Malware Analysis Report

2025-01-06 15:43

Sample ID 240525-td4svahg41
Target 8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe
SHA256 f00ae21ad9e75685e6fcdb7de62b6064bcded0ca70c2cd0348d993f6e348eb3c
Tags
upx miner xmrig persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f00ae21ad9e75685e6fcdb7de62b6064bcded0ca70c2cd0348d993f6e348eb3c

Threat Level: Known bad

The file 8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig persistence

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Modifies Installed Components in the registry

Executes dropped EXE

Loads dropped DLL

UPX packed file

Enumerates connected drives

Drops file in Windows directory

Unsigned PE

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 15:57

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 15:57

Reported

2024-05-25 15:59

Platform

win7-20240508-en

Max time kernel

147s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\CNuhKWO.exe N/A
N/A N/A C:\Windows\System\hWdjKZA.exe N/A
N/A N/A C:\Windows\System\egeouCV.exe N/A
N/A N/A C:\Windows\System\EhOLmBy.exe N/A
N/A N/A C:\Windows\System\FjjXQNz.exe N/A
N/A N/A C:\Windows\System\uJEBrhB.exe N/A
N/A N/A C:\Windows\System\KWwiScw.exe N/A
N/A N/A C:\Windows\System\vWuhVnd.exe N/A
N/A N/A C:\Windows\System\JLItHkK.exe N/A
N/A N/A C:\Windows\System\QqVuPay.exe N/A
N/A N/A C:\Windows\System\aCLKNeu.exe N/A
N/A N/A C:\Windows\System\ZbfOoFl.exe N/A
N/A N/A C:\Windows\System\dLNgqVV.exe N/A
N/A N/A C:\Windows\System\xivNONv.exe N/A
N/A N/A C:\Windows\System\mmLuxie.exe N/A
N/A N/A C:\Windows\System\hyPDOMt.exe N/A
N/A N/A C:\Windows\System\rRGDTqT.exe N/A
N/A N/A C:\Windows\System\pDZBIpA.exe N/A
N/A N/A C:\Windows\System\ugGEcVZ.exe N/A
N/A N/A C:\Windows\System\LwgGFaS.exe N/A
N/A N/A C:\Windows\System\kJOPwVQ.exe N/A
N/A N/A C:\Windows\System\hefSqYg.exe N/A
N/A N/A C:\Windows\System\EVpIyAc.exe N/A
N/A N/A C:\Windows\System\FwNEHSm.exe N/A
N/A N/A C:\Windows\System\ZOSQDlv.exe N/A
N/A N/A C:\Windows\System\HtJlynD.exe N/A
N/A N/A C:\Windows\System\XhzlYrv.exe N/A
N/A N/A C:\Windows\System\xQAuuCt.exe N/A
N/A N/A C:\Windows\System\tLjWigs.exe N/A
N/A N/A C:\Windows\System\zqICtNP.exe N/A
N/A N/A C:\Windows\System\kmXycQs.exe N/A
N/A N/A C:\Windows\System\JXgMusL.exe N/A
N/A N/A C:\Windows\System\LBYNlVc.exe N/A
N/A N/A C:\Windows\System\WHJVhYc.exe N/A
N/A N/A C:\Windows\System\DVxpxlk.exe N/A
N/A N/A C:\Windows\System\Yirvpus.exe N/A
N/A N/A C:\Windows\System\GVYXygZ.exe N/A
N/A N/A C:\Windows\System\FfDhKVq.exe N/A
N/A N/A C:\Windows\System\GShxxtq.exe N/A
N/A N/A C:\Windows\System\YaxrYiY.exe N/A
N/A N/A C:\Windows\System\qWXlmeL.exe N/A
N/A N/A C:\Windows\System\aYJWeEy.exe N/A
N/A N/A C:\Windows\System\FLuUOhP.exe N/A
N/A N/A C:\Windows\System\JJtfsRv.exe N/A
N/A N/A C:\Windows\System\eBMyqmY.exe N/A
N/A N/A C:\Windows\System\qrrXbNQ.exe N/A
N/A N/A C:\Windows\System\MvHoQys.exe N/A
N/A N/A C:\Windows\System\SGaiIma.exe N/A
N/A N/A C:\Windows\System\QqbjnzR.exe N/A
N/A N/A C:\Windows\System\PPdGTwR.exe N/A
N/A N/A C:\Windows\System\KJzotAB.exe N/A
N/A N/A C:\Windows\System\QjOjrSh.exe N/A
N/A N/A C:\Windows\System\TheqIUU.exe N/A
N/A N/A C:\Windows\System\MVOZDyu.exe N/A
N/A N/A C:\Windows\System\eSdUxks.exe N/A
N/A N/A C:\Windows\System\UKgVuwO.exe N/A
N/A N/A C:\Windows\System\qVJCFFB.exe N/A
N/A N/A C:\Windows\System\EUqKmCh.exe N/A
N/A N/A C:\Windows\System\mnOZepv.exe N/A
N/A N/A C:\Windows\System\PaLQrTG.exe N/A
N/A N/A C:\Windows\System\nsFtTUL.exe N/A
N/A N/A C:\Windows\System\yJxpark.exe N/A
N/A N/A C:\Windows\System\WQTnfdX.exe N/A
N/A N/A C:\Windows\System\VgtvhFo.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\PawJlGq.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\HYGhdCS.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\vVzSqXK.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\zdXghir.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\YsQPBpL.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\mAJLUml.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbqucxx.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\lUXhOVY.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\OvmZNwo.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\qBBdgvT.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\jARASQI.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\KrMNumn.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\llcJiyy.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQzPFZR.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRPORDi.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\mxhPnBU.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\bpGZaAj.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\vSnPtxC.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\EzXOMur.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\bAJGhaD.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvhqIWL.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\OIBNkvV.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\ELxmdcn.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\xiZkUVk.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\UWZdAfZ.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\CiJFkTj.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\gKVaNwc.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\wtWHzMP.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBWOyou.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\nRgqSaG.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\QQGzcuL.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\Jddofjo.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWDlbjS.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\hyPDOMt.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoCOYno.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\QomaPPM.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMnWhfE.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\GefVOFR.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\HNOTIww.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjijsBx.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\QxkPABx.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\eBHxgNW.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\whwtwyG.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFuBimJ.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObHVynb.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzdbeSe.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\cjRZaXj.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\TkHpnSP.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\osjJUAf.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\DVGVvCC.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\SXNEQIT.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\jUwTrez.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\GcozKiD.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\EfRANCf.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\ifjbVrk.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfpBEaV.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\KTcPKzU.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\UmfWxXY.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\fAYYFNG.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrYQGpw.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZufzDkC.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\iblXyDc.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\rkHVkPw.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\vIfJZhG.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2124 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\CNuhKWO.exe
PID 2124 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\CNuhKWO.exe
PID 2124 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\CNuhKWO.exe
PID 2124 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\hWdjKZA.exe
PID 2124 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\hWdjKZA.exe
PID 2124 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\hWdjKZA.exe
PID 2124 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\egeouCV.exe
PID 2124 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\egeouCV.exe
PID 2124 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\egeouCV.exe
PID 2124 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\EhOLmBy.exe
PID 2124 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\EhOLmBy.exe
PID 2124 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\EhOLmBy.exe
PID 2124 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\FjjXQNz.exe
PID 2124 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\FjjXQNz.exe
PID 2124 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\FjjXQNz.exe
PID 2124 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\uJEBrhB.exe
PID 2124 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\uJEBrhB.exe
PID 2124 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\uJEBrhB.exe
PID 2124 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\KWwiScw.exe
PID 2124 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\KWwiScw.exe
PID 2124 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\KWwiScw.exe
PID 2124 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\vWuhVnd.exe
PID 2124 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\vWuhVnd.exe
PID 2124 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\vWuhVnd.exe
PID 2124 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\JLItHkK.exe
PID 2124 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\JLItHkK.exe
PID 2124 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\JLItHkK.exe
PID 2124 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\QqVuPay.exe
PID 2124 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\QqVuPay.exe
PID 2124 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\QqVuPay.exe
PID 2124 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ZbfOoFl.exe
PID 2124 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ZbfOoFl.exe
PID 2124 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ZbfOoFl.exe
PID 2124 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\aCLKNeu.exe
PID 2124 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\aCLKNeu.exe
PID 2124 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\aCLKNeu.exe
PID 2124 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\mmLuxie.exe
PID 2124 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\mmLuxie.exe
PID 2124 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\mmLuxie.exe
PID 2124 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\dLNgqVV.exe
PID 2124 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\dLNgqVV.exe
PID 2124 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\dLNgqVV.exe
PID 2124 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\hyPDOMt.exe
PID 2124 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\hyPDOMt.exe
PID 2124 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\hyPDOMt.exe
PID 2124 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\xivNONv.exe
PID 2124 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\xivNONv.exe
PID 2124 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\xivNONv.exe
PID 2124 wrote to memory of 296 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\rRGDTqT.exe
PID 2124 wrote to memory of 296 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\rRGDTqT.exe
PID 2124 wrote to memory of 296 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\rRGDTqT.exe
PID 2124 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\pDZBIpA.exe
PID 2124 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\pDZBIpA.exe
PID 2124 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\pDZBIpA.exe
PID 2124 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ugGEcVZ.exe
PID 2124 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ugGEcVZ.exe
PID 2124 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ugGEcVZ.exe
PID 2124 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\LwgGFaS.exe
PID 2124 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\LwgGFaS.exe
PID 2124 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\LwgGFaS.exe
PID 2124 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\kJOPwVQ.exe
PID 2124 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\kJOPwVQ.exe
PID 2124 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\kJOPwVQ.exe
PID 2124 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\hefSqYg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe"

C:\Windows\System\CNuhKWO.exe

C:\Windows\System\CNuhKWO.exe

C:\Windows\System\hWdjKZA.exe

C:\Windows\System\hWdjKZA.exe

C:\Windows\System\egeouCV.exe

C:\Windows\System\egeouCV.exe

C:\Windows\System\EhOLmBy.exe

C:\Windows\System\EhOLmBy.exe

C:\Windows\System\FjjXQNz.exe

C:\Windows\System\FjjXQNz.exe

C:\Windows\System\uJEBrhB.exe

C:\Windows\System\uJEBrhB.exe

C:\Windows\System\KWwiScw.exe

C:\Windows\System\KWwiScw.exe

C:\Windows\System\vWuhVnd.exe

C:\Windows\System\vWuhVnd.exe

C:\Windows\System\JLItHkK.exe

C:\Windows\System\JLItHkK.exe

C:\Windows\System\QqVuPay.exe

C:\Windows\System\QqVuPay.exe

C:\Windows\System\ZbfOoFl.exe

C:\Windows\System\ZbfOoFl.exe

C:\Windows\System\aCLKNeu.exe

C:\Windows\System\aCLKNeu.exe

C:\Windows\System\mmLuxie.exe

C:\Windows\System\mmLuxie.exe

C:\Windows\System\dLNgqVV.exe

C:\Windows\System\dLNgqVV.exe

C:\Windows\System\hyPDOMt.exe

C:\Windows\System\hyPDOMt.exe

C:\Windows\System\xivNONv.exe

C:\Windows\System\xivNONv.exe

C:\Windows\System\rRGDTqT.exe

C:\Windows\System\rRGDTqT.exe

C:\Windows\System\pDZBIpA.exe

C:\Windows\System\pDZBIpA.exe

C:\Windows\System\ugGEcVZ.exe

C:\Windows\System\ugGEcVZ.exe

C:\Windows\System\LwgGFaS.exe

C:\Windows\System\LwgGFaS.exe

C:\Windows\System\kJOPwVQ.exe

C:\Windows\System\kJOPwVQ.exe

C:\Windows\System\hefSqYg.exe

C:\Windows\System\hefSqYg.exe

C:\Windows\System\EVpIyAc.exe

C:\Windows\System\EVpIyAc.exe

C:\Windows\System\FwNEHSm.exe

C:\Windows\System\FwNEHSm.exe

C:\Windows\System\ZOSQDlv.exe

C:\Windows\System\ZOSQDlv.exe

C:\Windows\System\HtJlynD.exe

C:\Windows\System\HtJlynD.exe

C:\Windows\System\XhzlYrv.exe

C:\Windows\System\XhzlYrv.exe

C:\Windows\System\xQAuuCt.exe

C:\Windows\System\xQAuuCt.exe

C:\Windows\System\tLjWigs.exe

C:\Windows\System\tLjWigs.exe

C:\Windows\System\zqICtNP.exe

C:\Windows\System\zqICtNP.exe

C:\Windows\System\kmXycQs.exe

C:\Windows\System\kmXycQs.exe

C:\Windows\System\JXgMusL.exe

C:\Windows\System\JXgMusL.exe

C:\Windows\System\LBYNlVc.exe

C:\Windows\System\LBYNlVc.exe

C:\Windows\System\WHJVhYc.exe

C:\Windows\System\WHJVhYc.exe

C:\Windows\System\DVxpxlk.exe

C:\Windows\System\DVxpxlk.exe

C:\Windows\System\Yirvpus.exe

C:\Windows\System\Yirvpus.exe

C:\Windows\System\GVYXygZ.exe

C:\Windows\System\GVYXygZ.exe

C:\Windows\System\FfDhKVq.exe

C:\Windows\System\FfDhKVq.exe

C:\Windows\System\GShxxtq.exe

C:\Windows\System\GShxxtq.exe

C:\Windows\System\YaxrYiY.exe

C:\Windows\System\YaxrYiY.exe

C:\Windows\System\qWXlmeL.exe

C:\Windows\System\qWXlmeL.exe

C:\Windows\System\aYJWeEy.exe

C:\Windows\System\aYJWeEy.exe

C:\Windows\System\FLuUOhP.exe

C:\Windows\System\FLuUOhP.exe

C:\Windows\System\JJtfsRv.exe

C:\Windows\System\JJtfsRv.exe

C:\Windows\System\eBMyqmY.exe

C:\Windows\System\eBMyqmY.exe

C:\Windows\System\qrrXbNQ.exe

C:\Windows\System\qrrXbNQ.exe

C:\Windows\System\MvHoQys.exe

C:\Windows\System\MvHoQys.exe

C:\Windows\System\SGaiIma.exe

C:\Windows\System\SGaiIma.exe

C:\Windows\System\QqbjnzR.exe

C:\Windows\System\QqbjnzR.exe

C:\Windows\System\PPdGTwR.exe

C:\Windows\System\PPdGTwR.exe

C:\Windows\System\KJzotAB.exe

C:\Windows\System\KJzotAB.exe

C:\Windows\System\QjOjrSh.exe

C:\Windows\System\QjOjrSh.exe

C:\Windows\System\TheqIUU.exe

C:\Windows\System\TheqIUU.exe

C:\Windows\System\MVOZDyu.exe

C:\Windows\System\MVOZDyu.exe

C:\Windows\System\eSdUxks.exe

C:\Windows\System\eSdUxks.exe

C:\Windows\System\UKgVuwO.exe

C:\Windows\System\UKgVuwO.exe

C:\Windows\System\qVJCFFB.exe

C:\Windows\System\qVJCFFB.exe

C:\Windows\System\EUqKmCh.exe

C:\Windows\System\EUqKmCh.exe

C:\Windows\System\mnOZepv.exe

C:\Windows\System\mnOZepv.exe

C:\Windows\System\PaLQrTG.exe

C:\Windows\System\PaLQrTG.exe

C:\Windows\System\nsFtTUL.exe

C:\Windows\System\nsFtTUL.exe

C:\Windows\System\yJxpark.exe

C:\Windows\System\yJxpark.exe

C:\Windows\System\WQTnfdX.exe

C:\Windows\System\WQTnfdX.exe

C:\Windows\System\VgtvhFo.exe

C:\Windows\System\VgtvhFo.exe

C:\Windows\System\wJHpAeb.exe

C:\Windows\System\wJHpAeb.exe

C:\Windows\System\DvaKJsr.exe

C:\Windows\System\DvaKJsr.exe

C:\Windows\System\BdGEJwe.exe

C:\Windows\System\BdGEJwe.exe

C:\Windows\System\pyREYkn.exe

C:\Windows\System\pyREYkn.exe

C:\Windows\System\KPKBcgN.exe

C:\Windows\System\KPKBcgN.exe

C:\Windows\System\hEAhNPi.exe

C:\Windows\System\hEAhNPi.exe

C:\Windows\System\poWADbQ.exe

C:\Windows\System\poWADbQ.exe

C:\Windows\System\PeJVNHD.exe

C:\Windows\System\PeJVNHD.exe

C:\Windows\System\cKMCgkX.exe

C:\Windows\System\cKMCgkX.exe

C:\Windows\System\upvlIPt.exe

C:\Windows\System\upvlIPt.exe

C:\Windows\System\BUxQfRL.exe

C:\Windows\System\BUxQfRL.exe

C:\Windows\System\SHkulmU.exe

C:\Windows\System\SHkulmU.exe

C:\Windows\System\ThntoyY.exe

C:\Windows\System\ThntoyY.exe

C:\Windows\System\ItUrqDV.exe

C:\Windows\System\ItUrqDV.exe

C:\Windows\System\oJLjRFb.exe

C:\Windows\System\oJLjRFb.exe

C:\Windows\System\ggRXApR.exe

C:\Windows\System\ggRXApR.exe

C:\Windows\System\yZsJeAr.exe

C:\Windows\System\yZsJeAr.exe

C:\Windows\System\VbObVVu.exe

C:\Windows\System\VbObVVu.exe

C:\Windows\System\whwtwyG.exe

C:\Windows\System\whwtwyG.exe

C:\Windows\System\rnXVHOg.exe

C:\Windows\System\rnXVHOg.exe

C:\Windows\System\hrMLaRg.exe

C:\Windows\System\hrMLaRg.exe

C:\Windows\System\VCtmKNM.exe

C:\Windows\System\VCtmKNM.exe

C:\Windows\System\esDsSbz.exe

C:\Windows\System\esDsSbz.exe

C:\Windows\System\PWKAVLc.exe

C:\Windows\System\PWKAVLc.exe

C:\Windows\System\aXFizFQ.exe

C:\Windows\System\aXFizFQ.exe

C:\Windows\System\cLjQGWT.exe

C:\Windows\System\cLjQGWT.exe

C:\Windows\System\qbskeKq.exe

C:\Windows\System\qbskeKq.exe

C:\Windows\System\DyskdCz.exe

C:\Windows\System\DyskdCz.exe

C:\Windows\System\zeCFHum.exe

C:\Windows\System\zeCFHum.exe

C:\Windows\System\AiDnwnz.exe

C:\Windows\System\AiDnwnz.exe

C:\Windows\System\ZqhPksR.exe

C:\Windows\System\ZqhPksR.exe

C:\Windows\System\crYzstI.exe

C:\Windows\System\crYzstI.exe

C:\Windows\System\hIXxEEQ.exe

C:\Windows\System\hIXxEEQ.exe

C:\Windows\System\JRShOfU.exe

C:\Windows\System\JRShOfU.exe

C:\Windows\System\LGdxnQN.exe

C:\Windows\System\LGdxnQN.exe

C:\Windows\System\Jqhkddg.exe

C:\Windows\System\Jqhkddg.exe

C:\Windows\System\RGuMfCS.exe

C:\Windows\System\RGuMfCS.exe

C:\Windows\System\kFCQFPr.exe

C:\Windows\System\kFCQFPr.exe

C:\Windows\System\gkkdFpv.exe

C:\Windows\System\gkkdFpv.exe

C:\Windows\System\FWYEaPf.exe

C:\Windows\System\FWYEaPf.exe

C:\Windows\System\LnQzXRC.exe

C:\Windows\System\LnQzXRC.exe

C:\Windows\System\vAkvkQI.exe

C:\Windows\System\vAkvkQI.exe

C:\Windows\System\gKVaNwc.exe

C:\Windows\System\gKVaNwc.exe

C:\Windows\System\DvzdzjT.exe

C:\Windows\System\DvzdzjT.exe

C:\Windows\System\EEIDvPT.exe

C:\Windows\System\EEIDvPT.exe

C:\Windows\System\vHbznht.exe

C:\Windows\System\vHbznht.exe

C:\Windows\System\LZGUUMp.exe

C:\Windows\System\LZGUUMp.exe

C:\Windows\System\cCOuCVH.exe

C:\Windows\System\cCOuCVH.exe

C:\Windows\System\TlZYwOZ.exe

C:\Windows\System\TlZYwOZ.exe

C:\Windows\System\gkSlTUg.exe

C:\Windows\System\gkSlTUg.exe

C:\Windows\System\tKslLDc.exe

C:\Windows\System\tKslLDc.exe

C:\Windows\System\opVeLuq.exe

C:\Windows\System\opVeLuq.exe

C:\Windows\System\cIhAGPT.exe

C:\Windows\System\cIhAGPT.exe

C:\Windows\System\UUflXrW.exe

C:\Windows\System\UUflXrW.exe

C:\Windows\System\XKTdUkC.exe

C:\Windows\System\XKTdUkC.exe

C:\Windows\System\iBZpaTp.exe

C:\Windows\System\iBZpaTp.exe

C:\Windows\System\hzaFsTQ.exe

C:\Windows\System\hzaFsTQ.exe

C:\Windows\System\nMhbzZL.exe

C:\Windows\System\nMhbzZL.exe

C:\Windows\System\DaCWkrM.exe

C:\Windows\System\DaCWkrM.exe

C:\Windows\System\UBUoFVC.exe

C:\Windows\System\UBUoFVC.exe

C:\Windows\System\WvYVmKl.exe

C:\Windows\System\WvYVmKl.exe

C:\Windows\System\RukzJzi.exe

C:\Windows\System\RukzJzi.exe

C:\Windows\System\rIRvpuw.exe

C:\Windows\System\rIRvpuw.exe

C:\Windows\System\MnvlPUQ.exe

C:\Windows\System\MnvlPUQ.exe

C:\Windows\System\yeoRpxw.exe

C:\Windows\System\yeoRpxw.exe

C:\Windows\System\MpzzVQg.exe

C:\Windows\System\MpzzVQg.exe

C:\Windows\System\GqWlFNc.exe

C:\Windows\System\GqWlFNc.exe

C:\Windows\System\GFDoCDf.exe

C:\Windows\System\GFDoCDf.exe

C:\Windows\System\RXOcZBA.exe

C:\Windows\System\RXOcZBA.exe

C:\Windows\System\sdlAyAW.exe

C:\Windows\System\sdlAyAW.exe

C:\Windows\System\GDGputv.exe

C:\Windows\System\GDGputv.exe

C:\Windows\System\GFbrWFY.exe

C:\Windows\System\GFbrWFY.exe

C:\Windows\System\DsqdIRE.exe

C:\Windows\System\DsqdIRE.exe

C:\Windows\System\KrMNumn.exe

C:\Windows\System\KrMNumn.exe

C:\Windows\System\fKLQLXj.exe

C:\Windows\System\fKLQLXj.exe

C:\Windows\System\bJiWoaC.exe

C:\Windows\System\bJiWoaC.exe

C:\Windows\System\ChXGzhs.exe

C:\Windows\System\ChXGzhs.exe

C:\Windows\System\cJQZOJl.exe

C:\Windows\System\cJQZOJl.exe

C:\Windows\System\ofJjVbw.exe

C:\Windows\System\ofJjVbw.exe

C:\Windows\System\iTKdKzR.exe

C:\Windows\System\iTKdKzR.exe

C:\Windows\System\qHExQDr.exe

C:\Windows\System\qHExQDr.exe

C:\Windows\System\zQljfme.exe

C:\Windows\System\zQljfme.exe

C:\Windows\System\xbgzcmO.exe

C:\Windows\System\xbgzcmO.exe

C:\Windows\System\AxhkAKt.exe

C:\Windows\System\AxhkAKt.exe

C:\Windows\System\wBhlMGB.exe

C:\Windows\System\wBhlMGB.exe

C:\Windows\System\lYduUtX.exe

C:\Windows\System\lYduUtX.exe

C:\Windows\System\cFmLURP.exe

C:\Windows\System\cFmLURP.exe

C:\Windows\System\rljwgyQ.exe

C:\Windows\System\rljwgyQ.exe

C:\Windows\System\MaCvlah.exe

C:\Windows\System\MaCvlah.exe

C:\Windows\System\uiIAzTB.exe

C:\Windows\System\uiIAzTB.exe

C:\Windows\System\DMOclCO.exe

C:\Windows\System\DMOclCO.exe

C:\Windows\System\pFuBimJ.exe

C:\Windows\System\pFuBimJ.exe

C:\Windows\System\QENZMRh.exe

C:\Windows\System\QENZMRh.exe

C:\Windows\System\isuHidO.exe

C:\Windows\System\isuHidO.exe

C:\Windows\System\tMWHeJR.exe

C:\Windows\System\tMWHeJR.exe

C:\Windows\System\XgTonXK.exe

C:\Windows\System\XgTonXK.exe

C:\Windows\System\gsrESYF.exe

C:\Windows\System\gsrESYF.exe

C:\Windows\System\vSnPtxC.exe

C:\Windows\System\vSnPtxC.exe

C:\Windows\System\hvRLpdU.exe

C:\Windows\System\hvRLpdU.exe

C:\Windows\System\bMZbIUU.exe

C:\Windows\System\bMZbIUU.exe

C:\Windows\System\rkHVkPw.exe

C:\Windows\System\rkHVkPw.exe

C:\Windows\System\wtWHzMP.exe

C:\Windows\System\wtWHzMP.exe

C:\Windows\System\DxMoAqk.exe

C:\Windows\System\DxMoAqk.exe

C:\Windows\System\ZdliZdk.exe

C:\Windows\System\ZdliZdk.exe

C:\Windows\System\RCSQKwx.exe

C:\Windows\System\RCSQKwx.exe

C:\Windows\System\XJruCxg.exe

C:\Windows\System\XJruCxg.exe

C:\Windows\System\KapsBZH.exe

C:\Windows\System\KapsBZH.exe

C:\Windows\System\GaOeZNT.exe

C:\Windows\System\GaOeZNT.exe

C:\Windows\System\YwYsByI.exe

C:\Windows\System\YwYsByI.exe

C:\Windows\System\xkwfiBT.exe

C:\Windows\System\xkwfiBT.exe

C:\Windows\System\HmrDCqy.exe

C:\Windows\System\HmrDCqy.exe

C:\Windows\System\ZjazQia.exe

C:\Windows\System\ZjazQia.exe

C:\Windows\System\vTfbfgc.exe

C:\Windows\System\vTfbfgc.exe

C:\Windows\System\AUByzDB.exe

C:\Windows\System\AUByzDB.exe

C:\Windows\System\QctMBbE.exe

C:\Windows\System\QctMBbE.exe

C:\Windows\System\ldRAJaj.exe

C:\Windows\System\ldRAJaj.exe

C:\Windows\System\rIwApwj.exe

C:\Windows\System\rIwApwj.exe

C:\Windows\System\ddSZnsB.exe

C:\Windows\System\ddSZnsB.exe

C:\Windows\System\vIfJZhG.exe

C:\Windows\System\vIfJZhG.exe

C:\Windows\System\kcuqfnZ.exe

C:\Windows\System\kcuqfnZ.exe

C:\Windows\System\prcgKWW.exe

C:\Windows\System\prcgKWW.exe

C:\Windows\System\RRoigdo.exe

C:\Windows\System\RRoigdo.exe

C:\Windows\System\zypEPLA.exe

C:\Windows\System\zypEPLA.exe

C:\Windows\System\AurrJOa.exe

C:\Windows\System\AurrJOa.exe

C:\Windows\System\oSKaOzq.exe

C:\Windows\System\oSKaOzq.exe

C:\Windows\System\eFtNOnX.exe

C:\Windows\System\eFtNOnX.exe

C:\Windows\System\UFEPQns.exe

C:\Windows\System\UFEPQns.exe

C:\Windows\System\ByJFvdN.exe

C:\Windows\System\ByJFvdN.exe

C:\Windows\System\hKoLocY.exe

C:\Windows\System\hKoLocY.exe

C:\Windows\System\PawJlGq.exe

C:\Windows\System\PawJlGq.exe

C:\Windows\System\qHZbyrX.exe

C:\Windows\System\qHZbyrX.exe

C:\Windows\System\ciFrOej.exe

C:\Windows\System\ciFrOej.exe

C:\Windows\System\WLwUnsl.exe

C:\Windows\System\WLwUnsl.exe

C:\Windows\System\UhsGdWe.exe

C:\Windows\System\UhsGdWe.exe

C:\Windows\System\HhjdskO.exe

C:\Windows\System\HhjdskO.exe

C:\Windows\System\XZkCHlZ.exe

C:\Windows\System\XZkCHlZ.exe

C:\Windows\System\cQtwjpI.exe

C:\Windows\System\cQtwjpI.exe

C:\Windows\System\tKhioDF.exe

C:\Windows\System\tKhioDF.exe

C:\Windows\System\AvstLbR.exe

C:\Windows\System\AvstLbR.exe

C:\Windows\System\oZKVxiU.exe

C:\Windows\System\oZKVxiU.exe

C:\Windows\System\bFCVENC.exe

C:\Windows\System\bFCVENC.exe

C:\Windows\System\QomaPPM.exe

C:\Windows\System\QomaPPM.exe

C:\Windows\System\MqAZhld.exe

C:\Windows\System\MqAZhld.exe

C:\Windows\System\WOEtQnP.exe

C:\Windows\System\WOEtQnP.exe

C:\Windows\System\qbuwttS.exe

C:\Windows\System\qbuwttS.exe

C:\Windows\System\IRZcGmE.exe

C:\Windows\System\IRZcGmE.exe

C:\Windows\System\pxBGBXL.exe

C:\Windows\System\pxBGBXL.exe

C:\Windows\System\pkoicfC.exe

C:\Windows\System\pkoicfC.exe

C:\Windows\System\CHVXrWM.exe

C:\Windows\System\CHVXrWM.exe

C:\Windows\System\HYGhdCS.exe

C:\Windows\System\HYGhdCS.exe

C:\Windows\System\gIjFogF.exe

C:\Windows\System\gIjFogF.exe

C:\Windows\System\mgzrXot.exe

C:\Windows\System\mgzrXot.exe

C:\Windows\System\SLRIqHB.exe

C:\Windows\System\SLRIqHB.exe

C:\Windows\System\QdBKUys.exe

C:\Windows\System\QdBKUys.exe

C:\Windows\System\eyjVYhc.exe

C:\Windows\System\eyjVYhc.exe

C:\Windows\System\trCqSSS.exe

C:\Windows\System\trCqSSS.exe

C:\Windows\System\LrgDfrO.exe

C:\Windows\System\LrgDfrO.exe

C:\Windows\System\ZQkCaXN.exe

C:\Windows\System\ZQkCaXN.exe

C:\Windows\System\rJXGrGR.exe

C:\Windows\System\rJXGrGR.exe

C:\Windows\System\QRfGzvG.exe

C:\Windows\System\QRfGzvG.exe

C:\Windows\System\nTFCqrZ.exe

C:\Windows\System\nTFCqrZ.exe

C:\Windows\System\QofxfAZ.exe

C:\Windows\System\QofxfAZ.exe

C:\Windows\System\aQcREhh.exe

C:\Windows\System\aQcREhh.exe

C:\Windows\System\WMnWhfE.exe

C:\Windows\System\WMnWhfE.exe

C:\Windows\System\kyLQiNj.exe

C:\Windows\System\kyLQiNj.exe

C:\Windows\System\UIoknyP.exe

C:\Windows\System\UIoknyP.exe

C:\Windows\System\urrNlKw.exe

C:\Windows\System\urrNlKw.exe

C:\Windows\System\gFriQqf.exe

C:\Windows\System\gFriQqf.exe

C:\Windows\System\HCKAEqb.exe

C:\Windows\System\HCKAEqb.exe

C:\Windows\System\VKalkha.exe

C:\Windows\System\VKalkha.exe

C:\Windows\System\OWsnxIM.exe

C:\Windows\System\OWsnxIM.exe

C:\Windows\System\RvveJTG.exe

C:\Windows\System\RvveJTG.exe

C:\Windows\System\zDjzfAT.exe

C:\Windows\System\zDjzfAT.exe

C:\Windows\System\AMXanZw.exe

C:\Windows\System\AMXanZw.exe

C:\Windows\System\rpJhTsj.exe

C:\Windows\System\rpJhTsj.exe

C:\Windows\System\NQhyrNz.exe

C:\Windows\System\NQhyrNz.exe

C:\Windows\System\bKcmRPH.exe

C:\Windows\System\bKcmRPH.exe

C:\Windows\System\qdNLIkQ.exe

C:\Windows\System\qdNLIkQ.exe

C:\Windows\System\cONooKC.exe

C:\Windows\System\cONooKC.exe

C:\Windows\System\TYbOaHE.exe

C:\Windows\System\TYbOaHE.exe

C:\Windows\System\MoOpomp.exe

C:\Windows\System\MoOpomp.exe

C:\Windows\System\iAKrNRg.exe

C:\Windows\System\iAKrNRg.exe

C:\Windows\System\VsNlhKf.exe

C:\Windows\System\VsNlhKf.exe

C:\Windows\System\MfWxFZP.exe

C:\Windows\System\MfWxFZP.exe

C:\Windows\System\KKXajBw.exe

C:\Windows\System\KKXajBw.exe

C:\Windows\System\uSGidve.exe

C:\Windows\System\uSGidve.exe

C:\Windows\System\eCksvxt.exe

C:\Windows\System\eCksvxt.exe

C:\Windows\System\GhTVspN.exe

C:\Windows\System\GhTVspN.exe

C:\Windows\System\UMNIWKE.exe

C:\Windows\System\UMNIWKE.exe

C:\Windows\System\CSXlqEw.exe

C:\Windows\System\CSXlqEw.exe

C:\Windows\System\GkMOXoM.exe

C:\Windows\System\GkMOXoM.exe

C:\Windows\System\yNeBDxk.exe

C:\Windows\System\yNeBDxk.exe

C:\Windows\System\RgxppQU.exe

C:\Windows\System\RgxppQU.exe

C:\Windows\System\BAcfazq.exe

C:\Windows\System\BAcfazq.exe

C:\Windows\System\IgFCPrV.exe

C:\Windows\System\IgFCPrV.exe

C:\Windows\System\jZOZJqj.exe

C:\Windows\System\jZOZJqj.exe

C:\Windows\System\iTHKpJH.exe

C:\Windows\System\iTHKpJH.exe

C:\Windows\System\FKJzHsa.exe

C:\Windows\System\FKJzHsa.exe

C:\Windows\System\YlaINGE.exe

C:\Windows\System\YlaINGE.exe

C:\Windows\System\vCxKlfN.exe

C:\Windows\System\vCxKlfN.exe

C:\Windows\System\saSWcis.exe

C:\Windows\System\saSWcis.exe

C:\Windows\System\uxdArGC.exe

C:\Windows\System\uxdArGC.exe

C:\Windows\System\klNrnhg.exe

C:\Windows\System\klNrnhg.exe

C:\Windows\System\lIofdCR.exe

C:\Windows\System\lIofdCR.exe

C:\Windows\System\AcNIsPG.exe

C:\Windows\System\AcNIsPG.exe

C:\Windows\System\dECCsaD.exe

C:\Windows\System\dECCsaD.exe

C:\Windows\System\dAlebzK.exe

C:\Windows\System\dAlebzK.exe

C:\Windows\System\JlhGPtW.exe

C:\Windows\System\JlhGPtW.exe

C:\Windows\System\naduQsZ.exe

C:\Windows\System\naduQsZ.exe

C:\Windows\System\LJYOdIc.exe

C:\Windows\System\LJYOdIc.exe

C:\Windows\System\nwhiTnS.exe

C:\Windows\System\nwhiTnS.exe

C:\Windows\System\fmJLvbe.exe

C:\Windows\System\fmJLvbe.exe

C:\Windows\System\Tpqfbkt.exe

C:\Windows\System\Tpqfbkt.exe

C:\Windows\System\MyKforl.exe

C:\Windows\System\MyKforl.exe

C:\Windows\System\fVCGYek.exe

C:\Windows\System\fVCGYek.exe

C:\Windows\System\jznibXU.exe

C:\Windows\System\jznibXU.exe

C:\Windows\System\tPlzGQR.exe

C:\Windows\System\tPlzGQR.exe

C:\Windows\System\MwlQaEJ.exe

C:\Windows\System\MwlQaEJ.exe

C:\Windows\System\YoobACQ.exe

C:\Windows\System\YoobACQ.exe

C:\Windows\System\EzXOMur.exe

C:\Windows\System\EzXOMur.exe

C:\Windows\System\xKKJZXR.exe

C:\Windows\System\xKKJZXR.exe

C:\Windows\System\AmHwdlk.exe

C:\Windows\System\AmHwdlk.exe

C:\Windows\System\dHftPvI.exe

C:\Windows\System\dHftPvI.exe

C:\Windows\System\fRNtLmI.exe

C:\Windows\System\fRNtLmI.exe

C:\Windows\System\fcpnVfZ.exe

C:\Windows\System\fcpnVfZ.exe

C:\Windows\System\XmvwvaS.exe

C:\Windows\System\XmvwvaS.exe

C:\Windows\System\qpnJQGf.exe

C:\Windows\System\qpnJQGf.exe

C:\Windows\System\ZumsVKr.exe

C:\Windows\System\ZumsVKr.exe

C:\Windows\System\gwHkdJs.exe

C:\Windows\System\gwHkdJs.exe

C:\Windows\System\xAolzMS.exe

C:\Windows\System\xAolzMS.exe

C:\Windows\System\akqKVPx.exe

C:\Windows\System\akqKVPx.exe

C:\Windows\System\laQCsdn.exe

C:\Windows\System\laQCsdn.exe

C:\Windows\System\jBsUpVp.exe

C:\Windows\System\jBsUpVp.exe

C:\Windows\System\yPEanPJ.exe

C:\Windows\System\yPEanPJ.exe

C:\Windows\System\ZGboOWW.exe

C:\Windows\System\ZGboOWW.exe

C:\Windows\System\lbqucxx.exe

C:\Windows\System\lbqucxx.exe

C:\Windows\System\dLuHCnH.exe

C:\Windows\System\dLuHCnH.exe

C:\Windows\System\XZXkbpV.exe

C:\Windows\System\XZXkbpV.exe

C:\Windows\System\xhpyqGc.exe

C:\Windows\System\xhpyqGc.exe

C:\Windows\System\XdDBiGV.exe

C:\Windows\System\XdDBiGV.exe

C:\Windows\System\sfGcyVi.exe

C:\Windows\System\sfGcyVi.exe

C:\Windows\System\Purepro.exe

C:\Windows\System\Purepro.exe

C:\Windows\System\UhBJoPa.exe

C:\Windows\System\UhBJoPa.exe

C:\Windows\System\VlriCPw.exe

C:\Windows\System\VlriCPw.exe

C:\Windows\System\IcQsETB.exe

C:\Windows\System\IcQsETB.exe

C:\Windows\System\llcJiyy.exe

C:\Windows\System\llcJiyy.exe

C:\Windows\System\nXAnAmv.exe

C:\Windows\System\nXAnAmv.exe

C:\Windows\System\PuCNPSf.exe

C:\Windows\System\PuCNPSf.exe

C:\Windows\System\DuUDeka.exe

C:\Windows\System\DuUDeka.exe

C:\Windows\System\mPsjEYd.exe

C:\Windows\System\mPsjEYd.exe

C:\Windows\System\EibhfpH.exe

C:\Windows\System\EibhfpH.exe

C:\Windows\System\wexnmHA.exe

C:\Windows\System\wexnmHA.exe

C:\Windows\System\cTazwzn.exe

C:\Windows\System\cTazwzn.exe

C:\Windows\System\MNHtMoN.exe

C:\Windows\System\MNHtMoN.exe

C:\Windows\System\MZfzQxv.exe

C:\Windows\System\MZfzQxv.exe

C:\Windows\System\ITSzfaJ.exe

C:\Windows\System\ITSzfaJ.exe

C:\Windows\System\Vkjmmwf.exe

C:\Windows\System\Vkjmmwf.exe

C:\Windows\System\OKYnIlo.exe

C:\Windows\System\OKYnIlo.exe

C:\Windows\System\FZDuFKU.exe

C:\Windows\System\FZDuFKU.exe

C:\Windows\System\vKAqaBa.exe

C:\Windows\System\vKAqaBa.exe

C:\Windows\System\BrVYQhj.exe

C:\Windows\System\BrVYQhj.exe

C:\Windows\System\SCATryd.exe

C:\Windows\System\SCATryd.exe

C:\Windows\System\qbjnole.exe

C:\Windows\System\qbjnole.exe

C:\Windows\System\ZuirrzO.exe

C:\Windows\System\ZuirrzO.exe

C:\Windows\System\WGJugHQ.exe

C:\Windows\System\WGJugHQ.exe

C:\Windows\System\fgxwCnM.exe

C:\Windows\System\fgxwCnM.exe

C:\Windows\System\WLletip.exe

C:\Windows\System\WLletip.exe

C:\Windows\System\wJUYDGC.exe

C:\Windows\System\wJUYDGC.exe

C:\Windows\System\ysYAewr.exe

C:\Windows\System\ysYAewr.exe

C:\Windows\System\nbXqvUx.exe

C:\Windows\System\nbXqvUx.exe

C:\Windows\System\mckTAJG.exe

C:\Windows\System\mckTAJG.exe

C:\Windows\System\nERkbpL.exe

C:\Windows\System\nERkbpL.exe

C:\Windows\System\kiiEmfj.exe

C:\Windows\System\kiiEmfj.exe

C:\Windows\System\SWrmtBp.exe

C:\Windows\System\SWrmtBp.exe

C:\Windows\System\cKxMJBa.exe

C:\Windows\System\cKxMJBa.exe

C:\Windows\System\yxcfAPK.exe

C:\Windows\System\yxcfAPK.exe

C:\Windows\System\PvSMncs.exe

C:\Windows\System\PvSMncs.exe

C:\Windows\System\PiKMmsz.exe

C:\Windows\System\PiKMmsz.exe

C:\Windows\System\kZSuGhW.exe

C:\Windows\System\kZSuGhW.exe

C:\Windows\System\HbTuklg.exe

C:\Windows\System\HbTuklg.exe

C:\Windows\System\dIzmFpg.exe

C:\Windows\System\dIzmFpg.exe

C:\Windows\System\XvpcZkb.exe

C:\Windows\System\XvpcZkb.exe

C:\Windows\System\ZmISQFq.exe

C:\Windows\System\ZmISQFq.exe

C:\Windows\System\NSGYlqA.exe

C:\Windows\System\NSGYlqA.exe

C:\Windows\System\hhLthdO.exe

C:\Windows\System\hhLthdO.exe

C:\Windows\System\XiUVzca.exe

C:\Windows\System\XiUVzca.exe

C:\Windows\System\jvcmyYs.exe

C:\Windows\System\jvcmyYs.exe

C:\Windows\System\tncdoDz.exe

C:\Windows\System\tncdoDz.exe

C:\Windows\System\jnrQjuY.exe

C:\Windows\System\jnrQjuY.exe

C:\Windows\System\lUXhOVY.exe

C:\Windows\System\lUXhOVY.exe

C:\Windows\System\NrGNIyT.exe

C:\Windows\System\NrGNIyT.exe

C:\Windows\System\VKfpQiS.exe

C:\Windows\System\VKfpQiS.exe

C:\Windows\System\OXzlksr.exe

C:\Windows\System\OXzlksr.exe

C:\Windows\System\LfpBEaV.exe

C:\Windows\System\LfpBEaV.exe

C:\Windows\System\mDQmzst.exe

C:\Windows\System\mDQmzst.exe

C:\Windows\System\UecoZrp.exe

C:\Windows\System\UecoZrp.exe

C:\Windows\System\iObGAkG.exe

C:\Windows\System\iObGAkG.exe

C:\Windows\System\xZacPAq.exe

C:\Windows\System\xZacPAq.exe

C:\Windows\System\XaRxwJO.exe

C:\Windows\System\XaRxwJO.exe

C:\Windows\System\lFeEKQI.exe

C:\Windows\System\lFeEKQI.exe

C:\Windows\System\RXUYWZh.exe

C:\Windows\System\RXUYWZh.exe

C:\Windows\System\LhRZJOZ.exe

C:\Windows\System\LhRZJOZ.exe

C:\Windows\System\OUOKQUs.exe

C:\Windows\System\OUOKQUs.exe

C:\Windows\System\EeutWtp.exe

C:\Windows\System\EeutWtp.exe

C:\Windows\System\OvmZNwo.exe

C:\Windows\System\OvmZNwo.exe

C:\Windows\System\jHGirAC.exe

C:\Windows\System\jHGirAC.exe

C:\Windows\System\ePwrBCj.exe

C:\Windows\System\ePwrBCj.exe

C:\Windows\System\UfgKIgk.exe

C:\Windows\System\UfgKIgk.exe

C:\Windows\System\TZizgym.exe

C:\Windows\System\TZizgym.exe

C:\Windows\System\fMghGrc.exe

C:\Windows\System\fMghGrc.exe

C:\Windows\System\mPdxpvL.exe

C:\Windows\System\mPdxpvL.exe

C:\Windows\System\cFGuKpM.exe

C:\Windows\System\cFGuKpM.exe

C:\Windows\System\xBHDcnw.exe

C:\Windows\System\xBHDcnw.exe

C:\Windows\System\ggedDff.exe

C:\Windows\System\ggedDff.exe

C:\Windows\System\MCVnQTT.exe

C:\Windows\System\MCVnQTT.exe

C:\Windows\System\PxBnKhz.exe

C:\Windows\System\PxBnKhz.exe

C:\Windows\System\diUjFaM.exe

C:\Windows\System\diUjFaM.exe

C:\Windows\System\aqxYNUp.exe

C:\Windows\System\aqxYNUp.exe

C:\Windows\System\PZegkie.exe

C:\Windows\System\PZegkie.exe

C:\Windows\System\uLeZxmD.exe

C:\Windows\System\uLeZxmD.exe

C:\Windows\System\uefJRHq.exe

C:\Windows\System\uefJRHq.exe

C:\Windows\System\ZwnEmqv.exe

C:\Windows\System\ZwnEmqv.exe

C:\Windows\System\NeCLoyt.exe

C:\Windows\System\NeCLoyt.exe

C:\Windows\System\XRkDKZR.exe

C:\Windows\System\XRkDKZR.exe

C:\Windows\System\WTecUWl.exe

C:\Windows\System\WTecUWl.exe

C:\Windows\System\IsgLelc.exe

C:\Windows\System\IsgLelc.exe

C:\Windows\System\FDdoeUs.exe

C:\Windows\System\FDdoeUs.exe

C:\Windows\System\WCrNWJd.exe

C:\Windows\System\WCrNWJd.exe

C:\Windows\System\MwRTuYH.exe

C:\Windows\System\MwRTuYH.exe

C:\Windows\System\pcpsGmI.exe

C:\Windows\System\pcpsGmI.exe

C:\Windows\System\LRRejNk.exe

C:\Windows\System\LRRejNk.exe

C:\Windows\System\ufxYMeK.exe

C:\Windows\System\ufxYMeK.exe

C:\Windows\System\UoqqsOB.exe

C:\Windows\System\UoqqsOB.exe

C:\Windows\System\hIKNFaT.exe

C:\Windows\System\hIKNFaT.exe

C:\Windows\System\tSYDXji.exe

C:\Windows\System\tSYDXji.exe

C:\Windows\System\rPZnLXi.exe

C:\Windows\System\rPZnLXi.exe

C:\Windows\System\utVxjRx.exe

C:\Windows\System\utVxjRx.exe

C:\Windows\System\ifhyxrr.exe

C:\Windows\System\ifhyxrr.exe

C:\Windows\System\jkQaQyE.exe

C:\Windows\System\jkQaQyE.exe

C:\Windows\System\JDovnkG.exe

C:\Windows\System\JDovnkG.exe

C:\Windows\System\xNJacqM.exe

C:\Windows\System\xNJacqM.exe

C:\Windows\System\egZoLip.exe

C:\Windows\System\egZoLip.exe

C:\Windows\System\VaXhSgT.exe

C:\Windows\System\VaXhSgT.exe

C:\Windows\System\eWCvhVi.exe

C:\Windows\System\eWCvhVi.exe

C:\Windows\System\JMzIaeU.exe

C:\Windows\System\JMzIaeU.exe

C:\Windows\System\MHMEkeM.exe

C:\Windows\System\MHMEkeM.exe

C:\Windows\System\dUwDWyV.exe

C:\Windows\System\dUwDWyV.exe

C:\Windows\System\qWrKtHo.exe

C:\Windows\System\qWrKtHo.exe

C:\Windows\System\IMUSxNc.exe

C:\Windows\System\IMUSxNc.exe

C:\Windows\System\cBqNraA.exe

C:\Windows\System\cBqNraA.exe

C:\Windows\System\PiaOjpC.exe

C:\Windows\System\PiaOjpC.exe

C:\Windows\System\CoKDilY.exe

C:\Windows\System\CoKDilY.exe

C:\Windows\System\IcqPzGD.exe

C:\Windows\System\IcqPzGD.exe

C:\Windows\System\KquOrTI.exe

C:\Windows\System\KquOrTI.exe

C:\Windows\System\aYUbZLU.exe

C:\Windows\System\aYUbZLU.exe

C:\Windows\System\dMlNJql.exe

C:\Windows\System\dMlNJql.exe

C:\Windows\System\PBbzwBQ.exe

C:\Windows\System\PBbzwBQ.exe

C:\Windows\System\dQwgpZU.exe

C:\Windows\System\dQwgpZU.exe

C:\Windows\System\rAbhRxs.exe

C:\Windows\System\rAbhRxs.exe

C:\Windows\System\jalaHyE.exe

C:\Windows\System\jalaHyE.exe

C:\Windows\System\vlIcSvX.exe

C:\Windows\System\vlIcSvX.exe

C:\Windows\System\bmrjneJ.exe

C:\Windows\System\bmrjneJ.exe

C:\Windows\System\HavgyjD.exe

C:\Windows\System\HavgyjD.exe

C:\Windows\System\XlwiCCq.exe

C:\Windows\System\XlwiCCq.exe

C:\Windows\System\IPCSuMo.exe

C:\Windows\System\IPCSuMo.exe

C:\Windows\System\UbBJCGt.exe

C:\Windows\System\UbBJCGt.exe

C:\Windows\System\BSFFJan.exe

C:\Windows\System\BSFFJan.exe

C:\Windows\System\TToPjrm.exe

C:\Windows\System\TToPjrm.exe

C:\Windows\System\gBXWbTq.exe

C:\Windows\System\gBXWbTq.exe

C:\Windows\System\JEgHmMF.exe

C:\Windows\System\JEgHmMF.exe

C:\Windows\System\vVzSqXK.exe

C:\Windows\System\vVzSqXK.exe

C:\Windows\System\EUjlZYb.exe

C:\Windows\System\EUjlZYb.exe

C:\Windows\System\sxjTJsB.exe

C:\Windows\System\sxjTJsB.exe

C:\Windows\System\vipVsky.exe

C:\Windows\System\vipVsky.exe

C:\Windows\System\JKgqBca.exe

C:\Windows\System\JKgqBca.exe

C:\Windows\System\oZJwmmj.exe

C:\Windows\System\oZJwmmj.exe

C:\Windows\System\QVfjQWJ.exe

C:\Windows\System\QVfjQWJ.exe

C:\Windows\System\sOsVyIW.exe

C:\Windows\System\sOsVyIW.exe

C:\Windows\System\jCrCFLV.exe

C:\Windows\System\jCrCFLV.exe

C:\Windows\System\mvPLxLF.exe

C:\Windows\System\mvPLxLF.exe

C:\Windows\System\qBBdgvT.exe

C:\Windows\System\qBBdgvT.exe

C:\Windows\System\JeMuBtV.exe

C:\Windows\System\JeMuBtV.exe

C:\Windows\System\TrkEOjV.exe

C:\Windows\System\TrkEOjV.exe

C:\Windows\System\mueRjIr.exe

C:\Windows\System\mueRjIr.exe

C:\Windows\System\fitkCTl.exe

C:\Windows\System\fitkCTl.exe

C:\Windows\System\jCmPhlw.exe

C:\Windows\System\jCmPhlw.exe

C:\Windows\System\LMceHVr.exe

C:\Windows\System\LMceHVr.exe

C:\Windows\System\XvdzRQz.exe

C:\Windows\System\XvdzRQz.exe

C:\Windows\System\SgIgYuc.exe

C:\Windows\System\SgIgYuc.exe

C:\Windows\System\XARBcTi.exe

C:\Windows\System\XARBcTi.exe

C:\Windows\System\VJxJLXx.exe

C:\Windows\System\VJxJLXx.exe

C:\Windows\System\ibXcWxN.exe

C:\Windows\System\ibXcWxN.exe

C:\Windows\System\PQCqzNG.exe

C:\Windows\System\PQCqzNG.exe

C:\Windows\System\bjAuDrR.exe

C:\Windows\System\bjAuDrR.exe

C:\Windows\System\agxztBE.exe

C:\Windows\System\agxztBE.exe

C:\Windows\System\qQMnQXm.exe

C:\Windows\System\qQMnQXm.exe

C:\Windows\System\UBoQabd.exe

C:\Windows\System\UBoQabd.exe

C:\Windows\System\EHTWFxF.exe

C:\Windows\System\EHTWFxF.exe

C:\Windows\System\vWehaFx.exe

C:\Windows\System\vWehaFx.exe

C:\Windows\System\imJjIIi.exe

C:\Windows\System\imJjIIi.exe

C:\Windows\System\YeNcycb.exe

C:\Windows\System\YeNcycb.exe

C:\Windows\System\CtffGDE.exe

C:\Windows\System\CtffGDE.exe

C:\Windows\System\tTvCvkg.exe

C:\Windows\System\tTvCvkg.exe

C:\Windows\System\dbRtVlp.exe

C:\Windows\System\dbRtVlp.exe

C:\Windows\System\RIgRFzl.exe

C:\Windows\System\RIgRFzl.exe

C:\Windows\System\KhJgvne.exe

C:\Windows\System\KhJgvne.exe

C:\Windows\System\eCfwdTo.exe

C:\Windows\System\eCfwdTo.exe

C:\Windows\System\LVpaHvm.exe

C:\Windows\System\LVpaHvm.exe

C:\Windows\System\yqgNOHP.exe

C:\Windows\System\yqgNOHP.exe

C:\Windows\System\MaIuQhR.exe

C:\Windows\System\MaIuQhR.exe

C:\Windows\System\XfUsPxB.exe

C:\Windows\System\XfUsPxB.exe

C:\Windows\System\IIBLrXo.exe

C:\Windows\System\IIBLrXo.exe

C:\Windows\System\mflQefL.exe

C:\Windows\System\mflQefL.exe

C:\Windows\System\dpGJidG.exe

C:\Windows\System\dpGJidG.exe

C:\Windows\System\jnDSGXR.exe

C:\Windows\System\jnDSGXR.exe

C:\Windows\System\WRIFcmD.exe

C:\Windows\System\WRIFcmD.exe

C:\Windows\System\KkeaSqd.exe

C:\Windows\System\KkeaSqd.exe

C:\Windows\System\hEttYHG.exe

C:\Windows\System\hEttYHG.exe

C:\Windows\System\Fyuybff.exe

C:\Windows\System\Fyuybff.exe

C:\Windows\System\GdmEpNL.exe

C:\Windows\System\GdmEpNL.exe

C:\Windows\System\yLWvZHe.exe

C:\Windows\System\yLWvZHe.exe

C:\Windows\System\YLcOUDS.exe

C:\Windows\System\YLcOUDS.exe

C:\Windows\System\hsMHsOD.exe

C:\Windows\System\hsMHsOD.exe

C:\Windows\System\wzVuxru.exe

C:\Windows\System\wzVuxru.exe

C:\Windows\System\wbfIODw.exe

C:\Windows\System\wbfIODw.exe

C:\Windows\System\cjczEKV.exe

C:\Windows\System\cjczEKV.exe

C:\Windows\System\lygYRHS.exe

C:\Windows\System\lygYRHS.exe

C:\Windows\System\wjUXZJk.exe

C:\Windows\System\wjUXZJk.exe

C:\Windows\System\hsohzGZ.exe

C:\Windows\System\hsohzGZ.exe

C:\Windows\System\lvnACHo.exe

C:\Windows\System\lvnACHo.exe

C:\Windows\System\speoJtf.exe

C:\Windows\System\speoJtf.exe

C:\Windows\System\xoJyoWJ.exe

C:\Windows\System\xoJyoWJ.exe

C:\Windows\System\nwzBIqw.exe

C:\Windows\System\nwzBIqw.exe

C:\Windows\System\WxixFNO.exe

C:\Windows\System\WxixFNO.exe

C:\Windows\System\iYimAjP.exe

C:\Windows\System\iYimAjP.exe

C:\Windows\System\onzDRBS.exe

C:\Windows\System\onzDRBS.exe

C:\Windows\System\QhwlfHt.exe

C:\Windows\System\QhwlfHt.exe

C:\Windows\System\LFQEsOT.exe

C:\Windows\System\LFQEsOT.exe

C:\Windows\System\lXUCfBp.exe

C:\Windows\System\lXUCfBp.exe

C:\Windows\System\zcUvaZL.exe

C:\Windows\System\zcUvaZL.exe

C:\Windows\System\HcZJPJp.exe

C:\Windows\System\HcZJPJp.exe

C:\Windows\System\ozNZmPm.exe

C:\Windows\System\ozNZmPm.exe

C:\Windows\System\IqoWfth.exe

C:\Windows\System\IqoWfth.exe

C:\Windows\System\uShdrCD.exe

C:\Windows\System\uShdrCD.exe

C:\Windows\System\xpWzfCI.exe

C:\Windows\System\xpWzfCI.exe

C:\Windows\System\AXdTvKI.exe

C:\Windows\System\AXdTvKI.exe

C:\Windows\System\jmLfjJX.exe

C:\Windows\System\jmLfjJX.exe

C:\Windows\System\tVKWpwx.exe

C:\Windows\System\tVKWpwx.exe

C:\Windows\System\hNtzWLE.exe

C:\Windows\System\hNtzWLE.exe

C:\Windows\System\bAJGhaD.exe

C:\Windows\System\bAJGhaD.exe

C:\Windows\System\gtBtXaf.exe

C:\Windows\System\gtBtXaf.exe

C:\Windows\System\FOERmQd.exe

C:\Windows\System\FOERmQd.exe

C:\Windows\System\hsleNgJ.exe

C:\Windows\System\hsleNgJ.exe

C:\Windows\System\CGQTIhU.exe

C:\Windows\System\CGQTIhU.exe

C:\Windows\System\BxDRamq.exe

C:\Windows\System\BxDRamq.exe

C:\Windows\System\sreBKoX.exe

C:\Windows\System\sreBKoX.exe

C:\Windows\System\CuOorDF.exe

C:\Windows\System\CuOorDF.exe

C:\Windows\System\XzPoMHE.exe

C:\Windows\System\XzPoMHE.exe

C:\Windows\System\QWgSYgy.exe

C:\Windows\System\QWgSYgy.exe

C:\Windows\System\GnMaqLG.exe

C:\Windows\System\GnMaqLG.exe

C:\Windows\System\rROENSf.exe

C:\Windows\System\rROENSf.exe

C:\Windows\System\HQBHUYW.exe

C:\Windows\System\HQBHUYW.exe

C:\Windows\System\rhNPaQA.exe

C:\Windows\System\rhNPaQA.exe

C:\Windows\System\TBhQuCI.exe

C:\Windows\System\TBhQuCI.exe

C:\Windows\System\YJnLwHI.exe

C:\Windows\System\YJnLwHI.exe

C:\Windows\System\gihKsKZ.exe

C:\Windows\System\gihKsKZ.exe

C:\Windows\System\iJxXrUB.exe

C:\Windows\System\iJxXrUB.exe

C:\Windows\System\JtxPyyM.exe

C:\Windows\System\JtxPyyM.exe

C:\Windows\System\lKPVLBJ.exe

C:\Windows\System\lKPVLBJ.exe

C:\Windows\System\WjWmFYb.exe

C:\Windows\System\WjWmFYb.exe

C:\Windows\System\YIIVLzN.exe

C:\Windows\System\YIIVLzN.exe

C:\Windows\System\PVoeSfr.exe

C:\Windows\System\PVoeSfr.exe

C:\Windows\System\YxrZwQl.exe

C:\Windows\System\YxrZwQl.exe

C:\Windows\System\XWbxdHB.exe

C:\Windows\System\XWbxdHB.exe

C:\Windows\System\XpfjSzv.exe

C:\Windows\System\XpfjSzv.exe

C:\Windows\System\iZdAYsU.exe

C:\Windows\System\iZdAYsU.exe

C:\Windows\System\jKabTcc.exe

C:\Windows\System\jKabTcc.exe

C:\Windows\System\ScckUMr.exe

C:\Windows\System\ScckUMr.exe

C:\Windows\System\nONNdAT.exe

C:\Windows\System\nONNdAT.exe

C:\Windows\System\kSxlnxD.exe

C:\Windows\System\kSxlnxD.exe

C:\Windows\System\BBwTTKc.exe

C:\Windows\System\BBwTTKc.exe

C:\Windows\System\GefVOFR.exe

C:\Windows\System\GefVOFR.exe

C:\Windows\System\gHLOhFA.exe

C:\Windows\System\gHLOhFA.exe

C:\Windows\System\knnynNl.exe

C:\Windows\System\knnynNl.exe

C:\Windows\System\kOUTisG.exe

C:\Windows\System\kOUTisG.exe

C:\Windows\System\Igeoqew.exe

C:\Windows\System\Igeoqew.exe

C:\Windows\System\vNahPLK.exe

C:\Windows\System\vNahPLK.exe

C:\Windows\System\nsUPPbI.exe

C:\Windows\System\nsUPPbI.exe

C:\Windows\System\WWTktmx.exe

C:\Windows\System\WWTktmx.exe

C:\Windows\System\bVtxmBH.exe

C:\Windows\System\bVtxmBH.exe

C:\Windows\System\bfplQtP.exe

C:\Windows\System\bfplQtP.exe

C:\Windows\System\vLdvTPh.exe

C:\Windows\System\vLdvTPh.exe

C:\Windows\System\NsadFmQ.exe

C:\Windows\System\NsadFmQ.exe

C:\Windows\System\HNOTIww.exe

C:\Windows\System\HNOTIww.exe

C:\Windows\System\wisVzDK.exe

C:\Windows\System\wisVzDK.exe

C:\Windows\System\yqfCSsS.exe

C:\Windows\System\yqfCSsS.exe

C:\Windows\System\yWzjTZJ.exe

C:\Windows\System\yWzjTZJ.exe

C:\Windows\System\RXPANlV.exe

C:\Windows\System\RXPANlV.exe

C:\Windows\System\YLgcOYF.exe

C:\Windows\System\YLgcOYF.exe

C:\Windows\System\loxwnSx.exe

C:\Windows\System\loxwnSx.exe

C:\Windows\System\TqNsVcQ.exe

C:\Windows\System\TqNsVcQ.exe

C:\Windows\System\DPwuwvE.exe

C:\Windows\System\DPwuwvE.exe

C:\Windows\System\leWpMzw.exe

C:\Windows\System\leWpMzw.exe

C:\Windows\System\IMKnLSx.exe

C:\Windows\System\IMKnLSx.exe

C:\Windows\System\bNRnBou.exe

C:\Windows\System\bNRnBou.exe

C:\Windows\System\apBjjYs.exe

C:\Windows\System\apBjjYs.exe

C:\Windows\System\QzdbeSe.exe

C:\Windows\System\QzdbeSe.exe

C:\Windows\System\bAufPBU.exe

C:\Windows\System\bAufPBU.exe

C:\Windows\System\TcKHPwS.exe

C:\Windows\System\TcKHPwS.exe

C:\Windows\System\AfPLEun.exe

C:\Windows\System\AfPLEun.exe

C:\Windows\System\ssIWfqV.exe

C:\Windows\System\ssIWfqV.exe

C:\Windows\System\aRJMAeI.exe

C:\Windows\System\aRJMAeI.exe

C:\Windows\System\gFiUBfu.exe

C:\Windows\System\gFiUBfu.exe

C:\Windows\System\uXEKhlj.exe

C:\Windows\System\uXEKhlj.exe

C:\Windows\System\oXXGwVk.exe

C:\Windows\System\oXXGwVk.exe

C:\Windows\System\zgovWgT.exe

C:\Windows\System\zgovWgT.exe

C:\Windows\System\iVBZzEk.exe

C:\Windows\System\iVBZzEk.exe

C:\Windows\System\dCVcPoi.exe

C:\Windows\System\dCVcPoi.exe

C:\Windows\System\ZcSwTCT.exe

C:\Windows\System\ZcSwTCT.exe

C:\Windows\System\tsCWHxm.exe

C:\Windows\System\tsCWHxm.exe

C:\Windows\System\WvzpRAP.exe

C:\Windows\System\WvzpRAP.exe

C:\Windows\System\FiOAKRZ.exe

C:\Windows\System\FiOAKRZ.exe

C:\Windows\System\hFvNANx.exe

C:\Windows\System\hFvNANx.exe

C:\Windows\System\fgKjvou.exe

C:\Windows\System\fgKjvou.exe

C:\Windows\System\YhTVdnv.exe

C:\Windows\System\YhTVdnv.exe

C:\Windows\System\LfxDJvj.exe

C:\Windows\System\LfxDJvj.exe

C:\Windows\System\zdXghir.exe

C:\Windows\System\zdXghir.exe

C:\Windows\System\rxkewXk.exe

C:\Windows\System\rxkewXk.exe

C:\Windows\System\PyPdQPl.exe

C:\Windows\System\PyPdQPl.exe

C:\Windows\System\pfOOmeB.exe

C:\Windows\System\pfOOmeB.exe

C:\Windows\System\NsItgHA.exe

C:\Windows\System\NsItgHA.exe

C:\Windows\System\HNinWra.exe

C:\Windows\System\HNinWra.exe

C:\Windows\System\bldSmhC.exe

C:\Windows\System\bldSmhC.exe

C:\Windows\System\nAGIRqo.exe

C:\Windows\System\nAGIRqo.exe

C:\Windows\System\vsaeLmm.exe

C:\Windows\System\vsaeLmm.exe

C:\Windows\System\ypuOpBy.exe

C:\Windows\System\ypuOpBy.exe

C:\Windows\System\qbXkZeH.exe

C:\Windows\System\qbXkZeH.exe

C:\Windows\System\AdNxywK.exe

C:\Windows\System\AdNxywK.exe

C:\Windows\System\TgWjdOb.exe

C:\Windows\System\TgWjdOb.exe

C:\Windows\System\JAiHkxr.exe

C:\Windows\System\JAiHkxr.exe

C:\Windows\System\yaqbVab.exe

C:\Windows\System\yaqbVab.exe

C:\Windows\System\NQfxcCg.exe

C:\Windows\System\NQfxcCg.exe

C:\Windows\System\cbYnGyU.exe

C:\Windows\System\cbYnGyU.exe

C:\Windows\System\EgOJmnB.exe

C:\Windows\System\EgOJmnB.exe

C:\Windows\System\UtoUbjd.exe

C:\Windows\System\UtoUbjd.exe

C:\Windows\System\HReqApK.exe

C:\Windows\System\HReqApK.exe

C:\Windows\System\EBMMwRj.exe

C:\Windows\System\EBMMwRj.exe

C:\Windows\System\ucTYZNG.exe

C:\Windows\System\ucTYZNG.exe

C:\Windows\System\UlnZQXz.exe

C:\Windows\System\UlnZQXz.exe

C:\Windows\System\gUyQSIe.exe

C:\Windows\System\gUyQSIe.exe

C:\Windows\System\KRyFElw.exe

C:\Windows\System\KRyFElw.exe

C:\Windows\System\igvJONN.exe

C:\Windows\System\igvJONN.exe

C:\Windows\System\cQNbjpd.exe

C:\Windows\System\cQNbjpd.exe

C:\Windows\System\JHhbAqC.exe

C:\Windows\System\JHhbAqC.exe

C:\Windows\System\LjijsBx.exe

C:\Windows\System\LjijsBx.exe

C:\Windows\System\aRImzqL.exe

C:\Windows\System\aRImzqL.exe

C:\Windows\System\sVfzbAE.exe

C:\Windows\System\sVfzbAE.exe

C:\Windows\System\hNSoJcK.exe

C:\Windows\System\hNSoJcK.exe

C:\Windows\System\QmEuTGU.exe

C:\Windows\System\QmEuTGU.exe

C:\Windows\System\pHfLNTE.exe

C:\Windows\System\pHfLNTE.exe

C:\Windows\System\DSdxRsh.exe

C:\Windows\System\DSdxRsh.exe

C:\Windows\System\bcdAarZ.exe

C:\Windows\System\bcdAarZ.exe

C:\Windows\System\YuKSRos.exe

C:\Windows\System\YuKSRos.exe

C:\Windows\System\OAZsInI.exe

C:\Windows\System\OAZsInI.exe

C:\Windows\System\grxIMMv.exe

C:\Windows\System\grxIMMv.exe

C:\Windows\System\gPmvCFM.exe

C:\Windows\System\gPmvCFM.exe

C:\Windows\System\ibhTkke.exe

C:\Windows\System\ibhTkke.exe

C:\Windows\System\woUAUhN.exe

C:\Windows\System\woUAUhN.exe

C:\Windows\System\kAWMZMW.exe

C:\Windows\System\kAWMZMW.exe

C:\Windows\System\CLqZFXI.exe

C:\Windows\System\CLqZFXI.exe

C:\Windows\System\HzeuhEY.exe

C:\Windows\System\HzeuhEY.exe

C:\Windows\System\cokoykt.exe

C:\Windows\System\cokoykt.exe

C:\Windows\System\bgWDXDl.exe

C:\Windows\System\bgWDXDl.exe

C:\Windows\System\EljWYDG.exe

C:\Windows\System\EljWYDG.exe

C:\Windows\System\FAqjBEi.exe

C:\Windows\System\FAqjBEi.exe

C:\Windows\System\Wggkwjs.exe

C:\Windows\System\Wggkwjs.exe

C:\Windows\System\DcMQaAz.exe

C:\Windows\System\DcMQaAz.exe

C:\Windows\System\YVKMdCU.exe

C:\Windows\System\YVKMdCU.exe

C:\Windows\System\qBMQpmX.exe

C:\Windows\System\qBMQpmX.exe

C:\Windows\System\JkCAssU.exe

C:\Windows\System\JkCAssU.exe

C:\Windows\System\uepJVmA.exe

C:\Windows\System\uepJVmA.exe

C:\Windows\System\WYYsNDo.exe

C:\Windows\System\WYYsNDo.exe

C:\Windows\System\jwnqAxL.exe

C:\Windows\System\jwnqAxL.exe

C:\Windows\System\JFJZBfr.exe

C:\Windows\System\JFJZBfr.exe

C:\Windows\System\rRueaCJ.exe

C:\Windows\System\rRueaCJ.exe

C:\Windows\System\LGYxJUr.exe

C:\Windows\System\LGYxJUr.exe

C:\Windows\System\QDeutQe.exe

C:\Windows\System\QDeutQe.exe

C:\Windows\System\QUmQvJM.exe

C:\Windows\System\QUmQvJM.exe

C:\Windows\System\ouYjeOc.exe

C:\Windows\System\ouYjeOc.exe

C:\Windows\System\wYeSyZA.exe

C:\Windows\System\wYeSyZA.exe

C:\Windows\System\PAZdzxF.exe

C:\Windows\System\PAZdzxF.exe

C:\Windows\System\GMSSvSN.exe

C:\Windows\System\GMSSvSN.exe

C:\Windows\System\MBYuDee.exe

C:\Windows\System\MBYuDee.exe

C:\Windows\System\UxrPhJa.exe

C:\Windows\System\UxrPhJa.exe

C:\Windows\System\vHlkFzt.exe

C:\Windows\System\vHlkFzt.exe

C:\Windows\System\wwMvMEd.exe

C:\Windows\System\wwMvMEd.exe

C:\Windows\System\ncbkBsw.exe

C:\Windows\System\ncbkBsw.exe

C:\Windows\System\IbvhoIY.exe

C:\Windows\System\IbvhoIY.exe

C:\Windows\System\rqmCCZq.exe

C:\Windows\System\rqmCCZq.exe

C:\Windows\System\nZoscFf.exe

C:\Windows\System\nZoscFf.exe

C:\Windows\System\QouuxHd.exe

C:\Windows\System\QouuxHd.exe

C:\Windows\System\oNDrvqc.exe

C:\Windows\System\oNDrvqc.exe

C:\Windows\System\JGxMIUN.exe

C:\Windows\System\JGxMIUN.exe

C:\Windows\System\IgpxGim.exe

C:\Windows\System\IgpxGim.exe

C:\Windows\System\riWEIXI.exe

C:\Windows\System\riWEIXI.exe

C:\Windows\System\IHMmXZh.exe

C:\Windows\System\IHMmXZh.exe

C:\Windows\System\qKRwNkq.exe

C:\Windows\System\qKRwNkq.exe

C:\Windows\System\wdOTmqJ.exe

C:\Windows\System\wdOTmqJ.exe

C:\Windows\System\HeqkKrH.exe

C:\Windows\System\HeqkKrH.exe

C:\Windows\System\OfzcQMd.exe

C:\Windows\System\OfzcQMd.exe

C:\Windows\System\wLVOnny.exe

C:\Windows\System\wLVOnny.exe

C:\Windows\System\FLIEgRD.exe

C:\Windows\System\FLIEgRD.exe

C:\Windows\System\UYFjyMW.exe

C:\Windows\System\UYFjyMW.exe

C:\Windows\System\oNPwxfL.exe

C:\Windows\System\oNPwxfL.exe

C:\Windows\System\OaEdPuG.exe

C:\Windows\System\OaEdPuG.exe

C:\Windows\System\qtaxKVf.exe

C:\Windows\System\qtaxKVf.exe

C:\Windows\System\XXdRTlE.exe

C:\Windows\System\XXdRTlE.exe

C:\Windows\System\ucFrTEn.exe

C:\Windows\System\ucFrTEn.exe

C:\Windows\System\ZsLKNDR.exe

C:\Windows\System\ZsLKNDR.exe

C:\Windows\System\mpsoiRP.exe

C:\Windows\System\mpsoiRP.exe

C:\Windows\System\JNnRydy.exe

C:\Windows\System\JNnRydy.exe

C:\Windows\System\YIhdgWt.exe

C:\Windows\System\YIhdgWt.exe

C:\Windows\System\tzGZudC.exe

C:\Windows\System\tzGZudC.exe

C:\Windows\System\TRgZAtM.exe

C:\Windows\System\TRgZAtM.exe

C:\Windows\System\TJduBQC.exe

C:\Windows\System\TJduBQC.exe

C:\Windows\System\gWZJrOD.exe

C:\Windows\System\gWZJrOD.exe

C:\Windows\System\stoSsiW.exe

C:\Windows\System\stoSsiW.exe

C:\Windows\System\QRmUvsK.exe

C:\Windows\System\QRmUvsK.exe

C:\Windows\System\YghhMeh.exe

C:\Windows\System\YghhMeh.exe

C:\Windows\System\OdSIqHl.exe

C:\Windows\System\OdSIqHl.exe

C:\Windows\System\geOlKeY.exe

C:\Windows\System\geOlKeY.exe

C:\Windows\System\vECHaar.exe

C:\Windows\System\vECHaar.exe

C:\Windows\System\ttFnQQN.exe

C:\Windows\System\ttFnQQN.exe

C:\Windows\System\WlRFXgy.exe

C:\Windows\System\WlRFXgy.exe

C:\Windows\System\McGBxtl.exe

C:\Windows\System\McGBxtl.exe

C:\Windows\System\SKYEMri.exe

C:\Windows\System\SKYEMri.exe

C:\Windows\System\WHRpUJr.exe

C:\Windows\System\WHRpUJr.exe

C:\Windows\System\qdhFKAY.exe

C:\Windows\System\qdhFKAY.exe

C:\Windows\System\vfCUimP.exe

C:\Windows\System\vfCUimP.exe

C:\Windows\System\xkmoctf.exe

C:\Windows\System\xkmoctf.exe

C:\Windows\System\jARASQI.exe

C:\Windows\System\jARASQI.exe

C:\Windows\System\gQLPfqw.exe

C:\Windows\System\gQLPfqw.exe

C:\Windows\System\vfQCzNo.exe

C:\Windows\System\vfQCzNo.exe

C:\Windows\System\waSMpcd.exe

C:\Windows\System\waSMpcd.exe

C:\Windows\System\ZbdPMWh.exe

C:\Windows\System\ZbdPMWh.exe

C:\Windows\System\LtITdhZ.exe

C:\Windows\System\LtITdhZ.exe

C:\Windows\System\ZLdnrRr.exe

C:\Windows\System\ZLdnrRr.exe

C:\Windows\System\LyzxjoW.exe

C:\Windows\System\LyzxjoW.exe

C:\Windows\System\wWmRKXu.exe

C:\Windows\System\wWmRKXu.exe

C:\Windows\System\yKKTcqv.exe

C:\Windows\System\yKKTcqv.exe

C:\Windows\System\CyIweiJ.exe

C:\Windows\System\CyIweiJ.exe

C:\Windows\System\GNHENOr.exe

C:\Windows\System\GNHENOr.exe

C:\Windows\System\njsCzfn.exe

C:\Windows\System\njsCzfn.exe

C:\Windows\System\ZolAgtc.exe

C:\Windows\System\ZolAgtc.exe

C:\Windows\System\tJugcYj.exe

C:\Windows\System\tJugcYj.exe

C:\Windows\System\jUwTrez.exe

C:\Windows\System\jUwTrez.exe

C:\Windows\System\ZSHLdBq.exe

C:\Windows\System\ZSHLdBq.exe

C:\Windows\System\ySjFtGd.exe

C:\Windows\System\ySjFtGd.exe

C:\Windows\System\jSDAjSz.exe

C:\Windows\System\jSDAjSz.exe

C:\Windows\System\nsMuZpS.exe

C:\Windows\System\nsMuZpS.exe

C:\Windows\System\qHZEJJx.exe

C:\Windows\System\qHZEJJx.exe

C:\Windows\System\GMhwaOQ.exe

C:\Windows\System\GMhwaOQ.exe

C:\Windows\System\nyotQZF.exe

C:\Windows\System\nyotQZF.exe

C:\Windows\System\vVqHpoh.exe

C:\Windows\System\vVqHpoh.exe

C:\Windows\System\gKtovRK.exe

C:\Windows\System\gKtovRK.exe

C:\Windows\System\nhNdaWs.exe

C:\Windows\System\nhNdaWs.exe

C:\Windows\System\RtjOcQw.exe

C:\Windows\System\RtjOcQw.exe

C:\Windows\System\VbyfPPh.exe

C:\Windows\System\VbyfPPh.exe

C:\Windows\System\nxRfPiu.exe

C:\Windows\System\nxRfPiu.exe

C:\Windows\System\jsiioct.exe

C:\Windows\System\jsiioct.exe

C:\Windows\System\NLwIsFj.exe

C:\Windows\System\NLwIsFj.exe

C:\Windows\System\JrfWrbK.exe

C:\Windows\System\JrfWrbK.exe

C:\Windows\System\zaNnvTo.exe

C:\Windows\System\zaNnvTo.exe

C:\Windows\System\HutQncZ.exe

C:\Windows\System\HutQncZ.exe

C:\Windows\System\KRxFvgk.exe

C:\Windows\System\KRxFvgk.exe

C:\Windows\System\kAeMvaU.exe

C:\Windows\System\kAeMvaU.exe

C:\Windows\System\SfKnFMy.exe

C:\Windows\System\SfKnFMy.exe

C:\Windows\System\iASWOqs.exe

C:\Windows\System\iASWOqs.exe

C:\Windows\System\CqXoWAI.exe

C:\Windows\System\CqXoWAI.exe

C:\Windows\System\SyIVnvO.exe

C:\Windows\System\SyIVnvO.exe

C:\Windows\System\SdiCOBD.exe

C:\Windows\System\SdiCOBD.exe

C:\Windows\System\tqhXrxa.exe

C:\Windows\System\tqhXrxa.exe

C:\Windows\System\TJbjrcC.exe

C:\Windows\System\TJbjrcC.exe

C:\Windows\System\iYWmQww.exe

C:\Windows\System\iYWmQww.exe

C:\Windows\System\JuHhhjm.exe

C:\Windows\System\JuHhhjm.exe

C:\Windows\System\QUcBOjr.exe

C:\Windows\System\QUcBOjr.exe

C:\Windows\System\rrxcszk.exe

C:\Windows\System\rrxcszk.exe

C:\Windows\System\knQEERW.exe

C:\Windows\System\knQEERW.exe

C:\Windows\System\JdrtMHC.exe

C:\Windows\System\JdrtMHC.exe

C:\Windows\System\DziQdwP.exe

C:\Windows\System\DziQdwP.exe

C:\Windows\System\dYRCFNd.exe

C:\Windows\System\dYRCFNd.exe

C:\Windows\System\rsGmZaH.exe

C:\Windows\System\rsGmZaH.exe

C:\Windows\System\zNcvoOk.exe

C:\Windows\System\zNcvoOk.exe

C:\Windows\System\thMnpFQ.exe

C:\Windows\System\thMnpFQ.exe

C:\Windows\System\vPNtTby.exe

C:\Windows\System\vPNtTby.exe

C:\Windows\System\gEzadqi.exe

C:\Windows\System\gEzadqi.exe

C:\Windows\System\SJeuGjI.exe

C:\Windows\System\SJeuGjI.exe

C:\Windows\System\PvxilkR.exe

C:\Windows\System\PvxilkR.exe

C:\Windows\System\gBWOyou.exe

C:\Windows\System\gBWOyou.exe

C:\Windows\System\EeazYyO.exe

C:\Windows\System\EeazYyO.exe

C:\Windows\System\IXgMhZS.exe

C:\Windows\System\IXgMhZS.exe

C:\Windows\System\vfUynOe.exe

C:\Windows\System\vfUynOe.exe

C:\Windows\System\KTcPKzU.exe

C:\Windows\System\KTcPKzU.exe

C:\Windows\System\WEMOtNT.exe

C:\Windows\System\WEMOtNT.exe

C:\Windows\System\gLjaRVt.exe

C:\Windows\System\gLjaRVt.exe

C:\Windows\System\vzYzhPV.exe

C:\Windows\System\vzYzhPV.exe

C:\Windows\System\CBcrVby.exe

C:\Windows\System\CBcrVby.exe

C:\Windows\System\MicoRRh.exe

C:\Windows\System\MicoRRh.exe

C:\Windows\System\awgRrZZ.exe

C:\Windows\System\awgRrZZ.exe

C:\Windows\System\BbCJUYp.exe

C:\Windows\System\BbCJUYp.exe

C:\Windows\System\nsNLcMi.exe

C:\Windows\System\nsNLcMi.exe

C:\Windows\System\cjRZaXj.exe

C:\Windows\System\cjRZaXj.exe

C:\Windows\System\eBkQkBr.exe

C:\Windows\System\eBkQkBr.exe

C:\Windows\System\pSjuMCc.exe

C:\Windows\System\pSjuMCc.exe

C:\Windows\System\bRqPUdx.exe

C:\Windows\System\bRqPUdx.exe

C:\Windows\System\ldiaSjR.exe

C:\Windows\System\ldiaSjR.exe

C:\Windows\System\IfkeUrb.exe

C:\Windows\System\IfkeUrb.exe

C:\Windows\System\bdyqSIA.exe

C:\Windows\System\bdyqSIA.exe

C:\Windows\System\HfkSDPx.exe

C:\Windows\System\HfkSDPx.exe

C:\Windows\System\bsasvKU.exe

C:\Windows\System\bsasvKU.exe

C:\Windows\System\ntbipFO.exe

C:\Windows\System\ntbipFO.exe

C:\Windows\System\ekIUNNl.exe

C:\Windows\System\ekIUNNl.exe

C:\Windows\System\itwhmTr.exe

C:\Windows\System\itwhmTr.exe

C:\Windows\System\CzCAMOI.exe

C:\Windows\System\CzCAMOI.exe

C:\Windows\System\IKWdKAe.exe

C:\Windows\System\IKWdKAe.exe

C:\Windows\System\RblfTIQ.exe

C:\Windows\System\RblfTIQ.exe

C:\Windows\System\QxkPABx.exe

C:\Windows\System\QxkPABx.exe

C:\Windows\System\lRHoSMh.exe

C:\Windows\System\lRHoSMh.exe

C:\Windows\System\wWXIYTr.exe

C:\Windows\System\wWXIYTr.exe

C:\Windows\System\ghaBpda.exe

C:\Windows\System\ghaBpda.exe

C:\Windows\System\kUMFFSp.exe

C:\Windows\System\kUMFFSp.exe

C:\Windows\System\ZgUUnon.exe

C:\Windows\System\ZgUUnon.exe

C:\Windows\System\uNECTfi.exe

C:\Windows\System\uNECTfi.exe

C:\Windows\System\XTqFUgB.exe

C:\Windows\System\XTqFUgB.exe

C:\Windows\System\IKBPYjD.exe

C:\Windows\System\IKBPYjD.exe

C:\Windows\System\ylGeIPd.exe

C:\Windows\System\ylGeIPd.exe

C:\Windows\System\MkCVLYd.exe

C:\Windows\System\MkCVLYd.exe

C:\Windows\System\wVGYkrj.exe

C:\Windows\System\wVGYkrj.exe

C:\Windows\System\bvhqIWL.exe

C:\Windows\System\bvhqIWL.exe

C:\Windows\System\sDKrwqY.exe

C:\Windows\System\sDKrwqY.exe

C:\Windows\System\SCfIldx.exe

C:\Windows\System\SCfIldx.exe

C:\Windows\System\sKnQORp.exe

C:\Windows\System\sKnQORp.exe

C:\Windows\System\PIUiLGN.exe

C:\Windows\System\PIUiLGN.exe

C:\Windows\System\UrKikbb.exe

C:\Windows\System\UrKikbb.exe

C:\Windows\System\LFoDsBm.exe

C:\Windows\System\LFoDsBm.exe

C:\Windows\System\TNQVTde.exe

C:\Windows\System\TNQVTde.exe

C:\Windows\System\CKGclSG.exe

C:\Windows\System\CKGclSG.exe

C:\Windows\System\LoCOYno.exe

C:\Windows\System\LoCOYno.exe

C:\Windows\System\LvLKJjP.exe

C:\Windows\System\LvLKJjP.exe

C:\Windows\System\wreEbIA.exe

C:\Windows\System\wreEbIA.exe

C:\Windows\System\lBGGhmm.exe

C:\Windows\System\lBGGhmm.exe

C:\Windows\System\XxkAoHN.exe

C:\Windows\System\XxkAoHN.exe

C:\Windows\System\fbWkmHd.exe

C:\Windows\System\fbWkmHd.exe

C:\Windows\System\BRxcUEw.exe

C:\Windows\System\BRxcUEw.exe

C:\Windows\System\ijGUWXF.exe

C:\Windows\System\ijGUWXF.exe

C:\Windows\System\eSqAKPs.exe

C:\Windows\System\eSqAKPs.exe

C:\Windows\System\gavipzg.exe

C:\Windows\System\gavipzg.exe

C:\Windows\System\YDPKPvo.exe

C:\Windows\System\YDPKPvo.exe

C:\Windows\System\ODZlXdX.exe

C:\Windows\System\ODZlXdX.exe

C:\Windows\System\PMoHEUK.exe

C:\Windows\System\PMoHEUK.exe

C:\Windows\System\RyoJyrn.exe

C:\Windows\System\RyoJyrn.exe

C:\Windows\System\MtUcFZN.exe

C:\Windows\System\MtUcFZN.exe

C:\Windows\System\OWSorRe.exe

C:\Windows\System\OWSorRe.exe

C:\Windows\System\wYFRbNa.exe

C:\Windows\System\wYFRbNa.exe

C:\Windows\System\gLfwrTG.exe

C:\Windows\System\gLfwrTG.exe

C:\Windows\System\iblXyDc.exe

C:\Windows\System\iblXyDc.exe

C:\Windows\System\xhzSsGs.exe

C:\Windows\System\xhzSsGs.exe

C:\Windows\System\ysOAbMg.exe

C:\Windows\System\ysOAbMg.exe

C:\Windows\System\REuwaBa.exe

C:\Windows\System\REuwaBa.exe

C:\Windows\System\dtRArnD.exe

C:\Windows\System\dtRArnD.exe

C:\Windows\System\EvcYAKq.exe

C:\Windows\System\EvcYAKq.exe

C:\Windows\System\FkzmPVZ.exe

C:\Windows\System\FkzmPVZ.exe

C:\Windows\System\mpfpzdq.exe

C:\Windows\System\mpfpzdq.exe

C:\Windows\System\PAhzxXK.exe

C:\Windows\System\PAhzxXK.exe

C:\Windows\System\OzPfhQJ.exe

C:\Windows\System\OzPfhQJ.exe

C:\Windows\System\vQzPFZR.exe

C:\Windows\System\vQzPFZR.exe

C:\Windows\System\UmfWxXY.exe

C:\Windows\System\UmfWxXY.exe

C:\Windows\System\eCwDQYb.exe

C:\Windows\System\eCwDQYb.exe

C:\Windows\System\GcozKiD.exe

C:\Windows\System\GcozKiD.exe

C:\Windows\System\cKKIdEz.exe

C:\Windows\System\cKKIdEz.exe

C:\Windows\System\wAoIPYt.exe

C:\Windows\System\wAoIPYt.exe

C:\Windows\System\yhIiCnM.exe

C:\Windows\System\yhIiCnM.exe

C:\Windows\System\ZYToNiW.exe

C:\Windows\System\ZYToNiW.exe

C:\Windows\System\loIXMji.exe

C:\Windows\System\loIXMji.exe

C:\Windows\System\BXdNoZZ.exe

C:\Windows\System\BXdNoZZ.exe

C:\Windows\System\qOPYiaf.exe

C:\Windows\System\qOPYiaf.exe

C:\Windows\System\YNlYZCQ.exe

C:\Windows\System\YNlYZCQ.exe

C:\Windows\System\NHWdSYt.exe

C:\Windows\System\NHWdSYt.exe

C:\Windows\System\FlzOXBm.exe

C:\Windows\System\FlzOXBm.exe

C:\Windows\System\FQjSWKz.exe

C:\Windows\System\FQjSWKz.exe

C:\Windows\System\lNxIfNg.exe

C:\Windows\System\lNxIfNg.exe

C:\Windows\System\KlXdHHq.exe

C:\Windows\System\KlXdHHq.exe

C:\Windows\System\xBFgzpg.exe

C:\Windows\System\xBFgzpg.exe

C:\Windows\System\EhHNkWO.exe

C:\Windows\System\EhHNkWO.exe

C:\Windows\System\OzCNfGb.exe

C:\Windows\System\OzCNfGb.exe

C:\Windows\System\HgkHhhs.exe

C:\Windows\System\HgkHhhs.exe

C:\Windows\System\YlHrjer.exe

C:\Windows\System\YlHrjer.exe

C:\Windows\System\QJIgjPw.exe

C:\Windows\System\QJIgjPw.exe

C:\Windows\System\DkDZUOn.exe

C:\Windows\System\DkDZUOn.exe

C:\Windows\System\tbGzWBl.exe

C:\Windows\System\tbGzWBl.exe

C:\Windows\System\qAsbmRp.exe

C:\Windows\System\qAsbmRp.exe

C:\Windows\System\CcWZUzm.exe

C:\Windows\System\CcWZUzm.exe

C:\Windows\System\ySNcNDA.exe

C:\Windows\System\ySNcNDA.exe

C:\Windows\System\tYwVQzo.exe

C:\Windows\System\tYwVQzo.exe

C:\Windows\System\ldASJpZ.exe

C:\Windows\System\ldASJpZ.exe

C:\Windows\System\CSpRJkJ.exe

C:\Windows\System\CSpRJkJ.exe

C:\Windows\System\pYCfqcy.exe

C:\Windows\System\pYCfqcy.exe

C:\Windows\System\ZtUlqBS.exe

C:\Windows\System\ZtUlqBS.exe

C:\Windows\System\jzxWIxN.exe

C:\Windows\System\jzxWIxN.exe

C:\Windows\System\XfTMAKE.exe

C:\Windows\System\XfTMAKE.exe

C:\Windows\System\xXqzDjy.exe

C:\Windows\System\xXqzDjy.exe

C:\Windows\System\FXvqaCn.exe

C:\Windows\System\FXvqaCn.exe

C:\Windows\System\loDMWuu.exe

C:\Windows\System\loDMWuu.exe

C:\Windows\System\tsBGihC.exe

C:\Windows\System\tsBGihC.exe

C:\Windows\System\AlIXMab.exe

C:\Windows\System\AlIXMab.exe

C:\Windows\System\dzLuZQq.exe

C:\Windows\System\dzLuZQq.exe

C:\Windows\System\hYbOKWo.exe

C:\Windows\System\hYbOKWo.exe

C:\Windows\System\pzpFHjz.exe

C:\Windows\System\pzpFHjz.exe

C:\Windows\System\hWrjDjT.exe

C:\Windows\System\hWrjDjT.exe

C:\Windows\System\SmAUxpt.exe

C:\Windows\System\SmAUxpt.exe

C:\Windows\System\vHeqXkf.exe

C:\Windows\System\vHeqXkf.exe

C:\Windows\System\wPTTcdn.exe

C:\Windows\System\wPTTcdn.exe

C:\Windows\System\lAPwdTH.exe

C:\Windows\System\lAPwdTH.exe

C:\Windows\System\OIBNkvV.exe

C:\Windows\System\OIBNkvV.exe

C:\Windows\System\UOAOlHu.exe

C:\Windows\System\UOAOlHu.exe

C:\Windows\System\DHTTEZk.exe

C:\Windows\System\DHTTEZk.exe

C:\Windows\System\ELxmdcn.exe

C:\Windows\System\ELxmdcn.exe

C:\Windows\System\HAZGkMi.exe

C:\Windows\System\HAZGkMi.exe

C:\Windows\System\rXeaWLh.exe

C:\Windows\System\rXeaWLh.exe

C:\Windows\System\RVMjYkp.exe

C:\Windows\System\RVMjYkp.exe

C:\Windows\System\xaEEZUo.exe

C:\Windows\System\xaEEZUo.exe

C:\Windows\System\cMXQplH.exe

C:\Windows\System\cMXQplH.exe

C:\Windows\System\fbktOuW.exe

C:\Windows\System\fbktOuW.exe

C:\Windows\System\pQGubVE.exe

C:\Windows\System\pQGubVE.exe

C:\Windows\System\tmIKEII.exe

C:\Windows\System\tmIKEII.exe

C:\Windows\System\GEPPMyh.exe

C:\Windows\System\GEPPMyh.exe

C:\Windows\System\YqGBksF.exe

C:\Windows\System\YqGBksF.exe

C:\Windows\System\qDSvOPS.exe

C:\Windows\System\qDSvOPS.exe

C:\Windows\System\ekaVXcc.exe

C:\Windows\System\ekaVXcc.exe

C:\Windows\System\pNlvpUA.exe

C:\Windows\System\pNlvpUA.exe

C:\Windows\System\AdVnsZE.exe

C:\Windows\System\AdVnsZE.exe

C:\Windows\System\WKJwlRc.exe

C:\Windows\System\WKJwlRc.exe

C:\Windows\System\EfRANCf.exe

C:\Windows\System\EfRANCf.exe

C:\Windows\System\MCEenyV.exe

C:\Windows\System\MCEenyV.exe

C:\Windows\System\mRraCgV.exe

C:\Windows\System\mRraCgV.exe

C:\Windows\System\hrwOFPD.exe

C:\Windows\System\hrwOFPD.exe

C:\Windows\System\gfdhldL.exe

C:\Windows\System\gfdhldL.exe

C:\Windows\System\uQNTpet.exe

C:\Windows\System\uQNTpet.exe

C:\Windows\System\oaEqOIk.exe

C:\Windows\System\oaEqOIk.exe

C:\Windows\System\TkHpnSP.exe

C:\Windows\System\TkHpnSP.exe

C:\Windows\System\sQtTAPf.exe

C:\Windows\System\sQtTAPf.exe

C:\Windows\System\hyDVjah.exe

C:\Windows\System\hyDVjah.exe

C:\Windows\System\AEMJJIT.exe

C:\Windows\System\AEMJJIT.exe

C:\Windows\System\pEvHUQu.exe

C:\Windows\System\pEvHUQu.exe

C:\Windows\System\fAYYFNG.exe

C:\Windows\System\fAYYFNG.exe

C:\Windows\System\GJUrqEZ.exe

C:\Windows\System\GJUrqEZ.exe

C:\Windows\System\KVqbCzw.exe

C:\Windows\System\KVqbCzw.exe

C:\Windows\System\SKUfJcv.exe

C:\Windows\System\SKUfJcv.exe

C:\Windows\System\DObrNAv.exe

C:\Windows\System\DObrNAv.exe

C:\Windows\System\JFBmVqy.exe

C:\Windows\System\JFBmVqy.exe

C:\Windows\System\MBxpMfq.exe

C:\Windows\System\MBxpMfq.exe

C:\Windows\System\REoJRDX.exe

C:\Windows\System\REoJRDX.exe

C:\Windows\System\QDiTKgb.exe

C:\Windows\System\QDiTKgb.exe

C:\Windows\System\vNNudpf.exe

C:\Windows\System\vNNudpf.exe

C:\Windows\System\YiUvDGJ.exe

C:\Windows\System\YiUvDGJ.exe

C:\Windows\System\MrnUKeL.exe

C:\Windows\System\MrnUKeL.exe

C:\Windows\System\IoEXrpO.exe

C:\Windows\System\IoEXrpO.exe

C:\Windows\System\TvEeOfY.exe

C:\Windows\System\TvEeOfY.exe

C:\Windows\System\XoNROCi.exe

C:\Windows\System\XoNROCi.exe

C:\Windows\System\loplnbA.exe

C:\Windows\System\loplnbA.exe

C:\Windows\System\jefXkiC.exe

C:\Windows\System\jefXkiC.exe

C:\Windows\System\syhBgJn.exe

C:\Windows\System\syhBgJn.exe

C:\Windows\System\xbHpXpf.exe

C:\Windows\System\xbHpXpf.exe

C:\Windows\System\CNOUVZP.exe

C:\Windows\System\CNOUVZP.exe

C:\Windows\System\eENDnhB.exe

C:\Windows\System\eENDnhB.exe

C:\Windows\System\HgOcgav.exe

C:\Windows\System\HgOcgav.exe

C:\Windows\System\MZmDnXS.exe

C:\Windows\System\MZmDnXS.exe

C:\Windows\System\enuboDj.exe

C:\Windows\System\enuboDj.exe

C:\Windows\System\bXoMmtX.exe

C:\Windows\System\bXoMmtX.exe

C:\Windows\System\RpSkzKw.exe

C:\Windows\System\RpSkzKw.exe

C:\Windows\System\FbFcBqD.exe

C:\Windows\System\FbFcBqD.exe

C:\Windows\System\UpYmSXL.exe

C:\Windows\System\UpYmSXL.exe

C:\Windows\System\TiTXxCD.exe

C:\Windows\System\TiTXxCD.exe

C:\Windows\System\bIUsjOy.exe

C:\Windows\System\bIUsjOy.exe

C:\Windows\System\OpsgVuD.exe

C:\Windows\System\OpsgVuD.exe

C:\Windows\System\ACFkzvh.exe

C:\Windows\System\ACFkzvh.exe

C:\Windows\System\CAfyiBA.exe

C:\Windows\System\CAfyiBA.exe

C:\Windows\System\jZJscFY.exe

C:\Windows\System\jZJscFY.exe

C:\Windows\System\nkZWuDQ.exe

C:\Windows\System\nkZWuDQ.exe

C:\Windows\System\tNZQtXI.exe

C:\Windows\System\tNZQtXI.exe

C:\Windows\System\rAorzdy.exe

C:\Windows\System\rAorzdy.exe

C:\Windows\System\IGYLYod.exe

C:\Windows\System\IGYLYod.exe

C:\Windows\System\IrYQGpw.exe

C:\Windows\System\IrYQGpw.exe

C:\Windows\System\JmkiRCy.exe

C:\Windows\System\JmkiRCy.exe

C:\Windows\System\uIuBsiY.exe

C:\Windows\System\uIuBsiY.exe

C:\Windows\System\BYUtcoA.exe

C:\Windows\System\BYUtcoA.exe

C:\Windows\System\pQqVZfq.exe

C:\Windows\System\pQqVZfq.exe

C:\Windows\System\UUCxjoa.exe

C:\Windows\System\UUCxjoa.exe

C:\Windows\System\osjJUAf.exe

C:\Windows\System\osjJUAf.exe

C:\Windows\System\DCaIoTU.exe

C:\Windows\System\DCaIoTU.exe

C:\Windows\System\xccLRdd.exe

C:\Windows\System\xccLRdd.exe

C:\Windows\System\lAVzESd.exe

C:\Windows\System\lAVzESd.exe

C:\Windows\System\zfDbRQe.exe

C:\Windows\System\zfDbRQe.exe

C:\Windows\System\uzmHqBO.exe

C:\Windows\System\uzmHqBO.exe

C:\Windows\System\XqbLzbM.exe

C:\Windows\System\XqbLzbM.exe

C:\Windows\System\MTFrvfm.exe

C:\Windows\System\MTFrvfm.exe

C:\Windows\System\wqVOQwU.exe

C:\Windows\System\wqVOQwU.exe

C:\Windows\System\lIkqEbe.exe

C:\Windows\System\lIkqEbe.exe

C:\Windows\System\jnmalSK.exe

C:\Windows\System\jnmalSK.exe

C:\Windows\System\xTOReCt.exe

C:\Windows\System\xTOReCt.exe

C:\Windows\System\gVccAtk.exe

C:\Windows\System\gVccAtk.exe

C:\Windows\System\KgGxzXD.exe

C:\Windows\System\KgGxzXD.exe

C:\Windows\System\wwaDukn.exe

C:\Windows\System\wwaDukn.exe

C:\Windows\System\kCWgNPE.exe

C:\Windows\System\kCWgNPE.exe

C:\Windows\System\fLZkVLY.exe

C:\Windows\System\fLZkVLY.exe

C:\Windows\System\mHhNiHC.exe

C:\Windows\System\mHhNiHC.exe

C:\Windows\System\ZAUdThW.exe

C:\Windows\System\ZAUdThW.exe

C:\Windows\System\NBYXkaM.exe

C:\Windows\System\NBYXkaM.exe

C:\Windows\System\twUAZxo.exe

C:\Windows\System\twUAZxo.exe

C:\Windows\System\UCsHIjG.exe

C:\Windows\System\UCsHIjG.exe

C:\Windows\System\IkkEmRc.exe

C:\Windows\System\IkkEmRc.exe

C:\Windows\System\rGMmipC.exe

C:\Windows\System\rGMmipC.exe

C:\Windows\System\WJnFkEh.exe

C:\Windows\System\WJnFkEh.exe

C:\Windows\System\goostsH.exe

C:\Windows\System\goostsH.exe

C:\Windows\System\blvsWqn.exe

C:\Windows\System\blvsWqn.exe

C:\Windows\System\nCpWMGq.exe

C:\Windows\System\nCpWMGq.exe

C:\Windows\System\xpAjrSy.exe

C:\Windows\System\xpAjrSy.exe

C:\Windows\System\XwcpsaX.exe

C:\Windows\System\XwcpsaX.exe

C:\Windows\System\fCOPznw.exe

C:\Windows\System\fCOPznw.exe

C:\Windows\System\gmfUEfe.exe

C:\Windows\System\gmfUEfe.exe

C:\Windows\System\dTDXSOD.exe

C:\Windows\System\dTDXSOD.exe

C:\Windows\System\VZZOLUn.exe

C:\Windows\System\VZZOLUn.exe

C:\Windows\System\PIFmAeV.exe

C:\Windows\System\PIFmAeV.exe

C:\Windows\System\FYmIDzI.exe

C:\Windows\System\FYmIDzI.exe

C:\Windows\System\mmACtkn.exe

C:\Windows\System\mmACtkn.exe

C:\Windows\System\iEiVTQB.exe

C:\Windows\System\iEiVTQB.exe

C:\Windows\System\ziOKMRB.exe

C:\Windows\System\ziOKMRB.exe

C:\Windows\System\EgcJXbk.exe

C:\Windows\System\EgcJXbk.exe

C:\Windows\System\Ctfrmmd.exe

C:\Windows\System\Ctfrmmd.exe

C:\Windows\System\arHuEBS.exe

C:\Windows\System\arHuEBS.exe

C:\Windows\System\rSxvpRs.exe

C:\Windows\System\rSxvpRs.exe

C:\Windows\System\YsQPBpL.exe

C:\Windows\System\YsQPBpL.exe

C:\Windows\System\PHCPGYY.exe

C:\Windows\System\PHCPGYY.exe

C:\Windows\System\QfhoVCQ.exe

C:\Windows\System\QfhoVCQ.exe

C:\Windows\System\tXxoaqi.exe

C:\Windows\System\tXxoaqi.exe

C:\Windows\System\qvThfGK.exe

C:\Windows\System\qvThfGK.exe

C:\Windows\System\TlXxIWR.exe

C:\Windows\System\TlXxIWR.exe

C:\Windows\System\gkCzMQe.exe

C:\Windows\System\gkCzMQe.exe

C:\Windows\System\zCKSfSY.exe

C:\Windows\System\zCKSfSY.exe

C:\Windows\System\xiZkUVk.exe

C:\Windows\System\xiZkUVk.exe

C:\Windows\System\eWkXdrE.exe

C:\Windows\System\eWkXdrE.exe

C:\Windows\System\XRZkKZy.exe

C:\Windows\System\XRZkKZy.exe

C:\Windows\System\jLYCykp.exe

C:\Windows\System\jLYCykp.exe

C:\Windows\System\JUXtiXV.exe

C:\Windows\System\JUXtiXV.exe

C:\Windows\System\GCmIGJC.exe

C:\Windows\System\GCmIGJC.exe

C:\Windows\System\tHIHDDA.exe

C:\Windows\System\tHIHDDA.exe

C:\Windows\System\UvZrqKy.exe

C:\Windows\System\UvZrqKy.exe

C:\Windows\System\JQWAAQa.exe

C:\Windows\System\JQWAAQa.exe

C:\Windows\System\bpGZaAj.exe

C:\Windows\System\bpGZaAj.exe

Network

N/A

Files

memory/2124-0-0x000000013FB00000-0x000000013FE51000-memory.dmp

memory/2124-1-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\CNuhKWO.exe

MD5 16d6bd065acf5458f10d8a501409ac2b
SHA1 51f0fedca5c09a689920cdd5abec2bf2b3e99496
SHA256 21bd563b1abb630485e629ffed257600c91f1367ff550c0d97a329b36a356036
SHA512 d675c97dbb7044cc8e9568d5a9df363888bfb3af4cd980c4b3cdb4d8c4e0ba5b693563349cf9a3d4de140a3468fdb9f9fc79bbf341c0f10bf96fbacf711717e9

C:\Windows\system\hWdjKZA.exe

MD5 73af88c51dd99cc65b4115215e68865c
SHA1 1883c3d68ec3af06a7366b011b919a022016f73b
SHA256 0670e8e2ec621974482985808ed2e94c7afde939d6ce5e010c7ae6db123668d7
SHA512 ae980d85f3777773502bf46877516d419f3e923e43811d77a3e758ddf5749a16ade7747faaaa8dbbcadd4ec176c244d036de6f9d77bbb521483434d5163a79dc

memory/1544-10-0x000000013FE70000-0x00000001401C1000-memory.dmp

C:\Windows\system\egeouCV.exe

MD5 c377fa7173b6b8f22c006704b10e48e0
SHA1 2bdf0426b4db94f097ad766d141c6ac4a4c1e189
SHA256 84f86875a28f9f5a7cc719003214f5b44ff4d29e5a40d6a453d6e5fea5781038
SHA512 736b1bc68809ddeac2bc8011003486091ab0905b89575b39ec7ea32dae4a3f59ca1456d297cb3f45499a00d499bfe23525a7b3016be1cff2143ddd5fb97cec29

memory/2124-22-0x000000013F150000-0x000000013F4A1000-memory.dmp

memory/2884-21-0x000000013F180000-0x000000013F4D1000-memory.dmp

memory/2124-20-0x000000013F180000-0x000000013F4D1000-memory.dmp

memory/2256-19-0x000000013F150000-0x000000013F4A1000-memory.dmp

C:\Windows\system\EhOLmBy.exe

MD5 990adf7bf0213e62128b0354c2d83682
SHA1 523140d22ddf938bfc8162546ad30627bf567ab2
SHA256 a2ac3c777186b584faac6b1a5bfe89697b82fb83429f8989256bb9f2cc801b5c
SHA512 df45855f80481e1f248d5de64fb8148fd4f399c651a8ed6f8a4718d774c8a53c0974ce4a9d3cf0d9e1cb61382cd597221af74b9ed21d4b57876f294af644d3f3

memory/2640-28-0x000000013F650000-0x000000013F9A1000-memory.dmp

\Windows\system\FjjXQNz.exe

MD5 d332d763ebbc643a5706e968e67975f0
SHA1 ad36adb7f398cc30fe1df29d0bc1a4a601d0d98f
SHA256 c4ccec1ad848ee02138725f5526807d295fbac7c41aa4a5ad5e1551d4a10364c
SHA512 e83985f4aadb65c2d00d54469347f99ba50d2a94278e865037d14fe837c0d40fa323dbafdb6d23ab50bfb72140ea22579b12812ef5db9eeb814fa9ae0706e436

memory/2796-35-0x000000013F100000-0x000000013F451000-memory.dmp

memory/2124-33-0x000000013F100000-0x000000013F451000-memory.dmp

C:\Windows\system\uJEBrhB.exe

MD5 35427f8572786c7664e322b0e1186139
SHA1 97663bf207d398ecb20aa242852f67255779ced7
SHA256 f0bdc41c811a4d166718b183e1d0bfdcef9231a49f0b5fb8ac07d1a02777c83e
SHA512 1b90518416696c1e54cc2a9c6658cf4df5176fd00703bc2e42e9a6e680a31ce055ef92b22c86733b1fa22fd03200ab74fbdb1fd056c97bb0d6f988833b8d6ac3

memory/2784-42-0x000000013FDF0000-0x0000000140141000-memory.dmp

memory/2124-41-0x0000000001EC0000-0x0000000002211000-memory.dmp

\Windows\system\KWwiScw.exe

MD5 cadbf382d0383249d97b5fd9d650ecf7
SHA1 2178238268c15d90d3fe6d08eb22c0d5232e07fe
SHA256 438b501a4ae48ce5a8460f0996c8da27fb30f24865ab271aaaa6ce0fae0d6df9
SHA512 312623584fffe669b6fa1417f273de9877183f97d5ed80062d3d96a9cee84356639e8b64ced12cfcc27217e89aedf6afd2d5ea96a9414c7032d3719f48fe763d

memory/2648-49-0x000000013F880000-0x000000013FBD1000-memory.dmp

memory/2124-47-0x0000000001EC0000-0x0000000002211000-memory.dmp

\Windows\system\vWuhVnd.exe

MD5 91a6035652ee35509aa2635421b4154c
SHA1 22bda90632af70f48ea6d380b4999d4a2e4fe804
SHA256 05029bd0961518ff05228402a4bc8badfc8079b15220223c3931d06e8df6236a
SHA512 d598a8135268a1d9f5f06ba25e234df72734348558abb4dd2caad484cf75509bd7cc429a6d481f9fb96dbb22c439488a41dddaad409428f0fc8625b7fe5b2096

memory/2124-54-0x0000000001EC0000-0x0000000002211000-memory.dmp

C:\Windows\system\JLItHkK.exe

MD5 a3f398ad5923916c49ec817d4a368704
SHA1 89eae76832f4b7ace49ab3805402090fbbc89092
SHA256 d1a4b6bf578d0858bddef4a10c072c1b808daa9156668d407d577fe40aa29496
SHA512 79b0636b91528beb1a2808e3d16d80d651ed397129f0b712e20ec0899fd19cc2b0f329810123a8e6353c5334fae2a1c18709d00a417fcb074cb957e5fb4eeb26

\Windows\system\QqVuPay.exe

MD5 3062bd9ee0b8622d59af94406ef29721
SHA1 7b701c5f4f47ed5d08f3b4c38d78d4d524d81474
SHA256 61968e94c25ec8d93840b20adb2c672fd79b1e8436912b83fe49f065e1356f2a
SHA512 a778f09a4d2129fa9a848b3607975c4fbcbc137b8d5aa0f4be2e8c432d618353c0831ea060a1f23ae011900f1c8d581ae6a273c68e001cde6541128a532c309f

memory/2860-68-0x000000013F7C0000-0x000000013FB11000-memory.dmp

memory/2124-90-0x0000000001EC0000-0x0000000002211000-memory.dmp

memory/2124-99-0x0000000001EC0000-0x0000000002211000-memory.dmp

C:\Windows\system\mmLuxie.exe

MD5 32aff077bfbc0c0bfd37ab691ebf3572
SHA1 d5508dc2d1534601d2bd4ba000a77cf9cd6a7b96
SHA256 ababf5da6674364b6d2640c43367fbb02d7c0defca9bb5ef5446679497e191fc
SHA512 29a50337c6ad4cf90efa5a62ff44a7f2bf750d45c8acd034064d2b52afb06e5c5d846b29039da64d7798e89b337a29acc36c80c6a6fa2685d88662e0254bc3a2

C:\Windows\system\rRGDTqT.exe

MD5 a1d1e62235928cbebcd3c8874549f898
SHA1 a1dd3274d6d9f3627525393d528fdf1a04c2b7cf
SHA256 577e7159946e39bfe68ff173f778f6dee1b8b86b0d35da2d92288b8fc81575dd
SHA512 206bf3018d04877537e474ed3ce89435e880b3d56cee3cc92b1516cfc3d9f50d4c7118c12b24dfb228fed147fdebaba36928ce8e97ea4c71bec4d4648b8d9701

C:\Windows\system\XhzlYrv.exe

MD5 1562e36132e9fb96d1da733ab6505de7
SHA1 97fc7d924c9eb7fa5c78d232544ff933092bdd69
SHA256 122c3fcb78ca48faae18fed9e61ab92fc213cb450df210e74bd7be546485a623
SHA512 adc42c7df6201ac8474f3a3b94b304cf226dda083370a94f353a8c997aa55a1976c0e151e77d28f7aee6adb7cb366fdb63485973e6270c824e500d85cbed6af9

C:\Windows\system\zqICtNP.exe

MD5 305264ca7baa8f349b82829b27add924
SHA1 397bc94899e77f4cafc0028914a8c9bbf1e07b58
SHA256 41d77a7fdfc1540edf90f95aa067f07ce9ed96511790ee967fe1e8d111cee8a0
SHA512 c3323c452287ac8477e874d7e49f1f07b35a1995efbdcc07bd248014a118d005e4ec94fd79030748c95f46661d537749a66924b2288fe256c697452dc58f7473

memory/1544-355-0x000000013FE70000-0x00000001401C1000-memory.dmp

memory/2124-354-0x000000013FB00000-0x000000013FE51000-memory.dmp

C:\Windows\system\JXgMusL.exe

MD5 46598bbfcaa1788235d44f099e56330e
SHA1 dfad31b34d46d98e536dcfef4bdd7312024ae0c3
SHA256 d9d5b047cf4a75cddd64dbd8b4dbec09a3a34a6505edd392ac20bc6613460089
SHA512 d26680000d328e48a4c28019df2752b0ef4b9a27ffcc78cad171cdf4c7feef4541d6462cc8876bfd203bba8064a2c410cd3670bc0e08913d3b4d800ad062187e

C:\Windows\system\kmXycQs.exe

MD5 5537c907efe2dd7cc7cc2934f13df95b
SHA1 19d46e007e461f0c6e7e3cf8928456091825f077
SHA256 71cb7e9e9e48ff4454c31e57f212034ac6b1876f115cb55f24fadd6ed3eab706
SHA512 5817ac107d3b5a5c09110cbd10624898ceae2f6c65a127836abccd5e19197e39bab5c1b4e4afe2df4c15edcda7928c25dd03f107b5f7a886df66f9e7c3816e4a

C:\Windows\system\tLjWigs.exe

MD5 2d47979f16a8bd3cc99dffa5f5113b89
SHA1 a2422a4c83a024cd4f89739ff01a1b4cf88f622e
SHA256 f496900ab8b5feba90fa13a56823db975a928b5f935075e1c18574187696634b
SHA512 84acb00cdf53ecc72208b51bc37cab809ca5d934ed240b7ee0c9344dbb5fbf3d305fd69a76ea665ce9af260687600d6c01080e4e654463a9126bd9b4d5a40d7c

C:\Windows\system\xQAuuCt.exe

MD5 f1523333f3901eab3522c317c0181ada
SHA1 6219a4126e89b24e7c4297913197514339869277
SHA256 e8b2235fb285c0163596024e17c6b098d0751fa5722e7641556456124a62dfb1
SHA512 a854721a62a0b0ff6481a5abd950095ea64ba55ee6420a51dd00b51f99139ed470fcd9f5738df5e82d522f87f48124b070fd2f98093cbdca31107c68d407b073

C:\Windows\system\HtJlynD.exe

MD5 2c2766b48fda0dd148c36f063d1b8ede
SHA1 8b2705cfbe19b5bf8a10d1f97d41aff7c504abef
SHA256 65c3f9d5d944d7037f3534a61e23a4a41ce0d2b08bf6b76ab423c06fe446c4dd
SHA512 dadefa51fd016afa1b01abf698fce5f194a336565fbf64aba3df821bb1a6503cb2f2c727b584bfbcfc8a13d0190823795fcc39a6e8d2bb1a8bfe010448460e04

C:\Windows\system\ZOSQDlv.exe

MD5 6d8651321adadb87d4f087184e24582f
SHA1 6712c2f33e2441bde3d09ef39f53610836dd5e24
SHA256 1149882054d3509818b2e7da3b95fed71dbad1722a3a42af2cc17d7901c7937e
SHA512 d30ec06db6a77bf3c88a293039cadf64f183b4fbc722235f0f38a658d62a3831aac3a0521a7ac7babf22ba0b70dce0d48add5ceb1c13580851562c8c65fa5a4a

C:\Windows\system\FwNEHSm.exe

MD5 218edee2941d71100d5ba36ee9caaa94
SHA1 bb5a1ce222c2a1b9bd7b79948c60b96865578b4a
SHA256 4d931e6a3f1474c5eaebfa2d297a9b00cb2d4e882b20e581596d22485d490fb8
SHA512 b209411826522640aa857c3460668611ecbad2f1e578a148122cc9113571dc201985caa8fef260d6fdf91e95608cb92b518b0b5d91b0307047fc91be03b96c82

C:\Windows\system\EVpIyAc.exe

MD5 2a68ef09e2aa1d450e94186f18381823
SHA1 0de7b5e33abd1a20319c47ba6b5c427e96755939
SHA256 e84939bd26510ab8516618eff44ff9cabe841fcb0cbacead9e9e17505db62214
SHA512 f696cecbc94e94510640a548139179f4b6380c83888a8f479aed9d2b2dc3a0b1dbe5366acef7d1090adaee3162d77430336c77ab851aa2d4cd77a6fc418c62c8

C:\Windows\system\hefSqYg.exe

MD5 b47c710c6bd4ba97c5f99340df5617a8
SHA1 833dcde35634ba35478adbec4a7b88b4d77a03ca
SHA256 827bc23f4460c7e20b6c6c4a7778bde1b42f590065a3f423db66d22a3f45009a
SHA512 ba455422ca974ae1321ba48d4f689ace868d14f1ca854239efd0f03135db931a74c919c9d8a09b1dabed7538b05e6956f7d7c9063076d85a1b56fcfbd3668b36

C:\Windows\system\kJOPwVQ.exe

MD5 a0a00ba0096920add4457d248243b35e
SHA1 9920bd8616d26877e77218e2e01f27b45295fdbc
SHA256 dcfceaf5dbf0bef2680fdcfb8d7d53de5bf006cf9b1adaa10f58a33aeb6087b4
SHA512 22e5e26d20abd7bbf4b550e38cf4889eb3e6d839734557fc07a80c744ee4033e16a5d25f91c59ac4565add54ff3b3f008709d4d2fc61eaa9ca098a0ac281ddfd

C:\Windows\system\LwgGFaS.exe

MD5 f9af754aa1738908382434b332dec3b4
SHA1 3d94dddf27898cb971e29aecc7826c063ffb1588
SHA256 8d08c73fa8e0a7cb7f2688110221764a2d6bcdfa637f04d410ba82db22fb2df3
SHA512 5cecbca6ac55825aeaf682180a8bbb5da33576bb82057004ca2e99c7777c52778e096cb65a224991bce77f2663b91745e6d3d26d397c482e8b13ea75b8cf593b

C:\Windows\system\ugGEcVZ.exe

MD5 e4c77a35df822799fcb7b35bbb8ee7dc
SHA1 70b87e532fc7ec09b257a17027693e1f90dd0b65
SHA256 654a12430b56f12c30dbce5736fe2fa08d65b7ba478bd337cc4c99fae90dc0fd
SHA512 7b3b340764a6fdc7396848043a8ea563621b0391b0d6cf74ca67954fa6694eb3db083e8fbdaad2fdb43a088161bd7e8c0f8b7c31d25d122e2c672a8c9ed32629

C:\Windows\system\pDZBIpA.exe

MD5 b276880b7582db952958e4e4183b5b6e
SHA1 0d5bd1f170caccb28e294e304e0ebe2ab52c24d0
SHA256 9f9fda7639ceb27fc939967d955bca55f919aa06838bba0b68d392460cbe6af1
SHA512 943eb703c7881b6b1c776313eb2f50643be74571e73c872ea6ff066f00bfcb21bde1542ff6cc139fd4506dae0ec9358b0c43595a81b1b38a861fcfe9a1efe4af

\Windows\system\hyPDOMt.exe

MD5 8af2f8e7ebfc9f3c2e543009bfecf30b
SHA1 d8b771d724ec7717115074309af26e35af5c9f74
SHA256 da3db1e26e3c8a834d1c500e3d24d1b849aa3cab56b876d195404ff8de29eb9e
SHA512 a5cd64edc88d6ec9359eac2376868414df0e7fd5307be32004cb31316c4512ddb723b2df88ae5091e706b8be0194850b844837f1f0bf8e9d3a076e0dd2d806fa

memory/2124-78-0x000000013FEF0000-0x0000000140241000-memory.dmp

C:\Windows\system\aCLKNeu.exe

MD5 59e6780fb3686437e33a12f5410f8d64
SHA1 2d37e5088a5029d06a25d88d233183426bc231d1
SHA256 f6e33d6b02c996778ffc7a58f263d45202d6223c6df8920a729eab808e5eade3
SHA512 d8732c4b6716f77ee45849b9034d43dc0ebddcb542b278f01a4499dbf4f74c8949d10bdd7d50c81d5d6e147935df44f9270c0de1e8a29423785a90be4e3c24f0

memory/2236-107-0x000000013FF50000-0x00000001402A1000-memory.dmp

memory/2124-106-0x0000000001EC0000-0x0000000002211000-memory.dmp

memory/2124-104-0x000000013FEF0000-0x0000000140241000-memory.dmp

memory/2124-103-0x000000013F590000-0x000000013F8E1000-memory.dmp

memory/2124-102-0x000000013F200000-0x000000013F551000-memory.dmp

memory/2572-100-0x000000013F9C0000-0x000000013FD11000-memory.dmp

memory/2124-98-0x000000013FF50000-0x00000001402A1000-memory.dmp

memory/3000-96-0x000000013F590000-0x000000013F8E1000-memory.dmp

C:\Windows\system\xivNONv.exe

MD5 f1b7a8ea0a323e546b56b64be78932e3
SHA1 4e97a41d0565c57f67a25ff307387019c850d185
SHA256 818bafddf98810bef9e08721b4883240e84c7ec61fa1d73d21d372280eea98da
SHA512 8a2dc5a731662a88b697832f2e09b5619c99074001724d7336ec0e744032beca287f85d1ab446d57e62382c4ab785bd1ce5e21320cba7ed35c7af4b04e391d21

C:\Windows\system\ZbfOoFl.exe

MD5 4cad1dc57f14861262418859d3f9fb2e
SHA1 641180b2a4ef426475753a44bddd56175406abde
SHA256 03ef480e182e5201577976aab3afbf67cdc2182e679226bcefdeab3bd9ba130d
SHA512 4bf3421c9f049afc35016c2ac482053802bd3e553d03939ee94db4cfeffba9e4f3321d64ff26a6f91eaa30ce77f40f7f8dc34efba1075035194da3c384d3ee35

C:\Windows\system\dLNgqVV.exe

MD5 61264b390a5c82cdfd52ff263f483aeb
SHA1 935d2d65034869b703f616fb19d0dedafb081e6f
SHA256 a0ca47153ff2fd29286f382deabcb61056ca4bdba9d13d7580207a67d5639082
SHA512 5b21b49329302f8021fac0caefd99061f7586f67a608183f7bbfe92f2753671e3545e7ead3bc1a41910fb6b38c442862543af6e1d0b9eecdf8c18b3d154efe53

memory/2532-88-0x000000013FEF0000-0x0000000140241000-memory.dmp

memory/888-73-0x000000013F200000-0x000000013F551000-memory.dmp

memory/2124-1413-0x000000013F650000-0x000000013F9A1000-memory.dmp

memory/2796-1733-0x000000013F100000-0x000000013F451000-memory.dmp

memory/2124-2018-0x0000000001EC0000-0x0000000002211000-memory.dmp

memory/2648-2286-0x000000013F880000-0x000000013FBD1000-memory.dmp

memory/2124-2285-0x0000000001EC0000-0x0000000002211000-memory.dmp

memory/2860-2456-0x000000013F7C0000-0x000000013FB11000-memory.dmp

memory/888-2457-0x000000013F200000-0x000000013F551000-memory.dmp

memory/2124-2661-0x0000000001EC0000-0x0000000002211000-memory.dmp

memory/2124-2976-0x0000000001EC0000-0x0000000002211000-memory.dmp

memory/2256-3603-0x000000013F150000-0x000000013F4A1000-memory.dmp

memory/1544-3607-0x000000013FE70000-0x00000001401C1000-memory.dmp

memory/2884-3609-0x000000013F180000-0x000000013F4D1000-memory.dmp

memory/2640-3678-0x000000013F650000-0x000000013F9A1000-memory.dmp

memory/2796-3682-0x000000013F100000-0x000000013F451000-memory.dmp

memory/2784-3697-0x000000013FDF0000-0x0000000140141000-memory.dmp

memory/888-3739-0x000000013F200000-0x000000013F551000-memory.dmp

memory/2532-3740-0x000000013FEF0000-0x0000000140241000-memory.dmp

memory/2236-3744-0x000000013FF50000-0x00000001402A1000-memory.dmp

memory/3000-3742-0x000000013F590000-0x000000013F8E1000-memory.dmp

memory/2572-3747-0x000000013F9C0000-0x000000013FD11000-memory.dmp

memory/2860-3753-0x000000013F7C0000-0x000000013FB11000-memory.dmp

memory/2648-3807-0x000000013F880000-0x000000013FBD1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 15:57

Reported

2024-05-25 15:59

Platform

win10v2004-20240426-en

Max time kernel

67s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GyXMdxH.exe N/A
N/A N/A C:\Windows\System\NYFTDNY.exe N/A
N/A N/A C:\Windows\System\uFWrMJp.exe N/A
N/A N/A C:\Windows\System\ehsdHds.exe N/A
N/A N/A C:\Windows\System\VKgSdmu.exe N/A
N/A N/A C:\Windows\System\waipFPN.exe N/A
N/A N/A C:\Windows\System\UztSKSF.exe N/A
N/A N/A C:\Windows\System\OdfdSpy.exe N/A
N/A N/A C:\Windows\System\LvAJnCM.exe N/A
N/A N/A C:\Windows\System\kRnDYeb.exe N/A
N/A N/A C:\Windows\System\wuLfbAg.exe N/A
N/A N/A C:\Windows\System\SdGsBMd.exe N/A
N/A N/A C:\Windows\System\lujFRoQ.exe N/A
N/A N/A C:\Windows\System\FYSLwBr.exe N/A
N/A N/A C:\Windows\System\gWABJSd.exe N/A
N/A N/A C:\Windows\System\GOjRWxx.exe N/A
N/A N/A C:\Windows\System\ISTvpMz.exe N/A
N/A N/A C:\Windows\System\mHEAYON.exe N/A
N/A N/A C:\Windows\System\fNHQTnq.exe N/A
N/A N/A C:\Windows\System\aoNkBXX.exe N/A
N/A N/A C:\Windows\System\vDWmEgh.exe N/A
N/A N/A C:\Windows\System\XQurIZR.exe N/A
N/A N/A C:\Windows\System\GGBSLtL.exe N/A
N/A N/A C:\Windows\System\dpleApS.exe N/A
N/A N/A C:\Windows\System\iZdCkbj.exe N/A
N/A N/A C:\Windows\System\eGAaYVn.exe N/A
N/A N/A C:\Windows\System\SzUKsxe.exe N/A
N/A N/A C:\Windows\System\QfSpBBf.exe N/A
N/A N/A C:\Windows\System\zohHVEE.exe N/A
N/A N/A C:\Windows\System\azBnWea.exe N/A
N/A N/A C:\Windows\System\IoKsYWk.exe N/A
N/A N/A C:\Windows\System\ugctnkv.exe N/A
N/A N/A C:\Windows\System\ELtrhos.exe N/A
N/A N/A C:\Windows\System\DonDDwm.exe N/A
N/A N/A C:\Windows\System\dEAVcKq.exe N/A
N/A N/A C:\Windows\System\HknjIOe.exe N/A
N/A N/A C:\Windows\System\avYbyyq.exe N/A
N/A N/A C:\Windows\System\SdATrYl.exe N/A
N/A N/A C:\Windows\System\tnjgEHn.exe N/A
N/A N/A C:\Windows\System\TmJnVuX.exe N/A
N/A N/A C:\Windows\System\GdEWSZp.exe N/A
N/A N/A C:\Windows\System\wwXCZvQ.exe N/A
N/A N/A C:\Windows\System\vclDcnZ.exe N/A
N/A N/A C:\Windows\System\hZJZufq.exe N/A
N/A N/A C:\Windows\System\stlacbK.exe N/A
N/A N/A C:\Windows\System\HVhSATb.exe N/A
N/A N/A C:\Windows\System\lgtcIxQ.exe N/A
N/A N/A C:\Windows\System\UKdjoRr.exe N/A
N/A N/A C:\Windows\System\MkXNLyX.exe N/A
N/A N/A C:\Windows\System\hyPogje.exe N/A
N/A N/A C:\Windows\System\iGOXauI.exe N/A
N/A N/A C:\Windows\System\KNDKBIR.exe N/A
N/A N/A C:\Windows\System\BgMkGiw.exe N/A
N/A N/A C:\Windows\System\nExZMBr.exe N/A
N/A N/A C:\Windows\System\PNlSXov.exe N/A
N/A N/A C:\Windows\System\IFRDoPf.exe N/A
N/A N/A C:\Windows\System\SEZcHhi.exe N/A
N/A N/A C:\Windows\System\iZyFUEv.exe N/A
N/A N/A C:\Windows\System\egTTkDq.exe N/A
N/A N/A C:\Windows\System\oFlqBkB.exe N/A
N/A N/A C:\Windows\System\suZTJMT.exe N/A
N/A N/A C:\Windows\System\iQqIIWt.exe N/A
N/A N/A C:\Windows\System\APZiQgO.exe N/A
N/A N/A C:\Windows\System\VRgoPDE.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\GhQQoZM.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzUKsxe.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\SYsZxWa.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\dPHEQsV.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPsIHyT.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\KNLAuEV.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\BVShXTV.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\zEewkjd.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\JBEjhYK.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\UhgJeRP.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\zytPZoF.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\OdjhJvf.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\zncZEKj.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\roNoxjS.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\qJFZwul.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\xwKWIer.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\MWsfoKh.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\XQyTtjL.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\voLHZus.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\YVuWSOp.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\iBiIidc.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\zohHVEE.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\IeAzuqd.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\LtCrfUj.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\kyijgaF.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSAqgqc.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\AdqNtvS.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHpLCen.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\rXdsOBg.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\rMOmrES.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\BLirAHf.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOeRzDJ.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzFQAjU.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\TtrFnvv.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\xCLHZZh.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\dRJAaBW.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\qwVppfn.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDsFDQm.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\IaUaxuQ.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\dJGuTrx.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\DNVjdwS.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\JwNWCho.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\VVnaxFt.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\pccItsS.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdGdEoG.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\FYMgWmj.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\FqVdsiq.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\YELxSgm.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\OcoeaOp.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\JNqkWpJ.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\GcWfdWR.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\TCyzfEZ.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\wztbMAG.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnzwYGH.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\pgpiBYo.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdiLggd.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\CKRlRjp.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\iZdCkbj.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\HFgSTDL.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\vSNqIMf.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\ButaSkZ.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFzQZeF.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTuThZV.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A
File created C:\Windows\System\jvDSOeg.exe C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eikK C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{FE721A56-6603-41CB-8CB6-10336AC59C11} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{D53C608B-8540-4291-910E-A7F4E8EB5D38} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{6EFBBC00-AE01-4993-8740-4B0836F62355} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{D3D9A165-B56C-4E58-A5B0-1CBC271E89FD} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4596 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\GyXMdxH.exe
PID 4596 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\GyXMdxH.exe
PID 4596 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\uFWrMJp.exe
PID 4596 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\uFWrMJp.exe
PID 4596 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\NYFTDNY.exe
PID 4596 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\NYFTDNY.exe
PID 4596 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ehsdHds.exe
PID 4596 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ehsdHds.exe
PID 4596 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\VKgSdmu.exe
PID 4596 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\VKgSdmu.exe
PID 4596 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\waipFPN.exe
PID 4596 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\waipFPN.exe
PID 4596 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\UztSKSF.exe
PID 4596 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\UztSKSF.exe
PID 4596 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\OdfdSpy.exe
PID 4596 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\OdfdSpy.exe
PID 4596 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\LvAJnCM.exe
PID 4596 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\LvAJnCM.exe
PID 4596 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\kRnDYeb.exe
PID 4596 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\kRnDYeb.exe
PID 4596 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\wuLfbAg.exe
PID 4596 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\wuLfbAg.exe
PID 4596 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\SdGsBMd.exe
PID 4596 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\SdGsBMd.exe
PID 4596 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\lujFRoQ.exe
PID 4596 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\lujFRoQ.exe
PID 4596 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\FYSLwBr.exe
PID 4596 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\FYSLwBr.exe
PID 4596 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\gWABJSd.exe
PID 4596 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\gWABJSd.exe
PID 4596 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\GOjRWxx.exe
PID 4596 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\GOjRWxx.exe
PID 4596 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ISTvpMz.exe
PID 4596 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ISTvpMz.exe
PID 4596 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\mHEAYON.exe
PID 4596 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\mHEAYON.exe
PID 4596 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\fNHQTnq.exe
PID 4596 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\fNHQTnq.exe
PID 4596 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\aoNkBXX.exe
PID 4596 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\aoNkBXX.exe
PID 4596 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\vDWmEgh.exe
PID 4596 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\vDWmEgh.exe
PID 4596 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\XQurIZR.exe
PID 4596 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\XQurIZR.exe
PID 4596 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\GGBSLtL.exe
PID 4596 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\GGBSLtL.exe
PID 4596 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\dpleApS.exe
PID 4596 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\dpleApS.exe
PID 4596 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\iZdCkbj.exe
PID 4596 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\iZdCkbj.exe
PID 4596 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\eGAaYVn.exe
PID 4596 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\eGAaYVn.exe
PID 4596 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\SzUKsxe.exe
PID 4596 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\SzUKsxe.exe
PID 4596 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\QfSpBBf.exe
PID 4596 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\QfSpBBf.exe
PID 4596 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\zohHVEE.exe
PID 4596 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\zohHVEE.exe
PID 4596 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\azBnWea.exe
PID 4596 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\azBnWea.exe
PID 4596 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\IoKsYWk.exe
PID 4596 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\IoKsYWk.exe
PID 4596 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ugctnkv.exe
PID 4596 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe C:\Windows\System\ugctnkv.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8b76933d79acf0a9fa18ccf307885240_NeikiAnalytics.exe"

C:\Windows\System\GyXMdxH.exe

C:\Windows\System\GyXMdxH.exe

C:\Windows\System\uFWrMJp.exe

C:\Windows\System\uFWrMJp.exe

C:\Windows\System\NYFTDNY.exe

C:\Windows\System\NYFTDNY.exe

C:\Windows\System\ehsdHds.exe

C:\Windows\System\ehsdHds.exe

C:\Windows\System\VKgSdmu.exe

C:\Windows\System\VKgSdmu.exe

C:\Windows\System\waipFPN.exe

C:\Windows\System\waipFPN.exe

C:\Windows\System\UztSKSF.exe

C:\Windows\System\UztSKSF.exe

C:\Windows\System\OdfdSpy.exe

C:\Windows\System\OdfdSpy.exe

C:\Windows\System\LvAJnCM.exe

C:\Windows\System\LvAJnCM.exe

C:\Windows\System\kRnDYeb.exe

C:\Windows\System\kRnDYeb.exe

C:\Windows\System\wuLfbAg.exe

C:\Windows\System\wuLfbAg.exe

C:\Windows\System\SdGsBMd.exe

C:\Windows\System\SdGsBMd.exe

C:\Windows\System\lujFRoQ.exe

C:\Windows\System\lujFRoQ.exe

C:\Windows\System\FYSLwBr.exe

C:\Windows\System\FYSLwBr.exe

C:\Windows\System\gWABJSd.exe

C:\Windows\System\gWABJSd.exe

C:\Windows\System\GOjRWxx.exe

C:\Windows\System\GOjRWxx.exe

C:\Windows\System\ISTvpMz.exe

C:\Windows\System\ISTvpMz.exe

C:\Windows\System\mHEAYON.exe

C:\Windows\System\mHEAYON.exe

C:\Windows\System\fNHQTnq.exe

C:\Windows\System\fNHQTnq.exe

C:\Windows\System\aoNkBXX.exe

C:\Windows\System\aoNkBXX.exe

C:\Windows\System\vDWmEgh.exe

C:\Windows\System\vDWmEgh.exe

C:\Windows\System\XQurIZR.exe

C:\Windows\System\XQurIZR.exe

C:\Windows\System\GGBSLtL.exe

C:\Windows\System\GGBSLtL.exe

C:\Windows\System\dpleApS.exe

C:\Windows\System\dpleApS.exe

C:\Windows\System\iZdCkbj.exe

C:\Windows\System\iZdCkbj.exe

C:\Windows\System\eGAaYVn.exe

C:\Windows\System\eGAaYVn.exe

C:\Windows\System\SzUKsxe.exe

C:\Windows\System\SzUKsxe.exe

C:\Windows\System\QfSpBBf.exe

C:\Windows\System\QfSpBBf.exe

C:\Windows\System\zohHVEE.exe

C:\Windows\System\zohHVEE.exe

C:\Windows\System\azBnWea.exe

C:\Windows\System\azBnWea.exe

C:\Windows\System\IoKsYWk.exe

C:\Windows\System\IoKsYWk.exe

C:\Windows\System\ugctnkv.exe

C:\Windows\System\ugctnkv.exe

C:\Windows\System\ELtrhos.exe

C:\Windows\System\ELtrhos.exe

C:\Windows\System\DonDDwm.exe

C:\Windows\System\DonDDwm.exe

C:\Windows\System\dEAVcKq.exe

C:\Windows\System\dEAVcKq.exe

C:\Windows\System\HknjIOe.exe

C:\Windows\System\HknjIOe.exe

C:\Windows\System\avYbyyq.exe

C:\Windows\System\avYbyyq.exe

C:\Windows\System\SdATrYl.exe

C:\Windows\System\SdATrYl.exe

C:\Windows\System\tnjgEHn.exe

C:\Windows\System\tnjgEHn.exe

C:\Windows\System\TmJnVuX.exe

C:\Windows\System\TmJnVuX.exe

C:\Windows\System\GdEWSZp.exe

C:\Windows\System\GdEWSZp.exe

C:\Windows\System\wwXCZvQ.exe

C:\Windows\System\wwXCZvQ.exe

C:\Windows\System\vclDcnZ.exe

C:\Windows\System\vclDcnZ.exe

C:\Windows\System\hZJZufq.exe

C:\Windows\System\hZJZufq.exe

C:\Windows\System\stlacbK.exe

C:\Windows\System\stlacbK.exe

C:\Windows\System\HVhSATb.exe

C:\Windows\System\HVhSATb.exe

C:\Windows\System\lgtcIxQ.exe

C:\Windows\System\lgtcIxQ.exe

C:\Windows\System\UKdjoRr.exe

C:\Windows\System\UKdjoRr.exe

C:\Windows\System\MkXNLyX.exe

C:\Windows\System\MkXNLyX.exe

C:\Windows\System\hyPogje.exe

C:\Windows\System\hyPogje.exe

C:\Windows\System\iGOXauI.exe

C:\Windows\System\iGOXauI.exe

C:\Windows\System\KNDKBIR.exe

C:\Windows\System\KNDKBIR.exe

C:\Windows\System\BgMkGiw.exe

C:\Windows\System\BgMkGiw.exe

C:\Windows\System\nExZMBr.exe

C:\Windows\System\nExZMBr.exe

C:\Windows\System\PNlSXov.exe

C:\Windows\System\PNlSXov.exe

C:\Windows\System\IFRDoPf.exe

C:\Windows\System\IFRDoPf.exe

C:\Windows\System\SEZcHhi.exe

C:\Windows\System\SEZcHhi.exe

C:\Windows\System\iZyFUEv.exe

C:\Windows\System\iZyFUEv.exe

C:\Windows\System\egTTkDq.exe

C:\Windows\System\egTTkDq.exe

C:\Windows\System\oFlqBkB.exe

C:\Windows\System\oFlqBkB.exe

C:\Windows\System\suZTJMT.exe

C:\Windows\System\suZTJMT.exe

C:\Windows\System\iQqIIWt.exe

C:\Windows\System\iQqIIWt.exe

C:\Windows\System\APZiQgO.exe

C:\Windows\System\APZiQgO.exe

C:\Windows\System\VRgoPDE.exe

C:\Windows\System\VRgoPDE.exe

C:\Windows\System\jvDSOeg.exe

C:\Windows\System\jvDSOeg.exe

C:\Windows\System\ArKHIkb.exe

C:\Windows\System\ArKHIkb.exe

C:\Windows\System\GcWfdWR.exe

C:\Windows\System\GcWfdWR.exe

C:\Windows\System\xFFCBaH.exe

C:\Windows\System\xFFCBaH.exe

C:\Windows\System\iSeXBMu.exe

C:\Windows\System\iSeXBMu.exe

C:\Windows\System\RvfuNZj.exe

C:\Windows\System\RvfuNZj.exe

C:\Windows\System\IUkYBSN.exe

C:\Windows\System\IUkYBSN.exe

C:\Windows\System\iRfDVEH.exe

C:\Windows\System\iRfDVEH.exe

C:\Windows\System\wjoBaQe.exe

C:\Windows\System\wjoBaQe.exe

C:\Windows\System\VYfWptX.exe

C:\Windows\System\VYfWptX.exe

C:\Windows\System\DRtPOmq.exe

C:\Windows\System\DRtPOmq.exe

C:\Windows\System\QwQlmsp.exe

C:\Windows\System\QwQlmsp.exe

C:\Windows\System\vfxHqVd.exe

C:\Windows\System\vfxHqVd.exe

C:\Windows\System\znyGFim.exe

C:\Windows\System\znyGFim.exe

C:\Windows\System\irtMkFY.exe

C:\Windows\System\irtMkFY.exe

C:\Windows\System\feKerZm.exe

C:\Windows\System\feKerZm.exe

C:\Windows\System\pvRpfJD.exe

C:\Windows\System\pvRpfJD.exe

C:\Windows\System\KOPmXSp.exe

C:\Windows\System\KOPmXSp.exe

C:\Windows\System\rLNrePm.exe

C:\Windows\System\rLNrePm.exe

C:\Windows\System\WBCrzyj.exe

C:\Windows\System\WBCrzyj.exe

C:\Windows\System\AtOUTVq.exe

C:\Windows\System\AtOUTVq.exe

C:\Windows\System\OdjhJvf.exe

C:\Windows\System\OdjhJvf.exe

C:\Windows\System\vrWWbOv.exe

C:\Windows\System\vrWWbOv.exe

C:\Windows\System\DFUVGMl.exe

C:\Windows\System\DFUVGMl.exe

C:\Windows\System\nNHtVaT.exe

C:\Windows\System\nNHtVaT.exe

C:\Windows\System\prpMihK.exe

C:\Windows\System\prpMihK.exe

C:\Windows\System\YWCNTVg.exe

C:\Windows\System\YWCNTVg.exe

C:\Windows\System\WbJwLmn.exe

C:\Windows\System\WbJwLmn.exe

C:\Windows\System\aVCppeE.exe

C:\Windows\System\aVCppeE.exe

C:\Windows\System\oamMusN.exe

C:\Windows\System\oamMusN.exe

C:\Windows\System\VYcNkhr.exe

C:\Windows\System\VYcNkhr.exe

C:\Windows\System\PApKsct.exe

C:\Windows\System\PApKsct.exe

C:\Windows\System\ZCZcOAe.exe

C:\Windows\System\ZCZcOAe.exe

C:\Windows\System\GeHjQDh.exe

C:\Windows\System\GeHjQDh.exe

C:\Windows\System\PyuBszc.exe

C:\Windows\System\PyuBszc.exe

C:\Windows\System\mAwMHKe.exe

C:\Windows\System\mAwMHKe.exe

C:\Windows\System\OTRTqoS.exe

C:\Windows\System\OTRTqoS.exe

C:\Windows\System\RIBQzgQ.exe

C:\Windows\System\RIBQzgQ.exe

C:\Windows\System\QuYoccV.exe

C:\Windows\System\QuYoccV.exe

C:\Windows\System\AdqNtvS.exe

C:\Windows\System\AdqNtvS.exe

C:\Windows\System\IBCxjvX.exe

C:\Windows\System\IBCxjvX.exe

C:\Windows\System\DQbEZDx.exe

C:\Windows\System\DQbEZDx.exe

C:\Windows\System\dfOraKc.exe

C:\Windows\System\dfOraKc.exe

C:\Windows\System\NcVkdvJ.exe

C:\Windows\System\NcVkdvJ.exe

C:\Windows\System\WQDYCbt.exe

C:\Windows\System\WQDYCbt.exe

C:\Windows\System\zbjLoxt.exe

C:\Windows\System\zbjLoxt.exe

C:\Windows\System\eLSjffo.exe

C:\Windows\System\eLSjffo.exe

C:\Windows\System\jmPDyns.exe

C:\Windows\System\jmPDyns.exe

C:\Windows\System\xahrlxB.exe

C:\Windows\System\xahrlxB.exe

C:\Windows\System\NUXWMiE.exe

C:\Windows\System\NUXWMiE.exe

C:\Windows\System\nqpinWb.exe

C:\Windows\System\nqpinWb.exe

C:\Windows\System\CjgNseS.exe

C:\Windows\System\CjgNseS.exe

C:\Windows\System\JPopERF.exe

C:\Windows\System\JPopERF.exe

C:\Windows\System\NeizZtS.exe

C:\Windows\System\NeizZtS.exe

C:\Windows\System\VRYYFNO.exe

C:\Windows\System\VRYYFNO.exe

C:\Windows\System\HMeXvhQ.exe

C:\Windows\System\HMeXvhQ.exe

C:\Windows\System\sEtMDZk.exe

C:\Windows\System\sEtMDZk.exe

C:\Windows\System\TPWChZa.exe

C:\Windows\System\TPWChZa.exe

C:\Windows\System\OkdhfAk.exe

C:\Windows\System\OkdhfAk.exe

C:\Windows\System\nNzDfRF.exe

C:\Windows\System\nNzDfRF.exe

C:\Windows\System\nVjOXVY.exe

C:\Windows\System\nVjOXVY.exe

C:\Windows\System\WDmPWZP.exe

C:\Windows\System\WDmPWZP.exe

C:\Windows\System\MhAbtZq.exe

C:\Windows\System\MhAbtZq.exe

C:\Windows\System\YFcsuhW.exe

C:\Windows\System\YFcsuhW.exe

C:\Windows\System\IngXLEr.exe

C:\Windows\System\IngXLEr.exe

C:\Windows\System\jHLMquh.exe

C:\Windows\System\jHLMquh.exe

C:\Windows\System\IItMFad.exe

C:\Windows\System\IItMFad.exe

C:\Windows\System\sCHBFcU.exe

C:\Windows\System\sCHBFcU.exe

C:\Windows\System\IGamBoC.exe

C:\Windows\System\IGamBoC.exe

C:\Windows\System\IHXviPE.exe

C:\Windows\System\IHXviPE.exe

C:\Windows\System\cDTiEHL.exe

C:\Windows\System\cDTiEHL.exe

C:\Windows\System\wZdOqVY.exe

C:\Windows\System\wZdOqVY.exe

C:\Windows\System\YuFVKub.exe

C:\Windows\System\YuFVKub.exe

C:\Windows\System\jAWjFiA.exe

C:\Windows\System\jAWjFiA.exe

C:\Windows\System\arNlEKN.exe

C:\Windows\System\arNlEKN.exe

C:\Windows\System\iepyQpb.exe

C:\Windows\System\iepyQpb.exe

C:\Windows\System\CBMKVZr.exe

C:\Windows\System\CBMKVZr.exe

C:\Windows\System\RwVZgUD.exe

C:\Windows\System\RwVZgUD.exe

C:\Windows\System\vvKXMVl.exe

C:\Windows\System\vvKXMVl.exe

C:\Windows\System\gLbIkFH.exe

C:\Windows\System\gLbIkFH.exe

C:\Windows\System\oaiDBjq.exe

C:\Windows\System\oaiDBjq.exe

C:\Windows\System\umIdiUJ.exe

C:\Windows\System\umIdiUJ.exe

C:\Windows\System\VWegxaj.exe

C:\Windows\System\VWegxaj.exe

C:\Windows\System\yhzuezC.exe

C:\Windows\System\yhzuezC.exe

C:\Windows\System\LRpTCZv.exe

C:\Windows\System\LRpTCZv.exe

C:\Windows\System\YUYTkVP.exe

C:\Windows\System\YUYTkVP.exe

C:\Windows\System\KjnaNgF.exe

C:\Windows\System\KjnaNgF.exe

C:\Windows\System\mxKWzeA.exe

C:\Windows\System\mxKWzeA.exe

C:\Windows\System\XsCfICY.exe

C:\Windows\System\XsCfICY.exe

C:\Windows\System\VwwTbIa.exe

C:\Windows\System\VwwTbIa.exe

C:\Windows\System\OybCmTC.exe

C:\Windows\System\OybCmTC.exe

C:\Windows\System\PeNHjsG.exe

C:\Windows\System\PeNHjsG.exe

C:\Windows\System\DLtudCT.exe

C:\Windows\System\DLtudCT.exe

C:\Windows\System\FoQViQn.exe

C:\Windows\System\FoQViQn.exe

C:\Windows\System\REbUBNk.exe

C:\Windows\System\REbUBNk.exe

C:\Windows\System\hsVpnXT.exe

C:\Windows\System\hsVpnXT.exe

C:\Windows\System\ZTqNwYD.exe

C:\Windows\System\ZTqNwYD.exe

C:\Windows\System\ivlasYB.exe

C:\Windows\System\ivlasYB.exe

C:\Windows\System\tFuPyOn.exe

C:\Windows\System\tFuPyOn.exe

C:\Windows\System\gPCvbes.exe

C:\Windows\System\gPCvbes.exe

C:\Windows\System\SYsZxWa.exe

C:\Windows\System\SYsZxWa.exe

C:\Windows\System\QZBtFlS.exe

C:\Windows\System\QZBtFlS.exe

C:\Windows\System\hZRbmFy.exe

C:\Windows\System\hZRbmFy.exe

C:\Windows\System\KvZhYYN.exe

C:\Windows\System\KvZhYYN.exe

C:\Windows\System\SClfGKf.exe

C:\Windows\System\SClfGKf.exe

C:\Windows\System\vlhQxNh.exe

C:\Windows\System\vlhQxNh.exe

C:\Windows\System\TWCMQYq.exe

C:\Windows\System\TWCMQYq.exe

C:\Windows\System\DNVjdwS.exe

C:\Windows\System\DNVjdwS.exe

C:\Windows\System\hoYAHCx.exe

C:\Windows\System\hoYAHCx.exe

C:\Windows\System\iQYQJIp.exe

C:\Windows\System\iQYQJIp.exe

C:\Windows\System\XcTinFT.exe

C:\Windows\System\XcTinFT.exe

C:\Windows\System\LzvAKwp.exe

C:\Windows\System\LzvAKwp.exe

C:\Windows\System\UPGEUNA.exe

C:\Windows\System\UPGEUNA.exe

C:\Windows\System\qRBaEMa.exe

C:\Windows\System\qRBaEMa.exe

C:\Windows\System\dPHEQsV.exe

C:\Windows\System\dPHEQsV.exe

C:\Windows\System\pYlkjNq.exe

C:\Windows\System\pYlkjNq.exe

C:\Windows\System\eHpLCen.exe

C:\Windows\System\eHpLCen.exe

C:\Windows\System\zncZEKj.exe

C:\Windows\System\zncZEKj.exe

C:\Windows\System\SIjRCYE.exe

C:\Windows\System\SIjRCYE.exe

C:\Windows\System\yfxMiCZ.exe

C:\Windows\System\yfxMiCZ.exe

C:\Windows\System\uCKYMxJ.exe

C:\Windows\System\uCKYMxJ.exe

C:\Windows\System\igsouJS.exe

C:\Windows\System\igsouJS.exe

C:\Windows\System\roNoxjS.exe

C:\Windows\System\roNoxjS.exe

C:\Windows\System\GecTNHu.exe

C:\Windows\System\GecTNHu.exe

C:\Windows\System\UVMMYRy.exe

C:\Windows\System\UVMMYRy.exe

C:\Windows\System\JwNWCho.exe

C:\Windows\System\JwNWCho.exe

C:\Windows\System\DeGuSAg.exe

C:\Windows\System\DeGuSAg.exe

C:\Windows\System\tlLxOZk.exe

C:\Windows\System\tlLxOZk.exe

C:\Windows\System\IeAzuqd.exe

C:\Windows\System\IeAzuqd.exe

C:\Windows\System\ELGUAWv.exe

C:\Windows\System\ELGUAWv.exe

C:\Windows\System\ThSrxZq.exe

C:\Windows\System\ThSrxZq.exe

C:\Windows\System\hjhFujP.exe

C:\Windows\System\hjhFujP.exe

C:\Windows\System\MnPDvyz.exe

C:\Windows\System\MnPDvyz.exe

C:\Windows\System\upjPEyS.exe

C:\Windows\System\upjPEyS.exe

C:\Windows\System\bhCHwZb.exe

C:\Windows\System\bhCHwZb.exe

C:\Windows\System\TCyzfEZ.exe

C:\Windows\System\TCyzfEZ.exe

C:\Windows\System\TnCxPJC.exe

C:\Windows\System\TnCxPJC.exe

C:\Windows\System\VVnaxFt.exe

C:\Windows\System\VVnaxFt.exe

C:\Windows\System\jHPltNU.exe

C:\Windows\System\jHPltNU.exe

C:\Windows\System\CObWaiX.exe

C:\Windows\System\CObWaiX.exe

C:\Windows\System\KjquYno.exe

C:\Windows\System\KjquYno.exe

C:\Windows\System\tEBknjm.exe

C:\Windows\System\tEBknjm.exe

C:\Windows\System\TFjaIFx.exe

C:\Windows\System\TFjaIFx.exe

C:\Windows\System\zEewkjd.exe

C:\Windows\System\zEewkjd.exe

C:\Windows\System\jZcAtVf.exe

C:\Windows\System\jZcAtVf.exe

C:\Windows\System\gOLGHRx.exe

C:\Windows\System\gOLGHRx.exe

C:\Windows\System\HFgSTDL.exe

C:\Windows\System\HFgSTDL.exe

C:\Windows\System\IvsQfIP.exe

C:\Windows\System\IvsQfIP.exe

C:\Windows\System\SNdwDPR.exe

C:\Windows\System\SNdwDPR.exe

C:\Windows\System\ZOZIjAh.exe

C:\Windows\System\ZOZIjAh.exe

C:\Windows\System\hNshvjG.exe

C:\Windows\System\hNshvjG.exe

C:\Windows\System\ijSQkGT.exe

C:\Windows\System\ijSQkGT.exe

C:\Windows\System\VeRcvib.exe

C:\Windows\System\VeRcvib.exe

C:\Windows\System\eCyALZe.exe

C:\Windows\System\eCyALZe.exe

C:\Windows\System\BHWMQUc.exe

C:\Windows\System\BHWMQUc.exe

C:\Windows\System\TPhpkqL.exe

C:\Windows\System\TPhpkqL.exe

C:\Windows\System\oZHEvVP.exe

C:\Windows\System\oZHEvVP.exe

C:\Windows\System\lBeKUEr.exe

C:\Windows\System\lBeKUEr.exe

C:\Windows\System\nSNMDRL.exe

C:\Windows\System\nSNMDRL.exe

C:\Windows\System\cIPJmhV.exe

C:\Windows\System\cIPJmhV.exe

C:\Windows\System\RbbRoEl.exe

C:\Windows\System\RbbRoEl.exe

C:\Windows\System\fCqirod.exe

C:\Windows\System\fCqirod.exe

C:\Windows\System\xwxfzAy.exe

C:\Windows\System\xwxfzAy.exe

C:\Windows\System\NhMDlnh.exe

C:\Windows\System\NhMDlnh.exe

C:\Windows\System\UtZMPSz.exe

C:\Windows\System\UtZMPSz.exe

C:\Windows\System\qJFZwul.exe

C:\Windows\System\qJFZwul.exe

C:\Windows\System\BSyClDW.exe

C:\Windows\System\BSyClDW.exe

C:\Windows\System\iTfnqWc.exe

C:\Windows\System\iTfnqWc.exe

C:\Windows\System\CLkMlpN.exe

C:\Windows\System\CLkMlpN.exe

C:\Windows\System\FqVdsiq.exe

C:\Windows\System\FqVdsiq.exe

C:\Windows\System\fabOJFN.exe

C:\Windows\System\fabOJFN.exe

C:\Windows\System\hlRNfih.exe

C:\Windows\System\hlRNfih.exe

C:\Windows\System\qZnpowh.exe

C:\Windows\System\qZnpowh.exe

C:\Windows\System\MLeoDDr.exe

C:\Windows\System\MLeoDDr.exe

C:\Windows\System\KzFQAjU.exe

C:\Windows\System\KzFQAjU.exe

C:\Windows\System\kRZGVXG.exe

C:\Windows\System\kRZGVXG.exe

C:\Windows\System\KPMOteL.exe

C:\Windows\System\KPMOteL.exe

C:\Windows\System\IoBsvMY.exe

C:\Windows\System\IoBsvMY.exe

C:\Windows\System\MRzDXgk.exe

C:\Windows\System\MRzDXgk.exe

C:\Windows\System\XjumQIY.exe

C:\Windows\System\XjumQIY.exe

C:\Windows\System\ALhTzuI.exe

C:\Windows\System\ALhTzuI.exe

C:\Windows\System\vSNqIMf.exe

C:\Windows\System\vSNqIMf.exe

C:\Windows\System\euWWPXU.exe

C:\Windows\System\euWWPXU.exe

C:\Windows\System\XSdMMxG.exe

C:\Windows\System\XSdMMxG.exe

C:\Windows\System\GYTEmZD.exe

C:\Windows\System\GYTEmZD.exe

C:\Windows\System\iDtQBTq.exe

C:\Windows\System\iDtQBTq.exe

C:\Windows\System\thGhnZg.exe

C:\Windows\System\thGhnZg.exe

C:\Windows\System\HPuLVOW.exe

C:\Windows\System\HPuLVOW.exe

C:\Windows\System\GWCyoTk.exe

C:\Windows\System\GWCyoTk.exe

C:\Windows\System\vcFcyZP.exe

C:\Windows\System\vcFcyZP.exe

C:\Windows\System\tJoClWI.exe

C:\Windows\System\tJoClWI.exe

C:\Windows\System\aicwccq.exe

C:\Windows\System\aicwccq.exe

C:\Windows\System\rXdsOBg.exe

C:\Windows\System\rXdsOBg.exe

C:\Windows\System\uAUVlBN.exe

C:\Windows\System\uAUVlBN.exe

C:\Windows\System\jXOrsuy.exe

C:\Windows\System\jXOrsuy.exe

C:\Windows\System\WevQgLY.exe

C:\Windows\System\WevQgLY.exe

C:\Windows\System\wdgVlkr.exe

C:\Windows\System\wdgVlkr.exe

C:\Windows\System\QOAbsBH.exe

C:\Windows\System\QOAbsBH.exe

C:\Windows\System\NhVgmTp.exe

C:\Windows\System\NhVgmTp.exe

C:\Windows\System\nMMNTim.exe

C:\Windows\System\nMMNTim.exe

C:\Windows\System\tnfgxBX.exe

C:\Windows\System\tnfgxBX.exe

C:\Windows\System\FnWSfDe.exe

C:\Windows\System\FnWSfDe.exe

C:\Windows\System\iDMDanr.exe

C:\Windows\System\iDMDanr.exe

C:\Windows\System\ButaSkZ.exe

C:\Windows\System\ButaSkZ.exe

C:\Windows\System\vafAaca.exe

C:\Windows\System\vafAaca.exe

C:\Windows\System\BbYaYnQ.exe

C:\Windows\System\BbYaYnQ.exe

C:\Windows\System\CWFgCGr.exe

C:\Windows\System\CWFgCGr.exe

C:\Windows\System\zagifsu.exe

C:\Windows\System\zagifsu.exe

C:\Windows\System\dyWRnMG.exe

C:\Windows\System\dyWRnMG.exe

C:\Windows\System\zTEQEhN.exe

C:\Windows\System\zTEQEhN.exe

C:\Windows\System\zlxisbY.exe

C:\Windows\System\zlxisbY.exe

C:\Windows\System\GYFyoZO.exe

C:\Windows\System\GYFyoZO.exe

C:\Windows\System\juoXHQW.exe

C:\Windows\System\juoXHQW.exe

C:\Windows\System\VHTtYwd.exe

C:\Windows\System\VHTtYwd.exe

C:\Windows\System\jeRUrqZ.exe

C:\Windows\System\jeRUrqZ.exe

C:\Windows\System\QpMUXNa.exe

C:\Windows\System\QpMUXNa.exe

C:\Windows\System\jvQqkTd.exe

C:\Windows\System\jvQqkTd.exe

C:\Windows\System\YxtXyJq.exe

C:\Windows\System\YxtXyJq.exe

C:\Windows\System\VgPAtcW.exe

C:\Windows\System\VgPAtcW.exe

C:\Windows\System\ajBSnBJ.exe

C:\Windows\System\ajBSnBJ.exe

C:\Windows\System\XQyTtjL.exe

C:\Windows\System\XQyTtjL.exe

C:\Windows\System\hkXqHEw.exe

C:\Windows\System\hkXqHEw.exe

C:\Windows\System\tbfjSmc.exe

C:\Windows\System\tbfjSmc.exe

C:\Windows\System\klvbXuH.exe

C:\Windows\System\klvbXuH.exe

C:\Windows\System\DyLGEei.exe

C:\Windows\System\DyLGEei.exe

C:\Windows\System\NBQAVue.exe

C:\Windows\System\NBQAVue.exe

C:\Windows\System\aZdYMgo.exe

C:\Windows\System\aZdYMgo.exe

C:\Windows\System\ZCPKnRL.exe

C:\Windows\System\ZCPKnRL.exe

C:\Windows\System\DrsNxwb.exe

C:\Windows\System\DrsNxwb.exe

C:\Windows\System\rLmhMkf.exe

C:\Windows\System\rLmhMkf.exe

C:\Windows\System\pOvpVdP.exe

C:\Windows\System\pOvpVdP.exe

C:\Windows\System\ijCuAIn.exe

C:\Windows\System\ijCuAIn.exe

C:\Windows\System\iGTuWpR.exe

C:\Windows\System\iGTuWpR.exe

C:\Windows\System\fInFeGf.exe

C:\Windows\System\fInFeGf.exe

C:\Windows\System\UmKSIEQ.exe

C:\Windows\System\UmKSIEQ.exe

C:\Windows\System\awVClUz.exe

C:\Windows\System\awVClUz.exe

C:\Windows\System\ASwAnoZ.exe

C:\Windows\System\ASwAnoZ.exe

C:\Windows\System\FFkoWLQ.exe

C:\Windows\System\FFkoWLQ.exe

C:\Windows\System\FeSeSSC.exe

C:\Windows\System\FeSeSSC.exe

C:\Windows\System\XzOnwJc.exe

C:\Windows\System\XzOnwJc.exe

C:\Windows\System\LtCrfUj.exe

C:\Windows\System\LtCrfUj.exe

C:\Windows\System\UzDDtUS.exe

C:\Windows\System\UzDDtUS.exe

C:\Windows\System\grIYtcj.exe

C:\Windows\System\grIYtcj.exe

C:\Windows\System\IZfsSYU.exe

C:\Windows\System\IZfsSYU.exe

C:\Windows\System\rEGETMS.exe

C:\Windows\System\rEGETMS.exe

C:\Windows\System\voLHZus.exe

C:\Windows\System\voLHZus.exe

C:\Windows\System\KfZnNKR.exe

C:\Windows\System\KfZnNKR.exe

C:\Windows\System\FWggZbD.exe

C:\Windows\System\FWggZbD.exe

C:\Windows\System\evozZjs.exe

C:\Windows\System\evozZjs.exe

C:\Windows\System\nObpEpO.exe

C:\Windows\System\nObpEpO.exe

C:\Windows\System\wvqYbiG.exe

C:\Windows\System\wvqYbiG.exe

C:\Windows\System\cSMLWJY.exe

C:\Windows\System\cSMLWJY.exe

C:\Windows\System\NTDnHQh.exe

C:\Windows\System\NTDnHQh.exe

C:\Windows\System\gmtaMWU.exe

C:\Windows\System\gmtaMWU.exe

C:\Windows\System\vPPkgSP.exe

C:\Windows\System\vPPkgSP.exe

C:\Windows\System\dXzFFGt.exe

C:\Windows\System\dXzFFGt.exe

C:\Windows\System\JTuTbdi.exe

C:\Windows\System\JTuTbdi.exe

C:\Windows\System\AdMLZTn.exe

C:\Windows\System\AdMLZTn.exe

C:\Windows\System\tdriHGf.exe

C:\Windows\System\tdriHGf.exe

C:\Windows\System\GkKzDLY.exe

C:\Windows\System\GkKzDLY.exe

C:\Windows\System\WTCpKQg.exe

C:\Windows\System\WTCpKQg.exe

C:\Windows\System\wugvIOG.exe

C:\Windows\System\wugvIOG.exe

C:\Windows\System\CUMtEFK.exe

C:\Windows\System\CUMtEFK.exe

C:\Windows\System\wbMaODX.exe

C:\Windows\System\wbMaODX.exe

C:\Windows\System\StkkkmH.exe

C:\Windows\System\StkkkmH.exe

C:\Windows\System\nZXgVsf.exe

C:\Windows\System\nZXgVsf.exe

C:\Windows\System\NsOyZUi.exe

C:\Windows\System\NsOyZUi.exe

C:\Windows\System\swXZHGu.exe

C:\Windows\System\swXZHGu.exe

C:\Windows\System\pxZETTU.exe

C:\Windows\System\pxZETTU.exe

C:\Windows\System\QIksGvf.exe

C:\Windows\System\QIksGvf.exe

C:\Windows\System\UaeKJIW.exe

C:\Windows\System\UaeKJIW.exe

C:\Windows\System\wJrxhrE.exe

C:\Windows\System\wJrxhrE.exe

C:\Windows\System\SBIOVoY.exe

C:\Windows\System\SBIOVoY.exe

C:\Windows\System\zgLQgwW.exe

C:\Windows\System\zgLQgwW.exe

C:\Windows\System\busEEex.exe

C:\Windows\System\busEEex.exe

C:\Windows\System\mTaoWXn.exe

C:\Windows\System\mTaoWXn.exe

C:\Windows\System\dHFDzEA.exe

C:\Windows\System\dHFDzEA.exe

C:\Windows\System\hGVShIT.exe

C:\Windows\System\hGVShIT.exe

C:\Windows\System\kyijgaF.exe

C:\Windows\System\kyijgaF.exe

C:\Windows\System\WLwxmWV.exe

C:\Windows\System\WLwxmWV.exe

C:\Windows\System\xCLHZZh.exe

C:\Windows\System\xCLHZZh.exe

C:\Windows\System\sEHvAvK.exe

C:\Windows\System\sEHvAvK.exe

C:\Windows\System\HySlBKY.exe

C:\Windows\System\HySlBKY.exe

C:\Windows\System\dRJAaBW.exe

C:\Windows\System\dRJAaBW.exe

C:\Windows\System\mYENCDP.exe

C:\Windows\System\mYENCDP.exe

C:\Windows\System\PuNCPRc.exe

C:\Windows\System\PuNCPRc.exe

C:\Windows\System\WCiafcM.exe

C:\Windows\System\WCiafcM.exe

C:\Windows\System\lXtOcAW.exe

C:\Windows\System\lXtOcAW.exe

C:\Windows\System\pfstmvA.exe

C:\Windows\System\pfstmvA.exe

C:\Windows\System\QoZbTHS.exe

C:\Windows\System\QoZbTHS.exe

C:\Windows\System\otYrkoT.exe

C:\Windows\System\otYrkoT.exe

C:\Windows\System\hZdUnLb.exe

C:\Windows\System\hZdUnLb.exe

C:\Windows\System\jhdkZWc.exe

C:\Windows\System\jhdkZWc.exe

C:\Windows\System\zUvZVHT.exe

C:\Windows\System\zUvZVHT.exe

C:\Windows\System\kUgoisK.exe

C:\Windows\System\kUgoisK.exe

C:\Windows\System\YHTbIAy.exe

C:\Windows\System\YHTbIAy.exe

C:\Windows\System\xwKWIer.exe

C:\Windows\System\xwKWIer.exe

C:\Windows\System\HWDVvgI.exe

C:\Windows\System\HWDVvgI.exe

C:\Windows\System\tPsIHyT.exe

C:\Windows\System\tPsIHyT.exe

C:\Windows\System\ClZktuS.exe

C:\Windows\System\ClZktuS.exe

C:\Windows\System\LEAFeDd.exe

C:\Windows\System\LEAFeDd.exe

C:\Windows\System\FGWIfTa.exe

C:\Windows\System\FGWIfTa.exe

C:\Windows\System\rboAOaX.exe

C:\Windows\System\rboAOaX.exe

C:\Windows\System\aGANRiB.exe

C:\Windows\System\aGANRiB.exe

C:\Windows\System\YSAfRyl.exe

C:\Windows\System\YSAfRyl.exe

C:\Windows\System\wXnrblk.exe

C:\Windows\System\wXnrblk.exe

C:\Windows\System\xOBKHtq.exe

C:\Windows\System\xOBKHtq.exe

C:\Windows\System\oCUtNge.exe

C:\Windows\System\oCUtNge.exe

C:\Windows\System\vOebnBY.exe

C:\Windows\System\vOebnBY.exe

C:\Windows\System\uhRrcEH.exe

C:\Windows\System\uhRrcEH.exe

C:\Windows\System\MWsfoKh.exe

C:\Windows\System\MWsfoKh.exe

C:\Windows\System\TfdXSII.exe

C:\Windows\System\TfdXSII.exe

C:\Windows\System\giSZVdD.exe

C:\Windows\System\giSZVdD.exe

C:\Windows\System\tpcFmom.exe

C:\Windows\System\tpcFmom.exe

C:\Windows\System\UlEYbGY.exe

C:\Windows\System\UlEYbGY.exe

C:\Windows\System\Qcmuwhc.exe

C:\Windows\System\Qcmuwhc.exe

C:\Windows\System\KBKFZPT.exe

C:\Windows\System\KBKFZPT.exe

C:\Windows\System\YPdYWvH.exe

C:\Windows\System\YPdYWvH.exe

C:\Windows\System\skhbxCL.exe

C:\Windows\System\skhbxCL.exe

C:\Windows\System\FhsvpCf.exe

C:\Windows\System\FhsvpCf.exe

C:\Windows\System\TJrTplK.exe

C:\Windows\System\TJrTplK.exe

C:\Windows\System\wztbMAG.exe

C:\Windows\System\wztbMAG.exe

C:\Windows\System\DATFQtM.exe

C:\Windows\System\DATFQtM.exe

C:\Windows\System\hMghPvd.exe

C:\Windows\System\hMghPvd.exe

C:\Windows\System\YVuWSOp.exe

C:\Windows\System\YVuWSOp.exe

C:\Windows\System\AkRelTb.exe

C:\Windows\System\AkRelTb.exe

C:\Windows\System\GGAFgdw.exe

C:\Windows\System\GGAFgdw.exe

C:\Windows\System\aCHbYWt.exe

C:\Windows\System\aCHbYWt.exe

C:\Windows\System\nuJClvM.exe

C:\Windows\System\nuJClvM.exe

C:\Windows\System\NwnYdAU.exe

C:\Windows\System\NwnYdAU.exe

C:\Windows\System\JBXKfjN.exe

C:\Windows\System\JBXKfjN.exe

C:\Windows\System\CkZluFE.exe

C:\Windows\System\CkZluFE.exe

C:\Windows\System\NlVaPSi.exe

C:\Windows\System\NlVaPSi.exe

C:\Windows\System\CkIhVLw.exe

C:\Windows\System\CkIhVLw.exe

C:\Windows\System\KckPJaU.exe

C:\Windows\System\KckPJaU.exe

C:\Windows\System\qAJCGBJ.exe

C:\Windows\System\qAJCGBJ.exe

C:\Windows\System\OfKWAgz.exe

C:\Windows\System\OfKWAgz.exe

C:\Windows\System\cKkBqpC.exe

C:\Windows\System\cKkBqpC.exe

C:\Windows\System\ZLpDjfa.exe

C:\Windows\System\ZLpDjfa.exe

C:\Windows\System\GtwRSyW.exe

C:\Windows\System\GtwRSyW.exe

C:\Windows\System\EtjNyqW.exe

C:\Windows\System\EtjNyqW.exe

C:\Windows\System\jsyGQRQ.exe

C:\Windows\System\jsyGQRQ.exe

C:\Windows\System\MFclCjY.exe

C:\Windows\System\MFclCjY.exe

C:\Windows\System\tWiFwyp.exe

C:\Windows\System\tWiFwyp.exe

C:\Windows\System\dEvbAfv.exe

C:\Windows\System\dEvbAfv.exe

C:\Windows\System\YELxSgm.exe

C:\Windows\System\YELxSgm.exe

C:\Windows\System\GMnUQyW.exe

C:\Windows\System\GMnUQyW.exe

C:\Windows\System\KuhpWxp.exe

C:\Windows\System\KuhpWxp.exe

C:\Windows\System\fwYQWin.exe

C:\Windows\System\fwYQWin.exe

C:\Windows\System\JvrhdnK.exe

C:\Windows\System\JvrhdnK.exe

C:\Windows\System\DAlQoHl.exe

C:\Windows\System\DAlQoHl.exe

C:\Windows\System\suhUceF.exe

C:\Windows\System\suhUceF.exe

C:\Windows\System\ebBsked.exe

C:\Windows\System\ebBsked.exe

C:\Windows\System\tEsYfzi.exe

C:\Windows\System\tEsYfzi.exe

C:\Windows\System\TOoMXdq.exe

C:\Windows\System\TOoMXdq.exe

C:\Windows\System\LWzyQGO.exe

C:\Windows\System\LWzyQGO.exe

C:\Windows\System\wQxoJpp.exe

C:\Windows\System\wQxoJpp.exe

C:\Windows\System\vDzIzOx.exe

C:\Windows\System\vDzIzOx.exe

C:\Windows\System\yBGqZoY.exe

C:\Windows\System\yBGqZoY.exe

C:\Windows\System\DhTucDm.exe

C:\Windows\System\DhTucDm.exe

C:\Windows\System\XsGTbzE.exe

C:\Windows\System\XsGTbzE.exe

C:\Windows\System\gBJQrAW.exe

C:\Windows\System\gBJQrAW.exe

C:\Windows\System\QhUohGz.exe

C:\Windows\System\QhUohGz.exe

C:\Windows\System\KdRcOOc.exe

C:\Windows\System\KdRcOOc.exe

C:\Windows\System\LaZjnQx.exe

C:\Windows\System\LaZjnQx.exe

C:\Windows\System\lhoPgEz.exe

C:\Windows\System\lhoPgEz.exe

C:\Windows\System\UiqZLjm.exe

C:\Windows\System\UiqZLjm.exe

C:\Windows\System\DepkaZX.exe

C:\Windows\System\DepkaZX.exe

C:\Windows\System\ElerNcl.exe

C:\Windows\System\ElerNcl.exe

C:\Windows\System\yPaKfGL.exe

C:\Windows\System\yPaKfGL.exe

C:\Windows\System\bxXObGR.exe

C:\Windows\System\bxXObGR.exe

C:\Windows\System\QpOvRtW.exe

C:\Windows\System\QpOvRtW.exe

C:\Windows\System\pccItsS.exe

C:\Windows\System\pccItsS.exe

C:\Windows\System\YAmnrYt.exe

C:\Windows\System\YAmnrYt.exe

C:\Windows\System\mzgrlXL.exe

C:\Windows\System\mzgrlXL.exe

C:\Windows\System\jtxbhfq.exe

C:\Windows\System\jtxbhfq.exe

C:\Windows\System\yLHgOPA.exe

C:\Windows\System\yLHgOPA.exe

C:\Windows\System\ItnanPi.exe

C:\Windows\System\ItnanPi.exe

C:\Windows\System\lkBOCwC.exe

C:\Windows\System\lkBOCwC.exe

C:\Windows\System\zgYRPlW.exe

C:\Windows\System\zgYRPlW.exe

C:\Windows\System\voDBHmW.exe

C:\Windows\System\voDBHmW.exe

C:\Windows\System\jfdhSRk.exe

C:\Windows\System\jfdhSRk.exe

C:\Windows\System\rDoFzWW.exe

C:\Windows\System\rDoFzWW.exe

C:\Windows\System\iUnftNq.exe

C:\Windows\System\iUnftNq.exe

C:\Windows\System\DSAqgqc.exe

C:\Windows\System\DSAqgqc.exe

C:\Windows\System\ZlJpyqY.exe

C:\Windows\System\ZlJpyqY.exe

C:\Windows\System\bwsfISB.exe

C:\Windows\System\bwsfISB.exe

C:\Windows\System\vvyTNdJ.exe

C:\Windows\System\vvyTNdJ.exe

C:\Windows\System\ERhGhvl.exe

C:\Windows\System\ERhGhvl.exe

C:\Windows\System\rdGdEoG.exe

C:\Windows\System\rdGdEoG.exe

C:\Windows\System\eyTVdtN.exe

C:\Windows\System\eyTVdtN.exe

C:\Windows\System\JBEjhYK.exe

C:\Windows\System\JBEjhYK.exe

C:\Windows\System\GKbkaQr.exe

C:\Windows\System\GKbkaQr.exe

C:\Windows\System\UjExtKl.exe

C:\Windows\System\UjExtKl.exe

C:\Windows\System\TrulJsI.exe

C:\Windows\System\TrulJsI.exe

C:\Windows\System\azPbVoR.exe

C:\Windows\System\azPbVoR.exe

C:\Windows\System\dCkdyWE.exe

C:\Windows\System\dCkdyWE.exe

C:\Windows\System\TCcaJdo.exe

C:\Windows\System\TCcaJdo.exe

C:\Windows\System\iBiIidc.exe

C:\Windows\System\iBiIidc.exe

C:\Windows\System\FYMgWmj.exe

C:\Windows\System\FYMgWmj.exe

C:\Windows\System\FUgaBtg.exe

C:\Windows\System\FUgaBtg.exe

C:\Windows\System\eNoRQMT.exe

C:\Windows\System\eNoRQMT.exe

C:\Windows\System\EIlbxrH.exe

C:\Windows\System\EIlbxrH.exe

C:\Windows\System\tyxqTGf.exe

C:\Windows\System\tyxqTGf.exe

C:\Windows\System\YXERgbH.exe

C:\Windows\System\YXERgbH.exe

C:\Windows\System\tIsmsPf.exe

C:\Windows\System\tIsmsPf.exe

C:\Windows\System\zytPZoF.exe

C:\Windows\System\zytPZoF.exe

C:\Windows\System\myCCBNI.exe

C:\Windows\System\myCCBNI.exe

C:\Windows\System\EsOjwqr.exe

C:\Windows\System\EsOjwqr.exe

C:\Windows\System\KFJhakD.exe

C:\Windows\System\KFJhakD.exe

C:\Windows\System\hzyFjGl.exe

C:\Windows\System\hzyFjGl.exe

C:\Windows\System\HmlaMxb.exe

C:\Windows\System\HmlaMxb.exe

C:\Windows\System\FVioZXX.exe

C:\Windows\System\FVioZXX.exe

C:\Windows\System\KaNMvmq.exe

C:\Windows\System\KaNMvmq.exe

C:\Windows\System\OcoeaOp.exe

C:\Windows\System\OcoeaOp.exe

C:\Windows\System\TVTmnSr.exe

C:\Windows\System\TVTmnSr.exe

C:\Windows\System\uVbrcJI.exe

C:\Windows\System\uVbrcJI.exe

C:\Windows\System\Sldrrdn.exe

C:\Windows\System\Sldrrdn.exe

C:\Windows\System\XMzyNiR.exe

C:\Windows\System\XMzyNiR.exe

C:\Windows\System\xjioaeD.exe

C:\Windows\System\xjioaeD.exe

C:\Windows\System\rMOmrES.exe

C:\Windows\System\rMOmrES.exe

C:\Windows\System\xmYqyxh.exe

C:\Windows\System\xmYqyxh.exe

C:\Windows\System\rBnDIEX.exe

C:\Windows\System\rBnDIEX.exe

C:\Windows\System\iDxCrgh.exe

C:\Windows\System\iDxCrgh.exe

C:\Windows\System\gHVTPBu.exe

C:\Windows\System\gHVTPBu.exe

C:\Windows\System\CJWIvsf.exe

C:\Windows\System\CJWIvsf.exe

C:\Windows\System\AvJlmFO.exe

C:\Windows\System\AvJlmFO.exe

C:\Windows\System\YDZtjlD.exe

C:\Windows\System\YDZtjlD.exe

C:\Windows\System\sxFPYgd.exe

C:\Windows\System\sxFPYgd.exe

C:\Windows\System\TzOKfhJ.exe

C:\Windows\System\TzOKfhJ.exe

C:\Windows\System\EgAGMwX.exe

C:\Windows\System\EgAGMwX.exe

C:\Windows\System\JOEFCrR.exe

C:\Windows\System\JOEFCrR.exe

C:\Windows\System\WDoziMc.exe

C:\Windows\System\WDoziMc.exe

C:\Windows\System\lsqqeZS.exe

C:\Windows\System\lsqqeZS.exe

C:\Windows\System\bJbHDNg.exe

C:\Windows\System\bJbHDNg.exe

C:\Windows\System\OrfjmXg.exe

C:\Windows\System\OrfjmXg.exe

C:\Windows\System\zvkvinA.exe

C:\Windows\System\zvkvinA.exe

C:\Windows\System\tCsHwwZ.exe

C:\Windows\System\tCsHwwZ.exe

C:\Windows\System\jYrPjVT.exe

C:\Windows\System\jYrPjVT.exe

C:\Windows\System\JfuRrJr.exe

C:\Windows\System\JfuRrJr.exe

C:\Windows\System\rXgOVKL.exe

C:\Windows\System\rXgOVKL.exe

C:\Windows\System\QCQEnsr.exe

C:\Windows\System\QCQEnsr.exe

C:\Windows\System\vrPegsV.exe

C:\Windows\System\vrPegsV.exe

C:\Windows\System\NPHjHGL.exe

C:\Windows\System\NPHjHGL.exe

C:\Windows\System\RrGiHaI.exe

C:\Windows\System\RrGiHaI.exe

C:\Windows\System\RGpCbcf.exe

C:\Windows\System\RGpCbcf.exe

C:\Windows\System\SlPvSAu.exe

C:\Windows\System\SlPvSAu.exe

C:\Windows\System\IAkdAKF.exe

C:\Windows\System\IAkdAKF.exe

C:\Windows\System\zqFFswo.exe

C:\Windows\System\zqFFswo.exe

C:\Windows\System\fUXljcz.exe

C:\Windows\System\fUXljcz.exe

C:\Windows\System\rkMqAif.exe

C:\Windows\System\rkMqAif.exe

C:\Windows\System\VtVhbWX.exe

C:\Windows\System\VtVhbWX.exe

C:\Windows\System\txNSfPf.exe

C:\Windows\System\txNSfPf.exe

C:\Windows\System\ldLscmf.exe

C:\Windows\System\ldLscmf.exe

C:\Windows\System\EtPVXVH.exe

C:\Windows\System\EtPVXVH.exe

C:\Windows\System\ONmMFNU.exe

C:\Windows\System\ONmMFNU.exe

C:\Windows\System\NIMChbF.exe

C:\Windows\System\NIMChbF.exe

C:\Windows\System\tnzwYGH.exe

C:\Windows\System\tnzwYGH.exe

C:\Windows\System\xRTxeZs.exe

C:\Windows\System\xRTxeZs.exe

C:\Windows\System\KVqOdxo.exe

C:\Windows\System\KVqOdxo.exe

C:\Windows\System\rLMVRin.exe

C:\Windows\System\rLMVRin.exe

C:\Windows\System\LnFvuyS.exe

C:\Windows\System\LnFvuyS.exe

C:\Windows\System\iRodtYH.exe

C:\Windows\System\iRodtYH.exe

C:\Windows\System\JNqkWpJ.exe

C:\Windows\System\JNqkWpJ.exe

C:\Windows\System\YLCCeLg.exe

C:\Windows\System\YLCCeLg.exe

C:\Windows\System\qwVppfn.exe

C:\Windows\System\qwVppfn.exe

C:\Windows\System\EfyymRg.exe

C:\Windows\System\EfyymRg.exe

C:\Windows\System\nZPHwOi.exe

C:\Windows\System\nZPHwOi.exe

C:\Windows\System\JiQitTO.exe

C:\Windows\System\JiQitTO.exe

C:\Windows\System\akSeNhT.exe

C:\Windows\System\akSeNhT.exe

C:\Windows\System\VFzQZeF.exe

C:\Windows\System\VFzQZeF.exe

C:\Windows\System\UuIQVKo.exe

C:\Windows\System\UuIQVKo.exe

C:\Windows\System\vTuThZV.exe

C:\Windows\System\vTuThZV.exe

C:\Windows\System\NOlamCD.exe

C:\Windows\System\NOlamCD.exe

C:\Windows\System\OHXjcMP.exe

C:\Windows\System\OHXjcMP.exe

C:\Windows\System\nUqOfrW.exe

C:\Windows\System\nUqOfrW.exe

C:\Windows\System\AiCKfHQ.exe

C:\Windows\System\AiCKfHQ.exe

C:\Windows\System\ubIXqJl.exe

C:\Windows\System\ubIXqJl.exe

C:\Windows\System\ogDgeZi.exe

C:\Windows\System\ogDgeZi.exe

C:\Windows\System\UZTLmZC.exe

C:\Windows\System\UZTLmZC.exe

C:\Windows\System\hWgyNpW.exe

C:\Windows\System\hWgyNpW.exe

C:\Windows\System\hzojOKQ.exe

C:\Windows\System\hzojOKQ.exe

C:\Windows\System\UfAeqtp.exe

C:\Windows\System\UfAeqtp.exe

C:\Windows\System\ieAmpme.exe

C:\Windows\System\ieAmpme.exe

C:\Windows\System\mkWGdJb.exe

C:\Windows\System\mkWGdJb.exe

C:\Windows\System\jnZBqGA.exe

C:\Windows\System\jnZBqGA.exe

C:\Windows\System\PbJNhZN.exe

C:\Windows\System\PbJNhZN.exe

C:\Windows\System\rtlAwMx.exe

C:\Windows\System\rtlAwMx.exe

C:\Windows\System\dRBjwYX.exe

C:\Windows\System\dRBjwYX.exe

C:\Windows\System\NFFVlaw.exe

C:\Windows\System\NFFVlaw.exe

C:\Windows\System\OONYfrO.exe

C:\Windows\System\OONYfrO.exe

C:\Windows\System\RgeFuOt.exe

C:\Windows\System\RgeFuOt.exe

C:\Windows\System\eBSYEPJ.exe

C:\Windows\System\eBSYEPJ.exe

C:\Windows\System\BDsFDQm.exe

C:\Windows\System\BDsFDQm.exe

C:\Windows\System\rNeivqT.exe

C:\Windows\System\rNeivqT.exe

C:\Windows\System\krpghDT.exe

C:\Windows\System\krpghDT.exe

C:\Windows\System\cISLdsF.exe

C:\Windows\System\cISLdsF.exe

C:\Windows\System\hGlTtCs.exe

C:\Windows\System\hGlTtCs.exe

C:\Windows\System\HOhbynT.exe

C:\Windows\System\HOhbynT.exe

C:\Windows\System\MUVEhBx.exe

C:\Windows\System\MUVEhBx.exe

C:\Windows\System\nuuzXTy.exe

C:\Windows\System\nuuzXTy.exe

C:\Windows\System\GGmapgz.exe

C:\Windows\System\GGmapgz.exe

C:\Windows\System\aGLilPy.exe

C:\Windows\System\aGLilPy.exe

C:\Windows\System\nlxwZOZ.exe

C:\Windows\System\nlxwZOZ.exe

C:\Windows\System\fpCDUec.exe

C:\Windows\System\fpCDUec.exe

C:\Windows\System\FMrIHvH.exe

C:\Windows\System\FMrIHvH.exe

C:\Windows\System\TzXThcT.exe

C:\Windows\System\TzXThcT.exe

C:\Windows\System\TFZxMcZ.exe

C:\Windows\System\TFZxMcZ.exe

C:\Windows\System\Jzzxbyq.exe

C:\Windows\System\Jzzxbyq.exe

C:\Windows\System\rLVuRgM.exe

C:\Windows\System\rLVuRgM.exe

C:\Windows\System\YJCMGKl.exe

C:\Windows\System\YJCMGKl.exe

C:\Windows\System\HcsQFvE.exe

C:\Windows\System\HcsQFvE.exe

C:\Windows\System\ypXHuGS.exe

C:\Windows\System\ypXHuGS.exe

C:\Windows\System\DgHeAom.exe

C:\Windows\System\DgHeAom.exe

C:\Windows\System\RJWibAc.exe

C:\Windows\System\RJWibAc.exe

C:\Windows\System\tVUOflP.exe

C:\Windows\System\tVUOflP.exe

C:\Windows\System\ThoJtao.exe

C:\Windows\System\ThoJtao.exe

C:\Windows\System\WTUOtlb.exe

C:\Windows\System\WTUOtlb.exe

C:\Windows\System\qjLkWLI.exe

C:\Windows\System\qjLkWLI.exe

C:\Windows\System\zurPwwJ.exe

C:\Windows\System\zurPwwJ.exe

C:\Windows\System\nZyIZKh.exe

C:\Windows\System\nZyIZKh.exe

C:\Windows\System\CYBYuKQ.exe

C:\Windows\System\CYBYuKQ.exe

C:\Windows\System\pgpiBYo.exe

C:\Windows\System\pgpiBYo.exe

C:\Windows\System\RhAcLSR.exe

C:\Windows\System\RhAcLSR.exe

C:\Windows\System\KNLAuEV.exe

C:\Windows\System\KNLAuEV.exe

C:\Windows\System\qPVYQtm.exe

C:\Windows\System\qPVYQtm.exe

C:\Windows\System\tHmNggv.exe

C:\Windows\System\tHmNggv.exe

C:\Windows\System\TmaeIXH.exe

C:\Windows\System\TmaeIXH.exe

C:\Windows\System\pWNZdRO.exe

C:\Windows\System\pWNZdRO.exe

C:\Windows\System\eMpAyrM.exe

C:\Windows\System\eMpAyrM.exe

C:\Windows\System\JyOOrSu.exe

C:\Windows\System\JyOOrSu.exe

C:\Windows\System\ELVLDeE.exe

C:\Windows\System\ELVLDeE.exe

C:\Windows\System\XqVhVFM.exe

C:\Windows\System\XqVhVFM.exe

C:\Windows\System\SpstcgK.exe

C:\Windows\System\SpstcgK.exe

C:\Windows\System\yTBNTEu.exe

C:\Windows\System\yTBNTEu.exe

C:\Windows\System\OjZEoyQ.exe

C:\Windows\System\OjZEoyQ.exe

C:\Windows\System\EMhfrhF.exe

C:\Windows\System\EMhfrhF.exe

C:\Windows\System\NwTBRXs.exe

C:\Windows\System\NwTBRXs.exe

C:\Windows\System\wnPvpwC.exe

C:\Windows\System\wnPvpwC.exe

C:\Windows\System\VdKaLhA.exe

C:\Windows\System\VdKaLhA.exe

C:\Windows\System\UkIOUas.exe

C:\Windows\System\UkIOUas.exe

C:\Windows\System\FwCVTJl.exe

C:\Windows\System\FwCVTJl.exe

C:\Windows\System\etuBLxW.exe

C:\Windows\System\etuBLxW.exe

C:\Windows\System\BVShXTV.exe

C:\Windows\System\BVShXTV.exe

C:\Windows\System\QCpgvxB.exe

C:\Windows\System\QCpgvxB.exe

C:\Windows\System\pZVdsmJ.exe

C:\Windows\System\pZVdsmJ.exe

C:\Windows\System\zuDLqDA.exe

C:\Windows\System\zuDLqDA.exe

C:\Windows\System\erPfhDX.exe

C:\Windows\System\erPfhDX.exe

C:\Windows\System\TBkDKlM.exe

C:\Windows\System\TBkDKlM.exe

C:\Windows\System\nOenQPM.exe

C:\Windows\System\nOenQPM.exe

C:\Windows\System\iErmymJ.exe

C:\Windows\System\iErmymJ.exe

C:\Windows\System\aofoVON.exe

C:\Windows\System\aofoVON.exe

C:\Windows\System\klounDG.exe

C:\Windows\System\klounDG.exe

C:\Windows\System\BmNRnae.exe

C:\Windows\System\BmNRnae.exe

C:\Windows\System\Idfkubt.exe

C:\Windows\System\Idfkubt.exe

C:\Windows\System\uoGxTDB.exe

C:\Windows\System\uoGxTDB.exe

C:\Windows\System\GFaEXIe.exe

C:\Windows\System\GFaEXIe.exe

C:\Windows\System\Cmjbzbt.exe

C:\Windows\System\Cmjbzbt.exe

C:\Windows\System\uBsvDwE.exe

C:\Windows\System\uBsvDwE.exe

C:\Windows\System\ExUlPOp.exe

C:\Windows\System\ExUlPOp.exe

C:\Windows\System\hslmwcD.exe

C:\Windows\System\hslmwcD.exe

C:\Windows\System\uoRHjmj.exe

C:\Windows\System\uoRHjmj.exe

C:\Windows\System\BLirAHf.exe

C:\Windows\System\BLirAHf.exe

C:\Windows\System\lHXgAoL.exe

C:\Windows\System\lHXgAoL.exe

C:\Windows\System\gWLEXTo.exe

C:\Windows\System\gWLEXTo.exe

C:\Windows\System\thVxoRu.exe

C:\Windows\System\thVxoRu.exe

C:\Windows\System\tcfhhlK.exe

C:\Windows\System\tcfhhlK.exe

C:\Windows\System\mFzNuxr.exe

C:\Windows\System\mFzNuxr.exe

C:\Windows\System\CeMtliL.exe

C:\Windows\System\CeMtliL.exe

C:\Windows\System\IaUaxuQ.exe

C:\Windows\System\IaUaxuQ.exe

C:\Windows\System\jQOBNeO.exe

C:\Windows\System\jQOBNeO.exe

C:\Windows\System\bJMLKWC.exe

C:\Windows\System\bJMLKWC.exe

C:\Windows\System\Snqpugh.exe

C:\Windows\System\Snqpugh.exe

C:\Windows\System\PuqWEUg.exe

C:\Windows\System\PuqWEUg.exe

C:\Windows\System\NgVOsAq.exe

C:\Windows\System\NgVOsAq.exe

C:\Windows\System\voBJWdv.exe

C:\Windows\System\voBJWdv.exe

C:\Windows\System\LiMxUUu.exe

C:\Windows\System\LiMxUUu.exe

C:\Windows\System\TlSYTvh.exe

C:\Windows\System\TlSYTvh.exe

C:\Windows\System\UuykoBN.exe

C:\Windows\System\UuykoBN.exe

C:\Windows\System\ZYfbEId.exe

C:\Windows\System\ZYfbEId.exe

C:\Windows\System\CKRlRjp.exe

C:\Windows\System\CKRlRjp.exe

C:\Windows\System\ughcjYQ.exe

C:\Windows\System\ughcjYQ.exe

C:\Windows\System\LHyDiQT.exe

C:\Windows\System\LHyDiQT.exe

C:\Windows\System\qImLPaT.exe

C:\Windows\System\qImLPaT.exe

C:\Windows\System\UhgJeRP.exe

C:\Windows\System\UhgJeRP.exe

C:\Windows\System\tZRHLgG.exe

C:\Windows\System\tZRHLgG.exe

C:\Windows\System\ygflctj.exe

C:\Windows\System\ygflctj.exe

C:\Windows\System\UUzdeTA.exe

C:\Windows\System\UUzdeTA.exe

C:\Windows\System\eMEcHAU.exe

C:\Windows\System\eMEcHAU.exe

C:\Windows\System\cJSIkIM.exe

C:\Windows\System\cJSIkIM.exe

C:\Windows\System\nrYtxtl.exe

C:\Windows\System\nrYtxtl.exe

C:\Windows\System\uMgtSzB.exe

C:\Windows\System\uMgtSzB.exe

C:\Windows\System\mebAFkG.exe

C:\Windows\System\mebAFkG.exe

C:\Windows\System\sBLcNzx.exe

C:\Windows\System\sBLcNzx.exe

C:\Windows\System\vNXHaaz.exe

C:\Windows\System\vNXHaaz.exe

C:\Windows\System\JwbDXMf.exe

C:\Windows\System\JwbDXMf.exe

C:\Windows\System\mWMFcZa.exe

C:\Windows\System\mWMFcZa.exe

C:\Windows\System\pyPzHkX.exe

C:\Windows\System\pyPzHkX.exe

C:\Windows\System\nsnuNvR.exe

C:\Windows\System\nsnuNvR.exe

C:\Windows\System\GRfquMj.exe

C:\Windows\System\GRfquMj.exe

C:\Windows\System\dNpCeOP.exe

C:\Windows\System\dNpCeOP.exe

C:\Windows\System\KmXurzU.exe

C:\Windows\System\KmXurzU.exe

C:\Windows\System\EgJJhkV.exe

C:\Windows\System\EgJJhkV.exe

C:\Windows\System\TtrFnvv.exe

C:\Windows\System\TtrFnvv.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

memory/4596-0-0x00007FF721370000-0x00007FF7216C1000-memory.dmp

memory/4596-1-0x000001ECDFE50000-0x000001ECDFE60000-memory.dmp

C:\Windows\System\GyXMdxH.exe

MD5 a901648fe93fa4aaf00e3ac905bf0e65
SHA1 ade4e7f75f497ddaadeee8e367334ec58068d3ed
SHA256 6c8c027844c284dbd61bb2eb4ebf7d83d2d85f45ae2e6ad1d7621a61968d6b6f
SHA512 314bcb0fcc78ba19d9539ad168a0f2d9f69faf684f1684bb49a1ed43e8de1dd0c1cc9d4b7d1cb359d2a42923c1e4d0d55c8e3d27fc47b0329a524c554ad0d817

C:\Windows\System\NYFTDNY.exe

MD5 afd77cce69fe808acef434115ee55684
SHA1 69be577f546b7fe8c065421ef77ac13cbdb99562
SHA256 f7ec30e5457c75f81a8e0352b09010fa27e209d87bc57e8f4db81aff9df5eff5
SHA512 6ccb17e43286bd444593a1387593643eca2ee3f841bb2e617da7b2ecc10dee817fcd221a748ff27658d93e4696f7c8b4c385b095c8e4b75446168f999fe65f99

memory/5048-22-0x00007FF6BE5B0000-0x00007FF6BE901000-memory.dmp

memory/2032-38-0x00007FF6F5310000-0x00007FF6F5661000-memory.dmp

C:\Windows\System\kRnDYeb.exe

MD5 fbda22aeaa60b402df366f1c8a351911
SHA1 36797c64a608146813805c6918618fa56ca92b78
SHA256 f491e07e97323279f6ab6c5c0226c8e0bbc82efa799a604d76d2c87f9e50d42b
SHA512 584f2fa787cb3504760e2d49d7545a0177947a821f1c08a3db8173ee49f5d0264623886cababd5f755e6c5e33905dac2dedc1c206d6c8b0cb9ae1e91427cc73a

memory/884-74-0x00007FF663A80000-0x00007FF663DD1000-memory.dmp

C:\Windows\System\wuLfbAg.exe

MD5 7fc407af3bfc5022f948baaf97b03074
SHA1 da9ac4597c2055903ad19df6fffdae483b85a661
SHA256 d6babe291345342524b55a4b179cf799725c34cb3ffcf1891dbb3904b42f02e5
SHA512 7baa21e6dc3e2d8f0c12619552d34e8d5d2746d1c549e04e58a24449cce6aed47253c70c8b6a286d82fa24a9f51f144630f6aaa3b8c6daba5e23fe4628b4836d

C:\Windows\System\ISTvpMz.exe

MD5 2d91e28e4a9ccfb96278645e92dba0cc
SHA1 ece766af765ed4d3c78bb7599eeaa6733ab4a7a0
SHA256 770f5d1276b178a16f18221b7dc531822f3994ef1a07ca487b31ebbba49c58a9
SHA512 516bac9fb3bc99916b7d3c043906f5b8d8d0f05528aa2fadd5b3f0a6ea3fd2d1b4eca8afa0e72f480e0aa032bf594e98597b5343540ec1eb901103058c36bc24

C:\Windows\System\gWABJSd.exe

MD5 36ffd5e6a4c81337af07d3a193fe8c6d
SHA1 f0def63dbd750e3c903a63e9f36cfef7ebfb73f0
SHA256 36775cdce71fac05254a8ee8bfb221a3d7bdf3564b0637074bfd21129068c4f0
SHA512 2eb801d38e48fb0cf6ed339e7aeb94f3c2a701f01911f88a33fc200481d336902499fe56a87e1c6afd6a5a64409402da51da49137194f0551b804828d10e5db3

C:\Windows\System\aoNkBXX.exe

MD5 de70915017699112c575c58e071a5494
SHA1 76c03b9c6933260688bf540570239ffe81ea7290
SHA256 cfd6eefc30713025a886628d71e04565b2d29c58151571591b9fe244265955af
SHA512 33f840520e579f09608c3f5a8c8a65ee2b1df0c16bb1ac4eac5247a6ab02c2c620b382c19b9eac153517d0a59a572e3ec30dc1849e0f22f0a04b27abaccb4fe2

C:\Windows\System\GOjRWxx.exe

MD5 f87b00a2f87d8cc983a8f7fd9c1563d4
SHA1 097cef8739dcc54da7aa3e9f99036e4e745fae5c
SHA256 79e2a466267cdb17c315dd0a625f7633b9c1259aecf39b988faf8bbc6709cd6c
SHA512 ab79b728693c563c9894a828af60986ccbabf7dbdb25e60312dd7afb228688405b44bfb06dfaa65d4830d3b0afdd16fa242b13d6dfb3791a7ba212c15a1e0be1

C:\Windows\System\XQurIZR.exe

MD5 21016a3f872241bd9f9739d32c7564d6
SHA1 314df2ef2d4e9c768627b9d5c7abbbbf4fb1a8c9
SHA256 f8df6cf6140e00fc698d83caaacccf56576ac11e7ad43968451025bab44cbc56
SHA512 405fd59374793b45859e90ccf274c39cff49c26ad70384c548a72d136ef76bcb7ad355443d52c4e47ef55f9f2e4184f4204d763c5e8ee1f44d778846966393ff

C:\Windows\System\QfSpBBf.exe

MD5 333d668eeb7508598241ca49457e4b33
SHA1 dca31e08b3696bae8a6c001cf722308a6625e68d
SHA256 94098013dc45b6fae6256938b694cadee850a3cfe8e51a2e27b84008be2cc978
SHA512 e27062226f4cc079337b7e41fea0294c62cb463c3fa614821e67927fe499231753d207fa865f5863d252dbd6109efbe0a58cc6a4bbab3a80ed8c01a06b72035b

memory/1400-181-0x00007FF72DD20000-0x00007FF72E071000-memory.dmp

C:\Windows\System\ELtrhos.exe

MD5 daa6d05f48aaa0cd5db71a8be4a134aa
SHA1 8fcbcebbf4d73e86996ca1baeb5fcccd0840d5ec
SHA256 45c919420e573ddea3bc757961e35141abb147108584b78ee29a13ee9f5b6c64
SHA512 e2b1c0be5b01b4dc74059c3944d87de1098c4e19aa4da5b729e647ddc9c49160accbbc2011c010fb03b9a1bdbc37bd256dbee95b0c71242a34fee746ea89dfd8

C:\Windows\System\IoKsYWk.exe

MD5 e650e4e509806c5e191c659887e31757
SHA1 461a6f5719420205877554f9dbe35366d75f7601
SHA256 046e375946b917b4f95441028ed004b51c8b04c4632d06a684b13ef2573063f8
SHA512 7f9e62b4f3a0581dc56aa25ec61c541b1a44d44bb1cc782e2db4bbfb2253a732e33a13d96d275f6bede280bcca27f37286bb9671f9d7289ae502aefa780f54a6

memory/2572-189-0x00007FF67D8B0000-0x00007FF67DC01000-memory.dmp

memory/4876-188-0x00007FF682E30000-0x00007FF683181000-memory.dmp

C:\Windows\System\ugctnkv.exe

MD5 1e26f1c9e8b7c24cf28e3517d1c7a603
SHA1 1cdc9b7528cda589356aabae6be06579d867c938
SHA256 b53fa7f657a046a1b8a6e7aa23d05389315f3988bc235c82957f69b73f5a8358
SHA512 916978ec3272413bccf8438739183a133ab9bf4bac04b79a5ecb1dedf09dbc1253c4fd9f5a636c1e09f4583a25797581b4b1fbd682f35e257a1979b746353c9d

C:\Windows\System\azBnWea.exe

MD5 5cd146418719998f93cb4341891d1621
SHA1 985533ac22971d4c96ee217299acd33092605b1d
SHA256 c618c73c57fa3570f2a4cea3051912c99ed432ddf6c13260547f42c59272618d
SHA512 07311c6eef54f56b490d91f5d2690bc9a19102d43f5840b0968c25c1fa35a4f694a71a21aa318f328b86a706735eb5c4101350c278a74f2fa9c5a47950439434

memory/2820-182-0x00007FF6132E0000-0x00007FF613631000-memory.dmp

memory/5076-177-0x00007FF66CDC0000-0x00007FF66D111000-memory.dmp

C:\Windows\System\zohHVEE.exe

MD5 32262b3e94fbb948b0a283fa47e6723b
SHA1 807dbb4862b71b14a886b6422a7289fcdb225dea
SHA256 ff7047be31e26f34acf706bed9bcf71c7995713e4980785b1bcd5c3271c08b7d
SHA512 641f2523ca19a36caafee688de84ff5b9af08331f4dad02208c59cb73993d39ce573a58ecd05afde3bf7e513890adb30ee6cbaf3d0aa843164cefedc01728ee6

memory/2608-171-0x00007FF703DE0000-0x00007FF704131000-memory.dmp

memory/4440-170-0x00007FF782D30000-0x00007FF783081000-memory.dmp

C:\Windows\System\dpleApS.exe

MD5 92159ac526f147387f24f261f3e2b6a6
SHA1 237d5d5d4f1099cc7f315f18e759c9400bc31754
SHA256 02fc1849bcfb0842cdb093fbb976bfba8c0df3fbb23cf781b42e9b439fbc4bb6
SHA512 618e4e225f1cd7cb3642e1ad958f3632b602ae971b4cebcf11861eeb7196a6b58c55284c6f24dd95dcc185895f63ba08b074eff5ddd783fb4247f70bbaf680f6

memory/4504-165-0x00007FF784640000-0x00007FF784991000-memory.dmp

memory/3968-164-0x00007FF60C7B0000-0x00007FF60CB01000-memory.dmp

C:\Windows\System\GGBSLtL.exe

MD5 2441537dd52fda92d4e1449bf7af56f6
SHA1 aa085217d463ee02f98eacf3a2d2e96ff04cd26e
SHA256 f483ad087b643308af42082ba0d9e17336456c8841860b7554c6b4ded7599028
SHA512 ac73dbfdad256c756cd839f1beafb281f40471ba4a35b6aee48f61c02c152d65b761cd7b1ad6c0cb80374e1b5dc63ea44755854c2a83b0ebe5580e1aadadd36a

memory/4552-157-0x00007FF7D1190000-0x00007FF7D14E1000-memory.dmp

memory/636-156-0x00007FF64BA70000-0x00007FF64BDC1000-memory.dmp

C:\Windows\System\SzUKsxe.exe

MD5 ca35129234572ef88cbeff4560ed4090
SHA1 66350c2abc6f37a745ed526e9a6db247fe9f52bf
SHA256 bca83c4561a8b6adecb128047d3a0f2a4464f8e1d3cab8a7bc37210e1d8ac368
SHA512 2950afcaaee7eae9169c9cbe89cc7a177ecaddea4fb1b4457687ee9759a857f5a5512ccfa6212b2282a4dd7708a18997d5e6d16ede86837dd6540bb8c992bbab

memory/3092-146-0x00007FF683880000-0x00007FF683BD1000-memory.dmp

C:\Windows\System\eGAaYVn.exe

MD5 93c45810409b1bd6853269462a8f3abd
SHA1 9b5e4456f9b7be57f4f8d71cae9514ba294c751a
SHA256 1b0f5ab0fd921bb2d3a2893cd6baafb0d072af0a597d08365ce9d2bf9fc3ca92
SHA512 be157703aaffb33470b702a02ef9efab5793100305551915f2fd32e210e68c7fca68b2d5c90d017d1277d105c7a10e90825be34571febd95f5404c45fc60bb08

C:\Windows\System\iZdCkbj.exe

MD5 df2dc5781f6992267d307b2b7a4c6ae3
SHA1 3db67173dfa197ecf2046f0c8f9e0347b7821abb
SHA256 cb4b4e0694b6eb12a58100f1f9ceaf539c65a5da4cd1a9685b97bcee116bb965
SHA512 a1ab344ce58535165dfc9103f1fcda86bb301a463bcdb12093601583029b61b98a54486ab9d043a0f202fe4b56b3d32a56e59e503b15c2e21732d21f5b64d8e2

C:\Windows\System\vDWmEgh.exe

MD5 9377592933176f9046660a924b422d8a
SHA1 bfb59ff6a106997fe4e091406142c9e5ddcf4301
SHA256 5e881b39b2c402043e7ecb62feb5230fbd85aad300f7791fd995ead46dcb08bb
SHA512 e4125add67e6af92895203920137787c82ea18b391869ac7ccda3ea50b8b6507893b32fc22159117d5be2004145f8da39e9e9c1114741ddc3f84ae2def74cc90

memory/3000-128-0x00007FF64F210000-0x00007FF64F561000-memory.dmp

memory/1264-126-0x00007FF7FA9C0000-0x00007FF7FAD11000-memory.dmp

C:\Windows\System\fNHQTnq.exe

MD5 d9e1aaed0c491a248d0dce38ec598153
SHA1 1920cb542df9ef5e3a8f538e598d2d2d3adfbc6b
SHA256 c63a18d38bdf9c7b5752b532f34f2aa31dee3f4a55048b0907f3daa1ffde759e
SHA512 771966e8e0034fe41ddb31f22f6680422f50c9fd4a13b0ae137fa014449f51624e0d80f21563e4fc57122e7745952abaa0e102ae520220d52bf27ba9ff7af50a

C:\Windows\System\mHEAYON.exe

MD5 fa8ea5ddc4051ec155066eb1e20e6b73
SHA1 99b0b6ccc8d8bf0dbb9a7fd563b0194e6fdd516c
SHA256 3506d367d8d1af71a279b0729a95e38358119133f95712caa461781a1a68a929
SHA512 bc9c7ec26a89f573a5829970412f2415be10a429b5cd2231fb439d758b096b967618b82bd172e53f7e34bbb615e8b8a9343444447459758ac4cb262910dc1483

memory/1144-108-0x00007FF71B920000-0x00007FF71BC71000-memory.dmp

memory/1652-100-0x00007FF7740A0000-0x00007FF7743F1000-memory.dmp

memory/2144-99-0x00007FF7F91E0000-0x00007FF7F9531000-memory.dmp

C:\Windows\System\lujFRoQ.exe

MD5 23effebcdbcb96d6f88f78d6f978a1d9
SHA1 16e4d59c855b0749c9a59e20c84d8a0106e95339
SHA256 fc5887f17ce44e24b2d26d34f8a7e49ad19c738367d2f4ab2e06b3940786c464
SHA512 c9a92353cb5bf5b38a88be76a4025ac47e3cc965cea7d8f7cf24e73197f528e80c4a646c46685d787cfd96e8979e6d737dc94a3d70dfb5001c8d1e46ab9f77b8

C:\Windows\System\SdGsBMd.exe

MD5 dfa0c9d3a2c9b6692edbafadb7d8432d
SHA1 e125045fa77b9ed42160f34b0856bb599823e554
SHA256 ff1ef535fb56f50f67241b2411095e427a97bc3855c3e1a74430bec9bccd94fe
SHA512 226d464372822bbdabe44861809e47f685d84cb52fc1d9232cd62ce8c46f55ef78e1ea6d0346fd168e413459af7d012fbaecc9d862df03e8d48f78a304a601e0

memory/4476-84-0x00007FF7790C0000-0x00007FF779411000-memory.dmp

C:\Windows\System\FYSLwBr.exe

MD5 c5e884ccd1dfc8fcda07d55b25f9a1c8
SHA1 4bff203c6ff9c042be2455305badf7880ba77e47
SHA256 6a838de514f940de3d8b44864f20ddee8144e3660a62fc8355747c8d81d4a734
SHA512 dd1a6c85aebd7ce488316f13096f8c8bae60a828e3b44377f9612ffdfc4c445908afc7ca38e383f773213e9208f5376445c6012884b16aba0d0f7678640c3183

memory/4312-75-0x00007FF676510000-0x00007FF676861000-memory.dmp

C:\Windows\System\LvAJnCM.exe

MD5 ef7638e8afedc83584785e640d36a012
SHA1 c088b8d5f3c83071bc6212decbde441138a35248
SHA256 0db4e0962dac11f39468f17f312c86cb90aae92f7eb48c33121966fa7c1ff461
SHA512 0c7e06d245f88c25de3f73903e7dfa912c5ab83ff16ef6580a71e64c0be844110e64ae012ff85bb0499871c1d5ee8030383119084322cb3e47e3eb5a6198f7a4

memory/756-62-0x00007FF6B7880000-0x00007FF6B7BD1000-memory.dmp

memory/2344-51-0x00007FF6225F0000-0x00007FF622941000-memory.dmp

C:\Windows\System\OdfdSpy.exe

MD5 22293f4cdf85860d287738bf0b7e1ee9
SHA1 dc7fe86c67c2560d0194cc028cf81f974666a309
SHA256 0edc7fee93b4cc56e7407054c2803313a5ace39496694140b87ef1a04e53f31f
SHA512 729ca21bb14d62231330aa184147fa85352991a6c9563b5a54b9b6bc02218bec58cc4310427f608acef3344984b4a831573db9cc404c6fb9af69923f172a89b6

C:\Windows\System\UztSKSF.exe

MD5 5b96c49301b62482641c6d143b1aad22
SHA1 53c96e26401728bb5bc6c39b3fedd4ad92973f36
SHA256 7a1b9bfeeb83dd2d655df9ad63c6d11c38b917330e75ef8d6941e271cfd51a60
SHA512 c34ef606db519081ba42b6f155b42e372b08a71081550d526e22aef1d4a3b32141603606512e0820924dfb071dcd5cbe3de55d51a1c01d734eb0466b5ed10785

memory/2384-45-0x00007FF701770000-0x00007FF701AC1000-memory.dmp

memory/5052-44-0x00007FF7023D0000-0x00007FF702721000-memory.dmp

memory/1016-42-0x00007FF6FB470000-0x00007FF6FB7C1000-memory.dmp

memory/2008-37-0x00007FF6C2AA0000-0x00007FF6C2DF1000-memory.dmp

C:\Windows\System\waipFPN.exe

MD5 38023940b41b396771c588035a946ee2
SHA1 efa036bc19b48a81c0a648e7f662737356e155b4
SHA256 378a9ee633ee129328b9951bdd86d3f63a95bf496d715ef2559d8faa074695c8
SHA512 677bb8d490feebfe33f7f1f8c48e1621130ecb0eeeef8b59b0ab8429e967ed67599602e042950feab11ab326686b4b4bdddd31e54d882c4bc4c37ff5209e04da

C:\Windows\System\VKgSdmu.exe

MD5 3d44c7b5d7d147a43730c98c62d414b8
SHA1 649fa90a2acdb050bab0c61fcd6d524c161a6f27
SHA256 aa0eba5013339e3bc4674a7628b213e3873fbf9ede646e9b6f0c976e43c3e567
SHA512 ff84e96b2992ecf73cc058e45dafb586a062cc7ebe75fe0389eb63db379977aa9ed036ae5a2464183648da7e0ecc5bfa5618cdde3b813ac05372f2c4a77fcc15

C:\Windows\System\ehsdHds.exe

MD5 4e7eb01fde201c87221d19917c7cd11c
SHA1 b19f7a08157d721bc1976d8a26f5cea62bd92987
SHA256 f469e3cb19c48170f2748197db277ebf39e4703011991efa12720fbdc8acf4f1
SHA512 97291628feeff38f72295e3f96536815b2672ce210e41d0bc3275ad9ff229f5f061e458c01ba2829337742efbea3566c6cfb0c3195642c50d8e4f7eefa9f43d4

C:\Windows\System\uFWrMJp.exe

MD5 d303a98c525491fb681297577431be93
SHA1 80809e435f0a5a3780f17a3ea2f82ea4d48e28d4
SHA256 d47be8e0ab4921d6497f11e1f93cabdceb18a392b0e1aa5842f20d8102b55a3a
SHA512 6685e49020101cbfa4fa00c1aa9ac2b49a2e5be0c1d78497aadde6c2908989f4005de2de29f5fadba5b84e65173ac18805c24d030874082524772f13d841d480

memory/4976-8-0x00007FF74A1F0000-0x00007FF74A541000-memory.dmp

memory/4596-1905-0x00007FF721370000-0x00007FF7216C1000-memory.dmp

memory/2384-2200-0x00007FF701770000-0x00007FF701AC1000-memory.dmp

memory/2344-2201-0x00007FF6225F0000-0x00007FF622941000-memory.dmp

memory/756-2202-0x00007FF6B7880000-0x00007FF6B7BD1000-memory.dmp

memory/884-2203-0x00007FF663A80000-0x00007FF663DD1000-memory.dmp

memory/4476-2204-0x00007FF7790C0000-0x00007FF779411000-memory.dmp

memory/2144-2205-0x00007FF7F91E0000-0x00007FF7F9531000-memory.dmp

memory/4312-2211-0x00007FF676510000-0x00007FF676861000-memory.dmp

memory/1652-2215-0x00007FF7740A0000-0x00007FF7743F1000-memory.dmp

memory/1264-2216-0x00007FF7FA9C0000-0x00007FF7FAD11000-memory.dmp

memory/3968-2217-0x00007FF60C7B0000-0x00007FF60CB01000-memory.dmp

memory/4552-2247-0x00007FF7D1190000-0x00007FF7D14E1000-memory.dmp

memory/4976-2254-0x00007FF74A1F0000-0x00007FF74A541000-memory.dmp

memory/2032-2260-0x00007FF6F5310000-0x00007FF6F5661000-memory.dmp

memory/5052-2258-0x00007FF7023D0000-0x00007FF702721000-memory.dmp

memory/1016-2265-0x00007FF6FB470000-0x00007FF6FB7C1000-memory.dmp

memory/2008-2263-0x00007FF6C2AA0000-0x00007FF6C2DF1000-memory.dmp

memory/5048-2256-0x00007FF6BE5B0000-0x00007FF6BE901000-memory.dmp

memory/884-2269-0x00007FF663A80000-0x00007FF663DD1000-memory.dmp

memory/1144-2275-0x00007FF71B920000-0x00007FF71BC71000-memory.dmp

memory/4476-2279-0x00007FF7790C0000-0x00007FF779411000-memory.dmp

memory/4312-2277-0x00007FF676510000-0x00007FF676861000-memory.dmp

memory/2144-2284-0x00007FF7F91E0000-0x00007FF7F9531000-memory.dmp

memory/2344-2273-0x00007FF6225F0000-0x00007FF622941000-memory.dmp

memory/756-2271-0x00007FF6B7880000-0x00007FF6B7BD1000-memory.dmp

memory/2384-2267-0x00007FF701770000-0x00007FF701AC1000-memory.dmp

memory/5076-2362-0x00007FF66CDC0000-0x00007FF66D111000-memory.dmp

memory/636-2364-0x00007FF64BA70000-0x00007FF64BDC1000-memory.dmp

memory/3092-2360-0x00007FF683880000-0x00007FF683BD1000-memory.dmp

memory/4440-2358-0x00007FF782D30000-0x00007FF783081000-memory.dmp

memory/4504-2354-0x00007FF784640000-0x00007FF784991000-memory.dmp

memory/4552-2352-0x00007FF7D1190000-0x00007FF7D14E1000-memory.dmp

memory/3968-2350-0x00007FF60C7B0000-0x00007FF60CB01000-memory.dmp

memory/2820-2349-0x00007FF6132E0000-0x00007FF613631000-memory.dmp

memory/1652-2344-0x00007FF7740A0000-0x00007FF7743F1000-memory.dmp

memory/2572-2366-0x00007FF67D8B0000-0x00007FF67DC01000-memory.dmp

memory/1400-2356-0x00007FF72DD20000-0x00007FF72E071000-memory.dmp

memory/4876-2347-0x00007FF682E30000-0x00007FF683181000-memory.dmp

memory/2608-2321-0x00007FF703DE0000-0x00007FF704131000-memory.dmp

memory/1264-2342-0x00007FF7FA9C0000-0x00007FF7FAD11000-memory.dmp

memory/3000-2340-0x00007FF64F210000-0x00007FF64F561000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\M1A8XLO2\microsoft.windows[1].xml

MD5 d41119748cb5d1d2b33c6ac63d425110
SHA1 6dbcfa37860a490beae2c8d95bc2a2290b323495
SHA256 6448a8580ce1994365ec765d296896e96261e4039537300dc67c8d7f523d8b0b
SHA512 9f4242889858cb996e7f72c3baaa9af2dbccc09a3531ca9ed24ebe82e2c54e210278092ebc1ef8cd6c73cc51a6c6744f0cc799808a75add2a22e7e648084d478