Malware Analysis Report

2025-08-05 19:29

Sample ID 240518-j7xarabd55
Target b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe
SHA256 bfd9a3b0d9b42e5764a1cc3051b74ddc67d5f5a6d252a9812b3f86ad339d4612
Tags
miner upx xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bfd9a3b0d9b42e5764a1cc3051b74ddc67d5f5a6d252a9812b3f86ad339d4612

Threat Level: Known bad

The file b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 08:19

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 08:19

Reported

2024-05-18 08:21

Platform

win7-20240220-en

Max time kernel

120s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wpHSmgz.exe N/A
N/A N/A C:\Windows\System\VPMTbsg.exe N/A
N/A N/A C:\Windows\System\jzYfivw.exe N/A
N/A N/A C:\Windows\System\fkxaliG.exe N/A
N/A N/A C:\Windows\System\YugXXah.exe N/A
N/A N/A C:\Windows\System\pbloxoI.exe N/A
N/A N/A C:\Windows\System\dixlVfK.exe N/A
N/A N/A C:\Windows\System\UDClUXo.exe N/A
N/A N/A C:\Windows\System\YoGilKz.exe N/A
N/A N/A C:\Windows\System\ZvBlMzx.exe N/A
N/A N/A C:\Windows\System\OMOgkjA.exe N/A
N/A N/A C:\Windows\System\AYdPqql.exe N/A
N/A N/A C:\Windows\System\ydHYnAH.exe N/A
N/A N/A C:\Windows\System\YehlDmE.exe N/A
N/A N/A C:\Windows\System\rEBdsVh.exe N/A
N/A N/A C:\Windows\System\fkQLtka.exe N/A
N/A N/A C:\Windows\System\xjRBkgz.exe N/A
N/A N/A C:\Windows\System\mSVPbdS.exe N/A
N/A N/A C:\Windows\System\DuEdABn.exe N/A
N/A N/A C:\Windows\System\GUWkbxZ.exe N/A
N/A N/A C:\Windows\System\RAWrOjA.exe N/A
N/A N/A C:\Windows\System\WtfbCCP.exe N/A
N/A N/A C:\Windows\System\PFHdWvd.exe N/A
N/A N/A C:\Windows\System\vahCjdX.exe N/A
N/A N/A C:\Windows\System\zhHPYZu.exe N/A
N/A N/A C:\Windows\System\eHpXVCT.exe N/A
N/A N/A C:\Windows\System\ppGoLYg.exe N/A
N/A N/A C:\Windows\System\dIZDDki.exe N/A
N/A N/A C:\Windows\System\AUaEVnG.exe N/A
N/A N/A C:\Windows\System\afjTjYw.exe N/A
N/A N/A C:\Windows\System\LuQNfnX.exe N/A
N/A N/A C:\Windows\System\wibDZkS.exe N/A
N/A N/A C:\Windows\System\TKFrTxu.exe N/A
N/A N/A C:\Windows\System\HIUpqcK.exe N/A
N/A N/A C:\Windows\System\DKCoYpS.exe N/A
N/A N/A C:\Windows\System\YhZOZuE.exe N/A
N/A N/A C:\Windows\System\GMluauy.exe N/A
N/A N/A C:\Windows\System\kZuGjxR.exe N/A
N/A N/A C:\Windows\System\urXSQLX.exe N/A
N/A N/A C:\Windows\System\BCTBDPT.exe N/A
N/A N/A C:\Windows\System\XJpnACW.exe N/A
N/A N/A C:\Windows\System\MaOdtVh.exe N/A
N/A N/A C:\Windows\System\KfLqXAF.exe N/A
N/A N/A C:\Windows\System\IrFsikM.exe N/A
N/A N/A C:\Windows\System\IdOAPVs.exe N/A
N/A N/A C:\Windows\System\OUJTlqt.exe N/A
N/A N/A C:\Windows\System\SjKwERO.exe N/A
N/A N/A C:\Windows\System\AiBavbR.exe N/A
N/A N/A C:\Windows\System\MZVEabS.exe N/A
N/A N/A C:\Windows\System\AzWfkBD.exe N/A
N/A N/A C:\Windows\System\MIYdbJs.exe N/A
N/A N/A C:\Windows\System\sQjYEKz.exe N/A
N/A N/A C:\Windows\System\knFmGXB.exe N/A
N/A N/A C:\Windows\System\IULctRj.exe N/A
N/A N/A C:\Windows\System\wQdEBsv.exe N/A
N/A N/A C:\Windows\System\LJDCLpp.exe N/A
N/A N/A C:\Windows\System\yeVvYEm.exe N/A
N/A N/A C:\Windows\System\DCfHcPi.exe N/A
N/A N/A C:\Windows\System\mboSoIp.exe N/A
N/A N/A C:\Windows\System\nkYvhSa.exe N/A
N/A N/A C:\Windows\System\UpmbWUJ.exe N/A
N/A N/A C:\Windows\System\UjsONaI.exe N/A
N/A N/A C:\Windows\System\gvGJDAu.exe N/A
N/A N/A C:\Windows\System\UauAWTm.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\tzFQGzk.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKQjUoq.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GqysKeg.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WHhyrHq.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\vPVnmIp.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\KjfjKvl.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwOUbex.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\wXZSfIQ.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XDIGmfC.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYsUrwf.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTPhSUM.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\JwxNBfQ.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\iXseZUi.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GrGhRZZ.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\axJaecW.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\zwYajzk.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dKsOWvD.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\KjAdhRr.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\nTCUxZO.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\gOmTkBs.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\FdlGhNF.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GELFNgO.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WHJwTqS.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\WwjZqos.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\lMvAhOo.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfmrBro.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObgDqkj.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\vCYibiE.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHSClkg.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\KfwcfCG.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ITtTOQH.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\zKXRQli.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\LLnRGKT.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJnDUau.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\nSyjgnM.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\DCfHcPi.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\quUEggd.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\phXSehp.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NZxqPlZ.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\MaPYpVb.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\sMPsXnf.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\qASGwOy.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\OCgHVqn.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\VxkoOVV.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\cvnruFD.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\siKfJuP.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\BHwiBZP.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AHvfeHB.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRJxJwF.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GNtaybo.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NXyOwNf.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\gpFnIbr.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XLvWWkU.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJMfNAd.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\nslGCXj.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AVJvbHH.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHqkaYv.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\iNGyLEU.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBmYjPN.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\oszUxFM.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDPTJhr.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\tmlfPEm.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXmehza.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\hCaxmAg.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2872 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\wpHSmgz.exe
PID 2872 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\wpHSmgz.exe
PID 2872 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\wpHSmgz.exe
PID 2872 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\VPMTbsg.exe
PID 2872 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\VPMTbsg.exe
PID 2872 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\VPMTbsg.exe
PID 2872 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YugXXah.exe
PID 2872 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YugXXah.exe
PID 2872 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YugXXah.exe
PID 2872 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\jzYfivw.exe
PID 2872 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\jzYfivw.exe
PID 2872 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\jzYfivw.exe
PID 2872 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\dixlVfK.exe
PID 2872 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\dixlVfK.exe
PID 2872 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\dixlVfK.exe
PID 2872 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkxaliG.exe
PID 2872 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkxaliG.exe
PID 2872 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkxaliG.exe
PID 2872 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\UDClUXo.exe
PID 2872 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\UDClUXo.exe
PID 2872 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\UDClUXo.exe
PID 2872 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\pbloxoI.exe
PID 2872 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\pbloxoI.exe
PID 2872 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\pbloxoI.exe
PID 2872 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YoGilKz.exe
PID 2872 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YoGilKz.exe
PID 2872 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YoGilKz.exe
PID 2872 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ZvBlMzx.exe
PID 2872 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ZvBlMzx.exe
PID 2872 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ZvBlMzx.exe
PID 2872 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\OMOgkjA.exe
PID 2872 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\OMOgkjA.exe
PID 2872 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\OMOgkjA.exe
PID 2872 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\AYdPqql.exe
PID 2872 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\AYdPqql.exe
PID 2872 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\AYdPqql.exe
PID 2872 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ydHYnAH.exe
PID 2872 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ydHYnAH.exe
PID 2872 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ydHYnAH.exe
PID 2872 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YehlDmE.exe
PID 2872 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YehlDmE.exe
PID 2872 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YehlDmE.exe
PID 2872 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\rEBdsVh.exe
PID 2872 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\rEBdsVh.exe
PID 2872 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\rEBdsVh.exe
PID 2872 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkQLtka.exe
PID 2872 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkQLtka.exe
PID 2872 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkQLtka.exe
PID 2872 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\xjRBkgz.exe
PID 2872 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\xjRBkgz.exe
PID 2872 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\xjRBkgz.exe
PID 2872 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\mSVPbdS.exe
PID 2872 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\mSVPbdS.exe
PID 2872 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\mSVPbdS.exe
PID 2872 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\DuEdABn.exe
PID 2872 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\DuEdABn.exe
PID 2872 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\DuEdABn.exe
PID 2872 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\GUWkbxZ.exe
PID 2872 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\GUWkbxZ.exe
PID 2872 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\GUWkbxZ.exe
PID 2872 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\RAWrOjA.exe
PID 2872 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\RAWrOjA.exe
PID 2872 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\RAWrOjA.exe
PID 2872 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\WtfbCCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe"

C:\Windows\System\wpHSmgz.exe

C:\Windows\System\wpHSmgz.exe

C:\Windows\System\VPMTbsg.exe

C:\Windows\System\VPMTbsg.exe

C:\Windows\System\YugXXah.exe

C:\Windows\System\YugXXah.exe

C:\Windows\System\jzYfivw.exe

C:\Windows\System\jzYfivw.exe

C:\Windows\System\dixlVfK.exe

C:\Windows\System\dixlVfK.exe

C:\Windows\System\fkxaliG.exe

C:\Windows\System\fkxaliG.exe

C:\Windows\System\UDClUXo.exe

C:\Windows\System\UDClUXo.exe

C:\Windows\System\pbloxoI.exe

C:\Windows\System\pbloxoI.exe

C:\Windows\System\YoGilKz.exe

C:\Windows\System\YoGilKz.exe

C:\Windows\System\ZvBlMzx.exe

C:\Windows\System\ZvBlMzx.exe

C:\Windows\System\OMOgkjA.exe

C:\Windows\System\OMOgkjA.exe

C:\Windows\System\AYdPqql.exe

C:\Windows\System\AYdPqql.exe

C:\Windows\System\ydHYnAH.exe

C:\Windows\System\ydHYnAH.exe

C:\Windows\System\YehlDmE.exe

C:\Windows\System\YehlDmE.exe

C:\Windows\System\rEBdsVh.exe

C:\Windows\System\rEBdsVh.exe

C:\Windows\System\fkQLtka.exe

C:\Windows\System\fkQLtka.exe

C:\Windows\System\xjRBkgz.exe

C:\Windows\System\xjRBkgz.exe

C:\Windows\System\mSVPbdS.exe

C:\Windows\System\mSVPbdS.exe

C:\Windows\System\DuEdABn.exe

C:\Windows\System\DuEdABn.exe

C:\Windows\System\GUWkbxZ.exe

C:\Windows\System\GUWkbxZ.exe

C:\Windows\System\RAWrOjA.exe

C:\Windows\System\RAWrOjA.exe

C:\Windows\System\WtfbCCP.exe

C:\Windows\System\WtfbCCP.exe

C:\Windows\System\PFHdWvd.exe

C:\Windows\System\PFHdWvd.exe

C:\Windows\System\vahCjdX.exe

C:\Windows\System\vahCjdX.exe

C:\Windows\System\zhHPYZu.exe

C:\Windows\System\zhHPYZu.exe

C:\Windows\System\eHpXVCT.exe

C:\Windows\System\eHpXVCT.exe

C:\Windows\System\ppGoLYg.exe

C:\Windows\System\ppGoLYg.exe

C:\Windows\System\dIZDDki.exe

C:\Windows\System\dIZDDki.exe

C:\Windows\System\AUaEVnG.exe

C:\Windows\System\AUaEVnG.exe

C:\Windows\System\afjTjYw.exe

C:\Windows\System\afjTjYw.exe

C:\Windows\System\LuQNfnX.exe

C:\Windows\System\LuQNfnX.exe

C:\Windows\System\wibDZkS.exe

C:\Windows\System\wibDZkS.exe

C:\Windows\System\TKFrTxu.exe

C:\Windows\System\TKFrTxu.exe

C:\Windows\System\HIUpqcK.exe

C:\Windows\System\HIUpqcK.exe

C:\Windows\System\DKCoYpS.exe

C:\Windows\System\DKCoYpS.exe

C:\Windows\System\YhZOZuE.exe

C:\Windows\System\YhZOZuE.exe

C:\Windows\System\GMluauy.exe

C:\Windows\System\GMluauy.exe

C:\Windows\System\kZuGjxR.exe

C:\Windows\System\kZuGjxR.exe

C:\Windows\System\urXSQLX.exe

C:\Windows\System\urXSQLX.exe

C:\Windows\System\BCTBDPT.exe

C:\Windows\System\BCTBDPT.exe

C:\Windows\System\XJpnACW.exe

C:\Windows\System\XJpnACW.exe

C:\Windows\System\MaOdtVh.exe

C:\Windows\System\MaOdtVh.exe

C:\Windows\System\KfLqXAF.exe

C:\Windows\System\KfLqXAF.exe

C:\Windows\System\IrFsikM.exe

C:\Windows\System\IrFsikM.exe

C:\Windows\System\IdOAPVs.exe

C:\Windows\System\IdOAPVs.exe

C:\Windows\System\OUJTlqt.exe

C:\Windows\System\OUJTlqt.exe

C:\Windows\System\SjKwERO.exe

C:\Windows\System\SjKwERO.exe

C:\Windows\System\AiBavbR.exe

C:\Windows\System\AiBavbR.exe

C:\Windows\System\MZVEabS.exe

C:\Windows\System\MZVEabS.exe

C:\Windows\System\AzWfkBD.exe

C:\Windows\System\AzWfkBD.exe

C:\Windows\System\MIYdbJs.exe

C:\Windows\System\MIYdbJs.exe

C:\Windows\System\sQjYEKz.exe

C:\Windows\System\sQjYEKz.exe

C:\Windows\System\knFmGXB.exe

C:\Windows\System\knFmGXB.exe

C:\Windows\System\IULctRj.exe

C:\Windows\System\IULctRj.exe

C:\Windows\System\wQdEBsv.exe

C:\Windows\System\wQdEBsv.exe

C:\Windows\System\LJDCLpp.exe

C:\Windows\System\LJDCLpp.exe

C:\Windows\System\yeVvYEm.exe

C:\Windows\System\yeVvYEm.exe

C:\Windows\System\DCfHcPi.exe

C:\Windows\System\DCfHcPi.exe

C:\Windows\System\mboSoIp.exe

C:\Windows\System\mboSoIp.exe

C:\Windows\System\nkYvhSa.exe

C:\Windows\System\nkYvhSa.exe

C:\Windows\System\UpmbWUJ.exe

C:\Windows\System\UpmbWUJ.exe

C:\Windows\System\UjsONaI.exe

C:\Windows\System\UjsONaI.exe

C:\Windows\System\gvGJDAu.exe

C:\Windows\System\gvGJDAu.exe

C:\Windows\System\UauAWTm.exe

C:\Windows\System\UauAWTm.exe

C:\Windows\System\UbsQDim.exe

C:\Windows\System\UbsQDim.exe

C:\Windows\System\ckLMRyP.exe

C:\Windows\System\ckLMRyP.exe

C:\Windows\System\wEHCEJm.exe

C:\Windows\System\wEHCEJm.exe

C:\Windows\System\InYffAv.exe

C:\Windows\System\InYffAv.exe

C:\Windows\System\dFKEmrU.exe

C:\Windows\System\dFKEmrU.exe

C:\Windows\System\EAFUpmz.exe

C:\Windows\System\EAFUpmz.exe

C:\Windows\System\GPRVCYP.exe

C:\Windows\System\GPRVCYP.exe

C:\Windows\System\dCpeoSj.exe

C:\Windows\System\dCpeoSj.exe

C:\Windows\System\AcTYyPs.exe

C:\Windows\System\AcTYyPs.exe

C:\Windows\System\gSjvHOJ.exe

C:\Windows\System\gSjvHOJ.exe

C:\Windows\System\AsZQIzQ.exe

C:\Windows\System\AsZQIzQ.exe

C:\Windows\System\qqerNQd.exe

C:\Windows\System\qqerNQd.exe

C:\Windows\System\akXeCrX.exe

C:\Windows\System\akXeCrX.exe

C:\Windows\System\wYQuTfa.exe

C:\Windows\System\wYQuTfa.exe

C:\Windows\System\TlmvIOw.exe

C:\Windows\System\TlmvIOw.exe

C:\Windows\System\GhRLBZp.exe

C:\Windows\System\GhRLBZp.exe

C:\Windows\System\UvVDMXR.exe

C:\Windows\System\UvVDMXR.exe

C:\Windows\System\UOnuZeR.exe

C:\Windows\System\UOnuZeR.exe

C:\Windows\System\JvYwchq.exe

C:\Windows\System\JvYwchq.exe

C:\Windows\System\HjfCyMx.exe

C:\Windows\System\HjfCyMx.exe

C:\Windows\System\zyanvRl.exe

C:\Windows\System\zyanvRl.exe

C:\Windows\System\aDKJGKi.exe

C:\Windows\System\aDKJGKi.exe

C:\Windows\System\pQeDwFV.exe

C:\Windows\System\pQeDwFV.exe

C:\Windows\System\yITDmSF.exe

C:\Windows\System\yITDmSF.exe

C:\Windows\System\vQwmCeL.exe

C:\Windows\System\vQwmCeL.exe

C:\Windows\System\WLDRRBH.exe

C:\Windows\System\WLDRRBH.exe

C:\Windows\System\MStPpzd.exe

C:\Windows\System\MStPpzd.exe

C:\Windows\System\IJuvzUR.exe

C:\Windows\System\IJuvzUR.exe

C:\Windows\System\gUOtUll.exe

C:\Windows\System\gUOtUll.exe

C:\Windows\System\rzmcMnO.exe

C:\Windows\System\rzmcMnO.exe

C:\Windows\System\fsXMaxu.exe

C:\Windows\System\fsXMaxu.exe

C:\Windows\System\ajKpcvY.exe

C:\Windows\System\ajKpcvY.exe

C:\Windows\System\nRBvpat.exe

C:\Windows\System\nRBvpat.exe

C:\Windows\System\XHEBvae.exe

C:\Windows\System\XHEBvae.exe

C:\Windows\System\cbuWcvJ.exe

C:\Windows\System\cbuWcvJ.exe

C:\Windows\System\dxocgqg.exe

C:\Windows\System\dxocgqg.exe

C:\Windows\System\ZjVeYUM.exe

C:\Windows\System\ZjVeYUM.exe

C:\Windows\System\qXmehza.exe

C:\Windows\System\qXmehza.exe

C:\Windows\System\TfzypYk.exe

C:\Windows\System\TfzypYk.exe

C:\Windows\System\yziKxFT.exe

C:\Windows\System\yziKxFT.exe

C:\Windows\System\NlvJZLa.exe

C:\Windows\System\NlvJZLa.exe

C:\Windows\System\XdSctCo.exe

C:\Windows\System\XdSctCo.exe

C:\Windows\System\LbsWgqQ.exe

C:\Windows\System\LbsWgqQ.exe

C:\Windows\System\lUkYFju.exe

C:\Windows\System\lUkYFju.exe

C:\Windows\System\DLTmVUp.exe

C:\Windows\System\DLTmVUp.exe

C:\Windows\System\mpeYIgh.exe

C:\Windows\System\mpeYIgh.exe

C:\Windows\System\HdCAJli.exe

C:\Windows\System\HdCAJli.exe

C:\Windows\System\DFgrjis.exe

C:\Windows\System\DFgrjis.exe

C:\Windows\System\QfEggAh.exe

C:\Windows\System\QfEggAh.exe

C:\Windows\System\wHVGlmP.exe

C:\Windows\System\wHVGlmP.exe

C:\Windows\System\vPVnmIp.exe

C:\Windows\System\vPVnmIp.exe

C:\Windows\System\DRfVVUs.exe

C:\Windows\System\DRfVVUs.exe

C:\Windows\System\GSHzESh.exe

C:\Windows\System\GSHzESh.exe

C:\Windows\System\FgxwfRK.exe

C:\Windows\System\FgxwfRK.exe

C:\Windows\System\ZyFRzvB.exe

C:\Windows\System\ZyFRzvB.exe

C:\Windows\System\EaKBNud.exe

C:\Windows\System\EaKBNud.exe

C:\Windows\System\xdjGOGK.exe

C:\Windows\System\xdjGOGK.exe

C:\Windows\System\TaoOpLC.exe

C:\Windows\System\TaoOpLC.exe

C:\Windows\System\llNCWZU.exe

C:\Windows\System\llNCWZU.exe

C:\Windows\System\kfOoxOo.exe

C:\Windows\System\kfOoxOo.exe

C:\Windows\System\GoqHcii.exe

C:\Windows\System\GoqHcii.exe

C:\Windows\System\oHlopxg.exe

C:\Windows\System\oHlopxg.exe

C:\Windows\System\wndJJMU.exe

C:\Windows\System\wndJJMU.exe

C:\Windows\System\yrLDpDT.exe

C:\Windows\System\yrLDpDT.exe

C:\Windows\System\NAomryK.exe

C:\Windows\System\NAomryK.exe

C:\Windows\System\FWjoAXN.exe

C:\Windows\System\FWjoAXN.exe

C:\Windows\System\TcvbMHe.exe

C:\Windows\System\TcvbMHe.exe

C:\Windows\System\lJKYkmP.exe

C:\Windows\System\lJKYkmP.exe

C:\Windows\System\PdBppCV.exe

C:\Windows\System\PdBppCV.exe

C:\Windows\System\PosaMQw.exe

C:\Windows\System\PosaMQw.exe

C:\Windows\System\JqSKqrH.exe

C:\Windows\System\JqSKqrH.exe

C:\Windows\System\LNwOQPR.exe

C:\Windows\System\LNwOQPR.exe

C:\Windows\System\eAWCIIL.exe

C:\Windows\System\eAWCIIL.exe

C:\Windows\System\ipVsXlj.exe

C:\Windows\System\ipVsXlj.exe

C:\Windows\System\RNNpOBa.exe

C:\Windows\System\RNNpOBa.exe

C:\Windows\System\iyuyssw.exe

C:\Windows\System\iyuyssw.exe

C:\Windows\System\ClAfnyp.exe

C:\Windows\System\ClAfnyp.exe

C:\Windows\System\KlSjCRs.exe

C:\Windows\System\KlSjCRs.exe

C:\Windows\System\gNdKQNw.exe

C:\Windows\System\gNdKQNw.exe

C:\Windows\System\FQXWGBe.exe

C:\Windows\System\FQXWGBe.exe

C:\Windows\System\gVvhFzM.exe

C:\Windows\System\gVvhFzM.exe

C:\Windows\System\lNmUVuy.exe

C:\Windows\System\lNmUVuy.exe

C:\Windows\System\GNtaybo.exe

C:\Windows\System\GNtaybo.exe

C:\Windows\System\KZKABcH.exe

C:\Windows\System\KZKABcH.exe

C:\Windows\System\RWrqhaR.exe

C:\Windows\System\RWrqhaR.exe

C:\Windows\System\AgErlsT.exe

C:\Windows\System\AgErlsT.exe

C:\Windows\System\FyLAKZB.exe

C:\Windows\System\FyLAKZB.exe

C:\Windows\System\wQahbXf.exe

C:\Windows\System\wQahbXf.exe

C:\Windows\System\FaHVAhO.exe

C:\Windows\System\FaHVAhO.exe

C:\Windows\System\VwGlfvm.exe

C:\Windows\System\VwGlfvm.exe

C:\Windows\System\ewFYwOH.exe

C:\Windows\System\ewFYwOH.exe

C:\Windows\System\YwyMfMx.exe

C:\Windows\System\YwyMfMx.exe

C:\Windows\System\EtCAFXz.exe

C:\Windows\System\EtCAFXz.exe

C:\Windows\System\WfcGsyo.exe

C:\Windows\System\WfcGsyo.exe

C:\Windows\System\cqFmCjV.exe

C:\Windows\System\cqFmCjV.exe

C:\Windows\System\UhKxdJU.exe

C:\Windows\System\UhKxdJU.exe

C:\Windows\System\BoQfkUZ.exe

C:\Windows\System\BoQfkUZ.exe

C:\Windows\System\rwYYRae.exe

C:\Windows\System\rwYYRae.exe

C:\Windows\System\VRqybtn.exe

C:\Windows\System\VRqybtn.exe

C:\Windows\System\ghaKumA.exe

C:\Windows\System\ghaKumA.exe

C:\Windows\System\owGBwhI.exe

C:\Windows\System\owGBwhI.exe

C:\Windows\System\SIgOeQD.exe

C:\Windows\System\SIgOeQD.exe

C:\Windows\System\UaiPyXW.exe

C:\Windows\System\UaiPyXW.exe

C:\Windows\System\WsmlJOC.exe

C:\Windows\System\WsmlJOC.exe

C:\Windows\System\OlwLWxi.exe

C:\Windows\System\OlwLWxi.exe

C:\Windows\System\uejSyqe.exe

C:\Windows\System\uejSyqe.exe

C:\Windows\System\UduxKOS.exe

C:\Windows\System\UduxKOS.exe

C:\Windows\System\QklHsfg.exe

C:\Windows\System\QklHsfg.exe

C:\Windows\System\AOchseg.exe

C:\Windows\System\AOchseg.exe

C:\Windows\System\eGyNzTa.exe

C:\Windows\System\eGyNzTa.exe

C:\Windows\System\KfwcfCG.exe

C:\Windows\System\KfwcfCG.exe

C:\Windows\System\CwgzRLs.exe

C:\Windows\System\CwgzRLs.exe

C:\Windows\System\tzFQGzk.exe

C:\Windows\System\tzFQGzk.exe

C:\Windows\System\wQwabZq.exe

C:\Windows\System\wQwabZq.exe

C:\Windows\System\tASUDrs.exe

C:\Windows\System\tASUDrs.exe

C:\Windows\System\Xlxhhud.exe

C:\Windows\System\Xlxhhud.exe

C:\Windows\System\USSbXJI.exe

C:\Windows\System\USSbXJI.exe

C:\Windows\System\EPuAYRL.exe

C:\Windows\System\EPuAYRL.exe

C:\Windows\System\ALXHdrL.exe

C:\Windows\System\ALXHdrL.exe

C:\Windows\System\QQdXtpj.exe

C:\Windows\System\QQdXtpj.exe

C:\Windows\System\GvYZouH.exe

C:\Windows\System\GvYZouH.exe

C:\Windows\System\qQlzvDU.exe

C:\Windows\System\qQlzvDU.exe

C:\Windows\System\TkvoGxu.exe

C:\Windows\System\TkvoGxu.exe

C:\Windows\System\feLQcXq.exe

C:\Windows\System\feLQcXq.exe

C:\Windows\System\gbbhkzR.exe

C:\Windows\System\gbbhkzR.exe

C:\Windows\System\NjIKUGF.exe

C:\Windows\System\NjIKUGF.exe

C:\Windows\System\GmbyuZE.exe

C:\Windows\System\GmbyuZE.exe

C:\Windows\System\YaaEDrH.exe

C:\Windows\System\YaaEDrH.exe

C:\Windows\System\QwqMfyT.exe

C:\Windows\System\QwqMfyT.exe

C:\Windows\System\jxoRanh.exe

C:\Windows\System\jxoRanh.exe

C:\Windows\System\lxXCtMt.exe

C:\Windows\System\lxXCtMt.exe

C:\Windows\System\hGcsIBH.exe

C:\Windows\System\hGcsIBH.exe

C:\Windows\System\iiEsusF.exe

C:\Windows\System\iiEsusF.exe

C:\Windows\System\vSqEPLV.exe

C:\Windows\System\vSqEPLV.exe

C:\Windows\System\CZeCrOP.exe

C:\Windows\System\CZeCrOP.exe

C:\Windows\System\KRZsLkJ.exe

C:\Windows\System\KRZsLkJ.exe

C:\Windows\System\lbgwEDF.exe

C:\Windows\System\lbgwEDF.exe

C:\Windows\System\RykylSM.exe

C:\Windows\System\RykylSM.exe

C:\Windows\System\KzxNpjD.exe

C:\Windows\System\KzxNpjD.exe

C:\Windows\System\HutyOAt.exe

C:\Windows\System\HutyOAt.exe

C:\Windows\System\OOyVlsG.exe

C:\Windows\System\OOyVlsG.exe

C:\Windows\System\OJfEclX.exe

C:\Windows\System\OJfEclX.exe

C:\Windows\System\fsvwHwZ.exe

C:\Windows\System\fsvwHwZ.exe

C:\Windows\System\vwhDRUa.exe

C:\Windows\System\vwhDRUa.exe

C:\Windows\System\rfMcVcU.exe

C:\Windows\System\rfMcVcU.exe

C:\Windows\System\vkGILJq.exe

C:\Windows\System\vkGILJq.exe

C:\Windows\System\KkTFiCU.exe

C:\Windows\System\KkTFiCU.exe

C:\Windows\System\jLgnXOs.exe

C:\Windows\System\jLgnXOs.exe

C:\Windows\System\OCgHVqn.exe

C:\Windows\System\OCgHVqn.exe

C:\Windows\System\ccQCIPH.exe

C:\Windows\System\ccQCIPH.exe

C:\Windows\System\ePuWbCZ.exe

C:\Windows\System\ePuWbCZ.exe

C:\Windows\System\rMeqiWS.exe

C:\Windows\System\rMeqiWS.exe

C:\Windows\System\tsRgiZB.exe

C:\Windows\System\tsRgiZB.exe

C:\Windows\System\EWJPigc.exe

C:\Windows\System\EWJPigc.exe

C:\Windows\System\HLpjBzJ.exe

C:\Windows\System\HLpjBzJ.exe

C:\Windows\System\KuwRmGm.exe

C:\Windows\System\KuwRmGm.exe

C:\Windows\System\MyjFkvP.exe

C:\Windows\System\MyjFkvP.exe

C:\Windows\System\qGgMfjT.exe

C:\Windows\System\qGgMfjT.exe

C:\Windows\System\yqORRDl.exe

C:\Windows\System\yqORRDl.exe

C:\Windows\System\BUucfVX.exe

C:\Windows\System\BUucfVX.exe

C:\Windows\System\hFNQBcC.exe

C:\Windows\System\hFNQBcC.exe

C:\Windows\System\eBlgNWD.exe

C:\Windows\System\eBlgNWD.exe

C:\Windows\System\tgDkPSr.exe

C:\Windows\System\tgDkPSr.exe

C:\Windows\System\cgDVsnZ.exe

C:\Windows\System\cgDVsnZ.exe

C:\Windows\System\uSPJKxf.exe

C:\Windows\System\uSPJKxf.exe

C:\Windows\System\fFhSnBt.exe

C:\Windows\System\fFhSnBt.exe

C:\Windows\System\QjncGPV.exe

C:\Windows\System\QjncGPV.exe

C:\Windows\System\GDPLOCM.exe

C:\Windows\System\GDPLOCM.exe

C:\Windows\System\gTPhSUM.exe

C:\Windows\System\gTPhSUM.exe

C:\Windows\System\MLQhRVq.exe

C:\Windows\System\MLQhRVq.exe

C:\Windows\System\toZRPlK.exe

C:\Windows\System\toZRPlK.exe

C:\Windows\System\ITtTOQH.exe

C:\Windows\System\ITtTOQH.exe

C:\Windows\System\CqXPNMe.exe

C:\Windows\System\CqXPNMe.exe

C:\Windows\System\dKsOWvD.exe

C:\Windows\System\dKsOWvD.exe

C:\Windows\System\yPKBzLv.exe

C:\Windows\System\yPKBzLv.exe

C:\Windows\System\lkRBZsc.exe

C:\Windows\System\lkRBZsc.exe

C:\Windows\System\oyqUQGc.exe

C:\Windows\System\oyqUQGc.exe

C:\Windows\System\DlgqoUT.exe

C:\Windows\System\DlgqoUT.exe

C:\Windows\System\MJMfNAd.exe

C:\Windows\System\MJMfNAd.exe

C:\Windows\System\cXCaJyP.exe

C:\Windows\System\cXCaJyP.exe

C:\Windows\System\hflhgSa.exe

C:\Windows\System\hflhgSa.exe

C:\Windows\System\YpCoROU.exe

C:\Windows\System\YpCoROU.exe

C:\Windows\System\IQsJqku.exe

C:\Windows\System\IQsJqku.exe

C:\Windows\System\wAVnmQE.exe

C:\Windows\System\wAVnmQE.exe

C:\Windows\System\lMvAhOo.exe

C:\Windows\System\lMvAhOo.exe

C:\Windows\System\BGWSrqx.exe

C:\Windows\System\BGWSrqx.exe

C:\Windows\System\MPGIAcL.exe

C:\Windows\System\MPGIAcL.exe

C:\Windows\System\QorlAhF.exe

C:\Windows\System\QorlAhF.exe

C:\Windows\System\lfMtxPL.exe

C:\Windows\System\lfMtxPL.exe

C:\Windows\System\MpGcEvy.exe

C:\Windows\System\MpGcEvy.exe

C:\Windows\System\tgfKbPA.exe

C:\Windows\System\tgfKbPA.exe

C:\Windows\System\VxkoOVV.exe

C:\Windows\System\VxkoOVV.exe

C:\Windows\System\cjbybYs.exe

C:\Windows\System\cjbybYs.exe

C:\Windows\System\INxRIzI.exe

C:\Windows\System\INxRIzI.exe

C:\Windows\System\cuAwoBP.exe

C:\Windows\System\cuAwoBP.exe

C:\Windows\System\qXLFHpB.exe

C:\Windows\System\qXLFHpB.exe

C:\Windows\System\YUsiwqj.exe

C:\Windows\System\YUsiwqj.exe

C:\Windows\System\RAyTKeU.exe

C:\Windows\System\RAyTKeU.exe

C:\Windows\System\cOBnrnk.exe

C:\Windows\System\cOBnrnk.exe

C:\Windows\System\QDiJLTP.exe

C:\Windows\System\QDiJLTP.exe

C:\Windows\System\SRdOkeh.exe

C:\Windows\System\SRdOkeh.exe

C:\Windows\System\iUkrdrX.exe

C:\Windows\System\iUkrdrX.exe

C:\Windows\System\yqSnPQG.exe

C:\Windows\System\yqSnPQG.exe

C:\Windows\System\qASGwOy.exe

C:\Windows\System\qASGwOy.exe

C:\Windows\System\lJJiNtV.exe

C:\Windows\System\lJJiNtV.exe

C:\Windows\System\rQPJDia.exe

C:\Windows\System\rQPJDia.exe

C:\Windows\System\IGUDRcm.exe

C:\Windows\System\IGUDRcm.exe

C:\Windows\System\mxcCNud.exe

C:\Windows\System\mxcCNud.exe

C:\Windows\System\KsnGMqo.exe

C:\Windows\System\KsnGMqo.exe

C:\Windows\System\oYjSWnt.exe

C:\Windows\System\oYjSWnt.exe

C:\Windows\System\GoVffzP.exe

C:\Windows\System\GoVffzP.exe

C:\Windows\System\qPUhdwr.exe

C:\Windows\System\qPUhdwr.exe

C:\Windows\System\DYiKXVo.exe

C:\Windows\System\DYiKXVo.exe

C:\Windows\System\dYrUinN.exe

C:\Windows\System\dYrUinN.exe

C:\Windows\System\pHUkonK.exe

C:\Windows\System\pHUkonK.exe

C:\Windows\System\hCaxmAg.exe

C:\Windows\System\hCaxmAg.exe

C:\Windows\System\CxpTLON.exe

C:\Windows\System\CxpTLON.exe

C:\Windows\System\XNYbXRY.exe

C:\Windows\System\XNYbXRY.exe

C:\Windows\System\dgOwUUF.exe

C:\Windows\System\dgOwUUF.exe

C:\Windows\System\ZwRtFdT.exe

C:\Windows\System\ZwRtFdT.exe

C:\Windows\System\bpVxIbO.exe

C:\Windows\System\bpVxIbO.exe

C:\Windows\System\MUAOClv.exe

C:\Windows\System\MUAOClv.exe

C:\Windows\System\quRPbDd.exe

C:\Windows\System\quRPbDd.exe

C:\Windows\System\aADwnFs.exe

C:\Windows\System\aADwnFs.exe

C:\Windows\System\OyRYvEQ.exe

C:\Windows\System\OyRYvEQ.exe

C:\Windows\System\pgzDvRk.exe

C:\Windows\System\pgzDvRk.exe

C:\Windows\System\xUsNYWB.exe

C:\Windows\System\xUsNYWB.exe

C:\Windows\System\ibpTeim.exe

C:\Windows\System\ibpTeim.exe

C:\Windows\System\ExBfZTR.exe

C:\Windows\System\ExBfZTR.exe

C:\Windows\System\SkpabfU.exe

C:\Windows\System\SkpabfU.exe

C:\Windows\System\hITZyIs.exe

C:\Windows\System\hITZyIs.exe

C:\Windows\System\mDcextX.exe

C:\Windows\System\mDcextX.exe

C:\Windows\System\sgqXeFh.exe

C:\Windows\System\sgqXeFh.exe

C:\Windows\System\pGaDlvF.exe

C:\Windows\System\pGaDlvF.exe

C:\Windows\System\tDoQJYJ.exe

C:\Windows\System\tDoQJYJ.exe

C:\Windows\System\mSIHAuq.exe

C:\Windows\System\mSIHAuq.exe

C:\Windows\System\rHFLIsf.exe

C:\Windows\System\rHFLIsf.exe

C:\Windows\System\hhUPsMt.exe

C:\Windows\System\hhUPsMt.exe

C:\Windows\System\bLWZwal.exe

C:\Windows\System\bLWZwal.exe

C:\Windows\System\zaOBuwm.exe

C:\Windows\System\zaOBuwm.exe

C:\Windows\System\xRoBJnZ.exe

C:\Windows\System\xRoBJnZ.exe

C:\Windows\System\SkNXZKX.exe

C:\Windows\System\SkNXZKX.exe

C:\Windows\System\qoSLlVa.exe

C:\Windows\System\qoSLlVa.exe

C:\Windows\System\zVpGxzC.exe

C:\Windows\System\zVpGxzC.exe

C:\Windows\System\KBaRzHq.exe

C:\Windows\System\KBaRzHq.exe

C:\Windows\System\ryIhtFi.exe

C:\Windows\System\ryIhtFi.exe

C:\Windows\System\JbfbinJ.exe

C:\Windows\System\JbfbinJ.exe

C:\Windows\System\cIBtCOo.exe

C:\Windows\System\cIBtCOo.exe

C:\Windows\System\JBZfqwy.exe

C:\Windows\System\JBZfqwy.exe

C:\Windows\System\baMwxMp.exe

C:\Windows\System\baMwxMp.exe

C:\Windows\System\ZZhfUXz.exe

C:\Windows\System\ZZhfUXz.exe

C:\Windows\System\CJpmqIM.exe

C:\Windows\System\CJpmqIM.exe

C:\Windows\System\SRmMkrr.exe

C:\Windows\System\SRmMkrr.exe

C:\Windows\System\pzyuXml.exe

C:\Windows\System\pzyuXml.exe

C:\Windows\System\CJJPDrR.exe

C:\Windows\System\CJJPDrR.exe

C:\Windows\System\ymMayjd.exe

C:\Windows\System\ymMayjd.exe

C:\Windows\System\iqWdmfW.exe

C:\Windows\System\iqWdmfW.exe

C:\Windows\System\xmDfRuS.exe

C:\Windows\System\xmDfRuS.exe

C:\Windows\System\NJavoUL.exe

C:\Windows\System\NJavoUL.exe

C:\Windows\System\MrBtTqW.exe

C:\Windows\System\MrBtTqW.exe

C:\Windows\System\iTgJASo.exe

C:\Windows\System\iTgJASo.exe

C:\Windows\System\NdpRILy.exe

C:\Windows\System\NdpRILy.exe

C:\Windows\System\cqyguoK.exe

C:\Windows\System\cqyguoK.exe

C:\Windows\System\VNToEic.exe

C:\Windows\System\VNToEic.exe

C:\Windows\System\gCJQYjx.exe

C:\Windows\System\gCJQYjx.exe

C:\Windows\System\UTkhKzy.exe

C:\Windows\System\UTkhKzy.exe

C:\Windows\System\WLbLRcs.exe

C:\Windows\System\WLbLRcs.exe

C:\Windows\System\vGqqOwH.exe

C:\Windows\System\vGqqOwH.exe

C:\Windows\System\kxshqBv.exe

C:\Windows\System\kxshqBv.exe

C:\Windows\System\CnxeBTD.exe

C:\Windows\System\CnxeBTD.exe

C:\Windows\System\HzDdIqE.exe

C:\Windows\System\HzDdIqE.exe

C:\Windows\System\kXffPAO.exe

C:\Windows\System\kXffPAO.exe

C:\Windows\System\AAJIbhB.exe

C:\Windows\System\AAJIbhB.exe

C:\Windows\System\RakfqNa.exe

C:\Windows\System\RakfqNa.exe

C:\Windows\System\utYPdfx.exe

C:\Windows\System\utYPdfx.exe

C:\Windows\System\tjbsuYi.exe

C:\Windows\System\tjbsuYi.exe

C:\Windows\System\MmgrnoL.exe

C:\Windows\System\MmgrnoL.exe

C:\Windows\System\MHVKMIz.exe

C:\Windows\System\MHVKMIz.exe

C:\Windows\System\NSdWpGw.exe

C:\Windows\System\NSdWpGw.exe

C:\Windows\System\WlHvAaZ.exe

C:\Windows\System\WlHvAaZ.exe

C:\Windows\System\tUIqQUd.exe

C:\Windows\System\tUIqQUd.exe

C:\Windows\System\ehFBWsf.exe

C:\Windows\System\ehFBWsf.exe

C:\Windows\System\qtUUMws.exe

C:\Windows\System\qtUUMws.exe

C:\Windows\System\iYACfZl.exe

C:\Windows\System\iYACfZl.exe

C:\Windows\System\Wtjqeqc.exe

C:\Windows\System\Wtjqeqc.exe

C:\Windows\System\DmlQVsH.exe

C:\Windows\System\DmlQVsH.exe

C:\Windows\System\ktzyitS.exe

C:\Windows\System\ktzyitS.exe

C:\Windows\System\LqBbkJE.exe

C:\Windows\System\LqBbkJE.exe

C:\Windows\System\RigAwhK.exe

C:\Windows\System\RigAwhK.exe

C:\Windows\System\gIFwqrD.exe

C:\Windows\System\gIFwqrD.exe

C:\Windows\System\dOGTHtj.exe

C:\Windows\System\dOGTHtj.exe

C:\Windows\System\xwLibKh.exe

C:\Windows\System\xwLibKh.exe

C:\Windows\System\BoUkCiZ.exe

C:\Windows\System\BoUkCiZ.exe

C:\Windows\System\uCPjjjH.exe

C:\Windows\System\uCPjjjH.exe

C:\Windows\System\UcRGhaM.exe

C:\Windows\System\UcRGhaM.exe

C:\Windows\System\mxqIpba.exe

C:\Windows\System\mxqIpba.exe

C:\Windows\System\BdSFemA.exe

C:\Windows\System\BdSFemA.exe

C:\Windows\System\jBZLHxe.exe

C:\Windows\System\jBZLHxe.exe

C:\Windows\System\VYQZQeW.exe

C:\Windows\System\VYQZQeW.exe

C:\Windows\System\lDBvZBG.exe

C:\Windows\System\lDBvZBG.exe

C:\Windows\System\kRhxUMi.exe

C:\Windows\System\kRhxUMi.exe

C:\Windows\System\TjIphHb.exe

C:\Windows\System\TjIphHb.exe

C:\Windows\System\TZQKouX.exe

C:\Windows\System\TZQKouX.exe

C:\Windows\System\UkkvxvL.exe

C:\Windows\System\UkkvxvL.exe

C:\Windows\System\zDGxWMq.exe

C:\Windows\System\zDGxWMq.exe

C:\Windows\System\UMGmlPq.exe

C:\Windows\System\UMGmlPq.exe

C:\Windows\System\THSCDhB.exe

C:\Windows\System\THSCDhB.exe

C:\Windows\System\EyQzMJV.exe

C:\Windows\System\EyQzMJV.exe

C:\Windows\System\iYOnbjx.exe

C:\Windows\System\iYOnbjx.exe

C:\Windows\System\SyNhZRs.exe

C:\Windows\System\SyNhZRs.exe

C:\Windows\System\QmGZvaB.exe

C:\Windows\System\QmGZvaB.exe

C:\Windows\System\vROOCne.exe

C:\Windows\System\vROOCne.exe

C:\Windows\System\LsZPned.exe

C:\Windows\System\LsZPned.exe

C:\Windows\System\qDPTJhr.exe

C:\Windows\System\qDPTJhr.exe

C:\Windows\System\abVHNkZ.exe

C:\Windows\System\abVHNkZ.exe

C:\Windows\System\lpyLRJo.exe

C:\Windows\System\lpyLRJo.exe

C:\Windows\System\PnRwFtO.exe

C:\Windows\System\PnRwFtO.exe

C:\Windows\System\XcRBRFL.exe

C:\Windows\System\XcRBRFL.exe

C:\Windows\System\RRuITTG.exe

C:\Windows\System\RRuITTG.exe

C:\Windows\System\uIHhBvx.exe

C:\Windows\System\uIHhBvx.exe

C:\Windows\System\ejATRjQ.exe

C:\Windows\System\ejATRjQ.exe

C:\Windows\System\hsyOavu.exe

C:\Windows\System\hsyOavu.exe

C:\Windows\System\fBANSbt.exe

C:\Windows\System\fBANSbt.exe

C:\Windows\System\QqKKKdl.exe

C:\Windows\System\QqKKKdl.exe

C:\Windows\System\bApjquU.exe

C:\Windows\System\bApjquU.exe

C:\Windows\System\eJjAGBO.exe

C:\Windows\System\eJjAGBO.exe

C:\Windows\System\euqhiDU.exe

C:\Windows\System\euqhiDU.exe

C:\Windows\System\HdiIjcg.exe

C:\Windows\System\HdiIjcg.exe

C:\Windows\System\dCjLMpC.exe

C:\Windows\System\dCjLMpC.exe

C:\Windows\System\NLleNmD.exe

C:\Windows\System\NLleNmD.exe

C:\Windows\System\yAORCUF.exe

C:\Windows\System\yAORCUF.exe

C:\Windows\System\tbkuHQq.exe

C:\Windows\System\tbkuHQq.exe

C:\Windows\System\aKgjZlc.exe

C:\Windows\System\aKgjZlc.exe

C:\Windows\System\HkaHWmr.exe

C:\Windows\System\HkaHWmr.exe

C:\Windows\System\njNIycj.exe

C:\Windows\System\njNIycj.exe

C:\Windows\System\VubSTkG.exe

C:\Windows\System\VubSTkG.exe

C:\Windows\System\LsyfGBn.exe

C:\Windows\System\LsyfGBn.exe

C:\Windows\System\xchZxlW.exe

C:\Windows\System\xchZxlW.exe

C:\Windows\System\lPPFeaZ.exe

C:\Windows\System\lPPFeaZ.exe

C:\Windows\System\vhQPTEx.exe

C:\Windows\System\vhQPTEx.exe

C:\Windows\System\gKEKYdS.exe

C:\Windows\System\gKEKYdS.exe

C:\Windows\System\JEhBGKd.exe

C:\Windows\System\JEhBGKd.exe

C:\Windows\System\ncJoNCC.exe

C:\Windows\System\ncJoNCC.exe

C:\Windows\System\zBACIGF.exe

C:\Windows\System\zBACIGF.exe

C:\Windows\System\ybKJUbS.exe

C:\Windows\System\ybKJUbS.exe

C:\Windows\System\IfOlazk.exe

C:\Windows\System\IfOlazk.exe

C:\Windows\System\SsipWPl.exe

C:\Windows\System\SsipWPl.exe

C:\Windows\System\wEOUeWb.exe

C:\Windows\System\wEOUeWb.exe

C:\Windows\System\QHSClkg.exe

C:\Windows\System\QHSClkg.exe

C:\Windows\System\Uuqrokg.exe

C:\Windows\System\Uuqrokg.exe

C:\Windows\System\wDPdTEk.exe

C:\Windows\System\wDPdTEk.exe

C:\Windows\System\sMPsXnf.exe

C:\Windows\System\sMPsXnf.exe

C:\Windows\System\VJJFwEN.exe

C:\Windows\System\VJJFwEN.exe

C:\Windows\System\isEbuZo.exe

C:\Windows\System\isEbuZo.exe

C:\Windows\System\skpYQTK.exe

C:\Windows\System\skpYQTK.exe

C:\Windows\System\SgPJcjf.exe

C:\Windows\System\SgPJcjf.exe

C:\Windows\System\fCTHkjE.exe

C:\Windows\System\fCTHkjE.exe

C:\Windows\System\MUAPXnf.exe

C:\Windows\System\MUAPXnf.exe

C:\Windows\System\FLezcWh.exe

C:\Windows\System\FLezcWh.exe

C:\Windows\System\drNUXJT.exe

C:\Windows\System\drNUXJT.exe

C:\Windows\System\gxqImIj.exe

C:\Windows\System\gxqImIj.exe

C:\Windows\System\HKQJLZC.exe

C:\Windows\System\HKQJLZC.exe

C:\Windows\System\NKMYmia.exe

C:\Windows\System\NKMYmia.exe

C:\Windows\System\SkdLWZS.exe

C:\Windows\System\SkdLWZS.exe

C:\Windows\System\cFRlGnI.exe

C:\Windows\System\cFRlGnI.exe

C:\Windows\System\fMGOfKG.exe

C:\Windows\System\fMGOfKG.exe

C:\Windows\System\DfhHoMa.exe

C:\Windows\System\DfhHoMa.exe

C:\Windows\System\qEmgBlm.exe

C:\Windows\System\qEmgBlm.exe

C:\Windows\System\DgCmjfw.exe

C:\Windows\System\DgCmjfw.exe

C:\Windows\System\eVkwSDn.exe

C:\Windows\System\eVkwSDn.exe

C:\Windows\System\QkZrKQa.exe

C:\Windows\System\QkZrKQa.exe

C:\Windows\System\LrxQvQR.exe

C:\Windows\System\LrxQvQR.exe

C:\Windows\System\OdUfdCi.exe

C:\Windows\System\OdUfdCi.exe

C:\Windows\System\YxZikaX.exe

C:\Windows\System\YxZikaX.exe

C:\Windows\System\psSvHPG.exe

C:\Windows\System\psSvHPG.exe

C:\Windows\System\WcUMlPX.exe

C:\Windows\System\WcUMlPX.exe

C:\Windows\System\SCYiXuI.exe

C:\Windows\System\SCYiXuI.exe

C:\Windows\System\LpWAmBc.exe

C:\Windows\System\LpWAmBc.exe

C:\Windows\System\OWCqvpR.exe

C:\Windows\System\OWCqvpR.exe

C:\Windows\System\DhxwjzN.exe

C:\Windows\System\DhxwjzN.exe

C:\Windows\System\nTcbHrs.exe

C:\Windows\System\nTcbHrs.exe

C:\Windows\System\rUXvwCi.exe

C:\Windows\System\rUXvwCi.exe

C:\Windows\System\FxGZHdw.exe

C:\Windows\System\FxGZHdw.exe

C:\Windows\System\zngfVjL.exe

C:\Windows\System\zngfVjL.exe

C:\Windows\System\XMVKvsD.exe

C:\Windows\System\XMVKvsD.exe

C:\Windows\System\RwZIeYt.exe

C:\Windows\System\RwZIeYt.exe

C:\Windows\System\srPYBxq.exe

C:\Windows\System\srPYBxq.exe

C:\Windows\System\yEWXxgI.exe

C:\Windows\System\yEWXxgI.exe

C:\Windows\System\gmWbJdm.exe

C:\Windows\System\gmWbJdm.exe

C:\Windows\System\lYDGzUq.exe

C:\Windows\System\lYDGzUq.exe

C:\Windows\System\ZlImsnz.exe

C:\Windows\System\ZlImsnz.exe

C:\Windows\System\LSAnsBz.exe

C:\Windows\System\LSAnsBz.exe

C:\Windows\System\KpftLUT.exe

C:\Windows\System\KpftLUT.exe

C:\Windows\System\itepZsC.exe

C:\Windows\System\itepZsC.exe

C:\Windows\System\tHYFkKs.exe

C:\Windows\System\tHYFkKs.exe

C:\Windows\System\lkOOwdg.exe

C:\Windows\System\lkOOwdg.exe

C:\Windows\System\NIQCafP.exe

C:\Windows\System\NIQCafP.exe

C:\Windows\System\pdJdXmt.exe

C:\Windows\System\pdJdXmt.exe

C:\Windows\System\tmlfPEm.exe

C:\Windows\System\tmlfPEm.exe

C:\Windows\System\quUEggd.exe

C:\Windows\System\quUEggd.exe

C:\Windows\System\kmVukTJ.exe

C:\Windows\System\kmVukTJ.exe

C:\Windows\System\ZQAWxNk.exe

C:\Windows\System\ZQAWxNk.exe

C:\Windows\System\ovoxMdU.exe

C:\Windows\System\ovoxMdU.exe

C:\Windows\System\GzdyXmx.exe

C:\Windows\System\GzdyXmx.exe

C:\Windows\System\cvnruFD.exe

C:\Windows\System\cvnruFD.exe

C:\Windows\System\LlQgjul.exe

C:\Windows\System\LlQgjul.exe

C:\Windows\System\baXOlwl.exe

C:\Windows\System\baXOlwl.exe

C:\Windows\System\siKfJuP.exe

C:\Windows\System\siKfJuP.exe

C:\Windows\System\AZGhkLP.exe

C:\Windows\System\AZGhkLP.exe

C:\Windows\System\FygIMZk.exe

C:\Windows\System\FygIMZk.exe

C:\Windows\System\mUFFJtt.exe

C:\Windows\System\mUFFJtt.exe

C:\Windows\System\FnflTQO.exe

C:\Windows\System\FnflTQO.exe

C:\Windows\System\eFiwHBP.exe

C:\Windows\System\eFiwHBP.exe

C:\Windows\System\HylJuay.exe

C:\Windows\System\HylJuay.exe

C:\Windows\System\NMzAVQi.exe

C:\Windows\System\NMzAVQi.exe

C:\Windows\System\UIizYYg.exe

C:\Windows\System\UIizYYg.exe

C:\Windows\System\TrtaRsI.exe

C:\Windows\System\TrtaRsI.exe

C:\Windows\System\waYolps.exe

C:\Windows\System\waYolps.exe

C:\Windows\System\XcgSmIZ.exe

C:\Windows\System\XcgSmIZ.exe

C:\Windows\System\hwOYklP.exe

C:\Windows\System\hwOYklP.exe

C:\Windows\System\TQrzYHt.exe

C:\Windows\System\TQrzYHt.exe

C:\Windows\System\kccwOVr.exe

C:\Windows\System\kccwOVr.exe

C:\Windows\System\PWqsTOu.exe

C:\Windows\System\PWqsTOu.exe

C:\Windows\System\XSomjdf.exe

C:\Windows\System\XSomjdf.exe

C:\Windows\System\YbsCwYL.exe

C:\Windows\System\YbsCwYL.exe

C:\Windows\System\AAYZYZR.exe

C:\Windows\System\AAYZYZR.exe

C:\Windows\System\MBxSICd.exe

C:\Windows\System\MBxSICd.exe

C:\Windows\System\VjrTfjY.exe

C:\Windows\System\VjrTfjY.exe

C:\Windows\System\IhegpBB.exe

C:\Windows\System\IhegpBB.exe

C:\Windows\System\UADjgzO.exe

C:\Windows\System\UADjgzO.exe

C:\Windows\System\yYpAPOi.exe

C:\Windows\System\yYpAPOi.exe

C:\Windows\System\aBVeIiA.exe

C:\Windows\System\aBVeIiA.exe

C:\Windows\System\NAkPDDD.exe

C:\Windows\System\NAkPDDD.exe

C:\Windows\System\sAzLVOf.exe

C:\Windows\System\sAzLVOf.exe

C:\Windows\System\VKOrXqv.exe

C:\Windows\System\VKOrXqv.exe

C:\Windows\System\HSkllZC.exe

C:\Windows\System\HSkllZC.exe

C:\Windows\System\WquuswW.exe

C:\Windows\System\WquuswW.exe

C:\Windows\System\nIjboLq.exe

C:\Windows\System\nIjboLq.exe

C:\Windows\System\chOtGNT.exe

C:\Windows\System\chOtGNT.exe

C:\Windows\System\ZAqMpTa.exe

C:\Windows\System\ZAqMpTa.exe

C:\Windows\System\vgaWrzc.exe

C:\Windows\System\vgaWrzc.exe

C:\Windows\System\xwaIoRz.exe

C:\Windows\System\xwaIoRz.exe

C:\Windows\System\myHunll.exe

C:\Windows\System\myHunll.exe

C:\Windows\System\mLjVEdS.exe

C:\Windows\System\mLjVEdS.exe

C:\Windows\System\XEYonsE.exe

C:\Windows\System\XEYonsE.exe

C:\Windows\System\InXqCky.exe

C:\Windows\System\InXqCky.exe

C:\Windows\System\nslGCXj.exe

C:\Windows\System\nslGCXj.exe

C:\Windows\System\WTRXuGX.exe

C:\Windows\System\WTRXuGX.exe

C:\Windows\System\GkkFZOr.exe

C:\Windows\System\GkkFZOr.exe

C:\Windows\System\ZQZInQy.exe

C:\Windows\System\ZQZInQy.exe

C:\Windows\System\xtHGHly.exe

C:\Windows\System\xtHGHly.exe

C:\Windows\System\alcofZA.exe

C:\Windows\System\alcofZA.exe

C:\Windows\System\ZodxOen.exe

C:\Windows\System\ZodxOen.exe

C:\Windows\System\dSuRURT.exe

C:\Windows\System\dSuRURT.exe

C:\Windows\System\iypkrQW.exe

C:\Windows\System\iypkrQW.exe

C:\Windows\System\wEcofZw.exe

C:\Windows\System\wEcofZw.exe

C:\Windows\System\mEXAuEt.exe

C:\Windows\System\mEXAuEt.exe

C:\Windows\System\KbJuDRw.exe

C:\Windows\System\KbJuDRw.exe

C:\Windows\System\MKQjUoq.exe

C:\Windows\System\MKQjUoq.exe

C:\Windows\System\anljMbg.exe

C:\Windows\System\anljMbg.exe

C:\Windows\System\yHJvshB.exe

C:\Windows\System\yHJvshB.exe

C:\Windows\System\dJnGgrX.exe

C:\Windows\System\dJnGgrX.exe

C:\Windows\System\UZpKwBy.exe

C:\Windows\System\UZpKwBy.exe

C:\Windows\System\XYpjDHi.exe

C:\Windows\System\XYpjDHi.exe

C:\Windows\System\CovpCJI.exe

C:\Windows\System\CovpCJI.exe

C:\Windows\System\kRfwSHu.exe

C:\Windows\System\kRfwSHu.exe

C:\Windows\System\rLYUDza.exe

C:\Windows\System\rLYUDza.exe

C:\Windows\System\rkPZsRC.exe

C:\Windows\System\rkPZsRC.exe

C:\Windows\System\oBcnGpK.exe

C:\Windows\System\oBcnGpK.exe

C:\Windows\System\bROGIqg.exe

C:\Windows\System\bROGIqg.exe

C:\Windows\System\gWzlkGJ.exe

C:\Windows\System\gWzlkGJ.exe

C:\Windows\System\sUlHMtA.exe

C:\Windows\System\sUlHMtA.exe

C:\Windows\System\TWhUQlG.exe

C:\Windows\System\TWhUQlG.exe

C:\Windows\System\GxCtrCv.exe

C:\Windows\System\GxCtrCv.exe

C:\Windows\System\WFxrCHg.exe

C:\Windows\System\WFxrCHg.exe

C:\Windows\System\OBCGNLK.exe

C:\Windows\System\OBCGNLK.exe

C:\Windows\System\wESQhGJ.exe

C:\Windows\System\wESQhGJ.exe

C:\Windows\System\DQWgjgc.exe

C:\Windows\System\DQWgjgc.exe

C:\Windows\System\sggPOFV.exe

C:\Windows\System\sggPOFV.exe

C:\Windows\System\XAdASRE.exe

C:\Windows\System\XAdASRE.exe

C:\Windows\System\fhsLtgE.exe

C:\Windows\System\fhsLtgE.exe

C:\Windows\System\tGEndFn.exe

C:\Windows\System\tGEndFn.exe

C:\Windows\System\tBMveJy.exe

C:\Windows\System\tBMveJy.exe

C:\Windows\System\ZHwHogn.exe

C:\Windows\System\ZHwHogn.exe

C:\Windows\System\APUaybR.exe

C:\Windows\System\APUaybR.exe

C:\Windows\System\xkepNQs.exe

C:\Windows\System\xkepNQs.exe

C:\Windows\System\azplZgw.exe

C:\Windows\System\azplZgw.exe

C:\Windows\System\ijASQVG.exe

C:\Windows\System\ijASQVG.exe

C:\Windows\System\bpgtLJv.exe

C:\Windows\System\bpgtLJv.exe

C:\Windows\System\MfArTAX.exe

C:\Windows\System\MfArTAX.exe

C:\Windows\System\yWzhtFG.exe

C:\Windows\System\yWzhtFG.exe

C:\Windows\System\dCMYXJh.exe

C:\Windows\System\dCMYXJh.exe

C:\Windows\System\MLfkTGM.exe

C:\Windows\System\MLfkTGM.exe

C:\Windows\System\WPGpgsn.exe

C:\Windows\System\WPGpgsn.exe

C:\Windows\System\SQElGpy.exe

C:\Windows\System\SQElGpy.exe

C:\Windows\System\rjhXniE.exe

C:\Windows\System\rjhXniE.exe

C:\Windows\System\QDFAHQu.exe

C:\Windows\System\QDFAHQu.exe

C:\Windows\System\GrGhRZZ.exe

C:\Windows\System\GrGhRZZ.exe

C:\Windows\System\mSbslDd.exe

C:\Windows\System\mSbslDd.exe

C:\Windows\System\QguGHWD.exe

C:\Windows\System\QguGHWD.exe

C:\Windows\System\FdlGhNF.exe

C:\Windows\System\FdlGhNF.exe

C:\Windows\System\gRIzejP.exe

C:\Windows\System\gRIzejP.exe

C:\Windows\System\QpcAuXR.exe

C:\Windows\System\QpcAuXR.exe

C:\Windows\System\LtlPPZg.exe

C:\Windows\System\LtlPPZg.exe

C:\Windows\System\JlmBqRw.exe

C:\Windows\System\JlmBqRw.exe

C:\Windows\System\KVLKtzZ.exe

C:\Windows\System\KVLKtzZ.exe

C:\Windows\System\mwRtFse.exe

C:\Windows\System\mwRtFse.exe

C:\Windows\System\aNEHRps.exe

C:\Windows\System\aNEHRps.exe

C:\Windows\System\SeMDdkD.exe

C:\Windows\System\SeMDdkD.exe

C:\Windows\System\LJegTHz.exe

C:\Windows\System\LJegTHz.exe

C:\Windows\System\bJCjhnC.exe

C:\Windows\System\bJCjhnC.exe

C:\Windows\System\GELFNgO.exe

C:\Windows\System\GELFNgO.exe

C:\Windows\System\TyGUfiv.exe

C:\Windows\System\TyGUfiv.exe

C:\Windows\System\sqRjCvz.exe

C:\Windows\System\sqRjCvz.exe

C:\Windows\System\JAzyuBN.exe

C:\Windows\System\JAzyuBN.exe

C:\Windows\System\XFBpVPI.exe

C:\Windows\System\XFBpVPI.exe

C:\Windows\System\FIAJAjW.exe

C:\Windows\System\FIAJAjW.exe

C:\Windows\System\LLgQFqg.exe

C:\Windows\System\LLgQFqg.exe

C:\Windows\System\YbBBJiy.exe

C:\Windows\System\YbBBJiy.exe

C:\Windows\System\ozcPjEQ.exe

C:\Windows\System\ozcPjEQ.exe

C:\Windows\System\HRJSEmw.exe

C:\Windows\System\HRJSEmw.exe

C:\Windows\System\GvzGvVl.exe

C:\Windows\System\GvzGvVl.exe

C:\Windows\System\LDczFMj.exe

C:\Windows\System\LDczFMj.exe

C:\Windows\System\JlErMCM.exe

C:\Windows\System\JlErMCM.exe

C:\Windows\System\cLzHUZK.exe

C:\Windows\System\cLzHUZK.exe

C:\Windows\System\TsPIoqW.exe

C:\Windows\System\TsPIoqW.exe

C:\Windows\System\tCupxfO.exe

C:\Windows\System\tCupxfO.exe

C:\Windows\System\zKXRQli.exe

C:\Windows\System\zKXRQli.exe

C:\Windows\System\CcbYYtM.exe

C:\Windows\System\CcbYYtM.exe

C:\Windows\System\oDeBBxt.exe

C:\Windows\System\oDeBBxt.exe

C:\Windows\System\llGMdby.exe

C:\Windows\System\llGMdby.exe

C:\Windows\System\KEpkfZE.exe

C:\Windows\System\KEpkfZE.exe

C:\Windows\System\LINYUoQ.exe

C:\Windows\System\LINYUoQ.exe

C:\Windows\System\oEeVhQl.exe

C:\Windows\System\oEeVhQl.exe

C:\Windows\System\juDLfhV.exe

C:\Windows\System\juDLfhV.exe

C:\Windows\System\IQcVNvr.exe

C:\Windows\System\IQcVNvr.exe

C:\Windows\System\tbnQTLc.exe

C:\Windows\System\tbnQTLc.exe

C:\Windows\System\jmBzVex.exe

C:\Windows\System\jmBzVex.exe

C:\Windows\System\izlbpLF.exe

C:\Windows\System\izlbpLF.exe

C:\Windows\System\uWAgivy.exe

C:\Windows\System\uWAgivy.exe

C:\Windows\System\phXSehp.exe

C:\Windows\System\phXSehp.exe

C:\Windows\System\xqPfpMb.exe

C:\Windows\System\xqPfpMb.exe

C:\Windows\System\sghyjAB.exe

C:\Windows\System\sghyjAB.exe

C:\Windows\System\ySmrahH.exe

C:\Windows\System\ySmrahH.exe

C:\Windows\System\kNVkcOh.exe

C:\Windows\System\kNVkcOh.exe

C:\Windows\System\CKQAyjZ.exe

C:\Windows\System\CKQAyjZ.exe

C:\Windows\System\oPEmIMK.exe

C:\Windows\System\oPEmIMK.exe

C:\Windows\System\XMEOgcT.exe

C:\Windows\System\XMEOgcT.exe

C:\Windows\System\sghvpBQ.exe

C:\Windows\System\sghvpBQ.exe

C:\Windows\System\IPfScMu.exe

C:\Windows\System\IPfScMu.exe

C:\Windows\System\sDmXHem.exe

C:\Windows\System\sDmXHem.exe

C:\Windows\System\AVMUvQD.exe

C:\Windows\System\AVMUvQD.exe

C:\Windows\System\SSwwVTE.exe

C:\Windows\System\SSwwVTE.exe

C:\Windows\System\gzNrYlj.exe

C:\Windows\System\gzNrYlj.exe

C:\Windows\System\lnmKfgm.exe

C:\Windows\System\lnmKfgm.exe

C:\Windows\System\ToMwjxo.exe

C:\Windows\System\ToMwjxo.exe

C:\Windows\System\XednJKq.exe

C:\Windows\System\XednJKq.exe

C:\Windows\System\jWwzMzc.exe

C:\Windows\System\jWwzMzc.exe

C:\Windows\System\UbdfJCD.exe

C:\Windows\System\UbdfJCD.exe

C:\Windows\System\rOBihWn.exe

C:\Windows\System\rOBihWn.exe

C:\Windows\System\VZlJqXm.exe

C:\Windows\System\VZlJqXm.exe

C:\Windows\System\rQOJrKe.exe

C:\Windows\System\rQOJrKe.exe

C:\Windows\System\eaVwBjz.exe

C:\Windows\System\eaVwBjz.exe

C:\Windows\System\QuzrJpt.exe

C:\Windows\System\QuzrJpt.exe

C:\Windows\System\YIAtAef.exe

C:\Windows\System\YIAtAef.exe

C:\Windows\System\aaAcdvE.exe

C:\Windows\System\aaAcdvE.exe

C:\Windows\System\CBEGArY.exe

C:\Windows\System\CBEGArY.exe

C:\Windows\System\xnRUurB.exe

C:\Windows\System\xnRUurB.exe

C:\Windows\System\GRRdGEm.exe

C:\Windows\System\GRRdGEm.exe

C:\Windows\System\jSwCjBa.exe

C:\Windows\System\jSwCjBa.exe

C:\Windows\System\BHwiBZP.exe

C:\Windows\System\BHwiBZP.exe

C:\Windows\System\dWrIWKD.exe

C:\Windows\System\dWrIWKD.exe

C:\Windows\System\xxmAMbU.exe

C:\Windows\System\xxmAMbU.exe

C:\Windows\System\YysToHY.exe

C:\Windows\System\YysToHY.exe

C:\Windows\System\YCqYPIK.exe

C:\Windows\System\YCqYPIK.exe

C:\Windows\System\tudiCCk.exe

C:\Windows\System\tudiCCk.exe

C:\Windows\System\pkSPsiw.exe

C:\Windows\System\pkSPsiw.exe

C:\Windows\System\flebuxx.exe

C:\Windows\System\flebuxx.exe

C:\Windows\System\RRQIWtm.exe

C:\Windows\System\RRQIWtm.exe

C:\Windows\System\dIYTqBZ.exe

C:\Windows\System\dIYTqBZ.exe

C:\Windows\System\hxjHREI.exe

C:\Windows\System\hxjHREI.exe

C:\Windows\System\HgkHVQm.exe

C:\Windows\System\HgkHVQm.exe

C:\Windows\System\ArnHvJn.exe

C:\Windows\System\ArnHvJn.exe

C:\Windows\System\wDVVBnm.exe

C:\Windows\System\wDVVBnm.exe

C:\Windows\System\hCBhKwL.exe

C:\Windows\System\hCBhKwL.exe

C:\Windows\System\esfbtsU.exe

C:\Windows\System\esfbtsU.exe

C:\Windows\System\lpQqgAi.exe

C:\Windows\System\lpQqgAi.exe

C:\Windows\System\WnRQQyN.exe

C:\Windows\System\WnRQQyN.exe

C:\Windows\System\hctcepV.exe

C:\Windows\System\hctcepV.exe

C:\Windows\System\eSHKgtF.exe

C:\Windows\System\eSHKgtF.exe

C:\Windows\System\LLnRGKT.exe

C:\Windows\System\LLnRGKT.exe

C:\Windows\System\fyWZOec.exe

C:\Windows\System\fyWZOec.exe

C:\Windows\System\MAHjRaA.exe

C:\Windows\System\MAHjRaA.exe

C:\Windows\System\GqysKeg.exe

C:\Windows\System\GqysKeg.exe

C:\Windows\System\DcsjDTZ.exe

C:\Windows\System\DcsjDTZ.exe

C:\Windows\System\WHJwTqS.exe

C:\Windows\System\WHJwTqS.exe

C:\Windows\System\VBSMMOJ.exe

C:\Windows\System\VBSMMOJ.exe

C:\Windows\System\suhcBvC.exe

C:\Windows\System\suhcBvC.exe

C:\Windows\System\YBhaiGa.exe

C:\Windows\System\YBhaiGa.exe

C:\Windows\System\MAQgHoJ.exe

C:\Windows\System\MAQgHoJ.exe

C:\Windows\System\YODIWrE.exe

C:\Windows\System\YODIWrE.exe

C:\Windows\System\IYIIrBN.exe

C:\Windows\System\IYIIrBN.exe

C:\Windows\System\luqhxTB.exe

C:\Windows\System\luqhxTB.exe

C:\Windows\System\rjRhHBP.exe

C:\Windows\System\rjRhHBP.exe

C:\Windows\System\ivQeMgU.exe

C:\Windows\System\ivQeMgU.exe

C:\Windows\System\dfppyYy.exe

C:\Windows\System\dfppyYy.exe

C:\Windows\System\GCgyjHR.exe

C:\Windows\System\GCgyjHR.exe

C:\Windows\System\BZCcADY.exe

C:\Windows\System\BZCcADY.exe

C:\Windows\System\zdhhfZe.exe

C:\Windows\System\zdhhfZe.exe

C:\Windows\System\nrecGht.exe

C:\Windows\System\nrecGht.exe

C:\Windows\System\ZapXznI.exe

C:\Windows\System\ZapXznI.exe

C:\Windows\System\qVWSYaA.exe

C:\Windows\System\qVWSYaA.exe

C:\Windows\System\HhGriPu.exe

C:\Windows\System\HhGriPu.exe

C:\Windows\System\sNHXmZg.exe

C:\Windows\System\sNHXmZg.exe

C:\Windows\System\bHNxkih.exe

C:\Windows\System\bHNxkih.exe

C:\Windows\System\hvVcohO.exe

C:\Windows\System\hvVcohO.exe

C:\Windows\System\sbhHXGa.exe

C:\Windows\System\sbhHXGa.exe

C:\Windows\System\jMrieKV.exe

C:\Windows\System\jMrieKV.exe

C:\Windows\System\LyVSHlo.exe

C:\Windows\System\LyVSHlo.exe

C:\Windows\System\OBiNTmT.exe

C:\Windows\System\OBiNTmT.exe

C:\Windows\System\yGQjySK.exe

C:\Windows\System\yGQjySK.exe

C:\Windows\System\JAIhwjd.exe

C:\Windows\System\JAIhwjd.exe

C:\Windows\System\DNkgbkk.exe

C:\Windows\System\DNkgbkk.exe

C:\Windows\System\nqeaskl.exe

C:\Windows\System\nqeaskl.exe

C:\Windows\System\nWYCViu.exe

C:\Windows\System\nWYCViu.exe

C:\Windows\System\vJzPTLm.exe

C:\Windows\System\vJzPTLm.exe

C:\Windows\System\JXfRzLL.exe

C:\Windows\System\JXfRzLL.exe

C:\Windows\System\IDSpmAX.exe

C:\Windows\System\IDSpmAX.exe

C:\Windows\System\PpYREJj.exe

C:\Windows\System\PpYREJj.exe

C:\Windows\System\SaKuXQR.exe

C:\Windows\System\SaKuXQR.exe

C:\Windows\System\JPQZTEH.exe

C:\Windows\System\JPQZTEH.exe

C:\Windows\System\WqNbnoI.exe

C:\Windows\System\WqNbnoI.exe

C:\Windows\System\nImhMEv.exe

C:\Windows\System\nImhMEv.exe

C:\Windows\System\PRScOiJ.exe

C:\Windows\System\PRScOiJ.exe

C:\Windows\System\AqDpSHS.exe

C:\Windows\System\AqDpSHS.exe

C:\Windows\System\NhxynoS.exe

C:\Windows\System\NhxynoS.exe

C:\Windows\System\AdzbRpg.exe

C:\Windows\System\AdzbRpg.exe

C:\Windows\System\iXseZUi.exe

C:\Windows\System\iXseZUi.exe

C:\Windows\System\bCwuOqj.exe

C:\Windows\System\bCwuOqj.exe

C:\Windows\System\QWMsoWx.exe

C:\Windows\System\QWMsoWx.exe

C:\Windows\System\FiVaVIG.exe

C:\Windows\System\FiVaVIG.exe

C:\Windows\System\aVQeQLz.exe

C:\Windows\System\aVQeQLz.exe

C:\Windows\System\NXdEkzC.exe

C:\Windows\System\NXdEkzC.exe

C:\Windows\System\iHGMAty.exe

C:\Windows\System\iHGMAty.exe

C:\Windows\System\AHvfeHB.exe

C:\Windows\System\AHvfeHB.exe

C:\Windows\System\MjXexwF.exe

C:\Windows\System\MjXexwF.exe

C:\Windows\System\SjchIOA.exe

C:\Windows\System\SjchIOA.exe

C:\Windows\System\TVasIgj.exe

C:\Windows\System\TVasIgj.exe

C:\Windows\System\mZoAALf.exe

C:\Windows\System\mZoAALf.exe

C:\Windows\System\hxbPUra.exe

C:\Windows\System\hxbPUra.exe

C:\Windows\System\fIyjgzI.exe

C:\Windows\System\fIyjgzI.exe

C:\Windows\System\wTEUMsC.exe

C:\Windows\System\wTEUMsC.exe

C:\Windows\System\unEAZwC.exe

C:\Windows\System\unEAZwC.exe

C:\Windows\System\zPJscml.exe

C:\Windows\System\zPJscml.exe

C:\Windows\System\UTyMSjt.exe

C:\Windows\System\UTyMSjt.exe

C:\Windows\System\nuhPKuK.exe

C:\Windows\System\nuhPKuK.exe

C:\Windows\System\rnkGmQM.exe

C:\Windows\System\rnkGmQM.exe

C:\Windows\System\RiPRdjJ.exe

C:\Windows\System\RiPRdjJ.exe

C:\Windows\System\dEKXomm.exe

C:\Windows\System\dEKXomm.exe

C:\Windows\System\ItXjiwQ.exe

C:\Windows\System\ItXjiwQ.exe

C:\Windows\System\MSZeprE.exe

C:\Windows\System\MSZeprE.exe

C:\Windows\System\MsKcFrs.exe

C:\Windows\System\MsKcFrs.exe

C:\Windows\System\WrxYorI.exe

C:\Windows\System\WrxYorI.exe

C:\Windows\System\HegWWBe.exe

C:\Windows\System\HegWWBe.exe

C:\Windows\System\VlKYtYw.exe

C:\Windows\System\VlKYtYw.exe

C:\Windows\System\kDwPULr.exe

C:\Windows\System\kDwPULr.exe

C:\Windows\System\MnPRrZb.exe

C:\Windows\System\MnPRrZb.exe

C:\Windows\System\WiALvIg.exe

C:\Windows\System\WiALvIg.exe

C:\Windows\System\XxmAjOV.exe

C:\Windows\System\XxmAjOV.exe

C:\Windows\System\CXHYayC.exe

C:\Windows\System\CXHYayC.exe

C:\Windows\System\yUiVbsO.exe

C:\Windows\System\yUiVbsO.exe

C:\Windows\System\IZAYHxr.exe

C:\Windows\System\IZAYHxr.exe

C:\Windows\System\sDPKGqY.exe

C:\Windows\System\sDPKGqY.exe

C:\Windows\System\TKwhDmv.exe

C:\Windows\System\TKwhDmv.exe

C:\Windows\System\LubesZe.exe

C:\Windows\System\LubesZe.exe

C:\Windows\System\wZgNDQG.exe

C:\Windows\System\wZgNDQG.exe

C:\Windows\System\vsxQhMi.exe

C:\Windows\System\vsxQhMi.exe

C:\Windows\System\eqRYPXz.exe

C:\Windows\System\eqRYPXz.exe

C:\Windows\System\fOXSyfZ.exe

C:\Windows\System\fOXSyfZ.exe

C:\Windows\System\KjfjKvl.exe

C:\Windows\System\KjfjKvl.exe

C:\Windows\System\TWKahKk.exe

C:\Windows\System\TWKahKk.exe

C:\Windows\System\uzJaGKj.exe

C:\Windows\System\uzJaGKj.exe

C:\Windows\System\MJMkEFZ.exe

C:\Windows\System\MJMkEFZ.exe

C:\Windows\System\nRfmOAT.exe

C:\Windows\System\nRfmOAT.exe

C:\Windows\System\UHDOcMJ.exe

C:\Windows\System\UHDOcMJ.exe

C:\Windows\System\IUPLIsT.exe

C:\Windows\System\IUPLIsT.exe

C:\Windows\System\MzHehnC.exe

C:\Windows\System\MzHehnC.exe

C:\Windows\System\WTbJgCS.exe

C:\Windows\System\WTbJgCS.exe

C:\Windows\System\XzlnYDX.exe

C:\Windows\System\XzlnYDX.exe

C:\Windows\System\TYEDIag.exe

C:\Windows\System\TYEDIag.exe

C:\Windows\System\VSytWtm.exe

C:\Windows\System\VSytWtm.exe

C:\Windows\System\LDwiPdu.exe

C:\Windows\System\LDwiPdu.exe

C:\Windows\System\RbkwCoB.exe

C:\Windows\System\RbkwCoB.exe

C:\Windows\System\fhGDsXz.exe

C:\Windows\System\fhGDsXz.exe

C:\Windows\System\SFiANDj.exe

C:\Windows\System\SFiANDj.exe

C:\Windows\System\nSichHm.exe

C:\Windows\System\nSichHm.exe

C:\Windows\System\PuCJjSy.exe

C:\Windows\System\PuCJjSy.exe

C:\Windows\System\nEkkURr.exe

C:\Windows\System\nEkkURr.exe

C:\Windows\System\XfmrBro.exe

C:\Windows\System\XfmrBro.exe

C:\Windows\System\iYegTvG.exe

C:\Windows\System\iYegTvG.exe

C:\Windows\System\mDSxHKH.exe

C:\Windows\System\mDSxHKH.exe

C:\Windows\System\yCXJBmQ.exe

C:\Windows\System\yCXJBmQ.exe

C:\Windows\System\nuFHfRo.exe

C:\Windows\System\nuFHfRo.exe

C:\Windows\System\CLQIgRY.exe

C:\Windows\System\CLQIgRY.exe

C:\Windows\System\SWfxijs.exe

C:\Windows\System\SWfxijs.exe

C:\Windows\System\MyuegXj.exe

C:\Windows\System\MyuegXj.exe

C:\Windows\System\sRvyUIg.exe

C:\Windows\System\sRvyUIg.exe

C:\Windows\System\whbGQjx.exe

C:\Windows\System\whbGQjx.exe

C:\Windows\System\HTcRipA.exe

C:\Windows\System\HTcRipA.exe

C:\Windows\System\rmIalts.exe

C:\Windows\System\rmIalts.exe

C:\Windows\System\mFQaFLe.exe

C:\Windows\System\mFQaFLe.exe

C:\Windows\System\KjAdhRr.exe

C:\Windows\System\KjAdhRr.exe

C:\Windows\System\bkOHJoc.exe

C:\Windows\System\bkOHJoc.exe

C:\Windows\System\IczUAlv.exe

C:\Windows\System\IczUAlv.exe

C:\Windows\System\YAYVmhc.exe

C:\Windows\System\YAYVmhc.exe

C:\Windows\System\QXGZHKA.exe

C:\Windows\System\QXGZHKA.exe

C:\Windows\System\CbcCKST.exe

C:\Windows\System\CbcCKST.exe

C:\Windows\System\pLVevLN.exe

C:\Windows\System\pLVevLN.exe

C:\Windows\System\OunUNAH.exe

C:\Windows\System\OunUNAH.exe

C:\Windows\System\KcpDndR.exe

C:\Windows\System\KcpDndR.exe

C:\Windows\System\QVtFyTm.exe

C:\Windows\System\QVtFyTm.exe

C:\Windows\System\jbNUBmJ.exe

C:\Windows\System\jbNUBmJ.exe

C:\Windows\System\axJaecW.exe

C:\Windows\System\axJaecW.exe

C:\Windows\System\bHNztsM.exe

C:\Windows\System\bHNztsM.exe

C:\Windows\System\ilrdcjW.exe

C:\Windows\System\ilrdcjW.exe

C:\Windows\System\jYabpEW.exe

C:\Windows\System\jYabpEW.exe

C:\Windows\System\KMdfCSy.exe

C:\Windows\System\KMdfCSy.exe

C:\Windows\System\GRKmAMZ.exe

C:\Windows\System\GRKmAMZ.exe

C:\Windows\System\naMsjCh.exe

C:\Windows\System\naMsjCh.exe

C:\Windows\System\cQRYCMs.exe

C:\Windows\System\cQRYCMs.exe

C:\Windows\System\asFrHXA.exe

C:\Windows\System\asFrHXA.exe

C:\Windows\System\CpaZXff.exe

C:\Windows\System\CpaZXff.exe

C:\Windows\System\jZtJIml.exe

C:\Windows\System\jZtJIml.exe

C:\Windows\System\JGTMexT.exe

C:\Windows\System\JGTMexT.exe

C:\Windows\System\vEuJXlU.exe

C:\Windows\System\vEuJXlU.exe

C:\Windows\System\aaeZEau.exe

C:\Windows\System\aaeZEau.exe

C:\Windows\System\CJUnMnr.exe

C:\Windows\System\CJUnMnr.exe

C:\Windows\System\DpmxpGJ.exe

C:\Windows\System\DpmxpGJ.exe

C:\Windows\System\IwOUbex.exe

C:\Windows\System\IwOUbex.exe

C:\Windows\System\GJwJVIB.exe

C:\Windows\System\GJwJVIB.exe

C:\Windows\System\VQUrJsY.exe

C:\Windows\System\VQUrJsY.exe

C:\Windows\System\CaVmFSL.exe

C:\Windows\System\CaVmFSL.exe

C:\Windows\System\BcQUGpV.exe

C:\Windows\System\BcQUGpV.exe

C:\Windows\System\PEpodHi.exe

C:\Windows\System\PEpodHi.exe

C:\Windows\System\TMVZijv.exe

C:\Windows\System\TMVZijv.exe

C:\Windows\System\pKQhnmy.exe

C:\Windows\System\pKQhnmy.exe

C:\Windows\System\WOAIDdx.exe

C:\Windows\System\WOAIDdx.exe

C:\Windows\System\uNrjxDD.exe

C:\Windows\System\uNrjxDD.exe

C:\Windows\System\ilzrTyP.exe

C:\Windows\System\ilzrTyP.exe

C:\Windows\System\FIdlLWu.exe

C:\Windows\System\FIdlLWu.exe

C:\Windows\System\fHsLHTs.exe

C:\Windows\System\fHsLHTs.exe

C:\Windows\System\BaaqGvV.exe

C:\Windows\System\BaaqGvV.exe

C:\Windows\System\RqIUKch.exe

C:\Windows\System\RqIUKch.exe

C:\Windows\System\HsGlTZx.exe

C:\Windows\System\HsGlTZx.exe

C:\Windows\System\AVJvbHH.exe

C:\Windows\System\AVJvbHH.exe

C:\Windows\System\HitEznO.exe

C:\Windows\System\HitEznO.exe

C:\Windows\System\HKKtaZv.exe

C:\Windows\System\HKKtaZv.exe

C:\Windows\System\mbKUeem.exe

C:\Windows\System\mbKUeem.exe

C:\Windows\System\BhiTTCz.exe

C:\Windows\System\BhiTTCz.exe

C:\Windows\System\YDvziKz.exe

C:\Windows\System\YDvziKz.exe

C:\Windows\System\oDZJdkZ.exe

C:\Windows\System\oDZJdkZ.exe

C:\Windows\System\qFDymMX.exe

C:\Windows\System\qFDymMX.exe

C:\Windows\System\dZPutiE.exe

C:\Windows\System\dZPutiE.exe

C:\Windows\System\FzZqPsK.exe

C:\Windows\System\FzZqPsK.exe

C:\Windows\System\cppIHKU.exe

C:\Windows\System\cppIHKU.exe

C:\Windows\System\ARMQpaj.exe

C:\Windows\System\ARMQpaj.exe

C:\Windows\System\hUoVdpN.exe

C:\Windows\System\hUoVdpN.exe

C:\Windows\System\YAMLukd.exe

C:\Windows\System\YAMLukd.exe

C:\Windows\System\RJjZiPz.exe

C:\Windows\System\RJjZiPz.exe

C:\Windows\System\OkNRJLp.exe

C:\Windows\System\OkNRJLp.exe

C:\Windows\System\TNSbdxN.exe

C:\Windows\System\TNSbdxN.exe

C:\Windows\System\vNSzVFH.exe

C:\Windows\System\vNSzVFH.exe

C:\Windows\System\WHhyrHq.exe

C:\Windows\System\WHhyrHq.exe

C:\Windows\System\UscxsjE.exe

C:\Windows\System\UscxsjE.exe

C:\Windows\System\fiWQWKV.exe

C:\Windows\System\fiWQWKV.exe

C:\Windows\System\RzvBnUN.exe

C:\Windows\System\RzvBnUN.exe

C:\Windows\System\HiTueGp.exe

C:\Windows\System\HiTueGp.exe

C:\Windows\System\CQFQKNG.exe

C:\Windows\System\CQFQKNG.exe

C:\Windows\System\luiKaav.exe

C:\Windows\System\luiKaav.exe

C:\Windows\System\laredWH.exe

C:\Windows\System\laredWH.exe

C:\Windows\System\KnUCMzi.exe

C:\Windows\System\KnUCMzi.exe

C:\Windows\System\ZrgwyiH.exe

C:\Windows\System\ZrgwyiH.exe

C:\Windows\System\ZogkJyS.exe

C:\Windows\System\ZogkJyS.exe

C:\Windows\System\ZDNhyfg.exe

C:\Windows\System\ZDNhyfg.exe

C:\Windows\System\SGUZuPI.exe

C:\Windows\System\SGUZuPI.exe

C:\Windows\System\deblHAL.exe

C:\Windows\System\deblHAL.exe

C:\Windows\System\zPJLiyx.exe

C:\Windows\System\zPJLiyx.exe

C:\Windows\System\wXZSfIQ.exe

C:\Windows\System\wXZSfIQ.exe

C:\Windows\System\XEjYESP.exe

C:\Windows\System\XEjYESP.exe

C:\Windows\System\LgBfcqR.exe

C:\Windows\System\LgBfcqR.exe

C:\Windows\System\vQiWTug.exe

C:\Windows\System\vQiWTug.exe

C:\Windows\System\ttLAzbf.exe

C:\Windows\System\ttLAzbf.exe

C:\Windows\System\jvsslRu.exe

C:\Windows\System\jvsslRu.exe

C:\Windows\System\jJjURBQ.exe

C:\Windows\System\jJjURBQ.exe

C:\Windows\System\InQUcoI.exe

C:\Windows\System\InQUcoI.exe

C:\Windows\System\wGvzuAF.exe

C:\Windows\System\wGvzuAF.exe

C:\Windows\System\vmEHbyk.exe

C:\Windows\System\vmEHbyk.exe

C:\Windows\System\pAqDqhx.exe

C:\Windows\System\pAqDqhx.exe

C:\Windows\System\iENIKQO.exe

C:\Windows\System\iENIKQO.exe

C:\Windows\System\UZkxOmH.exe

C:\Windows\System\UZkxOmH.exe

C:\Windows\System\uegZSlq.exe

C:\Windows\System\uegZSlq.exe

C:\Windows\System\fmqbFRR.exe

C:\Windows\System\fmqbFRR.exe

C:\Windows\System\JeJzfmj.exe

C:\Windows\System\JeJzfmj.exe

C:\Windows\System\LXetDVg.exe

C:\Windows\System\LXetDVg.exe

C:\Windows\System\QBfBPTl.exe

C:\Windows\System\QBfBPTl.exe

C:\Windows\System\IaFTWLD.exe

C:\Windows\System\IaFTWLD.exe

C:\Windows\System\VxEOzhi.exe

C:\Windows\System\VxEOzhi.exe

C:\Windows\System\YPUCrSx.exe

C:\Windows\System\YPUCrSx.exe

C:\Windows\System\CqPEmJO.exe

C:\Windows\System\CqPEmJO.exe

C:\Windows\System\LzUuegd.exe

C:\Windows\System\LzUuegd.exe

C:\Windows\System\TQpNUcb.exe

C:\Windows\System\TQpNUcb.exe

C:\Windows\System\eXJwfLs.exe

C:\Windows\System\eXJwfLs.exe

C:\Windows\System\IBTqVCX.exe

C:\Windows\System\IBTqVCX.exe

C:\Windows\System\ozWLWGK.exe

C:\Windows\System\ozWLWGK.exe

C:\Windows\System\zzXNQgA.exe

C:\Windows\System\zzXNQgA.exe

C:\Windows\System\kxYGabu.exe

C:\Windows\System\kxYGabu.exe

C:\Windows\System\MRriovz.exe

C:\Windows\System\MRriovz.exe

C:\Windows\System\DpghMDV.exe

C:\Windows\System\DpghMDV.exe

C:\Windows\System\quhrysv.exe

C:\Windows\System\quhrysv.exe

C:\Windows\System\BQIuDmG.exe

C:\Windows\System\BQIuDmG.exe

C:\Windows\System\MXfELWD.exe

C:\Windows\System\MXfELWD.exe

C:\Windows\System\vUYuLvZ.exe

C:\Windows\System\vUYuLvZ.exe

C:\Windows\System\BtROkrM.exe

C:\Windows\System\BtROkrM.exe

C:\Windows\System\cOxUzQi.exe

C:\Windows\System\cOxUzQi.exe

C:\Windows\System\XLvWWkU.exe

C:\Windows\System\XLvWWkU.exe

C:\Windows\System\mnjWveD.exe

C:\Windows\System\mnjWveD.exe

C:\Windows\System\TtEYbZj.exe

C:\Windows\System\TtEYbZj.exe

C:\Windows\System\OwvYKxn.exe

C:\Windows\System\OwvYKxn.exe

C:\Windows\System\eFUKNKU.exe

C:\Windows\System\eFUKNKU.exe

C:\Windows\System\fbgrdzn.exe

C:\Windows\System\fbgrdzn.exe

C:\Windows\System\pljbmeY.exe

C:\Windows\System\pljbmeY.exe

C:\Windows\System\pvBQhma.exe

C:\Windows\System\pvBQhma.exe

C:\Windows\System\mcuUeUz.exe

C:\Windows\System\mcuUeUz.exe

C:\Windows\System\zHYuYuj.exe

C:\Windows\System\zHYuYuj.exe

C:\Windows\System\VqBtYsF.exe

C:\Windows\System\VqBtYsF.exe

C:\Windows\System\oxwddkr.exe

C:\Windows\System\oxwddkr.exe

C:\Windows\System\ANrEdnT.exe

C:\Windows\System\ANrEdnT.exe

C:\Windows\System\SxLBbSg.exe

C:\Windows\System\SxLBbSg.exe

C:\Windows\System\tDbiGGA.exe

C:\Windows\System\tDbiGGA.exe

C:\Windows\System\PkGrsXW.exe

C:\Windows\System\PkGrsXW.exe

C:\Windows\System\YcaarFn.exe

C:\Windows\System\YcaarFn.exe

C:\Windows\System\sCCGShM.exe

C:\Windows\System\sCCGShM.exe

C:\Windows\System\yUdhMSB.exe

C:\Windows\System\yUdhMSB.exe

C:\Windows\System\dwvvXee.exe

C:\Windows\System\dwvvXee.exe

C:\Windows\System\llJUgHn.exe

C:\Windows\System\llJUgHn.exe

C:\Windows\System\jWaixis.exe

C:\Windows\System\jWaixis.exe

C:\Windows\System\aJnDUau.exe

C:\Windows\System\aJnDUau.exe

C:\Windows\System\HbqtPpV.exe

C:\Windows\System\HbqtPpV.exe

C:\Windows\System\aTZMWsK.exe

C:\Windows\System\aTZMWsK.exe

C:\Windows\System\GaRtSGo.exe

C:\Windows\System\GaRtSGo.exe

C:\Windows\System\XzmGnai.exe

C:\Windows\System\XzmGnai.exe

C:\Windows\System\XbbateM.exe

C:\Windows\System\XbbateM.exe

C:\Windows\System\NtHAiRy.exe

C:\Windows\System\NtHAiRy.exe

C:\Windows\System\UniCrpV.exe

C:\Windows\System\UniCrpV.exe

C:\Windows\System\mYbJMPQ.exe

C:\Windows\System\mYbJMPQ.exe

C:\Windows\System\TSClzYg.exe

C:\Windows\System\TSClzYg.exe

C:\Windows\System\UPmhShI.exe

C:\Windows\System\UPmhShI.exe

C:\Windows\System\KvxJrVD.exe

C:\Windows\System\KvxJrVD.exe

C:\Windows\System\lbbaXUa.exe

C:\Windows\System\lbbaXUa.exe

C:\Windows\System\TPWBJal.exe

C:\Windows\System\TPWBJal.exe

C:\Windows\System\WFYgohh.exe

C:\Windows\System\WFYgohh.exe

C:\Windows\System\DqDCuCK.exe

C:\Windows\System\DqDCuCK.exe

C:\Windows\System\mDmklAI.exe

C:\Windows\System\mDmklAI.exe

C:\Windows\System\dUHPyei.exe

C:\Windows\System\dUHPyei.exe

C:\Windows\System\wCWWchd.exe

C:\Windows\System\wCWWchd.exe

C:\Windows\System\yYtnrIv.exe

C:\Windows\System\yYtnrIv.exe

C:\Windows\System\RWMdtdA.exe

C:\Windows\System\RWMdtdA.exe

C:\Windows\System\JUzBpnY.exe

C:\Windows\System\JUzBpnY.exe

C:\Windows\System\ivcJCJt.exe

C:\Windows\System\ivcJCJt.exe

C:\Windows\System\fwfxHQo.exe

C:\Windows\System\fwfxHQo.exe

C:\Windows\System\jRWRzFT.exe

C:\Windows\System\jRWRzFT.exe

C:\Windows\System\MSQLioj.exe

C:\Windows\System\MSQLioj.exe

C:\Windows\System\mzPfTJO.exe

C:\Windows\System\mzPfTJO.exe

C:\Windows\System\lFcNHRq.exe

C:\Windows\System\lFcNHRq.exe

C:\Windows\System\DfTWams.exe

C:\Windows\System\DfTWams.exe

C:\Windows\System\IRJxJwF.exe

C:\Windows\System\IRJxJwF.exe

C:\Windows\System\dxAkkqO.exe

C:\Windows\System\dxAkkqO.exe

C:\Windows\System\xZphYmu.exe

C:\Windows\System\xZphYmu.exe

C:\Windows\System\puhDYWE.exe

C:\Windows\System\puhDYWE.exe

C:\Windows\System\aOADMKL.exe

C:\Windows\System\aOADMKL.exe

C:\Windows\System\FXAYJni.exe

C:\Windows\System\FXAYJni.exe

C:\Windows\System\WvrQWMT.exe

C:\Windows\System\WvrQWMT.exe

C:\Windows\System\YgehuMC.exe

C:\Windows\System\YgehuMC.exe

C:\Windows\System\gpOUHbX.exe

C:\Windows\System\gpOUHbX.exe

C:\Windows\System\xEuaeeZ.exe

C:\Windows\System\xEuaeeZ.exe

C:\Windows\System\WgYfvZZ.exe

C:\Windows\System\WgYfvZZ.exe

C:\Windows\System\zgnRhQC.exe

C:\Windows\System\zgnRhQC.exe

C:\Windows\System\AJwPjWo.exe

C:\Windows\System\AJwPjWo.exe

C:\Windows\System\XfPmEsV.exe

C:\Windows\System\XfPmEsV.exe

C:\Windows\System\oWPtRII.exe

C:\Windows\System\oWPtRII.exe

C:\Windows\System\EhFPTGN.exe

C:\Windows\System\EhFPTGN.exe

C:\Windows\System\EUDOtQd.exe

C:\Windows\System\EUDOtQd.exe

C:\Windows\System\rCxicZT.exe

C:\Windows\System\rCxicZT.exe

C:\Windows\System\wgDTcUn.exe

C:\Windows\System\wgDTcUn.exe

C:\Windows\System\qSoNuNz.exe

C:\Windows\System\qSoNuNz.exe

C:\Windows\System\KbnvqLB.exe

C:\Windows\System\KbnvqLB.exe

C:\Windows\System\oRocxKH.exe

C:\Windows\System\oRocxKH.exe

C:\Windows\System\AkJFVou.exe

C:\Windows\System\AkJFVou.exe

C:\Windows\System\TRZitDf.exe

C:\Windows\System\TRZitDf.exe

C:\Windows\System\bAArJJb.exe

C:\Windows\System\bAArJJb.exe

C:\Windows\System\mnytinG.exe

C:\Windows\System\mnytinG.exe

C:\Windows\System\elMUVaN.exe

C:\Windows\System\elMUVaN.exe

C:\Windows\System\KnidWCA.exe

C:\Windows\System\KnidWCA.exe

C:\Windows\System\hNWPqtB.exe

C:\Windows\System\hNWPqtB.exe

C:\Windows\System\Tszxvxh.exe

C:\Windows\System\Tszxvxh.exe

C:\Windows\System\CQZuQko.exe

C:\Windows\System\CQZuQko.exe

C:\Windows\System\eclazqx.exe

C:\Windows\System\eclazqx.exe

C:\Windows\System\BNRINwO.exe

C:\Windows\System\BNRINwO.exe

C:\Windows\System\okqQqvg.exe

C:\Windows\System\okqQqvg.exe

C:\Windows\System\GHiNXfT.exe

C:\Windows\System\GHiNXfT.exe

C:\Windows\System\FtsLSre.exe

C:\Windows\System\FtsLSre.exe

C:\Windows\System\BFgfhaM.exe

C:\Windows\System\BFgfhaM.exe

C:\Windows\System\MymgCrK.exe

C:\Windows\System\MymgCrK.exe

C:\Windows\System\XuxGDeH.exe

C:\Windows\System\XuxGDeH.exe

C:\Windows\System\zXvbWGi.exe

C:\Windows\System\zXvbWGi.exe

C:\Windows\System\nmMSCVB.exe

C:\Windows\System\nmMSCVB.exe

C:\Windows\System\mTEGiyQ.exe

C:\Windows\System\mTEGiyQ.exe

C:\Windows\System\HYmCpyl.exe

C:\Windows\System\HYmCpyl.exe

C:\Windows\System\ramRdBc.exe

C:\Windows\System\ramRdBc.exe

C:\Windows\System\NMpPGBr.exe

C:\Windows\System\NMpPGBr.exe

C:\Windows\System\PCcVvmu.exe

C:\Windows\System\PCcVvmu.exe

C:\Windows\System\ZHzBeDg.exe

C:\Windows\System\ZHzBeDg.exe

C:\Windows\System\rvbLbXH.exe

C:\Windows\System\rvbLbXH.exe

C:\Windows\System\xbYbMyF.exe

C:\Windows\System\xbYbMyF.exe

C:\Windows\System\VQRjSct.exe

C:\Windows\System\VQRjSct.exe

C:\Windows\System\HazGpJd.exe

C:\Windows\System\HazGpJd.exe

C:\Windows\System\dVGonZc.exe

C:\Windows\System\dVGonZc.exe

C:\Windows\System\ydfbUAx.exe

C:\Windows\System\ydfbUAx.exe

C:\Windows\System\DFfYNuK.exe

C:\Windows\System\DFfYNuK.exe

C:\Windows\System\FbChWtA.exe

C:\Windows\System\FbChWtA.exe

C:\Windows\System\RDBAYjQ.exe

C:\Windows\System\RDBAYjQ.exe

C:\Windows\System\klHNvWM.exe

C:\Windows\System\klHNvWM.exe

C:\Windows\System\sypuLCM.exe

C:\Windows\System\sypuLCM.exe

C:\Windows\System\zmfnvzh.exe

C:\Windows\System\zmfnvzh.exe

C:\Windows\System\yAHTvap.exe

C:\Windows\System\yAHTvap.exe

C:\Windows\System\nGkSTGQ.exe

C:\Windows\System\nGkSTGQ.exe

C:\Windows\System\DfaPLFT.exe

C:\Windows\System\DfaPLFT.exe

C:\Windows\System\zsRSBiy.exe

C:\Windows\System\zsRSBiy.exe

C:\Windows\System\HrRMGLk.exe

C:\Windows\System\HrRMGLk.exe

C:\Windows\System\QFRyTvk.exe

C:\Windows\System\QFRyTvk.exe

C:\Windows\System\CLyPoxo.exe

C:\Windows\System\CLyPoxo.exe

C:\Windows\System\vHqkaYv.exe

C:\Windows\System\vHqkaYv.exe

C:\Windows\System\VsmFxZg.exe

C:\Windows\System\VsmFxZg.exe

C:\Windows\System\UokKbAO.exe

C:\Windows\System\UokKbAO.exe

C:\Windows\System\DcnJTcq.exe

C:\Windows\System\DcnJTcq.exe

C:\Windows\System\pfrktkE.exe

C:\Windows\System\pfrktkE.exe

C:\Windows\System\SPcZUDz.exe

C:\Windows\System\SPcZUDz.exe

C:\Windows\System\iNGyLEU.exe

C:\Windows\System\iNGyLEU.exe

C:\Windows\System\mmhtete.exe

C:\Windows\System\mmhtete.exe

C:\Windows\System\WMcRHMa.exe

C:\Windows\System\WMcRHMa.exe

C:\Windows\System\emwkCDU.exe

C:\Windows\System\emwkCDU.exe

C:\Windows\System\gGTpkCV.exe

C:\Windows\System\gGTpkCV.exe

C:\Windows\System\RVFmomB.exe

C:\Windows\System\RVFmomB.exe

C:\Windows\System\TGkFNMZ.exe

C:\Windows\System\TGkFNMZ.exe

C:\Windows\System\liEpkTl.exe

C:\Windows\System\liEpkTl.exe

C:\Windows\System\IIqkvIU.exe

C:\Windows\System\IIqkvIU.exe

C:\Windows\System\MfGLlGw.exe

C:\Windows\System\MfGLlGw.exe

C:\Windows\System\zwYajzk.exe

C:\Windows\System\zwYajzk.exe

C:\Windows\System\JSPbzFj.exe

C:\Windows\System\JSPbzFj.exe

Network

N/A

Files

memory/2872-0-0x000000013F050000-0x000000013F3A4000-memory.dmp

memory/2872-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\wpHSmgz.exe

MD5 40bc80176114eddfb340b08e30172b0a
SHA1 686177e4c764e7777bc3b5be528066618fb86e88
SHA256 5e9d4a7d11d3b438a721160548b079c1a682214110f65658b6154653d78a245b
SHA512 e1e27d54710501114b4946d362c27e292ac092bc59267a85b57a1cd2d4dc1241b18087ed5474d1d1361d2aed3202919e60c62714562de892d4a790f9bae9ef32

C:\Windows\system\jzYfivw.exe

MD5 49620bb782b8cde76d1daa33c6db88e1
SHA1 4c65ebc1e8a537240322091f11beb98f0bb175e1
SHA256 e9fe90eaeef3365f2a6be5ce46eb3ddca2cbb27ca9fda621f8aa88a40715da5a
SHA512 eb364f9c3e303d89894920582df8cf813b4a314fdd95ada0c7579a482d9c2d8fe805b504ef9a6d0ceb925e2ccb3cb025f1f7191f8355795f054226114e78831e

\Windows\system\YugXXah.exe

MD5 f7084c363e2c516c41987317a38d8746
SHA1 457eef7ce3b13e2838e3fd3a973f3ea84e0b1f85
SHA256 06defe5cd536870f66e3ee84f64d83b845460582cc17fac665f19f159e953623
SHA512 583cad567c7e92ead42c3563f5552c3e3ef7dca7440bee8b2abe88a1fba0de7cbf95725d635ced9665e112af74b5c49791a248e468a0a97d77fd09b8ec3f80a0

\Windows\system\pbloxoI.exe

MD5 77fd28dc45ff0d7902724ea05404083a
SHA1 624d6eaa89164bebd696bbc751c7491d5e7f1308
SHA256 974675d0babc51d808b869251d87a4ca4e81e4c0f1176908e9793953df294868
SHA512 179a8e5fd8daa621e6ee8ea4215bd9aadd124a0e6542c628f7c06b339bf5d869e07d2ec7f7d4ac699ed15bc8410f75ff1e182129ad852dcf571af9905dffd94f

memory/3016-50-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2696-54-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/1028-56-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2504-55-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2256-27-0x000000013FAE0000-0x000000013FE34000-memory.dmp

memory/2680-52-0x000000013F220000-0x000000013F574000-memory.dmp

C:\Windows\system\UDClUXo.exe

MD5 96acc03d522ed7a4865013ec4eb6175a
SHA1 8fed1b212fdabd113909fcddc5461c2c282b7c9d
SHA256 d9e0d68322d4e75a91dc874a0e7c34566f588f6641d71091f7b4e86c1c54b8a8
SHA512 b145f1da805d02380c0793b309e28fa482f890f03bcc460f23c311333a042740649ea19326ea414f65c9106858b4ab16fdac9787d27feb8cfd98a3e90990f76e

C:\Windows\system\dixlVfK.exe

MD5 1176f468cf8b26b195b80254e5550181
SHA1 4109af847ee37d1a867ce483dd3ea9fb494c7f3d
SHA256 5fbe274fc01bf5c967e5533c1a124196ce1122e1849fa9381d71a9cd0ffac996
SHA512 af52d784e1a81a5a1147c2dfdbb986f7da0b43ddede9467a94c4d4191beaebbbab82c0ed98ccdac13eea2caaab315f0527b3cefd0634b4ba5ba81645c8a7e976

memory/2872-46-0x0000000002180000-0x00000000024D4000-memory.dmp

memory/2872-44-0x0000000002180000-0x00000000024D4000-memory.dmp

memory/2872-43-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2872-42-0x000000013FAE0000-0x000000013FE34000-memory.dmp

C:\Windows\system\fkxaliG.exe

MD5 78c67f12f3da64bedb30664d976f0aea
SHA1 425003e7daf9ee22668bab6ab47a8463cefa6941
SHA256 2d6f547788f6d673ef652773c59693e81bb9cee8b3ce5d543e025f6065bb8dcd
SHA512 bda789334f20a16248f66fe4a342ee6f763c4fdbc7151a149e386b2c5df0b430c820d89350c0380c8f9773da7f27a78c4a422b99e7e44f4846ee2f73f8e860c2

memory/2604-31-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2408-63-0x000000013FE70000-0x00000001401C4000-memory.dmp

memory/2872-62-0x000000013FE70000-0x00000001401C4000-memory.dmp

C:\Windows\system\ZvBlMzx.exe

MD5 e98be158ad6456629d874ba79f315afc
SHA1 702dd444a23195d4862c0cb3438a0a9dcc94d38c
SHA256 03fd60a521a6443a2fcc1145ef2c1f57d7036cf41df6c5f618c79e8a74ad33b6
SHA512 7ba70b406af2a95c36bd8d2df4ab259ae1efe5adadc2ed667cebfaf6b60d9cb1c4c054abcb0914f5c739b1d23de9d1b9346a220e237fac9ae8bf0f4021c7b9a3

memory/2872-69-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/1588-70-0x000000013F8E0000-0x000000013FC34000-memory.dmp

C:\Windows\system\YoGilKz.exe

MD5 6cab31255b4a29057ebace4ea809198b
SHA1 54e2c51d4a934f722b253557374d389ba4ab4761
SHA256 dd31bd56d4deca654acdf7826ef429a89669596bc2e4d43618dd5d06987b4378
SHA512 3d4545e1dfca75fa880f0bbd0db4b503c66c57596fd76fba7418beb00d175db9d2ece98f3783257febd27720914ce5da12781d80d7d5630d1db82c17781a8286

memory/2872-23-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2796-20-0x000000013F410000-0x000000013F764000-memory.dmp

C:\Windows\system\VPMTbsg.exe

MD5 1a0492c24c472fd25e1b7b560162040d
SHA1 5c51fda910e4f378bb4f59c1c50389aeb978cd64
SHA256 489e4d7e514646a81c048907e49f4100e1983c266e16691d31e123db9d634c47
SHA512 694066e970bf7402a5c1fd449ad19ae8b14ff66ce0d9020fe18514a3b673243d403e6805b2e52d05214e40a65f6b535475721ca7d6802b7b24eedc937f1c3b97

memory/2872-7-0x000000013F410000-0x000000013F764000-memory.dmp

C:\Windows\system\OMOgkjA.exe

MD5 c3a8c7cee67369dbc05c21a1b847d7ed
SHA1 1c3b764603db1d3add95eb7d2cf418a7f457c1a5
SHA256 7405683bf0902b228bc7b6809d718ac8787fe84944a73ae208d422822ba9a139
SHA512 62943cd9683be01b9897526ec7585fdab84e441713d1e6b1f443f91c603d63e7159cf9b93a822b6a2ee7a0de4120db4b40612c5fbb7b405cc1b5d8a1bef8e4fa

C:\Windows\system\AYdPqql.exe

MD5 c2ab6d499deda461be9a2ab368a90295
SHA1 bb530887f81bba37bb7259295704805481b92328
SHA256 2e918537f74b8965ef4bbbc165fc3a2106f3dbdddd8fa50bbdbfe92defd9d7a8
SHA512 07ed4bdce2b0b3cbb119de0d6b56e31124c11407eab4b848b8e9218476900ad3a7b86471c9426f7b93f4b8a4a1115f640ff381c4ab93e6099a5c9f64e085d9d3

memory/2872-81-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2872-79-0x000000013F050000-0x000000013F3A4000-memory.dmp

memory/2668-94-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/2872-103-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2760-102-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2764-104-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2872-101-0x000000013F4B0000-0x000000013F804000-memory.dmp

C:\Windows\system\rEBdsVh.exe

MD5 5932127f9894c14df19a55d9478d55b2
SHA1 a1d45f663dc74aa80cf96cecbba1cd485c778b9f
SHA256 894de2e4a577484e59e7a94649cff462264477281d041d214fcc9312922e8890
SHA512 caba3f6e8e99d28db68dcf951275563a9d290d087de9d93621eb576658942e8f14d1e4a7649885c9c21e1364cbbaf991c1589474d85abf4ff6d5d8dfcff281f6

C:\Windows\system\fkQLtka.exe

MD5 c6aa064d22556f585cf1fcc2cb44414e
SHA1 4459d13b756f7339a477097d278c0a84832f8d6f
SHA256 3266a014a71bc17ea740d9ca1eee12d7609f2f6d1094c08cb31a9170974acf53
SHA512 7582c32e6748eb587c8198d78a0a8c4a2c7a35e358f3ecf71eda246cbb5ac5282650fc359340851d821c58bf8ea54f227b9130795380dfac517b4ffe0f2d196c

memory/2872-115-0x000000013F410000-0x000000013F764000-memory.dmp

C:\Windows\system\xjRBkgz.exe

MD5 3620a409b9718fac4b044e3d3ea6d56f
SHA1 ffde7139bdf63d267243895e9878e094c970d9e5
SHA256 3740a97794f2322fb0c03808e6bf7477338a382d8f1cff112f9d6cc987fd2cba
SHA512 0d9e076ccb67a186c97582d325645c14771aedd88d616bf1e84883ab997bb421392ec43f95ef11170c1cfb94196905eebd37544b5f82226b4baaf0f7ac1f93c6

memory/2716-97-0x000000013F500000-0x000000013F854000-memory.dmp

C:\Windows\system\AUaEVnG.exe

MD5 92701d92905364d037fb91b2fd9f6a35
SHA1 2db0e4368996783896ef781bf48ca807d3603988
SHA256 1e7c55d4d6291117d8a7c761e1f185c5236f3ad6f60619aabefda3b2d3e6b2ce
SHA512 102f4087783bacd065ef88fe304d995318ac488dba39d9b16e2e558affaa2d5d8b0196e9f14c5944eeb309b59e51700227fba8c4db027680716b223d7f3fcf87

C:\Windows\system\wibDZkS.exe

MD5 c2df2de14797e45e1d943c742c4f362c
SHA1 5078b83b6909b96e4ffb545e12aa70d55d285ca0
SHA256 38aaefa0f088653b57bfda662fade8959344509cdf41c153c8158ea1e803b517
SHA512 ee714c3708aaba67107d37c65442e7afc30f0778da7ff65a08197c1676a89f1ce7151dce6cc398c4d0653316b377e5d8d3225c3ad49e65ff9215e29564c679cb

memory/2872-346-0x000000013F610000-0x000000013F964000-memory.dmp

C:\Windows\system\LuQNfnX.exe

MD5 621af0ffe863cc1f98ecbde71f80b462
SHA1 0398376f2c46b1f504075f8b5577ee94a83b2043
SHA256 56185b6790c4ba3aa40c6ca735cf4c2df1b40a0782e6d945b5369f2b3c0b5cb0
SHA512 687a31bc0628575c73c1a6e060e100d4d768cb21fbce4c1e273040198cc034264fd91e885181ded1d4de6c8b3253fb8b888c0e6d33305ea1e90a532887e74f51

C:\Windows\system\afjTjYw.exe

MD5 321fd0dc2d8f2a4208817152ef47481f
SHA1 546b640264eca3e186af7df38055bba8966feecb
SHA256 5866fe6c32d4e2b2657e4676c0616660e42f93f18d4e6e20659e57f620addc11
SHA512 833558b02ed947912ba0a1abec7807cdfa68f53303ad6f3c7b9698c56bdefc9afdee720c1e71f57d259c713d08ec993c9f59f942ea373914654e9d3bd5ff69eb

C:\Windows\system\dIZDDki.exe

MD5 a329cd2fb100d98791586348643cf7fb
SHA1 98b53f3411d8574afef9d27e528efdd73f044ce3
SHA256 016924ee941f339913d6bfb063a726f51a863f172a70a49c3135722812f98211
SHA512 2b6b2484b7a21d7c4f74fa5d4649055ef1cf56f885e593af51ce7573d5d901867305e5d781f09d2d34a676d46451958944b5fd4eed9eee7d859f891a1d47289f

C:\Windows\system\ppGoLYg.exe

MD5 f9fa08782cb22e2bd14376d16d6ee266
SHA1 c4a8156364c68d80d0a0aa37da24c169609b3250
SHA256 af4816433c079b444827a8e50f3960e83336787d1145ca3665490c11dd64e62d
SHA512 cc2f273e4f2f7d37c766c268495d2b48957f76c4ae132d5a44d0be861b836f3f76f7d7611097d0392daf2fdfcc589a776b110de539e378990c4db82c10df3c40

C:\Windows\system\zhHPYZu.exe

MD5 3ef84cb2396dc6b6515fb20b432a6b79
SHA1 213ab1fe4a59a06d5d665512c2eef4cbdc556046
SHA256 a956c074ab7fc94668a4a7e9fa0648b80ef3f8d771406a816396b0437a28c592
SHA512 6eeefa959ac42f6645c4d14852eb3d7345fa85b3c941298535a43324f0a1c2391de14db2af176403ef74f9f65becf590e161ef32ebc85b6ad61b32ea2a9e3b33

C:\Windows\system\eHpXVCT.exe

MD5 527f63feeeb692eb254fa710ff64692e
SHA1 c6d01054a639d46e2a602ea5dcf1ca2a668ec1c2
SHA256 1f767122f971425807f0174e079e029e9b8cba3f766486c64f41eef5c3ce19f2
SHA512 7d6cf23b617d1be8a35e9b0b9755dc8137df2824ed33a7073a57459e900de5181ae7e119130d64f9fa6a0d8f4858b88b5160bbfb087de3ede28929645cc85f8a

C:\Windows\system\vahCjdX.exe

MD5 4cc13e0e270b84be6389f8df9de55910
SHA1 2d1478ca094e241d46777a9d65309bc8d54c8d78
SHA256 f747d211e2afc4c223a970009343baf590ceec573ff009fa5ebcaa35cc436589
SHA512 ee4fd8fd5b6147c0926d7c5b4a74dfaa2d799744673cc923d7ba3259932e63c74139e45ea136a3e02e676e9cedb46853f58717022564ebe426d91af56ea7f2a5

C:\Windows\system\PFHdWvd.exe

MD5 0d7bfbeb85c66c94955cf5675e5d9ed6
SHA1 1a6e449e0a6b208466ce32b7b46870bfdedc7806
SHA256 06262615fa44f552495a6a8eb30d1687993b23e0d263835024aeb6b04ca7ee85
SHA512 4b10edb0d82c068b73ce577a189a066e9202b93ee37142f85d5d58f70d62b02f773df33014008b87d198e1016b9a864ff40bf0196812c727c2aae2798ea0ab60

C:\Windows\system\WtfbCCP.exe

MD5 a32a958f426fd77886521581874d9c88
SHA1 f909551b9862fcead1ee48926da75ceb7f910d31
SHA256 50400bf9f9de241dadacd30ecb827b40ec2d92a746faa4ba9504714ad531d093
SHA512 b1942b68ec6ca6c3fc19c24c1067ab1e76c21e62492866334da20c140154ca298b003e5d4d8b5c092da66b4a8b790b18c60c31d281f90106d50651715d73bf15

C:\Windows\system\RAWrOjA.exe

MD5 ac1d7291d74ae983dc66325825b96926
SHA1 708a3cbbb0be2b881e9795c63f081c2e2cbca469
SHA256 08e448059a8c32ba17eea4da7ae7771df64869f4356dd448ca61e5f43bb8a7d0
SHA512 ee885edc5141b7f39fd87eb44f5c792344a015563a007298704f52a1eba075742b273cdb74c6a5af1c020707f7c10378031337de61b501411475a982d689bc83

C:\Windows\system\GUWkbxZ.exe

MD5 5f36490a99ecf8de96e858dca57061a5
SHA1 0b7e1d08d09901e69b11ad0a74be52e22e513305
SHA256 847a38f8fe1f0384f30fe44af5038457b36037bf7393fd8d739f405032ea1497
SHA512 c17a1b468855b980add565f085ed6cd1bc8f6fb0a1c07d01f2e5930e2afccf9a11e2021b0182d11f69010d286da7ddd47430ec83c90734119e5e1aadb82807a8

C:\Windows\system\DuEdABn.exe

MD5 96360d9b8592f2198ccf7eb6346e21f2
SHA1 48e20104c0ebbeddfdb983483fc0aee572e4ebd6
SHA256 d6305209b1604d9b4c4dc28d72915ab4da1e1f006ead1953e31acdf353c6b5e2
SHA512 7c100abc93bd319d4a223c09b07be7882483efc189a0070f54ef54548adf78954fc7fc0715c203af9c5969f01e777710a61249888bf1cbedec9c5a4e34d4583c

C:\Windows\system\mSVPbdS.exe

MD5 f234df070bb996381cc3f3bdc375c4d0
SHA1 e459210ccd06e89ba6251e000a81650f402e4917
SHA256 0802f2bec465fd1f9666641dd01e76fd864dd18ed8878093ac52a3be1ed300b4
SHA512 78a095d92127546ddd2d8af7a3ebfc723f89a95e7323fc95de5092c2b95d138c48ee2fbd1895efa3a3229a768197aabef16350cf04d6dda30d7de4fb3aabcf8b

\Windows\system\YehlDmE.exe

MD5 ed16dae28072c17feb3af3211d7f165b
SHA1 f4b5aeecc0a27013822a1fa8e52574b06cfa87db
SHA256 4c2cac18887cb68ee5fbee15ed4236f13037f633b2af88bea3c4e57d5906a392
SHA512 be05ea42bef12b3683a0b6fa1eb5447a9a325f14a439ae5bae41e2b3debd9c5c3964cf1badf9403d81f2a86bbd9e69a329f05cac5b56f3f3648b21c7b43fafec

C:\Windows\system\ydHYnAH.exe

MD5 58574ff1de29d149a63dd8c5ba01ea96
SHA1 8eb6c1b71ff1f245e639f55dcbb735603832f1f9
SHA256 3023c37930c7f1bb3736bf84eb3a7f14880289bfb1acf406eb4065932bab6818
SHA512 8e63d29266caa392b95b6106b8b820720cfe3c7d1a318cda1a2c62cb027411442ed2535631918bf8aaba6799b2fea2120d8c8aed9387e7a499824ab3a1bda20a

memory/2796-86-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2872-2411-0x000000013FE70000-0x00000001401C4000-memory.dmp

memory/2872-3331-0x000000013F4B0000-0x000000013F804000-memory.dmp

memory/2872-3770-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2872-3766-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2796-4008-0x000000013F410000-0x000000013F764000-memory.dmp

memory/2604-4009-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2256-4010-0x000000013FAE0000-0x000000013FE34000-memory.dmp

memory/3016-4011-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2680-4012-0x000000013F220000-0x000000013F574000-memory.dmp

memory/2504-4013-0x000000013F090000-0x000000013F3E4000-memory.dmp

memory/2696-4014-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/1028-4015-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2408-4016-0x000000013FE70000-0x00000001401C4000-memory.dmp

memory/1588-4017-0x000000013F8E0000-0x000000013FC34000-memory.dmp

memory/2668-4018-0x000000013F450000-0x000000013F7A4000-memory.dmp

memory/2716-4019-0x000000013F500000-0x000000013F854000-memory.dmp

memory/2764-4020-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/2760-4021-0x000000013F4B0000-0x000000013F804000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 08:19

Reported

2024-05-18 08:21

Platform

win10v2004-20240426-en

Max time kernel

132s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wpHSmgz.exe N/A
N/A N/A C:\Windows\System\VPMTbsg.exe N/A
N/A N/A C:\Windows\System\YugXXah.exe N/A
N/A N/A C:\Windows\System\dixlVfK.exe N/A
N/A N/A C:\Windows\System\jzYfivw.exe N/A
N/A N/A C:\Windows\System\fkxaliG.exe N/A
N/A N/A C:\Windows\System\UDClUXo.exe N/A
N/A N/A C:\Windows\System\pbloxoI.exe N/A
N/A N/A C:\Windows\System\YoGilKz.exe N/A
N/A N/A C:\Windows\System\ZvBlMzx.exe N/A
N/A N/A C:\Windows\System\OMOgkjA.exe N/A
N/A N/A C:\Windows\System\AYdPqql.exe N/A
N/A N/A C:\Windows\System\ydHYnAH.exe N/A
N/A N/A C:\Windows\System\YehlDmE.exe N/A
N/A N/A C:\Windows\System\rEBdsVh.exe N/A
N/A N/A C:\Windows\System\fkQLtka.exe N/A
N/A N/A C:\Windows\System\xjRBkgz.exe N/A
N/A N/A C:\Windows\System\mSVPbdS.exe N/A
N/A N/A C:\Windows\System\DuEdABn.exe N/A
N/A N/A C:\Windows\System\GUWkbxZ.exe N/A
N/A N/A C:\Windows\System\RAWrOjA.exe N/A
N/A N/A C:\Windows\System\WtfbCCP.exe N/A
N/A N/A C:\Windows\System\PFHdWvd.exe N/A
N/A N/A C:\Windows\System\vahCjdX.exe N/A
N/A N/A C:\Windows\System\zhHPYZu.exe N/A
N/A N/A C:\Windows\System\eHpXVCT.exe N/A
N/A N/A C:\Windows\System\ppGoLYg.exe N/A
N/A N/A C:\Windows\System\dIZDDki.exe N/A
N/A N/A C:\Windows\System\AUaEVnG.exe N/A
N/A N/A C:\Windows\System\afjTjYw.exe N/A
N/A N/A C:\Windows\System\LuQNfnX.exe N/A
N/A N/A C:\Windows\System\wibDZkS.exe N/A
N/A N/A C:\Windows\System\TKFrTxu.exe N/A
N/A N/A C:\Windows\System\HIUpqcK.exe N/A
N/A N/A C:\Windows\System\DKCoYpS.exe N/A
N/A N/A C:\Windows\System\YhZOZuE.exe N/A
N/A N/A C:\Windows\System\GMluauy.exe N/A
N/A N/A C:\Windows\System\kZuGjxR.exe N/A
N/A N/A C:\Windows\System\urXSQLX.exe N/A
N/A N/A C:\Windows\System\BCTBDPT.exe N/A
N/A N/A C:\Windows\System\XJpnACW.exe N/A
N/A N/A C:\Windows\System\MaOdtVh.exe N/A
N/A N/A C:\Windows\System\KfLqXAF.exe N/A
N/A N/A C:\Windows\System\IrFsikM.exe N/A
N/A N/A C:\Windows\System\IdOAPVs.exe N/A
N/A N/A C:\Windows\System\OUJTlqt.exe N/A
N/A N/A C:\Windows\System\SjKwERO.exe N/A
N/A N/A C:\Windows\System\AiBavbR.exe N/A
N/A N/A C:\Windows\System\MZVEabS.exe N/A
N/A N/A C:\Windows\System\AzWfkBD.exe N/A
N/A N/A C:\Windows\System\MIYdbJs.exe N/A
N/A N/A C:\Windows\System\sQjYEKz.exe N/A
N/A N/A C:\Windows\System\knFmGXB.exe N/A
N/A N/A C:\Windows\System\IULctRj.exe N/A
N/A N/A C:\Windows\System\wQdEBsv.exe N/A
N/A N/A C:\Windows\System\LJDCLpp.exe N/A
N/A N/A C:\Windows\System\yeVvYEm.exe N/A
N/A N/A C:\Windows\System\DCfHcPi.exe N/A
N/A N/A C:\Windows\System\mboSoIp.exe N/A
N/A N/A C:\Windows\System\nkYvhSa.exe N/A
N/A N/A C:\Windows\System\UpmbWUJ.exe N/A
N/A N/A C:\Windows\System\UjsONaI.exe N/A
N/A N/A C:\Windows\System\gvGJDAu.exe N/A
N/A N/A C:\Windows\System\UauAWTm.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\owGBwhI.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\QqKKKdl.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\SkdLWZS.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\kfOoxOo.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\lDBvZBG.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\PnRwFtO.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\LsyfGBn.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GELFNgO.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\KEpkfZE.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\HgkHVQm.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\PdBppCV.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\uWAgivy.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\oPEmIMK.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\SRmMkrr.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWCqvpR.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNEHRps.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWwzMzc.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\eSHKgtF.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GDPLOCM.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\JEhBGKd.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NAkPDDD.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\rLYUDza.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxCtrCv.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\UpmbWUJ.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\yeVvYEm.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\FaHVAhO.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqWdmfW.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrBtTqW.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dJnGgrX.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\zKXRQli.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQdEBsv.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\HutyOAt.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\iypkrQW.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\SQElGpy.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\FdlGhNF.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\jmBzVex.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\TaoOpLC.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRqybtn.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\isEbuZo.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ppGoLYg.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\rQOJrKe.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\IULctRj.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\jLgnXOs.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdpRILy.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktzyitS.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDPTJhr.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\srPYBxq.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\aBVeIiA.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\qQlzvDU.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\NjIKUGF.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\XcRBRFL.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDPdTEk.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dWrIWKD.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\lpQqgAi.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\eSpESlJ.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\YehlDmE.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\cFRlGnI.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\DLTmVUp.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ALXHdrL.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\ExBfZTR.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\qEmgBlm.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\dFKEmrU.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\AgErlsT.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A
File created C:\Windows\System\CcbYYtM.exe C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\WerFaultSecure.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\WerFaultSecure.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFaultSecure.exe N/A
N/A N/A C:\Windows\system32\WerFaultSecure.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5044 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\wpHSmgz.exe
PID 5044 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\wpHSmgz.exe
PID 5044 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\VPMTbsg.exe
PID 5044 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\VPMTbsg.exe
PID 5044 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YugXXah.exe
PID 5044 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YugXXah.exe
PID 5044 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\jzYfivw.exe
PID 5044 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\jzYfivw.exe
PID 5044 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\dixlVfK.exe
PID 5044 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\dixlVfK.exe
PID 5044 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkxaliG.exe
PID 5044 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkxaliG.exe
PID 5044 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\UDClUXo.exe
PID 5044 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\UDClUXo.exe
PID 5044 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\pbloxoI.exe
PID 5044 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\pbloxoI.exe
PID 5044 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YoGilKz.exe
PID 5044 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YoGilKz.exe
PID 5044 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ZvBlMzx.exe
PID 5044 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ZvBlMzx.exe
PID 5044 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\OMOgkjA.exe
PID 5044 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\OMOgkjA.exe
PID 5044 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\AYdPqql.exe
PID 5044 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\AYdPqql.exe
PID 5044 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ydHYnAH.exe
PID 5044 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ydHYnAH.exe
PID 5044 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YehlDmE.exe
PID 5044 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\YehlDmE.exe
PID 5044 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\rEBdsVh.exe
PID 5044 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\rEBdsVh.exe
PID 5044 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkQLtka.exe
PID 5044 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\fkQLtka.exe
PID 5044 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\xjRBkgz.exe
PID 5044 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\xjRBkgz.exe
PID 5044 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\mSVPbdS.exe
PID 5044 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\mSVPbdS.exe
PID 5044 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\DuEdABn.exe
PID 5044 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\DuEdABn.exe
PID 5044 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\GUWkbxZ.exe
PID 5044 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\GUWkbxZ.exe
PID 5044 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\RAWrOjA.exe
PID 5044 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\RAWrOjA.exe
PID 5044 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\WtfbCCP.exe
PID 5044 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\WtfbCCP.exe
PID 5044 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\PFHdWvd.exe
PID 5044 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\PFHdWvd.exe
PID 5044 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\vahCjdX.exe
PID 5044 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\vahCjdX.exe
PID 5044 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\zhHPYZu.exe
PID 5044 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\zhHPYZu.exe
PID 5044 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\eHpXVCT.exe
PID 5044 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\eHpXVCT.exe
PID 5044 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ppGoLYg.exe
PID 5044 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\ppGoLYg.exe
PID 5044 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\dIZDDki.exe
PID 5044 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\dIZDDki.exe
PID 5044 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\AUaEVnG.exe
PID 5044 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\AUaEVnG.exe
PID 5044 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\afjTjYw.exe
PID 5044 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\afjTjYw.exe
PID 5044 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\LuQNfnX.exe
PID 5044 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\LuQNfnX.exe
PID 5044 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\wibDZkS.exe
PID 5044 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe C:\Windows\System\wibDZkS.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\b47f1bd61b29692e9056ace0c2436a00_NeikiAnalytics.exe"

C:\Windows\System\wpHSmgz.exe

C:\Windows\System\wpHSmgz.exe

C:\Windows\System\VPMTbsg.exe

C:\Windows\System\VPMTbsg.exe

C:\Windows\System\YugXXah.exe

C:\Windows\System\YugXXah.exe

C:\Windows\System\jzYfivw.exe

C:\Windows\System\jzYfivw.exe

C:\Windows\System\dixlVfK.exe

C:\Windows\System\dixlVfK.exe

C:\Windows\System\fkxaliG.exe

C:\Windows\System\fkxaliG.exe

C:\Windows\System\UDClUXo.exe

C:\Windows\System\UDClUXo.exe

C:\Windows\System\pbloxoI.exe

C:\Windows\System\pbloxoI.exe

C:\Windows\System\YoGilKz.exe

C:\Windows\System\YoGilKz.exe

C:\Windows\System\ZvBlMzx.exe

C:\Windows\System\ZvBlMzx.exe

C:\Windows\System\OMOgkjA.exe

C:\Windows\System\OMOgkjA.exe

C:\Windows\System\AYdPqql.exe

C:\Windows\System\AYdPqql.exe

C:\Windows\System\ydHYnAH.exe

C:\Windows\System\ydHYnAH.exe

C:\Windows\System\YehlDmE.exe

C:\Windows\System\YehlDmE.exe

C:\Windows\System\rEBdsVh.exe

C:\Windows\System\rEBdsVh.exe

C:\Windows\System\fkQLtka.exe

C:\Windows\System\fkQLtka.exe

C:\Windows\System\xjRBkgz.exe

C:\Windows\System\xjRBkgz.exe

C:\Windows\System\mSVPbdS.exe

C:\Windows\System\mSVPbdS.exe

C:\Windows\System\DuEdABn.exe

C:\Windows\System\DuEdABn.exe

C:\Windows\System\GUWkbxZ.exe

C:\Windows\System\GUWkbxZ.exe

C:\Windows\System\RAWrOjA.exe

C:\Windows\System\RAWrOjA.exe

C:\Windows\System\WtfbCCP.exe

C:\Windows\System\WtfbCCP.exe

C:\Windows\System\PFHdWvd.exe

C:\Windows\System\PFHdWvd.exe

C:\Windows\System\vahCjdX.exe

C:\Windows\System\vahCjdX.exe

C:\Windows\System\zhHPYZu.exe

C:\Windows\System\zhHPYZu.exe

C:\Windows\System\eHpXVCT.exe

C:\Windows\System\eHpXVCT.exe

C:\Windows\System\ppGoLYg.exe

C:\Windows\System\ppGoLYg.exe

C:\Windows\System\dIZDDki.exe

C:\Windows\System\dIZDDki.exe

C:\Windows\System\AUaEVnG.exe

C:\Windows\System\AUaEVnG.exe

C:\Windows\System\afjTjYw.exe

C:\Windows\System\afjTjYw.exe

C:\Windows\System\LuQNfnX.exe

C:\Windows\System\LuQNfnX.exe

C:\Windows\System\wibDZkS.exe

C:\Windows\System\wibDZkS.exe

C:\Windows\System\TKFrTxu.exe

C:\Windows\System\TKFrTxu.exe

C:\Windows\System\HIUpqcK.exe

C:\Windows\System\HIUpqcK.exe

C:\Windows\System\DKCoYpS.exe

C:\Windows\System\DKCoYpS.exe

C:\Windows\System\YhZOZuE.exe

C:\Windows\System\YhZOZuE.exe

C:\Windows\System\GMluauy.exe

C:\Windows\System\GMluauy.exe

C:\Windows\System\kZuGjxR.exe

C:\Windows\System\kZuGjxR.exe

C:\Windows\System\urXSQLX.exe

C:\Windows\System\urXSQLX.exe

C:\Windows\System\BCTBDPT.exe

C:\Windows\System\BCTBDPT.exe

C:\Windows\System\XJpnACW.exe

C:\Windows\System\XJpnACW.exe

C:\Windows\System\MaOdtVh.exe

C:\Windows\System\MaOdtVh.exe

C:\Windows\System\KfLqXAF.exe

C:\Windows\System\KfLqXAF.exe

C:\Windows\System\IrFsikM.exe

C:\Windows\System\IrFsikM.exe

C:\Windows\System\IdOAPVs.exe

C:\Windows\System\IdOAPVs.exe

C:\Windows\System\OUJTlqt.exe

C:\Windows\System\OUJTlqt.exe

C:\Windows\System\SjKwERO.exe

C:\Windows\System\SjKwERO.exe

C:\Windows\System\AiBavbR.exe

C:\Windows\System\AiBavbR.exe

C:\Windows\System\MZVEabS.exe

C:\Windows\System\MZVEabS.exe

C:\Windows\System\AzWfkBD.exe

C:\Windows\System\AzWfkBD.exe

C:\Windows\System\MIYdbJs.exe

C:\Windows\System\MIYdbJs.exe

C:\Windows\System\sQjYEKz.exe

C:\Windows\System\sQjYEKz.exe

C:\Windows\System\knFmGXB.exe

C:\Windows\System\knFmGXB.exe

C:\Windows\System\IULctRj.exe

C:\Windows\System\IULctRj.exe

C:\Windows\System\wQdEBsv.exe

C:\Windows\System\wQdEBsv.exe

C:\Windows\System\LJDCLpp.exe

C:\Windows\System\LJDCLpp.exe

C:\Windows\System\yeVvYEm.exe

C:\Windows\System\yeVvYEm.exe

C:\Windows\System\DCfHcPi.exe

C:\Windows\System\DCfHcPi.exe

C:\Windows\System\mboSoIp.exe

C:\Windows\System\mboSoIp.exe

C:\Windows\System\nkYvhSa.exe

C:\Windows\System\nkYvhSa.exe

C:\Windows\System\UpmbWUJ.exe

C:\Windows\System\UpmbWUJ.exe

C:\Windows\System\UjsONaI.exe

C:\Windows\System\UjsONaI.exe

C:\Windows\System\gvGJDAu.exe

C:\Windows\System\gvGJDAu.exe

C:\Windows\System\UauAWTm.exe

C:\Windows\System\UauAWTm.exe

C:\Windows\System\UbsQDim.exe

C:\Windows\System\UbsQDim.exe

C:\Windows\System\ckLMRyP.exe

C:\Windows\System\ckLMRyP.exe

C:\Windows\System\wEHCEJm.exe

C:\Windows\System\wEHCEJm.exe

C:\Windows\System\InYffAv.exe

C:\Windows\System\InYffAv.exe

C:\Windows\System\dFKEmrU.exe

C:\Windows\System\dFKEmrU.exe

C:\Windows\System\EAFUpmz.exe

C:\Windows\System\EAFUpmz.exe

C:\Windows\System\GPRVCYP.exe

C:\Windows\System\GPRVCYP.exe

C:\Windows\System\dCpeoSj.exe

C:\Windows\System\dCpeoSj.exe

C:\Windows\System\AcTYyPs.exe

C:\Windows\System\AcTYyPs.exe

C:\Windows\System\gSjvHOJ.exe

C:\Windows\System\gSjvHOJ.exe

C:\Windows\System\AsZQIzQ.exe

C:\Windows\System\AsZQIzQ.exe

C:\Windows\System\qqerNQd.exe

C:\Windows\System\qqerNQd.exe

C:\Windows\System\akXeCrX.exe

C:\Windows\System\akXeCrX.exe

C:\Windows\System\wYQuTfa.exe

C:\Windows\System\wYQuTfa.exe

C:\Windows\System\TlmvIOw.exe

C:\Windows\System\TlmvIOw.exe

C:\Windows\System\GhRLBZp.exe

C:\Windows\System\GhRLBZp.exe

C:\Windows\System\UvVDMXR.exe

C:\Windows\System\UvVDMXR.exe

C:\Windows\System\UOnuZeR.exe

C:\Windows\System\UOnuZeR.exe

C:\Windows\System\JvYwchq.exe

C:\Windows\System\JvYwchq.exe

C:\Windows\System\HjfCyMx.exe

C:\Windows\System\HjfCyMx.exe

C:\Windows\System\zyanvRl.exe

C:\Windows\System\zyanvRl.exe

C:\Windows\System\aDKJGKi.exe

C:\Windows\System\aDKJGKi.exe

C:\Windows\System\pQeDwFV.exe

C:\Windows\System\pQeDwFV.exe

C:\Windows\System\yITDmSF.exe

C:\Windows\System\yITDmSF.exe

C:\Windows\System\vQwmCeL.exe

C:\Windows\System\vQwmCeL.exe

C:\Windows\System\WLDRRBH.exe

C:\Windows\System\WLDRRBH.exe

C:\Windows\System\MStPpzd.exe

C:\Windows\System\MStPpzd.exe

C:\Windows\System\IJuvzUR.exe

C:\Windows\System\IJuvzUR.exe

C:\Windows\System\gUOtUll.exe

C:\Windows\System\gUOtUll.exe

C:\Windows\System\rzmcMnO.exe

C:\Windows\System\rzmcMnO.exe

C:\Windows\System\fsXMaxu.exe

C:\Windows\System\fsXMaxu.exe

C:\Windows\System\ajKpcvY.exe

C:\Windows\System\ajKpcvY.exe

C:\Windows\System\nRBvpat.exe

C:\Windows\System\nRBvpat.exe

C:\Windows\System\XHEBvae.exe

C:\Windows\System\XHEBvae.exe

C:\Windows\System\cbuWcvJ.exe

C:\Windows\System\cbuWcvJ.exe

C:\Windows\System\dxocgqg.exe

C:\Windows\System\dxocgqg.exe

C:\Windows\System\ZjVeYUM.exe

C:\Windows\System\ZjVeYUM.exe

C:\Windows\System\qXmehza.exe

C:\Windows\System\qXmehza.exe

C:\Windows\System\TfzypYk.exe

C:\Windows\System\TfzypYk.exe

C:\Windows\System\yziKxFT.exe

C:\Windows\System\yziKxFT.exe

C:\Windows\System\NlvJZLa.exe

C:\Windows\System\NlvJZLa.exe

C:\Windows\System\XdSctCo.exe

C:\Windows\System\XdSctCo.exe

C:\Windows\System\LbsWgqQ.exe

C:\Windows\System\LbsWgqQ.exe

C:\Windows\System\lUkYFju.exe

C:\Windows\System\lUkYFju.exe

C:\Windows\System\DLTmVUp.exe

C:\Windows\System\DLTmVUp.exe

C:\Windows\System\mpeYIgh.exe

C:\Windows\System\mpeYIgh.exe

C:\Windows\System\HdCAJli.exe

C:\Windows\System\HdCAJli.exe

C:\Windows\System\DFgrjis.exe

C:\Windows\System\DFgrjis.exe

C:\Windows\System\QfEggAh.exe

C:\Windows\System\QfEggAh.exe

C:\Windows\System\wHVGlmP.exe

C:\Windows\System\wHVGlmP.exe

C:\Windows\System\vPVnmIp.exe

C:\Windows\System\vPVnmIp.exe

C:\Windows\System\DRfVVUs.exe

C:\Windows\System\DRfVVUs.exe

C:\Windows\System\GSHzESh.exe

C:\Windows\System\GSHzESh.exe

C:\Windows\System\FgxwfRK.exe

C:\Windows\System\FgxwfRK.exe

C:\Windows\System\ZyFRzvB.exe

C:\Windows\System\ZyFRzvB.exe

C:\Windows\System\EaKBNud.exe

C:\Windows\System\EaKBNud.exe

C:\Windows\System\xdjGOGK.exe

C:\Windows\System\xdjGOGK.exe

C:\Windows\System\TaoOpLC.exe

C:\Windows\System\TaoOpLC.exe

C:\Windows\System\llNCWZU.exe

C:\Windows\System\llNCWZU.exe

C:\Windows\System\kfOoxOo.exe

C:\Windows\System\kfOoxOo.exe

C:\Windows\System\GoqHcii.exe

C:\Windows\System\GoqHcii.exe

C:\Windows\System\oHlopxg.exe

C:\Windows\System\oHlopxg.exe

C:\Windows\System\wndJJMU.exe

C:\Windows\System\wndJJMU.exe

C:\Windows\System\yrLDpDT.exe

C:\Windows\System\yrLDpDT.exe

C:\Windows\System\NAomryK.exe

C:\Windows\System\NAomryK.exe

C:\Windows\System\FWjoAXN.exe

C:\Windows\System\FWjoAXN.exe

C:\Windows\System\TcvbMHe.exe

C:\Windows\System\TcvbMHe.exe

C:\Windows\System\lJKYkmP.exe

C:\Windows\System\lJKYkmP.exe

C:\Windows\System\PdBppCV.exe

C:\Windows\System\PdBppCV.exe

C:\Windows\System\PosaMQw.exe

C:\Windows\System\PosaMQw.exe

C:\Windows\System\JqSKqrH.exe

C:\Windows\System\JqSKqrH.exe

C:\Windows\System\LNwOQPR.exe

C:\Windows\System\LNwOQPR.exe

C:\Windows\System\eAWCIIL.exe

C:\Windows\System\eAWCIIL.exe

C:\Windows\System\ipVsXlj.exe

C:\Windows\System\ipVsXlj.exe

C:\Windows\System\RNNpOBa.exe

C:\Windows\System\RNNpOBa.exe

C:\Windows\System\iyuyssw.exe

C:\Windows\System\iyuyssw.exe

C:\Windows\System\ClAfnyp.exe

C:\Windows\System\ClAfnyp.exe

C:\Windows\System\KlSjCRs.exe

C:\Windows\System\KlSjCRs.exe

C:\Windows\System\gNdKQNw.exe

C:\Windows\System\gNdKQNw.exe

C:\Windows\System\FQXWGBe.exe

C:\Windows\System\FQXWGBe.exe

C:\Windows\System\gVvhFzM.exe

C:\Windows\System\gVvhFzM.exe

C:\Windows\System\lNmUVuy.exe

C:\Windows\System\lNmUVuy.exe

C:\Windows\System\GNtaybo.exe

C:\Windows\System\GNtaybo.exe

C:\Windows\System\KZKABcH.exe

C:\Windows\System\KZKABcH.exe

C:\Windows\System\RWrqhaR.exe

C:\Windows\System\RWrqhaR.exe

C:\Windows\System\AgErlsT.exe

C:\Windows\System\AgErlsT.exe

C:\Windows\System\FyLAKZB.exe

C:\Windows\System\FyLAKZB.exe

C:\Windows\System\wQahbXf.exe

C:\Windows\System\wQahbXf.exe

C:\Windows\System\FaHVAhO.exe

C:\Windows\System\FaHVAhO.exe

C:\Windows\System\VwGlfvm.exe

C:\Windows\System\VwGlfvm.exe

C:\Windows\System\ewFYwOH.exe

C:\Windows\System\ewFYwOH.exe

C:\Windows\System\YwyMfMx.exe

C:\Windows\System\YwyMfMx.exe

C:\Windows\System\EtCAFXz.exe

C:\Windows\System\EtCAFXz.exe

C:\Windows\System\WfcGsyo.exe

C:\Windows\System\WfcGsyo.exe

C:\Windows\System\cqFmCjV.exe

C:\Windows\System\cqFmCjV.exe

C:\Windows\System\UhKxdJU.exe

C:\Windows\System\UhKxdJU.exe

C:\Windows\System\BoQfkUZ.exe

C:\Windows\System\BoQfkUZ.exe

C:\Windows\System\rwYYRae.exe

C:\Windows\System\rwYYRae.exe

C:\Windows\System\VRqybtn.exe

C:\Windows\System\VRqybtn.exe

C:\Windows\System\ghaKumA.exe

C:\Windows\System\ghaKumA.exe

C:\Windows\System\owGBwhI.exe

C:\Windows\System\owGBwhI.exe

C:\Windows\System\SIgOeQD.exe

C:\Windows\System\SIgOeQD.exe

C:\Windows\System\UaiPyXW.exe

C:\Windows\System\UaiPyXW.exe

C:\Windows\System\WsmlJOC.exe

C:\Windows\System\WsmlJOC.exe

C:\Windows\System\OlwLWxi.exe

C:\Windows\System\OlwLWxi.exe

C:\Windows\System\uejSyqe.exe

C:\Windows\System\uejSyqe.exe

C:\Windows\System\UduxKOS.exe

C:\Windows\System\UduxKOS.exe

C:\Windows\System\QklHsfg.exe

C:\Windows\System\QklHsfg.exe

C:\Windows\System\AOchseg.exe

C:\Windows\System\AOchseg.exe

C:\Windows\System\eGyNzTa.exe

C:\Windows\System\eGyNzTa.exe

C:\Windows\System\KfwcfCG.exe

C:\Windows\System\KfwcfCG.exe

C:\Windows\System\CwgzRLs.exe

C:\Windows\System\CwgzRLs.exe

C:\Windows\System\tzFQGzk.exe

C:\Windows\System\tzFQGzk.exe

C:\Windows\System\wQwabZq.exe

C:\Windows\System\wQwabZq.exe

C:\Windows\System\tASUDrs.exe

C:\Windows\System\tASUDrs.exe

C:\Windows\System\Xlxhhud.exe

C:\Windows\System\Xlxhhud.exe

C:\Windows\System\USSbXJI.exe

C:\Windows\System\USSbXJI.exe

C:\Windows\System\EPuAYRL.exe

C:\Windows\System\EPuAYRL.exe

C:\Windows\System\ALXHdrL.exe

C:\Windows\System\ALXHdrL.exe

C:\Windows\System\QQdXtpj.exe

C:\Windows\System\QQdXtpj.exe

C:\Windows\System\GvYZouH.exe

C:\Windows\System\GvYZouH.exe

C:\Windows\System\qQlzvDU.exe

C:\Windows\System\qQlzvDU.exe

C:\Windows\System\TkvoGxu.exe

C:\Windows\System\TkvoGxu.exe

C:\Windows\System\feLQcXq.exe

C:\Windows\System\feLQcXq.exe

C:\Windows\System\gbbhkzR.exe

C:\Windows\System\gbbhkzR.exe

C:\Windows\System\NjIKUGF.exe

C:\Windows\System\NjIKUGF.exe

C:\Windows\System\GmbyuZE.exe

C:\Windows\System\GmbyuZE.exe

C:\Windows\System\YaaEDrH.exe

C:\Windows\System\YaaEDrH.exe

C:\Windows\System\QwqMfyT.exe

C:\Windows\System\QwqMfyT.exe

C:\Windows\System\jxoRanh.exe

C:\Windows\System\jxoRanh.exe

C:\Windows\System\lxXCtMt.exe

C:\Windows\System\lxXCtMt.exe

C:\Windows\System\hGcsIBH.exe

C:\Windows\System\hGcsIBH.exe

C:\Windows\System\iiEsusF.exe

C:\Windows\System\iiEsusF.exe

C:\Windows\System\vSqEPLV.exe

C:\Windows\System\vSqEPLV.exe

C:\Windows\System\CZeCrOP.exe

C:\Windows\System\CZeCrOP.exe

C:\Windows\System\KRZsLkJ.exe

C:\Windows\System\KRZsLkJ.exe

C:\Windows\System\lbgwEDF.exe

C:\Windows\System\lbgwEDF.exe

C:\Windows\System\RykylSM.exe

C:\Windows\System\RykylSM.exe

C:\Windows\System\KzxNpjD.exe

C:\Windows\System\KzxNpjD.exe

C:\Windows\System\HutyOAt.exe

C:\Windows\System\HutyOAt.exe

C:\Windows\System\OOyVlsG.exe

C:\Windows\System\OOyVlsG.exe

C:\Windows\System\OJfEclX.exe

C:\Windows\System\OJfEclX.exe

C:\Windows\System\fsvwHwZ.exe

C:\Windows\System\fsvwHwZ.exe

C:\Windows\System\vwhDRUa.exe

C:\Windows\System\vwhDRUa.exe

C:\Windows\System\rfMcVcU.exe

C:\Windows\System\rfMcVcU.exe

C:\Windows\System\vkGILJq.exe

C:\Windows\System\vkGILJq.exe

C:\Windows\System\KkTFiCU.exe

C:\Windows\System\KkTFiCU.exe

C:\Windows\System\jLgnXOs.exe

C:\Windows\System\jLgnXOs.exe

C:\Windows\System\OCgHVqn.exe

C:\Windows\System\OCgHVqn.exe

C:\Windows\System\ccQCIPH.exe

C:\Windows\System\ccQCIPH.exe

C:\Windows\System\ePuWbCZ.exe

C:\Windows\System\ePuWbCZ.exe

C:\Windows\System\rMeqiWS.exe

C:\Windows\System\rMeqiWS.exe

C:\Windows\System\tsRgiZB.exe

C:\Windows\System\tsRgiZB.exe

C:\Windows\System\EWJPigc.exe

C:\Windows\System\EWJPigc.exe

C:\Windows\System\HLpjBzJ.exe

C:\Windows\System\HLpjBzJ.exe

C:\Windows\System\KuwRmGm.exe

C:\Windows\System\KuwRmGm.exe

C:\Windows\System\MyjFkvP.exe

C:\Windows\System\MyjFkvP.exe

C:\Windows\System\qGgMfjT.exe

C:\Windows\System\qGgMfjT.exe

C:\Windows\System\yqORRDl.exe

C:\Windows\System\yqORRDl.exe

C:\Windows\System\BUucfVX.exe

C:\Windows\System\BUucfVX.exe

C:\Windows\System\hFNQBcC.exe

C:\Windows\System\hFNQBcC.exe

C:\Windows\System\eBlgNWD.exe

C:\Windows\System\eBlgNWD.exe

C:\Windows\System\tgDkPSr.exe

C:\Windows\System\tgDkPSr.exe

C:\Windows\System\cgDVsnZ.exe

C:\Windows\System\cgDVsnZ.exe

C:\Windows\System\uSPJKxf.exe

C:\Windows\System\uSPJKxf.exe

C:\Windows\System\fFhSnBt.exe

C:\Windows\System\fFhSnBt.exe

C:\Windows\System\QjncGPV.exe

C:\Windows\System\QjncGPV.exe

C:\Windows\System\GDPLOCM.exe

C:\Windows\System\GDPLOCM.exe

C:\Windows\System\gTPhSUM.exe

C:\Windows\System\gTPhSUM.exe

C:\Windows\System\MLQhRVq.exe

C:\Windows\System\MLQhRVq.exe

C:\Windows\System\toZRPlK.exe

C:\Windows\System\toZRPlK.exe

C:\Windows\System\ITtTOQH.exe

C:\Windows\System\ITtTOQH.exe

C:\Windows\System\CqXPNMe.exe

C:\Windows\System\CqXPNMe.exe

C:\Windows\System\dKsOWvD.exe

C:\Windows\System\dKsOWvD.exe

C:\Windows\System\yPKBzLv.exe

C:\Windows\System\yPKBzLv.exe

C:\Windows\System\lkRBZsc.exe

C:\Windows\System\lkRBZsc.exe

C:\Windows\System\oyqUQGc.exe

C:\Windows\System\oyqUQGc.exe

C:\Windows\System\DlgqoUT.exe

C:\Windows\System\DlgqoUT.exe

C:\Windows\System\MJMfNAd.exe

C:\Windows\System\MJMfNAd.exe

C:\Windows\System\cXCaJyP.exe

C:\Windows\System\cXCaJyP.exe

C:\Windows\System\hflhgSa.exe

C:\Windows\System\hflhgSa.exe

C:\Windows\System\YpCoROU.exe

C:\Windows\System\YpCoROU.exe

C:\Windows\System\IQsJqku.exe

C:\Windows\System\IQsJqku.exe

C:\Windows\System\wAVnmQE.exe

C:\Windows\System\wAVnmQE.exe

C:\Windows\System\lMvAhOo.exe

C:\Windows\System\lMvAhOo.exe

C:\Windows\System\BGWSrqx.exe

C:\Windows\System\BGWSrqx.exe

C:\Windows\System\MPGIAcL.exe

C:\Windows\System\MPGIAcL.exe

C:\Windows\System\QorlAhF.exe

C:\Windows\System\QorlAhF.exe

C:\Windows\System\lfMtxPL.exe

C:\Windows\System\lfMtxPL.exe

C:\Windows\System\MpGcEvy.exe

C:\Windows\System\MpGcEvy.exe

C:\Windows\System\tgfKbPA.exe

C:\Windows\System\tgfKbPA.exe

C:\Windows\System\VxkoOVV.exe

C:\Windows\System\VxkoOVV.exe

C:\Windows\System\cjbybYs.exe

C:\Windows\System\cjbybYs.exe

C:\Windows\System\INxRIzI.exe

C:\Windows\System\INxRIzI.exe

C:\Windows\System\cuAwoBP.exe

C:\Windows\System\cuAwoBP.exe

C:\Windows\System\qXLFHpB.exe

C:\Windows\System\qXLFHpB.exe

C:\Windows\System\YUsiwqj.exe

C:\Windows\System\YUsiwqj.exe

C:\Windows\System\RAyTKeU.exe

C:\Windows\System\RAyTKeU.exe

C:\Windows\System\cOBnrnk.exe

C:\Windows\System\cOBnrnk.exe

C:\Windows\System\QDiJLTP.exe

C:\Windows\System\QDiJLTP.exe

C:\Windows\System\SRdOkeh.exe

C:\Windows\System\SRdOkeh.exe

C:\Windows\System\iUkrdrX.exe

C:\Windows\System\iUkrdrX.exe

C:\Windows\System\yqSnPQG.exe

C:\Windows\System\yqSnPQG.exe

C:\Windows\System\qASGwOy.exe

C:\Windows\System\qASGwOy.exe

C:\Windows\System\lJJiNtV.exe

C:\Windows\System\lJJiNtV.exe

C:\Windows\System\rQPJDia.exe

C:\Windows\System\rQPJDia.exe

C:\Windows\System\IGUDRcm.exe

C:\Windows\System\IGUDRcm.exe

C:\Windows\System\mxcCNud.exe

C:\Windows\System\mxcCNud.exe

C:\Windows\System\KsnGMqo.exe

C:\Windows\System\KsnGMqo.exe

C:\Windows\System\oYjSWnt.exe

C:\Windows\System\oYjSWnt.exe

C:\Windows\System\GoVffzP.exe

C:\Windows\System\GoVffzP.exe

C:\Windows\System\qPUhdwr.exe

C:\Windows\System\qPUhdwr.exe

C:\Windows\System\DYiKXVo.exe

C:\Windows\System\DYiKXVo.exe

C:\Windows\System\dYrUinN.exe

C:\Windows\System\dYrUinN.exe

C:\Windows\System\pHUkonK.exe

C:\Windows\System\pHUkonK.exe

C:\Windows\System\hCaxmAg.exe

C:\Windows\System\hCaxmAg.exe

C:\Windows\System\CxpTLON.exe

C:\Windows\System\CxpTLON.exe

C:\Windows\System\XNYbXRY.exe

C:\Windows\System\XNYbXRY.exe

C:\Windows\System\dgOwUUF.exe

C:\Windows\System\dgOwUUF.exe

C:\Windows\System\ZwRtFdT.exe

C:\Windows\System\ZwRtFdT.exe

C:\Windows\System\bpVxIbO.exe

C:\Windows\System\bpVxIbO.exe

C:\Windows\System\MUAOClv.exe

C:\Windows\System\MUAOClv.exe

C:\Windows\System\quRPbDd.exe

C:\Windows\System\quRPbDd.exe

C:\Windows\System\aADwnFs.exe

C:\Windows\System\aADwnFs.exe

C:\Windows\System\OyRYvEQ.exe

C:\Windows\System\OyRYvEQ.exe

C:\Windows\System\pgzDvRk.exe

C:\Windows\System\pgzDvRk.exe

C:\Windows\System\xUsNYWB.exe

C:\Windows\System\xUsNYWB.exe

C:\Windows\System\ibpTeim.exe

C:\Windows\System\ibpTeim.exe

C:\Windows\System\ExBfZTR.exe

C:\Windows\System\ExBfZTR.exe

C:\Windows\System\SkpabfU.exe

C:\Windows\System\SkpabfU.exe

C:\Windows\System\hITZyIs.exe

C:\Windows\System\hITZyIs.exe

C:\Windows\System\mDcextX.exe

C:\Windows\System\mDcextX.exe

C:\Windows\System\sgqXeFh.exe

C:\Windows\System\sgqXeFh.exe

C:\Windows\System\pGaDlvF.exe

C:\Windows\System\pGaDlvF.exe

C:\Windows\System\tDoQJYJ.exe

C:\Windows\System\tDoQJYJ.exe

C:\Windows\System\mSIHAuq.exe

C:\Windows\System\mSIHAuq.exe

C:\Windows\System\rHFLIsf.exe

C:\Windows\System\rHFLIsf.exe

C:\Windows\System\hhUPsMt.exe

C:\Windows\System\hhUPsMt.exe

C:\Windows\System\bLWZwal.exe

C:\Windows\System\bLWZwal.exe

C:\Windows\System\zaOBuwm.exe

C:\Windows\System\zaOBuwm.exe

C:\Windows\System\xRoBJnZ.exe

C:\Windows\System\xRoBJnZ.exe

C:\Windows\System\SkNXZKX.exe

C:\Windows\System\SkNXZKX.exe

C:\Windows\System\qoSLlVa.exe

C:\Windows\System\qoSLlVa.exe

C:\Windows\System\zVpGxzC.exe

C:\Windows\System\zVpGxzC.exe

C:\Windows\System\KBaRzHq.exe

C:\Windows\System\KBaRzHq.exe

C:\Windows\System\ryIhtFi.exe

C:\Windows\System\ryIhtFi.exe

C:\Windows\System\JbfbinJ.exe

C:\Windows\System\JbfbinJ.exe

C:\Windows\System\cIBtCOo.exe

C:\Windows\System\cIBtCOo.exe

C:\Windows\System\JBZfqwy.exe

C:\Windows\System\JBZfqwy.exe

C:\Windows\System\baMwxMp.exe

C:\Windows\System\baMwxMp.exe

C:\Windows\System\ZZhfUXz.exe

C:\Windows\System\ZZhfUXz.exe

C:\Windows\System\CJpmqIM.exe

C:\Windows\System\CJpmqIM.exe

C:\Windows\System\SRmMkrr.exe

C:\Windows\System\SRmMkrr.exe

C:\Windows\System\pzyuXml.exe

C:\Windows\System\pzyuXml.exe

C:\Windows\System\CJJPDrR.exe

C:\Windows\System\CJJPDrR.exe

C:\Windows\System\ymMayjd.exe

C:\Windows\System\ymMayjd.exe

C:\Windows\System\iqWdmfW.exe

C:\Windows\System\iqWdmfW.exe

C:\Windows\System\xmDfRuS.exe

C:\Windows\System\xmDfRuS.exe

C:\Windows\System\NJavoUL.exe

C:\Windows\System\NJavoUL.exe

C:\Windows\System\MrBtTqW.exe

C:\Windows\System\MrBtTqW.exe

C:\Windows\System\iTgJASo.exe

C:\Windows\System\iTgJASo.exe

C:\Windows\System\NdpRILy.exe

C:\Windows\System\NdpRILy.exe

C:\Windows\System\cqyguoK.exe

C:\Windows\System\cqyguoK.exe

C:\Windows\System\VNToEic.exe

C:\Windows\System\VNToEic.exe

C:\Windows\System\gCJQYjx.exe

C:\Windows\System\gCJQYjx.exe

C:\Windows\System\UTkhKzy.exe

C:\Windows\System\UTkhKzy.exe

C:\Windows\System\WLbLRcs.exe

C:\Windows\System\WLbLRcs.exe

C:\Windows\System\vGqqOwH.exe

C:\Windows\System\vGqqOwH.exe

C:\Windows\System\kxshqBv.exe

C:\Windows\System\kxshqBv.exe

C:\Windows\System\CnxeBTD.exe

C:\Windows\System\CnxeBTD.exe

C:\Windows\System\HzDdIqE.exe

C:\Windows\System\HzDdIqE.exe

C:\Windows\System\kXffPAO.exe

C:\Windows\System\kXffPAO.exe

C:\Windows\System\AAJIbhB.exe

C:\Windows\System\AAJIbhB.exe

C:\Windows\System\RakfqNa.exe

C:\Windows\System\RakfqNa.exe

C:\Windows\System\utYPdfx.exe

C:\Windows\System\utYPdfx.exe

C:\Windows\System\tjbsuYi.exe

C:\Windows\System\tjbsuYi.exe

C:\Windows\System\MmgrnoL.exe

C:\Windows\System\MmgrnoL.exe

C:\Windows\System\MHVKMIz.exe

C:\Windows\System\MHVKMIz.exe

C:\Windows\System\NSdWpGw.exe

C:\Windows\System\NSdWpGw.exe

C:\Windows\System\WlHvAaZ.exe

C:\Windows\System\WlHvAaZ.exe

C:\Windows\System\tUIqQUd.exe

C:\Windows\System\tUIqQUd.exe

C:\Windows\System\ehFBWsf.exe

C:\Windows\System\ehFBWsf.exe

C:\Windows\System\qtUUMws.exe

C:\Windows\System\qtUUMws.exe

C:\Windows\System\iYACfZl.exe

C:\Windows\System\iYACfZl.exe

C:\Windows\System\Wtjqeqc.exe

C:\Windows\System\Wtjqeqc.exe

C:\Windows\System\DmlQVsH.exe

C:\Windows\System\DmlQVsH.exe

C:\Windows\System\ktzyitS.exe

C:\Windows\System\ktzyitS.exe

C:\Windows\System\LqBbkJE.exe

C:\Windows\System\LqBbkJE.exe

C:\Windows\System\RigAwhK.exe

C:\Windows\System\RigAwhK.exe

C:\Windows\System\gIFwqrD.exe

C:\Windows\System\gIFwqrD.exe

C:\Windows\System\dOGTHtj.exe

C:\Windows\System\dOGTHtj.exe

C:\Windows\System\xwLibKh.exe

C:\Windows\System\xwLibKh.exe

C:\Windows\System\BoUkCiZ.exe

C:\Windows\System\BoUkCiZ.exe

C:\Windows\System\uCPjjjH.exe

C:\Windows\System\uCPjjjH.exe

C:\Windows\System\UcRGhaM.exe

C:\Windows\System\UcRGhaM.exe

C:\Windows\System\mxqIpba.exe

C:\Windows\System\mxqIpba.exe

C:\Windows\System\BdSFemA.exe

C:\Windows\System\BdSFemA.exe

C:\Windows\System\jBZLHxe.exe

C:\Windows\System\jBZLHxe.exe

C:\Windows\System\VYQZQeW.exe

C:\Windows\System\VYQZQeW.exe

C:\Windows\System\lDBvZBG.exe

C:\Windows\System\lDBvZBG.exe

C:\Windows\System\kRhxUMi.exe

C:\Windows\System\kRhxUMi.exe

C:\Windows\System\TjIphHb.exe

C:\Windows\System\TjIphHb.exe

C:\Windows\System\TZQKouX.exe

C:\Windows\System\TZQKouX.exe

C:\Windows\System\UkkvxvL.exe

C:\Windows\System\UkkvxvL.exe

C:\Windows\System\zDGxWMq.exe

C:\Windows\System\zDGxWMq.exe

C:\Windows\System\UMGmlPq.exe

C:\Windows\System\UMGmlPq.exe

C:\Windows\System\THSCDhB.exe

C:\Windows\System\THSCDhB.exe

C:\Windows\System\EyQzMJV.exe

C:\Windows\System\EyQzMJV.exe

C:\Windows\System\iYOnbjx.exe

C:\Windows\System\iYOnbjx.exe

C:\Windows\System\SyNhZRs.exe

C:\Windows\System\SyNhZRs.exe

C:\Windows\System\QmGZvaB.exe

C:\Windows\System\QmGZvaB.exe

C:\Windows\System\vROOCne.exe

C:\Windows\System\vROOCne.exe

C:\Windows\System\LsZPned.exe

C:\Windows\System\LsZPned.exe

C:\Windows\System\qDPTJhr.exe

C:\Windows\System\qDPTJhr.exe

C:\Windows\System\abVHNkZ.exe

C:\Windows\System\abVHNkZ.exe

C:\Windows\System\lpyLRJo.exe

C:\Windows\System\lpyLRJo.exe

C:\Windows\System\PnRwFtO.exe

C:\Windows\System\PnRwFtO.exe

C:\Windows\System\XcRBRFL.exe

C:\Windows\System\XcRBRFL.exe

C:\Windows\System\RRuITTG.exe

C:\Windows\System\RRuITTG.exe

C:\Windows\System\uIHhBvx.exe

C:\Windows\System\uIHhBvx.exe

C:\Windows\System\ejATRjQ.exe

C:\Windows\System\ejATRjQ.exe

C:\Windows\System\hsyOavu.exe

C:\Windows\System\hsyOavu.exe

C:\Windows\System\fBANSbt.exe

C:\Windows\System\fBANSbt.exe

C:\Windows\System\QqKKKdl.exe

C:\Windows\System\QqKKKdl.exe

C:\Windows\System\bApjquU.exe

C:\Windows\System\bApjquU.exe

C:\Windows\System\eJjAGBO.exe

C:\Windows\System\eJjAGBO.exe

C:\Windows\System\euqhiDU.exe

C:\Windows\System\euqhiDU.exe

C:\Windows\System\HdiIjcg.exe

C:\Windows\System\HdiIjcg.exe

C:\Windows\System\dCjLMpC.exe

C:\Windows\System\dCjLMpC.exe

C:\Windows\System\NLleNmD.exe

C:\Windows\System\NLleNmD.exe

C:\Windows\System\yAORCUF.exe

C:\Windows\System\yAORCUF.exe

C:\Windows\System\tbkuHQq.exe

C:\Windows\System\tbkuHQq.exe

C:\Windows\System\aKgjZlc.exe

C:\Windows\System\aKgjZlc.exe

C:\Windows\System\HkaHWmr.exe

C:\Windows\System\HkaHWmr.exe

C:\Windows\System\njNIycj.exe

C:\Windows\System\njNIycj.exe

C:\Windows\System\VubSTkG.exe

C:\Windows\System\VubSTkG.exe

C:\Windows\System\LsyfGBn.exe

C:\Windows\System\LsyfGBn.exe

C:\Windows\System\xchZxlW.exe

C:\Windows\System\xchZxlW.exe

C:\Windows\System\lPPFeaZ.exe

C:\Windows\System\lPPFeaZ.exe

C:\Windows\System\vhQPTEx.exe

C:\Windows\System\vhQPTEx.exe

C:\Windows\System\gKEKYdS.exe

C:\Windows\System\gKEKYdS.exe

C:\Windows\System\JEhBGKd.exe

C:\Windows\System\JEhBGKd.exe

C:\Windows\System\ncJoNCC.exe

C:\Windows\System\ncJoNCC.exe

C:\Windows\System\zBACIGF.exe

C:\Windows\System\zBACIGF.exe

C:\Windows\System\ybKJUbS.exe

C:\Windows\System\ybKJUbS.exe

C:\Windows\System\IfOlazk.exe

C:\Windows\System\IfOlazk.exe

C:\Windows\System\SsipWPl.exe

C:\Windows\System\SsipWPl.exe

C:\Windows\System\wEOUeWb.exe

C:\Windows\System\wEOUeWb.exe

C:\Windows\System\QHSClkg.exe

C:\Windows\System\QHSClkg.exe

C:\Windows\System\Uuqrokg.exe

C:\Windows\System\Uuqrokg.exe

C:\Windows\System\wDPdTEk.exe

C:\Windows\System\wDPdTEk.exe

C:\Windows\System\sMPsXnf.exe

C:\Windows\System\sMPsXnf.exe

C:\Windows\System\VJJFwEN.exe

C:\Windows\System\VJJFwEN.exe

C:\Windows\System\isEbuZo.exe

C:\Windows\System\isEbuZo.exe

C:\Windows\System\skpYQTK.exe

C:\Windows\System\skpYQTK.exe

C:\Windows\System\SgPJcjf.exe

C:\Windows\System\SgPJcjf.exe

C:\Windows\System\fCTHkjE.exe

C:\Windows\System\fCTHkjE.exe

C:\Windows\System\MUAPXnf.exe

C:\Windows\System\MUAPXnf.exe

C:\Windows\System\FLezcWh.exe

C:\Windows\System\FLezcWh.exe

C:\Windows\System\drNUXJT.exe

C:\Windows\System\drNUXJT.exe

C:\Windows\System\gxqImIj.exe

C:\Windows\System\gxqImIj.exe

C:\Windows\System\HKQJLZC.exe

C:\Windows\System\HKQJLZC.exe

C:\Windows\System\NKMYmia.exe

C:\Windows\System\NKMYmia.exe

C:\Windows\System\SkdLWZS.exe

C:\Windows\System\SkdLWZS.exe

C:\Windows\System\cFRlGnI.exe

C:\Windows\System\cFRlGnI.exe

C:\Windows\System\fMGOfKG.exe

C:\Windows\System\fMGOfKG.exe

C:\Windows\System\DfhHoMa.exe

C:\Windows\System\DfhHoMa.exe

C:\Windows\System\qEmgBlm.exe

C:\Windows\System\qEmgBlm.exe

C:\Windows\System\DgCmjfw.exe

C:\Windows\System\DgCmjfw.exe

C:\Windows\System\eVkwSDn.exe

C:\Windows\System\eVkwSDn.exe

C:\Windows\System\QkZrKQa.exe

C:\Windows\System\QkZrKQa.exe

C:\Windows\System\LrxQvQR.exe

C:\Windows\System\LrxQvQR.exe

C:\Windows\System\OdUfdCi.exe

C:\Windows\System\OdUfdCi.exe

C:\Windows\System\YxZikaX.exe

C:\Windows\System\YxZikaX.exe

C:\Windows\System\psSvHPG.exe

C:\Windows\System\psSvHPG.exe

C:\Windows\System\WcUMlPX.exe

C:\Windows\System\WcUMlPX.exe

C:\Windows\System\SCYiXuI.exe

C:\Windows\System\SCYiXuI.exe

C:\Windows\System\LpWAmBc.exe

C:\Windows\System\LpWAmBc.exe

C:\Windows\System\OWCqvpR.exe

C:\Windows\System\OWCqvpR.exe

C:\Windows\System\DhxwjzN.exe

C:\Windows\System\DhxwjzN.exe

C:\Windows\System\nTcbHrs.exe

C:\Windows\System\nTcbHrs.exe

C:\Windows\System\rUXvwCi.exe

C:\Windows\System\rUXvwCi.exe

C:\Windows\System\FxGZHdw.exe

C:\Windows\System\FxGZHdw.exe

C:\Windows\System\zngfVjL.exe

C:\Windows\System\zngfVjL.exe

C:\Windows\System\XMVKvsD.exe

C:\Windows\System\XMVKvsD.exe

C:\Windows\System\RwZIeYt.exe

C:\Windows\System\RwZIeYt.exe

C:\Windows\System\srPYBxq.exe

C:\Windows\System\srPYBxq.exe

C:\Windows\System\yEWXxgI.exe

C:\Windows\System\yEWXxgI.exe

C:\Windows\System\gmWbJdm.exe

C:\Windows\System\gmWbJdm.exe

C:\Windows\System\lYDGzUq.exe

C:\Windows\System\lYDGzUq.exe

C:\Windows\System\ZlImsnz.exe

C:\Windows\System\ZlImsnz.exe

C:\Windows\System\LSAnsBz.exe

C:\Windows\System\LSAnsBz.exe

C:\Windows\System\KpftLUT.exe

C:\Windows\System\KpftLUT.exe

C:\Windows\System\itepZsC.exe

C:\Windows\System\itepZsC.exe

C:\Windows\System\tHYFkKs.exe

C:\Windows\System\tHYFkKs.exe

C:\Windows\System\lkOOwdg.exe

C:\Windows\System\lkOOwdg.exe

C:\Windows\System\NIQCafP.exe

C:\Windows\System\NIQCafP.exe

C:\Windows\System\pdJdXmt.exe

C:\Windows\System\pdJdXmt.exe

C:\Windows\System\tmlfPEm.exe

C:\Windows\System\tmlfPEm.exe

C:\Windows\System\quUEggd.exe

C:\Windows\System\quUEggd.exe

C:\Windows\System\kmVukTJ.exe

C:\Windows\System\kmVukTJ.exe

C:\Windows\System\ZQAWxNk.exe

C:\Windows\System\ZQAWxNk.exe

C:\Windows\System\ovoxMdU.exe

C:\Windows\System\ovoxMdU.exe

C:\Windows\System\GzdyXmx.exe

C:\Windows\System\GzdyXmx.exe

C:\Windows\System\cvnruFD.exe

C:\Windows\System\cvnruFD.exe

C:\Windows\System\LlQgjul.exe

C:\Windows\System\LlQgjul.exe

C:\Windows\System\baXOlwl.exe

C:\Windows\System\baXOlwl.exe

C:\Windows\System\siKfJuP.exe

C:\Windows\System\siKfJuP.exe

C:\Windows\System\AZGhkLP.exe

C:\Windows\System\AZGhkLP.exe

C:\Windows\System\FygIMZk.exe

C:\Windows\System\FygIMZk.exe

C:\Windows\System\mUFFJtt.exe

C:\Windows\System\mUFFJtt.exe

C:\Windows\System\FnflTQO.exe

C:\Windows\System\FnflTQO.exe

C:\Windows\System\eFiwHBP.exe

C:\Windows\System\eFiwHBP.exe

C:\Windows\System\HylJuay.exe

C:\Windows\System\HylJuay.exe

C:\Windows\System\NMzAVQi.exe

C:\Windows\System\NMzAVQi.exe

C:\Windows\System\UIizYYg.exe

C:\Windows\System\UIizYYg.exe

C:\Windows\System\TrtaRsI.exe

C:\Windows\System\TrtaRsI.exe

C:\Windows\System\waYolps.exe

C:\Windows\System\waYolps.exe

C:\Windows\System\XcgSmIZ.exe

C:\Windows\System\XcgSmIZ.exe

C:\Windows\System\hwOYklP.exe

C:\Windows\System\hwOYklP.exe

C:\Windows\System\TQrzYHt.exe

C:\Windows\System\TQrzYHt.exe

C:\Windows\System\kccwOVr.exe

C:\Windows\System\kccwOVr.exe

C:\Windows\System\PWqsTOu.exe

C:\Windows\System\PWqsTOu.exe

C:\Windows\System\XSomjdf.exe

C:\Windows\System\XSomjdf.exe

C:\Windows\System\YbsCwYL.exe

C:\Windows\System\YbsCwYL.exe

C:\Windows\System\AAYZYZR.exe

C:\Windows\System\AAYZYZR.exe

C:\Windows\System\MBxSICd.exe

C:\Windows\System\MBxSICd.exe

C:\Windows\System\VjrTfjY.exe

C:\Windows\System\VjrTfjY.exe

C:\Windows\System\IhegpBB.exe

C:\Windows\System\IhegpBB.exe

C:\Windows\System\UADjgzO.exe

C:\Windows\System\UADjgzO.exe

C:\Windows\System\yYpAPOi.exe

C:\Windows\System\yYpAPOi.exe

C:\Windows\System\aBVeIiA.exe

C:\Windows\System\aBVeIiA.exe

C:\Windows\System\NAkPDDD.exe

C:\Windows\System\NAkPDDD.exe

C:\Windows\System\sAzLVOf.exe

C:\Windows\System\sAzLVOf.exe

C:\Windows\System\VKOrXqv.exe

C:\Windows\System\VKOrXqv.exe

C:\Windows\System\HSkllZC.exe

C:\Windows\System\HSkllZC.exe

C:\Windows\System\WquuswW.exe

C:\Windows\System\WquuswW.exe

C:\Windows\System\nIjboLq.exe

C:\Windows\System\nIjboLq.exe

C:\Windows\System\chOtGNT.exe

C:\Windows\System\chOtGNT.exe

C:\Windows\System\ZAqMpTa.exe

C:\Windows\System\ZAqMpTa.exe

C:\Windows\System\vgaWrzc.exe

C:\Windows\System\vgaWrzc.exe

C:\Windows\System\xwaIoRz.exe

C:\Windows\System\xwaIoRz.exe

C:\Windows\System\myHunll.exe

C:\Windows\System\myHunll.exe

C:\Windows\System\mLjVEdS.exe

C:\Windows\System\mLjVEdS.exe

C:\Windows\System\XEYonsE.exe

C:\Windows\System\XEYonsE.exe

C:\Windows\System\InXqCky.exe

C:\Windows\System\InXqCky.exe

C:\Windows\System\nslGCXj.exe

C:\Windows\System\nslGCXj.exe

C:\Windows\System\WTRXuGX.exe

C:\Windows\System\WTRXuGX.exe

C:\Windows\System\GkkFZOr.exe

C:\Windows\System\GkkFZOr.exe

C:\Windows\System\ZQZInQy.exe

C:\Windows\System\ZQZInQy.exe

C:\Windows\System\xtHGHly.exe

C:\Windows\System\xtHGHly.exe

C:\Windows\System\alcofZA.exe

C:\Windows\System\alcofZA.exe

C:\Windows\System\ZodxOen.exe

C:\Windows\System\ZodxOen.exe

C:\Windows\System\dSuRURT.exe

C:\Windows\System\dSuRURT.exe

C:\Windows\System\iypkrQW.exe

C:\Windows\System\iypkrQW.exe

C:\Windows\System\wEcofZw.exe

C:\Windows\System\wEcofZw.exe

C:\Windows\System\mEXAuEt.exe

C:\Windows\System\mEXAuEt.exe

C:\Windows\System\KbJuDRw.exe

C:\Windows\System\KbJuDRw.exe

C:\Windows\System\MKQjUoq.exe

C:\Windows\System\MKQjUoq.exe

C:\Windows\System\anljMbg.exe

C:\Windows\System\anljMbg.exe

C:\Windows\System\yHJvshB.exe

C:\Windows\System\yHJvshB.exe

C:\Windows\System\dJnGgrX.exe

C:\Windows\System\dJnGgrX.exe

C:\Windows\System\UZpKwBy.exe

C:\Windows\System\UZpKwBy.exe

C:\Windows\System\XYpjDHi.exe

C:\Windows\System\XYpjDHi.exe

C:\Windows\System\CovpCJI.exe

C:\Windows\System\CovpCJI.exe

C:\Windows\System\kRfwSHu.exe

C:\Windows\System\kRfwSHu.exe

C:\Windows\System\rLYUDza.exe

C:\Windows\System\rLYUDza.exe

C:\Windows\System\rkPZsRC.exe

C:\Windows\System\rkPZsRC.exe

C:\Windows\System\oBcnGpK.exe

C:\Windows\System\oBcnGpK.exe

C:\Windows\System\bROGIqg.exe

C:\Windows\System\bROGIqg.exe

C:\Windows\System\gWzlkGJ.exe

C:\Windows\System\gWzlkGJ.exe

C:\Windows\System\sUlHMtA.exe

C:\Windows\System\sUlHMtA.exe

C:\Windows\System\TWhUQlG.exe

C:\Windows\System\TWhUQlG.exe

C:\Windows\System\GxCtrCv.exe

C:\Windows\System\GxCtrCv.exe

C:\Windows\System\WFxrCHg.exe

C:\Windows\System\WFxrCHg.exe

C:\Windows\System\OBCGNLK.exe

C:\Windows\System\OBCGNLK.exe

C:\Windows\System\wESQhGJ.exe

C:\Windows\System\wESQhGJ.exe

C:\Windows\System\DQWgjgc.exe

C:\Windows\System\DQWgjgc.exe

C:\Windows\System\sggPOFV.exe

C:\Windows\System\sggPOFV.exe

C:\Windows\System\XAdASRE.exe

C:\Windows\System\XAdASRE.exe

C:\Windows\System\fhsLtgE.exe

C:\Windows\System\fhsLtgE.exe

C:\Windows\System\tGEndFn.exe

C:\Windows\System\tGEndFn.exe

C:\Windows\System\tBMveJy.exe

C:\Windows\System\tBMveJy.exe

C:\Windows\System\ZHwHogn.exe

C:\Windows\System\ZHwHogn.exe

C:\Windows\System\APUaybR.exe

C:\Windows\System\APUaybR.exe

C:\Windows\System\xkepNQs.exe

C:\Windows\System\xkepNQs.exe

C:\Windows\System\azplZgw.exe

C:\Windows\System\azplZgw.exe

C:\Windows\System\ijASQVG.exe

C:\Windows\System\ijASQVG.exe

C:\Windows\System\bpgtLJv.exe

C:\Windows\System\bpgtLJv.exe

C:\Windows\System\MfArTAX.exe

C:\Windows\System\MfArTAX.exe

C:\Windows\System\yWzhtFG.exe

C:\Windows\System\yWzhtFG.exe

C:\Windows\System\dCMYXJh.exe

C:\Windows\System\dCMYXJh.exe

C:\Windows\System\MLfkTGM.exe

C:\Windows\System\MLfkTGM.exe

C:\Windows\System\WPGpgsn.exe

C:\Windows\System\WPGpgsn.exe

C:\Windows\System\SQElGpy.exe

C:\Windows\System\SQElGpy.exe

C:\Windows\System\rjhXniE.exe

C:\Windows\System\rjhXniE.exe

C:\Windows\System\QDFAHQu.exe

C:\Windows\System\QDFAHQu.exe

C:\Windows\System\GrGhRZZ.exe

C:\Windows\System\GrGhRZZ.exe

C:\Windows\System\mSbslDd.exe

C:\Windows\System\mSbslDd.exe

C:\Windows\System\QguGHWD.exe

C:\Windows\System\QguGHWD.exe

C:\Windows\System\FdlGhNF.exe

C:\Windows\System\FdlGhNF.exe

C:\Windows\System\gRIzejP.exe

C:\Windows\System\gRIzejP.exe

C:\Windows\System\QpcAuXR.exe

C:\Windows\System\QpcAuXR.exe

C:\Windows\System\LtlPPZg.exe

C:\Windows\System\LtlPPZg.exe

C:\Windows\System\JlmBqRw.exe

C:\Windows\System\JlmBqRw.exe

C:\Windows\System\KVLKtzZ.exe

C:\Windows\System\KVLKtzZ.exe

C:\Windows\System\mwRtFse.exe

C:\Windows\System\mwRtFse.exe

C:\Windows\System\aNEHRps.exe

C:\Windows\System\aNEHRps.exe

C:\Windows\System\SeMDdkD.exe

C:\Windows\System\SeMDdkD.exe

C:\Windows\System\LJegTHz.exe

C:\Windows\System\LJegTHz.exe

C:\Windows\System\bJCjhnC.exe

C:\Windows\System\bJCjhnC.exe

C:\Windows\System\GELFNgO.exe

C:\Windows\System\GELFNgO.exe

C:\Windows\System\TyGUfiv.exe

C:\Windows\System\TyGUfiv.exe

C:\Windows\System\sqRjCvz.exe

C:\Windows\System\sqRjCvz.exe

C:\Windows\System\JAzyuBN.exe

C:\Windows\System\JAzyuBN.exe

C:\Windows\System\XFBpVPI.exe

C:\Windows\System\XFBpVPI.exe

C:\Windows\System\FIAJAjW.exe

C:\Windows\System\FIAJAjW.exe

C:\Windows\System\LLgQFqg.exe

C:\Windows\System\LLgQFqg.exe

C:\Windows\System\YbBBJiy.exe

C:\Windows\System\YbBBJiy.exe

C:\Windows\System\ozcPjEQ.exe

C:\Windows\System\ozcPjEQ.exe

C:\Windows\System\HRJSEmw.exe

C:\Windows\System\HRJSEmw.exe

C:\Windows\System\GvzGvVl.exe

C:\Windows\System\GvzGvVl.exe

C:\Windows\System\LDczFMj.exe

C:\Windows\System\LDczFMj.exe

C:\Windows\System\JlErMCM.exe

C:\Windows\System\JlErMCM.exe

C:\Windows\System\cLzHUZK.exe

C:\Windows\System\cLzHUZK.exe

C:\Windows\System\TsPIoqW.exe

C:\Windows\System\TsPIoqW.exe

C:\Windows\System\tCupxfO.exe

C:\Windows\System\tCupxfO.exe

C:\Windows\System\zKXRQli.exe

C:\Windows\System\zKXRQli.exe

C:\Windows\System\CcbYYtM.exe

C:\Windows\System\CcbYYtM.exe

C:\Windows\System\oDeBBxt.exe

C:\Windows\System\oDeBBxt.exe

C:\Windows\System\llGMdby.exe

C:\Windows\System\llGMdby.exe

C:\Windows\System\KEpkfZE.exe

C:\Windows\System\KEpkfZE.exe

C:\Windows\System\LINYUoQ.exe

C:\Windows\System\LINYUoQ.exe

C:\Windows\System\oEeVhQl.exe

C:\Windows\System\oEeVhQl.exe

C:\Windows\System\juDLfhV.exe

C:\Windows\System\juDLfhV.exe

C:\Windows\System\IQcVNvr.exe

C:\Windows\System\IQcVNvr.exe

C:\Windows\System\tbnQTLc.exe

C:\Windows\System\tbnQTLc.exe

C:\Windows\System\jmBzVex.exe

C:\Windows\System\jmBzVex.exe

C:\Windows\System\izlbpLF.exe

C:\Windows\System\izlbpLF.exe

C:\Windows\System\uWAgivy.exe

C:\Windows\System\uWAgivy.exe

C:\Windows\System\phXSehp.exe

C:\Windows\System\phXSehp.exe

C:\Windows\System\xqPfpMb.exe

C:\Windows\System\xqPfpMb.exe

C:\Windows\System\sghyjAB.exe

C:\Windows\System\sghyjAB.exe

C:\Windows\System\ySmrahH.exe

C:\Windows\System\ySmrahH.exe

C:\Windows\System\kNVkcOh.exe

C:\Windows\System\kNVkcOh.exe

C:\Windows\System\CKQAyjZ.exe

C:\Windows\System\CKQAyjZ.exe

C:\Windows\System\oPEmIMK.exe

C:\Windows\System\oPEmIMK.exe

C:\Windows\System\XMEOgcT.exe

C:\Windows\System\XMEOgcT.exe

C:\Windows\System\sghvpBQ.exe

C:\Windows\System\sghvpBQ.exe

C:\Windows\System\IPfScMu.exe

C:\Windows\System\IPfScMu.exe

C:\Windows\System\sDmXHem.exe

C:\Windows\System\sDmXHem.exe

C:\Windows\System\AVMUvQD.exe

C:\Windows\System\AVMUvQD.exe

C:\Windows\System\SSwwVTE.exe

C:\Windows\System\SSwwVTE.exe

C:\Windows\System\gzNrYlj.exe

C:\Windows\System\gzNrYlj.exe

C:\Windows\System\lnmKfgm.exe

C:\Windows\System\lnmKfgm.exe

C:\Windows\System\ToMwjxo.exe

C:\Windows\System\ToMwjxo.exe

C:\Windows\System\XednJKq.exe

C:\Windows\System\XednJKq.exe

C:\Windows\System\jWwzMzc.exe

C:\Windows\System\jWwzMzc.exe

C:\Windows\System\UbdfJCD.exe

C:\Windows\System\UbdfJCD.exe

C:\Windows\System\rOBihWn.exe

C:\Windows\System\rOBihWn.exe

C:\Windows\System\VZlJqXm.exe

C:\Windows\System\VZlJqXm.exe

C:\Windows\System\rQOJrKe.exe

C:\Windows\System\rQOJrKe.exe

C:\Windows\System\eaVwBjz.exe

C:\Windows\System\eaVwBjz.exe

C:\Windows\System\QuzrJpt.exe

C:\Windows\System\QuzrJpt.exe

C:\Windows\System\YIAtAef.exe

C:\Windows\System\YIAtAef.exe

C:\Windows\System\aaAcdvE.exe

C:\Windows\System\aaAcdvE.exe

C:\Windows\System\CBEGArY.exe

C:\Windows\System\CBEGArY.exe

C:\Windows\System\xnRUurB.exe

C:\Windows\System\xnRUurB.exe

C:\Windows\System\GRRdGEm.exe

C:\Windows\System\GRRdGEm.exe

C:\Windows\System\jSwCjBa.exe

C:\Windows\System\jSwCjBa.exe

C:\Windows\System\BHwiBZP.exe

C:\Windows\System\BHwiBZP.exe

C:\Windows\System\dWrIWKD.exe

C:\Windows\System\dWrIWKD.exe

C:\Windows\System\xxmAMbU.exe

C:\Windows\System\xxmAMbU.exe

C:\Windows\System\YysToHY.exe

C:\Windows\System\YysToHY.exe

C:\Windows\System\YCqYPIK.exe

C:\Windows\System\YCqYPIK.exe

C:\Windows\System\tudiCCk.exe

C:\Windows\System\tudiCCk.exe

C:\Windows\System\pkSPsiw.exe

C:\Windows\System\pkSPsiw.exe

C:\Windows\System\flebuxx.exe

C:\Windows\System\flebuxx.exe

C:\Windows\System\RRQIWtm.exe

C:\Windows\System\RRQIWtm.exe

C:\Windows\System\dIYTqBZ.exe

C:\Windows\System\dIYTqBZ.exe

C:\Windows\System\hxjHREI.exe

C:\Windows\System\hxjHREI.exe

C:\Windows\System\HgkHVQm.exe

C:\Windows\System\HgkHVQm.exe

C:\Windows\System\ArnHvJn.exe

C:\Windows\System\ArnHvJn.exe

C:\Windows\System\wDVVBnm.exe

C:\Windows\System\wDVVBnm.exe

C:\Windows\System\hCBhKwL.exe

C:\Windows\System\hCBhKwL.exe

C:\Windows\System\esfbtsU.exe

C:\Windows\System\esfbtsU.exe

C:\Windows\System\lpQqgAi.exe

C:\Windows\System\lpQqgAi.exe

C:\Windows\system32\WerFaultSecure.exe

C:\Windows\system32\WerFaultSecure.exe -u -p 5096 -s 2220

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
IE 52.111.236.23:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/5044-0-0x00007FF733890000-0x00007FF733BE4000-memory.dmp

memory/5044-1-0x000001DE8D4C0000-0x000001DE8D4D0000-memory.dmp

C:\Windows\System\wpHSmgz.exe

MD5 40bc80176114eddfb340b08e30172b0a
SHA1 686177e4c764e7777bc3b5be528066618fb86e88
SHA256 5e9d4a7d11d3b438a721160548b079c1a682214110f65658b6154653d78a245b
SHA512 e1e27d54710501114b4946d362c27e292ac092bc59267a85b57a1cd2d4dc1241b18087ed5474d1d1361d2aed3202919e60c62714562de892d4a790f9bae9ef32

memory/2708-7-0x00007FF624EE0000-0x00007FF625234000-memory.dmp

C:\Windows\System\YugXXah.exe

MD5 f7084c363e2c516c41987317a38d8746
SHA1 457eef7ce3b13e2838e3fd3a973f3ea84e0b1f85
SHA256 06defe5cd536870f66e3ee84f64d83b845460582cc17fac665f19f159e953623
SHA512 583cad567c7e92ead42c3563f5552c3e3ef7dca7440bee8b2abe88a1fba0de7cbf95725d635ced9665e112af74b5c49791a248e468a0a97d77fd09b8ec3f80a0

C:\Windows\System\VPMTbsg.exe

MD5 1a0492c24c472fd25e1b7b560162040d
SHA1 5c51fda910e4f378bb4f59c1c50389aeb978cd64
SHA256 489e4d7e514646a81c048907e49f4100e1983c266e16691d31e123db9d634c47
SHA512 694066e970bf7402a5c1fd449ad19ae8b14ff66ce0d9020fe18514a3b673243d403e6805b2e52d05214e40a65f6b535475721ca7d6802b7b24eedc937f1c3b97

C:\Windows\System\jzYfivw.exe

MD5 49620bb782b8cde76d1daa33c6db88e1
SHA1 4c65ebc1e8a537240322091f11beb98f0bb175e1
SHA256 e9fe90eaeef3365f2a6be5ce46eb3ddca2cbb27ca9fda621f8aa88a40715da5a
SHA512 eb364f9c3e303d89894920582df8cf813b4a314fdd95ada0c7579a482d9c2d8fe805b504ef9a6d0ceb925e2ccb3cb025f1f7191f8355795f054226114e78831e

memory/3268-38-0x00007FF7BB650000-0x00007FF7BB9A4000-memory.dmp

C:\Windows\System\pbloxoI.exe

MD5 77fd28dc45ff0d7902724ea05404083a
SHA1 624d6eaa89164bebd696bbc751c7491d5e7f1308
SHA256 974675d0babc51d808b869251d87a4ca4e81e4c0f1176908e9793953df294868
SHA512 179a8e5fd8daa621e6ee8ea4215bd9aadd124a0e6542c628f7c06b339bf5d869e07d2ec7f7d4ac699ed15bc8410f75ff1e182129ad852dcf571af9905dffd94f

C:\Windows\System\YoGilKz.exe

MD5 6cab31255b4a29057ebace4ea809198b
SHA1 54e2c51d4a934f722b253557374d389ba4ab4761
SHA256 dd31bd56d4deca654acdf7826ef429a89669596bc2e4d43618dd5d06987b4378
SHA512 3d4545e1dfca75fa880f0bbd0db4b503c66c57596fd76fba7418beb00d175db9d2ece98f3783257febd27720914ce5da12781d80d7d5630d1db82c17781a8286

C:\Windows\System\ZvBlMzx.exe

MD5 e98be158ad6456629d874ba79f315afc
SHA1 702dd444a23195d4862c0cb3438a0a9dcc94d38c
SHA256 03fd60a521a6443a2fcc1145ef2c1f57d7036cf41df6c5f618c79e8a74ad33b6
SHA512 7ba70b406af2a95c36bd8d2df4ab259ae1efe5adadc2ed667cebfaf6b60d9cb1c4c054abcb0914f5c739b1d23de9d1b9346a220e237fac9ae8bf0f4021c7b9a3

C:\Windows\System\OMOgkjA.exe

MD5 c3a8c7cee67369dbc05c21a1b847d7ed
SHA1 1c3b764603db1d3add95eb7d2cf418a7f457c1a5
SHA256 7405683bf0902b228bc7b6809d718ac8787fe84944a73ae208d422822ba9a139
SHA512 62943cd9683be01b9897526ec7585fdab84e441713d1e6b1f443f91c603d63e7159cf9b93a822b6a2ee7a0de4120db4b40612c5fbb7b405cc1b5d8a1bef8e4fa

C:\Windows\System\ydHYnAH.exe

MD5 58574ff1de29d149a63dd8c5ba01ea96
SHA1 8eb6c1b71ff1f245e639f55dcbb735603832f1f9
SHA256 3023c37930c7f1bb3736bf84eb3a7f14880289bfb1acf406eb4065932bab6818
SHA512 8e63d29266caa392b95b6106b8b820720cfe3c7d1a318cda1a2c62cb027411442ed2535631918bf8aaba6799b2fea2120d8c8aed9387e7a499824ab3a1bda20a

C:\Windows\System\rEBdsVh.exe

MD5 5932127f9894c14df19a55d9478d55b2
SHA1 a1d45f663dc74aa80cf96cecbba1cd485c778b9f
SHA256 894de2e4a577484e59e7a94649cff462264477281d041d214fcc9312922e8890
SHA512 caba3f6e8e99d28db68dcf951275563a9d290d087de9d93621eb576658942e8f14d1e4a7649885c9c21e1364cbbaf991c1589474d85abf4ff6d5d8dfcff281f6

C:\Windows\System\xjRBkgz.exe

MD5 3620a409b9718fac4b044e3d3ea6d56f
SHA1 ffde7139bdf63d267243895e9878e094c970d9e5
SHA256 3740a97794f2322fb0c03808e6bf7477338a382d8f1cff112f9d6cc987fd2cba
SHA512 0d9e076ccb67a186c97582d325645c14771aedd88d616bf1e84883ab997bb421392ec43f95ef11170c1cfb94196905eebd37544b5f82226b4baaf0f7ac1f93c6

C:\Windows\System\DuEdABn.exe

MD5 96360d9b8592f2198ccf7eb6346e21f2
SHA1 48e20104c0ebbeddfdb983483fc0aee572e4ebd6
SHA256 d6305209b1604d9b4c4dc28d72915ab4da1e1f006ead1953e31acdf353c6b5e2
SHA512 7c100abc93bd319d4a223c09b07be7882483efc189a0070f54ef54548adf78954fc7fc0715c203af9c5969f01e777710a61249888bf1cbedec9c5a4e34d4583c

C:\Windows\System\RAWrOjA.exe

MD5 ac1d7291d74ae983dc66325825b96926
SHA1 708a3cbbb0be2b881e9795c63f081c2e2cbca469
SHA256 08e448059a8c32ba17eea4da7ae7771df64869f4356dd448ca61e5f43bb8a7d0
SHA512 ee885edc5141b7f39fd87eb44f5c792344a015563a007298704f52a1eba075742b273cdb74c6a5af1c020707f7c10378031337de61b501411475a982d689bc83

C:\Windows\System\vahCjdX.exe

MD5 4cc13e0e270b84be6389f8df9de55910
SHA1 2d1478ca094e241d46777a9d65309bc8d54c8d78
SHA256 f747d211e2afc4c223a970009343baf590ceec573ff009fa5ebcaa35cc436589
SHA512 ee4fd8fd5b6147c0926d7c5b4a74dfaa2d799744673cc923d7ba3259932e63c74139e45ea136a3e02e676e9cedb46853f58717022564ebe426d91af56ea7f2a5

C:\Windows\System\eHpXVCT.exe

MD5 527f63feeeb692eb254fa710ff64692e
SHA1 c6d01054a639d46e2a602ea5dcf1ca2a668ec1c2
SHA256 1f767122f971425807f0174e079e029e9b8cba3f766486c64f41eef5c3ce19f2
SHA512 7d6cf23b617d1be8a35e9b0b9755dc8137df2824ed33a7073a57459e900de5181ae7e119130d64f9fa6a0d8f4858b88b5160bbfb087de3ede28929645cc85f8a

C:\Windows\System\LuQNfnX.exe

MD5 621af0ffe863cc1f98ecbde71f80b462
SHA1 0398376f2c46b1f504075f8b5577ee94a83b2043
SHA256 56185b6790c4ba3aa40c6ca735cf4c2df1b40a0782e6d945b5369f2b3c0b5cb0
SHA512 687a31bc0628575c73c1a6e060e100d4d768cb21fbce4c1e273040198cc034264fd91e885181ded1d4de6c8b3253fb8b888c0e6d33305ea1e90a532887e74f51

memory/2560-473-0x00007FF734140000-0x00007FF734494000-memory.dmp

memory/1304-475-0x00007FF761B40000-0x00007FF761E94000-memory.dmp

memory/1528-484-0x00007FF657230000-0x00007FF657584000-memory.dmp

memory/1536-491-0x00007FF7BA4D0000-0x00007FF7BA824000-memory.dmp

memory/3548-488-0x00007FF648B10000-0x00007FF648E64000-memory.dmp

memory/2544-497-0x00007FF6398D0000-0x00007FF639C24000-memory.dmp

memory/4268-500-0x00007FF78A480000-0x00007FF78A7D4000-memory.dmp

memory/5100-501-0x00007FF61D960000-0x00007FF61DCB4000-memory.dmp

memory/4472-502-0x00007FF7EA840000-0x00007FF7EAB94000-memory.dmp

memory/4760-505-0x00007FF7A63D0000-0x00007FF7A6724000-memory.dmp

memory/4620-506-0x00007FF60B440000-0x00007FF60B794000-memory.dmp

memory/4828-515-0x00007FF7BE990000-0x00007FF7BECE4000-memory.dmp

memory/3832-535-0x00007FF6CD590000-0x00007FF6CD8E4000-memory.dmp

memory/3516-544-0x00007FF6CB840000-0x00007FF6CBB94000-memory.dmp

memory/1948-530-0x00007FF62C780000-0x00007FF62CAD4000-memory.dmp

memory/1976-526-0x00007FF6E94A0000-0x00007FF6E97F4000-memory.dmp

memory/5008-520-0x00007FF7EDF50000-0x00007FF7EE2A4000-memory.dmp

memory/4208-518-0x00007FF61EDB0000-0x00007FF61F104000-memory.dmp

memory/2532-512-0x00007FF793C20000-0x00007FF793F74000-memory.dmp

memory/2700-507-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp

memory/4500-504-0x00007FF7F4D20000-0x00007FF7F5074000-memory.dmp

memory/3080-503-0x00007FF67CEE0000-0x00007FF67D234000-memory.dmp

C:\Windows\System\TKFrTxu.exe

MD5 ad1e632514ff545391ed0ed9ea31621e
SHA1 3f2a42ffa9e330ef8086c40e8c460ceb6b18dda7
SHA256 32124fd15b1d109184fd902d7d97b3a7e8dccdac604f4fd08046c8df61380d45
SHA512 5d1e92a83b62678c0315ad51b8fcffa6f0a52e780313e0fe626c6d934b8ea5082ad0a4bf23a6ad002f48bad5d85902c85cf8666bf001d09850b012abd5b038cd

C:\Windows\System\wibDZkS.exe

MD5 c2df2de14797e45e1d943c742c4f362c
SHA1 5078b83b6909b96e4ffb545e12aa70d55d285ca0
SHA256 38aaefa0f088653b57bfda662fade8959344509cdf41c153c8158ea1e803b517
SHA512 ee714c3708aaba67107d37c65442e7afc30f0778da7ff65a08197c1676a89f1ce7151dce6cc398c4d0653316b377e5d8d3225c3ad49e65ff9215e29564c679cb

C:\Windows\System\afjTjYw.exe

MD5 321fd0dc2d8f2a4208817152ef47481f
SHA1 546b640264eca3e186af7df38055bba8966feecb
SHA256 5866fe6c32d4e2b2657e4676c0616660e42f93f18d4e6e20659e57f620addc11
SHA512 833558b02ed947912ba0a1abec7807cdfa68f53303ad6f3c7b9698c56bdefc9afdee720c1e71f57d259c713d08ec993c9f59f942ea373914654e9d3bd5ff69eb

C:\Windows\System\AUaEVnG.exe

MD5 92701d92905364d037fb91b2fd9f6a35
SHA1 2db0e4368996783896ef781bf48ca807d3603988
SHA256 1e7c55d4d6291117d8a7c761e1f185c5236f3ad6f60619aabefda3b2d3e6b2ce
SHA512 102f4087783bacd065ef88fe304d995318ac488dba39d9b16e2e558affaa2d5d8b0196e9f14c5944eeb309b59e51700227fba8c4db027680716b223d7f3fcf87

C:\Windows\System\dIZDDki.exe

MD5 a329cd2fb100d98791586348643cf7fb
SHA1 98b53f3411d8574afef9d27e528efdd73f044ce3
SHA256 016924ee941f339913d6bfb063a726f51a863f172a70a49c3135722812f98211
SHA512 2b6b2484b7a21d7c4f74fa5d4649055ef1cf56f885e593af51ce7573d5d901867305e5d781f09d2d34a676d46451958944b5fd4eed9eee7d859f891a1d47289f

C:\Windows\System\ppGoLYg.exe

MD5 f9fa08782cb22e2bd14376d16d6ee266
SHA1 c4a8156364c68d80d0a0aa37da24c169609b3250
SHA256 af4816433c079b444827a8e50f3960e83336787d1145ca3665490c11dd64e62d
SHA512 cc2f273e4f2f7d37c766c268495d2b48957f76c4ae132d5a44d0be861b836f3f76f7d7611097d0392daf2fdfcc589a776b110de539e378990c4db82c10df3c40

C:\Windows\System\zhHPYZu.exe

MD5 3ef84cb2396dc6b6515fb20b432a6b79
SHA1 213ab1fe4a59a06d5d665512c2eef4cbdc556046
SHA256 a956c074ab7fc94668a4a7e9fa0648b80ef3f8d771406a816396b0437a28c592
SHA512 6eeefa959ac42f6645c4d14852eb3d7345fa85b3c941298535a43324f0a1c2391de14db2af176403ef74f9f65becf590e161ef32ebc85b6ad61b32ea2a9e3b33

C:\Windows\System\PFHdWvd.exe

MD5 0d7bfbeb85c66c94955cf5675e5d9ed6
SHA1 1a6e449e0a6b208466ce32b7b46870bfdedc7806
SHA256 06262615fa44f552495a6a8eb30d1687993b23e0d263835024aeb6b04ca7ee85
SHA512 4b10edb0d82c068b73ce577a189a066e9202b93ee37142f85d5d58f70d62b02f773df33014008b87d198e1016b9a864ff40bf0196812c727c2aae2798ea0ab60

C:\Windows\System\WtfbCCP.exe

MD5 a32a958f426fd77886521581874d9c88
SHA1 f909551b9862fcead1ee48926da75ceb7f910d31
SHA256 50400bf9f9de241dadacd30ecb827b40ec2d92a746faa4ba9504714ad531d093
SHA512 b1942b68ec6ca6c3fc19c24c1067ab1e76c21e62492866334da20c140154ca298b003e5d4d8b5c092da66b4a8b790b18c60c31d281f90106d50651715d73bf15

C:\Windows\System\GUWkbxZ.exe

MD5 5f36490a99ecf8de96e858dca57061a5
SHA1 0b7e1d08d09901e69b11ad0a74be52e22e513305
SHA256 847a38f8fe1f0384f30fe44af5038457b36037bf7393fd8d739f405032ea1497
SHA512 c17a1b468855b980add565f085ed6cd1bc8f6fb0a1c07d01f2e5930e2afccf9a11e2021b0182d11f69010d286da7ddd47430ec83c90734119e5e1aadb82807a8

C:\Windows\System\mSVPbdS.exe

MD5 f234df070bb996381cc3f3bdc375c4d0
SHA1 e459210ccd06e89ba6251e000a81650f402e4917
SHA256 0802f2bec465fd1f9666641dd01e76fd864dd18ed8878093ac52a3be1ed300b4
SHA512 78a095d92127546ddd2d8af7a3ebfc723f89a95e7323fc95de5092c2b95d138c48ee2fbd1895efa3a3229a768197aabef16350cf04d6dda30d7de4fb3aabcf8b

C:\Windows\System\fkQLtka.exe

MD5 c6aa064d22556f585cf1fcc2cb44414e
SHA1 4459d13b756f7339a477097d278c0a84832f8d6f
SHA256 3266a014a71bc17ea740d9ca1eee12d7609f2f6d1094c08cb31a9170974acf53
SHA512 7582c32e6748eb587c8198d78a0a8c4a2c7a35e358f3ecf71eda246cbb5ac5282650fc359340851d821c58bf8ea54f227b9130795380dfac517b4ffe0f2d196c

C:\Windows\System\YehlDmE.exe

MD5 ed16dae28072c17feb3af3211d7f165b
SHA1 f4b5aeecc0a27013822a1fa8e52574b06cfa87db
SHA256 4c2cac18887cb68ee5fbee15ed4236f13037f633b2af88bea3c4e57d5906a392
SHA512 be05ea42bef12b3683a0b6fa1eb5447a9a325f14a439ae5bae41e2b3debd9c5c3964cf1badf9403d81f2a86bbd9e69a329f05cac5b56f3f3648b21c7b43fafec

C:\Windows\System\AYdPqql.exe

MD5 c2ab6d499deda461be9a2ab368a90295
SHA1 bb530887f81bba37bb7259295704805481b92328
SHA256 2e918537f74b8965ef4bbbc165fc3a2106f3dbdddd8fa50bbdbfe92defd9d7a8
SHA512 07ed4bdce2b0b3cbb119de0d6b56e31124c11407eab4b848b8e9218476900ad3a7b86471c9426f7b93f4b8a4a1115f640ff381c4ab93e6099a5c9f64e085d9d3

memory/2944-50-0x00007FF78ECA0000-0x00007FF78EFF4000-memory.dmp

memory/1932-46-0x00007FF7B2270000-0x00007FF7B25C4000-memory.dmp

C:\Windows\System\UDClUXo.exe

MD5 96acc03d522ed7a4865013ec4eb6175a
SHA1 8fed1b212fdabd113909fcddc5461c2c282b7c9d
SHA256 d9e0d68322d4e75a91dc874a0e7c34566f588f6641d71091f7b4e86c1c54b8a8
SHA512 b145f1da805d02380c0793b309e28fa482f890f03bcc460f23c311333a042740649ea19326ea414f65c9106858b4ab16fdac9787d27feb8cfd98a3e90990f76e

C:\Windows\System\fkxaliG.exe

MD5 78c67f12f3da64bedb30664d976f0aea
SHA1 425003e7daf9ee22668bab6ab47a8463cefa6941
SHA256 2d6f547788f6d673ef652773c59693e81bb9cee8b3ce5d543e025f6065bb8dcd
SHA512 bda789334f20a16248f66fe4a342ee6f763c4fdbc7151a149e386b2c5df0b430c820d89350c0380c8f9773da7f27a78c4a422b99e7e44f4846ee2f73f8e860c2

memory/3860-37-0x00007FF7A7650000-0x00007FF7A79A4000-memory.dmp

memory/5000-31-0x00007FF7C5320000-0x00007FF7C5674000-memory.dmp

C:\Windows\System\dixlVfK.exe

MD5 1176f468cf8b26b195b80254e5550181
SHA1 4109af847ee37d1a867ce483dd3ea9fb494c7f3d
SHA256 5fbe274fc01bf5c967e5533c1a124196ce1122e1849fa9381d71a9cd0ffac996
SHA512 af52d784e1a81a5a1147c2dfdbb986f7da0b43ddede9467a94c4d4191beaebbbab82c0ed98ccdac13eea2caaab315f0527b3cefd0634b4ba5ba81645c8a7e976

memory/4544-24-0x00007FF77DBF0000-0x00007FF77DF44000-memory.dmp

memory/4544-2124-0x00007FF77DBF0000-0x00007FF77DF44000-memory.dmp

memory/5000-2125-0x00007FF7C5320000-0x00007FF7C5674000-memory.dmp

memory/3860-2126-0x00007FF7A7650000-0x00007FF7A79A4000-memory.dmp

memory/1932-2127-0x00007FF7B2270000-0x00007FF7B25C4000-memory.dmp

memory/2560-2128-0x00007FF734140000-0x00007FF734494000-memory.dmp

memory/2708-2138-0x00007FF624EE0000-0x00007FF625234000-memory.dmp

memory/4544-2139-0x00007FF77DBF0000-0x00007FF77DF44000-memory.dmp

memory/3268-2141-0x00007FF7BB650000-0x00007FF7BB9A4000-memory.dmp

memory/5000-2140-0x00007FF7C5320000-0x00007FF7C5674000-memory.dmp

memory/1932-2143-0x00007FF7B2270000-0x00007FF7B25C4000-memory.dmp

memory/3860-2144-0x00007FF7A7650000-0x00007FF7A79A4000-memory.dmp

memory/2944-2142-0x00007FF78ECA0000-0x00007FF78EFF4000-memory.dmp

memory/1304-2145-0x00007FF761B40000-0x00007FF761E94000-memory.dmp

memory/3516-2147-0x00007FF6CB840000-0x00007FF6CBB94000-memory.dmp

memory/3548-2154-0x00007FF648B10000-0x00007FF648E64000-memory.dmp

memory/4760-2157-0x00007FF7A63D0000-0x00007FF7A6724000-memory.dmp

memory/4620-2158-0x00007FF60B440000-0x00007FF60B794000-memory.dmp

memory/4500-2156-0x00007FF7F4D20000-0x00007FF7F5074000-memory.dmp

memory/3080-2155-0x00007FF67CEE0000-0x00007FF67D234000-memory.dmp

memory/1536-2153-0x00007FF7BA4D0000-0x00007FF7BA824000-memory.dmp

memory/4268-2152-0x00007FF78A480000-0x00007FF78A7D4000-memory.dmp

memory/2544-2151-0x00007FF6398D0000-0x00007FF639C24000-memory.dmp

memory/5100-2150-0x00007FF61D960000-0x00007FF61DCB4000-memory.dmp

memory/4472-2149-0x00007FF7EA840000-0x00007FF7EAB94000-memory.dmp

memory/2560-2148-0x00007FF734140000-0x00007FF734494000-memory.dmp

memory/1528-2146-0x00007FF657230000-0x00007FF657584000-memory.dmp

memory/2700-2165-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp

memory/4208-2166-0x00007FF61EDB0000-0x00007FF61F104000-memory.dmp

memory/1948-2164-0x00007FF62C780000-0x00007FF62CAD4000-memory.dmp

memory/1976-2163-0x00007FF6E94A0000-0x00007FF6E97F4000-memory.dmp

memory/4828-2162-0x00007FF7BE990000-0x00007FF7BECE4000-memory.dmp

memory/5008-2161-0x00007FF7EDF50000-0x00007FF7EE2A4000-memory.dmp

memory/2532-2160-0x00007FF793C20000-0x00007FF793F74000-memory.dmp

memory/3832-2159-0x00007FF6CD590000-0x00007FF6CD8E4000-memory.dmp