Malware Analysis Report

2025-04-19 16:03

Sample ID 240522-zckapsfg23
Target 352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe
SHA256 b79fcf6bdb4e551986cad188e2845b4da6d027e223ecb64f5262a9c9c011d39e
Tags
xmrig execution miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b79fcf6bdb4e551986cad188e2845b4da6d027e223ecb64f5262a9c9c011d39e

Threat Level: Known bad

The file 352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner upx

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 20:34

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 20:34

Reported

2024-05-22 20:37

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\RrhggAz.exe N/A
N/A N/A C:\Windows\System\JJZKfZB.exe N/A
N/A N/A C:\Windows\System\vGYypKZ.exe N/A
N/A N/A C:\Windows\System\bZpYWPK.exe N/A
N/A N/A C:\Windows\System\eGAejMo.exe N/A
N/A N/A C:\Windows\System\qSfGNEF.exe N/A
N/A N/A C:\Windows\System\TyiCIWQ.exe N/A
N/A N/A C:\Windows\System\AVDhgUX.exe N/A
N/A N/A C:\Windows\System\FWiQsjK.exe N/A
N/A N/A C:\Windows\System\bkRJCRR.exe N/A
N/A N/A C:\Windows\System\aHHSMdw.exe N/A
N/A N/A C:\Windows\System\HNnyAFa.exe N/A
N/A N/A C:\Windows\System\ZtWZiaZ.exe N/A
N/A N/A C:\Windows\System\eJfCeCR.exe N/A
N/A N/A C:\Windows\System\TNkQohv.exe N/A
N/A N/A C:\Windows\System\tVcBtas.exe N/A
N/A N/A C:\Windows\System\HIDapjw.exe N/A
N/A N/A C:\Windows\System\gjanYxc.exe N/A
N/A N/A C:\Windows\System\WJHBXKd.exe N/A
N/A N/A C:\Windows\System\aqIzWtG.exe N/A
N/A N/A C:\Windows\System\uYbziHo.exe N/A
N/A N/A C:\Windows\System\fbxVNEy.exe N/A
N/A N/A C:\Windows\System\UqBiYsE.exe N/A
N/A N/A C:\Windows\System\qZJLcXD.exe N/A
N/A N/A C:\Windows\System\eUilwKU.exe N/A
N/A N/A C:\Windows\System\revzOyX.exe N/A
N/A N/A C:\Windows\System\UnyDCtB.exe N/A
N/A N/A C:\Windows\System\Mxflzve.exe N/A
N/A N/A C:\Windows\System\sOxWPiL.exe N/A
N/A N/A C:\Windows\System\VdUQcLe.exe N/A
N/A N/A C:\Windows\System\ksSWCdz.exe N/A
N/A N/A C:\Windows\System\NrEiftF.exe N/A
N/A N/A C:\Windows\System\sCDigqE.exe N/A
N/A N/A C:\Windows\System\BjjSPBB.exe N/A
N/A N/A C:\Windows\System\FWQOZbr.exe N/A
N/A N/A C:\Windows\System\tDsTZaZ.exe N/A
N/A N/A C:\Windows\System\DbkhXtJ.exe N/A
N/A N/A C:\Windows\System\XBUtdlI.exe N/A
N/A N/A C:\Windows\System\GoUQWXk.exe N/A
N/A N/A C:\Windows\System\BOQqHmn.exe N/A
N/A N/A C:\Windows\System\nXnxmsG.exe N/A
N/A N/A C:\Windows\System\hbStDvO.exe N/A
N/A N/A C:\Windows\System\idQMRyJ.exe N/A
N/A N/A C:\Windows\System\kXWNsBH.exe N/A
N/A N/A C:\Windows\System\uGHdmmL.exe N/A
N/A N/A C:\Windows\System\vkyphcA.exe N/A
N/A N/A C:\Windows\System\ckgnqTm.exe N/A
N/A N/A C:\Windows\System\WpWfXgI.exe N/A
N/A N/A C:\Windows\System\IiOaikf.exe N/A
N/A N/A C:\Windows\System\AuTxOLk.exe N/A
N/A N/A C:\Windows\System\guPLmIH.exe N/A
N/A N/A C:\Windows\System\BnWQXWz.exe N/A
N/A N/A C:\Windows\System\zmWMYiX.exe N/A
N/A N/A C:\Windows\System\RfEOIHJ.exe N/A
N/A N/A C:\Windows\System\FsiEzgb.exe N/A
N/A N/A C:\Windows\System\OYQZmLC.exe N/A
N/A N/A C:\Windows\System\mFsWSsI.exe N/A
N/A N/A C:\Windows\System\zOIxNLj.exe N/A
N/A N/A C:\Windows\System\NWHupwE.exe N/A
N/A N/A C:\Windows\System\nBAiUCy.exe N/A
N/A N/A C:\Windows\System\aovukcW.exe N/A
N/A N/A C:\Windows\System\wqxqqwQ.exe N/A
N/A N/A C:\Windows\System\rXfwIhd.exe N/A
N/A N/A C:\Windows\System\ZdpfHJp.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\OckBlkV.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vDxOSuH.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YimEmcq.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDAiAzI.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\swUFUnh.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BUXMvzG.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mlNqMuz.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rozEBSp.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uKGucWB.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hLaaAge.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RfyyZSE.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ePrRAQg.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NHOyaEE.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKORmMr.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LtgLzVf.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHsnhih.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uyOqOHS.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IWJkghY.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\seSfbun.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\URkSAbr.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\beZbycy.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gZmzIVB.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dktQvJF.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAqaJEZ.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DvYBllt.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LzfBuOm.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yijiJNE.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rMljJOC.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IyFSXvT.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lXSxPYc.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ywlfhdn.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lzpHyom.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZKUTULH.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LZppnMh.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dAwfRrx.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xklAcks.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BMiqNuR.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YNmDQGQ.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YuKBzul.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ltQIvHH.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zwcrlvt.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lEsZrjy.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TAHvCRE.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bkPKskE.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSOJiDl.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aalVGzI.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNPoOOz.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PIXzjkh.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\grOHNyd.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUYjLhx.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XRoeAuo.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rzlCtto.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YQlGHEf.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BaNslPM.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDGZUMH.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDxzxAr.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTcxiVd.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NmlySIZ.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CQISMhn.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PhqsdnF.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xIdyZCd.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tgZmIKm.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ajpAaqw.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTNimRH.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1752 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1752 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1752 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1752 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\RrhggAz.exe
PID 1752 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\RrhggAz.exe
PID 1752 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\RrhggAz.exe
PID 1752 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\JJZKfZB.exe
PID 1752 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\JJZKfZB.exe
PID 1752 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\JJZKfZB.exe
PID 1752 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\vGYypKZ.exe
PID 1752 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\vGYypKZ.exe
PID 1752 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\vGYypKZ.exe
PID 1752 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\qSfGNEF.exe
PID 1752 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\qSfGNEF.exe
PID 1752 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\qSfGNEF.exe
PID 1752 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\bZpYWPK.exe
PID 1752 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\bZpYWPK.exe
PID 1752 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\bZpYWPK.exe
PID 1752 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\TyiCIWQ.exe
PID 1752 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\TyiCIWQ.exe
PID 1752 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\TyiCIWQ.exe
PID 1752 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\eGAejMo.exe
PID 1752 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\eGAejMo.exe
PID 1752 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\eGAejMo.exe
PID 1752 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\AVDhgUX.exe
PID 1752 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\AVDhgUX.exe
PID 1752 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\AVDhgUX.exe
PID 1752 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FWiQsjK.exe
PID 1752 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FWiQsjK.exe
PID 1752 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FWiQsjK.exe
PID 1752 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\bkRJCRR.exe
PID 1752 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\bkRJCRR.exe
PID 1752 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\bkRJCRR.exe
PID 1752 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\aHHSMdw.exe
PID 1752 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\aHHSMdw.exe
PID 1752 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\aHHSMdw.exe
PID 1752 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\HNnyAFa.exe
PID 1752 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\HNnyAFa.exe
PID 1752 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\HNnyAFa.exe
PID 1752 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\ZtWZiaZ.exe
PID 1752 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\ZtWZiaZ.exe
PID 1752 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\ZtWZiaZ.exe
PID 1752 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\eJfCeCR.exe
PID 1752 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\eJfCeCR.exe
PID 1752 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\eJfCeCR.exe
PID 1752 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\TNkQohv.exe
PID 1752 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\TNkQohv.exe
PID 1752 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\TNkQohv.exe
PID 1752 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\tVcBtas.exe
PID 1752 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\tVcBtas.exe
PID 1752 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\tVcBtas.exe
PID 1752 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\HIDapjw.exe
PID 1752 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\HIDapjw.exe
PID 1752 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\HIDapjw.exe
PID 1752 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gjanYxc.exe
PID 1752 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gjanYxc.exe
PID 1752 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gjanYxc.exe
PID 1752 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\WJHBXKd.exe
PID 1752 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\WJHBXKd.exe
PID 1752 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\WJHBXKd.exe
PID 1752 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\uYbziHo.exe
PID 1752 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\uYbziHo.exe
PID 1752 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\uYbziHo.exe
PID 1752 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\aqIzWtG.exe

Processes

C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\RrhggAz.exe

C:\Windows\System\RrhggAz.exe

C:\Windows\System\JJZKfZB.exe

C:\Windows\System\JJZKfZB.exe

C:\Windows\System\vGYypKZ.exe

C:\Windows\System\vGYypKZ.exe

C:\Windows\System\qSfGNEF.exe

C:\Windows\System\qSfGNEF.exe

C:\Windows\System\bZpYWPK.exe

C:\Windows\System\bZpYWPK.exe

C:\Windows\System\TyiCIWQ.exe

C:\Windows\System\TyiCIWQ.exe

C:\Windows\System\eGAejMo.exe

C:\Windows\System\eGAejMo.exe

C:\Windows\System\AVDhgUX.exe

C:\Windows\System\AVDhgUX.exe

C:\Windows\System\FWiQsjK.exe

C:\Windows\System\FWiQsjK.exe

C:\Windows\System\bkRJCRR.exe

C:\Windows\System\bkRJCRR.exe

C:\Windows\System\aHHSMdw.exe

C:\Windows\System\aHHSMdw.exe

C:\Windows\System\HNnyAFa.exe

C:\Windows\System\HNnyAFa.exe

C:\Windows\System\ZtWZiaZ.exe

C:\Windows\System\ZtWZiaZ.exe

C:\Windows\System\eJfCeCR.exe

C:\Windows\System\eJfCeCR.exe

C:\Windows\System\TNkQohv.exe

C:\Windows\System\TNkQohv.exe

C:\Windows\System\tVcBtas.exe

C:\Windows\System\tVcBtas.exe

C:\Windows\System\HIDapjw.exe

C:\Windows\System\HIDapjw.exe

C:\Windows\System\gjanYxc.exe

C:\Windows\System\gjanYxc.exe

C:\Windows\System\WJHBXKd.exe

C:\Windows\System\WJHBXKd.exe

C:\Windows\System\uYbziHo.exe

C:\Windows\System\uYbziHo.exe

C:\Windows\System\aqIzWtG.exe

C:\Windows\System\aqIzWtG.exe

C:\Windows\System\fbxVNEy.exe

C:\Windows\System\fbxVNEy.exe

C:\Windows\System\UqBiYsE.exe

C:\Windows\System\UqBiYsE.exe

C:\Windows\System\eUilwKU.exe

C:\Windows\System\eUilwKU.exe

C:\Windows\System\qZJLcXD.exe

C:\Windows\System\qZJLcXD.exe

C:\Windows\System\UnyDCtB.exe

C:\Windows\System\UnyDCtB.exe

C:\Windows\System\revzOyX.exe

C:\Windows\System\revzOyX.exe

C:\Windows\System\Mxflzve.exe

C:\Windows\System\Mxflzve.exe

C:\Windows\System\sOxWPiL.exe

C:\Windows\System\sOxWPiL.exe

C:\Windows\System\sCDigqE.exe

C:\Windows\System\sCDigqE.exe

C:\Windows\System\VdUQcLe.exe

C:\Windows\System\VdUQcLe.exe

C:\Windows\System\tDsTZaZ.exe

C:\Windows\System\tDsTZaZ.exe

C:\Windows\System\ksSWCdz.exe

C:\Windows\System\ksSWCdz.exe

C:\Windows\System\XBUtdlI.exe

C:\Windows\System\XBUtdlI.exe

C:\Windows\System\NrEiftF.exe

C:\Windows\System\NrEiftF.exe

C:\Windows\System\GoUQWXk.exe

C:\Windows\System\GoUQWXk.exe

C:\Windows\System\BjjSPBB.exe

C:\Windows\System\BjjSPBB.exe

C:\Windows\System\nXnxmsG.exe

C:\Windows\System\nXnxmsG.exe

C:\Windows\System\FWQOZbr.exe

C:\Windows\System\FWQOZbr.exe

C:\Windows\System\hbStDvO.exe

C:\Windows\System\hbStDvO.exe

C:\Windows\System\DbkhXtJ.exe

C:\Windows\System\DbkhXtJ.exe

C:\Windows\System\idQMRyJ.exe

C:\Windows\System\idQMRyJ.exe

C:\Windows\System\BOQqHmn.exe

C:\Windows\System\BOQqHmn.exe

C:\Windows\System\uGHdmmL.exe

C:\Windows\System\uGHdmmL.exe

C:\Windows\System\kXWNsBH.exe

C:\Windows\System\kXWNsBH.exe

C:\Windows\System\WpWfXgI.exe

C:\Windows\System\WpWfXgI.exe

C:\Windows\System\vkyphcA.exe

C:\Windows\System\vkyphcA.exe

C:\Windows\System\IiOaikf.exe

C:\Windows\System\IiOaikf.exe

C:\Windows\System\ckgnqTm.exe

C:\Windows\System\ckgnqTm.exe

C:\Windows\System\AuTxOLk.exe

C:\Windows\System\AuTxOLk.exe

C:\Windows\System\guPLmIH.exe

C:\Windows\System\guPLmIH.exe

C:\Windows\System\zmWMYiX.exe

C:\Windows\System\zmWMYiX.exe

C:\Windows\System\BnWQXWz.exe

C:\Windows\System\BnWQXWz.exe

C:\Windows\System\FsiEzgb.exe

C:\Windows\System\FsiEzgb.exe

C:\Windows\System\RfEOIHJ.exe

C:\Windows\System\RfEOIHJ.exe

C:\Windows\System\mFsWSsI.exe

C:\Windows\System\mFsWSsI.exe

C:\Windows\System\OYQZmLC.exe

C:\Windows\System\OYQZmLC.exe

C:\Windows\System\zOIxNLj.exe

C:\Windows\System\zOIxNLj.exe

C:\Windows\System\NWHupwE.exe

C:\Windows\System\NWHupwE.exe

C:\Windows\System\nBAiUCy.exe

C:\Windows\System\nBAiUCy.exe

C:\Windows\System\aovukcW.exe

C:\Windows\System\aovukcW.exe

C:\Windows\System\wqxqqwQ.exe

C:\Windows\System\wqxqqwQ.exe

C:\Windows\System\rXfwIhd.exe

C:\Windows\System\rXfwIhd.exe

C:\Windows\System\oPBzbaW.exe

C:\Windows\System\oPBzbaW.exe

C:\Windows\System\ZdpfHJp.exe

C:\Windows\System\ZdpfHJp.exe

C:\Windows\System\jUyJGvS.exe

C:\Windows\System\jUyJGvS.exe

C:\Windows\System\uHuoxyU.exe

C:\Windows\System\uHuoxyU.exe

C:\Windows\System\yabQLGt.exe

C:\Windows\System\yabQLGt.exe

C:\Windows\System\qPWgSdW.exe

C:\Windows\System\qPWgSdW.exe

C:\Windows\System\UgicsBG.exe

C:\Windows\System\UgicsBG.exe

C:\Windows\System\qChkVNo.exe

C:\Windows\System\qChkVNo.exe

C:\Windows\System\WmZAnSe.exe

C:\Windows\System\WmZAnSe.exe

C:\Windows\System\nFMlLkU.exe

C:\Windows\System\nFMlLkU.exe

C:\Windows\System\RneawOt.exe

C:\Windows\System\RneawOt.exe

C:\Windows\System\lrfuZzP.exe

C:\Windows\System\lrfuZzP.exe

C:\Windows\System\HYPuSOJ.exe

C:\Windows\System\HYPuSOJ.exe

C:\Windows\System\mFgWJOM.exe

C:\Windows\System\mFgWJOM.exe

C:\Windows\System\ADYlInW.exe

C:\Windows\System\ADYlInW.exe

C:\Windows\System\QlFjvIV.exe

C:\Windows\System\QlFjvIV.exe

C:\Windows\System\ejyVztm.exe

C:\Windows\System\ejyVztm.exe

C:\Windows\System\tbSOAAV.exe

C:\Windows\System\tbSOAAV.exe

C:\Windows\System\COlLsxp.exe

C:\Windows\System\COlLsxp.exe

C:\Windows\System\fULgmmG.exe

C:\Windows\System\fULgmmG.exe

C:\Windows\System\QLcXCfO.exe

C:\Windows\System\QLcXCfO.exe

C:\Windows\System\TczQJNA.exe

C:\Windows\System\TczQJNA.exe

C:\Windows\System\zzgPtjv.exe

C:\Windows\System\zzgPtjv.exe

C:\Windows\System\wmKmAiA.exe

C:\Windows\System\wmKmAiA.exe

C:\Windows\System\lRYLMnP.exe

C:\Windows\System\lRYLMnP.exe

C:\Windows\System\gXLprxB.exe

C:\Windows\System\gXLprxB.exe

C:\Windows\System\DTzDmyW.exe

C:\Windows\System\DTzDmyW.exe

C:\Windows\System\bvXfIIE.exe

C:\Windows\System\bvXfIIE.exe

C:\Windows\System\lfXCGNt.exe

C:\Windows\System\lfXCGNt.exe

C:\Windows\System\BXdBWNm.exe

C:\Windows\System\BXdBWNm.exe

C:\Windows\System\CqopXFp.exe

C:\Windows\System\CqopXFp.exe

C:\Windows\System\sGHXDeb.exe

C:\Windows\System\sGHXDeb.exe

C:\Windows\System\xFsYuuJ.exe

C:\Windows\System\xFsYuuJ.exe

C:\Windows\System\svOEMpV.exe

C:\Windows\System\svOEMpV.exe

C:\Windows\System\TGpWHyH.exe

C:\Windows\System\TGpWHyH.exe

C:\Windows\System\VFODydq.exe

C:\Windows\System\VFODydq.exe

C:\Windows\System\zAYUuUp.exe

C:\Windows\System\zAYUuUp.exe

C:\Windows\System\vGJLfJQ.exe

C:\Windows\System\vGJLfJQ.exe

C:\Windows\System\MiPFctz.exe

C:\Windows\System\MiPFctz.exe

C:\Windows\System\saGtfkq.exe

C:\Windows\System\saGtfkq.exe

C:\Windows\System\hvpwkZL.exe

C:\Windows\System\hvpwkZL.exe

C:\Windows\System\LlPKCnu.exe

C:\Windows\System\LlPKCnu.exe

C:\Windows\System\nUrOcQY.exe

C:\Windows\System\nUrOcQY.exe

C:\Windows\System\QeWgBSK.exe

C:\Windows\System\QeWgBSK.exe

C:\Windows\System\dxcFcMQ.exe

C:\Windows\System\dxcFcMQ.exe

C:\Windows\System\javRJUI.exe

C:\Windows\System\javRJUI.exe

C:\Windows\System\aOpSRbb.exe

C:\Windows\System\aOpSRbb.exe

C:\Windows\System\lQKVCpT.exe

C:\Windows\System\lQKVCpT.exe

C:\Windows\System\UJmnEgQ.exe

C:\Windows\System\UJmnEgQ.exe

C:\Windows\System\vePRcTD.exe

C:\Windows\System\vePRcTD.exe

C:\Windows\System\JQjpITO.exe

C:\Windows\System\JQjpITO.exe

C:\Windows\System\jfTBQQa.exe

C:\Windows\System\jfTBQQa.exe

C:\Windows\System\FmqbRox.exe

C:\Windows\System\FmqbRox.exe

C:\Windows\System\mJnyXfR.exe

C:\Windows\System\mJnyXfR.exe

C:\Windows\System\CNNUFWn.exe

C:\Windows\System\CNNUFWn.exe

C:\Windows\System\cuuqTBv.exe

C:\Windows\System\cuuqTBv.exe

C:\Windows\System\qBaPNYc.exe

C:\Windows\System\qBaPNYc.exe

C:\Windows\System\TRPgteK.exe

C:\Windows\System\TRPgteK.exe

C:\Windows\System\JznDZtz.exe

C:\Windows\System\JznDZtz.exe

C:\Windows\System\lQyTkfD.exe

C:\Windows\System\lQyTkfD.exe

C:\Windows\System\qGUHXJr.exe

C:\Windows\System\qGUHXJr.exe

C:\Windows\System\NrzpaGK.exe

C:\Windows\System\NrzpaGK.exe

C:\Windows\System\CWoGlYn.exe

C:\Windows\System\CWoGlYn.exe

C:\Windows\System\saNABTz.exe

C:\Windows\System\saNABTz.exe

C:\Windows\System\zxwiQkV.exe

C:\Windows\System\zxwiQkV.exe

C:\Windows\System\KmsffwX.exe

C:\Windows\System\KmsffwX.exe

C:\Windows\System\KYnpbTW.exe

C:\Windows\System\KYnpbTW.exe

C:\Windows\System\Mgxsrxu.exe

C:\Windows\System\Mgxsrxu.exe

C:\Windows\System\LUOXJRD.exe

C:\Windows\System\LUOXJRD.exe

C:\Windows\System\ffWWXSQ.exe

C:\Windows\System\ffWWXSQ.exe

C:\Windows\System\OhepoQE.exe

C:\Windows\System\OhepoQE.exe

C:\Windows\System\LuUDvDg.exe

C:\Windows\System\LuUDvDg.exe

C:\Windows\System\kUVagvo.exe

C:\Windows\System\kUVagvo.exe

C:\Windows\System\TPRvtXq.exe

C:\Windows\System\TPRvtXq.exe

C:\Windows\System\CbfNIZX.exe

C:\Windows\System\CbfNIZX.exe

C:\Windows\System\QfHNrtW.exe

C:\Windows\System\QfHNrtW.exe

C:\Windows\System\pCmasAk.exe

C:\Windows\System\pCmasAk.exe

C:\Windows\System\jThapRe.exe

C:\Windows\System\jThapRe.exe

C:\Windows\System\UHhPdmf.exe

C:\Windows\System\UHhPdmf.exe

C:\Windows\System\ivQFaAk.exe

C:\Windows\System\ivQFaAk.exe

C:\Windows\System\SDenOiO.exe

C:\Windows\System\SDenOiO.exe

C:\Windows\System\SCHuUnm.exe

C:\Windows\System\SCHuUnm.exe

C:\Windows\System\NHOyaEE.exe

C:\Windows\System\NHOyaEE.exe

C:\Windows\System\LzfBuOm.exe

C:\Windows\System\LzfBuOm.exe

C:\Windows\System\DoUgOgM.exe

C:\Windows\System\DoUgOgM.exe

C:\Windows\System\gmyDJQh.exe

C:\Windows\System\gmyDJQh.exe

C:\Windows\System\dxyBBXU.exe

C:\Windows\System\dxyBBXU.exe

C:\Windows\System\WcNivRh.exe

C:\Windows\System\WcNivRh.exe

C:\Windows\System\GUSvxvZ.exe

C:\Windows\System\GUSvxvZ.exe

C:\Windows\System\kbokKto.exe

C:\Windows\System\kbokKto.exe

C:\Windows\System\ZQpCflN.exe

C:\Windows\System\ZQpCflN.exe

C:\Windows\System\vtclAJi.exe

C:\Windows\System\vtclAJi.exe

C:\Windows\System\foJbZoM.exe

C:\Windows\System\foJbZoM.exe

C:\Windows\System\qNqjPbD.exe

C:\Windows\System\qNqjPbD.exe

C:\Windows\System\CxQxFRH.exe

C:\Windows\System\CxQxFRH.exe

C:\Windows\System\yqdVyOZ.exe

C:\Windows\System\yqdVyOZ.exe

C:\Windows\System\rgegZGc.exe

C:\Windows\System\rgegZGc.exe

C:\Windows\System\SagZZir.exe

C:\Windows\System\SagZZir.exe

C:\Windows\System\UdipLSU.exe

C:\Windows\System\UdipLSU.exe

C:\Windows\System\CNmyHPR.exe

C:\Windows\System\CNmyHPR.exe

C:\Windows\System\aAGZKhb.exe

C:\Windows\System\aAGZKhb.exe

C:\Windows\System\NGFJJEy.exe

C:\Windows\System\NGFJJEy.exe

C:\Windows\System\vkmNyjm.exe

C:\Windows\System\vkmNyjm.exe

C:\Windows\System\QGHIpHZ.exe

C:\Windows\System\QGHIpHZ.exe

C:\Windows\System\UfpEAdG.exe

C:\Windows\System\UfpEAdG.exe

C:\Windows\System\WiqobeX.exe

C:\Windows\System\WiqobeX.exe

C:\Windows\System\ghPiBVa.exe

C:\Windows\System\ghPiBVa.exe

C:\Windows\System\OjZDkdz.exe

C:\Windows\System\OjZDkdz.exe

C:\Windows\System\yXspOmN.exe

C:\Windows\System\yXspOmN.exe

C:\Windows\System\GDBkFTC.exe

C:\Windows\System\GDBkFTC.exe

C:\Windows\System\tmrxuiX.exe

C:\Windows\System\tmrxuiX.exe

C:\Windows\System\kohWfEa.exe

C:\Windows\System\kohWfEa.exe

C:\Windows\System\URkSAbr.exe

C:\Windows\System\URkSAbr.exe

C:\Windows\System\tOQPRxd.exe

C:\Windows\System\tOQPRxd.exe

C:\Windows\System\xbYrgFf.exe

C:\Windows\System\xbYrgFf.exe

C:\Windows\System\pNbMbIf.exe

C:\Windows\System\pNbMbIf.exe

C:\Windows\System\leheLwA.exe

C:\Windows\System\leheLwA.exe

C:\Windows\System\mAkHoIO.exe

C:\Windows\System\mAkHoIO.exe

C:\Windows\System\VleIqVN.exe

C:\Windows\System\VleIqVN.exe

C:\Windows\System\QIeOGFK.exe

C:\Windows\System\QIeOGFK.exe

C:\Windows\System\FaQmtkr.exe

C:\Windows\System\FaQmtkr.exe

C:\Windows\System\upRiIDE.exe

C:\Windows\System\upRiIDE.exe

C:\Windows\System\DJHejGt.exe

C:\Windows\System\DJHejGt.exe

C:\Windows\System\cGBSxeF.exe

C:\Windows\System\cGBSxeF.exe

C:\Windows\System\HPAgWoZ.exe

C:\Windows\System\HPAgWoZ.exe

C:\Windows\System\MnoOCvx.exe

C:\Windows\System\MnoOCvx.exe

C:\Windows\System\YQlGHEf.exe

C:\Windows\System\YQlGHEf.exe

C:\Windows\System\Czvhith.exe

C:\Windows\System\Czvhith.exe

C:\Windows\System\uhQbwBb.exe

C:\Windows\System\uhQbwBb.exe

C:\Windows\System\tPRfSwW.exe

C:\Windows\System\tPRfSwW.exe

C:\Windows\System\sVILePk.exe

C:\Windows\System\sVILePk.exe

C:\Windows\System\OCkyPDj.exe

C:\Windows\System\OCkyPDj.exe

C:\Windows\System\TpryukN.exe

C:\Windows\System\TpryukN.exe

C:\Windows\System\BPQuOnx.exe

C:\Windows\System\BPQuOnx.exe

C:\Windows\System\qdcjbZe.exe

C:\Windows\System\qdcjbZe.exe

C:\Windows\System\XtyKROG.exe

C:\Windows\System\XtyKROG.exe

C:\Windows\System\pMliWIR.exe

C:\Windows\System\pMliWIR.exe

C:\Windows\System\oYVQyCW.exe

C:\Windows\System\oYVQyCW.exe

C:\Windows\System\PEJmmQQ.exe

C:\Windows\System\PEJmmQQ.exe

C:\Windows\System\CpsinxW.exe

C:\Windows\System\CpsinxW.exe

C:\Windows\System\McHiujU.exe

C:\Windows\System\McHiujU.exe

C:\Windows\System\EawfnHS.exe

C:\Windows\System\EawfnHS.exe

C:\Windows\System\NfQiiWF.exe

C:\Windows\System\NfQiiWF.exe

C:\Windows\System\KlaIBhM.exe

C:\Windows\System\KlaIBhM.exe

C:\Windows\System\RgZjTjk.exe

C:\Windows\System\RgZjTjk.exe

C:\Windows\System\sgkZCHw.exe

C:\Windows\System\sgkZCHw.exe

C:\Windows\System\PgSnhHe.exe

C:\Windows\System\PgSnhHe.exe

C:\Windows\System\fUvcktU.exe

C:\Windows\System\fUvcktU.exe

C:\Windows\System\MeGdpKE.exe

C:\Windows\System\MeGdpKE.exe

C:\Windows\System\UWddnOh.exe

C:\Windows\System\UWddnOh.exe

C:\Windows\System\IDCHhYO.exe

C:\Windows\System\IDCHhYO.exe

C:\Windows\System\SKyOGOb.exe

C:\Windows\System\SKyOGOb.exe

C:\Windows\System\gbZCIOd.exe

C:\Windows\System\gbZCIOd.exe

C:\Windows\System\yfzvgew.exe

C:\Windows\System\yfzvgew.exe

C:\Windows\System\LzLnmQn.exe

C:\Windows\System\LzLnmQn.exe

C:\Windows\System\GwBauKk.exe

C:\Windows\System\GwBauKk.exe

C:\Windows\System\rUeULhY.exe

C:\Windows\System\rUeULhY.exe

C:\Windows\System\fIXXOoj.exe

C:\Windows\System\fIXXOoj.exe

C:\Windows\System\oHrdTSl.exe

C:\Windows\System\oHrdTSl.exe

C:\Windows\System\FteAQMg.exe

C:\Windows\System\FteAQMg.exe

C:\Windows\System\OgISFNR.exe

C:\Windows\System\OgISFNR.exe

C:\Windows\System\ywlfhdn.exe

C:\Windows\System\ywlfhdn.exe

C:\Windows\System\nhhOwFr.exe

C:\Windows\System\nhhOwFr.exe

C:\Windows\System\JSRQJtz.exe

C:\Windows\System\JSRQJtz.exe

C:\Windows\System\OnXSdnh.exe

C:\Windows\System\OnXSdnh.exe

C:\Windows\System\CugOtKe.exe

C:\Windows\System\CugOtKe.exe

C:\Windows\System\QCjtPfN.exe

C:\Windows\System\QCjtPfN.exe

C:\Windows\System\yoGCzTw.exe

C:\Windows\System\yoGCzTw.exe

C:\Windows\System\DBhzxVo.exe

C:\Windows\System\DBhzxVo.exe

C:\Windows\System\erjhpnY.exe

C:\Windows\System\erjhpnY.exe

C:\Windows\System\FDLhDKK.exe

C:\Windows\System\FDLhDKK.exe

C:\Windows\System\MlRhxnz.exe

C:\Windows\System\MlRhxnz.exe

C:\Windows\System\cAehHWr.exe

C:\Windows\System\cAehHWr.exe

C:\Windows\System\woIYlsQ.exe

C:\Windows\System\woIYlsQ.exe

C:\Windows\System\dRzLnCv.exe

C:\Windows\System\dRzLnCv.exe

C:\Windows\System\UPCHvHy.exe

C:\Windows\System\UPCHvHy.exe

C:\Windows\System\riSLauN.exe

C:\Windows\System\riSLauN.exe

C:\Windows\System\MiHpFPc.exe

C:\Windows\System\MiHpFPc.exe

C:\Windows\System\lzpHyom.exe

C:\Windows\System\lzpHyom.exe

C:\Windows\System\WcMSzWq.exe

C:\Windows\System\WcMSzWq.exe

C:\Windows\System\DkLpIFQ.exe

C:\Windows\System\DkLpIFQ.exe

C:\Windows\System\OciVvkF.exe

C:\Windows\System\OciVvkF.exe

C:\Windows\System\xwesEYD.exe

C:\Windows\System\xwesEYD.exe

C:\Windows\System\zRZKFye.exe

C:\Windows\System\zRZKFye.exe

C:\Windows\System\VEQTSel.exe

C:\Windows\System\VEQTSel.exe

C:\Windows\System\bketeYR.exe

C:\Windows\System\bketeYR.exe

C:\Windows\System\UEEIDmm.exe

C:\Windows\System\UEEIDmm.exe

C:\Windows\System\rSNwLEq.exe

C:\Windows\System\rSNwLEq.exe

C:\Windows\System\OPulsOD.exe

C:\Windows\System\OPulsOD.exe

C:\Windows\System\qluhfsu.exe

C:\Windows\System\qluhfsu.exe

C:\Windows\System\lShxhmY.exe

C:\Windows\System\lShxhmY.exe

C:\Windows\System\CEDayVd.exe

C:\Windows\System\CEDayVd.exe

C:\Windows\System\MZUNtxM.exe

C:\Windows\System\MZUNtxM.exe

C:\Windows\System\pyarIBa.exe

C:\Windows\System\pyarIBa.exe

C:\Windows\System\mXrLOOB.exe

C:\Windows\System\mXrLOOB.exe

C:\Windows\System\cqELoQy.exe

C:\Windows\System\cqELoQy.exe

C:\Windows\System\QRcxTpc.exe

C:\Windows\System\QRcxTpc.exe

C:\Windows\System\ecKAqex.exe

C:\Windows\System\ecKAqex.exe

C:\Windows\System\wwYOWHG.exe

C:\Windows\System\wwYOWHG.exe

C:\Windows\System\THrlDSw.exe

C:\Windows\System\THrlDSw.exe

C:\Windows\System\KsVIePQ.exe

C:\Windows\System\KsVIePQ.exe

C:\Windows\System\TEbifbK.exe

C:\Windows\System\TEbifbK.exe

C:\Windows\System\zCgWNWM.exe

C:\Windows\System\zCgWNWM.exe

C:\Windows\System\IMapZNS.exe

C:\Windows\System\IMapZNS.exe

C:\Windows\System\tQTmTLM.exe

C:\Windows\System\tQTmTLM.exe

C:\Windows\System\AdrbPcx.exe

C:\Windows\System\AdrbPcx.exe

C:\Windows\System\cRpZzLU.exe

C:\Windows\System\cRpZzLU.exe

C:\Windows\System\jdmznHE.exe

C:\Windows\System\jdmznHE.exe

C:\Windows\System\JZeGFvq.exe

C:\Windows\System\JZeGFvq.exe

C:\Windows\System\UuqllVH.exe

C:\Windows\System\UuqllVH.exe

C:\Windows\System\czoOFEH.exe

C:\Windows\System\czoOFEH.exe

C:\Windows\System\jmYpAHt.exe

C:\Windows\System\jmYpAHt.exe

C:\Windows\System\CWrefZg.exe

C:\Windows\System\CWrefZg.exe

C:\Windows\System\IKicTIs.exe

C:\Windows\System\IKicTIs.exe

C:\Windows\System\ZEVBwiI.exe

C:\Windows\System\ZEVBwiI.exe

C:\Windows\System\bDuiMHF.exe

C:\Windows\System\bDuiMHF.exe

C:\Windows\System\NcNWUoA.exe

C:\Windows\System\NcNWUoA.exe

C:\Windows\System\NaJtGAM.exe

C:\Windows\System\NaJtGAM.exe

C:\Windows\System\cyiuLVX.exe

C:\Windows\System\cyiuLVX.exe

C:\Windows\System\YUfkxRY.exe

C:\Windows\System\YUfkxRY.exe

C:\Windows\System\sTBxNyF.exe

C:\Windows\System\sTBxNyF.exe

C:\Windows\System\nUFpmcB.exe

C:\Windows\System\nUFpmcB.exe

C:\Windows\System\jtIYtYY.exe

C:\Windows\System\jtIYtYY.exe

C:\Windows\System\GcJjeyf.exe

C:\Windows\System\GcJjeyf.exe

C:\Windows\System\gJWCnWl.exe

C:\Windows\System\gJWCnWl.exe

C:\Windows\System\rVQhWYL.exe

C:\Windows\System\rVQhWYL.exe

C:\Windows\System\DaryrUe.exe

C:\Windows\System\DaryrUe.exe

C:\Windows\System\VACXVxw.exe

C:\Windows\System\VACXVxw.exe

C:\Windows\System\wZyrnXc.exe

C:\Windows\System\wZyrnXc.exe

C:\Windows\System\vEtaOfR.exe

C:\Windows\System\vEtaOfR.exe

C:\Windows\System\WmbpITk.exe

C:\Windows\System\WmbpITk.exe

C:\Windows\System\eqMCgbg.exe

C:\Windows\System\eqMCgbg.exe

C:\Windows\System\eASwYsI.exe

C:\Windows\System\eASwYsI.exe

C:\Windows\System\TjynWAf.exe

C:\Windows\System\TjynWAf.exe

C:\Windows\System\pqIlnFJ.exe

C:\Windows\System\pqIlnFJ.exe

C:\Windows\System\qFhxXka.exe

C:\Windows\System\qFhxXka.exe

C:\Windows\System\oAfpgfu.exe

C:\Windows\System\oAfpgfu.exe

C:\Windows\System\SyvLcBE.exe

C:\Windows\System\SyvLcBE.exe

C:\Windows\System\zHGOUsk.exe

C:\Windows\System\zHGOUsk.exe

C:\Windows\System\SOyPzEa.exe

C:\Windows\System\SOyPzEa.exe

C:\Windows\System\OZtzVou.exe

C:\Windows\System\OZtzVou.exe

C:\Windows\System\kVlTJbf.exe

C:\Windows\System\kVlTJbf.exe

C:\Windows\System\QEXVCBo.exe

C:\Windows\System\QEXVCBo.exe

C:\Windows\System\QtxOyXl.exe

C:\Windows\System\QtxOyXl.exe

C:\Windows\System\emzwEms.exe

C:\Windows\System\emzwEms.exe

C:\Windows\System\mtFOfvC.exe

C:\Windows\System\mtFOfvC.exe

C:\Windows\System\WmcAhtS.exe

C:\Windows\System\WmcAhtS.exe

C:\Windows\System\bGSCPsW.exe

C:\Windows\System\bGSCPsW.exe

C:\Windows\System\vDUihcx.exe

C:\Windows\System\vDUihcx.exe

C:\Windows\System\dvpUUzA.exe

C:\Windows\System\dvpUUzA.exe

C:\Windows\System\JIBMZKp.exe

C:\Windows\System\JIBMZKp.exe

C:\Windows\System\miFDzVZ.exe

C:\Windows\System\miFDzVZ.exe

C:\Windows\System\WKXGiUC.exe

C:\Windows\System\WKXGiUC.exe

C:\Windows\System\sAROyfx.exe

C:\Windows\System\sAROyfx.exe

C:\Windows\System\jrYRnNt.exe

C:\Windows\System\jrYRnNt.exe

C:\Windows\System\IcBrmiY.exe

C:\Windows\System\IcBrmiY.exe

C:\Windows\System\yCJyYtT.exe

C:\Windows\System\yCJyYtT.exe

C:\Windows\System\jVgHCne.exe

C:\Windows\System\jVgHCne.exe

C:\Windows\System\TDCKEIN.exe

C:\Windows\System\TDCKEIN.exe

C:\Windows\System\ROBFyMs.exe

C:\Windows\System\ROBFyMs.exe

C:\Windows\System\fZykHHX.exe

C:\Windows\System\fZykHHX.exe

C:\Windows\System\qHRYkZr.exe

C:\Windows\System\qHRYkZr.exe

C:\Windows\System\DmTQFLt.exe

C:\Windows\System\DmTQFLt.exe

C:\Windows\System\ikCwwrq.exe

C:\Windows\System\ikCwwrq.exe

C:\Windows\System\jpKEExy.exe

C:\Windows\System\jpKEExy.exe

C:\Windows\System\XPgMkJy.exe

C:\Windows\System\XPgMkJy.exe

C:\Windows\System\PNTnWvy.exe

C:\Windows\System\PNTnWvy.exe

C:\Windows\System\yAlSQIA.exe

C:\Windows\System\yAlSQIA.exe

C:\Windows\System\ogVffJC.exe

C:\Windows\System\ogVffJC.exe

C:\Windows\System\cWSIcsy.exe

C:\Windows\System\cWSIcsy.exe

C:\Windows\System\RPtUMhr.exe

C:\Windows\System\RPtUMhr.exe

C:\Windows\System\WpKdJmV.exe

C:\Windows\System\WpKdJmV.exe

C:\Windows\System\EgnGujl.exe

C:\Windows\System\EgnGujl.exe

C:\Windows\System\tmcWPfH.exe

C:\Windows\System\tmcWPfH.exe

C:\Windows\System\hbWvrJe.exe

C:\Windows\System\hbWvrJe.exe

C:\Windows\System\uReAVEJ.exe

C:\Windows\System\uReAVEJ.exe

C:\Windows\System\adaPOZs.exe

C:\Windows\System\adaPOZs.exe

C:\Windows\System\cofKMsJ.exe

C:\Windows\System\cofKMsJ.exe

C:\Windows\System\UEbjSmo.exe

C:\Windows\System\UEbjSmo.exe

C:\Windows\System\OzhWCen.exe

C:\Windows\System\OzhWCen.exe

C:\Windows\System\VxdQqmZ.exe

C:\Windows\System\VxdQqmZ.exe

C:\Windows\System\yENgQMZ.exe

C:\Windows\System\yENgQMZ.exe

C:\Windows\System\lnZXZqe.exe

C:\Windows\System\lnZXZqe.exe

C:\Windows\System\bZGNxkX.exe

C:\Windows\System\bZGNxkX.exe

C:\Windows\System\TaDHaFq.exe

C:\Windows\System\TaDHaFq.exe

C:\Windows\System\WxgqsrK.exe

C:\Windows\System\WxgqsrK.exe

C:\Windows\System\UNQgnPT.exe

C:\Windows\System\UNQgnPT.exe

C:\Windows\System\UhzWsZf.exe

C:\Windows\System\UhzWsZf.exe

C:\Windows\System\KbBofXv.exe

C:\Windows\System\KbBofXv.exe

C:\Windows\System\SpqMOpf.exe

C:\Windows\System\SpqMOpf.exe

C:\Windows\System\eMmMoJb.exe

C:\Windows\System\eMmMoJb.exe

C:\Windows\System\ofnFXxX.exe

C:\Windows\System\ofnFXxX.exe

C:\Windows\System\bmMUGDM.exe

C:\Windows\System\bmMUGDM.exe

C:\Windows\System\owabkfD.exe

C:\Windows\System\owabkfD.exe

C:\Windows\System\amNVlFl.exe

C:\Windows\System\amNVlFl.exe

C:\Windows\System\fSExRpJ.exe

C:\Windows\System\fSExRpJ.exe

C:\Windows\System\tgHbhiH.exe

C:\Windows\System\tgHbhiH.exe

C:\Windows\System\LJExCfJ.exe

C:\Windows\System\LJExCfJ.exe

C:\Windows\System\NdKEVsb.exe

C:\Windows\System\NdKEVsb.exe

C:\Windows\System\reOLHUv.exe

C:\Windows\System\reOLHUv.exe

C:\Windows\System\BrDilFG.exe

C:\Windows\System\BrDilFG.exe

C:\Windows\System\wCfgwZf.exe

C:\Windows\System\wCfgwZf.exe

C:\Windows\System\mFjtMGh.exe

C:\Windows\System\mFjtMGh.exe

C:\Windows\System\GbtAPeb.exe

C:\Windows\System\GbtAPeb.exe

C:\Windows\System\BgMMeQd.exe

C:\Windows\System\BgMMeQd.exe

C:\Windows\System\DCWBFkL.exe

C:\Windows\System\DCWBFkL.exe

C:\Windows\System\zKtJrxR.exe

C:\Windows\System\zKtJrxR.exe

C:\Windows\System\BirVeoJ.exe

C:\Windows\System\BirVeoJ.exe

C:\Windows\System\HHmDkVh.exe

C:\Windows\System\HHmDkVh.exe

C:\Windows\System\OAsBFxL.exe

C:\Windows\System\OAsBFxL.exe

C:\Windows\System\SgVsVft.exe

C:\Windows\System\SgVsVft.exe

C:\Windows\System\NhaOxHH.exe

C:\Windows\System\NhaOxHH.exe

C:\Windows\System\abRgyRI.exe

C:\Windows\System\abRgyRI.exe

C:\Windows\System\YwnfafL.exe

C:\Windows\System\YwnfafL.exe

C:\Windows\System\KNPussQ.exe

C:\Windows\System\KNPussQ.exe

C:\Windows\System\QASFglX.exe

C:\Windows\System\QASFglX.exe

C:\Windows\System\ogiPHbS.exe

C:\Windows\System\ogiPHbS.exe

C:\Windows\System\aPotDqY.exe

C:\Windows\System\aPotDqY.exe

C:\Windows\System\brtusJP.exe

C:\Windows\System\brtusJP.exe

C:\Windows\System\zzuwloF.exe

C:\Windows\System\zzuwloF.exe

C:\Windows\System\QRbtIDl.exe

C:\Windows\System\QRbtIDl.exe

C:\Windows\System\nSCXkqL.exe

C:\Windows\System\nSCXkqL.exe

C:\Windows\System\cMpLbhD.exe

C:\Windows\System\cMpLbhD.exe

C:\Windows\System\uoOSDDl.exe

C:\Windows\System\uoOSDDl.exe

C:\Windows\System\fcwPPzr.exe

C:\Windows\System\fcwPPzr.exe

C:\Windows\System\nDYOjzI.exe

C:\Windows\System\nDYOjzI.exe

C:\Windows\System\rflScnC.exe

C:\Windows\System\rflScnC.exe

C:\Windows\System\eQDDYqB.exe

C:\Windows\System\eQDDYqB.exe

C:\Windows\System\nMAyvDG.exe

C:\Windows\System\nMAyvDG.exe

C:\Windows\System\JVTeFkE.exe

C:\Windows\System\JVTeFkE.exe

C:\Windows\System\HyvPsLH.exe

C:\Windows\System\HyvPsLH.exe

C:\Windows\System\jVMpROw.exe

C:\Windows\System\jVMpROw.exe

C:\Windows\System\wrerQHz.exe

C:\Windows\System\wrerQHz.exe

C:\Windows\System\rsiAbQO.exe

C:\Windows\System\rsiAbQO.exe

C:\Windows\System\bcsjgcf.exe

C:\Windows\System\bcsjgcf.exe

C:\Windows\System\eofYGGy.exe

C:\Windows\System\eofYGGy.exe

C:\Windows\System\GsotHps.exe

C:\Windows\System\GsotHps.exe

C:\Windows\System\oSQCNrH.exe

C:\Windows\System\oSQCNrH.exe

C:\Windows\System\yEpqjRg.exe

C:\Windows\System\yEpqjRg.exe

C:\Windows\System\lNVdgoP.exe

C:\Windows\System\lNVdgoP.exe

C:\Windows\System\IUBkMvN.exe

C:\Windows\System\IUBkMvN.exe

C:\Windows\System\DfsifUc.exe

C:\Windows\System\DfsifUc.exe

C:\Windows\System\MnvytKL.exe

C:\Windows\System\MnvytKL.exe

C:\Windows\System\XWWOktT.exe

C:\Windows\System\XWWOktT.exe

C:\Windows\System\xkmpmuF.exe

C:\Windows\System\xkmpmuF.exe

C:\Windows\System\AtRfxIa.exe

C:\Windows\System\AtRfxIa.exe

C:\Windows\System\BtpWxqD.exe

C:\Windows\System\BtpWxqD.exe

C:\Windows\System\lIFcnto.exe

C:\Windows\System\lIFcnto.exe

C:\Windows\System\YcswAdw.exe

C:\Windows\System\YcswAdw.exe

C:\Windows\System\ynwondW.exe

C:\Windows\System\ynwondW.exe

C:\Windows\System\DlSxgET.exe

C:\Windows\System\DlSxgET.exe

C:\Windows\System\ACrJVyk.exe

C:\Windows\System\ACrJVyk.exe

C:\Windows\System\PeVokzB.exe

C:\Windows\System\PeVokzB.exe

C:\Windows\System\OgfWhKR.exe

C:\Windows\System\OgfWhKR.exe

C:\Windows\System\NXKXqOH.exe

C:\Windows\System\NXKXqOH.exe

C:\Windows\System\rcoVGQd.exe

C:\Windows\System\rcoVGQd.exe

C:\Windows\System\JmddIlU.exe

C:\Windows\System\JmddIlU.exe

C:\Windows\System\kkEKNHT.exe

C:\Windows\System\kkEKNHT.exe

C:\Windows\System\TtOSVIp.exe

C:\Windows\System\TtOSVIp.exe

C:\Windows\System\iaLAewv.exe

C:\Windows\System\iaLAewv.exe

C:\Windows\System\HVhgjcR.exe

C:\Windows\System\HVhgjcR.exe

C:\Windows\System\bjlHTGx.exe

C:\Windows\System\bjlHTGx.exe

C:\Windows\System\gHslgqb.exe

C:\Windows\System\gHslgqb.exe

C:\Windows\System\EPXsVML.exe

C:\Windows\System\EPXsVML.exe

C:\Windows\System\UWWSxEq.exe

C:\Windows\System\UWWSxEq.exe

C:\Windows\System\ZyYLyUY.exe

C:\Windows\System\ZyYLyUY.exe

C:\Windows\System\ntvdgqE.exe

C:\Windows\System\ntvdgqE.exe

C:\Windows\System\nLGyqIZ.exe

C:\Windows\System\nLGyqIZ.exe

C:\Windows\System\bwUwRQb.exe

C:\Windows\System\bwUwRQb.exe

C:\Windows\System\OHxkFuD.exe

C:\Windows\System\OHxkFuD.exe

C:\Windows\System\WqADdAQ.exe

C:\Windows\System\WqADdAQ.exe

C:\Windows\System\pFCNnXR.exe

C:\Windows\System\pFCNnXR.exe

C:\Windows\System\yvzakxe.exe

C:\Windows\System\yvzakxe.exe

C:\Windows\System\JHQaFKu.exe

C:\Windows\System\JHQaFKu.exe

C:\Windows\System\HIBlJTp.exe

C:\Windows\System\HIBlJTp.exe

C:\Windows\System\kMVOecR.exe

C:\Windows\System\kMVOecR.exe

C:\Windows\System\sZqklRt.exe

C:\Windows\System\sZqklRt.exe

C:\Windows\System\ZhrSvsn.exe

C:\Windows\System\ZhrSvsn.exe

C:\Windows\System\qntjcxR.exe

C:\Windows\System\qntjcxR.exe

C:\Windows\System\OPXZHEs.exe

C:\Windows\System\OPXZHEs.exe

C:\Windows\System\XBkpAPa.exe

C:\Windows\System\XBkpAPa.exe

C:\Windows\System\TwsydAh.exe

C:\Windows\System\TwsydAh.exe

C:\Windows\System\cPYCJqx.exe

C:\Windows\System\cPYCJqx.exe

C:\Windows\System\cyyhULC.exe

C:\Windows\System\cyyhULC.exe

C:\Windows\System\pNJvCpK.exe

C:\Windows\System\pNJvCpK.exe

C:\Windows\System\YHaYBWU.exe

C:\Windows\System\YHaYBWU.exe

C:\Windows\System\xROVMZY.exe

C:\Windows\System\xROVMZY.exe

C:\Windows\System\KHIdVyQ.exe

C:\Windows\System\KHIdVyQ.exe

C:\Windows\System\phEerjI.exe

C:\Windows\System\phEerjI.exe

C:\Windows\System\yfwrtsM.exe

C:\Windows\System\yfwrtsM.exe

C:\Windows\System\eQJFCYr.exe

C:\Windows\System\eQJFCYr.exe

C:\Windows\System\YwkLpdt.exe

C:\Windows\System\YwkLpdt.exe

C:\Windows\System\jczeAEh.exe

C:\Windows\System\jczeAEh.exe

C:\Windows\System\xXpkRhd.exe

C:\Windows\System\xXpkRhd.exe

C:\Windows\System\SoMNoDT.exe

C:\Windows\System\SoMNoDT.exe

C:\Windows\System\XfUnbvA.exe

C:\Windows\System\XfUnbvA.exe

C:\Windows\System\StqHcDa.exe

C:\Windows\System\StqHcDa.exe

C:\Windows\System\mcjisSV.exe

C:\Windows\System\mcjisSV.exe

C:\Windows\System\nESCUdX.exe

C:\Windows\System\nESCUdX.exe

C:\Windows\System\gmAInYo.exe

C:\Windows\System\gmAInYo.exe

C:\Windows\System\QxLFLWF.exe

C:\Windows\System\QxLFLWF.exe

C:\Windows\System\xYLyyrb.exe

C:\Windows\System\xYLyyrb.exe

C:\Windows\System\ruYXNkF.exe

C:\Windows\System\ruYXNkF.exe

C:\Windows\System\HGMYEHU.exe

C:\Windows\System\HGMYEHU.exe

C:\Windows\System\DFxNhln.exe

C:\Windows\System\DFxNhln.exe

C:\Windows\System\yDWEQLb.exe

C:\Windows\System\yDWEQLb.exe

C:\Windows\System\WpmEDko.exe

C:\Windows\System\WpmEDko.exe

C:\Windows\System\tkmXpGP.exe

C:\Windows\System\tkmXpGP.exe

C:\Windows\System\BsYEfWI.exe

C:\Windows\System\BsYEfWI.exe

C:\Windows\System\cVmDeWI.exe

C:\Windows\System\cVmDeWI.exe

C:\Windows\System\WMygWFA.exe

C:\Windows\System\WMygWFA.exe

C:\Windows\System\XbpVHCQ.exe

C:\Windows\System\XbpVHCQ.exe

C:\Windows\System\mwTepiv.exe

C:\Windows\System\mwTepiv.exe

C:\Windows\System\xrgQMCk.exe

C:\Windows\System\xrgQMCk.exe

C:\Windows\System\HQfFYCI.exe

C:\Windows\System\HQfFYCI.exe

C:\Windows\System\KiCUuQB.exe

C:\Windows\System\KiCUuQB.exe

C:\Windows\System\AeNyyjA.exe

C:\Windows\System\AeNyyjA.exe

C:\Windows\System\wHicxhi.exe

C:\Windows\System\wHicxhi.exe

C:\Windows\System\DHTxiWJ.exe

C:\Windows\System\DHTxiWJ.exe

C:\Windows\System\BNCrLSO.exe

C:\Windows\System\BNCrLSO.exe

C:\Windows\System\Hmdqxwh.exe

C:\Windows\System\Hmdqxwh.exe

C:\Windows\System\bJSwHJe.exe

C:\Windows\System\bJSwHJe.exe

C:\Windows\System\zzeOxcX.exe

C:\Windows\System\zzeOxcX.exe

C:\Windows\System\vJFcqAF.exe

C:\Windows\System\vJFcqAF.exe

C:\Windows\System\VXsbeMC.exe

C:\Windows\System\VXsbeMC.exe

C:\Windows\System\asAtfTd.exe

C:\Windows\System\asAtfTd.exe

C:\Windows\System\QpDkdOi.exe

C:\Windows\System\QpDkdOi.exe

C:\Windows\System\pqlicPi.exe

C:\Windows\System\pqlicPi.exe

C:\Windows\System\JruHwEf.exe

C:\Windows\System\JruHwEf.exe

C:\Windows\System\iAlciCs.exe

C:\Windows\System\iAlciCs.exe

C:\Windows\System\iZOAjPq.exe

C:\Windows\System\iZOAjPq.exe

C:\Windows\System\SHubVRg.exe

C:\Windows\System\SHubVRg.exe

C:\Windows\System\BqFKVnT.exe

C:\Windows\System\BqFKVnT.exe

C:\Windows\System\MwHSQlc.exe

C:\Windows\System\MwHSQlc.exe

C:\Windows\System\UfIbWDu.exe

C:\Windows\System\UfIbWDu.exe

C:\Windows\System\yMVzTqD.exe

C:\Windows\System\yMVzTqD.exe

C:\Windows\System\iSHJsug.exe

C:\Windows\System\iSHJsug.exe

C:\Windows\System\LkEBXif.exe

C:\Windows\System\LkEBXif.exe

C:\Windows\System\NgHdNve.exe

C:\Windows\System\NgHdNve.exe

C:\Windows\System\lhCzPRb.exe

C:\Windows\System\lhCzPRb.exe

C:\Windows\System\drcltsR.exe

C:\Windows\System\drcltsR.exe

C:\Windows\System\kFuVsWj.exe

C:\Windows\System\kFuVsWj.exe

C:\Windows\System\jPENaio.exe

C:\Windows\System\jPENaio.exe

C:\Windows\System\TDmHwXb.exe

C:\Windows\System\TDmHwXb.exe

C:\Windows\System\UJtCZhL.exe

C:\Windows\System\UJtCZhL.exe

C:\Windows\System\EGsGZZd.exe

C:\Windows\System\EGsGZZd.exe

C:\Windows\System\vlrSxoI.exe

C:\Windows\System\vlrSxoI.exe

C:\Windows\System\yzASDoj.exe

C:\Windows\System\yzASDoj.exe

C:\Windows\System\eqfGRCZ.exe

C:\Windows\System\eqfGRCZ.exe

C:\Windows\System\rvEguAH.exe

C:\Windows\System\rvEguAH.exe

C:\Windows\System\tsOyHcc.exe

C:\Windows\System\tsOyHcc.exe

C:\Windows\System\TPXCtfm.exe

C:\Windows\System\TPXCtfm.exe

C:\Windows\System\IyzRWQt.exe

C:\Windows\System\IyzRWQt.exe

C:\Windows\System\OZFpnAK.exe

C:\Windows\System\OZFpnAK.exe

C:\Windows\System\mnEzXjx.exe

C:\Windows\System\mnEzXjx.exe

C:\Windows\System\nuvidGm.exe

C:\Windows\System\nuvidGm.exe

C:\Windows\System\XsyQywP.exe

C:\Windows\System\XsyQywP.exe

C:\Windows\System\KEujIyM.exe

C:\Windows\System\KEujIyM.exe

C:\Windows\System\VaJhixp.exe

C:\Windows\System\VaJhixp.exe

C:\Windows\System\wbQOkfe.exe

C:\Windows\System\wbQOkfe.exe

C:\Windows\System\pqAIfsF.exe

C:\Windows\System\pqAIfsF.exe

C:\Windows\System\toJOeoO.exe

C:\Windows\System\toJOeoO.exe

C:\Windows\System\ovCOXyd.exe

C:\Windows\System\ovCOXyd.exe

C:\Windows\System\cbjfwuX.exe

C:\Windows\System\cbjfwuX.exe

C:\Windows\System\aXOIQzp.exe

C:\Windows\System\aXOIQzp.exe

C:\Windows\System\vyIbrVB.exe

C:\Windows\System\vyIbrVB.exe

C:\Windows\System\XNwnwaU.exe

C:\Windows\System\XNwnwaU.exe

C:\Windows\System\xwfuuJH.exe

C:\Windows\System\xwfuuJH.exe

C:\Windows\System\UiFSDJV.exe

C:\Windows\System\UiFSDJV.exe

C:\Windows\System\MRdYaso.exe

C:\Windows\System\MRdYaso.exe

C:\Windows\System\BiMjUjt.exe

C:\Windows\System\BiMjUjt.exe

C:\Windows\System\MthbSsL.exe

C:\Windows\System\MthbSsL.exe

C:\Windows\System\NJaFqxR.exe

C:\Windows\System\NJaFqxR.exe

C:\Windows\System\GxjWXgX.exe

C:\Windows\System\GxjWXgX.exe

C:\Windows\System\tIvvJwO.exe

C:\Windows\System\tIvvJwO.exe

C:\Windows\System\cQVAhOS.exe

C:\Windows\System\cQVAhOS.exe

C:\Windows\System\uItXFga.exe

C:\Windows\System\uItXFga.exe

C:\Windows\System\ffcfLfl.exe

C:\Windows\System\ffcfLfl.exe

C:\Windows\System\hujZhAR.exe

C:\Windows\System\hujZhAR.exe

C:\Windows\System\JxALfPb.exe

C:\Windows\System\JxALfPb.exe

C:\Windows\System\VAaGzBn.exe

C:\Windows\System\VAaGzBn.exe

C:\Windows\System\AUYjLhx.exe

C:\Windows\System\AUYjLhx.exe

C:\Windows\System\FtEBDQy.exe

C:\Windows\System\FtEBDQy.exe

C:\Windows\System\nglzNPN.exe

C:\Windows\System\nglzNPN.exe

C:\Windows\System\AoHUaYv.exe

C:\Windows\System\AoHUaYv.exe

C:\Windows\System\PkpDSbU.exe

C:\Windows\System\PkpDSbU.exe

C:\Windows\System\rcovYNt.exe

C:\Windows\System\rcovYNt.exe

C:\Windows\System\RDFrCWn.exe

C:\Windows\System\RDFrCWn.exe

C:\Windows\System\izAxcAx.exe

C:\Windows\System\izAxcAx.exe

C:\Windows\System\SsfYupi.exe

C:\Windows\System\SsfYupi.exe

C:\Windows\System\WMmxrOL.exe

C:\Windows\System\WMmxrOL.exe

C:\Windows\System\VKQzpcn.exe

C:\Windows\System\VKQzpcn.exe

C:\Windows\System\DImzsyc.exe

C:\Windows\System\DImzsyc.exe

C:\Windows\System\nHLrzAP.exe

C:\Windows\System\nHLrzAP.exe

C:\Windows\System\KDkbXtu.exe

C:\Windows\System\KDkbXtu.exe

C:\Windows\System\PCUgnqv.exe

C:\Windows\System\PCUgnqv.exe

C:\Windows\System\fVCRvFG.exe

C:\Windows\System\fVCRvFG.exe

C:\Windows\System\bXghnyq.exe

C:\Windows\System\bXghnyq.exe

C:\Windows\System\OopqQRr.exe

C:\Windows\System\OopqQRr.exe

C:\Windows\System\WtxwPcA.exe

C:\Windows\System\WtxwPcA.exe

C:\Windows\System\TYKNHFP.exe

C:\Windows\System\TYKNHFP.exe

C:\Windows\System\ZWJWWWP.exe

C:\Windows\System\ZWJWWWP.exe

C:\Windows\System\dLQawkn.exe

C:\Windows\System\dLQawkn.exe

C:\Windows\System\zGukgsK.exe

C:\Windows\System\zGukgsK.exe

C:\Windows\System\PXylnzA.exe

C:\Windows\System\PXylnzA.exe

C:\Windows\System\FswhUtU.exe

C:\Windows\System\FswhUtU.exe

C:\Windows\System\GrgyqqO.exe

C:\Windows\System\GrgyqqO.exe

C:\Windows\System\QlYfygZ.exe

C:\Windows\System\QlYfygZ.exe

C:\Windows\System\LNUAlAY.exe

C:\Windows\System\LNUAlAY.exe

C:\Windows\System\QKZUqZj.exe

C:\Windows\System\QKZUqZj.exe

C:\Windows\System\gGwnFHz.exe

C:\Windows\System\gGwnFHz.exe

C:\Windows\System\OLmTBpZ.exe

C:\Windows\System\OLmTBpZ.exe

C:\Windows\System\GgbHvlz.exe

C:\Windows\System\GgbHvlz.exe

C:\Windows\System\DqShPeR.exe

C:\Windows\System\DqShPeR.exe

C:\Windows\System\lEsZrjy.exe

C:\Windows\System\lEsZrjy.exe

C:\Windows\System\CIOtiMe.exe

C:\Windows\System\CIOtiMe.exe

C:\Windows\System\FagNJrL.exe

C:\Windows\System\FagNJrL.exe

C:\Windows\System\lAuWcDX.exe

C:\Windows\System\lAuWcDX.exe

C:\Windows\System\PqyKobP.exe

C:\Windows\System\PqyKobP.exe

C:\Windows\System\QogqcMX.exe

C:\Windows\System\QogqcMX.exe

C:\Windows\System\iylxifT.exe

C:\Windows\System\iylxifT.exe

C:\Windows\System\NXmhowD.exe

C:\Windows\System\NXmhowD.exe

C:\Windows\System\zmDnVDm.exe

C:\Windows\System\zmDnVDm.exe

C:\Windows\System\MDZwhyu.exe

C:\Windows\System\MDZwhyu.exe

C:\Windows\System\nWBNSyV.exe

C:\Windows\System\nWBNSyV.exe

C:\Windows\System\zyzBGlm.exe

C:\Windows\System\zyzBGlm.exe

C:\Windows\System\LZUpCRi.exe

C:\Windows\System\LZUpCRi.exe

C:\Windows\System\SPZaIia.exe

C:\Windows\System\SPZaIia.exe

C:\Windows\System\frlJSXX.exe

C:\Windows\System\frlJSXX.exe

C:\Windows\System\zPADPIn.exe

C:\Windows\System\zPADPIn.exe

C:\Windows\System\jJRwBrm.exe

C:\Windows\System\jJRwBrm.exe

C:\Windows\System\TMcNSPV.exe

C:\Windows\System\TMcNSPV.exe

C:\Windows\System\zGjoUGM.exe

C:\Windows\System\zGjoUGM.exe

C:\Windows\System\KPRaqxv.exe

C:\Windows\System\KPRaqxv.exe

C:\Windows\System\WrUWBDG.exe

C:\Windows\System\WrUWBDG.exe

C:\Windows\System\yJyUiXE.exe

C:\Windows\System\yJyUiXE.exe

C:\Windows\System\cXZonyB.exe

C:\Windows\System\cXZonyB.exe

C:\Windows\System\hrOxzEO.exe

C:\Windows\System\hrOxzEO.exe

C:\Windows\System\BRVtCVc.exe

C:\Windows\System\BRVtCVc.exe

C:\Windows\System\VObxcZX.exe

C:\Windows\System\VObxcZX.exe

C:\Windows\System\HTGJpXO.exe

C:\Windows\System\HTGJpXO.exe

C:\Windows\System\apFoTKV.exe

C:\Windows\System\apFoTKV.exe

C:\Windows\System\dPduoQP.exe

C:\Windows\System\dPduoQP.exe

C:\Windows\System\mXBnjXm.exe

C:\Windows\System\mXBnjXm.exe

C:\Windows\System\BCgBlLs.exe

C:\Windows\System\BCgBlLs.exe

C:\Windows\System\VphSqPw.exe

C:\Windows\System\VphSqPw.exe

C:\Windows\System\DLCXnKx.exe

C:\Windows\System\DLCXnKx.exe

C:\Windows\System\RjFFevK.exe

C:\Windows\System\RjFFevK.exe

C:\Windows\System\yaTFjVN.exe

C:\Windows\System\yaTFjVN.exe

C:\Windows\System\WrhBwks.exe

C:\Windows\System\WrhBwks.exe

C:\Windows\System\uQBkjDk.exe

C:\Windows\System\uQBkjDk.exe

C:\Windows\System\NsczNIL.exe

C:\Windows\System\NsczNIL.exe

C:\Windows\System\bfsAzOy.exe

C:\Windows\System\bfsAzOy.exe

C:\Windows\System\IELeVsj.exe

C:\Windows\System\IELeVsj.exe

C:\Windows\System\xlqAzCb.exe

C:\Windows\System\xlqAzCb.exe

C:\Windows\System\JXXVgdv.exe

C:\Windows\System\JXXVgdv.exe

C:\Windows\System\PAgcLMu.exe

C:\Windows\System\PAgcLMu.exe

C:\Windows\System\zrpAlsU.exe

C:\Windows\System\zrpAlsU.exe

C:\Windows\System\kNIPtUa.exe

C:\Windows\System\kNIPtUa.exe

C:\Windows\System\BYRGdMe.exe

C:\Windows\System\BYRGdMe.exe

C:\Windows\System\ERocKLk.exe

C:\Windows\System\ERocKLk.exe

C:\Windows\System\gFHDRvI.exe

C:\Windows\System\gFHDRvI.exe

C:\Windows\System\sHlyvFO.exe

C:\Windows\System\sHlyvFO.exe

C:\Windows\System\RHarytD.exe

C:\Windows\System\RHarytD.exe

C:\Windows\System\TGnYFoO.exe

C:\Windows\System\TGnYFoO.exe

C:\Windows\System\bAHVqQW.exe

C:\Windows\System\bAHVqQW.exe

C:\Windows\System\TxAHrPp.exe

C:\Windows\System\TxAHrPp.exe

C:\Windows\System\wCJEIPW.exe

C:\Windows\System\wCJEIPW.exe

C:\Windows\System\EwFTqkl.exe

C:\Windows\System\EwFTqkl.exe

C:\Windows\System\byUgkll.exe

C:\Windows\System\byUgkll.exe

C:\Windows\System\BpgMwZf.exe

C:\Windows\System\BpgMwZf.exe

C:\Windows\System\NrkNuBd.exe

C:\Windows\System\NrkNuBd.exe

C:\Windows\System\vjaqtHn.exe

C:\Windows\System\vjaqtHn.exe

C:\Windows\System\YuarRIU.exe

C:\Windows\System\YuarRIU.exe

C:\Windows\System\qbXjVHI.exe

C:\Windows\System\qbXjVHI.exe

C:\Windows\System\YHBlPkk.exe

C:\Windows\System\YHBlPkk.exe

C:\Windows\System\KTHfecP.exe

C:\Windows\System\KTHfecP.exe

C:\Windows\System\pIOhHGh.exe

C:\Windows\System\pIOhHGh.exe

C:\Windows\System\gVSDxgr.exe

C:\Windows\System\gVSDxgr.exe

C:\Windows\System\ueyehQR.exe

C:\Windows\System\ueyehQR.exe

C:\Windows\System\UGoxUGN.exe

C:\Windows\System\UGoxUGN.exe

C:\Windows\System\IVQpKxf.exe

C:\Windows\System\IVQpKxf.exe

C:\Windows\System\PXqxdnW.exe

C:\Windows\System\PXqxdnW.exe

C:\Windows\System\HBVurrM.exe

C:\Windows\System\HBVurrM.exe

C:\Windows\System\hBuDQdm.exe

C:\Windows\System\hBuDQdm.exe

C:\Windows\System\SqELjwX.exe

C:\Windows\System\SqELjwX.exe

C:\Windows\System\eLVTKjZ.exe

C:\Windows\System\eLVTKjZ.exe

C:\Windows\System\rxuLlhR.exe

C:\Windows\System\rxuLlhR.exe

C:\Windows\System\tRkeJtd.exe

C:\Windows\System\tRkeJtd.exe

C:\Windows\System\ZUSJAxZ.exe

C:\Windows\System\ZUSJAxZ.exe

C:\Windows\System\MvyZxkR.exe

C:\Windows\System\MvyZxkR.exe

C:\Windows\System\dblSQjW.exe

C:\Windows\System\dblSQjW.exe

C:\Windows\System\MXVYStI.exe

C:\Windows\System\MXVYStI.exe

C:\Windows\System\RHmYEUh.exe

C:\Windows\System\RHmYEUh.exe

C:\Windows\System\eCqUDzb.exe

C:\Windows\System\eCqUDzb.exe

C:\Windows\System\IglrjLe.exe

C:\Windows\System\IglrjLe.exe

C:\Windows\System\nFLWggo.exe

C:\Windows\System\nFLWggo.exe

C:\Windows\System\YOVDrex.exe

C:\Windows\System\YOVDrex.exe

C:\Windows\System\VaHdWMc.exe

C:\Windows\System\VaHdWMc.exe

C:\Windows\System\lZqleMW.exe

C:\Windows\System\lZqleMW.exe

C:\Windows\System\GzElFHk.exe

C:\Windows\System\GzElFHk.exe

C:\Windows\System\OJHZLNW.exe

C:\Windows\System\OJHZLNW.exe

C:\Windows\System\UzUIYeU.exe

C:\Windows\System\UzUIYeU.exe

C:\Windows\System\ltksNkX.exe

C:\Windows\System\ltksNkX.exe

C:\Windows\System\HBhfVMm.exe

C:\Windows\System\HBhfVMm.exe

C:\Windows\System\IsvzNRL.exe

C:\Windows\System\IsvzNRL.exe

C:\Windows\System\ePmHoNi.exe

C:\Windows\System\ePmHoNi.exe

C:\Windows\System\YkImzYd.exe

C:\Windows\System\YkImzYd.exe

C:\Windows\System\BeeFRfE.exe

C:\Windows\System\BeeFRfE.exe

C:\Windows\System\QNEoMJk.exe

C:\Windows\System\QNEoMJk.exe

C:\Windows\System\UTofHcP.exe

C:\Windows\System\UTofHcP.exe

C:\Windows\System\qURBTbj.exe

C:\Windows\System\qURBTbj.exe

C:\Windows\System\RyOLcbM.exe

C:\Windows\System\RyOLcbM.exe

C:\Windows\System\UQFBHYX.exe

C:\Windows\System\UQFBHYX.exe

C:\Windows\System\KcgxWvj.exe

C:\Windows\System\KcgxWvj.exe

C:\Windows\System\SRavYUr.exe

C:\Windows\System\SRavYUr.exe

C:\Windows\System\wVcGrQn.exe

C:\Windows\System\wVcGrQn.exe

C:\Windows\System\fSzVEsB.exe

C:\Windows\System\fSzVEsB.exe

C:\Windows\System\jSDlRAW.exe

C:\Windows\System\jSDlRAW.exe

C:\Windows\System\MdvCgNJ.exe

C:\Windows\System\MdvCgNJ.exe

C:\Windows\System\BzlhhIh.exe

C:\Windows\System\BzlhhIh.exe

C:\Windows\System\vwUPajo.exe

C:\Windows\System\vwUPajo.exe

C:\Windows\System\gGejkpz.exe

C:\Windows\System\gGejkpz.exe

C:\Windows\System\hFpjbXT.exe

C:\Windows\System\hFpjbXT.exe

C:\Windows\System\ReewXLI.exe

C:\Windows\System\ReewXLI.exe

C:\Windows\System\KjpWrSb.exe

C:\Windows\System\KjpWrSb.exe

C:\Windows\System\RbXBAlU.exe

C:\Windows\System\RbXBAlU.exe

C:\Windows\System\QeXDyNd.exe

C:\Windows\System\QeXDyNd.exe

C:\Windows\System\MyXUsJu.exe

C:\Windows\System\MyXUsJu.exe

C:\Windows\System\RpdilGs.exe

C:\Windows\System\RpdilGs.exe

C:\Windows\System\bGeQyuM.exe

C:\Windows\System\bGeQyuM.exe

C:\Windows\System\tViFAwS.exe

C:\Windows\System\tViFAwS.exe

C:\Windows\System\gZhUPMd.exe

C:\Windows\System\gZhUPMd.exe

C:\Windows\System\nbLgQLs.exe

C:\Windows\System\nbLgQLs.exe

C:\Windows\System\wwRJDHK.exe

C:\Windows\System\wwRJDHK.exe

C:\Windows\System\leUdkdJ.exe

C:\Windows\System\leUdkdJ.exe

C:\Windows\System\dJvUBUF.exe

C:\Windows\System\dJvUBUF.exe

C:\Windows\System\cTNdGOD.exe

C:\Windows\System\cTNdGOD.exe

C:\Windows\System\CrGswZd.exe

C:\Windows\System\CrGswZd.exe

C:\Windows\System\DaPvJfQ.exe

C:\Windows\System\DaPvJfQ.exe

C:\Windows\System\CjvNyPW.exe

C:\Windows\System\CjvNyPW.exe

C:\Windows\System\BiAunbl.exe

C:\Windows\System\BiAunbl.exe

C:\Windows\System\bgZuhtS.exe

C:\Windows\System\bgZuhtS.exe

C:\Windows\System\liatNbn.exe

C:\Windows\System\liatNbn.exe

C:\Windows\System\BQDgmzA.exe

C:\Windows\System\BQDgmzA.exe

C:\Windows\System\WqTOibp.exe

C:\Windows\System\WqTOibp.exe

C:\Windows\System\sklQihy.exe

C:\Windows\System\sklQihy.exe

C:\Windows\System\DxjKKXi.exe

C:\Windows\System\DxjKKXi.exe

C:\Windows\System\viPQcqY.exe

C:\Windows\System\viPQcqY.exe

C:\Windows\System\cAgGpRH.exe

C:\Windows\System\cAgGpRH.exe

C:\Windows\System\TxoVpDv.exe

C:\Windows\System\TxoVpDv.exe

C:\Windows\System\PcVhWqr.exe

C:\Windows\System\PcVhWqr.exe

C:\Windows\System\WIDTMBq.exe

C:\Windows\System\WIDTMBq.exe

C:\Windows\System\DIBnTQW.exe

C:\Windows\System\DIBnTQW.exe

C:\Windows\System\GDBFvxI.exe

C:\Windows\System\GDBFvxI.exe

C:\Windows\System\RFgenZX.exe

C:\Windows\System\RFgenZX.exe

C:\Windows\System\hhmmAHM.exe

C:\Windows\System\hhmmAHM.exe

C:\Windows\System\QichblQ.exe

C:\Windows\System\QichblQ.exe

C:\Windows\System\tZUOvbi.exe

C:\Windows\System\tZUOvbi.exe

C:\Windows\System\NearePJ.exe

C:\Windows\System\NearePJ.exe

C:\Windows\System\JTefgvg.exe

C:\Windows\System\JTefgvg.exe

C:\Windows\System\NnZhGJO.exe

C:\Windows\System\NnZhGJO.exe

C:\Windows\System\txRsXKD.exe

C:\Windows\System\txRsXKD.exe

C:\Windows\System\dglqqht.exe

C:\Windows\System\dglqqht.exe

C:\Windows\System\ljUcJjR.exe

C:\Windows\System\ljUcJjR.exe

C:\Windows\System\tBUwLXW.exe

C:\Windows\System\tBUwLXW.exe

C:\Windows\System\nXPqYZG.exe

C:\Windows\System\nXPqYZG.exe

C:\Windows\System\FpDNvNu.exe

C:\Windows\System\FpDNvNu.exe

C:\Windows\System\zqflsZv.exe

C:\Windows\System\zqflsZv.exe

C:\Windows\System\JIyMRbA.exe

C:\Windows\System\JIyMRbA.exe

C:\Windows\System\cSunfvZ.exe

C:\Windows\System\cSunfvZ.exe

C:\Windows\System\YkdCyaV.exe

C:\Windows\System\YkdCyaV.exe

C:\Windows\System\ljZsWLq.exe

C:\Windows\System\ljZsWLq.exe

C:\Windows\System\ccaLmUE.exe

C:\Windows\System\ccaLmUE.exe

C:\Windows\System\hszuagA.exe

C:\Windows\System\hszuagA.exe

C:\Windows\System\LWNXzRS.exe

C:\Windows\System\LWNXzRS.exe

C:\Windows\System\yikVkfz.exe

C:\Windows\System\yikVkfz.exe

C:\Windows\System\meKzLvA.exe

C:\Windows\System\meKzLvA.exe

C:\Windows\System\UWHCEHr.exe

C:\Windows\System\UWHCEHr.exe

C:\Windows\System\RgyPjcv.exe

C:\Windows\System\RgyPjcv.exe

C:\Windows\System\EshyZFh.exe

C:\Windows\System\EshyZFh.exe

C:\Windows\System\kwsrzFo.exe

C:\Windows\System\kwsrzFo.exe

C:\Windows\System\UJxEUhD.exe

C:\Windows\System\UJxEUhD.exe

C:\Windows\System\bRgFyMa.exe

C:\Windows\System\bRgFyMa.exe

C:\Windows\System\MdRuoEg.exe

C:\Windows\System\MdRuoEg.exe

C:\Windows\System\SDYhAqb.exe

C:\Windows\System\SDYhAqb.exe

C:\Windows\System\pKrfeyM.exe

C:\Windows\System\pKrfeyM.exe

C:\Windows\System\WpXFAsA.exe

C:\Windows\System\WpXFAsA.exe

C:\Windows\System\FgpSijb.exe

C:\Windows\System\FgpSijb.exe

C:\Windows\System\SwGpFNi.exe

C:\Windows\System\SwGpFNi.exe

C:\Windows\System\uIhyHMI.exe

C:\Windows\System\uIhyHMI.exe

C:\Windows\System\TyRCslq.exe

C:\Windows\System\TyRCslq.exe

C:\Windows\System\WmaoaSX.exe

C:\Windows\System\WmaoaSX.exe

C:\Windows\System\mqomYbg.exe

C:\Windows\System\mqomYbg.exe

C:\Windows\System\kKTdIrv.exe

C:\Windows\System\kKTdIrv.exe

C:\Windows\System\NUGKwGu.exe

C:\Windows\System\NUGKwGu.exe

C:\Windows\System\gwSWWIQ.exe

C:\Windows\System\gwSWWIQ.exe

C:\Windows\System\MXZTHNK.exe

C:\Windows\System\MXZTHNK.exe

C:\Windows\System\TcnIEgc.exe

C:\Windows\System\TcnIEgc.exe

C:\Windows\System\tDdsrUy.exe

C:\Windows\System\tDdsrUy.exe

C:\Windows\System\FCeeomZ.exe

C:\Windows\System\FCeeomZ.exe

C:\Windows\System\HGbZMAu.exe

C:\Windows\System\HGbZMAu.exe

C:\Windows\System\AyzZzYC.exe

C:\Windows\System\AyzZzYC.exe

C:\Windows\System\gcAcKsM.exe

C:\Windows\System\gcAcKsM.exe

C:\Windows\System\CplEsQo.exe

C:\Windows\System\CplEsQo.exe

C:\Windows\System\OGRbzVF.exe

C:\Windows\System\OGRbzVF.exe

C:\Windows\System\eroraxY.exe

C:\Windows\System\eroraxY.exe

C:\Windows\System\kOvnTFz.exe

C:\Windows\System\kOvnTFz.exe

C:\Windows\System\bxsogBY.exe

C:\Windows\System\bxsogBY.exe

C:\Windows\System\sIypjjd.exe

C:\Windows\System\sIypjjd.exe

C:\Windows\System\SYqPWsO.exe

C:\Windows\System\SYqPWsO.exe

C:\Windows\System\xQBWlgZ.exe

C:\Windows\System\xQBWlgZ.exe

C:\Windows\System\dLAXZjk.exe

C:\Windows\System\dLAXZjk.exe

C:\Windows\System\sNvFYCY.exe

C:\Windows\System\sNvFYCY.exe

C:\Windows\System\dZAOJqs.exe

C:\Windows\System\dZAOJqs.exe

C:\Windows\System\KoAZMvf.exe

C:\Windows\System\KoAZMvf.exe

C:\Windows\System\sRzgqWT.exe

C:\Windows\System\sRzgqWT.exe

C:\Windows\System\cNJQsGm.exe

C:\Windows\System\cNJQsGm.exe

C:\Windows\System\CjkVVbT.exe

C:\Windows\System\CjkVVbT.exe

C:\Windows\System\oXRdvMs.exe

C:\Windows\System\oXRdvMs.exe

C:\Windows\System\ZXPFEAS.exe

C:\Windows\System\ZXPFEAS.exe

C:\Windows\System\ccPeHHQ.exe

C:\Windows\System\ccPeHHQ.exe

C:\Windows\System\QhvmpRT.exe

C:\Windows\System\QhvmpRT.exe

C:\Windows\System\yJgxHCf.exe

C:\Windows\System\yJgxHCf.exe

C:\Windows\System\EkUNIDd.exe

C:\Windows\System\EkUNIDd.exe

C:\Windows\System\ylbiLjh.exe

C:\Windows\System\ylbiLjh.exe

C:\Windows\System\fzdXDiL.exe

C:\Windows\System\fzdXDiL.exe

C:\Windows\System\wRezRfw.exe

C:\Windows\System\wRezRfw.exe

C:\Windows\System\PVBlenB.exe

C:\Windows\System\PVBlenB.exe

C:\Windows\System\ZBTImas.exe

C:\Windows\System\ZBTImas.exe

C:\Windows\System\ZjfWKoU.exe

C:\Windows\System\ZjfWKoU.exe

C:\Windows\System\dyalfWH.exe

C:\Windows\System\dyalfWH.exe

C:\Windows\System\yvrvXYF.exe

C:\Windows\System\yvrvXYF.exe

C:\Windows\System\ulhLCoc.exe

C:\Windows\System\ulhLCoc.exe

C:\Windows\System\JBQkSao.exe

C:\Windows\System\JBQkSao.exe

C:\Windows\System\uwtKtJl.exe

C:\Windows\System\uwtKtJl.exe

C:\Windows\System\kBhlFGH.exe

C:\Windows\System\kBhlFGH.exe

C:\Windows\System\LOeeflp.exe

C:\Windows\System\LOeeflp.exe

C:\Windows\System\WWnGGjL.exe

C:\Windows\System\WWnGGjL.exe

C:\Windows\System\PRLkYfH.exe

C:\Windows\System\PRLkYfH.exe

C:\Windows\System\pJxfbDj.exe

C:\Windows\System\pJxfbDj.exe

C:\Windows\System\kRvzFhY.exe

C:\Windows\System\kRvzFhY.exe

C:\Windows\System\TAHvCRE.exe

C:\Windows\System\TAHvCRE.exe

C:\Windows\System\KHdrNel.exe

C:\Windows\System\KHdrNel.exe

C:\Windows\System\ckvDhdD.exe

C:\Windows\System\ckvDhdD.exe

C:\Windows\System\vQdKhYL.exe

C:\Windows\System\vQdKhYL.exe

C:\Windows\System\hVDKRuH.exe

C:\Windows\System\hVDKRuH.exe

C:\Windows\System\uJZWNny.exe

C:\Windows\System\uJZWNny.exe

C:\Windows\System\JKjsqWQ.exe

C:\Windows\System\JKjsqWQ.exe

C:\Windows\System\RekpXAA.exe

C:\Windows\System\RekpXAA.exe

C:\Windows\System\jRTCDQq.exe

C:\Windows\System\jRTCDQq.exe

C:\Windows\System\RQojNeJ.exe

C:\Windows\System\RQojNeJ.exe

C:\Windows\System\tPhiWlB.exe

C:\Windows\System\tPhiWlB.exe

C:\Windows\System\bfNYSyW.exe

C:\Windows\System\bfNYSyW.exe

C:\Windows\System\eGQVoOf.exe

C:\Windows\System\eGQVoOf.exe

C:\Windows\System\pYkffHV.exe

C:\Windows\System\pYkffHV.exe

C:\Windows\System\LpXAndI.exe

C:\Windows\System\LpXAndI.exe

C:\Windows\System\rcQsGrD.exe

C:\Windows\System\rcQsGrD.exe

C:\Windows\System\nGOSexL.exe

C:\Windows\System\nGOSexL.exe

C:\Windows\System\yltDjRE.exe

C:\Windows\System\yltDjRE.exe

C:\Windows\System\UZLmCLx.exe

C:\Windows\System\UZLmCLx.exe

C:\Windows\System\jjtjaFC.exe

C:\Windows\System\jjtjaFC.exe

C:\Windows\System\VtFdCQx.exe

C:\Windows\System\VtFdCQx.exe

C:\Windows\System\pReskCL.exe

C:\Windows\System\pReskCL.exe

C:\Windows\System\aGzIqhd.exe

C:\Windows\System\aGzIqhd.exe

C:\Windows\System\CGfMswi.exe

C:\Windows\System\CGfMswi.exe

C:\Windows\System\LQuCKUw.exe

C:\Windows\System\LQuCKUw.exe

C:\Windows\System\qpcaTCY.exe

C:\Windows\System\qpcaTCY.exe

C:\Windows\System\JzmmQME.exe

C:\Windows\System\JzmmQME.exe

C:\Windows\System\RGBgmsz.exe

C:\Windows\System\RGBgmsz.exe

C:\Windows\System\UgQvVoN.exe

C:\Windows\System\UgQvVoN.exe

C:\Windows\System\KYtyPiS.exe

C:\Windows\System\KYtyPiS.exe

C:\Windows\System\iOsYRsU.exe

C:\Windows\System\iOsYRsU.exe

C:\Windows\System\KgOGGPl.exe

C:\Windows\System\KgOGGPl.exe

C:\Windows\System\ikmOOxj.exe

C:\Windows\System\ikmOOxj.exe

C:\Windows\System\QalqjqV.exe

C:\Windows\System\QalqjqV.exe

C:\Windows\System\fhaYDaf.exe

C:\Windows\System\fhaYDaf.exe

C:\Windows\System\ppVURRi.exe

C:\Windows\System\ppVURRi.exe

C:\Windows\System\KdQwjMH.exe

C:\Windows\System\KdQwjMH.exe

C:\Windows\System\ghDzULG.exe

C:\Windows\System\ghDzULG.exe

C:\Windows\System\HKfVzdx.exe

C:\Windows\System\HKfVzdx.exe

C:\Windows\System\VXtrKwE.exe

C:\Windows\System\VXtrKwE.exe

C:\Windows\System\AuFFuuY.exe

C:\Windows\System\AuFFuuY.exe

C:\Windows\System\kMqNpEm.exe

C:\Windows\System\kMqNpEm.exe

C:\Windows\System\xfVGJJn.exe

C:\Windows\System\xfVGJJn.exe

C:\Windows\System\LZynuqJ.exe

C:\Windows\System\LZynuqJ.exe

C:\Windows\System\GdKkUDQ.exe

C:\Windows\System\GdKkUDQ.exe

C:\Windows\System\SgHRlMw.exe

C:\Windows\System\SgHRlMw.exe

C:\Windows\System\lMxLjIb.exe

C:\Windows\System\lMxLjIb.exe

C:\Windows\System\PoYYFFb.exe

C:\Windows\System\PoYYFFb.exe

C:\Windows\System\LwUWOaP.exe

C:\Windows\System\LwUWOaP.exe

C:\Windows\System\kOqocTf.exe

C:\Windows\System\kOqocTf.exe

C:\Windows\System\gwqlNlc.exe

C:\Windows\System\gwqlNlc.exe

C:\Windows\System\PMowpex.exe

C:\Windows\System\PMowpex.exe

C:\Windows\System\fhwwBWI.exe

C:\Windows\System\fhwwBWI.exe

C:\Windows\System\NAZSRBW.exe

C:\Windows\System\NAZSRBW.exe

C:\Windows\System\qyWKuDM.exe

C:\Windows\System\qyWKuDM.exe

C:\Windows\System\TnlgIYm.exe

C:\Windows\System\TnlgIYm.exe

C:\Windows\System\riFFsvx.exe

C:\Windows\System\riFFsvx.exe

C:\Windows\System\ZyoqsWm.exe

C:\Windows\System\ZyoqsWm.exe

C:\Windows\System\LcRsdAi.exe

C:\Windows\System\LcRsdAi.exe

C:\Windows\System\uLaykWG.exe

C:\Windows\System\uLaykWG.exe

C:\Windows\System\idfpEKZ.exe

C:\Windows\System\idfpEKZ.exe

C:\Windows\System\DtdjaPQ.exe

C:\Windows\System\DtdjaPQ.exe

C:\Windows\System\ezEJnVE.exe

C:\Windows\System\ezEJnVE.exe

C:\Windows\System\OlJhZWX.exe

C:\Windows\System\OlJhZWX.exe

C:\Windows\System\oUnksoF.exe

C:\Windows\System\oUnksoF.exe

C:\Windows\System\IEOXvBK.exe

C:\Windows\System\IEOXvBK.exe

C:\Windows\System\XFabPcX.exe

C:\Windows\System\XFabPcX.exe

C:\Windows\System\jgcNevL.exe

C:\Windows\System\jgcNevL.exe

C:\Windows\System\uSdZMxS.exe

C:\Windows\System\uSdZMxS.exe

C:\Windows\System\MHGBSQI.exe

C:\Windows\System\MHGBSQI.exe

C:\Windows\System\XKbZzxw.exe

C:\Windows\System\XKbZzxw.exe

C:\Windows\System\YjBSIVT.exe

C:\Windows\System\YjBSIVT.exe

C:\Windows\System\AUefdco.exe

C:\Windows\System\AUefdco.exe

C:\Windows\System\SWPxaUL.exe

C:\Windows\System\SWPxaUL.exe

C:\Windows\System\JgtdsPd.exe

C:\Windows\System\JgtdsPd.exe

C:\Windows\System\XKLjLYj.exe

C:\Windows\System\XKLjLYj.exe

C:\Windows\System\eOAOOQd.exe

C:\Windows\System\eOAOOQd.exe

C:\Windows\System\XmfCYYL.exe

C:\Windows\System\XmfCYYL.exe

C:\Windows\System\hjzMkdG.exe

C:\Windows\System\hjzMkdG.exe

C:\Windows\System\LvwTpeY.exe

C:\Windows\System\LvwTpeY.exe

C:\Windows\System\LMQznQz.exe

C:\Windows\System\LMQznQz.exe

C:\Windows\System\NRqFela.exe

C:\Windows\System\NRqFela.exe

C:\Windows\System\UywdYpl.exe

C:\Windows\System\UywdYpl.exe

C:\Windows\System\IhUrNiW.exe

C:\Windows\System\IhUrNiW.exe

C:\Windows\System\nzgkisc.exe

C:\Windows\System\nzgkisc.exe

C:\Windows\System\YUQruPO.exe

C:\Windows\System\YUQruPO.exe

C:\Windows\System\JxETtyR.exe

C:\Windows\System\JxETtyR.exe

C:\Windows\System\JaXcqoi.exe

C:\Windows\System\JaXcqoi.exe

C:\Windows\System\MdYTAQn.exe

C:\Windows\System\MdYTAQn.exe

C:\Windows\System\uFCgLVi.exe

C:\Windows\System\uFCgLVi.exe

C:\Windows\System\fThKJIj.exe

C:\Windows\System\fThKJIj.exe

C:\Windows\System\KQgmhsp.exe

C:\Windows\System\KQgmhsp.exe

C:\Windows\System\yJRdhqQ.exe

C:\Windows\System\yJRdhqQ.exe

C:\Windows\System\ceLIVKA.exe

C:\Windows\System\ceLIVKA.exe

C:\Windows\System\nimsngN.exe

C:\Windows\System\nimsngN.exe

C:\Windows\System\TZOBSqT.exe

C:\Windows\System\TZOBSqT.exe

C:\Windows\System\QuJadaN.exe

C:\Windows\System\QuJadaN.exe

C:\Windows\System\VDAqkKl.exe

C:\Windows\System\VDAqkKl.exe

C:\Windows\System\QBxzkhM.exe

C:\Windows\System\QBxzkhM.exe

C:\Windows\System\gtWPTqw.exe

C:\Windows\System\gtWPTqw.exe

C:\Windows\System\PbxNGdZ.exe

C:\Windows\System\PbxNGdZ.exe

C:\Windows\System\mbXMmWY.exe

C:\Windows\System\mbXMmWY.exe

C:\Windows\System\cCxHdwc.exe

C:\Windows\System\cCxHdwc.exe

C:\Windows\System\WeTraId.exe

C:\Windows\System\WeTraId.exe

C:\Windows\System\zsJVzqQ.exe

C:\Windows\System\zsJVzqQ.exe

C:\Windows\System\JPIxkip.exe

C:\Windows\System\JPIxkip.exe

C:\Windows\System\JQIScwn.exe

C:\Windows\System\JQIScwn.exe

C:\Windows\System\zmDlInC.exe

C:\Windows\System\zmDlInC.exe

C:\Windows\System\ETxEZUT.exe

C:\Windows\System\ETxEZUT.exe

C:\Windows\System\WFXXFRT.exe

C:\Windows\System\WFXXFRT.exe

C:\Windows\System\kQoWmHB.exe

C:\Windows\System\kQoWmHB.exe

C:\Windows\System\bIDJVBQ.exe

C:\Windows\System\bIDJVBQ.exe

C:\Windows\System\IENmqUz.exe

C:\Windows\System\IENmqUz.exe

C:\Windows\System\pikxzQQ.exe

C:\Windows\System\pikxzQQ.exe

C:\Windows\System\CfAieWB.exe

C:\Windows\System\CfAieWB.exe

C:\Windows\System\WyEgfbM.exe

C:\Windows\System\WyEgfbM.exe

C:\Windows\System\YMNdWbm.exe

C:\Windows\System\YMNdWbm.exe

C:\Windows\System\soaScoJ.exe

C:\Windows\System\soaScoJ.exe

C:\Windows\System\jtAowUa.exe

C:\Windows\System\jtAowUa.exe

C:\Windows\System\zPRHVfG.exe

C:\Windows\System\zPRHVfG.exe

C:\Windows\System\mPkSSoS.exe

C:\Windows\System\mPkSSoS.exe

C:\Windows\System\GwKKOfg.exe

C:\Windows\System\GwKKOfg.exe

C:\Windows\System\hgiVrpN.exe

C:\Windows\System\hgiVrpN.exe

C:\Windows\System\QrzhMJt.exe

C:\Windows\System\QrzhMJt.exe

C:\Windows\System\ipQiTfq.exe

C:\Windows\System\ipQiTfq.exe

C:\Windows\System\zDHPCPD.exe

C:\Windows\System\zDHPCPD.exe

C:\Windows\System\INKnavN.exe

C:\Windows\System\INKnavN.exe

C:\Windows\System\nyYeSmw.exe

C:\Windows\System\nyYeSmw.exe

C:\Windows\System\mcxGVoj.exe

C:\Windows\System\mcxGVoj.exe

C:\Windows\System\gZmzIVB.exe

C:\Windows\System\gZmzIVB.exe

C:\Windows\System\GrFmuqq.exe

C:\Windows\System\GrFmuqq.exe

C:\Windows\System\lDekfQc.exe

C:\Windows\System\lDekfQc.exe

C:\Windows\System\bAojwcL.exe

C:\Windows\System\bAojwcL.exe

C:\Windows\System\yFtadFB.exe

C:\Windows\System\yFtadFB.exe

C:\Windows\System\vdnSgdV.exe

C:\Windows\System\vdnSgdV.exe

C:\Windows\System\qkLqPZS.exe

C:\Windows\System\qkLqPZS.exe

C:\Windows\System\mNLHWpc.exe

C:\Windows\System\mNLHWpc.exe

C:\Windows\System\wURrawi.exe

C:\Windows\System\wURrawi.exe

C:\Windows\System\UNqeIUY.exe

C:\Windows\System\UNqeIUY.exe

C:\Windows\System\XQnXjfk.exe

C:\Windows\System\XQnXjfk.exe

C:\Windows\System\aGUyiUd.exe

C:\Windows\System\aGUyiUd.exe

C:\Windows\System\ReGQXdM.exe

C:\Windows\System\ReGQXdM.exe

C:\Windows\System\kYdshOA.exe

C:\Windows\System\kYdshOA.exe

C:\Windows\System\foFVyEg.exe

C:\Windows\System\foFVyEg.exe

C:\Windows\System\hWVldss.exe

C:\Windows\System\hWVldss.exe

C:\Windows\System\lhpmELk.exe

C:\Windows\System\lhpmELk.exe

C:\Windows\System\roXOzaT.exe

C:\Windows\System\roXOzaT.exe

C:\Windows\System\OzJvPcD.exe

C:\Windows\System\OzJvPcD.exe

C:\Windows\System\sDbtsCS.exe

C:\Windows\System\sDbtsCS.exe

C:\Windows\System\roGYifD.exe

C:\Windows\System\roGYifD.exe

C:\Windows\System\lLnxbjH.exe

C:\Windows\System\lLnxbjH.exe

C:\Windows\System\TAUulrY.exe

C:\Windows\System\TAUulrY.exe

C:\Windows\System\OtdceLq.exe

C:\Windows\System\OtdceLq.exe

C:\Windows\System\MwfSYRQ.exe

C:\Windows\System\MwfSYRQ.exe

C:\Windows\System\NEUZITo.exe

C:\Windows\System\NEUZITo.exe

C:\Windows\System\cOxfjBP.exe

C:\Windows\System\cOxfjBP.exe

C:\Windows\System\YcusoDW.exe

C:\Windows\System\YcusoDW.exe

C:\Windows\System\peakAGw.exe

C:\Windows\System\peakAGw.exe

C:\Windows\System\aYHlDan.exe

C:\Windows\System\aYHlDan.exe

C:\Windows\System\EnDzloL.exe

C:\Windows\System\EnDzloL.exe

C:\Windows\System\jnuFEsP.exe

C:\Windows\System\jnuFEsP.exe

C:\Windows\System\wzlGGqy.exe

C:\Windows\System\wzlGGqy.exe

C:\Windows\System\BaNslPM.exe

C:\Windows\System\BaNslPM.exe

C:\Windows\System\RbtKILH.exe

C:\Windows\System\RbtKILH.exe

C:\Windows\System\XBHsjmF.exe

C:\Windows\System\XBHsjmF.exe

C:\Windows\System\waUuSYE.exe

C:\Windows\System\waUuSYE.exe

C:\Windows\System\jtJsSto.exe

C:\Windows\System\jtJsSto.exe

C:\Windows\System\aOZmgwh.exe

C:\Windows\System\aOZmgwh.exe

C:\Windows\System\cZnxksO.exe

C:\Windows\System\cZnxksO.exe

C:\Windows\System\gHCZaIw.exe

C:\Windows\System\gHCZaIw.exe

C:\Windows\System\EGngcyZ.exe

C:\Windows\System\EGngcyZ.exe

C:\Windows\System\YxfCfpT.exe

C:\Windows\System\YxfCfpT.exe

C:\Windows\System\NKeWnMI.exe

C:\Windows\System\NKeWnMI.exe

C:\Windows\System\pQPEiBt.exe

C:\Windows\System\pQPEiBt.exe

C:\Windows\System\kSGUlWE.exe

C:\Windows\System\kSGUlWE.exe

C:\Windows\System\HZSIfRv.exe

C:\Windows\System\HZSIfRv.exe

C:\Windows\System\mbVRBiZ.exe

C:\Windows\System\mbVRBiZ.exe

C:\Windows\System\IKZjBmJ.exe

C:\Windows\System\IKZjBmJ.exe

C:\Windows\System\CELeMrk.exe

C:\Windows\System\CELeMrk.exe

C:\Windows\System\rsXkNuf.exe

C:\Windows\System\rsXkNuf.exe

C:\Windows\System\yIurQrz.exe

C:\Windows\System\yIurQrz.exe

C:\Windows\System\aIOoVmO.exe

C:\Windows\System\aIOoVmO.exe

C:\Windows\System\zrETSCS.exe

C:\Windows\System\zrETSCS.exe

C:\Windows\System\XvCJzGy.exe

C:\Windows\System\XvCJzGy.exe

C:\Windows\System\YTCcovE.exe

C:\Windows\System\YTCcovE.exe

C:\Windows\System\VZamkyW.exe

C:\Windows\System\VZamkyW.exe

C:\Windows\System\zuTMDBG.exe

C:\Windows\System\zuTMDBG.exe

C:\Windows\System\bWsAlNw.exe

C:\Windows\System\bWsAlNw.exe

C:\Windows\System\RCOZgIV.exe

C:\Windows\System\RCOZgIV.exe

C:\Windows\System\edSyoaQ.exe

C:\Windows\System\edSyoaQ.exe

C:\Windows\System\vFqdwnn.exe

C:\Windows\System\vFqdwnn.exe

C:\Windows\System\nxfcJKI.exe

C:\Windows\System\nxfcJKI.exe

C:\Windows\System\vDFDyNB.exe

C:\Windows\System\vDFDyNB.exe

C:\Windows\System\FRJQFCQ.exe

C:\Windows\System\FRJQFCQ.exe

C:\Windows\System\ZOpmTED.exe

C:\Windows\System\ZOpmTED.exe

C:\Windows\System\wVmPsSx.exe

C:\Windows\System\wVmPsSx.exe

C:\Windows\System\znsPSaH.exe

C:\Windows\System\znsPSaH.exe

C:\Windows\System\clIiVEl.exe

C:\Windows\System\clIiVEl.exe

C:\Windows\System\pYJYVLf.exe

C:\Windows\System\pYJYVLf.exe

C:\Windows\System\YjxoEEz.exe

C:\Windows\System\YjxoEEz.exe

C:\Windows\System\VeDrmjb.exe

C:\Windows\System\VeDrmjb.exe

C:\Windows\System\EcGxidq.exe

C:\Windows\System\EcGxidq.exe

C:\Windows\System\bEsEJwx.exe

C:\Windows\System\bEsEJwx.exe

C:\Windows\System\uFyaPLq.exe

C:\Windows\System\uFyaPLq.exe

C:\Windows\System\JYsjHYQ.exe

C:\Windows\System\JYsjHYQ.exe

C:\Windows\System\qfTzXpf.exe

C:\Windows\System\qfTzXpf.exe

C:\Windows\System\NMiBWIz.exe

C:\Windows\System\NMiBWIz.exe

C:\Windows\System\TuLBkNW.exe

C:\Windows\System\TuLBkNW.exe

C:\Windows\System\wjUWRyq.exe

C:\Windows\System\wjUWRyq.exe

C:\Windows\System\PYYjitY.exe

C:\Windows\System\PYYjitY.exe

C:\Windows\System\FgBoceE.exe

C:\Windows\System\FgBoceE.exe

C:\Windows\System\uQJgNbE.exe

C:\Windows\System\uQJgNbE.exe

C:\Windows\System\NvDBrQL.exe

C:\Windows\System\NvDBrQL.exe

C:\Windows\System\NNWfsbz.exe

C:\Windows\System\NNWfsbz.exe

C:\Windows\System\fYsIpSt.exe

C:\Windows\System\fYsIpSt.exe

C:\Windows\System\RfRXaZE.exe

C:\Windows\System\RfRXaZE.exe

C:\Windows\System\esYZDuS.exe

C:\Windows\System\esYZDuS.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/1752-0-0x0000000000080000-0x0000000000090000-memory.dmp

memory/1752-1-0x000000013F5F0000-0x000000013F9E6000-memory.dmp

\Windows\system\RrhggAz.exe

MD5 98481394e7c4f3136c670bae9b2484a9
SHA1 384fa90d5a366a06fa93d09495300216426c4df5
SHA256 e428dddb4d929ea98f346ba297bc884fc23b4356396baefe42a8fb8ac3ef690a
SHA512 dc5df30d7cc2f422fe6c019cfdf06ae2ec982c24a9683cdc2945d1546ae0f7a8376df06808ccd0de7082817160f650e4be8254bd811002d4952a261eec015da3

memory/1752-15-0x000000013FCD0000-0x00000001400C6000-memory.dmp

C:\Windows\system\qSfGNEF.exe

MD5 59aaa90baf7b4293ee05d03aeb0f6225
SHA1 ebff4b8b3d0694a5ad51cf5db5c2a110e86452a9
SHA256 0a6cc084eb2e36a23f5b7299af4ba481f5eaf27779440df9eed5543647a2cd70
SHA512 83ae826f4bdb4c38605d2cbce614f12ede69696c699a319fa189a8729920b442d49b2d3dc0fd4e7e3b7d35c9f848abbb4fc10813861665f2c9ada5de4ec205e7

memory/3008-13-0x000000013F740000-0x000000013FB36000-memory.dmp

C:\Windows\system\vGYypKZ.exe

MD5 1081d5d1450696f1574b1f11b94eb4de
SHA1 e56aebf2e57d9a8db6ff25990faf0d197fa5f073
SHA256 5450edcb33a71f34a82a7609c48cdcbd34393c9e3ff7a1a660d5fc54e485b2bf
SHA512 ae199d5e92c1fb8f939aaaaaab05d6a7de64be64e6aa28e269358503474649761a2228fa10d12fb6cac6df1332d3adde82e6b0a3019eb7aa6d45384af7d813ab

C:\Windows\system\aHHSMdw.exe

MD5 0aec2242e6435284010cd888a60e77f1
SHA1 91f7b5da5ad1c6b9d9d42dcb2604fbf5e99792b9
SHA256 a060e88e569dde3d1235d258327775af9eae665bb5221e40bcc2d5da8d4e07fc
SHA512 dd2eaa6e38f0b9783a6bb0b3611496f0c74695aab6fa7a7ce38f05f44c73771847e6bbbe0295f28d06fe3ced8610acff46ff7b4df3a03209e084f46546474046

C:\Windows\system\HNnyAFa.exe

MD5 0f391173fd92661e2af36b036ec0fcd8
SHA1 40cc7d5cf5a405fc6355fcc939e3d4025781afde
SHA256 32f82b2fbb70a87cf1bd4d65c5872a80a54a5cd294edef6c0b5854f5c348bcdf
SHA512 f171f91b9865959cc026c4107722a35d328b0575a9737e6d8d44d031d828656da4cdf92de0469b9c06a993c99fd09836726a184c57d39f415e7ab75265eca1f1

\Windows\system\ZtWZiaZ.exe

MD5 33f9ae26d14cc8d5244ef54e0208543c
SHA1 c6c99537db0cff2ee4e1730013e60b08d929a774
SHA256 d1b3f4963a104b123e8f4a1f8368cab0c371b7f6e82ac6b181d7c7d699aa53c3
SHA512 464ab659fdb227ee279f5799cba2d97dda7ba69f5c0fd7d7b5413ef802db1d363c180667f00749e78c9ea90452f569dc9f4c349d5aef00ef3a2a144ebf6a5823

C:\Windows\system\tVcBtas.exe

MD5 731a78839378f523c212100a065fbfeb
SHA1 286b8d497cf398550f08b0ee7a99970b93f934ff
SHA256 d0f1e9a5bc8bf4630fb718dd0b2bcff3d4b94ecea161037bbb53e732ca0708dd
SHA512 e9b5bf24bd4dd9d5341ae4fab0986535e906141f9cae9762b1f37984a034e4884fa6171245a4462f25eb095f0b22e463717545cf140572fc059035f481aac99e

C:\Windows\system\HIDapjw.exe

MD5 e4176dd43d63b4c28351c0337880378c
SHA1 7c657d2668002d722bf90c5a7709372911e0fa64
SHA256 ec815eca294e42b19aa200cbb512727aebe62af00fc3d6bbc21104e3bb4b1f23
SHA512 967c45c3702cc49e9141836f1648ebd149612b5d48f770349455b17a12e4764054f26a1b52685e788c5d15c540961d1cc465175544fc38d43964e613157b46ce

\Windows\system\WJHBXKd.exe

MD5 3bc78bf44af12fd154e45de639a75f59
SHA1 780a6343998f902722fa464ca6e8b9843438d29b
SHA256 abe749d33397db483f8f3f8fe8d3b5f9933b859130b623c65c55651f7eda71e8
SHA512 705006bee2062fda045d7fab544377e1d707b3d41f2434c7a9b9260273e4c51d99cbd36c2e03e735be8cf35c3f7fdc753ae2988f4bc0c36dd77ae212b09061b8

memory/2668-112-0x000000013FEB0000-0x00000001402A6000-memory.dmp

memory/1752-113-0x00000000036C0000-0x0000000003AB6000-memory.dmp

memory/2616-115-0x000000013F4F0000-0x000000013F8E6000-memory.dmp

memory/2464-117-0x000000013F8C0000-0x000000013FCB6000-memory.dmp

memory/1752-118-0x00000000036C0000-0x0000000003AB6000-memory.dmp

memory/2568-119-0x000000013F440000-0x000000013F836000-memory.dmp

memory/1752-116-0x00000000036C0000-0x0000000003AB6000-memory.dmp

memory/2708-114-0x000000013FD40000-0x0000000140136000-memory.dmp

C:\Windows\system\aqIzWtG.exe

MD5 2a880202bd501bc6bb2b585c0e551c30
SHA1 78c68341bb7ebcba12e2cb24b2c7357c644e0a4f
SHA256 69fdf544014d536592db4ccdfc0863596ed5c1778984bfb57be14633a663b8ba
SHA512 b435f115ac8149d1d51414ff2eaac982cc87f137ab8f5053b94f1b15b982835a3b7de2e12de22418b5c9160892f770a639ade760a7b77e00843761de55b5a859

C:\Windows\system\uYbziHo.exe

MD5 d91f42a1d5382dd097ad5e27a51c9722
SHA1 b58c5460cdd08eecdeeeaf1d5b94d0eb1498bc15
SHA256 792a29588d648e38d684dce5656fefb0e71b318aa68d5a22b6756982db5c0125
SHA512 2f3b7626b3b8aa81e17f943d34c22c09d0d2d76617f8ffb42931cbad8f32c236098023b8d4c683c345bdc8e7a86cd9c0ba6212bda087c8999da711f94113a832

memory/2728-138-0x000000001B5B0000-0x000000001B892000-memory.dmp

\Windows\system\fbxVNEy.exe

MD5 b346e0254a6184f79d548064169c6933
SHA1 148698a4b60bb864dcc561922449fac2d6cca59e
SHA256 2bb729f4c24a90a46d312fcafcf56045f5110c31bc0934245215e5102e8def17
SHA512 760c56e8375596ca8424a425e897914926297c6ffe21200e4e355acd9155776fd3811e50627f459e66bb9a67ed749257889ca077af1991a388022505f575e9f6

\Windows\system\qZJLcXD.exe

MD5 2cf645a2662911644942da89afb2f6e9
SHA1 6fb7c3a72f03082f53e0e38d32cffe5f552d2f12
SHA256 1d69ec89f88290335ae87d37b568ce63bf2d98360a2bca4a52381de87eb7e48c
SHA512 73d5f6bdc273a1e83713630682bf4a5cc6e1c928a5ee0c1fd4ba37cba32991b9ab492ddccd7628b28f876da12b54b0f03f8b06c3ade6e09562ccb691a9cfd1c4

memory/1752-130-0x00000000036C0000-0x0000000003AB6000-memory.dmp

memory/1752-128-0x000000013FD40000-0x0000000140136000-memory.dmp

memory/1752-127-0x0000000003070000-0x0000000003466000-memory.dmp

memory/2968-126-0x000000013F8E0000-0x000000013FCD6000-memory.dmp

memory/1752-125-0x00000000036C0000-0x0000000003AB6000-memory.dmp

memory/2956-124-0x000000013F430000-0x000000013F826000-memory.dmp

memory/1752-123-0x00000000036C0000-0x0000000003AB6000-memory.dmp

C:\Windows\system\UqBiYsE.exe

MD5 1a9e5b1498968b64cede289701034d87
SHA1 d78814a5de1e2566a60d4247c81c65e16189d9cd
SHA256 1c303735d311102977a1d50f196afb9582b352e25119a77ff8c52c9698f1da1c
SHA512 b6e2e5abf2cdc75c6344b0298d6437058089e65ee351f316bbaa19f82da9b31512d173f9ebdec8ca4b95d4655323dff67df9053ef752b08bb0722f8f3413fe03

memory/2740-106-0x000000013F810000-0x000000013FC06000-memory.dmp

memory/1752-105-0x00000000036C0000-0x0000000003AB6000-memory.dmp

memory/2592-104-0x000000013F770000-0x000000013FB66000-memory.dmp

memory/2728-103-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

memory/2632-110-0x000000013F500000-0x000000013F8F6000-memory.dmp

C:\Windows\system\gjanYxc.exe

MD5 5fb73f970e927538a230b3a61ae5bfc2
SHA1 f2af5cbe7050ad0b78590f730d54844d7bc5cbd0
SHA256 086f500f9f13f19b230ab62ee7850be94f5c795bf6e4ce176481e3dad749f8b1
SHA512 55d905b67993bd9b1bb42a6c5e74795f7b9c41ed779c3d2868cb072fb9ae85c24af526488c1ccf9aa238a389a6df3b71885655c054ac64f2aa49ecce96a2445a

C:\Windows\system\TNkQohv.exe

MD5 e7c0f7d667271ad91a5e3d518923d202
SHA1 98219124f6f458a87f34673f3e9215225b905732
SHA256 1c768f32bcb08915f506b00ac20beda50eb8949471c8d6a2ec2d5023028577cb
SHA512 958db9a529c5e1622c753221c888b361ef541a355445a99133a9be57241d5a808be7f896e2feb5aa39ce6b950e836d52d11c55f60e9357452e0d6ffb57c9c73a

C:\Windows\system\eJfCeCR.exe

MD5 dc765acb555d963feea3ef876f3148ac
SHA1 99ec377a6da7041bb2f3e16cea4a179bfcb61514
SHA256 7ac6485a0ce455c85997daa28ceded02dfb0de7def61b1762253494a46b12b24
SHA512 8718a9a2ad9c6b32048e52bd23ea07faaf8ff426c28822f3f7000679b03f45258164a82eda006df72a43627d424b6b544492405026a63434929c416173897e76

C:\Windows\system\bkRJCRR.exe

MD5 6b59fab214191a0defc12291f970fada
SHA1 4e8f7866b0cd66ab033a8061f188ee4e7d218dfe
SHA256 38bdf573322d8fea4dab835afe36e3d50017162e3fcbe79d4ecc48f7c9d853bb
SHA512 e5f04d6b66329b883320570a5091f83b32a44b56f6a06d26ba23b19eb0fb85b886c444f5ecde3c06be17ae6472927fbb3cd40f735f7e495dc1d56d5979641acd

C:\Windows\system\FWiQsjK.exe

MD5 dfbd018ad91993be5113d077fd17da02
SHA1 e5b0e6ab8017bd50fc1a3e24e36cbd31e9975f58
SHA256 e3f3ab84c84ce4e7d5ab3256495380b8e9aa64d8d025c1928514a3dcb80d6c54
SHA512 934b9121cee435eb63590f31007419f3adc5de23f10198cde9469cf334f8d6662952c18daf83f4ab29645db2ff883a6a5425be876d7ffc94d7370ff3d46d633f

C:\Windows\system\AVDhgUX.exe

MD5 5c2630becfce58a2996dec45fac2bfb2
SHA1 e336cc36878df226c5517ff168ce4b7671a0dbf2
SHA256 7a31d3e75905ae0887436203d6c5d0915642625c70f69701889b7d1bafade903
SHA512 945efe7c0dfa078db95ad03cd9cb248c3bea4cbba9937000cfe21f4c6280decfd0784b584471f62f3198cda11c35d9353e96cb576d98d3b268447916584a9d03

C:\Windows\system\TyiCIWQ.exe

MD5 e7d2ab9ac67c6899913e539be4624554
SHA1 d21b1f4e10cf8c5e7134ad15f3c8a8984d7aaf9b
SHA256 75c66ebca07d24b7f8d34f52d44e3918f88b3b9b42f9e3c502e243ca42e1bc37
SHA512 ed5ad70348de6165474f27854fb468faed2dc537829ff16679d6996f1f400cfbc656ba48ce9d454bde2cad6d5ca86d3d99ff000e27c8a7e70a6a77e39fcb0a29

memory/2728-36-0x000007FEF59EE000-0x000007FEF59EF000-memory.dmp

\Windows\system\revzOyX.exe

MD5 9c3573ffa605efc9b3d1256f55d8a363
SHA1 b9f6dee70e0f0d2dc1677073a62fe441b5dc6ff5
SHA256 215541f0cbc7b13a04588ff2e1f670f8a0f1c641d912da0ec69387b08053ffaf
SHA512 7dfceb0f9529d6e66a041ed3ed06a3129fa2ebfc1278f868d7952338f9e088fcbbdb397e3bd00ca078ca9997c479be6f853a6ba751a7414f4fbc96ebfe518ef2

memory/1752-35-0x000000013FEB0000-0x00000001402A6000-memory.dmp

C:\Windows\system\eGAejMo.exe

MD5 48a9ed6289ad175d98067336bfa602e7
SHA1 d9a10c232a63a61310e6b58195a43c16fbf058ca
SHA256 fefc0c53e44520645e24237f95b803aabea2aba3bf3a46156d6f6e8b9619ca72
SHA512 6b88e43197b12f32b710e90b1834fc72ca5580f94433461b7dca22154a097d7432833022deba51882bfdea285c098baac9ed2bb4d55bf160a3529dc4cdd1fd24

C:\Windows\system\bZpYWPK.exe

MD5 0e3d956af977d0ef425be5c154dde3e3
SHA1 ca5fdbb4da7d8b34e71e277029bed43972d0059d
SHA256 c67ef4ea5c6e0dacfe1205706b6c2a51209f8e05566ab82bb838c3917559a7cd
SHA512 4965d5b17eb353b91dc0ee5ebb7745284c6c01955215119c8ad8442b94550dabf556442128dff6bdbeffcb3bfe24a078f6cca5fbe65dcaf3c124ffc24beef69c

memory/3056-30-0x000000013FCD0000-0x00000001400C6000-memory.dmp

C:\Windows\system\JJZKfZB.exe

MD5 03c426901f719a51d0934e01ae89ff24
SHA1 3a31c714467ae0fc68177db029cd061296efd4fe
SHA256 80e92081aa89cf8974ee4d62ca8e529f8724fd01b3ebc8229a9364c60e157bcf
SHA512 f31e16817e088b10d8fe360834e5ef49b1888f66a4884cdbaf4c5b8a0679ab74b9e390e6e4a33d53ca9a9f50d0d4bd269738aa8568f3524abb9886a8d8625c74

memory/1752-8-0x0000000003070000-0x0000000003466000-memory.dmp

\Windows\system\eUilwKU.exe

MD5 6c6df72399db50c59d5e6e0ed2fc4827
SHA1 05ee6da76a25eb336a38024893d35fb623b56028
SHA256 e3e4c5bd0a2ea2a199b270e054af33ab879c601695e042ccaeb1741ef8659669
SHA512 16470b44a64b3b1dd85f3ba7c2880d15770248284abdf38e400a742e96d8e90aab704034da910711573e6d85bc020a5e3c79d78dc93f034004c47c33a3967386

\Windows\system\ksSWCdz.exe

MD5 3fd549e103b92fbcb4bd20e7b3d616d9
SHA1 e5ff7a016b3847cc0f848e314a2429b5465a08f3
SHA256 b9c0142d0d7e1fb15a9795be575204d4967a83b1dc29e61ba5e8f2dbb7cd1716
SHA512 e1ef2f3873e760e8c78327a2ba9a2116398745ca71b6031ee1fa44ff44d8b6a62522fed35a852ae2a97f906da9dd536ebb8fe158790bc1a81ebed96b19418233

memory/2728-286-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

\Windows\system\XBUtdlI.exe

MD5 0ffb0f51220a7e8b4b91fc17ebe49f03
SHA1 2a0abd1b93ce736e87a1551aa893bdb718802703
SHA256 99ad031709b64101dd4628fb3c98275be6a4a55b9d1e1e393b34ad63f94ab9fe
SHA512 96e8658e763c005ff85fa82f83106b8a795ab8d9eed30236780fab60568cc7a4b5d4424c8f4403fc9865b877f90aa9618700cc1183786fcd37078dd0de6dc548

\Windows\system\tDsTZaZ.exe

MD5 aeaa0511ba2a89cb0484bde794516e76
SHA1 86bc1210b0c3628d8f0d39d04c55e8c98ee1316c
SHA256 0216eacbe0c6f6c561f2da65336fe6f4325e54388ecc999dba43f624025f8857
SHA512 ef83ec06abf8ed4d529eff538d4b0cce833f9fe3526f4d9769c1765a4e18bb4349404f8bf80559adf633c1156661a8032cec48d7beec92e66a7f286cf433c05f

\Windows\system\sCDigqE.exe

MD5 4ccce5a97530365df298ec3723c3f0e3
SHA1 0d4f2440a8905f6dd3e9073c4848cb19b749165f
SHA256 fe9e8686074312913fa7f44bb00f609a296e69433aa384ed6c8eae70674d8cb1
SHA512 424afe17dd2806894ff50a45509f0946756e4d0fa105de8af9fd09853cfe072e89ff0e120aecbd975e432c99fc83f48cc60851cc0e3dd1da622e3f10021b8a68

C:\Windows\system\Mxflzve.exe

MD5 4a51f95a9506aea8760fb1a22eb5a14d
SHA1 23d5f22b576d49f4e8c61e3dbf91d0b5bb8d0d97
SHA256 9c779ff56eca5e14f864d3c55633e0306eb76f72fc1e0640a8f7c13ba7f4cfd0
SHA512 bdb9180494d56c9caf546a6b08bba82251a848d3bd7d89a236c8bf91d2b54de7e096924b273aa10321a5c11085b23b12cd510b7d3b12376405c60765bd61f6cf

\Windows\system\UnyDCtB.exe

MD5 396e16cfc7d45c7f1c83b13ab30262c8
SHA1 314d55adc8c63579a80954db06b5d1773141f730
SHA256 73a8443a874882e5dfbd283fbb3f697d9514ba82164e596149c8e505b15b718d
SHA512 b07a457d48282b5dd1ed2b7bc5a580b57222ec56a6aa501911fe8db8e3ebaf3174b4c638dad052daeedfacad0a1ab5c23e1ed44ee444ef2c7d2ef2c0dc41e8d8

C:\Windows\system\VdUQcLe.exe

MD5 1df38ab887bd7838bfda24e01e0c8970
SHA1 89df12294eadde53c9dbd5de23a44785ca37ceb5
SHA256 892ae87681bc0833cd98b083f4b8f191d936d5243fd9aeac514878e8536e3a5e
SHA512 0dfaa4b0902826b59a667ac9bfad2ce97e3bf85b22e3c73224cb64c5471a1e5a49d1a34fa259df8875257a5ab173702e613cdbb34f80d98462c3a409f532d053

C:\Windows\system\sOxWPiL.exe

MD5 3adae12a2b16dd4acf403aba2b970766
SHA1 e9a0a31cb91d9b072964817a7b6fb0952c4ae3fc
SHA256 320b3e32b3abad1720909d53ae708ae37454257bcdb97409a01b9842c5379937
SHA512 d9059d8b73e269284a48dcdf9c89403ab439922ace69b4aa6d4d975ad30277a086c51578658af5e9d01936fc8b1b043399cd8b13434c186b66e954fa9076cc55

memory/2728-142-0x0000000002000000-0x0000000002008000-memory.dmp

C:\Windows\system\hnKqbmO.exe

MD5 bb619ca80177568a9850ff8d7dc139bc
SHA1 39598cf7a1b2d3ae37699a3d204bcb3b9a800338
SHA256 755fd52af881e52d8581734deed65b261324bea5979dbb6c3cb63a484774b291
SHA512 77a78bba51b6f52cc6161f41e26d3b06c03e53c642da1fce66ee01b29a74a58b514da40bb12a8dbaffc02d45dc730672ed991bf1ba6f8df90e20af812fc0abd2

memory/1752-4225-0x000000013F5F0000-0x000000013F9E6000-memory.dmp

memory/2740-4255-0x000000013F810000-0x000000013FC06000-memory.dmp

memory/2616-4234-0x000000013F4F0000-0x000000013F8E6000-memory.dmp

memory/2632-4256-0x000000013F500000-0x000000013F8F6000-memory.dmp

memory/2568-4242-0x000000013F440000-0x000000013F836000-memory.dmp

memory/2968-4241-0x000000013F8E0000-0x000000013FCD6000-memory.dmp

memory/2592-4240-0x000000013F770000-0x000000013FB66000-memory.dmp

memory/2956-4239-0x000000013F430000-0x000000013F826000-memory.dmp

memory/2708-4238-0x000000013FD40000-0x0000000140136000-memory.dmp

memory/3008-4237-0x000000013F740000-0x000000013FB36000-memory.dmp

memory/3056-4279-0x000000013FCD0000-0x00000001400C6000-memory.dmp

memory/2668-4236-0x000000013FEB0000-0x00000001402A6000-memory.dmp

memory/2464-4262-0x000000013F8C0000-0x000000013FCB6000-memory.dmp

C:\Windows\system\QxBHhsy.exe

MD5 f2ad509c044d266bf17c8f2c2a6db759
SHA1 b5993f0659ee4302b99eacef0f54230775f84f6d
SHA256 ee5ca439cceda52dcdf3a857a84c8cece27d40492662581bca4ffc66aefa905e
SHA512 5005b5b4776e84db8f449e22190f5c25ad4f2202e239bdddb2d20ffcbb26e50c7ff963df3c6337616a64b45ceca2bf8869726e4c97f38c7ea3cf4a48fa6fdd30

memory/1752-7656-0x00000000036C0000-0x0000000003AB6000-memory.dmp

memory/1752-7889-0x0000000003070000-0x0000000003466000-memory.dmp

memory/1752-7893-0x00000000036C0000-0x0000000003AB6000-memory.dmp

memory/1752-9450-0x000000013F5F0000-0x000000013F9E6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 20:34

Reported

2024-05-22 20:37

Platform

win10v2004-20240508-en

Max time kernel

129s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\mbGMAYA.exe N/A
N/A N/A C:\Windows\System\JxuabVM.exe N/A
N/A N/A C:\Windows\System\ceiWnQM.exe N/A
N/A N/A C:\Windows\System\vvEjkUX.exe N/A
N/A N/A C:\Windows\System\DYqkZym.exe N/A
N/A N/A C:\Windows\System\VxwHFux.exe N/A
N/A N/A C:\Windows\System\FhMBbAn.exe N/A
N/A N/A C:\Windows\System\NhrHuWA.exe N/A
N/A N/A C:\Windows\System\TKeQwqX.exe N/A
N/A N/A C:\Windows\System\JfCWCis.exe N/A
N/A N/A C:\Windows\System\VMLjTyg.exe N/A
N/A N/A C:\Windows\System\HpNbvij.exe N/A
N/A N/A C:\Windows\System\ZZEEqDY.exe N/A
N/A N/A C:\Windows\System\FguPvjf.exe N/A
N/A N/A C:\Windows\System\FbelNZl.exe N/A
N/A N/A C:\Windows\System\UxCBWtW.exe N/A
N/A N/A C:\Windows\System\fFkZYih.exe N/A
N/A N/A C:\Windows\System\SQLDMQh.exe N/A
N/A N/A C:\Windows\System\zGwfarj.exe N/A
N/A N/A C:\Windows\System\oqeCJtp.exe N/A
N/A N/A C:\Windows\System\hciMMxR.exe N/A
N/A N/A C:\Windows\System\gcymRua.exe N/A
N/A N/A C:\Windows\System\KEBqTFK.exe N/A
N/A N/A C:\Windows\System\zCZUNYN.exe N/A
N/A N/A C:\Windows\System\COZXWxt.exe N/A
N/A N/A C:\Windows\System\UrgXHfM.exe N/A
N/A N/A C:\Windows\System\gWcqhBP.exe N/A
N/A N/A C:\Windows\System\FrwIXkE.exe N/A
N/A N/A C:\Windows\System\gDVGRzF.exe N/A
N/A N/A C:\Windows\System\gapwotm.exe N/A
N/A N/A C:\Windows\System\QjtqjXe.exe N/A
N/A N/A C:\Windows\System\GwHLrzW.exe N/A
N/A N/A C:\Windows\System\cXgkNdH.exe N/A
N/A N/A C:\Windows\System\ZDdgrUA.exe N/A
N/A N/A C:\Windows\System\wCGkTxo.exe N/A
N/A N/A C:\Windows\System\ALZhktL.exe N/A
N/A N/A C:\Windows\System\kWkGkCR.exe N/A
N/A N/A C:\Windows\System\SZJbzGU.exe N/A
N/A N/A C:\Windows\System\iZAyjfu.exe N/A
N/A N/A C:\Windows\System\LdAaeUz.exe N/A
N/A N/A C:\Windows\System\KwoJqoz.exe N/A
N/A N/A C:\Windows\System\SDSqWEY.exe N/A
N/A N/A C:\Windows\System\muuuqfT.exe N/A
N/A N/A C:\Windows\System\VjUurhW.exe N/A
N/A N/A C:\Windows\System\jDpZkZa.exe N/A
N/A N/A C:\Windows\System\YeQXzLF.exe N/A
N/A N/A C:\Windows\System\svQJcDT.exe N/A
N/A N/A C:\Windows\System\dcaRJfk.exe N/A
N/A N/A C:\Windows\System\YZhaMVx.exe N/A
N/A N/A C:\Windows\System\tFGPImw.exe N/A
N/A N/A C:\Windows\System\QqSMnTg.exe N/A
N/A N/A C:\Windows\System\FySJJFf.exe N/A
N/A N/A C:\Windows\System\usBXLqd.exe N/A
N/A N/A C:\Windows\System\LXauiZa.exe N/A
N/A N/A C:\Windows\System\IUiswDd.exe N/A
N/A N/A C:\Windows\System\JgbUccf.exe N/A
N/A N/A C:\Windows\System\RievvIX.exe N/A
N/A N/A C:\Windows\System\goRAPtb.exe N/A
N/A N/A C:\Windows\System\tBptcWx.exe N/A
N/A N/A C:\Windows\System\LrGdPkg.exe N/A
N/A N/A C:\Windows\System\tDTYWfO.exe N/A
N/A N/A C:\Windows\System\gzwpOEL.exe N/A
N/A N/A C:\Windows\System\eyVTZcq.exe N/A
N/A N/A C:\Windows\System\DQSsTDY.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\bmgfxDW.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dECTkqy.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\agvzYfn.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXUBDMz.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRXTReK.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gvxoEzy.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YBVYHed.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mknIKww.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uRLAIGW.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZcXzZwJ.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNiaOUM.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgClIuz.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jdWxYbu.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JDLboCW.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UYNzWUn.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdmeaac.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\npzeMIT.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\igxYCYL.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\doPSZPO.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZWCgPc.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VTWaVnW.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMnySdu.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ywmtucZ.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHbZysz.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XRZhDeP.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GzmLhMr.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vdWwyVg.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fYGUhIo.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hshksun.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\taLIBKV.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TAqTHzm.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ALZhktL.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tLQqnYD.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zQYZDGn.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yvjfmbb.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\slECOmm.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIiuBHF.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\svQJcDT.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wobVVwX.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BuguARc.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HAaZMEL.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vVLJdnI.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGcPxgc.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tFxrCWU.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vAWbNmC.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IkSuEKF.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzgyPlk.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\huKGDyc.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbZhyxK.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rPfvGII.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nlZsnIQ.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pdWKlkg.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JfCWCis.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MPnKOWo.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vWTcinw.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TJyEYhq.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZkezekB.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fNvBauM.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCozTdD.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TvundfW.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHWuFvR.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\suQUZLz.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BqeAQrQ.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhMBbAn.exe C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4160 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4160 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4160 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\mbGMAYA.exe
PID 4160 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\mbGMAYA.exe
PID 4160 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\JxuabVM.exe
PID 4160 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\JxuabVM.exe
PID 4160 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\ceiWnQM.exe
PID 4160 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\ceiWnQM.exe
PID 4160 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\vvEjkUX.exe
PID 4160 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\vvEjkUX.exe
PID 4160 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\DYqkZym.exe
PID 4160 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\DYqkZym.exe
PID 4160 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\VxwHFux.exe
PID 4160 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\VxwHFux.exe
PID 4160 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FhMBbAn.exe
PID 4160 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FhMBbAn.exe
PID 4160 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\NhrHuWA.exe
PID 4160 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\NhrHuWA.exe
PID 4160 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\TKeQwqX.exe
PID 4160 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\TKeQwqX.exe
PID 4160 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\JfCWCis.exe
PID 4160 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\JfCWCis.exe
PID 4160 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\VMLjTyg.exe
PID 4160 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\VMLjTyg.exe
PID 4160 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\HpNbvij.exe
PID 4160 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\HpNbvij.exe
PID 4160 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\ZZEEqDY.exe
PID 4160 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\ZZEEqDY.exe
PID 4160 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FguPvjf.exe
PID 4160 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FguPvjf.exe
PID 4160 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FbelNZl.exe
PID 4160 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FbelNZl.exe
PID 4160 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\UxCBWtW.exe
PID 4160 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\UxCBWtW.exe
PID 4160 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\fFkZYih.exe
PID 4160 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\fFkZYih.exe
PID 4160 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\SQLDMQh.exe
PID 4160 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\SQLDMQh.exe
PID 4160 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\zGwfarj.exe
PID 4160 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\zGwfarj.exe
PID 4160 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\oqeCJtp.exe
PID 4160 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\oqeCJtp.exe
PID 4160 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\hciMMxR.exe
PID 4160 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\hciMMxR.exe
PID 4160 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gcymRua.exe
PID 4160 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gcymRua.exe
PID 4160 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\KEBqTFK.exe
PID 4160 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\KEBqTFK.exe
PID 4160 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\zCZUNYN.exe
PID 4160 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\zCZUNYN.exe
PID 4160 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\COZXWxt.exe
PID 4160 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\COZXWxt.exe
PID 4160 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\UrgXHfM.exe
PID 4160 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\UrgXHfM.exe
PID 4160 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gWcqhBP.exe
PID 4160 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gWcqhBP.exe
PID 4160 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FrwIXkE.exe
PID 4160 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\FrwIXkE.exe
PID 4160 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gDVGRzF.exe
PID 4160 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gDVGRzF.exe
PID 4160 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gapwotm.exe
PID 4160 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\gapwotm.exe
PID 4160 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\QjtqjXe.exe
PID 4160 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe C:\Windows\System\QjtqjXe.exe

Processes

C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\352667279e7528eb349a2d98375a4fe0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\mbGMAYA.exe

C:\Windows\System\mbGMAYA.exe

C:\Windows\System\JxuabVM.exe

C:\Windows\System\JxuabVM.exe

C:\Windows\System\ceiWnQM.exe

C:\Windows\System\ceiWnQM.exe

C:\Windows\System\vvEjkUX.exe

C:\Windows\System\vvEjkUX.exe

C:\Windows\System\DYqkZym.exe

C:\Windows\System\DYqkZym.exe

C:\Windows\System\VxwHFux.exe

C:\Windows\System\VxwHFux.exe

C:\Windows\System\FhMBbAn.exe

C:\Windows\System\FhMBbAn.exe

C:\Windows\System\NhrHuWA.exe

C:\Windows\System\NhrHuWA.exe

C:\Windows\System\TKeQwqX.exe

C:\Windows\System\TKeQwqX.exe

C:\Windows\System\JfCWCis.exe

C:\Windows\System\JfCWCis.exe

C:\Windows\System\VMLjTyg.exe

C:\Windows\System\VMLjTyg.exe

C:\Windows\System\HpNbvij.exe

C:\Windows\System\HpNbvij.exe

C:\Windows\System\ZZEEqDY.exe

C:\Windows\System\ZZEEqDY.exe

C:\Windows\System\FguPvjf.exe

C:\Windows\System\FguPvjf.exe

C:\Windows\System\FbelNZl.exe

C:\Windows\System\FbelNZl.exe

C:\Windows\System\UxCBWtW.exe

C:\Windows\System\UxCBWtW.exe

C:\Windows\System\fFkZYih.exe

C:\Windows\System\fFkZYih.exe

C:\Windows\System\SQLDMQh.exe

C:\Windows\System\SQLDMQh.exe

C:\Windows\System\zGwfarj.exe

C:\Windows\System\zGwfarj.exe

C:\Windows\System\oqeCJtp.exe

C:\Windows\System\oqeCJtp.exe

C:\Windows\System\hciMMxR.exe

C:\Windows\System\hciMMxR.exe

C:\Windows\System\gcymRua.exe

C:\Windows\System\gcymRua.exe

C:\Windows\System\KEBqTFK.exe

C:\Windows\System\KEBqTFK.exe

C:\Windows\System\zCZUNYN.exe

C:\Windows\System\zCZUNYN.exe

C:\Windows\System\COZXWxt.exe

C:\Windows\System\COZXWxt.exe

C:\Windows\System\UrgXHfM.exe

C:\Windows\System\UrgXHfM.exe

C:\Windows\System\gWcqhBP.exe

C:\Windows\System\gWcqhBP.exe

C:\Windows\System\FrwIXkE.exe

C:\Windows\System\FrwIXkE.exe

C:\Windows\System\gDVGRzF.exe

C:\Windows\System\gDVGRzF.exe

C:\Windows\System\gapwotm.exe

C:\Windows\System\gapwotm.exe

C:\Windows\System\QjtqjXe.exe

C:\Windows\System\QjtqjXe.exe

C:\Windows\System\GwHLrzW.exe

C:\Windows\System\GwHLrzW.exe

C:\Windows\System\cXgkNdH.exe

C:\Windows\System\cXgkNdH.exe

C:\Windows\System\ZDdgrUA.exe

C:\Windows\System\ZDdgrUA.exe

C:\Windows\System\wCGkTxo.exe

C:\Windows\System\wCGkTxo.exe

C:\Windows\System\ALZhktL.exe

C:\Windows\System\ALZhktL.exe

C:\Windows\System\kWkGkCR.exe

C:\Windows\System\kWkGkCR.exe

C:\Windows\System\SZJbzGU.exe

C:\Windows\System\SZJbzGU.exe

C:\Windows\System\iZAyjfu.exe

C:\Windows\System\iZAyjfu.exe

C:\Windows\System\LdAaeUz.exe

C:\Windows\System\LdAaeUz.exe

C:\Windows\System\KwoJqoz.exe

C:\Windows\System\KwoJqoz.exe

C:\Windows\System\SDSqWEY.exe

C:\Windows\System\SDSqWEY.exe

C:\Windows\System\muuuqfT.exe

C:\Windows\System\muuuqfT.exe

C:\Windows\System\VjUurhW.exe

C:\Windows\System\VjUurhW.exe

C:\Windows\System\jDpZkZa.exe

C:\Windows\System\jDpZkZa.exe

C:\Windows\System\YeQXzLF.exe

C:\Windows\System\YeQXzLF.exe

C:\Windows\System\svQJcDT.exe

C:\Windows\System\svQJcDT.exe

C:\Windows\System\dcaRJfk.exe

C:\Windows\System\dcaRJfk.exe

C:\Windows\System\YZhaMVx.exe

C:\Windows\System\YZhaMVx.exe

C:\Windows\System\tFGPImw.exe

C:\Windows\System\tFGPImw.exe

C:\Windows\System\QqSMnTg.exe

C:\Windows\System\QqSMnTg.exe

C:\Windows\System\FySJJFf.exe

C:\Windows\System\FySJJFf.exe

C:\Windows\System\usBXLqd.exe

C:\Windows\System\usBXLqd.exe

C:\Windows\System\LXauiZa.exe

C:\Windows\System\LXauiZa.exe

C:\Windows\System\IUiswDd.exe

C:\Windows\System\IUiswDd.exe

C:\Windows\System\JgbUccf.exe

C:\Windows\System\JgbUccf.exe

C:\Windows\System\RievvIX.exe

C:\Windows\System\RievvIX.exe

C:\Windows\System\goRAPtb.exe

C:\Windows\System\goRAPtb.exe

C:\Windows\System\tBptcWx.exe

C:\Windows\System\tBptcWx.exe

C:\Windows\System\LrGdPkg.exe

C:\Windows\System\LrGdPkg.exe

C:\Windows\System\tDTYWfO.exe

C:\Windows\System\tDTYWfO.exe

C:\Windows\System\gzwpOEL.exe

C:\Windows\System\gzwpOEL.exe

C:\Windows\System\eyVTZcq.exe

C:\Windows\System\eyVTZcq.exe

C:\Windows\System\DQSsTDY.exe

C:\Windows\System\DQSsTDY.exe

C:\Windows\System\iDkeucG.exe

C:\Windows\System\iDkeucG.exe

C:\Windows\System\MYCDowT.exe

C:\Windows\System\MYCDowT.exe

C:\Windows\System\AkamDTs.exe

C:\Windows\System\AkamDTs.exe

C:\Windows\System\EucZitC.exe

C:\Windows\System\EucZitC.exe

C:\Windows\System\HIHQahW.exe

C:\Windows\System\HIHQahW.exe

C:\Windows\System\VBFEsgB.exe

C:\Windows\System\VBFEsgB.exe

C:\Windows\System\EQRUFrE.exe

C:\Windows\System\EQRUFrE.exe

C:\Windows\System\fhiyzUH.exe

C:\Windows\System\fhiyzUH.exe

C:\Windows\System\WexVUNL.exe

C:\Windows\System\WexVUNL.exe

C:\Windows\System\XZdQvcj.exe

C:\Windows\System\XZdQvcj.exe

C:\Windows\System\eFnoUfH.exe

C:\Windows\System\eFnoUfH.exe

C:\Windows\System\ULUkxpe.exe

C:\Windows\System\ULUkxpe.exe

C:\Windows\System\EHwquDC.exe

C:\Windows\System\EHwquDC.exe

C:\Windows\System\azeiQGy.exe

C:\Windows\System\azeiQGy.exe

C:\Windows\System\ZoBVEtS.exe

C:\Windows\System\ZoBVEtS.exe

C:\Windows\System\JqfGlfG.exe

C:\Windows\System\JqfGlfG.exe

C:\Windows\System\fZJSFpD.exe

C:\Windows\System\fZJSFpD.exe

C:\Windows\System\FBndCNv.exe

C:\Windows\System\FBndCNv.exe

C:\Windows\System\ChVfuJi.exe

C:\Windows\System\ChVfuJi.exe

C:\Windows\System\bDbRiCm.exe

C:\Windows\System\bDbRiCm.exe

C:\Windows\System\wKxDIhZ.exe

C:\Windows\System\wKxDIhZ.exe

C:\Windows\System\gkmShna.exe

C:\Windows\System\gkmShna.exe

C:\Windows\System\igxYCYL.exe

C:\Windows\System\igxYCYL.exe

C:\Windows\System\mknIKww.exe

C:\Windows\System\mknIKww.exe

C:\Windows\System\eDUnbQm.exe

C:\Windows\System\eDUnbQm.exe

C:\Windows\System\XdAzdXE.exe

C:\Windows\System\XdAzdXE.exe

C:\Windows\System\KCNlAxD.exe

C:\Windows\System\KCNlAxD.exe

C:\Windows\System\YLbsbLc.exe

C:\Windows\System\YLbsbLc.exe

C:\Windows\System\EcsJSxn.exe

C:\Windows\System\EcsJSxn.exe

C:\Windows\System\OWBieYt.exe

C:\Windows\System\OWBieYt.exe

C:\Windows\System\rhTpOSQ.exe

C:\Windows\System\rhTpOSQ.exe

C:\Windows\System\zebcitx.exe

C:\Windows\System\zebcitx.exe

C:\Windows\System\CmDBhNf.exe

C:\Windows\System\CmDBhNf.exe

C:\Windows\System\HqvWIRR.exe

C:\Windows\System\HqvWIRR.exe

C:\Windows\System\cAkdLlL.exe

C:\Windows\System\cAkdLlL.exe

C:\Windows\System\HZtXxOc.exe

C:\Windows\System\HZtXxOc.exe

C:\Windows\System\JsHgmkZ.exe

C:\Windows\System\JsHgmkZ.exe

C:\Windows\System\rIyOdbW.exe

C:\Windows\System\rIyOdbW.exe

C:\Windows\System\EdbaKMb.exe

C:\Windows\System\EdbaKMb.exe

C:\Windows\System\xEQpOXx.exe

C:\Windows\System\xEQpOXx.exe

C:\Windows\System\hdJjbBv.exe

C:\Windows\System\hdJjbBv.exe

C:\Windows\System\sfgaEtX.exe

C:\Windows\System\sfgaEtX.exe

C:\Windows\System\AEtpFzG.exe

C:\Windows\System\AEtpFzG.exe

C:\Windows\System\GeYkiaI.exe

C:\Windows\System\GeYkiaI.exe

C:\Windows\System\BVpbkCp.exe

C:\Windows\System\BVpbkCp.exe

C:\Windows\System\hRrDdEC.exe

C:\Windows\System\hRrDdEC.exe

C:\Windows\System\aeLEKLe.exe

C:\Windows\System\aeLEKLe.exe

C:\Windows\System\Waewigc.exe

C:\Windows\System\Waewigc.exe

C:\Windows\System\WsCxAAo.exe

C:\Windows\System\WsCxAAo.exe

C:\Windows\System\bOEmWDg.exe

C:\Windows\System\bOEmWDg.exe

C:\Windows\System\mMdwiGZ.exe

C:\Windows\System\mMdwiGZ.exe

C:\Windows\System\qKMfQXl.exe

C:\Windows\System\qKMfQXl.exe

C:\Windows\System\KkYQVsZ.exe

C:\Windows\System\KkYQVsZ.exe

C:\Windows\System\liKRxgQ.exe

C:\Windows\System\liKRxgQ.exe

C:\Windows\System\YVxrkLm.exe

C:\Windows\System\YVxrkLm.exe

C:\Windows\System\XODEdgF.exe

C:\Windows\System\XODEdgF.exe

C:\Windows\System\lnDsaAz.exe

C:\Windows\System\lnDsaAz.exe

C:\Windows\System\tLQqnYD.exe

C:\Windows\System\tLQqnYD.exe

C:\Windows\System\MbViwMx.exe

C:\Windows\System\MbViwMx.exe

C:\Windows\System\pbyGUVD.exe

C:\Windows\System\pbyGUVD.exe

C:\Windows\System\sQnXDpd.exe

C:\Windows\System\sQnXDpd.exe

C:\Windows\System\OcTUNRF.exe

C:\Windows\System\OcTUNRF.exe

C:\Windows\System\kWMsnbw.exe

C:\Windows\System\kWMsnbw.exe

C:\Windows\System\oYFDETb.exe

C:\Windows\System\oYFDETb.exe

C:\Windows\System\doPSZPO.exe

C:\Windows\System\doPSZPO.exe

C:\Windows\System\pieJlRK.exe

C:\Windows\System\pieJlRK.exe

C:\Windows\System\baUTvvZ.exe

C:\Windows\System\baUTvvZ.exe

C:\Windows\System\RzVeuRQ.exe

C:\Windows\System\RzVeuRQ.exe

C:\Windows\System\xQqjaKX.exe

C:\Windows\System\xQqjaKX.exe

C:\Windows\System\oaKrZZB.exe

C:\Windows\System\oaKrZZB.exe

C:\Windows\System\PtadhRv.exe

C:\Windows\System\PtadhRv.exe

C:\Windows\System\rkbiLbj.exe

C:\Windows\System\rkbiLbj.exe

C:\Windows\System\gzQjSru.exe

C:\Windows\System\gzQjSru.exe

C:\Windows\System\OjTObPr.exe

C:\Windows\System\OjTObPr.exe

C:\Windows\System\VRdMkRW.exe

C:\Windows\System\VRdMkRW.exe

C:\Windows\System\GzmLhMr.exe

C:\Windows\System\GzmLhMr.exe

C:\Windows\System\JYmAhlk.exe

C:\Windows\System\JYmAhlk.exe

C:\Windows\System\ngrzbRy.exe

C:\Windows\System\ngrzbRy.exe

C:\Windows\System\wSxjkou.exe

C:\Windows\System\wSxjkou.exe

C:\Windows\System\IZqTYOW.exe

C:\Windows\System\IZqTYOW.exe

C:\Windows\System\SXDsJnL.exe

C:\Windows\System\SXDsJnL.exe

C:\Windows\System\GuKMEPT.exe

C:\Windows\System\GuKMEPT.exe

C:\Windows\System\vLeLkFp.exe

C:\Windows\System\vLeLkFp.exe

C:\Windows\System\aGdOonZ.exe

C:\Windows\System\aGdOonZ.exe

C:\Windows\System\dACvYuZ.exe

C:\Windows\System\dACvYuZ.exe

C:\Windows\System\jWjDmCt.exe

C:\Windows\System\jWjDmCt.exe

C:\Windows\System\VWPhjuE.exe

C:\Windows\System\VWPhjuE.exe

C:\Windows\System\LeZwnIg.exe

C:\Windows\System\LeZwnIg.exe

C:\Windows\System\eGjpDyu.exe

C:\Windows\System\eGjpDyu.exe

C:\Windows\System\gqeHbdx.exe

C:\Windows\System\gqeHbdx.exe

C:\Windows\System\nWoIexv.exe

C:\Windows\System\nWoIexv.exe

C:\Windows\System\yAmLZKq.exe

C:\Windows\System\yAmLZKq.exe

C:\Windows\System\JouUaHh.exe

C:\Windows\System\JouUaHh.exe

C:\Windows\System\QQSeDzL.exe

C:\Windows\System\QQSeDzL.exe

C:\Windows\System\zbmZrlM.exe

C:\Windows\System\zbmZrlM.exe

C:\Windows\System\FvJhtVc.exe

C:\Windows\System\FvJhtVc.exe

C:\Windows\System\YJmAvDY.exe

C:\Windows\System\YJmAvDY.exe

C:\Windows\System\qUvfFGm.exe

C:\Windows\System\qUvfFGm.exe

C:\Windows\System\RdXanuO.exe

C:\Windows\System\RdXanuO.exe

C:\Windows\System\ygzbrxm.exe

C:\Windows\System\ygzbrxm.exe

C:\Windows\System\jdWxYbu.exe

C:\Windows\System\jdWxYbu.exe

C:\Windows\System\AMoIRkK.exe

C:\Windows\System\AMoIRkK.exe

C:\Windows\System\ruuoeve.exe

C:\Windows\System\ruuoeve.exe

C:\Windows\System\MTbQuOT.exe

C:\Windows\System\MTbQuOT.exe

C:\Windows\System\vaWDShF.exe

C:\Windows\System\vaWDShF.exe

C:\Windows\System\pxhiGfX.exe

C:\Windows\System\pxhiGfX.exe

C:\Windows\System\suzTrUF.exe

C:\Windows\System\suzTrUF.exe

C:\Windows\System\zSewHet.exe

C:\Windows\System\zSewHet.exe

C:\Windows\System\ViBNvkW.exe

C:\Windows\System\ViBNvkW.exe

C:\Windows\System\OueZBJK.exe

C:\Windows\System\OueZBJK.exe

C:\Windows\System\HjbBlWI.exe

C:\Windows\System\HjbBlWI.exe

C:\Windows\System\uvdnHRQ.exe

C:\Windows\System\uvdnHRQ.exe

C:\Windows\System\IsFaHmC.exe

C:\Windows\System\IsFaHmC.exe

C:\Windows\System\byswHWq.exe

C:\Windows\System\byswHWq.exe

C:\Windows\System\ySbUVOG.exe

C:\Windows\System\ySbUVOG.exe

C:\Windows\System\HfbIBrd.exe

C:\Windows\System\HfbIBrd.exe

C:\Windows\System\IPpqLkt.exe

C:\Windows\System\IPpqLkt.exe

C:\Windows\System\OLjNhYY.exe

C:\Windows\System\OLjNhYY.exe

C:\Windows\System\HLcFejN.exe

C:\Windows\System\HLcFejN.exe

C:\Windows\System\qLBQaxT.exe

C:\Windows\System\qLBQaxT.exe

C:\Windows\System\cepvWQu.exe

C:\Windows\System\cepvWQu.exe

C:\Windows\System\uCWXzVd.exe

C:\Windows\System\uCWXzVd.exe

C:\Windows\System\JYPqJUa.exe

C:\Windows\System\JYPqJUa.exe

C:\Windows\System\ztMOqNZ.exe

C:\Windows\System\ztMOqNZ.exe

C:\Windows\System\UoqPocS.exe

C:\Windows\System\UoqPocS.exe

C:\Windows\System\wyWRehK.exe

C:\Windows\System\wyWRehK.exe

C:\Windows\System\lMKYSom.exe

C:\Windows\System\lMKYSom.exe

C:\Windows\System\rSriNZz.exe

C:\Windows\System\rSriNZz.exe

C:\Windows\System\taLIBKV.exe

C:\Windows\System\taLIBKV.exe

C:\Windows\System\XfgSVLN.exe

C:\Windows\System\XfgSVLN.exe

C:\Windows\System\LutkjFW.exe

C:\Windows\System\LutkjFW.exe

C:\Windows\System\OkPpoQM.exe

C:\Windows\System\OkPpoQM.exe

C:\Windows\System\YjnnZDs.exe

C:\Windows\System\YjnnZDs.exe

C:\Windows\System\zdEosoS.exe

C:\Windows\System\zdEosoS.exe

C:\Windows\System\lWkUKKC.exe

C:\Windows\System\lWkUKKC.exe

C:\Windows\System\tFfJTkg.exe

C:\Windows\System\tFfJTkg.exe

C:\Windows\System\GeoYKNQ.exe

C:\Windows\System\GeoYKNQ.exe

C:\Windows\System\jnjUrrT.exe

C:\Windows\System\jnjUrrT.exe

C:\Windows\System\hcHpNlK.exe

C:\Windows\System\hcHpNlK.exe

C:\Windows\System\jYadLic.exe

C:\Windows\System\jYadLic.exe

C:\Windows\System\INSHRnz.exe

C:\Windows\System\INSHRnz.exe

C:\Windows\System\kdQSTLu.exe

C:\Windows\System\kdQSTLu.exe

C:\Windows\System\vChPund.exe

C:\Windows\System\vChPund.exe

C:\Windows\System\MnEoPaH.exe

C:\Windows\System\MnEoPaH.exe

C:\Windows\System\KCSsSgN.exe

C:\Windows\System\KCSsSgN.exe

C:\Windows\System\hqjvNbm.exe

C:\Windows\System\hqjvNbm.exe

C:\Windows\System\SpBDfGR.exe

C:\Windows\System\SpBDfGR.exe

C:\Windows\System\ZpwdcTS.exe

C:\Windows\System\ZpwdcTS.exe

C:\Windows\System\ItmqPMJ.exe

C:\Windows\System\ItmqPMJ.exe

C:\Windows\System\mRgbZVf.exe

C:\Windows\System\mRgbZVf.exe

C:\Windows\System\NttbVjj.exe

C:\Windows\System\NttbVjj.exe

C:\Windows\System\pykoUGp.exe

C:\Windows\System\pykoUGp.exe

C:\Windows\System\JxbSUDY.exe

C:\Windows\System\JxbSUDY.exe

C:\Windows\System\bmgfxDW.exe

C:\Windows\System\bmgfxDW.exe

C:\Windows\System\oZuyYrs.exe

C:\Windows\System\oZuyYrs.exe

C:\Windows\System\gipHkXf.exe

C:\Windows\System\gipHkXf.exe

C:\Windows\System\YwPoXPo.exe

C:\Windows\System\YwPoXPo.exe

C:\Windows\System\KqEhYpj.exe

C:\Windows\System\KqEhYpj.exe

C:\Windows\System\aPdEhKa.exe

C:\Windows\System\aPdEhKa.exe

C:\Windows\System\szCKDRM.exe

C:\Windows\System\szCKDRM.exe

C:\Windows\System\FSqVzON.exe

C:\Windows\System\FSqVzON.exe

C:\Windows\System\jsjFZBY.exe

C:\Windows\System\jsjFZBY.exe

C:\Windows\System\kZmfTEe.exe

C:\Windows\System\kZmfTEe.exe

C:\Windows\System\BHlEroU.exe

C:\Windows\System\BHlEroU.exe

C:\Windows\System\LSXrFzU.exe

C:\Windows\System\LSXrFzU.exe

C:\Windows\System\JBbMurR.exe

C:\Windows\System\JBbMurR.exe

C:\Windows\System\xsagUSL.exe

C:\Windows\System\xsagUSL.exe

C:\Windows\System\MQUnRPq.exe

C:\Windows\System\MQUnRPq.exe

C:\Windows\System\lJtpOQW.exe

C:\Windows\System\lJtpOQW.exe

C:\Windows\System\eThqstQ.exe

C:\Windows\System\eThqstQ.exe

C:\Windows\System\BTEiZmN.exe

C:\Windows\System\BTEiZmN.exe

C:\Windows\System\MPnKOWo.exe

C:\Windows\System\MPnKOWo.exe

C:\Windows\System\yCLAenv.exe

C:\Windows\System\yCLAenv.exe

C:\Windows\System\ywmtucZ.exe

C:\Windows\System\ywmtucZ.exe

C:\Windows\System\wZfoFoQ.exe

C:\Windows\System\wZfoFoQ.exe

C:\Windows\System\PnjmPAW.exe

C:\Windows\System\PnjmPAW.exe

C:\Windows\System\dlMCrmy.exe

C:\Windows\System\dlMCrmy.exe

C:\Windows\System\gaTrtaM.exe

C:\Windows\System\gaTrtaM.exe

C:\Windows\System\XvnQPYQ.exe

C:\Windows\System\XvnQPYQ.exe

C:\Windows\System\HZWCgPc.exe

C:\Windows\System\HZWCgPc.exe

C:\Windows\System\ENIosoS.exe

C:\Windows\System\ENIosoS.exe

C:\Windows\System\HABIjSX.exe

C:\Windows\System\HABIjSX.exe

C:\Windows\System\CHIwNmY.exe

C:\Windows\System\CHIwNmY.exe

C:\Windows\System\nLyQqXO.exe

C:\Windows\System\nLyQqXO.exe

C:\Windows\System\zOHRIvY.exe

C:\Windows\System\zOHRIvY.exe

C:\Windows\System\hHTFWqG.exe

C:\Windows\System\hHTFWqG.exe

C:\Windows\System\UEFrtAn.exe

C:\Windows\System\UEFrtAn.exe

C:\Windows\System\hbCMuwt.exe

C:\Windows\System\hbCMuwt.exe

C:\Windows\System\yTMSAdz.exe

C:\Windows\System\yTMSAdz.exe

C:\Windows\System\yZmxFld.exe

C:\Windows\System\yZmxFld.exe

C:\Windows\System\eeSizlN.exe

C:\Windows\System\eeSizlN.exe

C:\Windows\System\wobVVwX.exe

C:\Windows\System\wobVVwX.exe

C:\Windows\System\QyLAsTn.exe

C:\Windows\System\QyLAsTn.exe

C:\Windows\System\LLIoJqh.exe

C:\Windows\System\LLIoJqh.exe

C:\Windows\System\cuRtSIJ.exe

C:\Windows\System\cuRtSIJ.exe

C:\Windows\System\SuNVHuW.exe

C:\Windows\System\SuNVHuW.exe

C:\Windows\System\VVoqoSO.exe

C:\Windows\System\VVoqoSO.exe

C:\Windows\System\agvzYfn.exe

C:\Windows\System\agvzYfn.exe

C:\Windows\System\vFWhInr.exe

C:\Windows\System\vFWhInr.exe

C:\Windows\System\VmOwKpB.exe

C:\Windows\System\VmOwKpB.exe

C:\Windows\System\IhAjrmY.exe

C:\Windows\System\IhAjrmY.exe

C:\Windows\System\WWPCaho.exe

C:\Windows\System\WWPCaho.exe

C:\Windows\System\bmHelaH.exe

C:\Windows\System\bmHelaH.exe

C:\Windows\System\HBqQffS.exe

C:\Windows\System\HBqQffS.exe

C:\Windows\System\MBKJQvy.exe

C:\Windows\System\MBKJQvy.exe

C:\Windows\System\kDarNIk.exe

C:\Windows\System\kDarNIk.exe

C:\Windows\System\umKtWMf.exe

C:\Windows\System\umKtWMf.exe

C:\Windows\System\GZRtpfl.exe

C:\Windows\System\GZRtpfl.exe

C:\Windows\System\ZpJfdYT.exe

C:\Windows\System\ZpJfdYT.exe

C:\Windows\System\ZRMdObj.exe

C:\Windows\System\ZRMdObj.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4040,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8

C:\Windows\System\SFCTBIl.exe

C:\Windows\System\SFCTBIl.exe

C:\Windows\System\fWgyhyH.exe

C:\Windows\System\fWgyhyH.exe

C:\Windows\System\AxtyyDy.exe

C:\Windows\System\AxtyyDy.exe

C:\Windows\System\AYKsmnv.exe

C:\Windows\System\AYKsmnv.exe

C:\Windows\System\vxjopfc.exe

C:\Windows\System\vxjopfc.exe

C:\Windows\System\tOnpkMj.exe

C:\Windows\System\tOnpkMj.exe

C:\Windows\System\DSkUPQx.exe

C:\Windows\System\DSkUPQx.exe

C:\Windows\System\btXbyzZ.exe

C:\Windows\System\btXbyzZ.exe

C:\Windows\System\InDFauG.exe

C:\Windows\System\InDFauG.exe

C:\Windows\System\hJFaFQC.exe

C:\Windows\System\hJFaFQC.exe

C:\Windows\System\RiCjKYb.exe

C:\Windows\System\RiCjKYb.exe

C:\Windows\System\bWOecuu.exe

C:\Windows\System\bWOecuu.exe

C:\Windows\System\IgFVhyz.exe

C:\Windows\System\IgFVhyz.exe

C:\Windows\System\OqxDBTF.exe

C:\Windows\System\OqxDBTF.exe

C:\Windows\System\KEiIALU.exe

C:\Windows\System\KEiIALU.exe

C:\Windows\System\GUEHpIW.exe

C:\Windows\System\GUEHpIW.exe

C:\Windows\System\gQroGQz.exe

C:\Windows\System\gQroGQz.exe

C:\Windows\System\DwPApKr.exe

C:\Windows\System\DwPApKr.exe

C:\Windows\System\xNaxuxu.exe

C:\Windows\System\xNaxuxu.exe

C:\Windows\System\yXKHtOz.exe

C:\Windows\System\yXKHtOz.exe

C:\Windows\System\vgTvjIc.exe

C:\Windows\System\vgTvjIc.exe

C:\Windows\System\noMzlpC.exe

C:\Windows\System\noMzlpC.exe

C:\Windows\System\zRLNsOK.exe

C:\Windows\System\zRLNsOK.exe

C:\Windows\System\SQMKZul.exe

C:\Windows\System\SQMKZul.exe

C:\Windows\System\UOPxrhC.exe

C:\Windows\System\UOPxrhC.exe

C:\Windows\System\gWeumcm.exe

C:\Windows\System\gWeumcm.exe

C:\Windows\System\RdDndXk.exe

C:\Windows\System\RdDndXk.exe

C:\Windows\System\TvundfW.exe

C:\Windows\System\TvundfW.exe

C:\Windows\System\QdUSgJT.exe

C:\Windows\System\QdUSgJT.exe

C:\Windows\System\SeLhjMw.exe

C:\Windows\System\SeLhjMw.exe

C:\Windows\System\prvkkKN.exe

C:\Windows\System\prvkkKN.exe

C:\Windows\System\Ltdilba.exe

C:\Windows\System\Ltdilba.exe

C:\Windows\System\WLSAlar.exe

C:\Windows\System\WLSAlar.exe

C:\Windows\System\ncxmApa.exe

C:\Windows\System\ncxmApa.exe

C:\Windows\System\tzqetSD.exe

C:\Windows\System\tzqetSD.exe

C:\Windows\System\vWTcinw.exe

C:\Windows\System\vWTcinw.exe

C:\Windows\System\BTBeegc.exe

C:\Windows\System\BTBeegc.exe

C:\Windows\System\uzqBGqK.exe

C:\Windows\System\uzqBGqK.exe

C:\Windows\System\NAGVfZY.exe

C:\Windows\System\NAGVfZY.exe

C:\Windows\System\WkKYhEB.exe

C:\Windows\System\WkKYhEB.exe

C:\Windows\System\QAxgNFh.exe

C:\Windows\System\QAxgNFh.exe

C:\Windows\System\SPQYkfT.exe

C:\Windows\System\SPQYkfT.exe

C:\Windows\System\RxgSXGl.exe

C:\Windows\System\RxgSXGl.exe

C:\Windows\System\DZzHFbn.exe

C:\Windows\System\DZzHFbn.exe

C:\Windows\System\CZmpKVc.exe

C:\Windows\System\CZmpKVc.exe

C:\Windows\System\axREdVY.exe

C:\Windows\System\axREdVY.exe

C:\Windows\System\CiMaMsz.exe

C:\Windows\System\CiMaMsz.exe

C:\Windows\System\cbveFbG.exe

C:\Windows\System\cbveFbG.exe

C:\Windows\System\wQsKRcc.exe

C:\Windows\System\wQsKRcc.exe

C:\Windows\System\qyIQrIz.exe

C:\Windows\System\qyIQrIz.exe

C:\Windows\System\TqSazKV.exe

C:\Windows\System\TqSazKV.exe

C:\Windows\System\wpKIKKC.exe

C:\Windows\System\wpKIKKC.exe

C:\Windows\System\dpZZpPm.exe

C:\Windows\System\dpZZpPm.exe

C:\Windows\System\GeHgNsT.exe

C:\Windows\System\GeHgNsT.exe

C:\Windows\System\RKKRWaj.exe

C:\Windows\System\RKKRWaj.exe

C:\Windows\System\uhwwZbq.exe

C:\Windows\System\uhwwZbq.exe

C:\Windows\System\LPdDsjo.exe

C:\Windows\System\LPdDsjo.exe

C:\Windows\System\jgXhEPA.exe

C:\Windows\System\jgXhEPA.exe

C:\Windows\System\WMsQWoq.exe

C:\Windows\System\WMsQWoq.exe

C:\Windows\System\QbhWllh.exe

C:\Windows\System\QbhWllh.exe

C:\Windows\System\AkfGndv.exe

C:\Windows\System\AkfGndv.exe

C:\Windows\System\SGUaCCb.exe

C:\Windows\System\SGUaCCb.exe

C:\Windows\System\PiZoxkX.exe

C:\Windows\System\PiZoxkX.exe

C:\Windows\System\fQjkDtf.exe

C:\Windows\System\fQjkDtf.exe

C:\Windows\System\TAqTHzm.exe

C:\Windows\System\TAqTHzm.exe

C:\Windows\System\psYSQYm.exe

C:\Windows\System\psYSQYm.exe

C:\Windows\System\KITGFnI.exe

C:\Windows\System\KITGFnI.exe

C:\Windows\System\OlogsXy.exe

C:\Windows\System\OlogsXy.exe

C:\Windows\System\CiWjjvY.exe

C:\Windows\System\CiWjjvY.exe

C:\Windows\System\mRQBYYR.exe

C:\Windows\System\mRQBYYR.exe

C:\Windows\System\JcNVvTd.exe

C:\Windows\System\JcNVvTd.exe

C:\Windows\System\MISDjMb.exe

C:\Windows\System\MISDjMb.exe

C:\Windows\System\hYWggiU.exe

C:\Windows\System\hYWggiU.exe

C:\Windows\System\alKvUYQ.exe

C:\Windows\System\alKvUYQ.exe

C:\Windows\System\nsrzSSc.exe

C:\Windows\System\nsrzSSc.exe

C:\Windows\System\onxkdWD.exe

C:\Windows\System\onxkdWD.exe

C:\Windows\System\uSqsPqr.exe

C:\Windows\System\uSqsPqr.exe

C:\Windows\System\pJforqe.exe

C:\Windows\System\pJforqe.exe

C:\Windows\System\iDLdjji.exe

C:\Windows\System\iDLdjji.exe

C:\Windows\System\GrFNVFd.exe

C:\Windows\System\GrFNVFd.exe

C:\Windows\System\umvVcgg.exe

C:\Windows\System\umvVcgg.exe

C:\Windows\System\VTWaVnW.exe

C:\Windows\System\VTWaVnW.exe

C:\Windows\System\gYsbzjB.exe

C:\Windows\System\gYsbzjB.exe

C:\Windows\System\iONTmXo.exe

C:\Windows\System\iONTmXo.exe

C:\Windows\System\QQkjcyD.exe

C:\Windows\System\QQkjcyD.exe

C:\Windows\System\rkPKjIa.exe

C:\Windows\System\rkPKjIa.exe

C:\Windows\System\sKvvIYk.exe

C:\Windows\System\sKvvIYk.exe

C:\Windows\System\DQJySHL.exe

C:\Windows\System\DQJySHL.exe

C:\Windows\System\UpJcIxE.exe

C:\Windows\System\UpJcIxE.exe

C:\Windows\System\ABBRQCX.exe

C:\Windows\System\ABBRQCX.exe

C:\Windows\System\eAPZbhz.exe

C:\Windows\System\eAPZbhz.exe

C:\Windows\System\ufDwWRT.exe

C:\Windows\System\ufDwWRT.exe

C:\Windows\System\ZxGNwpE.exe

C:\Windows\System\ZxGNwpE.exe

C:\Windows\System\mMCEvNG.exe

C:\Windows\System\mMCEvNG.exe

C:\Windows\System\ezwznFm.exe

C:\Windows\System\ezwznFm.exe

C:\Windows\System\gqRpyxq.exe

C:\Windows\System\gqRpyxq.exe

C:\Windows\System\uqbEzSG.exe

C:\Windows\System\uqbEzSG.exe

C:\Windows\System\jFeByju.exe

C:\Windows\System\jFeByju.exe

C:\Windows\System\nvznOlN.exe

C:\Windows\System\nvznOlN.exe

C:\Windows\System\bCirDAM.exe

C:\Windows\System\bCirDAM.exe

C:\Windows\System\HZTywVc.exe

C:\Windows\System\HZTywVc.exe

C:\Windows\System\WxsRiKW.exe

C:\Windows\System\WxsRiKW.exe

C:\Windows\System\HeBCBeH.exe

C:\Windows\System\HeBCBeH.exe

C:\Windows\System\lUIWEIw.exe

C:\Windows\System\lUIWEIw.exe

C:\Windows\System\SDPdgwY.exe

C:\Windows\System\SDPdgwY.exe

C:\Windows\System\nUjmzwx.exe

C:\Windows\System\nUjmzwx.exe

C:\Windows\System\fyPqTRj.exe

C:\Windows\System\fyPqTRj.exe

C:\Windows\System\XzgyPlk.exe

C:\Windows\System\XzgyPlk.exe

C:\Windows\System\uqnrbkB.exe

C:\Windows\System\uqnrbkB.exe

C:\Windows\System\uRLAIGW.exe

C:\Windows\System\uRLAIGW.exe

C:\Windows\System\hQxSNoO.exe

C:\Windows\System\hQxSNoO.exe

C:\Windows\System\HlBcsYn.exe

C:\Windows\System\HlBcsYn.exe

C:\Windows\System\pGhIYNr.exe

C:\Windows\System\pGhIYNr.exe

C:\Windows\System\eHbZysz.exe

C:\Windows\System\eHbZysz.exe

C:\Windows\System\HnEyCbY.exe

C:\Windows\System\HnEyCbY.exe

C:\Windows\System\OzyzNDo.exe

C:\Windows\System\OzyzNDo.exe

C:\Windows\System\CCNuyts.exe

C:\Windows\System\CCNuyts.exe

C:\Windows\System\JJrXUPy.exe

C:\Windows\System\JJrXUPy.exe

C:\Windows\System\qnfIrgd.exe

C:\Windows\System\qnfIrgd.exe

C:\Windows\System\AzFKQfw.exe

C:\Windows\System\AzFKQfw.exe

C:\Windows\System\osyAEGS.exe

C:\Windows\System\osyAEGS.exe

C:\Windows\System\zQYZDGn.exe

C:\Windows\System\zQYZDGn.exe

C:\Windows\System\tGQbsmi.exe

C:\Windows\System\tGQbsmi.exe

C:\Windows\System\wwkAHsM.exe

C:\Windows\System\wwkAHsM.exe

C:\Windows\System\WXFUKZC.exe

C:\Windows\System\WXFUKZC.exe

C:\Windows\System\TJyEYhq.exe

C:\Windows\System\TJyEYhq.exe

C:\Windows\System\xcKXTDm.exe

C:\Windows\System\xcKXTDm.exe

C:\Windows\System\qJkvzDl.exe

C:\Windows\System\qJkvzDl.exe

C:\Windows\System\PvZvkPk.exe

C:\Windows\System\PvZvkPk.exe

C:\Windows\System\GvEzdij.exe

C:\Windows\System\GvEzdij.exe

C:\Windows\System\NSrODMK.exe

C:\Windows\System\NSrODMK.exe

C:\Windows\System\IgAWUML.exe

C:\Windows\System\IgAWUML.exe

C:\Windows\System\EgGoOxr.exe

C:\Windows\System\EgGoOxr.exe

C:\Windows\System\OTPWchD.exe

C:\Windows\System\OTPWchD.exe

C:\Windows\System\zOvEpqT.exe

C:\Windows\System\zOvEpqT.exe

C:\Windows\System\olTsvWD.exe

C:\Windows\System\olTsvWD.exe

C:\Windows\System\UUYDRnv.exe

C:\Windows\System\UUYDRnv.exe

C:\Windows\System\bPcuEfZ.exe

C:\Windows\System\bPcuEfZ.exe

C:\Windows\System\vkXnVeo.exe

C:\Windows\System\vkXnVeo.exe

C:\Windows\System\VlsxMBT.exe

C:\Windows\System\VlsxMBT.exe

C:\Windows\System\IpnlmZG.exe

C:\Windows\System\IpnlmZG.exe

C:\Windows\System\BuguARc.exe

C:\Windows\System\BuguARc.exe

C:\Windows\System\qcRdvmO.exe

C:\Windows\System\qcRdvmO.exe

C:\Windows\System\fNQHgLh.exe

C:\Windows\System\fNQHgLh.exe

C:\Windows\System\SExiryh.exe

C:\Windows\System\SExiryh.exe

C:\Windows\System\eaOyyff.exe

C:\Windows\System\eaOyyff.exe

C:\Windows\System\JClpLnp.exe

C:\Windows\System\JClpLnp.exe

C:\Windows\System\eLeREID.exe

C:\Windows\System\eLeREID.exe

C:\Windows\System\huKGDyc.exe

C:\Windows\System\huKGDyc.exe

C:\Windows\System\AnYqONn.exe

C:\Windows\System\AnYqONn.exe

C:\Windows\System\ZcXzZwJ.exe

C:\Windows\System\ZcXzZwJ.exe

C:\Windows\System\qowPadK.exe

C:\Windows\System\qowPadK.exe

C:\Windows\System\nHVrVva.exe

C:\Windows\System\nHVrVva.exe

C:\Windows\System\oqMCQHa.exe

C:\Windows\System\oqMCQHa.exe

C:\Windows\System\MRRMNLF.exe

C:\Windows\System\MRRMNLF.exe

C:\Windows\System\mElisuh.exe

C:\Windows\System\mElisuh.exe

C:\Windows\System\UycfWJg.exe

C:\Windows\System\UycfWJg.exe

C:\Windows\System\EiTUWvl.exe

C:\Windows\System\EiTUWvl.exe

C:\Windows\System\yDYxcYu.exe

C:\Windows\System\yDYxcYu.exe

C:\Windows\System\CzQcWge.exe

C:\Windows\System\CzQcWge.exe

C:\Windows\System\wwTZIni.exe

C:\Windows\System\wwTZIni.exe

C:\Windows\System\eanJqQB.exe

C:\Windows\System\eanJqQB.exe

C:\Windows\System\PHjWSxk.exe

C:\Windows\System\PHjWSxk.exe

C:\Windows\System\fHlgKHn.exe

C:\Windows\System\fHlgKHn.exe

C:\Windows\System\NANMAxK.exe

C:\Windows\System\NANMAxK.exe

C:\Windows\System\EjFKFIP.exe

C:\Windows\System\EjFKFIP.exe

C:\Windows\System\htiOLvl.exe

C:\Windows\System\htiOLvl.exe

C:\Windows\System\JHIoqIM.exe

C:\Windows\System\JHIoqIM.exe

C:\Windows\System\iYIDToT.exe

C:\Windows\System\iYIDToT.exe

C:\Windows\System\TejSEgR.exe

C:\Windows\System\TejSEgR.exe

C:\Windows\System\FrgytRu.exe

C:\Windows\System\FrgytRu.exe

C:\Windows\System\UFmYbuf.exe

C:\Windows\System\UFmYbuf.exe

C:\Windows\System\VIRoBnV.exe

C:\Windows\System\VIRoBnV.exe

C:\Windows\System\Psnvrgw.exe

C:\Windows\System\Psnvrgw.exe

C:\Windows\System\rPLlkzE.exe

C:\Windows\System\rPLlkzE.exe

C:\Windows\System\PfmmLaS.exe

C:\Windows\System\PfmmLaS.exe

C:\Windows\System\TPopirv.exe

C:\Windows\System\TPopirv.exe

C:\Windows\System\FwjJywO.exe

C:\Windows\System\FwjJywO.exe

C:\Windows\System\xiMbgBw.exe

C:\Windows\System\xiMbgBw.exe

C:\Windows\System\kSPdCDg.exe

C:\Windows\System\kSPdCDg.exe

C:\Windows\System\DsBaivR.exe

C:\Windows\System\DsBaivR.exe

C:\Windows\System\ZkezekB.exe

C:\Windows\System\ZkezekB.exe

C:\Windows\System\zaClpDZ.exe

C:\Windows\System\zaClpDZ.exe

C:\Windows\System\kQUZWgP.exe

C:\Windows\System\kQUZWgP.exe

C:\Windows\System\TjKhaWM.exe

C:\Windows\System\TjKhaWM.exe

C:\Windows\System\PuOTfIG.exe

C:\Windows\System\PuOTfIG.exe

C:\Windows\System\LHIaCFQ.exe

C:\Windows\System\LHIaCFQ.exe

C:\Windows\System\vmwHeLW.exe

C:\Windows\System\vmwHeLW.exe

C:\Windows\System\zXUBDMz.exe

C:\Windows\System\zXUBDMz.exe

C:\Windows\System\aIzxBCl.exe

C:\Windows\System\aIzxBCl.exe

C:\Windows\System\PTrAvYn.exe

C:\Windows\System\PTrAvYn.exe

C:\Windows\System\nNAXjfX.exe

C:\Windows\System\nNAXjfX.exe

C:\Windows\System\UVuIFRK.exe

C:\Windows\System\UVuIFRK.exe

C:\Windows\System\gXVfceb.exe

C:\Windows\System\gXVfceb.exe

C:\Windows\System\CHWuFvR.exe

C:\Windows\System\CHWuFvR.exe

C:\Windows\System\WfvmVLj.exe

C:\Windows\System\WfvmVLj.exe

C:\Windows\System\SEjrHnx.exe

C:\Windows\System\SEjrHnx.exe

C:\Windows\System\aEBnHje.exe

C:\Windows\System\aEBnHje.exe

C:\Windows\System\JKRdcAE.exe

C:\Windows\System\JKRdcAE.exe

C:\Windows\System\NWXMIVL.exe

C:\Windows\System\NWXMIVL.exe

C:\Windows\System\sTAzeqv.exe

C:\Windows\System\sTAzeqv.exe

C:\Windows\System\vdWwyVg.exe

C:\Windows\System\vdWwyVg.exe

C:\Windows\System\dECTkqy.exe

C:\Windows\System\dECTkqy.exe

C:\Windows\System\VkBcwvV.exe

C:\Windows\System\VkBcwvV.exe

C:\Windows\System\OVxAXKH.exe

C:\Windows\System\OVxAXKH.exe

C:\Windows\System\UXXnlyL.exe

C:\Windows\System\UXXnlyL.exe

C:\Windows\System\uBzGRRF.exe

C:\Windows\System\uBzGRRF.exe

C:\Windows\System\fHSNrid.exe

C:\Windows\System\fHSNrid.exe

C:\Windows\System\fYGUhIo.exe

C:\Windows\System\fYGUhIo.exe

C:\Windows\System\TmPJpOP.exe

C:\Windows\System\TmPJpOP.exe

C:\Windows\System\srFzbPV.exe

C:\Windows\System\srFzbPV.exe

C:\Windows\System\VwfiEgY.exe

C:\Windows\System\VwfiEgY.exe

C:\Windows\System\KUpurdc.exe

C:\Windows\System\KUpurdc.exe

C:\Windows\System\sdMKgWs.exe

C:\Windows\System\sdMKgWs.exe

C:\Windows\System\hskiUol.exe

C:\Windows\System\hskiUol.exe

C:\Windows\System\eyHviIt.exe

C:\Windows\System\eyHviIt.exe

C:\Windows\System\uccKWxZ.exe

C:\Windows\System\uccKWxZ.exe

C:\Windows\System\rgkANCk.exe

C:\Windows\System\rgkANCk.exe

C:\Windows\System\suJjDnB.exe

C:\Windows\System\suJjDnB.exe

C:\Windows\System\JDLboCW.exe

C:\Windows\System\JDLboCW.exe

C:\Windows\System\whXaBDn.exe

C:\Windows\System\whXaBDn.exe

C:\Windows\System\AijrIOp.exe

C:\Windows\System\AijrIOp.exe

C:\Windows\System\NJWxipY.exe

C:\Windows\System\NJWxipY.exe

C:\Windows\System\aDxLSEy.exe

C:\Windows\System\aDxLSEy.exe

C:\Windows\System\cdiVdNn.exe

C:\Windows\System\cdiVdNn.exe

C:\Windows\System\NhcAnkq.exe

C:\Windows\System\NhcAnkq.exe

C:\Windows\System\RGlgeCT.exe

C:\Windows\System\RGlgeCT.exe

C:\Windows\System\esSnSWg.exe

C:\Windows\System\esSnSWg.exe

C:\Windows\System\WUwxmUL.exe

C:\Windows\System\WUwxmUL.exe

C:\Windows\System\cPRLQjJ.exe

C:\Windows\System\cPRLQjJ.exe

C:\Windows\System\GWmAwiZ.exe

C:\Windows\System\GWmAwiZ.exe

C:\Windows\System\XVPvQqI.exe

C:\Windows\System\XVPvQqI.exe

C:\Windows\System\PJcEJxb.exe

C:\Windows\System\PJcEJxb.exe

C:\Windows\System\YhAwLEv.exe

C:\Windows\System\YhAwLEv.exe

C:\Windows\System\CGlCQCW.exe

C:\Windows\System\CGlCQCW.exe

C:\Windows\System\MRotIVF.exe

C:\Windows\System\MRotIVF.exe

C:\Windows\System\FObewAP.exe

C:\Windows\System\FObewAP.exe

C:\Windows\System\qjxrqsj.exe

C:\Windows\System\qjxrqsj.exe

C:\Windows\System\wrSNlJI.exe

C:\Windows\System\wrSNlJI.exe

C:\Windows\System\WgtlumQ.exe

C:\Windows\System\WgtlumQ.exe

C:\Windows\System\bzDjfuQ.exe

C:\Windows\System\bzDjfuQ.exe

C:\Windows\System\gHcaTzr.exe

C:\Windows\System\gHcaTzr.exe

C:\Windows\System\IpzPGZw.exe

C:\Windows\System\IpzPGZw.exe

C:\Windows\System\RWAsxzb.exe

C:\Windows\System\RWAsxzb.exe

C:\Windows\System\bbCEfoN.exe

C:\Windows\System\bbCEfoN.exe

C:\Windows\System\rBXHgiI.exe

C:\Windows\System\rBXHgiI.exe

C:\Windows\System\fqdpoks.exe

C:\Windows\System\fqdpoks.exe

C:\Windows\System\ljNjEOT.exe

C:\Windows\System\ljNjEOT.exe

C:\Windows\System\YKYjtDj.exe

C:\Windows\System\YKYjtDj.exe

C:\Windows\System\mEcmBZH.exe

C:\Windows\System\mEcmBZH.exe

C:\Windows\System\RDxxExJ.exe

C:\Windows\System\RDxxExJ.exe

C:\Windows\System\KdBRGUv.exe

C:\Windows\System\KdBRGUv.exe

C:\Windows\System\lkvQZiH.exe

C:\Windows\System\lkvQZiH.exe

C:\Windows\System\iOWTlQV.exe

C:\Windows\System\iOWTlQV.exe

C:\Windows\System\VDNDsVT.exe

C:\Windows\System\VDNDsVT.exe

C:\Windows\System\qFzySYi.exe

C:\Windows\System\qFzySYi.exe

C:\Windows\System\miuUqjN.exe

C:\Windows\System\miuUqjN.exe

C:\Windows\System\gsbJAeW.exe

C:\Windows\System\gsbJAeW.exe

C:\Windows\System\VDLiLSJ.exe

C:\Windows\System\VDLiLSJ.exe

C:\Windows\System\LHkEQty.exe

C:\Windows\System\LHkEQty.exe

C:\Windows\System\zMMJSgB.exe

C:\Windows\System\zMMJSgB.exe

C:\Windows\System\dMiXmyG.exe

C:\Windows\System\dMiXmyG.exe

C:\Windows\System\ywtEhRA.exe

C:\Windows\System\ywtEhRA.exe

C:\Windows\System\XRZhDeP.exe

C:\Windows\System\XRZhDeP.exe

C:\Windows\System\eqDaWBf.exe

C:\Windows\System\eqDaWBf.exe

C:\Windows\System\XVwLZOO.exe

C:\Windows\System\XVwLZOO.exe

C:\Windows\System\wnYDiUk.exe

C:\Windows\System\wnYDiUk.exe

C:\Windows\System\xstRaRT.exe

C:\Windows\System\xstRaRT.exe

C:\Windows\System\jfHFNza.exe

C:\Windows\System\jfHFNza.exe

C:\Windows\System\UbZhyxK.exe

C:\Windows\System\UbZhyxK.exe

C:\Windows\System\FYqmhmy.exe

C:\Windows\System\FYqmhmy.exe

C:\Windows\System\cPiEtWa.exe

C:\Windows\System\cPiEtWa.exe

C:\Windows\System\SYyaqwj.exe

C:\Windows\System\SYyaqwj.exe

C:\Windows\System\UIUhVZd.exe

C:\Windows\System\UIUhVZd.exe

C:\Windows\System\YfrBjVS.exe

C:\Windows\System\YfrBjVS.exe

C:\Windows\System\QvcItLN.exe

C:\Windows\System\QvcItLN.exe

C:\Windows\System\GEANxgb.exe

C:\Windows\System\GEANxgb.exe

C:\Windows\System\oiGOiNO.exe

C:\Windows\System\oiGOiNO.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
NL 23.62.61.89:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

memory/4160-0-0x00007FF79B6A0000-0x00007FF79BA96000-memory.dmp

memory/4160-1-0x0000020EE1AA0000-0x0000020EE1AB0000-memory.dmp

C:\Windows\System\ceiWnQM.exe

MD5 3fffd48df2d8490a70b13b6149fc6c9e
SHA1 a3302ada7ea7b0fa2b8efd290b92fa4d426614f0
SHA256 bcfe5c939eb2a5695450b37022095ddacb77b5f3b83c8e4c4d5841f5b257cb31
SHA512 ccf7a893ca86ac536974f2c39c1465c3cf6f07153d0effdef58ef2d0a10c7fb9eac8e4d483c5c0bc48a70aa09b2262402d1a4ff200b1a179f6767358643439a0

memory/1920-17-0x00007FF61C260000-0x00007FF61C656000-memory.dmp

memory/4656-24-0x00007FF615CC0000-0x00007FF6160B6000-memory.dmp

C:\Windows\System\DYqkZym.exe

MD5 9dce94af6bb2ce65f54c3430e0e2891e
SHA1 adebc141610b8cf010a8c065971844d4700bc64b
SHA256 8b55b6b812f240b18e4ef8e4dbd3bf43d9a790b2b91da6c255653d9ff1634431
SHA512 b85b84e9b93227376520e25301c7801820b668cdcacf1b782da3c0862e024c631d57764538b76d7043024f36262e7957ceb6b60d9a864b53cc195535a8874616

memory/1416-29-0x00007FF683540000-0x00007FF683936000-memory.dmp

C:\Windows\System\NhrHuWA.exe

MD5 8a2e56232ef65003e67ea2b6368d03a6
SHA1 71d6bbaecf86350dac1edbcdaa37a53d3dc0d872
SHA256 09766352a1f15cf920b432de4c8c9e210cbba85e32f0426be2f08b253e0ab186
SHA512 b78bcb0a2417ea5c2587c35067f7e143d8c666a31db6b6312b4678879092abe2da513b2d024e6a208e09c949777503937a8320257d253fcfae47d9acd9227925

C:\Windows\System\JfCWCis.exe

MD5 958c1a8f40f8fc016d7991319dec95e9
SHA1 0ce2e42b421a11040bf113f8f653dd3ffaea4e10
SHA256 e363c46dd82e4deecea0bd2fac2f1a5a52e954f57175e07d784211a160d39e6e
SHA512 a419bb6815f9eef9079554b9d0bba60818b931b5d77c230ff5158711527664129f6285923ece30373cbae6d388eb6f0b251e09ca7412cd98b00181e18310c100

C:\Windows\System\ZZEEqDY.exe

MD5 cd5bf7a7934da781a576c7b3723d63a3
SHA1 4cc478d88ed1690447f72c98f8929472b44fbfef
SHA256 b84c680bd87f5124c7e3dedaaff20a0bd20f4cbfe072dfd081cb420e558680a6
SHA512 ad0d6ef903a889d17e627081d3b1dcd67af41118af7f0cc1f40ae5e1a42da28a1590eb877f307c33e6d6bcec2b193eead343f732a9b99d179c745a88a76ae7ba

C:\Windows\System\KEBqTFK.exe

MD5 ed39adf1f548cfbb596782c5b8d47859
SHA1 7d498e49572288107a46b3d611fa85ffcfaa2f22
SHA256 84944edf68c67e1c3f88d2466f44c3fb7f6ec482202096c4810f258be4760382
SHA512 966be4f8af6a463fab739f573de1beaa7954527ea4c27edd00b89ee2b216c02f729ba0fdc91d157dd171bea302bc9d75c84ea2ec0f871c20a2177a98c8585318

C:\Windows\System\gWcqhBP.exe

MD5 dfbfeaab4f87c148d6037a5362b212db
SHA1 d5a7a7ada97548ad0aefdaa07e174937c2fd0190
SHA256 54cfbb21940f01c3a00afc9ce76097ba18701b0ab99675755f6b765c040bc438
SHA512 429327ee54efdbcf97bba72e8cda048bbf864ce82699bab3ff969c9cf0507f8f61167ca362ef34ca57b44dc712f2f89791c6203cdc47b231de3d255888727ef0

C:\Windows\System\gapwotm.exe

MD5 b41b96d9cda454916f265f2cb97c64be
SHA1 e541dc4bb49d1a76027c84f018007a672394c1f8
SHA256 d50bd64374078e476cc1e33ad31fcdeba0eb63185803bcd58cb0c05b04142e8b
SHA512 a2b3da2a8099ba49f9f84d6b7124f12851bf95fe42b670f5cca1ab9d9e1c7581b5edea4325fa1e5025a914b56c966ba0bf8db4e6cb8280e8b3f5667921f890ed

C:\Windows\System\cXgkNdH.exe

MD5 8c61596fe9dfb8b178fd2ba1a7a57d41
SHA1 e21e1344d98b8d21c721770b1547db910ebc58bc
SHA256 1e2200d716444bd75ca76866b1e4d7e95a73f223ec260e08d0d493228c552315
SHA512 3488036e3bf0a37e8e54fedb663493eaf7ebdeddd28c5ff1890420a9afa512975f506c77e1b8129c834c3e339ae9d6787124d4c7d84d2df512ebf2dbe46e08e7

C:\Windows\System\QjtqjXe.exe

MD5 18b73b10ff38784f0f17e8b949d7073c
SHA1 b3d9786635adc6380c778a36d725f9d9bbbd4b01
SHA256 dc9067dce68e94ad89671386b48462c7fee0eb18d5615b28cae906d93d78f578
SHA512 0106aaac17e578e3b1477ccecca192f6ae5f3fc99d01ae21c5ac5b99d7a0572f9fa9562bba1ad1444c19477ff392be9159d56c8c8e85430da36e71b263277d3d

C:\Windows\System\GwHLrzW.exe

MD5 82114716eb4d20ed84bdba8c569d8931
SHA1 0567f2167e670b7f0c6ceec6f6b6d35378ee724c
SHA256 68a0fc65d03134b9e9ad37e429f454b536167ee9bbb4a4911818f1be4a8d085d
SHA512 ef170868702af65fa2c7595708dab23ccd12587a226a2534ecf96aaef38860597747e1a8456d4d9bde752c1f8f357388b9c97558d63ad6765010a46cbf3e7598

C:\Windows\System\gDVGRzF.exe

MD5 ad19605ffad6c7113f2e9fddcd08a68d
SHA1 f998da3afbf3cacd78d6177be28471e12644f8a5
SHA256 38f91c437de1cd314c73ebbdaac6553a028870f3525dc24601d21a645be332e1
SHA512 6c65fd49000170471cea3baa7f9be0e769bbe8a86b6a363290d16bc4af230c431203ec93a05ee28a7809dca26e281b9048355a28fec058558fac9eb0f0d7a622

C:\Windows\System\FrwIXkE.exe

MD5 3cf1588fb1c24658d87a1ab395613293
SHA1 34193b4fb15c165040b6ec025effb46dd757bc8b
SHA256 3967734b1b784d4007a5cd2046eeedf768296160bca088d3e254b8447910ab57
SHA512 bdce7f9eeeb85cba297b2c9443e809b86df095150dd07136bc12e1534c24519e23535c319a4a12051e39108fc9fb79264f0822479f8e72e28b3cd4424420ee21

C:\Windows\System\UrgXHfM.exe

MD5 9aad6b9c9788ae09301dfbc9255ca2e9
SHA1 326528d92b9a1bcf3bbf6975a17d64c3fa6754e5
SHA256 a11502241ea1cf734b5cba42d1dbcede627e0022716c1737791e29ce148fe129
SHA512 da6bc95419ea083e07020495617cc4a6eb74c426c98e9570a150db64730cea31bd373bd4197847c02e3959c70adcafcc8e923deec539d8150858f44ad743ce6a

C:\Windows\System\COZXWxt.exe

MD5 b52c1ff6ddd84d79bf450ea97abacd39
SHA1 209196186c71e06317e324f178ee8e48fdbc8210
SHA256 65d981f715bc24d26f6ad8ca53542cf6e9e684ec9c402dd02115d74da20fa699
SHA512 c4ccae7cccd03d0ac8a256ca46dc88f1ca90626560d94c08fb7ddc9bf9f3dc2d5130476ddf2c1ec02779de27237e4c1f163a21c78665856d450962d786a54201

C:\Windows\System\zCZUNYN.exe

MD5 eb65e3e017e1bebb9f39b7f138d437d7
SHA1 3c7c8fda89e73ee9f35fe7e0cd29e4e0ed28a6f1
SHA256 237e8cba46e14ed3bc861527e8c6c58a40bcf3e1cdef03b26124ec2ccd52f821
SHA512 486e609bcbe53e9ad5839f51d9beb2b7c0efd8f5fc2976b044baa8389bfb5ebfc1cdc5c635ca5877f02e7e7836a1d1f1c84fa371ff290c190059ce3b0fe08003

C:\Windows\System\gcymRua.exe

MD5 6c6cf07b215e4f95c68326f5ddde023e
SHA1 1bf39a639bfd3a0ca03a715bf57dc40eeb8663b9
SHA256 7c4e9f9a30ca82dd8cc3f0f72361185b22cfd2405fd950fe2eaa9bf4b8862b22
SHA512 aab122c6e9859b253b04f07b03800147eace022b47d4f2cdbf6ab61ec36914de10be570f482e0140c7fd750fe9705f56e543e8fc454bb7740b473f2f900b384b

C:\Windows\System\hciMMxR.exe

MD5 c91365dbd22243601c254ca354bb1190
SHA1 b12dcccffe34c7cfc16b90d3022f02be2eafa4fc
SHA256 abf22b379c7c966485b41ec19069040b476fe15aface96c22f4af39b8a15ce6c
SHA512 d3b46e1c89af2b4248abe8502b1d79d92b59f5bf7ba461fc13df7846d4c85be5619356da893091a1d8769f53ceca20ef250172e14338f2ad8eb6a0fd4ad04430

C:\Windows\System\oqeCJtp.exe

MD5 487302d8bf720404cee8cc9d7bbbae81
SHA1 fcb07cb4dc7fa5413492ab7a1b86d727560047c2
SHA256 a58d4d5f6051fd5ee6e224122d6e3281305574229f70fedd2e00c24c3eb4baee
SHA512 8bb431d77a9e30bc513ce893577c4feb7c68f9648592f642777a9b4a17d27e315398d920cf6534e2d242f1461a15a031c6bd4513e97bae2279184fffcd7728da

C:\Windows\System\zGwfarj.exe

MD5 8a371570a0f69010af9b521c51bde7af
SHA1 a511903a7fd05a04c6e6e2b604ab92b2147a2ea0
SHA256 d68e6f3808f0a9a52df4ca221ef90cd099a6ea629247694967f54cd28decc883
SHA512 cd724cdc26ad27944ab75527b1bdd93f1f1e91a19da324041938f7ad8313c3e4f90866fd3c4019567b7add190738362105832a7f2cacb0edd333b7a7604a584b

C:\Windows\System\SQLDMQh.exe

MD5 49677012bef4808db92a58cbbf793254
SHA1 386ede49d5cc6e08a21c796fe0dd0a31dea56d6b
SHA256 65e4bdc647ab1169cc0bb4c1291ffe1d26db3207ba8ee925994b3a50476a056f
SHA512 e6ea3df9ef6768ddf1394d6597a8f5ce59568c6b7dd654e7d94559ce302e5892256bc7513b04893ec19c1f7f263f4b7c3c530e1f57fa043dafb58ba272e23a3c

C:\Windows\System\fFkZYih.exe

MD5 15a54606b690988b634a3769085668c0
SHA1 ca28663ae1bf0452e977e1f4aecfa01187b200bd
SHA256 da6fce071f9350818a37e1502efcfef0d6d9a960e785a598a084719f0a3bbb0f
SHA512 66382964b4f9bbb9572496ce35b95ae27f3a630354232c14a8c71287c31c6db966557da8ade7ec68287fb67795b61495a6213c1b4b3b9d1993a23ba41d6d3200

C:\Windows\System\UxCBWtW.exe

MD5 e329e1e414c8cfb632ab7a6237d5f2ac
SHA1 eff55d5237b607a2ba51b8605c5d7b06ab74a343
SHA256 824b8e959caf1ddc4775fe204dba73dda5a88aea23866d7b1e97f806570a2fb8
SHA512 adc6ac2abb1e3908b4b70ca9b5dfd65966e6eccb71a461ded0893d347d5b03e921a2ba436024d969639756e8956c9a1874eec1e18f033bf8e56bbc5afb34c275

C:\Windows\System\FbelNZl.exe

MD5 40bd04c6d6e8556c674b8f64349c3dc0
SHA1 366695cedf963e287669a40235cb02e4a7ab2932
SHA256 4f44ca6357e428d723ce65d2926c75d4e06061ca62ec424bd755d4c70c7e83a9
SHA512 a11704284e3a9a27269a673bb7f8cda8884f4b0dbf981ef6843eae4fda5489896ade468a3061bdfa1d2323b52469dc875c36ae4da6c9205351b57ec2e5d98529

C:\Windows\System\FguPvjf.exe

MD5 fe81c33c989d0bfd46ce75a327fd965e
SHA1 8572fb8604f27a5ac365ff64653adb0cf8bfd97c
SHA256 94078ec6fe91a331fe1ef5c15e6e1cd25098b953cbf5d1b84aedfba0c788e113
SHA512 68f879b1a1bd6f94f44ecb75043602d0c59deeeacdac7da5fb294e350233677959e56a2233dd2ff6016a34fc0a2c557e79553be0ba2b446313ff2bf832bbe8fb

C:\Windows\System\HpNbvij.exe

MD5 5952493dd997cb8c8361b493f724780e
SHA1 a828eb55ed94d74c97786958988397257f17dcb6
SHA256 cc3dddaa4cc111a2bcfa9c5b9317d3bc73f25ccedb4231dcf071594f08c63270
SHA512 217532a1d2b75353e64eeac8883ab39cffa955629d9c7213dc6e6894ffb8409da90b31ed768429fceacfa142519c402018e00e74cbf51f9389507b49b0721a81

C:\Windows\System\VMLjTyg.exe

MD5 2bb6ab31e334f97c337eacca1acd48db
SHA1 a45724f799e03b2d0ed57375a3bc42a79d2f5a35
SHA256 cab066b5e7c93a0c98590a28b5303c31a4c7f46cd399fde524eb6f7f35b97fba
SHA512 e25b1ccab21927140e8f54693ee1b50c31f53e8f38c7d80a58dd3b9fb884df042c63b94b9d14ea4795b2c6b6369d2d0759267976fb5e0adbd7d3610721395de4

C:\Windows\System\TKeQwqX.exe

MD5 6a7e8b631c7cfc6712f439ae9f62daf0
SHA1 bfc442e89c2afaea95c0d8d23af08853c8c27a27
SHA256 5474c1f56d8e7aa838d4fd3aabf13fa6fc16e51e54d07c78aa7185f95f6fe421
SHA512 c4e24fcf4a4abee67f590d563a5f9af29bf10e59def2460631b2d10d30ad393d55541dda9a11f86fbf27e0d8e186182cea25bbfd50c048a2647f73877fdbbfe8

C:\Windows\System\FhMBbAn.exe

MD5 ffba7625b9d3e89ddd3dc9891019164d
SHA1 2de2c182b8e0cddd10e187672597e130875a8430
SHA256 311dcd130837237b175e00783b97c5a22259e08258ab5b77830ca73984963cc8
SHA512 062f983ec99cab24c26300cafb4d07d9f559cd43e169de4cc1681ac0abb3cb663c5af0acf2b16b4e0b143309d2436173e0eb6505e5b241e4af4f0e2202ed3cf4

C:\Windows\System\VxwHFux.exe

MD5 f0ac4651c75b6ace434c286560e9ec29
SHA1 d7ab8d69603ade53bbac911aac2947ab3f1a5cf4
SHA256 5ae728833ac6f6a470e66b13ef465de9da53c7cd577f17c880b3eaf2b91772ca
SHA512 cb8c9c894b35d8e6255e5d9acc402b084d8c125347a2d5821f8e09f9a6426fde594df891c5bb747c276c795eafb28113723085572806886fa2370c8f6030a87d

memory/3496-32-0x00007FF7FD090000-0x00007FF7FD486000-memory.dmp

C:\Windows\System\vvEjkUX.exe

MD5 1c2c998c6c83e0f3e1f4348113599fb0
SHA1 b265ced30d74e6ea13787bc5fab1c96578464bec
SHA256 550aaf8b564dc8a85f20aeb500d0e6cc88fefce1dff1fd770ea13f2049f8eed2
SHA512 2a3436f2aa632fe06cd35a0394f16117cb29b818e89f18607518c965c0663f5fe77eb9dc764ab97f128175f94cbd88a0c12d9532eeb88fafca5f5b19050503f9

C:\Windows\System\JxuabVM.exe

MD5 85c3148ed95f597754960fb3c247dba4
SHA1 585b4f541ecc0b8fc088400b2339a639d343d057
SHA256 80f34df65c9f34e66fb22b162ad8b3961e36c1a0d0b86e51a5075a139c09dbf5
SHA512 52e8e6bbcd0b22092d6a8fe709ba5ce3c81b8df64b01a0a8c665d6ee95dbda7c4775af829e4bd977264b506aca70ff179834a02d52827ebc3e67aac704cbfdb1

memory/4480-11-0x00007FF7CCBF0000-0x00007FF7CCFE6000-memory.dmp

C:\Windows\System\mbGMAYA.exe

MD5 21bd0865b814ae335ce46ea288d06bea
SHA1 100b2594796430a00772ec344206741289639187
SHA256 d798315ed1a05006964ff84ea65f7de40219cd9eb4eb1cdef6bb6f83d77ab0e5
SHA512 ff7296623124139f0ebe3d5283cc2b2ba589d361d4a756c7a5aa379e3a74c70ff2846a48478b0bf05ba1977fd55c401d3a476775d818325c189271bd681c9962

memory/1004-897-0x00007FF739420000-0x00007FF739816000-memory.dmp

memory/1604-904-0x00007FF75CEA0000-0x00007FF75D296000-memory.dmp

memory/412-911-0x00007FF653400000-0x00007FF6537F6000-memory.dmp

memory/1888-952-0x00007FF7FEDE0000-0x00007FF7FF1D6000-memory.dmp

memory/1548-951-0x00007FF77CF70000-0x00007FF77D366000-memory.dmp

memory/3836-941-0x00007FF621E60000-0x00007FF622256000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ozdnpael.hig.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/552-927-0x0000016DC9150000-0x0000016DC9172000-memory.dmp

memory/3616-926-0x00007FF6F29E0000-0x00007FF6F2DD6000-memory.dmp

memory/1836-925-0x00007FF6E3450000-0x00007FF6E3846000-memory.dmp

memory/1996-922-0x00007FF6812B0000-0x00007FF6816A6000-memory.dmp

memory/4436-921-0x00007FF65DD60000-0x00007FF65E156000-memory.dmp

memory/1492-914-0x00007FF681F20000-0x00007FF682316000-memory.dmp

memory/5088-905-0x00007FF68AA70000-0x00007FF68AE66000-memory.dmp

memory/2588-959-0x00007FF704E00000-0x00007FF7051F6000-memory.dmp

memory/1860-962-0x00007FF61CD50000-0x00007FF61D146000-memory.dmp

memory/1756-967-0x00007FF73A0A0000-0x00007FF73A496000-memory.dmp

memory/3628-966-0x00007FF686950000-0x00007FF686D46000-memory.dmp

memory/2744-961-0x00007FF6A4D80000-0x00007FF6A5176000-memory.dmp

memory/4304-893-0x00007FF7593D0000-0x00007FF7597C6000-memory.dmp

memory/3152-892-0x00007FF6AB920000-0x00007FF6ABD16000-memory.dmp

memory/552-1078-0x0000016DCC2E0000-0x0000016DCCA86000-memory.dmp

C:\Windows\System\qZTkOAM.exe

MD5 bb619ca80177568a9850ff8d7dc139bc
SHA1 39598cf7a1b2d3ae37699a3d204bcb3b9a800338
SHA256 755fd52af881e52d8581734deed65b261324bea5979dbb6c3cb63a484774b291
SHA512 77a78bba51b6f52cc6161f41e26d3b06c03e53c642da1fce66ee01b29a74a58b514da40bb12a8dbaffc02d45dc730672ed991bf1ba6f8df90e20af812fc0abd2

memory/1920-1892-0x00007FF61C260000-0x00007FF61C656000-memory.dmp

memory/4656-1947-0x00007FF615CC0000-0x00007FF6160B6000-memory.dmp

memory/4480-2129-0x00007FF7CCBF0000-0x00007FF7CCFE6000-memory.dmp

memory/1920-2130-0x00007FF61C260000-0x00007FF61C656000-memory.dmp

memory/4656-2131-0x00007FF615CC0000-0x00007FF6160B6000-memory.dmp

memory/1416-2132-0x00007FF683540000-0x00007FF683936000-memory.dmp

memory/3496-2133-0x00007FF7FD090000-0x00007FF7FD486000-memory.dmp

memory/3152-2134-0x00007FF6AB920000-0x00007FF6ABD16000-memory.dmp

memory/4304-2135-0x00007FF7593D0000-0x00007FF7597C6000-memory.dmp

memory/1004-2136-0x00007FF739420000-0x00007FF739816000-memory.dmp

memory/1604-2137-0x00007FF75CEA0000-0x00007FF75D296000-memory.dmp

memory/1836-2138-0x00007FF6E3450000-0x00007FF6E3846000-memory.dmp

memory/412-2144-0x00007FF653400000-0x00007FF6537F6000-memory.dmp

memory/1996-2148-0x00007FF6812B0000-0x00007FF6816A6000-memory.dmp

memory/1860-2150-0x00007FF61CD50000-0x00007FF61D146000-memory.dmp

memory/3628-2151-0x00007FF686950000-0x00007FF686D46000-memory.dmp

memory/2744-2149-0x00007FF6A4D80000-0x00007FF6A5176000-memory.dmp

memory/2588-2147-0x00007FF704E00000-0x00007FF7051F6000-memory.dmp

memory/3836-2146-0x00007FF621E60000-0x00007FF622256000-memory.dmp

memory/5088-2145-0x00007FF68AA70000-0x00007FF68AE66000-memory.dmp

memory/1492-2143-0x00007FF681F20000-0x00007FF682316000-memory.dmp

memory/4436-2142-0x00007FF65DD60000-0x00007FF65E156000-memory.dmp

memory/1548-2140-0x00007FF77CF70000-0x00007FF77D366000-memory.dmp

memory/3616-2141-0x00007FF6F29E0000-0x00007FF6F2DD6000-memory.dmp

memory/1888-2139-0x00007FF7FEDE0000-0x00007FF7FF1D6000-memory.dmp

memory/1756-2152-0x00007FF73A0A0000-0x00007FF73A496000-memory.dmp