Malware Analysis Report

2025-04-19 17:00

Sample ID 240522-qjlbxacg9v
Target 30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe
SHA256 c70869079d152e9e3b024fd8d278f038f9ffa183ea4194ba532909cfe0b5dbf0
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c70869079d152e9e3b024fd8d278f038f9ffa183ea4194ba532909cfe0b5dbf0

Threat Level: Known bad

The file 30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 13:17

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 13:17

Reported

2024-05-22 13:20

Platform

win7-20231129-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\XJTmtGe.exe N/A
N/A N/A C:\Windows\System\LAXXPhI.exe N/A
N/A N/A C:\Windows\System\euoCTkI.exe N/A
N/A N/A C:\Windows\System\WsBtlJl.exe N/A
N/A N/A C:\Windows\System\nJEXIKp.exe N/A
N/A N/A C:\Windows\System\izwlOjV.exe N/A
N/A N/A C:\Windows\System\fPsDRsr.exe N/A
N/A N/A C:\Windows\System\qhDVYWs.exe N/A
N/A N/A C:\Windows\System\mJuYkzT.exe N/A
N/A N/A C:\Windows\System\lOpvfFV.exe N/A
N/A N/A C:\Windows\System\ZLHlDPa.exe N/A
N/A N/A C:\Windows\System\oITyZHB.exe N/A
N/A N/A C:\Windows\System\hQHrgxf.exe N/A
N/A N/A C:\Windows\System\DQxZghc.exe N/A
N/A N/A C:\Windows\System\LYxliZI.exe N/A
N/A N/A C:\Windows\System\lDVYQVm.exe N/A
N/A N/A C:\Windows\System\FLleypW.exe N/A
N/A N/A C:\Windows\System\nZexmrT.exe N/A
N/A N/A C:\Windows\System\rATMjMh.exe N/A
N/A N/A C:\Windows\System\WAdvODv.exe N/A
N/A N/A C:\Windows\System\rgWcklo.exe N/A
N/A N/A C:\Windows\System\LpVIDnF.exe N/A
N/A N/A C:\Windows\System\wGBRPfK.exe N/A
N/A N/A C:\Windows\System\rVdSwRk.exe N/A
N/A N/A C:\Windows\System\VAkQsyz.exe N/A
N/A N/A C:\Windows\System\oqKVcKC.exe N/A
N/A N/A C:\Windows\System\NeUfDCm.exe N/A
N/A N/A C:\Windows\System\DOWXckX.exe N/A
N/A N/A C:\Windows\System\yUatQTc.exe N/A
N/A N/A C:\Windows\System\djLhWhR.exe N/A
N/A N/A C:\Windows\System\yVHZDSO.exe N/A
N/A N/A C:\Windows\System\AvhDodZ.exe N/A
N/A N/A C:\Windows\System\mUWPBEZ.exe N/A
N/A N/A C:\Windows\System\QQKdIPL.exe N/A
N/A N/A C:\Windows\System\dRTOZiN.exe N/A
N/A N/A C:\Windows\System\rjgGMYU.exe N/A
N/A N/A C:\Windows\System\LdpdIek.exe N/A
N/A N/A C:\Windows\System\YhztfPc.exe N/A
N/A N/A C:\Windows\System\BHbpZwk.exe N/A
N/A N/A C:\Windows\System\vKfDsIB.exe N/A
N/A N/A C:\Windows\System\FqUGuLi.exe N/A
N/A N/A C:\Windows\System\KuXfycK.exe N/A
N/A N/A C:\Windows\System\mTTMcOD.exe N/A
N/A N/A C:\Windows\System\xjcwUWy.exe N/A
N/A N/A C:\Windows\System\PIBQmVH.exe N/A
N/A N/A C:\Windows\System\YyNMSij.exe N/A
N/A N/A C:\Windows\System\VxjDEHd.exe N/A
N/A N/A C:\Windows\System\IOKaAYP.exe N/A
N/A N/A C:\Windows\System\PYIWDWu.exe N/A
N/A N/A C:\Windows\System\GjNFUHS.exe N/A
N/A N/A C:\Windows\System\tzyQPZP.exe N/A
N/A N/A C:\Windows\System\JbLJYAx.exe N/A
N/A N/A C:\Windows\System\xcdzVZo.exe N/A
N/A N/A C:\Windows\System\SvdgPRa.exe N/A
N/A N/A C:\Windows\System\BFCvfiJ.exe N/A
N/A N/A C:\Windows\System\XmcBGQo.exe N/A
N/A N/A C:\Windows\System\xzCreAx.exe N/A
N/A N/A C:\Windows\System\bJuiZqm.exe N/A
N/A N/A C:\Windows\System\SLMzdGi.exe N/A
N/A N/A C:\Windows\System\PqZJQEZ.exe N/A
N/A N/A C:\Windows\System\aJiXiCM.exe N/A
N/A N/A C:\Windows\System\qIcOAOv.exe N/A
N/A N/A C:\Windows\System\SyjmiqC.exe N/A
N/A N/A C:\Windows\System\bNdXLIK.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\rqBdRBv.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\jIQJIsL.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBTzIWZ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQwoHvm.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\bsWWhfQ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\XGOBGwg.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\cRAuCJb.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\VFwMmXN.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLuvUVP.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\DUDRbES.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\KTeGHZi.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\MkvJUJB.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\xIsjwfx.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\EcmTztc.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvKYHXD.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\fesoPux.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\snwgKNX.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\EpKHNoA.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\NuljAWZ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\YYZCTrN.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\pkuasZi.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\crJQrTX.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOibalW.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\WmVEbiA.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\kPPtVWd.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsRKrzC.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\dBVCKci.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\tqRyGmg.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\XgIFzyn.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\NwCarvZ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\cJcoeEv.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\jfcwXkE.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\MZWgHMq.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpHoXPw.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\acWLoTQ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdGgqIQ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\DUoCHXG.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\lnHaZNb.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\KvLPomX.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\XSBBxRI.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\miIQNTB.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\nTiuHaL.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\GEUQoNb.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\tlGwpeg.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMZpFkQ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\AQXofFm.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\sZAnkbK.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ieAvrFw.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\zbEIXfw.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\duiptvI.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\IEKMgkm.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\xPnjTve.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\tOQbKfD.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\AyGLFyn.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMBTxmZ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\QdnCUHy.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\aIZritc.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAFugrH.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\wGigELz.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\fyanUrY.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\SsqnBgQ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\mwiDknG.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMelpUv.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\jdcwbwA.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2264 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2264 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2264 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2264 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\XJTmtGe.exe
PID 2264 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\XJTmtGe.exe
PID 2264 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\XJTmtGe.exe
PID 2264 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LAXXPhI.exe
PID 2264 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LAXXPhI.exe
PID 2264 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LAXXPhI.exe
PID 2264 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WsBtlJl.exe
PID 2264 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WsBtlJl.exe
PID 2264 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WsBtlJl.exe
PID 2264 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\euoCTkI.exe
PID 2264 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\euoCTkI.exe
PID 2264 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\euoCTkI.exe
PID 2264 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nJEXIKp.exe
PID 2264 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nJEXIKp.exe
PID 2264 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nJEXIKp.exe
PID 2264 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\izwlOjV.exe
PID 2264 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\izwlOjV.exe
PID 2264 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\izwlOjV.exe
PID 2264 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\fPsDRsr.exe
PID 2264 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\fPsDRsr.exe
PID 2264 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\fPsDRsr.exe
PID 2264 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\qhDVYWs.exe
PID 2264 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\qhDVYWs.exe
PID 2264 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\qhDVYWs.exe
PID 2264 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\oITyZHB.exe
PID 2264 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\oITyZHB.exe
PID 2264 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\oITyZHB.exe
PID 2264 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\mJuYkzT.exe
PID 2264 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\mJuYkzT.exe
PID 2264 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\mJuYkzT.exe
PID 2264 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\hQHrgxf.exe
PID 2264 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\hQHrgxf.exe
PID 2264 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\hQHrgxf.exe
PID 2264 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lOpvfFV.exe
PID 2264 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lOpvfFV.exe
PID 2264 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lOpvfFV.exe
PID 2264 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\DQxZghc.exe
PID 2264 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\DQxZghc.exe
PID 2264 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\DQxZghc.exe
PID 2264 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\ZLHlDPa.exe
PID 2264 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\ZLHlDPa.exe
PID 2264 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\ZLHlDPa.exe
PID 2264 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nZexmrT.exe
PID 2264 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nZexmrT.exe
PID 2264 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nZexmrT.exe
PID 2264 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LYxliZI.exe
PID 2264 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LYxliZI.exe
PID 2264 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LYxliZI.exe
PID 2264 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\rATMjMh.exe
PID 2264 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\rATMjMh.exe
PID 2264 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\rATMjMh.exe
PID 2264 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lDVYQVm.exe
PID 2264 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lDVYQVm.exe
PID 2264 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lDVYQVm.exe
PID 2264 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WAdvODv.exe
PID 2264 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WAdvODv.exe
PID 2264 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WAdvODv.exe
PID 2264 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\FLleypW.exe
PID 2264 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\FLleypW.exe
PID 2264 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\FLleypW.exe
PID 2264 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LpVIDnF.exe

Processes

C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\XJTmtGe.exe

C:\Windows\System\XJTmtGe.exe

C:\Windows\System\LAXXPhI.exe

C:\Windows\System\LAXXPhI.exe

C:\Windows\System\WsBtlJl.exe

C:\Windows\System\WsBtlJl.exe

C:\Windows\System\euoCTkI.exe

C:\Windows\System\euoCTkI.exe

C:\Windows\System\nJEXIKp.exe

C:\Windows\System\nJEXIKp.exe

C:\Windows\System\izwlOjV.exe

C:\Windows\System\izwlOjV.exe

C:\Windows\System\fPsDRsr.exe

C:\Windows\System\fPsDRsr.exe

C:\Windows\System\qhDVYWs.exe

C:\Windows\System\qhDVYWs.exe

C:\Windows\System\oITyZHB.exe

C:\Windows\System\oITyZHB.exe

C:\Windows\System\mJuYkzT.exe

C:\Windows\System\mJuYkzT.exe

C:\Windows\System\hQHrgxf.exe

C:\Windows\System\hQHrgxf.exe

C:\Windows\System\lOpvfFV.exe

C:\Windows\System\lOpvfFV.exe

C:\Windows\System\DQxZghc.exe

C:\Windows\System\DQxZghc.exe

C:\Windows\System\ZLHlDPa.exe

C:\Windows\System\ZLHlDPa.exe

C:\Windows\System\nZexmrT.exe

C:\Windows\System\nZexmrT.exe

C:\Windows\System\LYxliZI.exe

C:\Windows\System\LYxliZI.exe

C:\Windows\System\rATMjMh.exe

C:\Windows\System\rATMjMh.exe

C:\Windows\System\lDVYQVm.exe

C:\Windows\System\lDVYQVm.exe

C:\Windows\System\WAdvODv.exe

C:\Windows\System\WAdvODv.exe

C:\Windows\System\FLleypW.exe

C:\Windows\System\FLleypW.exe

C:\Windows\System\LpVIDnF.exe

C:\Windows\System\LpVIDnF.exe

C:\Windows\System\rgWcklo.exe

C:\Windows\System\rgWcklo.exe

C:\Windows\System\oqKVcKC.exe

C:\Windows\System\oqKVcKC.exe

C:\Windows\System\wGBRPfK.exe

C:\Windows\System\wGBRPfK.exe

C:\Windows\System\NeUfDCm.exe

C:\Windows\System\NeUfDCm.exe

C:\Windows\System\rVdSwRk.exe

C:\Windows\System\rVdSwRk.exe

C:\Windows\System\yUatQTc.exe

C:\Windows\System\yUatQTc.exe

C:\Windows\System\VAkQsyz.exe

C:\Windows\System\VAkQsyz.exe

C:\Windows\System\djLhWhR.exe

C:\Windows\System\djLhWhR.exe

C:\Windows\System\DOWXckX.exe

C:\Windows\System\DOWXckX.exe

C:\Windows\System\AvhDodZ.exe

C:\Windows\System\AvhDodZ.exe

C:\Windows\System\yVHZDSO.exe

C:\Windows\System\yVHZDSO.exe

C:\Windows\System\rjgGMYU.exe

C:\Windows\System\rjgGMYU.exe

C:\Windows\System\mUWPBEZ.exe

C:\Windows\System\mUWPBEZ.exe

C:\Windows\System\YhztfPc.exe

C:\Windows\System\YhztfPc.exe

C:\Windows\System\QQKdIPL.exe

C:\Windows\System\QQKdIPL.exe

C:\Windows\System\BHbpZwk.exe

C:\Windows\System\BHbpZwk.exe

C:\Windows\System\dRTOZiN.exe

C:\Windows\System\dRTOZiN.exe

C:\Windows\System\vKfDsIB.exe

C:\Windows\System\vKfDsIB.exe

C:\Windows\System\LdpdIek.exe

C:\Windows\System\LdpdIek.exe

C:\Windows\System\FqUGuLi.exe

C:\Windows\System\FqUGuLi.exe

C:\Windows\System\KuXfycK.exe

C:\Windows\System\KuXfycK.exe

C:\Windows\System\mTTMcOD.exe

C:\Windows\System\mTTMcOD.exe

C:\Windows\System\xjcwUWy.exe

C:\Windows\System\xjcwUWy.exe

C:\Windows\System\PIBQmVH.exe

C:\Windows\System\PIBQmVH.exe

C:\Windows\System\YyNMSij.exe

C:\Windows\System\YyNMSij.exe

C:\Windows\System\VxjDEHd.exe

C:\Windows\System\VxjDEHd.exe

C:\Windows\System\IOKaAYP.exe

C:\Windows\System\IOKaAYP.exe

C:\Windows\System\aXQEyAD.exe

C:\Windows\System\aXQEyAD.exe

C:\Windows\System\PYIWDWu.exe

C:\Windows\System\PYIWDWu.exe

C:\Windows\System\ocfkVox.exe

C:\Windows\System\ocfkVox.exe

C:\Windows\System\GjNFUHS.exe

C:\Windows\System\GjNFUHS.exe

C:\Windows\System\kKjdEAj.exe

C:\Windows\System\kKjdEAj.exe

C:\Windows\System\tzyQPZP.exe

C:\Windows\System\tzyQPZP.exe

C:\Windows\System\HUaWYGs.exe

C:\Windows\System\HUaWYGs.exe

C:\Windows\System\JbLJYAx.exe

C:\Windows\System\JbLJYAx.exe

C:\Windows\System\zLkjeUI.exe

C:\Windows\System\zLkjeUI.exe

C:\Windows\System\xcdzVZo.exe

C:\Windows\System\xcdzVZo.exe

C:\Windows\System\ZNZLTeq.exe

C:\Windows\System\ZNZLTeq.exe

C:\Windows\System\SvdgPRa.exe

C:\Windows\System\SvdgPRa.exe

C:\Windows\System\RwTJZnb.exe

C:\Windows\System\RwTJZnb.exe

C:\Windows\System\BFCvfiJ.exe

C:\Windows\System\BFCvfiJ.exe

C:\Windows\System\IdfEqnS.exe

C:\Windows\System\IdfEqnS.exe

C:\Windows\System\XmcBGQo.exe

C:\Windows\System\XmcBGQo.exe

C:\Windows\System\CRuCgaL.exe

C:\Windows\System\CRuCgaL.exe

C:\Windows\System\xzCreAx.exe

C:\Windows\System\xzCreAx.exe

C:\Windows\System\Sulnvih.exe

C:\Windows\System\Sulnvih.exe

C:\Windows\System\bJuiZqm.exe

C:\Windows\System\bJuiZqm.exe

C:\Windows\System\jDJhwpF.exe

C:\Windows\System\jDJhwpF.exe

C:\Windows\System\SLMzdGi.exe

C:\Windows\System\SLMzdGi.exe

C:\Windows\System\sibVPTa.exe

C:\Windows\System\sibVPTa.exe

C:\Windows\System\PqZJQEZ.exe

C:\Windows\System\PqZJQEZ.exe

C:\Windows\System\MJojrkb.exe

C:\Windows\System\MJojrkb.exe

C:\Windows\System\aJiXiCM.exe

C:\Windows\System\aJiXiCM.exe

C:\Windows\System\mFjKVGi.exe

C:\Windows\System\mFjKVGi.exe

C:\Windows\System\qIcOAOv.exe

C:\Windows\System\qIcOAOv.exe

C:\Windows\System\EAiOSKG.exe

C:\Windows\System\EAiOSKG.exe

C:\Windows\System\SyjmiqC.exe

C:\Windows\System\SyjmiqC.exe

C:\Windows\System\fLAFxFd.exe

C:\Windows\System\fLAFxFd.exe

C:\Windows\System\bNdXLIK.exe

C:\Windows\System\bNdXLIK.exe

C:\Windows\System\wwFUjtA.exe

C:\Windows\System\wwFUjtA.exe

C:\Windows\System\wLhtSRP.exe

C:\Windows\System\wLhtSRP.exe

C:\Windows\System\wGELFYA.exe

C:\Windows\System\wGELFYA.exe

C:\Windows\System\ewcogGY.exe

C:\Windows\System\ewcogGY.exe

C:\Windows\System\vEvJdHQ.exe

C:\Windows\System\vEvJdHQ.exe

C:\Windows\System\GQVhQcq.exe

C:\Windows\System\GQVhQcq.exe

C:\Windows\System\YDojsXU.exe

C:\Windows\System\YDojsXU.exe

C:\Windows\System\KktpyCP.exe

C:\Windows\System\KktpyCP.exe

C:\Windows\System\hVgQjdC.exe

C:\Windows\System\hVgQjdC.exe

C:\Windows\System\aTHCTbm.exe

C:\Windows\System\aTHCTbm.exe

C:\Windows\System\asURBqT.exe

C:\Windows\System\asURBqT.exe

C:\Windows\System\xfWXCJr.exe

C:\Windows\System\xfWXCJr.exe

C:\Windows\System\PAFugrH.exe

C:\Windows\System\PAFugrH.exe

C:\Windows\System\oXeFGIF.exe

C:\Windows\System\oXeFGIF.exe

C:\Windows\System\OKuDcJs.exe

C:\Windows\System\OKuDcJs.exe

C:\Windows\System\eunyrJn.exe

C:\Windows\System\eunyrJn.exe

C:\Windows\System\Gfjgske.exe

C:\Windows\System\Gfjgske.exe

C:\Windows\System\wCamdHE.exe

C:\Windows\System\wCamdHE.exe

C:\Windows\System\QUvVdmh.exe

C:\Windows\System\QUvVdmh.exe

C:\Windows\System\ICzPXwi.exe

C:\Windows\System\ICzPXwi.exe

C:\Windows\System\TTnDgqj.exe

C:\Windows\System\TTnDgqj.exe

C:\Windows\System\RYLtYNm.exe

C:\Windows\System\RYLtYNm.exe

C:\Windows\System\BuLspBn.exe

C:\Windows\System\BuLspBn.exe

C:\Windows\System\IRnDhta.exe

C:\Windows\System\IRnDhta.exe

C:\Windows\System\qZWDOiq.exe

C:\Windows\System\qZWDOiq.exe

C:\Windows\System\AYxLniK.exe

C:\Windows\System\AYxLniK.exe

C:\Windows\System\WKVOXtq.exe

C:\Windows\System\WKVOXtq.exe

C:\Windows\System\DKEieYr.exe

C:\Windows\System\DKEieYr.exe

C:\Windows\System\QYGnpzf.exe

C:\Windows\System\QYGnpzf.exe

C:\Windows\System\mLjEkqK.exe

C:\Windows\System\mLjEkqK.exe

C:\Windows\System\siRRzVb.exe

C:\Windows\System\siRRzVb.exe

C:\Windows\System\bhdRcqI.exe

C:\Windows\System\bhdRcqI.exe

C:\Windows\System\jzOBDEW.exe

C:\Windows\System\jzOBDEW.exe

C:\Windows\System\TMRxOiN.exe

C:\Windows\System\TMRxOiN.exe

C:\Windows\System\jajHSqQ.exe

C:\Windows\System\jajHSqQ.exe

C:\Windows\System\yDDsVrQ.exe

C:\Windows\System\yDDsVrQ.exe

C:\Windows\System\PSQSiup.exe

C:\Windows\System\PSQSiup.exe

C:\Windows\System\jCAzLIe.exe

C:\Windows\System\jCAzLIe.exe

C:\Windows\System\AiCAGtZ.exe

C:\Windows\System\AiCAGtZ.exe

C:\Windows\System\mpLPolX.exe

C:\Windows\System\mpLPolX.exe

C:\Windows\System\oqmoIxH.exe

C:\Windows\System\oqmoIxH.exe

C:\Windows\System\uYdQqWd.exe

C:\Windows\System\uYdQqWd.exe

C:\Windows\System\fTJTjIN.exe

C:\Windows\System\fTJTjIN.exe

C:\Windows\System\MDFSTtN.exe

C:\Windows\System\MDFSTtN.exe

C:\Windows\System\XFNNnCz.exe

C:\Windows\System\XFNNnCz.exe

C:\Windows\System\eDPdjZa.exe

C:\Windows\System\eDPdjZa.exe

C:\Windows\System\mCPRKuq.exe

C:\Windows\System\mCPRKuq.exe

C:\Windows\System\BBOetCE.exe

C:\Windows\System\BBOetCE.exe

C:\Windows\System\vflxolt.exe

C:\Windows\System\vflxolt.exe

C:\Windows\System\UuSwmbl.exe

C:\Windows\System\UuSwmbl.exe

C:\Windows\System\GxGuaKE.exe

C:\Windows\System\GxGuaKE.exe

C:\Windows\System\yqPtMrp.exe

C:\Windows\System\yqPtMrp.exe

C:\Windows\System\zxILeaI.exe

C:\Windows\System\zxILeaI.exe

C:\Windows\System\BcTXHDT.exe

C:\Windows\System\BcTXHDT.exe

C:\Windows\System\LrZKeKL.exe

C:\Windows\System\LrZKeKL.exe

C:\Windows\System\rKYqWQI.exe

C:\Windows\System\rKYqWQI.exe

C:\Windows\System\LQbehEq.exe

C:\Windows\System\LQbehEq.exe

C:\Windows\System\rwWDqsM.exe

C:\Windows\System\rwWDqsM.exe

C:\Windows\System\sCYNkoA.exe

C:\Windows\System\sCYNkoA.exe

C:\Windows\System\ZnFrMGW.exe

C:\Windows\System\ZnFrMGW.exe

C:\Windows\System\FYHXCwf.exe

C:\Windows\System\FYHXCwf.exe

C:\Windows\System\YcKiKYn.exe

C:\Windows\System\YcKiKYn.exe

C:\Windows\System\JfhZIXw.exe

C:\Windows\System\JfhZIXw.exe

C:\Windows\System\vyquBpP.exe

C:\Windows\System\vyquBpP.exe

C:\Windows\System\AbLioBX.exe

C:\Windows\System\AbLioBX.exe

C:\Windows\System\PyHSyqD.exe

C:\Windows\System\PyHSyqD.exe

C:\Windows\System\svsEveR.exe

C:\Windows\System\svsEveR.exe

C:\Windows\System\qYmFhyi.exe

C:\Windows\System\qYmFhyi.exe

C:\Windows\System\TNWOeou.exe

C:\Windows\System\TNWOeou.exe

C:\Windows\System\cuHVfbJ.exe

C:\Windows\System\cuHVfbJ.exe

C:\Windows\System\LNyphIL.exe

C:\Windows\System\LNyphIL.exe

C:\Windows\System\DxFhIgP.exe

C:\Windows\System\DxFhIgP.exe

C:\Windows\System\PdMhDLD.exe

C:\Windows\System\PdMhDLD.exe

C:\Windows\System\dwufHTq.exe

C:\Windows\System\dwufHTq.exe

C:\Windows\System\NPgeULm.exe

C:\Windows\System\NPgeULm.exe

C:\Windows\System\IPXpJXQ.exe

C:\Windows\System\IPXpJXQ.exe

C:\Windows\System\BsYELTQ.exe

C:\Windows\System\BsYELTQ.exe

C:\Windows\System\Wexqroh.exe

C:\Windows\System\Wexqroh.exe

C:\Windows\System\XOaGjzc.exe

C:\Windows\System\XOaGjzc.exe

C:\Windows\System\fTVoMfv.exe

C:\Windows\System\fTVoMfv.exe

C:\Windows\System\qvtQIHR.exe

C:\Windows\System\qvtQIHR.exe

C:\Windows\System\XlzBHkq.exe

C:\Windows\System\XlzBHkq.exe

C:\Windows\System\IGxmyim.exe

C:\Windows\System\IGxmyim.exe

C:\Windows\System\uKMnFKR.exe

C:\Windows\System\uKMnFKR.exe

C:\Windows\System\yfAJJFW.exe

C:\Windows\System\yfAJJFW.exe

C:\Windows\System\WYZnyuZ.exe

C:\Windows\System\WYZnyuZ.exe

C:\Windows\System\tvPUKOq.exe

C:\Windows\System\tvPUKOq.exe

C:\Windows\System\cVzeMOA.exe

C:\Windows\System\cVzeMOA.exe

C:\Windows\System\GEjVmkH.exe

C:\Windows\System\GEjVmkH.exe

C:\Windows\System\XiQHGqS.exe

C:\Windows\System\XiQHGqS.exe

C:\Windows\System\exliVmw.exe

C:\Windows\System\exliVmw.exe

C:\Windows\System\QSnChmI.exe

C:\Windows\System\QSnChmI.exe

C:\Windows\System\dXcnmeO.exe

C:\Windows\System\dXcnmeO.exe

C:\Windows\System\NdYQxaa.exe

C:\Windows\System\NdYQxaa.exe

C:\Windows\System\eZWdqnP.exe

C:\Windows\System\eZWdqnP.exe

C:\Windows\System\FkQgeOh.exe

C:\Windows\System\FkQgeOh.exe

C:\Windows\System\SEvJrEu.exe

C:\Windows\System\SEvJrEu.exe

C:\Windows\System\aPLwLse.exe

C:\Windows\System\aPLwLse.exe

C:\Windows\System\KvgiQtP.exe

C:\Windows\System\KvgiQtP.exe

C:\Windows\System\lhwOjXD.exe

C:\Windows\System\lhwOjXD.exe

C:\Windows\System\ZOSjNmP.exe

C:\Windows\System\ZOSjNmP.exe

C:\Windows\System\MLlAOXW.exe

C:\Windows\System\MLlAOXW.exe

C:\Windows\System\sBJRdMe.exe

C:\Windows\System\sBJRdMe.exe

C:\Windows\System\QtzyKHd.exe

C:\Windows\System\QtzyKHd.exe

C:\Windows\System\vfnjuFm.exe

C:\Windows\System\vfnjuFm.exe

C:\Windows\System\yXmVqkO.exe

C:\Windows\System\yXmVqkO.exe

C:\Windows\System\lzjIljH.exe

C:\Windows\System\lzjIljH.exe

C:\Windows\System\IUAPrlx.exe

C:\Windows\System\IUAPrlx.exe

C:\Windows\System\FNQpYuh.exe

C:\Windows\System\FNQpYuh.exe

C:\Windows\System\eLAInSk.exe

C:\Windows\System\eLAInSk.exe

C:\Windows\System\qVamphS.exe

C:\Windows\System\qVamphS.exe

C:\Windows\System\joKFReP.exe

C:\Windows\System\joKFReP.exe

C:\Windows\System\DbSaQsN.exe

C:\Windows\System\DbSaQsN.exe

C:\Windows\System\ywMyhZZ.exe

C:\Windows\System\ywMyhZZ.exe

C:\Windows\System\uDROEOT.exe

C:\Windows\System\uDROEOT.exe

C:\Windows\System\jlrbDYi.exe

C:\Windows\System\jlrbDYi.exe

C:\Windows\System\XfoZCoS.exe

C:\Windows\System\XfoZCoS.exe

C:\Windows\System\KvxiaVu.exe

C:\Windows\System\KvxiaVu.exe

C:\Windows\System\UGWxIpI.exe

C:\Windows\System\UGWxIpI.exe

C:\Windows\System\ASsnGqP.exe

C:\Windows\System\ASsnGqP.exe

C:\Windows\System\vFOMDVF.exe

C:\Windows\System\vFOMDVF.exe

C:\Windows\System\kAcLpKj.exe

C:\Windows\System\kAcLpKj.exe

C:\Windows\System\GXalQYB.exe

C:\Windows\System\GXalQYB.exe

C:\Windows\System\zIObtRm.exe

C:\Windows\System\zIObtRm.exe

C:\Windows\System\WziNEcQ.exe

C:\Windows\System\WziNEcQ.exe

C:\Windows\System\VrwpGtN.exe

C:\Windows\System\VrwpGtN.exe

C:\Windows\System\WIuuXQk.exe

C:\Windows\System\WIuuXQk.exe

C:\Windows\System\wrguKQz.exe

C:\Windows\System\wrguKQz.exe

C:\Windows\System\fPPcJJQ.exe

C:\Windows\System\fPPcJJQ.exe

C:\Windows\System\ntBsFYC.exe

C:\Windows\System\ntBsFYC.exe

C:\Windows\System\bMayqPN.exe

C:\Windows\System\bMayqPN.exe

C:\Windows\System\rFOEDSd.exe

C:\Windows\System\rFOEDSd.exe

C:\Windows\System\UnycEGf.exe

C:\Windows\System\UnycEGf.exe

C:\Windows\System\zOMUftJ.exe

C:\Windows\System\zOMUftJ.exe

C:\Windows\System\UtvUOQC.exe

C:\Windows\System\UtvUOQC.exe

C:\Windows\System\RiSznDZ.exe

C:\Windows\System\RiSznDZ.exe

C:\Windows\System\DXGHrKJ.exe

C:\Windows\System\DXGHrKJ.exe

C:\Windows\System\npahuUC.exe

C:\Windows\System\npahuUC.exe

C:\Windows\System\hJsryho.exe

C:\Windows\System\hJsryho.exe

C:\Windows\System\tCcdDcb.exe

C:\Windows\System\tCcdDcb.exe

C:\Windows\System\vwQylQc.exe

C:\Windows\System\vwQylQc.exe

C:\Windows\System\euLBdAq.exe

C:\Windows\System\euLBdAq.exe

C:\Windows\System\icBgUmB.exe

C:\Windows\System\icBgUmB.exe

C:\Windows\System\rDjToJJ.exe

C:\Windows\System\rDjToJJ.exe

C:\Windows\System\RuyrEKB.exe

C:\Windows\System\RuyrEKB.exe

C:\Windows\System\xCBdmSD.exe

C:\Windows\System\xCBdmSD.exe

C:\Windows\System\kUQApja.exe

C:\Windows\System\kUQApja.exe

C:\Windows\System\avrCYDG.exe

C:\Windows\System\avrCYDG.exe

C:\Windows\System\EWTUEec.exe

C:\Windows\System\EWTUEec.exe

C:\Windows\System\GKvLNIw.exe

C:\Windows\System\GKvLNIw.exe

C:\Windows\System\YWafeyy.exe

C:\Windows\System\YWafeyy.exe

C:\Windows\System\phbdJUQ.exe

C:\Windows\System\phbdJUQ.exe

C:\Windows\System\jiwLOiF.exe

C:\Windows\System\jiwLOiF.exe

C:\Windows\System\qLdcDIs.exe

C:\Windows\System\qLdcDIs.exe

C:\Windows\System\yoGiJVU.exe

C:\Windows\System\yoGiJVU.exe

C:\Windows\System\DsBJPgX.exe

C:\Windows\System\DsBJPgX.exe

C:\Windows\System\SuEDBfk.exe

C:\Windows\System\SuEDBfk.exe

C:\Windows\System\bNPVzWP.exe

C:\Windows\System\bNPVzWP.exe

C:\Windows\System\BtlwdgT.exe

C:\Windows\System\BtlwdgT.exe

C:\Windows\System\LulsCXR.exe

C:\Windows\System\LulsCXR.exe

C:\Windows\System\PPXnkko.exe

C:\Windows\System\PPXnkko.exe

C:\Windows\System\CKuQXzn.exe

C:\Windows\System\CKuQXzn.exe

C:\Windows\System\FDiWZWg.exe

C:\Windows\System\FDiWZWg.exe

C:\Windows\System\hpoWpnH.exe

C:\Windows\System\hpoWpnH.exe

C:\Windows\System\zVcVTzH.exe

C:\Windows\System\zVcVTzH.exe

C:\Windows\System\yROUilH.exe

C:\Windows\System\yROUilH.exe

C:\Windows\System\aOUYseo.exe

C:\Windows\System\aOUYseo.exe

C:\Windows\System\ySBqDrB.exe

C:\Windows\System\ySBqDrB.exe

C:\Windows\System\cKjBwBf.exe

C:\Windows\System\cKjBwBf.exe

C:\Windows\System\PWRXEQB.exe

C:\Windows\System\PWRXEQB.exe

C:\Windows\System\vACBOsl.exe

C:\Windows\System\vACBOsl.exe

C:\Windows\System\ywuPwFm.exe

C:\Windows\System\ywuPwFm.exe

C:\Windows\System\XFxdrYL.exe

C:\Windows\System\XFxdrYL.exe

C:\Windows\System\PwHfjkv.exe

C:\Windows\System\PwHfjkv.exe

C:\Windows\System\MqlEejo.exe

C:\Windows\System\MqlEejo.exe

C:\Windows\System\CGTQQkm.exe

C:\Windows\System\CGTQQkm.exe

C:\Windows\System\dALPgvl.exe

C:\Windows\System\dALPgvl.exe

C:\Windows\System\NdGgqIQ.exe

C:\Windows\System\NdGgqIQ.exe

C:\Windows\System\WNsCQFA.exe

C:\Windows\System\WNsCQFA.exe

C:\Windows\System\ulaLuJH.exe

C:\Windows\System\ulaLuJH.exe

C:\Windows\System\skNRUPI.exe

C:\Windows\System\skNRUPI.exe

C:\Windows\System\oMDTFqX.exe

C:\Windows\System\oMDTFqX.exe

C:\Windows\System\cSCjXGT.exe

C:\Windows\System\cSCjXGT.exe

C:\Windows\System\QpVtUFi.exe

C:\Windows\System\QpVtUFi.exe

C:\Windows\System\qngxawy.exe

C:\Windows\System\qngxawy.exe

C:\Windows\System\tLrAZnd.exe

C:\Windows\System\tLrAZnd.exe

C:\Windows\System\gHZprRq.exe

C:\Windows\System\gHZprRq.exe

C:\Windows\System\rqBdRBv.exe

C:\Windows\System\rqBdRBv.exe

C:\Windows\System\jKmstav.exe

C:\Windows\System\jKmstav.exe

C:\Windows\System\EgWaeLh.exe

C:\Windows\System\EgWaeLh.exe

C:\Windows\System\YPVrWeV.exe

C:\Windows\System\YPVrWeV.exe

C:\Windows\System\MLTSqwW.exe

C:\Windows\System\MLTSqwW.exe

C:\Windows\System\HornuZO.exe

C:\Windows\System\HornuZO.exe

C:\Windows\System\LoJGFlV.exe

C:\Windows\System\LoJGFlV.exe

C:\Windows\System\iBlYQkk.exe

C:\Windows\System\iBlYQkk.exe

C:\Windows\System\Dvmapqe.exe

C:\Windows\System\Dvmapqe.exe

C:\Windows\System\Awwntyj.exe

C:\Windows\System\Awwntyj.exe

C:\Windows\System\obEtDbW.exe

C:\Windows\System\obEtDbW.exe

C:\Windows\System\HbLrTMn.exe

C:\Windows\System\HbLrTMn.exe

C:\Windows\System\KahFtrH.exe

C:\Windows\System\KahFtrH.exe

C:\Windows\System\JHcZbHo.exe

C:\Windows\System\JHcZbHo.exe

C:\Windows\System\SyvbzvR.exe

C:\Windows\System\SyvbzvR.exe

C:\Windows\System\tcmYtNa.exe

C:\Windows\System\tcmYtNa.exe

C:\Windows\System\VWXoKGa.exe

C:\Windows\System\VWXoKGa.exe

C:\Windows\System\xklRFvr.exe

C:\Windows\System\xklRFvr.exe

C:\Windows\System\BwcXjzr.exe

C:\Windows\System\BwcXjzr.exe

C:\Windows\System\XbXcsMT.exe

C:\Windows\System\XbXcsMT.exe

C:\Windows\System\kcqWtmI.exe

C:\Windows\System\kcqWtmI.exe

C:\Windows\System\WyGhIwu.exe

C:\Windows\System\WyGhIwu.exe

C:\Windows\System\EAIucyD.exe

C:\Windows\System\EAIucyD.exe

C:\Windows\System\ohoDujB.exe

C:\Windows\System\ohoDujB.exe

C:\Windows\System\wSerTvA.exe

C:\Windows\System\wSerTvA.exe

C:\Windows\System\XJrsNEB.exe

C:\Windows\System\XJrsNEB.exe

C:\Windows\System\AaoSMkh.exe

C:\Windows\System\AaoSMkh.exe

C:\Windows\System\IfPsLCH.exe

C:\Windows\System\IfPsLCH.exe

C:\Windows\System\OsdVcIU.exe

C:\Windows\System\OsdVcIU.exe

C:\Windows\System\PRPnakt.exe

C:\Windows\System\PRPnakt.exe

C:\Windows\System\tbuFvDK.exe

C:\Windows\System\tbuFvDK.exe

C:\Windows\System\ieAvrFw.exe

C:\Windows\System\ieAvrFw.exe

C:\Windows\System\XDLWWdT.exe

C:\Windows\System\XDLWWdT.exe

C:\Windows\System\QdwcrVV.exe

C:\Windows\System\QdwcrVV.exe

C:\Windows\System\LmmiqZB.exe

C:\Windows\System\LmmiqZB.exe

C:\Windows\System\LPQSQBB.exe

C:\Windows\System\LPQSQBB.exe

C:\Windows\System\isuUcCD.exe

C:\Windows\System\isuUcCD.exe

C:\Windows\System\STOEFTe.exe

C:\Windows\System\STOEFTe.exe

C:\Windows\System\NkitgJH.exe

C:\Windows\System\NkitgJH.exe

C:\Windows\System\RUGvnpV.exe

C:\Windows\System\RUGvnpV.exe

C:\Windows\System\cmMurvE.exe

C:\Windows\System\cmMurvE.exe

C:\Windows\System\ScYoHuX.exe

C:\Windows\System\ScYoHuX.exe

C:\Windows\System\CdxfunZ.exe

C:\Windows\System\CdxfunZ.exe

C:\Windows\System\KkNWHjQ.exe

C:\Windows\System\KkNWHjQ.exe

C:\Windows\System\XekyCEU.exe

C:\Windows\System\XekyCEU.exe

C:\Windows\System\TyWCCxd.exe

C:\Windows\System\TyWCCxd.exe

C:\Windows\System\MxEVMuM.exe

C:\Windows\System\MxEVMuM.exe

C:\Windows\System\twvPVzy.exe

C:\Windows\System\twvPVzy.exe

C:\Windows\System\ukTBpcY.exe

C:\Windows\System\ukTBpcY.exe

C:\Windows\System\RdDmEEQ.exe

C:\Windows\System\RdDmEEQ.exe

C:\Windows\System\PPKMLdX.exe

C:\Windows\System\PPKMLdX.exe

C:\Windows\System\ckHmSlX.exe

C:\Windows\System\ckHmSlX.exe

C:\Windows\System\UsRHoPP.exe

C:\Windows\System\UsRHoPP.exe

C:\Windows\System\NvjNsVj.exe

C:\Windows\System\NvjNsVj.exe

C:\Windows\System\fDSzBYN.exe

C:\Windows\System\fDSzBYN.exe

C:\Windows\System\jeVDqlw.exe

C:\Windows\System\jeVDqlw.exe

C:\Windows\System\fSAOlFF.exe

C:\Windows\System\fSAOlFF.exe

C:\Windows\System\ENvhURg.exe

C:\Windows\System\ENvhURg.exe

C:\Windows\System\OWDIPjM.exe

C:\Windows\System\OWDIPjM.exe

C:\Windows\System\FThfCwH.exe

C:\Windows\System\FThfCwH.exe

C:\Windows\System\JAcjMan.exe

C:\Windows\System\JAcjMan.exe

C:\Windows\System\rDBYEEY.exe

C:\Windows\System\rDBYEEY.exe

C:\Windows\System\OhLKoBP.exe

C:\Windows\System\OhLKoBP.exe

C:\Windows\System\WHKDlwJ.exe

C:\Windows\System\WHKDlwJ.exe

C:\Windows\System\ovkimgJ.exe

C:\Windows\System\ovkimgJ.exe

C:\Windows\System\AQXofFm.exe

C:\Windows\System\AQXofFm.exe

C:\Windows\System\NiiOige.exe

C:\Windows\System\NiiOige.exe

C:\Windows\System\tUbSNSD.exe

C:\Windows\System\tUbSNSD.exe

C:\Windows\System\xyrfPSA.exe

C:\Windows\System\xyrfPSA.exe

C:\Windows\System\dQNOjQR.exe

C:\Windows\System\dQNOjQR.exe

C:\Windows\System\quqpIru.exe

C:\Windows\System\quqpIru.exe

C:\Windows\System\dZtvPMq.exe

C:\Windows\System\dZtvPMq.exe

C:\Windows\System\xrNqTNw.exe

C:\Windows\System\xrNqTNw.exe

C:\Windows\System\dxGmEcv.exe

C:\Windows\System\dxGmEcv.exe

C:\Windows\System\oNDFPdt.exe

C:\Windows\System\oNDFPdt.exe

C:\Windows\System\Yiqgwfh.exe

C:\Windows\System\Yiqgwfh.exe

C:\Windows\System\Iusrdhk.exe

C:\Windows\System\Iusrdhk.exe

C:\Windows\System\iENJYBF.exe

C:\Windows\System\iENJYBF.exe

C:\Windows\System\tyleGHs.exe

C:\Windows\System\tyleGHs.exe

C:\Windows\System\qplCXya.exe

C:\Windows\System\qplCXya.exe

C:\Windows\System\OzyeFjL.exe

C:\Windows\System\OzyeFjL.exe

C:\Windows\System\jgzJjcW.exe

C:\Windows\System\jgzJjcW.exe

C:\Windows\System\JgdbauW.exe

C:\Windows\System\JgdbauW.exe

C:\Windows\System\uIEGAuP.exe

C:\Windows\System\uIEGAuP.exe

C:\Windows\System\UfHSlYV.exe

C:\Windows\System\UfHSlYV.exe

C:\Windows\System\RIyFASQ.exe

C:\Windows\System\RIyFASQ.exe

C:\Windows\System\XNQvAzO.exe

C:\Windows\System\XNQvAzO.exe

C:\Windows\System\VORmJvD.exe

C:\Windows\System\VORmJvD.exe

C:\Windows\System\cGUjObj.exe

C:\Windows\System\cGUjObj.exe

C:\Windows\System\dErUZAR.exe

C:\Windows\System\dErUZAR.exe

C:\Windows\System\MbsIDFj.exe

C:\Windows\System\MbsIDFj.exe

C:\Windows\System\nysEEVd.exe

C:\Windows\System\nysEEVd.exe

C:\Windows\System\TTIaFGD.exe

C:\Windows\System\TTIaFGD.exe

C:\Windows\System\ZRWGztd.exe

C:\Windows\System\ZRWGztd.exe

C:\Windows\System\sMFrMMb.exe

C:\Windows\System\sMFrMMb.exe

C:\Windows\System\uErcoTQ.exe

C:\Windows\System\uErcoTQ.exe

C:\Windows\System\egzbpmo.exe

C:\Windows\System\egzbpmo.exe

C:\Windows\System\djGWOVR.exe

C:\Windows\System\djGWOVR.exe

C:\Windows\System\ViFNIvQ.exe

C:\Windows\System\ViFNIvQ.exe

C:\Windows\System\Suebsyk.exe

C:\Windows\System\Suebsyk.exe

C:\Windows\System\USpZJuh.exe

C:\Windows\System\USpZJuh.exe

C:\Windows\System\AhwAXGR.exe

C:\Windows\System\AhwAXGR.exe

C:\Windows\System\NuUKwna.exe

C:\Windows\System\NuUKwna.exe

C:\Windows\System\MkOcENJ.exe

C:\Windows\System\MkOcENJ.exe

C:\Windows\System\VxSnxeq.exe

C:\Windows\System\VxSnxeq.exe

C:\Windows\System\dmdcBru.exe

C:\Windows\System\dmdcBru.exe

C:\Windows\System\tXkgKoc.exe

C:\Windows\System\tXkgKoc.exe

C:\Windows\System\UoCyGZk.exe

C:\Windows\System\UoCyGZk.exe

C:\Windows\System\VeJjHLf.exe

C:\Windows\System\VeJjHLf.exe

C:\Windows\System\lAMxNgE.exe

C:\Windows\System\lAMxNgE.exe

C:\Windows\System\hvBsuNZ.exe

C:\Windows\System\hvBsuNZ.exe

C:\Windows\System\fgEyhfm.exe

C:\Windows\System\fgEyhfm.exe

C:\Windows\System\YLDGCfH.exe

C:\Windows\System\YLDGCfH.exe

C:\Windows\System\QEuIPig.exe

C:\Windows\System\QEuIPig.exe

C:\Windows\System\gTgojJF.exe

C:\Windows\System\gTgojJF.exe

C:\Windows\System\uMPaqGv.exe

C:\Windows\System\uMPaqGv.exe

C:\Windows\System\LRsXLok.exe

C:\Windows\System\LRsXLok.exe

C:\Windows\System\DMGnEXK.exe

C:\Windows\System\DMGnEXK.exe

C:\Windows\System\KcuGemS.exe

C:\Windows\System\KcuGemS.exe

C:\Windows\System\HfmILqQ.exe

C:\Windows\System\HfmILqQ.exe

C:\Windows\System\DOBvYpF.exe

C:\Windows\System\DOBvYpF.exe

C:\Windows\System\pNHCbAw.exe

C:\Windows\System\pNHCbAw.exe

C:\Windows\System\ROHOujy.exe

C:\Windows\System\ROHOujy.exe

C:\Windows\System\RTIeFJn.exe

C:\Windows\System\RTIeFJn.exe

C:\Windows\System\aXjqTYf.exe

C:\Windows\System\aXjqTYf.exe

C:\Windows\System\Ocpeuvk.exe

C:\Windows\System\Ocpeuvk.exe

C:\Windows\System\XHAUIgP.exe

C:\Windows\System\XHAUIgP.exe

C:\Windows\System\NzvMUNs.exe

C:\Windows\System\NzvMUNs.exe

C:\Windows\System\UoGhDbB.exe

C:\Windows\System\UoGhDbB.exe

C:\Windows\System\meRwEWI.exe

C:\Windows\System\meRwEWI.exe

C:\Windows\System\YeqsHEn.exe

C:\Windows\System\YeqsHEn.exe

C:\Windows\System\bKBEQji.exe

C:\Windows\System\bKBEQji.exe

C:\Windows\System\dWUYmNe.exe

C:\Windows\System\dWUYmNe.exe

C:\Windows\System\utXfUPB.exe

C:\Windows\System\utXfUPB.exe

C:\Windows\System\OoEhUuz.exe

C:\Windows\System\OoEhUuz.exe

C:\Windows\System\dVWXJtQ.exe

C:\Windows\System\dVWXJtQ.exe

C:\Windows\System\lBLVdIr.exe

C:\Windows\System\lBLVdIr.exe

C:\Windows\System\pFiutTB.exe

C:\Windows\System\pFiutTB.exe

C:\Windows\System\uWZLzCt.exe

C:\Windows\System\uWZLzCt.exe

C:\Windows\System\nOowhPY.exe

C:\Windows\System\nOowhPY.exe

C:\Windows\System\GOdGPBE.exe

C:\Windows\System\GOdGPBE.exe

C:\Windows\System\wrRfsGu.exe

C:\Windows\System\wrRfsGu.exe

C:\Windows\System\QbhBrep.exe

C:\Windows\System\QbhBrep.exe

C:\Windows\System\mTQJHxd.exe

C:\Windows\System\mTQJHxd.exe

C:\Windows\System\hzUOwPV.exe

C:\Windows\System\hzUOwPV.exe

C:\Windows\System\GvnlXaH.exe

C:\Windows\System\GvnlXaH.exe

C:\Windows\System\gJAaQkO.exe

C:\Windows\System\gJAaQkO.exe

C:\Windows\System\IrcUILf.exe

C:\Windows\System\IrcUILf.exe

C:\Windows\System\RukfXwB.exe

C:\Windows\System\RukfXwB.exe

C:\Windows\System\KbYfQQb.exe

C:\Windows\System\KbYfQQb.exe

C:\Windows\System\WWxlmqN.exe

C:\Windows\System\WWxlmqN.exe

C:\Windows\System\RPctHyY.exe

C:\Windows\System\RPctHyY.exe

C:\Windows\System\zBtKFvb.exe

C:\Windows\System\zBtKFvb.exe

C:\Windows\System\AiVFCqs.exe

C:\Windows\System\AiVFCqs.exe

C:\Windows\System\LaLMOlS.exe

C:\Windows\System\LaLMOlS.exe

C:\Windows\System\EaMSJkV.exe

C:\Windows\System\EaMSJkV.exe

C:\Windows\System\AxAzhpM.exe

C:\Windows\System\AxAzhpM.exe

C:\Windows\System\BAfTHGL.exe

C:\Windows\System\BAfTHGL.exe

C:\Windows\System\PUQOAmD.exe

C:\Windows\System\PUQOAmD.exe

C:\Windows\System\aBfWqqy.exe

C:\Windows\System\aBfWqqy.exe

C:\Windows\System\fbjloia.exe

C:\Windows\System\fbjloia.exe

C:\Windows\System\HxJYUvR.exe

C:\Windows\System\HxJYUvR.exe

C:\Windows\System\mmaHSqM.exe

C:\Windows\System\mmaHSqM.exe

C:\Windows\System\wjLCHWr.exe

C:\Windows\System\wjLCHWr.exe

C:\Windows\System\vvNnLtW.exe

C:\Windows\System\vvNnLtW.exe

C:\Windows\System\fhKPshe.exe

C:\Windows\System\fhKPshe.exe

C:\Windows\System\FUGwhkI.exe

C:\Windows\System\FUGwhkI.exe

C:\Windows\System\UoEaHbP.exe

C:\Windows\System\UoEaHbP.exe

C:\Windows\System\sOQMMsm.exe

C:\Windows\System\sOQMMsm.exe

C:\Windows\System\jsLUtRM.exe

C:\Windows\System\jsLUtRM.exe

C:\Windows\System\KieoudA.exe

C:\Windows\System\KieoudA.exe

C:\Windows\System\FZyZJma.exe

C:\Windows\System\FZyZJma.exe

C:\Windows\System\XhalCzl.exe

C:\Windows\System\XhalCzl.exe

C:\Windows\System\hwWfHns.exe

C:\Windows\System\hwWfHns.exe

C:\Windows\System\blrQOCG.exe

C:\Windows\System\blrQOCG.exe

C:\Windows\System\WzGJAJN.exe

C:\Windows\System\WzGJAJN.exe

C:\Windows\System\pHXJTJH.exe

C:\Windows\System\pHXJTJH.exe

C:\Windows\System\KLuvUVP.exe

C:\Windows\System\KLuvUVP.exe

C:\Windows\System\gOhGwaL.exe

C:\Windows\System\gOhGwaL.exe

C:\Windows\System\eWDVnPI.exe

C:\Windows\System\eWDVnPI.exe

C:\Windows\System\SigYYrs.exe

C:\Windows\System\SigYYrs.exe

C:\Windows\System\jmYbIRZ.exe

C:\Windows\System\jmYbIRZ.exe

C:\Windows\System\JwUGley.exe

C:\Windows\System\JwUGley.exe

C:\Windows\System\kDludSq.exe

C:\Windows\System\kDludSq.exe

C:\Windows\System\EvGcrli.exe

C:\Windows\System\EvGcrli.exe

C:\Windows\System\GZnDcoj.exe

C:\Windows\System\GZnDcoj.exe

C:\Windows\System\KEVASvq.exe

C:\Windows\System\KEVASvq.exe

C:\Windows\System\zcacteR.exe

C:\Windows\System\zcacteR.exe

C:\Windows\System\blMWfEn.exe

C:\Windows\System\blMWfEn.exe

C:\Windows\System\nfEzhmU.exe

C:\Windows\System\nfEzhmU.exe

C:\Windows\System\ERKbHqf.exe

C:\Windows\System\ERKbHqf.exe

C:\Windows\System\DiSfFTu.exe

C:\Windows\System\DiSfFTu.exe

C:\Windows\System\GwPrUNS.exe

C:\Windows\System\GwPrUNS.exe

C:\Windows\System\zAIwScJ.exe

C:\Windows\System\zAIwScJ.exe

C:\Windows\System\GjhVroi.exe

C:\Windows\System\GjhVroi.exe

C:\Windows\System\wGigELz.exe

C:\Windows\System\wGigELz.exe

C:\Windows\System\KtLKQOT.exe

C:\Windows\System\KtLKQOT.exe

C:\Windows\System\JrsPalu.exe

C:\Windows\System\JrsPalu.exe

C:\Windows\System\KJHFfMb.exe

C:\Windows\System\KJHFfMb.exe

C:\Windows\System\dAMbhkM.exe

C:\Windows\System\dAMbhkM.exe

C:\Windows\System\bsJjgCL.exe

C:\Windows\System\bsJjgCL.exe

C:\Windows\System\CRKaMYb.exe

C:\Windows\System\CRKaMYb.exe

C:\Windows\System\uYbJLfp.exe

C:\Windows\System\uYbJLfp.exe

C:\Windows\System\ZlyiqpR.exe

C:\Windows\System\ZlyiqpR.exe

C:\Windows\System\MpTOHyA.exe

C:\Windows\System\MpTOHyA.exe

C:\Windows\System\lgMptyN.exe

C:\Windows\System\lgMptyN.exe

C:\Windows\System\IqltvxN.exe

C:\Windows\System\IqltvxN.exe

C:\Windows\System\ykhNRiU.exe

C:\Windows\System\ykhNRiU.exe

C:\Windows\System\vIANvYb.exe

C:\Windows\System\vIANvYb.exe

C:\Windows\System\ZpzmNGE.exe

C:\Windows\System\ZpzmNGE.exe

C:\Windows\System\VUHkSWI.exe

C:\Windows\System\VUHkSWI.exe

C:\Windows\System\vQwotQR.exe

C:\Windows\System\vQwotQR.exe

C:\Windows\System\mlbQDxI.exe

C:\Windows\System\mlbQDxI.exe

C:\Windows\System\NsiJEdQ.exe

C:\Windows\System\NsiJEdQ.exe

C:\Windows\System\VufLPnS.exe

C:\Windows\System\VufLPnS.exe

C:\Windows\System\iozuWig.exe

C:\Windows\System\iozuWig.exe

C:\Windows\System\fkRkZnc.exe

C:\Windows\System\fkRkZnc.exe

C:\Windows\System\HokfmqD.exe

C:\Windows\System\HokfmqD.exe

C:\Windows\System\rGNPphq.exe

C:\Windows\System\rGNPphq.exe

C:\Windows\System\rgbQfjR.exe

C:\Windows\System\rgbQfjR.exe

C:\Windows\System\NjtteSZ.exe

C:\Windows\System\NjtteSZ.exe

C:\Windows\System\zPAvUPi.exe

C:\Windows\System\zPAvUPi.exe

C:\Windows\System\KXxpuXW.exe

C:\Windows\System\KXxpuXW.exe

C:\Windows\System\jqkdOrH.exe

C:\Windows\System\jqkdOrH.exe

C:\Windows\System\GPxTjyN.exe

C:\Windows\System\GPxTjyN.exe

C:\Windows\System\ILhbrSz.exe

C:\Windows\System\ILhbrSz.exe

C:\Windows\System\AJKbNoa.exe

C:\Windows\System\AJKbNoa.exe

C:\Windows\System\MiUffqw.exe

C:\Windows\System\MiUffqw.exe

C:\Windows\System\KMCtQsn.exe

C:\Windows\System\KMCtQsn.exe

C:\Windows\System\hWOsNjk.exe

C:\Windows\System\hWOsNjk.exe

C:\Windows\System\ZFSLdaS.exe

C:\Windows\System\ZFSLdaS.exe

C:\Windows\System\wfOpoDl.exe

C:\Windows\System\wfOpoDl.exe

C:\Windows\System\dolDSve.exe

C:\Windows\System\dolDSve.exe

C:\Windows\System\Weflrtt.exe

C:\Windows\System\Weflrtt.exe

C:\Windows\System\RnHmiuV.exe

C:\Windows\System\RnHmiuV.exe

C:\Windows\System\jtAnguR.exe

C:\Windows\System\jtAnguR.exe

C:\Windows\System\JMkTXqZ.exe

C:\Windows\System\JMkTXqZ.exe

C:\Windows\System\OVuIOBl.exe

C:\Windows\System\OVuIOBl.exe

C:\Windows\System\giGgogq.exe

C:\Windows\System\giGgogq.exe

C:\Windows\System\Mmaxhgr.exe

C:\Windows\System\Mmaxhgr.exe

C:\Windows\System\DBhQkHR.exe

C:\Windows\System\DBhQkHR.exe

C:\Windows\System\NJHGzmt.exe

C:\Windows\System\NJHGzmt.exe

C:\Windows\System\GthjkOD.exe

C:\Windows\System\GthjkOD.exe

C:\Windows\System\BNmGfQq.exe

C:\Windows\System\BNmGfQq.exe

C:\Windows\System\NzFyjnH.exe

C:\Windows\System\NzFyjnH.exe

C:\Windows\System\VlqhteS.exe

C:\Windows\System\VlqhteS.exe

C:\Windows\System\QMPnrkB.exe

C:\Windows\System\QMPnrkB.exe

C:\Windows\System\RcBpOzc.exe

C:\Windows\System\RcBpOzc.exe

C:\Windows\System\gRhqXQX.exe

C:\Windows\System\gRhqXQX.exe

C:\Windows\System\bJsFmGs.exe

C:\Windows\System\bJsFmGs.exe

C:\Windows\System\RfTYtfC.exe

C:\Windows\System\RfTYtfC.exe

C:\Windows\System\LeuRMbF.exe

C:\Windows\System\LeuRMbF.exe

C:\Windows\System\sbJuaeB.exe

C:\Windows\System\sbJuaeB.exe

C:\Windows\System\WsLCMUh.exe

C:\Windows\System\WsLCMUh.exe

C:\Windows\System\JCBnAll.exe

C:\Windows\System\JCBnAll.exe

C:\Windows\System\CFeuxHW.exe

C:\Windows\System\CFeuxHW.exe

C:\Windows\System\KhwIdzX.exe

C:\Windows\System\KhwIdzX.exe

C:\Windows\System\ZlBZDJt.exe

C:\Windows\System\ZlBZDJt.exe

C:\Windows\System\ZPLtPEu.exe

C:\Windows\System\ZPLtPEu.exe

C:\Windows\System\fvpPsiE.exe

C:\Windows\System\fvpPsiE.exe

C:\Windows\System\vTjNnAu.exe

C:\Windows\System\vTjNnAu.exe

C:\Windows\System\FrIpbHQ.exe

C:\Windows\System\FrIpbHQ.exe

C:\Windows\System\KzDKceu.exe

C:\Windows\System\KzDKceu.exe

C:\Windows\System\wfzkjco.exe

C:\Windows\System\wfzkjco.exe

C:\Windows\System\XWRfyBA.exe

C:\Windows\System\XWRfyBA.exe

C:\Windows\System\fUUDuPX.exe

C:\Windows\System\fUUDuPX.exe

C:\Windows\System\PbnogzH.exe

C:\Windows\System\PbnogzH.exe

C:\Windows\System\oxKzDsW.exe

C:\Windows\System\oxKzDsW.exe

C:\Windows\System\HkaXNpi.exe

C:\Windows\System\HkaXNpi.exe

C:\Windows\System\omeBWzw.exe

C:\Windows\System\omeBWzw.exe

C:\Windows\System\zdXCgPd.exe

C:\Windows\System\zdXCgPd.exe

C:\Windows\System\ntAtVgC.exe

C:\Windows\System\ntAtVgC.exe

C:\Windows\System\nKJWCHT.exe

C:\Windows\System\nKJWCHT.exe

C:\Windows\System\PPJTpAg.exe

C:\Windows\System\PPJTpAg.exe

C:\Windows\System\sJpIVga.exe

C:\Windows\System\sJpIVga.exe

C:\Windows\System\MhnOBMM.exe

C:\Windows\System\MhnOBMM.exe

C:\Windows\System\LIbmdID.exe

C:\Windows\System\LIbmdID.exe

C:\Windows\System\aOjxtml.exe

C:\Windows\System\aOjxtml.exe

C:\Windows\System\MybSJtL.exe

C:\Windows\System\MybSJtL.exe

C:\Windows\System\XsHPQcP.exe

C:\Windows\System\XsHPQcP.exe

C:\Windows\System\meEMAqj.exe

C:\Windows\System\meEMAqj.exe

C:\Windows\System\KVMlALI.exe

C:\Windows\System\KVMlALI.exe

C:\Windows\System\NwjMxEb.exe

C:\Windows\System\NwjMxEb.exe

C:\Windows\System\orWrwpP.exe

C:\Windows\System\orWrwpP.exe

C:\Windows\System\uFgEuUW.exe

C:\Windows\System\uFgEuUW.exe

C:\Windows\System\cpYttve.exe

C:\Windows\System\cpYttve.exe

C:\Windows\System\uKLFVoo.exe

C:\Windows\System\uKLFVoo.exe

C:\Windows\System\rLvwRuM.exe

C:\Windows\System\rLvwRuM.exe

C:\Windows\System\HVbjCqN.exe

C:\Windows\System\HVbjCqN.exe

C:\Windows\System\SElPZbd.exe

C:\Windows\System\SElPZbd.exe

C:\Windows\System\ZVGmnmg.exe

C:\Windows\System\ZVGmnmg.exe

C:\Windows\System\aijUOxT.exe

C:\Windows\System\aijUOxT.exe

C:\Windows\System\Fgkwvaq.exe

C:\Windows\System\Fgkwvaq.exe

C:\Windows\System\RRGDjdD.exe

C:\Windows\System\RRGDjdD.exe

C:\Windows\System\VKLaLKy.exe

C:\Windows\System\VKLaLKy.exe

C:\Windows\System\HquMzMG.exe

C:\Windows\System\HquMzMG.exe

C:\Windows\System\AwtQUVQ.exe

C:\Windows\System\AwtQUVQ.exe

C:\Windows\System\lLnWguV.exe

C:\Windows\System\lLnWguV.exe

C:\Windows\System\ixLbnLU.exe

C:\Windows\System\ixLbnLU.exe

C:\Windows\System\gBTzIWZ.exe

C:\Windows\System\gBTzIWZ.exe

C:\Windows\System\gncCmCB.exe

C:\Windows\System\gncCmCB.exe

C:\Windows\System\ekyDxDb.exe

C:\Windows\System\ekyDxDb.exe

C:\Windows\System\lQCuVgR.exe

C:\Windows\System\lQCuVgR.exe

C:\Windows\System\zZTxQNY.exe

C:\Windows\System\zZTxQNY.exe

C:\Windows\System\EQzQVRD.exe

C:\Windows\System\EQzQVRD.exe

C:\Windows\System\AXphIgb.exe

C:\Windows\System\AXphIgb.exe

C:\Windows\System\ujZLpFw.exe

C:\Windows\System\ujZLpFw.exe

C:\Windows\System\hWxSoMa.exe

C:\Windows\System\hWxSoMa.exe

C:\Windows\System\gQUwlBJ.exe

C:\Windows\System\gQUwlBJ.exe

C:\Windows\System\FDubtPl.exe

C:\Windows\System\FDubtPl.exe

C:\Windows\System\kEXoejj.exe

C:\Windows\System\kEXoejj.exe

C:\Windows\System\ZHWMIBx.exe

C:\Windows\System\ZHWMIBx.exe

C:\Windows\System\RqAMqHe.exe

C:\Windows\System\RqAMqHe.exe

C:\Windows\System\QUHnfWx.exe

C:\Windows\System\QUHnfWx.exe

C:\Windows\System\fIMnkqw.exe

C:\Windows\System\fIMnkqw.exe

C:\Windows\System\dDSUbjB.exe

C:\Windows\System\dDSUbjB.exe

C:\Windows\System\eFoPOhb.exe

C:\Windows\System\eFoPOhb.exe

C:\Windows\System\gWsMCqw.exe

C:\Windows\System\gWsMCqw.exe

C:\Windows\System\TfqjzdX.exe

C:\Windows\System\TfqjzdX.exe

C:\Windows\System\wQvtvYK.exe

C:\Windows\System\wQvtvYK.exe

C:\Windows\System\xIbUTky.exe

C:\Windows\System\xIbUTky.exe

C:\Windows\System\LKSTGWE.exe

C:\Windows\System\LKSTGWE.exe

C:\Windows\System\nroDQAT.exe

C:\Windows\System\nroDQAT.exe

C:\Windows\System\oTItzmD.exe

C:\Windows\System\oTItzmD.exe

C:\Windows\System\QSXYNlx.exe

C:\Windows\System\QSXYNlx.exe

C:\Windows\System\ItTexZk.exe

C:\Windows\System\ItTexZk.exe

C:\Windows\System\jPQbvrU.exe

C:\Windows\System\jPQbvrU.exe

C:\Windows\System\MGHFfKm.exe

C:\Windows\System\MGHFfKm.exe

C:\Windows\System\ZkNStKy.exe

C:\Windows\System\ZkNStKy.exe

C:\Windows\System\oAvhxXT.exe

C:\Windows\System\oAvhxXT.exe

C:\Windows\System\cVfrkcC.exe

C:\Windows\System\cVfrkcC.exe

C:\Windows\System\uiGbhqh.exe

C:\Windows\System\uiGbhqh.exe

C:\Windows\System\FuGcNOQ.exe

C:\Windows\System\FuGcNOQ.exe

C:\Windows\System\JRjDLOd.exe

C:\Windows\System\JRjDLOd.exe

C:\Windows\System\vkpbTSD.exe

C:\Windows\System\vkpbTSD.exe

C:\Windows\System\ItDqDgG.exe

C:\Windows\System\ItDqDgG.exe

C:\Windows\System\UasiWPF.exe

C:\Windows\System\UasiWPF.exe

C:\Windows\System\yVstoTr.exe

C:\Windows\System\yVstoTr.exe

C:\Windows\System\xzhngxV.exe

C:\Windows\System\xzhngxV.exe

C:\Windows\System\gRkUqNM.exe

C:\Windows\System\gRkUqNM.exe

C:\Windows\System\AmUoitV.exe

C:\Windows\System\AmUoitV.exe

C:\Windows\System\mDvbabU.exe

C:\Windows\System\mDvbabU.exe

C:\Windows\System\LuzeORT.exe

C:\Windows\System\LuzeORT.exe

C:\Windows\System\kHNQvHa.exe

C:\Windows\System\kHNQvHa.exe

C:\Windows\System\XFWKAUO.exe

C:\Windows\System\XFWKAUO.exe

C:\Windows\System\VSRckFJ.exe

C:\Windows\System\VSRckFJ.exe

C:\Windows\System\CAvAUIl.exe

C:\Windows\System\CAvAUIl.exe

C:\Windows\System\DUnyubu.exe

C:\Windows\System\DUnyubu.exe

C:\Windows\System\juTTckN.exe

C:\Windows\System\juTTckN.exe

C:\Windows\System\CEHfhnj.exe

C:\Windows\System\CEHfhnj.exe

C:\Windows\System\FhyNwQa.exe

C:\Windows\System\FhyNwQa.exe

C:\Windows\System\EHKESCT.exe

C:\Windows\System\EHKESCT.exe

C:\Windows\System\HREmmuu.exe

C:\Windows\System\HREmmuu.exe

C:\Windows\System\kRAblqS.exe

C:\Windows\System\kRAblqS.exe

C:\Windows\System\fOEAaHw.exe

C:\Windows\System\fOEAaHw.exe

C:\Windows\System\aUuuCUq.exe

C:\Windows\System\aUuuCUq.exe

C:\Windows\System\gUkszJw.exe

C:\Windows\System\gUkszJw.exe

C:\Windows\System\bKRiBjD.exe

C:\Windows\System\bKRiBjD.exe

C:\Windows\System\KWwyrXa.exe

C:\Windows\System\KWwyrXa.exe

C:\Windows\System\HwPkcCL.exe

C:\Windows\System\HwPkcCL.exe

C:\Windows\System\eCwVnmb.exe

C:\Windows\System\eCwVnmb.exe

C:\Windows\System\wckUuJN.exe

C:\Windows\System\wckUuJN.exe

C:\Windows\System\NZHTfyL.exe

C:\Windows\System\NZHTfyL.exe

C:\Windows\System\KkgaHqK.exe

C:\Windows\System\KkgaHqK.exe

C:\Windows\System\KdlZPrZ.exe

C:\Windows\System\KdlZPrZ.exe

C:\Windows\System\UFFNUtq.exe

C:\Windows\System\UFFNUtq.exe

C:\Windows\System\LYQXPyr.exe

C:\Windows\System\LYQXPyr.exe

C:\Windows\System\RvMmykM.exe

C:\Windows\System\RvMmykM.exe

C:\Windows\System\vBXgjaf.exe

C:\Windows\System\vBXgjaf.exe

C:\Windows\System\btpmEcH.exe

C:\Windows\System\btpmEcH.exe

C:\Windows\System\kePFmoi.exe

C:\Windows\System\kePFmoi.exe

C:\Windows\System\wgWYZIW.exe

C:\Windows\System\wgWYZIW.exe

C:\Windows\System\HTovEUS.exe

C:\Windows\System\HTovEUS.exe

C:\Windows\System\gqZriDI.exe

C:\Windows\System\gqZriDI.exe

C:\Windows\System\rIwiYDh.exe

C:\Windows\System\rIwiYDh.exe

C:\Windows\System\WXMgVRd.exe

C:\Windows\System\WXMgVRd.exe

C:\Windows\System\lgGDOFP.exe

C:\Windows\System\lgGDOFP.exe

C:\Windows\System\ZHbuGMq.exe

C:\Windows\System\ZHbuGMq.exe

C:\Windows\System\TnMkIhL.exe

C:\Windows\System\TnMkIhL.exe

C:\Windows\System\FAJNPGy.exe

C:\Windows\System\FAJNPGy.exe

C:\Windows\System\PmAhhOE.exe

C:\Windows\System\PmAhhOE.exe

C:\Windows\System\HeBltos.exe

C:\Windows\System\HeBltos.exe

C:\Windows\System\cUjIYLw.exe

C:\Windows\System\cUjIYLw.exe

C:\Windows\System\zuRKynW.exe

C:\Windows\System\zuRKynW.exe

C:\Windows\System\VUySIiC.exe

C:\Windows\System\VUySIiC.exe

C:\Windows\System\lbVarqe.exe

C:\Windows\System\lbVarqe.exe

C:\Windows\System\GCQQBva.exe

C:\Windows\System\GCQQBva.exe

C:\Windows\System\wDvBfZD.exe

C:\Windows\System\wDvBfZD.exe

C:\Windows\System\ZYpMpeD.exe

C:\Windows\System\ZYpMpeD.exe

C:\Windows\System\JYCWqCE.exe

C:\Windows\System\JYCWqCE.exe

C:\Windows\System\HkLqMlB.exe

C:\Windows\System\HkLqMlB.exe

C:\Windows\System\YctXKRU.exe

C:\Windows\System\YctXKRU.exe

C:\Windows\System\VUrcHot.exe

C:\Windows\System\VUrcHot.exe

C:\Windows\System\eyvPjtK.exe

C:\Windows\System\eyvPjtK.exe

C:\Windows\System\KwGsBrW.exe

C:\Windows\System\KwGsBrW.exe

C:\Windows\System\duIFXvM.exe

C:\Windows\System\duIFXvM.exe

C:\Windows\System\zMnJQos.exe

C:\Windows\System\zMnJQos.exe

C:\Windows\System\MbIAIuf.exe

C:\Windows\System\MbIAIuf.exe

C:\Windows\System\WXBpVqB.exe

C:\Windows\System\WXBpVqB.exe

C:\Windows\System\AxLjoua.exe

C:\Windows\System\AxLjoua.exe

C:\Windows\System\UkSFtiz.exe

C:\Windows\System\UkSFtiz.exe

C:\Windows\System\VnQQkgp.exe

C:\Windows\System\VnQQkgp.exe

C:\Windows\System\gfRdTGW.exe

C:\Windows\System\gfRdTGW.exe

C:\Windows\System\mGFgLEl.exe

C:\Windows\System\mGFgLEl.exe

C:\Windows\System\dQuXsXF.exe

C:\Windows\System\dQuXsXF.exe

C:\Windows\System\nwSBCrE.exe

C:\Windows\System\nwSBCrE.exe

C:\Windows\System\HZtiICa.exe

C:\Windows\System\HZtiICa.exe

C:\Windows\System\NaUTlkn.exe

C:\Windows\System\NaUTlkn.exe

C:\Windows\System\mOTPwLf.exe

C:\Windows\System\mOTPwLf.exe

C:\Windows\System\kjwzGJA.exe

C:\Windows\System\kjwzGJA.exe

C:\Windows\System\FVXTEep.exe

C:\Windows\System\FVXTEep.exe

C:\Windows\System\UrIvjsa.exe

C:\Windows\System\UrIvjsa.exe

C:\Windows\System\FLsXAaP.exe

C:\Windows\System\FLsXAaP.exe

C:\Windows\System\TJeamyR.exe

C:\Windows\System\TJeamyR.exe

C:\Windows\System\pkuasZi.exe

C:\Windows\System\pkuasZi.exe

C:\Windows\System\ZDPdVQe.exe

C:\Windows\System\ZDPdVQe.exe

C:\Windows\System\gWsDFEl.exe

C:\Windows\System\gWsDFEl.exe

C:\Windows\System\etDMLem.exe

C:\Windows\System\etDMLem.exe

C:\Windows\System\kGyYRgB.exe

C:\Windows\System\kGyYRgB.exe

C:\Windows\System\UUbImLy.exe

C:\Windows\System\UUbImLy.exe

C:\Windows\System\QgUQudC.exe

C:\Windows\System\QgUQudC.exe

C:\Windows\System\fEbuyEY.exe

C:\Windows\System\fEbuyEY.exe

C:\Windows\System\WjAedyQ.exe

C:\Windows\System\WjAedyQ.exe

C:\Windows\System\AOVsUnm.exe

C:\Windows\System\AOVsUnm.exe

C:\Windows\System\VBCQKDr.exe

C:\Windows\System\VBCQKDr.exe

C:\Windows\System\AZTPTyT.exe

C:\Windows\System\AZTPTyT.exe

C:\Windows\System\OnhVEaI.exe

C:\Windows\System\OnhVEaI.exe

C:\Windows\System\rckULBc.exe

C:\Windows\System\rckULBc.exe

C:\Windows\System\pLyJLaf.exe

C:\Windows\System\pLyJLaf.exe

C:\Windows\System\QnXFDOz.exe

C:\Windows\System\QnXFDOz.exe

C:\Windows\System\hNyVEFR.exe

C:\Windows\System\hNyVEFR.exe

C:\Windows\System\ARvAxww.exe

C:\Windows\System\ARvAxww.exe

C:\Windows\System\AbDqArQ.exe

C:\Windows\System\AbDqArQ.exe

C:\Windows\System\uaxraGn.exe

C:\Windows\System\uaxraGn.exe

C:\Windows\System\EmtanXR.exe

C:\Windows\System\EmtanXR.exe

C:\Windows\System\xUuBCsI.exe

C:\Windows\System\xUuBCsI.exe

C:\Windows\System\iHYaRNq.exe

C:\Windows\System\iHYaRNq.exe

C:\Windows\System\ZOMBfXY.exe

C:\Windows\System\ZOMBfXY.exe

C:\Windows\System\WDKJnKp.exe

C:\Windows\System\WDKJnKp.exe

C:\Windows\System\MOIsgno.exe

C:\Windows\System\MOIsgno.exe

C:\Windows\System\XPLOCcg.exe

C:\Windows\System\XPLOCcg.exe

C:\Windows\System\uWMmPDd.exe

C:\Windows\System\uWMmPDd.exe

C:\Windows\System\MbLwEjn.exe

C:\Windows\System\MbLwEjn.exe

C:\Windows\System\skbNPGV.exe

C:\Windows\System\skbNPGV.exe

C:\Windows\System\ZvRfSwQ.exe

C:\Windows\System\ZvRfSwQ.exe

C:\Windows\System\JMVkFpA.exe

C:\Windows\System\JMVkFpA.exe

C:\Windows\System\qkmhrXc.exe

C:\Windows\System\qkmhrXc.exe

C:\Windows\System\WcwWggc.exe

C:\Windows\System\WcwWggc.exe

C:\Windows\System\QiHeeWz.exe

C:\Windows\System\QiHeeWz.exe

C:\Windows\System\jvJdqvE.exe

C:\Windows\System\jvJdqvE.exe

C:\Windows\System\UCrPyKx.exe

C:\Windows\System\UCrPyKx.exe

C:\Windows\System\laYUjfw.exe

C:\Windows\System\laYUjfw.exe

C:\Windows\System\DlMArqs.exe

C:\Windows\System\DlMArqs.exe

C:\Windows\System\QVjkYLe.exe

C:\Windows\System\QVjkYLe.exe

C:\Windows\System\XQyQjhJ.exe

C:\Windows\System\XQyQjhJ.exe

C:\Windows\System\FybGqPB.exe

C:\Windows\System\FybGqPB.exe

C:\Windows\System\omJUChC.exe

C:\Windows\System\omJUChC.exe

C:\Windows\System\rhouuMY.exe

C:\Windows\System\rhouuMY.exe

C:\Windows\System\GMYPlDU.exe

C:\Windows\System\GMYPlDU.exe

C:\Windows\System\zzmKwNt.exe

C:\Windows\System\zzmKwNt.exe

C:\Windows\System\GmGcccc.exe

C:\Windows\System\GmGcccc.exe

C:\Windows\System\JmrMxBa.exe

C:\Windows\System\JmrMxBa.exe

C:\Windows\System\WVuclQe.exe

C:\Windows\System\WVuclQe.exe

C:\Windows\System\Rppxqdl.exe

C:\Windows\System\Rppxqdl.exe

C:\Windows\System\avDCtFS.exe

C:\Windows\System\avDCtFS.exe

C:\Windows\System\kMFrruy.exe

C:\Windows\System\kMFrruy.exe

C:\Windows\System\ZQhFmTb.exe

C:\Windows\System\ZQhFmTb.exe

C:\Windows\System\qZVyIcT.exe

C:\Windows\System\qZVyIcT.exe

C:\Windows\System\qtWPBPt.exe

C:\Windows\System\qtWPBPt.exe

C:\Windows\System\LMMpLXN.exe

C:\Windows\System\LMMpLXN.exe

C:\Windows\System\uAUvRmE.exe

C:\Windows\System\uAUvRmE.exe

C:\Windows\System\uVsZZnk.exe

C:\Windows\System\uVsZZnk.exe

C:\Windows\System\jQErgAV.exe

C:\Windows\System\jQErgAV.exe

C:\Windows\System\APHvWfj.exe

C:\Windows\System\APHvWfj.exe

C:\Windows\System\uUBUfJd.exe

C:\Windows\System\uUBUfJd.exe

C:\Windows\System\snLCNGj.exe

C:\Windows\System\snLCNGj.exe

C:\Windows\System\mAtkGZx.exe

C:\Windows\System\mAtkGZx.exe

C:\Windows\System\NXXtoxx.exe

C:\Windows\System\NXXtoxx.exe

C:\Windows\System\ZmDwObO.exe

C:\Windows\System\ZmDwObO.exe

C:\Windows\System\mnhuCwo.exe

C:\Windows\System\mnhuCwo.exe

C:\Windows\System\EZLzlfZ.exe

C:\Windows\System\EZLzlfZ.exe

C:\Windows\System\kNPFTAt.exe

C:\Windows\System\kNPFTAt.exe

C:\Windows\System\reDnYYr.exe

C:\Windows\System\reDnYYr.exe

C:\Windows\System\lBAEyxY.exe

C:\Windows\System\lBAEyxY.exe

C:\Windows\System\rLGtfsz.exe

C:\Windows\System\rLGtfsz.exe

C:\Windows\System\FYPGsNa.exe

C:\Windows\System\FYPGsNa.exe

C:\Windows\System\bikDmGi.exe

C:\Windows\System\bikDmGi.exe

C:\Windows\System\MMMVtJl.exe

C:\Windows\System\MMMVtJl.exe

C:\Windows\System\fpEBpUs.exe

C:\Windows\System\fpEBpUs.exe

C:\Windows\System\jlPuVEt.exe

C:\Windows\System\jlPuVEt.exe

C:\Windows\System\WSjWVNW.exe

C:\Windows\System\WSjWVNW.exe

C:\Windows\System\OyroTUc.exe

C:\Windows\System\OyroTUc.exe

C:\Windows\System\bJVikrc.exe

C:\Windows\System\bJVikrc.exe

C:\Windows\System\CDQBeDd.exe

C:\Windows\System\CDQBeDd.exe

C:\Windows\System\yhKszil.exe

C:\Windows\System\yhKszil.exe

C:\Windows\System\HGjGHmT.exe

C:\Windows\System\HGjGHmT.exe

C:\Windows\System\PgSaOzy.exe

C:\Windows\System\PgSaOzy.exe

C:\Windows\System\JXDodNG.exe

C:\Windows\System\JXDodNG.exe

C:\Windows\System\fpxZgml.exe

C:\Windows\System\fpxZgml.exe

C:\Windows\System\wOCpPDT.exe

C:\Windows\System\wOCpPDT.exe

C:\Windows\System\myKuJIi.exe

C:\Windows\System\myKuJIi.exe

C:\Windows\System\bZmeArq.exe

C:\Windows\System\bZmeArq.exe

C:\Windows\System\qtWYVGZ.exe

C:\Windows\System\qtWYVGZ.exe

C:\Windows\System\dlwKtjC.exe

C:\Windows\System\dlwKtjC.exe

C:\Windows\System\bwLLGFa.exe

C:\Windows\System\bwLLGFa.exe

C:\Windows\System\ckuLPTf.exe

C:\Windows\System\ckuLPTf.exe

C:\Windows\System\EgBOTeU.exe

C:\Windows\System\EgBOTeU.exe

C:\Windows\System\gBogztN.exe

C:\Windows\System\gBogztN.exe

C:\Windows\System\eDoGpdv.exe

C:\Windows\System\eDoGpdv.exe

C:\Windows\System\FTcGkWW.exe

C:\Windows\System\FTcGkWW.exe

C:\Windows\System\AgurcFM.exe

C:\Windows\System\AgurcFM.exe

C:\Windows\System\NlAwoeN.exe

C:\Windows\System\NlAwoeN.exe

C:\Windows\System\kaoVzvh.exe

C:\Windows\System\kaoVzvh.exe

C:\Windows\System\ZDWpDxI.exe

C:\Windows\System\ZDWpDxI.exe

C:\Windows\System\ckyKDUC.exe

C:\Windows\System\ckyKDUC.exe

C:\Windows\System\UyoRvBO.exe

C:\Windows\System\UyoRvBO.exe

C:\Windows\System\QecFvTV.exe

C:\Windows\System\QecFvTV.exe

C:\Windows\System\GAsNqUF.exe

C:\Windows\System\GAsNqUF.exe

C:\Windows\System\wLDgtKY.exe

C:\Windows\System\wLDgtKY.exe

C:\Windows\System\loDxBlh.exe

C:\Windows\System\loDxBlh.exe

C:\Windows\System\BmCzFVE.exe

C:\Windows\System\BmCzFVE.exe

C:\Windows\System\MfjOsVx.exe

C:\Windows\System\MfjOsVx.exe

C:\Windows\System\BSpdOSe.exe

C:\Windows\System\BSpdOSe.exe

C:\Windows\System\jhLSqtH.exe

C:\Windows\System\jhLSqtH.exe

C:\Windows\System\JbNjPmb.exe

C:\Windows\System\JbNjPmb.exe

C:\Windows\System\AOunmIe.exe

C:\Windows\System\AOunmIe.exe

C:\Windows\System\KHMvPMe.exe

C:\Windows\System\KHMvPMe.exe

C:\Windows\System\WIfwXtE.exe

C:\Windows\System\WIfwXtE.exe

C:\Windows\System\GcIOEzD.exe

C:\Windows\System\GcIOEzD.exe

C:\Windows\System\wFDzcKe.exe

C:\Windows\System\wFDzcKe.exe

C:\Windows\System\VXfAlvu.exe

C:\Windows\System\VXfAlvu.exe

C:\Windows\System\YuczNLK.exe

C:\Windows\System\YuczNLK.exe

C:\Windows\System\wCODLEA.exe

C:\Windows\System\wCODLEA.exe

C:\Windows\System\RZNjwCL.exe

C:\Windows\System\RZNjwCL.exe

C:\Windows\System\uHIhIyF.exe

C:\Windows\System\uHIhIyF.exe

C:\Windows\System\MMZZHno.exe

C:\Windows\System\MMZZHno.exe

C:\Windows\System\iQMykOo.exe

C:\Windows\System\iQMykOo.exe

C:\Windows\System\LTocJrp.exe

C:\Windows\System\LTocJrp.exe

C:\Windows\System\FkLwjSD.exe

C:\Windows\System\FkLwjSD.exe

C:\Windows\System\ddCYPOd.exe

C:\Windows\System\ddCYPOd.exe

C:\Windows\System\EsAtSiu.exe

C:\Windows\System\EsAtSiu.exe

C:\Windows\System\WzXKdwt.exe

C:\Windows\System\WzXKdwt.exe

C:\Windows\System\tjqOGXB.exe

C:\Windows\System\tjqOGXB.exe

C:\Windows\System\zasQldV.exe

C:\Windows\System\zasQldV.exe

C:\Windows\System\dxdqhNN.exe

C:\Windows\System\dxdqhNN.exe

C:\Windows\System\OZRDGTT.exe

C:\Windows\System\OZRDGTT.exe

C:\Windows\System\wVPALse.exe

C:\Windows\System\wVPALse.exe

C:\Windows\System\LsgrKbe.exe

C:\Windows\System\LsgrKbe.exe

C:\Windows\System\mKoyrIa.exe

C:\Windows\System\mKoyrIa.exe

C:\Windows\System\iKAEKlx.exe

C:\Windows\System\iKAEKlx.exe

C:\Windows\System\rqNVEhr.exe

C:\Windows\System\rqNVEhr.exe

C:\Windows\System\syQftMy.exe

C:\Windows\System\syQftMy.exe

C:\Windows\System\OUkRsxm.exe

C:\Windows\System\OUkRsxm.exe

C:\Windows\System\fpMaOUm.exe

C:\Windows\System\fpMaOUm.exe

C:\Windows\System\nbfOawl.exe

C:\Windows\System\nbfOawl.exe

C:\Windows\System\jpCXrnQ.exe

C:\Windows\System\jpCXrnQ.exe

C:\Windows\System\Gmqrklo.exe

C:\Windows\System\Gmqrklo.exe

C:\Windows\System\vQUWNUX.exe

C:\Windows\System\vQUWNUX.exe

C:\Windows\System\sMqcMhZ.exe

C:\Windows\System\sMqcMhZ.exe

C:\Windows\System\iHpRiSw.exe

C:\Windows\System\iHpRiSw.exe

C:\Windows\System\oNIZsDp.exe

C:\Windows\System\oNIZsDp.exe

C:\Windows\System\IwZyXiE.exe

C:\Windows\System\IwZyXiE.exe

C:\Windows\System\jlpLBgT.exe

C:\Windows\System\jlpLBgT.exe

C:\Windows\System\BRtgQGi.exe

C:\Windows\System\BRtgQGi.exe

C:\Windows\System\tVturEs.exe

C:\Windows\System\tVturEs.exe

C:\Windows\System\sYzeFqg.exe

C:\Windows\System\sYzeFqg.exe

C:\Windows\System\eMSsxPc.exe

C:\Windows\System\eMSsxPc.exe

C:\Windows\System\WnKTMEE.exe

C:\Windows\System\WnKTMEE.exe

C:\Windows\System\arefevm.exe

C:\Windows\System\arefevm.exe

C:\Windows\System\FKtIgqx.exe

C:\Windows\System\FKtIgqx.exe

C:\Windows\System\eofEbDe.exe

C:\Windows\System\eofEbDe.exe

C:\Windows\System\bEtavHd.exe

C:\Windows\System\bEtavHd.exe

C:\Windows\System\onnhvCJ.exe

C:\Windows\System\onnhvCJ.exe

C:\Windows\System\CcyyDyV.exe

C:\Windows\System\CcyyDyV.exe

C:\Windows\System\GIzuwYW.exe

C:\Windows\System\GIzuwYW.exe

C:\Windows\System\oquqjiq.exe

C:\Windows\System\oquqjiq.exe

C:\Windows\System\HrofVnB.exe

C:\Windows\System\HrofVnB.exe

C:\Windows\System\UHIhviw.exe

C:\Windows\System\UHIhviw.exe

C:\Windows\System\qbniYOL.exe

C:\Windows\System\qbniYOL.exe

C:\Windows\System\mwwJUjt.exe

C:\Windows\System\mwwJUjt.exe

C:\Windows\System\mzOftuA.exe

C:\Windows\System\mzOftuA.exe

C:\Windows\System\NgvockV.exe

C:\Windows\System\NgvockV.exe

C:\Windows\System\RWxkkhD.exe

C:\Windows\System\RWxkkhD.exe

C:\Windows\System\dtoBZiY.exe

C:\Windows\System\dtoBZiY.exe

C:\Windows\System\rbKYUGG.exe

C:\Windows\System\rbKYUGG.exe

C:\Windows\System\qhqKoUm.exe

C:\Windows\System\qhqKoUm.exe

C:\Windows\System\JqdyfsC.exe

C:\Windows\System\JqdyfsC.exe

C:\Windows\System\dxfksme.exe

C:\Windows\System\dxfksme.exe

C:\Windows\System\scuSEZR.exe

C:\Windows\System\scuSEZR.exe

C:\Windows\System\aNQkLOs.exe

C:\Windows\System\aNQkLOs.exe

C:\Windows\System\CYYnnuF.exe

C:\Windows\System\CYYnnuF.exe

C:\Windows\System\MXDvlsl.exe

C:\Windows\System\MXDvlsl.exe

C:\Windows\System\tTsJsFw.exe

C:\Windows\System\tTsJsFw.exe

C:\Windows\System\jBWjvQy.exe

C:\Windows\System\jBWjvQy.exe

C:\Windows\System\uIohIzy.exe

C:\Windows\System\uIohIzy.exe

C:\Windows\System\cQvbDdr.exe

C:\Windows\System\cQvbDdr.exe

C:\Windows\System\SnzMkHK.exe

C:\Windows\System\SnzMkHK.exe

C:\Windows\System\tQikdBO.exe

C:\Windows\System\tQikdBO.exe

C:\Windows\System\qhBrBRF.exe

C:\Windows\System\qhBrBRF.exe

C:\Windows\System\hWDVcVj.exe

C:\Windows\System\hWDVcVj.exe

C:\Windows\System\fyanUrY.exe

C:\Windows\System\fyanUrY.exe

C:\Windows\System\jfpxRYC.exe

C:\Windows\System\jfpxRYC.exe

C:\Windows\System\iHcKTwu.exe

C:\Windows\System\iHcKTwu.exe

C:\Windows\System\NlAVJDh.exe

C:\Windows\System\NlAVJDh.exe

C:\Windows\System\yIwyERJ.exe

C:\Windows\System\yIwyERJ.exe

C:\Windows\System\hprCmuL.exe

C:\Windows\System\hprCmuL.exe

C:\Windows\System\NhxRVZj.exe

C:\Windows\System\NhxRVZj.exe

C:\Windows\System\chQCesh.exe

C:\Windows\System\chQCesh.exe

C:\Windows\System\VTjPNHz.exe

C:\Windows\System\VTjPNHz.exe

C:\Windows\System\lkLOqZU.exe

C:\Windows\System\lkLOqZU.exe

C:\Windows\System\zVekuwG.exe

C:\Windows\System\zVekuwG.exe

C:\Windows\System\UpbAHBm.exe

C:\Windows\System\UpbAHBm.exe

C:\Windows\System\OdUwUVJ.exe

C:\Windows\System\OdUwUVJ.exe

C:\Windows\System\EhvJYdW.exe

C:\Windows\System\EhvJYdW.exe

C:\Windows\System\MdXHdMb.exe

C:\Windows\System\MdXHdMb.exe

C:\Windows\System\JbehKiP.exe

C:\Windows\System\JbehKiP.exe

C:\Windows\System\EIoAnJp.exe

C:\Windows\System\EIoAnJp.exe

C:\Windows\System\iteaRal.exe

C:\Windows\System\iteaRal.exe

C:\Windows\System\fmPkDrR.exe

C:\Windows\System\fmPkDrR.exe

C:\Windows\System\myANTFC.exe

C:\Windows\System\myANTFC.exe

C:\Windows\System\FGDRGdQ.exe

C:\Windows\System\FGDRGdQ.exe

C:\Windows\System\VrsTlov.exe

C:\Windows\System\VrsTlov.exe

C:\Windows\System\vnoMbxI.exe

C:\Windows\System\vnoMbxI.exe

C:\Windows\System\SgftAbV.exe

C:\Windows\System\SgftAbV.exe

C:\Windows\System\MBBPGbd.exe

C:\Windows\System\MBBPGbd.exe

C:\Windows\System\gwtBPAp.exe

C:\Windows\System\gwtBPAp.exe

C:\Windows\System\SqUoaNx.exe

C:\Windows\System\SqUoaNx.exe

C:\Windows\System\gyyxdpc.exe

C:\Windows\System\gyyxdpc.exe

C:\Windows\System\BwJQbiK.exe

C:\Windows\System\BwJQbiK.exe

C:\Windows\System\HCXFmFM.exe

C:\Windows\System\HCXFmFM.exe

C:\Windows\System\iuEYnTu.exe

C:\Windows\System\iuEYnTu.exe

C:\Windows\System\YJYKluc.exe

C:\Windows\System\YJYKluc.exe

C:\Windows\System\CrVVOUC.exe

C:\Windows\System\CrVVOUC.exe

C:\Windows\System\zrJNIOq.exe

C:\Windows\System\zrJNIOq.exe

C:\Windows\System\LZbzbRy.exe

C:\Windows\System\LZbzbRy.exe

C:\Windows\System\jYYyXlD.exe

C:\Windows\System\jYYyXlD.exe

C:\Windows\System\SDbtOOa.exe

C:\Windows\System\SDbtOOa.exe

C:\Windows\System\HavpDex.exe

C:\Windows\System\HavpDex.exe

C:\Windows\System\QvdJuUc.exe

C:\Windows\System\QvdJuUc.exe

C:\Windows\System\PzgVrUi.exe

C:\Windows\System\PzgVrUi.exe

C:\Windows\System\MyDwLOx.exe

C:\Windows\System\MyDwLOx.exe

C:\Windows\System\mWzWYkz.exe

C:\Windows\System\mWzWYkz.exe

C:\Windows\System\WMIOBLW.exe

C:\Windows\System\WMIOBLW.exe

C:\Windows\System\WbeQMpF.exe

C:\Windows\System\WbeQMpF.exe

C:\Windows\System\nzseeem.exe

C:\Windows\System\nzseeem.exe

C:\Windows\System\PKyCnAG.exe

C:\Windows\System\PKyCnAG.exe

C:\Windows\System\elAoeyQ.exe

C:\Windows\System\elAoeyQ.exe

C:\Windows\System\SaCmcIy.exe

C:\Windows\System\SaCmcIy.exe

C:\Windows\System\cuNcIpS.exe

C:\Windows\System\cuNcIpS.exe

C:\Windows\System\oOnrupF.exe

C:\Windows\System\oOnrupF.exe

C:\Windows\System\EfsWYPm.exe

C:\Windows\System\EfsWYPm.exe

C:\Windows\System\qfLpaem.exe

C:\Windows\System\qfLpaem.exe

C:\Windows\System\zlgmCWi.exe

C:\Windows\System\zlgmCWi.exe

C:\Windows\System\hUxjVoW.exe

C:\Windows\System\hUxjVoW.exe

C:\Windows\System\ShYnBRg.exe

C:\Windows\System\ShYnBRg.exe

C:\Windows\System\xOwDiMR.exe

C:\Windows\System\xOwDiMR.exe

C:\Windows\System\pbyGkWz.exe

C:\Windows\System\pbyGkWz.exe

C:\Windows\System\mBvMAPs.exe

C:\Windows\System\mBvMAPs.exe

C:\Windows\System\OOBZzTz.exe

C:\Windows\System\OOBZzTz.exe

C:\Windows\System\OvIZEMA.exe

C:\Windows\System\OvIZEMA.exe

C:\Windows\System\bTOKzwY.exe

C:\Windows\System\bTOKzwY.exe

C:\Windows\System\vQZQnsf.exe

C:\Windows\System\vQZQnsf.exe

C:\Windows\System\xmLxgNl.exe

C:\Windows\System\xmLxgNl.exe

C:\Windows\System\bEKmKAB.exe

C:\Windows\System\bEKmKAB.exe

C:\Windows\System\vxYXAox.exe

C:\Windows\System\vxYXAox.exe

C:\Windows\System\HmczQvn.exe

C:\Windows\System\HmczQvn.exe

C:\Windows\System\JWAnPtq.exe

C:\Windows\System\JWAnPtq.exe

C:\Windows\System\HONRzXR.exe

C:\Windows\System\HONRzXR.exe

C:\Windows\System\swdVZNU.exe

C:\Windows\System\swdVZNU.exe

C:\Windows\System\Wcqscst.exe

C:\Windows\System\Wcqscst.exe

C:\Windows\System\NCeBGZs.exe

C:\Windows\System\NCeBGZs.exe

C:\Windows\System\KPNJVYc.exe

C:\Windows\System\KPNJVYc.exe

C:\Windows\System\TrnbRVO.exe

C:\Windows\System\TrnbRVO.exe

C:\Windows\System\vbHdNLU.exe

C:\Windows\System\vbHdNLU.exe

C:\Windows\System\kzYbmcX.exe

C:\Windows\System\kzYbmcX.exe

C:\Windows\System\vDhQjKP.exe

C:\Windows\System\vDhQjKP.exe

C:\Windows\System\aPBHrsn.exe

C:\Windows\System\aPBHrsn.exe

C:\Windows\System\lNJwfVs.exe

C:\Windows\System\lNJwfVs.exe

C:\Windows\System\tIfqjaq.exe

C:\Windows\System\tIfqjaq.exe

C:\Windows\System\xfQEalz.exe

C:\Windows\System\xfQEalz.exe

C:\Windows\System\sBqeKMC.exe

C:\Windows\System\sBqeKMC.exe

C:\Windows\System\KspAatc.exe

C:\Windows\System\KspAatc.exe

C:\Windows\System\wmmFghm.exe

C:\Windows\System\wmmFghm.exe

C:\Windows\System\UsQpzzw.exe

C:\Windows\System\UsQpzzw.exe

C:\Windows\System\QXRjebH.exe

C:\Windows\System\QXRjebH.exe

C:\Windows\System\WAKuggs.exe

C:\Windows\System\WAKuggs.exe

C:\Windows\System\RqjdArN.exe

C:\Windows\System\RqjdArN.exe

C:\Windows\System\lUGhESx.exe

C:\Windows\System\lUGhESx.exe

C:\Windows\System\ZiSgIvv.exe

C:\Windows\System\ZiSgIvv.exe

C:\Windows\System\HoWxxgx.exe

C:\Windows\System\HoWxxgx.exe

C:\Windows\System\rxecbbp.exe

C:\Windows\System\rxecbbp.exe

C:\Windows\System\ywHsDDK.exe

C:\Windows\System\ywHsDDK.exe

C:\Windows\System\limOJSb.exe

C:\Windows\System\limOJSb.exe

C:\Windows\System\ABGyzLZ.exe

C:\Windows\System\ABGyzLZ.exe

C:\Windows\System\OzXKIHG.exe

C:\Windows\System\OzXKIHG.exe

C:\Windows\System\FSIVBro.exe

C:\Windows\System\FSIVBro.exe

C:\Windows\System\VJqHyME.exe

C:\Windows\System\VJqHyME.exe

C:\Windows\System\tQvANHB.exe

C:\Windows\System\tQvANHB.exe

C:\Windows\System\NfDufye.exe

C:\Windows\System\NfDufye.exe

C:\Windows\System\GyvdfTe.exe

C:\Windows\System\GyvdfTe.exe

C:\Windows\System\IOlukDL.exe

C:\Windows\System\IOlukDL.exe

C:\Windows\System\JufTeiD.exe

C:\Windows\System\JufTeiD.exe

C:\Windows\System\aCcVhvo.exe

C:\Windows\System\aCcVhvo.exe

C:\Windows\System\DPscVPw.exe

C:\Windows\System\DPscVPw.exe

C:\Windows\System\TelnFyz.exe

C:\Windows\System\TelnFyz.exe

C:\Windows\System\ZAXUYTN.exe

C:\Windows\System\ZAXUYTN.exe

C:\Windows\System\NKQcjtm.exe

C:\Windows\System\NKQcjtm.exe

C:\Windows\System\AggdYyb.exe

C:\Windows\System\AggdYyb.exe

C:\Windows\System\VHcBccY.exe

C:\Windows\System\VHcBccY.exe

C:\Windows\System\mKEjpbs.exe

C:\Windows\System\mKEjpbs.exe

C:\Windows\System\DwselcB.exe

C:\Windows\System\DwselcB.exe

C:\Windows\System\fGpHFUY.exe

C:\Windows\System\fGpHFUY.exe

C:\Windows\System\verHrNv.exe

C:\Windows\System\verHrNv.exe

C:\Windows\System\iTcAGjQ.exe

C:\Windows\System\iTcAGjQ.exe

C:\Windows\System\xGDEJho.exe

C:\Windows\System\xGDEJho.exe

C:\Windows\System\wKRQpCo.exe

C:\Windows\System\wKRQpCo.exe

C:\Windows\System\ytzLYYm.exe

C:\Windows\System\ytzLYYm.exe

C:\Windows\System\nCRiSOS.exe

C:\Windows\System\nCRiSOS.exe

C:\Windows\System\CiVQhlF.exe

C:\Windows\System\CiVQhlF.exe

C:\Windows\System\yAuDFtN.exe

C:\Windows\System\yAuDFtN.exe

C:\Windows\System\MdgGgcf.exe

C:\Windows\System\MdgGgcf.exe

C:\Windows\System\edUaXMG.exe

C:\Windows\System\edUaXMG.exe

C:\Windows\System\kGggbOJ.exe

C:\Windows\System\kGggbOJ.exe

C:\Windows\System\XtQuiKz.exe

C:\Windows\System\XtQuiKz.exe

C:\Windows\System\JPaAkbI.exe

C:\Windows\System\JPaAkbI.exe

C:\Windows\System\XusmkbA.exe

C:\Windows\System\XusmkbA.exe

C:\Windows\System\qUjdeyT.exe

C:\Windows\System\qUjdeyT.exe

C:\Windows\System\IReDepO.exe

C:\Windows\System\IReDepO.exe

C:\Windows\System\ACpdokj.exe

C:\Windows\System\ACpdokj.exe

C:\Windows\System\udcSobO.exe

C:\Windows\System\udcSobO.exe

C:\Windows\System\SEMbQqT.exe

C:\Windows\System\SEMbQqT.exe

C:\Windows\System\idpnWqD.exe

C:\Windows\System\idpnWqD.exe

C:\Windows\System\erfwvje.exe

C:\Windows\System\erfwvje.exe

C:\Windows\System\qBoFdVh.exe

C:\Windows\System\qBoFdVh.exe

C:\Windows\System\pGAhUKw.exe

C:\Windows\System\pGAhUKw.exe

C:\Windows\System\HhjZXmm.exe

C:\Windows\System\HhjZXmm.exe

C:\Windows\System\XoXJFCn.exe

C:\Windows\System\XoXJFCn.exe

C:\Windows\System\GKABaQE.exe

C:\Windows\System\GKABaQE.exe

C:\Windows\System\sayoZrC.exe

C:\Windows\System\sayoZrC.exe

C:\Windows\System\cmCLYrp.exe

C:\Windows\System\cmCLYrp.exe

C:\Windows\System\ihDatBR.exe

C:\Windows\System\ihDatBR.exe

C:\Windows\System\vMjatwS.exe

C:\Windows\System\vMjatwS.exe

C:\Windows\System\amLqQBR.exe

C:\Windows\System\amLqQBR.exe

C:\Windows\System\GQEbkFm.exe

C:\Windows\System\GQEbkFm.exe

C:\Windows\System\SJMeOUX.exe

C:\Windows\System\SJMeOUX.exe

C:\Windows\System\aLpVuur.exe

C:\Windows\System\aLpVuur.exe

C:\Windows\System\sskwxCs.exe

C:\Windows\System\sskwxCs.exe

C:\Windows\System\nVwXLxw.exe

C:\Windows\System\nVwXLxw.exe

C:\Windows\System\HblOkex.exe

C:\Windows\System\HblOkex.exe

C:\Windows\System\RmIvgDK.exe

C:\Windows\System\RmIvgDK.exe

C:\Windows\System\jpLGIDO.exe

C:\Windows\System\jpLGIDO.exe

C:\Windows\System\RMDmOyo.exe

C:\Windows\System\RMDmOyo.exe

C:\Windows\System\BhRnaeV.exe

C:\Windows\System\BhRnaeV.exe

C:\Windows\System\DvZFOqs.exe

C:\Windows\System\DvZFOqs.exe

C:\Windows\System\uyzONUR.exe

C:\Windows\System\uyzONUR.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2264-0-0x000000013FDE0000-0x00000001401D2000-memory.dmp

memory/2264-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\nJEXIKp.exe

MD5 9f7b769ee56c20dcd8884d16152598b4
SHA1 2c78abcdd9b41d78fe2325d85f463d59c966f1fc
SHA256 7c694036447dadb80ebfb1d3eb7ab4e58727c1ee50a469698df11b9bfc754766
SHA512 b33d44078c2f1add72f209287b755a150ec4992248c7524680fdd49828b789dc6e5261b147716d31109e944ed1bb1dc6c921e32adad9c7b5fbd8e4b185ee6773

C:\Windows\system\XJTmtGe.exe

MD5 f58a4d1157abf184fe383c8ff04ed280
SHA1 521318c1564484cd2b87a0c19f933052fa74350f
SHA256 3fac56a4793e04caa2a062a20bbdf7f7c4cbb30862a0ce72352c85ddcbaff6e2
SHA512 16261bda87e34df5f25110c2e79ad4314824ac29b5783ac586a0e2f3f694198a176666f3ae5a453529b921a166f838cdf819d410068d9a5c512c4eb44aae3b05

memory/2264-25-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

memory/2264-30-0x000000013F6D0000-0x000000013FAC2000-memory.dmp

memory/2264-29-0x000000013F860000-0x000000013FC52000-memory.dmp

\Windows\system\izwlOjV.exe

MD5 46d4787c606515537d98a0fe09327491
SHA1 44c7370f75dd3f4c3c0344a1dce37f8cb625d87e
SHA256 0145bd9345132c4095c840043c771b85fd1ab20fc16b5e34bfeecf09ac5a8648
SHA512 b05d6d4de0c811528fd0321fa8c6ddab268c97aee3c8a96c149b4e184ff2ef33b256a8eda93d8412a516eaf1f887a30d1c1a0953362d94cf11f43c002ae65f6d

memory/1928-33-0x000000013F860000-0x000000013FC52000-memory.dmp

C:\Windows\system\fPsDRsr.exe

MD5 6286a2e403627cc016a76dd6902876f5
SHA1 41b7e1e148083de36b57b1f9f787ae0f1b8400e3
SHA256 c2e45ef9ff8e59e4b8b0d9e48a1f2fe333788d5b35b47fdf8545530bdb917be2
SHA512 8eb0cb137ce194353f5f28d15899b2c77fae2903e040bcb20cc80094734b966e3bf4fa7fe40f7ae1276129349cc532c38aaee783725f82a76579f3d5a2b3766a

C:\Windows\system\ZLHlDPa.exe

MD5 667262b4aee446df0b99bc629a759607
SHA1 467a99e600641dfc3bb46796dccbb060961cbad3
SHA256 f6873e89042fcf3fcbe0c50632737632f3e80c9b0a84f65acba4f875591cf025
SHA512 1a3b64b333de523e67a2722e46f9dae1407bf66ab8ecfe2995fbe2db00b8bbe2342bf86679f279d707903da35cda76095c7d389885b39dacfcd9dfe61a3175b0

memory/2264-85-0x0000000003550000-0x0000000003942000-memory.dmp

C:\Windows\system\qhDVYWs.exe

MD5 cb1273070797a631c48c5f3840df83c3
SHA1 1653bde7fa70aed1c1d9815c61a0a63d8f1d06b0
SHA256 067e25f7622f1ae206b5d9c744b696a0d0ca24e9b8c8bd80db3f51e73ab9d02c
SHA512 dbafdf05fbc1554cdc5f80f82a142b2c0e6e356c37a48318959210f55287b8160bd2d4ace6209648b2cc6bf82af7568dc3a5788c7edac83f3df204dcf6c9aff9

memory/1704-90-0x000000013FA40000-0x000000013FE32000-memory.dmp

memory/2264-91-0x000000013F160000-0x000000013F552000-memory.dmp

memory/2488-92-0x000000013F950000-0x000000013FD42000-memory.dmp

\Windows\system\FLleypW.exe

MD5 b65167aac3f9e79e5b56ac5d9e23f0e2
SHA1 00df3818bd153851526178a766370d619298004e
SHA256 e2346cc2af906f58213db45a2f46296b94647895066f796ab9189a373c50cb95
SHA512 4389b86301fc11ea289dbc7a83e94ca1a9d87c2cd403f77d1097b10f381850e34286b3bef2f579dccb8853d5497a7c77c2952ccdb72f2e8e8508f66c0716639e

C:\Windows\system\nZexmrT.exe

MD5 68b5d3ed9fd39b81fbfe1d9427fe9820
SHA1 7220af89025fa39deec21c4c33fb1f199372a74a
SHA256 8c9f9341d657a235ae0d232474d951ceb06c995f1f356592b5d457f892a59924
SHA512 cf4b92b285cb88e15b34a2ca15ff3859fcb8b2a41d11a6862f2c03b3ec1adb3172e89fa02438b3ec6571fa436b45da3562169b9e53dad5e39ff074bc4db2bdf2

\Windows\system\rgWcklo.exe

MD5 934f9eaf4e6f320f32ba7c83b0f4b9b2
SHA1 9a4d1a9ba80f91fc47e50c2cd43337b2658eea48
SHA256 f2789a767dd253377bba91893dc4b23377b0e72fef45ed63b65e6b6cea551a04
SHA512 77a4d31571bcab291ed3d9991f0a581142009510e31c2d48b1125d813dfb4f3493a5ee7f7e63e07423b96ac1b34029f784b26591924ee49811c719fa5f7857e8

C:\Windows\system\DQxZghc.exe

MD5 a82f62a00c2746bce19c390da3540708
SHA1 b55757fa498efbf1d3d91f1c38ecd4fafcc6f016
SHA256 4fe9d8e877d35e7f051a2747d86d58501c86fa5478198be6a6e5785d7ab1a338
SHA512 d5f9c624ccea0a83fc2b09df21b1bdb5dcf449f3f760624d280a6d6b056d0930f661e7788c12c844c62ee0b7d1b1a3dc6d349ea2d3a2b7dea3f2903e0981c401

C:\Windows\system\lDVYQVm.exe

MD5 6af9560af38119610d40dfaa57d16a6e
SHA1 09f9c7662e8137f2979de98b8ee9a1291d2f1068
SHA256 b3b7f6c4d5b41bb42efc44b567c9bef3aa1dea35f09b3b6972c4a3c2df043dd3
SHA512 d28680d1e0825c25e58a7ef4f2ee3d0ea2c8f127517a86e2a2fdfa09c50ad16e9d82eab2bc4dd4ce7371cd98779f4422cc24e24f81b1f6ffba1c2c962d8aec54

C:\Windows\system\yVHZDSO.exe

MD5 b545a871d099e0f2ad367d7a7bf53c46
SHA1 a632b76393abda13ae1b27e45c6dabfe7e5f2834
SHA256 1d1c5088a10a9930b0bb43a553daeb6c2b0e1a57cd1f9e4e769b486b29d7ec69
SHA512 1fc1b8427b0c296b344b83764116a337d8ab93eb4da4087b1ecd6b37b8bf488d7782c1b2db8c3fd80d7b0d85d90bc3e18ef6639486acc65a6662434de65a8329

\Windows\system\yUatQTc.exe

MD5 74aa8312b6df898989f25c2d8eb22500
SHA1 84cdb0f28f8a417a7bcc4f6c37aa18452920d9f1
SHA256 28f50df5df9ad220705ad0e04b4a2d797dacc506255462dbed60ca0c1e605f8e
SHA512 3b1f042a63a17009d13982418c244ac56360aba9bcc581d17d40bb5e32ab8545800ad15d1ab4e1436d7620239cd803d5272c6cbb768f1ed8854ae5fecf8755be

memory/2172-226-0x0000000002960000-0x0000000002968000-memory.dmp

memory/2172-224-0x000000001B6B0000-0x000000001B992000-memory.dmp

\Windows\system\rjgGMYU.exe

MD5 5797279e4223abacf7f38d123d71799d
SHA1 b14e4c9b384f5314308a843d710b3a2375ddc084
SHA256 5f1e5b4ecfea8f1fc3c83c53e48811511f0353941ac749833bcb423d0b72ab7b
SHA512 88150a6099075be6e2fe92861303da525f8713985161f61b16dc25b3decfc137349d1e7d30b31857c84c0b9466df695c1b49e028f2ed1a017da83738e428be2d

\Windows\system\AvhDodZ.exe

MD5 3c7ddd3cd76994024bf723d3604ee7f3
SHA1 bdb00275b6c99414161daff026083450361ec4dd
SHA256 d8b8a9da2fcfd5ebbecedcc6a0250de22cd9eb012cb9321d1346995f75ff1ee8
SHA512 ec3f06ae14aa6ee55004d9211f8444677c87026d6295a97c27af4b01c92a52457e2453266d6fa2f62c3b038fb93d576864ccab6cbba0f8d31126406fd4bb995d

C:\Windows\system\NeUfDCm.exe

MD5 c9bc7b4ea547a70ec8611ee7010ee918
SHA1 04f9995061695f5f3785b2cef49f4ae1005d133b
SHA256 9705c6962b3eb0ec41d739c560eff18261f6e670ea96b40c073a169ebf6a1944
SHA512 ca57978d0f1468fb4e0c90c61b119bb89b137b265e011995851387e183ba8185f78502ac92429c48da9a132cf9ac371463aebfcb145946cd334cd77d0a9149a0

C:\Windows\system\oqKVcKC.exe

MD5 fd12d0410a553cca9bcdc60c685e0c33
SHA1 71c4043fe1773961f14d62fb9d352ad81c43d8f5
SHA256 d1b56536bbb20e601a32a8c9c06cc2a10501941264242a2b337fb692dc248210
SHA512 d17e948754d3bd557984bdb08c2b0631e304e82f2cb5f56a6227fdd9e6fbfcca77bf39b5b9a304fc809f24b904154aa0af76780d516726718f6aa1186b67bcc4

\Windows\system\djLhWhR.exe

MD5 5fd96938299f6df41c3ec88fd7e727cd
SHA1 5e3ddb730b410350eb7abdf4747a6c63382d0a4d
SHA256 510353652216a211bdb0dcd68ccd4cc6f491092cb3e7c37e58a1fc01afef0f49
SHA512 077687be173989c9ef471f6ca52d541d458c70f9418dbec8863e6cc787d1525a044a759751ec3bd7d634a792e99165cc88fd0e1d1fd9cfae949198258c7bdb86

C:\Windows\system\wGBRPfK.exe

MD5 1b1b35bd4c50ce16d5b7041354a91ca5
SHA1 0bea9c87eea55acbc2cfd99c8e0f7b09e8bdf043
SHA256 380e3f06fea8d3df38e788b2620787c37d93dc9cbfded43e7f0247c2443f2b69
SHA512 c8ce2f62dc0e1e777b0534729cd0b8f388fccd85e1e59732b817b36d7995b637dbf2fe964fd1af83c48ba646a615528adccd388b28fa561e2ea7a13363d980dd

C:\Windows\system\LpVIDnF.exe

MD5 3414fd223eae91b3b9bfd4f66a919724
SHA1 a0d844130fcab5cafd81cb9c9e99ac2501412719
SHA256 7b1ed0a61426010430682465acf9c3547c6bb8ef357f83090988f73ee730f9de
SHA512 14e7cfc876748e8d14899aa66ece0781253bb87826c6b8c4ce52c9705c219f784386e2868fa95fb82c2b7e5d37ce5dd8a509f6d7c7de64ba47cf9788f737fff9

C:\Windows\system\DOWXckX.exe

MD5 6dedb94ee7ec71f7173afce23d6239e2
SHA1 3306e94aaa87b8ce0b4fe7833f3903c711afa0ce
SHA256 7791eaba603ddb42c4657dbd80a5f4ea682a9f0fe219cf695a85556f739d7fb9
SHA512 61902cc84e67b5e942c34c39e16dc6db40acaf9fbd47326515158c9e2debe82b14822349fac09fc01209db3deb86cd86a1d181a7566991ead8e1fb2f5f57cc4a

C:\Windows\system\WAdvODv.exe

MD5 f7afa50200423de49e3f34de9eb774df
SHA1 6db26e9b558464a54ff47e9c183b51b34c4a1ec3
SHA256 0788123f1ab1f4a9bb60d466dd850feb66494d7ea5a087d8669d517f3b83e00b
SHA512 efd5d970d2fd5c3186cf835d2f7fe8672f15b7be6e8222f89551ba927e4e0cf4cdd32c56faa0f5b322ce85375dd3559241fc4aa6bd804902611ddbe23e2920e0

C:\Windows\system\LYxliZI.exe

MD5 08d3ba73a66ba356216adabba1f9507b
SHA1 f51d072ac4038525a2778d4eb2d9d7b3dbe1ad58
SHA256 1f4756ea346c898a4d73b9d8049e6f3c79730535908ddaeb6ab9b662440fec3e
SHA512 7ce2734ac989f00adc460646eddd08afd3623a8edb532d1f2acf72f0dc601d44eb8133111a00c396fb107027142912670129003991dc72c376cb668f77f0e95f

\Windows\system\rATMjMh.exe

MD5 f256692123db4380790e9962db65fdfe
SHA1 d2bbc38dcdc5758531e8ebb56ef9448202b632e5
SHA256 d81318aec1d44f0d16b15a7cfd089a80f0ed93125d14f5425fe8c7191cc423f6
SHA512 8748f2dc49e10bedd1fb902fc758988e37a8e9bb23b067e471dd160778f08737b38dc3f3f48cedfee10094bf14ef6d0346fcde66668da752b2c4743fd4ef519b

C:\Windows\system\VAkQsyz.exe

MD5 34589610b205cd495f949fecf75c6b10
SHA1 a4bfe7ec8ea0c9fd276cce75068ada083e8529cf
SHA256 24ea6e9da6863b715c03f2a07e43a50336ef48ef4bbfd63c0182f6cb5216a80a
SHA512 277f0de0fa098fd826a6263b19625b9aba549a90b0c42800798aef011441107d6330accb6d6b3ca65dfa92ec25bdd92e8edfe86b26dbd35b43cb8c6ae8af2c60

C:\Windows\system\hQHrgxf.exe

MD5 2285cf0297644eed397f96fa2191bcfe
SHA1 f1146162111c902bdf07fde5c9375aef22b7a65d
SHA256 5552d2705e75a3fa2dfc04328eb68bf32de60afb11d2cbab84bb4fb26492f865
SHA512 deb1ef75f735fd732f5ad9136b75605fa7acf92b97495b53970bb4aabf5202fa5b3e54e383264c6eb75627185b7e1573338aa52184bef51efac58feca37ab24d

C:\Windows\system\rVdSwRk.exe

MD5 e193d79327da6819e1e6c84af4baea25
SHA1 56828b657022e1237f188a2ea4e6fdb004911538
SHA256 754b92205926e9bf54d338688756cf3b97cd00d2fc4c8b60cd9bea46163cd8ef
SHA512 e0530e84db750393e06d5bd6103ed3be822516da73c9692a018d309df89eee248916fa7341aaa9b0daf52fbb7d82557001fbf88020cbf17fc8034365d633e877

memory/1660-93-0x000000013F690000-0x000000013FA82000-memory.dmp

memory/2264-88-0x000000013F3C0000-0x000000013F7B2000-memory.dmp

C:\Windows\system\oITyZHB.exe

MD5 168df50dd0ec274d3602b7a01540fdc4
SHA1 c94dee1bf419fedca65ceffdd2e819e1d2021c25
SHA256 b8d34c44c2bc9f01b55b91adb118982baeba7e021559d124167c280be34dbc4d
SHA512 2fdcd13db109ceda35d7c46169e18d1409ba20ccf8e9b10ac88e6f053a3d7d65065930230d232d7674c7b6faaaace6eb03f50b67d3c233adbe94d35276b52b83

memory/2264-86-0x0000000003550000-0x0000000003942000-memory.dmp

memory/2264-81-0x000000013F690000-0x000000013FA82000-memory.dmp

memory/2264-80-0x000000013F950000-0x000000013FD42000-memory.dmp

C:\Windows\system\lOpvfFV.exe

MD5 9d5a1441171a892e6f26994880c21d2c
SHA1 edf5ebf89b7a51e830279f4cb3de64c93cb592cf
SHA256 beedbb9b65eb345a3d217d96ec62607c87da41e0c9820803b47234a641e86a60
SHA512 cccddea9a377ce2b5e5ad595d9c40397cf2d1d4a3acce1be5a03d9d082a61138e527b32fd15fb4d1148b2870a07d7c28bfb4774d66c89bbabc2c7ce2e2679813

C:\Windows\system\mJuYkzT.exe

MD5 b8c8d242e80b1805927b837973fe85bb
SHA1 6698dc0e703452d02cc01bcb389047807954fa3d
SHA256 1b249dc67522b3b751b3f884b1628fb25dadc03939ebd955fa97de68808f25b3
SHA512 502db3959c9f56b94d873e47f9a3e9c97b9a7a6237b16ab47458634d0cd89d5d8db26918b4395dc39f1627f9eed09e91c54194c9219e6492b915e192864c9911

memory/2540-76-0x000000013F5F0000-0x000000013F9E2000-memory.dmp

memory/2264-44-0x0000000003550000-0x0000000003942000-memory.dmp

memory/2640-41-0x000000013F6D0000-0x000000013FAC2000-memory.dmp

memory/2348-40-0x000000013FBA0000-0x000000013FF92000-memory.dmp

memory/2264-39-0x0000000002EF0000-0x00000000032E2000-memory.dmp

memory/2068-35-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

memory/1712-32-0x000000013FF80000-0x0000000140372000-memory.dmp

C:\Windows\system\WsBtlJl.exe

MD5 e2b9ad388952479bcd9612f46dce16af
SHA1 bfcf27154ff6d0a0e30dcc0cb44ecf3e8850550e
SHA256 4451cd9fb47f0ce20c77fb174bf7ce2c5f4dd35f37d3b3f64313de60b0a5f5d5
SHA512 5f470a3c6acbc776e60e912c436e4fb9db264a7315d289754c4482df00db7df13b812cadb65a77f281fb7f79db56a5984cbf82eaacb186d42f47b61dfaf1bc13

C:\Windows\system\euoCTkI.exe

MD5 cee4604cbcc4c155edd1987ea1d7ab31
SHA1 6ec20c761b11b139ee87d6174b355352dcae6cc6
SHA256 95bef4c21af60bca90e6717ef9517533656d529960189970905414ab9a1ec61a
SHA512 3eac649b3e9acb9ca48a47f79035c064413398a2fe8defe017edb72c8e1f853458f2923237fb37584089a5e65503e96ec52f16f4829e9307f40f83ea8028bca4

C:\Windows\system\LAXXPhI.exe

MD5 250c22817eac2c425477a6569901a7bf
SHA1 6b1231e3e40e8bdb2fac9dbcbefbe2a4b20bf9d5
SHA256 8afae8db983610587d24b33b23e8dbf98c8d3b6fbd177ee9a9939d20b28ae8d3
SHA512 c451c595e1e605a01f1f4edf10fe652db9cc95edd5efcc2a3a4cac3d6256684e57bf2b76f7bfa956263130d9a22f997da58ed0ff36125f437cc81bf1dc17645a

memory/2264-18-0x0000000002EF0000-0x00000000032E2000-memory.dmp

memory/2264-4715-0x000000013FDE0000-0x00000001401D2000-memory.dmp

C:\Windows\system\gaDRgjR.exe

MD5 2adac273ce248e8d242a4b12f749bb46
SHA1 300bd2c60c669d978305195f11eaf26c73d9e457
SHA256 5a695799bf8f73300a4f9c4a59fd25b209a2457abf1051a262d540e520557456
SHA512 011941b215532355e8e4d21af78180da68d2fe04927118ebe818ec14ec4bfb6a7a2d9aaa01fdfd0cd2c6dc84968b5f642ccf10cc92c29aa0e1d06bcf6f120232

memory/2348-5917-0x000000013FBA0000-0x000000013FF92000-memory.dmp

memory/1928-5919-0x000000013F860000-0x000000013FC52000-memory.dmp

memory/2640-6008-0x000000013F6D0000-0x000000013FAC2000-memory.dmp

memory/1712-6009-0x000000013FF80000-0x0000000140372000-memory.dmp

memory/2540-6011-0x000000013F5F0000-0x000000013F9E2000-memory.dmp

memory/2068-6010-0x000000013F3D0000-0x000000013F7C2000-memory.dmp

memory/1704-6014-0x000000013FA40000-0x000000013FE32000-memory.dmp

memory/2488-6013-0x000000013F950000-0x000000013FD42000-memory.dmp

memory/2532-6018-0x000000013FE00000-0x00000001401F2000-memory.dmp

memory/1660-6016-0x000000013F690000-0x000000013FA82000-memory.dmp

memory/2264-6105-0x0000000002EF0000-0x00000000032E2000-memory.dmp

memory/2264-12222-0x0000000003550000-0x0000000003942000-memory.dmp

memory/2264-14606-0x0000000003550000-0x0000000003942000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 13:17

Reported

2024-05-22 13:20

Platform

win10v2004-20240426-en

Max time kernel

91s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\XJTmtGe.exe N/A
N/A N/A C:\Windows\System\LAXXPhI.exe N/A
N/A N/A C:\Windows\System\WsBtlJl.exe N/A
N/A N/A C:\Windows\System\euoCTkI.exe N/A
N/A N/A C:\Windows\System\nJEXIKp.exe N/A
N/A N/A C:\Windows\System\fPsDRsr.exe N/A
N/A N/A C:\Windows\System\qhDVYWs.exe N/A
N/A N/A C:\Windows\System\izwlOjV.exe N/A
N/A N/A C:\Windows\System\hQHrgxf.exe N/A
N/A N/A C:\Windows\System\oITyZHB.exe N/A
N/A N/A C:\Windows\System\mJuYkzT.exe N/A
N/A N/A C:\Windows\System\ZLHlDPa.exe N/A
N/A N/A C:\Windows\System\nZexmrT.exe N/A
N/A N/A C:\Windows\System\LYxliZI.exe N/A
N/A N/A C:\Windows\System\rATMjMh.exe N/A
N/A N/A C:\Windows\System\lOpvfFV.exe N/A
N/A N/A C:\Windows\System\lDVYQVm.exe N/A
N/A N/A C:\Windows\System\DQxZghc.exe N/A
N/A N/A C:\Windows\System\WAdvODv.exe N/A
N/A N/A C:\Windows\System\FLleypW.exe N/A
N/A N/A C:\Windows\System\oqKVcKC.exe N/A
N/A N/A C:\Windows\System\wGBRPfK.exe N/A
N/A N/A C:\Windows\System\NeUfDCm.exe N/A
N/A N/A C:\Windows\System\rVdSwRk.exe N/A
N/A N/A C:\Windows\System\yUatQTc.exe N/A
N/A N/A C:\Windows\System\VAkQsyz.exe N/A
N/A N/A C:\Windows\System\LpVIDnF.exe N/A
N/A N/A C:\Windows\System\rgWcklo.exe N/A
N/A N/A C:\Windows\System\djLhWhR.exe N/A
N/A N/A C:\Windows\System\DOWXckX.exe N/A
N/A N/A C:\Windows\System\AvhDodZ.exe N/A
N/A N/A C:\Windows\System\yVHZDSO.exe N/A
N/A N/A C:\Windows\System\mUWPBEZ.exe N/A
N/A N/A C:\Windows\System\YhztfPc.exe N/A
N/A N/A C:\Windows\System\QQKdIPL.exe N/A
N/A N/A C:\Windows\System\BHbpZwk.exe N/A
N/A N/A C:\Windows\System\dRTOZiN.exe N/A
N/A N/A C:\Windows\System\vKfDsIB.exe N/A
N/A N/A C:\Windows\System\LdpdIek.exe N/A
N/A N/A C:\Windows\System\FqUGuLi.exe N/A
N/A N/A C:\Windows\System\KuXfycK.exe N/A
N/A N/A C:\Windows\System\mTTMcOD.exe N/A
N/A N/A C:\Windows\System\PIBQmVH.exe N/A
N/A N/A C:\Windows\System\YyNMSij.exe N/A
N/A N/A C:\Windows\System\rjgGMYU.exe N/A
N/A N/A C:\Windows\System\VxjDEHd.exe N/A
N/A N/A C:\Windows\System\IOKaAYP.exe N/A
N/A N/A C:\Windows\System\aXQEyAD.exe N/A
N/A N/A C:\Windows\System\PYIWDWu.exe N/A
N/A N/A C:\Windows\System\ocfkVox.exe N/A
N/A N/A C:\Windows\System\GjNFUHS.exe N/A
N/A N/A C:\Windows\System\kKjdEAj.exe N/A
N/A N/A C:\Windows\System\tzyQPZP.exe N/A
N/A N/A C:\Windows\System\HUaWYGs.exe N/A
N/A N/A C:\Windows\System\JbLJYAx.exe N/A
N/A N/A C:\Windows\System\xjcwUWy.exe N/A
N/A N/A C:\Windows\System\zLkjeUI.exe N/A
N/A N/A C:\Windows\System\xcdzVZo.exe N/A
N/A N/A C:\Windows\System\ZNZLTeq.exe N/A
N/A N/A C:\Windows\System\SvdgPRa.exe N/A
N/A N/A C:\Windows\System\RwTJZnb.exe N/A
N/A N/A C:\Windows\System\BFCvfiJ.exe N/A
N/A N/A C:\Windows\System\IdfEqnS.exe N/A
N/A N/A C:\Windows\System\CRuCgaL.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\PPKMLdX.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\QqoHQUf.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\oqKVcKC.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\mpLPolX.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\VUHkSWI.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ixLbnLU.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\YlXxzCK.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjNFUHS.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\CRKaMYb.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\PbnogzH.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\zWICzFh.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\MpdnmKN.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\NHcjjiH.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\bMayqPN.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\uTfAvEI.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\uBtIWRU.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWOsNjk.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\rpONhfK.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\IaxPcMj.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\HQQTTdN.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPVbTyU.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\btZWVDH.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOWXckX.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\eDPdjZa.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\EAIucyD.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfHSlYV.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\djGWOVR.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\UoEaHbP.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\tdGskmI.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ILhbrSz.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\FrSLMlF.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\fKXMmxz.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\SuEDBfk.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\MkOcENJ.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\jpPDeei.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\AkpjUKD.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZyDFRP.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ATZTWDO.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\lBLVdIr.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\RukfXwB.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrsPalu.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\QSXYNlx.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\sBTZmbT.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ynRoqUA.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\Suebsyk.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\iozuWig.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\xBkGCMU.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\euoCTkI.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\wrguKQz.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFjKVGi.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\OyJJCDc.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\oeHPsUc.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\HUaWYGs.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\nlIZEGc.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ULSRwgY.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLhtSRP.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\exliVmw.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\rFOEDSd.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\LeuRMbF.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\bChDjNA.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\FNQpYuh.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\XEMjRfo.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\ornUSmA.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
File created C:\Windows\System\RBtAeyS.exe C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4656 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4656 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4656 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\XJTmtGe.exe
PID 4656 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\XJTmtGe.exe
PID 4656 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LAXXPhI.exe
PID 4656 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LAXXPhI.exe
PID 4656 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WsBtlJl.exe
PID 4656 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WsBtlJl.exe
PID 4656 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\euoCTkI.exe
PID 4656 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\euoCTkI.exe
PID 4656 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nJEXIKp.exe
PID 4656 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nJEXIKp.exe
PID 4656 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\izwlOjV.exe
PID 4656 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\izwlOjV.exe
PID 4656 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\fPsDRsr.exe
PID 4656 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\fPsDRsr.exe
PID 4656 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\qhDVYWs.exe
PID 4656 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\qhDVYWs.exe
PID 4656 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\oITyZHB.exe
PID 4656 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\oITyZHB.exe
PID 4656 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\mJuYkzT.exe
PID 4656 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\mJuYkzT.exe
PID 4656 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\hQHrgxf.exe
PID 4656 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\hQHrgxf.exe
PID 4656 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lOpvfFV.exe
PID 4656 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lOpvfFV.exe
PID 4656 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\DQxZghc.exe
PID 4656 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\DQxZghc.exe
PID 4656 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\ZLHlDPa.exe
PID 4656 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\ZLHlDPa.exe
PID 4656 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nZexmrT.exe
PID 4656 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\nZexmrT.exe
PID 4656 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LYxliZI.exe
PID 4656 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LYxliZI.exe
PID 4656 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\rATMjMh.exe
PID 4656 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\rATMjMh.exe
PID 4656 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lDVYQVm.exe
PID 4656 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\lDVYQVm.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WAdvODv.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\WAdvODv.exe
PID 4656 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\FLleypW.exe
PID 4656 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\FLleypW.exe
PID 4656 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LpVIDnF.exe
PID 4656 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\LpVIDnF.exe
PID 4656 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\rgWcklo.exe
PID 4656 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\rgWcklo.exe
PID 4656 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\oqKVcKC.exe
PID 4656 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\oqKVcKC.exe
PID 4656 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\wGBRPfK.exe
PID 4656 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\wGBRPfK.exe
PID 4656 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\NeUfDCm.exe
PID 4656 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\NeUfDCm.exe
PID 4656 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\rVdSwRk.exe
PID 4656 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\rVdSwRk.exe
PID 4656 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\yUatQTc.exe
PID 4656 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\yUatQTc.exe
PID 4656 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\VAkQsyz.exe
PID 4656 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\VAkQsyz.exe
PID 4656 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\djLhWhR.exe
PID 4656 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\djLhWhR.exe
PID 4656 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\DOWXckX.exe
PID 4656 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\DOWXckX.exe
PID 4656 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\AvhDodZ.exe
PID 4656 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe C:\Windows\System\AvhDodZ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\30ed57de27be05e3e200837ef80ca100_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\XJTmtGe.exe

C:\Windows\System\XJTmtGe.exe

C:\Windows\System\LAXXPhI.exe

C:\Windows\System\LAXXPhI.exe

C:\Windows\System\WsBtlJl.exe

C:\Windows\System\WsBtlJl.exe

C:\Windows\System\euoCTkI.exe

C:\Windows\System\euoCTkI.exe

C:\Windows\System\nJEXIKp.exe

C:\Windows\System\nJEXIKp.exe

C:\Windows\System\izwlOjV.exe

C:\Windows\System\izwlOjV.exe

C:\Windows\System\fPsDRsr.exe

C:\Windows\System\fPsDRsr.exe

C:\Windows\System\qhDVYWs.exe

C:\Windows\System\qhDVYWs.exe

C:\Windows\System\oITyZHB.exe

C:\Windows\System\oITyZHB.exe

C:\Windows\System\mJuYkzT.exe

C:\Windows\System\mJuYkzT.exe

C:\Windows\System\hQHrgxf.exe

C:\Windows\System\hQHrgxf.exe

C:\Windows\System\lOpvfFV.exe

C:\Windows\System\lOpvfFV.exe

C:\Windows\System\DQxZghc.exe

C:\Windows\System\DQxZghc.exe

C:\Windows\System\ZLHlDPa.exe

C:\Windows\System\ZLHlDPa.exe

C:\Windows\System\nZexmrT.exe

C:\Windows\System\nZexmrT.exe

C:\Windows\System\LYxliZI.exe

C:\Windows\System\LYxliZI.exe

C:\Windows\System\rATMjMh.exe

C:\Windows\System\rATMjMh.exe

C:\Windows\System\lDVYQVm.exe

C:\Windows\System\lDVYQVm.exe

C:\Windows\System\WAdvODv.exe

C:\Windows\System\WAdvODv.exe

C:\Windows\System\FLleypW.exe

C:\Windows\System\FLleypW.exe

C:\Windows\System\LpVIDnF.exe

C:\Windows\System\LpVIDnF.exe

C:\Windows\System\rgWcklo.exe

C:\Windows\System\rgWcklo.exe

C:\Windows\System\oqKVcKC.exe

C:\Windows\System\oqKVcKC.exe

C:\Windows\System\wGBRPfK.exe

C:\Windows\System\wGBRPfK.exe

C:\Windows\System\NeUfDCm.exe

C:\Windows\System\NeUfDCm.exe

C:\Windows\System\rVdSwRk.exe

C:\Windows\System\rVdSwRk.exe

C:\Windows\System\yUatQTc.exe

C:\Windows\System\yUatQTc.exe

C:\Windows\System\VAkQsyz.exe

C:\Windows\System\VAkQsyz.exe

C:\Windows\System\djLhWhR.exe

C:\Windows\System\djLhWhR.exe

C:\Windows\System\DOWXckX.exe

C:\Windows\System\DOWXckX.exe

C:\Windows\System\AvhDodZ.exe

C:\Windows\System\AvhDodZ.exe

C:\Windows\System\yVHZDSO.exe

C:\Windows\System\yVHZDSO.exe

C:\Windows\System\rjgGMYU.exe

C:\Windows\System\rjgGMYU.exe

C:\Windows\System\mUWPBEZ.exe

C:\Windows\System\mUWPBEZ.exe

C:\Windows\System\YhztfPc.exe

C:\Windows\System\YhztfPc.exe

C:\Windows\System\QQKdIPL.exe

C:\Windows\System\QQKdIPL.exe

C:\Windows\System\BHbpZwk.exe

C:\Windows\System\BHbpZwk.exe

C:\Windows\System\dRTOZiN.exe

C:\Windows\System\dRTOZiN.exe

C:\Windows\System\vKfDsIB.exe

C:\Windows\System\vKfDsIB.exe

C:\Windows\System\LdpdIek.exe

C:\Windows\System\LdpdIek.exe

C:\Windows\System\FqUGuLi.exe

C:\Windows\System\FqUGuLi.exe

C:\Windows\System\KuXfycK.exe

C:\Windows\System\KuXfycK.exe

C:\Windows\System\mTTMcOD.exe

C:\Windows\System\mTTMcOD.exe

C:\Windows\System\xjcwUWy.exe

C:\Windows\System\xjcwUWy.exe

C:\Windows\System\PIBQmVH.exe

C:\Windows\System\PIBQmVH.exe

C:\Windows\System\YyNMSij.exe

C:\Windows\System\YyNMSij.exe

C:\Windows\System\VxjDEHd.exe

C:\Windows\System\VxjDEHd.exe

C:\Windows\System\IOKaAYP.exe

C:\Windows\System\IOKaAYP.exe

C:\Windows\System\aXQEyAD.exe

C:\Windows\System\aXQEyAD.exe

C:\Windows\System\PYIWDWu.exe

C:\Windows\System\PYIWDWu.exe

C:\Windows\System\ocfkVox.exe

C:\Windows\System\ocfkVox.exe

C:\Windows\System\GjNFUHS.exe

C:\Windows\System\GjNFUHS.exe

C:\Windows\System\kKjdEAj.exe

C:\Windows\System\kKjdEAj.exe

C:\Windows\System\tzyQPZP.exe

C:\Windows\System\tzyQPZP.exe

C:\Windows\System\HUaWYGs.exe

C:\Windows\System\HUaWYGs.exe

C:\Windows\System\JbLJYAx.exe

C:\Windows\System\JbLJYAx.exe

C:\Windows\System\zLkjeUI.exe

C:\Windows\System\zLkjeUI.exe

C:\Windows\System\xcdzVZo.exe

C:\Windows\System\xcdzVZo.exe

C:\Windows\System\ZNZLTeq.exe

C:\Windows\System\ZNZLTeq.exe

C:\Windows\System\SvdgPRa.exe

C:\Windows\System\SvdgPRa.exe

C:\Windows\System\RwTJZnb.exe

C:\Windows\System\RwTJZnb.exe

C:\Windows\System\BFCvfiJ.exe

C:\Windows\System\BFCvfiJ.exe

C:\Windows\System\IdfEqnS.exe

C:\Windows\System\IdfEqnS.exe

C:\Windows\System\XmcBGQo.exe

C:\Windows\System\XmcBGQo.exe

C:\Windows\System\CRuCgaL.exe

C:\Windows\System\CRuCgaL.exe

C:\Windows\System\xzCreAx.exe

C:\Windows\System\xzCreAx.exe

C:\Windows\System\Sulnvih.exe

C:\Windows\System\Sulnvih.exe

C:\Windows\System\bJuiZqm.exe

C:\Windows\System\bJuiZqm.exe

C:\Windows\System\jDJhwpF.exe

C:\Windows\System\jDJhwpF.exe

C:\Windows\System\SLMzdGi.exe

C:\Windows\System\SLMzdGi.exe

C:\Windows\System\sibVPTa.exe

C:\Windows\System\sibVPTa.exe

C:\Windows\System\PqZJQEZ.exe

C:\Windows\System\PqZJQEZ.exe

C:\Windows\System\MJojrkb.exe

C:\Windows\System\MJojrkb.exe

C:\Windows\System\aJiXiCM.exe

C:\Windows\System\aJiXiCM.exe

C:\Windows\System\mFjKVGi.exe

C:\Windows\System\mFjKVGi.exe

C:\Windows\System\qIcOAOv.exe

C:\Windows\System\qIcOAOv.exe

C:\Windows\System\EAiOSKG.exe

C:\Windows\System\EAiOSKG.exe

C:\Windows\System\SyjmiqC.exe

C:\Windows\System\SyjmiqC.exe

C:\Windows\System\fLAFxFd.exe

C:\Windows\System\fLAFxFd.exe

C:\Windows\System\bNdXLIK.exe

C:\Windows\System\bNdXLIK.exe

C:\Windows\System\wwFUjtA.exe

C:\Windows\System\wwFUjtA.exe

C:\Windows\System\wLhtSRP.exe

C:\Windows\System\wLhtSRP.exe

C:\Windows\System\wGELFYA.exe

C:\Windows\System\wGELFYA.exe

C:\Windows\System\ewcogGY.exe

C:\Windows\System\ewcogGY.exe

C:\Windows\System\vEvJdHQ.exe

C:\Windows\System\vEvJdHQ.exe

C:\Windows\System\GQVhQcq.exe

C:\Windows\System\GQVhQcq.exe

C:\Windows\System\YDojsXU.exe

C:\Windows\System\YDojsXU.exe

C:\Windows\System\KktpyCP.exe

C:\Windows\System\KktpyCP.exe

C:\Windows\System\hVgQjdC.exe

C:\Windows\System\hVgQjdC.exe

C:\Windows\System\aTHCTbm.exe

C:\Windows\System\aTHCTbm.exe

C:\Windows\System\asURBqT.exe

C:\Windows\System\asURBqT.exe

C:\Windows\System\xfWXCJr.exe

C:\Windows\System\xfWXCJr.exe

C:\Windows\System\PAFugrH.exe

C:\Windows\System\PAFugrH.exe

C:\Windows\System\oXeFGIF.exe

C:\Windows\System\oXeFGIF.exe

C:\Windows\System\OKuDcJs.exe

C:\Windows\System\OKuDcJs.exe

C:\Windows\System\eunyrJn.exe

C:\Windows\System\eunyrJn.exe

C:\Windows\System\Gfjgske.exe

C:\Windows\System\Gfjgske.exe

C:\Windows\System\wCamdHE.exe

C:\Windows\System\wCamdHE.exe

C:\Windows\System\QUvVdmh.exe

C:\Windows\System\QUvVdmh.exe

C:\Windows\System\ICzPXwi.exe

C:\Windows\System\ICzPXwi.exe

C:\Windows\System\TTnDgqj.exe

C:\Windows\System\TTnDgqj.exe

C:\Windows\System\RYLtYNm.exe

C:\Windows\System\RYLtYNm.exe

C:\Windows\System\BuLspBn.exe

C:\Windows\System\BuLspBn.exe

C:\Windows\System\IRnDhta.exe

C:\Windows\System\IRnDhta.exe

C:\Windows\System\qZWDOiq.exe

C:\Windows\System\qZWDOiq.exe

C:\Windows\System\AYxLniK.exe

C:\Windows\System\AYxLniK.exe

C:\Windows\System\WKVOXtq.exe

C:\Windows\System\WKVOXtq.exe

C:\Windows\System\DKEieYr.exe

C:\Windows\System\DKEieYr.exe

C:\Windows\System\QYGnpzf.exe

C:\Windows\System\QYGnpzf.exe

C:\Windows\System\mLjEkqK.exe

C:\Windows\System\mLjEkqK.exe

C:\Windows\System\siRRzVb.exe

C:\Windows\System\siRRzVb.exe

C:\Windows\System\bhdRcqI.exe

C:\Windows\System\bhdRcqI.exe

C:\Windows\System\jzOBDEW.exe

C:\Windows\System\jzOBDEW.exe

C:\Windows\System\TMRxOiN.exe

C:\Windows\System\TMRxOiN.exe

C:\Windows\System\jajHSqQ.exe

C:\Windows\System\jajHSqQ.exe

C:\Windows\System\yDDsVrQ.exe

C:\Windows\System\yDDsVrQ.exe

C:\Windows\System\PSQSiup.exe

C:\Windows\System\PSQSiup.exe

C:\Windows\System\jCAzLIe.exe

C:\Windows\System\jCAzLIe.exe

C:\Windows\System\AiCAGtZ.exe

C:\Windows\System\AiCAGtZ.exe

C:\Windows\System\mpLPolX.exe

C:\Windows\System\mpLPolX.exe

C:\Windows\System\oqmoIxH.exe

C:\Windows\System\oqmoIxH.exe

C:\Windows\System\uYdQqWd.exe

C:\Windows\System\uYdQqWd.exe

C:\Windows\System\fTJTjIN.exe

C:\Windows\System\fTJTjIN.exe

C:\Windows\System\MDFSTtN.exe

C:\Windows\System\MDFSTtN.exe

C:\Windows\System\XFNNnCz.exe

C:\Windows\System\XFNNnCz.exe

C:\Windows\System\eDPdjZa.exe

C:\Windows\System\eDPdjZa.exe

C:\Windows\System\mCPRKuq.exe

C:\Windows\System\mCPRKuq.exe

C:\Windows\System\BBOetCE.exe

C:\Windows\System\BBOetCE.exe

C:\Windows\System\vflxolt.exe

C:\Windows\System\vflxolt.exe

C:\Windows\System\UuSwmbl.exe

C:\Windows\System\UuSwmbl.exe

C:\Windows\System\GxGuaKE.exe

C:\Windows\System\GxGuaKE.exe

C:\Windows\System\yqPtMrp.exe

C:\Windows\System\yqPtMrp.exe

C:\Windows\System\zxILeaI.exe

C:\Windows\System\zxILeaI.exe

C:\Windows\System\BcTXHDT.exe

C:\Windows\System\BcTXHDT.exe

C:\Windows\System\LrZKeKL.exe

C:\Windows\System\LrZKeKL.exe

C:\Windows\System\rKYqWQI.exe

C:\Windows\System\rKYqWQI.exe

C:\Windows\System\LQbehEq.exe

C:\Windows\System\LQbehEq.exe

C:\Windows\System\rwWDqsM.exe

C:\Windows\System\rwWDqsM.exe

C:\Windows\System\sCYNkoA.exe

C:\Windows\System\sCYNkoA.exe

C:\Windows\System\ZnFrMGW.exe

C:\Windows\System\ZnFrMGW.exe

C:\Windows\System\FYHXCwf.exe

C:\Windows\System\FYHXCwf.exe

C:\Windows\System\YcKiKYn.exe

C:\Windows\System\YcKiKYn.exe

C:\Windows\System\JfhZIXw.exe

C:\Windows\System\JfhZIXw.exe

C:\Windows\System\vyquBpP.exe

C:\Windows\System\vyquBpP.exe

C:\Windows\System\AbLioBX.exe

C:\Windows\System\AbLioBX.exe

C:\Windows\System\PyHSyqD.exe

C:\Windows\System\PyHSyqD.exe

C:\Windows\System\svsEveR.exe

C:\Windows\System\svsEveR.exe

C:\Windows\System\qYmFhyi.exe

C:\Windows\System\qYmFhyi.exe

C:\Windows\System\TNWOeou.exe

C:\Windows\System\TNWOeou.exe

C:\Windows\System\cuHVfbJ.exe

C:\Windows\System\cuHVfbJ.exe

C:\Windows\System\LNyphIL.exe

C:\Windows\System\LNyphIL.exe

C:\Windows\System\DxFhIgP.exe

C:\Windows\System\DxFhIgP.exe

C:\Windows\System\PdMhDLD.exe

C:\Windows\System\PdMhDLD.exe

C:\Windows\System\dwufHTq.exe

C:\Windows\System\dwufHTq.exe

C:\Windows\System\NPgeULm.exe

C:\Windows\System\NPgeULm.exe

C:\Windows\System\IPXpJXQ.exe

C:\Windows\System\IPXpJXQ.exe

C:\Windows\System\BsYELTQ.exe

C:\Windows\System\BsYELTQ.exe

C:\Windows\System\Wexqroh.exe

C:\Windows\System\Wexqroh.exe

C:\Windows\System\XOaGjzc.exe

C:\Windows\System\XOaGjzc.exe

C:\Windows\System\fTVoMfv.exe

C:\Windows\System\fTVoMfv.exe

C:\Windows\System\qvtQIHR.exe

C:\Windows\System\qvtQIHR.exe

C:\Windows\System\XlzBHkq.exe

C:\Windows\System\XlzBHkq.exe

C:\Windows\System\IGxmyim.exe

C:\Windows\System\IGxmyim.exe

C:\Windows\System\uKMnFKR.exe

C:\Windows\System\uKMnFKR.exe

C:\Windows\System\yfAJJFW.exe

C:\Windows\System\yfAJJFW.exe

C:\Windows\System\WYZnyuZ.exe

C:\Windows\System\WYZnyuZ.exe

C:\Windows\System\tvPUKOq.exe

C:\Windows\System\tvPUKOq.exe

C:\Windows\System\cVzeMOA.exe

C:\Windows\System\cVzeMOA.exe

C:\Windows\System\GEjVmkH.exe

C:\Windows\System\GEjVmkH.exe

C:\Windows\System\XiQHGqS.exe

C:\Windows\System\XiQHGqS.exe

C:\Windows\System\exliVmw.exe

C:\Windows\System\exliVmw.exe

C:\Windows\System\QSnChmI.exe

C:\Windows\System\QSnChmI.exe

C:\Windows\System\dXcnmeO.exe

C:\Windows\System\dXcnmeO.exe

C:\Windows\System\NdYQxaa.exe

C:\Windows\System\NdYQxaa.exe

C:\Windows\System\eZWdqnP.exe

C:\Windows\System\eZWdqnP.exe

C:\Windows\System\FkQgeOh.exe

C:\Windows\System\FkQgeOh.exe

C:\Windows\System\SEvJrEu.exe

C:\Windows\System\SEvJrEu.exe

C:\Windows\System\aPLwLse.exe

C:\Windows\System\aPLwLse.exe

C:\Windows\System\KvgiQtP.exe

C:\Windows\System\KvgiQtP.exe

C:\Windows\System\lhwOjXD.exe

C:\Windows\System\lhwOjXD.exe

C:\Windows\System\ZOSjNmP.exe

C:\Windows\System\ZOSjNmP.exe

C:\Windows\System\MLlAOXW.exe

C:\Windows\System\MLlAOXW.exe

C:\Windows\System\sBJRdMe.exe

C:\Windows\System\sBJRdMe.exe

C:\Windows\System\QtzyKHd.exe

C:\Windows\System\QtzyKHd.exe

C:\Windows\System\vfnjuFm.exe

C:\Windows\System\vfnjuFm.exe

C:\Windows\System\yXmVqkO.exe

C:\Windows\System\yXmVqkO.exe

C:\Windows\System\lzjIljH.exe

C:\Windows\System\lzjIljH.exe

C:\Windows\System\IUAPrlx.exe

C:\Windows\System\IUAPrlx.exe

C:\Windows\System\FNQpYuh.exe

C:\Windows\System\FNQpYuh.exe

C:\Windows\System\eLAInSk.exe

C:\Windows\System\eLAInSk.exe

C:\Windows\System\qVamphS.exe

C:\Windows\System\qVamphS.exe

C:\Windows\System\joKFReP.exe

C:\Windows\System\joKFReP.exe

C:\Windows\System\DbSaQsN.exe

C:\Windows\System\DbSaQsN.exe

C:\Windows\System\ywMyhZZ.exe

C:\Windows\System\ywMyhZZ.exe

C:\Windows\System\uDROEOT.exe

C:\Windows\System\uDROEOT.exe

C:\Windows\System\jlrbDYi.exe

C:\Windows\System\jlrbDYi.exe

C:\Windows\System\XfoZCoS.exe

C:\Windows\System\XfoZCoS.exe

C:\Windows\System\KvxiaVu.exe

C:\Windows\System\KvxiaVu.exe

C:\Windows\System\UGWxIpI.exe

C:\Windows\System\UGWxIpI.exe

C:\Windows\System\ASsnGqP.exe

C:\Windows\System\ASsnGqP.exe

C:\Windows\System\vFOMDVF.exe

C:\Windows\System\vFOMDVF.exe

C:\Windows\System\kAcLpKj.exe

C:\Windows\System\kAcLpKj.exe

C:\Windows\System\GXalQYB.exe

C:\Windows\System\GXalQYB.exe

C:\Windows\System\zIObtRm.exe

C:\Windows\System\zIObtRm.exe

C:\Windows\System\WziNEcQ.exe

C:\Windows\System\WziNEcQ.exe

C:\Windows\System\VrwpGtN.exe

C:\Windows\System\VrwpGtN.exe

C:\Windows\System\WIuuXQk.exe

C:\Windows\System\WIuuXQk.exe

C:\Windows\System\wrguKQz.exe

C:\Windows\System\wrguKQz.exe

C:\Windows\System\fPPcJJQ.exe

C:\Windows\System\fPPcJJQ.exe

C:\Windows\System\ntBsFYC.exe

C:\Windows\System\ntBsFYC.exe

C:\Windows\System\bMayqPN.exe

C:\Windows\System\bMayqPN.exe

C:\Windows\System\rFOEDSd.exe

C:\Windows\System\rFOEDSd.exe

C:\Windows\System\UnycEGf.exe

C:\Windows\System\UnycEGf.exe

C:\Windows\System\zOMUftJ.exe

C:\Windows\System\zOMUftJ.exe

C:\Windows\System\UtvUOQC.exe

C:\Windows\System\UtvUOQC.exe

C:\Windows\System\RiSznDZ.exe

C:\Windows\System\RiSznDZ.exe

C:\Windows\System\DXGHrKJ.exe

C:\Windows\System\DXGHrKJ.exe

C:\Windows\System\npahuUC.exe

C:\Windows\System\npahuUC.exe

C:\Windows\System\hJsryho.exe

C:\Windows\System\hJsryho.exe

C:\Windows\System\tCcdDcb.exe

C:\Windows\System\tCcdDcb.exe

C:\Windows\System\vwQylQc.exe

C:\Windows\System\vwQylQc.exe

C:\Windows\System\euLBdAq.exe

C:\Windows\System\euLBdAq.exe

C:\Windows\System\icBgUmB.exe

C:\Windows\System\icBgUmB.exe

C:\Windows\System\rDjToJJ.exe

C:\Windows\System\rDjToJJ.exe

C:\Windows\System\RuyrEKB.exe

C:\Windows\System\RuyrEKB.exe

C:\Windows\System\xCBdmSD.exe

C:\Windows\System\xCBdmSD.exe

C:\Windows\System\kUQApja.exe

C:\Windows\System\kUQApja.exe

C:\Windows\System\avrCYDG.exe

C:\Windows\System\avrCYDG.exe

C:\Windows\System\EWTUEec.exe

C:\Windows\System\EWTUEec.exe

C:\Windows\System\GKvLNIw.exe

C:\Windows\System\GKvLNIw.exe

C:\Windows\System\YWafeyy.exe

C:\Windows\System\YWafeyy.exe

C:\Windows\System\phbdJUQ.exe

C:\Windows\System\phbdJUQ.exe

C:\Windows\System\jiwLOiF.exe

C:\Windows\System\jiwLOiF.exe

C:\Windows\System\qLdcDIs.exe

C:\Windows\System\qLdcDIs.exe

C:\Windows\System\yoGiJVU.exe

C:\Windows\System\yoGiJVU.exe

C:\Windows\System\DsBJPgX.exe

C:\Windows\System\DsBJPgX.exe

C:\Windows\System\SuEDBfk.exe

C:\Windows\System\SuEDBfk.exe

C:\Windows\System\bNPVzWP.exe

C:\Windows\System\bNPVzWP.exe

C:\Windows\System\BtlwdgT.exe

C:\Windows\System\BtlwdgT.exe

C:\Windows\System\LulsCXR.exe

C:\Windows\System\LulsCXR.exe

C:\Windows\System\PPXnkko.exe

C:\Windows\System\PPXnkko.exe

C:\Windows\System\CKuQXzn.exe

C:\Windows\System\CKuQXzn.exe

C:\Windows\System\FDiWZWg.exe

C:\Windows\System\FDiWZWg.exe

C:\Windows\System\hpoWpnH.exe

C:\Windows\System\hpoWpnH.exe

C:\Windows\System\zVcVTzH.exe

C:\Windows\System\zVcVTzH.exe

C:\Windows\System\yROUilH.exe

C:\Windows\System\yROUilH.exe

C:\Windows\System\aOUYseo.exe

C:\Windows\System\aOUYseo.exe

C:\Windows\System\ySBqDrB.exe

C:\Windows\System\ySBqDrB.exe

C:\Windows\System\cKjBwBf.exe

C:\Windows\System\cKjBwBf.exe

C:\Windows\System\PWRXEQB.exe

C:\Windows\System\PWRXEQB.exe

C:\Windows\System\vACBOsl.exe

C:\Windows\System\vACBOsl.exe

C:\Windows\System\ywuPwFm.exe

C:\Windows\System\ywuPwFm.exe

C:\Windows\System\XFxdrYL.exe

C:\Windows\System\XFxdrYL.exe

C:\Windows\System\PwHfjkv.exe

C:\Windows\System\PwHfjkv.exe

C:\Windows\System\MqlEejo.exe

C:\Windows\System\MqlEejo.exe

C:\Windows\System\CGTQQkm.exe

C:\Windows\System\CGTQQkm.exe

C:\Windows\System\dALPgvl.exe

C:\Windows\System\dALPgvl.exe

C:\Windows\System\NdGgqIQ.exe

C:\Windows\System\NdGgqIQ.exe

C:\Windows\System\WNsCQFA.exe

C:\Windows\System\WNsCQFA.exe

C:\Windows\System\ulaLuJH.exe

C:\Windows\System\ulaLuJH.exe

C:\Windows\System\skNRUPI.exe

C:\Windows\System\skNRUPI.exe

C:\Windows\System\oMDTFqX.exe

C:\Windows\System\oMDTFqX.exe

C:\Windows\System\cSCjXGT.exe

C:\Windows\System\cSCjXGT.exe

C:\Windows\System\QpVtUFi.exe

C:\Windows\System\QpVtUFi.exe

C:\Windows\System\qngxawy.exe

C:\Windows\System\qngxawy.exe

C:\Windows\System\tLrAZnd.exe

C:\Windows\System\tLrAZnd.exe

C:\Windows\System\gHZprRq.exe

C:\Windows\System\gHZprRq.exe

C:\Windows\System\rqBdRBv.exe

C:\Windows\System\rqBdRBv.exe

C:\Windows\System\jKmstav.exe

C:\Windows\System\jKmstav.exe

C:\Windows\System\EgWaeLh.exe

C:\Windows\System\EgWaeLh.exe

C:\Windows\System\YPVrWeV.exe

C:\Windows\System\YPVrWeV.exe

C:\Windows\System\MLTSqwW.exe

C:\Windows\System\MLTSqwW.exe

C:\Windows\System\HornuZO.exe

C:\Windows\System\HornuZO.exe

C:\Windows\System\LoJGFlV.exe

C:\Windows\System\LoJGFlV.exe

C:\Windows\System\iBlYQkk.exe

C:\Windows\System\iBlYQkk.exe

C:\Windows\System\Dvmapqe.exe

C:\Windows\System\Dvmapqe.exe

C:\Windows\System\Awwntyj.exe

C:\Windows\System\Awwntyj.exe

C:\Windows\System\obEtDbW.exe

C:\Windows\System\obEtDbW.exe

C:\Windows\System\HbLrTMn.exe

C:\Windows\System\HbLrTMn.exe

C:\Windows\System\KahFtrH.exe

C:\Windows\System\KahFtrH.exe

C:\Windows\System\JHcZbHo.exe

C:\Windows\System\JHcZbHo.exe

C:\Windows\System\SyvbzvR.exe

C:\Windows\System\SyvbzvR.exe

C:\Windows\System\tcmYtNa.exe

C:\Windows\System\tcmYtNa.exe

C:\Windows\System\VWXoKGa.exe

C:\Windows\System\VWXoKGa.exe

C:\Windows\System\xklRFvr.exe

C:\Windows\System\xklRFvr.exe

C:\Windows\System\BwcXjzr.exe

C:\Windows\System\BwcXjzr.exe

C:\Windows\System\XbXcsMT.exe

C:\Windows\System\XbXcsMT.exe

C:\Windows\System\kcqWtmI.exe

C:\Windows\System\kcqWtmI.exe

C:\Windows\System\WyGhIwu.exe

C:\Windows\System\WyGhIwu.exe

C:\Windows\System\EAIucyD.exe

C:\Windows\System\EAIucyD.exe

C:\Windows\System\ohoDujB.exe

C:\Windows\System\ohoDujB.exe

C:\Windows\System\wSerTvA.exe

C:\Windows\System\wSerTvA.exe

C:\Windows\System\XJrsNEB.exe

C:\Windows\System\XJrsNEB.exe

C:\Windows\System\AaoSMkh.exe

C:\Windows\System\AaoSMkh.exe

C:\Windows\System\IfPsLCH.exe

C:\Windows\System\IfPsLCH.exe

C:\Windows\System\OsdVcIU.exe

C:\Windows\System\OsdVcIU.exe

C:\Windows\System\PRPnakt.exe

C:\Windows\System\PRPnakt.exe

C:\Windows\System\tbuFvDK.exe

C:\Windows\System\tbuFvDK.exe

C:\Windows\System\ieAvrFw.exe

C:\Windows\System\ieAvrFw.exe

C:\Windows\System\XDLWWdT.exe

C:\Windows\System\XDLWWdT.exe

C:\Windows\System\QdwcrVV.exe

C:\Windows\System\QdwcrVV.exe

C:\Windows\System\LmmiqZB.exe

C:\Windows\System\LmmiqZB.exe

C:\Windows\System\LPQSQBB.exe

C:\Windows\System\LPQSQBB.exe

C:\Windows\System\isuUcCD.exe

C:\Windows\System\isuUcCD.exe

C:\Windows\System\STOEFTe.exe

C:\Windows\System\STOEFTe.exe

C:\Windows\System\NkitgJH.exe

C:\Windows\System\NkitgJH.exe

C:\Windows\System\RUGvnpV.exe

C:\Windows\System\RUGvnpV.exe

C:\Windows\System\cmMurvE.exe

C:\Windows\System\cmMurvE.exe

C:\Windows\System\ScYoHuX.exe

C:\Windows\System\ScYoHuX.exe

C:\Windows\System\CdxfunZ.exe

C:\Windows\System\CdxfunZ.exe

C:\Windows\System\KkNWHjQ.exe

C:\Windows\System\KkNWHjQ.exe

C:\Windows\System\XekyCEU.exe

C:\Windows\System\XekyCEU.exe

C:\Windows\System\TyWCCxd.exe

C:\Windows\System\TyWCCxd.exe

C:\Windows\System\MxEVMuM.exe

C:\Windows\System\MxEVMuM.exe

C:\Windows\System\twvPVzy.exe

C:\Windows\System\twvPVzy.exe

C:\Windows\System\ukTBpcY.exe

C:\Windows\System\ukTBpcY.exe

C:\Windows\System\RdDmEEQ.exe

C:\Windows\System\RdDmEEQ.exe

C:\Windows\System\PPKMLdX.exe

C:\Windows\System\PPKMLdX.exe

C:\Windows\System\ckHmSlX.exe

C:\Windows\System\ckHmSlX.exe

C:\Windows\System\UsRHoPP.exe

C:\Windows\System\UsRHoPP.exe

C:\Windows\System\NvjNsVj.exe

C:\Windows\System\NvjNsVj.exe

C:\Windows\System\fDSzBYN.exe

C:\Windows\System\fDSzBYN.exe

C:\Windows\System\jeVDqlw.exe

C:\Windows\System\jeVDqlw.exe

C:\Windows\System\fSAOlFF.exe

C:\Windows\System\fSAOlFF.exe

C:\Windows\System\ENvhURg.exe

C:\Windows\System\ENvhURg.exe

C:\Windows\System\OWDIPjM.exe

C:\Windows\System\OWDIPjM.exe

C:\Windows\System\FThfCwH.exe

C:\Windows\System\FThfCwH.exe

C:\Windows\System\JAcjMan.exe

C:\Windows\System\JAcjMan.exe

C:\Windows\System\rDBYEEY.exe

C:\Windows\System\rDBYEEY.exe

C:\Windows\System\OhLKoBP.exe

C:\Windows\System\OhLKoBP.exe

C:\Windows\System\WHKDlwJ.exe

C:\Windows\System\WHKDlwJ.exe

C:\Windows\System\ovkimgJ.exe

C:\Windows\System\ovkimgJ.exe

C:\Windows\System\AQXofFm.exe

C:\Windows\System\AQXofFm.exe

C:\Windows\System\NiiOige.exe

C:\Windows\System\NiiOige.exe

C:\Windows\System\tUbSNSD.exe

C:\Windows\System\tUbSNSD.exe

C:\Windows\System\xyrfPSA.exe

C:\Windows\System\xyrfPSA.exe

C:\Windows\System\dQNOjQR.exe

C:\Windows\System\dQNOjQR.exe

C:\Windows\System\quqpIru.exe

C:\Windows\System\quqpIru.exe

C:\Windows\System\dZtvPMq.exe

C:\Windows\System\dZtvPMq.exe

C:\Windows\System\xrNqTNw.exe

C:\Windows\System\xrNqTNw.exe

C:\Windows\System\dxGmEcv.exe

C:\Windows\System\dxGmEcv.exe

C:\Windows\System\oNDFPdt.exe

C:\Windows\System\oNDFPdt.exe

C:\Windows\System\Yiqgwfh.exe

C:\Windows\System\Yiqgwfh.exe

C:\Windows\System\Iusrdhk.exe

C:\Windows\System\Iusrdhk.exe

C:\Windows\System\iENJYBF.exe

C:\Windows\System\iENJYBF.exe

C:\Windows\System\tyleGHs.exe

C:\Windows\System\tyleGHs.exe

C:\Windows\System\qplCXya.exe

C:\Windows\System\qplCXya.exe

C:\Windows\System\OzyeFjL.exe

C:\Windows\System\OzyeFjL.exe

C:\Windows\System\jgzJjcW.exe

C:\Windows\System\jgzJjcW.exe

C:\Windows\System\JgdbauW.exe

C:\Windows\System\JgdbauW.exe

C:\Windows\System\uIEGAuP.exe

C:\Windows\System\uIEGAuP.exe

C:\Windows\System\UfHSlYV.exe

C:\Windows\System\UfHSlYV.exe

C:\Windows\System\RIyFASQ.exe

C:\Windows\System\RIyFASQ.exe

C:\Windows\System\XNQvAzO.exe

C:\Windows\System\XNQvAzO.exe

C:\Windows\System\VORmJvD.exe

C:\Windows\System\VORmJvD.exe

C:\Windows\System\cGUjObj.exe

C:\Windows\System\cGUjObj.exe

C:\Windows\System\dErUZAR.exe

C:\Windows\System\dErUZAR.exe

C:\Windows\System\MbsIDFj.exe

C:\Windows\System\MbsIDFj.exe

C:\Windows\System\nysEEVd.exe

C:\Windows\System\nysEEVd.exe

C:\Windows\System\TTIaFGD.exe

C:\Windows\System\TTIaFGD.exe

C:\Windows\System\ZRWGztd.exe

C:\Windows\System\ZRWGztd.exe

C:\Windows\System\sMFrMMb.exe

C:\Windows\System\sMFrMMb.exe

C:\Windows\System\uErcoTQ.exe

C:\Windows\System\uErcoTQ.exe

C:\Windows\System\egzbpmo.exe

C:\Windows\System\egzbpmo.exe

C:\Windows\System\djGWOVR.exe

C:\Windows\System\djGWOVR.exe

C:\Windows\System\ViFNIvQ.exe

C:\Windows\System\ViFNIvQ.exe

C:\Windows\System\Suebsyk.exe

C:\Windows\System\Suebsyk.exe

C:\Windows\System\USpZJuh.exe

C:\Windows\System\USpZJuh.exe

C:\Windows\System\AhwAXGR.exe

C:\Windows\System\AhwAXGR.exe

C:\Windows\System\NuUKwna.exe

C:\Windows\System\NuUKwna.exe

C:\Windows\System\MkOcENJ.exe

C:\Windows\System\MkOcENJ.exe

C:\Windows\System\VxSnxeq.exe

C:\Windows\System\VxSnxeq.exe

C:\Windows\System\dmdcBru.exe

C:\Windows\System\dmdcBru.exe

C:\Windows\System\tXkgKoc.exe

C:\Windows\System\tXkgKoc.exe

C:\Windows\System\UoCyGZk.exe

C:\Windows\System\UoCyGZk.exe

C:\Windows\System\VeJjHLf.exe

C:\Windows\System\VeJjHLf.exe

C:\Windows\System\lAMxNgE.exe

C:\Windows\System\lAMxNgE.exe

C:\Windows\System\hvBsuNZ.exe

C:\Windows\System\hvBsuNZ.exe

C:\Windows\System\fgEyhfm.exe

C:\Windows\System\fgEyhfm.exe

C:\Windows\System\YLDGCfH.exe

C:\Windows\System\YLDGCfH.exe

C:\Windows\System\QEuIPig.exe

C:\Windows\System\QEuIPig.exe

C:\Windows\System\gTgojJF.exe

C:\Windows\System\gTgojJF.exe

C:\Windows\System\uMPaqGv.exe

C:\Windows\System\uMPaqGv.exe

C:\Windows\System\LRsXLok.exe

C:\Windows\System\LRsXLok.exe

C:\Windows\System\DMGnEXK.exe

C:\Windows\System\DMGnEXK.exe

C:\Windows\System\KcuGemS.exe

C:\Windows\System\KcuGemS.exe

C:\Windows\System\HfmILqQ.exe

C:\Windows\System\HfmILqQ.exe

C:\Windows\System\DOBvYpF.exe

C:\Windows\System\DOBvYpF.exe

C:\Windows\System\pNHCbAw.exe

C:\Windows\System\pNHCbAw.exe

C:\Windows\System\ROHOujy.exe

C:\Windows\System\ROHOujy.exe

C:\Windows\System\RTIeFJn.exe

C:\Windows\System\RTIeFJn.exe

C:\Windows\System\aXjqTYf.exe

C:\Windows\System\aXjqTYf.exe

C:\Windows\System\Ocpeuvk.exe

C:\Windows\System\Ocpeuvk.exe

C:\Windows\System\XHAUIgP.exe

C:\Windows\System\XHAUIgP.exe

C:\Windows\System\NzvMUNs.exe

C:\Windows\System\NzvMUNs.exe

C:\Windows\System\UoGhDbB.exe

C:\Windows\System\UoGhDbB.exe

C:\Windows\System\meRwEWI.exe

C:\Windows\System\meRwEWI.exe

C:\Windows\System\YeqsHEn.exe

C:\Windows\System\YeqsHEn.exe

C:\Windows\System\bKBEQji.exe

C:\Windows\System\bKBEQji.exe

C:\Windows\System\dWUYmNe.exe

C:\Windows\System\dWUYmNe.exe

C:\Windows\System\utXfUPB.exe

C:\Windows\System\utXfUPB.exe

C:\Windows\System\OoEhUuz.exe

C:\Windows\System\OoEhUuz.exe

C:\Windows\System\dVWXJtQ.exe

C:\Windows\System\dVWXJtQ.exe

C:\Windows\System\lBLVdIr.exe

C:\Windows\System\lBLVdIr.exe

C:\Windows\System\pFiutTB.exe

C:\Windows\System\pFiutTB.exe

C:\Windows\System\uWZLzCt.exe

C:\Windows\System\uWZLzCt.exe

C:\Windows\System\nOowhPY.exe

C:\Windows\System\nOowhPY.exe

C:\Windows\System\GOdGPBE.exe

C:\Windows\System\GOdGPBE.exe

C:\Windows\System\wrRfsGu.exe

C:\Windows\System\wrRfsGu.exe

C:\Windows\System\QbhBrep.exe

C:\Windows\System\QbhBrep.exe

C:\Windows\System\mTQJHxd.exe

C:\Windows\System\mTQJHxd.exe

C:\Windows\System\hzUOwPV.exe

C:\Windows\System\hzUOwPV.exe

C:\Windows\System\GvnlXaH.exe

C:\Windows\System\GvnlXaH.exe

C:\Windows\System\gJAaQkO.exe

C:\Windows\System\gJAaQkO.exe

C:\Windows\System\IrcUILf.exe

C:\Windows\System\IrcUILf.exe

C:\Windows\System\RukfXwB.exe

C:\Windows\System\RukfXwB.exe

C:\Windows\System\KbYfQQb.exe

C:\Windows\System\KbYfQQb.exe

C:\Windows\System\WWxlmqN.exe

C:\Windows\System\WWxlmqN.exe

C:\Windows\System\RPctHyY.exe

C:\Windows\System\RPctHyY.exe

C:\Windows\System\zBtKFvb.exe

C:\Windows\System\zBtKFvb.exe

C:\Windows\System\AiVFCqs.exe

C:\Windows\System\AiVFCqs.exe

C:\Windows\System\LaLMOlS.exe

C:\Windows\System\LaLMOlS.exe

C:\Windows\System\EaMSJkV.exe

C:\Windows\System\EaMSJkV.exe

C:\Windows\System\AxAzhpM.exe

C:\Windows\System\AxAzhpM.exe

C:\Windows\System\BAfTHGL.exe

C:\Windows\System\BAfTHGL.exe

C:\Windows\System\PUQOAmD.exe

C:\Windows\System\PUQOAmD.exe

C:\Windows\System\aBfWqqy.exe

C:\Windows\System\aBfWqqy.exe

C:\Windows\System\fbjloia.exe

C:\Windows\System\fbjloia.exe

C:\Windows\System\HxJYUvR.exe

C:\Windows\System\HxJYUvR.exe

C:\Windows\System\mmaHSqM.exe

C:\Windows\System\mmaHSqM.exe

C:\Windows\System\wjLCHWr.exe

C:\Windows\System\wjLCHWr.exe

C:\Windows\System\vvNnLtW.exe

C:\Windows\System\vvNnLtW.exe

C:\Windows\System\fhKPshe.exe

C:\Windows\System\fhKPshe.exe

C:\Windows\System\FUGwhkI.exe

C:\Windows\System\FUGwhkI.exe

C:\Windows\System\UoEaHbP.exe

C:\Windows\System\UoEaHbP.exe

C:\Windows\System\sOQMMsm.exe

C:\Windows\System\sOQMMsm.exe

C:\Windows\System\jsLUtRM.exe

C:\Windows\System\jsLUtRM.exe

C:\Windows\System\KieoudA.exe

C:\Windows\System\KieoudA.exe

C:\Windows\System\FZyZJma.exe

C:\Windows\System\FZyZJma.exe

C:\Windows\System\XhalCzl.exe

C:\Windows\System\XhalCzl.exe

C:\Windows\System\hwWfHns.exe

C:\Windows\System\hwWfHns.exe

C:\Windows\System\blrQOCG.exe

C:\Windows\System\blrQOCG.exe

C:\Windows\System\WzGJAJN.exe

C:\Windows\System\WzGJAJN.exe

C:\Windows\System\pHXJTJH.exe

C:\Windows\System\pHXJTJH.exe

C:\Windows\System\KLuvUVP.exe

C:\Windows\System\KLuvUVP.exe

C:\Windows\System\gOhGwaL.exe

C:\Windows\System\gOhGwaL.exe

C:\Windows\System\eWDVnPI.exe

C:\Windows\System\eWDVnPI.exe

C:\Windows\System\SigYYrs.exe

C:\Windows\System\SigYYrs.exe

C:\Windows\System\jmYbIRZ.exe

C:\Windows\System\jmYbIRZ.exe

C:\Windows\System\JwUGley.exe

C:\Windows\System\JwUGley.exe

C:\Windows\System\kDludSq.exe

C:\Windows\System\kDludSq.exe

C:\Windows\System\EvGcrli.exe

C:\Windows\System\EvGcrli.exe

C:\Windows\System\GZnDcoj.exe

C:\Windows\System\GZnDcoj.exe

C:\Windows\System\KEVASvq.exe

C:\Windows\System\KEVASvq.exe

C:\Windows\System\zcacteR.exe

C:\Windows\System\zcacteR.exe

C:\Windows\System\blMWfEn.exe

C:\Windows\System\blMWfEn.exe

C:\Windows\System\nfEzhmU.exe

C:\Windows\System\nfEzhmU.exe

C:\Windows\System\ERKbHqf.exe

C:\Windows\System\ERKbHqf.exe

C:\Windows\System\DiSfFTu.exe

C:\Windows\System\DiSfFTu.exe

C:\Windows\System\GwPrUNS.exe

C:\Windows\System\GwPrUNS.exe

C:\Windows\System\zAIwScJ.exe

C:\Windows\System\zAIwScJ.exe

C:\Windows\System\GjhVroi.exe

C:\Windows\System\GjhVroi.exe

C:\Windows\System\wGigELz.exe

C:\Windows\System\wGigELz.exe

C:\Windows\System\KtLKQOT.exe

C:\Windows\System\KtLKQOT.exe

C:\Windows\System\JrsPalu.exe

C:\Windows\System\JrsPalu.exe

C:\Windows\System\KJHFfMb.exe

C:\Windows\System\KJHFfMb.exe

C:\Windows\System\dAMbhkM.exe

C:\Windows\System\dAMbhkM.exe

C:\Windows\System\bsJjgCL.exe

C:\Windows\System\bsJjgCL.exe

C:\Windows\System\CRKaMYb.exe

C:\Windows\System\CRKaMYb.exe

C:\Windows\System\uYbJLfp.exe

C:\Windows\System\uYbJLfp.exe

C:\Windows\System\ZlyiqpR.exe

C:\Windows\System\ZlyiqpR.exe

C:\Windows\System\MpTOHyA.exe

C:\Windows\System\MpTOHyA.exe

C:\Windows\System\lgMptyN.exe

C:\Windows\System\lgMptyN.exe

C:\Windows\System\IqltvxN.exe

C:\Windows\System\IqltvxN.exe

C:\Windows\System\ykhNRiU.exe

C:\Windows\System\ykhNRiU.exe

C:\Windows\System\vIANvYb.exe

C:\Windows\System\vIANvYb.exe

C:\Windows\System\ZpzmNGE.exe

C:\Windows\System\ZpzmNGE.exe

C:\Windows\System\VUHkSWI.exe

C:\Windows\System\VUHkSWI.exe

C:\Windows\System\vQwotQR.exe

C:\Windows\System\vQwotQR.exe

C:\Windows\System\mlbQDxI.exe

C:\Windows\System\mlbQDxI.exe

C:\Windows\System\NsiJEdQ.exe

C:\Windows\System\NsiJEdQ.exe

C:\Windows\System\VufLPnS.exe

C:\Windows\System\VufLPnS.exe

C:\Windows\System\iozuWig.exe

C:\Windows\System\iozuWig.exe

C:\Windows\System\fkRkZnc.exe

C:\Windows\System\fkRkZnc.exe

C:\Windows\System\HokfmqD.exe

C:\Windows\System\HokfmqD.exe

C:\Windows\System\rGNPphq.exe

C:\Windows\System\rGNPphq.exe

C:\Windows\System\rgbQfjR.exe

C:\Windows\System\rgbQfjR.exe

C:\Windows\System\NjtteSZ.exe

C:\Windows\System\NjtteSZ.exe

C:\Windows\System\zPAvUPi.exe

C:\Windows\System\zPAvUPi.exe

C:\Windows\System\KXxpuXW.exe

C:\Windows\System\KXxpuXW.exe

C:\Windows\System\jqkdOrH.exe

C:\Windows\System\jqkdOrH.exe

C:\Windows\System\GPxTjyN.exe

C:\Windows\System\GPxTjyN.exe

C:\Windows\System\ILhbrSz.exe

C:\Windows\System\ILhbrSz.exe

C:\Windows\System\AJKbNoa.exe

C:\Windows\System\AJKbNoa.exe

C:\Windows\System\MiUffqw.exe

C:\Windows\System\MiUffqw.exe

C:\Windows\System\KMCtQsn.exe

C:\Windows\System\KMCtQsn.exe

C:\Windows\System\hWOsNjk.exe

C:\Windows\System\hWOsNjk.exe

C:\Windows\System\ZFSLdaS.exe

C:\Windows\System\ZFSLdaS.exe

C:\Windows\System\wfOpoDl.exe

C:\Windows\System\wfOpoDl.exe

C:\Windows\System\dolDSve.exe

C:\Windows\System\dolDSve.exe

C:\Windows\System\Weflrtt.exe

C:\Windows\System\Weflrtt.exe

C:\Windows\System\RnHmiuV.exe

C:\Windows\System\RnHmiuV.exe

C:\Windows\System\jtAnguR.exe

C:\Windows\System\jtAnguR.exe

C:\Windows\System\JMkTXqZ.exe

C:\Windows\System\JMkTXqZ.exe

C:\Windows\System\OVuIOBl.exe

C:\Windows\System\OVuIOBl.exe

C:\Windows\System\giGgogq.exe

C:\Windows\System\giGgogq.exe

C:\Windows\System\Mmaxhgr.exe

C:\Windows\System\Mmaxhgr.exe

C:\Windows\System\DBhQkHR.exe

C:\Windows\System\DBhQkHR.exe

C:\Windows\System\NJHGzmt.exe

C:\Windows\System\NJHGzmt.exe

C:\Windows\System\GthjkOD.exe

C:\Windows\System\GthjkOD.exe

C:\Windows\System\BNmGfQq.exe

C:\Windows\System\BNmGfQq.exe

C:\Windows\System\NzFyjnH.exe

C:\Windows\System\NzFyjnH.exe

C:\Windows\System\VlqhteS.exe

C:\Windows\System\VlqhteS.exe

C:\Windows\System\QMPnrkB.exe

C:\Windows\System\QMPnrkB.exe

C:\Windows\System\RcBpOzc.exe

C:\Windows\System\RcBpOzc.exe

C:\Windows\System\gRhqXQX.exe

C:\Windows\System\gRhqXQX.exe

C:\Windows\System\bJsFmGs.exe

C:\Windows\System\bJsFmGs.exe

C:\Windows\System\RfTYtfC.exe

C:\Windows\System\RfTYtfC.exe

C:\Windows\System\LeuRMbF.exe

C:\Windows\System\LeuRMbF.exe

C:\Windows\System\sbJuaeB.exe

C:\Windows\System\sbJuaeB.exe

C:\Windows\System\WsLCMUh.exe

C:\Windows\System\WsLCMUh.exe

C:\Windows\System\JCBnAll.exe

C:\Windows\System\JCBnAll.exe

C:\Windows\System\CFeuxHW.exe

C:\Windows\System\CFeuxHW.exe

C:\Windows\System\KhwIdzX.exe

C:\Windows\System\KhwIdzX.exe

C:\Windows\System\ZlBZDJt.exe

C:\Windows\System\ZlBZDJt.exe

C:\Windows\System\ZPLtPEu.exe

C:\Windows\System\ZPLtPEu.exe

C:\Windows\System\fvpPsiE.exe

C:\Windows\System\fvpPsiE.exe

C:\Windows\System\vTjNnAu.exe

C:\Windows\System\vTjNnAu.exe

C:\Windows\System\FrIpbHQ.exe

C:\Windows\System\FrIpbHQ.exe

C:\Windows\System\KzDKceu.exe

C:\Windows\System\KzDKceu.exe

C:\Windows\System\wfzkjco.exe

C:\Windows\System\wfzkjco.exe

C:\Windows\System\XWRfyBA.exe

C:\Windows\System\XWRfyBA.exe

C:\Windows\System\fUUDuPX.exe

C:\Windows\System\fUUDuPX.exe

C:\Windows\System\PbnogzH.exe

C:\Windows\System\PbnogzH.exe

C:\Windows\System\oxKzDsW.exe

C:\Windows\System\oxKzDsW.exe

C:\Windows\System\HkaXNpi.exe

C:\Windows\System\HkaXNpi.exe

C:\Windows\System\omeBWzw.exe

C:\Windows\System\omeBWzw.exe

C:\Windows\System\zdXCgPd.exe

C:\Windows\System\zdXCgPd.exe

C:\Windows\System\ntAtVgC.exe

C:\Windows\System\ntAtVgC.exe

C:\Windows\System\nKJWCHT.exe

C:\Windows\System\nKJWCHT.exe

C:\Windows\System\PPJTpAg.exe

C:\Windows\System\PPJTpAg.exe

C:\Windows\System\sJpIVga.exe

C:\Windows\System\sJpIVga.exe

C:\Windows\System\MhnOBMM.exe

C:\Windows\System\MhnOBMM.exe

C:\Windows\System\LIbmdID.exe

C:\Windows\System\LIbmdID.exe

C:\Windows\System\aOjxtml.exe

C:\Windows\System\aOjxtml.exe

C:\Windows\System\MybSJtL.exe

C:\Windows\System\MybSJtL.exe

C:\Windows\System\XsHPQcP.exe

C:\Windows\System\XsHPQcP.exe

C:\Windows\System\meEMAqj.exe

C:\Windows\System\meEMAqj.exe

C:\Windows\System\KVMlALI.exe

C:\Windows\System\KVMlALI.exe

C:\Windows\System\NwjMxEb.exe

C:\Windows\System\NwjMxEb.exe

C:\Windows\System\orWrwpP.exe

C:\Windows\System\orWrwpP.exe

C:\Windows\System\uFgEuUW.exe

C:\Windows\System\uFgEuUW.exe

C:\Windows\System\cpYttve.exe

C:\Windows\System\cpYttve.exe

C:\Windows\System\uKLFVoo.exe

C:\Windows\System\uKLFVoo.exe

C:\Windows\System\rLvwRuM.exe

C:\Windows\System\rLvwRuM.exe

C:\Windows\System\HVbjCqN.exe

C:\Windows\System\HVbjCqN.exe

C:\Windows\System\SElPZbd.exe

C:\Windows\System\SElPZbd.exe

C:\Windows\System\ZVGmnmg.exe

C:\Windows\System\ZVGmnmg.exe

C:\Windows\System\aijUOxT.exe

C:\Windows\System\aijUOxT.exe

C:\Windows\System\Fgkwvaq.exe

C:\Windows\System\Fgkwvaq.exe

C:\Windows\System\RRGDjdD.exe

C:\Windows\System\RRGDjdD.exe

C:\Windows\System\VKLaLKy.exe

C:\Windows\System\VKLaLKy.exe

C:\Windows\System\HquMzMG.exe

C:\Windows\System\HquMzMG.exe

C:\Windows\System\AwtQUVQ.exe

C:\Windows\System\AwtQUVQ.exe

C:\Windows\System\lLnWguV.exe

C:\Windows\System\lLnWguV.exe

C:\Windows\System\ixLbnLU.exe

C:\Windows\System\ixLbnLU.exe

C:\Windows\System\gBTzIWZ.exe

C:\Windows\System\gBTzIWZ.exe

C:\Windows\System\gncCmCB.exe

C:\Windows\System\gncCmCB.exe

C:\Windows\System\ekyDxDb.exe

C:\Windows\System\ekyDxDb.exe

C:\Windows\System\ucgRKce.exe

C:\Windows\System\ucgRKce.exe

C:\Windows\System\SHDXmKo.exe

C:\Windows\System\SHDXmKo.exe

C:\Windows\System\xYtjHLu.exe

C:\Windows\System\xYtjHLu.exe

C:\Windows\System\mfibPtP.exe

C:\Windows\System\mfibPtP.exe

C:\Windows\System\kTHTXvg.exe

C:\Windows\System\kTHTXvg.exe

C:\Windows\System\YzbWxor.exe

C:\Windows\System\YzbWxor.exe

C:\Windows\System\aeDUeQY.exe

C:\Windows\System\aeDUeQY.exe

C:\Windows\System\SXflQFP.exe

C:\Windows\System\SXflQFP.exe

C:\Windows\System\IhxHxMG.exe

C:\Windows\System\IhxHxMG.exe

C:\Windows\System\litkjOo.exe

C:\Windows\System\litkjOo.exe

C:\Windows\System\ULSRwgY.exe

C:\Windows\System\ULSRwgY.exe

C:\Windows\System\PNypNGx.exe

C:\Windows\System\PNypNGx.exe

C:\Windows\System\uoxzzmB.exe

C:\Windows\System\uoxzzmB.exe

C:\Windows\System\MDPuUFX.exe

C:\Windows\System\MDPuUFX.exe

C:\Windows\System\wgSzUwI.exe

C:\Windows\System\wgSzUwI.exe

C:\Windows\System\IZvMzEN.exe

C:\Windows\System\IZvMzEN.exe

C:\Windows\System\JEGXjvU.exe

C:\Windows\System\JEGXjvU.exe

C:\Windows\System\gopYDEI.exe

C:\Windows\System\gopYDEI.exe

C:\Windows\System\nIxljrW.exe

C:\Windows\System\nIxljrW.exe

C:\Windows\System\MeTyytg.exe

C:\Windows\System\MeTyytg.exe

C:\Windows\System\nYPmWjx.exe

C:\Windows\System\nYPmWjx.exe

C:\Windows\System\ZmOEfVQ.exe

C:\Windows\System\ZmOEfVQ.exe

C:\Windows\System\rpONhfK.exe

C:\Windows\System\rpONhfK.exe

C:\Windows\System\wrIGBrO.exe

C:\Windows\System\wrIGBrO.exe

C:\Windows\System\JnHMBAB.exe

C:\Windows\System\JnHMBAB.exe

C:\Windows\System\mHkyWla.exe

C:\Windows\System\mHkyWla.exe

C:\Windows\System\pKOZzSL.exe

C:\Windows\System\pKOZzSL.exe

C:\Windows\System\nUHRYSh.exe

C:\Windows\System\nUHRYSh.exe

C:\Windows\System\BGpRECh.exe

C:\Windows\System\BGpRECh.exe

C:\Windows\System\jHpNePu.exe

C:\Windows\System\jHpNePu.exe

C:\Windows\System\vfotxqw.exe

C:\Windows\System\vfotxqw.exe

C:\Windows\System\GIIRvSz.exe

C:\Windows\System\GIIRvSz.exe

C:\Windows\System\eRXFMba.exe

C:\Windows\System\eRXFMba.exe

C:\Windows\System\mGitVMS.exe

C:\Windows\System\mGitVMS.exe

C:\Windows\System\rzECVTn.exe

C:\Windows\System\rzECVTn.exe

C:\Windows\System\hhzrgrA.exe

C:\Windows\System\hhzrgrA.exe

C:\Windows\System\YpnzEjT.exe

C:\Windows\System\YpnzEjT.exe

C:\Windows\System\SeNgfHj.exe

C:\Windows\System\SeNgfHj.exe

C:\Windows\System\IqwrPMT.exe

C:\Windows\System\IqwrPMT.exe

C:\Windows\System\nmoIWJH.exe

C:\Windows\System\nmoIWJH.exe

C:\Windows\System\MqBNfaB.exe

C:\Windows\System\MqBNfaB.exe

C:\Windows\System\PJpFKOG.exe

C:\Windows\System\PJpFKOG.exe

C:\Windows\System\imsaITt.exe

C:\Windows\System\imsaITt.exe

C:\Windows\System\JmlRZiA.exe

C:\Windows\System\JmlRZiA.exe

C:\Windows\System\zhBUbBq.exe

C:\Windows\System\zhBUbBq.exe

C:\Windows\System\HrBgRPq.exe

C:\Windows\System\HrBgRPq.exe

C:\Windows\System\ZBfrsEs.exe

C:\Windows\System\ZBfrsEs.exe

C:\Windows\System\WUruAGT.exe

C:\Windows\System\WUruAGT.exe

C:\Windows\System\hQTnnAB.exe

C:\Windows\System\hQTnnAB.exe

C:\Windows\System\zdcgvkf.exe

C:\Windows\System\zdcgvkf.exe

C:\Windows\System\ThBsFxl.exe

C:\Windows\System\ThBsFxl.exe

C:\Windows\System\PmLbXkf.exe

C:\Windows\System\PmLbXkf.exe

C:\Windows\System\TBNYyXT.exe

C:\Windows\System\TBNYyXT.exe

C:\Windows\System\fGamhzr.exe

C:\Windows\System\fGamhzr.exe

C:\Windows\System\XEMjRfo.exe

C:\Windows\System\XEMjRfo.exe

C:\Windows\System\BRyrKNY.exe

C:\Windows\System\BRyrKNY.exe

C:\Windows\System\YAvJAPR.exe

C:\Windows\System\YAvJAPR.exe

C:\Windows\System\xTUCBrO.exe

C:\Windows\System\xTUCBrO.exe

C:\Windows\System\alQBYYU.exe

C:\Windows\System\alQBYYU.exe

C:\Windows\System\hZBkNrP.exe

C:\Windows\System\hZBkNrP.exe

C:\Windows\System\xKjjAGH.exe

C:\Windows\System\xKjjAGH.exe

C:\Windows\System\ViPnpic.exe

C:\Windows\System\ViPnpic.exe

C:\Windows\System\UwdXjsJ.exe

C:\Windows\System\UwdXjsJ.exe

C:\Windows\System\AyjFwlW.exe

C:\Windows\System\AyjFwlW.exe

C:\Windows\System\SVLktPy.exe

C:\Windows\System\SVLktPy.exe

C:\Windows\System\byNAVvO.exe

C:\Windows\System\byNAVvO.exe

C:\Windows\System\fBagzJv.exe

C:\Windows\System\fBagzJv.exe

C:\Windows\System\aRKwDWL.exe

C:\Windows\System\aRKwDWL.exe

C:\Windows\System\lUQjydv.exe

C:\Windows\System\lUQjydv.exe

C:\Windows\System\txPFAAR.exe

C:\Windows\System\txPFAAR.exe

C:\Windows\System\YqQhWBA.exe

C:\Windows\System\YqQhWBA.exe

C:\Windows\System\DGEIkQj.exe

C:\Windows\System\DGEIkQj.exe

C:\Windows\System\yHKLrAg.exe

C:\Windows\System\yHKLrAg.exe

C:\Windows\System\nPCKGPR.exe

C:\Windows\System\nPCKGPR.exe

C:\Windows\System\GIwCySD.exe

C:\Windows\System\GIwCySD.exe

C:\Windows\System\sYgGoMu.exe

C:\Windows\System\sYgGoMu.exe

C:\Windows\System\hBAEBSl.exe

C:\Windows\System\hBAEBSl.exe

C:\Windows\System\ECmzdVx.exe

C:\Windows\System\ECmzdVx.exe

C:\Windows\System\nCfaprK.exe

C:\Windows\System\nCfaprK.exe

C:\Windows\System\QPdmqxl.exe

C:\Windows\System\QPdmqxl.exe

C:\Windows\System\PhLpCyY.exe

C:\Windows\System\PhLpCyY.exe

C:\Windows\System\pMcquHx.exe

C:\Windows\System\pMcquHx.exe

C:\Windows\System\RPJIAVk.exe

C:\Windows\System\RPJIAVk.exe

C:\Windows\System\aoMzcWB.exe

C:\Windows\System\aoMzcWB.exe

C:\Windows\System\ghKjdfY.exe

C:\Windows\System\ghKjdfY.exe

C:\Windows\System\YYpKvWT.exe

C:\Windows\System\YYpKvWT.exe

C:\Windows\System\bbDDDGD.exe

C:\Windows\System\bbDDDGD.exe

C:\Windows\System\YIplDyo.exe

C:\Windows\System\YIplDyo.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 82.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/4656-0-0x00007FF7D4160000-0x00007FF7D4552000-memory.dmp

memory/4656-1-0x000001C975FD0000-0x000001C975FE0000-memory.dmp

C:\Windows\System\LAXXPhI.exe

MD5 250c22817eac2c425477a6569901a7bf
SHA1 6b1231e3e40e8bdb2fac9dbcbefbe2a4b20bf9d5
SHA256 8afae8db983610587d24b33b23e8dbf98c8d3b6fbd177ee9a9939d20b28ae8d3
SHA512 c451c595e1e605a01f1f4edf10fe652db9cc95edd5efcc2a3a4cac3d6256684e57bf2b76f7bfa956263130d9a22f997da58ed0ff36125f437cc81bf1dc17645a

memory/4688-10-0x00007FFF0B583000-0x00007FFF0B585000-memory.dmp

C:\Windows\System\euoCTkI.exe

MD5 cee4604cbcc4c155edd1987ea1d7ab31
SHA1 6ec20c761b11b139ee87d6174b355352dcae6cc6
SHA256 95bef4c21af60bca90e6717ef9517533656d529960189970905414ab9a1ec61a
SHA512 3eac649b3e9acb9ca48a47f79035c064413398a2fe8defe017edb72c8e1f853458f2923237fb37584089a5e65503e96ec52f16f4829e9307f40f83ea8028bca4

C:\Windows\System\izwlOjV.exe

MD5 46d4787c606515537d98a0fe09327491
SHA1 44c7370f75dd3f4c3c0344a1dce37f8cb625d87e
SHA256 0145bd9345132c4095c840043c771b85fd1ab20fc16b5e34bfeecf09ac5a8648
SHA512 b05d6d4de0c811528fd0321fa8c6ddab268c97aee3c8a96c149b4e184ff2ef33b256a8eda93d8412a516eaf1f887a30d1c1a0953362d94cf11f43c002ae65f6d

C:\Windows\System\ZLHlDPa.exe

MD5 667262b4aee446df0b99bc629a759607
SHA1 467a99e600641dfc3bb46796dccbb060961cbad3
SHA256 f6873e89042fcf3fcbe0c50632737632f3e80c9b0a84f65acba4f875591cf025
SHA512 1a3b64b333de523e67a2722e46f9dae1407bf66ab8ecfe2995fbe2db00b8bbe2342bf86679f279d707903da35cda76095c7d389885b39dacfcd9dfe61a3175b0

C:\Windows\System\VAkQsyz.exe

MD5 34589610b205cd495f949fecf75c6b10
SHA1 a4bfe7ec8ea0c9fd276cce75068ada083e8529cf
SHA256 24ea6e9da6863b715c03f2a07e43a50336ef48ef4bbfd63c0182f6cb5216a80a
SHA512 277f0de0fa098fd826a6263b19625b9aba549a90b0c42800798aef011441107d6330accb6d6b3ca65dfa92ec25bdd92e8edfe86b26dbd35b43cb8c6ae8af2c60

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vdfbsw23.axw.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/392-412-0x00007FF6B1E80000-0x00007FF6B2272000-memory.dmp

memory/560-501-0x00007FF7D2660000-0x00007FF7D2A52000-memory.dmp

memory/1872-580-0x00007FF69A810000-0x00007FF69AC02000-memory.dmp

memory/4688-1338-0x00007FFF0B580000-0x00007FFF0C041000-memory.dmp

C:\Windows\System\uobMHkr.exe

MD5 2adac273ce248e8d242a4b12f749bb46
SHA1 300bd2c60c669d978305195f11eaf26c73d9e457
SHA256 5a695799bf8f73300a4f9c4a59fd25b209a2457abf1051a262d540e520557456
SHA512 011941b215532355e8e4d21af78180da68d2fe04927118ebe818ec14ec4bfb6a7a2d9aaa01fdfd0cd2c6dc84968b5f642ccf10cc92c29aa0e1d06bcf6f120232

memory/3536-1178-0x00007FF623750000-0x00007FF623B42000-memory.dmp

memory/4980-1742-0x00007FF6D9190000-0x00007FF6D9582000-memory.dmp

memory/1156-979-0x00007FF7D8A00000-0x00007FF7D8DF2000-memory.dmp

memory/2588-976-0x00007FF726DA0000-0x00007FF727192000-memory.dmp

memory/2356-975-0x00007FF636C00000-0x00007FF636FF2000-memory.dmp

memory/5088-895-0x00007FF62F960000-0x00007FF62FD52000-memory.dmp

memory/1940-883-0x00007FF6CE0D0000-0x00007FF6CE4C2000-memory.dmp

memory/2988-417-0x00007FF623630000-0x00007FF623A22000-memory.dmp

memory/3160-371-0x00007FF68FF70000-0x00007FF690362000-memory.dmp

memory/3432-320-0x00007FF6E0530000-0x00007FF6E0922000-memory.dmp

memory/1168-317-0x00007FF7FD840000-0x00007FF7FDC32000-memory.dmp

memory/4808-270-0x00007FF7A5F40000-0x00007FF7A6332000-memory.dmp

C:\Windows\System\oqKVcKC.exe

MD5 fd12d0410a553cca9bcdc60c685e0c33
SHA1 71c4043fe1773961f14d62fb9d352ad81c43d8f5
SHA256 d1b56536bbb20e601a32a8c9c06cc2a10501941264242a2b337fb692dc248210
SHA512 d17e948754d3bd557984bdb08c2b0631e304e82f2cb5f56a6227fdd9e6fbfcca77bf39b5b9a304fc809f24b904154aa0af76780d516726718f6aa1186b67bcc4

C:\Windows\System\LdpdIek.exe

MD5 7d2aad8b7f960307982d83bb663cbf89
SHA1 7a997e7e9dfafce060f2699be67bd18d7ed6ecc2
SHA256 9224cb5fb37252393a94408e006af13fdd08f627879b62c5e14f2fe2a75d22da
SHA512 f108d52a5ac79f228b388168b1d56559cbac099caf4267f56bb6cf578b79b516404868866644ff432a023f64e12288aa6534921acf7869ea677c5a73c6b62fa5

C:\Windows\System\rVdSwRk.exe

MD5 e193d79327da6819e1e6c84af4baea25
SHA1 56828b657022e1237f188a2ea4e6fdb004911538
SHA256 754b92205926e9bf54d338688756cf3b97cd00d2fc4c8b60cd9bea46163cd8ef
SHA512 e0530e84db750393e06d5bd6103ed3be822516da73c9692a018d309df89eee248916fa7341aaa9b0daf52fbb7d82557001fbf88020cbf17fc8034365d633e877

C:\Windows\System\vKfDsIB.exe

MD5 271c820add728cad24974a3ba7dfd00f
SHA1 fd144168df6ef3d194c0031015a236ba488003c3
SHA256 3c08123a20f4368031b0d20f6f631104a17eb966b6f852ca2331dae3300388cb
SHA512 f1ce04dec63ee1db06b15734e489ac0f62401653b4bf5694df40645aa4a91819789f1aef177dcbdfb40caba9e79cb46d75eab5548bd5e3257c24a97e730678d5

C:\Windows\System\AvhDodZ.exe

MD5 3c7ddd3cd76994024bf723d3604ee7f3
SHA1 bdb00275b6c99414161daff026083450361ec4dd
SHA256 d8b8a9da2fcfd5ebbecedcc6a0250de22cd9eb012cb9321d1346995f75ff1ee8
SHA512 ec3f06ae14aa6ee55004d9211f8444677c87026d6295a97c27af4b01c92a52457e2453266d6fa2f62c3b038fb93d576864ccab6cbba0f8d31126406fd4bb995d

memory/2224-244-0x00007FF7F3A60000-0x00007FF7F3E52000-memory.dmp

memory/3640-202-0x00007FF607DC0000-0x00007FF6081B2000-memory.dmp

C:\Windows\System\rATMjMh.exe

MD5 f256692123db4380790e9962db65fdfe
SHA1 d2bbc38dcdc5758531e8ebb56ef9448202b632e5
SHA256 d81318aec1d44f0d16b15a7cfd089a80f0ed93125d14f5425fe8c7191cc423f6
SHA512 8748f2dc49e10bedd1fb902fc758988e37a8e9bb23b067e471dd160778f08737b38dc3f3f48cedfee10094bf14ef6d0346fcde66668da752b2c4743fd4ef519b

C:\Windows\System\QQKdIPL.exe

MD5 25ecf39b9c1eca2b8604908cebbced1d
SHA1 58d561b183325662881790457c96bf11b0ffbabe
SHA256 bf7ed8d1efe578e032a812d41a2828afd3340465f4f9643fc9150704438d7a6e
SHA512 8826270994862c0ea9fdb8e6661f02f010ff08dfb4cd6b31e9769243cd1f2eb324f6e5960fd92de62386980d00e0a7a69c41b264fe514ce914e3287124ed6311

C:\Windows\System\mUWPBEZ.exe

MD5 be5ac18d60fde0ee82ac50cb2f503ebb
SHA1 842d00cbf0feb05a43070ebff163d11b96022b5b
SHA256 ec6107d590dd8ffeb58c9c06b9f48733f9aaecbab4f66c650924f732497920dc
SHA512 f0232c4cfe74ee81cd7332ae3c8a431abb54d164e7de2ac186c206958bb8ad253a50c2e3c9d54ef68501227954ce2bb565518e4b86fe3d37163235117d29ab49

C:\Windows\System\LpVIDnF.exe

MD5 3414fd223eae91b3b9bfd4f66a919724
SHA1 a0d844130fcab5cafd81cb9c9e99ac2501412719
SHA256 7b1ed0a61426010430682465acf9c3547c6bb8ef357f83090988f73ee730f9de
SHA512 14e7cfc876748e8d14899aa66ece0781253bb87826c6b8c4ce52c9705c219f784386e2868fa95fb82c2b7e5d37ce5dd8a509f6d7c7de64ba47cf9788f737fff9

C:\Windows\System\FLleypW.exe

MD5 b65167aac3f9e79e5b56ac5d9e23f0e2
SHA1 00df3818bd153851526178a766370d619298004e
SHA256 e2346cc2af906f58213db45a2f46296b94647895066f796ab9189a373c50cb95
SHA512 4389b86301fc11ea289dbc7a83e94ca1a9d87c2cd403f77d1097b10f381850e34286b3bef2f579dccb8853d5497a7c77c2952ccdb72f2e8e8508f66c0716639e

C:\Windows\System\DQxZghc.exe

MD5 a82f62a00c2746bce19c390da3540708
SHA1 b55757fa498efbf1d3d91f1c38ecd4fafcc6f016
SHA256 4fe9d8e877d35e7f051a2747d86d58501c86fa5478198be6a6e5785d7ab1a338
SHA512 d5f9c624ccea0a83fc2b09df21b1bdb5dcf449f3f760624d280a6d6b056d0930f661e7788c12c844c62ee0b7d1b1a3dc6d349ea2d3a2b7dea3f2903e0981c401

C:\Windows\System\yVHZDSO.exe

MD5 b545a871d099e0f2ad367d7a7bf53c46
SHA1 a632b76393abda13ae1b27e45c6dabfe7e5f2834
SHA256 1d1c5088a10a9930b0bb43a553daeb6c2b0e1a57cd1f9e4e769b486b29d7ec69
SHA512 1fc1b8427b0c296b344b83764116a337d8ab93eb4da4087b1ecd6b37b8bf488d7782c1b2db8c3fd80d7b0d85d90bc3e18ef6639486acc65a6662434de65a8329

C:\Windows\System\lDVYQVm.exe

MD5 6af9560af38119610d40dfaa57d16a6e
SHA1 09f9c7662e8137f2979de98b8ee9a1291d2f1068
SHA256 b3b7f6c4d5b41bb42efc44b567c9bef3aa1dea35f09b3b6972c4a3c2df043dd3
SHA512 d28680d1e0825c25e58a7ef4f2ee3d0ea2c8f127517a86e2a2fdfa09c50ad16e9d82eab2bc4dd4ce7371cd98779f4422cc24e24f81b1f6ffba1c2c962d8aec54

C:\Windows\System\oITyZHB.exe

MD5 168df50dd0ec274d3602b7a01540fdc4
SHA1 c94dee1bf419fedca65ceffdd2e819e1d2021c25
SHA256 b8d34c44c2bc9f01b55b91adb118982baeba7e021559d124167c280be34dbc4d
SHA512 2fdcd13db109ceda35d7c46169e18d1409ba20ccf8e9b10ac88e6f053a3d7d65065930230d232d7674c7b6faaaace6eb03f50b67d3c233adbe94d35276b52b83

C:\Windows\System\DOWXckX.exe

MD5 6dedb94ee7ec71f7173afce23d6239e2
SHA1 3306e94aaa87b8ce0b4fe7833f3903c711afa0ce
SHA256 7791eaba603ddb42c4657dbd80a5f4ea682a9f0fe219cf695a85556f739d7fb9
SHA512 61902cc84e67b5e942c34c39e16dc6db40acaf9fbd47326515158c9e2debe82b14822349fac09fc01209db3deb86cd86a1d181a7566991ead8e1fb2f5f57cc4a

C:\Windows\System\dRTOZiN.exe

MD5 805946878f3fce8f07b997a46121c83b
SHA1 7a1269f7eac4aee206f4040aa603a2356aa0cf6c
SHA256 954dc74b15bb6d0649974f0ee3ee7a2567f2ccac32f6437d42d96812adecb061
SHA512 160d0382309ecbba22b92720656d6109eadf2ca36fb67c474ef7bbdaafd5254b5a7f2e889fdb049dc493270e2a72ff2916ee507dec0386a33f4da6eb3d0bcb21

C:\Windows\System\BHbpZwk.exe

MD5 040f289d140c9d10eb11543bff3a6c63
SHA1 6374750934b061e9484fab0638f3a850137765b0
SHA256 36e511bfb4c03327405be37219756646043715ef32980a4ea2731eee4a10c6dc
SHA512 36ca05f32bcbd7c51f64307b9f714028e154ffa802217905b94071289d0dbca3cf29ee374f7f3a043619328bf27e9738e9aa9225676114a373e7159b7371fbff

C:\Windows\System\wGBRPfK.exe

MD5 1b1b35bd4c50ce16d5b7041354a91ca5
SHA1 0bea9c87eea55acbc2cfd99c8e0f7b09e8bdf043
SHA256 380e3f06fea8d3df38e788b2620787c37d93dc9cbfded43e7f0247c2443f2b69
SHA512 c8ce2f62dc0e1e777b0534729cd0b8f388fccd85e1e59732b817b36d7995b637dbf2fe964fd1af83c48ba646a615528adccd388b28fa561e2ea7a13363d980dd

C:\Windows\System\LYxliZI.exe

MD5 08d3ba73a66ba356216adabba1f9507b
SHA1 f51d072ac4038525a2778d4eb2d9d7b3dbe1ad58
SHA256 1f4756ea346c898a4d73b9d8049e6f3c79730535908ddaeb6ab9b662440fec3e
SHA512 7ce2734ac989f00adc460646eddd08afd3623a8edb532d1f2acf72f0dc601d44eb8133111a00c396fb107027142912670129003991dc72c376cb668f77f0e95f

C:\Windows\System\YhztfPc.exe

MD5 6dda1abe593a996192d621ad0975c5dc
SHA1 c5b193466e4dfd6275459b8c44f6cb1a55660904
SHA256 4641b4c2ddfb967168363fd2db27d5585ff004a72cb561764051ecf8478fbf28
SHA512 ba1ca484ea603cfac1581f525b5b1b767427decce3190b8aa97ffe7cc223eeb8567f4d690d0ade6fb0110f6379d73ccacaa90ed68e8bba82f639eb9adad17d77

C:\Windows\System\djLhWhR.exe

MD5 5fd96938299f6df41c3ec88fd7e727cd
SHA1 5e3ddb730b410350eb7abdf4747a6c63382d0a4d
SHA256 510353652216a211bdb0dcd68ccd4cc6f491092cb3e7c37e58a1fc01afef0f49
SHA512 077687be173989c9ef471f6ca52d541d458c70f9418dbec8863e6cc787d1525a044a759751ec3bd7d634a792e99165cc88fd0e1d1fd9cfae949198258c7bdb86

C:\Windows\System\rgWcklo.exe

MD5 934f9eaf4e6f320f32ba7c83b0f4b9b2
SHA1 9a4d1a9ba80f91fc47e50c2cd43337b2658eea48
SHA256 f2789a767dd253377bba91893dc4b23377b0e72fef45ed63b65e6b6cea551a04
SHA512 77a4d31571bcab291ed3d9991f0a581142009510e31c2d48b1125d813dfb4f3493a5ee7f7e63e07423b96ac1b34029f784b26591924ee49811c719fa5f7857e8

C:\Windows\System\nZexmrT.exe

MD5 68b5d3ed9fd39b81fbfe1d9427fe9820
SHA1 7220af89025fa39deec21c4c33fb1f199372a74a
SHA256 8c9f9341d657a235ae0d232474d951ceb06c995f1f356592b5d457f892a59924
SHA512 cf4b92b285cb88e15b34a2ca15ff3859fcb8b2a41d11a6862f2c03b3ec1adb3172e89fa02438b3ec6571fa436b45da3562169b9e53dad5e39ff074bc4db2bdf2

C:\Windows\System\WAdvODv.exe

MD5 f7afa50200423de49e3f34de9eb774df
SHA1 6db26e9b558464a54ff47e9c183b51b34c4a1ec3
SHA256 0788123f1ab1f4a9bb60d466dd850feb66494d7ea5a087d8669d517f3b83e00b
SHA512 efd5d970d2fd5c3186cf835d2f7fe8672f15b7be6e8222f89551ba927e4e0cf4cdd32c56faa0f5b322ce85375dd3559241fc4aa6bd804902611ddbe23e2920e0

C:\Windows\System\NeUfDCm.exe

MD5 c9bc7b4ea547a70ec8611ee7010ee918
SHA1 04f9995061695f5f3785b2cef49f4ae1005d133b
SHA256 9705c6962b3eb0ec41d739c560eff18261f6e670ea96b40c073a169ebf6a1944
SHA512 ca57978d0f1468fb4e0c90c61b119bb89b137b265e011995851387e183ba8185f78502ac92429c48da9a132cf9ac371463aebfcb145946cd334cd77d0a9149a0

C:\Windows\System\lOpvfFV.exe

MD5 9d5a1441171a892e6f26994880c21d2c
SHA1 edf5ebf89b7a51e830279f4cb3de64c93cb592cf
SHA256 beedbb9b65eb345a3d217d96ec62607c87da41e0c9820803b47234a641e86a60
SHA512 cccddea9a377ce2b5e5ad595d9c40397cf2d1d4a3acce1be5a03d9d082a61138e527b32fd15fb4d1148b2870a07d7c28bfb4774d66c89bbabc2c7ce2e2679813

memory/396-134-0x00007FF66D290000-0x00007FF66D682000-memory.dmp

memory/1564-101-0x00007FF715760000-0x00007FF715B52000-memory.dmp

memory/4688-98-0x0000020F56BF0000-0x0000020F56C12000-memory.dmp

C:\Windows\System\yUatQTc.exe

MD5 74aa8312b6df898989f25c2d8eb22500
SHA1 84cdb0f28f8a417a7bcc4f6c37aa18452920d9f1
SHA256 28f50df5df9ad220705ad0e04b4a2d797dacc506255462dbed60ca0c1e605f8e
SHA512 3b1f042a63a17009d13982418c244ac56360aba9bcc581d17d40bb5e32ab8545800ad15d1ab4e1436d7620239cd803d5272c6cbb768f1ed8854ae5fecf8755be

C:\Windows\System\nJEXIKp.exe

MD5 9f7b769ee56c20dcd8884d16152598b4
SHA1 2c78abcdd9b41d78fe2325d85f463d59c966f1fc
SHA256 7c694036447dadb80ebfb1d3eb7ab4e58727c1ee50a469698df11b9bfc754766
SHA512 b33d44078c2f1add72f209287b755a150ec4992248c7524680fdd49828b789dc6e5261b147716d31109e944ed1bb1dc6c921e32adad9c7b5fbd8e4b185ee6773

C:\Windows\System\mJuYkzT.exe

MD5 b8c8d242e80b1805927b837973fe85bb
SHA1 6698dc0e703452d02cc01bcb389047807954fa3d
SHA256 1b249dc67522b3b751b3f884b1628fb25dadc03939ebd955fa97de68808f25b3
SHA512 502db3959c9f56b94d873e47f9a3e9c97b9a7a6237b16ab47458634d0cd89d5d8db26918b4395dc39f1627f9eed09e91c54194c9219e6492b915e192864c9911

C:\Windows\System\qhDVYWs.exe

MD5 cb1273070797a631c48c5f3840df83c3
SHA1 1653bde7fa70aed1c1d9815c61a0a63d8f1d06b0
SHA256 067e25f7622f1ae206b5d9c744b696a0d0ca24e9b8c8bd80db3f51e73ab9d02c
SHA512 dbafdf05fbc1554cdc5f80f82a142b2c0e6e356c37a48318959210f55287b8160bd2d4ace6209648b2cc6bf82af7568dc3a5788c7edac83f3df204dcf6c9aff9

memory/1080-67-0x00007FF638350000-0x00007FF638742000-memory.dmp

C:\Windows\System\hQHrgxf.exe

MD5 2285cf0297644eed397f96fa2191bcfe
SHA1 f1146162111c902bdf07fde5c9375aef22b7a65d
SHA256 5552d2705e75a3fa2dfc04328eb68bf32de60afb11d2cbab84bb4fb26492f865
SHA512 deb1ef75f735fd732f5ad9136b75605fa7acf92b97495b53970bb4aabf5202fa5b3e54e383264c6eb75627185b7e1573338aa52184bef51efac58feca37ab24d

C:\Windows\System\fPsDRsr.exe

MD5 6286a2e403627cc016a76dd6902876f5
SHA1 41b7e1e148083de36b57b1f9f787ae0f1b8400e3
SHA256 c2e45ef9ff8e59e4b8b0d9e48a1f2fe333788d5b35b47fdf8545530bdb917be2
SHA512 8eb0cb137ce194353f5f28d15899b2c77fae2903e040bcb20cc80094734b966e3bf4fa7fe40f7ae1276129349cc532c38aaee783725f82a76579f3d5a2b3766a

memory/4688-42-0x00007FFF0B580000-0x00007FFF0C041000-memory.dmp

C:\Windows\System\WsBtlJl.exe

MD5 e2b9ad388952479bcd9612f46dce16af
SHA1 bfcf27154ff6d0a0e30dcc0cb44ecf3e8850550e
SHA256 4451cd9fb47f0ce20c77fb174bf7ce2c5f4dd35f37d3b3f64313de60b0a5f5d5
SHA512 5f470a3c6acbc776e60e912c436e4fb9db264a7315d289754c4482df00db7df13b812cadb65a77f281fb7f79db56a5984cbf82eaacb186d42f47b61dfaf1bc13

memory/1648-9-0x00007FF6BA9F0000-0x00007FF6BADE2000-memory.dmp

C:\Windows\System\XJTmtGe.exe

MD5 f58a4d1157abf184fe383c8ff04ed280
SHA1 521318c1564484cd2b87a0c19f933052fa74350f
SHA256 3fac56a4793e04caa2a062a20bbdf7f7c4cbb30862a0ce72352c85ddcbaff6e2
SHA512 16261bda87e34df5f25110c2e79ad4314824ac29b5783ac586a0e2f3f694198a176666f3ae5a453529b921a166f838cdf819d410068d9a5c512c4eb44aae3b05

memory/1648-2771-0x00007FF6BA9F0000-0x00007FF6BADE2000-memory.dmp

memory/396-2774-0x00007FF66D290000-0x00007FF66D682000-memory.dmp

memory/1648-2777-0x00007FF6BA9F0000-0x00007FF6BADE2000-memory.dmp

memory/4980-2779-0x00007FF6D9190000-0x00007FF6D9582000-memory.dmp

memory/1564-2781-0x00007FF715760000-0x00007FF715B52000-memory.dmp

memory/1168-2783-0x00007FF7FD840000-0x00007FF7FDC32000-memory.dmp

memory/1080-2785-0x00007FF638350000-0x00007FF638742000-memory.dmp

memory/3640-2788-0x00007FF607DC0000-0x00007FF6081B2000-memory.dmp

memory/2224-2790-0x00007FF7F3A60000-0x00007FF7F3E52000-memory.dmp

memory/4808-2791-0x00007FF7A5F40000-0x00007FF7A6332000-memory.dmp

memory/1940-2793-0x00007FF6CE0D0000-0x00007FF6CE4C2000-memory.dmp

memory/3520-2810-0x00007FF69B170000-0x00007FF69B562000-memory.dmp

memory/392-2812-0x00007FF6B1E80000-0x00007FF6B2272000-memory.dmp

memory/2988-2816-0x00007FF623630000-0x00007FF623A22000-memory.dmp

memory/2588-2819-0x00007FF726DA0000-0x00007FF727192000-memory.dmp

memory/3536-2821-0x00007FF623750000-0x00007FF623B42000-memory.dmp

memory/2356-2808-0x00007FF636C00000-0x00007FF636FF2000-memory.dmp

memory/5088-2804-0x00007FF62F960000-0x00007FF62FD52000-memory.dmp

memory/3160-2806-0x00007FF68FF70000-0x00007FF690362000-memory.dmp

memory/560-2801-0x00007FF7D2660000-0x00007FF7D2A52000-memory.dmp

memory/396-2802-0x00007FF66D290000-0x00007FF66D682000-memory.dmp

memory/3432-2798-0x00007FF6E0530000-0x00007FF6E0922000-memory.dmp

memory/1872-2796-0x00007FF69A810000-0x00007FF69AC02000-memory.dmp

memory/1156-2827-0x00007FF7D8A00000-0x00007FF7D8DF2000-memory.dmp