Technical Information
- [<HKLM>\Software\Classes\Paint.Picture\shell\open\command] '' = '"%TEMP%\MSPAINT.EXE" "%1"'
- %TEMP%\mspaint.exe
- %WINDIR%\syswow64\jeqgje.exe
- %WINDIR%\syswow64\zqodhx.exe
- %WINDIR%\syswow64\acbnit.exe
- %WINDIR%\syswow64\dpwiye.exe
- %WINDIR%\syswow64\fbjszs.exe
- %WINDIR%\syswow64\djwcnh.exe
- %WINDIR%\syswow64\vqxsmf.exe
- %WINDIR%\syswow64\pepuvz.exe
- %WINDIR%\syswow64\htpkmy.exe
- %WINDIR%\syswow64\bhimvr.exe
- %WINDIR%\syswow64\zfhejj.exe
- %WINDIR%\syswow64\uwczti.exe
- %WINDIR%\syswow64\ddptgw.exe
- %WINDIR%\syswow64\narbic.exe
- %WINDIR%\syswow64\cgleji.exe
- %WINDIR%\syswow64\ujsggc.exe
- %WINDIR%\syswow64\ljnqtr.exe
- %WINDIR%\syswow64\jhnihi.exe
- %WINDIR%\syswow64\fnxsva.exe
- %WINDIR%\syswow64\ogzdkf.exe
- %WINDIR%\syswow64\cihqtc.exe
- %WINDIR%\syswow64\xopcjk.exe
- %WINDIR%\syswow64\vexuxb.exe
- %WINDIR%\syswow64\paqxgn.exe
- %WINDIR%\syswow64\fmouef.exe
- %WINDIR%\syswow64\gpbffc.exe
- %WINDIR%\syswow64\juwbug.exe
- %WINDIR%\syswow64\rknqtx.exe
- %WINDIR%\syswow64\fcfnvl.exe
- %WINDIR%\syswow64\dudjld.exe
- %WINDIR%\syswow64\dzffju.exe
- %WINDIR%\syswow64\jaosmk.exe
- %WINDIR%\syswow64\hjzsut.exe
- %WINDIR%\syswow64\dpieka.exe
- %WINDIR%\syswow64\gzamph.exe
- %WINDIR%\syswow64\paaeqg.exe
- %WINDIR%\syswow64\qdfozu.exe
- %WINDIR%\syswow64\zsdmdv.exe
- %WINDIR%\syswow64\unblqz.exe
- %WINDIR%\syswow64\jpjqvg.exe
- %WINDIR%\syswow64\uppyuj.exe
- %WINDIR%\syswow64\iuiygk.exe
- %WINDIR%\syswow64\lnvbsv.exe
- %WINDIR%\syswow64\bulnaa.exe
- %WINDIR%\syswow64\nbhkdx.exe
- %WINDIR%\syswow64\ivnsqa.exe
- %WINDIR%\syswow64\eytsde.exe
- %WINDIR%\syswow64\rhpfaj.exe
- %WINDIR%\syswow64\khtumh.exe
- %WINDIR%\syswow64\ifsmay.exe
- %WINDIR%\syswow64\mlhhcb.exe
- %WINDIR%\syswow64\kxxest.exe
- %WINDIR%\syswow64\dpjumj.exe
- %WINDIR%\syswow64\ozabxf.exe
- %WINDIR%\syswow64\hdheuz.exe
- %WINDIR%\syswow64\fxdrxm.exe
- %WINDIR%\syswow64\nvcjsi.exe
- %WINDIR%\syswow64\ojfehv.exe
- %WINDIR%\syswow64\tosvtq.exe
- %WINDIR%\syswow64\tgpzhn.exe
- %WINDIR%\syswow64\fcjbwd.exe
- %WINDIR%\syswow64\jqqwyn.exe
- %WINDIR%\syswow64\hgpomw.exe
- %WINDIR%\syswow64\ircyvs.exe
- %WINDIR%\syswow64\ehgmbh.exe
- %WINDIR%\syswow64\xhjcmx.exe
- %WINDIR%\syswow64\nhwmam.exe
- %WINDIR%\syswow64\ghacmk.exe
- %WINDIR%\syswow64\ccgjzn.exe
- %WINDIR%\syswow64\vfvmni.exe
- %WINDIR%\syswow64\orkgkk.exe
- %WINDIR%\syswow64\euieav.exe
- %WINDIR%\syswow64\khdtjz.exe
- %WINDIR%\syswow64\cpwrli.exe
- %WINDIR%\syswow64\zuibst.exe
- %WINDIR%\syswow64\vwnqlk.exe
- %WINDIR%\syswow64\jgmtbu.exe
- %WINDIR%\syswow64\vbfvdz.exe
- %WINDIR%\syswow64\qeldqk.exe
- %WINDIR%\syswow64\gfyndr.exe
- %WINDIR%\syswow64\rtaiaq.exe
- %WINDIR%\syswow64\udthzk.exe
- %WINDIR%\syswow64\doukuv.exe
- %WINDIR%\syswow64\bxexrw.exe
- %TEMP%\uno.exe
- %TEMP%\cav.exe
- %WINDIR%\syswow64\gvdlnk.exe
- %WINDIR%\syswow64\aqewjw.exe
- %WINDIR%\syswow64\dojdtu.exe
- %WINDIR%\syswow64\nbuhbt.exe
- %WINDIR%\syswow64\twwnoj.exe
- %WINDIR%\syswow64\bthcmr.exe
- %WINDIR%\syswow64\xkcxwq.exe
- %WINDIR%\syswow64\sfhxjc.exe
- %WINDIR%\syswow64\oiffwf.exe
- %WINDIR%\syswow64\hofmne.exe
- %WINDIR%\syswow64\fxqmvn.exe
- %WINDIR%\syswow64\dybrei.exe
- %WINDIR%\syswow64\wuuuvu.exe
- %WINDIR%\syswow64\sanuhv.exe
- %WINDIR%\syswow64\ovkuuy.exe
- %WINDIR%\syswow64\jbbgko.exe
- %WINDIR%\syswow64\kluaes.exe
- %WINDIR%\syswow64\hrbgxy.exe
- %WINDIR%\syswow64\ykbbuj.exe
- %WINDIR%\syswow64\rkeqgz.exe
- %WINDIR%\syswow64\nfkqtc.exe
- %WINDIR%\syswow64\ipeqlp.exe
- %WINDIR%\syswow64\egzlvo.exe
- %WINDIR%\syswow64\slklqx.exe
- %WINDIR%\syswow64\kskshv.exe
- %WINDIR%\syswow64\ggtaoq.exe
- %WINDIR%\syswow64\uxpndv.exe
- %WINDIR%\syswow64\npbcxt.exe
- %WINDIR%\syswow64\tmbudd.exe
- %WINDIR%\syswow64\rkamru.exe
- %WINDIR%\syswow64\reoruf.exe
- %WINDIR%\syswow64\bgcsoa.exe
- %WINDIR%\syswow64\bxexrw.exe
- %WINDIR%\syswow64\nvcjsi.exe
- %WINDIR%\syswow64\ddptgw.exe
- %WINDIR%\syswow64\jeqgje.exe
- %WINDIR%\syswow64\zqodhx.exe
- %WINDIR%\syswow64\acbnit.exe
- %WINDIR%\syswow64\dpwiye.exe
- %WINDIR%\syswow64\fbjszs.exe
- %WINDIR%\syswow64\djwcnh.exe
- %WINDIR%\syswow64\vqxsmf.exe
- %WINDIR%\syswow64\pepuvz.exe
- %WINDIR%\syswow64\htpkmy.exe
- %WINDIR%\syswow64\bhimvr.exe
- %WINDIR%\syswow64\zfhejj.exe
- %WINDIR%\syswow64\uwczti.exe
- %WINDIR%\syswow64\narbic.exe
- %WINDIR%\syswow64\juwbug.exe
- %WINDIR%\syswow64\cgleji.exe
- %WINDIR%\syswow64\ujsggc.exe
- %WINDIR%\syswow64\ljnqtr.exe
- %WINDIR%\syswow64\jhnihi.exe
- %WINDIR%\syswow64\fnxsva.exe
- %WINDIR%\syswow64\ogzdkf.exe
- %WINDIR%\syswow64\cihqtc.exe
- %WINDIR%\syswow64\xopcjk.exe
- %WINDIR%\syswow64\vexuxb.exe
- %WINDIR%\syswow64\fmouef.exe
- %WINDIR%\syswow64\paqxgn.exe
- %WINDIR%\syswow64\ojfehv.exe
- %WINDIR%\syswow64\dudjld.exe
- %WINDIR%\syswow64\dzffju.exe
- %WINDIR%\syswow64\jaosmk.exe
- %WINDIR%\syswow64\hjzsut.exe
- %WINDIR%\syswow64\dpieka.exe
- %WINDIR%\syswow64\gzamph.exe
- %WINDIR%\syswow64\paaeqg.exe
- %WINDIR%\syswow64\qdfozu.exe
- %WINDIR%\syswow64\zsdmdv.exe
- %WINDIR%\syswow64\unblqz.exe
- %WINDIR%\syswow64\jpjqvg.exe
- %WINDIR%\syswow64\uppyuj.exe
- %WINDIR%\syswow64\iuiygk.exe
- %WINDIR%\syswow64\rknqtx.exe
- %WINDIR%\syswow64\jbbgko.exe
- %WINDIR%\syswow64\nbhkdx.exe
- %WINDIR%\syswow64\ivnsqa.exe
- %WINDIR%\syswow64\eytsde.exe
- %WINDIR%\syswow64\rhpfaj.exe
- %WINDIR%\syswow64\khtumh.exe
- %WINDIR%\syswow64\ifsmay.exe
- %WINDIR%\syswow64\mlhhcb.exe
- %WINDIR%\syswow64\kxxest.exe
- %WINDIR%\syswow64\dpjumj.exe
- %WINDIR%\syswow64\ozabxf.exe
- %WINDIR%\syswow64\hdheuz.exe
- %WINDIR%\syswow64\fxdrxm.exe
- %WINDIR%\syswow64\gpbffc.exe
- %WINDIR%\syswow64\lnvbsv.exe
- %WINDIR%\syswow64\tosvtq.exe
- %WINDIR%\syswow64\khdtjz.exe
- %WINDIR%\syswow64\fcjbwd.exe
- %WINDIR%\syswow64\jqqwyn.exe
- %WINDIR%\syswow64\hgpomw.exe
- %WINDIR%\syswow64\ircyvs.exe
- %WINDIR%\syswow64\ehgmbh.exe
- %WINDIR%\syswow64\xhjcmx.exe
- %WINDIR%\syswow64\nhwmam.exe
- %WINDIR%\syswow64\ghacmk.exe
- %WINDIR%\syswow64\ccgjzn.exe
- %WINDIR%\syswow64\vfvmni.exe
- %WINDIR%\syswow64\orkgkk.exe
- %WINDIR%\syswow64\euieav.exe
- %WINDIR%\syswow64\cpwrli.exe
- %WINDIR%\syswow64\gvdlnk.exe
- %WINDIR%\syswow64\zuibst.exe
- %WINDIR%\syswow64\vwnqlk.exe
- %WINDIR%\syswow64\jgmtbu.exe
- %WINDIR%\syswow64\vbfvdz.exe
- %WINDIR%\syswow64\qeldqk.exe
- %WINDIR%\syswow64\gfyndr.exe
- %WINDIR%\syswow64\rtaiaq.exe
- %WINDIR%\syswow64\udthzk.exe
- %WINDIR%\syswow64\doukuv.exe
- %WINDIR%\syswow64\tgpzhn.exe
- %WINDIR%\syswow64\nbuhbt.exe
- %WINDIR%\syswow64\reoruf.exe
- %WINDIR%\syswow64\rkamru.exe
- %WINDIR%\syswow64\kluaes.exe
- %WINDIR%\syswow64\tmbudd.exe
- %WINDIR%\syswow64\dojdtu.exe
- %WINDIR%\syswow64\twwnoj.exe
- %WINDIR%\syswow64\bthcmr.exe
- %WINDIR%\syswow64\xkcxwq.exe
- %WINDIR%\syswow64\sfhxjc.exe
- %WINDIR%\syswow64\oiffwf.exe
- %WINDIR%\syswow64\hofmne.exe
- %WINDIR%\syswow64\fxqmvn.exe
- %WINDIR%\syswow64\dybrei.exe
- %WINDIR%\syswow64\wuuuvu.exe
- %WINDIR%\syswow64\sanuhv.exe
- %WINDIR%\syswow64\bulnaa.exe
- %WINDIR%\syswow64\fcfnvl.exe
- %WINDIR%\syswow64\hrbgxy.exe
- %WINDIR%\syswow64\aqewjw.exe
- %WINDIR%\syswow64\ykbbuj.exe
- %WINDIR%\syswow64\rkeqgz.exe
- %WINDIR%\syswow64\nfkqtc.exe
- %WINDIR%\syswow64\ipeqlp.exe
- %WINDIR%\syswow64\egzlvo.exe
- %WINDIR%\syswow64\slklqx.exe
- %WINDIR%\syswow64\kskshv.exe
- %WINDIR%\syswow64\ggtaoq.exe
- %WINDIR%\syswow64\uxpndv.exe
- %WINDIR%\syswow64\npbcxt.exe
- %WINDIR%\syswow64\ovkuuy.exe
- %WINDIR%\syswow64\bgcsoa.exe
- '%TEMP%\mspaint.exe'
- '%WINDIR%\syswow64\uwczti.exe' 704 "%WINDIR%\SysWOW64\narbic.exe"
- '%WINDIR%\syswow64\rhpfaj.exe' 800 "%WINDIR%\SysWOW64\khtumh.exe"
- '%WINDIR%\syswow64\vexuxb.exe' 660 "%WINDIR%\SysWOW64\paqxgn.exe"
- '%WINDIR%\syswow64\xopcjk.exe' 664 "%WINDIR%\SysWOW64\vexuxb.exe"
- '%WINDIR%\syswow64\cihqtc.exe' 668 "%WINDIR%\SysWOW64\xopcjk.exe"
- '%WINDIR%\syswow64\ogzdkf.exe' 672 "%WINDIR%\SysWOW64\cihqtc.exe"
- '%WINDIR%\syswow64\fnxsva.exe' 676 "%WINDIR%\SysWOW64\ogzdkf.exe"
- '%WINDIR%\syswow64\jhnihi.exe' 680 "%WINDIR%\SysWOW64\fnxsva.exe"
- '%WINDIR%\syswow64\ljnqtr.exe' 684 "%WINDIR%\SysWOW64\jhnihi.exe"
- '%WINDIR%\syswow64\ujsggc.exe' 688 "%WINDIR%\SysWOW64\ljnqtr.exe"
- '%WINDIR%\syswow64\cgleji.exe' 692 "%WINDIR%\SysWOW64\ujsggc.exe"
- '%WINDIR%\syswow64\juwbug.exe' 696 "%WINDIR%\SysWOW64\cgleji.exe"
- '%WINDIR%\syswow64\fxqmvn.exe' 604 "%WINDIR%\SysWOW64\dybrei.exe"
- '%WINDIR%\syswow64\narbic.exe' 700 "%WINDIR%\SysWOW64\juwbug.exe"
- '%WINDIR%\syswow64\pepuvz.exe' 720 "%WINDIR%\SysWOW64\htpkmy.exe"
- '%WINDIR%\syswow64\bhimvr.exe' 712 "%WINDIR%\SysWOW64\zfhejj.exe"
- '%WINDIR%\syswow64\fmouef.exe' 652 "%WINDIR%\SysWOW64\gpbffc.exe"
- '%WINDIR%\syswow64\gpbffc.exe' 648 "%WINDIR%\SysWOW64\lnvbsv.exe"
- '%WINDIR%\syswow64\lnvbsv.exe' 644 "%WINDIR%\SysWOW64\tosvtq.exe"
- '%WINDIR%\syswow64\tosvtq.exe' 640 "%WINDIR%\SysWOW64\kluaes.exe"
- '%WINDIR%\syswow64\aqewjw.exe' 576 "%WINDIR%\SysWOW64\ykbbuj.exe"
- '%WINDIR%\syswow64\hrbgxy.exe' 580 "%WINDIR%\SysWOW64\aqewjw.exe"
- '%WINDIR%\syswow64\jbbgko.exe' 584 "%WINDIR%\SysWOW64\hrbgxy.exe"
- '%WINDIR%\syswow64\ovkuuy.exe' 588 "%WINDIR%\SysWOW64\jbbgko.exe"
- '%WINDIR%\syswow64\sanuhv.exe' 592 "%WINDIR%\SysWOW64\ovkuuy.exe"
- '%WINDIR%\syswow64\wuuuvu.exe' 596 "%WINDIR%\SysWOW64\sanuhv.exe"
- '%WINDIR%\syswow64\zfhejj.exe' 708 "%WINDIR%\SysWOW64\uwczti.exe"
- '%WINDIR%\syswow64\dybrei.exe' 600 "%WINDIR%\SysWOW64\wuuuvu.exe"
- '%WINDIR%\syswow64\htpkmy.exe' 716 "%WINDIR%\SysWOW64\bhimvr.exe"
- '%WINDIR%\syswow64\oiffwf.exe' 612 "%WINDIR%\SysWOW64\hofmne.exe"
- '%WINDIR%\syswow64\vqxsmf.exe' 724 "%WINDIR%\SysWOW64\pepuvz.exe"
- '%WINDIR%\syswow64\bulnaa.exe' 820 "%WINDIR%\SysWOW64\rknqtx.exe"
- '%WINDIR%\syswow64\rknqtx.exe' 816 "%WINDIR%\SysWOW64\nbhkdx.exe"
- '%WINDIR%\syswow64\fbjszs.exe' 732 "%WINDIR%\SysWOW64\djwcnh.exe"
- '%WINDIR%\syswow64\djwcnh.exe' 728 "%WINDIR%\SysWOW64\vqxsmf.exe"
- '%WINDIR%\syswow64\kluaes.exe' 636 "%WINDIR%\SysWOW64\dojdtu.exe"
- '%WINDIR%\syswow64\hofmne.exe' 608 "%WINDIR%\SysWOW64\fxqmvn.exe"
- '%WINDIR%\syswow64\dojdtu.exe' 632 "%WINDIR%\SysWOW64\twwnoj.exe"
- '%WINDIR%\syswow64\twwnoj.exe' 628 "%WINDIR%\SysWOW64\bthcmr.exe"
- '%WINDIR%\syswow64\bthcmr.exe' 624 "%WINDIR%\SysWOW64\xkcxwq.exe"
- '%WINDIR%\syswow64\xkcxwq.exe' 620 "%WINDIR%\SysWOW64\sfhxjc.exe"
- '%WINDIR%\syswow64\sfhxjc.exe' 616 "%WINDIR%\SysWOW64\oiffwf.exe"
- '%WINDIR%\syswow64\ykbbuj.exe' 572 "%WINDIR%\SysWOW64\rkeqgz.exe"
- '%WINDIR%\syswow64\iuiygk.exe' 824 "%WINDIR%\SysWOW64\bulnaa.exe"
- '%WINDIR%\syswow64\uppyuj.exe' 828 "%WINDIR%\SysWOW64\iuiygk.exe"
- '%WINDIR%\syswow64\jpjqvg.exe' 832 "%WINDIR%\SysWOW64\uppyuj.exe"
- '%WINDIR%\syswow64\zsdmdv.exe' 840 "%WINDIR%\SysWOW64\unblqz.exe"
- '%WINDIR%\syswow64\nbhkdx.exe' 812 "%WINDIR%\SysWOW64\ivnsqa.exe"
- '%WINDIR%\syswow64\qdfozu.exe' 844 "%WINDIR%\SysWOW64\zsdmdv.exe"
- '%WINDIR%\syswow64\dpieka.exe' 856 "%WINDIR%\SysWOW64\gzamph.exe"
- '%WINDIR%\syswow64\hjzsut.exe' 860 "%WINDIR%\SysWOW64\dpieka.exe"
- '%WINDIR%\syswow64\jaosmk.exe' 864 "%WINDIR%\SysWOW64\hjzsut.exe"
- '%WINDIR%\syswow64\dzffju.exe' 868 "%WINDIR%\SysWOW64\jaosmk.exe"
- '%WINDIR%\syswow64\fcfnvl.exe' 872 "%WINDIR%\SysWOW64\dzffju.exe"
- '%WINDIR%\syswow64\bgcsoa.exe' 876 "%WINDIR%\SysWOW64\fcfnvl.exe"
- '%WINDIR%\syswow64\paaeqg.exe' 848 "%WINDIR%\SysWOW64\qdfozu.exe"
- '%WINDIR%\syswow64\unblqz.exe' 836 "%WINDIR%\SysWOW64\jpjqvg.exe"
- '%WINDIR%\syswow64\ivnsqa.exe' 808 "%WINDIR%\SysWOW64\eytsde.exe"
- '%WINDIR%\syswow64\gzamph.exe' 852 "%WINDIR%\SysWOW64\paaeqg.exe"
- '%WINDIR%\syswow64\dpwiye.exe' 736 "%WINDIR%\SysWOW64\fbjszs.exe"
- '%WINDIR%\syswow64\zqodhx.exe' 744 "%WINDIR%\SysWOW64\acbnit.exe"
- '%WINDIR%\syswow64\jeqgje.exe' 748 "%WINDIR%\SysWOW64\zqodhx.exe"
- '%WINDIR%\syswow64\ddptgw.exe' 752 "%WINDIR%\SysWOW64\jeqgje.exe"
- '%WINDIR%\syswow64\nvcjsi.exe' 756 "%WINDIR%\SysWOW64\ddptgw.exe"
- '%WINDIR%\syswow64\ojfehv.exe' 760 "%WINDIR%\SysWOW64\nvcjsi.exe"
- '%WINDIR%\syswow64\eytsde.exe' 804 "%WINDIR%\SysWOW64\rhpfaj.exe"
- '%WINDIR%\syswow64\dudjld.exe' 764 "%WINDIR%\SysWOW64\ojfehv.exe"
- '%WINDIR%\syswow64\hdheuz.exe' 772 "%WINDIR%\SysWOW64\fxdrxm.exe"
- '%WINDIR%\syswow64\ozabxf.exe' 776 "%WINDIR%\SysWOW64\hdheuz.exe"
- '%WINDIR%\syswow64\dpjumj.exe' 780 "%WINDIR%\SysWOW64\ozabxf.exe"
- '%WINDIR%\syswow64\kxxest.exe' 784 "%WINDIR%\SysWOW64\dpjumj.exe"
- '%WINDIR%\syswow64\khtumh.exe' 796 "%WINDIR%\SysWOW64\ifsmay.exe"
- '%WINDIR%\syswow64\ifsmay.exe' 792 "%WINDIR%\SysWOW64\mlhhcb.exe"
- '%WINDIR%\syswow64\khdtjz.exe' 512 "%WINDIR%\SysWOW64\fcjbwd.exe"
- '%WINDIR%\syswow64\rkeqgz.exe' 568 "%WINDIR%\SysWOW64\nfkqtc.exe"
- '%WINDIR%\syswow64\paqxgn.exe' 656 "%WINDIR%\SysWOW64\fmouef.exe"
- '%WINDIR%\syswow64\nfkqtc.exe' 564 "%WINDIR%\SysWOW64\ipeqlp.exe"
- '%WINDIR%\syswow64\tmbudd.exe' 532 "%WINDIR%\SysWOW64\rkamru.exe"
- '%WINDIR%\syswow64\rkamru.exe' 528 "%WINDIR%\SysWOW64\nbuhbt.exe"
- '%WINDIR%\syswow64\rtaiaq.exe' 428 "%WINDIR%\SysWOW64\udthzk.exe"
- '%WINDIR%\syswow64\nbuhbt.exe' 524 "%WINDIR%\SysWOW64\tgpzhn.exe"
- '%WINDIR%\syswow64\gfyndr.exe' 432 "%WINDIR%\SysWOW64\rtaiaq.exe"
- '%WINDIR%\syswow64\tgpzhn.exe' 520 "%WINDIR%\SysWOW64\reoruf.exe"
- '%WINDIR%\syswow64\reoruf.exe' 516 "%WINDIR%\SysWOW64\khdtjz.exe"
- '%WINDIR%\syswow64\vbfvdz.exe' 440 "%WINDIR%\SysWOW64\qeldqk.exe"
- '%WINDIR%\syswow64\fcjbwd.exe' 508 "%WINDIR%\SysWOW64\jqqwyn.exe"
- '%WINDIR%\syswow64\fxdrxm.exe' 768 "%WINDIR%\SysWOW64\dudjld.exe"
- '%WINDIR%\syswow64\acbnit.exe' 740 "%WINDIR%\SysWOW64\dpwiye.exe"
- '%WINDIR%\syswow64\mlhhcb.exe' 788 "%WINDIR%\SysWOW64\kxxest.exe"
- '%WINDIR%\syswow64\nhwmam.exe' 484 "%WINDIR%\SysWOW64\ghacmk.exe"
- '%WINDIR%\syswow64\udthzk.exe' 424 "%WINDIR%\SysWOW64\doukuv.exe"
- '%WINDIR%\syswow64\jgmtbu.exe' 444 "%WINDIR%\SysWOW64\vbfvdz.exe"
- '%WINDIR%\syswow64\hgpomw.exe' 500 "%WINDIR%\SysWOW64\ircyvs.exe"
- '%WINDIR%\syswow64\zuibst.exe' 452 "%WINDIR%\SysWOW64\vwnqlk.exe"
- '%WINDIR%\syswow64\ircyvs.exe' 496 "%WINDIR%\SysWOW64\ehgmbh.exe"
- '%WINDIR%\syswow64\gvdlnk.exe' 456 "%WINDIR%\SysWOW64\zuibst.exe"
- '%WINDIR%\syswow64\ehgmbh.exe' 492 "%WINDIR%\SysWOW64\xhjcmx.exe"
- '%WINDIR%\syswow64\xhjcmx.exe' 488 "%WINDIR%\SysWOW64\nhwmam.exe"
- '%WINDIR%\syswow64\cpwrli.exe' 460 "%WINDIR%\SysWOW64\gvdlnk.exe"
- '%WINDIR%\syswow64\euieav.exe' 464 "%WINDIR%\SysWOW64\cpwrli.exe"
- '%WINDIR%\syswow64\ghacmk.exe' 480 "%WINDIR%\SysWOW64\ccgjzn.exe"
- '%WINDIR%\syswow64\orkgkk.exe' 468 "%WINDIR%\SysWOW64\euieav.exe"
- '%WINDIR%\syswow64\npbcxt.exe' 536 "%WINDIR%\SysWOW64\tmbudd.exe"
- '%WINDIR%\syswow64\jqqwyn.exe' 504 "%WINDIR%\SysWOW64\hgpomw.exe"
- '%WINDIR%\syswow64\ccgjzn.exe' 476 "%WINDIR%\SysWOW64\vfvmni.exe"
- '%WINDIR%\syswow64\qeldqk.exe' 436 "%WINDIR%\SysWOW64\gfyndr.exe"
- '%WINDIR%\syswow64\vwnqlk.exe' 448 "%WINDIR%\SysWOW64\jgmtbu.exe"
- '%WINDIR%\syswow64\doukuv.exe' 420 "%WINDIR%\SysWOW64\bxexrw.exe"
- '%WINDIR%\syswow64\uxpndv.exe' 540 "%WINDIR%\SysWOW64\npbcxt.exe"
- '%WINDIR%\syswow64\ggtaoq.exe' 544 "%WINDIR%\SysWOW64\uxpndv.exe"
- '%WINDIR%\syswow64\ipeqlp.exe' 560 "%WINDIR%\SysWOW64\egzlvo.exe"
- '%WINDIR%\syswow64\slklqx.exe' 552 "%WINDIR%\SysWOW64\kskshv.exe"
- '%WINDIR%\syswow64\bxexrw.exe' 416 "%TEMP%\uno.exe"
- '%WINDIR%\syswow64\egzlvo.exe' 556 "%WINDIR%\SysWOW64\slklqx.exe"
- '%WINDIR%\syswow64\kskshv.exe' 548 "%WINDIR%\SysWOW64\ggtaoq.exe"
- '%TEMP%\cav.exe'
- '%WINDIR%\syswow64\vfvmni.exe' 472 "%WINDIR%\SysWOW64\orkgkk.exe"
- '%TEMP%\uno.exe'
- '%WINDIR%\syswow64\kpnfbv.exe' 916 "%WINDIR%\SysWOW64\pvipbb.exe"' (with hidden window)
- '%WINDIR%\syswow64\ojfehv.exe' 760 "%WINDIR%\SysWOW64\nvcjsi.exe"' (with hidden window)
- '%WINDIR%\syswow64\zuibst.exe' 452 "%WINDIR%\SysWOW64\vwnqlk.exe"' (with hidden window)
- '%WINDIR%\syswow64\trsrek.exe' 892 "%WINDIR%\SysWOW64\onmdvy.exe"' (with hidden window)
- '%WINDIR%\syswow64\mlhhcb.exe' 788 "%WINDIR%\SysWOW64\kxxest.exe"' (with hidden window)
- '%WINDIR%\syswow64\orkgkk.exe' 468 "%WINDIR%\SysWOW64\euieav.exe"' (with hidden window)
- '%WINDIR%\syswow64\gzamph.exe' 852 "%WINDIR%\SysWOW64\paaeqg.exe"' (with hidden window)
- '%WINDIR%\syswow64\ifsmay.exe' 792 "%WINDIR%\SysWOW64\mlhhcb.exe"' (with hidden window)
- '%WINDIR%\syswow64\cfpqzm.exe' 884 "%WINDIR%\SysWOW64\sronpf.exe"' (with hidden window)
- '%WINDIR%\syswow64\khtumh.exe' 796 "%WINDIR%\SysWOW64\ifsmay.exe"' (with hidden window)
- '%WINDIR%\syswow64\kxxest.exe' 784 "%WINDIR%\SysWOW64\dpjumj.exe"' (with hidden window)
- '%WINDIR%\syswow64\fvvhpq.exe' 908 "%WINDIR%\SysWOW64\tiozjr.exe"' (with hidden window)
- '%WINDIR%\syswow64\ddptgw.exe' 752 "%WINDIR%\SysWOW64\jeqgje.exe"' (with hidden window)
- '%WINDIR%\syswow64\gvdlnk.exe' 456 "%WINDIR%\SysWOW64\zuibst.exe"' (with hidden window)
- '%WINDIR%\syswow64\sronpf.exe' 880 "%WINDIR%\SysWOW64\bgcsoa.exe"' (with hidden window)
- '%WINDIR%\syswow64\hjzsut.exe' 860 "%WINDIR%\SysWOW64\dpieka.exe"' (with hidden window)
- '%WINDIR%\syswow64\pajutq.exe' 900 "%WINDIR%\SysWOW64\arocsm.exe"' (with hidden window)
- '%WINDIR%\syswow64\pvipbb.exe' 912 "%WINDIR%\SysWOW64\fvvhpq.exe"' (with hidden window)
- '%WINDIR%\syswow64\ozabxf.exe' 776 "%WINDIR%\SysWOW64\hdheuz.exe"' (with hidden window)
- '%WINDIR%\syswow64\cpwrli.exe' 460 "%WINDIR%\SysWOW64\gvdlnk.exe"' (with hidden window)
- '%WINDIR%\syswow64\tiozjr.exe' 904 "%WINDIR%\SysWOW64\pajutq.exe"' (with hidden window)
- '%WINDIR%\syswow64\dudjld.exe' 764 "%WINDIR%\SysWOW64\ojfehv.exe"' (with hidden window)
- '%WINDIR%\syswow64\hdheuz.exe' 772 "%WINDIR%\SysWOW64\fxdrxm.exe"' (with hidden window)
- '%WINDIR%\syswow64\fxdrxm.exe' 768 "%WINDIR%\SysWOW64\dudjld.exe"' (with hidden window)
- '%WINDIR%\syswow64\euieav.exe' 464 "%WINDIR%\SysWOW64\cpwrli.exe"' (with hidden window)
- '%WINDIR%\syswow64\vwnqlk.exe' 448 "%WINDIR%\SysWOW64\jgmtbu.exe"' (with hidden window)
- '%WINDIR%\syswow64\eytsde.exe' 804 "%WINDIR%\SysWOW64\rhpfaj.exe"' (with hidden window)
- '%WINDIR%\syswow64\dpjumj.exe' 780 "%WINDIR%\SysWOW64\ozabxf.exe"' (with hidden window)
- '%WINDIR%\syswow64\arocsm.exe' 896 "%WINDIR%\SysWOW64\trsrek.exe"' (with hidden window)
- '%WINDIR%\syswow64\paaeqg.exe' 848 "%WINDIR%\SysWOW64\qdfozu.exe"' (with hidden window)
- '%WINDIR%\syswow64\zsdmdv.exe' 840 "%WINDIR%\SysWOW64\unblqz.exe"' (with hidden window)
- '%WINDIR%\syswow64\qdfozu.exe' 844 "%WINDIR%\SysWOW64\zsdmdv.exe"' (with hidden window)
- '%WINDIR%\syswow64\tmbudd.exe' 532 "%WINDIR%\SysWOW64\rkamru.exe"' (with hidden window)
- '%WINDIR%\syswow64\bxexrw.exe' 416 "%TEMP%\uno.exe"' (with hidden window)
- '%WINDIR%\syswow64\rtaiaq.exe' 428 "%WINDIR%\SysWOW64\udthzk.exe"' (with hidden window)
- '%WINDIR%\syswow64\jaosmk.exe' 864 "%WINDIR%\SysWOW64\hjzsut.exe"' (with hidden window)
- '%WINDIR%\syswow64\unblqz.exe' 836 "%WINDIR%\SysWOW64\jpjqvg.exe"' (with hidden window)
- '%WINDIR%\syswow64\jpjqvg.exe' 832 "%WINDIR%\SysWOW64\uppyuj.exe"' (with hidden window)
- '%WINDIR%\syswow64\gfyndr.exe' 432 "%WINDIR%\SysWOW64\rtaiaq.exe"' (with hidden window)
- '%WINDIR%\syswow64\rhpfaj.exe' 800 "%WINDIR%\SysWOW64\khtumh.exe"' (with hidden window)
- '%WINDIR%\syswow64\uppyuj.exe' 828 "%WINDIR%\SysWOW64\iuiygk.exe"' (with hidden window)
- '%WINDIR%\syswow64\iuiygk.exe' 824 "%WINDIR%\SysWOW64\bulnaa.exe"' (with hidden window)
- '%WINDIR%\syswow64\qeldqk.exe' 436 "%WINDIR%\SysWOW64\gfyndr.exe"' (with hidden window)
- '%WINDIR%\syswow64\dzffju.exe' 868 "%WINDIR%\SysWOW64\jaosmk.exe"' (with hidden window)
- '%WINDIR%\syswow64\bulnaa.exe' 820 "%WINDIR%\SysWOW64\rknqtx.exe"' (with hidden window)
- '%WINDIR%\syswow64\rknqtx.exe' 816 "%WINDIR%\SysWOW64\nbhkdx.exe"' (with hidden window)
- '%WINDIR%\syswow64\fcfnvl.exe' 872 "%WINDIR%\SysWOW64\dzffju.exe"' (with hidden window)
- '%WINDIR%\syswow64\vbfvdz.exe' 440 "%WINDIR%\SysWOW64\qeldqk.exe"' (with hidden window)
- '%WINDIR%\syswow64\nbhkdx.exe' 812 "%WINDIR%\SysWOW64\ivnsqa.exe"' (with hidden window)
- '%WINDIR%\syswow64\ivnsqa.exe' 808 "%WINDIR%\SysWOW64\eytsde.exe"' (with hidden window)
- '%WINDIR%\syswow64\jgmtbu.exe' 444 "%WINDIR%\SysWOW64\vbfvdz.exe"' (with hidden window)
- '%WINDIR%\syswow64\dpieka.exe' 856 "%WINDIR%\SysWOW64\gzamph.exe"' (with hidden window)
- '%WINDIR%\syswow64\bgcsoa.exe' 876 "%WINDIR%\SysWOW64\fcfnvl.exe"' (with hidden window)
- '%WINDIR%\syswow64\nvcjsi.exe' 756 "%WINDIR%\SysWOW64\ddptgw.exe"' (with hidden window)
- '%WINDIR%\syswow64\doukuv.exe' 420 "%WINDIR%\SysWOW64\bxexrw.exe"' (with hidden window)
- '%WINDIR%\syswow64\fbjszs.exe' 732 "%WINDIR%\SysWOW64\djwcnh.exe"' (with hidden window)
- '%WINDIR%\syswow64\vfvmni.exe' 472 "%WINDIR%\SysWOW64\orkgkk.exe"' (with hidden window)
- '%WINDIR%\syswow64\sfhxjc.exe' 616 "%WINDIR%\SysWOW64\oiffwf.exe"' (with hidden window)
- '%WINDIR%\syswow64\npbcxt.exe' 536 "%WINDIR%\SysWOW64\tmbudd.exe"' (with hidden window)
- '%WINDIR%\syswow64\xkcxwq.exe' 620 "%WINDIR%\SysWOW64\sfhxjc.exe"' (with hidden window)
- '%WINDIR%\syswow64\bthcmr.exe' 624 "%WINDIR%\SysWOW64\xkcxwq.exe"' (with hidden window)
- '%WINDIR%\syswow64\udthzk.exe' 424 "%WINDIR%\SysWOW64\doukuv.exe"' (with hidden window)
- '%WINDIR%\syswow64\onmdvy.exe' 888 "%WINDIR%\SysWOW64\cfpqzm.exe"' (with hidden window)
- '%WINDIR%\syswow64\kskshv.exe' 548 "%WINDIR%\SysWOW64\ggtaoq.exe"' (with hidden window)
- '%WINDIR%\syswow64\xhjcmx.exe' 488 "%WINDIR%\SysWOW64\nhwmam.exe"' (with hidden window)
- '%WINDIR%\syswow64\bhimvr.exe' 712 "%WINDIR%\SysWOW64\zfhejj.exe"' (with hidden window)
- '%WINDIR%\syswow64\nbuhbt.exe' 524 "%WINDIR%\SysWOW64\tgpzhn.exe"' (with hidden window)
- '%WINDIR%\syswow64\lnvbsv.exe' 644 "%WINDIR%\SysWOW64\tosvtq.exe"' (with hidden window)
- '%WINDIR%\syswow64\gpbffc.exe' 648 "%WINDIR%\SysWOW64\lnvbsv.exe"' (with hidden window)
- '%WINDIR%\syswow64\tgpzhn.exe' 520 "%WINDIR%\SysWOW64\reoruf.exe"' (with hidden window)
- '%WINDIR%\syswow64\rkamru.exe' 528 "%WINDIR%\SysWOW64\nbuhbt.exe"' (with hidden window)
- '%WINDIR%\syswow64\fmouef.exe' 652 "%WINDIR%\SysWOW64\gpbffc.exe"' (with hidden window)
- '%WINDIR%\syswow64\uxpndv.exe' 540 "%WINDIR%\SysWOW64\npbcxt.exe"' (with hidden window)
- '%WINDIR%\syswow64\fxqmvn.exe' 604 "%WINDIR%\SysWOW64\dybrei.exe"' (with hidden window)
- '%WINDIR%\syswow64\rkeqgz.exe' 568 "%WINDIR%\SysWOW64\nfkqtc.exe"' (with hidden window)
- '%WINDIR%\syswow64\ipeqlp.exe' 560 "%WINDIR%\SysWOW64\egzlvo.exe"' (with hidden window)
- '%WINDIR%\syswow64\ykbbuj.exe' 572 "%WINDIR%\SysWOW64\rkeqgz.exe"' (with hidden window)
- '%WINDIR%\syswow64\aqewjw.exe' 576 "%WINDIR%\SysWOW64\ykbbuj.exe"' (with hidden window)
- '%WINDIR%\syswow64\egzlvo.exe' 556 "%WINDIR%\SysWOW64\slklqx.exe"' (with hidden window)
- '%WINDIR%\syswow64\tosvtq.exe' 640 "%WINDIR%\SysWOW64\kluaes.exe"' (with hidden window)
- '%WINDIR%\syswow64\ggtaoq.exe' 544 "%WINDIR%\SysWOW64\uxpndv.exe"' (with hidden window)
- '%WINDIR%\syswow64\vexuxb.exe' 660 "%WINDIR%\SysWOW64\paqxgn.exe"' (with hidden window)
- '%WINDIR%\syswow64\hofmne.exe' 608 "%WINDIR%\SysWOW64\fxqmvn.exe"' (with hidden window)
- '%WINDIR%\syswow64\paqxgn.exe' 656 "%WINDIR%\SysWOW64\fmouef.exe"' (with hidden window)
- '%WINDIR%\syswow64\jaxipu.exe' 920 "%WINDIR%\SysWOW64\kpnfbv.exe"' (with hidden window)
- '%WINDIR%\syswow64\slklqx.exe' 552 "%WINDIR%\SysWOW64\kskshv.exe"' (with hidden window)
- '%WINDIR%\syswow64\kluaes.exe' 636 "%WINDIR%\SysWOW64\dojdtu.exe"' (with hidden window)
- '%WINDIR%\syswow64\dybrei.exe' 600 "%WINDIR%\SysWOW64\wuuuvu.exe"' (with hidden window)
- '%WINDIR%\syswow64\twwnoj.exe' 628 "%WINDIR%\SysWOW64\bthcmr.exe"' (with hidden window)
- '%WINDIR%\syswow64\sanuhv.exe' 592 "%WINDIR%\SysWOW64\ovkuuy.exe"' (with hidden window)
- '%WINDIR%\syswow64\wuuuvu.exe' 596 "%WINDIR%\SysWOW64\sanuhv.exe"' (with hidden window)
- '%WINDIR%\syswow64\ovkuuy.exe' 588 "%WINDIR%\SysWOW64\jbbgko.exe"' (with hidden window)
- '%WINDIR%\syswow64\jbbgko.exe' 584 "%WINDIR%\SysWOW64\hrbgxy.exe"' (with hidden window)
- '%WINDIR%\syswow64\hrbgxy.exe' 580 "%WINDIR%\SysWOW64\aqewjw.exe"' (with hidden window)
- '%WINDIR%\syswow64\htpkmy.exe' 716 "%WINDIR%\SysWOW64\bhimvr.exe"' (with hidden window)
- '%WINDIR%\syswow64\juwbug.exe' 696 "%WINDIR%\SysWOW64\cgleji.exe"' (with hidden window)
- '%WINDIR%\syswow64\pepuvz.exe' 720 "%WINDIR%\SysWOW64\htpkmy.exe"' (with hidden window)
- '%WINDIR%\syswow64\vqxsmf.exe' 724 "%WINDIR%\SysWOW64\pepuvz.exe"' (with hidden window)
- '%WINDIR%\syswow64\nhwmam.exe' 484 "%WINDIR%\SysWOW64\ghacmk.exe"' (with hidden window)
- '%WINDIR%\syswow64\ehgmbh.exe' 492 "%WINDIR%\SysWOW64\xhjcmx.exe"' (with hidden window)
- '%WINDIR%\syswow64\djwcnh.exe' 728 "%WINDIR%\SysWOW64\vqxsmf.exe"' (with hidden window)
- '%WINDIR%\syswow64\ghacmk.exe' 480 "%WINDIR%\SysWOW64\ccgjzn.exe"' (with hidden window)
- '%WINDIR%\syswow64\dpwiye.exe' 736 "%WINDIR%\SysWOW64\fbjszs.exe"' (with hidden window)
- '%WINDIR%\syswow64\acbnit.exe' 740 "%WINDIR%\SysWOW64\dpwiye.exe"' (with hidden window)
- '%WINDIR%\syswow64\ccgjzn.exe' 476 "%WINDIR%\SysWOW64\vfvmni.exe"' (with hidden window)
- '%WINDIR%\syswow64\zqodhx.exe' 744 "%WINDIR%\SysWOW64\acbnit.exe"' (with hidden window)
- '%WINDIR%\syswow64\jeqgje.exe' 748 "%WINDIR%\SysWOW64\zqodhx.exe"' (with hidden window)
- '%WINDIR%\syswow64\nfkqtc.exe' 564 "%WINDIR%\SysWOW64\ipeqlp.exe"' (with hidden window)
- '%WINDIR%\syswow64\zfhejj.exe' 708 "%WINDIR%\SysWOW64\uwczti.exe"' (with hidden window)
- '%WINDIR%\syswow64\uwczti.exe' 704 "%WINDIR%\SysWOW64\narbic.exe"' (with hidden window)
- '%WINDIR%\syswow64\ircyvs.exe' 496 "%WINDIR%\SysWOW64\ehgmbh.exe"' (with hidden window)
- '%WINDIR%\syswow64\reoruf.exe' 516 "%WINDIR%\SysWOW64\khdtjz.exe"' (with hidden window)
- '%WINDIR%\syswow64\xopcjk.exe' 664 "%WINDIR%\SysWOW64\vexuxb.exe"' (with hidden window)
- '%WINDIR%\syswow64\cihqtc.exe' 668 "%WINDIR%\SysWOW64\xopcjk.exe"' (with hidden window)
- '%WINDIR%\syswow64\khdtjz.exe' 512 "%WINDIR%\SysWOW64\fcjbwd.exe"' (with hidden window)
- '%WINDIR%\syswow64\ogzdkf.exe' 672 "%WINDIR%\SysWOW64\cihqtc.exe"' (with hidden window)
- '%WINDIR%\syswow64\fnxsva.exe' 676 "%WINDIR%\SysWOW64\ogzdkf.exe"' (with hidden window)
- '%WINDIR%\syswow64\fcjbwd.exe' 508 "%WINDIR%\SysWOW64\jqqwyn.exe"' (with hidden window)
- '%WINDIR%\syswow64\jhnihi.exe' 680 "%WINDIR%\SysWOW64\fnxsva.exe"' (with hidden window)
- '%WINDIR%\syswow64\ljnqtr.exe' 684 "%WINDIR%\SysWOW64\jhnihi.exe"' (with hidden window)
- '%WINDIR%\syswow64\jqqwyn.exe' 504 "%WINDIR%\SysWOW64\hgpomw.exe"' (with hidden window)
- '%WINDIR%\syswow64\ujsggc.exe' 688 "%WINDIR%\SysWOW64\ljnqtr.exe"' (with hidden window)
- '%WINDIR%\syswow64\cgleji.exe' 692 "%WINDIR%\SysWOW64\ujsggc.exe"' (with hidden window)
- '%WINDIR%\syswow64\hgpomw.exe' 500 "%WINDIR%\SysWOW64\ircyvs.exe"' (with hidden window)
- '%WINDIR%\syswow64\narbic.exe' 700 "%WINDIR%\SysWOW64\juwbug.exe"' (with hidden window)
- '%WINDIR%\syswow64\dojdtu.exe' 632 "%WINDIR%\SysWOW64\twwnoj.exe"' (with hidden window)
- '%WINDIR%\syswow64\oiffwf.exe' 612 "%WINDIR%\SysWOW64\hofmne.exe"' (with hidden window)
- '%WINDIR%\syswow64\nfricq.exe' 924 "%WINDIR%\SysWOW64\jaxipu.exe"' (with hidden window)