Malware Analysis Report

2025-01-06 21:24

Sample ID 240614-xj5twasdne
Target 00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe
SHA256 00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b
Tags
upx miner xmrig execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b

Threat Level: Known bad

The file 00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution persistence

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Modifies Installed Components in the registry

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in Windows directory

Unsigned PE

Modifies Internet Explorer settings

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 18:54

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 18:53

Reported

2024-06-14 18:56

Platform

win7-20240221-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\jynRDIe.exe N/A
N/A N/A C:\Windows\System\Qeavjog.exe N/A
N/A N/A C:\Windows\System\OZqiLBj.exe N/A
N/A N/A C:\Windows\System\kNlrfBa.exe N/A
N/A N/A C:\Windows\System\iHaGFEj.exe N/A
N/A N/A C:\Windows\System\BUJnlAY.exe N/A
N/A N/A C:\Windows\System\uiUJLfl.exe N/A
N/A N/A C:\Windows\System\BjxLlwx.exe N/A
N/A N/A C:\Windows\System\KvKlmDa.exe N/A
N/A N/A C:\Windows\System\DZfyDfG.exe N/A
N/A N/A C:\Windows\System\tgaMdRo.exe N/A
N/A N/A C:\Windows\System\HPbpJwU.exe N/A
N/A N/A C:\Windows\System\qwJBclm.exe N/A
N/A N/A C:\Windows\System\kFeyQUQ.exe N/A
N/A N/A C:\Windows\System\TnYIkpj.exe N/A
N/A N/A C:\Windows\System\atgsBqh.exe N/A
N/A N/A C:\Windows\System\IdpjjWu.exe N/A
N/A N/A C:\Windows\System\FpOQQtE.exe N/A
N/A N/A C:\Windows\System\FUlcpKu.exe N/A
N/A N/A C:\Windows\System\bIUcgdm.exe N/A
N/A N/A C:\Windows\System\ODvUuas.exe N/A
N/A N/A C:\Windows\System\kGyybam.exe N/A
N/A N/A C:\Windows\System\TnoXhhn.exe N/A
N/A N/A C:\Windows\System\toFcAuk.exe N/A
N/A N/A C:\Windows\System\rciUfPt.exe N/A
N/A N/A C:\Windows\System\ziHBARO.exe N/A
N/A N/A C:\Windows\System\DcHYuPn.exe N/A
N/A N/A C:\Windows\System\wpmBeRg.exe N/A
N/A N/A C:\Windows\System\PWXbmZZ.exe N/A
N/A N/A C:\Windows\System\TPOHJmw.exe N/A
N/A N/A C:\Windows\System\VReCGfm.exe N/A
N/A N/A C:\Windows\System\QDrmEAt.exe N/A
N/A N/A C:\Windows\System\cBcHYjZ.exe N/A
N/A N/A C:\Windows\System\QjzahQm.exe N/A
N/A N/A C:\Windows\System\wthmUHh.exe N/A
N/A N/A C:\Windows\System\erokKPe.exe N/A
N/A N/A C:\Windows\System\IQgOlyK.exe N/A
N/A N/A C:\Windows\System\qbhcwHj.exe N/A
N/A N/A C:\Windows\System\INIqiss.exe N/A
N/A N/A C:\Windows\System\AZrSdAy.exe N/A
N/A N/A C:\Windows\System\sAtRNun.exe N/A
N/A N/A C:\Windows\System\gBqKEqm.exe N/A
N/A N/A C:\Windows\System\kexmqzv.exe N/A
N/A N/A C:\Windows\System\XGRKKMr.exe N/A
N/A N/A C:\Windows\System\dqxLsHR.exe N/A
N/A N/A C:\Windows\System\qswNWyE.exe N/A
N/A N/A C:\Windows\System\mNhGHJk.exe N/A
N/A N/A C:\Windows\System\ajPhhbK.exe N/A
N/A N/A C:\Windows\System\GFNscTo.exe N/A
N/A N/A C:\Windows\System\PnvKyFp.exe N/A
N/A N/A C:\Windows\System\wYxvVSP.exe N/A
N/A N/A C:\Windows\System\LTRKEhe.exe N/A
N/A N/A C:\Windows\System\zAjNdSe.exe N/A
N/A N/A C:\Windows\System\yQPrpDH.exe N/A
N/A N/A C:\Windows\System\uUFjoiu.exe N/A
N/A N/A C:\Windows\System\HARjrPt.exe N/A
N/A N/A C:\Windows\System\MaNqoNP.exe N/A
N/A N/A C:\Windows\System\aRLWWwM.exe N/A
N/A N/A C:\Windows\System\BUbzIlT.exe N/A
N/A N/A C:\Windows\System\bDlutLS.exe N/A
N/A N/A C:\Windows\System\ZjLhncS.exe N/A
N/A N/A C:\Windows\System\WHlQhqM.exe N/A
N/A N/A C:\Windows\System\jMaZAGQ.exe N/A
N/A N/A C:\Windows\System\wWcpvnG.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\dqxLsHR.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\mQaDGXh.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\NXuwZDG.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\fdpJLRS.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\EWcKqtk.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\wIHosrH.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\bqoEfjR.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\RtUUDcB.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\BvMbHUD.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\YtodUYo.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\IVhBAeP.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\OnCmCth.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\xwRyevj.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\UWlHQph.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\DFfoZqn.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\nAIeVGL.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\YlBwXWz.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\DlvpelZ.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\mZbEaOP.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\aTQETUL.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\DEjOQTG.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\gzCqKni.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\WAgjEIq.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\wIYGMse.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\aZZsAWT.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\LCGvYMh.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\aUGFyzU.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\EktPdvm.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\TdVagyI.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\AnKDbDt.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\WuZAbWs.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\pHqzuvu.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\vRJTXHf.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\TuZnnAs.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\rvYEyzq.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\LDxoDRU.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\OzbhyIL.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\TiJvHrl.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\SgyPcUP.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\aKHkkgQ.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\PJRJjZt.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\BiAUEex.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\trWaQgK.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\xgQCGPE.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\WPRnVOk.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\zmRmodg.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\YxCNNQo.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\telmsLN.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\BUbzIlT.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\HKsZXHB.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\zondmWj.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\FAKGKiS.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\zptAYJH.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\XTwyICQ.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\QchtmHA.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\ZrgzcTQ.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\sdQhOmJ.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\RrRcKWJ.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\iINMqDv.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\dBPgALE.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\kuUcVXv.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\sRSgmWF.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\EotenTz.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\tZDhBTO.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1848 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1848 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1848 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1848 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\jynRDIe.exe
PID 1848 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\jynRDIe.exe
PID 1848 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\jynRDIe.exe
PID 1848 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\Qeavjog.exe
PID 1848 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\Qeavjog.exe
PID 1848 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\Qeavjog.exe
PID 1848 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\OZqiLBj.exe
PID 1848 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\OZqiLBj.exe
PID 1848 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\OZqiLBj.exe
PID 1848 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\kNlrfBa.exe
PID 1848 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\kNlrfBa.exe
PID 1848 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\kNlrfBa.exe
PID 1848 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\iHaGFEj.exe
PID 1848 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\iHaGFEj.exe
PID 1848 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\iHaGFEj.exe
PID 1848 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\BUJnlAY.exe
PID 1848 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\BUJnlAY.exe
PID 1848 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\BUJnlAY.exe
PID 1848 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\uiUJLfl.exe
PID 1848 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\uiUJLfl.exe
PID 1848 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\uiUJLfl.exe
PID 1848 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\BjxLlwx.exe
PID 1848 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\BjxLlwx.exe
PID 1848 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\BjxLlwx.exe
PID 1848 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\KvKlmDa.exe
PID 1848 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\KvKlmDa.exe
PID 1848 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\KvKlmDa.exe
PID 1848 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\DZfyDfG.exe
PID 1848 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\DZfyDfG.exe
PID 1848 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\DZfyDfG.exe
PID 1848 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\tgaMdRo.exe
PID 1848 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\tgaMdRo.exe
PID 1848 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\tgaMdRo.exe
PID 1848 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\qwJBclm.exe
PID 1848 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\qwJBclm.exe
PID 1848 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\qwJBclm.exe
PID 1848 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\HPbpJwU.exe
PID 1848 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\HPbpJwU.exe
PID 1848 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\HPbpJwU.exe
PID 1848 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\TnYIkpj.exe
PID 1848 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\TnYIkpj.exe
PID 1848 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\TnYIkpj.exe
PID 1848 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\kFeyQUQ.exe
PID 1848 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\kFeyQUQ.exe
PID 1848 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\kFeyQUQ.exe
PID 1848 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\IdpjjWu.exe
PID 1848 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\IdpjjWu.exe
PID 1848 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\IdpjjWu.exe
PID 1848 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\atgsBqh.exe
PID 1848 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\atgsBqh.exe
PID 1848 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\atgsBqh.exe
PID 1848 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\FpOQQtE.exe
PID 1848 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\FpOQQtE.exe
PID 1848 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\FpOQQtE.exe
PID 1848 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\FUlcpKu.exe
PID 1848 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\FUlcpKu.exe
PID 1848 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\FUlcpKu.exe
PID 1848 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\bIUcgdm.exe
PID 1848 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\bIUcgdm.exe
PID 1848 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\bIUcgdm.exe
PID 1848 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\ODvUuas.exe

Processes

C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe

"C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\jynRDIe.exe

C:\Windows\System\jynRDIe.exe

C:\Windows\System\Qeavjog.exe

C:\Windows\System\Qeavjog.exe

C:\Windows\System\OZqiLBj.exe

C:\Windows\System\OZqiLBj.exe

C:\Windows\System\kNlrfBa.exe

C:\Windows\System\kNlrfBa.exe

C:\Windows\System\iHaGFEj.exe

C:\Windows\System\iHaGFEj.exe

C:\Windows\System\BUJnlAY.exe

C:\Windows\System\BUJnlAY.exe

C:\Windows\System\uiUJLfl.exe

C:\Windows\System\uiUJLfl.exe

C:\Windows\System\BjxLlwx.exe

C:\Windows\System\BjxLlwx.exe

C:\Windows\System\KvKlmDa.exe

C:\Windows\System\KvKlmDa.exe

C:\Windows\System\DZfyDfG.exe

C:\Windows\System\DZfyDfG.exe

C:\Windows\System\tgaMdRo.exe

C:\Windows\System\tgaMdRo.exe

C:\Windows\System\qwJBclm.exe

C:\Windows\System\qwJBclm.exe

C:\Windows\System\HPbpJwU.exe

C:\Windows\System\HPbpJwU.exe

C:\Windows\System\TnYIkpj.exe

C:\Windows\System\TnYIkpj.exe

C:\Windows\System\kFeyQUQ.exe

C:\Windows\System\kFeyQUQ.exe

C:\Windows\System\IdpjjWu.exe

C:\Windows\System\IdpjjWu.exe

C:\Windows\System\atgsBqh.exe

C:\Windows\System\atgsBqh.exe

C:\Windows\System\FpOQQtE.exe

C:\Windows\System\FpOQQtE.exe

C:\Windows\System\FUlcpKu.exe

C:\Windows\System\FUlcpKu.exe

C:\Windows\System\bIUcgdm.exe

C:\Windows\System\bIUcgdm.exe

C:\Windows\System\ODvUuas.exe

C:\Windows\System\ODvUuas.exe

C:\Windows\System\kGyybam.exe

C:\Windows\System\kGyybam.exe

C:\Windows\System\TnoXhhn.exe

C:\Windows\System\TnoXhhn.exe

C:\Windows\System\toFcAuk.exe

C:\Windows\System\toFcAuk.exe

C:\Windows\System\rciUfPt.exe

C:\Windows\System\rciUfPt.exe

C:\Windows\System\ziHBARO.exe

C:\Windows\System\ziHBARO.exe

C:\Windows\System\DcHYuPn.exe

C:\Windows\System\DcHYuPn.exe

C:\Windows\System\wpmBeRg.exe

C:\Windows\System\wpmBeRg.exe

C:\Windows\System\PWXbmZZ.exe

C:\Windows\System\PWXbmZZ.exe

C:\Windows\System\TPOHJmw.exe

C:\Windows\System\TPOHJmw.exe

C:\Windows\System\VReCGfm.exe

C:\Windows\System\VReCGfm.exe

C:\Windows\System\QDrmEAt.exe

C:\Windows\System\QDrmEAt.exe

C:\Windows\System\cBcHYjZ.exe

C:\Windows\System\cBcHYjZ.exe

C:\Windows\System\QjzahQm.exe

C:\Windows\System\QjzahQm.exe

C:\Windows\System\wthmUHh.exe

C:\Windows\System\wthmUHh.exe

C:\Windows\System\erokKPe.exe

C:\Windows\System\erokKPe.exe

C:\Windows\System\IQgOlyK.exe

C:\Windows\System\IQgOlyK.exe

C:\Windows\System\qbhcwHj.exe

C:\Windows\System\qbhcwHj.exe

C:\Windows\System\INIqiss.exe

C:\Windows\System\INIqiss.exe

C:\Windows\System\AZrSdAy.exe

C:\Windows\System\AZrSdAy.exe

C:\Windows\System\sAtRNun.exe

C:\Windows\System\sAtRNun.exe

C:\Windows\System\gBqKEqm.exe

C:\Windows\System\gBqKEqm.exe

C:\Windows\System\kexmqzv.exe

C:\Windows\System\kexmqzv.exe

C:\Windows\System\XGRKKMr.exe

C:\Windows\System\XGRKKMr.exe

C:\Windows\System\dqxLsHR.exe

C:\Windows\System\dqxLsHR.exe

C:\Windows\System\mNhGHJk.exe

C:\Windows\System\mNhGHJk.exe

C:\Windows\System\qswNWyE.exe

C:\Windows\System\qswNWyE.exe

C:\Windows\System\GFNscTo.exe

C:\Windows\System\GFNscTo.exe

C:\Windows\System\ajPhhbK.exe

C:\Windows\System\ajPhhbK.exe

C:\Windows\System\wYxvVSP.exe

C:\Windows\System\wYxvVSP.exe

C:\Windows\System\PnvKyFp.exe

C:\Windows\System\PnvKyFp.exe

C:\Windows\System\LTRKEhe.exe

C:\Windows\System\LTRKEhe.exe

C:\Windows\System\zAjNdSe.exe

C:\Windows\System\zAjNdSe.exe

C:\Windows\System\yQPrpDH.exe

C:\Windows\System\yQPrpDH.exe

C:\Windows\System\uUFjoiu.exe

C:\Windows\System\uUFjoiu.exe

C:\Windows\System\HARjrPt.exe

C:\Windows\System\HARjrPt.exe

C:\Windows\System\MaNqoNP.exe

C:\Windows\System\MaNqoNP.exe

C:\Windows\System\aRLWWwM.exe

C:\Windows\System\aRLWWwM.exe

C:\Windows\System\BUbzIlT.exe

C:\Windows\System\BUbzIlT.exe

C:\Windows\System\bDlutLS.exe

C:\Windows\System\bDlutLS.exe

C:\Windows\System\ZjLhncS.exe

C:\Windows\System\ZjLhncS.exe

C:\Windows\System\WHlQhqM.exe

C:\Windows\System\WHlQhqM.exe

C:\Windows\System\jMaZAGQ.exe

C:\Windows\System\jMaZAGQ.exe

C:\Windows\System\wWcpvnG.exe

C:\Windows\System\wWcpvnG.exe

C:\Windows\System\dcBlpwu.exe

C:\Windows\System\dcBlpwu.exe

C:\Windows\System\jNdKGJK.exe

C:\Windows\System\jNdKGJK.exe

C:\Windows\System\djFNHaA.exe

C:\Windows\System\djFNHaA.exe

C:\Windows\System\ZVLHGdA.exe

C:\Windows\System\ZVLHGdA.exe

C:\Windows\System\FVLLzRI.exe

C:\Windows\System\FVLLzRI.exe

C:\Windows\System\BukfuPQ.exe

C:\Windows\System\BukfuPQ.exe

C:\Windows\System\bLxLLPl.exe

C:\Windows\System\bLxLLPl.exe

C:\Windows\System\sFQoCsq.exe

C:\Windows\System\sFQoCsq.exe

C:\Windows\System\knJEsvn.exe

C:\Windows\System\knJEsvn.exe

C:\Windows\System\ObnxtWT.exe

C:\Windows\System\ObnxtWT.exe

C:\Windows\System\bHxNpaM.exe

C:\Windows\System\bHxNpaM.exe

C:\Windows\System\AnKDbDt.exe

C:\Windows\System\AnKDbDt.exe

C:\Windows\System\sCULxMT.exe

C:\Windows\System\sCULxMT.exe

C:\Windows\System\XUCfISj.exe

C:\Windows\System\XUCfISj.exe

C:\Windows\System\fBNLTuQ.exe

C:\Windows\System\fBNLTuQ.exe

C:\Windows\System\FSHUgnz.exe

C:\Windows\System\FSHUgnz.exe

C:\Windows\System\xYrFsEE.exe

C:\Windows\System\xYrFsEE.exe

C:\Windows\System\MpUSexk.exe

C:\Windows\System\MpUSexk.exe

C:\Windows\System\GZRIzbD.exe

C:\Windows\System\GZRIzbD.exe

C:\Windows\System\BkgUSdJ.exe

C:\Windows\System\BkgUSdJ.exe

C:\Windows\System\peKOyEm.exe

C:\Windows\System\peKOyEm.exe

C:\Windows\System\mxasYDx.exe

C:\Windows\System\mxasYDx.exe

C:\Windows\System\DKnpskP.exe

C:\Windows\System\DKnpskP.exe

C:\Windows\System\UMHAwYa.exe

C:\Windows\System\UMHAwYa.exe

C:\Windows\System\BGKnbKP.exe

C:\Windows\System\BGKnbKP.exe

C:\Windows\System\kjAkGnO.exe

C:\Windows\System\kjAkGnO.exe

C:\Windows\System\fdGtGSh.exe

C:\Windows\System\fdGtGSh.exe

C:\Windows\System\xftOCuf.exe

C:\Windows\System\xftOCuf.exe

C:\Windows\System\ZGawRyW.exe

C:\Windows\System\ZGawRyW.exe

C:\Windows\System\OeqhbKA.exe

C:\Windows\System\OeqhbKA.exe

C:\Windows\System\LTStWeF.exe

C:\Windows\System\LTStWeF.exe

C:\Windows\System\wcLRIGO.exe

C:\Windows\System\wcLRIGO.exe

C:\Windows\System\QXJtWNV.exe

C:\Windows\System\QXJtWNV.exe

C:\Windows\System\FPSwxoG.exe

C:\Windows\System\FPSwxoG.exe

C:\Windows\System\GZDZtGI.exe

C:\Windows\System\GZDZtGI.exe

C:\Windows\System\uUtLRRo.exe

C:\Windows\System\uUtLRRo.exe

C:\Windows\System\seelygj.exe

C:\Windows\System\seelygj.exe

C:\Windows\System\FJbrdHH.exe

C:\Windows\System\FJbrdHH.exe

C:\Windows\System\dsehQDO.exe

C:\Windows\System\dsehQDO.exe

C:\Windows\System\WMGfWOM.exe

C:\Windows\System\WMGfWOM.exe

C:\Windows\System\fipWBNu.exe

C:\Windows\System\fipWBNu.exe

C:\Windows\System\YXoDNtK.exe

C:\Windows\System\YXoDNtK.exe

C:\Windows\System\wgacIkZ.exe

C:\Windows\System\wgacIkZ.exe

C:\Windows\System\yAXoWlM.exe

C:\Windows\System\yAXoWlM.exe

C:\Windows\System\uuhUlRh.exe

C:\Windows\System\uuhUlRh.exe

C:\Windows\System\KNcOdRa.exe

C:\Windows\System\KNcOdRa.exe

C:\Windows\System\UxPUJho.exe

C:\Windows\System\UxPUJho.exe

C:\Windows\System\olUjAgk.exe

C:\Windows\System\olUjAgk.exe

C:\Windows\System\gvVVgWt.exe

C:\Windows\System\gvVVgWt.exe

C:\Windows\System\rVkpXgg.exe

C:\Windows\System\rVkpXgg.exe

C:\Windows\System\YOfFMNr.exe

C:\Windows\System\YOfFMNr.exe

C:\Windows\System\zrkCWLZ.exe

C:\Windows\System\zrkCWLZ.exe

C:\Windows\System\TiXiHso.exe

C:\Windows\System\TiXiHso.exe

C:\Windows\System\vHGwuVa.exe

C:\Windows\System\vHGwuVa.exe

C:\Windows\System\mVdOZkU.exe

C:\Windows\System\mVdOZkU.exe

C:\Windows\System\mkvHvjk.exe

C:\Windows\System\mkvHvjk.exe

C:\Windows\System\CZeVJDP.exe

C:\Windows\System\CZeVJDP.exe

C:\Windows\System\YhKbrHL.exe

C:\Windows\System\YhKbrHL.exe

C:\Windows\System\GJthfRN.exe

C:\Windows\System\GJthfRN.exe

C:\Windows\System\VzlwDKv.exe

C:\Windows\System\VzlwDKv.exe

C:\Windows\System\SReGnko.exe

C:\Windows\System\SReGnko.exe

C:\Windows\System\CleSYFu.exe

C:\Windows\System\CleSYFu.exe

C:\Windows\System\neJrMmb.exe

C:\Windows\System\neJrMmb.exe

C:\Windows\System\iCaFmpO.exe

C:\Windows\System\iCaFmpO.exe

C:\Windows\System\kOJKejy.exe

C:\Windows\System\kOJKejy.exe

C:\Windows\System\MeRhysy.exe

C:\Windows\System\MeRhysy.exe

C:\Windows\System\fbEHhUg.exe

C:\Windows\System\fbEHhUg.exe

C:\Windows\System\cXylcIT.exe

C:\Windows\System\cXylcIT.exe

C:\Windows\System\DDPjmGM.exe

C:\Windows\System\DDPjmGM.exe

C:\Windows\System\CYlwLQk.exe

C:\Windows\System\CYlwLQk.exe

C:\Windows\System\QBlnDCV.exe

C:\Windows\System\QBlnDCV.exe

C:\Windows\System\OlnhXgF.exe

C:\Windows\System\OlnhXgF.exe

C:\Windows\System\jDRpitx.exe

C:\Windows\System\jDRpitx.exe

C:\Windows\System\nkYssvq.exe

C:\Windows\System\nkYssvq.exe

C:\Windows\System\dRRlJeW.exe

C:\Windows\System\dRRlJeW.exe

C:\Windows\System\XnOCNXo.exe

C:\Windows\System\XnOCNXo.exe

C:\Windows\System\orYAiLI.exe

C:\Windows\System\orYAiLI.exe

C:\Windows\System\InGPjCv.exe

C:\Windows\System\InGPjCv.exe

C:\Windows\System\fWKFVWv.exe

C:\Windows\System\fWKFVWv.exe

C:\Windows\System\oxdAzMm.exe

C:\Windows\System\oxdAzMm.exe

C:\Windows\System\KkMFegv.exe

C:\Windows\System\KkMFegv.exe

C:\Windows\System\DofTlWq.exe

C:\Windows\System\DofTlWq.exe

C:\Windows\System\rGBbSNG.exe

C:\Windows\System\rGBbSNG.exe

C:\Windows\System\kUqCDzF.exe

C:\Windows\System\kUqCDzF.exe

C:\Windows\System\CIoZkLb.exe

C:\Windows\System\CIoZkLb.exe

C:\Windows\System\akMjFyb.exe

C:\Windows\System\akMjFyb.exe

C:\Windows\System\waEpClY.exe

C:\Windows\System\waEpClY.exe

C:\Windows\System\bpxIdSr.exe

C:\Windows\System\bpxIdSr.exe

C:\Windows\System\LEEMybE.exe

C:\Windows\System\LEEMybE.exe

C:\Windows\System\TfRDpLP.exe

C:\Windows\System\TfRDpLP.exe

C:\Windows\System\jeCkfKa.exe

C:\Windows\System\jeCkfKa.exe

C:\Windows\System\UtaNqwa.exe

C:\Windows\System\UtaNqwa.exe

C:\Windows\System\aBeYNUs.exe

C:\Windows\System\aBeYNUs.exe

C:\Windows\System\qnMgEAs.exe

C:\Windows\System\qnMgEAs.exe

C:\Windows\System\hNEmZUb.exe

C:\Windows\System\hNEmZUb.exe

C:\Windows\System\joyHRpi.exe

C:\Windows\System\joyHRpi.exe

C:\Windows\System\ZiNZHFt.exe

C:\Windows\System\ZiNZHFt.exe

C:\Windows\System\aSKfppn.exe

C:\Windows\System\aSKfppn.exe

C:\Windows\System\ofijTCt.exe

C:\Windows\System\ofijTCt.exe

C:\Windows\System\TlcAzBP.exe

C:\Windows\System\TlcAzBP.exe

C:\Windows\System\AThbLle.exe

C:\Windows\System\AThbLle.exe

C:\Windows\System\ZvbLgub.exe

C:\Windows\System\ZvbLgub.exe

C:\Windows\System\zwuydJl.exe

C:\Windows\System\zwuydJl.exe

C:\Windows\System\fJxrdtw.exe

C:\Windows\System\fJxrdtw.exe

C:\Windows\System\rcaDYzS.exe

C:\Windows\System\rcaDYzS.exe

C:\Windows\System\vPrsTKv.exe

C:\Windows\System\vPrsTKv.exe

C:\Windows\System\wNcazxf.exe

C:\Windows\System\wNcazxf.exe

C:\Windows\System\hijoiEt.exe

C:\Windows\System\hijoiEt.exe

C:\Windows\System\GthxaPf.exe

C:\Windows\System\GthxaPf.exe

C:\Windows\System\kOynuAQ.exe

C:\Windows\System\kOynuAQ.exe

C:\Windows\System\bGHdSmn.exe

C:\Windows\System\bGHdSmn.exe

C:\Windows\System\xTgFlOy.exe

C:\Windows\System\xTgFlOy.exe

C:\Windows\System\sfNcNkZ.exe

C:\Windows\System\sfNcNkZ.exe

C:\Windows\System\MSiyTDT.exe

C:\Windows\System\MSiyTDT.exe

C:\Windows\System\gkzwops.exe

C:\Windows\System\gkzwops.exe

C:\Windows\System\FIuvyXg.exe

C:\Windows\System\FIuvyXg.exe

C:\Windows\System\GQkGjnv.exe

C:\Windows\System\GQkGjnv.exe

C:\Windows\System\RjveSRZ.exe

C:\Windows\System\RjveSRZ.exe

C:\Windows\System\AYXKAdK.exe

C:\Windows\System\AYXKAdK.exe

C:\Windows\System\UXFGxHu.exe

C:\Windows\System\UXFGxHu.exe

C:\Windows\System\pupXiXm.exe

C:\Windows\System\pupXiXm.exe

C:\Windows\System\xIFAxXv.exe

C:\Windows\System\xIFAxXv.exe

C:\Windows\System\bMqrixg.exe

C:\Windows\System\bMqrixg.exe

C:\Windows\System\UUvjZsU.exe

C:\Windows\System\UUvjZsU.exe

C:\Windows\System\vNWmAgj.exe

C:\Windows\System\vNWmAgj.exe

C:\Windows\System\fUlbzHs.exe

C:\Windows\System\fUlbzHs.exe

C:\Windows\System\FAKGKiS.exe

C:\Windows\System\FAKGKiS.exe

C:\Windows\System\reApFkZ.exe

C:\Windows\System\reApFkZ.exe

C:\Windows\System\LeklLUG.exe

C:\Windows\System\LeklLUG.exe

C:\Windows\System\liBfyfR.exe

C:\Windows\System\liBfyfR.exe

C:\Windows\System\krLBwSn.exe

C:\Windows\System\krLBwSn.exe

C:\Windows\System\MIQIhCB.exe

C:\Windows\System\MIQIhCB.exe

C:\Windows\System\QvoXqAm.exe

C:\Windows\System\QvoXqAm.exe

C:\Windows\System\wHdziII.exe

C:\Windows\System\wHdziII.exe

C:\Windows\System\zfSBSnO.exe

C:\Windows\System\zfSBSnO.exe

C:\Windows\System\HIGFKlW.exe

C:\Windows\System\HIGFKlW.exe

C:\Windows\System\cnIICim.exe

C:\Windows\System\cnIICim.exe

C:\Windows\System\coFiYnX.exe

C:\Windows\System\coFiYnX.exe

C:\Windows\System\RZYgvga.exe

C:\Windows\System\RZYgvga.exe

C:\Windows\System\IgTPKGn.exe

C:\Windows\System\IgTPKGn.exe

C:\Windows\System\gnhtAIH.exe

C:\Windows\System\gnhtAIH.exe

C:\Windows\System\KeFNxYc.exe

C:\Windows\System\KeFNxYc.exe

C:\Windows\System\JsetOxn.exe

C:\Windows\System\JsetOxn.exe

C:\Windows\System\GXPgraX.exe

C:\Windows\System\GXPgraX.exe

C:\Windows\System\EYbCvbS.exe

C:\Windows\System\EYbCvbS.exe

C:\Windows\System\oiqQNrG.exe

C:\Windows\System\oiqQNrG.exe

C:\Windows\System\rpJGOLM.exe

C:\Windows\System\rpJGOLM.exe

C:\Windows\System\NdPGbFQ.exe

C:\Windows\System\NdPGbFQ.exe

C:\Windows\System\HtbLuud.exe

C:\Windows\System\HtbLuud.exe

C:\Windows\System\ecsllza.exe

C:\Windows\System\ecsllza.exe

C:\Windows\System\eGPyvVM.exe

C:\Windows\System\eGPyvVM.exe

C:\Windows\System\ZKDrTZt.exe

C:\Windows\System\ZKDrTZt.exe

C:\Windows\System\nvkqBmO.exe

C:\Windows\System\nvkqBmO.exe

C:\Windows\System\dpGOuHL.exe

C:\Windows\System\dpGOuHL.exe

C:\Windows\System\RJWslbw.exe

C:\Windows\System\RJWslbw.exe

C:\Windows\System\zAVVoup.exe

C:\Windows\System\zAVVoup.exe

C:\Windows\System\WPRLOPx.exe

C:\Windows\System\WPRLOPx.exe

C:\Windows\System\YAoVAVd.exe

C:\Windows\System\YAoVAVd.exe

C:\Windows\System\FQQkrYe.exe

C:\Windows\System\FQQkrYe.exe

C:\Windows\System\hvuFTUj.exe

C:\Windows\System\hvuFTUj.exe

C:\Windows\System\DBPKHAZ.exe

C:\Windows\System\DBPKHAZ.exe

C:\Windows\System\DziJmaj.exe

C:\Windows\System\DziJmaj.exe

C:\Windows\System\APhZvzg.exe

C:\Windows\System\APhZvzg.exe

C:\Windows\System\ykhizIt.exe

C:\Windows\System\ykhizIt.exe

C:\Windows\System\ueUZyon.exe

C:\Windows\System\ueUZyon.exe

C:\Windows\System\pOqIbXP.exe

C:\Windows\System\pOqIbXP.exe

C:\Windows\System\bRVBaOH.exe

C:\Windows\System\bRVBaOH.exe

C:\Windows\System\AtAbcge.exe

C:\Windows\System\AtAbcge.exe

C:\Windows\System\AzyDSDJ.exe

C:\Windows\System\AzyDSDJ.exe

C:\Windows\System\OiiElXI.exe

C:\Windows\System\OiiElXI.exe

C:\Windows\System\iJOzkze.exe

C:\Windows\System\iJOzkze.exe

C:\Windows\System\OJCWAXO.exe

C:\Windows\System\OJCWAXO.exe

C:\Windows\System\NeyOJqT.exe

C:\Windows\System\NeyOJqT.exe

C:\Windows\System\XjtVyaq.exe

C:\Windows\System\XjtVyaq.exe

C:\Windows\System\XYSEDLP.exe

C:\Windows\System\XYSEDLP.exe

C:\Windows\System\xcoPTVu.exe

C:\Windows\System\xcoPTVu.exe

C:\Windows\System\AsnMChs.exe

C:\Windows\System\AsnMChs.exe

C:\Windows\System\ZVRrPKo.exe

C:\Windows\System\ZVRrPKo.exe

C:\Windows\System\MgDPdVz.exe

C:\Windows\System\MgDPdVz.exe

C:\Windows\System\cxmFOFQ.exe

C:\Windows\System\cxmFOFQ.exe

C:\Windows\System\kjtOgzN.exe

C:\Windows\System\kjtOgzN.exe

C:\Windows\System\IXKaCEA.exe

C:\Windows\System\IXKaCEA.exe

C:\Windows\System\CGDACIV.exe

C:\Windows\System\CGDACIV.exe

C:\Windows\System\Fdzhvht.exe

C:\Windows\System\Fdzhvht.exe

C:\Windows\System\CDepWmm.exe

C:\Windows\System\CDepWmm.exe

C:\Windows\System\NFEUITW.exe

C:\Windows\System\NFEUITW.exe

C:\Windows\System\MTcMHKC.exe

C:\Windows\System\MTcMHKC.exe

C:\Windows\System\IVTdlJZ.exe

C:\Windows\System\IVTdlJZ.exe

C:\Windows\System\zwNtFVt.exe

C:\Windows\System\zwNtFVt.exe

C:\Windows\System\NrGdxvS.exe

C:\Windows\System\NrGdxvS.exe

C:\Windows\System\LEpTsoE.exe

C:\Windows\System\LEpTsoE.exe

C:\Windows\System\vICJGIN.exe

C:\Windows\System\vICJGIN.exe

C:\Windows\System\QqhlWMD.exe

C:\Windows\System\QqhlWMD.exe

C:\Windows\System\IVtFIel.exe

C:\Windows\System\IVtFIel.exe

C:\Windows\System\ksqCwZT.exe

C:\Windows\System\ksqCwZT.exe

C:\Windows\System\xvZNRvf.exe

C:\Windows\System\xvZNRvf.exe

C:\Windows\System\cdlbHvL.exe

C:\Windows\System\cdlbHvL.exe

C:\Windows\System\IanbQSI.exe

C:\Windows\System\IanbQSI.exe

C:\Windows\System\TGyhhfq.exe

C:\Windows\System\TGyhhfq.exe

C:\Windows\System\DlFpGqF.exe

C:\Windows\System\DlFpGqF.exe

C:\Windows\System\qkAIiGQ.exe

C:\Windows\System\qkAIiGQ.exe

C:\Windows\System\ciTIehW.exe

C:\Windows\System\ciTIehW.exe

C:\Windows\System\RgowSON.exe

C:\Windows\System\RgowSON.exe

C:\Windows\System\NxzqSvC.exe

C:\Windows\System\NxzqSvC.exe

C:\Windows\System\ieRZPJE.exe

C:\Windows\System\ieRZPJE.exe

C:\Windows\System\dleYPRw.exe

C:\Windows\System\dleYPRw.exe

C:\Windows\System\cSEuGbz.exe

C:\Windows\System\cSEuGbz.exe

C:\Windows\System\YIFQHVO.exe

C:\Windows\System\YIFQHVO.exe

C:\Windows\System\PlslTtu.exe

C:\Windows\System\PlslTtu.exe

C:\Windows\System\cCltylA.exe

C:\Windows\System\cCltylA.exe

C:\Windows\System\WuZAbWs.exe

C:\Windows\System\WuZAbWs.exe

C:\Windows\System\KPeIalX.exe

C:\Windows\System\KPeIalX.exe

C:\Windows\System\ucaQayq.exe

C:\Windows\System\ucaQayq.exe

C:\Windows\System\McyzMbW.exe

C:\Windows\System\McyzMbW.exe

C:\Windows\System\FzQVXoN.exe

C:\Windows\System\FzQVXoN.exe

C:\Windows\System\tBVJWBC.exe

C:\Windows\System\tBVJWBC.exe

C:\Windows\System\ECCKCBH.exe

C:\Windows\System\ECCKCBH.exe

C:\Windows\System\LajLXHY.exe

C:\Windows\System\LajLXHY.exe

C:\Windows\System\vGtrEIl.exe

C:\Windows\System\vGtrEIl.exe

C:\Windows\System\kTqnWSs.exe

C:\Windows\System\kTqnWSs.exe

C:\Windows\System\WPRnVOk.exe

C:\Windows\System\WPRnVOk.exe

C:\Windows\System\WGDoUpR.exe

C:\Windows\System\WGDoUpR.exe

C:\Windows\System\yPOIEoB.exe

C:\Windows\System\yPOIEoB.exe

C:\Windows\System\zwCmGsT.exe

C:\Windows\System\zwCmGsT.exe

C:\Windows\System\SeCtOpO.exe

C:\Windows\System\SeCtOpO.exe

C:\Windows\System\anaHFwI.exe

C:\Windows\System\anaHFwI.exe

C:\Windows\System\UWsaHYW.exe

C:\Windows\System\UWsaHYW.exe

C:\Windows\System\JCgSLaw.exe

C:\Windows\System\JCgSLaw.exe

C:\Windows\System\oAPSCPm.exe

C:\Windows\System\oAPSCPm.exe

C:\Windows\System\rOfbVHb.exe

C:\Windows\System\rOfbVHb.exe

C:\Windows\System\DaqVidq.exe

C:\Windows\System\DaqVidq.exe

C:\Windows\System\bMHPxMm.exe

C:\Windows\System\bMHPxMm.exe

C:\Windows\System\efAAHKF.exe

C:\Windows\System\efAAHKF.exe

C:\Windows\System\jzGwdJO.exe

C:\Windows\System\jzGwdJO.exe

C:\Windows\System\jjrQhFX.exe

C:\Windows\System\jjrQhFX.exe

C:\Windows\System\oNfZqvL.exe

C:\Windows\System\oNfZqvL.exe

C:\Windows\System\LmfasBq.exe

C:\Windows\System\LmfasBq.exe

C:\Windows\System\bhbVVeN.exe

C:\Windows\System\bhbVVeN.exe

C:\Windows\System\UPHEzmz.exe

C:\Windows\System\UPHEzmz.exe

C:\Windows\System\QUksXgg.exe

C:\Windows\System\QUksXgg.exe

C:\Windows\System\iBnpWsP.exe

C:\Windows\System\iBnpWsP.exe

C:\Windows\System\BGIbxWr.exe

C:\Windows\System\BGIbxWr.exe

C:\Windows\System\WbDlGOs.exe

C:\Windows\System\WbDlGOs.exe

C:\Windows\System\zHPCQzf.exe

C:\Windows\System\zHPCQzf.exe

C:\Windows\System\iSWCCrl.exe

C:\Windows\System\iSWCCrl.exe

C:\Windows\System\YvPIxJT.exe

C:\Windows\System\YvPIxJT.exe

C:\Windows\System\SqpogSn.exe

C:\Windows\System\SqpogSn.exe

C:\Windows\System\qtpIXqH.exe

C:\Windows\System\qtpIXqH.exe

C:\Windows\System\ztdqlbe.exe

C:\Windows\System\ztdqlbe.exe

C:\Windows\System\EdfAEYP.exe

C:\Windows\System\EdfAEYP.exe

C:\Windows\System\HHiRgsi.exe

C:\Windows\System\HHiRgsi.exe

C:\Windows\System\mzFrcZO.exe

C:\Windows\System\mzFrcZO.exe

C:\Windows\System\uhZwAaF.exe

C:\Windows\System\uhZwAaF.exe

C:\Windows\System\QHtYFyB.exe

C:\Windows\System\QHtYFyB.exe

C:\Windows\System\rLnCAYH.exe

C:\Windows\System\rLnCAYH.exe

C:\Windows\System\eAQsvkY.exe

C:\Windows\System\eAQsvkY.exe

C:\Windows\System\yGIDdzf.exe

C:\Windows\System\yGIDdzf.exe

C:\Windows\System\LWVunjI.exe

C:\Windows\System\LWVunjI.exe

C:\Windows\System\sFpnxQh.exe

C:\Windows\System\sFpnxQh.exe

C:\Windows\System\nOfkNmO.exe

C:\Windows\System\nOfkNmO.exe

C:\Windows\System\TKqfmrJ.exe

C:\Windows\System\TKqfmrJ.exe

C:\Windows\System\YObpGkI.exe

C:\Windows\System\YObpGkI.exe

C:\Windows\System\gqsiWqH.exe

C:\Windows\System\gqsiWqH.exe

C:\Windows\System\WZdoPYm.exe

C:\Windows\System\WZdoPYm.exe

C:\Windows\System\BmLuNUC.exe

C:\Windows\System\BmLuNUC.exe

C:\Windows\System\DqUmMrL.exe

C:\Windows\System\DqUmMrL.exe

C:\Windows\System\klUWONl.exe

C:\Windows\System\klUWONl.exe

C:\Windows\System\IbpGtjp.exe

C:\Windows\System\IbpGtjp.exe

C:\Windows\System\IPOBMHg.exe

C:\Windows\System\IPOBMHg.exe

C:\Windows\System\uyVpQpI.exe

C:\Windows\System\uyVpQpI.exe

C:\Windows\System\EhfNeXj.exe

C:\Windows\System\EhfNeXj.exe

C:\Windows\System\FvnDtQk.exe

C:\Windows\System\FvnDtQk.exe

C:\Windows\System\EPwdjhx.exe

C:\Windows\System\EPwdjhx.exe

C:\Windows\System\UtAiAXY.exe

C:\Windows\System\UtAiAXY.exe

C:\Windows\System\IqhCGee.exe

C:\Windows\System\IqhCGee.exe

C:\Windows\System\cpyLgzL.exe

C:\Windows\System\cpyLgzL.exe

C:\Windows\System\VuVqCSB.exe

C:\Windows\System\VuVqCSB.exe

C:\Windows\System\blSYvuJ.exe

C:\Windows\System\blSYvuJ.exe

C:\Windows\System\dxPhiBN.exe

C:\Windows\System\dxPhiBN.exe

C:\Windows\System\xfLsDZt.exe

C:\Windows\System\xfLsDZt.exe

C:\Windows\System\rmTXHON.exe

C:\Windows\System\rmTXHON.exe

C:\Windows\System\gpghGlk.exe

C:\Windows\System\gpghGlk.exe

C:\Windows\System\cuBSsaE.exe

C:\Windows\System\cuBSsaE.exe

C:\Windows\System\OHtKLhA.exe

C:\Windows\System\OHtKLhA.exe

C:\Windows\System\cyxmEiZ.exe

C:\Windows\System\cyxmEiZ.exe

C:\Windows\System\WQnkyDK.exe

C:\Windows\System\WQnkyDK.exe

C:\Windows\System\cTrJsFI.exe

C:\Windows\System\cTrJsFI.exe

C:\Windows\System\ngKvKAV.exe

C:\Windows\System\ngKvKAV.exe

C:\Windows\System\LHoCwty.exe

C:\Windows\System\LHoCwty.exe

C:\Windows\System\khKcQns.exe

C:\Windows\System\khKcQns.exe

C:\Windows\System\jMPXBdd.exe

C:\Windows\System\jMPXBdd.exe

C:\Windows\System\yOJXKOe.exe

C:\Windows\System\yOJXKOe.exe

C:\Windows\System\gQaMfvg.exe

C:\Windows\System\gQaMfvg.exe

C:\Windows\System\aGaIOJP.exe

C:\Windows\System\aGaIOJP.exe

C:\Windows\System\BYRvtjh.exe

C:\Windows\System\BYRvtjh.exe

C:\Windows\System\SFuaCgZ.exe

C:\Windows\System\SFuaCgZ.exe

C:\Windows\System\unUnfzB.exe

C:\Windows\System\unUnfzB.exe

C:\Windows\System\nvhPynq.exe

C:\Windows\System\nvhPynq.exe

C:\Windows\System\YgVdPEj.exe

C:\Windows\System\YgVdPEj.exe

C:\Windows\System\ntayvTF.exe

C:\Windows\System\ntayvTF.exe

C:\Windows\System\tocyRJe.exe

C:\Windows\System\tocyRJe.exe

C:\Windows\System\YDrPrxL.exe

C:\Windows\System\YDrPrxL.exe

C:\Windows\System\nqOmavH.exe

C:\Windows\System\nqOmavH.exe

C:\Windows\System\DXEdHvZ.exe

C:\Windows\System\DXEdHvZ.exe

C:\Windows\System\JjCMBpT.exe

C:\Windows\System\JjCMBpT.exe

C:\Windows\System\ESLAMzk.exe

C:\Windows\System\ESLAMzk.exe

C:\Windows\System\Ikvrxoj.exe

C:\Windows\System\Ikvrxoj.exe

C:\Windows\System\kVHPafj.exe

C:\Windows\System\kVHPafj.exe

C:\Windows\System\OzbhyIL.exe

C:\Windows\System\OzbhyIL.exe

C:\Windows\System\xZbDatG.exe

C:\Windows\System\xZbDatG.exe

C:\Windows\System\TymtYeW.exe

C:\Windows\System\TymtYeW.exe

C:\Windows\System\tIoWMFb.exe

C:\Windows\System\tIoWMFb.exe

C:\Windows\System\KPHIXwu.exe

C:\Windows\System\KPHIXwu.exe

C:\Windows\System\SomLJxR.exe

C:\Windows\System\SomLJxR.exe

C:\Windows\System\tfwizSw.exe

C:\Windows\System\tfwizSw.exe

C:\Windows\System\gBWUHjY.exe

C:\Windows\System\gBWUHjY.exe

C:\Windows\System\YyZDAhH.exe

C:\Windows\System\YyZDAhH.exe

C:\Windows\System\cAfdtAr.exe

C:\Windows\System\cAfdtAr.exe

C:\Windows\System\LAmqUDW.exe

C:\Windows\System\LAmqUDW.exe

C:\Windows\System\IvavuFh.exe

C:\Windows\System\IvavuFh.exe

C:\Windows\System\BrJHDMQ.exe

C:\Windows\System\BrJHDMQ.exe

C:\Windows\System\mscAboC.exe

C:\Windows\System\mscAboC.exe

C:\Windows\System\eKXcszp.exe

C:\Windows\System\eKXcszp.exe

C:\Windows\System\JizWRXe.exe

C:\Windows\System\JizWRXe.exe

C:\Windows\System\GuAdebV.exe

C:\Windows\System\GuAdebV.exe

C:\Windows\System\aqkcuvk.exe

C:\Windows\System\aqkcuvk.exe

C:\Windows\System\AckPezK.exe

C:\Windows\System\AckPezK.exe

C:\Windows\System\NBsqzND.exe

C:\Windows\System\NBsqzND.exe

C:\Windows\System\NupHEyD.exe

C:\Windows\System\NupHEyD.exe

C:\Windows\System\iioZrEY.exe

C:\Windows\System\iioZrEY.exe

C:\Windows\System\bWNrfmp.exe

C:\Windows\System\bWNrfmp.exe

C:\Windows\System\dXPNxFh.exe

C:\Windows\System\dXPNxFh.exe

C:\Windows\System\naWEnLd.exe

C:\Windows\System\naWEnLd.exe

C:\Windows\System\hJhukin.exe

C:\Windows\System\hJhukin.exe

C:\Windows\System\tgtmBkb.exe

C:\Windows\System\tgtmBkb.exe

C:\Windows\System\pBdrlct.exe

C:\Windows\System\pBdrlct.exe

C:\Windows\System\DerCMyH.exe

C:\Windows\System\DerCMyH.exe

C:\Windows\System\pxNIdCq.exe

C:\Windows\System\pxNIdCq.exe

C:\Windows\System\cYlEaVD.exe

C:\Windows\System\cYlEaVD.exe

C:\Windows\System\DyIHAbG.exe

C:\Windows\System\DyIHAbG.exe

C:\Windows\System\PbduMPU.exe

C:\Windows\System\PbduMPU.exe

C:\Windows\System\znxfQZq.exe

C:\Windows\System\znxfQZq.exe

C:\Windows\System\knemQyW.exe

C:\Windows\System\knemQyW.exe

C:\Windows\System\qDJuutv.exe

C:\Windows\System\qDJuutv.exe

C:\Windows\System\YnSOuOq.exe

C:\Windows\System\YnSOuOq.exe

C:\Windows\System\HZxQlUd.exe

C:\Windows\System\HZxQlUd.exe

C:\Windows\System\JIHbXqX.exe

C:\Windows\System\JIHbXqX.exe

C:\Windows\System\qYVQtiI.exe

C:\Windows\System\qYVQtiI.exe

C:\Windows\System\XvNSXQq.exe

C:\Windows\System\XvNSXQq.exe

C:\Windows\System\IAFcEWb.exe

C:\Windows\System\IAFcEWb.exe

C:\Windows\System\jejoAWB.exe

C:\Windows\System\jejoAWB.exe

C:\Windows\System\RYEpJUz.exe

C:\Windows\System\RYEpJUz.exe

C:\Windows\System\KvWlhia.exe

C:\Windows\System\KvWlhia.exe

C:\Windows\System\Zofvrcr.exe

C:\Windows\System\Zofvrcr.exe

C:\Windows\System\MuhvRJN.exe

C:\Windows\System\MuhvRJN.exe

C:\Windows\System\UvJotvn.exe

C:\Windows\System\UvJotvn.exe

C:\Windows\System\LrrvCOY.exe

C:\Windows\System\LrrvCOY.exe

C:\Windows\System\LjOyXjg.exe

C:\Windows\System\LjOyXjg.exe

C:\Windows\System\EJqlNFB.exe

C:\Windows\System\EJqlNFB.exe

C:\Windows\System\CkibDUJ.exe

C:\Windows\System\CkibDUJ.exe

C:\Windows\System\XusCxeN.exe

C:\Windows\System\XusCxeN.exe

C:\Windows\System\IroBbMk.exe

C:\Windows\System\IroBbMk.exe

C:\Windows\System\rSbNyVa.exe

C:\Windows\System\rSbNyVa.exe

C:\Windows\System\ZtROXSN.exe

C:\Windows\System\ZtROXSN.exe

C:\Windows\System\WHpuYjm.exe

C:\Windows\System\WHpuYjm.exe

C:\Windows\System\iuntEfr.exe

C:\Windows\System\iuntEfr.exe

C:\Windows\System\MQZhxkH.exe

C:\Windows\System\MQZhxkH.exe

C:\Windows\System\xOyxrBb.exe

C:\Windows\System\xOyxrBb.exe

C:\Windows\System\XhnLQFI.exe

C:\Windows\System\XhnLQFI.exe

C:\Windows\System\JIPlZXc.exe

C:\Windows\System\JIPlZXc.exe

C:\Windows\System\SRtLTZP.exe

C:\Windows\System\SRtLTZP.exe

C:\Windows\System\SvRnetT.exe

C:\Windows\System\SvRnetT.exe

C:\Windows\System\QPMwTcS.exe

C:\Windows\System\QPMwTcS.exe

C:\Windows\System\BiAUEex.exe

C:\Windows\System\BiAUEex.exe

C:\Windows\System\MmakeEh.exe

C:\Windows\System\MmakeEh.exe

C:\Windows\System\WGmocOi.exe

C:\Windows\System\WGmocOi.exe

C:\Windows\System\UReCAMm.exe

C:\Windows\System\UReCAMm.exe

C:\Windows\System\XRWSPBY.exe

C:\Windows\System\XRWSPBY.exe

C:\Windows\System\TEIewrZ.exe

C:\Windows\System\TEIewrZ.exe

C:\Windows\System\BoZVurf.exe

C:\Windows\System\BoZVurf.exe

C:\Windows\System\CROIwwu.exe

C:\Windows\System\CROIwwu.exe

C:\Windows\System\tVYAPpN.exe

C:\Windows\System\tVYAPpN.exe

C:\Windows\System\tJIWeiQ.exe

C:\Windows\System\tJIWeiQ.exe

C:\Windows\System\RtUUDcB.exe

C:\Windows\System\RtUUDcB.exe

C:\Windows\System\qUxUpdo.exe

C:\Windows\System\qUxUpdo.exe

C:\Windows\System\UGnteFg.exe

C:\Windows\System\UGnteFg.exe

C:\Windows\System\LCCOdfT.exe

C:\Windows\System\LCCOdfT.exe

C:\Windows\System\WsYYijw.exe

C:\Windows\System\WsYYijw.exe

C:\Windows\System\ZDFWeSp.exe

C:\Windows\System\ZDFWeSp.exe

C:\Windows\System\xDCpSrR.exe

C:\Windows\System\xDCpSrR.exe

C:\Windows\System\lBUSVan.exe

C:\Windows\System\lBUSVan.exe

C:\Windows\System\eQDnYgS.exe

C:\Windows\System\eQDnYgS.exe

C:\Windows\System\KITYxtA.exe

C:\Windows\System\KITYxtA.exe

C:\Windows\System\IMsndIQ.exe

C:\Windows\System\IMsndIQ.exe

C:\Windows\System\EZfzUrA.exe

C:\Windows\System\EZfzUrA.exe

C:\Windows\System\phEwrch.exe

C:\Windows\System\phEwrch.exe

C:\Windows\System\mAFcCgi.exe

C:\Windows\System\mAFcCgi.exe

C:\Windows\System\LRdkeXL.exe

C:\Windows\System\LRdkeXL.exe

C:\Windows\System\UxLwtdx.exe

C:\Windows\System\UxLwtdx.exe

C:\Windows\System\AMlfDSN.exe

C:\Windows\System\AMlfDSN.exe

C:\Windows\System\YyqRNin.exe

C:\Windows\System\YyqRNin.exe

C:\Windows\System\qCGBijE.exe

C:\Windows\System\qCGBijE.exe

C:\Windows\System\UXiWWtD.exe

C:\Windows\System\UXiWWtD.exe

C:\Windows\System\ZxkTDRl.exe

C:\Windows\System\ZxkTDRl.exe

C:\Windows\System\kpiCMDY.exe

C:\Windows\System\kpiCMDY.exe

C:\Windows\System\ROIbZwH.exe

C:\Windows\System\ROIbZwH.exe

C:\Windows\System\DeUTvfh.exe

C:\Windows\System\DeUTvfh.exe

C:\Windows\System\aseCdLZ.exe

C:\Windows\System\aseCdLZ.exe

C:\Windows\System\qADrjta.exe

C:\Windows\System\qADrjta.exe

C:\Windows\System\ibuOQvI.exe

C:\Windows\System\ibuOQvI.exe

C:\Windows\System\lZOeeGL.exe

C:\Windows\System\lZOeeGL.exe

C:\Windows\System\zYxzDEF.exe

C:\Windows\System\zYxzDEF.exe

C:\Windows\System\ZzKCsIP.exe

C:\Windows\System\ZzKCsIP.exe

C:\Windows\System\cJmZWVC.exe

C:\Windows\System\cJmZWVC.exe

C:\Windows\System\ajDoGHn.exe

C:\Windows\System\ajDoGHn.exe

C:\Windows\System\UaKNOFo.exe

C:\Windows\System\UaKNOFo.exe

C:\Windows\System\CSetzSi.exe

C:\Windows\System\CSetzSi.exe

C:\Windows\System\CASYHHO.exe

C:\Windows\System\CASYHHO.exe

C:\Windows\System\vOSrGCw.exe

C:\Windows\System\vOSrGCw.exe

C:\Windows\System\nVRtIIN.exe

C:\Windows\System\nVRtIIN.exe

C:\Windows\System\YIqXhSs.exe

C:\Windows\System\YIqXhSs.exe

C:\Windows\System\zKhTsDX.exe

C:\Windows\System\zKhTsDX.exe

C:\Windows\System\dMGvVLY.exe

C:\Windows\System\dMGvVLY.exe

C:\Windows\System\MNOppOJ.exe

C:\Windows\System\MNOppOJ.exe

C:\Windows\System\WDsNQeB.exe

C:\Windows\System\WDsNQeB.exe

C:\Windows\System\GtiZUIo.exe

C:\Windows\System\GtiZUIo.exe

C:\Windows\System\JfaxtFc.exe

C:\Windows\System\JfaxtFc.exe

C:\Windows\System\xVipiTR.exe

C:\Windows\System\xVipiTR.exe

C:\Windows\System\teFXdrt.exe

C:\Windows\System\teFXdrt.exe

C:\Windows\System\feqSJqH.exe

C:\Windows\System\feqSJqH.exe

C:\Windows\System\tXVqgdo.exe

C:\Windows\System\tXVqgdo.exe

C:\Windows\System\uNJMAMj.exe

C:\Windows\System\uNJMAMj.exe

C:\Windows\System\UKertip.exe

C:\Windows\System\UKertip.exe

C:\Windows\System\RvMayyH.exe

C:\Windows\System\RvMayyH.exe

C:\Windows\System\KQJYHiP.exe

C:\Windows\System\KQJYHiP.exe

C:\Windows\System\QFqennp.exe

C:\Windows\System\QFqennp.exe

C:\Windows\System\HVEenhR.exe

C:\Windows\System\HVEenhR.exe

C:\Windows\System\cMhxrfw.exe

C:\Windows\System\cMhxrfw.exe

C:\Windows\System\xWFZugB.exe

C:\Windows\System\xWFZugB.exe

C:\Windows\System\DOYNZQS.exe

C:\Windows\System\DOYNZQS.exe

C:\Windows\System\sJydXaN.exe

C:\Windows\System\sJydXaN.exe

C:\Windows\System\vKAiIQa.exe

C:\Windows\System\vKAiIQa.exe

C:\Windows\System\MApBFaD.exe

C:\Windows\System\MApBFaD.exe

C:\Windows\System\aWdEgvp.exe

C:\Windows\System\aWdEgvp.exe

C:\Windows\System\IbIFXnF.exe

C:\Windows\System\IbIFXnF.exe

C:\Windows\System\AabzRqR.exe

C:\Windows\System\AabzRqR.exe

C:\Windows\System\BJjUDol.exe

C:\Windows\System\BJjUDol.exe

C:\Windows\System\fzdjnei.exe

C:\Windows\System\fzdjnei.exe

C:\Windows\System\KFCMvnV.exe

C:\Windows\System\KFCMvnV.exe

C:\Windows\System\AuXJnCp.exe

C:\Windows\System\AuXJnCp.exe

C:\Windows\System\kjyCmiq.exe

C:\Windows\System\kjyCmiq.exe

C:\Windows\System\TFCyHtJ.exe

C:\Windows\System\TFCyHtJ.exe

C:\Windows\System\lhzJVTa.exe

C:\Windows\System\lhzJVTa.exe

C:\Windows\System\RUCzkyG.exe

C:\Windows\System\RUCzkyG.exe

C:\Windows\System\mZbEaOP.exe

C:\Windows\System\mZbEaOP.exe

C:\Windows\System\Mcpykms.exe

C:\Windows\System\Mcpykms.exe

C:\Windows\System\SoQJKtw.exe

C:\Windows\System\SoQJKtw.exe

C:\Windows\System\IukdUdn.exe

C:\Windows\System\IukdUdn.exe

C:\Windows\System\uVzEhDM.exe

C:\Windows\System\uVzEhDM.exe

C:\Windows\System\sCJPfPv.exe

C:\Windows\System\sCJPfPv.exe

C:\Windows\System\CimukEa.exe

C:\Windows\System\CimukEa.exe

C:\Windows\System\meogLPY.exe

C:\Windows\System\meogLPY.exe

C:\Windows\System\msqWOeQ.exe

C:\Windows\System\msqWOeQ.exe

C:\Windows\System\PsbIgah.exe

C:\Windows\System\PsbIgah.exe

C:\Windows\System\JBuEqGO.exe

C:\Windows\System\JBuEqGO.exe

C:\Windows\System\tKWOjcE.exe

C:\Windows\System\tKWOjcE.exe

C:\Windows\System\iMuaenr.exe

C:\Windows\System\iMuaenr.exe

C:\Windows\System\JjLfDsP.exe

C:\Windows\System\JjLfDsP.exe

C:\Windows\System\KAETEqf.exe

C:\Windows\System\KAETEqf.exe

C:\Windows\System\NyetWJs.exe

C:\Windows\System\NyetWJs.exe

C:\Windows\System\ALHZnGe.exe

C:\Windows\System\ALHZnGe.exe

C:\Windows\System\YOxRXQH.exe

C:\Windows\System\YOxRXQH.exe

C:\Windows\System\JXpodgQ.exe

C:\Windows\System\JXpodgQ.exe

C:\Windows\System\pjqILPK.exe

C:\Windows\System\pjqILPK.exe

C:\Windows\System\avUfZNT.exe

C:\Windows\System\avUfZNT.exe

C:\Windows\System\mvhoCRs.exe

C:\Windows\System\mvhoCRs.exe

C:\Windows\System\YbdPQqw.exe

C:\Windows\System\YbdPQqw.exe

C:\Windows\System\qLQXgbJ.exe

C:\Windows\System\qLQXgbJ.exe

C:\Windows\System\wHssiKr.exe

C:\Windows\System\wHssiKr.exe

C:\Windows\System\LRHyNpt.exe

C:\Windows\System\LRHyNpt.exe

C:\Windows\System\OFjlSCI.exe

C:\Windows\System\OFjlSCI.exe

C:\Windows\System\fFGMIOY.exe

C:\Windows\System\fFGMIOY.exe

C:\Windows\System\XgKyaLL.exe

C:\Windows\System\XgKyaLL.exe

C:\Windows\System\ZxwxMVJ.exe

C:\Windows\System\ZxwxMVJ.exe

C:\Windows\System\nqTJgMN.exe

C:\Windows\System\nqTJgMN.exe

C:\Windows\System\ohiGIcm.exe

C:\Windows\System\ohiGIcm.exe

C:\Windows\System\NdJNmJU.exe

C:\Windows\System\NdJNmJU.exe

C:\Windows\System\HnodrcV.exe

C:\Windows\System\HnodrcV.exe

C:\Windows\System\EvAXAqE.exe

C:\Windows\System\EvAXAqE.exe

C:\Windows\System\QOgpalO.exe

C:\Windows\System\QOgpalO.exe

C:\Windows\System\TdvTHda.exe

C:\Windows\System\TdvTHda.exe

C:\Windows\System\bYLwaxE.exe

C:\Windows\System\bYLwaxE.exe

C:\Windows\System\NPTaEKj.exe

C:\Windows\System\NPTaEKj.exe

C:\Windows\System\JXTBevE.exe

C:\Windows\System\JXTBevE.exe

C:\Windows\System\sGGBYau.exe

C:\Windows\System\sGGBYau.exe

C:\Windows\System\MNCMlyz.exe

C:\Windows\System\MNCMlyz.exe

C:\Windows\System\getishJ.exe

C:\Windows\System\getishJ.exe

C:\Windows\System\QEsOhWo.exe

C:\Windows\System\QEsOhWo.exe

C:\Windows\System\OdEzvuH.exe

C:\Windows\System\OdEzvuH.exe

C:\Windows\System\iGrUqSy.exe

C:\Windows\System\iGrUqSy.exe

C:\Windows\System\wtSXKtx.exe

C:\Windows\System\wtSXKtx.exe

C:\Windows\System\oeUnNEz.exe

C:\Windows\System\oeUnNEz.exe

C:\Windows\System\aZIiOMr.exe

C:\Windows\System\aZIiOMr.exe

C:\Windows\System\lyYIQQi.exe

C:\Windows\System\lyYIQQi.exe

C:\Windows\System\IEtnsWr.exe

C:\Windows\System\IEtnsWr.exe

C:\Windows\System\LZideUf.exe

C:\Windows\System\LZideUf.exe

C:\Windows\System\mEceZUZ.exe

C:\Windows\System\mEceZUZ.exe

C:\Windows\System\JephkbC.exe

C:\Windows\System\JephkbC.exe

C:\Windows\System\wuIDkpQ.exe

C:\Windows\System\wuIDkpQ.exe

C:\Windows\System\kYxpWJc.exe

C:\Windows\System\kYxpWJc.exe

C:\Windows\System\dAdiubM.exe

C:\Windows\System\dAdiubM.exe

C:\Windows\System\BvMbHUD.exe

C:\Windows\System\BvMbHUD.exe

C:\Windows\System\VxecrCo.exe

C:\Windows\System\VxecrCo.exe

C:\Windows\System\UJuscUw.exe

C:\Windows\System\UJuscUw.exe

C:\Windows\System\TVpvacR.exe

C:\Windows\System\TVpvacR.exe

C:\Windows\System\yFngaiE.exe

C:\Windows\System\yFngaiE.exe

C:\Windows\System\qPzFjuS.exe

C:\Windows\System\qPzFjuS.exe

C:\Windows\System\bWkOCDr.exe

C:\Windows\System\bWkOCDr.exe

C:\Windows\System\OATqPLh.exe

C:\Windows\System\OATqPLh.exe

C:\Windows\System\rMkSrfK.exe

C:\Windows\System\rMkSrfK.exe

C:\Windows\System\mESJhyx.exe

C:\Windows\System\mESJhyx.exe

C:\Windows\System\LOBGpaE.exe

C:\Windows\System\LOBGpaE.exe

C:\Windows\System\JhhuByA.exe

C:\Windows\System\JhhuByA.exe

C:\Windows\System\aKHSYom.exe

C:\Windows\System\aKHSYom.exe

C:\Windows\System\jhtJtWX.exe

C:\Windows\System\jhtJtWX.exe

C:\Windows\System\yzcGfCk.exe

C:\Windows\System\yzcGfCk.exe

C:\Windows\System\TNMQVMq.exe

C:\Windows\System\TNMQVMq.exe

C:\Windows\System\EYmLHVZ.exe

C:\Windows\System\EYmLHVZ.exe

C:\Windows\System\lKFzRfL.exe

C:\Windows\System\lKFzRfL.exe

C:\Windows\System\EZPPKCP.exe

C:\Windows\System\EZPPKCP.exe

C:\Windows\System\FMDDFgz.exe

C:\Windows\System\FMDDFgz.exe

C:\Windows\System\YDTTcbO.exe

C:\Windows\System\YDTTcbO.exe

C:\Windows\System\mbtSrjH.exe

C:\Windows\System\mbtSrjH.exe

C:\Windows\System\SKesFBp.exe

C:\Windows\System\SKesFBp.exe

C:\Windows\System\QsuKUkt.exe

C:\Windows\System\QsuKUkt.exe

C:\Windows\System\qptIQfa.exe

C:\Windows\System\qptIQfa.exe

C:\Windows\System\KdjIMUl.exe

C:\Windows\System\KdjIMUl.exe

C:\Windows\System\uFuBknV.exe

C:\Windows\System\uFuBknV.exe

C:\Windows\System\cqIJGKe.exe

C:\Windows\System\cqIJGKe.exe

C:\Windows\System\eMOyyAZ.exe

C:\Windows\System\eMOyyAZ.exe

C:\Windows\System\IYuOXHV.exe

C:\Windows\System\IYuOXHV.exe

C:\Windows\System\galDoPZ.exe

C:\Windows\System\galDoPZ.exe

C:\Windows\System\NdQUnVh.exe

C:\Windows\System\NdQUnVh.exe

C:\Windows\System\EwpREjW.exe

C:\Windows\System\EwpREjW.exe

C:\Windows\System\daPBezt.exe

C:\Windows\System\daPBezt.exe

C:\Windows\System\edNXSmc.exe

C:\Windows\System\edNXSmc.exe

C:\Windows\System\guUKmlO.exe

C:\Windows\System\guUKmlO.exe

C:\Windows\System\GokpGQH.exe

C:\Windows\System\GokpGQH.exe

C:\Windows\System\KVjghNq.exe

C:\Windows\System\KVjghNq.exe

C:\Windows\System\iyhjfRx.exe

C:\Windows\System\iyhjfRx.exe

C:\Windows\System\stxrEQn.exe

C:\Windows\System\stxrEQn.exe

C:\Windows\System\uiJCQsC.exe

C:\Windows\System\uiJCQsC.exe

C:\Windows\System\BWIFaTZ.exe

C:\Windows\System\BWIFaTZ.exe

C:\Windows\System\tdacBDC.exe

C:\Windows\System\tdacBDC.exe

C:\Windows\System\fwWuJWP.exe

C:\Windows\System\fwWuJWP.exe

C:\Windows\System\ZtEaQIt.exe

C:\Windows\System\ZtEaQIt.exe

C:\Windows\System\HcwWLAC.exe

C:\Windows\System\HcwWLAC.exe

C:\Windows\System\YFeNpLQ.exe

C:\Windows\System\YFeNpLQ.exe

C:\Windows\System\nTypFMD.exe

C:\Windows\System\nTypFMD.exe

C:\Windows\System\vplRoGb.exe

C:\Windows\System\vplRoGb.exe

C:\Windows\System\otxJzoH.exe

C:\Windows\System\otxJzoH.exe

C:\Windows\System\eExvYCw.exe

C:\Windows\System\eExvYCw.exe

C:\Windows\System\cWEnthb.exe

C:\Windows\System\cWEnthb.exe

C:\Windows\System\TmFxutA.exe

C:\Windows\System\TmFxutA.exe

C:\Windows\System\mMmsdUN.exe

C:\Windows\System\mMmsdUN.exe

C:\Windows\System\WclHSrT.exe

C:\Windows\System\WclHSrT.exe

C:\Windows\System\GDPjzdY.exe

C:\Windows\System\GDPjzdY.exe

C:\Windows\System\YnaBLnC.exe

C:\Windows\System\YnaBLnC.exe

C:\Windows\System\XRZNuKy.exe

C:\Windows\System\XRZNuKy.exe

C:\Windows\System\KndspFV.exe

C:\Windows\System\KndspFV.exe

C:\Windows\System\hpkhMpz.exe

C:\Windows\System\hpkhMpz.exe

C:\Windows\System\IRqHwEg.exe

C:\Windows\System\IRqHwEg.exe

C:\Windows\System\ZxOCgtD.exe

C:\Windows\System\ZxOCgtD.exe

C:\Windows\System\qDNnymU.exe

C:\Windows\System\qDNnymU.exe

C:\Windows\System\QiozpDi.exe

C:\Windows\System\QiozpDi.exe

C:\Windows\System\ROmdtbk.exe

C:\Windows\System\ROmdtbk.exe

C:\Windows\System\kLHkkpS.exe

C:\Windows\System\kLHkkpS.exe

C:\Windows\System\jbCYLmR.exe

C:\Windows\System\jbCYLmR.exe

C:\Windows\System\rTyqtcV.exe

C:\Windows\System\rTyqtcV.exe

C:\Windows\System\RnFGuJl.exe

C:\Windows\System\RnFGuJl.exe

C:\Windows\System\ceOcYkz.exe

C:\Windows\System\ceOcYkz.exe

C:\Windows\System\ilVrvSQ.exe

C:\Windows\System\ilVrvSQ.exe

C:\Windows\System\IlzYCIY.exe

C:\Windows\System\IlzYCIY.exe

C:\Windows\System\QxegtKw.exe

C:\Windows\System\QxegtKw.exe

C:\Windows\System\suYZOzd.exe

C:\Windows\System\suYZOzd.exe

C:\Windows\System\OZpnGwT.exe

C:\Windows\System\OZpnGwT.exe

C:\Windows\System\RqOnvLg.exe

C:\Windows\System\RqOnvLg.exe

C:\Windows\System\YIAoyVY.exe

C:\Windows\System\YIAoyVY.exe

C:\Windows\System\FsfyBXR.exe

C:\Windows\System\FsfyBXR.exe

C:\Windows\System\IdmpKXx.exe

C:\Windows\System\IdmpKXx.exe

C:\Windows\System\UGbNpzi.exe

C:\Windows\System\UGbNpzi.exe

C:\Windows\System\GxprmWJ.exe

C:\Windows\System\GxprmWJ.exe

C:\Windows\System\daZGBVm.exe

C:\Windows\System\daZGBVm.exe

C:\Windows\System\mKIbGNH.exe

C:\Windows\System\mKIbGNH.exe

C:\Windows\System\pmyzzYr.exe

C:\Windows\System\pmyzzYr.exe

C:\Windows\System\feuqSar.exe

C:\Windows\System\feuqSar.exe

C:\Windows\System\ScMONPL.exe

C:\Windows\System\ScMONPL.exe

C:\Windows\System\IHcocrD.exe

C:\Windows\System\IHcocrD.exe

C:\Windows\System\cLpqWsH.exe

C:\Windows\System\cLpqWsH.exe

C:\Windows\System\OQoOglk.exe

C:\Windows\System\OQoOglk.exe

C:\Windows\System\GpRXFAH.exe

C:\Windows\System\GpRXFAH.exe

C:\Windows\System\ubnayEv.exe

C:\Windows\System\ubnayEv.exe

C:\Windows\System\ARSgjei.exe

C:\Windows\System\ARSgjei.exe

C:\Windows\System\sIeLvrV.exe

C:\Windows\System\sIeLvrV.exe

C:\Windows\System\WZxTRKy.exe

C:\Windows\System\WZxTRKy.exe

C:\Windows\System\sZAxcCB.exe

C:\Windows\System\sZAxcCB.exe

C:\Windows\System\BqRvZcq.exe

C:\Windows\System\BqRvZcq.exe

C:\Windows\System\LIKaaQT.exe

C:\Windows\System\LIKaaQT.exe

C:\Windows\System\rREpQdT.exe

C:\Windows\System\rREpQdT.exe

C:\Windows\System\kQxGOzS.exe

C:\Windows\System\kQxGOzS.exe

C:\Windows\System\nIgjtTl.exe

C:\Windows\System\nIgjtTl.exe

C:\Windows\System\ryIQUSL.exe

C:\Windows\System\ryIQUSL.exe

C:\Windows\System\nYMBCxb.exe

C:\Windows\System\nYMBCxb.exe

C:\Windows\System\tHvBKsg.exe

C:\Windows\System\tHvBKsg.exe

C:\Windows\System\SDZVEPI.exe

C:\Windows\System\SDZVEPI.exe

C:\Windows\System\wJbJEay.exe

C:\Windows\System\wJbJEay.exe

C:\Windows\System\FPYnQBM.exe

C:\Windows\System\FPYnQBM.exe

C:\Windows\System\SrZPRJE.exe

C:\Windows\System\SrZPRJE.exe

C:\Windows\System\kbMfZny.exe

C:\Windows\System\kbMfZny.exe

C:\Windows\System\yYisezg.exe

C:\Windows\System\yYisezg.exe

C:\Windows\System\dBWAlMa.exe

C:\Windows\System\dBWAlMa.exe

C:\Windows\System\ILsfMih.exe

C:\Windows\System\ILsfMih.exe

C:\Windows\System\BavkTTG.exe

C:\Windows\System\BavkTTG.exe

C:\Windows\System\cXGRvBr.exe

C:\Windows\System\cXGRvBr.exe

C:\Windows\System\XGtnksb.exe

C:\Windows\System\XGtnksb.exe

C:\Windows\System\PvePRvR.exe

C:\Windows\System\PvePRvR.exe

C:\Windows\System\CsCxyWn.exe

C:\Windows\System\CsCxyWn.exe

C:\Windows\System\DwHbyNV.exe

C:\Windows\System\DwHbyNV.exe

C:\Windows\System\xVsEONt.exe

C:\Windows\System\xVsEONt.exe

C:\Windows\System\UngAWNG.exe

C:\Windows\System\UngAWNG.exe

C:\Windows\System\pHqzuvu.exe

C:\Windows\System\pHqzuvu.exe

C:\Windows\System\gEezZkf.exe

C:\Windows\System\gEezZkf.exe

C:\Windows\System\sdBvpXM.exe

C:\Windows\System\sdBvpXM.exe

C:\Windows\System\UAobeee.exe

C:\Windows\System\UAobeee.exe

C:\Windows\System\RCTyCYl.exe

C:\Windows\System\RCTyCYl.exe

C:\Windows\System\NGaviBl.exe

C:\Windows\System\NGaviBl.exe

C:\Windows\System\XtugYQO.exe

C:\Windows\System\XtugYQO.exe

C:\Windows\System\YrTQqGb.exe

C:\Windows\System\YrTQqGb.exe

C:\Windows\System\RGTACLJ.exe

C:\Windows\System\RGTACLJ.exe

C:\Windows\System\WfdxqaN.exe

C:\Windows\System\WfdxqaN.exe

C:\Windows\System\pojrSNV.exe

C:\Windows\System\pojrSNV.exe

C:\Windows\System\FfyPDtg.exe

C:\Windows\System\FfyPDtg.exe

C:\Windows\System\UqtWkao.exe

C:\Windows\System\UqtWkao.exe

C:\Windows\System\HArnTkc.exe

C:\Windows\System\HArnTkc.exe

C:\Windows\System\zmmvshI.exe

C:\Windows\System\zmmvshI.exe

C:\Windows\System\JsniPBi.exe

C:\Windows\System\JsniPBi.exe

C:\Windows\System\CRXduqT.exe

C:\Windows\System\CRXduqT.exe

C:\Windows\System\GHpQjIr.exe

C:\Windows\System\GHpQjIr.exe

C:\Windows\System\KKyIPZb.exe

C:\Windows\System\KKyIPZb.exe

C:\Windows\System\guSEhuI.exe

C:\Windows\System\guSEhuI.exe

C:\Windows\System\GAwBVHg.exe

C:\Windows\System\GAwBVHg.exe

C:\Windows\System\QxSStKp.exe

C:\Windows\System\QxSStKp.exe

C:\Windows\System\wQCJpiS.exe

C:\Windows\System\wQCJpiS.exe

C:\Windows\System\zUfxofl.exe

C:\Windows\System\zUfxofl.exe

C:\Windows\System\fNiOVCM.exe

C:\Windows\System\fNiOVCM.exe

C:\Windows\System\tGVSJmB.exe

C:\Windows\System\tGVSJmB.exe

C:\Windows\System\jFBYSXr.exe

C:\Windows\System\jFBYSXr.exe

C:\Windows\System\jGsLvMC.exe

C:\Windows\System\jGsLvMC.exe

C:\Windows\System\aMIfEmH.exe

C:\Windows\System\aMIfEmH.exe

C:\Windows\System\UEGOWvP.exe

C:\Windows\System\UEGOWvP.exe

C:\Windows\System\EMhQCSf.exe

C:\Windows\System\EMhQCSf.exe

C:\Windows\System\DJwOKMk.exe

C:\Windows\System\DJwOKMk.exe

C:\Windows\System\HEQWFEG.exe

C:\Windows\System\HEQWFEG.exe

C:\Windows\System\LEytUub.exe

C:\Windows\System\LEytUub.exe

C:\Windows\System\egjfKRc.exe

C:\Windows\System\egjfKRc.exe

C:\Windows\System\inHbZSK.exe

C:\Windows\System\inHbZSK.exe

C:\Windows\System\sJKKaIz.exe

C:\Windows\System\sJKKaIz.exe

C:\Windows\System\BvTcdOL.exe

C:\Windows\System\BvTcdOL.exe

C:\Windows\System\gLmNKAD.exe

C:\Windows\System\gLmNKAD.exe

C:\Windows\System\pFpMjsM.exe

C:\Windows\System\pFpMjsM.exe

C:\Windows\System\UOCecNc.exe

C:\Windows\System\UOCecNc.exe

C:\Windows\System\yREJHst.exe

C:\Windows\System\yREJHst.exe

C:\Windows\System\UrFQGjo.exe

C:\Windows\System\UrFQGjo.exe

C:\Windows\System\CyRRWhi.exe

C:\Windows\System\CyRRWhi.exe

C:\Windows\System\GLyeijx.exe

C:\Windows\System\GLyeijx.exe

C:\Windows\System\GSrDwil.exe

C:\Windows\System\GSrDwil.exe

C:\Windows\System\hYQXWnQ.exe

C:\Windows\System\hYQXWnQ.exe

C:\Windows\System\OMjAnFs.exe

C:\Windows\System\OMjAnFs.exe

C:\Windows\System\IheaMcD.exe

C:\Windows\System\IheaMcD.exe

C:\Windows\System\uVApzYT.exe

C:\Windows\System\uVApzYT.exe

C:\Windows\System\AjkccLB.exe

C:\Windows\System\AjkccLB.exe

C:\Windows\System\hYAZuwI.exe

C:\Windows\System\hYAZuwI.exe

C:\Windows\System\ZTjiAGE.exe

C:\Windows\System\ZTjiAGE.exe

C:\Windows\System\uDIeCWV.exe

C:\Windows\System\uDIeCWV.exe

C:\Windows\System\twzgaPx.exe

C:\Windows\System\twzgaPx.exe

C:\Windows\System\xyMXCLa.exe

C:\Windows\System\xyMXCLa.exe

C:\Windows\System\SMAzvTz.exe

C:\Windows\System\SMAzvTz.exe

C:\Windows\System\tIVKous.exe

C:\Windows\System\tIVKous.exe

C:\Windows\System\JOllRJp.exe

C:\Windows\System\JOllRJp.exe

C:\Windows\System\AwPyGoN.exe

C:\Windows\System\AwPyGoN.exe

C:\Windows\System\eiLJrhE.exe

C:\Windows\System\eiLJrhE.exe

C:\Windows\System\yNhngKz.exe

C:\Windows\System\yNhngKz.exe

C:\Windows\System\dyQJjhh.exe

C:\Windows\System\dyQJjhh.exe

C:\Windows\System\AnJbGtm.exe

C:\Windows\System\AnJbGtm.exe

C:\Windows\System\YyJrupL.exe

C:\Windows\System\YyJrupL.exe

C:\Windows\System\yyQLlEg.exe

C:\Windows\System\yyQLlEg.exe

C:\Windows\System\ZoNslwv.exe

C:\Windows\System\ZoNslwv.exe

C:\Windows\System\dnCtvcc.exe

C:\Windows\System\dnCtvcc.exe

C:\Windows\System\WUVkfaf.exe

C:\Windows\System\WUVkfaf.exe

C:\Windows\System\yaTYNjr.exe

C:\Windows\System\yaTYNjr.exe

C:\Windows\System\mdEynRx.exe

C:\Windows\System\mdEynRx.exe

C:\Windows\System\HbfqEBL.exe

C:\Windows\System\HbfqEBL.exe

C:\Windows\System\CBWFvvX.exe

C:\Windows\System\CBWFvvX.exe

C:\Windows\System\sPnKjzC.exe

C:\Windows\System\sPnKjzC.exe

C:\Windows\System\mfcCdCT.exe

C:\Windows\System\mfcCdCT.exe

C:\Windows\System\vqKBLpN.exe

C:\Windows\System\vqKBLpN.exe

C:\Windows\System\SpiQhcf.exe

C:\Windows\System\SpiQhcf.exe

C:\Windows\System\IUNQGUJ.exe

C:\Windows\System\IUNQGUJ.exe

C:\Windows\System\UWZxzhV.exe

C:\Windows\System\UWZxzhV.exe

C:\Windows\System\CEofaGv.exe

C:\Windows\System\CEofaGv.exe

C:\Windows\System\fvMavEj.exe

C:\Windows\System\fvMavEj.exe

C:\Windows\System\sFzBoFO.exe

C:\Windows\System\sFzBoFO.exe

C:\Windows\System\DlonpPM.exe

C:\Windows\System\DlonpPM.exe

C:\Windows\System\xmPEhBz.exe

C:\Windows\System\xmPEhBz.exe

C:\Windows\System\RmBwuRA.exe

C:\Windows\System\RmBwuRA.exe

C:\Windows\System\gNvrtkz.exe

C:\Windows\System\gNvrtkz.exe

C:\Windows\System\Uxwdbcz.exe

C:\Windows\System\Uxwdbcz.exe

C:\Windows\System\ePmwlOG.exe

C:\Windows\System\ePmwlOG.exe

C:\Windows\System\OCZaTSE.exe

C:\Windows\System\OCZaTSE.exe

C:\Windows\System\NtrleRO.exe

C:\Windows\System\NtrleRO.exe

C:\Windows\System\YitaQuO.exe

C:\Windows\System\YitaQuO.exe

C:\Windows\System\PkBSFgL.exe

C:\Windows\System\PkBSFgL.exe

C:\Windows\System\JmwuMLQ.exe

C:\Windows\System\JmwuMLQ.exe

C:\Windows\System\xoqYeYZ.exe

C:\Windows\System\xoqYeYZ.exe

C:\Windows\System\WiMYuHL.exe

C:\Windows\System\WiMYuHL.exe

C:\Windows\System\DPWazgW.exe

C:\Windows\System\DPWazgW.exe

C:\Windows\System\YQnGtwI.exe

C:\Windows\System\YQnGtwI.exe

C:\Windows\System\JoZmKRK.exe

C:\Windows\System\JoZmKRK.exe

C:\Windows\System\MKFeVnO.exe

C:\Windows\System\MKFeVnO.exe

C:\Windows\System\AJYbxAs.exe

C:\Windows\System\AJYbxAs.exe

C:\Windows\System\qFYoRBH.exe

C:\Windows\System\qFYoRBH.exe

C:\Windows\System\BoLMlDy.exe

C:\Windows\System\BoLMlDy.exe

C:\Windows\System\EKpRCBd.exe

C:\Windows\System\EKpRCBd.exe

C:\Windows\System\DZxVtkI.exe

C:\Windows\System\DZxVtkI.exe

C:\Windows\System\PcPksCZ.exe

C:\Windows\System\PcPksCZ.exe

C:\Windows\System\WaJlfmi.exe

C:\Windows\System\WaJlfmi.exe

C:\Windows\System\EoCGdWq.exe

C:\Windows\System\EoCGdWq.exe

C:\Windows\System\TiJvHrl.exe

C:\Windows\System\TiJvHrl.exe

C:\Windows\System\vnqbfhU.exe

C:\Windows\System\vnqbfhU.exe

C:\Windows\System\JhPlByV.exe

C:\Windows\System\JhPlByV.exe

C:\Windows\System\URtAdfZ.exe

C:\Windows\System\URtAdfZ.exe

C:\Windows\System\jrchEen.exe

C:\Windows\System\jrchEen.exe

C:\Windows\System\UUyGSYx.exe

C:\Windows\System\UUyGSYx.exe

C:\Windows\System\JCTfdgA.exe

C:\Windows\System\JCTfdgA.exe

C:\Windows\System\Sxgtxdg.exe

C:\Windows\System\Sxgtxdg.exe

C:\Windows\System\LTrTArC.exe

C:\Windows\System\LTrTArC.exe

C:\Windows\System\IUxerIa.exe

C:\Windows\System\IUxerIa.exe

C:\Windows\System\NERfmPB.exe

C:\Windows\System\NERfmPB.exe

C:\Windows\System\Cfmtqkc.exe

C:\Windows\System\Cfmtqkc.exe

C:\Windows\System\PmtsjbX.exe

C:\Windows\System\PmtsjbX.exe

C:\Windows\System\uZtJvfT.exe

C:\Windows\System\uZtJvfT.exe

C:\Windows\System\cXSgpOw.exe

C:\Windows\System\cXSgpOw.exe

C:\Windows\System\CxJGcKt.exe

C:\Windows\System\CxJGcKt.exe

C:\Windows\System\fUoeJnL.exe

C:\Windows\System\fUoeJnL.exe

C:\Windows\System\ntGKTQg.exe

C:\Windows\System\ntGKTQg.exe

C:\Windows\System\tojcIDw.exe

C:\Windows\System\tojcIDw.exe

C:\Windows\System\mQaDGXh.exe

C:\Windows\System\mQaDGXh.exe

C:\Windows\System\oPsAggl.exe

C:\Windows\System\oPsAggl.exe

C:\Windows\System\pPcfbsG.exe

C:\Windows\System\pPcfbsG.exe

C:\Windows\System\phUxhmA.exe

C:\Windows\System\phUxhmA.exe

C:\Windows\System\yVCoqqR.exe

C:\Windows\System\yVCoqqR.exe

C:\Windows\System\tdFnSbV.exe

C:\Windows\System\tdFnSbV.exe

C:\Windows\System\sbsTQyZ.exe

C:\Windows\System\sbsTQyZ.exe

C:\Windows\System\OBsUlNI.exe

C:\Windows\System\OBsUlNI.exe

C:\Windows\System\mCljQxp.exe

C:\Windows\System\mCljQxp.exe

C:\Windows\System\YkRRGvv.exe

C:\Windows\System\YkRRGvv.exe

C:\Windows\System\uGdpqoT.exe

C:\Windows\System\uGdpqoT.exe

C:\Windows\System\SZTxiKY.exe

C:\Windows\System\SZTxiKY.exe

C:\Windows\System\mWRspTX.exe

C:\Windows\System\mWRspTX.exe

C:\Windows\System\vrmjqxh.exe

C:\Windows\System\vrmjqxh.exe

C:\Windows\System\ttWMmUr.exe

C:\Windows\System\ttWMmUr.exe

C:\Windows\System\EGjcJAE.exe

C:\Windows\System\EGjcJAE.exe

C:\Windows\System\lPKwmTi.exe

C:\Windows\System\lPKwmTi.exe

C:\Windows\System\YdzhJpx.exe

C:\Windows\System\YdzhJpx.exe

C:\Windows\System\PEMWFrp.exe

C:\Windows\System\PEMWFrp.exe

C:\Windows\System\kwLEzcN.exe

C:\Windows\System\kwLEzcN.exe

C:\Windows\System\jzzupiC.exe

C:\Windows\System\jzzupiC.exe

C:\Windows\System\BgkkyFB.exe

C:\Windows\System\BgkkyFB.exe

C:\Windows\System\sdQhOmJ.exe

C:\Windows\System\sdQhOmJ.exe

C:\Windows\System\bHpIOTX.exe

C:\Windows\System\bHpIOTX.exe

C:\Windows\System\myQLpZF.exe

C:\Windows\System\myQLpZF.exe

C:\Windows\System\XnzsWTf.exe

C:\Windows\System\XnzsWTf.exe

C:\Windows\System\oOsnaaP.exe

C:\Windows\System\oOsnaaP.exe

C:\Windows\System\eDbLuGe.exe

C:\Windows\System\eDbLuGe.exe

C:\Windows\System\tCFDsRH.exe

C:\Windows\System\tCFDsRH.exe

C:\Windows\System\mODBpZS.exe

C:\Windows\System\mODBpZS.exe

C:\Windows\System\EFhqzrM.exe

C:\Windows\System\EFhqzrM.exe

C:\Windows\System\FHyaQJN.exe

C:\Windows\System\FHyaQJN.exe

C:\Windows\System\KkGmxDn.exe

C:\Windows\System\KkGmxDn.exe

C:\Windows\System\gVfEPyo.exe

C:\Windows\System\gVfEPyo.exe

C:\Windows\System\lPPlrlU.exe

C:\Windows\System\lPPlrlU.exe

C:\Windows\System\cNSsnDg.exe

C:\Windows\System\cNSsnDg.exe

C:\Windows\System\qjPIVhv.exe

C:\Windows\System\qjPIVhv.exe

C:\Windows\System\WaVGOzY.exe

C:\Windows\System\WaVGOzY.exe

C:\Windows\System\dCEVjlT.exe

C:\Windows\System\dCEVjlT.exe

C:\Windows\System\JgQMJLg.exe

C:\Windows\System\JgQMJLg.exe

C:\Windows\System\ceKyupq.exe

C:\Windows\System\ceKyupq.exe

C:\Windows\System\eeqXTjs.exe

C:\Windows\System\eeqXTjs.exe

C:\Windows\System\sxoKFzM.exe

C:\Windows\System\sxoKFzM.exe

C:\Windows\System\UogfKfQ.exe

C:\Windows\System\UogfKfQ.exe

C:\Windows\System\zondmWj.exe

C:\Windows\System\zondmWj.exe

C:\Windows\System\TtlRWtd.exe

C:\Windows\System\TtlRWtd.exe

C:\Windows\System\UXhOffY.exe

C:\Windows\System\UXhOffY.exe

C:\Windows\System\mnnoDHP.exe

C:\Windows\System\mnnoDHP.exe

C:\Windows\System\ISpVjru.exe

C:\Windows\System\ISpVjru.exe

C:\Windows\System\misgoZb.exe

C:\Windows\System\misgoZb.exe

C:\Windows\System\sHOOZyw.exe

C:\Windows\System\sHOOZyw.exe

C:\Windows\System\JTPLaSU.exe

C:\Windows\System\JTPLaSU.exe

C:\Windows\System\QygWLdZ.exe

C:\Windows\System\QygWLdZ.exe

C:\Windows\System\hZZNEfP.exe

C:\Windows\System\hZZNEfP.exe

C:\Windows\System\EZxgJEc.exe

C:\Windows\System\EZxgJEc.exe

C:\Windows\System\sLPgsIK.exe

C:\Windows\System\sLPgsIK.exe

C:\Windows\System\kCjkhcs.exe

C:\Windows\System\kCjkhcs.exe

C:\Windows\System\jiRvvOU.exe

C:\Windows\System\jiRvvOU.exe

C:\Windows\System\uBWHBIs.exe

C:\Windows\System\uBWHBIs.exe

C:\Windows\System\ACqUZtd.exe

C:\Windows\System\ACqUZtd.exe

C:\Windows\System\auNIADz.exe

C:\Windows\System\auNIADz.exe

C:\Windows\System\WqJZZOT.exe

C:\Windows\System\WqJZZOT.exe

C:\Windows\System\BwrlClZ.exe

C:\Windows\System\BwrlClZ.exe

C:\Windows\System\iSpAYhv.exe

C:\Windows\System\iSpAYhv.exe

C:\Windows\System\xmjrBUp.exe

C:\Windows\System\xmjrBUp.exe

C:\Windows\System\GgpmSBR.exe

C:\Windows\System\GgpmSBR.exe

C:\Windows\System\drwGVkj.exe

C:\Windows\System\drwGVkj.exe

C:\Windows\System\Uszocsp.exe

C:\Windows\System\Uszocsp.exe

C:\Windows\System\VQCtJsd.exe

C:\Windows\System\VQCtJsd.exe

C:\Windows\System\kqoRiKc.exe

C:\Windows\System\kqoRiKc.exe

C:\Windows\System\LPNhrlQ.exe

C:\Windows\System\LPNhrlQ.exe

C:\Windows\System\RyVgWVT.exe

C:\Windows\System\RyVgWVT.exe

C:\Windows\System\PEfFhUk.exe

C:\Windows\System\PEfFhUk.exe

C:\Windows\System\yZizzPX.exe

C:\Windows\System\yZizzPX.exe

C:\Windows\System\dycFmSV.exe

C:\Windows\System\dycFmSV.exe

C:\Windows\System\nTNaRJa.exe

C:\Windows\System\nTNaRJa.exe

C:\Windows\System\tCOTmtg.exe

C:\Windows\System\tCOTmtg.exe

C:\Windows\System\qXuhViO.exe

C:\Windows\System\qXuhViO.exe

C:\Windows\System\pSHZBez.exe

C:\Windows\System\pSHZBez.exe

C:\Windows\System\TrdIOZW.exe

C:\Windows\System\TrdIOZW.exe

C:\Windows\System\IBNcbAk.exe

C:\Windows\System\IBNcbAk.exe

C:\Windows\System\HSsISsH.exe

C:\Windows\System\HSsISsH.exe

C:\Windows\System\rcoqEDx.exe

C:\Windows\System\rcoqEDx.exe

C:\Windows\System\NjpAeuz.exe

C:\Windows\System\NjpAeuz.exe

C:\Windows\System\ybxExGG.exe

C:\Windows\System\ybxExGG.exe

C:\Windows\System\QpFXkNs.exe

C:\Windows\System\QpFXkNs.exe

C:\Windows\System\RwJkamp.exe

C:\Windows\System\RwJkamp.exe

C:\Windows\System\VEnJRiK.exe

C:\Windows\System\VEnJRiK.exe

C:\Windows\System\wQifOwC.exe

C:\Windows\System\wQifOwC.exe

C:\Windows\System\RXldBLk.exe

C:\Windows\System\RXldBLk.exe

C:\Windows\System\BFXCenn.exe

C:\Windows\System\BFXCenn.exe

C:\Windows\System\JbWGGCD.exe

C:\Windows\System\JbWGGCD.exe

C:\Windows\System\lgpgkhi.exe

C:\Windows\System\lgpgkhi.exe

C:\Windows\System\QxAwlGn.exe

C:\Windows\System\QxAwlGn.exe

C:\Windows\System\BNZwuVR.exe

C:\Windows\System\BNZwuVR.exe

C:\Windows\System\YQuoXXf.exe

C:\Windows\System\YQuoXXf.exe

C:\Windows\System\rDRxzVn.exe

C:\Windows\System\rDRxzVn.exe

C:\Windows\System\aFtriTZ.exe

C:\Windows\System\aFtriTZ.exe

C:\Windows\System\FgmwxXG.exe

C:\Windows\System\FgmwxXG.exe

C:\Windows\System\dzSQEMv.exe

C:\Windows\System\dzSQEMv.exe

C:\Windows\System\fuWKGUm.exe

C:\Windows\System\fuWKGUm.exe

C:\Windows\System\LiGKNXS.exe

C:\Windows\System\LiGKNXS.exe

C:\Windows\System\pMbfwTs.exe

C:\Windows\System\pMbfwTs.exe

C:\Windows\System\UqFoPVY.exe

C:\Windows\System\UqFoPVY.exe

C:\Windows\System\auGFICI.exe

C:\Windows\System\auGFICI.exe

C:\Windows\System\CEBLfgo.exe

C:\Windows\System\CEBLfgo.exe

C:\Windows\System\tsBAgtN.exe

C:\Windows\System\tsBAgtN.exe

C:\Windows\System\naFaUbm.exe

C:\Windows\System\naFaUbm.exe

C:\Windows\System\eWcqMOu.exe

C:\Windows\System\eWcqMOu.exe

C:\Windows\System\OeRPipM.exe

C:\Windows\System\OeRPipM.exe

C:\Windows\System\HYFiHrI.exe

C:\Windows\System\HYFiHrI.exe

C:\Windows\System\HrIhaMs.exe

C:\Windows\System\HrIhaMs.exe

C:\Windows\System\FYzpoRn.exe

C:\Windows\System\FYzpoRn.exe

C:\Windows\System\JNqZDOn.exe

C:\Windows\System\JNqZDOn.exe

C:\Windows\System\bozeEMJ.exe

C:\Windows\System\bozeEMJ.exe

C:\Windows\System\rteoDjR.exe

C:\Windows\System\rteoDjR.exe

C:\Windows\System\MqNemRB.exe

C:\Windows\System\MqNemRB.exe

C:\Windows\System\GedCBoN.exe

C:\Windows\System\GedCBoN.exe

C:\Windows\System\qDTEiXn.exe

C:\Windows\System\qDTEiXn.exe

C:\Windows\System\JlhAjue.exe

C:\Windows\System\JlhAjue.exe

C:\Windows\System\DSmkrbn.exe

C:\Windows\System\DSmkrbn.exe

C:\Windows\System\HbrjqvF.exe

C:\Windows\System\HbrjqvF.exe

C:\Windows\System\QLIBXJr.exe

C:\Windows\System\QLIBXJr.exe

C:\Windows\System\NtDiEGF.exe

C:\Windows\System\NtDiEGF.exe

C:\Windows\System\duNcFOk.exe

C:\Windows\System\duNcFOk.exe

C:\Windows\System\sHPrGxB.exe

C:\Windows\System\sHPrGxB.exe

C:\Windows\System\souqIYa.exe

C:\Windows\System\souqIYa.exe

C:\Windows\System\jzvwdEg.exe

C:\Windows\System\jzvwdEg.exe

C:\Windows\System\ERFFvMG.exe

C:\Windows\System\ERFFvMG.exe

C:\Windows\System\BuNmHuB.exe

C:\Windows\System\BuNmHuB.exe

C:\Windows\System\RGPdEcq.exe

C:\Windows\System\RGPdEcq.exe

C:\Windows\System\pYnsHbu.exe

C:\Windows\System\pYnsHbu.exe

C:\Windows\System\vbmJUDj.exe

C:\Windows\System\vbmJUDj.exe

C:\Windows\System\PlLyzqh.exe

C:\Windows\System\PlLyzqh.exe

C:\Windows\System\AXFwWvW.exe

C:\Windows\System\AXFwWvW.exe

C:\Windows\System\cSKTEcs.exe

C:\Windows\System\cSKTEcs.exe

C:\Windows\System\eSkBaZA.exe

C:\Windows\System\eSkBaZA.exe

C:\Windows\System\tHIhvKL.exe

C:\Windows\System\tHIhvKL.exe

C:\Windows\System\MpsQXBB.exe

C:\Windows\System\MpsQXBB.exe

C:\Windows\System\wiZcnSL.exe

C:\Windows\System\wiZcnSL.exe

C:\Windows\System\HmgwoIo.exe

C:\Windows\System\HmgwoIo.exe

C:\Windows\System\lKPeBgC.exe

C:\Windows\System\lKPeBgC.exe

C:\Windows\System\ObfYMsr.exe

C:\Windows\System\ObfYMsr.exe

C:\Windows\System\Gankzja.exe

C:\Windows\System\Gankzja.exe

C:\Windows\System\AneTgTR.exe

C:\Windows\System\AneTgTR.exe

C:\Windows\System\vYrufwd.exe

C:\Windows\System\vYrufwd.exe

C:\Windows\System\BaZOlbM.exe

C:\Windows\System\BaZOlbM.exe

C:\Windows\System\LMpfEOi.exe

C:\Windows\System\LMpfEOi.exe

C:\Windows\System\MubqDeh.exe

C:\Windows\System\MubqDeh.exe

C:\Windows\System\ilaifOW.exe

C:\Windows\System\ilaifOW.exe

C:\Windows\System\DRogIAy.exe

C:\Windows\System\DRogIAy.exe

C:\Windows\System\GnVtQqe.exe

C:\Windows\System\GnVtQqe.exe

C:\Windows\System\ACqYWiY.exe

C:\Windows\System\ACqYWiY.exe

C:\Windows\System\QsnNsVh.exe

C:\Windows\System\QsnNsVh.exe

C:\Windows\System\NujyQRl.exe

C:\Windows\System\NujyQRl.exe

C:\Windows\System\YfqWUhU.exe

C:\Windows\System\YfqWUhU.exe

C:\Windows\System\jFhNCOs.exe

C:\Windows\System\jFhNCOs.exe

C:\Windows\System\FElyXHu.exe

C:\Windows\System\FElyXHu.exe

C:\Windows\System\GGTHHim.exe

C:\Windows\System\GGTHHim.exe

C:\Windows\System\eUnWHCv.exe

C:\Windows\System\eUnWHCv.exe

C:\Windows\System\dSnhxOs.exe

C:\Windows\System\dSnhxOs.exe

C:\Windows\System\iVOnEyn.exe

C:\Windows\System\iVOnEyn.exe

C:\Windows\System\hQGbBiS.exe

C:\Windows\System\hQGbBiS.exe

C:\Windows\System\OlXBIXS.exe

C:\Windows\System\OlXBIXS.exe

C:\Windows\System\vjwQkLD.exe

C:\Windows\System\vjwQkLD.exe

C:\Windows\System\LJvpkrW.exe

C:\Windows\System\LJvpkrW.exe

C:\Windows\System\uSjfIIg.exe

C:\Windows\System\uSjfIIg.exe

C:\Windows\System\JzmLWHH.exe

C:\Windows\System\JzmLWHH.exe

C:\Windows\System\hGUqqDt.exe

C:\Windows\System\hGUqqDt.exe

C:\Windows\System\AenlmIN.exe

C:\Windows\System\AenlmIN.exe

C:\Windows\System\JCnxnMI.exe

C:\Windows\System\JCnxnMI.exe

C:\Windows\System\OmgHRRz.exe

C:\Windows\System\OmgHRRz.exe

C:\Windows\System\jLtofnD.exe

C:\Windows\System\jLtofnD.exe

C:\Windows\System\sGCUPdk.exe

C:\Windows\System\sGCUPdk.exe

C:\Windows\System\PeMoJdk.exe

C:\Windows\System\PeMoJdk.exe

C:\Windows\System\jlkPOuL.exe

C:\Windows\System\jlkPOuL.exe

C:\Windows\System\zaMWkqd.exe

C:\Windows\System\zaMWkqd.exe

C:\Windows\System\OpSnhCT.exe

C:\Windows\System\OpSnhCT.exe

C:\Windows\System\BzbGFKt.exe

C:\Windows\System\BzbGFKt.exe

C:\Windows\System\aHYHWXD.exe

C:\Windows\System\aHYHWXD.exe

C:\Windows\System\UIpmrKe.exe

C:\Windows\System\UIpmrKe.exe

C:\Windows\System\xNsvyVG.exe

C:\Windows\System\xNsvyVG.exe

C:\Windows\System\spPhCxW.exe

C:\Windows\System\spPhCxW.exe

C:\Windows\System\umHELUX.exe

C:\Windows\System\umHELUX.exe

C:\Windows\System\TDbKtwv.exe

C:\Windows\System\TDbKtwv.exe

C:\Windows\System\xQjqwGO.exe

C:\Windows\System\xQjqwGO.exe

C:\Windows\System\OgZeDjF.exe

C:\Windows\System\OgZeDjF.exe

C:\Windows\System\fqrGiie.exe

C:\Windows\System\fqrGiie.exe

C:\Windows\System\zExRXZz.exe

C:\Windows\System\zExRXZz.exe

C:\Windows\System\xfsBcFp.exe

C:\Windows\System\xfsBcFp.exe

C:\Windows\System\URXMJyX.exe

C:\Windows\System\URXMJyX.exe

C:\Windows\System\yfyTUnn.exe

C:\Windows\System\yfyTUnn.exe

C:\Windows\System\lViZwSi.exe

C:\Windows\System\lViZwSi.exe

C:\Windows\System\hQrzPMZ.exe

C:\Windows\System\hQrzPMZ.exe

C:\Windows\System\cvTbApn.exe

C:\Windows\System\cvTbApn.exe

C:\Windows\System\HRefMmj.exe

C:\Windows\System\HRefMmj.exe

C:\Windows\System\VkftZfb.exe

C:\Windows\System\VkftZfb.exe

C:\Windows\System\gKKrBuB.exe

C:\Windows\System\gKKrBuB.exe

C:\Windows\System\anKoAHh.exe

C:\Windows\System\anKoAHh.exe

C:\Windows\System\RcTanFz.exe

C:\Windows\System\RcTanFz.exe

C:\Windows\System\lZWipBM.exe

C:\Windows\System\lZWipBM.exe

C:\Windows\System\giFOWzk.exe

C:\Windows\System\giFOWzk.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1848-0-0x000000013F050000-0x000000013F442000-memory.dmp

memory/1848-1-0x0000000000080000-0x0000000000090000-memory.dmp

C:\Windows\system\jynRDIe.exe

MD5 4ebd4d42121f5fe73f79b747d7dd6e06
SHA1 f596badc6ab638e4304d86cb57f925a863b1e91e
SHA256 f3305563df8104f74cc4b3d6531fe5a4fb8fcf7f2f229eb5bbfdb3d5e7c9520f
SHA512 9b34e9360f53e82d617eb593c7ea095364ecb8621c997ecd759f095669d9acf53fb598b1a1f589090ce813dbcef3cd5a9ca260bff46fcae2deacbda219ef95f1

\Windows\system\Qeavjog.exe

MD5 38d9ff82fac14dfce2482fbf5841259f
SHA1 d7e52fee123afc72970c08f2ed4f8a571f61c0b9
SHA256 43c8a825ce74c7270c6adbfe0f29de1c2487c473ca396f5f526945fcd75b1eea
SHA512 d261e9364e79fad2dec174f0d1e7408bd1f27279e2e4e5b6084ac4f3f0122f441c23403239034ca3c10232b5c3f8b3f0b9b9a77e0de1ce3cc647ffd27152af7d

C:\Windows\system\OZqiLBj.exe

MD5 ca917a48244d142adccd0aca4476c567
SHA1 34a38d8fd902981bfc056a68fe3c63c4c94d0d96
SHA256 9599b36b7a64bb96819b1a915806a2e75df1b4afb680460f579b6f1668cc2350
SHA512 9a3f7a9e952a1e04b1d5bd1ea83ad4d8bc897f3e3e8fe686d2b533e077c661aa1fc22e366d29de862e501bd28dff6f5210995fd8b72eebce04ab85072f19a302

memory/2924-26-0x000007FEF5D1E000-0x000007FEF5D1F000-memory.dmp

memory/2924-25-0x0000000002B90000-0x0000000002C10000-memory.dmp

memory/2872-24-0x000000013FE50000-0x0000000140242000-memory.dmp

memory/2924-23-0x000000001B680000-0x000000001B962000-memory.dmp

memory/1848-22-0x000000013FE50000-0x0000000140242000-memory.dmp

memory/1848-31-0x000000013F960000-0x000000013FD52000-memory.dmp

memory/2728-30-0x000000013F690000-0x000000013FA82000-memory.dmp

memory/1848-29-0x000000013F690000-0x000000013FA82000-memory.dmp

memory/2924-28-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

memory/2924-27-0x0000000002810000-0x0000000002818000-memory.dmp

memory/2568-32-0x000000013F960000-0x000000013FD52000-memory.dmp

memory/2924-33-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

C:\Windows\system\kNlrfBa.exe

MD5 84cde875c8fe42efab87e8fab69678aa
SHA1 19953d4c7a05a273185fcf2479678a692b191a9c
SHA256 1d9e5368df2a032715accef7140e56134213effadccabcdd3d092cddd0f83d51
SHA512 fde3d1925418eb2375cdcb1b2f275b0f4b4a628d99c2cdd719e34cc07a2f81d9c3621b4bcc32dc60940f864360ae784bfd8b26bb16d19b7f832f2c7d1f8252b5

memory/2924-40-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

\Windows\system\iHaGFEj.exe

MD5 872fefa806c60531338d6b2bb26b14a7
SHA1 19b22e2e993a6f9cdc6a31c224b849dd19e67632
SHA256 22244187574ecb6899f417faf923ba841a9351b38465c1a282fdfd65c1914fee
SHA512 b7751f2b241ba0774e75a827f0d1310a4233fd1d44c9491da0021c8b200bb65b01120e4fdeeb2b9d9748b5ad164b9e76bc37e5b55121218d57d64d14b38fd2b9

memory/2540-39-0x000000013FAF0000-0x000000013FEE2000-memory.dmp

memory/2924-35-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

C:\Windows\system\qwJBclm.exe

MD5 8c943c6a9236f06e12dfe7ad8b064e92
SHA1 17ced6369b84a9502e67abea1015ffece052a520
SHA256 c266e357b9b497dd40bb506a13198d265f9de9e4cfddcb84e56cd93933ffc3ce
SHA512 953cba2b381cc60f07a34f07c71bfa693975a07b06f646501e1c8762c4441965d52719aa317635d5f751911c4bee1c58c432067437825688f804437e41796259

\Windows\system\TnYIkpj.exe

MD5 8f26838c9f8ae5820be28e9eae34a4d4
SHA1 c97bf50bb2d30284a56eebc9e80e01d54ebde698
SHA256 e52d791a18bf2b8c6100cb3bc801a549fbefa7cd8e14f0c105979b2f4dbdd4fe
SHA512 bb2b159dd03dc89726d53b13d3c35dec786df611a8d600a86a7f21e1bdaefdccb11964615147f8963cae6649843574746c5d1fb2631a30dd83f2125a2a92cefa

memory/2924-119-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

C:\Windows\system\ODvUuas.exe

MD5 a33308e0eedf71dcb651446b7a5e1c60
SHA1 efa026803fad694274377fb76b7ce5557fb7d986
SHA256 6154fb982b76d4f9e5b9d6d9c8c852da474a215bb128f920c0ba3ef15ea18236
SHA512 f0a74152f938885db33da9f1e0955256fd6c956829f9c07a1a589ff59f7b277470f546cc57dec1dff5efe66552326081fc61801b523f36bd58a2b737189031a6

C:\Windows\system\ziHBARO.exe

MD5 67f8cf6fcb2f14447618aa470a58fb72
SHA1 d7768f5f8721e2c4e76f0d2f07f588e7bbf0c7b2
SHA256 c40d5cc38cd4f1a59078a0675e3bcd328fbaa4356c779f2d8b3d76aca0f7b0ec
SHA512 96ccb6b68c89f6d57610dda304213716532402d01135d55b4e52a3d201a02d180529efe47fe5c092e77ad099757377c4d461ee95918654e299e84fb21ab05175

C:\Windows\system\TPOHJmw.exe

MD5 0f3c70458a1cb0e8117f3682ea97ce40
SHA1 24c0473696641dd6d2e887940e845a0913c2293a
SHA256 fe24a625e0c6b981bc5d4cc50098cc0d2f7c909d1a48d11166849b94213467d7
SHA512 85173ef7332e7a40b3273285c9e548e754138267db809364959f971a13744ff49ac5c91f33b8aea4aa8ade42135d2b689c12127171ee01a1abbd582271245705

memory/2540-591-0x000000013FAF0000-0x000000013FEE2000-memory.dmp

C:\Windows\system\QDrmEAt.exe

MD5 179c9d75db6f908f3c713c29928e63c0
SHA1 e0e133e74358d04ea6b61a68919996daac08e8a8
SHA256 7a9efd1aaf8244e40f85ca3a23f1d1a38eea75051b26670ae57cd6ec3fd9f084
SHA512 f48ebfe9fe5f0e1828d597efa5b058be272f562a5692d3df1f7f8657266225f018a973eea454d6ec5f0e3af3fdc10bd191eecb7e6d0227dcf4aca9341913ba7a

C:\Windows\system\VReCGfm.exe

MD5 b864122942fe357cf702440d6a439fd3
SHA1 bd6e71da1bd830615ff3121f87993fa9942e6394
SHA256 1cdb21c890f67dc42b893129b7309f1ed9d55ea5d2e656121c2f90f9f543e1ae
SHA512 9c94e7c8b68be0d312892f699e68891d037ca206f41465b3bc07be10b6ea68edf8a1ba48912fdf58606a924d1193c1db6f60833b21d9f061d607abbd0f5aac64

C:\Windows\system\wpmBeRg.exe

MD5 9260a266c9fc5e557fe02d4715316aec
SHA1 229cbd9d1703c8265ed1afe7a86608b7663904ad
SHA256 766dca9b9af0da5991bfdb07a0ffacc990bd4e58715dfcfb35a2adcaf41c6c8c
SHA512 fe148f773eda8d7e375669856ddf26734061b3c385c008e1769c75f1ae9c81957d44cb756d7d12ef2b244dea5e7d210bbf7629fb3838e31b9b1dabe10dd7478c

C:\Windows\system\PWXbmZZ.exe

MD5 5cf13a4a6d576b36beaa67133fcb990e
SHA1 91b3d33de5b1ae723fcce667f4c43512ed528b94
SHA256 4bff31d209401e865860ba0a6aa65bb02a878ba7560223f26f402347fa0b8f07
SHA512 3637e521ae3a67f6eeeb3bb9a23ad9740bc03844d11928170f24e056e7edbe798ead45ee74b005e3dc24f44fe0cc40d509a7af1c73227144506e6e805d9e1e53

C:\Windows\system\DcHYuPn.exe

MD5 3ee93873cab0c1eca35622f460f81d58
SHA1 6a575cadf97e197376272a691c4e611c46f64bc5
SHA256 c6ae7d67ecc0205c4f3c8686c1d1aa7b53f723128b99c1365ea8541bb355224c
SHA512 a9df33feebc817eb173164b4946c5a62846166b74a406032c239d7362f7606a271feac2032185398ebaa7d62c32c1bfe8f3a3b99e4034f5d0ff4924c35aada20

C:\Windows\system\rciUfPt.exe

MD5 37a238542036148e1dc0cac4c8287ebc
SHA1 2fb62ac3c52c737a3c7e5be8b6837cb0262760f3
SHA256 e1697e3907dcc4aacea281730ea05e57bc729c4664de24ed1d6e30ea066be2f8
SHA512 99e53e1f4158b328346693bb04b7a7bb5f28b5d57b8578a26c21ad8440d7bd6eb9f55448074be93095cf34da057fb51bf17f0ae6e30722c441c3debb7c04e1a0

C:\Windows\system\toFcAuk.exe

MD5 b59af6e08bdc1028bb9f756baf160584
SHA1 a93debf74a91b06ccff073d88253e64e738e24e6
SHA256 19538933d3734edd840fcc9b5da13325fd1cb588c11138d39ad98b99add22b76
SHA512 bcd4960a98ae5cbbf440283d2ae83d5c1b477a90c7088da20cd20fc8f03b54873d3f656df8688484b2c0b6565d9bb648c83dd4822719f06debb80273e14af9a0

C:\Windows\system\TnoXhhn.exe

MD5 7b8364e8832854b50ebc65f1b560b1f7
SHA1 ded7de74c69f7baa54ed3a7e567f1fbbfbb10067
SHA256 c77eb7c5be012ea92ebedc5aa213e86914f67e533ac031e64dfabe5301b65d50
SHA512 67a1b1cebcfdbd57956156d3bf5f3d1ec702cb9caa41e430cb2f2e9bf928d49d600e638fb8900b1a7dc785ac8f37c79e28f90aebb63b1a41d26944a5c192c968

C:\Windows\system\kGyybam.exe

MD5 29e34f33e40717e4022e00115592b15f
SHA1 d573370986d6626c47183d243d1ab2ea6564b213
SHA256 112b768d8fb401be9ca48217c5ab25f15e1c61c00ed675d4259a0b83e4eb8bf0
SHA512 eba28b0fdb8eaaaa9ed69ac30be9b6e88b7e93294f5652db31493d2ef6fdb5b829885dc8a4987b4ee89d85324f15ff205087a518118aea1f1de5427a4aedcc33

C:\Windows\system\bIUcgdm.exe

MD5 2c1ec34c9acafd250c42e355301fbb24
SHA1 968495f42a008b81bf2a0252baf3c0e4baf1a68a
SHA256 a96c7a8d7523d9885c35fcbe6181638cf31cecd181a0aaa89da298d6cc7e531e
SHA512 b5005abf04c26a684f2f773217f1ff9fd2aecdf105c9523ce8c09f2705d0b66cc90635944eab3700545d841cc29f22fe9a1c3a0cf813367866a4d101e0dacc6f

C:\Windows\system\FUlcpKu.exe

MD5 2e1669b4f8b50e001ac5f4199ba82663
SHA1 8a4a3055f4cf9b32c54c53bf14c09b050ec501af
SHA256 ee962b40ff9820c0a749fc4459bde0da6b83723b9efbed945620ea57df71cfbe
SHA512 e8c57aae68c3d6bcd5da4fa3d5a073b0bf528e24d6d3f08b28d2bd87502f7bcd2dfd54372e9e7a36171784a02bb893b35af7cdc68b53bdfb1128fd164695ff71

C:\Windows\system\FpOQQtE.exe

MD5 def98f8f4c5f814f54fc708e29fcaf70
SHA1 3b868e63db46dc6c5f3224aa01f4b502678dc707
SHA256 0247d96f3fc16c5f72b1579fef0a3f45122162b4ae98d1bb89a2de53194f0ffc
SHA512 31fb639d75739a16cb89bb4c15a659075a9c7188205f843d5033229e0360285b932fcd3f7da04acbc1c3536995abf93b91569ca758171aafc753ce57077aa492

\Windows\system\IdpjjWu.exe

MD5 05c768834a5d7a8700ff819216ea69aa
SHA1 eaac2d1125b12ceb22ddd6a17b0f3b6eb222ee06
SHA256 c9dd53508b9214c4ded69f55cd3afc1e60aab390f5b95a628930378e7dd66aa3
SHA512 d17bce08abc9ac351de9a37bc4e997ce0a72f3c38ee34036dbda3e9fd8cc2fe5296ffd47c5cd135de2c81c08951649da841a29bd488df48846b87f5f6d107d72

memory/1848-108-0x00000000034A0000-0x0000000003892000-memory.dmp

memory/1848-97-0x000000013FF20000-0x0000000140312000-memory.dmp

memory/1484-96-0x000000013FD70000-0x0000000140162000-memory.dmp

memory/1848-95-0x000000013FD70000-0x0000000140162000-memory.dmp

C:\Windows\system\atgsBqh.exe

MD5 6e72c14326228fe92bb9b24d6c599bd9
SHA1 8bebd8c1b62dd81cef7d185f74619b22b3c4aa40
SHA256 39f807dfcdd723e0d77b8a77db425fdab0a7d16fe66f8d97594f08ade9db571c
SHA512 b5e22d956cc986a90a312d55804f1a4327a184ea956ddf4079da4070b30c0d47edd5d8c5fd177c56b2aac90427d06cf90c6f0e462e727b80291d7490eefef31d

C:\Windows\system\kFeyQUQ.exe

MD5 1830f4fb7346992563031ea7f930741a
SHA1 30d823280817465be65429478b9fa3da8f4bf7de
SHA256 14a268ea6ba90b51c301ce03c36f6caa999d3c9f1257a06bdea83fcd4f1ca23d
SHA512 cf086da3b614380575dff5f8da799df8cfb5401d013d78f01cf3c6564423ec1f299ff9d832857c88b6c806f20420f645a9fcdf4637377320cd40f3e4ba8e135b

C:\Windows\system\HPbpJwU.exe

MD5 54446620dab84d6428d4fe0c46dde76b
SHA1 45604b33165c45b65efaeac6edb3faa4c1c9e0f0
SHA256 299bdfcca776d035e867ba6a7471f4ffaf1af283a2fd89efb32b2d2e956e1c98
SHA512 01cf2e0acf51e9fb3b7ff9fe2f1ddb164d86ee3952a27f8696cbad86f43f3d370aa4c3c6c981f00f13fb816267696d350842def99fdad8cc7f6b60622c7444d3

memory/1232-81-0x000000013FCF0000-0x00000001400E2000-memory.dmp

memory/1848-80-0x000000013FCF0000-0x00000001400E2000-memory.dmp

memory/2924-79-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

memory/2924-78-0x0000000002B90000-0x0000000002C10000-memory.dmp

C:\Windows\system\DZfyDfG.exe

MD5 1cf68cb5071ff261301964f217ba2b95
SHA1 32a39590529bf6ad78901e2f19d9cf056afb55cc
SHA256 ca3fa1abc158f201244512f82386763c91653ea0f10c3d2123b728221cea1770
SHA512 58ca52ef4f3c26bc9a7113168896904b7f0cbc4a1a7d42c4f45a0c3883730bd0b5f261fcda905e92b899ba9861c92a2f00dac10bba915d34b41133f4d9c390f3

C:\Windows\system\tgaMdRo.exe

MD5 6afbe2f3e4da7d41b05d756dc4539254
SHA1 617496de8ea21ae13b800dbb119c8ed980f7361a
SHA256 0ed003dec72462da042ca3b912cc45e4b55464326b2bd9995c0982fbd093ce08
SHA512 58b31558077581b23e2d5b675a698bcd87f60632da1e85abddc20bb278eabcf0194cd7e7b43eb25caaed4b2b7dc5907ad50d02d9a49e8983deb05cac132ce148

memory/2348-73-0x000000013F360000-0x000000013F752000-memory.dmp

memory/1848-72-0x00000000034A0000-0x0000000003892000-memory.dmp

memory/864-66-0x000000013FD40000-0x0000000140132000-memory.dmp

C:\Windows\system\BjxLlwx.exe

MD5 a864c2eba14eb0a1f10433e8008d2b72
SHA1 9643dcc2655d8d6c6d0d0d181ebcf689554318e8
SHA256 1c7675c4c739a3649e0ab652e2d3caff92e2c3e78d5025a8d1f912d8b0970cdd
SHA512 b5942a7c2bb6fb3872121f3ea9daf8c4898875bc5c362227ec7a42dd2502ddd6849f6b67b426e86069eaaa6a7b96270645f97592e5d5d05dbb94618d8386fb3a

memory/1848-71-0x000000013F050000-0x000000013F442000-memory.dmp

C:\Windows\system\KvKlmDa.exe

MD5 b9eb420f84f2e8abdc07e851548bb5d1
SHA1 cfada7d2b3d76f85a163c34dff595d11001c9883
SHA256 fe0e8fdc03cc826d613735efb2ab9fb153ea59e20ed5cdecccba965be72dba0e
SHA512 ed49d2f058cd66e550e47187a9ef978bb3e7ffae3406662e7e607875521de70151528164fd88ab746d87453c9702fcad43ee4a97bfc9d37fee709df5f342603c

memory/1848-63-0x000000013FD40000-0x0000000140132000-memory.dmp

memory/2972-60-0x000000013F670000-0x000000013FA62000-memory.dmp

memory/1848-59-0x000000013F670000-0x000000013FA62000-memory.dmp

memory/2488-53-0x000000013FAC0000-0x000000013FEB2000-memory.dmp

memory/1848-52-0x000000013FAC0000-0x000000013FEB2000-memory.dmp

C:\Windows\system\uiUJLfl.exe

MD5 877aef3a559966557284fcfe1b029630
SHA1 0c4053b2f494157c05cc9513be1dd838b9a18ec7
SHA256 770866337b67a145033e810605b0d57db6a13d526dd8ba4fb3e8b7ec66aad303
SHA512 f70973114e02f01620da9333a5d220e826c65cc12743c4148f14a2d356bcb0f8714add9c09f3d0838399d78b84226b02c9abbb83a18e9d8934a7a581e6a43503

C:\Windows\system\BUJnlAY.exe

MD5 4d500166f6f27f901d4af16e2711909a
SHA1 275e7fd455808bcc73d9343a73561c56a7801d26
SHA256 0801979bda76f799b680e96d32f10906a4f2a829597306ff6417df56f9f6437a
SHA512 57751d98a264ec785996dbf074cb545a700c682378357a9cac36b066c95e4d2693abc343ccfd1296670836913c55dd0f3c4753a0152a0b0fe8fa1970b78ea0c3

memory/2356-48-0x000000013F470000-0x000000013F862000-memory.dmp

memory/1848-47-0x000000013F470000-0x000000013F862000-memory.dmp

memory/2488-1600-0x000000013FAC0000-0x000000013FEB2000-memory.dmp

C:\Windows\system\TpTmWwE.exe

MD5 35e5aaaf64cfd996c128b5184afab2be
SHA1 d7f20e4be6b4dde2825158ba2dd315b1bd72d28d
SHA256 6844456d90722603693b3ccb4dc7bec92d10cefdd8ff55f8d3991fa66251cfa0
SHA512 8de872792634ad54586844c3ca75a8d446eafd9e8cd0e2be7e71c9b414ecc129d0165f96a35cf512cc4cf012f7eb348d16fa3bd899e37b2671c810982406d8b2

memory/2872-4393-0x000000013FE50000-0x0000000140242000-memory.dmp

memory/2728-4398-0x000000013F690000-0x000000013FA82000-memory.dmp

memory/2356-4405-0x000000013F470000-0x000000013F862000-memory.dmp

memory/2568-4437-0x000000013F960000-0x000000013FD52000-memory.dmp

memory/1484-4483-0x000000013FD70000-0x0000000140162000-memory.dmp

memory/2348-4478-0x000000013F360000-0x000000013F752000-memory.dmp

memory/2972-4477-0x000000013F670000-0x000000013FA62000-memory.dmp

memory/864-4497-0x000000013FD40000-0x0000000140132000-memory.dmp

memory/2488-4496-0x000000013FAC0000-0x000000013FEB2000-memory.dmp

memory/1232-4493-0x000000013FCF0000-0x00000001400E2000-memory.dmp

memory/2540-4502-0x000000013FAF0000-0x000000013FEE2000-memory.dmp

memory/1848-12149-0x00000000034A0000-0x0000000003892000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 18:53

Reported

2024-06-14 18:56

Platform

win10v2004-20240508-en

Max time kernel

112s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ccxyZmn.exe N/A
N/A N/A C:\Windows\System\zuSKRPM.exe N/A
N/A N/A C:\Windows\System\wJrorFq.exe N/A
N/A N/A C:\Windows\System\CFvnosh.exe N/A
N/A N/A C:\Windows\System\JGNyMcs.exe N/A
N/A N/A C:\Windows\System\DHbyWNj.exe N/A
N/A N/A C:\Windows\System\oytILAt.exe N/A
N/A N/A C:\Windows\System\nMshRMi.exe N/A
N/A N/A C:\Windows\System\RJjYuJM.exe N/A
N/A N/A C:\Windows\System\dUsoqLN.exe N/A
N/A N/A C:\Windows\System\skUysJQ.exe N/A
N/A N/A C:\Windows\System\DxMBPgL.exe N/A
N/A N/A C:\Windows\System\uFXSbin.exe N/A
N/A N/A C:\Windows\System\gIGohhM.exe N/A
N/A N/A C:\Windows\System\txnuQPJ.exe N/A
N/A N/A C:\Windows\System\MwBNXMD.exe N/A
N/A N/A C:\Windows\System\xUQTdvM.exe N/A
N/A N/A C:\Windows\System\cVZfppN.exe N/A
N/A N/A C:\Windows\System\VEuOUGi.exe N/A
N/A N/A C:\Windows\System\cwjtpoT.exe N/A
N/A N/A C:\Windows\System\ZizbQQz.exe N/A
N/A N/A C:\Windows\System\KXweNAa.exe N/A
N/A N/A C:\Windows\System\pOzkvgB.exe N/A
N/A N/A C:\Windows\System\JxwhiAT.exe N/A
N/A N/A C:\Windows\System\SCmxyYc.exe N/A
N/A N/A C:\Windows\System\oYCHOpc.exe N/A
N/A N/A C:\Windows\System\PYCNDTh.exe N/A
N/A N/A C:\Windows\System\QkUXmyG.exe N/A
N/A N/A C:\Windows\System\KxUzXUJ.exe N/A
N/A N/A C:\Windows\System\sDLTucq.exe N/A
N/A N/A C:\Windows\System\qCXBXkd.exe N/A
N/A N/A C:\Windows\System\kKTDmTu.exe N/A
N/A N/A C:\Windows\System\wkVxUSX.exe N/A
N/A N/A C:\Windows\System\xkkZWqx.exe N/A
N/A N/A C:\Windows\System\JqnjCPs.exe N/A
N/A N/A C:\Windows\System\IqJLhnP.exe N/A
N/A N/A C:\Windows\System\ALTPGeX.exe N/A
N/A N/A C:\Windows\System\YjDmGaA.exe N/A
N/A N/A C:\Windows\System\czcKKYG.exe N/A
N/A N/A C:\Windows\System\yXkPVbW.exe N/A
N/A N/A C:\Windows\System\UGFsSTx.exe N/A
N/A N/A C:\Windows\System\Ugbjgcc.exe N/A
N/A N/A C:\Windows\System\qtPYoEG.exe N/A
N/A N/A C:\Windows\System\NyudYwq.exe N/A
N/A N/A C:\Windows\System\qnVbynL.exe N/A
N/A N/A C:\Windows\System\KVjGGsj.exe N/A
N/A N/A C:\Windows\System\tgdBXSQ.exe N/A
N/A N/A C:\Windows\System\NofoCuC.exe N/A
N/A N/A C:\Windows\System\qxpZccR.exe N/A
N/A N/A C:\Windows\System\FnBDkFf.exe N/A
N/A N/A C:\Windows\System\RDFTuZx.exe N/A
N/A N/A C:\Windows\System\ZnKXBpk.exe N/A
N/A N/A C:\Windows\System\bzVpeOQ.exe N/A
N/A N/A C:\Windows\System\VEgPzZl.exe N/A
N/A N/A C:\Windows\System\ORDqnWz.exe N/A
N/A N/A C:\Windows\System\mgiFRmo.exe N/A
N/A N/A C:\Windows\System\bCwZsBg.exe N/A
N/A N/A C:\Windows\System\fTUBPdg.exe N/A
N/A N/A C:\Windows\System\DzxzdfT.exe N/A
N/A N/A C:\Windows\System\LSPiZrK.exe N/A
N/A N/A C:\Windows\System\AYAPVUh.exe N/A
N/A N/A C:\Windows\System\dhllaDH.exe N/A
N/A N/A C:\Windows\System\NTWqwJr.exe N/A
N/A N/A C:\Windows\System\YdKCcFN.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\uFXSbin.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\ORDqnWz.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\PKmzFoz.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\xeurcPv.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\PUvOwfl.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\qgraXOr.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\MOohJgM.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\PEhUfMl.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\RfEqVrP.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\ijBRsPw.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\ZdrxNcV.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\cvZpkfH.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\nEsjVxp.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\AtTyDbm.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\RfSiOAo.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\iiPjXEv.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\MFMQLbf.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\GrudieT.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\znLwAJR.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\tgdBXSQ.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\wonMxTD.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\PZhdqez.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\yHSRsIx.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\FfGULtJ.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\JrcDXRg.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\RKQdjOL.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\owBkUyk.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\UthYzgo.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\wJrorFq.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\VCuPtLz.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\ZcRfjRg.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\UzInrqP.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\AmMmUQf.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\iqwGXpC.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\zuSKRPM.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\lTjQGpj.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\Iifkwza.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\Ufoeajl.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\hJxkWko.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\HYyGigN.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\DgGPhJU.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\jQhtZVv.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\eobyKjk.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\wBXvLch.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\MRpMnQT.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\WWCBqjh.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\iRdiGnU.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\neYIlpf.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\aXByyzN.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\OvfxUTh.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\VQncbNf.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\bmHWeZY.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\chXSHnj.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\ulRjyyP.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\GhweGMW.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\bMIEuQa.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\GYuiJRI.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\TzlGVER.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\jdCnIrr.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\FSJFjRM.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\bBvqIox.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\JjPRmmt.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\qaKpSOB.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
File created C:\Windows\System\ugKngnF.exe C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{7709A098-D857-421E-9B92-37BDDD748B05} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{7C1D6502-2F42-4F4E-9E50-4163AC2CA5A1} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{DD286015-25E9-40D0-8F88-EC1269BAD4ED} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2800 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2800 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2800 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\ccxyZmn.exe
PID 2800 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\ccxyZmn.exe
PID 2800 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\zuSKRPM.exe
PID 2800 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\zuSKRPM.exe
PID 2800 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\wJrorFq.exe
PID 2800 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\wJrorFq.exe
PID 2800 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\CFvnosh.exe
PID 2800 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\CFvnosh.exe
PID 2800 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\JGNyMcs.exe
PID 2800 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\JGNyMcs.exe
PID 2800 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\DHbyWNj.exe
PID 2800 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\DHbyWNj.exe
PID 2800 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\oytILAt.exe
PID 2800 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\oytILAt.exe
PID 2800 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\nMshRMi.exe
PID 2800 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\nMshRMi.exe
PID 2800 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\RJjYuJM.exe
PID 2800 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\RJjYuJM.exe
PID 2800 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\dUsoqLN.exe
PID 2800 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\dUsoqLN.exe
PID 2800 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\xUQTdvM.exe
PID 2800 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\xUQTdvM.exe
PID 2800 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\skUysJQ.exe
PID 2800 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\skUysJQ.exe
PID 2800 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\DxMBPgL.exe
PID 2800 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\DxMBPgL.exe
PID 2800 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\uFXSbin.exe
PID 2800 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\uFXSbin.exe
PID 2800 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\gIGohhM.exe
PID 2800 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\gIGohhM.exe
PID 2800 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\txnuQPJ.exe
PID 2800 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\txnuQPJ.exe
PID 2800 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\MwBNXMD.exe
PID 2800 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\MwBNXMD.exe
PID 2800 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\cVZfppN.exe
PID 2800 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\cVZfppN.exe
PID 2800 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\VEuOUGi.exe
PID 2800 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\VEuOUGi.exe
PID 2800 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\cwjtpoT.exe
PID 2800 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\cwjtpoT.exe
PID 2800 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\ZizbQQz.exe
PID 2800 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\ZizbQQz.exe
PID 2800 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\KXweNAa.exe
PID 2800 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\KXweNAa.exe
PID 2800 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\pOzkvgB.exe
PID 2800 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\pOzkvgB.exe
PID 2800 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\JxwhiAT.exe
PID 2800 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\JxwhiAT.exe
PID 2800 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\SCmxyYc.exe
PID 2800 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\SCmxyYc.exe
PID 2800 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\oYCHOpc.exe
PID 2800 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\oYCHOpc.exe
PID 2800 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\PYCNDTh.exe
PID 2800 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\PYCNDTh.exe
PID 2800 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\QkUXmyG.exe
PID 2800 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\QkUXmyG.exe
PID 2800 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\KxUzXUJ.exe
PID 2800 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\KxUzXUJ.exe
PID 2800 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\sDLTucq.exe
PID 2800 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\sDLTucq.exe
PID 2800 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\qCXBXkd.exe
PID 2800 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe C:\Windows\System\qCXBXkd.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe

"C:\Users\Admin\AppData\Local\Temp\00dbe8dddd30379543a05ddbd62fc481b9b349e5e0cd535d3fbd3bc1db6a2b8b.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\ccxyZmn.exe

C:\Windows\System\ccxyZmn.exe

C:\Windows\System\zuSKRPM.exe

C:\Windows\System\zuSKRPM.exe

C:\Windows\System\wJrorFq.exe

C:\Windows\System\wJrorFq.exe

C:\Windows\System\CFvnosh.exe

C:\Windows\System\CFvnosh.exe

C:\Windows\System\JGNyMcs.exe

C:\Windows\System\JGNyMcs.exe

C:\Windows\System\DHbyWNj.exe

C:\Windows\System\DHbyWNj.exe

C:\Windows\System\oytILAt.exe

C:\Windows\System\oytILAt.exe

C:\Windows\System\nMshRMi.exe

C:\Windows\System\nMshRMi.exe

C:\Windows\System\RJjYuJM.exe

C:\Windows\System\RJjYuJM.exe

C:\Windows\System\dUsoqLN.exe

C:\Windows\System\dUsoqLN.exe

C:\Windows\System\xUQTdvM.exe

C:\Windows\System\xUQTdvM.exe

C:\Windows\System\skUysJQ.exe

C:\Windows\System\skUysJQ.exe

C:\Windows\System\DxMBPgL.exe

C:\Windows\System\DxMBPgL.exe

C:\Windows\System\uFXSbin.exe

C:\Windows\System\uFXSbin.exe

C:\Windows\System\gIGohhM.exe

C:\Windows\System\gIGohhM.exe

C:\Windows\System\txnuQPJ.exe

C:\Windows\System\txnuQPJ.exe

C:\Windows\System\MwBNXMD.exe

C:\Windows\System\MwBNXMD.exe

C:\Windows\System\cVZfppN.exe

C:\Windows\System\cVZfppN.exe

C:\Windows\System\VEuOUGi.exe

C:\Windows\System\VEuOUGi.exe

C:\Windows\System\cwjtpoT.exe

C:\Windows\System\cwjtpoT.exe

C:\Windows\System\ZizbQQz.exe

C:\Windows\System\ZizbQQz.exe

C:\Windows\System\KXweNAa.exe

C:\Windows\System\KXweNAa.exe

C:\Windows\System\pOzkvgB.exe

C:\Windows\System\pOzkvgB.exe

C:\Windows\System\JxwhiAT.exe

C:\Windows\System\JxwhiAT.exe

C:\Windows\System\SCmxyYc.exe

C:\Windows\System\SCmxyYc.exe

C:\Windows\System\oYCHOpc.exe

C:\Windows\System\oYCHOpc.exe

C:\Windows\System\PYCNDTh.exe

C:\Windows\System\PYCNDTh.exe

C:\Windows\System\QkUXmyG.exe

C:\Windows\System\QkUXmyG.exe

C:\Windows\System\KxUzXUJ.exe

C:\Windows\System\KxUzXUJ.exe

C:\Windows\System\sDLTucq.exe

C:\Windows\System\sDLTucq.exe

C:\Windows\System\qCXBXkd.exe

C:\Windows\System\qCXBXkd.exe

C:\Windows\System\kKTDmTu.exe

C:\Windows\System\kKTDmTu.exe

C:\Windows\System\wkVxUSX.exe

C:\Windows\System\wkVxUSX.exe

C:\Windows\System\xkkZWqx.exe

C:\Windows\System\xkkZWqx.exe

C:\Windows\System\JqnjCPs.exe

C:\Windows\System\JqnjCPs.exe

C:\Windows\System\IqJLhnP.exe

C:\Windows\System\IqJLhnP.exe

C:\Windows\System\ALTPGeX.exe

C:\Windows\System\ALTPGeX.exe

C:\Windows\System\YjDmGaA.exe

C:\Windows\System\YjDmGaA.exe

C:\Windows\System\czcKKYG.exe

C:\Windows\System\czcKKYG.exe

C:\Windows\System\yXkPVbW.exe

C:\Windows\System\yXkPVbW.exe

C:\Windows\System\UGFsSTx.exe

C:\Windows\System\UGFsSTx.exe

C:\Windows\System\Ugbjgcc.exe

C:\Windows\System\Ugbjgcc.exe

C:\Windows\System\qtPYoEG.exe

C:\Windows\System\qtPYoEG.exe

C:\Windows\System\NyudYwq.exe

C:\Windows\System\NyudYwq.exe

C:\Windows\System\qnVbynL.exe

C:\Windows\System\qnVbynL.exe

C:\Windows\System\KVjGGsj.exe

C:\Windows\System\KVjGGsj.exe

C:\Windows\System\tgdBXSQ.exe

C:\Windows\System\tgdBXSQ.exe

C:\Windows\System\NofoCuC.exe

C:\Windows\System\NofoCuC.exe

C:\Windows\System\qxpZccR.exe

C:\Windows\System\qxpZccR.exe

C:\Windows\System\FnBDkFf.exe

C:\Windows\System\FnBDkFf.exe

C:\Windows\System\RDFTuZx.exe

C:\Windows\System\RDFTuZx.exe

C:\Windows\System\ZnKXBpk.exe

C:\Windows\System\ZnKXBpk.exe

C:\Windows\System\bzVpeOQ.exe

C:\Windows\System\bzVpeOQ.exe

C:\Windows\System\VEgPzZl.exe

C:\Windows\System\VEgPzZl.exe

C:\Windows\System\ORDqnWz.exe

C:\Windows\System\ORDqnWz.exe

C:\Windows\System\mgiFRmo.exe

C:\Windows\System\mgiFRmo.exe

C:\Windows\System\bCwZsBg.exe

C:\Windows\System\bCwZsBg.exe

C:\Windows\System\fTUBPdg.exe

C:\Windows\System\fTUBPdg.exe

C:\Windows\System\DzxzdfT.exe

C:\Windows\System\DzxzdfT.exe

C:\Windows\System\LSPiZrK.exe

C:\Windows\System\LSPiZrK.exe

C:\Windows\System\AYAPVUh.exe

C:\Windows\System\AYAPVUh.exe

C:\Windows\System\dhllaDH.exe

C:\Windows\System\dhllaDH.exe

C:\Windows\System\NTWqwJr.exe

C:\Windows\System\NTWqwJr.exe

C:\Windows\System\YdKCcFN.exe

C:\Windows\System\YdKCcFN.exe

C:\Windows\System\JglnVkc.exe

C:\Windows\System\JglnVkc.exe

C:\Windows\System\mQbQxKM.exe

C:\Windows\System\mQbQxKM.exe

C:\Windows\System\jmpGPWX.exe

C:\Windows\System\jmpGPWX.exe

C:\Windows\System\QzcAXpy.exe

C:\Windows\System\QzcAXpy.exe

C:\Windows\System\jFhwBdD.exe

C:\Windows\System\jFhwBdD.exe

C:\Windows\System\SqPoBta.exe

C:\Windows\System\SqPoBta.exe

C:\Windows\System\pONQyKL.exe

C:\Windows\System\pONQyKL.exe

C:\Windows\System\dOLQSYK.exe

C:\Windows\System\dOLQSYK.exe

C:\Windows\System\xrJAgYh.exe

C:\Windows\System\xrJAgYh.exe

C:\Windows\System\CLcrxnu.exe

C:\Windows\System\CLcrxnu.exe

C:\Windows\System\zjXhYpZ.exe

C:\Windows\System\zjXhYpZ.exe

C:\Windows\System\dbkSWIP.exe

C:\Windows\System\dbkSWIP.exe

C:\Windows\System\HTYSvYo.exe

C:\Windows\System\HTYSvYo.exe

C:\Windows\System\FWUevid.exe

C:\Windows\System\FWUevid.exe

C:\Windows\System\ltKNZKn.exe

C:\Windows\System\ltKNZKn.exe

C:\Windows\System\gelbzae.exe

C:\Windows\System\gelbzae.exe

C:\Windows\System\URLxpVG.exe

C:\Windows\System\URLxpVG.exe

C:\Windows\System\aOgugOE.exe

C:\Windows\System\aOgugOE.exe

C:\Windows\System\MfwHVHg.exe

C:\Windows\System\MfwHVHg.exe

C:\Windows\System\eEIIYjE.exe

C:\Windows\System\eEIIYjE.exe

C:\Windows\System\JLspnab.exe

C:\Windows\System\JLspnab.exe

C:\Windows\System\fPqgmrX.exe

C:\Windows\System\fPqgmrX.exe

C:\Windows\System\yhKUPuO.exe

C:\Windows\System\yhKUPuO.exe

C:\Windows\System\muaBmyW.exe

C:\Windows\System\muaBmyW.exe

C:\Windows\System\RtOCzvA.exe

C:\Windows\System\RtOCzvA.exe

C:\Windows\System\eIWfpYN.exe

C:\Windows\System\eIWfpYN.exe

C:\Windows\System\BKRavcB.exe

C:\Windows\System\BKRavcB.exe

C:\Windows\System\hhjjjIo.exe

C:\Windows\System\hhjjjIo.exe

C:\Windows\System\ZXixfuJ.exe

C:\Windows\System\ZXixfuJ.exe

C:\Windows\System\XdesSUj.exe

C:\Windows\System\XdesSUj.exe

C:\Windows\System\xARROoL.exe

C:\Windows\System\xARROoL.exe

C:\Windows\System\pyedovN.exe

C:\Windows\System\pyedovN.exe

C:\Windows\System\UnWmzIO.exe

C:\Windows\System\UnWmzIO.exe

C:\Windows\System\cWHHXPE.exe

C:\Windows\System\cWHHXPE.exe

C:\Windows\System\roYquPw.exe

C:\Windows\System\roYquPw.exe

C:\Windows\System\lTjQGpj.exe

C:\Windows\System\lTjQGpj.exe

C:\Windows\System\wonMxTD.exe

C:\Windows\System\wonMxTD.exe

C:\Windows\System\alVEFSa.exe

C:\Windows\System\alVEFSa.exe

C:\Windows\System\CZHrvtY.exe

C:\Windows\System\CZHrvtY.exe

C:\Windows\System\wOZfrFS.exe

C:\Windows\System\wOZfrFS.exe

C:\Windows\System\oVCPlQP.exe

C:\Windows\System\oVCPlQP.exe

C:\Windows\System\XZIgJoH.exe

C:\Windows\System\XZIgJoH.exe

C:\Windows\System\eezRyhw.exe

C:\Windows\System\eezRyhw.exe

C:\Windows\System\zzJfsRB.exe

C:\Windows\System\zzJfsRB.exe

C:\Windows\System\DCDBTVo.exe

C:\Windows\System\DCDBTVo.exe

C:\Windows\System\THPxTbW.exe

C:\Windows\System\THPxTbW.exe

C:\Windows\System\NcCOjDC.exe

C:\Windows\System\NcCOjDC.exe

C:\Windows\System\PEhUfMl.exe

C:\Windows\System\PEhUfMl.exe

C:\Windows\System\lNoFmqH.exe

C:\Windows\System\lNoFmqH.exe

C:\Windows\System\bRCoAno.exe

C:\Windows\System\bRCoAno.exe

C:\Windows\System\kXOaIkG.exe

C:\Windows\System\kXOaIkG.exe

C:\Windows\System\izQdvMw.exe

C:\Windows\System\izQdvMw.exe

C:\Windows\System\teSnsbi.exe

C:\Windows\System\teSnsbi.exe

C:\Windows\System\BAjoxoh.exe

C:\Windows\System\BAjoxoh.exe

C:\Windows\System\nNCkdmr.exe

C:\Windows\System\nNCkdmr.exe

C:\Windows\System\DWGGGet.exe

C:\Windows\System\DWGGGet.exe

C:\Windows\System\XfPjQvo.exe

C:\Windows\System\XfPjQvo.exe

C:\Windows\System\qxENYTb.exe

C:\Windows\System\qxENYTb.exe

C:\Windows\System\aYLfQbR.exe

C:\Windows\System\aYLfQbR.exe

C:\Windows\System\tdUQZcc.exe

C:\Windows\System\tdUQZcc.exe

C:\Windows\System\PqQKdfV.exe

C:\Windows\System\PqQKdfV.exe

C:\Windows\System\dNMwDis.exe

C:\Windows\System\dNMwDis.exe

C:\Windows\System\LohiGaH.exe

C:\Windows\System\LohiGaH.exe

C:\Windows\System\LLGLJcu.exe

C:\Windows\System\LLGLJcu.exe

C:\Windows\System\knrsQay.exe

C:\Windows\System\knrsQay.exe

C:\Windows\System\hfgQnYi.exe

C:\Windows\System\hfgQnYi.exe

C:\Windows\System\hlLzMvX.exe

C:\Windows\System\hlLzMvX.exe

C:\Windows\System\AXraYPl.exe

C:\Windows\System\AXraYPl.exe

C:\Windows\System\hQhAgRk.exe

C:\Windows\System\hQhAgRk.exe

C:\Windows\System\HwLabda.exe

C:\Windows\System\HwLabda.exe

C:\Windows\System\ECIUutd.exe

C:\Windows\System\ECIUutd.exe

C:\Windows\System\zeTNwoR.exe

C:\Windows\System\zeTNwoR.exe

C:\Windows\System\CMVIhYO.exe

C:\Windows\System\CMVIhYO.exe

C:\Windows\System\DXxDtqD.exe

C:\Windows\System\DXxDtqD.exe

C:\Windows\System\tanthuw.exe

C:\Windows\System\tanthuw.exe

C:\Windows\System\oxmiznD.exe

C:\Windows\System\oxmiznD.exe

C:\Windows\System\gqgJZfY.exe

C:\Windows\System\gqgJZfY.exe

C:\Windows\System\nxwHHXE.exe

C:\Windows\System\nxwHHXE.exe

C:\Windows\System\UNRKoIP.exe

C:\Windows\System\UNRKoIP.exe

C:\Windows\System\gFkiXwK.exe

C:\Windows\System\gFkiXwK.exe

C:\Windows\System\ZcjOXvm.exe

C:\Windows\System\ZcjOXvm.exe

C:\Windows\System\UYrIhzg.exe

C:\Windows\System\UYrIhzg.exe

C:\Windows\System\nDbfswY.exe

C:\Windows\System\nDbfswY.exe

C:\Windows\System\qgraXOr.exe

C:\Windows\System\qgraXOr.exe

C:\Windows\System\oBRKEfD.exe

C:\Windows\System\oBRKEfD.exe

C:\Windows\System\qqXxbOK.exe

C:\Windows\System\qqXxbOK.exe

C:\Windows\System\UCTgOlH.exe

C:\Windows\System\UCTgOlH.exe

C:\Windows\System\ylrIAAP.exe

C:\Windows\System\ylrIAAP.exe

C:\Windows\System\KkFStEU.exe

C:\Windows\System\KkFStEU.exe

C:\Windows\System\TcKKZqN.exe

C:\Windows\System\TcKKZqN.exe

C:\Windows\System\fyQBMsQ.exe

C:\Windows\System\fyQBMsQ.exe

C:\Windows\System\nJYrFwu.exe

C:\Windows\System\nJYrFwu.exe

C:\Windows\System\FZdWMjc.exe

C:\Windows\System\FZdWMjc.exe

C:\Windows\System\szlJxJp.exe

C:\Windows\System\szlJxJp.exe

C:\Windows\System\TAtlIZJ.exe

C:\Windows\System\TAtlIZJ.exe

C:\Windows\System\muCQjhX.exe

C:\Windows\System\muCQjhX.exe

C:\Windows\System\aadfKvm.exe

C:\Windows\System\aadfKvm.exe

C:\Windows\System\XWWENvW.exe

C:\Windows\System\XWWENvW.exe

C:\Windows\System\hUdUMxH.exe

C:\Windows\System\hUdUMxH.exe

C:\Windows\System\XvApsQv.exe

C:\Windows\System\XvApsQv.exe

C:\Windows\System\fOLnPTW.exe

C:\Windows\System\fOLnPTW.exe

C:\Windows\System\FTpbnbU.exe

C:\Windows\System\FTpbnbU.exe

C:\Windows\System\meNtBGO.exe

C:\Windows\System\meNtBGO.exe

C:\Windows\System\FeThKWb.exe

C:\Windows\System\FeThKWb.exe

C:\Windows\System\KHZFgfw.exe

C:\Windows\System\KHZFgfw.exe

C:\Windows\System\ikhwAqV.exe

C:\Windows\System\ikhwAqV.exe

C:\Windows\System\FkvlOOR.exe

C:\Windows\System\FkvlOOR.exe

C:\Windows\System\TbTFnyx.exe

C:\Windows\System\TbTFnyx.exe

C:\Windows\System\XNudSGb.exe

C:\Windows\System\XNudSGb.exe

C:\Windows\System\VUaUhWN.exe

C:\Windows\System\VUaUhWN.exe

C:\Windows\System\nMeLSGY.exe

C:\Windows\System\nMeLSGY.exe

C:\Windows\System\DddmrqG.exe

C:\Windows\System\DddmrqG.exe

C:\Windows\System\tMBuUsF.exe

C:\Windows\System\tMBuUsF.exe

C:\Windows\System\dYTSOFE.exe

C:\Windows\System\dYTSOFE.exe

C:\Windows\System\KnTHzSK.exe

C:\Windows\System\KnTHzSK.exe

C:\Windows\System\VmMTuNx.exe

C:\Windows\System\VmMTuNx.exe

C:\Windows\System\SGHiAwm.exe

C:\Windows\System\SGHiAwm.exe

C:\Windows\System\vypeWJC.exe

C:\Windows\System\vypeWJC.exe

C:\Windows\System\HYyGigN.exe

C:\Windows\System\HYyGigN.exe

C:\Windows\System\zuOSFBq.exe

C:\Windows\System\zuOSFBq.exe

C:\Windows\System\RriebWV.exe

C:\Windows\System\RriebWV.exe

C:\Windows\System\REgLQEM.exe

C:\Windows\System\REgLQEM.exe

C:\Windows\System\OvfxUTh.exe

C:\Windows\System\OvfxUTh.exe

C:\Windows\System\sOpqcvf.exe

C:\Windows\System\sOpqcvf.exe

C:\Windows\System\iNNIHmL.exe

C:\Windows\System\iNNIHmL.exe

C:\Windows\System\LPlTlxj.exe

C:\Windows\System\LPlTlxj.exe

C:\Windows\System\Llmicwg.exe

C:\Windows\System\Llmicwg.exe

C:\Windows\System\qaKpSOB.exe

C:\Windows\System\qaKpSOB.exe

C:\Windows\System\lAMBfHE.exe

C:\Windows\System\lAMBfHE.exe

C:\Windows\System\bjuCuaL.exe

C:\Windows\System\bjuCuaL.exe

C:\Windows\System\WJnVzfp.exe

C:\Windows\System\WJnVzfp.exe

C:\Windows\System\NjhvCXj.exe

C:\Windows\System\NjhvCXj.exe

C:\Windows\System\eJWyEJA.exe

C:\Windows\System\eJWyEJA.exe

C:\Windows\System\xRIpdvD.exe

C:\Windows\System\xRIpdvD.exe

C:\Windows\System\dxagsNz.exe

C:\Windows\System\dxagsNz.exe

C:\Windows\System\Iifkwza.exe

C:\Windows\System\Iifkwza.exe

C:\Windows\System\BIAxWCh.exe

C:\Windows\System\BIAxWCh.exe

C:\Windows\System\sADinYy.exe

C:\Windows\System\sADinYy.exe

C:\Windows\System\KnAMoOK.exe

C:\Windows\System\KnAMoOK.exe

C:\Windows\System\tHjKMfP.exe

C:\Windows\System\tHjKMfP.exe

C:\Windows\System\QTFywqn.exe

C:\Windows\System\QTFywqn.exe

C:\Windows\System\OfWUupI.exe

C:\Windows\System\OfWUupI.exe

C:\Windows\System\swiIbkw.exe

C:\Windows\System\swiIbkw.exe

C:\Windows\System\WQjbJRZ.exe

C:\Windows\System\WQjbJRZ.exe

C:\Windows\System\JneuxqX.exe

C:\Windows\System\JneuxqX.exe

C:\Windows\System\JrnDMWk.exe

C:\Windows\System\JrnDMWk.exe

C:\Windows\System\msmhAgn.exe

C:\Windows\System\msmhAgn.exe

C:\Windows\System\QGkghfO.exe

C:\Windows\System\QGkghfO.exe

C:\Windows\System\AHDQDro.exe

C:\Windows\System\AHDQDro.exe

C:\Windows\System\DUeGYfZ.exe

C:\Windows\System\DUeGYfZ.exe

C:\Windows\System\QrnzYiV.exe

C:\Windows\System\QrnzYiV.exe

C:\Windows\System\mZdYsMO.exe

C:\Windows\System\mZdYsMO.exe

C:\Windows\System\QBeLCii.exe

C:\Windows\System\QBeLCii.exe

C:\Windows\System\jSLogrY.exe

C:\Windows\System\jSLogrY.exe

C:\Windows\System\wbYygHi.exe

C:\Windows\System\wbYygHi.exe

C:\Windows\System\noUUKJC.exe

C:\Windows\System\noUUKJC.exe

C:\Windows\System\ExEgrQl.exe

C:\Windows\System\ExEgrQl.exe

C:\Windows\System\iHqNtbA.exe

C:\Windows\System\iHqNtbA.exe

C:\Windows\System\VkwpKAn.exe

C:\Windows\System\VkwpKAn.exe

C:\Windows\System\PczqzXv.exe

C:\Windows\System\PczqzXv.exe

C:\Windows\System\WLspRcT.exe

C:\Windows\System\WLspRcT.exe

C:\Windows\System\duOYume.exe

C:\Windows\System\duOYume.exe

C:\Windows\System\ugKngnF.exe

C:\Windows\System\ugKngnF.exe

C:\Windows\System\frTHJMB.exe

C:\Windows\System\frTHJMB.exe

C:\Windows\System\yVFgSGz.exe

C:\Windows\System\yVFgSGz.exe

C:\Windows\System\mMoNNlD.exe

C:\Windows\System\mMoNNlD.exe

C:\Windows\System\LfaTJBF.exe

C:\Windows\System\LfaTJBF.exe

C:\Windows\System\aDKlDzw.exe

C:\Windows\System\aDKlDzw.exe

C:\Windows\System\ylLUjrn.exe

C:\Windows\System\ylLUjrn.exe

C:\Windows\System\hkvxFMl.exe

C:\Windows\System\hkvxFMl.exe

C:\Windows\System\UvoHkio.exe

C:\Windows\System\UvoHkio.exe

C:\Windows\System\MuPHemp.exe

C:\Windows\System\MuPHemp.exe

C:\Windows\System\HWibSqd.exe

C:\Windows\System\HWibSqd.exe

C:\Windows\System\RcQTafp.exe

C:\Windows\System\RcQTafp.exe

C:\Windows\System\KagkZGL.exe

C:\Windows\System\KagkZGL.exe

C:\Windows\System\QTUmAWy.exe

C:\Windows\System\QTUmAWy.exe

C:\Windows\System\vzhyiUT.exe

C:\Windows\System\vzhyiUT.exe

C:\Windows\System\yXqTOSj.exe

C:\Windows\System\yXqTOSj.exe

C:\Windows\System\FlZOlAo.exe

C:\Windows\System\FlZOlAo.exe

C:\Windows\System\qUbuwGe.exe

C:\Windows\System\qUbuwGe.exe

C:\Windows\System\ngCkGch.exe

C:\Windows\System\ngCkGch.exe

C:\Windows\System\KwKrbCL.exe

C:\Windows\System\KwKrbCL.exe

C:\Windows\System\fPKMeHP.exe

C:\Windows\System\fPKMeHP.exe

C:\Windows\System\bWWrdsh.exe

C:\Windows\System\bWWrdsh.exe

C:\Windows\System\IOaMJbb.exe

C:\Windows\System\IOaMJbb.exe

C:\Windows\System\DgGPhJU.exe

C:\Windows\System\DgGPhJU.exe

C:\Windows\System\pCnNGlo.exe

C:\Windows\System\pCnNGlo.exe

C:\Windows\System\ljMsWuW.exe

C:\Windows\System\ljMsWuW.exe

C:\Windows\System\xRDQjgH.exe

C:\Windows\System\xRDQjgH.exe

C:\Windows\System\WRhptOu.exe

C:\Windows\System\WRhptOu.exe

C:\Windows\System\dIKmWfx.exe

C:\Windows\System\dIKmWfx.exe

C:\Windows\System\VuzeWcO.exe

C:\Windows\System\VuzeWcO.exe

C:\Windows\System\gRQyhgn.exe

C:\Windows\System\gRQyhgn.exe

C:\Windows\System\FskqfDC.exe

C:\Windows\System\FskqfDC.exe

C:\Windows\System\AtTyDbm.exe

C:\Windows\System\AtTyDbm.exe

C:\Windows\System\AemJOUT.exe

C:\Windows\System\AemJOUT.exe

C:\Windows\System\bGfmWHX.exe

C:\Windows\System\bGfmWHX.exe

C:\Windows\System\AuQXqlw.exe

C:\Windows\System\AuQXqlw.exe

C:\Windows\System\jHGITar.exe

C:\Windows\System\jHGITar.exe

C:\Windows\System\MgfBqBd.exe

C:\Windows\System\MgfBqBd.exe

C:\Windows\System\NjJxPcv.exe

C:\Windows\System\NjJxPcv.exe

C:\Windows\System\Vndmumz.exe

C:\Windows\System\Vndmumz.exe

C:\Windows\System\jQhtZVv.exe

C:\Windows\System\jQhtZVv.exe

C:\Windows\System\XojmVpH.exe

C:\Windows\System\XojmVpH.exe

C:\Windows\System\LsLtpQZ.exe

C:\Windows\System\LsLtpQZ.exe

C:\Windows\System\rxHFsgA.exe

C:\Windows\System\rxHFsgA.exe

C:\Windows\System\DyNtecp.exe

C:\Windows\System\DyNtecp.exe

C:\Windows\System\JsbLFxy.exe

C:\Windows\System\JsbLFxy.exe

C:\Windows\System\eobyKjk.exe

C:\Windows\System\eobyKjk.exe

C:\Windows\System\qQIZctu.exe

C:\Windows\System\qQIZctu.exe

C:\Windows\System\QOCGeXB.exe

C:\Windows\System\QOCGeXB.exe

C:\Windows\System\TEdjzpV.exe

C:\Windows\System\TEdjzpV.exe

C:\Windows\System\ynuJDqZ.exe

C:\Windows\System\ynuJDqZ.exe

C:\Windows\System\tJMoFJQ.exe

C:\Windows\System\tJMoFJQ.exe

C:\Windows\System\xnaLrzM.exe

C:\Windows\System\xnaLrzM.exe

C:\Windows\System\CSkzpUN.exe

C:\Windows\System\CSkzpUN.exe

C:\Windows\System\gGWDeBc.exe

C:\Windows\System\gGWDeBc.exe

C:\Windows\System\cwADnPZ.exe

C:\Windows\System\cwADnPZ.exe

C:\Windows\System\tpMNspS.exe

C:\Windows\System\tpMNspS.exe

C:\Windows\System\FvaUOaK.exe

C:\Windows\System\FvaUOaK.exe

C:\Windows\System\OCshznd.exe

C:\Windows\System\OCshznd.exe

C:\Windows\System\yClyPSM.exe

C:\Windows\System\yClyPSM.exe

C:\Windows\System\mHNpoQT.exe

C:\Windows\System\mHNpoQT.exe

C:\Windows\System\jacaiEy.exe

C:\Windows\System\jacaiEy.exe

C:\Windows\System\bYBWvis.exe

C:\Windows\System\bYBWvis.exe

C:\Windows\System\fMXdXEg.exe

C:\Windows\System\fMXdXEg.exe

C:\Windows\System\XtcpFrF.exe

C:\Windows\System\XtcpFrF.exe

C:\Windows\System\NxZUOmm.exe

C:\Windows\System\NxZUOmm.exe

C:\Windows\System\FNKfzET.exe

C:\Windows\System\FNKfzET.exe

C:\Windows\System\UkiEWwL.exe

C:\Windows\System\UkiEWwL.exe

C:\Windows\System\WLyRxYt.exe

C:\Windows\System\WLyRxYt.exe

C:\Windows\System\ulRjyyP.exe

C:\Windows\System\ulRjyyP.exe

C:\Windows\System\vtoGewe.exe

C:\Windows\System\vtoGewe.exe

C:\Windows\System\vRuNjxI.exe

C:\Windows\System\vRuNjxI.exe

C:\Windows\System\rryOzBK.exe

C:\Windows\System\rryOzBK.exe

C:\Windows\System\zoeSEGS.exe

C:\Windows\System\zoeSEGS.exe

C:\Windows\System\yFyjzSa.exe

C:\Windows\System\yFyjzSa.exe

C:\Windows\System\OPEamIN.exe

C:\Windows\System\OPEamIN.exe

C:\Windows\System\fUBOfjq.exe

C:\Windows\System\fUBOfjq.exe

C:\Windows\System\gCRgaSh.exe

C:\Windows\System\gCRgaSh.exe

C:\Windows\System\LoQGDJH.exe

C:\Windows\System\LoQGDJH.exe

C:\Windows\System\PQFqzOw.exe

C:\Windows\System\PQFqzOw.exe

C:\Windows\System\jjvMvAZ.exe

C:\Windows\System\jjvMvAZ.exe

C:\Windows\System\ARtIVss.exe

C:\Windows\System\ARtIVss.exe

C:\Windows\System\AKZINvr.exe

C:\Windows\System\AKZINvr.exe

C:\Windows\System\TEJNDxx.exe

C:\Windows\System\TEJNDxx.exe

C:\Windows\System\OgUGCLe.exe

C:\Windows\System\OgUGCLe.exe

C:\Windows\System\afIzAJi.exe

C:\Windows\System\afIzAJi.exe

C:\Windows\System\pJlzUgV.exe

C:\Windows\System\pJlzUgV.exe

C:\Windows\System\daHSTZe.exe

C:\Windows\System\daHSTZe.exe

C:\Windows\System\XTELqXm.exe

C:\Windows\System\XTELqXm.exe

C:\Windows\System\ALyLZmX.exe

C:\Windows\System\ALyLZmX.exe

C:\Windows\System\rjZZAdL.exe

C:\Windows\System\rjZZAdL.exe

C:\Windows\System\bqUgKYd.exe

C:\Windows\System\bqUgKYd.exe

C:\Windows\System\EPFLrrC.exe

C:\Windows\System\EPFLrrC.exe

C:\Windows\System\HIBlzYK.exe

C:\Windows\System\HIBlzYK.exe

C:\Windows\System\oJCQfWq.exe

C:\Windows\System\oJCQfWq.exe

C:\Windows\System\LazMmyk.exe

C:\Windows\System\LazMmyk.exe

C:\Windows\System\QjDpZBq.exe

C:\Windows\System\QjDpZBq.exe

C:\Windows\System\sQlqHmb.exe

C:\Windows\System\sQlqHmb.exe

C:\Windows\System\YVFwRNk.exe

C:\Windows\System\YVFwRNk.exe

C:\Windows\System\mtfCQJK.exe

C:\Windows\System\mtfCQJK.exe

C:\Windows\System\CxhABwr.exe

C:\Windows\System\CxhABwr.exe

C:\Windows\System\QyJISGo.exe

C:\Windows\System\QyJISGo.exe

C:\Windows\System\vlRmfAL.exe

C:\Windows\System\vlRmfAL.exe

C:\Windows\System\RKQdjOL.exe

C:\Windows\System\RKQdjOL.exe

C:\Windows\System\orzArAi.exe

C:\Windows\System\orzArAi.exe

C:\Windows\System\rzRGFYh.exe

C:\Windows\System\rzRGFYh.exe

C:\Windows\System\jDGuMUt.exe

C:\Windows\System\jDGuMUt.exe

C:\Windows\System\diHWfQZ.exe

C:\Windows\System\diHWfQZ.exe

C:\Windows\System\ugASYiH.exe

C:\Windows\System\ugASYiH.exe

C:\Windows\System\LmIgHEu.exe

C:\Windows\System\LmIgHEu.exe

C:\Windows\System\wBXvLch.exe

C:\Windows\System\wBXvLch.exe

C:\Windows\System\PZhdqez.exe

C:\Windows\System\PZhdqez.exe

C:\Windows\System\yBvwtZp.exe

C:\Windows\System\yBvwtZp.exe

C:\Windows\System\IpAKYkN.exe

C:\Windows\System\IpAKYkN.exe

C:\Windows\System\lYBEppo.exe

C:\Windows\System\lYBEppo.exe

C:\Windows\System\JplKZsA.exe

C:\Windows\System\JplKZsA.exe

C:\Windows\System\EeccZKv.exe

C:\Windows\System\EeccZKv.exe

C:\Windows\System\RMgkcnG.exe

C:\Windows\System\RMgkcnG.exe

C:\Windows\System\VSpwmJm.exe

C:\Windows\System\VSpwmJm.exe

C:\Windows\System\AUeAlqx.exe

C:\Windows\System\AUeAlqx.exe

C:\Windows\System\BQFbbON.exe

C:\Windows\System\BQFbbON.exe

C:\Windows\System\EkvsSNG.exe

C:\Windows\System\EkvsSNG.exe

C:\Windows\System\kgJkhyk.exe

C:\Windows\System\kgJkhyk.exe

C:\Windows\System\osTHybc.exe

C:\Windows\System\osTHybc.exe

C:\Windows\System\UmdyNBP.exe

C:\Windows\System\UmdyNBP.exe

C:\Windows\System\PKmzFoz.exe

C:\Windows\System\PKmzFoz.exe

C:\Windows\System\WvJYZBK.exe

C:\Windows\System\WvJYZBK.exe

C:\Windows\System\RWQYbqC.exe

C:\Windows\System\RWQYbqC.exe

C:\Windows\System\YoPZEzo.exe

C:\Windows\System\YoPZEzo.exe

C:\Windows\System\cLSmOMl.exe

C:\Windows\System\cLSmOMl.exe

C:\Windows\System\ULhZZpq.exe

C:\Windows\System\ULhZZpq.exe

C:\Windows\System\cPyrXZX.exe

C:\Windows\System\cPyrXZX.exe

C:\Windows\System\TZoPBJh.exe

C:\Windows\System\TZoPBJh.exe

C:\Windows\System\CgUsuNQ.exe

C:\Windows\System\CgUsuNQ.exe

C:\Windows\System\yNrdULC.exe

C:\Windows\System\yNrdULC.exe

C:\Windows\System\pbJzfVZ.exe

C:\Windows\System\pbJzfVZ.exe

C:\Windows\System\FpsAQzn.exe

C:\Windows\System\FpsAQzn.exe

C:\Windows\System\ctQwWbY.exe

C:\Windows\System\ctQwWbY.exe

C:\Windows\System\BULGbYJ.exe

C:\Windows\System\BULGbYJ.exe

C:\Windows\System\eZjhiny.exe

C:\Windows\System\eZjhiny.exe

C:\Windows\System\pZpjVRm.exe

C:\Windows\System\pZpjVRm.exe

C:\Windows\System\IWCBWwC.exe

C:\Windows\System\IWCBWwC.exe

C:\Windows\System\BkRDjgP.exe

C:\Windows\System\BkRDjgP.exe

C:\Windows\System\bycXmts.exe

C:\Windows\System\bycXmts.exe

C:\Windows\System\AzGnnsR.exe

C:\Windows\System\AzGnnsR.exe

C:\Windows\System\TGFnrIK.exe

C:\Windows\System\TGFnrIK.exe

C:\Windows\System\oWQJeFP.exe

C:\Windows\System\oWQJeFP.exe

C:\Windows\System\WIrXHAj.exe

C:\Windows\System\WIrXHAj.exe

C:\Windows\System\ultAWkB.exe

C:\Windows\System\ultAWkB.exe

C:\Windows\System\lmhlvhn.exe

C:\Windows\System\lmhlvhn.exe

C:\Windows\System\rmXKeDk.exe

C:\Windows\System\rmXKeDk.exe

C:\Windows\System\XQaSEDX.exe

C:\Windows\System\XQaSEDX.exe

C:\Windows\System\WVpQzES.exe

C:\Windows\System\WVpQzES.exe

C:\Windows\System\IuSFDQA.exe

C:\Windows\System\IuSFDQA.exe

C:\Windows\System\ZRklGNV.exe

C:\Windows\System\ZRklGNV.exe

C:\Windows\System\GCWUOfe.exe

C:\Windows\System\GCWUOfe.exe

C:\Windows\System\ZkmvAcg.exe

C:\Windows\System\ZkmvAcg.exe

C:\Windows\System\EGfiFAB.exe

C:\Windows\System\EGfiFAB.exe

C:\Windows\System\aZfFZJX.exe

C:\Windows\System\aZfFZJX.exe

C:\Windows\System\xBrlKpl.exe

C:\Windows\System\xBrlKpl.exe

C:\Windows\System\RrkuRSU.exe

C:\Windows\System\RrkuRSU.exe

C:\Windows\System\aRjQLoE.exe

C:\Windows\System\aRjQLoE.exe

C:\Windows\System\QtQBHeY.exe

C:\Windows\System\QtQBHeY.exe

C:\Windows\System\BMlJBuR.exe

C:\Windows\System\BMlJBuR.exe

C:\Windows\System\IFuUXHH.exe

C:\Windows\System\IFuUXHH.exe

C:\Windows\System\QSvCvCt.exe

C:\Windows\System\QSvCvCt.exe

C:\Windows\System\ruXXXZb.exe

C:\Windows\System\ruXXXZb.exe

C:\Windows\System\YHsCeSW.exe

C:\Windows\System\YHsCeSW.exe

C:\Windows\System\kPatWNo.exe

C:\Windows\System\kPatWNo.exe

C:\Windows\System\VCuPtLz.exe

C:\Windows\System\VCuPtLz.exe

C:\Windows\System\dLJuUIb.exe

C:\Windows\System\dLJuUIb.exe

C:\Windows\System\ZJhnhtC.exe

C:\Windows\System\ZJhnhtC.exe

C:\Windows\System\QcxIuMZ.exe

C:\Windows\System\QcxIuMZ.exe

C:\Windows\System\cNBbOHc.exe

C:\Windows\System\cNBbOHc.exe

C:\Windows\System\IRWjAjU.exe

C:\Windows\System\IRWjAjU.exe

C:\Windows\System\TEjDKXm.exe

C:\Windows\System\TEjDKXm.exe

C:\Windows\System\ThokGuI.exe

C:\Windows\System\ThokGuI.exe

C:\Windows\System\mdVQRIe.exe

C:\Windows\System\mdVQRIe.exe

C:\Windows\System\PXVtxnC.exe

C:\Windows\System\PXVtxnC.exe

C:\Windows\System\KBcERhF.exe

C:\Windows\System\KBcERhF.exe

C:\Windows\System\hskMKlW.exe

C:\Windows\System\hskMKlW.exe

C:\Windows\System\DjwndVZ.exe

C:\Windows\System\DjwndVZ.exe

C:\Windows\System\FpGNSCx.exe

C:\Windows\System\FpGNSCx.exe

C:\Windows\System\LlZAoUz.exe

C:\Windows\System\LlZAoUz.exe

C:\Windows\System\FgLGPvS.exe

C:\Windows\System\FgLGPvS.exe

C:\Windows\System\hJfBaBP.exe

C:\Windows\System\hJfBaBP.exe

C:\Windows\System\aXCVIwB.exe

C:\Windows\System\aXCVIwB.exe

C:\Windows\System\ziQVMds.exe

C:\Windows\System\ziQVMds.exe

C:\Windows\System\IXYWODX.exe

C:\Windows\System\IXYWODX.exe

C:\Windows\System\PvwPvPg.exe

C:\Windows\System\PvwPvPg.exe

C:\Windows\System\fObdLFB.exe

C:\Windows\System\fObdLFB.exe

C:\Windows\System\qSiWUyW.exe

C:\Windows\System\qSiWUyW.exe

C:\Windows\System\gPffAGO.exe

C:\Windows\System\gPffAGO.exe

C:\Windows\System\tIFwODQ.exe

C:\Windows\System\tIFwODQ.exe

C:\Windows\System\qlsUJuk.exe

C:\Windows\System\qlsUJuk.exe

C:\Windows\System\uttKAOo.exe

C:\Windows\System\uttKAOo.exe

C:\Windows\System\pLICZzu.exe

C:\Windows\System\pLICZzu.exe

C:\Windows\System\axVCImk.exe

C:\Windows\System\axVCImk.exe

C:\Windows\System\mgVMtyK.exe

C:\Windows\System\mgVMtyK.exe

C:\Windows\System\KuFXgIx.exe

C:\Windows\System\KuFXgIx.exe

C:\Windows\System\zPjwOMu.exe

C:\Windows\System\zPjwOMu.exe

C:\Windows\System\umcDQZy.exe

C:\Windows\System\umcDQZy.exe

C:\Windows\System\wwYmImz.exe

C:\Windows\System\wwYmImz.exe

C:\Windows\System\mWQsmXA.exe

C:\Windows\System\mWQsmXA.exe

C:\Windows\System\hdfNXQT.exe

C:\Windows\System\hdfNXQT.exe

C:\Windows\System\PfnrwGK.exe

C:\Windows\System\PfnrwGK.exe

C:\Windows\System\EEJMkno.exe

C:\Windows\System\EEJMkno.exe

C:\Windows\System\vJomKzj.exe

C:\Windows\System\vJomKzj.exe

C:\Windows\System\VgWwlbn.exe

C:\Windows\System\VgWwlbn.exe

C:\Windows\System\BpsWgtd.exe

C:\Windows\System\BpsWgtd.exe

C:\Windows\System\MXMZwSP.exe

C:\Windows\System\MXMZwSP.exe

C:\Windows\System\aHstGVC.exe

C:\Windows\System\aHstGVC.exe

C:\Windows\System\TwADGWp.exe

C:\Windows\System\TwADGWp.exe

C:\Windows\System\wCEhVpy.exe

C:\Windows\System\wCEhVpy.exe

C:\Windows\System\nLolnWH.exe

C:\Windows\System\nLolnWH.exe

C:\Windows\System\wfZpBdP.exe

C:\Windows\System\wfZpBdP.exe

C:\Windows\System\YvHqOMh.exe

C:\Windows\System\YvHqOMh.exe

C:\Windows\System\BsVAMiV.exe

C:\Windows\System\BsVAMiV.exe

C:\Windows\System\jpnzjlp.exe

C:\Windows\System\jpnzjlp.exe

C:\Windows\System\aNqbOXz.exe

C:\Windows\System\aNqbOXz.exe

C:\Windows\System\YZCYtjH.exe

C:\Windows\System\YZCYtjH.exe

C:\Windows\System\CemlCGL.exe

C:\Windows\System\CemlCGL.exe

C:\Windows\System\pTfzSaL.exe

C:\Windows\System\pTfzSaL.exe

C:\Windows\System\GVzPcfo.exe

C:\Windows\System\GVzPcfo.exe

C:\Windows\System\lTGJWbd.exe

C:\Windows\System\lTGJWbd.exe

C:\Windows\System\aiQujlV.exe

C:\Windows\System\aiQujlV.exe

C:\Windows\System\AenfmiD.exe

C:\Windows\System\AenfmiD.exe

C:\Windows\System\pCVIRoM.exe

C:\Windows\System\pCVIRoM.exe

C:\Windows\System\ztCwoUV.exe

C:\Windows\System\ztCwoUV.exe

C:\Windows\System\wHaVuts.exe

C:\Windows\System\wHaVuts.exe

C:\Windows\System\ErkYjTj.exe

C:\Windows\System\ErkYjTj.exe

C:\Windows\System\XlkBqwb.exe

C:\Windows\System\XlkBqwb.exe

C:\Windows\System\owBkUyk.exe

C:\Windows\System\owBkUyk.exe

C:\Windows\System\oougEUy.exe

C:\Windows\System\oougEUy.exe

C:\Windows\System\IEIbugQ.exe

C:\Windows\System\IEIbugQ.exe

C:\Windows\System\OkxQDIU.exe

C:\Windows\System\OkxQDIU.exe

C:\Windows\System\fwgBMQg.exe

C:\Windows\System\fwgBMQg.exe

C:\Windows\System\JprlSwq.exe

C:\Windows\System\JprlSwq.exe

C:\Windows\System\WEXMYjz.exe

C:\Windows\System\WEXMYjz.exe

C:\Windows\System\XXVvfbQ.exe

C:\Windows\System\XXVvfbQ.exe

C:\Windows\System\IXqzZaa.exe

C:\Windows\System\IXqzZaa.exe

C:\Windows\System\mcZHieg.exe

C:\Windows\System\mcZHieg.exe

C:\Windows\System\pymcynS.exe

C:\Windows\System\pymcynS.exe

C:\Windows\System\tDKKcGv.exe

C:\Windows\System\tDKKcGv.exe

C:\Windows\System\cVWgAGH.exe

C:\Windows\System\cVWgAGH.exe

C:\Windows\System\afpcPSD.exe

C:\Windows\System\afpcPSD.exe

C:\Windows\System\tsKWOIR.exe

C:\Windows\System\tsKWOIR.exe

C:\Windows\System\qPwdsGM.exe

C:\Windows\System\qPwdsGM.exe

C:\Windows\System\dKlwMmS.exe

C:\Windows\System\dKlwMmS.exe

C:\Windows\System\cRNWSzN.exe

C:\Windows\System\cRNWSzN.exe

C:\Windows\System\wvUsWFx.exe

C:\Windows\System\wvUsWFx.exe

C:\Windows\System\YTPCJvF.exe

C:\Windows\System\YTPCJvF.exe

C:\Windows\System\ZXRDuys.exe

C:\Windows\System\ZXRDuys.exe

C:\Windows\System\ylgmOly.exe

C:\Windows\System\ylgmOly.exe

C:\Windows\System\VgEbEKw.exe

C:\Windows\System\VgEbEKw.exe

C:\Windows\System\jDNxOKE.exe

C:\Windows\System\jDNxOKE.exe

C:\Windows\System\gAzfPEm.exe

C:\Windows\System\gAzfPEm.exe

C:\Windows\System\YcjyCUL.exe

C:\Windows\System\YcjyCUL.exe

C:\Windows\System\TRryHFz.exe

C:\Windows\System\TRryHFz.exe

C:\Windows\System\euOpYVi.exe

C:\Windows\System\euOpYVi.exe

C:\Windows\System\dosssKr.exe

C:\Windows\System\dosssKr.exe

C:\Windows\System\xeurcPv.exe

C:\Windows\System\xeurcPv.exe

C:\Windows\System\xWqvnjP.exe

C:\Windows\System\xWqvnjP.exe

C:\Windows\System\XXNdPeI.exe

C:\Windows\System\XXNdPeI.exe

C:\Windows\System\RfSiOAo.exe

C:\Windows\System\RfSiOAo.exe

C:\Windows\System\elzyZFJ.exe

C:\Windows\System\elzyZFJ.exe

C:\Windows\System\SuSRCeU.exe

C:\Windows\System\SuSRCeU.exe

C:\Windows\System\hDcvGQb.exe

C:\Windows\System\hDcvGQb.exe

C:\Windows\System\bIISEhA.exe

C:\Windows\System\bIISEhA.exe

C:\Windows\System\WNqcsHg.exe

C:\Windows\System\WNqcsHg.exe

C:\Windows\System\wKYBwLx.exe

C:\Windows\System\wKYBwLx.exe

C:\Windows\System\XiFLsFo.exe

C:\Windows\System\XiFLsFo.exe

C:\Windows\System\aqyQhVw.exe

C:\Windows\System\aqyQhVw.exe

C:\Windows\System\UQClATR.exe

C:\Windows\System\UQClATR.exe

C:\Windows\System\UJlMwOk.exe

C:\Windows\System\UJlMwOk.exe

C:\Windows\System\IRHDyDm.exe

C:\Windows\System\IRHDyDm.exe

C:\Windows\System\aXqpRBy.exe

C:\Windows\System\aXqpRBy.exe

C:\Windows\System\iiPjXEv.exe

C:\Windows\System\iiPjXEv.exe

C:\Windows\System\EbHgRvP.exe

C:\Windows\System\EbHgRvP.exe

C:\Windows\System\RwclxyF.exe

C:\Windows\System\RwclxyF.exe

C:\Windows\System\lLCjuvy.exe

C:\Windows\System\lLCjuvy.exe

C:\Windows\System\RGOPCCz.exe

C:\Windows\System\RGOPCCz.exe

C:\Windows\System\IyfjtPA.exe

C:\Windows\System\IyfjtPA.exe

C:\Windows\System\zjVuZdY.exe

C:\Windows\System\zjVuZdY.exe

C:\Windows\System\cttgJvz.exe

C:\Windows\System\cttgJvz.exe

C:\Windows\System\bupmgIf.exe

C:\Windows\System\bupmgIf.exe

C:\Windows\System\eYptjUV.exe

C:\Windows\System\eYptjUV.exe

C:\Windows\System\ajUsbdq.exe

C:\Windows\System\ajUsbdq.exe

C:\Windows\System\FQBelTV.exe

C:\Windows\System\FQBelTV.exe

C:\Windows\System\XNXIWab.exe

C:\Windows\System\XNXIWab.exe

C:\Windows\System\vUnAKVo.exe

C:\Windows\System\vUnAKVo.exe

C:\Windows\System\zjwDFMw.exe

C:\Windows\System\zjwDFMw.exe

C:\Windows\System\HnpRJtO.exe

C:\Windows\System\HnpRJtO.exe

C:\Windows\System\rhtLGwy.exe

C:\Windows\System\rhtLGwy.exe

C:\Windows\System\PykFOuJ.exe

C:\Windows\System\PykFOuJ.exe

C:\Windows\System\qgFSUKH.exe

C:\Windows\System\qgFSUKH.exe

C:\Windows\System\LbsxayX.exe

C:\Windows\System\LbsxayX.exe

C:\Windows\System\VNIcbyN.exe

C:\Windows\System\VNIcbyN.exe

C:\Windows\System\yeFrpqg.exe

C:\Windows\System\yeFrpqg.exe

C:\Windows\System\ZOZFEnz.exe

C:\Windows\System\ZOZFEnz.exe

C:\Windows\System\bTrPdtU.exe

C:\Windows\System\bTrPdtU.exe

C:\Windows\System\mqyZlll.exe

C:\Windows\System\mqyZlll.exe

C:\Windows\System\WaTlEYW.exe

C:\Windows\System\WaTlEYW.exe

C:\Windows\System\HMQhumA.exe

C:\Windows\System\HMQhumA.exe

C:\Windows\System\VWJIBye.exe

C:\Windows\System\VWJIBye.exe

C:\Windows\System\QmMiOwe.exe

C:\Windows\System\QmMiOwe.exe

C:\Windows\System\eujpZjJ.exe

C:\Windows\System\eujpZjJ.exe

C:\Windows\System\yRmADVh.exe

C:\Windows\System\yRmADVh.exe

C:\Windows\System\MOohJgM.exe

C:\Windows\System\MOohJgM.exe

C:\Windows\System\IUWDziM.exe

C:\Windows\System\IUWDziM.exe

C:\Windows\System\wxMDNfa.exe

C:\Windows\System\wxMDNfa.exe

C:\Windows\System\hKYtjnk.exe

C:\Windows\System\hKYtjnk.exe

C:\Windows\System\YAYwwBp.exe

C:\Windows\System\YAYwwBp.exe

C:\Windows\System\wHijlVT.exe

C:\Windows\System\wHijlVT.exe

C:\Windows\System\lxaJURs.exe

C:\Windows\System\lxaJURs.exe

C:\Windows\System\jbdnSDf.exe

C:\Windows\System\jbdnSDf.exe

C:\Windows\System\ADhwmOW.exe

C:\Windows\System\ADhwmOW.exe

C:\Windows\System\gZvOTLo.exe

C:\Windows\System\gZvOTLo.exe

C:\Windows\System\phjBQoX.exe

C:\Windows\System\phjBQoX.exe

C:\Windows\System\sBsvDQK.exe

C:\Windows\System\sBsvDQK.exe

C:\Windows\System\zqABCOt.exe

C:\Windows\System\zqABCOt.exe

C:\Windows\System\YnPQdCY.exe

C:\Windows\System\YnPQdCY.exe

C:\Windows\System\sJkRmwe.exe

C:\Windows\System\sJkRmwe.exe

C:\Windows\System\PrKoUVQ.exe

C:\Windows\System\PrKoUVQ.exe

C:\Windows\System\ytuXDWa.exe

C:\Windows\System\ytuXDWa.exe

C:\Windows\System\MxfuFbx.exe

C:\Windows\System\MxfuFbx.exe

C:\Windows\System\oHxOUIt.exe

C:\Windows\System\oHxOUIt.exe

C:\Windows\System\QEyVMsd.exe

C:\Windows\System\QEyVMsd.exe

C:\Windows\System\mkrfEDk.exe

C:\Windows\System\mkrfEDk.exe

C:\Windows\System\kUpIOVl.exe

C:\Windows\System\kUpIOVl.exe

C:\Windows\System\kAcRDOb.exe

C:\Windows\System\kAcRDOb.exe

C:\Windows\System\FPHbpKW.exe

C:\Windows\System\FPHbpKW.exe

C:\Windows\System\rrsEVmO.exe

C:\Windows\System\rrsEVmO.exe

C:\Windows\System\FZJnxgF.exe

C:\Windows\System\FZJnxgF.exe

C:\Windows\System\yclBYpj.exe

C:\Windows\System\yclBYpj.exe

C:\Windows\System\LnTOgpc.exe

C:\Windows\System\LnTOgpc.exe

C:\Windows\System\PRveayb.exe

C:\Windows\System\PRveayb.exe

C:\Windows\System\smmwESm.exe

C:\Windows\System\smmwESm.exe

C:\Windows\System\zwCoiGc.exe

C:\Windows\System\zwCoiGc.exe

C:\Windows\System\bbMFsCi.exe

C:\Windows\System\bbMFsCi.exe

C:\Windows\System\fdTAPpD.exe

C:\Windows\System\fdTAPpD.exe

C:\Windows\System\gUbQMBf.exe

C:\Windows\System\gUbQMBf.exe

C:\Windows\System\EeVXmRA.exe

C:\Windows\System\EeVXmRA.exe

C:\Windows\System\umBUibS.exe

C:\Windows\System\umBUibS.exe

C:\Windows\System\qIVOBpK.exe

C:\Windows\System\qIVOBpK.exe

C:\Windows\System\SSfpGba.exe

C:\Windows\System\SSfpGba.exe

C:\Windows\System\ZsUihBe.exe

C:\Windows\System\ZsUihBe.exe

C:\Windows\System\ftWCwni.exe

C:\Windows\System\ftWCwni.exe

C:\Windows\System\GsyxlDX.exe

C:\Windows\System\GsyxlDX.exe

C:\Windows\System\bkVBzFN.exe

C:\Windows\System\bkVBzFN.exe

C:\Windows\System\hpmvoPT.exe

C:\Windows\System\hpmvoPT.exe

C:\Windows\System\ruajkBT.exe

C:\Windows\System\ruajkBT.exe

C:\Windows\System\ADopehr.exe

C:\Windows\System\ADopehr.exe

C:\Windows\System\SIVmeQl.exe

C:\Windows\System\SIVmeQl.exe

C:\Windows\System\uwYDELs.exe

C:\Windows\System\uwYDELs.exe

C:\Windows\System\TzlGVER.exe

C:\Windows\System\TzlGVER.exe

C:\Windows\System\KpGFqgN.exe

C:\Windows\System\KpGFqgN.exe

C:\Windows\System\awhnEVH.exe

C:\Windows\System\awhnEVH.exe

C:\Windows\System\QhbGBGD.exe

C:\Windows\System\QhbGBGD.exe

C:\Windows\System\BgOSLLm.exe

C:\Windows\System\BgOSLLm.exe

C:\Windows\System\CCdonRJ.exe

C:\Windows\System\CCdonRJ.exe

C:\Windows\System\cMFIMgV.exe

C:\Windows\System\cMFIMgV.exe

C:\Windows\System\QBgkqWD.exe

C:\Windows\System\QBgkqWD.exe

C:\Windows\System\nvSdnhX.exe

C:\Windows\System\nvSdnhX.exe

C:\Windows\System\CpyTnBn.exe

C:\Windows\System\CpyTnBn.exe

C:\Windows\System\wqJItDA.exe

C:\Windows\System\wqJItDA.exe

C:\Windows\System\qYdbDNF.exe

C:\Windows\System\qYdbDNF.exe

C:\Windows\System\dDuzfpF.exe

C:\Windows\System\dDuzfpF.exe

C:\Windows\System\sAyNzJx.exe

C:\Windows\System\sAyNzJx.exe

C:\Windows\System\FruoMfY.exe

C:\Windows\System\FruoMfY.exe

C:\Windows\System\LUxZpMo.exe

C:\Windows\System\LUxZpMo.exe

C:\Windows\System\ZjDExZU.exe

C:\Windows\System\ZjDExZU.exe

C:\Windows\System\eHitXgZ.exe

C:\Windows\System\eHitXgZ.exe

C:\Windows\System\SsJEBPF.exe

C:\Windows\System\SsJEBPF.exe

C:\Windows\System\ZrPEwZc.exe

C:\Windows\System\ZrPEwZc.exe

C:\Windows\System\lTAiodE.exe

C:\Windows\System\lTAiodE.exe

C:\Windows\System\NmHgKHR.exe

C:\Windows\System\NmHgKHR.exe

C:\Windows\System\ncBoTgk.exe

C:\Windows\System\ncBoTgk.exe

C:\Windows\System\IzkkwaG.exe

C:\Windows\System\IzkkwaG.exe

C:\Windows\System\FrmrPjt.exe

C:\Windows\System\FrmrPjt.exe

C:\Windows\System\iaHeSJG.exe

C:\Windows\System\iaHeSJG.exe

C:\Windows\System\wGYtdpo.exe

C:\Windows\System\wGYtdpo.exe

C:\Windows\System\bMIEuQa.exe

C:\Windows\System\bMIEuQa.exe

C:\Windows\System\pEESLyH.exe

C:\Windows\System\pEESLyH.exe

C:\Windows\System\RfEqVrP.exe

C:\Windows\System\RfEqVrP.exe

C:\Windows\System\GSeREeS.exe

C:\Windows\System\GSeREeS.exe

C:\Windows\System\iguPvgo.exe

C:\Windows\System\iguPvgo.exe

C:\Windows\System\IwWQsCb.exe

C:\Windows\System\IwWQsCb.exe

C:\Windows\System\vqyvUfp.exe

C:\Windows\System\vqyvUfp.exe

C:\Windows\System\UDdYoTq.exe

C:\Windows\System\UDdYoTq.exe

C:\Windows\System\IwUqsOR.exe

C:\Windows\System\IwUqsOR.exe

C:\Windows\System\XmcsLJX.exe

C:\Windows\System\XmcsLJX.exe

C:\Windows\System\dyRvIXJ.exe

C:\Windows\System\dyRvIXJ.exe

C:\Windows\System\XHrcppl.exe

C:\Windows\System\XHrcppl.exe

C:\Windows\System\SZMSLGs.exe

C:\Windows\System\SZMSLGs.exe

C:\Windows\System\nbXPUhx.exe

C:\Windows\System\nbXPUhx.exe

C:\Windows\System\SQfnjNj.exe

C:\Windows\System\SQfnjNj.exe

C:\Windows\System\RPrWeqN.exe

C:\Windows\System\RPrWeqN.exe

C:\Windows\System\DIjfoVb.exe

C:\Windows\System\DIjfoVb.exe

C:\Windows\System\lBkLfSC.exe

C:\Windows\System\lBkLfSC.exe

C:\Windows\System\UBwitCd.exe

C:\Windows\System\UBwitCd.exe

C:\Windows\System\RgwtvpP.exe

C:\Windows\System\RgwtvpP.exe

C:\Windows\System\TEIZqIv.exe

C:\Windows\System\TEIZqIv.exe

C:\Windows\System\qTGpCvp.exe

C:\Windows\System\qTGpCvp.exe

C:\Windows\System\neYIlpf.exe

C:\Windows\System\neYIlpf.exe

C:\Windows\System\YBzIECZ.exe

C:\Windows\System\YBzIECZ.exe

C:\Windows\System\WFpQokA.exe

C:\Windows\System\WFpQokA.exe

C:\Windows\System\CzSLkpn.exe

C:\Windows\System\CzSLkpn.exe

C:\Windows\System\IVCvmYk.exe

C:\Windows\System\IVCvmYk.exe

C:\Windows\System\DSZxtUX.exe

C:\Windows\System\DSZxtUX.exe

C:\Windows\System\rnEzdwF.exe

C:\Windows\System\rnEzdwF.exe

C:\Windows\System\NrWqiDM.exe

C:\Windows\System\NrWqiDM.exe

C:\Windows\System\xpdEJvR.exe

C:\Windows\System\xpdEJvR.exe

C:\Windows\System\QqTIGRh.exe

C:\Windows\System\QqTIGRh.exe

C:\Windows\System\ctDUJWt.exe

C:\Windows\System\ctDUJWt.exe

C:\Windows\System\aXByyzN.exe

C:\Windows\System\aXByyzN.exe

C:\Windows\System\meKvjdk.exe

C:\Windows\System\meKvjdk.exe

C:\Windows\System\tDuADJs.exe

C:\Windows\System\tDuADJs.exe

C:\Windows\System\BfCwNMz.exe

C:\Windows\System\BfCwNMz.exe

C:\Windows\System\dbJHeBz.exe

C:\Windows\System\dbJHeBz.exe

C:\Windows\System\InNJXRB.exe

C:\Windows\System\InNJXRB.exe

C:\Windows\System\xBJPEbM.exe

C:\Windows\System\xBJPEbM.exe

C:\Windows\System\mjozYyU.exe

C:\Windows\System\mjozYyU.exe

C:\Windows\System\arxmfwL.exe

C:\Windows\System\arxmfwL.exe

C:\Windows\System\NHhngZv.exe

C:\Windows\System\NHhngZv.exe

C:\Windows\System\vXGkJrH.exe

C:\Windows\System\vXGkJrH.exe

C:\Windows\System\YGTaisV.exe

C:\Windows\System\YGTaisV.exe

C:\Windows\System\iXNULxa.exe

C:\Windows\System\iXNULxa.exe

C:\Windows\System\xfgecge.exe

C:\Windows\System\xfgecge.exe

C:\Windows\System\DsURVFw.exe

C:\Windows\System\DsURVFw.exe

C:\Windows\System\ohbAqJj.exe

C:\Windows\System\ohbAqJj.exe

C:\Windows\System\mlntdXr.exe

C:\Windows\System\mlntdXr.exe

C:\Windows\System\mksFlqe.exe

C:\Windows\System\mksFlqe.exe

C:\Windows\System\oSyGpwG.exe

C:\Windows\System\oSyGpwG.exe

C:\Windows\System\dnSWVxa.exe

C:\Windows\System\dnSWVxa.exe

C:\Windows\System\KNMqprP.exe

C:\Windows\System\KNMqprP.exe

C:\Windows\System\SrjlPen.exe

C:\Windows\System\SrjlPen.exe

C:\Windows\System\gTpNrBa.exe

C:\Windows\System\gTpNrBa.exe

C:\Windows\System\ZMWhSAn.exe

C:\Windows\System\ZMWhSAn.exe

C:\Windows\System\DsOMkge.exe

C:\Windows\System\DsOMkge.exe

C:\Windows\System\PUvOwfl.exe

C:\Windows\System\PUvOwfl.exe

C:\Windows\System\QNWGYNF.exe

C:\Windows\System\QNWGYNF.exe

C:\Windows\System\HmUycXR.exe

C:\Windows\System\HmUycXR.exe

C:\Windows\System\aNCmhfK.exe

C:\Windows\System\aNCmhfK.exe

C:\Windows\System\qfWbWeP.exe

C:\Windows\System\qfWbWeP.exe

C:\Windows\System\ZxqdXbB.exe

C:\Windows\System\ZxqdXbB.exe

C:\Windows\System\wzNnWDN.exe

C:\Windows\System\wzNnWDN.exe

C:\Windows\System\TVKujtZ.exe

C:\Windows\System\TVKujtZ.exe

C:\Windows\System\dEZbXCY.exe

C:\Windows\System\dEZbXCY.exe

C:\Windows\System\nlWIOgJ.exe

C:\Windows\System\nlWIOgJ.exe

C:\Windows\System\hJxkWko.exe

C:\Windows\System\hJxkWko.exe

C:\Windows\System\TDFbPid.exe

C:\Windows\System\TDFbPid.exe

C:\Windows\System\RIpxezU.exe

C:\Windows\System\RIpxezU.exe

C:\Windows\System\bBvqIox.exe

C:\Windows\System\bBvqIox.exe

C:\Windows\System\GYmizwX.exe

C:\Windows\System\GYmizwX.exe

C:\Windows\System\TZnrdSh.exe

C:\Windows\System\TZnrdSh.exe

C:\Windows\System\sWsevhL.exe

C:\Windows\System\sWsevhL.exe

C:\Windows\System\FfGULtJ.exe

C:\Windows\System\FfGULtJ.exe

C:\Windows\System\RtNfbGp.exe

C:\Windows\System\RtNfbGp.exe

C:\Windows\System\zkrbPdP.exe

C:\Windows\System\zkrbPdP.exe

C:\Windows\System\NukAMvu.exe

C:\Windows\System\NukAMvu.exe

C:\Windows\System\YbdCzmp.exe

C:\Windows\System\YbdCzmp.exe

C:\Windows\System\hUVyAPX.exe

C:\Windows\System\hUVyAPX.exe

C:\Windows\System\cjSbJjg.exe

C:\Windows\System\cjSbJjg.exe

C:\Windows\System\ZdrxNcV.exe

C:\Windows\System\ZdrxNcV.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\System\wdDTDeh.exe

C:\Windows\System\wdDTDeh.exe

C:\Windows\System\dEVvpSO.exe

C:\Windows\System\dEVvpSO.exe

C:\Windows\System\FwJoiBA.exe

C:\Windows\System\FwJoiBA.exe

C:\Windows\System\pMEoaeR.exe

C:\Windows\System\pMEoaeR.exe

C:\Windows\System\iJrByyO.exe

C:\Windows\System\iJrByyO.exe

C:\Windows\System\bdREZYW.exe

C:\Windows\System\bdREZYW.exe

C:\Windows\System\MUggprs.exe

C:\Windows\System\MUggprs.exe

C:\Windows\System\yuqZgQu.exe

C:\Windows\System\yuqZgQu.exe

C:\Windows\System\XOIDWEs.exe

C:\Windows\System\XOIDWEs.exe

C:\Windows\System\YyuJSJJ.exe

C:\Windows\System\YyuJSJJ.exe

C:\Windows\System\EzERWPP.exe

C:\Windows\System\EzERWPP.exe

C:\Windows\System\cUAggKZ.exe

C:\Windows\System\cUAggKZ.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 52.111.229.43:443 tcp

Files

memory/2800-0-0x00007FF6C34D0000-0x00007FF6C38C2000-memory.dmp

memory/2800-1-0x0000020728C50000-0x0000020728C60000-memory.dmp

C:\Windows\System\wJrorFq.exe

MD5 54fd6fdca7b758139ff71b7b9c04062f
SHA1 4ab0db17f74a4e4711759f954ffc327fc5879ec3
SHA256 9149e1ca95d22f92479530cf64ea2fa1a86c6d3632c63866808143c6c2008aa9
SHA512 171fff638a396a534403ef10f3734e30304e766ca1042eec3f26ee535456c0e8d14be642be0ddf087423548c9a4b15416fa36b3897e87575ab540ffa7bd34d8a

C:\Windows\System\JGNyMcs.exe

MD5 a229c599e1a2e8396eaf76ab4cee0b52
SHA1 46057f68a02afeaf7355e5d1ef71acfa8cdd2e4c
SHA256 9bec059444808df69c642c7b8778267327204c2b6470f51f6e1c0608a608c7be
SHA512 5b28d267aa152cde247937cf398836e14c99a21934e7c27ba5fcb14ed49f5289cf3178be21a199fe4fe371fe381232ad8e491e710b6bdd06f03531cff5e6fc61

C:\Windows\System\nMshRMi.exe

MD5 56bac46e2e8be09f4a632b810f862ea0
SHA1 8ed9b7b3e1723a89d49e115364f8a61f78cc0b58
SHA256 b7dd343810e37d56e2f98a9ab9bb0bf8a3850602d155b22c92235d7cc13ee87e
SHA512 29df573b6146794d62458522e1a9150047d7aa0bd3f5d4c691164e603abcd8f472d245339da7864fff67093fd4b0854b5a73b1bdb05b290149bce7bcdc4fadbd

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1d5qrnah.cij.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\cwjtpoT.exe

MD5 3ed682ff67f62fbd7930af0bad6de7e4
SHA1 3350fbf76776f4a4b101b248a167b6c157fe9bab
SHA256 7737eb1c9089ef1367dbee9529f26cd6ebf9eb7b09ca9770d59257b7f55071a8
SHA512 3ca97f324d5aaa5d152382602c9c9da4651d0ac9aeefbaec3b8a63149b61dc71ff7955a741ba9ef96663923deac3ae745e6757e1d24222109543a74089e8e95a

C:\Windows\System\qCXBXkd.exe

MD5 378dd758d4b80a5ab53d53f41178b702
SHA1 ef234d32f98684e299168b9f9719f4096a0d47cc
SHA256 b35450355a16bdfe3249d40893064303b50ae261395a49ed3804215959bab594
SHA512 017525dd52241519dbdd05de0de2c7189bf8fd4be11dc03986437f78f00312b4ad7aebe5c2475b1b6524c453b5daf373ef80b78d231e293c831f2f699dac8848

C:\Windows\System\ZizbQQz.exe

MD5 177878058b54b1298c31055aa3984be1
SHA1 b7f3eb3dcab9189419a936e8af1fd58658caf6a0
SHA256 6967f6a43855e14fd2775d5a0abf10177960c966f604337451dbaf52694fe84b
SHA512 17edb6c30ca61929cb94e9a5cfaa6ab8d6762b28e7b554266bb88f9c9a88e2186e341a5797351e6da2ef9e78cfd9be1a1dd52bcb675f1dd400f01f955ab91c0c

memory/1504-289-0x00007FF6BC470000-0x00007FF6BC862000-memory.dmp

memory/3668-272-0x0000017C69320000-0x0000017C69342000-memory.dmp

memory/4324-242-0x00007FF6BFC80000-0x00007FF6C0072000-memory.dmp

C:\Windows\System\czcKKYG.exe

MD5 d9ab505a63cedca4d24c4873f51964c1
SHA1 5bb3b887560314c3c3080f61286713d05b364132
SHA256 1f4272659ad5305734d33cc69a3626010a9c87489702739a23c0ed7cd170cb72
SHA512 c94990b06dae22f35f85df88aa40c3b9c4b95246fdf7fa232f6c9c7445c1e3d98a7fe8705b6efaf5da4c9d3bf2c7d2946b4847642bf51559a37f8ef603947389

C:\Windows\System\YjDmGaA.exe

MD5 0cc3acb8327ca56b1030f1b788752c27
SHA1 0f4d8a19bba91cd949898f73ac7e152fc9760074
SHA256 816a92cb482d06d8b18b2a9c96bca9971302dce6a55d6a21d0e38cc67794ba79
SHA512 ad7311f80c4a7fb4f77347a8184a670a4f7415b743514bbdc4131a75aa3db1e4fd76bb3a26857c4e5fe9c4ec1c423470ce0f14a96a9b337c1ce63ede5bedbe98

C:\Windows\System\skUysJQ.exe

MD5 6670670a69e7e03f546229aa6b878921
SHA1 9c1cc2fb1e9d3452d8dd2503bcc88f1f72e85838
SHA256 ca03bb7bd518590dac4f144ba9e7e906b7c4f4ce08b9e744c2009e9a1d6a1ddb
SHA512 2b9f9f90642388c131b46709ec1aecc34a905c3c24b3315093cbf1af75dd0cea8b0dba78ec11ab92bb8e045d2fd91f47bbba922f9f142c6c9fad63c9a6c7ea02

memory/216-197-0x00007FF6010D0000-0x00007FF6014C2000-memory.dmp

C:\Windows\System\ALTPGeX.exe

MD5 06a747fe5572a8562957c6926bc49bc6
SHA1 fe1cb054f730f10f74c49c6bc86484cc640c4c7e
SHA256 f4e0bf9ba4c523aa63c64141ee4bc833efbae4bde7509d205c168ce9897cd3a2
SHA512 d950a1e5e4a2e83731889afe2205a7c45f03079020a03ce3545d884499f409d1f44a5af5e9e3d24dd8bebdc1b0631724c3e6adf2c7685b4c6aa5d569c8b90c9e

C:\Windows\System\IqJLhnP.exe

MD5 e2b4e2c91641cca00a4788ee8ebbe3a4
SHA1 d504cb2e36f0a6509b8f1b389e63514f3fb36a1e
SHA256 7d57e8e20d930f00cd5e4806a1120dea4ab209321f8f8201471033f269829006
SHA512 acb2e96270076e869a32f5d3262349729b07ab0a37e2a2045102fd0c67ad7fd68c0105d3dba56bb65f761633692f662f066280fb3e19557625eb4c365c1f7bda

C:\Windows\System\xUQTdvM.exe

MD5 b0089078b1c8648e4fbfdcf7980cc077
SHA1 6fd5f4c70aed0058b01a01d2a88018b5744861d8
SHA256 5845a59368b20815f8bfb859175a6ec507b4e5f40768f1da7b78a0ff8991db9f
SHA512 e055c68a184d53bfa34b4368ce028696b2e92bc189a7ead07d56d6e15ae409669319b9a5464a56ad5a888e428e30565fd010db45b7bbdd7f95c81d7aec52da78

C:\Windows\System\JqnjCPs.exe

MD5 7dc20bc76be7582d9f12a0fec840705f
SHA1 93a865b1590bde699e074ff09cd8e6775fd350a6
SHA256 7ac5553fff9617ac8c96320144e36ca6bcb792a5bf8f8076aaf69b024d43bfa6
SHA512 631fd760551e42e89e4fd84bd43269116b475393588a3969922638535edcc1e932a1325434eb2e80e36230a9fc7184a383c7ea7892af0641a21e1bba90f6230e

C:\Windows\System\pOzkvgB.exe

MD5 c932377f5a87edb97792d6a3baf61948
SHA1 e95cad3475517d74797ab55d66b5c88a693b6485
SHA256 af8ca88d601da3254beb7f2804573da810ddd817977303d981ca9e5255f13651
SHA512 f98a3eeaa952240653d0b4a1c39e0cddabf227db73a2ffb03ed3ad8786cdfc4ebb3112e16a91b07cc4ff8fd9e0d1c75814f4ae039df3764f338b46700dcf553b

C:\Windows\System\xkkZWqx.exe

MD5 138543f9d9a1d5c7719e06818feee151
SHA1 b78aeb03375c94a3f633daebf68cb4fe64529be4
SHA256 f42cb9e1fbd6572c00ff52cf083721418f42c42934614f6050e03182ec55a6cf
SHA512 c1949c373c741651778946c89a345a53bd5de230c61d2dd859fce64de8f18e1ebc80cd3debc641c4053589e989c6af6b6bbc9d100e58061b03f7cd1ae5c8c6eb

C:\Windows\System\MwBNXMD.exe

MD5 5bd6cb43c88c4ba933ac48ae319741f8
SHA1 dbdcf0193ec3b911456d4678db479ff7a348fdfe
SHA256 3d353b464e21ae51a71df47606644621647e923cf9c48cff6409b8696ee593da
SHA512 d0990d041c2a036b35bf0922bd0ce90239ab08c58a50569fdc93a6dc2530a499a5bb670fd8a8b756bea2850a02c366997e0262d0ad61c7e3a0f76ea288ce164e

C:\Windows\System\wkVxUSX.exe

MD5 f67c3248a6cb298e24b399b93c6ef2fe
SHA1 fb9591eb62d5b151b781bfb6e53bdf8e7ef884a6
SHA256 ee84916032029dbae9a597dd74a927878c684f0bc0d38f1e3a415605b9c9520f
SHA512 9fcd64d19a23ca664617b0dfa7b58d1be7585a1c54a7dfd84e0bd45bd49ebba8e058ea179f4f5a24f88a7712aa7e5e6f4bdc543d4840bda100632f0f8a5624c4

C:\Windows\System\KXweNAa.exe

MD5 af081eae7904be45150cec962175f8bc
SHA1 9edb85d549bb5639142b1934d81a95ee5f8ef5b1
SHA256 382db1cb152790d09175a48c5ac25a4397101e240f191eb744ac87745f192872
SHA512 edac5c19e82c18b980756312b48ab4c88e4f9296f2e01475f027f51984479c1fc08d63022792faaeeca932c6827005cf26ba9606db5efc1896f8e0cc9809b2d7

C:\Windows\System\UGFsSTx.exe

MD5 30194593979006ab8eb351053f204564
SHA1 9382478d4b1f080e55efa88699ddc9671e70314b
SHA256 d77255564f51ab1cd48b5082f0e4d0af2786fd85ea9a9888c9c66974171ae920
SHA512 be1ca47d6cbe56f06028ab6e0f54f1357dc54c49962393795728598e6f9df118ec077371605affb9e07d5df9c9541e2a5d55ff04f611c39a2e0eccb686055315

C:\Windows\System\kKTDmTu.exe

MD5 3a7d3121a06846689c8ece2f7a898889
SHA1 493f99802ed5da88e37466fb350bd8eac72c9b53
SHA256 d9750579ab683b9fd4b600bf212a530792a3935c9e851058008fcf6dc9d1ed79
SHA512 884e1dc2a00ef7c4fd30ced4e0468052f15f6f5ef37fdfffa6ec3635e22fb1a65ae9096823bc46ddbc4fe95fd0c1e5355d4894d0847612a6281c766bd2f2b7e6

C:\Windows\System\yXkPVbW.exe

MD5 a6149b7ab0436f188e97f1b1879da7c8
SHA1 1e92dc42e43880137adda8656f36f0f4c1f70520
SHA256 13c05c2d99c6d7d3cdb2a569f52411ce425662b9f189655fb50a0b4fbc78c665
SHA512 a45b44058eb94f6dcd76a36f9a3e70fe45030f8675b51ec540d5763a2edbedc59f7bd50592d5f94f8a0b89270d2eb0c76d0ffd724ee89cd72eca7ff6e4ff2f65

C:\Windows\System\uFXSbin.exe

MD5 29b6f427f12b0d36afb9084f583a7a75
SHA1 ff69cb86236484a33818fc0667c09358acd3d888
SHA256 ea889d61c3f3467e136c7c27bd5bf76e0f03c29f58cdad5cdfa221022922d86e
SHA512 c4d4242ed74d063aabedad5d0d535eaf008650189828d6fbc6a7937b474e1e7567b700d0ba590761d31909836b8570d825c74addc6dfd0b19447fa51902cf4cc

memory/2020-451-0x00007FF7597E0000-0x00007FF759BD2000-memory.dmp

memory/540-544-0x00007FF75A5D0000-0x00007FF75A9C2000-memory.dmp

memory/1960-580-0x00007FF707C00000-0x00007FF707FF2000-memory.dmp

memory/2736-584-0x00007FF6317E0000-0x00007FF631BD2000-memory.dmp

memory/740-583-0x00007FF620B50000-0x00007FF620F42000-memory.dmp

memory/4900-582-0x00007FF792440000-0x00007FF792832000-memory.dmp

memory/3248-581-0x00007FF7F0010000-0x00007FF7F0402000-memory.dmp

memory/5048-579-0x00007FF7E8E70000-0x00007FF7E9262000-memory.dmp

memory/2076-578-0x00007FF6B50D0000-0x00007FF6B54C2000-memory.dmp

memory/4916-577-0x00007FF732830000-0x00007FF732C22000-memory.dmp

memory/3256-576-0x00007FF68C780000-0x00007FF68CB72000-memory.dmp

memory/4588-538-0x00007FF744C90000-0x00007FF745082000-memory.dmp

memory/3224-393-0x00007FF70AF80000-0x00007FF70B372000-memory.dmp

memory/3376-343-0x00007FF7FBAB0000-0x00007FF7FBEA2000-memory.dmp

C:\Windows\System\VEuOUGi.exe

MD5 b7dff6216bca8f774cb869c803d14d32
SHA1 755fcd6d29f6792591c49988115b27bf93725b1b
SHA256 3154267d56e9707acfbcdca1eb7cdaa6e2934b43d0b09e8d1865994ef5305528
SHA512 a77f5d3d8e9f4cb08ee92ae8f76b150d6857cb751116fb2f0281d9c4ce0e67e431990157325fd48bf6a5330d90753a56d1460a9ff4d48ea200067cbde5cc3a5d

memory/2984-148-0x00007FF65D450000-0x00007FF65D842000-memory.dmp

C:\Windows\System\sDLTucq.exe

MD5 28db3ed0646c37f67a9189cac1645c36
SHA1 ca46b7882b849f434fa407369625cb9ac338fdc7
SHA256 2a129d6e1804e37361ec8dc14c20807a93a65d7f2d0d072ced3c5eb5ec2a96d4
SHA512 c63b9700e284b11387b3542b84fb9f67196b903ec67e71435a2ff045501ff934e79a7bee3c13232fbecae4ec90dae83b30dc0cc20963c96856c07bdddf427d3c

C:\Windows\System\KxUzXUJ.exe

MD5 7112cea812ec498b3b7602f605f56701
SHA1 0d11ea957554f2a798c5caada52bd077e23384a0
SHA256 70a47442f01c4d05ade7a77ab5377f8e0f1437420128af3d3ba910cfe7265ad4
SHA512 9fd61acfdeb75f850d3e620eb9c4564846e8ea6c2f19106954c3e94ee0752e911037713a2ec77ab143c786c945520d704de068088165bf7f9e71e922b35f3581

C:\Windows\System\cVZfppN.exe

MD5 79886dcb34955f02d3afdc99ac136229
SHA1 153cd73ec7ca641793cf98a22b136352985503c8
SHA256 818a4cc7d61ef35c34e5d57e7d4a1c79a587bc7f2acae3bd56e789ea1b843a04
SHA512 97cc5422bdfe5ada38faefdd45c3f2718a31888927c49f00f02b4a097ffa977d4139667f92ec9c5f8eda0704bc3c540ec938dbdec9bccdcc94da8ebcda6e9036

C:\Windows\System\QkUXmyG.exe

MD5 792404896a6e80b6cf5db08ad381eefd
SHA1 ec1d19ddd7131feaae2d08f2d16f19b9959e7656
SHA256 578b9d10e0a308b2a506d0baacebdad460ec5224d53c6e84d2f8a998faf8ee29
SHA512 747e4322cc04ae074aa37a6d087b59667a2853207146aadee827872ce1df6ad9dd1545ff3a60b57101ae0bec134b91eebd4ccb37d941da4ba5bf76d71d78d4f3

C:\Windows\System\txnuQPJ.exe

MD5 ef93c6585b56b188ea3d5b9d95f2d8bf
SHA1 f5999e13bb57cd055d855ad4202c67ad4f671bf7
SHA256 865bdbd6805dea06123b0fd613fff5ea7cff605307a9e4077a326def6480ffa3
SHA512 583af409a5156a40250175dd93a618bb05b4416545625b08b353272bd938d6da26b07cee6fc48440dc21bcc7f4c6b81750ecf666292827f928a23dc1f254645f

C:\Windows\System\gIGohhM.exe

MD5 2e7acb8c4e62d358a5c7f043e2b352a0
SHA1 02a84639cb0385551d99eb296f491bc22f733302
SHA256 231c2707452091f7888a7e3ea51f97b79e1e1c575953266b3fe05b324b0ccda9
SHA512 830fae856c3d91423d3e6e7938f409e0f2d907487ac79b649ecdc3ab696b92f7b2f1b58a1b13936169fbb4456b84a13e40ea92c1ffd6719d8f4eea4c0380e690

C:\Windows\System\JxwhiAT.exe

MD5 72bf5f46edf40f911a5ada6d826916c6
SHA1 fec7cba16d5a3e6f927e8c7fe1b319a098bc2b35
SHA256 a46b0a0daf3ede0607688c1f6f434124e69089cec17675ee3d7cbdadaae7ef6c
SHA512 42fdfdf478117a81df84cddfbcf68033e1b2b31288c2d9c92203c98aecc7f357c410b764de1a9284044ee7a70221aeb79a2e8b4f6d1774fcb79d0a157c807eb8

C:\Windows\System\DxMBPgL.exe

MD5 77429d4b1d0a6daa754e96f8b8edf482
SHA1 d38f82d1a6494abb88255a5c7e73a448ac202927
SHA256 3c2f256ed3808fed7da4464fa5d540f01cf02736977ff91bf0aa024c51c13a88
SHA512 738f006934d57ee5ee53ae13341fe5c64ba87af6972b0189da1af34a2ee7ca0a6014ca30676983fbb8235659bdcfae7fc4626a65eb26d81bf3c407211b6649ea

memory/3980-121-0x00007FF6AD0A0000-0x00007FF6AD492000-memory.dmp

C:\Windows\System\dUsoqLN.exe

MD5 6c1351ae163f54694d4a7e99bb68d0ba
SHA1 bb4cb89dfda22e42f8e55373e20e04129fb527dc
SHA256 b9b4fe46a9ab0bb5a1d8ae41d94dcdfc69bee0e820c3626931efb7b62a12c164
SHA512 195a7071bf28040f70a0d6a27c147a3175d8c9bf45c451adf7a4655cbdc78fdb110f5062dbb2d8bf266aa60ac1320dc67cecd65f940267e3e6b46acda6015e7f

C:\Windows\System\PYCNDTh.exe

MD5 8e6214ae092cbc3d071a69572efeefe4
SHA1 f667faa9940a681409ae12194bdfc7c44d2462e0
SHA256 35d81c920dd9eb8ce21c17c2953751c2d96119760b50cf85113eb032446a4f15
SHA512 bae77a1322d0f3bc4445ec4f2c360cd59606321738a2d246108b4c35226980965b7811259582122cf6d5e8d175b6b94cfff7566adf52fbf65097dd9dd4dcf4b3

C:\Windows\System\DHbyWNj.exe

MD5 131cf74fb488123e25724a48e720934f
SHA1 70e7adb1fd3a59293d4207e957b9c894fc52db21
SHA256 dabe63608db0c83b4520ca50f41f5da91d88d9301bb9c4368c12000bcf546fdc
SHA512 2ce7756c3ea882c30b39f6f6c47454f6ed7372e06c26a36e0e56acb9b2675ddb695df7424b63e33312af23dd11464f593d7530c51bd0493a0da17f141a47cdad

memory/964-105-0x00007FF79AE80000-0x00007FF79B272000-memory.dmp

C:\Windows\System\oYCHOpc.exe

MD5 4f45f03fd22bddb93b77892ce926b117
SHA1 930957e86a0bddeba62b94f49dd2f760236cad00
SHA256 58a2b86f332a57762b302ff3c97e4bf7929d77fe55929733b32ab02532855d3b
SHA512 3c11f60b3bdac5c21237593778faf2c8bb2d9836f635a0eecec325aac771662b81a40e20b90f661b39ba79638cc0605f712cd81d7d8dae746619a2ee687b7de9

C:\Windows\System\SCmxyYc.exe

MD5 76525533065c972ec605a8573dd75576
SHA1 ea4946c0a4375e402d80ead3c541bd38eaa7b50f
SHA256 a46eae5a30ede8d491abb4a836aa8ec4fbb7207050ebdac31e89b875c21d04cf
SHA512 6d96745796ad772a276d958c0eb77d6cc9988c8c98fcc0ba5f172c7aaf82f9de6526d5b7245c2c871f1cd6d67744fee7df9dbad8f84d4ac885f4ddb4f4b4bc35

C:\Windows\System\oytILAt.exe

MD5 fc812fa090e49bc652a88d422ee18717
SHA1 21ddd15f0a5a048236304daf2b52ab3461c2793d
SHA256 d42bc148683aba8da86fd20d661e79dc7b0c9decd39f926666994c1b12266058
SHA512 aea055c8a5c07106e7b12dbf15ef4f501e90a55f2d6e1c716ae57f8a5ad19124637f5cac8cdb9c2b3eeb18c13dc50cafd6c3720c1ae818a3198253bea64a4aca

memory/4484-85-0x00007FF7AF5F0000-0x00007FF7AF9E2000-memory.dmp

C:\Windows\System\RJjYuJM.exe

MD5 52b273634dfcdc871d7d1c2dec5b446d
SHA1 811d27c9bed328b339f08a22912b31750ae69ad3
SHA256 c73277e9dd8714624f64c104c707c1721b561f5f4d6fa9ba523b17bfd6a0f541
SHA512 7625818587aae569e5b794504945ed0a1174bd467d7c685a372d99c7662ae0447b47ac8ecd2526334b4a081c76318bd261e68e0bdfda8b726dbd985ce1649ea3

memory/3012-49-0x00007FF7E0C90000-0x00007FF7E1082000-memory.dmp

memory/900-43-0x00007FF6297D0000-0x00007FF629BC2000-memory.dmp

C:\Windows\System\zuSKRPM.exe

MD5 5eae75b8d4953bf26ff942d99b00810e
SHA1 e6dca552a7cac617c90fa27757bdfbd39fb100f4
SHA256 31f2d81362e378b2704cfe55b4d5bf92be2a9e287d0a5eb1d176f781509bc592
SHA512 def09e268352ea328e5dad660088638780694abfafe52c4e6e0f9225d137956089ca4cfdc622f2c1f5c08dae621ea97462513c8b2d02ba9ad588725004a2568a

C:\Windows\System\CFvnosh.exe

MD5 22968377f20e54964834cf16f33f2834
SHA1 f3a690f94d4b8c30be3329ffe2fad3dcc7fe44d0
SHA256 9270751173e431431a332f51d115e12f45a6885483c594e436f7ec0edb39eaf0
SHA512 1ae0c5f1e03fd7865d2887e0ba34c7bb38e5914f88b0bdb180977bf81e2fb1258e9174821adc6398c5c0e8a3f54d000438bb1cbffa483f8c6dfa328a881e4e50

memory/3668-14-0x00007FF980EF3000-0x00007FF980EF5000-memory.dmp

memory/3668-13-0x0000017C69360000-0x0000017C69370000-memory.dmp

memory/3612-12-0x00007FF685D30000-0x00007FF686122000-memory.dmp

C:\Windows\System\ccxyZmn.exe

MD5 fe927a7b95a8e740e5fe713c901c9e01
SHA1 ecfbe50fe763344952c953d62fa5003104bc3449
SHA256 f82f51f77711d4a91cabcea52fe4248ccd74fcc5e594447a13d04466d11574d4
SHA512 519f045719b019119a0aa1026c974002b38afda52aebfd27fc4cdff53e58cb71473a5a6d37512cd0bd3d3d8cc9c3db0d599d298accf5a879e7f70a4b454691fd

C:\Windows\System\tAZPHew.exe

MD5 35e5aaaf64cfd996c128b5184afab2be
SHA1 d7f20e4be6b4dde2825158ba2dd315b1bd72d28d
SHA256 6844456d90722603693b3ccb4dc7bec92d10cefdd8ff55f8d3991fa66251cfa0
SHA512 8de872792634ad54586844c3ca75a8d446eafd9e8cd0e2be7e71c9b414ecc129d0165f96a35cf512cc4cf012f7eb348d16fa3bd899e37b2671c810982406d8b2

memory/3612-2751-0x00007FF685D30000-0x00007FF686122000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133628648803050446.txt

MD5 79ea60e4feeffe4483ba2d0ea61852fb
SHA1 7d5921a1b6240cc717ad4f4478bbcfc42f3af8e8
SHA256 1e85f6cd486b20682b1a6af9f34e7993a558f3b5dccd1e80a55178847e794923
SHA512 4d0866c2b63af9570fa20bca628a6e67b3704d7ab5a8a1311fb614f38b54444cc6630390092282f075751cae38000a17e4bf1cb992a8900b0c72965c0b24dbf4

memory/900-2797-0x00007FF6297D0000-0x00007FF629BC2000-memory.dmp

memory/964-2801-0x00007FF79AE80000-0x00007FF79B272000-memory.dmp

memory/3980-2802-0x00007FF6AD0A0000-0x00007FF6AD492000-memory.dmp

memory/4484-2800-0x00007FF7AF5F0000-0x00007FF7AF9E2000-memory.dmp

memory/3612-2804-0x00007FF685D30000-0x00007FF686122000-memory.dmp

memory/900-2806-0x00007FF6297D0000-0x00007FF629BC2000-memory.dmp

memory/3012-2808-0x00007FF7E0C90000-0x00007FF7E1082000-memory.dmp

memory/4484-2810-0x00007FF7AF5F0000-0x00007FF7AF9E2000-memory.dmp

memory/4900-2813-0x00007FF792440000-0x00007FF792832000-memory.dmp

memory/2984-2815-0x00007FF65D450000-0x00007FF65D842000-memory.dmp

memory/964-2821-0x00007FF79AE80000-0x00007FF79B272000-memory.dmp

memory/3980-2822-0x00007FF6AD0A0000-0x00007FF6AD492000-memory.dmp

memory/740-2826-0x00007FF620B50000-0x00007FF620F42000-memory.dmp

memory/3256-2832-0x00007FF68C780000-0x00007FF68CB72000-memory.dmp

memory/5048-2834-0x00007FF7E8E70000-0x00007FF7E9262000-memory.dmp

memory/3376-2831-0x00007FF7FBAB0000-0x00007FF7FBEA2000-memory.dmp

memory/540-2828-0x00007FF75A5D0000-0x00007FF75A9C2000-memory.dmp

memory/1504-2824-0x00007FF6BC470000-0x00007FF6BC862000-memory.dmp

memory/216-2819-0x00007FF6010D0000-0x00007FF6014C2000-memory.dmp

memory/3248-2816-0x00007FF7F0010000-0x00007FF7F0402000-memory.dmp

memory/2076-2838-0x00007FF6B50D0000-0x00007FF6B54C2000-memory.dmp

memory/4588-2837-0x00007FF744C90000-0x00007FF745082000-memory.dmp

memory/4324-2862-0x00007FF6BFC80000-0x00007FF6C0072000-memory.dmp

memory/4916-2855-0x00007FF732830000-0x00007FF732C22000-memory.dmp

memory/3224-2853-0x00007FF70AF80000-0x00007FF70B372000-memory.dmp

memory/2020-2851-0x00007FF7597E0000-0x00007FF759BD2000-memory.dmp

memory/2736-2847-0x00007FF6317E0000-0x00007FF631BD2000-memory.dmp

memory/1960-2846-0x00007FF707C00000-0x00007FF707FF2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\9WOT0LPI\microsoft.windows[1].xml

MD5 589e139869250cac3aaf7cb946d415ab
SHA1 71b4b736779c2716ee9ce5b2892cbc4edec40ee8
SHA256 60f8214fb3bed025a0239c2d15501db6f669215d8d09371a285568ed5c5bad26
SHA512 0877e0c5a806bffe678a27fbef67b128723f886bf0ea7a8fe82d4c57de61a78efdb36604c0296ab643e4674caff3d0def6fc4b3c9efbd27332fa5729414a2632