Malware Analysis Report

2025-01-06 18:43

Sample ID 240527-ws3kfacg3y
Target 08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe
SHA256 3e790ff451fd359d9425cbc965f5e9d40ca42c2015dde211dafe4c6f255eb946
Tags
upx miner xmrig persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3e790ff451fd359d9425cbc965f5e9d40ca42c2015dde211dafe4c6f255eb946

Threat Level: Known bad

The file 08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig persistence

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Modifies Installed Components in the registry

UPX packed file

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in Windows directory

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 18:11

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 18:11

Reported

2024-05-27 18:14

Platform

win7-20240508-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\vhTkYJg.exe N/A
N/A N/A C:\Windows\System\DIOzawn.exe N/A
N/A N/A C:\Windows\System\otCoPDI.exe N/A
N/A N/A C:\Windows\System\amjtmIx.exe N/A
N/A N/A C:\Windows\System\yhEVafw.exe N/A
N/A N/A C:\Windows\System\mAxqQvc.exe N/A
N/A N/A C:\Windows\System\oEWyesv.exe N/A
N/A N/A C:\Windows\System\uBxhOGj.exe N/A
N/A N/A C:\Windows\System\bYXHula.exe N/A
N/A N/A C:\Windows\System\JZLgyuw.exe N/A
N/A N/A C:\Windows\System\fQZAsnD.exe N/A
N/A N/A C:\Windows\System\IZhizqb.exe N/A
N/A N/A C:\Windows\System\fqRBTWB.exe N/A
N/A N/A C:\Windows\System\SSJVrvq.exe N/A
N/A N/A C:\Windows\System\GbVKbAP.exe N/A
N/A N/A C:\Windows\System\wxQPFvs.exe N/A
N/A N/A C:\Windows\System\dtjXcyn.exe N/A
N/A N/A C:\Windows\System\tNKNfTO.exe N/A
N/A N/A C:\Windows\System\BzWQiCF.exe N/A
N/A N/A C:\Windows\System\XduYvmc.exe N/A
N/A N/A C:\Windows\System\LYkkhRH.exe N/A
N/A N/A C:\Windows\System\OzDNUaJ.exe N/A
N/A N/A C:\Windows\System\xzLcbxn.exe N/A
N/A N/A C:\Windows\System\yYHcqGK.exe N/A
N/A N/A C:\Windows\System\lpliwQz.exe N/A
N/A N/A C:\Windows\System\JybPddm.exe N/A
N/A N/A C:\Windows\System\vtvqjqG.exe N/A
N/A N/A C:\Windows\System\XSZbJlC.exe N/A
N/A N/A C:\Windows\System\bUrryhZ.exe N/A
N/A N/A C:\Windows\System\xgDUUDk.exe N/A
N/A N/A C:\Windows\System\CCEZuzM.exe N/A
N/A N/A C:\Windows\System\GZKdMfs.exe N/A
N/A N/A C:\Windows\System\vTyDapl.exe N/A
N/A N/A C:\Windows\System\iHhMXWY.exe N/A
N/A N/A C:\Windows\System\EHSrXwP.exe N/A
N/A N/A C:\Windows\System\NWQvZCJ.exe N/A
N/A N/A C:\Windows\System\KcZfJgL.exe N/A
N/A N/A C:\Windows\System\dOHUHub.exe N/A
N/A N/A C:\Windows\System\cvXSOPc.exe N/A
N/A N/A C:\Windows\System\qFbARNE.exe N/A
N/A N/A C:\Windows\System\iPLdMFh.exe N/A
N/A N/A C:\Windows\System\EaxreYq.exe N/A
N/A N/A C:\Windows\System\ZMGroeN.exe N/A
N/A N/A C:\Windows\System\kWGitAh.exe N/A
N/A N/A C:\Windows\System\rwDHdQR.exe N/A
N/A N/A C:\Windows\System\QOFDiDA.exe N/A
N/A N/A C:\Windows\System\wYYjbVS.exe N/A
N/A N/A C:\Windows\System\OlhhBFp.exe N/A
N/A N/A C:\Windows\System\kxESSMu.exe N/A
N/A N/A C:\Windows\System\VnOMasj.exe N/A
N/A N/A C:\Windows\System\DefMFvq.exe N/A
N/A N/A C:\Windows\System\UZSXWBP.exe N/A
N/A N/A C:\Windows\System\gjjDhLy.exe N/A
N/A N/A C:\Windows\System\wusbOqY.exe N/A
N/A N/A C:\Windows\System\maXgKCc.exe N/A
N/A N/A C:\Windows\System\mjPKmgt.exe N/A
N/A N/A C:\Windows\System\xCjtgNA.exe N/A
N/A N/A C:\Windows\System\GvtCsiC.exe N/A
N/A N/A C:\Windows\System\oKMqQYJ.exe N/A
N/A N/A C:\Windows\System\bJKpLqY.exe N/A
N/A N/A C:\Windows\System\VAFKdMI.exe N/A
N/A N/A C:\Windows\System\izbGpxD.exe N/A
N/A N/A C:\Windows\System\TlUpiiX.exe N/A
N/A N/A C:\Windows\System\lckaqBZ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\GBrPlzY.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BHwTBhG.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ntgAXfu.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uoYWghy.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\niMOgzZ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xoTDVaG.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uQhDGtw.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uoSHIFv.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tgypfaT.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fhMqmub.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YdoBEnJ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AwZgFYV.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SsxZmNN.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wctMQVy.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjxsyyQ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jmULKIs.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXGoQEi.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWMQIEy.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LwFbSTK.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uNBwNvC.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Qbcflta.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\COaAfTx.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhzoTjO.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OzDNUaJ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uZwSrvE.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vslmeRd.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jRfvKWZ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPFRVQm.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QGwQCRn.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vlQIasu.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JLxwMWR.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKNGpdo.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sGjLWqK.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CdDUtEb.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\THIABLk.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQJInNV.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PySAmhZ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mEpDZIj.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JotgVOP.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JqTmQkI.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RTqgrcr.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vvXQvMD.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Obczbbs.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\orjbODe.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TDQzvor.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aZwaKuu.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sshjVnB.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vuVTLSJ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QLPZnHt.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PKATOuA.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MmHfmSN.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WWXJimd.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLJmqVk.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JJDDCLz.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZPowSJB.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxjHPsg.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\riFtBiY.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\okVzKJH.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QbadZFl.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PobJckA.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nbIvifP.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BPPgrVl.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQBcHfS.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KkArvHW.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1916 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\vhTkYJg.exe
PID 1916 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\vhTkYJg.exe
PID 1916 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\vhTkYJg.exe
PID 1916 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\DIOzawn.exe
PID 1916 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\DIOzawn.exe
PID 1916 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\DIOzawn.exe
PID 1916 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\oEWyesv.exe
PID 1916 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\oEWyesv.exe
PID 1916 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\oEWyesv.exe
PID 1916 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\otCoPDI.exe
PID 1916 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\otCoPDI.exe
PID 1916 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\otCoPDI.exe
PID 1916 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\JZLgyuw.exe
PID 1916 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\JZLgyuw.exe
PID 1916 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\JZLgyuw.exe
PID 1916 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\amjtmIx.exe
PID 1916 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\amjtmIx.exe
PID 1916 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\amjtmIx.exe
PID 1916 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fQZAsnD.exe
PID 1916 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fQZAsnD.exe
PID 1916 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fQZAsnD.exe
PID 1916 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\yhEVafw.exe
PID 1916 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\yhEVafw.exe
PID 1916 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\yhEVafw.exe
PID 1916 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\IZhizqb.exe
PID 1916 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\IZhizqb.exe
PID 1916 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\IZhizqb.exe
PID 1916 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\mAxqQvc.exe
PID 1916 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\mAxqQvc.exe
PID 1916 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\mAxqQvc.exe
PID 1916 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fqRBTWB.exe
PID 1916 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fqRBTWB.exe
PID 1916 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fqRBTWB.exe
PID 1916 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\uBxhOGj.exe
PID 1916 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\uBxhOGj.exe
PID 1916 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\uBxhOGj.exe
PID 1916 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\SSJVrvq.exe
PID 1916 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\SSJVrvq.exe
PID 1916 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\SSJVrvq.exe
PID 1916 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\bYXHula.exe
PID 1916 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\bYXHula.exe
PID 1916 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\bYXHula.exe
PID 1916 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\GbVKbAP.exe
PID 1916 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\GbVKbAP.exe
PID 1916 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\GbVKbAP.exe
PID 1916 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\wxQPFvs.exe
PID 1916 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\wxQPFvs.exe
PID 1916 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\wxQPFvs.exe
PID 1916 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\dtjXcyn.exe
PID 1916 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\dtjXcyn.exe
PID 1916 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\dtjXcyn.exe
PID 1916 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\tNKNfTO.exe
PID 1916 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\tNKNfTO.exe
PID 1916 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\tNKNfTO.exe
PID 1916 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\BzWQiCF.exe
PID 1916 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\BzWQiCF.exe
PID 1916 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\BzWQiCF.exe
PID 1916 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\XduYvmc.exe
PID 1916 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\XduYvmc.exe
PID 1916 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\XduYvmc.exe
PID 1916 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\LYkkhRH.exe
PID 1916 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\LYkkhRH.exe
PID 1916 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\LYkkhRH.exe
PID 1916 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\OzDNUaJ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe"

C:\Windows\System\vhTkYJg.exe

C:\Windows\System\vhTkYJg.exe

C:\Windows\System\DIOzawn.exe

C:\Windows\System\DIOzawn.exe

C:\Windows\System\oEWyesv.exe

C:\Windows\System\oEWyesv.exe

C:\Windows\System\otCoPDI.exe

C:\Windows\System\otCoPDI.exe

C:\Windows\System\JZLgyuw.exe

C:\Windows\System\JZLgyuw.exe

C:\Windows\System\amjtmIx.exe

C:\Windows\System\amjtmIx.exe

C:\Windows\System\fQZAsnD.exe

C:\Windows\System\fQZAsnD.exe

C:\Windows\System\yhEVafw.exe

C:\Windows\System\yhEVafw.exe

C:\Windows\System\IZhizqb.exe

C:\Windows\System\IZhizqb.exe

C:\Windows\System\mAxqQvc.exe

C:\Windows\System\mAxqQvc.exe

C:\Windows\System\fqRBTWB.exe

C:\Windows\System\fqRBTWB.exe

C:\Windows\System\uBxhOGj.exe

C:\Windows\System\uBxhOGj.exe

C:\Windows\System\SSJVrvq.exe

C:\Windows\System\SSJVrvq.exe

C:\Windows\System\bYXHula.exe

C:\Windows\System\bYXHula.exe

C:\Windows\System\GbVKbAP.exe

C:\Windows\System\GbVKbAP.exe

C:\Windows\System\wxQPFvs.exe

C:\Windows\System\wxQPFvs.exe

C:\Windows\System\dtjXcyn.exe

C:\Windows\System\dtjXcyn.exe

C:\Windows\System\tNKNfTO.exe

C:\Windows\System\tNKNfTO.exe

C:\Windows\System\BzWQiCF.exe

C:\Windows\System\BzWQiCF.exe

C:\Windows\System\XduYvmc.exe

C:\Windows\System\XduYvmc.exe

C:\Windows\System\LYkkhRH.exe

C:\Windows\System\LYkkhRH.exe

C:\Windows\System\OzDNUaJ.exe

C:\Windows\System\OzDNUaJ.exe

C:\Windows\System\xzLcbxn.exe

C:\Windows\System\xzLcbxn.exe

C:\Windows\System\yYHcqGK.exe

C:\Windows\System\yYHcqGK.exe

C:\Windows\System\lpliwQz.exe

C:\Windows\System\lpliwQz.exe

C:\Windows\System\JybPddm.exe

C:\Windows\System\JybPddm.exe

C:\Windows\System\vtvqjqG.exe

C:\Windows\System\vtvqjqG.exe

C:\Windows\System\XSZbJlC.exe

C:\Windows\System\XSZbJlC.exe

C:\Windows\System\bUrryhZ.exe

C:\Windows\System\bUrryhZ.exe

C:\Windows\System\xgDUUDk.exe

C:\Windows\System\xgDUUDk.exe

C:\Windows\System\CCEZuzM.exe

C:\Windows\System\CCEZuzM.exe

C:\Windows\System\GZKdMfs.exe

C:\Windows\System\GZKdMfs.exe

C:\Windows\System\vTyDapl.exe

C:\Windows\System\vTyDapl.exe

C:\Windows\System\iHhMXWY.exe

C:\Windows\System\iHhMXWY.exe

C:\Windows\System\EHSrXwP.exe

C:\Windows\System\EHSrXwP.exe

C:\Windows\System\NWQvZCJ.exe

C:\Windows\System\NWQvZCJ.exe

C:\Windows\System\KcZfJgL.exe

C:\Windows\System\KcZfJgL.exe

C:\Windows\System\dOHUHub.exe

C:\Windows\System\dOHUHub.exe

C:\Windows\System\cvXSOPc.exe

C:\Windows\System\cvXSOPc.exe

C:\Windows\System\qFbARNE.exe

C:\Windows\System\qFbARNE.exe

C:\Windows\System\iPLdMFh.exe

C:\Windows\System\iPLdMFh.exe

C:\Windows\System\EaxreYq.exe

C:\Windows\System\EaxreYq.exe

C:\Windows\System\ZMGroeN.exe

C:\Windows\System\ZMGroeN.exe

C:\Windows\System\kWGitAh.exe

C:\Windows\System\kWGitAh.exe

C:\Windows\System\rwDHdQR.exe

C:\Windows\System\rwDHdQR.exe

C:\Windows\System\QOFDiDA.exe

C:\Windows\System\QOFDiDA.exe

C:\Windows\System\wYYjbVS.exe

C:\Windows\System\wYYjbVS.exe

C:\Windows\System\OlhhBFp.exe

C:\Windows\System\OlhhBFp.exe

C:\Windows\System\kxESSMu.exe

C:\Windows\System\kxESSMu.exe

C:\Windows\System\VnOMasj.exe

C:\Windows\System\VnOMasj.exe

C:\Windows\System\DefMFvq.exe

C:\Windows\System\DefMFvq.exe

C:\Windows\System\UZSXWBP.exe

C:\Windows\System\UZSXWBP.exe

C:\Windows\System\gjjDhLy.exe

C:\Windows\System\gjjDhLy.exe

C:\Windows\System\wusbOqY.exe

C:\Windows\System\wusbOqY.exe

C:\Windows\System\maXgKCc.exe

C:\Windows\System\maXgKCc.exe

C:\Windows\System\mjPKmgt.exe

C:\Windows\System\mjPKmgt.exe

C:\Windows\System\xCjtgNA.exe

C:\Windows\System\xCjtgNA.exe

C:\Windows\System\GvtCsiC.exe

C:\Windows\System\GvtCsiC.exe

C:\Windows\System\oKMqQYJ.exe

C:\Windows\System\oKMqQYJ.exe

C:\Windows\System\bJKpLqY.exe

C:\Windows\System\bJKpLqY.exe

C:\Windows\System\VAFKdMI.exe

C:\Windows\System\VAFKdMI.exe

C:\Windows\System\izbGpxD.exe

C:\Windows\System\izbGpxD.exe

C:\Windows\System\TlUpiiX.exe

C:\Windows\System\TlUpiiX.exe

C:\Windows\System\lckaqBZ.exe

C:\Windows\System\lckaqBZ.exe

C:\Windows\System\SKxeCqB.exe

C:\Windows\System\SKxeCqB.exe

C:\Windows\System\DZeSMjv.exe

C:\Windows\System\DZeSMjv.exe

C:\Windows\System\ScIhooH.exe

C:\Windows\System\ScIhooH.exe

C:\Windows\System\tohmQTZ.exe

C:\Windows\System\tohmQTZ.exe

C:\Windows\System\AUlMLTD.exe

C:\Windows\System\AUlMLTD.exe

C:\Windows\System\PgTOShH.exe

C:\Windows\System\PgTOShH.exe

C:\Windows\System\gioftBe.exe

C:\Windows\System\gioftBe.exe

C:\Windows\System\lxSruUv.exe

C:\Windows\System\lxSruUv.exe

C:\Windows\System\hYROMSO.exe

C:\Windows\System\hYROMSO.exe

C:\Windows\System\ZLIJyht.exe

C:\Windows\System\ZLIJyht.exe

C:\Windows\System\EqEddui.exe

C:\Windows\System\EqEddui.exe

C:\Windows\System\MnmGxuR.exe

C:\Windows\System\MnmGxuR.exe

C:\Windows\System\mwzaPLJ.exe

C:\Windows\System\mwzaPLJ.exe

C:\Windows\System\NfgZkjF.exe

C:\Windows\System\NfgZkjF.exe

C:\Windows\System\klhKmql.exe

C:\Windows\System\klhKmql.exe

C:\Windows\System\PnxtvXh.exe

C:\Windows\System\PnxtvXh.exe

C:\Windows\System\pcSvlmE.exe

C:\Windows\System\pcSvlmE.exe

C:\Windows\System\gciqXCk.exe

C:\Windows\System\gciqXCk.exe

C:\Windows\System\kMZvvcO.exe

C:\Windows\System\kMZvvcO.exe

C:\Windows\System\DQpWpYP.exe

C:\Windows\System\DQpWpYP.exe

C:\Windows\System\kVVVqor.exe

C:\Windows\System\kVVVqor.exe

C:\Windows\System\UocPbmr.exe

C:\Windows\System\UocPbmr.exe

C:\Windows\System\IwwGxfh.exe

C:\Windows\System\IwwGxfh.exe

C:\Windows\System\UnhNHvO.exe

C:\Windows\System\UnhNHvO.exe

C:\Windows\System\HbDUpjW.exe

C:\Windows\System\HbDUpjW.exe

C:\Windows\System\QdpBawW.exe

C:\Windows\System\QdpBawW.exe

C:\Windows\System\cqnhzaK.exe

C:\Windows\System\cqnhzaK.exe

C:\Windows\System\XHogAeJ.exe

C:\Windows\System\XHogAeJ.exe

C:\Windows\System\qRIBrEh.exe

C:\Windows\System\qRIBrEh.exe

C:\Windows\System\RTqgrcr.exe

C:\Windows\System\RTqgrcr.exe

C:\Windows\System\MqUKEgt.exe

C:\Windows\System\MqUKEgt.exe

C:\Windows\System\INGUrxq.exe

C:\Windows\System\INGUrxq.exe

C:\Windows\System\dXDagmk.exe

C:\Windows\System\dXDagmk.exe

C:\Windows\System\yASeeXe.exe

C:\Windows\System\yASeeXe.exe

C:\Windows\System\SsxZmNN.exe

C:\Windows\System\SsxZmNN.exe

C:\Windows\System\FvjPRjr.exe

C:\Windows\System\FvjPRjr.exe

C:\Windows\System\WtCEEre.exe

C:\Windows\System\WtCEEre.exe

C:\Windows\System\RjHqHGC.exe

C:\Windows\System\RjHqHGC.exe

C:\Windows\System\rVwNaTx.exe

C:\Windows\System\rVwNaTx.exe

C:\Windows\System\xNWpiog.exe

C:\Windows\System\xNWpiog.exe

C:\Windows\System\gnkEwCi.exe

C:\Windows\System\gnkEwCi.exe

C:\Windows\System\hruykxX.exe

C:\Windows\System\hruykxX.exe

C:\Windows\System\oOUAGYq.exe

C:\Windows\System\oOUAGYq.exe

C:\Windows\System\nkBCqOK.exe

C:\Windows\System\nkBCqOK.exe

C:\Windows\System\XOGuFst.exe

C:\Windows\System\XOGuFst.exe

C:\Windows\System\XOowamF.exe

C:\Windows\System\XOowamF.exe

C:\Windows\System\RJHfNjE.exe

C:\Windows\System\RJHfNjE.exe

C:\Windows\System\IVcLOoO.exe

C:\Windows\System\IVcLOoO.exe

C:\Windows\System\bvpTnML.exe

C:\Windows\System\bvpTnML.exe

C:\Windows\System\QGDfecP.exe

C:\Windows\System\QGDfecP.exe

C:\Windows\System\erjWsdk.exe

C:\Windows\System\erjWsdk.exe

C:\Windows\System\DPsTzmC.exe

C:\Windows\System\DPsTzmC.exe

C:\Windows\System\yqiVdQm.exe

C:\Windows\System\yqiVdQm.exe

C:\Windows\System\JexfxBK.exe

C:\Windows\System\JexfxBK.exe

C:\Windows\System\ywiCqSC.exe

C:\Windows\System\ywiCqSC.exe

C:\Windows\System\MuVlBNn.exe

C:\Windows\System\MuVlBNn.exe

C:\Windows\System\NlprjSi.exe

C:\Windows\System\NlprjSi.exe

C:\Windows\System\cImYczV.exe

C:\Windows\System\cImYczV.exe

C:\Windows\System\zwCvwfs.exe

C:\Windows\System\zwCvwfs.exe

C:\Windows\System\YcfkUsV.exe

C:\Windows\System\YcfkUsV.exe

C:\Windows\System\QxnzIwu.exe

C:\Windows\System\QxnzIwu.exe

C:\Windows\System\XPsBGtp.exe

C:\Windows\System\XPsBGtp.exe

C:\Windows\System\UQgUofx.exe

C:\Windows\System\UQgUofx.exe

C:\Windows\System\giSWHmK.exe

C:\Windows\System\giSWHmK.exe

C:\Windows\System\XpxHwzk.exe

C:\Windows\System\XpxHwzk.exe

C:\Windows\System\DVEuQFL.exe

C:\Windows\System\DVEuQFL.exe

C:\Windows\System\kFcVBVj.exe

C:\Windows\System\kFcVBVj.exe

C:\Windows\System\Igsngcs.exe

C:\Windows\System\Igsngcs.exe

C:\Windows\System\aHsQaxJ.exe

C:\Windows\System\aHsQaxJ.exe

C:\Windows\System\ygHmPtD.exe

C:\Windows\System\ygHmPtD.exe

C:\Windows\System\Ihrifyx.exe

C:\Windows\System\Ihrifyx.exe

C:\Windows\System\IFBqMkB.exe

C:\Windows\System\IFBqMkB.exe

C:\Windows\System\QsIISMS.exe

C:\Windows\System\QsIISMS.exe

C:\Windows\System\hCbdDRK.exe

C:\Windows\System\hCbdDRK.exe

C:\Windows\System\xChrywm.exe

C:\Windows\System\xChrywm.exe

C:\Windows\System\BLmWYKQ.exe

C:\Windows\System\BLmWYKQ.exe

C:\Windows\System\COzTtcW.exe

C:\Windows\System\COzTtcW.exe

C:\Windows\System\KkstTIt.exe

C:\Windows\System\KkstTIt.exe

C:\Windows\System\vkMzNsc.exe

C:\Windows\System\vkMzNsc.exe

C:\Windows\System\DxLznAN.exe

C:\Windows\System\DxLznAN.exe

C:\Windows\System\XBPtiCv.exe

C:\Windows\System\XBPtiCv.exe

C:\Windows\System\gEAIAnJ.exe

C:\Windows\System\gEAIAnJ.exe

C:\Windows\System\fKqoPrx.exe

C:\Windows\System\fKqoPrx.exe

C:\Windows\System\ApGaaVq.exe

C:\Windows\System\ApGaaVq.exe

C:\Windows\System\QGWbFcK.exe

C:\Windows\System\QGWbFcK.exe

C:\Windows\System\XrUxrNO.exe

C:\Windows\System\XrUxrNO.exe

C:\Windows\System\NHdXGAJ.exe

C:\Windows\System\NHdXGAJ.exe

C:\Windows\System\HCkSLum.exe

C:\Windows\System\HCkSLum.exe

C:\Windows\System\EjvhDuT.exe

C:\Windows\System\EjvhDuT.exe

C:\Windows\System\AINslwN.exe

C:\Windows\System\AINslwN.exe

C:\Windows\System\lSsCeUJ.exe

C:\Windows\System\lSsCeUJ.exe

C:\Windows\System\JKzmXyc.exe

C:\Windows\System\JKzmXyc.exe

C:\Windows\System\BtjIDZh.exe

C:\Windows\System\BtjIDZh.exe

C:\Windows\System\TTEDKyX.exe

C:\Windows\System\TTEDKyX.exe

C:\Windows\System\UEwymhf.exe

C:\Windows\System\UEwymhf.exe

C:\Windows\System\KIXwXpu.exe

C:\Windows\System\KIXwXpu.exe

C:\Windows\System\VkTwOuH.exe

C:\Windows\System\VkTwOuH.exe

C:\Windows\System\aIhUfFw.exe

C:\Windows\System\aIhUfFw.exe

C:\Windows\System\MsVPkDe.exe

C:\Windows\System\MsVPkDe.exe

C:\Windows\System\HOtphDG.exe

C:\Windows\System\HOtphDG.exe

C:\Windows\System\nyIZCAQ.exe

C:\Windows\System\nyIZCAQ.exe

C:\Windows\System\fWWbsBe.exe

C:\Windows\System\fWWbsBe.exe

C:\Windows\System\cJEWpvT.exe

C:\Windows\System\cJEWpvT.exe

C:\Windows\System\IVCHBQw.exe

C:\Windows\System\IVCHBQw.exe

C:\Windows\System\xMQuDyF.exe

C:\Windows\System\xMQuDyF.exe

C:\Windows\System\jwLSjoS.exe

C:\Windows\System\jwLSjoS.exe

C:\Windows\System\zUXmJNJ.exe

C:\Windows\System\zUXmJNJ.exe

C:\Windows\System\pRfubMM.exe

C:\Windows\System\pRfubMM.exe

C:\Windows\System\AYKxUaY.exe

C:\Windows\System\AYKxUaY.exe

C:\Windows\System\lcSTnNw.exe

C:\Windows\System\lcSTnNw.exe

C:\Windows\System\oDCCAlE.exe

C:\Windows\System\oDCCAlE.exe

C:\Windows\System\OAJulsJ.exe

C:\Windows\System\OAJulsJ.exe

C:\Windows\System\gTqHEzO.exe

C:\Windows\System\gTqHEzO.exe

C:\Windows\System\vxFUZee.exe

C:\Windows\System\vxFUZee.exe

C:\Windows\System\JklIRVR.exe

C:\Windows\System\JklIRVR.exe

C:\Windows\System\YOipBDf.exe

C:\Windows\System\YOipBDf.exe

C:\Windows\System\Jhubbwo.exe

C:\Windows\System\Jhubbwo.exe

C:\Windows\System\IXQBRoe.exe

C:\Windows\System\IXQBRoe.exe

C:\Windows\System\NEQuyxg.exe

C:\Windows\System\NEQuyxg.exe

C:\Windows\System\rkZUNZZ.exe

C:\Windows\System\rkZUNZZ.exe

C:\Windows\System\GyfMfHt.exe

C:\Windows\System\GyfMfHt.exe

C:\Windows\System\JgMHmyY.exe

C:\Windows\System\JgMHmyY.exe

C:\Windows\System\aqtsGcL.exe

C:\Windows\System\aqtsGcL.exe

C:\Windows\System\PQLKpqL.exe

C:\Windows\System\PQLKpqL.exe

C:\Windows\System\bmalkZG.exe

C:\Windows\System\bmalkZG.exe

C:\Windows\System\JAXcHfY.exe

C:\Windows\System\JAXcHfY.exe

C:\Windows\System\EJHVCog.exe

C:\Windows\System\EJHVCog.exe

C:\Windows\System\BopSnxm.exe

C:\Windows\System\BopSnxm.exe

C:\Windows\System\zhZKqjs.exe

C:\Windows\System\zhZKqjs.exe

C:\Windows\System\EdHGKgp.exe

C:\Windows\System\EdHGKgp.exe

C:\Windows\System\CVJivoi.exe

C:\Windows\System\CVJivoi.exe

C:\Windows\System\ZiajhcT.exe

C:\Windows\System\ZiajhcT.exe

C:\Windows\System\FCpBjQu.exe

C:\Windows\System\FCpBjQu.exe

C:\Windows\System\bepoXwc.exe

C:\Windows\System\bepoXwc.exe

C:\Windows\System\KWtnpwO.exe

C:\Windows\System\KWtnpwO.exe

C:\Windows\System\IZiKRti.exe

C:\Windows\System\IZiKRti.exe

C:\Windows\System\OiZdXfD.exe

C:\Windows\System\OiZdXfD.exe

C:\Windows\System\IQPNSOd.exe

C:\Windows\System\IQPNSOd.exe

C:\Windows\System\aqaFEnd.exe

C:\Windows\System\aqaFEnd.exe

C:\Windows\System\PQCxTOZ.exe

C:\Windows\System\PQCxTOZ.exe

C:\Windows\System\XbbkBXq.exe

C:\Windows\System\XbbkBXq.exe

C:\Windows\System\UbskeRe.exe

C:\Windows\System\UbskeRe.exe

C:\Windows\System\VdaQAhQ.exe

C:\Windows\System\VdaQAhQ.exe

C:\Windows\System\PybKdXk.exe

C:\Windows\System\PybKdXk.exe

C:\Windows\System\HUryjlK.exe

C:\Windows\System\HUryjlK.exe

C:\Windows\System\THSbYhK.exe

C:\Windows\System\THSbYhK.exe

C:\Windows\System\THIABLk.exe

C:\Windows\System\THIABLk.exe

C:\Windows\System\sfnWgCj.exe

C:\Windows\System\sfnWgCj.exe

C:\Windows\System\JXZFHCE.exe

C:\Windows\System\JXZFHCE.exe

C:\Windows\System\tPvtfLK.exe

C:\Windows\System\tPvtfLK.exe

C:\Windows\System\xjgfMpO.exe

C:\Windows\System\xjgfMpO.exe

C:\Windows\System\tVMIBic.exe

C:\Windows\System\tVMIBic.exe

C:\Windows\System\jFPVQch.exe

C:\Windows\System\jFPVQch.exe

C:\Windows\System\kOZLGeT.exe

C:\Windows\System\kOZLGeT.exe

C:\Windows\System\qFpHPLn.exe

C:\Windows\System\qFpHPLn.exe

C:\Windows\System\ZPowSJB.exe

C:\Windows\System\ZPowSJB.exe

C:\Windows\System\dmyMYfH.exe

C:\Windows\System\dmyMYfH.exe

C:\Windows\System\rBKEtmx.exe

C:\Windows\System\rBKEtmx.exe

C:\Windows\System\ifrYcFj.exe

C:\Windows\System\ifrYcFj.exe

C:\Windows\System\YcMYOya.exe

C:\Windows\System\YcMYOya.exe

C:\Windows\System\EvSxASP.exe

C:\Windows\System\EvSxASP.exe

C:\Windows\System\DAoaOVI.exe

C:\Windows\System\DAoaOVI.exe

C:\Windows\System\KQyGTfX.exe

C:\Windows\System\KQyGTfX.exe

C:\Windows\System\fnzKGjL.exe

C:\Windows\System\fnzKGjL.exe

C:\Windows\System\gDPmWqk.exe

C:\Windows\System\gDPmWqk.exe

C:\Windows\System\LXEKFVP.exe

C:\Windows\System\LXEKFVP.exe

C:\Windows\System\GLguZWz.exe

C:\Windows\System\GLguZWz.exe

C:\Windows\System\fUPdPSi.exe

C:\Windows\System\fUPdPSi.exe

C:\Windows\System\zrwiaqt.exe

C:\Windows\System\zrwiaqt.exe

C:\Windows\System\Jkebdcl.exe

C:\Windows\System\Jkebdcl.exe

C:\Windows\System\CNDMfno.exe

C:\Windows\System\CNDMfno.exe

C:\Windows\System\JHUsxpz.exe

C:\Windows\System\JHUsxpz.exe

C:\Windows\System\QhKlxua.exe

C:\Windows\System\QhKlxua.exe

C:\Windows\System\wsbigsn.exe

C:\Windows\System\wsbigsn.exe

C:\Windows\System\dibAXKB.exe

C:\Windows\System\dibAXKB.exe

C:\Windows\System\ovbFrRM.exe

C:\Windows\System\ovbFrRM.exe

C:\Windows\System\jFSJhOe.exe

C:\Windows\System\jFSJhOe.exe

C:\Windows\System\PAPxKBk.exe

C:\Windows\System\PAPxKBk.exe

C:\Windows\System\sNvYwqG.exe

C:\Windows\System\sNvYwqG.exe

C:\Windows\System\qnixLsI.exe

C:\Windows\System\qnixLsI.exe

C:\Windows\System\krzxQdS.exe

C:\Windows\System\krzxQdS.exe

C:\Windows\System\EGbjsuW.exe

C:\Windows\System\EGbjsuW.exe

C:\Windows\System\tdlZCEo.exe

C:\Windows\System\tdlZCEo.exe

C:\Windows\System\JLxwMWR.exe

C:\Windows\System\JLxwMWR.exe

C:\Windows\System\ucpLKnJ.exe

C:\Windows\System\ucpLKnJ.exe

C:\Windows\System\HsTzWnp.exe

C:\Windows\System\HsTzWnp.exe

C:\Windows\System\VbJlqyU.exe

C:\Windows\System\VbJlqyU.exe

C:\Windows\System\YBCXirO.exe

C:\Windows\System\YBCXirO.exe

C:\Windows\System\ziSLHwK.exe

C:\Windows\System\ziSLHwK.exe

C:\Windows\System\WTScweT.exe

C:\Windows\System\WTScweT.exe

C:\Windows\System\prikwMs.exe

C:\Windows\System\prikwMs.exe

C:\Windows\System\lNdqhJC.exe

C:\Windows\System\lNdqhJC.exe

C:\Windows\System\MnMoUfJ.exe

C:\Windows\System\MnMoUfJ.exe

C:\Windows\System\opcDrEf.exe

C:\Windows\System\opcDrEf.exe

C:\Windows\System\EwCDUxo.exe

C:\Windows\System\EwCDUxo.exe

C:\Windows\System\JivJZXE.exe

C:\Windows\System\JivJZXE.exe

C:\Windows\System\rMGvqiv.exe

C:\Windows\System\rMGvqiv.exe

C:\Windows\System\bZHtoHB.exe

C:\Windows\System\bZHtoHB.exe

C:\Windows\System\GIWGHAo.exe

C:\Windows\System\GIWGHAo.exe

C:\Windows\System\jMUCvvy.exe

C:\Windows\System\jMUCvvy.exe

C:\Windows\System\xOuRhJW.exe

C:\Windows\System\xOuRhJW.exe

C:\Windows\System\kSpemNw.exe

C:\Windows\System\kSpemNw.exe

C:\Windows\System\zJRTxMP.exe

C:\Windows\System\zJRTxMP.exe

C:\Windows\System\ELZiPlX.exe

C:\Windows\System\ELZiPlX.exe

C:\Windows\System\fQMmbvS.exe

C:\Windows\System\fQMmbvS.exe

C:\Windows\System\YrXFtRw.exe

C:\Windows\System\YrXFtRw.exe

C:\Windows\System\BXnXHPR.exe

C:\Windows\System\BXnXHPR.exe

C:\Windows\System\UPHeiDu.exe

C:\Windows\System\UPHeiDu.exe

C:\Windows\System\hUPWcXq.exe

C:\Windows\System\hUPWcXq.exe

C:\Windows\System\LONGqJx.exe

C:\Windows\System\LONGqJx.exe

C:\Windows\System\eXDyhie.exe

C:\Windows\System\eXDyhie.exe

C:\Windows\System\anzIpim.exe

C:\Windows\System\anzIpim.exe

C:\Windows\System\SHBgyyN.exe

C:\Windows\System\SHBgyyN.exe

C:\Windows\System\dtlDmpX.exe

C:\Windows\System\dtlDmpX.exe

C:\Windows\System\OlfFSqZ.exe

C:\Windows\System\OlfFSqZ.exe

C:\Windows\System\zLZuEYi.exe

C:\Windows\System\zLZuEYi.exe

C:\Windows\System\sIBAqSr.exe

C:\Windows\System\sIBAqSr.exe

C:\Windows\System\osLXqZY.exe

C:\Windows\System\osLXqZY.exe

C:\Windows\System\TIgpOtb.exe

C:\Windows\System\TIgpOtb.exe

C:\Windows\System\AdQgacv.exe

C:\Windows\System\AdQgacv.exe

C:\Windows\System\gSXggSo.exe

C:\Windows\System\gSXggSo.exe

C:\Windows\System\RNWQYvj.exe

C:\Windows\System\RNWQYvj.exe

C:\Windows\System\rsdtehD.exe

C:\Windows\System\rsdtehD.exe

C:\Windows\System\KrbJPJh.exe

C:\Windows\System\KrbJPJh.exe

C:\Windows\System\goRoeOl.exe

C:\Windows\System\goRoeOl.exe

C:\Windows\System\zcJakOD.exe

C:\Windows\System\zcJakOD.exe

C:\Windows\System\RHdSBRu.exe

C:\Windows\System\RHdSBRu.exe

C:\Windows\System\Cpwmbaw.exe

C:\Windows\System\Cpwmbaw.exe

C:\Windows\System\sbjsQvs.exe

C:\Windows\System\sbjsQvs.exe

C:\Windows\System\GZpFyky.exe

C:\Windows\System\GZpFyky.exe

C:\Windows\System\gqCdNsb.exe

C:\Windows\System\gqCdNsb.exe

C:\Windows\System\PLBrGNg.exe

C:\Windows\System\PLBrGNg.exe

C:\Windows\System\kkmFmuK.exe

C:\Windows\System\kkmFmuK.exe

C:\Windows\System\DIXsZyv.exe

C:\Windows\System\DIXsZyv.exe

C:\Windows\System\BSsXmOK.exe

C:\Windows\System\BSsXmOK.exe

C:\Windows\System\KnoEKWb.exe

C:\Windows\System\KnoEKWb.exe

C:\Windows\System\VCsxQTP.exe

C:\Windows\System\VCsxQTP.exe

C:\Windows\System\BxPOZec.exe

C:\Windows\System\BxPOZec.exe

C:\Windows\System\EUIljLT.exe

C:\Windows\System\EUIljLT.exe

C:\Windows\System\yiCluBW.exe

C:\Windows\System\yiCluBW.exe

C:\Windows\System\QchyrNH.exe

C:\Windows\System\QchyrNH.exe

C:\Windows\System\bHzKRSt.exe

C:\Windows\System\bHzKRSt.exe

C:\Windows\System\YJvXhdp.exe

C:\Windows\System\YJvXhdp.exe

C:\Windows\System\HOphskf.exe

C:\Windows\System\HOphskf.exe

C:\Windows\System\SxWxaDv.exe

C:\Windows\System\SxWxaDv.exe

C:\Windows\System\HjFykcg.exe

C:\Windows\System\HjFykcg.exe

C:\Windows\System\kHufGrN.exe

C:\Windows\System\kHufGrN.exe

C:\Windows\System\kFWVdxs.exe

C:\Windows\System\kFWVdxs.exe

C:\Windows\System\FYJEODT.exe

C:\Windows\System\FYJEODT.exe

C:\Windows\System\RsAjhdK.exe

C:\Windows\System\RsAjhdK.exe

C:\Windows\System\csjXwmp.exe

C:\Windows\System\csjXwmp.exe

C:\Windows\System\EQwCQYT.exe

C:\Windows\System\EQwCQYT.exe

C:\Windows\System\KlMVnlB.exe

C:\Windows\System\KlMVnlB.exe

C:\Windows\System\NfYEZsR.exe

C:\Windows\System\NfYEZsR.exe

C:\Windows\System\RajmGop.exe

C:\Windows\System\RajmGop.exe

C:\Windows\System\JxXPhmg.exe

C:\Windows\System\JxXPhmg.exe

C:\Windows\System\kyOtCif.exe

C:\Windows\System\kyOtCif.exe

C:\Windows\System\FdNNFqU.exe

C:\Windows\System\FdNNFqU.exe

C:\Windows\System\PbBRGIF.exe

C:\Windows\System\PbBRGIF.exe

C:\Windows\System\ePwuWSy.exe

C:\Windows\System\ePwuWSy.exe

C:\Windows\System\qqtCHVq.exe

C:\Windows\System\qqtCHVq.exe

C:\Windows\System\kunNhqQ.exe

C:\Windows\System\kunNhqQ.exe

C:\Windows\System\UAaERNX.exe

C:\Windows\System\UAaERNX.exe

C:\Windows\System\DbXrYHJ.exe

C:\Windows\System\DbXrYHJ.exe

C:\Windows\System\HofHuyd.exe

C:\Windows\System\HofHuyd.exe

C:\Windows\System\AcHsZWV.exe

C:\Windows\System\AcHsZWV.exe

C:\Windows\System\gAEbrWI.exe

C:\Windows\System\gAEbrWI.exe

C:\Windows\System\HXzmOct.exe

C:\Windows\System\HXzmOct.exe

C:\Windows\System\MdvFzVh.exe

C:\Windows\System\MdvFzVh.exe

C:\Windows\System\zFwJcJv.exe

C:\Windows\System\zFwJcJv.exe

C:\Windows\System\rzvNaHw.exe

C:\Windows\System\rzvNaHw.exe

C:\Windows\System\MsRmgpr.exe

C:\Windows\System\MsRmgpr.exe

C:\Windows\System\FuyZpmY.exe

C:\Windows\System\FuyZpmY.exe

C:\Windows\System\mEiCOLk.exe

C:\Windows\System\mEiCOLk.exe

C:\Windows\System\pXLggFn.exe

C:\Windows\System\pXLggFn.exe

C:\Windows\System\SpaAryB.exe

C:\Windows\System\SpaAryB.exe

C:\Windows\System\KrOgMYm.exe

C:\Windows\System\KrOgMYm.exe

C:\Windows\System\TMvgSrZ.exe

C:\Windows\System\TMvgSrZ.exe

C:\Windows\System\mAhGMSo.exe

C:\Windows\System\mAhGMSo.exe

C:\Windows\System\uZDhyUn.exe

C:\Windows\System\uZDhyUn.exe

C:\Windows\System\PhzkjAj.exe

C:\Windows\System\PhzkjAj.exe

C:\Windows\System\YNGczig.exe

C:\Windows\System\YNGczig.exe

C:\Windows\System\EzkzAvs.exe

C:\Windows\System\EzkzAvs.exe

C:\Windows\System\UNImdHS.exe

C:\Windows\System\UNImdHS.exe

C:\Windows\System\YBVNJQx.exe

C:\Windows\System\YBVNJQx.exe

C:\Windows\System\NOuHrfr.exe

C:\Windows\System\NOuHrfr.exe

C:\Windows\System\iOKMQtZ.exe

C:\Windows\System\iOKMQtZ.exe

C:\Windows\System\JVLWitT.exe

C:\Windows\System\JVLWitT.exe

C:\Windows\System\jaWjVJQ.exe

C:\Windows\System\jaWjVJQ.exe

C:\Windows\System\szfuLtG.exe

C:\Windows\System\szfuLtG.exe

C:\Windows\System\zaQiIAB.exe

C:\Windows\System\zaQiIAB.exe

C:\Windows\System\ipXoTFG.exe

C:\Windows\System\ipXoTFG.exe

C:\Windows\System\hbYrFsg.exe

C:\Windows\System\hbYrFsg.exe

C:\Windows\System\mBtCCLR.exe

C:\Windows\System\mBtCCLR.exe

C:\Windows\System\TzcrBPF.exe

C:\Windows\System\TzcrBPF.exe

C:\Windows\System\vakzoOR.exe

C:\Windows\System\vakzoOR.exe

C:\Windows\System\PKATOuA.exe

C:\Windows\System\PKATOuA.exe

C:\Windows\System\NvQWnZl.exe

C:\Windows\System\NvQWnZl.exe

C:\Windows\System\YDKHsTe.exe

C:\Windows\System\YDKHsTe.exe

C:\Windows\System\XgswwjF.exe

C:\Windows\System\XgswwjF.exe

C:\Windows\System\hOoyKRL.exe

C:\Windows\System\hOoyKRL.exe

C:\Windows\System\hPOmSUC.exe

C:\Windows\System\hPOmSUC.exe

C:\Windows\System\Nfwsirm.exe

C:\Windows\System\Nfwsirm.exe

C:\Windows\System\ddfqcpP.exe

C:\Windows\System\ddfqcpP.exe

C:\Windows\System\LEwGoPZ.exe

C:\Windows\System\LEwGoPZ.exe

C:\Windows\System\mVcUyge.exe

C:\Windows\System\mVcUyge.exe

C:\Windows\System\XNksYmT.exe

C:\Windows\System\XNksYmT.exe

C:\Windows\System\qCsiCoz.exe

C:\Windows\System\qCsiCoz.exe

C:\Windows\System\JzZFvnb.exe

C:\Windows\System\JzZFvnb.exe

C:\Windows\System\RdKZMen.exe

C:\Windows\System\RdKZMen.exe

C:\Windows\System\EItLaNH.exe

C:\Windows\System\EItLaNH.exe

C:\Windows\System\eaxfcxL.exe

C:\Windows\System\eaxfcxL.exe

C:\Windows\System\lOooayh.exe

C:\Windows\System\lOooayh.exe

C:\Windows\System\nbtIFlu.exe

C:\Windows\System\nbtIFlu.exe

C:\Windows\System\MhNqgEI.exe

C:\Windows\System\MhNqgEI.exe

C:\Windows\System\xRVEapl.exe

C:\Windows\System\xRVEapl.exe

C:\Windows\System\OtyESHX.exe

C:\Windows\System\OtyESHX.exe

C:\Windows\System\qRtuqKb.exe

C:\Windows\System\qRtuqKb.exe

C:\Windows\System\GoUTljn.exe

C:\Windows\System\GoUTljn.exe

C:\Windows\System\FSRFnGq.exe

C:\Windows\System\FSRFnGq.exe

C:\Windows\System\KvjdRBT.exe

C:\Windows\System\KvjdRBT.exe

C:\Windows\System\akzDuKI.exe

C:\Windows\System\akzDuKI.exe

C:\Windows\System\xKtkrIG.exe

C:\Windows\System\xKtkrIG.exe

C:\Windows\System\uNLGXxt.exe

C:\Windows\System\uNLGXxt.exe

C:\Windows\System\FcJdmZt.exe

C:\Windows\System\FcJdmZt.exe

C:\Windows\System\EZDbeVJ.exe

C:\Windows\System\EZDbeVJ.exe

C:\Windows\System\AaNljhP.exe

C:\Windows\System\AaNljhP.exe

C:\Windows\System\iFzdeJz.exe

C:\Windows\System\iFzdeJz.exe

C:\Windows\System\zXGoQEi.exe

C:\Windows\System\zXGoQEi.exe

C:\Windows\System\QJXKOke.exe

C:\Windows\System\QJXKOke.exe

C:\Windows\System\FTRLcCx.exe

C:\Windows\System\FTRLcCx.exe

C:\Windows\System\IFopqHp.exe

C:\Windows\System\IFopqHp.exe

C:\Windows\System\thrYlsL.exe

C:\Windows\System\thrYlsL.exe

C:\Windows\System\YoxEwtk.exe

C:\Windows\System\YoxEwtk.exe

C:\Windows\System\gRLtmIH.exe

C:\Windows\System\gRLtmIH.exe

C:\Windows\System\oAwjpds.exe

C:\Windows\System\oAwjpds.exe

C:\Windows\System\fGzyTsa.exe

C:\Windows\System\fGzyTsa.exe

C:\Windows\System\mSzSgSm.exe

C:\Windows\System\mSzSgSm.exe

C:\Windows\System\dDMjwLT.exe

C:\Windows\System\dDMjwLT.exe

C:\Windows\System\kIAvdex.exe

C:\Windows\System\kIAvdex.exe

C:\Windows\System\TusYMjp.exe

C:\Windows\System\TusYMjp.exe

C:\Windows\System\rxbcOAp.exe

C:\Windows\System\rxbcOAp.exe

C:\Windows\System\QuqJuGY.exe

C:\Windows\System\QuqJuGY.exe

C:\Windows\System\pSCVDVn.exe

C:\Windows\System\pSCVDVn.exe

C:\Windows\System\ZbkoJxI.exe

C:\Windows\System\ZbkoJxI.exe

C:\Windows\System\oGSpjNA.exe

C:\Windows\System\oGSpjNA.exe

C:\Windows\System\eaqWLoD.exe

C:\Windows\System\eaqWLoD.exe

C:\Windows\System\rPzMldu.exe

C:\Windows\System\rPzMldu.exe

C:\Windows\System\IkUHVXE.exe

C:\Windows\System\IkUHVXE.exe

C:\Windows\System\jtodais.exe

C:\Windows\System\jtodais.exe

C:\Windows\System\yDqCfUk.exe

C:\Windows\System\yDqCfUk.exe

C:\Windows\System\PTIsnrl.exe

C:\Windows\System\PTIsnrl.exe

C:\Windows\System\ICjvnQI.exe

C:\Windows\System\ICjvnQI.exe

C:\Windows\System\xCKKVyj.exe

C:\Windows\System\xCKKVyj.exe

C:\Windows\System\mJpPixb.exe

C:\Windows\System\mJpPixb.exe

C:\Windows\System\lHaRswq.exe

C:\Windows\System\lHaRswq.exe

C:\Windows\System\qKWOTgu.exe

C:\Windows\System\qKWOTgu.exe

C:\Windows\System\FihZMNa.exe

C:\Windows\System\FihZMNa.exe

C:\Windows\System\AOdXNYv.exe

C:\Windows\System\AOdXNYv.exe

C:\Windows\System\OsBjvcx.exe

C:\Windows\System\OsBjvcx.exe

C:\Windows\System\LeEDFlL.exe

C:\Windows\System\LeEDFlL.exe

C:\Windows\System\XqOIfKd.exe

C:\Windows\System\XqOIfKd.exe

C:\Windows\System\MriDMCC.exe

C:\Windows\System\MriDMCC.exe

C:\Windows\System\lPyGpfH.exe

C:\Windows\System\lPyGpfH.exe

C:\Windows\System\mKgIhGz.exe

C:\Windows\System\mKgIhGz.exe

C:\Windows\System\fMVcMJp.exe

C:\Windows\System\fMVcMJp.exe

C:\Windows\System\MTPRFAK.exe

C:\Windows\System\MTPRFAK.exe

C:\Windows\System\TDQzvor.exe

C:\Windows\System\TDQzvor.exe

C:\Windows\System\VzNUeJA.exe

C:\Windows\System\VzNUeJA.exe

C:\Windows\System\iLTHRkx.exe

C:\Windows\System\iLTHRkx.exe

C:\Windows\System\nthpKgV.exe

C:\Windows\System\nthpKgV.exe

C:\Windows\System\McdvEoc.exe

C:\Windows\System\McdvEoc.exe

C:\Windows\System\IMaxyFa.exe

C:\Windows\System\IMaxyFa.exe

C:\Windows\System\kNeqMjn.exe

C:\Windows\System\kNeqMjn.exe

C:\Windows\System\TmYFuHG.exe

C:\Windows\System\TmYFuHG.exe

C:\Windows\System\FwNJpLR.exe

C:\Windows\System\FwNJpLR.exe

C:\Windows\System\rdzLZph.exe

C:\Windows\System\rdzLZph.exe

C:\Windows\System\NCQaoyN.exe

C:\Windows\System\NCQaoyN.exe

C:\Windows\System\nJdVXrr.exe

C:\Windows\System\nJdVXrr.exe

C:\Windows\System\BnJxLNn.exe

C:\Windows\System\BnJxLNn.exe

C:\Windows\System\yISEvnU.exe

C:\Windows\System\yISEvnU.exe

C:\Windows\System\ypyTrba.exe

C:\Windows\System\ypyTrba.exe

C:\Windows\System\mrUKHmL.exe

C:\Windows\System\mrUKHmL.exe

C:\Windows\System\amlgjKP.exe

C:\Windows\System\amlgjKP.exe

C:\Windows\System\SKbePkL.exe

C:\Windows\System\SKbePkL.exe

C:\Windows\System\TSbCscP.exe

C:\Windows\System\TSbCscP.exe

C:\Windows\System\IRebqRZ.exe

C:\Windows\System\IRebqRZ.exe

C:\Windows\System\ISZEIwZ.exe

C:\Windows\System\ISZEIwZ.exe

C:\Windows\System\YFmQTIb.exe

C:\Windows\System\YFmQTIb.exe

C:\Windows\System\ShmYDLW.exe

C:\Windows\System\ShmYDLW.exe

C:\Windows\System\bqYARBN.exe

C:\Windows\System\bqYARBN.exe

C:\Windows\System\SnoPPMZ.exe

C:\Windows\System\SnoPPMZ.exe

C:\Windows\System\FsEcWdE.exe

C:\Windows\System\FsEcWdE.exe

C:\Windows\System\QKgRWgC.exe

C:\Windows\System\QKgRWgC.exe

C:\Windows\System\fxjHPsg.exe

C:\Windows\System\fxjHPsg.exe

C:\Windows\System\oRwmqNC.exe

C:\Windows\System\oRwmqNC.exe

C:\Windows\System\tFnwuKr.exe

C:\Windows\System\tFnwuKr.exe

C:\Windows\System\CSddLMl.exe

C:\Windows\System\CSddLMl.exe

C:\Windows\System\KpJcdDE.exe

C:\Windows\System\KpJcdDE.exe

C:\Windows\System\pYAZHuv.exe

C:\Windows\System\pYAZHuv.exe

C:\Windows\System\krEJhRa.exe

C:\Windows\System\krEJhRa.exe

C:\Windows\System\ebyrkzf.exe

C:\Windows\System\ebyrkzf.exe

C:\Windows\System\tWHyaqK.exe

C:\Windows\System\tWHyaqK.exe

C:\Windows\System\MQRxXxv.exe

C:\Windows\System\MQRxXxv.exe

C:\Windows\System\pBjZWrQ.exe

C:\Windows\System\pBjZWrQ.exe

C:\Windows\System\ucXvCBl.exe

C:\Windows\System\ucXvCBl.exe

C:\Windows\System\LgaXlyK.exe

C:\Windows\System\LgaXlyK.exe

C:\Windows\System\vfemlcv.exe

C:\Windows\System\vfemlcv.exe

C:\Windows\System\MTAWHay.exe

C:\Windows\System\MTAWHay.exe

C:\Windows\System\sjTDBxe.exe

C:\Windows\System\sjTDBxe.exe

C:\Windows\System\HsEiIuV.exe

C:\Windows\System\HsEiIuV.exe

C:\Windows\System\kqJERQk.exe

C:\Windows\System\kqJERQk.exe

C:\Windows\System\YnMNjvX.exe

C:\Windows\System\YnMNjvX.exe

C:\Windows\System\vyihOpC.exe

C:\Windows\System\vyihOpC.exe

C:\Windows\System\RIVnhjQ.exe

C:\Windows\System\RIVnhjQ.exe

C:\Windows\System\SlzneHV.exe

C:\Windows\System\SlzneHV.exe

C:\Windows\System\DMDauqB.exe

C:\Windows\System\DMDauqB.exe

C:\Windows\System\OoakcwA.exe

C:\Windows\System\OoakcwA.exe

C:\Windows\System\kjCQOoM.exe

C:\Windows\System\kjCQOoM.exe

C:\Windows\System\yGcciOT.exe

C:\Windows\System\yGcciOT.exe

C:\Windows\System\TZuqTlT.exe

C:\Windows\System\TZuqTlT.exe

C:\Windows\System\GBrPlzY.exe

C:\Windows\System\GBrPlzY.exe

C:\Windows\System\raBqiKr.exe

C:\Windows\System\raBqiKr.exe

C:\Windows\System\qaHrhEs.exe

C:\Windows\System\qaHrhEs.exe

C:\Windows\System\mrgGxzg.exe

C:\Windows\System\mrgGxzg.exe

C:\Windows\System\JRaHxNk.exe

C:\Windows\System\JRaHxNk.exe

C:\Windows\System\nfKkCTi.exe

C:\Windows\System\nfKkCTi.exe

C:\Windows\System\FAguPbn.exe

C:\Windows\System\FAguPbn.exe

C:\Windows\System\viVeDkx.exe

C:\Windows\System\viVeDkx.exe

C:\Windows\System\GCfttmp.exe

C:\Windows\System\GCfttmp.exe

C:\Windows\System\CFBuNnP.exe

C:\Windows\System\CFBuNnP.exe

C:\Windows\System\WEvVJoG.exe

C:\Windows\System\WEvVJoG.exe

C:\Windows\System\MTOREKE.exe

C:\Windows\System\MTOREKE.exe

C:\Windows\System\KIeaGiU.exe

C:\Windows\System\KIeaGiU.exe

C:\Windows\System\XYcjlIa.exe

C:\Windows\System\XYcjlIa.exe

C:\Windows\System\PYWqCna.exe

C:\Windows\System\PYWqCna.exe

C:\Windows\System\spQCjZY.exe

C:\Windows\System\spQCjZY.exe

C:\Windows\System\lKtKlUA.exe

C:\Windows\System\lKtKlUA.exe

C:\Windows\System\cRRraEe.exe

C:\Windows\System\cRRraEe.exe

C:\Windows\System\QwmURPZ.exe

C:\Windows\System\QwmURPZ.exe

C:\Windows\System\YaRNhUF.exe

C:\Windows\System\YaRNhUF.exe

C:\Windows\System\QBQYJRX.exe

C:\Windows\System\QBQYJRX.exe

C:\Windows\System\KBWtHwR.exe

C:\Windows\System\KBWtHwR.exe

C:\Windows\System\zDZQFlf.exe

C:\Windows\System\zDZQFlf.exe

C:\Windows\System\KGuhmgV.exe

C:\Windows\System\KGuhmgV.exe

C:\Windows\System\fWVWBgG.exe

C:\Windows\System\fWVWBgG.exe

C:\Windows\System\EPWIexL.exe

C:\Windows\System\EPWIexL.exe

C:\Windows\System\mJaXxNv.exe

C:\Windows\System\mJaXxNv.exe

C:\Windows\System\UTejaON.exe

C:\Windows\System\UTejaON.exe

C:\Windows\System\MpHGZnO.exe

C:\Windows\System\MpHGZnO.exe

C:\Windows\System\zLAvTBQ.exe

C:\Windows\System\zLAvTBQ.exe

C:\Windows\System\TcHRduL.exe

C:\Windows\System\TcHRduL.exe

C:\Windows\System\kasVzns.exe

C:\Windows\System\kasVzns.exe

C:\Windows\System\GngTEFo.exe

C:\Windows\System\GngTEFo.exe

C:\Windows\System\jPJmAEv.exe

C:\Windows\System\jPJmAEv.exe

C:\Windows\System\iJiiClR.exe

C:\Windows\System\iJiiClR.exe

C:\Windows\System\JutyAVr.exe

C:\Windows\System\JutyAVr.exe

C:\Windows\System\JmiUTpd.exe

C:\Windows\System\JmiUTpd.exe

C:\Windows\System\cTWsgDn.exe

C:\Windows\System\cTWsgDn.exe

C:\Windows\System\JHLyWuR.exe

C:\Windows\System\JHLyWuR.exe

C:\Windows\System\qNddwwg.exe

C:\Windows\System\qNddwwg.exe

C:\Windows\System\DoIZLrU.exe

C:\Windows\System\DoIZLrU.exe

C:\Windows\System\zBrOVzW.exe

C:\Windows\System\zBrOVzW.exe

C:\Windows\System\uLVvspK.exe

C:\Windows\System\uLVvspK.exe

C:\Windows\System\yCFXmGj.exe

C:\Windows\System\yCFXmGj.exe

C:\Windows\System\GdqxKVT.exe

C:\Windows\System\GdqxKVT.exe

C:\Windows\System\JRWKfDA.exe

C:\Windows\System\JRWKfDA.exe

C:\Windows\System\jjliBoZ.exe

C:\Windows\System\jjliBoZ.exe

C:\Windows\System\CEoqGtd.exe

C:\Windows\System\CEoqGtd.exe

C:\Windows\System\qEqEXeT.exe

C:\Windows\System\qEqEXeT.exe

C:\Windows\System\xVFAXVB.exe

C:\Windows\System\xVFAXVB.exe

C:\Windows\System\SIwrBUx.exe

C:\Windows\System\SIwrBUx.exe

C:\Windows\System\mFIThmx.exe

C:\Windows\System\mFIThmx.exe

C:\Windows\System\QEOJgvQ.exe

C:\Windows\System\QEOJgvQ.exe

C:\Windows\System\JiDKUZn.exe

C:\Windows\System\JiDKUZn.exe

C:\Windows\System\zTOqlVy.exe

C:\Windows\System\zTOqlVy.exe

C:\Windows\System\IlJEvZB.exe

C:\Windows\System\IlJEvZB.exe

C:\Windows\System\yIbbFcx.exe

C:\Windows\System\yIbbFcx.exe

C:\Windows\System\Cgzawll.exe

C:\Windows\System\Cgzawll.exe

C:\Windows\System\wWCaUAB.exe

C:\Windows\System\wWCaUAB.exe

C:\Windows\System\IXNMxcr.exe

C:\Windows\System\IXNMxcr.exe

C:\Windows\System\vnfeycc.exe

C:\Windows\System\vnfeycc.exe

C:\Windows\System\bhFyYIg.exe

C:\Windows\System\bhFyYIg.exe

C:\Windows\System\ZnBufkZ.exe

C:\Windows\System\ZnBufkZ.exe

C:\Windows\System\dQPHerk.exe

C:\Windows\System\dQPHerk.exe

C:\Windows\System\dGlgWMD.exe

C:\Windows\System\dGlgWMD.exe

C:\Windows\System\FUALWDs.exe

C:\Windows\System\FUALWDs.exe

C:\Windows\System\SINoJaS.exe

C:\Windows\System\SINoJaS.exe

C:\Windows\System\szznZep.exe

C:\Windows\System\szznZep.exe

C:\Windows\System\nrqzqlb.exe

C:\Windows\System\nrqzqlb.exe

C:\Windows\System\bjIhuRM.exe

C:\Windows\System\bjIhuRM.exe

C:\Windows\System\XmBhxXU.exe

C:\Windows\System\XmBhxXU.exe

C:\Windows\System\chkVSzj.exe

C:\Windows\System\chkVSzj.exe

C:\Windows\System\AtrELbC.exe

C:\Windows\System\AtrELbC.exe

C:\Windows\System\NVSxdnl.exe

C:\Windows\System\NVSxdnl.exe

C:\Windows\System\wuaIJiA.exe

C:\Windows\System\wuaIJiA.exe

C:\Windows\System\uEBYBDy.exe

C:\Windows\System\uEBYBDy.exe

C:\Windows\System\qpLyhBZ.exe

C:\Windows\System\qpLyhBZ.exe

C:\Windows\System\LPkBXSG.exe

C:\Windows\System\LPkBXSG.exe

C:\Windows\System\kJuAhup.exe

C:\Windows\System\kJuAhup.exe

C:\Windows\System\DmTkiyN.exe

C:\Windows\System\DmTkiyN.exe

C:\Windows\System\dVggREu.exe

C:\Windows\System\dVggREu.exe

C:\Windows\System\HrCzrtP.exe

C:\Windows\System\HrCzrtP.exe

C:\Windows\System\PxArWcR.exe

C:\Windows\System\PxArWcR.exe

C:\Windows\System\SpRVFqb.exe

C:\Windows\System\SpRVFqb.exe

C:\Windows\System\izhrsWZ.exe

C:\Windows\System\izhrsWZ.exe

C:\Windows\System\aZwaKuu.exe

C:\Windows\System\aZwaKuu.exe

C:\Windows\System\PljKrEk.exe

C:\Windows\System\PljKrEk.exe

C:\Windows\System\uZwSrvE.exe

C:\Windows\System\uZwSrvE.exe

C:\Windows\System\bBkICps.exe

C:\Windows\System\bBkICps.exe

C:\Windows\System\YdoBEnJ.exe

C:\Windows\System\YdoBEnJ.exe

C:\Windows\System\bMcCypu.exe

C:\Windows\System\bMcCypu.exe

C:\Windows\System\ohhSVcv.exe

C:\Windows\System\ohhSVcv.exe

C:\Windows\System\xGdiMrT.exe

C:\Windows\System\xGdiMrT.exe

C:\Windows\System\OZEvmOJ.exe

C:\Windows\System\OZEvmOJ.exe

C:\Windows\System\RbsUGHd.exe

C:\Windows\System\RbsUGHd.exe

C:\Windows\System\LufGJhs.exe

C:\Windows\System\LufGJhs.exe

C:\Windows\System\AKBtCCc.exe

C:\Windows\System\AKBtCCc.exe

C:\Windows\System\ihqnOLr.exe

C:\Windows\System\ihqnOLr.exe

C:\Windows\System\qvVqrQt.exe

C:\Windows\System\qvVqrQt.exe

C:\Windows\System\rCyHeBP.exe

C:\Windows\System\rCyHeBP.exe

C:\Windows\System\BfxEmpT.exe

C:\Windows\System\BfxEmpT.exe

C:\Windows\System\mAzmDQF.exe

C:\Windows\System\mAzmDQF.exe

C:\Windows\System\sOdJOgA.exe

C:\Windows\System\sOdJOgA.exe

C:\Windows\System\gMsulNH.exe

C:\Windows\System\gMsulNH.exe

C:\Windows\System\eNfQSSo.exe

C:\Windows\System\eNfQSSo.exe

C:\Windows\System\dMXGhSJ.exe

C:\Windows\System\dMXGhSJ.exe

C:\Windows\System\anfGvOE.exe

C:\Windows\System\anfGvOE.exe

C:\Windows\System\PWssMbN.exe

C:\Windows\System\PWssMbN.exe

C:\Windows\System\DxjfXli.exe

C:\Windows\System\DxjfXli.exe

C:\Windows\System\FYDfehS.exe

C:\Windows\System\FYDfehS.exe

C:\Windows\System\TzdlYzp.exe

C:\Windows\System\TzdlYzp.exe

C:\Windows\System\fSRkYha.exe

C:\Windows\System\fSRkYha.exe

C:\Windows\System\ByErnmm.exe

C:\Windows\System\ByErnmm.exe

C:\Windows\System\ivwrOQR.exe

C:\Windows\System\ivwrOQR.exe

C:\Windows\System\lUmkwuq.exe

C:\Windows\System\lUmkwuq.exe

C:\Windows\System\SBSfLma.exe

C:\Windows\System\SBSfLma.exe

C:\Windows\System\FcxtOLh.exe

C:\Windows\System\FcxtOLh.exe

C:\Windows\System\CfcPufD.exe

C:\Windows\System\CfcPufD.exe

C:\Windows\System\EuSnpqe.exe

C:\Windows\System\EuSnpqe.exe

C:\Windows\System\AoDTKFC.exe

C:\Windows\System\AoDTKFC.exe

C:\Windows\System\uEzAVfx.exe

C:\Windows\System\uEzAVfx.exe

C:\Windows\System\WVtofzf.exe

C:\Windows\System\WVtofzf.exe

C:\Windows\System\bPiujfH.exe

C:\Windows\System\bPiujfH.exe

C:\Windows\System\PgztseK.exe

C:\Windows\System\PgztseK.exe

C:\Windows\System\ochomJz.exe

C:\Windows\System\ochomJz.exe

C:\Windows\System\ymxJZuH.exe

C:\Windows\System\ymxJZuH.exe

C:\Windows\System\uFWfwFU.exe

C:\Windows\System\uFWfwFU.exe

C:\Windows\System\KCIYnQT.exe

C:\Windows\System\KCIYnQT.exe

C:\Windows\System\WEpzEBn.exe

C:\Windows\System\WEpzEBn.exe

C:\Windows\System\tPSnvkm.exe

C:\Windows\System\tPSnvkm.exe

C:\Windows\System\yplCXCL.exe

C:\Windows\System\yplCXCL.exe

C:\Windows\System\fDZrpMM.exe

C:\Windows\System\fDZrpMM.exe

C:\Windows\System\qpQXAXs.exe

C:\Windows\System\qpQXAXs.exe

C:\Windows\System\fiXvssZ.exe

C:\Windows\System\fiXvssZ.exe

C:\Windows\System\ciobnWS.exe

C:\Windows\System\ciobnWS.exe

C:\Windows\System\dEPZoFw.exe

C:\Windows\System\dEPZoFw.exe

C:\Windows\System\FfrKhIJ.exe

C:\Windows\System\FfrKhIJ.exe

C:\Windows\System\bKqudeh.exe

C:\Windows\System\bKqudeh.exe

C:\Windows\System\XGDHnBN.exe

C:\Windows\System\XGDHnBN.exe

C:\Windows\System\yUAPPck.exe

C:\Windows\System\yUAPPck.exe

C:\Windows\System\DOIHDmW.exe

C:\Windows\System\DOIHDmW.exe

C:\Windows\System\vhacDFZ.exe

C:\Windows\System\vhacDFZ.exe

C:\Windows\System\wAVcfAJ.exe

C:\Windows\System\wAVcfAJ.exe

C:\Windows\System\CevKfcp.exe

C:\Windows\System\CevKfcp.exe

C:\Windows\System\OSRRtQV.exe

C:\Windows\System\OSRRtQV.exe

C:\Windows\System\gJCpTqd.exe

C:\Windows\System\gJCpTqd.exe

C:\Windows\System\aZPrqPk.exe

C:\Windows\System\aZPrqPk.exe

C:\Windows\System\TRxIGki.exe

C:\Windows\System\TRxIGki.exe

C:\Windows\System\dlvKNxd.exe

C:\Windows\System\dlvKNxd.exe

C:\Windows\System\aYjfHLa.exe

C:\Windows\System\aYjfHLa.exe

C:\Windows\System\hUBSBrT.exe

C:\Windows\System\hUBSBrT.exe

C:\Windows\System\SizMSYz.exe

C:\Windows\System\SizMSYz.exe

C:\Windows\System\UCFBIpP.exe

C:\Windows\System\UCFBIpP.exe

C:\Windows\System\nFFcPBw.exe

C:\Windows\System\nFFcPBw.exe

C:\Windows\System\MPvjEzM.exe

C:\Windows\System\MPvjEzM.exe

C:\Windows\System\mYOMcKr.exe

C:\Windows\System\mYOMcKr.exe

C:\Windows\System\GYcfZmI.exe

C:\Windows\System\GYcfZmI.exe

C:\Windows\System\BWMQIEy.exe

C:\Windows\System\BWMQIEy.exe

C:\Windows\System\lFbmUNx.exe

C:\Windows\System\lFbmUNx.exe

C:\Windows\System\auHPcEX.exe

C:\Windows\System\auHPcEX.exe

C:\Windows\System\UnBqjnA.exe

C:\Windows\System\UnBqjnA.exe

C:\Windows\System\yNBaRyj.exe

C:\Windows\System\yNBaRyj.exe

C:\Windows\System\SMWqaIw.exe

C:\Windows\System\SMWqaIw.exe

C:\Windows\System\XHWSQRA.exe

C:\Windows\System\XHWSQRA.exe

C:\Windows\System\ieOpElc.exe

C:\Windows\System\ieOpElc.exe

C:\Windows\System\URUsNiq.exe

C:\Windows\System\URUsNiq.exe

C:\Windows\System\CSXSSRo.exe

C:\Windows\System\CSXSSRo.exe

C:\Windows\System\RzRgMPR.exe

C:\Windows\System\RzRgMPR.exe

C:\Windows\System\LfAVmAl.exe

C:\Windows\System\LfAVmAl.exe

C:\Windows\System\GErxcxh.exe

C:\Windows\System\GErxcxh.exe

C:\Windows\System\HpOKAwl.exe

C:\Windows\System\HpOKAwl.exe

C:\Windows\System\iYuoGEQ.exe

C:\Windows\System\iYuoGEQ.exe

C:\Windows\System\zqlGBLB.exe

C:\Windows\System\zqlGBLB.exe

C:\Windows\System\tWBkflm.exe

C:\Windows\System\tWBkflm.exe

C:\Windows\System\CcTmGBm.exe

C:\Windows\System\CcTmGBm.exe

C:\Windows\System\FwonYre.exe

C:\Windows\System\FwonYre.exe

C:\Windows\System\lxBeUCp.exe

C:\Windows\System\lxBeUCp.exe

C:\Windows\System\cWFlsny.exe

C:\Windows\System\cWFlsny.exe

C:\Windows\System\xsqLYWH.exe

C:\Windows\System\xsqLYWH.exe

C:\Windows\System\DazlZqz.exe

C:\Windows\System\DazlZqz.exe

C:\Windows\System\mDWYbIl.exe

C:\Windows\System\mDWYbIl.exe

C:\Windows\System\YYpRGWP.exe

C:\Windows\System\YYpRGWP.exe

C:\Windows\System\baZzdrn.exe

C:\Windows\System\baZzdrn.exe

C:\Windows\System\YRjjWHC.exe

C:\Windows\System\YRjjWHC.exe

C:\Windows\System\JtioVRm.exe

C:\Windows\System\JtioVRm.exe

C:\Windows\System\jLyMmJi.exe

C:\Windows\System\jLyMmJi.exe

C:\Windows\System\eEUTloR.exe

C:\Windows\System\eEUTloR.exe

C:\Windows\System\FmpEXUe.exe

C:\Windows\System\FmpEXUe.exe

C:\Windows\System\eWZTwAV.exe

C:\Windows\System\eWZTwAV.exe

C:\Windows\System\VzakzZS.exe

C:\Windows\System\VzakzZS.exe

C:\Windows\System\FplmSaQ.exe

C:\Windows\System\FplmSaQ.exe

C:\Windows\System\csPGKee.exe

C:\Windows\System\csPGKee.exe

C:\Windows\System\pMFdZCI.exe

C:\Windows\System\pMFdZCI.exe

C:\Windows\System\PgvWEMO.exe

C:\Windows\System\PgvWEMO.exe

C:\Windows\System\umOlLnf.exe

C:\Windows\System\umOlLnf.exe

C:\Windows\System\sODSetM.exe

C:\Windows\System\sODSetM.exe

C:\Windows\System\FHnAtLt.exe

C:\Windows\System\FHnAtLt.exe

C:\Windows\System\aljyZaK.exe

C:\Windows\System\aljyZaK.exe

C:\Windows\System\DjMkOFN.exe

C:\Windows\System\DjMkOFN.exe

C:\Windows\System\CvYlEUL.exe

C:\Windows\System\CvYlEUL.exe

C:\Windows\System\nRCyawM.exe

C:\Windows\System\nRCyawM.exe

C:\Windows\System\bFGugcp.exe

C:\Windows\System\bFGugcp.exe

C:\Windows\System\ardSviW.exe

C:\Windows\System\ardSviW.exe

C:\Windows\System\ncivJEU.exe

C:\Windows\System\ncivJEU.exe

C:\Windows\System\PiLQPAu.exe

C:\Windows\System\PiLQPAu.exe

C:\Windows\System\rXsPlyj.exe

C:\Windows\System\rXsPlyj.exe

C:\Windows\System\JwrrhCX.exe

C:\Windows\System\JwrrhCX.exe

C:\Windows\System\SKMhrNZ.exe

C:\Windows\System\SKMhrNZ.exe

C:\Windows\System\ikCBiIK.exe

C:\Windows\System\ikCBiIK.exe

C:\Windows\System\AWpvsKR.exe

C:\Windows\System\AWpvsKR.exe

C:\Windows\System\BVnYXzK.exe

C:\Windows\System\BVnYXzK.exe

C:\Windows\System\qPcFqti.exe

C:\Windows\System\qPcFqti.exe

C:\Windows\System\bWqLcRB.exe

C:\Windows\System\bWqLcRB.exe

C:\Windows\System\KHjZCcJ.exe

C:\Windows\System\KHjZCcJ.exe

C:\Windows\System\JtedwOC.exe

C:\Windows\System\JtedwOC.exe

C:\Windows\System\CALqsCM.exe

C:\Windows\System\CALqsCM.exe

C:\Windows\System\QguEGpT.exe

C:\Windows\System\QguEGpT.exe

C:\Windows\System\HjWmSvo.exe

C:\Windows\System\HjWmSvo.exe

C:\Windows\System\VqHcdGt.exe

C:\Windows\System\VqHcdGt.exe

C:\Windows\System\HerZDfQ.exe

C:\Windows\System\HerZDfQ.exe

C:\Windows\System\UZkkQFL.exe

C:\Windows\System\UZkkQFL.exe

C:\Windows\System\cbCuHcC.exe

C:\Windows\System\cbCuHcC.exe

C:\Windows\System\AjmjhOd.exe

C:\Windows\System\AjmjhOd.exe

C:\Windows\System\umVJelZ.exe

C:\Windows\System\umVJelZ.exe

C:\Windows\System\SaVxJEe.exe

C:\Windows\System\SaVxJEe.exe

C:\Windows\System\dTIkjkZ.exe

C:\Windows\System\dTIkjkZ.exe

C:\Windows\System\LgPfvCa.exe

C:\Windows\System\LgPfvCa.exe

C:\Windows\System\SPdYfgK.exe

C:\Windows\System\SPdYfgK.exe

C:\Windows\System\OKnKoAk.exe

C:\Windows\System\OKnKoAk.exe

C:\Windows\System\CWqfYfW.exe

C:\Windows\System\CWqfYfW.exe

C:\Windows\System\mNfNqJm.exe

C:\Windows\System\mNfNqJm.exe

C:\Windows\System\KtOLJbL.exe

C:\Windows\System\KtOLJbL.exe

C:\Windows\System\PqBdeCT.exe

C:\Windows\System\PqBdeCT.exe

C:\Windows\System\JOCSJvm.exe

C:\Windows\System\JOCSJvm.exe

C:\Windows\System\EofKsAR.exe

C:\Windows\System\EofKsAR.exe

C:\Windows\System\fYgeQkg.exe

C:\Windows\System\fYgeQkg.exe

C:\Windows\System\riBiCiy.exe

C:\Windows\System\riBiCiy.exe

C:\Windows\System\BoHmpTi.exe

C:\Windows\System\BoHmpTi.exe

C:\Windows\System\fExLJfo.exe

C:\Windows\System\fExLJfo.exe

C:\Windows\System\qWrGzul.exe

C:\Windows\System\qWrGzul.exe

C:\Windows\System\EWtncWa.exe

C:\Windows\System\EWtncWa.exe

C:\Windows\System\cUWSrFE.exe

C:\Windows\System\cUWSrFE.exe

C:\Windows\System\YArWXLb.exe

C:\Windows\System\YArWXLb.exe

C:\Windows\System\zgAhAJi.exe

C:\Windows\System\zgAhAJi.exe

C:\Windows\System\ePTdtjY.exe

C:\Windows\System\ePTdtjY.exe

C:\Windows\System\mYcLkau.exe

C:\Windows\System\mYcLkau.exe

C:\Windows\System\MLnNpAk.exe

C:\Windows\System\MLnNpAk.exe

C:\Windows\System\BCTwUOx.exe

C:\Windows\System\BCTwUOx.exe

C:\Windows\System\qIhPwqo.exe

C:\Windows\System\qIhPwqo.exe

C:\Windows\System\mfRMFOb.exe

C:\Windows\System\mfRMFOb.exe

C:\Windows\System\NADQlOe.exe

C:\Windows\System\NADQlOe.exe

C:\Windows\System\EaJeaxQ.exe

C:\Windows\System\EaJeaxQ.exe

C:\Windows\System\HHJzNNe.exe

C:\Windows\System\HHJzNNe.exe

C:\Windows\System\FgMYcyH.exe

C:\Windows\System\FgMYcyH.exe

C:\Windows\System\OrLYvnR.exe

C:\Windows\System\OrLYvnR.exe

C:\Windows\System\xlnNTdk.exe

C:\Windows\System\xlnNTdk.exe

C:\Windows\System\fFoWHri.exe

C:\Windows\System\fFoWHri.exe

C:\Windows\System\mfAPIIi.exe

C:\Windows\System\mfAPIIi.exe

C:\Windows\System\LewUdhH.exe

C:\Windows\System\LewUdhH.exe

C:\Windows\System\MmHfmSN.exe

C:\Windows\System\MmHfmSN.exe

C:\Windows\System\HIbOYkR.exe

C:\Windows\System\HIbOYkR.exe

C:\Windows\System\qQApXBp.exe

C:\Windows\System\qQApXBp.exe

C:\Windows\System\PXGfIPN.exe

C:\Windows\System\PXGfIPN.exe

C:\Windows\System\ERmemsK.exe

C:\Windows\System\ERmemsK.exe

C:\Windows\System\niMOgzZ.exe

C:\Windows\System\niMOgzZ.exe

C:\Windows\System\RusRNOr.exe

C:\Windows\System\RusRNOr.exe

C:\Windows\System\BHwTBhG.exe

C:\Windows\System\BHwTBhG.exe

C:\Windows\System\fXXPUUh.exe

C:\Windows\System\fXXPUUh.exe

C:\Windows\System\kyDikRh.exe

C:\Windows\System\kyDikRh.exe

C:\Windows\System\vdDjtcA.exe

C:\Windows\System\vdDjtcA.exe

C:\Windows\System\pahtUoJ.exe

C:\Windows\System\pahtUoJ.exe

C:\Windows\System\KtWpsjo.exe

C:\Windows\System\KtWpsjo.exe

C:\Windows\System\kYKnTjj.exe

C:\Windows\System\kYKnTjj.exe

C:\Windows\System\xoTDVaG.exe

C:\Windows\System\xoTDVaG.exe

C:\Windows\System\JApZDVM.exe

C:\Windows\System\JApZDVM.exe

C:\Windows\System\TaCZqej.exe

C:\Windows\System\TaCZqej.exe

C:\Windows\System\OQuHpyz.exe

C:\Windows\System\OQuHpyz.exe

C:\Windows\System\mVIzLEs.exe

C:\Windows\System\mVIzLEs.exe

C:\Windows\System\PgGvqJu.exe

C:\Windows\System\PgGvqJu.exe

C:\Windows\System\fdctzex.exe

C:\Windows\System\fdctzex.exe

C:\Windows\System\CMOSgxg.exe

C:\Windows\System\CMOSgxg.exe

C:\Windows\System\puBiZEB.exe

C:\Windows\System\puBiZEB.exe

C:\Windows\System\qwspYzS.exe

C:\Windows\System\qwspYzS.exe

C:\Windows\System\BQvQCwG.exe

C:\Windows\System\BQvQCwG.exe

C:\Windows\System\ZGluuXC.exe

C:\Windows\System\ZGluuXC.exe

C:\Windows\System\nflUJKB.exe

C:\Windows\System\nflUJKB.exe

C:\Windows\System\ssMGHKL.exe

C:\Windows\System\ssMGHKL.exe

C:\Windows\System\qZDUOfX.exe

C:\Windows\System\qZDUOfX.exe

C:\Windows\System\LKrjncJ.exe

C:\Windows\System\LKrjncJ.exe

C:\Windows\System\eDiZWak.exe

C:\Windows\System\eDiZWak.exe

C:\Windows\System\fsOIulz.exe

C:\Windows\System\fsOIulz.exe

C:\Windows\System\WwyVlPy.exe

C:\Windows\System\WwyVlPy.exe

C:\Windows\System\XxyUpgc.exe

C:\Windows\System\XxyUpgc.exe

C:\Windows\System\seGnysB.exe

C:\Windows\System\seGnysB.exe

C:\Windows\System\kBDUbmx.exe

C:\Windows\System\kBDUbmx.exe

C:\Windows\System\kPEyEQr.exe

C:\Windows\System\kPEyEQr.exe

C:\Windows\System\IYUkCzS.exe

C:\Windows\System\IYUkCzS.exe

C:\Windows\System\SCgCddd.exe

C:\Windows\System\SCgCddd.exe

C:\Windows\System\RKNGpdo.exe

C:\Windows\System\RKNGpdo.exe

C:\Windows\System\GxUfrIx.exe

C:\Windows\System\GxUfrIx.exe

C:\Windows\System\kiJitvr.exe

C:\Windows\System\kiJitvr.exe

C:\Windows\System\VqLgreF.exe

C:\Windows\System\VqLgreF.exe

C:\Windows\System\mZaCLEb.exe

C:\Windows\System\mZaCLEb.exe

C:\Windows\System\orMurXo.exe

C:\Windows\System\orMurXo.exe

C:\Windows\System\xlIeNFZ.exe

C:\Windows\System\xlIeNFZ.exe

C:\Windows\System\rXGRqXP.exe

C:\Windows\System\rXGRqXP.exe

C:\Windows\System\DzVhYmG.exe

C:\Windows\System\DzVhYmG.exe

C:\Windows\System\xkYZuEu.exe

C:\Windows\System\xkYZuEu.exe

C:\Windows\System\HtmiZPa.exe

C:\Windows\System\HtmiZPa.exe

C:\Windows\System\INkCkoc.exe

C:\Windows\System\INkCkoc.exe

C:\Windows\System\vrxyKMj.exe

C:\Windows\System\vrxyKMj.exe

C:\Windows\System\pHFtdqY.exe

C:\Windows\System\pHFtdqY.exe

C:\Windows\System\tpWMBYU.exe

C:\Windows\System\tpWMBYU.exe

C:\Windows\System\oxcNAHh.exe

C:\Windows\System\oxcNAHh.exe

C:\Windows\System\cwvyWCO.exe

C:\Windows\System\cwvyWCO.exe

C:\Windows\System\ekESVZj.exe

C:\Windows\System\ekESVZj.exe

C:\Windows\System\hXDTjvL.exe

C:\Windows\System\hXDTjvL.exe

C:\Windows\System\QprhetA.exe

C:\Windows\System\QprhetA.exe

C:\Windows\System\JehZJnk.exe

C:\Windows\System\JehZJnk.exe

C:\Windows\System\TGIoeal.exe

C:\Windows\System\TGIoeal.exe

C:\Windows\System\ykeVJvh.exe

C:\Windows\System\ykeVJvh.exe

C:\Windows\System\ZHTDxYn.exe

C:\Windows\System\ZHTDxYn.exe

C:\Windows\System\zWQXqeS.exe

C:\Windows\System\zWQXqeS.exe

C:\Windows\System\VULjjvz.exe

C:\Windows\System\VULjjvz.exe

C:\Windows\System\iYQEtTs.exe

C:\Windows\System\iYQEtTs.exe

C:\Windows\System\rGiVEps.exe

C:\Windows\System\rGiVEps.exe

C:\Windows\System\qfngSVa.exe

C:\Windows\System\qfngSVa.exe

C:\Windows\System\FTJviaF.exe

C:\Windows\System\FTJviaF.exe

C:\Windows\System\OMZziaf.exe

C:\Windows\System\OMZziaf.exe

C:\Windows\System\lASKVoW.exe

C:\Windows\System\lASKVoW.exe

C:\Windows\System\VHAwihc.exe

C:\Windows\System\VHAwihc.exe

C:\Windows\System\SfjhCba.exe

C:\Windows\System\SfjhCba.exe

C:\Windows\System\cVMZcur.exe

C:\Windows\System\cVMZcur.exe

C:\Windows\System\vusYXUR.exe

C:\Windows\System\vusYXUR.exe

C:\Windows\System\jKZhLlt.exe

C:\Windows\System\jKZhLlt.exe

C:\Windows\System\acSpket.exe

C:\Windows\System\acSpket.exe

C:\Windows\System\wRUwwyO.exe

C:\Windows\System\wRUwwyO.exe

C:\Windows\System\FMBNSen.exe

C:\Windows\System\FMBNSen.exe

C:\Windows\System\cDvLRxU.exe

C:\Windows\System\cDvLRxU.exe

C:\Windows\System\SnMUPft.exe

C:\Windows\System\SnMUPft.exe

C:\Windows\System\VcPRFBd.exe

C:\Windows\System\VcPRFBd.exe

C:\Windows\System\KHvHitF.exe

C:\Windows\System\KHvHitF.exe

C:\Windows\System\sYVTgfw.exe

C:\Windows\System\sYVTgfw.exe

C:\Windows\System\zmHNhPV.exe

C:\Windows\System\zmHNhPV.exe

C:\Windows\System\eupmCUm.exe

C:\Windows\System\eupmCUm.exe

C:\Windows\System\uKrthVf.exe

C:\Windows\System\uKrthVf.exe

C:\Windows\System\slXHliV.exe

C:\Windows\System\slXHliV.exe

C:\Windows\System\GJZxqYx.exe

C:\Windows\System\GJZxqYx.exe

C:\Windows\System\PurZBWI.exe

C:\Windows\System\PurZBWI.exe

C:\Windows\System\vAsXMyn.exe

C:\Windows\System\vAsXMyn.exe

C:\Windows\System\WaygBCy.exe

C:\Windows\System\WaygBCy.exe

C:\Windows\System\yIDoNXH.exe

C:\Windows\System\yIDoNXH.exe

C:\Windows\System\xoJQZUp.exe

C:\Windows\System\xoJQZUp.exe

C:\Windows\System\tUfEtfM.exe

C:\Windows\System\tUfEtfM.exe

C:\Windows\System\QYSCsWT.exe

C:\Windows\System\QYSCsWT.exe

C:\Windows\System\BCAwYej.exe

C:\Windows\System\BCAwYej.exe

C:\Windows\System\sHFmZRy.exe

C:\Windows\System\sHFmZRy.exe

C:\Windows\System\ymDTGQv.exe

C:\Windows\System\ymDTGQv.exe

C:\Windows\System\EOWNnKp.exe

C:\Windows\System\EOWNnKp.exe

C:\Windows\System\dFoOpDn.exe

C:\Windows\System\dFoOpDn.exe

C:\Windows\System\YDbxqYX.exe

C:\Windows\System\YDbxqYX.exe

C:\Windows\System\xDOZZLY.exe

C:\Windows\System\xDOZZLY.exe

C:\Windows\System\DnDckYi.exe

C:\Windows\System\DnDckYi.exe

C:\Windows\System\XAQGNzE.exe

C:\Windows\System\XAQGNzE.exe

C:\Windows\System\FZDHKee.exe

C:\Windows\System\FZDHKee.exe

C:\Windows\System\KfdnuXf.exe

C:\Windows\System\KfdnuXf.exe

C:\Windows\System\vDqnWpP.exe

C:\Windows\System\vDqnWpP.exe

C:\Windows\System\ykOPetZ.exe

C:\Windows\System\ykOPetZ.exe

C:\Windows\System\UtvEarM.exe

C:\Windows\System\UtvEarM.exe

C:\Windows\System\nPtDJAb.exe

C:\Windows\System\nPtDJAb.exe

C:\Windows\System\DCotHOk.exe

C:\Windows\System\DCotHOk.exe

C:\Windows\System\ueznlrW.exe

C:\Windows\System\ueznlrW.exe

C:\Windows\System\kgicspI.exe

C:\Windows\System\kgicspI.exe

C:\Windows\System\zkllawZ.exe

C:\Windows\System\zkllawZ.exe

C:\Windows\System\twpGSsg.exe

C:\Windows\System\twpGSsg.exe

C:\Windows\System\GIEDcxl.exe

C:\Windows\System\GIEDcxl.exe

C:\Windows\System\ODvoNBp.exe

C:\Windows\System\ODvoNBp.exe

C:\Windows\System\YpmKjYL.exe

C:\Windows\System\YpmKjYL.exe

C:\Windows\System\gkghGPN.exe

C:\Windows\System\gkghGPN.exe

C:\Windows\System\pXDBgZq.exe

C:\Windows\System\pXDBgZq.exe

C:\Windows\System\zbGIcDi.exe

C:\Windows\System\zbGIcDi.exe

C:\Windows\System\TdkGnJX.exe

C:\Windows\System\TdkGnJX.exe

C:\Windows\System\bjGUfrz.exe

C:\Windows\System\bjGUfrz.exe

C:\Windows\System\BPPgrVl.exe

C:\Windows\System\BPPgrVl.exe

C:\Windows\System\AdoPXiG.exe

C:\Windows\System\AdoPXiG.exe

C:\Windows\System\pROROzO.exe

C:\Windows\System\pROROzO.exe

C:\Windows\System\IyMgcQr.exe

C:\Windows\System\IyMgcQr.exe

C:\Windows\System\BzVarQu.exe

C:\Windows\System\BzVarQu.exe

C:\Windows\System\ZNWDYfO.exe

C:\Windows\System\ZNWDYfO.exe

C:\Windows\System\zPVSrAG.exe

C:\Windows\System\zPVSrAG.exe

C:\Windows\System\nmzBtvk.exe

C:\Windows\System\nmzBtvk.exe

C:\Windows\System\nARpIOC.exe

C:\Windows\System\nARpIOC.exe

C:\Windows\System\qgKUJZm.exe

C:\Windows\System\qgKUJZm.exe

C:\Windows\System\LgzHRSy.exe

C:\Windows\System\LgzHRSy.exe

C:\Windows\System\MuGKITK.exe

C:\Windows\System\MuGKITK.exe

C:\Windows\System\WRSqUyR.exe

C:\Windows\System\WRSqUyR.exe

C:\Windows\System\hUKoOmQ.exe

C:\Windows\System\hUKoOmQ.exe

C:\Windows\System\UzGmTqU.exe

C:\Windows\System\UzGmTqU.exe

C:\Windows\System\HzFwGWi.exe

C:\Windows\System\HzFwGWi.exe

C:\Windows\System\ZzuKeLO.exe

C:\Windows\System\ZzuKeLO.exe

C:\Windows\System\yBKPppK.exe

C:\Windows\System\yBKPppK.exe

C:\Windows\System\nBNmndG.exe

C:\Windows\System\nBNmndG.exe

C:\Windows\System\QaLJhqg.exe

C:\Windows\System\QaLJhqg.exe

C:\Windows\System\kqspknN.exe

C:\Windows\System\kqspknN.exe

C:\Windows\System\URSfOmi.exe

C:\Windows\System\URSfOmi.exe

C:\Windows\System\SpumHDi.exe

C:\Windows\System\SpumHDi.exe

C:\Windows\System\CSLajMP.exe

C:\Windows\System\CSLajMP.exe

C:\Windows\System\cSmptDU.exe

C:\Windows\System\cSmptDU.exe

C:\Windows\System\AdfxIHB.exe

C:\Windows\System\AdfxIHB.exe

C:\Windows\System\ZhhHoFu.exe

C:\Windows\System\ZhhHoFu.exe

C:\Windows\System\NXKiMqY.exe

C:\Windows\System\NXKiMqY.exe

C:\Windows\System\JPoGpQG.exe

C:\Windows\System\JPoGpQG.exe

C:\Windows\System\ZWLMbTZ.exe

C:\Windows\System\ZWLMbTZ.exe

C:\Windows\System\KEJDWTw.exe

C:\Windows\System\KEJDWTw.exe

C:\Windows\System\zWilLmm.exe

C:\Windows\System\zWilLmm.exe

C:\Windows\System\avgsJxf.exe

C:\Windows\System\avgsJxf.exe

C:\Windows\System\akeLjHW.exe

C:\Windows\System\akeLjHW.exe

C:\Windows\System\LXEqcgJ.exe

C:\Windows\System\LXEqcgJ.exe

C:\Windows\System\MAnBPJm.exe

C:\Windows\System\MAnBPJm.exe

C:\Windows\System\Cugmqow.exe

C:\Windows\System\Cugmqow.exe

C:\Windows\System\xJCaoRo.exe

C:\Windows\System\xJCaoRo.exe

C:\Windows\System\JmVwXth.exe

C:\Windows\System\JmVwXth.exe

C:\Windows\System\KJcUYlu.exe

C:\Windows\System\KJcUYlu.exe

C:\Windows\System\fudKUHm.exe

C:\Windows\System\fudKUHm.exe

C:\Windows\System\hPFUqds.exe

C:\Windows\System\hPFUqds.exe

C:\Windows\System\idOvpsZ.exe

C:\Windows\System\idOvpsZ.exe

C:\Windows\System\EEHSatA.exe

C:\Windows\System\EEHSatA.exe

C:\Windows\System\OpXEIOX.exe

C:\Windows\System\OpXEIOX.exe

C:\Windows\System\uQRwRSh.exe

C:\Windows\System\uQRwRSh.exe

C:\Windows\System\GXzfDRg.exe

C:\Windows\System\GXzfDRg.exe

C:\Windows\System\arhDNeU.exe

C:\Windows\System\arhDNeU.exe

C:\Windows\System\cQJInNV.exe

C:\Windows\System\cQJInNV.exe

C:\Windows\System\tLcRLeI.exe

C:\Windows\System\tLcRLeI.exe

C:\Windows\System\GBLrIVt.exe

C:\Windows\System\GBLrIVt.exe

C:\Windows\System\XEMSgYx.exe

C:\Windows\System\XEMSgYx.exe

C:\Windows\System\ISJXQxM.exe

C:\Windows\System\ISJXQxM.exe

C:\Windows\System\BureklY.exe

C:\Windows\System\BureklY.exe

C:\Windows\System\NAPlGOR.exe

C:\Windows\System\NAPlGOR.exe

C:\Windows\System\xCxsjjV.exe

C:\Windows\System\xCxsjjV.exe

C:\Windows\System\ywQupBW.exe

C:\Windows\System\ywQupBW.exe

C:\Windows\System\traGVVS.exe

C:\Windows\System\traGVVS.exe

C:\Windows\System\VSEVDYr.exe

C:\Windows\System\VSEVDYr.exe

C:\Windows\System\PvysVuf.exe

C:\Windows\System\PvysVuf.exe

C:\Windows\System\voATsNn.exe

C:\Windows\System\voATsNn.exe

C:\Windows\System\pXOqeNd.exe

C:\Windows\System\pXOqeNd.exe

C:\Windows\System\vYFwyre.exe

C:\Windows\System\vYFwyre.exe

C:\Windows\System\DWCOlrA.exe

C:\Windows\System\DWCOlrA.exe

C:\Windows\System\jQOgOyc.exe

C:\Windows\System\jQOgOyc.exe

C:\Windows\System\vMUvdaU.exe

C:\Windows\System\vMUvdaU.exe

C:\Windows\System\LFEqUCi.exe

C:\Windows\System\LFEqUCi.exe

C:\Windows\System\JlCtFfI.exe

C:\Windows\System\JlCtFfI.exe

C:\Windows\System\HUvfoUa.exe

C:\Windows\System\HUvfoUa.exe

C:\Windows\System\MpBuNlk.exe

C:\Windows\System\MpBuNlk.exe

C:\Windows\System\LdWfgHT.exe

C:\Windows\System\LdWfgHT.exe

C:\Windows\System\TWPgQEI.exe

C:\Windows\System\TWPgQEI.exe

C:\Windows\System\plasdnG.exe

C:\Windows\System\plasdnG.exe

C:\Windows\System\JJRDfoK.exe

C:\Windows\System\JJRDfoK.exe

C:\Windows\System\buzNirn.exe

C:\Windows\System\buzNirn.exe

C:\Windows\System\fhwspOH.exe

C:\Windows\System\fhwspOH.exe

C:\Windows\System\wwhZXdm.exe

C:\Windows\System\wwhZXdm.exe

C:\Windows\System\CrFcmLt.exe

C:\Windows\System\CrFcmLt.exe

C:\Windows\System\RgQMilj.exe

C:\Windows\System\RgQMilj.exe

C:\Windows\System\peXZZKz.exe

C:\Windows\System\peXZZKz.exe

C:\Windows\System\qdwoKem.exe

C:\Windows\System\qdwoKem.exe

C:\Windows\System\GtkGinf.exe

C:\Windows\System\GtkGinf.exe

C:\Windows\System\OcducAi.exe

C:\Windows\System\OcducAi.exe

C:\Windows\System\nscATRK.exe

C:\Windows\System\nscATRK.exe

C:\Windows\System\jKktdXZ.exe

C:\Windows\System\jKktdXZ.exe

C:\Windows\System\HVGNKpG.exe

C:\Windows\System\HVGNKpG.exe

C:\Windows\System\DujLnfu.exe

C:\Windows\System\DujLnfu.exe

C:\Windows\System\ftIEeha.exe

C:\Windows\System\ftIEeha.exe

C:\Windows\System\xOuOTre.exe

C:\Windows\System\xOuOTre.exe

C:\Windows\System\UGQnzlx.exe

C:\Windows\System\UGQnzlx.exe

C:\Windows\System\KhWzfBW.exe

C:\Windows\System\KhWzfBW.exe

C:\Windows\System\rgThZIq.exe

C:\Windows\System\rgThZIq.exe

C:\Windows\System\lnlxJUf.exe

C:\Windows\System\lnlxJUf.exe

C:\Windows\System\TyHYGRR.exe

C:\Windows\System\TyHYGRR.exe

C:\Windows\System\yPErqdB.exe

C:\Windows\System\yPErqdB.exe

C:\Windows\System\izFMdmH.exe

C:\Windows\System\izFMdmH.exe

C:\Windows\System\OBawDca.exe

C:\Windows\System\OBawDca.exe

C:\Windows\System\QNqdluc.exe

C:\Windows\System\QNqdluc.exe

C:\Windows\System\SrvWkhE.exe

C:\Windows\System\SrvWkhE.exe

C:\Windows\System\tXZcZhp.exe

C:\Windows\System\tXZcZhp.exe

C:\Windows\System\JEPKVWb.exe

C:\Windows\System\JEPKVWb.exe

C:\Windows\System\TDoNcJp.exe

C:\Windows\System\TDoNcJp.exe

C:\Windows\System\bRcaHLd.exe

C:\Windows\System\bRcaHLd.exe

C:\Windows\System\uqljxIA.exe

C:\Windows\System\uqljxIA.exe

C:\Windows\System\xHPnWKI.exe

C:\Windows\System\xHPnWKI.exe

C:\Windows\System\xNGvjJX.exe

C:\Windows\System\xNGvjJX.exe

C:\Windows\System\OaOXCZm.exe

C:\Windows\System\OaOXCZm.exe

C:\Windows\System\OpYsWLM.exe

C:\Windows\System\OpYsWLM.exe

C:\Windows\System\UHtVOpk.exe

C:\Windows\System\UHtVOpk.exe

C:\Windows\System\TCZCmcf.exe

C:\Windows\System\TCZCmcf.exe

C:\Windows\System\PIeLbJY.exe

C:\Windows\System\PIeLbJY.exe

C:\Windows\System\zlXGUHH.exe

C:\Windows\System\zlXGUHH.exe

C:\Windows\System\KQGKufJ.exe

C:\Windows\System\KQGKufJ.exe

C:\Windows\System\VLtBsge.exe

C:\Windows\System\VLtBsge.exe

C:\Windows\System\bJguDmH.exe

C:\Windows\System\bJguDmH.exe

C:\Windows\System\iyCbbcR.exe

C:\Windows\System\iyCbbcR.exe

C:\Windows\System\MXqCvjM.exe

C:\Windows\System\MXqCvjM.exe

C:\Windows\System\bsJlHiM.exe

C:\Windows\System\bsJlHiM.exe

C:\Windows\System\zLiylRo.exe

C:\Windows\System\zLiylRo.exe

C:\Windows\System\yeshYir.exe

C:\Windows\System\yeshYir.exe

C:\Windows\System\DwRpYql.exe

C:\Windows\System\DwRpYql.exe

C:\Windows\System\KplfBdh.exe

C:\Windows\System\KplfBdh.exe

C:\Windows\System\NdQeOkQ.exe

C:\Windows\System\NdQeOkQ.exe

C:\Windows\System\PJhzlrA.exe

C:\Windows\System\PJhzlrA.exe

C:\Windows\System\rXtvotZ.exe

C:\Windows\System\rXtvotZ.exe

C:\Windows\System\vvXQvMD.exe

C:\Windows\System\vvXQvMD.exe

C:\Windows\System\HQMTniA.exe

C:\Windows\System\HQMTniA.exe

C:\Windows\System\QCNCryZ.exe

C:\Windows\System\QCNCryZ.exe

C:\Windows\System\NICJYoj.exe

C:\Windows\System\NICJYoj.exe

C:\Windows\System\dMfuzRu.exe

C:\Windows\System\dMfuzRu.exe

C:\Windows\System\HuhqRtz.exe

C:\Windows\System\HuhqRtz.exe

C:\Windows\System\pIwawkQ.exe

C:\Windows\System\pIwawkQ.exe

C:\Windows\System\DysPRjj.exe

C:\Windows\System\DysPRjj.exe

C:\Windows\System\kxSmkps.exe

C:\Windows\System\kxSmkps.exe

C:\Windows\System\oeDljxH.exe

C:\Windows\System\oeDljxH.exe

C:\Windows\System\YbaVvRF.exe

C:\Windows\System\YbaVvRF.exe

C:\Windows\System\bWFvHiS.exe

C:\Windows\System\bWFvHiS.exe

C:\Windows\System\iIENVCv.exe

C:\Windows\System\iIENVCv.exe

C:\Windows\System\qFCDaMy.exe

C:\Windows\System\qFCDaMy.exe

C:\Windows\System\HkfrgsL.exe

C:\Windows\System\HkfrgsL.exe

C:\Windows\System\RZKHOcz.exe

C:\Windows\System\RZKHOcz.exe

C:\Windows\System\HOSItlE.exe

C:\Windows\System\HOSItlE.exe

C:\Windows\System\lsIeGeJ.exe

C:\Windows\System\lsIeGeJ.exe

C:\Windows\System\anxuQLm.exe

C:\Windows\System\anxuQLm.exe

C:\Windows\System\SXnioTO.exe

C:\Windows\System\SXnioTO.exe

C:\Windows\System\xYAinZZ.exe

C:\Windows\System\xYAinZZ.exe

C:\Windows\System\wlDgmuX.exe

C:\Windows\System\wlDgmuX.exe

C:\Windows\System\vyCIoiE.exe

C:\Windows\System\vyCIoiE.exe

C:\Windows\System\MICvaXf.exe

C:\Windows\System\MICvaXf.exe

C:\Windows\System\TYaJYVZ.exe

C:\Windows\System\TYaJYVZ.exe

C:\Windows\System\rvBUkRN.exe

C:\Windows\System\rvBUkRN.exe

C:\Windows\System\GuVkJef.exe

C:\Windows\System\GuVkJef.exe

C:\Windows\System\COUzDyv.exe

C:\Windows\System\COUzDyv.exe

C:\Windows\System\fEljtHX.exe

C:\Windows\System\fEljtHX.exe

C:\Windows\System\JKeenNc.exe

C:\Windows\System\JKeenNc.exe

Network

N/A

Files

memory/1916-0-0x000000013FBB0000-0x000000013FF01000-memory.dmp

memory/1916-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\vhTkYJg.exe

MD5 ce71137a903c1df39812843703f42893
SHA1 3c001ed3209f11f4fd52dfe9d8961829de20e5a1
SHA256 74edb6f85982ef5407238dfba54feb44b65d31df8c6550bf230344f02f55874b
SHA512 55d82665d16d977308b8ea42133faceb08587e2e5e1454c25cd74d1bb3a19dfe0fdd406e1d6df24009e867662ea3aeb77f7be614f36eb4db64f3329dfb17321f

C:\Windows\system\DIOzawn.exe

MD5 a2e8c102f80bfd0d3ef0cc1abbeb0f2b
SHA1 49de7f070d724a66e37f06f67f26c9f7cb32c395
SHA256 6cf39588a7221eb6b4cbf5357b33f0847e4a61b5f1ce269910d814fa070c62df
SHA512 b084231bc8c08f10a921f69af9f93fe695261120749aa38e7c8be27c9ff4c05b1a645cb50278684ea5f12ccf9b6dda221e26a23e91cdf9f13c64c6cf329c55a9

\Windows\system\JZLgyuw.exe

MD5 880a5590466ce0279b1bc930acc95366
SHA1 61dd37f768ba186f79e5a209740bb67f898694d7
SHA256 ee2cdc9434cfe947ca129dcd8314e7cb51e3b3289fec1e75cd9ede93ab170699
SHA512 05cf78c169a5fde783728ad3af54c4d5a44377eeaa7989c5eeaa4fc3500e38c6f26deb1085dc81c9a1426cb3434852deb7331dd9c2125a9bee2ca7b7fdf1f4ce

C:\Windows\system\bYXHula.exe

MD5 865f0a4bf827b52991e4704e8aedeb71
SHA1 d6ec87f133b1970603f6349603535c221c7ccd49
SHA256 37ba918044f188b8aacdc9421e9ca228615ffa8ef812ca983b43c321b63a89ee
SHA512 87f49dc02f45d16383749e22613220f0d3e8492aa9d72b1cb08cb04baa2808fc41fb7757ffd81e2959c8e8e8abec1163df8d74567de11673b5d80a7fc8f51502

memory/2640-76-0x000000013FB90000-0x000000013FEE1000-memory.dmp

memory/2608-78-0x000000013FCB0000-0x0000000140001000-memory.dmp

memory/1916-82-0x000000013F4F0000-0x000000013F841000-memory.dmp

memory/1916-86-0x000000013F710000-0x000000013FA61000-memory.dmp

C:\Windows\system\fqRBTWB.exe

MD5 65b49ebc113e7ca3768496127523dc18
SHA1 6eae25c215c96270e7b34f636e7fcabb51ee18da
SHA256 745b6070b1db04428cea68000d896e6cff645780c0b899db71108b25bc21fa91
SHA512 1a41ab7ef3f325c8af17183fa9e3c484bc9977e88dfa130a612daed4a5e4e7817196ecea196469afc48d93e99f750cecc26a18f943a0d7d99a346ba2da2ffe67

C:\Windows\system\SSJVrvq.exe

MD5 a626c0f12ae87d22ac594f6a4eb76c5d
SHA1 3ea56fe3de6411dc39911de39ad2491fab337160
SHA256 3ebda9b5b9e5c21965e1c325a80442714507d9e8c12b5e2d6e080b7424e8386e
SHA512 60cc18b11a0902489a9b726c0f06214072a08476b8bd882d8994d7cf6b401f3e90b2aa70b1c4ea239209ef8c64288d7bfc7ce7afa072b1a152966f9b07145416

memory/2544-98-0x000000013F690000-0x000000013F9E1000-memory.dmp

\Windows\system\oEWyesv.exe

MD5 84811c33f2e94aedf1d5be991c1e940b
SHA1 3e8fa5951234b7ee0de3bae9d1b7d31d716d6cf6
SHA256 f421e29fb2d709439a0e917ef89ffcb64e93b1720706f963048ae906ef313a88
SHA512 92fb408544ed7efc12a45a7d94c65835a0b27473bc76094742305ab1707aee5a54df1d4c7b7e23746af4b8cca07735a008108c70de5079d25d19373106ce3a23

C:\Windows\system\mAxqQvc.exe

MD5 449d3082e7cadd4445d1112f94474aa6
SHA1 c31e8e897f3ffd5fa341533de69c7e76bfa84c35
SHA256 ba898122bf058ff08055223d5e8cc28277ff62b2eea9fa9dd45018aea1e48c0b
SHA512 9a0e4ba2218479f386515b382e67e455836a0ca838cb53f6a37e7ad12340d3af085fc5765bc9a6b89e6fa797c8ccc3e8a5d294532fcafa22559bc1a118945758

C:\Windows\system\yhEVafw.exe

MD5 8a50d9cfb82e07e24514fd8b8eb989d9
SHA1 bfb2d7c4680b6fc9e09aff8878705ad5a658eefb
SHA256 396472840ae09a1ace8b85b362584eed62670f97cc45167205002e205cefd3a3
SHA512 464ec4b33d9fa0d17c6222bdab51eccc3027387b134a9df30a56aeb86e43daaa9ca2f8765cce0fb098540f7af06f22f5db2a233ab96ff2067b15ee7fc68f600a

C:\Windows\system\amjtmIx.exe

MD5 a99cc57f6c82a6f572035c44f5554168
SHA1 3bf95b774b53ea27be874b9ceafaefde1aabce2c
SHA256 f9ec712ea3e91f0c2b2fc2152dfccc5d4b88bc945a85ae3fd776ef4dc4510044
SHA512 70ade61736525ba5f5f9dd136d5760fa882e269a11e0c44ec4a6ad209e1a1c05e65423d2821efd37048c9caa55c9a53c50f1cb8e2d78e46ea0592fc48128fc31

memory/2668-95-0x000000013F710000-0x000000013FA61000-memory.dmp

memory/2368-94-0x000000013FB90000-0x000000013FEE1000-memory.dmp

memory/2192-38-0x000000013F230000-0x000000013F581000-memory.dmp

\Windows\system\IZhizqb.exe

MD5 f0a4a558e7915ae7169af8a6e002b211
SHA1 88069ba4b4bbbbfb16d0c8e34ede85a213461505
SHA256 a2cbf7a84c0e51e422ea31729a7265abf772f31936ba68fa23a5407434cb75b3
SHA512 c5df00540d72b28bd729aab9c63e2ff8c518477aa6cc70e2db9b59d47e9733e4c1028a49f6255cb7e757b381123fcf013bca556c6500a546d3509327a999fae5

memory/2708-89-0x000000013F140000-0x000000013F491000-memory.dmp

memory/2600-88-0x000000013F670000-0x000000013F9C1000-memory.dmp

memory/1624-87-0x000000013F460000-0x000000013F7B1000-memory.dmp

memory/1916-85-0x0000000001DA0000-0x00000000020F1000-memory.dmp

memory/1916-84-0x000000013F5F0000-0x000000013F941000-memory.dmp

memory/2492-83-0x000000013F4F0000-0x000000013F841000-memory.dmp

memory/1916-81-0x000000013F690000-0x000000013F9E1000-memory.dmp

memory/2672-80-0x000000013F5F0000-0x000000013F941000-memory.dmp

memory/1916-79-0x000000013F460000-0x000000013F7B1000-memory.dmp

memory/2644-77-0x000000013FB00000-0x000000013FE51000-memory.dmp

C:\Windows\system\fQZAsnD.exe

MD5 7df9acad2b3cd29ee7751468fc8edaee
SHA1 d2b8fc5f1e895b16900b4bb27f859eeb938c60d0
SHA256 8484559c06935a17e736cbbd48c9c0d0280cd5b18c34e0a7a6ce9a7dccb23423
SHA512 f934f6d4674e9c66b265feb84ce0d28bacbd555b2d3fa66fd2cc1ccfffa34b145af90142cb185ca73c541c923dd08ab8bd053038537acb292757071859cae0a2

memory/1916-74-0x0000000001DA0000-0x00000000020F1000-memory.dmp

memory/1916-73-0x0000000001DA0000-0x00000000020F1000-memory.dmp

memory/1916-68-0x0000000001DA0000-0x00000000020F1000-memory.dmp

C:\Windows\system\uBxhOGj.exe

MD5 bb8675b1280d2cec2a8ca3546a22012a
SHA1 726cd1db9e2e01e027baf91fc3a4b80cfb12d1d3
SHA256 732fb932d6c4b82b5f000b9d6b67a9e33bba4a11677c6a0d7eaf7b6d7758b898
SHA512 35eea67c4fcc3f708f2aafde79f3e2a0b882cc63c3471e966d74727b8105a07167b97a8d898d66959a1fe63f7ba513aa118fd52c8c930397c3bfb8096215a51b

memory/1916-65-0x000000013F670000-0x000000013F9C1000-memory.dmp

memory/3008-64-0x000000013F270000-0x000000013F5C1000-memory.dmp

memory/1752-63-0x000000013FD00000-0x0000000140051000-memory.dmp

memory/1916-42-0x000000013F270000-0x000000013F5C1000-memory.dmp

memory/1916-34-0x0000000001DA0000-0x00000000020F1000-memory.dmp

C:\Windows\system\otCoPDI.exe

MD5 645d4a4fcdb9462a9b54528417f517ae
SHA1 cdd21327538cb7f5d9878fdb316f4195e5737ed7
SHA256 a88e37792c05b87f518876c78668aa17e7d714d4ffea36e669525244efddd246
SHA512 836202f6e6616f47cdd87c20b2a636fa0ac20b5b908eed3de66c0e5713b5ad8d8bbbeda76955f8f27432177860c4c3db4059a6542cc237bb576380421a17ac16

memory/1916-7-0x000000013F230000-0x000000013F581000-memory.dmp

\Windows\system\GbVKbAP.exe

MD5 7f6f7fbdc37de9e4678e3415a9ec1ca1
SHA1 2666a3b3d59ab23ec735429b2a68b7007e90ba46
SHA256 00d5e6b149e86404762170eea184a12a6e0af6b17dcf74b82c6d716aa3fb0298
SHA512 62e061e1b789b86a51e8cec92b43f51a97a0b1e235d026b09f4f73287f849867ba7638e07b2ac6a8b51df27b56be1d8cb4f65246983720029d24c0b01746b258

memory/1916-105-0x000000013F080000-0x000000013F3D1000-memory.dmp

C:\Windows\system\wxQPFvs.exe

MD5 f2d2360adeeca4ad453c8355bef982ac
SHA1 455cc4f2230608f03299a4d0d644b3d7227b2355
SHA256 c42ee1dadea304da990cbf9d11c3d44e5c72fb15e7cf44e092ad8fc9351f6a80
SHA512 3c5be30f75708a7f5d4bda48a68aeeb953610f0f361645b201c0a7914d64844ce105f3b291f969062f31359d7bac3371ed5f5d10cbe8e4ba2406d914f30496c4

\Windows\system\dtjXcyn.exe

MD5 e2faa3cb636cbfb45300398cb56ab20f
SHA1 b990ef99576451c95ce6f5ab7f59f6f32588c4ce
SHA256 c900d08b87c19f1cce0b643cd3539279f3883cc7ed8646c70d53670331463051
SHA512 b58c023cbbbeaa9fcacbf253c6b95dc37493c50b0ec87f245c3d5e0379e024d41b2457fc3291b3785afc567e25b3eb94453d66f02de6d0a00ababaa080365fb7

C:\Windows\system\tNKNfTO.exe

MD5 d2e1718a9b47e80cbc6a56e92ad99a13
SHA1 c540be3c31c47f70f29645fc43933cf934ff6ab1
SHA256 2a6ac04969f6b50028b01567875ef8cd101311239d9ef27a0f929db17c3a1430
SHA512 8687cb657babbd0386b988c8ec79afde7ded5dd7b75366ba598a6399c79f25b4c323c97fa3f827300f92706a562954713def452dc174df79c2b0c3405bdf29d8

C:\Windows\system\XduYvmc.exe

MD5 a0d566c47232a5fb303628e0481f8600
SHA1 bb1fd4520ee9311d5cdad289bfaeed09aa7f4734
SHA256 95f2ce9fba88f60091b05e7e67ce6dc1d651246de5c789b4975503e815e3f9c6
SHA512 2102b94001126a55b622475dc9bcd01d81bca6da044b9ecf745d05a2f609e2d1e58ce908b46cd986e7e9e0ed71294bd16344883e612155f0d7513cc4aef37a76

C:\Windows\system\BzWQiCF.exe

MD5 84fed71070ce5a73bdb72d175f6e6961
SHA1 9dc0a8a7b70bdf419d0855180e0156b22ddce9fc
SHA256 30c5885b2a7774f09873a47c0a02fc953254403637602212d47b9fed3ffbdeff
SHA512 edb62f3eb3683dc91ef06809c4aaadaee15b03a93c5035fd597c9d76d73ef064bfa2bca3e83aebf0d9de16cc3fb0e90bb77bac6cf655e3c6d5e2346aaeaa4205

C:\Windows\system\LYkkhRH.exe

MD5 35b657b404024d27f74e5dec2a8fa72d
SHA1 171538bb90a1cea5f89920045c1c3342bce857f4
SHA256 3f835a45e36f8d7b41f431ed9a097f9eb8855c90fcf31a968598fabbf63d763c
SHA512 fab9b29eb429e63ef9e0da1394f00cffb43e8496d8c705f480d645945d90039bba69f38a2a7c12041a705561a7d522c5a0ba28ce166eb938afe619ddac0b729c

C:\Windows\system\OzDNUaJ.exe

MD5 1f5d6353890f79d2af9081b2202e6863
SHA1 8efc2036a4f608bc4e19d6d92532bbd1f9d75bad
SHA256 3567a6cf69ee3d064026cb93f654b7bc64deed33de72947b49af3879a42d6303
SHA512 fd1e9b780815a93457c7d906aefbb2216f7625ec314619257571c8ecce638932f7f28171594f2c5da88f9f5a348e576ad93ad5ab0c1463f1a9fcba808485ff68

C:\Windows\system\xzLcbxn.exe

MD5 60879056cc2a9fc353f5a1b92cc2e86a
SHA1 66192ae6b8125a200570465db92e2f61259e7db5
SHA256 fac6709669b41440f8ce464da742692c861c159b0867d0aff115f3aa15bebaa0
SHA512 dabd5d905bfd74d48f7fb719e60081ebd0d2661260da039544f834add510222be7c55da884e0bd081fdb91635aa3fc12c71664b83715b8480bd09930dd563e75

C:\Windows\system\yYHcqGK.exe

MD5 edc0b0f2403fad6856d8be05c4e69c6d
SHA1 0567cfcea6f46402a8441e00055f9b765855ec14
SHA256 847e37cf85abdac41527931f2d6fe5f2c883f41a8fa3ef47187fde96619299ce
SHA512 e33356c48e842367651717743d13e891f0f38bc5715c9ed7d383905808451f038f28b4be1da7386f360d599e21374396d05f60f87e04ef03f46acfe5a49c398f

C:\Windows\system\JybPddm.exe

MD5 9a62a3c94dbda608ff1d14686b9bf3fc
SHA1 f0d5dc7108adbd9156c3077a55de66bc1e85371b
SHA256 c273f16f1c02c280189e8c1aa7e6defce01bc05d2cfcd28caa595fb47c2237ec
SHA512 2fef657120a0403d4a507018617892ef36a7b30b7488846334ac785928ad6886793f769a42568b58b645b2db4552321411a2973a5f50993b64c1328dd9524abf

C:\Windows\system\lpliwQz.exe

MD5 3633b88c68d70124d9562ecfad05b0b9
SHA1 90ade684f706e2cdcb365bac28d4a316f6ba32c3
SHA256 b5984168b1bf7fd6147779a3b8de9bb5e516f37988c632bc4925059b9acbab60
SHA512 76c61142fa86f1ac8248293cc28a4802671187215392adaf0f39057deb04922cf2e7b1ab01b2fdeb6ba5ede7cde1b62e6901e87609b188816909135ca8462d98

C:\Windows\system\XSZbJlC.exe

MD5 df14421af55fce9cc89b992db0360454
SHA1 54dfad4236ac3c98409546be099c089131532010
SHA256 453c7b8d5d3a1be918469f4b5b2cb05ebcea0a29401f29a0756339669c678eae
SHA512 23cd16642fd5b96432a56c0b8d6f184fecb307398f3304c2c745eca14c13ca469f5de7b3a7ec459f67fd9cf5c0472fa2b3c6d922c6a293da7700648766aed0eb

C:\Windows\system\vtvqjqG.exe

MD5 4b2b3be4065bc931ede8cd3cb7d0413e
SHA1 42d95b2baf75a1cfae1ee70369956ee4315d4403
SHA256 b616c5078410028ff0e541943373f5a8b666bd1b63f789b6081b784a565ff42c
SHA512 feaaa799ca6f756a18a7bd7dec0b46248e1e0b6d443ab2fae09b1bf67600e3577d1b4994f8ced8d4f0846088dd11925ef1d241614f968f20c02324e45f9a1e98

C:\Windows\system\xgDUUDk.exe

MD5 3cf85ad05b0aa3478d9b88be332ed146
SHA1 7b22fe230358a28c4a31226dfb5643296e8591c2
SHA256 71cd1edf17cdfdea265b07173185c2044e8d2e0a1c76a3a2cf02eaad8ded4949
SHA512 f4f29cb20048cdb72475d8dd116d4759e1cd89569ddf1a7f1d734e880c6814884e5ea99dab6301bdb5ce28afaabf639955284e3610ae1ff200f20e18a64cb175

C:\Windows\system\CCEZuzM.exe

MD5 44305d677d4d83959b0ad8f1b5588d8e
SHA1 7e18c38656611353e9fa7af665c702b70cc4b2ce
SHA256 b9b21216df6229649b060635053217bf934947ae41b680c13a2808caf4c2aca7
SHA512 11b59b39e6df3aa18ddd3010b4cc0802c91a391749e69a2722e0adcc1f5bed05e1391734de37518367641dc1af5414a2f253c2a1cf88b6ee7f0a80b043faae68

C:\Windows\system\GZKdMfs.exe

MD5 7c13f0300a6507d998e6f881585b1ba7
SHA1 f041d9ba1967e0feb958271f7b97cbe2d3af3f21
SHA256 45c3d337273ff6a5bbed05204cf97bc35625d122f8afca7e95bca9624735aef6
SHA512 3ec3677c6917c65d6f5b307919b9b878f33b15b6bf17cec6baf872a5e4d994e07d55bfe5ec3169b68bd7543a39b0ac366ffd0df872dd3fc09c2be4d24138d0cf

C:\Windows\system\bUrryhZ.exe

MD5 66c1094e91eed6855d3e46402d71641a
SHA1 d5233e5b7138c401eedeed0a0efec6d84f69092b
SHA256 c04d310399a44efaad7b0883e98075e19746569d1925ada1c5d489d37850bb38
SHA512 e5c9ae0c8265060d6cc0bebfa7f447360184498f9c057ce4c3b59773b2c22bbe753f1bb67e482ffc56a967171d7511e41512d92807d762ecec4a1b06edc3c5f8

memory/1916-3195-0x000000013FBB0000-0x000000013FF01000-memory.dmp

memory/2192-3292-0x000000013F230000-0x000000013F581000-memory.dmp

memory/2668-3317-0x000000013F710000-0x000000013FA61000-memory.dmp

memory/2544-3322-0x000000013F690000-0x000000013F9E1000-memory.dmp

memory/2368-3319-0x000000013FB90000-0x000000013FEE1000-memory.dmp

memory/1624-3315-0x000000013F460000-0x000000013F7B1000-memory.dmp

memory/2708-3314-0x000000013F140000-0x000000013F491000-memory.dmp

memory/2492-3311-0x000000013F4F0000-0x000000013F841000-memory.dmp

memory/2644-3310-0x000000013FB00000-0x000000013FE51000-memory.dmp

memory/2608-3307-0x000000013FCB0000-0x0000000140001000-memory.dmp

memory/2640-3305-0x000000013FB90000-0x000000013FEE1000-memory.dmp

memory/2600-3302-0x000000013F670000-0x000000013F9C1000-memory.dmp

memory/2672-3299-0x000000013F5F0000-0x000000013F941000-memory.dmp

memory/1752-3293-0x000000013FD00000-0x0000000140051000-memory.dmp

memory/3008-3291-0x000000013F270000-0x000000013F5C1000-memory.dmp

memory/1916-6745-0x0000000001DA0000-0x00000000020F1000-memory.dmp

memory/1916-7475-0x000000013F270000-0x000000013F5C1000-memory.dmp

memory/1916-7896-0x0000000001DA0000-0x00000000020F1000-memory.dmp

memory/1916-7895-0x0000000001DA0000-0x00000000020F1000-memory.dmp

memory/1916-8222-0x0000000001DA0000-0x00000000020F1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 18:11

Reported

2024-05-27 18:14

Platform

win10v2004-20240508-en

Max time kernel

53s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\vhTkYJg.exe N/A
N/A N/A C:\Windows\System\DIOzawn.exe N/A
N/A N/A C:\Windows\System\oEWyesv.exe N/A
N/A N/A C:\Windows\System\otCoPDI.exe N/A
N/A N/A C:\Windows\System\JZLgyuw.exe N/A
N/A N/A C:\Windows\System\amjtmIx.exe N/A
N/A N/A C:\Windows\System\fQZAsnD.exe N/A
N/A N/A C:\Windows\System\yhEVafw.exe N/A
N/A N/A C:\Windows\System\IZhizqb.exe N/A
N/A N/A C:\Windows\System\mAxqQvc.exe N/A
N/A N/A C:\Windows\System\fqRBTWB.exe N/A
N/A N/A C:\Windows\System\uBxhOGj.exe N/A
N/A N/A C:\Windows\System\SSJVrvq.exe N/A
N/A N/A C:\Windows\System\bYXHula.exe N/A
N/A N/A C:\Windows\System\GbVKbAP.exe N/A
N/A N/A C:\Windows\System\wxQPFvs.exe N/A
N/A N/A C:\Windows\System\dtjXcyn.exe N/A
N/A N/A C:\Windows\System\tNKNfTO.exe N/A
N/A N/A C:\Windows\System\BzWQiCF.exe N/A
N/A N/A C:\Windows\System\XduYvmc.exe N/A
N/A N/A C:\Windows\System\LYkkhRH.exe N/A
N/A N/A C:\Windows\System\OzDNUaJ.exe N/A
N/A N/A C:\Windows\System\xzLcbxn.exe N/A
N/A N/A C:\Windows\System\yYHcqGK.exe N/A
N/A N/A C:\Windows\System\lpliwQz.exe N/A
N/A N/A C:\Windows\System\JybPddm.exe N/A
N/A N/A C:\Windows\System\vtvqjqG.exe N/A
N/A N/A C:\Windows\System\bUrryhZ.exe N/A
N/A N/A C:\Windows\System\xgDUUDk.exe N/A
N/A N/A C:\Windows\System\CCEZuzM.exe N/A
N/A N/A C:\Windows\System\vTyDapl.exe N/A
N/A N/A C:\Windows\System\iHhMXWY.exe N/A
N/A N/A C:\Windows\System\GZKdMfs.exe N/A
N/A N/A C:\Windows\System\NWQvZCJ.exe N/A
N/A N/A C:\Windows\System\KcZfJgL.exe N/A
N/A N/A C:\Windows\System\dOHUHub.exe N/A
N/A N/A C:\Windows\System\cvXSOPc.exe N/A
N/A N/A C:\Windows\System\XSZbJlC.exe N/A
N/A N/A C:\Windows\System\qFbARNE.exe N/A
N/A N/A C:\Windows\System\iPLdMFh.exe N/A
N/A N/A C:\Windows\System\EaxreYq.exe N/A
N/A N/A C:\Windows\System\ZMGroeN.exe N/A
N/A N/A C:\Windows\System\kWGitAh.exe N/A
N/A N/A C:\Windows\System\rwDHdQR.exe N/A
N/A N/A C:\Windows\System\QOFDiDA.exe N/A
N/A N/A C:\Windows\System\wYYjbVS.exe N/A
N/A N/A C:\Windows\System\EHSrXwP.exe N/A
N/A N/A C:\Windows\System\OlhhBFp.exe N/A
N/A N/A C:\Windows\System\kxESSMu.exe N/A
N/A N/A C:\Windows\System\VnOMasj.exe N/A
N/A N/A C:\Windows\System\DefMFvq.exe N/A
N/A N/A C:\Windows\System\UZSXWBP.exe N/A
N/A N/A C:\Windows\System\gjjDhLy.exe N/A
N/A N/A C:\Windows\System\wusbOqY.exe N/A
N/A N/A C:\Windows\System\maXgKCc.exe N/A
N/A N/A C:\Windows\System\mjPKmgt.exe N/A
N/A N/A C:\Windows\System\xCjtgNA.exe N/A
N/A N/A C:\Windows\System\oKMqQYJ.exe N/A
N/A N/A C:\Windows\System\bJKpLqY.exe N/A
N/A N/A C:\Windows\System\VAFKdMI.exe N/A
N/A N/A C:\Windows\System\izbGpxD.exe N/A
N/A N/A C:\Windows\System\TlUpiiX.exe N/A
N/A N/A C:\Windows\System\lckaqBZ.exe N/A
N/A N/A C:\Windows\System\SKxeCqB.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HUryjlK.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRaHxNk.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpRVFqb.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nnaPqUr.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kOZLGeT.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zLAvTBQ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fiXvssZ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aljyZaK.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWtnpwO.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VbJlqyU.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GZpFyky.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KvjdRBT.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VAFKdMI.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DQpWpYP.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rVwNaTx.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OAJulsJ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZbkoJxI.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DazlZqz.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VqHcdGt.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sEmuebd.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zqlGBLB.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xzLcbxn.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tohmQTZ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BtjIDZh.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WEpzEBn.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\szfuLtG.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lOooayh.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTyDapl.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lxSruUv.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ygHmPtD.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JklIRVR.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VzNUeJA.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOHUHub.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aqtsGcL.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dmyMYfH.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wsbigsn.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsqLYWH.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Bvnxlnw.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FcJdmZt.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoakcwA.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fWVWBgG.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tPSnvkm.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SaVxJEe.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dtjXcyn.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xNWpiog.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OiZdXfD.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Cpwmbaw.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HjFykcg.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KCIYnQT.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SKxeCqB.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gDPmWqk.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SHBgyyN.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DIXsZyv.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnhNHvO.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NHdXGAJ.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqtCHVq.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyihOpC.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qCsiCoz.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RdKZMen.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MTPRFAK.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZhizqb.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UZSXWBP.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TTEDKyX.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mBtCCLR.exe C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{618A90A2-0629-4846-8893-8837597CDDBD} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{D7F427D0-F950-4379-9D3E-8B96952D1F45} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 220 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\vhTkYJg.exe
PID 220 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\vhTkYJg.exe
PID 220 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\DIOzawn.exe
PID 220 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\DIOzawn.exe
PID 220 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\oEWyesv.exe
PID 220 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\oEWyesv.exe
PID 220 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\otCoPDI.exe
PID 220 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\otCoPDI.exe
PID 220 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\JZLgyuw.exe
PID 220 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\JZLgyuw.exe
PID 220 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\amjtmIx.exe
PID 220 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\amjtmIx.exe
PID 220 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fQZAsnD.exe
PID 220 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fQZAsnD.exe
PID 220 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\yhEVafw.exe
PID 220 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\yhEVafw.exe
PID 220 wrote to memory of 3368 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\IZhizqb.exe
PID 220 wrote to memory of 3368 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\IZhizqb.exe
PID 220 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\mAxqQvc.exe
PID 220 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\mAxqQvc.exe
PID 220 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fqRBTWB.exe
PID 220 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\fqRBTWB.exe
PID 220 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\uBxhOGj.exe
PID 220 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\uBxhOGj.exe
PID 220 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\SSJVrvq.exe
PID 220 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\SSJVrvq.exe
PID 220 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\bYXHula.exe
PID 220 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\bYXHula.exe
PID 220 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\GbVKbAP.exe
PID 220 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\GbVKbAP.exe
PID 220 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\wxQPFvs.exe
PID 220 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\wxQPFvs.exe
PID 220 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\dtjXcyn.exe
PID 220 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\dtjXcyn.exe
PID 220 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\tNKNfTO.exe
PID 220 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\tNKNfTO.exe
PID 220 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\BzWQiCF.exe
PID 220 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\BzWQiCF.exe
PID 220 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\XduYvmc.exe
PID 220 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\XduYvmc.exe
PID 220 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\LYkkhRH.exe
PID 220 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\LYkkhRH.exe
PID 220 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\OzDNUaJ.exe
PID 220 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\OzDNUaJ.exe
PID 220 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\xzLcbxn.exe
PID 220 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\xzLcbxn.exe
PID 220 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\yYHcqGK.exe
PID 220 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\yYHcqGK.exe
PID 220 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\lpliwQz.exe
PID 220 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\lpliwQz.exe
PID 220 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\JybPddm.exe
PID 220 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\JybPddm.exe
PID 220 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\vtvqjqG.exe
PID 220 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\vtvqjqG.exe
PID 220 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\XSZbJlC.exe
PID 220 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\XSZbJlC.exe
PID 220 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\bUrryhZ.exe
PID 220 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\bUrryhZ.exe
PID 220 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\xgDUUDk.exe
PID 220 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\xgDUUDk.exe
PID 220 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\CCEZuzM.exe
PID 220 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\CCEZuzM.exe
PID 220 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\GZKdMfs.exe
PID 220 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe C:\Windows\System\GZKdMfs.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\08ed21f02a33879c78c983e86e9167d0_NeikiAnalytics.exe"

C:\Windows\System\vhTkYJg.exe

C:\Windows\System\vhTkYJg.exe

C:\Windows\System\DIOzawn.exe

C:\Windows\System\DIOzawn.exe

C:\Windows\System\oEWyesv.exe

C:\Windows\System\oEWyesv.exe

C:\Windows\System\otCoPDI.exe

C:\Windows\System\otCoPDI.exe

C:\Windows\System\JZLgyuw.exe

C:\Windows\System\JZLgyuw.exe

C:\Windows\System\amjtmIx.exe

C:\Windows\System\amjtmIx.exe

C:\Windows\System\fQZAsnD.exe

C:\Windows\System\fQZAsnD.exe

C:\Windows\System\yhEVafw.exe

C:\Windows\System\yhEVafw.exe

C:\Windows\System\IZhizqb.exe

C:\Windows\System\IZhizqb.exe

C:\Windows\System\mAxqQvc.exe

C:\Windows\System\mAxqQvc.exe

C:\Windows\System\fqRBTWB.exe

C:\Windows\System\fqRBTWB.exe

C:\Windows\System\uBxhOGj.exe

C:\Windows\System\uBxhOGj.exe

C:\Windows\System\SSJVrvq.exe

C:\Windows\System\SSJVrvq.exe

C:\Windows\System\bYXHula.exe

C:\Windows\System\bYXHula.exe

C:\Windows\System\GbVKbAP.exe

C:\Windows\System\GbVKbAP.exe

C:\Windows\System\wxQPFvs.exe

C:\Windows\System\wxQPFvs.exe

C:\Windows\System\dtjXcyn.exe

C:\Windows\System\dtjXcyn.exe

C:\Windows\System\tNKNfTO.exe

C:\Windows\System\tNKNfTO.exe

C:\Windows\System\BzWQiCF.exe

C:\Windows\System\BzWQiCF.exe

C:\Windows\System\XduYvmc.exe

C:\Windows\System\XduYvmc.exe

C:\Windows\System\LYkkhRH.exe

C:\Windows\System\LYkkhRH.exe

C:\Windows\System\OzDNUaJ.exe

C:\Windows\System\OzDNUaJ.exe

C:\Windows\System\xzLcbxn.exe

C:\Windows\System\xzLcbxn.exe

C:\Windows\System\yYHcqGK.exe

C:\Windows\System\yYHcqGK.exe

C:\Windows\System\lpliwQz.exe

C:\Windows\System\lpliwQz.exe

C:\Windows\System\JybPddm.exe

C:\Windows\System\JybPddm.exe

C:\Windows\System\vtvqjqG.exe

C:\Windows\System\vtvqjqG.exe

C:\Windows\System\XSZbJlC.exe

C:\Windows\System\XSZbJlC.exe

C:\Windows\System\bUrryhZ.exe

C:\Windows\System\bUrryhZ.exe

C:\Windows\System\xgDUUDk.exe

C:\Windows\System\xgDUUDk.exe

C:\Windows\System\CCEZuzM.exe

C:\Windows\System\CCEZuzM.exe

C:\Windows\System\GZKdMfs.exe

C:\Windows\System\GZKdMfs.exe

C:\Windows\System\vTyDapl.exe

C:\Windows\System\vTyDapl.exe

C:\Windows\System\iHhMXWY.exe

C:\Windows\System\iHhMXWY.exe

C:\Windows\System\EHSrXwP.exe

C:\Windows\System\EHSrXwP.exe

C:\Windows\System\NWQvZCJ.exe

C:\Windows\System\NWQvZCJ.exe

C:\Windows\System\KcZfJgL.exe

C:\Windows\System\KcZfJgL.exe

C:\Windows\System\dOHUHub.exe

C:\Windows\System\dOHUHub.exe

C:\Windows\System\cvXSOPc.exe

C:\Windows\System\cvXSOPc.exe

C:\Windows\System\qFbARNE.exe

C:\Windows\System\qFbARNE.exe

C:\Windows\System\iPLdMFh.exe

C:\Windows\System\iPLdMFh.exe

C:\Windows\System\EaxreYq.exe

C:\Windows\System\EaxreYq.exe

C:\Windows\System\ZMGroeN.exe

C:\Windows\System\ZMGroeN.exe

C:\Windows\System\kWGitAh.exe

C:\Windows\System\kWGitAh.exe

C:\Windows\System\rwDHdQR.exe

C:\Windows\System\rwDHdQR.exe

C:\Windows\System\QOFDiDA.exe

C:\Windows\System\QOFDiDA.exe

C:\Windows\System\wYYjbVS.exe

C:\Windows\System\wYYjbVS.exe

C:\Windows\System\OlhhBFp.exe

C:\Windows\System\OlhhBFp.exe

C:\Windows\System\kxESSMu.exe

C:\Windows\System\kxESSMu.exe

C:\Windows\System\VnOMasj.exe

C:\Windows\System\VnOMasj.exe

C:\Windows\System\DefMFvq.exe

C:\Windows\System\DefMFvq.exe

C:\Windows\System\UZSXWBP.exe

C:\Windows\System\UZSXWBP.exe

C:\Windows\System\gjjDhLy.exe

C:\Windows\System\gjjDhLy.exe

C:\Windows\System\wusbOqY.exe

C:\Windows\System\wusbOqY.exe

C:\Windows\System\maXgKCc.exe

C:\Windows\System\maXgKCc.exe

C:\Windows\System\mjPKmgt.exe

C:\Windows\System\mjPKmgt.exe

C:\Windows\System\xCjtgNA.exe

C:\Windows\System\xCjtgNA.exe

C:\Windows\System\GvtCsiC.exe

C:\Windows\System\GvtCsiC.exe

C:\Windows\System\oKMqQYJ.exe

C:\Windows\System\oKMqQYJ.exe

C:\Windows\System\bJKpLqY.exe

C:\Windows\System\bJKpLqY.exe

C:\Windows\System\VAFKdMI.exe

C:\Windows\System\VAFKdMI.exe

C:\Windows\System\izbGpxD.exe

C:\Windows\System\izbGpxD.exe

C:\Windows\System\TlUpiiX.exe

C:\Windows\System\TlUpiiX.exe

C:\Windows\System\lckaqBZ.exe

C:\Windows\System\lckaqBZ.exe

C:\Windows\System\SKxeCqB.exe

C:\Windows\System\SKxeCqB.exe

C:\Windows\System\DZeSMjv.exe

C:\Windows\System\DZeSMjv.exe

C:\Windows\System\ScIhooH.exe

C:\Windows\System\ScIhooH.exe

C:\Windows\System\tohmQTZ.exe

C:\Windows\System\tohmQTZ.exe

C:\Windows\System\AUlMLTD.exe

C:\Windows\System\AUlMLTD.exe

C:\Windows\System\PgTOShH.exe

C:\Windows\System\PgTOShH.exe

C:\Windows\System\gioftBe.exe

C:\Windows\System\gioftBe.exe

C:\Windows\System\lxSruUv.exe

C:\Windows\System\lxSruUv.exe

C:\Windows\System\hYROMSO.exe

C:\Windows\System\hYROMSO.exe

C:\Windows\System\ZLIJyht.exe

C:\Windows\System\ZLIJyht.exe

C:\Windows\System\EqEddui.exe

C:\Windows\System\EqEddui.exe

C:\Windows\System\MnmGxuR.exe

C:\Windows\System\MnmGxuR.exe

C:\Windows\System\mwzaPLJ.exe

C:\Windows\System\mwzaPLJ.exe

C:\Windows\System\NfgZkjF.exe

C:\Windows\System\NfgZkjF.exe

C:\Windows\System\klhKmql.exe

C:\Windows\System\klhKmql.exe

C:\Windows\System\PnxtvXh.exe

C:\Windows\System\PnxtvXh.exe

C:\Windows\System\pcSvlmE.exe

C:\Windows\System\pcSvlmE.exe

C:\Windows\System\gciqXCk.exe

C:\Windows\System\gciqXCk.exe

C:\Windows\System\kMZvvcO.exe

C:\Windows\System\kMZvvcO.exe

C:\Windows\System\DQpWpYP.exe

C:\Windows\System\DQpWpYP.exe

C:\Windows\System\kVVVqor.exe

C:\Windows\System\kVVVqor.exe

C:\Windows\System\UocPbmr.exe

C:\Windows\System\UocPbmr.exe

C:\Windows\System\IwwGxfh.exe

C:\Windows\System\IwwGxfh.exe

C:\Windows\System\UnhNHvO.exe

C:\Windows\System\UnhNHvO.exe

C:\Windows\System\HbDUpjW.exe

C:\Windows\System\HbDUpjW.exe

C:\Windows\System\QdpBawW.exe

C:\Windows\System\QdpBawW.exe

C:\Windows\System\cqnhzaK.exe

C:\Windows\System\cqnhzaK.exe

C:\Windows\System\XHogAeJ.exe

C:\Windows\System\XHogAeJ.exe

C:\Windows\System\qRIBrEh.exe

C:\Windows\System\qRIBrEh.exe

C:\Windows\System\RTqgrcr.exe

C:\Windows\System\RTqgrcr.exe

C:\Windows\System\MqUKEgt.exe

C:\Windows\System\MqUKEgt.exe

C:\Windows\System\INGUrxq.exe

C:\Windows\System\INGUrxq.exe

C:\Windows\System\dXDagmk.exe

C:\Windows\System\dXDagmk.exe

C:\Windows\System\yASeeXe.exe

C:\Windows\System\yASeeXe.exe

C:\Windows\System\SsxZmNN.exe

C:\Windows\System\SsxZmNN.exe

C:\Windows\System\FvjPRjr.exe

C:\Windows\System\FvjPRjr.exe

C:\Windows\System\WtCEEre.exe

C:\Windows\System\WtCEEre.exe

C:\Windows\System\RjHqHGC.exe

C:\Windows\System\RjHqHGC.exe

C:\Windows\System\rVwNaTx.exe

C:\Windows\System\rVwNaTx.exe

C:\Windows\System\xNWpiog.exe

C:\Windows\System\xNWpiog.exe

C:\Windows\System\gnkEwCi.exe

C:\Windows\System\gnkEwCi.exe

C:\Windows\System\hruykxX.exe

C:\Windows\System\hruykxX.exe

C:\Windows\System\oOUAGYq.exe

C:\Windows\System\oOUAGYq.exe

C:\Windows\System\nkBCqOK.exe

C:\Windows\System\nkBCqOK.exe

C:\Windows\System\XOGuFst.exe

C:\Windows\System\XOGuFst.exe

C:\Windows\System\XOowamF.exe

C:\Windows\System\XOowamF.exe

C:\Windows\System\RJHfNjE.exe

C:\Windows\System\RJHfNjE.exe

C:\Windows\System\IVcLOoO.exe

C:\Windows\System\IVcLOoO.exe

C:\Windows\System\bvpTnML.exe

C:\Windows\System\bvpTnML.exe

C:\Windows\System\QGDfecP.exe

C:\Windows\System\QGDfecP.exe

C:\Windows\System\erjWsdk.exe

C:\Windows\System\erjWsdk.exe

C:\Windows\System\DPsTzmC.exe

C:\Windows\System\DPsTzmC.exe

C:\Windows\System\yqiVdQm.exe

C:\Windows\System\yqiVdQm.exe

C:\Windows\System\JexfxBK.exe

C:\Windows\System\JexfxBK.exe

C:\Windows\System\ywiCqSC.exe

C:\Windows\System\ywiCqSC.exe

C:\Windows\System\MuVlBNn.exe

C:\Windows\System\MuVlBNn.exe

C:\Windows\System\NlprjSi.exe

C:\Windows\System\NlprjSi.exe

C:\Windows\System\cImYczV.exe

C:\Windows\System\cImYczV.exe

C:\Windows\System\zwCvwfs.exe

C:\Windows\System\zwCvwfs.exe

C:\Windows\System\YcfkUsV.exe

C:\Windows\System\YcfkUsV.exe

C:\Windows\System\QxnzIwu.exe

C:\Windows\System\QxnzIwu.exe

C:\Windows\System\XPsBGtp.exe

C:\Windows\System\XPsBGtp.exe

C:\Windows\System\UQgUofx.exe

C:\Windows\System\UQgUofx.exe

C:\Windows\System\giSWHmK.exe

C:\Windows\System\giSWHmK.exe

C:\Windows\System\XpxHwzk.exe

C:\Windows\System\XpxHwzk.exe

C:\Windows\System\DVEuQFL.exe

C:\Windows\System\DVEuQFL.exe

C:\Windows\System\kFcVBVj.exe

C:\Windows\System\kFcVBVj.exe

C:\Windows\System\Igsngcs.exe

C:\Windows\System\Igsngcs.exe

C:\Windows\System\aHsQaxJ.exe

C:\Windows\System\aHsQaxJ.exe

C:\Windows\System\ygHmPtD.exe

C:\Windows\System\ygHmPtD.exe

C:\Windows\System\Ihrifyx.exe

C:\Windows\System\Ihrifyx.exe

C:\Windows\System\IFBqMkB.exe

C:\Windows\System\IFBqMkB.exe

C:\Windows\System\QsIISMS.exe

C:\Windows\System\QsIISMS.exe

C:\Windows\System\hCbdDRK.exe

C:\Windows\System\hCbdDRK.exe

C:\Windows\System\xChrywm.exe

C:\Windows\System\xChrywm.exe

C:\Windows\System\BLmWYKQ.exe

C:\Windows\System\BLmWYKQ.exe

C:\Windows\System\COzTtcW.exe

C:\Windows\System\COzTtcW.exe

C:\Windows\System\KkstTIt.exe

C:\Windows\System\KkstTIt.exe

C:\Windows\System\vkMzNsc.exe

C:\Windows\System\vkMzNsc.exe

C:\Windows\System\DxLznAN.exe

C:\Windows\System\DxLznAN.exe

C:\Windows\System\XBPtiCv.exe

C:\Windows\System\XBPtiCv.exe

C:\Windows\System\gEAIAnJ.exe

C:\Windows\System\gEAIAnJ.exe

C:\Windows\System\fKqoPrx.exe

C:\Windows\System\fKqoPrx.exe

C:\Windows\System\ApGaaVq.exe

C:\Windows\System\ApGaaVq.exe

C:\Windows\System\QGWbFcK.exe

C:\Windows\System\QGWbFcK.exe

C:\Windows\System\XrUxrNO.exe

C:\Windows\System\XrUxrNO.exe

C:\Windows\System\NHdXGAJ.exe

C:\Windows\System\NHdXGAJ.exe

C:\Windows\System\HCkSLum.exe

C:\Windows\System\HCkSLum.exe

C:\Windows\System\EjvhDuT.exe

C:\Windows\System\EjvhDuT.exe

C:\Windows\System\AINslwN.exe

C:\Windows\System\AINslwN.exe

C:\Windows\System\lSsCeUJ.exe

C:\Windows\System\lSsCeUJ.exe

C:\Windows\System\JKzmXyc.exe

C:\Windows\System\JKzmXyc.exe

C:\Windows\System\BtjIDZh.exe

C:\Windows\System\BtjIDZh.exe

C:\Windows\System\TTEDKyX.exe

C:\Windows\System\TTEDKyX.exe

C:\Windows\System\UEwymhf.exe

C:\Windows\System\UEwymhf.exe

C:\Windows\System\KIXwXpu.exe

C:\Windows\System\KIXwXpu.exe

C:\Windows\System\VkTwOuH.exe

C:\Windows\System\VkTwOuH.exe

C:\Windows\System\aIhUfFw.exe

C:\Windows\System\aIhUfFw.exe

C:\Windows\System\MsVPkDe.exe

C:\Windows\System\MsVPkDe.exe

C:\Windows\System\HOtphDG.exe

C:\Windows\System\HOtphDG.exe

C:\Windows\System\nyIZCAQ.exe

C:\Windows\System\nyIZCAQ.exe

C:\Windows\System\fWWbsBe.exe

C:\Windows\System\fWWbsBe.exe

C:\Windows\System\cJEWpvT.exe

C:\Windows\System\cJEWpvT.exe

C:\Windows\System\IVCHBQw.exe

C:\Windows\System\IVCHBQw.exe

C:\Windows\System\xMQuDyF.exe

C:\Windows\System\xMQuDyF.exe

C:\Windows\System\jwLSjoS.exe

C:\Windows\System\jwLSjoS.exe

C:\Windows\System\zUXmJNJ.exe

C:\Windows\System\zUXmJNJ.exe

C:\Windows\System\pRfubMM.exe

C:\Windows\System\pRfubMM.exe

C:\Windows\System\AYKxUaY.exe

C:\Windows\System\AYKxUaY.exe

C:\Windows\System\lcSTnNw.exe

C:\Windows\System\lcSTnNw.exe

C:\Windows\System\oDCCAlE.exe

C:\Windows\System\oDCCAlE.exe

C:\Windows\System\OAJulsJ.exe

C:\Windows\System\OAJulsJ.exe

C:\Windows\System\gTqHEzO.exe

C:\Windows\System\gTqHEzO.exe

C:\Windows\System\vxFUZee.exe

C:\Windows\System\vxFUZee.exe

C:\Windows\System\JklIRVR.exe

C:\Windows\System\JklIRVR.exe

C:\Windows\System\YOipBDf.exe

C:\Windows\System\YOipBDf.exe

C:\Windows\System\Jhubbwo.exe

C:\Windows\System\Jhubbwo.exe

C:\Windows\System\IXQBRoe.exe

C:\Windows\System\IXQBRoe.exe

C:\Windows\System\NEQuyxg.exe

C:\Windows\System\NEQuyxg.exe

C:\Windows\System\rkZUNZZ.exe

C:\Windows\System\rkZUNZZ.exe

C:\Windows\System\GyfMfHt.exe

C:\Windows\System\GyfMfHt.exe

C:\Windows\System\JgMHmyY.exe

C:\Windows\System\JgMHmyY.exe

C:\Windows\System\aqtsGcL.exe

C:\Windows\System\aqtsGcL.exe

C:\Windows\System\PQLKpqL.exe

C:\Windows\System\PQLKpqL.exe

C:\Windows\System\bmalkZG.exe

C:\Windows\System\bmalkZG.exe

C:\Windows\System\JAXcHfY.exe

C:\Windows\System\JAXcHfY.exe

C:\Windows\System\EJHVCog.exe

C:\Windows\System\EJHVCog.exe

C:\Windows\System\BopSnxm.exe

C:\Windows\System\BopSnxm.exe

C:\Windows\System\zhZKqjs.exe

C:\Windows\System\zhZKqjs.exe

C:\Windows\System\EdHGKgp.exe

C:\Windows\System\EdHGKgp.exe

C:\Windows\System\CVJivoi.exe

C:\Windows\System\CVJivoi.exe

C:\Windows\System\ZiajhcT.exe

C:\Windows\System\ZiajhcT.exe

C:\Windows\System\FCpBjQu.exe

C:\Windows\System\FCpBjQu.exe

C:\Windows\System\bepoXwc.exe

C:\Windows\System\bepoXwc.exe

C:\Windows\System\KWtnpwO.exe

C:\Windows\System\KWtnpwO.exe

C:\Windows\System\IZiKRti.exe

C:\Windows\System\IZiKRti.exe

C:\Windows\System\OiZdXfD.exe

C:\Windows\System\OiZdXfD.exe

C:\Windows\System\IQPNSOd.exe

C:\Windows\System\IQPNSOd.exe

C:\Windows\System\aqaFEnd.exe

C:\Windows\System\aqaFEnd.exe

C:\Windows\System\PQCxTOZ.exe

C:\Windows\System\PQCxTOZ.exe

C:\Windows\System\XbbkBXq.exe

C:\Windows\System\XbbkBXq.exe

C:\Windows\System\UbskeRe.exe

C:\Windows\System\UbskeRe.exe

C:\Windows\System\VdaQAhQ.exe

C:\Windows\System\VdaQAhQ.exe

C:\Windows\System\PybKdXk.exe

C:\Windows\System\PybKdXk.exe

C:\Windows\System\HUryjlK.exe

C:\Windows\System\HUryjlK.exe

C:\Windows\System\THSbYhK.exe

C:\Windows\System\THSbYhK.exe

C:\Windows\System\THIABLk.exe

C:\Windows\System\THIABLk.exe

C:\Windows\System\sfnWgCj.exe

C:\Windows\System\sfnWgCj.exe

C:\Windows\System\JXZFHCE.exe

C:\Windows\System\JXZFHCE.exe

C:\Windows\System\tPvtfLK.exe

C:\Windows\System\tPvtfLK.exe

C:\Windows\System\xjgfMpO.exe

C:\Windows\System\xjgfMpO.exe

C:\Windows\System\tVMIBic.exe

C:\Windows\System\tVMIBic.exe

C:\Windows\System\jFPVQch.exe

C:\Windows\System\jFPVQch.exe

C:\Windows\System\kOZLGeT.exe

C:\Windows\System\kOZLGeT.exe

C:\Windows\System\qFpHPLn.exe

C:\Windows\System\qFpHPLn.exe

C:\Windows\System\ZPowSJB.exe

C:\Windows\System\ZPowSJB.exe

C:\Windows\System\dmyMYfH.exe

C:\Windows\System\dmyMYfH.exe

C:\Windows\System\rBKEtmx.exe

C:\Windows\System\rBKEtmx.exe

C:\Windows\System\ifrYcFj.exe

C:\Windows\System\ifrYcFj.exe

C:\Windows\System\YcMYOya.exe

C:\Windows\System\YcMYOya.exe

C:\Windows\System\EvSxASP.exe

C:\Windows\System\EvSxASP.exe

C:\Windows\System\DAoaOVI.exe

C:\Windows\System\DAoaOVI.exe

C:\Windows\System\KQyGTfX.exe

C:\Windows\System\KQyGTfX.exe

C:\Windows\System\fnzKGjL.exe

C:\Windows\System\fnzKGjL.exe

C:\Windows\System\gDPmWqk.exe

C:\Windows\System\gDPmWqk.exe

C:\Windows\System\LXEKFVP.exe

C:\Windows\System\LXEKFVP.exe

C:\Windows\System\GLguZWz.exe

C:\Windows\System\GLguZWz.exe

C:\Windows\System\fUPdPSi.exe

C:\Windows\System\fUPdPSi.exe

C:\Windows\System\zrwiaqt.exe

C:\Windows\System\zrwiaqt.exe

C:\Windows\System\Jkebdcl.exe

C:\Windows\System\Jkebdcl.exe

C:\Windows\System\CNDMfno.exe

C:\Windows\System\CNDMfno.exe

C:\Windows\System\JHUsxpz.exe

C:\Windows\System\JHUsxpz.exe

C:\Windows\System\QhKlxua.exe

C:\Windows\System\QhKlxua.exe

C:\Windows\System\wsbigsn.exe

C:\Windows\System\wsbigsn.exe

C:\Windows\System\dibAXKB.exe

C:\Windows\System\dibAXKB.exe

C:\Windows\System\ovbFrRM.exe

C:\Windows\System\ovbFrRM.exe

C:\Windows\System\jFSJhOe.exe

C:\Windows\System\jFSJhOe.exe

C:\Windows\System\PAPxKBk.exe

C:\Windows\System\PAPxKBk.exe

C:\Windows\System\sNvYwqG.exe

C:\Windows\System\sNvYwqG.exe

C:\Windows\System\qnixLsI.exe

C:\Windows\System\qnixLsI.exe

C:\Windows\System\krzxQdS.exe

C:\Windows\System\krzxQdS.exe

C:\Windows\System\EGbjsuW.exe

C:\Windows\System\EGbjsuW.exe

C:\Windows\System\tdlZCEo.exe

C:\Windows\System\tdlZCEo.exe

C:\Windows\System\JLxwMWR.exe

C:\Windows\System\JLxwMWR.exe

C:\Windows\System\ucpLKnJ.exe

C:\Windows\System\ucpLKnJ.exe

C:\Windows\System\HsTzWnp.exe

C:\Windows\System\HsTzWnp.exe

C:\Windows\System\VbJlqyU.exe

C:\Windows\System\VbJlqyU.exe

C:\Windows\System\YBCXirO.exe

C:\Windows\System\YBCXirO.exe

C:\Windows\System\ziSLHwK.exe

C:\Windows\System\ziSLHwK.exe

C:\Windows\System\WTScweT.exe

C:\Windows\System\WTScweT.exe

C:\Windows\System\prikwMs.exe

C:\Windows\System\prikwMs.exe

C:\Windows\System\lNdqhJC.exe

C:\Windows\System\lNdqhJC.exe

C:\Windows\System\MnMoUfJ.exe

C:\Windows\System\MnMoUfJ.exe

C:\Windows\System\opcDrEf.exe

C:\Windows\System\opcDrEf.exe

C:\Windows\System\EwCDUxo.exe

C:\Windows\System\EwCDUxo.exe

C:\Windows\System\JivJZXE.exe

C:\Windows\System\JivJZXE.exe

C:\Windows\System\rMGvqiv.exe

C:\Windows\System\rMGvqiv.exe

C:\Windows\System\bZHtoHB.exe

C:\Windows\System\bZHtoHB.exe

C:\Windows\System\GIWGHAo.exe

C:\Windows\System\GIWGHAo.exe

C:\Windows\System\jMUCvvy.exe

C:\Windows\System\jMUCvvy.exe

C:\Windows\System\xOuRhJW.exe

C:\Windows\System\xOuRhJW.exe

C:\Windows\System\kSpemNw.exe

C:\Windows\System\kSpemNw.exe

C:\Windows\System\zJRTxMP.exe

C:\Windows\System\zJRTxMP.exe

C:\Windows\System\ELZiPlX.exe

C:\Windows\System\ELZiPlX.exe

C:\Windows\System\fQMmbvS.exe

C:\Windows\System\fQMmbvS.exe

C:\Windows\System\YrXFtRw.exe

C:\Windows\System\YrXFtRw.exe

C:\Windows\System\BXnXHPR.exe

C:\Windows\System\BXnXHPR.exe

C:\Windows\System\UPHeiDu.exe

C:\Windows\System\UPHeiDu.exe

C:\Windows\System\hUPWcXq.exe

C:\Windows\System\hUPWcXq.exe

C:\Windows\System\LONGqJx.exe

C:\Windows\System\LONGqJx.exe

C:\Windows\System\eXDyhie.exe

C:\Windows\System\eXDyhie.exe

C:\Windows\System\anzIpim.exe

C:\Windows\System\anzIpim.exe

C:\Windows\System\SHBgyyN.exe

C:\Windows\System\SHBgyyN.exe

C:\Windows\System\dtlDmpX.exe

C:\Windows\System\dtlDmpX.exe

C:\Windows\System\OlfFSqZ.exe

C:\Windows\System\OlfFSqZ.exe

C:\Windows\System\zLZuEYi.exe

C:\Windows\System\zLZuEYi.exe

C:\Windows\System\sIBAqSr.exe

C:\Windows\System\sIBAqSr.exe

C:\Windows\System\osLXqZY.exe

C:\Windows\System\osLXqZY.exe

C:\Windows\System\TIgpOtb.exe

C:\Windows\System\TIgpOtb.exe

C:\Windows\System\AdQgacv.exe

C:\Windows\System\AdQgacv.exe

C:\Windows\System\gSXggSo.exe

C:\Windows\System\gSXggSo.exe

C:\Windows\System\RNWQYvj.exe

C:\Windows\System\RNWQYvj.exe

C:\Windows\System\rsdtehD.exe

C:\Windows\System\rsdtehD.exe

C:\Windows\System\KrbJPJh.exe

C:\Windows\System\KrbJPJh.exe

C:\Windows\System\goRoeOl.exe

C:\Windows\System\goRoeOl.exe

C:\Windows\System\zcJakOD.exe

C:\Windows\System\zcJakOD.exe

C:\Windows\System\RHdSBRu.exe

C:\Windows\System\RHdSBRu.exe

C:\Windows\System\Cpwmbaw.exe

C:\Windows\System\Cpwmbaw.exe

C:\Windows\System\sbjsQvs.exe

C:\Windows\System\sbjsQvs.exe

C:\Windows\System\GZpFyky.exe

C:\Windows\System\GZpFyky.exe

C:\Windows\System\gqCdNsb.exe

C:\Windows\System\gqCdNsb.exe

C:\Windows\System\PLBrGNg.exe

C:\Windows\System\PLBrGNg.exe

C:\Windows\System\kkmFmuK.exe

C:\Windows\System\kkmFmuK.exe

C:\Windows\System\DIXsZyv.exe

C:\Windows\System\DIXsZyv.exe

C:\Windows\System\BSsXmOK.exe

C:\Windows\System\BSsXmOK.exe

C:\Windows\System\KnoEKWb.exe

C:\Windows\System\KnoEKWb.exe

C:\Windows\System\VCsxQTP.exe

C:\Windows\System\VCsxQTP.exe

C:\Windows\System\BxPOZec.exe

C:\Windows\System\BxPOZec.exe

C:\Windows\System\EUIljLT.exe

C:\Windows\System\EUIljLT.exe

C:\Windows\System\yiCluBW.exe

C:\Windows\System\yiCluBW.exe

C:\Windows\System\QchyrNH.exe

C:\Windows\System\QchyrNH.exe

C:\Windows\System\bHzKRSt.exe

C:\Windows\System\bHzKRSt.exe

C:\Windows\System\YJvXhdp.exe

C:\Windows\System\YJvXhdp.exe

C:\Windows\System\HOphskf.exe

C:\Windows\System\HOphskf.exe

C:\Windows\System\SxWxaDv.exe

C:\Windows\System\SxWxaDv.exe

C:\Windows\System\HjFykcg.exe

C:\Windows\System\HjFykcg.exe

C:\Windows\System\kHufGrN.exe

C:\Windows\System\kHufGrN.exe

C:\Windows\System\kFWVdxs.exe

C:\Windows\System\kFWVdxs.exe

C:\Windows\System\FYJEODT.exe

C:\Windows\System\FYJEODT.exe

C:\Windows\System\RsAjhdK.exe

C:\Windows\System\RsAjhdK.exe

C:\Windows\System\csjXwmp.exe

C:\Windows\System\csjXwmp.exe

C:\Windows\System\EQwCQYT.exe

C:\Windows\System\EQwCQYT.exe

C:\Windows\System\KlMVnlB.exe

C:\Windows\System\KlMVnlB.exe

C:\Windows\System\NfYEZsR.exe

C:\Windows\System\NfYEZsR.exe

C:\Windows\System\RajmGop.exe

C:\Windows\System\RajmGop.exe

C:\Windows\System\JxXPhmg.exe

C:\Windows\System\JxXPhmg.exe

C:\Windows\System\kyOtCif.exe

C:\Windows\System\kyOtCif.exe

C:\Windows\System\FdNNFqU.exe

C:\Windows\System\FdNNFqU.exe

C:\Windows\System\PbBRGIF.exe

C:\Windows\System\PbBRGIF.exe

C:\Windows\System\ePwuWSy.exe

C:\Windows\System\ePwuWSy.exe

C:\Windows\System\qqtCHVq.exe

C:\Windows\System\qqtCHVq.exe

C:\Windows\System\kunNhqQ.exe

C:\Windows\System\kunNhqQ.exe

C:\Windows\System\UAaERNX.exe

C:\Windows\System\UAaERNX.exe

C:\Windows\System\DbXrYHJ.exe

C:\Windows\System\DbXrYHJ.exe

C:\Windows\System\HofHuyd.exe

C:\Windows\System\HofHuyd.exe

C:\Windows\System\AcHsZWV.exe

C:\Windows\System\AcHsZWV.exe

C:\Windows\System\gAEbrWI.exe

C:\Windows\System\gAEbrWI.exe

C:\Windows\System\HXzmOct.exe

C:\Windows\System\HXzmOct.exe

C:\Windows\System\MdvFzVh.exe

C:\Windows\System\MdvFzVh.exe

C:\Windows\System\zFwJcJv.exe

C:\Windows\System\zFwJcJv.exe

C:\Windows\System\rzvNaHw.exe

C:\Windows\System\rzvNaHw.exe

C:\Windows\System\MsRmgpr.exe

C:\Windows\System\MsRmgpr.exe

C:\Windows\System\FuyZpmY.exe

C:\Windows\System\FuyZpmY.exe

C:\Windows\System\mEiCOLk.exe

C:\Windows\System\mEiCOLk.exe

C:\Windows\System\pXLggFn.exe

C:\Windows\System\pXLggFn.exe

C:\Windows\System\SpaAryB.exe

C:\Windows\System\SpaAryB.exe

C:\Windows\System\KrOgMYm.exe

C:\Windows\System\KrOgMYm.exe

C:\Windows\System\TMvgSrZ.exe

C:\Windows\System\TMvgSrZ.exe

C:\Windows\System\mAhGMSo.exe

C:\Windows\System\mAhGMSo.exe

C:\Windows\System\uZDhyUn.exe

C:\Windows\System\uZDhyUn.exe

C:\Windows\System\PhzkjAj.exe

C:\Windows\System\PhzkjAj.exe

C:\Windows\System\YNGczig.exe

C:\Windows\System\YNGczig.exe

C:\Windows\System\EzkzAvs.exe

C:\Windows\System\EzkzAvs.exe

C:\Windows\System\UNImdHS.exe

C:\Windows\System\UNImdHS.exe

C:\Windows\System\YBVNJQx.exe

C:\Windows\System\YBVNJQx.exe

C:\Windows\System\NOuHrfr.exe

C:\Windows\System\NOuHrfr.exe

C:\Windows\System\iOKMQtZ.exe

C:\Windows\System\iOKMQtZ.exe

C:\Windows\System\JVLWitT.exe

C:\Windows\System\JVLWitT.exe

C:\Windows\System\jaWjVJQ.exe

C:\Windows\System\jaWjVJQ.exe

C:\Windows\System\szfuLtG.exe

C:\Windows\System\szfuLtG.exe

C:\Windows\System\zaQiIAB.exe

C:\Windows\System\zaQiIAB.exe

C:\Windows\System\ipXoTFG.exe

C:\Windows\System\ipXoTFG.exe

C:\Windows\System\hbYrFsg.exe

C:\Windows\System\hbYrFsg.exe

C:\Windows\System\mBtCCLR.exe

C:\Windows\System\mBtCCLR.exe

C:\Windows\System\TzcrBPF.exe

C:\Windows\System\TzcrBPF.exe

C:\Windows\System\vakzoOR.exe

C:\Windows\System\vakzoOR.exe

C:\Windows\System\PKATOuA.exe

C:\Windows\System\PKATOuA.exe

C:\Windows\System\NvQWnZl.exe

C:\Windows\System\NvQWnZl.exe

C:\Windows\System\YDKHsTe.exe

C:\Windows\System\YDKHsTe.exe

C:\Windows\System\XgswwjF.exe

C:\Windows\System\XgswwjF.exe

C:\Windows\System\hOoyKRL.exe

C:\Windows\System\hOoyKRL.exe

C:\Windows\System\hPOmSUC.exe

C:\Windows\System\hPOmSUC.exe

C:\Windows\System\Nfwsirm.exe

C:\Windows\System\Nfwsirm.exe

C:\Windows\System\ddfqcpP.exe

C:\Windows\System\ddfqcpP.exe

C:\Windows\System\LEwGoPZ.exe

C:\Windows\System\LEwGoPZ.exe

C:\Windows\System\mVcUyge.exe

C:\Windows\System\mVcUyge.exe

C:\Windows\System\XNksYmT.exe

C:\Windows\System\XNksYmT.exe

C:\Windows\System\qCsiCoz.exe

C:\Windows\System\qCsiCoz.exe

C:\Windows\System\JzZFvnb.exe

C:\Windows\System\JzZFvnb.exe

C:\Windows\System\RdKZMen.exe

C:\Windows\System\RdKZMen.exe

C:\Windows\System\EItLaNH.exe

C:\Windows\System\EItLaNH.exe

C:\Windows\System\eaxfcxL.exe

C:\Windows\System\eaxfcxL.exe

C:\Windows\System\lOooayh.exe

C:\Windows\System\lOooayh.exe

C:\Windows\System\nbtIFlu.exe

C:\Windows\System\nbtIFlu.exe

C:\Windows\System\MhNqgEI.exe

C:\Windows\System\MhNqgEI.exe

C:\Windows\System\xRVEapl.exe

C:\Windows\System\xRVEapl.exe

C:\Windows\System\OtyESHX.exe

C:\Windows\System\OtyESHX.exe

C:\Windows\System\qRtuqKb.exe

C:\Windows\System\qRtuqKb.exe

C:\Windows\System\GoUTljn.exe

C:\Windows\System\GoUTljn.exe

C:\Windows\System\FSRFnGq.exe

C:\Windows\System\FSRFnGq.exe

C:\Windows\System\KvjdRBT.exe

C:\Windows\System\KvjdRBT.exe

C:\Windows\System\akzDuKI.exe

C:\Windows\System\akzDuKI.exe

C:\Windows\System\xKtkrIG.exe

C:\Windows\System\xKtkrIG.exe

C:\Windows\System\uNLGXxt.exe

C:\Windows\System\uNLGXxt.exe

C:\Windows\System\FcJdmZt.exe

C:\Windows\System\FcJdmZt.exe

C:\Windows\System\EZDbeVJ.exe

C:\Windows\System\EZDbeVJ.exe

C:\Windows\System\AaNljhP.exe

C:\Windows\System\AaNljhP.exe

C:\Windows\System\iFzdeJz.exe

C:\Windows\System\iFzdeJz.exe

C:\Windows\System\zXGoQEi.exe

C:\Windows\System\zXGoQEi.exe

C:\Windows\System\QJXKOke.exe

C:\Windows\System\QJXKOke.exe

C:\Windows\System\FTRLcCx.exe

C:\Windows\System\FTRLcCx.exe

C:\Windows\System\IFopqHp.exe

C:\Windows\System\IFopqHp.exe

C:\Windows\System\thrYlsL.exe

C:\Windows\System\thrYlsL.exe

C:\Windows\System\YoxEwtk.exe

C:\Windows\System\YoxEwtk.exe

C:\Windows\System\gRLtmIH.exe

C:\Windows\System\gRLtmIH.exe

C:\Windows\System\oAwjpds.exe

C:\Windows\System\oAwjpds.exe

C:\Windows\System\fGzyTsa.exe

C:\Windows\System\fGzyTsa.exe

C:\Windows\System\mSzSgSm.exe

C:\Windows\System\mSzSgSm.exe

C:\Windows\System\dDMjwLT.exe

C:\Windows\System\dDMjwLT.exe

C:\Windows\System\kIAvdex.exe

C:\Windows\System\kIAvdex.exe

C:\Windows\System\TusYMjp.exe

C:\Windows\System\TusYMjp.exe

C:\Windows\System\rxbcOAp.exe

C:\Windows\System\rxbcOAp.exe

C:\Windows\System\QuqJuGY.exe

C:\Windows\System\QuqJuGY.exe

C:\Windows\System\pSCVDVn.exe

C:\Windows\System\pSCVDVn.exe

C:\Windows\System\ZbkoJxI.exe

C:\Windows\System\ZbkoJxI.exe

C:\Windows\System\oGSpjNA.exe

C:\Windows\System\oGSpjNA.exe

C:\Windows\System\eaqWLoD.exe

C:\Windows\System\eaqWLoD.exe

C:\Windows\System\rPzMldu.exe

C:\Windows\System\rPzMldu.exe

C:\Windows\System\IkUHVXE.exe

C:\Windows\System\IkUHVXE.exe

C:\Windows\System\jtodais.exe

C:\Windows\System\jtodais.exe

C:\Windows\System\yDqCfUk.exe

C:\Windows\System\yDqCfUk.exe

C:\Windows\System\PTIsnrl.exe

C:\Windows\System\PTIsnrl.exe

C:\Windows\System\ICjvnQI.exe

C:\Windows\System\ICjvnQI.exe

C:\Windows\System\xCKKVyj.exe

C:\Windows\System\xCKKVyj.exe

C:\Windows\System\mJpPixb.exe

C:\Windows\System\mJpPixb.exe

C:\Windows\System\lHaRswq.exe

C:\Windows\System\lHaRswq.exe

C:\Windows\System\qKWOTgu.exe

C:\Windows\System\qKWOTgu.exe

C:\Windows\System\FihZMNa.exe

C:\Windows\System\FihZMNa.exe

C:\Windows\System\AOdXNYv.exe

C:\Windows\System\AOdXNYv.exe

C:\Windows\System\OsBjvcx.exe

C:\Windows\System\OsBjvcx.exe

C:\Windows\System\LeEDFlL.exe

C:\Windows\System\LeEDFlL.exe

C:\Windows\System\XqOIfKd.exe

C:\Windows\System\XqOIfKd.exe

C:\Windows\System\MriDMCC.exe

C:\Windows\System\MriDMCC.exe

C:\Windows\System\lPyGpfH.exe

C:\Windows\System\lPyGpfH.exe

C:\Windows\System\mKgIhGz.exe

C:\Windows\System\mKgIhGz.exe

C:\Windows\System\fMVcMJp.exe

C:\Windows\System\fMVcMJp.exe

C:\Windows\System\MTPRFAK.exe

C:\Windows\System\MTPRFAK.exe

C:\Windows\System\TDQzvor.exe

C:\Windows\System\TDQzvor.exe

C:\Windows\System\VzNUeJA.exe

C:\Windows\System\VzNUeJA.exe

C:\Windows\System\iLTHRkx.exe

C:\Windows\System\iLTHRkx.exe

C:\Windows\System\nthpKgV.exe

C:\Windows\System\nthpKgV.exe

C:\Windows\System\McdvEoc.exe

C:\Windows\System\McdvEoc.exe

C:\Windows\System\IMaxyFa.exe

C:\Windows\System\IMaxyFa.exe

C:\Windows\System\kNeqMjn.exe

C:\Windows\System\kNeqMjn.exe

C:\Windows\System\TmYFuHG.exe

C:\Windows\System\TmYFuHG.exe

C:\Windows\System\FwNJpLR.exe

C:\Windows\System\FwNJpLR.exe

C:\Windows\System\rdzLZph.exe

C:\Windows\System\rdzLZph.exe

C:\Windows\System\NCQaoyN.exe

C:\Windows\System\NCQaoyN.exe

C:\Windows\System\nJdVXrr.exe

C:\Windows\System\nJdVXrr.exe

C:\Windows\System\BnJxLNn.exe

C:\Windows\System\BnJxLNn.exe

C:\Windows\System\yISEvnU.exe

C:\Windows\System\yISEvnU.exe

C:\Windows\System\ypyTrba.exe

C:\Windows\System\ypyTrba.exe

C:\Windows\System\mrUKHmL.exe

C:\Windows\System\mrUKHmL.exe

C:\Windows\System\amlgjKP.exe

C:\Windows\System\amlgjKP.exe

C:\Windows\System\SKbePkL.exe

C:\Windows\System\SKbePkL.exe

C:\Windows\System\TSbCscP.exe

C:\Windows\System\TSbCscP.exe

C:\Windows\System\IRebqRZ.exe

C:\Windows\System\IRebqRZ.exe

C:\Windows\System\ISZEIwZ.exe

C:\Windows\System\ISZEIwZ.exe

C:\Windows\System\YFmQTIb.exe

C:\Windows\System\YFmQTIb.exe

C:\Windows\System\ShmYDLW.exe

C:\Windows\System\ShmYDLW.exe

C:\Windows\System\bqYARBN.exe

C:\Windows\System\bqYARBN.exe

C:\Windows\System\SnoPPMZ.exe

C:\Windows\System\SnoPPMZ.exe

C:\Windows\System\FsEcWdE.exe

C:\Windows\System\FsEcWdE.exe

C:\Windows\System\QKgRWgC.exe

C:\Windows\System\QKgRWgC.exe

C:\Windows\System\fxjHPsg.exe

C:\Windows\System\fxjHPsg.exe

C:\Windows\System\oRwmqNC.exe

C:\Windows\System\oRwmqNC.exe

C:\Windows\System\tFnwuKr.exe

C:\Windows\System\tFnwuKr.exe

C:\Windows\System\CSddLMl.exe

C:\Windows\System\CSddLMl.exe

C:\Windows\System\KpJcdDE.exe

C:\Windows\System\KpJcdDE.exe

C:\Windows\System\pYAZHuv.exe

C:\Windows\System\pYAZHuv.exe

C:\Windows\System\krEJhRa.exe

C:\Windows\System\krEJhRa.exe

C:\Windows\System\ebyrkzf.exe

C:\Windows\System\ebyrkzf.exe

C:\Windows\System\tWHyaqK.exe

C:\Windows\System\tWHyaqK.exe

C:\Windows\System\MQRxXxv.exe

C:\Windows\System\MQRxXxv.exe

C:\Windows\System\pBjZWrQ.exe

C:\Windows\System\pBjZWrQ.exe

C:\Windows\System\ucXvCBl.exe

C:\Windows\System\ucXvCBl.exe

C:\Windows\System\LgaXlyK.exe

C:\Windows\System\LgaXlyK.exe

C:\Windows\System\vfemlcv.exe

C:\Windows\System\vfemlcv.exe

C:\Windows\System\MTAWHay.exe

C:\Windows\System\MTAWHay.exe

C:\Windows\System\sjTDBxe.exe

C:\Windows\System\sjTDBxe.exe

C:\Windows\System\HsEiIuV.exe

C:\Windows\System\HsEiIuV.exe

C:\Windows\System\kqJERQk.exe

C:\Windows\System\kqJERQk.exe

C:\Windows\System\YnMNjvX.exe

C:\Windows\System\YnMNjvX.exe

C:\Windows\System\vyihOpC.exe

C:\Windows\System\vyihOpC.exe

C:\Windows\System\RIVnhjQ.exe

C:\Windows\System\RIVnhjQ.exe

C:\Windows\System\SlzneHV.exe

C:\Windows\System\SlzneHV.exe

C:\Windows\System\DMDauqB.exe

C:\Windows\System\DMDauqB.exe

C:\Windows\System\OoakcwA.exe

C:\Windows\System\OoakcwA.exe

C:\Windows\System\kjCQOoM.exe

C:\Windows\System\kjCQOoM.exe

C:\Windows\System\yGcciOT.exe

C:\Windows\System\yGcciOT.exe

C:\Windows\System\TZuqTlT.exe

C:\Windows\System\TZuqTlT.exe

C:\Windows\System\GBrPlzY.exe

C:\Windows\System\GBrPlzY.exe

C:\Windows\System\raBqiKr.exe

C:\Windows\System\raBqiKr.exe

C:\Windows\System\qaHrhEs.exe

C:\Windows\System\qaHrhEs.exe

C:\Windows\System\mrgGxzg.exe

C:\Windows\System\mrgGxzg.exe

C:\Windows\System\JRaHxNk.exe

C:\Windows\System\JRaHxNk.exe

C:\Windows\System\nfKkCTi.exe

C:\Windows\System\nfKkCTi.exe

C:\Windows\System\FAguPbn.exe

C:\Windows\System\FAguPbn.exe

C:\Windows\System\viVeDkx.exe

C:\Windows\System\viVeDkx.exe

C:\Windows\System\GCfttmp.exe

C:\Windows\System\GCfttmp.exe

C:\Windows\System\CFBuNnP.exe

C:\Windows\System\CFBuNnP.exe

C:\Windows\System\WEvVJoG.exe

C:\Windows\System\WEvVJoG.exe

C:\Windows\System\MTOREKE.exe

C:\Windows\System\MTOREKE.exe

C:\Windows\System\KIeaGiU.exe

C:\Windows\System\KIeaGiU.exe

C:\Windows\System\XYcjlIa.exe

C:\Windows\System\XYcjlIa.exe

C:\Windows\System\PYWqCna.exe

C:\Windows\System\PYWqCna.exe

C:\Windows\System\spQCjZY.exe

C:\Windows\System\spQCjZY.exe

C:\Windows\System\lKtKlUA.exe

C:\Windows\System\lKtKlUA.exe

C:\Windows\System\cRRraEe.exe

C:\Windows\System\cRRraEe.exe

C:\Windows\System\QwmURPZ.exe

C:\Windows\System\QwmURPZ.exe

C:\Windows\System\YaRNhUF.exe

C:\Windows\System\YaRNhUF.exe

C:\Windows\System\QBQYJRX.exe

C:\Windows\System\QBQYJRX.exe

C:\Windows\System\KBWtHwR.exe

C:\Windows\System\KBWtHwR.exe

C:\Windows\System\zDZQFlf.exe

C:\Windows\System\zDZQFlf.exe

C:\Windows\System\KGuhmgV.exe

C:\Windows\System\KGuhmgV.exe

C:\Windows\System\fWVWBgG.exe

C:\Windows\System\fWVWBgG.exe

C:\Windows\System\EPWIexL.exe

C:\Windows\System\EPWIexL.exe

C:\Windows\System\mJaXxNv.exe

C:\Windows\System\mJaXxNv.exe

C:\Windows\System\UTejaON.exe

C:\Windows\System\UTejaON.exe

C:\Windows\System\MpHGZnO.exe

C:\Windows\System\MpHGZnO.exe

C:\Windows\System\zLAvTBQ.exe

C:\Windows\System\zLAvTBQ.exe

C:\Windows\System\TcHRduL.exe

C:\Windows\System\TcHRduL.exe

C:\Windows\System\kasVzns.exe

C:\Windows\System\kasVzns.exe

C:\Windows\System\GngTEFo.exe

C:\Windows\System\GngTEFo.exe

C:\Windows\System\jPJmAEv.exe

C:\Windows\System\jPJmAEv.exe

C:\Windows\System\iJiiClR.exe

C:\Windows\System\iJiiClR.exe

C:\Windows\System\JutyAVr.exe

C:\Windows\System\JutyAVr.exe

C:\Windows\System\JmiUTpd.exe

C:\Windows\System\JmiUTpd.exe

C:\Windows\System\cTWsgDn.exe

C:\Windows\System\cTWsgDn.exe

C:\Windows\System\JHLyWuR.exe

C:\Windows\System\JHLyWuR.exe

C:\Windows\System\qNddwwg.exe

C:\Windows\System\qNddwwg.exe

C:\Windows\System\DoIZLrU.exe

C:\Windows\System\DoIZLrU.exe

C:\Windows\System\zBrOVzW.exe

C:\Windows\System\zBrOVzW.exe

C:\Windows\System\uLVvspK.exe

C:\Windows\System\uLVvspK.exe

C:\Windows\System\yCFXmGj.exe

C:\Windows\System\yCFXmGj.exe

C:\Windows\System\GdqxKVT.exe

C:\Windows\System\GdqxKVT.exe

C:\Windows\System\JRWKfDA.exe

C:\Windows\System\JRWKfDA.exe

C:\Windows\System\jjliBoZ.exe

C:\Windows\System\jjliBoZ.exe

C:\Windows\System\CEoqGtd.exe

C:\Windows\System\CEoqGtd.exe

C:\Windows\System\qEqEXeT.exe

C:\Windows\System\qEqEXeT.exe

C:\Windows\System\xVFAXVB.exe

C:\Windows\System\xVFAXVB.exe

C:\Windows\System\SIwrBUx.exe

C:\Windows\System\SIwrBUx.exe

C:\Windows\System\mFIThmx.exe

C:\Windows\System\mFIThmx.exe

C:\Windows\System\QEOJgvQ.exe

C:\Windows\System\QEOJgvQ.exe

C:\Windows\System\JiDKUZn.exe

C:\Windows\System\JiDKUZn.exe

C:\Windows\System\zTOqlVy.exe

C:\Windows\System\zTOqlVy.exe

C:\Windows\System\IlJEvZB.exe

C:\Windows\System\IlJEvZB.exe

C:\Windows\System\yIbbFcx.exe

C:\Windows\System\yIbbFcx.exe

C:\Windows\System\Cgzawll.exe

C:\Windows\System\Cgzawll.exe

C:\Windows\System\wWCaUAB.exe

C:\Windows\System\wWCaUAB.exe

C:\Windows\System\IXNMxcr.exe

C:\Windows\System\IXNMxcr.exe

C:\Windows\System\vnfeycc.exe

C:\Windows\System\vnfeycc.exe

C:\Windows\System\bhFyYIg.exe

C:\Windows\System\bhFyYIg.exe

C:\Windows\System\ZnBufkZ.exe

C:\Windows\System\ZnBufkZ.exe

C:\Windows\System\dQPHerk.exe

C:\Windows\System\dQPHerk.exe

C:\Windows\System\dGlgWMD.exe

C:\Windows\System\dGlgWMD.exe

C:\Windows\System\FUALWDs.exe

C:\Windows\System\FUALWDs.exe

C:\Windows\System\SINoJaS.exe

C:\Windows\System\SINoJaS.exe

C:\Windows\System\szznZep.exe

C:\Windows\System\szznZep.exe

C:\Windows\System\nrqzqlb.exe

C:\Windows\System\nrqzqlb.exe

C:\Windows\System\bjIhuRM.exe

C:\Windows\System\bjIhuRM.exe

C:\Windows\System\XmBhxXU.exe

C:\Windows\System\XmBhxXU.exe

C:\Windows\System\chkVSzj.exe

C:\Windows\System\chkVSzj.exe

C:\Windows\System\AtrELbC.exe

C:\Windows\System\AtrELbC.exe

C:\Windows\System\NVSxdnl.exe

C:\Windows\System\NVSxdnl.exe

C:\Windows\System\wuaIJiA.exe

C:\Windows\System\wuaIJiA.exe

C:\Windows\System\uEBYBDy.exe

C:\Windows\System\uEBYBDy.exe

C:\Windows\System\qpLyhBZ.exe

C:\Windows\System\qpLyhBZ.exe

C:\Windows\System\LPkBXSG.exe

C:\Windows\System\LPkBXSG.exe

C:\Windows\System\kJuAhup.exe

C:\Windows\System\kJuAhup.exe

C:\Windows\System\DmTkiyN.exe

C:\Windows\System\DmTkiyN.exe

C:\Windows\System\dVggREu.exe

C:\Windows\System\dVggREu.exe

C:\Windows\System\HrCzrtP.exe

C:\Windows\System\HrCzrtP.exe

C:\Windows\System\PxArWcR.exe

C:\Windows\System\PxArWcR.exe

C:\Windows\System\SpRVFqb.exe

C:\Windows\System\SpRVFqb.exe

C:\Windows\System\izhrsWZ.exe

C:\Windows\System\izhrsWZ.exe

C:\Windows\System\aZwaKuu.exe

C:\Windows\System\aZwaKuu.exe

C:\Windows\System\PljKrEk.exe

C:\Windows\System\PljKrEk.exe

C:\Windows\System\uZwSrvE.exe

C:\Windows\System\uZwSrvE.exe

C:\Windows\System\bBkICps.exe

C:\Windows\System\bBkICps.exe

C:\Windows\System\YdoBEnJ.exe

C:\Windows\System\YdoBEnJ.exe

C:\Windows\System\bMcCypu.exe

C:\Windows\System\bMcCypu.exe

C:\Windows\System\ohhSVcv.exe

C:\Windows\System\ohhSVcv.exe

C:\Windows\System\xGdiMrT.exe

C:\Windows\System\xGdiMrT.exe

C:\Windows\System\OZEvmOJ.exe

C:\Windows\System\OZEvmOJ.exe

C:\Windows\System\RbsUGHd.exe

C:\Windows\System\RbsUGHd.exe

C:\Windows\System\LufGJhs.exe

C:\Windows\System\LufGJhs.exe

C:\Windows\System\AKBtCCc.exe

C:\Windows\System\AKBtCCc.exe

C:\Windows\System\ihqnOLr.exe

C:\Windows\System\ihqnOLr.exe

C:\Windows\System\qvVqrQt.exe

C:\Windows\System\qvVqrQt.exe

C:\Windows\System\rCyHeBP.exe

C:\Windows\System\rCyHeBP.exe

C:\Windows\System\BfxEmpT.exe

C:\Windows\System\BfxEmpT.exe

C:\Windows\System\mAzmDQF.exe

C:\Windows\System\mAzmDQF.exe

C:\Windows\System\sOdJOgA.exe

C:\Windows\System\sOdJOgA.exe

C:\Windows\System\gMsulNH.exe

C:\Windows\System\gMsulNH.exe

C:\Windows\System\eNfQSSo.exe

C:\Windows\System\eNfQSSo.exe

C:\Windows\System\dMXGhSJ.exe

C:\Windows\System\dMXGhSJ.exe

C:\Windows\System\anfGvOE.exe

C:\Windows\System\anfGvOE.exe

C:\Windows\System\PWssMbN.exe

C:\Windows\System\PWssMbN.exe

C:\Windows\System\DxjfXli.exe

C:\Windows\System\DxjfXli.exe

C:\Windows\System\FYDfehS.exe

C:\Windows\System\FYDfehS.exe

C:\Windows\System\TzdlYzp.exe

C:\Windows\System\TzdlYzp.exe

C:\Windows\System\fSRkYha.exe

C:\Windows\System\fSRkYha.exe

C:\Windows\System\ByErnmm.exe

C:\Windows\System\ByErnmm.exe

C:\Windows\System\ivwrOQR.exe

C:\Windows\System\ivwrOQR.exe

C:\Windows\System\lUmkwuq.exe

C:\Windows\System\lUmkwuq.exe

C:\Windows\System\SBSfLma.exe

C:\Windows\System\SBSfLma.exe

C:\Windows\System\FcxtOLh.exe

C:\Windows\System\FcxtOLh.exe

C:\Windows\System\CfcPufD.exe

C:\Windows\System\CfcPufD.exe

C:\Windows\System\EuSnpqe.exe

C:\Windows\System\EuSnpqe.exe

C:\Windows\System\AoDTKFC.exe

C:\Windows\System\AoDTKFC.exe

C:\Windows\System\uEzAVfx.exe

C:\Windows\System\uEzAVfx.exe

C:\Windows\System\WVtofzf.exe

C:\Windows\System\WVtofzf.exe

C:\Windows\System\bPiujfH.exe

C:\Windows\System\bPiujfH.exe

C:\Windows\System\PgztseK.exe

C:\Windows\System\PgztseK.exe

C:\Windows\System\ochomJz.exe

C:\Windows\System\ochomJz.exe

C:\Windows\System\ymxJZuH.exe

C:\Windows\System\ymxJZuH.exe

C:\Windows\System\uFWfwFU.exe

C:\Windows\System\uFWfwFU.exe

C:\Windows\System\KCIYnQT.exe

C:\Windows\System\KCIYnQT.exe

C:\Windows\System\WEpzEBn.exe

C:\Windows\System\WEpzEBn.exe

C:\Windows\System\tPSnvkm.exe

C:\Windows\System\tPSnvkm.exe

C:\Windows\System\yplCXCL.exe

C:\Windows\System\yplCXCL.exe

C:\Windows\System\fDZrpMM.exe

C:\Windows\System\fDZrpMM.exe

C:\Windows\System\qpQXAXs.exe

C:\Windows\System\qpQXAXs.exe

C:\Windows\System\fiXvssZ.exe

C:\Windows\System\fiXvssZ.exe

C:\Windows\System\ciobnWS.exe

C:\Windows\System\ciobnWS.exe

C:\Windows\System\dEPZoFw.exe

C:\Windows\System\dEPZoFw.exe

C:\Windows\System\FfrKhIJ.exe

C:\Windows\System\FfrKhIJ.exe

C:\Windows\System\bKqudeh.exe

C:\Windows\System\bKqudeh.exe

C:\Windows\System\XGDHnBN.exe

C:\Windows\System\XGDHnBN.exe

C:\Windows\System\yUAPPck.exe

C:\Windows\System\yUAPPck.exe

C:\Windows\System\DOIHDmW.exe

C:\Windows\System\DOIHDmW.exe

C:\Windows\System\vhacDFZ.exe

C:\Windows\System\vhacDFZ.exe

C:\Windows\System\wAVcfAJ.exe

C:\Windows\System\wAVcfAJ.exe

C:\Windows\System\CevKfcp.exe

C:\Windows\System\CevKfcp.exe

C:\Windows\System\OSRRtQV.exe

C:\Windows\System\OSRRtQV.exe

C:\Windows\System\gJCpTqd.exe

C:\Windows\System\gJCpTqd.exe

C:\Windows\System\aZPrqPk.exe

C:\Windows\System\aZPrqPk.exe

C:\Windows\System\TRxIGki.exe

C:\Windows\System\TRxIGki.exe

C:\Windows\System\dlvKNxd.exe

C:\Windows\System\dlvKNxd.exe

C:\Windows\System\aYjfHLa.exe

C:\Windows\System\aYjfHLa.exe

C:\Windows\System\hUBSBrT.exe

C:\Windows\System\hUBSBrT.exe

C:\Windows\System\SizMSYz.exe

C:\Windows\System\SizMSYz.exe

C:\Windows\System\UCFBIpP.exe

C:\Windows\System\UCFBIpP.exe

C:\Windows\System\nFFcPBw.exe

C:\Windows\System\nFFcPBw.exe

C:\Windows\System\MPvjEzM.exe

C:\Windows\System\MPvjEzM.exe

C:\Windows\System\mYOMcKr.exe

C:\Windows\System\mYOMcKr.exe

C:\Windows\System\GYcfZmI.exe

C:\Windows\System\GYcfZmI.exe

C:\Windows\System\BWMQIEy.exe

C:\Windows\System\BWMQIEy.exe

C:\Windows\System\lFbmUNx.exe

C:\Windows\System\lFbmUNx.exe

C:\Windows\System\auHPcEX.exe

C:\Windows\System\auHPcEX.exe

C:\Windows\System\UnBqjnA.exe

C:\Windows\System\UnBqjnA.exe

C:\Windows\System\yNBaRyj.exe

C:\Windows\System\yNBaRyj.exe

C:\Windows\System\SMWqaIw.exe

C:\Windows\System\SMWqaIw.exe

C:\Windows\System\XHWSQRA.exe

C:\Windows\System\XHWSQRA.exe

C:\Windows\System\ieOpElc.exe

C:\Windows\System\ieOpElc.exe

C:\Windows\System\URUsNiq.exe

C:\Windows\System\URUsNiq.exe

C:\Windows\System\CSXSSRo.exe

C:\Windows\System\CSXSSRo.exe

C:\Windows\System\RzRgMPR.exe

C:\Windows\System\RzRgMPR.exe

C:\Windows\System\LfAVmAl.exe

C:\Windows\System\LfAVmAl.exe

C:\Windows\System\GErxcxh.exe

C:\Windows\System\GErxcxh.exe

C:\Windows\System\HpOKAwl.exe

C:\Windows\System\HpOKAwl.exe

C:\Windows\System\iYuoGEQ.exe

C:\Windows\System\iYuoGEQ.exe

C:\Windows\System\zqlGBLB.exe

C:\Windows\System\zqlGBLB.exe

C:\Windows\System\tWBkflm.exe

C:\Windows\System\tWBkflm.exe

C:\Windows\System\CcTmGBm.exe

C:\Windows\System\CcTmGBm.exe

C:\Windows\System\FwonYre.exe

C:\Windows\System\FwonYre.exe

C:\Windows\System\lxBeUCp.exe

C:\Windows\System\lxBeUCp.exe

C:\Windows\System\cWFlsny.exe

C:\Windows\System\cWFlsny.exe

C:\Windows\System\xsqLYWH.exe

C:\Windows\System\xsqLYWH.exe

C:\Windows\System\DazlZqz.exe

C:\Windows\System\DazlZqz.exe

C:\Windows\System\mDWYbIl.exe

C:\Windows\System\mDWYbIl.exe

C:\Windows\System\YYpRGWP.exe

C:\Windows\System\YYpRGWP.exe

C:\Windows\System\baZzdrn.exe

C:\Windows\System\baZzdrn.exe

C:\Windows\System\YRjjWHC.exe

C:\Windows\System\YRjjWHC.exe

C:\Windows\System\JtioVRm.exe

C:\Windows\System\JtioVRm.exe

C:\Windows\System\jLyMmJi.exe

C:\Windows\System\jLyMmJi.exe

C:\Windows\System\eEUTloR.exe

C:\Windows\System\eEUTloR.exe

C:\Windows\System\FmpEXUe.exe

C:\Windows\System\FmpEXUe.exe

C:\Windows\System\eWZTwAV.exe

C:\Windows\System\eWZTwAV.exe

C:\Windows\System\VzakzZS.exe

C:\Windows\System\VzakzZS.exe

C:\Windows\System\FplmSaQ.exe

C:\Windows\System\FplmSaQ.exe

C:\Windows\System\csPGKee.exe

C:\Windows\System\csPGKee.exe

C:\Windows\System\pMFdZCI.exe

C:\Windows\System\pMFdZCI.exe

C:\Windows\System\PgvWEMO.exe

C:\Windows\System\PgvWEMO.exe

C:\Windows\System\umOlLnf.exe

C:\Windows\System\umOlLnf.exe

C:\Windows\System\sODSetM.exe

C:\Windows\System\sODSetM.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\System32\WaaSMedicAgent.exe

C:\Windows\System32\WaaSMedicAgent.exe 5d55a3efb4ed928d261671f0314467e9 Zz65CFMkYUiQM9ir9Ulskw.0.1.0.0.0

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp

Files

memory/220-0-0x00007FF64C960000-0x00007FF64CCB1000-memory.dmp

memory/220-1-0x0000014592310000-0x0000014592320000-memory.dmp

C:\Windows\System\vhTkYJg.exe

MD5 ce71137a903c1df39812843703f42893
SHA1 3c001ed3209f11f4fd52dfe9d8961829de20e5a1
SHA256 74edb6f85982ef5407238dfba54feb44b65d31df8c6550bf230344f02f55874b
SHA512 55d82665d16d977308b8ea42133faceb08587e2e5e1454c25cd74d1bb3a19dfe0fdd406e1d6df24009e867662ea3aeb77f7be614f36eb4db64f3329dfb17321f

C:\Windows\System\DIOzawn.exe

MD5 a2e8c102f80bfd0d3ef0cc1abbeb0f2b
SHA1 49de7f070d724a66e37f06f67f26c9f7cb32c395
SHA256 6cf39588a7221eb6b4cbf5357b33f0847e4a61b5f1ce269910d814fa070c62df
SHA512 b084231bc8c08f10a921f69af9f93fe695261120749aa38e7c8be27c9ff4c05b1a645cb50278684ea5f12ccf9b6dda221e26a23e91cdf9f13c64c6cf329c55a9

C:\Windows\System\oEWyesv.exe

MD5 84811c33f2e94aedf1d5be991c1e940b
SHA1 3e8fa5951234b7ee0de3bae9d1b7d31d716d6cf6
SHA256 f421e29fb2d709439a0e917ef89ffcb64e93b1720706f963048ae906ef313a88
SHA512 92fb408544ed7efc12a45a7d94c65835a0b27473bc76094742305ab1707aee5a54df1d4c7b7e23746af4b8cca07735a008108c70de5079d25d19373106ce3a23

C:\Windows\System\BzWQiCF.exe

MD5 84fed71070ce5a73bdb72d175f6e6961
SHA1 9dc0a8a7b70bdf419d0855180e0156b22ddce9fc
SHA256 30c5885b2a7774f09873a47c0a02fc953254403637602212d47b9fed3ffbdeff
SHA512 edb62f3eb3683dc91ef06809c4aaadaee15b03a93c5035fd597c9d76d73ef064bfa2bca3e83aebf0d9de16cc3fb0e90bb77bac6cf655e3c6d5e2346aaeaa4205

C:\Windows\System\ZMGroeN.exe

MD5 cd17625de733a7b783543c8493986884
SHA1 5bd7a6af6e5f92b245fe2d2a904072fd87bedeed
SHA256 89184ab57eeacad5572fafee21a96a93c3b284d6c094da500fe4003fbbe65635
SHA512 52a0e65e0effe0de22cb0e1e4a2529766a0c8dcfd614ece0180ed424e09c7b1bc71db339fcd7aa3389c10c54ada15b728d7801b8b9dccdb8fc2298da69a15038

memory/428-409-0x00007FF611990000-0x00007FF611CE1000-memory.dmp

memory/3576-497-0x00007FF798BE0000-0x00007FF798F31000-memory.dmp

memory/4796-605-0x00007FF7B3440000-0x00007FF7B3791000-memory.dmp

memory/220-2116-0x00007FF64C960000-0x00007FF64CCB1000-memory.dmp

memory/4376-609-0x00007FF660EC0000-0x00007FF661211000-memory.dmp

memory/3216-608-0x00007FF66BBE0000-0x00007FF66BF31000-memory.dmp

memory/4972-607-0x00007FF7E69C0000-0x00007FF7E6D11000-memory.dmp

memory/3368-606-0x00007FF778DF0000-0x00007FF779141000-memory.dmp

memory/4080-604-0x00007FF6895C0000-0x00007FF689911000-memory.dmp

memory/3008-603-0x00007FF728270000-0x00007FF7285C1000-memory.dmp

memory/3776-602-0x00007FF79BD90000-0x00007FF79C0E1000-memory.dmp

memory/5076-601-0x00007FF6198B0000-0x00007FF619C01000-memory.dmp

memory/436-600-0x00007FF631940000-0x00007FF631C91000-memory.dmp

memory/2588-599-0x00007FF7488D0000-0x00007FF748C21000-memory.dmp

memory/3604-598-0x00007FF7CF620000-0x00007FF7CF971000-memory.dmp

memory/1368-597-0x00007FF6FE1F0000-0x00007FF6FE541000-memory.dmp

memory/1084-596-0x00007FF6D64D0000-0x00007FF6D6821000-memory.dmp

memory/3088-408-0x00007FF7E3DA0000-0x00007FF7E40F1000-memory.dmp

memory/2408-359-0x00007FF7B2310000-0x00007FF7B2661000-memory.dmp

memory/3328-299-0x00007FF749BF0000-0x00007FF749F41000-memory.dmp

memory/748-230-0x00007FF662E90000-0x00007FF6631E1000-memory.dmp

memory/2316-227-0x00007FF6276C0000-0x00007FF627A11000-memory.dmp

C:\Windows\System\EaxreYq.exe

MD5 fdeff5b16bd6cbb1a2faa5210434d2f9
SHA1 0bdbc33e2a35a16a6951b30e56477d145fceeccd
SHA256 a00ed8d4ca82b6b643d96b59b5c7aab8d6a88f2898b2d3a73df84df6d89d8ffa
SHA512 b4ea8406e912cb7f40e39c6cd52b4ec5f89d800cf3fa995d65a3cea09f782cebf5d6640c5be2b41d26846e1578c11dfe06d03f641973bcbb55990bba7a66ecfb

C:\Windows\System\iPLdMFh.exe

MD5 58892001b34ac25b6b763425ee0bef1e
SHA1 95121daea8e7e1e7ce22ac022b1ca8d2793c61ad
SHA256 99a4a43b43c25a04b88858e175f72e913aa49ece5700b50d99dc3eb1d96cfe05
SHA512 ad0b6739b93c323eb5b145e2e7b29a688be0e957f6c0c6b758c1456028eed7461a640528eb2ca02adc805696da0c2f315d19892312a2eaf16047062debfb0e73

C:\Windows\System\cvXSOPc.exe

MD5 7d20b1d9519c69a06e0d4226526fe23d
SHA1 1c849a41f0bc63a8cbcca04f93373397e11da40a
SHA256 d2542019ebea0e36f023affdb4bb1731337e4c8ee2c52f26234eef0f44406844
SHA512 5b34c28942245d3d4f69b8c7d3ac660bab120ca292b0ec117a44cb6d05d87e976143d9ff1ba95605f81605a40cd6c6b99e7fc8379b116d1574f33217ae1ebbc0

memory/3756-186-0x00007FF7866B0000-0x00007FF786A01000-memory.dmp

C:\Windows\System\dOHUHub.exe

MD5 2ab5469dcf4a01556e82729decc0854e
SHA1 53a5e9fc97ad9f946569fceb92b50acd16e73039
SHA256 3a41f941b484ad6f6b063ae9f9f1b3cb2acdc9ebe3d86023744991a39cea6d87
SHA512 437a61cc3fe6134494ffd8a1ffd05e7a6b5b0326f4a30d37410c3f00056dfd800b602f7a488221bfc8f36a45d5961a2ce9ce0f076e8821588740ce2aebb073e0

C:\Windows\System\KcZfJgL.exe

MD5 4f2da557cb82cf3e1b7394315b083fcf
SHA1 a40522a7c0deeec6484fca8f53ed3fbaa403b34d
SHA256 8360091014b0da2b08409ecf217efe3fe2ddc759c164413ec1bf453ec92665d9
SHA512 161656da72587b697c9985b6f367069260165a0838ee072c468139febb6fc35fb7fcbe2e6b4844429536122708b10278b64010d26932d30a05a1fab9945cd4d3

C:\Windows\System\NWQvZCJ.exe

MD5 4822dedab8ceaf8a2f2893d297ee62b4
SHA1 4e38be7f746f60ade7b3c36e9e5741e533af68fd
SHA256 564ee22a8bca36dbdc83b26901a31fec8d96d009172eba8afd7e7b85c33340a1
SHA512 51a5f926f891396b5bc13bb6d69ec878721aa7803b9f1687ca49deaa76e0f4be2419e9359a993d09b6502e185c9fb1f1faa249db209ea81854a5ce07f9b7b944

C:\Windows\System\GZKdMfs.exe

MD5 7c13f0300a6507d998e6f881585b1ba7
SHA1 f041d9ba1967e0feb958271f7b97cbe2d3af3f21
SHA256 45c3d337273ff6a5bbed05204cf97bc35625d122f8afca7e95bca9624735aef6
SHA512 3ec3677c6917c65d6f5b307919b9b878f33b15b6bf17cec6baf872a5e4d994e07d55bfe5ec3169b68bd7543a39b0ac366ffd0df872dd3fc09c2be4d24138d0cf

C:\Windows\System\LYkkhRH.exe

MD5 35b657b404024d27f74e5dec2a8fa72d
SHA1 171538bb90a1cea5f89920045c1c3342bce857f4
SHA256 3f835a45e36f8d7b41f431ed9a097f9eb8855c90fcf31a968598fabbf63d763c
SHA512 fab9b29eb429e63ef9e0da1394f00cffb43e8496d8c705f480d645945d90039bba69f38a2a7c12041a705561a7d522c5a0ba28ce166eb938afe619ddac0b729c

C:\Windows\System\iHhMXWY.exe

MD5 477a5d38836b2f036852954a565a286d
SHA1 a867308def1a385e68af1ab24ce65bea736aef54
SHA256 0f41ad1160fdd297ff2304819b3bf457cdd14282cf99c45432f591c30e7876f8
SHA512 dbc4a384de5e8c084ef990e00000fb0344442bd19209c451eb1305de84f45d5216bb9f79b18f3a2206d86411d6ff68ceb1da970f236a40fa65e84e8d5688bcd7

C:\Windows\System\vTyDapl.exe

MD5 fa39f2143f095f29c8bb6d082a912051
SHA1 71ac989e0113225612d5f759bd1e95e1ec8b0611
SHA256 2bc5c6fcaaf82871811729d9c4dda6499283abbeb2e1a5226c87aae3fd8306e9
SHA512 49c82dcd302c5526947241c9595aba630af31f7afd440cb45ce7c3d9ce088c145f4c412ef9d0cfb1bea9af3722c58a739a424aa229a5ad75181c2c204c46b40c

C:\Windows\System\tNKNfTO.exe

MD5 d2e1718a9b47e80cbc6a56e92ad99a13
SHA1 c540be3c31c47f70f29645fc43933cf934ff6ab1
SHA256 2a6ac04969f6b50028b01567875ef8cd101311239d9ef27a0f929db17c3a1430
SHA512 8687cb657babbd0386b988c8ec79afde7ded5dd7b75366ba598a6399c79f25b4c323c97fa3f827300f92706a562954713def452dc174df79c2b0c3405bdf29d8

C:\Windows\System\CCEZuzM.exe

MD5 44305d677d4d83959b0ad8f1b5588d8e
SHA1 7e18c38656611353e9fa7af665c702b70cc4b2ce
SHA256 b9b21216df6229649b060635053217bf934947ae41b680c13a2808caf4c2aca7
SHA512 11b59b39e6df3aa18ddd3010b4cc0802c91a391749e69a2722e0adcc1f5bed05e1391734de37518367641dc1af5414a2f253c2a1cf88b6ee7f0a80b043faae68

C:\Windows\System\xgDUUDk.exe

MD5 3cf85ad05b0aa3478d9b88be332ed146
SHA1 7b22fe230358a28c4a31226dfb5643296e8591c2
SHA256 71cd1edf17cdfdea265b07173185c2044e8d2e0a1c76a3a2cf02eaad8ded4949
SHA512 f4f29cb20048cdb72475d8dd116d4759e1cd89569ddf1a7f1d734e880c6814884e5ea99dab6301bdb5ce28afaabf639955284e3610ae1ff200f20e18a64cb175

C:\Windows\System\dtjXcyn.exe

MD5 e2faa3cb636cbfb45300398cb56ab20f
SHA1 b990ef99576451c95ce6f5ab7f59f6f32588c4ce
SHA256 c900d08b87c19f1cce0b643cd3539279f3883cc7ed8646c70d53670331463051
SHA512 b58c023cbbbeaa9fcacbf253c6b95dc37493c50b0ec87f245c3d5e0379e024d41b2457fc3291b3785afc567e25b3eb94453d66f02de6d0a00ababaa080365fb7

C:\Windows\System\wxQPFvs.exe

MD5 f2d2360adeeca4ad453c8355bef982ac
SHA1 455cc4f2230608f03299a4d0d644b3d7227b2355
SHA256 c42ee1dadea304da990cbf9d11c3d44e5c72fb15e7cf44e092ad8fc9351f6a80
SHA512 3c5be30f75708a7f5d4bda48a68aeeb953610f0f361645b201c0a7914d64844ce105f3b291f969062f31359d7bac3371ed5f5d10cbe8e4ba2406d914f30496c4

C:\Windows\System\qFbARNE.exe

MD5 7fe825e937cc46d3dd75be143f9aa49c
SHA1 56bfec0fc2cf9dbd9b88eda6bed7a818a6edb9fa
SHA256 a506b70d5dc34601a3be05ca40a525f0d2fd179227575c274360585053e6a963
SHA512 91e33a56813cde1f38b36299007ee838f8e63fdb8ec1e7aea96e9c6a9bf04d83a299d0bb185f7dba1c4140446e5d82dfba3b31d633b17b6edc95459931a09ce1

C:\Windows\System\XSZbJlC.exe

MD5 df14421af55fce9cc89b992db0360454
SHA1 54dfad4236ac3c98409546be099c089131532010
SHA256 453c7b8d5d3a1be918469f4b5b2cb05ebcea0a29401f29a0756339669c678eae
SHA512 23cd16642fd5b96432a56c0b8d6f184fecb307398f3304c2c745eca14c13ca469f5de7b3a7ec459f67fd9cf5c0472fa2b3c6d922c6a293da7700648766aed0eb

C:\Windows\System\bUrryhZ.exe

MD5 66c1094e91eed6855d3e46402d71641a
SHA1 d5233e5b7138c401eedeed0a0efec6d84f69092b
SHA256 c04d310399a44efaad7b0883e98075e19746569d1925ada1c5d489d37850bb38
SHA512 e5c9ae0c8265060d6cc0bebfa7f447360184498f9c057ce4c3b59773b2c22bbe753f1bb67e482ffc56a967171d7511e41512d92807d762ecec4a1b06edc3c5f8

C:\Windows\System\vtvqjqG.exe

MD5 4b2b3be4065bc931ede8cd3cb7d0413e
SHA1 42d95b2baf75a1cfae1ee70369956ee4315d4403
SHA256 b616c5078410028ff0e541943373f5a8b666bd1b63f789b6081b784a565ff42c
SHA512 feaaa799ca6f756a18a7bd7dec0b46248e1e0b6d443ab2fae09b1bf67600e3577d1b4994f8ced8d4f0846088dd11925ef1d241614f968f20c02324e45f9a1e98

memory/2592-141-0x00007FF6687B0000-0x00007FF668B01000-memory.dmp

C:\Windows\System\GbVKbAP.exe

MD5 7f6f7fbdc37de9e4678e3415a9ec1ca1
SHA1 2666a3b3d59ab23ec735429b2a68b7007e90ba46
SHA256 00d5e6b149e86404762170eea184a12a6e0af6b17dcf74b82c6d716aa3fb0298
SHA512 62e061e1b789b86a51e8cec92b43f51a97a0b1e235d026b09f4f73287f849867ba7638e07b2ac6a8b51df27b56be1d8cb4f65246983720029d24c0b01746b258

C:\Windows\System\JybPddm.exe

MD5 9a62a3c94dbda608ff1d14686b9bf3fc
SHA1 f0d5dc7108adbd9156c3077a55de66bc1e85371b
SHA256 c273f16f1c02c280189e8c1aa7e6defce01bc05d2cfcd28caa595fb47c2237ec
SHA512 2fef657120a0403d4a507018617892ef36a7b30b7488846334ac785928ad6886793f769a42568b58b645b2db4552321411a2973a5f50993b64c1328dd9524abf

C:\Windows\System\lpliwQz.exe

MD5 3633b88c68d70124d9562ecfad05b0b9
SHA1 90ade684f706e2cdcb365bac28d4a316f6ba32c3
SHA256 b5984168b1bf7fd6147779a3b8de9bb5e516f37988c632bc4925059b9acbab60
SHA512 76c61142fa86f1ac8248293cc28a4802671187215392adaf0f39057deb04922cf2e7b1ab01b2fdeb6ba5ede7cde1b62e6901e87609b188816909135ca8462d98

C:\Windows\System\bYXHula.exe

MD5 865f0a4bf827b52991e4704e8aedeb71
SHA1 d6ec87f133b1970603f6349603535c221c7ccd49
SHA256 37ba918044f188b8aacdc9421e9ca228615ffa8ef812ca983b43c321b63a89ee
SHA512 87f49dc02f45d16383749e22613220f0d3e8492aa9d72b1cb08cb04baa2808fc41fb7757ffd81e2959c8e8e8abec1163df8d74567de11673b5d80a7fc8f51502

C:\Windows\System\XduYvmc.exe

MD5 a0d566c47232a5fb303628e0481f8600
SHA1 bb1fd4520ee9311d5cdad289bfaeed09aa7f4734
SHA256 95f2ce9fba88f60091b05e7e67ce6dc1d651246de5c789b4975503e815e3f9c6
SHA512 2102b94001126a55b622475dc9bcd01d81bca6da044b9ecf745d05a2f609e2d1e58ce908b46cd986e7e9e0ed71294bd16344883e612155f0d7513cc4aef37a76

C:\Windows\System\yYHcqGK.exe

MD5 edc0b0f2403fad6856d8be05c4e69c6d
SHA1 0567cfcea6f46402a8441e00055f9b765855ec14
SHA256 847e37cf85abdac41527931f2d6fe5f2c883f41a8fa3ef47187fde96619299ce
SHA512 e33356c48e842367651717743d13e891f0f38bc5715c9ed7d383905808451f038f28b4be1da7386f360d599e21374396d05f60f87e04ef03f46acfe5a49c398f

C:\Windows\System\SSJVrvq.exe

MD5 a626c0f12ae87d22ac594f6a4eb76c5d
SHA1 3ea56fe3de6411dc39911de39ad2491fab337160
SHA256 3ebda9b5b9e5c21965e1c325a80442714507d9e8c12b5e2d6e080b7424e8386e
SHA512 60cc18b11a0902489a9b726c0f06214072a08476b8bd882d8994d7cf6b401f3e90b2aa70b1c4ea239209ef8c64288d7bfc7ce7afa072b1a152966f9b07145416

C:\Windows\System\xzLcbxn.exe

MD5 60879056cc2a9fc353f5a1b92cc2e86a
SHA1 66192ae6b8125a200570465db92e2f61259e7db5
SHA256 fac6709669b41440f8ce464da742692c861c159b0867d0aff115f3aa15bebaa0
SHA512 dabd5d905bfd74d48f7fb719e60081ebd0d2661260da039544f834add510222be7c55da884e0bd081fdb91635aa3fc12c71664b83715b8480bd09930dd563e75

C:\Windows\System\uBxhOGj.exe

MD5 bb8675b1280d2cec2a8ca3546a22012a
SHA1 726cd1db9e2e01e027baf91fc3a4b80cfb12d1d3
SHA256 732fb932d6c4b82b5f000b9d6b67a9e33bba4a11677c6a0d7eaf7b6d7758b898
SHA512 35eea67c4fcc3f708f2aafde79f3e2a0b882cc63c3471e966d74727b8105a07167b97a8d898d66959a1fe63f7ba513aa118fd52c8c930397c3bfb8096215a51b

C:\Windows\System\mAxqQvc.exe

MD5 449d3082e7cadd4445d1112f94474aa6
SHA1 c31e8e897f3ffd5fa341533de69c7e76bfa84c35
SHA256 ba898122bf058ff08055223d5e8cc28277ff62b2eea9fa9dd45018aea1e48c0b
SHA512 9a0e4ba2218479f386515b382e67e455836a0ca838cb53f6a37e7ad12340d3af085fc5765bc9a6b89e6fa797c8ccc3e8a5d294532fcafa22559bc1a118945758

C:\Windows\System\IZhizqb.exe

MD5 f0a4a558e7915ae7169af8a6e002b211
SHA1 88069ba4b4bbbbfb16d0c8e34ede85a213461505
SHA256 a2cbf7a84c0e51e422ea31729a7265abf772f31936ba68fa23a5407434cb75b3
SHA512 c5df00540d72b28bd729aab9c63e2ff8c518477aa6cc70e2db9b59d47e9733e4c1028a49f6255cb7e757b381123fcf013bca556c6500a546d3509327a999fae5

memory/3588-98-0x00007FF7146E0000-0x00007FF714A31000-memory.dmp

C:\Windows\System\OzDNUaJ.exe

MD5 1f5d6353890f79d2af9081b2202e6863
SHA1 8efc2036a4f608bc4e19d6d92532bbd1f9d75bad
SHA256 3567a6cf69ee3d064026cb93f654b7bc64deed33de72947b49af3879a42d6303
SHA512 fd1e9b780815a93457c7d906aefbb2216f7625ec314619257571c8ecce638932f7f28171594f2c5da88f9f5a348e576ad93ad5ab0c1463f1a9fcba808485ff68

memory/4580-91-0x00007FF6CD8C0000-0x00007FF6CDC11000-memory.dmp

C:\Windows\System\fqRBTWB.exe

MD5 65b49ebc113e7ca3768496127523dc18
SHA1 6eae25c215c96270e7b34f636e7fcabb51ee18da
SHA256 745b6070b1db04428cea68000d896e6cff645780c0b899db71108b25bc21fa91
SHA512 1a41ab7ef3f325c8af17183fa9e3c484bc9977e88dfa130a612daed4a5e4e7817196ecea196469afc48d93e99f750cecc26a18f943a0d7d99a346ba2da2ffe67

C:\Windows\System\yhEVafw.exe

MD5 8a50d9cfb82e07e24514fd8b8eb989d9
SHA1 bfb2d7c4680b6fc9e09aff8878705ad5a658eefb
SHA256 396472840ae09a1ace8b85b362584eed62670f97cc45167205002e205cefd3a3
SHA512 464ec4b33d9fa0d17c6222bdab51eccc3027387b134a9df30a56aeb86e43daaa9ca2f8765cce0fb098540f7af06f22f5db2a233ab96ff2067b15ee7fc68f600a

memory/4092-65-0x00007FF7EC9F0000-0x00007FF7ECD41000-memory.dmp

C:\Windows\System\fQZAsnD.exe

MD5 7df9acad2b3cd29ee7751468fc8edaee
SHA1 d2b8fc5f1e895b16900b4bb27f859eeb938c60d0
SHA256 8484559c06935a17e736cbbd48c9c0d0280cd5b18c34e0a7a6ce9a7dccb23423
SHA512 f934f6d4674e9c66b265feb84ce0d28bacbd555b2d3fa66fd2cc1ccfffa34b145af90142cb185ca73c541c923dd08ab8bd053038537acb292757071859cae0a2

C:\Windows\System\amjtmIx.exe

MD5 a99cc57f6c82a6f572035c44f5554168
SHA1 3bf95b774b53ea27be874b9ceafaefde1aabce2c
SHA256 f9ec712ea3e91f0c2b2fc2152dfccc5d4b88bc945a85ae3fd776ef4dc4510044
SHA512 70ade61736525ba5f5f9dd136d5760fa882e269a11e0c44ec4a6ad209e1a1c05e65423d2821efd37048c9caa55c9a53c50f1cb8e2d78e46ea0592fc48128fc31

C:\Windows\System\JZLgyuw.exe

MD5 880a5590466ce0279b1bc930acc95366
SHA1 61dd37f768ba186f79e5a209740bb67f898694d7
SHA256 ee2cdc9434cfe947ca129dcd8314e7cb51e3b3289fec1e75cd9ede93ab170699
SHA512 05cf78c169a5fde783728ad3af54c4d5a44377eeaa7989c5eeaa4fc3500e38c6f26deb1085dc81c9a1426cb3434852deb7331dd9c2125a9bee2ca7b7fdf1f4ce

C:\Windows\System\otCoPDI.exe

MD5 645d4a4fcdb9462a9b54528417f517ae
SHA1 cdd21327538cb7f5d9878fdb316f4195e5737ed7
SHA256 a88e37792c05b87f518876c78668aa17e7d714d4ffea36e669525244efddd246
SHA512 836202f6e6616f47cdd87c20b2a636fa0ac20b5b908eed3de66c0e5713b5ad8d8bbbeda76955f8f27432177860c4c3db4059a6542cc237bb576380421a17ac16

memory/3596-37-0x00007FF6D9250000-0x00007FF6D95A1000-memory.dmp

memory/964-32-0x00007FF749C00000-0x00007FF749F51000-memory.dmp

memory/948-22-0x00007FF7D27C0000-0x00007FF7D2B11000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133613071470211247.txt

MD5 ce88a108043a3d69e5325754ba9c7181
SHA1 c64f06b8081f5ec0ae7c0e1fe7b0f248aa6550c4
SHA256 b2552766ebb3469549cea5b6b609077fa6e38c000eba6befadfd275e11a8095e
SHA512 cb5e53fb1520b68178ad465cde801ed779521b843de44f894fc8fdbd071f33f663a60f570b134ff0996bf407ef9ecee72810b16dd9276469e6b0efb5d5c85829

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\WUYU8Y5R\microsoft.windows[1].xml

MD5 1b4430f8816838751064e481b2671dca
SHA1 bf5bb7eb34faac1bac77262c8a7f3662981deea7
SHA256 1b12191f1bd84731c07f1493d0553255d66f7095a8cd896aec920cc2213db6c4
SHA512 bdd215c6eee00376623f2e0fafef0b7e58682352f0f0a63b854ddf25a5ad02703d306fb4acd352a7d2dee5d1f311e930f19d7a67bd36f451e101ce9d6f660bba

memory/964-2711-0x00007FF749C00000-0x00007FF749F51000-memory.dmp

memory/948-2718-0x00007FF7D27C0000-0x00007FF7D2B11000-memory.dmp

memory/4796-2724-0x00007FF7B3440000-0x00007FF7B3791000-memory.dmp

memory/4080-2722-0x00007FF6895C0000-0x00007FF689911000-memory.dmp

memory/4092-2721-0x00007FF7EC9F0000-0x00007FF7ECD41000-memory.dmp

memory/3596-2726-0x00007FF6D9250000-0x00007FF6D95A1000-memory.dmp

memory/3216-2729-0x00007FF66BBE0000-0x00007FF66BF31000-memory.dmp

memory/4580-2740-0x00007FF6CD8C0000-0x00007FF6CDC11000-memory.dmp

memory/3328-2746-0x00007FF749BF0000-0x00007FF749F41000-memory.dmp

memory/3088-2748-0x00007FF7E3DA0000-0x00007FF7E40F1000-memory.dmp

memory/3576-2756-0x00007FF798BE0000-0x00007FF798F31000-memory.dmp

memory/1368-2758-0x00007FF6FE1F0000-0x00007FF6FE541000-memory.dmp

memory/2408-2754-0x00007FF7B2310000-0x00007FF7B2661000-memory.dmp

memory/3756-2753-0x00007FF7866B0000-0x00007FF786A01000-memory.dmp

memory/428-2751-0x00007FF611990000-0x00007FF611CE1000-memory.dmp

memory/4376-2764-0x00007FF660EC0000-0x00007FF661211000-memory.dmp

memory/5076-2765-0x00007FF6198B0000-0x00007FF619C01000-memory.dmp

memory/3008-2768-0x00007FF728270000-0x00007FF7285C1000-memory.dmp

memory/3604-2762-0x00007FF7CF620000-0x00007FF7CF971000-memory.dmp

memory/3588-2744-0x00007FF7146E0000-0x00007FF714A31000-memory.dmp

memory/1084-2742-0x00007FF6D64D0000-0x00007FF6D6821000-memory.dmp

memory/4972-2737-0x00007FF7E69C0000-0x00007FF7E6D11000-memory.dmp

memory/2592-2733-0x00007FF6687B0000-0x00007FF668B01000-memory.dmp

memory/2316-2739-0x00007FF6276C0000-0x00007FF627A11000-memory.dmp

memory/748-2735-0x00007FF662E90000-0x00007FF6631E1000-memory.dmp

memory/3368-2731-0x00007FF778DF0000-0x00007FF779141000-memory.dmp

memory/2588-2782-0x00007FF7488D0000-0x00007FF748C21000-memory.dmp

memory/436-2781-0x00007FF631940000-0x00007FF631C91000-memory.dmp

memory/3776-2776-0x00007FF79BD90000-0x00007FF79C0E1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___docs_oracle_com_javase_8_docs

MD5 8aaad0f4eb7d3c65f81c6e6b496ba889
SHA1 231237a501b9433c292991e4ec200b25c1589050
SHA256 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA512 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel

MD5 fb5f8866e1f4c9c1c7f4d377934ff4b2
SHA1 d0a329e387fb7bcba205364938417a67dbb4118a
SHA256 1649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170
SHA512 0fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c