Malware Analysis Report

2025-04-19 15:06

Sample ID 240522-zr4ynagd3t
Target 39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe
SHA256 6b39185ec47f174f31e481d1f51ee57f72ecca48dd3a0436bec7d820759272a6
Tags
miner upx xmrig persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6b39185ec47f174f31e481d1f51ee57f72ecca48dd3a0436bec7d820759272a6

Threat Level: Known bad

The file 39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig persistence

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Modifies Installed Components in the registry

Loads dropped DLL

Executes dropped EXE

UPX packed file

Enumerates connected drives

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 20:58

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 20:58

Reported

2024-05-22 21:00

Platform

win7-20240508-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\jPsAvFE.exe N/A
N/A N/A C:\Windows\System\RhOfXnN.exe N/A
N/A N/A C:\Windows\System\LSKMEqq.exe N/A
N/A N/A C:\Windows\System\ElGVovh.exe N/A
N/A N/A C:\Windows\System\uiFdxle.exe N/A
N/A N/A C:\Windows\System\xBYvTJb.exe N/A
N/A N/A C:\Windows\System\yMZdfTb.exe N/A
N/A N/A C:\Windows\System\vvAQoGb.exe N/A
N/A N/A C:\Windows\System\CaaMRqQ.exe N/A
N/A N/A C:\Windows\System\ugjLyvH.exe N/A
N/A N/A C:\Windows\System\AQHefYq.exe N/A
N/A N/A C:\Windows\System\NtHPdfw.exe N/A
N/A N/A C:\Windows\System\nEDmega.exe N/A
N/A N/A C:\Windows\System\eonCIGG.exe N/A
N/A N/A C:\Windows\System\MCyCods.exe N/A
N/A N/A C:\Windows\System\TZLDTFi.exe N/A
N/A N/A C:\Windows\System\sQiFXYJ.exe N/A
N/A N/A C:\Windows\System\XJglUee.exe N/A
N/A N/A C:\Windows\System\ZccnFIu.exe N/A
N/A N/A C:\Windows\System\rhPRaJe.exe N/A
N/A N/A C:\Windows\System\XrTSMsY.exe N/A
N/A N/A C:\Windows\System\CXfNdqs.exe N/A
N/A N/A C:\Windows\System\DMxDVKr.exe N/A
N/A N/A C:\Windows\System\fwxmqvv.exe N/A
N/A N/A C:\Windows\System\hSzHfZn.exe N/A
N/A N/A C:\Windows\System\zjXkQDn.exe N/A
N/A N/A C:\Windows\System\eXoVafz.exe N/A
N/A N/A C:\Windows\System\QmhVmKD.exe N/A
N/A N/A C:\Windows\System\MBpUaJQ.exe N/A
N/A N/A C:\Windows\System\lgMoDvw.exe N/A
N/A N/A C:\Windows\System\RVZSMrf.exe N/A
N/A N/A C:\Windows\System\drWJAxP.exe N/A
N/A N/A C:\Windows\System\FLzSuYh.exe N/A
N/A N/A C:\Windows\System\hhqDKaR.exe N/A
N/A N/A C:\Windows\System\UfVoDvc.exe N/A
N/A N/A C:\Windows\System\OJIFPvs.exe N/A
N/A N/A C:\Windows\System\nFhiKws.exe N/A
N/A N/A C:\Windows\System\zWclZhO.exe N/A
N/A N/A C:\Windows\System\BSORgFH.exe N/A
N/A N/A C:\Windows\System\hZeeokD.exe N/A
N/A N/A C:\Windows\System\UBRUPZo.exe N/A
N/A N/A C:\Windows\System\RySqlws.exe N/A
N/A N/A C:\Windows\System\wwCqLDh.exe N/A
N/A N/A C:\Windows\System\nrNLODa.exe N/A
N/A N/A C:\Windows\System\tfbGRPH.exe N/A
N/A N/A C:\Windows\System\ICtYjQV.exe N/A
N/A N/A C:\Windows\System\ecsZjUB.exe N/A
N/A N/A C:\Windows\System\DPKSzgv.exe N/A
N/A N/A C:\Windows\System\JXVqqTA.exe N/A
N/A N/A C:\Windows\System\grSaYxr.exe N/A
N/A N/A C:\Windows\System\VindaKi.exe N/A
N/A N/A C:\Windows\System\KJIlLSv.exe N/A
N/A N/A C:\Windows\System\ovSfngG.exe N/A
N/A N/A C:\Windows\System\MndbevQ.exe N/A
N/A N/A C:\Windows\System\tQZXTiq.exe N/A
N/A N/A C:\Windows\System\tRNgYQw.exe N/A
N/A N/A C:\Windows\System\NBzOIgT.exe N/A
N/A N/A C:\Windows\System\BtLlOYD.exe N/A
N/A N/A C:\Windows\System\ofsSyBm.exe N/A
N/A N/A C:\Windows\System\oswVJOJ.exe N/A
N/A N/A C:\Windows\System\mLvRDMf.exe N/A
N/A N/A C:\Windows\System\TvZUrvH.exe N/A
N/A N/A C:\Windows\System\GvqQndv.exe N/A
N/A N/A C:\Windows\System\eZDKdql.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\mYntSGB.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nvGoWXG.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hCrLyUa.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uqwsLwP.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HkQZjdN.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OGCowNQ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RwOCiGh.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iWRDzSy.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPlHddJ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mrsMrQd.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHtwYAS.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\epxbPRj.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QNcjvgi.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BRiuCfg.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClZpiEi.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\USXnuzu.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GvqQndv.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SUoztcL.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRENkkK.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ODzpOHj.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GtJzplk.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zGPWudR.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cCgrMfX.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wNXFBKK.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\InWNsDv.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yogWIpi.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pynhnsJ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NBzOIgT.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HmzdglU.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mLvRDMf.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WHXBesE.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Mllphms.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yYuWVQE.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\brmQLeg.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YezAQhr.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XKitItH.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zWclZhO.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oToERnO.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtsydfZ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vdaBoDr.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IFBTpoQ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\svRscEG.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PvtbaTs.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XScLKjX.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AHLfhjB.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FzeEZCc.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HQKRsli.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ehXcQPz.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOFkbfP.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQZzjwh.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lfREhNK.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DMxDVKr.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yIuZLNE.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsjmtPF.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tbgccTK.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mXjeKQc.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SfBxnVj.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pzVhLHw.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MvAmnQR.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YDaUBQx.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VBtfUtZ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bDGgcSG.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ovSfngG.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ADfSIgr.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\jPsAvFE.exe
PID 2040 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\jPsAvFE.exe
PID 2040 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\jPsAvFE.exe
PID 2040 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\RhOfXnN.exe
PID 2040 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\RhOfXnN.exe
PID 2040 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\RhOfXnN.exe
PID 2040 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\uiFdxle.exe
PID 2040 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\uiFdxle.exe
PID 2040 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\uiFdxle.exe
PID 2040 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\LSKMEqq.exe
PID 2040 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\LSKMEqq.exe
PID 2040 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\LSKMEqq.exe
PID 2040 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\xBYvTJb.exe
PID 2040 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\xBYvTJb.exe
PID 2040 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\xBYvTJb.exe
PID 2040 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ElGVovh.exe
PID 2040 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ElGVovh.exe
PID 2040 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ElGVovh.exe
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\yMZdfTb.exe
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\yMZdfTb.exe
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\yMZdfTb.exe
PID 2040 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\vvAQoGb.exe
PID 2040 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\vvAQoGb.exe
PID 2040 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\vvAQoGb.exe
PID 2040 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\CaaMRqQ.exe
PID 2040 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\CaaMRqQ.exe
PID 2040 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\CaaMRqQ.exe
PID 2040 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ugjLyvH.exe
PID 2040 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ugjLyvH.exe
PID 2040 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ugjLyvH.exe
PID 2040 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\AQHefYq.exe
PID 2040 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\AQHefYq.exe
PID 2040 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\AQHefYq.exe
PID 2040 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\NtHPdfw.exe
PID 2040 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\NtHPdfw.exe
PID 2040 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\NtHPdfw.exe
PID 2040 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\nEDmega.exe
PID 2040 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\nEDmega.exe
PID 2040 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\nEDmega.exe
PID 2040 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\eonCIGG.exe
PID 2040 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\eonCIGG.exe
PID 2040 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\eonCIGG.exe
PID 2040 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\MCyCods.exe
PID 2040 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\MCyCods.exe
PID 2040 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\MCyCods.exe
PID 2040 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\TZLDTFi.exe
PID 2040 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\TZLDTFi.exe
PID 2040 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\TZLDTFi.exe
PID 2040 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\sQiFXYJ.exe
PID 2040 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\sQiFXYJ.exe
PID 2040 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\sQiFXYJ.exe
PID 2040 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\XJglUee.exe
PID 2040 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\XJglUee.exe
PID 2040 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\XJglUee.exe
PID 2040 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ZccnFIu.exe
PID 2040 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ZccnFIu.exe
PID 2040 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ZccnFIu.exe
PID 2040 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\rhPRaJe.exe
PID 2040 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\rhPRaJe.exe
PID 2040 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\rhPRaJe.exe
PID 2040 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\XrTSMsY.exe
PID 2040 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\XrTSMsY.exe
PID 2040 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\XrTSMsY.exe
PID 2040 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\CXfNdqs.exe

Processes

C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe"

C:\Windows\System\jPsAvFE.exe

C:\Windows\System\jPsAvFE.exe

C:\Windows\System\RhOfXnN.exe

C:\Windows\System\RhOfXnN.exe

C:\Windows\System\uiFdxle.exe

C:\Windows\System\uiFdxle.exe

C:\Windows\System\LSKMEqq.exe

C:\Windows\System\LSKMEqq.exe

C:\Windows\System\xBYvTJb.exe

C:\Windows\System\xBYvTJb.exe

C:\Windows\System\ElGVovh.exe

C:\Windows\System\ElGVovh.exe

C:\Windows\System\yMZdfTb.exe

C:\Windows\System\yMZdfTb.exe

C:\Windows\System\vvAQoGb.exe

C:\Windows\System\vvAQoGb.exe

C:\Windows\System\CaaMRqQ.exe

C:\Windows\System\CaaMRqQ.exe

C:\Windows\System\ugjLyvH.exe

C:\Windows\System\ugjLyvH.exe

C:\Windows\System\AQHefYq.exe

C:\Windows\System\AQHefYq.exe

C:\Windows\System\NtHPdfw.exe

C:\Windows\System\NtHPdfw.exe

C:\Windows\System\nEDmega.exe

C:\Windows\System\nEDmega.exe

C:\Windows\System\eonCIGG.exe

C:\Windows\System\eonCIGG.exe

C:\Windows\System\MCyCods.exe

C:\Windows\System\MCyCods.exe

C:\Windows\System\TZLDTFi.exe

C:\Windows\System\TZLDTFi.exe

C:\Windows\System\sQiFXYJ.exe

C:\Windows\System\sQiFXYJ.exe

C:\Windows\System\XJglUee.exe

C:\Windows\System\XJglUee.exe

C:\Windows\System\ZccnFIu.exe

C:\Windows\System\ZccnFIu.exe

C:\Windows\System\rhPRaJe.exe

C:\Windows\System\rhPRaJe.exe

C:\Windows\System\XrTSMsY.exe

C:\Windows\System\XrTSMsY.exe

C:\Windows\System\CXfNdqs.exe

C:\Windows\System\CXfNdqs.exe

C:\Windows\System\DMxDVKr.exe

C:\Windows\System\DMxDVKr.exe

C:\Windows\System\fwxmqvv.exe

C:\Windows\System\fwxmqvv.exe

C:\Windows\System\hSzHfZn.exe

C:\Windows\System\hSzHfZn.exe

C:\Windows\System\zjXkQDn.exe

C:\Windows\System\zjXkQDn.exe

C:\Windows\System\eXoVafz.exe

C:\Windows\System\eXoVafz.exe

C:\Windows\System\QmhVmKD.exe

C:\Windows\System\QmhVmKD.exe

C:\Windows\System\MBpUaJQ.exe

C:\Windows\System\MBpUaJQ.exe

C:\Windows\System\lgMoDvw.exe

C:\Windows\System\lgMoDvw.exe

C:\Windows\System\RVZSMrf.exe

C:\Windows\System\RVZSMrf.exe

C:\Windows\System\drWJAxP.exe

C:\Windows\System\drWJAxP.exe

C:\Windows\System\FLzSuYh.exe

C:\Windows\System\FLzSuYh.exe

C:\Windows\System\hhqDKaR.exe

C:\Windows\System\hhqDKaR.exe

C:\Windows\System\UfVoDvc.exe

C:\Windows\System\UfVoDvc.exe

C:\Windows\System\OJIFPvs.exe

C:\Windows\System\OJIFPvs.exe

C:\Windows\System\nFhiKws.exe

C:\Windows\System\nFhiKws.exe

C:\Windows\System\zWclZhO.exe

C:\Windows\System\zWclZhO.exe

C:\Windows\System\BSORgFH.exe

C:\Windows\System\BSORgFH.exe

C:\Windows\System\hZeeokD.exe

C:\Windows\System\hZeeokD.exe

C:\Windows\System\UBRUPZo.exe

C:\Windows\System\UBRUPZo.exe

C:\Windows\System\RySqlws.exe

C:\Windows\System\RySqlws.exe

C:\Windows\System\wwCqLDh.exe

C:\Windows\System\wwCqLDh.exe

C:\Windows\System\nrNLODa.exe

C:\Windows\System\nrNLODa.exe

C:\Windows\System\tfbGRPH.exe

C:\Windows\System\tfbGRPH.exe

C:\Windows\System\ICtYjQV.exe

C:\Windows\System\ICtYjQV.exe

C:\Windows\System\ecsZjUB.exe

C:\Windows\System\ecsZjUB.exe

C:\Windows\System\DPKSzgv.exe

C:\Windows\System\DPKSzgv.exe

C:\Windows\System\JXVqqTA.exe

C:\Windows\System\JXVqqTA.exe

C:\Windows\System\grSaYxr.exe

C:\Windows\System\grSaYxr.exe

C:\Windows\System\VindaKi.exe

C:\Windows\System\VindaKi.exe

C:\Windows\System\KJIlLSv.exe

C:\Windows\System\KJIlLSv.exe

C:\Windows\System\ovSfngG.exe

C:\Windows\System\ovSfngG.exe

C:\Windows\System\MndbevQ.exe

C:\Windows\System\MndbevQ.exe

C:\Windows\System\tQZXTiq.exe

C:\Windows\System\tQZXTiq.exe

C:\Windows\System\tRNgYQw.exe

C:\Windows\System\tRNgYQw.exe

C:\Windows\System\NBzOIgT.exe

C:\Windows\System\NBzOIgT.exe

C:\Windows\System\BtLlOYD.exe

C:\Windows\System\BtLlOYD.exe

C:\Windows\System\ofsSyBm.exe

C:\Windows\System\ofsSyBm.exe

C:\Windows\System\oswVJOJ.exe

C:\Windows\System\oswVJOJ.exe

C:\Windows\System\mLvRDMf.exe

C:\Windows\System\mLvRDMf.exe

C:\Windows\System\TvZUrvH.exe

C:\Windows\System\TvZUrvH.exe

C:\Windows\System\GvqQndv.exe

C:\Windows\System\GvqQndv.exe

C:\Windows\System\eZDKdql.exe

C:\Windows\System\eZDKdql.exe

C:\Windows\System\xzJbrIj.exe

C:\Windows\System\xzJbrIj.exe

C:\Windows\System\HQnWmBR.exe

C:\Windows\System\HQnWmBR.exe

C:\Windows\System\QHOmlsC.exe

C:\Windows\System\QHOmlsC.exe

C:\Windows\System\HoofMXc.exe

C:\Windows\System\HoofMXc.exe

C:\Windows\System\BXYarBU.exe

C:\Windows\System\BXYarBU.exe

C:\Windows\System\wSWyMCN.exe

C:\Windows\System\wSWyMCN.exe

C:\Windows\System\mawivBI.exe

C:\Windows\System\mawivBI.exe

C:\Windows\System\KowYHDA.exe

C:\Windows\System\KowYHDA.exe

C:\Windows\System\iIXvgca.exe

C:\Windows\System\iIXvgca.exe

C:\Windows\System\bVDJlll.exe

C:\Windows\System\bVDJlll.exe

C:\Windows\System\kKmLfwf.exe

C:\Windows\System\kKmLfwf.exe

C:\Windows\System\eTdkkYE.exe

C:\Windows\System\eTdkkYE.exe

C:\Windows\System\JxsBRnn.exe

C:\Windows\System\JxsBRnn.exe

C:\Windows\System\rTaCtnT.exe

C:\Windows\System\rTaCtnT.exe

C:\Windows\System\gQXwVwW.exe

C:\Windows\System\gQXwVwW.exe

C:\Windows\System\KhoJoYK.exe

C:\Windows\System\KhoJoYK.exe

C:\Windows\System\SUoztcL.exe

C:\Windows\System\SUoztcL.exe

C:\Windows\System\sjMMnKP.exe

C:\Windows\System\sjMMnKP.exe

C:\Windows\System\ooBLwWR.exe

C:\Windows\System\ooBLwWR.exe

C:\Windows\System\pVjWroY.exe

C:\Windows\System\pVjWroY.exe

C:\Windows\System\wYAjjcN.exe

C:\Windows\System\wYAjjcN.exe

C:\Windows\System\vAXmzhL.exe

C:\Windows\System\vAXmzhL.exe

C:\Windows\System\MzpDAyU.exe

C:\Windows\System\MzpDAyU.exe

C:\Windows\System\tNMKqRx.exe

C:\Windows\System\tNMKqRx.exe

C:\Windows\System\ymiiCpR.exe

C:\Windows\System\ymiiCpR.exe

C:\Windows\System\MyvPMTL.exe

C:\Windows\System\MyvPMTL.exe

C:\Windows\System\umjjAdT.exe

C:\Windows\System\umjjAdT.exe

C:\Windows\System\fhHTMRj.exe

C:\Windows\System\fhHTMRj.exe

C:\Windows\System\YvpaFBD.exe

C:\Windows\System\YvpaFBD.exe

C:\Windows\System\TLoxIpa.exe

C:\Windows\System\TLoxIpa.exe

C:\Windows\System\FnKkvDQ.exe

C:\Windows\System\FnKkvDQ.exe

C:\Windows\System\iuFGBVo.exe

C:\Windows\System\iuFGBVo.exe

C:\Windows\System\BZOGduD.exe

C:\Windows\System\BZOGduD.exe

C:\Windows\System\nSSndxR.exe

C:\Windows\System\nSSndxR.exe

C:\Windows\System\xfhTjVo.exe

C:\Windows\System\xfhTjVo.exe

C:\Windows\System\wRYhred.exe

C:\Windows\System\wRYhred.exe

C:\Windows\System\czTkDFH.exe

C:\Windows\System\czTkDFH.exe

C:\Windows\System\ldTSYeZ.exe

C:\Windows\System\ldTSYeZ.exe

C:\Windows\System\JniPqAe.exe

C:\Windows\System\JniPqAe.exe

C:\Windows\System\jsSMbNk.exe

C:\Windows\System\jsSMbNk.exe

C:\Windows\System\kgOdbUE.exe

C:\Windows\System\kgOdbUE.exe

C:\Windows\System\MAnXlkw.exe

C:\Windows\System\MAnXlkw.exe

C:\Windows\System\VePDhcp.exe

C:\Windows\System\VePDhcp.exe

C:\Windows\System\YhDLiJw.exe

C:\Windows\System\YhDLiJw.exe

C:\Windows\System\iPgaEDN.exe

C:\Windows\System\iPgaEDN.exe

C:\Windows\System\NcIrGNY.exe

C:\Windows\System\NcIrGNY.exe

C:\Windows\System\oMAcnaT.exe

C:\Windows\System\oMAcnaT.exe

C:\Windows\System\MXIsyWP.exe

C:\Windows\System\MXIsyWP.exe

C:\Windows\System\BFlAIOZ.exe

C:\Windows\System\BFlAIOZ.exe

C:\Windows\System\UNKSMkY.exe

C:\Windows\System\UNKSMkY.exe

C:\Windows\System\SsTNxYS.exe

C:\Windows\System\SsTNxYS.exe

C:\Windows\System\iGLmfgl.exe

C:\Windows\System\iGLmfgl.exe

C:\Windows\System\XBBgBJR.exe

C:\Windows\System\XBBgBJR.exe

C:\Windows\System\eSvQoJi.exe

C:\Windows\System\eSvQoJi.exe

C:\Windows\System\DqyywrB.exe

C:\Windows\System\DqyywrB.exe

C:\Windows\System\tVgCkyT.exe

C:\Windows\System\tVgCkyT.exe

C:\Windows\System\WoWTkcT.exe

C:\Windows\System\WoWTkcT.exe

C:\Windows\System\PUEOpxO.exe

C:\Windows\System\PUEOpxO.exe

C:\Windows\System\xzZEGhc.exe

C:\Windows\System\xzZEGhc.exe

C:\Windows\System\azHldxD.exe

C:\Windows\System\azHldxD.exe

C:\Windows\System\eXTwKMC.exe

C:\Windows\System\eXTwKMC.exe

C:\Windows\System\Rudnlpm.exe

C:\Windows\System\Rudnlpm.exe

C:\Windows\System\kPGuxow.exe

C:\Windows\System\kPGuxow.exe

C:\Windows\System\bpAWYDd.exe

C:\Windows\System\bpAWYDd.exe

C:\Windows\System\gqDCtwS.exe

C:\Windows\System\gqDCtwS.exe

C:\Windows\System\MbTMMYd.exe

C:\Windows\System\MbTMMYd.exe

C:\Windows\System\ryhjdDC.exe

C:\Windows\System\ryhjdDC.exe

C:\Windows\System\PhvQfdB.exe

C:\Windows\System\PhvQfdB.exe

C:\Windows\System\cejIiRS.exe

C:\Windows\System\cejIiRS.exe

C:\Windows\System\pLPYFuz.exe

C:\Windows\System\pLPYFuz.exe

C:\Windows\System\WnpuxRE.exe

C:\Windows\System\WnpuxRE.exe

C:\Windows\System\vCAjKEW.exe

C:\Windows\System\vCAjKEW.exe

C:\Windows\System\mXyrxsY.exe

C:\Windows\System\mXyrxsY.exe

C:\Windows\System\HIalDrM.exe

C:\Windows\System\HIalDrM.exe

C:\Windows\System\ydQIWrt.exe

C:\Windows\System\ydQIWrt.exe

C:\Windows\System\AxHWxbQ.exe

C:\Windows\System\AxHWxbQ.exe

C:\Windows\System\lEFFbnq.exe

C:\Windows\System\lEFFbnq.exe

C:\Windows\System\USuchpc.exe

C:\Windows\System\USuchpc.exe

C:\Windows\System\cyGvkFM.exe

C:\Windows\System\cyGvkFM.exe

C:\Windows\System\sqQudwg.exe

C:\Windows\System\sqQudwg.exe

C:\Windows\System\lfieelI.exe

C:\Windows\System\lfieelI.exe

C:\Windows\System\nEflCtx.exe

C:\Windows\System\nEflCtx.exe

C:\Windows\System\EmxsLgV.exe

C:\Windows\System\EmxsLgV.exe

C:\Windows\System\XUILqda.exe

C:\Windows\System\XUILqda.exe

C:\Windows\System\gShkTsD.exe

C:\Windows\System\gShkTsD.exe

C:\Windows\System\jdNLnKc.exe

C:\Windows\System\jdNLnKc.exe

C:\Windows\System\RxzwKjR.exe

C:\Windows\System\RxzwKjR.exe

C:\Windows\System\UIiQqmE.exe

C:\Windows\System\UIiQqmE.exe

C:\Windows\System\rBJCmCm.exe

C:\Windows\System\rBJCmCm.exe

C:\Windows\System\vmOXJuo.exe

C:\Windows\System\vmOXJuo.exe

C:\Windows\System\LbRUZmf.exe

C:\Windows\System\LbRUZmf.exe

C:\Windows\System\JIzpQtm.exe

C:\Windows\System\JIzpQtm.exe

C:\Windows\System\jugGVuj.exe

C:\Windows\System\jugGVuj.exe

C:\Windows\System\ZnhunwG.exe

C:\Windows\System\ZnhunwG.exe

C:\Windows\System\KptGFIp.exe

C:\Windows\System\KptGFIp.exe

C:\Windows\System\xybdWwe.exe

C:\Windows\System\xybdWwe.exe

C:\Windows\System\JerduGl.exe

C:\Windows\System\JerduGl.exe

C:\Windows\System\KwuarbK.exe

C:\Windows\System\KwuarbK.exe

C:\Windows\System\EJAxfch.exe

C:\Windows\System\EJAxfch.exe

C:\Windows\System\OoWBsTC.exe

C:\Windows\System\OoWBsTC.exe

C:\Windows\System\wXLVJzg.exe

C:\Windows\System\wXLVJzg.exe

C:\Windows\System\TEbcoVL.exe

C:\Windows\System\TEbcoVL.exe

C:\Windows\System\llDaVpw.exe

C:\Windows\System\llDaVpw.exe

C:\Windows\System\HiRwWxP.exe

C:\Windows\System\HiRwWxP.exe

C:\Windows\System\pFxnBET.exe

C:\Windows\System\pFxnBET.exe

C:\Windows\System\gYYnWzm.exe

C:\Windows\System\gYYnWzm.exe

C:\Windows\System\kmuarBa.exe

C:\Windows\System\kmuarBa.exe

C:\Windows\System\dmWbcsR.exe

C:\Windows\System\dmWbcsR.exe

C:\Windows\System\VAIEWek.exe

C:\Windows\System\VAIEWek.exe

C:\Windows\System\WLpLLNb.exe

C:\Windows\System\WLpLLNb.exe

C:\Windows\System\GEJDRxs.exe

C:\Windows\System\GEJDRxs.exe

C:\Windows\System\uZGYwzj.exe

C:\Windows\System\uZGYwzj.exe

C:\Windows\System\mqeLThK.exe

C:\Windows\System\mqeLThK.exe

C:\Windows\System\KcclDrj.exe

C:\Windows\System\KcclDrj.exe

C:\Windows\System\KATYQFG.exe

C:\Windows\System\KATYQFG.exe

C:\Windows\System\WfDAVjL.exe

C:\Windows\System\WfDAVjL.exe

C:\Windows\System\MMMnmPu.exe

C:\Windows\System\MMMnmPu.exe

C:\Windows\System\ZhvVHgj.exe

C:\Windows\System\ZhvVHgj.exe

C:\Windows\System\MolNjND.exe

C:\Windows\System\MolNjND.exe

C:\Windows\System\InWNsDv.exe

C:\Windows\System\InWNsDv.exe

C:\Windows\System\jTeWVGu.exe

C:\Windows\System\jTeWVGu.exe

C:\Windows\System\budWUyi.exe

C:\Windows\System\budWUyi.exe

C:\Windows\System\MkkoeQI.exe

C:\Windows\System\MkkoeQI.exe

C:\Windows\System\gVDRWew.exe

C:\Windows\System\gVDRWew.exe

C:\Windows\System\vNCyKcm.exe

C:\Windows\System\vNCyKcm.exe

C:\Windows\System\PFjGSKg.exe

C:\Windows\System\PFjGSKg.exe

C:\Windows\System\WHXBesE.exe

C:\Windows\System\WHXBesE.exe

C:\Windows\System\QaztvQO.exe

C:\Windows\System\QaztvQO.exe

C:\Windows\System\atfXZTD.exe

C:\Windows\System\atfXZTD.exe

C:\Windows\System\epmsLxb.exe

C:\Windows\System\epmsLxb.exe

C:\Windows\System\lfQZZJM.exe

C:\Windows\System\lfQZZJM.exe

C:\Windows\System\vCXdXtx.exe

C:\Windows\System\vCXdXtx.exe

C:\Windows\System\AbVYCId.exe

C:\Windows\System\AbVYCId.exe

C:\Windows\System\JXWjZsB.exe

C:\Windows\System\JXWjZsB.exe

C:\Windows\System\vYHklzo.exe

C:\Windows\System\vYHklzo.exe

C:\Windows\System\mHWlxUN.exe

C:\Windows\System\mHWlxUN.exe

C:\Windows\System\fclvshV.exe

C:\Windows\System\fclvshV.exe

C:\Windows\System\ExAQacR.exe

C:\Windows\System\ExAQacR.exe

C:\Windows\System\raNzemZ.exe

C:\Windows\System\raNzemZ.exe

C:\Windows\System\VmfFwnn.exe

C:\Windows\System\VmfFwnn.exe

C:\Windows\System\zoplBtG.exe

C:\Windows\System\zoplBtG.exe

C:\Windows\System\xMwtLhw.exe

C:\Windows\System\xMwtLhw.exe

C:\Windows\System\sgBLKfc.exe

C:\Windows\System\sgBLKfc.exe

C:\Windows\System\jlbJJKH.exe

C:\Windows\System\jlbJJKH.exe

C:\Windows\System\XGydMwo.exe

C:\Windows\System\XGydMwo.exe

C:\Windows\System\YyVBaUQ.exe

C:\Windows\System\YyVBaUQ.exe

C:\Windows\System\bhJhSZO.exe

C:\Windows\System\bhJhSZO.exe

C:\Windows\System\pjLdffT.exe

C:\Windows\System\pjLdffT.exe

C:\Windows\System\TvBbPHe.exe

C:\Windows\System\TvBbPHe.exe

C:\Windows\System\fdPoest.exe

C:\Windows\System\fdPoest.exe

C:\Windows\System\LbiaGjc.exe

C:\Windows\System\LbiaGjc.exe

C:\Windows\System\SJIpqnB.exe

C:\Windows\System\SJIpqnB.exe

C:\Windows\System\pDSXBIb.exe

C:\Windows\System\pDSXBIb.exe

C:\Windows\System\YQMHSdf.exe

C:\Windows\System\YQMHSdf.exe

C:\Windows\System\Daqovbh.exe

C:\Windows\System\Daqovbh.exe

C:\Windows\System\vmoETbV.exe

C:\Windows\System\vmoETbV.exe

C:\Windows\System\HmzdglU.exe

C:\Windows\System\HmzdglU.exe

C:\Windows\System\nCEohuK.exe

C:\Windows\System\nCEohuK.exe

C:\Windows\System\GDZNlTQ.exe

C:\Windows\System\GDZNlTQ.exe

C:\Windows\System\WMEXrPp.exe

C:\Windows\System\WMEXrPp.exe

C:\Windows\System\eTlCdXj.exe

C:\Windows\System\eTlCdXj.exe

C:\Windows\System\sNsEiIN.exe

C:\Windows\System\sNsEiIN.exe

C:\Windows\System\JQulvOL.exe

C:\Windows\System\JQulvOL.exe

C:\Windows\System\sbArwCt.exe

C:\Windows\System\sbArwCt.exe

C:\Windows\System\dtvonIV.exe

C:\Windows\System\dtvonIV.exe

C:\Windows\System\OyknbOU.exe

C:\Windows\System\OyknbOU.exe

C:\Windows\System\KVhiaXh.exe

C:\Windows\System\KVhiaXh.exe

C:\Windows\System\NZvSpJi.exe

C:\Windows\System\NZvSpJi.exe

C:\Windows\System\ZPFqhON.exe

C:\Windows\System\ZPFqhON.exe

C:\Windows\System\rtMRfqt.exe

C:\Windows\System\rtMRfqt.exe

C:\Windows\System\motZpGI.exe

C:\Windows\System\motZpGI.exe

C:\Windows\System\vrWsAtB.exe

C:\Windows\System\vrWsAtB.exe

C:\Windows\System\rgnkxpA.exe

C:\Windows\System\rgnkxpA.exe

C:\Windows\System\LlPHiRQ.exe

C:\Windows\System\LlPHiRQ.exe

C:\Windows\System\UInLhvs.exe

C:\Windows\System\UInLhvs.exe

C:\Windows\System\fxjnzzp.exe

C:\Windows\System\fxjnzzp.exe

C:\Windows\System\ODwHVfq.exe

C:\Windows\System\ODwHVfq.exe

C:\Windows\System\qddSfGr.exe

C:\Windows\System\qddSfGr.exe

C:\Windows\System\zuGmnmg.exe

C:\Windows\System\zuGmnmg.exe

C:\Windows\System\SgYSRsH.exe

C:\Windows\System\SgYSRsH.exe

C:\Windows\System\HNxCIcg.exe

C:\Windows\System\HNxCIcg.exe

C:\Windows\System\XTtIsWn.exe

C:\Windows\System\XTtIsWn.exe

C:\Windows\System\GqopnNA.exe

C:\Windows\System\GqopnNA.exe

C:\Windows\System\hyDQoMo.exe

C:\Windows\System\hyDQoMo.exe

C:\Windows\System\oSXBVBY.exe

C:\Windows\System\oSXBVBY.exe

C:\Windows\System\WwEFPTn.exe

C:\Windows\System\WwEFPTn.exe

C:\Windows\System\RoLbWzg.exe

C:\Windows\System\RoLbWzg.exe

C:\Windows\System\TPdDyoU.exe

C:\Windows\System\TPdDyoU.exe

C:\Windows\System\zhMKNoY.exe

C:\Windows\System\zhMKNoY.exe

C:\Windows\System\hYeHMoB.exe

C:\Windows\System\hYeHMoB.exe

C:\Windows\System\xqSIVyv.exe

C:\Windows\System\xqSIVyv.exe

C:\Windows\System\mNyXGAU.exe

C:\Windows\System\mNyXGAU.exe

C:\Windows\System\FYPrLOc.exe

C:\Windows\System\FYPrLOc.exe

C:\Windows\System\TIAjBLW.exe

C:\Windows\System\TIAjBLW.exe

C:\Windows\System\RxJDxHP.exe

C:\Windows\System\RxJDxHP.exe

C:\Windows\System\kflCmys.exe

C:\Windows\System\kflCmys.exe

C:\Windows\System\zhufObZ.exe

C:\Windows\System\zhufObZ.exe

C:\Windows\System\lLZujQi.exe

C:\Windows\System\lLZujQi.exe

C:\Windows\System\bptSgqi.exe

C:\Windows\System\bptSgqi.exe

C:\Windows\System\zRENkkK.exe

C:\Windows\System\zRENkkK.exe

C:\Windows\System\XWVMpUw.exe

C:\Windows\System\XWVMpUw.exe

C:\Windows\System\MLaOxVy.exe

C:\Windows\System\MLaOxVy.exe

C:\Windows\System\xBmAapq.exe

C:\Windows\System\xBmAapq.exe

C:\Windows\System\CHfZZlU.exe

C:\Windows\System\CHfZZlU.exe

C:\Windows\System\zGQfkMv.exe

C:\Windows\System\zGQfkMv.exe

C:\Windows\System\OpaoDKX.exe

C:\Windows\System\OpaoDKX.exe

C:\Windows\System\ZZWTxUA.exe

C:\Windows\System\ZZWTxUA.exe

C:\Windows\System\FJOIqVM.exe

C:\Windows\System\FJOIqVM.exe

C:\Windows\System\ukfZZoA.exe

C:\Windows\System\ukfZZoA.exe

C:\Windows\System\vlaUaiM.exe

C:\Windows\System\vlaUaiM.exe

C:\Windows\System\zpfQmVY.exe

C:\Windows\System\zpfQmVY.exe

C:\Windows\System\Qmmgmnn.exe

C:\Windows\System\Qmmgmnn.exe

C:\Windows\System\HksEfVy.exe

C:\Windows\System\HksEfVy.exe

C:\Windows\System\QhDXekw.exe

C:\Windows\System\QhDXekw.exe

C:\Windows\System\lhGssTO.exe

C:\Windows\System\lhGssTO.exe

C:\Windows\System\lfMNSgi.exe

C:\Windows\System\lfMNSgi.exe

C:\Windows\System\GqXANRu.exe

C:\Windows\System\GqXANRu.exe

C:\Windows\System\AftFPoe.exe

C:\Windows\System\AftFPoe.exe

C:\Windows\System\qGWWRLM.exe

C:\Windows\System\qGWWRLM.exe

C:\Windows\System\WEOUkie.exe

C:\Windows\System\WEOUkie.exe

C:\Windows\System\SdxLAJi.exe

C:\Windows\System\SdxLAJi.exe

C:\Windows\System\lcvvwJF.exe

C:\Windows\System\lcvvwJF.exe

C:\Windows\System\qomVvEj.exe

C:\Windows\System\qomVvEj.exe

C:\Windows\System\qQUkUBm.exe

C:\Windows\System\qQUkUBm.exe

C:\Windows\System\XnIrbmL.exe

C:\Windows\System\XnIrbmL.exe

C:\Windows\System\IDGoRSQ.exe

C:\Windows\System\IDGoRSQ.exe

C:\Windows\System\ERfHXAH.exe

C:\Windows\System\ERfHXAH.exe

C:\Windows\System\iiMkpSs.exe

C:\Windows\System\iiMkpSs.exe

C:\Windows\System\tEKjlcf.exe

C:\Windows\System\tEKjlcf.exe

C:\Windows\System\gEKLMIt.exe

C:\Windows\System\gEKLMIt.exe

C:\Windows\System\rGkjqjh.exe

C:\Windows\System\rGkjqjh.exe

C:\Windows\System\xelspgf.exe

C:\Windows\System\xelspgf.exe

C:\Windows\System\FwCCXKr.exe

C:\Windows\System\FwCCXKr.exe

C:\Windows\System\MQfaQwd.exe

C:\Windows\System\MQfaQwd.exe

C:\Windows\System\dsHdfjH.exe

C:\Windows\System\dsHdfjH.exe

C:\Windows\System\UAjKuEl.exe

C:\Windows\System\UAjKuEl.exe

C:\Windows\System\yMqvPvp.exe

C:\Windows\System\yMqvPvp.exe

C:\Windows\System\xSZwToh.exe

C:\Windows\System\xSZwToh.exe

C:\Windows\System\rDWMgSM.exe

C:\Windows\System\rDWMgSM.exe

C:\Windows\System\NGjwTMc.exe

C:\Windows\System\NGjwTMc.exe

C:\Windows\System\fTLXNyt.exe

C:\Windows\System\fTLXNyt.exe

C:\Windows\System\AbKePUc.exe

C:\Windows\System\AbKePUc.exe

C:\Windows\System\XScLKjX.exe

C:\Windows\System\XScLKjX.exe

C:\Windows\System\SFuOXHH.exe

C:\Windows\System\SFuOXHH.exe

C:\Windows\System\JceCKAO.exe

C:\Windows\System\JceCKAO.exe

C:\Windows\System\CcbaAke.exe

C:\Windows\System\CcbaAke.exe

C:\Windows\System\DndiayE.exe

C:\Windows\System\DndiayE.exe

C:\Windows\System\DXbtBsO.exe

C:\Windows\System\DXbtBsO.exe

C:\Windows\System\OQWsDCJ.exe

C:\Windows\System\OQWsDCJ.exe

C:\Windows\System\OELvKUh.exe

C:\Windows\System\OELvKUh.exe

C:\Windows\System\sNEECZG.exe

C:\Windows\System\sNEECZG.exe

C:\Windows\System\tBXEocv.exe

C:\Windows\System\tBXEocv.exe

C:\Windows\System\JmBNRbD.exe

C:\Windows\System\JmBNRbD.exe

C:\Windows\System\fLLcJwZ.exe

C:\Windows\System\fLLcJwZ.exe

C:\Windows\System\fdVcOFN.exe

C:\Windows\System\fdVcOFN.exe

C:\Windows\System\aiMHJQb.exe

C:\Windows\System\aiMHJQb.exe

C:\Windows\System\vqNtvUQ.exe

C:\Windows\System\vqNtvUQ.exe

C:\Windows\System\KxtEkkm.exe

C:\Windows\System\KxtEkkm.exe

C:\Windows\System\sJOvmQP.exe

C:\Windows\System\sJOvmQP.exe

C:\Windows\System\MPjpfCO.exe

C:\Windows\System\MPjpfCO.exe

C:\Windows\System\kFeoCdi.exe

C:\Windows\System\kFeoCdi.exe

C:\Windows\System\ODOeDBi.exe

C:\Windows\System\ODOeDBi.exe

C:\Windows\System\wltocbs.exe

C:\Windows\System\wltocbs.exe

C:\Windows\System\agBAXjD.exe

C:\Windows\System\agBAXjD.exe

C:\Windows\System\ADfSIgr.exe

C:\Windows\System\ADfSIgr.exe

C:\Windows\System\CuuuglN.exe

C:\Windows\System\CuuuglN.exe

C:\Windows\System\GVtsGLg.exe

C:\Windows\System\GVtsGLg.exe

C:\Windows\System\kvthgtF.exe

C:\Windows\System\kvthgtF.exe

C:\Windows\System\KSKfvKB.exe

C:\Windows\System\KSKfvKB.exe

C:\Windows\System\jPlHddJ.exe

C:\Windows\System\jPlHddJ.exe

C:\Windows\System\BCYsHSb.exe

C:\Windows\System\BCYsHSb.exe

C:\Windows\System\RTvcYTN.exe

C:\Windows\System\RTvcYTN.exe

C:\Windows\System\FrBqUyG.exe

C:\Windows\System\FrBqUyG.exe

C:\Windows\System\JyiJBQx.exe

C:\Windows\System\JyiJBQx.exe

C:\Windows\System\aYliRen.exe

C:\Windows\System\aYliRen.exe

C:\Windows\System\KcDPUkC.exe

C:\Windows\System\KcDPUkC.exe

C:\Windows\System\xwOYHsg.exe

C:\Windows\System\xwOYHsg.exe

C:\Windows\System\gxoeNiL.exe

C:\Windows\System\gxoeNiL.exe

C:\Windows\System\eqIjIiE.exe

C:\Windows\System\eqIjIiE.exe

C:\Windows\System\TncrrsV.exe

C:\Windows\System\TncrrsV.exe

C:\Windows\System\wAOSYLF.exe

C:\Windows\System\wAOSYLF.exe

C:\Windows\System\BYZOcGj.exe

C:\Windows\System\BYZOcGj.exe

C:\Windows\System\ywtPPTV.exe

C:\Windows\System\ywtPPTV.exe

C:\Windows\System\VOFkbfP.exe

C:\Windows\System\VOFkbfP.exe

C:\Windows\System\XctHQIC.exe

C:\Windows\System\XctHQIC.exe

C:\Windows\System\zzIqKRT.exe

C:\Windows\System\zzIqKRT.exe

C:\Windows\System\XBUBjuo.exe

C:\Windows\System\XBUBjuo.exe

C:\Windows\System\DysIFbP.exe

C:\Windows\System\DysIFbP.exe

C:\Windows\System\XvdlGCO.exe

C:\Windows\System\XvdlGCO.exe

C:\Windows\System\umDvDjh.exe

C:\Windows\System\umDvDjh.exe

C:\Windows\System\FojJElD.exe

C:\Windows\System\FojJElD.exe

C:\Windows\System\FEFzdAO.exe

C:\Windows\System\FEFzdAO.exe

C:\Windows\System\LFozzlL.exe

C:\Windows\System\LFozzlL.exe

C:\Windows\System\DVZTQMY.exe

C:\Windows\System\DVZTQMY.exe

C:\Windows\System\gmRnzBI.exe

C:\Windows\System\gmRnzBI.exe

C:\Windows\System\zgxcMXF.exe

C:\Windows\System\zgxcMXF.exe

C:\Windows\System\KlUSYzj.exe

C:\Windows\System\KlUSYzj.exe

C:\Windows\System\LJFeFKu.exe

C:\Windows\System\LJFeFKu.exe

C:\Windows\System\nRgpJHY.exe

C:\Windows\System\nRgpJHY.exe

C:\Windows\System\CtiAzsb.exe

C:\Windows\System\CtiAzsb.exe

C:\Windows\System\DbnZCRo.exe

C:\Windows\System\DbnZCRo.exe

C:\Windows\System\uzdpqPt.exe

C:\Windows\System\uzdpqPt.exe

C:\Windows\System\peDpxXG.exe

C:\Windows\System\peDpxXG.exe

C:\Windows\System\WRmsOzf.exe

C:\Windows\System\WRmsOzf.exe

C:\Windows\System\EHEwqXD.exe

C:\Windows\System\EHEwqXD.exe

C:\Windows\System\RHBlaOq.exe

C:\Windows\System\RHBlaOq.exe

C:\Windows\System\FzZOmTq.exe

C:\Windows\System\FzZOmTq.exe

C:\Windows\System\XhpZAfZ.exe

C:\Windows\System\XhpZAfZ.exe

C:\Windows\System\skhWgMm.exe

C:\Windows\System\skhWgMm.exe

C:\Windows\System\ciOZKRI.exe

C:\Windows\System\ciOZKRI.exe

C:\Windows\System\twLHINX.exe

C:\Windows\System\twLHINX.exe

C:\Windows\System\cmDlxoB.exe

C:\Windows\System\cmDlxoB.exe

C:\Windows\System\DltoPpO.exe

C:\Windows\System\DltoPpO.exe

C:\Windows\System\diJnNkh.exe

C:\Windows\System\diJnNkh.exe

C:\Windows\System\OrpUGfZ.exe

C:\Windows\System\OrpUGfZ.exe

C:\Windows\System\MaHrUyh.exe

C:\Windows\System\MaHrUyh.exe

C:\Windows\System\VYdaZuP.exe

C:\Windows\System\VYdaZuP.exe

C:\Windows\System\SxoRQBt.exe

C:\Windows\System\SxoRQBt.exe

C:\Windows\System\SYyYlGW.exe

C:\Windows\System\SYyYlGW.exe

C:\Windows\System\IgFqQQD.exe

C:\Windows\System\IgFqQQD.exe

C:\Windows\System\GQUnyXn.exe

C:\Windows\System\GQUnyXn.exe

C:\Windows\System\zDGRDhQ.exe

C:\Windows\System\zDGRDhQ.exe

C:\Windows\System\kCGtCZc.exe

C:\Windows\System\kCGtCZc.exe

C:\Windows\System\EjDEimf.exe

C:\Windows\System\EjDEimf.exe

C:\Windows\System\bDegSnk.exe

C:\Windows\System\bDegSnk.exe

C:\Windows\System\TyLeuLF.exe

C:\Windows\System\TyLeuLF.exe

C:\Windows\System\pdGAbat.exe

C:\Windows\System\pdGAbat.exe

C:\Windows\System\AFxVLqW.exe

C:\Windows\System\AFxVLqW.exe

C:\Windows\System\QHaMWvu.exe

C:\Windows\System\QHaMWvu.exe

C:\Windows\System\yIuZLNE.exe

C:\Windows\System\yIuZLNE.exe

C:\Windows\System\pbobqtn.exe

C:\Windows\System\pbobqtn.exe

C:\Windows\System\OUoNCSd.exe

C:\Windows\System\OUoNCSd.exe

C:\Windows\System\mXjeKQc.exe

C:\Windows\System\mXjeKQc.exe

C:\Windows\System\BQqTFSj.exe

C:\Windows\System\BQqTFSj.exe

C:\Windows\System\uuzCmlh.exe

C:\Windows\System\uuzCmlh.exe

C:\Windows\System\XDYMVpb.exe

C:\Windows\System\XDYMVpb.exe

C:\Windows\System\Mgkzddo.exe

C:\Windows\System\Mgkzddo.exe

C:\Windows\System\opBpVGU.exe

C:\Windows\System\opBpVGU.exe

C:\Windows\System\fgKOQaw.exe

C:\Windows\System\fgKOQaw.exe

C:\Windows\System\xKZLXLo.exe

C:\Windows\System\xKZLXLo.exe

C:\Windows\System\KZrbvCi.exe

C:\Windows\System\KZrbvCi.exe

C:\Windows\System\poilSpN.exe

C:\Windows\System\poilSpN.exe

C:\Windows\System\YaqeuqE.exe

C:\Windows\System\YaqeuqE.exe

C:\Windows\System\rdnMnId.exe

C:\Windows\System\rdnMnId.exe

C:\Windows\System\RJyclmL.exe

C:\Windows\System\RJyclmL.exe

C:\Windows\System\FjFFdsl.exe

C:\Windows\System\FjFFdsl.exe

C:\Windows\System\MLUGqPa.exe

C:\Windows\System\MLUGqPa.exe

C:\Windows\System\XvlxsRr.exe

C:\Windows\System\XvlxsRr.exe

C:\Windows\System\emVqoDK.exe

C:\Windows\System\emVqoDK.exe

C:\Windows\System\eJmqSXI.exe

C:\Windows\System\eJmqSXI.exe

C:\Windows\System\cJvqpmR.exe

C:\Windows\System\cJvqpmR.exe

C:\Windows\System\WVeKGwK.exe

C:\Windows\System\WVeKGwK.exe

C:\Windows\System\cbSvHAt.exe

C:\Windows\System\cbSvHAt.exe

C:\Windows\System\ODzpOHj.exe

C:\Windows\System\ODzpOHj.exe

C:\Windows\System\kojFMSF.exe

C:\Windows\System\kojFMSF.exe

C:\Windows\System\rqXOjMn.exe

C:\Windows\System\rqXOjMn.exe

C:\Windows\System\bTNLZBQ.exe

C:\Windows\System\bTNLZBQ.exe

C:\Windows\System\mapIhab.exe

C:\Windows\System\mapIhab.exe

C:\Windows\System\VRmVzsv.exe

C:\Windows\System\VRmVzsv.exe

C:\Windows\System\AYpzAGg.exe

C:\Windows\System\AYpzAGg.exe

C:\Windows\System\vBQiGqH.exe

C:\Windows\System\vBQiGqH.exe

C:\Windows\System\ovKUqwQ.exe

C:\Windows\System\ovKUqwQ.exe

C:\Windows\System\fEAfLCx.exe

C:\Windows\System\fEAfLCx.exe

C:\Windows\System\YFhnVGB.exe

C:\Windows\System\YFhnVGB.exe

C:\Windows\System\DKsmdvE.exe

C:\Windows\System\DKsmdvE.exe

C:\Windows\System\IYXvbtr.exe

C:\Windows\System\IYXvbtr.exe

C:\Windows\System\wQEzHBI.exe

C:\Windows\System\wQEzHBI.exe

C:\Windows\System\thNbZro.exe

C:\Windows\System\thNbZro.exe

C:\Windows\System\JryKjpZ.exe

C:\Windows\System\JryKjpZ.exe

C:\Windows\System\gAMuaPJ.exe

C:\Windows\System\gAMuaPJ.exe

C:\Windows\System\EKifdjH.exe

C:\Windows\System\EKifdjH.exe

C:\Windows\System\LMaOeBb.exe

C:\Windows\System\LMaOeBb.exe

C:\Windows\System\uqwsLwP.exe

C:\Windows\System\uqwsLwP.exe

C:\Windows\System\HzbplXq.exe

C:\Windows\System\HzbplXq.exe

C:\Windows\System\TtugHWF.exe

C:\Windows\System\TtugHWF.exe

C:\Windows\System\TzRHqsJ.exe

C:\Windows\System\TzRHqsJ.exe

C:\Windows\System\dzCxRah.exe

C:\Windows\System\dzCxRah.exe

C:\Windows\System\JedyoDV.exe

C:\Windows\System\JedyoDV.exe

C:\Windows\System\pPBnqIo.exe

C:\Windows\System\pPBnqIo.exe

C:\Windows\System\XDsGOhv.exe

C:\Windows\System\XDsGOhv.exe

C:\Windows\System\vZpKZVc.exe

C:\Windows\System\vZpKZVc.exe

C:\Windows\System\smGQQQg.exe

C:\Windows\System\smGQQQg.exe

C:\Windows\System\ZmEJatu.exe

C:\Windows\System\ZmEJatu.exe

C:\Windows\System\dkdbPEY.exe

C:\Windows\System\dkdbPEY.exe

C:\Windows\System\FNgVuod.exe

C:\Windows\System\FNgVuod.exe

C:\Windows\System\GbJnKZa.exe

C:\Windows\System\GbJnKZa.exe

C:\Windows\System\iNZLXuK.exe

C:\Windows\System\iNZLXuK.exe

C:\Windows\System\lLzrvBM.exe

C:\Windows\System\lLzrvBM.exe

C:\Windows\System\cOcXmBr.exe

C:\Windows\System\cOcXmBr.exe

C:\Windows\System\oRmbWcb.exe

C:\Windows\System\oRmbWcb.exe

C:\Windows\System\yAFoMWV.exe

C:\Windows\System\yAFoMWV.exe

C:\Windows\System\HkQZjdN.exe

C:\Windows\System\HkQZjdN.exe

C:\Windows\System\xXSLhSL.exe

C:\Windows\System\xXSLhSL.exe

C:\Windows\System\MvAmnQR.exe

C:\Windows\System\MvAmnQR.exe

C:\Windows\System\SrKIXif.exe

C:\Windows\System\SrKIXif.exe

C:\Windows\System\MDkLldh.exe

C:\Windows\System\MDkLldh.exe

C:\Windows\System\ZWPIxlI.exe

C:\Windows\System\ZWPIxlI.exe

C:\Windows\System\SooLsQv.exe

C:\Windows\System\SooLsQv.exe

C:\Windows\System\nivUcyu.exe

C:\Windows\System\nivUcyu.exe

C:\Windows\System\TYkmaGj.exe

C:\Windows\System\TYkmaGj.exe

C:\Windows\System\DCMpwbF.exe

C:\Windows\System\DCMpwbF.exe

C:\Windows\System\uRPPNLc.exe

C:\Windows\System\uRPPNLc.exe

C:\Windows\System\CJVRQKR.exe

C:\Windows\System\CJVRQKR.exe

C:\Windows\System\XQIwpgC.exe

C:\Windows\System\XQIwpgC.exe

C:\Windows\System\kwcpPvC.exe

C:\Windows\System\kwcpPvC.exe

C:\Windows\System\WHdpVCW.exe

C:\Windows\System\WHdpVCW.exe

C:\Windows\System\uzZGWbo.exe

C:\Windows\System\uzZGWbo.exe

C:\Windows\System\xMJMMsa.exe

C:\Windows\System\xMJMMsa.exe

C:\Windows\System\HCrzsLA.exe

C:\Windows\System\HCrzsLA.exe

C:\Windows\System\SnvDyGM.exe

C:\Windows\System\SnvDyGM.exe

C:\Windows\System\NMVcAmQ.exe

C:\Windows\System\NMVcAmQ.exe

C:\Windows\System\qrOCXOa.exe

C:\Windows\System\qrOCXOa.exe

C:\Windows\System\XNMvsVb.exe

C:\Windows\System\XNMvsVb.exe

C:\Windows\System\BqNWkvM.exe

C:\Windows\System\BqNWkvM.exe

C:\Windows\System\Ytkbtct.exe

C:\Windows\System\Ytkbtct.exe

C:\Windows\System\gZkWIma.exe

C:\Windows\System\gZkWIma.exe

C:\Windows\System\Nqpyjge.exe

C:\Windows\System\Nqpyjge.exe

C:\Windows\System\AGKdiLe.exe

C:\Windows\System\AGKdiLe.exe

C:\Windows\System\yembdms.exe

C:\Windows\System\yembdms.exe

C:\Windows\System\qLraLhH.exe

C:\Windows\System\qLraLhH.exe

C:\Windows\System\JzBJboO.exe

C:\Windows\System\JzBJboO.exe

C:\Windows\System\JvKlEZZ.exe

C:\Windows\System\JvKlEZZ.exe

C:\Windows\System\GtJzplk.exe

C:\Windows\System\GtJzplk.exe

C:\Windows\System\ndggnVd.exe

C:\Windows\System\ndggnVd.exe

C:\Windows\System\PRMcHni.exe

C:\Windows\System\PRMcHni.exe

C:\Windows\System\nvCoYqb.exe

C:\Windows\System\nvCoYqb.exe

C:\Windows\System\FAkAeWs.exe

C:\Windows\System\FAkAeWs.exe

C:\Windows\System\SwGraul.exe

C:\Windows\System\SwGraul.exe

C:\Windows\System\IkUJwwx.exe

C:\Windows\System\IkUJwwx.exe

C:\Windows\System\xYtCDol.exe

C:\Windows\System\xYtCDol.exe

C:\Windows\System\nWHhAZx.exe

C:\Windows\System\nWHhAZx.exe

C:\Windows\System\rHSsxGX.exe

C:\Windows\System\rHSsxGX.exe

C:\Windows\System\WOIYVRh.exe

C:\Windows\System\WOIYVRh.exe

C:\Windows\System\AkmGPxN.exe

C:\Windows\System\AkmGPxN.exe

C:\Windows\System\LexflKl.exe

C:\Windows\System\LexflKl.exe

C:\Windows\System\UIzHnxc.exe

C:\Windows\System\UIzHnxc.exe

C:\Windows\System\peGVlMq.exe

C:\Windows\System\peGVlMq.exe

C:\Windows\System\KLVWreO.exe

C:\Windows\System\KLVWreO.exe

C:\Windows\System\FlSroAi.exe

C:\Windows\System\FlSroAi.exe

C:\Windows\System\RhWcybT.exe

C:\Windows\System\RhWcybT.exe

C:\Windows\System\vIHrZbU.exe

C:\Windows\System\vIHrZbU.exe

C:\Windows\System\kPyHcTD.exe

C:\Windows\System\kPyHcTD.exe

C:\Windows\System\zZAxfRR.exe

C:\Windows\System\zZAxfRR.exe

C:\Windows\System\OwGGqmj.exe

C:\Windows\System\OwGGqmj.exe

C:\Windows\System\XXrpFne.exe

C:\Windows\System\XXrpFne.exe

C:\Windows\System\DwWGHBR.exe

C:\Windows\System\DwWGHBR.exe

C:\Windows\System\rAHbaBu.exe

C:\Windows\System\rAHbaBu.exe

C:\Windows\System\otEfDHr.exe

C:\Windows\System\otEfDHr.exe

C:\Windows\System\AKdBpea.exe

C:\Windows\System\AKdBpea.exe

C:\Windows\System\XFYBdJy.exe

C:\Windows\System\XFYBdJy.exe

C:\Windows\System\jWcfnjS.exe

C:\Windows\System\jWcfnjS.exe

C:\Windows\System\SSdzatM.exe

C:\Windows\System\SSdzatM.exe

C:\Windows\System\jrmgveM.exe

C:\Windows\System\jrmgveM.exe

C:\Windows\System\hsSZUup.exe

C:\Windows\System\hsSZUup.exe

C:\Windows\System\nncoWMg.exe

C:\Windows\System\nncoWMg.exe

C:\Windows\System\RwzvazS.exe

C:\Windows\System\RwzvazS.exe

C:\Windows\System\SXTfzAP.exe

C:\Windows\System\SXTfzAP.exe

C:\Windows\System\Frmiakb.exe

C:\Windows\System\Frmiakb.exe

C:\Windows\System\RcyozQM.exe

C:\Windows\System\RcyozQM.exe

C:\Windows\System\SfBxnVj.exe

C:\Windows\System\SfBxnVj.exe

C:\Windows\System\FeipEuZ.exe

C:\Windows\System\FeipEuZ.exe

C:\Windows\System\IQmwoEK.exe

C:\Windows\System\IQmwoEK.exe

C:\Windows\System\oasHItX.exe

C:\Windows\System\oasHItX.exe

C:\Windows\System\BjPqQzA.exe

C:\Windows\System\BjPqQzA.exe

C:\Windows\System\ejavhRV.exe

C:\Windows\System\ejavhRV.exe

C:\Windows\System\qblhqcw.exe

C:\Windows\System\qblhqcw.exe

C:\Windows\System\PIsfMVE.exe

C:\Windows\System\PIsfMVE.exe

C:\Windows\System\utUNQOC.exe

C:\Windows\System\utUNQOC.exe

C:\Windows\System\lgnBIBv.exe

C:\Windows\System\lgnBIBv.exe

C:\Windows\System\bBZSaku.exe

C:\Windows\System\bBZSaku.exe

C:\Windows\System\xrKvlin.exe

C:\Windows\System\xrKvlin.exe

C:\Windows\System\GJCGhjU.exe

C:\Windows\System\GJCGhjU.exe

C:\Windows\System\JnmLiaU.exe

C:\Windows\System\JnmLiaU.exe

C:\Windows\System\WRNgkPA.exe

C:\Windows\System\WRNgkPA.exe

C:\Windows\System\PritrlA.exe

C:\Windows\System\PritrlA.exe

C:\Windows\System\hQFVIzI.exe

C:\Windows\System\hQFVIzI.exe

C:\Windows\System\CmKcYLu.exe

C:\Windows\System\CmKcYLu.exe

C:\Windows\System\vfFcogL.exe

C:\Windows\System\vfFcogL.exe

C:\Windows\System\NJFVYnk.exe

C:\Windows\System\NJFVYnk.exe

C:\Windows\System\AvBuBaf.exe

C:\Windows\System\AvBuBaf.exe

C:\Windows\System\LFQuJxf.exe

C:\Windows\System\LFQuJxf.exe

C:\Windows\System\oToERnO.exe

C:\Windows\System\oToERnO.exe

C:\Windows\System\yKzpGbQ.exe

C:\Windows\System\yKzpGbQ.exe

C:\Windows\System\BEvuKMm.exe

C:\Windows\System\BEvuKMm.exe

C:\Windows\System\pBEyCPJ.exe

C:\Windows\System\pBEyCPJ.exe

C:\Windows\System\QzdjKuu.exe

C:\Windows\System\QzdjKuu.exe

C:\Windows\System\TfxaNkt.exe

C:\Windows\System\TfxaNkt.exe

C:\Windows\System\bNygLja.exe

C:\Windows\System\bNygLja.exe

C:\Windows\System\cpthyNb.exe

C:\Windows\System\cpthyNb.exe

C:\Windows\System\NQBwpro.exe

C:\Windows\System\NQBwpro.exe

C:\Windows\System\RqOjcoQ.exe

C:\Windows\System\RqOjcoQ.exe

C:\Windows\System\AHLfhjB.exe

C:\Windows\System\AHLfhjB.exe

C:\Windows\System\kbHnUJa.exe

C:\Windows\System\kbHnUJa.exe

C:\Windows\System\zUMJcpq.exe

C:\Windows\System\zUMJcpq.exe

C:\Windows\System\ibfNbiA.exe

C:\Windows\System\ibfNbiA.exe

C:\Windows\System\mTWQUlu.exe

C:\Windows\System\mTWQUlu.exe

C:\Windows\System\HtsydfZ.exe

C:\Windows\System\HtsydfZ.exe

C:\Windows\System\rhfUzVS.exe

C:\Windows\System\rhfUzVS.exe

C:\Windows\System\LEUSJBN.exe

C:\Windows\System\LEUSJBN.exe

C:\Windows\System\FzeEZCc.exe

C:\Windows\System\FzeEZCc.exe

C:\Windows\System\HjrcXvV.exe

C:\Windows\System\HjrcXvV.exe

C:\Windows\System\BcvPXYq.exe

C:\Windows\System\BcvPXYq.exe

C:\Windows\System\stjaYkD.exe

C:\Windows\System\stjaYkD.exe

C:\Windows\System\kInHbux.exe

C:\Windows\System\kInHbux.exe

C:\Windows\System\hUORzLx.exe

C:\Windows\System\hUORzLx.exe

C:\Windows\System\ZOtPnuB.exe

C:\Windows\System\ZOtPnuB.exe

C:\Windows\System\adKNLqI.exe

C:\Windows\System\adKNLqI.exe

C:\Windows\System\NYtWIRr.exe

C:\Windows\System\NYtWIRr.exe

C:\Windows\System\puBrFVZ.exe

C:\Windows\System\puBrFVZ.exe

C:\Windows\System\eNzWFnG.exe

C:\Windows\System\eNzWFnG.exe

C:\Windows\System\SJrFTHg.exe

C:\Windows\System\SJrFTHg.exe

C:\Windows\System\AIumKpG.exe

C:\Windows\System\AIumKpG.exe

C:\Windows\System\gbzVSPG.exe

C:\Windows\System\gbzVSPG.exe

C:\Windows\System\HQKRsli.exe

C:\Windows\System\HQKRsli.exe

C:\Windows\System\WFFxQDe.exe

C:\Windows\System\WFFxQDe.exe

C:\Windows\System\PRoUPGi.exe

C:\Windows\System\PRoUPGi.exe

C:\Windows\System\kGbwTHx.exe

C:\Windows\System\kGbwTHx.exe

C:\Windows\System\imnDJmJ.exe

C:\Windows\System\imnDJmJ.exe

C:\Windows\System\haUpXPO.exe

C:\Windows\System\haUpXPO.exe

C:\Windows\System\xqMROZc.exe

C:\Windows\System\xqMROZc.exe

C:\Windows\System\LrZnDDP.exe

C:\Windows\System\LrZnDDP.exe

C:\Windows\System\TlTFOCe.exe

C:\Windows\System\TlTFOCe.exe

C:\Windows\System\mzqLocb.exe

C:\Windows\System\mzqLocb.exe

C:\Windows\System\gmkDHLw.exe

C:\Windows\System\gmkDHLw.exe

C:\Windows\System\gAJIrXU.exe

C:\Windows\System\gAJIrXU.exe

C:\Windows\System\OMSqzGJ.exe

C:\Windows\System\OMSqzGJ.exe

C:\Windows\System\xuSGWte.exe

C:\Windows\System\xuSGWte.exe

C:\Windows\System\JrJShfF.exe

C:\Windows\System\JrJShfF.exe

C:\Windows\System\Vcomges.exe

C:\Windows\System\Vcomges.exe

C:\Windows\System\ATNcOYS.exe

C:\Windows\System\ATNcOYS.exe

C:\Windows\System\WJbDoQw.exe

C:\Windows\System\WJbDoQw.exe

C:\Windows\System\BFtDmeu.exe

C:\Windows\System\BFtDmeu.exe

C:\Windows\System\omCTkCs.exe

C:\Windows\System\omCTkCs.exe

C:\Windows\System\gXDANkp.exe

C:\Windows\System\gXDANkp.exe

C:\Windows\System\DaEAlfN.exe

C:\Windows\System\DaEAlfN.exe

C:\Windows\System\cbSfmWH.exe

C:\Windows\System\cbSfmWH.exe

C:\Windows\System\Lnxjhrz.exe

C:\Windows\System\Lnxjhrz.exe

C:\Windows\System\MhFnxvC.exe

C:\Windows\System\MhFnxvC.exe

C:\Windows\System\YDaUBQx.exe

C:\Windows\System\YDaUBQx.exe

C:\Windows\System\RERrnbZ.exe

C:\Windows\System\RERrnbZ.exe

C:\Windows\System\wEsGEwm.exe

C:\Windows\System\wEsGEwm.exe

C:\Windows\System\moyBqbi.exe

C:\Windows\System\moyBqbi.exe

C:\Windows\System\CkIgEsW.exe

C:\Windows\System\CkIgEsW.exe

C:\Windows\System\aPoMPjN.exe

C:\Windows\System\aPoMPjN.exe

C:\Windows\System\oMlqdon.exe

C:\Windows\System\oMlqdon.exe

C:\Windows\System\vdaBoDr.exe

C:\Windows\System\vdaBoDr.exe

C:\Windows\System\bbktfSl.exe

C:\Windows\System\bbktfSl.exe

C:\Windows\System\glFPaMV.exe

C:\Windows\System\glFPaMV.exe

C:\Windows\System\QIyJAaF.exe

C:\Windows\System\QIyJAaF.exe

C:\Windows\System\HPttuVi.exe

C:\Windows\System\HPttuVi.exe

C:\Windows\System\saCCHsR.exe

C:\Windows\System\saCCHsR.exe

C:\Windows\System\iuDinQc.exe

C:\Windows\System\iuDinQc.exe

C:\Windows\System\VYUYGRE.exe

C:\Windows\System\VYUYGRE.exe

C:\Windows\System\sDwSfTR.exe

C:\Windows\System\sDwSfTR.exe

C:\Windows\System\MODZnrh.exe

C:\Windows\System\MODZnrh.exe

C:\Windows\System\qmqwdeY.exe

C:\Windows\System\qmqwdeY.exe

C:\Windows\System\msFnrVt.exe

C:\Windows\System\msFnrVt.exe

C:\Windows\System\FgVxALD.exe

C:\Windows\System\FgVxALD.exe

C:\Windows\System\NZsIcqv.exe

C:\Windows\System\NZsIcqv.exe

C:\Windows\System\bYifIvK.exe

C:\Windows\System\bYifIvK.exe

C:\Windows\System\ELBuXiD.exe

C:\Windows\System\ELBuXiD.exe

C:\Windows\System\ATjVbut.exe

C:\Windows\System\ATjVbut.exe

C:\Windows\System\RIhEtox.exe

C:\Windows\System\RIhEtox.exe

C:\Windows\System\ulqOuwb.exe

C:\Windows\System\ulqOuwb.exe

C:\Windows\System\zGPWudR.exe

C:\Windows\System\zGPWudR.exe

C:\Windows\System\MfrleXF.exe

C:\Windows\System\MfrleXF.exe

C:\Windows\System\mAFppCi.exe

C:\Windows\System\mAFppCi.exe

C:\Windows\System\pFDGEtd.exe

C:\Windows\System\pFDGEtd.exe

C:\Windows\System\fkKrrUy.exe

C:\Windows\System\fkKrrUy.exe

C:\Windows\System\kivmrIJ.exe

C:\Windows\System\kivmrIJ.exe

C:\Windows\System\cCgrMfX.exe

C:\Windows\System\cCgrMfX.exe

C:\Windows\System\QkJHdZK.exe

C:\Windows\System\QkJHdZK.exe

C:\Windows\System\eIKriql.exe

C:\Windows\System\eIKriql.exe

C:\Windows\System\NBsesni.exe

C:\Windows\System\NBsesni.exe

C:\Windows\System\iuIEDfq.exe

C:\Windows\System\iuIEDfq.exe

C:\Windows\System\rBfHSEX.exe

C:\Windows\System\rBfHSEX.exe

C:\Windows\System\vcaJBAC.exe

C:\Windows\System\vcaJBAC.exe

C:\Windows\System\QxrIoIs.exe

C:\Windows\System\QxrIoIs.exe

C:\Windows\System\fVpalKE.exe

C:\Windows\System\fVpalKE.exe

C:\Windows\System\YMcdPtQ.exe

C:\Windows\System\YMcdPtQ.exe

C:\Windows\System\cqjjMkA.exe

C:\Windows\System\cqjjMkA.exe

C:\Windows\System\fUVSwTR.exe

C:\Windows\System\fUVSwTR.exe

C:\Windows\System\yoSvHcI.exe

C:\Windows\System\yoSvHcI.exe

C:\Windows\System\TSJASCf.exe

C:\Windows\System\TSJASCf.exe

C:\Windows\System\sagEBPZ.exe

C:\Windows\System\sagEBPZ.exe

C:\Windows\System\UxPeNtS.exe

C:\Windows\System\UxPeNtS.exe

C:\Windows\System\mLJIthO.exe

C:\Windows\System\mLJIthO.exe

C:\Windows\System\qlfahTx.exe

C:\Windows\System\qlfahTx.exe

C:\Windows\System\dgGJHvz.exe

C:\Windows\System\dgGJHvz.exe

C:\Windows\System\wAcMMln.exe

C:\Windows\System\wAcMMln.exe

C:\Windows\System\qpyfWXV.exe

C:\Windows\System\qpyfWXV.exe

C:\Windows\System\YheIvMk.exe

C:\Windows\System\YheIvMk.exe

C:\Windows\System\xIweesO.exe

C:\Windows\System\xIweesO.exe

C:\Windows\System\sgxzaxx.exe

C:\Windows\System\sgxzaxx.exe

C:\Windows\System\HnYmYSV.exe

C:\Windows\System\HnYmYSV.exe

C:\Windows\System\syfGSkI.exe

C:\Windows\System\syfGSkI.exe

C:\Windows\System\xmQcRyX.exe

C:\Windows\System\xmQcRyX.exe

C:\Windows\System\SxBGaSw.exe

C:\Windows\System\SxBGaSw.exe

C:\Windows\System\NiveACi.exe

C:\Windows\System\NiveACi.exe

C:\Windows\System\gfJnXgo.exe

C:\Windows\System\gfJnXgo.exe

C:\Windows\System\hPCcWRW.exe

C:\Windows\System\hPCcWRW.exe

C:\Windows\System\sytpnEs.exe

C:\Windows\System\sytpnEs.exe

C:\Windows\System\PhcWQCK.exe

C:\Windows\System\PhcWQCK.exe

C:\Windows\System\kHpThUZ.exe

C:\Windows\System\kHpThUZ.exe

C:\Windows\System\vkAkBSD.exe

C:\Windows\System\vkAkBSD.exe

C:\Windows\System\lstEyUn.exe

C:\Windows\System\lstEyUn.exe

C:\Windows\System\gvHbDOA.exe

C:\Windows\System\gvHbDOA.exe

C:\Windows\System\SVLMZfc.exe

C:\Windows\System\SVLMZfc.exe

C:\Windows\System\FWHTzEC.exe

C:\Windows\System\FWHTzEC.exe

C:\Windows\System\QAiNESN.exe

C:\Windows\System\QAiNESN.exe

C:\Windows\System\rWYDcmr.exe

C:\Windows\System\rWYDcmr.exe

C:\Windows\System\XZnlteG.exe

C:\Windows\System\XZnlteG.exe

C:\Windows\System\QNcjvgi.exe

C:\Windows\System\QNcjvgi.exe

C:\Windows\System\avlxHNx.exe

C:\Windows\System\avlxHNx.exe

C:\Windows\System\ykcOvGA.exe

C:\Windows\System\ykcOvGA.exe

C:\Windows\System\PsPjvSs.exe

C:\Windows\System\PsPjvSs.exe

C:\Windows\System\fXgPhSJ.exe

C:\Windows\System\fXgPhSJ.exe

C:\Windows\System\yYuWVQE.exe

C:\Windows\System\yYuWVQE.exe

C:\Windows\System\QvQNOpf.exe

C:\Windows\System\QvQNOpf.exe

C:\Windows\System\wpKOMeG.exe

C:\Windows\System\wpKOMeG.exe

C:\Windows\System\eHCCSBm.exe

C:\Windows\System\eHCCSBm.exe

C:\Windows\System\DjiCaMq.exe

C:\Windows\System\DjiCaMq.exe

C:\Windows\System\kdeBbWh.exe

C:\Windows\System\kdeBbWh.exe

C:\Windows\System\jnhEAJs.exe

C:\Windows\System\jnhEAJs.exe

C:\Windows\System\eRcSQzR.exe

C:\Windows\System\eRcSQzR.exe

C:\Windows\System\DnbBcWs.exe

C:\Windows\System\DnbBcWs.exe

C:\Windows\System\NdqAVSP.exe

C:\Windows\System\NdqAVSP.exe

C:\Windows\System\vvrZxZB.exe

C:\Windows\System\vvrZxZB.exe

C:\Windows\System\VqjzJgn.exe

C:\Windows\System\VqjzJgn.exe

C:\Windows\System\oHUPuvj.exe

C:\Windows\System\oHUPuvj.exe

C:\Windows\System\RbguVlJ.exe

C:\Windows\System\RbguVlJ.exe

C:\Windows\System\pkeOtze.exe

C:\Windows\System\pkeOtze.exe

C:\Windows\System\tsjDGzK.exe

C:\Windows\System\tsjDGzK.exe

C:\Windows\System\xwwfvSm.exe

C:\Windows\System\xwwfvSm.exe

C:\Windows\System\sMQABLb.exe

C:\Windows\System\sMQABLb.exe

C:\Windows\System\UXyZrDQ.exe

C:\Windows\System\UXyZrDQ.exe

C:\Windows\System\MiyxSvD.exe

C:\Windows\System\MiyxSvD.exe

C:\Windows\System\QVHvhYZ.exe

C:\Windows\System\QVHvhYZ.exe

C:\Windows\System\dfegdon.exe

C:\Windows\System\dfegdon.exe

C:\Windows\System\sjAXqBZ.exe

C:\Windows\System\sjAXqBZ.exe

C:\Windows\System\TMPOKfQ.exe

C:\Windows\System\TMPOKfQ.exe

C:\Windows\System\MDDVHLX.exe

C:\Windows\System\MDDVHLX.exe

C:\Windows\System\pmNSKlD.exe

C:\Windows\System\pmNSKlD.exe

C:\Windows\System\lKdzseF.exe

C:\Windows\System\lKdzseF.exe

C:\Windows\System\pMmcBkI.exe

C:\Windows\System\pMmcBkI.exe

C:\Windows\System\otxSxeH.exe

C:\Windows\System\otxSxeH.exe

C:\Windows\System\bqNtMvY.exe

C:\Windows\System\bqNtMvY.exe

C:\Windows\System\bPEbybD.exe

C:\Windows\System\bPEbybD.exe

C:\Windows\System\JxcFJmf.exe

C:\Windows\System\JxcFJmf.exe

C:\Windows\System\WqOatzj.exe

C:\Windows\System\WqOatzj.exe

C:\Windows\System\DxMQRJH.exe

C:\Windows\System\DxMQRJH.exe

C:\Windows\System\hvsypop.exe

C:\Windows\System\hvsypop.exe

C:\Windows\System\QVnKmjc.exe

C:\Windows\System\QVnKmjc.exe

C:\Windows\System\enavLCg.exe

C:\Windows\System\enavLCg.exe

C:\Windows\System\jLrvwnG.exe

C:\Windows\System\jLrvwnG.exe

C:\Windows\System\YJykhrM.exe

C:\Windows\System\YJykhrM.exe

C:\Windows\System\oAxeFQU.exe

C:\Windows\System\oAxeFQU.exe

C:\Windows\System\mrsMrQd.exe

C:\Windows\System\mrsMrQd.exe

C:\Windows\System\HMofYUn.exe

C:\Windows\System\HMofYUn.exe

C:\Windows\System\jWPBAXq.exe

C:\Windows\System\jWPBAXq.exe

C:\Windows\System\QDUYGWY.exe

C:\Windows\System\QDUYGWY.exe

C:\Windows\System\rChtRxZ.exe

C:\Windows\System\rChtRxZ.exe

C:\Windows\System\gcPtRSz.exe

C:\Windows\System\gcPtRSz.exe

C:\Windows\System\XBUBcyt.exe

C:\Windows\System\XBUBcyt.exe

C:\Windows\System\vzruWIH.exe

C:\Windows\System\vzruWIH.exe

C:\Windows\System\GNImxQc.exe

C:\Windows\System\GNImxQc.exe

C:\Windows\System\gQiyTcx.exe

C:\Windows\System\gQiyTcx.exe

C:\Windows\System\bmTnMLd.exe

C:\Windows\System\bmTnMLd.exe

C:\Windows\System\FGoYdqJ.exe

C:\Windows\System\FGoYdqJ.exe

C:\Windows\System\FwMHNyA.exe

C:\Windows\System\FwMHNyA.exe

C:\Windows\System\dWkzMKg.exe

C:\Windows\System\dWkzMKg.exe

C:\Windows\System\gIVvGXo.exe

C:\Windows\System\gIVvGXo.exe

C:\Windows\System\XICoTOI.exe

C:\Windows\System\XICoTOI.exe

C:\Windows\System\mSaYXwp.exe

C:\Windows\System\mSaYXwp.exe

C:\Windows\System\JaPEdla.exe

C:\Windows\System\JaPEdla.exe

C:\Windows\System\qhzfBOX.exe

C:\Windows\System\qhzfBOX.exe

C:\Windows\System\fwljuTx.exe

C:\Windows\System\fwljuTx.exe

C:\Windows\System\KmvNrqv.exe

C:\Windows\System\KmvNrqv.exe

C:\Windows\System\ziLONWe.exe

C:\Windows\System\ziLONWe.exe

C:\Windows\System\esOjfLJ.exe

C:\Windows\System\esOjfLJ.exe

C:\Windows\System\seFTnFg.exe

C:\Windows\System\seFTnFg.exe

C:\Windows\System\WyOtfjU.exe

C:\Windows\System\WyOtfjU.exe

C:\Windows\System\XCwVYTO.exe

C:\Windows\System\XCwVYTO.exe

C:\Windows\System\nTnwqUw.exe

C:\Windows\System\nTnwqUw.exe

C:\Windows\System\kziceBz.exe

C:\Windows\System\kziceBz.exe

C:\Windows\System\RaJnyFY.exe

C:\Windows\System\RaJnyFY.exe

C:\Windows\System\DaVCFpr.exe

C:\Windows\System\DaVCFpr.exe

C:\Windows\System\grTMMnW.exe

C:\Windows\System\grTMMnW.exe

C:\Windows\System\TnLGHGC.exe

C:\Windows\System\TnLGHGC.exe

C:\Windows\System\VBtfUtZ.exe

C:\Windows\System\VBtfUtZ.exe

C:\Windows\System\IIKnJwF.exe

C:\Windows\System\IIKnJwF.exe

C:\Windows\System\MJthnTD.exe

C:\Windows\System\MJthnTD.exe

C:\Windows\System\hcRyYuW.exe

C:\Windows\System\hcRyYuW.exe

C:\Windows\System\raqmINI.exe

C:\Windows\System\raqmINI.exe

C:\Windows\System\TaNXTqn.exe

C:\Windows\System\TaNXTqn.exe

C:\Windows\System\rFomSNA.exe

C:\Windows\System\rFomSNA.exe

C:\Windows\System\IQZzjwh.exe

C:\Windows\System\IQZzjwh.exe

C:\Windows\System\soRfGkQ.exe

C:\Windows\System\soRfGkQ.exe

C:\Windows\System\SFUgeKV.exe

C:\Windows\System\SFUgeKV.exe

C:\Windows\System\LyAPofB.exe

C:\Windows\System\LyAPofB.exe

C:\Windows\System\FLVbLEZ.exe

C:\Windows\System\FLVbLEZ.exe

C:\Windows\System\LlbYxjn.exe

C:\Windows\System\LlbYxjn.exe

C:\Windows\System\AnCcdnn.exe

C:\Windows\System\AnCcdnn.exe

C:\Windows\System\ITURuXA.exe

C:\Windows\System\ITURuXA.exe

C:\Windows\System\qrogRse.exe

C:\Windows\System\qrogRse.exe

C:\Windows\System\yPydfSX.exe

C:\Windows\System\yPydfSX.exe

C:\Windows\System\TNANzgO.exe

C:\Windows\System\TNANzgO.exe

C:\Windows\System\yogWIpi.exe

C:\Windows\System\yogWIpi.exe

C:\Windows\System\prkQaox.exe

C:\Windows\System\prkQaox.exe

C:\Windows\System\CGVqICB.exe

C:\Windows\System\CGVqICB.exe

C:\Windows\System\pzVhLHw.exe

C:\Windows\System\pzVhLHw.exe

C:\Windows\System\heDoTcN.exe

C:\Windows\System\heDoTcN.exe

C:\Windows\System\brmQLeg.exe

C:\Windows\System\brmQLeg.exe

C:\Windows\System\fmhUFVa.exe

C:\Windows\System\fmhUFVa.exe

C:\Windows\System\rVhDmMd.exe

C:\Windows\System\rVhDmMd.exe

C:\Windows\System\bhBzTDL.exe

C:\Windows\System\bhBzTDL.exe

C:\Windows\System\GELJWfa.exe

C:\Windows\System\GELJWfa.exe

C:\Windows\System\UiFmQNQ.exe

C:\Windows\System\UiFmQNQ.exe

C:\Windows\System\BBUJhwH.exe

C:\Windows\System\BBUJhwH.exe

C:\Windows\System\LuWfDXG.exe

C:\Windows\System\LuWfDXG.exe

C:\Windows\System\ILaznJA.exe

C:\Windows\System\ILaznJA.exe

C:\Windows\System\TYWLkoz.exe

C:\Windows\System\TYWLkoz.exe

C:\Windows\System\lxAjMem.exe

C:\Windows\System\lxAjMem.exe

C:\Windows\System\LugJcwP.exe

C:\Windows\System\LugJcwP.exe

C:\Windows\System\xOwXHSN.exe

C:\Windows\System\xOwXHSN.exe

C:\Windows\System\gPlQbam.exe

C:\Windows\System\gPlQbam.exe

C:\Windows\System\nTEkAna.exe

C:\Windows\System\nTEkAna.exe

C:\Windows\System\oAeFhgQ.exe

C:\Windows\System\oAeFhgQ.exe

C:\Windows\System\OGCowNQ.exe

C:\Windows\System\OGCowNQ.exe

C:\Windows\System\vpGFzTM.exe

C:\Windows\System\vpGFzTM.exe

C:\Windows\System\PhMuSSl.exe

C:\Windows\System\PhMuSSl.exe

C:\Windows\System\jhmfqXL.exe

C:\Windows\System\jhmfqXL.exe

C:\Windows\System\BRiuCfg.exe

C:\Windows\System\BRiuCfg.exe

C:\Windows\System\IEtClmc.exe

C:\Windows\System\IEtClmc.exe

C:\Windows\System\CcmvHoI.exe

C:\Windows\System\CcmvHoI.exe

C:\Windows\System\wNXFBKK.exe

C:\Windows\System\wNXFBKK.exe

C:\Windows\System\oVmWNGy.exe

C:\Windows\System\oVmWNGy.exe

C:\Windows\System\vUwtXnZ.exe

C:\Windows\System\vUwtXnZ.exe

C:\Windows\System\ZQeoqoX.exe

C:\Windows\System\ZQeoqoX.exe

C:\Windows\System\hRsuUbC.exe

C:\Windows\System\hRsuUbC.exe

C:\Windows\System\QgQzxUM.exe

C:\Windows\System\QgQzxUM.exe

C:\Windows\System\pliNdKB.exe

C:\Windows\System\pliNdKB.exe

C:\Windows\System\xboYGbv.exe

C:\Windows\System\xboYGbv.exe

C:\Windows\System\UCkaMbr.exe

C:\Windows\System\UCkaMbr.exe

C:\Windows\System\lUTvOeO.exe

C:\Windows\System\lUTvOeO.exe

C:\Windows\System\TeKnZTt.exe

C:\Windows\System\TeKnZTt.exe

C:\Windows\System\vvDOvIK.exe

C:\Windows\System\vvDOvIK.exe

C:\Windows\System\xZSGZEE.exe

C:\Windows\System\xZSGZEE.exe

C:\Windows\System\UoVsGUB.exe

C:\Windows\System\UoVsGUB.exe

C:\Windows\System\QJJhMlC.exe

C:\Windows\System\QJJhMlC.exe

C:\Windows\System\HGhEohD.exe

C:\Windows\System\HGhEohD.exe

C:\Windows\System\kqgCsAy.exe

C:\Windows\System\kqgCsAy.exe

C:\Windows\System\JEnAzOq.exe

C:\Windows\System\JEnAzOq.exe

C:\Windows\System\IIukFAf.exe

C:\Windows\System\IIukFAf.exe

C:\Windows\System\RAhEBWp.exe

C:\Windows\System\RAhEBWp.exe

C:\Windows\System\uroVqTz.exe

C:\Windows\System\uroVqTz.exe

C:\Windows\System\fkHUnTR.exe

C:\Windows\System\fkHUnTR.exe

C:\Windows\System\XNGatdA.exe

C:\Windows\System\XNGatdA.exe

C:\Windows\System\SQnwDVk.exe

C:\Windows\System\SQnwDVk.exe

C:\Windows\System\ePtwAyD.exe

C:\Windows\System\ePtwAyD.exe

C:\Windows\System\aLFLFuv.exe

C:\Windows\System\aLFLFuv.exe

C:\Windows\System\iZldGCo.exe

C:\Windows\System\iZldGCo.exe

C:\Windows\System\OnajTqf.exe

C:\Windows\System\OnajTqf.exe

C:\Windows\System\nVoeLAV.exe

C:\Windows\System\nVoeLAV.exe

C:\Windows\System\gJrfTIF.exe

C:\Windows\System\gJrfTIF.exe

C:\Windows\System\PpteWsV.exe

C:\Windows\System\PpteWsV.exe

C:\Windows\System\obutPgu.exe

C:\Windows\System\obutPgu.exe

C:\Windows\System\ZhaTusk.exe

C:\Windows\System\ZhaTusk.exe

C:\Windows\System\mrzCbjX.exe

C:\Windows\System\mrzCbjX.exe

C:\Windows\System\KdQvvMc.exe

C:\Windows\System\KdQvvMc.exe

C:\Windows\System\SmNypLv.exe

C:\Windows\System\SmNypLv.exe

C:\Windows\System\vBnZylV.exe

C:\Windows\System\vBnZylV.exe

C:\Windows\System\zkNXnHH.exe

C:\Windows\System\zkNXnHH.exe

C:\Windows\System\IvDvRNi.exe

C:\Windows\System\IvDvRNi.exe

C:\Windows\System\HVVIxBj.exe

C:\Windows\System\HVVIxBj.exe

C:\Windows\System\anpMXIb.exe

C:\Windows\System\anpMXIb.exe

C:\Windows\System\gdoynfM.exe

C:\Windows\System\gdoynfM.exe

C:\Windows\System\Gquaxap.exe

C:\Windows\System\Gquaxap.exe

C:\Windows\System\UHJoMrE.exe

C:\Windows\System\UHJoMrE.exe

C:\Windows\System\uegAffZ.exe

C:\Windows\System\uegAffZ.exe

C:\Windows\System\RwOCiGh.exe

C:\Windows\System\RwOCiGh.exe

C:\Windows\System\fkSnPBP.exe

C:\Windows\System\fkSnPBP.exe

C:\Windows\System\unPnLzf.exe

C:\Windows\System\unPnLzf.exe

C:\Windows\System\IZUVFqo.exe

C:\Windows\System\IZUVFqo.exe

C:\Windows\System\TSJdzck.exe

C:\Windows\System\TSJdzck.exe

C:\Windows\System\JCjxBjh.exe

C:\Windows\System\JCjxBjh.exe

C:\Windows\System\YUGasYK.exe

C:\Windows\System\YUGasYK.exe

C:\Windows\System\uVpFTfL.exe

C:\Windows\System\uVpFTfL.exe

C:\Windows\System\YezAQhr.exe

C:\Windows\System\YezAQhr.exe

C:\Windows\System\iwzgvRi.exe

C:\Windows\System\iwzgvRi.exe

C:\Windows\System\pFiktTt.exe

C:\Windows\System\pFiktTt.exe

C:\Windows\System\jxeFTtT.exe

C:\Windows\System\jxeFTtT.exe

C:\Windows\System\AFuDscM.exe

C:\Windows\System\AFuDscM.exe

C:\Windows\System\ZLAvxba.exe

C:\Windows\System\ZLAvxba.exe

C:\Windows\System\MEIHtXn.exe

C:\Windows\System\MEIHtXn.exe

C:\Windows\System\uQWgaRB.exe

C:\Windows\System\uQWgaRB.exe

C:\Windows\System\mGoAPjU.exe

C:\Windows\System\mGoAPjU.exe

C:\Windows\System\PLrPkAH.exe

C:\Windows\System\PLrPkAH.exe

C:\Windows\System\AOpRUrW.exe

C:\Windows\System\AOpRUrW.exe

C:\Windows\System\Cbvmjhp.exe

C:\Windows\System\Cbvmjhp.exe

C:\Windows\System\KXLtVvq.exe

C:\Windows\System\KXLtVvq.exe

C:\Windows\System\ShOtLxT.exe

C:\Windows\System\ShOtLxT.exe

C:\Windows\System\sQDqkiU.exe

C:\Windows\System\sQDqkiU.exe

C:\Windows\System\VEOiNeR.exe

C:\Windows\System\VEOiNeR.exe

C:\Windows\System\nmrkoJZ.exe

C:\Windows\System\nmrkoJZ.exe

C:\Windows\System\tvaCyXJ.exe

C:\Windows\System\tvaCyXJ.exe

C:\Windows\System\TQtWMBz.exe

C:\Windows\System\TQtWMBz.exe

C:\Windows\System\jJmDUTG.exe

C:\Windows\System\jJmDUTG.exe

C:\Windows\System\bqygHIs.exe

C:\Windows\System\bqygHIs.exe

C:\Windows\System\HnpgTqT.exe

C:\Windows\System\HnpgTqT.exe

C:\Windows\System\KhVPDtw.exe

C:\Windows\System\KhVPDtw.exe

C:\Windows\System\QSZOqFU.exe

C:\Windows\System\QSZOqFU.exe

C:\Windows\System\rwkjWXh.exe

C:\Windows\System\rwkjWXh.exe

C:\Windows\System\CnejkBz.exe

C:\Windows\System\CnejkBz.exe

C:\Windows\System\LOSSaLf.exe

C:\Windows\System\LOSSaLf.exe

C:\Windows\System\uRonAZL.exe

C:\Windows\System\uRonAZL.exe

C:\Windows\System\nZlieEF.exe

C:\Windows\System\nZlieEF.exe

C:\Windows\System\qpPciby.exe

C:\Windows\System\qpPciby.exe

C:\Windows\System\jSLwqjG.exe

C:\Windows\System\jSLwqjG.exe

C:\Windows\System\fUwRnYT.exe

C:\Windows\System\fUwRnYT.exe

C:\Windows\System\oxromUO.exe

C:\Windows\System\oxromUO.exe

C:\Windows\System\GXWOkeX.exe

C:\Windows\System\GXWOkeX.exe

C:\Windows\System\xulOZtw.exe

C:\Windows\System\xulOZtw.exe

C:\Windows\System\ELlkdvo.exe

C:\Windows\System\ELlkdvo.exe

C:\Windows\System\JRpUqNt.exe

C:\Windows\System\JRpUqNt.exe

C:\Windows\System\BQbSzXY.exe

C:\Windows\System\BQbSzXY.exe

C:\Windows\System\ZyMkIln.exe

C:\Windows\System\ZyMkIln.exe

C:\Windows\System\GfBqoWA.exe

C:\Windows\System\GfBqoWA.exe

C:\Windows\System\hFYxsIO.exe

C:\Windows\System\hFYxsIO.exe

C:\Windows\System\mYntSGB.exe

C:\Windows\System\mYntSGB.exe

C:\Windows\System\zDcynGV.exe

C:\Windows\System\zDcynGV.exe

C:\Windows\System\YoMyiVl.exe

C:\Windows\System\YoMyiVl.exe

C:\Windows\System\KRvdmXb.exe

C:\Windows\System\KRvdmXb.exe

C:\Windows\System\osqhPBS.exe

C:\Windows\System\osqhPBS.exe

C:\Windows\System\HJaFCRS.exe

C:\Windows\System\HJaFCRS.exe

C:\Windows\System\BWwBGGr.exe

C:\Windows\System\BWwBGGr.exe

C:\Windows\System\bDGgcSG.exe

C:\Windows\System\bDGgcSG.exe

C:\Windows\System\dHtwYAS.exe

C:\Windows\System\dHtwYAS.exe

C:\Windows\System\pxUkgsB.exe

C:\Windows\System\pxUkgsB.exe

C:\Windows\System\sRKOXYD.exe

C:\Windows\System\sRKOXYD.exe

C:\Windows\System\aWsCmGz.exe

C:\Windows\System\aWsCmGz.exe

C:\Windows\System\jBHtRXe.exe

C:\Windows\System\jBHtRXe.exe

C:\Windows\System\geJcxSw.exe

C:\Windows\System\geJcxSw.exe

C:\Windows\System\BIUZGqC.exe

C:\Windows\System\BIUZGqC.exe

C:\Windows\System\KuEWBtF.exe

C:\Windows\System\KuEWBtF.exe

C:\Windows\System\perTAbl.exe

C:\Windows\System\perTAbl.exe

C:\Windows\System\MVDxAvq.exe

C:\Windows\System\MVDxAvq.exe

C:\Windows\System\XKitItH.exe

C:\Windows\System\XKitItH.exe

C:\Windows\System\LJaPtVz.exe

C:\Windows\System\LJaPtVz.exe

C:\Windows\System\aejuBKF.exe

C:\Windows\System\aejuBKF.exe

C:\Windows\System\SJYfVRU.exe

C:\Windows\System\SJYfVRU.exe

C:\Windows\System\pAUqfXC.exe

C:\Windows\System\pAUqfXC.exe

C:\Windows\System\iAKUVQf.exe

C:\Windows\System\iAKUVQf.exe

C:\Windows\System\EYCkANd.exe

C:\Windows\System\EYCkANd.exe

C:\Windows\System\svRscEG.exe

C:\Windows\System\svRscEG.exe

C:\Windows\System\osunsyg.exe

C:\Windows\System\osunsyg.exe

C:\Windows\System\DAnnStv.exe

C:\Windows\System\DAnnStv.exe

C:\Windows\System\qTkbvSd.exe

C:\Windows\System\qTkbvSd.exe

C:\Windows\System\wtPQsbJ.exe

C:\Windows\System\wtPQsbJ.exe

C:\Windows\System\WqrCUEu.exe

C:\Windows\System\WqrCUEu.exe

C:\Windows\System\axJPITu.exe

C:\Windows\System\axJPITu.exe

C:\Windows\System\vOxwZLt.exe

C:\Windows\System\vOxwZLt.exe

C:\Windows\System\SvmarUE.exe

C:\Windows\System\SvmarUE.exe

C:\Windows\System\nPvFBsY.exe

C:\Windows\System\nPvFBsY.exe

C:\Windows\System\MzSkMCN.exe

C:\Windows\System\MzSkMCN.exe

C:\Windows\System\bfDjDGG.exe

C:\Windows\System\bfDjDGG.exe

C:\Windows\System\wdDnNkT.exe

C:\Windows\System\wdDnNkT.exe

C:\Windows\System\APJeAWj.exe

C:\Windows\System\APJeAWj.exe

C:\Windows\System\MaFxbab.exe

C:\Windows\System\MaFxbab.exe

C:\Windows\System\ZiYwcZp.exe

C:\Windows\System\ZiYwcZp.exe

C:\Windows\System\dJkcROf.exe

C:\Windows\System\dJkcROf.exe

C:\Windows\System\ACeqRPu.exe

C:\Windows\System\ACeqRPu.exe

C:\Windows\System\RzGiDot.exe

C:\Windows\System\RzGiDot.exe

C:\Windows\System\qmnDRlW.exe

C:\Windows\System\qmnDRlW.exe

C:\Windows\System\bReaSiK.exe

C:\Windows\System\bReaSiK.exe

C:\Windows\System\rLeCuIO.exe

C:\Windows\System\rLeCuIO.exe

C:\Windows\System\zNqUFWu.exe

C:\Windows\System\zNqUFWu.exe

C:\Windows\System\JtUyyoC.exe

C:\Windows\System\JtUyyoC.exe

C:\Windows\System\iRFlmGp.exe

C:\Windows\System\iRFlmGp.exe

C:\Windows\System\aPXzkhl.exe

C:\Windows\System\aPXzkhl.exe

C:\Windows\System\RaYgjDU.exe

C:\Windows\System\RaYgjDU.exe

C:\Windows\System\xwzKTuK.exe

C:\Windows\System\xwzKTuK.exe

C:\Windows\System\IyMfOIo.exe

C:\Windows\System\IyMfOIo.exe

C:\Windows\System\FgVnzTW.exe

C:\Windows\System\FgVnzTW.exe

C:\Windows\System\CYXfVlo.exe

C:\Windows\System\CYXfVlo.exe

C:\Windows\System\GZELVVe.exe

C:\Windows\System\GZELVVe.exe

C:\Windows\System\wHlxRrj.exe

C:\Windows\System\wHlxRrj.exe

C:\Windows\System\kgVQDAt.exe

C:\Windows\System\kgVQDAt.exe

C:\Windows\System\vgDmdbZ.exe

C:\Windows\System\vgDmdbZ.exe

C:\Windows\System\rdBKLfJ.exe

C:\Windows\System\rdBKLfJ.exe

C:\Windows\System\pXZktbs.exe

C:\Windows\System\pXZktbs.exe

C:\Windows\System\OFuujfn.exe

C:\Windows\System\OFuujfn.exe

C:\Windows\System\YyJeZbo.exe

C:\Windows\System\YyJeZbo.exe

C:\Windows\System\SmiQYyJ.exe

C:\Windows\System\SmiQYyJ.exe

C:\Windows\System\farApRi.exe

C:\Windows\System\farApRi.exe

C:\Windows\System\exJJTxf.exe

C:\Windows\System\exJJTxf.exe

C:\Windows\System\ioUZwly.exe

C:\Windows\System\ioUZwly.exe

C:\Windows\System\QVqIXHZ.exe

C:\Windows\System\QVqIXHZ.exe

C:\Windows\System\nJWAMHh.exe

C:\Windows\System\nJWAMHh.exe

C:\Windows\System\jitdMeN.exe

C:\Windows\System\jitdMeN.exe

C:\Windows\System\lfREhNK.exe

C:\Windows\System\lfREhNK.exe

C:\Windows\System\PXleFKe.exe

C:\Windows\System\PXleFKe.exe

C:\Windows\System\DebpeOu.exe

C:\Windows\System\DebpeOu.exe

C:\Windows\System\JZqPkID.exe

C:\Windows\System\JZqPkID.exe

C:\Windows\System\ogduejN.exe

C:\Windows\System\ogduejN.exe

C:\Windows\System\OQTgKQw.exe

C:\Windows\System\OQTgKQw.exe

C:\Windows\System\iOIeqJd.exe

C:\Windows\System\iOIeqJd.exe

C:\Windows\System\HgZMipr.exe

C:\Windows\System\HgZMipr.exe

C:\Windows\System\SCxJdDa.exe

C:\Windows\System\SCxJdDa.exe

C:\Windows\System\QQKJHOr.exe

C:\Windows\System\QQKJHOr.exe

C:\Windows\System\KCwRXWU.exe

C:\Windows\System\KCwRXWU.exe

C:\Windows\System\EYLpqrc.exe

C:\Windows\System\EYLpqrc.exe

C:\Windows\System\zsjmtPF.exe

C:\Windows\System\zsjmtPF.exe

C:\Windows\System\UPKufMl.exe

C:\Windows\System\UPKufMl.exe

C:\Windows\System\mgZbVFK.exe

C:\Windows\System\mgZbVFK.exe

C:\Windows\System\FKYoucx.exe

C:\Windows\System\FKYoucx.exe

C:\Windows\System\NsXCKDb.exe

C:\Windows\System\NsXCKDb.exe

C:\Windows\System\mbaGYzn.exe

C:\Windows\System\mbaGYzn.exe

C:\Windows\System\jgWRpqT.exe

C:\Windows\System\jgWRpqT.exe

C:\Windows\System\jcdnmqK.exe

C:\Windows\System\jcdnmqK.exe

C:\Windows\System\WqBzSfR.exe

C:\Windows\System\WqBzSfR.exe

C:\Windows\System\xsbiWod.exe

C:\Windows\System\xsbiWod.exe

C:\Windows\System\tHKDcQA.exe

C:\Windows\System\tHKDcQA.exe

C:\Windows\System\mUaJQmK.exe

C:\Windows\System\mUaJQmK.exe

C:\Windows\System\FRhWhWE.exe

C:\Windows\System\FRhWhWE.exe

C:\Windows\System\GtpdHUW.exe

C:\Windows\System\GtpdHUW.exe

C:\Windows\System\oQbJIGt.exe

C:\Windows\System\oQbJIGt.exe

C:\Windows\System\KJVurKp.exe

C:\Windows\System\KJVurKp.exe

C:\Windows\System\aMxEBPc.exe

C:\Windows\System\aMxEBPc.exe

C:\Windows\System\mnLUfzi.exe

C:\Windows\System\mnLUfzi.exe

C:\Windows\System\fUzHTRD.exe

C:\Windows\System\fUzHTRD.exe

C:\Windows\System\IFBTpoQ.exe

C:\Windows\System\IFBTpoQ.exe

C:\Windows\System\nvGoWXG.exe

C:\Windows\System\nvGoWXG.exe

C:\Windows\System\NjqqUqU.exe

C:\Windows\System\NjqqUqU.exe

C:\Windows\System\zhAIgcp.exe

C:\Windows\System\zhAIgcp.exe

C:\Windows\System\wBWYhzf.exe

C:\Windows\System\wBWYhzf.exe

C:\Windows\System\fgwYoec.exe

C:\Windows\System\fgwYoec.exe

C:\Windows\System\OPJQHbi.exe

C:\Windows\System\OPJQHbi.exe

C:\Windows\System\GySAlKC.exe

C:\Windows\System\GySAlKC.exe

C:\Windows\System\qMzevRc.exe

C:\Windows\System\qMzevRc.exe

C:\Windows\System\mLqRCUD.exe

C:\Windows\System\mLqRCUD.exe

C:\Windows\System\LOQiTgR.exe

C:\Windows\System\LOQiTgR.exe

C:\Windows\System\OsVwQPr.exe

C:\Windows\System\OsVwQPr.exe

C:\Windows\System\Milupiw.exe

C:\Windows\System\Milupiw.exe

C:\Windows\System\bCLDyop.exe

C:\Windows\System\bCLDyop.exe

C:\Windows\System\jkGvYgz.exe

C:\Windows\System\jkGvYgz.exe

C:\Windows\System\XDtUvUX.exe

C:\Windows\System\XDtUvUX.exe

C:\Windows\System\rBgFEHT.exe

C:\Windows\System\rBgFEHT.exe

C:\Windows\System\ncWJImI.exe

C:\Windows\System\ncWJImI.exe

C:\Windows\System\WPOcoqT.exe

C:\Windows\System\WPOcoqT.exe

C:\Windows\System\vtWcASS.exe

C:\Windows\System\vtWcASS.exe

C:\Windows\System\OLfapoD.exe

C:\Windows\System\OLfapoD.exe

C:\Windows\System\qulpXyp.exe

C:\Windows\System\qulpXyp.exe

C:\Windows\System\bPGYTIw.exe

C:\Windows\System\bPGYTIw.exe

C:\Windows\System\AyFmLpW.exe

C:\Windows\System\AyFmLpW.exe

C:\Windows\System\uCtvcVA.exe

C:\Windows\System\uCtvcVA.exe

C:\Windows\System\pNtCyLz.exe

C:\Windows\System\pNtCyLz.exe

C:\Windows\System\FBrcYUU.exe

C:\Windows\System\FBrcYUU.exe

C:\Windows\System\bdTnpnq.exe

C:\Windows\System\bdTnpnq.exe

Network

N/A

Files

memory/2040-2-0x000000013FF30000-0x0000000140284000-memory.dmp

memory/2040-0-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\jPsAvFE.exe

MD5 203e658b2e6a6e090ed12ae7757ca491
SHA1 19b3d9d84e5a58adb90e80ef6085b44232b40442
SHA256 bb470e0c867a98ce6591eb56a71eb7f40f755efa8ff0b1db045db6c91fed4648
SHA512 f0df9db1cfd588cec8dc7fcf28b37ecdbe5f0c34add5311960e3f1c5be96bf108f9fbc8ea4d8fe66a0b462956ad0909131508c3eddccb5c9d70dbb91cab6512a

C:\Windows\system\RhOfXnN.exe

MD5 87a821a0b2db586e7b20ad84fcfa480d
SHA1 cff1e60a5b8e630fb7d84fc24b617f2fead42adc
SHA256 4523e19af421c4dcfd5e0698b98a4d9c93321c4a87e60b214e20ca1b7c403f33
SHA512 0d47912ef02d90861724beb58a0832cc541994e65d34645c5400abe5ae290f6ee5cb02e98c2939d7beb4934decbb8a15329775febab2babad19a41d161bad77f

\Windows\system\LSKMEqq.exe

MD5 79d61ee85e9b4f4c1679c341c889fa8f
SHA1 b8f9d5f97d284eb987e454b6f89781cec9ce0507
SHA256 3e1e5634a13b4a99628a40f5aa3e2800c947328d697ab0555e433767627b962f
SHA512 50688a8100ae43f718edd14308a9e4aa27c841e1b1f07806df2840754a3e26e8be249523642f5ec958e29ebd9962964fac4b257eac60fc7b05ef72cd9b7c1ca2

memory/2108-29-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2040-34-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2040-37-0x000000013F280000-0x000000013F5D4000-memory.dmp

C:\Windows\system\xBYvTJb.exe

MD5 7eb77eaaad90b953e727b6dba48ad9bb
SHA1 70d068dd1507de366dba7b8d24f764efafecf16b
SHA256 86ab2d3c82e06433f0b3f3279c80ec9b1e1905f1216e272d1ce38953c878dbdd
SHA512 9e0164ea719491bc38844c3ea88bedecb2e1e13b2bd6b09a51160ffb523b5d9c20de1533373492a88b28f12c0e9b632ac8ae5753ec49532e9869f49d524276bc

memory/2016-41-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2240-42-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2864-49-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/1992-57-0x000000013F700000-0x000000013FA54000-memory.dmp

C:\Windows\system\ugjLyvH.exe

MD5 b099c11ce3ced0e450942130c33f474c
SHA1 5df1fd9c5dee78929d94b1dc97187f96e979c562
SHA256 d11bb1a24c866e7ab8d970540cfa33e8eda46274bfc945de258979c0842b14dc
SHA512 42159c009b33949a93c1442eca297989df06b8f76ae3adad5a4c29457073ffe8b2d560fc25c576a07aeb8525adeec35146198f3984483aa034bcc1b00725bb98

C:\Windows\system\AQHefYq.exe

MD5 94a27b57ff4fc38da11edaf88f2c2d93
SHA1 bbcec381bb06af93f16cdb8ff41f337fb0a81564
SHA256 de9c9099a52293be0df5673fbdbedbade29a969630253de25e043562919dfd47
SHA512 e2ae0925bb8f6eb0c48524118015be61cbbc39722db5d9f9111040bc168710139fb4e9aa9c71952937234dc3118c9ea9eda67a1c3002add0e70added046673d3

memory/2496-83-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2624-92-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

C:\Windows\system\XJglUee.exe

MD5 1fa880acadd9637d1d0db3e821347221
SHA1 9652b20e60d426662ebb18deca2e231f9de849e2
SHA256 a5d484ac7d9197a04d6e06646b46d998746e9872a813346c7b97e1a79eaea13f
SHA512 af593c1b055facf37bdb3d4f45948286436d7f1a27fe73208d9da5e8e2814ef6c5eecb4cd4e54882d3066b5e858c12662c18c2b9b7d3a7156023aa32a1181e8f

C:\Windows\system\zjXkQDn.exe

MD5 8e4122f69daf2a8f24c0090c4a538cfe
SHA1 9601cc7ea46f472db7fe8cf0c78987743e6c3b87
SHA256 d8a7b7d3bbefc9ece42a619ad6e5c5baeb02f01e1185facb234341a9f3576e91
SHA512 1a8c35173f0f87e801c8991be4c814395746f116bae81c59504ea37a106d8a13af945819fcce0e2a410c3f65bd3218ac0d641f296b7639f0f555a8fed3108718

memory/2800-931-0x000000013FB90000-0x000000013FEE4000-memory.dmp

memory/1992-596-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/2864-389-0x000000013FC50000-0x000000013FFA4000-memory.dmp

C:\Windows\system\drWJAxP.exe

MD5 8ff6d097f489e5c4fa7249ec1e53a1e4
SHA1 6bd6e198ba0c078961a45c854de2996c84e147ac
SHA256 4ac1eb8e020e72bb87c3f1b4daec262a77c0336506cf7c30afce22fc531ebe53
SHA512 10c00c4d3822d1d7f86fb66ca53941cb445058d62ec5acd33dd5f5f2dc37fa7ce88c9703bb6d95f94d82379065d71751baae0babcd952e8299d91579f0687695

C:\Windows\system\RVZSMrf.exe

MD5 17ec11f0e5176ca48602e141f88e9d29
SHA1 3c9df94a26886b87f582efb35b55a31d4e96a958
SHA256 cc128e62504704727ced52c6bf9f00d3faf497e776058b86d789b5bc89cc1f7f
SHA512 5122d12c12b468bc5d59e1f4d47c2a71db1a04532ae9de04a8a22b5f20499b213b7cc963e898c75e04293e05ba85e2ccdbc89cb051f22dd2015bc31d31e38c2f

C:\Windows\system\lgMoDvw.exe

MD5 64e5e8f7230fd0f5907e5c7dfb177a38
SHA1 59797c3f443f54624eea93cc8229c9c336e198f8
SHA256 656c0a667634ef29a2f9befae179600fa3d079fa8a7f8eac0a66b3de827cc59f
SHA512 90af25eeeeac2b2b233cab52b45adc6974f11881da831d14d40c56fed822af77b3a9640f43370517e7df53b90ed6bf4bccc09eae46c6965be62709896a45da45

C:\Windows\system\MBpUaJQ.exe

MD5 d7dc1355701932321a4c06f36f8a2e55
SHA1 7376f19fbc39fe2825526d13598d161386d5a960
SHA256 604325b1dfa6be91c779b04ce5e46c3a7936f070874d08a84422068103651ce5
SHA512 87e32ee16da89103e88bbccf86bf9121ab75a01d60a9ea4ff39624f8020a5ba6acb21a6b34a3359328392cc654f6f0df5aa52abcf075c373a370372fa953c452

C:\Windows\system\QmhVmKD.exe

MD5 755267e8018fe4c81c15760755218c46
SHA1 daee5145d3a8173ad98186216e132a524a40991f
SHA256 acfa2ce74bee324d5339d1f6562ea54dd26b1bfa82e09242a3d8226b05686202
SHA512 408c23ece13ae21dc09d0635e0ebea17e566981650d374ce2014a63b0fbe8ec910456e96229681babefbb0e8fe386faca4a14f2c200a6d427302e788dad773b9

C:\Windows\system\eXoVafz.exe

MD5 95659b0c4d02bdd4f0dbdfb025ead573
SHA1 4e2eb78742196f22cece2551ef60c9af3cf856ba
SHA256 15b880c78311057ef741a1dd1df86e467658db16e98fde4553d8d97462cd0469
SHA512 2ff529731c25f9f3b5e189f471a928ff7291ac7b297093161ba432d1201b04e3e30ea3775252019c97574768a3f3eafb7a8c1e679e9ab12cd08a93b713dd0524

C:\Windows\system\hSzHfZn.exe

MD5 505991de7fabf514eab1e62d6c2c2a2f
SHA1 c759e77a724ed33062a2676285ef2317d5a4a5c5
SHA256 485d224851d3cc3ac64ddafed2cc8db2834b79f7c5a0552f939ce4e7f4e97e82
SHA512 eeef5ab09b3b5ba1a57e078249cc0612713f2aab31f04fd0b57376c356f41fe137a52d3afc8fc7f0e7ef488c231b8b3ed739dd6a9ab0bd66601ba355802b4164

C:\Windows\system\fwxmqvv.exe

MD5 6081fa9ec0d86713da76a41e837be09d
SHA1 347efff5439109034aafe813520608f37e8f2f96
SHA256 9853bdb80bc7431c2e9822194038759d69259bec89f369c479e03239ec024a83
SHA512 947cd9c38dbe3026dd4f7e624e69caf90c161f6b89a9965aba5c0a99e2d00c6e9a6abaa28eecc0551b387023c2951d01cb73b277e2c3e52d1b6cf06cdf9b245b

C:\Windows\system\DMxDVKr.exe

MD5 b8c871fd170b87eb20e6de11ea7070ea
SHA1 e6b4d58b453bd42c384378986206685c7438016f
SHA256 fe5706e569dedb48a1fd09a5be897df44d3781ff729b1e167d53c0302121b1a2
SHA512 181fe6ccc0ae62acf1afa7728ada7e4655754877a04b1b6a9edb7b9ff78b48b8a21cb0a763c7ce46a4674ce3c914c099f0bee9d9088fbd294dd3750912d1968c

C:\Windows\system\CXfNdqs.exe

MD5 4bfba8bb0753dac265914e2165d6f0a1
SHA1 7df90b99cf34f3bfc5438198d83af661354d0caa
SHA256 909d69282d06539d17f0a958e442b53de9ebbc8ebcad4b1aba2e7d218e6e8072
SHA512 2669ad2bbdee5bfbc44f08c9d7d55c127be76887d83f165c700dd7dabe1ef289e9081339a3cfef0c901ebdfc58062fc55966799aa50afe992239a58d8bf95a3b

C:\Windows\system\XrTSMsY.exe

MD5 be94edde017e95c73d2206bda8b76886
SHA1 a54d213e41d9b418d1483ad3561d525899a035ad
SHA256 4a908e0f792a81ce240bad06ed34ad62bf9ad220bdd8dd0cff1b0bdc32a1cb87
SHA512 5548a20fcbf3638e3983c4f8049779c346abf56497eaf53a766fe2b777d3bf4dbabe350f431cb2b3e1f6b2a7af9e05ffc4d5cd36dd02573f488ba2cf6ed1d3db

C:\Windows\system\rhPRaJe.exe

MD5 1fb1abdc974e09ea88376e258f2970a7
SHA1 8a77b4ba8fd9f14491b91f5cfb3330c0fbdc3c66
SHA256 33e10ce8f9322eec3255a8a01193faa4844f4f419f620eed8023e944121b6532
SHA512 fcb5bb20518d45db01937c1be0a3e337a37b4e869c86057bd841d348a4c00ffab589c7c5b16a169ffbf7d4397cac71db4e0e1ab6f5421e28768184e7a4069c9e

C:\Windows\system\ZccnFIu.exe

MD5 d7b3f3d7de52a7dceb8347d72d4a0c0b
SHA1 15041150e15441f9ac89a3df695e552011c20728
SHA256 930b240553f997e2c194deb4f82907d9c75e3e9de8df0093c028fcfd704728f3
SHA512 67588632cfc76ffd70cf9001d6f30424cbfae1c1f821b626d8cc8d9845bf00a988c3e1be15417c1973c0da7fbc92e75abbb29bf6770cc51f87ae10e3c15ffadc

C:\Windows\system\sQiFXYJ.exe

MD5 d2a3f0b5532f80e5f4d0f7c868f35fd1
SHA1 1354bc6d02b1bd4eb45443d088a90b5b55dbd38a
SHA256 a488a83cca6b8d720ec01c1efd6c5b256e91172c719695f3b77dd8e7e45e5cf1
SHA512 2506dbe27e3bcaa5a3aad12d79909d8eebe9277dbf8ec47ae3f1447edc12ab517127fb7ca629162541ecce3d8d41f49eed47282eac165b2b58c419363e4dc0e2

C:\Windows\system\TZLDTFi.exe

MD5 5069fdc73793c6b31d4e79f2ad14995b
SHA1 51f32db07b194d5acea8d0c2597bc595513fed9d
SHA256 77c7b17b529e1cb816ad2bc062e78232a75b233a2843b420bf03dc4f84bb4371
SHA512 dbbabd8e2d95951986bf9e308e00b79359198ad47c5066a2f9316cc6b7d5697c37f31debfcc29652f435d04da0be35c1c09c12ad0c0a88617ef5015c06df1e57

memory/2040-106-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2240-105-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2016-104-0x000000013F150000-0x000000013F4A4000-memory.dmp

C:\Windows\system\MCyCods.exe

MD5 5ca20947d3cdc17943037b30edaaf5f4
SHA1 d13c37ef89a86f2ff47b915ef02fc7c5e20fe1a1
SHA256 751f3c5ce7758e8b1da4c594aa182d1221adc15ad231394fb3130cf3a007ec71
SHA512 3364fed11daabd5b462b7e7b9a51a39e53ac6aa2f18bb2ae61c5ac4d5654c64b4d8e870ec461e330a1a4114371c1829c6f8969112a3f9ae5bd4788bb109150a0

memory/2464-99-0x000000013FC80000-0x000000013FFD4000-memory.dmp

C:\Windows\system\eonCIGG.exe

MD5 7cbf34d0ff8e349f3d07742783d5c451
SHA1 d2f777c1f93816ac6514ff0adf50c642c7967778
SHA256 9dcc19f3d2521007ac9b927a7c81c1472abc3909abcd2d4ea5ed6306ad51371e
SHA512 d5610bedeaa1934109ef4cbe22b9fa50c3fe5c3bb6952d88e33551ff199bf9154074bf693405455bd2b7679c2e115bbe77a857fc782d9c3b279760c9d9747ff7

memory/2040-94-0x0000000001EA0000-0x00000000021F4000-memory.dmp

memory/2040-91-0x000000013FF30000-0x0000000140284000-memory.dmp

C:\Windows\system\nEDmega.exe

MD5 cb4f2cd8b8772131daf5e02548b37328
SHA1 8e78a1aba85e19b3a628052c5aec436fb02ddc40
SHA256 69757a84038f66b1057c687539d446ca3d15a47a043a3ec8e4fd2108b25b15cf
SHA512 d25acfe59f11231dcb82644abfd18cf8713a8de50c683cf012dacc2a0f31dbe16a9327988585eb3a5edceba190c8354c7ded7881fd37d559ae0645bf4919e0ba

memory/2040-82-0x000000013F1C0000-0x000000013F514000-memory.dmp

C:\Windows\system\NtHPdfw.exe

MD5 92c0869d9125d15de377f66acc49c352
SHA1 f9e04f530b71c6db92ce87e02c67c98d5a12e806
SHA256 a746848b8856725f728b3f11a6229b3561f0ccf73d11ec2300fca319c274099a
SHA512 ad0781285449b0aa44451a734e05ccc666e022af06421c54b48b4b4179d345aac174ddc14fd17b55b8280ff0663a57e06036571b0a1820a5ea194383e6c7a4ba

memory/2676-77-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2040-76-0x0000000001EA0000-0x00000000021F4000-memory.dmp

memory/2532-71-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2040-70-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2800-63-0x000000013FB90000-0x000000013FEE4000-memory.dmp

C:\Windows\system\CaaMRqQ.exe

MD5 29cf7da2fde5d35701514d8947fa71aa
SHA1 5ba8881b39b0adf69a586289f7c7b3c47be1db0b
SHA256 adbef4ba60938d04df6bcd8a67a20373062aa6b38dcbd50cf5d058f864a851e6
SHA512 1a701014c2c21725460abca43be9e1af06a7086628e9d30920199715db527636c818797459cbcdac8931006417e085691aeee990684a5b47cc6b708c1a0ca0ca

memory/2040-56-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/2040-48-0x0000000001EA0000-0x00000000021F4000-memory.dmp

C:\Windows\system\vvAQoGb.exe

MD5 204f44b141733a15d4c2e650e578c9c6
SHA1 634975df13368e01a6ead4055d0274ca514c901b
SHA256 314f2426ded0ce2a1bc1d5ead18b1e65eb6a405c940b72f5954b7f41e2e44c58
SHA512 d6f7b0db44742b143f2760990e6da7c210bd1d00906034616df9c8466c7d6420da4aad30b91d8e9bd3f31d3157d068fc8e2c2a3f54cfbc2af0c8324a8828688b

C:\Windows\system\yMZdfTb.exe

MD5 f8b011828a287725244b2fc8ec73ee55
SHA1 3acf348bef33d4bbb56b657631cfde87e3f891ba
SHA256 dce9adb9d087dfd91c43b673ec3fff807418a9e2301ebc473c6246d93d5ab359
SHA512 080fcf8204240199490f87765e27b7f30e10ef0a9597a9df96a7f0d525ac1f6cb637e2c525266e76c0c424aa9265a7082e10ca0872e5e45b6eaf7bbd735d9e26

memory/2200-23-0x000000013F2E0000-0x000000013F634000-memory.dmp

\Windows\system\uiFdxle.exe

MD5 7bc17215672fd526b130ea4b67d335e4
SHA1 51817369282eb196a7b3366c643aa8ef9a1a52c2
SHA256 9ad8b7e0fbcb70deacdc331174fb10efc37333645a1f3598d0168088d1b2ac44
SHA512 3048f9a7235b5858ff7e9f093e49e778f25f7f39292c56f39f484f50d90dad5003c72176f25afdc34dbce45d27bc0f2e90b93f1f20b0f88ca20c03c8b7f5be5f

memory/1660-38-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2040-36-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2128-35-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2040-33-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2040-31-0x000000013F150000-0x000000013F4A4000-memory.dmp

C:\Windows\system\ElGVovh.exe

MD5 e34ec8a24edb8c3e9e4d25950808d958
SHA1 0bb25877aba1bff861c26cce0212e1b9bc93f840
SHA256 39d0ec83acb59b757b31892367d82248730f698191e4090945d681b9ce2fdc18
SHA512 7054af95a40a5135ac89438f75fd6ab708e906b114392b7296e46736e6c5604ae1d49c47277327980cdeaa55d7d449665fd2c714556829e8a91ed9ce6748be61

memory/2040-12-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2040-1880-0x0000000001EA0000-0x00000000021F4000-memory.dmp

memory/2676-1881-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2496-2374-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2040-2682-0x0000000001EA0000-0x00000000021F4000-memory.dmp

memory/2040-2944-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2108-4029-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/1660-4030-0x000000013F280000-0x000000013F5D4000-memory.dmp

memory/2128-4031-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2240-4032-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2864-4033-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/1992-4035-0x000000013F700000-0x000000013FA54000-memory.dmp

memory/2016-4034-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2800-4036-0x000000013FB90000-0x000000013FEE4000-memory.dmp

memory/2532-4037-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2464-4038-0x000000013FC80000-0x000000013FFD4000-memory.dmp

memory/2496-4039-0x000000013F1C0000-0x000000013F514000-memory.dmp

memory/2676-4040-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2624-4041-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 20:58

Reported

2024-05-22 21:00

Platform

win10v2004-20240508-en

Max time kernel

66s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mrMnOfw.exe N/A
N/A N/A C:\Windows\System\dQIfZWC.exe N/A
N/A N/A C:\Windows\System\VZpIGwh.exe N/A
N/A N/A C:\Windows\System\tSoeZSb.exe N/A
N/A N/A C:\Windows\System\NcVqpje.exe N/A
N/A N/A C:\Windows\System\HvlJKdt.exe N/A
N/A N/A C:\Windows\System\HpWOXIk.exe N/A
N/A N/A C:\Windows\System\OKlUlRx.exe N/A
N/A N/A C:\Windows\System\EKabxIS.exe N/A
N/A N/A C:\Windows\System\GHAczAk.exe N/A
N/A N/A C:\Windows\System\WknDaTk.exe N/A
N/A N/A C:\Windows\System\NTDFROn.exe N/A
N/A N/A C:\Windows\System\uNbyylM.exe N/A
N/A N/A C:\Windows\System\yutgOlc.exe N/A
N/A N/A C:\Windows\System\Lajzrrc.exe N/A
N/A N/A C:\Windows\System\cxrHagk.exe N/A
N/A N/A C:\Windows\System\JRootCo.exe N/A
N/A N/A C:\Windows\System\UFDlcDj.exe N/A
N/A N/A C:\Windows\System\TCUAEbL.exe N/A
N/A N/A C:\Windows\System\GRxuXGb.exe N/A
N/A N/A C:\Windows\System\akbpTDp.exe N/A
N/A N/A C:\Windows\System\sJufnjl.exe N/A
N/A N/A C:\Windows\System\FyINZLa.exe N/A
N/A N/A C:\Windows\System\EpVMaSj.exe N/A
N/A N/A C:\Windows\System\qdCBNPb.exe N/A
N/A N/A C:\Windows\System\WwOZpmW.exe N/A
N/A N/A C:\Windows\System\ZxKulla.exe N/A
N/A N/A C:\Windows\System\cCrRkBh.exe N/A
N/A N/A C:\Windows\System\SeuFNpd.exe N/A
N/A N/A C:\Windows\System\MpEZgLQ.exe N/A
N/A N/A C:\Windows\System\peUEJpX.exe N/A
N/A N/A C:\Windows\System\PBSqChy.exe N/A
N/A N/A C:\Windows\System\pVUwqjp.exe N/A
N/A N/A C:\Windows\System\WOMsoyS.exe N/A
N/A N/A C:\Windows\System\uVQUaTh.exe N/A
N/A N/A C:\Windows\System\EDvtiPe.exe N/A
N/A N/A C:\Windows\System\IfhlKNJ.exe N/A
N/A N/A C:\Windows\System\LVafGcR.exe N/A
N/A N/A C:\Windows\System\ofQznTE.exe N/A
N/A N/A C:\Windows\System\clqaewC.exe N/A
N/A N/A C:\Windows\System\kIFxmbS.exe N/A
N/A N/A C:\Windows\System\vXYefnK.exe N/A
N/A N/A C:\Windows\System\mNuhZJy.exe N/A
N/A N/A C:\Windows\System\LPexIQV.exe N/A
N/A N/A C:\Windows\System\HYzaDEl.exe N/A
N/A N/A C:\Windows\System\ZgjTQfp.exe N/A
N/A N/A C:\Windows\System\vOeEaSZ.exe N/A
N/A N/A C:\Windows\System\FTELYDM.exe N/A
N/A N/A C:\Windows\System\FRQUFax.exe N/A
N/A N/A C:\Windows\System\xTwIdkE.exe N/A
N/A N/A C:\Windows\System\BfBLHwx.exe N/A
N/A N/A C:\Windows\System\EmxNVIf.exe N/A
N/A N/A C:\Windows\System\WvBRlui.exe N/A
N/A N/A C:\Windows\System\nWEcnqN.exe N/A
N/A N/A C:\Windows\System\eCZWAmt.exe N/A
N/A N/A C:\Windows\System\iEzPSjN.exe N/A
N/A N/A C:\Windows\System\pkWoLQJ.exe N/A
N/A N/A C:\Windows\System\fHTgwRR.exe N/A
N/A N/A C:\Windows\System\hQyNEPi.exe N/A
N/A N/A C:\Windows\System\MXWuMmE.exe N/A
N/A N/A C:\Windows\System\sNPqBNn.exe N/A
N/A N/A C:\Windows\System\DCSvZZY.exe N/A
N/A N/A C:\Windows\System\jtoUYom.exe N/A
N/A N/A C:\Windows\System\WKivLot.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\QIivkgz.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kloOnYm.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nAVfcSQ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jkJjLSi.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOAQDro.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LXoQKJe.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dDhpita.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WknDaTk.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgZggFs.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDoOLOj.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jzBUkKr.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yZeglgT.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EPitpoD.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qOZSMNm.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjpOiFz.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cacvySF.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JYLyKvU.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WronODM.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qxvPPzG.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KiOBkOZ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhoEXGw.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hIHIbfE.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HavpuwZ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PsxTdio.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUNOhTB.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aYAmIom.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgFEIMC.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VZpIGwh.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uscIALJ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jzhtnFn.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dMFFTJO.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\geBMTlj.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kicHSwl.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\orTFuom.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lGptaOQ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDFWAHy.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qICnoTe.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFsyFFL.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PUMUzoJ.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cCrRkBh.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KBpHxrH.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\APBkhvs.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vOdaxGh.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vXYefnK.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HKdVewn.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgEnUTB.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iYMrJsP.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWSjNcB.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cmXKVLG.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XhFXWWV.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XoLxBWS.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWDyWMX.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gbMgVrU.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ItrbPpe.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YVuCcwP.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NpSjwXf.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eumiCMN.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uyxOgzR.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRLNkXF.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kzBiTZC.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\abUZwMw.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gcUMYHG.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPKKQhp.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CTJlJdm.exe C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{E614D252-7F05-4113-9527-AADB929162CC} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{21431789-E2E8-4AFB-8211-016730E5B7D7} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3900 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\mrMnOfw.exe
PID 3900 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\mrMnOfw.exe
PID 3900 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\dQIfZWC.exe
PID 3900 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\dQIfZWC.exe
PID 3900 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\VZpIGwh.exe
PID 3900 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\VZpIGwh.exe
PID 3900 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\tSoeZSb.exe
PID 3900 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\tSoeZSb.exe
PID 3900 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\NcVqpje.exe
PID 3900 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\NcVqpje.exe
PID 3900 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\HvlJKdt.exe
PID 3900 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\HvlJKdt.exe
PID 3900 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\HpWOXIk.exe
PID 3900 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\HpWOXIk.exe
PID 3900 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\OKlUlRx.exe
PID 3900 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\OKlUlRx.exe
PID 3900 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\EKabxIS.exe
PID 3900 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\EKabxIS.exe
PID 3900 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\GHAczAk.exe
PID 3900 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\GHAczAk.exe
PID 3900 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\WknDaTk.exe
PID 3900 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\WknDaTk.exe
PID 3900 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\NTDFROn.exe
PID 3900 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\NTDFROn.exe
PID 3900 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\uNbyylM.exe
PID 3900 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\uNbyylM.exe
PID 3900 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\yutgOlc.exe
PID 3900 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\yutgOlc.exe
PID 3900 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\Lajzrrc.exe
PID 3900 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\Lajzrrc.exe
PID 3900 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\cxrHagk.exe
PID 3900 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\cxrHagk.exe
PID 3900 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\JRootCo.exe
PID 3900 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\JRootCo.exe
PID 3900 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\UFDlcDj.exe
PID 3900 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\UFDlcDj.exe
PID 3900 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\TCUAEbL.exe
PID 3900 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\TCUAEbL.exe
PID 3900 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\GRxuXGb.exe
PID 3900 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\GRxuXGb.exe
PID 3900 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\akbpTDp.exe
PID 3900 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\akbpTDp.exe
PID 3900 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\sJufnjl.exe
PID 3900 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\sJufnjl.exe
PID 3900 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\FyINZLa.exe
PID 3900 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\FyINZLa.exe
PID 3900 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\EpVMaSj.exe
PID 3900 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\EpVMaSj.exe
PID 3900 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\qdCBNPb.exe
PID 3900 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\qdCBNPb.exe
PID 3900 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\WwOZpmW.exe
PID 3900 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\WwOZpmW.exe
PID 3900 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ZxKulla.exe
PID 3900 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\ZxKulla.exe
PID 3900 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\cCrRkBh.exe
PID 3900 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\cCrRkBh.exe
PID 3900 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\SeuFNpd.exe
PID 3900 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\SeuFNpd.exe
PID 3900 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\MpEZgLQ.exe
PID 3900 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\MpEZgLQ.exe
PID 3900 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\peUEJpX.exe
PID 3900 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\peUEJpX.exe
PID 3900 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\PBSqChy.exe
PID 3900 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe C:\Windows\System\PBSqChy.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\39dc1dd29af0e46e14ff17d4ccd547d0_NeikiAnalytics.exe"

C:\Windows\System\mrMnOfw.exe

C:\Windows\System\mrMnOfw.exe

C:\Windows\System\dQIfZWC.exe

C:\Windows\System\dQIfZWC.exe

C:\Windows\System\VZpIGwh.exe

C:\Windows\System\VZpIGwh.exe

C:\Windows\System\tSoeZSb.exe

C:\Windows\System\tSoeZSb.exe

C:\Windows\System\NcVqpje.exe

C:\Windows\System\NcVqpje.exe

C:\Windows\System\HvlJKdt.exe

C:\Windows\System\HvlJKdt.exe

C:\Windows\System\HpWOXIk.exe

C:\Windows\System\HpWOXIk.exe

C:\Windows\System\OKlUlRx.exe

C:\Windows\System\OKlUlRx.exe

C:\Windows\System\EKabxIS.exe

C:\Windows\System\EKabxIS.exe

C:\Windows\System\GHAczAk.exe

C:\Windows\System\GHAczAk.exe

C:\Windows\System\WknDaTk.exe

C:\Windows\System\WknDaTk.exe

C:\Windows\System\NTDFROn.exe

C:\Windows\System\NTDFROn.exe

C:\Windows\System\uNbyylM.exe

C:\Windows\System\uNbyylM.exe

C:\Windows\System\yutgOlc.exe

C:\Windows\System\yutgOlc.exe

C:\Windows\System\Lajzrrc.exe

C:\Windows\System\Lajzrrc.exe

C:\Windows\System\cxrHagk.exe

C:\Windows\System\cxrHagk.exe

C:\Windows\System\JRootCo.exe

C:\Windows\System\JRootCo.exe

C:\Windows\System\UFDlcDj.exe

C:\Windows\System\UFDlcDj.exe

C:\Windows\System\TCUAEbL.exe

C:\Windows\System\TCUAEbL.exe

C:\Windows\System\GRxuXGb.exe

C:\Windows\System\GRxuXGb.exe

C:\Windows\System\akbpTDp.exe

C:\Windows\System\akbpTDp.exe

C:\Windows\System\sJufnjl.exe

C:\Windows\System\sJufnjl.exe

C:\Windows\System\FyINZLa.exe

C:\Windows\System\FyINZLa.exe

C:\Windows\System\EpVMaSj.exe

C:\Windows\System\EpVMaSj.exe

C:\Windows\System\qdCBNPb.exe

C:\Windows\System\qdCBNPb.exe

C:\Windows\System\WwOZpmW.exe

C:\Windows\System\WwOZpmW.exe

C:\Windows\System\ZxKulla.exe

C:\Windows\System\ZxKulla.exe

C:\Windows\System\cCrRkBh.exe

C:\Windows\System\cCrRkBh.exe

C:\Windows\System\SeuFNpd.exe

C:\Windows\System\SeuFNpd.exe

C:\Windows\System\MpEZgLQ.exe

C:\Windows\System\MpEZgLQ.exe

C:\Windows\System\peUEJpX.exe

C:\Windows\System\peUEJpX.exe

C:\Windows\System\PBSqChy.exe

C:\Windows\System\PBSqChy.exe

C:\Windows\System\pVUwqjp.exe

C:\Windows\System\pVUwqjp.exe

C:\Windows\System\WOMsoyS.exe

C:\Windows\System\WOMsoyS.exe

C:\Windows\System\uVQUaTh.exe

C:\Windows\System\uVQUaTh.exe

C:\Windows\System\EDvtiPe.exe

C:\Windows\System\EDvtiPe.exe

C:\Windows\System\IfhlKNJ.exe

C:\Windows\System\IfhlKNJ.exe

C:\Windows\System\LVafGcR.exe

C:\Windows\System\LVafGcR.exe

C:\Windows\System\ofQznTE.exe

C:\Windows\System\ofQznTE.exe

C:\Windows\System\clqaewC.exe

C:\Windows\System\clqaewC.exe

C:\Windows\System\kIFxmbS.exe

C:\Windows\System\kIFxmbS.exe

C:\Windows\System\vXYefnK.exe

C:\Windows\System\vXYefnK.exe

C:\Windows\System\mNuhZJy.exe

C:\Windows\System\mNuhZJy.exe

C:\Windows\System\LPexIQV.exe

C:\Windows\System\LPexIQV.exe

C:\Windows\System\HYzaDEl.exe

C:\Windows\System\HYzaDEl.exe

C:\Windows\System\ZgjTQfp.exe

C:\Windows\System\ZgjTQfp.exe

C:\Windows\System\vOeEaSZ.exe

C:\Windows\System\vOeEaSZ.exe

C:\Windows\System\FTELYDM.exe

C:\Windows\System\FTELYDM.exe

C:\Windows\System\FRQUFax.exe

C:\Windows\System\FRQUFax.exe

C:\Windows\System\xTwIdkE.exe

C:\Windows\System\xTwIdkE.exe

C:\Windows\System\BfBLHwx.exe

C:\Windows\System\BfBLHwx.exe

C:\Windows\System\EmxNVIf.exe

C:\Windows\System\EmxNVIf.exe

C:\Windows\System\WvBRlui.exe

C:\Windows\System\WvBRlui.exe

C:\Windows\System\nWEcnqN.exe

C:\Windows\System\nWEcnqN.exe

C:\Windows\System\eCZWAmt.exe

C:\Windows\System\eCZWAmt.exe

C:\Windows\System\iEzPSjN.exe

C:\Windows\System\iEzPSjN.exe

C:\Windows\System\pkWoLQJ.exe

C:\Windows\System\pkWoLQJ.exe

C:\Windows\System\fHTgwRR.exe

C:\Windows\System\fHTgwRR.exe

C:\Windows\System\hQyNEPi.exe

C:\Windows\System\hQyNEPi.exe

C:\Windows\System\MXWuMmE.exe

C:\Windows\System\MXWuMmE.exe

C:\Windows\System\sNPqBNn.exe

C:\Windows\System\sNPqBNn.exe

C:\Windows\System\DCSvZZY.exe

C:\Windows\System\DCSvZZY.exe

C:\Windows\System\jtoUYom.exe

C:\Windows\System\jtoUYom.exe

C:\Windows\System\WKivLot.exe

C:\Windows\System\WKivLot.exe

C:\Windows\System\cdNDwAo.exe

C:\Windows\System\cdNDwAo.exe

C:\Windows\System\EMWSkuA.exe

C:\Windows\System\EMWSkuA.exe

C:\Windows\System\VyeFEKh.exe

C:\Windows\System\VyeFEKh.exe

C:\Windows\System\QucdhFv.exe

C:\Windows\System\QucdhFv.exe

C:\Windows\System\aaroIpt.exe

C:\Windows\System\aaroIpt.exe

C:\Windows\System\gKJLMEO.exe

C:\Windows\System\gKJLMEO.exe

C:\Windows\System\xGKGsBF.exe

C:\Windows\System\xGKGsBF.exe

C:\Windows\System\dbTGWsE.exe

C:\Windows\System\dbTGWsE.exe

C:\Windows\System\upAuZQa.exe

C:\Windows\System\upAuZQa.exe

C:\Windows\System\CNouKPH.exe

C:\Windows\System\CNouKPH.exe

C:\Windows\System\lGaKORK.exe

C:\Windows\System\lGaKORK.exe

C:\Windows\System\dIRbkfZ.exe

C:\Windows\System\dIRbkfZ.exe

C:\Windows\System\lvCGKSs.exe

C:\Windows\System\lvCGKSs.exe

C:\Windows\System\qNMJIRl.exe

C:\Windows\System\qNMJIRl.exe

C:\Windows\System\aGFRowM.exe

C:\Windows\System\aGFRowM.exe

C:\Windows\System\RWhQXBg.exe

C:\Windows\System\RWhQXBg.exe

C:\Windows\System\JpNftsX.exe

C:\Windows\System\JpNftsX.exe

C:\Windows\System\pWVWpHK.exe

C:\Windows\System\pWVWpHK.exe

C:\Windows\System\jSTRXnw.exe

C:\Windows\System\jSTRXnw.exe

C:\Windows\System\UjOrjYc.exe

C:\Windows\System\UjOrjYc.exe

C:\Windows\System\QavsdhX.exe

C:\Windows\System\QavsdhX.exe

C:\Windows\System\gbNhHPd.exe

C:\Windows\System\gbNhHPd.exe

C:\Windows\System\lyAqCmQ.exe

C:\Windows\System\lyAqCmQ.exe

C:\Windows\System\pwXfaSG.exe

C:\Windows\System\pwXfaSG.exe

C:\Windows\System\LcssYJU.exe

C:\Windows\System\LcssYJU.exe

C:\Windows\System\hdBKnWC.exe

C:\Windows\System\hdBKnWC.exe

C:\Windows\System\citNpwJ.exe

C:\Windows\System\citNpwJ.exe

C:\Windows\System\yTYXuJf.exe

C:\Windows\System\yTYXuJf.exe

C:\Windows\System\AmpSouV.exe

C:\Windows\System\AmpSouV.exe

C:\Windows\System\OMYWGuh.exe

C:\Windows\System\OMYWGuh.exe

C:\Windows\System\CeFpwjr.exe

C:\Windows\System\CeFpwjr.exe

C:\Windows\System\VuXQsEh.exe

C:\Windows\System\VuXQsEh.exe

C:\Windows\System\lLRlvqJ.exe

C:\Windows\System\lLRlvqJ.exe

C:\Windows\System\reHpeUe.exe

C:\Windows\System\reHpeUe.exe

C:\Windows\System\BXqPoED.exe

C:\Windows\System\BXqPoED.exe

C:\Windows\System\YknIVUT.exe

C:\Windows\System\YknIVUT.exe

C:\Windows\System\hMqzHrI.exe

C:\Windows\System\hMqzHrI.exe

C:\Windows\System\KgaSKEy.exe

C:\Windows\System\KgaSKEy.exe

C:\Windows\System\lGWaNmM.exe

C:\Windows\System\lGWaNmM.exe

C:\Windows\System\eztUmlX.exe

C:\Windows\System\eztUmlX.exe

C:\Windows\System\iBJjnGZ.exe

C:\Windows\System\iBJjnGZ.exe

C:\Windows\System\cYeYTPd.exe

C:\Windows\System\cYeYTPd.exe

C:\Windows\System\RzIcCro.exe

C:\Windows\System\RzIcCro.exe

C:\Windows\System\qOZSMNm.exe

C:\Windows\System\qOZSMNm.exe

C:\Windows\System\sbjDTHn.exe

C:\Windows\System\sbjDTHn.exe

C:\Windows\System\QFQvHeg.exe

C:\Windows\System\QFQvHeg.exe

C:\Windows\System\zqMqyAK.exe

C:\Windows\System\zqMqyAK.exe

C:\Windows\System\SPRAuvz.exe

C:\Windows\System\SPRAuvz.exe

C:\Windows\System\XClUwxB.exe

C:\Windows\System\XClUwxB.exe

C:\Windows\System\AxHvxyw.exe

C:\Windows\System\AxHvxyw.exe

C:\Windows\System\MYJKZrQ.exe

C:\Windows\System\MYJKZrQ.exe

C:\Windows\System\DAOdMPG.exe

C:\Windows\System\DAOdMPG.exe

C:\Windows\System\xIIMzLM.exe

C:\Windows\System\xIIMzLM.exe

C:\Windows\System\XkzepLe.exe

C:\Windows\System\XkzepLe.exe

C:\Windows\System\JxCBpcO.exe

C:\Windows\System\JxCBpcO.exe

C:\Windows\System\aotsxUm.exe

C:\Windows\System\aotsxUm.exe

C:\Windows\System\htqauig.exe

C:\Windows\System\htqauig.exe

C:\Windows\System\vXtoYyd.exe

C:\Windows\System\vXtoYyd.exe

C:\Windows\System\IJsHApA.exe

C:\Windows\System\IJsHApA.exe

C:\Windows\System\tKlzvtG.exe

C:\Windows\System\tKlzvtG.exe

C:\Windows\System\vqmxnQp.exe

C:\Windows\System\vqmxnQp.exe

C:\Windows\System\VDXDzPb.exe

C:\Windows\System\VDXDzPb.exe

C:\Windows\System\xopRBbi.exe

C:\Windows\System\xopRBbi.exe

C:\Windows\System\oyhdDPr.exe

C:\Windows\System\oyhdDPr.exe

C:\Windows\System\xHmIPDN.exe

C:\Windows\System\xHmIPDN.exe

C:\Windows\System\jufhhCe.exe

C:\Windows\System\jufhhCe.exe

C:\Windows\System\BIEKVQE.exe

C:\Windows\System\BIEKVQE.exe

C:\Windows\System\JfAeiDp.exe

C:\Windows\System\JfAeiDp.exe

C:\Windows\System\UNnSKEU.exe

C:\Windows\System\UNnSKEU.exe

C:\Windows\System\EpJLqIh.exe

C:\Windows\System\EpJLqIh.exe

C:\Windows\System\tnCnyfc.exe

C:\Windows\System\tnCnyfc.exe

C:\Windows\System\lWDyWMX.exe

C:\Windows\System\lWDyWMX.exe

C:\Windows\System\HYNjGVD.exe

C:\Windows\System\HYNjGVD.exe

C:\Windows\System\XJsAHni.exe

C:\Windows\System\XJsAHni.exe

C:\Windows\System\BLTdQfX.exe

C:\Windows\System\BLTdQfX.exe

C:\Windows\System\HKWGgqo.exe

C:\Windows\System\HKWGgqo.exe

C:\Windows\System\tYvQpfw.exe

C:\Windows\System\tYvQpfw.exe

C:\Windows\System\JMzkzIv.exe

C:\Windows\System\JMzkzIv.exe

C:\Windows\System\rGPkazB.exe

C:\Windows\System\rGPkazB.exe

C:\Windows\System\qihZLuX.exe

C:\Windows\System\qihZLuX.exe

C:\Windows\System\rGNkPRH.exe

C:\Windows\System\rGNkPRH.exe

C:\Windows\System\iatfFjb.exe

C:\Windows\System\iatfFjb.exe

C:\Windows\System\kgvigUp.exe

C:\Windows\System\kgvigUp.exe

C:\Windows\System\VFSUUZb.exe

C:\Windows\System\VFSUUZb.exe

C:\Windows\System\nbpSACF.exe

C:\Windows\System\nbpSACF.exe

C:\Windows\System\NhIkDmL.exe

C:\Windows\System\NhIkDmL.exe

C:\Windows\System\zbILDzH.exe

C:\Windows\System\zbILDzH.exe

C:\Windows\System\PUKpJRp.exe

C:\Windows\System\PUKpJRp.exe

C:\Windows\System\CTJlJdm.exe

C:\Windows\System\CTJlJdm.exe

C:\Windows\System\NACisbO.exe

C:\Windows\System\NACisbO.exe

C:\Windows\System\XNeubDL.exe

C:\Windows\System\XNeubDL.exe

C:\Windows\System\rgSvSrj.exe

C:\Windows\System\rgSvSrj.exe

C:\Windows\System\eINjteV.exe

C:\Windows\System\eINjteV.exe

C:\Windows\System\obDIgjn.exe

C:\Windows\System\obDIgjn.exe

C:\Windows\System\hpyTcMI.exe

C:\Windows\System\hpyTcMI.exe

C:\Windows\System\HKdVewn.exe

C:\Windows\System\HKdVewn.exe

C:\Windows\System\DFquhyj.exe

C:\Windows\System\DFquhyj.exe

C:\Windows\System\wZsmquK.exe

C:\Windows\System\wZsmquK.exe

C:\Windows\System\PadJoMr.exe

C:\Windows\System\PadJoMr.exe

C:\Windows\System\SszVMWS.exe

C:\Windows\System\SszVMWS.exe

C:\Windows\System\XKoQeOS.exe

C:\Windows\System\XKoQeOS.exe

C:\Windows\System\nkGOvuO.exe

C:\Windows\System\nkGOvuO.exe

C:\Windows\System\INzOPMK.exe

C:\Windows\System\INzOPMK.exe

C:\Windows\System\sAFDWjr.exe

C:\Windows\System\sAFDWjr.exe

C:\Windows\System\xyYCwSt.exe

C:\Windows\System\xyYCwSt.exe

C:\Windows\System\xsOJKHn.exe

C:\Windows\System\xsOJKHn.exe

C:\Windows\System\BaHuyBJ.exe

C:\Windows\System\BaHuyBJ.exe

C:\Windows\System\bSVgpbQ.exe

C:\Windows\System\bSVgpbQ.exe

C:\Windows\System\ntBLdiR.exe

C:\Windows\System\ntBLdiR.exe

C:\Windows\System\GjRwmTF.exe

C:\Windows\System\GjRwmTF.exe

C:\Windows\System\eumiCMN.exe

C:\Windows\System\eumiCMN.exe

C:\Windows\System\opcgrMy.exe

C:\Windows\System\opcgrMy.exe

C:\Windows\System\LnEwIPi.exe

C:\Windows\System\LnEwIPi.exe

C:\Windows\System\AZbNIAI.exe

C:\Windows\System\AZbNIAI.exe

C:\Windows\System\PnZQWOX.exe

C:\Windows\System\PnZQWOX.exe

C:\Windows\System\ZRXkvVS.exe

C:\Windows\System\ZRXkvVS.exe

C:\Windows\System\ALFyAxy.exe

C:\Windows\System\ALFyAxy.exe

C:\Windows\System\uyxOgzR.exe

C:\Windows\System\uyxOgzR.exe

C:\Windows\System\jwoVLMI.exe

C:\Windows\System\jwoVLMI.exe

C:\Windows\System\eqZkvKu.exe

C:\Windows\System\eqZkvKu.exe

C:\Windows\System\feVFfhp.exe

C:\Windows\System\feVFfhp.exe

C:\Windows\System\sBhcieM.exe

C:\Windows\System\sBhcieM.exe

C:\Windows\System\DbAYEwa.exe

C:\Windows\System\DbAYEwa.exe

C:\Windows\System\lGptaOQ.exe

C:\Windows\System\lGptaOQ.exe

C:\Windows\System\UJDjLuv.exe

C:\Windows\System\UJDjLuv.exe

C:\Windows\System\upMYFDx.exe

C:\Windows\System\upMYFDx.exe

C:\Windows\System\NgZggFs.exe

C:\Windows\System\NgZggFs.exe

C:\Windows\System\PVCmNLk.exe

C:\Windows\System\PVCmNLk.exe

C:\Windows\System\BVrDfZI.exe

C:\Windows\System\BVrDfZI.exe

C:\Windows\System\TSwvZOg.exe

C:\Windows\System\TSwvZOg.exe

C:\Windows\System\HFRqYre.exe

C:\Windows\System\HFRqYre.exe

C:\Windows\System\IwzzDqV.exe

C:\Windows\System\IwzzDqV.exe

C:\Windows\System\qDoOLOj.exe

C:\Windows\System\qDoOLOj.exe

C:\Windows\System\joEABUp.exe

C:\Windows\System\joEABUp.exe

C:\Windows\System\XYZWpot.exe

C:\Windows\System\XYZWpot.exe

C:\Windows\System\ikkiNvN.exe

C:\Windows\System\ikkiNvN.exe

C:\Windows\System\WHCwgBX.exe

C:\Windows\System\WHCwgBX.exe

C:\Windows\System\hIHIbfE.exe

C:\Windows\System\hIHIbfE.exe

C:\Windows\System\iulrFZc.exe

C:\Windows\System\iulrFZc.exe

C:\Windows\System\jbwGZny.exe

C:\Windows\System\jbwGZny.exe

C:\Windows\System\aTdKeUk.exe

C:\Windows\System\aTdKeUk.exe

C:\Windows\System\acSvjAP.exe

C:\Windows\System\acSvjAP.exe

C:\Windows\System\zucMlAp.exe

C:\Windows\System\zucMlAp.exe

C:\Windows\System\MbuNdHV.exe

C:\Windows\System\MbuNdHV.exe

C:\Windows\System\QDghNXC.exe

C:\Windows\System\QDghNXC.exe

C:\Windows\System\wvOfbzR.exe

C:\Windows\System\wvOfbzR.exe

C:\Windows\System\logtkEO.exe

C:\Windows\System\logtkEO.exe

C:\Windows\System\IuXLpIY.exe

C:\Windows\System\IuXLpIY.exe

C:\Windows\System\qBRsaAi.exe

C:\Windows\System\qBRsaAi.exe

C:\Windows\System\yUjQsqH.exe

C:\Windows\System\yUjQsqH.exe

C:\Windows\System\EgrCVuc.exe

C:\Windows\System\EgrCVuc.exe

C:\Windows\System\WLaPCNb.exe

C:\Windows\System\WLaPCNb.exe

C:\Windows\System\AWSjNcB.exe

C:\Windows\System\AWSjNcB.exe

C:\Windows\System\uhJyIwR.exe

C:\Windows\System\uhJyIwR.exe

C:\Windows\System\aidXnOh.exe

C:\Windows\System\aidXnOh.exe

C:\Windows\System\WKbDtzN.exe

C:\Windows\System\WKbDtzN.exe

C:\Windows\System\lMaexPN.exe

C:\Windows\System\lMaexPN.exe

C:\Windows\System\Ivxoban.exe

C:\Windows\System\Ivxoban.exe

C:\Windows\System\LEGbpnK.exe

C:\Windows\System\LEGbpnK.exe

C:\Windows\System\jwgidIE.exe

C:\Windows\System\jwgidIE.exe

C:\Windows\System\IjORjkv.exe

C:\Windows\System\IjORjkv.exe

C:\Windows\System\HavpuwZ.exe

C:\Windows\System\HavpuwZ.exe

C:\Windows\System\fwOzyZc.exe

C:\Windows\System\fwOzyZc.exe

C:\Windows\System\jxaXzKe.exe

C:\Windows\System\jxaXzKe.exe

C:\Windows\System\NnJkUNl.exe

C:\Windows\System\NnJkUNl.exe

C:\Windows\System\jzBUkKr.exe

C:\Windows\System\jzBUkKr.exe

C:\Windows\System\SwoXSPG.exe

C:\Windows\System\SwoXSPG.exe

C:\Windows\System\PebYPpf.exe

C:\Windows\System\PebYPpf.exe

C:\Windows\System\cYfCONz.exe

C:\Windows\System\cYfCONz.exe

C:\Windows\System\bZHRnjB.exe

C:\Windows\System\bZHRnjB.exe

C:\Windows\System\uscIALJ.exe

C:\Windows\System\uscIALJ.exe

C:\Windows\System\LhriOHc.exe

C:\Windows\System\LhriOHc.exe

C:\Windows\System\iBsaFlO.exe

C:\Windows\System\iBsaFlO.exe

C:\Windows\System\XkWVqvE.exe

C:\Windows\System\XkWVqvE.exe

C:\Windows\System\nTruXmd.exe

C:\Windows\System\nTruXmd.exe

C:\Windows\System\CycveJo.exe

C:\Windows\System\CycveJo.exe

C:\Windows\System\xAgbwnt.exe

C:\Windows\System\xAgbwnt.exe

C:\Windows\System\IwRzKiz.exe

C:\Windows\System\IwRzKiz.exe

C:\Windows\System\iEsBVIO.exe

C:\Windows\System\iEsBVIO.exe

C:\Windows\System\OrrrHtb.exe

C:\Windows\System\OrrrHtb.exe

C:\Windows\System\DkQfMjz.exe

C:\Windows\System\DkQfMjz.exe

C:\Windows\System\kloOnYm.exe

C:\Windows\System\kloOnYm.exe

C:\Windows\System\PsxTdio.exe

C:\Windows\System\PsxTdio.exe

C:\Windows\System\reKfvcm.exe

C:\Windows\System\reKfvcm.exe

C:\Windows\System\kgMeYaX.exe

C:\Windows\System\kgMeYaX.exe

C:\Windows\System\Rhiffzz.exe

C:\Windows\System\Rhiffzz.exe

C:\Windows\System\XThYNbT.exe

C:\Windows\System\XThYNbT.exe

C:\Windows\System\MxDAjNd.exe

C:\Windows\System\MxDAjNd.exe

C:\Windows\System\lqCAexE.exe

C:\Windows\System\lqCAexE.exe

C:\Windows\System\ZaUyVJM.exe

C:\Windows\System\ZaUyVJM.exe

C:\Windows\System\kHtwbhz.exe

C:\Windows\System\kHtwbhz.exe

C:\Windows\System\OawSefS.exe

C:\Windows\System\OawSefS.exe

C:\Windows\System\XPwukAg.exe

C:\Windows\System\XPwukAg.exe

C:\Windows\System\LIsYMOl.exe

C:\Windows\System\LIsYMOl.exe

C:\Windows\System\toSsaCs.exe

C:\Windows\System\toSsaCs.exe

C:\Windows\System\OcSuBTZ.exe

C:\Windows\System\OcSuBTZ.exe

C:\Windows\System\NrbiCJB.exe

C:\Windows\System\NrbiCJB.exe

C:\Windows\System\wQPWURH.exe

C:\Windows\System\wQPWURH.exe

C:\Windows\System\QdoqMDM.exe

C:\Windows\System\QdoqMDM.exe

C:\Windows\System\rbLRanb.exe

C:\Windows\System\rbLRanb.exe

C:\Windows\System\YjiXCfb.exe

C:\Windows\System\YjiXCfb.exe

C:\Windows\System\XASgmaa.exe

C:\Windows\System\XASgmaa.exe

C:\Windows\System\vKdMMvA.exe

C:\Windows\System\vKdMMvA.exe

C:\Windows\System\TtkMOLc.exe

C:\Windows\System\TtkMOLc.exe

C:\Windows\System\vwhXShP.exe

C:\Windows\System\vwhXShP.exe

C:\Windows\System\eMxLbXk.exe

C:\Windows\System\eMxLbXk.exe

C:\Windows\System\GvpVYbZ.exe

C:\Windows\System\GvpVYbZ.exe

C:\Windows\System\vyNkGUj.exe

C:\Windows\System\vyNkGUj.exe

C:\Windows\System\kIYwnIh.exe

C:\Windows\System\kIYwnIh.exe

C:\Windows\System\jDFWAHy.exe

C:\Windows\System\jDFWAHy.exe

C:\Windows\System\LXoQKJe.exe

C:\Windows\System\LXoQKJe.exe

C:\Windows\System\qgjTflW.exe

C:\Windows\System\qgjTflW.exe

C:\Windows\System\WpiwDuT.exe

C:\Windows\System\WpiwDuT.exe

C:\Windows\System\ZqVtOpo.exe

C:\Windows\System\ZqVtOpo.exe

C:\Windows\System\oyWGTfv.exe

C:\Windows\System\oyWGTfv.exe

C:\Windows\System\SUdzOVp.exe

C:\Windows\System\SUdzOVp.exe

C:\Windows\System\weCqrUH.exe

C:\Windows\System\weCqrUH.exe

C:\Windows\System\MYBUmBL.exe

C:\Windows\System\MYBUmBL.exe

C:\Windows\System\nyxvStS.exe

C:\Windows\System\nyxvStS.exe

C:\Windows\System\snrZKpw.exe

C:\Windows\System\snrZKpw.exe

C:\Windows\System\AjdVMVc.exe

C:\Windows\System\AjdVMVc.exe

C:\Windows\System\SbEhacJ.exe

C:\Windows\System\SbEhacJ.exe

C:\Windows\System\HAmLGvD.exe

C:\Windows\System\HAmLGvD.exe

C:\Windows\System\CkBSgAd.exe

C:\Windows\System\CkBSgAd.exe

C:\Windows\System\vBnJBkc.exe

C:\Windows\System\vBnJBkc.exe

C:\Windows\System\pRbsjmk.exe

C:\Windows\System\pRbsjmk.exe

C:\Windows\System\nAVfcSQ.exe

C:\Windows\System\nAVfcSQ.exe

C:\Windows\System\jqhCIZM.exe

C:\Windows\System\jqhCIZM.exe

C:\Windows\System\RquEMXP.exe

C:\Windows\System\RquEMXP.exe

C:\Windows\System\aOIHZgG.exe

C:\Windows\System\aOIHZgG.exe

C:\Windows\System\GjpOiFz.exe

C:\Windows\System\GjpOiFz.exe

C:\Windows\System\vnXkwLf.exe

C:\Windows\System\vnXkwLf.exe

C:\Windows\System\FBdjMeb.exe

C:\Windows\System\FBdjMeb.exe

C:\Windows\System\CJGMHur.exe

C:\Windows\System\CJGMHur.exe

C:\Windows\System\QYzAZRC.exe

C:\Windows\System\QYzAZRC.exe

C:\Windows\System\KVOavam.exe

C:\Windows\System\KVOavam.exe

C:\Windows\System\VTkpAwH.exe

C:\Windows\System\VTkpAwH.exe

C:\Windows\System\eymAHJU.exe

C:\Windows\System\eymAHJU.exe

C:\Windows\System\zHAsQnu.exe

C:\Windows\System\zHAsQnu.exe

C:\Windows\System\NdBigPi.exe

C:\Windows\System\NdBigPi.exe

C:\Windows\System\qhPutpu.exe

C:\Windows\System\qhPutpu.exe

C:\Windows\System\FgVDTwO.exe

C:\Windows\System\FgVDTwO.exe

C:\Windows\System\jkkRXvf.exe

C:\Windows\System\jkkRXvf.exe

C:\Windows\System\FtiXnPW.exe

C:\Windows\System\FtiXnPW.exe

C:\Windows\System\kwUPaBg.exe

C:\Windows\System\kwUPaBg.exe

C:\Windows\System\MfSQjgY.exe

C:\Windows\System\MfSQjgY.exe

C:\Windows\System\aDJhwOi.exe

C:\Windows\System\aDJhwOi.exe

C:\Windows\System\tsNNDCm.exe

C:\Windows\System\tsNNDCm.exe

C:\Windows\System\wRqoyCT.exe

C:\Windows\System\wRqoyCT.exe

C:\Windows\System\PDuBKkS.exe

C:\Windows\System\PDuBKkS.exe

C:\Windows\System\cacvySF.exe

C:\Windows\System\cacvySF.exe

C:\Windows\System\ZpmcPeT.exe

C:\Windows\System\ZpmcPeT.exe

C:\Windows\System\vuetUtx.exe

C:\Windows\System\vuetUtx.exe

C:\Windows\System\rkoJIdY.exe

C:\Windows\System\rkoJIdY.exe

C:\Windows\System\OSNNebo.exe

C:\Windows\System\OSNNebo.exe

C:\Windows\System\vlsNiwL.exe

C:\Windows\System\vlsNiwL.exe

C:\Windows\System\cZYbtBS.exe

C:\Windows\System\cZYbtBS.exe

C:\Windows\System\wQZcBSe.exe

C:\Windows\System\wQZcBSe.exe

C:\Windows\System\nNCavNS.exe

C:\Windows\System\nNCavNS.exe

C:\Windows\System\XhtpATE.exe

C:\Windows\System\XhtpATE.exe

C:\Windows\System\EhTFoMm.exe

C:\Windows\System\EhTFoMm.exe

C:\Windows\System\kvuNcQL.exe

C:\Windows\System\kvuNcQL.exe

C:\Windows\System\AmfvsvQ.exe

C:\Windows\System\AmfvsvQ.exe

C:\Windows\System\xVXiuvN.exe

C:\Windows\System\xVXiuvN.exe

C:\Windows\System\wqHPVTq.exe

C:\Windows\System\wqHPVTq.exe

C:\Windows\System\Kfcfzif.exe

C:\Windows\System\Kfcfzif.exe

C:\Windows\System\xBOMmFZ.exe

C:\Windows\System\xBOMmFZ.exe

C:\Windows\System\oixislx.exe

C:\Windows\System\oixislx.exe

C:\Windows\System\BfSjsqe.exe

C:\Windows\System\BfSjsqe.exe

C:\Windows\System\MnyJoEr.exe

C:\Windows\System\MnyJoEr.exe

C:\Windows\System\jrSjYRs.exe

C:\Windows\System\jrSjYRs.exe

C:\Windows\System\aYdidVN.exe

C:\Windows\System\aYdidVN.exe

C:\Windows\System\vJaICHn.exe

C:\Windows\System\vJaICHn.exe

C:\Windows\System\qICnoTe.exe

C:\Windows\System\qICnoTe.exe

C:\Windows\System\azZiMOK.exe

C:\Windows\System\azZiMOK.exe

C:\Windows\System\HyCQqse.exe

C:\Windows\System\HyCQqse.exe

C:\Windows\System\LABQTUo.exe

C:\Windows\System\LABQTUo.exe

C:\Windows\System\yVykQyf.exe

C:\Windows\System\yVykQyf.exe

C:\Windows\System\ePYXijo.exe

C:\Windows\System\ePYXijo.exe

C:\Windows\System\igNDtdK.exe

C:\Windows\System\igNDtdK.exe

C:\Windows\System\PlamtnF.exe

C:\Windows\System\PlamtnF.exe

C:\Windows\System\WZziDSS.exe

C:\Windows\System\WZziDSS.exe

C:\Windows\System\gHLqAYD.exe

C:\Windows\System\gHLqAYD.exe

C:\Windows\System\sNPMXpl.exe

C:\Windows\System\sNPMXpl.exe

C:\Windows\System\kLmblqD.exe

C:\Windows\System\kLmblqD.exe

C:\Windows\System\rLKWaHV.exe

C:\Windows\System\rLKWaHV.exe

C:\Windows\System\KHapIqI.exe

C:\Windows\System\KHapIqI.exe

C:\Windows\System\viIttZe.exe

C:\Windows\System\viIttZe.exe

C:\Windows\System\dneWJDr.exe

C:\Windows\System\dneWJDr.exe

C:\Windows\System\ZGxpIVa.exe

C:\Windows\System\ZGxpIVa.exe

C:\Windows\System\gqJnfbw.exe

C:\Windows\System\gqJnfbw.exe

C:\Windows\System\RTDeBmX.exe

C:\Windows\System\RTDeBmX.exe

C:\Windows\System\gPaywGE.exe

C:\Windows\System\gPaywGE.exe

C:\Windows\System\rKmqgsW.exe

C:\Windows\System\rKmqgsW.exe

C:\Windows\System\dDhpita.exe

C:\Windows\System\dDhpita.exe

C:\Windows\System\DSoYvhP.exe

C:\Windows\System\DSoYvhP.exe

C:\Windows\System\haviYtM.exe

C:\Windows\System\haviYtM.exe

C:\Windows\System\dOiXtzU.exe

C:\Windows\System\dOiXtzU.exe

C:\Windows\System\SGHIUvd.exe

C:\Windows\System\SGHIUvd.exe

C:\Windows\System\LZcYpfl.exe

C:\Windows\System\LZcYpfl.exe

C:\Windows\System\pHTySvc.exe

C:\Windows\System\pHTySvc.exe

C:\Windows\System\oYiYEVu.exe

C:\Windows\System\oYiYEVu.exe

C:\Windows\System\ascfmdu.exe

C:\Windows\System\ascfmdu.exe

C:\Windows\System\tBBDJwA.exe

C:\Windows\System\tBBDJwA.exe

C:\Windows\System\GeKKvZA.exe

C:\Windows\System\GeKKvZA.exe

C:\Windows\System\nXqnCHY.exe

C:\Windows\System\nXqnCHY.exe

C:\Windows\System\QxehkKF.exe

C:\Windows\System\QxehkKF.exe

C:\Windows\System\rDWJEnL.exe

C:\Windows\System\rDWJEnL.exe

C:\Windows\System\VZWGnPY.exe

C:\Windows\System\VZWGnPY.exe

C:\Windows\System\rCHjgeo.exe

C:\Windows\System\rCHjgeo.exe

C:\Windows\System\Uuapzlt.exe

C:\Windows\System\Uuapzlt.exe

C:\Windows\System\UMaOEAx.exe

C:\Windows\System\UMaOEAx.exe

C:\Windows\System\mTwSIfV.exe

C:\Windows\System\mTwSIfV.exe

C:\Windows\System\xjOOwlo.exe

C:\Windows\System\xjOOwlo.exe

C:\Windows\System\VahyRSl.exe

C:\Windows\System\VahyRSl.exe

C:\Windows\System\VFsyFFL.exe

C:\Windows\System\VFsyFFL.exe

C:\Windows\System\JjLwtkW.exe

C:\Windows\System\JjLwtkW.exe

C:\Windows\System\PWUJZcD.exe

C:\Windows\System\PWUJZcD.exe

C:\Windows\System\miBbySD.exe

C:\Windows\System\miBbySD.exe

C:\Windows\System\TDSMJgf.exe

C:\Windows\System\TDSMJgf.exe

C:\Windows\System\fvfwWBG.exe

C:\Windows\System\fvfwWBG.exe

C:\Windows\System\WyMncqa.exe

C:\Windows\System\WyMncqa.exe

C:\Windows\System\iYPgeUw.exe

C:\Windows\System\iYPgeUw.exe

C:\Windows\System\PezavJs.exe

C:\Windows\System\PezavJs.exe

C:\Windows\System\lFtbIng.exe

C:\Windows\System\lFtbIng.exe

C:\Windows\System\LjxxttE.exe

C:\Windows\System\LjxxttE.exe

C:\Windows\System\yglZcix.exe

C:\Windows\System\yglZcix.exe

C:\Windows\System\EFOjMDu.exe

C:\Windows\System\EFOjMDu.exe

C:\Windows\System\rGTwMJq.exe

C:\Windows\System\rGTwMJq.exe

C:\Windows\System\WjrFbbQ.exe

C:\Windows\System\WjrFbbQ.exe

C:\Windows\System\nLtHnPQ.exe

C:\Windows\System\nLtHnPQ.exe

C:\Windows\System\VYRajsX.exe

C:\Windows\System\VYRajsX.exe

C:\Windows\System\fUNOhTB.exe

C:\Windows\System\fUNOhTB.exe

C:\Windows\System\WronODM.exe

C:\Windows\System\WronODM.exe

C:\Windows\System\LETXQUU.exe

C:\Windows\System\LETXQUU.exe

C:\Windows\System\WoHbPSv.exe

C:\Windows\System\WoHbPSv.exe

C:\Windows\System\gLZRuti.exe

C:\Windows\System\gLZRuti.exe

C:\Windows\System\qMEsPEf.exe

C:\Windows\System\qMEsPEf.exe

C:\Windows\System\VGjjbHR.exe

C:\Windows\System\VGjjbHR.exe

C:\Windows\System\uAhquZE.exe

C:\Windows\System\uAhquZE.exe

C:\Windows\System\QEKHJuk.exe

C:\Windows\System\QEKHJuk.exe

C:\Windows\System\vrIDXZo.exe

C:\Windows\System\vrIDXZo.exe

C:\Windows\System\PFuieAC.exe

C:\Windows\System\PFuieAC.exe

C:\Windows\System\PdSWulj.exe

C:\Windows\System\PdSWulj.exe

C:\Windows\System\lBuELne.exe

C:\Windows\System\lBuELne.exe

C:\Windows\System\JYLyKvU.exe

C:\Windows\System\JYLyKvU.exe

C:\Windows\System\xLSgcPc.exe

C:\Windows\System\xLSgcPc.exe

C:\Windows\System\sTbTVzA.exe

C:\Windows\System\sTbTVzA.exe

C:\Windows\System\tWhoMXd.exe

C:\Windows\System\tWhoMXd.exe

C:\Windows\System\LDnJDkS.exe

C:\Windows\System\LDnJDkS.exe

C:\Windows\System\YbFrCDI.exe

C:\Windows\System\YbFrCDI.exe

C:\Windows\System\UbBatpq.exe

C:\Windows\System\UbBatpq.exe

C:\Windows\System\yZeglgT.exe

C:\Windows\System\yZeglgT.exe

C:\Windows\System\xSxGDfJ.exe

C:\Windows\System\xSxGDfJ.exe

C:\Windows\System\deDpSsb.exe

C:\Windows\System\deDpSsb.exe

C:\Windows\System\asdAqdI.exe

C:\Windows\System\asdAqdI.exe

C:\Windows\System\JqjIdqp.exe

C:\Windows\System\JqjIdqp.exe

C:\Windows\System\DGljjPE.exe

C:\Windows\System\DGljjPE.exe

C:\Windows\System\TSJeHjS.exe

C:\Windows\System\TSJeHjS.exe

C:\Windows\System\cmXKVLG.exe

C:\Windows\System\cmXKVLG.exe

C:\Windows\System\PIVZPun.exe

C:\Windows\System\PIVZPun.exe

C:\Windows\System\lSksuTd.exe

C:\Windows\System\lSksuTd.exe

C:\Windows\System\hKZnuZt.exe

C:\Windows\System\hKZnuZt.exe

C:\Windows\System\LxuigSe.exe

C:\Windows\System\LxuigSe.exe

C:\Windows\System\ONPLWyM.exe

C:\Windows\System\ONPLWyM.exe

C:\Windows\System\ZmBCGrx.exe

C:\Windows\System\ZmBCGrx.exe

C:\Windows\System\HZpTBCz.exe

C:\Windows\System\HZpTBCz.exe

C:\Windows\System\lsGoQhh.exe

C:\Windows\System\lsGoQhh.exe

C:\Windows\System\gbMgVrU.exe

C:\Windows\System\gbMgVrU.exe

C:\Windows\System\dMFFTJO.exe

C:\Windows\System\dMFFTJO.exe

C:\Windows\System\tlNTPRW.exe

C:\Windows\System\tlNTPRW.exe

C:\Windows\System\XhFXWWV.exe

C:\Windows\System\XhFXWWV.exe

C:\Windows\System\qVhhuxo.exe

C:\Windows\System\qVhhuxo.exe

C:\Windows\System\lRYzlKl.exe

C:\Windows\System\lRYzlKl.exe

C:\Windows\System\EqBarRq.exe

C:\Windows\System\EqBarRq.exe

C:\Windows\System\PSFmlmY.exe

C:\Windows\System\PSFmlmY.exe

C:\Windows\System\LoduHTg.exe

C:\Windows\System\LoduHTg.exe

C:\Windows\System\gRZCdTi.exe

C:\Windows\System\gRZCdTi.exe

C:\Windows\System\rxLHnlW.exe

C:\Windows\System\rxLHnlW.exe

C:\Windows\System\kpKMnPM.exe

C:\Windows\System\kpKMnPM.exe

C:\Windows\System\ILriALm.exe

C:\Windows\System\ILriALm.exe

C:\Windows\System\boXLiou.exe

C:\Windows\System\boXLiou.exe

C:\Windows\System\xqQKDhD.exe

C:\Windows\System\xqQKDhD.exe

C:\Windows\System\ZStxiAP.exe

C:\Windows\System\ZStxiAP.exe

C:\Windows\System\dymbYDL.exe

C:\Windows\System\dymbYDL.exe

C:\Windows\System\FCgObfu.exe

C:\Windows\System\FCgObfu.exe

C:\Windows\System\qxiMYjV.exe

C:\Windows\System\qxiMYjV.exe

C:\Windows\System\JMVErNW.exe

C:\Windows\System\JMVErNW.exe

C:\Windows\System\NHBwvCJ.exe

C:\Windows\System\NHBwvCJ.exe

C:\Windows\System\IvbDyxH.exe

C:\Windows\System\IvbDyxH.exe

C:\Windows\System\HpbAejk.exe

C:\Windows\System\HpbAejk.exe

C:\Windows\System\jTxgBvD.exe

C:\Windows\System\jTxgBvD.exe

C:\Windows\System\oRqGINo.exe

C:\Windows\System\oRqGINo.exe

C:\Windows\System\GuEqdrt.exe

C:\Windows\System\GuEqdrt.exe

C:\Windows\System\KKyueak.exe

C:\Windows\System\KKyueak.exe

C:\Windows\System\omgzquL.exe

C:\Windows\System\omgzquL.exe

C:\Windows\System\aXKVNhj.exe

C:\Windows\System\aXKVNhj.exe

C:\Windows\System\hkpPwwe.exe

C:\Windows\System\hkpPwwe.exe

C:\Windows\System\aNzDdWa.exe

C:\Windows\System\aNzDdWa.exe

C:\Windows\System\qKnjokk.exe

C:\Windows\System\qKnjokk.exe

C:\Windows\System\rkfvGsD.exe

C:\Windows\System\rkfvGsD.exe

C:\Windows\System\XmYBYUj.exe

C:\Windows\System\XmYBYUj.exe

C:\Windows\System\NzLzSQs.exe

C:\Windows\System\NzLzSQs.exe

C:\Windows\System\oewtmtr.exe

C:\Windows\System\oewtmtr.exe

C:\Windows\System\iLIpqYg.exe

C:\Windows\System\iLIpqYg.exe

C:\Windows\System\yiNwaee.exe

C:\Windows\System\yiNwaee.exe

C:\Windows\System\PuohSwF.exe

C:\Windows\System\PuohSwF.exe

C:\Windows\System\YodoORo.exe

C:\Windows\System\YodoORo.exe

C:\Windows\System\NFRWTuc.exe

C:\Windows\System\NFRWTuc.exe

C:\Windows\System\QSwqRIx.exe

C:\Windows\System\QSwqRIx.exe

C:\Windows\System\YhzpTvI.exe

C:\Windows\System\YhzpTvI.exe

C:\Windows\System\qVzRroU.exe

C:\Windows\System\qVzRroU.exe

C:\Windows\System\qLJcnNn.exe

C:\Windows\System\qLJcnNn.exe

C:\Windows\System\abUZwMw.exe

C:\Windows\System\abUZwMw.exe

C:\Windows\System\EjUnNaR.exe

C:\Windows\System\EjUnNaR.exe

C:\Windows\System\mVvDbSO.exe

C:\Windows\System\mVvDbSO.exe

C:\Windows\System\xctYtqJ.exe

C:\Windows\System\xctYtqJ.exe

C:\Windows\System\mnuasiL.exe

C:\Windows\System\mnuasiL.exe

C:\Windows\System\ItrbPpe.exe

C:\Windows\System\ItrbPpe.exe

C:\Windows\System\pRnKwxz.exe

C:\Windows\System\pRnKwxz.exe

C:\Windows\System\KAlsulC.exe

C:\Windows\System\KAlsulC.exe

C:\Windows\System\iOHNiUw.exe

C:\Windows\System\iOHNiUw.exe

C:\Windows\System\PudvEbE.exe

C:\Windows\System\PudvEbE.exe

C:\Windows\System\ZhAopRQ.exe

C:\Windows\System\ZhAopRQ.exe

C:\Windows\System\AyCmQmg.exe

C:\Windows\System\AyCmQmg.exe

C:\Windows\System\VUwxGXl.exe

C:\Windows\System\VUwxGXl.exe

C:\Windows\System\UxNFHUg.exe

C:\Windows\System\UxNFHUg.exe

C:\Windows\System\lRLNkXF.exe

C:\Windows\System\lRLNkXF.exe

C:\Windows\System\LpkrNWA.exe

C:\Windows\System\LpkrNWA.exe

C:\Windows\System\gcUMYHG.exe

C:\Windows\System\gcUMYHG.exe

C:\Windows\System\zVkAEch.exe

C:\Windows\System\zVkAEch.exe

C:\Windows\System\ChMAKbe.exe

C:\Windows\System\ChMAKbe.exe

C:\Windows\System\NVyWvnO.exe

C:\Windows\System\NVyWvnO.exe

C:\Windows\System\IfCroIQ.exe

C:\Windows\System\IfCroIQ.exe

C:\Windows\System\EPitpoD.exe

C:\Windows\System\EPitpoD.exe

C:\Windows\System\mMnnIaq.exe

C:\Windows\System\mMnnIaq.exe

C:\Windows\System\hrueozE.exe

C:\Windows\System\hrueozE.exe

C:\Windows\System\tQxRDMU.exe

C:\Windows\System\tQxRDMU.exe

C:\Windows\System\LdpwsUM.exe

C:\Windows\System\LdpwsUM.exe

C:\Windows\System\SjpyYMz.exe

C:\Windows\System\SjpyYMz.exe

C:\Windows\System\fCOvedh.exe

C:\Windows\System\fCOvedh.exe

C:\Windows\System\MSJmdwH.exe

C:\Windows\System\MSJmdwH.exe

C:\Windows\System\mSbEfIO.exe

C:\Windows\System\mSbEfIO.exe

C:\Windows\System\ZBfMOqr.exe

C:\Windows\System\ZBfMOqr.exe

C:\Windows\System\rZcYpLe.exe

C:\Windows\System\rZcYpLe.exe

C:\Windows\System\UmapnTo.exe

C:\Windows\System\UmapnTo.exe

C:\Windows\System\jyTrJlJ.exe

C:\Windows\System\jyTrJlJ.exe

C:\Windows\System\DYeeNdz.exe

C:\Windows\System\DYeeNdz.exe

C:\Windows\System\awpHLPS.exe

C:\Windows\System\awpHLPS.exe

C:\Windows\System\kZmfgDC.exe

C:\Windows\System\kZmfgDC.exe

C:\Windows\System\uNmbQqS.exe

C:\Windows\System\uNmbQqS.exe

C:\Windows\System\qxvPPzG.exe

C:\Windows\System\qxvPPzG.exe

C:\Windows\System\nDPUNWh.exe

C:\Windows\System\nDPUNWh.exe

C:\Windows\System\QPEFozH.exe

C:\Windows\System\QPEFozH.exe

C:\Windows\System\rjgsbvx.exe

C:\Windows\System\rjgsbvx.exe

C:\Windows\System\fbHHVQP.exe

C:\Windows\System\fbHHVQP.exe

C:\Windows\System\dlZBpYH.exe

C:\Windows\System\dlZBpYH.exe

C:\Windows\System\bfXqmjl.exe

C:\Windows\System\bfXqmjl.exe

C:\Windows\System\yfkTwIG.exe

C:\Windows\System\yfkTwIG.exe

C:\Windows\System\WUXlaGQ.exe

C:\Windows\System\WUXlaGQ.exe

C:\Windows\System\OYgOHKp.exe

C:\Windows\System\OYgOHKp.exe

C:\Windows\System\UoqkWfG.exe

C:\Windows\System\UoqkWfG.exe

C:\Windows\System\fSSVaJd.exe

C:\Windows\System\fSSVaJd.exe

C:\Windows\System\rChKjmA.exe

C:\Windows\System\rChKjmA.exe

C:\Windows\System\emhePVt.exe

C:\Windows\System\emhePVt.exe

C:\Windows\System\AyZEnpK.exe

C:\Windows\System\AyZEnpK.exe

C:\Windows\System\dmBGPSj.exe

C:\Windows\System\dmBGPSj.exe

C:\Windows\System\YZmFOmg.exe

C:\Windows\System\YZmFOmg.exe

C:\Windows\System\JMgOxSz.exe

C:\Windows\System\JMgOxSz.exe

C:\Windows\System\fBVSitm.exe

C:\Windows\System\fBVSitm.exe

C:\Windows\System\loBiHNf.exe

C:\Windows\System\loBiHNf.exe

C:\Windows\System\KiOBkOZ.exe

C:\Windows\System\KiOBkOZ.exe

C:\Windows\System\gQwGSrE.exe

C:\Windows\System\gQwGSrE.exe

C:\Windows\System\MJPBtCv.exe

C:\Windows\System\MJPBtCv.exe

C:\Windows\System\yJattyM.exe

C:\Windows\System\yJattyM.exe

C:\Windows\System\mLajOyC.exe

C:\Windows\System\mLajOyC.exe

C:\Windows\System\MKnLsqh.exe

C:\Windows\System\MKnLsqh.exe

C:\Windows\System\XfdHSeF.exe

C:\Windows\System\XfdHSeF.exe

C:\Windows\System\PTnoZMA.exe

C:\Windows\System\PTnoZMA.exe

C:\Windows\System\kCXcACe.exe

C:\Windows\System\kCXcACe.exe

C:\Windows\System\raAYubZ.exe

C:\Windows\System\raAYubZ.exe

C:\Windows\System\PfxJJsM.exe

C:\Windows\System\PfxJJsM.exe

C:\Windows\System\mhoEXGw.exe

C:\Windows\System\mhoEXGw.exe

C:\Windows\System\zvIqLlf.exe

C:\Windows\System\zvIqLlf.exe

C:\Windows\System\sXFkxgW.exe

C:\Windows\System\sXFkxgW.exe

C:\Windows\System\jGYwLWF.exe

C:\Windows\System\jGYwLWF.exe

C:\Windows\System\mtgyexE.exe

C:\Windows\System\mtgyexE.exe

C:\Windows\System\XOORsbP.exe

C:\Windows\System\XOORsbP.exe

C:\Windows\System\bkjgJzC.exe

C:\Windows\System\bkjgJzC.exe

C:\Windows\System\qsVNpXd.exe

C:\Windows\System\qsVNpXd.exe

C:\Windows\System\EZuWymP.exe

C:\Windows\System\EZuWymP.exe

C:\Windows\System\OdUqIqN.exe

C:\Windows\System\OdUqIqN.exe

C:\Windows\System\BkziLdU.exe

C:\Windows\System\BkziLdU.exe

C:\Windows\System\uCrwXRh.exe

C:\Windows\System\uCrwXRh.exe

C:\Windows\System\lGYSYVJ.exe

C:\Windows\System\lGYSYVJ.exe

C:\Windows\System\XUonbwn.exe

C:\Windows\System\XUonbwn.exe

C:\Windows\System\dnEanGN.exe

C:\Windows\System\dnEanGN.exe

C:\Windows\System\HQAomnp.exe

C:\Windows\System\HQAomnp.exe

C:\Windows\System\uHNRBIU.exe

C:\Windows\System\uHNRBIU.exe

C:\Windows\System\geBMTlj.exe

C:\Windows\System\geBMTlj.exe

C:\Windows\System\TfZjheD.exe

C:\Windows\System\TfZjheD.exe

C:\Windows\System\MTdDRJl.exe

C:\Windows\System\MTdDRJl.exe

C:\Windows\System\hVgbpBN.exe

C:\Windows\System\hVgbpBN.exe

C:\Windows\System\XiaIiqR.exe

C:\Windows\System\XiaIiqR.exe

C:\Windows\System\dwzhTBg.exe

C:\Windows\System\dwzhTBg.exe

C:\Windows\System\EsjgDZY.exe

C:\Windows\System\EsjgDZY.exe

C:\Windows\System\dlNEOsx.exe

C:\Windows\System\dlNEOsx.exe

C:\Windows\System\FdYpNAo.exe

C:\Windows\System\FdYpNAo.exe

C:\Windows\System\fRqhSXx.exe

C:\Windows\System\fRqhSXx.exe

C:\Windows\System\VtFFZYf.exe

C:\Windows\System\VtFFZYf.exe

C:\Windows\System\HalwDbp.exe

C:\Windows\System\HalwDbp.exe

C:\Windows\System\hLdpPGD.exe

C:\Windows\System\hLdpPGD.exe

C:\Windows\System\xLwITpX.exe

C:\Windows\System\xLwITpX.exe

C:\Windows\System\PZWcLwl.exe

C:\Windows\System\PZWcLwl.exe

C:\Windows\System\zywSvie.exe

C:\Windows\System\zywSvie.exe

C:\Windows\System\JGMnYLX.exe

C:\Windows\System\JGMnYLX.exe

C:\Windows\System\VSOgFdB.exe

C:\Windows\System\VSOgFdB.exe

C:\Windows\System\aDmxnjB.exe

C:\Windows\System\aDmxnjB.exe

C:\Windows\System\xhFdaYE.exe

C:\Windows\System\xhFdaYE.exe

C:\Windows\System\LlCRvYz.exe

C:\Windows\System\LlCRvYz.exe

C:\Windows\System\cVYGKMg.exe

C:\Windows\System\cVYGKMg.exe

C:\Windows\System\YbHdGoN.exe

C:\Windows\System\YbHdGoN.exe

C:\Windows\System\ujcgpnR.exe

C:\Windows\System\ujcgpnR.exe

C:\Windows\System\SnaoOhb.exe

C:\Windows\System\SnaoOhb.exe

C:\Windows\System\aYAmIom.exe

C:\Windows\System\aYAmIom.exe

C:\Windows\System\twzKOFL.exe

C:\Windows\System\twzKOFL.exe

C:\Windows\System\rXZoVri.exe

C:\Windows\System\rXZoVri.exe

C:\Windows\System\tYARlfd.exe

C:\Windows\System\tYARlfd.exe

C:\Windows\System\nHmiBpd.exe

C:\Windows\System\nHmiBpd.exe

C:\Windows\System\yIoOZld.exe

C:\Windows\System\yIoOZld.exe

C:\Windows\System\TPYYzTp.exe

C:\Windows\System\TPYYzTp.exe

C:\Windows\System\HDgbMSP.exe

C:\Windows\System\HDgbMSP.exe

C:\Windows\System\kzBiTZC.exe

C:\Windows\System\kzBiTZC.exe

C:\Windows\System\LEptXbM.exe

C:\Windows\System\LEptXbM.exe

C:\Windows\System\GKejlxO.exe

C:\Windows\System\GKejlxO.exe

C:\Windows\System\BWxVdah.exe

C:\Windows\System\BWxVdah.exe

C:\Windows\System\SYHWzux.exe

C:\Windows\System\SYHWzux.exe

C:\Windows\System\ZrLzRfk.exe

C:\Windows\System\ZrLzRfk.exe

C:\Windows\System\CLThNyP.exe

C:\Windows\System\CLThNyP.exe

C:\Windows\System\VqtKWLZ.exe

C:\Windows\System\VqtKWLZ.exe

C:\Windows\System\SXKtDwC.exe

C:\Windows\System\SXKtDwC.exe

C:\Windows\System\eTVZpif.exe

C:\Windows\System\eTVZpif.exe

C:\Windows\System\wvluRzY.exe

C:\Windows\System\wvluRzY.exe

C:\Windows\System\XEsjAPh.exe

C:\Windows\System\XEsjAPh.exe

C:\Windows\System\kNmCwCK.exe

C:\Windows\System\kNmCwCK.exe

C:\Windows\System\lkRngzp.exe

C:\Windows\System\lkRngzp.exe

C:\Windows\System\WUbsRMC.exe

C:\Windows\System\WUbsRMC.exe

C:\Windows\System\YsBWbCl.exe

C:\Windows\System\YsBWbCl.exe

C:\Windows\System\OYnnnoS.exe

C:\Windows\System\OYnnnoS.exe

C:\Windows\System\XKhIsjQ.exe

C:\Windows\System\XKhIsjQ.exe

C:\Windows\System\QFDiBmV.exe

C:\Windows\System\QFDiBmV.exe

C:\Windows\System\aCmNuKd.exe

C:\Windows\System\aCmNuKd.exe

C:\Windows\System\dCvjKfi.exe

C:\Windows\System\dCvjKfi.exe

C:\Windows\System\kicHSwl.exe

C:\Windows\System\kicHSwl.exe

C:\Windows\System\RIAioZd.exe

C:\Windows\System\RIAioZd.exe

C:\Windows\System\KBpHxrH.exe

C:\Windows\System\KBpHxrH.exe

C:\Windows\System\AcAAvVT.exe

C:\Windows\System\AcAAvVT.exe

C:\Windows\System\aFtkrCl.exe

C:\Windows\System\aFtkrCl.exe

C:\Windows\System\zofJFgX.exe

C:\Windows\System\zofJFgX.exe

C:\Windows\System\pNOFKqv.exe

C:\Windows\System\pNOFKqv.exe

C:\Windows\System\jkJjLSi.exe

C:\Windows\System\jkJjLSi.exe

C:\Windows\System\TfYkkpC.exe

C:\Windows\System\TfYkkpC.exe

C:\Windows\System\mZFlcHc.exe

C:\Windows\System\mZFlcHc.exe

C:\Windows\System\QtnunGn.exe

C:\Windows\System\QtnunGn.exe

C:\Windows\System\rldLEkK.exe

C:\Windows\System\rldLEkK.exe

C:\Windows\System\ZGZnQbf.exe

C:\Windows\System\ZGZnQbf.exe

C:\Windows\System\FBDDvDO.exe

C:\Windows\System\FBDDvDO.exe

C:\Windows\System\gWZSmBH.exe

C:\Windows\System\gWZSmBH.exe

C:\Windows\System\GOAQDro.exe

C:\Windows\System\GOAQDro.exe

C:\Windows\System\hxaujXR.exe

C:\Windows\System\hxaujXR.exe

C:\Windows\System\FSIrsEF.exe

C:\Windows\System\FSIrsEF.exe

C:\Windows\System\PFsfhMS.exe

C:\Windows\System\PFsfhMS.exe

C:\Windows\System\UPnVxKY.exe

C:\Windows\System\UPnVxKY.exe

C:\Windows\System\YLzeYDI.exe

C:\Windows\System\YLzeYDI.exe

C:\Windows\System\qafjlby.exe

C:\Windows\System\qafjlby.exe

C:\Windows\System\IJBgsya.exe

C:\Windows\System\IJBgsya.exe

C:\Windows\System\DqayvVx.exe

C:\Windows\System\DqayvVx.exe

C:\Windows\System\TMzUdBw.exe

C:\Windows\System\TMzUdBw.exe

C:\Windows\System\ROcvlZC.exe

C:\Windows\System\ROcvlZC.exe

C:\Windows\System\nAMEaJZ.exe

C:\Windows\System\nAMEaJZ.exe

C:\Windows\System\jPKKQhp.exe

C:\Windows\System\jPKKQhp.exe

C:\Windows\System\Djnuaot.exe

C:\Windows\System\Djnuaot.exe

C:\Windows\System\azeQpvQ.exe

C:\Windows\System\azeQpvQ.exe

C:\Windows\System\sVnnYxH.exe

C:\Windows\System\sVnnYxH.exe

C:\Windows\System\NpSjwXf.exe

C:\Windows\System\NpSjwXf.exe

C:\Windows\System\CQInQEp.exe

C:\Windows\System\CQInQEp.exe

C:\Windows\System\ToCAcST.exe

C:\Windows\System\ToCAcST.exe

C:\Windows\System\lltoHdk.exe

C:\Windows\System\lltoHdk.exe

C:\Windows\System\TFeCkir.exe

C:\Windows\System\TFeCkir.exe

C:\Windows\System\dlPByUq.exe

C:\Windows\System\dlPByUq.exe

C:\Windows\System\NgEnUTB.exe

C:\Windows\System\NgEnUTB.exe

C:\Windows\System\MgsjSBR.exe

C:\Windows\System\MgsjSBR.exe

C:\Windows\System\Wtzkfyi.exe

C:\Windows\System\Wtzkfyi.exe

C:\Windows\System\QkRMGec.exe

C:\Windows\System\QkRMGec.exe

C:\Windows\System\IuKJttb.exe

C:\Windows\System\IuKJttb.exe

C:\Windows\System\OXWAiNk.exe

C:\Windows\System\OXWAiNk.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
NL 23.62.61.57:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 57.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/3900-0-0x00007FF67E060000-0x00007FF67E3B4000-memory.dmp

memory/3900-1-0x0000015C31E30000-0x0000015C31E40000-memory.dmp

C:\Windows\System\mrMnOfw.exe

MD5 c78f8addc93b6eeb3e1cebeed7b47579
SHA1 250e012da15f815d8a8c50ea571068357eab21d3
SHA256 2f32e311e056d99eefe73098e5b0369af5aad65096aa43406dc66790c6b36d39
SHA512 19d412495cc783cedb0dbd7adaaacee078d20bec2516032b41c7edba28191800942e3911beb35de928d6c3cd08f9729a02f72b7e0f7776e9d8b3dbf61afcbd00

memory/4568-8-0x00007FF7A2B40000-0x00007FF7A2E94000-memory.dmp

C:\Windows\System\VZpIGwh.exe

MD5 75bd4d90ff34494ea2e1b67a169f9ffa
SHA1 30a32845e86fd7d5b460da4894c9f5f34d8a2633
SHA256 60c9dea9e1d1ad9dd1b629b88a635ee2f419a37d6217826d7236cc218123e31c
SHA512 415e304743d26042ae1098812b15243eb75c57418e743c6354db369685a2d0c09bd50bc8032d44da8bdaccef3da73b54f612a16ddebcf569b0c62a30ec2673ee

C:\Windows\System\dQIfZWC.exe

MD5 5203400a2609740a86fab6e15e92c943
SHA1 bac9935fe3180e1d91190e59dee32ad79075506b
SHA256 ebef40a8b61531ec98dd9a58eafb60cc113c390ce85ba9a1a7ba6f491eaad18d
SHA512 8dc46edf29472a4b44175cc3fd611924d2f149272d8e8db828b091f397467b15e9118f4c9e67fcaf6a7d16e78cd88afc1aecbcdcdc4da99fa6fd3dcac48d5745

C:\Windows\System\HpWOXIk.exe

MD5 582c35764fc6760f575a504cce1d0648
SHA1 4edbb334cc080fb60584eaee8a849d026a8f2ee3
SHA256 3708323c6b3eb5324e9386334b9aac73d7ecb2cba506194436fee858b6dda105
SHA512 242762336902e84a869b5826a5e2f46d5b133ad4df7c115c821c1975dac4e32dfa8a565b9b5cd016cd4957aa5a27e95ea8e5029ec5be7518b695ca1def484f33

C:\Windows\System\uNbyylM.exe

MD5 2bc96f0ed066e9d8bbb582c57fbd3814
SHA1 d5c2155c4376dab9d37f154430d9c13b00676895
SHA256 1e932ba0c6fe861c3e8a31337c595bcb76a0375c9d16e5a3103a02b767198f16
SHA512 5a27fc6cd26a8ed9c6db7c500d2bd57144bab2e25fa96073ee9ec2bcaf643d0255bc0c340aa9958c91c265fcd4bbb729965797e82bf3ed048e8d7e06c4b41e00

C:\Windows\System\JRootCo.exe

MD5 a6aa6340c18fefc3f9d21f8ed5ec1ad1
SHA1 70822d243af5ccc35812595194ac001633b7056f
SHA256 184d08ba30ee9399f98426679a4f655badb19d6fb44f6ea35a10ab5613fcfb38
SHA512 e7b3b35ca571bcb258e9bd8135398e76742adfbc935746a89193a60f6e7b03d7aa066168ab06126ac4085defdff0cb0b934ab595af50b4f31e8a9bd5c0410e73

C:\Windows\System\EpVMaSj.exe

MD5 581e4b8dfe4fa7899a064112cfddd7b4
SHA1 241e8bef79ca6d18c718b01df433a13a819a5c34
SHA256 8875b525fb07700dc3e3c4cb3909311f7122729095948b3509d8aa40a70fe49a
SHA512 5b05e6584bdcbbd9682879d1b41e646d7470885f7145cf1fd06ece9b7204ab89230753be184304a5a582b90eaf913f0fc7003990c90da28fe2734de808759a49

C:\Windows\System\SeuFNpd.exe

MD5 c26559567b08934b72de1722723dd028
SHA1 f6778eae7a689db5ee9ec82ba809d2c6536d9a33
SHA256 0b78af143694faa5f16172bc2b0881472907391a98da8e6a6d49846d81e71932
SHA512 85e2b5d401c71fa682a1e3abc9624776a70655a9dbca33940737b0730e9adf1b81392b3cd13e21bff0879e3491f5bae1640d4dbe80894eaea1696f34f3fe8d68

memory/1804-730-0x00007FF741AC0000-0x00007FF741E14000-memory.dmp

memory/1724-731-0x00007FF76D9F0000-0x00007FF76DD44000-memory.dmp

memory/1404-732-0x00007FF65A9F0000-0x00007FF65AD44000-memory.dmp

memory/5024-733-0x00007FF64AED0000-0x00007FF64B224000-memory.dmp

C:\Windows\System\pVUwqjp.exe

MD5 bee819e06f32741b7a919f0342d63a14
SHA1 b70018c79d27dda5037a316c4ef88a21a8cc9491
SHA256 968036dbaee2d59edad102d2c4bdd2e55297dec71476d2ab2e21f6dc8c29318b
SHA512 578b5ad9bd1fbe1d03f72fd8f18c0b7da0b18363d3b36d0747b0ee109b525d9a271291bcb3638c9c1de1c7696ffdecbce308563945950b42a565f82107a3a98b

C:\Windows\System\peUEJpX.exe

MD5 ad53a482e3e68d17159a19890fccf46e
SHA1 32b103e1ae854c5506e00d1b6846a5fe790c24a6
SHA256 1a2edd2bc0e7064869781baaf0b68e3222fe9d8dbd8597745a289125ddb53ca1
SHA512 b1f92701e63773bf5fe5fcef4791329f3efa40adc83ee2adf6d4407f046f5fa607c021ef5a20aed0a648cc717fec724d4baece812ad5db7af76f0741e657cdbb

C:\Windows\System\PBSqChy.exe

MD5 996fabc41232f02b85d385f8946cc5d1
SHA1 a6997de39119599260e8a947ee6758b343268b29
SHA256 8efdd062c3e739499157a3215db5d26a32e79d42bdf984b7b80ee12f473d7d93
SHA512 89b7baa794d74245258bbd3b654da295bc131007646388772c89b4653b038624f612977aff75a38ec2ed95e3d548d33f827ec75125e9a2198673e7d20bcbc0ba

C:\Windows\System\MpEZgLQ.exe

MD5 61dccd0f77f94a7763c0d524ddf5ba57
SHA1 d75ab8897531490c4b5c4d80efb778ef2b75c297
SHA256 1296bcc99a104af528709947a1a47c1b77bc3a06d87f2de4e6081d5bec441f91
SHA512 5bbaf71f93c872f79879de96cef50e12ccc510f63159eff08d81003e0aa118c223c172450d8696c41689330202f970d3f9e05086d5f909743eb92cc691bd4c42

C:\Windows\System\cCrRkBh.exe

MD5 5c7a156d609fedaba7ac431b5cb9f948
SHA1 a46ab0c2ee1298a6f67f6e04bf079641ecdb7561
SHA256 a006a0e36c194d5859a8673364cead5f47908418aaf870dfe4d6e593b1c88c22
SHA512 f9d3442402070214c7388c1d21e744712f8087bc7055f267a5ea3b8d13826920dc90a3d5d743f5742c421bc46d0b8ca15f60bd2be65d4141bddf858cbd7525aa

C:\Windows\System\ZxKulla.exe

MD5 165305bf3bb065e99bf319716ba74b19
SHA1 531ef3b1ee39ff929cbabbba84a0f5376bbea657
SHA256 bbed842d35dd537388204651180d0a1726c374dd515634b7222838b7a63ccdf0
SHA512 69335d2adbf19440c4e736471e219ebd1f2bad4f55883441f1e1d3e19e595430106cc19ded03cb76aa4949557efedd2be680e15738b1fac05b925218e0a9dbeb

C:\Windows\System\WwOZpmW.exe

MD5 658732c0df5362b8e9797175e649580f
SHA1 d43af3c64ed50eef173db796e62cbf5dcb18b385
SHA256 743efd39a515adedf98009f87ce911921b0f3aa06ee4ab28e81e7707f25aeeb9
SHA512 99c897283fedc0e1827b836bdc4826edc341d2aadbfef69c2b6d4330db9c47f3ab1bc9234646b2dc08b3c1eb7c33fe086685a55bcf0f01a526d9ae6960859927

C:\Windows\System\qdCBNPb.exe

MD5 53e2333f9f7b6a3841913ff797da6f9b
SHA1 dd981b5a3dc602dfe4a33cb49b9a8e3006736ec2
SHA256 d4cecf336dd4eb4eb83a7e003096503d477ad718e95f8d7f66e0fb3759390e41
SHA512 ab8b38155c516378a723e10b4946d3d5745ba01162645c8c573cbb41e338e42d08db9fd08200b22014567e6537988e49aa7adbc44a4ba9ffd7f6fc408d8d0d9e

C:\Windows\System\FyINZLa.exe

MD5 db43f62c58eaae10bd585a3266eb2328
SHA1 9fa15cebf29c24dfd7d92d851dc5f82c7152bb51
SHA256 b9259376861fd83a431d5915528d0cb99c5b4eed02020dc40e2ea874d3af187c
SHA512 2fe39788a4c367ed291bf48e0b7f361cd8d10f98a1b3b102c3459a08a4b1e8055f007a2140c4ac71528b16ab2461bda338f374cc40bb9ee6630f01532a7d38c8

C:\Windows\System\sJufnjl.exe

MD5 7cc327d72f2fb4798337d6394dc13c9d
SHA1 b4fc7315147c108d17c5278f5ab4ca541c96d9c9
SHA256 0d50e9852c621cd0215a38838f9e99d3c560bf090b8e96d553b3e597e2b8df8c
SHA512 26391c5bdeaecf03c6c0eaf63dbec3bf0a2ebd0926ce8a9f413b8935539b60640ce9fb143dabfa4704e6c487c91e171130820d93a4530740bcf15bdd23c2475e

C:\Windows\System\akbpTDp.exe

MD5 49c22ae8e0b8d51606c9099bd4189540
SHA1 05c8e7cf7d259a08464491a8808b2922c2c727f3
SHA256 24e5a4d96c2681b95ca520ac6bfa881775c68f46d507646656dc4be0b0500b37
SHA512 ced771d551a5a6bd93f6aed62f57e029bb84d7e4f9cf08699faab27f22913e26ac36e3fc2b362e03184dd4254a824804a4c50b2f8cad682c487b2379e172213f

C:\Windows\System\GRxuXGb.exe

MD5 d91b902b278bae14373e38a2653c5b53
SHA1 88866a3e3f58d6f74f73534b601817c48dc9625c
SHA256 9f121df0cc8fd7c9c73d3a85733389322f422fd398aaa5aa589049461c143f27
SHA512 b167ed7b1283f216fab3bd92de6d8e81d642455637c8f98af5aeb46bef4c75b95ab0113ec94eccada50bccbb185ac4ee51d0a395003d2b3208ee37a41e8fd82f

C:\Windows\System\TCUAEbL.exe

MD5 8b245d68b75386683bfd06782bb61154
SHA1 d5a149cce97956e748689a26ebc473e9c6ff1e29
SHA256 2ce32fd11dc2a9a7dea7c84ee0f7e6b32b7966a90a89ca3f46d22403b549c287
SHA512 99aff0693779559fbf844778e1e80b3c6adb579daa318088c81546729804a0592045c6031066cd7ef7ab03b6e2be8941ebf62b83b4d62f5750dd81eac21aac9d

C:\Windows\System\UFDlcDj.exe

MD5 a731206d058696eb222259793f57d37f
SHA1 558d9a75a206a057ee499ffe2f82a57f3aa4c429
SHA256 ae1db9c4a8f6d9a31803e9079054f92479336a3508dedd6baf1061f97a813d0a
SHA512 185fb1cd7e12435e950fed08cc566c363db75a249f64785d3223fa6925af4a966b08d648de8df68ce94b508f48447e22dd8429077efec5bc33b2f36c2cd4a3fd

C:\Windows\System\cxrHagk.exe

MD5 688ba81335c49bd970a284a6be1190c3
SHA1 72f8226e7f02c5591ff0c16f3812b80514038463
SHA256 7b43096130836e71f35d772ebc0844d4c7514968e7d1c1133453f44b1d8926f6
SHA512 3e5d5bee413f2e4c6126b4d4d9a72fe833f9b50ce1cc983b467774820733b087b0581c6288345e494bd68806ba81610cd73ff32aa7763c5931e767b69fc78caf

C:\Windows\System\Lajzrrc.exe

MD5 b09dfd40254cb4264d55c0cf11c6ed07
SHA1 c1aaa8a32d582afa0163980c1fc8d88b79adc116
SHA256 78c1dcfb3a342d320f92a229ee0514274f5cddb7749f4bfec95739ef6124d86c
SHA512 aebb7add254c7b7441141ada046fd7dddfdd0ffc50052d5fa5b88455ad423b8aa38a0b42357891c734ac8af0b6a9e1d73403e6159ea3a88cda039fe31ae013d4

C:\Windows\System\yutgOlc.exe

MD5 d213289a7f759125c5fc25ee3f7571fe
SHA1 d23e626250a41d608acf506adae01aa823ec2d94
SHA256 5a7d0d2aedd67559d35d37303ebf4abd99b65e5a5ad7c7590879c3a2ca2a9405
SHA512 6baa813a3b95d4f90422e30735f2d82e34868d062a166be712cec18e71bd679ab986fe17d663da71498efb5af950d5153c94ba466f9b6e7b14b0157a901c7077

C:\Windows\System\NTDFROn.exe

MD5 cd260942aeda29ee56555ff9db8b6553
SHA1 de0b86c78e68f83b656521ba18debd0ec8e47520
SHA256 8f7dab5993e64645870dce1ebb0083fcd597908913c70c8f4432b6c292777bc7
SHA512 c9b96b4026c4eb86d8df245b512a2741f3037b5d7add537772dc51c0d1ce6be75639008ab3c0db16fd6aab69663b8e81dc36a03be3e04e58f3b6bbe47fa08fa1

C:\Windows\System\WknDaTk.exe

MD5 0013e764cd1f477121750cc77ced46b3
SHA1 a2908f64f062341cfaf782515ae3b93ca2436b13
SHA256 9c1ceada5be3d35bc13c151e9987dc6e4a9dd373d7b61fd209c9ddcc372df52f
SHA512 7bc55307f40c59f2aab522ec51dae4d2fe0b5d5a0f39b00e31bc18adf50d2355344f55ae382fcabd0281d8dec215dbeea32ae3ac8d8c80b4b079a7c9c216326a

C:\Windows\System\GHAczAk.exe

MD5 2fe83c41c58ee88a29e954ffcd60bc3c
SHA1 31c6bc4984a37a112d114141ad3ae45955989ca5
SHA256 6aa82a8a42f76e7241cac4b0bd0ecf18574cb8e40ceca2768a612938cb799579
SHA512 86993dd918475ee02fdee3b0eaa796cc0ec694b7bdd01431954d1aa6d1c2a81ce84decdfc43993f9dae667303f9fe12c58281866909b2096d16b1326b00eaf41

C:\Windows\System\EKabxIS.exe

MD5 3cd55e4f5532ec686b461a066bc2610d
SHA1 eaff2e0f7a7e1599e0f3a3d17be6b76a89cfe977
SHA256 99e9055e36c8945ea8d5dc54c95fee2c099d7bff89b16bcec09b18d8f550d01c
SHA512 2846540202b61a03a16228335e216179918a339996e3724afb627bf469b59d924d0cc474659b59b71b1febcb04e4c75e0cddb00e11e5ff3e6e9f86f43c59a3a9

C:\Windows\System\OKlUlRx.exe

MD5 0b72c06bd2c555ee28facf1489d1a4d5
SHA1 c703f8d4695e417731e9c65a9e1d41c979624359
SHA256 d4ba4eae8dbe3f124133ce187e5435c1a02b61027741b0c51d02e0f0dbb040f3
SHA512 e811c7e434ee05e502c7abac59e4bc117a7b032586c2de91836d40584d8f837c38ebfb992c52b070e05795d3ceae3d3d63bfebac6e781c074110df4da6a8d711

C:\Windows\System\HvlJKdt.exe

MD5 ef01e6b42d6a23865936ae66c497ed6d
SHA1 dd1168b76e31b04e8e1da8c6d9f66e17fa4c3306
SHA256 ee4cc7787b1fa113ba4c9e142c0ebedaade88a432c3dfdd83dd9013e6197c21f
SHA512 6bb35f773ce7bd0847710b7c69e5d27fff3d038dc3da426e6972661a5797a3581733522f3eb70b06ef88ff06e62c60eb1e17e5c2fb700d2ac0aef376455f0ce7

C:\Windows\System\NcVqpje.exe

MD5 4eac02a86ff5bbdf9be33822857aa132
SHA1 46bf4ea8734d5645201f8ffc4cb5e0eaa188cf93
SHA256 24fc125fa7e7e08ba3e51d718de31c3cc4a1b8627f9d1bc03a7c7012658eda31
SHA512 ebcb77c59db15efc5a5474c3d8e2cdc86cf57aa4e8fb3e0a75a62bf19b8de385ec6696574313c17ce28842b8b27648674d5cc540bb6b55da648d7abbd2055824

memory/3400-30-0x00007FF640930000-0x00007FF640C84000-memory.dmp

C:\Windows\System\tSoeZSb.exe

MD5 97527e6a29d2e62bf26e3aba9534ea24
SHA1 13036a0020d46202f7d9dd5558f7e5d1ff26cac1
SHA256 fdaad397eb44f5ac352fe6357665026e4a9f5fcb9883cb849a2c7bafcc594811
SHA512 2047700241cc824550ec1482fa70e0bafb4277eb657ca0b931f3d2ab7fb65007085fc0117e0f3073566d1ccaccbf21d4593488421d6221ae654459726a7e695e

memory/2184-734-0x00007FF6F91D0000-0x00007FF6F9524000-memory.dmp

memory/1356-735-0x00007FF653E10000-0x00007FF654164000-memory.dmp

memory/540-736-0x00007FF676130000-0x00007FF676484000-memory.dmp

memory/1944-737-0x00007FF794780000-0x00007FF794AD4000-memory.dmp

memory/1352-738-0x00007FF6978A0000-0x00007FF697BF4000-memory.dmp

memory/3124-744-0x00007FF782570000-0x00007FF7828C4000-memory.dmp

memory/760-753-0x00007FF6D2590000-0x00007FF6D28E4000-memory.dmp

memory/4404-759-0x00007FF79B6D0000-0x00007FF79BA24000-memory.dmp

memory/2216-770-0x00007FF65B880000-0x00007FF65BBD4000-memory.dmp

memory/1592-771-0x00007FF7CD860000-0x00007FF7CDBB4000-memory.dmp

memory/2124-788-0x00007FF782EB0000-0x00007FF783204000-memory.dmp

memory/3804-793-0x00007FF773400000-0x00007FF773754000-memory.dmp

memory/4452-809-0x00007FF71FFD0000-0x00007FF720324000-memory.dmp

memory/1984-810-0x00007FF6AF920000-0x00007FF6AFC74000-memory.dmp

memory/2560-806-0x00007FF676A60000-0x00007FF676DB4000-memory.dmp

memory/5016-801-0x00007FF799410000-0x00007FF799764000-memory.dmp

memory/652-800-0x00007FF7CA1A0000-0x00007FF7CA4F4000-memory.dmp

memory/1544-781-0x00007FF6A5710000-0x00007FF6A5A64000-memory.dmp

memory/4104-780-0x00007FF769620000-0x00007FF769974000-memory.dmp

memory/1308-776-0x00007FF67B050000-0x00007FF67B3A4000-memory.dmp

memory/2188-764-0x00007FF793D60000-0x00007FF7940B4000-memory.dmp

memory/396-747-0x00007FF64A7F0000-0x00007FF64AB44000-memory.dmp

memory/4600-739-0x00007FF6C5470000-0x00007FF6C57C4000-memory.dmp

memory/3900-2149-0x00007FF67E060000-0x00007FF67E3B4000-memory.dmp

memory/4568-2150-0x00007FF7A2B40000-0x00007FF7A2E94000-memory.dmp

memory/3400-2151-0x00007FF640930000-0x00007FF640C84000-memory.dmp

memory/4568-2156-0x00007FF7A2B40000-0x00007FF7A2E94000-memory.dmp

memory/3400-2157-0x00007FF640930000-0x00007FF640C84000-memory.dmp

memory/1804-2158-0x00007FF741AC0000-0x00007FF741E14000-memory.dmp

memory/4452-2159-0x00007FF71FFD0000-0x00007FF720324000-memory.dmp

memory/1724-2160-0x00007FF76D9F0000-0x00007FF76DD44000-memory.dmp

memory/2184-2164-0x00007FF6F91D0000-0x00007FF6F9524000-memory.dmp

memory/1356-2165-0x00007FF653E10000-0x00007FF654164000-memory.dmp

memory/1984-2163-0x00007FF6AF920000-0x00007FF6AFC74000-memory.dmp

memory/540-2166-0x00007FF676130000-0x00007FF676484000-memory.dmp

memory/4404-2172-0x00007FF79B6D0000-0x00007FF79BA24000-memory.dmp

memory/2188-2174-0x00007FF793D60000-0x00007FF7940B4000-memory.dmp

memory/2216-2175-0x00007FF65B880000-0x00007FF65BBD4000-memory.dmp

memory/1308-2177-0x00007FF67B050000-0x00007FF67B3A4000-memory.dmp

memory/4104-2178-0x00007FF769620000-0x00007FF769974000-memory.dmp

memory/2560-2184-0x00007FF676A60000-0x00007FF676DB4000-memory.dmp

memory/5016-2183-0x00007FF799410000-0x00007FF799764000-memory.dmp

memory/3804-2182-0x00007FF773400000-0x00007FF773754000-memory.dmp

memory/652-2181-0x00007FF7CA1A0000-0x00007FF7CA4F4000-memory.dmp

memory/1544-2180-0x00007FF6A5710000-0x00007FF6A5A64000-memory.dmp

memory/2124-2179-0x00007FF782EB0000-0x00007FF783204000-memory.dmp

memory/1592-2176-0x00007FF7CD860000-0x00007FF7CDBB4000-memory.dmp

memory/760-2173-0x00007FF6D2590000-0x00007FF6D28E4000-memory.dmp

memory/396-2171-0x00007FF64A7F0000-0x00007FF64AB44000-memory.dmp

memory/3124-2170-0x00007FF782570000-0x00007FF7828C4000-memory.dmp

memory/1352-2169-0x00007FF6978A0000-0x00007FF697BF4000-memory.dmp

memory/4600-2168-0x00007FF6C5470000-0x00007FF6C57C4000-memory.dmp

memory/1944-2167-0x00007FF794780000-0x00007FF794AD4000-memory.dmp

memory/1404-2162-0x00007FF65A9F0000-0x00007FF65AD44000-memory.dmp

memory/5024-2161-0x00007FF64AED0000-0x00007FF64B224000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133608851343539538.txt.~tmp

MD5 ce88a108043a3d69e5325754ba9c7181
SHA1 c64f06b8081f5ec0ae7c0e1fe7b0f248aa6550c4
SHA256 b2552766ebb3469549cea5b6b609077fa6e38c000eba6befadfd275e11a8095e
SHA512 cb5e53fb1520b68178ad465cde801ed779521b843de44f894fc8fdbd071f33f663a60f570b134ff0996bf407ef9ecee72810b16dd9276469e6b0efb5d5c85829

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\U23Z080G\microsoft.windows[1].xml

MD5 292a283bdecf4cd89c3ad863a28bc72f
SHA1 18e896fec5f8b3ea2963d0a5cb45a244050c35c1
SHA256 09794c6006f357000111d7d13c1c20075eaea58f68df78e118d14b4547835ec2
SHA512 71349774dcf41cd9e72c881cd374ffaf2527b2156a616cc064f10f34e7bbf0ea6174916acb2b8b06428f2b2f29315359e66dde317965463ea1eb70fef52beaaa