Malware Analysis Report

2025-01-06 18:12

Sample ID 240527-w5b81sdc9y
Target 0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe
SHA256 4c4c2d1f70b34ee6f3fa9122527d6a5b947c87f4a0ab51931662a29115794b45
Tags
xmrig miner upx persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4c4c2d1f70b34ee6f3fa9122527d6a5b947c87f4a0ab51931662a29115794b45

Threat Level: Known bad

The file 0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

xmrig miner upx persistence

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Modifies Installed Components in the registry

Loads dropped DLL

UPX packed file

Executes dropped EXE

Enumerates connected drives

Drops file in System32 directory

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 18:29

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 18:29

Reported

2024-05-27 18:32

Platform

win7-20240419-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System32\ZqAhiXl.exe N/A
N/A N/A C:\Windows\System32\DiePmom.exe N/A
N/A N/A C:\Windows\System32\hzRrVDS.exe N/A
N/A N/A C:\Windows\System32\GDpZPXe.exe N/A
N/A N/A C:\Windows\System32\ycjVaCC.exe N/A
N/A N/A C:\Windows\System32\maJXxFJ.exe N/A
N/A N/A C:\Windows\System32\OqPRwJR.exe N/A
N/A N/A C:\Windows\System32\CJaaSKY.exe N/A
N/A N/A C:\Windows\System32\alwZQch.exe N/A
N/A N/A C:\Windows\System32\egLbych.exe N/A
N/A N/A C:\Windows\System32\SGfKkYp.exe N/A
N/A N/A C:\Windows\System32\yZXntQo.exe N/A
N/A N/A C:\Windows\System32\CrHPSCF.exe N/A
N/A N/A C:\Windows\System32\CLOcORo.exe N/A
N/A N/A C:\Windows\System32\xpIPUxi.exe N/A
N/A N/A C:\Windows\System32\pFKofiy.exe N/A
N/A N/A C:\Windows\System32\cEDRnPU.exe N/A
N/A N/A C:\Windows\System32\lXqCBks.exe N/A
N/A N/A C:\Windows\System32\yllcwRw.exe N/A
N/A N/A C:\Windows\System32\JZwWiVf.exe N/A
N/A N/A C:\Windows\System32\ZmUOfWr.exe N/A
N/A N/A C:\Windows\System32\oRmZFrq.exe N/A
N/A N/A C:\Windows\System32\wVmoBFm.exe N/A
N/A N/A C:\Windows\System32\fcOOzCG.exe N/A
N/A N/A C:\Windows\System32\iftcdKv.exe N/A
N/A N/A C:\Windows\System32\fWWbERh.exe N/A
N/A N/A C:\Windows\System32\CWXOpqM.exe N/A
N/A N/A C:\Windows\System32\TmvzilJ.exe N/A
N/A N/A C:\Windows\System32\pTgrhJb.exe N/A
N/A N/A C:\Windows\System32\fMttFGt.exe N/A
N/A N/A C:\Windows\System32\JEaSTyH.exe N/A
N/A N/A C:\Windows\System32\ZLWUtSG.exe N/A
N/A N/A C:\Windows\System32\QVrjxUp.exe N/A
N/A N/A C:\Windows\System32\cYLzrlv.exe N/A
N/A N/A C:\Windows\System32\wDPYCPX.exe N/A
N/A N/A C:\Windows\System32\HVbQUeu.exe N/A
N/A N/A C:\Windows\System32\vBLPnfD.exe N/A
N/A N/A C:\Windows\System32\VWGINEn.exe N/A
N/A N/A C:\Windows\System32\bitCUvl.exe N/A
N/A N/A C:\Windows\System32\XOesNmw.exe N/A
N/A N/A C:\Windows\System32\bTyfnVz.exe N/A
N/A N/A C:\Windows\System32\HpePsyf.exe N/A
N/A N/A C:\Windows\System32\EIIWZqq.exe N/A
N/A N/A C:\Windows\System32\MahUVrr.exe N/A
N/A N/A C:\Windows\System32\VURkphc.exe N/A
N/A N/A C:\Windows\System32\yIUWrEn.exe N/A
N/A N/A C:\Windows\System32\iWPaHwW.exe N/A
N/A N/A C:\Windows\System32\FvZmLUc.exe N/A
N/A N/A C:\Windows\System32\JTANYAo.exe N/A
N/A N/A C:\Windows\System32\YAzLKSJ.exe N/A
N/A N/A C:\Windows\System32\xRCjOnG.exe N/A
N/A N/A C:\Windows\System32\FsNhaZR.exe N/A
N/A N/A C:\Windows\System32\ENgHAVf.exe N/A
N/A N/A C:\Windows\System32\MBIRMiM.exe N/A
N/A N/A C:\Windows\System32\rnPPMxL.exe N/A
N/A N/A C:\Windows\System32\CtveHKv.exe N/A
N/A N/A C:\Windows\System32\HlAUNTp.exe N/A
N/A N/A C:\Windows\System32\KPtqpge.exe N/A
N/A N/A C:\Windows\System32\dVVQoUU.exe N/A
N/A N/A C:\Windows\System32\xbkHXMY.exe N/A
N/A N/A C:\Windows\System32\afDxhkz.exe N/A
N/A N/A C:\Windows\System32\ZHqltgl.exe N/A
N/A N/A C:\Windows\System32\jwHZsBZ.exe N/A
N/A N/A C:\Windows\System32\zBGllVP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\joxLtYD.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\XZETSMs.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\GbZUrWQ.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\UxQPRpL.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\OQCMfrR.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\rIBiJsl.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\VSmQKbR.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\HsRqitS.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\GIDjoGk.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\mgcNsaN.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\GMWAWpv.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\aZdKrtb.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ntfeFZI.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\gpTdOUJ.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\xmkJGWy.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\MMNDrwd.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\MfcytmK.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\mlIYrvf.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\IrjTnBz.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\faOtdOv.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\Flemhxo.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\uJVWPZh.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\zPXzTsv.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\Nopmurd.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\snYXBOs.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\xzystoF.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\HbUiVNf.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\DQQcGMr.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ekyOmtP.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\yUHfemI.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\HkLdpnG.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\griYpFW.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\tHdXvhV.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\GzsZBBK.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ycjVaCC.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\dCnwjEK.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\NLnBPZE.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\FFRcyIe.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\olULYSY.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\qxuorOC.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\jXFQaYE.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\rlDaKXL.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\PUIgGvo.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\XmZZGnH.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\RzBVgXv.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\bZznNde.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\MloPICW.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\thNJjcS.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\YSTZJWX.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\gtSBrQL.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\lxMwiYW.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\bdFGuza.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\yFuOhFi.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\BYELbKY.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\zVekrUG.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\FVPUdKh.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\smNMDCQ.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\WoXCaxC.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\bcngCYJ.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\xfpsrGs.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\GecsQEf.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\DiMWjDN.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\FptRZdQ.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\mqKoGul.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3020 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ZqAhiXl.exe
PID 3020 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ZqAhiXl.exe
PID 3020 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ZqAhiXl.exe
PID 3020 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\DiePmom.exe
PID 3020 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\DiePmom.exe
PID 3020 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\DiePmom.exe
PID 3020 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\hzRrVDS.exe
PID 3020 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\hzRrVDS.exe
PID 3020 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\hzRrVDS.exe
PID 3020 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\GDpZPXe.exe
PID 3020 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\GDpZPXe.exe
PID 3020 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\GDpZPXe.exe
PID 3020 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ycjVaCC.exe
PID 3020 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ycjVaCC.exe
PID 3020 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ycjVaCC.exe
PID 3020 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\maJXxFJ.exe
PID 3020 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\maJXxFJ.exe
PID 3020 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\maJXxFJ.exe
PID 3020 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\OqPRwJR.exe
PID 3020 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\OqPRwJR.exe
PID 3020 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\OqPRwJR.exe
PID 3020 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CJaaSKY.exe
PID 3020 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CJaaSKY.exe
PID 3020 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CJaaSKY.exe
PID 3020 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\alwZQch.exe
PID 3020 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\alwZQch.exe
PID 3020 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\alwZQch.exe
PID 3020 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\egLbych.exe
PID 3020 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\egLbych.exe
PID 3020 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\egLbych.exe
PID 3020 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\SGfKkYp.exe
PID 3020 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\SGfKkYp.exe
PID 3020 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\SGfKkYp.exe
PID 3020 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yZXntQo.exe
PID 3020 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yZXntQo.exe
PID 3020 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yZXntQo.exe
PID 3020 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CrHPSCF.exe
PID 3020 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CrHPSCF.exe
PID 3020 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CrHPSCF.exe
PID 3020 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CLOcORo.exe
PID 3020 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CLOcORo.exe
PID 3020 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CLOcORo.exe
PID 3020 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\xpIPUxi.exe
PID 3020 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\xpIPUxi.exe
PID 3020 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\xpIPUxi.exe
PID 3020 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\pFKofiy.exe
PID 3020 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\pFKofiy.exe
PID 3020 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\pFKofiy.exe
PID 3020 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\cEDRnPU.exe
PID 3020 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\cEDRnPU.exe
PID 3020 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\cEDRnPU.exe
PID 3020 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\lXqCBks.exe
PID 3020 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\lXqCBks.exe
PID 3020 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\lXqCBks.exe
PID 3020 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yllcwRw.exe
PID 3020 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yllcwRw.exe
PID 3020 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yllcwRw.exe
PID 3020 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\JZwWiVf.exe
PID 3020 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\JZwWiVf.exe
PID 3020 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\JZwWiVf.exe
PID 3020 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ZmUOfWr.exe
PID 3020 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ZmUOfWr.exe
PID 3020 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ZmUOfWr.exe
PID 3020 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\oRmZFrq.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe"

C:\Windows\System32\ZqAhiXl.exe

C:\Windows\System32\ZqAhiXl.exe

C:\Windows\System32\DiePmom.exe

C:\Windows\System32\DiePmom.exe

C:\Windows\System32\hzRrVDS.exe

C:\Windows\System32\hzRrVDS.exe

C:\Windows\System32\GDpZPXe.exe

C:\Windows\System32\GDpZPXe.exe

C:\Windows\System32\ycjVaCC.exe

C:\Windows\System32\ycjVaCC.exe

C:\Windows\System32\maJXxFJ.exe

C:\Windows\System32\maJXxFJ.exe

C:\Windows\System32\OqPRwJR.exe

C:\Windows\System32\OqPRwJR.exe

C:\Windows\System32\CJaaSKY.exe

C:\Windows\System32\CJaaSKY.exe

C:\Windows\System32\alwZQch.exe

C:\Windows\System32\alwZQch.exe

C:\Windows\System32\egLbych.exe

C:\Windows\System32\egLbych.exe

C:\Windows\System32\SGfKkYp.exe

C:\Windows\System32\SGfKkYp.exe

C:\Windows\System32\yZXntQo.exe

C:\Windows\System32\yZXntQo.exe

C:\Windows\System32\CrHPSCF.exe

C:\Windows\System32\CrHPSCF.exe

C:\Windows\System32\CLOcORo.exe

C:\Windows\System32\CLOcORo.exe

C:\Windows\System32\xpIPUxi.exe

C:\Windows\System32\xpIPUxi.exe

C:\Windows\System32\pFKofiy.exe

C:\Windows\System32\pFKofiy.exe

C:\Windows\System32\cEDRnPU.exe

C:\Windows\System32\cEDRnPU.exe

C:\Windows\System32\lXqCBks.exe

C:\Windows\System32\lXqCBks.exe

C:\Windows\System32\yllcwRw.exe

C:\Windows\System32\yllcwRw.exe

C:\Windows\System32\JZwWiVf.exe

C:\Windows\System32\JZwWiVf.exe

C:\Windows\System32\ZmUOfWr.exe

C:\Windows\System32\ZmUOfWr.exe

C:\Windows\System32\oRmZFrq.exe

C:\Windows\System32\oRmZFrq.exe

C:\Windows\System32\wVmoBFm.exe

C:\Windows\System32\wVmoBFm.exe

C:\Windows\System32\fcOOzCG.exe

C:\Windows\System32\fcOOzCG.exe

C:\Windows\System32\iftcdKv.exe

C:\Windows\System32\iftcdKv.exe

C:\Windows\System32\fWWbERh.exe

C:\Windows\System32\fWWbERh.exe

C:\Windows\System32\CWXOpqM.exe

C:\Windows\System32\CWXOpqM.exe

C:\Windows\System32\TmvzilJ.exe

C:\Windows\System32\TmvzilJ.exe

C:\Windows\System32\pTgrhJb.exe

C:\Windows\System32\pTgrhJb.exe

C:\Windows\System32\fMttFGt.exe

C:\Windows\System32\fMttFGt.exe

C:\Windows\System32\JEaSTyH.exe

C:\Windows\System32\JEaSTyH.exe

C:\Windows\System32\ZLWUtSG.exe

C:\Windows\System32\ZLWUtSG.exe

C:\Windows\System32\QVrjxUp.exe

C:\Windows\System32\QVrjxUp.exe

C:\Windows\System32\cYLzrlv.exe

C:\Windows\System32\cYLzrlv.exe

C:\Windows\System32\wDPYCPX.exe

C:\Windows\System32\wDPYCPX.exe

C:\Windows\System32\HVbQUeu.exe

C:\Windows\System32\HVbQUeu.exe

C:\Windows\System32\vBLPnfD.exe

C:\Windows\System32\vBLPnfD.exe

C:\Windows\System32\VWGINEn.exe

C:\Windows\System32\VWGINEn.exe

C:\Windows\System32\bitCUvl.exe

C:\Windows\System32\bitCUvl.exe

C:\Windows\System32\XOesNmw.exe

C:\Windows\System32\XOesNmw.exe

C:\Windows\System32\bTyfnVz.exe

C:\Windows\System32\bTyfnVz.exe

C:\Windows\System32\HpePsyf.exe

C:\Windows\System32\HpePsyf.exe

C:\Windows\System32\EIIWZqq.exe

C:\Windows\System32\EIIWZqq.exe

C:\Windows\System32\MahUVrr.exe

C:\Windows\System32\MahUVrr.exe

C:\Windows\System32\VURkphc.exe

C:\Windows\System32\VURkphc.exe

C:\Windows\System32\yIUWrEn.exe

C:\Windows\System32\yIUWrEn.exe

C:\Windows\System32\iWPaHwW.exe

C:\Windows\System32\iWPaHwW.exe

C:\Windows\System32\FvZmLUc.exe

C:\Windows\System32\FvZmLUc.exe

C:\Windows\System32\JTANYAo.exe

C:\Windows\System32\JTANYAo.exe

C:\Windows\System32\YAzLKSJ.exe

C:\Windows\System32\YAzLKSJ.exe

C:\Windows\System32\xRCjOnG.exe

C:\Windows\System32\xRCjOnG.exe

C:\Windows\System32\FsNhaZR.exe

C:\Windows\System32\FsNhaZR.exe

C:\Windows\System32\ENgHAVf.exe

C:\Windows\System32\ENgHAVf.exe

C:\Windows\System32\MBIRMiM.exe

C:\Windows\System32\MBIRMiM.exe

C:\Windows\System32\rnPPMxL.exe

C:\Windows\System32\rnPPMxL.exe

C:\Windows\System32\CtveHKv.exe

C:\Windows\System32\CtveHKv.exe

C:\Windows\System32\HlAUNTp.exe

C:\Windows\System32\HlAUNTp.exe

C:\Windows\System32\KPtqpge.exe

C:\Windows\System32\KPtqpge.exe

C:\Windows\System32\dVVQoUU.exe

C:\Windows\System32\dVVQoUU.exe

C:\Windows\System32\xbkHXMY.exe

C:\Windows\System32\xbkHXMY.exe

C:\Windows\System32\afDxhkz.exe

C:\Windows\System32\afDxhkz.exe

C:\Windows\System32\ZHqltgl.exe

C:\Windows\System32\ZHqltgl.exe

C:\Windows\System32\jwHZsBZ.exe

C:\Windows\System32\jwHZsBZ.exe

C:\Windows\System32\zBGllVP.exe

C:\Windows\System32\zBGllVP.exe

C:\Windows\System32\AYbnayX.exe

C:\Windows\System32\AYbnayX.exe

C:\Windows\System32\XabqhES.exe

C:\Windows\System32\XabqhES.exe

C:\Windows\System32\ZPplIVB.exe

C:\Windows\System32\ZPplIVB.exe

C:\Windows\System32\tTBCkLR.exe

C:\Windows\System32\tTBCkLR.exe

C:\Windows\System32\KeSfAwP.exe

C:\Windows\System32\KeSfAwP.exe

C:\Windows\System32\ALqgMvf.exe

C:\Windows\System32\ALqgMvf.exe

C:\Windows\System32\khvCSdW.exe

C:\Windows\System32\khvCSdW.exe

C:\Windows\System32\kKmbMNr.exe

C:\Windows\System32\kKmbMNr.exe

C:\Windows\System32\VSmQKbR.exe

C:\Windows\System32\VSmQKbR.exe

C:\Windows\System32\wbJBYjH.exe

C:\Windows\System32\wbJBYjH.exe

C:\Windows\System32\fncsBLg.exe

C:\Windows\System32\fncsBLg.exe

C:\Windows\System32\BeFiaFo.exe

C:\Windows\System32\BeFiaFo.exe

C:\Windows\System32\OxGhuJZ.exe

C:\Windows\System32\OxGhuJZ.exe

C:\Windows\System32\nKYxrJO.exe

C:\Windows\System32\nKYxrJO.exe

C:\Windows\System32\oRxOmaX.exe

C:\Windows\System32\oRxOmaX.exe

C:\Windows\System32\BeFFRIc.exe

C:\Windows\System32\BeFFRIc.exe

C:\Windows\System32\AjDPCwS.exe

C:\Windows\System32\AjDPCwS.exe

C:\Windows\System32\hMaaWyu.exe

C:\Windows\System32\hMaaWyu.exe

C:\Windows\System32\vYfsjrT.exe

C:\Windows\System32\vYfsjrT.exe

C:\Windows\System32\XEwZEgA.exe

C:\Windows\System32\XEwZEgA.exe

C:\Windows\System32\HVxYjmt.exe

C:\Windows\System32\HVxYjmt.exe

C:\Windows\System32\CPYigyP.exe

C:\Windows\System32\CPYigyP.exe

C:\Windows\System32\TaFyfzA.exe

C:\Windows\System32\TaFyfzA.exe

C:\Windows\System32\AqWNvmk.exe

C:\Windows\System32\AqWNvmk.exe

C:\Windows\System32\zSlzanM.exe

C:\Windows\System32\zSlzanM.exe

C:\Windows\System32\ikRLdry.exe

C:\Windows\System32\ikRLdry.exe

C:\Windows\System32\DuGaNIG.exe

C:\Windows\System32\DuGaNIG.exe

C:\Windows\System32\UIrjsdC.exe

C:\Windows\System32\UIrjsdC.exe

C:\Windows\System32\QCfxzuC.exe

C:\Windows\System32\QCfxzuC.exe

C:\Windows\System32\GVaHSFk.exe

C:\Windows\System32\GVaHSFk.exe

C:\Windows\System32\WRseEIo.exe

C:\Windows\System32\WRseEIo.exe

C:\Windows\System32\obcUxlR.exe

C:\Windows\System32\obcUxlR.exe

C:\Windows\System32\XrjLFol.exe

C:\Windows\System32\XrjLFol.exe

C:\Windows\System32\xcuxcDS.exe

C:\Windows\System32\xcuxcDS.exe

C:\Windows\System32\wDhCrrQ.exe

C:\Windows\System32\wDhCrrQ.exe

C:\Windows\System32\zRwvqbO.exe

C:\Windows\System32\zRwvqbO.exe

C:\Windows\System32\TSqKaRg.exe

C:\Windows\System32\TSqKaRg.exe

C:\Windows\System32\qfoYWDe.exe

C:\Windows\System32\qfoYWDe.exe

C:\Windows\System32\PqMwuOi.exe

C:\Windows\System32\PqMwuOi.exe

C:\Windows\System32\BcrhmCK.exe

C:\Windows\System32\BcrhmCK.exe

C:\Windows\System32\AKudwGz.exe

C:\Windows\System32\AKudwGz.exe

C:\Windows\System32\lrQqeqp.exe

C:\Windows\System32\lrQqeqp.exe

C:\Windows\System32\HsRqitS.exe

C:\Windows\System32\HsRqitS.exe

C:\Windows\System32\ZINbFPS.exe

C:\Windows\System32\ZINbFPS.exe

C:\Windows\System32\KvNpnSH.exe

C:\Windows\System32\KvNpnSH.exe

C:\Windows\System32\hhenirl.exe

C:\Windows\System32\hhenirl.exe

C:\Windows\System32\tWtYNGB.exe

C:\Windows\System32\tWtYNGB.exe

C:\Windows\System32\dicUdOq.exe

C:\Windows\System32\dicUdOq.exe

C:\Windows\System32\NRJZEyY.exe

C:\Windows\System32\NRJZEyY.exe

C:\Windows\System32\CSSGpFz.exe

C:\Windows\System32\CSSGpFz.exe

C:\Windows\System32\rOGbbSH.exe

C:\Windows\System32\rOGbbSH.exe

C:\Windows\System32\bKVGOuL.exe

C:\Windows\System32\bKVGOuL.exe

C:\Windows\System32\eayKYga.exe

C:\Windows\System32\eayKYga.exe

C:\Windows\System32\TDjBVur.exe

C:\Windows\System32\TDjBVur.exe

C:\Windows\System32\IVElaeF.exe

C:\Windows\System32\IVElaeF.exe

C:\Windows\System32\YIsrVkL.exe

C:\Windows\System32\YIsrVkL.exe

C:\Windows\System32\WmCcKbl.exe

C:\Windows\System32\WmCcKbl.exe

C:\Windows\System32\cgjieSj.exe

C:\Windows\System32\cgjieSj.exe

C:\Windows\System32\xMiRQWj.exe

C:\Windows\System32\xMiRQWj.exe

C:\Windows\System32\onLoUeg.exe

C:\Windows\System32\onLoUeg.exe

C:\Windows\System32\PfUupak.exe

C:\Windows\System32\PfUupak.exe

C:\Windows\System32\WOabZpU.exe

C:\Windows\System32\WOabZpU.exe

C:\Windows\System32\QFhTbcf.exe

C:\Windows\System32\QFhTbcf.exe

C:\Windows\System32\FhXqsMe.exe

C:\Windows\System32\FhXqsMe.exe

C:\Windows\System32\Lqfhnnt.exe

C:\Windows\System32\Lqfhnnt.exe

C:\Windows\System32\ybbDlTk.exe

C:\Windows\System32\ybbDlTk.exe

C:\Windows\System32\GEgevKA.exe

C:\Windows\System32\GEgevKA.exe

C:\Windows\System32\YuDYWlK.exe

C:\Windows\System32\YuDYWlK.exe

C:\Windows\System32\VNIPXCh.exe

C:\Windows\System32\VNIPXCh.exe

C:\Windows\System32\tnVGGXU.exe

C:\Windows\System32\tnVGGXU.exe

C:\Windows\System32\BXVbXCf.exe

C:\Windows\System32\BXVbXCf.exe

C:\Windows\System32\LtJcOjY.exe

C:\Windows\System32\LtJcOjY.exe

C:\Windows\System32\RHwrJnk.exe

C:\Windows\System32\RHwrJnk.exe

C:\Windows\System32\YgPtuuB.exe

C:\Windows\System32\YgPtuuB.exe

C:\Windows\System32\VdQeSGM.exe

C:\Windows\System32\VdQeSGM.exe

C:\Windows\System32\QGUmiwv.exe

C:\Windows\System32\QGUmiwv.exe

C:\Windows\System32\BVglyny.exe

C:\Windows\System32\BVglyny.exe

C:\Windows\System32\oVAqJbb.exe

C:\Windows\System32\oVAqJbb.exe

C:\Windows\System32\UVnGiNI.exe

C:\Windows\System32\UVnGiNI.exe

C:\Windows\System32\UPbbEmz.exe

C:\Windows\System32\UPbbEmz.exe

C:\Windows\System32\IulxLaH.exe

C:\Windows\System32\IulxLaH.exe

C:\Windows\System32\HCGkjbW.exe

C:\Windows\System32\HCGkjbW.exe

C:\Windows\System32\uJVTKIX.exe

C:\Windows\System32\uJVTKIX.exe

C:\Windows\System32\xCgdQab.exe

C:\Windows\System32\xCgdQab.exe

C:\Windows\System32\AMeYyRh.exe

C:\Windows\System32\AMeYyRh.exe

C:\Windows\System32\VoYQeTn.exe

C:\Windows\System32\VoYQeTn.exe

C:\Windows\System32\WyhlAqG.exe

C:\Windows\System32\WyhlAqG.exe

C:\Windows\System32\vahaMXy.exe

C:\Windows\System32\vahaMXy.exe

C:\Windows\System32\YROMqew.exe

C:\Windows\System32\YROMqew.exe

C:\Windows\System32\rfQVfNs.exe

C:\Windows\System32\rfQVfNs.exe

C:\Windows\System32\DHTRJmW.exe

C:\Windows\System32\DHTRJmW.exe

C:\Windows\System32\JSFMkCe.exe

C:\Windows\System32\JSFMkCe.exe

C:\Windows\System32\WzlulCh.exe

C:\Windows\System32\WzlulCh.exe

C:\Windows\System32\hWIiVNe.exe

C:\Windows\System32\hWIiVNe.exe

C:\Windows\System32\uBfyEIR.exe

C:\Windows\System32\uBfyEIR.exe

C:\Windows\System32\RhJrMDA.exe

C:\Windows\System32\RhJrMDA.exe

C:\Windows\System32\GIDjoGk.exe

C:\Windows\System32\GIDjoGk.exe

C:\Windows\System32\tyLJOgv.exe

C:\Windows\System32\tyLJOgv.exe

C:\Windows\System32\jCueQmi.exe

C:\Windows\System32\jCueQmi.exe

C:\Windows\System32\mQGrNia.exe

C:\Windows\System32\mQGrNia.exe

C:\Windows\System32\EITgcvT.exe

C:\Windows\System32\EITgcvT.exe

C:\Windows\System32\ALzYdDw.exe

C:\Windows\System32\ALzYdDw.exe

C:\Windows\System32\yWBBJqS.exe

C:\Windows\System32\yWBBJqS.exe

C:\Windows\System32\aUIwyLx.exe

C:\Windows\System32\aUIwyLx.exe

C:\Windows\System32\ulztuFt.exe

C:\Windows\System32\ulztuFt.exe

C:\Windows\System32\gyuQQEs.exe

C:\Windows\System32\gyuQQEs.exe

C:\Windows\System32\BetMDfT.exe

C:\Windows\System32\BetMDfT.exe

C:\Windows\System32\auDgURF.exe

C:\Windows\System32\auDgURF.exe

C:\Windows\System32\WLFhViz.exe

C:\Windows\System32\WLFhViz.exe

C:\Windows\System32\QBYJcYe.exe

C:\Windows\System32\QBYJcYe.exe

C:\Windows\System32\BlwaqCb.exe

C:\Windows\System32\BlwaqCb.exe

C:\Windows\System32\GGiYIQd.exe

C:\Windows\System32\GGiYIQd.exe

C:\Windows\System32\lgPWPJv.exe

C:\Windows\System32\lgPWPJv.exe

C:\Windows\System32\JpjXNEV.exe

C:\Windows\System32\JpjXNEV.exe

C:\Windows\System32\fQItIJu.exe

C:\Windows\System32\fQItIJu.exe

C:\Windows\System32\igWIjEk.exe

C:\Windows\System32\igWIjEk.exe

C:\Windows\System32\mJSnfrq.exe

C:\Windows\System32\mJSnfrq.exe

C:\Windows\System32\hgbRPct.exe

C:\Windows\System32\hgbRPct.exe

C:\Windows\System32\WXPMeUK.exe

C:\Windows\System32\WXPMeUK.exe

C:\Windows\System32\YBoQbmQ.exe

C:\Windows\System32\YBoQbmQ.exe

C:\Windows\System32\laFRcwV.exe

C:\Windows\System32\laFRcwV.exe

C:\Windows\System32\kRFyTUp.exe

C:\Windows\System32\kRFyTUp.exe

C:\Windows\System32\vvDxwcv.exe

C:\Windows\System32\vvDxwcv.exe

C:\Windows\System32\TbHFgjH.exe

C:\Windows\System32\TbHFgjH.exe

C:\Windows\System32\SdXSRkS.exe

C:\Windows\System32\SdXSRkS.exe

C:\Windows\System32\LYGezIi.exe

C:\Windows\System32\LYGezIi.exe

C:\Windows\System32\xBZlDlx.exe

C:\Windows\System32\xBZlDlx.exe

C:\Windows\System32\ymsicmP.exe

C:\Windows\System32\ymsicmP.exe

C:\Windows\System32\ufscDSZ.exe

C:\Windows\System32\ufscDSZ.exe

C:\Windows\System32\niSvMGL.exe

C:\Windows\System32\niSvMGL.exe

C:\Windows\System32\aMDdGnt.exe

C:\Windows\System32\aMDdGnt.exe

C:\Windows\System32\AhFmbsM.exe

C:\Windows\System32\AhFmbsM.exe

C:\Windows\System32\JWRzWYg.exe

C:\Windows\System32\JWRzWYg.exe

C:\Windows\System32\jXFQaYE.exe

C:\Windows\System32\jXFQaYE.exe

C:\Windows\System32\PpYldpz.exe

C:\Windows\System32\PpYldpz.exe

C:\Windows\System32\Vhjbtlh.exe

C:\Windows\System32\Vhjbtlh.exe

C:\Windows\System32\Qbcnqxu.exe

C:\Windows\System32\Qbcnqxu.exe

C:\Windows\System32\vGoUgtN.exe

C:\Windows\System32\vGoUgtN.exe

C:\Windows\System32\ueMZINN.exe

C:\Windows\System32\ueMZINN.exe

C:\Windows\System32\nFpvzBd.exe

C:\Windows\System32\nFpvzBd.exe

C:\Windows\System32\hipIyZx.exe

C:\Windows\System32\hipIyZx.exe

C:\Windows\System32\VvZxyTM.exe

C:\Windows\System32\VvZxyTM.exe

C:\Windows\System32\QkirYhH.exe

C:\Windows\System32\QkirYhH.exe

C:\Windows\System32\oXQtura.exe

C:\Windows\System32\oXQtura.exe

C:\Windows\System32\sQnQTyQ.exe

C:\Windows\System32\sQnQTyQ.exe

C:\Windows\System32\EClURYT.exe

C:\Windows\System32\EClURYT.exe

C:\Windows\System32\gcBxNJw.exe

C:\Windows\System32\gcBxNJw.exe

C:\Windows\System32\okatmEq.exe

C:\Windows\System32\okatmEq.exe

C:\Windows\System32\TiuTmLF.exe

C:\Windows\System32\TiuTmLF.exe

C:\Windows\System32\MZBPZuj.exe

C:\Windows\System32\MZBPZuj.exe

C:\Windows\System32\aSagjQm.exe

C:\Windows\System32\aSagjQm.exe

C:\Windows\System32\sQjBErm.exe

C:\Windows\System32\sQjBErm.exe

C:\Windows\System32\abUgsyr.exe

C:\Windows\System32\abUgsyr.exe

C:\Windows\System32\qjhyESb.exe

C:\Windows\System32\qjhyESb.exe

C:\Windows\System32\wmvydHC.exe

C:\Windows\System32\wmvydHC.exe

C:\Windows\System32\icHOXVJ.exe

C:\Windows\System32\icHOXVJ.exe

C:\Windows\System32\ymKVjqu.exe

C:\Windows\System32\ymKVjqu.exe

C:\Windows\System32\sKYdiPf.exe

C:\Windows\System32\sKYdiPf.exe

C:\Windows\System32\DdcfVqc.exe

C:\Windows\System32\DdcfVqc.exe

C:\Windows\System32\oxNwope.exe

C:\Windows\System32\oxNwope.exe

C:\Windows\System32\lhBAFqi.exe

C:\Windows\System32\lhBAFqi.exe

C:\Windows\System32\vKMpbJM.exe

C:\Windows\System32\vKMpbJM.exe

C:\Windows\System32\MCWchha.exe

C:\Windows\System32\MCWchha.exe

C:\Windows\System32\GbZUrWQ.exe

C:\Windows\System32\GbZUrWQ.exe

C:\Windows\System32\rQcUXZO.exe

C:\Windows\System32\rQcUXZO.exe

C:\Windows\System32\uvDQeZC.exe

C:\Windows\System32\uvDQeZC.exe

C:\Windows\System32\WGGfPcW.exe

C:\Windows\System32\WGGfPcW.exe

C:\Windows\System32\cpsTjmB.exe

C:\Windows\System32\cpsTjmB.exe

C:\Windows\System32\XDRFqir.exe

C:\Windows\System32\XDRFqir.exe

C:\Windows\System32\RLqxuDc.exe

C:\Windows\System32\RLqxuDc.exe

C:\Windows\System32\dhIlBqR.exe

C:\Windows\System32\dhIlBqR.exe

C:\Windows\System32\YEWQdAn.exe

C:\Windows\System32\YEWQdAn.exe

C:\Windows\System32\TBoDYWQ.exe

C:\Windows\System32\TBoDYWQ.exe

C:\Windows\System32\HhwojPK.exe

C:\Windows\System32\HhwojPK.exe

C:\Windows\System32\Fszlqbc.exe

C:\Windows\System32\Fszlqbc.exe

C:\Windows\System32\uZvvHBu.exe

C:\Windows\System32\uZvvHBu.exe

C:\Windows\System32\JNGnjit.exe

C:\Windows\System32\JNGnjit.exe

C:\Windows\System32\vaovQjt.exe

C:\Windows\System32\vaovQjt.exe

C:\Windows\System32\xbaTRUW.exe

C:\Windows\System32\xbaTRUW.exe

C:\Windows\System32\AmMfKsp.exe

C:\Windows\System32\AmMfKsp.exe

C:\Windows\System32\AZhXfGf.exe

C:\Windows\System32\AZhXfGf.exe

C:\Windows\System32\EUtiIbS.exe

C:\Windows\System32\EUtiIbS.exe

C:\Windows\System32\rJyEUEK.exe

C:\Windows\System32\rJyEUEK.exe

C:\Windows\System32\bEofiAK.exe

C:\Windows\System32\bEofiAK.exe

C:\Windows\System32\heGaCUj.exe

C:\Windows\System32\heGaCUj.exe

C:\Windows\System32\OJvcNJl.exe

C:\Windows\System32\OJvcNJl.exe

C:\Windows\System32\ohLkRlk.exe

C:\Windows\System32\ohLkRlk.exe

C:\Windows\System32\TekXpYO.exe

C:\Windows\System32\TekXpYO.exe

C:\Windows\System32\vEidFeB.exe

C:\Windows\System32\vEidFeB.exe

C:\Windows\System32\EucKbxe.exe

C:\Windows\System32\EucKbxe.exe

C:\Windows\System32\GZmsyrK.exe

C:\Windows\System32\GZmsyrK.exe

C:\Windows\System32\IIvJksV.exe

C:\Windows\System32\IIvJksV.exe

C:\Windows\System32\ZbOsWSJ.exe

C:\Windows\System32\ZbOsWSJ.exe

C:\Windows\System32\mCBCIlK.exe

C:\Windows\System32\mCBCIlK.exe

C:\Windows\System32\kBsDlsT.exe

C:\Windows\System32\kBsDlsT.exe

C:\Windows\System32\DEVZeRo.exe

C:\Windows\System32\DEVZeRo.exe

C:\Windows\System32\QxBgxGV.exe

C:\Windows\System32\QxBgxGV.exe

C:\Windows\System32\dvhgtfj.exe

C:\Windows\System32\dvhgtfj.exe

C:\Windows\System32\AKEYaim.exe

C:\Windows\System32\AKEYaim.exe

C:\Windows\System32\NnJAkvg.exe

C:\Windows\System32\NnJAkvg.exe

C:\Windows\System32\brcvuNc.exe

C:\Windows\System32\brcvuNc.exe

C:\Windows\System32\DiMWjDN.exe

C:\Windows\System32\DiMWjDN.exe

C:\Windows\System32\xMnItfM.exe

C:\Windows\System32\xMnItfM.exe

C:\Windows\System32\vheEzDW.exe

C:\Windows\System32\vheEzDW.exe

C:\Windows\System32\EpKNWLk.exe

C:\Windows\System32\EpKNWLk.exe

C:\Windows\System32\ShkUQsL.exe

C:\Windows\System32\ShkUQsL.exe

C:\Windows\System32\QPjBAfe.exe

C:\Windows\System32\QPjBAfe.exe

C:\Windows\System32\fIpVtMb.exe

C:\Windows\System32\fIpVtMb.exe

C:\Windows\System32\BRjEYQj.exe

C:\Windows\System32\BRjEYQj.exe

C:\Windows\System32\uYfLToN.exe

C:\Windows\System32\uYfLToN.exe

C:\Windows\System32\vJYOMiC.exe

C:\Windows\System32\vJYOMiC.exe

C:\Windows\System32\DuZuulo.exe

C:\Windows\System32\DuZuulo.exe

C:\Windows\System32\UJxYSeb.exe

C:\Windows\System32\UJxYSeb.exe

C:\Windows\System32\PezyzCW.exe

C:\Windows\System32\PezyzCW.exe

C:\Windows\System32\itkMJbC.exe

C:\Windows\System32\itkMJbC.exe

C:\Windows\System32\MUMMJSL.exe

C:\Windows\System32\MUMMJSL.exe

C:\Windows\System32\DJLCoIp.exe

C:\Windows\System32\DJLCoIp.exe

C:\Windows\System32\XGmVdrv.exe

C:\Windows\System32\XGmVdrv.exe

C:\Windows\System32\nqjqeYI.exe

C:\Windows\System32\nqjqeYI.exe

C:\Windows\System32\cRPBblv.exe

C:\Windows\System32\cRPBblv.exe

C:\Windows\System32\MWuTCRc.exe

C:\Windows\System32\MWuTCRc.exe

C:\Windows\System32\bpYpCfP.exe

C:\Windows\System32\bpYpCfP.exe

C:\Windows\System32\QVJRFZa.exe

C:\Windows\System32\QVJRFZa.exe

C:\Windows\System32\BnoYsvY.exe

C:\Windows\System32\BnoYsvY.exe

C:\Windows\System32\BmkKQzL.exe

C:\Windows\System32\BmkKQzL.exe

C:\Windows\System32\HfELhdy.exe

C:\Windows\System32\HfELhdy.exe

C:\Windows\System32\rEVdiMS.exe

C:\Windows\System32\rEVdiMS.exe

C:\Windows\System32\thNJjcS.exe

C:\Windows\System32\thNJjcS.exe

C:\Windows\System32\NGcbXSH.exe

C:\Windows\System32\NGcbXSH.exe

C:\Windows\System32\EyMeiJy.exe

C:\Windows\System32\EyMeiJy.exe

C:\Windows\System32\CBhqWzY.exe

C:\Windows\System32\CBhqWzY.exe

C:\Windows\System32\NoGwLKK.exe

C:\Windows\System32\NoGwLKK.exe

C:\Windows\System32\FptRZdQ.exe

C:\Windows\System32\FptRZdQ.exe

C:\Windows\System32\xiZkJlB.exe

C:\Windows\System32\xiZkJlB.exe

C:\Windows\System32\DGrxerY.exe

C:\Windows\System32\DGrxerY.exe

C:\Windows\System32\dxWGbdz.exe

C:\Windows\System32\dxWGbdz.exe

C:\Windows\System32\nRybypi.exe

C:\Windows\System32\nRybypi.exe

C:\Windows\System32\KJFTlHB.exe

C:\Windows\System32\KJFTlHB.exe

C:\Windows\System32\pLElfyJ.exe

C:\Windows\System32\pLElfyJ.exe

C:\Windows\System32\MgHUiND.exe

C:\Windows\System32\MgHUiND.exe

C:\Windows\System32\eXGpadG.exe

C:\Windows\System32\eXGpadG.exe

C:\Windows\System32\ahvCMhp.exe

C:\Windows\System32\ahvCMhp.exe

C:\Windows\System32\uoPeDTK.exe

C:\Windows\System32\uoPeDTK.exe

C:\Windows\System32\DXQvDJs.exe

C:\Windows\System32\DXQvDJs.exe

C:\Windows\System32\cXYyosF.exe

C:\Windows\System32\cXYyosF.exe

C:\Windows\System32\vVInHIW.exe

C:\Windows\System32\vVInHIW.exe

C:\Windows\System32\BubMVeW.exe

C:\Windows\System32\BubMVeW.exe

C:\Windows\System32\fIqkZxp.exe

C:\Windows\System32\fIqkZxp.exe

C:\Windows\System32\BKHIVtN.exe

C:\Windows\System32\BKHIVtN.exe

C:\Windows\System32\SeLZCql.exe

C:\Windows\System32\SeLZCql.exe

C:\Windows\System32\asShNeu.exe

C:\Windows\System32\asShNeu.exe

C:\Windows\System32\iNzysrw.exe

C:\Windows\System32\iNzysrw.exe

C:\Windows\System32\eNPXxvC.exe

C:\Windows\System32\eNPXxvC.exe

C:\Windows\System32\yUDKasC.exe

C:\Windows\System32\yUDKasC.exe

C:\Windows\System32\jMpQvsa.exe

C:\Windows\System32\jMpQvsa.exe

C:\Windows\System32\QMeakaz.exe

C:\Windows\System32\QMeakaz.exe

C:\Windows\System32\YICEOwQ.exe

C:\Windows\System32\YICEOwQ.exe

C:\Windows\System32\bYCHsPv.exe

C:\Windows\System32\bYCHsPv.exe

C:\Windows\System32\UjRfFhi.exe

C:\Windows\System32\UjRfFhi.exe

C:\Windows\System32\vqtQrAb.exe

C:\Windows\System32\vqtQrAb.exe

C:\Windows\System32\MVshQja.exe

C:\Windows\System32\MVshQja.exe

C:\Windows\System32\XOPDJYh.exe

C:\Windows\System32\XOPDJYh.exe

C:\Windows\System32\WXlLVIw.exe

C:\Windows\System32\WXlLVIw.exe

C:\Windows\System32\LnJxGEb.exe

C:\Windows\System32\LnJxGEb.exe

C:\Windows\System32\fHOQQqY.exe

C:\Windows\System32\fHOQQqY.exe

C:\Windows\System32\ygryBBn.exe

C:\Windows\System32\ygryBBn.exe

C:\Windows\System32\yDFVfEb.exe

C:\Windows\System32\yDFVfEb.exe

C:\Windows\System32\KYxyRuv.exe

C:\Windows\System32\KYxyRuv.exe

C:\Windows\System32\NthdXEh.exe

C:\Windows\System32\NthdXEh.exe

C:\Windows\System32\ciHPZry.exe

C:\Windows\System32\ciHPZry.exe

C:\Windows\System32\ctobafg.exe

C:\Windows\System32\ctobafg.exe

C:\Windows\System32\wiYAwBp.exe

C:\Windows\System32\wiYAwBp.exe

C:\Windows\System32\BaMkQDa.exe

C:\Windows\System32\BaMkQDa.exe

C:\Windows\System32\vgwhENZ.exe

C:\Windows\System32\vgwhENZ.exe

C:\Windows\System32\hnXlMPu.exe

C:\Windows\System32\hnXlMPu.exe

C:\Windows\System32\ljBotLd.exe

C:\Windows\System32\ljBotLd.exe

C:\Windows\System32\EiDInIt.exe

C:\Windows\System32\EiDInIt.exe

C:\Windows\System32\emWKTcU.exe

C:\Windows\System32\emWKTcU.exe

C:\Windows\System32\CgrkMrR.exe

C:\Windows\System32\CgrkMrR.exe

C:\Windows\System32\xZgsaRt.exe

C:\Windows\System32\xZgsaRt.exe

C:\Windows\System32\dCnwjEK.exe

C:\Windows\System32\dCnwjEK.exe

C:\Windows\System32\KqSHvYA.exe

C:\Windows\System32\KqSHvYA.exe

C:\Windows\System32\dwppjBP.exe

C:\Windows\System32\dwppjBP.exe

C:\Windows\System32\lmUQJfc.exe

C:\Windows\System32\lmUQJfc.exe

C:\Windows\System32\FTtQIsr.exe

C:\Windows\System32\FTtQIsr.exe

C:\Windows\System32\HJWKjcb.exe

C:\Windows\System32\HJWKjcb.exe

C:\Windows\System32\BYELbKY.exe

C:\Windows\System32\BYELbKY.exe

C:\Windows\System32\diCWANv.exe

C:\Windows\System32\diCWANv.exe

C:\Windows\System32\EmMEWak.exe

C:\Windows\System32\EmMEWak.exe

C:\Windows\System32\airvDNO.exe

C:\Windows\System32\airvDNO.exe

C:\Windows\System32\QnrVIqI.exe

C:\Windows\System32\QnrVIqI.exe

C:\Windows\System32\tnKHtED.exe

C:\Windows\System32\tnKHtED.exe

C:\Windows\System32\pBzhWXh.exe

C:\Windows\System32\pBzhWXh.exe

C:\Windows\System32\WdXMPae.exe

C:\Windows\System32\WdXMPae.exe

C:\Windows\System32\VQUmkIW.exe

C:\Windows\System32\VQUmkIW.exe

C:\Windows\System32\kNQfsBs.exe

C:\Windows\System32\kNQfsBs.exe

C:\Windows\System32\OGhzetI.exe

C:\Windows\System32\OGhzetI.exe

C:\Windows\System32\zysVYjc.exe

C:\Windows\System32\zysVYjc.exe

C:\Windows\System32\XsQPkJs.exe

C:\Windows\System32\XsQPkJs.exe

C:\Windows\System32\baPoYzv.exe

C:\Windows\System32\baPoYzv.exe

C:\Windows\System32\dmXjAMx.exe

C:\Windows\System32\dmXjAMx.exe

C:\Windows\System32\OYPXpsL.exe

C:\Windows\System32\OYPXpsL.exe

C:\Windows\System32\BtaFyuw.exe

C:\Windows\System32\BtaFyuw.exe

C:\Windows\System32\waeZVSK.exe

C:\Windows\System32\waeZVSK.exe

C:\Windows\System32\KQDADpi.exe

C:\Windows\System32\KQDADpi.exe

C:\Windows\System32\EBSLUDT.exe

C:\Windows\System32\EBSLUDT.exe

C:\Windows\System32\cPPBEFo.exe

C:\Windows\System32\cPPBEFo.exe

C:\Windows\System32\aQETXYX.exe

C:\Windows\System32\aQETXYX.exe

C:\Windows\System32\DuSrEKo.exe

C:\Windows\System32\DuSrEKo.exe

C:\Windows\System32\LRPCUvu.exe

C:\Windows\System32\LRPCUvu.exe

C:\Windows\System32\rfpQrFo.exe

C:\Windows\System32\rfpQrFo.exe

C:\Windows\System32\uicAsSi.exe

C:\Windows\System32\uicAsSi.exe

C:\Windows\System32\Qhqiuvi.exe

C:\Windows\System32\Qhqiuvi.exe

C:\Windows\System32\gNeYgXr.exe

C:\Windows\System32\gNeYgXr.exe

C:\Windows\System32\LVktKie.exe

C:\Windows\System32\LVktKie.exe

C:\Windows\System32\mMSdSkA.exe

C:\Windows\System32\mMSdSkA.exe

C:\Windows\System32\foEzegz.exe

C:\Windows\System32\foEzegz.exe

C:\Windows\System32\bhInqwZ.exe

C:\Windows\System32\bhInqwZ.exe

C:\Windows\System32\wDoNOJR.exe

C:\Windows\System32\wDoNOJR.exe

C:\Windows\System32\veIiADn.exe

C:\Windows\System32\veIiADn.exe

C:\Windows\System32\swykIfW.exe

C:\Windows\System32\swykIfW.exe

C:\Windows\System32\yYKXroO.exe

C:\Windows\System32\yYKXroO.exe

C:\Windows\System32\WctuEtP.exe

C:\Windows\System32\WctuEtP.exe

C:\Windows\System32\bcngCYJ.exe

C:\Windows\System32\bcngCYJ.exe

C:\Windows\System32\fHrYTHo.exe

C:\Windows\System32\fHrYTHo.exe

C:\Windows\System32\ytWEbSu.exe

C:\Windows\System32\ytWEbSu.exe

C:\Windows\System32\cwPbqzh.exe

C:\Windows\System32\cwPbqzh.exe

C:\Windows\System32\PIZgFlY.exe

C:\Windows\System32\PIZgFlY.exe

C:\Windows\System32\bKFlktA.exe

C:\Windows\System32\bKFlktA.exe

C:\Windows\System32\TPpBQuq.exe

C:\Windows\System32\TPpBQuq.exe

C:\Windows\System32\xkKgtlo.exe

C:\Windows\System32\xkKgtlo.exe

C:\Windows\System32\uesUJIS.exe

C:\Windows\System32\uesUJIS.exe

C:\Windows\System32\nfcILtn.exe

C:\Windows\System32\nfcILtn.exe

C:\Windows\System32\VfDDMrM.exe

C:\Windows\System32\VfDDMrM.exe

C:\Windows\System32\sLXhXMB.exe

C:\Windows\System32\sLXhXMB.exe

C:\Windows\System32\bvjmztt.exe

C:\Windows\System32\bvjmztt.exe

C:\Windows\System32\aHlxeIP.exe

C:\Windows\System32\aHlxeIP.exe

C:\Windows\System32\aFhOWsx.exe

C:\Windows\System32\aFhOWsx.exe

C:\Windows\System32\kWcyLjC.exe

C:\Windows\System32\kWcyLjC.exe

C:\Windows\System32\YkWOtzF.exe

C:\Windows\System32\YkWOtzF.exe

C:\Windows\System32\NkIjHtx.exe

C:\Windows\System32\NkIjHtx.exe

C:\Windows\System32\hhPmBYV.exe

C:\Windows\System32\hhPmBYV.exe

C:\Windows\System32\SjsdJRT.exe

C:\Windows\System32\SjsdJRT.exe

C:\Windows\System32\FMLomkw.exe

C:\Windows\System32\FMLomkw.exe

C:\Windows\System32\jPcvLun.exe

C:\Windows\System32\jPcvLun.exe

C:\Windows\System32\cvxbxhK.exe

C:\Windows\System32\cvxbxhK.exe

C:\Windows\System32\svHGLlb.exe

C:\Windows\System32\svHGLlb.exe

C:\Windows\System32\frmrOXs.exe

C:\Windows\System32\frmrOXs.exe

C:\Windows\System32\DLkHnXD.exe

C:\Windows\System32\DLkHnXD.exe

C:\Windows\System32\SEJrGTm.exe

C:\Windows\System32\SEJrGTm.exe

C:\Windows\System32\jTUqftN.exe

C:\Windows\System32\jTUqftN.exe

C:\Windows\System32\aGoUUmM.exe

C:\Windows\System32\aGoUUmM.exe

C:\Windows\System32\MmRrRub.exe

C:\Windows\System32\MmRrRub.exe

C:\Windows\System32\iOpSdxa.exe

C:\Windows\System32\iOpSdxa.exe

C:\Windows\System32\joxLtYD.exe

C:\Windows\System32\joxLtYD.exe

C:\Windows\System32\dBMpFpD.exe

C:\Windows\System32\dBMpFpD.exe

C:\Windows\System32\nqxZZkM.exe

C:\Windows\System32\nqxZZkM.exe

C:\Windows\System32\ZsibPld.exe

C:\Windows\System32\ZsibPld.exe

C:\Windows\System32\dzVSwOj.exe

C:\Windows\System32\dzVSwOj.exe

C:\Windows\System32\xzaBpcf.exe

C:\Windows\System32\xzaBpcf.exe

C:\Windows\System32\MTPcJPT.exe

C:\Windows\System32\MTPcJPT.exe

C:\Windows\System32\PouyiwH.exe

C:\Windows\System32\PouyiwH.exe

C:\Windows\System32\ZolYKup.exe

C:\Windows\System32\ZolYKup.exe

C:\Windows\System32\MexLAzv.exe

C:\Windows\System32\MexLAzv.exe

C:\Windows\System32\ZIPtzTW.exe

C:\Windows\System32\ZIPtzTW.exe

C:\Windows\System32\hbWcXAB.exe

C:\Windows\System32\hbWcXAB.exe

C:\Windows\System32\xDtCcsq.exe

C:\Windows\System32\xDtCcsq.exe

C:\Windows\System32\CRoDMCy.exe

C:\Windows\System32\CRoDMCy.exe

C:\Windows\System32\jxyPWyN.exe

C:\Windows\System32\jxyPWyN.exe

C:\Windows\System32\kzIzwMq.exe

C:\Windows\System32\kzIzwMq.exe

C:\Windows\System32\twWySjM.exe

C:\Windows\System32\twWySjM.exe

C:\Windows\System32\RluLUwx.exe

C:\Windows\System32\RluLUwx.exe

C:\Windows\System32\bomrUHs.exe

C:\Windows\System32\bomrUHs.exe

C:\Windows\System32\ykUgHLw.exe

C:\Windows\System32\ykUgHLw.exe

C:\Windows\System32\hYgKDuu.exe

C:\Windows\System32\hYgKDuu.exe

C:\Windows\System32\aeFPWXb.exe

C:\Windows\System32\aeFPWXb.exe

C:\Windows\System32\ogCBNfW.exe

C:\Windows\System32\ogCBNfW.exe

C:\Windows\System32\pZxeNHG.exe

C:\Windows\System32\pZxeNHG.exe

C:\Windows\System32\yvWQjea.exe

C:\Windows\System32\yvWQjea.exe

C:\Windows\System32\ReWZmjQ.exe

C:\Windows\System32\ReWZmjQ.exe

C:\Windows\System32\PYslTNe.exe

C:\Windows\System32\PYslTNe.exe

C:\Windows\System32\hZlFxeE.exe

C:\Windows\System32\hZlFxeE.exe

C:\Windows\System32\ZWsubBn.exe

C:\Windows\System32\ZWsubBn.exe

C:\Windows\System32\LOdkccI.exe

C:\Windows\System32\LOdkccI.exe

C:\Windows\System32\UHEKVRv.exe

C:\Windows\System32\UHEKVRv.exe

C:\Windows\System32\oxqRPSd.exe

C:\Windows\System32\oxqRPSd.exe

C:\Windows\System32\GZUAkMI.exe

C:\Windows\System32\GZUAkMI.exe

C:\Windows\System32\rKapHKj.exe

C:\Windows\System32\rKapHKj.exe

C:\Windows\System32\cjcOPsY.exe

C:\Windows\System32\cjcOPsY.exe

C:\Windows\System32\MjnFcVa.exe

C:\Windows\System32\MjnFcVa.exe

C:\Windows\System32\SVCrRdm.exe

C:\Windows\System32\SVCrRdm.exe

C:\Windows\System32\JPflAdG.exe

C:\Windows\System32\JPflAdG.exe

C:\Windows\System32\nRtwySr.exe

C:\Windows\System32\nRtwySr.exe

C:\Windows\System32\KPuzfnC.exe

C:\Windows\System32\KPuzfnC.exe

C:\Windows\System32\KDCSTGG.exe

C:\Windows\System32\KDCSTGG.exe

C:\Windows\System32\OFJcDPB.exe

C:\Windows\System32\OFJcDPB.exe

C:\Windows\System32\cGVJsay.exe

C:\Windows\System32\cGVJsay.exe

C:\Windows\System32\rMpcduF.exe

C:\Windows\System32\rMpcduF.exe

C:\Windows\System32\IkepZjd.exe

C:\Windows\System32\IkepZjd.exe

C:\Windows\System32\QlhmrQt.exe

C:\Windows\System32\QlhmrQt.exe

C:\Windows\System32\qEYCCvQ.exe

C:\Windows\System32\qEYCCvQ.exe

C:\Windows\System32\nvINYMT.exe

C:\Windows\System32\nvINYMT.exe

C:\Windows\System32\mfNzTCM.exe

C:\Windows\System32\mfNzTCM.exe

C:\Windows\System32\ToApcQN.exe

C:\Windows\System32\ToApcQN.exe

C:\Windows\System32\ogFQHWe.exe

C:\Windows\System32\ogFQHWe.exe

C:\Windows\System32\NdwQBRx.exe

C:\Windows\System32\NdwQBRx.exe

C:\Windows\System32\ixyrthk.exe

C:\Windows\System32\ixyrthk.exe

C:\Windows\System32\msCqPrU.exe

C:\Windows\System32\msCqPrU.exe

C:\Windows\System32\ZIeCixi.exe

C:\Windows\System32\ZIeCixi.exe

C:\Windows\System32\ruvbexO.exe

C:\Windows\System32\ruvbexO.exe

C:\Windows\System32\GBgmIVA.exe

C:\Windows\System32\GBgmIVA.exe

C:\Windows\System32\hjBLJgo.exe

C:\Windows\System32\hjBLJgo.exe

C:\Windows\System32\zIxlZig.exe

C:\Windows\System32\zIxlZig.exe

C:\Windows\System32\eGkNQQj.exe

C:\Windows\System32\eGkNQQj.exe

C:\Windows\System32\wlllhBB.exe

C:\Windows\System32\wlllhBB.exe

C:\Windows\System32\SVUndOR.exe

C:\Windows\System32\SVUndOR.exe

C:\Windows\System32\bZzbDYu.exe

C:\Windows\System32\bZzbDYu.exe

C:\Windows\System32\ggGsLwo.exe

C:\Windows\System32\ggGsLwo.exe

C:\Windows\System32\cXRILan.exe

C:\Windows\System32\cXRILan.exe

C:\Windows\System32\RWIszcS.exe

C:\Windows\System32\RWIszcS.exe

C:\Windows\System32\XAWYVog.exe

C:\Windows\System32\XAWYVog.exe

C:\Windows\System32\jyfGwKT.exe

C:\Windows\System32\jyfGwKT.exe

C:\Windows\System32\ttzXyDT.exe

C:\Windows\System32\ttzXyDT.exe

C:\Windows\System32\pbKayqc.exe

C:\Windows\System32\pbKayqc.exe

C:\Windows\System32\yUVjSSy.exe

C:\Windows\System32\yUVjSSy.exe

C:\Windows\System32\lgzkBpk.exe

C:\Windows\System32\lgzkBpk.exe

C:\Windows\System32\leMrwXz.exe

C:\Windows\System32\leMrwXz.exe

C:\Windows\System32\OGQypZJ.exe

C:\Windows\System32\OGQypZJ.exe

C:\Windows\System32\DlGRadj.exe

C:\Windows\System32\DlGRadj.exe

C:\Windows\System32\dleNPVZ.exe

C:\Windows\System32\dleNPVZ.exe

C:\Windows\System32\NkWITEs.exe

C:\Windows\System32\NkWITEs.exe

C:\Windows\System32\CORtrNO.exe

C:\Windows\System32\CORtrNO.exe

C:\Windows\System32\IxNLvGo.exe

C:\Windows\System32\IxNLvGo.exe

C:\Windows\System32\ueZVsWu.exe

C:\Windows\System32\ueZVsWu.exe

C:\Windows\System32\oyUdLoA.exe

C:\Windows\System32\oyUdLoA.exe

C:\Windows\System32\gFJcwXm.exe

C:\Windows\System32\gFJcwXm.exe

C:\Windows\System32\ibCqdQi.exe

C:\Windows\System32\ibCqdQi.exe

C:\Windows\System32\lDOgsFy.exe

C:\Windows\System32\lDOgsFy.exe

C:\Windows\System32\LIgIGVX.exe

C:\Windows\System32\LIgIGVX.exe

C:\Windows\System32\BjptqXG.exe

C:\Windows\System32\BjptqXG.exe

C:\Windows\System32\ATPdPph.exe

C:\Windows\System32\ATPdPph.exe

C:\Windows\System32\HbmunfC.exe

C:\Windows\System32\HbmunfC.exe

C:\Windows\System32\Onalwek.exe

C:\Windows\System32\Onalwek.exe

C:\Windows\System32\RgIGbPH.exe

C:\Windows\System32\RgIGbPH.exe

C:\Windows\System32\UyjWzRm.exe

C:\Windows\System32\UyjWzRm.exe

C:\Windows\System32\miHTNll.exe

C:\Windows\System32\miHTNll.exe

C:\Windows\System32\PwiMaiJ.exe

C:\Windows\System32\PwiMaiJ.exe

C:\Windows\System32\WjZppou.exe

C:\Windows\System32\WjZppou.exe

C:\Windows\System32\PuvYLbb.exe

C:\Windows\System32\PuvYLbb.exe

C:\Windows\System32\vIVLUnJ.exe

C:\Windows\System32\vIVLUnJ.exe

C:\Windows\System32\MVKIbUn.exe

C:\Windows\System32\MVKIbUn.exe

C:\Windows\System32\rTCrWWk.exe

C:\Windows\System32\rTCrWWk.exe

C:\Windows\System32\TMdWecV.exe

C:\Windows\System32\TMdWecV.exe

C:\Windows\System32\ilkiDHC.exe

C:\Windows\System32\ilkiDHC.exe

C:\Windows\System32\gpTdOUJ.exe

C:\Windows\System32\gpTdOUJ.exe

C:\Windows\System32\BodBfmN.exe

C:\Windows\System32\BodBfmN.exe

C:\Windows\System32\znPeGEg.exe

C:\Windows\System32\znPeGEg.exe

C:\Windows\System32\jGXjywI.exe

C:\Windows\System32\jGXjywI.exe

C:\Windows\System32\KfZrFjh.exe

C:\Windows\System32\KfZrFjh.exe

C:\Windows\System32\OCvzsrz.exe

C:\Windows\System32\OCvzsrz.exe

C:\Windows\System32\DoKRxSO.exe

C:\Windows\System32\DoKRxSO.exe

C:\Windows\System32\sIgSRJx.exe

C:\Windows\System32\sIgSRJx.exe

C:\Windows\System32\hyXNKDw.exe

C:\Windows\System32\hyXNKDw.exe

C:\Windows\System32\woaImAK.exe

C:\Windows\System32\woaImAK.exe

C:\Windows\System32\HshUwjg.exe

C:\Windows\System32\HshUwjg.exe

C:\Windows\System32\ikrnXvV.exe

C:\Windows\System32\ikrnXvV.exe

C:\Windows\System32\OOFyHtb.exe

C:\Windows\System32\OOFyHtb.exe

C:\Windows\System32\aQDtNTf.exe

C:\Windows\System32\aQDtNTf.exe

C:\Windows\System32\CqgokTM.exe

C:\Windows\System32\CqgokTM.exe

C:\Windows\System32\cQLZjwg.exe

C:\Windows\System32\cQLZjwg.exe

C:\Windows\System32\ODsNLqd.exe

C:\Windows\System32\ODsNLqd.exe

C:\Windows\System32\aSHftdR.exe

C:\Windows\System32\aSHftdR.exe

C:\Windows\System32\jcymSZJ.exe

C:\Windows\System32\jcymSZJ.exe

C:\Windows\System32\RfYJgYi.exe

C:\Windows\System32\RfYJgYi.exe

C:\Windows\System32\GvkEZAW.exe

C:\Windows\System32\GvkEZAW.exe

C:\Windows\System32\LyNoNXe.exe

C:\Windows\System32\LyNoNXe.exe

C:\Windows\System32\OuCuYYb.exe

C:\Windows\System32\OuCuYYb.exe

C:\Windows\System32\ywZEsGQ.exe

C:\Windows\System32\ywZEsGQ.exe

C:\Windows\System32\tjjZRvM.exe

C:\Windows\System32\tjjZRvM.exe

C:\Windows\System32\MRIutHU.exe

C:\Windows\System32\MRIutHU.exe

C:\Windows\System32\zQfvuLw.exe

C:\Windows\System32\zQfvuLw.exe

C:\Windows\System32\tYDdlPL.exe

C:\Windows\System32\tYDdlPL.exe

C:\Windows\System32\rHlctrQ.exe

C:\Windows\System32\rHlctrQ.exe

C:\Windows\System32\ZvcYMUU.exe

C:\Windows\System32\ZvcYMUU.exe

C:\Windows\System32\BQiioby.exe

C:\Windows\System32\BQiioby.exe

C:\Windows\System32\Kgtywsw.exe

C:\Windows\System32\Kgtywsw.exe

C:\Windows\System32\yjusfUK.exe

C:\Windows\System32\yjusfUK.exe

C:\Windows\System32\GUhCXwF.exe

C:\Windows\System32\GUhCXwF.exe

C:\Windows\System32\UMhalrX.exe

C:\Windows\System32\UMhalrX.exe

C:\Windows\System32\JpDSoFu.exe

C:\Windows\System32\JpDSoFu.exe

C:\Windows\System32\rlDaKXL.exe

C:\Windows\System32\rlDaKXL.exe

C:\Windows\System32\MmBmgpi.exe

C:\Windows\System32\MmBmgpi.exe

C:\Windows\System32\rDBUhLq.exe

C:\Windows\System32\rDBUhLq.exe

C:\Windows\System32\xnXbiPZ.exe

C:\Windows\System32\xnXbiPZ.exe

C:\Windows\System32\KlTWlhh.exe

C:\Windows\System32\KlTWlhh.exe

C:\Windows\System32\lIilfks.exe

C:\Windows\System32\lIilfks.exe

C:\Windows\System32\wRyPGfZ.exe

C:\Windows\System32\wRyPGfZ.exe

C:\Windows\System32\qHtmMOn.exe

C:\Windows\System32\qHtmMOn.exe

C:\Windows\System32\xVWzdJF.exe

C:\Windows\System32\xVWzdJF.exe

C:\Windows\System32\jZgSiym.exe

C:\Windows\System32\jZgSiym.exe

C:\Windows\System32\yjVPNpM.exe

C:\Windows\System32\yjVPNpM.exe

C:\Windows\System32\NipAblj.exe

C:\Windows\System32\NipAblj.exe

C:\Windows\System32\dTmuHly.exe

C:\Windows\System32\dTmuHly.exe

C:\Windows\System32\WlINJTW.exe

C:\Windows\System32\WlINJTW.exe

C:\Windows\System32\EZJlfRb.exe

C:\Windows\System32\EZJlfRb.exe

C:\Windows\System32\YSTZJWX.exe

C:\Windows\System32\YSTZJWX.exe

C:\Windows\System32\BFmBFxb.exe

C:\Windows\System32\BFmBFxb.exe

C:\Windows\System32\hCPPDxN.exe

C:\Windows\System32\hCPPDxN.exe

C:\Windows\System32\UddWURr.exe

C:\Windows\System32\UddWURr.exe

C:\Windows\System32\ISriAOp.exe

C:\Windows\System32\ISriAOp.exe

C:\Windows\System32\IuVCfMF.exe

C:\Windows\System32\IuVCfMF.exe

C:\Windows\System32\jSlFZVG.exe

C:\Windows\System32\jSlFZVG.exe

C:\Windows\System32\LVzmwgr.exe

C:\Windows\System32\LVzmwgr.exe

C:\Windows\System32\JUDyIcD.exe

C:\Windows\System32\JUDyIcD.exe

C:\Windows\System32\lKzXLjW.exe

C:\Windows\System32\lKzXLjW.exe

C:\Windows\System32\PorJATr.exe

C:\Windows\System32\PorJATr.exe

C:\Windows\System32\wrJlGHD.exe

C:\Windows\System32\wrJlGHD.exe

C:\Windows\System32\ljmwgKY.exe

C:\Windows\System32\ljmwgKY.exe

C:\Windows\System32\qkUaJUA.exe

C:\Windows\System32\qkUaJUA.exe

C:\Windows\System32\MauAqdV.exe

C:\Windows\System32\MauAqdV.exe

C:\Windows\System32\TdVGwgV.exe

C:\Windows\System32\TdVGwgV.exe

C:\Windows\System32\qSqSVJa.exe

C:\Windows\System32\qSqSVJa.exe

C:\Windows\System32\zOPHrrF.exe

C:\Windows\System32\zOPHrrF.exe

C:\Windows\System32\KYeAetA.exe

C:\Windows\System32\KYeAetA.exe

C:\Windows\System32\hWeAWOP.exe

C:\Windows\System32\hWeAWOP.exe

C:\Windows\System32\ykQYyPo.exe

C:\Windows\System32\ykQYyPo.exe

C:\Windows\System32\NClFJlq.exe

C:\Windows\System32\NClFJlq.exe

C:\Windows\System32\xtuyaTt.exe

C:\Windows\System32\xtuyaTt.exe

C:\Windows\System32\kwKzcdX.exe

C:\Windows\System32\kwKzcdX.exe

C:\Windows\System32\TGkvZJd.exe

C:\Windows\System32\TGkvZJd.exe

C:\Windows\System32\kjAznET.exe

C:\Windows\System32\kjAznET.exe

C:\Windows\System32\qoQRIMt.exe

C:\Windows\System32\qoQRIMt.exe

C:\Windows\System32\uhPPFAP.exe

C:\Windows\System32\uhPPFAP.exe

C:\Windows\System32\EqOkcgT.exe

C:\Windows\System32\EqOkcgT.exe

C:\Windows\System32\CxksjhM.exe

C:\Windows\System32\CxksjhM.exe

C:\Windows\System32\IWkWamQ.exe

C:\Windows\System32\IWkWamQ.exe

C:\Windows\System32\lobrFbb.exe

C:\Windows\System32\lobrFbb.exe

C:\Windows\System32\AhodGUw.exe

C:\Windows\System32\AhodGUw.exe

C:\Windows\System32\wMDFSDB.exe

C:\Windows\System32\wMDFSDB.exe

C:\Windows\System32\ReiCgwo.exe

C:\Windows\System32\ReiCgwo.exe

C:\Windows\System32\HzmdvRi.exe

C:\Windows\System32\HzmdvRi.exe

C:\Windows\System32\iiYbGmI.exe

C:\Windows\System32\iiYbGmI.exe

C:\Windows\System32\XtjOQei.exe

C:\Windows\System32\XtjOQei.exe

C:\Windows\System32\ImLPBGA.exe

C:\Windows\System32\ImLPBGA.exe

C:\Windows\System32\bnjkkdo.exe

C:\Windows\System32\bnjkkdo.exe

C:\Windows\System32\ApKYERb.exe

C:\Windows\System32\ApKYERb.exe

C:\Windows\System32\pBoSrQu.exe

C:\Windows\System32\pBoSrQu.exe

C:\Windows\System32\OMCEOOt.exe

C:\Windows\System32\OMCEOOt.exe

C:\Windows\System32\ReRqUHQ.exe

C:\Windows\System32\ReRqUHQ.exe

C:\Windows\System32\MZMeSgI.exe

C:\Windows\System32\MZMeSgI.exe

C:\Windows\System32\GEKuxkE.exe

C:\Windows\System32\GEKuxkE.exe

C:\Windows\System32\WvEUBeE.exe

C:\Windows\System32\WvEUBeE.exe

C:\Windows\System32\bkyyiuU.exe

C:\Windows\System32\bkyyiuU.exe

C:\Windows\System32\PcGGvCh.exe

C:\Windows\System32\PcGGvCh.exe

C:\Windows\System32\QutaovL.exe

C:\Windows\System32\QutaovL.exe

C:\Windows\System32\SxrzmWH.exe

C:\Windows\System32\SxrzmWH.exe

C:\Windows\System32\BCGuAZW.exe

C:\Windows\System32\BCGuAZW.exe

C:\Windows\System32\FltpCEs.exe

C:\Windows\System32\FltpCEs.exe

C:\Windows\System32\DmmJBYN.exe

C:\Windows\System32\DmmJBYN.exe

C:\Windows\System32\ZgZTCDA.exe

C:\Windows\System32\ZgZTCDA.exe

C:\Windows\System32\tQMkvBO.exe

C:\Windows\System32\tQMkvBO.exe

C:\Windows\System32\geculvi.exe

C:\Windows\System32\geculvi.exe

C:\Windows\System32\EXWEbeg.exe

C:\Windows\System32\EXWEbeg.exe

C:\Windows\System32\GVdhWQB.exe

C:\Windows\System32\GVdhWQB.exe

C:\Windows\System32\txwDCxQ.exe

C:\Windows\System32\txwDCxQ.exe

C:\Windows\System32\tlOtdub.exe

C:\Windows\System32\tlOtdub.exe

C:\Windows\System32\MjAWuPp.exe

C:\Windows\System32\MjAWuPp.exe

C:\Windows\System32\NqiMobH.exe

C:\Windows\System32\NqiMobH.exe

C:\Windows\System32\takexGQ.exe

C:\Windows\System32\takexGQ.exe

C:\Windows\System32\iEDHLRt.exe

C:\Windows\System32\iEDHLRt.exe

C:\Windows\System32\aQsbage.exe

C:\Windows\System32\aQsbage.exe

C:\Windows\System32\pDXhVMz.exe

C:\Windows\System32\pDXhVMz.exe

C:\Windows\System32\WaPVxdR.exe

C:\Windows\System32\WaPVxdR.exe

C:\Windows\System32\epDqZtB.exe

C:\Windows\System32\epDqZtB.exe

C:\Windows\System32\CQRZehl.exe

C:\Windows\System32\CQRZehl.exe

C:\Windows\System32\yeDjqYS.exe

C:\Windows\System32\yeDjqYS.exe

C:\Windows\System32\LcsuPiN.exe

C:\Windows\System32\LcsuPiN.exe

C:\Windows\System32\RDEdcQp.exe

C:\Windows\System32\RDEdcQp.exe

C:\Windows\System32\LVjoHVf.exe

C:\Windows\System32\LVjoHVf.exe

C:\Windows\System32\gYJfbaa.exe

C:\Windows\System32\gYJfbaa.exe

C:\Windows\System32\MgoXGSW.exe

C:\Windows\System32\MgoXGSW.exe

C:\Windows\System32\sMyzjmG.exe

C:\Windows\System32\sMyzjmG.exe

C:\Windows\System32\xnPpOzO.exe

C:\Windows\System32\xnPpOzO.exe

C:\Windows\System32\geWhWpS.exe

C:\Windows\System32\geWhWpS.exe

C:\Windows\System32\XnwqMlO.exe

C:\Windows\System32\XnwqMlO.exe

C:\Windows\System32\fbxToRd.exe

C:\Windows\System32\fbxToRd.exe

C:\Windows\System32\rlxZRzi.exe

C:\Windows\System32\rlxZRzi.exe

C:\Windows\System32\almhPtA.exe

C:\Windows\System32\almhPtA.exe

C:\Windows\System32\cLtRvFm.exe

C:\Windows\System32\cLtRvFm.exe

C:\Windows\System32\IHwSxOn.exe

C:\Windows\System32\IHwSxOn.exe

C:\Windows\System32\yXUSORM.exe

C:\Windows\System32\yXUSORM.exe

C:\Windows\System32\tQxmNZp.exe

C:\Windows\System32\tQxmNZp.exe

C:\Windows\System32\RXIzXIW.exe

C:\Windows\System32\RXIzXIW.exe

C:\Windows\System32\KRdenPO.exe

C:\Windows\System32\KRdenPO.exe

C:\Windows\System32\QZWzPzw.exe

C:\Windows\System32\QZWzPzw.exe

C:\Windows\System32\JPBShqJ.exe

C:\Windows\System32\JPBShqJ.exe

C:\Windows\System32\cysQNoL.exe

C:\Windows\System32\cysQNoL.exe

C:\Windows\System32\EZnTqCk.exe

C:\Windows\System32\EZnTqCk.exe

C:\Windows\System32\DupbNWn.exe

C:\Windows\System32\DupbNWn.exe

C:\Windows\System32\IjIAfkT.exe

C:\Windows\System32\IjIAfkT.exe

C:\Windows\System32\PUIgGvo.exe

C:\Windows\System32\PUIgGvo.exe

C:\Windows\System32\mNkQFfr.exe

C:\Windows\System32\mNkQFfr.exe

C:\Windows\System32\EyxxECG.exe

C:\Windows\System32\EyxxECG.exe

C:\Windows\System32\LxNMqGp.exe

C:\Windows\System32\LxNMqGp.exe

C:\Windows\System32\GBpnCvv.exe

C:\Windows\System32\GBpnCvv.exe

C:\Windows\System32\mgrDSvw.exe

C:\Windows\System32\mgrDSvw.exe

C:\Windows\System32\RyDgQjr.exe

C:\Windows\System32\RyDgQjr.exe

C:\Windows\System32\qpZuOWB.exe

C:\Windows\System32\qpZuOWB.exe

C:\Windows\System32\bVxmoLA.exe

C:\Windows\System32\bVxmoLA.exe

C:\Windows\System32\NElNeHg.exe

C:\Windows\System32\NElNeHg.exe

C:\Windows\System32\FZyPVsR.exe

C:\Windows\System32\FZyPVsR.exe

C:\Windows\System32\iwphTKy.exe

C:\Windows\System32\iwphTKy.exe

C:\Windows\System32\MNEhcaA.exe

C:\Windows\System32\MNEhcaA.exe

C:\Windows\System32\vPgnSdf.exe

C:\Windows\System32\vPgnSdf.exe

C:\Windows\System32\nZfNtBp.exe

C:\Windows\System32\nZfNtBp.exe

C:\Windows\System32\XUNIGvY.exe

C:\Windows\System32\XUNIGvY.exe

C:\Windows\System32\hXAeKuX.exe

C:\Windows\System32\hXAeKuX.exe

C:\Windows\System32\XIIVupV.exe

C:\Windows\System32\XIIVupV.exe

C:\Windows\System32\XMWymfd.exe

C:\Windows\System32\XMWymfd.exe

C:\Windows\System32\MIBAVoi.exe

C:\Windows\System32\MIBAVoi.exe

C:\Windows\System32\uITvDaH.exe

C:\Windows\System32\uITvDaH.exe

C:\Windows\System32\VqRAVxK.exe

C:\Windows\System32\VqRAVxK.exe

C:\Windows\System32\bahxjgE.exe

C:\Windows\System32\bahxjgE.exe

C:\Windows\System32\keoJWZU.exe

C:\Windows\System32\keoJWZU.exe

C:\Windows\System32\PsfuvWq.exe

C:\Windows\System32\PsfuvWq.exe

C:\Windows\System32\xvroFzp.exe

C:\Windows\System32\xvroFzp.exe

C:\Windows\System32\ZWWsVWH.exe

C:\Windows\System32\ZWWsVWH.exe

C:\Windows\System32\yQcAkvb.exe

C:\Windows\System32\yQcAkvb.exe

C:\Windows\System32\uJVWPZh.exe

C:\Windows\System32\uJVWPZh.exe

C:\Windows\System32\VPnukZy.exe

C:\Windows\System32\VPnukZy.exe

C:\Windows\System32\GmQFHeU.exe

C:\Windows\System32\GmQFHeU.exe

C:\Windows\System32\mgcNsaN.exe

C:\Windows\System32\mgcNsaN.exe

C:\Windows\System32\VAYkIgp.exe

C:\Windows\System32\VAYkIgp.exe

C:\Windows\System32\zbOYOog.exe

C:\Windows\System32\zbOYOog.exe

C:\Windows\System32\SNesfeT.exe

C:\Windows\System32\SNesfeT.exe

C:\Windows\System32\FIoXdtX.exe

C:\Windows\System32\FIoXdtX.exe

C:\Windows\System32\qRbOewQ.exe

C:\Windows\System32\qRbOewQ.exe

C:\Windows\System32\odRWUVU.exe

C:\Windows\System32\odRWUVU.exe

C:\Windows\System32\AZGtIzY.exe

C:\Windows\System32\AZGtIzY.exe

C:\Windows\System32\rAkIuMY.exe

C:\Windows\System32\rAkIuMY.exe

C:\Windows\System32\nGmlIFv.exe

C:\Windows\System32\nGmlIFv.exe

C:\Windows\System32\nOAuFgh.exe

C:\Windows\System32\nOAuFgh.exe

C:\Windows\System32\YhnErrV.exe

C:\Windows\System32\YhnErrV.exe

C:\Windows\System32\UUlvxLI.exe

C:\Windows\System32\UUlvxLI.exe

C:\Windows\System32\FSSrGly.exe

C:\Windows\System32\FSSrGly.exe

C:\Windows\System32\PxXrUYn.exe

C:\Windows\System32\PxXrUYn.exe

C:\Windows\System32\DOzceuD.exe

C:\Windows\System32\DOzceuD.exe

C:\Windows\System32\XzNltAJ.exe

C:\Windows\System32\XzNltAJ.exe

C:\Windows\System32\EIpzbcB.exe

C:\Windows\System32\EIpzbcB.exe

C:\Windows\System32\TfzzbAa.exe

C:\Windows\System32\TfzzbAa.exe

C:\Windows\System32\kCxZrOs.exe

C:\Windows\System32\kCxZrOs.exe

C:\Windows\System32\Kmwudbn.exe

C:\Windows\System32\Kmwudbn.exe

C:\Windows\System32\yhoRAoB.exe

C:\Windows\System32\yhoRAoB.exe

C:\Windows\System32\ijDezbY.exe

C:\Windows\System32\ijDezbY.exe

C:\Windows\System32\Tvpwtuw.exe

C:\Windows\System32\Tvpwtuw.exe

C:\Windows\System32\qYPYJox.exe

C:\Windows\System32\qYPYJox.exe

C:\Windows\System32\GiMHPBP.exe

C:\Windows\System32\GiMHPBP.exe

C:\Windows\System32\MuVYudw.exe

C:\Windows\System32\MuVYudw.exe

C:\Windows\System32\WZDmfRO.exe

C:\Windows\System32\WZDmfRO.exe

C:\Windows\System32\FWgrMGN.exe

C:\Windows\System32\FWgrMGN.exe

C:\Windows\System32\UxNcKoN.exe

C:\Windows\System32\UxNcKoN.exe

C:\Windows\System32\bCdejyJ.exe

C:\Windows\System32\bCdejyJ.exe

C:\Windows\System32\Dbvbtgs.exe

C:\Windows\System32\Dbvbtgs.exe

C:\Windows\System32\zmbFFhw.exe

C:\Windows\System32\zmbFFhw.exe

C:\Windows\System32\ePHeBlc.exe

C:\Windows\System32\ePHeBlc.exe

C:\Windows\System32\WvOCTNi.exe

C:\Windows\System32\WvOCTNi.exe

C:\Windows\System32\GOzUdYj.exe

C:\Windows\System32\GOzUdYj.exe

C:\Windows\System32\lbwTxiZ.exe

C:\Windows\System32\lbwTxiZ.exe

C:\Windows\System32\HQbXpUt.exe

C:\Windows\System32\HQbXpUt.exe

C:\Windows\System32\qFPvIOu.exe

C:\Windows\System32\qFPvIOu.exe

C:\Windows\System32\CXIKvOz.exe

C:\Windows\System32\CXIKvOz.exe

C:\Windows\System32\SWGBjRv.exe

C:\Windows\System32\SWGBjRv.exe

C:\Windows\System32\nfIQaMY.exe

C:\Windows\System32\nfIQaMY.exe

C:\Windows\System32\ItqyBNz.exe

C:\Windows\System32\ItqyBNz.exe

C:\Windows\System32\eKfCbAu.exe

C:\Windows\System32\eKfCbAu.exe

C:\Windows\System32\XcNThLR.exe

C:\Windows\System32\XcNThLR.exe

C:\Windows\System32\kOmLcUo.exe

C:\Windows\System32\kOmLcUo.exe

C:\Windows\System32\CjtdwIO.exe

C:\Windows\System32\CjtdwIO.exe

C:\Windows\System32\nWyEQze.exe

C:\Windows\System32\nWyEQze.exe

C:\Windows\System32\LuWEUEB.exe

C:\Windows\System32\LuWEUEB.exe

C:\Windows\System32\nunvbom.exe

C:\Windows\System32\nunvbom.exe

C:\Windows\System32\SehOude.exe

C:\Windows\System32\SehOude.exe

C:\Windows\System32\QISgZCg.exe

C:\Windows\System32\QISgZCg.exe

C:\Windows\System32\jqFmvJd.exe

C:\Windows\System32\jqFmvJd.exe

C:\Windows\System32\gzfuOLF.exe

C:\Windows\System32\gzfuOLF.exe

C:\Windows\System32\xXVrBtP.exe

C:\Windows\System32\xXVrBtP.exe

C:\Windows\System32\ASWBnmi.exe

C:\Windows\System32\ASWBnmi.exe

C:\Windows\System32\hdiYqgR.exe

C:\Windows\System32\hdiYqgR.exe

C:\Windows\System32\UmDYoHF.exe

C:\Windows\System32\UmDYoHF.exe

C:\Windows\System32\HcUByyC.exe

C:\Windows\System32\HcUByyC.exe

C:\Windows\System32\gapyPyk.exe

C:\Windows\System32\gapyPyk.exe

C:\Windows\System32\ZTbEtYs.exe

C:\Windows\System32\ZTbEtYs.exe

C:\Windows\System32\xipvMcD.exe

C:\Windows\System32\xipvMcD.exe

C:\Windows\System32\YYCcGJE.exe

C:\Windows\System32\YYCcGJE.exe

C:\Windows\System32\VgYyeEh.exe

C:\Windows\System32\VgYyeEh.exe

C:\Windows\System32\dAglPMc.exe

C:\Windows\System32\dAglPMc.exe

C:\Windows\System32\VdSWDVs.exe

C:\Windows\System32\VdSWDVs.exe

C:\Windows\System32\WXkLEyB.exe

C:\Windows\System32\WXkLEyB.exe

C:\Windows\System32\fIHIhgG.exe

C:\Windows\System32\fIHIhgG.exe

C:\Windows\System32\OYCyYMr.exe

C:\Windows\System32\OYCyYMr.exe

C:\Windows\System32\clvSUyF.exe

C:\Windows\System32\clvSUyF.exe

C:\Windows\System32\CTMLFTC.exe

C:\Windows\System32\CTMLFTC.exe

C:\Windows\System32\tOElIiG.exe

C:\Windows\System32\tOElIiG.exe

C:\Windows\System32\XMJUDSi.exe

C:\Windows\System32\XMJUDSi.exe

C:\Windows\System32\YoCmXrT.exe

C:\Windows\System32\YoCmXrT.exe

C:\Windows\System32\HkLdpnG.exe

C:\Windows\System32\HkLdpnG.exe

C:\Windows\System32\fPtjPxs.exe

C:\Windows\System32\fPtjPxs.exe

C:\Windows\System32\BENnplt.exe

C:\Windows\System32\BENnplt.exe

C:\Windows\System32\FqHGakn.exe

C:\Windows\System32\FqHGakn.exe

C:\Windows\System32\xSIDPwP.exe

C:\Windows\System32\xSIDPwP.exe

C:\Windows\System32\qlMDEEf.exe

C:\Windows\System32\qlMDEEf.exe

C:\Windows\System32\EnLIxSI.exe

C:\Windows\System32\EnLIxSI.exe

C:\Windows\System32\QdLcPxf.exe

C:\Windows\System32\QdLcPxf.exe

C:\Windows\System32\InwOWwc.exe

C:\Windows\System32\InwOWwc.exe

C:\Windows\System32\ghVNCpY.exe

C:\Windows\System32\ghVNCpY.exe

C:\Windows\System32\mqKoGul.exe

C:\Windows\System32\mqKoGul.exe

C:\Windows\System32\BdNDlvW.exe

C:\Windows\System32\BdNDlvW.exe

C:\Windows\System32\FViNrpt.exe

C:\Windows\System32\FViNrpt.exe

C:\Windows\System32\QfqbCFk.exe

C:\Windows\System32\QfqbCFk.exe

C:\Windows\System32\GmRVdlz.exe

C:\Windows\System32\GmRVdlz.exe

C:\Windows\System32\XZETSMs.exe

C:\Windows\System32\XZETSMs.exe

C:\Windows\System32\jxocpvf.exe

C:\Windows\System32\jxocpvf.exe

C:\Windows\System32\rSAjjzB.exe

C:\Windows\System32\rSAjjzB.exe

C:\Windows\System32\gpElJco.exe

C:\Windows\System32\gpElJco.exe

C:\Windows\System32\SJNjTLT.exe

C:\Windows\System32\SJNjTLT.exe

C:\Windows\System32\QoETGzM.exe

C:\Windows\System32\QoETGzM.exe

C:\Windows\System32\orXgHkp.exe

C:\Windows\System32\orXgHkp.exe

C:\Windows\System32\nqFICRW.exe

C:\Windows\System32\nqFICRW.exe

C:\Windows\System32\oqbYmEn.exe

C:\Windows\System32\oqbYmEn.exe

C:\Windows\System32\sqIaNzX.exe

C:\Windows\System32\sqIaNzX.exe

C:\Windows\System32\jjHVLai.exe

C:\Windows\System32\jjHVLai.exe

C:\Windows\System32\ouVWmrI.exe

C:\Windows\System32\ouVWmrI.exe

C:\Windows\System32\OxAmxAU.exe

C:\Windows\System32\OxAmxAU.exe

C:\Windows\System32\CplEMHr.exe

C:\Windows\System32\CplEMHr.exe

C:\Windows\System32\EszMHrf.exe

C:\Windows\System32\EszMHrf.exe

C:\Windows\System32\BVmJYoK.exe

C:\Windows\System32\BVmJYoK.exe

C:\Windows\System32\oIsnCGi.exe

C:\Windows\System32\oIsnCGi.exe

C:\Windows\System32\NnXFPnO.exe

C:\Windows\System32\NnXFPnO.exe

C:\Windows\System32\mFvYNEr.exe

C:\Windows\System32\mFvYNEr.exe

C:\Windows\System32\fbOxaec.exe

C:\Windows\System32\fbOxaec.exe

C:\Windows\System32\ztWXkTa.exe

C:\Windows\System32\ztWXkTa.exe

C:\Windows\System32\ZgsgIJP.exe

C:\Windows\System32\ZgsgIJP.exe

C:\Windows\System32\YHVolkN.exe

C:\Windows\System32\YHVolkN.exe

C:\Windows\System32\RiCaNIf.exe

C:\Windows\System32\RiCaNIf.exe

C:\Windows\System32\ChMpTAg.exe

C:\Windows\System32\ChMpTAg.exe

C:\Windows\System32\GqKqVUc.exe

C:\Windows\System32\GqKqVUc.exe

C:\Windows\System32\GaRMzlk.exe

C:\Windows\System32\GaRMzlk.exe

C:\Windows\System32\pxKdLWX.exe

C:\Windows\System32\pxKdLWX.exe

C:\Windows\System32\JvWsFTw.exe

C:\Windows\System32\JvWsFTw.exe

C:\Windows\System32\JUTUgCL.exe

C:\Windows\System32\JUTUgCL.exe

C:\Windows\System32\xdYZBeH.exe

C:\Windows\System32\xdYZBeH.exe

C:\Windows\System32\XqLbORg.exe

C:\Windows\System32\XqLbORg.exe

C:\Windows\System32\ZlAzkPT.exe

C:\Windows\System32\ZlAzkPT.exe

C:\Windows\System32\YUZVWWL.exe

C:\Windows\System32\YUZVWWL.exe

C:\Windows\System32\mwPrWaa.exe

C:\Windows\System32\mwPrWaa.exe

C:\Windows\System32\dNDMDCh.exe

C:\Windows\System32\dNDMDCh.exe

C:\Windows\System32\WZpXNXC.exe

C:\Windows\System32\WZpXNXC.exe

C:\Windows\System32\tCpaKTy.exe

C:\Windows\System32\tCpaKTy.exe

C:\Windows\System32\gnqvfup.exe

C:\Windows\System32\gnqvfup.exe

C:\Windows\System32\rVQzDHR.exe

C:\Windows\System32\rVQzDHR.exe

C:\Windows\System32\iKQMPjH.exe

C:\Windows\System32\iKQMPjH.exe

C:\Windows\System32\zVekrUG.exe

C:\Windows\System32\zVekrUG.exe

C:\Windows\System32\iUHmyet.exe

C:\Windows\System32\iUHmyet.exe

C:\Windows\System32\OwFewEx.exe

C:\Windows\System32\OwFewEx.exe

C:\Windows\System32\griYpFW.exe

C:\Windows\System32\griYpFW.exe

C:\Windows\System32\NSsgFCv.exe

C:\Windows\System32\NSsgFCv.exe

C:\Windows\System32\variJbn.exe

C:\Windows\System32\variJbn.exe

C:\Windows\System32\AphuQtq.exe

C:\Windows\System32\AphuQtq.exe

C:\Windows\System32\gFijkuz.exe

C:\Windows\System32\gFijkuz.exe

C:\Windows\System32\ZXCLqrU.exe

C:\Windows\System32\ZXCLqrU.exe

C:\Windows\System32\UjPZArA.exe

C:\Windows\System32\UjPZArA.exe

C:\Windows\System32\iDHzjgy.exe

C:\Windows\System32\iDHzjgy.exe

C:\Windows\System32\ubAXKuN.exe

C:\Windows\System32\ubAXKuN.exe

C:\Windows\System32\JizsIqG.exe

C:\Windows\System32\JizsIqG.exe

C:\Windows\System32\BDubjHC.exe

C:\Windows\System32\BDubjHC.exe

C:\Windows\System32\nzxZhFd.exe

C:\Windows\System32\nzxZhFd.exe

C:\Windows\System32\JeymCbN.exe

C:\Windows\System32\JeymCbN.exe

C:\Windows\System32\ESUzuKf.exe

C:\Windows\System32\ESUzuKf.exe

C:\Windows\System32\CGwLEUo.exe

C:\Windows\System32\CGwLEUo.exe

C:\Windows\System32\baqvNeS.exe

C:\Windows\System32\baqvNeS.exe

C:\Windows\System32\XWdIilU.exe

C:\Windows\System32\XWdIilU.exe

C:\Windows\System32\fEuiFJR.exe

C:\Windows\System32\fEuiFJR.exe

C:\Windows\System32\tqMmhSv.exe

C:\Windows\System32\tqMmhSv.exe

C:\Windows\System32\gyhRFre.exe

C:\Windows\System32\gyhRFre.exe

C:\Windows\System32\NDOEOUb.exe

C:\Windows\System32\NDOEOUb.exe

C:\Windows\System32\FeWDrQP.exe

C:\Windows\System32\FeWDrQP.exe

C:\Windows\System32\ddrfzcS.exe

C:\Windows\System32\ddrfzcS.exe

C:\Windows\System32\YbhUtrO.exe

C:\Windows\System32\YbhUtrO.exe

C:\Windows\System32\ifYshqj.exe

C:\Windows\System32\ifYshqj.exe

C:\Windows\System32\YFsnKmT.exe

C:\Windows\System32\YFsnKmT.exe

C:\Windows\System32\VPfCLip.exe

C:\Windows\System32\VPfCLip.exe

C:\Windows\System32\pYeuMZN.exe

C:\Windows\System32\pYeuMZN.exe

C:\Windows\System32\LgMrVJt.exe

C:\Windows\System32\LgMrVJt.exe

C:\Windows\System32\UjBBsRG.exe

C:\Windows\System32\UjBBsRG.exe

C:\Windows\System32\BSTQcMq.exe

C:\Windows\System32\BSTQcMq.exe

C:\Windows\System32\uwXKKfi.exe

C:\Windows\System32\uwXKKfi.exe

C:\Windows\System32\XgwoMog.exe

C:\Windows\System32\XgwoMog.exe

C:\Windows\System32\jCTSjxU.exe

C:\Windows\System32\jCTSjxU.exe

C:\Windows\System32\eAXfawZ.exe

C:\Windows\System32\eAXfawZ.exe

C:\Windows\System32\hdBRNGC.exe

C:\Windows\System32\hdBRNGC.exe

C:\Windows\System32\stpOYqH.exe

C:\Windows\System32\stpOYqH.exe

C:\Windows\System32\IrnKGIn.exe

C:\Windows\System32\IrnKGIn.exe

C:\Windows\System32\YtqxQnC.exe

C:\Windows\System32\YtqxQnC.exe

C:\Windows\System32\ouIcZPW.exe

C:\Windows\System32\ouIcZPW.exe

C:\Windows\System32\wVmCAEx.exe

C:\Windows\System32\wVmCAEx.exe

C:\Windows\System32\AojzTvQ.exe

C:\Windows\System32\AojzTvQ.exe

C:\Windows\System32\VamJwes.exe

C:\Windows\System32\VamJwes.exe

C:\Windows\System32\hDBuLMa.exe

C:\Windows\System32\hDBuLMa.exe

C:\Windows\System32\trNrZxJ.exe

C:\Windows\System32\trNrZxJ.exe

C:\Windows\System32\xXhpVzY.exe

C:\Windows\System32\xXhpVzY.exe

C:\Windows\System32\nJgYWHp.exe

C:\Windows\System32\nJgYWHp.exe

C:\Windows\System32\kmYQVqo.exe

C:\Windows\System32\kmYQVqo.exe

C:\Windows\System32\PBcAdbY.exe

C:\Windows\System32\PBcAdbY.exe

C:\Windows\System32\icOJFxa.exe

C:\Windows\System32\icOJFxa.exe

C:\Windows\System32\KhjbKXH.exe

C:\Windows\System32\KhjbKXH.exe

C:\Windows\System32\IgXgmDj.exe

C:\Windows\System32\IgXgmDj.exe

C:\Windows\System32\jbyjCkQ.exe

C:\Windows\System32\jbyjCkQ.exe

C:\Windows\System32\utdLPpO.exe

C:\Windows\System32\utdLPpO.exe

C:\Windows\System32\BcMGQFZ.exe

C:\Windows\System32\BcMGQFZ.exe

C:\Windows\System32\RfVJrWg.exe

C:\Windows\System32\RfVJrWg.exe

C:\Windows\System32\xmkJGWy.exe

C:\Windows\System32\xmkJGWy.exe

C:\Windows\System32\Nemysve.exe

C:\Windows\System32\Nemysve.exe

C:\Windows\System32\rBNhjTd.exe

C:\Windows\System32\rBNhjTd.exe

C:\Windows\System32\WYPVvBC.exe

C:\Windows\System32\WYPVvBC.exe

C:\Windows\System32\jOMQRuF.exe

C:\Windows\System32\jOMQRuF.exe

C:\Windows\System32\HtSVlqB.exe

C:\Windows\System32\HtSVlqB.exe

C:\Windows\System32\UumfYDh.exe

C:\Windows\System32\UumfYDh.exe

C:\Windows\System32\TQGyXOz.exe

C:\Windows\System32\TQGyXOz.exe

C:\Windows\System32\nXLlnPh.exe

C:\Windows\System32\nXLlnPh.exe

C:\Windows\System32\PUBCCwL.exe

C:\Windows\System32\PUBCCwL.exe

C:\Windows\System32\CuHoNyD.exe

C:\Windows\System32\CuHoNyD.exe

C:\Windows\System32\EEIPRDb.exe

C:\Windows\System32\EEIPRDb.exe

C:\Windows\System32\kaUpTua.exe

C:\Windows\System32\kaUpTua.exe

C:\Windows\System32\NHXYvpP.exe

C:\Windows\System32\NHXYvpP.exe

C:\Windows\System32\XsghcIZ.exe

C:\Windows\System32\XsghcIZ.exe

C:\Windows\System32\SyKgriB.exe

C:\Windows\System32\SyKgriB.exe

C:\Windows\System32\uCjTWvd.exe

C:\Windows\System32\uCjTWvd.exe

C:\Windows\System32\QyjZIRM.exe

C:\Windows\System32\QyjZIRM.exe

C:\Windows\System32\EZZwtkc.exe

C:\Windows\System32\EZZwtkc.exe

C:\Windows\System32\cqxxNfL.exe

C:\Windows\System32\cqxxNfL.exe

C:\Windows\System32\OeyEzvJ.exe

C:\Windows\System32\OeyEzvJ.exe

C:\Windows\System32\qeHDOVb.exe

C:\Windows\System32\qeHDOVb.exe

C:\Windows\System32\uAKzPqS.exe

C:\Windows\System32\uAKzPqS.exe

C:\Windows\System32\HmyviRH.exe

C:\Windows\System32\HmyviRH.exe

C:\Windows\System32\LllosDz.exe

C:\Windows\System32\LllosDz.exe

C:\Windows\System32\eaTDZOk.exe

C:\Windows\System32\eaTDZOk.exe

C:\Windows\System32\ytwFLQF.exe

C:\Windows\System32\ytwFLQF.exe

C:\Windows\System32\YPZMpUC.exe

C:\Windows\System32\YPZMpUC.exe

C:\Windows\System32\CpRGtSq.exe

C:\Windows\System32\CpRGtSq.exe

C:\Windows\System32\pgcducB.exe

C:\Windows\System32\pgcducB.exe

C:\Windows\System32\aSWqQVf.exe

C:\Windows\System32\aSWqQVf.exe

C:\Windows\System32\kJzjKQP.exe

C:\Windows\System32\kJzjKQP.exe

C:\Windows\System32\wmTTOUA.exe

C:\Windows\System32\wmTTOUA.exe

C:\Windows\System32\QquZlaR.exe

C:\Windows\System32\QquZlaR.exe

C:\Windows\System32\ufcEKpA.exe

C:\Windows\System32\ufcEKpA.exe

C:\Windows\System32\GcybONd.exe

C:\Windows\System32\GcybONd.exe

C:\Windows\System32\iqDTznb.exe

C:\Windows\System32\iqDTznb.exe

C:\Windows\System32\nuFnLCF.exe

C:\Windows\System32\nuFnLCF.exe

C:\Windows\System32\OTmyexz.exe

C:\Windows\System32\OTmyexz.exe

C:\Windows\System32\lxOXbzr.exe

C:\Windows\System32\lxOXbzr.exe

C:\Windows\System32\OcDcIAx.exe

C:\Windows\System32\OcDcIAx.exe

C:\Windows\System32\XKLsTBv.exe

C:\Windows\System32\XKLsTBv.exe

C:\Windows\System32\NggvHMv.exe

C:\Windows\System32\NggvHMv.exe

C:\Windows\System32\QWYLGok.exe

C:\Windows\System32\QWYLGok.exe

C:\Windows\System32\NKDOZPY.exe

C:\Windows\System32\NKDOZPY.exe

C:\Windows\System32\RUGiBwk.exe

C:\Windows\System32\RUGiBwk.exe

C:\Windows\System32\cHhkSCC.exe

C:\Windows\System32\cHhkSCC.exe

C:\Windows\System32\RJgQilv.exe

C:\Windows\System32\RJgQilv.exe

C:\Windows\System32\enxTYmZ.exe

C:\Windows\System32\enxTYmZ.exe

C:\Windows\System32\vvAarrM.exe

C:\Windows\System32\vvAarrM.exe

C:\Windows\System32\aiASBNi.exe

C:\Windows\System32\aiASBNi.exe

C:\Windows\System32\PObFxkP.exe

C:\Windows\System32\PObFxkP.exe

C:\Windows\System32\UtcqlrR.exe

C:\Windows\System32\UtcqlrR.exe

C:\Windows\System32\mCoyBxI.exe

C:\Windows\System32\mCoyBxI.exe

C:\Windows\System32\vSZeNRP.exe

C:\Windows\System32\vSZeNRP.exe

C:\Windows\System32\usnsJns.exe

C:\Windows\System32\usnsJns.exe

C:\Windows\System32\gZNzgjK.exe

C:\Windows\System32\gZNzgjK.exe

C:\Windows\System32\ecWiMhJ.exe

C:\Windows\System32\ecWiMhJ.exe

C:\Windows\System32\IbvBQyX.exe

C:\Windows\System32\IbvBQyX.exe

C:\Windows\System32\YYqYqXQ.exe

C:\Windows\System32\YYqYqXQ.exe

C:\Windows\System32\oRajyLJ.exe

C:\Windows\System32\oRajyLJ.exe

C:\Windows\System32\XcQwQza.exe

C:\Windows\System32\XcQwQza.exe

C:\Windows\System32\LGAwHoZ.exe

C:\Windows\System32\LGAwHoZ.exe

C:\Windows\System32\BdDnuIr.exe

C:\Windows\System32\BdDnuIr.exe

C:\Windows\System32\foSGENz.exe

C:\Windows\System32\foSGENz.exe

C:\Windows\System32\dnQVMky.exe

C:\Windows\System32\dnQVMky.exe

C:\Windows\System32\KilvERv.exe

C:\Windows\System32\KilvERv.exe

C:\Windows\System32\gUJZXmV.exe

C:\Windows\System32\gUJZXmV.exe

C:\Windows\System32\oWpsmvK.exe

C:\Windows\System32\oWpsmvK.exe

C:\Windows\System32\wSKYALt.exe

C:\Windows\System32\wSKYALt.exe

C:\Windows\System32\oJBnOQX.exe

C:\Windows\System32\oJBnOQX.exe

C:\Windows\System32\cfDPjaQ.exe

C:\Windows\System32\cfDPjaQ.exe

C:\Windows\System32\nQkdkQA.exe

C:\Windows\System32\nQkdkQA.exe

C:\Windows\System32\iygpayS.exe

C:\Windows\System32\iygpayS.exe

C:\Windows\System32\cyNSLKC.exe

C:\Windows\System32\cyNSLKC.exe

C:\Windows\System32\JUmmztZ.exe

C:\Windows\System32\JUmmztZ.exe

C:\Windows\System32\VTWntcE.exe

C:\Windows\System32\VTWntcE.exe

C:\Windows\System32\MScQAoD.exe

C:\Windows\System32\MScQAoD.exe

C:\Windows\System32\QrcfBdQ.exe

C:\Windows\System32\QrcfBdQ.exe

C:\Windows\System32\HwGWlBM.exe

C:\Windows\System32\HwGWlBM.exe

C:\Windows\System32\YjmGyZp.exe

C:\Windows\System32\YjmGyZp.exe

C:\Windows\System32\fhtTxui.exe

C:\Windows\System32\fhtTxui.exe

C:\Windows\System32\nyKGhSm.exe

C:\Windows\System32\nyKGhSm.exe

C:\Windows\System32\LVtYFMK.exe

C:\Windows\System32\LVtYFMK.exe

C:\Windows\System32\OyjfyZB.exe

C:\Windows\System32\OyjfyZB.exe

C:\Windows\System32\KgdOlbI.exe

C:\Windows\System32\KgdOlbI.exe

C:\Windows\System32\VQXvWwF.exe

C:\Windows\System32\VQXvWwF.exe

C:\Windows\System32\UxQPRpL.exe

C:\Windows\System32\UxQPRpL.exe

C:\Windows\System32\lagyOgv.exe

C:\Windows\System32\lagyOgv.exe

C:\Windows\System32\obSNvly.exe

C:\Windows\System32\obSNvly.exe

C:\Windows\System32\PolyqEW.exe

C:\Windows\System32\PolyqEW.exe

C:\Windows\System32\SaIhRRo.exe

C:\Windows\System32\SaIhRRo.exe

C:\Windows\System32\smRhiSk.exe

C:\Windows\System32\smRhiSk.exe

C:\Windows\System32\nzgNxJb.exe

C:\Windows\System32\nzgNxJb.exe

C:\Windows\System32\IQrXsKe.exe

C:\Windows\System32\IQrXsKe.exe

C:\Windows\System32\sqCveaM.exe

C:\Windows\System32\sqCveaM.exe

C:\Windows\System32\NzUirny.exe

C:\Windows\System32\NzUirny.exe

C:\Windows\System32\ASoXLQT.exe

C:\Windows\System32\ASoXLQT.exe

C:\Windows\System32\DufiyqO.exe

C:\Windows\System32\DufiyqO.exe

C:\Windows\System32\lRaSghW.exe

C:\Windows\System32\lRaSghW.exe

C:\Windows\System32\xseDOnz.exe

C:\Windows\System32\xseDOnz.exe

C:\Windows\System32\vqIrdLF.exe

C:\Windows\System32\vqIrdLF.exe

C:\Windows\System32\hlwLgOl.exe

C:\Windows\System32\hlwLgOl.exe

C:\Windows\System32\giisfuE.exe

C:\Windows\System32\giisfuE.exe

C:\Windows\System32\cSGHYHj.exe

C:\Windows\System32\cSGHYHj.exe

C:\Windows\System32\cxIvCTW.exe

C:\Windows\System32\cxIvCTW.exe

C:\Windows\System32\bMCkylo.exe

C:\Windows\System32\bMCkylo.exe

C:\Windows\System32\kSeMjmO.exe

C:\Windows\System32\kSeMjmO.exe

C:\Windows\System32\prOPHOc.exe

C:\Windows\System32\prOPHOc.exe

C:\Windows\System32\lLplYQH.exe

C:\Windows\System32\lLplYQH.exe

C:\Windows\System32\rXuGtQH.exe

C:\Windows\System32\rXuGtQH.exe

C:\Windows\System32\usQIexj.exe

C:\Windows\System32\usQIexj.exe

C:\Windows\System32\TasTxne.exe

C:\Windows\System32\TasTxne.exe

C:\Windows\System32\vPCPSFf.exe

C:\Windows\System32\vPCPSFf.exe

C:\Windows\System32\ThPIYKX.exe

C:\Windows\System32\ThPIYKX.exe

C:\Windows\System32\HnYbvbU.exe

C:\Windows\System32\HnYbvbU.exe

C:\Windows\System32\qbnpbst.exe

C:\Windows\System32\qbnpbst.exe

C:\Windows\System32\dTKyEPu.exe

C:\Windows\System32\dTKyEPu.exe

C:\Windows\System32\QZyKbjr.exe

C:\Windows\System32\QZyKbjr.exe

C:\Windows\System32\JVMgPOb.exe

C:\Windows\System32\JVMgPOb.exe

C:\Windows\System32\DPFoYiY.exe

C:\Windows\System32\DPFoYiY.exe

C:\Windows\System32\PAjMdPS.exe

C:\Windows\System32\PAjMdPS.exe

C:\Windows\System32\VORrJHF.exe

C:\Windows\System32\VORrJHF.exe

C:\Windows\System32\ByJGOkC.exe

C:\Windows\System32\ByJGOkC.exe

C:\Windows\System32\eiiQcfA.exe

C:\Windows\System32\eiiQcfA.exe

C:\Windows\System32\uNOjtRf.exe

C:\Windows\System32\uNOjtRf.exe

C:\Windows\System32\PRjpJOC.exe

C:\Windows\System32\PRjpJOC.exe

C:\Windows\System32\FyPVPnl.exe

C:\Windows\System32\FyPVPnl.exe

C:\Windows\System32\yYmClva.exe

C:\Windows\System32\yYmClva.exe

C:\Windows\System32\WHHuuzc.exe

C:\Windows\System32\WHHuuzc.exe

C:\Windows\System32\lPmGogJ.exe

C:\Windows\System32\lPmGogJ.exe

C:\Windows\System32\IXinPEB.exe

C:\Windows\System32\IXinPEB.exe

C:\Windows\System32\RxbxYGu.exe

C:\Windows\System32\RxbxYGu.exe

C:\Windows\System32\YtItTcu.exe

C:\Windows\System32\YtItTcu.exe

C:\Windows\System32\VmmtAxt.exe

C:\Windows\System32\VmmtAxt.exe

C:\Windows\System32\kKqRGTo.exe

C:\Windows\System32\kKqRGTo.exe

C:\Windows\System32\CrErGhd.exe

C:\Windows\System32\CrErGhd.exe

C:\Windows\System32\BjnwDTQ.exe

C:\Windows\System32\BjnwDTQ.exe

C:\Windows\System32\aFzRsps.exe

C:\Windows\System32\aFzRsps.exe

Network

N/A

Files

memory/3020-0-0x00000000001F0000-0x0000000000200000-memory.dmp

memory/3020-1-0x000000013F5B0000-0x000000013F9A1000-memory.dmp

memory/3020-6-0x000000013FEA0000-0x0000000140291000-memory.dmp

\Windows\System32\ZqAhiXl.exe

MD5 959541c557da71c705e0e917d6a49723
SHA1 793a6d3a5135904d7dd87ff8beccb2d7002db6de
SHA256 eb159418235783959ed6f7a34d992ea7c6991fd21b88f8abaff85570f7a79f09
SHA512 e4785a5502bfe793a1a2d5b0937677029eb41138902774ba7bf82880d62bddf92bc9e516720004a4b6e07b2266f85870bba7979edd75db2322e3b701a4a62c3b

memory/2968-9-0x000000013FEA0000-0x0000000140291000-memory.dmp

C:\Windows\System32\DiePmom.exe

MD5 ab6694a3ee81223279977feb8df57cee
SHA1 11220f2bdc58d99b6f3fe932a4a75d11752b9fbf
SHA256 fa463fadfd92eba237f82caf9aa14c264421fcfb768604557e91f32d76b5e42e
SHA512 7d7cc41c7833649a60cff13bde4c8f1228e79d00bfb6c76d6deacd47e3ba0e541d69cbc9ce1aedb95bd220fd5c078ff9bc36284f731a5a1413c3b640db4d5ea8

memory/3020-14-0x0000000002010000-0x0000000002401000-memory.dmp

memory/2980-16-0x000000013F760000-0x000000013FB51000-memory.dmp

C:\Windows\System32\hzRrVDS.exe

MD5 512c6370901cc575a62f51b9950394ee
SHA1 47bde4f91c90b0bcd7a665e86816ce5aaaabe786
SHA256 8c2ac195d647ee4f61747852ce7982b867e5797e7cb3707f8f843e284e57fce3
SHA512 180048a72e8d9ca54602d957a682bceab6208f30254e57487b346a89f6c722d9065725139515721bc5c9541e493a62d26036f9dd430e29d3762c29d9ad62222a

C:\Windows\System32\GDpZPXe.exe

MD5 db7617004aa9e876ef01dff1695b4c0b
SHA1 b3c85044dce0efa4de363195b398e7153e260dc6
SHA256 bda05f1fbdf3db913dbd4ee91dd70d2d385d86f5bc8dd068761df81c1241fc7c
SHA512 435c1b29d8206594aeec0ea3850472a7dcc737d0d9c5e431b8679b1656b03cb217e6fe1a4d106040305af406cb87996e1f84864a4c924191823d68844def7962

memory/2732-28-0x000000013FA50000-0x000000013FE41000-memory.dmp

\Windows\System32\maJXxFJ.exe

MD5 4880cfa774dda43c00a2b83924283acf
SHA1 7aabe6601cdb63b34a0d739fe7c052d4ae3ba04e
SHA256 8bb5728e6f3682d5f5f9593586f78f498ae99881c7e6544cf4589197b29739e8
SHA512 638946b09102cb7c0fa4ae3ec1bb857944aaa8383ba0a14dc00c51cb6723c57e44eab9e68d65eb70d21045b3687e45e8f917eb593ea7ce2f09cdabbbb3410aed

memory/3020-33-0x000000013FA50000-0x000000013FE41000-memory.dmp

memory/2620-27-0x000000013F390000-0x000000013F781000-memory.dmp

C:\Windows\System32\ycjVaCC.exe

MD5 32befa1ec7b4877217fe18e9335023af
SHA1 df4c84ae19bd519dc1c0ceb1be68a45b2e570183
SHA256 4635824aee7e9a8c7b938ad899f5402b2a3b8d40b8e402629607cf88f5b34f94
SHA512 cb4887236f5d2b885a19754376a5534b9a0fa0aac6f62c6bed9393bfd352ce48485543097e0cd1cec7a00ef01427cb1a67f69220b38b6d2f5b378611671a1419

C:\Windows\System32\CJaaSKY.exe

MD5 34f38a55e52413cad2e42c386e1da6cf
SHA1 10badde5ffb552527afee643183c765303686807
SHA256 e1e11ab5ccf207e1fc39297a02874dd686fafc71fefbb5934f3e5ca8f5c06ace
SHA512 7280871ca9e88ef19c7d8aa6f5cb1da91e41327a2432dee24f20038712f9ad7918daa9c893800ed8cb4ce2a524723b5a2993d0bdd0ab9a804a04d4d71283fc00

memory/3020-53-0x000000013F130000-0x000000013F521000-memory.dmp

memory/2456-54-0x000000013F130000-0x000000013F521000-memory.dmp

memory/2284-47-0x000000013F840000-0x000000013FC31000-memory.dmp

C:\Windows\System32\egLbych.exe

MD5 c52e59c7b3b02cd2b9817d37a4255a28
SHA1 2e2984496908666061177874eae6844c5781c509
SHA256 f5978fb8f77c5167c691e112ecc16d94ec13743757522eae8065e50c3ef80d52
SHA512 41ba805d856f960e97d28ac77e2416293b7b901c731a2e98c9af2407485366fd8f297644f3adb52b37c6ff5ae1d569319a575014e0bcc3fd98f4869f7489e47b

memory/1696-60-0x000000013F6E0000-0x000000013FAD1000-memory.dmp

memory/2920-65-0x000000013F900000-0x000000013FCF1000-memory.dmp

memory/3020-59-0x000000013F5B0000-0x000000013F9A1000-memory.dmp

C:\Windows\System32\alwZQch.exe

MD5 0b2d50bbf032099b9a2cee196585bf39
SHA1 0a416f697605f459c5f20b8533875c642c722b88
SHA256 7c769238a84a4bb5529798db365d8f6cf05f748fd362f8d35305616e2c931e53
SHA512 e7494e0f6d2e602bc8cab70d973fd6eea1801e0dd5bd976f1b3d79fa6c33849e927c3d1259aec2ec0cda815466ca404f4f63588006e59862db48c2eaebf3e5bd

\Windows\System32\yZXntQo.exe

MD5 4f0848558c39d67972b0fc506282b7fc
SHA1 0dff444cd332b03594af37d5dbe9b9aaf5cca094
SHA256 0ca29b945f74a0c72baced76371829e8cf835242e56d749c4b22359b81862c4f
SHA512 0573f9d1fb476458f5bd07f1b26d99ee8cf60314feea898c3b99a567d7bbb1e6acc8059f95de330ad90f3620644351861363c433d7c65bcffbd4e1b7a67c5122

memory/2980-77-0x000000013F760000-0x000000013FB51000-memory.dmp

memory/2620-81-0x000000013F390000-0x000000013F781000-memory.dmp

memory/2596-82-0x000000013F090000-0x000000013F481000-memory.dmp

C:\Windows\System32\CrHPSCF.exe

MD5 f40de1a3f6fdfbd40fd27a8d2806ffda
SHA1 4346875b8fc30b638a4f38f4ce9428d3b84ff44a
SHA256 2fffe61b12f904e7e4400995b4dae5b8d3f2fa3b1c529fab4be4d1a8ab55dd31
SHA512 d9a24674cf6f8042548bf9d652915f1ddcf8f0d10b6bd8aa7781d2806545a4c497c2ccabcbc0bdcd780726d06873f3d12806508d14167be7b72222c362a0309a

C:\Windows\System32\pFKofiy.exe

MD5 09baa916a89148437b5d104e05c1fc2a
SHA1 cfcc7d9e97e9e12f5a2026b86347c6445670bb52
SHA256 100d641bcf7bd771e39288084d5ff625e240982028af0b2e8b22384ceb49c690
SHA512 71dcf38c7144a560da922cba1b662b151a57beb6fa68df51a1815236ac15718b4c114b58030a40e87062437c5e63f8a5b01142cd02617844fbb77f1caf41a55f

C:\Windows\System32\JZwWiVf.exe

MD5 aae90a004f7b9a4486df1ce64697985c
SHA1 02502c018b169252e50fa6c6418071062effb492
SHA256 e293d3fa76bf840e0bd343939ecd13fa1f1a14779c95f5ac86dd920789394e01
SHA512 c15042b3cf3855ecbcdc94e64b7c3819a332a778732f27bec89c93a6f67a121fea7754e42470a317e4d192d420a79572a1233df3eccbf00ff9ba839caabd5836

C:\Windows\System32\fcOOzCG.exe

MD5 36c9bae13044cdd4004f1c7c0bc2fed6
SHA1 bd3362f7eb30f6a4b7746d5507b648ef99e74778
SHA256 a13f838aef34cd46a52c23ce82dbdf589c812b95e4826e3e88c71bf480c11fb3
SHA512 10c6821997ce046deba794dfadc90043f9a2645993b49c3687127edb5fc7fe280830ed263589842bf660c37de1eb3f79f09b2aaad3f3c817ff08a890383a7d2d

C:\Windows\System32\fWWbERh.exe

MD5 19e629340e57d25aff3ca52f9cdda599
SHA1 fdca8831ad5207de3160a48310ea159dd7d22e48
SHA256 c8a456527d2833d1cb0dcf6a8a23088e3103a56e7f50fcb6f568bf80840374ae
SHA512 f6dbc6ccf380fe1d849eaaa82be63b5607a0a71ee7545941b9a94ec73e3cce7f69aac4a8bd290fc83f1806151546c5a7f97f6a3d9b13b11ef250a539653ff04f

C:\Windows\System32\JEaSTyH.exe

MD5 49bb8be73196f24e97a7b2abea742e8d
SHA1 32270070fd24d1c6088be615b716509bb2c44b33
SHA256 3f848548d0595aa97a971c33b77a352059c3a5e40d0cc739525ca24843ca5595
SHA512 0f92e6ee0020fe3ba367721a4f1568972a5eb9b726eae250d2f627b258599c73c731252c7d5437516ecdadcc875b3f2e0ca6d414d3dd071184faad943e828551

C:\Windows\System32\ZLWUtSG.exe

MD5 ff22711132de5bec57d9cf77df4522a0
SHA1 66ca1c35cb0ee1acb7e66190c72f08340dfeaa8c
SHA256 b0fa6ab11d0bf2ed19810a19742deae57827d16d1ae04c946d065d3372f77156
SHA512 1cce3862a6c264333856e5d1796441d0bb85491e650ab7a4d8123fc8650fbab9dd00c726149e779b01148e1a7b963c2b77e75b1695dc60a451879f316f070cd6

C:\Windows\System32\fMttFGt.exe

MD5 819b5d0b8d5e950eaf38c0e2fd42e1c8
SHA1 8bb70cbaa0da30f5f7a11d0a7142c16437e7cccd
SHA256 4a265a8a3ed37d4ea95ff930f82bca6b5f09228aeb93557561a518f2ebe029c9
SHA512 02ad83bf50cdbe6e12c67ff1d3410549dba5be9c4b166452dcfd7c6a5b4def9dbfe8b8e28679848781f809944f272544831122a5b8af03cc22d7aaa7f216140e

C:\Windows\System32\pTgrhJb.exe

MD5 04120d836f16d02e816125543753a07a
SHA1 bd9dad894693d08ea17a47ea1e4323113d66a93c
SHA256 6c11ed4e997883690770f0b783da9093ecb52e69decaebe0f3ae30b86c545151
SHA512 f5ccae8e9179a4e7e267ee2a27e407efc2ad0acb01c0b8ae1c9e591eee45471a404cbca015c7ac40dad073fb64293dba9f97da29621874e5f30ae2a7d5b7dd7d

C:\Windows\System32\TmvzilJ.exe

MD5 993a2486f119b889cab55d1974c4fa79
SHA1 76c8338e33554dcccf1171f4e95df52b402f3cae
SHA256 59591d2234bb7ac2c95b7052a1f79fddf941d4472f21cd65a6e3fdffe1c14325
SHA512 ad75a636f3eaff714706e18ddc10765a6bf1b98b20c2233ebe72475e90cfcf81d2abdfd628399327a8f1cdac31e1d535b61b41cb3abf0991aecf77f67f7259a8

C:\Windows\System32\CWXOpqM.exe

MD5 e318967ed771c60b7da15d9f46d82dcb
SHA1 ce6e165353db87ed27f0acef8edef2273f73c618
SHA256 2ca406596b3376dc3724cd694daf7e84bd174e0deedb100690b4a13cdcb078cd
SHA512 a6e6de1df78d050df8e8bce66069e6c9f08b57fdf7c6f2e87637cede061bf0f73438ef97e2c110127a66eb55353d3e7a77fb0f4be71276a6fbf5a7e64dfb4a64

C:\Windows\System32\iftcdKv.exe

MD5 3a36feb12dd9abf1740f76097cac77a5
SHA1 56b81db69b445fd450ada61c2c2fff01c8709dd5
SHA256 49f89c972788825980a4f1803410cc5628f5c9f775d4941dc40425b9be568dee
SHA512 63a312074c96763f47e333d16e3772cd795dccc8bd2c7e7436bab4e910a7c4838f15365036906c35f4c87075f3dd4f4776145abe98f14472379f40b83596a0d8

C:\Windows\System32\wVmoBFm.exe

MD5 d1ff3bd8cceda0d049ef006a2c52f3a7
SHA1 a13e36709faf95d09d9ad2822aba4af3d8d1ee65
SHA256 c4f08a581b63b5036dcfe3babf86b204ed765a7dc7012f02b189af5040e9f53c
SHA512 a556a448662dd5b74896feff4a7282f96147e0571dffc8b0d6875600d840dd9b01dbcfafc8f523fc1657c1064fc839e315b17eaa4e478917fb5578657ad75c62

C:\Windows\System32\ZmUOfWr.exe

MD5 b1f596791250fc3fc328d09b33c82a3b
SHA1 02acaeb65ba4b089fa8422d16cd9288b56adb246
SHA256 e49ad6ee995b8ac12adad81e01e3e7090671264e8ee41a9006c0721ab437cf9e
SHA512 07bfac808640e0beeea69b365f8fe30e1cbd1ecb25c14b7374ee81781f30e0fa8f03ac0d062d1e3f17bb075f4fac2f64c3819e7dc689e16c73b30c3a371735e1

C:\Windows\System32\oRmZFrq.exe

MD5 ae53dcece64f7a90655fbc0743727a15
SHA1 a98ae2fd41233f726c117eed67a25674cb92d024
SHA256 e5796ab25ff192ede71d08abd063cd9edcbbebc54e7f291ed0a8211339b2b8f7
SHA512 d95d19fb4e3b58c07e59b4a372ea5b0d168ecbc30d5d17b43067003bf00acf25f30bc3d5b4c4b797501ab69fb1df1851686def655939f4939ae02711b9ce6f7d

C:\Windows\System32\yllcwRw.exe

MD5 77bf50bf3cc95aa36de79c95e9181d63
SHA1 f3e467a00f9ba06e77e7f84a94be4276d2204a8c
SHA256 9a6cb7c372c7b25e647d206b0441333eaba33653e0b07045e92805d97fab5807
SHA512 1c48cbcb75c42b5526932753e924391b84beb7ee46d1e4c0d613821a8a4d4164753846c75a26baad8e520ee23be5b15bf817c80d14c8d23af830268aa5a51e95

C:\Windows\System32\cEDRnPU.exe

MD5 4fd08f8ce9475a7d6704175ffaeef8f8
SHA1 7ce8e66ad72f4e88de700b58c60d8df5f75c327f
SHA256 daceb5609c8ded3b5305d1f50a25155c09518c089e4c8ab5401f82f9b5d41458
SHA512 2734c53a4b7df0b5cadbccd8bb99f0e10971df81aab5050a8d347921682cc77f4188eadc983f284699e993fecd76692fc4ad5000a69917e8742af811fa2398c6

C:\Windows\System32\lXqCBks.exe

MD5 4a891399805d5e1172662b95ca0a687b
SHA1 0edadc93a8ea8139d91c3575e5772c37eda62194
SHA256 204524d394829065bf125c0805f23f8e2ff55a38be13d43bd595fd685a56a146
SHA512 be412f346dc58f9d86e74599292d3dca0895cd49d04c873cab61ebc4503d48d4699769a12c8797d5ccf0d6c84a21935a0a0b2be11e2c43bbeecc005054028fe7

C:\Windows\System32\xpIPUxi.exe

MD5 169c086caeff17201563b7587b8106f5
SHA1 9dd56b6cd28e6335a06f6d012feaa3fcf936a70d
SHA256 ceb10c79e73a67eb766e02a106a3b933519d1984868c0f65a2256a7ae9544535
SHA512 ddfc3513c6ec47393c0eedb81fdbf37b2717fdde6492eb59c4340cc259184a0ef007f0b72c02e37a0f833a7cdb1de707e2fa46318db505c659499c41c34d60aa

C:\Windows\System32\CLOcORo.exe

MD5 799d755eb9a571464815beb4bfdb5632
SHA1 c2d68650d1978d1434d13efec31c687dea359ec5
SHA256 3b2e68b706599c0c3e641204920c334ae1475f45c3597de2aa10b612699f2876
SHA512 1ac24c205e4c1d7f2a54ed61c680b9998ee1e447e0c8b193eaa5b209397ef35d4e82aaeba0fefa209a1829cfcc69b07abbdd31dfe3a3c6ee9084ec629511fd51

memory/1632-83-0x000000013FD20000-0x0000000140111000-memory.dmp

memory/316-73-0x000000013FEF0000-0x00000001402E1000-memory.dmp

memory/2968-72-0x000000013FEA0000-0x0000000140291000-memory.dmp

C:\Windows\System32\SGfKkYp.exe

MD5 bbdc41c03f465d5bc38fb4d9a6682946
SHA1 8632228e6b0e754eb3dd2df2fc7729535d84865d
SHA256 b8733b9b1e958429fca6e935c9edcbf1d9896dc4a527dd6f8d61a4e7babc88fb
SHA512 4bea1093d1ffeb7bb9da73ab65acb147be630aad69178e39e770b490f96a4f5142e9901231d63b55f995f872fa268b8c5d14920c7ceb9afbc30841cefb13b7f3

C:\Windows\System32\OqPRwJR.exe

MD5 de07c2516ba8e261d1c0c4a53b0be008
SHA1 96030bf301c50492f599ed882758874ce325e323
SHA256 8ce4838b2e75017102e50ee0644bb73c2fdd42af5cdfb2ceeb8dbe556aa104b7
SHA512 3db9d991e8163a13d84f3ef8498a474d854f8245ef3543a9be6a98cc1ce59a2b6a2b645730ce17d5c281197926e1324f45e5985a74ccde96de01374e3d368c40

memory/2756-44-0x000000013FEA0000-0x0000000140291000-memory.dmp

memory/3020-42-0x000000013F090000-0x000000013F481000-memory.dmp

memory/2596-40-0x000000013F090000-0x000000013F481000-memory.dmp

memory/2756-1036-0x000000013FEA0000-0x0000000140291000-memory.dmp

memory/2284-1240-0x000000013F840000-0x000000013FC31000-memory.dmp

memory/1696-3524-0x000000013F6E0000-0x000000013FAD1000-memory.dmp

memory/3020-3523-0x0000000002010000-0x0000000002401000-memory.dmp

memory/2968-3539-0x000000013FEA0000-0x0000000140291000-memory.dmp

memory/2732-3870-0x000000013FA50000-0x000000013FE41000-memory.dmp

memory/2456-3871-0x000000013F130000-0x000000013F521000-memory.dmp

memory/2284-3950-0x000000013F840000-0x000000013FC31000-memory.dmp

memory/2756-3863-0x000000013FEA0000-0x0000000140291000-memory.dmp

memory/316-3941-0x000000013FEF0000-0x00000001402E1000-memory.dmp

memory/2620-3942-0x000000013F390000-0x000000013F781000-memory.dmp

memory/2920-3867-0x000000013F900000-0x000000013FCF1000-memory.dmp

memory/1696-3938-0x000000013F6E0000-0x000000013FAD1000-memory.dmp

memory/1632-3944-0x000000013FD20000-0x0000000140111000-memory.dmp

memory/2596-4308-0x000000013F090000-0x000000013F481000-memory.dmp

memory/3020-4990-0x0000000002010000-0x0000000002401000-memory.dmp

memory/3020-5500-0x000000013FEF0000-0x00000001402E1000-memory.dmp

memory/3020-5720-0x000000013FD20000-0x0000000140111000-memory.dmp

memory/3020-10253-0x000000013F5B0000-0x000000013F9A1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 18:29

Reported

2024-05-27 18:32

Platform

win10v2004-20240426-en

Max time kernel

60s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System32\cTcVByd.exe N/A
N/A N/A C:\Windows\System32\PRYPoXb.exe N/A
N/A N/A C:\Windows\System32\gLTjkyP.exe N/A
N/A N/A C:\Windows\System32\WLgQvjF.exe N/A
N/A N/A C:\Windows\System32\ojoLLnW.exe N/A
N/A N/A C:\Windows\System32\IqAWmNV.exe N/A
N/A N/A C:\Windows\System32\YbMtorS.exe N/A
N/A N/A C:\Windows\System32\VQTWPMu.exe N/A
N/A N/A C:\Windows\System32\cWwxFCj.exe N/A
N/A N/A C:\Windows\System32\yHcjHgK.exe N/A
N/A N/A C:\Windows\System32\oZLbfTk.exe N/A
N/A N/A C:\Windows\System32\yzTdZyW.exe N/A
N/A N/A C:\Windows\System32\JAXbmIr.exe N/A
N/A N/A C:\Windows\System32\eRTGUwC.exe N/A
N/A N/A C:\Windows\System32\oWtMPMK.exe N/A
N/A N/A C:\Windows\System32\ydysmSB.exe N/A
N/A N/A C:\Windows\System32\tFJIJlz.exe N/A
N/A N/A C:\Windows\System32\iTUCJBx.exe N/A
N/A N/A C:\Windows\System32\rSmovkN.exe N/A
N/A N/A C:\Windows\System32\YKeAeRk.exe N/A
N/A N/A C:\Windows\System32\kgbdnhI.exe N/A
N/A N/A C:\Windows\System32\eDByXsa.exe N/A
N/A N/A C:\Windows\System32\yGxzFFU.exe N/A
N/A N/A C:\Windows\System32\DdnosZu.exe N/A
N/A N/A C:\Windows\System32\rqwOKAk.exe N/A
N/A N/A C:\Windows\System32\CkMYezR.exe N/A
N/A N/A C:\Windows\System32\GwtnAxv.exe N/A
N/A N/A C:\Windows\System32\mBFuhcw.exe N/A
N/A N/A C:\Windows\System32\nwmbVho.exe N/A
N/A N/A C:\Windows\System32\GVmdjXE.exe N/A
N/A N/A C:\Windows\System32\hFNMIwz.exe N/A
N/A N/A C:\Windows\System32\KUSBnBq.exe N/A
N/A N/A C:\Windows\System32\JfMMtnF.exe N/A
N/A N/A C:\Windows\System32\RFhgVCE.exe N/A
N/A N/A C:\Windows\System32\OtLEZok.exe N/A
N/A N/A C:\Windows\System32\qXXEnHg.exe N/A
N/A N/A C:\Windows\System32\IbLSnwT.exe N/A
N/A N/A C:\Windows\System32\hVDCuzq.exe N/A
N/A N/A C:\Windows\System32\PvwdbBi.exe N/A
N/A N/A C:\Windows\System32\SbqnLyv.exe N/A
N/A N/A C:\Windows\System32\rafQSXW.exe N/A
N/A N/A C:\Windows\System32\lWlvuqx.exe N/A
N/A N/A C:\Windows\System32\uasNvwA.exe N/A
N/A N/A C:\Windows\System32\kyxOXFm.exe N/A
N/A N/A C:\Windows\System32\aVqMjeG.exe N/A
N/A N/A C:\Windows\System32\PmLZXSG.exe N/A
N/A N/A C:\Windows\System32\zIBNGnD.exe N/A
N/A N/A C:\Windows\System32\Hzcnrrt.exe N/A
N/A N/A C:\Windows\System32\GFwrnzm.exe N/A
N/A N/A C:\Windows\System32\qjdtOFW.exe N/A
N/A N/A C:\Windows\System32\VORKwZV.exe N/A
N/A N/A C:\Windows\System32\HVCIlHt.exe N/A
N/A N/A C:\Windows\System32\mUPBxjH.exe N/A
N/A N/A C:\Windows\System32\nkjRdcB.exe N/A
N/A N/A C:\Windows\System32\biWOuJO.exe N/A
N/A N/A C:\Windows\System32\rogMAcM.exe N/A
N/A N/A C:\Windows\System32\jUPDPDe.exe N/A
N/A N/A C:\Windows\System32\oVstWhk.exe N/A
N/A N/A C:\Windows\System32\WHaKliI.exe N/A
N/A N/A C:\Windows\System32\VxKhadT.exe N/A
N/A N/A C:\Windows\System32\fZXefcH.exe N/A
N/A N/A C:\Windows\System32\KOjMbKC.exe N/A
N/A N/A C:\Windows\System32\NvFUdDP.exe N/A
N/A N/A C:\Windows\System32\smkeLTe.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\wYckuXX.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\uasNvwA.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\NvFUdDP.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\XXiUYQD.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\sJkyFHR.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\GYRjUyG.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\WtessKD.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\GBVEtTH.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\MMArCOS.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\RVKzcdr.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\asZvfdg.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\QVTJetC.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\DHNYOrl.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\csFZKqG.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\AjCsbGh.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\oabRFql.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\xClpHzH.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\aDksQGW.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\UfRozqh.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\jsTubZw.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\KFEikit.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\gLTjkyP.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\FvZlcwA.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\nqDkDke.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\gcysjwM.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\cSuJuEo.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\UIrbvnE.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\MpFPtnu.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\fZGKwLi.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\rafQSXW.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\Hzcnrrt.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\WHbkYvp.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\kKmrrIk.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\gvRVjHO.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\KCmjdas.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\QEEddej.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\gbKVNzu.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\XvEbyLy.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\xTJbIQM.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\VxoxJLz.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\uUhKFrx.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\IyqCvbj.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\XbkORTT.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\fvXYJSy.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\trlxCEs.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\QcEdktJ.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\NoMIFiW.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\ojoLLnW.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\jZltRkx.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\iHnjFaN.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\otGaoqx.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\goyUyQM.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\HHmwimJ.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\tURsMEB.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\IqAWmNV.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\SklfodK.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\xwGAvXB.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\qBCYtmV.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\cEqxtNC.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\lslqJHR.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\nkjRdcB.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\rBBOZAI.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\qjnhfAC.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A
File created C:\Windows\System32\JNwhtUY.exe C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{AD9E51A6-9A8C-4D7B-9F73-5629E69A74C0} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{9244700D-F28E-4E54-94C0-1827F8DD6080} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{A37090A7-27FA-4B34-AACC-4467F5718182} C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{496B4C1B-7CCC-4067-BCA1-A69463DB365E} C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{A279C403-4A39-4043-814F-74B3D75B9C81} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 512 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\cTcVByd.exe
PID 512 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\cTcVByd.exe
PID 512 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\PRYPoXb.exe
PID 512 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\PRYPoXb.exe
PID 512 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\IqAWmNV.exe
PID 512 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\IqAWmNV.exe
PID 512 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\gLTjkyP.exe
PID 512 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\gLTjkyP.exe
PID 512 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\WLgQvjF.exe
PID 512 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\WLgQvjF.exe
PID 512 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ojoLLnW.exe
PID 512 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ojoLLnW.exe
PID 512 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\YbMtorS.exe
PID 512 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\YbMtorS.exe
PID 512 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\VQTWPMu.exe
PID 512 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\VQTWPMu.exe
PID 512 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\cWwxFCj.exe
PID 512 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\cWwxFCj.exe
PID 512 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yHcjHgK.exe
PID 512 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yHcjHgK.exe
PID 512 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\oZLbfTk.exe
PID 512 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\oZLbfTk.exe
PID 512 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yzTdZyW.exe
PID 512 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yzTdZyW.exe
PID 512 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\JAXbmIr.exe
PID 512 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\JAXbmIr.exe
PID 512 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\eRTGUwC.exe
PID 512 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\eRTGUwC.exe
PID 512 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\oWtMPMK.exe
PID 512 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\oWtMPMK.exe
PID 512 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ydysmSB.exe
PID 512 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\ydysmSB.exe
PID 512 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\tFJIJlz.exe
PID 512 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\tFJIJlz.exe
PID 512 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\iTUCJBx.exe
PID 512 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\iTUCJBx.exe
PID 512 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\rSmovkN.exe
PID 512 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\rSmovkN.exe
PID 512 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\YKeAeRk.exe
PID 512 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\YKeAeRk.exe
PID 512 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\kgbdnhI.exe
PID 512 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\kgbdnhI.exe
PID 512 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\eDByXsa.exe
PID 512 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\eDByXsa.exe
PID 512 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yGxzFFU.exe
PID 512 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\yGxzFFU.exe
PID 512 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\DdnosZu.exe
PID 512 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\DdnosZu.exe
PID 512 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\rqwOKAk.exe
PID 512 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\rqwOKAk.exe
PID 512 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CkMYezR.exe
PID 512 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\CkMYezR.exe
PID 512 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\GwtnAxv.exe
PID 512 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\GwtnAxv.exe
PID 512 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\mBFuhcw.exe
PID 512 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\mBFuhcw.exe
PID 512 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\nwmbVho.exe
PID 512 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\nwmbVho.exe
PID 512 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\GVmdjXE.exe
PID 512 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\GVmdjXE.exe
PID 512 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\hFNMIwz.exe
PID 512 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\hFNMIwz.exe
PID 512 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\KUSBnBq.exe
PID 512 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe C:\Windows\System32\KUSBnBq.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0b1122e3b7f581c09cf1f103f859c6a0_NeikiAnalytics.exe"

C:\Windows\System32\cTcVByd.exe

C:\Windows\System32\cTcVByd.exe

C:\Windows\System32\PRYPoXb.exe

C:\Windows\System32\PRYPoXb.exe

C:\Windows\System32\IqAWmNV.exe

C:\Windows\System32\IqAWmNV.exe

C:\Windows\System32\gLTjkyP.exe

C:\Windows\System32\gLTjkyP.exe

C:\Windows\System32\WLgQvjF.exe

C:\Windows\System32\WLgQvjF.exe

C:\Windows\System32\ojoLLnW.exe

C:\Windows\System32\ojoLLnW.exe

C:\Windows\System32\YbMtorS.exe

C:\Windows\System32\YbMtorS.exe

C:\Windows\System32\VQTWPMu.exe

C:\Windows\System32\VQTWPMu.exe

C:\Windows\System32\cWwxFCj.exe

C:\Windows\System32\cWwxFCj.exe

C:\Windows\System32\yHcjHgK.exe

C:\Windows\System32\yHcjHgK.exe

C:\Windows\System32\oZLbfTk.exe

C:\Windows\System32\oZLbfTk.exe

C:\Windows\System32\yzTdZyW.exe

C:\Windows\System32\yzTdZyW.exe

C:\Windows\System32\JAXbmIr.exe

C:\Windows\System32\JAXbmIr.exe

C:\Windows\System32\eRTGUwC.exe

C:\Windows\System32\eRTGUwC.exe

C:\Windows\System32\oWtMPMK.exe

C:\Windows\System32\oWtMPMK.exe

C:\Windows\System32\ydysmSB.exe

C:\Windows\System32\ydysmSB.exe

C:\Windows\System32\tFJIJlz.exe

C:\Windows\System32\tFJIJlz.exe

C:\Windows\System32\iTUCJBx.exe

C:\Windows\System32\iTUCJBx.exe

C:\Windows\System32\rSmovkN.exe

C:\Windows\System32\rSmovkN.exe

C:\Windows\System32\YKeAeRk.exe

C:\Windows\System32\YKeAeRk.exe

C:\Windows\System32\kgbdnhI.exe

C:\Windows\System32\kgbdnhI.exe

C:\Windows\System32\eDByXsa.exe

C:\Windows\System32\eDByXsa.exe

C:\Windows\System32\yGxzFFU.exe

C:\Windows\System32\yGxzFFU.exe

C:\Windows\System32\DdnosZu.exe

C:\Windows\System32\DdnosZu.exe

C:\Windows\System32\rqwOKAk.exe

C:\Windows\System32\rqwOKAk.exe

C:\Windows\System32\CkMYezR.exe

C:\Windows\System32\CkMYezR.exe

C:\Windows\System32\GwtnAxv.exe

C:\Windows\System32\GwtnAxv.exe

C:\Windows\System32\mBFuhcw.exe

C:\Windows\System32\mBFuhcw.exe

C:\Windows\System32\nwmbVho.exe

C:\Windows\System32\nwmbVho.exe

C:\Windows\System32\GVmdjXE.exe

C:\Windows\System32\GVmdjXE.exe

C:\Windows\System32\hFNMIwz.exe

C:\Windows\System32\hFNMIwz.exe

C:\Windows\System32\KUSBnBq.exe

C:\Windows\System32\KUSBnBq.exe

C:\Windows\System32\JfMMtnF.exe

C:\Windows\System32\JfMMtnF.exe

C:\Windows\System32\RFhgVCE.exe

C:\Windows\System32\RFhgVCE.exe

C:\Windows\System32\OtLEZok.exe

C:\Windows\System32\OtLEZok.exe

C:\Windows\System32\qXXEnHg.exe

C:\Windows\System32\qXXEnHg.exe

C:\Windows\System32\IbLSnwT.exe

C:\Windows\System32\IbLSnwT.exe

C:\Windows\System32\hVDCuzq.exe

C:\Windows\System32\hVDCuzq.exe

C:\Windows\System32\PvwdbBi.exe

C:\Windows\System32\PvwdbBi.exe

C:\Windows\System32\SbqnLyv.exe

C:\Windows\System32\SbqnLyv.exe

C:\Windows\System32\rafQSXW.exe

C:\Windows\System32\rafQSXW.exe

C:\Windows\System32\lWlvuqx.exe

C:\Windows\System32\lWlvuqx.exe

C:\Windows\System32\uasNvwA.exe

C:\Windows\System32\uasNvwA.exe

C:\Windows\System32\kyxOXFm.exe

C:\Windows\System32\kyxOXFm.exe

C:\Windows\System32\aVqMjeG.exe

C:\Windows\System32\aVqMjeG.exe

C:\Windows\System32\PmLZXSG.exe

C:\Windows\System32\PmLZXSG.exe

C:\Windows\System32\zIBNGnD.exe

C:\Windows\System32\zIBNGnD.exe

C:\Windows\System32\Hzcnrrt.exe

C:\Windows\System32\Hzcnrrt.exe

C:\Windows\System32\GFwrnzm.exe

C:\Windows\System32\GFwrnzm.exe

C:\Windows\System32\qjdtOFW.exe

C:\Windows\System32\qjdtOFW.exe

C:\Windows\System32\VORKwZV.exe

C:\Windows\System32\VORKwZV.exe

C:\Windows\System32\HVCIlHt.exe

C:\Windows\System32\HVCIlHt.exe

C:\Windows\System32\mUPBxjH.exe

C:\Windows\System32\mUPBxjH.exe

C:\Windows\System32\nkjRdcB.exe

C:\Windows\System32\nkjRdcB.exe

C:\Windows\System32\biWOuJO.exe

C:\Windows\System32\biWOuJO.exe

C:\Windows\System32\rogMAcM.exe

C:\Windows\System32\rogMAcM.exe

C:\Windows\System32\jUPDPDe.exe

C:\Windows\System32\jUPDPDe.exe

C:\Windows\System32\oVstWhk.exe

C:\Windows\System32\oVstWhk.exe

C:\Windows\System32\WHaKliI.exe

C:\Windows\System32\WHaKliI.exe

C:\Windows\System32\VxKhadT.exe

C:\Windows\System32\VxKhadT.exe

C:\Windows\System32\fZXefcH.exe

C:\Windows\System32\fZXefcH.exe

C:\Windows\System32\KOjMbKC.exe

C:\Windows\System32\KOjMbKC.exe

C:\Windows\System32\NvFUdDP.exe

C:\Windows\System32\NvFUdDP.exe

C:\Windows\System32\smkeLTe.exe

C:\Windows\System32\smkeLTe.exe

C:\Windows\System32\nKXPnrc.exe

C:\Windows\System32\nKXPnrc.exe

C:\Windows\System32\UWKmoEC.exe

C:\Windows\System32\UWKmoEC.exe

C:\Windows\System32\eGFEjvo.exe

C:\Windows\System32\eGFEjvo.exe

C:\Windows\System32\KZpAFBk.exe

C:\Windows\System32\KZpAFBk.exe

C:\Windows\System32\jZltRkx.exe

C:\Windows\System32\jZltRkx.exe

C:\Windows\System32\jCdtMxh.exe

C:\Windows\System32\jCdtMxh.exe

C:\Windows\System32\CNJaQVc.exe

C:\Windows\System32\CNJaQVc.exe

C:\Windows\System32\vxJJcBv.exe

C:\Windows\System32\vxJJcBv.exe

C:\Windows\System32\prOPDGZ.exe

C:\Windows\System32\prOPDGZ.exe

C:\Windows\System32\XTumFNc.exe

C:\Windows\System32\XTumFNc.exe

C:\Windows\System32\gjYjkgL.exe

C:\Windows\System32\gjYjkgL.exe

C:\Windows\System32\zTlZbMQ.exe

C:\Windows\System32\zTlZbMQ.exe

C:\Windows\System32\qvPuwge.exe

C:\Windows\System32\qvPuwge.exe

C:\Windows\System32\mEDMFwX.exe

C:\Windows\System32\mEDMFwX.exe

C:\Windows\System32\iHnjFaN.exe

C:\Windows\System32\iHnjFaN.exe

C:\Windows\System32\HbGMJlp.exe

C:\Windows\System32\HbGMJlp.exe

C:\Windows\System32\qFUvCEe.exe

C:\Windows\System32\qFUvCEe.exe

C:\Windows\System32\WHbkYvp.exe

C:\Windows\System32\WHbkYvp.exe

C:\Windows\System32\quxrJIy.exe

C:\Windows\System32\quxrJIy.exe

C:\Windows\System32\KSaCoQE.exe

C:\Windows\System32\KSaCoQE.exe

C:\Windows\System32\bXsgcyw.exe

C:\Windows\System32\bXsgcyw.exe

C:\Windows\System32\vqOdggq.exe

C:\Windows\System32\vqOdggq.exe

C:\Windows\System32\kZPdhev.exe

C:\Windows\System32\kZPdhev.exe

C:\Windows\System32\pZgqgnt.exe

C:\Windows\System32\pZgqgnt.exe

C:\Windows\System32\MIvKxIP.exe

C:\Windows\System32\MIvKxIP.exe

C:\Windows\System32\wPXGFCp.exe

C:\Windows\System32\wPXGFCp.exe

C:\Windows\System32\lxQECUx.exe

C:\Windows\System32\lxQECUx.exe

C:\Windows\System32\nuIvbVq.exe

C:\Windows\System32\nuIvbVq.exe

C:\Windows\System32\suehamU.exe

C:\Windows\System32\suehamU.exe

C:\Windows\System32\CWKoQKz.exe

C:\Windows\System32\CWKoQKz.exe

C:\Windows\System32\SznjFxP.exe

C:\Windows\System32\SznjFxP.exe

C:\Windows\System32\SklfodK.exe

C:\Windows\System32\SklfodK.exe

C:\Windows\System32\PllyXkq.exe

C:\Windows\System32\PllyXkq.exe

C:\Windows\System32\uprzdbX.exe

C:\Windows\System32\uprzdbX.exe

C:\Windows\System32\AoqGoZf.exe

C:\Windows\System32\AoqGoZf.exe

C:\Windows\System32\bbDXURM.exe

C:\Windows\System32\bbDXURM.exe

C:\Windows\System32\PeNZdDZ.exe

C:\Windows\System32\PeNZdDZ.exe

C:\Windows\System32\XiuYIdw.exe

C:\Windows\System32\XiuYIdw.exe

C:\Windows\System32\rBBOZAI.exe

C:\Windows\System32\rBBOZAI.exe

C:\Windows\System32\ojSyFbw.exe

C:\Windows\System32\ojSyFbw.exe

C:\Windows\System32\GghjHkM.exe

C:\Windows\System32\GghjHkM.exe

C:\Windows\System32\AHPzUdd.exe

C:\Windows\System32\AHPzUdd.exe

C:\Windows\System32\ENKPDHR.exe

C:\Windows\System32\ENKPDHR.exe

C:\Windows\System32\jqkjcbI.exe

C:\Windows\System32\jqkjcbI.exe

C:\Windows\System32\cHJKuWZ.exe

C:\Windows\System32\cHJKuWZ.exe

C:\Windows\System32\kKmrrIk.exe

C:\Windows\System32\kKmrrIk.exe

C:\Windows\System32\NHFmYhs.exe

C:\Windows\System32\NHFmYhs.exe

C:\Windows\System32\jSlcZob.exe

C:\Windows\System32\jSlcZob.exe

C:\Windows\System32\jOJstqs.exe

C:\Windows\System32\jOJstqs.exe

C:\Windows\System32\iCPjjTO.exe

C:\Windows\System32\iCPjjTO.exe

C:\Windows\System32\ktvYElG.exe

C:\Windows\System32\ktvYElG.exe

C:\Windows\System32\xEgqvlf.exe

C:\Windows\System32\xEgqvlf.exe

C:\Windows\System32\DhFyWiN.exe

C:\Windows\System32\DhFyWiN.exe

C:\Windows\System32\EVmPXwn.exe

C:\Windows\System32\EVmPXwn.exe

C:\Windows\System32\PdAgMHS.exe

C:\Windows\System32\PdAgMHS.exe

C:\Windows\System32\xbFhiHm.exe

C:\Windows\System32\xbFhiHm.exe

C:\Windows\System32\hrVjUoy.exe

C:\Windows\System32\hrVjUoy.exe

C:\Windows\System32\IqYJMSG.exe

C:\Windows\System32\IqYJMSG.exe

C:\Windows\System32\IWCUSfG.exe

C:\Windows\System32\IWCUSfG.exe

C:\Windows\System32\IyqCvbj.exe

C:\Windows\System32\IyqCvbj.exe

C:\Windows\System32\hGnwRdP.exe

C:\Windows\System32\hGnwRdP.exe

C:\Windows\System32\bfTzmPJ.exe

C:\Windows\System32\bfTzmPJ.exe

C:\Windows\System32\deQqnQR.exe

C:\Windows\System32\deQqnQR.exe

C:\Windows\System32\SyExXZk.exe

C:\Windows\System32\SyExXZk.exe

C:\Windows\System32\UGWvKug.exe

C:\Windows\System32\UGWvKug.exe

C:\Windows\System32\WtnRGxl.exe

C:\Windows\System32\WtnRGxl.exe

C:\Windows\System32\QPDFngC.exe

C:\Windows\System32\QPDFngC.exe

C:\Windows\System32\KAHlZKz.exe

C:\Windows\System32\KAHlZKz.exe

C:\Windows\System32\NxTiHpk.exe

C:\Windows\System32\NxTiHpk.exe

C:\Windows\System32\BRGBrlC.exe

C:\Windows\System32\BRGBrlC.exe

C:\Windows\System32\XXiUYQD.exe

C:\Windows\System32\XXiUYQD.exe

C:\Windows\System32\KNMrbrQ.exe

C:\Windows\System32\KNMrbrQ.exe

C:\Windows\System32\lBDjTRI.exe

C:\Windows\System32\lBDjTRI.exe

C:\Windows\System32\xhZPGyO.exe

C:\Windows\System32\xhZPGyO.exe

C:\Windows\System32\YLTzMty.exe

C:\Windows\System32\YLTzMty.exe

C:\Windows\System32\XbkORTT.exe

C:\Windows\System32\XbkORTT.exe

C:\Windows\System32\BxWoMgF.exe

C:\Windows\System32\BxWoMgF.exe

C:\Windows\System32\dIFyTmC.exe

C:\Windows\System32\dIFyTmC.exe

C:\Windows\System32\blwvQzx.exe

C:\Windows\System32\blwvQzx.exe

C:\Windows\System32\SHsHekp.exe

C:\Windows\System32\SHsHekp.exe

C:\Windows\System32\HVPDwGH.exe

C:\Windows\System32\HVPDwGH.exe

C:\Windows\System32\vYUlmJB.exe

C:\Windows\System32\vYUlmJB.exe

C:\Windows\System32\aESBXpr.exe

C:\Windows\System32\aESBXpr.exe

C:\Windows\System32\nnqeuOl.exe

C:\Windows\System32\nnqeuOl.exe

C:\Windows\System32\HdmGgjb.exe

C:\Windows\System32\HdmGgjb.exe

C:\Windows\System32\ItTpBnX.exe

C:\Windows\System32\ItTpBnX.exe

C:\Windows\System32\McpABGo.exe

C:\Windows\System32\McpABGo.exe

C:\Windows\System32\rnIzfCr.exe

C:\Windows\System32\rnIzfCr.exe

C:\Windows\System32\jjGvNGv.exe

C:\Windows\System32\jjGvNGv.exe

C:\Windows\System32\KtEgGtJ.exe

C:\Windows\System32\KtEgGtJ.exe

C:\Windows\System32\OtgrKDJ.exe

C:\Windows\System32\OtgrKDJ.exe

C:\Windows\System32\jrfSmAb.exe

C:\Windows\System32\jrfSmAb.exe

C:\Windows\System32\JGRWCnT.exe

C:\Windows\System32\JGRWCnT.exe

C:\Windows\System32\wKmwWAD.exe

C:\Windows\System32\wKmwWAD.exe

C:\Windows\System32\SBkLbMk.exe

C:\Windows\System32\SBkLbMk.exe

C:\Windows\System32\blKjMMJ.exe

C:\Windows\System32\blKjMMJ.exe

C:\Windows\System32\AjCsbGh.exe

C:\Windows\System32\AjCsbGh.exe

C:\Windows\System32\gbKVNzu.exe

C:\Windows\System32\gbKVNzu.exe

C:\Windows\System32\vMYiZXt.exe

C:\Windows\System32\vMYiZXt.exe

C:\Windows\System32\rUjThty.exe

C:\Windows\System32\rUjThty.exe

C:\Windows\System32\XvEbyLy.exe

C:\Windows\System32\XvEbyLy.exe

C:\Windows\System32\UrdKjcH.exe

C:\Windows\System32\UrdKjcH.exe

C:\Windows\System32\VzFpEFh.exe

C:\Windows\System32\VzFpEFh.exe

C:\Windows\System32\LmwvyxZ.exe

C:\Windows\System32\LmwvyxZ.exe

C:\Windows\System32\veSPpcU.exe

C:\Windows\System32\veSPpcU.exe

C:\Windows\System32\xSjmMUt.exe

C:\Windows\System32\xSjmMUt.exe

C:\Windows\System32\KSGgSfC.exe

C:\Windows\System32\KSGgSfC.exe

C:\Windows\System32\QaCkZsE.exe

C:\Windows\System32\QaCkZsE.exe

C:\Windows\System32\nEywcmo.exe

C:\Windows\System32\nEywcmo.exe

C:\Windows\System32\AhBuDnA.exe

C:\Windows\System32\AhBuDnA.exe

C:\Windows\System32\RbYFbQw.exe

C:\Windows\System32\RbYFbQw.exe

C:\Windows\System32\sXLgCls.exe

C:\Windows\System32\sXLgCls.exe

C:\Windows\System32\KkizEjT.exe

C:\Windows\System32\KkizEjT.exe

C:\Windows\System32\zmjASNu.exe

C:\Windows\System32\zmjASNu.exe

C:\Windows\System32\sCOlWSL.exe

C:\Windows\System32\sCOlWSL.exe

C:\Windows\System32\dSqsJyr.exe

C:\Windows\System32\dSqsJyr.exe

C:\Windows\System32\ZHUqtZt.exe

C:\Windows\System32\ZHUqtZt.exe

C:\Windows\System32\DqdJoub.exe

C:\Windows\System32\DqdJoub.exe

C:\Windows\System32\sYKUGTH.exe

C:\Windows\System32\sYKUGTH.exe

C:\Windows\System32\nErmetP.exe

C:\Windows\System32\nErmetP.exe

C:\Windows\System32\idwJmXP.exe

C:\Windows\System32\idwJmXP.exe

C:\Windows\System32\AhKEhrT.exe

C:\Windows\System32\AhKEhrT.exe

C:\Windows\System32\vmThWAN.exe

C:\Windows\System32\vmThWAN.exe

C:\Windows\System32\ZLthkTc.exe

C:\Windows\System32\ZLthkTc.exe

C:\Windows\System32\qhYETuS.exe

C:\Windows\System32\qhYETuS.exe

C:\Windows\System32\yQbnnuy.exe

C:\Windows\System32\yQbnnuy.exe

C:\Windows\System32\oabRFql.exe

C:\Windows\System32\oabRFql.exe

C:\Windows\System32\xhCbvil.exe

C:\Windows\System32\xhCbvil.exe

C:\Windows\System32\VyEQKYe.exe

C:\Windows\System32\VyEQKYe.exe

C:\Windows\System32\cSdybWP.exe

C:\Windows\System32\cSdybWP.exe

C:\Windows\System32\DmDlxWE.exe

C:\Windows\System32\DmDlxWE.exe

C:\Windows\System32\NahIPpj.exe

C:\Windows\System32\NahIPpj.exe

C:\Windows\System32\zzspeXm.exe

C:\Windows\System32\zzspeXm.exe

C:\Windows\System32\Jgvauss.exe

C:\Windows\System32\Jgvauss.exe

C:\Windows\System32\jxqQpeE.exe

C:\Windows\System32\jxqQpeE.exe

C:\Windows\System32\RKxYRFh.exe

C:\Windows\System32\RKxYRFh.exe

C:\Windows\System32\HHlofRw.exe

C:\Windows\System32\HHlofRw.exe

C:\Windows\System32\XRuMpvA.exe

C:\Windows\System32\XRuMpvA.exe

C:\Windows\System32\lpsSizQ.exe

C:\Windows\System32\lpsSizQ.exe

C:\Windows\System32\KuFwdBg.exe

C:\Windows\System32\KuFwdBg.exe

C:\Windows\System32\QUdZTAb.exe

C:\Windows\System32\QUdZTAb.exe

C:\Windows\System32\GLoyWme.exe

C:\Windows\System32\GLoyWme.exe

C:\Windows\System32\XzRszCb.exe

C:\Windows\System32\XzRszCb.exe

C:\Windows\System32\RNjwOoo.exe

C:\Windows\System32\RNjwOoo.exe

C:\Windows\System32\lFNULad.exe

C:\Windows\System32\lFNULad.exe

C:\Windows\System32\cAXySDM.exe

C:\Windows\System32\cAXySDM.exe

C:\Windows\System32\ykYKfpo.exe

C:\Windows\System32\ykYKfpo.exe

C:\Windows\System32\zDmjohD.exe

C:\Windows\System32\zDmjohD.exe

C:\Windows\System32\roCsyFR.exe

C:\Windows\System32\roCsyFR.exe

C:\Windows\System32\eQUqgsy.exe

C:\Windows\System32\eQUqgsy.exe

C:\Windows\System32\bXaBybn.exe

C:\Windows\System32\bXaBybn.exe

C:\Windows\System32\xTJbIQM.exe

C:\Windows\System32\xTJbIQM.exe

C:\Windows\System32\dmUtxSS.exe

C:\Windows\System32\dmUtxSS.exe

C:\Windows\System32\EJeoulN.exe

C:\Windows\System32\EJeoulN.exe

C:\Windows\System32\LmqpVuK.exe

C:\Windows\System32\LmqpVuK.exe

C:\Windows\System32\JzuNxlt.exe

C:\Windows\System32\JzuNxlt.exe

C:\Windows\System32\jMlWAUv.exe

C:\Windows\System32\jMlWAUv.exe

C:\Windows\System32\FvZlcwA.exe

C:\Windows\System32\FvZlcwA.exe

C:\Windows\System32\AeRlhBW.exe

C:\Windows\System32\AeRlhBW.exe

C:\Windows\System32\Ahxzbjs.exe

C:\Windows\System32\Ahxzbjs.exe

C:\Windows\System32\PxWQLDu.exe

C:\Windows\System32\PxWQLDu.exe

C:\Windows\System32\SXXavxY.exe

C:\Windows\System32\SXXavxY.exe

C:\Windows\System32\iijqcsq.exe

C:\Windows\System32\iijqcsq.exe

C:\Windows\System32\xwGAvXB.exe

C:\Windows\System32\xwGAvXB.exe

C:\Windows\System32\bKqYNeW.exe

C:\Windows\System32\bKqYNeW.exe

C:\Windows\System32\IwUFndY.exe

C:\Windows\System32\IwUFndY.exe

C:\Windows\System32\ehNVHMv.exe

C:\Windows\System32\ehNVHMv.exe

C:\Windows\System32\fvXYJSy.exe

C:\Windows\System32\fvXYJSy.exe

C:\Windows\System32\SMrZXZd.exe

C:\Windows\System32\SMrZXZd.exe

C:\Windows\System32\trlxCEs.exe

C:\Windows\System32\trlxCEs.exe

C:\Windows\System32\llrUMmK.exe

C:\Windows\System32\llrUMmK.exe

C:\Windows\System32\wBrzqWW.exe

C:\Windows\System32\wBrzqWW.exe

C:\Windows\System32\SWslgSe.exe

C:\Windows\System32\SWslgSe.exe

C:\Windows\System32\ThLKssF.exe

C:\Windows\System32\ThLKssF.exe

C:\Windows\System32\gDDUXSF.exe

C:\Windows\System32\gDDUXSF.exe

C:\Windows\System32\ZanwtLB.exe

C:\Windows\System32\ZanwtLB.exe

C:\Windows\System32\sKqPLyw.exe

C:\Windows\System32\sKqPLyw.exe

C:\Windows\System32\NlcbETB.exe

C:\Windows\System32\NlcbETB.exe

C:\Windows\System32\gdMisrD.exe

C:\Windows\System32\gdMisrD.exe

C:\Windows\System32\wxfLAtJ.exe

C:\Windows\System32\wxfLAtJ.exe

C:\Windows\System32\owABjNy.exe

C:\Windows\System32\owABjNy.exe

C:\Windows\System32\JnwpDeR.exe

C:\Windows\System32\JnwpDeR.exe

C:\Windows\System32\JLPhKRz.exe

C:\Windows\System32\JLPhKRz.exe

C:\Windows\System32\lrvthQJ.exe

C:\Windows\System32\lrvthQJ.exe

C:\Windows\System32\dsCDNsq.exe

C:\Windows\System32\dsCDNsq.exe

C:\Windows\System32\BlZClhp.exe

C:\Windows\System32\BlZClhp.exe

C:\Windows\System32\uNihIOX.exe

C:\Windows\System32\uNihIOX.exe

C:\Windows\System32\MMLNaxf.exe

C:\Windows\System32\MMLNaxf.exe

C:\Windows\System32\hOXUenh.exe

C:\Windows\System32\hOXUenh.exe

C:\Windows\System32\EwSBjTp.exe

C:\Windows\System32\EwSBjTp.exe

C:\Windows\System32\mqOgEaG.exe

C:\Windows\System32\mqOgEaG.exe

C:\Windows\System32\tduERYa.exe

C:\Windows\System32\tduERYa.exe

C:\Windows\System32\rSvuuEV.exe

C:\Windows\System32\rSvuuEV.exe

C:\Windows\System32\eCszSnZ.exe

C:\Windows\System32\eCszSnZ.exe

C:\Windows\System32\LsBsOnx.exe

C:\Windows\System32\LsBsOnx.exe

C:\Windows\System32\qBCYtmV.exe

C:\Windows\System32\qBCYtmV.exe

C:\Windows\System32\dHaslgx.exe

C:\Windows\System32\dHaslgx.exe

C:\Windows\System32\ozYIlgI.exe

C:\Windows\System32\ozYIlgI.exe

C:\Windows\System32\xzyoGmP.exe

C:\Windows\System32\xzyoGmP.exe

C:\Windows\System32\FyPEZyF.exe

C:\Windows\System32\FyPEZyF.exe

C:\Windows\System32\cFpGHgz.exe

C:\Windows\System32\cFpGHgz.exe

C:\Windows\System32\OYFoXJp.exe

C:\Windows\System32\OYFoXJp.exe

C:\Windows\System32\ndeTfkW.exe

C:\Windows\System32\ndeTfkW.exe

C:\Windows\System32\LSjrple.exe

C:\Windows\System32\LSjrple.exe

C:\Windows\System32\zebGEYF.exe

C:\Windows\System32\zebGEYF.exe

C:\Windows\System32\iDOjxFg.exe

C:\Windows\System32\iDOjxFg.exe

C:\Windows\System32\psCCjuL.exe

C:\Windows\System32\psCCjuL.exe

C:\Windows\System32\VxoxJLz.exe

C:\Windows\System32\VxoxJLz.exe

C:\Windows\System32\jxbTvlR.exe

C:\Windows\System32\jxbTvlR.exe

C:\Windows\System32\iqTNBFz.exe

C:\Windows\System32\iqTNBFz.exe

C:\Windows\System32\HqpOdWI.exe

C:\Windows\System32\HqpOdWI.exe

C:\Windows\System32\VgVZojQ.exe

C:\Windows\System32\VgVZojQ.exe

C:\Windows\System32\kOvQrCD.exe

C:\Windows\System32\kOvQrCD.exe

C:\Windows\System32\gvRVjHO.exe

C:\Windows\System32\gvRVjHO.exe

C:\Windows\System32\lCzSkmj.exe

C:\Windows\System32\lCzSkmj.exe

C:\Windows\System32\sJkyFHR.exe

C:\Windows\System32\sJkyFHR.exe

C:\Windows\System32\tppsSMB.exe

C:\Windows\System32\tppsSMB.exe

C:\Windows\System32\jGukBEc.exe

C:\Windows\System32\jGukBEc.exe

C:\Windows\System32\kiCPXyW.exe

C:\Windows\System32\kiCPXyW.exe

C:\Windows\System32\yBsFtAN.exe

C:\Windows\System32\yBsFtAN.exe

C:\Windows\System32\ucjdNdW.exe

C:\Windows\System32\ucjdNdW.exe

C:\Windows\System32\JopbgqU.exe

C:\Windows\System32\JopbgqU.exe

C:\Windows\System32\poKHIZu.exe

C:\Windows\System32\poKHIZu.exe

C:\Windows\System32\OPNGEvP.exe

C:\Windows\System32\OPNGEvP.exe

C:\Windows\System32\ZHGczyU.exe

C:\Windows\System32\ZHGczyU.exe

C:\Windows\System32\pCZOIyK.exe

C:\Windows\System32\pCZOIyK.exe

C:\Windows\System32\avLBneb.exe

C:\Windows\System32\avLBneb.exe

C:\Windows\System32\uphbBjl.exe

C:\Windows\System32\uphbBjl.exe

C:\Windows\System32\dsMwyNq.exe

C:\Windows\System32\dsMwyNq.exe

C:\Windows\System32\yJLSDhL.exe

C:\Windows\System32\yJLSDhL.exe

C:\Windows\System32\ZnlWPVq.exe

C:\Windows\System32\ZnlWPVq.exe

C:\Windows\System32\LxBoToK.exe

C:\Windows\System32\LxBoToK.exe

C:\Windows\System32\ElUzGxt.exe

C:\Windows\System32\ElUzGxt.exe

C:\Windows\System32\nbIWsbX.exe

C:\Windows\System32\nbIWsbX.exe

C:\Windows\System32\xeiTQaS.exe

C:\Windows\System32\xeiTQaS.exe

C:\Windows\System32\SKAOczt.exe

C:\Windows\System32\SKAOczt.exe

C:\Windows\System32\SXBVbqA.exe

C:\Windows\System32\SXBVbqA.exe

C:\Windows\System32\khRYZUw.exe

C:\Windows\System32\khRYZUw.exe

C:\Windows\System32\FHiJHKr.exe

C:\Windows\System32\FHiJHKr.exe

C:\Windows\System32\MDZGnQK.exe

C:\Windows\System32\MDZGnQK.exe

C:\Windows\System32\xlKEGTz.exe

C:\Windows\System32\xlKEGTz.exe

C:\Windows\System32\fmHSIJc.exe

C:\Windows\System32\fmHSIJc.exe

C:\Windows\System32\GGPtQfT.exe

C:\Windows\System32\GGPtQfT.exe

C:\Windows\System32\yMEETJI.exe

C:\Windows\System32\yMEETJI.exe

C:\Windows\System32\DzOLDsO.exe

C:\Windows\System32\DzOLDsO.exe

C:\Windows\System32\OgymyEQ.exe

C:\Windows\System32\OgymyEQ.exe

C:\Windows\System32\YCITius.exe

C:\Windows\System32\YCITius.exe

C:\Windows\System32\NcVEjHO.exe

C:\Windows\System32\NcVEjHO.exe

C:\Windows\System32\bLjvQsX.exe

C:\Windows\System32\bLjvQsX.exe

C:\Windows\System32\TcufvGW.exe

C:\Windows\System32\TcufvGW.exe

C:\Windows\System32\SFiYJXl.exe

C:\Windows\System32\SFiYJXl.exe

C:\Windows\System32\OBNWUtc.exe

C:\Windows\System32\OBNWUtc.exe

C:\Windows\System32\YNAKJVw.exe

C:\Windows\System32\YNAKJVw.exe

C:\Windows\System32\JtpsZaJ.exe

C:\Windows\System32\JtpsZaJ.exe

C:\Windows\System32\SChBLNt.exe

C:\Windows\System32\SChBLNt.exe

C:\Windows\System32\tYLoBFj.exe

C:\Windows\System32\tYLoBFj.exe

C:\Windows\System32\NrMlDda.exe

C:\Windows\System32\NrMlDda.exe

C:\Windows\System32\OrifQwn.exe

C:\Windows\System32\OrifQwn.exe

C:\Windows\System32\PoFTOdu.exe

C:\Windows\System32\PoFTOdu.exe

C:\Windows\System32\HILRUKZ.exe

C:\Windows\System32\HILRUKZ.exe

C:\Windows\System32\hpZyCKX.exe

C:\Windows\System32\hpZyCKX.exe

C:\Windows\System32\tGEfifK.exe

C:\Windows\System32\tGEfifK.exe

C:\Windows\System32\iZWRscU.exe

C:\Windows\System32\iZWRscU.exe

C:\Windows\System32\hUnndQl.exe

C:\Windows\System32\hUnndQl.exe

C:\Windows\System32\bvqNcVP.exe

C:\Windows\System32\bvqNcVP.exe

C:\Windows\System32\GYRjUyG.exe

C:\Windows\System32\GYRjUyG.exe

C:\Windows\System32\pjawLyU.exe

C:\Windows\System32\pjawLyU.exe

C:\Windows\System32\PLAAVmm.exe

C:\Windows\System32\PLAAVmm.exe

C:\Windows\System32\vyqhMkL.exe

C:\Windows\System32\vyqhMkL.exe

C:\Windows\System32\NHURkSg.exe

C:\Windows\System32\NHURkSg.exe

C:\Windows\System32\KjjSrex.exe

C:\Windows\System32\KjjSrex.exe

C:\Windows\System32\FoyNCDq.exe

C:\Windows\System32\FoyNCDq.exe

C:\Windows\System32\rlluzNG.exe

C:\Windows\System32\rlluzNG.exe

C:\Windows\System32\cqQMzQG.exe

C:\Windows\System32\cqQMzQG.exe

C:\Windows\System32\oOKlyzQ.exe

C:\Windows\System32\oOKlyzQ.exe

C:\Windows\System32\aFAoPbO.exe

C:\Windows\System32\aFAoPbO.exe

C:\Windows\System32\auqAzsJ.exe

C:\Windows\System32\auqAzsJ.exe

C:\Windows\System32\wKpQOsg.exe

C:\Windows\System32\wKpQOsg.exe

C:\Windows\System32\BGIZmkB.exe

C:\Windows\System32\BGIZmkB.exe

C:\Windows\System32\EJQwcCi.exe

C:\Windows\System32\EJQwcCi.exe

C:\Windows\System32\pwrJvoL.exe

C:\Windows\System32\pwrJvoL.exe

C:\Windows\System32\fykbWkj.exe

C:\Windows\System32\fykbWkj.exe

C:\Windows\System32\LHHIbxF.exe

C:\Windows\System32\LHHIbxF.exe

C:\Windows\System32\Bmejypy.exe

C:\Windows\System32\Bmejypy.exe

C:\Windows\System32\KCmjdas.exe

C:\Windows\System32\KCmjdas.exe

C:\Windows\System32\rVXyrad.exe

C:\Windows\System32\rVXyrad.exe

C:\Windows\System32\weKzAGs.exe

C:\Windows\System32\weKzAGs.exe

C:\Windows\System32\VKTPoKK.exe

C:\Windows\System32\VKTPoKK.exe

C:\Windows\System32\KdOiYbM.exe

C:\Windows\System32\KdOiYbM.exe

C:\Windows\System32\xClpHzH.exe

C:\Windows\System32\xClpHzH.exe

C:\Windows\System32\jyRzjYI.exe

C:\Windows\System32\jyRzjYI.exe

C:\Windows\System32\NuImQpM.exe

C:\Windows\System32\NuImQpM.exe

C:\Windows\System32\KLloTtS.exe

C:\Windows\System32\KLloTtS.exe

C:\Windows\System32\LSkjXHc.exe

C:\Windows\System32\LSkjXHc.exe

C:\Windows\System32\ThlgLIn.exe

C:\Windows\System32\ThlgLIn.exe

C:\Windows\System32\oqPTjKB.exe

C:\Windows\System32\oqPTjKB.exe

C:\Windows\System32\loIHmnl.exe

C:\Windows\System32\loIHmnl.exe

C:\Windows\System32\REdPEPC.exe

C:\Windows\System32\REdPEPC.exe

C:\Windows\System32\thravxF.exe

C:\Windows\System32\thravxF.exe

C:\Windows\System32\rGJLHmy.exe

C:\Windows\System32\rGJLHmy.exe

C:\Windows\System32\XSCIQil.exe

C:\Windows\System32\XSCIQil.exe

C:\Windows\System32\QxTGLyM.exe

C:\Windows\System32\QxTGLyM.exe

C:\Windows\System32\dHAnwAj.exe

C:\Windows\System32\dHAnwAj.exe

C:\Windows\System32\aDksQGW.exe

C:\Windows\System32\aDksQGW.exe

C:\Windows\System32\UnJGHqn.exe

C:\Windows\System32\UnJGHqn.exe

C:\Windows\System32\SRzNDwC.exe

C:\Windows\System32\SRzNDwC.exe

C:\Windows\System32\vOTUCwv.exe

C:\Windows\System32\vOTUCwv.exe

C:\Windows\System32\ufkCcYR.exe

C:\Windows\System32\ufkCcYR.exe

C:\Windows\System32\nsGcKMa.exe

C:\Windows\System32\nsGcKMa.exe

C:\Windows\System32\alAMqIZ.exe

C:\Windows\System32\alAMqIZ.exe

C:\Windows\System32\SlwzqdK.exe

C:\Windows\System32\SlwzqdK.exe

C:\Windows\System32\lIAWHeW.exe

C:\Windows\System32\lIAWHeW.exe

C:\Windows\System32\rOAMvtp.exe

C:\Windows\System32\rOAMvtp.exe

C:\Windows\System32\tVkzPgy.exe

C:\Windows\System32\tVkzPgy.exe

C:\Windows\System32\TMcWdVi.exe

C:\Windows\System32\TMcWdVi.exe

C:\Windows\System32\nqDkDke.exe

C:\Windows\System32\nqDkDke.exe

C:\Windows\System32\MzmUyWG.exe

C:\Windows\System32\MzmUyWG.exe

C:\Windows\System32\hGofzXj.exe

C:\Windows\System32\hGofzXj.exe

C:\Windows\System32\QGrIbVy.exe

C:\Windows\System32\QGrIbVy.exe

C:\Windows\System32\GBVEtTH.exe

C:\Windows\System32\GBVEtTH.exe

C:\Windows\System32\ZbKugJp.exe

C:\Windows\System32\ZbKugJp.exe

C:\Windows\System32\WbImRyg.exe

C:\Windows\System32\WbImRyg.exe

C:\Windows\System32\MxCogva.exe

C:\Windows\System32\MxCogva.exe

C:\Windows\System32\lXbDHvO.exe

C:\Windows\System32\lXbDHvO.exe

C:\Windows\System32\pKGLRHk.exe

C:\Windows\System32\pKGLRHk.exe

C:\Windows\System32\pdIXjAt.exe

C:\Windows\System32\pdIXjAt.exe

C:\Windows\System32\lztAjIu.exe

C:\Windows\System32\lztAjIu.exe

C:\Windows\System32\TIxCGGo.exe

C:\Windows\System32\TIxCGGo.exe

C:\Windows\System32\BRyVaQw.exe

C:\Windows\System32\BRyVaQw.exe

C:\Windows\System32\qjnhfAC.exe

C:\Windows\System32\qjnhfAC.exe

C:\Windows\System32\vUHMpIa.exe

C:\Windows\System32\vUHMpIa.exe

C:\Windows\System32\BjVhqiM.exe

C:\Windows\System32\BjVhqiM.exe

C:\Windows\System32\gcysjwM.exe

C:\Windows\System32\gcysjwM.exe

C:\Windows\System32\qHCYckp.exe

C:\Windows\System32\qHCYckp.exe

C:\Windows\System32\JdjuAvo.exe

C:\Windows\System32\JdjuAvo.exe

C:\Windows\System32\aYStuOU.exe

C:\Windows\System32\aYStuOU.exe

C:\Windows\System32\CmSPDXJ.exe

C:\Windows\System32\CmSPDXJ.exe

C:\Windows\System32\TkcJXqA.exe

C:\Windows\System32\TkcJXqA.exe

C:\Windows\System32\aFCTWQY.exe

C:\Windows\System32\aFCTWQY.exe

C:\Windows\System32\daetQFV.exe

C:\Windows\System32\daetQFV.exe

C:\Windows\System32\UQaPVtH.exe

C:\Windows\System32\UQaPVtH.exe

C:\Windows\System32\nloEGIw.exe

C:\Windows\System32\nloEGIw.exe

C:\Windows\System32\JNwhtUY.exe

C:\Windows\System32\JNwhtUY.exe

C:\Windows\System32\cEqxtNC.exe

C:\Windows\System32\cEqxtNC.exe

C:\Windows\System32\CHgOlvG.exe

C:\Windows\System32\CHgOlvG.exe

C:\Windows\System32\olvUejl.exe

C:\Windows\System32\olvUejl.exe

C:\Windows\System32\WvGgylc.exe

C:\Windows\System32\WvGgylc.exe

C:\Windows\System32\zPcWrNu.exe

C:\Windows\System32\zPcWrNu.exe

C:\Windows\System32\SvnFLsX.exe

C:\Windows\System32\SvnFLsX.exe

C:\Windows\System32\AyKLsgw.exe

C:\Windows\System32\AyKLsgw.exe

C:\Windows\System32\WtessKD.exe

C:\Windows\System32\WtessKD.exe

C:\Windows\System32\YEKcHek.exe

C:\Windows\System32\YEKcHek.exe

C:\Windows\System32\hkdVCSu.exe

C:\Windows\System32\hkdVCSu.exe

C:\Windows\System32\RdnkRdA.exe

C:\Windows\System32\RdnkRdA.exe

C:\Windows\System32\UfRozqh.exe

C:\Windows\System32\UfRozqh.exe

C:\Windows\System32\LLSbMGY.exe

C:\Windows\System32\LLSbMGY.exe

C:\Windows\System32\VNTOeZt.exe

C:\Windows\System32\VNTOeZt.exe

C:\Windows\System32\qfeCQaG.exe

C:\Windows\System32\qfeCQaG.exe

C:\Windows\System32\kAAbEFO.exe

C:\Windows\System32\kAAbEFO.exe

C:\Windows\System32\RNANKgN.exe

C:\Windows\System32\RNANKgN.exe

C:\Windows\System32\pSMUSTA.exe

C:\Windows\System32\pSMUSTA.exe

C:\Windows\System32\LEMWmTU.exe

C:\Windows\System32\LEMWmTU.exe

C:\Windows\System32\avRgtZl.exe

C:\Windows\System32\avRgtZl.exe

C:\Windows\System32\zWSNTLg.exe

C:\Windows\System32\zWSNTLg.exe

C:\Windows\System32\cLmSsPf.exe

C:\Windows\System32\cLmSsPf.exe

C:\Windows\System32\ypAqBxG.exe

C:\Windows\System32\ypAqBxG.exe

C:\Windows\System32\QLmOVBp.exe

C:\Windows\System32\QLmOVBp.exe

C:\Windows\System32\ukhQDki.exe

C:\Windows\System32\ukhQDki.exe

C:\Windows\System32\GhElQAJ.exe

C:\Windows\System32\GhElQAJ.exe

C:\Windows\System32\hKBCpGw.exe

C:\Windows\System32\hKBCpGw.exe

C:\Windows\System32\aPumDJS.exe

C:\Windows\System32\aPumDJS.exe

C:\Windows\System32\dGZVMRr.exe

C:\Windows\System32\dGZVMRr.exe

C:\Windows\System32\YLfgEIR.exe

C:\Windows\System32\YLfgEIR.exe

C:\Windows\System32\cCSrGys.exe

C:\Windows\System32\cCSrGys.exe

C:\Windows\System32\KNgLgpf.exe

C:\Windows\System32\KNgLgpf.exe

C:\Windows\System32\WxtvaRq.exe

C:\Windows\System32\WxtvaRq.exe

C:\Windows\System32\eedyEZN.exe

C:\Windows\System32\eedyEZN.exe

C:\Windows\System32\MMArCOS.exe

C:\Windows\System32\MMArCOS.exe

C:\Windows\System32\AdocfPH.exe

C:\Windows\System32\AdocfPH.exe

C:\Windows\System32\eQgfLIi.exe

C:\Windows\System32\eQgfLIi.exe

C:\Windows\System32\cSuJuEo.exe

C:\Windows\System32\cSuJuEo.exe

C:\Windows\System32\HbCAOCK.exe

C:\Windows\System32\HbCAOCK.exe

C:\Windows\System32\GaFnDow.exe

C:\Windows\System32\GaFnDow.exe

C:\Windows\System32\HomynZH.exe

C:\Windows\System32\HomynZH.exe

C:\Windows\System32\krLPqnd.exe

C:\Windows\System32\krLPqnd.exe

C:\Windows\System32\eYNAgfx.exe

C:\Windows\System32\eYNAgfx.exe

C:\Windows\System32\OBcBlJT.exe

C:\Windows\System32\OBcBlJT.exe

C:\Windows\System32\PSwCLXt.exe

C:\Windows\System32\PSwCLXt.exe

C:\Windows\System32\VUtnYti.exe

C:\Windows\System32\VUtnYti.exe

C:\Windows\System32\gMboEry.exe

C:\Windows\System32\gMboEry.exe

C:\Windows\System32\bKQEjyJ.exe

C:\Windows\System32\bKQEjyJ.exe

C:\Windows\System32\syEkLEv.exe

C:\Windows\System32\syEkLEv.exe

C:\Windows\System32\mLSyZVU.exe

C:\Windows\System32\mLSyZVU.exe

C:\Windows\System32\vXyKNOX.exe

C:\Windows\System32\vXyKNOX.exe

C:\Windows\System32\vWyEaxK.exe

C:\Windows\System32\vWyEaxK.exe

C:\Windows\System32\qnNIIgf.exe

C:\Windows\System32\qnNIIgf.exe

C:\Windows\System32\mIROIVZ.exe

C:\Windows\System32\mIROIVZ.exe

C:\Windows\System32\yHzgpZo.exe

C:\Windows\System32\yHzgpZo.exe

C:\Windows\System32\vPiQaGI.exe

C:\Windows\System32\vPiQaGI.exe

C:\Windows\System32\oXkjECu.exe

C:\Windows\System32\oXkjECu.exe

C:\Windows\System32\XurAFMO.exe

C:\Windows\System32\XurAFMO.exe

C:\Windows\System32\PQQyiVa.exe

C:\Windows\System32\PQQyiVa.exe

C:\Windows\System32\xNDYVJn.exe

C:\Windows\System32\xNDYVJn.exe

C:\Windows\System32\kDomZlD.exe

C:\Windows\System32\kDomZlD.exe

C:\Windows\System32\nwdRizA.exe

C:\Windows\System32\nwdRizA.exe

C:\Windows\System32\oEgOHtx.exe

C:\Windows\System32\oEgOHtx.exe

C:\Windows\System32\CtMKpBB.exe

C:\Windows\System32\CtMKpBB.exe

C:\Windows\System32\FcOaRQi.exe

C:\Windows\System32\FcOaRQi.exe

C:\Windows\System32\nKEZQfL.exe

C:\Windows\System32\nKEZQfL.exe

C:\Windows\System32\pZEFxzz.exe

C:\Windows\System32\pZEFxzz.exe

C:\Windows\System32\RVKzcdr.exe

C:\Windows\System32\RVKzcdr.exe

C:\Windows\System32\gMtadGi.exe

C:\Windows\System32\gMtadGi.exe

C:\Windows\System32\SFuRUZs.exe

C:\Windows\System32\SFuRUZs.exe

C:\Windows\System32\LrsYdhU.exe

C:\Windows\System32\LrsYdhU.exe

C:\Windows\System32\bbWyJAY.exe

C:\Windows\System32\bbWyJAY.exe

C:\Windows\System32\YZgVouF.exe

C:\Windows\System32\YZgVouF.exe

C:\Windows\System32\LKEtFjR.exe

C:\Windows\System32\LKEtFjR.exe

C:\Windows\System32\SFqqWKV.exe

C:\Windows\System32\SFqqWKV.exe

C:\Windows\System32\umXIxch.exe

C:\Windows\System32\umXIxch.exe

C:\Windows\System32\QcEdktJ.exe

C:\Windows\System32\QcEdktJ.exe

C:\Windows\System32\YAOInkV.exe

C:\Windows\System32\YAOInkV.exe

C:\Windows\System32\IZbiaEi.exe

C:\Windows\System32\IZbiaEi.exe

C:\Windows\System32\vCTTOsn.exe

C:\Windows\System32\vCTTOsn.exe

C:\Windows\System32\bemqAeQ.exe

C:\Windows\System32\bemqAeQ.exe

C:\Windows\System32\jsTubZw.exe

C:\Windows\System32\jsTubZw.exe

C:\Windows\System32\KFsljeu.exe

C:\Windows\System32\KFsljeu.exe

C:\Windows\System32\AaxwZNn.exe

C:\Windows\System32\AaxwZNn.exe

C:\Windows\System32\ibWUHCk.exe

C:\Windows\System32\ibWUHCk.exe

C:\Windows\System32\OyXHzvf.exe

C:\Windows\System32\OyXHzvf.exe

C:\Windows\System32\MpFPtnu.exe

C:\Windows\System32\MpFPtnu.exe

C:\Windows\System32\ikzaXzd.exe

C:\Windows\System32\ikzaXzd.exe

C:\Windows\System32\NoMIFiW.exe

C:\Windows\System32\NoMIFiW.exe

C:\Windows\System32\rEDRVkc.exe

C:\Windows\System32\rEDRVkc.exe

C:\Windows\System32\JZhGRhx.exe

C:\Windows\System32\JZhGRhx.exe

C:\Windows\System32\hjFrPTZ.exe

C:\Windows\System32\hjFrPTZ.exe

C:\Windows\System32\GJoJSAz.exe

C:\Windows\System32\GJoJSAz.exe

C:\Windows\System32\ZoqAgDw.exe

C:\Windows\System32\ZoqAgDw.exe

C:\Windows\System32\UIrbvnE.exe

C:\Windows\System32\UIrbvnE.exe

C:\Windows\System32\JAEVSoB.exe

C:\Windows\System32\JAEVSoB.exe

C:\Windows\System32\LtPPHIm.exe

C:\Windows\System32\LtPPHIm.exe

C:\Windows\System32\kNWhdqu.exe

C:\Windows\System32\kNWhdqu.exe

C:\Windows\System32\reqhoAG.exe

C:\Windows\System32\reqhoAG.exe

C:\Windows\System32\CgBswdY.exe

C:\Windows\System32\CgBswdY.exe

C:\Windows\System32\kdhEzTX.exe

C:\Windows\System32\kdhEzTX.exe

C:\Windows\System32\pAUFcpm.exe

C:\Windows\System32\pAUFcpm.exe

C:\Windows\System32\EQMCtEI.exe

C:\Windows\System32\EQMCtEI.exe

C:\Windows\System32\GvubJRg.exe

C:\Windows\System32\GvubJRg.exe

C:\Windows\System32\tNAwzDD.exe

C:\Windows\System32\tNAwzDD.exe

C:\Windows\System32\pgzehET.exe

C:\Windows\System32\pgzehET.exe

C:\Windows\System32\IcjpWpF.exe

C:\Windows\System32\IcjpWpF.exe

C:\Windows\System32\YMVMEbf.exe

C:\Windows\System32\YMVMEbf.exe

C:\Windows\System32\PxTGUcV.exe

C:\Windows\System32\PxTGUcV.exe

C:\Windows\System32\fZGKwLi.exe

C:\Windows\System32\fZGKwLi.exe

C:\Windows\System32\SIePeLN.exe

C:\Windows\System32\SIePeLN.exe

C:\Windows\System32\ctfgLDT.exe

C:\Windows\System32\ctfgLDT.exe

C:\Windows\System32\PKlNaDK.exe

C:\Windows\System32\PKlNaDK.exe

C:\Windows\System32\KBNBwch.exe

C:\Windows\System32\KBNBwch.exe

C:\Windows\System32\NuzqKwK.exe

C:\Windows\System32\NuzqKwK.exe

C:\Windows\System32\rjLWKTT.exe

C:\Windows\System32\rjLWKTT.exe

C:\Windows\System32\asZvfdg.exe

C:\Windows\System32\asZvfdg.exe

C:\Windows\System32\EqJiAiV.exe

C:\Windows\System32\EqJiAiV.exe

C:\Windows\System32\wfjOrct.exe

C:\Windows\System32\wfjOrct.exe

C:\Windows\System32\YpFacTC.exe

C:\Windows\System32\YpFacTC.exe

C:\Windows\System32\uHjcOmL.exe

C:\Windows\System32\uHjcOmL.exe

C:\Windows\System32\HvoLenE.exe

C:\Windows\System32\HvoLenE.exe

C:\Windows\System32\rGfKUHb.exe

C:\Windows\System32\rGfKUHb.exe

C:\Windows\System32\csFZKqG.exe

C:\Windows\System32\csFZKqG.exe

C:\Windows\System32\MwWlLjB.exe

C:\Windows\System32\MwWlLjB.exe

C:\Windows\System32\aWZCRdJ.exe

C:\Windows\System32\aWZCRdJ.exe

C:\Windows\System32\gQHRsEY.exe

C:\Windows\System32\gQHRsEY.exe

C:\Windows\System32\CIjIhdU.exe

C:\Windows\System32\CIjIhdU.exe

C:\Windows\System32\frbZwAO.exe

C:\Windows\System32\frbZwAO.exe

C:\Windows\System32\GGJgDit.exe

C:\Windows\System32\GGJgDit.exe

C:\Windows\System32\GXaeqLl.exe

C:\Windows\System32\GXaeqLl.exe

C:\Windows\System32\pNcFcNq.exe

C:\Windows\System32\pNcFcNq.exe

C:\Windows\System32\PuaDUWg.exe

C:\Windows\System32\PuaDUWg.exe

C:\Windows\System32\YSmdkLO.exe

C:\Windows\System32\YSmdkLO.exe

C:\Windows\System32\ZwxrODK.exe

C:\Windows\System32\ZwxrODK.exe

C:\Windows\System32\uBRtKUb.exe

C:\Windows\System32\uBRtKUb.exe

C:\Windows\System32\EXWUsiT.exe

C:\Windows\System32\EXWUsiT.exe

C:\Windows\System32\otGaoqx.exe

C:\Windows\System32\otGaoqx.exe

C:\Windows\System32\TsLqlUJ.exe

C:\Windows\System32\TsLqlUJ.exe

C:\Windows\System32\gfarKWE.exe

C:\Windows\System32\gfarKWE.exe

C:\Windows\System32\gmpLNtN.exe

C:\Windows\System32\gmpLNtN.exe

C:\Windows\System32\DmjVjsT.exe

C:\Windows\System32\DmjVjsT.exe

C:\Windows\System32\leoLxMH.exe

C:\Windows\System32\leoLxMH.exe

C:\Windows\System32\RxdQoiV.exe

C:\Windows\System32\RxdQoiV.exe

C:\Windows\System32\CWynFhm.exe

C:\Windows\System32\CWynFhm.exe

C:\Windows\System32\bHPZwdq.exe

C:\Windows\System32\bHPZwdq.exe

C:\Windows\System32\mROjnmj.exe

C:\Windows\System32\mROjnmj.exe

C:\Windows\System32\ecbMYVK.exe

C:\Windows\System32\ecbMYVK.exe

C:\Windows\System32\bzKFInm.exe

C:\Windows\System32\bzKFInm.exe

C:\Windows\System32\ILuPgos.exe

C:\Windows\System32\ILuPgos.exe

C:\Windows\System32\zVCVcsP.exe

C:\Windows\System32\zVCVcsP.exe

C:\Windows\System32\OQMkiTq.exe

C:\Windows\System32\OQMkiTq.exe

C:\Windows\System32\OBAPmwl.exe

C:\Windows\System32\OBAPmwl.exe

C:\Windows\System32\aDJrQFV.exe

C:\Windows\System32\aDJrQFV.exe

C:\Windows\System32\GrOGsgL.exe

C:\Windows\System32\GrOGsgL.exe

C:\Windows\System32\gYXzNYM.exe

C:\Windows\System32\gYXzNYM.exe

C:\Windows\System32\KFEikit.exe

C:\Windows\System32\KFEikit.exe

C:\Windows\System32\SnDOPfu.exe

C:\Windows\System32\SnDOPfu.exe

C:\Windows\System32\QZXgNOe.exe

C:\Windows\System32\QZXgNOe.exe

C:\Windows\System32\TojnYBA.exe

C:\Windows\System32\TojnYBA.exe

C:\Windows\System32\JLvOPPy.exe

C:\Windows\System32\JLvOPPy.exe

C:\Windows\System32\AsuCyGS.exe

C:\Windows\System32\AsuCyGS.exe

C:\Windows\System32\LxJrhCu.exe

C:\Windows\System32\LxJrhCu.exe

C:\Windows\System32\MNoszzI.exe

C:\Windows\System32\MNoszzI.exe

C:\Windows\System32\ZHuhIgS.exe

C:\Windows\System32\ZHuhIgS.exe

C:\Windows\System32\KATMhTP.exe

C:\Windows\System32\KATMhTP.exe

C:\Windows\System32\zqxSNrO.exe

C:\Windows\System32\zqxSNrO.exe

C:\Windows\System32\pLPtOgW.exe

C:\Windows\System32\pLPtOgW.exe

C:\Windows\System32\QVTJetC.exe

C:\Windows\System32\QVTJetC.exe

C:\Windows\System32\dxoapGH.exe

C:\Windows\System32\dxoapGH.exe

C:\Windows\System32\RmHJTnN.exe

C:\Windows\System32\RmHJTnN.exe

C:\Windows\System32\XEqzqOO.exe

C:\Windows\System32\XEqzqOO.exe

C:\Windows\System32\KdPkJYn.exe

C:\Windows\System32\KdPkJYn.exe

C:\Windows\System32\hEwUsdH.exe

C:\Windows\System32\hEwUsdH.exe

C:\Windows\System32\lslqJHR.exe

C:\Windows\System32\lslqJHR.exe

C:\Windows\System32\HrFWLly.exe

C:\Windows\System32\HrFWLly.exe

C:\Windows\System32\aVcAYds.exe

C:\Windows\System32\aVcAYds.exe

C:\Windows\System32\kIUYEpn.exe

C:\Windows\System32\kIUYEpn.exe

C:\Windows\System32\vzWqFCK.exe

C:\Windows\System32\vzWqFCK.exe

C:\Windows\System32\HpJbkCn.exe

C:\Windows\System32\HpJbkCn.exe

C:\Windows\System32\wYckuXX.exe

C:\Windows\System32\wYckuXX.exe

C:\Windows\System32\TCWenWq.exe

C:\Windows\System32\TCWenWq.exe

C:\Windows\System32\HgAmHjm.exe

C:\Windows\System32\HgAmHjm.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/512-0-0x00007FF6D56A0000-0x00007FF6D5A91000-memory.dmp

memory/512-1-0x000001C4EE6A0000-0x000001C4EE6B0000-memory.dmp

C:\Windows\System32\cTcVByd.exe

MD5 6c62ad9056891370ad49da80713eb315
SHA1 d9ed6d45c8bf7e61933dd72dadbfec1a5c1e00f7
SHA256 8e439ca1054b2d2d86f935860c32800c2c0f552c07512a77b11a0e86b9c101d9
SHA512 144aec1a51ed27b05d7346a241e5880dcddcde496c065d80e8f2ae8007b56963a48870d55588ce38a2e2cd7c6e0878206da21df4012be735caf49238c27970e5

C:\Windows\System32\WLgQvjF.exe

MD5 cd6d4c1cc73434c5a945178f238c54b1
SHA1 a0b5afaf0fa89779c20b32192db2af84405ea3aa
SHA256 7a2908ed2ac6b31e910df12e76dcc40b401a408f5807bfb17b6bb1deb45dd6db
SHA512 d6041930dc1e9f6880975fe178036a5024c28da845f131396fd4018e167d93bac4af54e09487f25bdd400eaf59d747a0241469d9aa520e0de0e0880588279b30

C:\Windows\System32\VQTWPMu.exe

MD5 da3b4836d531128beb0fb54ae762bf2f
SHA1 d3ca9ae5579d2055946acf1762c10fafb4076b9e
SHA256 7d91c3dc4faf4b47aaef512f6b896bf00c19f7a8174ab74f36d0533ca9d21680
SHA512 e9062d6e206037aa8b5cb4e0ac443b8a811b37189840b571daf8042839d88de0e09ba4e84273f77a6b1aa208436d7e0ebf5e41c1a35b81a7b2083f5adc000d8c

C:\Windows\System32\YbMtorS.exe

MD5 5c0bae97ef6545a3ae0c8fa4a433e9b8
SHA1 1cde10f0b91f995dfb3c3218a417d117d418aed6
SHA256 480dea03a5ee3c5a2d4ede1fa89587d855145232e693fb7c58064e07a2bf3cb4
SHA512 93e4d1d4a06980b8246016dc1b4f861b48ba856edb45e2aa7759c3e106e09d4a15f8caee6f8e05dc51e5ad1fb5d7ac279924087f965381b885c350ea2d4f40f0

memory/4412-46-0x00007FF778080000-0x00007FF778471000-memory.dmp

C:\Windows\System32\yHcjHgK.exe

MD5 3dd58e2f0adfe0d589bf438aadb28802
SHA1 9660574407341f5e85135d50ecf605e779332b8a
SHA256 0c759bd90f456d191cf5460122db562db8645958b1d4ef545211aa0829878c4a
SHA512 bdb111327e5750c24191e31e83439ab912360a6cd961e615cc20eb9fe3488847bc75bf9aedf05a2b28db04d1d47464dc3b92440f2ca27ae08f683400f2a7de22

memory/3584-62-0x00007FF70F010000-0x00007FF70F401000-memory.dmp

C:\Windows\System32\JAXbmIr.exe

MD5 88a1e85dfbf2003331c179a3a38bca9b
SHA1 a699e29a39774ed6d47e05663f0fdc558d72bd2c
SHA256 da1db610b93f9a57b30d30b40c0e6d255e1b9f2638ef464022bb749be8fd3689
SHA512 0e1c955d56c6c2e098067b1794152e9eb86b98bdea83aa56206f6b736b5b7048b71ad9d3ed342b89695f96d9dee7271599b1c022edb344de5d77433f75632acc

memory/4164-78-0x00007FF722C90000-0x00007FF723081000-memory.dmp

memory/2876-83-0x00007FF7D1C60000-0x00007FF7D2051000-memory.dmp

C:\Windows\System32\eRTGUwC.exe

MD5 8df814167c96110d03e16406bbc48d20
SHA1 fa9ceb0f4720576add35136efc95d5284ee48927
SHA256 20e14b22a8400e5b44e6a8068cb29c9759af1e4f412c1ad802e681e2fdb17fb9
SHA512 92941fdfe4747f24acd40fae092a8056d5a5e89f9ee4aafd655964cc9570dfeb336beee45b92b08cf0babf0c6fee5d5ad5351e7435d0bbf9bf8d23cb63f23f77

C:\Windows\System32\DdnosZu.exe

MD5 3edf56f63e98aa6892351b391b99162c
SHA1 d4f763e450e7ee6bbf308c0c3195d839a90d4ed2
SHA256 ddf98873d55f1d108dfb0117c0ae15026b855bf8fa780b99fc1c10ba279ebacb
SHA512 0238728195e54d5709eee19f9754d82b2d380853111570662fe8a51d4aa4ac63658eb2ddcb675b640437189375f74c30bad5761e8309f3de9efe4be411145809

C:\Windows\System32\mBFuhcw.exe

MD5 8d127954f79b8747ab0387773f660ae7
SHA1 76b8c124f022eec6bb8ce51e07e437b0aef85f0e
SHA256 23202989ca012992cd66639cb2c6376300e26cb32bc9d04ec34cc7a4a8371c3a
SHA512 33320d2f51c5c3194f736d1a833437681b6debac52980a15ef6d76f9f9459bdf2f8213c53b867777fc15622f7908f38433c77e2a124faa73aa481143aa4b6205

C:\Windows\System32\hFNMIwz.exe

MD5 632c09a28082b467358acc523d754857
SHA1 f3af41c3b561a8682acee1ae3b0e1095679bd9ac
SHA256 b127acc1a3995babb05c0af78b7594af0eb8bc8663809f1b9f0c8c2ec5aa8e83
SHA512 de0951f2fb3887487be317dd15721130104e17159aa30d597f8fe1d30c8f57bb8168a374a15e4de671bae576a96b3195efd8f660f26c9e58da86bc3f387f053c

memory/3296-345-0x00007FF7D3F70000-0x00007FF7D4361000-memory.dmp

memory/4432-348-0x00007FF6409A0000-0x00007FF640D91000-memory.dmp

memory/688-349-0x00007FF6E70E0000-0x00007FF6E74D1000-memory.dmp

memory/4808-347-0x00007FF712A70000-0x00007FF712E61000-memory.dmp

memory/1504-351-0x00007FF7E7360000-0x00007FF7E7751000-memory.dmp

memory/1772-353-0x00007FF7C67F0000-0x00007FF7C6BE1000-memory.dmp

memory/2556-352-0x00007FF6ADD30000-0x00007FF6AE121000-memory.dmp

memory/1544-350-0x00007FF71E570000-0x00007FF71E961000-memory.dmp

memory/2396-346-0x00007FF71B980000-0x00007FF71BD71000-memory.dmp

memory/924-344-0x00007FF669F50000-0x00007FF66A341000-memory.dmp

memory/512-1966-0x00007FF6D56A0000-0x00007FF6D5A91000-memory.dmp

memory/1964-1968-0x00007FF74F0A0000-0x00007FF74F491000-memory.dmp

memory/2348-1967-0x00007FF7ADAD0000-0x00007FF7ADEC1000-memory.dmp

memory/3864-1969-0x00007FF621370000-0x00007FF621761000-memory.dmp

memory/2876-1972-0x00007FF7D1C60000-0x00007FF7D2051000-memory.dmp

C:\Windows\System32\KUSBnBq.exe

MD5 e939cbbcc0610872f372cc79dcdcd513
SHA1 51bd1f9878e0fef74d7ee614094681f327a6cd8e
SHA256 74227de78ba1d6331ed37406278d7ee55780e723046676b6ec32befe659551c2
SHA512 a9d87d9470418efaad758de8498428dfc1a0e3e4cbaf3bf277f74e6472a23e8ed579160bc887ffa10853db30003e19cd241919b7a6c4a015e0815e05aa3ff22a

C:\Windows\System32\GVmdjXE.exe

MD5 3bbf777b0614342fa7a083b0aabed540
SHA1 e50a43d83692795d2c618dffe411ef3ea970e585
SHA256 42bfc316c8ac0b362c2c2511888ee4b5a506cd06e345630ac883ac28b720f240
SHA512 da132d094e0795ffbfa0466ed7c07e1ad22894588459afac7121db02eb4e674b742e2c79e59552cdd64a9eae1b27551db0dd46fdf72e84b9476e0788aacf52ee

C:\Windows\System32\nwmbVho.exe

MD5 74717bf2f1c2c45b23f530e4cad5890d
SHA1 f4818923ae941ac7d8702bdd5b1497e92fd7d329
SHA256 351a83b5d5c97cd3b05360b57ccb968f8d7f1ee1a4b8f50971800ab1fec8017a
SHA512 7a9f8dba7fa5954bcf02200501525227a04f6e3c8e039612f013d41cef7fa363c3ccf2b71d3b62f06687764b6de95ad5b57852277a983c189a1bc6728d193e60

C:\Windows\System32\GwtnAxv.exe

MD5 9513e720952b53415f5e4a6471857435
SHA1 473a6eddcbdfc1cd2b80b368b4c677cbd3bdf94c
SHA256 aa2c0589c81455d0a2fbc3fd597527ee2e55940e1c8bb87303eb7b53902d78ac
SHA512 9726ae4633c83aa351a9dcec6407e4577a4bc11a4b50d56bc03ed0dd81b6dbd9834c55e8514654f2a71a6b284bf08f56d327460b51b1d69f523c7103724ee8f0

C:\Windows\System32\CkMYezR.exe

MD5 6bda9287dc989ae9b57c18955ecec944
SHA1 2d314b897438c99b4b4e8a4b8e8a871899501dd4
SHA256 f4ee69caa40ea7d9c41788f110da74733f21d913a9054074785ff766799094b3
SHA512 5d84af931480149f147dbea78121f3e79759a10b92e3cb9c673f11af2842164facabe94f21ca57270c6e6ef4e326f3b66f0e26439410632f57f96f2570836239

C:\Windows\System32\rqwOKAk.exe

MD5 0354548b85964f1a2386c53e381ac317
SHA1 91705227a6fede891762816169d204b452a23e44
SHA256 d0bffd97818cce8a13e94dcec1a6ddacee57edeee1ecb3d64a7a26b804425e1c
SHA512 5bd6273cd36402e85461c62e8a3c77f8b163ac6f6bd179e83ebafe231f5256f7aaaa4113d5ee048d00d8182f6b2e4a7c871055a2f7a247692af7f7a62b359585

C:\Windows\System32\yGxzFFU.exe

MD5 1d55539bdc5fda7d26e759b4127bcf04
SHA1 dc73adf694f4fc49b7addd088f10bf5c2f386a43
SHA256 4204b3b69eef04a9fd5271eab0da438633dc70f19ce92938e05e69d9564ec2af
SHA512 3d751f90894128fd18ab352a307e6cff9a8b7cc8e3eea9e00cc4552ca46efc6bb4b87cc29fd3f6c78754bb6135187e46dab01e6ca1ea9954484abaaa8986b0dc

C:\Windows\System32\eDByXsa.exe

MD5 be39131e396a406267d80fd7e038d749
SHA1 6136918db30cd316487e779e5492d53b4b9d1809
SHA256 7cda4afe2614faf2451767f4617eb685105638f46478bacc9336cafeb125877a
SHA512 193a984828c0698b019e0ced215ad31b57af13f30693aaec582ec830fb639250454c5ed95843bf5faedeaf0c00c5ea231f8c7ec68df90925854bc97e51d964e0

C:\Windows\System32\kgbdnhI.exe

MD5 04399be67a3ad545c01dd06ffbbee24a
SHA1 76ff89b4d24ba8208f1aede7a8c0efdc5348bb23
SHA256 139d5f15f3bf8be6f31a966a30c63d8b38edfd5285b6ae1c63256a9a227f2d2c
SHA512 b32e464ca8a88845eae1722401156512c2ff4c3a71748cc42fc1ef0a9264a54793ca040ad38646ef43dc1d871452fdb2743a1117386e0dd1daec8f56b16a6c30

C:\Windows\System32\YKeAeRk.exe

MD5 710bf2a010a2346e47276e882598d280
SHA1 1e8888166f501ff98ac73a421d243f5e68583be5
SHA256 4e3265effabcefc740c1a2044cd1435b1199d1d047fb3264862e006a304f223f
SHA512 fa018269140ce8a1de3c72c0b6c34dcb5a5dfda350fa522bfb017ae3ceac842663c6bef5068650bb761c65065a05f60d689dc73dce14cdc69c2064a4f4485b1f

C:\Windows\System32\rSmovkN.exe

MD5 5a3ed6afb08f8f49a473eaedb5f46a4b
SHA1 43ea21cbbcf50e609d288a26a9a767b4ad1eb3cf
SHA256 d2398cf9a389a84bb9581a25becddd1152b1e11aa9db060a4a616f1ed4af0d58
SHA512 51f3e519e5fc8f86965d050cc1e117ac04b87470a8115c76c05c271bb401bd7ca5f847557504abb73f8fe0c5693be18242031f4cca77bec60ac114745e171e21

C:\Windows\System32\iTUCJBx.exe

MD5 ab163a0343ed4b7bcea3e78621c4b298
SHA1 fb7dce0fda6ea4a41d258e9873c87208f5c469c1
SHA256 d7391d1847598108f3b476c27dc013875f8b98a756612894de06fa37e3460fbc
SHA512 c69b696bcf05f5f9d1d16df537d877c9a69da46e1670040183257f3c458ca1b92a16d8e035472eaed2953eb8dc5e4f286f2e57a2906b499f99ef73e57d884975

C:\Windows\System32\tFJIJlz.exe

MD5 c39a1773e15899cdcb37ba55b7962872
SHA1 74ba015847c465b7b37e18ace12f35117c7e7f86
SHA256 5b3c10403a452d01f796eced8e4c56fcd4b017ea0d9f4a06b2b36676aebc9e8c
SHA512 53ff4701a8d139c41d83de115ed0b59533f26801ac5ebbf9cde09592a8dbc98c73790dee10dd6e0fc5766793a1eeac6165575ccb93b04be901f7d3b18cf55beb

C:\Windows\System32\ydysmSB.exe

MD5 33b2df5a37224f9f15c7ded91ad19ab5
SHA1 23b8b28ebda111d1877756d8750e20a9aa1dacfa
SHA256 17439b51b9612db5b898a3a7a767f31a9cd6ffad7bb50094ea337915ec319643
SHA512 57e39a2479f05701d72c9002dcd9947b0a15cf4d417c7bf95e46792efb78519d0968f7d8df7ac32401aeeb32e4434706cde19ac8bc9896f289ce1575dd242e00

C:\Windows\System32\oWtMPMK.exe

MD5 81b608e9eca2d8fefe483279e8b98a21
SHA1 ed6209c27024e93f38d221d4cf039fa3427a9e7f
SHA256 b3863cfa65f5fbb55ae554428a39deab9b2eda90527bb38d5c8dc6c112f082b3
SHA512 d546bd74862027a93da4ff12fed53afdb95f5d474a69affcd65ab440dc40c61d693b58ea464ea8adade54f787a681d7a7ff99e0396ae46054c17cf7eca12de44

memory/4512-85-0x00007FF6CA100000-0x00007FF6CA4F1000-memory.dmp

memory/4772-76-0x00007FF7FC5A0000-0x00007FF7FC991000-memory.dmp

memory/1448-75-0x00007FF69FA60000-0x00007FF69FE51000-memory.dmp

memory/3620-72-0x00007FF6B5D30000-0x00007FF6B6121000-memory.dmp

C:\Windows\System32\yzTdZyW.exe

MD5 3cf942752892ffcec3b3aaea7d9180bb
SHA1 c13d27964ada91f18ba56fa467b9b3db7bf6f99e
SHA256 bf5ceb311f9206ec6046efdaca6b73b0dffdd00551cd34abf0f464e1d4fc419e
SHA512 fea2814f192df1d6c1a7566a09d678409b7a8f2882658ac82b3cad2ebd73404bd2c2835bc504f5b35fc205dd3a3bfa1d2085dafb633c13d0a5c2dfd8168717fb

memory/3864-68-0x00007FF621370000-0x00007FF621761000-memory.dmp

memory/1636-67-0x00007FF736620000-0x00007FF736A11000-memory.dmp

memory/2064-66-0x00007FF7520E0000-0x00007FF7524D1000-memory.dmp

C:\Windows\System32\oZLbfTk.exe

MD5 b1ce2a4a7f00f60c5d1d15a14f718bab
SHA1 f774c148586d1701b8f0658874a7b7bdae052c12
SHA256 14293f27e798c83ccb337ceab7cbb3dcc19b5e09b0fc5f7a353a578d212e22c6
SHA512 986e0447456725b0f264e0cebd6119b5b6be61b5f73745d13f9a6c2f5e6e8263932d695e869280fc69c1768adf4b5f5d20ad226fe0f464c373dd424c1a0541c9

C:\Windows\System32\cWwxFCj.exe

MD5 f9a8a8f42d5f268c7e599c2284c91193
SHA1 6dadcffa6446d6eaaf28e1f2b05144553c8c0bc4
SHA256 40870349a910f7dd2e62ad6b7fe2715219ff73ea1a48af113f9eda3b5acc7970
SHA512 8b2c323928efad10e1ae18b83e6203c41097fe2cb5f6aec889589860be6dea0a51d3e5dbc8e64520d4016ea03c8ddd0c6f0d433e34b8763deb73f801655d725c

C:\Windows\System32\IqAWmNV.exe

MD5 618ac82b1e4a5ae436f6d2ef1ad95452
SHA1 4cdcfc31f3a964c10ebddb91b7c58904f671669f
SHA256 725afccd150a5f358615227728eed42b16f762ade30ee7d5523457e4d7d70d99
SHA512 e4b4db7447fd79e208eea5f40f615502f991ab1939d84ef5715f29f0a62ef5ed5055f6ea46aafadabf4d49d8072e88c4fb9085cf9b2fe1be88f0f1248d600d37

memory/1964-37-0x00007FF74F0A0000-0x00007FF74F491000-memory.dmp

C:\Windows\System32\ojoLLnW.exe

MD5 f4b036e012c91d1d5d0d85ebd37063cc
SHA1 23a295edd3111f20b241794c43f42e14d8945f7f
SHA256 7868652e399bec351a80c07658e7be4711b8695612eecea84ed4d49d0d693d09
SHA512 5a6fdfef6a253fa83b389ad42b4625cddfedc2442dde02ca75916b44d39658977f3a41df3068eb9f60ae2077e9a5768c929d4e5f5f5cee4cdf5d9d1450bcea87

C:\Windows\System32\gLTjkyP.exe

MD5 4464e7990c62c7f9ee6d4b80c3f505f7
SHA1 d6a9d7475eea69701cf0e4e76cf2ae12e409d31c
SHA256 c8d6a24e0b59d7b73b5ca376322c7ced3985175d47f30f28722c188ff5da2284
SHA512 b33a481e53b9c9468323787413ee317d97a254d873be1cf5a006c2bce41e74d339f682d3cf4b08fc6bade4a4eca397e921a93d33f2753101cfb1751bebee98cb

memory/2348-29-0x00007FF7ADAD0000-0x00007FF7ADEC1000-memory.dmp

C:\Windows\System32\PRYPoXb.exe

MD5 54b65aaa4f1436515be0fd32aa13a8ba
SHA1 095331d436c3bfd6b5146ba54c1a267340469e3f
SHA256 2daa54ab7191b3ce73abdb65895c34f4841768fc53f9ac87f17cf4ef244a3f6b
SHA512 c21a3ec352b1f635bb1291c76ee00bb1cbd1b7264b68a5fe149ddca30dddcf4b8bfea48de27e4d29ce0bc15f98e8b5bf9933a2e4c9aa9b64da5967d1baa101eb

memory/3904-9-0x00007FF6A75A0000-0x00007FF6A7991000-memory.dmp

memory/4512-2003-0x00007FF6CA100000-0x00007FF6CA4F1000-memory.dmp

memory/512-2005-0x00007FF6D56A0000-0x00007FF6D5A91000-memory.dmp

memory/3904-2023-0x00007FF6A75A0000-0x00007FF6A7991000-memory.dmp

memory/2348-2025-0x00007FF7ADAD0000-0x00007FF7ADEC1000-memory.dmp

memory/4412-2027-0x00007FF778080000-0x00007FF778471000-memory.dmp

memory/3584-2030-0x00007FF70F010000-0x00007FF70F401000-memory.dmp

memory/1448-2033-0x00007FF69FA60000-0x00007FF69FE51000-memory.dmp

memory/4772-2035-0x00007FF7FC5A0000-0x00007FF7FC991000-memory.dmp

memory/1964-2031-0x00007FF74F0A0000-0x00007FF74F491000-memory.dmp

memory/3620-2037-0x00007FF6B5D30000-0x00007FF6B6121000-memory.dmp

memory/1636-2042-0x00007FF736620000-0x00007FF736A11000-memory.dmp

memory/4164-2043-0x00007FF722C90000-0x00007FF723081000-memory.dmp

memory/3864-2045-0x00007FF621370000-0x00007FF621761000-memory.dmp

memory/2064-2039-0x00007FF7520E0000-0x00007FF7524D1000-memory.dmp

memory/2876-2047-0x00007FF7D1C60000-0x00007FF7D2051000-memory.dmp

memory/924-2056-0x00007FF669F50000-0x00007FF66A341000-memory.dmp

memory/4808-2054-0x00007FF712A70000-0x00007FF712E61000-memory.dmp

memory/688-2061-0x00007FF6E70E0000-0x00007FF6E74D1000-memory.dmp

memory/1504-2064-0x00007FF7E7360000-0x00007FF7E7751000-memory.dmp

memory/2556-2066-0x00007FF6ADD30000-0x00007FF6AE121000-memory.dmp

memory/1772-2068-0x00007FF7C67F0000-0x00007FF7C6BE1000-memory.dmp

memory/1544-2062-0x00007FF71E570000-0x00007FF71E961000-memory.dmp

memory/3296-2059-0x00007FF7D3F70000-0x00007FF7D4361000-memory.dmp

memory/4432-2052-0x00007FF6409A0000-0x00007FF640D91000-memory.dmp

memory/2396-2051-0x00007FF71B980000-0x00007FF71BD71000-memory.dmp

memory/4512-2286-0x00007FF6CA100000-0x00007FF6CA4F1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MS6XK32D\microsoft.windows[1].xml

MD5 7f3bec2ea3dd9544194bf0f38222acbf
SHA1 a02fd5379f0f96d29272716f6b91e4cdd06f5fd7
SHA256 fe71b3f76715a00a50e647221b24d0591ffed9b384f078c7dddbadcbaf8a1ce9
SHA512 eac9b0d373aeabc3c8b554d82ee123d90ef61fa4186291f1c41412237bdb725da79d1fc2adda0547e0c1936f535cdd458a166e134ce535e9450060ce7c5b36eb