Malware Analysis Report

2025-01-06 15:32

Sample ID 240525-th25taad55
Target f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe
SHA256 c81e3f022ea12f2ec108520a4f93ec40c561001a074623a1dabc5eedd69d73a8
Tags
upx miner xmrig persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c81e3f022ea12f2ec108520a4f93ec40c561001a074623a1dabc5eedd69d73a8

Threat Level: Known bad

The file f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig persistence

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Modifies Installed Components in the registry

UPX packed file

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Unsigned PE

Modifies registry class

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 16:04

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 16:04

Reported

2024-05-25 16:06

Platform

win7-20240220-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System32\GuyYXLB.exe N/A
N/A N/A C:\Windows\System32\EMXdOWr.exe N/A
N/A N/A C:\Windows\System32\LXcAopr.exe N/A
N/A N/A C:\Windows\System32\beSqXMI.exe N/A
N/A N/A C:\Windows\System32\qClzXUs.exe N/A
N/A N/A C:\Windows\System32\mCNIUKx.exe N/A
N/A N/A C:\Windows\System32\nqLmBSE.exe N/A
N/A N/A C:\Windows\System32\xmiMGDF.exe N/A
N/A N/A C:\Windows\System32\TGYTTzp.exe N/A
N/A N/A C:\Windows\System32\UPZgcYw.exe N/A
N/A N/A C:\Windows\System32\FsbPXuA.exe N/A
N/A N/A C:\Windows\System32\wLZCMiB.exe N/A
N/A N/A C:\Windows\System32\uUbvGSH.exe N/A
N/A N/A C:\Windows\System32\PRoQSOI.exe N/A
N/A N/A C:\Windows\System32\jFnWayv.exe N/A
N/A N/A C:\Windows\System32\juGAead.exe N/A
N/A N/A C:\Windows\System32\LAReiqA.exe N/A
N/A N/A C:\Windows\System32\uKZLrdh.exe N/A
N/A N/A C:\Windows\System32\rACbNPL.exe N/A
N/A N/A C:\Windows\System32\ITHLhEp.exe N/A
N/A N/A C:\Windows\System32\ACRUowU.exe N/A
N/A N/A C:\Windows\System32\FswsAWN.exe N/A
N/A N/A C:\Windows\System32\DAHtwvk.exe N/A
N/A N/A C:\Windows\System32\wIWIIvH.exe N/A
N/A N/A C:\Windows\System32\KfFoAxw.exe N/A
N/A N/A C:\Windows\System32\IPswYha.exe N/A
N/A N/A C:\Windows\System32\cHEFzcB.exe N/A
N/A N/A C:\Windows\System32\vhQNKvJ.exe N/A
N/A N/A C:\Windows\System32\UCzyrwe.exe N/A
N/A N/A C:\Windows\System32\lEpfTft.exe N/A
N/A N/A C:\Windows\System32\UaNCWBT.exe N/A
N/A N/A C:\Windows\System32\eZNzSnI.exe N/A
N/A N/A C:\Windows\System32\GCeKtFE.exe N/A
N/A N/A C:\Windows\System32\oolLZeW.exe N/A
N/A N/A C:\Windows\System32\htYoVQC.exe N/A
N/A N/A C:\Windows\System32\KbSNuEn.exe N/A
N/A N/A C:\Windows\System32\wLgJcOx.exe N/A
N/A N/A C:\Windows\System32\IaVYDJy.exe N/A
N/A N/A C:\Windows\System32\isVKhzQ.exe N/A
N/A N/A C:\Windows\System32\hKLFoWm.exe N/A
N/A N/A C:\Windows\System32\AFTRTPg.exe N/A
N/A N/A C:\Windows\System32\BQDuKVK.exe N/A
N/A N/A C:\Windows\System32\eDUVjOr.exe N/A
N/A N/A C:\Windows\System32\KkjwHDV.exe N/A
N/A N/A C:\Windows\System32\ugOIcGg.exe N/A
N/A N/A C:\Windows\System32\PspOasw.exe N/A
N/A N/A C:\Windows\System32\FABNmmY.exe N/A
N/A N/A C:\Windows\System32\YcUMaYw.exe N/A
N/A N/A C:\Windows\System32\uradhMC.exe N/A
N/A N/A C:\Windows\System32\OCzAsND.exe N/A
N/A N/A C:\Windows\System32\dTTchTu.exe N/A
N/A N/A C:\Windows\System32\HxQVeVq.exe N/A
N/A N/A C:\Windows\System32\QRUrigl.exe N/A
N/A N/A C:\Windows\System32\urhaDQT.exe N/A
N/A N/A C:\Windows\System32\eTaNyao.exe N/A
N/A N/A C:\Windows\System32\gDQFSXg.exe N/A
N/A N/A C:\Windows\System32\gmEwyIJ.exe N/A
N/A N/A C:\Windows\System32\QlweaPK.exe N/A
N/A N/A C:\Windows\System32\gWcfTtd.exe N/A
N/A N/A C:\Windows\System32\qOtZvNg.exe N/A
N/A N/A C:\Windows\System32\MNSemQu.exe N/A
N/A N/A C:\Windows\System32\qicBATT.exe N/A
N/A N/A C:\Windows\System32\cwseGFl.exe N/A
N/A N/A C:\Windows\System32\iMwEfCR.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\ZOBDnkc.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\iyxFWsA.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\NHUmmGw.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\IeZJkzA.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\urKNQYl.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\AiKZBKY.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\dDAqVtj.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\GOhgvZA.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\WAwrzHV.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ONpEBZA.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\mCNIUKx.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\OWSjopA.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\mmgBqjl.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ueZzLEW.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\RZDQoXt.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\XhwscmN.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\DhbycyQ.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ZDAnRyF.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\TGYTTzp.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\bfvdvDB.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\Fjersyn.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\tDJodjf.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\aNfYrcx.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\sqsMiaj.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\LPNMWJu.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\uBBRPSW.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\YUhWEtr.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\VeOcohz.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\AGILhkk.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\XXXMMiR.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\dzEzeSE.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\NbDtoIC.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\dBmCMMr.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\PossQjy.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\LNkwrZI.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\kDzmitF.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\lRfmsdl.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ZkFfOQi.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\SWDZAMi.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\SkNvwpH.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\zYsGiyO.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\rjBVBhn.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\pmnOcnU.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ocRsDZU.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\FlWPOEH.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\SmvadyQ.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\RmdTAMQ.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\vliYFFK.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\CLMkqtJ.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ltFlGYT.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\fzMHzLN.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\zSapQJK.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\EImIqjG.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\XurTOLR.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\VXDdIEj.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\nxvKNIN.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\nBjEXxh.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\DxUIDkb.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\RczjXWN.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\lesiHRh.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\OFXCHat.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\MNSemQu.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\RTsnBND.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\VlOSFPd.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2292 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\GuyYXLB.exe
PID 2292 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\GuyYXLB.exe
PID 2292 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\GuyYXLB.exe
PID 2292 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\EMXdOWr.exe
PID 2292 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\EMXdOWr.exe
PID 2292 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\EMXdOWr.exe
PID 2292 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\LXcAopr.exe
PID 2292 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\LXcAopr.exe
PID 2292 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\LXcAopr.exe
PID 2292 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\beSqXMI.exe
PID 2292 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\beSqXMI.exe
PID 2292 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\beSqXMI.exe
PID 2292 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\qClzXUs.exe
PID 2292 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\qClzXUs.exe
PID 2292 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\qClzXUs.exe
PID 2292 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\mCNIUKx.exe
PID 2292 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\mCNIUKx.exe
PID 2292 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\mCNIUKx.exe
PID 2292 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\nqLmBSE.exe
PID 2292 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\nqLmBSE.exe
PID 2292 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\nqLmBSE.exe
PID 2292 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\xmiMGDF.exe
PID 2292 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\xmiMGDF.exe
PID 2292 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\xmiMGDF.exe
PID 2292 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\TGYTTzp.exe
PID 2292 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\TGYTTzp.exe
PID 2292 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\TGYTTzp.exe
PID 2292 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\UPZgcYw.exe
PID 2292 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\UPZgcYw.exe
PID 2292 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\UPZgcYw.exe
PID 2292 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\FsbPXuA.exe
PID 2292 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\FsbPXuA.exe
PID 2292 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\FsbPXuA.exe
PID 2292 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\wLZCMiB.exe
PID 2292 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\wLZCMiB.exe
PID 2292 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\wLZCMiB.exe
PID 2292 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\PRoQSOI.exe
PID 2292 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\PRoQSOI.exe
PID 2292 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\PRoQSOI.exe
PID 2292 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\uUbvGSH.exe
PID 2292 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\uUbvGSH.exe
PID 2292 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\uUbvGSH.exe
PID 2292 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\jFnWayv.exe
PID 2292 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\jFnWayv.exe
PID 2292 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\jFnWayv.exe
PID 2292 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\juGAead.exe
PID 2292 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\juGAead.exe
PID 2292 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\juGAead.exe
PID 2292 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\LAReiqA.exe
PID 2292 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\LAReiqA.exe
PID 2292 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\LAReiqA.exe
PID 2292 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\uKZLrdh.exe
PID 2292 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\uKZLrdh.exe
PID 2292 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\uKZLrdh.exe
PID 2292 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\rACbNPL.exe
PID 2292 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\rACbNPL.exe
PID 2292 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\rACbNPL.exe
PID 2292 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ITHLhEp.exe
PID 2292 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ITHLhEp.exe
PID 2292 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ITHLhEp.exe
PID 2292 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ACRUowU.exe
PID 2292 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ACRUowU.exe
PID 2292 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ACRUowU.exe
PID 2292 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\FswsAWN.exe

Processes

C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe"

C:\Windows\System32\GuyYXLB.exe

C:\Windows\System32\GuyYXLB.exe

C:\Windows\System32\EMXdOWr.exe

C:\Windows\System32\EMXdOWr.exe

C:\Windows\System32\LXcAopr.exe

C:\Windows\System32\LXcAopr.exe

C:\Windows\System32\beSqXMI.exe

C:\Windows\System32\beSqXMI.exe

C:\Windows\System32\qClzXUs.exe

C:\Windows\System32\qClzXUs.exe

C:\Windows\System32\mCNIUKx.exe

C:\Windows\System32\mCNIUKx.exe

C:\Windows\System32\nqLmBSE.exe

C:\Windows\System32\nqLmBSE.exe

C:\Windows\System32\xmiMGDF.exe

C:\Windows\System32\xmiMGDF.exe

C:\Windows\System32\TGYTTzp.exe

C:\Windows\System32\TGYTTzp.exe

C:\Windows\System32\UPZgcYw.exe

C:\Windows\System32\UPZgcYw.exe

C:\Windows\System32\FsbPXuA.exe

C:\Windows\System32\FsbPXuA.exe

C:\Windows\System32\wLZCMiB.exe

C:\Windows\System32\wLZCMiB.exe

C:\Windows\System32\PRoQSOI.exe

C:\Windows\System32\PRoQSOI.exe

C:\Windows\System32\uUbvGSH.exe

C:\Windows\System32\uUbvGSH.exe

C:\Windows\System32\jFnWayv.exe

C:\Windows\System32\jFnWayv.exe

C:\Windows\System32\juGAead.exe

C:\Windows\System32\juGAead.exe

C:\Windows\System32\LAReiqA.exe

C:\Windows\System32\LAReiqA.exe

C:\Windows\System32\uKZLrdh.exe

C:\Windows\System32\uKZLrdh.exe

C:\Windows\System32\rACbNPL.exe

C:\Windows\System32\rACbNPL.exe

C:\Windows\System32\ITHLhEp.exe

C:\Windows\System32\ITHLhEp.exe

C:\Windows\System32\ACRUowU.exe

C:\Windows\System32\ACRUowU.exe

C:\Windows\System32\FswsAWN.exe

C:\Windows\System32\FswsAWN.exe

C:\Windows\System32\DAHtwvk.exe

C:\Windows\System32\DAHtwvk.exe

C:\Windows\System32\wIWIIvH.exe

C:\Windows\System32\wIWIIvH.exe

C:\Windows\System32\KfFoAxw.exe

C:\Windows\System32\KfFoAxw.exe

C:\Windows\System32\IPswYha.exe

C:\Windows\System32\IPswYha.exe

C:\Windows\System32\cHEFzcB.exe

C:\Windows\System32\cHEFzcB.exe

C:\Windows\System32\vhQNKvJ.exe

C:\Windows\System32\vhQNKvJ.exe

C:\Windows\System32\UCzyrwe.exe

C:\Windows\System32\UCzyrwe.exe

C:\Windows\System32\lEpfTft.exe

C:\Windows\System32\lEpfTft.exe

C:\Windows\System32\UaNCWBT.exe

C:\Windows\System32\UaNCWBT.exe

C:\Windows\System32\eZNzSnI.exe

C:\Windows\System32\eZNzSnI.exe

C:\Windows\System32\GCeKtFE.exe

C:\Windows\System32\GCeKtFE.exe

C:\Windows\System32\oolLZeW.exe

C:\Windows\System32\oolLZeW.exe

C:\Windows\System32\htYoVQC.exe

C:\Windows\System32\htYoVQC.exe

C:\Windows\System32\KbSNuEn.exe

C:\Windows\System32\KbSNuEn.exe

C:\Windows\System32\wLgJcOx.exe

C:\Windows\System32\wLgJcOx.exe

C:\Windows\System32\IaVYDJy.exe

C:\Windows\System32\IaVYDJy.exe

C:\Windows\System32\isVKhzQ.exe

C:\Windows\System32\isVKhzQ.exe

C:\Windows\System32\hKLFoWm.exe

C:\Windows\System32\hKLFoWm.exe

C:\Windows\System32\AFTRTPg.exe

C:\Windows\System32\AFTRTPg.exe

C:\Windows\System32\BQDuKVK.exe

C:\Windows\System32\BQDuKVK.exe

C:\Windows\System32\eDUVjOr.exe

C:\Windows\System32\eDUVjOr.exe

C:\Windows\System32\KkjwHDV.exe

C:\Windows\System32\KkjwHDV.exe

C:\Windows\System32\ugOIcGg.exe

C:\Windows\System32\ugOIcGg.exe

C:\Windows\System32\PspOasw.exe

C:\Windows\System32\PspOasw.exe

C:\Windows\System32\FABNmmY.exe

C:\Windows\System32\FABNmmY.exe

C:\Windows\System32\YcUMaYw.exe

C:\Windows\System32\YcUMaYw.exe

C:\Windows\System32\uradhMC.exe

C:\Windows\System32\uradhMC.exe

C:\Windows\System32\OCzAsND.exe

C:\Windows\System32\OCzAsND.exe

C:\Windows\System32\dTTchTu.exe

C:\Windows\System32\dTTchTu.exe

C:\Windows\System32\HxQVeVq.exe

C:\Windows\System32\HxQVeVq.exe

C:\Windows\System32\QRUrigl.exe

C:\Windows\System32\QRUrigl.exe

C:\Windows\System32\urhaDQT.exe

C:\Windows\System32\urhaDQT.exe

C:\Windows\System32\eTaNyao.exe

C:\Windows\System32\eTaNyao.exe

C:\Windows\System32\gDQFSXg.exe

C:\Windows\System32\gDQFSXg.exe

C:\Windows\System32\gmEwyIJ.exe

C:\Windows\System32\gmEwyIJ.exe

C:\Windows\System32\QlweaPK.exe

C:\Windows\System32\QlweaPK.exe

C:\Windows\System32\gWcfTtd.exe

C:\Windows\System32\gWcfTtd.exe

C:\Windows\System32\qOtZvNg.exe

C:\Windows\System32\qOtZvNg.exe

C:\Windows\System32\MNSemQu.exe

C:\Windows\System32\MNSemQu.exe

C:\Windows\System32\qicBATT.exe

C:\Windows\System32\qicBATT.exe

C:\Windows\System32\cwseGFl.exe

C:\Windows\System32\cwseGFl.exe

C:\Windows\System32\iMwEfCR.exe

C:\Windows\System32\iMwEfCR.exe

C:\Windows\System32\NSGTVUD.exe

C:\Windows\System32\NSGTVUD.exe

C:\Windows\System32\hdYAozc.exe

C:\Windows\System32\hdYAozc.exe

C:\Windows\System32\sfOwCoA.exe

C:\Windows\System32\sfOwCoA.exe

C:\Windows\System32\gFYEjFh.exe

C:\Windows\System32\gFYEjFh.exe

C:\Windows\System32\hlEeAld.exe

C:\Windows\System32\hlEeAld.exe

C:\Windows\System32\AOzgvVV.exe

C:\Windows\System32\AOzgvVV.exe

C:\Windows\System32\DVZdKkg.exe

C:\Windows\System32\DVZdKkg.exe

C:\Windows\System32\cwDZuhF.exe

C:\Windows\System32\cwDZuhF.exe

C:\Windows\System32\QeOYQoo.exe

C:\Windows\System32\QeOYQoo.exe

C:\Windows\System32\kszUtRJ.exe

C:\Windows\System32\kszUtRJ.exe

C:\Windows\System32\AiKZBKY.exe

C:\Windows\System32\AiKZBKY.exe

C:\Windows\System32\aAnRaMe.exe

C:\Windows\System32\aAnRaMe.exe

C:\Windows\System32\LYKshHw.exe

C:\Windows\System32\LYKshHw.exe

C:\Windows\System32\EmmVkXI.exe

C:\Windows\System32\EmmVkXI.exe

C:\Windows\System32\PxMeFZK.exe

C:\Windows\System32\PxMeFZK.exe

C:\Windows\System32\CDxiPMH.exe

C:\Windows\System32\CDxiPMH.exe

C:\Windows\System32\ixRBWBk.exe

C:\Windows\System32\ixRBWBk.exe

C:\Windows\System32\qtIvJIC.exe

C:\Windows\System32\qtIvJIC.exe

C:\Windows\System32\zYsGiyO.exe

C:\Windows\System32\zYsGiyO.exe

C:\Windows\System32\vliYFFK.exe

C:\Windows\System32\vliYFFK.exe

C:\Windows\System32\DOVfMaJ.exe

C:\Windows\System32\DOVfMaJ.exe

C:\Windows\System32\bNmJySs.exe

C:\Windows\System32\bNmJySs.exe

C:\Windows\System32\wQpNVnz.exe

C:\Windows\System32\wQpNVnz.exe

C:\Windows\System32\pweOIkY.exe

C:\Windows\System32\pweOIkY.exe

C:\Windows\System32\gtwfogK.exe

C:\Windows\System32\gtwfogK.exe

C:\Windows\System32\vLFDvxB.exe

C:\Windows\System32\vLFDvxB.exe

C:\Windows\System32\WgSqHwr.exe

C:\Windows\System32\WgSqHwr.exe

C:\Windows\System32\FwzSbUG.exe

C:\Windows\System32\FwzSbUG.exe

C:\Windows\System32\SPIDmgr.exe

C:\Windows\System32\SPIDmgr.exe

C:\Windows\System32\sMhKMfh.exe

C:\Windows\System32\sMhKMfh.exe

C:\Windows\System32\bPOSLKs.exe

C:\Windows\System32\bPOSLKs.exe

C:\Windows\System32\uPrlfai.exe

C:\Windows\System32\uPrlfai.exe

C:\Windows\System32\PHYTxUs.exe

C:\Windows\System32\PHYTxUs.exe

C:\Windows\System32\wbcqySO.exe

C:\Windows\System32\wbcqySO.exe

C:\Windows\System32\PfpEbVi.exe

C:\Windows\System32\PfpEbVi.exe

C:\Windows\System32\UPIzRTf.exe

C:\Windows\System32\UPIzRTf.exe

C:\Windows\System32\ayfaOsY.exe

C:\Windows\System32\ayfaOsY.exe

C:\Windows\System32\fisIdFp.exe

C:\Windows\System32\fisIdFp.exe

C:\Windows\System32\xViqTMh.exe

C:\Windows\System32\xViqTMh.exe

C:\Windows\System32\VJXPeLS.exe

C:\Windows\System32\VJXPeLS.exe

C:\Windows\System32\QLBETvz.exe

C:\Windows\System32\QLBETvz.exe

C:\Windows\System32\lpFIJrF.exe

C:\Windows\System32\lpFIJrF.exe

C:\Windows\System32\dJgVinw.exe

C:\Windows\System32\dJgVinw.exe

C:\Windows\System32\rjBVBhn.exe

C:\Windows\System32\rjBVBhn.exe

C:\Windows\System32\YpSJyqM.exe

C:\Windows\System32\YpSJyqM.exe

C:\Windows\System32\BBrdzlV.exe

C:\Windows\System32\BBrdzlV.exe

C:\Windows\System32\lxPYCHm.exe

C:\Windows\System32\lxPYCHm.exe

C:\Windows\System32\WhxxkTP.exe

C:\Windows\System32\WhxxkTP.exe

C:\Windows\System32\XpwzPsd.exe

C:\Windows\System32\XpwzPsd.exe

C:\Windows\System32\UClEBjQ.exe

C:\Windows\System32\UClEBjQ.exe

C:\Windows\System32\QtImtBZ.exe

C:\Windows\System32\QtImtBZ.exe

C:\Windows\System32\LxNNEcy.exe

C:\Windows\System32\LxNNEcy.exe

C:\Windows\System32\ApFYHPr.exe

C:\Windows\System32\ApFYHPr.exe

C:\Windows\System32\EBYCPDA.exe

C:\Windows\System32\EBYCPDA.exe

C:\Windows\System32\NHUmmGw.exe

C:\Windows\System32\NHUmmGw.exe

C:\Windows\System32\rRmbOnk.exe

C:\Windows\System32\rRmbOnk.exe

C:\Windows\System32\NDyQKYw.exe

C:\Windows\System32\NDyQKYw.exe

C:\Windows\System32\joKnyEe.exe

C:\Windows\System32\joKnyEe.exe

C:\Windows\System32\yDHSTxd.exe

C:\Windows\System32\yDHSTxd.exe

C:\Windows\System32\ovYPleC.exe

C:\Windows\System32\ovYPleC.exe

C:\Windows\System32\jMlEYXK.exe

C:\Windows\System32\jMlEYXK.exe

C:\Windows\System32\AxPSweL.exe

C:\Windows\System32\AxPSweL.exe

C:\Windows\System32\IeKOpEB.exe

C:\Windows\System32\IeKOpEB.exe

C:\Windows\System32\iiqpZiw.exe

C:\Windows\System32\iiqpZiw.exe

C:\Windows\System32\TAZLzJX.exe

C:\Windows\System32\TAZLzJX.exe

C:\Windows\System32\LmqcjyU.exe

C:\Windows\System32\LmqcjyU.exe

C:\Windows\System32\QEqoTMf.exe

C:\Windows\System32\QEqoTMf.exe

C:\Windows\System32\KOchnlj.exe

C:\Windows\System32\KOchnlj.exe

C:\Windows\System32\rUbFqQq.exe

C:\Windows\System32\rUbFqQq.exe

C:\Windows\System32\teUbfTr.exe

C:\Windows\System32\teUbfTr.exe

C:\Windows\System32\ZptKcJi.exe

C:\Windows\System32\ZptKcJi.exe

C:\Windows\System32\OWSjopA.exe

C:\Windows\System32\OWSjopA.exe

C:\Windows\System32\rTzAhck.exe

C:\Windows\System32\rTzAhck.exe

C:\Windows\System32\tYCyhrJ.exe

C:\Windows\System32\tYCyhrJ.exe

C:\Windows\System32\TMaUGEH.exe

C:\Windows\System32\TMaUGEH.exe

C:\Windows\System32\maEblpl.exe

C:\Windows\System32\maEblpl.exe

C:\Windows\System32\LXtpSCL.exe

C:\Windows\System32\LXtpSCL.exe

C:\Windows\System32\ZVHCJwx.exe

C:\Windows\System32\ZVHCJwx.exe

C:\Windows\System32\UnUMnoW.exe

C:\Windows\System32\UnUMnoW.exe

C:\Windows\System32\RoWhuIk.exe

C:\Windows\System32\RoWhuIk.exe

C:\Windows\System32\rAAfWbB.exe

C:\Windows\System32\rAAfWbB.exe

C:\Windows\System32\tnVUWVj.exe

C:\Windows\System32\tnVUWVj.exe

C:\Windows\System32\gVwZJTd.exe

C:\Windows\System32\gVwZJTd.exe

C:\Windows\System32\HOsUOhZ.exe

C:\Windows\System32\HOsUOhZ.exe

C:\Windows\System32\DeOmujW.exe

C:\Windows\System32\DeOmujW.exe

C:\Windows\System32\uPnwYGE.exe

C:\Windows\System32\uPnwYGE.exe

C:\Windows\System32\izHQmXj.exe

C:\Windows\System32\izHQmXj.exe

C:\Windows\System32\xXzxvno.exe

C:\Windows\System32\xXzxvno.exe

C:\Windows\System32\zlZdkDR.exe

C:\Windows\System32\zlZdkDR.exe

C:\Windows\System32\POTHkrK.exe

C:\Windows\System32\POTHkrK.exe

C:\Windows\System32\EslXtdw.exe

C:\Windows\System32\EslXtdw.exe

C:\Windows\System32\aAVBxdU.exe

C:\Windows\System32\aAVBxdU.exe

C:\Windows\System32\YUhWEtr.exe

C:\Windows\System32\YUhWEtr.exe

C:\Windows\System32\OdDJNSq.exe

C:\Windows\System32\OdDJNSq.exe

C:\Windows\System32\oaKBIvG.exe

C:\Windows\System32\oaKBIvG.exe

C:\Windows\System32\WNNAufS.exe

C:\Windows\System32\WNNAufS.exe

C:\Windows\System32\FdtzBuC.exe

C:\Windows\System32\FdtzBuC.exe

C:\Windows\System32\jhByMjl.exe

C:\Windows\System32\jhByMjl.exe

C:\Windows\System32\aNfYrcx.exe

C:\Windows\System32\aNfYrcx.exe

C:\Windows\System32\AVuLDRA.exe

C:\Windows\System32\AVuLDRA.exe

C:\Windows\System32\hpUvCYO.exe

C:\Windows\System32\hpUvCYO.exe

C:\Windows\System32\pTvyndS.exe

C:\Windows\System32\pTvyndS.exe

C:\Windows\System32\eEWshpn.exe

C:\Windows\System32\eEWshpn.exe

C:\Windows\System32\qhYJnSZ.exe

C:\Windows\System32\qhYJnSZ.exe

C:\Windows\System32\SAVNQHE.exe

C:\Windows\System32\SAVNQHE.exe

C:\Windows\System32\yRxENuq.exe

C:\Windows\System32\yRxENuq.exe

C:\Windows\System32\oGISACB.exe

C:\Windows\System32\oGISACB.exe

C:\Windows\System32\uIJEkei.exe

C:\Windows\System32\uIJEkei.exe

C:\Windows\System32\uWQuiom.exe

C:\Windows\System32\uWQuiom.exe

C:\Windows\System32\RTsnBND.exe

C:\Windows\System32\RTsnBND.exe

C:\Windows\System32\ELxxbcB.exe

C:\Windows\System32\ELxxbcB.exe

C:\Windows\System32\VlOSFPd.exe

C:\Windows\System32\VlOSFPd.exe

C:\Windows\System32\BJkkxVp.exe

C:\Windows\System32\BJkkxVp.exe

C:\Windows\System32\OjYKYrw.exe

C:\Windows\System32\OjYKYrw.exe

C:\Windows\System32\jfbWTBz.exe

C:\Windows\System32\jfbWTBz.exe

C:\Windows\System32\sqsMiaj.exe

C:\Windows\System32\sqsMiaj.exe

C:\Windows\System32\bhCdmwt.exe

C:\Windows\System32\bhCdmwt.exe

C:\Windows\System32\BgusvIf.exe

C:\Windows\System32\BgusvIf.exe

C:\Windows\System32\DIlSPyt.exe

C:\Windows\System32\DIlSPyt.exe

C:\Windows\System32\ZOBDnkc.exe

C:\Windows\System32\ZOBDnkc.exe

C:\Windows\System32\LWvDGyM.exe

C:\Windows\System32\LWvDGyM.exe

C:\Windows\System32\frMhdDF.exe

C:\Windows\System32\frMhdDF.exe

C:\Windows\System32\wbCJufr.exe

C:\Windows\System32\wbCJufr.exe

C:\Windows\System32\LyCMPGk.exe

C:\Windows\System32\LyCMPGk.exe

C:\Windows\System32\vntaFjN.exe

C:\Windows\System32\vntaFjN.exe

C:\Windows\System32\JBhqhOw.exe

C:\Windows\System32\JBhqhOw.exe

C:\Windows\System32\uuswPvC.exe

C:\Windows\System32\uuswPvC.exe

C:\Windows\System32\eYAGdUb.exe

C:\Windows\System32\eYAGdUb.exe

C:\Windows\System32\WzzXFJz.exe

C:\Windows\System32\WzzXFJz.exe

C:\Windows\System32\ZGBNxSf.exe

C:\Windows\System32\ZGBNxSf.exe

C:\Windows\System32\ZwuImiu.exe

C:\Windows\System32\ZwuImiu.exe

C:\Windows\System32\fhTlEZG.exe

C:\Windows\System32\fhTlEZG.exe

C:\Windows\System32\ymctTwt.exe

C:\Windows\System32\ymctTwt.exe

C:\Windows\System32\ndwkfYd.exe

C:\Windows\System32\ndwkfYd.exe

C:\Windows\System32\BuhVuqQ.exe

C:\Windows\System32\BuhVuqQ.exe

C:\Windows\System32\NbJpwnP.exe

C:\Windows\System32\NbJpwnP.exe

C:\Windows\System32\ciHGqQq.exe

C:\Windows\System32\ciHGqQq.exe

C:\Windows\System32\BgqIbXI.exe

C:\Windows\System32\BgqIbXI.exe

C:\Windows\System32\WlzjMMC.exe

C:\Windows\System32\WlzjMMC.exe

C:\Windows\System32\MlFXsPA.exe

C:\Windows\System32\MlFXsPA.exe

C:\Windows\System32\umxninx.exe

C:\Windows\System32\umxninx.exe

C:\Windows\System32\oiUxzAg.exe

C:\Windows\System32\oiUxzAg.exe

C:\Windows\System32\cSHsGSz.exe

C:\Windows\System32\cSHsGSz.exe

C:\Windows\System32\AdkEAFg.exe

C:\Windows\System32\AdkEAFg.exe

C:\Windows\System32\DtGPOtE.exe

C:\Windows\System32\DtGPOtE.exe

C:\Windows\System32\dBmCMMr.exe

C:\Windows\System32\dBmCMMr.exe

C:\Windows\System32\tVZhbSG.exe

C:\Windows\System32\tVZhbSG.exe

C:\Windows\System32\tAVeOpw.exe

C:\Windows\System32\tAVeOpw.exe

C:\Windows\System32\OKIOHQB.exe

C:\Windows\System32\OKIOHQB.exe

C:\Windows\System32\kDzmitF.exe

C:\Windows\System32\kDzmitF.exe

C:\Windows\System32\bfvdvDB.exe

C:\Windows\System32\bfvdvDB.exe

C:\Windows\System32\qiZdrfD.exe

C:\Windows\System32\qiZdrfD.exe

C:\Windows\System32\hCCBoua.exe

C:\Windows\System32\hCCBoua.exe

C:\Windows\System32\yByDoTH.exe

C:\Windows\System32\yByDoTH.exe

C:\Windows\System32\WMCYQMk.exe

C:\Windows\System32\WMCYQMk.exe

C:\Windows\System32\siuTyFL.exe

C:\Windows\System32\siuTyFL.exe

C:\Windows\System32\qlMtzQJ.exe

C:\Windows\System32\qlMtzQJ.exe

C:\Windows\System32\dBFKNZj.exe

C:\Windows\System32\dBFKNZj.exe

C:\Windows\System32\HCdOsXC.exe

C:\Windows\System32\HCdOsXC.exe

C:\Windows\System32\GrsPHyO.exe

C:\Windows\System32\GrsPHyO.exe

C:\Windows\System32\yRZqaAJ.exe

C:\Windows\System32\yRZqaAJ.exe

C:\Windows\System32\jHGfdOM.exe

C:\Windows\System32\jHGfdOM.exe

C:\Windows\System32\lDzlJNT.exe

C:\Windows\System32\lDzlJNT.exe

C:\Windows\System32\CVjuVPi.exe

C:\Windows\System32\CVjuVPi.exe

C:\Windows\System32\PflaPtD.exe

C:\Windows\System32\PflaPtD.exe

C:\Windows\System32\kPUSNwH.exe

C:\Windows\System32\kPUSNwH.exe

C:\Windows\System32\iMFRHmm.exe

C:\Windows\System32\iMFRHmm.exe

C:\Windows\System32\XsSQaHv.exe

C:\Windows\System32\XsSQaHv.exe

C:\Windows\System32\KhxBtrK.exe

C:\Windows\System32\KhxBtrK.exe

C:\Windows\System32\DpFUUTD.exe

C:\Windows\System32\DpFUUTD.exe

C:\Windows\System32\ffqcXel.exe

C:\Windows\System32\ffqcXel.exe

C:\Windows\System32\XmFFjzi.exe

C:\Windows\System32\XmFFjzi.exe

C:\Windows\System32\gXHoBAU.exe

C:\Windows\System32\gXHoBAU.exe

C:\Windows\System32\zOoUzNC.exe

C:\Windows\System32\zOoUzNC.exe

C:\Windows\System32\VXqZcgs.exe

C:\Windows\System32\VXqZcgs.exe

C:\Windows\System32\hOVjPlj.exe

C:\Windows\System32\hOVjPlj.exe

C:\Windows\System32\RbkXjAi.exe

C:\Windows\System32\RbkXjAi.exe

C:\Windows\System32\YjjcJkL.exe

C:\Windows\System32\YjjcJkL.exe

C:\Windows\System32\upeWIGI.exe

C:\Windows\System32\upeWIGI.exe

C:\Windows\System32\nxvKNIN.exe

C:\Windows\System32\nxvKNIN.exe

C:\Windows\System32\HAFMEny.exe

C:\Windows\System32\HAFMEny.exe

C:\Windows\System32\sQktjim.exe

C:\Windows\System32\sQktjim.exe

C:\Windows\System32\HndQoCv.exe

C:\Windows\System32\HndQoCv.exe

C:\Windows\System32\krGvTDe.exe

C:\Windows\System32\krGvTDe.exe

C:\Windows\System32\gKbdGtR.exe

C:\Windows\System32\gKbdGtR.exe

C:\Windows\System32\CWELFDY.exe

C:\Windows\System32\CWELFDY.exe

C:\Windows\System32\WDbZPDd.exe

C:\Windows\System32\WDbZPDd.exe

C:\Windows\System32\Fjersyn.exe

C:\Windows\System32\Fjersyn.exe

C:\Windows\System32\jtqFkBs.exe

C:\Windows\System32\jtqFkBs.exe

C:\Windows\System32\TMuYapD.exe

C:\Windows\System32\TMuYapD.exe

C:\Windows\System32\PbkwCNg.exe

C:\Windows\System32\PbkwCNg.exe

C:\Windows\System32\eZoAfHA.exe

C:\Windows\System32\eZoAfHA.exe

C:\Windows\System32\MINZvUU.exe

C:\Windows\System32\MINZvUU.exe

C:\Windows\System32\PKRuNkp.exe

C:\Windows\System32\PKRuNkp.exe

C:\Windows\System32\CPEdPFs.exe

C:\Windows\System32\CPEdPFs.exe

C:\Windows\System32\iNdPMJi.exe

C:\Windows\System32\iNdPMJi.exe

C:\Windows\System32\NMSBGKs.exe

C:\Windows\System32\NMSBGKs.exe

C:\Windows\System32\nBjEXxh.exe

C:\Windows\System32\nBjEXxh.exe

C:\Windows\System32\UiAfoew.exe

C:\Windows\System32\UiAfoew.exe

C:\Windows\System32\YseVSCs.exe

C:\Windows\System32\YseVSCs.exe

C:\Windows\System32\sOykLvA.exe

C:\Windows\System32\sOykLvA.exe

C:\Windows\System32\yzTyyxu.exe

C:\Windows\System32\yzTyyxu.exe

C:\Windows\System32\BJlfxlL.exe

C:\Windows\System32\BJlfxlL.exe

C:\Windows\System32\cnceWPp.exe

C:\Windows\System32\cnceWPp.exe

C:\Windows\System32\WUylrqH.exe

C:\Windows\System32\WUylrqH.exe

C:\Windows\System32\tMUDtcz.exe

C:\Windows\System32\tMUDtcz.exe

C:\Windows\System32\SWOzZxV.exe

C:\Windows\System32\SWOzZxV.exe

C:\Windows\System32\DxUIDkb.exe

C:\Windows\System32\DxUIDkb.exe

C:\Windows\System32\MnXxrzw.exe

C:\Windows\System32\MnXxrzw.exe

C:\Windows\System32\FnwEEcR.exe

C:\Windows\System32\FnwEEcR.exe

C:\Windows\System32\egzdSBv.exe

C:\Windows\System32\egzdSBv.exe

C:\Windows\System32\CQtHbJt.exe

C:\Windows\System32\CQtHbJt.exe

C:\Windows\System32\uJEvdID.exe

C:\Windows\System32\uJEvdID.exe

C:\Windows\System32\gAWGgJL.exe

C:\Windows\System32\gAWGgJL.exe

C:\Windows\System32\qYLxgak.exe

C:\Windows\System32\qYLxgak.exe

C:\Windows\System32\zhUdyxx.exe

C:\Windows\System32\zhUdyxx.exe

C:\Windows\System32\xZSrYwU.exe

C:\Windows\System32\xZSrYwU.exe

C:\Windows\System32\ebevREP.exe

C:\Windows\System32\ebevREP.exe

C:\Windows\System32\UEjaXgD.exe

C:\Windows\System32\UEjaXgD.exe

C:\Windows\System32\VeOcohz.exe

C:\Windows\System32\VeOcohz.exe

C:\Windows\System32\AZPoxhv.exe

C:\Windows\System32\AZPoxhv.exe

C:\Windows\System32\fuhNSYC.exe

C:\Windows\System32\fuhNSYC.exe

C:\Windows\System32\VkTyRbn.exe

C:\Windows\System32\VkTyRbn.exe

C:\Windows\System32\KgZPOSl.exe

C:\Windows\System32\KgZPOSl.exe

C:\Windows\System32\tzsLyip.exe

C:\Windows\System32\tzsLyip.exe

C:\Windows\System32\zplZEvN.exe

C:\Windows\System32\zplZEvN.exe

C:\Windows\System32\YwjOBHM.exe

C:\Windows\System32\YwjOBHM.exe

C:\Windows\System32\eCnwsQU.exe

C:\Windows\System32\eCnwsQU.exe

C:\Windows\System32\GFYkLIX.exe

C:\Windows\System32\GFYkLIX.exe

C:\Windows\System32\VIhlTHR.exe

C:\Windows\System32\VIhlTHR.exe

C:\Windows\System32\fKUIFqO.exe

C:\Windows\System32\fKUIFqO.exe

C:\Windows\System32\onZfvpA.exe

C:\Windows\System32\onZfvpA.exe

C:\Windows\System32\lArTGSB.exe

C:\Windows\System32\lArTGSB.exe

C:\Windows\System32\DUjBFqL.exe

C:\Windows\System32\DUjBFqL.exe

C:\Windows\System32\nMJWhos.exe

C:\Windows\System32\nMJWhos.exe

C:\Windows\System32\iyxFWsA.exe

C:\Windows\System32\iyxFWsA.exe

C:\Windows\System32\qnnTxxx.exe

C:\Windows\System32\qnnTxxx.exe

C:\Windows\System32\bccnJtP.exe

C:\Windows\System32\bccnJtP.exe

C:\Windows\System32\AEmnRYF.exe

C:\Windows\System32\AEmnRYF.exe

C:\Windows\System32\sKlWoFP.exe

C:\Windows\System32\sKlWoFP.exe

C:\Windows\System32\bmHxpcV.exe

C:\Windows\System32\bmHxpcV.exe

C:\Windows\System32\WOoThvm.exe

C:\Windows\System32\WOoThvm.exe

C:\Windows\System32\BmfmuZo.exe

C:\Windows\System32\BmfmuZo.exe

C:\Windows\System32\xtBOUBs.exe

C:\Windows\System32\xtBOUBs.exe

C:\Windows\System32\DLlnvfu.exe

C:\Windows\System32\DLlnvfu.exe

C:\Windows\System32\xrMFXDv.exe

C:\Windows\System32\xrMFXDv.exe

C:\Windows\System32\dDAqVtj.exe

C:\Windows\System32\dDAqVtj.exe

C:\Windows\System32\TUrTsgM.exe

C:\Windows\System32\TUrTsgM.exe

C:\Windows\System32\zvfpCrz.exe

C:\Windows\System32\zvfpCrz.exe

C:\Windows\System32\qUFCUFl.exe

C:\Windows\System32\qUFCUFl.exe

C:\Windows\System32\IThhmQW.exe

C:\Windows\System32\IThhmQW.exe

C:\Windows\System32\EqyNGms.exe

C:\Windows\System32\EqyNGms.exe

C:\Windows\System32\vXwNZVV.exe

C:\Windows\System32\vXwNZVV.exe

C:\Windows\System32\MzGBXkO.exe

C:\Windows\System32\MzGBXkO.exe

C:\Windows\System32\xSsnZOT.exe

C:\Windows\System32\xSsnZOT.exe

C:\Windows\System32\iuxubYc.exe

C:\Windows\System32\iuxubYc.exe

C:\Windows\System32\QntSCcv.exe

C:\Windows\System32\QntSCcv.exe

C:\Windows\System32\pBuwfjq.exe

C:\Windows\System32\pBuwfjq.exe

C:\Windows\System32\fHnnqfZ.exe

C:\Windows\System32\fHnnqfZ.exe

C:\Windows\System32\sfnkRoA.exe

C:\Windows\System32\sfnkRoA.exe

C:\Windows\System32\gSVjLit.exe

C:\Windows\System32\gSVjLit.exe

C:\Windows\System32\yLKKDKK.exe

C:\Windows\System32\yLKKDKK.exe

C:\Windows\System32\wrpMiuM.exe

C:\Windows\System32\wrpMiuM.exe

C:\Windows\System32\jQwoKrt.exe

C:\Windows\System32\jQwoKrt.exe

C:\Windows\System32\BskPYWL.exe

C:\Windows\System32\BskPYWL.exe

C:\Windows\System32\DupNhpE.exe

C:\Windows\System32\DupNhpE.exe

C:\Windows\System32\IikkLTQ.exe

C:\Windows\System32\IikkLTQ.exe

C:\Windows\System32\WCnTJkT.exe

C:\Windows\System32\WCnTJkT.exe

C:\Windows\System32\HaNoDmj.exe

C:\Windows\System32\HaNoDmj.exe

C:\Windows\System32\EFTbPoo.exe

C:\Windows\System32\EFTbPoo.exe

C:\Windows\System32\GdzRUWd.exe

C:\Windows\System32\GdzRUWd.exe

C:\Windows\System32\aEspdsR.exe

C:\Windows\System32\aEspdsR.exe

C:\Windows\System32\DzQLTQZ.exe

C:\Windows\System32\DzQLTQZ.exe

C:\Windows\System32\loQnXyf.exe

C:\Windows\System32\loQnXyf.exe

C:\Windows\System32\TTuWszv.exe

C:\Windows\System32\TTuWszv.exe

C:\Windows\System32\RFFHsoX.exe

C:\Windows\System32\RFFHsoX.exe

C:\Windows\System32\CLMkqtJ.exe

C:\Windows\System32\CLMkqtJ.exe

C:\Windows\System32\ugkdWza.exe

C:\Windows\System32\ugkdWza.exe

C:\Windows\System32\jgdHNdM.exe

C:\Windows\System32\jgdHNdM.exe

C:\Windows\System32\UwEGOoX.exe

C:\Windows\System32\UwEGOoX.exe

C:\Windows\System32\fllBQuG.exe

C:\Windows\System32\fllBQuG.exe

C:\Windows\System32\uJXJVDa.exe

C:\Windows\System32\uJXJVDa.exe

C:\Windows\System32\rXytXSS.exe

C:\Windows\System32\rXytXSS.exe

C:\Windows\System32\XHejmoE.exe

C:\Windows\System32\XHejmoE.exe

C:\Windows\System32\GlYohcJ.exe

C:\Windows\System32\GlYohcJ.exe

C:\Windows\System32\eYRfPny.exe

C:\Windows\System32\eYRfPny.exe

C:\Windows\System32\QgEAyHs.exe

C:\Windows\System32\QgEAyHs.exe

C:\Windows\System32\WIGwTgL.exe

C:\Windows\System32\WIGwTgL.exe

C:\Windows\System32\uPafaje.exe

C:\Windows\System32\uPafaje.exe

C:\Windows\System32\HGBDppS.exe

C:\Windows\System32\HGBDppS.exe

C:\Windows\System32\HxMgPvp.exe

C:\Windows\System32\HxMgPvp.exe

C:\Windows\System32\gZGcbhh.exe

C:\Windows\System32\gZGcbhh.exe

C:\Windows\System32\prTkNsG.exe

C:\Windows\System32\prTkNsG.exe

C:\Windows\System32\VWFDxuN.exe

C:\Windows\System32\VWFDxuN.exe

C:\Windows\System32\zuNKzqT.exe

C:\Windows\System32\zuNKzqT.exe

C:\Windows\System32\FVaUuFU.exe

C:\Windows\System32\FVaUuFU.exe

C:\Windows\System32\pFtUnZd.exe

C:\Windows\System32\pFtUnZd.exe

C:\Windows\System32\UrxfMqC.exe

C:\Windows\System32\UrxfMqC.exe

C:\Windows\System32\iMURwva.exe

C:\Windows\System32\iMURwva.exe

C:\Windows\System32\HUPspsu.exe

C:\Windows\System32\HUPspsu.exe

C:\Windows\System32\wnkekcZ.exe

C:\Windows\System32\wnkekcZ.exe

C:\Windows\System32\tDidnlA.exe

C:\Windows\System32\tDidnlA.exe

C:\Windows\System32\BwZNmnf.exe

C:\Windows\System32\BwZNmnf.exe

C:\Windows\System32\zBtVjiL.exe

C:\Windows\System32\zBtVjiL.exe

C:\Windows\System32\AjlWEno.exe

C:\Windows\System32\AjlWEno.exe

C:\Windows\System32\QFqmWYL.exe

C:\Windows\System32\QFqmWYL.exe

C:\Windows\System32\obRMLlD.exe

C:\Windows\System32\obRMLlD.exe

C:\Windows\System32\hoqxTeZ.exe

C:\Windows\System32\hoqxTeZ.exe

C:\Windows\System32\LaGHBhh.exe

C:\Windows\System32\LaGHBhh.exe

C:\Windows\System32\MTMPELQ.exe

C:\Windows\System32\MTMPELQ.exe

C:\Windows\System32\xVmBPPT.exe

C:\Windows\System32\xVmBPPT.exe

C:\Windows\System32\GgOJAeZ.exe

C:\Windows\System32\GgOJAeZ.exe

C:\Windows\System32\gflUGFy.exe

C:\Windows\System32\gflUGFy.exe

C:\Windows\System32\iGLGQdS.exe

C:\Windows\System32\iGLGQdS.exe

C:\Windows\System32\jmcmUfa.exe

C:\Windows\System32\jmcmUfa.exe

C:\Windows\System32\yaRxkNq.exe

C:\Windows\System32\yaRxkNq.exe

C:\Windows\System32\MZvycmm.exe

C:\Windows\System32\MZvycmm.exe

C:\Windows\System32\epFwgCv.exe

C:\Windows\System32\epFwgCv.exe

C:\Windows\System32\Sfzpokn.exe

C:\Windows\System32\Sfzpokn.exe

C:\Windows\System32\iqHhFvw.exe

C:\Windows\System32\iqHhFvw.exe

C:\Windows\System32\GDJxQLL.exe

C:\Windows\System32\GDJxQLL.exe

C:\Windows\System32\nglGXMu.exe

C:\Windows\System32\nglGXMu.exe

C:\Windows\System32\gFLmTRt.exe

C:\Windows\System32\gFLmTRt.exe

C:\Windows\System32\jjkUiri.exe

C:\Windows\System32\jjkUiri.exe

C:\Windows\System32\XAqUirC.exe

C:\Windows\System32\XAqUirC.exe

C:\Windows\System32\TqHroPI.exe

C:\Windows\System32\TqHroPI.exe

C:\Windows\System32\zBajBlS.exe

C:\Windows\System32\zBajBlS.exe

C:\Windows\System32\mRvNIWE.exe

C:\Windows\System32\mRvNIWE.exe

C:\Windows\System32\ZsOKZJM.exe

C:\Windows\System32\ZsOKZJM.exe

C:\Windows\System32\stwddWE.exe

C:\Windows\System32\stwddWE.exe

C:\Windows\System32\IeZJkzA.exe

C:\Windows\System32\IeZJkzA.exe

C:\Windows\System32\yWJEQke.exe

C:\Windows\System32\yWJEQke.exe

C:\Windows\System32\PossQjy.exe

C:\Windows\System32\PossQjy.exe

C:\Windows\System32\VGZzhvW.exe

C:\Windows\System32\VGZzhvW.exe

C:\Windows\System32\MNIOfTl.exe

C:\Windows\System32\MNIOfTl.exe

C:\Windows\System32\Cotmpya.exe

C:\Windows\System32\Cotmpya.exe

C:\Windows\System32\ZVHrYdb.exe

C:\Windows\System32\ZVHrYdb.exe

C:\Windows\System32\FBkzLVM.exe

C:\Windows\System32\FBkzLVM.exe

C:\Windows\System32\kaHwwKS.exe

C:\Windows\System32\kaHwwKS.exe

C:\Windows\System32\SUPVIHS.exe

C:\Windows\System32\SUPVIHS.exe

C:\Windows\System32\uiaGgvV.exe

C:\Windows\System32\uiaGgvV.exe

C:\Windows\System32\HIdXEmC.exe

C:\Windows\System32\HIdXEmC.exe

C:\Windows\System32\aJjgOcF.exe

C:\Windows\System32\aJjgOcF.exe

C:\Windows\System32\palfZdH.exe

C:\Windows\System32\palfZdH.exe

C:\Windows\System32\rrvRoLO.exe

C:\Windows\System32\rrvRoLO.exe

C:\Windows\System32\Gnufqjs.exe

C:\Windows\System32\Gnufqjs.exe

C:\Windows\System32\laBUlqb.exe

C:\Windows\System32\laBUlqb.exe

C:\Windows\System32\oOYVBvO.exe

C:\Windows\System32\oOYVBvO.exe

C:\Windows\System32\YUGtTQp.exe

C:\Windows\System32\YUGtTQp.exe

C:\Windows\System32\sEkMwRk.exe

C:\Windows\System32\sEkMwRk.exe

C:\Windows\System32\mlRGjqH.exe

C:\Windows\System32\mlRGjqH.exe

C:\Windows\System32\nBBiCfM.exe

C:\Windows\System32\nBBiCfM.exe

C:\Windows\System32\BcryXvZ.exe

C:\Windows\System32\BcryXvZ.exe

C:\Windows\System32\sfSGIVW.exe

C:\Windows\System32\sfSGIVW.exe

C:\Windows\System32\nWDDDth.exe

C:\Windows\System32\nWDDDth.exe

C:\Windows\System32\wFkveGm.exe

C:\Windows\System32\wFkveGm.exe

C:\Windows\System32\YwscFqV.exe

C:\Windows\System32\YwscFqV.exe

C:\Windows\System32\bWsXfwx.exe

C:\Windows\System32\bWsXfwx.exe

C:\Windows\System32\RnKLSBJ.exe

C:\Windows\System32\RnKLSBJ.exe

C:\Windows\System32\WTvYMmH.exe

C:\Windows\System32\WTvYMmH.exe

C:\Windows\System32\skWAdbS.exe

C:\Windows\System32\skWAdbS.exe

C:\Windows\System32\ltFlGYT.exe

C:\Windows\System32\ltFlGYT.exe

C:\Windows\System32\iwdNCEQ.exe

C:\Windows\System32\iwdNCEQ.exe

C:\Windows\System32\vYYWowO.exe

C:\Windows\System32\vYYWowO.exe

C:\Windows\System32\jWemIQI.exe

C:\Windows\System32\jWemIQI.exe

C:\Windows\System32\ZXQpxgW.exe

C:\Windows\System32\ZXQpxgW.exe

C:\Windows\System32\MEjoXfz.exe

C:\Windows\System32\MEjoXfz.exe

C:\Windows\System32\yYHAQxG.exe

C:\Windows\System32\yYHAQxG.exe

C:\Windows\System32\vKiRSVd.exe

C:\Windows\System32\vKiRSVd.exe

C:\Windows\System32\aUymqiQ.exe

C:\Windows\System32\aUymqiQ.exe

C:\Windows\System32\zQommbe.exe

C:\Windows\System32\zQommbe.exe

C:\Windows\System32\zfeHlzy.exe

C:\Windows\System32\zfeHlzy.exe

C:\Windows\System32\jowXsAb.exe

C:\Windows\System32\jowXsAb.exe

C:\Windows\System32\CYjQAjL.exe

C:\Windows\System32\CYjQAjL.exe

C:\Windows\System32\XhwscmN.exe

C:\Windows\System32\XhwscmN.exe

C:\Windows\System32\VkiLCid.exe

C:\Windows\System32\VkiLCid.exe

C:\Windows\System32\DcLpDyv.exe

C:\Windows\System32\DcLpDyv.exe

C:\Windows\System32\OfOqPWS.exe

C:\Windows\System32\OfOqPWS.exe

C:\Windows\System32\NkpAHXF.exe

C:\Windows\System32\NkpAHXF.exe

C:\Windows\System32\OsDkHEp.exe

C:\Windows\System32\OsDkHEp.exe

C:\Windows\System32\EWUvhVi.exe

C:\Windows\System32\EWUvhVi.exe

C:\Windows\System32\rYcmdEd.exe

C:\Windows\System32\rYcmdEd.exe

C:\Windows\System32\thxCfBt.exe

C:\Windows\System32\thxCfBt.exe

C:\Windows\System32\PDDJGfG.exe

C:\Windows\System32\PDDJGfG.exe

C:\Windows\System32\CNgTTBc.exe

C:\Windows\System32\CNgTTBc.exe

C:\Windows\System32\FDApVTy.exe

C:\Windows\System32\FDApVTy.exe

C:\Windows\System32\aIopLKQ.exe

C:\Windows\System32\aIopLKQ.exe

C:\Windows\System32\IULePOu.exe

C:\Windows\System32\IULePOu.exe

C:\Windows\System32\KdbTnmC.exe

C:\Windows\System32\KdbTnmC.exe

C:\Windows\System32\ivkLMHP.exe

C:\Windows\System32\ivkLMHP.exe

C:\Windows\System32\UVnxLZp.exe

C:\Windows\System32\UVnxLZp.exe

C:\Windows\System32\FcXCNWb.exe

C:\Windows\System32\FcXCNWb.exe

C:\Windows\System32\CxmPfrS.exe

C:\Windows\System32\CxmPfrS.exe

C:\Windows\System32\JoQdHsk.exe

C:\Windows\System32\JoQdHsk.exe

C:\Windows\System32\oGOrzFa.exe

C:\Windows\System32\oGOrzFa.exe

C:\Windows\System32\ZQquMMe.exe

C:\Windows\System32\ZQquMMe.exe

C:\Windows\System32\fJhoQPx.exe

C:\Windows\System32\fJhoQPx.exe

C:\Windows\System32\pqWErCd.exe

C:\Windows\System32\pqWErCd.exe

C:\Windows\System32\huYZWsj.exe

C:\Windows\System32\huYZWsj.exe

C:\Windows\System32\RfcAfmr.exe

C:\Windows\System32\RfcAfmr.exe

C:\Windows\System32\tUOJchG.exe

C:\Windows\System32\tUOJchG.exe

C:\Windows\System32\WCCjquN.exe

C:\Windows\System32\WCCjquN.exe

C:\Windows\System32\OIweJnI.exe

C:\Windows\System32\OIweJnI.exe

C:\Windows\System32\ZttGRde.exe

C:\Windows\System32\ZttGRde.exe

C:\Windows\System32\yYIJRop.exe

C:\Windows\System32\yYIJRop.exe

C:\Windows\System32\JHdfHwc.exe

C:\Windows\System32\JHdfHwc.exe

C:\Windows\System32\oPkgMCn.exe

C:\Windows\System32\oPkgMCn.exe

C:\Windows\System32\jjUiWMX.exe

C:\Windows\System32\jjUiWMX.exe

C:\Windows\System32\ZXEUFVb.exe

C:\Windows\System32\ZXEUFVb.exe

C:\Windows\System32\iQuhKdy.exe

C:\Windows\System32\iQuhKdy.exe

C:\Windows\System32\UtGUNPU.exe

C:\Windows\System32\UtGUNPU.exe

C:\Windows\System32\jHqhbGq.exe

C:\Windows\System32\jHqhbGq.exe

C:\Windows\System32\jXNXkeg.exe

C:\Windows\System32\jXNXkeg.exe

C:\Windows\System32\kuWDSTK.exe

C:\Windows\System32\kuWDSTK.exe

C:\Windows\System32\msQBYVr.exe

C:\Windows\System32\msQBYVr.exe

C:\Windows\System32\nsRQoQs.exe

C:\Windows\System32\nsRQoQs.exe

C:\Windows\System32\CPEfkQA.exe

C:\Windows\System32\CPEfkQA.exe

C:\Windows\System32\UfspOqx.exe

C:\Windows\System32\UfspOqx.exe

C:\Windows\System32\WenmCUT.exe

C:\Windows\System32\WenmCUT.exe

C:\Windows\System32\LzJstPE.exe

C:\Windows\System32\LzJstPE.exe

C:\Windows\System32\zJaJwKa.exe

C:\Windows\System32\zJaJwKa.exe

C:\Windows\System32\zQOmqKj.exe

C:\Windows\System32\zQOmqKj.exe

C:\Windows\System32\oOxmkMh.exe

C:\Windows\System32\oOxmkMh.exe

C:\Windows\System32\vZuyblt.exe

C:\Windows\System32\vZuyblt.exe

C:\Windows\System32\hUGumdw.exe

C:\Windows\System32\hUGumdw.exe

C:\Windows\System32\SMuzJDh.exe

C:\Windows\System32\SMuzJDh.exe

C:\Windows\System32\xbQRqXE.exe

C:\Windows\System32\xbQRqXE.exe

C:\Windows\System32\kBZifkL.exe

C:\Windows\System32\kBZifkL.exe

C:\Windows\System32\Rxpjziu.exe

C:\Windows\System32\Rxpjziu.exe

C:\Windows\System32\USZkLum.exe

C:\Windows\System32\USZkLum.exe

C:\Windows\System32\eDdTklH.exe

C:\Windows\System32\eDdTklH.exe

C:\Windows\System32\WTLsbpI.exe

C:\Windows\System32\WTLsbpI.exe

C:\Windows\System32\PKSjdwi.exe

C:\Windows\System32\PKSjdwi.exe

C:\Windows\System32\wyKGICT.exe

C:\Windows\System32\wyKGICT.exe

C:\Windows\System32\PcYorLn.exe

C:\Windows\System32\PcYorLn.exe

C:\Windows\System32\npZLZXJ.exe

C:\Windows\System32\npZLZXJ.exe

C:\Windows\System32\LmvAmpU.exe

C:\Windows\System32\LmvAmpU.exe

C:\Windows\System32\tDJodjf.exe

C:\Windows\System32\tDJodjf.exe

C:\Windows\System32\QesBWkP.exe

C:\Windows\System32\QesBWkP.exe

C:\Windows\System32\JMnNGzY.exe

C:\Windows\System32\JMnNGzY.exe

C:\Windows\System32\hicFfPU.exe

C:\Windows\System32\hicFfPU.exe

C:\Windows\System32\CRGbsRp.exe

C:\Windows\System32\CRGbsRp.exe

C:\Windows\System32\UveaoyL.exe

C:\Windows\System32\UveaoyL.exe

C:\Windows\System32\QDBmtih.exe

C:\Windows\System32\QDBmtih.exe

C:\Windows\System32\xDJZUFF.exe

C:\Windows\System32\xDJZUFF.exe

C:\Windows\System32\WYOvalI.exe

C:\Windows\System32\WYOvalI.exe

C:\Windows\System32\WlKlfpT.exe

C:\Windows\System32\WlKlfpT.exe

C:\Windows\System32\DGHFsBg.exe

C:\Windows\System32\DGHFsBg.exe

C:\Windows\System32\VcKHeLq.exe

C:\Windows\System32\VcKHeLq.exe

C:\Windows\System32\MBNNmbk.exe

C:\Windows\System32\MBNNmbk.exe

C:\Windows\System32\XiSMIgj.exe

C:\Windows\System32\XiSMIgj.exe

C:\Windows\System32\kjyTEUD.exe

C:\Windows\System32\kjyTEUD.exe

C:\Windows\System32\xlRqDyh.exe

C:\Windows\System32\xlRqDyh.exe

C:\Windows\System32\vmfpdrA.exe

C:\Windows\System32\vmfpdrA.exe

C:\Windows\System32\TnOOBUd.exe

C:\Windows\System32\TnOOBUd.exe

C:\Windows\System32\YAcDrEZ.exe

C:\Windows\System32\YAcDrEZ.exe

C:\Windows\System32\yMeeUxZ.exe

C:\Windows\System32\yMeeUxZ.exe

C:\Windows\System32\aqCbDkC.exe

C:\Windows\System32\aqCbDkC.exe

C:\Windows\System32\LVVuYJo.exe

C:\Windows\System32\LVVuYJo.exe

C:\Windows\System32\JQykrPL.exe

C:\Windows\System32\JQykrPL.exe

C:\Windows\System32\MCjNuHr.exe

C:\Windows\System32\MCjNuHr.exe

C:\Windows\System32\qnrRREN.exe

C:\Windows\System32\qnrRREN.exe

C:\Windows\System32\fVjvlpi.exe

C:\Windows\System32\fVjvlpi.exe

C:\Windows\System32\NxQiHrO.exe

C:\Windows\System32\NxQiHrO.exe

C:\Windows\System32\rljrdJe.exe

C:\Windows\System32\rljrdJe.exe

C:\Windows\System32\GOhgvZA.exe

C:\Windows\System32\GOhgvZA.exe

C:\Windows\System32\PmzFJqh.exe

C:\Windows\System32\PmzFJqh.exe

C:\Windows\System32\Cftdrbz.exe

C:\Windows\System32\Cftdrbz.exe

C:\Windows\System32\PtMoUhM.exe

C:\Windows\System32\PtMoUhM.exe

C:\Windows\System32\ObFWZpy.exe

C:\Windows\System32\ObFWZpy.exe

C:\Windows\System32\fTUmZbW.exe

C:\Windows\System32\fTUmZbW.exe

C:\Windows\System32\YxDcpsp.exe

C:\Windows\System32\YxDcpsp.exe

C:\Windows\System32\CddlWZG.exe

C:\Windows\System32\CddlWZG.exe

C:\Windows\System32\aZaggFq.exe

C:\Windows\System32\aZaggFq.exe

C:\Windows\System32\ejAlUuj.exe

C:\Windows\System32\ejAlUuj.exe

C:\Windows\System32\wpzwFsO.exe

C:\Windows\System32\wpzwFsO.exe

C:\Windows\System32\tiFNWFL.exe

C:\Windows\System32\tiFNWFL.exe

C:\Windows\System32\SebqfkZ.exe

C:\Windows\System32\SebqfkZ.exe

C:\Windows\System32\EZfIuHo.exe

C:\Windows\System32\EZfIuHo.exe

C:\Windows\System32\EYqGzjT.exe

C:\Windows\System32\EYqGzjT.exe

C:\Windows\System32\qXHPMAF.exe

C:\Windows\System32\qXHPMAF.exe

C:\Windows\System32\UYfVZSf.exe

C:\Windows\System32\UYfVZSf.exe

C:\Windows\System32\yWHaKZF.exe

C:\Windows\System32\yWHaKZF.exe

C:\Windows\System32\DXaIcTE.exe

C:\Windows\System32\DXaIcTE.exe

C:\Windows\System32\vClWcnn.exe

C:\Windows\System32\vClWcnn.exe

C:\Windows\System32\lDDkdYq.exe

C:\Windows\System32\lDDkdYq.exe

C:\Windows\System32\afoUTXh.exe

C:\Windows\System32\afoUTXh.exe

C:\Windows\System32\VKqQdST.exe

C:\Windows\System32\VKqQdST.exe

C:\Windows\System32\Tmdnwrs.exe

C:\Windows\System32\Tmdnwrs.exe

C:\Windows\System32\nJEnSsl.exe

C:\Windows\System32\nJEnSsl.exe

C:\Windows\System32\pmnOcnU.exe

C:\Windows\System32\pmnOcnU.exe

C:\Windows\System32\EfQUfbQ.exe

C:\Windows\System32\EfQUfbQ.exe

C:\Windows\System32\YwiYoer.exe

C:\Windows\System32\YwiYoer.exe

C:\Windows\System32\gJFGmMD.exe

C:\Windows\System32\gJFGmMD.exe

C:\Windows\System32\trxMhUQ.exe

C:\Windows\System32\trxMhUQ.exe

C:\Windows\System32\qJbxgMt.exe

C:\Windows\System32\qJbxgMt.exe

C:\Windows\System32\urVkMqV.exe

C:\Windows\System32\urVkMqV.exe

C:\Windows\System32\XwXcgoi.exe

C:\Windows\System32\XwXcgoi.exe

C:\Windows\System32\OMJvuYI.exe

C:\Windows\System32\OMJvuYI.exe

C:\Windows\System32\poresvo.exe

C:\Windows\System32\poresvo.exe

C:\Windows\System32\YTTFGMN.exe

C:\Windows\System32\YTTFGMN.exe

C:\Windows\System32\jUaCVfY.exe

C:\Windows\System32\jUaCVfY.exe

C:\Windows\System32\OFIMzVb.exe

C:\Windows\System32\OFIMzVb.exe

C:\Windows\System32\UzxkImi.exe

C:\Windows\System32\UzxkImi.exe

C:\Windows\System32\UmkAYQv.exe

C:\Windows\System32\UmkAYQv.exe

C:\Windows\System32\ONTpzdX.exe

C:\Windows\System32\ONTpzdX.exe

C:\Windows\System32\HFMtIZx.exe

C:\Windows\System32\HFMtIZx.exe

C:\Windows\System32\QAdWHQK.exe

C:\Windows\System32\QAdWHQK.exe

C:\Windows\System32\xYozmAf.exe

C:\Windows\System32\xYozmAf.exe

C:\Windows\System32\bTWToCE.exe

C:\Windows\System32\bTWToCE.exe

C:\Windows\System32\JuLiuWz.exe

C:\Windows\System32\JuLiuWz.exe

C:\Windows\System32\kGxOxpx.exe

C:\Windows\System32\kGxOxpx.exe

C:\Windows\System32\NevPMBF.exe

C:\Windows\System32\NevPMBF.exe

C:\Windows\System32\GPOhwNi.exe

C:\Windows\System32\GPOhwNi.exe

C:\Windows\System32\ZMuhMYQ.exe

C:\Windows\System32\ZMuhMYQ.exe

C:\Windows\System32\GUoehmN.exe

C:\Windows\System32\GUoehmN.exe

C:\Windows\System32\QixicQU.exe

C:\Windows\System32\QixicQU.exe

C:\Windows\System32\OSiiCqN.exe

C:\Windows\System32\OSiiCqN.exe

C:\Windows\System32\UuYRoqy.exe

C:\Windows\System32\UuYRoqy.exe

C:\Windows\System32\sHbSgwi.exe

C:\Windows\System32\sHbSgwi.exe

C:\Windows\System32\EJdpuip.exe

C:\Windows\System32\EJdpuip.exe

C:\Windows\System32\PrEgiac.exe

C:\Windows\System32\PrEgiac.exe

C:\Windows\System32\DAVxjWa.exe

C:\Windows\System32\DAVxjWa.exe

C:\Windows\System32\wORgjGS.exe

C:\Windows\System32\wORgjGS.exe

C:\Windows\System32\lXaneiE.exe

C:\Windows\System32\lXaneiE.exe

C:\Windows\System32\KOeUAqD.exe

C:\Windows\System32\KOeUAqD.exe

C:\Windows\System32\sCVLVFm.exe

C:\Windows\System32\sCVLVFm.exe

C:\Windows\System32\tUEpNKh.exe

C:\Windows\System32\tUEpNKh.exe

C:\Windows\System32\fEkeqJU.exe

C:\Windows\System32\fEkeqJU.exe

C:\Windows\System32\PGRValO.exe

C:\Windows\System32\PGRValO.exe

C:\Windows\System32\pcOsgyR.exe

C:\Windows\System32\pcOsgyR.exe

C:\Windows\System32\dfdjIVx.exe

C:\Windows\System32\dfdjIVx.exe

C:\Windows\System32\TiBkphe.exe

C:\Windows\System32\TiBkphe.exe

C:\Windows\System32\AQPYYfq.exe

C:\Windows\System32\AQPYYfq.exe

C:\Windows\System32\dVbnjBK.exe

C:\Windows\System32\dVbnjBK.exe

C:\Windows\System32\aicsqOP.exe

C:\Windows\System32\aicsqOP.exe

C:\Windows\System32\IUglyul.exe

C:\Windows\System32\IUglyul.exe

C:\Windows\System32\yJUAIOa.exe

C:\Windows\System32\yJUAIOa.exe

C:\Windows\System32\VNjKdnG.exe

C:\Windows\System32\VNjKdnG.exe

C:\Windows\System32\DhbycyQ.exe

C:\Windows\System32\DhbycyQ.exe

C:\Windows\System32\cViXHGV.exe

C:\Windows\System32\cViXHGV.exe

C:\Windows\System32\ePXSUJK.exe

C:\Windows\System32\ePXSUJK.exe

C:\Windows\System32\oXtxrNz.exe

C:\Windows\System32\oXtxrNz.exe

C:\Windows\System32\BPglJfW.exe

C:\Windows\System32\BPglJfW.exe

C:\Windows\System32\fZOGlri.exe

C:\Windows\System32\fZOGlri.exe

C:\Windows\System32\pLTyLmY.exe

C:\Windows\System32\pLTyLmY.exe

C:\Windows\System32\VmxTlUu.exe

C:\Windows\System32\VmxTlUu.exe

C:\Windows\System32\CAdnraY.exe

C:\Windows\System32\CAdnraY.exe

C:\Windows\System32\uKRATOD.exe

C:\Windows\System32\uKRATOD.exe

C:\Windows\System32\VsUAfha.exe

C:\Windows\System32\VsUAfha.exe

C:\Windows\System32\ntKdaFn.exe

C:\Windows\System32\ntKdaFn.exe

C:\Windows\System32\mrbShMf.exe

C:\Windows\System32\mrbShMf.exe

C:\Windows\System32\dxcvSQQ.exe

C:\Windows\System32\dxcvSQQ.exe

C:\Windows\System32\dHjzKbg.exe

C:\Windows\System32\dHjzKbg.exe

C:\Windows\System32\lhPvIli.exe

C:\Windows\System32\lhPvIli.exe

C:\Windows\System32\SkzyaqT.exe

C:\Windows\System32\SkzyaqT.exe

C:\Windows\System32\uGTePjY.exe

C:\Windows\System32\uGTePjY.exe

C:\Windows\System32\rHEGsaB.exe

C:\Windows\System32\rHEGsaB.exe

C:\Windows\System32\bUdczKD.exe

C:\Windows\System32\bUdczKD.exe

C:\Windows\System32\WAwrzHV.exe

C:\Windows\System32\WAwrzHV.exe

C:\Windows\System32\fzMHzLN.exe

C:\Windows\System32\fzMHzLN.exe

C:\Windows\System32\BGSdSTg.exe

C:\Windows\System32\BGSdSTg.exe

C:\Windows\System32\KzLTDPQ.exe

C:\Windows\System32\KzLTDPQ.exe

C:\Windows\System32\tdQTbaR.exe

C:\Windows\System32\tdQTbaR.exe

C:\Windows\System32\AIFjAsg.exe

C:\Windows\System32\AIFjAsg.exe

C:\Windows\System32\mTCfaaf.exe

C:\Windows\System32\mTCfaaf.exe

C:\Windows\System32\buLPdyc.exe

C:\Windows\System32\buLPdyc.exe

C:\Windows\System32\kJUEQrI.exe

C:\Windows\System32\kJUEQrI.exe

C:\Windows\System32\SojBxgX.exe

C:\Windows\System32\SojBxgX.exe

C:\Windows\System32\PCabYXQ.exe

C:\Windows\System32\PCabYXQ.exe

C:\Windows\System32\mmgBqjl.exe

C:\Windows\System32\mmgBqjl.exe

C:\Windows\System32\eTFxWOA.exe

C:\Windows\System32\eTFxWOA.exe

C:\Windows\System32\WQcGxbY.exe

C:\Windows\System32\WQcGxbY.exe

C:\Windows\System32\ayyMtbB.exe

C:\Windows\System32\ayyMtbB.exe

C:\Windows\System32\GVCjSOA.exe

C:\Windows\System32\GVCjSOA.exe

C:\Windows\System32\NIXwcOd.exe

C:\Windows\System32\NIXwcOd.exe

C:\Windows\System32\gQnwnuR.exe

C:\Windows\System32\gQnwnuR.exe

C:\Windows\System32\hVpGdJn.exe

C:\Windows\System32\hVpGdJn.exe

C:\Windows\System32\vxSFJBd.exe

C:\Windows\System32\vxSFJBd.exe

C:\Windows\System32\RupczTU.exe

C:\Windows\System32\RupczTU.exe

C:\Windows\System32\oiOuYsB.exe

C:\Windows\System32\oiOuYsB.exe

C:\Windows\System32\XcMGitE.exe

C:\Windows\System32\XcMGitE.exe

C:\Windows\System32\fHSDHsY.exe

C:\Windows\System32\fHSDHsY.exe

C:\Windows\System32\oBudrpa.exe

C:\Windows\System32\oBudrpa.exe

C:\Windows\System32\AnOqsIW.exe

C:\Windows\System32\AnOqsIW.exe

C:\Windows\System32\pgIObeF.exe

C:\Windows\System32\pgIObeF.exe

C:\Windows\System32\zSapQJK.exe

C:\Windows\System32\zSapQJK.exe

C:\Windows\System32\ptvGChR.exe

C:\Windows\System32\ptvGChR.exe

C:\Windows\System32\lHmloSo.exe

C:\Windows\System32\lHmloSo.exe

C:\Windows\System32\QixVeQp.exe

C:\Windows\System32\QixVeQp.exe

C:\Windows\System32\OtmmwVv.exe

C:\Windows\System32\OtmmwVv.exe

C:\Windows\System32\sBuNhHP.exe

C:\Windows\System32\sBuNhHP.exe

C:\Windows\System32\ZssxDUy.exe

C:\Windows\System32\ZssxDUy.exe

C:\Windows\System32\rBabLLE.exe

C:\Windows\System32\rBabLLE.exe

C:\Windows\System32\CRPMgvs.exe

C:\Windows\System32\CRPMgvs.exe

C:\Windows\System32\mlscprB.exe

C:\Windows\System32\mlscprB.exe

C:\Windows\System32\gjvwsuf.exe

C:\Windows\System32\gjvwsuf.exe

C:\Windows\System32\lUhwXcj.exe

C:\Windows\System32\lUhwXcj.exe

C:\Windows\System32\Mwirpqw.exe

C:\Windows\System32\Mwirpqw.exe

C:\Windows\System32\DCaIuJE.exe

C:\Windows\System32\DCaIuJE.exe

C:\Windows\System32\RczjXWN.exe

C:\Windows\System32\RczjXWN.exe

C:\Windows\System32\beToSRx.exe

C:\Windows\System32\beToSRx.exe

C:\Windows\System32\UOjUzpE.exe

C:\Windows\System32\UOjUzpE.exe

C:\Windows\System32\taauaUr.exe

C:\Windows\System32\taauaUr.exe

C:\Windows\System32\jbdnJgF.exe

C:\Windows\System32\jbdnJgF.exe

C:\Windows\System32\MmzpWhU.exe

C:\Windows\System32\MmzpWhU.exe

C:\Windows\System32\uneYhPe.exe

C:\Windows\System32\uneYhPe.exe

C:\Windows\System32\teDpRRP.exe

C:\Windows\System32\teDpRRP.exe

C:\Windows\System32\rwEfrnZ.exe

C:\Windows\System32\rwEfrnZ.exe

C:\Windows\System32\yDtXmBB.exe

C:\Windows\System32\yDtXmBB.exe

C:\Windows\System32\BJoASoD.exe

C:\Windows\System32\BJoASoD.exe

C:\Windows\System32\PnglDVK.exe

C:\Windows\System32\PnglDVK.exe

C:\Windows\System32\aBnbLXW.exe

C:\Windows\System32\aBnbLXW.exe

C:\Windows\System32\fTrzeCv.exe

C:\Windows\System32\fTrzeCv.exe

C:\Windows\System32\NNLMIDi.exe

C:\Windows\System32\NNLMIDi.exe

C:\Windows\System32\YnxRCQb.exe

C:\Windows\System32\YnxRCQb.exe

C:\Windows\System32\MiRxAlW.exe

C:\Windows\System32\MiRxAlW.exe

C:\Windows\System32\WcozUzv.exe

C:\Windows\System32\WcozUzv.exe

C:\Windows\System32\BvlxnNM.exe

C:\Windows\System32\BvlxnNM.exe

C:\Windows\System32\udJySAz.exe

C:\Windows\System32\udJySAz.exe

C:\Windows\System32\JwyssmX.exe

C:\Windows\System32\JwyssmX.exe

C:\Windows\System32\siyNTUk.exe

C:\Windows\System32\siyNTUk.exe

C:\Windows\System32\GosSpvb.exe

C:\Windows\System32\GosSpvb.exe

C:\Windows\System32\ltnxYZt.exe

C:\Windows\System32\ltnxYZt.exe

C:\Windows\System32\HcdtuYS.exe

C:\Windows\System32\HcdtuYS.exe

C:\Windows\System32\QPWkGcF.exe

C:\Windows\System32\QPWkGcF.exe

C:\Windows\System32\WCGbKnr.exe

C:\Windows\System32\WCGbKnr.exe

C:\Windows\System32\UjFDmqD.exe

C:\Windows\System32\UjFDmqD.exe

C:\Windows\System32\JlviUaT.exe

C:\Windows\System32\JlviUaT.exe

C:\Windows\System32\EnBbHYm.exe

C:\Windows\System32\EnBbHYm.exe

C:\Windows\System32\eIcbrfO.exe

C:\Windows\System32\eIcbrfO.exe

C:\Windows\System32\ocRsDZU.exe

C:\Windows\System32\ocRsDZU.exe

C:\Windows\System32\NAhhVMY.exe

C:\Windows\System32\NAhhVMY.exe

C:\Windows\System32\HuJxnbY.exe

C:\Windows\System32\HuJxnbY.exe

C:\Windows\System32\tghVBmd.exe

C:\Windows\System32\tghVBmd.exe

C:\Windows\System32\DvrfZYX.exe

C:\Windows\System32\DvrfZYX.exe

C:\Windows\System32\TQpNTpM.exe

C:\Windows\System32\TQpNTpM.exe

C:\Windows\System32\IIppLEP.exe

C:\Windows\System32\IIppLEP.exe

C:\Windows\System32\BuUedNC.exe

C:\Windows\System32\BuUedNC.exe

C:\Windows\System32\OnDihJs.exe

C:\Windows\System32\OnDihJs.exe

C:\Windows\System32\MJXlzUO.exe

C:\Windows\System32\MJXlzUO.exe

C:\Windows\System32\cqFUMSz.exe

C:\Windows\System32\cqFUMSz.exe

C:\Windows\System32\AGILhkk.exe

C:\Windows\System32\AGILhkk.exe

C:\Windows\System32\LpmVUYV.exe

C:\Windows\System32\LpmVUYV.exe

C:\Windows\System32\YhcvpFZ.exe

C:\Windows\System32\YhcvpFZ.exe

C:\Windows\System32\aDBwTYD.exe

C:\Windows\System32\aDBwTYD.exe

C:\Windows\System32\USnQKWH.exe

C:\Windows\System32\USnQKWH.exe

C:\Windows\System32\DgHokzF.exe

C:\Windows\System32\DgHokzF.exe

C:\Windows\System32\PnLxpYk.exe

C:\Windows\System32\PnLxpYk.exe

C:\Windows\System32\aBJVNHl.exe

C:\Windows\System32\aBJVNHl.exe

C:\Windows\System32\fUABsZh.exe

C:\Windows\System32\fUABsZh.exe

C:\Windows\System32\QdMQKHm.exe

C:\Windows\System32\QdMQKHm.exe

C:\Windows\System32\qjDbAMD.exe

C:\Windows\System32\qjDbAMD.exe

C:\Windows\System32\fEXittZ.exe

C:\Windows\System32\fEXittZ.exe

C:\Windows\System32\LZSzIQZ.exe

C:\Windows\System32\LZSzIQZ.exe

C:\Windows\System32\RLhVAJH.exe

C:\Windows\System32\RLhVAJH.exe

C:\Windows\System32\dGziAvi.exe

C:\Windows\System32\dGziAvi.exe

C:\Windows\System32\gEQWrbF.exe

C:\Windows\System32\gEQWrbF.exe

C:\Windows\System32\AGhRiPz.exe

C:\Windows\System32\AGhRiPz.exe

C:\Windows\System32\yISzzUd.exe

C:\Windows\System32\yISzzUd.exe

C:\Windows\System32\coKtNVs.exe

C:\Windows\System32\coKtNVs.exe

C:\Windows\System32\gUmLicp.exe

C:\Windows\System32\gUmLicp.exe

C:\Windows\System32\yJHtLen.exe

C:\Windows\System32\yJHtLen.exe

C:\Windows\System32\BGdFTCM.exe

C:\Windows\System32\BGdFTCM.exe

C:\Windows\System32\oKpxoxr.exe

C:\Windows\System32\oKpxoxr.exe

C:\Windows\System32\bNzqTWy.exe

C:\Windows\System32\bNzqTWy.exe

C:\Windows\System32\ULhrwlu.exe

C:\Windows\System32\ULhrwlu.exe

C:\Windows\System32\sOYBRlz.exe

C:\Windows\System32\sOYBRlz.exe

C:\Windows\System32\GsgmyhR.exe

C:\Windows\System32\GsgmyhR.exe

C:\Windows\System32\JOZvYaz.exe

C:\Windows\System32\JOZvYaz.exe

C:\Windows\System32\aNSDrAr.exe

C:\Windows\System32\aNSDrAr.exe

C:\Windows\System32\zczuntQ.exe

C:\Windows\System32\zczuntQ.exe

C:\Windows\System32\FKQPIJR.exe

C:\Windows\System32\FKQPIJR.exe

C:\Windows\System32\WevtUxE.exe

C:\Windows\System32\WevtUxE.exe

C:\Windows\System32\pkhOJdG.exe

C:\Windows\System32\pkhOJdG.exe

C:\Windows\System32\CIGBqIR.exe

C:\Windows\System32\CIGBqIR.exe

C:\Windows\System32\ylpGShY.exe

C:\Windows\System32\ylpGShY.exe

C:\Windows\System32\EXKJROp.exe

C:\Windows\System32\EXKJROp.exe

C:\Windows\System32\lesiHRh.exe

C:\Windows\System32\lesiHRh.exe

C:\Windows\System32\OTEtyOi.exe

C:\Windows\System32\OTEtyOi.exe

C:\Windows\System32\dleyxGd.exe

C:\Windows\System32\dleyxGd.exe

C:\Windows\System32\gRNhwFY.exe

C:\Windows\System32\gRNhwFY.exe

C:\Windows\System32\JJPoreR.exe

C:\Windows\System32\JJPoreR.exe

C:\Windows\System32\sZeomqR.exe

C:\Windows\System32\sZeomqR.exe

C:\Windows\System32\kCKjnrW.exe

C:\Windows\System32\kCKjnrW.exe

C:\Windows\System32\vfPHWVY.exe

C:\Windows\System32\vfPHWVY.exe

C:\Windows\System32\kgVTqAz.exe

C:\Windows\System32\kgVTqAz.exe

C:\Windows\System32\mTCnoQD.exe

C:\Windows\System32\mTCnoQD.exe

C:\Windows\System32\wGmdVZI.exe

C:\Windows\System32\wGmdVZI.exe

C:\Windows\System32\vASLlSC.exe

C:\Windows\System32\vASLlSC.exe

C:\Windows\System32\yBzYUJd.exe

C:\Windows\System32\yBzYUJd.exe

C:\Windows\System32\ofsOukS.exe

C:\Windows\System32\ofsOukS.exe

C:\Windows\System32\OFXCHat.exe

C:\Windows\System32\OFXCHat.exe

C:\Windows\System32\YIoxsPP.exe

C:\Windows\System32\YIoxsPP.exe

C:\Windows\System32\KglHlwF.exe

C:\Windows\System32\KglHlwF.exe

C:\Windows\System32\vumtTxg.exe

C:\Windows\System32\vumtTxg.exe

C:\Windows\System32\HJWXKTq.exe

C:\Windows\System32\HJWXKTq.exe

C:\Windows\System32\wNKtNUz.exe

C:\Windows\System32\wNKtNUz.exe

C:\Windows\System32\cdvaXyj.exe

C:\Windows\System32\cdvaXyj.exe

C:\Windows\System32\dNtzQJE.exe

C:\Windows\System32\dNtzQJE.exe

C:\Windows\System32\gwfCXsE.exe

C:\Windows\System32\gwfCXsE.exe

C:\Windows\System32\fPHcNAK.exe

C:\Windows\System32\fPHcNAK.exe

C:\Windows\System32\awyjJgt.exe

C:\Windows\System32\awyjJgt.exe

C:\Windows\System32\jJgRcBq.exe

C:\Windows\System32\jJgRcBq.exe

C:\Windows\System32\zvpsycd.exe

C:\Windows\System32\zvpsycd.exe

C:\Windows\System32\WnaeMxu.exe

C:\Windows\System32\WnaeMxu.exe

C:\Windows\System32\CyLhror.exe

C:\Windows\System32\CyLhror.exe

C:\Windows\System32\LPNMWJu.exe

C:\Windows\System32\LPNMWJu.exe

C:\Windows\System32\HsLwZMN.exe

C:\Windows\System32\HsLwZMN.exe

C:\Windows\System32\EkupoCI.exe

C:\Windows\System32\EkupoCI.exe

C:\Windows\System32\USOLFfU.exe

C:\Windows\System32\USOLFfU.exe

C:\Windows\System32\zmZsXso.exe

C:\Windows\System32\zmZsXso.exe

C:\Windows\System32\TMUvEdX.exe

C:\Windows\System32\TMUvEdX.exe

C:\Windows\System32\ASnpWaE.exe

C:\Windows\System32\ASnpWaE.exe

C:\Windows\System32\LWDGBLA.exe

C:\Windows\System32\LWDGBLA.exe

C:\Windows\System32\FkJTOtw.exe

C:\Windows\System32\FkJTOtw.exe

C:\Windows\System32\LCaPSft.exe

C:\Windows\System32\LCaPSft.exe

C:\Windows\System32\VTEFcyt.exe

C:\Windows\System32\VTEFcyt.exe

C:\Windows\System32\ijFIIXp.exe

C:\Windows\System32\ijFIIXp.exe

C:\Windows\System32\JkBSklH.exe

C:\Windows\System32\JkBSklH.exe

C:\Windows\System32\jlqqeWO.exe

C:\Windows\System32\jlqqeWO.exe

C:\Windows\System32\ZPEWcEE.exe

C:\Windows\System32\ZPEWcEE.exe

C:\Windows\System32\WqkKbgE.exe

C:\Windows\System32\WqkKbgE.exe

C:\Windows\System32\nFrlAQj.exe

C:\Windows\System32\nFrlAQj.exe

C:\Windows\System32\NUiHBZf.exe

C:\Windows\System32\NUiHBZf.exe

C:\Windows\System32\ZDqodUc.exe

C:\Windows\System32\ZDqodUc.exe

C:\Windows\System32\WkYeVTG.exe

C:\Windows\System32\WkYeVTG.exe

C:\Windows\System32\bmNuTZX.exe

C:\Windows\System32\bmNuTZX.exe

C:\Windows\System32\wmeEZdh.exe

C:\Windows\System32\wmeEZdh.exe

C:\Windows\System32\MVtLhIH.exe

C:\Windows\System32\MVtLhIH.exe

C:\Windows\System32\jIzuLOi.exe

C:\Windows\System32\jIzuLOi.exe

C:\Windows\System32\CiBecqM.exe

C:\Windows\System32\CiBecqM.exe

C:\Windows\System32\tCRvdWU.exe

C:\Windows\System32\tCRvdWU.exe

C:\Windows\System32\rgToiWz.exe

C:\Windows\System32\rgToiWz.exe

C:\Windows\System32\ZYxYYRY.exe

C:\Windows\System32\ZYxYYRY.exe

C:\Windows\System32\QadXPKQ.exe

C:\Windows\System32\QadXPKQ.exe

C:\Windows\System32\RUohxIy.exe

C:\Windows\System32\RUohxIy.exe

C:\Windows\System32\bgrowmv.exe

C:\Windows\System32\bgrowmv.exe

C:\Windows\System32\laCdmRI.exe

C:\Windows\System32\laCdmRI.exe

C:\Windows\System32\XurTOLR.exe

C:\Windows\System32\XurTOLR.exe

C:\Windows\System32\RkNiHQt.exe

C:\Windows\System32\RkNiHQt.exe

C:\Windows\System32\qZctNSU.exe

C:\Windows\System32\qZctNSU.exe

C:\Windows\System32\sdHqfmT.exe

C:\Windows\System32\sdHqfmT.exe

C:\Windows\System32\cDVqlpw.exe

C:\Windows\System32\cDVqlpw.exe

C:\Windows\System32\QJFJEiJ.exe

C:\Windows\System32\QJFJEiJ.exe

C:\Windows\System32\WZzmNJh.exe

C:\Windows\System32\WZzmNJh.exe

C:\Windows\System32\yrXnGRB.exe

C:\Windows\System32\yrXnGRB.exe

C:\Windows\System32\QaepKYz.exe

C:\Windows\System32\QaepKYz.exe

C:\Windows\System32\rfDjJZo.exe

C:\Windows\System32\rfDjJZo.exe

C:\Windows\System32\wFcXkyB.exe

C:\Windows\System32\wFcXkyB.exe

C:\Windows\System32\wbiSoxF.exe

C:\Windows\System32\wbiSoxF.exe

C:\Windows\System32\ePPjFgp.exe

C:\Windows\System32\ePPjFgp.exe

C:\Windows\System32\TPqkhBc.exe

C:\Windows\System32\TPqkhBc.exe

C:\Windows\System32\ulQOZiR.exe

C:\Windows\System32\ulQOZiR.exe

C:\Windows\System32\yzwObJC.exe

C:\Windows\System32\yzwObJC.exe

C:\Windows\System32\XpHTeTP.exe

C:\Windows\System32\XpHTeTP.exe

C:\Windows\System32\fBMCLni.exe

C:\Windows\System32\fBMCLni.exe

C:\Windows\System32\iEVytBw.exe

C:\Windows\System32\iEVytBw.exe

C:\Windows\System32\lJSZjse.exe

C:\Windows\System32\lJSZjse.exe

C:\Windows\System32\zrdjWTX.exe

C:\Windows\System32\zrdjWTX.exe

C:\Windows\System32\XXXMMiR.exe

C:\Windows\System32\XXXMMiR.exe

C:\Windows\System32\JUIRgPu.exe

C:\Windows\System32\JUIRgPu.exe

C:\Windows\System32\LJOnAgt.exe

C:\Windows\System32\LJOnAgt.exe

C:\Windows\System32\CpGKjpO.exe

C:\Windows\System32\CpGKjpO.exe

C:\Windows\System32\BnyPBUK.exe

C:\Windows\System32\BnyPBUK.exe

C:\Windows\System32\VwsWjnb.exe

C:\Windows\System32\VwsWjnb.exe

C:\Windows\System32\OYnjlHt.exe

C:\Windows\System32\OYnjlHt.exe

C:\Windows\System32\kjCgxfk.exe

C:\Windows\System32\kjCgxfk.exe

C:\Windows\System32\YqLOdJg.exe

C:\Windows\System32\YqLOdJg.exe

C:\Windows\System32\tTVFrBc.exe

C:\Windows\System32\tTVFrBc.exe

C:\Windows\System32\VLbonLl.exe

C:\Windows\System32\VLbonLl.exe

C:\Windows\System32\BuEGTNg.exe

C:\Windows\System32\BuEGTNg.exe

C:\Windows\System32\brbrvNM.exe

C:\Windows\System32\brbrvNM.exe

C:\Windows\System32\rvdguoW.exe

C:\Windows\System32\rvdguoW.exe

C:\Windows\System32\dAlZksB.exe

C:\Windows\System32\dAlZksB.exe

C:\Windows\System32\DDwpImd.exe

C:\Windows\System32\DDwpImd.exe

C:\Windows\System32\xnDoCVk.exe

C:\Windows\System32\xnDoCVk.exe

C:\Windows\System32\mOOZdeP.exe

C:\Windows\System32\mOOZdeP.exe

C:\Windows\System32\EMnMpXh.exe

C:\Windows\System32\EMnMpXh.exe

C:\Windows\System32\soxuaDP.exe

C:\Windows\System32\soxuaDP.exe

C:\Windows\System32\YdlHvMC.exe

C:\Windows\System32\YdlHvMC.exe

C:\Windows\System32\xcQirDv.exe

C:\Windows\System32\xcQirDv.exe

C:\Windows\System32\bCQfcyt.exe

C:\Windows\System32\bCQfcyt.exe

C:\Windows\System32\hdbMHev.exe

C:\Windows\System32\hdbMHev.exe

C:\Windows\System32\gCroPQA.exe

C:\Windows\System32\gCroPQA.exe

C:\Windows\System32\udkawHT.exe

C:\Windows\System32\udkawHT.exe

C:\Windows\System32\sqkgVCN.exe

C:\Windows\System32\sqkgVCN.exe

C:\Windows\System32\vbwCase.exe

C:\Windows\System32\vbwCase.exe

C:\Windows\System32\qsgtyTW.exe

C:\Windows\System32\qsgtyTW.exe

C:\Windows\System32\gvVRkko.exe

C:\Windows\System32\gvVRkko.exe

C:\Windows\System32\Mcvlrzz.exe

C:\Windows\System32\Mcvlrzz.exe

C:\Windows\System32\Vquwomq.exe

C:\Windows\System32\Vquwomq.exe

C:\Windows\System32\XwubSUJ.exe

C:\Windows\System32\XwubSUJ.exe

C:\Windows\System32\RQHeicT.exe

C:\Windows\System32\RQHeicT.exe

C:\Windows\System32\mMHGIBx.exe

C:\Windows\System32\mMHGIBx.exe

C:\Windows\System32\yRWbXCm.exe

C:\Windows\System32\yRWbXCm.exe

C:\Windows\System32\gzToCqG.exe

C:\Windows\System32\gzToCqG.exe

C:\Windows\System32\kzojURU.exe

C:\Windows\System32\kzojURU.exe

C:\Windows\System32\ZEvjuSL.exe

C:\Windows\System32\ZEvjuSL.exe

C:\Windows\System32\lIXppxf.exe

C:\Windows\System32\lIXppxf.exe

C:\Windows\System32\jdwGjeU.exe

C:\Windows\System32\jdwGjeU.exe

C:\Windows\System32\dzEzeSE.exe

C:\Windows\System32\dzEzeSE.exe

C:\Windows\System32\VExMlqi.exe

C:\Windows\System32\VExMlqi.exe

C:\Windows\System32\WKTcKNq.exe

C:\Windows\System32\WKTcKNq.exe

C:\Windows\System32\tWpmqiN.exe

C:\Windows\System32\tWpmqiN.exe

C:\Windows\System32\bJtzguF.exe

C:\Windows\System32\bJtzguF.exe

C:\Windows\System32\Uutauql.exe

C:\Windows\System32\Uutauql.exe

C:\Windows\System32\aWWjpCV.exe

C:\Windows\System32\aWWjpCV.exe

C:\Windows\System32\KrMfGSa.exe

C:\Windows\System32\KrMfGSa.exe

C:\Windows\System32\zpbJSuF.exe

C:\Windows\System32\zpbJSuF.exe

C:\Windows\System32\WQEPCdI.exe

C:\Windows\System32\WQEPCdI.exe

C:\Windows\System32\GhdlKtr.exe

C:\Windows\System32\GhdlKtr.exe

C:\Windows\System32\jwJbwlp.exe

C:\Windows\System32\jwJbwlp.exe

C:\Windows\System32\ntzaAWj.exe

C:\Windows\System32\ntzaAWj.exe

C:\Windows\System32\WHiAuuM.exe

C:\Windows\System32\WHiAuuM.exe

C:\Windows\System32\yIVetft.exe

C:\Windows\System32\yIVetft.exe

C:\Windows\System32\hcxucFY.exe

C:\Windows\System32\hcxucFY.exe

C:\Windows\System32\FpfLgMr.exe

C:\Windows\System32\FpfLgMr.exe

C:\Windows\System32\CFjcBfu.exe

C:\Windows\System32\CFjcBfu.exe

C:\Windows\System32\TYRfKZE.exe

C:\Windows\System32\TYRfKZE.exe

C:\Windows\System32\IImeuSa.exe

C:\Windows\System32\IImeuSa.exe

C:\Windows\System32\SNmNjyr.exe

C:\Windows\System32\SNmNjyr.exe

C:\Windows\System32\rNBWVHr.exe

C:\Windows\System32\rNBWVHr.exe

C:\Windows\System32\jtZlDCo.exe

C:\Windows\System32\jtZlDCo.exe

C:\Windows\System32\lMSUpNC.exe

C:\Windows\System32\lMSUpNC.exe

C:\Windows\System32\BPnpeUc.exe

C:\Windows\System32\BPnpeUc.exe

C:\Windows\System32\jRGJCUy.exe

C:\Windows\System32\jRGJCUy.exe

C:\Windows\System32\JeagWdo.exe

C:\Windows\System32\JeagWdo.exe

C:\Windows\System32\GtrUVPY.exe

C:\Windows\System32\GtrUVPY.exe

C:\Windows\System32\ZOFrtbh.exe

C:\Windows\System32\ZOFrtbh.exe

C:\Windows\System32\UpjmNdC.exe

C:\Windows\System32\UpjmNdC.exe

C:\Windows\System32\qhBIkTI.exe

C:\Windows\System32\qhBIkTI.exe

C:\Windows\System32\LQLOVwx.exe

C:\Windows\System32\LQLOVwx.exe

C:\Windows\System32\VvcYVXx.exe

C:\Windows\System32\VvcYVXx.exe

C:\Windows\System32\feozGGa.exe

C:\Windows\System32\feozGGa.exe

C:\Windows\System32\qKlvJRM.exe

C:\Windows\System32\qKlvJRM.exe

C:\Windows\System32\neodHDe.exe

C:\Windows\System32\neodHDe.exe

C:\Windows\System32\BHjyvhl.exe

C:\Windows\System32\BHjyvhl.exe

C:\Windows\System32\hrPNDxE.exe

C:\Windows\System32\hrPNDxE.exe

C:\Windows\System32\bEcbftK.exe

C:\Windows\System32\bEcbftK.exe

C:\Windows\System32\usNjsMy.exe

C:\Windows\System32\usNjsMy.exe

C:\Windows\System32\HqGqiMY.exe

C:\Windows\System32\HqGqiMY.exe

C:\Windows\System32\cZliici.exe

C:\Windows\System32\cZliici.exe

C:\Windows\System32\tlvzekf.exe

C:\Windows\System32\tlvzekf.exe

C:\Windows\System32\asWneLT.exe

C:\Windows\System32\asWneLT.exe

C:\Windows\System32\sXfCKPy.exe

C:\Windows\System32\sXfCKPy.exe

C:\Windows\System32\WDeIIQH.exe

C:\Windows\System32\WDeIIQH.exe

C:\Windows\System32\JRpekNR.exe

C:\Windows\System32\JRpekNR.exe

C:\Windows\System32\SRYlRSj.exe

C:\Windows\System32\SRYlRSj.exe

C:\Windows\System32\fnGqpsh.exe

C:\Windows\System32\fnGqpsh.exe

C:\Windows\System32\PupjCqx.exe

C:\Windows\System32\PupjCqx.exe

C:\Windows\System32\NbDtoIC.exe

C:\Windows\System32\NbDtoIC.exe

C:\Windows\System32\XbigSHH.exe

C:\Windows\System32\XbigSHH.exe

C:\Windows\System32\dJcrQLx.exe

C:\Windows\System32\dJcrQLx.exe

C:\Windows\System32\AiGjmiV.exe

C:\Windows\System32\AiGjmiV.exe

C:\Windows\System32\DxcaUIb.exe

C:\Windows\System32\DxcaUIb.exe

C:\Windows\System32\pvdgYWa.exe

C:\Windows\System32\pvdgYWa.exe

C:\Windows\System32\GbLcotj.exe

C:\Windows\System32\GbLcotj.exe

C:\Windows\System32\qczOEWM.exe

C:\Windows\System32\qczOEWM.exe

C:\Windows\System32\XpNhyCZ.exe

C:\Windows\System32\XpNhyCZ.exe

C:\Windows\System32\nnmWRPA.exe

C:\Windows\System32\nnmWRPA.exe

C:\Windows\System32\Ppsduoa.exe

C:\Windows\System32\Ppsduoa.exe

C:\Windows\System32\QTFZwiv.exe

C:\Windows\System32\QTFZwiv.exe

C:\Windows\System32\CdbHyld.exe

C:\Windows\System32\CdbHyld.exe

C:\Windows\System32\DvuiUMT.exe

C:\Windows\System32\DvuiUMT.exe

C:\Windows\System32\WAuuDjZ.exe

C:\Windows\System32\WAuuDjZ.exe

C:\Windows\System32\xiYbOMW.exe

C:\Windows\System32\xiYbOMW.exe

C:\Windows\System32\sbCAyjM.exe

C:\Windows\System32\sbCAyjM.exe

C:\Windows\System32\hZvzPtB.exe

C:\Windows\System32\hZvzPtB.exe

C:\Windows\System32\Gmtlfdm.exe

C:\Windows\System32\Gmtlfdm.exe

C:\Windows\System32\TMfbxPw.exe

C:\Windows\System32\TMfbxPw.exe

C:\Windows\System32\MhpMTgd.exe

C:\Windows\System32\MhpMTgd.exe

C:\Windows\System32\GrqEwxA.exe

C:\Windows\System32\GrqEwxA.exe

C:\Windows\System32\FEgYUVo.exe

C:\Windows\System32\FEgYUVo.exe

C:\Windows\System32\XtaQxfn.exe

C:\Windows\System32\XtaQxfn.exe

C:\Windows\System32\KdvsGeH.exe

C:\Windows\System32\KdvsGeH.exe

C:\Windows\System32\OwEwCjd.exe

C:\Windows\System32\OwEwCjd.exe

C:\Windows\System32\wXmTXmf.exe

C:\Windows\System32\wXmTXmf.exe

C:\Windows\System32\bleZgOp.exe

C:\Windows\System32\bleZgOp.exe

C:\Windows\System32\vkErHTx.exe

C:\Windows\System32\vkErHTx.exe

C:\Windows\System32\FMXKwNa.exe

C:\Windows\System32\FMXKwNa.exe

C:\Windows\System32\MVYkpXp.exe

C:\Windows\System32\MVYkpXp.exe

C:\Windows\System32\WOXLdCG.exe

C:\Windows\System32\WOXLdCG.exe

C:\Windows\System32\qlGxSHS.exe

C:\Windows\System32\qlGxSHS.exe

C:\Windows\System32\hrJrGaN.exe

C:\Windows\System32\hrJrGaN.exe

C:\Windows\System32\xjqfEvH.exe

C:\Windows\System32\xjqfEvH.exe

C:\Windows\System32\WdbJQHK.exe

C:\Windows\System32\WdbJQHK.exe

C:\Windows\System32\cKGQxXx.exe

C:\Windows\System32\cKGQxXx.exe

C:\Windows\System32\NedmSjP.exe

C:\Windows\System32\NedmSjP.exe

C:\Windows\System32\iuLvVeA.exe

C:\Windows\System32\iuLvVeA.exe

C:\Windows\System32\PJDMOSa.exe

C:\Windows\System32\PJDMOSa.exe

C:\Windows\System32\ONpEBZA.exe

C:\Windows\System32\ONpEBZA.exe

C:\Windows\System32\gcAyPHp.exe

C:\Windows\System32\gcAyPHp.exe

C:\Windows\System32\yWQKXdL.exe

C:\Windows\System32\yWQKXdL.exe

C:\Windows\System32\fNSwVbN.exe

C:\Windows\System32\fNSwVbN.exe

C:\Windows\System32\vuJxaUA.exe

C:\Windows\System32\vuJxaUA.exe

C:\Windows\System32\VXDdIEj.exe

C:\Windows\System32\VXDdIEj.exe

C:\Windows\System32\ILENYHF.exe

C:\Windows\System32\ILENYHF.exe

C:\Windows\System32\pGubSQe.exe

C:\Windows\System32\pGubSQe.exe

C:\Windows\System32\ElOOHVt.exe

C:\Windows\System32\ElOOHVt.exe

C:\Windows\System32\jUexOXD.exe

C:\Windows\System32\jUexOXD.exe

C:\Windows\System32\FdZHYqB.exe

C:\Windows\System32\FdZHYqB.exe

C:\Windows\System32\LNkwrZI.exe

C:\Windows\System32\LNkwrZI.exe

C:\Windows\System32\IdJhdrW.exe

C:\Windows\System32\IdJhdrW.exe

C:\Windows\System32\VGzFmIE.exe

C:\Windows\System32\VGzFmIE.exe

C:\Windows\System32\JRobSMR.exe

C:\Windows\System32\JRobSMR.exe

C:\Windows\System32\RFvVSPC.exe

C:\Windows\System32\RFvVSPC.exe

C:\Windows\System32\NkJHOpE.exe

C:\Windows\System32\NkJHOpE.exe

C:\Windows\System32\LisNWDL.exe

C:\Windows\System32\LisNWDL.exe

C:\Windows\System32\MgRJxrW.exe

C:\Windows\System32\MgRJxrW.exe

C:\Windows\System32\UtroUaO.exe

C:\Windows\System32\UtroUaO.exe

C:\Windows\System32\uBBRPSW.exe

C:\Windows\System32\uBBRPSW.exe

C:\Windows\System32\LdnZKbA.exe

C:\Windows\System32\LdnZKbA.exe

C:\Windows\System32\dZRLpyj.exe

C:\Windows\System32\dZRLpyj.exe

C:\Windows\System32\lWIqVEA.exe

C:\Windows\System32\lWIqVEA.exe

C:\Windows\System32\FlWPOEH.exe

C:\Windows\System32\FlWPOEH.exe

C:\Windows\System32\oiiIsYI.exe

C:\Windows\System32\oiiIsYI.exe

C:\Windows\System32\FERlzWc.exe

C:\Windows\System32\FERlzWc.exe

C:\Windows\System32\XOgosNE.exe

C:\Windows\System32\XOgosNE.exe

C:\Windows\System32\RjUKyfU.exe

C:\Windows\System32\RjUKyfU.exe

C:\Windows\System32\MMbUNow.exe

C:\Windows\System32\MMbUNow.exe

C:\Windows\System32\DhrkVkd.exe

C:\Windows\System32\DhrkVkd.exe

C:\Windows\System32\xEBftkh.exe

C:\Windows\System32\xEBftkh.exe

C:\Windows\System32\nOQrFia.exe

C:\Windows\System32\nOQrFia.exe

C:\Windows\System32\HDyQayw.exe

C:\Windows\System32\HDyQayw.exe

C:\Windows\System32\cnLFQjF.exe

C:\Windows\System32\cnLFQjF.exe

C:\Windows\System32\FjRermA.exe

C:\Windows\System32\FjRermA.exe

C:\Windows\System32\AaAWYEa.exe

C:\Windows\System32\AaAWYEa.exe

C:\Windows\System32\JDzoGpo.exe

C:\Windows\System32\JDzoGpo.exe

C:\Windows\System32\LCRfBRp.exe

C:\Windows\System32\LCRfBRp.exe

C:\Windows\System32\OTRcBpW.exe

C:\Windows\System32\OTRcBpW.exe

C:\Windows\System32\HmJPCon.exe

C:\Windows\System32\HmJPCon.exe

C:\Windows\System32\GuOxTmX.exe

C:\Windows\System32\GuOxTmX.exe

C:\Windows\System32\fNAxfUh.exe

C:\Windows\System32\fNAxfUh.exe

C:\Windows\System32\YkAUpbs.exe

C:\Windows\System32\YkAUpbs.exe

C:\Windows\System32\ywkTAYg.exe

C:\Windows\System32\ywkTAYg.exe

C:\Windows\System32\XUjLjMP.exe

C:\Windows\System32\XUjLjMP.exe

C:\Windows\System32\IIWAEFy.exe

C:\Windows\System32\IIWAEFy.exe

C:\Windows\System32\rhdBKLM.exe

C:\Windows\System32\rhdBKLM.exe

C:\Windows\System32\NLlpOXp.exe

C:\Windows\System32\NLlpOXp.exe

C:\Windows\System32\lkMaaGw.exe

C:\Windows\System32\lkMaaGw.exe

C:\Windows\System32\MiITuOH.exe

C:\Windows\System32\MiITuOH.exe

C:\Windows\System32\lgcZPye.exe

C:\Windows\System32\lgcZPye.exe

C:\Windows\System32\nsUwzIM.exe

C:\Windows\System32\nsUwzIM.exe

C:\Windows\System32\eJgBoEh.exe

C:\Windows\System32\eJgBoEh.exe

C:\Windows\System32\ooZdvoq.exe

C:\Windows\System32\ooZdvoq.exe

C:\Windows\System32\TUknfCc.exe

C:\Windows\System32\TUknfCc.exe

C:\Windows\System32\fjWuyoK.exe

C:\Windows\System32\fjWuyoK.exe

C:\Windows\System32\KidRBML.exe

C:\Windows\System32\KidRBML.exe

C:\Windows\System32\trJkJAw.exe

C:\Windows\System32\trJkJAw.exe

C:\Windows\System32\zMdPiOV.exe

C:\Windows\System32\zMdPiOV.exe

C:\Windows\System32\MaIjGpe.exe

C:\Windows\System32\MaIjGpe.exe

C:\Windows\System32\YZXHwlq.exe

C:\Windows\System32\YZXHwlq.exe

C:\Windows\System32\sAsNDCQ.exe

C:\Windows\System32\sAsNDCQ.exe

C:\Windows\System32\WMyXlJV.exe

C:\Windows\System32\WMyXlJV.exe

C:\Windows\System32\lRfmsdl.exe

C:\Windows\System32\lRfmsdl.exe

C:\Windows\System32\lmzJbct.exe

C:\Windows\System32\lmzJbct.exe

C:\Windows\System32\mYfDVoH.exe

C:\Windows\System32\mYfDVoH.exe

C:\Windows\System32\pFQctZw.exe

C:\Windows\System32\pFQctZw.exe

Network

N/A

Files

memory/2292-0-0x000000013F7A0000-0x000000013FB91000-memory.dmp

memory/2292-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\System32\GuyYXLB.exe

MD5 7d4b0846b6b574e1a5e47d8f4010e0d1
SHA1 70ccedcabc9844506b9a994ac6185c5c9c09835d
SHA256 49ceb989fc9d5219f5c16b9ad61164cb2609fa01bd2456ac3d02d27a467c7afb
SHA512 351b1a80aeb1658a4d10a6334f5d78e71d394ba6e59022662e560a8814793e1b2b8d0a2992ce932463f9b04ef91a99f144fd8fb17940a14bd30558be2b36c0a7

memory/2292-6-0x000000013FF80000-0x0000000140371000-memory.dmp

C:\Windows\System32\EMXdOWr.exe

MD5 02f62af2f7d845402e99c146254e7321
SHA1 1306f5009b0b859ba94b9c85fe90e6ad1fa3b8c2
SHA256 0d468bd884a8dcdaee7d1f24e2a1e203504e402c1faff97232c012632e3d5464
SHA512 6b5ed20d0db31de83877a7a0d04753e8a5f9c98958bd2873ff9d9ec3992ac5af45694b2ba91ae0a8b6b4f067ffe937897c6e4af8ee364dc63ac8590bbae44bba

memory/2292-14-0x000000013FD00000-0x00000001400F1000-memory.dmp

memory/2860-16-0x000000013FD00000-0x00000001400F1000-memory.dmp

memory/2296-8-0x000000013FF80000-0x0000000140371000-memory.dmp

C:\Windows\System32\LXcAopr.exe

MD5 b7e6fd20d9d424f06a14f9da1cb5b108
SHA1 b664787ee2b6a08b28d8bdca538ec1d5af89a7b6
SHA256 2c119ee71d17e30573fc166d16f423bc40421b69aaa813e08e953e1f17b4f463
SHA512 deb3e55d9d7eb87a5dfeceaba4feacc41b6e672b2d6ee3aad6e7e4e9760bae489c2ce95ab67d0f0f15a8dd8122c0da0ea40b2829e2bafc2e2f791663b149f916

memory/2568-22-0x000000013F980000-0x000000013FD71000-memory.dmp

\Windows\System32\beSqXMI.exe

MD5 c1948e3b8017b58d95dd371fb2539010
SHA1 9fd3477a0d27a4a5125de992063b0c6636b71777
SHA256 1025f62aacebf04c38c7f76a11aeed8f6a4198eafc637c4801d9ca8d0d60eb6b
SHA512 654be76515d88a7b559a5744d1cb7218bc23f7e246e8f0ac46c5a5c365e38e1eb40c5ef42b8b57c7de5ff25e009c00a29624cfa433f4df38fe93b39b81165bed

\Windows\System32\qClzXUs.exe

MD5 ab8d7d3296a968df8bebe7b1478f5dde
SHA1 9a081780209b374cce03b9dd1aee20f37828c7c2
SHA256 7025f0ee989e34b72e9d314b01dbbf103eff5778e900c6818e2143dc62e2ba86
SHA512 d432a9873579e274ef4460b5838c33cbb783bea508d9a2a2010f09b25635d4cd1c89388d24d12be255fcff183ce038a79ca709ae600295a53be028ebddb1c81a

C:\Windows\System32\mCNIUKx.exe

MD5 0c2d7ddf411d1729d821e8dae335d686
SHA1 375d80bc9cd88be46efad61f47e43b115f2dced2
SHA256 ee9fbe1511a5ef52ef0ecc56234b757130d635826a816004cab7ff699394df09
SHA512 e0f7e17db8e6d8d9594c8f98614086e04e00ad0ad2ce5f9c4b11ed525a80a2d5945859f8453259584f214a569b07876c6689d885ad5ec844eb703c45de0b7eb6

memory/2684-41-0x000000013FEF0000-0x00000001402E1000-memory.dmp

memory/2616-42-0x000000013FFF0000-0x00000001403E1000-memory.dmp

memory/2292-40-0x000000013FFF0000-0x00000001403E1000-memory.dmp

memory/2664-38-0x000000013F460000-0x000000013F851000-memory.dmp

memory/2292-29-0x0000000001E70000-0x0000000002261000-memory.dmp

\Windows\System32\nqLmBSE.exe

MD5 ca45694e02eb0fcdeb400e9314b11dad
SHA1 cdce615c2978dc42b20ece6f9f7cbbf4fb3e9cd5
SHA256 fcb187d6f5e1e2d6bcda29673ee58ef51fed7ef0c24cd676747911af5def4db9
SHA512 58873c65353970c2894274c019e9ca588eb5d4240a03e8774ed0235a49fa7aeca566c588c80231d95ce0c7d42397b587a84951b5c0fbe9834eab73eb9917b896

\Windows\System32\xmiMGDF.exe

MD5 561ad94518bdff7dea26201b835780cf
SHA1 9ce5899ebb55c29cc658d5c32ce9acd76feb796c
SHA256 ea9d96418f1f4cf27c2d66e90a882b2f953abd30034831104380984d58029b6d
SHA512 eea5ae9a6e95e162ed3cf079e5bc970036b88bce7ce5a36a9b739c41859ed8d59e280ab421f5f488145b5459fe270401545933f08b79f40cb675ed84ff74658a

memory/2292-54-0x000000013F7A0000-0x000000013FB91000-memory.dmp

memory/2948-56-0x000000013F940000-0x000000013FD31000-memory.dmp

memory/1728-52-0x000000013F0D0000-0x000000013F4C1000-memory.dmp

memory/2292-48-0x000000013F0D0000-0x000000013F4C1000-memory.dmp

\Windows\System32\TGYTTzp.exe

MD5 63504d3535dd07a116c4de2445738343
SHA1 909d305db5fa553803927bab3fb58c6b93374bb5
SHA256 6d433cf003922310047a5b6716130b0fc7b73be6889daf8f952df482bc14f814
SHA512 63257c05bb02c525ce3020aa74360ab07b314ab1356c11b0b3a5ca8fbb005b260275aa281ec25655ed9e90939912a06c2be37d75e80bc2f02a683e4bdfca0300

\Windows\System32\wLZCMiB.exe

MD5 f0f20c8f80c05a6a1106345ed253ebf8
SHA1 f88dd6ee85010b43cfde983d04e5ce48399a6264
SHA256 0c13f644a23cbd95fb2992ba1bdf9ebbafc109e2f13f0da4e0ef5fae802ea392
SHA512 fc9d975f2ba43fe995b1ce0abcce438ac343e3cd63ba3c4a06f92d8900786cdd2d132773a94d3e2de4b9d4c31500370f2a77dfa10819cb3baea87f7f1ef4192e

C:\Windows\System32\uUbvGSH.exe

MD5 4f891ceca6309034742b457401be323d
SHA1 d1d4fa4a4919565f6ca69a79bb03412a4d66fda9
SHA256 ca7781c81978ebba69142c41d09aabebb06d36d0b3dde9d49a6cb87fc97990bd
SHA512 6087158623cd503002274350ffc7fe5e295131629841e2cf1ccdec29c0b74ffa05756acf57f803a74f6fc240999762e272c8228a5058c4d43ad7bb77c7b0b3a5

memory/2292-94-0x000000013FDC0000-0x00000001401B1000-memory.dmp

memory/2292-86-0x0000000001E70000-0x0000000002261000-memory.dmp

C:\Windows\System32\jFnWayv.exe

MD5 7b887efc7dfa6ca5bf40906ea9d6e989
SHA1 1397efb56b19560e0b3a037822827d26e1e19a83
SHA256 666b86c836c35446752e2f19ddda43875417a23f4d9f4efddb91e79587cee0bb
SHA512 fd807e53b48c98ee890da70c59470862150ac9f11208131592a7fec28aea8f49ab6f91541864fc99bc2b09a726b9577e18d11a516b2a714c12143977879550ff

C:\Windows\System32\DAHtwvk.exe

MD5 0414c5e1df1271a16d87a6b658deb921
SHA1 fc6d0f4d0fb3e606c0a80132b6ec2cf41098d7e2
SHA256 7fe02e5000d95bfb648c88e99f07eebd5df752a24f6bcbe9313092aa25bbaad6
SHA512 556d44d08258349da4f3d86c42a4d3d01ab2cf9d96068b88aa3b70d4c4770e60fa5bb14a37b742bd3b78f6a6c75a04656f7581e384685773f9310f8feb2d86d3

C:\Windows\System32\lEpfTft.exe

MD5 32bfb8ffd02331e2fb130f77940d5ae5
SHA1 2cfc4da82c414631f20dbf2d4fd38e9254d6b740
SHA256 c7a16a16a1b782737538c4f0bdec918d18c813f097e778294e09cfa881f3c29f
SHA512 2497b702ea26f3e568c3b230728d7a8dfff208c12e04dce6f11ae72b9e4516bdeb4e70373cc922008b4a9406a81443f44b528a745efd08cf8c2ce65e6782d966

C:\Windows\System32\UaNCWBT.exe

MD5 e92e20d3c8ec35acd896a2c8a5de2a5b
SHA1 0e12de414823d7558ba8cbbc684ecd90e8036b71
SHA256 90ab59457b0a0daee4c23b1d06d8a3fb40cdf09b92a42c7cefd1bf6738d6311f
SHA512 3d290c5da33bb95bc6a1cfe633c12dee430c890a14ad4a967da0b55e5eb2a138b63a16e73c2d8aff90e19addf1b177a3e0c4b274cf0680df34209b6ed9431003

C:\Windows\System32\eZNzSnI.exe

MD5 07af99f8a7d066b980562af0ce311792
SHA1 20ea7ac592bccaad5737cef8345fe10f6605dac1
SHA256 12ba04c7d405aae92a052daeabe4d680d7d2d1791ccb45ef30a5c57578ea07d3
SHA512 10bc9d512443b0d18bd87094b22ee2d0dbbf37fdf35b4d0e0cb382dc42a87ed59106cac4ae08c58f139035191d3c2154a6a816b953fdc503e00af0164916fac2

C:\Windows\System32\UCzyrwe.exe

MD5 da0b760627485515fa68ee7093a47a04
SHA1 8b6d14a136f0d2e678c16dd989134b30a6e201c2
SHA256 6bcbb751a8dd052f7600a826416f66caa0c0519f3c89861d943309117b0b1ed6
SHA512 756b101ce8251dd7b3bfe790affef5b52f626506a749ee430b0c17c0a06fb1f2e60d19dc4e54963f3683d2dec23a28b949459bfd6b05bd993e80da543b15fdab

C:\Windows\System32\cHEFzcB.exe

MD5 0755cd65f0d4bbb434220766bc502c84
SHA1 620c7cc6f9e04a7c8a1a5dd119da949ca39f3238
SHA256 f00f7b3c01c64a5975bb17fef4dc3db9260f3a3df8d2ed046d65ec4952674f9a
SHA512 e10e65a16a10237876c75c626dc7fba57a730e58770bf2e3f27077dfd85ede0e265c0adc8934bdaa29ad1afeb885024d5a0fd9257d8ded8f239656a3c8f7cc19

C:\Windows\System32\vhQNKvJ.exe

MD5 68a04cc1513a1789562d37e764c13336
SHA1 a10ea61803f27c17ee23c08c321a802fca2e2251
SHA256 16f0641630e1b0d72a6518b1c696608073a4988068dafe4c51453603275e667e
SHA512 c263340132c500d1af392173d71db6a0b466f354003d3cfac738a1dc64319d6a84d0c5ac80a65b8b0f567f4a9e5b1d554414b47eb9743e048f658e7a039985a4

C:\Windows\System32\KfFoAxw.exe

MD5 72a58554c3c9841f137aa15ac0d2d4d6
SHA1 963b03e7073e7f8219c4d7b09ae3d17b0e53fa79
SHA256 f81b77c5d6aa8f8dec90c23ea07e129f5cfb58e9732c65dfd4ee69ba07fef72d
SHA512 5c0f1ef292a6c9f9aba41c0abaa3c18ebbdb9a5ba65f39591ed0fd97fbb81f291672f8d95c0ca5c2a2de553e0b30ad460393907d35399530a9e7d9b801367db3

C:\Windows\System32\IPswYha.exe

MD5 b5c4254d59659296a239ce40d9923d7c
SHA1 8385d55e677d7d570553b575698a7926802a7f3e
SHA256 8462eb5e05697f6f8960c94adcedd92d19d00c4624ee0d1efa0e986f54e46f5f
SHA512 7b21e0d905804d0355217dbcdb0c56f50ee5f543fe2f65917fe492e55a3087fc7b26136b8ac7abdfbf6992296b293168363f2c65c70897616575f52ff57e596a

C:\Windows\System32\wIWIIvH.exe

MD5 c4580af4ab4eb3e093ffbf4d1f417424
SHA1 275ad8765e2b668c7c855e63cb6e4f3d0ca738a2
SHA256 57ff99ebb18b4ae71b9b3ea0e8b27528d14f6a8b0a0372f907a104cacfa47f76
SHA512 b1e305ccb0dfe552dbc74dcbea1e9801e64fe11b471532f81ad7de9681e6bf30c336b0c5ada90766121bbce3eed68780e9e4f8309b783048fcbc57b197dc8f45

C:\Windows\System32\FswsAWN.exe

MD5 e3dae0883c89738db7cfb349afaf042c
SHA1 fbb08a505699bf656453ef482681e0baba730166
SHA256 b252b583f91739476f796b6173cb1d44784fca06f2eb3c11cd17627344fe2609
SHA512 f9aadbdfadeacc87f6f622ad003f326d977bae4a3a6ada8d724cb496e9ba1de2ad73e53990b6ed5aaecaed0e510b1a5d871f418e8f8bc1120bd125059d74f6bb

C:\Windows\System32\ACRUowU.exe

MD5 10ce791568a312dd30111e06f1e87ac9
SHA1 91922989274ac6c1a4deb3e37c882887426e3bab
SHA256 8d1598781d2f0f61cba041331d0d963ebca31869bb3f4162033b8c524e8cba0c
SHA512 2b588cc7b4af4f6afd8c251faf2e9d0f36cfa584ece1813d7d8d08e9d73fce4682acceb890ce377b6aed954147cb37cbc53c16a164fe9126c28033afc0d92508

C:\Windows\System32\rACbNPL.exe

MD5 47a1e33f2d6164c2faf7123fba148828
SHA1 ce76034483c0f20e7c1925030969ee0c1c7ddb84
SHA256 0a2f973bfc701b036d8a7b06727ade5cc03204f49563ed1aa77450dc769e4408
SHA512 2fa93746f747a68b7df4bfa9988217b6ad46f2928e8a2bc7835105a234eb6b89745fde5e037a62d6e2b28899f03ffb9dd38d20a5eccfeaad5f28154e20c69ade

C:\Windows\System32\ITHLhEp.exe

MD5 9971770bacfe87f23e207a4a0c644563
SHA1 99fd391aaa0536defc0b2348f39440a7f1ef4355
SHA256 aeeb7af047c3c06ab888e78056e4419b7ae63d31fa3183223795dc0de31c0a8d
SHA512 a79dcf8644784f0c7d988dd46cc17334d160872556df3e94a149911b667c96c6e967b21f98cda180238887a26be5081769f04321db405e39621069d8450752fa

C:\Windows\System32\LAReiqA.exe

MD5 7c534cb3ff3a951780d958471e9b71a1
SHA1 b0bfadd24d8ad4f266f61b2429e9ba18f2c30439
SHA256 52d6d877b563927fa1a92ac43dbc42b24ad35e7b8078f1db0e096b0e47fe4f89
SHA512 207e8036a27d7464607bc701539fa8d1bd61c3320ff0dedef25ed1d7df6c01b007dd6ea645579e08bc3a9d8954a455c7519a23bbe0a7fc36de5af1cf184ea29f

C:\Windows\System32\uKZLrdh.exe

MD5 d665868124931e1359194faa0b6ca708
SHA1 1b14f44e3baa4ca7e022419d6c84ebd229cfd613
SHA256 6d3ac7657a996c8213d40c474e4afc657d87014b7a021e0ca8ae8644f1bf23fb
SHA512 60230f9493d5bbb8a9bfceae6f643ae251f572fe11d46c6cc43ab3812aae3d83b9d9d7752169f0332037c83c7f89a30742a0eedf77bf5457cab28265c1a3b959

C:\Windows\System32\juGAead.exe

MD5 dc16fed8c06335691733c6d8e8214b26
SHA1 391a0f3b97481b7dfc988f4a350be440d42866ea
SHA256 39e4ed3d562495496b1c9ab7d1d13939d63af60b32a3c3d18f8eee5b0666b9ea
SHA512 07ed09f4a8e5a4e612ac1a40aba0d720a11739b7a1ef4938e8181b268ac6373dac8654ef3610b50231988e84486c811c347d1d5710d1f8453d236a551732bea8

\Windows\System32\PRoQSOI.exe

MD5 df2f3eb490221c49ced9a6963475fddc
SHA1 cd8293c4daeec918edfe1094c55cd747c5ebf66f
SHA256 2da236c02d07a5fbadf140bf6ff7cdd10928921b13df517dd9f0fa2ef9405b5d
SHA512 78f2320f85d7fd7045f41cfc9bcf1502c794795f0cc17d935e39faef78625073cf267ced22bad154e0a70dbd32587d7c0c68ec22f0753eb2b73b64daa854605a

memory/2860-75-0x000000013FD00000-0x00000001400F1000-memory.dmp

memory/2292-74-0x000000013FD00000-0x00000001400F1000-memory.dmp

memory/2292-93-0x0000000001E70000-0x0000000002261000-memory.dmp

C:\Windows\System32\FsbPXuA.exe

MD5 db9630d13c2ccac001a66b00418d2341
SHA1 3c299405fc91ed588cc57f2590528ee6a1875745
SHA256 8356fd23e6d610a5c001d7c4e275139ef8c9731fff3ceb0d3ac878ec6c61ba3c
SHA512 3f1273c51c471d28215b0e3a09d2d3b4b7aa8a843d8b233a6d7737b27de51597e0418efe548228abb37c6d5b103bc5d0d588ac5d85dbc633e1997c4491c0f09f

memory/2312-82-0x000000013FFC0000-0x00000001403B1000-memory.dmp

memory/2292-79-0x000000013FFC0000-0x00000001403B1000-memory.dmp

memory/1900-70-0x000000013FC90000-0x0000000140081000-memory.dmp

memory/2292-69-0x000000013FC90000-0x0000000140081000-memory.dmp

memory/2572-61-0x000000013F7D0000-0x000000013FBC1000-memory.dmp

memory/2296-67-0x000000013FF80000-0x0000000140371000-memory.dmp

C:\Windows\System32\UPZgcYw.exe

MD5 f0fac62e9662b242a091c59c9ff5ae52
SHA1 455df9bab0eed519592f3baec9fe06d69ad53e1e
SHA256 a3cdef98ec00a657307b596fec055778abfb2df372308805ac80343d9ead3393
SHA512 b2f0d8a772fb6df49b635dcb66ba2f2cac804be5d920b4e24248588f7c7d899dea7ca787b3ea8388f81f4a615924f9fc0e5b886cfe073c7fb5d0faf1cc5b4282

memory/1728-1094-0x000000013F0D0000-0x000000013F4C1000-memory.dmp

memory/2292-1620-0x0000000001E70000-0x0000000002261000-memory.dmp

memory/2948-1978-0x000000013F940000-0x000000013FD31000-memory.dmp

memory/2572-2253-0x000000013F7D0000-0x000000013FBC1000-memory.dmp

memory/2292-2251-0x0000000001E70000-0x0000000002261000-memory.dmp

memory/2292-2807-0x000000013FFC0000-0x00000001403B1000-memory.dmp

memory/2292-2806-0x000000013FC90000-0x0000000140081000-memory.dmp

memory/2292-3838-0x000000013F7A0000-0x000000013FB91000-memory.dmp

memory/2296-3842-0x000000013FF80000-0x0000000140371000-memory.dmp

memory/2860-3844-0x000000013FD00000-0x00000001400F1000-memory.dmp

memory/2568-3846-0x000000013F980000-0x000000013FD71000-memory.dmp

memory/2664-3848-0x000000013F460000-0x000000013F851000-memory.dmp

memory/2684-3852-0x000000013FEF0000-0x00000001402E1000-memory.dmp

memory/2616-3851-0x000000013FFF0000-0x00000001403E1000-memory.dmp

memory/1728-3854-0x000000013F0D0000-0x000000013F4C1000-memory.dmp

memory/2948-3856-0x000000013F940000-0x000000013FD31000-memory.dmp

memory/2572-3880-0x000000013F7D0000-0x000000013FBC1000-memory.dmp

memory/1900-3882-0x000000013FC90000-0x0000000140081000-memory.dmp

memory/2312-3884-0x000000013FFC0000-0x00000001403B1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 16:04

Reported

2024-05-25 16:06

Platform

win10v2004-20240508-en

Max time kernel

66s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System32\MHurAFe.exe N/A
N/A N/A C:\Windows\System32\leLdShV.exe N/A
N/A N/A C:\Windows\System32\VGmKWKy.exe N/A
N/A N/A C:\Windows\System32\bdaTMPf.exe N/A
N/A N/A C:\Windows\System32\XMfpObp.exe N/A
N/A N/A C:\Windows\System32\zdWkwSV.exe N/A
N/A N/A C:\Windows\System32\zEyzdqP.exe N/A
N/A N/A C:\Windows\System32\qIMMBPw.exe N/A
N/A N/A C:\Windows\System32\XTQxgjl.exe N/A
N/A N/A C:\Windows\System32\AYIFugC.exe N/A
N/A N/A C:\Windows\System32\FYnFFcq.exe N/A
N/A N/A C:\Windows\System32\oDQbgqa.exe N/A
N/A N/A C:\Windows\System32\UhcnPZg.exe N/A
N/A N/A C:\Windows\System32\qfmFads.exe N/A
N/A N/A C:\Windows\System32\ZKIRRTG.exe N/A
N/A N/A C:\Windows\System32\JxbIAlj.exe N/A
N/A N/A C:\Windows\System32\tBkEihK.exe N/A
N/A N/A C:\Windows\System32\pDbKIaA.exe N/A
N/A N/A C:\Windows\System32\VHCBCBB.exe N/A
N/A N/A C:\Windows\System32\nnXTaxr.exe N/A
N/A N/A C:\Windows\System32\XphOEKK.exe N/A
N/A N/A C:\Windows\System32\lYbjcHq.exe N/A
N/A N/A C:\Windows\System32\HeeOFoJ.exe N/A
N/A N/A C:\Windows\System32\tuTHlyb.exe N/A
N/A N/A C:\Windows\System32\dBTUIcZ.exe N/A
N/A N/A C:\Windows\System32\CqgaXGt.exe N/A
N/A N/A C:\Windows\System32\SqvEWpM.exe N/A
N/A N/A C:\Windows\System32\iLsEOta.exe N/A
N/A N/A C:\Windows\System32\ZHKTRsD.exe N/A
N/A N/A C:\Windows\System32\fNjAiMY.exe N/A
N/A N/A C:\Windows\System32\IdoqAFv.exe N/A
N/A N/A C:\Windows\System32\JtNVOOc.exe N/A
N/A N/A C:\Windows\System32\jVURmcc.exe N/A
N/A N/A C:\Windows\System32\KCehYSg.exe N/A
N/A N/A C:\Windows\System32\ZSXIQFV.exe N/A
N/A N/A C:\Windows\System32\beJpgBM.exe N/A
N/A N/A C:\Windows\System32\lMgIVpf.exe N/A
N/A N/A C:\Windows\System32\gXPFRHw.exe N/A
N/A N/A C:\Windows\System32\BaZTvTK.exe N/A
N/A N/A C:\Windows\System32\Xjawaml.exe N/A
N/A N/A C:\Windows\System32\gbpfNLg.exe N/A
N/A N/A C:\Windows\System32\AVYFzEv.exe N/A
N/A N/A C:\Windows\System32\KCouTbS.exe N/A
N/A N/A C:\Windows\System32\zYQmEeL.exe N/A
N/A N/A C:\Windows\System32\VRDDQjo.exe N/A
N/A N/A C:\Windows\System32\FIWMnNT.exe N/A
N/A N/A C:\Windows\System32\wPZfVkd.exe N/A
N/A N/A C:\Windows\System32\ckSGfZl.exe N/A
N/A N/A C:\Windows\System32\geKsLQN.exe N/A
N/A N/A C:\Windows\System32\xMHYInd.exe N/A
N/A N/A C:\Windows\System32\aNEdwsY.exe N/A
N/A N/A C:\Windows\System32\EwugPAC.exe N/A
N/A N/A C:\Windows\System32\gYeYdQp.exe N/A
N/A N/A C:\Windows\System32\nRraWOF.exe N/A
N/A N/A C:\Windows\System32\zAiKMqB.exe N/A
N/A N/A C:\Windows\System32\KumWyAO.exe N/A
N/A N/A C:\Windows\System32\lMiNDWo.exe N/A
N/A N/A C:\Windows\System32\gNEVpRe.exe N/A
N/A N/A C:\Windows\System32\RKnUWUN.exe N/A
N/A N/A C:\Windows\System32\nHmZAvW.exe N/A
N/A N/A C:\Windows\System32\WQOliRK.exe N/A
N/A N/A C:\Windows\System32\LwWDPUt.exe N/A
N/A N/A C:\Windows\System32\jtEdcTS.exe N/A
N/A N/A C:\Windows\System32\aaNqnyw.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\oiHtxvc.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\JyKTOlq.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\smnyIDW.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\AdjHsur.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\rJIPFyJ.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\OQZkZAy.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\NmVjOre.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\VorWfWN.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\NTvPmnN.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\FSzAglM.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\udXHiQt.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\wlGvhhD.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\hepsOfX.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\AlKRQnh.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\QVKUSux.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\JXjlWRB.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\kSQGosL.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\Gylnglj.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\bBASRUu.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\KdROcaf.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\mXxILjw.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\tauMLiE.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\BekAyta.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\VHBRnDI.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ogYQiTw.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\EOgQVKx.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\HrhCxbi.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\DjcnVKj.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\FbpTtvK.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\cawqurU.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\okqSrzh.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\UiGhTDM.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\cAGLTwF.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\GtDCwxU.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\zLeyabd.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\LfIRBvi.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\IKuMBXF.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\rPHBBAX.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ujmTOMh.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\qhZVKKB.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\CwVpRFU.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\IEsrXIx.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\wvArsfI.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\VdXQgXM.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\JJQQtAg.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\fqkaIqG.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\DDSSlSq.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\eQoNzjA.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\zRtZipa.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\VZEHmiU.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\qjOQuRS.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\qIMMBPw.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ljNTtHo.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ktNHmDL.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\AOOzhTs.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\uPsyLxt.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\axHdHuN.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\XdniOon.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\cfMWzaf.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\BDqyGJa.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\uGzYIoy.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\zOXnrGF.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\KRBixGP.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A
File created C:\Windows\System32\psrvevC.exe C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{2C65DB9C-9DF5-4BCF-8CD9-0729F248190B} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{0E4CA57D-BA1D-4573-B6D2-CEB2CDC73F0A} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{3AA6647E-973C-4296-A61D-5BD0A0CBA2D0} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: 33 N/A C:\Windows\system32\dwm.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\dwm.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4520 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\MHurAFe.exe
PID 4520 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\MHurAFe.exe
PID 4520 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\leLdShV.exe
PID 4520 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\leLdShV.exe
PID 4520 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\VGmKWKy.exe
PID 4520 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\VGmKWKy.exe
PID 4520 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\bdaTMPf.exe
PID 4520 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\bdaTMPf.exe
PID 4520 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\XMfpObp.exe
PID 4520 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\XMfpObp.exe
PID 4520 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\zdWkwSV.exe
PID 4520 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\zdWkwSV.exe
PID 4520 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\zEyzdqP.exe
PID 4520 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\zEyzdqP.exe
PID 4520 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\qIMMBPw.exe
PID 4520 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\qIMMBPw.exe
PID 4520 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\XTQxgjl.exe
PID 4520 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\XTQxgjl.exe
PID 4520 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\AYIFugC.exe
PID 4520 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\AYIFugC.exe
PID 4520 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\FYnFFcq.exe
PID 4520 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\FYnFFcq.exe
PID 4520 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\oDQbgqa.exe
PID 4520 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\oDQbgqa.exe
PID 4520 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\UhcnPZg.exe
PID 4520 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\UhcnPZg.exe
PID 4520 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\qfmFads.exe
PID 4520 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\qfmFads.exe
PID 4520 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ZKIRRTG.exe
PID 4520 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ZKIRRTG.exe
PID 4520 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\JxbIAlj.exe
PID 4520 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\JxbIAlj.exe
PID 4520 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\tBkEihK.exe
PID 4520 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\tBkEihK.exe
PID 4520 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\pDbKIaA.exe
PID 4520 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\pDbKIaA.exe
PID 4520 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\VHCBCBB.exe
PID 4520 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\VHCBCBB.exe
PID 4520 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\nnXTaxr.exe
PID 4520 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\nnXTaxr.exe
PID 4520 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\XphOEKK.exe
PID 4520 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\XphOEKK.exe
PID 4520 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\lYbjcHq.exe
PID 4520 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\lYbjcHq.exe
PID 4520 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\HeeOFoJ.exe
PID 4520 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\HeeOFoJ.exe
PID 4520 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\tuTHlyb.exe
PID 4520 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\tuTHlyb.exe
PID 4520 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\dBTUIcZ.exe
PID 4520 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\dBTUIcZ.exe
PID 4520 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\CqgaXGt.exe
PID 4520 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\CqgaXGt.exe
PID 4520 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\SqvEWpM.exe
PID 4520 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\SqvEWpM.exe
PID 4520 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\iLsEOta.exe
PID 4520 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\iLsEOta.exe
PID 4520 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ZHKTRsD.exe
PID 4520 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\ZHKTRsD.exe
PID 4520 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\fNjAiMY.exe
PID 4520 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\fNjAiMY.exe
PID 4520 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\IdoqAFv.exe
PID 4520 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\IdoqAFv.exe
PID 4520 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\JtNVOOc.exe
PID 4520 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe C:\Windows\System32\JtNVOOc.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\f5d09ed55bf9a6491a92e6efbe8d5680_NeikiAnalytics.exe"

C:\Windows\System32\MHurAFe.exe

C:\Windows\System32\MHurAFe.exe

C:\Windows\System32\leLdShV.exe

C:\Windows\System32\leLdShV.exe

C:\Windows\System32\VGmKWKy.exe

C:\Windows\System32\VGmKWKy.exe

C:\Windows\System32\bdaTMPf.exe

C:\Windows\System32\bdaTMPf.exe

C:\Windows\System32\XMfpObp.exe

C:\Windows\System32\XMfpObp.exe

C:\Windows\System32\zdWkwSV.exe

C:\Windows\System32\zdWkwSV.exe

C:\Windows\System32\zEyzdqP.exe

C:\Windows\System32\zEyzdqP.exe

C:\Windows\System32\qIMMBPw.exe

C:\Windows\System32\qIMMBPw.exe

C:\Windows\System32\XTQxgjl.exe

C:\Windows\System32\XTQxgjl.exe

C:\Windows\System32\AYIFugC.exe

C:\Windows\System32\AYIFugC.exe

C:\Windows\System32\FYnFFcq.exe

C:\Windows\System32\FYnFFcq.exe

C:\Windows\System32\oDQbgqa.exe

C:\Windows\System32\oDQbgqa.exe

C:\Windows\System32\UhcnPZg.exe

C:\Windows\System32\UhcnPZg.exe

C:\Windows\System32\qfmFads.exe

C:\Windows\System32\qfmFads.exe

C:\Windows\System32\ZKIRRTG.exe

C:\Windows\System32\ZKIRRTG.exe

C:\Windows\System32\JxbIAlj.exe

C:\Windows\System32\JxbIAlj.exe

C:\Windows\System32\tBkEihK.exe

C:\Windows\System32\tBkEihK.exe

C:\Windows\System32\pDbKIaA.exe

C:\Windows\System32\pDbKIaA.exe

C:\Windows\System32\VHCBCBB.exe

C:\Windows\System32\VHCBCBB.exe

C:\Windows\System32\nnXTaxr.exe

C:\Windows\System32\nnXTaxr.exe

C:\Windows\System32\XphOEKK.exe

C:\Windows\System32\XphOEKK.exe

C:\Windows\System32\lYbjcHq.exe

C:\Windows\System32\lYbjcHq.exe

C:\Windows\System32\HeeOFoJ.exe

C:\Windows\System32\HeeOFoJ.exe

C:\Windows\System32\tuTHlyb.exe

C:\Windows\System32\tuTHlyb.exe

C:\Windows\System32\dBTUIcZ.exe

C:\Windows\System32\dBTUIcZ.exe

C:\Windows\System32\CqgaXGt.exe

C:\Windows\System32\CqgaXGt.exe

C:\Windows\System32\SqvEWpM.exe

C:\Windows\System32\SqvEWpM.exe

C:\Windows\System32\iLsEOta.exe

C:\Windows\System32\iLsEOta.exe

C:\Windows\System32\ZHKTRsD.exe

C:\Windows\System32\ZHKTRsD.exe

C:\Windows\System32\fNjAiMY.exe

C:\Windows\System32\fNjAiMY.exe

C:\Windows\System32\IdoqAFv.exe

C:\Windows\System32\IdoqAFv.exe

C:\Windows\System32\JtNVOOc.exe

C:\Windows\System32\JtNVOOc.exe

C:\Windows\System32\jVURmcc.exe

C:\Windows\System32\jVURmcc.exe

C:\Windows\System32\KCehYSg.exe

C:\Windows\System32\KCehYSg.exe

C:\Windows\System32\ZSXIQFV.exe

C:\Windows\System32\ZSXIQFV.exe

C:\Windows\System32\beJpgBM.exe

C:\Windows\System32\beJpgBM.exe

C:\Windows\System32\lMgIVpf.exe

C:\Windows\System32\lMgIVpf.exe

C:\Windows\System32\gXPFRHw.exe

C:\Windows\System32\gXPFRHw.exe

C:\Windows\System32\BaZTvTK.exe

C:\Windows\System32\BaZTvTK.exe

C:\Windows\System32\Xjawaml.exe

C:\Windows\System32\Xjawaml.exe

C:\Windows\System32\gbpfNLg.exe

C:\Windows\System32\gbpfNLg.exe

C:\Windows\System32\AVYFzEv.exe

C:\Windows\System32\AVYFzEv.exe

C:\Windows\System32\KCouTbS.exe

C:\Windows\System32\KCouTbS.exe

C:\Windows\System32\zYQmEeL.exe

C:\Windows\System32\zYQmEeL.exe

C:\Windows\System32\VRDDQjo.exe

C:\Windows\System32\VRDDQjo.exe

C:\Windows\System32\FIWMnNT.exe

C:\Windows\System32\FIWMnNT.exe

C:\Windows\System32\wPZfVkd.exe

C:\Windows\System32\wPZfVkd.exe

C:\Windows\System32\ckSGfZl.exe

C:\Windows\System32\ckSGfZl.exe

C:\Windows\System32\geKsLQN.exe

C:\Windows\System32\geKsLQN.exe

C:\Windows\System32\xMHYInd.exe

C:\Windows\System32\xMHYInd.exe

C:\Windows\System32\aNEdwsY.exe

C:\Windows\System32\aNEdwsY.exe

C:\Windows\System32\EwugPAC.exe

C:\Windows\System32\EwugPAC.exe

C:\Windows\System32\gYeYdQp.exe

C:\Windows\System32\gYeYdQp.exe

C:\Windows\System32\nRraWOF.exe

C:\Windows\System32\nRraWOF.exe

C:\Windows\System32\zAiKMqB.exe

C:\Windows\System32\zAiKMqB.exe

C:\Windows\System32\KumWyAO.exe

C:\Windows\System32\KumWyAO.exe

C:\Windows\System32\lMiNDWo.exe

C:\Windows\System32\lMiNDWo.exe

C:\Windows\System32\gNEVpRe.exe

C:\Windows\System32\gNEVpRe.exe

C:\Windows\System32\RKnUWUN.exe

C:\Windows\System32\RKnUWUN.exe

C:\Windows\System32\nHmZAvW.exe

C:\Windows\System32\nHmZAvW.exe

C:\Windows\System32\WQOliRK.exe

C:\Windows\System32\WQOliRK.exe

C:\Windows\System32\LwWDPUt.exe

C:\Windows\System32\LwWDPUt.exe

C:\Windows\System32\jtEdcTS.exe

C:\Windows\System32\jtEdcTS.exe

C:\Windows\System32\aaNqnyw.exe

C:\Windows\System32\aaNqnyw.exe

C:\Windows\System32\YrHXnOF.exe

C:\Windows\System32\YrHXnOF.exe

C:\Windows\System32\bWztsAn.exe

C:\Windows\System32\bWztsAn.exe

C:\Windows\System32\udmqxfS.exe

C:\Windows\System32\udmqxfS.exe

C:\Windows\System32\FSzAglM.exe

C:\Windows\System32\FSzAglM.exe

C:\Windows\System32\ejqOqFk.exe

C:\Windows\System32\ejqOqFk.exe

C:\Windows\System32\cwYPngZ.exe

C:\Windows\System32\cwYPngZ.exe

C:\Windows\System32\phAiNbb.exe

C:\Windows\System32\phAiNbb.exe

C:\Windows\System32\GXxnRLF.exe

C:\Windows\System32\GXxnRLF.exe

C:\Windows\System32\EjLXvHv.exe

C:\Windows\System32\EjLXvHv.exe

C:\Windows\System32\mbUrAYB.exe

C:\Windows\System32\mbUrAYB.exe

C:\Windows\System32\CbuPTIa.exe

C:\Windows\System32\CbuPTIa.exe

C:\Windows\System32\eWzzTgS.exe

C:\Windows\System32\eWzzTgS.exe

C:\Windows\System32\PMdCdIO.exe

C:\Windows\System32\PMdCdIO.exe

C:\Windows\System32\vZuzVhq.exe

C:\Windows\System32\vZuzVhq.exe

C:\Windows\System32\CNbTzZo.exe

C:\Windows\System32\CNbTzZo.exe

C:\Windows\System32\HqsxiZp.exe

C:\Windows\System32\HqsxiZp.exe

C:\Windows\System32\PxGWfRQ.exe

C:\Windows\System32\PxGWfRQ.exe

C:\Windows\System32\caTQOCs.exe

C:\Windows\System32\caTQOCs.exe

C:\Windows\System32\pYbDrha.exe

C:\Windows\System32\pYbDrha.exe

C:\Windows\System32\NOsPhZK.exe

C:\Windows\System32\NOsPhZK.exe

C:\Windows\System32\rUTErsW.exe

C:\Windows\System32\rUTErsW.exe

C:\Windows\System32\NGSzxil.exe

C:\Windows\System32\NGSzxil.exe

C:\Windows\System32\lHSeoHi.exe

C:\Windows\System32\lHSeoHi.exe

C:\Windows\System32\aNzMeeq.exe

C:\Windows\System32\aNzMeeq.exe

C:\Windows\System32\FaIAiVQ.exe

C:\Windows\System32\FaIAiVQ.exe

C:\Windows\System32\eeJuyUj.exe

C:\Windows\System32\eeJuyUj.exe

C:\Windows\System32\mXmxtbX.exe

C:\Windows\System32\mXmxtbX.exe

C:\Windows\System32\cLZisxj.exe

C:\Windows\System32\cLZisxj.exe

C:\Windows\System32\NqGYvIb.exe

C:\Windows\System32\NqGYvIb.exe

C:\Windows\System32\cxAJHqD.exe

C:\Windows\System32\cxAJHqD.exe

C:\Windows\System32\LnEVMfk.exe

C:\Windows\System32\LnEVMfk.exe

C:\Windows\System32\TgSGOtM.exe

C:\Windows\System32\TgSGOtM.exe

C:\Windows\System32\yndlRLU.exe

C:\Windows\System32\yndlRLU.exe

C:\Windows\System32\EsXusFo.exe

C:\Windows\System32\EsXusFo.exe

C:\Windows\System32\XPQElmL.exe

C:\Windows\System32\XPQElmL.exe

C:\Windows\System32\gseuZhT.exe

C:\Windows\System32\gseuZhT.exe

C:\Windows\System32\jXaEVIR.exe

C:\Windows\System32\jXaEVIR.exe

C:\Windows\System32\toysJwg.exe

C:\Windows\System32\toysJwg.exe

C:\Windows\System32\JyKTOlq.exe

C:\Windows\System32\JyKTOlq.exe

C:\Windows\System32\DYQpJRr.exe

C:\Windows\System32\DYQpJRr.exe

C:\Windows\System32\SviPrTZ.exe

C:\Windows\System32\SviPrTZ.exe

C:\Windows\System32\JcvSoJh.exe

C:\Windows\System32\JcvSoJh.exe

C:\Windows\System32\WGaTRQv.exe

C:\Windows\System32\WGaTRQv.exe

C:\Windows\System32\TytbKxT.exe

C:\Windows\System32\TytbKxT.exe

C:\Windows\System32\IOJzUGE.exe

C:\Windows\System32\IOJzUGE.exe

C:\Windows\System32\QqPsBKc.exe

C:\Windows\System32\QqPsBKc.exe

C:\Windows\System32\QMgBQIU.exe

C:\Windows\System32\QMgBQIU.exe

C:\Windows\System32\kJONdKk.exe

C:\Windows\System32\kJONdKk.exe

C:\Windows\System32\WbwlsUY.exe

C:\Windows\System32\WbwlsUY.exe

C:\Windows\System32\hOoLgDD.exe

C:\Windows\System32\hOoLgDD.exe

C:\Windows\System32\DEDYynW.exe

C:\Windows\System32\DEDYynW.exe

C:\Windows\System32\ukjoSDu.exe

C:\Windows\System32\ukjoSDu.exe

C:\Windows\System32\zvLtMTQ.exe

C:\Windows\System32\zvLtMTQ.exe

C:\Windows\System32\adnWLHt.exe

C:\Windows\System32\adnWLHt.exe

C:\Windows\System32\SdUcJUW.exe

C:\Windows\System32\SdUcJUW.exe

C:\Windows\System32\vvDAwYf.exe

C:\Windows\System32\vvDAwYf.exe

C:\Windows\System32\bVlegzd.exe

C:\Windows\System32\bVlegzd.exe

C:\Windows\System32\DJnoQFQ.exe

C:\Windows\System32\DJnoQFQ.exe

C:\Windows\System32\bXJXQPg.exe

C:\Windows\System32\bXJXQPg.exe

C:\Windows\System32\bKhAdXH.exe

C:\Windows\System32\bKhAdXH.exe

C:\Windows\System32\TFQGmlk.exe

C:\Windows\System32\TFQGmlk.exe

C:\Windows\System32\CXKGfeq.exe

C:\Windows\System32\CXKGfeq.exe

C:\Windows\System32\qVcQNXZ.exe

C:\Windows\System32\qVcQNXZ.exe

C:\Windows\System32\HKECrzY.exe

C:\Windows\System32\HKECrzY.exe

C:\Windows\System32\uZzXsXF.exe

C:\Windows\System32\uZzXsXF.exe

C:\Windows\System32\OWVLSOW.exe

C:\Windows\System32\OWVLSOW.exe

C:\Windows\System32\cZkqDwa.exe

C:\Windows\System32\cZkqDwa.exe

C:\Windows\System32\qJlJtcE.exe

C:\Windows\System32\qJlJtcE.exe

C:\Windows\System32\jmrhuym.exe

C:\Windows\System32\jmrhuym.exe

C:\Windows\System32\QmzRADG.exe

C:\Windows\System32\QmzRADG.exe

C:\Windows\System32\SgTwndW.exe

C:\Windows\System32\SgTwndW.exe

C:\Windows\System32\DKXNdNB.exe

C:\Windows\System32\DKXNdNB.exe

C:\Windows\System32\gOWksjn.exe

C:\Windows\System32\gOWksjn.exe

C:\Windows\System32\aaeiwjs.exe

C:\Windows\System32\aaeiwjs.exe

C:\Windows\System32\JbfDtXX.exe

C:\Windows\System32\JbfDtXX.exe

C:\Windows\System32\sIbnwbh.exe

C:\Windows\System32\sIbnwbh.exe

C:\Windows\System32\SLgvunY.exe

C:\Windows\System32\SLgvunY.exe

C:\Windows\System32\DDSSlSq.exe

C:\Windows\System32\DDSSlSq.exe

C:\Windows\System32\qLmhTUB.exe

C:\Windows\System32\qLmhTUB.exe

C:\Windows\System32\OXErvMQ.exe

C:\Windows\System32\OXErvMQ.exe

C:\Windows\System32\wvArsfI.exe

C:\Windows\System32\wvArsfI.exe

C:\Windows\System32\UnFPTtk.exe

C:\Windows\System32\UnFPTtk.exe

C:\Windows\System32\rSroroS.exe

C:\Windows\System32\rSroroS.exe

C:\Windows\System32\DjcnVKj.exe

C:\Windows\System32\DjcnVKj.exe

C:\Windows\System32\YDeDRMR.exe

C:\Windows\System32\YDeDRMR.exe

C:\Windows\System32\UYdCLKe.exe

C:\Windows\System32\UYdCLKe.exe

C:\Windows\System32\OzPmYCJ.exe

C:\Windows\System32\OzPmYCJ.exe

C:\Windows\System32\wECDhFQ.exe

C:\Windows\System32\wECDhFQ.exe

C:\Windows\System32\VWRvdGQ.exe

C:\Windows\System32\VWRvdGQ.exe

C:\Windows\System32\IivkDMt.exe

C:\Windows\System32\IivkDMt.exe

C:\Windows\System32\iQLXnLP.exe

C:\Windows\System32\iQLXnLP.exe

C:\Windows\System32\hFOTHhO.exe

C:\Windows\System32\hFOTHhO.exe

C:\Windows\System32\OptLtPP.exe

C:\Windows\System32\OptLtPP.exe

C:\Windows\System32\sWulGAn.exe

C:\Windows\System32\sWulGAn.exe

C:\Windows\System32\aRMjtKs.exe

C:\Windows\System32\aRMjtKs.exe

C:\Windows\System32\qlQtCor.exe

C:\Windows\System32\qlQtCor.exe

C:\Windows\System32\AeqZSuF.exe

C:\Windows\System32\AeqZSuF.exe

C:\Windows\System32\IvyNDWc.exe

C:\Windows\System32\IvyNDWc.exe

C:\Windows\System32\qpfhIxS.exe

C:\Windows\System32\qpfhIxS.exe

C:\Windows\System32\JdAPymo.exe

C:\Windows\System32\JdAPymo.exe

C:\Windows\System32\bYaukug.exe

C:\Windows\System32\bYaukug.exe

C:\Windows\System32\cfMWzaf.exe

C:\Windows\System32\cfMWzaf.exe

C:\Windows\System32\fQXTObQ.exe

C:\Windows\System32\fQXTObQ.exe

C:\Windows\System32\NRIPmre.exe

C:\Windows\System32\NRIPmre.exe

C:\Windows\System32\ctPqHjN.exe

C:\Windows\System32\ctPqHjN.exe

C:\Windows\System32\nUcwFSk.exe

C:\Windows\System32\nUcwFSk.exe

C:\Windows\System32\PiaGeAT.exe

C:\Windows\System32\PiaGeAT.exe

C:\Windows\System32\qbHNCop.exe

C:\Windows\System32\qbHNCop.exe

C:\Windows\System32\VHBRnDI.exe

C:\Windows\System32\VHBRnDI.exe

C:\Windows\System32\mXxILjw.exe

C:\Windows\System32\mXxILjw.exe

C:\Windows\System32\krDGxFy.exe

C:\Windows\System32\krDGxFy.exe

C:\Windows\System32\JSVitHH.exe

C:\Windows\System32\JSVitHH.exe

C:\Windows\System32\zLeyabd.exe

C:\Windows\System32\zLeyabd.exe

C:\Windows\System32\udXHiQt.exe

C:\Windows\System32\udXHiQt.exe

C:\Windows\System32\JwvFoRh.exe

C:\Windows\System32\JwvFoRh.exe

C:\Windows\System32\zOXnrGF.exe

C:\Windows\System32\zOXnrGF.exe

C:\Windows\System32\CexrNNs.exe

C:\Windows\System32\CexrNNs.exe

C:\Windows\System32\tzGleto.exe

C:\Windows\System32\tzGleto.exe

C:\Windows\System32\wQjaUww.exe

C:\Windows\System32\wQjaUww.exe

C:\Windows\System32\KcHvtGb.exe

C:\Windows\System32\KcHvtGb.exe

C:\Windows\System32\MsUfRst.exe

C:\Windows\System32\MsUfRst.exe

C:\Windows\System32\EWVsNOW.exe

C:\Windows\System32\EWVsNOW.exe

C:\Windows\System32\mIhUCkU.exe

C:\Windows\System32\mIhUCkU.exe

C:\Windows\System32\ebYQXjR.exe

C:\Windows\System32\ebYQXjR.exe

C:\Windows\System32\smnyIDW.exe

C:\Windows\System32\smnyIDW.exe

C:\Windows\System32\jUdIQsm.exe

C:\Windows\System32\jUdIQsm.exe

C:\Windows\System32\VswOSMW.exe

C:\Windows\System32\VswOSMW.exe

C:\Windows\System32\UOFjODT.exe

C:\Windows\System32\UOFjODT.exe

C:\Windows\System32\YmYrJdI.exe

C:\Windows\System32\YmYrJdI.exe

C:\Windows\System32\uTebSyo.exe

C:\Windows\System32\uTebSyo.exe

C:\Windows\System32\YpohcyO.exe

C:\Windows\System32\YpohcyO.exe

C:\Windows\System32\xbXVXbC.exe

C:\Windows\System32\xbXVXbC.exe

C:\Windows\System32\lzPSkJF.exe

C:\Windows\System32\lzPSkJF.exe

C:\Windows\System32\nCVLaTG.exe

C:\Windows\System32\nCVLaTG.exe

C:\Windows\System32\yCSeJTj.exe

C:\Windows\System32\yCSeJTj.exe

C:\Windows\System32\FhkjkiO.exe

C:\Windows\System32\FhkjkiO.exe

C:\Windows\System32\KkhBKMm.exe

C:\Windows\System32\KkhBKMm.exe

C:\Windows\System32\yCuskVb.exe

C:\Windows\System32\yCuskVb.exe

C:\Windows\System32\EPCMVkI.exe

C:\Windows\System32\EPCMVkI.exe

C:\Windows\System32\wYuiyPO.exe

C:\Windows\System32\wYuiyPO.exe

C:\Windows\System32\LvReXnO.exe

C:\Windows\System32\LvReXnO.exe

C:\Windows\System32\vPxInoZ.exe

C:\Windows\System32\vPxInoZ.exe

C:\Windows\System32\qvZCQYf.exe

C:\Windows\System32\qvZCQYf.exe

C:\Windows\System32\GJmTfGP.exe

C:\Windows\System32\GJmTfGP.exe

C:\Windows\System32\hoOXHxX.exe

C:\Windows\System32\hoOXHxX.exe

C:\Windows\System32\SMRRPWl.exe

C:\Windows\System32\SMRRPWl.exe

C:\Windows\System32\WsUxKdG.exe

C:\Windows\System32\WsUxKdG.exe

C:\Windows\System32\XelKbvP.exe

C:\Windows\System32\XelKbvP.exe

C:\Windows\System32\CWgEeDR.exe

C:\Windows\System32\CWgEeDR.exe

C:\Windows\System32\Vclpuqa.exe

C:\Windows\System32\Vclpuqa.exe

C:\Windows\System32\OpEaRaC.exe

C:\Windows\System32\OpEaRaC.exe

C:\Windows\System32\knSbIev.exe

C:\Windows\System32\knSbIev.exe

C:\Windows\System32\EoCixob.exe

C:\Windows\System32\EoCixob.exe

C:\Windows\System32\rrAsULf.exe

C:\Windows\System32\rrAsULf.exe

C:\Windows\System32\AdjHsur.exe

C:\Windows\System32\AdjHsur.exe

C:\Windows\System32\JdMRAln.exe

C:\Windows\System32\JdMRAln.exe

C:\Windows\System32\wlGvhhD.exe

C:\Windows\System32\wlGvhhD.exe

C:\Windows\System32\LfIRBvi.exe

C:\Windows\System32\LfIRBvi.exe

C:\Windows\System32\BNAhIuy.exe

C:\Windows\System32\BNAhIuy.exe

C:\Windows\System32\WKEdZVr.exe

C:\Windows\System32\WKEdZVr.exe

C:\Windows\System32\ypXVkip.exe

C:\Windows\System32\ypXVkip.exe

C:\Windows\System32\NqUKQqk.exe

C:\Windows\System32\NqUKQqk.exe

C:\Windows\System32\eQoNzjA.exe

C:\Windows\System32\eQoNzjA.exe

C:\Windows\System32\kUqHdPD.exe

C:\Windows\System32\kUqHdPD.exe

C:\Windows\System32\rcMZeDa.exe

C:\Windows\System32\rcMZeDa.exe

C:\Windows\System32\bQDwlwA.exe

C:\Windows\System32\bQDwlwA.exe

C:\Windows\System32\pGUvAOk.exe

C:\Windows\System32\pGUvAOk.exe

C:\Windows\System32\jLeaabp.exe

C:\Windows\System32\jLeaabp.exe

C:\Windows\System32\IywZHgi.exe

C:\Windows\System32\IywZHgi.exe

C:\Windows\System32\OAvMkMb.exe

C:\Windows\System32\OAvMkMb.exe

C:\Windows\System32\FvImufg.exe

C:\Windows\System32\FvImufg.exe

C:\Windows\System32\MSwWSct.exe

C:\Windows\System32\MSwWSct.exe

C:\Windows\System32\WNQURjw.exe

C:\Windows\System32\WNQURjw.exe

C:\Windows\System32\WOLwfNl.exe

C:\Windows\System32\WOLwfNl.exe

C:\Windows\System32\PlqbyXN.exe

C:\Windows\System32\PlqbyXN.exe

C:\Windows\System32\kQOtZFq.exe

C:\Windows\System32\kQOtZFq.exe

C:\Windows\System32\jdEamYp.exe

C:\Windows\System32\jdEamYp.exe

C:\Windows\System32\QEMpkpb.exe

C:\Windows\System32\QEMpkpb.exe

C:\Windows\System32\MBmAIyX.exe

C:\Windows\System32\MBmAIyX.exe

C:\Windows\System32\nbgPtSJ.exe

C:\Windows\System32\nbgPtSJ.exe

C:\Windows\System32\juqTKBk.exe

C:\Windows\System32\juqTKBk.exe

C:\Windows\System32\KBizZfk.exe

C:\Windows\System32\KBizZfk.exe

C:\Windows\System32\aquYLcQ.exe

C:\Windows\System32\aquYLcQ.exe

C:\Windows\System32\OKMYhrM.exe

C:\Windows\System32\OKMYhrM.exe

C:\Windows\System32\YmLkMqX.exe

C:\Windows\System32\YmLkMqX.exe

C:\Windows\System32\ljNTtHo.exe

C:\Windows\System32\ljNTtHo.exe

C:\Windows\System32\qWcTqID.exe

C:\Windows\System32\qWcTqID.exe

C:\Windows\System32\AzgeGwN.exe

C:\Windows\System32\AzgeGwN.exe

C:\Windows\System32\PNdmiUE.exe

C:\Windows\System32\PNdmiUE.exe

C:\Windows\System32\LYZGqfY.exe

C:\Windows\System32\LYZGqfY.exe

C:\Windows\System32\qRogNeh.exe

C:\Windows\System32\qRogNeh.exe

C:\Windows\System32\rIdydSM.exe

C:\Windows\System32\rIdydSM.exe

C:\Windows\System32\FqSesrl.exe

C:\Windows\System32\FqSesrl.exe

C:\Windows\System32\zRtZipa.exe

C:\Windows\System32\zRtZipa.exe

C:\Windows\System32\EyORdwr.exe

C:\Windows\System32\EyORdwr.exe

C:\Windows\System32\AIsFrzG.exe

C:\Windows\System32\AIsFrzG.exe

C:\Windows\System32\ogYQiTw.exe

C:\Windows\System32\ogYQiTw.exe

C:\Windows\System32\JJQQtAg.exe

C:\Windows\System32\JJQQtAg.exe

C:\Windows\System32\FbpTtvK.exe

C:\Windows\System32\FbpTtvK.exe

C:\Windows\System32\INzcqKr.exe

C:\Windows\System32\INzcqKr.exe

C:\Windows\System32\AoYFBhK.exe

C:\Windows\System32\AoYFBhK.exe

C:\Windows\System32\ceEqcJy.exe

C:\Windows\System32\ceEqcJy.exe

C:\Windows\System32\xtTvVwg.exe

C:\Windows\System32\xtTvVwg.exe

C:\Windows\System32\IKuMBXF.exe

C:\Windows\System32\IKuMBXF.exe

C:\Windows\System32\NHpeGXE.exe

C:\Windows\System32\NHpeGXE.exe

C:\Windows\System32\ZFNyFCh.exe

C:\Windows\System32\ZFNyFCh.exe

C:\Windows\System32\YOAvjUb.exe

C:\Windows\System32\YOAvjUb.exe

C:\Windows\System32\jcSEiiO.exe

C:\Windows\System32\jcSEiiO.exe

C:\Windows\System32\lrIrbwL.exe

C:\Windows\System32\lrIrbwL.exe

C:\Windows\System32\oOPHWah.exe

C:\Windows\System32\oOPHWah.exe

C:\Windows\System32\BDgdIlP.exe

C:\Windows\System32\BDgdIlP.exe

C:\Windows\System32\DwuZFFM.exe

C:\Windows\System32\DwuZFFM.exe

C:\Windows\System32\SaAniMB.exe

C:\Windows\System32\SaAniMB.exe

C:\Windows\System32\GSxzHSD.exe

C:\Windows\System32\GSxzHSD.exe

C:\Windows\System32\FrpSjyG.exe

C:\Windows\System32\FrpSjyG.exe

C:\Windows\System32\MMRBpbK.exe

C:\Windows\System32\MMRBpbK.exe

C:\Windows\System32\VlUYfDs.exe

C:\Windows\System32\VlUYfDs.exe

C:\Windows\System32\DNDRUdl.exe

C:\Windows\System32\DNDRUdl.exe

C:\Windows\System32\OndgYnO.exe

C:\Windows\System32\OndgYnO.exe

C:\Windows\System32\NxVlhDr.exe

C:\Windows\System32\NxVlhDr.exe

C:\Windows\System32\IllIUFj.exe

C:\Windows\System32\IllIUFj.exe

C:\Windows\System32\tqGtiKb.exe

C:\Windows\System32\tqGtiKb.exe

C:\Windows\System32\KQMfXKa.exe

C:\Windows\System32\KQMfXKa.exe

C:\Windows\System32\TcfXuhU.exe

C:\Windows\System32\TcfXuhU.exe

C:\Windows\System32\qikwIfP.exe

C:\Windows\System32\qikwIfP.exe

C:\Windows\System32\WaUgxkl.exe

C:\Windows\System32\WaUgxkl.exe

C:\Windows\System32\rPHBBAX.exe

C:\Windows\System32\rPHBBAX.exe

C:\Windows\System32\fSjXdmQ.exe

C:\Windows\System32\fSjXdmQ.exe

C:\Windows\System32\lmtjPip.exe

C:\Windows\System32\lmtjPip.exe

C:\Windows\System32\JldVJDr.exe

C:\Windows\System32\JldVJDr.exe

C:\Windows\System32\KZdTyZG.exe

C:\Windows\System32\KZdTyZG.exe

C:\Windows\System32\rFOISqs.exe

C:\Windows\System32\rFOISqs.exe

C:\Windows\System32\kCujdGN.exe

C:\Windows\System32\kCujdGN.exe

C:\Windows\System32\bFtKnev.exe

C:\Windows\System32\bFtKnev.exe

C:\Windows\System32\cYsgVEh.exe

C:\Windows\System32\cYsgVEh.exe

C:\Windows\System32\NoOegkv.exe

C:\Windows\System32\NoOegkv.exe

C:\Windows\System32\tAkFTyg.exe

C:\Windows\System32\tAkFTyg.exe

C:\Windows\System32\ioBEscF.exe

C:\Windows\System32\ioBEscF.exe

C:\Windows\System32\ZxtsdNP.exe

C:\Windows\System32\ZxtsdNP.exe

C:\Windows\System32\jDFtHTd.exe

C:\Windows\System32\jDFtHTd.exe

C:\Windows\System32\OGOiCJG.exe

C:\Windows\System32\OGOiCJG.exe

C:\Windows\System32\XYTQhAC.exe

C:\Windows\System32\XYTQhAC.exe

C:\Windows\System32\ZOmIMxy.exe

C:\Windows\System32\ZOmIMxy.exe

C:\Windows\System32\XXdpIKo.exe

C:\Windows\System32\XXdpIKo.exe

C:\Windows\System32\NPZUaYU.exe

C:\Windows\System32\NPZUaYU.exe

C:\Windows\System32\Sxllyuj.exe

C:\Windows\System32\Sxllyuj.exe

C:\Windows\System32\WbFxMgb.exe

C:\Windows\System32\WbFxMgb.exe

C:\Windows\System32\rJIPFyJ.exe

C:\Windows\System32\rJIPFyJ.exe

C:\Windows\System32\AqjYspT.exe

C:\Windows\System32\AqjYspT.exe

C:\Windows\System32\sJePNuy.exe

C:\Windows\System32\sJePNuy.exe

C:\Windows\System32\ktNHmDL.exe

C:\Windows\System32\ktNHmDL.exe

C:\Windows\System32\IScJSqw.exe

C:\Windows\System32\IScJSqw.exe

C:\Windows\System32\bnJhvLC.exe

C:\Windows\System32\bnJhvLC.exe

C:\Windows\System32\rGVPNrc.exe

C:\Windows\System32\rGVPNrc.exe

C:\Windows\System32\PxUSpFO.exe

C:\Windows\System32\PxUSpFO.exe

C:\Windows\System32\fKKPabw.exe

C:\Windows\System32\fKKPabw.exe

C:\Windows\System32\lxPhoiQ.exe

C:\Windows\System32\lxPhoiQ.exe

C:\Windows\System32\GnOrUrh.exe

C:\Windows\System32\GnOrUrh.exe

C:\Windows\System32\OHOGIYw.exe

C:\Windows\System32\OHOGIYw.exe

C:\Windows\System32\OPWtPHw.exe

C:\Windows\System32\OPWtPHw.exe

C:\Windows\System32\VWrQqjv.exe

C:\Windows\System32\VWrQqjv.exe

C:\Windows\System32\qvfNthQ.exe

C:\Windows\System32\qvfNthQ.exe

C:\Windows\System32\UmEhWqP.exe

C:\Windows\System32\UmEhWqP.exe

C:\Windows\System32\cewODIM.exe

C:\Windows\System32\cewODIM.exe

C:\Windows\System32\mLwJpnB.exe

C:\Windows\System32\mLwJpnB.exe

C:\Windows\System32\bXxbSsp.exe

C:\Windows\System32\bXxbSsp.exe

C:\Windows\System32\yuioXzB.exe

C:\Windows\System32\yuioXzB.exe

C:\Windows\System32\XUBfacu.exe

C:\Windows\System32\XUBfacu.exe

C:\Windows\System32\osWwppi.exe

C:\Windows\System32\osWwppi.exe

C:\Windows\System32\SKBfkxE.exe

C:\Windows\System32\SKBfkxE.exe

C:\Windows\System32\WYoHuUC.exe

C:\Windows\System32\WYoHuUC.exe

C:\Windows\System32\BXAPoxJ.exe

C:\Windows\System32\BXAPoxJ.exe

C:\Windows\System32\jdGncjm.exe

C:\Windows\System32\jdGncjm.exe

C:\Windows\System32\AIEwwwm.exe

C:\Windows\System32\AIEwwwm.exe

C:\Windows\System32\SnWWhEg.exe

C:\Windows\System32\SnWWhEg.exe

C:\Windows\System32\uxDYlMc.exe

C:\Windows\System32\uxDYlMc.exe

C:\Windows\System32\ujmTOMh.exe

C:\Windows\System32\ujmTOMh.exe

C:\Windows\System32\ecMpUgH.exe

C:\Windows\System32\ecMpUgH.exe

C:\Windows\System32\rmCdWPg.exe

C:\Windows\System32\rmCdWPg.exe

C:\Windows\System32\qhZVKKB.exe

C:\Windows\System32\qhZVKKB.exe

C:\Windows\System32\KRBixGP.exe

C:\Windows\System32\KRBixGP.exe

C:\Windows\System32\sbIwXar.exe

C:\Windows\System32\sbIwXar.exe

C:\Windows\System32\OuZfAUq.exe

C:\Windows\System32\OuZfAUq.exe

C:\Windows\System32\DHrWfJx.exe

C:\Windows\System32\DHrWfJx.exe

C:\Windows\System32\YDSUXjL.exe

C:\Windows\System32\YDSUXjL.exe

C:\Windows\System32\GwMswaC.exe

C:\Windows\System32\GwMswaC.exe

C:\Windows\System32\ytRcEzY.exe

C:\Windows\System32\ytRcEzY.exe

C:\Windows\System32\GWnSvjw.exe

C:\Windows\System32\GWnSvjw.exe

C:\Windows\System32\Gylnglj.exe

C:\Windows\System32\Gylnglj.exe

C:\Windows\System32\JnqsyFF.exe

C:\Windows\System32\JnqsyFF.exe

C:\Windows\System32\BKEoKbi.exe

C:\Windows\System32\BKEoKbi.exe

C:\Windows\System32\EntnWwr.exe

C:\Windows\System32\EntnWwr.exe

C:\Windows\System32\gMkhzsk.exe

C:\Windows\System32\gMkhzsk.exe

C:\Windows\System32\qHYyVyQ.exe

C:\Windows\System32\qHYyVyQ.exe

C:\Windows\System32\uUmGBiC.exe

C:\Windows\System32\uUmGBiC.exe

C:\Windows\System32\MkQvVff.exe

C:\Windows\System32\MkQvVff.exe

C:\Windows\System32\acDtDMr.exe

C:\Windows\System32\acDtDMr.exe

C:\Windows\System32\wCMRhKu.exe

C:\Windows\System32\wCMRhKu.exe

C:\Windows\System32\kyWnLYu.exe

C:\Windows\System32\kyWnLYu.exe

C:\Windows\System32\hpMuPJH.exe

C:\Windows\System32\hpMuPJH.exe

C:\Windows\System32\czDcHjR.exe

C:\Windows\System32\czDcHjR.exe

C:\Windows\System32\psrvevC.exe

C:\Windows\System32\psrvevC.exe

C:\Windows\System32\OQZkZAy.exe

C:\Windows\System32\OQZkZAy.exe

C:\Windows\System32\AOOzhTs.exe

C:\Windows\System32\AOOzhTs.exe

C:\Windows\System32\UdEqUyi.exe

C:\Windows\System32\UdEqUyi.exe

C:\Windows\System32\rlNyhJU.exe

C:\Windows\System32\rlNyhJU.exe

C:\Windows\System32\SYRqPTZ.exe

C:\Windows\System32\SYRqPTZ.exe

C:\Windows\System32\NZKYUfM.exe

C:\Windows\System32\NZKYUfM.exe

C:\Windows\System32\gMqTVeE.exe

C:\Windows\System32\gMqTVeE.exe

C:\Windows\System32\qzpjomb.exe

C:\Windows\System32\qzpjomb.exe

C:\Windows\System32\GiQSNCM.exe

C:\Windows\System32\GiQSNCM.exe

C:\Windows\System32\pgBHXIK.exe

C:\Windows\System32\pgBHXIK.exe

C:\Windows\System32\ytyUBtF.exe

C:\Windows\System32\ytyUBtF.exe

C:\Windows\System32\PPOJjoh.exe

C:\Windows\System32\PPOJjoh.exe

C:\Windows\System32\yMEBxxr.exe

C:\Windows\System32\yMEBxxr.exe

C:\Windows\System32\JbnLHcF.exe

C:\Windows\System32\JbnLHcF.exe

C:\Windows\System32\gDTpPRA.exe

C:\Windows\System32\gDTpPRA.exe

C:\Windows\System32\afRgyEO.exe

C:\Windows\System32\afRgyEO.exe

C:\Windows\System32\PsFfHQt.exe

C:\Windows\System32\PsFfHQt.exe

C:\Windows\System32\wciZzbs.exe

C:\Windows\System32\wciZzbs.exe

C:\Windows\System32\EOgQVKx.exe

C:\Windows\System32\EOgQVKx.exe

C:\Windows\System32\hepsOfX.exe

C:\Windows\System32\hepsOfX.exe

C:\Windows\System32\VxlaPOY.exe

C:\Windows\System32\VxlaPOY.exe

C:\Windows\System32\wZUUIdI.exe

C:\Windows\System32\wZUUIdI.exe

C:\Windows\System32\iEVCWju.exe

C:\Windows\System32\iEVCWju.exe

C:\Windows\System32\DLeWufG.exe

C:\Windows\System32\DLeWufG.exe

C:\Windows\System32\JIjZwDi.exe

C:\Windows\System32\JIjZwDi.exe

C:\Windows\System32\uPsyLxt.exe

C:\Windows\System32\uPsyLxt.exe

C:\Windows\System32\axHdHuN.exe

C:\Windows\System32\axHdHuN.exe

C:\Windows\System32\nprpHpV.exe

C:\Windows\System32\nprpHpV.exe

C:\Windows\System32\FxkWdkG.exe

C:\Windows\System32\FxkWdkG.exe

C:\Windows\System32\NfNlftR.exe

C:\Windows\System32\NfNlftR.exe

C:\Windows\System32\tauMLiE.exe

C:\Windows\System32\tauMLiE.exe

C:\Windows\System32\LKOgFZc.exe

C:\Windows\System32\LKOgFZc.exe

C:\Windows\System32\uofvuBL.exe

C:\Windows\System32\uofvuBL.exe

C:\Windows\System32\ACMIWGd.exe

C:\Windows\System32\ACMIWGd.exe

C:\Windows\System32\NmVjOre.exe

C:\Windows\System32\NmVjOre.exe

C:\Windows\System32\BDqyGJa.exe

C:\Windows\System32\BDqyGJa.exe

C:\Windows\System32\ZjGBaZJ.exe

C:\Windows\System32\ZjGBaZJ.exe

C:\Windows\System32\MJgWSby.exe

C:\Windows\System32\MJgWSby.exe

C:\Windows\System32\AlKRQnh.exe

C:\Windows\System32\AlKRQnh.exe

C:\Windows\System32\SfkzOyM.exe

C:\Windows\System32\SfkzOyM.exe

C:\Windows\System32\IRrgipz.exe

C:\Windows\System32\IRrgipz.exe

C:\Windows\System32\cawqurU.exe

C:\Windows\System32\cawqurU.exe

C:\Windows\System32\ebnMpWQ.exe

C:\Windows\System32\ebnMpWQ.exe

C:\Windows\System32\WazQppC.exe

C:\Windows\System32\WazQppC.exe

C:\Windows\System32\rSyUSyW.exe

C:\Windows\System32\rSyUSyW.exe

C:\Windows\System32\dLFOHTQ.exe

C:\Windows\System32\dLFOHTQ.exe

C:\Windows\System32\CwVpRFU.exe

C:\Windows\System32\CwVpRFU.exe

C:\Windows\System32\HsurTjv.exe

C:\Windows\System32\HsurTjv.exe

C:\Windows\System32\WdlJCYh.exe

C:\Windows\System32\WdlJCYh.exe

C:\Windows\System32\ZFuPcQQ.exe

C:\Windows\System32\ZFuPcQQ.exe

C:\Windows\System32\sYHFtzS.exe

C:\Windows\System32\sYHFtzS.exe

C:\Windows\System32\SAOhlZO.exe

C:\Windows\System32\SAOhlZO.exe

C:\Windows\System32\RDkQGlg.exe

C:\Windows\System32\RDkQGlg.exe

C:\Windows\System32\NSEKAgk.exe

C:\Windows\System32\NSEKAgk.exe

C:\Windows\System32\oikOXUc.exe

C:\Windows\System32\oikOXUc.exe

C:\Windows\System32\KpraraD.exe

C:\Windows\System32\KpraraD.exe

C:\Windows\System32\NpLciiU.exe

C:\Windows\System32\NpLciiU.exe

C:\Windows\System32\SoELKvO.exe

C:\Windows\System32\SoELKvO.exe

C:\Windows\System32\oxRiDbf.exe

C:\Windows\System32\oxRiDbf.exe

C:\Windows\System32\ugqyGRt.exe

C:\Windows\System32\ugqyGRt.exe

C:\Windows\System32\BRbcVOH.exe

C:\Windows\System32\BRbcVOH.exe

C:\Windows\System32\dIGSTLd.exe

C:\Windows\System32\dIGSTLd.exe

C:\Windows\System32\xjYcuPZ.exe

C:\Windows\System32\xjYcuPZ.exe

C:\Windows\System32\HrhCxbi.exe

C:\Windows\System32\HrhCxbi.exe

C:\Windows\System32\yWEUSoo.exe

C:\Windows\System32\yWEUSoo.exe

C:\Windows\System32\ivuqyWb.exe

C:\Windows\System32\ivuqyWb.exe

C:\Windows\System32\inDJzhT.exe

C:\Windows\System32\inDJzhT.exe

C:\Windows\System32\MqsIcOb.exe

C:\Windows\System32\MqsIcOb.exe

C:\Windows\System32\VLiWBkH.exe

C:\Windows\System32\VLiWBkH.exe

C:\Windows\System32\XdniOon.exe

C:\Windows\System32\XdniOon.exe

C:\Windows\System32\dpSsLCQ.exe

C:\Windows\System32\dpSsLCQ.exe

C:\Windows\System32\JAdtzCC.exe

C:\Windows\System32\JAdtzCC.exe

C:\Windows\System32\lLEmokj.exe

C:\Windows\System32\lLEmokj.exe

C:\Windows\System32\UYJVtVH.exe

C:\Windows\System32\UYJVtVH.exe

C:\Windows\System32\cPOjrll.exe

C:\Windows\System32\cPOjrll.exe

C:\Windows\System32\AyMItkr.exe

C:\Windows\System32\AyMItkr.exe

C:\Windows\System32\KARgztc.exe

C:\Windows\System32\KARgztc.exe

C:\Windows\System32\oXXxxLg.exe

C:\Windows\System32\oXXxxLg.exe

C:\Windows\System32\ODYrjCv.exe

C:\Windows\System32\ODYrjCv.exe

C:\Windows\System32\AbKdTty.exe

C:\Windows\System32\AbKdTty.exe

C:\Windows\System32\qpODtcD.exe

C:\Windows\System32\qpODtcD.exe

C:\Windows\System32\GLUBihw.exe

C:\Windows\System32\GLUBihw.exe

C:\Windows\System32\qhBeTfA.exe

C:\Windows\System32\qhBeTfA.exe

C:\Windows\System32\mFuyTmm.exe

C:\Windows\System32\mFuyTmm.exe

C:\Windows\System32\xUNrNDl.exe

C:\Windows\System32\xUNrNDl.exe

C:\Windows\System32\EdDLPuO.exe

C:\Windows\System32\EdDLPuO.exe

C:\Windows\System32\pHRRxod.exe

C:\Windows\System32\pHRRxod.exe

C:\Windows\System32\WCFXZxL.exe

C:\Windows\System32\WCFXZxL.exe

C:\Windows\System32\mAOWvIc.exe

C:\Windows\System32\mAOWvIc.exe

C:\Windows\System32\QmlHqYO.exe

C:\Windows\System32\QmlHqYO.exe

C:\Windows\System32\tlbMZxo.exe

C:\Windows\System32\tlbMZxo.exe

C:\Windows\System32\wngkglg.exe

C:\Windows\System32\wngkglg.exe

C:\Windows\System32\ZkHOWok.exe

C:\Windows\System32\ZkHOWok.exe

C:\Windows\System32\mipPdDn.exe

C:\Windows\System32\mipPdDn.exe

C:\Windows\System32\qMYNEFH.exe

C:\Windows\System32\qMYNEFH.exe

C:\Windows\System32\LYiNHNn.exe

C:\Windows\System32\LYiNHNn.exe

C:\Windows\System32\ODnjYnC.exe

C:\Windows\System32\ODnjYnC.exe

C:\Windows\System32\UDruGus.exe

C:\Windows\System32\UDruGus.exe

C:\Windows\System32\OBHOqPB.exe

C:\Windows\System32\OBHOqPB.exe

C:\Windows\System32\TjLFKMj.exe

C:\Windows\System32\TjLFKMj.exe

C:\Windows\System32\kgUtNJJ.exe

C:\Windows\System32\kgUtNJJ.exe

C:\Windows\System32\FfNAELJ.exe

C:\Windows\System32\FfNAELJ.exe

C:\Windows\System32\DvNBSth.exe

C:\Windows\System32\DvNBSth.exe

C:\Windows\System32\MKwkSAk.exe

C:\Windows\System32\MKwkSAk.exe

C:\Windows\System32\dGNawrV.exe

C:\Windows\System32\dGNawrV.exe

C:\Windows\System32\coBtRDz.exe

C:\Windows\System32\coBtRDz.exe

C:\Windows\System32\ucMNNeg.exe

C:\Windows\System32\ucMNNeg.exe

C:\Windows\System32\VZEHmiU.exe

C:\Windows\System32\VZEHmiU.exe

C:\Windows\System32\xqXCAgD.exe

C:\Windows\System32\xqXCAgD.exe

C:\Windows\System32\iOLJQOW.exe

C:\Windows\System32\iOLJQOW.exe

C:\Windows\System32\ULObaNE.exe

C:\Windows\System32\ULObaNE.exe

C:\Windows\System32\yIsSrsf.exe

C:\Windows\System32\yIsSrsf.exe

C:\Windows\System32\EYuaUKf.exe

C:\Windows\System32\EYuaUKf.exe

C:\Windows\System32\qsneTkd.exe

C:\Windows\System32\qsneTkd.exe

C:\Windows\System32\WlMPEuu.exe

C:\Windows\System32\WlMPEuu.exe

C:\Windows\System32\rmMkrbL.exe

C:\Windows\System32\rmMkrbL.exe

C:\Windows\System32\xIxeiZz.exe

C:\Windows\System32\xIxeiZz.exe

C:\Windows\System32\BUuFPwn.exe

C:\Windows\System32\BUuFPwn.exe

C:\Windows\System32\tJLchDv.exe

C:\Windows\System32\tJLchDv.exe

C:\Windows\System32\xJyrGHN.exe

C:\Windows\System32\xJyrGHN.exe

C:\Windows\System32\zZteQsd.exe

C:\Windows\System32\zZteQsd.exe

C:\Windows\System32\VorWfWN.exe

C:\Windows\System32\VorWfWN.exe

C:\Windows\System32\tZuPErt.exe

C:\Windows\System32\tZuPErt.exe

C:\Windows\System32\aLZQaaB.exe

C:\Windows\System32\aLZQaaB.exe

C:\Windows\System32\bcebpLo.exe

C:\Windows\System32\bcebpLo.exe

C:\Windows\System32\fqkaIqG.exe

C:\Windows\System32\fqkaIqG.exe

C:\Windows\System32\nYeypaC.exe

C:\Windows\System32\nYeypaC.exe

C:\Windows\System32\lZkwKfk.exe

C:\Windows\System32\lZkwKfk.exe

C:\Windows\System32\Kmkwssc.exe

C:\Windows\System32\Kmkwssc.exe

C:\Windows\System32\BTzQKff.exe

C:\Windows\System32\BTzQKff.exe

C:\Windows\System32\rYxonvv.exe

C:\Windows\System32\rYxonvv.exe

C:\Windows\System32\boidGZa.exe

C:\Windows\System32\boidGZa.exe

C:\Windows\System32\ByBXyTW.exe

C:\Windows\System32\ByBXyTW.exe

C:\Windows\System32\fxtYQPk.exe

C:\Windows\System32\fxtYQPk.exe

C:\Windows\System32\uMXbsQg.exe

C:\Windows\System32\uMXbsQg.exe

C:\Windows\System32\TEVurrj.exe

C:\Windows\System32\TEVurrj.exe

C:\Windows\System32\LYfTcef.exe

C:\Windows\System32\LYfTcef.exe

C:\Windows\System32\MgnxxVk.exe

C:\Windows\System32\MgnxxVk.exe

C:\Windows\System32\AXiOzSE.exe

C:\Windows\System32\AXiOzSE.exe

C:\Windows\System32\GWNtmXG.exe

C:\Windows\System32\GWNtmXG.exe

C:\Windows\System32\ugghxow.exe

C:\Windows\System32\ugghxow.exe

C:\Windows\System32\mxrqgqF.exe

C:\Windows\System32\mxrqgqF.exe

C:\Windows\System32\dQmyhBx.exe

C:\Windows\System32\dQmyhBx.exe

C:\Windows\System32\FqeFmWB.exe

C:\Windows\System32\FqeFmWB.exe

C:\Windows\System32\wZaYoIG.exe

C:\Windows\System32\wZaYoIG.exe

C:\Windows\System32\pPIKNex.exe

C:\Windows\System32\pPIKNex.exe

C:\Windows\System32\MsbcOgS.exe

C:\Windows\System32\MsbcOgS.exe

C:\Windows\System32\kppWrYl.exe

C:\Windows\System32\kppWrYl.exe

C:\Windows\System32\uPoFOva.exe

C:\Windows\System32\uPoFOva.exe

C:\Windows\System32\YshqjZr.exe

C:\Windows\System32\YshqjZr.exe

C:\Windows\System32\UCXanZJ.exe

C:\Windows\System32\UCXanZJ.exe

C:\Windows\System32\NfUvYAd.exe

C:\Windows\System32\NfUvYAd.exe

C:\Windows\System32\SfeOLuL.exe

C:\Windows\System32\SfeOLuL.exe

C:\Windows\System32\QslahuT.exe

C:\Windows\System32\QslahuT.exe

C:\Windows\System32\UgbPBlR.exe

C:\Windows\System32\UgbPBlR.exe

C:\Windows\System32\SSOqbsQ.exe

C:\Windows\System32\SSOqbsQ.exe

C:\Windows\System32\aTlDimV.exe

C:\Windows\System32\aTlDimV.exe

C:\Windows\System32\anxMRmi.exe

C:\Windows\System32\anxMRmi.exe

C:\Windows\System32\NzgwAnN.exe

C:\Windows\System32\NzgwAnN.exe

C:\Windows\System32\xhGBiqE.exe

C:\Windows\System32\xhGBiqE.exe

C:\Windows\System32\NpjWWWv.exe

C:\Windows\System32\NpjWWWv.exe

C:\Windows\System32\ucjWCZQ.exe

C:\Windows\System32\ucjWCZQ.exe

C:\Windows\System32\qjOQuRS.exe

C:\Windows\System32\qjOQuRS.exe

C:\Windows\System32\izJjqzc.exe

C:\Windows\System32\izJjqzc.exe

C:\Windows\System32\AlIPAjr.exe

C:\Windows\System32\AlIPAjr.exe

C:\Windows\System32\JsmVnPH.exe

C:\Windows\System32\JsmVnPH.exe

C:\Windows\System32\DpFOrJW.exe

C:\Windows\System32\DpFOrJW.exe

C:\Windows\System32\VTpFrzi.exe

C:\Windows\System32\VTpFrzi.exe

C:\Windows\System32\QVKUSux.exe

C:\Windows\System32\QVKUSux.exe

C:\Windows\System32\ZvkRwCj.exe

C:\Windows\System32\ZvkRwCj.exe

C:\Windows\System32\okqSrzh.exe

C:\Windows\System32\okqSrzh.exe

C:\Windows\System32\yRnezmn.exe

C:\Windows\System32\yRnezmn.exe

C:\Windows\System32\FTlmZUP.exe

C:\Windows\System32\FTlmZUP.exe

C:\Windows\System32\FYhYSqK.exe

C:\Windows\System32\FYhYSqK.exe

C:\Windows\System32\ceKnBXl.exe

C:\Windows\System32\ceKnBXl.exe

C:\Windows\System32\VdXQgXM.exe

C:\Windows\System32\VdXQgXM.exe

C:\Windows\System32\GtDCwxU.exe

C:\Windows\System32\GtDCwxU.exe

C:\Windows\System32\YkiOxuR.exe

C:\Windows\System32\YkiOxuR.exe

C:\Windows\System32\LVSYsRs.exe

C:\Windows\System32\LVSYsRs.exe

C:\Windows\System32\dEwhRUU.exe

C:\Windows\System32\dEwhRUU.exe

C:\Windows\System32\bRlFska.exe

C:\Windows\System32\bRlFska.exe

C:\Windows\System32\IEsrXIx.exe

C:\Windows\System32\IEsrXIx.exe

C:\Windows\System32\zBgvTVe.exe

C:\Windows\System32\zBgvTVe.exe

C:\Windows\System32\nICSedM.exe

C:\Windows\System32\nICSedM.exe

C:\Windows\System32\NHOYCyv.exe

C:\Windows\System32\NHOYCyv.exe

C:\Windows\System32\VNflrwo.exe

C:\Windows\System32\VNflrwo.exe

C:\Windows\System32\ZbAsCPl.exe

C:\Windows\System32\ZbAsCPl.exe

C:\Windows\System32\DWjVRyQ.exe

C:\Windows\System32\DWjVRyQ.exe

C:\Windows\System32\PMivFjK.exe

C:\Windows\System32\PMivFjK.exe

C:\Windows\System32\pOipahg.exe

C:\Windows\System32\pOipahg.exe

C:\Windows\System32\GNbOnbe.exe

C:\Windows\System32\GNbOnbe.exe

C:\Windows\System32\dhWeTJs.exe

C:\Windows\System32\dhWeTJs.exe

C:\Windows\System32\ABUfTta.exe

C:\Windows\System32\ABUfTta.exe

C:\Windows\System32\FNLGtjn.exe

C:\Windows\System32\FNLGtjn.exe

C:\Windows\System32\CXAngjF.exe

C:\Windows\System32\CXAngjF.exe

C:\Windows\System32\DHOPzWl.exe

C:\Windows\System32\DHOPzWl.exe

C:\Windows\System32\iZLtWte.exe

C:\Windows\System32\iZLtWte.exe

C:\Windows\System32\rzeBgND.exe

C:\Windows\System32\rzeBgND.exe

C:\Windows\System32\MbaLRmd.exe

C:\Windows\System32\MbaLRmd.exe

C:\Windows\System32\ouyXJtO.exe

C:\Windows\System32\ouyXJtO.exe

C:\Windows\System32\kDDGhJn.exe

C:\Windows\System32\kDDGhJn.exe

C:\Windows\System32\uxXudfe.exe

C:\Windows\System32\uxXudfe.exe

C:\Windows\System32\UiGhTDM.exe

C:\Windows\System32\UiGhTDM.exe

C:\Windows\System32\hWzXuhI.exe

C:\Windows\System32\hWzXuhI.exe

C:\Windows\System32\UVRkxlM.exe

C:\Windows\System32\UVRkxlM.exe

C:\Windows\System32\ADnzRaM.exe

C:\Windows\System32\ADnzRaM.exe

C:\Windows\System32\eRSfLDU.exe

C:\Windows\System32\eRSfLDU.exe

C:\Windows\System32\JXjlWRB.exe

C:\Windows\System32\JXjlWRB.exe

C:\Windows\System32\ekzQFRg.exe

C:\Windows\System32\ekzQFRg.exe

C:\Windows\System32\yUGWzei.exe

C:\Windows\System32\yUGWzei.exe

C:\Windows\System32\opZpOBl.exe

C:\Windows\System32\opZpOBl.exe

C:\Windows\System32\XieMSko.exe

C:\Windows\System32\XieMSko.exe

C:\Windows\System32\orldWaA.exe

C:\Windows\System32\orldWaA.exe

C:\Windows\System32\uGzYIoy.exe

C:\Windows\System32\uGzYIoy.exe

C:\Windows\System32\lGXAAIc.exe

C:\Windows\System32\lGXAAIc.exe

C:\Windows\System32\zrfOJky.exe

C:\Windows\System32\zrfOJky.exe

C:\Windows\System32\JJBKtQd.exe

C:\Windows\System32\JJBKtQd.exe

C:\Windows\System32\MLyLuDc.exe

C:\Windows\System32\MLyLuDc.exe

C:\Windows\System32\eaTaJBY.exe

C:\Windows\System32\eaTaJBY.exe

C:\Windows\System32\ROPdSND.exe

C:\Windows\System32\ROPdSND.exe

C:\Windows\System32\UMtmdry.exe

C:\Windows\System32\UMtmdry.exe

C:\Windows\System32\VXFJyFM.exe

C:\Windows\System32\VXFJyFM.exe

C:\Windows\System32\IaSEEIw.exe

C:\Windows\System32\IaSEEIw.exe

C:\Windows\System32\LprBWnH.exe

C:\Windows\System32\LprBWnH.exe

C:\Windows\System32\XRjRSJm.exe

C:\Windows\System32\XRjRSJm.exe

C:\Windows\System32\FpmgdCT.exe

C:\Windows\System32\FpmgdCT.exe

C:\Windows\System32\eAgXYWh.exe

C:\Windows\System32\eAgXYWh.exe

C:\Windows\System32\ukaBFLd.exe

C:\Windows\System32\ukaBFLd.exe

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

memory/4520-0-0x00007FF6607F0000-0x00007FF660BE1000-memory.dmp

memory/4520-1-0x00000248EC050000-0x00000248EC060000-memory.dmp

C:\Windows\System32\MHurAFe.exe

MD5 0bb39147e67b33111264d6100ebf8293
SHA1 9f7fe434b9bfebc7ad228015905e3eaf2f150dab
SHA256 9ef1a08fd6e6a81fce6fbca847c3b5eb0348e324d960b53577d017279b2071a9
SHA512 6add0d146ee8fbc75c7be135892a03f30d8d95d79c9c3e4c51bac38355c63eacfc7087ed72afcb0ffdb6412d4a37d03b7bee4e74d33065cd69bf22147bffe489

C:\Windows\System32\VGmKWKy.exe

MD5 c19949b3c5886cee3a70f4eadca7c1fe
SHA1 2de33d68d1adf72ab7309df609cac40537fc3491
SHA256 619643c899a638ce9d8fe859675e0df936b52cfcc2acf7d8281bba6d6ff1d62a
SHA512 e39b1f67e1715493ddcb8b2629d36cfacc17f38aa8a26586dd25c2253a56cbdb6c7363b0b23721ce254067d690ef1c20ed6b6bb754e79c1a8f541850ffe224c6

C:\Windows\System32\leLdShV.exe

MD5 3b27aa7410d7481dcc6fd5357672288b
SHA1 78b502155ee6ffd341792e6459c775a54dee95d8
SHA256 710d654189002c7066deefffc569fbd7bed3411c6219d0f6999d40cb1a0aace2
SHA512 1d566c4cfcb39d73993e8f80eaec365fdec90651dfe15fc33a96cae6b42e77b9689c9fe5781e628c2e05969166ea11de60585054ed6bf7d979f47c43d017b64f

C:\Windows\System32\bdaTMPf.exe

MD5 8211a3dde14f6656ac015f1dc0b1e08e
SHA1 eba779c5c4303ccd608f874695bbacb3fbc2a043
SHA256 ec81470c54017e527ddfd90f21e81c68c10c3c3e868707bf6c2521bd48bed2b9
SHA512 e2e849cfc8648866a58b848f0476101e5fbfa330c1977f69cb7584b50fba060210a1ebdfd20cc8afb6f7a6644b65e4aa1ab43e4df66698f69b996c4b69a7aa8e

C:\Windows\System32\XMfpObp.exe

MD5 b472cf4556a4e25e08297d45f4495473
SHA1 06c446e7dfadd0930f8c98292f18bc370001fa99
SHA256 5d59b355f95cb128396316e8c35a39c8a27806fb1f4900fdd0eca1d7ea52726b
SHA512 9f717f1d351231dbf56daaddebfd5c1934504a5124149de2e23d99deca4b4b20d64cec47151d110ad2a13e5e25a33c1ff68214c8fb8c20bb1c561e216f25cef6

C:\Windows\System32\zdWkwSV.exe

MD5 1d4818157069b6e09e638a5e37bce937
SHA1 ddaa787829fff036797a936f2d948056e6616b56
SHA256 7341cfaea636c3587e1e42787825e0f15dba482d21f5fdc843d16e08673ef646
SHA512 d05c8244f0d8d6a54abf345ef258434a863294d43216dfcb7409caedb64727d97ccf67c2a1ca93d03371483ecb546076fd69636879351b939c8a273aaa5568bc

C:\Windows\System32\zEyzdqP.exe

MD5 1371c2ef6b876e4e0a00f451bc71591e
SHA1 874466d9acc70bf630b7673fc6dd21f310e8c9c6
SHA256 6f96863f6cffbffdcdead5d954b27da5c66b022d8284e2a35fdc3fd04a12b4e7
SHA512 c9c248ec86df6f223841cf25fddc6eb50ed3bcd3777958281d654267c3cc2b338194296625e44dfec4bde47debaa1f6ab28ef8c7af21db632093e061ee9bc264

C:\Windows\System32\qIMMBPw.exe

MD5 f0f12d00b20b306985bb1bf1f9a103ae
SHA1 52edc95a82239f1e1d25a5ed336d0e2a5d98c9d3
SHA256 eeda774950ea91f45fba7bf9fa61ffa2efec820f56795d384855db318fb057a1
SHA512 e7298a34b738eeb54aa56acc49307cb168555cafa1241639f9a0b380a48cc48dde3ab6f207ddcbe0e7d7117194be2da30d4ff4173d3b297e9efb33ecd7e921ef

C:\Windows\System32\XTQxgjl.exe

MD5 82f668f6f0263761bc9a0cd4dc4494ee
SHA1 597ac86a899ee65525d73e9c0181aed050326062
SHA256 d84f3c23adb0d7ce3fad259163c54402eb2f5d97a0f8dfb784e49215d2aeacef
SHA512 1030d68aeb69d72662c722c07e2a5aaa4d09badd0129322d18cbe04093cd10798c625271b006394ff6f5d50a180ab8e3d6d91f92d01fe00e6b0a990fe05982d4

C:\Windows\System32\oDQbgqa.exe

MD5 6ce41bdd90308c3001ba7c702ccb4935
SHA1 676ad4127c04089ef655c70bcfa2b2743a128cd1
SHA256 8b92a9697e52c6a10f15d4e1065beaced56c26078779d918f38bbb9ef1664e90
SHA512 674c06bc5ab5f3d6e01a559b9190efeb7f86a6e411acc716a16927bcc94915702a9e2a81a4e34681aa06b47f88f44eb48ce81c138105cce2e486cf8759c6a7e1

C:\Windows\System32\ZKIRRTG.exe

MD5 be66d98aed35083ac21c48bc1cde2718
SHA1 766fa0edbaf587c13d78b0c8a543676309a1a24f
SHA256 a5d0daecba2d275cdcc8944599f47b95bab1260e525bb3078a251fd037000a16
SHA512 8bb2ef28d84908a4762bd191de711ed8a08f87044c14e3f827a9e1c2d815b66291a1399e7595a954e30032e8130d79c150912c2cf7f0f4314e074ccb4bcca419

C:\Windows\System32\lYbjcHq.exe

MD5 0c0a0660c091c7aa0d9e579e709d9244
SHA1 a343a3b4d5d3d8ef7ca1fcbb004170aca3464b72
SHA256 0bafbeb203a44217b899c3eb93dd8000ba09a6e2310bd0a7e047cb91051266da
SHA512 e227d03e99168363130309412a7594029bfdd48795e1d0ef2487f0945b622acbbc93f0e187dfa584b4895dd07b3cdd91dd838fd3731093f97439cb4b9c9c0f8e

C:\Windows\System32\tuTHlyb.exe

MD5 508bf3bc4a4c3023c18059f3b163913f
SHA1 28d067c01c6617273e2595c85b82eea647c80637
SHA256 ad41c70706fb5685653ad0245b5beb3105d32c455c61663672bb16f78cc51c3e
SHA512 ea93282d7a0780cfc1cc8c0b3b929f4b35ce027ebc8cf54be7e7458be589c3398d0e35ad051b5814dd7cc8c54b23e9800345721eba0d847ae4578f8aaa854d8c

C:\Windows\System32\SqvEWpM.exe

MD5 e7139db1788986b50575a8de963d2ca4
SHA1 74f9a96175700c315f9a453af18b0ac595cabc18
SHA256 d42accd45000d21d478bbfd5b4ce106cef31ce20a7213975812fcc8bc3c1c35d
SHA512 76ac8f98c16050e81793ff6b8c80ff624a6b448473f9f30bae511c0869f9140ec051dc058b65ea6412c8e81b8e730f531394eb32a5fa7e3e95b921b300472b97

memory/2900-373-0x00007FF747580000-0x00007FF747971000-memory.dmp

C:\Windows\System32\JtNVOOc.exe

MD5 47e5c9e2eff43f4508ffbc6545753067
SHA1 7af4e211ec471b3fe50df85eb6b086d569573ada
SHA256 f4c0a2f4b4ce386d88005a4f701a01e47a5b5fcb99640469fd3b30bcf3cd78d5
SHA512 ac06a3858e62088344f6631851604a872ee2b9c7e08f5db11325a9826716035b3a36d0e96f64b83097a11e34bededd147a8ab77febaba5bce123f80deddb1f82

C:\Windows\System32\IdoqAFv.exe

MD5 600df169d62cb8fb3b9d0ca80d388a2d
SHA1 7840f3c78ce62333e1ba8c34b16dfaff1afe0a6a
SHA256 34dff148fde1fcbfdab5d1370f4b4b714fc67233b2346b40cf7051cf5baa73a4
SHA512 df83a7859e7d72d5e0fa9821d5fc57e24c7d0c1c2e894aa5c9f19047bdd183fd14d988c7dabc04cfe589cd980c42dc518cfc5243a5efa45d24c9ec83bc6e1357

C:\Windows\System32\fNjAiMY.exe

MD5 f2cff0b0aa386947f63716e7044889cd
SHA1 0a803302b3b03bd80d297f3f0fd3b2d3d67f6476
SHA256 1d48dd1b4dcf5e3e73bc04ab8420e3d0613d13ab1af6e1f2d36fe7f8928077a0
SHA512 c864b2474f1edbe547781b5636bfe363cdb4afa8e48e45983c25d1de653770920c34c5beb043750d4e7541a074afea7550ad7974dbfb65a4936bf7b27422431b

C:\Windows\System32\ZHKTRsD.exe

MD5 c95e7065681774c76070a7669535ec9d
SHA1 d2ae01ffccb5cf9d2e3f278ab9f153cc0e8aba28
SHA256 8f0bed4faf01b9e41bb1471f27db28cd1eff5eca7ae2b8742f9d9997de391600
SHA512 8e6e23e83b8d85b564f8766cb6699382200108e4f720161b3b217ebdd409e8836640c92aa211b64a13b52451a6cbd434aa7e871849c587d95b5426b60a3f9600

C:\Windows\System32\iLsEOta.exe

MD5 99a5a9e9ce34329d4b8c6174d350e15d
SHA1 8443603f39235c6b69d8ea179cafa503f3e7a8d2
SHA256 074e545f20272612ff338398c3381aa452c283129df97ca2fd6a5936a75c5f27
SHA512 6fad1bdf2d19108a775d884e5acdfedce26608c406d0d7f5a919b6952fe8d5eae25c677ccc9a1b34f91f6e52c673247db54fcc2e3005da26b9aa387d42e09e96

C:\Windows\System32\CqgaXGt.exe

MD5 f2dc38dc4312435e01dc16203d3c1369
SHA1 333806c80f83a649ae124e2b29fe865bed0c3f8c
SHA256 1d8b0a635abe7a2f5b1db126a3c5c2b8eea905bb94671da32b250a962a4d07b6
SHA512 32ee8c010cee08c3801ede3ba00af4f771672295dcbccb95fe9315fa131eedf84cd863da64344dcbc1872cdccab074c80b4e39a3f9938cc5d6329e80549b61c1

C:\Windows\System32\dBTUIcZ.exe

MD5 1ca8b323f593eb3e0716c34274243743
SHA1 2778a19cd751f501ab720765a7f43aeaa96da945
SHA256 7373aefbc6c666a6d5151854e62af2d05a298626fd28a7cd1ada2a86261ef14d
SHA512 053d77e1d292f4c047db7ba43e58203a90ba2f3d5b8907f31357cf20419494d5c9b7696cfa5e6fb3921867c7ae5b75f796dda7bb41ce0c6834f7dd5c1af1e5dd

C:\Windows\System32\HeeOFoJ.exe

MD5 c5db5bb6869914f92759d079c1bf1dc5
SHA1 604c62eeb65057fa6521a524fffadc6962307e51
SHA256 f262c817b0972d0eb4ba08cf7bca993d1a0552493fc82bb4a58c2a605a81c747
SHA512 2b494e6be1b06462047b052a1ef44af97ce450de07d50c928199f192e6be5a0980ca5a7dc6eda7518a2452ef7dc9c3cb1f484c72eb79526fd607853034f3b435

C:\Windows\System32\XphOEKK.exe

MD5 c401cff81342d7f2adad8115c55cf7c3
SHA1 f835e2f0134ac1cc9e7aa75b8e8ec38ea54b10bb
SHA256 65cae8aeec4db6ab3441a63e45cfdac54e4274ada9e56ce3facc6c64707afa41
SHA512 418af600a8b9d998166562dc8b5ba37eddbd22290bf2e59cfb17442481627f0e7a1fd9a5807c8e98cb4b004a37b60a57538866eef7c4eab46e407acb0ed6e8da

C:\Windows\System32\nnXTaxr.exe

MD5 2698ee4048597db7f6d9ec8c95fbe8f6
SHA1 6c0da336068567bcf7b49f9cca9b8dec2e259bd2
SHA256 763064a5045f42603cf25d27981dbbe01c0d1f8c373fd08cbe77b22d0baaab1e
SHA512 31ff53fcd1b21f9f260b983b6953f81aa4cceda344211771617f7207dfab9c5c6dd91bbe37f2b1d1eb1790629926bafc4e276a1feecb30bcc3c044f58e4a0bfb

C:\Windows\System32\VHCBCBB.exe

MD5 10dc0660649ed8670e4b606e83b00b50
SHA1 1fb856c08019ba089458e45f8683f381690bff19
SHA256 381f1dba27281076dfb0f52ca3cbf176c71dafd4e9a9f5cc46deaceb7e5a2828
SHA512 54f4d9b68b7485af20472207d0f92e9ececef316c6118aa5256083897483586751d7b2c98374e253f8edfdd104177f220a5d05d3c16d038f81106ee40423ebc1

C:\Windows\System32\pDbKIaA.exe

MD5 ad8135e1d3412613dfe75ba72d11faa2
SHA1 95bebb77c6f5d1ecdb55af0b8471d673564a9698
SHA256 88a1356264af9b3cbbf3cb395e714efde323f597536e7a7971cabfc8ff4b2676
SHA512 457c6ff3a5f1c86ed907f807e2fc5e4e48dedc7fb6d3aa7a00a533df9b2d8fe02f16c8acf2e95322021c5ba5552b9e7ec26f15d84977d1952bf375e566b2687f

C:\Windows\System32\tBkEihK.exe

MD5 76d5766c380e5a54a047fd6c9d033e70
SHA1 d233f88e1b5797db62f161a49ba777aa76762e2c
SHA256 0edaa65fbe6e6de26d334ba2fc6bbd9f7c8ed029628e3fee9c2a45b6316f73e7
SHA512 88a8fe1e16df376e1e402486d2020be85c799a4a89f4ecad1c4efe29dfbda1fd94897cb7c9e1b8a8d28686b87b8f377ba196c5cd91bef8c360d28556cd346b09

C:\Windows\System32\JxbIAlj.exe

MD5 35cf564cc0bc0ff1f7704194f56828d5
SHA1 cf7b71c68a882aa8326b000cff73a38d178f6bfa
SHA256 91b16dacf7f133aa8224cacd64fd587e7cb868305a0062ee6828a2a8b841329d
SHA512 2e4d355098648f44a5a5302c00e70425eb8496ceae284f798dd6f5293002338734e196ebf772507885b24ec6fcc685780e463befff93b601c9a4baffa82189cc

memory/1624-374-0x00007FF7B0DA0000-0x00007FF7B1191000-memory.dmp

memory/2264-376-0x00007FF7DDE90000-0x00007FF7DE281000-memory.dmp

memory/3944-375-0x00007FF6F23C0000-0x00007FF6F27B1000-memory.dmp

memory/4936-377-0x00007FF61FAF0000-0x00007FF61FEE1000-memory.dmp

memory/4324-378-0x00007FF783ED0000-0x00007FF7842C1000-memory.dmp

memory/2592-380-0x00007FF7EEF60000-0x00007FF7EF351000-memory.dmp

memory/4440-381-0x00007FF6F3480000-0x00007FF6F3871000-memory.dmp

memory/1068-382-0x00007FF7DE0D0000-0x00007FF7DE4C1000-memory.dmp

memory/2088-384-0x00007FF7056F0000-0x00007FF705AE1000-memory.dmp

memory/1072-383-0x00007FF6AEA40000-0x00007FF6AEE31000-memory.dmp

memory/2180-379-0x00007FF6BB910000-0x00007FF6BBD01000-memory.dmp

C:\Windows\System32\qfmFads.exe

MD5 9b8af4f45435729de3ab4d465eab7819
SHA1 530df58b667160c33acc1a27b78a537f6ea9b0fc
SHA256 58f57f21f90098fd8861333e9791f9fa9a0d773735d27fce42edbe03ca64a956
SHA512 eb08a02c16aab7f04acea42bd09e95b7a4050d856298de1f65f4516406aeb92ee839e9dbbf6d0a5bddaf9749d884857667e97d5ef84174a3a16671c63f0aa7e4

C:\Windows\System32\UhcnPZg.exe

MD5 557b9cd76220d332355466da889ded71
SHA1 8ed662cef436b7d36f62189df7e719f49cb5c4ea
SHA256 7b3e9bb073350f588e9f71135af1d634f9e35fafb41863ff89dcb774fb6125eb
SHA512 155c850a532f2760fc21693bc271e93328ec4540b2e3a8a65cd41159c76baa7da1e402329c68711865c0994c855ffad8cc58f475e54086cf3901b2109b464c98

C:\Windows\System32\FYnFFcq.exe

MD5 e6f3dfc81a75004b15eb2c9afff0622b
SHA1 9ba18c2abaa7a0281c501c7ef222690980693bff
SHA256 2ab75ab54370fb7ab0cf73039f7af12483866c33c2fc746f5860784a915e0ec3
SHA512 122af0a1ef64adb1659014dd51bea0c3a61271e805cc153eb82feece294d3ad5840daaa444e365419bc1459787876ffdd21e636688ebbea1310251f050c46f7c

C:\Windows\System32\AYIFugC.exe

MD5 f99a1798bbd0238e3820a4c194db8ed0
SHA1 f66d2615c4f29b9d9009fd76ea69b7c035a8bc91
SHA256 7db30b07e81c16bb4a5f35e5276c1c54ce60a849f3e324702a63f41ce7174b47
SHA512 1cf30a5286f3484eb144e400ef515be38a89c49547e0128dc14f40b5e7a29618fdc96d3613a2328ebbaa784fbcc1b2460a0dc4090a745998a3d4f9092314f7c3

memory/624-20-0x00007FF7E6A60000-0x00007FF7E6E51000-memory.dmp

memory/3144-17-0x00007FF7E8510000-0x00007FF7E8901000-memory.dmp

memory/3300-9-0x00007FF6C0F70000-0x00007FF6C1361000-memory.dmp

memory/1292-385-0x00007FF718C80000-0x00007FF719071000-memory.dmp

memory/1872-394-0x00007FF6C5C60000-0x00007FF6C6051000-memory.dmp

memory/1032-403-0x00007FF748840000-0x00007FF748C31000-memory.dmp

memory/2412-402-0x00007FF765290000-0x00007FF765681000-memory.dmp

memory/5084-397-0x00007FF7755F0000-0x00007FF7759E1000-memory.dmp

memory/4576-396-0x00007FF7461F0000-0x00007FF7465E1000-memory.dmp

memory/4964-413-0x00007FF61F890000-0x00007FF61FC81000-memory.dmp

memory/2032-410-0x00007FF61E2C0000-0x00007FF61E6B1000-memory.dmp

memory/4820-421-0x00007FF69CDA0000-0x00007FF69D191000-memory.dmp

memory/3300-1977-0x00007FF6C0F70000-0x00007FF6C1361000-memory.dmp

memory/624-1978-0x00007FF7E6A60000-0x00007FF7E6E51000-memory.dmp

memory/3300-1985-0x00007FF6C0F70000-0x00007FF6C1361000-memory.dmp

memory/3144-1983-0x00007FF7E8510000-0x00007FF7E8901000-memory.dmp

memory/624-1987-0x00007FF7E6A60000-0x00007FF7E6E51000-memory.dmp

memory/4820-1989-0x00007FF69CDA0000-0x00007FF69D191000-memory.dmp

memory/2900-1991-0x00007FF747580000-0x00007FF747971000-memory.dmp

memory/2264-1997-0x00007FF7DDE90000-0x00007FF7DE281000-memory.dmp

memory/2412-2023-0x00007FF765290000-0x00007FF765681000-memory.dmp

memory/4964-2029-0x00007FF61F890000-0x00007FF61FC81000-memory.dmp

memory/2032-2025-0x00007FF61E2C0000-0x00007FF61E6B1000-memory.dmp

memory/5084-2021-0x00007FF7755F0000-0x00007FF7759E1000-memory.dmp

memory/4576-2019-0x00007FF7461F0000-0x00007FF7465E1000-memory.dmp

memory/1872-2017-0x00007FF6C5C60000-0x00007FF6C6051000-memory.dmp

memory/1032-2027-0x00007FF748840000-0x00007FF748C31000-memory.dmp

memory/1292-2015-0x00007FF718C80000-0x00007FF719071000-memory.dmp

memory/2088-2013-0x00007FF7056F0000-0x00007FF705AE1000-memory.dmp

memory/1072-2009-0x00007FF6AEA40000-0x00007FF6AEE31000-memory.dmp

memory/4440-2007-0x00007FF6F3480000-0x00007FF6F3871000-memory.dmp

memory/2592-2005-0x00007FF7EEF60000-0x00007FF7EF351000-memory.dmp

memory/1068-2011-0x00007FF7DE0D0000-0x00007FF7DE4C1000-memory.dmp

memory/4936-1999-0x00007FF61FAF0000-0x00007FF61FEE1000-memory.dmp

memory/3944-1996-0x00007FF6F23C0000-0x00007FF6F27B1000-memory.dmp

memory/1624-1993-0x00007FF7B0DA0000-0x00007FF7B1191000-memory.dmp

memory/2180-2003-0x00007FF6BB910000-0x00007FF6BBD01000-memory.dmp

memory/4324-2001-0x00007FF783ED0000-0x00007FF7842C1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\92G8RFY9\microsoft.windows[1].xml

MD5 154014c190bcc3ee57ed7e94a2f5d4b9
SHA1 20848fea26d00af1a18c235031228444530ec9d4
SHA256 bcd046aa48862e2cc160ed1dc72283cfeeffce82c66d4aae555664ae3043ac53
SHA512 91c232d6bb42bebe9f998bae5e1a08d9ea0a8ed86ead98ab733fcf8170ecb100f3294ba378ac4b07ed7b8023760a20324145fcd3884d8848334de81a718d8be5