcCe.exe

C:\Windows\System\DTMCcCe.exe

C:\Windows\System\BkcvKsu.exe

C:\Windows\System\BkcvKsu.exe

C:\Windows\System\VemhumI.exe

C:\Windows\System\VemhumI.exe

C:\Windows\System\uUfDAFS.exe

C:\Windows\System\uUfDAFS.exe

C:\Windows\System\kKbrvmH.exe

C:\Windows\System\kKbrvmH.exe

C:\Windows\System\quqzLCv.exe

C:\Windows\System\quqzLCv.exe

C:\Windows\System\wFzawgM.exe

C:\Windows\System\wFzawgM.exe

C:\Windows\System\FbhUTCE.exe

C:\Windows\System\FbhUTCE.exe

C:\Windows\System\gAoFSny.exe

C:\Windows\System\gAoFSny.exe

C:\Windows\System\ozhVBpS.exe

C:\Windows\System\ozhVBpS.exe

C:\Windows\System\RhbfDKk.exe

C:\Windows\System\RhbfDKk.exe

C:\Windows\System\BdYwKPv.exe

C:\Windows\System\BdYwKPv.exe

C:\Windows\System\lgGsMFt.exe

C:\Windows\System\lgGsMFt.exe

C:\Windows\System\cxCbqvn.exe

C:\Windows\System\cxCbqvn.exe

C:\Windows\System\VJYRRly.exe

C:\Windows\System\VJYRRly.exe

C:\Windows\System\UsnvtiW.exe

C:\Windows\System\UsnvtiW.exe

C:\Windows\System\MWKdlpu.exe

C:\Windows\System\MWKdlpu.exe

C:\Windows\System\vubagrr.exe

C:\Windows\System\vubagrr.exe

C:\Windows\System\ijSuIDl.exe

C:\Windows\System\ijSuIDl.exe

C:\Windows\System\aJeTMwk.exe

C:\Windows\System\aJeTMwk.exe

C:\Windows\System\yEqzMFr.exe

C:\Windows\System\yEqzMFr.exe

C:\Windows\System\sKWsYbe.exe

C:\Windows\System\sKWsYbe.exe

C:\Windows\System\JmMMRfk.exe

C:\Windows\System\JmMMRfk.exe

C:\Windows\System\BPmFrrE.exe

C:\Windows\System\BPmFrrE.exe

C:\Windows\System\fsEMYBW.exe

C:\Windows\System\fsEMYBW.exe

C:\Windows\System\QCTytXG.exe

C:\Windows\System\QCTytXG.exe

C:\Windows\System\jkJKcTr.exe

C:\Windows\System\jkJKcTr.exe

C:\Windows\System\vyiWqWY.exe

C:\Windows\System\vyiWqWY.exe

C:\Windows\System\sSBbzFE.exe

C:\Windows\System\sSBbzFE.exe

C:\Windows\System\veaFZzu.exe

C:\Windows\System\veaFZzu.exe

C:\Windows\System\ZNlefpr.exe

C:\Windows\System\ZNlefpr.exe

C:\Windows\System\NlRiyHF.exe

C:\Windows\System\NlRiyHF.exe

C:\Windows\System\eNrcDOT.exe

C:\Windows\System\eNrcDOT.exe

C:\Windows\System\rNzItKq.exe

C:\Windows\System\rNzItKq.exe

C:\Windows\System\uZCLHtN.exe

C:\Windows\System\uZCLHtN.exe

C:\Windows\System\NYbuAsa.exe

C:\Windows\System\NYbuAsa.exe

C:\Windows\System\hactDME.exe

C:\Windows\System\hactDME.exe

C:\Windows\System\swmCmeB.exe

C:\Windows\System\swmCmeB.exe

C:\Windows\System\hgRBXoc.exe

C:\Windows\System\hgRBXoc.exe

C:\Windows\System\hIoyGmV.exe

C:\Windows\System\hIoyGmV.exe

C:\Windows\System\GPDQnkK.exe

C:\Windows\System\GPDQnkK.exe

C:\Windows\System\yvuQHRz.exe

C:\Windows\System\yvuQHRz.exe

C:\Windows\System\bAIZulH.exe

C:\Windows\System\bAIZulH.exe

C:\Windows\System\uGFbSak.exe

C:\Windows\System\uGFbSak.exe

C:\Windows\System\QppAyhM.exe

C:\Windows\System\QppAyhM.exe

C:\Windows\System\QPOzEgY.exe

C:\Windows\System\QPOzEgY.exe

C:\Windows\System\yMPUvNH.exe

C:\Windows\System\yMPUvNH.exe

C:\Windows\System\gVcTREb.exe

C:\Windows\System\gVcTREb.exe

C:\Windows\System\KEDvkeJ.exe

C:\Windows\System\KEDvkeJ.exe

C:\Windows\System\HddgHQZ.exe

C:\Windows\System\HddgHQZ.exe

C:\Windows\System\GGfBpzu.exe

C:\Windows\System\GGfBpzu.exe

C:\Windows\System\IAFJUyo.exe

C:\Windows\System\IAFJUyo.exe

C:\Windows\System\oPWqFCB.exe

C:\Windows\System\oPWqFCB.exe

C:\Windows\System\hTCHnht.exe

C:\Windows\System\hTCHnht.exe

C:\Windows\System\xQkpgBV.exe

C:\Windows\System\xQkpgBV.exe

C:\Windows\System\cFHiTsO.exe

C:\Windows\System\cFHiTsO.exe

C:\Windows\System\wNatosN.exe

C:\Windows\System\wNatosN.exe

C:\Windows\System\kFNMWvd.exe

C:\Windows\System\kFNMWvd.exe

C:\Windows\System\EdqPSDy.exe

C:\Windows\System\EdqPSDy.exe

C:\Windows\System\WXFgddL.exe

C:\Windows\System\WXFgddL.exe

C:\Windows\System\xnoAglg.exe

C:\Windows\System\xnoAglg.exe

C:\Windows\System\UmBpETp.exe

C:\Windows\System\UmBpETp.exe

C:\Windows\System\hiPvyqG.exe

C:\Windows\System\hiPvyqG.exe

C:\Windows\System\dxEiAAM.exe

C:\Windows\System\dxEiAAM.exe

C:\Windows\System\gdlridO.exe

C:\Windows\System\gdlridO.exe

C:\Windows\System\UxBuuQc.exe

C:\Windows\System\UxBuuQc.exe

C:\Windows\System\UmaWbcV.exe

C:\Windows\System\UmaWbcV.exe

C:\Windows\System\zXWodGd.exe

C:\Windows\System\zXWodGd.exe

C:\Windows\System\YqYDXxC.exe

C:\Windows\System\YqYDXxC.exe

C:\Windows\System\XuPsMyI.exe

C:\Windows\System\XuPsMyI.exe

C:\Windows\System\dSyvlHC.exe

C:\Windows\System\dSyvlHC.exe

C:\Windows\System\ldYqcdh.exe

C:\Windows\System\ldYqcdh.exe

C:\Windows\System\bEtlMzZ.exe

C:\Windows\System\bEtlMzZ.exe

C:\Windows\System\bcxdGAZ.exe

C:\Windows\System\bcxdGAZ.exe

C:\Windows\System\xdtUCOB.exe

C:\Windows\System\xdtUCOB.exe

C:\Windows\System\IDvFmWd.exe

C:\Windows\System\IDvFmWd.exe

C:\Windows\System\pvaTczV.exe

C:\Windows\System\pvaTczV.exe

C:\Windows\System\tfnOZNJ.exe

C:\Windows\System\tfnOZNJ.exe

C:\Windows\System\iBtJOXo.exe

C:\Windows\System\iBtJOXo.exe

C:\Windows\System\iJDtVhQ.exe

C:\Windows\System\iJDtVhQ.exe

C:\Windows\System\MHdAZDL.exe

C:\Windows\System\MHdAZDL.exe

C:\Windows\System\kZvOxVi.exe

C:\Windows\System\kZvOxVi.exe

C:\Windows\System\RlWTfwM.exe

C:\Windows\System\RlWTfwM.exe

C:\Windows\System\nkiDfJq.exe

C:\Windows\System\nkiDfJq.exe

C:\Windows\System\SkGuIlO.exe

C:\Windows\System\SkGuIlO.exe

C:\Windows\System\SYfHIWr.exe

C:\Windows\System\SYfHIWr.exe

C:\Windows\System\liCLGQS.exe

C:\Windows\System\liCLGQS.exe

C:\Windows\System\iUCqEhJ.exe

C:\Windows\System\iUCqEhJ.exe

C:\Windows\System\ejdPsZY.exe

C:\Windows\System\ejdPsZY.exe

C:\Windows\System\FbvSNPK.exe

C:\Windows\System\FbvSNPK.exe

C:\Windows\System\OxNHcfl.exe

C:\Windows\System\OxNHcfl.exe

C:\Windows\System\DRXMpHH.exe

C:\Windows\System\DRXMpHH.exe

C:\Windows\System\HCsWpRX.exe

C:\Windows\System\HCsWpRX.exe

C:\Windows\System\oGXQlgy.exe

C:\Windows\System\oGXQlgy.exe

C:\Windows\System\mGOHvAd.exe

C:\Windows\System\mGOHvAd.exe

C:\Windows\System\VOIrQqF.exe

C:\Windows\System\VOIrQqF.exe

C:\Windows\System\PrcrmaU.exe

C:\Windows\System\PrcrmaU.exe

C:\Windows\System\NIHLAxk.exe

C:\Windows\System\NIHLAxk.exe

C:\Windows\System\SNLHKqE.exe

C:\Windows\System\SNLHKqE.exe

C:\Windows\System\gNsEIjJ.exe

C:\Windows\System\gNsEIjJ.exe

C:\Windows\System\JhknLbf.exe

C:\Windows\System\JhknLbf.exe

C:\Windows\System\EnSNPqD.exe

C:\Windows\System\EnSNPqD.exe

C:\Windows\System\gvOSDem.exe

C:\Windows\System\gvOSDem.exe

C:\Windows\System\SbwUJOd.exe

C:\Windows\System\SbwUJOd.exe

C:\Windows\System\bQSMTGl.exe

C:\Windows\System\bQSMTGl.exe

C:\Windows\System\efybRpQ.exe

C:\Windows\System\efybRpQ.exe

C:\Windows\System\zwhUNEU.exe

C:\Windows\System\zwhUNEU.exe

C:\Windows\System\JYpTTaU.exe

C:\Windows\System\JYpTTaU.exe

C:\Windows\System\MxCpTpE.exe

C:\Windows\System\MxCpTpE.exe

C:\Windows\System\DqBKlNo.exe

C:\Windows\System\DqBKlNo.exe

C:\Windows\System\vLYzVLr.exe

C:\Windows\System\vLYzVLr.exe

C:\Windows\System\lZktZtS.exe

C:\Windows\System\lZktZtS.exe

C:\Windows\System\mCQUBFs.exe

C:\Windows\System\mCQUBFs.exe

C:\Windows\System\GqrUiBf.exe

C:\Windows\System\GqrUiBf.exe

C:\Windows\System\GAMxepP.exe

C:\Windows\System\GAMxepP.exe

C:\Windows\System\npfZKOR.exe

C:\Windows\System\npfZKOR.exe

C:\Windows\System\OuNjWiJ.exe

C:\Windows\System\OuNjWiJ.exe

C:\Windows\System\aUDDjge.exe

C:\Windows\System\aUDDjge.exe

C:\Windows\System\adIQMNb.exe

C:\Windows\System\adIQMNb.exe

C:\Windows\System\zXhyeAa.exe

C:\Windows\System\zXhyeAa.exe

C:\Windows\System\RWyMccD.exe

C:\Windows\System\RWyMccD.exe

C:\Windows\System\FeGDXsB.exe

C:\Windows\System\FeGDXsB.exe

C:\Windows\System\BBWZCbo.exe

C:\Windows\System\BBWZCbo.exe

C:\Windows\System\eRKdhXH.exe

C:\Windows\System\eRKdhXH.exe

C:\Windows\System\VcZSYDd.exe

C:\Windows\System\VcZSYDd.exe

C:\Windows\System\CqUArds.exe

C:\Windows\System\CqUArds.exe

C:\Windows\System\bWJiweW.exe

C:\Windows\System\bWJiweW.exe

C:\Windows\System\IdLJFfE.exe

C:\Windows\System\IdLJFfE.exe

C:\Windows\System\VragrpE.exe

C:\Windows\System\VragrpE.exe

C:\Windows\System\EWkmYpp.exe

C:\Windows\System\EWkmYpp.exe

C:\Windows\System\JvBWJaH.exe

C:\Windows\System\JvBWJaH.exe

C:\Windows\System\omSWYID.exe

C:\Windows\System\omSWYID.exe

C:\Windows\System\jDbhqoR.exe

C:\Windows\System\jDbhqoR.exe

C:\Windows\System\moWsNhH.exe

C:\Windows\System\moWsNhH.exe

C:\Windows\System\iHeUAgD.exe

C:\Windows\System\iHeUAgD.exe

C:\Windows\System\IkenezE.exe

C:\Windows\System\IkenezE.exe

C:\Windows\System\fvTFcND.exe

C:\Windows\System\fvTFcND.exe

C:\Windows\System\vUyBloM.exe

C:\Windows\System\vUyBloM.exe

C:\Windows\System\EYZAGZX.exe

C:\Windows\System\EYZAGZX.exe

C:\Windows\System\DIDgnfu.exe

C:\Windows\System\DIDgnfu.exe

C:\Windows\System\OXVMsRH.exe

C:\Windows\System\OXVMsRH.exe

C:\Windows\System\ZEnAAvb.exe

C:\Windows\System\ZEnAAvb.exe

C:\Windows\System\mkSLROi.exe

C:\Windows\System\mkSLROi.exe

C:\Windows\System\mcPVKij.exe

C:\Windows\System\mcPVKij.exe

C:\Windows\System\dMmrrzE.exe

C:\Windows\System\dMmrrzE.exe

C:\Windows\System\eDwHvtE.exe

C:\Windows\System\eDwHvtE.exe

C:\Windows\System\CHtziMw.exe

C:\Windows\System\CHtziMw.exe

C:\Windows\System\cfuQJos.exe

C:\Windows\System\cfuQJos.exe

C:\Windows\System\vSEcBVX.exe

C:\Windows\System\vSEcBVX.exe

C:\Windows\System\ZsDJEgZ.exe

C:\Windows\System\ZsDJEgZ.exe

C:\Windows\System\gFYJFwE.exe

C:\Windows\System\gFYJFwE.exe

C:\Windows\System\KDGqmHY.exe

C:\Windows\System\KDGqmHY.exe

C:\Windows\System\eWbezvp.exe

C:\Windows\System\eWbezvp.exe

C:\Windows\System\pUxKoZk.exe

C:\Windows\System\pUxKoZk.exe

C:\Windows\System\nIUvxLI.exe

C:\Windows\System\nIUvxLI.exe

C:\Windows\System\XPQiSBk.exe

C:\Windows\System\XPQiSBk.exe

C:\Windows\System\IALMzdT.exe

C:\Windows\System\IALMzdT.exe

C:\Windows\System\zHDXaET.exe

C:\Windows\System\zHDXaET.exe

C:\Windows\System\cKhMqlW.exe

C:\Windows\System\cKhMqlW.exe

C:\Windows\System\jiufxJG.exe

C:\Windows\System\jiufxJG.exe

C:\Windows\System\cRqConJ.exe

C:\Windows\System\cRqConJ.exe

C:\Windows\System\GSwHNpc.exe

C:\Windows\System\GSwHNpc.exe

C:\Windows\System\FEkKKtM.exe

C:\Windows\System\FEkKKtM.exe

C:\Windows\System\XKjylkf.exe

C:\Windows\System\XKjylkf.exe

C:\Windows\System\Llojulv.exe

C:\Windows\System\Llojulv.exe

C:\Windows\System\ychSYhL.exe

C:\Windows\System\ychSYhL.exe

C:\Windows\System\wCJwZaO.exe

C:\Windows\System\wCJwZaO.exe

C:\Windows\System\WUwQpum.exe

C:\Windows\System\WUwQpum.exe

C:\Windows\System\plqQizD.exe

C:\Windows\System\plqQizD.exe

C:\Windows\System\xSLNGKc.exe

C:\Windows\System\xSLNGKc.exe

C:\Windows\System\YtxdhPr.exe

C:\Windows\System\YtxdhPr.exe

C:\Windows\System\gRZPqEX.exe

C:\Windows\System\gRZPqEX.exe

C:\Windows\System\faGiRNo.exe

C:\Windows\System\faGiRNo.exe

C:\Windows\System\rvjvCEu.exe

C:\Windows\System\rvjvCEu.exe

C:\Windows\System\AHOLCbO.exe

C:\Windows\System\AHOLCbO.exe

C:\Windows\System\AHzbuzm.exe

C:\Windows\System\AHzbuzm.exe

C:\Windows\System\XOhNgNm.exe

C:\Windows\System\XOhNgNm.exe

C:\Windows\System\immlLbE.exe

C:\Windows\System\immlLbE.exe

C:\Windows\System\AnRlULK.exe

C:\Windows\System\AnRlULK.exe

C:\Windows\System\WdSfzHC.exe

C:\Windows\System\WdSfzHC.exe

C:\Windows\System\LDzzSZb.exe

C:\Windows\System\LDzzSZb.exe

C:\Windows\System\sLjusyV.exe

C:\Windows\System\sLjusyV.exe

C:\Windows\System\ciVTivp.exe

C:\Windows\System\ciVTivp.exe

C:\Windows\System\oDaBuIM.exe

C:\Windows\System\oDaBuIM.exe

C:\Windows\System\LTiPllv.exe

C:\Windows\System\LTiPllv.exe

C:\Windows\System\hidlPDV.exe

C:\Windows\System\hidlPDV.exe

C:\Windows\System\heVivPo.exe

C:\Windows\System\heVivPo.exe

C:\Windows\System\mrkJsqu.exe

C:\Windows\System\mrkJsqu.exe

C:\Windows\System\YGJoYNY.exe

C:\Windows\System\YGJoYNY.exe

C:\Windows\System\yhpCOvT.exe

C:\Windows\System\yhpCOvT.exe

C:\Windows\System\dqxqkod.exe

C:\Windows\System\dqxqkod.exe

C:\Windows\System\yMBWPxq.exe

C:\Windows\System\yMBWPxq.exe

C:\Windows\System\ChdltTe.exe

C:\Windows\System\ChdltTe.exe

C:\Windows\System\jCLuMMB.exe

C:\Windows\System\jCLuMMB.exe

C:\Windows\System\lyoECsV.exe

C:\Windows\System\lyoECsV.exe

C:\Windows\System\ucUYZUV.exe

C:\Windows\System\ucUYZUV.exe

C:\Windows\System\cSiXmGi.exe

C:\Windows\System\cSiXmGi.exe

C:\Windows\System\DPFHzwH.exe

C:\Windows\System\DPFHzwH.exe

C:\Windows\System\AMTqtTf.exe

C:\Windows\System\AMTqtTf.exe

C:\Windows\System\AVDrTID.exe

C:\Windows\System\AVDrTID.exe

C:\Windows\System\KqehWEt.exe

C:\Windows\System\KqehWEt.exe

C:\Windows\System\mjbebDR.exe

C:\Windows\System\mjbebDR.exe

C:\Windows\System\sUhvxjG.exe

C:\Windows\System\sUhvxjG.exe

C:\Windows\System\qNsenWP.exe

C:\Windows\System\qNsenWP.exe

C:\Windows\System\KxDEYWW.exe

C:\Windows\System\KxDEYWW.exe

C:\Windows\System\SRbEbdz.exe

C:\Windows\System\SRbEbdz.exe

C:\Windows\System\jPclfzv.exe

C:\Windows\System\jPclfzv.exe

C:\Windows\System\YVpwOnY.exe

C:\Windows\System\YVpwOnY.exe

C:\Windows\System\NxIzfIf.exe

C:\Windows\System\NxIzfIf.exe

C:\Windows\System\jCtkDmQ.exe

C:\Windows\System\jCtkDmQ.exe

C:\Windows\System\tQXqmDV.exe

C:\Windows\System\tQXqmDV.exe

C:\Windows\System\OJYCkEg.exe

C:\Windows\System\OJYCkEg.exe

C:\Windows\System\OhptmcV.exe

C:\Windows\System\OhptmcV.exe

C:\Windows\System\rWLxhaM.exe

C:\Windows\System\rWLxhaM.exe

C:\Windows\System\EDPVDtd.exe

C:\Windows\System\EDPVDtd.exe

C:\Windows\System\gHxsXlc.exe

C:\Windows\System\gHxsXlc.exe

C:\Windows\System\lprdPfZ.exe

C:\Windows\System\lprdPfZ.exe

C:\Windows\System\qpZslZp.exe

C:\Windows\System\qpZslZp.exe

C:\Windows\System\SIfpBrh.exe

C:\Windows\System\SIfpBrh.exe

C:\Windows\System\fpudaZw.exe

C:\Windows\System\fpudaZw.exe

C:\Windows\System\UPEpVIM.exe

C:\Windows\System\UPEpVIM.exe

C:\Windows\System\UaWMTXl.exe

C:\Windows\System\UaWMTXl.exe

C:\Windows\System\uOVCDHO.exe

C:\Windows\System\uOVCDHO.exe

C:\Windows\System\kDThGbc.exe

C:\Windows\System\kDThGbc.exe

C:\Windows\System\qyxqXJU.exe

C:\Windows\System\qyxqXJU.exe

C:\Windows\System\bRKfomc.exe

C:\Windows\System\bRKfomc.exe

C:\Windows\System\lnYvlFG.exe

C:\Windows\System\lnYvlFG.exe

C:\Windows\System\bqrJtuc.exe

C:\Windows\System\bqrJtuc.exe

C:\Windows\System\qSmluTI.exe

C:\Windows\System\qSmluTI.exe

C:\Windows\System\KePmtLr.exe

C:\Windows\System\KePmtLr.exe

C:\Windows\System\PVVvJrO.exe

C:\Windows\System\PVVvJrO.exe

C:\Windows\System\zuinZhk.exe

C:\Windows\System\zuinZhk.exe

C:\Windows\System\eyoJYlg.exe

C:\Windows\System\eyoJYlg.exe

C:\Windows\System\ROmxohX.exe

C:\Windows\System\ROmxohX.exe

C:\Windows\System\kAYdsyH.exe

C:\Windows\System\kAYdsyH.exe

C:\Windows\System\rqndfwW.exe

C:\Windows\System\rqndfwW.exe

C:\Windows\System\wgCJnkW.exe

C:\Windows\System\wgCJnkW.exe

C:\Windows\System\mKHjTcg.exe

C:\Windows\System\mKHjTcg.exe

C:\Windows\System\BtNPQVg.exe

C:\Windows\System\BtNPQVg.exe

C:\Windows\System\xexfWcH.exe

C:\Windows\System\xexfWcH.exe

C:\Windows\System\LzDPxTr.exe

C:\Windows\System\LzDPxTr.exe

C:\Windows\System\ZeKvDrM.exe

C:\Windows\System\ZeKvDrM.exe

C:\Windows\System\IJJLpsR.exe

C:\Windows\System\IJJLpsR.exe

C:\Windows\System\mNiBlqq.exe

C:\Windows\System\mNiBlqq.exe

C:\Windows\System\ZZwtvUV.exe

C:\Windows\System\ZZwtvUV.exe

C:\Windows\System\VHisczZ.exe

C:\Windows\System\VHisczZ.exe

C:\Windows\System\ZCranvZ.exe

C:\Windows\System\ZCranvZ.exe

C:\Windows\System\DYWPmfa.exe

C:\Windows\System\DYWPmfa.exe

C:\Windows\System\IEoDpPP.exe

C:\Windows\System\IEoDpPP.exe

C:\Windows\System\WfoRRrA.exe

C:\Windows\System\WfoRRrA.exe

C:\Windows\System\MSDmEzF.exe

C:\Windows\System\MSDmEzF.exe

C:\Windows\System\GlXvgPM.exe

C:\Windows\System\GlXvgPM.exe

C:\Windows\System\ouQnMCc.exe

C:\Windows\System\ouQnMCc.exe

C:\Windows\System\sRyiNkQ.exe

C:\Windows\System\sRyiNkQ.exe

C:\Windows\System\HOFuqTj.exe

C:\Windows\System\HOFuqTj.exe

C:\Windows\System\pcGdgrA.exe

C:\Windows\System\pcGdgrA.exe

C:\Windows\System\bisoKyX.exe

C:\Windows\System\bisoKyX.exe

C:\Windows\System\nOEnucI.exe

C:\Windows\System\nOEnucI.exe

C:\Windows\System\WDOYzph.exe

C:\Windows\System\WDOYzph.exe

C:\Windows\System\jSukARV.exe

C:\Windows\System\jSukARV.exe

C:\Windows\System\HSkfKsn.exe

C:\Windows\System\HSkfKsn.exe

C:\Windows\System\iArsEfI.exe

C:\Windows\System\iArsEfI.exe

C:\Windows\System\ixlJgTy.exe

C:\Windows\System\ixlJgTy.exe

C:\Windows\System\nIDtFes.exe

C:\Windows\System\nIDtFes.exe

C:\Windows\System\qMyimdR.exe

C:\Windows\System\qMyimdR.exe

C:\Windows\System\WGaEGme.exe

C:\Windows\System\WGaEGme.exe

C:\Windows\System\XVHMlay.exe

C:\Windows\System\XVHMlay.exe

C:\Windows\System\JmnKhKH.exe

C:\Windows\System\JmnKhKH.exe

C:\Windows\System\IsoKYUu.exe

C:\Windows\System\IsoKYUu.exe

C:\Windows\System\yJdfKyc.exe

C:\Windows\System\yJdfKyc.exe

C:\Windows\System\gWwHLei.exe

C:\Windows\System\gWwHLei.exe

C:\Windows\System\kLvpzga.exe

C:\Windows\System\kLvpzga.exe

C:\Windows\System\RJfrlDG.exe

C:\Windows\System\RJfrlDG.exe

C:\Windows\System\lIcqiRo.exe

C:\Windows\System\lIcqiRo.exe

C:\Windows\System\uytDZOD.exe

C:\Windows\System\uytDZOD.exe

C:\Windows\System\fXioKuH.exe

C:\Windows\System\fXioKuH.exe

C:\Windows\System\UaWxLvY.exe

C:\Windows\System\UaWxLvY.exe

C:\Windows\System\athXprc.exe

C:\Windows\System\athXprc.exe

C:\Windows\System\IaYcLXB.exe

C:\Windows\System\IaYcLXB.exe

C:\Windows\System\wyDFheN.exe

C:\Windows\System\wyDFheN.exe

C:\Windows\System\NDfqqlN.exe

C:\Windows\System\NDfqqlN.exe

C:\Windows\System\vdZhwuy.exe

C:\Windows\System\vdZhwuy.exe

C:\Windows\System\XWQyOaC.exe

C:\Windows\System\XWQyOaC.exe

C:\Windows\System\AXaVXfw.exe

C:\Windows\System\AXaVXfw.exe

C:\Windows\System\NMtwrXW.exe

C:\Windows\System\NMtwrXW.exe

C:\Windows\System\nbsgImQ.exe

C:\Windows\System\nbsgImQ.exe

C:\Windows\System\cKuZjLi.exe

C:\Windows\System\cKuZjLi.exe

C:\Windows\System\iKcmwpL.exe

C:\Windows\System\iKcmwpL.exe

C:\Windows\System\frCbFqL.exe

C:\Windows\System\frCbFqL.exe

C:\Windows\System\xiVlhqG.exe

C:\Windows\System\xiVlhqG.exe

C:\Windows\System\AhQjEEk.exe

C:\Windows\System\AhQjEEk.exe

C:\Windows\System\iuAYUDo.exe

C:\Windows\System\iuAYUDo.exe

C:\Windows\System\lyPiWpX.exe

C:\Windows\System\lyPiWpX.exe

C:\Windows\System\IZUIPyN.exe

C:\Windows\System\IZUIPyN.exe

C:\Windows\System\XDROryE.exe

C:\Windows\System\XDROryE.exe

C:\Windows\System\jxcMpEc.exe

C:\Windows\System\jxcMpEc.exe

C:\Windows\System\IaraHRE.exe

C:\Windows\System\IaraHRE.exe

C:\Windows\System\FFldtKO.exe

C:\Windows\System\FFldtKO.exe

C:\Windows\System\lEqrgMf.exe

C:\Windows\System\lEqrgMf.exe

C:\Windows\System\jyGSWxL.exe

C:\Windows\System\jyGSWxL.exe

C:\Windows\System\nNAjeXY.exe

C:\Windows\System\nNAjeXY.exe

C:\Windows\System\fmndQXj.exe

C:\Windows\System\fmndQXj.exe

C:\Windows\System\ygpEthB.exe

C:\Windows\System\ygpEthB.exe

C:\Windows\System\YrjxXlx.exe

C:\Windows\System\YrjxXlx.exe

C:\Windows\System\wzPysvn.exe

C:\Windows\System\wzPysvn.exe

C:\Windows\System\FGrtEpc.exe

C:\Windows\System\FGrtEpc.exe

C:\Windows\System\izsLXRm.exe

C:\Windows\System\izsLXRm.exe

C:\Windows\System\FpcPimx.exe

C:\Windows\System\FpcPimx.exe

C:\Windows\System\CpUKMnE.exe

C:\Windows\System\CpUKMnE.exe

C:\Windows\System\gdgsQIu.exe

C:\Windows\System\gdgsQIu.exe

C:\Windows\System\vWmXGxM.exe

C:\Windows\System\vWmXGxM.exe

C:\Windows\System\cfanWGa.exe

C:\Windows\System\cfanWGa.exe

C:\Windows\System\ScnIXbq.exe

C:\Windows\System\ScnIXbq.exe

C:\Windows\System\vHJlJpu.exe

C:\Windows\System\vHJlJpu.exe

C:\Windows\System\EGgQIiv.exe

C:\Windows\System\EGgQIiv.exe

C:\Windows\System\fPzxTdF.exe

C:\Windows\System\fPzxTdF.exe

C:\Windows\System\nwLKVPk.exe

C:\Windows\System\nwLKVPk.exe

C:\Windows\System\EqyZwRS.exe

C:\Windows\System\EqyZwRS.exe

C:\Windows\System\VBDnOEA.exe

C:\Windows\System\VBDnOEA.exe

C:\Windows\System\jNuQCtM.exe

C:\Windows\System\jNuQCtM.exe

C:\Windows\System\FTNnNgr.exe

C:\Windows\System\FTNnNgr.exe

C:\Windows\System\imdgaSK.exe

C:\Windows\System\imdgaSK.exe

C:\Windows\System\yhGsFSW.exe

C:\Windows\System\yhGsFSW.exe

C:\Windows\System\JUuPhop.exe

C:\Windows\System\JUuPhop.exe

C:\Windows\System\QRBxyua.exe

C:\Windows\System\QRBxyua.exe

C:\Windows\System\kaEzdJO.exe

C:\Windows\System\kaEzdJO.exe

C:\Windows\System\npdZBto.exe

C:\Windows\System\npdZBto.exe

C:\Windows\System\jJiybyG.exe

C:\Windows\System\jJiybyG.exe

C:\Windows\System\OqvoNgN.exe

C:\Windows\System\OqvoNgN.exe

C:\Windows\System\eliqQwa.exe

C:\Windows\System\eliqQwa.exe

C:\Windows\System\IUpUpUb.exe

C:\Windows\System\IUpUpUb.exe

C:\Windows\System\wuKCmga.exe

C:\Windows\System\wuKCmga.exe

C:\Windows\System\oVknUIk.exe

C:\Windows\System\oVknUIk.exe

C:\Windows\System\EGrhxbe.exe

C:\Windows\System\EGrhxbe.exe

C:\Windows\System\xopfEGF.exe

C:\Windows\System\xopfEGF.exe

C:\Windows\System\GDsRLll.exe

C:\Windows\System\GDsRLll.exe

C:\Windows\System\qIXAyIc.exe

C:\Windows\System\qIXAyIc.exe

C:\Windows\System\ehIxqmP.exe

C:\Windows\System\ehIxqmP.exe

C:\Windows\System\JJtfJdC.exe

C:\Windows\System\JJtfJdC.exe

C:\Windows\System\hoaLxZa.exe

C:\Windows\System\hoaLxZa.exe

C:\Windows\System\fVqjQlI.exe

C:\Windows\System\fVqjQlI.exe

C:\Windows\System\syLtekd.exe

C:\Windows\System\syLtekd.exe

C:\Windows\System\jsdhUTk.exe

C:\Windows\System\jsdhUTk.exe

C:\Windows\System\jFYFrnE.exe

C:\Windows\System\jFYFrnE.exe

C:\Windows\System\xphWnED.exe

C:\Windows\System\xphWnED.exe

C:\Windows\System\nkmwZBW.exe

C:\Windows\System\nkmwZBW.exe

C:\Windows\System\quVZrZd.exe

C:\Windows\System\quVZrZd.exe

C:\Windows\System\AEvxnGG.exe

C:\Windows\System\AEvxnGG.exe

C:\Windows\System\tvRaRaW.exe

C:\Windows\System\tvRaRaW.exe

C:\Windows\System\kmSuids.exe

C:\Windows\System\kmSuids.exe

C:\Windows\System\mtkgExN.exe

C:\Windows\System\mtkgExN.exe

C:\Windows\System\vKkKeeL.exe

C:\Windows\System\vKkKeeL.exe

C:\Windows\System\tsPIxQg.exe

C:\Windows\System\tsPIxQg.exe

C:\Windows\System\TAJyoSU.exe

C:\Windows\System\TAJyoSU.exe

C:\Windows\System\FYCqouv.exe

C:\Windows\System\FYCqouv.exe

C:\Windows\System\admcEwn.exe

C:\Windows\System\admcEwn.exe

C:\Windows\System\drseCDK.exe

C:\Windows\System\drseCDK.exe

C:\Windows\System\tXFdMsX.exe

C:\Windows\System\tXFdMsX.exe

C:\Windows\System\zJvigGy.exe

C:\Windows\System\zJvigGy.exe

C:\Windows\System\gqtlETc.exe

C:\Windows\System\gqtlETc.exe

C:\Windows\System\GqboYyH.exe

C:\Windows\System\GqboYyH.exe

C:\Windows\System\dfuBnYb.exe

C:\Windows\System\dfuBnYb.exe

C:\Windows\System\RuMtwSZ.exe

C:\Windows\System\RuMtwSZ.exe

C:\Windows\System\eyGlwPL.exe

C:\Windows\System\eyGlwPL.exe

C:\Windows\System\MLaPgKo.exe

C:\Windows\System\MLaPgKo.exe

C:\Windows\System\GcLaxBA.exe

C:\Windows\System\GcLaxBA.exe

C:\Windows\System\fmHuoCi.exe

C:\Windows\System\fmHuoCi.exe

C:\Windows\System\RmjrcpI.exe

C:\Windows\System\RmjrcpI.exe

C:\Windows\System\EOouWQX.exe

C:\Windows\System\EOouWQX.exe

C:\Windows\System\RVCgQES.exe

C:\Windows\System\RVCgQES.exe

C:\Windows\System\GoKfQms.exe

C:\Windows\System\GoKfQms.exe

C:\Windows\System\FsGPxhL.exe

C:\Windows\System\FsGPxhL.exe

C:\Windows\System\cafhFFt.exe

C:\Windows\System\cafhFFt.exe

C:\Windows\System\ohFqNZc.exe

C:\Windows\System\ohFqNZc.exe

C:\Windows\System\xuuQPUv.exe

C:\Windows\System\xuuQPUv.exe

C:\Windows\System\vowamoH.exe

C:\Windows\System\vowamoH.exe

C:\Windows\System\AQLNPRk.exe

C:\Windows\System\AQLNPRk.exe

C:\Windows\System\gCPacxA.exe

C:\Windows\System\gCPacxA.exe

C:\Windows\System\KpEdBJu.exe

C:\Windows\System\KpEdBJu.exe

C:\Windows\System\vEVXUux.exe

C:\Windows\System\vEVXUux.exe

C:\Windows\System\zYMvJfH.exe

C:\Windows\System\zYMvJfH.exe

C:\Windows\System\rxVzwyk.exe

C:\Windows\System\rxVzwyk.exe

C:\Windows\System\HItlIiU.exe

C:\Windows\System\HItlIiU.exe

C:\Windows\System\rohkoGw.exe

C:\Windows\System\rohkoGw.exe

C:\Windows\System\bHTOKOK.exe

C:\Windows\System\bHTOKOK.exe

C:\Windows\System\ClguUeI.exe

C:\Windows\System\ClguUeI.exe

C:\Windows\System\YpOSCiQ.exe

C:\Windows\System\YpOSCiQ.exe

C:\Windows\System\WleAYsg.exe

C:\Windows\System\WleAYsg.exe

C:\Windows\System\LoVKSfy.exe

C:\Windows\System\LoVKSfy.exe

C:\Windows\System\HvAOvGF.exe

C:\Windows\System\HvAOvGF.exe

C:\Windows\System\VsVpoYu.exe

C:\Windows\System\VsVpoYu.exe

C:\Windows\System\ybUdpXR.exe

C:\Windows\System\ybUdpXR.exe

C:\Windows\System\pcROVYA.exe

C:\Windows\System\pcROVYA.exe

C:\Windows\System\aIoJoLx.exe

C:\Windows\System\aIoJoLx.exe

C:\Windows\System\qReOJmm.exe

C:\Windows\System\qReOJmm.exe

C:\Windows\System\MujDEng.exe

C:\Windows\System\MujDEng.exe

C:\Windows\System\XwDDpda.exe

C:\Windows\System\XwDDpda.exe

C:\Windows\System\wonOAzl.exe

C:\Windows\System\wonOAzl.exe

C:\Windows\System\GmPeEUL.exe

C:\Windows\System\GmPeEUL.exe

C:\Windows\System\OIgTIFh.exe

C:\Windows\System\OIgTIFh.exe

C:\Windows\System\fUwCAmp.exe

C:\Windows\System\fUwCAmp.exe

C:\Windows\System\wGNYlct.exe

C:\Windows\System\wGNYlct.exe

C:\Windows\System\abtOJTX.exe

C:\Windows\System\abtOJTX.exe

C:\Windows\System\LxHajOT.exe

C:\Windows\System\LxHajOT.exe

C:\Windows\System\Zptcdfl.exe

C:\Windows\System\Zptcdfl.exe

C:\Windows\System\wNgtmVk.exe

C:\Windows\System\wNgtmVk.exe

C:\Windows\System\HxMqsli.exe

C:\Windows\System\HxMqsli.exe

C:\Windows\System\rbUvNTL.exe

C:\Windows\System\rbUvNTL.exe

C:\Windows\System\xjjcCkN.exe

C:\Windows\System\xjjcCkN.exe

C:\Windows\System\NwJnRKc.exe

C:\Windows\System\NwJnRKc.exe

C:\Windows\System\kfJAkgp.exe

C:\Windows\System\kfJAkgp.exe

C:\Windows\System\oxFOZfA.exe

C:\Windows\System\oxFOZfA.exe

C:\Windows\System\WHomsYu.exe

C:\Windows\System\WHomsYu.exe

C:\Windows\System\gOybPnG.exe

C:\Windows\System\gOybPnG.exe

C:\Windows\System\UMjArAW.exe

C:\Windows\System\UMjArAW.exe

C:\Windows\System\CMGsjfc.exe

C:\Windows\System\CMGsjfc.exe

C:\Windows\System\LgOGnjd.exe

C:\Windows\System\LgOGnjd.exe

C:\Windows\System\sZmRJNV.exe

C:\Windows\System\sZmRJNV.exe

C:\Windows\System\QRXfoFg.exe

C:\Windows\System\QRXfoFg.exe

C:\Windows\System\WMWxuUq.exe

C:\Windows\System\WMWxuUq.exe

C:\Windows\System\rJcpuAO.exe

C:\Windows\System\rJcpuAO.exe

C:\Windows\System\vKNtOhr.exe

C:\Windows\System\vKNtOhr.exe

C:\Windows\System\XXKyuRr.exe

C:\Windows\System\XXKyuRr.exe

C:\Windows\System\ABtXZZq.exe

C:\Windows\System\ABtXZZq.exe

C:\Windows\System\QlETIRm.exe

C:\Windows\System\QlETIRm.exe

C:\Windows\System\dmUSgMM.exe

C:\Windows\System\dmUSgMM.exe

C:\Windows\System\faklATg.exe

C:\Windows\System\faklATg.exe

C:\Windows\System\OSrgPsL.exe

C:\Windows\System\OSrgPsL.exe

C:\Windows\System\AybCewd.exe

C:\Windows\System\AybCewd.exe

C:\Windows\System\njVOjQC.exe

C:\Windows\System\njVOjQC.exe

C:\Windows\System\oYhQZAZ.exe

C:\Windows\System\oYhQZAZ.exe

C:\Windows\System\tCPrIJJ.exe

C:\Windows\System\tCPrIJJ.exe

C:\Windows\System\RdFCdvV.exe

C:\Windows\System\RdFCdvV.exe

C:\Windows\System\wEqEOFo.exe

C:\Windows\System\wEqEOFo.exe

Network

N/A

Files

memory/2372-0-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/2372-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\bLcMOnQ.exe

MD5 1e5ab4a4e1c1358108066cb92b60b1c2
SHA1 dc6c94e3cd7fa6925584d16995a63517c943eb51
SHA256 d1df5915952c26e6b8c964c9f734be987fd09141c31c331585291863412e5ed0
SHA512 5ba37455780b0227b49ec3a0fac3ad56de0a5acf0a007a4f868fdf46ab05ab8a27aabf73896d586265904b414a6eda8f09c78dabeed4af62aa92cafd5f050d4b

C:\Windows\system\TURtuwq.exe

MD5 54971fb1aac749e6964593aa3284527d
SHA1 f34a69ca6795a039556648ce2ea67a700be88b94
SHA256 fb23abea349bc04af005a4b9e6cf2eb066e5add887fa4e515fb9e48bb5e63f3c
SHA512 beb062f46d311e30de0e0a346199a6ac8e6f838ddfd28b179431386de355b4a2a896d47fb6405659d2f97e6a4a10815a3622d7b71a23ff1ee4b1d17496be01a4

\Windows\system\BEnezvy.exe

MD5 f6b951c083fca1f4e46db1e5f56bdae4
SHA1 7a23b60ff5a535ef1d094454612e6c2bb163427f
SHA256 6856bbea5ed5ffe67e83234a52f6135de10cea7cc2339874a10b77f1703c067b
SHA512 01c7a27c8842fdd39ee1a59dd003cf094539df3914acca268182b38a659e8af770620593fd7889ae28a54c01408b84aadf0a8b3852cb8465487be08ee47c4092

memory/2372-32-0x0000000002110000-0x0000000002464000-memory.dmp

\Windows\system\SetgJjl.exe

MD5 f8f091fc5ec181f5e51e33a328742f17
SHA1 09beea336f90cde33d1fb5342fc433ced3c02e9e
SHA256 b7be8ac653e21a3f0a235eee7c267190837f95bddb90435c5613ed543c4ef839
SHA512 e094a9b42762eec4fe3393cb7d15228dd9f6451a34486a6dafe92f06434bd4d8a661c4241e4c8680ec9b36ebad618cd4a8dba0e2f62a152d70574c9c4af91a9c

\Windows\system\BZurXfd.exe

MD5 72ad9c7d68922c2edaf953c2608626b7
SHA1 59ea1bfe8e2a93c9dded2ebeb783dbbd5dcb0d2c
SHA256 b3f9edd6836591caaa52d8f06ce6fdb6ae388ae36a7f9362c1eb8468d78ebe11
SHA512 834261f2833737b85845f43adcb9df782b624b2b8735bb0ad57d6b8642ee846ec5c5cb41c6601eae8afbc96c690828fe47c4c5ad70383a33be7b98648d126f08

memory/2372-76-0x000000013F2D0000-0x000000013F624000-memory.dmp

C:\Windows\system\wBMRkkR.exe

MD5 d6d01cfb430388148d00cfa48735e9fa
SHA1 14a4b634a51e5d2f867f1f6447183bf0487d2710
SHA256 2bde90538f659cc7761c616e25b80715a70bd78e319dc13c65a9d2f8a7093a0f
SHA512 bdd2c21c2655d9735563e9b5f45345cd1750ccc689e84b1e5f301802f60cb5cbb2b481017a974cd8f5abfc88f93e92b674b212d6094224eeffd459e7e834228e

C:\Windows\system\jVMVZpn.exe

MD5 dc9bd881fd4c51979eca427797bbca90
SHA1 8f562f32ac33e875ee1ecd9a0ad12b4430b2492f
SHA256 c515e5162d9e84f4b282b424a499d4c958d3a64000569c1e4e4a5f79422ac126
SHA512 ae8c6b05c69fe460452d751c24ad9f373dbfe936550f8d8ffd77b455fb83d6bce04a800442611c139037460d515ce6659f921e4995cd88da7736b5c4ff344d83

C:\Windows\system\ATgguvy.exe

MD5 5c69035c09967ff178d273d97cc10f83
SHA1 708be245785237205e78515efa06e0bd915120db
SHA256 098f7ce7e29f8e8f9fd19768bc049af39b2b5fc87a873faab53cf861f58de229
SHA512 fd3d22931da2239b9811a8e4965c977d6a102596f70cea6b9ee5c3991bf34e553c435e343b31cab14585823f03302a499dc53ef885f8c343a9f7a4a3b43eadb8

C:\Windows\system\wmeLczF.exe

MD5 2a607086507a693a8b4dd3d94f8121d2
SHA1 9e68038e65e9adc25638fae9d85da012fa31c262
SHA256 96e3babb5d31c65a7b495e8e934418bbe40eea2e0100b482bf9e4e4d72c3db46
SHA512 f92096d117e553bd205bf29744e74b55ab6508cb8434d177a14e95ab944dbf58a6d31881327d11a9494ebd830be99030c8db8337284844017123cae186aedfe0

C:\Windows\system\ZBDSrIT.exe

MD5 901afcb269b8476b0d32315398ff7436
SHA1 51e9b13b40d7989b9b99973568f98db1cb7f6d69
SHA256 fb1bfac9a7b86199bba9c430db108dd76708ca34a5c056ce00ee7b34120b7a85
SHA512 bc8178e09d2170b5e0e97eb01900ae14412f6fb74008cf077d90ecf5c19d8f268f4cf0e3e312415d757c5ff1dbdd4e9856b77c555b977ea027a46f36d3a73ea3

memory/2372-2119-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2816-2120-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2372-1581-0x000000013F700000-0x000000013FA54000-memory.dmp

C:\Windows\system\dGePOkD.exe

MD5 59b394610c4a6e3d5b0c6545c238ca0f
SHA1 b896bffc78ed035a47735940909a927c334430ad
SHA256 6c55031255cdfc4664e0b136a407b36f5e9006b17d5bf8b0baf2187e738b5c1b
SHA512 fe354381a1326e31570be20da508280607afa81623eb7cfa245a739aa69e883d08fde36b72145e5ad90634cbbdf9a38b7c164fc5413956f29eeb5ff4f066541c

C:\Windows\system\eubNSzN.exe

MD5 2ec5e8139d2cf6745c47efb246b7796e
SHA1 82820a172da48df4237649d8287e319609e9c042
SHA256 f10a1ad9618bd562fcb8c5c9232dcfd75005e5743098a9ca10b4eb3f1ca74dcb
SHA512 9b5818ba7c2b3c1f3219ca2e100daf2135735e8da5fa4df742fd684a0c67bcfb7d2edc9462b2e51828db6df912ce958293adc7a46bee23880c59d6c18e8ce02c

C:\Windows\system\sMkcdvL.exe

MD5 de83d14974ceee7cd9b8b87b83d8c3a6
SHA1 90c7bc6ade7e03af2e1ec6775f369955d5c2210f
SHA256 02de72c5a4c22af556c44754514ec69833a2f72529060b739f7d2615b8700ba1
SHA512 f9b1bb87ab94bbb0e637584659771a3a43c374d854eee4e6a8a57cb4807c7518dfd225e96d3252f223128fe8c100ce1de0b77ca7c7df95e6271125512a92047b

C:\Windows\system\lOdOlXZ.exe

MD5 15284702cbbb0c27a7b08e9a59bcf31f
SHA1 c36c9410101effca77c3ba3e53370e86911a3dfd
SHA256 a1891715924924bac1622ce01ac0bdb87abc89e9b3eb77d737dc2f0df5f38481
SHA512 5fd0c02050e0d256e00c5bf841a01213964deddcc037fe6d8aa48f85470fe9792633a2c53af0872b3a7019ebb25e815c36fdc18710f658c5b73e221f32ccf029

C:\Windows\system\zMtPrNA.exe

MD5 d3d2400f6559773fd77a6500c4d4aa8e
SHA1 55afbaf89b43f2cb25ca4ad317608ade85594098
SHA256 7d13d9c8152ece70f6d4c3cac458a3db8c5a4bd957ca493f1323f34bc6155795
SHA512 64ddd768aed3cc4e8f8e02d1de8ad396c2135e38dd946cbeeab10ba1bdf334473646d2a88728c15d51b6886f91c2dfef3ded02fbce2ae9405db121ed91d3cc40

C:\Windows\system\knIJoRa.exe

MD5 7c6b7dd4636e1bd3aebac631ea503785
SHA1 20393d7bab6450dc428344a22734e0ec0b165c0e
SHA256 af9d890a7b483ee529a94cd069e8fa03698fd70c707117f41b8371b496d3e09c
SHA512 666d40d35fbcf6cce2a574eda2c2fb69d7e953a10ead8611b7881aacfd41fbbc687b9cd139443e3d4b66907d60fde1ef80063dbf8d52cd9ced9bdf962857b78c

C:\Windows\system\GbUAPpT.exe

MD5 4759441868e06ef6a68474c17804330b
SHA1 4685e23535fab07c319a2577749768c28224375d
SHA256 677dbdc6ec8c635cb73ca9414fc90393cf2700bf14c31a71b1d1efa5ff0b8f9a
SHA512 5571cbbbb778c12745b4309e19fee8ce67ac7377a32a2664663f2d4b96391bd82af2a9963670683703b99700b992c47894ddd3c6728f16ad04bb452a087f3e19

C:\Windows\system\jsEbuis.exe

MD5 c42e1139d35c020b0bfd037ed8a45a1e
SHA1 af9584a701dcbd302bccc17e8ddf9fca0cd6ab98
SHA256 9d4cc4c5aabd59e9f186b18552c680a8347116e47b3e87bf772f578959392abb
SHA512 c8aff2f6830e8802af24e1b3e3591dc5b8dc6b72b8984e53f25ec067e68418d39d0a36a51411319ffb155eeecbfe37310e66329d223b9ff73536477a6a7a0afc

C:\Windows\system\XeJocoB.exe

MD5 c84daecfd49650539978302deaeaee00
SHA1 7d037400cc7fef4e2234b0a9fc0fa3615825722e
SHA256 3c3f47d352739ce5bfc8931f45ad3fbc93a0217b02ae3dc9b5e97cc76e1a970c
SHA512 654585d330082e08f44ec0f7fa4a1350aa94949177a673269081140cd2d6fdb6f286f5641a02413d47bee3c4d4daad59dd3d20898e802791d010b406934d7bf5

C:\Windows\system\hWMOlkS.exe

MD5 4215dc5b7dc451df48dcac7089e1dd35
SHA1 d85d2b7f30dcb5c70d1a8ab47440ff61fb87cbed
SHA256 f02116642d2a1be264b3611efb9977e8589373ca238e031de985900915c59692
SHA512 113a16c7fa2dba1ccc9ebe792bd529b44d2a33806e3a5bbaacfdf1eff58a4408fd01fba6e957fbcd0e436906de8bfe6545ca851b1f463dfc50fc5d02e8a7f11f

C:\Windows\system\yXHvQpC.exe

MD5 0ea6a550350e3b178b74de8fd26df59c
SHA1 c06b5657d0d47b2e536408804fb4ebf09890e4fb
SHA256 471f63651d461b3910e9b35020856a8709d5bc123fa4d20d47efe2fb1584b117
SHA512 e03a85902f4136b68029bcd88e98c9afa5551f4cb6bb21bd26d52ebe63c4da98b5db01463fea095aa43b1d71c0cd0d3accae2eec1bfb31295f496293d8dc76fc

C:\Windows\system\NEtuKHc.exe

MD5 e2d2f23f7342228ddeb4b138fc235f7c
SHA1 84ff98928e11a72a4edefba2f479d05b17d3e77c
SHA256 1a693ac04bcbb8e501c94049511d4ea80ac5a2a84d84e4ae937d53d7e5ef42bd
SHA512 229b58e7151a2a8312fd1426f4754946c9ad25e0aa34da286317c002c66b71f5dca9baf1463702e7019d1a085b94e34c61a13d3e96457bf8c0f39041779c8083

memory/2620-106-0x000000013F210000-0x000000013F564000-memory.dmp

memory/2372-105-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2372-104-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2372-103-0x000000013FAD0000-0x000000013FE24000-memory.dmp

C:\Windows\system\lotxbmo.exe

MD5 03fada703e219da33a62dcd1747fc3fb
SHA1 fa4fcb90ff267762ae014c1af0e91ccbb7afdd36
SHA256 b438f499ff89dd3357c49de96cab9c46844e0f2f799bd128cfcd7b90c951dba1
SHA512 bb2130db58b33910ac1cbf282b90e9f6fdc39f49e5ef9ba56f2086a404640a52c47103b73fc2cbdf040cc4a4fb5c229a859d5b6c6a5dd383b2ed5c1cfe93e9f2

memory/2160-101-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2496-100-0x000000013FF60000-0x00000001402B4000-memory.dmp

memory/2664-99-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2372-98-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2372-97-0x000000013FF60000-0x00000001402B4000-memory.dmp

memory/2600-96-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/2492-95-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/2372-90-0x000000013FE10000-0x0000000140164000-memory.dmp

memory/2472-89-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2724-88-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/3008-87-0x000000013F510000-0x000000013F864000-memory.dmp

memory/868-83-0x000000013F650000-0x000000013F9A4000-memory.dmp

C:\Windows\system\jBksSkb.exe

MD5 563b4979ce1db6c12ed18c69793286d0
SHA1 11ac23ac60f4c5609ff497fc9965268e4fa347c6
SHA256 7cae8e8971baed0d4aee5cc7a9fbcd4b38db6949631c9a548a7c69adc701e501
SHA512 f2c41a5f875dfcef8326198ea5581f1df154cd599830b1d921df4e992286ebe4e72bf0abfd688ba6fa4f21764585a1137c56b9360c56d4c3c3b640167a119b53

C:\Windows\system\fEgjrfb.exe

MD5 5585936cd25d2da7bf48668885446d1c
SHA1 765824011924ca1a408b3a11cc78ecaed695a2b4
SHA256 e641e9accfe3c46f5c7424f5068f67322ad8fc793b881b290614dd89631e8a5e
SHA512 f8ba5a9ee06186246e70d0306ce7c8d136c24aa2e451004a58abe80f0a88b963b05cded17f099722a19f7108a41bf630cf68cee8a427aea2993eb66415d9a129

\Windows\system\VXWjibt.exe

MD5 757413d1dd28bc04538bff3e53b72b7f
SHA1 9de8c8540250b9d5be59881d9b550334b3af76dd
SHA256 c3fffd8dc5019bc3e13039255816be7a5ba86ce0309670a9cdb12cb3e1d32d01
SHA512 2aef0dcf78dca88244ac72b793de5428275154894a8c82dcb5084bb2becd72d4b4c8404505e6f08de754d18fc286018639a39c01f433b43e8802be46315516d3

memory/2372-72-0x000000013FC50000-0x000000013FFA4000-memory.dmp

C:\Windows\system\OajFial.exe

MD5 3249f178b4fa7f75c85d1cedde923b95
SHA1 3a839ec6913cc8dfdf6bea03f34b6fb63354f03d
SHA256 29d228a4a4f067108f325e0a3134113b99310615ea0d731552693459ec7133d5
SHA512 1230f370b2bd93af4de395d3e1b2a8beaa7bf2137cf6f31e33b009ba8856eb582c31f6c676a8f70c2d78126fc4c30cb4bd2929bac8ace5c9f3131de46a678e61

C:\Windows\system\UUijhJC.exe

MD5 72ccb62720f8d0f150d33ca0d260d765
SHA1 24479507423e22e86a6413514d84782624a510b8
SHA256 890903d3aa3399c6c04453cbd87b7f081facca144f6c40cb23f82548398c3970
SHA512 7ff821aaa9cd9835f5e6cd609543b79be1afedaf313f7675114d52e365a8b8465571ebf26963adc8ba30192567dc1ef5bb4b888accc58a722246538a089f004b

memory/2372-45-0x0000000002110000-0x0000000002464000-memory.dmp

C:\Windows\system\CnJkdAt.exe

MD5 cfdcf2185083c3207ad23abc82a63c04
SHA1 30469f3a8aa2d7fa6e7827bc4b1fd17052af89db
SHA256 7d1d2a94870d8bd0ebccb1732798821be16ea73871a67ee918817102c79fac6e
SHA512 81aecc610df3eefeed73de9c46017e5752e799748a88dc5801d362749912bfa40cee31dc750ddde3e93aff160bb4a80fc08625fc2121ef71731feecf159468a2

C:\Windows\system\JXklPQK.exe

MD5 6c15c1523122e7398ba9db0ab4197945
SHA1 fb06749ba809f02bfda226db055eec8b63c016d4
SHA256 722cb3e42efc5f4193edda16b1581b7028c74a00db2e3c72c96401feb23aec84
SHA512 1b510141ab7c831994d38cb9063359fd767dd7a1a02110cd94fff44061442dbc8c6855312b236cd1a9d4de270331c00895d63abf96c6f3b42d18bcc2fe19d7e5

C:\Windows\system\pKVoFRR.exe

MD5 83dc59554262d00a4ad8d7505467edb3
SHA1 44262e8026cb5abc250a95584f37d79b4d826168
SHA256 f263e279be0a3ff7a04b4283d1fe9765b6a2e5590fdbf76618ab37359af3f895
SHA512 d7f19ad44ae22180d1183498c44ad6af0226e0c620bebba68f8649597b1a51910160be113612f4331fef95ec50a475b83abb68e120c67c85e8f103186baebb46

memory/2372-28-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2372-23-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/2168-22-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/2816-20-0x000000013F2F0000-0x000000013F644000-memory.dmp

C:\Windows\system\iLuOKxY.exe

MD5 409450003b7f69bc3fb894f5d8b00bbe
SHA1 e851d9f2530928a4b65e2fc6b96bdee3c406275b
SHA256 056646e43e24b3cc9811f6586012b89f5aa5b8ae656c5e60139d8de0be553b67
SHA512 f09c2d01ad787248480c0cb0bf58f646e23468b4b4f47930d3323107ea5b753eb642e8243b36a412d8a4cc37b8d73027e72670596624c67463fafb57a1d6d1b5

memory/2372-8-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2372-14-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2168-2887-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/2372-2895-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2372-3195-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2372-3349-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2372-3916-0x0000000002110000-0x0000000002464000-memory.dmp

memory/2816-4006-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2168-4007-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/2724-4010-0x000000013F6F0000-0x000000013FA44000-memory.dmp

memory/3008-4009-0x000000013F510000-0x000000013F864000-memory.dmp

memory/868-4008-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2600-4012-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/2472-4011-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2160-4014-0x000000013F850000-0x000000013FBA4000-memory.dmp

memory/2496-4015-0x000000013FF60000-0x00000001402B4000-memory.dmp

memory/2664-4016-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2620-4017-0x000000013F210000-0x000000013F564000-memory.dmp

memory/2492-4013-0x000000013F2D0000-0x000000013F624000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 08:20

Reported

2024-05-18 08:23

Platform

win10v2004-20240426-en

Max time kernel

40s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\kIAKKPt.exe N/A
N/A N/A C:\Windows\System\VVyBBpJ.exe N/A
N/A N/A C:\Windows\System\bnoDBli.exe N/A
N/A N/A C:\Windows\System\YKGcIxh.exe N/A
N/A N/A C:\Windows\System\GKdcjTV.exe N/A
N/A N/A C:\Windows\System\QQYANFu.exe N/A
N/A N/A C:\Windows\System\wdcddxF.exe N/A
N/A N/A C:\Windows\System\GQZgcWN.exe N/A
N/A N/A C:\Windows\System\zBWgsFE.exe N/A
N/A N/A C:\Windows\System\LEaIAVl.exe N/A
N/A N/A C:\Windows\System\AglLwPY.exe N/A
N/A N/A C:\Windows\System\nTzgkbZ.exe N/A
N/A N/A C:\Windows\System\gVyebgu.exe N/A
N/A N/A C:\Windows\System\EcwXJNi.exe N/A
N/A N/A C:\Windows\System\XGLObZj.exe N/A
N/A N/A C:\Windows\System\KcuMweb.exe N/A
N/A N/A C:\Windows\System\ThvtDmj.exe N/A
N/A N/A C:\Windows\System\FPQMGoK.exe N/A
N/A N/A C:\Windows\System\OEzhEtK.exe N/A
N/A N/A C:\Windows\System\bjKrSZg.exe N/A
N/A N/A C:\Windows\System\xLZxrNI.exe N/A
N/A N/A C:\Windows\System\WkZxoiT.exe N/A
N/A N/A C:\Windows\System\pHmGIdz.exe N/A
N/A N/A C:\Windows\System\jXpSlPL.exe N/A
N/A N/A C:\Windows\System\UUgcdfk.exe N/A
N/A N/A C:\Windows\System\EaJmRHI.exe N/A
N/A N/A C:\Windows\System\tVFoaov.exe N/A
N/A N/A C:\Windows\System\kIWJoLc.exe N/A
N/A N/A C:\Windows\System\EvAjkYp.exe N/A
N/A N/A C:\Windows\System\ucxhjGR.exe N/A
N/A N/A C:\Windows\System\yGyvlBh.exe N/A
N/A N/A C:\Windows\System\BraKLDH.exe N/A
N/A N/A C:\Windows\System\GuiAbnQ.exe N/A
N/A N/A C:\Windows\System\EYATZds.exe N/A
N/A N/A C:\Windows\System\uFVNItl.exe N/A
N/A N/A C:\Windows\System\FvXeemF.exe N/A
N/A N/A C:\Windows\System\HHNddms.exe N/A
N/A N/A C:\Windows\System\fACWwnx.exe N/A
N/A N/A C:\Windows\System\JdERnCu.exe N/A
N/A N/A C:\Windows\System\DdftDec.exe N/A
N/A N/A C:\Windows\System\aWtSGbd.exe N/A
N/A N/A C:\Windows\System\cJGEwpi.exe N/A
N/A N/A C:\Windows\System\RNiASIE.exe N/A
N/A N/A C:\Windows\System\VTgJbbt.exe N/A
N/A N/A C:\Windows\System\uXXIgtB.exe N/A
N/A N/A C:\Windows\System\RCpwOfJ.exe N/A
N/A N/A C:\Windows\System\ziKoDqI.exe N/A
N/A N/A C:\Windows\System\ptuWTSz.exe N/A
N/A N/A C:\Windows\System\wMCxbfu.exe N/A
N/A N/A C:\Windows\System\wWyCins.exe N/A
N/A N/A C:\Windows\System\hnqeTuN.exe N/A
N/A N/A C:\Windows\System\DOGJkfy.exe N/A
N/A N/A C:\Windows\System\vDTddyI.exe N/A
N/A N/A C:\Windows\System\nthlOTm.exe N/A
N/A N/A C:\Windows\System\qxSFGCH.exe N/A
N/A N/A C:\Windows\System\zIAKuRQ.exe N/A
N/A N/A C:\Windows\System\uHhLPoW.exe N/A
N/A N/A C:\Windows\System\gFqiMAg.exe N/A
N/A N/A C:\Windows\System\tgTyPmN.exe N/A
N/A N/A C:\Windows\System\UXNOOmd.exe N/A
N/A N/A C:\Windows\System\UdOlYAP.exe N/A
N/A N/A C:\Windows\System\wnPgBxG.exe N/A
N/A N/A C:\Windows\System\QnzPgab.exe N/A
N/A N/A C:\Windows\System\kjwiCeO.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wMCxbfu.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\EpMGBVq.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\LooVJeh.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ylXEgdM.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\DMZfdqj.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\manddrS.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\gQXXsNe.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\nvSzPrt.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\jdqzEPN.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\YoctbGz.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\lOMybRs.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\EzmVKkx.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\prDcYUh.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\tVFoaov.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\DdftDec.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\uHhLPoW.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\rWZjWIy.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\RUxoYII.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\WSAoHbR.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\BcEOQaC.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWRQgiE.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZWTREdA.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\nylStGI.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\IlEHsJZ.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\SRTehkT.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\noRPUAY.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUyuYFo.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckMaxSK.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYRtqAJ.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\EtyrTKv.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ruosKdN.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEUbVFh.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\dhPAeKs.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\bpCjszv.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\jiKTLST.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\PsWzVkz.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\lKfTLAm.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSgNkwT.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\wpwrdCq.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\PkWjRZj.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\hjmescX.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNueBAE.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\pHmGIdz.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\TsfodQK.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\PLIhKlR.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqMLKIZ.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\VVyBBpJ.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\JEKZVXW.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrgCbSs.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\qoYPcGV.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\AhKPOdb.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcRJGQv.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\WAWmMjJ.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\nDKoFtf.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfWSfAf.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrEvEMY.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ooetNXl.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjmJate.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\ncbGmja.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\cJGEwpi.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\kTlsUlI.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\YMhxNta.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\cWWSgmD.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A
File created C:\Windows\System\VQCpaAZ.exe C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{F3770EDD-232E-47BA-9035-AB7E6EC37B80} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{F75896F2-2E39-4CEA-913C-0FF068E138DC} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4780 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\kIAKKPt.exe
PID 4780 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\kIAKKPt.exe
PID 4780 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\VVyBBpJ.exe
PID 4780 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\VVyBBpJ.exe
PID 4780 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\bnoDBli.exe
PID 4780 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\bnoDBli.exe
PID 4780 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\YKGcIxh.exe
PID 4780 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\YKGcIxh.exe
PID 4780 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\GKdcjTV.exe
PID 4780 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\GKdcjTV.exe
PID 4780 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\QQYANFu.exe
PID 4780 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\QQYANFu.exe
PID 4780 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\wdcddxF.exe
PID 4780 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\wdcddxF.exe
PID 4780 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\GQZgcWN.exe
PID 4780 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\GQZgcWN.exe
PID 4780 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\zBWgsFE.exe
PID 4780 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\zBWgsFE.exe
PID 4780 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\LEaIAVl.exe
PID 4780 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\LEaIAVl.exe
PID 4780 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\AglLwPY.exe
PID 4780 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\AglLwPY.exe
PID 4780 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\nTzgkbZ.exe
PID 4780 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\nTzgkbZ.exe
PID 4780 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\gVyebgu.exe
PID 4780 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\gVyebgu.exe
PID 4780 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\EcwXJNi.exe
PID 4780 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\EcwXJNi.exe
PID 4780 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\XGLObZj.exe
PID 4780 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\XGLObZj.exe
PID 4780 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\KcuMweb.exe
PID 4780 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\KcuMweb.exe
PID 4780 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\ThvtDmj.exe
PID 4780 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\ThvtDmj.exe
PID 4780 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\FPQMGoK.exe
PID 4780 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\FPQMGoK.exe
PID 4780 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\OEzhEtK.exe
PID 4780 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\OEzhEtK.exe
PID 4780 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\bjKrSZg.exe
PID 4780 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\bjKrSZg.exe
PID 4780 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\xLZxrNI.exe
PID 4780 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\xLZxrNI.exe
PID 4780 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\WkZxoiT.exe
PID 4780 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\WkZxoiT.exe
PID 4780 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\pHmGIdz.exe
PID 4780 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\pHmGIdz.exe
PID 4780 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\jXpSlPL.exe
PID 4780 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\jXpSlPL.exe
PID 4780 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\UUgcdfk.exe
PID 4780 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\UUgcdfk.exe
PID 4780 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\EaJmRHI.exe
PID 4780 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\EaJmRHI.exe
PID 4780 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\tVFoaov.exe
PID 4780 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\tVFoaov.exe
PID 4780 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\kIWJoLc.exe
PID 4780 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\kIWJoLc.exe
PID 4780 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\EvAjkYp.exe
PID 4780 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\EvAjkYp.exe
PID 4780 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\ucxhjGR.exe
PID 4780 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\ucxhjGR.exe
PID 4780 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\yGyvlBh.exe
PID 4780 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\yGyvlBh.exe
PID 4780 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\BraKLDH.exe
PID 4780 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe C:\Windows\System\BraKLDH.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\b4b3a802bf95b51eda108e182e1f4990_NeikiAnalytics.exe"

C:\Windows\System\kIAKKPt.exe

C:\Windows\System\kIAKKPt.exe

C:\Windows\System\VVyBBpJ.exe

C:\Windows\System\VVyBBpJ.exe

C:\Windows\System\bnoDBli.exe

C:\Windows\System\bnoDBli.exe

C:\Windows\System\YKGcIxh.exe

C:\Windows\System\YKGcIxh.exe

C:\Windows\System\GKdcjTV.exe

C:\Windows\System\GKdcjTV.exe

C:\Windows\System\QQYANFu.exe

C:\Windows\System\QQYANFu.exe

C:\Windows\System\wdcddxF.exe

C:\Windows\System\wdcddxF.exe

C:\Windows\System\GQZgcWN.exe

C:\Windows\System\GQZgcWN.exe

C:\Windows\System\zBWgsFE.exe

C:\Windows\System\zBWgsFE.exe

C:\Windows\System\LEaIAVl.exe

C:\Windows\System\LEaIAVl.exe

C:\Windows\System\AglLwPY.exe

C:\Windows\System\AglLwPY.exe

C:\Windows\System\nTzgkbZ.exe

C:\Windows\System\nTzgkbZ.exe

C:\Windows\System\gVyebgu.exe

C:\Windows\System\gVyebgu.exe

C:\Windows\System\EcwXJNi.exe

C:\Windows\System\EcwXJNi.exe

C:\Windows\System\XGLObZj.exe

C:\Windows\System\XGLObZj.exe

C:\Windows\System\KcuMweb.exe

C:\Windows\System\KcuMweb.exe

C:\Windows\System\ThvtDmj.exe

C:\Windows\System\ThvtDmj.exe

C:\Windows\System\FPQMGoK.exe

C:\Windows\System\FPQMGoK.exe

C:\Windows\System\OEzhEtK.exe

C:\Windows\System\OEzhEtK.exe

C:\Windows\System\bjKrSZg.exe

C:\Windows\System\bjKrSZg.exe

C:\Windows\System\xLZxrNI.exe

C:\Windows\System\xLZxrNI.exe

C:\Windows\System\WkZxoiT.exe

C:\Windows\System\WkZxoiT.exe

C:\Windows\System\pHmGIdz.exe

C:\Windows\System\pHmGIdz.exe

C:\Windows\System\jXpSlPL.exe

C:\Windows\System\jXpSlPL.exe

C:\Windows\System\UUgcdfk.exe

C:\Windows\System\UUgcdfk.exe

C:\Windows\System\EaJmRHI.exe

C:\Windows\System\EaJmRHI.exe

C:\Windows\System\tVFoaov.exe

C:\Windows\System\tVFoaov.exe

C:\Windows\System\kIWJoLc.exe

C:\Windows\System\kIWJoLc.exe

C:\Windows\System\EvAjkYp.exe

C:\Windows\System\EvAjkYp.exe

C:\Windows\System\ucxhjGR.exe

C:\Windows\System\ucxhjGR.exe

C:\Windows\System\yGyvlBh.exe

C:\Windows\System\yGyvlBh.exe

C:\Windows\System\BraKLDH.exe

C:\Windows\System\BraKLDH.exe

C:\Windows\System\GuiAbnQ.exe

C:\Windows\System\GuiAbnQ.exe

C:\Windows\System\EYATZds.exe

C:\Windows\System\EYATZds.exe

C:\Windows\System\uFVNItl.exe

C:\Windows\System\uFVNItl.exe

C:\Windows\System\FvXeemF.exe

C:\Windows\System\FvXeemF.exe

C:\Windows\System\HHNddms.exe

C:\Windows\System\HHNddms.exe

C:\Windows\System\fACWwnx.exe

C:\Windows\System\fACWwnx.exe

C:\Windows\System\JdERnCu.exe

C:\Windows\System\JdERnCu.exe

C:\Windows\System\DdftDec.exe

C:\Windows\System\DdftDec.exe

C:\Windows\System\aWtSGbd.exe

C:\Windows\System\aWtSGbd.exe

C:\Windows\System\cJGEwpi.exe

C:\Windows\System\cJGEwpi.exe

C:\Windows\System\RNiASIE.exe

C:\Windows\System\RNiASIE.exe

C:\Windows\System\VTgJbbt.exe

C:\Windows\System\VTgJbbt.exe

C:\Windows\System\uXXIgtB.exe

C:\Windows\System\uXXIgtB.exe

C:\Windows\System\RCpwOfJ.exe

C:\Windows\System\RCpwOfJ.exe

C:\Windows\System\ziKoDqI.exe

C:\Windows\System\ziKoDqI.exe

C:\Windows\System\ptuWTSz.exe

C:\Windows\System\ptuWTSz.exe

C:\Windows\System\wMCxbfu.exe

C:\Windows\System\wMCxbfu.exe

C:\Windows\System\wWyCins.exe

C:\Windows\System\wWyCins.exe

C:\Windows\System\hnqeTuN.exe

C:\Windows\System\hnqeTuN.exe

C:\Windows\System\DOGJkfy.exe

C:\Windows\System\DOGJkfy.exe

C:\Windows\System\vDTddyI.exe

C:\Windows\System\vDTddyI.exe

C:\Windows\System\nthlOTm.exe

C:\Windows\System\nthlOTm.exe

C:\Windows\System\qxSFGCH.exe

C:\Windows\System\qxSFGCH.exe

C:\Windows\System\zIAKuRQ.exe

C:\Windows\System\zIAKuRQ.exe

C:\Windows\System\uHhLPoW.exe

C:\Windows\System\uHhLPoW.exe

C:\Windows\System\gFqiMAg.exe

C:\Windows\System\gFqiMAg.exe

C:\Windows\System\tgTyPmN.exe

C:\Windows\System\tgTyPmN.exe

C:\Windows\System\UXNOOmd.exe

C:\Windows\System\UXNOOmd.exe

C:\Windows\System\UdOlYAP.exe

C:\Windows\System\UdOlYAP.exe

C:\Windows\System\wnPgBxG.exe

C:\Windows\System\wnPgBxG.exe

C:\Windows\System\QnzPgab.exe

C:\Windows\System\QnzPgab.exe

C:\Windows\System\kjwiCeO.exe

C:\Windows\System\kjwiCeO.exe

C:\Windows\System\uGAnLsM.exe

C:\Windows\System\uGAnLsM.exe

C:\Windows\System\qbztpUF.exe

C:\Windows\System\qbztpUF.exe

C:\Windows\System\VBgRONL.exe

C:\Windows\System\VBgRONL.exe

C:\Windows\System\TrmuGBH.exe

C:\Windows\System\TrmuGBH.exe

C:\Windows\System\VYXwJKq.exe

C:\Windows\System\VYXwJKq.exe

C:\Windows\System\wHlVdtB.exe

C:\Windows\System\wHlVdtB.exe

C:\Windows\System\WXElCTf.exe

C:\Windows\System\WXElCTf.exe

C:\Windows\System\EtyrTKv.exe

C:\Windows\System\EtyrTKv.exe

C:\Windows\System\sVBebCh.exe

C:\Windows\System\sVBebCh.exe

C:\Windows\System\fbZHDoK.exe

C:\Windows\System\fbZHDoK.exe

C:\Windows\System\yiASGLs.exe

C:\Windows\System\yiASGLs.exe

C:\Windows\System\LFEuebq.exe

C:\Windows\System\LFEuebq.exe

C:\Windows\System\bWKSICT.exe

C:\Windows\System\bWKSICT.exe

C:\Windows\System\dYkPjEa.exe

C:\Windows\System\dYkPjEa.exe

C:\Windows\System\GvwVwud.exe

C:\Windows\System\GvwVwud.exe

C:\Windows\System\bnxXZrB.exe

C:\Windows\System\bnxXZrB.exe

C:\Windows\System\MyRoERB.exe

C:\Windows\System\MyRoERB.exe

C:\Windows\System\moXZmIe.exe

C:\Windows\System\moXZmIe.exe

C:\Windows\System\lacUnPR.exe

C:\Windows\System\lacUnPR.exe

C:\Windows\System\zxNhCZP.exe

C:\Windows\System\zxNhCZP.exe

C:\Windows\System\DSgNkwT.exe

C:\Windows\System\DSgNkwT.exe

C:\Windows\System\lOMjgjs.exe

C:\Windows\System\lOMjgjs.exe

C:\Windows\System\ndBpxSN.exe

C:\Windows\System\ndBpxSN.exe

C:\Windows\System\dlFyzns.exe

C:\Windows\System\dlFyzns.exe

C:\Windows\System\FszlZQB.exe

C:\Windows\System\FszlZQB.exe

C:\Windows\System\RIElBHJ.exe

C:\Windows\System\RIElBHJ.exe

C:\Windows\System\wmMcYxS.exe

C:\Windows\System\wmMcYxS.exe

C:\Windows\System\DimdjeR.exe

C:\Windows\System\DimdjeR.exe

C:\Windows\System\mmLjBRa.exe

C:\Windows\System\mmLjBRa.exe

C:\Windows\System\TbkPpzc.exe

C:\Windows\System\TbkPpzc.exe

C:\Windows\System\IjyXtAW.exe

C:\Windows\System\IjyXtAW.exe

C:\Windows\System\gmLIjrH.exe

C:\Windows\System\gmLIjrH.exe

C:\Windows\System\wpwrdCq.exe

C:\Windows\System\wpwrdCq.exe

C:\Windows\System\vQkKwmB.exe

C:\Windows\System\vQkKwmB.exe

C:\Windows\System\dlwYngT.exe

C:\Windows\System\dlwYngT.exe

C:\Windows\System\YNtOBkq.exe

C:\Windows\System\YNtOBkq.exe

C:\Windows\System\hAIlzpk.exe

C:\Windows\System\hAIlzpk.exe

C:\Windows\System\HXZYtAL.exe

C:\Windows\System\HXZYtAL.exe

C:\Windows\System\MiIdCgZ.exe

C:\Windows\System\MiIdCgZ.exe

C:\Windows\System\anMrPYm.exe

C:\Windows\System\anMrPYm.exe

C:\Windows\System\osUXEQH.exe

C:\Windows\System\osUXEQH.exe

C:\Windows\System\KgaOOkR.exe

C:\Windows\System\KgaOOkR.exe

C:\Windows\System\KPfTLYR.exe

C:\Windows\System\KPfTLYR.exe

C:\Windows\System\SfcbkLQ.exe

C:\Windows\System\SfcbkLQ.exe

C:\Windows\System\GqmfbdT.exe

C:\Windows\System\GqmfbdT.exe

C:\Windows\System\gAZTPee.exe

C:\Windows\System\gAZTPee.exe

C:\Windows\System\NoSoVVa.exe

C:\Windows\System\NoSoVVa.exe

C:\Windows\System\sqqhbUb.exe

C:\Windows\System\sqqhbUb.exe

C:\Windows\System\ZOmttrv.exe

C:\Windows\System\ZOmttrv.exe

C:\Windows\System\ZwhBsRF.exe

C:\Windows\System\ZwhBsRF.exe

C:\Windows\System\qLloUrR.exe

C:\Windows\System\qLloUrR.exe

C:\Windows\System\PlbcFhn.exe

C:\Windows\System\PlbcFhn.exe

C:\Windows\System\ruosKdN.exe

C:\Windows\System\ruosKdN.exe

C:\Windows\System\uEnEOKX.exe

C:\Windows\System\uEnEOKX.exe

C:\Windows\System\yyGXmMW.exe

C:\Windows\System\yyGXmMW.exe

C:\Windows\System\OzXEPcy.exe

C:\Windows\System\OzXEPcy.exe

C:\Windows\System\syYLZIQ.exe

C:\Windows\System\syYLZIQ.exe

C:\Windows\System\rLGmvEs.exe

C:\Windows\System\rLGmvEs.exe

C:\Windows\System\SRTehkT.exe

C:\Windows\System\SRTehkT.exe

C:\Windows\System\dkFuzYL.exe

C:\Windows\System\dkFuzYL.exe

C:\Windows\System\PdQHmUd.exe

C:\Windows\System\PdQHmUd.exe

C:\Windows\System\HReiCKv.exe

C:\Windows\System\HReiCKv.exe

C:\Windows\System\VFJppTH.exe

C:\Windows\System\VFJppTH.exe

C:\Windows\System\uRasOvA.exe

C:\Windows\System\uRasOvA.exe

C:\Windows\System\QaQXFVS.exe

C:\Windows\System\QaQXFVS.exe

C:\Windows\System\xtDeZAL.exe

C:\Windows\System\xtDeZAL.exe

C:\Windows\System\AWeLXba.exe

C:\Windows\System\AWeLXba.exe

C:\Windows\System\KlVaPYT.exe

C:\Windows\System\KlVaPYT.exe

C:\Windows\System\KcToavf.exe

C:\Windows\System\KcToavf.exe

C:\Windows\System\EauvfPn.exe

C:\Windows\System\EauvfPn.exe

C:\Windows\System\wGZwURE.exe

C:\Windows\System\wGZwURE.exe

C:\Windows\System\UsCbFLW.exe

C:\Windows\System\UsCbFLW.exe

C:\Windows\System\DqNiMzJ.exe

C:\Windows\System\DqNiMzJ.exe

C:\Windows\System\JyPpmMo.exe

C:\Windows\System\JyPpmMo.exe

C:\Windows\System\uAOxznQ.exe

C:\Windows\System\uAOxznQ.exe

C:\Windows\System\aDpPrSu.exe

C:\Windows\System\aDpPrSu.exe

C:\Windows\System\jaMngoi.exe

C:\Windows\System\jaMngoi.exe

C:\Windows\System\GgcJuOZ.exe

C:\Windows\System\GgcJuOZ.exe

C:\Windows\System\ICnCunm.exe

C:\Windows\System\ICnCunm.exe

C:\Windows\System\pseWdpo.exe

C:\Windows\System\pseWdpo.exe

C:\Windows\System\RVLdSYt.exe

C:\Windows\System\RVLdSYt.exe

C:\Windows\System\JcRJGQv.exe

C:\Windows\System\JcRJGQv.exe

C:\Windows\System\GrvkSTM.exe

C:\Windows\System\GrvkSTM.exe

C:\Windows\System\foZZgoE.exe

C:\Windows\System\foZZgoE.exe

C:\Windows\System\HrmoQre.exe

C:\Windows\System\HrmoQre.exe

C:\Windows\System\YiwIVDV.exe

C:\Windows\System\YiwIVDV.exe

C:\Windows\System\RpNmbTK.exe

C:\Windows\System\RpNmbTK.exe

C:\Windows\System\RerNpoC.exe

C:\Windows\System\RerNpoC.exe

C:\Windows\System\kdScLcc.exe

C:\Windows\System\kdScLcc.exe

C:\Windows\System\LqVAgQz.exe

C:\Windows\System\LqVAgQz.exe

C:\Windows\System\YmZQGLz.exe

C:\Windows\System\YmZQGLz.exe

C:\Windows\System\KpyALQZ.exe

C:\Windows\System\KpyALQZ.exe

C:\Windows\System\tHIUpgr.exe

C:\Windows\System\tHIUpgr.exe

C:\Windows\System\wAokQdL.exe

C:\Windows\System\wAokQdL.exe

C:\Windows\System\wVqqgei.exe

C:\Windows\System\wVqqgei.exe

C:\Windows\System\cIeGihD.exe

C:\Windows\System\cIeGihD.exe

C:\Windows\System\iFewkED.exe

C:\Windows\System\iFewkED.exe

C:\Windows\System\zEPkppX.exe

C:\Windows\System\zEPkppX.exe

C:\Windows\System\KoFYeoO.exe

C:\Windows\System\KoFYeoO.exe

C:\Windows\System\bTfrWIO.exe

C:\Windows\System\bTfrWIO.exe

C:\Windows\System\NwSekOo.exe

C:\Windows\System\NwSekOo.exe

C:\Windows\System\noRPUAY.exe

C:\Windows\System\noRPUAY.exe

C:\Windows\System\YQpHvmH.exe

C:\Windows\System\YQpHvmH.exe

C:\Windows\System\vHLhrAJ.exe

C:\Windows\System\vHLhrAJ.exe

C:\Windows\System\CjlnMJk.exe

C:\Windows\System\CjlnMJk.exe

C:\Windows\System\PexstwB.exe

C:\Windows\System\PexstwB.exe

C:\Windows\System\oUyuYFo.exe

C:\Windows\System\oUyuYFo.exe

C:\Windows\System\epWKbal.exe

C:\Windows\System\epWKbal.exe

C:\Windows\System\PLsWlrO.exe

C:\Windows\System\PLsWlrO.exe

C:\Windows\System\DfeMJQC.exe

C:\Windows\System\DfeMJQC.exe

C:\Windows\System\zMTCMvy.exe

C:\Windows\System\zMTCMvy.exe

C:\Windows\System\hXhoLLw.exe

C:\Windows\System\hXhoLLw.exe

C:\Windows\System\RNDUwzC.exe

C:\Windows\System\RNDUwzC.exe

C:\Windows\System\BOaDVUt.exe

C:\Windows\System\BOaDVUt.exe

C:\Windows\System\gKsKtFI.exe

C:\Windows\System\gKsKtFI.exe

C:\Windows\System\roppLFs.exe

C:\Windows\System\roppLFs.exe

C:\Windows\System\iLzouyz.exe

C:\Windows\System\iLzouyz.exe

C:\Windows\System\RQdlIMy.exe

C:\Windows\System\RQdlIMy.exe

C:\Windows\System\ikqXMos.exe

C:\Windows\System\ikqXMos.exe

C:\Windows\System\uCViGQc.exe

C:\Windows\System\uCViGQc.exe

C:\Windows\System\OJwNWTk.exe

C:\Windows\System\OJwNWTk.exe

C:\Windows\System\UYJxvag.exe

C:\Windows\System\UYJxvag.exe

C:\Windows\System\dVSCXSm.exe

C:\Windows\System\dVSCXSm.exe

C:\Windows\System\JuJYfOw.exe

C:\Windows\System\JuJYfOw.exe

C:\Windows\System\ckMaxSK.exe

C:\Windows\System\ckMaxSK.exe

C:\Windows\System\GkGBcrz.exe

C:\Windows\System\GkGBcrz.exe

C:\Windows\System\SzIMcTi.exe

C:\Windows\System\SzIMcTi.exe

C:\Windows\System\RbaSBBD.exe

C:\Windows\System\RbaSBBD.exe

C:\Windows\System\pKRBaMy.exe

C:\Windows\System\pKRBaMy.exe

C:\Windows\System\qjBWQth.exe

C:\Windows\System\qjBWQth.exe

C:\Windows\System\GfThgFt.exe

C:\Windows\System\GfThgFt.exe

C:\Windows\System\NQKNISi.exe

C:\Windows\System\NQKNISi.exe

C:\Windows\System\lgtNPop.exe

C:\Windows\System\lgtNPop.exe

C:\Windows\System\DANYqBX.exe

C:\Windows\System\DANYqBX.exe

C:\Windows\System\BfyZsqj.exe

C:\Windows\System\BfyZsqj.exe

C:\Windows\System\KyQHLxJ.exe

C:\Windows\System\KyQHLxJ.exe

C:\Windows\System\fomBbDT.exe

C:\Windows\System\fomBbDT.exe

C:\Windows\System\gQXXsNe.exe

C:\Windows\System\gQXXsNe.exe

C:\Windows\System\PdGcYVd.exe

C:\Windows\System\PdGcYVd.exe

C:\Windows\System\QLGJIRU.exe

C:\Windows\System\QLGJIRU.exe

C:\Windows\System\RVWcpEF.exe

C:\Windows\System\RVWcpEF.exe

C:\Windows\System\XRZZnkK.exe

C:\Windows\System\XRZZnkK.exe

C:\Windows\System\tiuhray.exe

C:\Windows\System\tiuhray.exe

C:\Windows\System\YQOGhhb.exe

C:\Windows\System\YQOGhhb.exe

C:\Windows\System\RReBuNA.exe

C:\Windows\System\RReBuNA.exe

C:\Windows\System\FXeWlpg.exe

C:\Windows\System\FXeWlpg.exe

C:\Windows\System\dTwgRoJ.exe

C:\Windows\System\dTwgRoJ.exe

C:\Windows\System\fZlnTaj.exe

C:\Windows\System\fZlnTaj.exe

C:\Windows\System\MMavwcz.exe

C:\Windows\System\MMavwcz.exe

C:\Windows\System\Sehujbg.exe

C:\Windows\System\Sehujbg.exe

C:\Windows\System\maZurHR.exe

C:\Windows\System\maZurHR.exe

C:\Windows\System\uqQBTqU.exe

C:\Windows\System\uqQBTqU.exe

C:\Windows\System\MLaBuiq.exe

C:\Windows\System\MLaBuiq.exe

C:\Windows\System\GqhQnua.exe

C:\Windows\System\GqhQnua.exe

C:\Windows\System\BWRQgiE.exe

C:\Windows\System\BWRQgiE.exe

C:\Windows\System\QhjGFpL.exe

C:\Windows\System\QhjGFpL.exe

C:\Windows\System\qksdpAO.exe

C:\Windows\System\qksdpAO.exe

C:\Windows\System\NmsndRA.exe

C:\Windows\System\NmsndRA.exe

C:\Windows\System\VQHXTYs.exe

C:\Windows\System\VQHXTYs.exe

C:\Windows\System\rhMMtwl.exe

C:\Windows\System\rhMMtwl.exe

C:\Windows\System\veBzedC.exe

C:\Windows\System\veBzedC.exe

C:\Windows\System\IqVPGBx.exe

C:\Windows\System\IqVPGBx.exe

C:\Windows\System\QudUJdN.exe

C:\Windows\System\QudUJdN.exe

C:\Windows\System\iLFrRQs.exe

C:\Windows\System\iLFrRQs.exe

C:\Windows\System\TguiVUk.exe

C:\Windows\System\TguiVUk.exe

C:\Windows\System\maRdAfA.exe

C:\Windows\System\maRdAfA.exe

C:\Windows\System\bHbHeSk.exe

C:\Windows\System\bHbHeSk.exe

C:\Windows\System\iDZWzsh.exe

C:\Windows\System\iDZWzsh.exe

C:\Windows\System\fsateME.exe

C:\Windows\System\fsateME.exe

C:\Windows\System\xPjzvyq.exe

C:\Windows\System\xPjzvyq.exe

C:\Windows\System\ENUVlkr.exe

C:\Windows\System\ENUVlkr.exe

C:\Windows\System\TnsYDUx.exe

C:\Windows\System\TnsYDUx.exe

C:\Windows\System\tQtMTlh.exe

C:\Windows\System\tQtMTlh.exe

C:\Windows\System\VjrIMhd.exe

C:\Windows\System\VjrIMhd.exe

C:\Windows\System\IYAXdsh.exe

C:\Windows\System\IYAXdsh.exe

C:\Windows\System\nvSzPrt.exe

C:\Windows\System\nvSzPrt.exe

C:\Windows\System\pVsZUWR.exe

C:\Windows\System\pVsZUWR.exe

C:\Windows\System\OqmiGgr.exe

C:\Windows\System\OqmiGgr.exe

C:\Windows\System\DkYIBAJ.exe

C:\Windows\System\DkYIBAJ.exe

C:\Windows\System\ThwsXNi.exe

C:\Windows\System\ThwsXNi.exe

C:\Windows\System\WPMvOHi.exe

C:\Windows\System\WPMvOHi.exe

C:\Windows\System\fFMdTto.exe

C:\Windows\System\fFMdTto.exe

C:\Windows\System\VDiiLTB.exe

C:\Windows\System\VDiiLTB.exe

C:\Windows\System\YTisGQL.exe

C:\Windows\System\YTisGQL.exe

C:\Windows\System\zekhIhA.exe

C:\Windows\System\zekhIhA.exe

C:\Windows\System\OAeJhtp.exe

C:\Windows\System\OAeJhtp.exe

C:\Windows\System\RYPuVad.exe

C:\Windows\System\RYPuVad.exe

C:\Windows\System\ClekMbw.exe

C:\Windows\System\ClekMbw.exe

C:\Windows\System\ijYJrod.exe

C:\Windows\System\ijYJrod.exe

C:\Windows\System\hUvPkbB.exe

C:\Windows\System\hUvPkbB.exe

C:\Windows\System\CfwGxOM.exe

C:\Windows\System\CfwGxOM.exe

C:\Windows\System\KIeUbsj.exe

C:\Windows\System\KIeUbsj.exe

C:\Windows\System\WAWmMjJ.exe

C:\Windows\System\WAWmMjJ.exe

C:\Windows\System\ZjmvvvE.exe

C:\Windows\System\ZjmvvvE.exe

C:\Windows\System\pzazgJA.exe

C:\Windows\System\pzazgJA.exe

C:\Windows\System\MMKSsfo.exe

C:\Windows\System\MMKSsfo.exe

C:\Windows\System\avHFQjw.exe

C:\Windows\System\avHFQjw.exe

C:\Windows\System\uOjrTWm.exe

C:\Windows\System\uOjrTWm.exe

C:\Windows\System\iUkohGK.exe

C:\Windows\System\iUkohGK.exe

C:\Windows\System\hHhzgIh.exe

C:\Windows\System\hHhzgIh.exe

C:\Windows\System\WHbuzPk.exe

C:\Windows\System\WHbuzPk.exe

C:\Windows\System\dBmeCjp.exe

C:\Windows\System\dBmeCjp.exe

C:\Windows\System\qwRQkoq.exe

C:\Windows\System\qwRQkoq.exe

C:\Windows\System\mJpOYWS.exe

C:\Windows\System\mJpOYWS.exe

C:\Windows\System\kTlsUlI.exe

C:\Windows\System\kTlsUlI.exe

C:\Windows\System\TsfodQK.exe

C:\Windows\System\TsfodQK.exe

C:\Windows\System\qbhfZxw.exe

C:\Windows\System\qbhfZxw.exe

C:\Windows\System\SkdVxhe.exe

C:\Windows\System\SkdVxhe.exe

C:\Windows\System\BGejvRx.exe

C:\Windows\System\BGejvRx.exe

C:\Windows\System\rdODowC.exe

C:\Windows\System\rdODowC.exe

C:\Windows\System\GTIUbWB.exe

C:\Windows\System\GTIUbWB.exe

C:\Windows\System\mmifMjh.exe

C:\Windows\System\mmifMjh.exe

C:\Windows\System\XktTbCo.exe

C:\Windows\System\XktTbCo.exe

C:\Windows\System\onmqkSV.exe

C:\Windows\System\onmqkSV.exe

C:\Windows\System\PkWjRZj.exe

C:\Windows\System\PkWjRZj.exe

C:\Windows\System\xZMRMOn.exe

C:\Windows\System\xZMRMOn.exe

C:\Windows\System\DiSETMa.exe

C:\Windows\System\DiSETMa.exe

C:\Windows\System\kecnmup.exe

C:\Windows\System\kecnmup.exe

C:\Windows\System\psoxRuF.exe

C:\Windows\System\psoxRuF.exe

C:\Windows\System\mrslFec.exe

C:\Windows\System\mrslFec.exe

C:\Windows\System\JMHeFWg.exe

C:\Windows\System\JMHeFWg.exe

C:\Windows\System\JplzcAz.exe

C:\Windows\System\JplzcAz.exe

C:\Windows\System\FUBKBQJ.exe

C:\Windows\System\FUBKBQJ.exe

C:\Windows\System\uqIagTD.exe

C:\Windows\System\uqIagTD.exe

C:\Windows\System\UIxEcNF.exe

C:\Windows\System\UIxEcNF.exe

C:\Windows\System\nspijic.exe

C:\Windows\System\nspijic.exe

C:\Windows\System\kEokHDd.exe

C:\Windows\System\kEokHDd.exe

C:\Windows\System\ILltRPd.exe

C:\Windows\System\ILltRPd.exe

C:\Windows\System\iroTFrF.exe

C:\Windows\System\iroTFrF.exe

C:\Windows\System\NojlxWe.exe

C:\Windows\System\NojlxWe.exe

C:\Windows\System\yTxlGOI.exe

C:\Windows\System\yTxlGOI.exe

C:\Windows\System\OeqdOSV.exe

C:\Windows\System\OeqdOSV.exe

C:\Windows\System\IxvIRLm.exe

C:\Windows\System\IxvIRLm.exe

C:\Windows\System\FAnVcJo.exe

C:\Windows\System\FAnVcJo.exe

C:\Windows\System\CMQEBLr.exe

C:\Windows\System\CMQEBLr.exe

C:\Windows\System\nDKoFtf.exe

C:\Windows\System\nDKoFtf.exe

C:\Windows\System\ZEUbVFh.exe

C:\Windows\System\ZEUbVFh.exe

C:\Windows\System\YMhxNta.exe

C:\Windows\System\YMhxNta.exe

C:\Windows\System\ZWqSkVq.exe

C:\Windows\System\ZWqSkVq.exe

C:\Windows\System\zzKzDQH.exe

C:\Windows\System\zzKzDQH.exe

C:\Windows\System\drOLKLR.exe

C:\Windows\System\drOLKLR.exe

C:\Windows\System\wSttjNF.exe

C:\Windows\System\wSttjNF.exe

C:\Windows\System\EpMGBVq.exe

C:\Windows\System\EpMGBVq.exe

C:\Windows\System\OPvFBHI.exe

C:\Windows\System\OPvFBHI.exe

C:\Windows\System\kyIXdVV.exe

C:\Windows\System\kyIXdVV.exe

C:\Windows\System\NrrSERl.exe

C:\Windows\System\NrrSERl.exe

C:\Windows\System\DXQOPSY.exe

C:\Windows\System\DXQOPSY.exe

C:\Windows\System\gspGhay.exe

C:\Windows\System\gspGhay.exe

C:\Windows\System\wgNnkba.exe

C:\Windows\System\wgNnkba.exe

C:\Windows\System\GryccRb.exe

C:\Windows\System\GryccRb.exe

C:\Windows\System\PibzyXF.exe

C:\Windows\System\PibzyXF.exe

C:\Windows\System\NscfWua.exe

C:\Windows\System\NscfWua.exe

C:\Windows\System\RUxoYII.exe

C:\Windows\System\RUxoYII.exe

C:\Windows\System\zuAnhxK.exe

C:\Windows\System\zuAnhxK.exe

C:\Windows\System\CEEHDAg.exe

C:\Windows\System\CEEHDAg.exe

C:\Windows\System\UcDfCxf.exe

C:\Windows\System\UcDfCxf.exe

C:\Windows\System\jbhkrsa.exe

C:\Windows\System\jbhkrsa.exe

C:\Windows\System\FCtwizb.exe

C:\Windows\System\FCtwizb.exe

C:\Windows\System\JpMpUVB.exe

C:\Windows\System\JpMpUVB.exe

C:\Windows\System\axUopXw.exe

C:\Windows\System\axUopXw.exe

C:\Windows\System\cWWSgmD.exe

C:\Windows\System\cWWSgmD.exe

C:\Windows\System\dhPAeKs.exe

C:\Windows\System\dhPAeKs.exe

C:\Windows\System\HHutACe.exe

C:\Windows\System\HHutACe.exe

C:\Windows\System\ioNLlBx.exe

C:\Windows\System\ioNLlBx.exe

C:\Windows\System\xPBFqJn.exe

C:\Windows\System\xPBFqJn.exe

C:\Windows\System\MhkxHKV.exe

C:\Windows\System\MhkxHKV.exe

C:\Windows\System\zrTTYEJ.exe

C:\Windows\System\zrTTYEJ.exe

C:\Windows\System\UTUZFLZ.exe

C:\Windows\System\UTUZFLZ.exe

C:\Windows\System\xtERMvs.exe

C:\Windows\System\xtERMvs.exe

C:\Windows\System\PUlIFgM.exe

C:\Windows\System\PUlIFgM.exe

C:\Windows\System\jdqzEPN.exe

C:\Windows\System\jdqzEPN.exe

C:\Windows\System\oPaMATb.exe

C:\Windows\System\oPaMATb.exe

C:\Windows\System\lAaGudx.exe

C:\Windows\System\lAaGudx.exe

C:\Windows\System\WSAoHbR.exe

C:\Windows\System\WSAoHbR.exe

C:\Windows\System\MtrBNpX.exe

C:\Windows\System\MtrBNpX.exe

C:\Windows\System\BtgOOPW.exe

C:\Windows\System\BtgOOPW.exe

C:\Windows\System\QnrDfVl.exe

C:\Windows\System\QnrDfVl.exe

C:\Windows\System\GmHFSPp.exe

C:\Windows\System\GmHFSPp.exe

C:\Windows\System\frAzpoH.exe

C:\Windows\System\frAzpoH.exe

C:\Windows\System\JMjqVWj.exe

C:\Windows\System\JMjqVWj.exe

C:\Windows\System\GPPFFZF.exe

C:\Windows\System\GPPFFZF.exe

C:\Windows\System\zclbAOh.exe

C:\Windows\System\zclbAOh.exe

C:\Windows\System\xqpRGgE.exe

C:\Windows\System\xqpRGgE.exe

C:\Windows\System\QhGOStH.exe

C:\Windows\System\QhGOStH.exe

C:\Windows\System\CrEvEMY.exe

C:\Windows\System\CrEvEMY.exe

C:\Windows\System\xdDHMet.exe

C:\Windows\System\xdDHMet.exe

C:\Windows\System\xOEncYI.exe

C:\Windows\System\xOEncYI.exe

C:\Windows\System\cRnhakp.exe

C:\Windows\System\cRnhakp.exe

C:\Windows\System\IQhYdkx.exe

C:\Windows\System\IQhYdkx.exe

C:\Windows\System\IJMpIPw.exe

C:\Windows\System\IJMpIPw.exe

C:\Windows\System\JEKZVXW.exe

C:\Windows\System\JEKZVXW.exe

C:\Windows\System\ClZBPxd.exe

C:\Windows\System\ClZBPxd.exe

C:\Windows\System\PotwNcD.exe

C:\Windows\System\PotwNcD.exe

C:\Windows\System\rowXJLD.exe

C:\Windows\System\rowXJLD.exe

C:\Windows\System\YUYloNu.exe

C:\Windows\System\YUYloNu.exe

C:\Windows\System\wtBHxBa.exe

C:\Windows\System\wtBHxBa.exe

C:\Windows\System\NYdGepf.exe

C:\Windows\System\NYdGepf.exe

C:\Windows\System\mzOMmpa.exe

C:\Windows\System\mzOMmpa.exe

C:\Windows\System\ZqTclwf.exe

C:\Windows\System\ZqTclwf.exe

C:\Windows\System\mEtixRI.exe

C:\Windows\System\mEtixRI.exe

C:\Windows\System\LHOeety.exe

C:\Windows\System\LHOeety.exe

C:\Windows\System\ZvAtcou.exe

C:\Windows\System\ZvAtcou.exe

C:\Windows\System\iIFiJsP.exe

C:\Windows\System\iIFiJsP.exe

C:\Windows\System\JZFeOiK.exe

C:\Windows\System\JZFeOiK.exe

C:\Windows\System\UuNYiht.exe

C:\Windows\System\UuNYiht.exe

C:\Windows\System\hAfgUDs.exe

C:\Windows\System\hAfgUDs.exe

C:\Windows\System\bFOIpCA.exe

C:\Windows\System\bFOIpCA.exe

C:\Windows\System\ZWTREdA.exe

C:\Windows\System\ZWTREdA.exe

C:\Windows\System\zlvjIhp.exe

C:\Windows\System\zlvjIhp.exe

C:\Windows\System\iabyPoF.exe

C:\Windows\System\iabyPoF.exe

C:\Windows\System\CNaxyzh.exe

C:\Windows\System\CNaxyzh.exe

C:\Windows\System\VUacIWe.exe

C:\Windows\System\VUacIWe.exe

C:\Windows\System\snunlEi.exe

C:\Windows\System\snunlEi.exe

C:\Windows\System\YBpsuOh.exe

C:\Windows\System\YBpsuOh.exe

C:\Windows\System\zMefzlN.exe

C:\Windows\System\zMefzlN.exe

C:\Windows\System\NleDyJr.exe

C:\Windows\System\NleDyJr.exe

C:\Windows\System\vpeLtVE.exe

C:\Windows\System\vpeLtVE.exe

C:\Windows\System\ooetNXl.exe

C:\Windows\System\ooetNXl.exe

C:\Windows\System\NaQBjxT.exe

C:\Windows\System\NaQBjxT.exe

C:\Windows\System\cfMtMKs.exe

C:\Windows\System\cfMtMKs.exe

C:\Windows\System\TjDIppy.exe

C:\Windows\System\TjDIppy.exe

C:\Windows\System\OIAlcfb.exe

C:\Windows\System\OIAlcfb.exe

C:\Windows\System\TzFbgfN.exe

C:\Windows\System\TzFbgfN.exe

C:\Windows\System\bwqBTjT.exe

C:\Windows\System\bwqBTjT.exe

C:\Windows\System\QLtPELD.exe

C:\Windows\System\QLtPELD.exe

C:\Windows\System\nmTDOtw.exe

C:\Windows\System\nmTDOtw.exe

C:\Windows\System\DPFNtoa.exe

C:\Windows\System\DPFNtoa.exe

C:\Windows\System\hggzSWj.exe

C:\Windows\System\hggzSWj.exe

C:\Windows\System\LooVJeh.exe

C:\Windows\System\LooVJeh.exe

C:\Windows\System\MEwgIPx.exe

C:\Windows\System\MEwgIPx.exe

C:\Windows\System\phrrQer.exe

C:\Windows\System\phrrQer.exe

C:\Windows\System\xObqziY.exe

C:\Windows\System\xObqziY.exe

C:\Windows\System\UpVPbrN.exe

C:\Windows\System\UpVPbrN.exe

C:\Windows\System\fpYrbam.exe

C:\Windows\System\fpYrbam.exe

C:\Windows\System\AATMNEI.exe

C:\Windows\System\AATMNEI.exe

C:\Windows\System\RBeUrGM.exe

C:\Windows\System\RBeUrGM.exe

C:\Windows\System\EnXgzvQ.exe

C:\Windows\System\EnXgzvQ.exe

C:\Windows\System\vaVJtIw.exe

C:\Windows\System\vaVJtIw.exe

C:\Windows\System\PLIhKlR.exe

C:\Windows\System\PLIhKlR.exe

C:\Windows\System\kMSeKCa.exe

C:\Windows\System\kMSeKCa.exe

C:\Windows\System\yVLDlpr.exe

C:\Windows\System\yVLDlpr.exe

C:\Windows\System\vyGltQk.exe

C:\Windows\System\vyGltQk.exe

C:\Windows\System\zjmJate.exe

C:\Windows\System\zjmJate.exe

C:\Windows\System\DFMuCED.exe

C:\Windows\System\DFMuCED.exe

C:\Windows\System\cZRBuSL.exe

C:\Windows\System\cZRBuSL.exe

C:\Windows\System\rWZjWIy.exe

C:\Windows\System\rWZjWIy.exe

C:\Windows\System\cPVqvaG.exe

C:\Windows\System\cPVqvaG.exe

C:\Windows\System\NdNalvx.exe

C:\Windows\System\NdNalvx.exe

C:\Windows\System\gaAQfEM.exe

C:\Windows\System\gaAQfEM.exe

C:\Windows\System\MKBgaUW.exe

C:\Windows\System\MKBgaUW.exe

C:\Windows\System\AIDfobr.exe

C:\Windows\System\AIDfobr.exe

C:\Windows\System\zkxXYPU.exe

C:\Windows\System\zkxXYPU.exe

C:\Windows\System\cYOJDbd.exe

C:\Windows\System\cYOJDbd.exe

C:\Windows\System\zlJQYPo.exe

C:\Windows\System\zlJQYPo.exe

C:\Windows\System\wsyxOTD.exe

C:\Windows\System\wsyxOTD.exe

C:\Windows\System\TsZXeGn.exe

C:\Windows\System\TsZXeGn.exe

C:\Windows\System\CFxVhJx.exe

C:\Windows\System\CFxVhJx.exe

C:\Windows\System\RVrbdom.exe

C:\Windows\System\RVrbdom.exe

C:\Windows\System\OSTDQru.exe

C:\Windows\System\OSTDQru.exe

C:\Windows\System\niaZHRj.exe

C:\Windows\System\niaZHRj.exe

C:\Windows\System\BcEOQaC.exe

C:\Windows\System\BcEOQaC.exe

C:\Windows\System\hyIbOFE.exe

C:\Windows\System\hyIbOFE.exe

C:\Windows\System\KktsBeQ.exe

C:\Windows\System\KktsBeQ.exe

C:\Windows\System\BKBGjos.exe

C:\Windows\System\BKBGjos.exe

C:\Windows\System\fJmeffb.exe

C:\Windows\System\fJmeffb.exe

C:\Windows\System\ruPScPQ.exe

C:\Windows\System\ruPScPQ.exe

C:\Windows\System\uMUFyjB.exe

C:\Windows\System\uMUFyjB.exe

C:\Windows\System\suCisaV.exe

C:\Windows\System\suCisaV.exe

C:\Windows\System\nZszYNz.exe

C:\Windows\System\nZszYNz.exe

C:\Windows\System\DSPfonM.exe

C:\Windows\System\DSPfonM.exe

C:\Windows\System\AYDjIdK.exe

C:\Windows\System\AYDjIdK.exe

C:\Windows\System\rnwmhWn.exe

C:\Windows\System\rnwmhWn.exe

C:\Windows\System\gLdnLGV.exe

C:\Windows\System\gLdnLGV.exe

C:\Windows\System\nmDwrDX.exe

C:\Windows\System\nmDwrDX.exe

C:\Windows\System\UgcSiUy.exe

C:\Windows\System\UgcSiUy.exe

C:\Windows\System\UTDPqir.exe

C:\Windows\System\UTDPqir.exe

C:\Windows\System\YXAeIMN.exe

C:\Windows\System\YXAeIMN.exe

C:\Windows\System\wLKsgQk.exe

C:\Windows\System\wLKsgQk.exe

C:\Windows\System\sonwPUP.exe

C:\Windows\System\sonwPUP.exe

C:\Windows\System\wctGYva.exe

C:\Windows\System\wctGYva.exe

C:\Windows\System\pZdGCTY.exe

C:\Windows\System\pZdGCTY.exe

C:\Windows\System\SQcmRgo.exe

C:\Windows\System\SQcmRgo.exe

C:\Windows\System\hpOdkFM.exe

C:\Windows\System\hpOdkFM.exe

C:\Windows\System\SJjkdtG.exe

C:\Windows\System\SJjkdtG.exe

C:\Windows\System\XYbzDZd.exe

C:\Windows\System\XYbzDZd.exe

C:\Windows\System\CyYyilg.exe

C:\Windows\System\CyYyilg.exe

C:\Windows\System\TAASnKj.exe

C:\Windows\System\TAASnKj.exe

C:\Windows\System\RHloAuE.exe

C:\Windows\System\RHloAuE.exe

C:\Windows\System\VzCoUVw.exe

C:\Windows\System\VzCoUVw.exe

C:\Windows\System\RXAwgDC.exe

C:\Windows\System\RXAwgDC.exe

C:\Windows\System\nENWzlQ.exe

C:\Windows\System\nENWzlQ.exe

C:\Windows\System\pfBYSFU.exe

C:\Windows\System\pfBYSFU.exe

C:\Windows\System\NzvtLvm.exe

C:\Windows\System\NzvtLvm.exe

C:\Windows\System\pyTOhMG.exe

C:\Windows\System\pyTOhMG.exe

C:\Windows\System\hjmescX.exe

C:\Windows\System\hjmescX.exe

C:\Windows\System\qTPdPJx.exe

C:\Windows\System\qTPdPJx.exe

C:\Windows\System\YRVkyjP.exe

C:\Windows\System\YRVkyjP.exe

C:\Windows\System\qTcsOMx.exe

C:\Windows\System\qTcsOMx.exe

C:\Windows\System\QAEEwIy.exe

C:\Windows\System\QAEEwIy.exe

C:\Windows\System\rSZQWOB.exe

C:\Windows\System\rSZQWOB.exe

C:\Windows\System\CYgRVVR.exe

C:\Windows\System\CYgRVVR.exe

C:\Windows\System\aNgubOb.exe

C:\Windows\System\aNgubOb.exe

C:\Windows\System\YoctbGz.exe

C:\Windows\System\YoctbGz.exe

C:\Windows\System\qlpZkpo.exe

C:\Windows\System\qlpZkpo.exe

C:\Windows\System\Veyfsyq.exe

C:\Windows\System\Veyfsyq.exe

C:\Windows\System\EvwYuwF.exe

C:\Windows\System\EvwYuwF.exe

C:\Windows\System\DQFdxdE.exe

C:\Windows\System\DQFdxdE.exe

C:\Windows\System\LGnCuTo.exe

C:\Windows\System\LGnCuTo.exe

C:\Windows\System\uXfvvtw.exe

C:\Windows\System\uXfvvtw.exe

C:\Windows\System\RfAPQjT.exe

C:\Windows\System\RfAPQjT.exe

C:\Windows\System\QrIGbCG.exe

C:\Windows\System\QrIGbCG.exe

C:\Windows\System\CuYType.exe

C:\Windows\System\CuYType.exe

C:\Windows\System\ormdGIw.exe

C:\Windows\System\ormdGIw.exe

C:\Windows\System\AkznCZC.exe

C:\Windows\System\AkznCZC.exe

C:\Windows\System\DAysOdD.exe

C:\Windows\System\DAysOdD.exe

C:\Windows\System\nylStGI.exe

C:\Windows\System\nylStGI.exe

C:\Windows\System\kOEJngf.exe

C:\Windows\System\kOEJngf.exe

C:\Windows\System\zExzsHR.exe

C:\Windows\System\zExzsHR.exe

C:\Windows\System\ZSMhrpV.exe

C:\Windows\System\ZSMhrpV.exe

C:\Windows\System\EoebPKv.exe

C:\Windows\System\EoebPKv.exe

C:\Windows\System\algmQMo.exe

C:\Windows\System\algmQMo.exe

C:\Windows\System\fnqWMEg.exe

C:\Windows\System\fnqWMEg.exe

C:\Windows\System\gOvEZUW.exe

C:\Windows\System\gOvEZUW.exe

C:\Windows\System\civICKl.exe

C:\Windows\System\civICKl.exe

C:\Windows\System\ZpIYwCg.exe

C:\Windows\System\ZpIYwCg.exe

C:\Windows\System\ZsIOzIj.exe

C:\Windows\System\ZsIOzIj.exe

C:\Windows\System\tNxLwBy.exe

C:\Windows\System\tNxLwBy.exe

C:\Windows\System\UpqUaeC.exe

C:\Windows\System\UpqUaeC.exe

C:\Windows\System\YaVhHmp.exe

C:\Windows\System\YaVhHmp.exe

C:\Windows\System\oPTOWoh.exe

C:\Windows\System\oPTOWoh.exe

C:\Windows\System\ehkSiMb.exe

C:\Windows\System\ehkSiMb.exe

C:\Windows\System\JveVTiB.exe

C:\Windows\System\JveVTiB.exe

C:\Windows\System\KWQYbQL.exe

C:\Windows\System\KWQYbQL.exe

C:\Windows\System\SzairzU.exe

C:\Windows\System\SzairzU.exe

C:\Windows\System\KPWZvpJ.exe

C:\Windows\System\KPWZvpJ.exe

C:\Windows\System\tExqfCc.exe

C:\Windows\System\tExqfCc.exe

C:\Windows\System\KvlLdDe.exe

C:\Windows\System\KvlLdDe.exe

C:\Windows\System\wsRrtEn.exe

C:\Windows\System\wsRrtEn.exe

C:\Windows\System\hrTBbod.exe

C:\Windows\System\hrTBbod.exe

C:\Windows\System\MVupkfE.exe

C:\Windows\System\MVupkfE.exe

C:\Windows\System\ABjDYKb.exe

C:\Windows\System\ABjDYKb.exe

C:\Windows\System\kLiElgL.exe

C:\Windows\System\kLiElgL.exe

C:\Windows\System\HgPRXww.exe

C:\Windows\System\HgPRXww.exe

C:\Windows\System\njtaYlo.exe

C:\Windows\System\njtaYlo.exe

C:\Windows\System\ykLFHqJ.exe

C:\Windows\System\ykLFHqJ.exe

C:\Windows\System\ylXEgdM.exe

C:\Windows\System\ylXEgdM.exe

C:\Windows\System\DZIQPZg.exe

C:\Windows\System\DZIQPZg.exe

C:\Windows\System\auEjTdI.exe

C:\Windows\System\auEjTdI.exe

C:\Windows\System\iaCLEoK.exe

C:\Windows\System\iaCLEoK.exe

C:\Windows\System\jfskIIR.exe

C:\Windows\System\jfskIIR.exe

C:\Windows\System\pdSISmZ.exe

C:\Windows\System\pdSISmZ.exe

C:\Windows\System\GoEqGkM.exe

C:\Windows\System\GoEqGkM.exe

C:\Windows\System\wLGpHEV.exe

C:\Windows\System\wLGpHEV.exe

C:\Windows\System\jKJozVM.exe

C:\Windows\System\jKJozVM.exe

C:\Windows\System\SCBZHmg.exe

C:\Windows\System\SCBZHmg.exe

C:\Windows\System\PJsISgX.exe

C:\Windows\System\PJsISgX.exe

C:\Windows\System\vynuBjt.exe

C:\Windows\System\vynuBjt.exe

C:\Windows\System\hrgylXg.exe

C:\Windows\System\hrgylXg.exe

C:\Windows\System\SDMKXkL.exe

C:\Windows\System\SDMKXkL.exe

C:\Windows\System\XYUONPI.exe

C:\Windows\System\XYUONPI.exe

C:\Windows\System\WLfdUYx.exe

C:\Windows\System\WLfdUYx.exe

C:\Windows\System\lOMybRs.exe

C:\Windows\System\lOMybRs.exe

C:\Windows\System\jOamUzv.exe

C:\Windows\System\jOamUzv.exe

C:\Windows\System\vuefcro.exe

C:\Windows\System\vuefcro.exe

C:\Windows\System\NBeXFmh.exe

C:\Windows\System\NBeXFmh.exe

C:\Windows\System\fUOHAtI.exe

C:\Windows\System\fUOHAtI.exe

C:\Windows\System\bgniQpv.exe

C:\Windows\System\bgniQpv.exe

C:\Windows\System\UrZibuh.exe

C:\Windows\System\UrZibuh.exe

C:\Windows\System\nObXaZO.exe

C:\Windows\System\nObXaZO.exe

C:\Windows\System\kZspRrZ.exe

C:\Windows\System\kZspRrZ.exe

C:\Windows\System\aWYHFks.exe

C:\Windows\System\aWYHFks.exe

C:\Windows\System\cSKnuLS.exe

C:\Windows\System\cSKnuLS.exe

C:\Windows\System\LfWSfAf.exe

C:\Windows\System\LfWSfAf.exe

C:\Windows\System\RjlnBzI.exe

C:\Windows\System\RjlnBzI.exe

C:\Windows\System\GClTXLm.exe

C:\Windows\System\GClTXLm.exe

C:\Windows\System\qoYPcGV.exe

C:\Windows\System\qoYPcGV.exe

C:\Windows\System\hbjzwiy.exe

C:\Windows\System\hbjzwiy.exe

C:\Windows\System\WjHwjxI.exe

C:\Windows\System\WjHwjxI.exe

C:\Windows\System\KwnEeqv.exe

C:\Windows\System\KwnEeqv.exe

C:\Windows\System\tPoleip.exe

C:\Windows\System\tPoleip.exe

C:\Windows\System\rsyLkxn.exe

C:\Windows\System\rsyLkxn.exe

C:\Windows\System\RGADngP.exe

C:\Windows\System\RGADngP.exe

C:\Windows\System\zkumoHT.exe

C:\Windows\System\zkumoHT.exe

C:\Windows\System\BigFWCf.exe

C:\Windows\System\BigFWCf.exe

C:\Windows\System\UoNjzTU.exe

C:\Windows\System\UoNjzTU.exe

C:\Windows\System\lbeyobd.exe

C:\Windows\System\lbeyobd.exe

C:\Windows\System\dnMmDEA.exe

C:\Windows\System\dnMmDEA.exe

C:\Windows\System\jiaGLwQ.exe

C:\Windows\System\jiaGLwQ.exe

C:\Windows\System\IDApahJ.exe

C:\Windows\System\IDApahJ.exe

C:\Windows\System\gNnhTzD.exe

C:\Windows\System\gNnhTzD.exe

C:\Windows\System\hFoTLpM.exe

C:\Windows\System\hFoTLpM.exe

C:\Windows\System\HprIOAf.exe

C:\Windows\System\HprIOAf.exe

C:\Windows\System\HiXYcyX.exe

C:\Windows\System\HiXYcyX.exe

C:\Windows\System\QoQICNh.exe

C:\Windows\System\QoQICNh.exe

C:\Windows\System\NjERvFf.exe

C:\Windows\System\NjERvFf.exe

C:\Windows\System\oqZVhYS.exe

C:\Windows\System\oqZVhYS.exe

C:\Windows\System\EQgUXGX.exe

C:\Windows\System\EQgUXGX.exe

C:\Windows\System\nbPGjNs.exe

C:\Windows\System\nbPGjNs.exe

C:\Windows\System\dAcoeyF.exe

C:\Windows\System\dAcoeyF.exe

C:\Windows\System\bjzgYJI.exe

C:\Windows\System\bjzgYJI.exe

C:\Windows\System\TvkLHqk.exe

C:\Windows\System\TvkLHqk.exe

C:\Windows\System\wSmlhhP.exe

C:\Windows\System\wSmlhhP.exe

C:\Windows\System\ncbGmja.exe

C:\Windows\System\ncbGmja.exe

C:\Windows\System\GvzUKWC.exe

C:\Windows\System\GvzUKWC.exe

C:\Windows\System\UHmxSYH.exe

C:\Windows\System\UHmxSYH.exe

C:\Windows\System\HfQEGsn.exe

C:\Windows\System\HfQEGsn.exe

C:\Windows\System\IGCmPJr.exe

C:\Windows\System\IGCmPJr.exe

C:\Windows\System\FvJptht.exe

C:\Windows\System\FvJptht.exe

C:\Windows\System\wGbRLXG.exe

C:\Windows\System\wGbRLXG.exe

C:\Windows\System\brvUggA.exe

C:\Windows\System\brvUggA.exe

C:\Windows\System\CmWYUrr.exe

C:\Windows\System\CmWYUrr.exe

C:\Windows\System\zXcFbSO.exe

C:\Windows\System\zXcFbSO.exe

C:\Windows\System\txDWmCi.exe

C:\Windows\System\txDWmCi.exe

C:\Windows\System\tnKJZwD.exe

C:\Windows\System\tnKJZwD.exe

C:\Windows\System\QUnTcYI.exe

C:\Windows\System\QUnTcYI.exe

C:\Windows\System\iiNRVcf.exe

C:\Windows\System\iiNRVcf.exe

C:\Windows\System\dmQCpMH.exe

C:\Windows\System\dmQCpMH.exe

C:\Windows\System\QijhUxM.exe

C:\Windows\System\QijhUxM.exe

C:\Windows\System\ttmLxyk.exe

C:\Windows\System\ttmLxyk.exe

C:\Windows\System\XOfxOVK.exe

C:\Windows\System\XOfxOVK.exe

C:\Windows\System\wjbtCyT.exe

C:\Windows\System\wjbtCyT.exe

C:\Windows\System\GwYpRji.exe

C:\Windows\System\GwYpRji.exe

C:\Windows\System\tKgidEf.exe

C:\Windows\System\tKgidEf.exe

C:\Windows\System\znZeFMX.exe

C:\Windows\System\znZeFMX.exe

C:\Windows\System\iRgnWzg.exe

C:\Windows\System\iRgnWzg.exe

C:\Windows\System\reFwFyt.exe

C:\Windows\System\reFwFyt.exe

C:\Windows\System\bcFiPuy.exe

C:\Windows\System\bcFiPuy.exe

C:\Windows\System\AhKPOdb.exe

C:\Windows\System\AhKPOdb.exe

C:\Windows\System\LohrCeQ.exe

C:\Windows\System\LohrCeQ.exe

C:\Windows\System\MVLJmhh.exe

C:\Windows\System\MVLJmhh.exe

C:\Windows\System\gLsLkUb.exe

C:\Windows\System\gLsLkUb.exe

C:\Windows\System\pyNssvg.exe

C:\Windows\System\pyNssvg.exe

C:\Windows\System\uGXLUMa.exe

C:\Windows\System\uGXLUMa.exe

C:\Windows\System\kEAchKU.exe

C:\Windows\System\kEAchKU.exe

C:\Windows\System\puAPHjj.exe

C:\Windows\System\puAPHjj.exe

C:\Windows\System\fQXAlIs.exe

C:\Windows\System\fQXAlIs.exe

C:\Windows\System\lkCYMZw.exe

C:\Windows\System\lkCYMZw.exe

C:\Windows\System\PbRLKAz.exe

C:\Windows\System\PbRLKAz.exe

C:\Windows\System\NMhMTtr.exe

C:\Windows\System\NMhMTtr.exe

C:\Windows\System\rDNVIyH.exe

C:\Windows\System\rDNVIyH.exe

C:\Windows\System\kvzAGpL.exe

C:\Windows\System\kvzAGpL.exe

C:\Windows\System\pEjwaPA.exe

C:\Windows\System\pEjwaPA.exe

C:\Windows\System\kqEBMGx.exe

C:\Windows\System\kqEBMGx.exe

C:\Windows\System\hvlEXwC.exe

C:\Windows\System\hvlEXwC.exe

C:\Windows\System\WUhCTxK.exe

C:\Windows\System\WUhCTxK.exe

C:\Windows\System\EMJCOCd.exe

C:\Windows\System\EMJCOCd.exe

C:\Windows\System\bpCjszv.exe

C:\Windows\System\bpCjszv.exe

C:\Windows\System\VQCpaAZ.exe

C:\Windows\System\VQCpaAZ.exe

C:\Windows\System\vTFsKgk.exe

C:\Windows\System\vTFsKgk.exe

C:\Windows\System\SbGVilM.exe

C:\Windows\System\SbGVilM.exe

C:\Windows\System\SIFHUTk.exe

C:\Windows\System\SIFHUTk.exe

C:\Windows\System\LQTxhIs.exe

C:\Windows\System\LQTxhIs.exe

C:\Windows\System\TSETBUQ.exe

C:\Windows\System\TSETBUQ.exe

C:\Windows\System\bBcwDDU.exe

C:\Windows\System\bBcwDDU.exe

C:\Windows\System\DMZfdqj.exe

C:\Windows\System\DMZfdqj.exe

C:\Windows\System\FOQTtcz.exe

C:\Windows\System\FOQTtcz.exe

C:\Windows\System\DhDMDfe.exe

C:\Windows\System\DhDMDfe.exe

C:\Windows\System\hbpYjkb.exe

C:\Windows\System\hbpYjkb.exe

C:\Windows\System\kGVCqpl.exe

C:\Windows\System\kGVCqpl.exe

C:\Windows\System\UtKlyfL.exe

C:\Windows\System\UtKlyfL.exe

C:\Windows\System\mvxNGgN.exe

C:\Windows\System\mvxNGgN.exe

C:\Windows\System\manddrS.exe

C:\Windows\System\manddrS.exe

C:\Windows\System\LFErokN.exe

C:\Windows\System\LFErokN.exe

C:\Windows\System\wuKIRHD.exe

C:\Windows\System\wuKIRHD.exe

C:\Windows\System\YqtPkGi.exe

C:\Windows\System\YqtPkGi.exe

C:\Windows\System\siBNyFB.exe

C:\Windows\System\siBNyFB.exe

C:\Windows\System\nywFPNq.exe

C:\Windows\System\nywFPNq.exe

C:\Windows\System\yrgCbSs.exe

C:\Windows\System\yrgCbSs.exe

C:\Windows\System\OHSGuyy.exe

C:\Windows\System\OHSGuyy.exe

C:\Windows\System\XitITqc.exe

C:\Windows\System\XitITqc.exe

C:\Windows\System\yETHCwm.exe

C:\Windows\System\yETHCwm.exe

C:\Windows\System\LhCmPYo.exe

C:\Windows\System\LhCmPYo.exe

C:\Windows\System\EzmVKkx.exe

C:\Windows\System\EzmVKkx.exe

C:\Windows\System\zqfvejq.exe

C:\Windows\System\zqfvejq.exe

C:\Windows\System\YdKjGxw.exe

C:\Windows\System\YdKjGxw.exe

C:\Windows\System\VWzQgUC.exe

C:\Windows\System\VWzQgUC.exe

C:\Windows\System\gqMLKIZ.exe

C:\Windows\System\gqMLKIZ.exe

C:\Windows\System\pSeTipd.exe

C:\Windows\System\pSeTipd.exe

C:\Windows\System\cyGamin.exe

C:\Windows\System\cyGamin.exe

C:\Windows\System\yZZaGxE.exe

C:\Windows\System\yZZaGxE.exe

C:\Windows\System\HjlMYii.exe

C:\Windows\System\HjlMYii.exe

C:\Windows\System\ZrSpLFu.exe

C:\Windows\System\ZrSpLFu.exe

C:\Windows\System\IlEHsJZ.exe

C:\Windows\System\IlEHsJZ.exe

C:\Windows\System\czebCvw.exe

C:\Windows\System\czebCvw.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp

Files

memory/4780-0-0x00007FF6CA090000-0x00007FF6CA3E4000-memory.dmp

memory/4780-1-0x0000029ACA750000-0x0000029ACA760000-memory.dmp

C:\Windows\System\bnoDBli.exe

MD5 a5adbc145055320a03b6b99ee1c67ddf
SHA1 745f6e73174f156048661f443f19803a368e4db4
SHA256 4a65d20c05f6cb854cd12797bac2923a9f33655d77b74abab701361614a29a2d
SHA512 8f3b272d4b8ee495e067feaece0c7dcec918fec5d1196a448dcb34634a1c5a43ecd01e95008efe309df6fd100fd885a8ca47fe826fbf882f70d4fce0a3da9236

C:\Windows\System\QQYANFu.exe

MD5 2956f1434d560706fbbd00695c394590
SHA1 2b18d6ea9eb0ddc7ca8665c41dca02477896a603
SHA256 63d9d354ebc4a20f7b9832c32766374f3ff86fde1f005bacc50dca0c7dbd8e68
SHA512 3140203c14634829583b83da6e2ca93d1c289c35f555857822206475d3b52cae277b56142b8232b416e5aca51a7db0daa8fee0efed5bdca34c4b9a497ba07a68

C:\Windows\System\wdcddxF.exe

MD5 dfa278779bc525c9c9ea258ab44de1c7
SHA1 368592aa94455039dd26f1eadf1f3cff64400b8b
SHA256 e605021378703f32778a2f7d9025abb0b2d4bc3c11ab021487bc431efd1d1bf0
SHA512 c4f941ece57bc80a892407846e2926228e626b1ae68e2a4a1ff8eb57f028170402d105b3310e1e126f163b31aa671e7e8f2a2270e031325c0685a3f1e154f0b3

memory/5112-43-0x00007FF6D5240000-0x00007FF6D5594000-memory.dmp

memory/2756-46-0x00007FF61BAC0000-0x00007FF61BE14000-memory.dmp

C:\Windows\System\zBWgsFE.exe

MD5 91441e32a410577f31bd32b587eb0478
SHA1 5b014df7fe46794442cf6019769c88f989f78749
SHA256 a2de9b34b680fcc9e4c81ae8ccb5f9dd8f07a85cf4d5dd9f299bb70035ccda54
SHA512 0ee92fb9bf88e86eccd48712bebb353a41b4abb199d935de8e9fad7f842a89f5b5d2166a3486a39a66b40671343ed9f5011c7ea4c84faed175ba1b2372b33f3e

C:\Windows\System\LEaIAVl.exe

MD5 a4c6c98a16a0dbbcf9d2ceb8c1508c9a
SHA1 68ae402c36802ad14bb8d613a6327154b42829c9
SHA256 e5033d4e211245b19fbb8225689d5c45f0676b83bc4003159a33f35c9dfd26d7
SHA512 64ecc6ae1cf0c845ca1f02e1a573d4659749e5f8410284896d7222648b217cf4ea40f7af988d5e32e7741f6dd30d4db363cf411e64780ee76533fcf101ab7812

C:\Windows\System\nTzgkbZ.exe

MD5 94e0afe31e05d3eba9eb253c97816665
SHA1 84e12dc92504dd9b4e6e0bb34be7d6db3d3e072a
SHA256 91dbb8352210c00217c9e25024cff52da25fc17b3ec8d1bec5e5b9ac06604ab1
SHA512 33fa0341b173e57c3b99269026455cb70414b85f5de99d0f7f5addf207f63c06fdbf91a0428f531c6b39605650ca43badf0522a71b3baa2bec6b10ebcebfc748

C:\Windows\System\EcwXJNi.exe

MD5 0fe97b8d1490c6e19b041aa8a278982e
SHA1 bf5b86c8513e74fcc233a13f2ddda6dcc102ef23
SHA256 50b99b3191981d8e630925d3b0d853e5a33771d68fc453f425fb0139cf2f671d
SHA512 3cb5090d2394b3ec6a70c4515d7b616ded230d40309c087d9d13e3c88dc669fbe6e070fbeea72d06344c57d3ef29021915e3a4113dad4269c5176ed3078c34dc

C:\Windows\System\KcuMweb.exe

MD5 b7c66a8b726abe2e906d2bbbd1b3d68c
SHA1 1adef7da4fbbd5a0440a12f3c8755868a6403506
SHA256 67027ccb11e846aa100606b5097c0acd9cfa7273728c68a30999bfbdeef6e80a
SHA512 0b415627ef4a063ed64e9d7b368ed90567e84f4937b232708ef8895e5fe9a061221e822dab0cf09166466763e8d7863d17b33fde336fb3c52e7128b4437f4804

C:\Windows\System\FPQMGoK.exe

MD5 77fb45e17237f38502603a5e04612635
SHA1 a64b72fef82bff15ccd6a8f65dab07a7dace471e
SHA256 ee3e30b86b2d348d0e5c66b0651c6322415ef2a9716d250e3bd772fe3218e970
SHA512 458a7a391c6207801d6d8e5bea44fa0c7feac335cce0aec15ebc0dad7a20eff4762c39b5e49f0c92f4747e4a5a50d4c1f03add1bf795f40d57015b7bac16c4df

C:\Windows\System\bjKrSZg.exe

MD5 d7a6aaaaaa3703aea5638b416797c122
SHA1 3bbc676f081dcdab44ebf8b2c8b8da47b35177d0
SHA256 2404915d8ea682d0df87079730f3c7ff0ce2b3e091b9c8f02155e1f14c75274a
SHA512 9edebeeed8f42db4bc093384e28b9af9b9e177930caeb0419641bc9ae1256d85efc879898fbc637a42959d9311a09c58731e36026022f8873ec2dab4a3d2d3e5

C:\Windows\System\UUgcdfk.exe

MD5 76ff937db0bec6d4ae002d84d0da9d38
SHA1 75c91141c0ddf8fce812d24183e9f403e3c917df
SHA256 ba156622ae9015ca572726b888efe14b3659321b03aa5f7e3a4637ec3168426a
SHA512 bd9fb40f42d11be847175e3a7a3046a013ff60502d101221b618d46127dc046a4121e0787fc7642a7b866325a04b4aa1e492337d1d194732d143216cb2eb4a6a

C:\Windows\System\tVFoaov.exe

MD5 dc6ad4eb823e91664b6a19d8afe5617f
SHA1 527b2a2115aa958edf6ad1d6971372397c350186
SHA256 eea0deef4a2607537504a0b848c3aa55b18d2c67ca74617427508e71ccfb2a08
SHA512 1e4971f94ee9e38360240b99445373b42c9b3513d7a9ae0bc573a41284f7f59f139ca29952990305ebb95351e537631e1725c9ae3833a472971a54f18c386219

memory/2612-380-0x00007FF653C10000-0x00007FF653F64000-memory.dmp

memory/4016-382-0x00007FF71FBC0000-0x00007FF71FF14000-memory.dmp

memory/4388-389-0x00007FF66ED80000-0x00007FF66F0D4000-memory.dmp

memory/2944-393-0x00007FF66F060000-0x00007FF66F3B4000-memory.dmp

memory/4552-400-0x00007FF75C690000-0x00007FF75C9E4000-memory.dmp

memory/336-412-0x00007FF7D7B90000-0x00007FF7D7EE4000-memory.dmp

memory/1608-416-0x00007FF66C150000-0x00007FF66C4A4000-memory.dmp

memory/4248-420-0x00007FF63FA00000-0x00007FF63FD54000-memory.dmp

memory/3988-421-0x00007FF72A140000-0x00007FF72A494000-memory.dmp

memory/2696-419-0x00007FF6823E0000-0x00007FF682734000-memory.dmp

memory/4856-418-0x00007FF731570000-0x00007FF7318C4000-memory.dmp

memory/3356-417-0x00007FF701DA0000-0x00007FF7020F4000-memory.dmp

memory/5076-415-0x00007FF7CDD20000-0x00007FF7CE074000-memory.dmp

memory/2608-413-0x00007FF73A6A0000-0x00007FF73A9F4000-memory.dmp

memory/3392-410-0x00007FF79F3D0000-0x00007FF79F724000-memory.dmp

memory/4664-409-0x00007FF618840000-0x00007FF618B94000-memory.dmp

memory/3020-397-0x00007FF7A4910000-0x00007FF7A4C64000-memory.dmp

memory/4572-396-0x00007FF71D480000-0x00007FF71D7D4000-memory.dmp

memory/3184-388-0x00007FF6319F0000-0x00007FF631D44000-memory.dmp

memory/4288-387-0x00007FF7DB420000-0x00007FF7DB774000-memory.dmp

memory/4224-381-0x00007FF7C9A90000-0x00007FF7C9DE4000-memory.dmp

C:\Windows\System\BraKLDH.exe

MD5 3cd0c4f43b14add4e7684a72c6d82b5f
SHA1 281bd71810200286c8f9ef72d9debc8b7d999200
SHA256 656529f09e497aa7134ea4e9bf5ab10b4c5607cd4ab8d8cc139a97d407663036
SHA512 b8023c76fc7c8d83292f9188f04835cafec77d9f500ba6c1f6b05cffd2a5adfc9d18865dcd5aec3be84fa479eb7b30cfd99930032268601917642a75b99e4601

C:\Windows\System\yGyvlBh.exe

MD5 1ce279a8ff61f24f75bda9551d9c4126
SHA1 d2f43bd392ba3f8fb140da13272fc233f5dccefb
SHA256 6e3fca4a2b2163a9863daf0b8285cc2717b3ec4f1c5fc8786cd3f1ed74c3dfd9
SHA512 38998c3967428c6ab5ad9886c7b7f9b7b6f9c3d387d843929979892f6da9af4a8670553f12b64cc87fa11e76590c77844bbdc859848caf16673bfdf4dfd66fdd

C:\Windows\System\ucxhjGR.exe

MD5 3b181123689526b1d3a794e0e72bb460
SHA1 13999f340cfe9fc8061ae61ee11174402ef9496a
SHA256 4363ac09e8069414403abb9a3428e5fbee28f60bf6446d7cf7153fd40c47cd7d
SHA512 01086017a17893b4d083b6c6cd66097e822fb94ac9efbaf005ecb365654af9df30b03caf7d2e32e7ad564e8c6c2bb5b4bb39115403b487472b89e78e32625664

C:\Windows\System\EvAjkYp.exe

MD5 e625ec916e398708884b670fe6e70bef
SHA1 321845e50b13c907f7f1fb73922aa20772450999
SHA256 71daf3062bfb336b8dca92d5597a33cd76e089d8ade18197183c5efb91de1db4
SHA512 36ed613d52992918741e3443463cc62a45fcf15a311c61b15d347a131a76eaa487682c677ad40f6459c0e33357d6dda23e6b709ca1da783f4df7e90c0b50eb98

C:\Windows\System\kIWJoLc.exe

MD5 7e3c37dc2ca4f3bb7f50a2b312f07db3
SHA1 2db27976eaaf26539a74fc0167f50434c35f8b54
SHA256 3ec3df96297726e79283e12cc68126c665e6a4e71bde3c6fa200847ad1599110
SHA512 c157736ab2ba58f2d2d51460e998c30ff23b094d47ab477abb5e4937970ab29f66f433eb14ea743a40b84a684b6703c344b64289d46c50c10dc40e5a12897e38

C:\Windows\System\EaJmRHI.exe

MD5 b1af36d853be7f9e077fe39dbef64a11
SHA1 3b6e744be3408d77dadcb0160c17d984e339e1b5
SHA256 d3f7f16b04da1f8a1788ad08b117848875956e4be5f85141dd713d5f8b68de11
SHA512 df7d8e972c3eac6567fcaa4420ff13271adff9ad2483735bf1eb8ebab9107bc12ef9c53003a10a405b96525fb78d40a93d0996cb6bc9fef1741aa42d2d6834b8

C:\Windows\System\jXpSlPL.exe

MD5 0531d24a858dab0119cc040a028eb150
SHA1 ed799bdd1c24c53006d928a7fb65ac16bf987a46
SHA256 9c2207b20bbb013d90d43564bd1a60ccdae775203c561029579fa654c976ce2e
SHA512 3ec06818dc3395d3bc426c5da0595ebc4c5d9d1bae38883765001afe2f376dfe095a902e540a2e1e70f8c1692d35498086e358ef0fc6effd374a7a65590a0178

C:\Windows\System\pHmGIdz.exe

MD5 760a281aab7b9c1563ea2805227371c8
SHA1 d8c78cee2f474671cea823fe0c20317eb4955edf
SHA256 eaa3bdcc3f58b6f60f978501430e5571be3c0ea6ab20b9e2756c5a93b43d1a62
SHA512 1a0901c93131bc06c64f687cc52cb09de9e52f447178d357538935be1a494acd50f3df7d85f5a11d0e31e0ed6117a26f9ff0f9e26d9ffce013758f8bf13f2628

C:\Windows\System\WkZxoiT.exe

MD5 36f7b231e082eb80cf8f74e7ee5fe3b7
SHA1 4d7f4cc3aa57719e3240477576af35ecbec24ef7
SHA256 6af06d7be23d13842e1d47f940e1fcba722ef2ff86e249474c7b8a4ad68dd332
SHA512 64ff6f23ebcb0ae300e91a1e7c27b5c35439d730a2529e602f3e1fe8ef59f9586ea5ee45932cc73f2af4149453405a92d56cc0c3ea351c3a2a0dade51d8f08fe

C:\Windows\System\xLZxrNI.exe

MD5 5a77e24140062d8204a5bcd25fd7b954
SHA1 49df7122b66b03e6caf1d0120c344ea319fb97ed
SHA256 3040d4bdad89a232dd453031985a5ee55369f6ab987b6908df1266356ebf2e95
SHA512 6d349c4a824f043f4e0fa1d0433e7d98442ec41b6f07c6a512dc70a599db8147c19f2272e5358a63906ca4230171eebd26ce018803680b320fe6387ba50b8fd6

C:\Windows\System\OEzhEtK.exe

MD5 da251bf4772610a0e8118d4a299c61b6
SHA1 d1b9a236ff6c182f9863f9d84a80b1b9f104f2e2
SHA256 e03f072b8c3ffd968f4793f4b9f1dfe818c92d54320efab5af26a8c3f9e6f2ed
SHA512 72280abc44e30617d55e736f0eb534e67ed926efac95cc8939f57473fdc7fb424438a6ab3395fa290dc48a47b112a631229a76cc84574be2e0ed58f17a3ab02b

C:\Windows\System\ThvtDmj.exe

MD5 9f46b2fcb9853b64502952c01450e1fa
SHA1 e699ac27c97680a46ede10931864be38e92c2bdf
SHA256 c9f344a29e46b694a2fab35a1173c1dceee12b75176ef8ce2e86a9ae14634309
SHA512 048503cf6be8d3afd01927a44ba10332bc89ae03a65d4558c5a483fc800d42f41369793c1f2e9fa4945e739fc24d7811e6f5fea770bed963c316e405366d80fb

C:\Windows\System\XGLObZj.exe

MD5 d914de03ff8fc51708e12f4e83329cab
SHA1 749823480f96d9e28f19ea38884651ea3804a997
SHA256 a78a654140c5e9997b673f6ca023612ca3471e358ec5e862e70473be7d237db7
SHA512 9c20bd934e3f33874a2cb7a83d96069edd48ce7354e1d9f7675a0787872eab1150d24cad72fd3a1984e953df3352d5b528fa35813d46316e5d1e8c99a65207d3

C:\Windows\System\gVyebgu.exe

MD5 c5ea44d7e9f590a8a62a6b089f81443a
SHA1 6a53875e3102a1bac4809523157d2e419ad6f41b
SHA256 99a07280f5168ef194d7f8aa8e3a182553a2f07986724eafb4de82818fa71358
SHA512 b393c976d3c8fb6ed5501b4ae385421dc1c52ec14a0bfb05050a8b6b794ecc7535712c206215e7ae6d35924832de8fd0391893a54fa5c71aa2ad89d6a939ecda

C:\Windows\System\AglLwPY.exe

MD5 4c9c76367f99778f5217844002849432
SHA1 f43ca9926fbf06c4c222fb799783aee112055e7c
SHA256 dcf25f94398e798339bb16929d1ee07017265e895e3c2906d8ec93757c47fa17
SHA512 4d71dd0b43b1ca6ad93cb9503ae9e18439148a6f417654685340ae6a793d229420907f21e38cde479988c27b078e911dab7be94f50ecd9f8f3be547dadbb16c2

memory/3984-57-0x00007FF7A86B0000-0x00007FF7A8A04000-memory.dmp

C:\Windows\System\GQZgcWN.exe

MD5 4634272f6cc0da33c9065275b9654548
SHA1 100bae3d21b25c877c2c3fbf260e701bfe43ffea
SHA256 8e599fa7ed1123bc3a5c4018c93591078eac411fb10d83df5400665dac10acf5
SHA512 c3d19de34d646fbc70b3dce803f724524f3497bb3bfeb7cfce32051db25efcf3283a1c254b16ba64f42e8ee4e46ead31dc10f09edc7bf36721fa229043ce48b3

memory/540-42-0x00007FF7F3C20000-0x00007FF7F3F74000-memory.dmp

memory/1744-38-0x00007FF63A690000-0x00007FF63A9E4000-memory.dmp

memory/1580-33-0x00007FF766410000-0x00007FF766764000-memory.dmp

C:\Windows\System\GKdcjTV.exe

MD5 0e2b8fb9a49d0e32fd1499d7783428f8
SHA1 601b5cb4d52f83407890d4a9b5842956acf44c80
SHA256 16d65c4fe80446e8ff1022728e7403dac1ebb6c97d50598e3e85b83dd9c7d537
SHA512 2994f48f596ee11d2fb3474f5d0fcabfa79aefc44e00a7768c911ae561254ff714e356e63c040d042da71023070e2a367311e5c77b6627274bb55ba02ee378ef

C:\Windows\System\YKGcIxh.exe

MD5 af804f18d1cb2c746c66fe8a46677078
SHA1 890973cf52cb0be541d221c26ccf6afed28f40be
SHA256 8bcec336fbb29289d0cf9cc3bbc0685c6aa37203602688e16ab214a54d20e18f
SHA512 cd50b40685465c230f794621b6a21b8df4e5572edc366f37e53487b105c0c9725d97d2f6064799d48ad434f116746f5209c1640b81f13206172a0e0c19fd9a1d

memory/2308-22-0x00007FF6174A0000-0x00007FF6177F4000-memory.dmp

memory/3272-14-0x00007FF6F0780000-0x00007FF6F0AD4000-memory.dmp

C:\Windows\System\kIAKKPt.exe

MD5 4ea8db275afe4f09cffd9f50a3e2abbe
SHA1 42ace45c9ffe1b51590fc1ccae377f04384b61fa
SHA256 0449a884f77df9f2586c04c1bd61de98a3d2a19404e5821da2be60d0c73c200a
SHA512 988eb9e9756abeb82b5959ac4fc72986b9baf2f6dab16f51bf555dba3411bce82a671fde79ab85a620077536aa87a1fa528c5283659837d6797d9913dfcea21a

C:\Windows\System\VVyBBpJ.exe

MD5 74c64b242735d0ae2e2398c5c519662b
SHA1 774db518b002fa3a87efc12c45869e3cb43b5897
SHA256 d3ed889c1767fcaeb1989358830a6f5e00dc8ee6d0571d44fe42e1354bc5f9da
SHA512 f0e752ab8c79a07293a05d0f7b234b29f3637b9f851bcc7c0e8b180fc90102e48c7208b9473ba0cf8f3271cd5f086e10c714df0dd4c8af7cc6d640acd96a1794

memory/1580-2156-0x00007FF766410000-0x00007FF766764000-memory.dmp

memory/1744-2157-0x00007FF63A690000-0x00007FF63A9E4000-memory.dmp

memory/2756-2158-0x00007FF61BAC0000-0x00007FF61BE14000-memory.dmp

memory/3984-2159-0x00007FF7A86B0000-0x00007FF7A8A04000-memory.dmp

memory/2308-2281-0x00007FF6174A0000-0x00007FF6177F4000-memory.dmp

memory/3272-2302-0x00007FF6F0780000-0x00007FF6F0AD4000-memory.dmp

memory/1580-2304-0x00007FF766410000-0x00007FF766764000-memory.dmp

memory/540-2303-0x00007FF7F3C20000-0x00007FF7F3F74000-memory.dmp

memory/5112-2305-0x00007FF6D5240000-0x00007FF6D5594000-memory.dmp

memory/1744-2306-0x00007FF63A690000-0x00007FF63A9E4000-memory.dmp

memory/2756-2308-0x00007FF61BAC0000-0x00007FF61BE14000-memory.dmp

memory/3984-2307-0x00007FF7A86B0000-0x00007FF7A8A04000-memory.dmp

memory/3988-2309-0x00007FF72A140000-0x00007FF72A494000-memory.dmp

memory/4288-2317-0x00007FF7DB420000-0x00007FF7DB774000-memory.dmp

memory/4016-2320-0x00007FF71FBC0000-0x00007FF71FF14000-memory.dmp

memory/4664-2325-0x00007FF618840000-0x00007FF618B94000-memory.dmp

memory/3392-2326-0x00007FF79F3D0000-0x00007FF79F724000-memory.dmp

memory/336-2328-0x00007FF7D7B90000-0x00007FF7D7EE4000-memory.dmp

memory/2608-2327-0x00007FF73A6A0000-0x00007FF73A9F4000-memory.dmp

memory/4552-2324-0x00007FF75C690000-0x00007FF75C9E4000-memory.dmp

memory/2944-2323-0x00007FF66F060000-0x00007FF66F3B4000-memory.dmp

memory/3020-2322-0x00007FF7A4910000-0x00007FF7A4C64000-memory.dmp

memory/4572-2321-0x00007FF71D480000-0x00007FF71D7D4000-memory.dmp

memory/3184-2319-0x00007FF6319F0000-0x00007FF631D44000-memory.dmp

memory/4388-2318-0x00007FF66ED80000-0x00007FF66F0D4000-memory.dmp

memory/2612-2316-0x00007FF653C10000-0x00007FF653F64000-memory.dmp

memory/4224-2315-0x00007FF7C9A90000-0x00007FF7C9DE4000-memory.dmp

memory/5076-2334-0x00007FF7CDD20000-0x00007FF7CE074000-memory.dmp

memory/1608-2333-0x00007FF66C150000-0x00007FF66C4A4000-memory.dmp

memory/2696-2332-0x00007FF6823E0000-0x00007FF682734000-memory.dmp

memory/4856-2331-0x00007FF731570000-0x00007FF7318C4000-memory.dmp

memory/3356-2330-0x00007FF701DA0000-0x00007FF7020F4000-memory.dmp

memory/4248-2329-0x00007FF63FA00000-0x00007FF63FD54000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ESA67DDO\microsoft.windows[1].xml

MD5 974ad60d33caba7483b1632fee6c0910
SHA1 9d8902b5e0ab01db1da9e5904a77812bac76e4fd
SHA256 79e895145208d9368ee807428c5d84fd2c57cf9408819399a8f855ad2b110bf9
SHA512 4e3575a1c24c4553b0754867b139756e07bd5dcea8f30e7717face923bc56f34bb0783927ffb370af65b47b15bc8987e4dec95104cc73c332aa4faee41a29974