Malware Analysis Report

2025-01-06 15:32

Sample ID 240525-vrhyzaca42
Target 198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe
SHA256 fc0a834dfc999bf62abcd4f07f12805123aa193a68822bc0bfd20f110d5bc528
Tags
upx miner xmrig persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fc0a834dfc999bf62abcd4f07f12805123aa193a68822bc0bfd20f110d5bc528

Threat Level: Known bad

The file 198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig persistence

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Modifies Installed Components in the registry

UPX packed file

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in Windows directory

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Modifies registry class

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 17:13

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 17:13

Reported

2024-05-25 17:15

Platform

win7-20240508-en

Max time kernel

122s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zEjVEAs.exe N/A
N/A N/A C:\Windows\System\DByvoUs.exe N/A
N/A N/A C:\Windows\System\bJcOLEf.exe N/A
N/A N/A C:\Windows\System\LZflGhM.exe N/A
N/A N/A C:\Windows\System\THeSVIE.exe N/A
N/A N/A C:\Windows\System\sgyBNKw.exe N/A
N/A N/A C:\Windows\System\EeTFyaf.exe N/A
N/A N/A C:\Windows\System\PhccfOU.exe N/A
N/A N/A C:\Windows\System\RmwGfhY.exe N/A
N/A N/A C:\Windows\System\DqLOXkQ.exe N/A
N/A N/A C:\Windows\System\rBngRTz.exe N/A
N/A N/A C:\Windows\System\placfWH.exe N/A
N/A N/A C:\Windows\System\hoOiJDa.exe N/A
N/A N/A C:\Windows\System\UWPpqxd.exe N/A
N/A N/A C:\Windows\System\AVowsPl.exe N/A
N/A N/A C:\Windows\System\KiVndNT.exe N/A
N/A N/A C:\Windows\System\hADFwke.exe N/A
N/A N/A C:\Windows\System\EtOwhwM.exe N/A
N/A N/A C:\Windows\System\JWARPoE.exe N/A
N/A N/A C:\Windows\System\potfZhL.exe N/A
N/A N/A C:\Windows\System\KRHKTjO.exe N/A
N/A N/A C:\Windows\System\epjqtSV.exe N/A
N/A N/A C:\Windows\System\fqASwdQ.exe N/A
N/A N/A C:\Windows\System\QOUGmmg.exe N/A
N/A N/A C:\Windows\System\HHEzCSs.exe N/A
N/A N/A C:\Windows\System\KGcsnmj.exe N/A
N/A N/A C:\Windows\System\PDzOTiy.exe N/A
N/A N/A C:\Windows\System\SftGjDv.exe N/A
N/A N/A C:\Windows\System\huTPash.exe N/A
N/A N/A C:\Windows\System\XpjFpSy.exe N/A
N/A N/A C:\Windows\System\YArhFZm.exe N/A
N/A N/A C:\Windows\System\XrmqXsU.exe N/A
N/A N/A C:\Windows\System\KqnSDql.exe N/A
N/A N/A C:\Windows\System\DjdQzxT.exe N/A
N/A N/A C:\Windows\System\tkivxMX.exe N/A
N/A N/A C:\Windows\System\YHpNezb.exe N/A
N/A N/A C:\Windows\System\rLTedVl.exe N/A
N/A N/A C:\Windows\System\ZLfLWgh.exe N/A
N/A N/A C:\Windows\System\tQCzLjD.exe N/A
N/A N/A C:\Windows\System\cYmSpeg.exe N/A
N/A N/A C:\Windows\System\zZFhSwh.exe N/A
N/A N/A C:\Windows\System\jwOtyHf.exe N/A
N/A N/A C:\Windows\System\iTYTvuO.exe N/A
N/A N/A C:\Windows\System\sKQVjCU.exe N/A
N/A N/A C:\Windows\System\sADQnvw.exe N/A
N/A N/A C:\Windows\System\uzZZusp.exe N/A
N/A N/A C:\Windows\System\ViuxDLL.exe N/A
N/A N/A C:\Windows\System\MYaTeRL.exe N/A
N/A N/A C:\Windows\System\ZTHbvGF.exe N/A
N/A N/A C:\Windows\System\UeZFQfy.exe N/A
N/A N/A C:\Windows\System\UGwQxzL.exe N/A
N/A N/A C:\Windows\System\IJIUaUN.exe N/A
N/A N/A C:\Windows\System\lLcICXB.exe N/A
N/A N/A C:\Windows\System\HVoQdAr.exe N/A
N/A N/A C:\Windows\System\CEASuxS.exe N/A
N/A N/A C:\Windows\System\xQPYEsT.exe N/A
N/A N/A C:\Windows\System\EATbfNt.exe N/A
N/A N/A C:\Windows\System\JcazQPb.exe N/A
N/A N/A C:\Windows\System\AhfpfUJ.exe N/A
N/A N/A C:\Windows\System\SOmkaHI.exe N/A
N/A N/A C:\Windows\System\odOhUBe.exe N/A
N/A N/A C:\Windows\System\Klxsesg.exe N/A
N/A N/A C:\Windows\System\iSJaYEF.exe N/A
N/A N/A C:\Windows\System\lWrASYe.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\XrxMfbc.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\BRUCqxl.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\BRmmBEe.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\rmcUDCn.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\PuljhJq.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXTjxYl.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\QyFhSRq.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\GmHkpmL.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\oVXcufk.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\XKznVXB.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\IJnTcFY.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\BRzKVwd.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTvvgAH.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\lgAZOAp.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDIdXCC.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\vMiKAms.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\GGPGJGM.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\WsbWjtM.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\pQfDtXN.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\OFGFwLl.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQarNWw.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\zYlgAJE.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\pVOjCsL.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\kWISUoj.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\NGMPTpq.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnKwmKc.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\rONraeh.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbGKnNa.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\MDJmjCV.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\VonvTxt.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\OZyyfnM.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcniAjM.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxCovXI.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnMeaaJ.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\THeSVIE.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\KMzvdin.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\ycCBOxw.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\qptchSd.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\TutyPSV.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\FXMMiXT.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\QnhoxjR.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\zpglOhl.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUhrPPG.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyteosK.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\WgKptkk.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\SVgsoue.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\HVoQdAr.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\LYnInzL.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\qlEqWTE.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNSOByV.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\shSbLGF.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\ESaAbLU.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSIOMIs.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\hLbGXEy.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\gkSfsgo.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWrASYe.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhAFEbG.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\aFEwSro.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\TMvjDJa.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\QSPOwZI.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\ORvVYzV.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\vmVFLKk.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\xMMyZWt.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\lGjkLNG.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1700 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\zEjVEAs.exe
PID 1700 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\zEjVEAs.exe
PID 1700 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\zEjVEAs.exe
PID 1700 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\DByvoUs.exe
PID 1700 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\DByvoUs.exe
PID 1700 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\DByvoUs.exe
PID 1700 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\bJcOLEf.exe
PID 1700 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\bJcOLEf.exe
PID 1700 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\bJcOLEf.exe
PID 1700 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\LZflGhM.exe
PID 1700 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\LZflGhM.exe
PID 1700 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\LZflGhM.exe
PID 1700 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\THeSVIE.exe
PID 1700 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\THeSVIE.exe
PID 1700 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\THeSVIE.exe
PID 1700 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\sgyBNKw.exe
PID 1700 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\sgyBNKw.exe
PID 1700 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\sgyBNKw.exe
PID 1700 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\EeTFyaf.exe
PID 1700 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\EeTFyaf.exe
PID 1700 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\EeTFyaf.exe
PID 1700 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\PhccfOU.exe
PID 1700 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\PhccfOU.exe
PID 1700 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\PhccfOU.exe
PID 1700 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\RmwGfhY.exe
PID 1700 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\RmwGfhY.exe
PID 1700 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\RmwGfhY.exe
PID 1700 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\DqLOXkQ.exe
PID 1700 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\DqLOXkQ.exe
PID 1700 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\DqLOXkQ.exe
PID 1700 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\rBngRTz.exe
PID 1700 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\rBngRTz.exe
PID 1700 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\rBngRTz.exe
PID 1700 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\placfWH.exe
PID 1700 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\placfWH.exe
PID 1700 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\placfWH.exe
PID 1700 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\hoOiJDa.exe
PID 1700 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\hoOiJDa.exe
PID 1700 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\hoOiJDa.exe
PID 1700 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\UWPpqxd.exe
PID 1700 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\UWPpqxd.exe
PID 1700 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\UWPpqxd.exe
PID 1700 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\AVowsPl.exe
PID 1700 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\AVowsPl.exe
PID 1700 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\AVowsPl.exe
PID 1700 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\KiVndNT.exe
PID 1700 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\KiVndNT.exe
PID 1700 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\KiVndNT.exe
PID 1700 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\hADFwke.exe
PID 1700 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\hADFwke.exe
PID 1700 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\hADFwke.exe
PID 1700 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\EtOwhwM.exe
PID 1700 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\EtOwhwM.exe
PID 1700 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\EtOwhwM.exe
PID 1700 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\JWARPoE.exe
PID 1700 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\JWARPoE.exe
PID 1700 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\JWARPoE.exe
PID 1700 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\potfZhL.exe
PID 1700 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\potfZhL.exe
PID 1700 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\potfZhL.exe
PID 1700 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\KRHKTjO.exe
PID 1700 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\KRHKTjO.exe
PID 1700 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\KRHKTjO.exe
PID 1700 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\epjqtSV.exe

Processes

C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe"

C:\Windows\System\zEjVEAs.exe

C:\Windows\System\zEjVEAs.exe

C:\Windows\System\DByvoUs.exe

C:\Windows\System\DByvoUs.exe

C:\Windows\System\bJcOLEf.exe

C:\Windows\System\bJcOLEf.exe

C:\Windows\System\LZflGhM.exe

C:\Windows\System\LZflGhM.exe

C:\Windows\System\THeSVIE.exe

C:\Windows\System\THeSVIE.exe

C:\Windows\System\sgyBNKw.exe

C:\Windows\System\sgyBNKw.exe

C:\Windows\System\EeTFyaf.exe

C:\Windows\System\EeTFyaf.exe

C:\Windows\System\PhccfOU.exe

C:\Windows\System\PhccfOU.exe

C:\Windows\System\RmwGfhY.exe

C:\Windows\System\RmwGfhY.exe

C:\Windows\System\DqLOXkQ.exe

C:\Windows\System\DqLOXkQ.exe

C:\Windows\System\rBngRTz.exe

C:\Windows\System\rBngRTz.exe

C:\Windows\System\placfWH.exe

C:\Windows\System\placfWH.exe

C:\Windows\System\hoOiJDa.exe

C:\Windows\System\hoOiJDa.exe

C:\Windows\System\UWPpqxd.exe

C:\Windows\System\UWPpqxd.exe

C:\Windows\System\AVowsPl.exe

C:\Windows\System\AVowsPl.exe

C:\Windows\System\KiVndNT.exe

C:\Windows\System\KiVndNT.exe

C:\Windows\System\hADFwke.exe

C:\Windows\System\hADFwke.exe

C:\Windows\System\EtOwhwM.exe

C:\Windows\System\EtOwhwM.exe

C:\Windows\System\JWARPoE.exe

C:\Windows\System\JWARPoE.exe

C:\Windows\System\potfZhL.exe

C:\Windows\System\potfZhL.exe

C:\Windows\System\KRHKTjO.exe

C:\Windows\System\KRHKTjO.exe

C:\Windows\System\epjqtSV.exe

C:\Windows\System\epjqtSV.exe

C:\Windows\System\fqASwdQ.exe

C:\Windows\System\fqASwdQ.exe

C:\Windows\System\QOUGmmg.exe

C:\Windows\System\QOUGmmg.exe

C:\Windows\System\HHEzCSs.exe

C:\Windows\System\HHEzCSs.exe

C:\Windows\System\KGcsnmj.exe

C:\Windows\System\KGcsnmj.exe

C:\Windows\System\PDzOTiy.exe

C:\Windows\System\PDzOTiy.exe

C:\Windows\System\SftGjDv.exe

C:\Windows\System\SftGjDv.exe

C:\Windows\System\huTPash.exe

C:\Windows\System\huTPash.exe

C:\Windows\System\XpjFpSy.exe

C:\Windows\System\XpjFpSy.exe

C:\Windows\System\YArhFZm.exe

C:\Windows\System\YArhFZm.exe

C:\Windows\System\XrmqXsU.exe

C:\Windows\System\XrmqXsU.exe

C:\Windows\System\KqnSDql.exe

C:\Windows\System\KqnSDql.exe

C:\Windows\System\DjdQzxT.exe

C:\Windows\System\DjdQzxT.exe

C:\Windows\System\tkivxMX.exe

C:\Windows\System\tkivxMX.exe

C:\Windows\System\YHpNezb.exe

C:\Windows\System\YHpNezb.exe

C:\Windows\System\rLTedVl.exe

C:\Windows\System\rLTedVl.exe

C:\Windows\System\ZLfLWgh.exe

C:\Windows\System\ZLfLWgh.exe

C:\Windows\System\tQCzLjD.exe

C:\Windows\System\tQCzLjD.exe

C:\Windows\System\cYmSpeg.exe

C:\Windows\System\cYmSpeg.exe

C:\Windows\System\zZFhSwh.exe

C:\Windows\System\zZFhSwh.exe

C:\Windows\System\jwOtyHf.exe

C:\Windows\System\jwOtyHf.exe

C:\Windows\System\iTYTvuO.exe

C:\Windows\System\iTYTvuO.exe

C:\Windows\System\sKQVjCU.exe

C:\Windows\System\sKQVjCU.exe

C:\Windows\System\sADQnvw.exe

C:\Windows\System\sADQnvw.exe

C:\Windows\System\uzZZusp.exe

C:\Windows\System\uzZZusp.exe

C:\Windows\System\ViuxDLL.exe

C:\Windows\System\ViuxDLL.exe

C:\Windows\System\MYaTeRL.exe

C:\Windows\System\MYaTeRL.exe

C:\Windows\System\ZTHbvGF.exe

C:\Windows\System\ZTHbvGF.exe

C:\Windows\System\UeZFQfy.exe

C:\Windows\System\UeZFQfy.exe

C:\Windows\System\UGwQxzL.exe

C:\Windows\System\UGwQxzL.exe

C:\Windows\System\IJIUaUN.exe

C:\Windows\System\IJIUaUN.exe

C:\Windows\System\lLcICXB.exe

C:\Windows\System\lLcICXB.exe

C:\Windows\System\HVoQdAr.exe

C:\Windows\System\HVoQdAr.exe

C:\Windows\System\CEASuxS.exe

C:\Windows\System\CEASuxS.exe

C:\Windows\System\xQPYEsT.exe

C:\Windows\System\xQPYEsT.exe

C:\Windows\System\EATbfNt.exe

C:\Windows\System\EATbfNt.exe

C:\Windows\System\JcazQPb.exe

C:\Windows\System\JcazQPb.exe

C:\Windows\System\AhfpfUJ.exe

C:\Windows\System\AhfpfUJ.exe

C:\Windows\System\SOmkaHI.exe

C:\Windows\System\SOmkaHI.exe

C:\Windows\System\odOhUBe.exe

C:\Windows\System\odOhUBe.exe

C:\Windows\System\Klxsesg.exe

C:\Windows\System\Klxsesg.exe

C:\Windows\System\iSJaYEF.exe

C:\Windows\System\iSJaYEF.exe

C:\Windows\System\lWrASYe.exe

C:\Windows\System\lWrASYe.exe

C:\Windows\System\vLkhnGG.exe

C:\Windows\System\vLkhnGG.exe

C:\Windows\System\BRzKVwd.exe

C:\Windows\System\BRzKVwd.exe

C:\Windows\System\AQAevVp.exe

C:\Windows\System\AQAevVp.exe

C:\Windows\System\MeseiKZ.exe

C:\Windows\System\MeseiKZ.exe

C:\Windows\System\vbdKTpX.exe

C:\Windows\System\vbdKTpX.exe

C:\Windows\System\oQtiLKq.exe

C:\Windows\System\oQtiLKq.exe

C:\Windows\System\koFQtEq.exe

C:\Windows\System\koFQtEq.exe

C:\Windows\System\IdFrGuB.exe

C:\Windows\System\IdFrGuB.exe

C:\Windows\System\kFEiPMj.exe

C:\Windows\System\kFEiPMj.exe

C:\Windows\System\evstxIp.exe

C:\Windows\System\evstxIp.exe

C:\Windows\System\FbGKnNa.exe

C:\Windows\System\FbGKnNa.exe

C:\Windows\System\uKiLHBM.exe

C:\Windows\System\uKiLHBM.exe

C:\Windows\System\sXTjxYl.exe

C:\Windows\System\sXTjxYl.exe

C:\Windows\System\swkUMtS.exe

C:\Windows\System\swkUMtS.exe

C:\Windows\System\sgHdCxG.exe

C:\Windows\System\sgHdCxG.exe

C:\Windows\System\pyLNajC.exe

C:\Windows\System\pyLNajC.exe

C:\Windows\System\qZqcdHN.exe

C:\Windows\System\qZqcdHN.exe

C:\Windows\System\QSPOwZI.exe

C:\Windows\System\QSPOwZI.exe

C:\Windows\System\fMJGhtj.exe

C:\Windows\System\fMJGhtj.exe

C:\Windows\System\ffiQKVH.exe

C:\Windows\System\ffiQKVH.exe

C:\Windows\System\mlypNQz.exe

C:\Windows\System\mlypNQz.exe

C:\Windows\System\xKEdVMr.exe

C:\Windows\System\xKEdVMr.exe

C:\Windows\System\ouBIGdw.exe

C:\Windows\System\ouBIGdw.exe

C:\Windows\System\jOFzKfH.exe

C:\Windows\System\jOFzKfH.exe

C:\Windows\System\jkDidIc.exe

C:\Windows\System\jkDidIc.exe

C:\Windows\System\xFmCfcI.exe

C:\Windows\System\xFmCfcI.exe

C:\Windows\System\sLUXYTA.exe

C:\Windows\System\sLUXYTA.exe

C:\Windows\System\NGMPTpq.exe

C:\Windows\System\NGMPTpq.exe

C:\Windows\System\aOebjSL.exe

C:\Windows\System\aOebjSL.exe

C:\Windows\System\HhnbqNx.exe

C:\Windows\System\HhnbqNx.exe

C:\Windows\System\XcAUdcD.exe

C:\Windows\System\XcAUdcD.exe

C:\Windows\System\AgcmEDR.exe

C:\Windows\System\AgcmEDR.exe

C:\Windows\System\gFCNkZr.exe

C:\Windows\System\gFCNkZr.exe

C:\Windows\System\ALVyIWY.exe

C:\Windows\System\ALVyIWY.exe

C:\Windows\System\ccFKojF.exe

C:\Windows\System\ccFKojF.exe

C:\Windows\System\yvlQAIn.exe

C:\Windows\System\yvlQAIn.exe

C:\Windows\System\zuvjRBC.exe

C:\Windows\System\zuvjRBC.exe

C:\Windows\System\VmYuilm.exe

C:\Windows\System\VmYuilm.exe

C:\Windows\System\JvxaWwT.exe

C:\Windows\System\JvxaWwT.exe

C:\Windows\System\zoWzgTd.exe

C:\Windows\System\zoWzgTd.exe

C:\Windows\System\FRFtmKR.exe

C:\Windows\System\FRFtmKR.exe

C:\Windows\System\KnHYeGa.exe

C:\Windows\System\KnHYeGa.exe

C:\Windows\System\cDLqvLP.exe

C:\Windows\System\cDLqvLP.exe

C:\Windows\System\VtcIwwq.exe

C:\Windows\System\VtcIwwq.exe

C:\Windows\System\Fqborhv.exe

C:\Windows\System\Fqborhv.exe

C:\Windows\System\yzVdMwj.exe

C:\Windows\System\yzVdMwj.exe

C:\Windows\System\jUnLPQW.exe

C:\Windows\System\jUnLPQW.exe

C:\Windows\System\ACNagjc.exe

C:\Windows\System\ACNagjc.exe

C:\Windows\System\XjgzDOL.exe

C:\Windows\System\XjgzDOL.exe

C:\Windows\System\XjuhOWB.exe

C:\Windows\System\XjuhOWB.exe

C:\Windows\System\gAdknRG.exe

C:\Windows\System\gAdknRG.exe

C:\Windows\System\brnvlkM.exe

C:\Windows\System\brnvlkM.exe

C:\Windows\System\OJELZnc.exe

C:\Windows\System\OJELZnc.exe

C:\Windows\System\TdftAqB.exe

C:\Windows\System\TdftAqB.exe

C:\Windows\System\HJlAIjn.exe

C:\Windows\System\HJlAIjn.exe

C:\Windows\System\CNDUjTm.exe

C:\Windows\System\CNDUjTm.exe

C:\Windows\System\HCCqPRm.exe

C:\Windows\System\HCCqPRm.exe

C:\Windows\System\wCpGBoj.exe

C:\Windows\System\wCpGBoj.exe

C:\Windows\System\FHVLFUu.exe

C:\Windows\System\FHVLFUu.exe

C:\Windows\System\zHEpuLI.exe

C:\Windows\System\zHEpuLI.exe

C:\Windows\System\MlnMVxY.exe

C:\Windows\System\MlnMVxY.exe

C:\Windows\System\ebxGHNg.exe

C:\Windows\System\ebxGHNg.exe

C:\Windows\System\LxRXnnt.exe

C:\Windows\System\LxRXnnt.exe

C:\Windows\System\ipmcQCJ.exe

C:\Windows\System\ipmcQCJ.exe

C:\Windows\System\jallXwX.exe

C:\Windows\System\jallXwX.exe

C:\Windows\System\shSbLGF.exe

C:\Windows\System\shSbLGF.exe

C:\Windows\System\OIdQBZn.exe

C:\Windows\System\OIdQBZn.exe

C:\Windows\System\jpaXgvF.exe

C:\Windows\System\jpaXgvF.exe

C:\Windows\System\rIvVIMu.exe

C:\Windows\System\rIvVIMu.exe

C:\Windows\System\ODomOvS.exe

C:\Windows\System\ODomOvS.exe

C:\Windows\System\rRMbBXm.exe

C:\Windows\System\rRMbBXm.exe

C:\Windows\System\GhongsV.exe

C:\Windows\System\GhongsV.exe

C:\Windows\System\uuLKoww.exe

C:\Windows\System\uuLKoww.exe

C:\Windows\System\aUviKGy.exe

C:\Windows\System\aUviKGy.exe

C:\Windows\System\nCvNJGh.exe

C:\Windows\System\nCvNJGh.exe

C:\Windows\System\XOycBBD.exe

C:\Windows\System\XOycBBD.exe

C:\Windows\System\MGTuZnn.exe

C:\Windows\System\MGTuZnn.exe

C:\Windows\System\TJdPKfF.exe

C:\Windows\System\TJdPKfF.exe

C:\Windows\System\euGVIvx.exe

C:\Windows\System\euGVIvx.exe

C:\Windows\System\ZjchmZJ.exe

C:\Windows\System\ZjchmZJ.exe

C:\Windows\System\hUVqgbv.exe

C:\Windows\System\hUVqgbv.exe

C:\Windows\System\ujiRKFf.exe

C:\Windows\System\ujiRKFf.exe

C:\Windows\System\dXhVqQq.exe

C:\Windows\System\dXhVqQq.exe

C:\Windows\System\QFYpEeJ.exe

C:\Windows\System\QFYpEeJ.exe

C:\Windows\System\AfSFaso.exe

C:\Windows\System\AfSFaso.exe

C:\Windows\System\LBZTCSk.exe

C:\Windows\System\LBZTCSk.exe

C:\Windows\System\swreBSO.exe

C:\Windows\System\swreBSO.exe

C:\Windows\System\vslGNzr.exe

C:\Windows\System\vslGNzr.exe

C:\Windows\System\NTJNtOG.exe

C:\Windows\System\NTJNtOG.exe

C:\Windows\System\oxaLKpq.exe

C:\Windows\System\oxaLKpq.exe

C:\Windows\System\lQuiDKr.exe

C:\Windows\System\lQuiDKr.exe

C:\Windows\System\CQjsgbC.exe

C:\Windows\System\CQjsgbC.exe

C:\Windows\System\EmGcATl.exe

C:\Windows\System\EmGcATl.exe

C:\Windows\System\PrjJQtV.exe

C:\Windows\System\PrjJQtV.exe

C:\Windows\System\ieuCinX.exe

C:\Windows\System\ieuCinX.exe

C:\Windows\System\NxsnwBi.exe

C:\Windows\System\NxsnwBi.exe

C:\Windows\System\ifILvYP.exe

C:\Windows\System\ifILvYP.exe

C:\Windows\System\dAfdFiU.exe

C:\Windows\System\dAfdFiU.exe

C:\Windows\System\xERTSDf.exe

C:\Windows\System\xERTSDf.exe

C:\Windows\System\jmAzMyW.exe

C:\Windows\System\jmAzMyW.exe

C:\Windows\System\AdBTXbH.exe

C:\Windows\System\AdBTXbH.exe

C:\Windows\System\hgJULmd.exe

C:\Windows\System\hgJULmd.exe

C:\Windows\System\wlXtXxp.exe

C:\Windows\System\wlXtXxp.exe

C:\Windows\System\jMQfWPV.exe

C:\Windows\System\jMQfWPV.exe

C:\Windows\System\KwEJIYD.exe

C:\Windows\System\KwEJIYD.exe

C:\Windows\System\jHfmIDC.exe

C:\Windows\System\jHfmIDC.exe

C:\Windows\System\fcyaDrg.exe

C:\Windows\System\fcyaDrg.exe

C:\Windows\System\lqIZuia.exe

C:\Windows\System\lqIZuia.exe

C:\Windows\System\wVSyTRy.exe

C:\Windows\System\wVSyTRy.exe

C:\Windows\System\YFCHrPj.exe

C:\Windows\System\YFCHrPj.exe

C:\Windows\System\nRIiFHA.exe

C:\Windows\System\nRIiFHA.exe

C:\Windows\System\EyTCWMu.exe

C:\Windows\System\EyTCWMu.exe

C:\Windows\System\MKJbQiw.exe

C:\Windows\System\MKJbQiw.exe

C:\Windows\System\DhYXHnJ.exe

C:\Windows\System\DhYXHnJ.exe

C:\Windows\System\OcANXVa.exe

C:\Windows\System\OcANXVa.exe

C:\Windows\System\atXCZpN.exe

C:\Windows\System\atXCZpN.exe

C:\Windows\System\YhGATGP.exe

C:\Windows\System\YhGATGP.exe

C:\Windows\System\vQWZgks.exe

C:\Windows\System\vQWZgks.exe

C:\Windows\System\WwzuEGa.exe

C:\Windows\System\WwzuEGa.exe

C:\Windows\System\BqGZaUq.exe

C:\Windows\System\BqGZaUq.exe

C:\Windows\System\tntwMtV.exe

C:\Windows\System\tntwMtV.exe

C:\Windows\System\AYunWAi.exe

C:\Windows\System\AYunWAi.exe

C:\Windows\System\QGobiij.exe

C:\Windows\System\QGobiij.exe

C:\Windows\System\ItDJQAx.exe

C:\Windows\System\ItDJQAx.exe

C:\Windows\System\gpTwlbu.exe

C:\Windows\System\gpTwlbu.exe

C:\Windows\System\JCtfOjq.exe

C:\Windows\System\JCtfOjq.exe

C:\Windows\System\LLEzyeo.exe

C:\Windows\System\LLEzyeo.exe

C:\Windows\System\gIkaiQR.exe

C:\Windows\System\gIkaiQR.exe

C:\Windows\System\OTBZEze.exe

C:\Windows\System\OTBZEze.exe

C:\Windows\System\IyLFHjt.exe

C:\Windows\System\IyLFHjt.exe

C:\Windows\System\eURcWXJ.exe

C:\Windows\System\eURcWXJ.exe

C:\Windows\System\WDAvWJm.exe

C:\Windows\System\WDAvWJm.exe

C:\Windows\System\BWypZSV.exe

C:\Windows\System\BWypZSV.exe

C:\Windows\System\DpLumhQ.exe

C:\Windows\System\DpLumhQ.exe

C:\Windows\System\qwrqKaR.exe

C:\Windows\System\qwrqKaR.exe

C:\Windows\System\QyFhSRq.exe

C:\Windows\System\QyFhSRq.exe

C:\Windows\System\KnvqCNP.exe

C:\Windows\System\KnvqCNP.exe

C:\Windows\System\vCgkLyc.exe

C:\Windows\System\vCgkLyc.exe

C:\Windows\System\zRmvThQ.exe

C:\Windows\System\zRmvThQ.exe

C:\Windows\System\OkymYGc.exe

C:\Windows\System\OkymYGc.exe

C:\Windows\System\ZRpPgRW.exe

C:\Windows\System\ZRpPgRW.exe

C:\Windows\System\RdSGCZq.exe

C:\Windows\System\RdSGCZq.exe

C:\Windows\System\YemVcVu.exe

C:\Windows\System\YemVcVu.exe

C:\Windows\System\CBDGmNN.exe

C:\Windows\System\CBDGmNN.exe

C:\Windows\System\sqkjLTS.exe

C:\Windows\System\sqkjLTS.exe

C:\Windows\System\cRAqHAW.exe

C:\Windows\System\cRAqHAW.exe

C:\Windows\System\dGcZiJN.exe

C:\Windows\System\dGcZiJN.exe

C:\Windows\System\lqiJizi.exe

C:\Windows\System\lqiJizi.exe

C:\Windows\System\HYROyih.exe

C:\Windows\System\HYROyih.exe

C:\Windows\System\ssaRkRH.exe

C:\Windows\System\ssaRkRH.exe

C:\Windows\System\cVhYxfP.exe

C:\Windows\System\cVhYxfP.exe

C:\Windows\System\wOXqHFn.exe

C:\Windows\System\wOXqHFn.exe

C:\Windows\System\fhEgLYn.exe

C:\Windows\System\fhEgLYn.exe

C:\Windows\System\ERBgkQE.exe

C:\Windows\System\ERBgkQE.exe

C:\Windows\System\BJDuiIS.exe

C:\Windows\System\BJDuiIS.exe

C:\Windows\System\GYyNmup.exe

C:\Windows\System\GYyNmup.exe

C:\Windows\System\MuNbPiP.exe

C:\Windows\System\MuNbPiP.exe

C:\Windows\System\WsbWjtM.exe

C:\Windows\System\WsbWjtM.exe

C:\Windows\System\IXzAsqo.exe

C:\Windows\System\IXzAsqo.exe

C:\Windows\System\EDaWDOA.exe

C:\Windows\System\EDaWDOA.exe

C:\Windows\System\uzvkOvl.exe

C:\Windows\System\uzvkOvl.exe

C:\Windows\System\AlffgFo.exe

C:\Windows\System\AlffgFo.exe

C:\Windows\System\DsIabjl.exe

C:\Windows\System\DsIabjl.exe

C:\Windows\System\TfoZlMe.exe

C:\Windows\System\TfoZlMe.exe

C:\Windows\System\mFGYlYM.exe

C:\Windows\System\mFGYlYM.exe

C:\Windows\System\oVCJmke.exe

C:\Windows\System\oVCJmke.exe

C:\Windows\System\myCvVqB.exe

C:\Windows\System\myCvVqB.exe

C:\Windows\System\hhcTvVW.exe

C:\Windows\System\hhcTvVW.exe

C:\Windows\System\eKsgirT.exe

C:\Windows\System\eKsgirT.exe

C:\Windows\System\lLpRqbB.exe

C:\Windows\System\lLpRqbB.exe

C:\Windows\System\zBKIBOh.exe

C:\Windows\System\zBKIBOh.exe

C:\Windows\System\pGEXCJs.exe

C:\Windows\System\pGEXCJs.exe

C:\Windows\System\TBrNFhB.exe

C:\Windows\System\TBrNFhB.exe

C:\Windows\System\qqjiLAW.exe

C:\Windows\System\qqjiLAW.exe

C:\Windows\System\PJWAvWQ.exe

C:\Windows\System\PJWAvWQ.exe

C:\Windows\System\uKbVqPn.exe

C:\Windows\System\uKbVqPn.exe

C:\Windows\System\ZvGbiim.exe

C:\Windows\System\ZvGbiim.exe

C:\Windows\System\YXJXIvQ.exe

C:\Windows\System\YXJXIvQ.exe

C:\Windows\System\cXtAvEZ.exe

C:\Windows\System\cXtAvEZ.exe

C:\Windows\System\oRnkDyc.exe

C:\Windows\System\oRnkDyc.exe

C:\Windows\System\wtqGhoa.exe

C:\Windows\System\wtqGhoa.exe

C:\Windows\System\mZGEYsC.exe

C:\Windows\System\mZGEYsC.exe

C:\Windows\System\xysvtOY.exe

C:\Windows\System\xysvtOY.exe

C:\Windows\System\IRnIgYS.exe

C:\Windows\System\IRnIgYS.exe

C:\Windows\System\iuHXemD.exe

C:\Windows\System\iuHXemD.exe

C:\Windows\System\ZmKaNrG.exe

C:\Windows\System\ZmKaNrG.exe

C:\Windows\System\ESaAbLU.exe

C:\Windows\System\ESaAbLU.exe

C:\Windows\System\wHjuHBB.exe

C:\Windows\System\wHjuHBB.exe

C:\Windows\System\uWUywIs.exe

C:\Windows\System\uWUywIs.exe

C:\Windows\System\URZxFWh.exe

C:\Windows\System\URZxFWh.exe

C:\Windows\System\bXDLvic.exe

C:\Windows\System\bXDLvic.exe

C:\Windows\System\fVbeaoM.exe

C:\Windows\System\fVbeaoM.exe

C:\Windows\System\NvOAyfD.exe

C:\Windows\System\NvOAyfD.exe

C:\Windows\System\FIKNezm.exe

C:\Windows\System\FIKNezm.exe

C:\Windows\System\qtSlTHM.exe

C:\Windows\System\qtSlTHM.exe

C:\Windows\System\XrujKrK.exe

C:\Windows\System\XrujKrK.exe

C:\Windows\System\fUAvQiA.exe

C:\Windows\System\fUAvQiA.exe

C:\Windows\System\IJTeros.exe

C:\Windows\System\IJTeros.exe

C:\Windows\System\vCRowGS.exe

C:\Windows\System\vCRowGS.exe

C:\Windows\System\IjApesX.exe

C:\Windows\System\IjApesX.exe

C:\Windows\System\qCfVVao.exe

C:\Windows\System\qCfVVao.exe

C:\Windows\System\FxvJqiq.exe

C:\Windows\System\FxvJqiq.exe

C:\Windows\System\EsExXTf.exe

C:\Windows\System\EsExXTf.exe

C:\Windows\System\xlaHAIH.exe

C:\Windows\System\xlaHAIH.exe

C:\Windows\System\vtdBWlB.exe

C:\Windows\System\vtdBWlB.exe

C:\Windows\System\uvDQLsW.exe

C:\Windows\System\uvDQLsW.exe

C:\Windows\System\itBliEB.exe

C:\Windows\System\itBliEB.exe

C:\Windows\System\QvXxAjs.exe

C:\Windows\System\QvXxAjs.exe

C:\Windows\System\yiXJkMc.exe

C:\Windows\System\yiXJkMc.exe

C:\Windows\System\Aocsbla.exe

C:\Windows\System\Aocsbla.exe

C:\Windows\System\yaovKWF.exe

C:\Windows\System\yaovKWF.exe

C:\Windows\System\cdDBKEI.exe

C:\Windows\System\cdDBKEI.exe

C:\Windows\System\LHvxpTW.exe

C:\Windows\System\LHvxpTW.exe

C:\Windows\System\EEwCwkj.exe

C:\Windows\System\EEwCwkj.exe

C:\Windows\System\GZSoTFV.exe

C:\Windows\System\GZSoTFV.exe

C:\Windows\System\GMacdPb.exe

C:\Windows\System\GMacdPb.exe

C:\Windows\System\jOfaZre.exe

C:\Windows\System\jOfaZre.exe

C:\Windows\System\aeeEhit.exe

C:\Windows\System\aeeEhit.exe

C:\Windows\System\tDepMdt.exe

C:\Windows\System\tDepMdt.exe

C:\Windows\System\OrJZJyq.exe

C:\Windows\System\OrJZJyq.exe

C:\Windows\System\MUBoSEx.exe

C:\Windows\System\MUBoSEx.exe

C:\Windows\System\nMXrXaJ.exe

C:\Windows\System\nMXrXaJ.exe

C:\Windows\System\dnVCkLk.exe

C:\Windows\System\dnVCkLk.exe

C:\Windows\System\nlqutRh.exe

C:\Windows\System\nlqutRh.exe

C:\Windows\System\OWbePrt.exe

C:\Windows\System\OWbePrt.exe

C:\Windows\System\MDJmjCV.exe

C:\Windows\System\MDJmjCV.exe

C:\Windows\System\eeFGLVs.exe

C:\Windows\System\eeFGLVs.exe

C:\Windows\System\ibsHczV.exe

C:\Windows\System\ibsHczV.exe

C:\Windows\System\pKUyqwG.exe

C:\Windows\System\pKUyqwG.exe

C:\Windows\System\SEAXNLa.exe

C:\Windows\System\SEAXNLa.exe

C:\Windows\System\DhBZDAX.exe

C:\Windows\System\DhBZDAX.exe

C:\Windows\System\HzGSjur.exe

C:\Windows\System\HzGSjur.exe

C:\Windows\System\WicbaKd.exe

C:\Windows\System\WicbaKd.exe

C:\Windows\System\gcSmjmx.exe

C:\Windows\System\gcSmjmx.exe

C:\Windows\System\FLoDXTW.exe

C:\Windows\System\FLoDXTW.exe

C:\Windows\System\rYsUadh.exe

C:\Windows\System\rYsUadh.exe

C:\Windows\System\QOHCPCM.exe

C:\Windows\System\QOHCPCM.exe

C:\Windows\System\OpsQFhu.exe

C:\Windows\System\OpsQFhu.exe

C:\Windows\System\ZbcVTtG.exe

C:\Windows\System\ZbcVTtG.exe

C:\Windows\System\deFNmVV.exe

C:\Windows\System\deFNmVV.exe

C:\Windows\System\gHjWNQj.exe

C:\Windows\System\gHjWNQj.exe

C:\Windows\System\GmUQoKc.exe

C:\Windows\System\GmUQoKc.exe

C:\Windows\System\nIEAaSM.exe

C:\Windows\System\nIEAaSM.exe

C:\Windows\System\JPPJZdV.exe

C:\Windows\System\JPPJZdV.exe

C:\Windows\System\QGkuGsh.exe

C:\Windows\System\QGkuGsh.exe

C:\Windows\System\IZtXWHq.exe

C:\Windows\System\IZtXWHq.exe

C:\Windows\System\rTiATKs.exe

C:\Windows\System\rTiATKs.exe

C:\Windows\System\FkqFhqG.exe

C:\Windows\System\FkqFhqG.exe

C:\Windows\System\aUqotEv.exe

C:\Windows\System\aUqotEv.exe

C:\Windows\System\jqEWcwO.exe

C:\Windows\System\jqEWcwO.exe

C:\Windows\System\EyKvWLu.exe

C:\Windows\System\EyKvWLu.exe

C:\Windows\System\bzSeenn.exe

C:\Windows\System\bzSeenn.exe

C:\Windows\System\BnAtqYS.exe

C:\Windows\System\BnAtqYS.exe

C:\Windows\System\lyRGeBj.exe

C:\Windows\System\lyRGeBj.exe

C:\Windows\System\VKruFHL.exe

C:\Windows\System\VKruFHL.exe

C:\Windows\System\UJMTGKY.exe

C:\Windows\System\UJMTGKY.exe

C:\Windows\System\GqgoBvi.exe

C:\Windows\System\GqgoBvi.exe

C:\Windows\System\MuUvgxq.exe

C:\Windows\System\MuUvgxq.exe

C:\Windows\System\AyaofnK.exe

C:\Windows\System\AyaofnK.exe

C:\Windows\System\AjIzbns.exe

C:\Windows\System\AjIzbns.exe

C:\Windows\System\zLcSvhU.exe

C:\Windows\System\zLcSvhU.exe

C:\Windows\System\HPaxZPj.exe

C:\Windows\System\HPaxZPj.exe

C:\Windows\System\wTQZnua.exe

C:\Windows\System\wTQZnua.exe

C:\Windows\System\ipmOybk.exe

C:\Windows\System\ipmOybk.exe

C:\Windows\System\JPbsdrH.exe

C:\Windows\System\JPbsdrH.exe

C:\Windows\System\oBhGpbU.exe

C:\Windows\System\oBhGpbU.exe

C:\Windows\System\qhzKyrL.exe

C:\Windows\System\qhzKyrL.exe

C:\Windows\System\ztqstWp.exe

C:\Windows\System\ztqstWp.exe

C:\Windows\System\eCDBfMR.exe

C:\Windows\System\eCDBfMR.exe

C:\Windows\System\SQoKhvj.exe

C:\Windows\System\SQoKhvj.exe

C:\Windows\System\WHZFUsq.exe

C:\Windows\System\WHZFUsq.exe

C:\Windows\System\wiqWlRI.exe

C:\Windows\System\wiqWlRI.exe

C:\Windows\System\bZCSlVY.exe

C:\Windows\System\bZCSlVY.exe

C:\Windows\System\gzxAiZy.exe

C:\Windows\System\gzxAiZy.exe

C:\Windows\System\ITeGYxs.exe

C:\Windows\System\ITeGYxs.exe

C:\Windows\System\XrxMfbc.exe

C:\Windows\System\XrxMfbc.exe

C:\Windows\System\MWWCTHA.exe

C:\Windows\System\MWWCTHA.exe

C:\Windows\System\gQNXspG.exe

C:\Windows\System\gQNXspG.exe

C:\Windows\System\nfsxCMK.exe

C:\Windows\System\nfsxCMK.exe

C:\Windows\System\ijskFSn.exe

C:\Windows\System\ijskFSn.exe

C:\Windows\System\vRKjZne.exe

C:\Windows\System\vRKjZne.exe

C:\Windows\System\IExNaiP.exe

C:\Windows\System\IExNaiP.exe

C:\Windows\System\iKnsJMN.exe

C:\Windows\System\iKnsJMN.exe

C:\Windows\System\lQggGGx.exe

C:\Windows\System\lQggGGx.exe

C:\Windows\System\yecCUBj.exe

C:\Windows\System\yecCUBj.exe

C:\Windows\System\RrzoxXs.exe

C:\Windows\System\RrzoxXs.exe

C:\Windows\System\dhevUXt.exe

C:\Windows\System\dhevUXt.exe

C:\Windows\System\cwJpybv.exe

C:\Windows\System\cwJpybv.exe

C:\Windows\System\pkOCVIn.exe

C:\Windows\System\pkOCVIn.exe

C:\Windows\System\NldeJpG.exe

C:\Windows\System\NldeJpG.exe

C:\Windows\System\PXIsuta.exe

C:\Windows\System\PXIsuta.exe

C:\Windows\System\JqAozKy.exe

C:\Windows\System\JqAozKy.exe

C:\Windows\System\KvFiKKT.exe

C:\Windows\System\KvFiKKT.exe

C:\Windows\System\nChYSyj.exe

C:\Windows\System\nChYSyj.exe

C:\Windows\System\HjgGDfb.exe

C:\Windows\System\HjgGDfb.exe

C:\Windows\System\LhLiHWs.exe

C:\Windows\System\LhLiHWs.exe

C:\Windows\System\stomHel.exe

C:\Windows\System\stomHel.exe

C:\Windows\System\XyIZfXt.exe

C:\Windows\System\XyIZfXt.exe

C:\Windows\System\ACsZYLA.exe

C:\Windows\System\ACsZYLA.exe

C:\Windows\System\VVoggRT.exe

C:\Windows\System\VVoggRT.exe

C:\Windows\System\KHERDrL.exe

C:\Windows\System\KHERDrL.exe

C:\Windows\System\aTapfnJ.exe

C:\Windows\System\aTapfnJ.exe

C:\Windows\System\fUlTcNX.exe

C:\Windows\System\fUlTcNX.exe

C:\Windows\System\BvRelSD.exe

C:\Windows\System\BvRelSD.exe

C:\Windows\System\PRcUFtO.exe

C:\Windows\System\PRcUFtO.exe

C:\Windows\System\KKpzyvL.exe

C:\Windows\System\KKpzyvL.exe

C:\Windows\System\gFKrACk.exe

C:\Windows\System\gFKrACk.exe

C:\Windows\System\pQfDtXN.exe

C:\Windows\System\pQfDtXN.exe

C:\Windows\System\yHgkmTp.exe

C:\Windows\System\yHgkmTp.exe

C:\Windows\System\wstCZgo.exe

C:\Windows\System\wstCZgo.exe

C:\Windows\System\kPMoWnh.exe

C:\Windows\System\kPMoWnh.exe

C:\Windows\System\rzPwZDm.exe

C:\Windows\System\rzPwZDm.exe

C:\Windows\System\qhtGFqp.exe

C:\Windows\System\qhtGFqp.exe

C:\Windows\System\WVUkysK.exe

C:\Windows\System\WVUkysK.exe

C:\Windows\System\mPUwVSf.exe

C:\Windows\System\mPUwVSf.exe

C:\Windows\System\myFBniH.exe

C:\Windows\System\myFBniH.exe

C:\Windows\System\xuCiceU.exe

C:\Windows\System\xuCiceU.exe

C:\Windows\System\SayuMxH.exe

C:\Windows\System\SayuMxH.exe

C:\Windows\System\LofxMgY.exe

C:\Windows\System\LofxMgY.exe

C:\Windows\System\xzkSJww.exe

C:\Windows\System\xzkSJww.exe

C:\Windows\System\XXZeOJY.exe

C:\Windows\System\XXZeOJY.exe

C:\Windows\System\PkHumGD.exe

C:\Windows\System\PkHumGD.exe

C:\Windows\System\zpglOhl.exe

C:\Windows\System\zpglOhl.exe

C:\Windows\System\gwKGdqY.exe

C:\Windows\System\gwKGdqY.exe

C:\Windows\System\IfRfMfb.exe

C:\Windows\System\IfRfMfb.exe

C:\Windows\System\qNezkWb.exe

C:\Windows\System\qNezkWb.exe

C:\Windows\System\UmHPIbH.exe

C:\Windows\System\UmHPIbH.exe

C:\Windows\System\AwthpXR.exe

C:\Windows\System\AwthpXR.exe

C:\Windows\System\HTHiDKw.exe

C:\Windows\System\HTHiDKw.exe

C:\Windows\System\BdoVWka.exe

C:\Windows\System\BdoVWka.exe

C:\Windows\System\NGAglGG.exe

C:\Windows\System\NGAglGG.exe

C:\Windows\System\ggeIzsY.exe

C:\Windows\System\ggeIzsY.exe

C:\Windows\System\rjESDuQ.exe

C:\Windows\System\rjESDuQ.exe

C:\Windows\System\SfxDkbP.exe

C:\Windows\System\SfxDkbP.exe

C:\Windows\System\NLFUPsx.exe

C:\Windows\System\NLFUPsx.exe

C:\Windows\System\FqbkGYI.exe

C:\Windows\System\FqbkGYI.exe

C:\Windows\System\EHxOQMe.exe

C:\Windows\System\EHxOQMe.exe

C:\Windows\System\CzFOEUd.exe

C:\Windows\System\CzFOEUd.exe

C:\Windows\System\HYbDiSU.exe

C:\Windows\System\HYbDiSU.exe

C:\Windows\System\kTAIyif.exe

C:\Windows\System\kTAIyif.exe

C:\Windows\System\yCfoBRJ.exe

C:\Windows\System\yCfoBRJ.exe

C:\Windows\System\GqnsSpo.exe

C:\Windows\System\GqnsSpo.exe

C:\Windows\System\cHyxRHt.exe

C:\Windows\System\cHyxRHt.exe

C:\Windows\System\mvMZhVv.exe

C:\Windows\System\mvMZhVv.exe

C:\Windows\System\qTVcFMp.exe

C:\Windows\System\qTVcFMp.exe

C:\Windows\System\YiRotdB.exe

C:\Windows\System\YiRotdB.exe

C:\Windows\System\hxmWOBM.exe

C:\Windows\System\hxmWOBM.exe

C:\Windows\System\DocYjLq.exe

C:\Windows\System\DocYjLq.exe

C:\Windows\System\UklmRNB.exe

C:\Windows\System\UklmRNB.exe

C:\Windows\System\dkEYPix.exe

C:\Windows\System\dkEYPix.exe

C:\Windows\System\kuUUGtV.exe

C:\Windows\System\kuUUGtV.exe

C:\Windows\System\eElAWAp.exe

C:\Windows\System\eElAWAp.exe

C:\Windows\System\LdVXMpY.exe

C:\Windows\System\LdVXMpY.exe

C:\Windows\System\XMIMqTP.exe

C:\Windows\System\XMIMqTP.exe

C:\Windows\System\YuJDNtl.exe

C:\Windows\System\YuJDNtl.exe

C:\Windows\System\KTghjrF.exe

C:\Windows\System\KTghjrF.exe

C:\Windows\System\LVIINPx.exe

C:\Windows\System\LVIINPx.exe

C:\Windows\System\zHHUsOX.exe

C:\Windows\System\zHHUsOX.exe

C:\Windows\System\CfvTEmN.exe

C:\Windows\System\CfvTEmN.exe

C:\Windows\System\sMZodwN.exe

C:\Windows\System\sMZodwN.exe

C:\Windows\System\uyEARbI.exe

C:\Windows\System\uyEARbI.exe

C:\Windows\System\YIJtSnd.exe

C:\Windows\System\YIJtSnd.exe

C:\Windows\System\ztDjoJZ.exe

C:\Windows\System\ztDjoJZ.exe

C:\Windows\System\ddVYLKU.exe

C:\Windows\System\ddVYLKU.exe

C:\Windows\System\lAzNrmH.exe

C:\Windows\System\lAzNrmH.exe

C:\Windows\System\VonvTxt.exe

C:\Windows\System\VonvTxt.exe

C:\Windows\System\ooXrGyF.exe

C:\Windows\System\ooXrGyF.exe

C:\Windows\System\ORfBbdo.exe

C:\Windows\System\ORfBbdo.exe

C:\Windows\System\hmxrmsb.exe

C:\Windows\System\hmxrmsb.exe

C:\Windows\System\uqckIvT.exe

C:\Windows\System\uqckIvT.exe

C:\Windows\System\JStKldg.exe

C:\Windows\System\JStKldg.exe

C:\Windows\System\YUzUOKL.exe

C:\Windows\System\YUzUOKL.exe

C:\Windows\System\xNrDsNU.exe

C:\Windows\System\xNrDsNU.exe

C:\Windows\System\BZMpxdo.exe

C:\Windows\System\BZMpxdo.exe

C:\Windows\System\oZjcbcB.exe

C:\Windows\System\oZjcbcB.exe

C:\Windows\System\ivuEYva.exe

C:\Windows\System\ivuEYva.exe

C:\Windows\System\wQMzqBY.exe

C:\Windows\System\wQMzqBY.exe

C:\Windows\System\qCubHyu.exe

C:\Windows\System\qCubHyu.exe

C:\Windows\System\hQoGrPQ.exe

C:\Windows\System\hQoGrPQ.exe

C:\Windows\System\HfVsmhd.exe

C:\Windows\System\HfVsmhd.exe

C:\Windows\System\alSxAmS.exe

C:\Windows\System\alSxAmS.exe

C:\Windows\System\BcyyPFa.exe

C:\Windows\System\BcyyPFa.exe

C:\Windows\System\AMjsRqu.exe

C:\Windows\System\AMjsRqu.exe

C:\Windows\System\nwNnfnA.exe

C:\Windows\System\nwNnfnA.exe

C:\Windows\System\OGetHOL.exe

C:\Windows\System\OGetHOL.exe

C:\Windows\System\QsAHHVE.exe

C:\Windows\System\QsAHHVE.exe

C:\Windows\System\TrIXwhP.exe

C:\Windows\System\TrIXwhP.exe

C:\Windows\System\rhAFEbG.exe

C:\Windows\System\rhAFEbG.exe

C:\Windows\System\KXhuxvr.exe

C:\Windows\System\KXhuxvr.exe

C:\Windows\System\ExZuRCm.exe

C:\Windows\System\ExZuRCm.exe

C:\Windows\System\jkzoVZC.exe

C:\Windows\System\jkzoVZC.exe

C:\Windows\System\nrTdbTW.exe

C:\Windows\System\nrTdbTW.exe

C:\Windows\System\dWLYtpw.exe

C:\Windows\System\dWLYtpw.exe

C:\Windows\System\OZyyfnM.exe

C:\Windows\System\OZyyfnM.exe

C:\Windows\System\yPAjyoZ.exe

C:\Windows\System\yPAjyoZ.exe

C:\Windows\System\ExvgXDy.exe

C:\Windows\System\ExvgXDy.exe

C:\Windows\System\clSVTuX.exe

C:\Windows\System\clSVTuX.exe

C:\Windows\System\ENvwFow.exe

C:\Windows\System\ENvwFow.exe

C:\Windows\System\UKNuoBr.exe

C:\Windows\System\UKNuoBr.exe

C:\Windows\System\XOjMCPI.exe

C:\Windows\System\XOjMCPI.exe

C:\Windows\System\bnViIeO.exe

C:\Windows\System\bnViIeO.exe

C:\Windows\System\VfXduRd.exe

C:\Windows\System\VfXduRd.exe

C:\Windows\System\DmttnPA.exe

C:\Windows\System\DmttnPA.exe

C:\Windows\System\hGGmJls.exe

C:\Windows\System\hGGmJls.exe

C:\Windows\System\GmHkpmL.exe

C:\Windows\System\GmHkpmL.exe

C:\Windows\System\witAQDH.exe

C:\Windows\System\witAQDH.exe

C:\Windows\System\cfJBqDC.exe

C:\Windows\System\cfJBqDC.exe

C:\Windows\System\knPwYCf.exe

C:\Windows\System\knPwYCf.exe

C:\Windows\System\oTMRrde.exe

C:\Windows\System\oTMRrde.exe

C:\Windows\System\RdJIAvw.exe

C:\Windows\System\RdJIAvw.exe

C:\Windows\System\oFnthag.exe

C:\Windows\System\oFnthag.exe

C:\Windows\System\vDnreUx.exe

C:\Windows\System\vDnreUx.exe

C:\Windows\System\ovYTxvs.exe

C:\Windows\System\ovYTxvs.exe

C:\Windows\System\EzIsPgk.exe

C:\Windows\System\EzIsPgk.exe

C:\Windows\System\OBeFBbD.exe

C:\Windows\System\OBeFBbD.exe

C:\Windows\System\FwkiuzP.exe

C:\Windows\System\FwkiuzP.exe

C:\Windows\System\kUxvYHi.exe

C:\Windows\System\kUxvYHi.exe

C:\Windows\System\CsNIHoD.exe

C:\Windows\System\CsNIHoD.exe

C:\Windows\System\aFEwSro.exe

C:\Windows\System\aFEwSro.exe

C:\Windows\System\DOZKpvf.exe

C:\Windows\System\DOZKpvf.exe

C:\Windows\System\WUhrPPG.exe

C:\Windows\System\WUhrPPG.exe

C:\Windows\System\bOlwvjF.exe

C:\Windows\System\bOlwvjF.exe

C:\Windows\System\xKmwjCu.exe

C:\Windows\System\xKmwjCu.exe

C:\Windows\System\mEinTsz.exe

C:\Windows\System\mEinTsz.exe

C:\Windows\System\TmEOkgo.exe

C:\Windows\System\TmEOkgo.exe

C:\Windows\System\bbLGVdC.exe

C:\Windows\System\bbLGVdC.exe

C:\Windows\System\ghYgPaL.exe

C:\Windows\System\ghYgPaL.exe

C:\Windows\System\lDtIXgv.exe

C:\Windows\System\lDtIXgv.exe

C:\Windows\System\JbNfWgG.exe

C:\Windows\System\JbNfWgG.exe

C:\Windows\System\DzRrIQA.exe

C:\Windows\System\DzRrIQA.exe

C:\Windows\System\sStIxPe.exe

C:\Windows\System\sStIxPe.exe

C:\Windows\System\NbjSdfj.exe

C:\Windows\System\NbjSdfj.exe

C:\Windows\System\yeXZBXS.exe

C:\Windows\System\yeXZBXS.exe

C:\Windows\System\AfNKxKP.exe

C:\Windows\System\AfNKxKP.exe

C:\Windows\System\oVXcufk.exe

C:\Windows\System\oVXcufk.exe

C:\Windows\System\zacYHSC.exe

C:\Windows\System\zacYHSC.exe

C:\Windows\System\lszcPFE.exe

C:\Windows\System\lszcPFE.exe

C:\Windows\System\wpwjvzD.exe

C:\Windows\System\wpwjvzD.exe

C:\Windows\System\PqVwcPL.exe

C:\Windows\System\PqVwcPL.exe

C:\Windows\System\fQXiTem.exe

C:\Windows\System\fQXiTem.exe

C:\Windows\System\WWoQkwj.exe

C:\Windows\System\WWoQkwj.exe

C:\Windows\System\Qzmpjca.exe

C:\Windows\System\Qzmpjca.exe

C:\Windows\System\pCaKgCy.exe

C:\Windows\System\pCaKgCy.exe

C:\Windows\System\UTgfVMu.exe

C:\Windows\System\UTgfVMu.exe

C:\Windows\System\JMwJouF.exe

C:\Windows\System\JMwJouF.exe

C:\Windows\System\cRDivie.exe

C:\Windows\System\cRDivie.exe

C:\Windows\System\AnDLqZr.exe

C:\Windows\System\AnDLqZr.exe

C:\Windows\System\LfpxESQ.exe

C:\Windows\System\LfpxESQ.exe

C:\Windows\System\BRUCqxl.exe

C:\Windows\System\BRUCqxl.exe

C:\Windows\System\GsQKKgN.exe

C:\Windows\System\GsQKKgN.exe

C:\Windows\System\oDnjBBS.exe

C:\Windows\System\oDnjBBS.exe

C:\Windows\System\lUSHEcG.exe

C:\Windows\System\lUSHEcG.exe

C:\Windows\System\yEMeBar.exe

C:\Windows\System\yEMeBar.exe

C:\Windows\System\pPNQqvr.exe

C:\Windows\System\pPNQqvr.exe

C:\Windows\System\xEGUYzw.exe

C:\Windows\System\xEGUYzw.exe

C:\Windows\System\sDrEAZn.exe

C:\Windows\System\sDrEAZn.exe

C:\Windows\System\NbnmNsR.exe

C:\Windows\System\NbnmNsR.exe

C:\Windows\System\lrhJThW.exe

C:\Windows\System\lrhJThW.exe

C:\Windows\System\fCypfsF.exe

C:\Windows\System\fCypfsF.exe

C:\Windows\System\PoIQzvy.exe

C:\Windows\System\PoIQzvy.exe

C:\Windows\System\XgrKplf.exe

C:\Windows\System\XgrKplf.exe

C:\Windows\System\yylxyJw.exe

C:\Windows\System\yylxyJw.exe

C:\Windows\System\CfdhFLu.exe

C:\Windows\System\CfdhFLu.exe

C:\Windows\System\BSIOMIs.exe

C:\Windows\System\BSIOMIs.exe

C:\Windows\System\WGsSxWQ.exe

C:\Windows\System\WGsSxWQ.exe

C:\Windows\System\FkfmSNB.exe

C:\Windows\System\FkfmSNB.exe

C:\Windows\System\kRiizBP.exe

C:\Windows\System\kRiizBP.exe

C:\Windows\System\Vgsplee.exe

C:\Windows\System\Vgsplee.exe

C:\Windows\System\WjwGVqh.exe

C:\Windows\System\WjwGVqh.exe

C:\Windows\System\pteEkZQ.exe

C:\Windows\System\pteEkZQ.exe

C:\Windows\System\ORvVYzV.exe

C:\Windows\System\ORvVYzV.exe

C:\Windows\System\PZvJFGr.exe

C:\Windows\System\PZvJFGr.exe

C:\Windows\System\JaDiyLF.exe

C:\Windows\System\JaDiyLF.exe

C:\Windows\System\vYOmpoe.exe

C:\Windows\System\vYOmpoe.exe

C:\Windows\System\FdCRcRv.exe

C:\Windows\System\FdCRcRv.exe

C:\Windows\System\wgTVqyq.exe

C:\Windows\System\wgTVqyq.exe

C:\Windows\System\VLdqtTi.exe

C:\Windows\System\VLdqtTi.exe

C:\Windows\System\yChAPse.exe

C:\Windows\System\yChAPse.exe

C:\Windows\System\gUEZkOb.exe

C:\Windows\System\gUEZkOb.exe

C:\Windows\System\xxpdENV.exe

C:\Windows\System\xxpdENV.exe

C:\Windows\System\EtojdCr.exe

C:\Windows\System\EtojdCr.exe

C:\Windows\System\DojVmkN.exe

C:\Windows\System\DojVmkN.exe

C:\Windows\System\qthrzTX.exe

C:\Windows\System\qthrzTX.exe

C:\Windows\System\uFpeYtG.exe

C:\Windows\System\uFpeYtG.exe

C:\Windows\System\GDQNdhU.exe

C:\Windows\System\GDQNdhU.exe

C:\Windows\System\NQPEPIl.exe

C:\Windows\System\NQPEPIl.exe

C:\Windows\System\qsGtqTQ.exe

C:\Windows\System\qsGtqTQ.exe

C:\Windows\System\lUVkUwo.exe

C:\Windows\System\lUVkUwo.exe

C:\Windows\System\zhIDkaX.exe

C:\Windows\System\zhIDkaX.exe

C:\Windows\System\OPIOeSq.exe

C:\Windows\System\OPIOeSq.exe

C:\Windows\System\GGPGJGM.exe

C:\Windows\System\GGPGJGM.exe

C:\Windows\System\gQWQACL.exe

C:\Windows\System\gQWQACL.exe

C:\Windows\System\GyteosK.exe

C:\Windows\System\GyteosK.exe

C:\Windows\System\YFOcSPF.exe

C:\Windows\System\YFOcSPF.exe

C:\Windows\System\oHTABhY.exe

C:\Windows\System\oHTABhY.exe

C:\Windows\System\QnhoxjR.exe

C:\Windows\System\QnhoxjR.exe

C:\Windows\System\OsoaQvX.exe

C:\Windows\System\OsoaQvX.exe

C:\Windows\System\aMsmRnP.exe

C:\Windows\System\aMsmRnP.exe

C:\Windows\System\ckTPdjn.exe

C:\Windows\System\ckTPdjn.exe

C:\Windows\System\sXUQOvo.exe

C:\Windows\System\sXUQOvo.exe

C:\Windows\System\KrKWMoA.exe

C:\Windows\System\KrKWMoA.exe

C:\Windows\System\iTkINBT.exe

C:\Windows\System\iTkINBT.exe

C:\Windows\System\GJfDnVb.exe

C:\Windows\System\GJfDnVb.exe

C:\Windows\System\ghStsjn.exe

C:\Windows\System\ghStsjn.exe

C:\Windows\System\KenwIVz.exe

C:\Windows\System\KenwIVz.exe

C:\Windows\System\CtQLqnb.exe

C:\Windows\System\CtQLqnb.exe

C:\Windows\System\fRDnolU.exe

C:\Windows\System\fRDnolU.exe

C:\Windows\System\vmEZVBs.exe

C:\Windows\System\vmEZVBs.exe

C:\Windows\System\YkQffII.exe

C:\Windows\System\YkQffII.exe

C:\Windows\System\yBviUkY.exe

C:\Windows\System\yBviUkY.exe

C:\Windows\System\DMrRgAz.exe

C:\Windows\System\DMrRgAz.exe

C:\Windows\System\wubpwXo.exe

C:\Windows\System\wubpwXo.exe

C:\Windows\System\XyNQGPN.exe

C:\Windows\System\XyNQGPN.exe

C:\Windows\System\ZwaiNYO.exe

C:\Windows\System\ZwaiNYO.exe

C:\Windows\System\eTnsJWl.exe

C:\Windows\System\eTnsJWl.exe

C:\Windows\System\KiNtlOd.exe

C:\Windows\System\KiNtlOd.exe

C:\Windows\System\KZsUoUf.exe

C:\Windows\System\KZsUoUf.exe

C:\Windows\System\xoNFplu.exe

C:\Windows\System\xoNFplu.exe

C:\Windows\System\SrZJkKg.exe

C:\Windows\System\SrZJkKg.exe

C:\Windows\System\qstnlFx.exe

C:\Windows\System\qstnlFx.exe

C:\Windows\System\oXkjedh.exe

C:\Windows\System\oXkjedh.exe

C:\Windows\System\NIDhCpN.exe

C:\Windows\System\NIDhCpN.exe

C:\Windows\System\iRaMLHJ.exe

C:\Windows\System\iRaMLHJ.exe

C:\Windows\System\aKwjdEw.exe

C:\Windows\System\aKwjdEw.exe

C:\Windows\System\WDGsvjn.exe

C:\Windows\System\WDGsvjn.exe

C:\Windows\System\zJOphjW.exe

C:\Windows\System\zJOphjW.exe

C:\Windows\System\KLBOYJQ.exe

C:\Windows\System\KLBOYJQ.exe

C:\Windows\System\BwDRusE.exe

C:\Windows\System\BwDRusE.exe

C:\Windows\System\bIEqDmg.exe

C:\Windows\System\bIEqDmg.exe

C:\Windows\System\nqilSvF.exe

C:\Windows\System\nqilSvF.exe

C:\Windows\System\zIhDqLM.exe

C:\Windows\System\zIhDqLM.exe

C:\Windows\System\IcrvTiL.exe

C:\Windows\System\IcrvTiL.exe

C:\Windows\System\IlcBwor.exe

C:\Windows\System\IlcBwor.exe

C:\Windows\System\gbIMlog.exe

C:\Windows\System\gbIMlog.exe

C:\Windows\System\wadgfsS.exe

C:\Windows\System\wadgfsS.exe

C:\Windows\System\TSNrfAo.exe

C:\Windows\System\TSNrfAo.exe

C:\Windows\System\xcvSGVX.exe

C:\Windows\System\xcvSGVX.exe

C:\Windows\System\mYxlmLY.exe

C:\Windows\System\mYxlmLY.exe

C:\Windows\System\TOIEBCb.exe

C:\Windows\System\TOIEBCb.exe

C:\Windows\System\TMvjDJa.exe

C:\Windows\System\TMvjDJa.exe

C:\Windows\System\vbITrXt.exe

C:\Windows\System\vbITrXt.exe

C:\Windows\System\oymblkd.exe

C:\Windows\System\oymblkd.exe

C:\Windows\System\ggftNRS.exe

C:\Windows\System\ggftNRS.exe

C:\Windows\System\DTEdKpk.exe

C:\Windows\System\DTEdKpk.exe

C:\Windows\System\cKYaUhi.exe

C:\Windows\System\cKYaUhi.exe

C:\Windows\System\INckwye.exe

C:\Windows\System\INckwye.exe

C:\Windows\System\TFEfrqq.exe

C:\Windows\System\TFEfrqq.exe

C:\Windows\System\lqlurbz.exe

C:\Windows\System\lqlurbz.exe

C:\Windows\System\TeiTBSu.exe

C:\Windows\System\TeiTBSu.exe

C:\Windows\System\zklMgyD.exe

C:\Windows\System\zklMgyD.exe

C:\Windows\System\PAZVGgd.exe

C:\Windows\System\PAZVGgd.exe

C:\Windows\System\BFqerSG.exe

C:\Windows\System\BFqerSG.exe

C:\Windows\System\OKhoZNo.exe

C:\Windows\System\OKhoZNo.exe

C:\Windows\System\arPTHua.exe

C:\Windows\System\arPTHua.exe

C:\Windows\System\hLbGXEy.exe

C:\Windows\System\hLbGXEy.exe

C:\Windows\System\SMfLWdG.exe

C:\Windows\System\SMfLWdG.exe

C:\Windows\System\UlCQlLJ.exe

C:\Windows\System\UlCQlLJ.exe

C:\Windows\System\ZyEgZzo.exe

C:\Windows\System\ZyEgZzo.exe

C:\Windows\System\WKWMOIR.exe

C:\Windows\System\WKWMOIR.exe

C:\Windows\System\FGOAwGj.exe

C:\Windows\System\FGOAwGj.exe

C:\Windows\System\dlKYJDm.exe

C:\Windows\System\dlKYJDm.exe

C:\Windows\System\GGdPtyg.exe

C:\Windows\System\GGdPtyg.exe

C:\Windows\System\Vjdjoms.exe

C:\Windows\System\Vjdjoms.exe

C:\Windows\System\tPhAPQI.exe

C:\Windows\System\tPhAPQI.exe

C:\Windows\System\MjjSsaY.exe

C:\Windows\System\MjjSsaY.exe

C:\Windows\System\MhUWlMm.exe

C:\Windows\System\MhUWlMm.exe

C:\Windows\System\TzaOSRy.exe

C:\Windows\System\TzaOSRy.exe

C:\Windows\System\HTIutKb.exe

C:\Windows\System\HTIutKb.exe

C:\Windows\System\SdvkMdx.exe

C:\Windows\System\SdvkMdx.exe

C:\Windows\System\ybIkper.exe

C:\Windows\System\ybIkper.exe

C:\Windows\System\xsBKzxG.exe

C:\Windows\System\xsBKzxG.exe

C:\Windows\System\KfIjbOI.exe

C:\Windows\System\KfIjbOI.exe

C:\Windows\System\BRmmBEe.exe

C:\Windows\System\BRmmBEe.exe

C:\Windows\System\HrIhbmx.exe

C:\Windows\System\HrIhbmx.exe

C:\Windows\System\JcniAjM.exe

C:\Windows\System\JcniAjM.exe

C:\Windows\System\yybWjnA.exe

C:\Windows\System\yybWjnA.exe

C:\Windows\System\gNTBDbe.exe

C:\Windows\System\gNTBDbe.exe

C:\Windows\System\ltawHgX.exe

C:\Windows\System\ltawHgX.exe

C:\Windows\System\Jcdjwzk.exe

C:\Windows\System\Jcdjwzk.exe

C:\Windows\System\biPPzkN.exe

C:\Windows\System\biPPzkN.exe

C:\Windows\System\XfGfuUj.exe

C:\Windows\System\XfGfuUj.exe

C:\Windows\System\cQNzhvL.exe

C:\Windows\System\cQNzhvL.exe

C:\Windows\System\qptchSd.exe

C:\Windows\System\qptchSd.exe

C:\Windows\System\EpZVAFW.exe

C:\Windows\System\EpZVAFW.exe

C:\Windows\System\rmcUDCn.exe

C:\Windows\System\rmcUDCn.exe

C:\Windows\System\iTvvgAH.exe

C:\Windows\System\iTvvgAH.exe

C:\Windows\System\VccMecF.exe

C:\Windows\System\VccMecF.exe

C:\Windows\System\PDhegdU.exe

C:\Windows\System\PDhegdU.exe

C:\Windows\System\LXSskzm.exe

C:\Windows\System\LXSskzm.exe

C:\Windows\System\OHYJshy.exe

C:\Windows\System\OHYJshy.exe

C:\Windows\System\meJsEII.exe

C:\Windows\System\meJsEII.exe

C:\Windows\System\TutyPSV.exe

C:\Windows\System\TutyPSV.exe

C:\Windows\System\gMEhmLa.exe

C:\Windows\System\gMEhmLa.exe

C:\Windows\System\hhGBxoq.exe

C:\Windows\System\hhGBxoq.exe

C:\Windows\System\WECnMrQ.exe

C:\Windows\System\WECnMrQ.exe

C:\Windows\System\uLVwVQu.exe

C:\Windows\System\uLVwVQu.exe

C:\Windows\System\vXuallt.exe

C:\Windows\System\vXuallt.exe

C:\Windows\System\rIDnLzl.exe

C:\Windows\System\rIDnLzl.exe

C:\Windows\System\atUfAaa.exe

C:\Windows\System\atUfAaa.exe

C:\Windows\System\cdqqHRd.exe

C:\Windows\System\cdqqHRd.exe

C:\Windows\System\JciiHMO.exe

C:\Windows\System\JciiHMO.exe

C:\Windows\System\uhyOaYr.exe

C:\Windows\System\uhyOaYr.exe

C:\Windows\System\SsLoOmf.exe

C:\Windows\System\SsLoOmf.exe

C:\Windows\System\tyzFBMX.exe

C:\Windows\System\tyzFBMX.exe

C:\Windows\System\WgKptkk.exe

C:\Windows\System\WgKptkk.exe

C:\Windows\System\JyvSkYn.exe

C:\Windows\System\JyvSkYn.exe

C:\Windows\System\cwZMENy.exe

C:\Windows\System\cwZMENy.exe

C:\Windows\System\xNFHHQq.exe

C:\Windows\System\xNFHHQq.exe

C:\Windows\System\uowVnVP.exe

C:\Windows\System\uowVnVP.exe

C:\Windows\System\PCfNyyX.exe

C:\Windows\System\PCfNyyX.exe

C:\Windows\System\BmWJOAV.exe

C:\Windows\System\BmWJOAV.exe

C:\Windows\System\TlaBoJv.exe

C:\Windows\System\TlaBoJv.exe

C:\Windows\System\ZHdbhpw.exe

C:\Windows\System\ZHdbhpw.exe

C:\Windows\System\UAbTfEH.exe

C:\Windows\System\UAbTfEH.exe

C:\Windows\System\PnZoUuI.exe

C:\Windows\System\PnZoUuI.exe

C:\Windows\System\bSdHOen.exe

C:\Windows\System\bSdHOen.exe

C:\Windows\System\gyetUUX.exe

C:\Windows\System\gyetUUX.exe

C:\Windows\System\kMcxLYn.exe

C:\Windows\System\kMcxLYn.exe

C:\Windows\System\JdDzzBo.exe

C:\Windows\System\JdDzzBo.exe

C:\Windows\System\jygGWcf.exe

C:\Windows\System\jygGWcf.exe

C:\Windows\System\MdSeucp.exe

C:\Windows\System\MdSeucp.exe

C:\Windows\System\URWAdEJ.exe

C:\Windows\System\URWAdEJ.exe

C:\Windows\System\DkYbhnE.exe

C:\Windows\System\DkYbhnE.exe

C:\Windows\System\HaJurwJ.exe

C:\Windows\System\HaJurwJ.exe

C:\Windows\System\jhQNzEo.exe

C:\Windows\System\jhQNzEo.exe

C:\Windows\System\XxxOXVY.exe

C:\Windows\System\XxxOXVY.exe

C:\Windows\System\HTNuRHc.exe

C:\Windows\System\HTNuRHc.exe

C:\Windows\System\xNpzYSe.exe

C:\Windows\System\xNpzYSe.exe

C:\Windows\System\gwSMUuY.exe

C:\Windows\System\gwSMUuY.exe

C:\Windows\System\UkUPNgi.exe

C:\Windows\System\UkUPNgi.exe

C:\Windows\System\UkcVbJC.exe

C:\Windows\System\UkcVbJC.exe

C:\Windows\System\OuwUwcw.exe

C:\Windows\System\OuwUwcw.exe

C:\Windows\System\xfScKLm.exe

C:\Windows\System\xfScKLm.exe

C:\Windows\System\HOrSmvs.exe

C:\Windows\System\HOrSmvs.exe

C:\Windows\System\kQqzClY.exe

C:\Windows\System\kQqzClY.exe

C:\Windows\System\cTcJJHf.exe

C:\Windows\System\cTcJJHf.exe

C:\Windows\System\vGvYKfh.exe

C:\Windows\System\vGvYKfh.exe

C:\Windows\System\EgxfSls.exe

C:\Windows\System\EgxfSls.exe

C:\Windows\System\qPUEZov.exe

C:\Windows\System\qPUEZov.exe

C:\Windows\System\hbRZhRh.exe

C:\Windows\System\hbRZhRh.exe

C:\Windows\System\YvpqRbe.exe

C:\Windows\System\YvpqRbe.exe

C:\Windows\System\ifUPoqx.exe

C:\Windows\System\ifUPoqx.exe

C:\Windows\System\dZCQDuw.exe

C:\Windows\System\dZCQDuw.exe

C:\Windows\System\WxCovXI.exe

C:\Windows\System\WxCovXI.exe

C:\Windows\System\SCTkbXz.exe

C:\Windows\System\SCTkbXz.exe

C:\Windows\System\SvVQuuq.exe

C:\Windows\System\SvVQuuq.exe

C:\Windows\System\VdNMPOF.exe

C:\Windows\System\VdNMPOF.exe

C:\Windows\System\MmPUDrs.exe

C:\Windows\System\MmPUDrs.exe

C:\Windows\System\hLFQGDr.exe

C:\Windows\System\hLFQGDr.exe

C:\Windows\System\wmBGKWK.exe

C:\Windows\System\wmBGKWK.exe

C:\Windows\System\GkgyEBd.exe

C:\Windows\System\GkgyEBd.exe

C:\Windows\System\QneNgPq.exe

C:\Windows\System\QneNgPq.exe

C:\Windows\System\xMROMeO.exe

C:\Windows\System\xMROMeO.exe

C:\Windows\System\ZHypJUR.exe

C:\Windows\System\ZHypJUR.exe

C:\Windows\System\dIidlwK.exe

C:\Windows\System\dIidlwK.exe

C:\Windows\System\tkRYzLZ.exe

C:\Windows\System\tkRYzLZ.exe

C:\Windows\System\ovoDbID.exe

C:\Windows\System\ovoDbID.exe

C:\Windows\System\RctPnYm.exe

C:\Windows\System\RctPnYm.exe

C:\Windows\System\XUNUZCM.exe

C:\Windows\System\XUNUZCM.exe

C:\Windows\System\QVoGZuk.exe

C:\Windows\System\QVoGZuk.exe

C:\Windows\System\nauYmwr.exe

C:\Windows\System\nauYmwr.exe

C:\Windows\System\Wjdaabl.exe

C:\Windows\System\Wjdaabl.exe

C:\Windows\System\CXjFldr.exe

C:\Windows\System\CXjFldr.exe

C:\Windows\System\iztUuFt.exe

C:\Windows\System\iztUuFt.exe

C:\Windows\System\fnCRZcc.exe

C:\Windows\System\fnCRZcc.exe

C:\Windows\System\cCGRBAK.exe

C:\Windows\System\cCGRBAK.exe

C:\Windows\System\emdJypn.exe

C:\Windows\System\emdJypn.exe

C:\Windows\System\HUPvwcX.exe

C:\Windows\System\HUPvwcX.exe

C:\Windows\System\WKhJlVL.exe

C:\Windows\System\WKhJlVL.exe

C:\Windows\System\YUswMOv.exe

C:\Windows\System\YUswMOv.exe

C:\Windows\System\LKLwziU.exe

C:\Windows\System\LKLwziU.exe

C:\Windows\System\NvgDPWQ.exe

C:\Windows\System\NvgDPWQ.exe

C:\Windows\System\AOcwMVG.exe

C:\Windows\System\AOcwMVG.exe

C:\Windows\System\vUUXnWN.exe

C:\Windows\System\vUUXnWN.exe

C:\Windows\System\HUaUwUw.exe

C:\Windows\System\HUaUwUw.exe

C:\Windows\System\sgzsHRB.exe

C:\Windows\System\sgzsHRB.exe

C:\Windows\System\MgLZEQT.exe

C:\Windows\System\MgLZEQT.exe

C:\Windows\System\QppdmXh.exe

C:\Windows\System\QppdmXh.exe

C:\Windows\System\CNogrpl.exe

C:\Windows\System\CNogrpl.exe

C:\Windows\System\xBmEYal.exe

C:\Windows\System\xBmEYal.exe

C:\Windows\System\dpqZTow.exe

C:\Windows\System\dpqZTow.exe

C:\Windows\System\bVrGFdg.exe

C:\Windows\System\bVrGFdg.exe

C:\Windows\System\rXgaPkq.exe

C:\Windows\System\rXgaPkq.exe

C:\Windows\System\DLJMSsP.exe

C:\Windows\System\DLJMSsP.exe

C:\Windows\System\YyInhct.exe

C:\Windows\System\YyInhct.exe

C:\Windows\System\PnUzDis.exe

C:\Windows\System\PnUzDis.exe

C:\Windows\System\UNmWQHR.exe

C:\Windows\System\UNmWQHR.exe

C:\Windows\System\eHxtNAY.exe

C:\Windows\System\eHxtNAY.exe

C:\Windows\System\JbKBiWz.exe

C:\Windows\System\JbKBiWz.exe

C:\Windows\System\xoGLEms.exe

C:\Windows\System\xoGLEms.exe

C:\Windows\System\eMPyKrw.exe

C:\Windows\System\eMPyKrw.exe

C:\Windows\System\kSqOyMr.exe

C:\Windows\System\kSqOyMr.exe

C:\Windows\System\AZHfqFR.exe

C:\Windows\System\AZHfqFR.exe

C:\Windows\System\ErQvDMp.exe

C:\Windows\System\ErQvDMp.exe

C:\Windows\System\LjDXVJN.exe

C:\Windows\System\LjDXVJN.exe

C:\Windows\System\zNtRLRx.exe

C:\Windows\System\zNtRLRx.exe

C:\Windows\System\nLinFNc.exe

C:\Windows\System\nLinFNc.exe

C:\Windows\System\FygBjiF.exe

C:\Windows\System\FygBjiF.exe

C:\Windows\System\dFEaLbK.exe

C:\Windows\System\dFEaLbK.exe

C:\Windows\System\pdYKtuU.exe

C:\Windows\System\pdYKtuU.exe

C:\Windows\System\NgBCSBk.exe

C:\Windows\System\NgBCSBk.exe

C:\Windows\System\LPqhftc.exe

C:\Windows\System\LPqhftc.exe

C:\Windows\System\eAckCVt.exe

C:\Windows\System\eAckCVt.exe

C:\Windows\System\lgmmDqF.exe

C:\Windows\System\lgmmDqF.exe

C:\Windows\System\PobqgEA.exe

C:\Windows\System\PobqgEA.exe

C:\Windows\System\NKstFCq.exe

C:\Windows\System\NKstFCq.exe

C:\Windows\System\DjZGAwf.exe

C:\Windows\System\DjZGAwf.exe

C:\Windows\System\dKxxzzp.exe

C:\Windows\System\dKxxzzp.exe

C:\Windows\System\GhJnEsP.exe

C:\Windows\System\GhJnEsP.exe

C:\Windows\System\gQWYMFY.exe

C:\Windows\System\gQWYMFY.exe

C:\Windows\System\cssLynn.exe

C:\Windows\System\cssLynn.exe

C:\Windows\System\NFPEEfK.exe

C:\Windows\System\NFPEEfK.exe

C:\Windows\System\mDmkTdp.exe

C:\Windows\System\mDmkTdp.exe

C:\Windows\System\PGlTaSZ.exe

C:\Windows\System\PGlTaSZ.exe

C:\Windows\System\AtySNrB.exe

C:\Windows\System\AtySNrB.exe

C:\Windows\System\YBzzBty.exe

C:\Windows\System\YBzzBty.exe

C:\Windows\System\IVvhbYu.exe

C:\Windows\System\IVvhbYu.exe

C:\Windows\System\cGUIrYp.exe

C:\Windows\System\cGUIrYp.exe

C:\Windows\System\QAmOLce.exe

C:\Windows\System\QAmOLce.exe

C:\Windows\System\QUuQXTe.exe

C:\Windows\System\QUuQXTe.exe

C:\Windows\System\XYkSISF.exe

C:\Windows\System\XYkSISF.exe

C:\Windows\System\dXteYWj.exe

C:\Windows\System\dXteYWj.exe

C:\Windows\System\xWOXJrI.exe

C:\Windows\System\xWOXJrI.exe

C:\Windows\System\wlHCeRP.exe

C:\Windows\System\wlHCeRP.exe

C:\Windows\System\kdQhLGh.exe

C:\Windows\System\kdQhLGh.exe

C:\Windows\System\LYnInzL.exe

C:\Windows\System\LYnInzL.exe

C:\Windows\System\RHyLYkn.exe

C:\Windows\System\RHyLYkn.exe

C:\Windows\System\tfWbYjm.exe

C:\Windows\System\tfWbYjm.exe

C:\Windows\System\BBqMBgn.exe

C:\Windows\System\BBqMBgn.exe

C:\Windows\System\igwuvnE.exe

C:\Windows\System\igwuvnE.exe

C:\Windows\System\XdwQBPX.exe

C:\Windows\System\XdwQBPX.exe

C:\Windows\System\fPzIIdZ.exe

C:\Windows\System\fPzIIdZ.exe

C:\Windows\System\ggrvFoi.exe

C:\Windows\System\ggrvFoi.exe

C:\Windows\System\HtxeGvJ.exe

C:\Windows\System\HtxeGvJ.exe

C:\Windows\System\ReymHTR.exe

C:\Windows\System\ReymHTR.exe

C:\Windows\System\ZDlVeOf.exe

C:\Windows\System\ZDlVeOf.exe

C:\Windows\System\NCoiavP.exe

C:\Windows\System\NCoiavP.exe

C:\Windows\System\sfnDecG.exe

C:\Windows\System\sfnDecG.exe

C:\Windows\System\wafBpbk.exe

C:\Windows\System\wafBpbk.exe

C:\Windows\System\kNMvmtM.exe

C:\Windows\System\kNMvmtM.exe

C:\Windows\System\YpuZyQR.exe

C:\Windows\System\YpuZyQR.exe

C:\Windows\System\DCbMDfC.exe

C:\Windows\System\DCbMDfC.exe

C:\Windows\System\MdQqqks.exe

C:\Windows\System\MdQqqks.exe

C:\Windows\System\JzOEOQX.exe

C:\Windows\System\JzOEOQX.exe

C:\Windows\System\KWXtQcf.exe

C:\Windows\System\KWXtQcf.exe

C:\Windows\System\CIkLvJR.exe

C:\Windows\System\CIkLvJR.exe

C:\Windows\System\BaruCec.exe

C:\Windows\System\BaruCec.exe

C:\Windows\System\GmeWYZs.exe

C:\Windows\System\GmeWYZs.exe

C:\Windows\System\CQUVgrh.exe

C:\Windows\System\CQUVgrh.exe

C:\Windows\System\MrmKlMe.exe

C:\Windows\System\MrmKlMe.exe

C:\Windows\System\ckJRRTY.exe

C:\Windows\System\ckJRRTY.exe

C:\Windows\System\iZMeSzb.exe

C:\Windows\System\iZMeSzb.exe

C:\Windows\System\lgAZOAp.exe

C:\Windows\System\lgAZOAp.exe

C:\Windows\System\AAeJZBh.exe

C:\Windows\System\AAeJZBh.exe

C:\Windows\System\HxbfimN.exe

C:\Windows\System\HxbfimN.exe

C:\Windows\System\BeLFObx.exe

C:\Windows\System\BeLFObx.exe

C:\Windows\System\CzqsESd.exe

C:\Windows\System\CzqsESd.exe

C:\Windows\System\bkRAmFW.exe

C:\Windows\System\bkRAmFW.exe

C:\Windows\System\OFGFwLl.exe

C:\Windows\System\OFGFwLl.exe

C:\Windows\System\VpNONlG.exe

C:\Windows\System\VpNONlG.exe

C:\Windows\System\UWautnd.exe

C:\Windows\System\UWautnd.exe

C:\Windows\System\kOGnbYl.exe

C:\Windows\System\kOGnbYl.exe

C:\Windows\System\XelWUAE.exe

C:\Windows\System\XelWUAE.exe

C:\Windows\System\FagTmNH.exe

C:\Windows\System\FagTmNH.exe

C:\Windows\System\JvCHqCb.exe

C:\Windows\System\JvCHqCb.exe

C:\Windows\System\BVbXhxr.exe

C:\Windows\System\BVbXhxr.exe

C:\Windows\System\CIddJSJ.exe

C:\Windows\System\CIddJSJ.exe

C:\Windows\System\SVgsoue.exe

C:\Windows\System\SVgsoue.exe

C:\Windows\System\BgReZBV.exe

C:\Windows\System\BgReZBV.exe

C:\Windows\System\EFmfgyI.exe

C:\Windows\System\EFmfgyI.exe

C:\Windows\System\WdaGZAy.exe

C:\Windows\System\WdaGZAy.exe

C:\Windows\System\juEOxjw.exe

C:\Windows\System\juEOxjw.exe

C:\Windows\System\DZerjYs.exe

C:\Windows\System\DZerjYs.exe

C:\Windows\System\lLCkHhD.exe

C:\Windows\System\lLCkHhD.exe

C:\Windows\System\CxgKngQ.exe

C:\Windows\System\CxgKngQ.exe

C:\Windows\System\bQarNWw.exe

C:\Windows\System\bQarNWw.exe

C:\Windows\System\umnEsEZ.exe

C:\Windows\System\umnEsEZ.exe

C:\Windows\System\cKfiOxb.exe

C:\Windows\System\cKfiOxb.exe

C:\Windows\System\vWCDOZp.exe

C:\Windows\System\vWCDOZp.exe

C:\Windows\System\nSkxzsR.exe

C:\Windows\System\nSkxzsR.exe

C:\Windows\System\JDSSZIz.exe

C:\Windows\System\JDSSZIz.exe

C:\Windows\System\xwKbykf.exe

C:\Windows\System\xwKbykf.exe

C:\Windows\System\RWzCWRk.exe

C:\Windows\System\RWzCWRk.exe

C:\Windows\System\NHuWtFD.exe

C:\Windows\System\NHuWtFD.exe

C:\Windows\System\FVYovtO.exe

C:\Windows\System\FVYovtO.exe

C:\Windows\System\rvwUYjH.exe

C:\Windows\System\rvwUYjH.exe

C:\Windows\System\gjGHhvd.exe

C:\Windows\System\gjGHhvd.exe

C:\Windows\System\gkSfsgo.exe

C:\Windows\System\gkSfsgo.exe

C:\Windows\System\qlEqWTE.exe

C:\Windows\System\qlEqWTE.exe

C:\Windows\System\zBmeIpD.exe

C:\Windows\System\zBmeIpD.exe

C:\Windows\System\DTRlnDs.exe

C:\Windows\System\DTRlnDs.exe

C:\Windows\System\mLYEmIb.exe

C:\Windows\System\mLYEmIb.exe

C:\Windows\System\KZanVpd.exe

C:\Windows\System\KZanVpd.exe

C:\Windows\System\CzEUlRH.exe

C:\Windows\System\CzEUlRH.exe

C:\Windows\System\dQWRnzM.exe

C:\Windows\System\dQWRnzM.exe

C:\Windows\System\zufAyOR.exe

C:\Windows\System\zufAyOR.exe

C:\Windows\System\Wbnqgyp.exe

C:\Windows\System\Wbnqgyp.exe

C:\Windows\System\NIiwUah.exe

C:\Windows\System\NIiwUah.exe

C:\Windows\System\aCFlBVU.exe

C:\Windows\System\aCFlBVU.exe

C:\Windows\System\rnRsMlm.exe

C:\Windows\System\rnRsMlm.exe

C:\Windows\System\Jhswxce.exe

C:\Windows\System\Jhswxce.exe

C:\Windows\System\KftZBUc.exe

C:\Windows\System\KftZBUc.exe

C:\Windows\System\RVzYVdX.exe

C:\Windows\System\RVzYVdX.exe

C:\Windows\System\QIpyqRu.exe

C:\Windows\System\QIpyqRu.exe

C:\Windows\System\pcwuzwL.exe

C:\Windows\System\pcwuzwL.exe

C:\Windows\System\FBOeQHo.exe

C:\Windows\System\FBOeQHo.exe

C:\Windows\System\tckRjXp.exe

C:\Windows\System\tckRjXp.exe

C:\Windows\System\hXLJqop.exe

C:\Windows\System\hXLJqop.exe

C:\Windows\System\VKQxKRg.exe

C:\Windows\System\VKQxKRg.exe

C:\Windows\System\XKznVXB.exe

C:\Windows\System\XKznVXB.exe

C:\Windows\System\xmEhgzf.exe

C:\Windows\System\xmEhgzf.exe

C:\Windows\System\JQbjGuw.exe

C:\Windows\System\JQbjGuw.exe

C:\Windows\System\ZqHImti.exe

C:\Windows\System\ZqHImti.exe

C:\Windows\System\hyJpheh.exe

C:\Windows\System\hyJpheh.exe

C:\Windows\System\HiMfbsB.exe

C:\Windows\System\HiMfbsB.exe

C:\Windows\System\TTtNWtp.exe

C:\Windows\System\TTtNWtp.exe

C:\Windows\System\tnqtvDJ.exe

C:\Windows\System\tnqtvDJ.exe

C:\Windows\System\dlotVcO.exe

C:\Windows\System\dlotVcO.exe

C:\Windows\System\UbWedfJ.exe

C:\Windows\System\UbWedfJ.exe

C:\Windows\System\HcQDKLV.exe

C:\Windows\System\HcQDKLV.exe

C:\Windows\System\EFzPteJ.exe

C:\Windows\System\EFzPteJ.exe

C:\Windows\System\dbpDiGx.exe

C:\Windows\System\dbpDiGx.exe

C:\Windows\System\wBpCABs.exe

C:\Windows\System\wBpCABs.exe

C:\Windows\System\AKjiCLH.exe

C:\Windows\System\AKjiCLH.exe

C:\Windows\System\RjOQGek.exe

C:\Windows\System\RjOQGek.exe

C:\Windows\System\MDHluhC.exe

C:\Windows\System\MDHluhC.exe

C:\Windows\System\SAsHPTq.exe

C:\Windows\System\SAsHPTq.exe

C:\Windows\System\QSokEMo.exe

C:\Windows\System\QSokEMo.exe

C:\Windows\System\TGBpYlv.exe

C:\Windows\System\TGBpYlv.exe

C:\Windows\System\vmVFLKk.exe

C:\Windows\System\vmVFLKk.exe

C:\Windows\System\VzmJShO.exe

C:\Windows\System\VzmJShO.exe

C:\Windows\System\BgoMrET.exe

C:\Windows\System\BgoMrET.exe

C:\Windows\System\rmwCODD.exe

C:\Windows\System\rmwCODD.exe

C:\Windows\System\lwrgvci.exe

C:\Windows\System\lwrgvci.exe

C:\Windows\System\VYJLVvC.exe

C:\Windows\System\VYJLVvC.exe

C:\Windows\System\wRnyYwF.exe

C:\Windows\System\wRnyYwF.exe

C:\Windows\System\VathyLw.exe

C:\Windows\System\VathyLw.exe

C:\Windows\System\QOnMDaJ.exe

C:\Windows\System\QOnMDaJ.exe

C:\Windows\System\KFksUSK.exe

C:\Windows\System\KFksUSK.exe

C:\Windows\System\nkmmRku.exe

C:\Windows\System\nkmmRku.exe

C:\Windows\System\RHMfKHc.exe

C:\Windows\System\RHMfKHc.exe

C:\Windows\System\xjgCACj.exe

C:\Windows\System\xjgCACj.exe

C:\Windows\System\joJCNdF.exe

C:\Windows\System\joJCNdF.exe

C:\Windows\System\xhqSioZ.exe

C:\Windows\System\xhqSioZ.exe

C:\Windows\System\uFbkqev.exe

C:\Windows\System\uFbkqev.exe

C:\Windows\System\FZpFmJA.exe

C:\Windows\System\FZpFmJA.exe

C:\Windows\System\RbQGjSY.exe

C:\Windows\System\RbQGjSY.exe

C:\Windows\System\HQgJPqz.exe

C:\Windows\System\HQgJPqz.exe

C:\Windows\System\CXYtTEV.exe

C:\Windows\System\CXYtTEV.exe

C:\Windows\System\qkFmLTc.exe

C:\Windows\System\qkFmLTc.exe

C:\Windows\System\sKbpvyJ.exe

C:\Windows\System\sKbpvyJ.exe

C:\Windows\System\muZPHwk.exe

C:\Windows\System\muZPHwk.exe

C:\Windows\System\xOjSYGu.exe

C:\Windows\System\xOjSYGu.exe

C:\Windows\System\bkQYjKR.exe

C:\Windows\System\bkQYjKR.exe

C:\Windows\System\xkcuELY.exe

C:\Windows\System\xkcuELY.exe

C:\Windows\System\TMuaPLo.exe

C:\Windows\System\TMuaPLo.exe

C:\Windows\System\WoWpbzJ.exe

C:\Windows\System\WoWpbzJ.exe

C:\Windows\System\PuljhJq.exe

C:\Windows\System\PuljhJq.exe

C:\Windows\System\hRmwspY.exe

C:\Windows\System\hRmwspY.exe

C:\Windows\System\GDrJUgj.exe

C:\Windows\System\GDrJUgj.exe

C:\Windows\System\GvULayc.exe

C:\Windows\System\GvULayc.exe

C:\Windows\System\CeryXdb.exe

C:\Windows\System\CeryXdb.exe

C:\Windows\System\aLMKbQt.exe

C:\Windows\System\aLMKbQt.exe

C:\Windows\System\aQDxlax.exe

C:\Windows\System\aQDxlax.exe

C:\Windows\System\ICwNFTH.exe

C:\Windows\System\ICwNFTH.exe

C:\Windows\System\VjIIAUO.exe

C:\Windows\System\VjIIAUO.exe

C:\Windows\System\fcdAMtz.exe

C:\Windows\System\fcdAMtz.exe

C:\Windows\System\KKGQEOn.exe

C:\Windows\System\KKGQEOn.exe

C:\Windows\System\wDIdXCC.exe

C:\Windows\System\wDIdXCC.exe

C:\Windows\System\aqVjHoV.exe

C:\Windows\System\aqVjHoV.exe

C:\Windows\System\eiYPVIh.exe

C:\Windows\System\eiYPVIh.exe

C:\Windows\System\fLbLZvD.exe

C:\Windows\System\fLbLZvD.exe

C:\Windows\System\gYlcdLM.exe

C:\Windows\System\gYlcdLM.exe

C:\Windows\System\tKBEVMv.exe

C:\Windows\System\tKBEVMv.exe

C:\Windows\System\iWwgZaJ.exe

C:\Windows\System\iWwgZaJ.exe

C:\Windows\System\aJRhyAd.exe

C:\Windows\System\aJRhyAd.exe

C:\Windows\System\VgXVWJG.exe

C:\Windows\System\VgXVWJG.exe

C:\Windows\System\ZQvvSGf.exe

C:\Windows\System\ZQvvSGf.exe

C:\Windows\System\piHRiCR.exe

C:\Windows\System\piHRiCR.exe

C:\Windows\System\hKYNRBQ.exe

C:\Windows\System\hKYNRBQ.exe

C:\Windows\System\kxZYRPT.exe

C:\Windows\System\kxZYRPT.exe

C:\Windows\System\KiMnYJr.exe

C:\Windows\System\KiMnYJr.exe

C:\Windows\System\jimfzLu.exe

C:\Windows\System\jimfzLu.exe

C:\Windows\System\fthRoXI.exe

C:\Windows\System\fthRoXI.exe

C:\Windows\System\QwPThhW.exe

C:\Windows\System\QwPThhW.exe

C:\Windows\System\KmijDsW.exe

C:\Windows\System\KmijDsW.exe

C:\Windows\System\RYEzufV.exe

C:\Windows\System\RYEzufV.exe

C:\Windows\System\gTDProU.exe

C:\Windows\System\gTDProU.exe

C:\Windows\System\QXaKgeh.exe

C:\Windows\System\QXaKgeh.exe

C:\Windows\System\SsKGYpz.exe

C:\Windows\System\SsKGYpz.exe

C:\Windows\System\OWdSeFp.exe

C:\Windows\System\OWdSeFp.exe

C:\Windows\System\zIRMfkf.exe

C:\Windows\System\zIRMfkf.exe

C:\Windows\System\tOCMCam.exe

C:\Windows\System\tOCMCam.exe

C:\Windows\System\Uhyicfc.exe

C:\Windows\System\Uhyicfc.exe

C:\Windows\System\qoPNnzK.exe

C:\Windows\System\qoPNnzK.exe

C:\Windows\System\cnrCytY.exe

C:\Windows\System\cnrCytY.exe

C:\Windows\System\ziuJFaT.exe

C:\Windows\System\ziuJFaT.exe

C:\Windows\System\iBVWUgI.exe

C:\Windows\System\iBVWUgI.exe

C:\Windows\System\ucmXcUi.exe

C:\Windows\System\ucmXcUi.exe

C:\Windows\System\wnKyglQ.exe

C:\Windows\System\wnKyglQ.exe

C:\Windows\System\IjuZDcZ.exe

C:\Windows\System\IjuZDcZ.exe

C:\Windows\System\nzvrNfQ.exe

C:\Windows\System\nzvrNfQ.exe

C:\Windows\System\qYYmnZy.exe

C:\Windows\System\qYYmnZy.exe

C:\Windows\System\zYlgAJE.exe

C:\Windows\System\zYlgAJE.exe

C:\Windows\System\zrRyKLQ.exe

C:\Windows\System\zrRyKLQ.exe

C:\Windows\System\wFWESru.exe

C:\Windows\System\wFWESru.exe

C:\Windows\System\MjGrQLK.exe

C:\Windows\System\MjGrQLK.exe

C:\Windows\System\ufrrugg.exe

C:\Windows\System\ufrrugg.exe

C:\Windows\System\hUPIyEv.exe

C:\Windows\System\hUPIyEv.exe

C:\Windows\System\ZYLzDDH.exe

C:\Windows\System\ZYLzDDH.exe

C:\Windows\System\JztucYD.exe

C:\Windows\System\JztucYD.exe

C:\Windows\System\RJNOvlQ.exe

C:\Windows\System\RJNOvlQ.exe

C:\Windows\System\nBBvXAy.exe

C:\Windows\System\nBBvXAy.exe

C:\Windows\System\WuQjChJ.exe

C:\Windows\System\WuQjChJ.exe

C:\Windows\System\lhXJNre.exe

C:\Windows\System\lhXJNre.exe

C:\Windows\System\UeMnYda.exe

C:\Windows\System\UeMnYda.exe

C:\Windows\System\lTbrqMV.exe

C:\Windows\System\lTbrqMV.exe

C:\Windows\System\BRLBGJp.exe

C:\Windows\System\BRLBGJp.exe

C:\Windows\System\GdHbuIy.exe

C:\Windows\System\GdHbuIy.exe

C:\Windows\System\udRmbtu.exe

C:\Windows\System\udRmbtu.exe

C:\Windows\System\RhyTmVv.exe

C:\Windows\System\RhyTmVv.exe

C:\Windows\System\NqSFZYC.exe

C:\Windows\System\NqSFZYC.exe

C:\Windows\System\JdlMdTI.exe

C:\Windows\System\JdlMdTI.exe

C:\Windows\System\kXEdUyz.exe

C:\Windows\System\kXEdUyz.exe

C:\Windows\System\zPZVLlM.exe

C:\Windows\System\zPZVLlM.exe

C:\Windows\System\TvtrItb.exe

C:\Windows\System\TvtrItb.exe

C:\Windows\System\NorEDLI.exe

C:\Windows\System\NorEDLI.exe

C:\Windows\System\idSPWHI.exe

C:\Windows\System\idSPWHI.exe

C:\Windows\System\OWFemqf.exe

C:\Windows\System\OWFemqf.exe

C:\Windows\System\RHeJxFU.exe

C:\Windows\System\RHeJxFU.exe

C:\Windows\System\TwuKnIj.exe

C:\Windows\System\TwuKnIj.exe

C:\Windows\System\gjDRmkZ.exe

C:\Windows\System\gjDRmkZ.exe

C:\Windows\System\IOmpmyB.exe

C:\Windows\System\IOmpmyB.exe

C:\Windows\System\rHnQnir.exe

C:\Windows\System\rHnQnir.exe

C:\Windows\System\xuJZwxq.exe

C:\Windows\System\xuJZwxq.exe

C:\Windows\System\iThEgxp.exe

C:\Windows\System\iThEgxp.exe

C:\Windows\System\OiaTxNN.exe

C:\Windows\System\OiaTxNN.exe

C:\Windows\System\NeMTQbM.exe

C:\Windows\System\NeMTQbM.exe

C:\Windows\System\nfSuhAs.exe

C:\Windows\System\nfSuhAs.exe

C:\Windows\System\PkKtTLN.exe

C:\Windows\System\PkKtTLN.exe

C:\Windows\System\KgyAibz.exe

C:\Windows\System\KgyAibz.exe

C:\Windows\System\MoulkFj.exe

C:\Windows\System\MoulkFj.exe

C:\Windows\System\mmGWaYS.exe

C:\Windows\System\mmGWaYS.exe

C:\Windows\System\IdleTwD.exe

C:\Windows\System\IdleTwD.exe

C:\Windows\System\eSfrBjT.exe

C:\Windows\System\eSfrBjT.exe

C:\Windows\System\hwKSCIc.exe

C:\Windows\System\hwKSCIc.exe

C:\Windows\System\TBtNNuj.exe

C:\Windows\System\TBtNNuj.exe

C:\Windows\System\eMLHbAJ.exe

C:\Windows\System\eMLHbAJ.exe

C:\Windows\System\pMAlMSH.exe

C:\Windows\System\pMAlMSH.exe

C:\Windows\System\uvDSpvC.exe

C:\Windows\System\uvDSpvC.exe

C:\Windows\System\qKjAkWs.exe

C:\Windows\System\qKjAkWs.exe

C:\Windows\System\lwKuWTF.exe

C:\Windows\System\lwKuWTF.exe

C:\Windows\System\LyGkrbI.exe

C:\Windows\System\LyGkrbI.exe

C:\Windows\System\MLzkhLZ.exe

C:\Windows\System\MLzkhLZ.exe

C:\Windows\System\rpgrEyP.exe

C:\Windows\System\rpgrEyP.exe

C:\Windows\System\wttvXpU.exe

C:\Windows\System\wttvXpU.exe

C:\Windows\System\EOdKWHa.exe

C:\Windows\System\EOdKWHa.exe

C:\Windows\System\HXQTpVV.exe

C:\Windows\System\HXQTpVV.exe

C:\Windows\System\fgQQxrs.exe

C:\Windows\System\fgQQxrs.exe

Network

N/A

Files

memory/1700-0-0x000000013F440000-0x000000013F791000-memory.dmp

memory/1700-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\zEjVEAs.exe

MD5 86b4e2d7df58e98aa6226e34c81dafa5
SHA1 018e2b2ffc97f0da684b03bda5f4e3ab4689fb29
SHA256 ec32914b4e64fd8ee3f8d15f0d8ffc2263bbfe3e7f08c88c10809f3b87c79fda
SHA512 7a19f3bff329f7d1f4c4e1ee2cfa98112e5210bbde9ef222be1cda92a710e2e7032c270f5a5bed5ffb7f05fe62351708621a6ef7748e4ae8113df73c2dea12e5

\Windows\system\bJcOLEf.exe

MD5 2a8ce8c6a9313ae30f290ca97aac1fd0
SHA1 250a1e1cfd1ee1f52d4f537a79462c29b6266ded
SHA256 64f63c925c5e4b04ca487fd167c95871fabe969da24689ffe483de0515430639
SHA512 2b2729062a2be0afcae23b19074dc53d2f8cda66433cb50c50e8932a800b83b93f38c0f8e249ae3144cd5d83d710b5689340042ea300be5b75056c3248a7ba34

memory/1700-12-0x000000013FC00000-0x000000013FF51000-memory.dmp

\Windows\system\DByvoUs.exe

MD5 e9bcf24012fd2aec26daf7a9a8cc6eec
SHA1 1c16d50aa3846ec97e68cd834218b8bb60c56c0b
SHA256 ff9539775bb41594454cfa1e53ec584a578e6e6015a17aa16eca6c40c3e78fd8
SHA512 be8124fe5a90d02602ed33ea96638353d198b98f7122594937859c2c903ce2e01446d2947f048e32047a282b66698a7711341f24a3446dab50b296f2c3b79666

memory/2664-22-0x000000013FFE0000-0x0000000140331000-memory.dmp

memory/1944-21-0x000000013FC00000-0x000000013FF51000-memory.dmp

memory/1700-20-0x000000013F950000-0x000000013FCA1000-memory.dmp

memory/2028-18-0x000000013F950000-0x000000013FCA1000-memory.dmp

C:\Windows\system\LZflGhM.exe

MD5 78b7c2936885004aa9208c948ab8099b
SHA1 b2929f0128756ed39c77624b873b014730210845
SHA256 77bc527d9731aaa87450810f91fab0bdf1fce06a72264412d5504e1dfb362986
SHA512 538498d64faf9491004afb0e0027bfaa8506d3b6d493f714c3e43933a163e59173d92882a21a630cc2f5cca8653f806a0e8a841b26e91dc401a4c5821d1d3355

memory/2520-29-0x000000013F050000-0x000000013F3A1000-memory.dmp

memory/1700-28-0x000000013F050000-0x000000013F3A1000-memory.dmp

memory/1700-33-0x000000013FA70000-0x000000013FDC1000-memory.dmp

C:\Windows\system\sgyBNKw.exe

MD5 bb26d3223b8489f6f0a4b5611a7c83d4
SHA1 7ae666bbb08136764f875f935c89e7a6867eb624
SHA256 b8d49167bbce6425ede1413a908e75e69514e84425ac1a786c12aa7ccbe16971
SHA512 325a5aceda19d10bfc82fe946f41355b5e11578342d28382c0de82d62b6fd4fe75659d538e241579daa7791e483b8a030ddd987ce04f9b341626d6501a32b6c0

memory/1700-40-0x0000000001D60000-0x00000000020B1000-memory.dmp

memory/2136-41-0x000000013F4A0000-0x000000013F7F1000-memory.dmp

memory/2508-35-0x000000013FA70000-0x000000013FDC1000-memory.dmp

memory/1700-55-0x0000000001D60000-0x00000000020B1000-memory.dmp

\Windows\system\DqLOXkQ.exe

MD5 3a0b4e42b91272e02599edec30a59520
SHA1 b755dde8a0338a905d18ed147d8f05ff259d2d48
SHA256 3b414b6da4abab9db277ee239500c9d35da063add6a643c0cfc003cf6d955cd3
SHA512 af3ee899704fee186e4db957f35ed45e46abf886548352090d842d65ecc8baa2a7c4c1e149c8ace0bfb573f82ee6ce7b508e5d4d4001e98ea88c344352d3e498

memory/1896-56-0x000000013F280000-0x000000013F5D1000-memory.dmp

C:\Windows\system\RmwGfhY.exe

MD5 2937f58928eddac0ce2e6fb96d7a6623
SHA1 32ae4f17d59ce8a6436ed32745dcef39e494e945
SHA256 30e8a7aef477d93892d79de0d0cf1dd59c970cfd33a961c2d20984b63e909f6f
SHA512 8a09fa55756d7b7f3b36a61fe295c5795b4880e7f32f4c68a70cd8871c7d8b661f2ac10c7127a4bea8fcd34effa55324640c31517466a5f45d09933709b0992b

C:\Windows\system\rBngRTz.exe

MD5 e1e45c1d22af55c720b4adab86eab0e7
SHA1 bd46a64978864988e9ba9b0a28fd7ed8eb01a520
SHA256 6de431d79cd2235b38b1ad83b50309069a59eeaae7e6e6541b941bb473f958fd
SHA512 c3b9d798233b6e90632a96f8331149e0e74d21886a4f62cfc152b044c3f244f6973d81c4b40dd903b736187c7f4b39b37ef2eb2e5505b15dd116e874e11d7744

C:\Windows\system\placfWH.exe

MD5 f7b6eb7784c0938a46d153c87e3a664f
SHA1 1f22e9d8c4383a65e9299ce8ce7702ee39f9f8e8
SHA256 319decfc616e9f1a5c3c83311e47ef272be827abac9ef16654eb7496c6e907b1
SHA512 7555fd4b53181ebb9c51909613d2810659da4701e7ef55745a8f31d37462f4b511045c79377ce401aad09be3fbc66b65edf636e377190c37b00a1400359ed67d

memory/2920-77-0x000000013FBE0000-0x000000013FF31000-memory.dmp

memory/1216-82-0x000000013FE30000-0x0000000140181000-memory.dmp

memory/1700-81-0x000000013FE30000-0x0000000140181000-memory.dmp

memory/1700-74-0x000000013FC20000-0x000000013FF71000-memory.dmp

memory/1700-70-0x000000013F440000-0x000000013F791000-memory.dmp

memory/2296-69-0x000000013FC20000-0x000000013FF71000-memory.dmp

memory/2396-68-0x000000013F840000-0x000000013FB91000-memory.dmp

memory/1700-62-0x000000013F840000-0x000000013FB91000-memory.dmp

memory/2388-49-0x000000013F8E0000-0x000000013FC31000-memory.dmp

\Windows\system\hoOiJDa.exe

MD5 9a0e623725f36ae8f675f868263aa178
SHA1 d7855b49b729b77dcbfcb9fa0ebbc89bc306b7f6
SHA256 e1de9397fd3c56567aaa836a030d1ccf39800b0029c552bf451b49ded9348b11
SHA512 d39785840d74b71c0ab134b94e7926c44b5237fea761f914319e62d19e66b90c6f702166cf23fb70646131d4f416f9ea8bc8a79506a98e4027d2136622e077d6

C:\Windows\system\UWPpqxd.exe

MD5 5706a91492451314150c16abf71aa2bb
SHA1 8ed7f779ffc41c8ebfe10b7f66b69642a61f7b75
SHA256 11d1b2f97b87634902408f6f87328012cde4b7ffc1a35f9b54de86f1a774a3aa
SHA512 497485dc9b99324603d5023e3ed16e692849f5bb5670db996868c99cc10c9d29e00ef16dcd71a6821d692cf3cab840cb2f2797b05f51980dc8cc7e08adef2cf1

memory/1700-99-0x000000013F810000-0x000000013FB61000-memory.dmp

memory/1948-92-0x000000013F310000-0x000000013F661000-memory.dmp

memory/1700-107-0x000000013FA00000-0x000000013FD51000-memory.dmp

C:\Windows\system\potfZhL.exe

MD5 a68de3e4d0a0e89447e9902198af27fa
SHA1 03262d64e994f743fc9e5915a17aec556b086d7e
SHA256 47b10f4437ca8f51940a95d06c8f1bdafa9d7d3aec827854fc6f48e5e6339a43
SHA512 af05048523d37638dc239a20e6b1a075a4b61d10b0de9115a339769cc9bb5cb27c960a81b63953630529a5afed132b6572ca02b433d88f2ac2c880fe8e608c20

C:\Windows\system\epjqtSV.exe

MD5 a21e3b40919e0606de4b81488f952be6
SHA1 73f1448332ae28162583863d79a439f90c9496f8
SHA256 6dd52f1b11616feef1a5ca8ebea3dc88dcf75a51df2e9f561df126b6fad9b48a
SHA512 87fe3082b9cb016ad78bc47ba4bedb84bddcd66cf903c1231b2fefc5a54e0965df43f2fc3b50403b7391f39e5a4e8bec54c4328b031967cd779980565ed79054

C:\Windows\system\fqASwdQ.exe

MD5 0a0b2290c37f0fa9eb26c9c70b75133b
SHA1 490c44b05c0eff9ac2a548b8ee2d8302cf3921b2
SHA256 993def22d589ef6c1613513dc260da42216786284c4a837fe2d4ccb607979e1e
SHA512 8099a048334d8c827c873738b6b90d6e44f507fc872c2ece4499c51e6d91ed2186e8f0368273d6c1884934e78f73f2b4e18e0d9397d62d930649732b99a4d7d1

memory/1700-474-0x0000000001D60000-0x00000000020B1000-memory.dmp

C:\Windows\system\YArhFZm.exe

MD5 e88e4ccbf9c6e17e729e25a676a18eb4
SHA1 c4c1c6e971f5b09954d59266e424c0e313000f96
SHA256 7ad6744b775379c4e39f1d9b9b0acf8e94b797e9adc69f06a2a02d4a229b36d8
SHA512 8e0b4745ab8480f79fe6b5b5572f1c21a318796210abf7a282b35cb6fab036c79420b8dddbad932015e62d92e9d640951333e2fea06b5613a9b6f6cb7431894a

C:\Windows\system\XrmqXsU.exe

MD5 d92f9ca0f3b67854b6908a7b516095e3
SHA1 05b5a37b5304163fadff410f0b0f23bd003aa435
SHA256 08713b24943d5376cdcdfa167f71dea680b0dedeec2ba81ee647c3a408a5c95a
SHA512 d8b467d34c227d3ac1cdf78e6c06fda4d5ea7b9c7d183d70d7d96236fad8d6676ada99085df93aa21b1f4972493b24c43dced5375b4ce0f1bc643792f230180b

C:\Windows\system\XpjFpSy.exe

MD5 98d41458e990f5b7076cc83c4eee71f8
SHA1 f16b3a16abdfcd72f7246721cca97001e51d0d63
SHA256 0ff3846b905eecde950cd7ebf512777f8c3ede5098c0f1163655f84454260857
SHA512 bababc7778fdc4d5c100fb206a111e75bcdd075d2e54e5cdcb5e510b38a9c4c7d99acd97ad8421b6d0346f9c2ef95b5bbd95518333e9652f84a94712df140c13

C:\Windows\system\huTPash.exe

MD5 1240a973f4c41323982b3aaa49522ec5
SHA1 c9966b861aa06132180f465b80806bbea638e213
SHA256 7f00c6a860e5cbcde4a0e2b05e6db8b47ceabc0a8c1f5f4d640289d069fa6fc9
SHA512 bf7d1688c5985202af91ce6ccf2af59858fc7c5ef403b05549d3a918e44995a5a0add81ab87ff66e62ce34a5c0eea57e0640b79673cce376ec9e0df6c6d6e459

C:\Windows\system\SftGjDv.exe

MD5 f774f812ad9df325b5f5316ce892026c
SHA1 cf55a6eae40f529fa08cfb76e642f27b6e348ce4
SHA256 fc07d58a5ffc77e29dcc97ed4249ed09f74d9bae471b5d355e35bbae647a4046
SHA512 2af3e1d312a05e1e64aa26d8e6d2cabe98ee4d51944b7dca383e8d74d07bb55eb8a8a76770c04f95d88550d71c94ec1f61cc0cfff48cd130e03a5901add52650

C:\Windows\system\PDzOTiy.exe

MD5 90f48b2caf6171c904699a0c9c474db7
SHA1 43ed7c97bcc6e1a66760272ad16a45599bdc8c1a
SHA256 6e142f625cbe25126052dc23d93b2d0e3dc78fcadd1930c91668658688430251
SHA512 b228ff7429d23b7a54f4cd25dda5643c20e6afa27c8f53fdfc7d5a1f278418f1d884a6aed3b22c4fcd314a16137e01e7c9926f4a48e461ce67c76778cd44c7a1

C:\Windows\system\KGcsnmj.exe

MD5 a7affc9578ac8b2b36b19a2b2c19e3ae
SHA1 21bb973e4ce0ed3096dbf366e6830c2cd365181d
SHA256 0b26e4b1fc3d4c6bbadc2978d903c54b061bdde193a6629ac3970ec7aa1f0d3a
SHA512 e02cda26d475ff5ba271cdb6ea1c854db8d93705ba32c5e072d81ffea84255784a6ce73434d4152bd6309e0867ea0e52d18352cca41747eca514cb2975c975a4

C:\Windows\system\HHEzCSs.exe

MD5 e54f94d2eac825072ac6f3c2e704b2e2
SHA1 12880dc904d830a491fac37c0a3696dccd243f8e
SHA256 c2d8648ee2c2b631c98baf25f58f964e42ac7a073a13e88bd4ffd5876e087221
SHA512 929c8005d0d37c2e3ee1cedd7cf9d1b427d5622ece664f7160a9f8b6022a92b5e6d54d87197be84f313b74f5a2b88c7a362cf19f507287cf83099b90056ad946

C:\Windows\system\QOUGmmg.exe

MD5 71961d06671eb28dee62f46d6eab04a2
SHA1 b3a34380e8a2a81a59434db321d3e43449043499
SHA256 4543ee346762fbb2dc3a6e9908e1bd8d8a12aae2d4ff06555a005bbd15a4c51b
SHA512 96fd41796d88f3c7daa8032273d4e1afa619676ac9251a6b6dad22407b82665931807d6661fe5a73ebf74e8e66fe28acf5d37f31bfc040f9b3b7e10e674041d7

C:\Windows\system\KRHKTjO.exe

MD5 54805dd38ed677a013a9d50eff8ec753
SHA1 f020cc874a8a0e6f2baedc1b849b4ba21e823d10
SHA256 2f7864bc7bdbb2ddc0bef58e7d95d185229ce348cefd783eebb88c80c6386b3c
SHA512 ddcb01fa0939038b1f90604a8ae08960cb73c019fba4bfd0260a7088dd73893da71d79239bff86aa12d1cf12fccb078152beeec4e10cce82af96eabaeddd64e2

C:\Windows\system\JWARPoE.exe

MD5 e754148d4e3de444fd447e4be70f4523
SHA1 1130a88daf81942891eccf18345b7253521ab2f1
SHA256 eeab161cc9687581b1e9a9ca73f7404a792fed8af1cbe1a62fa7bf1fa19e1aa4
SHA512 e7b80527805fbfbc651ae8338a4bccb476a3f135a3d68c5070d45065b6db1f9c4db1c1f48495757a24b278a6f466c1bb29cf8d3ef97bbf0e2f692355e0e0528e

C:\Windows\system\hADFwke.exe

MD5 71806e8e414f8c9d2d4b765aaad29660
SHA1 ed6e77f68d48d6cf1b4b1f55e566eb83aaee0267
SHA256 886e8dc883b71d730fe65893ea3499656d6ec59f23fcfa26edf1c7b2e4b86cda
SHA512 e64a3bfba0674c8b86ce4e62dfb6f43a132cdfbfe417cde0b3dcd2c461270426602282da6e91b79e54d66c4dab728af291b56fe44c7af422a66c9443d25216a5

C:\Windows\system\EtOwhwM.exe

MD5 a47b758d978086ee67c157de1aaad221
SHA1 97f997cd02c406ae553e8bafe7051084f2262c95
SHA256 b72fef0f8a4fe730b54e802e7f175a761c74c6dff5bbb2ec6eac124161958413
SHA512 19c58d3649c18a8ccac9e09557e6bb660d6bd3d8e95295279412d8d40ac0223bd611cbf0e12ed7a20a7d2d30251aceecb000b9841dcae066ca60631ab3fa4a16

memory/2136-106-0x000000013F4A0000-0x000000013F7F1000-memory.dmp

C:\Windows\system\KiVndNT.exe

MD5 7063ddbad41a4d2893abad9898a11c49
SHA1 892da014900e019afe3f37737d21b2a5a6c7acf6
SHA256 eeddc0be59ae5f1ff4680b8421eaf3ddd0c25d6f334100eb6d3ca8080b88cda3
SHA512 22a5405c91b0c7d27cd17e3f1978349d6eb3d796bbe16c8fe5e4aa5b2d1e8d464d1b114c985dfe0b3d3ca1dff3771002ca9a2af8a5e25ed25bd9af3656408868

C:\Windows\system\AVowsPl.exe

MD5 ec165347789cefdb404c43692fe28beb
SHA1 d4f930c87408ffb9d6b77343c80573b4322fd174
SHA256 ea794bc39cb0b46ed38917477e108e4d87e4cbe1880942fbe9dd349cae09f04f
SHA512 eb596d62656bd2ec07339a1594c5f5c6ae3739721f0f1a1a1933dce94cffc8b9a23002ac76dff1000928d3ee39b3e5079d44dd249f7b1e94ceccea9cf7338eca

memory/1700-89-0x000000013F050000-0x000000013F3A1000-memory.dmp

memory/1556-100-0x000000013F810000-0x000000013FB61000-memory.dmp

memory/2508-98-0x000000013FA70000-0x000000013FDC1000-memory.dmp

memory/1700-48-0x000000013F8E0000-0x000000013FC31000-memory.dmp

C:\Windows\system\EeTFyaf.exe

MD5 aea6dfc3a729d0e0c900a4883d9c1db1
SHA1 f652047b8277ff25c5e07f210e13e803744da05f
SHA256 140cfa103e5466c7afa0f751ca7b41fb45a72ae1c75525d075a64a21abf56cef
SHA512 203110fdc4d31eefe401b05c1356ffe30e4f9ac4ac196bc197f562e81ce2a6b4ea78817aa549ac1bf6e55e3c14f7853fb3db429c1390480bbe6099e89ff52231

C:\Windows\system\PhccfOU.exe

MD5 3265c850db4c75778acc4f8032250858
SHA1 3c60d305fecd12f52d71f7cf93800d8a34597dda
SHA256 53de27adc2a737f3ee6cfbb88e9b73740e41ee10cf6f13a1b042d4973eecbde1
SHA512 2663e3b8e2fe06da8c7e077f0d73c843d5e17de0c838c4e8abf157d934ee9277c511070c7faf8b3ce4dbf7a595d33e8b8fad47bfb53b028f82f02f2db273ffc9

C:\Windows\system\THeSVIE.exe

MD5 5ee2e9df2ec534c97f3b2b1575dd4d62
SHA1 36b2289fe71b057186522b09717ba3087a1fed07
SHA256 3ca21e0a43f19cadd02027a0425a0e7c88f5be417047b05b8310889642dffdb1
SHA512 3ced6817d1592e5bb51d5044329aad4e6b07b59692ee44bc03919945a54c1df70a983ac7c6c66b4d075585281da780a26e00e8e727400031c1bd14e63075cad4

memory/2296-1634-0x000000013FC20000-0x000000013FF71000-memory.dmp

memory/2920-2809-0x000000013FBE0000-0x000000013FF31000-memory.dmp

memory/1700-3143-0x000000013FE30000-0x0000000140181000-memory.dmp

memory/1216-3144-0x000000013FE30000-0x0000000140181000-memory.dmp

memory/1700-3355-0x0000000001D60000-0x00000000020B1000-memory.dmp

memory/2028-3699-0x000000013F950000-0x000000013FCA1000-memory.dmp

memory/2664-3702-0x000000013FFE0000-0x0000000140331000-memory.dmp

memory/1944-3707-0x000000013FC00000-0x000000013FF51000-memory.dmp

memory/2520-3721-0x000000013F050000-0x000000013F3A1000-memory.dmp

memory/2136-3737-0x000000013F4A0000-0x000000013F7F1000-memory.dmp

memory/1896-3747-0x000000013F280000-0x000000013F5D1000-memory.dmp

memory/1700-3760-0x000000013F810000-0x000000013FB61000-memory.dmp

memory/2388-3753-0x000000013F8E0000-0x000000013FC31000-memory.dmp

memory/2396-3773-0x000000013F840000-0x000000013FB91000-memory.dmp

memory/2296-3783-0x000000013FC20000-0x000000013FF71000-memory.dmp

memory/2508-3798-0x000000013FA70000-0x000000013FDC1000-memory.dmp

memory/1216-3836-0x000000013FE30000-0x0000000140181000-memory.dmp

memory/1556-4008-0x000000013F810000-0x000000013FB61000-memory.dmp

memory/1948-4010-0x000000013F310000-0x000000013F661000-memory.dmp

memory/2920-4046-0x000000013FBE0000-0x000000013FF31000-memory.dmp

memory/1700-5187-0x000000013FA00000-0x000000013FD51000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 17:13

Reported

2024-05-25 17:15

Platform

win10v2004-20240508-en

Max time kernel

71s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\FYfnpBU.exe N/A
N/A N/A C:\Windows\System\sbmDseW.exe N/A
N/A N/A C:\Windows\System\lsnYmhl.exe N/A
N/A N/A C:\Windows\System\HRQHMQB.exe N/A
N/A N/A C:\Windows\System\UhmOwkr.exe N/A
N/A N/A C:\Windows\System\xHHdxRc.exe N/A
N/A N/A C:\Windows\System\YsNSaxp.exe N/A
N/A N/A C:\Windows\System\AEGUZaL.exe N/A
N/A N/A C:\Windows\System\OGgssZc.exe N/A
N/A N/A C:\Windows\System\jzunptV.exe N/A
N/A N/A C:\Windows\System\sZzezBp.exe N/A
N/A N/A C:\Windows\System\odSBqmY.exe N/A
N/A N/A C:\Windows\System\mFuOFOG.exe N/A
N/A N/A C:\Windows\System\ZpiyCHG.exe N/A
N/A N/A C:\Windows\System\yZJrqkx.exe N/A
N/A N/A C:\Windows\System\clyvAfQ.exe N/A
N/A N/A C:\Windows\System\OJXfoix.exe N/A
N/A N/A C:\Windows\System\ymPEytg.exe N/A
N/A N/A C:\Windows\System\gdsrEZm.exe N/A
N/A N/A C:\Windows\System\TJInKaN.exe N/A
N/A N/A C:\Windows\System\hEXwiFv.exe N/A
N/A N/A C:\Windows\System\CNViVMy.exe N/A
N/A N/A C:\Windows\System\kMWnFXh.exe N/A
N/A N/A C:\Windows\System\NIRyPgs.exe N/A
N/A N/A C:\Windows\System\alSoSyV.exe N/A
N/A N/A C:\Windows\System\EhQeuDC.exe N/A
N/A N/A C:\Windows\System\NnqNqDJ.exe N/A
N/A N/A C:\Windows\System\xKVxntU.exe N/A
N/A N/A C:\Windows\System\mAelBoG.exe N/A
N/A N/A C:\Windows\System\RGdaErd.exe N/A
N/A N/A C:\Windows\System\ULaVidO.exe N/A
N/A N/A C:\Windows\System\CLdNbbn.exe N/A
N/A N/A C:\Windows\System\nJdavVS.exe N/A
N/A N/A C:\Windows\System\hxVmqme.exe N/A
N/A N/A C:\Windows\System\lKZPsCq.exe N/A
N/A N/A C:\Windows\System\xLgqQwz.exe N/A
N/A N/A C:\Windows\System\YMSlWvS.exe N/A
N/A N/A C:\Windows\System\xIiskee.exe N/A
N/A N/A C:\Windows\System\MyGHZEx.exe N/A
N/A N/A C:\Windows\System\SxBRcun.exe N/A
N/A N/A C:\Windows\System\fviwUAi.exe N/A
N/A N/A C:\Windows\System\iBjEniP.exe N/A
N/A N/A C:\Windows\System\OKrAfHq.exe N/A
N/A N/A C:\Windows\System\pyFLgdK.exe N/A
N/A N/A C:\Windows\System\TlsTbYM.exe N/A
N/A N/A C:\Windows\System\cHGXHNM.exe N/A
N/A N/A C:\Windows\System\MFSPmAH.exe N/A
N/A N/A C:\Windows\System\QgXMbKA.exe N/A
N/A N/A C:\Windows\System\KzziaTQ.exe N/A
N/A N/A C:\Windows\System\DhhdgGY.exe N/A
N/A N/A C:\Windows\System\ZAZZUYp.exe N/A
N/A N/A C:\Windows\System\FQmXLrZ.exe N/A
N/A N/A C:\Windows\System\AKuqxHF.exe N/A
N/A N/A C:\Windows\System\IuGRwFe.exe N/A
N/A N/A C:\Windows\System\XlHPAMf.exe N/A
N/A N/A C:\Windows\System\iHlhrdB.exe N/A
N/A N/A C:\Windows\System\JayrlbP.exe N/A
N/A N/A C:\Windows\System\aEpxfKv.exe N/A
N/A N/A C:\Windows\System\mNqeivt.exe N/A
N/A N/A C:\Windows\System\PQejfxy.exe N/A
N/A N/A C:\Windows\System\ygKgQvu.exe N/A
N/A N/A C:\Windows\System\fzrmttG.exe N/A
N/A N/A C:\Windows\System\xPVZuSm.exe N/A
N/A N/A C:\Windows\System\ejIdaMI.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\fjZCcPv.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\JltWpHX.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\qjTWNpe.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\sSYqoTc.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\UVwlUuI.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\WoiVbCQ.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbkRZGL.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYLyHiZ.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\zivtrKe.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPmUloT.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\OAhVvvs.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpDHnfv.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\NkerwGq.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\LtRFGQU.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\CXCPRVJ.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzpCWds.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\TbEpcEv.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBGBJXA.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUcjYkf.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvciysK.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\kdqypOX.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\QTIKniS.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\SxBJhwD.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\IkTWugj.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\NIRyPgs.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhZUPRw.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBzRFEf.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\sazWlwj.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\kczdUlj.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\ULaVidO.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\rRzhmYT.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQCacHI.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUNJSQY.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\dDMXFWr.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\BijnKAf.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\rVmfkRb.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\wffvJDZ.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmvzDcq.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\LKAWonS.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\xyTSLCk.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\zUlMADq.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\CPxCVQf.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\kaBQhcM.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFuOFOG.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\zfcZUzb.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\bcZtTtt.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\RPuTzaq.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\npjNvKQ.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbJeLdG.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\IDTeNbD.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZliBtwE.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\uZVSKod.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\pNvYEKI.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\dJsVCYB.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\HvGGrmv.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\SqImrma.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZhIdoJr.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\TeaNQdm.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\dLgUcPC.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbTAxXW.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmolrbY.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\JGiMGQh.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\arrsRTn.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A
File created C:\Windows\System\fviwUAi.exe C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{4E7BE269-E651-46DE-B857-059315402708} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{FBE8C3F6-DC4E-4247-9B31-E7159864F375} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{63E986B1-365B-421F-B8F3-7749ACA18D37} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4916 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\FYfnpBU.exe
PID 4916 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\FYfnpBU.exe
PID 4916 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\sbmDseW.exe
PID 4916 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\sbmDseW.exe
PID 4916 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\lsnYmhl.exe
PID 4916 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\lsnYmhl.exe
PID 4916 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\UhmOwkr.exe
PID 4916 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\UhmOwkr.exe
PID 4916 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\HRQHMQB.exe
PID 4916 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\HRQHMQB.exe
PID 4916 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\xHHdxRc.exe
PID 4916 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\xHHdxRc.exe
PID 4916 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\YsNSaxp.exe
PID 4916 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\YsNSaxp.exe
PID 4916 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\AEGUZaL.exe
PID 4916 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\AEGUZaL.exe
PID 4916 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\OGgssZc.exe
PID 4916 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\OGgssZc.exe
PID 4916 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\jzunptV.exe
PID 4916 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\jzunptV.exe
PID 4916 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\sZzezBp.exe
PID 4916 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\sZzezBp.exe
PID 4916 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\odSBqmY.exe
PID 4916 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\odSBqmY.exe
PID 4916 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\mFuOFOG.exe
PID 4916 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\mFuOFOG.exe
PID 4916 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\ZpiyCHG.exe
PID 4916 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\ZpiyCHG.exe
PID 4916 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\yZJrqkx.exe
PID 4916 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\yZJrqkx.exe
PID 4916 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\clyvAfQ.exe
PID 4916 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\clyvAfQ.exe
PID 4916 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\OJXfoix.exe
PID 4916 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\OJXfoix.exe
PID 4916 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\ymPEytg.exe
PID 4916 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\ymPEytg.exe
PID 4916 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\gdsrEZm.exe
PID 4916 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\gdsrEZm.exe
PID 4916 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\TJInKaN.exe
PID 4916 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\TJInKaN.exe
PID 4916 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\hEXwiFv.exe
PID 4916 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\hEXwiFv.exe
PID 4916 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\CNViVMy.exe
PID 4916 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\CNViVMy.exe
PID 4916 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\kMWnFXh.exe
PID 4916 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\kMWnFXh.exe
PID 4916 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\NIRyPgs.exe
PID 4916 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\NIRyPgs.exe
PID 4916 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\alSoSyV.exe
PID 4916 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\alSoSyV.exe
PID 4916 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\EhQeuDC.exe
PID 4916 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\EhQeuDC.exe
PID 4916 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\NnqNqDJ.exe
PID 4916 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\NnqNqDJ.exe
PID 4916 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\xKVxntU.exe
PID 4916 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\xKVxntU.exe
PID 4916 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\mAelBoG.exe
PID 4916 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\mAelBoG.exe
PID 4916 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\RGdaErd.exe
PID 4916 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\RGdaErd.exe
PID 4916 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\ULaVidO.exe
PID 4916 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\ULaVidO.exe
PID 4916 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\CLdNbbn.exe
PID 4916 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe C:\Windows\System\CLdNbbn.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\198c2cd91dd02d5ebb4ab797bcd3d120_NeikiAnalytics.exe"

C:\Windows\System\FYfnpBU.exe

C:\Windows\System\FYfnpBU.exe

C:\Windows\System\sbmDseW.exe

C:\Windows\System\sbmDseW.exe

C:\Windows\System\lsnYmhl.exe

C:\Windows\System\lsnYmhl.exe

C:\Windows\System\UhmOwkr.exe

C:\Windows\System\UhmOwkr.exe

C:\Windows\System\HRQHMQB.exe

C:\Windows\System\HRQHMQB.exe

C:\Windows\System\xHHdxRc.exe

C:\Windows\System\xHHdxRc.exe

C:\Windows\System\YsNSaxp.exe

C:\Windows\System\YsNSaxp.exe

C:\Windows\System\AEGUZaL.exe

C:\Windows\System\AEGUZaL.exe

C:\Windows\System\OGgssZc.exe

C:\Windows\System\OGgssZc.exe

C:\Windows\System\jzunptV.exe

C:\Windows\System\jzunptV.exe

C:\Windows\System\sZzezBp.exe

C:\Windows\System\sZzezBp.exe

C:\Windows\System\odSBqmY.exe

C:\Windows\System\odSBqmY.exe

C:\Windows\System\mFuOFOG.exe

C:\Windows\System\mFuOFOG.exe

C:\Windows\System\ZpiyCHG.exe

C:\Windows\System\ZpiyCHG.exe

C:\Windows\System\yZJrqkx.exe

C:\Windows\System\yZJrqkx.exe

C:\Windows\System\clyvAfQ.exe

C:\Windows\System\clyvAfQ.exe

C:\Windows\System\OJXfoix.exe

C:\Windows\System\OJXfoix.exe

C:\Windows\System\ymPEytg.exe

C:\Windows\System\ymPEytg.exe

C:\Windows\System\gdsrEZm.exe

C:\Windows\System\gdsrEZm.exe

C:\Windows\System\TJInKaN.exe

C:\Windows\System\TJInKaN.exe

C:\Windows\System\hEXwiFv.exe

C:\Windows\System\hEXwiFv.exe

C:\Windows\System\CNViVMy.exe

C:\Windows\System\CNViVMy.exe

C:\Windows\System\kMWnFXh.exe

C:\Windows\System\kMWnFXh.exe

C:\Windows\System\NIRyPgs.exe

C:\Windows\System\NIRyPgs.exe

C:\Windows\System\alSoSyV.exe

C:\Windows\System\alSoSyV.exe

C:\Windows\System\EhQeuDC.exe

C:\Windows\System\EhQeuDC.exe

C:\Windows\System\NnqNqDJ.exe

C:\Windows\System\NnqNqDJ.exe

C:\Windows\System\xKVxntU.exe

C:\Windows\System\xKVxntU.exe

C:\Windows\System\mAelBoG.exe

C:\Windows\System\mAelBoG.exe

C:\Windows\System\RGdaErd.exe

C:\Windows\System\RGdaErd.exe

C:\Windows\System\ULaVidO.exe

C:\Windows\System\ULaVidO.exe

C:\Windows\System\CLdNbbn.exe

C:\Windows\System\CLdNbbn.exe

C:\Windows\System\nJdavVS.exe

C:\Windows\System\nJdavVS.exe

C:\Windows\System\hxVmqme.exe

C:\Windows\System\hxVmqme.exe

C:\Windows\System\lKZPsCq.exe

C:\Windows\System\lKZPsCq.exe

C:\Windows\System\xLgqQwz.exe

C:\Windows\System\xLgqQwz.exe

C:\Windows\System\YMSlWvS.exe

C:\Windows\System\YMSlWvS.exe

C:\Windows\System\xIiskee.exe

C:\Windows\System\xIiskee.exe

C:\Windows\System\MyGHZEx.exe

C:\Windows\System\MyGHZEx.exe

C:\Windows\System\SxBRcun.exe

C:\Windows\System\SxBRcun.exe

C:\Windows\System\fviwUAi.exe

C:\Windows\System\fviwUAi.exe

C:\Windows\System\iBjEniP.exe

C:\Windows\System\iBjEniP.exe

C:\Windows\System\OKrAfHq.exe

C:\Windows\System\OKrAfHq.exe

C:\Windows\System\pyFLgdK.exe

C:\Windows\System\pyFLgdK.exe

C:\Windows\System\TlsTbYM.exe

C:\Windows\System\TlsTbYM.exe

C:\Windows\System\cHGXHNM.exe

C:\Windows\System\cHGXHNM.exe

C:\Windows\System\MFSPmAH.exe

C:\Windows\System\MFSPmAH.exe

C:\Windows\System\QgXMbKA.exe

C:\Windows\System\QgXMbKA.exe

C:\Windows\System\KzziaTQ.exe

C:\Windows\System\KzziaTQ.exe

C:\Windows\System\DhhdgGY.exe

C:\Windows\System\DhhdgGY.exe

C:\Windows\System\ZAZZUYp.exe

C:\Windows\System\ZAZZUYp.exe

C:\Windows\System\FQmXLrZ.exe

C:\Windows\System\FQmXLrZ.exe

C:\Windows\System\AKuqxHF.exe

C:\Windows\System\AKuqxHF.exe

C:\Windows\System\IuGRwFe.exe

C:\Windows\System\IuGRwFe.exe

C:\Windows\System\XlHPAMf.exe

C:\Windows\System\XlHPAMf.exe

C:\Windows\System\iHlhrdB.exe

C:\Windows\System\iHlhrdB.exe

C:\Windows\System\JayrlbP.exe

C:\Windows\System\JayrlbP.exe

C:\Windows\System\aEpxfKv.exe

C:\Windows\System\aEpxfKv.exe

C:\Windows\System\mNqeivt.exe

C:\Windows\System\mNqeivt.exe

C:\Windows\System\PQejfxy.exe

C:\Windows\System\PQejfxy.exe

C:\Windows\System\ygKgQvu.exe

C:\Windows\System\ygKgQvu.exe

C:\Windows\System\fzrmttG.exe

C:\Windows\System\fzrmttG.exe

C:\Windows\System\xPVZuSm.exe

C:\Windows\System\xPVZuSm.exe

C:\Windows\System\ejIdaMI.exe

C:\Windows\System\ejIdaMI.exe

C:\Windows\System\GklmFzQ.exe

C:\Windows\System\GklmFzQ.exe

C:\Windows\System\uKSDaoo.exe

C:\Windows\System\uKSDaoo.exe

C:\Windows\System\KGXgpVH.exe

C:\Windows\System\KGXgpVH.exe

C:\Windows\System\ljUagqN.exe

C:\Windows\System\ljUagqN.exe

C:\Windows\System\shQnCRV.exe

C:\Windows\System\shQnCRV.exe

C:\Windows\System\PzKILWt.exe

C:\Windows\System\PzKILWt.exe

C:\Windows\System\OAhVvvs.exe

C:\Windows\System\OAhVvvs.exe

C:\Windows\System\mDzFdXI.exe

C:\Windows\System\mDzFdXI.exe

C:\Windows\System\YSIpvfq.exe

C:\Windows\System\YSIpvfq.exe

C:\Windows\System\feNQEPh.exe

C:\Windows\System\feNQEPh.exe

C:\Windows\System\IUqINDk.exe

C:\Windows\System\IUqINDk.exe

C:\Windows\System\qpCAAWA.exe

C:\Windows\System\qpCAAWA.exe

C:\Windows\System\oSnCBZC.exe

C:\Windows\System\oSnCBZC.exe

C:\Windows\System\rkAypDs.exe

C:\Windows\System\rkAypDs.exe

C:\Windows\System\fwWSopl.exe

C:\Windows\System\fwWSopl.exe

C:\Windows\System\ulGctwk.exe

C:\Windows\System\ulGctwk.exe

C:\Windows\System\eQfweYu.exe

C:\Windows\System\eQfweYu.exe

C:\Windows\System\CsZjATq.exe

C:\Windows\System\CsZjATq.exe

C:\Windows\System\VMsEqbu.exe

C:\Windows\System\VMsEqbu.exe

C:\Windows\System\yHrPmpH.exe

C:\Windows\System\yHrPmpH.exe

C:\Windows\System\arvGzhL.exe

C:\Windows\System\arvGzhL.exe

C:\Windows\System\jEkTVck.exe

C:\Windows\System\jEkTVck.exe

C:\Windows\System\WseZRxn.exe

C:\Windows\System\WseZRxn.exe

C:\Windows\System\UfbxfZZ.exe

C:\Windows\System\UfbxfZZ.exe

C:\Windows\System\QRXDXFa.exe

C:\Windows\System\QRXDXFa.exe

C:\Windows\System\fZymiqr.exe

C:\Windows\System\fZymiqr.exe

C:\Windows\System\HCoeKyh.exe

C:\Windows\System\HCoeKyh.exe

C:\Windows\System\rVmfkRb.exe

C:\Windows\System\rVmfkRb.exe

C:\Windows\System\Vxlwtmv.exe

C:\Windows\System\Vxlwtmv.exe

C:\Windows\System\rRzhmYT.exe

C:\Windows\System\rRzhmYT.exe

C:\Windows\System\IArWmxE.exe

C:\Windows\System\IArWmxE.exe

C:\Windows\System\RpDHnfv.exe

C:\Windows\System\RpDHnfv.exe

C:\Windows\System\HlHfMPK.exe

C:\Windows\System\HlHfMPK.exe

C:\Windows\System\IlHCKKy.exe

C:\Windows\System\IlHCKKy.exe

C:\Windows\System\kMfLqrb.exe

C:\Windows\System\kMfLqrb.exe

C:\Windows\System\CYHMJXb.exe

C:\Windows\System\CYHMJXb.exe

C:\Windows\System\IbpGgZv.exe

C:\Windows\System\IbpGgZv.exe

C:\Windows\System\jAemPcd.exe

C:\Windows\System\jAemPcd.exe

C:\Windows\System\UYZDacc.exe

C:\Windows\System\UYZDacc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4288,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=3936 /prefetch:8

C:\Windows\System\pCPZLZK.exe

C:\Windows\System\pCPZLZK.exe

C:\Windows\System\zBuFChz.exe

C:\Windows\System\zBuFChz.exe

C:\Windows\System\aapiBZD.exe

C:\Windows\System\aapiBZD.exe

C:\Windows\System\VAFfepN.exe

C:\Windows\System\VAFfepN.exe

C:\Windows\System\pIVOxEe.exe

C:\Windows\System\pIVOxEe.exe

C:\Windows\System\hPaeFov.exe

C:\Windows\System\hPaeFov.exe

C:\Windows\System\NomsNcr.exe

C:\Windows\System\NomsNcr.exe

C:\Windows\System\WjLplRF.exe

C:\Windows\System\WjLplRF.exe

C:\Windows\System\NWXqYbp.exe

C:\Windows\System\NWXqYbp.exe

C:\Windows\System\WVglhpG.exe

C:\Windows\System\WVglhpG.exe

C:\Windows\System\kDxotqo.exe

C:\Windows\System\kDxotqo.exe

C:\Windows\System\TMXWADw.exe

C:\Windows\System\TMXWADw.exe

C:\Windows\System\LXJWzMQ.exe

C:\Windows\System\LXJWzMQ.exe

C:\Windows\System\NPKgWrB.exe

C:\Windows\System\NPKgWrB.exe

C:\Windows\System\xFmNEuC.exe

C:\Windows\System\xFmNEuC.exe

C:\Windows\System\LXlqfxN.exe

C:\Windows\System\LXlqfxN.exe

C:\Windows\System\HjVASDh.exe

C:\Windows\System\HjVASDh.exe

C:\Windows\System\VMpDlkL.exe

C:\Windows\System\VMpDlkL.exe

C:\Windows\System\QObHSpV.exe

C:\Windows\System\QObHSpV.exe

C:\Windows\System\jbXRCtp.exe

C:\Windows\System\jbXRCtp.exe

C:\Windows\System\fdWamEN.exe

C:\Windows\System\fdWamEN.exe

C:\Windows\System\vdSPaLq.exe

C:\Windows\System\vdSPaLq.exe

C:\Windows\System\nAsBqND.exe

C:\Windows\System\nAsBqND.exe

C:\Windows\System\BwaRDyS.exe

C:\Windows\System\BwaRDyS.exe

C:\Windows\System\HYBpacc.exe

C:\Windows\System\HYBpacc.exe

C:\Windows\System\LzLxQKG.exe

C:\Windows\System\LzLxQKG.exe

C:\Windows\System\nSpCtWG.exe

C:\Windows\System\nSpCtWG.exe

C:\Windows\System\adXTtIi.exe

C:\Windows\System\adXTtIi.exe

C:\Windows\System\Osjzmua.exe

C:\Windows\System\Osjzmua.exe

C:\Windows\System\jbLxUur.exe

C:\Windows\System\jbLxUur.exe

C:\Windows\System\lLTcjYi.exe

C:\Windows\System\lLTcjYi.exe

C:\Windows\System\sQeOLrb.exe

C:\Windows\System\sQeOLrb.exe

C:\Windows\System\uVuZVQO.exe

C:\Windows\System\uVuZVQO.exe

C:\Windows\System\iyiuzvr.exe

C:\Windows\System\iyiuzvr.exe

C:\Windows\System\OWXLiyh.exe

C:\Windows\System\OWXLiyh.exe

C:\Windows\System\dRIwwgx.exe

C:\Windows\System\dRIwwgx.exe

C:\Windows\System\cocoUnr.exe

C:\Windows\System\cocoUnr.exe

C:\Windows\System\UBGBJXA.exe

C:\Windows\System\UBGBJXA.exe

C:\Windows\System\xrnfmJG.exe

C:\Windows\System\xrnfmJG.exe

C:\Windows\System\sSYqoTc.exe

C:\Windows\System\sSYqoTc.exe

C:\Windows\System\WLCzndi.exe

C:\Windows\System\WLCzndi.exe

C:\Windows\System\mOdCCeu.exe

C:\Windows\System\mOdCCeu.exe

C:\Windows\System\cbTMPVg.exe

C:\Windows\System\cbTMPVg.exe

C:\Windows\System\oUcjYkf.exe

C:\Windows\System\oUcjYkf.exe

C:\Windows\System\EaIILGU.exe

C:\Windows\System\EaIILGU.exe

C:\Windows\System\VDqOwVj.exe

C:\Windows\System\VDqOwVj.exe

C:\Windows\System\cCQZiWC.exe

C:\Windows\System\cCQZiWC.exe

C:\Windows\System\QorJvxo.exe

C:\Windows\System\QorJvxo.exe

C:\Windows\System\uYoMHRT.exe

C:\Windows\System\uYoMHRT.exe

C:\Windows\System\jEBgeZF.exe

C:\Windows\System\jEBgeZF.exe

C:\Windows\System\pRLodKh.exe

C:\Windows\System\pRLodKh.exe

C:\Windows\System\QvciysK.exe

C:\Windows\System\QvciysK.exe

C:\Windows\System\JMcKqXF.exe

C:\Windows\System\JMcKqXF.exe

C:\Windows\System\vHSRpxR.exe

C:\Windows\System\vHSRpxR.exe

C:\Windows\System\BcidJaT.exe

C:\Windows\System\BcidJaT.exe

C:\Windows\System\UVwlUuI.exe

C:\Windows\System\UVwlUuI.exe

C:\Windows\System\pNvYEKI.exe

C:\Windows\System\pNvYEKI.exe

C:\Windows\System\VgOlMYS.exe

C:\Windows\System\VgOlMYS.exe

C:\Windows\System\CFcsDVT.exe

C:\Windows\System\CFcsDVT.exe

C:\Windows\System\NgQljYA.exe

C:\Windows\System\NgQljYA.exe

C:\Windows\System\suGvATK.exe

C:\Windows\System\suGvATK.exe

C:\Windows\System\uMQRGxh.exe

C:\Windows\System\uMQRGxh.exe

C:\Windows\System\VrjsPjr.exe

C:\Windows\System\VrjsPjr.exe

C:\Windows\System\FqYUMaS.exe

C:\Windows\System\FqYUMaS.exe

C:\Windows\System\OEscNvb.exe

C:\Windows\System\OEscNvb.exe

C:\Windows\System\MqyuyIM.exe

C:\Windows\System\MqyuyIM.exe

C:\Windows\System\YKLezbE.exe

C:\Windows\System\YKLezbE.exe

C:\Windows\System\GEXNhqy.exe

C:\Windows\System\GEXNhqy.exe

C:\Windows\System\hBFiMsh.exe

C:\Windows\System\hBFiMsh.exe

C:\Windows\System\WGEVghc.exe

C:\Windows\System\WGEVghc.exe

C:\Windows\System\lJzdBtk.exe

C:\Windows\System\lJzdBtk.exe

C:\Windows\System\TxOrikx.exe

C:\Windows\System\TxOrikx.exe

C:\Windows\System\keaTCDX.exe

C:\Windows\System\keaTCDX.exe

C:\Windows\System\KLuptos.exe

C:\Windows\System\KLuptos.exe

C:\Windows\System\rTXcSFG.exe

C:\Windows\System\rTXcSFG.exe

C:\Windows\System\gtUxsuI.exe

C:\Windows\System\gtUxsuI.exe

C:\Windows\System\hRCdiVj.exe

C:\Windows\System\hRCdiVj.exe

C:\Windows\System\zmBNvXW.exe

C:\Windows\System\zmBNvXW.exe

C:\Windows\System\ujaRWNC.exe

C:\Windows\System\ujaRWNC.exe

C:\Windows\System\IExCQEd.exe

C:\Windows\System\IExCQEd.exe

C:\Windows\System\lMLSYip.exe

C:\Windows\System\lMLSYip.exe

C:\Windows\System\lJSgXnD.exe

C:\Windows\System\lJSgXnD.exe

C:\Windows\System\huDHGEz.exe

C:\Windows\System\huDHGEz.exe

C:\Windows\System\OnbminM.exe

C:\Windows\System\OnbminM.exe

C:\Windows\System\TeaNQdm.exe

C:\Windows\System\TeaNQdm.exe

C:\Windows\System\dpVTwDC.exe

C:\Windows\System\dpVTwDC.exe

C:\Windows\System\kdqypOX.exe

C:\Windows\System\kdqypOX.exe

C:\Windows\System\uJISuwI.exe

C:\Windows\System\uJISuwI.exe

C:\Windows\System\XroDTHJ.exe

C:\Windows\System\XroDTHJ.exe

C:\Windows\System\QGbtITf.exe

C:\Windows\System\QGbtITf.exe

C:\Windows\System\dLgUcPC.exe

C:\Windows\System\dLgUcPC.exe

C:\Windows\System\cVKIVve.exe

C:\Windows\System\cVKIVve.exe

C:\Windows\System\oxLoqLi.exe

C:\Windows\System\oxLoqLi.exe

C:\Windows\System\oilOqfp.exe

C:\Windows\System\oilOqfp.exe

C:\Windows\System\DOldhct.exe

C:\Windows\System\DOldhct.exe

C:\Windows\System\mEcyZEk.exe

C:\Windows\System\mEcyZEk.exe

C:\Windows\System\IEgTGMp.exe

C:\Windows\System\IEgTGMp.exe

C:\Windows\System\sxNseJL.exe

C:\Windows\System\sxNseJL.exe

C:\Windows\System\AYkUVwv.exe

C:\Windows\System\AYkUVwv.exe

C:\Windows\System\hwhXkNW.exe

C:\Windows\System\hwhXkNW.exe

C:\Windows\System\zPnpfGq.exe

C:\Windows\System\zPnpfGq.exe

C:\Windows\System\qaJyVZn.exe

C:\Windows\System\qaJyVZn.exe

C:\Windows\System\YJDIqNj.exe

C:\Windows\System\YJDIqNj.exe

C:\Windows\System\mAEXfSa.exe

C:\Windows\System\mAEXfSa.exe

C:\Windows\System\IqENZNw.exe

C:\Windows\System\IqENZNw.exe

C:\Windows\System\XkssEXl.exe

C:\Windows\System\XkssEXl.exe

C:\Windows\System\QcfwKSQ.exe

C:\Windows\System\QcfwKSQ.exe

C:\Windows\System\GeXyRVF.exe

C:\Windows\System\GeXyRVF.exe

C:\Windows\System\PUxhvNs.exe

C:\Windows\System\PUxhvNs.exe

C:\Windows\System\vlpEVVx.exe

C:\Windows\System\vlpEVVx.exe

C:\Windows\System\dQNUxNb.exe

C:\Windows\System\dQNUxNb.exe

C:\Windows\System\WoiVbCQ.exe

C:\Windows\System\WoiVbCQ.exe

C:\Windows\System\xTQpYFn.exe

C:\Windows\System\xTQpYFn.exe

C:\Windows\System\BLEFUTo.exe

C:\Windows\System\BLEFUTo.exe

C:\Windows\System\xIDORIc.exe

C:\Windows\System\xIDORIc.exe

C:\Windows\System\makdCqZ.exe

C:\Windows\System\makdCqZ.exe

C:\Windows\System\QTIKniS.exe

C:\Windows\System\QTIKniS.exe

C:\Windows\System\SDHVxyQ.exe

C:\Windows\System\SDHVxyQ.exe

C:\Windows\System\vXeeXOD.exe

C:\Windows\System\vXeeXOD.exe

C:\Windows\System\BiWUQNk.exe

C:\Windows\System\BiWUQNk.exe

C:\Windows\System\cWmbUmd.exe

C:\Windows\System\cWmbUmd.exe

C:\Windows\System\CXCPRVJ.exe

C:\Windows\System\CXCPRVJ.exe

C:\Windows\System\lMtJMgF.exe

C:\Windows\System\lMtJMgF.exe

C:\Windows\System\wFpKZFS.exe

C:\Windows\System\wFpKZFS.exe

C:\Windows\System\BfveBVr.exe

C:\Windows\System\BfveBVr.exe

C:\Windows\System\GChYAak.exe

C:\Windows\System\GChYAak.exe

C:\Windows\System\XPdfCsY.exe

C:\Windows\System\XPdfCsY.exe

C:\Windows\System\tzQZNSH.exe

C:\Windows\System\tzQZNSH.exe

C:\Windows\System\lAomwpQ.exe

C:\Windows\System\lAomwpQ.exe

C:\Windows\System\cjzMwor.exe

C:\Windows\System\cjzMwor.exe

C:\Windows\System\wXoJGVa.exe

C:\Windows\System\wXoJGVa.exe

C:\Windows\System\ZRcSYXU.exe

C:\Windows\System\ZRcSYXU.exe

C:\Windows\System\VtvnluD.exe

C:\Windows\System\VtvnluD.exe

C:\Windows\System\JAslWQV.exe

C:\Windows\System\JAslWQV.exe

C:\Windows\System\NxGKkHE.exe

C:\Windows\System\NxGKkHE.exe

C:\Windows\System\JOeCKMl.exe

C:\Windows\System\JOeCKMl.exe

C:\Windows\System\xMMeAjm.exe

C:\Windows\System\xMMeAjm.exe

C:\Windows\System\rxZelGt.exe

C:\Windows\System\rxZelGt.exe

C:\Windows\System\IBlcbAg.exe

C:\Windows\System\IBlcbAg.exe

C:\Windows\System\urAeEpg.exe

C:\Windows\System\urAeEpg.exe

C:\Windows\System\ovQojBQ.exe

C:\Windows\System\ovQojBQ.exe

C:\Windows\System\gnbNoDE.exe

C:\Windows\System\gnbNoDE.exe

C:\Windows\System\MREKXpA.exe

C:\Windows\System\MREKXpA.exe

C:\Windows\System\QCSKYwB.exe

C:\Windows\System\QCSKYwB.exe

C:\Windows\System\ejtevEH.exe

C:\Windows\System\ejtevEH.exe

C:\Windows\System\iWrdksJ.exe

C:\Windows\System\iWrdksJ.exe

C:\Windows\System\IzThtve.exe

C:\Windows\System\IzThtve.exe

C:\Windows\System\QdTuCZv.exe

C:\Windows\System\QdTuCZv.exe

C:\Windows\System\zfcZUzb.exe

C:\Windows\System\zfcZUzb.exe

C:\Windows\System\SxIfnbE.exe

C:\Windows\System\SxIfnbE.exe

C:\Windows\System\MdwWOEC.exe

C:\Windows\System\MdwWOEC.exe

C:\Windows\System\CFznOAd.exe

C:\Windows\System\CFznOAd.exe

C:\Windows\System\lDPcgyQ.exe

C:\Windows\System\lDPcgyQ.exe

C:\Windows\System\FlTGDuU.exe

C:\Windows\System\FlTGDuU.exe

C:\Windows\System\qPuAzEX.exe

C:\Windows\System\qPuAzEX.exe

C:\Windows\System\kbkRZGL.exe

C:\Windows\System\kbkRZGL.exe

C:\Windows\System\huJhwha.exe

C:\Windows\System\huJhwha.exe

C:\Windows\System\HoGKArF.exe

C:\Windows\System\HoGKArF.exe

C:\Windows\System\lRzqMqz.exe

C:\Windows\System\lRzqMqz.exe

C:\Windows\System\ZvPkBWh.exe

C:\Windows\System\ZvPkBWh.exe

C:\Windows\System\tFWwCAV.exe

C:\Windows\System\tFWwCAV.exe

C:\Windows\System\zcFzMEq.exe

C:\Windows\System\zcFzMEq.exe

C:\Windows\System\bcZtTtt.exe

C:\Windows\System\bcZtTtt.exe

C:\Windows\System\sUuFveA.exe

C:\Windows\System\sUuFveA.exe

C:\Windows\System\dBjqnPX.exe

C:\Windows\System\dBjqnPX.exe

C:\Windows\System\mgUueSz.exe

C:\Windows\System\mgUueSz.exe

C:\Windows\System\aowCPSD.exe

C:\Windows\System\aowCPSD.exe

C:\Windows\System\otoorjH.exe

C:\Windows\System\otoorjH.exe

C:\Windows\System\wiWCnhg.exe

C:\Windows\System\wiWCnhg.exe

C:\Windows\System\XmIvUJz.exe

C:\Windows\System\XmIvUJz.exe

C:\Windows\System\jPvvtbp.exe

C:\Windows\System\jPvvtbp.exe

C:\Windows\System\exNuHFZ.exe

C:\Windows\System\exNuHFZ.exe

C:\Windows\System\dKwTpBT.exe

C:\Windows\System\dKwTpBT.exe

C:\Windows\System\iRjpuYU.exe

C:\Windows\System\iRjpuYU.exe

C:\Windows\System\eeXnXuc.exe

C:\Windows\System\eeXnXuc.exe

C:\Windows\System\NzpCWds.exe

C:\Windows\System\NzpCWds.exe

C:\Windows\System\TjXIMBn.exe

C:\Windows\System\TjXIMBn.exe

C:\Windows\System\QaoGgyC.exe

C:\Windows\System\QaoGgyC.exe

C:\Windows\System\yQCacHI.exe

C:\Windows\System\yQCacHI.exe

C:\Windows\System\nnXuGkF.exe

C:\Windows\System\nnXuGkF.exe

C:\Windows\System\GJQaCLi.exe

C:\Windows\System\GJQaCLi.exe

C:\Windows\System\UgXIpck.exe

C:\Windows\System\UgXIpck.exe

C:\Windows\System\CJEXnEa.exe

C:\Windows\System\CJEXnEa.exe

C:\Windows\System\SaOjytX.exe

C:\Windows\System\SaOjytX.exe

C:\Windows\System\xhwCRYY.exe

C:\Windows\System\xhwCRYY.exe

C:\Windows\System\LNTWZxL.exe

C:\Windows\System\LNTWZxL.exe

C:\Windows\System\josBdrA.exe

C:\Windows\System\josBdrA.exe

C:\Windows\System\xwltLFK.exe

C:\Windows\System\xwltLFK.exe

C:\Windows\System\jrpiMMQ.exe

C:\Windows\System\jrpiMMQ.exe

C:\Windows\System\cqqwuWY.exe

C:\Windows\System\cqqwuWY.exe

C:\Windows\System\xZwGvGA.exe

C:\Windows\System\xZwGvGA.exe

C:\Windows\System\pwKbokH.exe

C:\Windows\System\pwKbokH.exe

C:\Windows\System\LZvCyDr.exe

C:\Windows\System\LZvCyDr.exe

C:\Windows\System\NkerwGq.exe

C:\Windows\System\NkerwGq.exe

C:\Windows\System\DNcDRSh.exe

C:\Windows\System\DNcDRSh.exe

C:\Windows\System\uQPFEjL.exe

C:\Windows\System\uQPFEjL.exe

C:\Windows\System\WGBkkec.exe

C:\Windows\System\WGBkkec.exe

C:\Windows\System\TbEpcEv.exe

C:\Windows\System\TbEpcEv.exe

C:\Windows\System\WBShoPc.exe

C:\Windows\System\WBShoPc.exe

C:\Windows\System\rcrifaQ.exe

C:\Windows\System\rcrifaQ.exe

C:\Windows\System\dYhkGba.exe

C:\Windows\System\dYhkGba.exe

C:\Windows\System\TaiHaxc.exe

C:\Windows\System\TaiHaxc.exe

C:\Windows\System\QprOoPs.exe

C:\Windows\System\QprOoPs.exe

C:\Windows\System\LkMWsre.exe

C:\Windows\System\LkMWsre.exe

C:\Windows\System\iArdOlR.exe

C:\Windows\System\iArdOlR.exe

C:\Windows\System\aJgclmI.exe

C:\Windows\System\aJgclmI.exe

C:\Windows\System\lnSExze.exe

C:\Windows\System\lnSExze.exe

C:\Windows\System\krnHByk.exe

C:\Windows\System\krnHByk.exe

C:\Windows\System\lgGBtJK.exe

C:\Windows\System\lgGBtJK.exe

C:\Windows\System\bXmXjCX.exe

C:\Windows\System\bXmXjCX.exe

C:\Windows\System\leWjNlb.exe

C:\Windows\System\leWjNlb.exe

C:\Windows\System\gYqdWyj.exe

C:\Windows\System\gYqdWyj.exe

C:\Windows\System\gjvaqrj.exe

C:\Windows\System\gjvaqrj.exe

C:\Windows\System\ZwNNNOG.exe

C:\Windows\System\ZwNNNOG.exe

C:\Windows\System\RxocdRx.exe

C:\Windows\System\RxocdRx.exe

C:\Windows\System\fpTZWxO.exe

C:\Windows\System\fpTZWxO.exe

C:\Windows\System\RZZgFNr.exe

C:\Windows\System\RZZgFNr.exe

C:\Windows\System\jHtvfKv.exe

C:\Windows\System\jHtvfKv.exe

C:\Windows\System\dgnrWNh.exe

C:\Windows\System\dgnrWNh.exe

C:\Windows\System\rHCHxYZ.exe

C:\Windows\System\rHCHxYZ.exe

C:\Windows\System\PSjAZOg.exe

C:\Windows\System\PSjAZOg.exe

C:\Windows\System\oOqAird.exe

C:\Windows\System\oOqAird.exe

C:\Windows\System\HsvAXlp.exe

C:\Windows\System\HsvAXlp.exe

C:\Windows\System\TGfubrc.exe

C:\Windows\System\TGfubrc.exe

C:\Windows\System\bDmozrv.exe

C:\Windows\System\bDmozrv.exe

C:\Windows\System\uqmenIo.exe

C:\Windows\System\uqmenIo.exe

C:\Windows\System\EVoUanF.exe

C:\Windows\System\EVoUanF.exe

C:\Windows\System\gtxNCWE.exe

C:\Windows\System\gtxNCWE.exe

C:\Windows\System\ITxvBVY.exe

C:\Windows\System\ITxvBVY.exe

C:\Windows\System\MUNJSQY.exe

C:\Windows\System\MUNJSQY.exe

C:\Windows\System\ZVONDEz.exe

C:\Windows\System\ZVONDEz.exe

C:\Windows\System\luOuCqP.exe

C:\Windows\System\luOuCqP.exe

C:\Windows\System\WAyxxNB.exe

C:\Windows\System\WAyxxNB.exe

C:\Windows\System\HDtuupk.exe

C:\Windows\System\HDtuupk.exe

C:\Windows\System\vTlJIXE.exe

C:\Windows\System\vTlJIXE.exe

C:\Windows\System\HfGyGJd.exe

C:\Windows\System\HfGyGJd.exe

C:\Windows\System\AjvVZzh.exe

C:\Windows\System\AjvVZzh.exe

C:\Windows\System\wmolrbY.exe

C:\Windows\System\wmolrbY.exe

C:\Windows\System\QMqjiVn.exe

C:\Windows\System\QMqjiVn.exe

C:\Windows\System\nlZbLye.exe

C:\Windows\System\nlZbLye.exe

C:\Windows\System\DMGzBwJ.exe

C:\Windows\System\DMGzBwJ.exe

C:\Windows\System\axaINHf.exe

C:\Windows\System\axaINHf.exe

C:\Windows\System\GOpAkxh.exe

C:\Windows\System\GOpAkxh.exe

C:\Windows\System\yhOenNm.exe

C:\Windows\System\yhOenNm.exe

C:\Windows\System\RPuTzaq.exe

C:\Windows\System\RPuTzaq.exe

C:\Windows\System\QDWhKJm.exe

C:\Windows\System\QDWhKJm.exe

C:\Windows\System\sOuJVTE.exe

C:\Windows\System\sOuJVTE.exe

C:\Windows\System\DurXaYZ.exe

C:\Windows\System\DurXaYZ.exe

C:\Windows\System\MKqKSfg.exe

C:\Windows\System\MKqKSfg.exe

C:\Windows\System\JTZKjKs.exe

C:\Windows\System\JTZKjKs.exe

C:\Windows\System\PaSLSNt.exe

C:\Windows\System\PaSLSNt.exe

C:\Windows\System\JkzzqRb.exe

C:\Windows\System\JkzzqRb.exe

C:\Windows\System\hLoruZI.exe

C:\Windows\System\hLoruZI.exe

C:\Windows\System\AQVowKx.exe

C:\Windows\System\AQVowKx.exe

C:\Windows\System\IgBTqDf.exe

C:\Windows\System\IgBTqDf.exe

C:\Windows\System\CJNBNXK.exe

C:\Windows\System\CJNBNXK.exe

C:\Windows\System\SxBJhwD.exe

C:\Windows\System\SxBJhwD.exe

C:\Windows\System\mQqKPKA.exe

C:\Windows\System\mQqKPKA.exe

C:\Windows\System\zJPLrrm.exe

C:\Windows\System\zJPLrrm.exe

C:\Windows\System\BouCnnT.exe

C:\Windows\System\BouCnnT.exe

C:\Windows\System\mqliGjg.exe

C:\Windows\System\mqliGjg.exe

C:\Windows\System\qTXPbzv.exe

C:\Windows\System\qTXPbzv.exe

C:\Windows\System\eJjAXxL.exe

C:\Windows\System\eJjAXxL.exe

C:\Windows\System\AgtqPSy.exe

C:\Windows\System\AgtqPSy.exe

C:\Windows\System\CBmIkCc.exe

C:\Windows\System\CBmIkCc.exe

C:\Windows\System\cDwoVxP.exe

C:\Windows\System\cDwoVxP.exe

C:\Windows\System\liLDJZV.exe

C:\Windows\System\liLDJZV.exe

C:\Windows\System\KCSVMlF.exe

C:\Windows\System\KCSVMlF.exe

C:\Windows\System\dJsVCYB.exe

C:\Windows\System\dJsVCYB.exe

C:\Windows\System\LtRFGQU.exe

C:\Windows\System\LtRFGQU.exe

C:\Windows\System\aYWWSzz.exe

C:\Windows\System\aYWWSzz.exe

C:\Windows\System\tTiFNZi.exe

C:\Windows\System\tTiFNZi.exe

C:\Windows\System\arKuwiX.exe

C:\Windows\System\arKuwiX.exe

C:\Windows\System\HvGGrmv.exe

C:\Windows\System\HvGGrmv.exe

C:\Windows\System\wffvJDZ.exe

C:\Windows\System\wffvJDZ.exe

C:\Windows\System\CpDKzjw.exe

C:\Windows\System\CpDKzjw.exe

C:\Windows\System\ozbXKpW.exe

C:\Windows\System\ozbXKpW.exe

C:\Windows\System\RYahQJa.exe

C:\Windows\System\RYahQJa.exe

C:\Windows\System\VYKeeri.exe

C:\Windows\System\VYKeeri.exe

C:\Windows\System\ABlnfMe.exe

C:\Windows\System\ABlnfMe.exe

C:\Windows\System\TkKSCbs.exe

C:\Windows\System\TkKSCbs.exe

C:\Windows\System\UZoxKIK.exe

C:\Windows\System\UZoxKIK.exe

C:\Windows\System\KiLgVZY.exe

C:\Windows\System\KiLgVZY.exe

C:\Windows\System\fgyZJdQ.exe

C:\Windows\System\fgyZJdQ.exe

C:\Windows\System\BmvzDcq.exe

C:\Windows\System\BmvzDcq.exe

C:\Windows\System\UjxMAXb.exe

C:\Windows\System\UjxMAXb.exe

C:\Windows\System\SqImrma.exe

C:\Windows\System\SqImrma.exe

C:\Windows\System\esINDsX.exe

C:\Windows\System\esINDsX.exe

C:\Windows\System\IvqSkyF.exe

C:\Windows\System\IvqSkyF.exe

C:\Windows\System\IYsBkDF.exe

C:\Windows\System\IYsBkDF.exe

C:\Windows\System\wgrhJDq.exe

C:\Windows\System\wgrhJDq.exe

C:\Windows\System\CZMseyN.exe

C:\Windows\System\CZMseyN.exe

C:\Windows\System\upjiOtM.exe

C:\Windows\System\upjiOtM.exe

C:\Windows\System\cVFmzsW.exe

C:\Windows\System\cVFmzsW.exe

C:\Windows\System\HbukRFV.exe

C:\Windows\System\HbukRFV.exe

C:\Windows\System\vnkBfSX.exe

C:\Windows\System\vnkBfSX.exe

C:\Windows\System\DEuHngL.exe

C:\Windows\System\DEuHngL.exe

C:\Windows\System\sYLyHiZ.exe

C:\Windows\System\sYLyHiZ.exe

C:\Windows\System\GtLNzHr.exe

C:\Windows\System\GtLNzHr.exe

C:\Windows\System\nhaIMhL.exe

C:\Windows\System\nhaIMhL.exe

C:\Windows\System\fAQJHCL.exe

C:\Windows\System\fAQJHCL.exe

C:\Windows\System\ENYzlJV.exe

C:\Windows\System\ENYzlJV.exe

C:\Windows\System\RNmccJq.exe

C:\Windows\System\RNmccJq.exe

C:\Windows\System\SIHxtUw.exe

C:\Windows\System\SIHxtUw.exe

C:\Windows\System\hoXsCjI.exe

C:\Windows\System\hoXsCjI.exe

C:\Windows\System\dDMXFWr.exe

C:\Windows\System\dDMXFWr.exe

C:\Windows\System\wVOhsjD.exe

C:\Windows\System\wVOhsjD.exe

C:\Windows\System\npjNvKQ.exe

C:\Windows\System\npjNvKQ.exe

C:\Windows\System\rdIRqis.exe

C:\Windows\System\rdIRqis.exe

C:\Windows\System\yEApOCo.exe

C:\Windows\System\yEApOCo.exe

C:\Windows\System\rYODmAJ.exe

C:\Windows\System\rYODmAJ.exe

C:\Windows\System\UmpYYTD.exe

C:\Windows\System\UmpYYTD.exe

C:\Windows\System\RIfaElu.exe

C:\Windows\System\RIfaElu.exe

C:\Windows\System\CZtealR.exe

C:\Windows\System\CZtealR.exe

C:\Windows\System\xhEnTXy.exe

C:\Windows\System\xhEnTXy.exe

C:\Windows\System\CjxQQll.exe

C:\Windows\System\CjxQQll.exe

C:\Windows\System\bfAwxYw.exe

C:\Windows\System\bfAwxYw.exe

C:\Windows\System\THACeBD.exe

C:\Windows\System\THACeBD.exe

C:\Windows\System\iaGXEsd.exe

C:\Windows\System\iaGXEsd.exe

C:\Windows\System\HhwkVUQ.exe

C:\Windows\System\HhwkVUQ.exe

C:\Windows\System\wpqbcxU.exe

C:\Windows\System\wpqbcxU.exe

C:\Windows\System\qMGirbV.exe

C:\Windows\System\qMGirbV.exe

C:\Windows\System\avBySgL.exe

C:\Windows\System\avBySgL.exe

C:\Windows\System\TGAzHTQ.exe

C:\Windows\System\TGAzHTQ.exe

C:\Windows\System\LFCVxZj.exe

C:\Windows\System\LFCVxZj.exe

C:\Windows\System\zNtLdlY.exe

C:\Windows\System\zNtLdlY.exe

C:\Windows\System\vAEHcsF.exe

C:\Windows\System\vAEHcsF.exe

C:\Windows\System\SFAXBHv.exe

C:\Windows\System\SFAXBHv.exe

C:\Windows\System\ynRjStS.exe

C:\Windows\System\ynRjStS.exe

C:\Windows\System\UQSjLDJ.exe

C:\Windows\System\UQSjLDJ.exe

C:\Windows\System\hUWGubn.exe

C:\Windows\System\hUWGubn.exe

C:\Windows\System\fNwmBuJ.exe

C:\Windows\System\fNwmBuJ.exe

C:\Windows\System\wSJvqAA.exe

C:\Windows\System\wSJvqAA.exe

C:\Windows\System\qPVZLHK.exe

C:\Windows\System\qPVZLHK.exe

C:\Windows\System\IBzRFEf.exe

C:\Windows\System\IBzRFEf.exe

C:\Windows\System\CDqXvaX.exe

C:\Windows\System\CDqXvaX.exe

C:\Windows\System\hjVPPjw.exe

C:\Windows\System\hjVPPjw.exe

C:\Windows\System\UDPBeoP.exe

C:\Windows\System\UDPBeoP.exe

C:\Windows\System\ddktlNT.exe

C:\Windows\System\ddktlNT.exe

C:\Windows\System\mYQmskf.exe

C:\Windows\System\mYQmskf.exe

C:\Windows\System\hKoFcoU.exe

C:\Windows\System\hKoFcoU.exe

C:\Windows\System\kJVlCTf.exe

C:\Windows\System\kJVlCTf.exe

C:\Windows\System\KgghFuD.exe

C:\Windows\System\KgghFuD.exe

C:\Windows\System\xUzuWZw.exe

C:\Windows\System\xUzuWZw.exe

C:\Windows\System\fFnfHpq.exe

C:\Windows\System\fFnfHpq.exe

C:\Windows\System\CTAEHsk.exe

C:\Windows\System\CTAEHsk.exe

C:\Windows\System\FCCQwps.exe

C:\Windows\System\FCCQwps.exe

C:\Windows\System\qDhRqTt.exe

C:\Windows\System\qDhRqTt.exe

C:\Windows\System\fqrmwPa.exe

C:\Windows\System\fqrmwPa.exe

C:\Windows\System\pBXsOyS.exe

C:\Windows\System\pBXsOyS.exe

C:\Windows\System\svuFVtp.exe

C:\Windows\System\svuFVtp.exe

C:\Windows\System\JGiMGQh.exe

C:\Windows\System\JGiMGQh.exe

C:\Windows\System\yAhjFVJ.exe

C:\Windows\System\yAhjFVJ.exe

C:\Windows\System\LKAWonS.exe

C:\Windows\System\LKAWonS.exe

C:\Windows\System\BZFFMgA.exe

C:\Windows\System\BZFFMgA.exe

C:\Windows\System\bulGVei.exe

C:\Windows\System\bulGVei.exe

C:\Windows\System\ROnBgnH.exe

C:\Windows\System\ROnBgnH.exe

C:\Windows\System\noJuHlh.exe

C:\Windows\System\noJuHlh.exe

C:\Windows\System\awGMUzG.exe

C:\Windows\System\awGMUzG.exe

C:\Windows\System\tTcEpwB.exe

C:\Windows\System\tTcEpwB.exe

C:\Windows\System\ampHVfK.exe

C:\Windows\System\ampHVfK.exe

C:\Windows\System\xUOfVNR.exe

C:\Windows\System\xUOfVNR.exe

C:\Windows\System\SMoAObs.exe

C:\Windows\System\SMoAObs.exe

C:\Windows\System\ZCRJycB.exe

C:\Windows\System\ZCRJycB.exe

C:\Windows\System\OsaYDTX.exe

C:\Windows\System\OsaYDTX.exe

C:\Windows\System\KJLkisL.exe

C:\Windows\System\KJLkisL.exe

C:\Windows\System\zdMFUPP.exe

C:\Windows\System\zdMFUPP.exe

C:\Windows\System\RWlvisc.exe

C:\Windows\System\RWlvisc.exe

C:\Windows\System\dBwHTuI.exe

C:\Windows\System\dBwHTuI.exe

C:\Windows\System\IYULzni.exe

C:\Windows\System\IYULzni.exe

C:\Windows\System\NmThUAS.exe

C:\Windows\System\NmThUAS.exe

C:\Windows\System\KuDSUqP.exe

C:\Windows\System\KuDSUqP.exe

C:\Windows\System\uSQTTUe.exe

C:\Windows\System\uSQTTUe.exe

C:\Windows\System\ijZYneY.exe

C:\Windows\System\ijZYneY.exe

C:\Windows\System\SMfGoOF.exe

C:\Windows\System\SMfGoOF.exe

C:\Windows\System\ZhIdoJr.exe

C:\Windows\System\ZhIdoJr.exe

C:\Windows\System\IwHwhLA.exe

C:\Windows\System\IwHwhLA.exe

C:\Windows\System\wqFftlc.exe

C:\Windows\System\wqFftlc.exe

C:\Windows\System\RyZDkZR.exe

C:\Windows\System\RyZDkZR.exe

C:\Windows\System\CiOvywU.exe

C:\Windows\System\CiOvywU.exe

C:\Windows\System\lbJeLdG.exe

C:\Windows\System\lbJeLdG.exe

C:\Windows\System\PcKSBIb.exe

C:\Windows\System\PcKSBIb.exe

C:\Windows\System\ZHdBLgr.exe

C:\Windows\System\ZHdBLgr.exe

C:\Windows\System\IVhoOiq.exe

C:\Windows\System\IVhoOiq.exe

C:\Windows\System\LMfLXVS.exe

C:\Windows\System\LMfLXVS.exe

C:\Windows\System\nrsjuml.exe

C:\Windows\System\nrsjuml.exe

C:\Windows\System\baqPtAO.exe

C:\Windows\System\baqPtAO.exe

C:\Windows\System\KimyOPv.exe

C:\Windows\System\KimyOPv.exe

C:\Windows\System\YsEAzmy.exe

C:\Windows\System\YsEAzmy.exe

C:\Windows\System\fBCDMfO.exe

C:\Windows\System\fBCDMfO.exe

C:\Windows\System\UGcDPJy.exe

C:\Windows\System\UGcDPJy.exe

C:\Windows\System\ZBAlFWH.exe

C:\Windows\System\ZBAlFWH.exe

C:\Windows\System\jcYpEUG.exe

C:\Windows\System\jcYpEUG.exe

C:\Windows\System\ZAKeCXf.exe

C:\Windows\System\ZAKeCXf.exe

C:\Windows\System\eVlonoW.exe

C:\Windows\System\eVlonoW.exe

C:\Windows\System\arBKBnb.exe

C:\Windows\System\arBKBnb.exe

C:\Windows\System\zivtrKe.exe

C:\Windows\System\zivtrKe.exe

C:\Windows\System\TSbvNYQ.exe

C:\Windows\System\TSbvNYQ.exe

C:\Windows\System\VqJgJPO.exe

C:\Windows\System\VqJgJPO.exe

C:\Windows\System\TjQOrJT.exe

C:\Windows\System\TjQOrJT.exe

C:\Windows\System\idXZCzz.exe

C:\Windows\System\idXZCzz.exe

C:\Windows\System\pKuZErS.exe

C:\Windows\System\pKuZErS.exe

C:\Windows\System\UFBGdaj.exe

C:\Windows\System\UFBGdaj.exe

C:\Windows\System\QocRgkj.exe

C:\Windows\System\QocRgkj.exe

C:\Windows\System\qVXrIUR.exe

C:\Windows\System\qVXrIUR.exe

C:\Windows\System\pYYjBhF.exe

C:\Windows\System\pYYjBhF.exe

C:\Windows\System\LibsHUX.exe

C:\Windows\System\LibsHUX.exe

C:\Windows\System\ijTyzze.exe

C:\Windows\System\ijTyzze.exe

C:\Windows\System\xwqCYCg.exe

C:\Windows\System\xwqCYCg.exe

C:\Windows\System\sgtXSRN.exe

C:\Windows\System\sgtXSRN.exe

C:\Windows\System\WgATHcO.exe

C:\Windows\System\WgATHcO.exe

C:\Windows\System\KkIbOYK.exe

C:\Windows\System\KkIbOYK.exe

C:\Windows\System\RdBfigu.exe

C:\Windows\System\RdBfigu.exe

C:\Windows\System\VdRGltS.exe

C:\Windows\System\VdRGltS.exe

C:\Windows\System\PJCVdFM.exe

C:\Windows\System\PJCVdFM.exe

C:\Windows\System\wwWciZe.exe

C:\Windows\System\wwWciZe.exe

C:\Windows\System\bvHaqPh.exe

C:\Windows\System\bvHaqPh.exe

C:\Windows\System\avsXtoK.exe

C:\Windows\System\avsXtoK.exe

C:\Windows\System\dTuYrgj.exe

C:\Windows\System\dTuYrgj.exe

C:\Windows\System\tAWqhVt.exe

C:\Windows\System\tAWqhVt.exe

C:\Windows\System\oLHAZSN.exe

C:\Windows\System\oLHAZSN.exe

C:\Windows\System\gVvtwRt.exe

C:\Windows\System\gVvtwRt.exe

C:\Windows\System\NsAhGDn.exe

C:\Windows\System\NsAhGDn.exe

C:\Windows\System\kzlIisH.exe

C:\Windows\System\kzlIisH.exe

C:\Windows\System\ixcCHpu.exe

C:\Windows\System\ixcCHpu.exe

C:\Windows\System\VMOsOdD.exe

C:\Windows\System\VMOsOdD.exe

C:\Windows\System\ZWQxNmd.exe

C:\Windows\System\ZWQxNmd.exe

C:\Windows\System\VQjsxvR.exe

C:\Windows\System\VQjsxvR.exe

C:\Windows\System\dslhhSn.exe

C:\Windows\System\dslhhSn.exe

C:\Windows\System\KnpgsRq.exe

C:\Windows\System\KnpgsRq.exe

C:\Windows\System\wmOnujA.exe

C:\Windows\System\wmOnujA.exe

C:\Windows\System\ITlLJKE.exe

C:\Windows\System\ITlLJKE.exe

C:\Windows\System\QPcxMQl.exe

C:\Windows\System\QPcxMQl.exe

C:\Windows\System\DhRPTdh.exe

C:\Windows\System\DhRPTdh.exe

C:\Windows\System\TJakQVT.exe

C:\Windows\System\TJakQVT.exe

C:\Windows\System\XNnSpqb.exe

C:\Windows\System\XNnSpqb.exe

C:\Windows\System\FPtxCwn.exe

C:\Windows\System\FPtxCwn.exe

C:\Windows\System\wHiJYmI.exe

C:\Windows\System\wHiJYmI.exe

C:\Windows\System\BBdSReR.exe

C:\Windows\System\BBdSReR.exe

C:\Windows\System\awcTfMG.exe

C:\Windows\System\awcTfMG.exe

C:\Windows\System\ZKZlCQT.exe

C:\Windows\System\ZKZlCQT.exe

C:\Windows\System\arrsRTn.exe

C:\Windows\System\arrsRTn.exe

C:\Windows\System\EUBpmmB.exe

C:\Windows\System\EUBpmmB.exe

C:\Windows\System\LoDVhfA.exe

C:\Windows\System\LoDVhfA.exe

C:\Windows\System\zmPNTjz.exe

C:\Windows\System\zmPNTjz.exe

C:\Windows\System\KuLmTXD.exe

C:\Windows\System\KuLmTXD.exe

C:\Windows\System\IMNfQNH.exe

C:\Windows\System\IMNfQNH.exe

C:\Windows\System\dUXwSun.exe

C:\Windows\System\dUXwSun.exe

C:\Windows\System\lYCOihK.exe

C:\Windows\System\lYCOihK.exe

C:\Windows\System\FWfIqGQ.exe

C:\Windows\System\FWfIqGQ.exe

C:\Windows\System\djfDdgW.exe

C:\Windows\System\djfDdgW.exe

C:\Windows\System\ggKvuCK.exe

C:\Windows\System\ggKvuCK.exe

C:\Windows\System\ZzfkvIb.exe

C:\Windows\System\ZzfkvIb.exe

C:\Windows\System\pPeUnpx.exe

C:\Windows\System\pPeUnpx.exe

C:\Windows\System\NdgAITu.exe

C:\Windows\System\NdgAITu.exe

C:\Windows\System\vRqTvOq.exe

C:\Windows\System\vRqTvOq.exe

C:\Windows\System\fiJyTGS.exe

C:\Windows\System\fiJyTGS.exe

C:\Windows\System\WYLdkoH.exe

C:\Windows\System\WYLdkoH.exe

C:\Windows\System\GXiZlVK.exe

C:\Windows\System\GXiZlVK.exe

C:\Windows\System\npVVywB.exe

C:\Windows\System\npVVywB.exe

C:\Windows\System\uiPoCFD.exe

C:\Windows\System\uiPoCFD.exe

C:\Windows\System\rzZcPOI.exe

C:\Windows\System\rzZcPOI.exe

C:\Windows\System\nCIVAXI.exe

C:\Windows\System\nCIVAXI.exe

C:\Windows\System\cGapVJn.exe

C:\Windows\System\cGapVJn.exe

C:\Windows\System\yYtDVTi.exe

C:\Windows\System\yYtDVTi.exe

C:\Windows\System\CZJdDAY.exe

C:\Windows\System\CZJdDAY.exe

C:\Windows\System\VuwCdrM.exe

C:\Windows\System\VuwCdrM.exe

C:\Windows\System\sazWlwj.exe

C:\Windows\System\sazWlwj.exe

C:\Windows\System\fwOCWLu.exe

C:\Windows\System\fwOCWLu.exe

C:\Windows\System\NdmLEDx.exe

C:\Windows\System\NdmLEDx.exe

C:\Windows\System\gNAsCyW.exe

C:\Windows\System\gNAsCyW.exe

C:\Windows\System\YCoyrvX.exe

C:\Windows\System\YCoyrvX.exe

C:\Windows\System\JIdwyMY.exe

C:\Windows\System\JIdwyMY.exe

C:\Windows\System\GJrqAQt.exe

C:\Windows\System\GJrqAQt.exe

C:\Windows\System\qPiMrnc.exe

C:\Windows\System\qPiMrnc.exe

C:\Windows\System\tyepbYV.exe

C:\Windows\System\tyepbYV.exe

C:\Windows\System\zUYgDPN.exe

C:\Windows\System\zUYgDPN.exe

C:\Windows\System\fyRmMLn.exe

C:\Windows\System\fyRmMLn.exe

C:\Windows\System\iOKlwXe.exe

C:\Windows\System\iOKlwXe.exe

C:\Windows\System\HFCBpkK.exe

C:\Windows\System\HFCBpkK.exe

C:\Windows\System\KoQgHFj.exe

C:\Windows\System\KoQgHFj.exe

C:\Windows\System\WoSUtwQ.exe

C:\Windows\System\WoSUtwQ.exe

C:\Windows\System\PfWmmco.exe

C:\Windows\System\PfWmmco.exe

C:\Windows\System\ycGtFci.exe

C:\Windows\System\ycGtFci.exe

C:\Windows\System\zUlMADq.exe

C:\Windows\System\zUlMADq.exe

C:\Windows\System\CPxCVQf.exe

C:\Windows\System\CPxCVQf.exe

C:\Windows\System\IkTWugj.exe

C:\Windows\System\IkTWugj.exe

C:\Windows\System\qSXddNQ.exe

C:\Windows\System\qSXddNQ.exe

C:\Windows\System\FSlICjz.exe

C:\Windows\System\FSlICjz.exe

C:\Windows\System\SEAikAt.exe

C:\Windows\System\SEAikAt.exe

C:\Windows\System\SUrRpVc.exe

C:\Windows\System\SUrRpVc.exe

C:\Windows\System\kMduEay.exe

C:\Windows\System\kMduEay.exe

C:\Windows\System\EYRqaCK.exe

C:\Windows\System\EYRqaCK.exe

C:\Windows\System\IDTeNbD.exe

C:\Windows\System\IDTeNbD.exe

C:\Windows\System\yyipyUY.exe

C:\Windows\System\yyipyUY.exe

C:\Windows\System\vkeymdj.exe

C:\Windows\System\vkeymdj.exe

C:\Windows\System\IHeWVBf.exe

C:\Windows\System\IHeWVBf.exe

C:\Windows\System\TyPIicS.exe

C:\Windows\System\TyPIicS.exe

C:\Windows\System\LBJBYeo.exe

C:\Windows\System\LBJBYeo.exe

C:\Windows\System\iWtVaSM.exe

C:\Windows\System\iWtVaSM.exe

C:\Windows\System\kczdUlj.exe

C:\Windows\System\kczdUlj.exe

C:\Windows\System\wMBtxda.exe

C:\Windows\System\wMBtxda.exe

C:\Windows\System\YBoWjEf.exe

C:\Windows\System\YBoWjEf.exe

C:\Windows\System\TKlOgYV.exe

C:\Windows\System\TKlOgYV.exe

C:\Windows\System\FpTQoBg.exe

C:\Windows\System\FpTQoBg.exe

C:\Windows\System\cUayHTc.exe

C:\Windows\System\cUayHTc.exe

C:\Windows\System\YVLKPra.exe

C:\Windows\System\YVLKPra.exe

C:\Windows\System\zruWYVh.exe

C:\Windows\System\zruWYVh.exe

C:\Windows\System\NMfQtGg.exe

C:\Windows\System\NMfQtGg.exe

C:\Windows\System\PTTcitV.exe

C:\Windows\System\PTTcitV.exe

C:\Windows\System\WZyxkbL.exe

C:\Windows\System\WZyxkbL.exe

C:\Windows\System\uTTpvbu.exe

C:\Windows\System\uTTpvbu.exe

C:\Windows\System\dVRfpNG.exe

C:\Windows\System\dVRfpNG.exe

C:\Windows\System\eBcShwu.exe

C:\Windows\System\eBcShwu.exe

C:\Windows\System\SuSqYPW.exe

C:\Windows\System\SuSqYPW.exe

C:\Windows\System\szVXaMr.exe

C:\Windows\System\szVXaMr.exe

C:\Windows\System\WxUhRLg.exe

C:\Windows\System\WxUhRLg.exe

C:\Windows\System\wythuTB.exe

C:\Windows\System\wythuTB.exe

C:\Windows\System\GnlyPgN.exe

C:\Windows\System\GnlyPgN.exe

C:\Windows\System\loEGjoc.exe

C:\Windows\System\loEGjoc.exe

C:\Windows\System\ZliBtwE.exe

C:\Windows\System\ZliBtwE.exe

C:\Windows\System\fjZCcPv.exe

C:\Windows\System\fjZCcPv.exe

C:\Windows\System\kmHsKir.exe

C:\Windows\System\kmHsKir.exe

C:\Windows\System\TSYqGYJ.exe

C:\Windows\System\TSYqGYJ.exe

C:\Windows\System\mWcTIaf.exe

C:\Windows\System\mWcTIaf.exe

C:\Windows\System\EmSvMnB.exe

C:\Windows\System\EmSvMnB.exe

C:\Windows\System\tZkRKVC.exe

C:\Windows\System\tZkRKVC.exe

C:\Windows\System\pBdiVLJ.exe

C:\Windows\System\pBdiVLJ.exe

C:\Windows\System\ftJLAbj.exe

C:\Windows\System\ftJLAbj.exe

C:\Windows\System\UsSqceV.exe

C:\Windows\System\UsSqceV.exe

C:\Windows\System\BFakSPH.exe

C:\Windows\System\BFakSPH.exe

C:\Windows\System\uZVSKod.exe

C:\Windows\System\uZVSKod.exe

C:\Windows\System\YWLerfh.exe

C:\Windows\System\YWLerfh.exe

C:\Windows\System\iojCfBF.exe

C:\Windows\System\iojCfBF.exe

C:\Windows\System\lLdhobw.exe

C:\Windows\System\lLdhobw.exe

C:\Windows\System\RwpzRUT.exe

C:\Windows\System\RwpzRUT.exe

C:\Windows\System\oOaNzUG.exe

C:\Windows\System\oOaNzUG.exe

C:\Windows\System\whTXrQU.exe

C:\Windows\System\whTXrQU.exe

C:\Windows\System\rYiMuSo.exe

C:\Windows\System\rYiMuSo.exe

C:\Windows\System\aODZnlZ.exe

C:\Windows\System\aODZnlZ.exe

C:\Windows\System\NLcRWQf.exe

C:\Windows\System\NLcRWQf.exe

C:\Windows\System\mlJivNN.exe

C:\Windows\System\mlJivNN.exe

C:\Windows\System\ZfoKheQ.exe

C:\Windows\System\ZfoKheQ.exe

C:\Windows\System\Xvczdbk.exe

C:\Windows\System\Xvczdbk.exe

C:\Windows\System\PahBsZH.exe

C:\Windows\System\PahBsZH.exe

C:\Windows\System\Zmczlgn.exe

C:\Windows\System\Zmczlgn.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 41.173.79.40.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 29.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp

Files

memory/4916-0-0x00007FF671610000-0x00007FF671961000-memory.dmp

memory/4916-1-0x0000025AD8530000-0x0000025AD8540000-memory.dmp

C:\Windows\System\FYfnpBU.exe

MD5 ba13f6bd62b088b625e461183eb2921f
SHA1 2376e11da6bb3aafca6b83cbbe32dec52ba41c29
SHA256 6cf3f31ed2244a69341efdcfb88c68e756581411fa5906786b377ff72519b34b
SHA512 ddc47dbb822e5212e55066948fc2c6055ed4a77154c078832d36d3cc2284042da740cba1d4191537a49d310d1592e611ccc762fe88b78e6e090a527e00110ed7

memory/4596-8-0x00007FF778730000-0x00007FF778A81000-memory.dmp

C:\Windows\System\sbmDseW.exe

MD5 b7fc324167324bef8ed6a4ec4fabf8dc
SHA1 822637d9ecf57ffe078e8efa92f165342d876dc9
SHA256 a0a5b6ef16c122846b7e5f45f632c1890e56149203ae22a3a7930b0438fb9888
SHA512 7f59cc2d483b0004138f79a9c2770ae4b1081485d606d69ed6150a51d3faf76436e48a84b457d2667d63be3bd7351fb2338d7bae446b7ce0d59351ceffda6b98

C:\Windows\System\lsnYmhl.exe

MD5 4b24e98ef58946901a3138b9e5176a93
SHA1 19dadf793c9242e46b4dabc1f7b45d579d114e37
SHA256 bbac29b7e1a316f93b96632098c559184f0726a372bf6f11fe65936c48d9d1d3
SHA512 4b193aa482fe316cd858fee81dc7bad6e03ea1ce7d397693b00e60074a4a9cd3ac3e5721c91ccc7b8f9ebde87c88ce691fa7384217a2c366df1c101c4bf03b21

C:\Windows\System\UhmOwkr.exe

MD5 bfa8cf2f81f3cb00955903def09a121c
SHA1 84d6e54b8d987179bf2f026e046e5ccfe0c35549
SHA256 c03d0580b3bc8e15b346c288a4eda1683d60930c5d31a9f221c879f4a9f619f1
SHA512 0f26dc9342957e7abda1109e59a120adabebc7e0c574d795467ba14bfc1868bf39ce6c03f1a587999a3bdf1fb792f816f90a592e22827bc5025fc2923b7cb109

C:\Windows\System\YsNSaxp.exe

MD5 9f3e91388d40659bb5e2fff38f78687e
SHA1 99674f7c4d0b6e701344f15477bdefd70fbd0fe8
SHA256 6762d26f865604ed81582e3881d0d6193386dd9385fa5b9117f830cc563e2be1
SHA512 8cd68fe0c50890aaffcee51d2ca13d88e3ea036fc15cc02ea0b295092d6051f2d0341cc5cb2423a114b8a7228b801d869b8924fcd8b83b39a8d0dcc455cc159f

memory/2528-44-0x00007FF627620000-0x00007FF627971000-memory.dmp

C:\Windows\System\OGgssZc.exe

MD5 295ec2653f2cec9de1e971d220b69186
SHA1 4076b06baef179d61a9672b8ea3fef707d5fe97b
SHA256 b40f2d13a83ab66f273f0b82b7dbb6a6a233b6d581ced87b2dbb6dd1fac5004d
SHA512 1bb0e1db4481f15f4c40f8aef1e8599c89aaa0f7d9562d3c69a8660531f61b0ff809f614bacbb61d9ee9b93f7eaf9df5a5ec6c50fe1f9efa71cea1eb5a271349

C:\Windows\System\AEGUZaL.exe

MD5 e308f7cc34708b1f38f717952295bc04
SHA1 c50e06d684e9bd764bad2b530c9b74de30a1556e
SHA256 2b07067bd4e85b18b83a57978b07d0746e7c70675998be1b754e592ce37489f6
SHA512 5a0bd0762d286cbc4e713f346f2e93b8366a746e01dea02994a8d9bc6d5a82028a332396a2a5ac548cbfb4dea7516fa9c2d80bc6be8aab387d9d0652e4d0d0f7

C:\Windows\System\sZzezBp.exe

MD5 4786cdc3229895e200e7bc91040517cb
SHA1 7261f2c89328db21f7b6d61947b9539c64f3fbae
SHA256 683a9277fdb570c7f4d268361ee23673108d28c165faa921df109b11f7358248
SHA512 e9fbdab8046195411828895e0781143c7d555d0be2a4ed391d1d208109256f94a1733412066ff5851eb3a361bb7dea25970b083c8b25a28a91c827433a1058b2

C:\Windows\System\clyvAfQ.exe

MD5 a091cb2448045de5370a44afaa9785b7
SHA1 bfb12d8fda3c0ed43613f802e1e98f57f16731e1
SHA256 b08672c6786dc88032a08a3843e3ec45b9514600825aab959c71dd0fb4db97fc
SHA512 6a42d5024042dc1b85e8154abdfa2421d175032d94594dec975c83ef14dd4c6c8059e4104dfbe1dac76da1386c916af389b74440619b91e08189253fb9a8afa7

C:\Windows\System\ymPEytg.exe

MD5 67842b7405cb83a0d02be1d708ac798f
SHA1 fcc4e90a6df7256000bdb0bbcb27c304d6a58dbc
SHA256 96e747772f979cfa701b8434e4a5aef639d9a16d1b6496428c15ac7ef00c5795
SHA512 3233515482d9b40d5bfbbb10eb20a8a6dd7d250fcd39d5ce6e572fd5f20ee38bc09a3727649ee7795934664dbb433fc0bb1e47cb20d3883ae515c4474a2e7816

C:\Windows\System\CNViVMy.exe

MD5 1a33e40c3fb0b8e5e08b465617a446bc
SHA1 befc7c24eb03184955eb7596c4d6bf8d6e0b7616
SHA256 15d49dde42143af792a7d9a006f513fdafdbe0b73336c1a7f2d913677bd19044
SHA512 b7a735482355412ed47bc404146be0dd4dfa2c6166c1cfc8cc707c577da97e67c89946586d39036e8fdb41921d439f24ce247a6d85aa79f8babdbc3f41505b15

C:\Windows\System\EhQeuDC.exe

MD5 cb9daf9c355b96a010b6388ad85ccc32
SHA1 02739a1497fc5d9737a4e9bf2eccd3198c7bb9b7
SHA256 1a9fd9c9191e7205e1eee451359cf5fe72994fd365ad2db15b376fb2b4189aa1
SHA512 aadc33b02bab51a66586602231ed13657ee0beb6adaaa181e89712ee93ff6488d1011b1e46c6063ef3f494ef0ae6abb3ede20c328fd66679f8417f0b5ea382f1

C:\Windows\System\xKVxntU.exe

MD5 ba65aa668aeee470fd42c900dc90a17c
SHA1 2ce9217c8a7be6f9389364be730d4229ba84b629
SHA256 6bb96a9eb422364b09f17058a7c067bae44d4413c6299cbaec1853896ce3f340
SHA512 efb2f7a64ee484e49720639b4429bd7a4fbc62fa1682d48d011ccf49c6bff9abb2609a9cf7b264e97b1469b3e28bdca0047c252917ad83e2089ef2955c165408

C:\Windows\System\RGdaErd.exe

MD5 eba643370986a7d06bdead484e95dd9d
SHA1 b0800f6381be7b67de2adbd9cc2d7cdae676eafa
SHA256 2ea0d203ebe620eb9439f62d6658379c195606044e693ffc641f8d492e0bedb0
SHA512 bb8a014bf2f14cd139ac93d1a128fae18a4421d962d14909c6ac08782fa89c8fb2f9187673763363a3924a505a398bcacde10c1d83be9a6c78f81ab62a697fbc

memory/3008-385-0x00007FF752A80000-0x00007FF752DD1000-memory.dmp

memory/4088-386-0x00007FF70B310000-0x00007FF70B661000-memory.dmp

memory/4448-378-0x00007FF7EC860000-0x00007FF7ECBB1000-memory.dmp

C:\Windows\System\nJdavVS.exe

MD5 b70fdff9e0507f4d3553ceae0d0d2b2c
SHA1 572ac8299e4044506ae9d3eaf26d6715d4d12cad
SHA256 441167f26e15f31e05ea311c596c81266ac6c314a2e261f2d453d5466059a282
SHA512 4492d1760fc98945f1bb62c848e202bd46d495558ff6b301c7ec3172358be9e36b3254802d53bcfe3893fbf13f9736c1496ab99993672d451cbf1a59d497240c

C:\Windows\System\ULaVidO.exe

MD5 4a72344b23bfcecb33e29331db1c6b25
SHA1 c9f08da22d1a456e1372546f9b42dfc6ae8dcf0e
SHA256 23d6fe41e05d289c335a9c20e432e14947122f5a45c0cee6a4767a72f7150425
SHA512 9c9343e9c2d66cb47639818f944cefc18e35bcf5c8c08afa7a393bbaccabfd0d4aa9cc7906ab03ed9c8c007bb43556ab72ffb32a1da86f67215a9793ba8feec8

C:\Windows\System\CLdNbbn.exe

MD5 f6d5fe1377cbc2d7d47af8ca1c8a7049
SHA1 41070d8361a86add1c52be895babcd98b1c906a3
SHA256 68a9b6751229fa921170cd7324a7844402e4a65bc157ebf8f695d5447c2a3271
SHA512 bbbf873561e3f165221f86429bf32311cf4e74c1274d2aebca99685c60099c70fc2de9397a5db2827c29705c8d74c201e7a91f2c3d601e69f9c53fa54e4f726d

C:\Windows\System\mAelBoG.exe

MD5 c65f42bfb6f041e1b7a94341bd0143fd
SHA1 df0aa867b3b0eb5aef2964f550ca0e829190fc36
SHA256 138e4e76f6652487ec1e1b1945ab38bf4509151e3696c9fa666adcc66601ad84
SHA512 439db3f9bca35d25188239bd9b098dfaf1ba07ac4a709cf500f95bd161e672940c4c7110968805af41fc44faa02aabca4f5beb859f92b5ef8959e865a6025be8

memory/3984-399-0x00007FF65AB90000-0x00007FF65AEE1000-memory.dmp

memory/1312-407-0x00007FF69D760000-0x00007FF69DAB1000-memory.dmp

memory/3120-436-0x00007FF6B03B0000-0x00007FF6B0701000-memory.dmp

memory/2368-456-0x00007FF6180A0000-0x00007FF6183F1000-memory.dmp

memory/4032-472-0x00007FF6E87A0000-0x00007FF6E8AF1000-memory.dmp

memory/3536-479-0x00007FF7541F0000-0x00007FF754541000-memory.dmp

memory/4952-492-0x00007FF62EFC0000-0x00007FF62F311000-memory.dmp

memory/3204-500-0x00007FF7F0C50000-0x00007FF7F0FA1000-memory.dmp

memory/1440-531-0x00007FF640220000-0x00007FF640571000-memory.dmp

memory/3224-560-0x00007FF6B4AF0000-0x00007FF6B4E41000-memory.dmp

memory/4992-548-0x00007FF7A2EB0000-0x00007FF7A3201000-memory.dmp

memory/3900-547-0x00007FF7853A0000-0x00007FF7856F1000-memory.dmp

memory/2788-540-0x00007FF60C660000-0x00007FF60C9B1000-memory.dmp

memory/4036-537-0x00007FF79A100000-0x00007FF79A451000-memory.dmp

memory/1484-523-0x00007FF75CF90000-0x00007FF75D2E1000-memory.dmp

memory/5084-491-0x00007FF6A7CB0000-0x00007FF6A8001000-memory.dmp

memory/1500-486-0x00007FF78ACA0000-0x00007FF78AFF1000-memory.dmp

memory/3740-465-0x00007FF7A2160000-0x00007FF7A24B1000-memory.dmp

memory/4148-423-0x00007FF7B86C0000-0x00007FF7B8A11000-memory.dmp

memory/3164-425-0x00007FF7E5D50000-0x00007FF7E60A1000-memory.dmp

memory/2056-391-0x00007FF6B1310000-0x00007FF6B1661000-memory.dmp

C:\Windows\System\NnqNqDJ.exe

MD5 cb4fe0b41c89eb5939dfcc29a1b7d3d3
SHA1 1b4eaf2a78319bd74bc28a25272b2184c00d0ee4
SHA256 05504bd7c3e7ffa5e9d12af0d96cdc0b7bab938a9ff9469c398cbeec94ff6d45
SHA512 923c411fa7451f725dce514d284ce6bd905579f8e4239759e0ba82845cc1ea77226092c52b4e25c44c5730f7e3391496b62aefc21a3512da819ff84eca8dc101

C:\Windows\System\alSoSyV.exe

MD5 d61ab71a63e63851db7628d7928d38f4
SHA1 6ce464e2d9528bb7699c487fa40ae141db212e2c
SHA256 c07369b18280dc07f21d0319a2a1945f06db8373bb115089f617a11f04df5989
SHA512 6af69aafb907095b7179527e3c22c6c7513c8e9319026f1a3ddf961970e8f363bbea54d6cef2efb3d9e3547da0ed1ffa93603b3655abc5be60bf85d1c6987b0c

C:\Windows\System\NIRyPgs.exe

MD5 c5bee2e757ef915a6ef5d29a9e8876d8
SHA1 77b08328bfb2955f0cb051602eac3d4faf4f5b72
SHA256 68c652ce42ac853c0a7e02a4b7a082f03751a28e1e74c4a697018e0acd99f4d4
SHA512 cfdec1ae98a3685512bf18413b16407af01d23d2ba8c5171dad1bc6aeb9b3359a1482c4953916fb7d37ef0951dab2b518a4ccb967bc56114d8b4cbe673ed3e7b

C:\Windows\System\kMWnFXh.exe

MD5 3d9caad4974b09562e6f5052bbd9337c
SHA1 1965a6cc9a0b6a5f82af2604184f6e534c9ffed4
SHA256 2c7ba967de6d9408df1dac13d37495fc4374e1ad27d606b74ff3dda0ae770408
SHA512 e123fc7d5a2f80c70bcd6671a3a921ad1c2dc93f7f418dea22b3934f8a54c5e774503e215f36d91acc12215640e9eb83892edfca32423cbd75f808d3db3cbcd9

C:\Windows\System\hEXwiFv.exe

MD5 707c4e9292c15920997937ff4cc62a8d
SHA1 114e98f878d6ffc6f25722e83e47443f9904bd21
SHA256 31e46d78f992c9d06ead19b136724492403d7c4c6c39cde1c8d2d8dc945e36b9
SHA512 72f970a0172d444b45c598d5b1a85565583c3a7c55c85c51af0fc5d52330d79fcc01293c2db8378092bc92902ed5b7020d7879da1ba41f10a771b6f1a40764f1

C:\Windows\System\TJInKaN.exe

MD5 3216cb071cdb0bdd7991d9b836d099ed
SHA1 94e8a729ee59ae12fd8a658f04768b1e106a171b
SHA256 81291f406823d4e6f69a610340bb09da4bdfe599ed49215e05c18885da9bda1e
SHA512 71cccb643fd256faeec291017ca65e433c2154eb194b0479fe24887801b192e44e710c64ce57b1ec188ea8e0c40b332663a04f908351485dc0bd1d49cfae7c8a

C:\Windows\System\gdsrEZm.exe

MD5 9ef1e6feba92c9b6f3338790b1d8be63
SHA1 6b6c46379388b62d7f7d40c24f44d86fc546604d
SHA256 74b997004d8035ea58b6fd46c7e64f71781b4e47d5deca5f3f43588194916927
SHA512 d5947b06579ad16f31dd152c1da04ed51d6978667b2c8f4663169840337d99c34d860190bdc3092303bc4c25470c1faa1327dd4fa9804c0a39719bdfe54b394a

C:\Windows\System\OJXfoix.exe

MD5 5d8f6185df85bedeb7f97fcf9aaa4d48
SHA1 8949e2a9fe8a0eacffc34ca316926bd759927aaa
SHA256 654b8e76e429020b3906d43d97c4b45036ed949c59da875fc17d426f0ecd00db
SHA512 afe4e85ffe3798b0ecec73db29e50cf1f7b15ee411435c6a7b1f44a4172f773e574ebe245839b3d3f40b32c64408e0a6c273cf7756969a9dcb3a899b2e8897f6

C:\Windows\System\yZJrqkx.exe

MD5 6df90b03cb7f5b99dbcf67306a052297
SHA1 9e7f81e0630c9c6fc50e48f626e397caad54444c
SHA256 94399efbaba56c6e4c96e4cb0b8a191ef58fd85f3f904c3991133feacb188011
SHA512 ad2a287d2b3b1386c366d0fc67d105b05a2704a8c7033eddb8442e5681f46840fcb4a03f2282629e30b440ecfede52e4048d9a071e9186d0b976e38b42f887b2

C:\Windows\System\ZpiyCHG.exe

MD5 4b6855258bbf9d17e479d3e369823e60
SHA1 7ba9d3cd2cb29b39d6108fff9fed1e299fa7d1af
SHA256 74af44378cd0dadfc4fc73f2b63c35e263f1431527a184f7f151f2992f04ddd9
SHA512 1b828dcac920f1288808573098c6e737fd4edc4d8a23739a3082b9ea1b8d19d83690890358cdb16d443cae1350124eb7d6cd9836f2b54b68f57e54766c3ca512

C:\Windows\System\mFuOFOG.exe

MD5 25d3f6af16f1e3b33f2d70f1e642f06e
SHA1 adc8bf25a06e1b945a3d9505eb5116904564d85d
SHA256 00277f359f85293629cee3ca8a8cd1acccac03a9d7c6f4a0c9ea1e3d7d4bcaa9
SHA512 231be21f03cc6b954dc607740a34309e04ab5a8686e9932cb768f3a9a3e2dbdb8f551b1856913887232a7fd432da45a531587682e7d9c8208c53dd7db19361d0

C:\Windows\System\odSBqmY.exe

MD5 addd79ff62496ced6ea16dfa22bdab71
SHA1 93cd8ff1cf1dd736cbe37974560a3a078da44c35
SHA256 e3fe4fa45b1b0c7fce2985bdf79ed3912bd9ff2f4430e2884344deab9b8f61b6
SHA512 16f1c633b4a28ea36edf982c4bd4e5cb2734816805d57c0f5551ee7f21fd483cbe344e2013db53f0b572e96916861861b2a9fa1d3ff8316d2b551fb9ec7e078d

C:\Windows\System\jzunptV.exe

MD5 d38434ff84c67654e0572b043663853f
SHA1 4b62151aee384f36d7bf533604c95a295afe6ac6
SHA256 ad624fb904d1eefe1d959ffb757bcc9ac5eb0bd6dff96ffb737009ef02b4d3e0
SHA512 9c8bcbb4a6dd97885d9c31d616aa9fc45020435a8ec4e7b2c53b294c016b237d1e2f6c53d99f7587ddca2d4849f24aab6404ac29796108c58017774c079e4042

memory/788-48-0x00007FF7EE230000-0x00007FF7EE581000-memory.dmp

C:\Windows\System\xHHdxRc.exe

MD5 dca7835144acac0803023e1d2067f40a
SHA1 0dc4098941f6adb3a06338c5411a993c4714718e
SHA256 8d5385a768cb5fdcd2f58728d2854b9c6b90745c230a041c5b7589481a9ed376
SHA512 b2c4f87daa2d36f53799bf7dd976ef32554803e396ed0bdf9641ec05d77e34b807260e0d3bae92b64025b79af0e937067bf06a496fe5d32c389adaf57624507e

memory/2760-35-0x00007FF778540000-0x00007FF778891000-memory.dmp

C:\Windows\System\HRQHMQB.exe

MD5 7992b7e2bd09689611e91df5d8c391fd
SHA1 999fc2b055a6efd47b581017d37f0ef2c4786f39
SHA256 e85d3c755321b98dae69d0ba0cd40442c776497d7c75e8229780984d2c0cddcc
SHA512 a8e1e711207d559e395cfde037aca7ec7de9b9afad12653555a492f17145958321eadddfd1bb7bf70bb615a4783e974ed89290625b0959bee9149e7f38c5e7a4

memory/4648-19-0x00007FF6F8060000-0x00007FF6F83B1000-memory.dmp

memory/4596-2224-0x00007FF778730000-0x00007FF778A81000-memory.dmp

memory/4648-2225-0x00007FF6F8060000-0x00007FF6F83B1000-memory.dmp

memory/4448-2226-0x00007FF7EC860000-0x00007FF7ECBB1000-memory.dmp

memory/788-2231-0x00007FF7EE230000-0x00007FF7EE581000-memory.dmp

memory/4596-2240-0x00007FF778730000-0x00007FF778A81000-memory.dmp

memory/4648-2242-0x00007FF6F8060000-0x00007FF6F83B1000-memory.dmp

memory/2788-2244-0x00007FF60C660000-0x00007FF60C9B1000-memory.dmp

memory/2760-2246-0x00007FF778540000-0x00007FF778891000-memory.dmp

memory/3900-2250-0x00007FF7853A0000-0x00007FF7856F1000-memory.dmp

memory/2528-2248-0x00007FF627620000-0x00007FF627971000-memory.dmp

memory/4992-2252-0x00007FF7A2EB0000-0x00007FF7A3201000-memory.dmp

memory/788-2254-0x00007FF7EE230000-0x00007FF7EE581000-memory.dmp

memory/4088-2262-0x00007FF70B310000-0x00007FF70B661000-memory.dmp

memory/2056-2264-0x00007FF6B1310000-0x00007FF6B1661000-memory.dmp

memory/3008-2260-0x00007FF752A80000-0x00007FF752DD1000-memory.dmp

memory/3224-2258-0x00007FF6B4AF0000-0x00007FF6B4E41000-memory.dmp

memory/4448-2256-0x00007FF7EC860000-0x00007FF7ECBB1000-memory.dmp

memory/4036-2294-0x00007FF79A100000-0x00007FF79A451000-memory.dmp

memory/4148-2290-0x00007FF7B86C0000-0x00007FF7B8A11000-memory.dmp

memory/3204-2289-0x00007FF7F0C50000-0x00007FF7F0FA1000-memory.dmp

memory/3536-2284-0x00007FF7541F0000-0x00007FF754541000-memory.dmp

memory/1500-2283-0x00007FF78ACA0000-0x00007FF78AFF1000-memory.dmp

memory/5084-2281-0x00007FF6A7CB0000-0x00007FF6A8001000-memory.dmp

memory/2368-2277-0x00007FF6180A0000-0x00007FF6183F1000-memory.dmp

memory/3740-2275-0x00007FF7A2160000-0x00007FF7A24B1000-memory.dmp

memory/3164-2271-0x00007FF7E5D50000-0x00007FF7E60A1000-memory.dmp

memory/1312-2268-0x00007FF69D760000-0x00007FF69DAB1000-memory.dmp

memory/4032-2286-0x00007FF6E87A0000-0x00007FF6E8AF1000-memory.dmp

memory/4952-2279-0x00007FF62EFC0000-0x00007FF62F311000-memory.dmp

memory/3120-2273-0x00007FF6B03B0000-0x00007FF6B0701000-memory.dmp

memory/3984-2266-0x00007FF65AB90000-0x00007FF65AEE1000-memory.dmp

memory/1440-2302-0x00007FF640220000-0x00007FF640571000-memory.dmp

memory/1484-2296-0x00007FF75CF90000-0x00007FF75D2E1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133611308512026975.txt

MD5 79ea60e4feeffe4483ba2d0ea61852fb
SHA1 7d5921a1b6240cc717ad4f4478bbcfc42f3af8e8
SHA256 1e85f6cd486b20682b1a6af9f34e7993a558f3b5dccd1e80a55178847e794923
SHA512 4d0866c2b63af9570fa20bca628a6e67b3704d7ab5a8a1311fb614f38b54444cc6630390092282f075751cae38000a17e4bf1cb992a8900b0c72965c0b24dbf4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\OE9DJ3LK\microsoft.windows[1].xml

MD5 0f6abe1ee9fa77b6b269e1a5401bbaf1
SHA1 e0805afe225412725e7c5e902fd5d7cfbfc30437
SHA256 6133a01b57b98ac5362bc51c436b99e58ba44d9b0e7db95b43dfb7d02423e056
SHA512 2a810ccad4f37df09425138c474d947223fe7206e045b117991ed6210101615b0e503eeb6c7454ae98b2aff0e52dcbbf4d041f728d0c7d7cf00c1f4c430cce25