Malware Analysis Report

2025-08-10 14:48

Sample ID 241026-akpsqatqak
Target 9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d
SHA256 9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d
Tags
miner xmrig persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d

Threat Level: Known bad

The file 9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d was found to be: Known bad.

Malicious Activity Summary

miner xmrig persistence

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Boot or Logon Autostart Execution: Active Setup

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in Windows directory

Unsigned PE

Uses Volume Shadow Copy WMI provider

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-26 00:16

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-26 00:16

Reported

2024-10-26 00:19

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe"

Signatures

Xmrig family

xmrig

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ziVdMiY.exe N/A
N/A N/A C:\Windows\System\fPHmMdQ.exe N/A
N/A N/A C:\Windows\System\LzkijvO.exe N/A
N/A N/A C:\Windows\System\sOJkXyJ.exe N/A
N/A N/A C:\Windows\System\baUhBIM.exe N/A
N/A N/A C:\Windows\System\CABmLSU.exe N/A
N/A N/A C:\Windows\System\nxcLjgj.exe N/A
N/A N/A C:\Windows\System\Kfzbfbw.exe N/A
N/A N/A C:\Windows\System\orNSLCQ.exe N/A
N/A N/A C:\Windows\System\xLwISyd.exe N/A
N/A N/A C:\Windows\System\esytMQu.exe N/A
N/A N/A C:\Windows\System\idyOMZf.exe N/A
N/A N/A C:\Windows\System\uYhjuSM.exe N/A
N/A N/A C:\Windows\System\iihDjZg.exe N/A
N/A N/A C:\Windows\System\bwBXViM.exe N/A
N/A N/A C:\Windows\System\LDMKITq.exe N/A
N/A N/A C:\Windows\System\vzghjgh.exe N/A
N/A N/A C:\Windows\System\PeiJVNR.exe N/A
N/A N/A C:\Windows\System\WOAiMVK.exe N/A
N/A N/A C:\Windows\System\oqntUeN.exe N/A
N/A N/A C:\Windows\System\rirJbwC.exe N/A
N/A N/A C:\Windows\System\FoAHWoS.exe N/A
N/A N/A C:\Windows\System\NPpNskp.exe N/A
N/A N/A C:\Windows\System\QjRpsEA.exe N/A
N/A N/A C:\Windows\System\iGmZfSd.exe N/A
N/A N/A C:\Windows\System\PsujxND.exe N/A
N/A N/A C:\Windows\System\ecQRTtU.exe N/A
N/A N/A C:\Windows\System\ydgBWPG.exe N/A
N/A N/A C:\Windows\System\EMrrXwd.exe N/A
N/A N/A C:\Windows\System\FZUWaFs.exe N/A
N/A N/A C:\Windows\System\MyWkZpY.exe N/A
N/A N/A C:\Windows\System\WSBBEUh.exe N/A
N/A N/A C:\Windows\System\gOSnbij.exe N/A
N/A N/A C:\Windows\System\MKYgoUM.exe N/A
N/A N/A C:\Windows\System\CLmdeoj.exe N/A
N/A N/A C:\Windows\System\xsMilxc.exe N/A
N/A N/A C:\Windows\System\SndKaEO.exe N/A
N/A N/A C:\Windows\System\VjsKeIW.exe N/A
N/A N/A C:\Windows\System\jyfDvhI.exe N/A
N/A N/A C:\Windows\System\AMNbuDE.exe N/A
N/A N/A C:\Windows\System\eyzbZkC.exe N/A
N/A N/A C:\Windows\System\NwYNVQc.exe N/A
N/A N/A C:\Windows\System\JPRGvpF.exe N/A
N/A N/A C:\Windows\System\xcsHOHw.exe N/A
N/A N/A C:\Windows\System\kyDsFnW.exe N/A
N/A N/A C:\Windows\System\uxwjZvA.exe N/A
N/A N/A C:\Windows\System\zlWceSS.exe N/A
N/A N/A C:\Windows\System\PJZuINO.exe N/A
N/A N/A C:\Windows\System\XzUukrs.exe N/A
N/A N/A C:\Windows\System\HlTqXwW.exe N/A
N/A N/A C:\Windows\System\ipeMuHK.exe N/A
N/A N/A C:\Windows\System\KaSjOtS.exe N/A
N/A N/A C:\Windows\System\IXmKIUX.exe N/A
N/A N/A C:\Windows\System\FHgjKqF.exe N/A
N/A N/A C:\Windows\System\FTsZZFW.exe N/A
N/A N/A C:\Windows\System\pTTBgSv.exe N/A
N/A N/A C:\Windows\System\pxozxrW.exe N/A
N/A N/A C:\Windows\System\cylxLXp.exe N/A
N/A N/A C:\Windows\System\nWWuegY.exe N/A
N/A N/A C:\Windows\System\jJzlJAq.exe N/A
N/A N/A C:\Windows\System\SryTjPZ.exe N/A
N/A N/A C:\Windows\System\dlFydTp.exe N/A
N/A N/A C:\Windows\System\AoJCJAD.exe N/A
N/A N/A C:\Windows\System\AgePaUS.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\fnBdFEe.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\JJAHQxa.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\fsblorC.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\avxomGS.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\zsaVghg.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\UJjcutP.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\qWMrJvJ.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\KzIsICF.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\HDfZeKD.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\PvRPDqQ.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\jFvrAwH.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\vsZYsDz.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\vEAtcMV.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\HycvOVg.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\fohQKRr.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\pDfXiXM.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ISCohKz.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\QUFwaSV.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\lOEBVKI.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\kNrOlTC.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\mPTNlHY.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\NCrzZlh.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\FkhQlKI.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ckuJeEj.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\YJgWfql.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\hhkzpKj.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\tRSQWnP.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\JDaFVSX.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\PDfAhrb.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\tVasMKx.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\nMsJCYU.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\FNCYPib.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\eXPtlsx.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ZWuQfPo.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\XnIWTrx.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\qugJUgH.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\IJjBLnG.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\dQiFAVp.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\xJFeZVa.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\kMyqhJX.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\bAuaVVE.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\JQFgvlY.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\bRSketw.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\FxakjyN.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\QjRpsEA.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ffJcSvq.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\dUCPfRd.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\CPJQxcV.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\gEiiQZe.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\dZpLQmg.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\fOaiteE.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\HdzASmr.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\LLoBPbb.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\AMNbuDE.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\VaGFDJS.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\QqTcIEc.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\mUSUFLF.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\vlJYUwJ.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\HsYBckD.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\bfqLJYL.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\rVcIrRy.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ZzDkrQT.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\MEHfWMJ.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\aRlvrnu.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2532 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\ziVdMiY.exe
PID 2532 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\ziVdMiY.exe
PID 2532 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\ziVdMiY.exe
PID 2532 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\fPHmMdQ.exe
PID 2532 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\fPHmMdQ.exe
PID 2532 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\fPHmMdQ.exe
PID 2532 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LzkijvO.exe
PID 2532 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LzkijvO.exe
PID 2532 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LzkijvO.exe
PID 2532 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\sOJkXyJ.exe
PID 2532 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\sOJkXyJ.exe
PID 2532 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\sOJkXyJ.exe
PID 2532 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\baUhBIM.exe
PID 2532 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\baUhBIM.exe
PID 2532 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\baUhBIM.exe
PID 2532 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\CABmLSU.exe
PID 2532 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\CABmLSU.exe
PID 2532 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\CABmLSU.exe
PID 2532 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\nxcLjgj.exe
PID 2532 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\nxcLjgj.exe
PID 2532 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\nxcLjgj.exe
PID 2532 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\Kfzbfbw.exe
PID 2532 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\Kfzbfbw.exe
PID 2532 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\Kfzbfbw.exe
PID 2532 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\orNSLCQ.exe
PID 2532 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\orNSLCQ.exe
PID 2532 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\orNSLCQ.exe
PID 2532 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\xLwISyd.exe
PID 2532 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\xLwISyd.exe
PID 2532 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\xLwISyd.exe
PID 2532 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\esytMQu.exe
PID 2532 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\esytMQu.exe
PID 2532 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\esytMQu.exe
PID 2532 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\idyOMZf.exe
PID 2532 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\idyOMZf.exe
PID 2532 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\idyOMZf.exe
PID 2532 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\uYhjuSM.exe
PID 2532 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\uYhjuSM.exe
PID 2532 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\uYhjuSM.exe
PID 2532 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\iihDjZg.exe
PID 2532 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\iihDjZg.exe
PID 2532 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\iihDjZg.exe
PID 2532 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\bwBXViM.exe
PID 2532 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\bwBXViM.exe
PID 2532 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\bwBXViM.exe
PID 2532 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LDMKITq.exe
PID 2532 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LDMKITq.exe
PID 2532 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LDMKITq.exe
PID 2532 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\vzghjgh.exe
PID 2532 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\vzghjgh.exe
PID 2532 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\vzghjgh.exe
PID 2532 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\PeiJVNR.exe
PID 2532 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\PeiJVNR.exe
PID 2532 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\PeiJVNR.exe
PID 2532 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\WOAiMVK.exe
PID 2532 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\WOAiMVK.exe
PID 2532 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\WOAiMVK.exe
PID 2532 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\oqntUeN.exe
PID 2532 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\oqntUeN.exe
PID 2532 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\oqntUeN.exe
PID 2532 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\rirJbwC.exe
PID 2532 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\rirJbwC.exe
PID 2532 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\rirJbwC.exe
PID 2532 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\FoAHWoS.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe

"C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe"

C:\Windows\System\ziVdMiY.exe

C:\Windows\System\ziVdMiY.exe

C:\Windows\System\fPHmMdQ.exe

C:\Windows\System\fPHmMdQ.exe

C:\Windows\System\LzkijvO.exe

C:\Windows\System\LzkijvO.exe

C:\Windows\System\sOJkXyJ.exe

C:\Windows\System\sOJkXyJ.exe

C:\Windows\System\baUhBIM.exe

C:\Windows\System\baUhBIM.exe

C:\Windows\System\CABmLSU.exe

C:\Windows\System\CABmLSU.exe

C:\Windows\System\nxcLjgj.exe

C:\Windows\System\nxcLjgj.exe

C:\Windows\System\Kfzbfbw.exe

C:\Windows\System\Kfzbfbw.exe

C:\Windows\System\orNSLCQ.exe

C:\Windows\System\orNSLCQ.exe

C:\Windows\System\xLwISyd.exe

C:\Windows\System\xLwISyd.exe

C:\Windows\System\esytMQu.exe

C:\Windows\System\esytMQu.exe

C:\Windows\System\idyOMZf.exe

C:\Windows\System\idyOMZf.exe

C:\Windows\System\uYhjuSM.exe

C:\Windows\System\uYhjuSM.exe

C:\Windows\System\iihDjZg.exe

C:\Windows\System\iihDjZg.exe

C:\Windows\System\bwBXViM.exe

C:\Windows\System\bwBXViM.exe

C:\Windows\System\LDMKITq.exe

C:\Windows\System\LDMKITq.exe

C:\Windows\System\vzghjgh.exe

C:\Windows\System\vzghjgh.exe

C:\Windows\System\PeiJVNR.exe

C:\Windows\System\PeiJVNR.exe

C:\Windows\System\WOAiMVK.exe

C:\Windows\System\WOAiMVK.exe

C:\Windows\System\oqntUeN.exe

C:\Windows\System\oqntUeN.exe

C:\Windows\System\rirJbwC.exe

C:\Windows\System\rirJbwC.exe

C:\Windows\System\FoAHWoS.exe

C:\Windows\System\FoAHWoS.exe

C:\Windows\System\NPpNskp.exe

C:\Windows\System\NPpNskp.exe

C:\Windows\System\QjRpsEA.exe

C:\Windows\System\QjRpsEA.exe

C:\Windows\System\iGmZfSd.exe

C:\Windows\System\iGmZfSd.exe

C:\Windows\System\PsujxND.exe

C:\Windows\System\PsujxND.exe

C:\Windows\System\ecQRTtU.exe

C:\Windows\System\ecQRTtU.exe

C:\Windows\System\ydgBWPG.exe

C:\Windows\System\ydgBWPG.exe

C:\Windows\System\EMrrXwd.exe

C:\Windows\System\EMrrXwd.exe

C:\Windows\System\FZUWaFs.exe

C:\Windows\System\FZUWaFs.exe

C:\Windows\System\MyWkZpY.exe

C:\Windows\System\MyWkZpY.exe

C:\Windows\System\WSBBEUh.exe

C:\Windows\System\WSBBEUh.exe

C:\Windows\System\gOSnbij.exe

C:\Windows\System\gOSnbij.exe

C:\Windows\System\MKYgoUM.exe

C:\Windows\System\MKYgoUM.exe

C:\Windows\System\CLmdeoj.exe

C:\Windows\System\CLmdeoj.exe

C:\Windows\System\xsMilxc.exe

C:\Windows\System\xsMilxc.exe

C:\Windows\System\SndKaEO.exe

C:\Windows\System\SndKaEO.exe

C:\Windows\System\VjsKeIW.exe

C:\Windows\System\VjsKeIW.exe

C:\Windows\System\jyfDvhI.exe

C:\Windows\System\jyfDvhI.exe

C:\Windows\System\AMNbuDE.exe

C:\Windows\System\AMNbuDE.exe

C:\Windows\System\eyzbZkC.exe

C:\Windows\System\eyzbZkC.exe

C:\Windows\System\NwYNVQc.exe

C:\Windows\System\NwYNVQc.exe

C:\Windows\System\JPRGvpF.exe

C:\Windows\System\JPRGvpF.exe

C:\Windows\System\xcsHOHw.exe

C:\Windows\System\xcsHOHw.exe

C:\Windows\System\kyDsFnW.exe

C:\Windows\System\kyDsFnW.exe

C:\Windows\System\uxwjZvA.exe

C:\Windows\System\uxwjZvA.exe

C:\Windows\System\zlWceSS.exe

C:\Windows\System\zlWceSS.exe

C:\Windows\System\PJZuINO.exe

C:\Windows\System\PJZuINO.exe

C:\Windows\System\XzUukrs.exe

C:\Windows\System\XzUukrs.exe

C:\Windows\System\HlTqXwW.exe

C:\Windows\System\HlTqXwW.exe

C:\Windows\System\ipeMuHK.exe

C:\Windows\System\ipeMuHK.exe

C:\Windows\System\KaSjOtS.exe

C:\Windows\System\KaSjOtS.exe

C:\Windows\System\FHgjKqF.exe

C:\Windows\System\FHgjKqF.exe

C:\Windows\System\IXmKIUX.exe

C:\Windows\System\IXmKIUX.exe

C:\Windows\System\pTTBgSv.exe

C:\Windows\System\pTTBgSv.exe

C:\Windows\System\FTsZZFW.exe

C:\Windows\System\FTsZZFW.exe

C:\Windows\System\cylxLXp.exe

C:\Windows\System\cylxLXp.exe

C:\Windows\System\pxozxrW.exe

C:\Windows\System\pxozxrW.exe

C:\Windows\System\nWWuegY.exe

C:\Windows\System\nWWuegY.exe

C:\Windows\System\jJzlJAq.exe

C:\Windows\System\jJzlJAq.exe

C:\Windows\System\dlFydTp.exe

C:\Windows\System\dlFydTp.exe

C:\Windows\System\SryTjPZ.exe

C:\Windows\System\SryTjPZ.exe

C:\Windows\System\AgePaUS.exe

C:\Windows\System\AgePaUS.exe

C:\Windows\System\AoJCJAD.exe

C:\Windows\System\AoJCJAD.exe

C:\Windows\System\qUSwIsH.exe

C:\Windows\System\qUSwIsH.exe

C:\Windows\System\lUONaVr.exe

C:\Windows\System\lUONaVr.exe

C:\Windows\System\VFNLfgZ.exe

C:\Windows\System\VFNLfgZ.exe

C:\Windows\System\jcaDunu.exe

C:\Windows\System\jcaDunu.exe

C:\Windows\System\jqnxsSe.exe

C:\Windows\System\jqnxsSe.exe

C:\Windows\System\UTiwIgN.exe

C:\Windows\System\UTiwIgN.exe

C:\Windows\System\TjEYtPa.exe

C:\Windows\System\TjEYtPa.exe

C:\Windows\System\IVnpokL.exe

C:\Windows\System\IVnpokL.exe

C:\Windows\System\fkozzNG.exe

C:\Windows\System\fkozzNG.exe

C:\Windows\System\ywnnflF.exe

C:\Windows\System\ywnnflF.exe

C:\Windows\System\XvRCKog.exe

C:\Windows\System\XvRCKog.exe

C:\Windows\System\sLsxKfu.exe

C:\Windows\System\sLsxKfu.exe

C:\Windows\System\tFSfSjh.exe

C:\Windows\System\tFSfSjh.exe

C:\Windows\System\kzTHrnz.exe

C:\Windows\System\kzTHrnz.exe

C:\Windows\System\iaItpbw.exe

C:\Windows\System\iaItpbw.exe

C:\Windows\System\fOkjKiU.exe

C:\Windows\System\fOkjKiU.exe

C:\Windows\System\PwZgrFL.exe

C:\Windows\System\PwZgrFL.exe

C:\Windows\System\hfoEdpN.exe

C:\Windows\System\hfoEdpN.exe

C:\Windows\System\ycdhsvM.exe

C:\Windows\System\ycdhsvM.exe

C:\Windows\System\vFWalkX.exe

C:\Windows\System\vFWalkX.exe

C:\Windows\System\vEAtcMV.exe

C:\Windows\System\vEAtcMV.exe

C:\Windows\System\taFVIxp.exe

C:\Windows\System\taFVIxp.exe

C:\Windows\System\UhuaYPD.exe

C:\Windows\System\UhuaYPD.exe

C:\Windows\System\GdkwkxZ.exe

C:\Windows\System\GdkwkxZ.exe

C:\Windows\System\VWGLNUa.exe

C:\Windows\System\VWGLNUa.exe

C:\Windows\System\tuIWVkk.exe

C:\Windows\System\tuIWVkk.exe

C:\Windows\System\EkvLVjJ.exe

C:\Windows\System\EkvLVjJ.exe

C:\Windows\System\zfTFFdV.exe

C:\Windows\System\zfTFFdV.exe

C:\Windows\System\XBrTzJM.exe

C:\Windows\System\XBrTzJM.exe

C:\Windows\System\GlLWzDy.exe

C:\Windows\System\GlLWzDy.exe

C:\Windows\System\JfJpqmG.exe

C:\Windows\System\JfJpqmG.exe

C:\Windows\System\pTWBMaP.exe

C:\Windows\System\pTWBMaP.exe

C:\Windows\System\wARMRII.exe

C:\Windows\System\wARMRII.exe

C:\Windows\System\kMyqhJX.exe

C:\Windows\System\kMyqhJX.exe

C:\Windows\System\idWYJuO.exe

C:\Windows\System\idWYJuO.exe

C:\Windows\System\lynbuvp.exe

C:\Windows\System\lynbuvp.exe

C:\Windows\System\LiaXiqW.exe

C:\Windows\System\LiaXiqW.exe

C:\Windows\System\cdjatTq.exe

C:\Windows\System\cdjatTq.exe

C:\Windows\System\TdeDquo.exe

C:\Windows\System\TdeDquo.exe

C:\Windows\System\hPEgzKw.exe

C:\Windows\System\hPEgzKw.exe

C:\Windows\System\JcywlpF.exe

C:\Windows\System\JcywlpF.exe

C:\Windows\System\fUsIYGK.exe

C:\Windows\System\fUsIYGK.exe

C:\Windows\System\PxWYutC.exe

C:\Windows\System\PxWYutC.exe

C:\Windows\System\zzalVkd.exe

C:\Windows\System\zzalVkd.exe

C:\Windows\System\BvHPhas.exe

C:\Windows\System\BvHPhas.exe

C:\Windows\System\zTyqSnM.exe

C:\Windows\System\zTyqSnM.exe

C:\Windows\System\naPfxIy.exe

C:\Windows\System\naPfxIy.exe

C:\Windows\System\bimYTXW.exe

C:\Windows\System\bimYTXW.exe

C:\Windows\System\SwPfXQB.exe

C:\Windows\System\SwPfXQB.exe

C:\Windows\System\rVcIrRy.exe

C:\Windows\System\rVcIrRy.exe

C:\Windows\System\cILOqfM.exe

C:\Windows\System\cILOqfM.exe

C:\Windows\System\KMbhhfH.exe

C:\Windows\System\KMbhhfH.exe

C:\Windows\System\uAOwJSO.exe

C:\Windows\System\uAOwJSO.exe

C:\Windows\System\BJNeAKG.exe

C:\Windows\System\BJNeAKG.exe

C:\Windows\System\wWEnIsW.exe

C:\Windows\System\wWEnIsW.exe

C:\Windows\System\DdNKBDr.exe

C:\Windows\System\DdNKBDr.exe

C:\Windows\System\FbRLFvf.exe

C:\Windows\System\FbRLFvf.exe

C:\Windows\System\glrcTGG.exe

C:\Windows\System\glrcTGG.exe

C:\Windows\System\qgKxOFn.exe

C:\Windows\System\qgKxOFn.exe

C:\Windows\System\soqtltG.exe

C:\Windows\System\soqtltG.exe

C:\Windows\System\zdQCodI.exe

C:\Windows\System\zdQCodI.exe

C:\Windows\System\qURMRHY.exe

C:\Windows\System\qURMRHY.exe

C:\Windows\System\HXPCddU.exe

C:\Windows\System\HXPCddU.exe

C:\Windows\System\jrYmDSG.exe

C:\Windows\System\jrYmDSG.exe

C:\Windows\System\YJbvWHA.exe

C:\Windows\System\YJbvWHA.exe

C:\Windows\System\riwqvgD.exe

C:\Windows\System\riwqvgD.exe

C:\Windows\System\IvIltHE.exe

C:\Windows\System\IvIltHE.exe

C:\Windows\System\kBDKioB.exe

C:\Windows\System\kBDKioB.exe

C:\Windows\System\FXRHmbJ.exe

C:\Windows\System\FXRHmbJ.exe

C:\Windows\System\JlIiefo.exe

C:\Windows\System\JlIiefo.exe

C:\Windows\System\Dnvkxnr.exe

C:\Windows\System\Dnvkxnr.exe

C:\Windows\System\skhBREP.exe

C:\Windows\System\skhBREP.exe

C:\Windows\System\dDLsAMS.exe

C:\Windows\System\dDLsAMS.exe

C:\Windows\System\EHvKbuQ.exe

C:\Windows\System\EHvKbuQ.exe

C:\Windows\System\ZzDkrQT.exe

C:\Windows\System\ZzDkrQT.exe

C:\Windows\System\ejTkqqE.exe

C:\Windows\System\ejTkqqE.exe

C:\Windows\System\xnVFeDG.exe

C:\Windows\System\xnVFeDG.exe

C:\Windows\System\MGliAJw.exe

C:\Windows\System\MGliAJw.exe

C:\Windows\System\cGnuSpO.exe

C:\Windows\System\cGnuSpO.exe

C:\Windows\System\MtjVHUF.exe

C:\Windows\System\MtjVHUF.exe

C:\Windows\System\bPGGZXS.exe

C:\Windows\System\bPGGZXS.exe

C:\Windows\System\cAceVfZ.exe

C:\Windows\System\cAceVfZ.exe

C:\Windows\System\cXQlXoW.exe

C:\Windows\System\cXQlXoW.exe

C:\Windows\System\kitezTP.exe

C:\Windows\System\kitezTP.exe

C:\Windows\System\cvvnYEv.exe

C:\Windows\System\cvvnYEv.exe

C:\Windows\System\MPCvqre.exe

C:\Windows\System\MPCvqre.exe

C:\Windows\System\qVSnxPg.exe

C:\Windows\System\qVSnxPg.exe

C:\Windows\System\azcEkse.exe

C:\Windows\System\azcEkse.exe

C:\Windows\System\OxmdLnR.exe

C:\Windows\System\OxmdLnR.exe

C:\Windows\System\VNQzZaK.exe

C:\Windows\System\VNQzZaK.exe

C:\Windows\System\wHDjyfu.exe

C:\Windows\System\wHDjyfu.exe

C:\Windows\System\Yfmcitq.exe

C:\Windows\System\Yfmcitq.exe

C:\Windows\System\gyolVxy.exe

C:\Windows\System\gyolVxy.exe

C:\Windows\System\dUuLGNS.exe

C:\Windows\System\dUuLGNS.exe

C:\Windows\System\lGEuPbT.exe

C:\Windows\System\lGEuPbT.exe

C:\Windows\System\FQqKyfR.exe

C:\Windows\System\FQqKyfR.exe

C:\Windows\System\osdARPU.exe

C:\Windows\System\osdARPU.exe

C:\Windows\System\FevaqVL.exe

C:\Windows\System\FevaqVL.exe

C:\Windows\System\YbodLKh.exe

C:\Windows\System\YbodLKh.exe

C:\Windows\System\wKyrhgf.exe

C:\Windows\System\wKyrhgf.exe

C:\Windows\System\WhgWahr.exe

C:\Windows\System\WhgWahr.exe

C:\Windows\System\HDfZeKD.exe

C:\Windows\System\HDfZeKD.exe

C:\Windows\System\SiaXKtW.exe

C:\Windows\System\SiaXKtW.exe

C:\Windows\System\HqZjbzI.exe

C:\Windows\System\HqZjbzI.exe

C:\Windows\System\vcJtDGq.exe

C:\Windows\System\vcJtDGq.exe

C:\Windows\System\SBxNdPg.exe

C:\Windows\System\SBxNdPg.exe

C:\Windows\System\ifwfxgP.exe

C:\Windows\System\ifwfxgP.exe

C:\Windows\System\FkhQlKI.exe

C:\Windows\System\FkhQlKI.exe

C:\Windows\System\wVVLoTB.exe

C:\Windows\System\wVVLoTB.exe

C:\Windows\System\vPkeDHy.exe

C:\Windows\System\vPkeDHy.exe

C:\Windows\System\jOMChOT.exe

C:\Windows\System\jOMChOT.exe

C:\Windows\System\kburaRK.exe

C:\Windows\System\kburaRK.exe

C:\Windows\System\jrHfnaD.exe

C:\Windows\System\jrHfnaD.exe

C:\Windows\System\VTnoGdz.exe

C:\Windows\System\VTnoGdz.exe

C:\Windows\System\UvBxYde.exe

C:\Windows\System\UvBxYde.exe

C:\Windows\System\FBwcyGS.exe

C:\Windows\System\FBwcyGS.exe

C:\Windows\System\rieKWly.exe

C:\Windows\System\rieKWly.exe

C:\Windows\System\dRMBZIG.exe

C:\Windows\System\dRMBZIG.exe

C:\Windows\System\ezMASak.exe

C:\Windows\System\ezMASak.exe

C:\Windows\System\RgtZIEg.exe

C:\Windows\System\RgtZIEg.exe

C:\Windows\System\urNRgZM.exe

C:\Windows\System\urNRgZM.exe

C:\Windows\System\YqhKEnm.exe

C:\Windows\System\YqhKEnm.exe

C:\Windows\System\mOgWQUW.exe

C:\Windows\System\mOgWQUW.exe

C:\Windows\System\ExSEbfx.exe

C:\Windows\System\ExSEbfx.exe

C:\Windows\System\OXAaORm.exe

C:\Windows\System\OXAaORm.exe

C:\Windows\System\RRwAggh.exe

C:\Windows\System\RRwAggh.exe

C:\Windows\System\QmQddDM.exe

C:\Windows\System\QmQddDM.exe

C:\Windows\System\AyBJjZW.exe

C:\Windows\System\AyBJjZW.exe

C:\Windows\System\MxxVkCj.exe

C:\Windows\System\MxxVkCj.exe

C:\Windows\System\LNotbdC.exe

C:\Windows\System\LNotbdC.exe

C:\Windows\System\MFJgDpL.exe

C:\Windows\System\MFJgDpL.exe

C:\Windows\System\tIwADWn.exe

C:\Windows\System\tIwADWn.exe

C:\Windows\System\kNQzjyQ.exe

C:\Windows\System\kNQzjyQ.exe

C:\Windows\System\aeBEBbB.exe

C:\Windows\System\aeBEBbB.exe

C:\Windows\System\xCvMxDa.exe

C:\Windows\System\xCvMxDa.exe

C:\Windows\System\ckFmZfg.exe

C:\Windows\System\ckFmZfg.exe

C:\Windows\System\rouZinA.exe

C:\Windows\System\rouZinA.exe

C:\Windows\System\wyGwOiU.exe

C:\Windows\System\wyGwOiU.exe

C:\Windows\System\hfqEbRG.exe

C:\Windows\System\hfqEbRG.exe

C:\Windows\System\ziFSuOg.exe

C:\Windows\System\ziFSuOg.exe

C:\Windows\System\jiGwdJM.exe

C:\Windows\System\jiGwdJM.exe

C:\Windows\System\IcTdTcS.exe

C:\Windows\System\IcTdTcS.exe

C:\Windows\System\hBiOBMH.exe

C:\Windows\System\hBiOBMH.exe

C:\Windows\System\iwThMVf.exe

C:\Windows\System\iwThMVf.exe

C:\Windows\System\tKwIstY.exe

C:\Windows\System\tKwIstY.exe

C:\Windows\System\vOOFMMG.exe

C:\Windows\System\vOOFMMG.exe

C:\Windows\System\qnCPVDk.exe

C:\Windows\System\qnCPVDk.exe

C:\Windows\System\ImpaHmN.exe

C:\Windows\System\ImpaHmN.exe

C:\Windows\System\zHcinGe.exe

C:\Windows\System\zHcinGe.exe

C:\Windows\System\CWDUmil.exe

C:\Windows\System\CWDUmil.exe

C:\Windows\System\vAvUXUP.exe

C:\Windows\System\vAvUXUP.exe

C:\Windows\System\DevxCKr.exe

C:\Windows\System\DevxCKr.exe

C:\Windows\System\iaiTPfT.exe

C:\Windows\System\iaiTPfT.exe

C:\Windows\System\GQOSIWw.exe

C:\Windows\System\GQOSIWw.exe

C:\Windows\System\BcWVGlP.exe

C:\Windows\System\BcWVGlP.exe

C:\Windows\System\nGWAcVC.exe

C:\Windows\System\nGWAcVC.exe

C:\Windows\System\dbQRnjB.exe

C:\Windows\System\dbQRnjB.exe

C:\Windows\System\kaFfVkh.exe

C:\Windows\System\kaFfVkh.exe

C:\Windows\System\MwbaiNG.exe

C:\Windows\System\MwbaiNG.exe

C:\Windows\System\iqBmdKL.exe

C:\Windows\System\iqBmdKL.exe

C:\Windows\System\qzAoubL.exe

C:\Windows\System\qzAoubL.exe

C:\Windows\System\XFObmUi.exe

C:\Windows\System\XFObmUi.exe

C:\Windows\System\GaQjEqs.exe

C:\Windows\System\GaQjEqs.exe

C:\Windows\System\nxFnxik.exe

C:\Windows\System\nxFnxik.exe

C:\Windows\System\dRpTsEc.exe

C:\Windows\System\dRpTsEc.exe

C:\Windows\System\ZHWJMqb.exe

C:\Windows\System\ZHWJMqb.exe

C:\Windows\System\YjlPLbL.exe

C:\Windows\System\YjlPLbL.exe

C:\Windows\System\aCkPCTV.exe

C:\Windows\System\aCkPCTV.exe

C:\Windows\System\wzQlOrZ.exe

C:\Windows\System\wzQlOrZ.exe

C:\Windows\System\GKtraeW.exe

C:\Windows\System\GKtraeW.exe

C:\Windows\System\mlhYCpY.exe

C:\Windows\System\mlhYCpY.exe

C:\Windows\System\dVjmGIp.exe

C:\Windows\System\dVjmGIp.exe

C:\Windows\System\YUVpPar.exe

C:\Windows\System\YUVpPar.exe

C:\Windows\System\TTSVKYW.exe

C:\Windows\System\TTSVKYW.exe

C:\Windows\System\eMtweCi.exe

C:\Windows\System\eMtweCi.exe

C:\Windows\System\rJnrAsG.exe

C:\Windows\System\rJnrAsG.exe

C:\Windows\System\bAuaVVE.exe

C:\Windows\System\bAuaVVE.exe

C:\Windows\System\blwqBDn.exe

C:\Windows\System\blwqBDn.exe

C:\Windows\System\JPyuOCU.exe

C:\Windows\System\JPyuOCU.exe

C:\Windows\System\zYOJkuH.exe

C:\Windows\System\zYOJkuH.exe

C:\Windows\System\ickSyez.exe

C:\Windows\System\ickSyez.exe

C:\Windows\System\BAUInvg.exe

C:\Windows\System\BAUInvg.exe

C:\Windows\System\WHdxUhI.exe

C:\Windows\System\WHdxUhI.exe

C:\Windows\System\EHuNOHa.exe

C:\Windows\System\EHuNOHa.exe

C:\Windows\System\eOdbITn.exe

C:\Windows\System\eOdbITn.exe

C:\Windows\System\GTkdVbZ.exe

C:\Windows\System\GTkdVbZ.exe

C:\Windows\System\XhcQWOF.exe

C:\Windows\System\XhcQWOF.exe

C:\Windows\System\ENxjdxq.exe

C:\Windows\System\ENxjdxq.exe

C:\Windows\System\ihfxbph.exe

C:\Windows\System\ihfxbph.exe

C:\Windows\System\PXQwAtl.exe

C:\Windows\System\PXQwAtl.exe

C:\Windows\System\AXqTbhR.exe

C:\Windows\System\AXqTbhR.exe

C:\Windows\System\eWsZPMa.exe

C:\Windows\System\eWsZPMa.exe

C:\Windows\System\ZnvWwKc.exe

C:\Windows\System\ZnvWwKc.exe

C:\Windows\System\fANpSFS.exe

C:\Windows\System\fANpSFS.exe

C:\Windows\System\pwQuXNK.exe

C:\Windows\System\pwQuXNK.exe

C:\Windows\System\dOheFFH.exe

C:\Windows\System\dOheFFH.exe

C:\Windows\System\AneRbsz.exe

C:\Windows\System\AneRbsz.exe

C:\Windows\System\FVuJqDA.exe

C:\Windows\System\FVuJqDA.exe

C:\Windows\System\LYWEzkw.exe

C:\Windows\System\LYWEzkw.exe

C:\Windows\System\SBHxDwY.exe

C:\Windows\System\SBHxDwY.exe

C:\Windows\System\MZupqvM.exe

C:\Windows\System\MZupqvM.exe

C:\Windows\System\hVLDxhU.exe

C:\Windows\System\hVLDxhU.exe

C:\Windows\System\tAgCnah.exe

C:\Windows\System\tAgCnah.exe

C:\Windows\System\DYngAnL.exe

C:\Windows\System\DYngAnL.exe

C:\Windows\System\hFxtaiq.exe

C:\Windows\System\hFxtaiq.exe

C:\Windows\System\PEFMqIf.exe

C:\Windows\System\PEFMqIf.exe

C:\Windows\System\BXiHZLN.exe

C:\Windows\System\BXiHZLN.exe

C:\Windows\System\hhSinot.exe

C:\Windows\System\hhSinot.exe

C:\Windows\System\jbSaTUH.exe

C:\Windows\System\jbSaTUH.exe

C:\Windows\System\ckuJeEj.exe

C:\Windows\System\ckuJeEj.exe

C:\Windows\System\tbNrrVe.exe

C:\Windows\System\tbNrrVe.exe

C:\Windows\System\YJgWfql.exe

C:\Windows\System\YJgWfql.exe

C:\Windows\System\iIvfNCd.exe

C:\Windows\System\iIvfNCd.exe

C:\Windows\System\nIpBatv.exe

C:\Windows\System\nIpBatv.exe

C:\Windows\System\rVbZGpg.exe

C:\Windows\System\rVbZGpg.exe

C:\Windows\System\tavlQfw.exe

C:\Windows\System\tavlQfw.exe

C:\Windows\System\GqSsEDz.exe

C:\Windows\System\GqSsEDz.exe

C:\Windows\System\szqXKdG.exe

C:\Windows\System\szqXKdG.exe

C:\Windows\System\yJUAJqg.exe

C:\Windows\System\yJUAJqg.exe

C:\Windows\System\WbhqjZE.exe

C:\Windows\System\WbhqjZE.exe

C:\Windows\System\oueevDX.exe

C:\Windows\System\oueevDX.exe

C:\Windows\System\KyMueAx.exe

C:\Windows\System\KyMueAx.exe

C:\Windows\System\mYnvunj.exe

C:\Windows\System\mYnvunj.exe

C:\Windows\System\Astumgx.exe

C:\Windows\System\Astumgx.exe

C:\Windows\System\IdgXwrT.exe

C:\Windows\System\IdgXwrT.exe

C:\Windows\System\HxTiEte.exe

C:\Windows\System\HxTiEte.exe

C:\Windows\System\WtuPwXg.exe

C:\Windows\System\WtuPwXg.exe

C:\Windows\System\IKZbxtj.exe

C:\Windows\System\IKZbxtj.exe

C:\Windows\System\GKDNqZZ.exe

C:\Windows\System\GKDNqZZ.exe

C:\Windows\System\eleTPuR.exe

C:\Windows\System\eleTPuR.exe

C:\Windows\System\RuRzaLp.exe

C:\Windows\System\RuRzaLp.exe

C:\Windows\System\DPhssFZ.exe

C:\Windows\System\DPhssFZ.exe

C:\Windows\System\xhsayOC.exe

C:\Windows\System\xhsayOC.exe

C:\Windows\System\PsbLqAk.exe

C:\Windows\System\PsbLqAk.exe

C:\Windows\System\bRviXlJ.exe

C:\Windows\System\bRviXlJ.exe

C:\Windows\System\wkGEMXp.exe

C:\Windows\System\wkGEMXp.exe

C:\Windows\System\RITtUgw.exe

C:\Windows\System\RITtUgw.exe

C:\Windows\System\FQMzWKA.exe

C:\Windows\System\FQMzWKA.exe

C:\Windows\System\QdnChRY.exe

C:\Windows\System\QdnChRY.exe

C:\Windows\System\PcPhljO.exe

C:\Windows\System\PcPhljO.exe

C:\Windows\System\GpCuHsD.exe

C:\Windows\System\GpCuHsD.exe

C:\Windows\System\nMsJCYU.exe

C:\Windows\System\nMsJCYU.exe

C:\Windows\System\vwcxrle.exe

C:\Windows\System\vwcxrle.exe

C:\Windows\System\wqnjfKz.exe

C:\Windows\System\wqnjfKz.exe

C:\Windows\System\GzZAKKk.exe

C:\Windows\System\GzZAKKk.exe

C:\Windows\System\olvPDzd.exe

C:\Windows\System\olvPDzd.exe

C:\Windows\System\qVWtkoq.exe

C:\Windows\System\qVWtkoq.exe

C:\Windows\System\pbyvjpH.exe

C:\Windows\System\pbyvjpH.exe

C:\Windows\System\NHikNxj.exe

C:\Windows\System\NHikNxj.exe

C:\Windows\System\UFRLYSN.exe

C:\Windows\System\UFRLYSN.exe

C:\Windows\System\GEWkaqg.exe

C:\Windows\System\GEWkaqg.exe

C:\Windows\System\CkhuNsg.exe

C:\Windows\System\CkhuNsg.exe

C:\Windows\System\XbYxfuM.exe

C:\Windows\System\XbYxfuM.exe

C:\Windows\System\cxjvlHW.exe

C:\Windows\System\cxjvlHW.exe

C:\Windows\System\QTXVNUl.exe

C:\Windows\System\QTXVNUl.exe

C:\Windows\System\NHqeeJW.exe

C:\Windows\System\NHqeeJW.exe

C:\Windows\System\QAwzYuf.exe

C:\Windows\System\QAwzYuf.exe

C:\Windows\System\JwBeEQq.exe

C:\Windows\System\JwBeEQq.exe

C:\Windows\System\bodYTUx.exe

C:\Windows\System\bodYTUx.exe

C:\Windows\System\cDPXxEI.exe

C:\Windows\System\cDPXxEI.exe

C:\Windows\System\KCKAGcS.exe

C:\Windows\System\KCKAGcS.exe

C:\Windows\System\rfopDQd.exe

C:\Windows\System\rfopDQd.exe

C:\Windows\System\oAGbuez.exe

C:\Windows\System\oAGbuez.exe

C:\Windows\System\NqXFRXc.exe

C:\Windows\System\NqXFRXc.exe

C:\Windows\System\XYBhycf.exe

C:\Windows\System\XYBhycf.exe

C:\Windows\System\WZasGyc.exe

C:\Windows\System\WZasGyc.exe

C:\Windows\System\DOvBJxk.exe

C:\Windows\System\DOvBJxk.exe

C:\Windows\System\akaGzoP.exe

C:\Windows\System\akaGzoP.exe

C:\Windows\System\FNCYPib.exe

C:\Windows\System\FNCYPib.exe

C:\Windows\System\NLbeOgT.exe

C:\Windows\System\NLbeOgT.exe

C:\Windows\System\ZHZDWjG.exe

C:\Windows\System\ZHZDWjG.exe

C:\Windows\System\dajZyOL.exe

C:\Windows\System\dajZyOL.exe

C:\Windows\System\EGPDkIp.exe

C:\Windows\System\EGPDkIp.exe

C:\Windows\System\PvRPDqQ.exe

C:\Windows\System\PvRPDqQ.exe

C:\Windows\System\KcbUPex.exe

C:\Windows\System\KcbUPex.exe

C:\Windows\System\fPvRlKc.exe

C:\Windows\System\fPvRlKc.exe

C:\Windows\System\TdlJOJs.exe

C:\Windows\System\TdlJOJs.exe

C:\Windows\System\jZDOMNL.exe

C:\Windows\System\jZDOMNL.exe

C:\Windows\System\vlANuvD.exe

C:\Windows\System\vlANuvD.exe

C:\Windows\System\MyOyMae.exe

C:\Windows\System\MyOyMae.exe

C:\Windows\System\kJvZloJ.exe

C:\Windows\System\kJvZloJ.exe

C:\Windows\System\nERNETo.exe

C:\Windows\System\nERNETo.exe

C:\Windows\System\xDPsrGV.exe

C:\Windows\System\xDPsrGV.exe

C:\Windows\System\kPZVjyQ.exe

C:\Windows\System\kPZVjyQ.exe

C:\Windows\System\ExBlPua.exe

C:\Windows\System\ExBlPua.exe

C:\Windows\System\LYMyncA.exe

C:\Windows\System\LYMyncA.exe

C:\Windows\System\LzmOHju.exe

C:\Windows\System\LzmOHju.exe

C:\Windows\System\Irvxmsz.exe

C:\Windows\System\Irvxmsz.exe

C:\Windows\System\kZUSsQV.exe

C:\Windows\System\kZUSsQV.exe

C:\Windows\System\DZGGWBm.exe

C:\Windows\System\DZGGWBm.exe

C:\Windows\System\btapgov.exe

C:\Windows\System\btapgov.exe

C:\Windows\System\IOQmjVo.exe

C:\Windows\System\IOQmjVo.exe

C:\Windows\System\cnAFnNm.exe

C:\Windows\System\cnAFnNm.exe

C:\Windows\System\ajhGTYd.exe

C:\Windows\System\ajhGTYd.exe

C:\Windows\System\CbhWhXC.exe

C:\Windows\System\CbhWhXC.exe

C:\Windows\System\QUFwaSV.exe

C:\Windows\System\QUFwaSV.exe

C:\Windows\System\gFHZfJK.exe

C:\Windows\System\gFHZfJK.exe

C:\Windows\System\OeXFBAq.exe

C:\Windows\System\OeXFBAq.exe

C:\Windows\System\FtQHfbi.exe

C:\Windows\System\FtQHfbi.exe

C:\Windows\System\LJMpcae.exe

C:\Windows\System\LJMpcae.exe

C:\Windows\System\nUTKtJm.exe

C:\Windows\System\nUTKtJm.exe

C:\Windows\System\XRrRLVs.exe

C:\Windows\System\XRrRLVs.exe

C:\Windows\System\JJEIoZD.exe

C:\Windows\System\JJEIoZD.exe

C:\Windows\System\fnBdFEe.exe

C:\Windows\System\fnBdFEe.exe

C:\Windows\System\VwOFfIv.exe

C:\Windows\System\VwOFfIv.exe

C:\Windows\System\cnBubEp.exe

C:\Windows\System\cnBubEp.exe

C:\Windows\System\alhtPPF.exe

C:\Windows\System\alhtPPF.exe

C:\Windows\System\sHEYAqc.exe

C:\Windows\System\sHEYAqc.exe

C:\Windows\System\fKffgkd.exe

C:\Windows\System\fKffgkd.exe

C:\Windows\System\ipPeHrA.exe

C:\Windows\System\ipPeHrA.exe

C:\Windows\System\tzWhVFu.exe

C:\Windows\System\tzWhVFu.exe

C:\Windows\System\OAIHPGp.exe

C:\Windows\System\OAIHPGp.exe

C:\Windows\System\PvWAYoi.exe

C:\Windows\System\PvWAYoi.exe

C:\Windows\System\sABFvjC.exe

C:\Windows\System\sABFvjC.exe

C:\Windows\System\VkCNSiT.exe

C:\Windows\System\VkCNSiT.exe

C:\Windows\System\LdhoNAx.exe

C:\Windows\System\LdhoNAx.exe

C:\Windows\System\eSjrrjH.exe

C:\Windows\System\eSjrrjH.exe

C:\Windows\System\lBTmAOG.exe

C:\Windows\System\lBTmAOG.exe

C:\Windows\System\vRBLlno.exe

C:\Windows\System\vRBLlno.exe

C:\Windows\System\pEVVgdP.exe

C:\Windows\System\pEVVgdP.exe

C:\Windows\System\usSkGLx.exe

C:\Windows\System\usSkGLx.exe

C:\Windows\System\IUrSSle.exe

C:\Windows\System\IUrSSle.exe

C:\Windows\System\KAMRSmd.exe

C:\Windows\System\KAMRSmd.exe

C:\Windows\System\eWwQNko.exe

C:\Windows\System\eWwQNko.exe

C:\Windows\System\YOcQljx.exe

C:\Windows\System\YOcQljx.exe

C:\Windows\System\dICpmpg.exe

C:\Windows\System\dICpmpg.exe

C:\Windows\System\cHieSkt.exe

C:\Windows\System\cHieSkt.exe

C:\Windows\System\JXusiqJ.exe

C:\Windows\System\JXusiqJ.exe

C:\Windows\System\SxNlUJb.exe

C:\Windows\System\SxNlUJb.exe

C:\Windows\System\NufOrqU.exe

C:\Windows\System\NufOrqU.exe

C:\Windows\System\FgZmLzr.exe

C:\Windows\System\FgZmLzr.exe

C:\Windows\System\QzlrDVF.exe

C:\Windows\System\QzlrDVF.exe

C:\Windows\System\RZWUrkZ.exe

C:\Windows\System\RZWUrkZ.exe

C:\Windows\System\zZSUQRc.exe

C:\Windows\System\zZSUQRc.exe

C:\Windows\System\jSdiAAU.exe

C:\Windows\System\jSdiAAU.exe

C:\Windows\System\uXeCruq.exe

C:\Windows\System\uXeCruq.exe

C:\Windows\System\wsNMWgt.exe

C:\Windows\System\wsNMWgt.exe

C:\Windows\System\SnVbPTI.exe

C:\Windows\System\SnVbPTI.exe

C:\Windows\System\PWjHTJL.exe

C:\Windows\System\PWjHTJL.exe

C:\Windows\System\NjrYEzE.exe

C:\Windows\System\NjrYEzE.exe

C:\Windows\System\MaoRCjz.exe

C:\Windows\System\MaoRCjz.exe

C:\Windows\System\LYwWziw.exe

C:\Windows\System\LYwWziw.exe

C:\Windows\System\enphrpo.exe

C:\Windows\System\enphrpo.exe

C:\Windows\System\MnjQEYz.exe

C:\Windows\System\MnjQEYz.exe

C:\Windows\System\aKYGAqB.exe

C:\Windows\System\aKYGAqB.exe

C:\Windows\System\nZhUggu.exe

C:\Windows\System\nZhUggu.exe

C:\Windows\System\JJAHQxa.exe

C:\Windows\System\JJAHQxa.exe

C:\Windows\System\pltTswe.exe

C:\Windows\System\pltTswe.exe

C:\Windows\System\hgTWqYp.exe

C:\Windows\System\hgTWqYp.exe

C:\Windows\System\LqvgmhV.exe

C:\Windows\System\LqvgmhV.exe

C:\Windows\System\fhKmiyj.exe

C:\Windows\System\fhKmiyj.exe

C:\Windows\System\IrApuXB.exe

C:\Windows\System\IrApuXB.exe

C:\Windows\System\skEBMBq.exe

C:\Windows\System\skEBMBq.exe

C:\Windows\System\NWftDIy.exe

C:\Windows\System\NWftDIy.exe

C:\Windows\System\FewgSLD.exe

C:\Windows\System\FewgSLD.exe

C:\Windows\System\QxQdqtP.exe

C:\Windows\System\QxQdqtP.exe

C:\Windows\System\ahrKHjD.exe

C:\Windows\System\ahrKHjD.exe

C:\Windows\System\RXFwEdI.exe

C:\Windows\System\RXFwEdI.exe

C:\Windows\System\hnRsCrl.exe

C:\Windows\System\hnRsCrl.exe

C:\Windows\System\XGiZHSK.exe

C:\Windows\System\XGiZHSK.exe

C:\Windows\System\joTpRZr.exe

C:\Windows\System\joTpRZr.exe

C:\Windows\System\JRRwnfg.exe

C:\Windows\System\JRRwnfg.exe

C:\Windows\System\MBjIbkf.exe

C:\Windows\System\MBjIbkf.exe

C:\Windows\System\xxTuYOJ.exe

C:\Windows\System\xxTuYOJ.exe

C:\Windows\System\zsaVghg.exe

C:\Windows\System\zsaVghg.exe

C:\Windows\System\gQJXJMq.exe

C:\Windows\System\gQJXJMq.exe

C:\Windows\System\FvKlIGd.exe

C:\Windows\System\FvKlIGd.exe

C:\Windows\System\ljlakoW.exe

C:\Windows\System\ljlakoW.exe

C:\Windows\System\nhKXvUC.exe

C:\Windows\System\nhKXvUC.exe

C:\Windows\System\lfRVXma.exe

C:\Windows\System\lfRVXma.exe

C:\Windows\System\WHMvDQX.exe

C:\Windows\System\WHMvDQX.exe

C:\Windows\System\UeKlJsI.exe

C:\Windows\System\UeKlJsI.exe

C:\Windows\System\VGoMCxi.exe

C:\Windows\System\VGoMCxi.exe

C:\Windows\System\rfjQBsh.exe

C:\Windows\System\rfjQBsh.exe

C:\Windows\System\sSfEjhA.exe

C:\Windows\System\sSfEjhA.exe

C:\Windows\System\BBEhzxy.exe

C:\Windows\System\BBEhzxy.exe

C:\Windows\System\hSPBzYL.exe

C:\Windows\System\hSPBzYL.exe

C:\Windows\System\MniqZOG.exe

C:\Windows\System\MniqZOG.exe

C:\Windows\System\WNRxRTi.exe

C:\Windows\System\WNRxRTi.exe

C:\Windows\System\khxSHEE.exe

C:\Windows\System\khxSHEE.exe

C:\Windows\System\tGIqxCW.exe

C:\Windows\System\tGIqxCW.exe

C:\Windows\System\FrKZbBQ.exe

C:\Windows\System\FrKZbBQ.exe

C:\Windows\System\ZizUijM.exe

C:\Windows\System\ZizUijM.exe

C:\Windows\System\eqDapfr.exe

C:\Windows\System\eqDapfr.exe

C:\Windows\System\vWcRxVc.exe

C:\Windows\System\vWcRxVc.exe

C:\Windows\System\gFMDeNG.exe

C:\Windows\System\gFMDeNG.exe

C:\Windows\System\PVyHIqk.exe

C:\Windows\System\PVyHIqk.exe

C:\Windows\System\fkSpvcS.exe

C:\Windows\System\fkSpvcS.exe

C:\Windows\System\HycvOVg.exe

C:\Windows\System\HycvOVg.exe

C:\Windows\System\WHgduzZ.exe

C:\Windows\System\WHgduzZ.exe

C:\Windows\System\LcuEHrx.exe

C:\Windows\System\LcuEHrx.exe

C:\Windows\System\iuGLyPl.exe

C:\Windows\System\iuGLyPl.exe

C:\Windows\System\RaFwPPG.exe

C:\Windows\System\RaFwPPG.exe

C:\Windows\System\xQmOOIF.exe

C:\Windows\System\xQmOOIF.exe

C:\Windows\System\Jzlpfnf.exe

C:\Windows\System\Jzlpfnf.exe

C:\Windows\System\dlcooIy.exe

C:\Windows\System\dlcooIy.exe

C:\Windows\System\XGTirdT.exe

C:\Windows\System\XGTirdT.exe

C:\Windows\System\jJROfKn.exe

C:\Windows\System\jJROfKn.exe

C:\Windows\System\hcVVrJB.exe

C:\Windows\System\hcVVrJB.exe

C:\Windows\System\dpzEAtI.exe

C:\Windows\System\dpzEAtI.exe

C:\Windows\System\UJjcutP.exe

C:\Windows\System\UJjcutP.exe

C:\Windows\System\SLIAiGu.exe

C:\Windows\System\SLIAiGu.exe

C:\Windows\System\moJsWju.exe

C:\Windows\System\moJsWju.exe

C:\Windows\System\GNWWsdL.exe

C:\Windows\System\GNWWsdL.exe

C:\Windows\System\LdiHtLr.exe

C:\Windows\System\LdiHtLr.exe

C:\Windows\System\diKavzo.exe

C:\Windows\System\diKavzo.exe

C:\Windows\System\LQWcSkr.exe

C:\Windows\System\LQWcSkr.exe

C:\Windows\System\uIqAfFV.exe

C:\Windows\System\uIqAfFV.exe

C:\Windows\System\nyoGpcb.exe

C:\Windows\System\nyoGpcb.exe

C:\Windows\System\QioevnV.exe

C:\Windows\System\QioevnV.exe

C:\Windows\System\OkALxuT.exe

C:\Windows\System\OkALxuT.exe

C:\Windows\System\hvtVizq.exe

C:\Windows\System\hvtVizq.exe

C:\Windows\System\HwwIUpU.exe

C:\Windows\System\HwwIUpU.exe

C:\Windows\System\yajnGjn.exe

C:\Windows\System\yajnGjn.exe

C:\Windows\System\jRSRJra.exe

C:\Windows\System\jRSRJra.exe

C:\Windows\System\ujaGEBM.exe

C:\Windows\System\ujaGEBM.exe

C:\Windows\System\DeUbSjE.exe

C:\Windows\System\DeUbSjE.exe

C:\Windows\System\LXawHNa.exe

C:\Windows\System\LXawHNa.exe

C:\Windows\System\MLFtYUq.exe

C:\Windows\System\MLFtYUq.exe

C:\Windows\System\fGjbDKY.exe

C:\Windows\System\fGjbDKY.exe

C:\Windows\System\qfQqiRw.exe

C:\Windows\System\qfQqiRw.exe

C:\Windows\System\XdBaHUE.exe

C:\Windows\System\XdBaHUE.exe

C:\Windows\System\AiReEYp.exe

C:\Windows\System\AiReEYp.exe

C:\Windows\System\yNGbqsT.exe

C:\Windows\System\yNGbqsT.exe

C:\Windows\System\gKvsZtb.exe

C:\Windows\System\gKvsZtb.exe

C:\Windows\System\udhEsZe.exe

C:\Windows\System\udhEsZe.exe

C:\Windows\System\FygMVwd.exe

C:\Windows\System\FygMVwd.exe

C:\Windows\System\iUSXSjL.exe

C:\Windows\System\iUSXSjL.exe

C:\Windows\System\nCjKHTq.exe

C:\Windows\System\nCjKHTq.exe

C:\Windows\System\spUlMfz.exe

C:\Windows\System\spUlMfz.exe

C:\Windows\System\scECuEl.exe

C:\Windows\System\scECuEl.exe

C:\Windows\System\QTPtryH.exe

C:\Windows\System\QTPtryH.exe

C:\Windows\System\XRCylRc.exe

C:\Windows\System\XRCylRc.exe

C:\Windows\System\sXnVKvT.exe

C:\Windows\System\sXnVKvT.exe

C:\Windows\System\bpxaRHS.exe

C:\Windows\System\bpxaRHS.exe

C:\Windows\System\OsQhIyZ.exe

C:\Windows\System\OsQhIyZ.exe

C:\Windows\System\FnafHBY.exe

C:\Windows\System\FnafHBY.exe

C:\Windows\System\DZHZLCI.exe

C:\Windows\System\DZHZLCI.exe

C:\Windows\System\ptRLOPZ.exe

C:\Windows\System\ptRLOPZ.exe

C:\Windows\System\VOCIhPo.exe

C:\Windows\System\VOCIhPo.exe

C:\Windows\System\JbUpoRT.exe

C:\Windows\System\JbUpoRT.exe

C:\Windows\System\enqACRO.exe

C:\Windows\System\enqACRO.exe

C:\Windows\System\XqpFrgy.exe

C:\Windows\System\XqpFrgy.exe

C:\Windows\System\crBXiVe.exe

C:\Windows\System\crBXiVe.exe

C:\Windows\System\GrjPzQd.exe

C:\Windows\System\GrjPzQd.exe

C:\Windows\System\vJyXYFw.exe

C:\Windows\System\vJyXYFw.exe

C:\Windows\System\KBAJYIG.exe

C:\Windows\System\KBAJYIG.exe

C:\Windows\System\wFOdloH.exe

C:\Windows\System\wFOdloH.exe

C:\Windows\System\UTKNdXK.exe

C:\Windows\System\UTKNdXK.exe

C:\Windows\System\eXmRiHi.exe

C:\Windows\System\eXmRiHi.exe

C:\Windows\System\ILFTxtE.exe

C:\Windows\System\ILFTxtE.exe

C:\Windows\System\LtoBWuj.exe

C:\Windows\System\LtoBWuj.exe

C:\Windows\System\IKWrfGE.exe

C:\Windows\System\IKWrfGE.exe

C:\Windows\System\alaxDOB.exe

C:\Windows\System\alaxDOB.exe

C:\Windows\System\hUOmujP.exe

C:\Windows\System\hUOmujP.exe

C:\Windows\System\gwdxqGC.exe

C:\Windows\System\gwdxqGC.exe

C:\Windows\System\egRfvaK.exe

C:\Windows\System\egRfvaK.exe

C:\Windows\System\KOHbFBx.exe

C:\Windows\System\KOHbFBx.exe

C:\Windows\System\OHrVDOO.exe

C:\Windows\System\OHrVDOO.exe

C:\Windows\System\OdDUKrp.exe

C:\Windows\System\OdDUKrp.exe

C:\Windows\System\eXPtlsx.exe

C:\Windows\System\eXPtlsx.exe

C:\Windows\System\ncLHfYl.exe

C:\Windows\System\ncLHfYl.exe

C:\Windows\System\aoZorno.exe

C:\Windows\System\aoZorno.exe

C:\Windows\System\sUqQgHP.exe

C:\Windows\System\sUqQgHP.exe

C:\Windows\System\yllQKOE.exe

C:\Windows\System\yllQKOE.exe

C:\Windows\System\YQlrFkj.exe

C:\Windows\System\YQlrFkj.exe

C:\Windows\System\iDhawUA.exe

C:\Windows\System\iDhawUA.exe

C:\Windows\System\uOuEBXb.exe

C:\Windows\System\uOuEBXb.exe

C:\Windows\System\rYtekWu.exe

C:\Windows\System\rYtekWu.exe

C:\Windows\System\frARspq.exe

C:\Windows\System\frARspq.exe

C:\Windows\System\MEHfWMJ.exe

C:\Windows\System\MEHfWMJ.exe

C:\Windows\System\oXEmdsv.exe

C:\Windows\System\oXEmdsv.exe

C:\Windows\System\LtlySbH.exe

C:\Windows\System\LtlySbH.exe

C:\Windows\System\PNZVmEv.exe

C:\Windows\System\PNZVmEv.exe

C:\Windows\System\VIlwkdh.exe

C:\Windows\System\VIlwkdh.exe

C:\Windows\System\YmxmOys.exe

C:\Windows\System\YmxmOys.exe

C:\Windows\System\WFKUpwn.exe

C:\Windows\System\WFKUpwn.exe

C:\Windows\System\skXlXhY.exe

C:\Windows\System\skXlXhY.exe

C:\Windows\System\pEKjdwM.exe

C:\Windows\System\pEKjdwM.exe

C:\Windows\System\VMbGSdy.exe

C:\Windows\System\VMbGSdy.exe

C:\Windows\System\OygZYpN.exe

C:\Windows\System\OygZYpN.exe

C:\Windows\System\npbiDQy.exe

C:\Windows\System\npbiDQy.exe

C:\Windows\System\EdTUFZG.exe

C:\Windows\System\EdTUFZG.exe

C:\Windows\System\NKrNEfH.exe

C:\Windows\System\NKrNEfH.exe

C:\Windows\System\sDcqYkq.exe

C:\Windows\System\sDcqYkq.exe

C:\Windows\System\laZDKjn.exe

C:\Windows\System\laZDKjn.exe

C:\Windows\System\NoNsuaA.exe

C:\Windows\System\NoNsuaA.exe

C:\Windows\System\XggAVBf.exe

C:\Windows\System\XggAVBf.exe

C:\Windows\System\daXqtud.exe

C:\Windows\System\daXqtud.exe

C:\Windows\System\fukvtpt.exe

C:\Windows\System\fukvtpt.exe

C:\Windows\System\uMnZKKG.exe

C:\Windows\System\uMnZKKG.exe

C:\Windows\System\mahLZMD.exe

C:\Windows\System\mahLZMD.exe

C:\Windows\System\ZgpoJgd.exe

C:\Windows\System\ZgpoJgd.exe

C:\Windows\System\HdPypcx.exe

C:\Windows\System\HdPypcx.exe

C:\Windows\System\Ogyflyz.exe

C:\Windows\System\Ogyflyz.exe

C:\Windows\System\ssjCkzn.exe

C:\Windows\System\ssjCkzn.exe

C:\Windows\System\fIGzsjP.exe

C:\Windows\System\fIGzsjP.exe

C:\Windows\System\dZuTUGc.exe

C:\Windows\System\dZuTUGc.exe

C:\Windows\System\CAkDzBN.exe

C:\Windows\System\CAkDzBN.exe

C:\Windows\System\stClLId.exe

C:\Windows\System\stClLId.exe

C:\Windows\System\hoDLbbV.exe

C:\Windows\System\hoDLbbV.exe

C:\Windows\System\GgfqLoJ.exe

C:\Windows\System\GgfqLoJ.exe

C:\Windows\System\dOaeGNb.exe

C:\Windows\System\dOaeGNb.exe

C:\Windows\System\mJjQroG.exe

C:\Windows\System\mJjQroG.exe

C:\Windows\System\tPNYKOo.exe

C:\Windows\System\tPNYKOo.exe

C:\Windows\System\ljsoqOv.exe

C:\Windows\System\ljsoqOv.exe

C:\Windows\System\KsYcYbJ.exe

C:\Windows\System\KsYcYbJ.exe

C:\Windows\System\icBlaed.exe

C:\Windows\System\icBlaed.exe

C:\Windows\System\AcQqjYY.exe

C:\Windows\System\AcQqjYY.exe

C:\Windows\System\NAeVFGO.exe

C:\Windows\System\NAeVFGO.exe

C:\Windows\System\iYCBzGz.exe

C:\Windows\System\iYCBzGz.exe

C:\Windows\System\MMYtwwc.exe

C:\Windows\System\MMYtwwc.exe

C:\Windows\System\kmkteSe.exe

C:\Windows\System\kmkteSe.exe

C:\Windows\System\khqCJAO.exe

C:\Windows\System\khqCJAO.exe

C:\Windows\System\LJvkOPA.exe

C:\Windows\System\LJvkOPA.exe

C:\Windows\System\fkKlaLN.exe

C:\Windows\System\fkKlaLN.exe

C:\Windows\System\SQygTtb.exe

C:\Windows\System\SQygTtb.exe

C:\Windows\System\VZUAFFW.exe

C:\Windows\System\VZUAFFW.exe

C:\Windows\System\yLyMZzD.exe

C:\Windows\System\yLyMZzD.exe

C:\Windows\System\XYesQMj.exe

C:\Windows\System\XYesQMj.exe

C:\Windows\System\qqRWAtt.exe

C:\Windows\System\qqRWAtt.exe

C:\Windows\System\pIbjnpm.exe

C:\Windows\System\pIbjnpm.exe

C:\Windows\System\QjzfOMC.exe

C:\Windows\System\QjzfOMC.exe

C:\Windows\System\JkGYdaW.exe

C:\Windows\System\JkGYdaW.exe

C:\Windows\System\SuRqDqo.exe

C:\Windows\System\SuRqDqo.exe

C:\Windows\System\ZWuQfPo.exe

C:\Windows\System\ZWuQfPo.exe

C:\Windows\System\CDhmMdB.exe

C:\Windows\System\CDhmMdB.exe

C:\Windows\System\tPjNzbt.exe

C:\Windows\System\tPjNzbt.exe

C:\Windows\System\bjAsUUO.exe

C:\Windows\System\bjAsUUO.exe

C:\Windows\System\DlssSRo.exe

C:\Windows\System\DlssSRo.exe

C:\Windows\System\LeHetfz.exe

C:\Windows\System\LeHetfz.exe

C:\Windows\System\peyqfym.exe

C:\Windows\System\peyqfym.exe

C:\Windows\System\sbbThYe.exe

C:\Windows\System\sbbThYe.exe

C:\Windows\System\YaWEXbi.exe

C:\Windows\System\YaWEXbi.exe

C:\Windows\System\YbUVCgw.exe

C:\Windows\System\YbUVCgw.exe

C:\Windows\System\whrSWel.exe

C:\Windows\System\whrSWel.exe

C:\Windows\System\amCpcCl.exe

C:\Windows\System\amCpcCl.exe

C:\Windows\System\ubUxwxG.exe

C:\Windows\System\ubUxwxG.exe

C:\Windows\System\wUVcrQL.exe

C:\Windows\System\wUVcrQL.exe

C:\Windows\System\mNBPiWQ.exe

C:\Windows\System\mNBPiWQ.exe

C:\Windows\System\nCuJxKb.exe

C:\Windows\System\nCuJxKb.exe

C:\Windows\System\GFbvGng.exe

C:\Windows\System\GFbvGng.exe

C:\Windows\System\zZuebNn.exe

C:\Windows\System\zZuebNn.exe

C:\Windows\System\NNmKngF.exe

C:\Windows\System\NNmKngF.exe

C:\Windows\System\DIYfUJk.exe

C:\Windows\System\DIYfUJk.exe

C:\Windows\System\QcPFNDi.exe

C:\Windows\System\QcPFNDi.exe

C:\Windows\System\hcIMRni.exe

C:\Windows\System\hcIMRni.exe

C:\Windows\System\qAbDHFM.exe

C:\Windows\System\qAbDHFM.exe

C:\Windows\System\mCNxqzP.exe

C:\Windows\System\mCNxqzP.exe

C:\Windows\System\dShIPGL.exe

C:\Windows\System\dShIPGL.exe

C:\Windows\System\WIyqiBd.exe

C:\Windows\System\WIyqiBd.exe

C:\Windows\System\NIgxzMQ.exe

C:\Windows\System\NIgxzMQ.exe

C:\Windows\System\tBDxrHY.exe

C:\Windows\System\tBDxrHY.exe

C:\Windows\System\qXsHcwb.exe

C:\Windows\System\qXsHcwb.exe

C:\Windows\System\liQUnbo.exe

C:\Windows\System\liQUnbo.exe

C:\Windows\System\NWZDkqB.exe

C:\Windows\System\NWZDkqB.exe

C:\Windows\System\XqKYeTf.exe

C:\Windows\System\XqKYeTf.exe

C:\Windows\System\ZAeOqRW.exe

C:\Windows\System\ZAeOqRW.exe

C:\Windows\System\weYTZRf.exe

C:\Windows\System\weYTZRf.exe

C:\Windows\System\uWiIJjo.exe

C:\Windows\System\uWiIJjo.exe

C:\Windows\System\aVaBYWE.exe

C:\Windows\System\aVaBYWE.exe

C:\Windows\System\yCcSJUq.exe

C:\Windows\System\yCcSJUq.exe

C:\Windows\System\eEmejCY.exe

C:\Windows\System\eEmejCY.exe

C:\Windows\System\lMgMEXX.exe

C:\Windows\System\lMgMEXX.exe

C:\Windows\System\HyyUWQr.exe

C:\Windows\System\HyyUWQr.exe

C:\Windows\System\cnLXonA.exe

C:\Windows\System\cnLXonA.exe

C:\Windows\System\BuHlfvE.exe

C:\Windows\System\BuHlfvE.exe

C:\Windows\System\MIFSQzE.exe

C:\Windows\System\MIFSQzE.exe

C:\Windows\System\HZevBjz.exe

C:\Windows\System\HZevBjz.exe

C:\Windows\System\FhEpWFT.exe

C:\Windows\System\FhEpWFT.exe

C:\Windows\System\CPJQxcV.exe

C:\Windows\System\CPJQxcV.exe

C:\Windows\System\cwFdPcO.exe

C:\Windows\System\cwFdPcO.exe

C:\Windows\System\HdUiffX.exe

C:\Windows\System\HdUiffX.exe

C:\Windows\System\OzebkPC.exe

C:\Windows\System\OzebkPC.exe

C:\Windows\System\pYltLDl.exe

C:\Windows\System\pYltLDl.exe

C:\Windows\System\YwcvWqx.exe

C:\Windows\System\YwcvWqx.exe

C:\Windows\System\jongpVQ.exe

C:\Windows\System\jongpVQ.exe

C:\Windows\System\oEhXvwz.exe

C:\Windows\System\oEhXvwz.exe

C:\Windows\System\nojPRHU.exe

C:\Windows\System\nojPRHU.exe

C:\Windows\System\RysQLWF.exe

C:\Windows\System\RysQLWF.exe

C:\Windows\System\YGxrSiT.exe

C:\Windows\System\YGxrSiT.exe

C:\Windows\System\rQCzYdC.exe

C:\Windows\System\rQCzYdC.exe

C:\Windows\System\iJbFysx.exe

C:\Windows\System\iJbFysx.exe

C:\Windows\System\QMVwupI.exe

C:\Windows\System\QMVwupI.exe

C:\Windows\System\qaNYipy.exe

C:\Windows\System\qaNYipy.exe

C:\Windows\System\AUILQXa.exe

C:\Windows\System\AUILQXa.exe

C:\Windows\System\wTamsYx.exe

C:\Windows\System\wTamsYx.exe

C:\Windows\System\AVRMqyw.exe

C:\Windows\System\AVRMqyw.exe

C:\Windows\System\XRllHjO.exe

C:\Windows\System\XRllHjO.exe

C:\Windows\System\vmVwmuO.exe

C:\Windows\System\vmVwmuO.exe

C:\Windows\System\JQFgvlY.exe

C:\Windows\System\JQFgvlY.exe

C:\Windows\System\HrTMhuI.exe

C:\Windows\System\HrTMhuI.exe

C:\Windows\System\QYuLeTe.exe

C:\Windows\System\QYuLeTe.exe

C:\Windows\System\uQhqrYC.exe

C:\Windows\System\uQhqrYC.exe

C:\Windows\System\ZSUvhJa.exe

C:\Windows\System\ZSUvhJa.exe

C:\Windows\System\LJacOdf.exe

C:\Windows\System\LJacOdf.exe

C:\Windows\System\aPHySAF.exe

C:\Windows\System\aPHySAF.exe

C:\Windows\System\gAdHWeB.exe

C:\Windows\System\gAdHWeB.exe

C:\Windows\System\wACYIBa.exe

C:\Windows\System\wACYIBa.exe

C:\Windows\System\oFRPHvX.exe

C:\Windows\System\oFRPHvX.exe

C:\Windows\System\MeQsMem.exe

C:\Windows\System\MeQsMem.exe

C:\Windows\System\fjtclIc.exe

C:\Windows\System\fjtclIc.exe

C:\Windows\System\ppHVpEo.exe

C:\Windows\System\ppHVpEo.exe

C:\Windows\System\MGNosSn.exe

C:\Windows\System\MGNosSn.exe

C:\Windows\System\EolYBey.exe

C:\Windows\System\EolYBey.exe

C:\Windows\System\CVHkdfp.exe

C:\Windows\System\CVHkdfp.exe

C:\Windows\System\ENSgSMt.exe

C:\Windows\System\ENSgSMt.exe

C:\Windows\System\CEntjyA.exe

C:\Windows\System\CEntjyA.exe

C:\Windows\System\nqxEdEN.exe

C:\Windows\System\nqxEdEN.exe

C:\Windows\System\WDMNCQT.exe

C:\Windows\System\WDMNCQT.exe

C:\Windows\System\sXvOwNO.exe

C:\Windows\System\sXvOwNO.exe

C:\Windows\System\atPYecg.exe

C:\Windows\System\atPYecg.exe

C:\Windows\System\lLNJaXl.exe

C:\Windows\System\lLNJaXl.exe

C:\Windows\System\RcKllSS.exe

C:\Windows\System\RcKllSS.exe

C:\Windows\System\mKSDQsZ.exe

C:\Windows\System\mKSDQsZ.exe

C:\Windows\System\oxWpwnt.exe

C:\Windows\System\oxWpwnt.exe

C:\Windows\System\YSXHmxf.exe

C:\Windows\System\YSXHmxf.exe

C:\Windows\System\akDwveG.exe

C:\Windows\System\akDwveG.exe

C:\Windows\System\VZkYePe.exe

C:\Windows\System\VZkYePe.exe

C:\Windows\System\npAStkh.exe

C:\Windows\System\npAStkh.exe

C:\Windows\System\nFplWpJ.exe

C:\Windows\System\nFplWpJ.exe

C:\Windows\System\beJLJyh.exe

C:\Windows\System\beJLJyh.exe

C:\Windows\System\EiWjuQZ.exe

C:\Windows\System\EiWjuQZ.exe

C:\Windows\System\csaUZFp.exe

C:\Windows\System\csaUZFp.exe

C:\Windows\System\odTCdds.exe

C:\Windows\System\odTCdds.exe

C:\Windows\System\gBFrxVD.exe

C:\Windows\System\gBFrxVD.exe

C:\Windows\System\yAlyjVD.exe

C:\Windows\System\yAlyjVD.exe

C:\Windows\System\tRSQWnP.exe

C:\Windows\System\tRSQWnP.exe

C:\Windows\System\VoHwBgJ.exe

C:\Windows\System\VoHwBgJ.exe

C:\Windows\System\uoDgqmB.exe

C:\Windows\System\uoDgqmB.exe

C:\Windows\System\YIpzlvP.exe

C:\Windows\System\YIpzlvP.exe

C:\Windows\System\gEiiQZe.exe

C:\Windows\System\gEiiQZe.exe

C:\Windows\System\pWnKtOV.exe

C:\Windows\System\pWnKtOV.exe

C:\Windows\System\TqyAsAc.exe

C:\Windows\System\TqyAsAc.exe

C:\Windows\System\HWsuosR.exe

C:\Windows\System\HWsuosR.exe

C:\Windows\System\xqpuFbW.exe

C:\Windows\System\xqpuFbW.exe

C:\Windows\System\fohQKRr.exe

C:\Windows\System\fohQKRr.exe

C:\Windows\System\qoaMIMg.exe

C:\Windows\System\qoaMIMg.exe

C:\Windows\System\rortgqa.exe

C:\Windows\System\rortgqa.exe

C:\Windows\System\mEemoTa.exe

C:\Windows\System\mEemoTa.exe

C:\Windows\System\dZpLQmg.exe

C:\Windows\System\dZpLQmg.exe

C:\Windows\System\McOPcKX.exe

C:\Windows\System\McOPcKX.exe

C:\Windows\System\gwNcISA.exe

C:\Windows\System\gwNcISA.exe

C:\Windows\System\fKWXxxo.exe

C:\Windows\System\fKWXxxo.exe

C:\Windows\System\MspwoKq.exe

C:\Windows\System\MspwoKq.exe

C:\Windows\System\gqwNhiA.exe

C:\Windows\System\gqwNhiA.exe

C:\Windows\System\yJjekBB.exe

C:\Windows\System\yJjekBB.exe

C:\Windows\System\ddOHiZV.exe

C:\Windows\System\ddOHiZV.exe

C:\Windows\System\ghhBixx.exe

C:\Windows\System\ghhBixx.exe

C:\Windows\System\VskikUz.exe

C:\Windows\System\VskikUz.exe

C:\Windows\System\wdykxbN.exe

C:\Windows\System\wdykxbN.exe

C:\Windows\System\aRlvrnu.exe

C:\Windows\System\aRlvrnu.exe

C:\Windows\System\qoHFLul.exe

C:\Windows\System\qoHFLul.exe

C:\Windows\System\EhUhJWK.exe

C:\Windows\System\EhUhJWK.exe

C:\Windows\System\PMpWqsO.exe

C:\Windows\System\PMpWqsO.exe

C:\Windows\System\mAQlLrz.exe

C:\Windows\System\mAQlLrz.exe

C:\Windows\System\svBKiip.exe

C:\Windows\System\svBKiip.exe

C:\Windows\System\HOgOnun.exe

C:\Windows\System\HOgOnun.exe

C:\Windows\System\NbCqlNl.exe

C:\Windows\System\NbCqlNl.exe

C:\Windows\System\VaGFDJS.exe

C:\Windows\System\VaGFDJS.exe

C:\Windows\System\VkZOart.exe

C:\Windows\System\VkZOart.exe

C:\Windows\System\zsTJLWN.exe

C:\Windows\System\zsTJLWN.exe

C:\Windows\System\SrPCjby.exe

C:\Windows\System\SrPCjby.exe

C:\Windows\System\uRgRSmB.exe

C:\Windows\System\uRgRSmB.exe

C:\Windows\System\KIhDEvk.exe

C:\Windows\System\KIhDEvk.exe

C:\Windows\System\VzYTltT.exe

C:\Windows\System\VzYTltT.exe

C:\Windows\System\yuDfmEu.exe

C:\Windows\System\yuDfmEu.exe

C:\Windows\System\UqVsjjf.exe

C:\Windows\System\UqVsjjf.exe

C:\Windows\System\LzJVnRW.exe

C:\Windows\System\LzJVnRW.exe

C:\Windows\System\iAbZpDU.exe

C:\Windows\System\iAbZpDU.exe

C:\Windows\System\ssCFqrd.exe

C:\Windows\System\ssCFqrd.exe

C:\Windows\System\ASiZuuD.exe

C:\Windows\System\ASiZuuD.exe

C:\Windows\System\zqVVPpk.exe

C:\Windows\System\zqVVPpk.exe

C:\Windows\System\CHgwzff.exe

C:\Windows\System\CHgwzff.exe

C:\Windows\System\PDoxmpG.exe

C:\Windows\System\PDoxmpG.exe

C:\Windows\System\dFPVrTt.exe

C:\Windows\System\dFPVrTt.exe

C:\Windows\System\GUyyaDv.exe

C:\Windows\System\GUyyaDv.exe

C:\Windows\System\UmCFknz.exe

C:\Windows\System\UmCFknz.exe

C:\Windows\System\NULoege.exe

C:\Windows\System\NULoege.exe

C:\Windows\System\EaCSATb.exe

C:\Windows\System\EaCSATb.exe

C:\Windows\System\emTMeMr.exe

C:\Windows\System\emTMeMr.exe

C:\Windows\System\DaQEhOB.exe

C:\Windows\System\DaQEhOB.exe

C:\Windows\System\iNlKZJw.exe

C:\Windows\System\iNlKZJw.exe

C:\Windows\System\saXuAjn.exe

C:\Windows\System\saXuAjn.exe

C:\Windows\System\kReIxao.exe

C:\Windows\System\kReIxao.exe

C:\Windows\System\PaMqZoS.exe

C:\Windows\System\PaMqZoS.exe

C:\Windows\System\USVCEYF.exe

C:\Windows\System\USVCEYF.exe

C:\Windows\System\EnliPCq.exe

C:\Windows\System\EnliPCq.exe

C:\Windows\System\ekPnssu.exe

C:\Windows\System\ekPnssu.exe

C:\Windows\System\IgLmZcd.exe

C:\Windows\System\IgLmZcd.exe

C:\Windows\System\ohrUGuO.exe

C:\Windows\System\ohrUGuO.exe

C:\Windows\System\guQyFAt.exe

C:\Windows\System\guQyFAt.exe

C:\Windows\System\NnqViCO.exe

C:\Windows\System\NnqViCO.exe

C:\Windows\System\OcMItmR.exe

C:\Windows\System\OcMItmR.exe

C:\Windows\System\qxaoZuj.exe

C:\Windows\System\qxaoZuj.exe

C:\Windows\System\EYQMHhM.exe

C:\Windows\System\EYQMHhM.exe

C:\Windows\System\OCZhaBd.exe

C:\Windows\System\OCZhaBd.exe

C:\Windows\System\BRHpSpl.exe

C:\Windows\System\BRHpSpl.exe

C:\Windows\System\iWNJXPF.exe

C:\Windows\System\iWNJXPF.exe

C:\Windows\System\Rreedaw.exe

C:\Windows\System\Rreedaw.exe

C:\Windows\System\ATNjsZm.exe

C:\Windows\System\ATNjsZm.exe

C:\Windows\System\isidRvJ.exe

C:\Windows\System\isidRvJ.exe

C:\Windows\System\hehoHlB.exe

C:\Windows\System\hehoHlB.exe

C:\Windows\System\BCanhOj.exe

C:\Windows\System\BCanhOj.exe

C:\Windows\System\mksCRSG.exe

C:\Windows\System\mksCRSG.exe

C:\Windows\System\qMwcAfY.exe

C:\Windows\System\qMwcAfY.exe

C:\Windows\System\uwVWlzc.exe

C:\Windows\System\uwVWlzc.exe

C:\Windows\System\UyAawEN.exe

C:\Windows\System\UyAawEN.exe

C:\Windows\System\FsITNVG.exe

C:\Windows\System\FsITNVG.exe

C:\Windows\System\pDfXiXM.exe

C:\Windows\System\pDfXiXM.exe

C:\Windows\System\MTwvOPo.exe

C:\Windows\System\MTwvOPo.exe

C:\Windows\System\UGNLmvy.exe

C:\Windows\System\UGNLmvy.exe

C:\Windows\System\SWJzWib.exe

C:\Windows\System\SWJzWib.exe

C:\Windows\System\CouKMsk.exe

C:\Windows\System\CouKMsk.exe

C:\Windows\System\WbRKyoZ.exe

C:\Windows\System\WbRKyoZ.exe

C:\Windows\System\nAcyOll.exe

C:\Windows\System\nAcyOll.exe

C:\Windows\System\horHWIb.exe

C:\Windows\System\horHWIb.exe

C:\Windows\System\wWsMpiw.exe

C:\Windows\System\wWsMpiw.exe

C:\Windows\System\UfdrPpl.exe

C:\Windows\System\UfdrPpl.exe

C:\Windows\System\CBsnfsG.exe

C:\Windows\System\CBsnfsG.exe

C:\Windows\System\TZXxPCG.exe

C:\Windows\System\TZXxPCG.exe

C:\Windows\System\RChkmDV.exe

C:\Windows\System\RChkmDV.exe

C:\Windows\System\ZEXjLcF.exe

C:\Windows\System\ZEXjLcF.exe

C:\Windows\System\VSLBQmP.exe

C:\Windows\System\VSLBQmP.exe

C:\Windows\System\ZKiMldh.exe

C:\Windows\System\ZKiMldh.exe

C:\Windows\System\pvOnJqs.exe

C:\Windows\System\pvOnJqs.exe

C:\Windows\System\jGpXjpY.exe

C:\Windows\System\jGpXjpY.exe

C:\Windows\System\VNqOBXD.exe

C:\Windows\System\VNqOBXD.exe

C:\Windows\System\SFedqUh.exe

C:\Windows\System\SFedqUh.exe

C:\Windows\System\sQKRExC.exe

C:\Windows\System\sQKRExC.exe

C:\Windows\System\RpBTuGA.exe

C:\Windows\System\RpBTuGA.exe

C:\Windows\System\sMKArAy.exe

C:\Windows\System\sMKArAy.exe

C:\Windows\System\qWMrJvJ.exe

C:\Windows\System\qWMrJvJ.exe

C:\Windows\System\BdrKvky.exe

C:\Windows\System\BdrKvky.exe

C:\Windows\System\vZHarqv.exe

C:\Windows\System\vZHarqv.exe

C:\Windows\System\oKbPwxa.exe

C:\Windows\System\oKbPwxa.exe

C:\Windows\System\dMmdeaB.exe

C:\Windows\System\dMmdeaB.exe

C:\Windows\System\ejiwjaw.exe

C:\Windows\System\ejiwjaw.exe

C:\Windows\System\sjjyXMq.exe

C:\Windows\System\sjjyXMq.exe

C:\Windows\System\vwwKhbV.exe

C:\Windows\System\vwwKhbV.exe

C:\Windows\System\bZuFplB.exe

C:\Windows\System\bZuFplB.exe

C:\Windows\System\iBjpAxu.exe

C:\Windows\System\iBjpAxu.exe

C:\Windows\System\TLbMJQy.exe

C:\Windows\System\TLbMJQy.exe

C:\Windows\System\VbIhoHQ.exe

C:\Windows\System\VbIhoHQ.exe

C:\Windows\System\rlMFncB.exe

C:\Windows\System\rlMFncB.exe

C:\Windows\System\FBfNiNc.exe

C:\Windows\System\FBfNiNc.exe

C:\Windows\System\MJlhnei.exe

C:\Windows\System\MJlhnei.exe

C:\Windows\System\hyjgfbX.exe

C:\Windows\System\hyjgfbX.exe

C:\Windows\System\ulKtENH.exe

C:\Windows\System\ulKtENH.exe

C:\Windows\System\nxfCiHd.exe

C:\Windows\System\nxfCiHd.exe

C:\Windows\System\vcHhzps.exe

C:\Windows\System\vcHhzps.exe

C:\Windows\System\YHmtNJP.exe

C:\Windows\System\YHmtNJP.exe

C:\Windows\System\SRInrUx.exe

C:\Windows\System\SRInrUx.exe

C:\Windows\System\AUvvDaP.exe

C:\Windows\System\AUvvDaP.exe

C:\Windows\System\fPSXsPx.exe

C:\Windows\System\fPSXsPx.exe

C:\Windows\System\ilaNhlt.exe

C:\Windows\System\ilaNhlt.exe

C:\Windows\System\arfcLfQ.exe

C:\Windows\System\arfcLfQ.exe

C:\Windows\System\SiAQhDC.exe

C:\Windows\System\SiAQhDC.exe

C:\Windows\System\PBQCiLS.exe

C:\Windows\System\PBQCiLS.exe

C:\Windows\System\KppTJgS.exe

C:\Windows\System\KppTJgS.exe

C:\Windows\System\eEaLUUK.exe

C:\Windows\System\eEaLUUK.exe

C:\Windows\System\AMpXiQq.exe

C:\Windows\System\AMpXiQq.exe

C:\Windows\System\puoSwtt.exe

C:\Windows\System\puoSwtt.exe

C:\Windows\System\JDaFVSX.exe

C:\Windows\System\JDaFVSX.exe

C:\Windows\System\OybAtYa.exe

C:\Windows\System\OybAtYa.exe

C:\Windows\System\UOSZvWj.exe

C:\Windows\System\UOSZvWj.exe

C:\Windows\System\BeYfqFC.exe

C:\Windows\System\BeYfqFC.exe

C:\Windows\System\pfFRExg.exe

C:\Windows\System\pfFRExg.exe

C:\Windows\System\OKDkOAe.exe

C:\Windows\System\OKDkOAe.exe

C:\Windows\System\dhBXLXp.exe

C:\Windows\System\dhBXLXp.exe

C:\Windows\System\JFLCyTd.exe

C:\Windows\System\JFLCyTd.exe

C:\Windows\System\sjykFMP.exe

C:\Windows\System\sjykFMP.exe

C:\Windows\System\QEZDlnu.exe

C:\Windows\System\QEZDlnu.exe

C:\Windows\System\EpGpFZi.exe

C:\Windows\System\EpGpFZi.exe

C:\Windows\System\CMpPKys.exe

C:\Windows\System\CMpPKys.exe

C:\Windows\System\ktykprg.exe

C:\Windows\System\ktykprg.exe

C:\Windows\System\fmyUgMG.exe

C:\Windows\System\fmyUgMG.exe

C:\Windows\System\FFGsWKN.exe

C:\Windows\System\FFGsWKN.exe

C:\Windows\System\IVWzFpZ.exe

C:\Windows\System\IVWzFpZ.exe

C:\Windows\System\bZMNmzy.exe

C:\Windows\System\bZMNmzy.exe

C:\Windows\System\WVCqUdK.exe

C:\Windows\System\WVCqUdK.exe

C:\Windows\System\zqzgfPE.exe

C:\Windows\System\zqzgfPE.exe

C:\Windows\System\QwqkVuu.exe

C:\Windows\System\QwqkVuu.exe

C:\Windows\System\bTGXPOF.exe

C:\Windows\System\bTGXPOF.exe

C:\Windows\System\xZirJnJ.exe

C:\Windows\System\xZirJnJ.exe

C:\Windows\System\cGlnYOv.exe

C:\Windows\System\cGlnYOv.exe

C:\Windows\System\emBZluk.exe

C:\Windows\System\emBZluk.exe

C:\Windows\System\BETOfMj.exe

C:\Windows\System\BETOfMj.exe

C:\Windows\System\DYcbbdh.exe

C:\Windows\System\DYcbbdh.exe

C:\Windows\System\ucQFfDw.exe

C:\Windows\System\ucQFfDw.exe

C:\Windows\System\QqTcIEc.exe

C:\Windows\System\QqTcIEc.exe

C:\Windows\System\dSawbQu.exe

C:\Windows\System\dSawbQu.exe

C:\Windows\System\KxInpmg.exe

C:\Windows\System\KxInpmg.exe

C:\Windows\System\UhhQSER.exe

C:\Windows\System\UhhQSER.exe

C:\Windows\System\hrpRBLW.exe

C:\Windows\System\hrpRBLW.exe

C:\Windows\System\nRTjsnH.exe

C:\Windows\System\nRTjsnH.exe

C:\Windows\System\bWVLmfF.exe

C:\Windows\System\bWVLmfF.exe

C:\Windows\System\nsweyxx.exe

C:\Windows\System\nsweyxx.exe

C:\Windows\System\hhkzpKj.exe

C:\Windows\System\hhkzpKj.exe

C:\Windows\System\UCreFCd.exe

C:\Windows\System\UCreFCd.exe

C:\Windows\System\zGzymUl.exe

C:\Windows\System\zGzymUl.exe

C:\Windows\System\nZKdeDR.exe

C:\Windows\System\nZKdeDR.exe

C:\Windows\System\moBhjFX.exe

C:\Windows\System\moBhjFX.exe

C:\Windows\System\ZNQawEr.exe

C:\Windows\System\ZNQawEr.exe

C:\Windows\System\qPIarOD.exe

C:\Windows\System\qPIarOD.exe

C:\Windows\System\PDfAhrb.exe

C:\Windows\System\PDfAhrb.exe

C:\Windows\System\FmUgyFL.exe

C:\Windows\System\FmUgyFL.exe

C:\Windows\System\UawVKpR.exe

C:\Windows\System\UawVKpR.exe

C:\Windows\System\AGQKhcV.exe

C:\Windows\System\AGQKhcV.exe

C:\Windows\System\hxUDGez.exe

C:\Windows\System\hxUDGez.exe

C:\Windows\System\nSPGwlo.exe

C:\Windows\System\nSPGwlo.exe

C:\Windows\System\ltnPTfe.exe

C:\Windows\System\ltnPTfe.exe

C:\Windows\System\Jufjtnm.exe

C:\Windows\System\Jufjtnm.exe

C:\Windows\System\BiLFoDa.exe

C:\Windows\System\BiLFoDa.exe

C:\Windows\System\tVasMKx.exe

C:\Windows\System\tVasMKx.exe

C:\Windows\System\iDlmvvE.exe

C:\Windows\System\iDlmvvE.exe

C:\Windows\System\yRdDUdv.exe

C:\Windows\System\yRdDUdv.exe

C:\Windows\System\mUSUFLF.exe

C:\Windows\System\mUSUFLF.exe

C:\Windows\System\XJMkxKF.exe

C:\Windows\System\XJMkxKF.exe

C:\Windows\System\PXdjOmo.exe

C:\Windows\System\PXdjOmo.exe

C:\Windows\System\YnXsWiz.exe

C:\Windows\System\YnXsWiz.exe

C:\Windows\System\lThXfMC.exe

C:\Windows\System\lThXfMC.exe

C:\Windows\System\HXKqrwQ.exe

C:\Windows\System\HXKqrwQ.exe

C:\Windows\System\kSMcOWt.exe

C:\Windows\System\kSMcOWt.exe

C:\Windows\System\JNMAAQC.exe

C:\Windows\System\JNMAAQC.exe

C:\Windows\System\pPqbGOX.exe

C:\Windows\System\pPqbGOX.exe

C:\Windows\System\BjFIxNV.exe

C:\Windows\System\BjFIxNV.exe

C:\Windows\System\XlfRHip.exe

C:\Windows\System\XlfRHip.exe

C:\Windows\System\WefrKmy.exe

C:\Windows\System\WefrKmy.exe

C:\Windows\System\VjjBblM.exe

C:\Windows\System\VjjBblM.exe

C:\Windows\System\heeaTKR.exe

C:\Windows\System\heeaTKR.exe

C:\Windows\System\uuxyzxJ.exe

C:\Windows\System\uuxyzxJ.exe

C:\Windows\System\NnqKtiR.exe

C:\Windows\System\NnqKtiR.exe

C:\Windows\System\pisHuti.exe

C:\Windows\System\pisHuti.exe

C:\Windows\System\amvwSeJ.exe

C:\Windows\System\amvwSeJ.exe

C:\Windows\System\bcFKKZw.exe

C:\Windows\System\bcFKKZw.exe

C:\Windows\System\HogURnK.exe

C:\Windows\System\HogURnK.exe

C:\Windows\System\PzwmgbG.exe

C:\Windows\System\PzwmgbG.exe

C:\Windows\System\bYKrbFT.exe

C:\Windows\System\bYKrbFT.exe

C:\Windows\System\ZTSHvjV.exe

C:\Windows\System\ZTSHvjV.exe

C:\Windows\System\HdzASmr.exe

C:\Windows\System\HdzASmr.exe

C:\Windows\System\lPErUiG.exe

C:\Windows\System\lPErUiG.exe

C:\Windows\System\AUghMfl.exe

C:\Windows\System\AUghMfl.exe

C:\Windows\System\WFMjjJy.exe

C:\Windows\System\WFMjjJy.exe

C:\Windows\System\MqyTVkR.exe

C:\Windows\System\MqyTVkR.exe

C:\Windows\System\xNnDtFq.exe

C:\Windows\System\xNnDtFq.exe

C:\Windows\System\AcfdMne.exe

C:\Windows\System\AcfdMne.exe

C:\Windows\System\duWhBMk.exe

C:\Windows\System\duWhBMk.exe

C:\Windows\System\iBVocYB.exe

C:\Windows\System\iBVocYB.exe

C:\Windows\System\peeQRkZ.exe

C:\Windows\System\peeQRkZ.exe

C:\Windows\System\RRuZpif.exe

C:\Windows\System\RRuZpif.exe

C:\Windows\System\IFcxPSY.exe

C:\Windows\System\IFcxPSY.exe

C:\Windows\System\BeoBwMR.exe

C:\Windows\System\BeoBwMR.exe

C:\Windows\System\HRjWrxn.exe

C:\Windows\System\HRjWrxn.exe

C:\Windows\System\nuVhPfO.exe

C:\Windows\System\nuVhPfO.exe

C:\Windows\System\aYgrfDE.exe

C:\Windows\System\aYgrfDE.exe

C:\Windows\System\kDecVgx.exe

C:\Windows\System\kDecVgx.exe

C:\Windows\System\JjPJHqY.exe

C:\Windows\System\JjPJHqY.exe

C:\Windows\System\KzIsICF.exe

C:\Windows\System\KzIsICF.exe

C:\Windows\System\NoYGGVK.exe

C:\Windows\System\NoYGGVK.exe

C:\Windows\System\ljgRFaJ.exe

C:\Windows\System\ljgRFaJ.exe

C:\Windows\System\kfkmaTD.exe

C:\Windows\System\kfkmaTD.exe

C:\Windows\System\eUQkkPB.exe

C:\Windows\System\eUQkkPB.exe

C:\Windows\System\ufILaiI.exe

C:\Windows\System\ufILaiI.exe

C:\Windows\System\EVkJgOG.exe

C:\Windows\System\EVkJgOG.exe

C:\Windows\System\qyckEiG.exe

C:\Windows\System\qyckEiG.exe

C:\Windows\System\VKARXND.exe

C:\Windows\System\VKARXND.exe

C:\Windows\System\BENeolD.exe

C:\Windows\System\BENeolD.exe

C:\Windows\System\uiElIVd.exe

C:\Windows\System\uiElIVd.exe

C:\Windows\System\HkELPmf.exe

C:\Windows\System\HkELPmf.exe

C:\Windows\System\lPlgDaD.exe

C:\Windows\System\lPlgDaD.exe

C:\Windows\System\LlvXApT.exe

C:\Windows\System\LlvXApT.exe

C:\Windows\System\jGBygMU.exe

C:\Windows\System\jGBygMU.exe

C:\Windows\System\JFfvlaO.exe

C:\Windows\System\JFfvlaO.exe

C:\Windows\System\fsblorC.exe

C:\Windows\System\fsblorC.exe

C:\Windows\System\zSChdwC.exe

C:\Windows\System\zSChdwC.exe

C:\Windows\System\RkzPqLs.exe

C:\Windows\System\RkzPqLs.exe

C:\Windows\System\jqSYrvF.exe

C:\Windows\System\jqSYrvF.exe

C:\Windows\System\yURaZcj.exe

C:\Windows\System\yURaZcj.exe

C:\Windows\System\RYawrAa.exe

C:\Windows\System\RYawrAa.exe

C:\Windows\System\MkCblDj.exe

C:\Windows\System\MkCblDj.exe

C:\Windows\System\NdeoqKn.exe

C:\Windows\System\NdeoqKn.exe

C:\Windows\System\AQUfuEA.exe

C:\Windows\System\AQUfuEA.exe

C:\Windows\System\vbPRVxU.exe

C:\Windows\System\vbPRVxU.exe

C:\Windows\System\bwoSRBN.exe

C:\Windows\System\bwoSRBN.exe

C:\Windows\System\fOaiteE.exe

C:\Windows\System\fOaiteE.exe

C:\Windows\System\aswLeKj.exe

C:\Windows\System\aswLeKj.exe

C:\Windows\System\IcBGSOf.exe

C:\Windows\System\IcBGSOf.exe

C:\Windows\System\ENViglU.exe

C:\Windows\System\ENViglU.exe

C:\Windows\System\LAktFvR.exe

C:\Windows\System\LAktFvR.exe

C:\Windows\System\jhVZxAx.exe

C:\Windows\System\jhVZxAx.exe

C:\Windows\System\ZaogKEJ.exe

C:\Windows\System\ZaogKEJ.exe

C:\Windows\System\aXZPxmq.exe

C:\Windows\System\aXZPxmq.exe

C:\Windows\System\WrjlnZX.exe

C:\Windows\System\WrjlnZX.exe

C:\Windows\System\UoFghHO.exe

C:\Windows\System\UoFghHO.exe

C:\Windows\System\oRcnpRa.exe

C:\Windows\System\oRcnpRa.exe

C:\Windows\System\geVnFgV.exe

C:\Windows\System\geVnFgV.exe

C:\Windows\System\aheVTKX.exe

C:\Windows\System\aheVTKX.exe

C:\Windows\System\DkaHtnC.exe

C:\Windows\System\DkaHtnC.exe

C:\Windows\System\VXfAJjn.exe

C:\Windows\System\VXfAJjn.exe

C:\Windows\System\zVBoPqr.exe

C:\Windows\System\zVBoPqr.exe

C:\Windows\System\pnvDNGJ.exe

C:\Windows\System\pnvDNGJ.exe

C:\Windows\System\HzfGiFD.exe

C:\Windows\System\HzfGiFD.exe

C:\Windows\System\LTHsYZz.exe

C:\Windows\System\LTHsYZz.exe

C:\Windows\System\OKjlGVz.exe

C:\Windows\System\OKjlGVz.exe

C:\Windows\System\aWgANCM.exe

C:\Windows\System\aWgANCM.exe

C:\Windows\System\RQNkJZq.exe

C:\Windows\System\RQNkJZq.exe

C:\Windows\System\MrXJlNn.exe

C:\Windows\System\MrXJlNn.exe

C:\Windows\System\SkVWpWM.exe

C:\Windows\System\SkVWpWM.exe

C:\Windows\System\PyGplfb.exe

C:\Windows\System\PyGplfb.exe

C:\Windows\System\vjnxIhw.exe

C:\Windows\System\vjnxIhw.exe

C:\Windows\System\RNYQjIA.exe

C:\Windows\System\RNYQjIA.exe

C:\Windows\System\WWsGwCJ.exe

C:\Windows\System\WWsGwCJ.exe

C:\Windows\System\mMKmGgz.exe

C:\Windows\System\mMKmGgz.exe

C:\Windows\System\tEdipdj.exe

C:\Windows\System\tEdipdj.exe

C:\Windows\System\WdIpYkg.exe

C:\Windows\System\WdIpYkg.exe

C:\Windows\System\NCrzZlh.exe

C:\Windows\System\NCrzZlh.exe

C:\Windows\System\yQKzRPE.exe

C:\Windows\System\yQKzRPE.exe

C:\Windows\System\SIjNSHy.exe

C:\Windows\System\SIjNSHy.exe

C:\Windows\System\RjgQbcr.exe

C:\Windows\System\RjgQbcr.exe

C:\Windows\System\CobNmrU.exe

C:\Windows\System\CobNmrU.exe

C:\Windows\System\nGSLgiQ.exe

C:\Windows\System\nGSLgiQ.exe

C:\Windows\System\sPQpxAb.exe

C:\Windows\System\sPQpxAb.exe

C:\Windows\System\aPgVKRr.exe

C:\Windows\System\aPgVKRr.exe

C:\Windows\System\kMxUgbN.exe

C:\Windows\System\kMxUgbN.exe

C:\Windows\System\cUZOTFr.exe

C:\Windows\System\cUZOTFr.exe

C:\Windows\System\vlJYUwJ.exe

C:\Windows\System\vlJYUwJ.exe

C:\Windows\System\IMAGWRw.exe

C:\Windows\System\IMAGWRw.exe

C:\Windows\System\kghNCpm.exe

C:\Windows\System\kghNCpm.exe

C:\Windows\System\KxIRVUL.exe

C:\Windows\System\KxIRVUL.exe

C:\Windows\System\JEpLdwk.exe

C:\Windows\System\JEpLdwk.exe

C:\Windows\System\ROldhXd.exe

C:\Windows\System\ROldhXd.exe

C:\Windows\System\zGilMfT.exe

C:\Windows\System\zGilMfT.exe

C:\Windows\System\zEVCWVA.exe

C:\Windows\System\zEVCWVA.exe

C:\Windows\System\BnaLyll.exe

C:\Windows\System\BnaLyll.exe

C:\Windows\System\McgGlBB.exe

C:\Windows\System\McgGlBB.exe

C:\Windows\System\SZSyxGk.exe

C:\Windows\System\SZSyxGk.exe

C:\Windows\System\TCQNbpS.exe

C:\Windows\System\TCQNbpS.exe

C:\Windows\System\tWZGvsF.exe

C:\Windows\System\tWZGvsF.exe

C:\Windows\System\huSqbSF.exe

C:\Windows\System\huSqbSF.exe

C:\Windows\System\vqABqPk.exe

C:\Windows\System\vqABqPk.exe

C:\Windows\System\YBCmjTT.exe

C:\Windows\System\YBCmjTT.exe

C:\Windows\System\SaDkYno.exe

C:\Windows\System\SaDkYno.exe

C:\Windows\System\NJFoOPD.exe

C:\Windows\System\NJFoOPD.exe

C:\Windows\System\StvmMth.exe

C:\Windows\System\StvmMth.exe

C:\Windows\System\tHlZJMt.exe

C:\Windows\System\tHlZJMt.exe

C:\Windows\System\nwajhco.exe

C:\Windows\System\nwajhco.exe

C:\Windows\System\TaSKMMn.exe

C:\Windows\System\TaSKMMn.exe

C:\Windows\System\HuUhTxT.exe

C:\Windows\System\HuUhTxT.exe

C:\Windows\System\sZftlIw.exe

C:\Windows\System\sZftlIw.exe

C:\Windows\System\cPGrWEE.exe

C:\Windows\System\cPGrWEE.exe

C:\Windows\System\tHkCWpC.exe

C:\Windows\System\tHkCWpC.exe

C:\Windows\System\xbHHOXY.exe

C:\Windows\System\xbHHOXY.exe

C:\Windows\System\SFFsTCO.exe

C:\Windows\System\SFFsTCO.exe

C:\Windows\System\qvGmUpu.exe

C:\Windows\System\qvGmUpu.exe

C:\Windows\System\FeBOmFD.exe

C:\Windows\System\FeBOmFD.exe

C:\Windows\System\ERBlwdC.exe

C:\Windows\System\ERBlwdC.exe

C:\Windows\System\WlMUlaY.exe

C:\Windows\System\WlMUlaY.exe

C:\Windows\System\KEwqMkG.exe

C:\Windows\System\KEwqMkG.exe

Network

N/A

Files

memory/2532-0-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\ziVdMiY.exe

MD5 7ec57f935f14e28bf58fd354d356803c
SHA1 7c58718adab50961b7bcecffb35dadd1259a2425
SHA256 7963734610427288150cdd582935b33f216f92f39c4d26b107ab3e5342683d90
SHA512 0233c25f492f73181208f6b4f8ac3a5aab6298329cc4986c1e8aa32c3061c36dc710a19d74e29b9038aeb386bd93496a438d65e20104ddf9cab5436c1cc4e0ec

\Windows\system\fPHmMdQ.exe

MD5 c5de8ea73fc37e989963f376f2af35ba
SHA1 10532c872631157f9ff1f4c252e5a0d68e134daf
SHA256 ebb59ba9f545b9260a27baed1a493941e74e64cf49369fd0fe5fc3427e887798
SHA512 56ae15edda91454fda9867b9dc8a0462837326dacb4023e1548028f39cab71327fd7cabf995d6249dd4e6ee134fd36de966544cefa5844d6ce2105785320e355

C:\Windows\system\LzkijvO.exe

MD5 3a613c23bcd9b76b9bd5e08158951c4a
SHA1 dff470d9888368aa8612e42f3beff207b7fb794d
SHA256 e12d6dfaf8130cf8550246246111f262f76db6f5f00012033f31603295e9eda3
SHA512 106cdac920e98cc793b0a2e391ce6bce616963b4af62e14807a82f84c0b93ab36fbfa082e8a829c97ba73447aaf8b4a21a8e28ec8edb6fc524382d1deb176ba6

\Windows\system\sOJkXyJ.exe

MD5 10ed96382785dc67cee3ce490134e8c6
SHA1 e588b2079c15e5f9fcda07a6334a523bcada1332
SHA256 06afe34ecfc63457b2d33499504dce8eb8ba20f9b1f25e980ea31362512b2b8b
SHA512 5db083b5ffaef19689b0c44c41cdaca7e78355750f238a6306f9dae3f4160df1c49ca289fc8dcf6afba091a19e84e267e684852f972f62625a68339b18e596d0

\Windows\system\baUhBIM.exe

MD5 8eb7c6cbed1f76b95eaa84009022e985
SHA1 4d095bb1c0d66309f9c0dcb6d3a641a5bd7b6027
SHA256 7a863a202b0952d5d609635c99522fe12780d9ebc2b557e4cd720996b9725b61
SHA512 521b422dbff2310581a98ac8a9fed8c478aed999908d02082cb6f00b1ef675e8ee4c00581d43d043f6419114e24001574a7f9d64472f294d6a509daad860275e

C:\Windows\system\CABmLSU.exe

MD5 9a73fe7a9e638758a1e86f0ff7a69b01
SHA1 31a87ab48d1c90dddd0b2a91045ad0571ea4c453
SHA256 a0e362b123ace9b3da2140b9d62fc18f9da9d4cc63d5442d28d625040796e58a
SHA512 d466aafd125e0191634904cd545185e574bf6499897235fad5da2af8d0e8f68b18b33c5490d67ee9a251b5a5c3f850efdb60e5de9c3ab8b96e131726628e1610

C:\Windows\system\nxcLjgj.exe

MD5 8de3c052956fc47b6139aace2325f13e
SHA1 515eba819708e7e6f1efcbbcdbae648f9995e46f
SHA256 bb3e48544f8e22370c53a604ee6c889f8df65a43c103524b98508f0985b9e603
SHA512 a5f62031a852b02e9e6bc3ffa092c28f1f6dbcbd804cacda1f6d4c159aec3ea12f62369bfdcb9c3b7b66f164d36cb95f8375adc711a5b503665995fd0509ce35

\Windows\system\Kfzbfbw.exe

MD5 60a8576e1df1dae9dd2a91fa8e549d6d
SHA1 4d482a7fbd066d91539798b8cfbac8612ce766b3
SHA256 8abdf55b7cee4fd90d2045a0f80894ea7289eea0c5c374bee02c2fff325aad7e
SHA512 850a2d7b3e8b81af056d6efd91f28fe16efc0136d350e19825fa4622a08786e936c08aec5beb7d1c676133a5b35151ee0c04a8add36177e881654bc7a0981ac6

\Windows\system\orNSLCQ.exe

MD5 f9bf174a78b58b7b5e51348ec4b3c180
SHA1 87914ca604eb1d4e855a82f5098da442320a0d24
SHA256 118862bb2ddd3d5729a8bd725fb5b34a54ab419748998b8d8f1e5823e8a459cf
SHA512 c92f9f23811630cd21f146c506ebeadffbe365dc78253013c5a7ce23a0bf49e96b3f4a3fbc417b549e55fb358ab41d34e7f447f20f7a8c5a94ac9d44995d4d36

\Windows\system\xLwISyd.exe

MD5 2f2dd435b115710d87430c8b09e6a30d
SHA1 8b1683765bc2c09e8382fb1743e6aeb1c8e039e5
SHA256 aa7fbbbd9fbda37f3069ecb71d310ca7d3e0c61b52ee0cb0ed5faaa1743a6a2f
SHA512 c6c0234389ae8dfc878171d8d659e740cc87852f83ce6a65cd77986a77ad0378102aeacab1f715b880a4b263021a2a90d7a1facf90ab958a5e28d0bd90b85709

C:\Windows\system\esytMQu.exe

MD5 b5c002fecf180ed0e35b2436d024b766
SHA1 17de8f44d6bb825d74b2e20c0508fd109ff9c256
SHA256 b8123045ee21b9e48b3ab1a9e107521a77139f0ad2972ca62fc81278baefce6e
SHA512 ed8126d66151902cf329489b7aae82efd41c7d0ebed908bb5743fe296a92ba65f08ab02dc3704585741332f94190c818875f4d61b1eeace84039d40c0bc39d28

C:\Windows\system\uYhjuSM.exe

MD5 49ca51f7fbcab06aac08cfe2f19c2557
SHA1 4e6750b81aeafac310bd2055b7aa9013db7f70f5
SHA256 a8964aa3d10363218241b0c6d8c8b4dccf6f2f99bd394f228468140fae8413bd
SHA512 1c65f0a29c91f9b0218a65804cd9929d87c9301dfa9cc0ee39115615a029d9448b5e92f78dba1e757214fba0ae6379b91553e45818c198c9328a28098d6bc305

C:\Windows\system\iihDjZg.exe

MD5 dfb4b11df25f13d71256cbfaa80becd8
SHA1 fb2d5754878e91bb68bb9c332e7ed9a5eb1eee13
SHA256 c80f4c3e24dce1bad58af561a314cc19d04f599f1d29ae877a0ce568f2b8ba90
SHA512 5bec9ed90ab8942a9dc86203ee1d79d61a3841887f1fa9cefab8b1b2ad30284ba36efac6b4202a290cd1df6df461d0ddb940e457a8d97d84aef2dd346d6428f3

C:\Windows\system\bwBXViM.exe

MD5 bff616e320f098f5ef328bf2a8f93e00
SHA1 76caad69980ebcbabbc910b2abfd74fd83747dab
SHA256 1e3df58c7fed06c39d344e74c651969afc3c38962ca1be414bc316db4687ce08
SHA512 af44e14dac8e66a4a391e11e5f97ce3b220c77200089219cafd49fc611d8eddc472cf8062e713dec6038bed2eb1338db2fa38dd52a6a1f6dc823a9a902046ca8

\Windows\system\PeiJVNR.exe

MD5 7499b2291b4fd314fa7f51592ead2cb6
SHA1 db238144f42eca6cf8adff28648aa391207e56c4
SHA256 bf9db9e0d8a0b8248c70b489df51ebb45a4b7d04bd12cac8abf23891e539d745
SHA512 7da5aaa6ebda5a40ab54bcc494d4a447c385b75430449b3e9a000ea3f1143d4b5dc4111fb12bade6ea5dc39ab4b98cb973409f4d054e31de7cca0ca36efcf1e3

C:\Windows\system\WOAiMVK.exe

MD5 951d7dd915b11bcaf834e982941ef639
SHA1 52c37fcd94882ff9796e00ac82b127fd4c2faef7
SHA256 26372487f46891de6eb3105a7d126f5916e95849a830844afb1b8bc1bf7e3ee3
SHA512 842baf0a1acc1aa3ea8d0623c9a3fd2c06fef53b4d0f8c0cf8e8dddd205b61d66e87a71e594d7e24fefd4ecca65531443d10d97dfed78aad6cd33f8b919b6bee

C:\Windows\system\QjRpsEA.exe

MD5 2d0a4093ecd16261c96d4fedf25d5912
SHA1 45d8f33229f7119abb47e256e60418041433c3ef
SHA256 f3fa523fce1d1fda6e16d600fa1898068dbfc7ea581d8d10aba3f07d9b95b215
SHA512 597b2f67c55d1b1fd348e03569c6694174a4a65f1493cbb96bc6acc174c5eb821b167fde3df9c38522fe10b2783338ca41354a599eb6b27de46112da8210c67a

C:\Windows\system\iGmZfSd.exe

MD5 fb5bdc6270833613524d2541297414de
SHA1 cf36cca17429cfecfc7defd23c16a83a1902f43f
SHA256 f924a2d26b9855c308a095e166cc39cbe1848ff402a46e247cf0aa56041928e4
SHA512 92685e11fd0896125d80a707b4d4f09ee39687454bcbbf782dd8bc844ae98ee1ac868e9b1b92ebcee34c8bb2bd6d2305682aa79f1d26776218e134c40bed9a59

C:\Windows\system\NPpNskp.exe

MD5 1a72ab7d18cb8d38af19427f3ed85122
SHA1 1c0baa20ca3a96fcc6099793535274af4b5cec3a
SHA256 cce4e930d417d997d1a6d7759349b5cda0a437b56b51b74dd2625d64f39a2689
SHA512 56d72e58fb1a3c8a61140f833004397c82bb4e4feb3e1be14a3b1de7739cd79a72e154e1e9509586916fd35b41e0d2751aafef69b015eafcbaa98b81476243dd

C:\Windows\system\FoAHWoS.exe

MD5 7a4faa6138509ad577ca4d318a9fdf58
SHA1 fa52b609d61f3c983d0757fab55ab799a180b728
SHA256 1f575deb10f41fb055ba2264b4f203babf9e61221f6b1078403a83fdea1c0723
SHA512 ebccb8b2a7e3b2a8287e66aca01c0984c738ef9b5ebe24222f6ff69d59c2e28c45baafe4ee985bec76c140105dc76863c585ecd4bfa5803bddd49461e0bb1702

C:\Windows\system\rirJbwC.exe

MD5 bdc6c0a9838be55b3f14c7f07b6e56f1
SHA1 28d218f259e16f72ceb159193dff910de1503813
SHA256 5e9901c6cb46fd53ac6308fc3ba0edd23641168c25745fd3422a9c952133ae31
SHA512 f202fbe5ae8a69885961da51c75ab71f1b5014532069e0aabf19a973b243c5d697ab38fe31e21bb2ba78fc73227c6a174892ca8ea1e46b9a813e77a57e9516f1

C:\Windows\system\oqntUeN.exe

MD5 5d9e4bd5b5af9cdeb326bf727bd683c8
SHA1 305d3903f93b2d362474fc821aa5213768a0d78d
SHA256 9818fd175bf093680550435c08ed0c4321f393a208b33bb364cb2863c69e0e98
SHA512 217a15f074ad50df1628a0bb199437701ab9b2a4a85733b82a8f29a2d0f5d04d215bfe274695c00f60094fb20862d9cdf1dc8fbce571f11f0ed02fc856832958

C:\Windows\system\vzghjgh.exe

MD5 311b92d75c937dcd5b73190212490c5e
SHA1 d85baa60a7bc77272c16e5e73fcc231ded4bfbf3
SHA256 03c0ae09ba61dfa7db16442ae3b41547c6bb5eed7720d40e8efc7a379d261a42
SHA512 bfd18f49a9483bbf7670d28f7e925b1d64f7569eee380f47d0bec0b184cb968de9af6d0b648df10a41d2178115f0f1062500a5241676e07f1832dbe20990d3da

C:\Windows\system\LDMKITq.exe

MD5 eadc896ed3e406610678727e3d945ade
SHA1 85c800cb0338ce213e4f739adc80f8252e07fa63
SHA256 3aec9d3ec3e2e7729ca0e4f49d9564ce5c9ca73a7f7233e73a6b59fbf3ceb69e
SHA512 f5324147833985d28e0f4e47c85be74883b77bc9a36afb6e65e7f7f40ac636f7c25d07395dc3e161e25081d7851b966f064bbd31da81d488290ef2db7b9ab980

C:\Windows\system\idyOMZf.exe

MD5 2a4ad6423f5e774715b37eae406a7a1e
SHA1 20189a1bda7e1696d3b59c8ffce4d5ab951aa399
SHA256 8f373fbb97f5a3141ca92bf5c4e177feec9e3b7d8eae4cefd743a80548f1b225
SHA512 bf4249cf4f9282f12495529626b0202b9e0615e8683126ffbef5c69b4dfc76238f44d13aeb5acfb21ce5044969986379b1e51177397b4eb2b94f23c091ed344d

\Windows\system\PsujxND.exe

MD5 b02c156b29b33f0adadefc90afcff634
SHA1 16adfc52a5a5a6587c6030dc398ef2640e906574
SHA256 b419824c6e3f1db652ec9895a4f4425d51d9f39983a4356e3ad9c689d496c32e
SHA512 360f5c293b7e94d82d93227d14189527433455deb0dc9ec712f9dabdb4d9bbf89ee2e77e1f1475f23249bc72be9d1c6f736221c287c5c13bf636130873df9093

\Windows\system\ecQRTtU.exe

MD5 0b99adb88af33e5254e77ebe6014c5ad
SHA1 924aa3f6a356e7b06e6c56029f4a7784d7979829
SHA256 01aa613cde697e133c025378cbc8badfda56e82585eebc6b395c1dc7fdfbd94d
SHA512 78f82fa3a2ed8a7d05106db4cde58404bfb9834735a36c42c69e7c084c6336d061c7aa78762f58f1c0b2b5e88cb192eb826aa8e512b964e20770026c762d9b4b

C:\Windows\system\ydgBWPG.exe

MD5 fca83d4b507d721e8e046221899af908
SHA1 f4adceffe062e309491306f711b39f9f92bf5a08
SHA256 76dbee2572872faba49c1868166fb7decf504470008ef9049c28e7fae0e06e72
SHA512 f69d3718d4a175f510a6a5452d8c64ef1f5e856bb2893146b6b18c30a416e24c6203b1cda9fc0fbfcf972ced402be047e88911bc9f976ee11c5299e40983fb97

C:\Windows\system\FZUWaFs.exe

MD5 0c21230700fd34df3a983ef151f46f9d
SHA1 d93f87d6f97fd457412b5788ccee993aa152b071
SHA256 829d12deba51f4da52cbec9720a03ddf9c72be3f3ddffce88d00b47066343922
SHA512 526ec4bf3c471c9d9e54ff68a11c5dd3510d522fdee4f1fbae8e83e45fad6b6a428a0de4da8d936a62688fc718534d6dd9668831b77d1a7b2e3471b320c3a593

C:\Windows\system\WSBBEUh.exe

MD5 e6d82297f04e9a2a93ab4e0acdba8c23
SHA1 bda770ada10b9a7fdd2c6aef3d76a163bded7c70
SHA256 5899ab76cb68bd186da9d4c4a3d0ed167bdd4a0dc3a9b6e127d1db06946dda66
SHA512 3711d3d9cdd2f9b0143848c338d2c0b1cc2d8954492f3467de943f6f3d658f09ed0d4637f2d8a899fb85ff983f8538f953a8ddb5263c0c93383f8a6dbf89c91b

C:\Windows\system\MyWkZpY.exe

MD5 fbd7e911db72af83e9e45f9f4498033c
SHA1 690b47dea53de316656efc7ea186f2a798505447
SHA256 879b4a79a5018f2a60c73a0238c73cda895ef4e9f77bf070e7a0ec2449299242
SHA512 efe5e2d16665fd93db1c01a56e3a507b246b3f204cd951e4d0674e21d4fce5ba0bd486ac790f47227ba40998ae8a31406c4e42d239a8687d3d857e5dd122a42d

C:\Windows\system\EMrrXwd.exe

MD5 7f5ec0b2ae4933a588fbce3dbff7e3a4
SHA1 cccba6683880262351a070e8af7f16d579a41f1b
SHA256 9f1f101c6a583ffe9a1712b6a658fb7e8dcab8001563a6a8ca7e4d67597a8e47
SHA512 38cee73d7695089d87712d7ef77b4ac0d9ca1d361a79d6c114d9342a1de6140fb7bd2d512527dc22453653f1f737ea8e1e59b69d7eb7855be7ac6507bd187845

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-26 00:16

Reported

2024-10-26 00:19

Platform

win10v2004-20241007-en

Max time kernel

141s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe"

Signatures

Xmrig family

xmrig

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ziVdMiY.exe N/A
N/A N/A C:\Windows\System\fPHmMdQ.exe N/A
N/A N/A C:\Windows\System\LzkijvO.exe N/A
N/A N/A C:\Windows\System\sOJkXyJ.exe N/A
N/A N/A C:\Windows\System\baUhBIM.exe N/A
N/A N/A C:\Windows\System\CABmLSU.exe N/A
N/A N/A C:\Windows\System\nxcLjgj.exe N/A
N/A N/A C:\Windows\System\Kfzbfbw.exe N/A
N/A N/A C:\Windows\System\orNSLCQ.exe N/A
N/A N/A C:\Windows\System\xLwISyd.exe N/A
N/A N/A C:\Windows\System\esytMQu.exe N/A
N/A N/A C:\Windows\System\idyOMZf.exe N/A
N/A N/A C:\Windows\System\uYhjuSM.exe N/A
N/A N/A C:\Windows\System\iihDjZg.exe N/A
N/A N/A C:\Windows\System\bwBXViM.exe N/A
N/A N/A C:\Windows\System\LDMKITq.exe N/A
N/A N/A C:\Windows\System\vzghjgh.exe N/A
N/A N/A C:\Windows\System\PeiJVNR.exe N/A
N/A N/A C:\Windows\System\WOAiMVK.exe N/A
N/A N/A C:\Windows\System\oqntUeN.exe N/A
N/A N/A C:\Windows\System\rirJbwC.exe N/A
N/A N/A C:\Windows\System\FoAHWoS.exe N/A
N/A N/A C:\Windows\System\NPpNskp.exe N/A
N/A N/A C:\Windows\System\QjRpsEA.exe N/A
N/A N/A C:\Windows\System\iGmZfSd.exe N/A
N/A N/A C:\Windows\System\PsujxND.exe N/A
N/A N/A C:\Windows\System\ecQRTtU.exe N/A
N/A N/A C:\Windows\System\ydgBWPG.exe N/A
N/A N/A C:\Windows\System\EMrrXwd.exe N/A
N/A N/A C:\Windows\System\FZUWaFs.exe N/A
N/A N/A C:\Windows\System\MyWkZpY.exe N/A
N/A N/A C:\Windows\System\WSBBEUh.exe N/A
N/A N/A C:\Windows\System\gOSnbij.exe N/A
N/A N/A C:\Windows\System\MKYgoUM.exe N/A
N/A N/A C:\Windows\System\CLmdeoj.exe N/A
N/A N/A C:\Windows\System\xsMilxc.exe N/A
N/A N/A C:\Windows\System\SndKaEO.exe N/A
N/A N/A C:\Windows\System\VjsKeIW.exe N/A
N/A N/A C:\Windows\System\jyfDvhI.exe N/A
N/A N/A C:\Windows\System\AMNbuDE.exe N/A
N/A N/A C:\Windows\System\eyzbZkC.exe N/A
N/A N/A C:\Windows\System\NwYNVQc.exe N/A
N/A N/A C:\Windows\System\JPRGvpF.exe N/A
N/A N/A C:\Windows\System\xcsHOHw.exe N/A
N/A N/A C:\Windows\System\kyDsFnW.exe N/A
N/A N/A C:\Windows\System\uxwjZvA.exe N/A
N/A N/A C:\Windows\System\zlWceSS.exe N/A
N/A N/A C:\Windows\System\PJZuINO.exe N/A
N/A N/A C:\Windows\System\XzUukrs.exe N/A
N/A N/A C:\Windows\System\HlTqXwW.exe N/A
N/A N/A C:\Windows\System\ipeMuHK.exe N/A
N/A N/A C:\Windows\System\KaSjOtS.exe N/A
N/A N/A C:\Windows\System\FHgjKqF.exe N/A
N/A N/A C:\Windows\System\IXmKIUX.exe N/A
N/A N/A C:\Windows\System\pTTBgSv.exe N/A
N/A N/A C:\Windows\System\FTsZZFW.exe N/A
N/A N/A C:\Windows\System\cylxLXp.exe N/A
N/A N/A C:\Windows\System\pxozxrW.exe N/A
N/A N/A C:\Windows\System\nWWuegY.exe N/A
N/A N/A C:\Windows\System\jJzlJAq.exe N/A
N/A N/A C:\Windows\System\dlFydTp.exe N/A
N/A N/A C:\Windows\System\SryTjPZ.exe N/A
N/A N/A C:\Windows\System\AgePaUS.exe N/A
N/A N/A C:\Windows\System\AoJCJAD.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\iWNJXPF.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\MBjIbkf.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\FrKZbBQ.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ncLHfYl.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\BuHlfvE.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\kyDsFnW.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\UhuaYPD.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\bWVLmfF.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\LYWEzkw.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\vlANuvD.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\XzUukrs.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\KAMRSmd.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\sbbThYe.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\SLIAiGu.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\YbUVCgw.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\idWYJuO.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ydgBWPG.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\HlTqXwW.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\yLyMZzD.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\zqzgfPE.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\rVbZGpg.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\LdhoNAx.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\vWcRxVc.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\qfQqiRw.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\HyyUWQr.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\cnLXonA.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\tRSQWnP.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\PJZuINO.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\hPEgzKw.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\LcuEHrx.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\laZDKjn.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ptRLOPZ.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\PaMqZoS.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\CLmdeoj.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\hfoEdpN.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\cILOqfM.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\gFMDeNG.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\hfqEbRG.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\qzAoubL.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\eOdbITn.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ljlakoW.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\JfJpqmG.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\xhsayOC.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\FhEpWFT.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\bZuFplB.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\Kfzbfbw.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\oqntUeN.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\dICpmpg.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\MnjQEYz.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\BcWVGlP.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\QYuLeTe.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\RcKllSS.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\jqnxsSe.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\MxxVkCj.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\mksCRSG.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\UOSZvWj.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\btapgov.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\cnBubEp.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\ujaGEBM.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\SuRqDqo.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\EkvLVjJ.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\jrHfnaD.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\GQOSIWw.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A
File created C:\Windows\System\dajZyOL.exe C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{15E16AEC-F2F0-4E52-B0DF-029D11E58E4B}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Julie" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Hedda" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\MSTTSLocesES.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Pablo - Spanish (Spain)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR ja-JP Locale Handler" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "6;18;22" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "5248260" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{A79020BC-1F7E-4D20-AC2A-51D73012DDD5}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Adult" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\CortanaVoices\\Tokens\\MSTTS_V110_enUS_EvaM" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\lsr1036.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR en-US Lts Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\es-ES-N\\c3082.fe" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Paul - French (France)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech SW Voice Activation - Italian (Italy)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "1" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "L1031" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 ^ 0008 1 0009 2 000a ~ 000b : 000c a 000d aw 000e ax 000f ay 0010 b 0011 d 0012 ch 0013 eh 0014 eu 0015 ey 0016 f 0017 g 0018 h 0019 ih 001a iy 001b jh 001c k 001d l 001e m 001f n 0020 ng 0021 oe 0022 oh 0023 ow 0024 oy 0025 p 0026 pf 0027 r 0028 s 0029 sh 002a t 002b ts 002c ue 002d uh 002e uw 002f uy 0030 v 0031 x 0032 y 0033 z 0034 zh 0035" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Paul" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Ichiro" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Stefan - German (Germany)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; currency=NativeSupported; net=NativeSupported; url=NativeSupported; address=NativeSupported; alphanumeric=NativeSupported; Name=NativeSupported; media=NativeSupported; message=NativeSupported; companyName=NativeSupported; computer=NativeSupported; math=NativeSupported; duration=NativeSupported" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR es-ES Lookup Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\es-ES-N\\L3082" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; address=NativeSupported; message=NativeSupported; url=NativeSupported; currency=NativeSupported; alphanumeric=NativeSupported" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{BAE3E62C-37D4-49AC-A6F1-0E485ECD6757}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\ja-JP\\M1041Haruka" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\it-IT\\MSTTSLocitIT.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\L1033" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Helena" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\c1036.fe" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "410" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\VoiceActivation_HW_ja-JP.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "English Phone Converter" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Hedda - German (Germany)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\AI041040" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Elsa - Italian (Italy)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech Recognition Engine - en-US Embedded DNN v11.1" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{31350404-77AC-4471-B33A-9020A2EDA1D1}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Laura" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{06405088-BC01-4E08-B392-5303E75090C8}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "11.0.2013.1022" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR es-ES Locale Handler" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "en-US" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "0" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "MS-1031-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "MS-3082-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "French Phone Converter" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{0B3398EA-00F1-418b-AA31-6F2F9BE5809B}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033Mark" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Hortense - French (France)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR de-DE Locale Handler" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech HW Voice Activation - German (Germany)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\sihost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1968 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\ziVdMiY.exe
PID 1968 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\ziVdMiY.exe
PID 1968 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\fPHmMdQ.exe
PID 1968 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\fPHmMdQ.exe
PID 1968 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LzkijvO.exe
PID 1968 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LzkijvO.exe
PID 1968 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\sOJkXyJ.exe
PID 1968 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\sOJkXyJ.exe
PID 1968 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\baUhBIM.exe
PID 1968 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\baUhBIM.exe
PID 1968 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\CABmLSU.exe
PID 1968 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\CABmLSU.exe
PID 1968 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\nxcLjgj.exe
PID 1968 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\nxcLjgj.exe
PID 1968 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\Kfzbfbw.exe
PID 1968 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\Kfzbfbw.exe
PID 1968 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\orNSLCQ.exe
PID 1968 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\orNSLCQ.exe
PID 1968 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\xLwISyd.exe
PID 1968 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\xLwISyd.exe
PID 1968 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\esytMQu.exe
PID 1968 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\esytMQu.exe
PID 1968 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\idyOMZf.exe
PID 1968 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\idyOMZf.exe
PID 1968 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\uYhjuSM.exe
PID 1968 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\uYhjuSM.exe
PID 1968 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\iihDjZg.exe
PID 1968 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\iihDjZg.exe
PID 1968 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\bwBXViM.exe
PID 1968 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\bwBXViM.exe
PID 1968 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LDMKITq.exe
PID 1968 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\LDMKITq.exe
PID 1968 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\vzghjgh.exe
PID 1968 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\vzghjgh.exe
PID 1968 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\PeiJVNR.exe
PID 1968 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\PeiJVNR.exe
PID 1968 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\WOAiMVK.exe
PID 1968 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\WOAiMVK.exe
PID 1968 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\oqntUeN.exe
PID 1968 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\oqntUeN.exe
PID 1968 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\rirJbwC.exe
PID 1968 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\rirJbwC.exe
PID 1968 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\FoAHWoS.exe
PID 1968 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\FoAHWoS.exe
PID 1968 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\NPpNskp.exe
PID 1968 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\NPpNskp.exe
PID 1968 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\QjRpsEA.exe
PID 1968 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\QjRpsEA.exe
PID 1968 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\iGmZfSd.exe
PID 1968 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\iGmZfSd.exe
PID 1968 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\PsujxND.exe
PID 1968 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\PsujxND.exe
PID 1968 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\ecQRTtU.exe
PID 1968 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\ecQRTtU.exe
PID 1968 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\ydgBWPG.exe
PID 1968 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\ydgBWPG.exe
PID 1968 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\EMrrXwd.exe
PID 1968 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\EMrrXwd.exe
PID 1968 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\FZUWaFs.exe
PID 1968 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\FZUWaFs.exe
PID 1968 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\MyWkZpY.exe
PID 1968 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\MyWkZpY.exe
PID 1968 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\WSBBEUh.exe
PID 1968 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe C:\Windows\System\WSBBEUh.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe

"C:\Users\Admin\AppData\Local\Temp\9275d6e9ab20bebb6d368868a1efe8b6e0177fcf71bec2e42af480a3ef733b8d.exe"

C:\Windows\System\ziVdMiY.exe

C:\Windows\System\ziVdMiY.exe

C:\Windows\System\fPHmMdQ.exe

C:\Windows\System\fPHmMdQ.exe

C:\Windows\System\LzkijvO.exe

C:\Windows\System\LzkijvO.exe

C:\Windows\System\sOJkXyJ.exe

C:\Windows\System\sOJkXyJ.exe

C:\Windows\System\baUhBIM.exe

C:\Windows\System\baUhBIM.exe

C:\Windows\System\CABmLSU.exe

C:\Windows\System\CABmLSU.exe

C:\Windows\System\nxcLjgj.exe

C:\Windows\System\nxcLjgj.exe

C:\Windows\System\Kfzbfbw.exe

C:\Windows\System\Kfzbfbw.exe

C:\Windows\System\orNSLCQ.exe

C:\Windows\System\orNSLCQ.exe

C:\Windows\System\xLwISyd.exe

C:\Windows\System\xLwISyd.exe

C:\Windows\System\esytMQu.exe

C:\Windows\System\esytMQu.exe

C:\Windows\System\idyOMZf.exe

C:\Windows\System\idyOMZf.exe

C:\Windows\System\uYhjuSM.exe

C:\Windows\System\uYhjuSM.exe

C:\Windows\System\iihDjZg.exe

C:\Windows\System\iihDjZg.exe

C:\Windows\System\bwBXViM.exe

C:\Windows\System\bwBXViM.exe

C:\Windows\System\LDMKITq.exe

C:\Windows\System\LDMKITq.exe

C:\Windows\System\vzghjgh.exe

C:\Windows\System\vzghjgh.exe

C:\Windows\System\PeiJVNR.exe

C:\Windows\System\PeiJVNR.exe

C:\Windows\System\WOAiMVK.exe

C:\Windows\System\WOAiMVK.exe

C:\Windows\System\oqntUeN.exe

C:\Windows\System\oqntUeN.exe

C:\Windows\System\rirJbwC.exe

C:\Windows\System\rirJbwC.exe

C:\Windows\System\FoAHWoS.exe

C:\Windows\System\FoAHWoS.exe

C:\Windows\System\NPpNskp.exe

C:\Windows\System\NPpNskp.exe

C:\Windows\System\QjRpsEA.exe

C:\Windows\System\QjRpsEA.exe

C:\Windows\System\iGmZfSd.exe

C:\Windows\System\iGmZfSd.exe

C:\Windows\System\PsujxND.exe

C:\Windows\System\PsujxND.exe

C:\Windows\System\ecQRTtU.exe

C:\Windows\System\ecQRTtU.exe

C:\Windows\System\ydgBWPG.exe

C:\Windows\System\ydgBWPG.exe

C:\Windows\System\EMrrXwd.exe

C:\Windows\System\EMrrXwd.exe

C:\Windows\System\FZUWaFs.exe

C:\Windows\System\FZUWaFs.exe

C:\Windows\System\MyWkZpY.exe

C:\Windows\System\MyWkZpY.exe

C:\Windows\System\WSBBEUh.exe

C:\Windows\System\WSBBEUh.exe

C:\Windows\System\gOSnbij.exe

C:\Windows\System\gOSnbij.exe

C:\Windows\System\MKYgoUM.exe

C:\Windows\System\MKYgoUM.exe

C:\Windows\System\CLmdeoj.exe

C:\Windows\System\CLmdeoj.exe

C:\Windows\System\xsMilxc.exe

C:\Windows\System\xsMilxc.exe

C:\Windows\System\SndKaEO.exe

C:\Windows\System\SndKaEO.exe

C:\Windows\System\VjsKeIW.exe

C:\Windows\System\VjsKeIW.exe

C:\Windows\System\jyfDvhI.exe

C:\Windows\System\jyfDvhI.exe

C:\Windows\System\AMNbuDE.exe

C:\Windows\System\AMNbuDE.exe

C:\Windows\System\eyzbZkC.exe

C:\Windows\System\eyzbZkC.exe

C:\Windows\System\NwYNVQc.exe

C:\Windows\System\NwYNVQc.exe

C:\Windows\System\JPRGvpF.exe

C:\Windows\System\JPRGvpF.exe

C:\Windows\System\xcsHOHw.exe

C:\Windows\System\xcsHOHw.exe

C:\Windows\System\kyDsFnW.exe

C:\Windows\System\kyDsFnW.exe

C:\Windows\System\uxwjZvA.exe

C:\Windows\System\uxwjZvA.exe

C:\Windows\System\zlWceSS.exe

C:\Windows\System\zlWceSS.exe

C:\Windows\System\PJZuINO.exe

C:\Windows\System\PJZuINO.exe

C:\Windows\System\XzUukrs.exe

C:\Windows\System\XzUukrs.exe

C:\Windows\System\HlTqXwW.exe

C:\Windows\System\HlTqXwW.exe

C:\Windows\System\ipeMuHK.exe

C:\Windows\System\ipeMuHK.exe

C:\Windows\System\KaSjOtS.exe

C:\Windows\System\KaSjOtS.exe

C:\Windows\System\FHgjKqF.exe

C:\Windows\System\FHgjKqF.exe

C:\Windows\System\IXmKIUX.exe

C:\Windows\System\IXmKIUX.exe

C:\Windows\System\pTTBgSv.exe

C:\Windows\System\pTTBgSv.exe

C:\Windows\System\FTsZZFW.exe

C:\Windows\System\FTsZZFW.exe

C:\Windows\System\cylxLXp.exe

C:\Windows\System\cylxLXp.exe

C:\Windows\System\pxozxrW.exe

C:\Windows\System\pxozxrW.exe

C:\Windows\System\nWWuegY.exe

C:\Windows\System\nWWuegY.exe

C:\Windows\System\jJzlJAq.exe

C:\Windows\System\jJzlJAq.exe

C:\Windows\System\dlFydTp.exe

C:\Windows\System\dlFydTp.exe

C:\Windows\System\SryTjPZ.exe

C:\Windows\System\SryTjPZ.exe

C:\Windows\System\AgePaUS.exe

C:\Windows\System\AgePaUS.exe

C:\Windows\System\AoJCJAD.exe

C:\Windows\System\AoJCJAD.exe

C:\Windows\System\qUSwIsH.exe

C:\Windows\System\qUSwIsH.exe

C:\Windows\System\lUONaVr.exe

C:\Windows\System\lUONaVr.exe

C:\Windows\System\VFNLfgZ.exe

C:\Windows\System\VFNLfgZ.exe

C:\Windows\System\jcaDunu.exe

C:\Windows\System\jcaDunu.exe

C:\Windows\System\jqnxsSe.exe

C:\Windows\System\jqnxsSe.exe

C:\Windows\System\UTiwIgN.exe

C:\Windows\System\UTiwIgN.exe

C:\Windows\System\TjEYtPa.exe

C:\Windows\System\TjEYtPa.exe

C:\Windows\System\IVnpokL.exe

C:\Windows\System\IVnpokL.exe

C:\Windows\System\fkozzNG.exe

C:\Windows\System\fkozzNG.exe

C:\Windows\System\ywnnflF.exe

C:\Windows\System\ywnnflF.exe

C:\Windows\System\XvRCKog.exe

C:\Windows\System\XvRCKog.exe

C:\Windows\System\sLsxKfu.exe

C:\Windows\System\sLsxKfu.exe

C:\Windows\System\tFSfSjh.exe

C:\Windows\System\tFSfSjh.exe

C:\Windows\System\kzTHrnz.exe

C:\Windows\System\kzTHrnz.exe

C:\Windows\System\iaItpbw.exe

C:\Windows\System\iaItpbw.exe

C:\Windows\System\fOkjKiU.exe

C:\Windows\System\fOkjKiU.exe

C:\Windows\System\PwZgrFL.exe

C:\Windows\System\PwZgrFL.exe

C:\Windows\System\hfoEdpN.exe

C:\Windows\System\hfoEdpN.exe

C:\Windows\System\ycdhsvM.exe

C:\Windows\System\ycdhsvM.exe

C:\Windows\System\vFWalkX.exe

C:\Windows\System\vFWalkX.exe

C:\Windows\System\vEAtcMV.exe

C:\Windows\System\vEAtcMV.exe

C:\Windows\System\taFVIxp.exe

C:\Windows\System\taFVIxp.exe

C:\Windows\System\UhuaYPD.exe

C:\Windows\System\UhuaYPD.exe

C:\Windows\System\GdkwkxZ.exe

C:\Windows\System\GdkwkxZ.exe

C:\Windows\System\VWGLNUa.exe

C:\Windows\System\VWGLNUa.exe

C:\Windows\System\tuIWVkk.exe

C:\Windows\System\tuIWVkk.exe

C:\Windows\System\EkvLVjJ.exe

C:\Windows\System\EkvLVjJ.exe

C:\Windows\System\zfTFFdV.exe

C:\Windows\System\zfTFFdV.exe

C:\Windows\System\XBrTzJM.exe

C:\Windows\System\XBrTzJM.exe

C:\Windows\System\GlLWzDy.exe

C:\Windows\System\GlLWzDy.exe

C:\Windows\System\JfJpqmG.exe

C:\Windows\System\JfJpqmG.exe

C:\Windows\System\pTWBMaP.exe

C:\Windows\System\pTWBMaP.exe

C:\Windows\System\wARMRII.exe

C:\Windows\System\wARMRII.exe

C:\Windows\System\kMyqhJX.exe

C:\Windows\System\kMyqhJX.exe

C:\Windows\System\idWYJuO.exe

C:\Windows\System\idWYJuO.exe

C:\Windows\System\lynbuvp.exe

C:\Windows\System\lynbuvp.exe

C:\Windows\System\LiaXiqW.exe

C:\Windows\System\LiaXiqW.exe

C:\Windows\System\cdjatTq.exe

C:\Windows\System\cdjatTq.exe

C:\Windows\System\TdeDquo.exe

C:\Windows\System\TdeDquo.exe

C:\Windows\System\hPEgzKw.exe

C:\Windows\System\hPEgzKw.exe

C:\Windows\System\JcywlpF.exe

C:\Windows\System\JcywlpF.exe

C:\Windows\System\fUsIYGK.exe

C:\Windows\System\fUsIYGK.exe

C:\Windows\System\PxWYutC.exe

C:\Windows\System\PxWYutC.exe

C:\Windows\System\zzalVkd.exe

C:\Windows\System\zzalVkd.exe

C:\Windows\System\BvHPhas.exe

C:\Windows\System\BvHPhas.exe

C:\Windows\System\zTyqSnM.exe

C:\Windows\System\zTyqSnM.exe

C:\Windows\System\naPfxIy.exe

C:\Windows\System\naPfxIy.exe

C:\Windows\System\bimYTXW.exe

C:\Windows\System\bimYTXW.exe

C:\Windows\System\SwPfXQB.exe

C:\Windows\System\SwPfXQB.exe

C:\Windows\System\rVcIrRy.exe

C:\Windows\System\rVcIrRy.exe

C:\Windows\System\cILOqfM.exe

C:\Windows\System\cILOqfM.exe

C:\Windows\System\KMbhhfH.exe

C:\Windows\System\KMbhhfH.exe

C:\Windows\System\uAOwJSO.exe

C:\Windows\System\uAOwJSO.exe

C:\Windows\System\BJNeAKG.exe

C:\Windows\System\BJNeAKG.exe

C:\Windows\System\wWEnIsW.exe

C:\Windows\System\wWEnIsW.exe

C:\Windows\System\DdNKBDr.exe

C:\Windows\System\DdNKBDr.exe

C:\Windows\System\FbRLFvf.exe

C:\Windows\System\FbRLFvf.exe

C:\Windows\System\glrcTGG.exe

C:\Windows\System\glrcTGG.exe

C:\Windows\System\qgKxOFn.exe

C:\Windows\System\qgKxOFn.exe

C:\Windows\System\soqtltG.exe

C:\Windows\System\soqtltG.exe

C:\Windows\System\zdQCodI.exe

C:\Windows\System\zdQCodI.exe

C:\Windows\System\qURMRHY.exe

C:\Windows\System\qURMRHY.exe

C:\Windows\System\HXPCddU.exe

C:\Windows\System\HXPCddU.exe

C:\Windows\System\jrYmDSG.exe

C:\Windows\System\jrYmDSG.exe

C:\Windows\System\YJbvWHA.exe

C:\Windows\System\YJbvWHA.exe

C:\Windows\System\riwqvgD.exe

C:\Windows\System\riwqvgD.exe

C:\Windows\System\IvIltHE.exe

C:\Windows\System\IvIltHE.exe

C:\Windows\System\kBDKioB.exe

C:\Windows\System\kBDKioB.exe

C:\Windows\System\FXRHmbJ.exe

C:\Windows\System\FXRHmbJ.exe

C:\Windows\System\JlIiefo.exe

C:\Windows\System\JlIiefo.exe

C:\Windows\System\Dnvkxnr.exe

C:\Windows\System\Dnvkxnr.exe

C:\Windows\System\skhBREP.exe

C:\Windows\System\skhBREP.exe

C:\Windows\System\dDLsAMS.exe

C:\Windows\System\dDLsAMS.exe

C:\Windows\System\EHvKbuQ.exe

C:\Windows\System\EHvKbuQ.exe

C:\Windows\System\ZzDkrQT.exe

C:\Windows\System\ZzDkrQT.exe

C:\Windows\System\ejTkqqE.exe

C:\Windows\System\ejTkqqE.exe

C:\Windows\System\xnVFeDG.exe

C:\Windows\System\xnVFeDG.exe

C:\Windows\System\MGliAJw.exe

C:\Windows\System\MGliAJw.exe

C:\Windows\System\cGnuSpO.exe

C:\Windows\System\cGnuSpO.exe

C:\Windows\System\MtjVHUF.exe

C:\Windows\System\MtjVHUF.exe

C:\Windows\System\bPGGZXS.exe

C:\Windows\System\bPGGZXS.exe

C:\Windows\System\cAceVfZ.exe

C:\Windows\System\cAceVfZ.exe

C:\Windows\System\cXQlXoW.exe

C:\Windows\System\cXQlXoW.exe

C:\Windows\System\kitezTP.exe

C:\Windows\System\kitezTP.exe

C:\Windows\System\cvvnYEv.exe

C:\Windows\System\cvvnYEv.exe

C:\Windows\System\MPCvqre.exe

C:\Windows\System\MPCvqre.exe

C:\Windows\System\qVSnxPg.exe

C:\Windows\System\qVSnxPg.exe

C:\Windows\System\azcEkse.exe

C:\Windows\System\azcEkse.exe

C:\Windows\System\OxmdLnR.exe

C:\Windows\System\OxmdLnR.exe

C:\Windows\System\VNQzZaK.exe

C:\Windows\System\VNQzZaK.exe

C:\Windows\System\wHDjyfu.exe

C:\Windows\System\wHDjyfu.exe

C:\Windows\System\Yfmcitq.exe

C:\Windows\System\Yfmcitq.exe

C:\Windows\System\gyolVxy.exe

C:\Windows\System\gyolVxy.exe

C:\Windows\System\dUuLGNS.exe

C:\Windows\System\dUuLGNS.exe

C:\Windows\System\lGEuPbT.exe

C:\Windows\System\lGEuPbT.exe

C:\Windows\System\FQqKyfR.exe

C:\Windows\System\FQqKyfR.exe

C:\Windows\System\osdARPU.exe

C:\Windows\System\osdARPU.exe

C:\Windows\System\FevaqVL.exe

C:\Windows\System\FevaqVL.exe

C:\Windows\System\YbodLKh.exe

C:\Windows\System\YbodLKh.exe

C:\Windows\System\wKyrhgf.exe

C:\Windows\System\wKyrhgf.exe

C:\Windows\System\WhgWahr.exe

C:\Windows\System\WhgWahr.exe

C:\Windows\System\HDfZeKD.exe

C:\Windows\System\HDfZeKD.exe

C:\Windows\System\SiaXKtW.exe

C:\Windows\System\SiaXKtW.exe

C:\Windows\System\HqZjbzI.exe

C:\Windows\System\HqZjbzI.exe

C:\Windows\System\vcJtDGq.exe

C:\Windows\System\vcJtDGq.exe

C:\Windows\System\SBxNdPg.exe

C:\Windows\System\SBxNdPg.exe

C:\Windows\System\ifwfxgP.exe

C:\Windows\System\ifwfxgP.exe

C:\Windows\System\FkhQlKI.exe

C:\Windows\System\FkhQlKI.exe

C:\Windows\System\wVVLoTB.exe

C:\Windows\System\wVVLoTB.exe

C:\Windows\System\vPkeDHy.exe

C:\Windows\System\vPkeDHy.exe

C:\Windows\System\jOMChOT.exe

C:\Windows\System\jOMChOT.exe

C:\Windows\System\kburaRK.exe

C:\Windows\System\kburaRK.exe

C:\Windows\System\jrHfnaD.exe

C:\Windows\System\jrHfnaD.exe

C:\Windows\System\VTnoGdz.exe

C:\Windows\System\VTnoGdz.exe

C:\Windows\System\UvBxYde.exe

C:\Windows\System\UvBxYde.exe

C:\Windows\System\FBwcyGS.exe

C:\Windows\System\FBwcyGS.exe

C:\Windows\System\rieKWly.exe

C:\Windows\System\rieKWly.exe

C:\Windows\System\dRMBZIG.exe

C:\Windows\System\dRMBZIG.exe

C:\Windows\System\ezMASak.exe

C:\Windows\System\ezMASak.exe

C:\Windows\System\RgtZIEg.exe

C:\Windows\System\RgtZIEg.exe

C:\Windows\System\urNRgZM.exe

C:\Windows\System\urNRgZM.exe

C:\Windows\System\YqhKEnm.exe

C:\Windows\System\YqhKEnm.exe

C:\Windows\System\mOgWQUW.exe

C:\Windows\System\mOgWQUW.exe

C:\Windows\System\ExSEbfx.exe

C:\Windows\System\ExSEbfx.exe

C:\Windows\System\OXAaORm.exe

C:\Windows\System\OXAaORm.exe

C:\Windows\System\RRwAggh.exe

C:\Windows\System\RRwAggh.exe

C:\Windows\System\QmQddDM.exe

C:\Windows\System\QmQddDM.exe

C:\Windows\System\AyBJjZW.exe

C:\Windows\System\AyBJjZW.exe

C:\Windows\System\MxxVkCj.exe

C:\Windows\System\MxxVkCj.exe

C:\Windows\System\LNotbdC.exe

C:\Windows\System\LNotbdC.exe

C:\Windows\System\MFJgDpL.exe

C:\Windows\System\MFJgDpL.exe

C:\Windows\System\tIwADWn.exe

C:\Windows\System\tIwADWn.exe

C:\Windows\System\kNQzjyQ.exe

C:\Windows\System\kNQzjyQ.exe

C:\Windows\System\aeBEBbB.exe

C:\Windows\System\aeBEBbB.exe

C:\Windows\System\xCvMxDa.exe

C:\Windows\System\xCvMxDa.exe

C:\Windows\System\ckFmZfg.exe

C:\Windows\System\ckFmZfg.exe

C:\Windows\System\rouZinA.exe

C:\Windows\System\rouZinA.exe

C:\Windows\System\wyGwOiU.exe

C:\Windows\System\wyGwOiU.exe

C:\Windows\System\hfqEbRG.exe

C:\Windows\System\hfqEbRG.exe

C:\Windows\System\ziFSuOg.exe

C:\Windows\System\ziFSuOg.exe

C:\Windows\System\jiGwdJM.exe

C:\Windows\System\jiGwdJM.exe

C:\Windows\System\IcTdTcS.exe

C:\Windows\System\IcTdTcS.exe

C:\Windows\System\hBiOBMH.exe

C:\Windows\System\hBiOBMH.exe

C:\Windows\System\iwThMVf.exe

C:\Windows\System\iwThMVf.exe

C:\Windows\System\tKwIstY.exe

C:\Windows\System\tKwIstY.exe

C:\Windows\System\vOOFMMG.exe

C:\Windows\System\vOOFMMG.exe

C:\Windows\System\qnCPVDk.exe

C:\Windows\System\qnCPVDk.exe

C:\Windows\System\ImpaHmN.exe

C:\Windows\System\ImpaHmN.exe

C:\Windows\System\zHcinGe.exe

C:\Windows\System\zHcinGe.exe

C:\Windows\System\CWDUmil.exe

C:\Windows\System\CWDUmil.exe

C:\Windows\System\vAvUXUP.exe

C:\Windows\System\vAvUXUP.exe

C:\Windows\System\DevxCKr.exe

C:\Windows\System\DevxCKr.exe

C:\Windows\System\iaiTPfT.exe

C:\Windows\System\iaiTPfT.exe

C:\Windows\System\GQOSIWw.exe

C:\Windows\System\GQOSIWw.exe

C:\Windows\System\BcWVGlP.exe

C:\Windows\System\BcWVGlP.exe

C:\Windows\System\nGWAcVC.exe

C:\Windows\System\nGWAcVC.exe

C:\Windows\System\dbQRnjB.exe

C:\Windows\System\dbQRnjB.exe

C:\Windows\System\kaFfVkh.exe

C:\Windows\System\kaFfVkh.exe

C:\Windows\System\MwbaiNG.exe

C:\Windows\System\MwbaiNG.exe

C:\Windows\System\iqBmdKL.exe

C:\Windows\System\iqBmdKL.exe

C:\Windows\System\qzAoubL.exe

C:\Windows\System\qzAoubL.exe

C:\Windows\System\XFObmUi.exe

C:\Windows\System\XFObmUi.exe

C:\Windows\System\GaQjEqs.exe

C:\Windows\System\GaQjEqs.exe

C:\Windows\System\nxFnxik.exe

C:\Windows\System\nxFnxik.exe

C:\Windows\System\dRpTsEc.exe

C:\Windows\System\dRpTsEc.exe

C:\Windows\System\ZHWJMqb.exe

C:\Windows\System\ZHWJMqb.exe

C:\Windows\System\YjlPLbL.exe

C:\Windows\System\YjlPLbL.exe

C:\Windows\System\aCkPCTV.exe

C:\Windows\System\aCkPCTV.exe

C:\Windows\System\wzQlOrZ.exe

C:\Windows\System\wzQlOrZ.exe

C:\Windows\System\GKtraeW.exe

C:\Windows\System\GKtraeW.exe

C:\Windows\System\mlhYCpY.exe

C:\Windows\System\mlhYCpY.exe

C:\Windows\System\dVjmGIp.exe

C:\Windows\System\dVjmGIp.exe

C:\Windows\System\YUVpPar.exe

C:\Windows\System\YUVpPar.exe

C:\Windows\System\TTSVKYW.exe

C:\Windows\System\TTSVKYW.exe

C:\Windows\System\eMtweCi.exe

C:\Windows\System\eMtweCi.exe

C:\Windows\System\rJnrAsG.exe

C:\Windows\System\rJnrAsG.exe

C:\Windows\System\bAuaVVE.exe

C:\Windows\System\bAuaVVE.exe

C:\Windows\System\blwqBDn.exe

C:\Windows\System\blwqBDn.exe

C:\Windows\System\JPyuOCU.exe

C:\Windows\System\JPyuOCU.exe

C:\Windows\System\zYOJkuH.exe

C:\Windows\System\zYOJkuH.exe

C:\Windows\System\ickSyez.exe

C:\Windows\System\ickSyez.exe

C:\Windows\System\BAUInvg.exe

C:\Windows\System\BAUInvg.exe

C:\Windows\System\WHdxUhI.exe

C:\Windows\System\WHdxUhI.exe

C:\Windows\System\EHuNOHa.exe

C:\Windows\System\EHuNOHa.exe

C:\Windows\System\eOdbITn.exe

C:\Windows\System\eOdbITn.exe

C:\Windows\System\GTkdVbZ.exe

C:\Windows\System\GTkdVbZ.exe

C:\Windows\System\XhcQWOF.exe

C:\Windows\System\XhcQWOF.exe

C:\Windows\System\ENxjdxq.exe

C:\Windows\System\ENxjdxq.exe

C:\Windows\System\ihfxbph.exe

C:\Windows\System\ihfxbph.exe

C:\Windows\System\PXQwAtl.exe

C:\Windows\System\PXQwAtl.exe

C:\Windows\System\AXqTbhR.exe

C:\Windows\System\AXqTbhR.exe

C:\Windows\System\eWsZPMa.exe

C:\Windows\System\eWsZPMa.exe

C:\Windows\System\ZnvWwKc.exe

C:\Windows\System\ZnvWwKc.exe

C:\Windows\System\fANpSFS.exe

C:\Windows\System\fANpSFS.exe

C:\Windows\System\pwQuXNK.exe

C:\Windows\System\pwQuXNK.exe

C:\Windows\System\dOheFFH.exe

C:\Windows\System\dOheFFH.exe

C:\Windows\System\AneRbsz.exe

C:\Windows\System\AneRbsz.exe

C:\Windows\System\FVuJqDA.exe

C:\Windows\System\FVuJqDA.exe

C:\Windows\System\LYWEzkw.exe

C:\Windows\System\LYWEzkw.exe

C:\Windows\System\SBHxDwY.exe

C:\Windows\System\SBHxDwY.exe

C:\Windows\System\MZupqvM.exe

C:\Windows\System\MZupqvM.exe

C:\Windows\System\hVLDxhU.exe

C:\Windows\System\hVLDxhU.exe

C:\Windows\System\tAgCnah.exe

C:\Windows\System\tAgCnah.exe

C:\Windows\System\DYngAnL.exe

C:\Windows\System\DYngAnL.exe

C:\Windows\System\hFxtaiq.exe

C:\Windows\System\hFxtaiq.exe

C:\Windows\System\PEFMqIf.exe

C:\Windows\System\PEFMqIf.exe

C:\Windows\System\BXiHZLN.exe

C:\Windows\System\BXiHZLN.exe

C:\Windows\System\hhSinot.exe

C:\Windows\System\hhSinot.exe

C:\Windows\System\jbSaTUH.exe

C:\Windows\System\jbSaTUH.exe

C:\Windows\System\ckuJeEj.exe

C:\Windows\System\ckuJeEj.exe

C:\Windows\System\tbNrrVe.exe

C:\Windows\System\tbNrrVe.exe

C:\Windows\System\YJgWfql.exe

C:\Windows\System\YJgWfql.exe

C:\Windows\System\iIvfNCd.exe

C:\Windows\System\iIvfNCd.exe

C:\Windows\System\nIpBatv.exe

C:\Windows\System\nIpBatv.exe

C:\Windows\System\rVbZGpg.exe

C:\Windows\System\rVbZGpg.exe

C:\Windows\System\tavlQfw.exe

C:\Windows\System\tavlQfw.exe

C:\Windows\System\GqSsEDz.exe

C:\Windows\System\GqSsEDz.exe

C:\Windows\System\szqXKdG.exe

C:\Windows\System\szqXKdG.exe

C:\Windows\System\yJUAJqg.exe

C:\Windows\System\yJUAJqg.exe

C:\Windows\System\WbhqjZE.exe

C:\Windows\System\WbhqjZE.exe

C:\Windows\System\oueevDX.exe

C:\Windows\System\oueevDX.exe

C:\Windows\System\KyMueAx.exe

C:\Windows\System\KyMueAx.exe

C:\Windows\System\mYnvunj.exe

C:\Windows\System\mYnvunj.exe

C:\Windows\System\Astumgx.exe

C:\Windows\System\Astumgx.exe

C:\Windows\System\IdgXwrT.exe

C:\Windows\System\IdgXwrT.exe

C:\Windows\System\HxTiEte.exe

C:\Windows\System\HxTiEte.exe

C:\Windows\System\WtuPwXg.exe

C:\Windows\System\WtuPwXg.exe

C:\Windows\System\IKZbxtj.exe

C:\Windows\System\IKZbxtj.exe

C:\Windows\System\GKDNqZZ.exe

C:\Windows\System\GKDNqZZ.exe

C:\Windows\System\eleTPuR.exe

C:\Windows\System\eleTPuR.exe

C:\Windows\System\RuRzaLp.exe

C:\Windows\System\RuRzaLp.exe

C:\Windows\System\DPhssFZ.exe

C:\Windows\System\DPhssFZ.exe

C:\Windows\System\xhsayOC.exe

C:\Windows\System\xhsayOC.exe

C:\Windows\System\PsbLqAk.exe

C:\Windows\System\PsbLqAk.exe

C:\Windows\System\bRviXlJ.exe

C:\Windows\System\bRviXlJ.exe

C:\Windows\System\wkGEMXp.exe

C:\Windows\System\wkGEMXp.exe

C:\Windows\System\RITtUgw.exe

C:\Windows\System\RITtUgw.exe

C:\Windows\System\FQMzWKA.exe

C:\Windows\System\FQMzWKA.exe

C:\Windows\System\QdnChRY.exe

C:\Windows\System\QdnChRY.exe

C:\Windows\System\PcPhljO.exe

C:\Windows\System\PcPhljO.exe

C:\Windows\System\GpCuHsD.exe

C:\Windows\System\GpCuHsD.exe

C:\Windows\System\nMsJCYU.exe

C:\Windows\System\nMsJCYU.exe

C:\Windows\System\vwcxrle.exe

C:\Windows\System\vwcxrle.exe

C:\Windows\System\wqnjfKz.exe

C:\Windows\System\wqnjfKz.exe

C:\Windows\System\GzZAKKk.exe

C:\Windows\System\GzZAKKk.exe

C:\Windows\System\olvPDzd.exe

C:\Windows\System\olvPDzd.exe

C:\Windows\System\qVWtkoq.exe

C:\Windows\System\qVWtkoq.exe

C:\Windows\System\pbyvjpH.exe

C:\Windows\System\pbyvjpH.exe

C:\Windows\System\NHikNxj.exe

C:\Windows\System\NHikNxj.exe

C:\Windows\System\UFRLYSN.exe

C:\Windows\System\UFRLYSN.exe

C:\Windows\System\GEWkaqg.exe

C:\Windows\System\GEWkaqg.exe

C:\Windows\System\CkhuNsg.exe

C:\Windows\System\CkhuNsg.exe

C:\Windows\System\XbYxfuM.exe

C:\Windows\System\XbYxfuM.exe

C:\Windows\System\cxjvlHW.exe

C:\Windows\System\cxjvlHW.exe

C:\Windows\System\QTXVNUl.exe

C:\Windows\System\QTXVNUl.exe

C:\Windows\System\NHqeeJW.exe

C:\Windows\System\NHqeeJW.exe

C:\Windows\System\QAwzYuf.exe

C:\Windows\System\QAwzYuf.exe

C:\Windows\System\JwBeEQq.exe

C:\Windows\System\JwBeEQq.exe

C:\Windows\System\bodYTUx.exe

C:\Windows\System\bodYTUx.exe

C:\Windows\System\cDPXxEI.exe

C:\Windows\System\cDPXxEI.exe

C:\Windows\System\KCKAGcS.exe

C:\Windows\System\KCKAGcS.exe

C:\Windows\System\rfopDQd.exe

C:\Windows\System\rfopDQd.exe

C:\Windows\System\oAGbuez.exe

C:\Windows\System\oAGbuez.exe

C:\Windows\System\NqXFRXc.exe

C:\Windows\System\NqXFRXc.exe

C:\Windows\System\XYBhycf.exe

C:\Windows\System\XYBhycf.exe

C:\Windows\System\WZasGyc.exe

C:\Windows\System\WZasGyc.exe

C:\Windows\System\DOvBJxk.exe

C:\Windows\System\DOvBJxk.exe

C:\Windows\System\akaGzoP.exe

C:\Windows\System\akaGzoP.exe

C:\Windows\System\FNCYPib.exe

C:\Windows\System\FNCYPib.exe

C:\Windows\System\NLbeOgT.exe

C:\Windows\System\NLbeOgT.exe

C:\Windows\System\ZHZDWjG.exe

C:\Windows\System\ZHZDWjG.exe

C:\Windows\System\dajZyOL.exe

C:\Windows\System\dajZyOL.exe

C:\Windows\System\EGPDkIp.exe

C:\Windows\System\EGPDkIp.exe

C:\Windows\System\PvRPDqQ.exe

C:\Windows\System\PvRPDqQ.exe

C:\Windows\System\KcbUPex.exe

C:\Windows\System\KcbUPex.exe

C:\Windows\System\fPvRlKc.exe

C:\Windows\System\fPvRlKc.exe

C:\Windows\System\TdlJOJs.exe

C:\Windows\System\TdlJOJs.exe

C:\Windows\System\jZDOMNL.exe

C:\Windows\System\jZDOMNL.exe

C:\Windows\System\vlANuvD.exe

C:\Windows\System\vlANuvD.exe

C:\Windows\System\MyOyMae.exe

C:\Windows\System\MyOyMae.exe

C:\Windows\System\kJvZloJ.exe

C:\Windows\System\kJvZloJ.exe

C:\Windows\System\nERNETo.exe

C:\Windows\System\nERNETo.exe

C:\Windows\System\xDPsrGV.exe

C:\Windows\System\xDPsrGV.exe

C:\Windows\System\kPZVjyQ.exe

C:\Windows\System\kPZVjyQ.exe

C:\Windows\System\ExBlPua.exe

C:\Windows\System\ExBlPua.exe

C:\Windows\System\LYMyncA.exe

C:\Windows\System\LYMyncA.exe

C:\Windows\System\LzmOHju.exe

C:\Windows\System\LzmOHju.exe

C:\Windows\System\Irvxmsz.exe

C:\Windows\System\Irvxmsz.exe

C:\Windows\System\kZUSsQV.exe

C:\Windows\System\kZUSsQV.exe

C:\Windows\System\DZGGWBm.exe

C:\Windows\System\DZGGWBm.exe

C:\Windows\System\btapgov.exe

C:\Windows\System\btapgov.exe

C:\Windows\System\IOQmjVo.exe

C:\Windows\System\IOQmjVo.exe

C:\Windows\System\cnAFnNm.exe

C:\Windows\System\cnAFnNm.exe

C:\Windows\System\ajhGTYd.exe

C:\Windows\System\ajhGTYd.exe

C:\Windows\System\CbhWhXC.exe

C:\Windows\System\CbhWhXC.exe

C:\Windows\System\QUFwaSV.exe

C:\Windows\System\QUFwaSV.exe

C:\Windows\System\gFHZfJK.exe

C:\Windows\System\gFHZfJK.exe

C:\Windows\System\OeXFBAq.exe

C:\Windows\System\OeXFBAq.exe

C:\Windows\System\FtQHfbi.exe

C:\Windows\System\FtQHfbi.exe

C:\Windows\System\LJMpcae.exe

C:\Windows\System\LJMpcae.exe

C:\Windows\System\nUTKtJm.exe

C:\Windows\System\nUTKtJm.exe

C:\Windows\System\XRrRLVs.exe

C:\Windows\System\XRrRLVs.exe

C:\Windows\System\JJEIoZD.exe

C:\Windows\System\JJEIoZD.exe

C:\Windows\System\fnBdFEe.exe

C:\Windows\System\fnBdFEe.exe

C:\Windows\System\VwOFfIv.exe

C:\Windows\System\VwOFfIv.exe

C:\Windows\System\cnBubEp.exe

C:\Windows\System\cnBubEp.exe

C:\Windows\System\alhtPPF.exe

C:\Windows\System\alhtPPF.exe

C:\Windows\System\sHEYAqc.exe

C:\Windows\System\sHEYAqc.exe

C:\Windows\System\fKffgkd.exe

C:\Windows\System\fKffgkd.exe

C:\Windows\System\ipPeHrA.exe

C:\Windows\System\ipPeHrA.exe

C:\Windows\System\tzWhVFu.exe

C:\Windows\System\tzWhVFu.exe

C:\Windows\System\OAIHPGp.exe

C:\Windows\System\OAIHPGp.exe

C:\Windows\System\PvWAYoi.exe

C:\Windows\System\PvWAYoi.exe

C:\Windows\System\sABFvjC.exe

C:\Windows\System\sABFvjC.exe

C:\Windows\System\VkCNSiT.exe

C:\Windows\System\VkCNSiT.exe

C:\Windows\System\LdhoNAx.exe

C:\Windows\System\LdhoNAx.exe

C:\Windows\System\eSjrrjH.exe

C:\Windows\System\eSjrrjH.exe

C:\Windows\System\lBTmAOG.exe

C:\Windows\System\lBTmAOG.exe

C:\Windows\System\vRBLlno.exe

C:\Windows\System\vRBLlno.exe

C:\Windows\System\pEVVgdP.exe

C:\Windows\System\pEVVgdP.exe

C:\Windows\System\usSkGLx.exe

C:\Windows\System\usSkGLx.exe

C:\Windows\System\IUrSSle.exe

C:\Windows\System\IUrSSle.exe

C:\Windows\System\KAMRSmd.exe

C:\Windows\System\KAMRSmd.exe

C:\Windows\System\eWwQNko.exe

C:\Windows\System\eWwQNko.exe

C:\Windows\System\YOcQljx.exe

C:\Windows\System\YOcQljx.exe

C:\Windows\System\dICpmpg.exe

C:\Windows\System\dICpmpg.exe

C:\Windows\System\cHieSkt.exe

C:\Windows\System\cHieSkt.exe

C:\Windows\System\JXusiqJ.exe

C:\Windows\System\JXusiqJ.exe

C:\Windows\System\SxNlUJb.exe

C:\Windows\System\SxNlUJb.exe

C:\Windows\System\NufOrqU.exe

C:\Windows\System\NufOrqU.exe

C:\Windows\System\FgZmLzr.exe

C:\Windows\System\FgZmLzr.exe

C:\Windows\System\QzlrDVF.exe

C:\Windows\System\QzlrDVF.exe

C:\Windows\System\RZWUrkZ.exe

C:\Windows\System\RZWUrkZ.exe

C:\Windows\System\zZSUQRc.exe

C:\Windows\System\zZSUQRc.exe

C:\Windows\System\jSdiAAU.exe

C:\Windows\System\jSdiAAU.exe

C:\Windows\System\uXeCruq.exe

C:\Windows\System\uXeCruq.exe

C:\Windows\System\wsNMWgt.exe

C:\Windows\System\wsNMWgt.exe

C:\Windows\System\SnVbPTI.exe

C:\Windows\System\SnVbPTI.exe

C:\Windows\System\PWjHTJL.exe

C:\Windows\System\PWjHTJL.exe

C:\Windows\System\NjrYEzE.exe

C:\Windows\System\NjrYEzE.exe

C:\Windows\System\MaoRCjz.exe

C:\Windows\System\MaoRCjz.exe

C:\Windows\System\LYwWziw.exe

C:\Windows\System\LYwWziw.exe

C:\Windows\System\enphrpo.exe

C:\Windows\System\enphrpo.exe

C:\Windows\System\MnjQEYz.exe

C:\Windows\System\MnjQEYz.exe

C:\Windows\System\aKYGAqB.exe

C:\Windows\System\aKYGAqB.exe

C:\Windows\System\nZhUggu.exe

C:\Windows\System\nZhUggu.exe

C:\Windows\System\JJAHQxa.exe

C:\Windows\System\JJAHQxa.exe

C:\Windows\System\pltTswe.exe

C:\Windows\System\pltTswe.exe

C:\Windows\System\hgTWqYp.exe

C:\Windows\System\hgTWqYp.exe

C:\Windows\System\LqvgmhV.exe

C:\Windows\System\LqvgmhV.exe

C:\Windows\System\fhKmiyj.exe

C:\Windows\System\fhKmiyj.exe

C:\Windows\System\IrApuXB.exe

C:\Windows\System\IrApuXB.exe

C:\Windows\System\skEBMBq.exe

C:\Windows\System\skEBMBq.exe

C:\Windows\System\NWftDIy.exe

C:\Windows\System\NWftDIy.exe

C:\Windows\System\FewgSLD.exe

C:\Windows\System\FewgSLD.exe

C:\Windows\System\QxQdqtP.exe

C:\Windows\System\QxQdqtP.exe

C:\Windows\System\ahrKHjD.exe

C:\Windows\System\ahrKHjD.exe

C:\Windows\System\RXFwEdI.exe

C:\Windows\System\RXFwEdI.exe

C:\Windows\System\hnRsCrl.exe

C:\Windows\System\hnRsCrl.exe

C:\Windows\System\XGiZHSK.exe

C:\Windows\System\XGiZHSK.exe

C:\Windows\System\joTpRZr.exe

C:\Windows\System\joTpRZr.exe

C:\Windows\System\JRRwnfg.exe

C:\Windows\System\JRRwnfg.exe

C:\Windows\System\MBjIbkf.exe

C:\Windows\System\MBjIbkf.exe

C:\Windows\System\xxTuYOJ.exe

C:\Windows\System\xxTuYOJ.exe

C:\Windows\System\zsaVghg.exe

C:\Windows\System\zsaVghg.exe

C:\Windows\System\gQJXJMq.exe

C:\Windows\System\gQJXJMq.exe

C:\Windows\System\FvKlIGd.exe

C:\Windows\System\FvKlIGd.exe

C:\Windows\System\ljlakoW.exe

C:\Windows\System\ljlakoW.exe

C:\Windows\System\nhKXvUC.exe

C:\Windows\System\nhKXvUC.exe

C:\Windows\System\lfRVXma.exe

C:\Windows\System\lfRVXma.exe

C:\Windows\System\WHMvDQX.exe

C:\Windows\System\WHMvDQX.exe

C:\Windows\System\UeKlJsI.exe

C:\Windows\System\UeKlJsI.exe

C:\Windows\System\VGoMCxi.exe

C:\Windows\System\VGoMCxi.exe

C:\Windows\System\rfjQBsh.exe

C:\Windows\System\rfjQBsh.exe

C:\Windows\System\sSfEjhA.exe

C:\Windows\System\sSfEjhA.exe

C:\Windows\System\BBEhzxy.exe

C:\Windows\System\BBEhzxy.exe

C:\Windows\System\hSPBzYL.exe

C:\Windows\System\hSPBzYL.exe

C:\Windows\System\MniqZOG.exe

C:\Windows\System\MniqZOG.exe

C:\Windows\System\WNRxRTi.exe

C:\Windows\System\WNRxRTi.exe

C:\Windows\System\khxSHEE.exe

C:\Windows\System\khxSHEE.exe

C:\Windows\System\tGIqxCW.exe

C:\Windows\System\tGIqxCW.exe

C:\Windows\System\FrKZbBQ.exe

C:\Windows\System\FrKZbBQ.exe

C:\Windows\System\ZizUijM.exe

C:\Windows\System\ZizUijM.exe

C:\Windows\System\eqDapfr.exe

C:\Windows\System\eqDapfr.exe

C:\Windows\System\vWcRxVc.exe

C:\Windows\System\vWcRxVc.exe

C:\Windows\System\gFMDeNG.exe

C:\Windows\System\gFMDeNG.exe

C:\Windows\System\PVyHIqk.exe

C:\Windows\System\PVyHIqk.exe

C:\Windows\System\fkSpvcS.exe

C:\Windows\System\fkSpvcS.exe

C:\Windows\System\HycvOVg.exe

C:\Windows\System\HycvOVg.exe

C:\Windows\System\WHgduzZ.exe

C:\Windows\System\WHgduzZ.exe

C:\Windows\System\LcuEHrx.exe

C:\Windows\System\LcuEHrx.exe

C:\Windows\System\iuGLyPl.exe

C:\Windows\System\iuGLyPl.exe

C:\Windows\System\RaFwPPG.exe

C:\Windows\System\RaFwPPG.exe

C:\Windows\System\xQmOOIF.exe

C:\Windows\System\xQmOOIF.exe

C:\Windows\System\Jzlpfnf.exe

C:\Windows\System\Jzlpfnf.exe

C:\Windows\System\dlcooIy.exe

C:\Windows\System\dlcooIy.exe

C:\Windows\System\XGTirdT.exe

C:\Windows\System\XGTirdT.exe

C:\Windows\System\jJROfKn.exe

C:\Windows\System\jJROfKn.exe

C:\Windows\System\hcVVrJB.exe

C:\Windows\System\hcVVrJB.exe

C:\Windows\System\dpzEAtI.exe

C:\Windows\System\dpzEAtI.exe

C:\Windows\System\UJjcutP.exe

C:\Windows\System\UJjcutP.exe

C:\Windows\System\SLIAiGu.exe

C:\Windows\System\SLIAiGu.exe

C:\Windows\System\moJsWju.exe

C:\Windows\System\moJsWju.exe

C:\Windows\System\GNWWsdL.exe

C:\Windows\System\GNWWsdL.exe

C:\Windows\System\LdiHtLr.exe

C:\Windows\System\LdiHtLr.exe

C:\Windows\System\diKavzo.exe

C:\Windows\System\diKavzo.exe

C:\Windows\System\LQWcSkr.exe

C:\Windows\System\LQWcSkr.exe

C:\Windows\System\uIqAfFV.exe

C:\Windows\System\uIqAfFV.exe

C:\Windows\System\nyoGpcb.exe

C:\Windows\System\nyoGpcb.exe

C:\Windows\System\QioevnV.exe

C:\Windows\System\QioevnV.exe

C:\Windows\System\OkALxuT.exe

C:\Windows\System\OkALxuT.exe

C:\Windows\System\hvtVizq.exe

C:\Windows\System\hvtVizq.exe

C:\Windows\System\HwwIUpU.exe

C:\Windows\System\HwwIUpU.exe

C:\Windows\System\yajnGjn.exe

C:\Windows\System\yajnGjn.exe

C:\Windows\System\jRSRJra.exe

C:\Windows\System\jRSRJra.exe

C:\Windows\System\ujaGEBM.exe

C:\Windows\System\ujaGEBM.exe

C:\Windows\System\DeUbSjE.exe

C:\Windows\System\DeUbSjE.exe

C:\Windows\System\LXawHNa.exe

C:\Windows\System\LXawHNa.exe

C:\Windows\System\MLFtYUq.exe

C:\Windows\System\MLFtYUq.exe

C:\Windows\System\fGjbDKY.exe

C:\Windows\System\fGjbDKY.exe

C:\Windows\System\qfQqiRw.exe

C:\Windows\System\qfQqiRw.exe

C:\Windows\System\XdBaHUE.exe

C:\Windows\System\XdBaHUE.exe

C:\Windows\System\AiReEYp.exe

C:\Windows\System\AiReEYp.exe

C:\Windows\System\yNGbqsT.exe

C:\Windows\System\yNGbqsT.exe

C:\Windows\System\gKvsZtb.exe

C:\Windows\System\gKvsZtb.exe

C:\Windows\System\udhEsZe.exe

C:\Windows\System\udhEsZe.exe

C:\Windows\System\FygMVwd.exe

C:\Windows\System\FygMVwd.exe

C:\Windows\System\iUSXSjL.exe

C:\Windows\System\iUSXSjL.exe

C:\Windows\System\nCjKHTq.exe

C:\Windows\System\nCjKHTq.exe

C:\Windows\System\spUlMfz.exe

C:\Windows\System\spUlMfz.exe

C:\Windows\System\scECuEl.exe

C:\Windows\System\scECuEl.exe

C:\Windows\System\QTPtryH.exe

C:\Windows\System\QTPtryH.exe

C:\Windows\System\XRCylRc.exe

C:\Windows\System\XRCylRc.exe

C:\Windows\System\sXnVKvT.exe

C:\Windows\System\sXnVKvT.exe

C:\Windows\System\bpxaRHS.exe

C:\Windows\System\bpxaRHS.exe

C:\Windows\System\OsQhIyZ.exe

C:\Windows\System\OsQhIyZ.exe

C:\Windows\System\FnafHBY.exe

C:\Windows\System\FnafHBY.exe

C:\Windows\System\DZHZLCI.exe

C:\Windows\System\DZHZLCI.exe

C:\Windows\System\ptRLOPZ.exe

C:\Windows\System\ptRLOPZ.exe

C:\Windows\System\VOCIhPo.exe

C:\Windows\System\VOCIhPo.exe

C:\Windows\System\JbUpoRT.exe

C:\Windows\System\JbUpoRT.exe

C:\Windows\System\enqACRO.exe

C:\Windows\System\enqACRO.exe

C:\Windows\System\XqpFrgy.exe

C:\Windows\System\XqpFrgy.exe

C:\Windows\System\crBXiVe.exe

C:\Windows\System\crBXiVe.exe

C:\Windows\System\GrjPzQd.exe

C:\Windows\System\GrjPzQd.exe

C:\Windows\System\vJyXYFw.exe

C:\Windows\System\vJyXYFw.exe

C:\Windows\System\KBAJYIG.exe

C:\Windows\System\KBAJYIG.exe

C:\Windows\System\wFOdloH.exe

C:\Windows\System\wFOdloH.exe

C:\Windows\System\UTKNdXK.exe

C:\Windows\System\UTKNdXK.exe

C:\Windows\System\eXmRiHi.exe

C:\Windows\System\eXmRiHi.exe

C:\Windows\System\ILFTxtE.exe

C:\Windows\System\ILFTxtE.exe

C:\Windows\System\LtoBWuj.exe

C:\Windows\System\LtoBWuj.exe

C:\Windows\System\IKWrfGE.exe

C:\Windows\System\IKWrfGE.exe

C:\Windows\System\alaxDOB.exe

C:\Windows\System\alaxDOB.exe

C:\Windows\System\hUOmujP.exe

C:\Windows\System\hUOmujP.exe

C:\Windows\System\gwdxqGC.exe

C:\Windows\System\gwdxqGC.exe

C:\Windows\System\egRfvaK.exe

C:\Windows\System\egRfvaK.exe

C:\Windows\System\KOHbFBx.exe

C:\Windows\System\KOHbFBx.exe

C:\Windows\System\OHrVDOO.exe

C:\Windows\System\OHrVDOO.exe

C:\Windows\System\OdDUKrp.exe

C:\Windows\System\OdDUKrp.exe

C:\Windows\System\eXPtlsx.exe

C:\Windows\System\eXPtlsx.exe

C:\Windows\System\ncLHfYl.exe

C:\Windows\System\ncLHfYl.exe

C:\Windows\System\aoZorno.exe

C:\Windows\System\aoZorno.exe

C:\Windows\System\sUqQgHP.exe

C:\Windows\System\sUqQgHP.exe

C:\Windows\System\yllQKOE.exe

C:\Windows\System\yllQKOE.exe

C:\Windows\System\YQlrFkj.exe

C:\Windows\System\YQlrFkj.exe

C:\Windows\System\iDhawUA.exe

C:\Windows\System\iDhawUA.exe

C:\Windows\System\uOuEBXb.exe

C:\Windows\System\uOuEBXb.exe

C:\Windows\System\rYtekWu.exe

C:\Windows\System\rYtekWu.exe

C:\Windows\System\frARspq.exe

C:\Windows\System\frARspq.exe

C:\Windows\System\MEHfWMJ.exe

C:\Windows\System\MEHfWMJ.exe

C:\Windows\System\oXEmdsv.exe

C:\Windows\System\oXEmdsv.exe

C:\Windows\System\LtlySbH.exe

C:\Windows\System\LtlySbH.exe

C:\Windows\System\PNZVmEv.exe

C:\Windows\System\PNZVmEv.exe

C:\Windows\System\VIlwkdh.exe

C:\Windows\System\VIlwkdh.exe

C:\Windows\System\YmxmOys.exe

C:\Windows\System\YmxmOys.exe

C:\Windows\System\WFKUpwn.exe

C:\Windows\System\WFKUpwn.exe

C:\Windows\System\skXlXhY.exe

C:\Windows\System\skXlXhY.exe

C:\Windows\System\pEKjdwM.exe

C:\Windows\System\pEKjdwM.exe

C:\Windows\System\VMbGSdy.exe

C:\Windows\System\VMbGSdy.exe

C:\Windows\System\OygZYpN.exe

C:\Windows\System\OygZYpN.exe

C:\Windows\System\npbiDQy.exe

C:\Windows\System\npbiDQy.exe

C:\Windows\System\EdTUFZG.exe

C:\Windows\System\EdTUFZG.exe

C:\Windows\System\NKrNEfH.exe

C:\Windows\System\NKrNEfH.exe

C:\Windows\System\sDcqYkq.exe

C:\Windows\System\sDcqYkq.exe

C:\Windows\System\laZDKjn.exe

C:\Windows\System\laZDKjn.exe

C:\Windows\System\NoNsuaA.exe

C:\Windows\System\NoNsuaA.exe

C:\Windows\System\XggAVBf.exe

C:\Windows\System\XggAVBf.exe

C:\Windows\System\daXqtud.exe

C:\Windows\System\daXqtud.exe

C:\Windows\System\fukvtpt.exe

C:\Windows\System\fukvtpt.exe

C:\Windows\System\uMnZKKG.exe

C:\Windows\System\uMnZKKG.exe

C:\Windows\System\mahLZMD.exe

C:\Windows\System\mahLZMD.exe

C:\Windows\System\ZgpoJgd.exe

C:\Windows\System\ZgpoJgd.exe

C:\Windows\System\HdPypcx.exe

C:\Windows\System\HdPypcx.exe

C:\Windows\System\Ogyflyz.exe

C:\Windows\System\Ogyflyz.exe

C:\Windows\System\ssjCkzn.exe

C:\Windows\System\ssjCkzn.exe

C:\Windows\System\fIGzsjP.exe

C:\Windows\System\fIGzsjP.exe

C:\Windows\System\dZuTUGc.exe

C:\Windows\System\dZuTUGc.exe

C:\Windows\System\CAkDzBN.exe

C:\Windows\System\CAkDzBN.exe

C:\Windows\System\stClLId.exe

C:\Windows\System\stClLId.exe

C:\Windows\System\hoDLbbV.exe

C:\Windows\System\hoDLbbV.exe

C:\Windows\System\GgfqLoJ.exe

C:\Windows\System\GgfqLoJ.exe

C:\Windows\System\dOaeGNb.exe

C:\Windows\System\dOaeGNb.exe

C:\Windows\System\mJjQroG.exe

C:\Windows\System\mJjQroG.exe

C:\Windows\System\tPNYKOo.exe

C:\Windows\System\tPNYKOo.exe

C:\Windows\System\ljsoqOv.exe

C:\Windows\System\ljsoqOv.exe

C:\Windows\System\KsYcYbJ.exe

C:\Windows\System\KsYcYbJ.exe

C:\Windows\System\icBlaed.exe

C:\Windows\System\icBlaed.exe

C:\Windows\System\AcQqjYY.exe

C:\Windows\System\AcQqjYY.exe

C:\Windows\System\NAeVFGO.exe

C:\Windows\System\NAeVFGO.exe

C:\Windows\System\iYCBzGz.exe

C:\Windows\System\iYCBzGz.exe

C:\Windows\System\MMYtwwc.exe

C:\Windows\System\MMYtwwc.exe

C:\Windows\System\kmkteSe.exe

C:\Windows\System\kmkteSe.exe

C:\Windows\System\khqCJAO.exe

C:\Windows\System\khqCJAO.exe

C:\Windows\System\LJvkOPA.exe

C:\Windows\System\LJvkOPA.exe

C:\Windows\System\fkKlaLN.exe

C:\Windows\System\fkKlaLN.exe

C:\Windows\System\SQygTtb.exe

C:\Windows\System\SQygTtb.exe

C:\Windows\System\VZUAFFW.exe

C:\Windows\System\VZUAFFW.exe

C:\Windows\System\yLyMZzD.exe

C:\Windows\System\yLyMZzD.exe

C:\Windows\System\XYesQMj.exe

C:\Windows\System\XYesQMj.exe

C:\Windows\System\qqRWAtt.exe

C:\Windows\System\qqRWAtt.exe

C:\Windows\System\pIbjnpm.exe

C:\Windows\System\pIbjnpm.exe

C:\Windows\System\QjzfOMC.exe

C:\Windows\System\QjzfOMC.exe

C:\Windows\System\JkGYdaW.exe

C:\Windows\System\JkGYdaW.exe

C:\Windows\System\SuRqDqo.exe

C:\Windows\System\SuRqDqo.exe

C:\Windows\System\ZWuQfPo.exe

C:\Windows\System\ZWuQfPo.exe

C:\Windows\System\CDhmMdB.exe

C:\Windows\System\CDhmMdB.exe

C:\Windows\System\tPjNzbt.exe

C:\Windows\System\tPjNzbt.exe

C:\Windows\System\bjAsUUO.exe

C:\Windows\System\bjAsUUO.exe

C:\Windows\System\DlssSRo.exe

C:\Windows\System\DlssSRo.exe

C:\Windows\System\LeHetfz.exe

C:\Windows\System\LeHetfz.exe

C:\Windows\System\peyqfym.exe

C:\Windows\System\peyqfym.exe

C:\Windows\System\sbbThYe.exe

C:\Windows\System\sbbThYe.exe

C:\Windows\System\YaWEXbi.exe

C:\Windows\System\YaWEXbi.exe

C:\Windows\System\YbUVCgw.exe

C:\Windows\System\YbUVCgw.exe

C:\Windows\System\whrSWel.exe

C:\Windows\System\whrSWel.exe

C:\Windows\System\amCpcCl.exe

C:\Windows\System\amCpcCl.exe

C:\Windows\System\ubUxwxG.exe

C:\Windows\System\ubUxwxG.exe

C:\Windows\System\wUVcrQL.exe

C:\Windows\System\wUVcrQL.exe

C:\Windows\System\mNBPiWQ.exe

C:\Windows\System\mNBPiWQ.exe

C:\Windows\System\nCuJxKb.exe

C:\Windows\System\nCuJxKb.exe

C:\Windows\System\GFbvGng.exe

C:\Windows\System\GFbvGng.exe

C:\Windows\System\zZuebNn.exe

C:\Windows\System\zZuebNn.exe

C:\Windows\System\NNmKngF.exe

C:\Windows\System\NNmKngF.exe

C:\Windows\System\DIYfUJk.exe

C:\Windows\System\DIYfUJk.exe

C:\Windows\System\QcPFNDi.exe

C:\Windows\System\QcPFNDi.exe

C:\Windows\System\hcIMRni.exe

C:\Windows\System\hcIMRni.exe

C:\Windows\System\qAbDHFM.exe

C:\Windows\System\qAbDHFM.exe

C:\Windows\System\mCNxqzP.exe

C:\Windows\System\mCNxqzP.exe

C:\Windows\System\dShIPGL.exe

C:\Windows\System\dShIPGL.exe

C:\Windows\System\WIyqiBd.exe

C:\Windows\System\WIyqiBd.exe

C:\Windows\System\NIgxzMQ.exe

C:\Windows\System\NIgxzMQ.exe

C:\Windows\System\tBDxrHY.exe

C:\Windows\System\tBDxrHY.exe

C:\Windows\System\qXsHcwb.exe

C:\Windows\System\qXsHcwb.exe

C:\Windows\System\liQUnbo.exe

C:\Windows\System\liQUnbo.exe

C:\Windows\System\NWZDkqB.exe

C:\Windows\System\NWZDkqB.exe

C:\Windows\System\XqKYeTf.exe

C:\Windows\System\XqKYeTf.exe

C:\Windows\System\ZAeOqRW.exe

C:\Windows\System\ZAeOqRW.exe

C:\Windows\System\weYTZRf.exe

C:\Windows\System\weYTZRf.exe

C:\Windows\System\uWiIJjo.exe

C:\Windows\System\uWiIJjo.exe

C:\Windows\System\aVaBYWE.exe

C:\Windows\System\aVaBYWE.exe

C:\Windows\System\yCcSJUq.exe

C:\Windows\System\yCcSJUq.exe

C:\Windows\System\eEmejCY.exe

C:\Windows\System\eEmejCY.exe

C:\Windows\System\lMgMEXX.exe

C:\Windows\System\lMgMEXX.exe

C:\Windows\System\HyyUWQr.exe

C:\Windows\System\HyyUWQr.exe

C:\Windows\System\cnLXonA.exe

C:\Windows\System\cnLXonA.exe

C:\Windows\System\BuHlfvE.exe

C:\Windows\System\BuHlfvE.exe

C:\Windows\System\MIFSQzE.exe

C:\Windows\System\MIFSQzE.exe

C:\Windows\System\HZevBjz.exe

C:\Windows\System\HZevBjz.exe

C:\Windows\System\FhEpWFT.exe

C:\Windows\System\FhEpWFT.exe

C:\Windows\System\CPJQxcV.exe

C:\Windows\System\CPJQxcV.exe

C:\Windows\System\cwFdPcO.exe

C:\Windows\System\cwFdPcO.exe

C:\Windows\System\HdUiffX.exe

C:\Windows\System\HdUiffX.exe

C:\Windows\System\OzebkPC.exe

C:\Windows\System\OzebkPC.exe

C:\Windows\System\pYltLDl.exe

C:\Windows\System\pYltLDl.exe

C:\Windows\System\YwcvWqx.exe

C:\Windows\System\YwcvWqx.exe

C:\Windows\System\jongpVQ.exe

C:\Windows\System\jongpVQ.exe

C:\Windows\System\oEhXvwz.exe

C:\Windows\System\oEhXvwz.exe

C:\Windows\System\nojPRHU.exe

C:\Windows\System\nojPRHU.exe

C:\Windows\System\RysQLWF.exe

C:\Windows\System\RysQLWF.exe

C:\Windows\System\YGxrSiT.exe

C:\Windows\System\YGxrSiT.exe

C:\Windows\System\rQCzYdC.exe

C:\Windows\System\rQCzYdC.exe

C:\Windows\System\iJbFysx.exe

C:\Windows\System\iJbFysx.exe

C:\Windows\System\QMVwupI.exe

C:\Windows\System\QMVwupI.exe

C:\Windows\System\qaNYipy.exe

C:\Windows\System\qaNYipy.exe

C:\Windows\System\AUILQXa.exe

C:\Windows\System\AUILQXa.exe

C:\Windows\System\wTamsYx.exe

C:\Windows\System\wTamsYx.exe

C:\Windows\System\AVRMqyw.exe

C:\Windows\System\AVRMqyw.exe

C:\Windows\System\XRllHjO.exe

C:\Windows\System\XRllHjO.exe

C:\Windows\System\vmVwmuO.exe

C:\Windows\System\vmVwmuO.exe

C:\Windows\System\JQFgvlY.exe

C:\Windows\System\JQFgvlY.exe

C:\Windows\System\HrTMhuI.exe

C:\Windows\System\HrTMhuI.exe

C:\Windows\System\QYuLeTe.exe

C:\Windows\System\QYuLeTe.exe

C:\Windows\System\uQhqrYC.exe

C:\Windows\System\uQhqrYC.exe

C:\Windows\System\ZSUvhJa.exe

C:\Windows\System\ZSUvhJa.exe

C:\Windows\System\LJacOdf.exe

C:\Windows\System\LJacOdf.exe

C:\Windows\System\aPHySAF.exe

C:\Windows\System\aPHySAF.exe

C:\Windows\System\gAdHWeB.exe

C:\Windows\System\gAdHWeB.exe

C:\Windows\System\wACYIBa.exe

C:\Windows\System\wACYIBa.exe

C:\Windows\System\oFRPHvX.exe

C:\Windows\System\oFRPHvX.exe

C:\Windows\System\MeQsMem.exe

C:\Windows\System\MeQsMem.exe

C:\Windows\System\fjtclIc.exe

C:\Windows\System\fjtclIc.exe

C:\Windows\System\ppHVpEo.exe

C:\Windows\System\ppHVpEo.exe

C:\Windows\System\MGNosSn.exe

C:\Windows\System\MGNosSn.exe

C:\Windows\System\EolYBey.exe

C:\Windows\System\EolYBey.exe

C:\Windows\System\CVHkdfp.exe

C:\Windows\System\CVHkdfp.exe

C:\Windows\System\ENSgSMt.exe

C:\Windows\System\ENSgSMt.exe

C:\Windows\System\CEntjyA.exe

C:\Windows\System\CEntjyA.exe

C:\Windows\System\nqxEdEN.exe

C:\Windows\System\nqxEdEN.exe

C:\Windows\System\WDMNCQT.exe

C:\Windows\System\WDMNCQT.exe

C:\Windows\System\sXvOwNO.exe

C:\Windows\System\sXvOwNO.exe

C:\Windows\System\atPYecg.exe

C:\Windows\System\atPYecg.exe

C:\Windows\System\lLNJaXl.exe

C:\Windows\System\lLNJaXl.exe

C:\Windows\System\RcKllSS.exe

C:\Windows\System\RcKllSS.exe

C:\Windows\System\mKSDQsZ.exe

C:\Windows\System\mKSDQsZ.exe

C:\Windows\System\oxWpwnt.exe

C:\Windows\System\oxWpwnt.exe

C:\Windows\System\YSXHmxf.exe

C:\Windows\System\YSXHmxf.exe

C:\Windows\System\akDwveG.exe

C:\Windows\System\akDwveG.exe

C:\Windows\System\VZkYePe.exe

C:\Windows\System\VZkYePe.exe

C:\Windows\System\npAStkh.exe

C:\Windows\System\npAStkh.exe

C:\Windows\System\nFplWpJ.exe

C:\Windows\System\nFplWpJ.exe

C:\Windows\System\beJLJyh.exe

C:\Windows\System\beJLJyh.exe

C:\Windows\System\EiWjuQZ.exe

C:\Windows\System\EiWjuQZ.exe

C:\Windows\System\csaUZFp.exe

C:\Windows\System\csaUZFp.exe

C:\Windows\System\odTCdds.exe

C:\Windows\System\odTCdds.exe

C:\Windows\System\gBFrxVD.exe

C:\Windows\System\gBFrxVD.exe

C:\Windows\System\yAlyjVD.exe

C:\Windows\System\yAlyjVD.exe

C:\Windows\System\tRSQWnP.exe

C:\Windows\System\tRSQWnP.exe

C:\Windows\System\VoHwBgJ.exe

C:\Windows\System\VoHwBgJ.exe

C:\Windows\System\uoDgqmB.exe

C:\Windows\System\uoDgqmB.exe

C:\Windows\System\YIpzlvP.exe

C:\Windows\System\YIpzlvP.exe

C:\Windows\System\gEiiQZe.exe

C:\Windows\System\gEiiQZe.exe

C:\Windows\System\pWnKtOV.exe

C:\Windows\System\pWnKtOV.exe

C:\Windows\System\TqyAsAc.exe

C:\Windows\System\TqyAsAc.exe

C:\Windows\System\HWsuosR.exe

C:\Windows\System\HWsuosR.exe

C:\Windows\System\xqpuFbW.exe

C:\Windows\System\xqpuFbW.exe

C:\Windows\System\fohQKRr.exe

C:\Windows\System\fohQKRr.exe

C:\Windows\System\qoaMIMg.exe

C:\Windows\System\qoaMIMg.exe

C:\Windows\System\rortgqa.exe

C:\Windows\System\rortgqa.exe

C:\Windows\System\mEemoTa.exe

C:\Windows\System\mEemoTa.exe

C:\Windows\System\dZpLQmg.exe

C:\Windows\System\dZpLQmg.exe

C:\Windows\System\McOPcKX.exe

C:\Windows\System\McOPcKX.exe

C:\Windows\System\gwNcISA.exe

C:\Windows\System\gwNcISA.exe

C:\Windows\System\fKWXxxo.exe

C:\Windows\System\fKWXxxo.exe

C:\Windows\System\MspwoKq.exe

C:\Windows\System\MspwoKq.exe

C:\Windows\System\gqwNhiA.exe

C:\Windows\System\gqwNhiA.exe

C:\Windows\System\yJjekBB.exe

C:\Windows\System\yJjekBB.exe

C:\Windows\System\ddOHiZV.exe

C:\Windows\System\ddOHiZV.exe

C:\Windows\System\ghhBixx.exe

C:\Windows\System\ghhBixx.exe

C:\Windows\System\VskikUz.exe

C:\Windows\System\VskikUz.exe

C:\Windows\System\wdykxbN.exe

C:\Windows\System\wdykxbN.exe

C:\Windows\System\aRlvrnu.exe

C:\Windows\System\aRlvrnu.exe

C:\Windows\System\qoHFLul.exe

C:\Windows\System\qoHFLul.exe

C:\Windows\System\EhUhJWK.exe

C:\Windows\System\EhUhJWK.exe

C:\Windows\System\PMpWqsO.exe

C:\Windows\System\PMpWqsO.exe

C:\Windows\System\mAQlLrz.exe

C:\Windows\System\mAQlLrz.exe

C:\Windows\System\svBKiip.exe

C:\Windows\System\svBKiip.exe

C:\Windows\System\HOgOnun.exe

C:\Windows\System\HOgOnun.exe

C:\Windows\System\NbCqlNl.exe

C:\Windows\System\NbCqlNl.exe

C:\Windows\System\VaGFDJS.exe

C:\Windows\System\VaGFDJS.exe

C:\Windows\System\VkZOart.exe

C:\Windows\System\VkZOart.exe

C:\Windows\System\zsTJLWN.exe

C:\Windows\System\zsTJLWN.exe

C:\Windows\System\SrPCjby.exe

C:\Windows\System\SrPCjby.exe

C:\Windows\System\uRgRSmB.exe

C:\Windows\System\uRgRSmB.exe

C:\Windows\System\KIhDEvk.exe

C:\Windows\System\KIhDEvk.exe

C:\Windows\System\VzYTltT.exe

C:\Windows\System\VzYTltT.exe

C:\Windows\System\yuDfmEu.exe

C:\Windows\System\yuDfmEu.exe

C:\Windows\System\UqVsjjf.exe

C:\Windows\System\UqVsjjf.exe

C:\Windows\System\LzJVnRW.exe

C:\Windows\System\LzJVnRW.exe

C:\Windows\System\iAbZpDU.exe

C:\Windows\System\iAbZpDU.exe

C:\Windows\System\ssCFqrd.exe

C:\Windows\System\ssCFqrd.exe

C:\Windows\System\ASiZuuD.exe

C:\Windows\System\ASiZuuD.exe

C:\Windows\System\zqVVPpk.exe

C:\Windows\System\zqVVPpk.exe

C:\Windows\System\CHgwzff.exe

C:\Windows\System\CHgwzff.exe

C:\Windows\System\PDoxmpG.exe

C:\Windows\System\PDoxmpG.exe

C:\Windows\System\dFPVrTt.exe

C:\Windows\System\dFPVrTt.exe

C:\Windows\System\GUyyaDv.exe

C:\Windows\System\GUyyaDv.exe

C:\Windows\System\UmCFknz.exe

C:\Windows\System\UmCFknz.exe

C:\Windows\System\NULoege.exe

C:\Windows\System\NULoege.exe

C:\Windows\System\EaCSATb.exe

C:\Windows\System\EaCSATb.exe

C:\Windows\System\emTMeMr.exe

C:\Windows\System\emTMeMr.exe

C:\Windows\System\DaQEhOB.exe

C:\Windows\System\DaQEhOB.exe

C:\Windows\System\iNlKZJw.exe

C:\Windows\System\iNlKZJw.exe

C:\Windows\System\saXuAjn.exe

C:\Windows\System\saXuAjn.exe

C:\Windows\System\kReIxao.exe

C:\Windows\System\kReIxao.exe

C:\Windows\System\PaMqZoS.exe

C:\Windows\System\PaMqZoS.exe

C:\Windows\System\USVCEYF.exe

C:\Windows\System\USVCEYF.exe

C:\Windows\System\EnliPCq.exe

C:\Windows\System\EnliPCq.exe

C:\Windows\System\ekPnssu.exe

C:\Windows\System\ekPnssu.exe

C:\Windows\System\IgLmZcd.exe

C:\Windows\System\IgLmZcd.exe

C:\Windows\System\ohrUGuO.exe

C:\Windows\System\ohrUGuO.exe

C:\Windows\System\guQyFAt.exe

C:\Windows\System\guQyFAt.exe

C:\Windows\System\NnqViCO.exe

C:\Windows\System\NnqViCO.exe

C:\Windows\System\OcMItmR.exe

C:\Windows\System\OcMItmR.exe

C:\Windows\System\qxaoZuj.exe

C:\Windows\System\qxaoZuj.exe

C:\Windows\System\EYQMHhM.exe

C:\Windows\System\EYQMHhM.exe

C:\Windows\System\OCZhaBd.exe

C:\Windows\System\OCZhaBd.exe

C:\Windows\System\BRHpSpl.exe

C:\Windows\System\BRHpSpl.exe

C:\Windows\System\iWNJXPF.exe

C:\Windows\System\iWNJXPF.exe

C:\Windows\System\Rreedaw.exe

C:\Windows\System\Rreedaw.exe

C:\Windows\System\ATNjsZm.exe

C:\Windows\System\ATNjsZm.exe

C:\Windows\System\isidRvJ.exe

C:\Windows\System\isidRvJ.exe

C:\Windows\System\hehoHlB.exe

C:\Windows\System\hehoHlB.exe

C:\Windows\System\BCanhOj.exe

C:\Windows\System\BCanhOj.exe

C:\Windows\System\mksCRSG.exe

C:\Windows\System\mksCRSG.exe

C:\Windows\System\qMwcAfY.exe

C:\Windows\System\qMwcAfY.exe

C:\Windows\System\uwVWlzc.exe

C:\Windows\System\uwVWlzc.exe

C:\Windows\System\UyAawEN.exe

C:\Windows\System\UyAawEN.exe

C:\Windows\System\FsITNVG.exe

C:\Windows\System\FsITNVG.exe

C:\Windows\System\pDfXiXM.exe

C:\Windows\System\pDfXiXM.exe

C:\Windows\System\MTwvOPo.exe

C:\Windows\System\MTwvOPo.exe

C:\Windows\System\UGNLmvy.exe

C:\Windows\System\UGNLmvy.exe

C:\Windows\System\SWJzWib.exe

C:\Windows\System\SWJzWib.exe

C:\Windows\System\CouKMsk.exe

C:\Windows\System\CouKMsk.exe

C:\Windows\System\WbRKyoZ.exe

C:\Windows\System\WbRKyoZ.exe

C:\Windows\System\nAcyOll.exe

C:\Windows\System\nAcyOll.exe

C:\Windows\System\horHWIb.exe

C:\Windows\System\horHWIb.exe

C:\Windows\System\wWsMpiw.exe

C:\Windows\System\wWsMpiw.exe

C:\Windows\System\UfdrPpl.exe

C:\Windows\System\UfdrPpl.exe

C:\Windows\System\CBsnfsG.exe

C:\Windows\System\CBsnfsG.exe

C:\Windows\System\TZXxPCG.exe

C:\Windows\System\TZXxPCG.exe

C:\Windows\System\RChkmDV.exe

C:\Windows\System\RChkmDV.exe

C:\Windows\System\ZEXjLcF.exe

C:\Windows\System\ZEXjLcF.exe

C:\Windows\System\VSLBQmP.exe

C:\Windows\System\VSLBQmP.exe

C:\Windows\System\ZKiMldh.exe

C:\Windows\System\ZKiMldh.exe

C:\Windows\System\pvOnJqs.exe

C:\Windows\System\pvOnJqs.exe

C:\Windows\System\jGpXjpY.exe

C:\Windows\System\jGpXjpY.exe

C:\Windows\System\VNqOBXD.exe

C:\Windows\System\VNqOBXD.exe

C:\Windows\System\SFedqUh.exe

C:\Windows\System\SFedqUh.exe

C:\Windows\System\sQKRExC.exe

C:\Windows\System\sQKRExC.exe

C:\Windows\System\RpBTuGA.exe

C:\Windows\System\RpBTuGA.exe

C:\Windows\System\sMKArAy.exe

C:\Windows\System\sMKArAy.exe

C:\Windows\System\qWMrJvJ.exe

C:\Windows\System\qWMrJvJ.exe

C:\Windows\System\BdrKvky.exe

C:\Windows\System\BdrKvky.exe

C:\Windows\System\vZHarqv.exe

C:\Windows\System\vZHarqv.exe

C:\Windows\System\oKbPwxa.exe

C:\Windows\System\oKbPwxa.exe

C:\Windows\System\dMmdeaB.exe

C:\Windows\System\dMmdeaB.exe

C:\Windows\System\ejiwjaw.exe

C:\Windows\System\ejiwjaw.exe

C:\Windows\System\sjjyXMq.exe

C:\Windows\System\sjjyXMq.exe

C:\Windows\System\vwwKhbV.exe

C:\Windows\System\vwwKhbV.exe

C:\Windows\System\bZuFplB.exe

C:\Windows\System\bZuFplB.exe

C:\Windows\System\iBjpAxu.exe

C:\Windows\System\iBjpAxu.exe

C:\Windows\System\TLbMJQy.exe

C:\Windows\System\TLbMJQy.exe

C:\Windows\System\VbIhoHQ.exe

C:\Windows\System\VbIhoHQ.exe

C:\Windows\System\rlMFncB.exe

C:\Windows\System\rlMFncB.exe

C:\Windows\System\FBfNiNc.exe

C:\Windows\System\FBfNiNc.exe

C:\Windows\System\MJlhnei.exe

C:\Windows\System\MJlhnei.exe

C:\Windows\System\hyjgfbX.exe

C:\Windows\System\hyjgfbX.exe

C:\Windows\System\ulKtENH.exe

C:\Windows\System\ulKtENH.exe

C:\Windows\System\nxfCiHd.exe

C:\Windows\System\nxfCiHd.exe

C:\Windows\System\vcHhzps.exe

C:\Windows\System\vcHhzps.exe

C:\Windows\System\YHmtNJP.exe

C:\Windows\System\YHmtNJP.exe

C:\Windows\System\SRInrUx.exe

C:\Windows\System\SRInrUx.exe

C:\Windows\System\AUvvDaP.exe

C:\Windows\System\AUvvDaP.exe

C:\Windows\System\fPSXsPx.exe

C:\Windows\System\fPSXsPx.exe

C:\Windows\System\ilaNhlt.exe

C:\Windows\System\ilaNhlt.exe

C:\Windows\System\arfcLfQ.exe

C:\Windows\System\arfcLfQ.exe

C:\Windows\System\SiAQhDC.exe

C:\Windows\System\SiAQhDC.exe

C:\Windows\System\PBQCiLS.exe

C:\Windows\System\PBQCiLS.exe

C:\Windows\System\KppTJgS.exe

C:\Windows\System\KppTJgS.exe

C:\Windows\System\eEaLUUK.exe

C:\Windows\System\eEaLUUK.exe

C:\Windows\System\AMpXiQq.exe

C:\Windows\System\AMpXiQq.exe

C:\Windows\System\puoSwtt.exe

C:\Windows\System\puoSwtt.exe

C:\Windows\System\JDaFVSX.exe

C:\Windows\System\JDaFVSX.exe

C:\Windows\System\OybAtYa.exe

C:\Windows\System\OybAtYa.exe

C:\Windows\System\UOSZvWj.exe

C:\Windows\System\UOSZvWj.exe

C:\Windows\System\BeYfqFC.exe

C:\Windows\System\BeYfqFC.exe

C:\Windows\System\pfFRExg.exe

C:\Windows\System\pfFRExg.exe

C:\Windows\System\OKDkOAe.exe

C:\Windows\System\OKDkOAe.exe

C:\Windows\System\dhBXLXp.exe

C:\Windows\System\dhBXLXp.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1968-0-0x0000021AD1270000-0x0000021AD1280000-memory.dmp

C:\Windows\System\ziVdMiY.exe

MD5 7ec57f935f14e28bf58fd354d356803c
SHA1 7c58718adab50961b7bcecffb35dadd1259a2425
SHA256 7963734610427288150cdd582935b33f216f92f39c4d26b107ab3e5342683d90
SHA512 0233c25f492f73181208f6b4f8ac3a5aab6298329cc4986c1e8aa32c3061c36dc710a19d74e29b9038aeb386bd93496a438d65e20104ddf9cab5436c1cc4e0ec

C:\Windows\System\sOJkXyJ.exe

MD5 10ed96382785dc67cee3ce490134e8c6
SHA1 e588b2079c15e5f9fcda07a6334a523bcada1332
SHA256 06afe34ecfc63457b2d33499504dce8eb8ba20f9b1f25e980ea31362512b2b8b
SHA512 5db083b5ffaef19689b0c44c41cdaca7e78355750f238a6306f9dae3f4160df1c49ca289fc8dcf6afba091a19e84e267e684852f972f62625a68339b18e596d0

C:\Windows\System\CABmLSU.exe

MD5 9a73fe7a9e638758a1e86f0ff7a69b01
SHA1 31a87ab48d1c90dddd0b2a91045ad0571ea4c453
SHA256 a0e362b123ace9b3da2140b9d62fc18f9da9d4cc63d5442d28d625040796e58a
SHA512 d466aafd125e0191634904cd545185e574bf6499897235fad5da2af8d0e8f68b18b33c5490d67ee9a251b5a5c3f850efdb60e5de9c3ab8b96e131726628e1610

C:\Windows\System\orNSLCQ.exe

MD5 f9bf174a78b58b7b5e51348ec4b3c180
SHA1 87914ca604eb1d4e855a82f5098da442320a0d24
SHA256 118862bb2ddd3d5729a8bd725fb5b34a54ab419748998b8d8f1e5823e8a459cf
SHA512 c92f9f23811630cd21f146c506ebeadffbe365dc78253013c5a7ce23a0bf49e96b3f4a3fbc417b549e55fb358ab41d34e7f447f20f7a8c5a94ac9d44995d4d36

C:\Windows\System\idyOMZf.exe

MD5 2a4ad6423f5e774715b37eae406a7a1e
SHA1 20189a1bda7e1696d3b59c8ffce4d5ab951aa399
SHA256 8f373fbb97f5a3141ca92bf5c4e177feec9e3b7d8eae4cefd743a80548f1b225
SHA512 bf4249cf4f9282f12495529626b0202b9e0615e8683126ffbef5c69b4dfc76238f44d13aeb5acfb21ce5044969986379b1e51177397b4eb2b94f23c091ed344d

C:\Windows\System\WOAiMVK.exe

MD5 951d7dd915b11bcaf834e982941ef639
SHA1 52c37fcd94882ff9796e00ac82b127fd4c2faef7
SHA256 26372487f46891de6eb3105a7d126f5916e95849a830844afb1b8bc1bf7e3ee3
SHA512 842baf0a1acc1aa3ea8d0623c9a3fd2c06fef53b4d0f8c0cf8e8dddd205b61d66e87a71e594d7e24fefd4ecca65531443d10d97dfed78aad6cd33f8b919b6bee

C:\Windows\System\FoAHWoS.exe

MD5 7a4faa6138509ad577ca4d318a9fdf58
SHA1 fa52b609d61f3c983d0757fab55ab799a180b728
SHA256 1f575deb10f41fb055ba2264b4f203babf9e61221f6b1078403a83fdea1c0723
SHA512 ebccb8b2a7e3b2a8287e66aca01c0984c738ef9b5ebe24222f6ff69d59c2e28c45baafe4ee985bec76c140105dc76863c585ecd4bfa5803bddd49461e0bb1702

C:\Windows\System\ydgBWPG.exe

MD5 fca83d4b507d721e8e046221899af908
SHA1 f4adceffe062e309491306f711b39f9f92bf5a08
SHA256 76dbee2572872faba49c1868166fb7decf504470008ef9049c28e7fae0e06e72
SHA512 f69d3718d4a175f510a6a5452d8c64ef1f5e856bb2893146b6b18c30a416e24c6203b1cda9fc0fbfcf972ced402be047e88911bc9f976ee11c5299e40983fb97

C:\Windows\System\gOSnbij.exe

MD5 daef4c4ba8c9c2a67e7f4ec231d72f11
SHA1 9a5f746cdf561f0f9cd9e9975176506b69324fe5
SHA256 99bcf883edfbc6b36322afe92d2f11a8f2b6c9b709fcc55cd2bff8d15e4dc9ee
SHA512 4e74c49d6c54d2a28e2fb9727eacca9210ae29c8e34c87f58c82b49ea0b5f9cdff2a366f54aebd0d1d54d4c678286a8bb9f7bf79a0cb02da06d3263b3fda2295

C:\Windows\System\MyWkZpY.exe

MD5 fbd7e911db72af83e9e45f9f4498033c
SHA1 690b47dea53de316656efc7ea186f2a798505447
SHA256 879b4a79a5018f2a60c73a0238c73cda895ef4e9f77bf070e7a0ec2449299242
SHA512 efe5e2d16665fd93db1c01a56e3a507b246b3f204cd951e4d0674e21d4fce5ba0bd486ac790f47227ba40998ae8a31406c4e42d239a8687d3d857e5dd122a42d

C:\Windows\System\WSBBEUh.exe

MD5 e6d82297f04e9a2a93ab4e0acdba8c23
SHA1 bda770ada10b9a7fdd2c6aef3d76a163bded7c70
SHA256 5899ab76cb68bd186da9d4c4a3d0ed167bdd4a0dc3a9b6e127d1db06946dda66
SHA512 3711d3d9cdd2f9b0143848c338d2c0b1cc2d8954492f3467de943f6f3d658f09ed0d4637f2d8a899fb85ff983f8538f953a8ddb5263c0c93383f8a6dbf89c91b

C:\Windows\System\FZUWaFs.exe

MD5 0c21230700fd34df3a983ef151f46f9d
SHA1 d93f87d6f97fd457412b5788ccee993aa152b071
SHA256 829d12deba51f4da52cbec9720a03ddf9c72be3f3ddffce88d00b47066343922
SHA512 526ec4bf3c471c9d9e54ff68a11c5dd3510d522fdee4f1fbae8e83e45fad6b6a428a0de4da8d936a62688fc718534d6dd9668831b77d1a7b2e3471b320c3a593

C:\Windows\System\EMrrXwd.exe

MD5 7f5ec0b2ae4933a588fbce3dbff7e3a4
SHA1 cccba6683880262351a070e8af7f16d579a41f1b
SHA256 9f1f101c6a583ffe9a1712b6a658fb7e8dcab8001563a6a8ca7e4d67597a8e47
SHA512 38cee73d7695089d87712d7ef77b4ac0d9ca1d361a79d6c114d9342a1de6140fb7bd2d512527dc22453653f1f737ea8e1e59b69d7eb7855be7ac6507bd187845

C:\Windows\System\ecQRTtU.exe

MD5 0b99adb88af33e5254e77ebe6014c5ad
SHA1 924aa3f6a356e7b06e6c56029f4a7784d7979829
SHA256 01aa613cde697e133c025378cbc8badfda56e82585eebc6b395c1dc7fdfbd94d
SHA512 78f82fa3a2ed8a7d05106db4cde58404bfb9834735a36c42c69e7c084c6336d061c7aa78762f58f1c0b2b5e88cb192eb826aa8e512b964e20770026c762d9b4b

C:\Windows\System\PsujxND.exe

MD5 b02c156b29b33f0adadefc90afcff634
SHA1 16adfc52a5a5a6587c6030dc398ef2640e906574
SHA256 b419824c6e3f1db652ec9895a4f4425d51d9f39983a4356e3ad9c689d496c32e
SHA512 360f5c293b7e94d82d93227d14189527433455deb0dc9ec712f9dabdb4d9bbf89ee2e77e1f1475f23249bc72be9d1c6f736221c287c5c13bf636130873df9093

C:\Windows\System\iGmZfSd.exe

MD5 fb5bdc6270833613524d2541297414de
SHA1 cf36cca17429cfecfc7defd23c16a83a1902f43f
SHA256 f924a2d26b9855c308a095e166cc39cbe1848ff402a46e247cf0aa56041928e4
SHA512 92685e11fd0896125d80a707b4d4f09ee39687454bcbbf782dd8bc844ae98ee1ac868e9b1b92ebcee34c8bb2bd6d2305682aa79f1d26776218e134c40bed9a59

C:\Windows\System\QjRpsEA.exe

MD5 2d0a4093ecd16261c96d4fedf25d5912
SHA1 45d8f33229f7119abb47e256e60418041433c3ef
SHA256 f3fa523fce1d1fda6e16d600fa1898068dbfc7ea581d8d10aba3f07d9b95b215
SHA512 597b2f67c55d1b1fd348e03569c6694174a4a65f1493cbb96bc6acc174c5eb821b167fde3df9c38522fe10b2783338ca41354a599eb6b27de46112da8210c67a

C:\Windows\System\NPpNskp.exe

MD5 1a72ab7d18cb8d38af19427f3ed85122
SHA1 1c0baa20ca3a96fcc6099793535274af4b5cec3a
SHA256 cce4e930d417d997d1a6d7759349b5cda0a437b56b51b74dd2625d64f39a2689
SHA512 56d72e58fb1a3c8a61140f833004397c82bb4e4feb3e1be14a3b1de7739cd79a72e154e1e9509586916fd35b41e0d2751aafef69b015eafcbaa98b81476243dd

C:\Windows\System\rirJbwC.exe

MD5 bdc6c0a9838be55b3f14c7f07b6e56f1
SHA1 28d218f259e16f72ceb159193dff910de1503813
SHA256 5e9901c6cb46fd53ac6308fc3ba0edd23641168c25745fd3422a9c952133ae31
SHA512 f202fbe5ae8a69885961da51c75ab71f1b5014532069e0aabf19a973b243c5d697ab38fe31e21bb2ba78fc73227c6a174892ca8ea1e46b9a813e77a57e9516f1

C:\Windows\System\oqntUeN.exe

MD5 5d9e4bd5b5af9cdeb326bf727bd683c8
SHA1 305d3903f93b2d362474fc821aa5213768a0d78d
SHA256 9818fd175bf093680550435c08ed0c4321f393a208b33bb364cb2863c69e0e98
SHA512 217a15f074ad50df1628a0bb199437701ab9b2a4a85733b82a8f29a2d0f5d04d215bfe274695c00f60094fb20862d9cdf1dc8fbce571f11f0ed02fc856832958

C:\Windows\System\PeiJVNR.exe

MD5 7499b2291b4fd314fa7f51592ead2cb6
SHA1 db238144f42eca6cf8adff28648aa391207e56c4
SHA256 bf9db9e0d8a0b8248c70b489df51ebb45a4b7d04bd12cac8abf23891e539d745
SHA512 7da5aaa6ebda5a40ab54bcc494d4a447c385b75430449b3e9a000ea3f1143d4b5dc4111fb12bade6ea5dc39ab4b98cb973409f4d054e31de7cca0ca36efcf1e3

C:\Windows\System\vzghjgh.exe

MD5 311b92d75c937dcd5b73190212490c5e
SHA1 d85baa60a7bc77272c16e5e73fcc231ded4bfbf3
SHA256 03c0ae09ba61dfa7db16442ae3b41547c6bb5eed7720d40e8efc7a379d261a42
SHA512 bfd18f49a9483bbf7670d28f7e925b1d64f7569eee380f47d0bec0b184cb968de9af6d0b648df10a41d2178115f0f1062500a5241676e07f1832dbe20990d3da

C:\Windows\System\LDMKITq.exe

MD5 eadc896ed3e406610678727e3d945ade
SHA1 85c800cb0338ce213e4f739adc80f8252e07fa63
SHA256 3aec9d3ec3e2e7729ca0e4f49d9564ce5c9ca73a7f7233e73a6b59fbf3ceb69e
SHA512 f5324147833985d28e0f4e47c85be74883b77bc9a36afb6e65e7f7f40ac636f7c25d07395dc3e161e25081d7851b966f064bbd31da81d488290ef2db7b9ab980

C:\Windows\System\bwBXViM.exe

MD5 bff616e320f098f5ef328bf2a8f93e00
SHA1 76caad69980ebcbabbc910b2abfd74fd83747dab
SHA256 1e3df58c7fed06c39d344e74c651969afc3c38962ca1be414bc316db4687ce08
SHA512 af44e14dac8e66a4a391e11e5f97ce3b220c77200089219cafd49fc611d8eddc472cf8062e713dec6038bed2eb1338db2fa38dd52a6a1f6dc823a9a902046ca8

C:\Windows\System\iihDjZg.exe

MD5 dfb4b11df25f13d71256cbfaa80becd8
SHA1 fb2d5754878e91bb68bb9c332e7ed9a5eb1eee13
SHA256 c80f4c3e24dce1bad58af561a314cc19d04f599f1d29ae877a0ce568f2b8ba90
SHA512 5bec9ed90ab8942a9dc86203ee1d79d61a3841887f1fa9cefab8b1b2ad30284ba36efac6b4202a290cd1df6df461d0ddb940e457a8d97d84aef2dd346d6428f3

C:\Windows\System\uYhjuSM.exe

MD5 49ca51f7fbcab06aac08cfe2f19c2557
SHA1 4e6750b81aeafac310bd2055b7aa9013db7f70f5
SHA256 a8964aa3d10363218241b0c6d8c8b4dccf6f2f99bd394f228468140fae8413bd
SHA512 1c65f0a29c91f9b0218a65804cd9929d87c9301dfa9cc0ee39115615a029d9448b5e92f78dba1e757214fba0ae6379b91553e45818c198c9328a28098d6bc305

C:\Windows\System\esytMQu.exe

MD5 b5c002fecf180ed0e35b2436d024b766
SHA1 17de8f44d6bb825d74b2e20c0508fd109ff9c256
SHA256 b8123045ee21b9e48b3ab1a9e107521a77139f0ad2972ca62fc81278baefce6e
SHA512 ed8126d66151902cf329489b7aae82efd41c7d0ebed908bb5743fe296a92ba65f08ab02dc3704585741332f94190c818875f4d61b1eeace84039d40c0bc39d28

C:\Windows\System\xLwISyd.exe

MD5 2f2dd435b115710d87430c8b09e6a30d
SHA1 8b1683765bc2c09e8382fb1743e6aeb1c8e039e5
SHA256 aa7fbbbd9fbda37f3069ecb71d310ca7d3e0c61b52ee0cb0ed5faaa1743a6a2f
SHA512 c6c0234389ae8dfc878171d8d659e740cc87852f83ce6a65cd77986a77ad0378102aeacab1f715b880a4b263021a2a90d7a1facf90ab958a5e28d0bd90b85709

C:\Windows\System\Kfzbfbw.exe

MD5 60a8576e1df1dae9dd2a91fa8e549d6d
SHA1 4d482a7fbd066d91539798b8cfbac8612ce766b3
SHA256 8abdf55b7cee4fd90d2045a0f80894ea7289eea0c5c374bee02c2fff325aad7e
SHA512 850a2d7b3e8b81af056d6efd91f28fe16efc0136d350e19825fa4622a08786e936c08aec5beb7d1c676133a5b35151ee0c04a8add36177e881654bc7a0981ac6

C:\Windows\System\nxcLjgj.exe

MD5 8de3c052956fc47b6139aace2325f13e
SHA1 515eba819708e7e6f1efcbbcdbae648f9995e46f
SHA256 bb3e48544f8e22370c53a604ee6c889f8df65a43c103524b98508f0985b9e603
SHA512 a5f62031a852b02e9e6bc3ffa092c28f1f6dbcbd804cacda1f6d4c159aec3ea12f62369bfdcb9c3b7b66f164d36cb95f8375adc711a5b503665995fd0509ce35

C:\Windows\System\baUhBIM.exe

MD5 8eb7c6cbed1f76b95eaa84009022e985
SHA1 4d095bb1c0d66309f9c0dcb6d3a641a5bd7b6027
SHA256 7a863a202b0952d5d609635c99522fe12780d9ebc2b557e4cd720996b9725b61
SHA512 521b422dbff2310581a98ac8a9fed8c478aed999908d02082cb6f00b1ef675e8ee4c00581d43d043f6419114e24001574a7f9d64472f294d6a509daad860275e

C:\Windows\System\LzkijvO.exe

MD5 3a613c23bcd9b76b9bd5e08158951c4a
SHA1 dff470d9888368aa8612e42f3beff207b7fb794d
SHA256 e12d6dfaf8130cf8550246246111f262f76db6f5f00012033f31603295e9eda3
SHA512 106cdac920e98cc793b0a2e391ce6bce616963b4af62e14807a82f84c0b93ab36fbfa082e8a829c97ba73447aaf8b4a21a8e28ec8edb6fc524382d1deb176ba6

C:\Windows\System\fPHmMdQ.exe

MD5 c5de8ea73fc37e989963f376f2af35ba
SHA1 10532c872631157f9ff1f4c252e5a0d68e134daf
SHA256 ebb59ba9f545b9260a27baed1a493941e74e64cf49369fd0fe5fc3427e887798
SHA512 56ae15edda91454fda9867b9dc8a0462837326dacb4023e1548028f39cab71327fd7cabf995d6249dd4e6ee134fd36de966544cefa5844d6ce2105785320e355

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133743754279026490.txt

MD5 8f474e8ff027e3c366b417ffab73f270
SHA1 5d6f4c65ff8518e1ca26c40f81c22b16d76778ac
SHA256 7def31ddefe77cc71acf393ed6c86603fe3c501a14a06d65e02f4c887326266c
SHA512 ba198ace1daa2951b4158fe2c1bd9e87daedb3a9f2b492316c724df476fe1771c4a478c469cd353e793588c2e7f6fcaedd0ae3761ed9ffb42c24e24204109d3b