Malware Analysis Report

2025-04-19 16:05

Sample ID 240522-wh9k1aba6t
Target ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe
SHA256 ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b
Tags
xmrig miner upx persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b

Threat Level: Known bad

The file ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe was found to be: Known bad.

Malicious Activity Summary

xmrig miner upx persistence

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Modifies Installed Components in the registry

UPX packed file

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Unsigned PE

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 17:56

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 17:56

Reported

2024-05-22 17:59

Platform

win7-20240508-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System32\DmVYFCp.exe N/A
N/A N/A C:\Windows\System32\ZuXOvto.exe N/A
N/A N/A C:\Windows\System32\HQlolhE.exe N/A
N/A N/A C:\Windows\System32\ZBPWbQr.exe N/A
N/A N/A C:\Windows\System32\PPEoMQM.exe N/A
N/A N/A C:\Windows\System32\UoenMNF.exe N/A
N/A N/A C:\Windows\System32\GVQvbwP.exe N/A
N/A N/A C:\Windows\System32\PAqBQgJ.exe N/A
N/A N/A C:\Windows\System32\HfxmrIq.exe N/A
N/A N/A C:\Windows\System32\FiTigeV.exe N/A
N/A N/A C:\Windows\System32\Ncqgkpn.exe N/A
N/A N/A C:\Windows\System32\DmKBoKa.exe N/A
N/A N/A C:\Windows\System32\iGwCyPN.exe N/A
N/A N/A C:\Windows\System32\rmegppZ.exe N/A
N/A N/A C:\Windows\System32\lXiIwao.exe N/A
N/A N/A C:\Windows\System32\XzhuDrD.exe N/A
N/A N/A C:\Windows\System32\BmocdNA.exe N/A
N/A N/A C:\Windows\System32\BiFaPoZ.exe N/A
N/A N/A C:\Windows\System32\OcLVKqy.exe N/A
N/A N/A C:\Windows\System32\BwhIipI.exe N/A
N/A N/A C:\Windows\System32\yFaJnLr.exe N/A
N/A N/A C:\Windows\System32\lxhZbOU.exe N/A
N/A N/A C:\Windows\System32\WAlbxtC.exe N/A
N/A N/A C:\Windows\System32\ALIZjcf.exe N/A
N/A N/A C:\Windows\System32\ErQXuZu.exe N/A
N/A N/A C:\Windows\System32\gPyCQHS.exe N/A
N/A N/A C:\Windows\System32\ZWJZGQr.exe N/A
N/A N/A C:\Windows\System32\bWbQCRu.exe N/A
N/A N/A C:\Windows\System32\nKHVnlb.exe N/A
N/A N/A C:\Windows\System32\InsTevP.exe N/A
N/A N/A C:\Windows\System32\jWKrvul.exe N/A
N/A N/A C:\Windows\System32\DoQQSIM.exe N/A
N/A N/A C:\Windows\System32\fZjDJWw.exe N/A
N/A N/A C:\Windows\System32\pXYJLZM.exe N/A
N/A N/A C:\Windows\System32\ZmZIBAI.exe N/A
N/A N/A C:\Windows\System32\xRvJcPC.exe N/A
N/A N/A C:\Windows\System32\ngtQhkA.exe N/A
N/A N/A C:\Windows\System32\raxpRAo.exe N/A
N/A N/A C:\Windows\System32\oNZYdHv.exe N/A
N/A N/A C:\Windows\System32\jukcypc.exe N/A
N/A N/A C:\Windows\System32\LPumDVC.exe N/A
N/A N/A C:\Windows\System32\RIaspCA.exe N/A
N/A N/A C:\Windows\System32\vclePkv.exe N/A
N/A N/A C:\Windows\System32\oIiiEsE.exe N/A
N/A N/A C:\Windows\System32\abFgesK.exe N/A
N/A N/A C:\Windows\System32\Tunmlwv.exe N/A
N/A N/A C:\Windows\System32\CmeNmbZ.exe N/A
N/A N/A C:\Windows\System32\qroaufQ.exe N/A
N/A N/A C:\Windows\System32\mIFHRFv.exe N/A
N/A N/A C:\Windows\System32\eGOQLFv.exe N/A
N/A N/A C:\Windows\System32\tfvJbQy.exe N/A
N/A N/A C:\Windows\System32\vqgWeVq.exe N/A
N/A N/A C:\Windows\System32\aNpbXHd.exe N/A
N/A N/A C:\Windows\System32\tWaIGBH.exe N/A
N/A N/A C:\Windows\System32\hZikEKi.exe N/A
N/A N/A C:\Windows\System32\uveYwUl.exe N/A
N/A N/A C:\Windows\System32\sNYuiSV.exe N/A
N/A N/A C:\Windows\System32\IdcIWiM.exe N/A
N/A N/A C:\Windows\System32\FjjWTJd.exe N/A
N/A N/A C:\Windows\System32\BhOMGIe.exe N/A
N/A N/A C:\Windows\System32\NtgmdSE.exe N/A
N/A N/A C:\Windows\System32\hZrvpHs.exe N/A
N/A N/A C:\Windows\System32\NvXqQTQ.exe N/A
N/A N/A C:\Windows\System32\YEJuDdG.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\iCkVnNr.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\fAoTyrv.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\JPYpIGk.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\uyHUHBB.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\BelcdaA.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\rCxeFNM.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ZmZIBAI.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\aNBpMOi.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\jCipvRq.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\YLBMwGY.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\JoLRpMP.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\csNREWw.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\UBzggmK.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\hZrvpHs.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ozMwbUa.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\hxrLkbs.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\DIdlCLv.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\pMFRGLP.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\jonBUlD.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\tsaPSlE.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\yvxJpMI.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\tWaIGBH.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\VtSakyK.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\FAqziii.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\sOqCovm.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\uLRtXSA.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\KoVvFiP.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\MDEDaYM.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\qaLSQKx.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\OjHpjZM.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\eGClLQh.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ecodctB.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\qWYMGcb.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\IvKYYVg.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\uveYwUl.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\DEbKimw.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\WLbArkf.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\jhxCnLh.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\Opskmfr.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\sfjBNpS.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\GcEPxiA.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\oeqmWFT.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\bodCnZj.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\YgsmWRo.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\mJVNedP.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\vnHlWwT.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\hggBJou.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\viKKsab.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\lycADaa.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\mTxFbZj.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\CoVDlIL.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\XRxdePd.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\SNghYQp.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\wJpWyaY.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\jvyBpol.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\LSAsubH.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\exzStwp.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\hBHNLUm.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\lMTRGGD.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\TkxkYyp.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\lsSUkIN.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\sPrQDWM.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\DHHyxEP.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\xDwucAQ.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\DmVYFCp.exe
PID 1736 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\DmVYFCp.exe
PID 1736 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\DmVYFCp.exe
PID 1736 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ZuXOvto.exe
PID 1736 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ZuXOvto.exe
PID 1736 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ZuXOvto.exe
PID 1736 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HQlolhE.exe
PID 1736 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HQlolhE.exe
PID 1736 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HQlolhE.exe
PID 1736 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ZBPWbQr.exe
PID 1736 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ZBPWbQr.exe
PID 1736 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ZBPWbQr.exe
PID 1736 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\UoenMNF.exe
PID 1736 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\UoenMNF.exe
PID 1736 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\UoenMNF.exe
PID 1736 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\PPEoMQM.exe
PID 1736 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\PPEoMQM.exe
PID 1736 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\PPEoMQM.exe
PID 1736 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\GVQvbwP.exe
PID 1736 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\GVQvbwP.exe
PID 1736 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\GVQvbwP.exe
PID 1736 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\PAqBQgJ.exe
PID 1736 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\PAqBQgJ.exe
PID 1736 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\PAqBQgJ.exe
PID 1736 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HfxmrIq.exe
PID 1736 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HfxmrIq.exe
PID 1736 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HfxmrIq.exe
PID 1736 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\FiTigeV.exe
PID 1736 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\FiTigeV.exe
PID 1736 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\FiTigeV.exe
PID 1736 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\DmKBoKa.exe
PID 1736 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\DmKBoKa.exe
PID 1736 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\DmKBoKa.exe
PID 1736 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\Ncqgkpn.exe
PID 1736 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\Ncqgkpn.exe
PID 1736 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\Ncqgkpn.exe
PID 1736 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\iGwCyPN.exe
PID 1736 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\iGwCyPN.exe
PID 1736 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\iGwCyPN.exe
PID 1736 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\rmegppZ.exe
PID 1736 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\rmegppZ.exe
PID 1736 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\rmegppZ.exe
PID 1736 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\lXiIwao.exe
PID 1736 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\lXiIwao.exe
PID 1736 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\lXiIwao.exe
PID 1736 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\XzhuDrD.exe
PID 1736 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\XzhuDrD.exe
PID 1736 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\XzhuDrD.exe
PID 1736 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\BmocdNA.exe
PID 1736 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\BmocdNA.exe
PID 1736 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\BmocdNA.exe
PID 1736 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\BiFaPoZ.exe
PID 1736 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\BiFaPoZ.exe
PID 1736 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\BiFaPoZ.exe
PID 1736 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\OcLVKqy.exe
PID 1736 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\OcLVKqy.exe
PID 1736 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\OcLVKqy.exe
PID 1736 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\BwhIipI.exe
PID 1736 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\BwhIipI.exe
PID 1736 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\BwhIipI.exe
PID 1736 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\yFaJnLr.exe
PID 1736 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\yFaJnLr.exe
PID 1736 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\yFaJnLr.exe
PID 1736 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\lxhZbOU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe

"C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe"

C:\Windows\System32\DmVYFCp.exe

C:\Windows\System32\DmVYFCp.exe

C:\Windows\System32\ZuXOvto.exe

C:\Windows\System32\ZuXOvto.exe

C:\Windows\System32\HQlolhE.exe

C:\Windows\System32\HQlolhE.exe

C:\Windows\System32\ZBPWbQr.exe

C:\Windows\System32\ZBPWbQr.exe

C:\Windows\System32\UoenMNF.exe

C:\Windows\System32\UoenMNF.exe

C:\Windows\System32\PPEoMQM.exe

C:\Windows\System32\PPEoMQM.exe

C:\Windows\System32\GVQvbwP.exe

C:\Windows\System32\GVQvbwP.exe

C:\Windows\System32\PAqBQgJ.exe

C:\Windows\System32\PAqBQgJ.exe

C:\Windows\System32\HfxmrIq.exe

C:\Windows\System32\HfxmrIq.exe

C:\Windows\System32\FiTigeV.exe

C:\Windows\System32\FiTigeV.exe

C:\Windows\System32\DmKBoKa.exe

C:\Windows\System32\DmKBoKa.exe

C:\Windows\System32\Ncqgkpn.exe

C:\Windows\System32\Ncqgkpn.exe

C:\Windows\System32\iGwCyPN.exe

C:\Windows\System32\iGwCyPN.exe

C:\Windows\System32\rmegppZ.exe

C:\Windows\System32\rmegppZ.exe

C:\Windows\System32\lXiIwao.exe

C:\Windows\System32\lXiIwao.exe

C:\Windows\System32\XzhuDrD.exe

C:\Windows\System32\XzhuDrD.exe

C:\Windows\System32\BmocdNA.exe

C:\Windows\System32\BmocdNA.exe

C:\Windows\System32\BiFaPoZ.exe

C:\Windows\System32\BiFaPoZ.exe

C:\Windows\System32\OcLVKqy.exe

C:\Windows\System32\OcLVKqy.exe

C:\Windows\System32\BwhIipI.exe

C:\Windows\System32\BwhIipI.exe

C:\Windows\System32\yFaJnLr.exe

C:\Windows\System32\yFaJnLr.exe

C:\Windows\System32\lxhZbOU.exe

C:\Windows\System32\lxhZbOU.exe

C:\Windows\System32\WAlbxtC.exe

C:\Windows\System32\WAlbxtC.exe

C:\Windows\System32\ALIZjcf.exe

C:\Windows\System32\ALIZjcf.exe

C:\Windows\System32\ErQXuZu.exe

C:\Windows\System32\ErQXuZu.exe

C:\Windows\System32\gPyCQHS.exe

C:\Windows\System32\gPyCQHS.exe

C:\Windows\System32\ZWJZGQr.exe

C:\Windows\System32\ZWJZGQr.exe

C:\Windows\System32\bWbQCRu.exe

C:\Windows\System32\bWbQCRu.exe

C:\Windows\System32\nKHVnlb.exe

C:\Windows\System32\nKHVnlb.exe

C:\Windows\System32\InsTevP.exe

C:\Windows\System32\InsTevP.exe

C:\Windows\System32\jWKrvul.exe

C:\Windows\System32\jWKrvul.exe

C:\Windows\System32\DoQQSIM.exe

C:\Windows\System32\DoQQSIM.exe

C:\Windows\System32\fZjDJWw.exe

C:\Windows\System32\fZjDJWw.exe

C:\Windows\System32\pXYJLZM.exe

C:\Windows\System32\pXYJLZM.exe

C:\Windows\System32\ZmZIBAI.exe

C:\Windows\System32\ZmZIBAI.exe

C:\Windows\System32\xRvJcPC.exe

C:\Windows\System32\xRvJcPC.exe

C:\Windows\System32\ngtQhkA.exe

C:\Windows\System32\ngtQhkA.exe

C:\Windows\System32\raxpRAo.exe

C:\Windows\System32\raxpRAo.exe

C:\Windows\System32\oNZYdHv.exe

C:\Windows\System32\oNZYdHv.exe

C:\Windows\System32\jukcypc.exe

C:\Windows\System32\jukcypc.exe

C:\Windows\System32\LPumDVC.exe

C:\Windows\System32\LPumDVC.exe

C:\Windows\System32\RIaspCA.exe

C:\Windows\System32\RIaspCA.exe

C:\Windows\System32\vclePkv.exe

C:\Windows\System32\vclePkv.exe

C:\Windows\System32\oIiiEsE.exe

C:\Windows\System32\oIiiEsE.exe

C:\Windows\System32\mIFHRFv.exe

C:\Windows\System32\mIFHRFv.exe

C:\Windows\System32\abFgesK.exe

C:\Windows\System32\abFgesK.exe

C:\Windows\System32\eGOQLFv.exe

C:\Windows\System32\eGOQLFv.exe

C:\Windows\System32\Tunmlwv.exe

C:\Windows\System32\Tunmlwv.exe

C:\Windows\System32\tfvJbQy.exe

C:\Windows\System32\tfvJbQy.exe

C:\Windows\System32\CmeNmbZ.exe

C:\Windows\System32\CmeNmbZ.exe

C:\Windows\System32\vqgWeVq.exe

C:\Windows\System32\vqgWeVq.exe

C:\Windows\System32\qroaufQ.exe

C:\Windows\System32\qroaufQ.exe

C:\Windows\System32\aNpbXHd.exe

C:\Windows\System32\aNpbXHd.exe

C:\Windows\System32\tWaIGBH.exe

C:\Windows\System32\tWaIGBH.exe

C:\Windows\System32\hZikEKi.exe

C:\Windows\System32\hZikEKi.exe

C:\Windows\System32\uveYwUl.exe

C:\Windows\System32\uveYwUl.exe

C:\Windows\System32\sNYuiSV.exe

C:\Windows\System32\sNYuiSV.exe

C:\Windows\System32\IdcIWiM.exe

C:\Windows\System32\IdcIWiM.exe

C:\Windows\System32\FjjWTJd.exe

C:\Windows\System32\FjjWTJd.exe

C:\Windows\System32\BhOMGIe.exe

C:\Windows\System32\BhOMGIe.exe

C:\Windows\System32\NtgmdSE.exe

C:\Windows\System32\NtgmdSE.exe

C:\Windows\System32\hZrvpHs.exe

C:\Windows\System32\hZrvpHs.exe

C:\Windows\System32\NvXqQTQ.exe

C:\Windows\System32\NvXqQTQ.exe

C:\Windows\System32\YEJuDdG.exe

C:\Windows\System32\YEJuDdG.exe

C:\Windows\System32\IGMAGZM.exe

C:\Windows\System32\IGMAGZM.exe

C:\Windows\System32\RPqhmpQ.exe

C:\Windows\System32\RPqhmpQ.exe

C:\Windows\System32\viKKsab.exe

C:\Windows\System32\viKKsab.exe

C:\Windows\System32\GHuhGQh.exe

C:\Windows\System32\GHuhGQh.exe

C:\Windows\System32\tJptjtd.exe

C:\Windows\System32\tJptjtd.exe

C:\Windows\System32\MrYfXAw.exe

C:\Windows\System32\MrYfXAw.exe

C:\Windows\System32\jvyBpol.exe

C:\Windows\System32\jvyBpol.exe

C:\Windows\System32\CtpKFQA.exe

C:\Windows\System32\CtpKFQA.exe

C:\Windows\System32\HZCJNGR.exe

C:\Windows\System32\HZCJNGR.exe

C:\Windows\System32\ShfPlFI.exe

C:\Windows\System32\ShfPlFI.exe

C:\Windows\System32\roHTpcx.exe

C:\Windows\System32\roHTpcx.exe

C:\Windows\System32\dVTIEBi.exe

C:\Windows\System32\dVTIEBi.exe

C:\Windows\System32\WDLimiQ.exe

C:\Windows\System32\WDLimiQ.exe

C:\Windows\System32\lLGesuF.exe

C:\Windows\System32\lLGesuF.exe

C:\Windows\System32\zJDogfF.exe

C:\Windows\System32\zJDogfF.exe

C:\Windows\System32\VNCATKz.exe

C:\Windows\System32\VNCATKz.exe

C:\Windows\System32\FVDCvws.exe

C:\Windows\System32\FVDCvws.exe

C:\Windows\System32\qmezOYp.exe

C:\Windows\System32\qmezOYp.exe

C:\Windows\System32\yEUrbFz.exe

C:\Windows\System32\yEUrbFz.exe

C:\Windows\System32\YyinkWu.exe

C:\Windows\System32\YyinkWu.exe

C:\Windows\System32\AtWwuyb.exe

C:\Windows\System32\AtWwuyb.exe

C:\Windows\System32\JcsGgZe.exe

C:\Windows\System32\JcsGgZe.exe

C:\Windows\System32\TSaoxeP.exe

C:\Windows\System32\TSaoxeP.exe

C:\Windows\System32\hWANfQS.exe

C:\Windows\System32\hWANfQS.exe

C:\Windows\System32\hNxKmLn.exe

C:\Windows\System32\hNxKmLn.exe

C:\Windows\System32\DYxbamv.exe

C:\Windows\System32\DYxbamv.exe

C:\Windows\System32\UUqmYHT.exe

C:\Windows\System32\UUqmYHT.exe

C:\Windows\System32\LzQvcSg.exe

C:\Windows\System32\LzQvcSg.exe

C:\Windows\System32\ROzwLYe.exe

C:\Windows\System32\ROzwLYe.exe

C:\Windows\System32\zkcsMNB.exe

C:\Windows\System32\zkcsMNB.exe

C:\Windows\System32\JLWGNWQ.exe

C:\Windows\System32\JLWGNWQ.exe

C:\Windows\System32\JtuUdlT.exe

C:\Windows\System32\JtuUdlT.exe

C:\Windows\System32\nJTFnec.exe

C:\Windows\System32\nJTFnec.exe

C:\Windows\System32\uBFPYTG.exe

C:\Windows\System32\uBFPYTG.exe

C:\Windows\System32\ydkFWQO.exe

C:\Windows\System32\ydkFWQO.exe

C:\Windows\System32\mSrCQMu.exe

C:\Windows\System32\mSrCQMu.exe

C:\Windows\System32\oxwvITF.exe

C:\Windows\System32\oxwvITF.exe

C:\Windows\System32\HuRWiNu.exe

C:\Windows\System32\HuRWiNu.exe

C:\Windows\System32\nadehLQ.exe

C:\Windows\System32\nadehLQ.exe

C:\Windows\System32\nLpUpYB.exe

C:\Windows\System32\nLpUpYB.exe

C:\Windows\System32\ZjNWoqd.exe

C:\Windows\System32\ZjNWoqd.exe

C:\Windows\System32\YWummYg.exe

C:\Windows\System32\YWummYg.exe

C:\Windows\System32\SZyQMSK.exe

C:\Windows\System32\SZyQMSK.exe

C:\Windows\System32\bPVyuTP.exe

C:\Windows\System32\bPVyuTP.exe

C:\Windows\System32\rBJnyug.exe

C:\Windows\System32\rBJnyug.exe

C:\Windows\System32\TmviEgx.exe

C:\Windows\System32\TmviEgx.exe

C:\Windows\System32\NszTwbO.exe

C:\Windows\System32\NszTwbO.exe

C:\Windows\System32\PvDeYbv.exe

C:\Windows\System32\PvDeYbv.exe

C:\Windows\System32\BaPNeAc.exe

C:\Windows\System32\BaPNeAc.exe

C:\Windows\System32\JjNOzxT.exe

C:\Windows\System32\JjNOzxT.exe

C:\Windows\System32\jnvQNGa.exe

C:\Windows\System32\jnvQNGa.exe

C:\Windows\System32\JVFjxuw.exe

C:\Windows\System32\JVFjxuw.exe

C:\Windows\System32\PwRQpBV.exe

C:\Windows\System32\PwRQpBV.exe

C:\Windows\System32\JROTMlv.exe

C:\Windows\System32\JROTMlv.exe

C:\Windows\System32\VtSakyK.exe

C:\Windows\System32\VtSakyK.exe

C:\Windows\System32\MwMLeKq.exe

C:\Windows\System32\MwMLeKq.exe

C:\Windows\System32\CiLxZPS.exe

C:\Windows\System32\CiLxZPS.exe

C:\Windows\System32\aoSmgZV.exe

C:\Windows\System32\aoSmgZV.exe

C:\Windows\System32\fRnQwEG.exe

C:\Windows\System32\fRnQwEG.exe

C:\Windows\System32\oAFQfLn.exe

C:\Windows\System32\oAFQfLn.exe

C:\Windows\System32\cOtNSbO.exe

C:\Windows\System32\cOtNSbO.exe

C:\Windows\System32\KceQikn.exe

C:\Windows\System32\KceQikn.exe

C:\Windows\System32\DZgqrEg.exe

C:\Windows\System32\DZgqrEg.exe

C:\Windows\System32\lLjLCPW.exe

C:\Windows\System32\lLjLCPW.exe

C:\Windows\System32\ByFIZKZ.exe

C:\Windows\System32\ByFIZKZ.exe

C:\Windows\System32\niNCNwQ.exe

C:\Windows\System32\niNCNwQ.exe

C:\Windows\System32\tOrmPwA.exe

C:\Windows\System32\tOrmPwA.exe

C:\Windows\System32\YMLMnmj.exe

C:\Windows\System32\YMLMnmj.exe

C:\Windows\System32\hFrlLcL.exe

C:\Windows\System32\hFrlLcL.exe

C:\Windows\System32\AicKFJs.exe

C:\Windows\System32\AicKFJs.exe

C:\Windows\System32\FFQANbj.exe

C:\Windows\System32\FFQANbj.exe

C:\Windows\System32\DHHyxEP.exe

C:\Windows\System32\DHHyxEP.exe

C:\Windows\System32\zXUNcxv.exe

C:\Windows\System32\zXUNcxv.exe

C:\Windows\System32\MTnHaHV.exe

C:\Windows\System32\MTnHaHV.exe

C:\Windows\System32\loULJqR.exe

C:\Windows\System32\loULJqR.exe

C:\Windows\System32\lqwZVfs.exe

C:\Windows\System32\lqwZVfs.exe

C:\Windows\System32\FOQlWpQ.exe

C:\Windows\System32\FOQlWpQ.exe

C:\Windows\System32\wEMUZRw.exe

C:\Windows\System32\wEMUZRw.exe

C:\Windows\System32\efxlfWd.exe

C:\Windows\System32\efxlfWd.exe

C:\Windows\System32\odqqaUc.exe

C:\Windows\System32\odqqaUc.exe

C:\Windows\System32\VUzQsEz.exe

C:\Windows\System32\VUzQsEz.exe

C:\Windows\System32\mBODCLO.exe

C:\Windows\System32\mBODCLO.exe

C:\Windows\System32\nNsVYpK.exe

C:\Windows\System32\nNsVYpK.exe

C:\Windows\System32\GcEPxiA.exe

C:\Windows\System32\GcEPxiA.exe

C:\Windows\System32\cbdGsBw.exe

C:\Windows\System32\cbdGsBw.exe

C:\Windows\System32\FGUYnKT.exe

C:\Windows\System32\FGUYnKT.exe

C:\Windows\System32\lcBCMZv.exe

C:\Windows\System32\lcBCMZv.exe

C:\Windows\System32\vkcbAAC.exe

C:\Windows\System32\vkcbAAC.exe

C:\Windows\System32\xjzRgPk.exe

C:\Windows\System32\xjzRgPk.exe

C:\Windows\System32\ExXKYeh.exe

C:\Windows\System32\ExXKYeh.exe

C:\Windows\System32\kRaFxJs.exe

C:\Windows\System32\kRaFxJs.exe

C:\Windows\System32\XPmXIYw.exe

C:\Windows\System32\XPmXIYw.exe

C:\Windows\System32\BguNTSq.exe

C:\Windows\System32\BguNTSq.exe

C:\Windows\System32\CFCBHcz.exe

C:\Windows\System32\CFCBHcz.exe

C:\Windows\System32\TcYkBxZ.exe

C:\Windows\System32\TcYkBxZ.exe

C:\Windows\System32\xfPPQan.exe

C:\Windows\System32\xfPPQan.exe

C:\Windows\System32\wdhUwwf.exe

C:\Windows\System32\wdhUwwf.exe

C:\Windows\System32\dpJrpsC.exe

C:\Windows\System32\dpJrpsC.exe

C:\Windows\System32\FCyJvvl.exe

C:\Windows\System32\FCyJvvl.exe

C:\Windows\System32\EfpYTPt.exe

C:\Windows\System32\EfpYTPt.exe

C:\Windows\System32\yfeAIHf.exe

C:\Windows\System32\yfeAIHf.exe

C:\Windows\System32\wpykQjr.exe

C:\Windows\System32\wpykQjr.exe

C:\Windows\System32\nJWllYt.exe

C:\Windows\System32\nJWllYt.exe

C:\Windows\System32\yCIfLBj.exe

C:\Windows\System32\yCIfLBj.exe

C:\Windows\System32\szGziYf.exe

C:\Windows\System32\szGziYf.exe

C:\Windows\System32\uLFfPeS.exe

C:\Windows\System32\uLFfPeS.exe

C:\Windows\System32\AYuasvv.exe

C:\Windows\System32\AYuasvv.exe

C:\Windows\System32\duZjTkk.exe

C:\Windows\System32\duZjTkk.exe

C:\Windows\System32\jNQJsPT.exe

C:\Windows\System32\jNQJsPT.exe

C:\Windows\System32\QxTMTNk.exe

C:\Windows\System32\QxTMTNk.exe

C:\Windows\System32\jiiyAub.exe

C:\Windows\System32\jiiyAub.exe

C:\Windows\System32\WCrksVx.exe

C:\Windows\System32\WCrksVx.exe

C:\Windows\System32\dJTaIBJ.exe

C:\Windows\System32\dJTaIBJ.exe

C:\Windows\System32\qCvBhmT.exe

C:\Windows\System32\qCvBhmT.exe

C:\Windows\System32\CZVBkbk.exe

C:\Windows\System32\CZVBkbk.exe

C:\Windows\System32\Ezcxbmr.exe

C:\Windows\System32\Ezcxbmr.exe

C:\Windows\System32\mpDvMMv.exe

C:\Windows\System32\mpDvMMv.exe

C:\Windows\System32\cXWHATi.exe

C:\Windows\System32\cXWHATi.exe

C:\Windows\System32\oZHolIu.exe

C:\Windows\System32\oZHolIu.exe

C:\Windows\System32\wKpBBoJ.exe

C:\Windows\System32\wKpBBoJ.exe

C:\Windows\System32\gNEVfBL.exe

C:\Windows\System32\gNEVfBL.exe

C:\Windows\System32\qMUbroX.exe

C:\Windows\System32\qMUbroX.exe

C:\Windows\System32\DQuhGOj.exe

C:\Windows\System32\DQuhGOj.exe

C:\Windows\System32\KORUCor.exe

C:\Windows\System32\KORUCor.exe

C:\Windows\System32\hJGlwzA.exe

C:\Windows\System32\hJGlwzA.exe

C:\Windows\System32\zGamwiU.exe

C:\Windows\System32\zGamwiU.exe

C:\Windows\System32\JWWckDb.exe

C:\Windows\System32\JWWckDb.exe

C:\Windows\System32\YcXoYbD.exe

C:\Windows\System32\YcXoYbD.exe

C:\Windows\System32\aurVWlG.exe

C:\Windows\System32\aurVWlG.exe

C:\Windows\System32\kLDOlDG.exe

C:\Windows\System32\kLDOlDG.exe

C:\Windows\System32\CcPBKlK.exe

C:\Windows\System32\CcPBKlK.exe

C:\Windows\System32\FcxQaSE.exe

C:\Windows\System32\FcxQaSE.exe

C:\Windows\System32\biEojkt.exe

C:\Windows\System32\biEojkt.exe

C:\Windows\System32\JCquIci.exe

C:\Windows\System32\JCquIci.exe

C:\Windows\System32\SjkHrXL.exe

C:\Windows\System32\SjkHrXL.exe

C:\Windows\System32\juQcOgQ.exe

C:\Windows\System32\juQcOgQ.exe

C:\Windows\System32\XJnSqyY.exe

C:\Windows\System32\XJnSqyY.exe

C:\Windows\System32\luppwZT.exe

C:\Windows\System32\luppwZT.exe

C:\Windows\System32\iREdVzi.exe

C:\Windows\System32\iREdVzi.exe

C:\Windows\System32\qaLSQKx.exe

C:\Windows\System32\qaLSQKx.exe

C:\Windows\System32\CeYXeoB.exe

C:\Windows\System32\CeYXeoB.exe

C:\Windows\System32\vVWHgFm.exe

C:\Windows\System32\vVWHgFm.exe

C:\Windows\System32\pJkOvHk.exe

C:\Windows\System32\pJkOvHk.exe

C:\Windows\System32\lWRRiya.exe

C:\Windows\System32\lWRRiya.exe

C:\Windows\System32\lycADaa.exe

C:\Windows\System32\lycADaa.exe

C:\Windows\System32\MpqOJWN.exe

C:\Windows\System32\MpqOJWN.exe

C:\Windows\System32\focABjS.exe

C:\Windows\System32\focABjS.exe

C:\Windows\System32\hxrLkbs.exe

C:\Windows\System32\hxrLkbs.exe

C:\Windows\System32\GubbPHK.exe

C:\Windows\System32\GubbPHK.exe

C:\Windows\System32\wIVSEAb.exe

C:\Windows\System32\wIVSEAb.exe

C:\Windows\System32\aNBpMOi.exe

C:\Windows\System32\aNBpMOi.exe

C:\Windows\System32\wGPktDL.exe

C:\Windows\System32\wGPktDL.exe

C:\Windows\System32\hZLlpxR.exe

C:\Windows\System32\hZLlpxR.exe

C:\Windows\System32\wFFMrwk.exe

C:\Windows\System32\wFFMrwk.exe

C:\Windows\System32\LSAsubH.exe

C:\Windows\System32\LSAsubH.exe

C:\Windows\System32\gkprlAg.exe

C:\Windows\System32\gkprlAg.exe

C:\Windows\System32\sPspDNs.exe

C:\Windows\System32\sPspDNs.exe

C:\Windows\System32\JVsrBto.exe

C:\Windows\System32\JVsrBto.exe

C:\Windows\System32\ZtKADwm.exe

C:\Windows\System32\ZtKADwm.exe

C:\Windows\System32\LLXdjHp.exe

C:\Windows\System32\LLXdjHp.exe

C:\Windows\System32\VBHUWrN.exe

C:\Windows\System32\VBHUWrN.exe

C:\Windows\System32\vTlbbdu.exe

C:\Windows\System32\vTlbbdu.exe

C:\Windows\System32\TwkLdVp.exe

C:\Windows\System32\TwkLdVp.exe

C:\Windows\System32\BjPSHPE.exe

C:\Windows\System32\BjPSHPE.exe

C:\Windows\System32\LTmggeq.exe

C:\Windows\System32\LTmggeq.exe

C:\Windows\System32\ZIheZPT.exe

C:\Windows\System32\ZIheZPT.exe

C:\Windows\System32\XFgZmvh.exe

C:\Windows\System32\XFgZmvh.exe

C:\Windows\System32\iqTZyDP.exe

C:\Windows\System32\iqTZyDP.exe

C:\Windows\System32\GeAInYM.exe

C:\Windows\System32\GeAInYM.exe

C:\Windows\System32\CsXekUc.exe

C:\Windows\System32\CsXekUc.exe

C:\Windows\System32\PkWypEk.exe

C:\Windows\System32\PkWypEk.exe

C:\Windows\System32\rUShxWN.exe

C:\Windows\System32\rUShxWN.exe

C:\Windows\System32\dBBmazH.exe

C:\Windows\System32\dBBmazH.exe

C:\Windows\System32\ZPETCRi.exe

C:\Windows\System32\ZPETCRi.exe

C:\Windows\System32\qIGpagn.exe

C:\Windows\System32\qIGpagn.exe

C:\Windows\System32\eWWJwiM.exe

C:\Windows\System32\eWWJwiM.exe

C:\Windows\System32\lrZsYIR.exe

C:\Windows\System32\lrZsYIR.exe

C:\Windows\System32\MrAHCPM.exe

C:\Windows\System32\MrAHCPM.exe

C:\Windows\System32\voCMQwe.exe

C:\Windows\System32\voCMQwe.exe

C:\Windows\System32\WYrEfwB.exe

C:\Windows\System32\WYrEfwB.exe

C:\Windows\System32\Urlhzmx.exe

C:\Windows\System32\Urlhzmx.exe

C:\Windows\System32\ENIAmak.exe

C:\Windows\System32\ENIAmak.exe

C:\Windows\System32\kgKHpXg.exe

C:\Windows\System32\kgKHpXg.exe

C:\Windows\System32\NNGtTNB.exe

C:\Windows\System32\NNGtTNB.exe

C:\Windows\System32\DteZCWW.exe

C:\Windows\System32\DteZCWW.exe

C:\Windows\System32\NDtSxDD.exe

C:\Windows\System32\NDtSxDD.exe

C:\Windows\System32\xVEZbcy.exe

C:\Windows\System32\xVEZbcy.exe

C:\Windows\System32\MQnZnDP.exe

C:\Windows\System32\MQnZnDP.exe

C:\Windows\System32\xtytPPY.exe

C:\Windows\System32\xtytPPY.exe

C:\Windows\System32\UobcxVw.exe

C:\Windows\System32\UobcxVw.exe

C:\Windows\System32\PCwtPol.exe

C:\Windows\System32\PCwtPol.exe

C:\Windows\System32\NXHvTgt.exe

C:\Windows\System32\NXHvTgt.exe

C:\Windows\System32\DJODOFS.exe

C:\Windows\System32\DJODOFS.exe

C:\Windows\System32\apMVgOV.exe

C:\Windows\System32\apMVgOV.exe

C:\Windows\System32\QnqrmxQ.exe

C:\Windows\System32\QnqrmxQ.exe

C:\Windows\System32\LQYNcHA.exe

C:\Windows\System32\LQYNcHA.exe

C:\Windows\System32\TZkVPOt.exe

C:\Windows\System32\TZkVPOt.exe

C:\Windows\System32\qBtbaBc.exe

C:\Windows\System32\qBtbaBc.exe

C:\Windows\System32\AgRbQlm.exe

C:\Windows\System32\AgRbQlm.exe

C:\Windows\System32\AbIBPfK.exe

C:\Windows\System32\AbIBPfK.exe

C:\Windows\System32\EnDQStx.exe

C:\Windows\System32\EnDQStx.exe

C:\Windows\System32\IWzGZzG.exe

C:\Windows\System32\IWzGZzG.exe

C:\Windows\System32\IBnrmAt.exe

C:\Windows\System32\IBnrmAt.exe

C:\Windows\System32\iiDcWnR.exe

C:\Windows\System32\iiDcWnR.exe

C:\Windows\System32\JnYnuGj.exe

C:\Windows\System32\JnYnuGj.exe

C:\Windows\System32\SplqNnf.exe

C:\Windows\System32\SplqNnf.exe

C:\Windows\System32\YHsMStS.exe

C:\Windows\System32\YHsMStS.exe

C:\Windows\System32\VlwcqTl.exe

C:\Windows\System32\VlwcqTl.exe

C:\Windows\System32\NISXISv.exe

C:\Windows\System32\NISXISv.exe

C:\Windows\System32\MWJvBVw.exe

C:\Windows\System32\MWJvBVw.exe

C:\Windows\System32\dFDzjeX.exe

C:\Windows\System32\dFDzjeX.exe

C:\Windows\System32\cuQgJRU.exe

C:\Windows\System32\cuQgJRU.exe

C:\Windows\System32\rAUiaNd.exe

C:\Windows\System32\rAUiaNd.exe

C:\Windows\System32\cOTVvwP.exe

C:\Windows\System32\cOTVvwP.exe

C:\Windows\System32\ASOYLYY.exe

C:\Windows\System32\ASOYLYY.exe

C:\Windows\System32\vTlMByJ.exe

C:\Windows\System32\vTlMByJ.exe

C:\Windows\System32\BiLSvYw.exe

C:\Windows\System32\BiLSvYw.exe

C:\Windows\System32\FGBApfQ.exe

C:\Windows\System32\FGBApfQ.exe

C:\Windows\System32\wuiJgZu.exe

C:\Windows\System32\wuiJgZu.exe

C:\Windows\System32\sTtBJxr.exe

C:\Windows\System32\sTtBJxr.exe

C:\Windows\System32\EIOQfPa.exe

C:\Windows\System32\EIOQfPa.exe

C:\Windows\System32\QlIywXI.exe

C:\Windows\System32\QlIywXI.exe

C:\Windows\System32\HRdYICG.exe

C:\Windows\System32\HRdYICG.exe

C:\Windows\System32\TECVezn.exe

C:\Windows\System32\TECVezn.exe

C:\Windows\System32\PQfkGZz.exe

C:\Windows\System32\PQfkGZz.exe

C:\Windows\System32\OOvBMiI.exe

C:\Windows\System32\OOvBMiI.exe

C:\Windows\System32\aEoYuMb.exe

C:\Windows\System32\aEoYuMb.exe

C:\Windows\System32\vjDNRNV.exe

C:\Windows\System32\vjDNRNV.exe

C:\Windows\System32\KkqrQhS.exe

C:\Windows\System32\KkqrQhS.exe

C:\Windows\System32\aDMJTkC.exe

C:\Windows\System32\aDMJTkC.exe

C:\Windows\System32\ukPNxkI.exe

C:\Windows\System32\ukPNxkI.exe

C:\Windows\System32\xAVtFAT.exe

C:\Windows\System32\xAVtFAT.exe

C:\Windows\System32\cWmSSVE.exe

C:\Windows\System32\cWmSSVE.exe

C:\Windows\System32\MMMAaNz.exe

C:\Windows\System32\MMMAaNz.exe

C:\Windows\System32\tKcMdBb.exe

C:\Windows\System32\tKcMdBb.exe

C:\Windows\System32\ephsKOt.exe

C:\Windows\System32\ephsKOt.exe

C:\Windows\System32\hUWhZTj.exe

C:\Windows\System32\hUWhZTj.exe

C:\Windows\System32\PJWDyZm.exe

C:\Windows\System32\PJWDyZm.exe

C:\Windows\System32\VNuRlff.exe

C:\Windows\System32\VNuRlff.exe

C:\Windows\System32\xgUJgTY.exe

C:\Windows\System32\xgUJgTY.exe

C:\Windows\System32\BFoaaEA.exe

C:\Windows\System32\BFoaaEA.exe

C:\Windows\System32\laUkwcN.exe

C:\Windows\System32\laUkwcN.exe

C:\Windows\System32\iqGRXUy.exe

C:\Windows\System32\iqGRXUy.exe

C:\Windows\System32\FRUPZPq.exe

C:\Windows\System32\FRUPZPq.exe

C:\Windows\System32\HbJueTF.exe

C:\Windows\System32\HbJueTF.exe

C:\Windows\System32\UTTxGDZ.exe

C:\Windows\System32\UTTxGDZ.exe

C:\Windows\System32\oLSrDka.exe

C:\Windows\System32\oLSrDka.exe

C:\Windows\System32\WjFAaWl.exe

C:\Windows\System32\WjFAaWl.exe

C:\Windows\System32\NYdyIbJ.exe

C:\Windows\System32\NYdyIbJ.exe

C:\Windows\System32\tflnLpQ.exe

C:\Windows\System32\tflnLpQ.exe

C:\Windows\System32\BfGnpVS.exe

C:\Windows\System32\BfGnpVS.exe

C:\Windows\System32\fKqmyjV.exe

C:\Windows\System32\fKqmyjV.exe

C:\Windows\System32\aPETFnJ.exe

C:\Windows\System32\aPETFnJ.exe

C:\Windows\System32\JSBncvQ.exe

C:\Windows\System32\JSBncvQ.exe

C:\Windows\System32\pSdcNuL.exe

C:\Windows\System32\pSdcNuL.exe

C:\Windows\System32\oXZMPsY.exe

C:\Windows\System32\oXZMPsY.exe

C:\Windows\System32\UMyBTbF.exe

C:\Windows\System32\UMyBTbF.exe

C:\Windows\System32\vpkCsJN.exe

C:\Windows\System32\vpkCsJN.exe

C:\Windows\System32\RAsPpRA.exe

C:\Windows\System32\RAsPpRA.exe

C:\Windows\System32\xMYWnRP.exe

C:\Windows\System32\xMYWnRP.exe

C:\Windows\System32\lZomPZm.exe

C:\Windows\System32\lZomPZm.exe

C:\Windows\System32\LTFEurF.exe

C:\Windows\System32\LTFEurF.exe

C:\Windows\System32\iJXQaYF.exe

C:\Windows\System32\iJXQaYF.exe

C:\Windows\System32\EuQcUil.exe

C:\Windows\System32\EuQcUil.exe

C:\Windows\System32\gYZmEtE.exe

C:\Windows\System32\gYZmEtE.exe

C:\Windows\System32\lhnVuwO.exe

C:\Windows\System32\lhnVuwO.exe

C:\Windows\System32\NFBjbcs.exe

C:\Windows\System32\NFBjbcs.exe

C:\Windows\System32\Tisflmo.exe

C:\Windows\System32\Tisflmo.exe

C:\Windows\System32\mXKyejD.exe

C:\Windows\System32\mXKyejD.exe

C:\Windows\System32\aseKEjE.exe

C:\Windows\System32\aseKEjE.exe

C:\Windows\System32\bodCnZj.exe

C:\Windows\System32\bodCnZj.exe

C:\Windows\System32\auFNaoK.exe

C:\Windows\System32\auFNaoK.exe

C:\Windows\System32\JKVEjXQ.exe

C:\Windows\System32\JKVEjXQ.exe

C:\Windows\System32\yxDLovU.exe

C:\Windows\System32\yxDLovU.exe

C:\Windows\System32\JnMoIAu.exe

C:\Windows\System32\JnMoIAu.exe

C:\Windows\System32\rXFlkhb.exe

C:\Windows\System32\rXFlkhb.exe

C:\Windows\System32\teoEpWJ.exe

C:\Windows\System32\teoEpWJ.exe

C:\Windows\System32\IoKQQOZ.exe

C:\Windows\System32\IoKQQOZ.exe

C:\Windows\System32\uLYwwnd.exe

C:\Windows\System32\uLYwwnd.exe

C:\Windows\System32\wJCWKhJ.exe

C:\Windows\System32\wJCWKhJ.exe

C:\Windows\System32\ebpbgJi.exe

C:\Windows\System32\ebpbgJi.exe

C:\Windows\System32\hJgLoNW.exe

C:\Windows\System32\hJgLoNW.exe

C:\Windows\System32\TDPASqL.exe

C:\Windows\System32\TDPASqL.exe

C:\Windows\System32\NPiSoUt.exe

C:\Windows\System32\NPiSoUt.exe

C:\Windows\System32\vnyqboW.exe

C:\Windows\System32\vnyqboW.exe

C:\Windows\System32\DIdlCLv.exe

C:\Windows\System32\DIdlCLv.exe

C:\Windows\System32\RNWJmRl.exe

C:\Windows\System32\RNWJmRl.exe

C:\Windows\System32\pvcIpfv.exe

C:\Windows\System32\pvcIpfv.exe

C:\Windows\System32\cercxPf.exe

C:\Windows\System32\cercxPf.exe

C:\Windows\System32\kqtBKuS.exe

C:\Windows\System32\kqtBKuS.exe

C:\Windows\System32\gyUgESx.exe

C:\Windows\System32\gyUgESx.exe

C:\Windows\System32\prPJGMy.exe

C:\Windows\System32\prPJGMy.exe

C:\Windows\System32\fzNVMrM.exe

C:\Windows\System32\fzNVMrM.exe

C:\Windows\System32\DNJBogU.exe

C:\Windows\System32\DNJBogU.exe

C:\Windows\System32\eWEqzGW.exe

C:\Windows\System32\eWEqzGW.exe

C:\Windows\System32\lsSUkIN.exe

C:\Windows\System32\lsSUkIN.exe

C:\Windows\System32\HYuwrkn.exe

C:\Windows\System32\HYuwrkn.exe

C:\Windows\System32\sVctrKU.exe

C:\Windows\System32\sVctrKU.exe

C:\Windows\System32\oeqmWFT.exe

C:\Windows\System32\oeqmWFT.exe

C:\Windows\System32\xDwucAQ.exe

C:\Windows\System32\xDwucAQ.exe

C:\Windows\System32\nITHHXJ.exe

C:\Windows\System32\nITHHXJ.exe

C:\Windows\System32\gzpjAQq.exe

C:\Windows\System32\gzpjAQq.exe

C:\Windows\System32\BeQGLfe.exe

C:\Windows\System32\BeQGLfe.exe

C:\Windows\System32\JTZklcB.exe

C:\Windows\System32\JTZklcB.exe

C:\Windows\System32\FzMJKKb.exe

C:\Windows\System32\FzMJKKb.exe

C:\Windows\System32\pCIzekA.exe

C:\Windows\System32\pCIzekA.exe

C:\Windows\System32\rRKmPwz.exe

C:\Windows\System32\rRKmPwz.exe

C:\Windows\System32\sFaztcv.exe

C:\Windows\System32\sFaztcv.exe

C:\Windows\System32\VZRlpxq.exe

C:\Windows\System32\VZRlpxq.exe

C:\Windows\System32\IErDwVp.exe

C:\Windows\System32\IErDwVp.exe

C:\Windows\System32\sWizvOD.exe

C:\Windows\System32\sWizvOD.exe

C:\Windows\System32\UWYRpbD.exe

C:\Windows\System32\UWYRpbD.exe

C:\Windows\System32\kvWsHHf.exe

C:\Windows\System32\kvWsHHf.exe

C:\Windows\System32\YoEQSvS.exe

C:\Windows\System32\YoEQSvS.exe

C:\Windows\System32\TLOcHaY.exe

C:\Windows\System32\TLOcHaY.exe

C:\Windows\System32\mTxFbZj.exe

C:\Windows\System32\mTxFbZj.exe

C:\Windows\System32\GjqsTPr.exe

C:\Windows\System32\GjqsTPr.exe

C:\Windows\System32\iEdPQBD.exe

C:\Windows\System32\iEdPQBD.exe

C:\Windows\System32\HayHkWf.exe

C:\Windows\System32\HayHkWf.exe

C:\Windows\System32\NdjEKIs.exe

C:\Windows\System32\NdjEKIs.exe

C:\Windows\System32\qqnsniv.exe

C:\Windows\System32\qqnsniv.exe

C:\Windows\System32\lmvicrz.exe

C:\Windows\System32\lmvicrz.exe

C:\Windows\System32\feNuRpG.exe

C:\Windows\System32\feNuRpG.exe

C:\Windows\System32\HIJQlmG.exe

C:\Windows\System32\HIJQlmG.exe

C:\Windows\System32\FLykvnY.exe

C:\Windows\System32\FLykvnY.exe

C:\Windows\System32\MtCGnLN.exe

C:\Windows\System32\MtCGnLN.exe

C:\Windows\System32\gBuFHlO.exe

C:\Windows\System32\gBuFHlO.exe

C:\Windows\System32\BGOrpUC.exe

C:\Windows\System32\BGOrpUC.exe

C:\Windows\System32\JYnFsPb.exe

C:\Windows\System32\JYnFsPb.exe

C:\Windows\System32\VtXTQBL.exe

C:\Windows\System32\VtXTQBL.exe

C:\Windows\System32\DALRXUY.exe

C:\Windows\System32\DALRXUY.exe

C:\Windows\System32\YdySzqn.exe

C:\Windows\System32\YdySzqn.exe

C:\Windows\System32\ZIsXDxD.exe

C:\Windows\System32\ZIsXDxD.exe

C:\Windows\System32\xonreUz.exe

C:\Windows\System32\xonreUz.exe

C:\Windows\System32\esAJqqz.exe

C:\Windows\System32\esAJqqz.exe

C:\Windows\System32\KMCBnNn.exe

C:\Windows\System32\KMCBnNn.exe

C:\Windows\System32\tzmlweg.exe

C:\Windows\System32\tzmlweg.exe

C:\Windows\System32\yewucFy.exe

C:\Windows\System32\yewucFy.exe

C:\Windows\System32\YvRjmGd.exe

C:\Windows\System32\YvRjmGd.exe

C:\Windows\System32\KoPDtbJ.exe

C:\Windows\System32\KoPDtbJ.exe

C:\Windows\System32\KfYMIjG.exe

C:\Windows\System32\KfYMIjG.exe

C:\Windows\System32\NxrUvBr.exe

C:\Windows\System32\NxrUvBr.exe

C:\Windows\System32\AUIoblq.exe

C:\Windows\System32\AUIoblq.exe

C:\Windows\System32\wxWjnPJ.exe

C:\Windows\System32\wxWjnPJ.exe

C:\Windows\System32\rrwRezk.exe

C:\Windows\System32\rrwRezk.exe

C:\Windows\System32\jZrNOjs.exe

C:\Windows\System32\jZrNOjs.exe

C:\Windows\System32\QirOQbV.exe

C:\Windows\System32\QirOQbV.exe

C:\Windows\System32\iecBMFC.exe

C:\Windows\System32\iecBMFC.exe

C:\Windows\System32\rzuakqr.exe

C:\Windows\System32\rzuakqr.exe

C:\Windows\System32\PMixCFe.exe

C:\Windows\System32\PMixCFe.exe

C:\Windows\System32\PhgOjmL.exe

C:\Windows\System32\PhgOjmL.exe

C:\Windows\System32\tIShFyU.exe

C:\Windows\System32\tIShFyU.exe

C:\Windows\System32\pMFRGLP.exe

C:\Windows\System32\pMFRGLP.exe

C:\Windows\System32\XceNwiu.exe

C:\Windows\System32\XceNwiu.exe

C:\Windows\System32\DxLeNHt.exe

C:\Windows\System32\DxLeNHt.exe

C:\Windows\System32\bGVNlWa.exe

C:\Windows\System32\bGVNlWa.exe

C:\Windows\System32\jonBUlD.exe

C:\Windows\System32\jonBUlD.exe

C:\Windows\System32\YbPtTIu.exe

C:\Windows\System32\YbPtTIu.exe

C:\Windows\System32\aplMqmn.exe

C:\Windows\System32\aplMqmn.exe

C:\Windows\System32\EVCRHZQ.exe

C:\Windows\System32\EVCRHZQ.exe

C:\Windows\System32\iXknjtJ.exe

C:\Windows\System32\iXknjtJ.exe

C:\Windows\System32\ywIsBjW.exe

C:\Windows\System32\ywIsBjW.exe

C:\Windows\System32\OjHpjZM.exe

C:\Windows\System32\OjHpjZM.exe

C:\Windows\System32\IoduxbK.exe

C:\Windows\System32\IoduxbK.exe

C:\Windows\System32\fyyEVyE.exe

C:\Windows\System32\fyyEVyE.exe

C:\Windows\System32\pMJUtAt.exe

C:\Windows\System32\pMJUtAt.exe

C:\Windows\System32\sPrQDWM.exe

C:\Windows\System32\sPrQDWM.exe

C:\Windows\System32\QYdppBP.exe

C:\Windows\System32\QYdppBP.exe

C:\Windows\System32\qkJIUOk.exe

C:\Windows\System32\qkJIUOk.exe

C:\Windows\System32\GfehQMU.exe

C:\Windows\System32\GfehQMU.exe

C:\Windows\System32\uCsROYB.exe

C:\Windows\System32\uCsROYB.exe

C:\Windows\System32\LKVrMHz.exe

C:\Windows\System32\LKVrMHz.exe

C:\Windows\System32\xEYWAJX.exe

C:\Windows\System32\xEYWAJX.exe

C:\Windows\System32\pdwJhJk.exe

C:\Windows\System32\pdwJhJk.exe

C:\Windows\System32\ssokdfH.exe

C:\Windows\System32\ssokdfH.exe

C:\Windows\System32\sOqCovm.exe

C:\Windows\System32\sOqCovm.exe

C:\Windows\System32\OpTGBMA.exe

C:\Windows\System32\OpTGBMA.exe

C:\Windows\System32\tziLQkR.exe

C:\Windows\System32\tziLQkR.exe

C:\Windows\System32\joWoxvO.exe

C:\Windows\System32\joWoxvO.exe

C:\Windows\System32\tsaPSlE.exe

C:\Windows\System32\tsaPSlE.exe

C:\Windows\System32\ccbXiiT.exe

C:\Windows\System32\ccbXiiT.exe

C:\Windows\System32\MRVPDed.exe

C:\Windows\System32\MRVPDed.exe

C:\Windows\System32\ihQKCEb.exe

C:\Windows\System32\ihQKCEb.exe

C:\Windows\System32\pEYjpXK.exe

C:\Windows\System32\pEYjpXK.exe

C:\Windows\System32\jEtwZXM.exe

C:\Windows\System32\jEtwZXM.exe

C:\Windows\System32\eVltoMd.exe

C:\Windows\System32\eVltoMd.exe

C:\Windows\System32\kGVoBkA.exe

C:\Windows\System32\kGVoBkA.exe

C:\Windows\System32\pzbDBYr.exe

C:\Windows\System32\pzbDBYr.exe

C:\Windows\System32\DLMSvJX.exe

C:\Windows\System32\DLMSvJX.exe

C:\Windows\System32\pXlZjoU.exe

C:\Windows\System32\pXlZjoU.exe

C:\Windows\System32\WNavZIf.exe

C:\Windows\System32\WNavZIf.exe

C:\Windows\System32\dkMvGun.exe

C:\Windows\System32\dkMvGun.exe

C:\Windows\System32\JtDoPzl.exe

C:\Windows\System32\JtDoPzl.exe

C:\Windows\System32\qGOAaVR.exe

C:\Windows\System32\qGOAaVR.exe

C:\Windows\System32\EkrSkEG.exe

C:\Windows\System32\EkrSkEG.exe

C:\Windows\System32\lUpinMs.exe

C:\Windows\System32\lUpinMs.exe

C:\Windows\System32\SWhHTKt.exe

C:\Windows\System32\SWhHTKt.exe

C:\Windows\System32\VzKgRHi.exe

C:\Windows\System32\VzKgRHi.exe

C:\Windows\System32\ilLZHdT.exe

C:\Windows\System32\ilLZHdT.exe

C:\Windows\System32\ssqnvBO.exe

C:\Windows\System32\ssqnvBO.exe

C:\Windows\System32\CMQrzSn.exe

C:\Windows\System32\CMQrzSn.exe

C:\Windows\System32\URMXQfI.exe

C:\Windows\System32\URMXQfI.exe

C:\Windows\System32\cYGmwXa.exe

C:\Windows\System32\cYGmwXa.exe

C:\Windows\System32\JrLytfr.exe

C:\Windows\System32\JrLytfr.exe

C:\Windows\System32\tVeHgAF.exe

C:\Windows\System32\tVeHgAF.exe

C:\Windows\System32\pxFBBuE.exe

C:\Windows\System32\pxFBBuE.exe

C:\Windows\System32\GwodkUB.exe

C:\Windows\System32\GwodkUB.exe

C:\Windows\System32\hSyCNhP.exe

C:\Windows\System32\hSyCNhP.exe

C:\Windows\System32\bcMkPrI.exe

C:\Windows\System32\bcMkPrI.exe

C:\Windows\System32\yvxJpMI.exe

C:\Windows\System32\yvxJpMI.exe

C:\Windows\System32\MqefaTA.exe

C:\Windows\System32\MqefaTA.exe

C:\Windows\System32\zpgAiwL.exe

C:\Windows\System32\zpgAiwL.exe

C:\Windows\System32\mJkYoPI.exe

C:\Windows\System32\mJkYoPI.exe

C:\Windows\System32\SKBZIsH.exe

C:\Windows\System32\SKBZIsH.exe

C:\Windows\System32\qIfstkY.exe

C:\Windows\System32\qIfstkY.exe

C:\Windows\System32\bGmxweq.exe

C:\Windows\System32\bGmxweq.exe

C:\Windows\System32\vKEDFJm.exe

C:\Windows\System32\vKEDFJm.exe

C:\Windows\System32\tYemymD.exe

C:\Windows\System32\tYemymD.exe

C:\Windows\System32\BiJfDZG.exe

C:\Windows\System32\BiJfDZG.exe

C:\Windows\System32\tNQGGph.exe

C:\Windows\System32\tNQGGph.exe

C:\Windows\System32\EnBUwnS.exe

C:\Windows\System32\EnBUwnS.exe

C:\Windows\System32\dhtOkLq.exe

C:\Windows\System32\dhtOkLq.exe

C:\Windows\System32\nDgqAjn.exe

C:\Windows\System32\nDgqAjn.exe

C:\Windows\System32\ZcNlCQr.exe

C:\Windows\System32\ZcNlCQr.exe

C:\Windows\System32\oFKHwDj.exe

C:\Windows\System32\oFKHwDj.exe

C:\Windows\System32\fUCqjrt.exe

C:\Windows\System32\fUCqjrt.exe

C:\Windows\System32\aGjsQwC.exe

C:\Windows\System32\aGjsQwC.exe

C:\Windows\System32\TwiCcMH.exe

C:\Windows\System32\TwiCcMH.exe

C:\Windows\System32\SdEfkdo.exe

C:\Windows\System32\SdEfkdo.exe

C:\Windows\System32\LIuOfiU.exe

C:\Windows\System32\LIuOfiU.exe

C:\Windows\System32\THbOChA.exe

C:\Windows\System32\THbOChA.exe

C:\Windows\System32\lrEoJNC.exe

C:\Windows\System32\lrEoJNC.exe

C:\Windows\System32\WJHolPN.exe

C:\Windows\System32\WJHolPN.exe

C:\Windows\System32\BnsFSLC.exe

C:\Windows\System32\BnsFSLC.exe

C:\Windows\System32\AUuiCbA.exe

C:\Windows\System32\AUuiCbA.exe

C:\Windows\System32\ytVYoTl.exe

C:\Windows\System32\ytVYoTl.exe

C:\Windows\System32\jdGnzKj.exe

C:\Windows\System32\jdGnzKj.exe

C:\Windows\System32\BxSwEPC.exe

C:\Windows\System32\BxSwEPC.exe

C:\Windows\System32\siDptku.exe

C:\Windows\System32\siDptku.exe

C:\Windows\System32\isqgsfC.exe

C:\Windows\System32\isqgsfC.exe

C:\Windows\System32\BXixdDE.exe

C:\Windows\System32\BXixdDE.exe

C:\Windows\System32\ocDsHyB.exe

C:\Windows\System32\ocDsHyB.exe

C:\Windows\System32\iYhubwK.exe

C:\Windows\System32\iYhubwK.exe

C:\Windows\System32\YsovQOY.exe

C:\Windows\System32\YsovQOY.exe

C:\Windows\System32\jnUdYUX.exe

C:\Windows\System32\jnUdYUX.exe

C:\Windows\System32\xRnMYIq.exe

C:\Windows\System32\xRnMYIq.exe

C:\Windows\System32\cQLTCTK.exe

C:\Windows\System32\cQLTCTK.exe

C:\Windows\System32\eycwReI.exe

C:\Windows\System32\eycwReI.exe

C:\Windows\System32\BelcdaA.exe

C:\Windows\System32\BelcdaA.exe

C:\Windows\System32\FSbyAaF.exe

C:\Windows\System32\FSbyAaF.exe

C:\Windows\System32\nYxwccX.exe

C:\Windows\System32\nYxwccX.exe

C:\Windows\System32\YBDmbwI.exe

C:\Windows\System32\YBDmbwI.exe

C:\Windows\System32\AgNWbGk.exe

C:\Windows\System32\AgNWbGk.exe

C:\Windows\System32\bUUUuXC.exe

C:\Windows\System32\bUUUuXC.exe

C:\Windows\System32\INnKmYP.exe

C:\Windows\System32\INnKmYP.exe

C:\Windows\System32\TsUzXkV.exe

C:\Windows\System32\TsUzXkV.exe

C:\Windows\System32\mUcsDAG.exe

C:\Windows\System32\mUcsDAG.exe

C:\Windows\System32\thIzTJw.exe

C:\Windows\System32\thIzTJw.exe

C:\Windows\System32\jNzqmDV.exe

C:\Windows\System32\jNzqmDV.exe

C:\Windows\System32\SqVHhYt.exe

C:\Windows\System32\SqVHhYt.exe

C:\Windows\System32\yWNiYab.exe

C:\Windows\System32\yWNiYab.exe

C:\Windows\System32\Mhmqvsb.exe

C:\Windows\System32\Mhmqvsb.exe

C:\Windows\System32\hpAmnOJ.exe

C:\Windows\System32\hpAmnOJ.exe

C:\Windows\System32\INEQkpy.exe

C:\Windows\System32\INEQkpy.exe

C:\Windows\System32\fZqlJQZ.exe

C:\Windows\System32\fZqlJQZ.exe

C:\Windows\System32\lpbzEwE.exe

C:\Windows\System32\lpbzEwE.exe

C:\Windows\System32\CoVDlIL.exe

C:\Windows\System32\CoVDlIL.exe

C:\Windows\System32\IngdOcL.exe

C:\Windows\System32\IngdOcL.exe

C:\Windows\System32\aUERHck.exe

C:\Windows\System32\aUERHck.exe

C:\Windows\System32\RxjKlkk.exe

C:\Windows\System32\RxjKlkk.exe

C:\Windows\System32\dDiXcAs.exe

C:\Windows\System32\dDiXcAs.exe

C:\Windows\System32\kNgUCrJ.exe

C:\Windows\System32\kNgUCrJ.exe

C:\Windows\System32\oXlXycg.exe

C:\Windows\System32\oXlXycg.exe

C:\Windows\System32\gKicgVE.exe

C:\Windows\System32\gKicgVE.exe

C:\Windows\System32\JIdvoMM.exe

C:\Windows\System32\JIdvoMM.exe

C:\Windows\System32\ozMwbUa.exe

C:\Windows\System32\ozMwbUa.exe

C:\Windows\System32\PlCmJvb.exe

C:\Windows\System32\PlCmJvb.exe

C:\Windows\System32\mFuuspg.exe

C:\Windows\System32\mFuuspg.exe

C:\Windows\System32\AjzWytM.exe

C:\Windows\System32\AjzWytM.exe

C:\Windows\System32\AuycosR.exe

C:\Windows\System32\AuycosR.exe

C:\Windows\System32\YgsmWRo.exe

C:\Windows\System32\YgsmWRo.exe

C:\Windows\System32\JaxDgRt.exe

C:\Windows\System32\JaxDgRt.exe

C:\Windows\System32\hIefdVM.exe

C:\Windows\System32\hIefdVM.exe

C:\Windows\System32\cQEzVNr.exe

C:\Windows\System32\cQEzVNr.exe

C:\Windows\System32\vbdFdMf.exe

C:\Windows\System32\vbdFdMf.exe

C:\Windows\System32\fuFjbeG.exe

C:\Windows\System32\fuFjbeG.exe

C:\Windows\System32\DMQhISj.exe

C:\Windows\System32\DMQhISj.exe

C:\Windows\System32\scjQJMg.exe

C:\Windows\System32\scjQJMg.exe

C:\Windows\System32\zDxrfXT.exe

C:\Windows\System32\zDxrfXT.exe

C:\Windows\System32\tiwWIHB.exe

C:\Windows\System32\tiwWIHB.exe

C:\Windows\System32\YGGhVXO.exe

C:\Windows\System32\YGGhVXO.exe

C:\Windows\System32\KoVvFiP.exe

C:\Windows\System32\KoVvFiP.exe

C:\Windows\System32\CSmRfPC.exe

C:\Windows\System32\CSmRfPC.exe

C:\Windows\System32\xttIcZN.exe

C:\Windows\System32\xttIcZN.exe

C:\Windows\System32\nHhBiDx.exe

C:\Windows\System32\nHhBiDx.exe

C:\Windows\System32\wPOriJy.exe

C:\Windows\System32\wPOriJy.exe

C:\Windows\System32\TNyhjiA.exe

C:\Windows\System32\TNyhjiA.exe

C:\Windows\System32\HnJUwyQ.exe

C:\Windows\System32\HnJUwyQ.exe

C:\Windows\System32\DEbKimw.exe

C:\Windows\System32\DEbKimw.exe

C:\Windows\System32\StzKjZb.exe

C:\Windows\System32\StzKjZb.exe

C:\Windows\System32\LDfmjqD.exe

C:\Windows\System32\LDfmjqD.exe

C:\Windows\System32\lFVPIak.exe

C:\Windows\System32\lFVPIak.exe

C:\Windows\System32\UrcLkAM.exe

C:\Windows\System32\UrcLkAM.exe

C:\Windows\System32\TcaCTmE.exe

C:\Windows\System32\TcaCTmE.exe

C:\Windows\System32\cdZFnTs.exe

C:\Windows\System32\cdZFnTs.exe

C:\Windows\System32\RioQCiK.exe

C:\Windows\System32\RioQCiK.exe

C:\Windows\System32\mZTatoy.exe

C:\Windows\System32\mZTatoy.exe

C:\Windows\System32\XAofztr.exe

C:\Windows\System32\XAofztr.exe

C:\Windows\System32\unXGTTB.exe

C:\Windows\System32\unXGTTB.exe

C:\Windows\System32\HBapgcW.exe

C:\Windows\System32\HBapgcW.exe

C:\Windows\System32\fTgbzkI.exe

C:\Windows\System32\fTgbzkI.exe

C:\Windows\System32\mMbAQNg.exe

C:\Windows\System32\mMbAQNg.exe

C:\Windows\System32\uLRtXSA.exe

C:\Windows\System32\uLRtXSA.exe

C:\Windows\System32\qQfyEPJ.exe

C:\Windows\System32\qQfyEPJ.exe

C:\Windows\System32\MLrTEiQ.exe

C:\Windows\System32\MLrTEiQ.exe

C:\Windows\System32\GALOTBf.exe

C:\Windows\System32\GALOTBf.exe

C:\Windows\System32\qDZVUHp.exe

C:\Windows\System32\qDZVUHp.exe

C:\Windows\System32\MRtUisb.exe

C:\Windows\System32\MRtUisb.exe

C:\Windows\System32\zwmhlaO.exe

C:\Windows\System32\zwmhlaO.exe

C:\Windows\System32\HZwBUhh.exe

C:\Windows\System32\HZwBUhh.exe

C:\Windows\System32\roSZiHC.exe

C:\Windows\System32\roSZiHC.exe

C:\Windows\System32\POytJhB.exe

C:\Windows\System32\POytJhB.exe

C:\Windows\System32\wlhhfeh.exe

C:\Windows\System32\wlhhfeh.exe

C:\Windows\System32\jwDstRh.exe

C:\Windows\System32\jwDstRh.exe

C:\Windows\System32\fYgbNXn.exe

C:\Windows\System32\fYgbNXn.exe

C:\Windows\System32\EfDtSmk.exe

C:\Windows\System32\EfDtSmk.exe

C:\Windows\System32\RwKPQgr.exe

C:\Windows\System32\RwKPQgr.exe

C:\Windows\System32\atykIcr.exe

C:\Windows\System32\atykIcr.exe

C:\Windows\System32\TZGoEkW.exe

C:\Windows\System32\TZGoEkW.exe

C:\Windows\System32\bjltYBJ.exe

C:\Windows\System32\bjltYBJ.exe

C:\Windows\System32\TcfaXIi.exe

C:\Windows\System32\TcfaXIi.exe

C:\Windows\System32\kGixqeq.exe

C:\Windows\System32\kGixqeq.exe

C:\Windows\System32\tKhVOUp.exe

C:\Windows\System32\tKhVOUp.exe

C:\Windows\System32\SZDQCAL.exe

C:\Windows\System32\SZDQCAL.exe

C:\Windows\System32\zvtyBrK.exe

C:\Windows\System32\zvtyBrK.exe

C:\Windows\System32\eGClLQh.exe

C:\Windows\System32\eGClLQh.exe

C:\Windows\System32\tjLHnkD.exe

C:\Windows\System32\tjLHnkD.exe

C:\Windows\System32\JDmyreG.exe

C:\Windows\System32\JDmyreG.exe

C:\Windows\System32\lMqZmLV.exe

C:\Windows\System32\lMqZmLV.exe

C:\Windows\System32\hZSklxh.exe

C:\Windows\System32\hZSklxh.exe

C:\Windows\System32\CGXxGrM.exe

C:\Windows\System32\CGXxGrM.exe

C:\Windows\System32\WLbArkf.exe

C:\Windows\System32\WLbArkf.exe

C:\Windows\System32\HtAGpis.exe

C:\Windows\System32\HtAGpis.exe

C:\Windows\System32\DstVDLV.exe

C:\Windows\System32\DstVDLV.exe

C:\Windows\System32\uRZNFCF.exe

C:\Windows\System32\uRZNFCF.exe

C:\Windows\System32\nhjGigc.exe

C:\Windows\System32\nhjGigc.exe

C:\Windows\System32\bYGZPaz.exe

C:\Windows\System32\bYGZPaz.exe

C:\Windows\System32\GepFOfc.exe

C:\Windows\System32\GepFOfc.exe

C:\Windows\System32\NkFJxFR.exe

C:\Windows\System32\NkFJxFR.exe

C:\Windows\System32\AnLRBcB.exe

C:\Windows\System32\AnLRBcB.exe

C:\Windows\System32\XRxdePd.exe

C:\Windows\System32\XRxdePd.exe

C:\Windows\System32\ZewlRTr.exe

C:\Windows\System32\ZewlRTr.exe

C:\Windows\System32\qceohNn.exe

C:\Windows\System32\qceohNn.exe

C:\Windows\System32\WtdGuHG.exe

C:\Windows\System32\WtdGuHG.exe

C:\Windows\System32\gQUdmie.exe

C:\Windows\System32\gQUdmie.exe

C:\Windows\System32\pwpxoGG.exe

C:\Windows\System32\pwpxoGG.exe

C:\Windows\System32\ddWmBBw.exe

C:\Windows\System32\ddWmBBw.exe

C:\Windows\System32\OFsrLWO.exe

C:\Windows\System32\OFsrLWO.exe

C:\Windows\System32\DOzQIqM.exe

C:\Windows\System32\DOzQIqM.exe

C:\Windows\System32\RVYrLAU.exe

C:\Windows\System32\RVYrLAU.exe

C:\Windows\System32\YZKOYPb.exe

C:\Windows\System32\YZKOYPb.exe

C:\Windows\System32\LeBqWVX.exe

C:\Windows\System32\LeBqWVX.exe

C:\Windows\System32\ZFGJqoh.exe

C:\Windows\System32\ZFGJqoh.exe

C:\Windows\System32\ZkVEzkw.exe

C:\Windows\System32\ZkVEzkw.exe

C:\Windows\System32\JnIsauE.exe

C:\Windows\System32\JnIsauE.exe

C:\Windows\System32\OteYbPw.exe

C:\Windows\System32\OteYbPw.exe

C:\Windows\System32\JUBaENF.exe

C:\Windows\System32\JUBaENF.exe

C:\Windows\System32\amWeWxG.exe

C:\Windows\System32\amWeWxG.exe

C:\Windows\System32\jCipvRq.exe

C:\Windows\System32\jCipvRq.exe

C:\Windows\System32\YifThPc.exe

C:\Windows\System32\YifThPc.exe

C:\Windows\System32\dzYOvHo.exe

C:\Windows\System32\dzYOvHo.exe

C:\Windows\System32\yYQjxRl.exe

C:\Windows\System32\yYQjxRl.exe

C:\Windows\System32\mJVNedP.exe

C:\Windows\System32\mJVNedP.exe

C:\Windows\System32\ZZtXFtB.exe

C:\Windows\System32\ZZtXFtB.exe

C:\Windows\System32\xRmJHnd.exe

C:\Windows\System32\xRmJHnd.exe

C:\Windows\System32\jZynAnx.exe

C:\Windows\System32\jZynAnx.exe

C:\Windows\System32\IYzyrMi.exe

C:\Windows\System32\IYzyrMi.exe

C:\Windows\System32\xMHIcLr.exe

C:\Windows\System32\xMHIcLr.exe

C:\Windows\System32\vMhpcMx.exe

C:\Windows\System32\vMhpcMx.exe

C:\Windows\System32\kqFapoO.exe

C:\Windows\System32\kqFapoO.exe

C:\Windows\System32\fPQGEUg.exe

C:\Windows\System32\fPQGEUg.exe

C:\Windows\System32\CWDUAez.exe

C:\Windows\System32\CWDUAez.exe

C:\Windows\System32\dLZdmZU.exe

C:\Windows\System32\dLZdmZU.exe

C:\Windows\System32\FgvFmmi.exe

C:\Windows\System32\FgvFmmi.exe

C:\Windows\System32\MbRqWTh.exe

C:\Windows\System32\MbRqWTh.exe

C:\Windows\System32\PEaBYUr.exe

C:\Windows\System32\PEaBYUr.exe

C:\Windows\System32\bqzucoC.exe

C:\Windows\System32\bqzucoC.exe

C:\Windows\System32\MCZtnMo.exe

C:\Windows\System32\MCZtnMo.exe

C:\Windows\System32\vYOrRiY.exe

C:\Windows\System32\vYOrRiY.exe

C:\Windows\System32\EJZAkec.exe

C:\Windows\System32\EJZAkec.exe

C:\Windows\System32\lXRgncg.exe

C:\Windows\System32\lXRgncg.exe

C:\Windows\System32\GFHSdXp.exe

C:\Windows\System32\GFHSdXp.exe

C:\Windows\System32\AVfMuqD.exe

C:\Windows\System32\AVfMuqD.exe

C:\Windows\System32\EmzCNxP.exe

C:\Windows\System32\EmzCNxP.exe

C:\Windows\System32\WjZouZG.exe

C:\Windows\System32\WjZouZG.exe

C:\Windows\System32\jhxCnLh.exe

C:\Windows\System32\jhxCnLh.exe

C:\Windows\System32\Opskmfr.exe

C:\Windows\System32\Opskmfr.exe

C:\Windows\System32\ylsLCal.exe

C:\Windows\System32\ylsLCal.exe

C:\Windows\System32\SRYxBfH.exe

C:\Windows\System32\SRYxBfH.exe

C:\Windows\System32\usKgBlS.exe

C:\Windows\System32\usKgBlS.exe

C:\Windows\System32\uODbvIJ.exe

C:\Windows\System32\uODbvIJ.exe

C:\Windows\System32\PyhiieZ.exe

C:\Windows\System32\PyhiieZ.exe

C:\Windows\System32\jZziIDT.exe

C:\Windows\System32\jZziIDT.exe

C:\Windows\System32\GqltOwH.exe

C:\Windows\System32\GqltOwH.exe

C:\Windows\System32\UFLwzLJ.exe

C:\Windows\System32\UFLwzLJ.exe

C:\Windows\System32\qFFmXkK.exe

C:\Windows\System32\qFFmXkK.exe

C:\Windows\System32\OPuFWWi.exe

C:\Windows\System32\OPuFWWi.exe

C:\Windows\System32\Xbbpjtm.exe

C:\Windows\System32\Xbbpjtm.exe

C:\Windows\System32\YODVKFx.exe

C:\Windows\System32\YODVKFx.exe

C:\Windows\System32\IigIByl.exe

C:\Windows\System32\IigIByl.exe

C:\Windows\System32\gqtCpaL.exe

C:\Windows\System32\gqtCpaL.exe

C:\Windows\System32\twnIZjF.exe

C:\Windows\System32\twnIZjF.exe

C:\Windows\System32\JMjHqdU.exe

C:\Windows\System32\JMjHqdU.exe

C:\Windows\System32\qbVcknD.exe

C:\Windows\System32\qbVcknD.exe

C:\Windows\System32\QSrZqtX.exe

C:\Windows\System32\QSrZqtX.exe

C:\Windows\System32\kuFpECC.exe

C:\Windows\System32\kuFpECC.exe

C:\Windows\System32\exzStwp.exe

C:\Windows\System32\exzStwp.exe

C:\Windows\System32\tPxTlyU.exe

C:\Windows\System32\tPxTlyU.exe

C:\Windows\System32\CoGDsUM.exe

C:\Windows\System32\CoGDsUM.exe

C:\Windows\System32\YciHBop.exe

C:\Windows\System32\YciHBop.exe

C:\Windows\System32\GhCpofg.exe

C:\Windows\System32\GhCpofg.exe

C:\Windows\System32\wEdzkNV.exe

C:\Windows\System32\wEdzkNV.exe

C:\Windows\System32\LtXAJLq.exe

C:\Windows\System32\LtXAJLq.exe

C:\Windows\System32\RxtfIHT.exe

C:\Windows\System32\RxtfIHT.exe

C:\Windows\System32\FpcMfRJ.exe

C:\Windows\System32\FpcMfRJ.exe

C:\Windows\System32\oScKRLw.exe

C:\Windows\System32\oScKRLw.exe

C:\Windows\System32\hABDSiE.exe

C:\Windows\System32\hABDSiE.exe

C:\Windows\System32\pqIbmJI.exe

C:\Windows\System32\pqIbmJI.exe

C:\Windows\System32\BNnoOta.exe

C:\Windows\System32\BNnoOta.exe

C:\Windows\System32\Xwfxsyc.exe

C:\Windows\System32\Xwfxsyc.exe

C:\Windows\System32\hBHNLUm.exe

C:\Windows\System32\hBHNLUm.exe

C:\Windows\System32\OdcwyIO.exe

C:\Windows\System32\OdcwyIO.exe

C:\Windows\System32\ubEdeRU.exe

C:\Windows\System32\ubEdeRU.exe

C:\Windows\System32\xISxojY.exe

C:\Windows\System32\xISxojY.exe

C:\Windows\System32\unQQWGz.exe

C:\Windows\System32\unQQWGz.exe

C:\Windows\System32\pXVYZHy.exe

C:\Windows\System32\pXVYZHy.exe

C:\Windows\System32\cFTrBev.exe

C:\Windows\System32\cFTrBev.exe

C:\Windows\System32\DZOepYj.exe

C:\Windows\System32\DZOepYj.exe

C:\Windows\System32\AnMDmXd.exe

C:\Windows\System32\AnMDmXd.exe

C:\Windows\System32\bTHoQtP.exe

C:\Windows\System32\bTHoQtP.exe

C:\Windows\System32\mteoRoQ.exe

C:\Windows\System32\mteoRoQ.exe

C:\Windows\System32\beaVlzO.exe

C:\Windows\System32\beaVlzO.exe

C:\Windows\System32\JbqtdKY.exe

C:\Windows\System32\JbqtdKY.exe

C:\Windows\System32\DDQPyIs.exe

C:\Windows\System32\DDQPyIs.exe

C:\Windows\System32\WlCqFYv.exe

C:\Windows\System32\WlCqFYv.exe

C:\Windows\System32\syhFByT.exe

C:\Windows\System32\syhFByT.exe

C:\Windows\System32\ACWJVqZ.exe

C:\Windows\System32\ACWJVqZ.exe

C:\Windows\System32\iEtdgnn.exe

C:\Windows\System32\iEtdgnn.exe

C:\Windows\System32\yORYdpw.exe

C:\Windows\System32\yORYdpw.exe

C:\Windows\System32\QYVsiXp.exe

C:\Windows\System32\QYVsiXp.exe

C:\Windows\System32\pwoJGmk.exe

C:\Windows\System32\pwoJGmk.exe

C:\Windows\System32\trZoTpG.exe

C:\Windows\System32\trZoTpG.exe

C:\Windows\System32\JRrBiSK.exe

C:\Windows\System32\JRrBiSK.exe

C:\Windows\System32\gvgEEPg.exe

C:\Windows\System32\gvgEEPg.exe

C:\Windows\System32\JKtrNer.exe

C:\Windows\System32\JKtrNer.exe

C:\Windows\System32\MIwDGeU.exe

C:\Windows\System32\MIwDGeU.exe

C:\Windows\System32\BppoKpy.exe

C:\Windows\System32\BppoKpy.exe

C:\Windows\System32\vLPWZCa.exe

C:\Windows\System32\vLPWZCa.exe

C:\Windows\System32\aXJlokP.exe

C:\Windows\System32\aXJlokP.exe

C:\Windows\System32\bARTjdH.exe

C:\Windows\System32\bARTjdH.exe

C:\Windows\System32\SNPWCnu.exe

C:\Windows\System32\SNPWCnu.exe

C:\Windows\System32\fAGiUWa.exe

C:\Windows\System32\fAGiUWa.exe

C:\Windows\System32\MAZYeML.exe

C:\Windows\System32\MAZYeML.exe

C:\Windows\System32\ocOmSVg.exe

C:\Windows\System32\ocOmSVg.exe

C:\Windows\System32\sNfwMrK.exe

C:\Windows\System32\sNfwMrK.exe

C:\Windows\System32\HXDEpiV.exe

C:\Windows\System32\HXDEpiV.exe

C:\Windows\System32\LYnlXmT.exe

C:\Windows\System32\LYnlXmT.exe

C:\Windows\System32\cTFyFtj.exe

C:\Windows\System32\cTFyFtj.exe

C:\Windows\System32\TFWxkyv.exe

C:\Windows\System32\TFWxkyv.exe

C:\Windows\System32\imdFSOg.exe

C:\Windows\System32\imdFSOg.exe

C:\Windows\System32\VJhKhPM.exe

C:\Windows\System32\VJhKhPM.exe

C:\Windows\System32\yEoPnrp.exe

C:\Windows\System32\yEoPnrp.exe

C:\Windows\System32\embVdps.exe

C:\Windows\System32\embVdps.exe

C:\Windows\System32\iUswnMK.exe

C:\Windows\System32\iUswnMK.exe

C:\Windows\System32\WmXtTqg.exe

C:\Windows\System32\WmXtTqg.exe

C:\Windows\System32\TNDYfkY.exe

C:\Windows\System32\TNDYfkY.exe

C:\Windows\System32\PZlpbZB.exe

C:\Windows\System32\PZlpbZB.exe

C:\Windows\System32\MDEDaYM.exe

C:\Windows\System32\MDEDaYM.exe

C:\Windows\System32\NzuygZg.exe

C:\Windows\System32\NzuygZg.exe

C:\Windows\System32\GboggsG.exe

C:\Windows\System32\GboggsG.exe

C:\Windows\System32\ZWGUDZb.exe

C:\Windows\System32\ZWGUDZb.exe

C:\Windows\System32\mBoQvAr.exe

C:\Windows\System32\mBoQvAr.exe

C:\Windows\System32\HhqEdyi.exe

C:\Windows\System32\HhqEdyi.exe

C:\Windows\System32\wzldVzH.exe

C:\Windows\System32\wzldVzH.exe

C:\Windows\System32\xfZXXII.exe

C:\Windows\System32\xfZXXII.exe

C:\Windows\System32\zIjLXdU.exe

C:\Windows\System32\zIjLXdU.exe

C:\Windows\System32\vYXAkNc.exe

C:\Windows\System32\vYXAkNc.exe

C:\Windows\System32\iKQNRlS.exe

C:\Windows\System32\iKQNRlS.exe

C:\Windows\System32\GQDLMRS.exe

C:\Windows\System32\GQDLMRS.exe

C:\Windows\System32\csydnJm.exe

C:\Windows\System32\csydnJm.exe

C:\Windows\System32\jZEfWwb.exe

C:\Windows\System32\jZEfWwb.exe

C:\Windows\System32\FFFKbQQ.exe

C:\Windows\System32\FFFKbQQ.exe

C:\Windows\System32\DoRvOUK.exe

C:\Windows\System32\DoRvOUK.exe

C:\Windows\System32\cHmubGn.exe

C:\Windows\System32\cHmubGn.exe

C:\Windows\System32\ymjtDQx.exe

C:\Windows\System32\ymjtDQx.exe

C:\Windows\System32\xKpCmuK.exe

C:\Windows\System32\xKpCmuK.exe

C:\Windows\System32\mTbPSWU.exe

C:\Windows\System32\mTbPSWU.exe

C:\Windows\System32\JPYpIGk.exe

C:\Windows\System32\JPYpIGk.exe

C:\Windows\System32\VhLpENj.exe

C:\Windows\System32\VhLpENj.exe

C:\Windows\System32\hmgCHXz.exe

C:\Windows\System32\hmgCHXz.exe

C:\Windows\System32\QusfETw.exe

C:\Windows\System32\QusfETw.exe

C:\Windows\System32\BokZuhx.exe

C:\Windows\System32\BokZuhx.exe

C:\Windows\System32\rtASuBo.exe

C:\Windows\System32\rtASuBo.exe

C:\Windows\System32\daIcYaG.exe

C:\Windows\System32\daIcYaG.exe

C:\Windows\System32\AZurKpV.exe

C:\Windows\System32\AZurKpV.exe

C:\Windows\System32\qVQdtDG.exe

C:\Windows\System32\qVQdtDG.exe

C:\Windows\System32\MXqPhks.exe

C:\Windows\System32\MXqPhks.exe

C:\Windows\System32\yYQxwqx.exe

C:\Windows\System32\yYQxwqx.exe

C:\Windows\System32\DlvouAE.exe

C:\Windows\System32\DlvouAE.exe

C:\Windows\System32\SyZrPIu.exe

C:\Windows\System32\SyZrPIu.exe

C:\Windows\System32\mAsiOtC.exe

C:\Windows\System32\mAsiOtC.exe

C:\Windows\System32\ASebpfK.exe

C:\Windows\System32\ASebpfK.exe

C:\Windows\System32\XQuTGRl.exe

C:\Windows\System32\XQuTGRl.exe

C:\Windows\System32\kKIWoWF.exe

C:\Windows\System32\kKIWoWF.exe

C:\Windows\System32\IsYQXYn.exe

C:\Windows\System32\IsYQXYn.exe

C:\Windows\System32\bcqruzj.exe

C:\Windows\System32\bcqruzj.exe

C:\Windows\System32\dncyUpW.exe

C:\Windows\System32\dncyUpW.exe

C:\Windows\System32\IQUQfSK.exe

C:\Windows\System32\IQUQfSK.exe

C:\Windows\System32\ZBWBZhO.exe

C:\Windows\System32\ZBWBZhO.exe

C:\Windows\System32\xEzCnBN.exe

C:\Windows\System32\xEzCnBN.exe

C:\Windows\System32\ecodctB.exe

C:\Windows\System32\ecodctB.exe

C:\Windows\System32\sdXoCZX.exe

C:\Windows\System32\sdXoCZX.exe

C:\Windows\System32\RkFkykF.exe

C:\Windows\System32\RkFkykF.exe

C:\Windows\System32\jSGFdkP.exe

C:\Windows\System32\jSGFdkP.exe

C:\Windows\System32\DjNiehW.exe

C:\Windows\System32\DjNiehW.exe

C:\Windows\System32\IvWJtzf.exe

C:\Windows\System32\IvWJtzf.exe

C:\Windows\System32\LqnUCLW.exe

C:\Windows\System32\LqnUCLW.exe

C:\Windows\System32\Udxnsqs.exe

C:\Windows\System32\Udxnsqs.exe

C:\Windows\System32\hrlebba.exe

C:\Windows\System32\hrlebba.exe

C:\Windows\System32\ahMSEhK.exe

C:\Windows\System32\ahMSEhK.exe

C:\Windows\System32\xRhrGgz.exe

C:\Windows\System32\xRhrGgz.exe

C:\Windows\System32\pQOImcj.exe

C:\Windows\System32\pQOImcj.exe

C:\Windows\System32\UfUtRBT.exe

C:\Windows\System32\UfUtRBT.exe

C:\Windows\System32\ObpdKOl.exe

C:\Windows\System32\ObpdKOl.exe

C:\Windows\System32\UuefXFN.exe

C:\Windows\System32\UuefXFN.exe

C:\Windows\System32\vyEFPUp.exe

C:\Windows\System32\vyEFPUp.exe

C:\Windows\System32\EWfOPju.exe

C:\Windows\System32\EWfOPju.exe

C:\Windows\System32\nAcLuKl.exe

C:\Windows\System32\nAcLuKl.exe

C:\Windows\System32\jHdXitH.exe

C:\Windows\System32\jHdXitH.exe

C:\Windows\System32\WSrYCPr.exe

C:\Windows\System32\WSrYCPr.exe

C:\Windows\System32\jXGdQlC.exe

C:\Windows\System32\jXGdQlC.exe

C:\Windows\System32\ujlvdCI.exe

C:\Windows\System32\ujlvdCI.exe

C:\Windows\System32\dfvnQSU.exe

C:\Windows\System32\dfvnQSU.exe

C:\Windows\System32\VCvpcSc.exe

C:\Windows\System32\VCvpcSc.exe

C:\Windows\System32\kGWDXgg.exe

C:\Windows\System32\kGWDXgg.exe

C:\Windows\System32\lKGzFXY.exe

C:\Windows\System32\lKGzFXY.exe

C:\Windows\System32\NkmELgu.exe

C:\Windows\System32\NkmELgu.exe

C:\Windows\System32\fKgRaMH.exe

C:\Windows\System32\fKgRaMH.exe

C:\Windows\System32\yKnHThe.exe

C:\Windows\System32\yKnHThe.exe

C:\Windows\System32\BLSgYHa.exe

C:\Windows\System32\BLSgYHa.exe

C:\Windows\System32\rCxeFNM.exe

C:\Windows\System32\rCxeFNM.exe

C:\Windows\System32\mNvumwP.exe

C:\Windows\System32\mNvumwP.exe

C:\Windows\System32\PfGiHKO.exe

C:\Windows\System32\PfGiHKO.exe

C:\Windows\System32\aDLXqzx.exe

C:\Windows\System32\aDLXqzx.exe

C:\Windows\System32\noZFrdc.exe

C:\Windows\System32\noZFrdc.exe

C:\Windows\System32\RDLPKRO.exe

C:\Windows\System32\RDLPKRO.exe

C:\Windows\System32\YVnkqjf.exe

C:\Windows\System32\YVnkqjf.exe

C:\Windows\System32\xeqcIgh.exe

C:\Windows\System32\xeqcIgh.exe

C:\Windows\System32\rtzaeaw.exe

C:\Windows\System32\rtzaeaw.exe

C:\Windows\System32\mUKRqkA.exe

C:\Windows\System32\mUKRqkA.exe

C:\Windows\System32\JHXFYho.exe

C:\Windows\System32\JHXFYho.exe

C:\Windows\System32\ykxjvCG.exe

C:\Windows\System32\ykxjvCG.exe

C:\Windows\System32\yURsXIA.exe

C:\Windows\System32\yURsXIA.exe

C:\Windows\System32\NhgpnEG.exe

C:\Windows\System32\NhgpnEG.exe

C:\Windows\System32\TdPKTIa.exe

C:\Windows\System32\TdPKTIa.exe

C:\Windows\System32\jzYNKLp.exe

C:\Windows\System32\jzYNKLp.exe

C:\Windows\System32\mmphYcO.exe

C:\Windows\System32\mmphYcO.exe

C:\Windows\System32\NMXuMLW.exe

C:\Windows\System32\NMXuMLW.exe

C:\Windows\System32\vpjOkkF.exe

C:\Windows\System32\vpjOkkF.exe

C:\Windows\System32\YetPGjj.exe

C:\Windows\System32\YetPGjj.exe

C:\Windows\System32\WZBRZZp.exe

C:\Windows\System32\WZBRZZp.exe

C:\Windows\System32\FVlLdKp.exe

C:\Windows\System32\FVlLdKp.exe

C:\Windows\System32\GWwJnMW.exe

C:\Windows\System32\GWwJnMW.exe

C:\Windows\System32\wNexsXv.exe

C:\Windows\System32\wNexsXv.exe

C:\Windows\System32\hevwGVZ.exe

C:\Windows\System32\hevwGVZ.exe

C:\Windows\System32\FSvLHji.exe

C:\Windows\System32\FSvLHji.exe

C:\Windows\System32\FCtmNym.exe

C:\Windows\System32\FCtmNym.exe

C:\Windows\System32\SZWyCsy.exe

C:\Windows\System32\SZWyCsy.exe

C:\Windows\System32\eyvltlo.exe

C:\Windows\System32\eyvltlo.exe

C:\Windows\System32\JYoDCKP.exe

C:\Windows\System32\JYoDCKP.exe

C:\Windows\System32\vojuFMa.exe

C:\Windows\System32\vojuFMa.exe

C:\Windows\System32\QMSNbLn.exe

C:\Windows\System32\QMSNbLn.exe

C:\Windows\System32\ZPwZTiB.exe

C:\Windows\System32\ZPwZTiB.exe

C:\Windows\System32\IyhsMzC.exe

C:\Windows\System32\IyhsMzC.exe

C:\Windows\System32\wypKUTi.exe

C:\Windows\System32\wypKUTi.exe

C:\Windows\System32\LuCtvZo.exe

C:\Windows\System32\LuCtvZo.exe

C:\Windows\System32\rfIyBvs.exe

C:\Windows\System32\rfIyBvs.exe

C:\Windows\System32\bHsbpVz.exe

C:\Windows\System32\bHsbpVz.exe

C:\Windows\System32\vnHlWwT.exe

C:\Windows\System32\vnHlWwT.exe

C:\Windows\System32\pFWmnNm.exe

C:\Windows\System32\pFWmnNm.exe

C:\Windows\System32\iEnZUQE.exe

C:\Windows\System32\iEnZUQE.exe

C:\Windows\System32\uFTeOtI.exe

C:\Windows\System32\uFTeOtI.exe

C:\Windows\System32\zxvAhBa.exe

C:\Windows\System32\zxvAhBa.exe

C:\Windows\System32\GwheQIU.exe

C:\Windows\System32\GwheQIU.exe

C:\Windows\System32\pHHHInN.exe

C:\Windows\System32\pHHHInN.exe

C:\Windows\System32\ThkvxET.exe

C:\Windows\System32\ThkvxET.exe

C:\Windows\System32\EjBfqoL.exe

C:\Windows\System32\EjBfqoL.exe

C:\Windows\System32\uITplrJ.exe

C:\Windows\System32\uITplrJ.exe

C:\Windows\System32\rjzZKBB.exe

C:\Windows\System32\rjzZKBB.exe

C:\Windows\System32\uyHUHBB.exe

C:\Windows\System32\uyHUHBB.exe

C:\Windows\System32\LexImrQ.exe

C:\Windows\System32\LexImrQ.exe

C:\Windows\System32\JKrhNjs.exe

C:\Windows\System32\JKrhNjs.exe

C:\Windows\System32\ZdVEUwu.exe

C:\Windows\System32\ZdVEUwu.exe

C:\Windows\System32\RvdwMgA.exe

C:\Windows\System32\RvdwMgA.exe

C:\Windows\System32\pHGjVkV.exe

C:\Windows\System32\pHGjVkV.exe

C:\Windows\System32\wuOAXWP.exe

C:\Windows\System32\wuOAXWP.exe

C:\Windows\System32\iCkVnNr.exe

C:\Windows\System32\iCkVnNr.exe

C:\Windows\System32\vXZJkoi.exe

C:\Windows\System32\vXZJkoi.exe

C:\Windows\System32\sqbyhwp.exe

C:\Windows\System32\sqbyhwp.exe

C:\Windows\System32\igHgUJJ.exe

C:\Windows\System32\igHgUJJ.exe

C:\Windows\System32\mxRiVxH.exe

C:\Windows\System32\mxRiVxH.exe

C:\Windows\System32\fIpFWib.exe

C:\Windows\System32\fIpFWib.exe

C:\Windows\System32\VjQKqxh.exe

C:\Windows\System32\VjQKqxh.exe

C:\Windows\System32\vdSpbPT.exe

C:\Windows\System32\vdSpbPT.exe

C:\Windows\System32\nsIXAvM.exe

C:\Windows\System32\nsIXAvM.exe

C:\Windows\System32\ziJVLhJ.exe

C:\Windows\System32\ziJVLhJ.exe

C:\Windows\System32\QmjagNt.exe

C:\Windows\System32\QmjagNt.exe

C:\Windows\System32\GQYbMwJ.exe

C:\Windows\System32\GQYbMwJ.exe

C:\Windows\System32\xcdvXaS.exe

C:\Windows\System32\xcdvXaS.exe

C:\Windows\System32\JIaLDjs.exe

C:\Windows\System32\JIaLDjs.exe

C:\Windows\System32\TIoACNU.exe

C:\Windows\System32\TIoACNU.exe

C:\Windows\System32\Wobvgna.exe

C:\Windows\System32\Wobvgna.exe

C:\Windows\System32\kBhjLVO.exe

C:\Windows\System32\kBhjLVO.exe

C:\Windows\System32\eUSkitv.exe

C:\Windows\System32\eUSkitv.exe

C:\Windows\System32\hzZfpiv.exe

C:\Windows\System32\hzZfpiv.exe

C:\Windows\System32\aCtprcF.exe

C:\Windows\System32\aCtprcF.exe

C:\Windows\System32\VVDSySi.exe

C:\Windows\System32\VVDSySi.exe

C:\Windows\System32\AToEdrZ.exe

C:\Windows\System32\AToEdrZ.exe

C:\Windows\System32\UFWAqpt.exe

C:\Windows\System32\UFWAqpt.exe

C:\Windows\System32\qNIlkTd.exe

C:\Windows\System32\qNIlkTd.exe

C:\Windows\System32\OfEhNho.exe

C:\Windows\System32\OfEhNho.exe

C:\Windows\System32\LfanMkz.exe

C:\Windows\System32\LfanMkz.exe

C:\Windows\System32\RgVOxwM.exe

C:\Windows\System32\RgVOxwM.exe

C:\Windows\System32\rANQbGJ.exe

C:\Windows\System32\rANQbGJ.exe

C:\Windows\System32\lMTRGGD.exe

C:\Windows\System32\lMTRGGD.exe

C:\Windows\System32\oKjKfAI.exe

C:\Windows\System32\oKjKfAI.exe

C:\Windows\System32\DBrNsrR.exe

C:\Windows\System32\DBrNsrR.exe

C:\Windows\System32\aklgvAo.exe

C:\Windows\System32\aklgvAo.exe

C:\Windows\System32\oULybjU.exe

C:\Windows\System32\oULybjU.exe

C:\Windows\System32\IIyGxiU.exe

C:\Windows\System32\IIyGxiU.exe

C:\Windows\System32\aMQVeFp.exe

C:\Windows\System32\aMQVeFp.exe

C:\Windows\System32\byHFVCQ.exe

C:\Windows\System32\byHFVCQ.exe

C:\Windows\System32\FNSsHCp.exe

C:\Windows\System32\FNSsHCp.exe

C:\Windows\System32\WYHTdEj.exe

C:\Windows\System32\WYHTdEj.exe

C:\Windows\System32\TSaUGef.exe

C:\Windows\System32\TSaUGef.exe

C:\Windows\System32\RxQztZE.exe

C:\Windows\System32\RxQztZE.exe

C:\Windows\System32\BAolTcm.exe

C:\Windows\System32\BAolTcm.exe

C:\Windows\System32\gZzZJop.exe

C:\Windows\System32\gZzZJop.exe

C:\Windows\System32\ZpCYGfn.exe

C:\Windows\System32\ZpCYGfn.exe

C:\Windows\System32\gPwJTgD.exe

C:\Windows\System32\gPwJTgD.exe

C:\Windows\System32\ekiLTmd.exe

C:\Windows\System32\ekiLTmd.exe

C:\Windows\System32\ThkyEsL.exe

C:\Windows\System32\ThkyEsL.exe

C:\Windows\System32\kQvyquu.exe

C:\Windows\System32\kQvyquu.exe

C:\Windows\System32\CbPTvSt.exe

C:\Windows\System32\CbPTvSt.exe

C:\Windows\System32\BFLPkyy.exe

C:\Windows\System32\BFLPkyy.exe

C:\Windows\System32\yFxsMFh.exe

C:\Windows\System32\yFxsMFh.exe

C:\Windows\System32\QufntgU.exe

C:\Windows\System32\QufntgU.exe

C:\Windows\System32\VKxMvDM.exe

C:\Windows\System32\VKxMvDM.exe

C:\Windows\System32\PvULvtM.exe

C:\Windows\System32\PvULvtM.exe

C:\Windows\System32\ldszyKx.exe

C:\Windows\System32\ldszyKx.exe

C:\Windows\System32\ikSgoSh.exe

C:\Windows\System32\ikSgoSh.exe

C:\Windows\System32\XAOOShx.exe

C:\Windows\System32\XAOOShx.exe

C:\Windows\System32\KQOvcnQ.exe

C:\Windows\System32\KQOvcnQ.exe

C:\Windows\System32\EQFHAhP.exe

C:\Windows\System32\EQFHAhP.exe

C:\Windows\System32\ZhzKccA.exe

C:\Windows\System32\ZhzKccA.exe

C:\Windows\System32\SNghYQp.exe

C:\Windows\System32\SNghYQp.exe

C:\Windows\System32\SahDzHf.exe

C:\Windows\System32\SahDzHf.exe

C:\Windows\System32\AHbVPCt.exe

C:\Windows\System32\AHbVPCt.exe

C:\Windows\System32\FRJcCDg.exe

C:\Windows\System32\FRJcCDg.exe

C:\Windows\System32\mttBbku.exe

C:\Windows\System32\mttBbku.exe

C:\Windows\System32\XeHwjOJ.exe

C:\Windows\System32\XeHwjOJ.exe

C:\Windows\System32\XJePMxq.exe

C:\Windows\System32\XJePMxq.exe

C:\Windows\System32\ENlntWs.exe

C:\Windows\System32\ENlntWs.exe

C:\Windows\System32\BMsByCQ.exe

C:\Windows\System32\BMsByCQ.exe

C:\Windows\System32\BHXHvuJ.exe

C:\Windows\System32\BHXHvuJ.exe

C:\Windows\System32\LWedYzy.exe

C:\Windows\System32\LWedYzy.exe

C:\Windows\System32\ueBUxaB.exe

C:\Windows\System32\ueBUxaB.exe

C:\Windows\System32\ebXbdYL.exe

C:\Windows\System32\ebXbdYL.exe

C:\Windows\System32\rtYeVuP.exe

C:\Windows\System32\rtYeVuP.exe

C:\Windows\System32\bEuzQjg.exe

C:\Windows\System32\bEuzQjg.exe

C:\Windows\System32\qAxazSM.exe

C:\Windows\System32\qAxazSM.exe

C:\Windows\System32\RHvavdW.exe

C:\Windows\System32\RHvavdW.exe

C:\Windows\System32\BVZPkeV.exe

C:\Windows\System32\BVZPkeV.exe

C:\Windows\System32\NtaxquE.exe

C:\Windows\System32\NtaxquE.exe

C:\Windows\System32\fAoTyrv.exe

C:\Windows\System32\fAoTyrv.exe

C:\Windows\System32\XyRuNMK.exe

C:\Windows\System32\XyRuNMK.exe

C:\Windows\System32\BcgFGbn.exe

C:\Windows\System32\BcgFGbn.exe

C:\Windows\System32\DVwJmvr.exe

C:\Windows\System32\DVwJmvr.exe

C:\Windows\System32\FCnvkct.exe

C:\Windows\System32\FCnvkct.exe

C:\Windows\System32\Misdqnd.exe

C:\Windows\System32\Misdqnd.exe

C:\Windows\System32\SQAOFzd.exe

C:\Windows\System32\SQAOFzd.exe

C:\Windows\System32\UJaEVAP.exe

C:\Windows\System32\UJaEVAP.exe

C:\Windows\System32\SQMUCFe.exe

C:\Windows\System32\SQMUCFe.exe

C:\Windows\System32\ALtHohk.exe

C:\Windows\System32\ALtHohk.exe

C:\Windows\System32\RbLqrMo.exe

C:\Windows\System32\RbLqrMo.exe

C:\Windows\System32\YzgfVMC.exe

C:\Windows\System32\YzgfVMC.exe

C:\Windows\System32\DLcXEby.exe

C:\Windows\System32\DLcXEby.exe

C:\Windows\System32\tckrvJd.exe

C:\Windows\System32\tckrvJd.exe

C:\Windows\System32\DtIbPSy.exe

C:\Windows\System32\DtIbPSy.exe

C:\Windows\System32\byaOgXj.exe

C:\Windows\System32\byaOgXj.exe

C:\Windows\System32\SeigBhx.exe

C:\Windows\System32\SeigBhx.exe

C:\Windows\System32\EHoDETQ.exe

C:\Windows\System32\EHoDETQ.exe

C:\Windows\System32\wlAdDXy.exe

C:\Windows\System32\wlAdDXy.exe

C:\Windows\System32\oPJUDdm.exe

C:\Windows\System32\oPJUDdm.exe

C:\Windows\System32\wJpWyaY.exe

C:\Windows\System32\wJpWyaY.exe

C:\Windows\System32\lleDUbA.exe

C:\Windows\System32\lleDUbA.exe

C:\Windows\System32\POTuZLI.exe

C:\Windows\System32\POTuZLI.exe

C:\Windows\System32\sEvACDR.exe

C:\Windows\System32\sEvACDR.exe

C:\Windows\System32\ZVARQky.exe

C:\Windows\System32\ZVARQky.exe

C:\Windows\System32\NhItuJT.exe

C:\Windows\System32\NhItuJT.exe

C:\Windows\System32\lOoiRwG.exe

C:\Windows\System32\lOoiRwG.exe

C:\Windows\System32\ziIwTNA.exe

C:\Windows\System32\ziIwTNA.exe

C:\Windows\System32\vnJnDxP.exe

C:\Windows\System32\vnJnDxP.exe

C:\Windows\System32\IfJPEuu.exe

C:\Windows\System32\IfJPEuu.exe

C:\Windows\System32\zjHCSYO.exe

C:\Windows\System32\zjHCSYO.exe

C:\Windows\System32\zeAqYVR.exe

C:\Windows\System32\zeAqYVR.exe

C:\Windows\System32\Qraiiod.exe

C:\Windows\System32\Qraiiod.exe

C:\Windows\System32\sVilGAb.exe

C:\Windows\System32\sVilGAb.exe

C:\Windows\System32\AacVeSG.exe

C:\Windows\System32\AacVeSG.exe

C:\Windows\System32\YURcKwY.exe

C:\Windows\System32\YURcKwY.exe

C:\Windows\System32\SMsHvBq.exe

C:\Windows\System32\SMsHvBq.exe

C:\Windows\System32\CRjqHpA.exe

C:\Windows\System32\CRjqHpA.exe

C:\Windows\System32\rUpAOir.exe

C:\Windows\System32\rUpAOir.exe

C:\Windows\System32\zUkvWxa.exe

C:\Windows\System32\zUkvWxa.exe

C:\Windows\System32\mTqohoI.exe

C:\Windows\System32\mTqohoI.exe

C:\Windows\System32\LQaDNeX.exe

C:\Windows\System32\LQaDNeX.exe

C:\Windows\System32\SkSCXzu.exe

C:\Windows\System32\SkSCXzu.exe

C:\Windows\System32\fjjYEpu.exe

C:\Windows\System32\fjjYEpu.exe

C:\Windows\System32\AYDZMTo.exe

C:\Windows\System32\AYDZMTo.exe

C:\Windows\System32\pGdkPov.exe

C:\Windows\System32\pGdkPov.exe

C:\Windows\System32\BPEVxdB.exe

C:\Windows\System32\BPEVxdB.exe

C:\Windows\System32\ArvPRKF.exe

C:\Windows\System32\ArvPRKF.exe

C:\Windows\System32\vobIHKZ.exe

C:\Windows\System32\vobIHKZ.exe

C:\Windows\System32\ErVPpXX.exe

C:\Windows\System32\ErVPpXX.exe

C:\Windows\System32\FNTjmJG.exe

C:\Windows\System32\FNTjmJG.exe

C:\Windows\System32\dBupIaT.exe

C:\Windows\System32\dBupIaT.exe

C:\Windows\System32\rQAvQhC.exe

C:\Windows\System32\rQAvQhC.exe

C:\Windows\System32\mVzolss.exe

C:\Windows\System32\mVzolss.exe

C:\Windows\System32\ljgqNOA.exe

C:\Windows\System32\ljgqNOA.exe

C:\Windows\System32\bDNScgs.exe

C:\Windows\System32\bDNScgs.exe

C:\Windows\System32\RXIgxNC.exe

C:\Windows\System32\RXIgxNC.exe

C:\Windows\System32\wdBOUaO.exe

C:\Windows\System32\wdBOUaO.exe

C:\Windows\System32\gCtdsDZ.exe

C:\Windows\System32\gCtdsDZ.exe

C:\Windows\System32\prXsWkR.exe

C:\Windows\System32\prXsWkR.exe

C:\Windows\System32\zFcLNMF.exe

C:\Windows\System32\zFcLNMF.exe

C:\Windows\System32\JHqYqtw.exe

C:\Windows\System32\JHqYqtw.exe

C:\Windows\System32\cFfVVXl.exe

C:\Windows\System32\cFfVVXl.exe

C:\Windows\System32\NOnbgLY.exe

C:\Windows\System32\NOnbgLY.exe

C:\Windows\System32\KeLMekb.exe

C:\Windows\System32\KeLMekb.exe

C:\Windows\System32\cLICBDa.exe

C:\Windows\System32\cLICBDa.exe

C:\Windows\System32\abMjMxn.exe

C:\Windows\System32\abMjMxn.exe

C:\Windows\System32\OZOVSjs.exe

C:\Windows\System32\OZOVSjs.exe

C:\Windows\System32\YdfTlYW.exe

C:\Windows\System32\YdfTlYW.exe

C:\Windows\System32\EEmHGha.exe

C:\Windows\System32\EEmHGha.exe

C:\Windows\System32\uQPJoZK.exe

C:\Windows\System32\uQPJoZK.exe

C:\Windows\System32\YLBMwGY.exe

C:\Windows\System32\YLBMwGY.exe

C:\Windows\System32\zvyjicj.exe

C:\Windows\System32\zvyjicj.exe

C:\Windows\System32\XtAsKsO.exe

C:\Windows\System32\XtAsKsO.exe

C:\Windows\System32\dzfjwog.exe

C:\Windows\System32\dzfjwog.exe

Network

N/A

Files

memory/1736-1-0x000000013FEC0000-0x00000001402B1000-memory.dmp

memory/1736-0-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\System32\DmVYFCp.exe

MD5 be6190e1b108e536f9193653154be05e
SHA1 ae4d014ea920ccfcab8746820945de8b75cb73bf
SHA256 3e5aefcc216f5f7e1cc17856299e1be5e8ff6b7dd33a4452617e5e45a2ab3e3b
SHA512 dc2642a79b63c34ec8c81be1f43d164cecb543edecb777256ed47b5d6549db746d9376c9ac6c1b7e52bc9e73a0f1d245a03fed1211214df801b022a5036642e2

memory/2340-9-0x000000013F790000-0x000000013FB81000-memory.dmp

memory/1736-8-0x000000013F790000-0x000000013FB81000-memory.dmp

C:\Windows\System32\ZuXOvto.exe

MD5 20e2e3213d962957c8adce96dabf0e59
SHA1 7335f4e568e9b493dba2cfa5e761138218f649e2
SHA256 d6aaac6c0b632a74fd79c757d456ce2e6dd4d33381dfc5a77bcd9d902ef5eaab
SHA512 8e97ee525e8ac8576313c7a1fc68cd18fd81f63c1b5e40059483b17f8da462bae5a12cbc811b3e57bb0cd92e85f790cc96120ac11fae9553d4e3adca447f7719

memory/2600-16-0x000000013FFF0000-0x00000001403E1000-memory.dmp

memory/1736-15-0x0000000001FC0000-0x00000000023B1000-memory.dmp

C:\Windows\System32\HQlolhE.exe

MD5 2b9eb2661f18f760cc95f3a158bd3e86
SHA1 9a6932e28ec720c10c0431d1ae7d40ee0ff06ffb
SHA256 5b5c1142b4678d1bdf02420d26eea9db44b8b4c9dc9559fbcae2c57aa04bc447
SHA512 9bd26ea8dd88f927b8d1829ce281df4f3ed115a0a955325cc950edbc7b0be67f961ad5ba96f83b570e11c6e4d5ba2539ad80b68b24f29c96e21cb0736eb7d98c

C:\Windows\System32\ZBPWbQr.exe

MD5 dc483e71286cb20fd32173607e29dd7d
SHA1 d2109cf204c382a06b06785627fd52f17de4fec4
SHA256 0bb3d477dcb256e907a7630ec7c4defc846ccf7d757902c2cd2a371b6d88ee18
SHA512 d4626af2148b89b3607f57ad4856e44fbd638a440302972ca8fa913d9fb05a1b256d7c83d95b0f6109c9cff9bf2af1f1ecf467259010972a5aaef89e82645a95

memory/1736-28-0x0000000001FC0000-0x00000000023B1000-memory.dmp

memory/3040-29-0x000000013FE70000-0x0000000140261000-memory.dmp

memory/2200-26-0x000000013F340000-0x000000013F731000-memory.dmp

\Windows\System32\GVQvbwP.exe

MD5 fd8946a439562264775ec0ed0f82e673
SHA1 63a5610596202af71b65957fe61b94799884ae50
SHA256 468dfd66e06fdfc397dd8e5c8982e9a9ee6d7088643f7d4fe50dec6ad95bd389
SHA512 9d0c648976587ea572ea1daebe2d7fe302d721d2d3c502ef3f07d82e82cef17fc69ba85eb3cbc09bd9021861dddb8914d4afa55389679429d0e8f6a43f94d52c

C:\Windows\System32\PPEoMQM.exe

MD5 f428fce9aa4d011956299adc952d98b5
SHA1 bc5a1af34caf130706f0852ed40526ae7bb89a4c
SHA256 e4a58515dd35dc6a96fa19398ae72e7480550bf007fe33df3dcc2f34d930d84c
SHA512 fa2024e6293f711264a0d1ed7699f23aa1b1763fff7935efdd6c848fe09ba7849cd0148a2ccbece923c20e80a65a9173daf3cd2f2ffa4e620271d0a10acf77de

memory/1736-48-0x000000013F630000-0x000000013FA21000-memory.dmp

memory/2140-49-0x000000013FE10000-0x0000000140201000-memory.dmp

memory/2772-46-0x000000013F630000-0x000000013FA21000-memory.dmp

memory/2656-45-0x000000013F430000-0x000000013F821000-memory.dmp

C:\Windows\System32\PAqBQgJ.exe

MD5 c96b1ba18daabca258e1e1d81edf0ed2
SHA1 74f2d2185013bd52828b3d61638418128bd82ecf
SHA256 6fe117d1082469af20be29bd7c26f22151aa25583c70d2ea4be594c98fd02441
SHA512 ee2e5814cc64f8de2aea9947fef2f1e5963914c33c4701076716f404fe89dd427e22b3a2f10c7b9ad4149af24b3d8f77b3e6bbe9f780130cb033c481bb3fd940

C:\Windows\System32\UoenMNF.exe

MD5 0297181f8d97f700db39cd0666ac87cb
SHA1 d64beb04df17bb31cc69658a61814fc4d2f12d31
SHA256 5556cd2c55830041941973906baa456214a349b9d828491b8965307eb1781ab7
SHA512 0d02a54e884436f079bf89771a281aa6150d831681e12493cb721041c6baa0d78152eac797cd4f4aa4c6b98f846265ff2480491333005465ba61ae82272e9354

memory/2856-56-0x000000013F840000-0x000000013FC31000-memory.dmp

C:\Windows\System32\FiTigeV.exe

MD5 0dad2e5f073fd54e8a9e9af1136cb184
SHA1 8af7de4500517441c8974addf58dc9570421962f
SHA256 b171df89f9992565dda8be2b11c7d66212d1722c79ff37aeabe42b58547d02bf
SHA512 f05e0f328b2d30cd889177a5e844d0191891223dd5db4f016b036d0c84b4c8cfc07529219b61e1566f9545ef793a121eb97810e6214dd190a68c4ac7fef17e69

memory/2572-78-0x000000013FE30000-0x0000000140221000-memory.dmp

memory/1736-79-0x000000013FEC0000-0x00000001402B1000-memory.dmp

C:\Windows\System32\DmKBoKa.exe

MD5 aa57390a9476bd4644191fd1d740733f
SHA1 41e76a86ab909971732300552e253b3d8df6d809
SHA256 47ab9f3d88f8b7f59835655e7e7b2164b9c7b2871df9d686207150bf9f97f7d4
SHA512 408da128a500fad3fa6255df9b79af1cf853b632d6144052f389d338475e0925d3acbbea258f497e064226f400d56b3d0ebadb87cee5a322877db138348f1cf2

C:\Windows\System32\iGwCyPN.exe

MD5 92da32582c0bd39a1256fb64b2f09722
SHA1 741911e5ecd0cbd308b2bfb0652589a8bd888f09
SHA256 4f1279c78597d61a66eafe51693d2bb71266c682a8047a06b2ea7d2dc5e34fb8
SHA512 e9ae955acf2be8d17676e6b1c93e5092648ad289d9a7f69289ec6c70b3ab021c504c46c21a673f8dbc2224b21095b3844c158d69e704a95dd0d5bc839cc7cbeb

C:\Windows\System32\rmegppZ.exe

MD5 376cdcd53e45bba3da6a2f1d1c75d0bc
SHA1 b4c27651a668bd1cbfee5cc6a762d4f302117d2a
SHA256 f3387b500b5eb97c7b70501a6a9f8aa0f039c2d8f1f1b0ee76c79b7acee300bf
SHA512 1b290b84b12d40c0873f1c7740be2692dd3e66736b9aca53667b14fabe44b2265335a1c3a18920da2e6f82615518efe6b583574f60314eb2aa1f4ec5ec2895d6

C:\Windows\System32\lXiIwao.exe

MD5 99df39d49f584efb133fa16d65855b2b
SHA1 3b18380178954370c858c4125df4b3d2d7f55180
SHA256 b7e4f28eb7f6fffaff0d209db474e1f80f413ee22d3376835f4e1db6d16b8cc3
SHA512 77b48fa02dbda6720ae43194deec482ba742f19563c5c3c857035b56705884318fc44cddbfc545cad26b7e315d50240e00a73c87bdf3da45df8a310ac2c27199

C:\Windows\System32\WAlbxtC.exe

MD5 dfa84fa0f1a5c7ff4d04343849ba2ada
SHA1 a0caa527cbe2c5bf42375dc547fbd421aa2542b6
SHA256 8e57a86bc782efe3b2c26c7334e878c6eece39c51e75fa1e7b32aa267a2c674c
SHA512 6c4d016078d0d02935eb06d5c50aa481b17502a228c0f9642a4afd58479a5169e0df703ea3a3395461b273daab680a3b98de75c08d34130684866f0c95793335

C:\Windows\System32\ZWJZGQr.exe

MD5 0c412340a9c33e8f1c0cc79c2162bfb7
SHA1 4303a5e4e7f0c0d40e72e14044dd34378c98c6dc
SHA256 3e2753880d5280b1125bc0a6ca71af5c8028e965724fdd44468f5eede165e0d2
SHA512 587a1dc422b994ec8874a9a523446dc6aaaa8af245da2839c5adf6fc68f17354c1cd69188565106b262df96f7932209c976534bb07a1743eca61c7ed34dc6f23

C:\Windows\System32\DoQQSIM.exe

MD5 aebc0da8d61ac31e1598539c0dccc9c8
SHA1 f5d421ced8b5986b47c3aacc4daada76dcac7047
SHA256 73f8f9cda6255bc2c6ecd8af7eff0886ac50dec72c1d37819e1281632844368d
SHA512 e61c15c8524aba95e684a4c6ec45461d3855a14c3121a384c717cb8b2e67043abaec625e727c1f7d5ad15fb8526e6047869dfd0c66e65adba0d4be68b7160b23

C:\Windows\System32\jWKrvul.exe

MD5 3dc939434362f9c7a3963b267b1bceca
SHA1 fba5dbee05cc06657b4b70e88a9590965e21399c
SHA256 a07b5dd515a4250d98ba862c1be66571e9d63ed225f0a577cb9e955750f18c2d
SHA512 07d3ae95d6de982c26f3291f60aac0ced31a283f8e848d17aed6a8e1221af3f7c1da432aed2f7a62a8e64c2f4da951a1e42181debe6f4ed9475f05af87e072f3

C:\Windows\System32\InsTevP.exe

MD5 212252a1a9543d1275acb38009d191dc
SHA1 d99ee83ca8225ed03524c62ea353b5cbff375eb7
SHA256 293d2d1502b53453b70286fd66caef190bc4b2c2484b1c1528cf3d2e42dc48fb
SHA512 6c91111cc6e05871d29ee4d4c1fe646f1244f1c1955784ed22a9e472f80e338326b6be4f4600c30b551411548ed6e34e06f6d420d41e1e9c5643e6990df0832a

C:\Windows\System32\nKHVnlb.exe

MD5 929bd0b4ba5bc05591f1f7c2831bcc92
SHA1 7dcad3cc79a4f16d30057b85951e55802d067edf
SHA256 501c05e3b033f8e463dad68a81a6962caf09cfd5938ee18c6209b7560fe66c5a
SHA512 1751b4d0e1ff1bdc3982e292eb2c0306ef017bc38ad83a721925d678994338656418538448d674342682078edc3dd362a14f29aae7dff908baa660a5c1094974

C:\Windows\System32\bWbQCRu.exe

MD5 f0c3fb86772bea09a159c2853a012790
SHA1 920353929b307071ec7fd5fa177d50d2f1bf707d
SHA256 b5439b62590b6ae0e85801323d8eef8b10088c54962f35670f05ff116df8ab4e
SHA512 9bf276507406fd66b3780ae40238db3638f8bf3c1cd28ec9f12f210c4c77c822fd934cc018df63665d11c2a545b7f8941d882b41de0b5b21ef69464fb3f8e766

C:\Windows\System32\gPyCQHS.exe

MD5 e96606a7c7c3053cf60f817128b4bf23
SHA1 5495dc2efe71a871daf0f1ef6498f0438686e743
SHA256 ac7f3644964bf0c437a3fdf52d0fd1db8ddc59465aca54be170c0171e69c67ba
SHA512 aba951386f98df337da8e4282f70c7046b9d6f5ff48d9fbe245ff0969c5e1ca478c139914d30914ac81ee81e1a03e49a12ca91bae5a4ab9318cf03303d2b9262

C:\Windows\System32\ErQXuZu.exe

MD5 e440b29a9f28c080b572c7b87db36374
SHA1 61b998309db8e9b31a0c7ac1bd1e0dc94626a49d
SHA256 98e2ea0afa1c43fcb7d0dcdc2d59e3049706955e1ba9e5e523ef51fa4ab19648
SHA512 436c05a81cdabbf217ab379e95feab2e3623c8b5759c58010440b9071ef7ad14875a344be22e4e9efe9f01d9853a22055b5a3c9e23674cab6a352863c4f30815

C:\Windows\System32\ALIZjcf.exe

MD5 e19321f515c062d7c65a97cc632a84c8
SHA1 8b19f478ea96a4fa527b44f6f310fbe7ddffbff1
SHA256 b0efb6c68be6a4b1a51346554e70fa14afcaa52ee1747f5190806cbc2c8724ed
SHA512 112c6c543eb05f375e4d4a29874125b72bf3dd4eebaf5105774294868e1325be3582d78059e48d4c300ae41bab0a1588e214663b8ef2e2dd1c8e4e774020fbfc

C:\Windows\System32\lxhZbOU.exe

MD5 ad33dffd46b93566a0360be0f8aba0e1
SHA1 c372a6c90a53e9461a09c4cee4e58ad1a66e6cc6
SHA256 d37d2f05523bd2d51b64f7b89062304bed4fdea44a62f5108eee1f2093f5a4e6
SHA512 d4f597e8d3db6d1f932c0b4da06a28a021d234ff2a7dda96100cfcb1bebfe237c8880b912e6d2b266ee3a08adf712a88ab7fa1e50cbd893ecc608d132913cee0

C:\Windows\System32\yFaJnLr.exe

MD5 546fd7dd1b7c7ffef23f3e96753b6b58
SHA1 3ba3172c1892571dbb0fdafa76e35ac202e32c6a
SHA256 35c9102f1c27c3c04233e24611b5d1b52264ff01bc0505901731bdcb718c5ece
SHA512 13a91babed645e1ea64c9f854adb0b5e6af89944eb608fa00434659fbd66aa37c4f94abc40005677ece7804e5caa0f98b670b0dc5c11ead284a6de1f5a932e6e

C:\Windows\System32\BwhIipI.exe

MD5 e01ef102b444eb425f1dfea0d9ab38c8
SHA1 c6579dc2098372192c50f952fbceda46a7a94a2c
SHA256 325bd2672074fa1b834ef14b1ef2f6fa1dcc7b42c437154bcf54bed2b1d4a531
SHA512 530fdfcf2d6f92251fad7236ffed070f438ef2bc43f10f700611e764ea3aae3247a99c5be92e85b1dd80a5397d45facf89e0f088b1b6ca9c161c777f8bd63d7a

C:\Windows\System32\OcLVKqy.exe

MD5 8a2b6e895ba167e69426c2ac10f13496
SHA1 895e555927994408462164f644f7b421df0ebbc6
SHA256 c4f895e2bd1d13e0b5bdebdbb26a6267192888ea30de82f4d5040dbb24c7240a
SHA512 78d0021175ec6380ff8cdbbfffe0e8bd9060490baa3050c724ba594d8c3896ecd1b6411c8c40ba86c4e56038d5acfb2eff7754855a4c77211dc1e5ff429040b3

C:\Windows\System32\BiFaPoZ.exe

MD5 9fc1cd27af14b854f877a87e1491f2d9
SHA1 37f016822c81772be57b6bd0e04f232bb564c2a5
SHA256 0c89b2a61c78095fc93ebef837284a3d7c78b60d5e4d62607d0483c7217b69b0
SHA512 1b850ee5503f508349fd02cadff22fc0e828949fadca8cbca0755be3eb89f2fbc80415067f0417a3c3307c20e6c6847d305ffafbd8513d6bafd9e4585aea0c4c

C:\Windows\System32\BmocdNA.exe

MD5 c6fe7c32765c0e176c0ec5f678e1ddf2
SHA1 ccc25aab848ca75764347a91d0445bb950e8da77
SHA256 de155885af4e75cfdce2acc071ce6e5d0c22a868f05b7da53a67cdf8223f36a9
SHA512 52c014f8a9cbe40b4e729d5550c285dc0c903de0514ddaf17a47c1c12e115c6eefe09ea19854f1af2d66da4b22bcf11e3996e340d65df63c746fe8f8cae327cb

C:\Windows\System32\XzhuDrD.exe

MD5 1eae2d784414261a32309c9d63db75b9
SHA1 00ec95c9c8a10f525afeb6692b820de726ada6ba
SHA256 1616f6eb8871fee54295f6c0d796c257156cfa78e799e9b6cdfb5e680121bee0
SHA512 55208408ee5d714d727a2d9f74e051066e522138d52423b1bfd4275fb1296a6db5a622d7691b13a5fc68750143bec76371eae665c91439427069979583904a2e

memory/2532-83-0x000000013FFA0000-0x0000000140391000-memory.dmp

memory/2652-69-0x000000013FCD0000-0x00000001400C1000-memory.dmp

memory/2588-81-0x000000013F0B0000-0x000000013F4A1000-memory.dmp

C:\Windows\System32\Ncqgkpn.exe

MD5 984f385e3aecd09c912d643ccacb5221
SHA1 ece964ed58e2723dd88b13f63a4c43bb00009409
SHA256 4122b1b06f656ad279169e71a12d1076063095f3335413f3a73913fc02a59c66
SHA512 a2ae01bbde9ea698df167aed23f6f19abec374436c3822a85e382de91a655c93e15d1badfa2b0eb3b261ba7215f5a32dcba76c30c8eb0f863e01c63f3ba34594

memory/1736-76-0x0000000001FC0000-0x00000000023B1000-memory.dmp

memory/1736-73-0x0000000001FC0000-0x00000000023B1000-memory.dmp

C:\Windows\System32\HfxmrIq.exe

MD5 59b34510c5199f6581a98305dd28c613
SHA1 e95854ae0e97153ecc47284b94fc83d56c03652b
SHA256 674b14b1c6af97a4aafa986a6fd6c2cb96e0f0693111b9dd84f4357753cee64d
SHA512 908e1c391ee28ec13b9a28e1760acf8b8136ff3a42aa0266d045912f4cb968ba7a380e5e2c82ca1049488f71e4e1f7f5b206c1ad6dd3ce14308232ccbb2843c5

memory/1736-64-0x0000000001FC0000-0x00000000023B1000-memory.dmp

memory/1736-55-0x000000013F840000-0x000000013FC31000-memory.dmp

memory/1736-40-0x000000013F430000-0x000000013F821000-memory.dmp

memory/2656-980-0x000000013F430000-0x000000013F821000-memory.dmp

memory/1736-979-0x000000013F430000-0x000000013F821000-memory.dmp

memory/2772-1179-0x000000013F630000-0x000000013FA21000-memory.dmp

memory/1736-1898-0x0000000001FC0000-0x00000000023B1000-memory.dmp

memory/1736-3505-0x000000013FEC0000-0x00000001402B1000-memory.dmp

memory/2340-3948-0x000000013F790000-0x000000013FB81000-memory.dmp

memory/2600-3950-0x000000013FFF0000-0x00000001403E1000-memory.dmp

memory/2200-3952-0x000000013F340000-0x000000013F731000-memory.dmp

memory/3040-3954-0x000000013FE70000-0x0000000140261000-memory.dmp

memory/2140-3957-0x000000013FE10000-0x0000000140201000-memory.dmp

memory/2656-3958-0x000000013F430000-0x000000013F821000-memory.dmp

memory/2772-3960-0x000000013F630000-0x000000013FA21000-memory.dmp

memory/2588-4016-0x000000013F0B0000-0x000000013F4A1000-memory.dmp

memory/2856-3990-0x000000013F840000-0x000000013FC31000-memory.dmp

memory/2572-4014-0x000000013FE30000-0x0000000140221000-memory.dmp

memory/2532-4052-0x000000013FFA0000-0x0000000140391000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 17:56

Reported

2024-05-22 17:59

Platform

win10v2004-20240426-en

Max time kernel

73s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System32\HXpDPci.exe N/A
N/A N/A C:\Windows\System32\udQOxUd.exe N/A
N/A N/A C:\Windows\System32\qIUTurH.exe N/A
N/A N/A C:\Windows\System32\zBshwsc.exe N/A
N/A N/A C:\Windows\System32\kPbihmz.exe N/A
N/A N/A C:\Windows\System32\aYjcaxY.exe N/A
N/A N/A C:\Windows\System32\QyOXTlZ.exe N/A
N/A N/A C:\Windows\System32\iIcxNqf.exe N/A
N/A N/A C:\Windows\System32\JHoBXak.exe N/A
N/A N/A C:\Windows\System32\RIkzqjy.exe N/A
N/A N/A C:\Windows\System32\ZyqabxV.exe N/A
N/A N/A C:\Windows\System32\FCmWYXW.exe N/A
N/A N/A C:\Windows\System32\gHNOSVH.exe N/A
N/A N/A C:\Windows\System32\LAkLvMn.exe N/A
N/A N/A C:\Windows\System32\jvTFrpY.exe N/A
N/A N/A C:\Windows\System32\geOyKaG.exe N/A
N/A N/A C:\Windows\System32\SuuTzif.exe N/A
N/A N/A C:\Windows\System32\yebaXNf.exe N/A
N/A N/A C:\Windows\System32\zKLiBIX.exe N/A
N/A N/A C:\Windows\System32\QgPmelN.exe N/A
N/A N/A C:\Windows\System32\JyagvWI.exe N/A
N/A N/A C:\Windows\System32\bjwzlOE.exe N/A
N/A N/A C:\Windows\System32\QtwlBml.exe N/A
N/A N/A C:\Windows\System32\YMgrbzL.exe N/A
N/A N/A C:\Windows\System32\WBSRcPa.exe N/A
N/A N/A C:\Windows\System32\DdprypC.exe N/A
N/A N/A C:\Windows\System32\UvfySWS.exe N/A
N/A N/A C:\Windows\System32\ultLAIY.exe N/A
N/A N/A C:\Windows\System32\tmNybJo.exe N/A
N/A N/A C:\Windows\System32\jolEIMi.exe N/A
N/A N/A C:\Windows\System32\HXydksd.exe N/A
N/A N/A C:\Windows\System32\pGUFUzv.exe N/A
N/A N/A C:\Windows\System32\PjEhFhE.exe N/A
N/A N/A C:\Windows\System32\eEuqgpN.exe N/A
N/A N/A C:\Windows\System32\zdcwhZO.exe N/A
N/A N/A C:\Windows\System32\nTrxvro.exe N/A
N/A N/A C:\Windows\System32\IGtThBQ.exe N/A
N/A N/A C:\Windows\System32\DRukHEr.exe N/A
N/A N/A C:\Windows\System32\babyjNs.exe N/A
N/A N/A C:\Windows\System32\eHwXwBb.exe N/A
N/A N/A C:\Windows\System32\ceiXiXZ.exe N/A
N/A N/A C:\Windows\System32\ughfjtS.exe N/A
N/A N/A C:\Windows\System32\lCUUerM.exe N/A
N/A N/A C:\Windows\System32\NZyVHGA.exe N/A
N/A N/A C:\Windows\System32\zAWjLuZ.exe N/A
N/A N/A C:\Windows\System32\rNvjKGV.exe N/A
N/A N/A C:\Windows\System32\DrAvCDc.exe N/A
N/A N/A C:\Windows\System32\VypeJbL.exe N/A
N/A N/A C:\Windows\System32\qRrnqWE.exe N/A
N/A N/A C:\Windows\System32\TNPDqPm.exe N/A
N/A N/A C:\Windows\System32\TnuxMHF.exe N/A
N/A N/A C:\Windows\System32\tVdBEVA.exe N/A
N/A N/A C:\Windows\System32\INYWUdF.exe N/A
N/A N/A C:\Windows\System32\UFJRPEF.exe N/A
N/A N/A C:\Windows\System32\SMpjlOk.exe N/A
N/A N/A C:\Windows\System32\rrHzpnC.exe N/A
N/A N/A C:\Windows\System32\UwvclCC.exe N/A
N/A N/A C:\Windows\System32\mrkMEjS.exe N/A
N/A N/A C:\Windows\System32\ydoQQXY.exe N/A
N/A N/A C:\Windows\System32\aMomJhZ.exe N/A
N/A N/A C:\Windows\System32\SvAUbKM.exe N/A
N/A N/A C:\Windows\System32\RgsOXmB.exe N/A
N/A N/A C:\Windows\System32\rudtBdH.exe N/A
N/A N/A C:\Windows\System32\ZgoflbV.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\lCUUerM.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ZaHvVWS.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\QhroHrb.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\JMVMuqt.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\RugQYNr.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\zKLiBIX.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\EPkUtKI.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\vgLmeud.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\bVXNsyQ.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\oyFgGll.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\yEfdawd.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\TmvtLmT.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ZxBEKpr.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\smZKhKU.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\tVdBEVA.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\PzotSyq.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\BHhTCnB.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\kuCzHxI.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\yFrnjFH.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\YMgrbzL.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\MAQbnMc.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\kmFJgWj.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ytRDODq.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\NdPePPf.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ENeiSGZ.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\JLgHPTx.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ZKferqz.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\dPsukfQ.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\nOvLxmB.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\GCWLiaX.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\QVlWWIu.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ZgoflbV.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\dcFdmDi.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\XYbMTiU.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\mugNnEr.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\WCkxpQH.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ZyqabxV.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\geOyKaG.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\rwDITnm.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\YINNdQm.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\rcKHGUb.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\sJTCUFF.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\XuHoWtD.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\oCevuXe.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\FoEkJWu.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\svYPmQH.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\OmULnrc.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\DsqKtpx.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\ZRVehFq.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\FCmWYXW.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\zAuCfIy.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\Ybklcdx.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\uSmCdDj.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\LxecjNN.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\HeYiYpZ.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\KjAsFAL.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\kmUsdnR.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\cfGcjvN.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\rezhPsm.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\qOFErci.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\xdLNtIz.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\PWyCLEG.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\PMjdqtn.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A
File created C:\Windows\System32\gdJPZcM.exe C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{1E005E92-62C3-48B4-A669-CE060DF2C641} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{83F84051-0EE6-4B2A-8BFB-26268B842677} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eikK C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{CB239E05-76EC-4861-A705-073AA46215F6} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{0E96B0AA-BDD6-43F2-A660-2FB096C4F67C} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4356 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HXpDPci.exe
PID 4356 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HXpDPci.exe
PID 4356 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\udQOxUd.exe
PID 4356 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\udQOxUd.exe
PID 4356 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\qIUTurH.exe
PID 4356 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\qIUTurH.exe
PID 4356 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\zBshwsc.exe
PID 4356 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\zBshwsc.exe
PID 4356 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\kPbihmz.exe
PID 4356 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\kPbihmz.exe
PID 4356 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\aYjcaxY.exe
PID 4356 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\aYjcaxY.exe
PID 4356 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\QyOXTlZ.exe
PID 4356 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\QyOXTlZ.exe
PID 4356 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\iIcxNqf.exe
PID 4356 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\iIcxNqf.exe
PID 4356 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\JHoBXak.exe
PID 4356 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\JHoBXak.exe
PID 4356 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\RIkzqjy.exe
PID 4356 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\RIkzqjy.exe
PID 4356 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ZyqabxV.exe
PID 4356 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ZyqabxV.exe
PID 4356 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\FCmWYXW.exe
PID 4356 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\FCmWYXW.exe
PID 4356 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\gHNOSVH.exe
PID 4356 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\gHNOSVH.exe
PID 4356 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\LAkLvMn.exe
PID 4356 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\LAkLvMn.exe
PID 4356 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\jvTFrpY.exe
PID 4356 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\jvTFrpY.exe
PID 4356 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\geOyKaG.exe
PID 4356 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\geOyKaG.exe
PID 4356 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\SuuTzif.exe
PID 4356 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\SuuTzif.exe
PID 4356 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\yebaXNf.exe
PID 4356 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\yebaXNf.exe
PID 4356 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\zKLiBIX.exe
PID 4356 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\zKLiBIX.exe
PID 4356 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\QgPmelN.exe
PID 4356 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\QgPmelN.exe
PID 4356 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\JyagvWI.exe
PID 4356 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\JyagvWI.exe
PID 4356 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\bjwzlOE.exe
PID 4356 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\bjwzlOE.exe
PID 4356 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\QtwlBml.exe
PID 4356 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\QtwlBml.exe
PID 4356 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\YMgrbzL.exe
PID 4356 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\YMgrbzL.exe
PID 4356 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\WBSRcPa.exe
PID 4356 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\WBSRcPa.exe
PID 4356 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\DdprypC.exe
PID 4356 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\DdprypC.exe
PID 4356 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\UvfySWS.exe
PID 4356 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\UvfySWS.exe
PID 4356 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ultLAIY.exe
PID 4356 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\ultLAIY.exe
PID 4356 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\tmNybJo.exe
PID 4356 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\tmNybJo.exe
PID 4356 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\jolEIMi.exe
PID 4356 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\jolEIMi.exe
PID 4356 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HXydksd.exe
PID 4356 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\HXydksd.exe
PID 4356 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\pGUFUzv.exe
PID 4356 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe C:\Windows\System32\pGUFUzv.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe

"C:\Users\Admin\AppData\Local\Temp\ffc4eddb1ac43f9ce08c9f18f841216ecc32c00aaef81f8a8ba3395c01ef5e4b.exe"

C:\Windows\System32\HXpDPci.exe

C:\Windows\System32\HXpDPci.exe

C:\Windows\System32\udQOxUd.exe

C:\Windows\System32\udQOxUd.exe

C:\Windows\System32\qIUTurH.exe

C:\Windows\System32\qIUTurH.exe

C:\Windows\System32\zBshwsc.exe

C:\Windows\System32\zBshwsc.exe

C:\Windows\System32\kPbihmz.exe

C:\Windows\System32\kPbihmz.exe

C:\Windows\System32\aYjcaxY.exe

C:\Windows\System32\aYjcaxY.exe

C:\Windows\System32\QyOXTlZ.exe

C:\Windows\System32\QyOXTlZ.exe

C:\Windows\System32\iIcxNqf.exe

C:\Windows\System32\iIcxNqf.exe

C:\Windows\System32\JHoBXak.exe

C:\Windows\System32\JHoBXak.exe

C:\Windows\System32\RIkzqjy.exe

C:\Windows\System32\RIkzqjy.exe

C:\Windows\System32\ZyqabxV.exe

C:\Windows\System32\ZyqabxV.exe

C:\Windows\System32\FCmWYXW.exe

C:\Windows\System32\FCmWYXW.exe

C:\Windows\System32\gHNOSVH.exe

C:\Windows\System32\gHNOSVH.exe

C:\Windows\System32\LAkLvMn.exe

C:\Windows\System32\LAkLvMn.exe

C:\Windows\System32\jvTFrpY.exe

C:\Windows\System32\jvTFrpY.exe

C:\Windows\System32\geOyKaG.exe

C:\Windows\System32\geOyKaG.exe

C:\Windows\System32\SuuTzif.exe

C:\Windows\System32\SuuTzif.exe

C:\Windows\System32\yebaXNf.exe

C:\Windows\System32\yebaXNf.exe

C:\Windows\System32\zKLiBIX.exe

C:\Windows\System32\zKLiBIX.exe

C:\Windows\System32\QgPmelN.exe

C:\Windows\System32\QgPmelN.exe

C:\Windows\System32\JyagvWI.exe

C:\Windows\System32\JyagvWI.exe

C:\Windows\System32\bjwzlOE.exe

C:\Windows\System32\bjwzlOE.exe

C:\Windows\System32\QtwlBml.exe

C:\Windows\System32\QtwlBml.exe

C:\Windows\System32\YMgrbzL.exe

C:\Windows\System32\YMgrbzL.exe

C:\Windows\System32\WBSRcPa.exe

C:\Windows\System32\WBSRcPa.exe

C:\Windows\System32\DdprypC.exe

C:\Windows\System32\DdprypC.exe

C:\Windows\System32\UvfySWS.exe

C:\Windows\System32\UvfySWS.exe

C:\Windows\System32\ultLAIY.exe

C:\Windows\System32\ultLAIY.exe

C:\Windows\System32\tmNybJo.exe

C:\Windows\System32\tmNybJo.exe

C:\Windows\System32\jolEIMi.exe

C:\Windows\System32\jolEIMi.exe

C:\Windows\System32\HXydksd.exe

C:\Windows\System32\HXydksd.exe

C:\Windows\System32\pGUFUzv.exe

C:\Windows\System32\pGUFUzv.exe

C:\Windows\System32\PjEhFhE.exe

C:\Windows\System32\PjEhFhE.exe

C:\Windows\System32\eEuqgpN.exe

C:\Windows\System32\eEuqgpN.exe

C:\Windows\System32\zdcwhZO.exe

C:\Windows\System32\zdcwhZO.exe

C:\Windows\System32\nTrxvro.exe

C:\Windows\System32\nTrxvro.exe

C:\Windows\System32\IGtThBQ.exe

C:\Windows\System32\IGtThBQ.exe

C:\Windows\System32\DRukHEr.exe

C:\Windows\System32\DRukHEr.exe

C:\Windows\System32\babyjNs.exe

C:\Windows\System32\babyjNs.exe

C:\Windows\System32\eHwXwBb.exe

C:\Windows\System32\eHwXwBb.exe

C:\Windows\System32\ceiXiXZ.exe

C:\Windows\System32\ceiXiXZ.exe

C:\Windows\System32\ughfjtS.exe

C:\Windows\System32\ughfjtS.exe

C:\Windows\System32\lCUUerM.exe

C:\Windows\System32\lCUUerM.exe

C:\Windows\System32\NZyVHGA.exe

C:\Windows\System32\NZyVHGA.exe

C:\Windows\System32\zAWjLuZ.exe

C:\Windows\System32\zAWjLuZ.exe

C:\Windows\System32\rNvjKGV.exe

C:\Windows\System32\rNvjKGV.exe

C:\Windows\System32\DrAvCDc.exe

C:\Windows\System32\DrAvCDc.exe

C:\Windows\System32\VypeJbL.exe

C:\Windows\System32\VypeJbL.exe

C:\Windows\System32\qRrnqWE.exe

C:\Windows\System32\qRrnqWE.exe

C:\Windows\System32\TNPDqPm.exe

C:\Windows\System32\TNPDqPm.exe

C:\Windows\System32\TnuxMHF.exe

C:\Windows\System32\TnuxMHF.exe

C:\Windows\System32\tVdBEVA.exe

C:\Windows\System32\tVdBEVA.exe

C:\Windows\System32\INYWUdF.exe

C:\Windows\System32\INYWUdF.exe

C:\Windows\System32\UFJRPEF.exe

C:\Windows\System32\UFJRPEF.exe

C:\Windows\System32\SMpjlOk.exe

C:\Windows\System32\SMpjlOk.exe

C:\Windows\System32\rrHzpnC.exe

C:\Windows\System32\rrHzpnC.exe

C:\Windows\System32\UwvclCC.exe

C:\Windows\System32\UwvclCC.exe

C:\Windows\System32\mrkMEjS.exe

C:\Windows\System32\mrkMEjS.exe

C:\Windows\System32\ydoQQXY.exe

C:\Windows\System32\ydoQQXY.exe

C:\Windows\System32\aMomJhZ.exe

C:\Windows\System32\aMomJhZ.exe

C:\Windows\System32\SvAUbKM.exe

C:\Windows\System32\SvAUbKM.exe

C:\Windows\System32\RgsOXmB.exe

C:\Windows\System32\RgsOXmB.exe

C:\Windows\System32\rudtBdH.exe

C:\Windows\System32\rudtBdH.exe

C:\Windows\System32\ZgoflbV.exe

C:\Windows\System32\ZgoflbV.exe

C:\Windows\System32\vtRcTSQ.exe

C:\Windows\System32\vtRcTSQ.exe

C:\Windows\System32\OMadkpz.exe

C:\Windows\System32\OMadkpz.exe

C:\Windows\System32\AZadMAG.exe

C:\Windows\System32\AZadMAG.exe

C:\Windows\System32\PNifbyB.exe

C:\Windows\System32\PNifbyB.exe

C:\Windows\System32\aMIHBhC.exe

C:\Windows\System32\aMIHBhC.exe

C:\Windows\System32\DiKAXBy.exe

C:\Windows\System32\DiKAXBy.exe

C:\Windows\System32\CbMZvoj.exe

C:\Windows\System32\CbMZvoj.exe

C:\Windows\System32\VgMrMFD.exe

C:\Windows\System32\VgMrMFD.exe

C:\Windows\System32\bGeRylY.exe

C:\Windows\System32\bGeRylY.exe

C:\Windows\System32\tZQBTje.exe

C:\Windows\System32\tZQBTje.exe

C:\Windows\System32\slDRYxc.exe

C:\Windows\System32\slDRYxc.exe

C:\Windows\System32\bLzzwPC.exe

C:\Windows\System32\bLzzwPC.exe

C:\Windows\System32\yBUwgFV.exe

C:\Windows\System32\yBUwgFV.exe

C:\Windows\System32\dFktHZO.exe

C:\Windows\System32\dFktHZO.exe

C:\Windows\System32\tzkRAfv.exe

C:\Windows\System32\tzkRAfv.exe

C:\Windows\System32\TCDICuU.exe

C:\Windows\System32\TCDICuU.exe

C:\Windows\System32\vzciwEE.exe

C:\Windows\System32\vzciwEE.exe

C:\Windows\System32\nhfKQVk.exe

C:\Windows\System32\nhfKQVk.exe

C:\Windows\System32\talqJXf.exe

C:\Windows\System32\talqJXf.exe

C:\Windows\System32\DMNIcHy.exe

C:\Windows\System32\DMNIcHy.exe

C:\Windows\System32\UEZFnDl.exe

C:\Windows\System32\UEZFnDl.exe

C:\Windows\System32\CDiBnHE.exe

C:\Windows\System32\CDiBnHE.exe

C:\Windows\System32\kRtTzSK.exe

C:\Windows\System32\kRtTzSK.exe

C:\Windows\System32\dFLqQJb.exe

C:\Windows\System32\dFLqQJb.exe

C:\Windows\System32\BDHUJgq.exe

C:\Windows\System32\BDHUJgq.exe

C:\Windows\System32\ZLDXCqm.exe

C:\Windows\System32\ZLDXCqm.exe

C:\Windows\System32\KQAPVaJ.exe

C:\Windows\System32\KQAPVaJ.exe

C:\Windows\System32\WchzKKU.exe

C:\Windows\System32\WchzKKU.exe

C:\Windows\System32\tFzguIw.exe

C:\Windows\System32\tFzguIw.exe

C:\Windows\System32\ucMRKSI.exe

C:\Windows\System32\ucMRKSI.exe

C:\Windows\System32\ytRDODq.exe

C:\Windows\System32\ytRDODq.exe

C:\Windows\System32\wBEfVdM.exe

C:\Windows\System32\wBEfVdM.exe

C:\Windows\System32\fDWlxaq.exe

C:\Windows\System32\fDWlxaq.exe

C:\Windows\System32\yOCRZqT.exe

C:\Windows\System32\yOCRZqT.exe

C:\Windows\System32\CVBJbyd.exe

C:\Windows\System32\CVBJbyd.exe

C:\Windows\System32\OdyeuBs.exe

C:\Windows\System32\OdyeuBs.exe

C:\Windows\System32\sJTCUFF.exe

C:\Windows\System32\sJTCUFF.exe

C:\Windows\System32\oxYWUnT.exe

C:\Windows\System32\oxYWUnT.exe

C:\Windows\System32\XsRxFxz.exe

C:\Windows\System32\XsRxFxz.exe

C:\Windows\System32\iSHdIEo.exe

C:\Windows\System32\iSHdIEo.exe

C:\Windows\System32\fFIcAUq.exe

C:\Windows\System32\fFIcAUq.exe

C:\Windows\System32\gmlmcMV.exe

C:\Windows\System32\gmlmcMV.exe

C:\Windows\System32\PCrpZhJ.exe

C:\Windows\System32\PCrpZhJ.exe

C:\Windows\System32\kxrGZXF.exe

C:\Windows\System32\kxrGZXF.exe

C:\Windows\System32\KOMIFyH.exe

C:\Windows\System32\KOMIFyH.exe

C:\Windows\System32\XHMlEwx.exe

C:\Windows\System32\XHMlEwx.exe

C:\Windows\System32\YeEhHBF.exe

C:\Windows\System32\YeEhHBF.exe

C:\Windows\System32\WfEmUtg.exe

C:\Windows\System32\WfEmUtg.exe

C:\Windows\System32\WPPhLjE.exe

C:\Windows\System32\WPPhLjE.exe

C:\Windows\System32\pTKrtLr.exe

C:\Windows\System32\pTKrtLr.exe

C:\Windows\System32\dSkFqaZ.exe

C:\Windows\System32\dSkFqaZ.exe

C:\Windows\System32\fPQTeeY.exe

C:\Windows\System32\fPQTeeY.exe

C:\Windows\System32\pDYEvDI.exe

C:\Windows\System32\pDYEvDI.exe

C:\Windows\System32\CbRZGns.exe

C:\Windows\System32\CbRZGns.exe

C:\Windows\System32\bBWVdbX.exe

C:\Windows\System32\bBWVdbX.exe

C:\Windows\System32\kHRBrhK.exe

C:\Windows\System32\kHRBrhK.exe

C:\Windows\System32\NmfEkcf.exe

C:\Windows\System32\NmfEkcf.exe

C:\Windows\System32\GyHMPZk.exe

C:\Windows\System32\GyHMPZk.exe

C:\Windows\System32\qbGTzMl.exe

C:\Windows\System32\qbGTzMl.exe

C:\Windows\System32\zLkeFHq.exe

C:\Windows\System32\zLkeFHq.exe

C:\Windows\System32\lpFODmA.exe

C:\Windows\System32\lpFODmA.exe

C:\Windows\System32\OlYgvJc.exe

C:\Windows\System32\OlYgvJc.exe

C:\Windows\System32\YyPWDkS.exe

C:\Windows\System32\YyPWDkS.exe

C:\Windows\System32\ydQSpTb.exe

C:\Windows\System32\ydQSpTb.exe

C:\Windows\System32\THwOwRV.exe

C:\Windows\System32\THwOwRV.exe

C:\Windows\System32\LAZQiiZ.exe

C:\Windows\System32\LAZQiiZ.exe

C:\Windows\System32\vZOOHJt.exe

C:\Windows\System32\vZOOHJt.exe

C:\Windows\System32\JJQiqLQ.exe

C:\Windows\System32\JJQiqLQ.exe

C:\Windows\System32\hoDDvPN.exe

C:\Windows\System32\hoDDvPN.exe

C:\Windows\System32\IMWGpfa.exe

C:\Windows\System32\IMWGpfa.exe

C:\Windows\System32\bxVtPpz.exe

C:\Windows\System32\bxVtPpz.exe

C:\Windows\System32\uaKNKUQ.exe

C:\Windows\System32\uaKNKUQ.exe

C:\Windows\System32\TZjFebb.exe

C:\Windows\System32\TZjFebb.exe

C:\Windows\System32\dcFdmDi.exe

C:\Windows\System32\dcFdmDi.exe

C:\Windows\System32\gWXgCdD.exe

C:\Windows\System32\gWXgCdD.exe

C:\Windows\System32\kDLJECI.exe

C:\Windows\System32\kDLJECI.exe

C:\Windows\System32\FiFokhW.exe

C:\Windows\System32\FiFokhW.exe

C:\Windows\System32\lzRcrkO.exe

C:\Windows\System32\lzRcrkO.exe

C:\Windows\System32\loyZNQS.exe

C:\Windows\System32\loyZNQS.exe

C:\Windows\System32\mMHVBSS.exe

C:\Windows\System32\mMHVBSS.exe

C:\Windows\System32\TndOdkz.exe

C:\Windows\System32\TndOdkz.exe

C:\Windows\System32\hXdxEtt.exe

C:\Windows\System32\hXdxEtt.exe

C:\Windows\System32\TIqCtVX.exe

C:\Windows\System32\TIqCtVX.exe

C:\Windows\System32\EMOYbeJ.exe

C:\Windows\System32\EMOYbeJ.exe

C:\Windows\System32\jrtpaTp.exe

C:\Windows\System32\jrtpaTp.exe

C:\Windows\System32\jLPFClC.exe

C:\Windows\System32\jLPFClC.exe

C:\Windows\System32\SyJSNom.exe

C:\Windows\System32\SyJSNom.exe

C:\Windows\System32\rwDITnm.exe

C:\Windows\System32\rwDITnm.exe

C:\Windows\System32\HBrADrk.exe

C:\Windows\System32\HBrADrk.exe

C:\Windows\System32\fMMVASy.exe

C:\Windows\System32\fMMVASy.exe

C:\Windows\System32\vCngyaY.exe

C:\Windows\System32\vCngyaY.exe

C:\Windows\System32\FoEkJWu.exe

C:\Windows\System32\FoEkJWu.exe

C:\Windows\System32\wuaijDd.exe

C:\Windows\System32\wuaijDd.exe

C:\Windows\System32\RtXPIPY.exe

C:\Windows\System32\RtXPIPY.exe

C:\Windows\System32\iUdyYIs.exe

C:\Windows\System32\iUdyYIs.exe

C:\Windows\System32\HrRIQbw.exe

C:\Windows\System32\HrRIQbw.exe

C:\Windows\System32\yEfdawd.exe

C:\Windows\System32\yEfdawd.exe

C:\Windows\System32\PSIDoMB.exe

C:\Windows\System32\PSIDoMB.exe

C:\Windows\System32\RUcWEfv.exe

C:\Windows\System32\RUcWEfv.exe

C:\Windows\System32\IjSsmRR.exe

C:\Windows\System32\IjSsmRR.exe

C:\Windows\System32\ZaHvVWS.exe

C:\Windows\System32\ZaHvVWS.exe

C:\Windows\System32\QVlWWIu.exe

C:\Windows\System32\QVlWWIu.exe

C:\Windows\System32\RuSZfnH.exe

C:\Windows\System32\RuSZfnH.exe

C:\Windows\System32\jUEeLnM.exe

C:\Windows\System32\jUEeLnM.exe

C:\Windows\System32\ssZNmmN.exe

C:\Windows\System32\ssZNmmN.exe

C:\Windows\System32\TmvtLmT.exe

C:\Windows\System32\TmvtLmT.exe

C:\Windows\System32\RUHtzve.exe

C:\Windows\System32\RUHtzve.exe

C:\Windows\System32\bZYoXTk.exe

C:\Windows\System32\bZYoXTk.exe

C:\Windows\System32\BFIYraA.exe

C:\Windows\System32\BFIYraA.exe

C:\Windows\System32\BdwxDUO.exe

C:\Windows\System32\BdwxDUO.exe

C:\Windows\System32\zYLclRD.exe

C:\Windows\System32\zYLclRD.exe

C:\Windows\System32\IaUsmqM.exe

C:\Windows\System32\IaUsmqM.exe

C:\Windows\System32\CGmDxih.exe

C:\Windows\System32\CGmDxih.exe

C:\Windows\System32\gAuVmvr.exe

C:\Windows\System32\gAuVmvr.exe

C:\Windows\System32\PDjAzkB.exe

C:\Windows\System32\PDjAzkB.exe

C:\Windows\System32\HlvpJYy.exe

C:\Windows\System32\HlvpJYy.exe

C:\Windows\System32\aoxGZuy.exe

C:\Windows\System32\aoxGZuy.exe

C:\Windows\System32\yhYARlQ.exe

C:\Windows\System32\yhYARlQ.exe

C:\Windows\System32\LZLoNGz.exe

C:\Windows\System32\LZLoNGz.exe

C:\Windows\System32\KVsXEvJ.exe

C:\Windows\System32\KVsXEvJ.exe

C:\Windows\System32\lZnNhcF.exe

C:\Windows\System32\lZnNhcF.exe

C:\Windows\System32\HcYgFUC.exe

C:\Windows\System32\HcYgFUC.exe

C:\Windows\System32\CyKRnvu.exe

C:\Windows\System32\CyKRnvu.exe

C:\Windows\System32\PGDwGZE.exe

C:\Windows\System32\PGDwGZE.exe

C:\Windows\System32\GFHXyJB.exe

C:\Windows\System32\GFHXyJB.exe

C:\Windows\System32\mquvkbl.exe

C:\Windows\System32\mquvkbl.exe

C:\Windows\System32\svYPmQH.exe

C:\Windows\System32\svYPmQH.exe

C:\Windows\System32\PXiYrXZ.exe

C:\Windows\System32\PXiYrXZ.exe

C:\Windows\System32\BWDBVzK.exe

C:\Windows\System32\BWDBVzK.exe

C:\Windows\System32\YnVZrTL.exe

C:\Windows\System32\YnVZrTL.exe

C:\Windows\System32\fuQSKTU.exe

C:\Windows\System32\fuQSKTU.exe

C:\Windows\System32\SdZnOWc.exe

C:\Windows\System32\SdZnOWc.exe

C:\Windows\System32\ZKferqz.exe

C:\Windows\System32\ZKferqz.exe

C:\Windows\System32\jSZMkvX.exe

C:\Windows\System32\jSZMkvX.exe

C:\Windows\System32\uqDlvMY.exe

C:\Windows\System32\uqDlvMY.exe

C:\Windows\System32\fXeZezQ.exe

C:\Windows\System32\fXeZezQ.exe

C:\Windows\System32\OoEMeSa.exe

C:\Windows\System32\OoEMeSa.exe

C:\Windows\System32\GFvhxcy.exe

C:\Windows\System32\GFvhxcy.exe

C:\Windows\System32\ZdkWEll.exe

C:\Windows\System32\ZdkWEll.exe

C:\Windows\System32\EPkUtKI.exe

C:\Windows\System32\EPkUtKI.exe

C:\Windows\System32\kIMwyOf.exe

C:\Windows\System32\kIMwyOf.exe

C:\Windows\System32\ZtkQEZE.exe

C:\Windows\System32\ZtkQEZE.exe

C:\Windows\System32\wYTPXjE.exe

C:\Windows\System32\wYTPXjE.exe

C:\Windows\System32\OMsVCCw.exe

C:\Windows\System32\OMsVCCw.exe

C:\Windows\System32\ewKEvCn.exe

C:\Windows\System32\ewKEvCn.exe

C:\Windows\System32\kukzKJG.exe

C:\Windows\System32\kukzKJG.exe

C:\Windows\System32\ywANTPK.exe

C:\Windows\System32\ywANTPK.exe

C:\Windows\System32\sQDBmMG.exe

C:\Windows\System32\sQDBmMG.exe

C:\Windows\System32\WBjsbAO.exe

C:\Windows\System32\WBjsbAO.exe

C:\Windows\System32\PzotSyq.exe

C:\Windows\System32\PzotSyq.exe

C:\Windows\System32\cTCKbRj.exe

C:\Windows\System32\cTCKbRj.exe

C:\Windows\System32\tJqJFdl.exe

C:\Windows\System32\tJqJFdl.exe

C:\Windows\System32\skLytQr.exe

C:\Windows\System32\skLytQr.exe

C:\Windows\System32\SWKDhXW.exe

C:\Windows\System32\SWKDhXW.exe

C:\Windows\System32\ibnjeWG.exe

C:\Windows\System32\ibnjeWG.exe

C:\Windows\System32\OHTqMYR.exe

C:\Windows\System32\OHTqMYR.exe

C:\Windows\System32\VxUqUzs.exe

C:\Windows\System32\VxUqUzs.exe

C:\Windows\System32\WOuzDZS.exe

C:\Windows\System32\WOuzDZS.exe

C:\Windows\System32\WusFHIg.exe

C:\Windows\System32\WusFHIg.exe

C:\Windows\System32\XuHoWtD.exe

C:\Windows\System32\XuHoWtD.exe

C:\Windows\System32\zQcbbFi.exe

C:\Windows\System32\zQcbbFi.exe

C:\Windows\System32\JgoMmRG.exe

C:\Windows\System32\JgoMmRG.exe

C:\Windows\System32\pcEZYgG.exe

C:\Windows\System32\pcEZYgG.exe

C:\Windows\System32\sFwzLXg.exe

C:\Windows\System32\sFwzLXg.exe

C:\Windows\System32\vNAcVjy.exe

C:\Windows\System32\vNAcVjy.exe

C:\Windows\System32\uJyTpTp.exe

C:\Windows\System32\uJyTpTp.exe

C:\Windows\System32\efnOmfG.exe

C:\Windows\System32\efnOmfG.exe

C:\Windows\System32\kwzmYrM.exe

C:\Windows\System32\kwzmYrM.exe

C:\Windows\System32\JnZcUXy.exe

C:\Windows\System32\JnZcUXy.exe

C:\Windows\System32\eYSesVs.exe

C:\Windows\System32\eYSesVs.exe

C:\Windows\System32\gwFhIJe.exe

C:\Windows\System32\gwFhIJe.exe

C:\Windows\System32\ISoPTlo.exe

C:\Windows\System32\ISoPTlo.exe

C:\Windows\System32\cfGcjvN.exe

C:\Windows\System32\cfGcjvN.exe

C:\Windows\System32\lPTiSuV.exe

C:\Windows\System32\lPTiSuV.exe

C:\Windows\System32\RTKQHfY.exe

C:\Windows\System32\RTKQHfY.exe

C:\Windows\System32\CXOKjsL.exe

C:\Windows\System32\CXOKjsL.exe

C:\Windows\System32\UwJLzPU.exe

C:\Windows\System32\UwJLzPU.exe

C:\Windows\System32\fConqrU.exe

C:\Windows\System32\fConqrU.exe

C:\Windows\System32\ezobqSE.exe

C:\Windows\System32\ezobqSE.exe

C:\Windows\System32\SjKkNxd.exe

C:\Windows\System32\SjKkNxd.exe

C:\Windows\System32\IODLKtQ.exe

C:\Windows\System32\IODLKtQ.exe

C:\Windows\System32\RfLzhdj.exe

C:\Windows\System32\RfLzhdj.exe

C:\Windows\System32\tiTlWsV.exe

C:\Windows\System32\tiTlWsV.exe

C:\Windows\System32\gtFIbdr.exe

C:\Windows\System32\gtFIbdr.exe

C:\Windows\System32\zHavFuV.exe

C:\Windows\System32\zHavFuV.exe

C:\Windows\System32\IfXrNjP.exe

C:\Windows\System32\IfXrNjP.exe

C:\Windows\System32\LIbWLFm.exe

C:\Windows\System32\LIbWLFm.exe

C:\Windows\System32\OyOPXcY.exe

C:\Windows\System32\OyOPXcY.exe

C:\Windows\System32\qDnjgZE.exe

C:\Windows\System32\qDnjgZE.exe

C:\Windows\System32\MzRLFrH.exe

C:\Windows\System32\MzRLFrH.exe

C:\Windows\System32\DTYhVXi.exe

C:\Windows\System32\DTYhVXi.exe

C:\Windows\System32\qkFqsLr.exe

C:\Windows\System32\qkFqsLr.exe

C:\Windows\System32\dAmGmqW.exe

C:\Windows\System32\dAmGmqW.exe

C:\Windows\System32\SwEKiZs.exe

C:\Windows\System32\SwEKiZs.exe

C:\Windows\System32\rezhPsm.exe

C:\Windows\System32\rezhPsm.exe

C:\Windows\System32\qOFErci.exe

C:\Windows\System32\qOFErci.exe

C:\Windows\System32\hjRhCxV.exe

C:\Windows\System32\hjRhCxV.exe

C:\Windows\System32\BFkDLCB.exe

C:\Windows\System32\BFkDLCB.exe

C:\Windows\System32\pcUzoxX.exe

C:\Windows\System32\pcUzoxX.exe

C:\Windows\System32\smXFFib.exe

C:\Windows\System32\smXFFib.exe

C:\Windows\System32\MAQbnMc.exe

C:\Windows\System32\MAQbnMc.exe

C:\Windows\System32\TMjYNFh.exe

C:\Windows\System32\TMjYNFh.exe

C:\Windows\System32\GSeuYFD.exe

C:\Windows\System32\GSeuYFD.exe

C:\Windows\System32\yUHYLVZ.exe

C:\Windows\System32\yUHYLVZ.exe

C:\Windows\System32\EdpncaM.exe

C:\Windows\System32\EdpncaM.exe

C:\Windows\System32\qLINtAs.exe

C:\Windows\System32\qLINtAs.exe

C:\Windows\System32\xdLNtIz.exe

C:\Windows\System32\xdLNtIz.exe

C:\Windows\System32\KivwGSB.exe

C:\Windows\System32\KivwGSB.exe

C:\Windows\System32\vgLmeud.exe

C:\Windows\System32\vgLmeud.exe

C:\Windows\System32\zgwpjui.exe

C:\Windows\System32\zgwpjui.exe

C:\Windows\System32\xuLzIad.exe

C:\Windows\System32\xuLzIad.exe

C:\Windows\System32\upMTCPE.exe

C:\Windows\System32\upMTCPE.exe

C:\Windows\System32\zMSazly.exe

C:\Windows\System32\zMSazly.exe

C:\Windows\System32\lflreBP.exe

C:\Windows\System32\lflreBP.exe

C:\Windows\System32\EcdfnkN.exe

C:\Windows\System32\EcdfnkN.exe

C:\Windows\System32\cAJyxnQ.exe

C:\Windows\System32\cAJyxnQ.exe

C:\Windows\System32\sWqIYbI.exe

C:\Windows\System32\sWqIYbI.exe

C:\Windows\System32\SzJPNsF.exe

C:\Windows\System32\SzJPNsF.exe

C:\Windows\System32\tmJihyI.exe

C:\Windows\System32\tmJihyI.exe

C:\Windows\System32\ODWFcEJ.exe

C:\Windows\System32\ODWFcEJ.exe

C:\Windows\System32\mGDarbU.exe

C:\Windows\System32\mGDarbU.exe

C:\Windows\System32\xjYjaqN.exe

C:\Windows\System32\xjYjaqN.exe

C:\Windows\System32\fleOLta.exe

C:\Windows\System32\fleOLta.exe

C:\Windows\System32\XYjDqHn.exe

C:\Windows\System32\XYjDqHn.exe

C:\Windows\System32\nlBCpfI.exe

C:\Windows\System32\nlBCpfI.exe

C:\Windows\System32\EkREnDT.exe

C:\Windows\System32\EkREnDT.exe

C:\Windows\System32\Bnewyek.exe

C:\Windows\System32\Bnewyek.exe

C:\Windows\System32\wrffkcx.exe

C:\Windows\System32\wrffkcx.exe

C:\Windows\System32\aebMrUC.exe

C:\Windows\System32\aebMrUC.exe

C:\Windows\System32\TNKxoAP.exe

C:\Windows\System32\TNKxoAP.exe

C:\Windows\System32\KNUtpFa.exe

C:\Windows\System32\KNUtpFa.exe

C:\Windows\System32\uJPdMeL.exe

C:\Windows\System32\uJPdMeL.exe

C:\Windows\System32\cSWAzpg.exe

C:\Windows\System32\cSWAzpg.exe

C:\Windows\System32\CEneQMN.exe

C:\Windows\System32\CEneQMN.exe

C:\Windows\System32\nrUrYrN.exe

C:\Windows\System32\nrUrYrN.exe

C:\Windows\System32\TCLATkm.exe

C:\Windows\System32\TCLATkm.exe

C:\Windows\System32\EaZbJUJ.exe

C:\Windows\System32\EaZbJUJ.exe

C:\Windows\System32\whiIlvZ.exe

C:\Windows\System32\whiIlvZ.exe

C:\Windows\System32\eKYyOrO.exe

C:\Windows\System32\eKYyOrO.exe

C:\Windows\System32\oCevuXe.exe

C:\Windows\System32\oCevuXe.exe

C:\Windows\System32\MTjpHvB.exe

C:\Windows\System32\MTjpHvB.exe

C:\Windows\System32\qfgAAEs.exe

C:\Windows\System32\qfgAAEs.exe

C:\Windows\System32\uAOgkhH.exe

C:\Windows\System32\uAOgkhH.exe

C:\Windows\System32\sFAYpYO.exe

C:\Windows\System32\sFAYpYO.exe

C:\Windows\System32\qDIGtUO.exe

C:\Windows\System32\qDIGtUO.exe

C:\Windows\System32\feJnqyS.exe

C:\Windows\System32\feJnqyS.exe

C:\Windows\System32\LTyrQIw.exe

C:\Windows\System32\LTyrQIw.exe

C:\Windows\System32\LDjUcgK.exe

C:\Windows\System32\LDjUcgK.exe

C:\Windows\System32\nZGuDbT.exe

C:\Windows\System32\nZGuDbT.exe

C:\Windows\System32\udcuMFA.exe

C:\Windows\System32\udcuMFA.exe

C:\Windows\System32\tsWelPJ.exe

C:\Windows\System32\tsWelPJ.exe

C:\Windows\System32\LyELZlB.exe

C:\Windows\System32\LyELZlB.exe

C:\Windows\System32\MXpHQEE.exe

C:\Windows\System32\MXpHQEE.exe

C:\Windows\System32\VsnUTcX.exe

C:\Windows\System32\VsnUTcX.exe

C:\Windows\System32\YINNdQm.exe

C:\Windows\System32\YINNdQm.exe

C:\Windows\System32\JbGSoXQ.exe

C:\Windows\System32\JbGSoXQ.exe

C:\Windows\System32\JvIjIIP.exe

C:\Windows\System32\JvIjIIP.exe

C:\Windows\System32\ZIXaIqF.exe

C:\Windows\System32\ZIXaIqF.exe

C:\Windows\System32\MEfvyOM.exe

C:\Windows\System32\MEfvyOM.exe

C:\Windows\System32\JeqfIbN.exe

C:\Windows\System32\JeqfIbN.exe

C:\Windows\System32\FBVCIAj.exe

C:\Windows\System32\FBVCIAj.exe

C:\Windows\System32\pDmgSGi.exe

C:\Windows\System32\pDmgSGi.exe

C:\Windows\System32\tKIWysc.exe

C:\Windows\System32\tKIWysc.exe

C:\Windows\System32\abuLyuv.exe

C:\Windows\System32\abuLyuv.exe

C:\Windows\System32\ULAbRYv.exe

C:\Windows\System32\ULAbRYv.exe

C:\Windows\System32\tRVyFCg.exe

C:\Windows\System32\tRVyFCg.exe

C:\Windows\System32\DmWCHWl.exe

C:\Windows\System32\DmWCHWl.exe

C:\Windows\System32\XVvhpmg.exe

C:\Windows\System32\XVvhpmg.exe

C:\Windows\System32\dkLCcPg.exe

C:\Windows\System32\dkLCcPg.exe

C:\Windows\System32\LRrMPSl.exe

C:\Windows\System32\LRrMPSl.exe

C:\Windows\System32\JlYtEQs.exe

C:\Windows\System32\JlYtEQs.exe

C:\Windows\System32\rznagqK.exe

C:\Windows\System32\rznagqK.exe

C:\Windows\System32\zdnORgx.exe

C:\Windows\System32\zdnORgx.exe

C:\Windows\System32\fHXibyB.exe

C:\Windows\System32\fHXibyB.exe

C:\Windows\System32\RXAoDcQ.exe

C:\Windows\System32\RXAoDcQ.exe

C:\Windows\System32\nlMuHpE.exe

C:\Windows\System32\nlMuHpE.exe

C:\Windows\System32\HqTvtGZ.exe

C:\Windows\System32\HqTvtGZ.exe

C:\Windows\System32\aMVWLem.exe

C:\Windows\System32\aMVWLem.exe

C:\Windows\System32\uthdXgN.exe

C:\Windows\System32\uthdXgN.exe

C:\Windows\System32\LCnhESq.exe

C:\Windows\System32\LCnhESq.exe

C:\Windows\System32\qNtwAli.exe

C:\Windows\System32\qNtwAli.exe

C:\Windows\System32\CRzfPYE.exe

C:\Windows\System32\CRzfPYE.exe

C:\Windows\System32\BHhTCnB.exe

C:\Windows\System32\BHhTCnB.exe

C:\Windows\System32\dPsukfQ.exe

C:\Windows\System32\dPsukfQ.exe

C:\Windows\System32\AezBwWX.exe

C:\Windows\System32\AezBwWX.exe

C:\Windows\System32\vUWRTJx.exe

C:\Windows\System32\vUWRTJx.exe

C:\Windows\System32\EUcwTVx.exe

C:\Windows\System32\EUcwTVx.exe

C:\Windows\System32\hgtBdlS.exe

C:\Windows\System32\hgtBdlS.exe

C:\Windows\System32\iWtGAII.exe

C:\Windows\System32\iWtGAII.exe

C:\Windows\System32\PLnwWgM.exe

C:\Windows\System32\PLnwWgM.exe

C:\Windows\System32\zAuCfIy.exe

C:\Windows\System32\zAuCfIy.exe

C:\Windows\System32\ByNodqH.exe

C:\Windows\System32\ByNodqH.exe

C:\Windows\System32\BKzTBNx.exe

C:\Windows\System32\BKzTBNx.exe

C:\Windows\System32\rCWYwMa.exe

C:\Windows\System32\rCWYwMa.exe

C:\Windows\System32\cfMkayn.exe

C:\Windows\System32\cfMkayn.exe

C:\Windows\System32\pVJHbRW.exe

C:\Windows\System32\pVJHbRW.exe

C:\Windows\System32\eGVFzeY.exe

C:\Windows\System32\eGVFzeY.exe

C:\Windows\System32\CSGmXru.exe

C:\Windows\System32\CSGmXru.exe

C:\Windows\System32\LbRwith.exe

C:\Windows\System32\LbRwith.exe

C:\Windows\System32\GjrSLma.exe

C:\Windows\System32\GjrSLma.exe

C:\Windows\System32\ZoygPBF.exe

C:\Windows\System32\ZoygPBF.exe

C:\Windows\System32\iXtTOVs.exe

C:\Windows\System32\iXtTOVs.exe

C:\Windows\System32\dkqoBeR.exe

C:\Windows\System32\dkqoBeR.exe

C:\Windows\System32\gEnDgRN.exe

C:\Windows\System32\gEnDgRN.exe

C:\Windows\System32\PWRXWMX.exe

C:\Windows\System32\PWRXWMX.exe

C:\Windows\System32\CKpBFdb.exe

C:\Windows\System32\CKpBFdb.exe

C:\Windows\System32\KPGxVnF.exe

C:\Windows\System32\KPGxVnF.exe

C:\Windows\System32\EcOiqdh.exe

C:\Windows\System32\EcOiqdh.exe

C:\Windows\System32\GWFVDzb.exe

C:\Windows\System32\GWFVDzb.exe

C:\Windows\System32\XYbMTiU.exe

C:\Windows\System32\XYbMTiU.exe

C:\Windows\System32\ScphumZ.exe

C:\Windows\System32\ScphumZ.exe

C:\Windows\System32\LwvvxmA.exe

C:\Windows\System32\LwvvxmA.exe

C:\Windows\System32\TcYWJFm.exe

C:\Windows\System32\TcYWJFm.exe

C:\Windows\System32\txKrBEh.exe

C:\Windows\System32\txKrBEh.exe

C:\Windows\System32\bCGNSFk.exe

C:\Windows\System32\bCGNSFk.exe

C:\Windows\System32\npjLMZM.exe

C:\Windows\System32\npjLMZM.exe

C:\Windows\System32\mugNnEr.exe

C:\Windows\System32\mugNnEr.exe

C:\Windows\System32\gdJPZcM.exe

C:\Windows\System32\gdJPZcM.exe

C:\Windows\System32\klBBxiE.exe

C:\Windows\System32\klBBxiE.exe

C:\Windows\System32\YAxaKXU.exe

C:\Windows\System32\YAxaKXU.exe

C:\Windows\System32\PWyCLEG.exe

C:\Windows\System32\PWyCLEG.exe

C:\Windows\System32\JhtFBAJ.exe

C:\Windows\System32\JhtFBAJ.exe

C:\Windows\System32\VAWotrZ.exe

C:\Windows\System32\VAWotrZ.exe

C:\Windows\System32\KDxnqIK.exe

C:\Windows\System32\KDxnqIK.exe

C:\Windows\System32\PNOflnc.exe

C:\Windows\System32\PNOflnc.exe

C:\Windows\System32\EeoantM.exe

C:\Windows\System32\EeoantM.exe

C:\Windows\System32\hEQeAmT.exe

C:\Windows\System32\hEQeAmT.exe

C:\Windows\System32\FGnNihS.exe

C:\Windows\System32\FGnNihS.exe

C:\Windows\System32\jfgojdY.exe

C:\Windows\System32\jfgojdY.exe

C:\Windows\System32\sMVzfPX.exe

C:\Windows\System32\sMVzfPX.exe

C:\Windows\System32\ujQxUqC.exe

C:\Windows\System32\ujQxUqC.exe

C:\Windows\System32\fhafgZg.exe

C:\Windows\System32\fhafgZg.exe

C:\Windows\System32\SFXHasc.exe

C:\Windows\System32\SFXHasc.exe

C:\Windows\System32\SPdMuFc.exe

C:\Windows\System32\SPdMuFc.exe

C:\Windows\System32\vKTWcZm.exe

C:\Windows\System32\vKTWcZm.exe

C:\Windows\System32\JxlQhqP.exe

C:\Windows\System32\JxlQhqP.exe

C:\Windows\System32\OeTDNti.exe

C:\Windows\System32\OeTDNti.exe

C:\Windows\System32\AJypdvB.exe

C:\Windows\System32\AJypdvB.exe

C:\Windows\System32\OVrEFnz.exe

C:\Windows\System32\OVrEFnz.exe

C:\Windows\System32\HeYiYpZ.exe

C:\Windows\System32\HeYiYpZ.exe

C:\Windows\System32\RKqsWjI.exe

C:\Windows\System32\RKqsWjI.exe

C:\Windows\System32\SIZmBda.exe

C:\Windows\System32\SIZmBda.exe

C:\Windows\System32\rqMsLnn.exe

C:\Windows\System32\rqMsLnn.exe

C:\Windows\System32\TxCsusQ.exe

C:\Windows\System32\TxCsusQ.exe

C:\Windows\System32\KjAsFAL.exe

C:\Windows\System32\KjAsFAL.exe

C:\Windows\System32\nWxGolT.exe

C:\Windows\System32\nWxGolT.exe

C:\Windows\System32\uiqgKbW.exe

C:\Windows\System32\uiqgKbW.exe

C:\Windows\System32\CuSXpnE.exe

C:\Windows\System32\CuSXpnE.exe

C:\Windows\System32\GjFfQKC.exe

C:\Windows\System32\GjFfQKC.exe

C:\Windows\System32\wGrInSg.exe

C:\Windows\System32\wGrInSg.exe

C:\Windows\System32\LzqQwDt.exe

C:\Windows\System32\LzqQwDt.exe

C:\Windows\System32\jGpyrzs.exe

C:\Windows\System32\jGpyrzs.exe

C:\Windows\System32\LLRvjjh.exe

C:\Windows\System32\LLRvjjh.exe

C:\Windows\System32\GrcWkOM.exe

C:\Windows\System32\GrcWkOM.exe

C:\Windows\System32\wnfHTZP.exe

C:\Windows\System32\wnfHTZP.exe

C:\Windows\System32\KIbzsnD.exe

C:\Windows\System32\KIbzsnD.exe

C:\Windows\System32\QDJygic.exe

C:\Windows\System32\QDJygic.exe

C:\Windows\System32\pOSUVxX.exe

C:\Windows\System32\pOSUVxX.exe

C:\Windows\System32\ZqQVycS.exe

C:\Windows\System32\ZqQVycS.exe

C:\Windows\System32\Ybklcdx.exe

C:\Windows\System32\Ybklcdx.exe

C:\Windows\System32\KehfApq.exe

C:\Windows\System32\KehfApq.exe

C:\Windows\System32\DLaRxGr.exe

C:\Windows\System32\DLaRxGr.exe

C:\Windows\System32\YqgxSwI.exe

C:\Windows\System32\YqgxSwI.exe

C:\Windows\System32\vgpoIev.exe

C:\Windows\System32\vgpoIev.exe

C:\Windows\System32\rAVdOBN.exe

C:\Windows\System32\rAVdOBN.exe

C:\Windows\System32\GawbXyz.exe

C:\Windows\System32\GawbXyz.exe

C:\Windows\System32\DXkkFeK.exe

C:\Windows\System32\DXkkFeK.exe

C:\Windows\System32\AjeKgjz.exe

C:\Windows\System32\AjeKgjz.exe

C:\Windows\System32\NdPePPf.exe

C:\Windows\System32\NdPePPf.exe

C:\Windows\System32\DqgsIxi.exe

C:\Windows\System32\DqgsIxi.exe

C:\Windows\System32\bVXNsyQ.exe

C:\Windows\System32\bVXNsyQ.exe

C:\Windows\System32\XfAJEct.exe

C:\Windows\System32\XfAJEct.exe

C:\Windows\System32\tjJLjKw.exe

C:\Windows\System32\tjJLjKw.exe

C:\Windows\System32\SvtTpxf.exe

C:\Windows\System32\SvtTpxf.exe

C:\Windows\System32\dpolFas.exe

C:\Windows\System32\dpolFas.exe

C:\Windows\System32\nilhkpB.exe

C:\Windows\System32\nilhkpB.exe

C:\Windows\System32\xfvDzGz.exe

C:\Windows\System32\xfvDzGz.exe

C:\Windows\System32\IndXFrd.exe

C:\Windows\System32\IndXFrd.exe

C:\Windows\System32\mOgABgv.exe

C:\Windows\System32\mOgABgv.exe

C:\Windows\System32\OdkWjSV.exe

C:\Windows\System32\OdkWjSV.exe

C:\Windows\System32\pOdvJYV.exe

C:\Windows\System32\pOdvJYV.exe

C:\Windows\System32\uSmCdDj.exe

C:\Windows\System32\uSmCdDj.exe

C:\Windows\System32\OmULnrc.exe

C:\Windows\System32\OmULnrc.exe

C:\Windows\System32\knhxAcJ.exe

C:\Windows\System32\knhxAcJ.exe

C:\Windows\System32\zhABDmu.exe

C:\Windows\System32\zhABDmu.exe

C:\Windows\System32\VwQbEax.exe

C:\Windows\System32\VwQbEax.exe

C:\Windows\System32\siepChS.exe

C:\Windows\System32\siepChS.exe

C:\Windows\System32\NzxYFsB.exe

C:\Windows\System32\NzxYFsB.exe

C:\Windows\System32\xwdrEKp.exe

C:\Windows\System32\xwdrEKp.exe

C:\Windows\System32\KsRJMJr.exe

C:\Windows\System32\KsRJMJr.exe

C:\Windows\System32\nDoHrVv.exe

C:\Windows\System32\nDoHrVv.exe

C:\Windows\System32\NTtuRVc.exe

C:\Windows\System32\NTtuRVc.exe

C:\Windows\System32\BnbjquO.exe

C:\Windows\System32\BnbjquO.exe

C:\Windows\System32\jGaLQwl.exe

C:\Windows\System32\jGaLQwl.exe

C:\Windows\System32\xDoEsvL.exe

C:\Windows\System32\xDoEsvL.exe

C:\Windows\System32\NClOseX.exe

C:\Windows\System32\NClOseX.exe

C:\Windows\System32\cYcTjFU.exe

C:\Windows\System32\cYcTjFU.exe

C:\Windows\System32\kmUsdnR.exe

C:\Windows\System32\kmUsdnR.exe

C:\Windows\System32\VXPAIBy.exe

C:\Windows\System32\VXPAIBy.exe

C:\Windows\System32\PetkJnP.exe

C:\Windows\System32\PetkJnP.exe

C:\Windows\System32\jvipKjl.exe

C:\Windows\System32\jvipKjl.exe

C:\Windows\System32\xlUIagQ.exe

C:\Windows\System32\xlUIagQ.exe

C:\Windows\System32\nOvLxmB.exe

C:\Windows\System32\nOvLxmB.exe

C:\Windows\System32\hGrvqzg.exe

C:\Windows\System32\hGrvqzg.exe

C:\Windows\System32\rcKHGUb.exe

C:\Windows\System32\rcKHGUb.exe

C:\Windows\System32\YZozzWE.exe

C:\Windows\System32\YZozzWE.exe

C:\Windows\System32\brDxgoT.exe

C:\Windows\System32\brDxgoT.exe

C:\Windows\System32\IvSeGzd.exe

C:\Windows\System32\IvSeGzd.exe

C:\Windows\System32\hemGxSk.exe

C:\Windows\System32\hemGxSk.exe

C:\Windows\System32\wZGwzPt.exe

C:\Windows\System32\wZGwzPt.exe

C:\Windows\System32\XLRAtkr.exe

C:\Windows\System32\XLRAtkr.exe

C:\Windows\System32\ySYODWF.exe

C:\Windows\System32\ySYODWF.exe

C:\Windows\System32\FHpFjGU.exe

C:\Windows\System32\FHpFjGU.exe

C:\Windows\System32\zvJcVBs.exe

C:\Windows\System32\zvJcVBs.exe

C:\Windows\System32\dyPEVbw.exe

C:\Windows\System32\dyPEVbw.exe

C:\Windows\System32\ZCyeQKe.exe

C:\Windows\System32\ZCyeQKe.exe

C:\Windows\System32\XwIVPcJ.exe

C:\Windows\System32\XwIVPcJ.exe

C:\Windows\System32\fxOkJIk.exe

C:\Windows\System32\fxOkJIk.exe

C:\Windows\System32\TxOfpbA.exe

C:\Windows\System32\TxOfpbA.exe

C:\Windows\System32\kTMqrxZ.exe

C:\Windows\System32\kTMqrxZ.exe

C:\Windows\System32\FvtLPjz.exe

C:\Windows\System32\FvtLPjz.exe

C:\Windows\System32\CHqqONF.exe

C:\Windows\System32\CHqqONF.exe

C:\Windows\System32\wMAmQZP.exe

C:\Windows\System32\wMAmQZP.exe

C:\Windows\System32\MoptwFX.exe

C:\Windows\System32\MoptwFX.exe

C:\Windows\System32\RlISFKh.exe

C:\Windows\System32\RlISFKh.exe

C:\Windows\System32\NtwyZhD.exe

C:\Windows\System32\NtwyZhD.exe

C:\Windows\System32\pCMxuny.exe

C:\Windows\System32\pCMxuny.exe

C:\Windows\System32\mRoYmoi.exe

C:\Windows\System32\mRoYmoi.exe

C:\Windows\System32\dqVNBDs.exe

C:\Windows\System32\dqVNBDs.exe

C:\Windows\System32\tMeYIBp.exe

C:\Windows\System32\tMeYIBp.exe

C:\Windows\System32\oyFgGll.exe

C:\Windows\System32\oyFgGll.exe

C:\Windows\System32\wRyEfiS.exe

C:\Windows\System32\wRyEfiS.exe

C:\Windows\System32\OQwnUlt.exe

C:\Windows\System32\OQwnUlt.exe

C:\Windows\System32\RiIqrWF.exe

C:\Windows\System32\RiIqrWF.exe

C:\Windows\System32\tFfwyFR.exe

C:\Windows\System32\tFfwyFR.exe

C:\Windows\System32\ZxBEKpr.exe

C:\Windows\System32\ZxBEKpr.exe

C:\Windows\System32\aquECxp.exe

C:\Windows\System32\aquECxp.exe

C:\Windows\System32\kuCzHxI.exe

C:\Windows\System32\kuCzHxI.exe

C:\Windows\System32\qbbCxEg.exe

C:\Windows\System32\qbbCxEg.exe

C:\Windows\System32\kDRCRPj.exe

C:\Windows\System32\kDRCRPj.exe

C:\Windows\System32\lRpCrwa.exe

C:\Windows\System32\lRpCrwa.exe

C:\Windows\System32\QfHfIbF.exe

C:\Windows\System32\QfHfIbF.exe

C:\Windows\System32\VQIBbvy.exe

C:\Windows\System32\VQIBbvy.exe

C:\Windows\System32\rpGBfKg.exe

C:\Windows\System32\rpGBfKg.exe

C:\Windows\System32\wxEMJsX.exe

C:\Windows\System32\wxEMJsX.exe

C:\Windows\System32\PAznEbM.exe

C:\Windows\System32\PAznEbM.exe

C:\Windows\System32\TPXikDZ.exe

C:\Windows\System32\TPXikDZ.exe

C:\Windows\System32\BkDvbsR.exe

C:\Windows\System32\BkDvbsR.exe

C:\Windows\System32\SIpirCs.exe

C:\Windows\System32\SIpirCs.exe

C:\Windows\System32\RmpcCcJ.exe

C:\Windows\System32\RmpcCcJ.exe

C:\Windows\System32\yOHtFjP.exe

C:\Windows\System32\yOHtFjP.exe

C:\Windows\System32\ngUuQCB.exe

C:\Windows\System32\ngUuQCB.exe

C:\Windows\System32\DsqKtpx.exe

C:\Windows\System32\DsqKtpx.exe

C:\Windows\System32\KrHsNcV.exe

C:\Windows\System32\KrHsNcV.exe

C:\Windows\System32\MJzOrPg.exe

C:\Windows\System32\MJzOrPg.exe

C:\Windows\System32\pOdKSJS.exe

C:\Windows\System32\pOdKSJS.exe

C:\Windows\System32\xaaPtYy.exe

C:\Windows\System32\xaaPtYy.exe

C:\Windows\System32\XVlOfRH.exe

C:\Windows\System32\XVlOfRH.exe

C:\Windows\System32\QRdVrnP.exe

C:\Windows\System32\QRdVrnP.exe

C:\Windows\System32\WfzDMJa.exe

C:\Windows\System32\WfzDMJa.exe

C:\Windows\System32\yZLzbqj.exe

C:\Windows\System32\yZLzbqj.exe

C:\Windows\System32\QEqmdLX.exe

C:\Windows\System32\QEqmdLX.exe

C:\Windows\System32\YYizFeP.exe

C:\Windows\System32\YYizFeP.exe

C:\Windows\System32\yZOkDbz.exe

C:\Windows\System32\yZOkDbz.exe

C:\Windows\System32\fUFcjUx.exe

C:\Windows\System32\fUFcjUx.exe

C:\Windows\System32\vLPeKRS.exe

C:\Windows\System32\vLPeKRS.exe

C:\Windows\System32\ZRVehFq.exe

C:\Windows\System32\ZRVehFq.exe

C:\Windows\System32\mTydUAp.exe

C:\Windows\System32\mTydUAp.exe

C:\Windows\System32\yAweoup.exe

C:\Windows\System32\yAweoup.exe

C:\Windows\System32\VqfCttj.exe

C:\Windows\System32\VqfCttj.exe

C:\Windows\System32\ZAZSqok.exe

C:\Windows\System32\ZAZSqok.exe

C:\Windows\System32\pnsPFWG.exe

C:\Windows\System32\pnsPFWG.exe

C:\Windows\System32\LtoJjlQ.exe

C:\Windows\System32\LtoJjlQ.exe

C:\Windows\System32\WCkxpQH.exe

C:\Windows\System32\WCkxpQH.exe

C:\Windows\System32\saVvqYX.exe

C:\Windows\System32\saVvqYX.exe

C:\Windows\System32\smZKhKU.exe

C:\Windows\System32\smZKhKU.exe

C:\Windows\System32\hIeVViO.exe

C:\Windows\System32\hIeVViO.exe

C:\Windows\System32\NFZhXnZ.exe

C:\Windows\System32\NFZhXnZ.exe

C:\Windows\System32\CBoxzRc.exe

C:\Windows\System32\CBoxzRc.exe

C:\Windows\System32\kAUCuUQ.exe

C:\Windows\System32\kAUCuUQ.exe

C:\Windows\System32\FJTRPEp.exe

C:\Windows\System32\FJTRPEp.exe

C:\Windows\System32\kmFJgWj.exe

C:\Windows\System32\kmFJgWj.exe

C:\Windows\System32\WgSuuBA.exe

C:\Windows\System32\WgSuuBA.exe

C:\Windows\System32\aGRvOes.exe

C:\Windows\System32\aGRvOes.exe

C:\Windows\System32\yxesYdB.exe

C:\Windows\System32\yxesYdB.exe

C:\Windows\System32\GAJEczR.exe

C:\Windows\System32\GAJEczR.exe

C:\Windows\System32\WaHFZfm.exe

C:\Windows\System32\WaHFZfm.exe

C:\Windows\System32\oeABqFN.exe

C:\Windows\System32\oeABqFN.exe

C:\Windows\System32\yxfqjKu.exe

C:\Windows\System32\yxfqjKu.exe

C:\Windows\System32\fSInIoq.exe

C:\Windows\System32\fSInIoq.exe

C:\Windows\System32\LxecjNN.exe

C:\Windows\System32\LxecjNN.exe

C:\Windows\System32\gCeNghb.exe

C:\Windows\System32\gCeNghb.exe

C:\Windows\System32\UbfMWsv.exe

C:\Windows\System32\UbfMWsv.exe

C:\Windows\System32\rbXCXBE.exe

C:\Windows\System32\rbXCXBE.exe

C:\Windows\System32\rmaGfpF.exe

C:\Windows\System32\rmaGfpF.exe

C:\Windows\System32\iJgNpUz.exe

C:\Windows\System32\iJgNpUz.exe

C:\Windows\System32\pzJIlJw.exe

C:\Windows\System32\pzJIlJw.exe

C:\Windows\System32\XPeobPn.exe

C:\Windows\System32\XPeobPn.exe

C:\Windows\System32\nHcSSAL.exe

C:\Windows\System32\nHcSSAL.exe

C:\Windows\System32\tgWRcIj.exe

C:\Windows\System32\tgWRcIj.exe

C:\Windows\System32\fHNtkhl.exe

C:\Windows\System32\fHNtkhl.exe

C:\Windows\System32\opLwCLe.exe

C:\Windows\System32\opLwCLe.exe

C:\Windows\System32\JMZEJQW.exe

C:\Windows\System32\JMZEJQW.exe

C:\Windows\System32\GCWLiaX.exe

C:\Windows\System32\GCWLiaX.exe

C:\Windows\System32\gwKVHJa.exe

C:\Windows\System32\gwKVHJa.exe

C:\Windows\System32\ENeiSGZ.exe

C:\Windows\System32\ENeiSGZ.exe

C:\Windows\System32\xZVavpg.exe

C:\Windows\System32\xZVavpg.exe

C:\Windows\System32\PFTxwco.exe

C:\Windows\System32\PFTxwco.exe

C:\Windows\System32\kKEwfVZ.exe

C:\Windows\System32\kKEwfVZ.exe

C:\Windows\System32\yhgQBNv.exe

C:\Windows\System32\yhgQBNv.exe

C:\Windows\System32\LsaSbMY.exe

C:\Windows\System32\LsaSbMY.exe

C:\Windows\System32\SXKEVdc.exe

C:\Windows\System32\SXKEVdc.exe

C:\Windows\System32\MnGgQsQ.exe

C:\Windows\System32\MnGgQsQ.exe

C:\Windows\System32\yajRXSM.exe

C:\Windows\System32\yajRXSM.exe

C:\Windows\System32\yFrnjFH.exe

C:\Windows\System32\yFrnjFH.exe

C:\Windows\System32\AprpcyT.exe

C:\Windows\System32\AprpcyT.exe

C:\Windows\System32\bPMEGdl.exe

C:\Windows\System32\bPMEGdl.exe

C:\Windows\System32\FajOLpT.exe

C:\Windows\System32\FajOLpT.exe

C:\Windows\System32\PEednjL.exe

C:\Windows\System32\PEednjL.exe

C:\Windows\System32\NbmBKhE.exe

C:\Windows\System32\NbmBKhE.exe

C:\Windows\System32\ISJrpQU.exe

C:\Windows\System32\ISJrpQU.exe

C:\Windows\System32\MDdRuat.exe

C:\Windows\System32\MDdRuat.exe

C:\Windows\System32\EVcBgoP.exe

C:\Windows\System32\EVcBgoP.exe

C:\Windows\System32\dFBkAvM.exe

C:\Windows\System32\dFBkAvM.exe

C:\Windows\System32\REgGWnN.exe

C:\Windows\System32\REgGWnN.exe

C:\Windows\System32\jXjNZln.exe

C:\Windows\System32\jXjNZln.exe

C:\Windows\System32\LaRwPev.exe

C:\Windows\System32\LaRwPev.exe

C:\Windows\System32\CipbMUO.exe

C:\Windows\System32\CipbMUO.exe

C:\Windows\System32\txEkZnH.exe

C:\Windows\System32\txEkZnH.exe

C:\Windows\System32\ZYMfkOU.exe

C:\Windows\System32\ZYMfkOU.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

memory/4356-0-0x00007FF63F8F0000-0x00007FF63FCE1000-memory.dmp

memory/4356-1-0x0000018B762B0000-0x0000018B762C0000-memory.dmp

C:\Windows\System32\HXpDPci.exe

MD5 c6a05687196ae4afeaf53f6e7b88b0f3
SHA1 34454500a43c3410859aa6216dd3334a22511a98
SHA256 0c4817b96f2853fa6f5952ebcf002bc6d997fc3bb53270620fe95c7e8d13e745
SHA512 fedb89fc03415cb28d6597540bd4e86794398ae2ef7c92218c967b9444f3d83c3eb88e8abc7c53d095d364deb7c98315ec1e49f9a2dd095016d582773f82fd10

C:\Windows\System32\udQOxUd.exe

MD5 f63eaeac341b73c7c708eda778d1c253
SHA1 395ea569791ae54651643889f3871a7895d71f89
SHA256 e0b6336deb424b11aacba1e619fc37e32de24d9fbc1a79e88a64d41fe00a2d6f
SHA512 3bad5a948e57ffa587b5470e553e6d5a86ff68a3e4e81c5f6e0be3a0d5f46c0382339074f5cd05b7817de65996168c155a9506d3f21d2cc2e24ee269e5e19a9a

memory/2780-10-0x00007FF6171E0000-0x00007FF6175D1000-memory.dmp

C:\Windows\System32\qIUTurH.exe

MD5 b26784cfe3b9b561650e313fe77a1332
SHA1 eaa78200a4c9de70ee9f05dfba5d1188397842e2
SHA256 19663957751bf97fbdd16442718cc54a1833413d3f1c0e56f23b275f543cf830
SHA512 88180cd39e9570df5435f0cfa1e6dcc119312799434f523e5315d3d85b859cc24348c015b6d5c0e3b6b33c9b495f13ef8083348c815d0f352d150de128e2b9b8

C:\Windows\System32\zBshwsc.exe

MD5 0bd8332a76ef2962dbf433dae0bc6250
SHA1 ac1a96c02ac885dfef1e5abadf7f67dcee79d399
SHA256 4e9245c7b84ac61e3e1548de91bb0d3c7ebf6837be135becfd2078b7f9a1b487
SHA512 296b58df7ad2acd6707133fc2f858f71e7975b49eb29b69b6cc7f91c10031fd4570113724237c84e425617f2d60d3906449c9f9e3d275725d6a3719c6cc9de57

C:\Windows\System32\kPbihmz.exe

MD5 b386e4aca76ef5fa94aa96a6cfb28157
SHA1 0cd889b42338f56664c89d155f5cc0e356e87400
SHA256 9c200ae34b974c503904303c4c7da8086374e11819c71ad2a7827cfc45c28032
SHA512 47a887df5170b5216efdc65b01895bac9c6b1ce0fc1c6ce55fab43880d9d90606b97fde67bbd7cb0d61293c63ba24cd029fe9671f6ea917f96e8abf598795315

C:\Windows\System32\iIcxNqf.exe

MD5 1857d66f65e8e52c69ba52c38d85e431
SHA1 ba52dab05f437b9848c1f97091f2190005032c50
SHA256 ca68451cd27d04b76193e595fccbbdfb2d70b65c267c4dd4015d9f7758597789
SHA512 7f22c2fe6b122fc986172d897aef0dd6fa247e5e4577c4b09311f3caccab6d7b149aa03aae54426c54ecf41da54c1615da2554b8fdf9ae2383a1cc160518f8d0

C:\Windows\System32\JHoBXak.exe

MD5 9cb341dd8052aafb2c27c1624e31fa1c
SHA1 68b68dcf14cddc506fa390581852a07b85aa3363
SHA256 9f051df88fe2354f8bce0f91ca67ca5da5526e2242f56bf7d2c215fd2e1a8094
SHA512 8eafa0f71c93364a59f829feccec4580b4476e8fc73592d74fc4e8bcfeedb2ccdff08c47a29319621d610160f3232523ce31a8f4f22319046cee708369b804cf

C:\Windows\System32\RIkzqjy.exe

MD5 307c0a11b86bba2090fd1b57be037ba5
SHA1 8279b1709eaa23940a2ee325213ba03480b2d1fe
SHA256 c9e664e312b41ae4755c2f6cd46e7fc469c41c2add50b1f63c59b8c8dcde86fe
SHA512 b550fbb413817258f30df64a97c0d18723de5b6c7c651a3d35a23647c62b138e1d28c40c4c7fe1f0d9e55e72a638256df4b8f62a6ffced848b5d0ae0a5a76cdd

C:\Windows\System32\FCmWYXW.exe

MD5 067264249f3ce35333a275cb2129a3f8
SHA1 e16dc7b7fc15b2660c5ef79fc291adf3d8c46fd3
SHA256 47c01795a5f25ce93b96feb7d22c9b25b5e2ad04c5056fc7fd0bb2978669594a
SHA512 0c199fc7b551f176b2fb9298ff27885caaf57a7f5df93c52bd28ab05959aca2e7d9cf42c3f8cdf778ade8270881b187064875df88df91feb06fbbe5d693f96fb

memory/1440-67-0x00007FF743770000-0x00007FF743B61000-memory.dmp

C:\Windows\System32\gHNOSVH.exe

MD5 ce5ca942acf3cea3ccbf0ee05862620e
SHA1 d8677088fb8bcf36fc78f2c850e38abd8af19ad6
SHA256 46f0a7d85fc7a113294c4565953b513b39baeea633d4e6ad6d517b816bb2cb66
SHA512 f6ae2451007450c8a01e4f26ed2094ef4b4a8ddcb15b994b22ca9d20c8137f2534d3c15a47096f77fd87adf85615a5aa0fc2a65d03b9eb97c0fd35235b6f9d16

C:\Windows\System32\LAkLvMn.exe

MD5 559f6db3432467e6e1311e068c47b405
SHA1 df1c0f1cfafd0197b9be8e2a373652b74abdaaf7
SHA256 5f64f24274e038ecd8ef837537c6fec0913555077b5863121ecc22c15a275a1b
SHA512 cc6ab0b48554813c52f7d7b8fe86380b1054451d5c39e908f32c8bedaf7f5f0211d10252c5c1488a5c3b5a01be26f983cd2c988edb16235a5444f5ae9e4111be

C:\Windows\System32\yebaXNf.exe

MD5 07e8b3378242d58b1ddc843c1589e63e
SHA1 f31e3aa410262fceba2835af8b17dfc72146cf81
SHA256 0ca5c2130e5baa9a8ab302a9ce31478ba9e17c01a2e7a61f079651da6b95ed38
SHA512 048fd8e3a830937cf3696ee0a4564819246d1c95a3c6d5e6417a8c01233c6169b3e0faf7b9034d18f3e108c5ec61c619cb9e082aa70b999d83ec483512d2a8d4

C:\Windows\System32\QgPmelN.exe

MD5 36db3b41e5106941ac25039223a71d00
SHA1 732e231e1e0f5cc24982103b08fcb57fd8a23feb
SHA256 87b78561c7c91dd7e19729f17535c70e0549c81019c703f0f2d597f82007201d
SHA512 03c042541bcaf638218735129b2675750d8aff3feae52ff99676a0cb54444c86dd984de46b824356369cfad4accf3b67eb240ede0b84dd64446ab70292b2078a

C:\Windows\System32\WBSRcPa.exe

MD5 20b13d7409fe145528768d86bccb9241
SHA1 c6ebdf15d43ae8a5da858f962c97c30117696d0d
SHA256 cdd6c66e0a70470b58ef425ca3ff53949f53ddb55fd596b49fed675092712fd4
SHA512 9448d61c4ab31e9e0cbfb9572d6ceff09dc7f459aea5fa1aaa8396b11126176f2cdaf7b909e9e19cd1028bd25ac96e913513ba63861f0d6a682235196a507aac

C:\Windows\System32\pGUFUzv.exe

MD5 040257432ebe7ba4397473ede98b2755
SHA1 e70fc58cbc483684e5698c158fa6f043508b68da
SHA256 0a71b329ba2b0c45109d04b7752a571fc055167b45bc4eb81cd814582a0325d8
SHA512 ed5998b7dcf6517bfacef21d758f3a2bc5aab5a58a725df676b6e2846a4a33f078c542f50b7cfb9aba1b17d57722234c247b78855deac4cbd3b35b5ff035c4c9

memory/1740-340-0x00007FF76C6E0000-0x00007FF76CAD1000-memory.dmp

memory/3968-341-0x00007FF7E0F70000-0x00007FF7E1361000-memory.dmp

memory/3116-342-0x00007FF64DAF0000-0x00007FF64DEE1000-memory.dmp

memory/4544-344-0x00007FF66E410000-0x00007FF66E801000-memory.dmp

memory/3680-343-0x00007FF729990000-0x00007FF729D81000-memory.dmp

memory/4620-345-0x00007FF607810000-0x00007FF607C01000-memory.dmp

memory/1776-346-0x00007FF67BAC0000-0x00007FF67BEB1000-memory.dmp

memory/4680-358-0x00007FF705E30000-0x00007FF706221000-memory.dmp

memory/2692-375-0x00007FF64AB10000-0x00007FF64AF01000-memory.dmp

memory/3836-381-0x00007FF760430000-0x00007FF760821000-memory.dmp

memory/4668-383-0x00007FF6575D0000-0x00007FF6579C1000-memory.dmp

memory/2412-390-0x00007FF77A7B0000-0x00007FF77ABA1000-memory.dmp

memory/232-379-0x00007FF7D2340000-0x00007FF7D2731000-memory.dmp

memory/728-371-0x00007FF741670000-0x00007FF741A61000-memory.dmp

memory/2988-362-0x00007FF7EF660000-0x00007FF7EFA51000-memory.dmp

memory/1448-351-0x00007FF7D28B0000-0x00007FF7D2CA1000-memory.dmp

C:\Windows\System32\HXydksd.exe

MD5 fe19e953bbaeb903607381186e494311
SHA1 65b55aefcb4f1f6a40594cc5f24188eb32881e75
SHA256 97ead2c78d2c7d293327915b0f3c56eb8f61b526a16abc71687ae19b046c0e90
SHA512 77ee15fe9919fccebacf8bead435fc5c66b93755741dd5717548ddbf7c1d111cf382ac32ba0a03f048bbf88a23a751e5e33e52048a72d89cdba9f9a3df8f88f9

C:\Windows\System32\jolEIMi.exe

MD5 8b92e5161c4295aeee64efdcdd1bba2d
SHA1 4cdc22bf0df758fe40592f6eb15c5badd94cec9b
SHA256 4ea3839e66fb33c42008d84c90d26fd5c1e9c215441c5ccc077cdf69c46fb34c
SHA512 4ecd27156f43246af3059c06ac14000626a90fdae691dd727bcb383ebb89838711a43bcb6eb7d5260ea6859371e41f92cf8e43ebef43e616c890c89fc09db028

C:\Windows\System32\tmNybJo.exe

MD5 83ab7b83b8bc25a42bd7ecdd9637a3ca
SHA1 d57f042aecd874adc42c3a29dd91f139258705fc
SHA256 0713e6326ef10a9b7115e77800f253531dcf83e10fed533ec3d4f30c50dba7f6
SHA512 62e475d5bf420cc65920aca92de5a1d8faf5c841458e79a270cc8b48c98a6207b0c975ee62e1d0ee4c8faada686b5034cd41e07835d6201441766c2cea51c625

C:\Windows\System32\ultLAIY.exe

MD5 0ba1565c435f9c67bbb1436ce4224046
SHA1 e6772900708b88a870917c852938e9a3c9c44f0e
SHA256 5412a7d71f50ca346babd3c3773abbf51670de4aca670c2a4f53bc6ad4b11276
SHA512 419d430e8ddd8990767e853e9b643e88f9ed7a811ddedbd45081b13b1f57044c6646d47a6d7df7cc946c03250418523096854ad9ced86cf004c5a9e3e3eda4cd

C:\Windows\System32\UvfySWS.exe

MD5 23cee384e21197c121b9c8f38848cda9
SHA1 6ef7ee1c2196271d959e4058b4e3958c3c8ce23c
SHA256 d99f8eb8e41b164afd88079582fdc9e6eaa4e571f484df012d52e26288fb8e03
SHA512 cd166092c9261adb942390667962ce0aa559c3a7f573bbe5b339feec3856a9956af05bbbc2fc3dad73358be97f4f20d04c9affd7c8c41c04d14e26474c994694

C:\Windows\System32\DdprypC.exe

MD5 feeef5efc942fc3336eae6282d6d3e67
SHA1 add9dff3c8e552ba765220e6e26890996f86e346
SHA256 d5890da885cf3f0d5fd5b45f34f9a244eca119e4df60039b88c4bd5ae47a9da4
SHA512 a089b6707cf11327cfef91390117ba5e9dcddb567a880e5a86bc282e069e3e9469d23a819e30a98540a6387ab3be588554e3a0b872a078a55a1e6d0cbd0d20ca

C:\Windows\System32\YMgrbzL.exe

MD5 ef5242c40765c52e28e2e39b30045f71
SHA1 7bd011596f3841aa36350c59a32432e9ca15a6d0
SHA256 d270e7656d664b80bb0d303eeee680839c1b46cf371e56b767f0a7277465ddb2
SHA512 8fdec1ec77aa80a31846d07cfca09b8d72458e50e7810bcc1c061643765f5463f599e3062cc97db7215367c68d620526bf7160a10c12a2a666741f56f3c2dd83

memory/4212-396-0x00007FF7489E0000-0x00007FF748DD1000-memory.dmp

C:\Windows\System32\QtwlBml.exe

MD5 610cb3205529758941981f6ff6689b55
SHA1 bc4ac5bcc167047cf868d3c6227dcf23a64b4a68
SHA256 71dee9ec57b8ec1210c18b20261d5f55c6a41f1e2838273dfad606af67cfface
SHA512 37e24ed524cccac01501039d35951b680256a05c84f7ed3b8e222aa8b47e3da36a54e0e56350f5107cb5db0ce2f82cf768efdb8c2ed9dc085082358585647d05

C:\Windows\System32\bjwzlOE.exe

MD5 aa730cbe761137b904c2c19340b4e9e5
SHA1 0f2c080e05726fe15bbf61742c2d8cb7a3a81573
SHA256 48079e8a5bd5928cbfcb0530b5adde43028068b2df0d2422789fcf7a3eb4d045
SHA512 cab014a23be4fc5a255c14e24c28f876ec0784f741a7165a46422b76c05b000965e50fad23927655d14c0fd23fc8285ca459d5e6998807436fab162935a7d035

C:\Windows\System32\JyagvWI.exe

MD5 cf25b539417e18ff51eda24dccccb356
SHA1 b6727bc9531757347696c97f806b844e717d7d7c
SHA256 7a814139c9d3cf30b013747f7d2d909e6fe4c4b91e59592decfc52d626a237fe
SHA512 8f8a9901d94ca8c74ef32f1c250d3e47bee7f103f3e6fdbc7e656379be8d501185f0a99084145148a6f56d99c9256ad9028bddfb9a91719f356278d5b6c1236a

C:\Windows\System32\zKLiBIX.exe

MD5 b3c50f4683944fe4e9280d52f2101831
SHA1 e515452ba0fd3e84e3bff5398f9d1b884f1144a6
SHA256 78659352e30ef99ac780a0921b32b0e14fca9decebb065762c42e97bf09cc38f
SHA512 eef5a6e46dc18bad8901ccc2e76b31ef27204b3e71230dac85bab3b1e35e2df17587d05e957915c114add3de5fcf7bbd8a56e347c9ea49821d88ab584b9a9c28

C:\Windows\System32\SuuTzif.exe

MD5 e56571e1553ce858b90ecf890adbb569
SHA1 d4a83340c4b2f01629914809b4f4132000b00a00
SHA256 d77b8a54020de81e203497ad110660f96a1f07fd0272a897033b9889f2b0c65e
SHA512 81b977faddcb500b7372be60c48b44b6876737a53aef6dbc7d390477715e7dcc454d5ced232a814bb38562ce614685a584942fb116dbd4cebd25810c66a970aa

C:\Windows\System32\geOyKaG.exe

MD5 b47574e3385f3b435224a2bd38865c38
SHA1 7e8fc1e29fa79746a0247433821562fd34c71e76
SHA256 b42537816ad01d2152f06e20e5d92ea5ecf8c98bb956258d9ffae869a27c87d6
SHA512 e986c46a7a6d7c12e5647acbd30dedc42c6acf2a348311f63cc5e33c432bf7259f70caea0c8a749df091890d865f9bd4236ad523a091d45d1b4bbb2e1e222c9f

C:\Windows\System32\jvTFrpY.exe

MD5 6a60d5878ec4eea2d12a46165f641156
SHA1 5a3914e661ab4fcf5d13c1671a37f1ab764eb7f5
SHA256 a137dfb5a4662f1e5c9e5db2d15c61b31b03ac735d0407cce285d8d9c8b67726
SHA512 dacaee034cdd0004b2db71792b93054d19faff5599cade3c66a77c5567bd219662a59f7881fe7dde57e39b1c879441ba78cdb79d5a2aa9dccfd2fa12bf9d87fb

memory/816-65-0x00007FF71FD60000-0x00007FF720151000-memory.dmp

C:\Windows\System32\ZyqabxV.exe

MD5 57742c14003b3df0c57e5632768968ef
SHA1 f413b22e9114f001fd258339ecfbe0ca3b34c167
SHA256 ccfe7c953d7b83b57673bc946f50f7cebd60cd28c3d4c987c981ca337b4d0911
SHA512 25adb74477c654f70783768d8d217e53e3187bc19f587a33f3edd281135582f69b6466d0df57851eb910d426fe3569040e67664bfca8bf9a8ce427cef4766be7

C:\Windows\System32\QyOXTlZ.exe

MD5 722f28d1c5e3224aa36e22af6f6759c6
SHA1 626946aa65aa9fc6dbd57075b46933cd9f9c7ba2
SHA256 f33aa3dcd84640d6ec489f8ce90d520286442171047c0790fa3749cf02ad701e
SHA512 a3fa83037e66a739ad0d1197098177472c22254ad3eb965da84e93cd903745fea721892bd25758b4ddb8a59b2e23a2628e3379c36fc7c43f4368416941a97b15

C:\Windows\System32\aYjcaxY.exe

MD5 585d7398bbbca150486ee163dadc349d
SHA1 a3174c0d475d0f1a17ec411642391cae1a5993fd
SHA256 dd8b6ddcf1476e7f07a293ddc1b2a419f3bc9af638a81745889b2246c137aefe
SHA512 42a0a97fc14bb2c9302ff3a0428c4bdd58f61dacc303bdf97cb3183d3089d2268a50fe2941db787aa5de4c2e445276db0deb1b2847b02bfcbf397af777f8d805

memory/1972-21-0x00007FF6B9C90000-0x00007FF6BA081000-memory.dmp

memory/3516-12-0x00007FF7A7C60000-0x00007FF7A8051000-memory.dmp

memory/1636-401-0x00007FF7776B0000-0x00007FF777AA1000-memory.dmp

memory/4200-403-0x00007FF6CED30000-0x00007FF6CF121000-memory.dmp

memory/3516-1973-0x00007FF7A7C60000-0x00007FF7A8051000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133608742352438744.txt

MD5 8cdd0e31fdc880d03dd47abc4b0efbf9
SHA1 37648604549b090bc8683dffda89fe8338b18d9c
SHA256 edf5f36d377aa149ebfbf55c896fe8716ea11f49a9ec61df2d327bc43c835bab
SHA512 b7cb49eb50e7b5e0d36c7e971b39bde726d36383f5723ad5bb082c266435550030d5a8b53eda5c2ddfc720d73007aba4ffd36b32949161876104328d98a9a511

memory/2780-2154-0x00007FF6171E0000-0x00007FF6175D1000-memory.dmp

memory/3516-2156-0x00007FF7A7C60000-0x00007FF7A8051000-memory.dmp

memory/1972-2158-0x00007FF6B9C90000-0x00007FF6BA081000-memory.dmp

memory/816-2160-0x00007FF71FD60000-0x00007FF720151000-memory.dmp

memory/3968-2186-0x00007FF7E0F70000-0x00007FF7E1361000-memory.dmp

memory/1440-2189-0x00007FF743770000-0x00007FF743B61000-memory.dmp

memory/4620-2193-0x00007FF607810000-0x00007FF607C01000-memory.dmp

memory/4544-2195-0x00007FF66E410000-0x00007FF66E801000-memory.dmp

memory/3680-2192-0x00007FF729990000-0x00007FF729D81000-memory.dmp

memory/1636-2188-0x00007FF7776B0000-0x00007FF777AA1000-memory.dmp

memory/3116-2183-0x00007FF64DAF0000-0x00007FF64DEE1000-memory.dmp

memory/1740-2171-0x00007FF76C6E0000-0x00007FF76CAD1000-memory.dmp

memory/4200-2199-0x00007FF6CED30000-0x00007FF6CF121000-memory.dmp

memory/1448-2201-0x00007FF7D28B0000-0x00007FF7D2CA1000-memory.dmp

memory/4680-2203-0x00007FF705E30000-0x00007FF706221000-memory.dmp

memory/2988-2205-0x00007FF7EF660000-0x00007FF7EFA51000-memory.dmp

memory/1776-2197-0x00007FF67BAC0000-0x00007FF67BEB1000-memory.dmp

memory/3836-2213-0x00007FF760430000-0x00007FF760821000-memory.dmp

memory/4212-2225-0x00007FF7489E0000-0x00007FF748DD1000-memory.dmp

memory/2692-2219-0x00007FF64AB10000-0x00007FF64AF01000-memory.dmp

memory/2412-2217-0x00007FF77A7B0000-0x00007FF77ABA1000-memory.dmp

memory/728-2214-0x00007FF741670000-0x00007FF741A61000-memory.dmp

memory/232-2222-0x00007FF7D2340000-0x00007FF7D2731000-memory.dmp

memory/4668-2220-0x00007FF6575D0000-0x00007FF6579C1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\3MKUANJA\microsoft.windows[1].xml

MD5 6a517bf11dbd236d703ed9898dd3f910
SHA1 f8d64563b0eaba616dc29496c51f795ede02d767
SHA256 d7b7aa87d942a062dd03f78ade8fab7d8efcba60b8c44c52326eea574eeb182b
SHA512 04f15407222285b97dfff27db7320a590d20c7982d13e2eabc68d3b99fce2863951de8321780e7e70d0d187297c6ee6202014dc0ac6d30a7010bff59be769058